tests: Added tests for default permissions.

Here are few tests for config file with default permissions, including
setting SUID, SGID and sticky bits to files/directories.

Signed-off-by: Jan Safranek <jsafrane@redhat.com>

diff --git a/tests/tools/cgconfigparser/cgconfigparser_conf_files/permissions_default1.conf b/tests/tools/cgconfigparser/cgconfigparser_conf_files/permissions_default1.conf
new file mode 100644 (file)
index 0000000..3138d11
--- /dev/null
+++ b/tests/tools/cgconfigparser/cgconfigparser_conf_files/permissions_default1.conf
@@ -0,0 +1,64 @@
+mount {
+       cpu = /TMP/cgroups/cpu;
+       cpuacct = /TMP/cgroups/cpu;
+}
+
+default {
+       perm {
+               task {
+                       uid=nobody;
+                       gid=nobody;
+                       fperm=757;
+               }
+               admin {
+                       uid = nobody;
+                       gid = nobody;
+                       dperm = 757;
+                       fperm = 757;
+               }
+       }
+}
+
+# inherit default
+group daemons/www {
+       cpu {
+               cpu.shares = "1000";
+       }
+}
+
+#override default
+group daemons/ftp {
+       perm {
+               task {
+                       uid = root;
+                       gid = root;
+                       fperm = 274;
+               }
+               admin {
+                       uid = root;
+                       gid = root;
+                       dperm = 742;
+                       fperm = 427;
+               }
+       }
+       cpu {
+               cpu.shares = "500";
+       }
+}
+
+# override some default
+group daemons/ssh {
+       perm {
+               task {
+                       uid = root;
+                       fperm = 274;
+               }
+               admin {
+                       uid = root;
+                       fperm = 427;
+               }
+       }
+       cpu {
+               cpu.shares = "500";
+       }
+}

diff --git a/tests/tools/cgconfigparser/cgconfigparser_conf_files/permissions_default2.conf b/tests/tools/cgconfigparser/cgconfigparser_conf_files/permissions_default2.conf
new file mode 100644 (file)
index 0000000..b8021ea
--- /dev/null
+++ b/tests/tools/cgconfigparser/cgconfigparser_conf_files/permissions_default2.conf
@@ -0,0 +1,82 @@
+mount {
+       cpu = /TMP/cgroups/cpu;
+       cpuacct = /TMP/cgroups/cpu;
+}
+
+default {
+       perm {
+               task {
+                       uid=root;
+                       gid=root;
+                       fperm=700;
+               }
+               admin {
+                       uid = root;
+                       gid = root;
+                       dperm = 700;
+                       fperm = 700;
+               }
+       }
+}
+
+
+# inherit default
+group daemons/www {
+       cpu {
+               cpu.shares = "1000";
+       }
+}
+
+#override default
+group daemons/ftp {
+       perm {
+               task {
+                       uid = root;
+                       gid = root;
+                       fperm = 274;
+               }
+               admin {
+                       uid = root;
+                       gid = root;
+                       dperm = 742;
+                       fperm = 427;
+               }
+       }
+       cpu {
+               cpu.shares = "500";
+       }
+}
+
+# override some default
+group daemons/ssh {
+       perm {
+               task {
+                       uid = root;
+                       fperm = 274;
+               }
+               admin {
+                       uid = root;
+                       fperm = 427;
+               }
+       }
+       cpu {
+               cpu.shares = "500";
+       }
+}
+
+# second default, wins
+default {
+       perm {
+               task {
+                       uid=nobody;
+                       gid=nobody;
+                       fperm=757;
+               }
+               admin {
+                       uid = nobody;
+                       gid = nobody;
+                       dperm = 757;
+                       fperm = 757;
+               }
+       }
+}

diff --git a/tests/tools/cgconfigparser/cgconfigparser_conf_files/permissions_default3.conf b/tests/tools/cgconfigparser/cgconfigparser_conf_files/permissions_default3.conf
new file mode 100644 (file)
index 0000000..99465a5
--- /dev/null
+++ b/tests/tools/cgconfigparser/cgconfigparser_conf_files/permissions_default3.conf
@@ -0,0 +1,64 @@
+mount {
+       cpu = /TMP/cgroups/cpu;
+       cpuacct = /TMP/cgroups/cpu;
+}
+
+default {
+       perm {
+               task {
+                       uid=nobody;
+                       gid=nobody;
+                       fperm=1757;
+               }
+               admin {
+                       uid = nobody;
+                       gid = nobody;
+                       dperm = 2757;
+                       fperm = 7757;
+               }
+       }
+}
+
+# inherit default
+group daemons/www {
+       cpu {
+               cpu.shares = "1000";
+       }
+}
+
+#override default
+group daemons/ftp {
+       perm {
+               task {
+                       uid = root;
+                       gid = root;
+                       fperm = 274;
+               }
+               admin {
+                       uid = root;
+                       gid = root;
+                       dperm = 742;
+                       fperm = 427;
+               }
+       }
+       cpu {
+               cpu.shares = "500";
+       }
+}
+
+# override some default
+group daemons/ssh {
+       perm {
+               task {
+                       uid = root;
+                       fperm = 274;
+               }
+               admin {
+                       uid = root;
+                       fperm = 427;
+               }
+       }
+       cpu {
+               cpu.shares = "500";
+       }
+}

diff --git a/tests/tools/cgconfigparser/permissions b/tests/tools/cgconfigparser/permissions
index 35e93d70fd398ce6b92feff4765e61612b1542c7..0f02e024a8a38468ec372175190d4e2c33258df5 100755 (executable)
--- a/tests/tools/cgconfigparser/permissions
+++ b/tests/tools/cgconfigparser/permissions
@@ -6,11 +6,6 @@
 
 CONFDIR=$TESTDIR/tools/cgconfigparser/cgconfigparser_conf_files
 
-# all mount points are in /$TMP/cgroups
-mkdir /$TMP/cgroups/ 2>/dev/null
-$TOOLSDIR/cgconfigparser -l `prepare_config $CONFDIR/permissions.conf` || \
-    die "cgconfigparser -l $CONFDIR/permissions.conf failed"
-
 # permissions test
 function check_perm()
 {
@@ -36,6 +31,12 @@ function check_perm()
     fi
 }
 
+# all mount points are in /$TMP/cgroups
+mkdir /$TMP/cgroups/ 2>/dev/null
+
+# STEP1: simple config file without default section
+$TOOLSDIR/cgconfigparser -l `prepare_config $CONFDIR/permissions.conf` || \
+    die "STEP1: cgconfigparser -l $CONFDIR/permissions.conf failed"
 check_perm "STEP1" "/$TMP/cgroups/cpu/daemons/www" 770 root root
 check_perm "STEP1" "/$TMP/cgroups/cpu/daemons/www/cpu.shares" 666 root root
 check_perm "STEP1" "/$TMP/cgroups/cpu/daemons/www/tasks" 640 root nobody
@@ -44,6 +45,60 @@ check_perm "STEP1" "/$TMP/cgroups/cpu/daemons/ftp" 742 root root
 check_perm "STEP1" "/$TMP/cgroups/cpu/daemons/ftp/cpu.shares" 426 root root
 check_perm "STEP1" "/$TMP/cgroups/cpu/daemons/ftp/tasks" 264 root nobody
 
+$TOOLSDIR/cgclear || die "STEP1: cgclear failed"
+
+# STEP2: config file with one default section
+$TOOLSDIR/cgconfigparser -l `prepare_config $CONFDIR/permissions_default1.conf` || \
+    die "STEP2: cgconfigparser -l $CONFDIR/permissions_default1.conf failed"
+
+check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/www" 757 nobody nobody
+check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/www/cpu.shares" 646 nobody nobody
+check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/www/tasks" 646 nobody nobody
+
+check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/ftp" 742 root root
+check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/ftp/cpu.shares" 426 root root
+check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/ftp/tasks" 264 root root
+
+check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/ssh" 757 root nobody
+check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/ssh/cpu.shares" 426 root nobody
+check_perm "STEP2" "/$TMP/cgroups/cpu/daemons/ssh/tasks" 264 root nobody
+
+$TOOLSDIR/cgclear || die "cgclear failed"
+
+# STEP3: config file with two default sections - the last wins
+$TOOLSDIR/cgconfigparser -l `prepare_config $CONFDIR/permissions_default2.conf` || \
+    die "STEP3: cgconfigparser -l $CONFDIR/permissions_default2.conf failed"
+
+check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/www" 757 nobody nobody
+check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/www/cpu.shares" 646 nobody nobody
+check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/www/tasks" 646 nobody nobody
+
+check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/ftp" 742 root root
+check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/ftp/cpu.shares" 426 root root
+check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/ftp/tasks" 264 root root
+
+check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/ssh" 757 root nobody
+check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/ssh/cpu.shares" 426 root nobody
+check_perm "STEP3" "/$TMP/cgroups/cpu/daemons/ssh/tasks" 264 root nobody
+
+$TOOLSDIR/cgclear || die "cgclear failed"
+
+# STEP4: config file with one default section, now with SUID and SGID bits
+$TOOLSDIR/cgconfigparser -l `prepare_config $CONFDIR/permissions_default3.conf` || \
+    die "STEP4: cgconfigparser -l $CONFDIR/permissions_default3.conf failed"
+
+check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/www" 2757 nobody nobody
+check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/www/cpu.shares" 7646 nobody nobody
+check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/www/tasks" 1646 nobody nobody
+
+check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/ftp" 742 root root
+check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/ftp/cpu.shares" 426 root root
+check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/ftp/tasks" 264 root root
+
+check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/ssh" 2757 root nobody
+check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/ssh/cpu.shares" 426 root nobody
+check_perm "STEP4" "/$TMP/cgroups/cpu/daemons/ssh/tasks" 264 root nobody
+
 $TOOLSDIR/cgclear || die "cgclear failed"
 
 cleanup