From: Mike Yuan <me@yhndnzj.com>
Date: Mon, 10 Feb 2025 12:33:43 +0000 (+0100)
Subject: test-xattr-util: return early if not privileged enough to set trusted.*
X-Git-Tag: v258-rc1~1360^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F36335%2Fhead;p=thirdparty%2Fsystemd.git

test-xattr-util: return early if not privileged enough to set trusted.*
---

diff --git a/src/test/test-xattr-util.c b/src/test/test-xattr-util.c
index 86b72b39e16..89915188546 100644
--- a/src/test/test-xattr-util.c
+++ b/src/test/test-xattr-util.c
@@ -7,7 +7,6 @@
 #include <unistd.h>
 
 #include "alloc-util.h"
-#include "capability-util.h"
 #include "fd-util.h"
 #include "fs-util.h"
 #include "macro.h"
@@ -94,14 +93,17 @@ static void xattr_symlink_test_one(int fd, const char *path) {
         _cleanup_strv_free_ char **list_split = NULL;
         int r;
 
+        ASSERT_ERROR(xsetxattr_full(fd, path, 0, "trusted.bar", "bogus", SIZE_MAX, XATTR_CREATE), EEXIST);
+
         ASSERT_OK(xsetxattr(fd, path, 0, "trusted.test", "schaffen"));
         ASSERT_OK_EQ(getxattr_at_malloc(fd, path, "trusted.test", 0, &value), (int) STRLEN("schaffen"));
         ASSERT_STREQ(value, "schaffen");
 
         r = listxattr_at_malloc(fd, path, 0, &list);
         ASSERT_OK(r);
-        ASSERT_GE(r, (int) sizeof("trusted.test"));
+        ASSERT_GE(r, (int) sizeof("trusted.test\0trusted.bar"));
         ASSERT_NOT_NULL(list_split = strv_parse_nulstr(list, r));
+        ASSERT_TRUE(strv_contains(list_split, "trusted.bar"));
         ASSERT_TRUE(strv_contains(list_split, "trusted.test"));
 
         ASSERT_OK(xremovexattr(fd, path, 0, "trusted.test"));
@@ -157,19 +159,22 @@ TEST(xsetxattr) {
         fd = safe_close(fd);
 
         /* user.* xattrs are not supported on symlinks. Use trusted.* which requires privilege. */
-        if (have_effective_cap(CAP_SYS_ADMIN) > 0) {
-                ASSERT_OK_ERRNO(symlinkat("empty", dfd, "symlink"));
-                ASSERT_OK_ERRNO(fd = openat(dfd, "symlink", O_NOFOLLOW|O_PATH|O_CLOEXEC));
+        ASSERT_OK_ERRNO(symlinkat("empty", dfd, "symlink"));
+        ASSERT_OK_ERRNO(fd = openat(dfd, "symlink", O_NOFOLLOW|O_PATH|O_CLOEXEC));
+
+        ASSERT_ERROR(xsetxattr(dfd, "symlink", AT_SYMLINK_FOLLOW, "trusted.test", "bogus"), ENOENT);
 
-                ASSERT_ERROR(xsetxattr(dfd, "symlink", AT_SYMLINK_FOLLOW, "trusted.test", "bogus"), ENOENT);
+        r = xsetxattr_full(dfd, "symlink", 0, "trusted.bar", "baz", SIZE_MAX, XATTR_CREATE);
+        if (ERRNO_IS_NEG_PRIVILEGE(r))
+                return (void) log_tests_skipped_errno(r, "Unable to set trusted.* xattr");
+        ASSERT_OK(r);
 
-                xattr_symlink_test_one(dfd, "symlink");
-                xattr_symlink_test_one(fd, NULL);
-                xattr_symlink_test_one(fd, "");
+        xattr_symlink_test_one(dfd, "symlink");
+        xattr_symlink_test_one(fd, NULL);
+        xattr_symlink_test_one(fd, "");
 
-                x = strjoina(t, "/symlink");
-                xattr_symlink_test_one(AT_FDCWD, x);
-        }
+        x = strjoina(t, "/symlink");
+        xattr_symlink_test_one(AT_FDCWD, x);
 }
 
 DEFINE_TEST_MAIN(LOG_DEBUG);