mirror/borg
1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2025-03-09 13:53:09 +00:00
Code Issues Releases Wiki Activity

Merge pull request #7777 from ThomasWaldmann/freebsd-acl-tests-master

Browse source 
freebsd: add some ACL tests, fixes #7745
This commit is contained in:
TW 2023-08-27 13:46:51 +02:00 committed by GitHub
commit 981c562268
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 119 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Vagrantfile vendored
View file

@ -66,6 +66,8 @@ def packages_freebsd
pkg update pkg update
yes | pkg upgrade yes | pkg upgrade
echo 'export BORG_OPENSSL_PREFIX=/usr' >> ~vagrant/.bash_profile echo 'export BORG_OPENSSL_PREFIX=/usr' >> ~vagrant/.bash_profile
# (re)mount / with acls
mount -o acls /
EOF EOF
end end

39
src/borg/testsuite/platform.py
View file

@ -9,32 +9,6 @@ from ..platform import get_process_id, process_alive
from . import unopened_tempfile from . import unopened_tempfile
from .locking import free_pid # NOQA from .locking import free_pid # NOQA
ACCESS_ACL = """
user::rw-
user:root:rw-:0
user:9999:r--:9999
group::r--
group:root:r--:0
group:9999:r--:9999
mask::rw-
other::r--
""".strip().encode(
"ascii"
)
DEFAULT_ACL = """
user::rw-
user:root:r--:0
user:8888:r--:8888
group::r--
group:root:r--:0
group:8888:r--:8888
mask::rw-
other::r--
""".strip().encode(
"ascii"
)
def fakeroot_detected(): def fakeroot_detected():
return "FAKEROOTKEY" in os.environ return "FAKEROOTKEY" in os.environ
@ -57,13 +31,22 @@ def are_acls_working():
with unopened_tempfile() as filepath: with unopened_tempfile() as filepath:
open(filepath, "w").close() open(filepath, "w").close()
try: try:
access = b"user::rw-\ngroup::r--\nmask::rw-\nother::---\nuser:root:rw-:9999\ngroup:root:rw-:9999\n" if is_freebsd:
access = b"user::rw-\ngroup::r--\nmask::rw-\nother::---\nuser:root:rw-\n"
contained = b"user:root:rw-"
elif is_linux:
access = b"user::rw-\ngroup::r--\nmask::rw-\nother::---\nuser:root:rw-:0\n"
contained = b"user:root:rw-:0"
elif is_darwin:
return True # improve?
else:
return False # unsupported platform
acl = {"acl_access": access} acl = {"acl_access": access}
acl_set(filepath, acl) acl_set(filepath, acl)
read_acl = {} read_acl = {}
acl_get(filepath, read_acl, os.stat(filepath)) acl_get(filepath, read_acl, os.stat(filepath))
read_acl_access = read_acl.get("acl_access", None) read_acl_access = read_acl.get("acl_access", None)
if read_acl_access and b"user::rw-" in read_acl_access: if read_acl_access and contained in read_acl_access:
return True return True
except PermissionError: except PermissionError:
pass pass

92
src/borg/testsuite/platform_freebsd.py
View file

@ -1,30 +1,94 @@
"""Dummy file for now, will eventually contain FreeBSD ACL tests.""" import os
import pytest import tempfile
from .platform import skipif_not_freebsd from ..platform import acl_get, acl_set
from .platform import skipif_not_freebsd, skipif_acls_not_working
# set module-level skips # set module-level skips
pytestmark = [skipif_not_freebsd] pytestmark = [skipif_not_freebsd]
def get_acl(): ACCESS_ACL = """\
return user::rw-
user:root:rw-
user:9999:r--
group::r--
group:wheel:r--
group:9999:r--
mask::rw-
other::r--
""".encode(
"ascii"
)
DEFAULT_ACL = """\
user::rw-
user:root:r--
user:8888:r--
group::r--
group:wheel:r--
group:8888:r--
mask::rw-
other::r--
""".encode(
"ascii"
)
def get_set_acl(): def get_acl(path, numeric_ids=False):
return item = {}
acl_get(path, item, os.stat(path), numeric_ids=numeric_ids)
return item
@pytest.mark.skip(reason="not yet implemented") def set_acl(path, access=None, default=None, nfs4=None, numeric_ids=False):
item = {"acl_access": access, "acl_default": default, "acl_nfs4": nfs4}
acl_set(path, item, numeric_ids=numeric_ids)
@skipif_acls_not_working
def test_access_acl(): def test_access_acl():
pass file1 = tempfile.NamedTemporaryFile()
set_acl(
file1.name,
access=b"user::rw-\ngroup::r--\nmask::rw-\nother::---\nuser:root:rw-\ngroup:wheel:rw-\n",
numeric_ids=False,
)
acl_access_names = get_acl(file1.name, numeric_ids=False)["acl_access"]
assert b"user:root:rw-" in acl_access_names
assert b"group:wheel:rw-" in acl_access_names
acl_access_ids = get_acl(file1.name, numeric_ids=True)["acl_access"]
assert b"user:0:rw-" in acl_access_ids
assert b"group:0:rw-" in acl_access_ids
file2 = tempfile.NamedTemporaryFile()
set_acl(
file2.name, access=b"user::rw-\ngroup::r--\nmask::rw-\nother::---\nuser:0:rw-\ngroup:0:rw-\n", numeric_ids=True
)
acl_access_names = get_acl(file2.name, numeric_ids=False)["acl_access"]
assert b"user:root:rw-" in acl_access_names
assert b"group:wheel:rw-" in acl_access_names
acl_access_ids = get_acl(file2.name, numeric_ids=True)["acl_access"]
assert b"user:0:rw-" in acl_access_ids
assert b"group:0:rw-" in acl_access_ids
file3 = tempfile.NamedTemporaryFile()
set_acl(
file3.name,
access=b"user::rw-\ngroup::r--\nmask::rw-\nother::---\nuser:root:rw-:9999\ngroup:wheel:rw-:9999\n",
numeric_ids=True,
)
acl_access_ids = get_acl(file3.name, numeric_ids=True)["acl_access"]
assert b"user:9999:rw-" in acl_access_ids
assert b"group:9999:rw-" in acl_access_ids
@pytest.mark.skip(reason="not yet implemented") @skipif_acls_not_working
def test_default_acl(): def test_default_acl():
pass tmpdir = tempfile.mkdtemp()
set_acl(tmpdir, access=ACCESS_ACL, default=DEFAULT_ACL)
assert get_acl(tmpdir)["acl_access"] == ACCESS_ACL
assert get_acl(tmpdir)["acl_default"] == DEFAULT_ACL
@pytest.mark.skip(reason="not yet implemented") # nfs4 acls testing not implemented.
def test_nfs4_acl():
pass

36
src/borg/testsuite/platform_linux.py
View file

@ -2,19 +2,39 @@ import os
import tempfile import tempfile
from ..platform import acl_get, acl_set from ..platform import acl_get, acl_set
from .platform import ( from .platform import skipif_not_linux, skipif_fakeroot_detected, skipif_acls_not_working, skipif_no_ubel_user
DEFAULT_ACL,
ACCESS_ACL,
skipif_not_linux,
skipif_fakeroot_detected,
skipif_acls_not_working,
skipif_no_ubel_user,
)
# set module-level skips # set module-level skips
pytestmark = [skipif_not_linux, skipif_fakeroot_detected] pytestmark = [skipif_not_linux, skipif_fakeroot_detected]
ACCESS_ACL = """\
user::rw-
user:root:rw-:0
user:9999:r--:9999
group::r--
group:root:r--:0
group:9999:r--:9999
mask::rw-
other::r--\
""".encode(
"ascii"
)
DEFAULT_ACL = """\
user::rw-
user:root:r--:0
user:8888:r--:8888
group::r--
group:root:r--:0
group:8888:r--:8888
mask::rw-
other::r--\
""".encode(
"ascii"
)
def get_acl(path, numeric_ids=False): def get_acl(path, numeric_ids=False):
item = {} item = {}
acl_get(path, item, os.stat(path), numeric_ids=numeric_ids) acl_get(path, item, os.stat(path), numeric_ids=numeric_ids)