github.com/opencontainers/umoci@v0.4.8-0.20240508124516-656e4836fb0d/pkg/system/xattr_unix_test.go (about)

     1  /*
     2   * umoci: Umoci Modifies Open Containers' Images
     3   * Copyright (C) 2016-2020 SUSE LLC
     4   *
     5   * Licensed under the Apache License, Version 2.0 (the "License");
     6   * you may not use this file except in compliance with the License.
     7   * You may obtain a copy of the License at
     8   *
     9   *    http://www.apache.org/licenses/LICENSE-2.0
    10   *
    11   * Unless required by applicable law or agreed to in writing, software
    12   * distributed under the License is distributed on an "AS IS" BASIS,
    13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14   * See the License for the specific language governing permissions and
    15   * limitations under the License.
    16   */
    17  
    18  package system
    19  
    20  import (
    21  	"io/ioutil"
    22  	"os"
    23  	"testing"
    24  
    25  	"github.com/pkg/errors"
    26  	"golang.org/x/sys/unix"
    27  )
    28  
    29  func TestClearxattrFilter(t *testing.T) {
    30  	file, err := ioutil.TempFile("", "TestClearxattrFilter")
    31  	if err != nil {
    32  		t.Fatal(err)
    33  	}
    34  	defer file.Close()
    35  
    36  	path := file.Name()
    37  	defer os.RemoveAll(path)
    38  
    39  	xattrs := []struct {
    40  		name, value string
    41  		forbidden   bool
    42  	}{
    43  		{"user.allowed1", "test", false},
    44  		{"user.allowed2", "test", false},
    45  		{"user.forbidden1", "test", true},
    46  		{"user.forbidden1.allowed", "test", false},
    47  	}
    48  
    49  	allXattrCount := make(map[string]int)
    50  	forbiddenXattrCount := make(map[string]int)
    51  	forbiddenXattrs := make(map[string]struct{})
    52  
    53  	for _, xattr := range xattrs {
    54  		allXattrCount[xattr.name] = 0
    55  		if xattr.forbidden {
    56  			forbiddenXattrCount[xattr.name] = 0
    57  			forbiddenXattrs[xattr.name] = struct{}{}
    58  		}
    59  
    60  		if err := unix.Lsetxattr(path, xattr.name, []byte(xattr.value), 0); err != nil {
    61  			if errors.Cause(err) == unix.ENOTSUP {
    62  				t.Skip("xattrs unsupported on backing filesystem")
    63  			}
    64  			t.Fatalf("unexpected error setting %v=%v on %v: %v", xattr.name, xattr.value, path, err)
    65  		}
    66  	}
    67  
    68  	// Check they're all present.
    69  	allXattrList, err := Llistxattr(path)
    70  	if err != nil {
    71  		t.Fatal(err)
    72  	}
    73  	for _, xattr := range allXattrList {
    74  		if _, ok := allXattrCount[xattr]; !ok {
    75  			t.Errorf("saw unexpected xattr in all list: %q", xattr)
    76  		} else {
    77  			allXattrCount[xattr]++
    78  		}
    79  	}
    80  	for xattr, count := range allXattrCount {
    81  		if count != 1 {
    82  			t.Errorf("all xattr count inconsistent: saw %q %v times", xattr, count)
    83  		}
    84  	}
    85  
    86  	// Now clear them.
    87  	if err := Lclearxattrs(path, forbiddenXattrs); err != nil {
    88  		t.Fatal(err)
    89  	}
    90  
    91  	// Check that only the forbidden ones remain.
    92  	forbiddenXattrList, err := Llistxattr(path)
    93  	if err != nil {
    94  		t.Fatal(err)
    95  	}
    96  	for _, xattr := range forbiddenXattrList {
    97  		if _, ok := forbiddenXattrCount[xattr]; !ok {
    98  			t.Errorf("saw unexpected xattr in forbidden list: %q", xattr)
    99  		} else {
   100  			forbiddenXattrCount[xattr]++
   101  		}
   102  	}
   103  	for xattr, count := range forbiddenXattrCount {
   104  		if count != 1 {
   105  			t.Errorf("forbidden xattr count inconsistent: saw %q %v times", xattr, count)
   106  		}
   107  	}
   108  }