[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: non-root tests in target check-root?
From: |
Jim Meyering |
Subject: |
Re: non-root tests in target check-root? |
Date: |
Mon, 02 Nov 2009 12:42:01 +0100 |
Voelker, Bernhard wrote:
> Jim Meyering wrote:
>> Voelker, Bernhard wrote:
>> > Jim Meyering wrote:
>> >> Voelker, Bernhard wrote:
>> >> > I'm wondering why there are so many tests (in coreutils-8.0( run by
>> >> >
>> >> > sudo env PATH="$PATH" NON_ROOT_USERNAME=$USER make -k check-root
>> >> >
>> >> > which are skipped with "must be run as non-root",
>> >> > e.g. touch/read-only, mv/perm-1, etc.
>> >> > Is that on purpose (to check wether the root check works;-) ?
>> >>
>> >> It's because running them as root would fail,
>> >> due to the different way in which permissions work when
>> >> you are root; e.g., root can touch and write to a read-only file:
>> >>
>> >> # :>f; chmod 0 f; touch f; echo > f
>> >> #
>> >
>> > thanks for the answer & sorry for the delay.
>> >
>> > That was clear to me, maybe my question was inprecise:
>> > If I understand the check* targets right, there is the general
>> > purpose target "check" which can be run as a non-root or a root user
>> > while there is a special target for root-only checks named "check-root".
>>
>> Not quite. I recommend against running "make check" as root.
>> There are very many tests, and while we're pretty confident
>> they contain few bugs and probably no *exploitable* bugs, it
>> is best to be cautious and run as few programs as possible when root.
>
> ok.
>
>> Hence, "make check-root" serves to run the few tests
>> that can succeed only when run by root.
>
> ... so "touch/read-only" and "mv/perm-1" should be removed from
> "make check-root" since it cannot be run as root, right?
The list of root_tests is in tests/Makefile.am:
root_tests = \
chown/basic \
cp/cp-a-selinux \
cp/preserve-gid \
cp/special-bits \
cp/cp-mv-enotsup-xattr \
dd/skip-seek-past-dev \
install/install-C-root \
ls/capability \
ls/nameless-uid \
misc/chcon \
misc/chroot-credentials \
misc/selinux \
misc/truncate-owned-by-other \
mkdir/writable-under-readonly \
mv/sticky-to-xpart \
rm/fail-2eperm \
rm/no-give-up \
rm/one-file-system \
tail-2/append-only \
touch/now-owned-by-other
and it does not contain either of those two tests.
Does "make check-root" run them for you?
If you are having a problem, please list the commands
you are running and whatever problematic output they produce.