Add basic POSIX ACL tests.

These are extremely limited and very quick basic ACL tests we can
trivially do in under a second - purely basic funtionality tests only.

Signed-off-by: Auke Kok <auke.kok@versity.com>

tests/golden/basic-posix-acl

@@ -0,0 +1,157 @@
+== setup test directory
+== getfacl
+directory drwxr-xr-x 0 0 0 '.'
+# file: .
+# owner: root
+# group: root
+user::rwx
+group::r-x
+other::r-x
+
+== basic non-acl access through permissions
+directory drwxr-xr-x 0 44444 0 'dir-testuid'
+touch: cannot touch 'dir-testuid/file-group-write': Permission denied
+touch: cannot touch 'symlinkdir-testuid/symlink-file-group-write': Permission denied
+regular empty file -rw-r--r-- 22222 44444 0 'dir-testuid/file-group-write'
+regular empty file -rw-r--r-- 22222 44444 0 'symlinkdir-testuid/symlink-file-group-write'
+== basic acl access
+directory drwxr-xr-x 0 0 0 'dir-root'
+touch: cannot touch 'dir-root/file-group-write': Permission denied
+touch: cannot touch 'symlinkdir-root/file-group-write': Permission denied
+# file: dir-root
+# owner: root
+# group: root
+user::rwx
+user:22222:rwx
+group::r-x
+mask::rwx
+other::r-x
+
+regular empty file -rw-r--r-- 22222 0 0 'dir-root/file-group-write'
+regular empty file -rw-r--r-- 22222 0 0 'symlinkdir-root/file-group-write'
+== directory exec
+Success
+Success
+# file: dir-root
+# owner: root
+# group: root
+user::rwx
+user:22222:rw-
+group::r-x
+mask::rwx
+other::r-x
+
+bash: line 0: cd: dir-root: Permission denied
+Failed
+bash: line 0: cd: symlinkdir-root: Permission denied
+Failed
+# file: dir-root
+# owner: root
+# group: root
+user::rwx
+user:22222:rw-
+group::r-x
+group:44444:rwx
+mask::rwx
+other::r-x
+
+Success
+Success
+== get/set attr
+regular empty file -rw-r--r-- 0 0 0 'file-root'
+setfattr: file-root: Permission denied
+# file: file-root
+# owner: root
+# group: root
+user::rw-
+user:22222:rw-
+group::r--
+mask::rw-
+other::r--
+
+# file: file-root
+user.test2="Success"
+
+# file: file-root
+# owner: root
+# group: root
+user::rw-
+group::r--
+mask::r--
+other::r--
+
+setfattr: file-root: Permission denied
+# file: file-root
+user.test2="Success"
+
+# file: file-root
+# owner: root
+# group: root
+user::rw-
+group::r--
+group:44444:rw-
+mask::rw-
+other::r--
+
+# file: file-root
+user.test2="Success"
+user.test4="Success"
+
+== inheritance / default acl
+directory drwxr-xr-x 0 0 0 'dir-root2'
+mkdir: cannot create directory 'dir-root2/dir': Permission denied
+touch: cannot touch 'dir-root2/dir/file': No such file or directory
+# file: dir-root2
+# owner: root
+# group: root
+user::rwx
+group::r-x
+other::r-x
+default:user::rwx
+default:user:22222:rwx
+default:group::r-x
+default:mask::rwx
+default:other::r-x
+
+mkdir: cannot create directory 'dir-root2/dir': Permission denied
+touch: cannot touch 'dir-root2/dir/file': No such file or directory
+# file: dir-root2
+# owner: root
+# group: root
+user::rwx
+user:22222:rwx
+group::r-x
+mask::rwx
+other::r-x
+default:user::rwx
+default:user:22222:rwx
+default:group::r-x
+default:mask::rwx
+default:other::r-x
+
+directory drwxrwxr-x 22222 0 4 'dir-root2/dir'
+# file: dir-root2/dir
+# owner: 22222
+# group: root
+user::rwx
+user:22222:rwx
+group::r-x
+mask::rwx
+other::r-x
+default:user::rwx
+default:user:22222:rwx
+default:group::r-x
+default:mask::rwx
+default:other::r-x
+
+regular empty file -rw-rw-r-- 22222 0 0 'dir-root2/dir/file'
+# file: dir-root2/dir/file
+# owner: 22222
+# group: root
+user::rw-
+user:22222:rwx	#effective:rw-
+group::r-x	#effective:r--
+mask::rw-
+other::r--
+
+== cleanup

tests/sequence

@@ -1,6 +1,7 @@
 export-get-name-parent.sh
 basic-block-counts.sh
 basic-bad-mounts.sh
+basic-posix-acl.sh
 inode-items-updated.sh
 simple-inode-index.sh
 simple-staging.sh

tests/tests/basic-posix-acl.sh

@@ -0,0 +1,110 @@
+
+#
+# test basic POSIX acl functionality.
+#
+
+t_require_commands stat rm touch mkdir getfacl setfacl id sudo
+t_require_mounts 2
+
+# from quota.sh
+TEST_UID=22222
+TEST_GID=44444
+
+# sys_setreuid() set fs[uid] to e[ug]id
+SET_UID="--ruid=$TEST_UID --euid=$TEST_UID"
+SET_GID="--rgid=$TEST_GID --egid=$TEST_GID --clear-groups"
+
+# helper to avoid capturing dates from ls output
+L() {
+	stat -c "%F %A %u %g %s %N" $@
+}
+
+echo "== setup test directory"
+cd "$T_D0"
+
+echo "== getfacl"
+L .
+getfacl .
+
+echo "== basic non-acl access through permissions"
+rm -rf dir-testuid
+mkdir dir-testuid
+ln -sf dir-testuid symlinkdir-testuid
+chown root:44444 dir-testuid
+L dir-testuid
+setpriv $SET_UID $SET_GID touch dir-testuid/file-group-write
+setpriv $SET_UID $SET_GID touch symlinkdir-testuid/symlink-file-group-write
+chmod g+w dir-testuid
+setpriv $SET_UID $SET_GID touch dir-testuid/file-group-write
+setpriv $SET_UID $SET_GID touch symlinkdir-testuid/symlink-file-group-write
+L dir-testuid/file-group-write
+L symlinkdir-testuid/symlink-file-group-write
+
+echo "== basic acl access"
+rm -rf dir-root
+mkdir dir-root
+ln -sf dir-root symlinkdir-root
+L dir-root
+setpriv $SET_UID touch dir-root/file-group-write
+setpriv $SET_UID touch symlinkdir-root/file-group-write
+setfacl -m u:22222:rwx dir-root
+getfacl dir-root
+setpriv $SET_UID touch dir-root/file-group-write
+setpriv $SET_UID touch symlinkdir-root/file-group-write
+L dir-root/file-group-write
+L symlinkdir-root/file-group-write
+
+echo "== directory exec"
+setpriv $SET_UID bash -c "cd dir-root && echo Success"
+setpriv $SET_UID bash -c "cd symlinkdir-root && echo Success"
+setfacl -m u:22222:rw dir-root
+getfacl dir-root
+setpriv $SET_UID bash -c "cd dir-root || echo Failed"
+setpriv $SET_UID bash -c "cd symlinkdir-root || echo Failed"
+setfacl -m g:44444:rwx dir-root
+getfacl dir-root
+setpriv $SET_GID bash -c "cd dir-root && echo Success"
+setpriv $SET_GID bash -c "cd symlinkdir-root && echo Success"
+
+echo "== get/set attr"
+rm -rf file-root
+touch file-root
+L file-root
+setpriv $SET_UID getfattr -d file-root
+setpriv $SET_UID setfattr -n "user.test1" -v "Success" file-root
+setpriv $SET_UID getfattr -d file-root
+setfacl -m u:22222:rw file-root
+getfacl file-root
+setpriv $SET_UID setfattr -n "user.test2" -v "Success" file-root
+setpriv $SET_UID getfattr -d file-root
+setfacl -x u:22222 file-root
+getfacl file-root
+setpriv $SET_UID setfattr -n "user.test3" -v "Success" file-root
+setpriv $SET_UID getfattr -d file-root
+setfacl -m g:44444:rw file-root
+getfacl file-root
+setpriv $SET_GID setfattr -n "user.test4" -v "Success" file-root
+setpriv $SET_GID getfattr -d file-root
+
+echo "== inheritance / default acl"
+rm -rf dir-root2
+mkdir dir-root2
+L dir-root2
+setpriv $SET_UID mkdir dir-root2/dir
+setpriv $SET_UID touch dir-root2/dir/file
+setfacl -m d:u:22222:rwx dir-root2
+getfacl dir-root2
+setpriv $SET_UID mkdir dir-root2/dir
+setpriv $SET_UID touch dir-root2/dir/file
+setfacl -m u:22222:rwx dir-root2
+getfacl dir-root2
+setpriv $SET_UID mkdir dir-root2/dir
+setpriv $SET_UID touch dir-root2/dir/file
+L dir-root2/dir
+getfacl dir-root2/dir
+L dir-root2/dir/file
+getfacl dir-root2/dir/file
+
+echo "== cleanup"
+
+t_pass