summaryrefslogtreecommitdiffstats
path: root/selftest/flapping.d/gitlab-setxattr-security
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-20 04:07:27 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-20 04:07:27 +0000
commit31bdcfe4b647c8c783efa32da3c333b5f166a42d (patch)
tree2b868e2a40cde0854fa0f5466ea8990d3d38f93d /selftest/flapping.d/gitlab-setxattr-security
parentAdding upstream version 2:4.20.1+dfsg. (diff)
downloadsamba-upstream.tar.xz
samba-upstream.zip
Adding upstream version 2:4.20.2+dfsg.upstream/2%4.20.2+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'selftest/flapping.d/gitlab-setxattr-security')
-rw-r--r--selftest/flapping.d/gitlab-setxattr-security18
1 files changed, 18 insertions, 0 deletions
diff --git a/selftest/flapping.d/gitlab-setxattr-security b/selftest/flapping.d/gitlab-setxattr-security
new file mode 100644
index 0000000..d7d2403
--- /dev/null
+++ b/selftest/flapping.d/gitlab-setxattr-security
@@ -0,0 +1,18 @@
+# gitlab runners with kernel 5.15.109+
+# allow setxattr() on security.NTACL
+#
+# It's not clear in detail why there's a difference
+# between various systems, one reason could be that
+# with selinux inode_owner_or_capable() is used to check
+# setxattr() permissions:
+# it checks for the fileowner too, as well as CAP_FOWNER.
+# Otherwise cap_inode_setxattr() is used, which checks for
+# CAP_SYS_ADMIN.
+#
+# But the kernel doesn't have selinux only apparmor...
+#
+# test_setntacl_forcenative expects
+# PermissionError: [Errno 1] Operation not permitted
+#
+# So for now we allow this to fail...
+^samba.tests.ntacls.samba.tests.ntacls.NtaclsTests.test_setntacl_forcenative.none