From 31bdcfe4b647c8c783efa32da3c333b5f166a42d Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Thu, 20 Jun 2024 06:07:27 +0200 Subject: Adding upstream version 2:4.20.2+dfsg. Signed-off-by: Daniel Baumann --- selftest/flapping.d/gitlab-setxattr-security | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 selftest/flapping.d/gitlab-setxattr-security (limited to 'selftest/flapping.d/gitlab-setxattr-security') diff --git a/selftest/flapping.d/gitlab-setxattr-security b/selftest/flapping.d/gitlab-setxattr-security new file mode 100644 index 0000000..d7d2403 --- /dev/null +++ b/selftest/flapping.d/gitlab-setxattr-security @@ -0,0 +1,18 @@ +# gitlab runners with kernel 5.15.109+ +# allow setxattr() on security.NTACL +# +# It's not clear in detail why there's a difference +# between various systems, one reason could be that +# with selinux inode_owner_or_capable() is used to check +# setxattr() permissions: +# it checks for the fileowner too, as well as CAP_FOWNER. +# Otherwise cap_inode_setxattr() is used, which checks for +# CAP_SYS_ADMIN. +# +# But the kernel doesn't have selinux only apparmor... +# +# test_setntacl_forcenative expects +# PermissionError: [Errno 1] Operation not permitted +# +# So for now we allow this to fail... +^samba.tests.ntacls.samba.tests.ntacls.NtaclsTests.test_setntacl_forcenative.none -- cgit v1.2.3