fn: fix TestWriteFile when running as root #10186
Conversation
Root can bypass read-only file permissions, which made the test failure confusing: a file was overwritten even though it shouldn't have been. This is caused by process capability CAP_DAC_OVERRIDE which root processes often have in Linux. To workaround this, the owner of the file is changed to uid=1000 and gid=1000 (root can do it). If a file belongs to a world-writable sticky dir (like /tmp where the tested file is created) and fs.protected_regular kernel feature is enabled (a common practice on modern Linux distros), such file can't be overwritten by root.
|
Tested this, but it still throws the error. I tested it on a mac though. 
|
|
@Abdulkbk Thanks for testing! I don't know how to address it reliably. One option I tried is to use immutable files via Do you know an alternative way of making write fail which we could use in the test? |
|
I don't know a reliable way to handle this either. My first thought was that if this causes issues with checks, we could skip it when root is used, but that just hides the problem instead of fixing it. |
|
Converting this to draft until a reliable solution is found. |
Change Description
Root can bypass read-only file permissions, which made the test failure confusing: a file was overwritten even though it shouldn't have been. This is caused by process capability
CAP_DAC_OVERRIDEwhich root processes often have in Linux. To workaround this, the owner of the file is changed to uid=1000 and gid=1000 (root can do it). If a file belongs to a world-writable sticky dir (like /tmp where the tested file is created) andfs.protected_regularkernel feature is enabled (a common practice on modern Linux distros), such file can't be overwritten by root.Steps to Test
Pull Request Checklist
Testing
Code Style and Documentation
[skip ci]in the commit message for small changes.📝 Please see our Contribution Guidelines for further guidance.