Update test-rofiles-fuse.sh #2727
Conversation
1.A normal user executing this user's occasional use case fails; 2.The main reason is that the cmd: fusermount -u mnt failed, of course, fuse is not excluded as a defect; 3.It is recommended that ostree do a circumvention here: the normal user skips this use case.
|
Hi @zhrf2020. Thanks for your PR. I'm waiting for a ostreedev member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
| user=$(env | grep USER | cut -d "=" -f 2) | ||
| if [ "$user" != "root" ] |
There was a problem hiding this comment.
Hi, thanks for the patch.
First, user=$(env | grep USER | cut -d "=" -f 2) is equivalent to just user=$USER as far as I can tell. Which, combined with the next line is just equivalent to if [ "$USER" != "root" ] right?
But backing up a level, the skip_without_fuse is intended to catch this; is the
capsh --print | grep -q 'Bounding set.*[^a-z]cap_sys_admin' || \
skip "No cap_sys_admin in bounding set, can't use FUSE"
bit not working in your environment for some reason? What does capsh --print show?
There was a problem hiding this comment.
[root@localhost ~]# capsh --print
Current: =ep
Bounding set =cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read,cap_perfmon,cap_bpf,cap_checkpoint_restore
Ambient set =
Current IAB:
Securebits: 00/0x0/1'b0 (no-new-privs=0)
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
secure-no-ambient-raise: no (unlocked)
uid=0(root) euid=0(root)
gid=0(root)
groups=0(root)
Guessed mode: UNCERTAIN (0)
[root@localhost ~]# capsh --print | grep -q 'Bounding set.*[^a-z]cap_sys_admin'
[root@localhost ~]#
There was a problem hiding this comment.
[zhangsan@localhost ~]$ id zhangsan
uid=1000(zhangsan) gid=1000(zhangsan) groups=1000(zhangsan)
[zhangsan@localhost ~]$ capsh --print
Current: =
Bounding set =cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read,cap_perfmon,cap_bpf,cap_checkpoint_restore
Ambient set =
Current IAB:
Securebits: 00/0x0/1'b0 (no-new-privs=0)
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
secure-no-ambient-raise: no (unlocked)
uid=1000(zhangsan) euid=1000(zhangsan)
gid=1000(zhangsan)
groups=1000(zhangsan)
Guessed mode: UNCERTAIN (0)
[zhangsan@localhost ~]$ capsh --print | grep -q 'Bounding set.*[^a-z]cap_sys_admin'
[zhangsan@localhost ~]$
There was a problem hiding this comment.
user=$(env | grep USER | cut -d "=" -f 2) // Gets the current user of the system
if [ "$user" != "root" ] // Judge whether the current user is an ordinary user
of course, there are omissions in this way, the program is a relatively fast and simple repair program, if there is a better program, the trouble to pay attention to the guidance, thank you very much
There was a problem hiding this comment.
Sometimes it makes sense to do:
USER=$(id -un)
I've come across platforms that don't set USER by default, but the technique here is more complex than it needs to be
1.A normal user executing this user's occasional use case fails;
2.The main reason is that the cmd: fusermount -u mnt failed, of course, fuse is not excluded as a defect;
3.It is recommended that ostree do a circumvention here: the normal user skips this use case.