|
|
@@ -843,28 +843,37 @@ public class FSXAttrBaseTest {
|
|
|
}
|
|
|
|
|
|
/*
|
|
|
- * Check that execute/scan access to the parent dir is sufficient to get
|
|
|
- * xattr names.
|
|
|
+ * Check that execute/scan access to the parent dir is not
|
|
|
+ * sufficient to get xattr names.
|
|
|
*/
|
|
|
fs.setPermission(path, new FsPermission((short) 0701));
|
|
|
user.doAs(new PrivilegedExceptionAction<Object>() {
|
|
|
@Override
|
|
|
public Object run() throws Exception {
|
|
|
+ try {
|
|
|
final FileSystem userFs = dfsCluster.getFileSystem();
|
|
|
userFs.listXAttrs(childDir);
|
|
|
- return null;
|
|
|
+ fail("expected AccessControlException");
|
|
|
+ } catch (AccessControlException ace) {
|
|
|
+ GenericTestUtils.assertExceptionContains("Permission denied", ace);
|
|
|
}
|
|
|
+ return null;
|
|
|
+ }
|
|
|
});
|
|
|
|
|
|
/*
|
|
|
* Test that xattrs in the "trusted" namespace are filtered correctly.
|
|
|
*/
|
|
|
+ // Allow the user to read child path.
|
|
|
+ fs.setPermission(childDir, new FsPermission((short) 0704));
|
|
|
fs.setXAttr(childDir, "trusted.myxattr", "1234".getBytes());
|
|
|
user.doAs(new PrivilegedExceptionAction<Object>() {
|
|
|
@Override
|
|
|
public Object run() throws Exception {
|
|
|
final FileSystem userFs = dfsCluster.getFileSystem();
|
|
|
- assertTrue(userFs.listXAttrs(childDir).size() == 1);
|
|
|
+ List<String> xattrs = userFs.listXAttrs(childDir);
|
|
|
+ assertTrue(xattrs.size() == 1);
|
|
|
+ assertEquals(name1, xattrs.get(0));
|
|
|
return null;
|
|
|
}
|
|
|
});
|
|
|
@@ -1109,20 +1118,48 @@ public class FSXAttrBaseTest {
|
|
|
}
|
|
|
|
|
|
/*
|
|
|
- * Test that only user who have parent directory execute access
|
|
|
- * can see raw.* xattrs returned from listXAttr
|
|
|
+ * Test that user who have parent directory execute access
|
|
|
+ * can also not see raw.* xattrs returned from listXAttr
|
|
|
*/
|
|
|
- // non-raw path
|
|
|
- final List<String> xattrNames = userFs.listXAttrs(path);
|
|
|
- assertTrue(xattrNames.size() == 0);
|
|
|
+ try {
|
|
|
+ // non-raw path
|
|
|
+ userFs.listXAttrs(path);
|
|
|
+ fail("listXAttr should have thrown AccessControlException");
|
|
|
+ } catch (AccessControlException ace) {
|
|
|
+ // expected
|
|
|
+ }
|
|
|
|
|
|
- // raw path
|
|
|
- List<String> rawXattrs = userFs.listXAttrs(rawPath);
|
|
|
- assertTrue(rawXattrs.size() == 1);
|
|
|
- assertTrue(rawXattrs.get(0).equals(raw1));
|
|
|
+ try {
|
|
|
+ // raw path
|
|
|
+ userFs.listXAttrs(rawPath);
|
|
|
+ fail("listXAttr should have thrown AccessControlException");
|
|
|
+ } catch (AccessControlException ace) {
|
|
|
+ // expected
|
|
|
+ }
|
|
|
return null;
|
|
|
}
|
|
|
});
|
|
|
+ /*
|
|
|
+ Test user who have read access can list xattrs in "raw.*" namespace
|
|
|
+ */
|
|
|
+ fs.setPermission(path, new FsPermission((short) 0751));
|
|
|
+ final Path childDir = new Path(path, "child" + pathCount);
|
|
|
+ FileSystem.mkdirs(fs, childDir, FsPermission.createImmutable((short)
|
|
|
+ 0704));
|
|
|
+ final Path rawChildDir =
|
|
|
+ new Path("/.reserved/raw" + childDir.toString());
|
|
|
+ fs.setXAttr(rawChildDir, raw1, value1);
|
|
|
+ user.doAs(new PrivilegedExceptionAction<Object>() {
|
|
|
+ @Override
|
|
|
+ public Object run() throws Exception {
|
|
|
+ final FileSystem userFs = dfsCluster.getFileSystem();
|
|
|
+ // raw path
|
|
|
+ List<String> xattrs = userFs.listXAttrs(rawChildDir);
|
|
|
+ assertEquals(1, xattrs.size());
|
|
|
+ assertEquals(raw1, xattrs.get(0));
|
|
|
+ return null;
|
|
|
+ }
|
|
|
+ });
|
|
|
fs.removeXAttr(rawPath, raw1);
|
|
|
}
|
|
|
|
Kihwal Lee