# HG changeset patch
# User John Wren Kennedy <john.kennedy@delphix.com>
# Date 1357948581 28800
# Node ID 91e6d0c446e5448938d2417067c24352cfa3c80d
# Parent  e721e2fa45d87fa770809133fbe011d07736e117
3444 README for usr/src/test
3445 ZFS tests for restricted aclmode
Reviewed by: Richard Lowe <richlowe@richlowe.net>
Reviewed by: Christopher Siden <csiden@delphix.com>
Approved by: Richard Lowe <richlowe@richlowe.net>

diff -r e721e2fa45d8 -r 91e6d0c446e5 usr/src/pkg/manifests/system-test-zfstest.mf
--- a/usr/src/pkg/manifests/system-test-zfstest.mf	Fri Jan 11 08:35:07 2013 -0800
+++ b/usr/src/pkg/manifests/system-test-zfstest.mf	Fri Jan 11 15:56:21 2013 -0800
@@ -10,7 +10,7 @@
 #
 
 #
-# Copyright (c) 2012 by Delphix. All rights reserved.
+# Copyright (c) 2013 by Delphix. All rights reserved.
 #
 
 set name=pkg.fmri value=pkg:/system/test/zfstest@$(PKGVERS)
@@ -111,6 +111,9 @@
 file path=opt/zfs-tests/tests/functional/acl/cifs/setup mode=0555
 file path=opt/zfs-tests/tests/functional/acl/nontrivial/cleanup mode=0555
 file path=opt/zfs-tests/tests/functional/acl/nontrivial/setup mode=0555
+file \
+    path=opt/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_aclmode_restricted_001_neg \
+    mode=0555
 file path=opt/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_001_neg \
     mode=0555
 file path=opt/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_002_pos \
@@ -183,6 +186,9 @@
     mode=0555
 file path=opt/zfs-tests/tests/functional/acl/trivial/cleanup mode=0555
 file path=opt/zfs-tests/tests/functional/acl/trivial/setup mode=0555
+file \
+    path=opt/zfs-tests/tests/functional/acl/trivial/zfs_acl_aclmode_restricted_001_pos \
+    mode=0555
 file path=opt/zfs-tests/tests/functional/acl/trivial/zfs_acl_chmod_001_pos \
     mode=0555
 file path=opt/zfs-tests/tests/functional/acl/trivial/zfs_acl_compress_001_pos \
diff -r e721e2fa45d8 -r 91e6d0c446e5 usr/src/test/README
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/usr/src/test/README	Fri Jan 11 15:56:21 2013 -0800
@@ -0,0 +1,86 @@
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright (c) 2013 by Delphix. All rights reserved.
+#
+
+illumos Testing README
+
+1. A Brief History of usr/src/test
+2. How to Run These Tests
+3. How to Develop New Tests
+4. Porting Tests from Other Frameworks
+
+--------------------------------------------------------------------------------
+
+1. A Brief History of usr/src/test
+
+The tests here come in two varieties - tests written from scratch, and tests
+that have been ported from the Solaris Test Collection. Not all of the STC
+tests have been ported, and a forked repository of those that have been made
+publicly available may currently be found here:
+
+	https://bitbucket.org/illumos/illumos-stc/
+
+Regardless of origin, all of these tests are executed using the run(1) script
+described in the next section.
+
+2. How to Run These Tests
+
+Currently, all the test suites under usr/src/test provide a wrapper script
+around run(1). These wrappers allow environment variables to be set up which
+may (for example) allow the script to specify which disks may be used by a test
+suite, and which must be preserved. Additionally, the wrappers allow options to
+run(1) to be passed through so that a user may specify a custom configuration
+file for a test suite. For specifics on the options available in the framework
+itself, please see the run(1) manpage.
+
+3. How to Develop New Tests
+
+New tests should mimic the directory layout of existing tests to the degree
+possible. This includes the following directories:
+
+cmd - Any support binaries or scripts used by the tests in this package.
+doc - READMEs or other support documentation to be delivered with the package.
+runfiles -  Configuration files that dictate how the tests are run.
+tests - The tests themselves (see below).
+
+The tests you create will be run, and given a PASS or FAIL status in accordance
+with the exit value returned by the test. A test may also be marked SKIPPED in
+the event that a prerequisite test is marked FAIL, or marked KILLED in the
+event the test times out. Note that there is no way to force a test to be
+marked SKIPPED; this is intentional. If a test must be skipped due to
+insufficient resources for example, then a wrapper script should be provided
+that chooses or creates an appropriate configuration file. The goal of every
+run is that every test is marked PASS.
+
+4. Porting Tests from Other Frameworks
+
+STF (Solaris Test Framework)
+
+Porting tests from this framework is relatively straightforward. For the most
+part the tests can be arranged in the new directory structure and added to the
+configuration file. The template for a configuration file can easily be created
+using the -w option to run(1). There are a few other changes that may be
+required:
+
+Some STF tests consume the values of variables from the user's environment.
+These variables must be set before beginning the test run either manually, or
+via a wrapper script.
+
+Groups of tests in STF can automatically source .cfg files specified in the
+'stf_description' file that exists in an STF directory. Ported tests that
+require any of these variables must manually source the .cfg file instead.
+
+The configuration file of a newly ported test must specify the user the test
+should run as, along with the timeout value. In STF, these are also specified
+in the 'stf_description' file.
diff -r e721e2fa45d8 -r 91e6d0c446e5 usr/src/test/zfs-tests/doc/README
--- a/usr/src/test/zfs-tests/doc/README	Fri Jan 11 08:35:07 2013 -0800
+++ b/usr/src/test/zfs-tests/doc/README	Fri Jan 11 15:56:21 2013 -0800
@@ -10,7 +10,7 @@
 #
 
 #
-# Copyright (c) 2012 by Delphix. All rights reserved.
+# Copyright (c) 2013 by Delphix. All rights reserved.
 #
 
 ZFS Test Suite README
@@ -60,7 +60,7 @@
 
 When the '-q' option is specified, it is passed to run(1) which causes output
 to be written to the console only for tests that do not pass and the results
-summary. 
+summary.
 
 The ZFS Test Suite allows the user to specify a subset of the tests via a
 runfile. The format of the runfile is explained in run(1), and the files that
diff -r e721e2fa45d8 -r 91e6d0c446e5 usr/src/test/zfs-tests/runfiles/delphix.run
--- a/usr/src/test/zfs-tests/runfiles/delphix.run	Fri Jan 11 08:35:07 2013 -0800
+++ b/usr/src/test/zfs-tests/runfiles/delphix.run	Fri Jan 11 15:56:21 2013 -0800
@@ -10,7 +10,7 @@
 #
 
 #
-# Copyright (c) 2012 by Delphix. All rights reserved.
+# Copyright (c) 2013 by Delphix. All rights reserved.
 #
 
 [DEFAULT]
@@ -38,7 +38,8 @@
     'zfs_acl_chmod_xattr_001_pos', 'zfs_acl_chmod_xattr_002_pos',
     'zfs_acl_cp_001_pos', 'zfs_acl_cp_002_pos', 'zfs_acl_cpio_001_pos',
     'zfs_acl_cpio_002_pos', 'zfs_acl_find_001_pos', 'zfs_acl_ls_001_pos',
-    'zfs_acl_mv_001_pos', 'zfs_acl_tar_001_pos', 'zfs_acl_tar_002_pos']
+    'zfs_acl_mv_001_pos', 'zfs_acl_tar_001_pos', 'zfs_acl_tar_002_pos',
+    'zfs_acl_aclmode_restricted_001_neg']
 
 [/opt/zfs-tests/tests/functional/acl/trivial]
 tests = ['zfs_acl_chmod_001_pos', 'zfs_acl_compress_001_pos',
@@ -47,7 +48,8 @@
     'zfs_acl_ls_002_neg', 'zfs_acl_mv_001_pos', 'zfs_acl_pack_001_pos',
     'zfs_acl_pax_001_pos', 'zfs_acl_pax_002_pos', 'zfs_acl_pax_003_pos',
     'zfs_acl_pax_004_pos', 'zfs_acl_pax_005_pos', 'zfs_acl_pax_006_pos',
-    'zfs_acl_tar_001_pos', 'zfs_acl_tar_002_neg']
+    'zfs_acl_tar_001_pos', 'zfs_acl_tar_002_neg',
+    'zfs_acl_aclmode_restricted_001_pos']
 
 [/opt/zfs-tests/tests/functional/atime]
 tests = ['atime_001_pos', 'atime_002_neg']
diff -r e721e2fa45d8 -r 91e6d0c446e5 usr/src/test/zfs-tests/runfiles/openindiana.run
--- a/usr/src/test/zfs-tests/runfiles/openindiana.run	Fri Jan 11 08:35:07 2013 -0800
+++ b/usr/src/test/zfs-tests/runfiles/openindiana.run	Fri Jan 11 15:56:21 2013 -0800
@@ -10,7 +10,7 @@
 #
 
 #
-# Copyright (c) 2012 by Delphix. All rights reserved.
+# Copyright (c) 2013 by Delphix. All rights reserved.
 #
 
 [DEFAULT]
@@ -38,7 +38,8 @@
     'zfs_acl_chmod_xattr_001_pos', 'zfs_acl_chmod_xattr_002_pos',
     'zfs_acl_cp_001_pos', 'zfs_acl_cp_002_pos', 'zfs_acl_cpio_001_pos',
     'zfs_acl_cpio_002_pos', 'zfs_acl_find_001_pos', 'zfs_acl_ls_001_pos',
-    'zfs_acl_mv_001_pos', 'zfs_acl_tar_001_pos', 'zfs_acl_tar_002_pos']
+    'zfs_acl_mv_001_pos', 'zfs_acl_tar_001_pos', 'zfs_acl_tar_002_pos',
+    'zfs_acl_aclmode_restricted_001_neg']
 
 [/opt/zfs-tests/tests/functional/acl/trivial]
 tests = ['zfs_acl_chmod_001_pos', 'zfs_acl_compress_001_pos',
@@ -47,7 +48,8 @@
     'zfs_acl_ls_002_neg', 'zfs_acl_mv_001_pos', 'zfs_acl_pack_001_pos',
     'zfs_acl_pax_001_pos', 'zfs_acl_pax_002_pos', 'zfs_acl_pax_003_pos',
     'zfs_acl_pax_004_pos', 'zfs_acl_pax_005_pos', 'zfs_acl_pax_006_pos',
-    'zfs_acl_tar_001_pos', 'zfs_acl_tar_002_neg']
+    'zfs_acl_tar_001_pos', 'zfs_acl_tar_002_neg',
+    'zfs_acl_aclmode_restricted_001_pos']
 
 [/opt/zfs-tests/tests/functional/atime]
 tests = ['atime_001_pos', 'atime_002_neg']
diff -r e721e2fa45d8 -r 91e6d0c446e5 usr/src/test/zfs-tests/tests/functional/acl/nontrivial/Makefile
--- a/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/Makefile	Fri Jan 11 08:35:07 2013 -0800
+++ b/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/Makefile	Fri Jan 11 15:56:21 2013 -0800
@@ -10,7 +10,7 @@
 #
 
 #
-# Copyright (c) 2012 by Delphix. All rights reserved.
+# Copyright (c) 2013 by Delphix. All rights reserved.
 #
 
 include $(SRC)/Makefile.master
@@ -20,6 +20,7 @@
 
 PROGS = cleanup \
 	setup \
+	zfs_acl_aclmode_restricted_001_neg \
 	zfs_acl_chmod_001_neg \
 	zfs_acl_chmod_002_pos \
 	zfs_acl_chmod_aclmode_001_pos \
diff -r e721e2fa45d8 -r 91e6d0c446e5 usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_aclmode_restricted_001_neg.ksh
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_aclmode_restricted_001_neg.ksh	Fri Jan 11 15:56:21 2013 -0800
@@ -0,0 +1,82 @@
+#!/usr/bin/ksh -p
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+
+#
+# Copyright (c) 2013 by Delphix. All rights reserved.
+# Copyright (c) 2013 by Paul B. Henson <henson@acm.org>.
+#                    All rights reserved.
+#
+
+
+. $STF_SUITE/tests/functional/acl/acl.cfg
+. $STF_SUITE/tests/functional/acl/acl_common.kshlib
+
+#
+# DESCRIPTION:
+#	Verify mode bits based chmod fails on files/directories with
+#       non-trivial ACLs when aclmode=restricted
+#
+# STRATEGY:
+#	1. Loop super user and non-super user to run the test case
+#	2. Create test file and directory
+#	3. Set non-trivial ACL on test file and directory
+#	4. Verify mode bits based chmod fails
+#
+
+verify_runnable "both"
+
+function cleanup
+{
+	# reset aclmode=discard
+	log_must $ZFS set aclmode=discard $TESTPOOL/$TESTFS
+}
+
+log_assert "Verify mode bits based chmod fails on files/directories "\
+    "with non-trivial ACLs when aclmode=restricted"
+log_onexit cleanup
+
+log_must $ZFS set aclmode=restricted $TESTPOOL/$TESTFS
+
+for user in root $ZFS_ACL_STAFF1; do
+	log_must set_cur_usr $user
+
+	log_must usr_exec $MKDIR $TESTDIR/testdir
+	log_must usr_exec $TOUCH $TESTDIR/testfile
+
+	# Make sure ACL is non-trival
+	log_must usr_exec $CHMOD A+user:${ZFS_ACL_STAFF1}:r::allow \
+	    $TESTDIR/testdir $TESTDIR/testfile
+
+	log_mustnot usr_exec $CHMOD u-w $TESTDIR/testdir
+	log_mustnot usr_exec $CHMOD u-w $TESTDIR/testfile
+
+	log_must usr_exec $RMDIR $TESTDIR/testdir
+	log_must usr_exec $RM $TESTDIR/testfile
+done
+
+log_pass "Verify mode bits based chmod fails on files/directories "\
+    "with non-trivial ACLs when aclmode=restricted passed."
diff -r e721e2fa45d8 -r 91e6d0c446e5 usr/src/test/zfs-tests/tests/functional/acl/trivial/Makefile
--- a/usr/src/test/zfs-tests/tests/functional/acl/trivial/Makefile	Fri Jan 11 08:35:07 2013 -0800
+++ b/usr/src/test/zfs-tests/tests/functional/acl/trivial/Makefile	Fri Jan 11 15:56:21 2013 -0800
@@ -10,7 +10,7 @@
 #
 
 #
-# Copyright (c) 2012 by Delphix. All rights reserved.
+# Copyright (c) 2013 by Delphix. All rights reserved.
 #
 
 include $(SRC)/Makefile.master
@@ -20,6 +20,7 @@
 
 PROGS = cleanup \
 	setup \
+	zfs_acl_aclmode_restricted_001_pos \
 	zfs_acl_chmod_001_pos \
 	zfs_acl_compress_001_pos \
 	zfs_acl_cp_001_pos \
diff -r e721e2fa45d8 -r 91e6d0c446e5 usr/src/test/zfs-tests/tests/functional/acl/trivial/zfs_acl_aclmode_restricted_001_pos.ksh
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/usr/src/test/zfs-tests/tests/functional/acl/trivial/zfs_acl_aclmode_restricted_001_pos.ksh	Fri Jan 11 15:56:21 2013 -0800
@@ -0,0 +1,130 @@
+#!/bin/ksh -p
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+
+#
+# Copyright (c) 2013 by Delphix. All rights reserved.
+# Copyright (c) 2013 by Paul B. Henson <henson@acm.org>. All rights reserved.
+#
+
+. $STF_SUITE/tests/functional/acl/acl.cfg
+. $STF_SUITE/tests/functional/acl/acl_common.kshlib
+
+#
+# DESCRIPTION:
+#	Verify chmod permission settings on files and directories, as both root
+#	and non-root users, with aclmode set to restricted.
+#
+# STRATEGY:
+#	1. Loop root and $ZFS_ACL_STAFF1 as root and non-root users.
+#	2. Create test file and directory in zfs filesystem.
+#	3. Execute 'chmod' with specified options.
+#	4. Check 'ls -l' output and compare with expect results.
+
+verify_runnable "both"
+
+function cleanup
+{
+	# reset aclmode=discard
+	log_must $ZFS set aclmode=discard $TESTPOOL/$TESTFS
+}
+
+#	"init_map" "options" "expect_map"
+set -A argv \
+	"000" "a+rw"	"rw-rw-rw-"	"000" "a+rwx"	"rwxrwxrwx" \
+	"000" "u+xr"	"r-x------"	"000" "gu-xw"	"---------" \
+	"644" "a-r"	"-w-------"	"644" "augo-x"	"rw-r--r--" \
+	"644" "=x"	"--x--x--x"	"644" "u-rw"	"---r--r--" \
+	"644" "uo+x"	"rwxr--r-x"	"644" "ga-wr"	"---------" \
+	"777" "augo+x"	"rwxrwxrwx"	"777" "go-xr"	"rwx-w--w-" \
+	"777" "o-wx"	"rwxrwxr--"	"777" "ou-rx"	"-w-rwx-w-" \
+	"777" "a+rwx"	"rwxrwxrwx"	"777" "u=rw"	"rw-rwxrwx" \
+	"000" "123"	"--x-w--wx"	"000" "412"	"r----x-w-" \
+	"231" "562"	"r-xrw--w-"	"712" "000"	"---------" \
+	"777" "121"	"--x-w---x"	"123" "775"	"rwxrwxr-x"
+
+log_assert " Verify chmod permission settings on files and directories for " \
+    "aclmode=restricted"
+log_onexit cleanup
+
+#
+# Verify file or directory have correct map after chmod
+#
+# $1 file or directory
+#
+function test_chmod_mapping #<file-dir>
+{
+	typeset node=$1
+	typeset -i i=0
+
+	while ((i < ${#argv[@]})); do
+		usr_exec $CHMOD ${argv[i]} $node
+		if (($? != 0)); then
+			log_note "usr_exec $CHMOD ${argv[i]} $node"
+			return 1
+		fi
+		usr_exec $CHMOD ${argv[((i + 1))]} $node
+		if (($? != 0)); then
+			log_note "usr_exec $CHMOD ${argv[((i + 1))]} $node"
+			return 1
+		fi
+
+		typeset mode
+		mode=$(get_mode ${node})
+
+		if [[ $mode != "-${argv[((i + 2))]}"* && \
+		    $mode != "d${argv[((i + 2))]}"* ]]
+		then
+			log_fail "FAIL: '${argv[i]}' '${argv[((i + 1))]}' \
+			    '${argv[((i + 2))]}'"
+		fi
+
+		((i += 3))
+	done
+
+	return 0
+}
+
+# set aclmode=restricted
+log_must $ZFS set aclmode=restricted $TESTPOOL/$TESTFS
+
+for user in root $ZFS_ACL_STAFF1; do
+	log_must set_cur_usr $user
+
+	# Test file
+	log_must usr_exec $TOUCH $testfile
+	log_must test_chmod_mapping $testfile
+
+	# Test directory
+	log_must usr_exec $MKDIR $testdir
+	log_must test_chmod_mapping $testdir
+
+	log_must usr_exec $RM $testfile
+	log_must usr_exec $RM -rf $testdir
+done
+
+log_pass "Setting permissions using 'chmod' for aclmode=restricted completed " \
+    "successfully."