On 01/14/2015 10:06 PM, Jakub Hrozek wrote:
On Wed, Jan 14, 2015 at 07:09:07PM +0100, Lukas Slebodnik wrote:
On (14/01/15 15:54), Jakub Hrozek wrote:
On Wed, Jan 14, 2015 at 09:48:06AM -0500, Simo Sorce wrote:
On Wed, 14 Jan 2015 16:08:33 +0200
Nikolai Kondrashov <nikolai.kondras...@redhat.com> wrote:
On 01/13/2015 02:31 PM, Nikolai Kondrashov wrote:
Hi everyone,
I have a bit of a chicken/egg problem with implementing cwrap tests.
Sssd currently requires the config file to belong to root. However,
that is not possible to arrange when running under a regular user,
in cwrap tests. Even though uid_wrapper fakes running under root,
the created files still belong to the real user.
I see two ways out of this: either run under fakeroot, or allow the
config file to (also?) belong to the user sssd is configured to run
under (target user).
While fakeroot will likely work, to me it seems like sweeping the
problem under the rug. The second option seems a bit more natural,
especially considering that the CDB file is explicitly chown'ed to
the target user, anyway.
Now, since the target user can be configured both at the build time
*and* in the configuration file itself, we'll need to verify file
ownership *after* reading it. Or, can we maybe move user
specification to command-line option?
What do you think?
Simo, do you have any thoughts on this?
It is blocking my cwrap LDAP integration test implementation.
Uhmmm though problem, I think, for this very special case, we may want
an env var that allows the code to relax permission/ownership checking
on the config file.
I do not generally like magic env variables, and we should have an
option to compile this support out perhaps, but I see no other sane way
short of intercepting stat() and faking permission/ownership only for
this case.
+1 we already have some other cases where we have #ifdef UNIT_TESTS
And I hate them because in most cases it means that code stink.
(But it would take a lot of effort to fix it)
an environment variable with sufficiently weird name to avoid accidental
conflicts sounds like a good idea
We have a ticket for removing usage of env variable from *_child.
I do not see any benefit from adding env just for tests.
Using fakeroot is much better solution then adding hack with env variables.
BTW fakeroot provides a fake root environment by means of LD_PRELOAD.
The only disadvantage of fakeroot is that is not available on all platforms.
(but there is not problem to prepare COPR repo)
So basically there is not a big difference between fakeroot and other cwrap
packages.
I admit I know very little about fakeroot, but is it going to be useful
except this one problem?
If yes, then fine, but if it's just about ownership of this single file,
then an environment variable or an ifdef is just easier. I think it
goes without saying that the ifdef shouldn't be in the general code, but
enclosed in a function, see 3fd66df4813d1410c1a6187c80e3a23395b14aed
Yes, it can be useful. Let's see how the other permission problem I have fares
and if it's problematic, then we'll go the fakeroot route.
Otherwise, at least two people have agreed that allowing sssd.sssd is OK and
I'd be glad to do that change.
Nick
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
