ZTS: Fix incorrect use of libtest in user_run by xattr_003_neg

You can't use user_run to eval ksh functions defined in libtest unless
you include libtest in the user shell.

Simplify user_run to retain the current environment, eliminate eval,
and feed the command string into ksh.  Enhance the logging for
user_run so we can see out and err.

Fix xattr_003_neg by:
* running ksh as the user
* feeding it the commands to include libtest *then* run get_xattr
* assert this fails
* use variables for filenames so they don't change in the user's shell
* don't log the contents of /etc/passwd
* cleanup all byproducts

Signed-off-by: Ryan Moeller <[email protected]>

Author: Ryan Moeller

tests/zfs-tests/include/libtest.shlib

@@ -3393,8 +3393,13 @@ function user_run
 	typeset user=$1
 	shift
 
-	log_note "user:$user $@"
-	eval su - \$user -c \"$@\" > $TEST_BASE_DIR/out 2>$TEST_BASE_DIR/err
+	log_note "user: $user"
+	log_note "cmd: $*"
+	sudo -Eu $user ksh <<<"$*" >$TEST_BASE_DIR/out 2>$TEST_BASE_DIR/err
+	typeset res=$?
+	log_note "out: `<$TEST_BASE_DIR/out`"
+	log_note "err: `<$TEST_BASE_DIR/err`"
+	return $res
 }
 
 #

tests/zfs-tests/tests/functional/delegate/delegate_common.kshlib

@@ -388,7 +388,7 @@ function verify_send
 	typeset bak_user=$TEST_BASE_DIR/bak.$user.$stamp
 	typeset bak_root=$TEST_BASE_DIR/bak.root.$stamp
 
-	user_run $user eval "zfs send $snap > $bak_user"
+	user_run $user "zfs send $snap > $bak_user"
 	log_must eval "zfs send $snap > $bak_root"
 
 	if [[ $(checksum $bak_user) == $(checksum $bak_root) ]]; then
@@ -430,27 +430,27 @@ function verify_fs_receive
 		log_must eval "zfs send $dtstsnap > $bak_root"
 		log_must_busy zfs destroy -rf $dtst
 
-		user_run $user eval "zfs receive $dtst < $bak_root"
+		user_run $user "zfs receive $dtst < $bak_root"
 		if datasetexists $dtstsnap ; then
 			return 1
 		fi
 
 		log_must zfs allow $user create $fs
-		user_run $user eval "zfs receive $dtst < $bak_root"
+		user_run $user "zfs receive $dtst < $bak_root"
 		log_must zfs unallow $user create $fs
 		if datasetexists $dtstsnap ; then
 			return 1
 		fi
 
 		log_must zfs allow $user mount $fs
-		user_run $user eval "zfs receive $dtst < $bak_root"
+		user_run $user "zfs receive $dtst < $bak_root"
 		log_must zfs unallow $user mount $fs
 		if datasetexists $dtstsnap ; then
 			return 1
 		fi
 
 		log_must zfs allow $user mount,create $fs
-		user_run $user eval "zfs receive $dtst < $bak_root"
+		user_run $user "zfs receive $dtst < $bak_root"
 		log_must zfs unallow $user mount,create $fs
 		if ! datasetexists $dtstsnap ; then
 			return 1

tests/zfs-tests/tests/functional/limits/filesystem_limit.ksh

@@ -126,14 +126,14 @@ log_must zfs set filesystem_limit=0 "$DATASET_TEST"
 log_must zfs create "$DATASET_UTIL/send"
 log_must zfs snapshot "$DATASET_UTIL/send@snap1"
 log_must eval "zfs send $DATASET_UTIL/send@snap1 > $ZSTREAM"
-log_mustnot user_run $STAFF1 eval "zfs receive $DATASET_TEST/received < $ZSTREAM"
+log_mustnot user_run $STAFF1 "zfs receive $DATASET_TEST/received < $ZSTREAM"
 log_mustnot datasetexists "$DATASET_TEST/received"
 log_must test "$(get_prop 'filesystem_count' "$DATASET_TEST")" == "0"
 # Verify filesystem_limit is *not* enforced for users allowed to change it
 log_must eval "zfs receive $DATASET_TEST/received < $ZSTREAM"
 log_must zfs destroy -r "$DATASET_TEST/received"
 log_must zfs allow -l $STAFF1 'filesystem_limit' "$DATASET_TEST"
-log_must user_run $STAFF1 eval "zfs receive $DATASET_TEST/received < $ZSTREAM"
+log_must user_run $STAFF1 "zfs receive $DATASET_TEST/received < $ZSTREAM"
 log_must datasetexists "$DATASET_TEST/received"
 
 log_pass "'filesystem_limit' property is enforced"

tests/zfs-tests/tests/functional/limits/snapshot_limit.ksh

@@ -142,16 +142,16 @@ log_must zfs create "$DATASET_UTIL/send"
 log_must zfs snapshot "$DATASET_UTIL/send@snap1"
 log_must eval "zfs send $DATASET_UTIL/send@snap1 > $ZSTREAM"
 log_mustnot user_run $STAFF1 \
-    eval "zfs receive $DATASET_TEST/received < $ZSTREAM"
+    "zfs receive $DATASET_TEST/received < $ZSTREAM"
 log_mustnot datasetexists "$DATASET_TEST/received"
 log_must test "$(get_prop 'snapshot_count' "$DATASET_TEST")" == "0"
 log_must zfs set snapshot_limit=1 "$DATASET_TEST"
 log_must user_run $STAFF1 \
-    eval "zfs receive $DATASET_TEST/received < $ZSTREAM"
+    "zfs receive $DATASET_TEST/received < $ZSTREAM"
 log_must zfs snapshot "$DATASET_UTIL/send@snap2"
 log_must eval "zfs send -i @snap1 $DATASET_UTIL/send@snap2 > $ZSTREAM"
 log_mustnot user_run $STAFF1 \
-    eval "zfs receive $DATASET_TEST/received < $ZSTREAM"
+    "zfs receive $DATASET_TEST/received < $ZSTREAM"
 log_mustnot datasetexists "$DATASET_TEST/received@snap2"
 log_must test "$(get_prop 'snapshot_count' "$DATASET_TEST")" == "1"
 # Verify snapshot_limit is *not* enforced for users allowed to change it
@@ -160,7 +160,7 @@ log_must zfs snapshot "$DATASET_UTIL/send@snap3"
 log_must eval "zfs send -i @snap2 $DATASET_UTIL/send@snap3 > $ZSTREAM"
 log_must zfs allow -l $STAFF1 'snapshot_limit' "$DATASET_TEST"
 log_must user_run $STAFF1 \
-    eval "zfs receive $DATASET_TEST/received < $ZSTREAM"
+    "zfs receive $DATASET_TEST/received < $ZSTREAM"
 log_must test "$(get_prop 'snapshot_count' "$DATASET_TEST")" == "3"
 
 log_pass "'snapshot_limit' property is enforced"

tests/zfs-tests/tests/functional/xattr/xattr_003_neg.ksh

@@ -43,34 +43,40 @@
 #	4. Check that we're unable to write an xattr as a non-root user
 #
 
-function cleanup {
-
-	log_must rm $TESTDIR/myfile.$$
-
+function cleanup
+{
+	rm -f $testfile $tempfile
 }
 
 log_assert "read/write xattr on a file with no permissions fails"
 log_onexit cleanup
 
-log_must touch $TESTDIR/myfile.$$
-create_xattr $TESTDIR/myfile.$$ passwd /etc/passwd
+typeset testfile=$TESTDIR/testfile.$$
+typeset tempfile=/tmp/tempfile.$$
+
+log_must touch $testfile
+create_xattr $testfile passwd /etc/passwd
 
-log_must chmod 000 $TESTDIR/myfile.$$
+log_must chmod 000 $testfile
 if is_illumos; then
-	log_mustnot su $ZFS_USER -c "runat $TESTDIR/myfile.$$ cat passwd"
-	log_mustnot su $ZFS_USER -c "runat $TESTDIR/myfile.$$ cp /etc/passwd ."
+	log_mustnot su $ZFS_USER -c "runat $testfile cat passwd"
+	log_mustnot su $ZFS_USER -c "runat $testfile cp /etc/passwd ."
 else
-	user_run $ZFS_USER eval \
-	    "get_xattr passwd $TESTDIR/myfile.$$ >/tmp/passwd.$$"
-	log_mustnot diff /etc/passwd /tmp/passwd.$$
-	log_must rm /tmp/passwd.$$
+	log_mustnot user_run $ZFS_USER "
+. $STF_SUITE/include/libtest.shlib
+get_xattr passwd $testfile >$tempfile
+"
+	log_mustnot diff -q /etc/passwd $tempfile
+	log_must rm $tempfile
 
-	user_run $ZFS_USER eval \
-	    "set_xattr_stdin passwd $TESTDIR/myfile.$$ </etc/group"
-	log_must chmod 644 $TESTDIR/myfile.$$
-	get_xattr passwd $TESTDIR/myfile.$$ >/tmp/passwd.$$
-	log_must diff /etc/passwd /tmp/passwd.$$
-	log_must rm /tmp/passwd.$$
+	log_mustnot user_run $ZFS_USER "
+. $STF_SUITE/include/libtest.shlib
+set_xattr_stdin passwd $testfile </etc/group
+"
+	log_must chmod 644 $testfile
+	get_xattr passwd $testfile >$tempfile
+	log_must diff -q /etc/passwd $tempfile
+	log_must rm $tempfile
 fi
 
 log_pass "read/write xattr on a file with no permissions fails"