Skip to content

fn: fix TestWriteFile when running as root #10186

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fn: fix TestWriteFile when running as root #10186

wants to merge 1 commit into from

Conversation

starius
Copy link
Collaborator

@starius starius commented Sep 1, 2025

Change Description

Root can bypass read-only file permissions, which made the test failure confusing: a file was overwritten even though it shouldn't have been. This is caused by process capability CAP_DAC_OVERRIDE which root processes often have in Linux. To workaround this, the owner of the file is changed to uid=1000 and gid=1000 (root can do it). If a file belongs to a world-writable sticky dir (like /tmp where the tested file is created) and fs.protected_regular kernel feature is enabled (a common practice on modern Linux distros), such file can't be overwritten by root.

Steps to Test

$ cd fn/

$ go test -v -run TestWriteFile
=== RUN   TestWriteFile
=== PAUSE TestWriteFile
=== RUN   TestWriteFileRemove
=== PAUSE TestWriteFileRemove
=== CONT  TestWriteFile
=== CONT  TestWriteFileRemove
--- PASS: TestWriteFileRemove (0.03s)
--- PASS: TestWriteFile (0.04s)
PASS
ok      github.com/lightningnetwork/lnd/fn/v2   0.040s

$ sudo su
# go test -v -run TestWriteFile
=== RUN   TestWriteFile
=== PAUSE TestWriteFile
=== RUN   TestWriteFileRemove
=== PAUSE TestWriteFileRemove
=== CONT  TestWriteFile
=== CONT  TestWriteFileRemove
--- PASS: TestWriteFile (0.01s)
--- PASS: TestWriteFileRemove (0.01s)
PASS
ok      github.com/lightningnetwork/lnd/fn/v2   0.017s
#

Pull Request Checklist

Testing

  • Your PR passes all CI checks.
  • Tests covering the positive and negative (error paths) are included.
  • Bug fixes contain tests triggering the bug to prevent regressions.

Code Style and Documentation

📝 Please see our Contribution Guidelines for further guidance.

@starius
fn: fix TestWriteFile when running as root
efc253c 
Root can bypass read-only file permissions, which made the test failure
confusing: a file was overwritten even though it shouldn't have been. This is
caused by process capability CAP_DAC_OVERRIDE which root processes often have in
Linux. To workaround this, the owner of the file is changed to uid=1000 and
gid=1000 (root can do it). If a file belongs to a world-writable sticky dir
(like /tmp where the tested file is created) and fs.protected_regular kernel
feature is enabled (a common practice on modern Linux distros), such file can't
be overwritten by root.
@starius starius marked this pull request as ready for review September 2, 2025 01:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
no-changelog no-itest
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@starius