← Back to team overview

kernel-packages team mailing list archive

[Bug 1295948] [NEW] mako kernel doesn't support xattrs in the security namespace

 

Public bug reported:

Attempting on a mako device to setfattr on a file with the security
namespace fails with EOPNOTSUPP:

  $ sudo setfattr  -h -n security.sdtest -v hello testfile
  setfattr: testfile: Operation not supported

but the 'trusted' and 'user' namespaces work properly:

  $ sudo setfattr  -h -n user.sdtest -v hello testfile
  $ sudo getfattr  -h -n user.sdtest  testfile
  # file: testfile
  user.sdtest="hello"

strace'ing the setfaddr command shows the following:

  lsetxattr("testfile", "security.sdtest", "hello", 5, 0) = -1
EOPNOTSUPP (Operation not supported)

This is not the case for other kernels based off an android kernel. e.g.
it works fine on a grouper device.

$ uname -a
Linux ubuntu-phablet 3.4.0-5-mako #26-Ubuntu SMP PREEMPT Tue Feb 25 19:23:05 UTC 2014 armv7l armv7l armv7l GNU/Linux

Steps to reproduce:

  $ dd if=/dev/zero of=test.img bs=4096 count=4096
  4096+0 records in
  4096+0 records out
  16777216 bytes (17 MB) copied, 0.181383 s, 92.5 MB/s
  $ mkfs.ext3 -q -F test.img
  $ mkdir mountpoint
  $ sudo mount -o loop,user_xattr test.img mountpoint
  [sudo] password for phablet:
  $ mount | grep mountpoint
  /home/phablet/test.img on /home/phablet/mountpoint type ext3 (rw,relatime,errors=continue,user_xattr,barrier=1,data=writeback)
  $ cd mountpoint/
  $ sudo touch testfile
  $ sudo setfattr  -h -n security.sdtest -v hello testfile   # this command fails on mako, not on grouper
  setfattr: testfile: Operation not supported
  $ sudo setfattr  -h -n trusted.sdtest -v hello testfile
  $ sudo getfattr  -h -n trusted.sdtest  testfile
  # file: testfile
  trusted.sdtest="hello"

It fails regardless of whether the filesystem is ext3 or ext4.

(There are apparmor tests that exercise this functionality, which is how
it was noticed.)

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: Confirmed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1295948

Title:
  mako kernel doesn't support xattrs in the security namespace

Status in “linux” package in Ubuntu:
  Confirmed

Bug description:
  Attempting on a mako device to setfattr on a file with the security
  namespace fails with EOPNOTSUPP:

    $ sudo setfattr  -h -n security.sdtest -v hello testfile
    setfattr: testfile: Operation not supported

  but the 'trusted' and 'user' namespaces work properly:

    $ sudo setfattr  -h -n user.sdtest -v hello testfile
    $ sudo getfattr  -h -n user.sdtest  testfile
    # file: testfile
    user.sdtest="hello"

  strace'ing the setfaddr command shows the following:

    lsetxattr("testfile", "security.sdtest", "hello", 5, 0) = -1
  EOPNOTSUPP (Operation not supported)

  This is not the case for other kernels based off an android kernel.
  e.g. it works fine on a grouper device.

  $ uname -a
  Linux ubuntu-phablet 3.4.0-5-mako #26-Ubuntu SMP PREEMPT Tue Feb 25 19:23:05 UTC 2014 armv7l armv7l armv7l GNU/Linux

  Steps to reproduce:

    $ dd if=/dev/zero of=test.img bs=4096 count=4096
    4096+0 records in
    4096+0 records out
    16777216 bytes (17 MB) copied, 0.181383 s, 92.5 MB/s
    $ mkfs.ext3 -q -F test.img
    $ mkdir mountpoint
    $ sudo mount -o loop,user_xattr test.img mountpoint
    [sudo] password for phablet:
    $ mount | grep mountpoint
    /home/phablet/test.img on /home/phablet/mountpoint type ext3 (rw,relatime,errors=continue,user_xattr,barrier=1,data=writeback)
    $ cd mountpoint/
    $ sudo touch testfile
    $ sudo setfattr  -h -n security.sdtest -v hello testfile   # this command fails on mako, not on grouper
    setfattr: testfile: Operation not supported
    $ sudo setfattr  -h -n trusted.sdtest -v hello testfile
    $ sudo getfattr  -h -n trusted.sdtest  testfile
    # file: testfile
    trusted.sdtest="hello"

  It fails regardless of whether the filesystem is ext3 or ext4.

  (There are apparmor tests that exercise this functionality, which is
  how it was noticed.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1295948/+subscriptions


Follow ups

References