From nobody Mon Sep 11 12:00:17 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Rklds4bGdz4sts3; Mon, 11 Sep 2023 12:00:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Rklds436gz3QMW; Mon, 11 Sep 2023 12:00:17 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694433617; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XIiBv3HVuNsqGwODix3BL2g5d1ETfcjXCV9s7g7WCcI=; b=pjYHsxovpzTPmOCz4iAJdNqZh5poRpAbgOjL59bCcAJastzGaagEzEU+clEvc/Gee+KBGT dvab+gAgQnz0Pq5QjrgFf3vulGJxhOP2cPkcCZWmW0sGt5uBe0qg3cpo7r4FkR6haVlj3o CnKiD8rDWxIN56IDI0JxDNsgcD970pmdROe08kcN5uilOv9rF9XyFmcBiFyWcSzmZ/SSc3 ZfWvzeDzSrTu5VkM5A8PUukoZzlL4XCpNfAHx+FXBFHo0gk136fS4n24E+RRJYgR7BlxAI /9u/+D0Ojn6jJOwgkFnrlZ2MIGfZlc1LsoUPOzNZOKbj7EH1dMWbjd63CBdmjw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1694433617; a=rsa-sha256; cv=none; b=ItTonDkp6qQWe8fn1U9u/E7Sl6TWeLqSCcbLHgLwUZMLduQsOEjLswEsvgH2vy86w1//cb lLeunppQnW1WCnPX6pry5pd1ik6pQjhfj2y4yExBCNdEjXsyRQBHrxuDZKLWZ+/3lvIry9 0g7WaW7IjXOTWQCnjI2hK5ZdejNBpmSwMroz4v24kzNktpYk2vqJ2xms8R0dDU7AXqnwjh pnXwSGoyDz8UPNHjC3xTRvomeBlPlpPvgCyfmr5e230Q6IlBNSjBK2AOH0F3lnU169Jq/P qzwaIVgG5btsaVSdSVQjH7dtW5KXgtw+M1aLEqBjRYfoAelxrfsFmjBKY1MNiQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694433617; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XIiBv3HVuNsqGwODix3BL2g5d1ETfcjXCV9s7g7WCcI=; b=My7V4uD96xR3jBm1ZmFT7btcpWQQM00ou1ExuOpZd/z0Sp5ZpLNRQx5TFYefwDXXrs/h7W xVQejz1uhGMaipoRTEihgBURQhJAKd9GqkUDAkoIj7snbNZpcvzD65G/o9Z+Rk8LZF+iur iFL0mlsq3ZBMyQ3kh+woNN8fPs7kdT8dVR9ZG0PP0qeAg7QHLso0Yemwg3M6WbBLUAnUFQ 2kJFrAnkc2jaV4bE7w8eFIbOPtpOax4EayCv4SvwumZCTpuUeSrUF/m7CC5yKzIJJO5GJs Cdew7iGka81mIdsWu+4fMrsJySpTJYmS0m+CsBSQzglx/FGTrou5+63RrQbIqw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Rklds37qbznbX; Mon, 11 Sep 2023 12:00:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 38BC0Hxx000976; Mon, 11 Sep 2023 12:00:17 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 38BC0HGd000969; Mon, 11 Sep 2023 12:00:17 GMT (envelope-from git) Date: Mon, 11 Sep 2023 12:00:17 GMT Message-Id: <202309111200.38BC0HGd000969@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Dmitry Chagin Subject: git: bce9c2e34006 - stable/14 - linux(4): Return ENOTSUP from xattr syscalls instead of EPERM List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: dchagin X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: bce9c2e34006dd70fb77a72f8cce1ead8a01db9e Auto-Submitted: auto-generated The branch stable/14 has been updated by dchagin: URL: https://cgit.FreeBSD.org/src/commit/?id=bce9c2e34006dd70fb77a72f8cce1ead8a01db9e commit bce9c2e34006dd70fb77a72f8cce1ead8a01db9e Author: Dmitry Chagin AuthorDate: 2023-09-01 08:11:02 +0000 Commit: Dmitry Chagin CommitDate: 2023-09-11 11:59:38 +0000 linux(4): Return ENOTSUP from xattr syscalls instead of EPERM FreeBSD does not permits manipulating extended attributes in the system namespace by unprivileged accounts, even if account has appropriate privileges to access filesystem object. In Linux the system namespace is used to preserve posix acls. Some Gnu coreutils binaries uses posix acls, eg, install, ls. And fails if we unexpectedly return EPERM error from xattr system calls. In the other hands, in Linux read and write access to the system namespace depend on the policy implemented for each filesystem, so we'll mimics we're a filesystem that prohibits this for unpriveleged accounts. Reported by: zirias Tested by: zirias MFC after: 1 week (cherry picked from commit 1bfc4574f78653e4b64ac9dd31518c96a17fe52b) --- sys/compat/linux/linux_xattr.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/sys/compat/linux/linux_xattr.c b/sys/compat/linux/linux_xattr.c index 2b46cf708c7d..74b47f1cbaec 100644 --- a/sys/compat/linux/linux_xattr.c +++ b/sys/compat/linux/linux_xattr.c @@ -87,6 +87,16 @@ struct removexattr_args { static char *extattr_namespace_names[] = EXTATTR_NAMESPACE_NAMES; +static int +error_to_xattrerror(int attrnamespace, int error) +{ + + if (attrnamespace == EXTATTR_NAMESPACE_SYSTEM && error == EPERM) + return (ENOTSUP); + else + return (error); +} + static int xatrr_to_extattr(const char *uattrname, int *attrnamespace, char *attrname) { @@ -188,7 +198,7 @@ listxattr(struct thread *td, struct listxattr_args *args) if (error == 0) td->td_retval[0] = cnt; free(data, M_LINUX); - return (error); + return (error_to_xattrerror(attrnamespace, error)); } int @@ -248,7 +258,7 @@ removexattr(struct thread *td, struct removexattr_args *args) else error = kern_extattr_delete_fd(td, args->fd, attrnamespace, attrname); - return (error); + return (error_to_xattrerror(attrnamespace, error)); } int @@ -392,7 +402,7 @@ setxattr(struct thread *td, struct setxattr_args *args) attrname, args->value, args->size); out: td->td_retval[0] = 0; - return (error); + return (error_to_xattrerror(attrnamespace, error)); } int