[Bug 277908] Capsicum filesystem extended attribute support is broken

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 277908] Capsicum filesystem extended attribute support is broken"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 23 Mar 2024 16:58:39 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277908

Alan Somers <asomers@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |asomers@FreeBSD.org
             Status|New                         |Open

--- Comment #2 from Alan Somers <asomers@FreeBSD.org> ---
Ahh, so it's ECAPMODE instead of ENOTCAPABLE.  I missed that at first.  Here's
what I've learned through some more dtracing:

ZFS has two ways to store extended attributes: SA or dir.  IIRC, "dir" is
intended for large attributes, which this is not.  But zfs_getextattr_sa
returns ENOENT, so ZFS then tries zfs_getextattr_dir.  But that does
vn_open_cred, which calls namei.  namei is normally used to look up path names.
 Looking up absolute pathnames is forbidden in capability mode, so namei
returns ECAPMODE.  What remains to be determined is why namei thinks we're
doing an absolute lookup.

I tested this on FreeBSD stable/12, which was before the openzfs import, and
got the same result.  So the bug has probably been there forever.

-- 
You are receiving this mail because:
You are the assignee for the bug.