Re: Possible issue with linux xattr support?
Date: Tue, 29 Aug 2023 14:45:51 UTC
On Tue, Aug 29, 2023 at 12:59:11PM +0200, Felix Palmen wrote:
> * Dmitry Chagin <dchagin@freebsd.org> [20230828 18:57]:
> > On Mon, Aug 28, 2023 at 08:03:33AM +0200, Felix Palmen wrote:
> > > * Cy Schubert <Cy.Schubert@cschubert.com> [20230827 16:59]:
> > > >
> > > > If we are to break it to fix a problem, maybe a sysctl to enable/disable then?
> > >
> > > IMHO depends on the exact nature of the problem. If it's confirmed that
> > > it (always and only) breaks for jailed processes, just disabling it for
> > > them would be the better workaround. "No-op" calls won't break anything.
> > >
> >
> > please, try: https://people.freebsd.org/~dchagin/xattrerror.patch
>
> Thanks, I can confirm this avoids the issue in both cases I experienced
> (install from GNU coreutils and python).
>
thanks, this is the first half of the fix, it works for you due to you
are running tools under unprivileged user, afaiu. The second I have
tested by myself :)
> If I understand this patch correctly, it completely avoids EPERM,
> masking it as not supported, so callers should consider it non-fatal,
> allowing to silently ignore writing of "system" attributes while still
> keeping other functionality?
>
system namespace is accessible only for privileged user, for others Linux
returns ENOTSUP. So many tools ignores this error, eg ls.
the second: https://people.freebsd.org/~dchagin/sea_jailed.patch
Try this under privileged user, please.
> I wonder whether this could cause trouble in other scenarios (like a
> read-only fs or actually missing file permissions)?
>
> Cheers, Felix
>
> --
> Felix Palmen <zirias@FreeBSD.org> {private} felix@palmen-it.de
> -- ports committer -- {web} http://palmen-it.de
> {pgp public key} http://palmen-it.de/pub.txt
> {pgp fingerprint} 6936 13D5 5BBF 4837 B212 3ACC 54AD E006 9879 F231