DescriptionChristophe Besson
2020-11-05 15:06:32 UTC
Description of problem:
While running unsquashfs, file capabilities are not preserved.
Version-Release number of selected component (if applicable):
squashfs-tools-4.3-0.21.gitaae0aff4
How reproducible:
100%
Steps to Reproduce:
~~~
# mksquashfs /usr/bin/ping /tmp/test.img
# mount /tmp/test.img /mnt
# getcap /mnt/ping
/mnt/ping = cap_net_admin,cap_net_raw+p
# unsquashfs /tmp/test.img
# getcap squashfs-root/ping
<EMPTY OUTPUT>
~~~
Additional info:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804194
Applying blindly that patch against the RHEL srpm fixed the issue for me.
~~~
--- squashfs4.3.orig/squashfs-tools/unsquashfs.c 2020-11-05 13:08:22.000000000 +0100
+++ squashfs4.3/squashfs-tools/unsquashfs.c 2020-11-05 13:09:02.000000000 +0100
@@ -818,8 +818,6 @@
{
struct utimbuf times = { time, time };
- write_xattr(pathname, xattr);
-
if(utime(pathname, ×) == -1) {
ERROR("set_attributes: failed to set time on %s, because %s\n",
pathname, strerror(errno));
@@ -842,6 +840,8 @@
return FALSE;
}
+ write_xattr(pathname, xattr);
+
return TRUE;
}
~~~
Issue has been fixed a little bit differently in 4.4 upstream.
The bug also concerns the RHEL 8 version, so cloning this bug.
https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=34344140
Here's a rhel7 test build with the above patch. It passed the test case outlined in the description. Could you please run additional tests to make sure the patch didn't break anything else? If all looks fine, I'll go ahead and file an erratum.
Out of curiosity, who is the customer and what is their use-case for squashfs?
Comment 3Christophe Besson
2021-01-19 13:41:54 UTC
Thanks, requesting to verify if it works in that environment.