Bug 461486
Summary: | mishandling of 'security.selinux' (other) extended attributes? | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Tom London <selinux> |
Component: | rsync | Assignee: | Simo Sorce <ssorce> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | szaka |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-09-08 14:53:48 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tom London
2008-09-08 14:22:01 UTC
(In reply to comment #0) [..] > When running the 'rsync' command, I get large numbers of console messages > similar to: > > rsync: rsync_xal_clear: > lremovexattr("mnt/windows/WINDOWS/twain_32/wiatwain.ds","security.selinux") > failed: Permission denied (13) > rsync: rsync_xal_clear: > lremovexattr("mnt/windows/temp","security.selinux") failed: Permission > denied (13) > rsync: rsync_xal_clear: > lremovexattr("mnt/windows/temp/setup.log","security.selinux") failed: > Permission denied (13) It seem that the target filesystem (ext4) has a security.selinux attribute for the copy it holds. This attribute is probably not present in the original filesystem (is ntfs-3g capable of handling Extended Attributes ?). Because of this difference, rsync tries to remove the different xattr in the destination file to make it identical to the origin. It seem rsync has no privileges to manipulate the security. namespace on the target filesystem, therefore it fails to remove it. [..] > Running 'getfatttr -d' on the source files produces, for example (checking > /mnt/windows/temp)/*: > [root@localhost temp]# getfattr -d * > getfattr: setup.log: Operation not supported > [root@localhost temp]# Ok your fuse-mounted filesystem is not capbale of handling extended attributes. [..] > #ifdef HAVE_LINUX_XATTRS > /* We always ignore the system namespace, and non-root > * ignores everything but the user namespace. */ > if (am_root ? HAS_PREFIX(name, SYSTEM_PREFIX) > : !HAS_PREFIX(name, USER_PREFIX)) > continue; > #endif > > I think this is code that attempts to synchronize the attributes on destination > to match to attributes on the source by removing "extra" attributes. Exactly. > I think this says: if running as root, don't remove attributes in the system > namespace (but remove everything else); if running as non-root, remove all > attributes but those in the user namespace. No, it says: if root ignore the system. namespace, synchronize everything else. if user synchronize only the user. namespace, ignore everything else. > If so, when running as root, the code will attempt to remove attributes from > the security namespace (e.g., 'security.selinux'). The reason it tries to remove attributes from security. is because they do not exist in the source filesystem. > In my case, I'm rsync-ing to an ext4 fs that supports SELinux labels/etc., but > copying from an NTFS-3g fs (mounted as /mnt/XXXXX) that shows fusefs_t as > labels. "getfattr" on files in these mounted filesystems fail: Yes the fusefs_t is a faked up label. > [root@tlondon ~]# getfattr /mnt/music > getfattr: /mnt/music: Operation not supported > [root@tlondon ~]# > > My (first?) guess is that rsync is trying to remove the security attributes > from target files to match the source file attributes (none). Correct > I'm not sure the approach is (completely) correct. Should rsync try to remove > the security (e.g., selinux) attributes from the target? you asked (--xattrs) rsync to synchronize extended attributes, it is just doing what you asked it to do. > If this is correct (and desired) it would be straightforward to patch the above > code to 'continue' on both system and security attributes. Something like: > > --- xattrs.c.orig 2008-09-06 11:09:08.000000000 -0700 > +++ xattrs.c 2008-09-06 11:12:50.000000000 -0700 > @@ -818,9 +818,10 @@ > list_len -= name_len; > > #ifdef HAVE_LINUX_XATTRS > - /* We always ignore the system namespace, and non-root > - * ignores everything but the user namespace. */ > - if (am_root ? HAS_PREFIX(name, SYSTEM_PREFIX) > + /* We always ignore the system and security namespaces, > + * and non-root ignores everything but the user namespace. */ > + if (am_root ? ( HAS_PREFIX(name, SYSTEM_PREFIX) > + || HAS_PREFIX(name, SECURITY_PREFIX) ) > : !HAS_PREFIX(name, USER_PREFIX)) > continue; > #endif This would be completely wrong. > But is this the right way to handle attributes in the security > namespace? What about "Trusted extended attributes"? No it is not, the current code is correct. > If the above is "the right way", I can create a working patch and test. No it is not, the 'right' way is to not use --xattrs if your source filesystem does not implement them, as there is no xattr to synchronize anyway. In short, this is a "configuration" problem, not a bug, the code operates as expectd, therefore I am closing this one. OK. Thanks for the comments. Per above, I should "--exclude=/mnt/windows/*" and "--exclude=/mnt/music/*" and sync them with a separate "rsync" without the "-xattr" option. Right? NTFS-3G is capable of handling extended attributes if the streams_interface=xattr mount option is specified. However the "security." namespace is not permitted at the moment. In the near future full, unconditional EA support will be released (no mount option will be needed). |