Am 11.07.2013 02:08, schrieb sf...@users.sourceforge.net: > >> faccessat(AT_FDCWD, "d2/f1", W_OK) = 0 >> unlinkat(AT_FDCWD, "d2/f1", 0) = -1 EPERM (Operation not permitted) >> ... >> Hence it is unlinkat. > Ok. > Reading git://kernel.ubuntu.com/ubuntu/ubuntu-precise.git, > unlinkeat(2) returns EPERM in these cases (other than aufs). > - name lookup > --> Since faccessat(2) succeeded just before unlinkat(2), it had to > succeed too. > - filesystem is not writable > --> not your case > - dir permission bits (writable, searchable), no special flags set > (append-only, sticky, immutable, swapfile) > --> not your case > - LSM checks > --> ?? Sounds logical, i tried to reconstruct your thinking, been to http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-precise.git;a=tree, but didn't find the .c/.h file, where I thought I could find the information. So I have to believe you. Nervertheless could you give me some hint how to get this without cloning the whole ubuntu/ubuntu-precise.git tree? I found aufs at http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-precise.git;a=tree;f=ubuntu/aufs
Btw, dmesg showed "non-accessible hardlink creation was attempted by: rm (fsuid 1000)" --> aufs was called by rm to create a hardlink white-out file?? Hence, I placed a watch on the parent directory of d1, d2, home, which is named test4: auditctl -w /bla/test4 -p warx mkdir d1 d2 home; touch home/f1; sudo mount -t aufs -o br=d1:home none d2; rm d2/f1 ausearch -f /bla/test4/ --> type=PATH msg=audit(1373574577.637:49): item=0 name="/bla/test4/d1/.wh..wh.plnk" inode=2232503 dev=08:07 mode=040700 ouid=0 ogid=0 rdev=00:00 type=CWD msg=audit(1373574577.637:49): cwd="/bla/test4" Another auditing yielded (301=unlinkat) type=PATH msg=audit(1373577818.625:48074): item=1 name="d2/f1" inode=11 dev=00:28 mode=0100664 ouid=1000 ogid=1000 rdev=00:00 type=PATH msg=audit(1373577818.625:48074): item=0 name="d2/" inode=2 dev=00:28 mode=040775 ouid=1000 ogid=1000 rdev=00:00 type=CWD msg=audit(1373577818.625:48074): cwd="/home/gauss/test5" type=SYSCALL msg=audit(1373577818.625:48074): arch=40000003 syscall=301 success=no exit=-1 a0=ffffff9c a1=91e48d8 a2=0 a3=91e5a90 items=2 ppid=3564 pid=11451 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=4294967295 comm="rm" exe="/bin/rm" key=(null) Further auditd debugging revealed nothing to me. > Currently we should confirm the LSM settings on your system first. > How is your configuration? Could your check your LSM log file? In my case that would be apparmor, I suppose. LSM obviously is deeper and not enforced through system calls? In the logfiles I did not find anything relating to apparmor and rm. /var/log/apparmor/ is empty and /var/log/syslog contains nothing relevant. /etc/apparmor.d/logprof.conf contains: # these ones shouln't have their own profiles /bin/rm = icn What does "icn" mean (apart from /bin/rm not having his own profile)? I tried to bring apparmor in complain mode: aa-complain /bin/rm However, doing aa-status after that, tells me, among other things: 0 profiles are in complain mode, 0 processes are in complain mode. Testing mkdir d1 d2 home; touch home/f1; sudo mount -t aufs -o br=d1:home none d2; rm d2/f1 brings up the error again, but leaves no further trace in the logs. I could do some further debugging with auditd (audit the directory d1 where I assume the hardlink will be created), if this would make sense. > I am afraid you are confusing the aufs user-space utilities and the aufs > kernel-space module. Note that aufs is a filesystem in kernel-space. > What we need to re-build is not the tools in user-space. It is the aufs > module in kernel-space. I hope you had ever build the kernel or module > in kernel-space. Now I am understanding. Thanks! I compiled a linux kernel back in the nineties. Last year I modified the opensuse pxe-boot kernel by adding module cfg_broadcom_phy. I think I can do it, but a little help would be great. > But I don't know whether the ubuntu update is important for the > current problem. Nevertheless, I did an apt-get update && apt-get upgrade before testing. dmesg tells me on mounting: aufs 3.2-20120109 which is as you said. > Thanks, but is it ok for you if I send a patch in kernel-space? J. R. > Okajima Okay. Some short information about how to apply it would be great. More or less, I will do something like: git clone git://kernel.ubuntu.com/ubuntu/ubuntu-precise.git precise git am your-patchfile make /path/yourmodule.ko install the module Is this the rough procedure? I can fill in the gaps by myself then. Markus ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
