bug#16094: bug: cp/mv cannot copy/move a file's extended attrs if they start with 'security'
On 12/09/2013 11:15 PM, Linda Walsh wrote: On 12/9/2013 2:24 PM, Pádraig Brady wrote: So what's up with this? Shouldn't the NTACL be able to be stored/moved with the file? This would be security policy enforced by the system I suspect. I.E. mv is not filtering these explicitly. Ideas as to how? I.e. Is it part of the gnu libraries? I only build the standard linux security model into my kernel, so unless it's a part of a fs driver or something, I'm fairly sure it is not coming from the kernel... Note since you're writing to /tmp it might be an issue with tmpfs? Have a look at recent TMPFS_SECURITY and TMPFS_XATTR kernel options are enabled. Also there are acl mount options that might impact here too. thanks, Pádraig.
bug#16094: bug: cp/mv cannot copy/move a file's extended attrs if they start with 'security'
On 12/10/2013 12:52 AM, Pádraig Brady wrote: Note since you're writing to /tmp it might be an issue with tmpfs? df /tmp Filesystem Size Used Avail Use% Mounted on /dev/sdc2 7.8G 3.5G 4.4G 45% /tmp xfs_info /tmp meta-data=/dev/sdc2 isize=256agcount=4, agsize=519101 blks = sectsz=512 attr=2 I don't think so... Have a look at recent TMPFS_SECURITY and TMPFS_XATTR kernel options are enabled. Also there are acl mount options that might impact here too. zgrep TMPFS /proc/config.gz CONFIG_DEVTMPFS=y CONFIG_DEVTMPFS_MOUNT=y CONFIG_TMPFS=y CONFIG_TMPFS_POSIX_ACL=y CONFIG_TMPFS_XATTR=y They are enabled, but I don't think they are relevant since /tmp is a normal xfs file system in my case. Actually a it's a dir on /var named /var/rtmp that gets 'rbound' (rbind) to /tmp) so my root can remain relatively static.
bug#16094: bug: cp/mv cannot copy/move a file's extended attrs if they start with 'security'
I saved a file to my home directory on linux via windows. I wanted to move it to /tmp. I got: mv /home/law/tmp/oVars.pm /tmp mv: setting attribute ‘security.NTACL’ for ‘security.NTACL’: Operation not permitted So what's up with this? Shouldn't the NTACL be able to be stored/moved with the file?
bug#16094: bug: cp/mv cannot copy/move a file's extended attrs if they start with 'security'
tag 16094 notabug stop On 12/09/2013 08:09 PM, Linda Walsh wrote: I saved a file to my home directory on linux via windows. I wanted to move it to /tmp. I got: mv /home/law/tmp/oVars.pm /tmp mv: setting attribute ‘security.NTACL’ for ‘security.NTACL’: Operation not permitted So what's up with this? Shouldn't the NTACL be able to be stored/moved with the file? This would be security policy enforced by the system I suspect. I.E. mv is not filtering these explicitly. thanks, Pádraig.
bug#16094: bug: cp/mv cannot copy/move a file's extended attrs if they start with 'security'
On 12/9/2013 2:24 PM, Pádraig Brady wrote: So what's up with this? Shouldn't the NTACL be able to be stored/moved with the file? This would be security policy enforced by the system I suspect. I.E. mv is not filtering these explicitly. Ideas as to how? I.e. Is it part of the gnu libraries? I only build the standard linux security model into my kernel, so unless it's a part of a fs driver or something, I'm fairly sure it is not coming from the kernel...
