Re: unsquashfs not preserving file capabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi

Debugged this with traces enabled. Turns out that unsquashfs *is*
setting xattrs with lsetxattr() but soon after returning from
write_xattr(), it calls chown() and that is removing the xattrs on
file.

Please take a look at this patch below, which calls chown() only if
uid/gid of file is different to what is passed in set_attributes().
I'm not that familiar with this code.

thank you

bash% diff -u /bld/squashfs-tools/unsquashfs.c unsquashfs.c

--- /bld/squashfs-tools/unsquashfs.c    2015-10-07 20:22:22.657129963 -0700

+++ unsquashfs.c        2015-10-07 20:21:06.070143018 -0700

@@ -700,12 +700,21 @@

        }



        if(root_process) {

-               if(chown(pathname, uid, guid) == -1) {

-                       ERROR("set_attributes: failed to change uid and gids "

-                               "on %s, because %s\n", pathname,

-                               strerror(errno));

+               struct stat sbuf;

+               int x = stat(pathname, &sbuf);

+               if (x != 0) {

+                       ERROR("set_attributes: stat(%s) failed. errno %d\n",

+                               pathname, errno);

                        return FALSE;

                }

+               if(uid != sbuf.st_uid || guid != sbuf.st_gid) {

+                       if(chown(pathname, uid, guid) == -1) {

+                               ERROR("set_attributes: failed to change "

+                               "uid and gids on %s, because %s\n", pathname,

+                               strerror(errno));

+                               return FALSE;

+                       }

+               }

        } else

                mode &= ~07000;



bash%

On Wed, Oct 7, 2015 at 7:28 AM, Prasad Koya <prasad.koya@xxxxxxxxx> wrote:
> Hi
>
> Not sure if there is a mailing list for squashfs-tools.
>
> I'm not seeing xattrs after unsquashing. This is how we are using:
>
> 1. Install all of our RPMs with some root dir (rpm --root xyz)
>
> 2. mksquashfs of xyz. (-comp xz -Xbcj x86).
>
> 3. To update an rpm in image, we first unsquash  the fs made in step 2
> with unsquashfs. Say this is dir xyz2, then do 'rpm --root xyz2 -U
> changed.rpm'
>
> Right after unsquashing in step 3, I don't see capabilities on, say, ping.
>
>
> after first mksquashfs ie., installing all RPMs fresh:
>
> bash% getfattr -n security.capability rootfs/usr/bin/ping
> # file: usr/bin/ping
> security.capability=0sAQAAAgAwAAAAAAAAAAAAAAAAAAA=
>
> bash% getcap rootfs/usr/bin/ping
> usr/bin/ping = cap_net_admin,cap_net_raw+ep
>
>
> after unsquashfs:
>
> bash% getfattr -n security.capability
> /tmp/extracted/unsquashed/usr/bin/ping
> /tmp/extracted/unsquashed/usr/bin/ping: security.capability: No such attribute
>
> bash% getcap /tmp/extracted/unsquashed/usr/bin/ping
> bash%
>
> I explicitly specify '-xattrs' for both mksquashfs and unsquashfs. Is
> this known issue?
>
> thank you.
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux