mako kernel doesn't support xattrs in the security namespace

Bug #1295948 reported by Steve Beattie
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux-mako (Ubuntu)
Fix Released
Undecided
Tim Gardner
Trusty
Fix Released
Undecided
Tim Gardner
linux-manta (Ubuntu)
Fix Released
Undecided
Tim Gardner
Trusty
Fix Released
Undecided
Tim Gardner

Bug Description

Attempting on a mako device to setfattr on a file with the security namespace fails with EOPNOTSUPP:

  $ sudo setfattr -h -n security.sdtest -v hello testfile
  setfattr: testfile: Operation not supported

but the 'trusted' and 'user' namespaces work properly:

  $ sudo setfattr -h -n user.sdtest -v hello testfile
  $ sudo getfattr -h -n user.sdtest testfile
  # file: testfile
  user.sdtest="hello"

strace'ing the setfaddr command shows the following:

  lsetxattr("testfile", "security.sdtest", "hello", 5, 0) = -1 EOPNOTSUPP (Operation not supported)

This is not the case for other kernels based off an android kernel. e.g. it works fine on a grouper device.

$ uname -a
Linux ubuntu-phablet 3.4.0-5-mako #26-Ubuntu SMP PREEMPT Tue Feb 25 19:23:05 UTC 2014 armv7l armv7l armv7l GNU/Linux

Steps to reproduce:

  $ dd if=/dev/zero of=test.img bs=4096 count=4096
  4096+0 records in
  4096+0 records out
  16777216 bytes (17 MB) copied, 0.181383 s, 92.5 MB/s
  $ mkfs.ext3 -q -F test.img
  $ mkdir mountpoint
  $ sudo mount -o loop,user_xattr test.img mountpoint
  [sudo] password for phablet:
  $ mount | grep mountpoint
  /home/phablet/test.img on /home/phablet/mountpoint type ext3 (rw,relatime,errors=continue,user_xattr,barrier=1,data=writeback)
  $ cd mountpoint/
  $ sudo touch testfile
  $ sudo setfattr -h -n security.sdtest -v hello testfile # this command fails on mako, not on grouper
  setfattr: testfile: Operation not supported
  $ sudo setfattr -h -n trusted.sdtest -v hello testfile
  $ sudo getfattr -h -n trusted.sdtest testfile
  # file: testfile
  trusted.sdtest="hello"

It fails regardless of whether the filesystem is ext3 or ext4.

(There are apparmor tests that exercise this functionality, which is how it was noticed.)

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in linux (Ubuntu):
status: New → Confirmed
Revision history for this message
John Johansen (jjohansen) wrote :

I can confirm this issue also affects the manta kernel

Revision history for this message
John Johansen (jjohansen) wrote :

This bug is being caused by CONFIG_EXT3_FS_SECURITY being not set. Note that CONFIG_EXT3_FS_POSIX_ACL is also not set.

Tim Gardner (timg-tpi)
affects: linux (Ubuntu Trusty) → linux-mako (Ubuntu Trusty)
Changed in linux-mako (Ubuntu Trusty):
assignee: nobody → Tim Gardner (timg-tpi)
status: Confirmed → In Progress
Tim Gardner (timg-tpi)
Changed in linux-manta (Ubuntu Trusty):
assignee: nobody → Tim Gardner (timg-tpi)
status: New → In Progress
Changed in linux-mako (Ubuntu Trusty):
status: In Progress → Fix Committed
Tim Gardner (timg-tpi)
Changed in linux-manta (Ubuntu Trusty):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-mako - 3.4.0-5.27

---------------
linux-mako (3.4.0-5.27) trusty; urgency=low

  [ Tim Gardner ]

  * [Config] CONFIG_EXT3_FS_POSIX_ACL=y, CONFIG_EXT3_FS_SECURITY=y
    - LP: #1295948
 -- Tim Gardner <email address hidden> Sun, 23 Mar 2014 09:11:12 -0600

Changed in linux-mako (Ubuntu Trusty):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-manta - 3.4.0-6.25

---------------
linux-manta (3.4.0-6.25) trusty; urgency=low

  [ Tim Gardner ]

  * [Config] CONFIG_EXT3_FS_POSIX_ACL=y, CONFIG_EXT3_FS_SECURITY=y
    - LP: #1295948
 -- Tim Gardner <email address hidden> Sun, 23 Mar 2014 09:35:15 -0600

Changed in linux-manta (Ubuntu Trusty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.