Re: unsquashfs not preserving file capabilities

From: Prasad Koya
Date: Wed Oct 07 2015 - 23:29:31 EST

Next message: Roger Tseng: "Re: [PATCH RESEND] rtsx_usb_ms: Use msleep_interruptible() in polling loop"
Previous message: kernel test robot: "[lkp] [nfs] 048883e0b9: No primary result change, -70.4% fsmark.time.involuntary_context_switches"
In reply to: Prasad Koya: "unsquashfs not preserving file capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi

Debugged this with traces enabled. Turns out that unsquashfs *is*
setting xattrs with lsetxattr() but soon after returning from
write_xattr(), it calls chown() and that is removing the xattrs on
file.

Please take a look at this patch below, which calls chown() only if
uid/gid of file is different to what is passed in set_attributes().
I'm not that familiar with this code.

thank you

bash% diff -u /bld/squashfs-tools/unsquashfs.c unsquashfs.c

--- /bld/squashfs-tools/unsquashfs.c 2015-10-07 20:22:22.657129963 -0700

+++ unsquashfs.c 2015-10-07 20:21:06.070143018 -0700

@@ -700,12 +700,21 @@

}

if(root_process) {

- if(chown(pathname, uid, guid) == -1) {

- ERROR("set_attributes: failed to change uid and gids "

- "on %s, because %s\n", pathname,

- strerror(errno));

+ struct stat sbuf;

+ int x = stat(pathname, &sbuf);

+ if (x != 0) {

+ ERROR("set_attributes: stat(%s) failed. errno %d\n",

+ pathname, errno);

return FALSE;

}

+ if(uid != sbuf.st_uid || guid != sbuf.st_gid) {

+ if(chown(pathname, uid, guid) == -1) {

+ ERROR("set_attributes: failed to change "

+ "uid and gids on %s, because %s\n", pathname,

+ strerror(errno));

+ return FALSE;

+ }

+ }

} else

mode &= ~07000;

bash%

On Wed, Oct 7, 2015 at 7:28 AM, Prasad Koya <prasad.koya@xxxxxxxxx> wrote:
> Hi
>
> Not sure if there is a mailing list for squashfs-tools.
>
> I'm not seeing xattrs after unsquashing. This is how we are using:
>
> 1. Install all of our RPMs with some root dir (rpm --root xyz)
>
> 2. mksquashfs of xyz. (-comp xz -Xbcj x86).
>
> 3. To update an rpm in image, we first unsquash the fs made in step 2
> with unsquashfs. Say this is dir xyz2, then do 'rpm --root xyz2 -U
> changed.rpm'
>
> Right after unsquashing in step 3, I don't see capabilities on, say, ping.
>
>
> after first mksquashfs ie., installing all RPMs fresh:
>
> bash% getfattr -n security.capability rootfs/usr/bin/ping
> # file: usr/bin/ping
> security.capability=0sAQAAAgAwAAAAAAAAAAAAAAAAAAA=
>
> bash% getcap rootfs/usr/bin/ping
> usr/bin/ping = cap_net_admin,cap_net_raw+ep
>
>
> after unsquashfs:
>
> bash% getfattr -n security.capability
> /tmp/extracted/unsquashed/usr/bin/ping
> /tmp/extracted/unsquashed/usr/bin/ping: security.capability: No such attribute
>
> bash% getcap /tmp/extracted/unsquashed/usr/bin/ping
> bash%
>
> I explicitly specify '-xattrs' for both mksquashfs and unsquashfs. Is
> this known issue?
>
> thank you.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Roger Tseng: "Re: [PATCH RESEND] rtsx_usb_ms: Use msleep_interruptible() in polling loop"
Previous message: kernel test robot: "[lkp] [nfs] 048883e0b9: No primary result change, -70.4% fsmark.time.involuntary_context_switches"
In reply to: Prasad Koya: "unsquashfs not preserving file capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]