diff options
| author | Dmitry Chagin <dchagin@FreeBSD.org> | 2023-09-01 08:11:02 +0000 |
|---|---|---|
| committer | Dmitry Chagin <dchagin@FreeBSD.org> | 2023-09-11 11:59:38 +0000 |
| commit | bce9c2e34006dd70fb77a72f8cce1ead8a01db9e (patch) | |
| tree | 3c00450bae98c2ef9056b9ea8ba1cb8f139de1d7 | |
| parent | 0f35bf8b294e2c57ef0d9cd39f0f44e36cd4f7be (diff) | |
| download | src-bce9c2e34006dd70fb77a72f8cce1ead8a01db9e.tar.gz src-bce9c2e34006dd70fb77a72f8cce1ead8a01db9e.zip | |
linux(4): Return ENOTSUP from xattr syscalls instead of EPERM
FreeBSD does not permits manipulating extended attributes in the system
namespace by unprivileged accounts, even if account has appropriate
privileges to access filesystem object.
In Linux the system namespace is used to preserve posix acls. Some Gnu
coreutils binaries uses posix acls, eg, install, ls. And fails if we
unexpectedly return EPERM error from xattr system calls.
In the other hands, in Linux read and write access to the system
namespace depend on the policy implemented for each filesystem, so we'll
mimics we're a filesystem that prohibits this for unpriveleged accounts.
Reported by: zirias
Tested by: zirias
MFC after: 1 week
(cherry picked from commit 1bfc4574f78653e4b64ac9dd31518c96a17fe52b)
| -rw-r--r-- | sys/compat/linux/linux_xattr.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/sys/compat/linux/linux_xattr.c b/sys/compat/linux/linux_xattr.c index 2b46cf708c7d..74b47f1cbaec 100644 --- a/sys/compat/linux/linux_xattr.c +++ b/sys/compat/linux/linux_xattr.c @@ -88,6 +88,16 @@ static char *extattr_namespace_names[] = EXTATTR_NAMESPACE_NAMES; static int +error_to_xattrerror(int attrnamespace, int error) +{ + + if (attrnamespace == EXTATTR_NAMESPACE_SYSTEM && error == EPERM) + return (ENOTSUP); + else + return (error); +} + +static int xatrr_to_extattr(const char *uattrname, int *attrnamespace, char *attrname) { char uname[LINUX_XATTR_NAME_MAX + 1], *dot; @@ -188,7 +198,7 @@ listxattr(struct thread *td, struct listxattr_args *args) if (error == 0) td->td_retval[0] = cnt; free(data, M_LINUX); - return (error); + return (error_to_xattrerror(attrnamespace, error)); } int @@ -248,7 +258,7 @@ removexattr(struct thread *td, struct removexattr_args *args) else error = kern_extattr_delete_fd(td, args->fd, attrnamespace, attrname); - return (error); + return (error_to_xattrerror(attrnamespace, error)); } int @@ -392,7 +402,7 @@ setxattr(struct thread *td, struct setxattr_args *args) attrname, args->value, args->size); out: td->td_retval[0] = 0; - return (error); + return (error_to_xattrerror(attrnamespace, error)); } int |