From: "Darrick J. Wong" <darrick.wong@oracle.com>
To: jeffm@suse.com
Cc: fstests@vger.kernel.org
Subject: Re: [PATCH] src/t_attr_corruption: use security.capability instead of security.evm
Date: Mon, 25 Feb 2019 15:26:29 -0800 [thread overview]
Message-ID: <20190225232629.GA7159@magnolia> (raw)
In-Reply-To: <20190225224744.GY6503@magnolia>
On Mon, Feb 25, 2019 at 02:47:44PM -0800, Darrick J. Wong wrote:
> On Mon, Feb 25, 2019 at 02:10:52PM -0500, jeffm@suse.com wrote:
> > From: Jeff Mahoney <jeffm@suse.com>
> >
> > src/t_attr_corruption uses the security.evm extended attribute because
> > it sorts before security.posix_acl_access. The security.evm attribute
> > is a formatted structure and when passed an uninitialized buffer, it
> > will fail with EPERM.
> >
> > We see test failures like:
> > --- tests/generic/529.out2019-02-21 13:22:47.583406922 -0500
> > +++ /opt/xfstests/results//generic/529.out.bad 2019-02-21 13:57:31.967406922 -0500
> > @@ -1,2 +1,2 @@
> > QA output created by 529
> > -list attr: Numerical result out of range
> > +set evm: Operation not permitted
> >
> > This patch uses security.capability which also sorts where it needs to
> > do for the test and also accepts an unformatted buffer.
> >
> > Signed-off-by: Jeff Mahoney <jeffm@suse.com>
> > ---
> > src/t_attr_corruption.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/src/t_attr_corruption.c b/src/t_attr_corruption.c
> > index f26611f9..0c229dbc 100644
> > --- a/src/t_attr_corruption.c
> > +++ b/src/t_attr_corruption.c
> > @@ -76,7 +76,7 @@ int main(int argc, char *argv[])
> > if (ret)
> > die("set posix acl");
> >
> > - ret = fsetxattr(fd, "security.evm", buf, 1, 1);
> > + ret = fsetxattr(fd, "security.capability", buf, 1, 1);
>
> This fails for me both with and without EVM configured into my kernel:
>
> fsetxattr(3, "security.capability", "\3", 1, XATTR_CREATE) = -1 EINVAL (Invalid argument)
>
> Judging from fs/xattr.c it looks as though security.capability also has
> a defined format that's parsed by security/commoncap.c...
And now that I've figured out how to reproduce the xfs bug without a
second attribute, NAK to this and I'll send a more complete fix shortly.
--D
> --D
>
> > if (ret)
> > die("set evm");
> >
> > --
> > 2.16.4
> >
next prev parent reply other threads:[~2019-02-25 23:26 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-25 19:10 [PATCH] src/t_attr_corruption: use security.capability instead of security.evm jeffm
2019-02-25 22:47 ` Darrick J. Wong
2019-02-25 23:26 ` Darrick J. Wong [this message]
2019-02-26 2:07 ` Xiao Yang
2019-02-26 3:33 ` Xiao Yang
2019-02-26 1:39 ` Jeff Mahoney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190225232629.GA7159@magnolia \
--to=darrick.wong@oracle.com \
--cc=fstests@vger.kernel.org \
--cc=jeffm@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.