From: Artem Bityutskiy <dedekind@infradead.org>
To: Tim <timasyk@gmail.com>
Cc: mtd <linux-mtd@lists.infradead.org>
Subject: Re: Issues with UBIFS xattr support
Date: Fri, 06 Feb 2009 09:39:52 +0200 [thread overview]
Message-ID: <1233905992.17790.19.camel@localhost.localdomain> (raw)
In-Reply-To: <a5e2b64d0902051521p146eef06lc2076b290f924b62@mail.gmail.com>
On Fri, 2009-02-06 at 08:21 +0900, Tim wrote:
> 2009/2/5 Artem Bityutskiy <dedekind@infradead.org>:
> > On Thu, 2009-02-05 at 15:49 +0900, Tim wrote:
> >> I found that UBIFS does not fully support xattr manipulation.
> >
> > This is right. We have very limited xattr support, which has never been
> > tested well, because we do not use it.
> >
> > http://www.linux-mtd.infradead.org/doc/ubifs.html#L_xattr
> >
> >> I use security context files labeling (in SELinux) that heavily relies
> >> on proper manipulation of xattr by the filesystem.
> >> And issues are:
> >> - ubifs does not store xattr in inode for symbolic link files;
> >
> > Hmm, ok, this should not be too difficult to fix.
> >
> >> - if new file is created on ubifs, xattr should be automatically
> >> updated with security context label, but it does not.
> >
> > I'm very bad in security. Do you mean you need ACL support?
> > This is not supported.
> (I'm not good in filesystems, so sorry if I use some terms inappropriately)
> No ACL is required, just security namespace in xattr.
OK, then thinks must be much simpler.
> When new file is created, then new inode should have proper contents
> of xattr in security namespace. It is typically done by calling
> security_inode_init_security() and updating xattr in a function
> responsible for new inode creation. security_inode_init_security()
> will take care on computing required value for xattr security
> namespace for new inode.
OK, this should be easy to add. I'm not sure I have time to do this now,
though. But you may try to do this yourself, should not be very
difficult.
And the "security." namespace seems to be supported. Although
it might be not fully supported. I mean, I tested reading, writing,
changing xattrs - this works. But some security namespace-specific
things might be missing.
--
Best regards,
Artem Bityutskiy (Битюцкий Артём)
next prev parent reply other threads:[~2009-02-06 7:40 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-05 6:49 Issues with UBIFS xattr support Tim
2009-02-05 9:30 ` Artem Bityutskiy
2009-02-05 23:21 ` Tim
2009-02-06 7:39 ` Artem Bityutskiy [this message]
[not found] ` <a5e2b64d0902112248x6fa8b0f2w65ee131086e87bfd@mail.gmail.com>
[not found] ` <1234427114.17790.139.camel@localhost.localdomain>
2009-02-12 23:03 ` Tim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1233905992.17790.19.camel@localhost.localdomain \
--to=dedekind@infradead.org \
--cc=linux-mtd@lists.infradead.org \
--cc=timasyk@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox