lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 7 Oct 2015 07:28:02 -0700
From:	Prasad Koya <prasad.koya@...il.com>
To:	Andreas Gruenbacher <agruenba@...hat.com>,
	linux-fsdevel@...r.kernel.org
Cc:	Alexander Viro <viro@...iv.linux.org.uk>,
	Christoph Hellwig <hch@...radead.org>,
	LKML <linux-kernel@...r.kernel.org>,
	Phillip Lougher <phillip@...ashfs.org.uk>
Subject: unsquashfs not preserving file capabilities

Hi

Not sure if there is a mailing list for squashfs-tools.

I'm not seeing xattrs after unsquashing. This is how we are using:

1. Install all of our RPMs with some root dir (rpm --root xyz)

2. mksquashfs of xyz. (-comp xz -Xbcj x86).

3. To update an rpm in image, we first unsquash  the fs made in step 2
with unsquashfs. Say this is dir xyz2, then do 'rpm --root xyz2 -U
changed.rpm'

Right after unsquashing in step 3, I don't see capabilities on, say, ping.


after first mksquashfs ie., installing all RPMs fresh:

bash% getfattr -n security.capability rootfs/usr/bin/ping
# file: usr/bin/ping
security.capability=0sAQAAAgAwAAAAAAAAAAAAAAAAAAA=

bash% getcap rootfs/usr/bin/ping
usr/bin/ping = cap_net_admin,cap_net_raw+ep


after unsquashfs:

bash% getfattr -n security.capability
/tmp/extracted/unsquashed/usr/bin/ping
/tmp/extracted/unsquashed/usr/bin/ping: security.capability: No such attribute

bash% getcap /tmp/extracted/unsquashed/usr/bin/ping
bash%

I explicitly specify '-xattrs' for both mksquashfs and unsquashfs. Is
this known issue?

thank you.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ