| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Sep 2018 21:52:37 +0200 From: Fabio Coatti <fabio.coatti@...il.com> To: linux-kernel@...r.kernel.org Subject: posix acl issue Hi All, I'm seeing a weird behaviour wrt posix acl. Basically it seems that they are not working, even though ACLs are enabled for all the filesystems on my machine. attrs are working just fine for the same files. Example: > getfacl pippo # file: pippo # owner: cova # group: cova other::r-- > setfacl -m other::r-- pippo setfacl: pippo: Malformed access ACL `other::r--': Missing or wrong entry at entry 1 ============ also, udev uaccess rules are not applied and systemd-udevd spits out this message: (this is when inserting a yubikey) systemd-udevd[4921]: Failed to apply ACL on /dev/hidraw4: Invalid argument kernel ACL setup: ===== zcat /proc/config.gz | grep ACL CONFIG_EXT2_FS_POSIX_ACL=y CONFIG_EXT3_FS_POSIX_ACL=y CONFIG_EXT4_FS_POSIX_ACL=y CONFIG_XFS_POSIX_ACL=y CONFIG_BTRFS_FS_POSIX_ACL=y CONFIG_FS_POSIX_ACL=y CONFIG_TMPFS_POSIX_ACL=y CONFIG_JFFS2_FS_POSIX_ACL=y CONFIG_NFS_V3_ACL=y CONFIG_NFSD_V2_ACL=y CONFIG_NFSD_V3_ACL=y CONFIG_NFS_ACL_SUPPORT=m CONFIG_CIFS_ACL=y ======== attrs seems to be ok: > setfattr -n user.foo -v bar pippo > getfattr pippo # file: pippo user.foo ========= I tested this behaviour wit btrfs, tmpfs and ext4(ext2); dmesg reports that acl mount option is recognized : ======= EXT4-fs (dm-6): mounted filesystem with ordered data mode. Opts: acl ======= but mount output seems to tell something different: ========== /dev/mapper/vg0-test on /root/tt type ext4 (rw,relatime) ========== and proc tells something even different: ========== cat /proc/fs/ext4/dm-6/options rw bsddf nogrpid block_validity dioread_lock nodiscard delalloc nowarn_on_error journal_checksum barrier auto_da_alloc user_xattr acl noquota resuid=0 resgid=0 errors=continue commit=5 min_batch_time=0 max_batch_time=15000 stripe=0 data=ordered inode_readahead_blks=32 init_itable=10 max_dir_size_kb=0 ========== Kernel is 4.18.10, but I tried several kernels on 4.18 and 4.17 series, no changes. gcc 8.2.0 I'm running a gentoo machine, with vanilla sources so no external patches. I checked all possible kernel config options and whatnot without finding anything obvious. Likely I'm missing something obvious, but after several days diggin I got no clues, so I would be glad of any hint or suggestions about where to look. (please, keep me cc'ed in any answer). Many thanks for any help.
Powered by blists - more mailing lists