[yocto] [pseudo][PATCH 1/1] Filter out erroneous POSIX ACLs
Anton Gerasimov
anton at advancedtelematic.com
Fri Feb 24 07:18:38 PST 2017
Hi Peter,
to reproduce the difference, you just need a kernel with POSIX ACL
enabled for your FS (e.g. CONFIG_FS_POSIX_ACL=y;
CONFIG_EXT4_FS_POSIX_ACL=y). The problem is that 'cp -a' when copying a
directory without any ACLs attached will for whatever reason try to
assign an empty posix_acl_default list to the target directory. Linux
kernel will always filter it out, but pseudo just creates empty list.
Later in the build process, when bootable image is created, it will
instantiate a directory with empty posix_acl_default list on the
bootable media. When you will try to perform certain operations on such
directory (e.g. creating another directory inside it), kernel, namely
ext4_get_acl, if I resemble correctly, will return EINVAL error, so the
resulting filesystem will be effectively broken in many ways.
There is an issue [1] in Automotive Grade Linux Jira with an example of
erroneous behaviour. The tricky part of it is that the error itself can
not be reproduced easily: although I have one kernel config of a machine
that makes broken images, I couldn't repeat it on later kernel versions.
But the setfattr/getfattr behaviour difference that causes that error
can be reproduced quite easily on any kernel with ACLs enabled.
[1] (Starting with Jan-Simon Moeller's comment on 26th of October)
https://jira.automotivelinux.org/browse/SPEC-254?focusedCommentId=11313&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-11313
On 02/24/2017 04:05 PM, Seebs wrote:
> On Fri, 24 Feb 2017 15:48:15 +0100
> anton at advancedtelematic.com wrote:
>
>> From: Anton Gerasimov <anton at advancedtelematic.com>
>>
>> The difference between what we see in pseudo and what happens without
>> pseudo can be seen by typing:
>>
>> mkdir setfattr-test
>> setfattr -n system.posix_acl_default -v 0x02000000 setfattr-test
>> getfattr -n system.posix_acl_default setfattr-test
>>
>> Under some kernel configurations this difference leads to annoying
>> errors, e.g. directories copied with 'cp -a' get broken in a fancy
>> way.
> Can you expand on this? What is happening to make the "erroneous" ACLs?
> What kernel configurations?
>
> -s
--
Anton Gerasimov, ATS Advanced Telematic Systems GmbH
Kantstrasse 162, 10623 Berlin
Managing Directors: Dirk Pöschl, Armin G. Schmidt
Register Court: HRB 151501 B, Amtsgericht Charlottenburg
More information about the yocto
mailing list