Issues with UBIFS xattr support
Tim
timasyk at gmail.com
Thu Feb 5 18:21:06 EST 2009
2009/2/5 Artem Bityutskiy <dedekind at infradead.org>:
> On Thu, 2009-02-05 at 15:49 +0900, Tim wrote:
>> I found that UBIFS does not fully support xattr manipulation.
>
> This is right. We have very limited xattr support, which has never been
> tested well, because we do not use it.
>
> http://www.linux-mtd.infradead.org/doc/ubifs.html#L_xattr
>
>> I use security context files labeling (in SELinux) that heavily relies
>> on proper manipulation of xattr by the filesystem.
>> And issues are:
>> - ubifs does not store xattr in inode for symbolic link files;
>
> Hmm, ok, this should not be too difficult to fix.
>
>> - if new file is created on ubifs, xattr should be automatically
>> updated with security context label, but it does not.
>
> I'm very bad in security. Do you mean you need ACL support?
> This is not supported.
(I'm not good in filesystems, so sorry if I use some terms inappropriately)
No ACL is required, just security namespace in xattr.
When new file is created, then new inode should have proper contents
of xattr in security namespace. It is typically done by calling
security_inode_init_security() and updating xattr in a function
responsible for new inode creation. security_inode_init_security()
will take care on computing required value for xattr security
namespace for new inode.
Then security namespace will be fully supported, I think. And security
engineers will be happy to use ubifs with SELinux :)
>> Maybe there is a patch that fixes those issues already?
>
> Unfortunately not, you should find a sane SW engineer with a
> clue and he may upgrade UBIFS, it is doable. We would of course
> assist.
Oh... I will try to find one :)
Tim
More information about the linux-mtd
mailing list