From debbugs-submit-bounces@debbugs.gnu.org Mon Dec 09 15:10:40 2013 Received: (at submit) by debbugs.gnu.org; 9 Dec 2013 20:10:40 +0000 Received: from localhost ([127.0.0.1]:40630 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vq7A8-0004zS-DF for submit@debbugs.gnu.org; Mon, 09 Dec 2013 15:10:40 -0500 Received: from eggs.gnu.org ([208.118.235.92]:43019) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vq7A5-0004zK-Eg for submit@debbugs.gnu.org; Mon, 09 Dec 2013 15:10:37 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Vq79w-0000xD-KC for submit@debbugs.gnu.org; Mon, 09 Dec 2013 15:10:36 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_40 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:35700) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vq79w-0000x9-GH for submit@debbugs.gnu.org; Mon, 09 Dec 2013 15:10:28 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44729) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vq79q-0002dO-Am for bug-coreutils@gnu.org; Mon, 09 Dec 2013 15:10:28 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Vq79k-0000v9-BF for bug-coreutils@gnu.org; Mon, 09 Dec 2013 15:10:22 -0500 Received: from ishtar.tlinx.org ([173.164.175.65]:44098) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vq79k-0000cC-2u for bug-coreutils@gnu.org; Mon, 09 Dec 2013 15:10:16 -0500 Received: from [192.168.4.12] (Athenae [192.168.4.12]) by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id rB9K9vu1021191 for ; Mon, 9 Dec 2013 12:10:00 -0800 Message-ID: <52A62396.8080305@tlinx.org> Date: Mon, 09 Dec 2013 12:09:58 -0800 From: Linda Walsh User-Agent: Thunderbird MIME-Version: 1.0 To: bug-coreutils@gnu.org Subject: bug: cp/mv cannot copy/move a file's extended attrs if they start with 'security' Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by Ishtar.tlinx.org id rB9K9vu1021191 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x (no timestamps) [generic] X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) I saved a file to my home directory on linux via windows. I wanted to move it to /tmp. I got: > mv /home/law/tmp/oVars.pm /tmp mv: setting attribute =E2=80=98security.NTACL=E2=80=99 for =E2=80=98secur= ity.NTACL=E2=80=99: Operation=20 not permitted So what's up with this? Shouldn't the NTACL be able to be stored/moved=20 with the file? From debbugs-submit-bounces@debbugs.gnu.org Mon Dec 09 17:24:07 2013 Received: (at 16094-done) by debbugs.gnu.org; 9 Dec 2013 22:24:07 +0000 Received: from localhost ([127.0.0.1]:40852 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vq9FG-0008RB-JE for submit@debbugs.gnu.org; Mon, 09 Dec 2013 17:24:06 -0500 Received: from mx1.redhat.com ([209.132.183.28]:60557) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vq9FF-0008R3-22 for 16094-done@debbugs.gnu.org; Mon, 09 Dec 2013 17:24:05 -0500 Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rB9MO4lg014335 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 9 Dec 2013 17:24:04 -0500 Received: from [10.36.116.37] (ovpn-116-37.ams2.redhat.com [10.36.116.37]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id rB9MO1lQ018725 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 9 Dec 2013 17:24:03 -0500 Message-ID: <52A64301.1010704@draigBrady.com> Date: Mon, 09 Dec 2013 22:24:01 +0000 From: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: Linda Walsh Subject: Re: bug#16094: bug: cp/mv cannot copy/move a file's extended attrs if they start with 'security' References: <52A62396.8080305@tlinx.org> In-Reply-To: <52A62396.8080305@tlinx.org> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 16094-done Cc: 16094-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) tag 16094 notabug stop On 12/09/2013 08:09 PM, Linda Walsh wrote: > I saved a file to my home directory on linux via windows. > > I wanted to move it to /tmp. > > I got: >> mv /home/law/tmp/oVars.pm /tmp > mv: setting attribute ‘security.NTACL’ for ‘security.NTACL’: Operation not permitted > > So what's up with this? Shouldn't the NTACL be able to be stored/moved with the > file? This would be security policy enforced by the system I suspect. I.E. mv is not filtering these explicitly. thanks, Pádraig. From debbugs-submit-bounces@debbugs.gnu.org Mon Dec 09 18:15:25 2013 Received: (at 16094-done) by debbugs.gnu.org; 9 Dec 2013 23:15:25 +0000 Received: from localhost ([127.0.0.1]:40943 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VqA2u-0001Kj-TH for submit@debbugs.gnu.org; Mon, 09 Dec 2013 18:15:25 -0500 Received: from ishtar.tlinx.org ([173.164.175.65]:38406) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VqA2t-0001KZ-B1 for 16094-done@debbugs.gnu.org; Mon, 09 Dec 2013 18:15:24 -0500 Received: from [192.168.4.12] (Athenae [192.168.4.12]) by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id rB9NFJVg067616; Mon, 9 Dec 2013 15:15:22 -0800 Message-ID: <52A64F08.3070109@tlinx.org> Date: Mon, 09 Dec 2013 15:15:20 -0800 From: Linda Walsh User-Agent: Thunderbird MIME-Version: 1.0 To: Pádraig Brady , 16094-done@debbugs.gnu.org Subject: Re: bug#16094: bug: cp/mv cannot copy/move a file's extended attrs if they start with 'security' References: <52A62396.8080305@tlinx.org> <52A64301.1010704@draigBrady.com> In-Reply-To: <52A64301.1010704@draigBrady.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 16094-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) On 12/9/2013 2:24 PM, Pádraig Brady wrote: >> So what's up with this? Shouldn't the NTACL be able to be stored/moved with the >> file? > > This would be security policy enforced by the system I suspect. > I.E. mv is not filtering these explicitly. ---- Ideas as to how? I.e. Is it part of the gnu libraries? I only build the "standard linux security model" into my kernel, so unless it's a part of a fs driver or something, I'm fairly sure it is not coming from the kernel... From debbugs-submit-bounces@debbugs.gnu.org Tue Dec 10 03:52:32 2013 Received: (at 16094) by debbugs.gnu.org; 10 Dec 2013 08:52:32 +0000 Received: from localhost ([127.0.0.1]:41353 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VqJ3P-000858-Df for submit@debbugs.gnu.org; Tue, 10 Dec 2013 03:52:31 -0500 Received: from mx1.redhat.com ([209.132.183.28]:10127) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VqJ3M-00084v-Dt for 16094@debbugs.gnu.org; Tue, 10 Dec 2013 03:52:29 -0500 Received: from int-mx12.intmail.prod.int.phx2.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.25]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rBA8qP4o013536 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 10 Dec 2013 03:52:26 -0500 Received: from [10.36.116.98] (ovpn-116-98.ams2.redhat.com [10.36.116.98]) by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id rBA8qJxu020949 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Tue, 10 Dec 2013 03:52:24 -0500 Message-ID: <52A6D642.5000305@draigBrady.com> Date: Tue, 10 Dec 2013 08:52:18 +0000 From: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: Linda Walsh Subject: Re: bug#16094: bug: cp/mv cannot copy/move a file's extended attrs if they start with 'security' References: <52A62396.8080305@tlinx.org> <52A64301.1010704@draigBrady.com> <52A64F08.3070109@tlinx.org> In-Reply-To: <52A64F08.3070109@tlinx.org> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 16094 Cc: 16094@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) On 12/09/2013 11:15 PM, Linda Walsh wrote: > > > On 12/9/2013 2:24 PM, Pádraig Brady wrote: >>> So what's up with this? Shouldn't the NTACL be able to be stored/moved with the >>> file? >> >> This would be security policy enforced by the system I suspect. >> I.E. mv is not filtering these explicitly. > ---- > Ideas as to how? I.e. Is it part of the gnu libraries? > > I only build the "standard linux security model" into my kernel, so unless > it's a part of a fs driver or something, I'm fairly sure it is not > coming from the kernel... Note since you're writing to /tmp it might be an issue with tmpfs? Have a look at recent TMPFS_SECURITY and TMPFS_XATTR kernel options are enabled. Also there are acl mount options that might impact here too. thanks, Pádraig. From debbugs-submit-bounces@debbugs.gnu.org Tue Dec 10 19:09:13 2013 Received: (at 16094) by debbugs.gnu.org; 11 Dec 2013 00:09:13 +0000 Received: from localhost ([127.0.0.1]:42467 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VqXMW-0008Qz-I5 for submit@debbugs.gnu.org; Tue, 10 Dec 2013 19:09:12 -0500 Received: from ishtar.tlinx.org ([173.164.175.65]:48562) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VqXMU-0008Qq-8Y for 16094@debbugs.gnu.org; Tue, 10 Dec 2013 19:09:11 -0500 Received: from [192.168.4.12] (Athenae [192.168.4.12]) by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id rBB096la007466; Tue, 10 Dec 2013 16:09:08 -0800 Message-ID: <52A7AD23.7000001@tlinx.org> Date: Tue, 10 Dec 2013 16:09:07 -0800 From: Linda Walsh User-Agent: Thunderbird MIME-Version: 1.0 To: Pádraig Brady Subject: Re: bug#16094: bug: cp/mv cannot copy/move a file's extended attrs if they start with 'security' References: <52A62396.8080305@tlinx.org> <52A64301.1010704@draigBrady.com> <52A64F08.3070109@tlinx.org> <52A6D642.5000305@draigBrady.com> In-Reply-To: <52A6D642.5000305@draigBrady.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Score: -0.2 (/) X-Debbugs-Envelope-To: 16094 Cc: 16094@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.2 (/) On 12/10/2013 12:52 AM, Pádraig Brady wrote: > Note since you're writing to /tmp it might be an issue with tmpfs? ---- > df /tmp Filesystem Size Used Avail Use% Mounted on /dev/sdc2 7.8G 3.5G 4.4G 45% /tmp xfs_info /tmp meta-data=/dev/sdc2 isize=256 agcount=4, agsize=519101 blks = sectsz=512 attr=2 I don't think so... > Have a look at recent TMPFS_SECURITY and TMPFS_XATTR kernel options are enabled. > Also there are acl mount options that might impact here too. > zgrep TMPFS /proc/config.gz CONFIG_DEVTMPFS=y CONFIG_DEVTMPFS_MOUNT=y CONFIG_TMPFS=y CONFIG_TMPFS_POSIX_ACL=y CONFIG_TMPFS_XATTR=y They are enabled, but I don't think they are relevant since /tmp is a normal xfs file system in my case. Actually a it's a dir on /var named /var/rtmp that gets 'rbound' (rbind) to /tmp) so my root can remain relatively static. From debbugs-submit-bounces@debbugs.gnu.org Wed Dec 11 02:26:45 2013 Received: (at 16094) by debbugs.gnu.org; 11 Dec 2013 07:26:46 +0000 Received: from localhost ([127.0.0.1]:42722 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VqeBw-0003q0-HI for submit@debbugs.gnu.org; Wed, 11 Dec 2013 02:26:44 -0500 Received: from ishtar.tlinx.org ([173.164.175.65]:33104) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VqeBu-0003pr-1J for 16094@debbugs.gnu.org; Wed, 11 Dec 2013 02:26:42 -0500 Received: from [192.168.4.12] (Athenae [192.168.4.12]) by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id rBB7QbXh098450; Tue, 10 Dec 2013 23:26:39 -0800 Message-ID: <52A813AC.2020904@tlinx.org> Date: Tue, 10 Dec 2013 23:26:36 -0800 From: Linda Walsh User-Agent: Thunderbird MIME-Version: 1.0 To: Pádraig Brady Subject: Re: bug#16094: bug: cp/mv cannot copy/move a file's extended attrs if they start with 'security' References: <52A62396.8080305@tlinx.org> <52A64301.1010704@draigBrady.com> <52A64F08.3070109@tlinx.org> <52A6D642.5000305@draigBrady.com> <52A7AD23.7000001@tlinx.org> In-Reply-To: <52A7AD23.7000001@tlinx.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -0.2 (/) X-Debbugs-Envelope-To: 16094 Cc: 16094@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.2 (/) The claim is that only root can move 'security', but then why is there a namespace for 'root' separate from the 'user' namespace? Asked this on the xfs list. The thing that bugs me is that I've never seen this message before and I've had my Win7 client copying files to my linux disks all the time (all of my data is on linux). So I'm trying to figure out what changed. Seems like an easy way to strip off unwanted ACL's. Just use 'cp' (drops the NTACL with no error message), or use 'mv' to a different partition. What I'm wondering is if the posix acl's are also stored in the security namespace. Would make sense. If that was the case, they'd be stripped too. Can't read content of a file due to ACL? just move it to a different partition. That can't be right... From unknown Sat Aug 16 00:30:09 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Wed, 08 Jan 2014 12:24:06 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator