GNU bug report logs - #77597
coreutils 9.6: regression in handling security.selinux attribute for ls(1)

Previous Next

Full log

View this message in rfc822 format

From: Pádraig Brady <P <at> draigBrady.com>
To: Linux Kernel Mailing List <linux-kernel <at> vger.kernel.org>, linux-security-module <at> vger.kernel.org
Cc: 77597 <at> debbugs.gnu.org, Paul Eggert <eggert <at> CS.UCLA.EDU>, Rahul Sandhu <nvraxn <at> gmail.com>
Subject: bug#77597: listxattr() should return ENOTSUP for sysfs / tmpfs entries, not 0
Date: Wed, 23 Apr 2025 13:22:54 +0100

Older coreutils was less efficient and always called getxattr("security.selinux"),
and thus shows the SELinux context as expected:

  $ coreutils-9.3/src/ls -lZd /run/initramfs
  drwxr-xr-x. 3 root root system_u:object_r:tmpfs_t:s0 60 Apr 19 14:52 /run/initramfs
  $ coreutils-9.3/src/ls -lZd /sys/block
  drwxr-xr-x. 2 root root system_u:object_r:sysfs_t:s0 0 Apr 23 12:54 /sys/block

However newer coreutils is more efficient, and does not call getxattr()
if listxattr() returns 0 indicating that there are no xattrs.

  $ coreutils-9.7/src/ls -lZd /run/initramfs
  drwxr-xr-x 3 root root ? 60 Apr 19 14:52 /run/initramfs
  $ coreutils-9.7/src/ls -lZd /sys/block
  drwxr-xr-x 2 root root ? 0 Apr 23 12:54 /sys/block

I also noticed the same issue with the exa utility for example.
For coreutils to maintain efficient processing and to fix the issue centrally,
it would be more correct for listxattr() to return ENOTSUP,
in which case ls will try the getxattr() call and operate as expected.
Otherwise I can't see a way for coreutils to be both efficient and always correct.

I'm currently testing on kernel 6.14.2-300.fc42.x86_64

thanks,
Padraig

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.