How to deal with Extended Attributes of "security.capability" and/or "system.posix_acl_access"?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

How to deal with Extended Attributes of "security.capability" and/or "system.posix_acl_access"?

Ying LEE
I have implemented the getxattr API of Libfuse. It seems everything worked well, but I met:

===============================================================
# ls -l
ls: d: Operation not permitted
-rw-rw-rw-. 1 root root 32 Jan  1 13:07 d
=============================================================== 
 
I checked the debug information of Libfuse as the following:
===============================================================  
LOOKUP /d
getattr /d
   NODEID: 4
   unique: 484, success, outsize: 144
unique: 485, opcode: GETXATTR (22), nodeid: 4, insize: 68, pid: 5312
getxattr /d security.capability 20
   unique: 485, error: -1 (Operation not permitted), outsize: 16
unique: 486, opcode: GETXATTR (22), nodeid: 4, insize: 72, pid: 5312
getxattr /d system.posix_acl_access 0
   unique: 486, error: -1 (Operation not permitted), outsize: 16
unique: 487, opcode: LOOKUP (1), nodeid: 1, insize: 49, pid: 5312
=============================================================== 
 
It seems I should return value for xattr of "security.capability" and/or "system.posix_acl_access", even I didn't intend to store them. But I couldn't find reference to do so.

Please share your idea.

Thank you in advance,
Ying
--

Regards,

Mr. Ying LEE
----------------------------------------------------------
Remember. Let go. Move on.

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
--
fuse-devel mailing list
To unsubscribe or subscribe, visit https://lists.sourceforge.net/lists/listinfo/fuse-devel
Reply | Threaded
Open this post in threaded view
|

Re: How to deal with Extended Attributes of "security.capability" and/or "system.posix_acl_access"?

Michael Theall-2
You can return ENOATTR instead of EPERM. This will tell the caller that these attributes don't exist.

Regards,
Michael Theall

On Mon, Jan 9, 2017 at 6:29 PM Ying LEE <[hidden email]> wrote:
I have implemented the getxattr API of Libfuse. It seems everything worked well, but I met:

===============================================================
# ls -l
ls: d: Operation not permitted
-rw-rw-rw-. 1 root root 32 Jan  1 13:07 d
=============================================================== 
 
I checked the debug information of Libfuse as the following:
===============================================================  
LOOKUP /d
getattr /d
   NODEID: 4
   unique: 484, success, outsize: 144
unique: 485, opcode: GETXATTR (22), nodeid: 4, insize: 68, pid: 5312
getxattr /d security.capability 20
   unique: 485, error: -1 (Operation not permitted), outsize: 16
unique: 486, opcode: GETXATTR (22), nodeid: 4, insize: 72, pid: 5312
getxattr /d system.posix_acl_access 0
   unique: 486, error: -1 (Operation not permitted), outsize: 16
unique: 487, opcode: LOOKUP (1), nodeid: 1, insize: 49, pid: 5312
=============================================================== 
 
It seems I should return value for xattr of "security.capability" and/or "system.posix_acl_access", even I didn't intend to store them. But I couldn't find reference to do so.

Please share your idea.

Thank you in advance,
Ying
--

Regards,

Mr. Ying LEE
----------------------------------------------------------
Remember. Let go. Move on.
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi--
fuse-devel mailing list
To unsubscribe or subscribe, visit https://lists.sourceforge.net/lists/listinfo/fuse-devel

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
--
fuse-devel mailing list
To unsubscribe or subscribe, visit https://lists.sourceforge.net/lists/listinfo/fuse-devel
Reply | Threaded
Open this post in threaded view
|

Re: How to deal with Extended Attributes of "security.capability" and/or "system.posix_acl_access"?

Nikolaus Rath
In reply to this post by Ying LEE
On Jan 10 2017, Ying LEE <[hidden email]> wrote:

> I have implemented the getxattr API of Libfuse. It seems everything worked
> well, but I met:
>
> ===============================================================
> *# ls -l*
>
> *ls: d: Operation not permitted*
> *-rw-rw-rw-. 1 root root 32 Jan  1 13:07 d*
> ===============================================================
>
> I checked the debug information of Libfuse as the following:
> ===============================================================
> *LOOKUP /d*
> *getattr /d*
> *   NODEID: 4*
> *   unique: 484, success, outsize: 144*
> *unique: 485, opcode: GETXATTR (22), nodeid: 4, insize: 68, pid: 5312*
> *getxattr /d security.capability 20*
> *   unique: 485, error: -1 (Operation not permitted), outsize: 16*
> *unique: 486, opcode: GETXATTR (22), nodeid: 4, insize: 72, pid: 5312*
> *getxattr /d system.posix_acl_access 0*
> *   unique: 486, error: -1 (Operation not permitted), outsize: 16*
> *unique: 487, opcode: LOOKUP (1), nodeid: 1, insize: 49, pid: 5312*
> ===============================================================
>
> It seems I should return value for xattr of "security.capability" and/or
> "system.posix_acl_access", even I didn't intend to store them. But I
> couldn't find reference to do so.
>
> Please share your idea.

If these attributes don't exist, you need to return ENOATTR, not EPERM.


Best,
-Nikolaus

--
GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F
Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F

             »Time flies like an arrow, fruit flies like a Banana.«

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
--
fuse-devel mailing list
To unsubscribe or subscribe, visit https://lists.sourceforge.net/lists/listinfo/fuse-devel
Reply | Threaded
Open this post in threaded view
|

Re: How to deal with Extended Attributes of "security.capability" and/or "system.posix_acl_access"?

Ying LEE
In reply to this post by Michael Theall-2
In my OS (CentOS 7), I couldn't find an include file which defines ENOATTR. Some document said I should return -ENODATA on Linux platform. I did and the problem was solved. 

Thank you very much.



On Wed, Jan 11, 2017 at 1:45 AM Michael Theall <[hidden email]> wrote:
You can return ENOATTR instead of EPERM. This will tell the caller that these attributes don't exist.

Regards,
Michael Theall

On Mon, Jan 9, 2017 at 6:29 PM Ying LEE <[hidden email]> wrote:
I have implemented the getxattr API of Libfuse. It seems everything worked well, but I met:

===============================================================
# ls -l
ls: d: Operation not permitted
-rw-rw-rw-. 1 root root 32 Jan  1 13:07 d
=============================================================== 
 
I checked the debug information of Libfuse as the following:
===============================================================  
LOOKUP /d
getattr /d
   NODEID: 4
   unique: 484, success, outsize: 144
unique: 485, opcode: GETXATTR (22), nodeid: 4, insize: 68, pid: 5312
getxattr /d security.capability 20
   unique: 485, error: -1 (Operation not permitted), outsize: 16
unique: 486, opcode: GETXATTR (22), nodeid: 4, insize: 72, pid: 5312
getxattr /d system.posix_acl_access 0
   unique: 486, error: -1 (Operation not permitted), outsize: 16
unique: 487, opcode: LOOKUP (1), nodeid: 1, insize: 49, pid: 5312
=============================================================== 
 
It seems I should return value for xattr of "security.capability" and/or "system.posix_acl_access", even I didn't intend to store them. But I couldn't find reference to do so.

Please share your idea.

Thank you in advance,
Ying
--

Regards,

Mr. Ying LEE
----------------------------------------------------------
Remember. Let go. Move on.
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi--
fuse-devel mailing list
To unsubscribe or subscribe, visit https://lists.sourceforge.net/lists/listinfo/fuse-devel
--

Regards,

Mr. Ying LEE
----------------------------------------------------------
Remember. Let go. Move on.

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
--
fuse-devel mailing list
To unsubscribe or subscribe, visit https://lists.sourceforge.net/lists/listinfo/fuse-devel
Reply | Threaded
Open this post in threaded view
|

Re: How to deal with Extended Attributes of "security.capability" and/or "system.posix_acl_access"?

Michael Theall-2
ENOATTR is defined in attr/xattr.h from the libattr-devel package. It has the same value as ENODATA.

/usr/include/attr/xattr.h:# define ENOATTR ENODATA        /* No such attribute */

Regards,
Michael Theall

On Thu, Jan 12, 2017 at 8:24 AM Ying LEE <[hidden email]> wrote:
In my OS (CentOS 7), I couldn't find an include file which defines ENOATTR. Some document said I should return -ENODATA on Linux platform. I did and the problem was solved. 

Thank you very much.



On Wed, Jan 11, 2017 at 1:45 AM Michael Theall <[hidden email]> wrote:
You can return ENOATTR instead of EPERM. This will tell the caller that these attributes don't exist.

Regards,
Michael Theall

On Mon, Jan 9, 2017 at 6:29 PM Ying LEE <[hidden email]> wrote:
I have implemented the getxattr API of Libfuse. It seems everything worked well, but I met:

===============================================================
# ls -l
ls: d: Operation not permitted
-rw-rw-rw-. 1 root root 32 Jan  1 13:07 d
=============================================================== 
 
I checked the debug information of Libfuse as the following:
===============================================================  
LOOKUP /d
getattr /d
   NODEID: 4
   unique: 484, success, outsize: 144
unique: 485, opcode: GETXATTR (22), nodeid: 4, insize: 68, pid: 5312
getxattr /d security.capability 20
   unique: 485, error: -1 (Operation not permitted), outsize: 16
unique: 486, opcode: GETXATTR (22), nodeid: 4, insize: 72, pid: 5312
getxattr /d system.posix_acl_access 0
   unique: 486, error: -1 (Operation not permitted), outsize: 16
unique: 487, opcode: LOOKUP (1), nodeid: 1, insize: 49, pid: 5312
=============================================================== 
 
It seems I should return value for xattr of "security.capability" and/or "system.posix_acl_access", even I didn't intend to store them. But I couldn't find reference to do so.

Please share your idea.

Thank you in advance,
Ying
--

Regards,

Mr. Ying LEE
----------------------------------------------------------
Remember. Let go. Move on.
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi--
fuse-devel mailing list
To unsubscribe or subscribe, visit https://lists.sourceforge.net/lists/listinfo/fuse-devel
--

Regards,

Mr. Ying LEE
----------------------------------------------------------
Remember. Let go. Move on.

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
--
fuse-devel mailing list
To unsubscribe or subscribe, visit https://lists.sourceforge.net/lists/listinfo/fuse-devel
Reply | Threaded
Open this post in threaded view
|

Re: How to deal with Extended Attributes of "security.capability" and/or "system.posix_acl_access"?

Ying LEE
Thank you for the clarification. 

Following your suggestion, I installed the libattr-devel package and  improved the code and it works perfectly now.

Thank you,

On Fri, Jan 13, 2017 at 12:11 AM Michael Theall <[hidden email]> wrote:
ENOATTR is defined in attr/xattr.h from the libattr-devel package. It has the same value as ENODATA.

/usr/include/attr/xattr.h:# define ENOATTR ENODATA        /* No such attribute */

Regards,
Michael Theall

On Thu, Jan 12, 2017 at 8:24 AM Ying LEE <[hidden email]> wrote:
In my OS (CentOS 7), I couldn't find an include file which defines ENOATTR. Some document said I should return -ENODATA on Linux platform. I did and the problem was solved. 

Thank you very much.



On Wed, Jan 11, 2017 at 1:45 AM Michael Theall <[hidden email]> wrote:
You can return ENOATTR instead of EPERM. This will tell the caller that these attributes don't exist.

Regards,
Michael Theall

On Mon, Jan 9, 2017 at 6:29 PM Ying LEE <[hidden email]> wrote:
I have implemented the getxattr API of Libfuse. It seems everything worked well, but I met:

===============================================================
# ls -l
ls: d: Operation not permitted
-rw-rw-rw-. 1 root root 32 Jan  1 13:07 d
=============================================================== 
 
I checked the debug information of Libfuse as the following:
===============================================================  
LOOKUP /d
getattr /d
   NODEID: 4
   unique: 484, success, outsize: 144
unique: 485, opcode: GETXATTR (22), nodeid: 4, insize: 68, pid: 5312
getxattr /d security.capability 20
   unique: 485, error: -1 (Operation not permitted), outsize: 16
unique: 486, opcode: GETXATTR (22), nodeid: 4, insize: 72, pid: 5312
getxattr /d system.posix_acl_access 0
   unique: 486, error: -1 (Operation not permitted), outsize: 16
unique: 487, opcode: LOOKUP (1), nodeid: 1, insize: 49, pid: 5312
=============================================================== 
 
It seems I should return value for xattr of "security.capability" and/or "system.posix_acl_access", even I didn't intend to store them. But I couldn't find reference to do so.

Please share your idea.

Thank you in advance,
Ying
--

Regards,

Mr. Ying LEE
----------------------------------------------------------
Remember. Let go. Move on.
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi--
fuse-devel mailing list
To unsubscribe or subscribe, visit https://lists.sourceforge.net/lists/listinfo/fuse-devel
--

Regards,

Mr. Ying LEE
----------------------------------------------------------
Remember. Let go. Move on.
--

Regards,

Mr. Ying LEE
----------------------------------------------------------
Remember. Let go. Move on.

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
--
fuse-devel mailing list
To unsubscribe or subscribe, visit https://lists.sourceforge.net/lists/listinfo/fuse-devel