I've CC'd linux-nfs in case anyone there has some insight
as to why listxattr() is more restrictive on NFS than locally,
returning EACCES for files without read access. Details below...
On 09/01/2025 04:55, Paul Eggert wrote:
Thanks, but is this part of the change needed?
+ else if (f->acl_type == ACL_T_UNKNOWN)
+ modebuf[10] = '?';
I thought modebuf[10] was already '?' at that point.
Only if the stat() failed, which is not the case here.
Note it's worth mentioning that over NFS with unreadable files
you can GET the security.selinux xattr, but you can't LIST any xattrs:
$ strace -e trace=/.*xattr.* attr -S -g selinux /mnt/nfs/file
lgetxattr("/mnt/nfs/file", "security.selinux", "system_u:object_r:nfs_t:s0",
65536) = 27
Attribute "selinux" had a 27 byte value for /mnt/nfs/file:
system_u:object_r:nfs_t:s0
+++ exited with 0 +++
$ strace -e trace=/.*xattr.* attr -S -l /mnt/nfs/file
llistxattr("/mnt/nfs/file", 0x7ffc92de48a0, 65536) = -1 EACCES (Permission
denied)
attr_list: Permission denied
Could not list /mnt/nfs/file
Also there was a change since coreutils v9.5 where we don't call the GET,
whereas coreutils 9.5 did call lgetxattr() and thus showed the correct (.) flag
(albeit with the problematic warning):
$ strace -e trace=/.*xattr.* src/ls -l /mnt/nfs/file
llistxattr("/mnt/nfs/file", 0x7ffe1e5b7b6c, 152) = -1 EACCES (Permission
denied)
--w-------? 1 padraig padraig 0 Jan 8 20:42 /mnt/nfs/file
+++ exited with 0 +++
$ strace -e trace=/.*xattr.* ls-v9.5 -l /mnt/nfs/file
lgetxattr("/mnt/nfs/file", "security.selinux", "system_u:object_r:nfs_t:s0",
255) = 27
listxattr("/mnt/nfs/file", 0x7ffd58023810, 152) = -1 EACCES (Permission
denied)
ls: /mnt/nfs/file: Permission denied
--w-------. 1 padraig padraig 0 Jan 8 20:42 /mnt/nfs/file
+++ exited with 0 +++
So perhaps we should also always call lgetxattr("security.selinux"),
or at least fall back to that upon EACCES from listxattr() ?
cheers,
Pádraig
