The branch releng/14.0 has been updated by dchagin:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=108d330fe3a3e84ff86737a0ad6fa1de375023e8

commit 108d330fe3a3e84ff86737a0ad6fa1de375023e8
Author:     Dmitry Chagin <dcha...@freebsd.org>
AuthorDate: 2023-09-01 08:11:02 +0000
Commit:     Dmitry Chagin <dcha...@freebsd.org>
CommitDate: 2023-09-12 16:42:50 +0000

    linux(4): Return ENOTSUP from xattr syscalls instead of EPERM
    
    FreeBSD does not permits manipulating extended attributes in the system
    namespace by unprivileged accounts, even if account has appropriate
    privileges to access filesystem object.
    In Linux the system namespace is used to preserve posix acls. Some Gnu
    coreutils binaries uses posix acls, eg, install, ls.  And fails if we
    unexpectedly return EPERM error from xattr system calls.
    
    In the other hands, in Linux read and write access to the system
    namespace depend on the policy implemented for each filesystem, so we'll
    mimics we're a filesystem that prohibits this for unpriveleged accounts.
    
    Approved by:            re (gjb)
    Reported by:            zirias
    Tested by:              zirias
    MFC after:              1 week
    
    (cherry picked from commit 1bfc4574f78653e4b64ac9dd31518c96a17fe52b)
    (cherry picked from commit bce9c2e34006dd70fb77a72f8cce1ead8a01db9e)
---
 sys/compat/linux/linux_xattr.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/sys/compat/linux/linux_xattr.c b/sys/compat/linux/linux_xattr.c
index 2b46cf708c7d..74b47f1cbaec 100644
--- a/sys/compat/linux/linux_xattr.c
+++ b/sys/compat/linux/linux_xattr.c
@@ -87,6 +87,16 @@ struct removexattr_args {
 static char *extattr_namespace_names[] = EXTATTR_NAMESPACE_NAMES;
 
 
+static int
+error_to_xattrerror(int attrnamespace, int error)
+{
+
+       if (attrnamespace == EXTATTR_NAMESPACE_SYSTEM && error == EPERM)
+               return (ENOTSUP);
+       else
+               return (error);
+}
+
 static int
 xatrr_to_extattr(const char *uattrname, int *attrnamespace, char *attrname)
 {
@@ -188,7 +198,7 @@ listxattr(struct thread *td, struct listxattr_args *args)
        if (error == 0)
                td->td_retval[0] = cnt;
        free(data, M_LINUX);
-       return (error);
+       return (error_to_xattrerror(attrnamespace, error));
 }
 
 int
@@ -248,7 +258,7 @@ removexattr(struct thread *td, struct removexattr_args 
*args)
        else
                error = kern_extattr_delete_fd(td, args->fd, attrnamespace,
                    attrname);
-       return (error);
+       return (error_to_xattrerror(attrnamespace, error));
 }
 
 int
@@ -392,7 +402,7 @@ setxattr(struct thread *td, struct setxattr_args *args)
                    attrname, args->value, args->size);
 out:
        td->td_retval[0] = 0;
-       return (error);
+       return (error_to_xattrerror(attrnamespace, error));
 }
 
 int

Reply via email to