> Fwiw, I think you need index=on enabled for origin xattrs to be set. Did try that, no difference. Anyway I probably just need to take a closer look at what exact operations are done under /etc/rc*.d when disabling a service... I'm sure I'm missing something obvious.
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1998602 Title: overlay writing user.* xattrs on symlinks Status in linux package in Ubuntu: Incomplete Bug description: This was reported (and worked around) in https://github.com/project- stacker/stacker/pull/333. The kernel does not allow user.* xattrs on a symlink. However, on 5.15.0-53-generic and 5.19.0-21-generic, but not on the ubuntu mainline build (6.1.0-060100rc5-generic), an unprivileged program can cause such xattrs to be created. Once they're there, userspace (i.e. setfattr) cannot remove them since the kernel says they can't exist - but listxattr shows them. I've failed so far in setting up a simpler reproducer, so I'll begin by reporting the full reproducer. Download 'stacker' from https://github.com/project- stacker/stacker/releases/download/v0.22.1/stacker . Create a stacker.yaml config file: cat > stacker.yaml << EOF pxe-server-base: from: type: docker url: docker://ubuntu:jammy run: | apt-get update apt-get -y install dnsmasq systemd sb-pxe-server: from: type: built tag: pxe-server-base run: | systemctl disable dnsmasq EOF and run 'stacker build'. It will end with: Executing: /lib/systemd/systemd-sysv-install disable dnsmasq Removed /etc/systemd/system/multi-user.target.wants/dnsmasq.service. error: /home/ubuntu/build2/roots/sb-pxe-server/overlay/etc/rc2.d/K01dnsmasq: failed to remove attr user.overlay.origin: xattr.LRemove /home/ubuntu/build2/roots/sb-pxe-server/overlay/etc/rc2.d/K01dnsmasq user.overlay.origin: operation not permitted error: exit status 1 You'll subsequently see that ./roots/sb-pxe- server/overlay/etc/rc2.d/K01dnsmasq is a symbolic link with user.overlay.origin xattr (per llistxatr), though you can't read the contents or delete it. I had thought I should be able to reproduce it by mounting (in an unprivileged user+mountns) an overlayfs where the underlay has, say, "/etc/rc2.d/K" symlink, then rename K to S (as i assume the 'systemctl disable dnsmasq is doing), but that did not work for me. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1998602/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
