Gleb Popov
2021-04-27 08:41:16 UTC
Hello hackers.
I'm trying to implement Linux acl_extended_file() function [1] within our
libc. On Linux this function is implemented via getxattr, a function that
reads extended attributes from the file [2][3]
My implementation follows the Linux one:
int
acl_extended_file_np(const char *path_p)
{
return _acl_extended_file(extattr_get_file, path_p);
}
int _acl_extended_file(getattr_func f, const char* path_p)
{
int base_size = 9999; // figure out this later
int retval;
retval = f(path_p, POSIX1E_ACL_ACCESS_EXTATTR_NAMESPACE,
POSIX1E_ACL_ACCESS_EXTATTR_NAME, NULL, 0);
printf("Retval1: %d\n", retval);
if (retval < 0 && errno != ENOATTR)
return -1;
if (retval > base_size)
return 1;
retval = f(path_p, POSIX1E_ACL_DEFAULT_EXTATTR_NAMESPACE,
POSIX1E_ACL_DEFAULT_EXTATTR_NAME, NULL, 0);
printf("Retval2: %d\n", retval);
if (retval < 0 && errno != ENOATTR)
return -1;
if (retval > base_size)
return 1;
return 0;
}
However, when I tried to use it, I stumbled upon following differences:
- It requires root permissions to operate. I guess this is because it tries
to look at "system" extattr namespace.
- It doesn't work anyways due to "Attribute not found" error.
And indeed, the same behavior can be seen when using command line tools.
On Linux:
$ setfacl -m u:someuser:rwx somefile
$ getfattr -d -m - somefile
system.posix_acl_access=<mangled ACL data>
On FreeBSD:
$ setfacl -m u:someuser:rwx:allow somefile
$ sudo getextattr system posix1e.acl_access somefile
failed: Attribute not found
I guess that FreeBSD behaviour is actually not a bug and libacl just uses
some internal knowledge about how ACL/xattr is implemented on Linux. If
this is correct, how should I approach implementing this function on
FreeBSD?
Thanks in advance.
[1] https://linux.die.net/man/3/acl_extended_file
[2]
http://git.savannah.nongnu.org/cgit/acl.git/tree/libacl/acl_extended_file.c
[3]
http://git.savannah.nongnu.org/cgit/acl.git/tree/libacl/__acl_extended_file.c
I'm trying to implement Linux acl_extended_file() function [1] within our
libc. On Linux this function is implemented via getxattr, a function that
reads extended attributes from the file [2][3]
My implementation follows the Linux one:
int
acl_extended_file_np(const char *path_p)
{
return _acl_extended_file(extattr_get_file, path_p);
}
int _acl_extended_file(getattr_func f, const char* path_p)
{
int base_size = 9999; // figure out this later
int retval;
retval = f(path_p, POSIX1E_ACL_ACCESS_EXTATTR_NAMESPACE,
POSIX1E_ACL_ACCESS_EXTATTR_NAME, NULL, 0);
printf("Retval1: %d\n", retval);
if (retval < 0 && errno != ENOATTR)
return -1;
if (retval > base_size)
return 1;
retval = f(path_p, POSIX1E_ACL_DEFAULT_EXTATTR_NAMESPACE,
POSIX1E_ACL_DEFAULT_EXTATTR_NAME, NULL, 0);
printf("Retval2: %d\n", retval);
if (retval < 0 && errno != ENOATTR)
return -1;
if (retval > base_size)
return 1;
return 0;
}
However, when I tried to use it, I stumbled upon following differences:
- It requires root permissions to operate. I guess this is because it tries
to look at "system" extattr namespace.
- It doesn't work anyways due to "Attribute not found" error.
And indeed, the same behavior can be seen when using command line tools.
On Linux:
$ setfacl -m u:someuser:rwx somefile
$ getfattr -d -m - somefile
system.posix_acl_access=<mangled ACL data>
On FreeBSD:
$ setfacl -m u:someuser:rwx:allow somefile
$ sudo getextattr system posix1e.acl_access somefile
failed: Attribute not found
I guess that FreeBSD behaviour is actually not a bug and libacl just uses
some internal knowledge about how ACL/xattr is implemented on Linux. If
this is correct, how should I approach implementing this function on
FreeBSD?
Thanks in advance.
[1] https://linux.die.net/man/3/acl_extended_file
[2]
http://git.savannah.nongnu.org/cgit/acl.git/tree/libacl/acl_extended_file.c
[3]
http://git.savannah.nongnu.org/cgit/acl.git/tree/libacl/__acl_extended_file.c