#2732 BLOC Trial-3: JFFS2 does not perserve directory permissions across reboots when using a custom /sbin/init.
Zarro Boogs per Child
bugtracker at laptop.org
Mon Aug 13 18:12:13 EDT 2007
#2732: JFFS2 does not perserve directory permissions across reboots when using a
custom /sbin/init.
----------------------+-----------------------------------------------------
Reporter: mstone | Owner: dwmw2
Type: defect | Status: assigned
Priority: blocker | Milestone: Trial-3
Component: distro | Version:
Resolution: | Keywords: jffs2, updates, security
Verified: 0 |
----------------------+-----------------------------------------------------
Comment (by mstone):
Herbert Pötzl and I spent some time gathering debugging output. We have
successfully reproduced the bug both on stock 542 images and on custom
kernels running in QEMU (using your mtdram test device).
Strace logs of the commands
{{{
mkdir a
chmod 755 a
}}}
and
{{{
mkdir a
cp -la a b
}}}
reveal that when POSIX ACL support is enabled, 'cp -la' duplicates file
permissions with a call like:
{{{
setxattr("mnt/b", "system.posix_acl_access"...,
"\x02\x00\x00\x00\x01\x00\x07\x00\xff\xff\xff\xff\x04\x00\x05\x00\xff\xff\xff\xff
\x00\x05\x00\xff\xff\xff\xff", 28, 0) = 0
}}}
whereas mkdir relies on the kernel's implementation of umask support to
get the correct permissions.
In both cases, the dentries carry correct permission (0755) but these
permissions are not propagated to the inodes. (We infer this from the fact
that the permissions are not preserved across umounts.)
Disabling POSIX ACLs fixes the problem.
Note: mkdir() (which relies on the umask and which does not use POSIX ACL
calls) behaves differently depending on the presence or absence of POSIX
ACLs.
We have not yet tested the patch that you included in your previous email.
--
Ticket URL: <http://dev.laptop.org/ticket/2732#comment:4>
One Laptop Per Child <http://laptop.org/>
More information about the Bugs
mailing list