Re: 2.6.15 Bug? New security model?

[John M Flinchbaugh]

On Wed, Feb 08, 2006 at 02:31:46PM +1300, Sam Vilain wrote:
> Bernd Schubert wrote:
> >With 2.6.15:
> >bathl:~# touch /var/run/test
> >touch: cannot touch `/var/run/test': Permission denied
> >With 2.6.13:
> >bathl:~# touch /var/run/test
> >(No error message)
> 
> Some ideas; ACLs, SELinux, Attributes, Capabilities.

lsattr -d /var/run && lsattr /var/run

I saw very similar things going from 2.6.15.1 to 2.6.15.2.  2.6.15.2's
changelog advertises a fix to reenable extended attributes on reiserfs.
On one machine this is fine, and lsattr shows no attributes enabled
(----------), but on another machine, I ended up with all sorts of crazy
attributes set seemingly randomly -- compression, experimental flags,
immutable, append-only, all over the map.

I tried clearing them (chattr -R = /var ...etc), but I still found a
file here and there which refused to be removed, even though lsattr
showed no flags for it.  After a restart or 2, I saw some attributes
revert back and I started having trouble removing files from /var/run
and other places again.

I ended up reverting back to 2.6.15.1 until I have a chance to
investigate further and try to come up with something reportable.  In
2.6.15.1, attributes didn't work at all, giving an ioctl error, though
the same kernel options were used.  I suspect this is the fix to which
the Changelog is referring.

I must wonder if I'm suffering from some sort of fs corruption which
only manifests itself in the attribute settings, and which a reisefsck
doesn't recognize or correct.  I could be tempted to recreate the
filesystems from scratch to see if they still have issues.
-- 
John M Flinchbaugh
john@xxxxxxxxxx

Attachment: signature.asc
Description: Digital signature