sys/capsicum/functional:test_unprivileged (internal test Capability.ExtendedAttributesIfAvailableForked) fails when running with a ZFS /tmp since OpenZFS started rejecting attribute names with certain prefixes. It uses compatibility wrappers for the Linux syscalls. They're only ever called with "user.*" attribute names, and they always assume that the user namespace is to be used, but they don't bother stripping the prefix from the name passed the FreeBSD syscalls. diff --git i/contrib/capsicum-test/syscalls.h w/contrib/capsicum-test/syscalls.h index 592a1677e1f1..3ea8803c2f64 100644 --- i/contrib/capsicum-test/syscalls.h +++ w/contrib/capsicum-test/syscalls.h @@ -47,16 +47,29 @@ inline int bogus_mount_() { /* Mappings for extended attribute functions */ #include <sys/extattr.h> +#include <errno.h> +static const char *fbsd_extattr_skip_prefix(const char *p) { + if (*p++ == 'u' && *p++ == 's' && *p++ == 'e' && *p++ == 'r' && *p++ == '.') + return p; + errno = EINVAL; + return NULL; +} inline ssize_t flistxattr_(int fd, char *list, size_t size) { return extattr_list_fd(fd, EXTATTR_NAMESPACE_USER, list, size); } inline ssize_t fgetxattr_(int fd, const char *name, void *value, size_t size) { + if (!(name = fbsd_extattr_skip_prefix(name))) + return -1; return extattr_get_fd(fd, EXTATTR_NAMESPACE_USER, name, value, size); } inline int fsetxattr_(int fd, const char *name, const void *value, size_t size, int) { + if (!(name = fbsd_extattr_skip_prefix(name))) + return -1; return extattr_set_fd(fd, EXTATTR_NAMESPACE_USER, name, value, size); } inline int fremovexattr_(int fd, const char *name) { + if (!(name = fbsd_extattr_skip_prefix(name))) + return -1; return extattr_delete_fd(fd, EXTATTR_NAMESPACE_USER, name); }
Related commit: commit 5c0061345b824eebe7a6578528f873ffcaae1cdd Author: Ryan Moeller <ryan@iXsystems.com> Date: Tue Feb 15 19:35:30 2022 -0500 Cross-platform xattr user namespace compatibility ZFS on Linux originally implemented xattr namespaces in a way that is incompatible with other operating systems. On illumos, xattrs do not have namespaces. Every xattr name is visible. FreeBSD has two universally defined namespaces: EXTATTR_NAMESPACE_USER and EXTATTR_NAMESPACE_SYSTEM. The system namespace is used for protected FreeBSD-specific attributes such as MAC labels and pnfs state. These attributes have the namespace string "freebsd:system:" prefixed to the name in the encoding scheme used by ZFS. The user namespace is used for general purpose user attributes and obeys normal access control mechanisms. These attributes have no namespace string prefixed, so xattrs written on illumos are accessible in the user namespace on FreeBSD, and xattrs written to the user namespace on FreeBSD are accessible by the same name on illumos. Linux has several xattr namespaces. On Linux, ZFS encodes the namespace in the xattr name for every namespace, including the user namespace. As a consequence, an xattr in the user namespace with the name "foo" is stored by ZFS with the name "user.foo" and therefore appears on FreeBSD and illumos to have the name "user.foo" rather than "foo". Conversely, none of the xattrs written on FreeBSD or illumos are accessible on Linux unless the name happens to be prefixed with one of the Linux xattr namespaces, in which case the namespace is stripped from the name. This makes xattrs entirely incompatible between Linux and other platforms. We want to make the encoding of user namespace xattrs compatible across platforms. A critical requirement of this compatibility is for xattrs from existing pools from FreeBSD and illumos to be accessible by the same names in the user namespace on Linux. It is also necessary that existing pools with xattrs written by Linux retain access to those xattrs by the same names on Linux. Making user namespace xattrs from Linux accessible by the correct names on other platforms is important. The handling of other namespaces is not required to be consistent. Add a fallback mechanism for listing and getting xattrs to treat xattrs as being in the user namespace if they do not match a known prefix. Do not allow setting or getting xattrs with a name that is prefixed with one of the namespace names used by ZFS on supported platforms. Allow choosing between legacy illumos and FreeBSD compatibility and legacy Linux compatibility with a new tunable. This facilitates replication and migration of pools between hosts with different compatibility needs. The tunable controls whether or not to prefix the namespace to the name. If the xattr is already present with the alternate prefix, remove it so only the new version persists. By default the platform's existing convention is used.
Would you be able to open a pull request at https://github.com/google/capsicum-test?
(In reply to Ed Maste from comment #2) Alright, done! https://github.com/google/capsicum-test/pull/58 Man this is a lot more trouble than just pasting a patch...
Brought back into FreeBSD in: commit 4ee9db7a1d428a0c067ad4c65591972872eb2ade Author: Ed Maste <emaste@FreeBSD.org> Date: Tue Sep 13 13:39:02 2022 -0400 Update capsicum-test to eab7a83b05becf64439b4b256b3d756b353fbbbb This is in stable/14, and I will MFC to stable/13 as well.
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=8d0ca017408ed87de0e3f8746421e88a834b9bb0 commit 8d0ca017408ed87de0e3f8746421e88a834b9bb0 Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2022-09-13 17:39:02 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2024-05-07 00:03:52 +0000 Update capsicum-test to eab7a83b05becf64439b4b256b3d756b353fbbbb (cherry picked from commit 4ee9db7a1d428a0c067ad4c65591972872eb2ade) PR: 266112 contrib/capsicum-test/syscalls.h | 13 +++++++++++++ 1 file changed, 13 insertions(+)