attr vs. getfattr

Christian Kujau lists at nerdbynature.de
Thu Jun 7 07:26:59 CDT 2012 

Hi,

I have an issue with extended attributes on this machine (Debian/stable, 
2.6.32-5-amd64). This box is slowly being moved towards fully SELinux 
enabled and apparently some files have been labelled with SELinux 
attributes:

---------
# ls -l vnstat.conf
-rw-r--r--. 2 root root 2890 Jan 15 04:05 vnstat.conf

# ls -lZ vnstat.conf
-rw-r--r--. 2 root root unconfined_u:object_r:etc_t:s0 2890 Jan 15 04:05 vnstat.conf
---------

OK. But when I actually want to see the attributes, this happens:

---------
# getfattr --dump vnstat.conf
---------

I.e. "nothing" is printed. I understand there's "attr" specifically for 
XFS filesystems and at least it displays that there *is* an attribute 
stored, but it cannot get its value:

---------
# attr -l vnstat.conf
Attribute "selinux" has a 31 byte value for vnstat.conf

# attr -g selinux vnstat.conf 
attr_get: No data available
Could not get "selinux" for vnstat.conf
---------

Now that I know the attribute's name, I try to use "getfattr" to display 
its value:

---------
# getfattr -n selinux vnstat.conf
vnstat.conf: selinux: Operation not supported

via strace:

getxattr("vnstat.conf", "selinux", 0x0, 0) = -1 EOPNOTSUPP (Operation not supported)
---------

Can someone explain to me what's going on? The reason for all this that I 
actually want to remove the selinux attributes from some directories[0], 
but this isn't working either:

---------
# attr -r selinux vnstat.conf 
attr_remove: No data available
Could not remove "selinux" for vnstat.conf
---------

Tbh, I'm not too savvy with SELinux, but the system is in "permissive" 
mode, so it should not interfere:

---------
# getenforce
Permissive

# df -h .
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/data       27G   25G  1.6G  95% /data

# grep /data /proc/mounts
/dev/mapper/data /data xfs rw,seclabel,nosuid,nodev,relatime,attr2,nobarrier,noquota 0 0
# grep /data /etc/mtab
/dev/mapper/data /data xfs rw,nosuid,nodev,nobarrier 0 0

# grep _XFS /boot/config-2.6.32-5-amd64 
CONFIG_XFS_FS=m
CONFIG_XFS_QUOTA=y
CONFIG_XFS_POSIX_ACL=y
CONFIG_XFS_RT=y
# CONFIG_XFS_DEBUG is not set
---------

Anyone got an idea what's going on here/what I am missing?

Thanks,
Christian.

[0] Why? Because I want to rsync from a remote machine, where
    the files do NOT have SELinux attributes. In essence the same
    scenario as in https://bugzilla.redhat.com/show_bug.cgi?id=461486
-- 
BOFH excuse #359:

YOU HAVE AN I/O ERROR -> Incompetent Operator error

More information about the xfs mailing list