Open Jurij0110 opened 11 months ago
Hi,
the option -d is obsolete and requires some other setting. Maybe your command was chsmack -Dr *
that removes any smack label.
On 1/4/2024 4:53 AM, trungthucn1 wrote:
Hello all,
Currently, I have a problem with the command chsmack -dr when delete the SMACK label of the folder and this is the trace.
What problem do you have? Is the kernel panicing? Is the application crashing?
[] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 4472.527638 01-06 01:14:14.559] [] (show_stack) from [] (xattr_set+0x234/0x23c) [ 4472.527670 01-06 01:14:14.559] [] (xattr_set) from [] (vfs_removexattr+0x68/0x88) [ 4472.527685 01-06 01:14:14.559] [] (__vfs_removexattr) from [] (vfs_removexattr_locked+0xc4/0x134) [ 4472.527700 01-06 01:14:14.559] [] (vfs_removexattr_locked) from [] (vfs_removexattr+0x4c/0xcc) [ 4472.527714 01-06 01:14:14.559] [] (vfs_removexattr) from [] (removexattr+0x60/0x78) [ 4472.527729 01-06 01:14:14.559] [] (removexattr) from [] (path_removexattr+0x90/0xdc) [ 4472.527744 01-06 01:14:14.559] [] (path_removexattr) from [] (sys_trace_return+0x0/0x20)
I use kernel 5.4 I hope to receive help from someone
Thank so much!
— Reply to this email directly, view it on GitHub https://github.com/smack-team/smack/issues/139, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJ5L7G6XXUC6RARE7VMJMTYM2Q53AVCNFSM6AAAAABBM4LZO6VHI2DSMVQWIX3LMV43ASLTON2WKOZSGA3DKNRRGE2DINA. You are receiving this because you are subscribed to this thread.Message ID: @.***>
Dear Mr @cschaufler and Mr @jobol Thank you so much for your reply. I have a system with the folder /audio, and after booting, if we don't have an impact, the folder will be in read-only mode.
/ # mount ubi0:rootfs on / type ubifs (ro,relatime,bulk_read,assert=read-only,ubi=0,vol=0)
Then I want to remove the smack label from that folder, so I remounted the system.
After remounting: ubi0:rootfs on / type ubifs (rw,relatime,bulk_read,assert=read-only,ubi=0,vol=0)
After that, I used "chsmack -dr /audio" to remove the label and encountered the following error:
After the error occurred, it seemed to cause a kernel panic and reverted back to read-only mode. We cannot change to rw mode again unless reboot the system.
[ 579.506157 01-06 00:09:21.417] UBIFS error (ubi0:0 pid 12649): ubifs_assert_failed: UBIFS assert failed: inode->i_nlink == 1, in fs/ubifs/xattr.c:632
[ 579.506188 01-06 00:09:21.417] UBIFS warning (ubi0:0 pid 12649): ubifs_ro_mode: switched to read-only mode, error -22
[ 579.506203 01-06 00:09:21.417] CPU: 0 PID: 12649 Comm: chsmack Tainted: GO 5.4.219-perf #1
[ 579.506212 01-06 00:09:21.417] Hardware name: Qualcomm Technologies (Flattened Device Tree)
[ 579.506236 01-06 00:09:21.417] [
I saw it error in this line:
https://elixir.bootlin.com/linux/v5.4.219/source/fs/ubifs/xattr.c#L632
/ # stat /audio File: /audio/ Size: 3320 Blocks: 0 IO Block: 4096 directory Device: 13h/19d Inode: 2047 Links: 2 Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2023-11-30 04:22:48.000000000 Modify: 2023-11-30 04:22:38.000000000 Change: 1980-01-06 00:06:30.000000000
/ # uname -r 5.4.219
I also try the way using chsmack -Dr /audio but it not working. It just show the label. The SMACK version is 1.2.0 /data # smackctl -v smackctl (libsmack) version 1.2.0 Actually, as an inexperienced tester in SMACK and kernel matters, I kindly seek your assistance.
If you need further trace information, please tell me.
Thank you so much!
On 1/4/2024 5:50 PM, trungthucn1 wrote:
Dear Mr @cschaufler https://github.com/cschaufler and Mr @jobol https://github.com/jobol Thank you so much for your reply. I have a system with the folder /audio, and after booting, if we don't have an impact, the folder will be in read-only mode.
/ # mount ubi0:rootfs on / type ubifs (ro,relatime,bulk_read,assert=read-only,ubi=0,vol=0)
Then I want to remove the smack label from that folder, so I remounted the system.
After remounting: ubi0:rootfs on / type ubifs (rw,relatime,bulk_read,assert=read-only,ubi=0,vol=0)
After that, I used "chsmack -dr /audio" to remove the label and encountered the following error:
What do you want to accomplish by removing the Smack label? Smack is very insistent that all inodes be labeled, and will re-assign a label if it discovers one is missing. Are you trying to mount a filesystem with universal access?
After the error occurred, it seemed to cause a kernel panic and reverted back to read-only mode. We cannot change to rw mode again unless reboot the system.
[ 579.506157 01-06 00:09:21.417] UBIFS error (ubi0:0 pid 12649): ubifs_assert_failed: UBIFS assert failed: inode->i_nlink == 1, in fs/ubifs/xattr.c:632 [ 579.506188 01-06 00:09:21.417] UBIFS warning (ubi0:0 pid 12649): ubifs_ro_mode: switched to read-only mode, error -22 [ 579.506203 01-06 00:09:21.417] CPU: 0 PID: 12649 Comm: chsmack Tainted: GO 5.4.219-perf #1 https://github.com/smack-team/smack/pull/1 [ 579.506212 01-06 00:09:21.417] Hardware name: Qualcomm Technologies (Flattened Device Tree) [ 579.506236 01-06 00:09:21.417] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 579.506251 01-06 00:09:21.417] [] (show_stack) from [] (xattr_set+0x234/0x23c) [ 579.506266 01-06 00:09:21.417] [] (xattr_set) from [] (vfs_removexattr+0x68/0x88) [ 579.506280 01-06 00:09:21.417] [] (__vfs_removexattr) from [] (vfs_removexattr_locked+0xc4/0x134) [ 579.506293 01-06 00:09:21.417] [] (vfs_removexattr_locked) from [] (vfs_removexattr+0x4c/0xcc) [ 579.506307 01-06 00:09:21.417] [] (vfs_removexattr) from [] (removexattr+0x60/0x78) [ 579.506321 01-06 00:09:21.417] [] (removexattr) from [] (path_removexattr+0x90/0xdc) [ 579.506335 01-06 00:09:21.417] [] (path_removexattr) from [] (sys_trace_return+0x0/0x20) [ 579.506344 01-06 00:09:21.417] Exception stack(0xeb1e3fa8 to 0xeb1e3ff0) [ 579.506485 01-06 00:09:21.417] 3fa0: bebb4f49 00505f58 bebb4f49 004f48b4 00000000 00000002 [ 579.506504 01-06 00:09:21.417] 3fc0: bebb4f49 00505f58 00000002 000000ec 004f4685 005060fc 00506114 004f4ea0 [ 579.506515 01-06 00:09:21.417] 3fe0: b6fb0f58 bebb4bfc 004f46b9 b6ef5a88 [ 579.506544 01-06 00:09:21.417] UBIFS error (ubi0:0 pid 12649): make_reservation: cannot reserve 400 bytes in jhead 1, error -30
I saw it error in this line:
https://elixir.bootlin.com/linux/v5.4.219/source/fs/ubifs/xattr.c#L632
/ # stat /audio File: /audio/ Size: 3320 Blocks: 0 IO Block: 4096 directory Device: 13h/19d Inode: 2047 Links: 2 Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2023-11-30 04:22:48.000000000 Modify: 2023-11-30 04:22:38.000000000 Change: 1980-01-06 00:06:30.000000000
/ # uname -r 5.4.219
I also try the way using chsmack -Dr /audio but it not working. It just show the label. The SMACK version is 1.2.0 /data # smackctl -v smackctl (libsmack) version 1.2.0 Actually, as an inexperienced tester in SMACK and kernel matters, I kindly seek your assistance.
If you need further trace information, please tell me.
Thank you so much!
— Reply to this email directly, view it on GitHub https://github.com/smack-team/smack/issues/139#issuecomment-1878001505, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJ5L7AIYHSHIIB3NBSSJTDYM5L7BAVCNFSM6AAAAABBM4LZO6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZYGAYDCNJQGU. You are receiving this because you were mentioned.Message ID: @.***>
Dear Mr @cschaufler
I want to delete the label of this folder because I have an update app. But after updating, all the file systems have the SMACK label of the update. So I want to delete all the labels that have been changed by update app and re-assign the accurate label.
During the testing, because the /audio is in the read only status. So I use the mount to change it to rw and test delete the label.
The option -D is available in tools version 1.3.3. I recommand if possible to use that later version.
Thought this is not the solution to your issue. Did you checked with UBIFS team? I'm asking that because on many other file system there is no issue when deleting smack labels.
Instead of removing labels, did you try to directly set the label? It may circumvent the remove xattr issue.
Also to discriminate the issue, did you try to play with set/get/remove xattr aside smack?
Dear Mr @jobol Thank you so much for your kind help me. I did not try it with remove xattr aside smack. I will test the issue again with all your recommend on Monday and let you know the result.
Have a nice weekend ^^
any news @trungthucn1 ?
Dear Mr @jobol, Sorry for the late reply. I have a health issue, so I was off on Monday and Tuesday.
I took a test, if we change it to the "_" label, it works okay, but the result was still the same when trying with the 'setfattr -x' commands. However, during the retesting process, I noticed a common point:
[26264.647804 01-06 07:17:20.620] Value of inode->i_nlink: 2
[26264.647845 01-06 07:17:20.620] Value of inode->i_nlink: 2
[26264.654500 01-06 07:17:20.627] UBIFS error (ubi0:0 pid 30092): ubifs_assert_failed: UBIFS assert failed: inode->i_nlink == 1, in fs/ubifs/xattr.c:636
Do you know why the value is 2?
During the testing process, I encountered a second issue as follows: I have a path '/log' that is created by an app, and the process has the label 'app_log', so if no intervention is made, it will have the 'app_log' label. However, I set a different label for it, which is 'log::file'. So I created a Smack service to create the path '/log/' and label it as 'log::file' in the boot time: '/log/ access="log::file" transmute="TRUE"'. Then, I granted 'app_log log::file rwxt' permissions. But it encountered an error, seemingly due to the 'transmute="TRUE"' permission. The folder in the /log/ can not created.
[ 46.709157 01-06 00:00:22.984] UBIFS error (ubi4:0 pid 1976): ubifs_assert_failed: UBIFS assert failed: inode_is_locked(host), in fs/ubifs/xattr.c:278
[ 46.709217 01-06 00:00:22.984] UBIFS warning (ubi4:0 pid 1976): ubifs_ro_mode: switched to read-only mode, error -22
[ 47.006000 01-06 00:00:23.280] CPU: 0 PID: 1976 Comm: mkdir Tainted: G O 5.4.219
[ 47.006363 01-06 00:00:23.281] Hardware name: Qualcomm
[ 47.028851 01-06 00:00:23.303] gpio gpiochip0: (f100000.pinctrl): allocate IRQ 111, hwirq 93
[ 47.028901 01-06 00:00:23.303] gpio gpiochip0: (f100000.pinctrl): found parent hwirq 4294967295
[ 47.176160 01-06 00:00:23.451] [<c0110038>] (unwind_backtrace) from [<c010cf20>] (show_stack+0x10/0x14)
[ 47.176217 01-06 00:00:23.451] [<c010cf20>] (show_stack) from [<c03dea18>] (ubifs_xattr_set+0x600/0x69c)
[ 47.198470 01-06 00:00:23.473] gpio gpiochip0: (f100000.pinctrl): alloc_irqs_parent for 111 parent hwirq -1
[ 47.298154 01-06 00:00:23.573] [<c03dea18>] (ubifs_xattr_set) from [<c03df64c>] (xattr_set+0x78/0x2c0)
[ 47.298209 01-06 00:00:23.573] [<c03df64c>] (xattr_set) from [<c02c44ec>] (__vfs_setxattr+0x78/0x98)
[ 47.450302 01-06 00:00:23.725] [<c02c44ec>] (__vfs_setxattr) from [<c040c404>] (smack_d_instantiate+0x2e4/0x3c0)
[ 47.450360 01-06 00:00:23.725] [<c040c404>] (smack_d_instantiate) from [<c0407df4>] (security_d_instantiate+0x40/0x4c)
[ 47.684928 01-06 00:00:23.959] [<c0407df4>] (security_d_instantiate) from [<c02b5140>] (d_instantiate+0x2c/0x58)
[ 47.684985 01-06 00:00:23.959] [<c02b5140>] (d_instantiate) from [<c03afd84>] (ubifs_mkdir+0x23c/0x288)
[ 47.931134 01-06 00:00:24.206] [<c03afd84>] (ubifs_mkdir) from [<c02a950c>] (vfs_mkdir+0x114/0x1a0)
[ 47.931188 01-06 00:00:24.206] [<c02a950c>] (vfs_mkdir) from [<c02a9660>] (do_mkdirat+0xc8/0x11c)
[ 48.123754 01-06 00:00:24.398] [<c02a9660>] (do_mkdirat) from [<c0101240>] (__sys_trace_return+0x0/0x20)
[ 48.123803 01-06 00:00:24.398] Exception stack(0xe88a7fa8 to 0xe88a7ff0)
[ 48.324070 01-06 00:00:24.599] 7fa0: 00000012 becebf2d becebf2d 000001ff 00000000 0000002f
[ 48.324122 01-06 00:00:24.599] 7fc0: 00000012 becebf2d 00000073 00000027 becebf40 00000004 ffffffff 00000012
[ 48.549100 01-06 00:00:24.824] 7fe0: 00573d5c becebbcc 0052cc85 b6eb0e28
[ 48.549193 01-06 00:00:24.824] UBIFS error (ubi4:0 pid 1976): make_reservation: cannot reserve 416 bytes in jhead 1, error -30
This is the trace: If I keep '/log/ access="app_log" transmute="TRUE"', then the paths inside are created normally.
/log/ access="app_log" transmute="TRUE" /log/app access="app_log" transmute="TRUE" Do you think the second issue is related to the first issue? Thank you so much!
I'm not having the time to investigate. I glanced around for something of help but ...
Did you solve?
Dear Mr @jobol
Thank you very much for your help. The bad news is that it is still not resolved. For the issue of deleting Smack labels, I avoided it by setting the the label to default label. But with the second issue above related to Transmute permission, I still not have the alternative way yo deal with it. It is difficult to not be able to use Transmute. I wandered on the forums to find a solution for it but ... do not have enough knowledge to fix it. :( I would really appreciate if you can help me when you have a free time. i can wait for it. If you need me to test anything else as well as log, you can tell me. Thank you so much
Hello all,
Currently, I have a problem with the command chsmack -dr when delete the SMACK label of the folder and this is the trace.
[] (unwind_backtrace) from [] (show_stack+0x10/0x14)
[ 4472.527638 01-06 01:14:14.559] [] (show_stack) from [] (xattr_set+0x234/0x23c)
[ 4472.527670 01-06 01:14:14.559] [] (xattr_set) from [] (vfs_removexattr+0x68/0x88)
[ 4472.527685 01-06 01:14:14.559] [] (__vfs_removexattr) from [] ( vfs_removexattr_locked+0xc4/0x134)
[ 4472.527700 01-06 01:14:14.559] [] (vfs_removexattr_locked) from [] (vfs_removexattr+0x4c/0xcc)
[ 4472.527714 01-06 01:14:14.559] [] (vfs_removexattr) from [] (removexattr+0x60/0x78)
[ 4472.527729 01-06 01:14:14.559] [] (removexattr) from [] (path_removexattr+0x90/0xdc)
[ 4472.527744 01-06 01:14:14.559] [] (path_removexattr) from [] ( sys_trace_return+0x0/0x20)
I use kernel 5.4 I hope to receive help from someone
Thank so much!