Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 1 | From 545ded56095c570426fe102ff2192889681ea75c Mon Sep 17 00:00:00 2001 |
| 2 | From: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com> |
| 3 | Date: Mon, 29 Feb 2016 14:38:25 +0200 |
| 4 | Subject: [PATCH] Set xattrs after setting times |
| 5 | |
| 6 | With Integrity Measurement Architecture (IMA) enabled in Linux |
| 7 | kernel the security.ima extended attribute gets overwritten |
| 8 | when setting times on a file with a futimens() call. So it's safer |
| 9 | to set xattrs after times. |
| 10 | |
| 11 | Upstream-Status: Submitted [https://github.com/libarchive/libarchive/pull/664] |
| 12 | |
| 13 | Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com> |
| 14 | |
| 15 | --- |
| 16 | libarchive/archive_write_disk_posix.c | 21 +++++++++++---------- |
| 17 | 1 file changed, 11 insertions(+), 10 deletions(-) |
| 18 | |
| 19 | diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c |
| 20 | index 0fc6193..27c9c1e 100644 |
| 21 | --- a/libarchive/archive_write_disk_posix.c |
| 22 | +++ b/libarchive/archive_write_disk_posix.c |
| 23 | @@ -1620,16 +1620,6 @@ _archive_write_disk_finish_entry(struct archive *_a) |
| 24 | } |
| 25 | |
| 26 | /* |
| 27 | - * Security-related extended attributes (such as |
| 28 | - * security.capability on Linux) have to be restored last, |
| 29 | - * since they're implicitly removed by other file changes. |
| 30 | - */ |
| 31 | - if (a->todo & TODO_XATTR) { |
| 32 | - int r2 = set_xattrs(a); |
| 33 | - if (r2 < ret) ret = r2; |
| 34 | - } |
| 35 | - |
| 36 | - /* |
| 37 | * Some flags prevent file modification; they must be restored after |
| 38 | * file contents are written. |
| 39 | */ |
| 40 | @@ -1648,6 +1638,17 @@ _archive_write_disk_finish_entry(struct archive *_a) |
| 41 | } |
| 42 | |
| 43 | /* |
| 44 | + * Security-related extended attributes (such as |
| 45 | + * security.capability or security.ima on Linux) have to be restored last, |
| 46 | + * since they're implicitly removed by other file changes like setting |
| 47 | + * times. |
| 48 | + */ |
| 49 | + if (a->todo & TODO_XATTR) { |
| 50 | + int r2 = set_xattrs(a); |
| 51 | + if (r2 < ret) ret = r2; |
| 52 | + } |
| 53 | + |
| 54 | + /* |
| 55 | * Mac extended metadata includes ACLs. |
| 56 | */ |
| 57 | if (a->todo & TODO_MAC_METADATA) { |
| 58 | -- |
| 59 | 2.5.0 |