我正在运行带有选项allow_other和umask 0的保险丝fs。这给了我一组权限设置为777的文件。尽管当我尝试进入ls -l包含这些文件的目录时,却得到以下输出:
ls: name: Operation not permitted
ls: tags: Operation not permitted
ls: location: Operation not permitted
ls: ext: Operation not permitted
ls: experiment_id: Operation not permitted
ls: file_path: Operation not permitted
谁能告诉我为什么拥有全局权限(777)但仍然无法进行操作?
在运行strace时,得到以下跟踪:
lstat("tags", {st_mode=S_IFDIR|0777, st_size=4096, ...}) = 0
lgetxattr("tags", "security.selinux", 0x112ae80, 255) = -1 EPERM (Operation not permitted)
write(2, "ls: ", 4ls: ) = 4
write(2, "tags", 4tags) = 4
write(2, ": Operation not permitted", 25: Operation not permitted) = 25
write(2, "\n", 1
) = 1
lstat("location", {st_mode=S_IFDIR|0777, st_size=4096, ...}) = 0
lgetxattr("location", "security.selinux", 0x112aea0, 255) = -1 EPERM (Operation not permitted)
write(2, "ls: ", 4ls: ) = 4
write(2, "location", 8location) = 8
write(2, ": Operation not permitted", 25: Operation not permitted) = 25
write(2, "\n", 1) = 1
lstat("ext", {st_mode=S_IFDIR|0777, st_size=4096, ...}) = 0
lgetxattr("ext", "security.selinux", 0x112aec0, 255) = -1 EPERM (Operation not permitted)
write(2, "ls: ", 4ls: ) = 4
write(2, "ext", 3ext) = 3
write(2, ": Operation not permitted", 25: Operation not permitted) = 25
write(2, "\n", 1) = 1
lstat("experiment_id", {st_mode=S_IFDIR|0777, st_size=4096, ...}) = 0
lgetxattr("experiment_id", "security.selinux", 0x112aee0, 255) = -1 EPERM (Operation not permitted)
write(2, "ls: ", 4ls: ) = 4
write(2, "experiment_id", 13experiment_id) = 13
write(2, ": Operation not permitted", 25: Operation not permitted) = 25
write(2, "\n", 1) = 1
lstat("file_path", {st_mode=S_IFDIR|0777, st_size=4096, ...}) = 0
lgetxattr("file_path", "security.selinux", 0x112af00, 255) = -1 EPERM (Operation not permitted)
write(2, "ls: ", 4ls: ) = 4
write(2, "file_path", 9file_path) = 9
write(2, ": Operation not permitted", 25: Operation not permitted) = 25
write(2, "\n", 1) = 1
因此,从跟踪来看,即使在系统上禁用了selinux属性,它也似乎试图获取selinux属性。
cat /etc//sysconfig/selinux
SELINUX=disabled
SELINUXTYPE=targeted
问题出在我的getxattr实现上。我返回的错误是-1,它转换为EPERM,相反,我应该返回ENODATA,这对于我的逻辑来说是更正确的错误情况。这也修复了这些错误。
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句