[PATCH v2 1/2] xattrs: Skip security.evm extended attribute

L. A. Walsh rsync at tlinx.org
Fri Jan 6 05:27:26 UTC 2017

Stefan Berger wrote:
> The security.evm extended attribute is fully owned by the Linux kernel
> and cannot be directly written from userspace. Therefore, we can always
> skip it.
---  (see below "...")...

    Please put this on a switch or option.

The security.evm field seems only special on Mandatory Access
systems (from https://lwn.net/Articles/449719/), and seems like it
should be copyable by root on non-Mandatory Access systems.

At the very least, a "dd" from one file system to another, would copy it,
so the security doesn't rely on it being copied WITH the rest of
its attrs, but with the field being a check on those fields not being


Reading further, a better solution might be to provide a list
of extended attributes to ***exclude*** from copying, making your
patch "general case", as well as an option to ONLY copy a list of
xattrs, that match an expression or list.

I'm against hardcoding specific cases into rsync, as they won't apply
to all systems rsync runs on as well as hard-coding current trends
in integrity-measurement (which may be subject to change).

More information about the rsync mailing list