[PATCH v2 1/2] xattrs: Skip security.evm extended attribute
L. A. Walsh
rsync at tlinx.org
Fri Jan 6 05:27:26 UTC 2017
Stefan Berger wrote:
> The security.evm extended attribute is fully owned by the Linux kernel
> and cannot be directly written from userspace. Therefore, we can always
> skip it.
>
--- (see below "...")...
Please put this on a switch or option.
The security.evm field seems only special on Mandatory Access
systems (from https://lwn.net/Articles/449719/), and seems like it
should be copyable by root on non-Mandatory Access systems.
At the very least, a "dd" from one file system to another, would copy it,
so the security doesn't rely on it being copied WITH the rest of
its attrs, but with the field being a check on those fields not being
modified.
....
Reading further, a better solution might be to provide a list
of extended attributes to ***exclude*** from copying, making your
patch "general case", as well as an option to ONLY copy a list of
xattrs, that match an expression or list.
I'm against hardcoding specific cases into rsync, as they won't apply
to all systems rsync runs on as well as hard-coding current trends
in integrity-measurement (which may be subject to change).
More information about the rsync
mailing list