Date: Fri, 14 Jul 2017 13:53:40 +1000 From: Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au> To: FreeBSD Stable Mailing List <freebsd-stable@freebsd.org> Subject: Extended "system" attributes within jailed environment dont work Message-ID: <cb70e03c-4dce-a530-2cf7-daaf1d9df74f@heuristicsystems.com.au>
next in thread | raw e-mail | index | archive | help
Can someone advise how I can enable extended attributes in a "system" namespace within a jailed (or bhyve) environment? There was no guidance in "man jail" nor "man jail.conf". Simple test >From the host or base system: # touch /a ; setextattr user t1 first /a ; getextattr user t1 /a /a first # touch /a ; setextattr system t2 second /a ; getextattr system t2 /a /a second Within a jail: # touch /a ; setextattr user t1 first /a ; getextattr user t1 /a /a first # touch /a ; setextattr system t2 second /a ; getextattr system t2 /a setextattr: /a: failed: Operation not permitted getextattr: /a: failed: Operation not permitted The impact of this is that SAMBA after 4.3 uses "system" namespace extended attributes; hence can not provision an Active Directory within a jailed environment. (For the inclined, this affects sysvol, and interestingly "rsync -x" is unable to copy extended attributes, so having consistent sysvols across a SAMBA domain may be a challenge) Regards, Dewayne.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cb70e03c-4dce-a530-2cf7-daaf1d9df74f>