From: Mike Morrison <jmike@ca...> - 2009-01-06 21:17:05
I recently discovered that prior to *every single block* being written
there is a request for the "security.capability" extended attribute
(which is never set). I checked this against a no-op filesystem (just
passes calls through to an underlying file system) and found that it
occurs there too.
I can't find much on file capabilities, as they are rather new to
Linux, but, from what I've read, they are supposed to be disabled on
file systems mounted nosuid (ours is), but this doesn't appear to be
the case as there's still a getxattr call for it before every write
Has anyone else run into this and did you find a fix/workaround? I'm
looking for a way to either disable them entirely, or to at least keep
this requests for this xattr down to once per file open.
We're seeing this on Ubuntu 8.10 (uname -a: Linux slap 2.6.27-7-
generic #1 SMP Tue Nov 4 19:33:06 UTC 2008 x86_64 GNU/Linux). Not
sure if it happens on older kernels; this may be a recent development.
Any help would be greatly appreciated.