action #54119
Updated by whdu over 4 years ago
This issue happened when make whole system evm signing using digital signature.
One step is:
```
# for D in /lib /lib64 /usr/lib /usr/lib64; do /usr/bin/find "$D" -fstype ext4 -\! -executable -type f -name '*.so*' -uid 0 -exec evmctl sign -psuse -k /root/certs/key.asc '{}' \; -exec chattr +i '{}' \; ; done
setxattr failed: /usr/lib64/libopeniscsiusr.so
errno: Operation not permitted (1)
setxattr failed: /usr/lib64/libopeniscsiusr.so.0.2.0
errno: Operation not permitted (1)
```
It is probably a bug, or an acceptable results. More investigation will be performed to decide if we should create a bug report.
**UPDATE:** It is turn out `find` problem, it execute the command followed by `-exec` twice. The reason is unclear and need further investigation. The current workaround is to add one step "`-exec chattr -i '{}'`" before "`-exec evmctl sign ...`".
**UPDATE:** Other filed affected by this issue:
```
setxattr failed: /lib/firmware/qca/rampatch_usb_00000200.bin
errno: Operation not permitted (1)
setxattr failed: /lib/firmware/qca/nvm_usb_00000201.bin
errno: Operation not permitted (1)
setxattr failed: /lib/firmware/ath10k/QCA9888/hw2.0/notice_ath10k_firmware-5.txt
errno: Operation not permitted (1)
setxattr failed: /lib/firmware/ath10k/QCA9377/hw1.0/notice_ath10k_firmware-6.txt
errno: Operation not permitted (1)
setxattr failed: /lib/firmware/ath10k/QCA9887/hw1.0/notice_ath10k_firmware-5.txt
errno: Operation not permitted (1)
setxattr failed: /lib/firmware/ath10k/QCA9984/hw1.0/notice_ath10k_firmware-5.txt
errno: Operation not permitted (1)
setxattr failed: /lib/firmware/intel/ibt-18-16-1.ddc
errno: Operation not permitted (1)
setxattr failed: /lib/firmware/intel/ibt-17-2.ddc
errno: Operation not permitted (1)
setxattr failed: /lib/firmware/intel/ibt-17-16-1.sfi
errno: Operation not permitted (1)
setxattr failed: /lib/firmware/intel/ibt-17-2.sfi
errno: Operation not permitted (1)
setxattr failed: /lib/firmware/intel/ibt-17-0-1.sfi
errno: Operation not permitted (1)
setxattr failed: /lib/firmware/intel/ibt-17-1.sfi
errno: Operation not permitted (1)
setxattr failed: /lib/firmware/intel/ibt-18-0-1.ddc
errno: Operation not permitted (1)
setxattr failed: /lib/firmware/intel/ibt-18-16-1.sfi
...
```
**UPDATE:** After discussion with developer, we found it is turn out the hard link problem:
```
$ cd /lib/firmware
$ find -samefile /lib/firmware/intel/ibt-18-0-1.ddc
./intel/ibt-17-2.ddc
./intel/ibt-17-16-1.ddc
./intel/ibt-18-1.ddc
./intel/ibt-17-0-1.ddc
./intel/ibt-18-2.ddc
./intel/ibt-17-1.ddc
./intel/ibt-18-16-1.ddc
./intel/ibt-18-0-1.ddc
```
So I think the work around we are using is acceptable.