action #54119
Updated by whdu over 4 years ago
This issue happened when make whole system evm signing using digital signature. One step is: ``` # for D in /lib /lib64 /usr/lib /usr/lib64; do /usr/bin/find "$D" -fstype ext4 -\! -executable -type f -name '*.so*' -uid 0 -exec evmctl sign -psuse -k /root/certs/key.asc '{}' \; -exec chattr +i '{}' \; ; done setxattr failed: /usr/lib64/libopeniscsiusr.so errno: Operation not permitted (1) setxattr failed: /usr/lib64/libopeniscsiusr.so.0.2.0 errno: Operation not permitted (1) ``` It is probably a bug, or an acceptable results. More investigation will be performed to decide if we should create a bug report. **UPDATE:** It is turn out `find` problem, it execute the command followed by `-exec` twice. The reason is unclear and need further investigation. The current workaround is to add one step "`-exec chattr -i '{}'`" before "`-exec evmctl sign ...`". **UPDATE:** Other filed affected by this issue: ``` setxattr failed: /lib/firmware/qca/rampatch_usb_00000200.bin errno: Operation not permitted (1) setxattr failed: /lib/firmware/qca/nvm_usb_00000201.bin errno: Operation not permitted (1) setxattr failed: /lib/firmware/ath10k/QCA9888/hw2.0/notice_ath10k_firmware-5.txt errno: Operation not permitted (1) setxattr failed: /lib/firmware/ath10k/QCA9377/hw1.0/notice_ath10k_firmware-6.txt errno: Operation not permitted (1) setxattr failed: /lib/firmware/ath10k/QCA9887/hw1.0/notice_ath10k_firmware-5.txt errno: Operation not permitted (1) setxattr failed: /lib/firmware/ath10k/QCA9984/hw1.0/notice_ath10k_firmware-5.txt errno: Operation not permitted (1) setxattr failed: /lib/firmware/intel/ibt-18-16-1.ddc errno: Operation not permitted (1) setxattr failed: /lib/firmware/intel/ibt-17-2.ddc errno: Operation not permitted (1) setxattr failed: /lib/firmware/intel/ibt-17-16-1.sfi errno: Operation not permitted (1) setxattr failed: /lib/firmware/intel/ibt-17-2.sfi errno: Operation not permitted (1) setxattr failed: /lib/firmware/intel/ibt-17-0-1.sfi errno: Operation not permitted (1) setxattr failed: /lib/firmware/intel/ibt-17-1.sfi errno: Operation not permitted (1) setxattr failed: /lib/firmware/intel/ibt-18-0-1.ddc errno: Operation not permitted (1) setxattr failed: /lib/firmware/intel/ibt-18-16-1.sfi ... ``` **UPDATE:** After discussion with developer, we found it is turn out the hard link problem: ``` $ cd /lib/firmware $ find -samefile /lib/firmware/intel/ibt-18-0-1.ddc ./intel/ibt-17-2.ddc ./intel/ibt-17-16-1.ddc ./intel/ibt-18-1.ddc ./intel/ibt-17-0-1.ddc ./intel/ibt-18-2.ddc ./intel/ibt-17-1.ddc ./intel/ibt-18-16-1.ddc ./intel/ibt-18-0-1.ddc ``` So I think the work around we are using is acceptable.