GNU bug report logs - #17103
cp: "cp -al" doesn't copy symlinks, tries to link to them

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: coreutils; Reported by: Linda Walsh <coreutils@HIDDEN>; dated Wed, 26 Mar 2014 18:09:01 UTC; Maintainer for coreutils is bug-coreutils@HIDDEN.
Changed bug title to 'cp: "cp -al" doesn't copy symlinks, tries to link to them' from 'regression: cp -al doesn't copy symlinks, but tries to link to them (fail)' Request was from Assaf Gordon <assafgordon@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 2 Apr 2014 03:48:43 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 01 23:48:43 2014
Received: from localhost ([127.0.0.1]:59944 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WVCAM-0006dv-7Y
	for submit <at> debbugs.gnu.org; Tue, 01 Apr 2014 23:48:42 -0400
Received: from ishtar.tlinx.org ([173.164.175.65]:51365)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <coreutils@HIDDEN>) id 1WVCAJ-0006dm-QG
 for 17103 <at> debbugs.gnu.org; Tue, 01 Apr 2014 23:48:40 -0400
Received: from [192.168.4.12] (Athenae [192.168.4.12])
 by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id
 s323mSRE015817; Tue, 1 Apr 2014 20:48:32 -0700
Message-ID: <533B888C.3080700@HIDDEN>
Date: Tue, 01 Apr 2014 20:48:28 -0700
From: Linda Walsh <coreutils@HIDDEN>
User-Agent: Thunderbird
MIME-Version: 1.0
To: Kees Cook <keescook@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks,
 but tries to link to them (fail)
References: <53331795.8080202@HIDDEN>	<5333313E.6070105@HIDDEN>	<533336B9.6070800@HIDDEN>	<53333E8E.1030806@HIDDEN>	<53334137.2050100@HIDDEN>	<CAGXu5jJpjXEq9y3iXax8QUwx6D4BOA3zJ5j6rqGmdP4zmhOGAw@HIDDEN>	<5334DD91.5020802@HIDDEN>	<CAGXu5jLj9GxCPfqK3BCsNcPHDHrX+MaCpTHGrE=VEybfc=OUJg@HIDDEN>	<533616B4.3030401@HIDDEN>
 <CAGXu5jKuKLZvkcZzE7qvGn5OAVaHBCirHY5jD-BtEeUKh5FO4w@HIDDEN>
In-Reply-To: <CAGXu5jKuKLZvkcZzE7qvGn5OAVaHBCirHY5jD-BtEeUKh5FO4w@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: -0.6 (/)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org, Pádraig Brady <P@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.6 (/)



Kees Cook wrote:
> I outline some of it in the original commit:
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=800179c9b8a1e796e441674776d11cd4c05d61d7


(had already read that though not from that source)...


>>         It seems more like use of a blunt instrument rather
>> than making use of the mode bits (or DACL) on a symlink.
>>
>>   As far as the given reasoning for symlink control,
>> I've not heard of any issues related to TOU on devices/pipes
>> or other file system objects that couldn't be applied to files.
>> I.e. Do you know why they'd blanket ban everything except
>> files?
> 
> The best example of hardlink insanity is for a system were /usr/bin is
> on the same partition as /tmp or /home. A local user can hardlink
> /usr/bin/sudo to $HOME/sudo, and when a flaw is found in sudo, the
> administrator will upgrade the sudo package. However, due to the
> package manager deleting /usr/bin/sudo and replacing it, the original
> sudo remains in $HOME/sudo, leaving the security flaw available for
> exploitation by the local user.
---

     OK, then why restrict hardlinks to symlinks -- they can't
be setXID.  Same with anything other than a file.  They can't be used
in the same way.  The restrictions on 'non-files' became worse -- in that
the DACL(incl mode) is ignored.

    For files... disallow linking to setXid (or setcap) files, and
for 'icing' disallow hardlinks to/from files in world readable sticky dirs.

    Wouldn't those restrictions have given the same benefit...(focusing,
BTW, on the restrictions on hardlinks).


> ToCToU races for hardlinks (like symlinks) also exist. Say some local
> root daemon writes to /tmp/bad-idea.log, a local user could hardlink
> (or symlink) this to /etc/passwd and destroy the system.
---
	In that case, should 'root's DACL override ability trump the
protections setup by the sticky-bit.  If root programs are going
to insist on using the same world-writeable sticky bits as all other
users, it seems only prudent that increased restrictions apply -- not
only to protect root, but other users --- If root can just overwrite
any file -- if that was a tmp file that is being read for final
saving in the user dir of an important file -- wouldn't that be equally
bad?

I.e. maybe root shouldn't be able to open an existing file (not owned
by root) in a sticky-dir -- but would need to move or remove it first.

Wouldn't the above restrictions accomplish the same security goals with
less impact to compatibility w/existing features?








Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 1 Apr 2014 18:46:42 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 01 14:46:42 2014
Received: from localhost ([127.0.0.1]:59713 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WV3hp-00084y-5G
	for submit <at> debbugs.gnu.org; Tue, 01 Apr 2014 14:46:41 -0400
Received: from mail-oa0-f44.google.com ([209.85.219.44]:59031)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <keescook@HIDDEN>) id 1WV3hl-00084n-9X
 for 17103 <at> debbugs.gnu.org; Tue, 01 Apr 2014 14:46:38 -0400
Received: by mail-oa0-f44.google.com with SMTP id n16so11681389oag.17
 for <17103 <at> debbugs.gnu.org>; Tue, 01 Apr 2014 11:46:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=TD8VUW0QX4rA3dEjoiyn6ZBcqg/V9OszZDlPaE3Yhhw=;
 b=EwBUlY3WCJOVkNcTzteaOoRRuEoRt/JfXc0wygy0xozv9ANpQavyh3jre4yFByYfXr
 s+jmJqCTrSHgUAdefEaXN5UGVN/npUqQ6FrU9FReUZ8BKiLJhJp+b64BYuMMvboKcBZq
 INERN5KY7ev2LAhh0voB4wZD0/3XgjbiImOa622QNBvZWTeqGmYlk2TMZUySuPN4nGP5
 CcvYXJOq3x4O8dAChnvC3l7phFzkeV8ljEVji5ruPg6b69pyBQxNgy7j6XFIaEzm8A0Q
 4uNDz3/5nHA3PctCwESLtBi1PJtU+Bx6LdG/cstJIXB4zYr9qaXTAIjXBkV/6R77sCdZ
 L2qQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:cc:content-type;
 bh=TD8VUW0QX4rA3dEjoiyn6ZBcqg/V9OszZDlPaE3Yhhw=;
 b=gaHZL7UZCflTHtkwoivKFwyZWM4R6RarhY30YZN/sJTu4M8ZMpU74ElWw/pDBqi6eW
 lItgRVo9au1jNZpcEjDQpz5V0lCnvwf+QDHMaSq8rOCejmdFafRBpgtsroVtrCmJly6M
 gK3cGtpZMT6uhoYGgSTMMKJcBJxRojyMvnOq4DcPhG7ogphX2L3E8Pu9zX9VCwa6WmHY
 5jhVJGopqzczOFIXUMqqxbKiyeGgkVuw0hzTVUx6mOyV0fpU3vKU6Ss8QXj8jjH8E/Yl
 Jug4OlykTPqU/duuIFWIyeiIm2UHHPPewt0aRRkTzhGlOaKCGVduvlqcMQlyqMA04wUR
 3oMg==
X-Gm-Message-State: ALoCoQk8cxI33zygqgJgJ2FmQgbvfgnQG4fh07AiMJxVKmSoxYnMjANEmsbh9AbKtehkkSyzfcaAqG0gMSHTGtJ7BEDvosVd9YR4dT82qRUH0q7owhFM4RM+ICuRwnLMVgTXSYSNMogs8qn7jr+NUyEdEDr2SHkeCh3OQoVDev5cPmW6/Mc86ohiQAAwIegVGQUOn4g3YM4Z0ADnKW90yJfScrAGAhmQSQ==
MIME-Version: 1.0
X-Received: by 10.182.88.69 with SMTP id be5mr2947746obb.55.1396377996185;
 Tue, 01 Apr 2014 11:46:36 -0700 (PDT)
Received: by 10.182.226.163 with HTTP; Tue, 1 Apr 2014 11:46:36 -0700 (PDT)
In-Reply-To: <533616B4.3030401@HIDDEN>
References: <53331795.8080202@HIDDEN> <5333313E.6070105@HIDDEN>
 <533336B9.6070800@HIDDEN> <53333E8E.1030806@HIDDEN>
 <53334137.2050100@HIDDEN>
 <CAGXu5jJpjXEq9y3iXax8QUwx6D4BOA3zJ5j6rqGmdP4zmhOGAw@HIDDEN>
 <5334DD91.5020802@HIDDEN>
 <CAGXu5jLj9GxCPfqK3BCsNcPHDHrX+MaCpTHGrE=VEybfc=OUJg@HIDDEN>
 <533616B4.3030401@HIDDEN>
Date: Tue, 1 Apr 2014 11:46:36 -0700
Message-ID: <CAGXu5jKuKLZvkcZzE7qvGn5OAVaHBCirHY5jD-BtEeUKh5FO4w@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks, but tries to
 link to them (fail)
From: Kees Cook <keescook@HIDDEN>
To: Linda Walsh <coreutils@HIDDEN>
Content-Type: text/plain; charset=UTF-8
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org, =?UTF-8?Q?P=C3=A1draig_Brady?= <P@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.3 (-)

On Fri, Mar 28, 2014 at 5:41 PM, Linda Walsh <coreutils@HIDDEN> wrote:
> Kees Cook wrote:
>> The attack gets more and
>> more remote, but these kind of flaws are not unheard of.
>
> ----
>         If there's a URL for to explain why this is needed, I'd
> love to read more.  My background is computer science and have
> have worked in security, so I'm aware of theory, but logically,
> I am still not seeing the chain of events.  It seems like the
> protected symlink was designed for use in a world-writeable w/
> sticky bit set, so I'm not seeing the need for the extra
> check on hard-link in relation to that.

I outline some of it in the original commit:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=800179c9b8a1e796e441674776d11cd4c05d61d7

>
>         It seems more like use of a blunt instrument rather
> than making use of the mode bits (or DACL) on a symlink.
>
>         As far as the given reasoning for symlink control,
> I've not heard of any issues related to TOU on devices/pipes
> or other file system objects that couldn't be applied to files.
> I.e. Do you know why they'd blanket ban everything except
> files?

The best example of hardlink insanity is for a system were /usr/bin is
on the same partition as /tmp or /home. A local user can hardlink
/usr/bin/sudo to $HOME/sudo, and when a flaw is found in sudo, the
administrator will upgrade the sudo package. However, due to the
package manager deleting /usr/bin/sudo and replacing it, the original
sudo remains in $HOME/sudo, leaving the security flaw available for
exploitation by the local user.

ToCToU races for hardlinks (like symlinks) also exist. Say some local
root daemon writes to /tmp/bad-idea.log, a local user could hardlink
(or symlink) this to /etc/passwd and destroy the system.

-Kees

-- 
Kees Cook
Chrome OS Security




Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 29 Mar 2014 00:41:41 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Mar 28 20:41:40 2014
Received: from localhost ([127.0.0.1]:55234 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WThLA-0004Wv-AE
	for submit <at> debbugs.gnu.org; Fri, 28 Mar 2014 20:41:40 -0400
Received: from ishtar.tlinx.org ([173.164.175.65]:51325)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <coreutils@HIDDEN>) id 1WThL5-0004Wi-TN
 for 17103 <at> debbugs.gnu.org; Fri, 28 Mar 2014 20:41:36 -0400
Received: from [192.168.4.12] (Athenae [192.168.4.12])
 by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id
 s2T0fOx3006041; Fri, 28 Mar 2014 17:41:28 -0700
Message-ID: <533616B4.3030401@HIDDEN>
Date: Fri, 28 Mar 2014 17:41:24 -0700
From: Linda Walsh <coreutils@HIDDEN>
User-Agent: Thunderbird
MIME-Version: 1.0
To: Kees Cook <keescook@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks,
 but tries to link to them (fail)
References: <53331795.8080202@HIDDEN>	<5333313E.6070105@HIDDEN>	<533336B9.6070800@HIDDEN>	<53333E8E.1030806@HIDDEN>	<53334137.2050100@HIDDEN>	<CAGXu5jJpjXEq9y3iXax8QUwx6D4BOA3zJ5j6rqGmdP4zmhOGAw@HIDDEN>	<5334DD91.5020802@HIDDEN>
 <CAGXu5jLj9GxCPfqK3BCsNcPHDHrX+MaCpTHGrE=VEybfc=OUJg@HIDDEN>
In-Reply-To: <CAGXu5jLj9GxCPfqK3BCsNcPHDHrX+MaCpTHGrE=VEybfc=OUJg@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: -0.4 (/)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org, Pádraig Brady <P@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.4 (/)



Kees Cook wrote:
> So, allowing a hardlink to a symlink means that symlinks owned by the
> target user could be hardlinked to in /tmp. 
---
	How would that be different than the user creating
a symlink in tmp?  I.e. Theoretically, they can already create
a symlink in tmp.
---
> The attack gets more and
> more remote, but these kind of flaws are not unheard of.
----
	If there's a URL for to explain why this is needed, I'd
love to read more.  My background is computer science and have
have worked in security, so I'm aware of theory, but logically,
I am still not seeing the chain of events.  It seems like the
protected symlink was designed for use in a world-writeable w/
sticky bit set, so I'm not seeing the need for the extra
check on hard-link in relation to that.

	It seems more like use of a blunt instrument rather
than making use of the mode bits (or DACL) on a symlink.

	As far as the given reasoning for symlink control,
I've not heard of any issues related to TOU on devices/pipes
or other file system objects that couldn't be applied to files.
I.e. Do you know why they'd blanket ban everything except
files?

BTW -- you said:

> Though this case of hardlink-copying a writable unowned 
> tree is pretty unusual already! :)
----
    The business of using "groups" for access control is being
increasingly ignored in many system utils -- something I find
very annoying.  Maybe, with increasing use of user and group
specific ACL's, someone might realize that group access can
also be used selectively.  Too many system utils are checking
to see that they are root-user-only writeable which supersedes
a local site's security policy.


> Regardless, if your system isn't at risk for such attacks, makes sense
> to turn if off if it's getting in your way. :)
---
I wasn't are of the problem until just recently and I think
the hardlink part of it is 'not well considered' given the current
evidence, but I'd really like to know better what made it a problem.

At least, we are agreed on 'cp' doing the most good for the most users.
That principle seems increasingly lost amongst the legalistically
inclined (c.f. shoveling snow off the sidewalk in front of your house,
where owners were held liable if they had shoveled (i.e. took mitigating
action), but not if they didn't).  Sigh.






Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 28 Mar 2014 18:12:45 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Mar 28 14:12:45 2014
Received: from localhost ([127.0.0.1]:55103 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WTbGn-00037h-1H
	for submit <at> debbugs.gnu.org; Fri, 28 Mar 2014 14:12:45 -0400
Received: from mail-oa0-f48.google.com ([209.85.219.48]:45844)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <keescook@HIDDEN>) id 1WTbGk-00037V-HM
 for 17103 <at> debbugs.gnu.org; Fri, 28 Mar 2014 14:12:43 -0400
Received: by mail-oa0-f48.google.com with SMTP id m1so6510618oag.35
 for <17103 <at> debbugs.gnu.org>; Fri, 28 Mar 2014 11:12:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=h/edE4XXnf+JXpeED+uSx3MHQE9GpHMGk6A4owKCq6g=;
 b=JJ1KJcvZMPI3p1h3+NgAeEaIgjSP+ZxXZ82JRmKREPIqvGt26iI/brHJKDs+dVtbG8
 zDc2iPdHhIyQ+6BGntjV6Sr8mO+Tu7FbuJB98R+ODJhRiLYYja/dAk57rFfftYpTvUcT
 Vttkh1R00w+7SZrkcZn31536v3CP6s2Z4nnvP3g1F0Gf/PhOyObajKr3JaSlb84XFln8
 ArpI6KRE5rYBFVYADAa9y+98Fgbwb2mp19avVqiVvHhRxkat0PUYEJipDSTdJWHY1ezR
 bg1V+VjXml96jfR322nt3YXZ2TwOazVStPiLdKx54nyB6IDPIHmUJt7BSAMFTzFl8eSg
 g0YQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:cc:content-type;
 bh=h/edE4XXnf+JXpeED+uSx3MHQE9GpHMGk6A4owKCq6g=;
 b=LdbORHqPKJAIlYOOaZ6pv+HCI3ejBWfOsGADLeh1Cl5MYSomyR7r0FSv4Q0gGle62b
 CkA3OfY7HZMTYCXjIoX0aJaaDW1+NnHTkZ07UL3ytBywbIkxyU8nXjF6CnUsngAN1n7C
 LTguMU6Yp3jQsyGYB9D/9gWZ8DBUV3incLMGA81sQSRlNFJ4yywcSqfHbZs7bkQ2Yp9O
 f/apf5dtMQqLasfUqxfjaKUHB6VeviBbAsVB188Wmg7Vi6c7JUBTgMVWLXcqnjNCEjD0
 cCirQecTMbiOlgZ7LINCN+dLX0FtYTp4OPjNqORMEgSTOuP4JLHtfi027LmL64HCiNbr
 abqg==
X-Gm-Message-State: ALoCoQnxif4uOSu8OseSd9nLeW028cP+0WmJh30MvX8MiYZ/tQjY6bsFhagzxy+PANemVxT/DPUsLj8gay42ss53Ybcml+5LJj5tQifFL0C4Q9RbmXLJ2gZ0PpcgaTjoWaWXhrwvG4ZPd4yEFSYJP1TCsffWPS2/O6QR+4JMUuVBtBb5jsBXUOi0L1BikP4kWjSzxo4dqOQ1aPCp1GNWRCr6/u2vSi6Cgw==
MIME-Version: 1.0
X-Received: by 10.60.44.135 with SMTP id e7mr1426801oem.63.1396030361534; Fri,
 28 Mar 2014 11:12:41 -0700 (PDT)
Received: by 10.182.226.163 with HTTP; Fri, 28 Mar 2014 11:12:41 -0700 (PDT)
In-Reply-To: <5334DD91.5020802@HIDDEN>
References: <53331795.8080202@HIDDEN> <5333313E.6070105@HIDDEN>
 <533336B9.6070800@HIDDEN> <53333E8E.1030806@HIDDEN>
 <53334137.2050100@HIDDEN>
 <CAGXu5jJpjXEq9y3iXax8QUwx6D4BOA3zJ5j6rqGmdP4zmhOGAw@HIDDEN>
 <5334DD91.5020802@HIDDEN>
Date: Fri, 28 Mar 2014 11:12:41 -0700
Message-ID: <CAGXu5jLj9GxCPfqK3BCsNcPHDHrX+MaCpTHGrE=VEybfc=OUJg@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks, but tries to
 link to them (fail)
From: Kees Cook <keescook@HIDDEN>
To: Linda Walsh <coreutils@HIDDEN>
Content-Type: text/plain; charset=UTF-8
X-Spam-Score: -1.1 (-)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org, =?UTF-8?Q?P=C3=A1draig_Brady?= <P@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.1 (-)

On Thu, Mar 27, 2014 at 7:25 PM, Linda Walsh <coreutils@HIDDEN> wrote:
> Kees Cook wrote:
>> Yeah, it'd be nice if the symlink bits had meaning. However, relaxing
>> this check on the kernel side results in bad scenarios, especially
>> when combined with the symlink restrictions. e.g., creating a hardlink
>> to a symlink that matches the directory owner in /tmp. Now an attacker
>> controls the destination of a followable symlink.
>
> ---
> Huh?   A symlink doesn't act like an SUID  (or has that
> changed?)  -- if the object the symlink pointed to was write protected
> against the user, they would still be hard pressed to exploit it.
>
> How would having a pointer to the file (that still follows tree
> traversal rules - i.e - only allowing access to paths the user could
> gotten to anyway) confer new access rights to a user?

It's not the access rights, but usually a ToCToU and/or race condition
problem in /tmp with symlinks. An outstandingly large amount of
administrative software is written that dumps things into /tmp with
static names. An attack can take advantage of that by dropping a
symlink in place in /tmp and the software follows it and does things
like overwrites /etc/passwd. So, the symlink restriction logic
basically says "owner of symlink must match dir owner or uid of
follower".

So, allowing a hardlink to a symlink means that symlinks owned by the
target user could be hardlinked to in /tmp. The attack gets more and
more remote, but these kind of flaws are not unheard of.

Regardless, if your system isn't at risk for such attacks, makes sense
to turn if off if it's getting in your way. :)

-Kees

-- 
Kees Cook
Chrome OS Security




Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 28 Mar 2014 02:25:41 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 27 22:25:41 2014
Received: from localhost ([127.0.0.1]:53427 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WTMUF-0000Kz-Hx
	for submit <at> debbugs.gnu.org; Thu, 27 Mar 2014 22:25:40 -0400
Received: from ishtar.tlinx.org ([173.164.175.65]:48407)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <coreutils@HIDDEN>) id 1WTMU8-0000Km-Ks
 for 17103 <at> debbugs.gnu.org; Thu, 27 Mar 2014 22:25:33 -0400
Received: from [192.168.4.12] (Athenae [192.168.4.12])
 by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id
 s2S2PLBp032341; Thu, 27 Mar 2014 19:25:25 -0700
Message-ID: <5334DD91.5020802@HIDDEN>
Date: Thu, 27 Mar 2014 19:25:21 -0700
From: Linda Walsh <coreutils@HIDDEN>
User-Agent: Thunderbird
MIME-Version: 1.0
To: Kees Cook <keescook@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks,
 but tries to link to them (fail)
References: <53331795.8080202@HIDDEN>	<5333313E.6070105@HIDDEN>	<533336B9.6070800@HIDDEN>	<53333E8E.1030806@HIDDEN>	<53334137.2050100@HIDDEN>
 <CAGXu5jJpjXEq9y3iXax8QUwx6D4BOA3zJ5j6rqGmdP4zmhOGAw@HIDDEN>
In-Reply-To: <CAGXu5jJpjXEq9y3iXax8QUwx6D4BOA3zJ5j6rqGmdP4zmhOGAw@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: -0.4 (/)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org, Pádraig Brady <P@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.4 (/)


Some other thoughts on the rest...

Kees Cook wrote:
> Yeah, this is a poor interaction. The trouble with hardlinks is that
> they retain the original ownership.

> Seems like doing the fallback would serve most users best. Just keep
> it documented in the case of really weird stuff like above. Though
> this case of hardlink-copying a writable unowned tree is pretty
> unusual already! :)
---
	It was something that happened recently when I was
in a hurry to build a new tree -- permissions were failing so I
just made group root had write access (as was already in group
root).    So how it use to be, was that I didn't have write access
to the files, so I couldn't save edits w/o renaming the original
and then saving the edits as a new version.

	I spent more time tracking down the problem because I got
the error this time even with the group perms set... that lead me to
the hardlink->symlink practice...

	So the only reason I had write access was to get around
the first bits of this problem -- I wonder if they disallowed any
non-regular in a more recent update than when the other stuff went in.

	Either that or a package update from my vendor added the
default-on rule.

	I spent more time to investigate this time (as I
duped 3.13 -> 3.13.7 and applied patches) , because
I found that I didn't need to reapply a local patch to the last
kernel build w/new sources and that was because my changes now didn't
need to be made to a copy, but flowed right into the source tree for
any sub-releases dependent on that Maj-Min combo.  Oh well.  I.e.
I relied on the r/o access to keep myself inline... ;^).


> Yeah, it'd be nice if the symlink bits had meaning. However, relaxing
> this check on the kernel side results in bad scenarios, especially
> when combined with the symlink restrictions. e.g., creating a hardlink
> to a symlink that matches the directory owner in /tmp. Now an attacker
> controls the destination of a followable symlink.
---
Huh?   A symlink doesn't act like an SUID  (or has that
changed?)  -- if the object the symlink pointed to was write protected
against the user, they would still be hard pressed to exploit it.

How would having a pointer to the file (that still follows tree
traversal rules - i.e - only allowing access to paths the user could
gotten to anyway) confer new access rights to a user?






Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 28 Mar 2014 01:56:34 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 27 21:56:34 2014
Received: from localhost ([127.0.0.1]:53414 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WTM25-00083a-Sy
	for submit <at> debbugs.gnu.org; Thu, 27 Mar 2014 21:56:34 -0400
Received: from ishtar.tlinx.org ([173.164.175.65]:48020)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <coreutils@HIDDEN>) id 1WTM22-00083N-2B
 for 17103 <at> debbugs.gnu.org; Thu, 27 Mar 2014 21:56:31 -0400
Received: from [192.168.4.12] (Athenae [192.168.4.12])
 by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id
 s2S1uJEU021554; Thu, 27 Mar 2014 18:56:22 -0700
Message-ID: <5334D6C3.4080002@HIDDEN>
Date: Thu, 27 Mar 2014 18:56:19 -0700
From: Linda Walsh <coreutils@HIDDEN>
User-Agent: Thunderbird
MIME-Version: 1.0
To: Kees Cook <keescook@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks,
 but tries to link to them (fail)
References: <53331795.8080202@HIDDEN>	<5333313E.6070105@HIDDEN>	<533336B9.6070800@HIDDEN>	<53333E8E.1030806@HIDDEN>	<53334137.2050100@HIDDEN>
 <CAGXu5jJpjXEq9y3iXax8QUwx6D4BOA3zJ5j6rqGmdP4zmhOGAw@HIDDEN>
In-Reply-To: <CAGXu5jJpjXEq9y3iXax8QUwx6D4BOA3zJ5j6rqGmdP4zmhOGAw@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: -0.4 (/)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org, Pádraig Brady <P@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.4 (/)



Kees Cook wrote:

> Regardless of the outcome for "cp", it seems like turning off this
> restriction on the system you're doing this on would be the best
> short-term solution. It sounds like you're not using a Debian or
> Ubuntu system which carries defaults in /etc/sysctl.d/ files. 
----
	That where the user's mods can go.  There are 6 other
locations w/5 of those being directories to check.  Found the
culprit in /usr/lib/sysctl.d/50-defaults (comment inside was
'distribution defaults').

	So opensuse went with the other lemmings... and made it
a default. Have already reviewed and expunged unwanted settings.


Fedora's
> systemd likes to put defaults into /lib/sysctl.d, if that helps you
> track it down. I think systemd recognizes /etc/sysctl.d for overriding
> settings in /lib/sysctl.d, so you might be able to set it there
> instead.
----
	You might find they are moving it to /usr/lib as well --
supposedly that's why suse is doing it.





Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 27 Mar 2014 22:03:17 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 27 18:03:17 2014
Received: from localhost ([127.0.0.1]:53248 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WTIOK-00083l-2T
	for submit <at> debbugs.gnu.org; Thu, 27 Mar 2014 18:03:17 -0400
Received: from mail-ob0-f174.google.com ([209.85.214.174]:59953)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <keescook@HIDDEN>) id 1WTIKU-0007vC-Ks
 for 17103 <at> debbugs.gnu.org; Thu, 27 Mar 2014 17:59:19 -0400
Received: by mail-ob0-f174.google.com with SMTP id wo20so5008122obc.33
 for <17103 <at> debbugs.gnu.org>; Thu, 27 Mar 2014 14:59:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type:content-transfer-encoding;
 bh=zX1At2biO1qZ3ER9KiRWwvRwTGMfWPqIPjaSFggSgw8=;
 b=SpKtA1QEVsdPODDaDh1T1q50bXdKYVXx+gm8+NMUDjSBE9ppHuZLVIrHP+TGwesf+O
 PgxKk3NlMtsRe+LDa4ZgRdAzNfLYrdGE3ltWCH710NM0X85TlNZpxrghuXfAFG4Q7wvO
 MKIw9u0GcQbnCcadS2u4esUfl1qD63jnspbYOy0gU9OE9Eup+MWGozZeE9L04nlUBnkE
 YRchatpJ+bcgqRhowiTCvnrUjvXCIlIv8wnfZAjcvvFWhfHq7HffCwmeZanISznNgIpY
 xtRDmWGi36+jGhGhpYowEF9OdM11bkFeVYlKRbPgLA0kYlBH6210rud8BWglqEI3xIG2
 hhYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:cc:content-type
 :content-transfer-encoding;
 bh=zX1At2biO1qZ3ER9KiRWwvRwTGMfWPqIPjaSFggSgw8=;
 b=bo2EmSm1DTtQTrIc4GC4sFnqweITKIHc9WkcG+JBE62BaCWVqwiGFbfcfi/hbOCSCa
 BsqF3dsYjDG3XBfeFy5viDd5wOq6/V1C/sC7iTfyenyVCfEtFc8dHqARsoDZK30fHQYi
 OV8Px7eGpWN+TKPK91zVeIa5uzjP+DcDaILwIDt8O2WBb3mVBlQjFt2Q2fDNLVdAaCt8
 3CZRQMMA9NRBYA7emrQHba7UktV/EWx4iYMZPuQsc4N1Ju7xHNCvMAREnhAWwOAdnsNL
 kddlWbwT8rYB+k8Qmru8pqtqMyiiYQSmAmWzgimoJmwc61qITEtKBgdIIcwrRcbzUTwD
 4s4g==
X-Gm-Message-State: ALoCoQkTyZsahVs+TfRzqWE0FLpCnkhCVzNM6Tt9t1Z7z+yaHXxm2YodyT+GN5OMKuX7Ywock/5TJAZxYFfD84j3+HViy038O3upGb0OxYe+/Kudpi1mE+QXMlG55En4V84CnX77FoU+5ULQFQv9G2Bw7av6PEjoVH6ALS0yOAUkgJkA6W21dBDB89/tk0EnvuovXVS0i9EYe4NqYwHCvlWgHf2Dwdxtmw==
MIME-Version: 1.0
X-Received: by 10.182.22.135 with SMTP id d7mr3494818obf.1.1395957557688; Thu,
 27 Mar 2014 14:59:17 -0700 (PDT)
Received: by 10.182.226.163 with HTTP; Thu, 27 Mar 2014 14:59:17 -0700 (PDT)
In-Reply-To: <53334137.2050100@HIDDEN>
References: <53331795.8080202@HIDDEN> <5333313E.6070105@HIDDEN>
 <533336B9.6070800@HIDDEN> <53333E8E.1030806@HIDDEN>
 <53334137.2050100@HIDDEN>
Date: Thu, 27 Mar 2014 14:59:17 -0700
Message-ID: <CAGXu5jJpjXEq9y3iXax8QUwx6D4BOA3zJ5j6rqGmdP4zmhOGAw@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks, but tries to
 link to them (fail)
From: Kees Cook <keescook@HIDDEN>
To: Linda Walsh <coreutils@HIDDEN>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -1.1 (-)
X-Debbugs-Envelope-To: 17103
X-Mailman-Approved-At: Thu, 27 Mar 2014 18:03:14 -0400
Cc: 17103 <at> debbugs.gnu.org, =?UTF-8?Q?P=C3=A1draig_Brady?= <P@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.1 (-)

On Wed, Mar 26, 2014 at 2:05 PM, Linda Walsh <coreutils@HIDDEN> wrote:
>
>
> P=C3=A1draig Brady wrote:
>>
>> That is true, but I confirmed that this is caused by "protected_hardlink=
s"
>> Perhaps there is a blanket ban on symlinks if you're not the owner,
>> since the symlink could be later changed to point somewhere more
>> sensitive?
>> Kees do you know if this is the case?

Sorry for the delay; I was taking some vacation time.

>
> ---
>         If you have 'write' access to the symlink, I would say
> yes, if not, then no.  however, traditionally, the ownership and permissi=
ons
> on symlinks haven't been considered important.

Right, you found the code already, but just to answer it again:
currently the hardlink check rejects anything that isn't a regular
file if owners don't match:

static bool safe_hardlink_source(struct inode *inode)
{
       umode_t mode =3D inode->i_mode;

       /* Special files should not get pinned to the filesystem. */
       if (!S_ISREG(mode))
               return false;
...

But that only gets called if owners don't match:

       /* Source inode owner (or CAP_FOWNER) can hardlink all they like,
        * otherwise, it must be a safe source.
        */
       if (cred->fsuid =3D=3D inode->i_uid || safe_hardlink_source(inode) |=
|
           capable(CAP_FOWNER))
               return 0;

>         Still -- that I can link to a file but not a symlink is an
> obvious flaw in the implementation.  I.e. I have write access to the
> file -- so I should be able to link to it under their new rules,
> but I also have write access to the symlink as the mode bits are 777.
>
>         That's a bit bogus.  They are creating a special case where
> there shouldn't be one.  I'm the directory owner -- I should be able
> to create arbitrary 'entries' in the directory as I own the directory's
> content -- that's been the tradition interpretation.
>
>         Though the traditional rules never applied to symlinks -- and
> now they've come up with an incompatible access method for symlinks...
> If they really wanted to make them non-linkable, they should start
> recognizing the mode bits on the symlink (to change the content of the
> symlink -- which, in this case, is where it points).

Yeah, this is a poor interaction. The trouble with hardlinks is that
they retain the original ownership. This is what leads to the
"dangerous" security concerns for hardlinks. But in the symlink case,
thing are weird because they can only be created, not written.

P=C3=A1draig Brady wrote:
> Consider:
>
>  while sleep 1d; do
>    find source/ -links 1 | process_new_files_or_links
>    cp -al source/ snap_$(date +%s)/ || break
>  done
>
> If cp -al silently created symlinks as a fall back, then the above
> would continue to erroneously process existing symlinks.
> This could happen if an existing script is copied to a new system
> with /proc/sys/fs/protected_hardlinks enabled.
> This is my main concern with the fall back.  The inconsistency
> concern (with not also handling setuid files or fifos etc.) is
> valid also, but secondary as it's less likely and shouldn't
> cause a logic issue like above.
>
> Maybe the above case is a bit esoteric, but logic wise it's sound.
> Also this whole issue is a _little_ unusual anyway because usually
> it's the root user doing the cp -al, or the owner of source/

Seems like doing the fallback would serve most users best. Just keep
it documented in the case of really weird stuff like above. Though
this case of hardlink-copying a writable unowned tree is pretty
unusual already! :)

> Ideally the solution to this would be to adjust the symlinks in source/
> in such a way that one could hardlink them, or otherwise relax this
> restriction in the kernel.  That would be preferable as it would
> be available for all applications rather than placing possibly
> problematic workarounds in a single program.

Yeah, it'd be nice if the symlink bits had meaning. However, relaxing
this check on the kernel side results in bad scenarios, especially
when combined with the symlink restrictions. e.g., creating a hardlink
to a symlink that matches the directory owner in /tmp. Now an attacker
controls the destination of a followable symlink. It's just a really
poor interaction between hardlinks, symlinks, and sticky directories.
But if you don't run a system where you have to worry about /tmp races
and such, the protections are much less important.

Linda Walsh wrote:
> The above statement is no longer true on linux with
> the new feature -- which is enabled by default (I find nothing under
> '/etc/' that would change or references 'protected_' other

Regardless of the outcome for "cp", it seems like turning off this
restriction on the system you're doing this on would be the best
short-term solution. It sounds like you're not using a Debian or
Ubuntu system which carries defaults in /etc/sysctl.d/ files. Fedora's
systemd likes to put defaults into /lib/sysctl.d, if that helps you
track it down. I think systemd recognizes /etc/sysctl.d for overriding
settings in /lib/sysctl.d, so you might be able to set it there
instead.

-Kees

--=20
Kees Cook
Chrome OS Security




Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 27 Mar 2014 18:00:13 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 27 14:00:13 2014
Received: from localhost ([127.0.0.1]:53079 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WTEb6-0008Ek-89
	for submit <at> debbugs.gnu.org; Thu, 27 Mar 2014 14:00:12 -0400
Received: from ishtar.tlinx.org ([173.164.175.65]:59396)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <coreutils@HIDDEN>) id 1WTEb3-0008Do-CJ
 for 17103 <at> debbugs.gnu.org; Thu, 27 Mar 2014 14:00:10 -0400
Received: from [192.168.4.12] (Athenae [192.168.4.12])
 by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id
 s2RHxnCZ098807; Thu, 27 Mar 2014 10:59:53 -0700
Message-ID: <53346715.8010108@HIDDEN>
Date: Thu, 27 Mar 2014 10:59:49 -0700
From: Linda Walsh <coreutils@HIDDEN>
User-Agent: Thunderbird
MIME-Version: 1.0
To: Pádraig Brady <P@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks,
 but tries to link to them (fail)
References: <53331795.8080202@HIDDEN>	<53335928.1020206@HIDDEN>	<53336190.702@HIDDEN>	<533365C7.9090709@HIDDEN>	<533369AC.5090702@HIDDEN>	<53336DD0.7010203@HIDDEN>	<53337795.3040900@HIDDEN>	<53339385.7080202@HIDDEN>	<5333A556.1030109@HIDDEN>
 <5333AC9B.3030000@HIDDEN> <53340D77.3000501@HIDDEN>
 <53343159.7070704@HIDDEN> <5334416C.4070706@HIDDEN>
In-Reply-To: <5334416C.4070706@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.4 (/)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org, Paul Eggert <eggert@HIDDEN>,
 Eric Blake <eblake@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.4 (/)




Pádraig Brady wrote:
> On 03/27/2014 02:10 PM, Linda Walsh wrote:
>> But those are separate for how cp should behave on filesystems with varying,
>> "assumed" capabilities...(i.e. failing because one can't link to a symlink
>> when linking to symlinks isn't a requirement for this to be allowed on
>> systems that don't support symlinking at all).  I.e. as it stands, the ability
>> to hardlink to a file is dependent on what features and policies your
>> kernel has built in.  Cp should work as well as possible regardless of
>> those policies.
> 
> Agreed, but :)
> 
> Old systems that didn't support hardlinks to symlinks, would not depend
> on that functionality, and thus the workaround of creating new symlinks is OK.
> 
> Going forward, all systems will support hardlinks to symlinks
> and those systems might rely on that functionality.
----
	The above statement is no longer true on linux with
the new feature -- which is enabled by default (I find nothing under
'/etc/' that would change or references 'protected_' other
than some reference where it is in an ENV string, but nothing sets it
to 'on' @ boot.  I'll have to reboot my machine to find out for sure as
it's been up for 26 days....  but will **likely be out for the rest
of the day**.  Since some distro's are shipping it that way by default now,
the above statement doesn't always apply on linux-based systems.



> This is my main concern with the fall back.  The inconsistency
> concern (with not also handling setuid files or fifos etc.) is
> valid also, but secondary as it's less likely and shouldn't
> cause a logic issue like above.
---
	The above wouldn't work on a linux system 3 years ago
if the fs they ran that on was on a windows type file system
  -- an esoteric case, but possible -- It's not a very portable
construct to begin with.






Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 27 Mar 2014 15:19:24 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 27 11:19:24 2014
Received: from localhost ([127.0.0.1]:52909 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WTC5T-0001EQ-TM
	for submit <at> debbugs.gnu.org; Thu, 27 Mar 2014 11:19:24 -0400
Received: from mx1.redhat.com ([209.132.183.28]:25422)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <P@HIDDEN>) id 1WTC5R-0001EH-1Z
 for 17103 <at> debbugs.gnu.org; Thu, 27 Mar 2014 11:19:22 -0400
Received: from int-mx09.intmail.prod.int.phx2.redhat.com
 (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22])
 by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s2RFJBI8018820
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
 Thu, 27 Mar 2014 11:19:11 -0400
Received: from [10.36.116.70] (ovpn-116-70.ams2.redhat.com [10.36.116.70])
 by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id
 s2RFJ88H013135
 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO);
 Thu, 27 Mar 2014 11:19:10 -0400
Message-ID: <5334416C.4070706@HIDDEN>
Date: Thu, 27 Mar 2014 15:19:08 +0000
From: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= <P@HIDDEN>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:17.0) Gecko/20130110 Thunderbird/17.0.2
MIME-Version: 1.0
To: Linda Walsh <coreutils@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks,	but tries
 to link to them (fail)
References: <53331795.8080202@HIDDEN>	<53335928.1020206@HIDDEN>	<53336190.702@HIDDEN>	<533365C7.9090709@HIDDEN>	<533369AC.5090702@HIDDEN>	<53336DD0.7010203@HIDDEN>	<53337795.3040900@HIDDEN>	<53339385.7080202@HIDDEN>	<5333A556.1030109@HIDDEN>
 <5333AC9B.3030000@HIDDEN> <53340D77.3000501@HIDDEN>
 <53343159.7070704@HIDDEN>
In-Reply-To: <53343159.7070704@HIDDEN>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org, Paul Eggert <eggert@HIDDEN>,
 Eric Blake <eblake@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

On 03/27/2014 02:10 PM, Linda Walsh wrote:
> But those are separate for how cp should behave on filesystems with varying,
> "assumed" capabilities...(i.e. failing because one can't link to a symlink
> when linking to symlinks isn't a requirement for this to be allowed on
> systems that don't support symlinking at all).  I.e. as it stands, the ability
> to hardlink to a file is dependent on what features and policies your
> kernel has built in.  Cp should work as well as possible regardless of
> those policies.

Agreed, but :)

Old systems that didn't support hardlinks to symlinks, would not depend
on that functionality, and thus the workaround of creating new symlinks is OK.

Going forward, all systems will support hardlinks to symlinks
and those systems might rely on that functionality.

Consider:

  while sleep 1d; do
    find source/ -links 1 | process_new_files_or_links
    cp -al source/ snap_$(date +%s)/ || break
  done

If cp -al silently created symlinks as a fall back, then the above
would continue to erroneously process existing symlinks.
This could happen if an existing script is copied to a new system
with /proc/sys/fs/protected_hardlinks enabled.
This is my main concern with the fall back.  The inconsistency
concern (with not also handling setuid files or fifos etc.) is
valid also, but secondary as it's less likely and shouldn't
cause a logic issue like above.

Maybe the above case is a bit esoteric, but logic wise it's sound.
Also this whole issue is a _little_ unusual anyway because usually
it's the root user doing the cp -al, or the owner of source/

Ideally the solution to this would be to adjust the symlinks in source/
in such a way that one could hardlink them, or otherwise relax this
restriction in the kernel.  That would be preferable as it would
be available for all applications rather than placing possibly
problematic workarounds in a single program.

thanks,
Pádraig.




Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 27 Mar 2014 14:10:53 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 27 10:10:53 2014
Received: from localhost ([127.0.0.1]:52851 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WTB1A-0007eP-9Y
	for submit <at> debbugs.gnu.org; Thu, 27 Mar 2014 10:10:52 -0400
Received: from ishtar.tlinx.org ([173.164.175.65]:52804)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <coreutils@HIDDEN>) id 1WTB17-0007eF-Dt
 for 17103 <at> debbugs.gnu.org; Thu, 27 Mar 2014 10:10:50 -0400
Received: from [192.168.4.12] (Athenae [192.168.4.12])
 by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id
 s2REAXD1035312; Thu, 27 Mar 2014 07:10:36 -0700
Message-ID: <53343159.7070704@HIDDEN>
Date: Thu, 27 Mar 2014 07:10:33 -0700
From: Linda Walsh <coreutils@HIDDEN>
User-Agent: Thunderbird
MIME-Version: 1.0
To: Eric Blake <eblake@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks,
 but tries to link to them (fail)
References: <53331795.8080202@HIDDEN>	<53335928.1020206@HIDDEN>	<53336190.702@HIDDEN>	<533365C7.9090709@HIDDEN>	<533369AC.5090702@HIDDEN>	<53336DD0.7010203@HIDDEN>	<53337795.3040900@HIDDEN>	<53339385.7080202@HIDDEN>	<5333A556.1030109@HIDDEN>
 <5333AC9B.3030000@HIDDEN> <53340D77.3000501@HIDDEN>
In-Reply-To: <53340D77.3000501@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: -0.4 (/)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org, Paul Eggert <eggert@HIDDEN>, Pádraig Brady <P@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.4 (/)



Eric Blake wrote:
> On 03/26/2014 10:44 PM, Linda Walsh wrote:
> 
>> cp has a workaround for directories and it has exactly this
>> workaround on other OS that don't support hardlinking.
> 
> That "workaround" is behavior mandated by POSIX, and has existed prior
> to POSIX even being standardized.
> 
>> I don't see why this shouldn't be treated similarly to the
>> 2nd case, as the OS no longer supports hardlinking in as
>> many cases as it used to -- so why shouldn't it fall back?
> 
> It's better to not second guess the kernel; you may want to take this up
> on the kernel lists if you want something changed.
---
It's not second guessing -- it's responding to a lower capability (or less
privileged) environment.  It also depends on whether or not those features are 
turned on (i.e. by assigning 0/1 to 
/proc/sys/fs/paranoid_protected_{hard,soft}links).  AFAIK, my vendor may have 
them set somewhere in boot code I haven't audited ( -- I've never had a need to 
audit my startup code till they started forcing systemd down everyone's throat
and putting dummy wrapper calls in the sysVinit code).

I.e. they've converted it from a system where doing a 'cp -al' worked
reliably to one where it doesn't.  If it doesn't work reliably, then it seems 
the, *cough*, posix mandate should followed....

But the outcome would be that cp would still just work -- just within the
bounds of what it is allowed to do.  Instead the attitude seems to be, gosh
if we can't have it the way it was, we shouldn't try to have it all.

The kernel bug is a separate issue -- since I CAN link to the file (permissions
allow it), but the same permissions on the link are ignored.

Note -- I grant that permissions ANd ownership on symlinks have always
been ignored (at least in experience), but if they are going to start
using permissions to enable/disallow hardlinking, maybe they shouldn't carve
out a special exception for symlinks.

But those are separate for how cp should behave on filesystems with varying,
"assumed" capabilities...(i.e. failing because one can't link to a symlink
when linking to symlinks isn't a requirement for this to be allowed on
systems that don't support symlinking at all).  I.e. as it stands, the ability
to hardlink to a file is dependent on what features and policies your
kernel has built in.  Cp should work as well as possible regardless of
those policies.

I.e. what is the posix policy for handling linking requests when the OS has 
disabled them?  If they wanted to disable copying the tree, they would make
it non-readable.









Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 27 Mar 2014 11:37:39 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 27 07:37:39 2014
Received: from localhost ([127.0.0.1]:51818 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WT8cs-0003C4-Sy
	for submit <at> debbugs.gnu.org; Thu, 27 Mar 2014 07:37:39 -0400
Received: from mx1.redhat.com ([209.132.183.28]:39204)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <eblake@HIDDEN>) id 1WT8co-0003Bq-CA
 for 17103 <at> debbugs.gnu.org; Thu, 27 Mar 2014 07:37:36 -0400
Received: from int-mx09.intmail.prod.int.phx2.redhat.com
 (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22])
 by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s2RBbSud016324
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
 Thu, 27 Mar 2014 07:37:29 -0400
Received: from [10.3.113.70] (ovpn-113-70.phx2.redhat.com [10.3.113.70])
 by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id
 s2RBbRQg024698; Thu, 27 Mar 2014 07:37:28 -0400
Message-ID: <53340D77.3000501@HIDDEN>
Date: Thu, 27 Mar 2014 05:37:27 -0600
From: Eric Blake <eblake@HIDDEN>
Organization: Red Hat, Inc.
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Linda Walsh <coreutils@HIDDEN>, Paul Eggert <eggert@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks, but tries
 to link to them (fail)
References: <53331795.8080202@HIDDEN>	<53335928.1020206@HIDDEN>	<53336190.702@HIDDEN>	<533365C7.9090709@HIDDEN>
 <533369AC.5090702@HIDDEN>	<53336DD0.7010203@HIDDEN>
 <53337795.3040900@HIDDEN>	<53339385.7080202@HIDDEN>
 <5333A556.1030109@HIDDEN> <5333AC9B.3030000@HIDDEN>
In-Reply-To: <5333AC9B.3030000@HIDDEN>
X-Enigmail-Version: 1.6
OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="58dCdLM6ExA47pHpX0K9lfeCFGak89s8X"
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22
X-Spam-Score: -5.4 (-----)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org, =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= <P@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.4 (-----)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--58dCdLM6ExA47pHpX0K9lfeCFGak89s8X
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 03/26/2014 10:44 PM, Linda Walsh wrote:

>=20
> cp has a workaround for directories and it has exactly this
> workaround on other OS that don't support hardlinking.

That "workaround" is behavior mandated by POSIX, and has existed prior
to POSIX even being standardized.

>=20
> I don't see why this shouldn't be treated similarly to the
> 2nd case, as the OS no longer supports hardlinking in as
> many cases as it used to -- so why shouldn't it fall back?

It's better to not second guess the kernel; you may want to take this up
on the kernel lists if you want something changed.

--=20
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


--58dCdLM6ExA47pHpX0K9lfeCFGak89s8X
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJTNA13AAoJEKeha0olJ0NqmdsIAK2JeRQhG3OKNnH2kJEqPBGl
sSqEpVBOx/IU5pk7y1GIOOz8zVSLfYqDJVfglih67IczULbpQf0Tez2KbmXGqapL
kF043gcRRyzhjWWfhBtqPTeTz14xTNRNbqjM2Fx4ch/snwOavxY4p6KOXV2OWeII
uaLeMOohsyRXZMYevU1HJKN2C70A+ZJuzVYGxOxVHQjyCyzRCryjXkjap5a4nbeK
VuGU5yG2r+HUZzO5uIRYRn4sLnedZlEVo1x+c5xRUEkpFSE1xowKit3V+o1C8PLq
mH+43rcPqc91rqsgCLewxxCWhhrshh/hhwhOY5t7cEClZBxJb9GV0L8FKZkCSGg=
=G75S
-----END PGP SIGNATURE-----

--58dCdLM6ExA47pHpX0K9lfeCFGak89s8X--




Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 27 Mar 2014 04:44:30 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 27 00:44:30 2014
Received: from localhost ([127.0.0.1]:51638 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WT2B3-0007EM-VY
	for submit <at> debbugs.gnu.org; Thu, 27 Mar 2014 00:44:30 -0400
Received: from ishtar.tlinx.org ([173.164.175.65]:36775)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <coreutils@HIDDEN>) id 1WT2B0-0007E9-Q2
 for 17103 <at> debbugs.gnu.org; Thu, 27 Mar 2014 00:44:28 -0400
Received: from [192.168.4.12] (Athenae [192.168.4.12])
 by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id
 s2R4iDqu079667; Wed, 26 Mar 2014 21:44:16 -0700
Message-ID: <5333AC9B.3030000@HIDDEN>
Date: Wed, 26 Mar 2014 21:44:11 -0700
From: Linda Walsh <coreutils@HIDDEN>
User-Agent: Thunderbird
MIME-Version: 1.0
To: Paul Eggert <eggert@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks,
 but tries to link to them (fail)
References: <53331795.8080202@HIDDEN>
 <53335928.1020206@HIDDEN>	<53336190.702@HIDDEN>
 <533365C7.9090709@HIDDEN> <533369AC.5090702@HIDDEN>
 <53336DD0.7010203@HIDDEN> <53337795.3040900@HIDDEN>
 <53339385.7080202@HIDDEN> <5333A556.1030109@HIDDEN>
In-Reply-To: <5333A556.1030109@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.4 (/)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org, Pádraig Brady <P@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.4 (/)



Paul Eggert wrote:
> Pádraig Brady wrote:
>> I'm not sure there is anything we should do here.
> 
> I looked at <http://lwn.net/Articles/503671/> and as far as I can tell 
> symlinks are vulnerable to none of the attacks they mention, because 
> symlinks are unalterable.  However, the non-symlink hardlink attacks are 
> a real problem, and it would seem silly for cp -al to have a workaround 
> for symlinks (which I expect we can do reasonably safely) when cp can't 
> and shouldn't try to have a workaround for anything else.
---
No?

Why couldn't it create a device or other object under the user
account?

I.e. if I use a fifo in my build process at the top, -- all
that I need is for it to exist -- it doesn't need to be
and probably shouldn't be a hardlink.

cp has a workaround for directories and it has exactly this
workaround on other OS that don't support hardlinking.

I don't see why this shouldn't be treated similarly to the
2nd case, as the OS no longer supports hardlinking in as
many cases as it used to -- so why shouldn't it fall back?

If the user is IN a group that is setGID, then it can
be recreated under their UID, if it is another USER...
again, that might not be what is needed -- maybe it needs
to be the user who created the tree.

It is possible to work around most of those cases if not all.

But most important -- what % usage are those use cases for
cp -al?   I.e. copying tree's w/devices FIFOS et al that are
owned by someone else?

The dirs+files (regular) are the normal case, symlinks
can be done because it makes sense, the rest, I think should
be there as well, but don't care about as much.


> So I'm with you; let's leave this one alone.
---
core utils are becoming less functional and less core
with every new feature.  If you aren't flexible you'll
eventually have next to nada.






Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 27 Mar 2014 04:31:23 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 27 00:31:23 2014
Received: from localhost ([127.0.0.1]:51621 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WT1yM-0006mJ-Gh
	for submit <at> debbugs.gnu.org; Thu, 27 Mar 2014 00:31:22 -0400
Received: from ishtar.tlinx.org ([173.164.175.65]:36453)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <coreutils@HIDDEN>) id 1WT1yJ-0006mA-GK
 for 17103 <at> debbugs.gnu.org; Thu, 27 Mar 2014 00:31:20 -0400
Received: from [192.168.4.12] (Athenae [192.168.4.12])
 by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id
 s2R4V6rE073501; Wed, 26 Mar 2014 21:31:10 -0700
Message-ID: <5333A988.8070004@HIDDEN>
Date: Wed, 26 Mar 2014 21:31:04 -0700
From: Linda Walsh <coreutils@HIDDEN>
User-Agent: Thunderbird
MIME-Version: 1.0
To: Pádraig Brady <P@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks,
 but tries to link to them (fail)
References: <53331795.8080202@HIDDEN>
 <53335928.1020206@HIDDEN>	<53336190.702@HIDDEN>
 <533365C7.9090709@HIDDEN> <533369AC.5090702@HIDDEN>
 <53336DD0.7010203@HIDDEN> <53337795.3040900@HIDDEN>
 <53339385.7080202@HIDDEN> <53339B97.7040408@HIDDEN>
In-Reply-To: <53339B97.7040408@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.4 (/)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org, Paul Eggert <eggert@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.4 (/)



Pádraig Brady wrote:
> On 03/27/2014 02:57 AM, Pádraig Brady wrote:
> 
>> I've attached a patch for illustration.
>>
>> However I don't like it because it doesn't deal with,
>> 1. fifos, device files, setuid regular files, nor,
>> 2. relative symlinks that traverse outside the copied hierarchy.
> 
> Actually point 2 isn't specific to this issue at all,
> so forget about that disadvantage.
---
And it isn't really a problem.

Many times you'll see a link outside the hierarchy to a
directory or such -- even a file -- rather than including
it in dir -- because hardlinks are often not practical.
(cross devs...etc).  As for relative links outside the tree
they'd still work too if you are making a copy parallel in
the same tree.  I have these little gems in my
linux source/build tree:
lrwxrwxrwx  1     15 Jun 26  2010 clean_tree -> kbin/clean_tree*
lrwxrwxrwx  1     15 Jun 26  2010 doit -> kbin/install_it*
lrwxrwxrwx  1     15 Jun 26  2010 install_it -> kbin/install_it*
lrwxrwxrwx  1     11 Feb 28  2013 kbin -> ../law/kbin/
lrwxrwxrwx  1      8 Mar 26 20:52 linux -> ish-3137/
lrwxrwxrwx  1     16 Jun 26  2010 list_source -> kbin/list_source*
---
But also for # of kernels,
> ls -1d asa-* ish-* linux-*|wc -l
64

At over 300 to now over 500MB/tree that would be alot of wasted space if
they were not linked, but linked, even diff versions are relatively small:

because of tree linking:

     With            W/o
567M  ish-3101   567M  ish-3101
12M   ish-3102   567M  ish-3102
25M   ish-3105   567M  ish-3105
27M   ish-3106   567M  ish-3106
27M   ish-3107   567M  ish-3107
475M  ish-311    581M  ish-311
18M   ish-3113   581M  ish-3113
25M   ish-3116   579M  ish-3116
----  -----      ----  --------
1.1G  TOTAL      4.5G  TOTAL

the only reason I can keep so many copies is most of it is duplicate
info...






Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 27 Mar 2014 04:13:16 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 27 00:13:16 2014
Received: from localhost ([127.0.0.1]:51615 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WT1gp-0006IT-6J
	for submit <at> debbugs.gnu.org; Thu, 27 Mar 2014 00:13:15 -0400
Received: from smtp.cs.ucla.edu ([131.179.128.62]:57911)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <eggert@HIDDEN>) id 1WT1gm-0006IH-7L
 for 17103 <at> debbugs.gnu.org; Thu, 27 Mar 2014 00:13:13 -0400
Received: from localhost (localhost.localdomain [127.0.0.1])
 by smtp.cs.ucla.edu (Postfix) with ESMTP id 6452739E801C;
 Wed, 26 Mar 2014 21:13:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu
Received: from smtp.cs.ucla.edu ([127.0.0.1])
 by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id GUjMXnEbGiNM; Wed, 26 Mar 2014 21:13:10 -0700 (PDT)
Received: from [192.168.1.9] (pool-108-0-233-62.lsanca.fios.verizon.net
 [108.0.233.62])
 by smtp.cs.ucla.edu (Postfix) with ESMTPSA id 7943239E8008;
 Wed, 26 Mar 2014 21:13:10 -0700 (PDT)
Message-ID: <5333A556.1030109@HIDDEN>
Date: Wed, 26 Mar 2014 21:13:10 -0700
From: Paul Eggert <eggert@HIDDEN>
Organization: UCLA Computer Science Department
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= <P@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks, but tries
 to link to them (fail)
References: <53331795.8080202@HIDDEN>
 <53335928.1020206@HIDDEN>	<53336190.702@HIDDEN>
 <533365C7.9090709@HIDDEN> <533369AC.5090702@HIDDEN>
 <53336DD0.7010203@HIDDEN> <53337795.3040900@HIDDEN>
 <53339385.7080202@HIDDEN>
In-Reply-To: <53339385.7080202@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.7 (--)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org, Linda Walsh <coreutils@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.7 (--)

Pádraig Brady wrote:
> I'm not sure there is anything we should do here.

I looked at <http://lwn.net/Articles/503671/> and as far as I can tell 
symlinks are vulnerable to none of the attacks they mention, because 
symlinks are unalterable.  However, the non-symlink hardlink attacks are 
a real problem, and it would seem silly for cp -al to have a workaround 
for symlinks (which I expect we can do reasonably safely) when cp can't 
and shouldn't try to have a workaround for anything else.

So I'm with you; let's leave this one alone.




Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 27 Mar 2014 03:41:16 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 26 23:41:16 2014
Received: from localhost ([127.0.0.1]:51608 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WT1Br-0005Sh-LT
	for submit <at> debbugs.gnu.org; Wed, 26 Mar 2014 23:41:16 -0400
Received: from ishtar.tlinx.org ([173.164.175.65]:35019)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <coreutils@HIDDEN>) id 1WT1Bo-0005SW-Jx
 for 17103 <at> debbugs.gnu.org; Wed, 26 Mar 2014 23:41:13 -0400
Received: from [192.168.4.12] (Athenae [192.168.4.12])
 by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id
 s2R3evoK041698; Wed, 26 Mar 2014 20:41:02 -0700
Message-ID: <53339DC8.9060304@HIDDEN>
Date: Wed, 26 Mar 2014 20:40:56 -0700
From: Linda Walsh <coreutils@HIDDEN>
User-Agent: Thunderbird
MIME-Version: 1.0
To: Pádraig Brady <P@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks,
 but tries to link to them (fail)
References: <53331795.8080202@HIDDEN>
 <53335928.1020206@HIDDEN>	<53336190.702@HIDDEN>
 <533365C7.9090709@HIDDEN> <533369AC.5090702@HIDDEN>
 <53336DD0.7010203@HIDDEN> <53337795.3040900@HIDDEN>
 <53339385.7080202@HIDDEN>
In-Reply-To: <53339385.7080202@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.4 (/)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org, Paul Eggert <eggert@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.4 (/)



Pádraig Brady wrote:
> I think I see the reason for excluding symlinks here.
> It's so one is able to remove a sensitive symlink and know there
> are no more links to it that could be later replaced back.
> Allowing that could bypass subsequent "protected_symlinks" checks.
---
What would a 'sensitive symlink' be?

I.e. AFAIK, any user can create a symlink to any file in
a directory they own.  That doesn't give any privilege that
I am aware of -- it's just a "shortcut" to the file.

hardlinks, I could see a that since the user is incrementing
(and changing the link count in the inode), they'll end up
changing the CTIME value -- before, nothing controlled that.


> 
> Now we could fall back to creating separate symlinks,
> like we do on systems that don't support hard links to symlinks.
----
In my case, that's 1) what I thought it was doing, 2) all that is
needed, as I'm using the 2nd area as a build-tree.  I wanted
the source files r/o (i.e. I'd prefer I not have write access so I
don't accidently change the sources in the source tree.

But I didn't even think about this problem when I first encountered
it -- I just made sure setGID was set on the dirs and made sure
they were group writeable.

Of course, IMO, I'm less protected than I was before, as before,
I'd have to explicity su/sudo to root to change a root-owned file.
But now.. I can just write to it because I've ensured group has
write.


> This could be useful given that these less security
> sensitive symlinks might be just as useful to the user.
> I've attached a patch for illustration.
----
The security wasn't an issue until the changes went in ..
couldn't be that long ago.. but don't know.


> 
> However I don't like it because it doesn't deal with,
> 1. fifos, device files, setuid regular files, nor,
> 2. relative symlinks that traverse outside the copied hierarchy.
----
	Well, that's ok ..... I'm not using it to create a mirror.
Just a linked copy that if I want to change a source file, I have
had to move the original out of the way to save any edits.  Which now
I don't... wonderful.	
	But for devices, at least, recreating the same device
by Maj,Min & type would be fine for the purpose you mention.

Not sure how often people use that to mirror.. certainly one wouldn't
normally think to link to a device in /dev:

> ln /dev/zero xxx
ln: failed to create hard link ‘xxx’ => ‘/dev/zero’: Invalid cross-device link

If it is in my own directory, it works, but not sure if I care...
Fifos are a bit different, no?  Aren't they uniq /path?

But still, if I was doing a copy of something that was
uniq, I wouldn't expect to be able to do anything other than
make a symlink to it somewhere.

suidfiles... someone might expect that.. but its never been a feature
I've relied on, since almost any change used to turn off the suid feature
and require explicitly resetting it... but it appears that isn't
true now either.




> 3. Also if you were using `cp -al source mirror`, and subsequently
> wanted to use the link count to see what was added in source,
> then symlinks having a link count of only 1 would mess that up.
----
	Um... if you are trying to use cp -al source mirror and you
can't copy the symlink (or create a symlink to it), the issue is
moot.

I.e. I think the proposal.. and what I thought cp already, effectively
did, was link to what was linkable and copy the rest.

It doesn't' link to directories either -- which some OS's allow,
does that mean take it out for files?  If the OS disallows a 'linkto'
action, then it would be sensible to at least try to make a copy of it

If I really want an exact copy, I'd su to root and probably use
a dump & restore...


> 
> So given this is a system security policy that's restricting the operation,
> and falling back to a less security sensitive operation has at least
> the above 3 disadvantages, I'm not sure there is anything we should do here.
---
	What disadvantages?   If cp already does this on systems
that don't support hardlinking, that's what we have here.  linux
has changed, and no longer allows except under special circumstances.

	Given that, as close a copy ("-a" should be made)...
I.e. I want cp to do, *literally* what the manpage says...

create a copy, but link to files (which posix can redefine to include
directories -- but it would change whether or not linux could link
to them).   I don't consider the devices/fifos etc. to be files.
They are types of FS objects but a file is something that holds data
(by common understanding, not posix "new speak").

goto google and type in "what is a file"...

It's a resource for storing information... a collection of data or
information...etc.  That doesn't really include sockets, fifos, pipes
and devices...

Except for the setuid issue -- but even there -- if the user is in
the affected group, that should be mutated into a copy as well.

Since you mention that making copies is what is already done in
situations where the OS doesn't support it, I can't see why you wouldn't
do that here.







> 
> thanks,
> Pádraig.
> 




Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 27 Mar 2014 03:31:47 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 26 23:31:47 2014
Received: from localhost ([127.0.0.1]:51603 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WT12g-0005DJ-9d
	for submit <at> debbugs.gnu.org; Wed, 26 Mar 2014 23:31:46 -0400
Received: from mx1.redhat.com ([209.132.183.28]:44905)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <P@HIDDEN>) id 1WT12a-0005D3-Lh
 for 17103 <at> debbugs.gnu.org; Wed, 26 Mar 2014 23:31:41 -0400
Received: from int-mx01.intmail.prod.int.phx2.redhat.com
 (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11])
 by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s2R3Vdpp021425
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
 Wed, 26 Mar 2014 23:31:39 -0400
Received: from [10.36.116.32] (ovpn-116-32.ams2.redhat.com [10.36.116.32])
 by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id
 s2R3Va1O030795
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
 Wed, 26 Mar 2014 23:31:37 -0400
Message-ID: <53339B97.7040408@HIDDEN>
Date: Thu, 27 Mar 2014 03:31:35 +0000
From: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= <P@HIDDEN>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:17.0) Gecko/20130110 Thunderbird/17.0.2
MIME-Version: 1.0
To: Paul Eggert <eggert@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks, but tries
 to link to them (fail)
References: <53331795.8080202@HIDDEN>
 <53335928.1020206@HIDDEN>	<53336190.702@HIDDEN>
 <533365C7.9090709@HIDDEN> <533369AC.5090702@HIDDEN>
 <53336DD0.7010203@HIDDEN> <53337795.3040900@HIDDEN>
 <53339385.7080202@HIDDEN>
In-Reply-To: <53339385.7080202@HIDDEN>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org, Linda Walsh <coreutils@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

On 03/27/2014 02:57 AM, Pádraig Brady wrote:

> I've attached a patch for illustration.
> 
> However I don't like it because it doesn't deal with,
> 1. fifos, device files, setuid regular files, nor,
> 2. relative symlinks that traverse outside the copied hierarchy.

Actually point 2 isn't specific to this issue at all,
so forget about that disadvantage.

> 3. Also if you were using `cp -al source mirror`, and subsequently
> wanted to use the link count to see what was added in source,
> then symlinks having a link count of only 1 would mess that up.
> 
> So given this is a system security policy that's restricting the operation,
> and falling back to a less security sensitive operation has at least
> the above 3 disadvantages, I'm not sure there is anything we should do here.





Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 27 Mar 2014 02:57:20 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 26 22:57:20 2014
Received: from localhost ([127.0.0.1]:51599 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WT0VL-0004IH-A7
	for submit <at> debbugs.gnu.org; Wed, 26 Mar 2014 22:57:19 -0400
Received: from mx1.redhat.com ([209.132.183.28]:9112)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <P@HIDDEN>) id 1WT0VH-0004I3-Bh
 for 17103 <at> debbugs.gnu.org; Wed, 26 Mar 2014 22:57:16 -0400
Received: from int-mx01.intmail.prod.int.phx2.redhat.com
 (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11])
 by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s2R2vCua025999
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
 Wed, 26 Mar 2014 22:57:13 -0400
Received: from [10.36.116.32] (ovpn-116-32.ams2.redhat.com [10.36.116.32])
 by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id
 s2R2v9L1018834
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
 Wed, 26 Mar 2014 22:57:11 -0400
Message-ID: <53339385.7080202@HIDDEN>
Date: Thu, 27 Mar 2014 02:57:09 +0000
From: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= <P@HIDDEN>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:17.0) Gecko/20130110 Thunderbird/17.0.2
MIME-Version: 1.0
To: Paul Eggert <eggert@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks, but tries
 to link to them (fail)
References: <53331795.8080202@HIDDEN>
 <53335928.1020206@HIDDEN>	<53336190.702@HIDDEN>
 <533365C7.9090709@HIDDEN> <533369AC.5090702@HIDDEN>
 <53336DD0.7010203@HIDDEN> <53337795.3040900@HIDDEN>
In-Reply-To: <53337795.3040900@HIDDEN>
X-Enigmail-Version: 1.6
Content-Type: multipart/mixed; boundary="------------070908060609080609080802"
X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org, Linda Walsh <coreutils@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

This is a multi-part message in MIME format.
--------------070908060609080609080802
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

On 03/27/2014 12:57 AM, Paul Eggert wrote:
> Linda Walsh wrote:
>> if for some reason a symlink
>> cannot be linked to, then the symlink should be copied (not what
>> the symlink is pointing to, but the actual contents of the symlink
>> inode -- i.e. the redirection path).
> 
> Sure, but that's asking for different functionality than what's documented, and it's possible that others are relying on the documented behavior, so it's not clear how to proceed here.  Perhaps cp needs yet another option.  I hope not.

So this is a tricky one.

The specific restrictions with "protected_hardlinks" are at:
  http://lxr.linux.no/linux+v3.13.5/fs/namei.c#L751
One can see there that for files you don't own.
you can only hardlink them if they're non setuid regular files,
and if you can read and write them. So that excludes symlinks,
and fifos etc. as we've seen.

I think I see the reason for excluding symlinks here.
It's so one is able to remove a sensitive symlink and know there
are no more links to it that could be later replaced back.
Allowing that could bypass subsequent "protected_symlinks" checks.

Now we could fall back to creating separate symlinks,
like we do on systems that don't support hard links to symlinks.
This could be useful given that these less security
sensitive symlinks might be just as useful to the user.
I've attached a patch for illustration.

However I don't like it because it doesn't deal with,
1. fifos, device files, setuid regular files, nor,
2. relative symlinks that traverse outside the copied hierarchy.
3. Also if you were using `cp -al source mirror`, and subsequently
wanted to use the link count to see what was added in source,
then symlinks having a link count of only 1 would mess that up.

So given this is a system security policy that's restricting the operation,
and falling back to a less security sensitive operation has at least
the above 3 disadvantages, I'm not sure there is anything we should do here.

thanks,
Pádraig.

--------------070908060609080609080802
Content-Type: text/x-patch;
 name="cp-handle-protected-hardlinks.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="cp-handle-protected-hardlinks.diff"

diff --git a/src/copy.c b/src/copy.c
index 71813dc..7b12337 100644
--- a/src/copy.c
+++ b/src/copy.c
@@ -1676,7 +1676,7 @@ restore_default_fscreatecon_or_die (void)
    will be created as a symbolic link to SRC_NAME.  */
 static bool
 create_hard_link (char const *src_name, char const *dst_name,
-                  bool replace, bool verbose, bool dereference)
+                  bool replace, bool verbose, bool dereference, bool simulate)
 {
   /* We want to guarantee that symlinks are not followed, unless requested.  */
   int flags = 0;
@@ -1703,7 +1703,8 @@ create_hard_link (char const *src_name, char const *dst_name,
 
   if (link_failed)
     {
-      error (0, errno, _("cannot create hard link %s to %s"),
+      if (errno != EPERM || ! simulate)
+        error (0, errno, _("cannot create hard link %s to %s"),
              quote_n (0, dst_name), quote_n (1, src_name));
       return false;
     }
@@ -1877,7 +1878,7 @@ copy_internal (char const *src_name, char const *dst_name,
                       /* Note we currently replace DST_NAME unconditionally,
                          even if it was a newer separate file.  */
                       if (! create_hard_link (earlier_file, dst_name, true,
-                                              x->verbose, dereference))
+                                              x->verbose, dereference, false))
                         {
                           goto un_backup;
                         }
@@ -2207,7 +2208,7 @@ copy_internal (char const *src_name, char const *dst_name,
       else
         {
           if (! create_hard_link (earlier_file, dst_name, true, x->verbose,
-                                  dereference))
+                                  dereference, false))
             goto un_backup;
 
           return true;
@@ -2505,8 +2506,14 @@ copy_internal (char const *src_name, char const *dst_name,
            && !(! CAN_HARDLINK_SYMLINKS && S_ISLNK (src_mode)
                 && x->dereference == DEREF_NEVER))
     {
-      if (! create_hard_link (src_name, dst_name, false, false, dereference))
-        goto un_backup;
+      bool can_simulate = S_ISLNK (src_mode);
+      if (! create_hard_link (src_name, dst_name, false, false, dereference,
+                              can_simulate))
+        {
+          if (errno == EPERM && can_simulate)
+            goto skip_hardlink;
+          goto un_backup;
+        }
     }
   else if (S_ISREG (src_mode)
            || (x->copy_as_regular && !S_ISLNK (src_mode)))
@@ -2549,6 +2556,7 @@ copy_internal (char const *src_name, char const *dst_name,
         }
     }
   else if (S_ISLNK (src_mode))
+  skip_hardlink:
     {
       char *src_link_val = areadlink_with_size (src_name, src_sb.st_size);
       dest_is_symlink = true;

--------------070908060609080609080802--




Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 27 Mar 2014 00:58:03 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 26 20:58:03 2014
Received: from localhost ([127.0.0.1]:51520 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WSydu-00015b-92
	for submit <at> debbugs.gnu.org; Wed, 26 Mar 2014 20:58:02 -0400
Received: from smtp.cs.ucla.edu ([131.179.128.62]:46407)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <eggert@HIDDEN>) id 1WSydr-00015A-Pv
 for 17103 <at> debbugs.gnu.org; Wed, 26 Mar 2014 20:58:00 -0400
Received: from localhost (localhost.localdomain [127.0.0.1])
 by smtp.cs.ucla.edu (Postfix) with ESMTP id BDBFB39E8011;
 Wed, 26 Mar 2014 17:57:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu
Received: from smtp.cs.ucla.edu ([127.0.0.1])
 by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id XeUWkizVEvST; Wed, 26 Mar 2014 17:57:58 -0700 (PDT)
Received: from [192.168.1.9] (pool-108-0-233-62.lsanca.fios.verizon.net
 [108.0.233.62])
 by smtp.cs.ucla.edu (Postfix) with ESMTPSA id 46C0E39E8008;
 Wed, 26 Mar 2014 17:57:58 -0700 (PDT)
Message-ID: <53337795.3040900@HIDDEN>
Date: Wed, 26 Mar 2014 17:57:57 -0700
From: Paul Eggert <eggert@HIDDEN>
Organization: UCLA Computer Science Department
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Linda Walsh <coreutils@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks, but tries
 to link to them (fail)
References: <53331795.8080202@HIDDEN>
 <53335928.1020206@HIDDEN>	<53336190.702@HIDDEN>
 <533365C7.9090709@HIDDEN> <533369AC.5090702@HIDDEN>
 <53336DD0.7010203@HIDDEN>
In-Reply-To: <53336DD0.7010203@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: -2.7 (--)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.7 (--)

Linda Walsh wrote:
> if for some reason a symlink
> cannot be linked to, then the symlink should be copied (not what
> the symlink is pointing to, but the actual contents of the symlink
> inode -- i.e. the redirection path).

Sure, but that's asking for different functionality than what's 
documented, and it's possible that others are relying on the documented 
behavior, so it's not clear how to proceed here.  Perhaps cp needs yet 
another option.  I hope not.




Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 27 Mar 2014 00:16:32 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 26 20:16:32 2014
Received: from localhost ([127.0.0.1]:51515 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WSxzj-0008PZ-G9
	for submit <at> debbugs.gnu.org; Wed, 26 Mar 2014 20:16:31 -0400
Received: from ishtar.tlinx.org ([173.164.175.65]:57433)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <coreutils@HIDDEN>) id 1WSxzg-0008PP-Es
 for 17103 <at> debbugs.gnu.org; Wed, 26 Mar 2014 20:16:30 -0400
Received: from [192.168.4.12] (Athenae [192.168.4.12])
 by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id
 s2R0GIVL047250; Wed, 26 Mar 2014 17:16:21 -0700
Message-ID: <53336DD0.7010203@HIDDEN>
Date: Wed, 26 Mar 2014 17:16:16 -0700
From: Linda Walsh <coreutils@HIDDEN>
User-Agent: Thunderbird
MIME-Version: 1.0
To: Paul Eggert <eggert@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks,
 but tries to link to them (fail)
References: <53331795.8080202@HIDDEN>
 <53335928.1020206@HIDDEN>	<53336190.702@HIDDEN>
 <533365C7.9090709@HIDDEN> <533369AC.5090702@HIDDEN>
In-Reply-To: <533369AC.5090702@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.4 (/)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.4 (/)



Paul Eggert wrote:
> I've managed to reproduce the problem on Fedora 20.  It indeed is a 
> kernel thing having to do with security.  Not only can 'cp' not create 
> hardlinks to symlinks; it also can't create hardlinks to regular files. 
----
Actually, we've already verified that creating hardlinks to regular
files works because I have write access to the file I am linking to.

I also have write access to the symlink if you look at the mode-bits.

Pádraig Brady also verified this.

There is more than one problem or issue here.

The part that is in coreutils is that if for some reason a symlink
cannot be linked to, then the symlink should be copied (not what
the symlink is pointing to, but the actual contents of the symlink
inode -- i.e. the redirection path).  Like directories copied with
cp -al, symlinks would be owned by the user if this situation comes
up -- but they would still be functional.

The kernel part of this are the changes associated with
/proc/sys/fs/protected_{hard,soft}links -- which seem to be on by default
resulting in incompatible behavior.  Pádraig referenced a blog
where these new behaviors were justifiable on  the theory that
sys admins might be easily tricked into doing random chowns of all
files for users on request without investigating or wondering why...
*ahem*...yah...






Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 26 Mar 2014 23:58:41 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 26 19:58:41 2014
Received: from localhost ([127.0.0.1]:51507 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WSxiS-0007uu-ID
	for submit <at> debbugs.gnu.org; Wed, 26 Mar 2014 19:58:40 -0400
Received: from smtp.cs.ucla.edu ([131.179.128.62]:44369)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <eggert@HIDDEN>) id 1WSxiQ-0007uj-5f
 for 17103 <at> debbugs.gnu.org; Wed, 26 Mar 2014 19:58:39 -0400
Received: from localhost (localhost.localdomain [127.0.0.1])
 by smtp.cs.ucla.edu (Postfix) with ESMTP id 2EF0439E8013;
 Wed, 26 Mar 2014 16:58:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu
Received: from smtp.cs.ucla.edu ([127.0.0.1])
 by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id eIX9z1NCgrCJ; Wed, 26 Mar 2014 16:58:36 -0700 (PDT)
Received: from [192.168.1.9] (pool-108-0-233-62.lsanca.fios.verizon.net
 [108.0.233.62])
 by smtp.cs.ucla.edu (Postfix) with ESMTPSA id C2E9A39E8008;
 Wed, 26 Mar 2014 16:58:36 -0700 (PDT)
Message-ID: <533369AC.5090702@HIDDEN>
Date: Wed, 26 Mar 2014 16:58:36 -0700
From: Paul Eggert <eggert@HIDDEN>
Organization: UCLA Computer Science Department
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Linda Walsh <coreutils@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks, but tries
 to link to them (fail)
References: <53331795.8080202@HIDDEN>
 <53335928.1020206@HIDDEN>	<53336190.702@HIDDEN>
 <533365C7.9090709@HIDDEN>
In-Reply-To: <533365C7.9090709@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.7 (--)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.7 (--)

I've managed to reproduce the problem on Fedora 20.  It indeed is a 
kernel thing having to do with security.  Not only can 'cp' not create 
hardlinks to symlinks; it also can't create hardlinks to regular files. 
  The problem affects all applications, e.g., 'ln'.

Not much that coreutils can do about it, as far as I can see, as it's a 
kernel issue.

You can work around the problem by running 'cp' (or 'ln' etc.) as root.

Here's an example, where I am running as a regular (non-root) user that 
is not in the 'root' group:

$ find dir/a -ls
5300828    0 drwxrwxr-x   2 root     root           80 Mar 26 16:50 dir/a
5338695    4 -rw-r--r--   1 root     root            5 Mar 26 16:50 
dir/a/data
5300831    0 lrwxrwxrwx   1 root     root            9 Mar 26 11:20 
dir/a/symfile -> ../b/file
$ mkdir d
$ ln dir/a/data d
ln: failed to create hard link ‘d/data’ => ‘dir/a/data’: Operation not 
permitted
$ ln dir/a/symfile d
ln: failed to create hard link ‘d/symfile’ => ‘dir/a/symfile’: Operation 
not permitted





Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 26 Mar 2014 23:42:12 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 26 19:42:11 2014
Received: from localhost ([127.0.0.1]:51489 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WSxSV-0007RV-8k
	for submit <at> debbugs.gnu.org; Wed, 26 Mar 2014 19:42:11 -0400
Received: from smtp.cs.ucla.edu ([131.179.128.62]:43639)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <eggert@HIDDEN>) id 1WSxSS-0007RJ-9c
 for 17103 <at> debbugs.gnu.org; Wed, 26 Mar 2014 19:42:09 -0400
Received: from localhost (localhost.localdomain [127.0.0.1])
 by smtp.cs.ucla.edu (Postfix) with ESMTP id 1D36B39E8013;
 Wed, 26 Mar 2014 16:42:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu
Received: from smtp.cs.ucla.edu ([127.0.0.1])
 by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Iv5Q+vqnUuSG; Wed, 26 Mar 2014 16:42:06 -0700 (PDT)
Received: from [192.168.1.9] (pool-108-0-233-62.lsanca.fios.verizon.net
 [108.0.233.62])
 by smtp.cs.ucla.edu (Postfix) with ESMTPSA id 8EC8839E8008;
 Wed, 26 Mar 2014 16:42:06 -0700 (PDT)
Message-ID: <533365C7.9090709@HIDDEN>
Date: Wed, 26 Mar 2014 16:41:59 -0700
From: Paul Eggert <eggert@HIDDEN>
Organization: UCLA Computer Science Department
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Linda Walsh <coreutils@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks, but tries
 to link to them (fail)
References: <53331795.8080202@HIDDEN> <53335928.1020206@HIDDEN>
 <53336190.702@HIDDEN>
In-Reply-To: <53336190.702@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: -2.7 (--)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.7 (--)

Linda Walsh wrote:
> I compile my own kernel.
> I don't have SELinux compile in.

That's interesting.  Can you try the suggested test anyway?  Perhaps the 
problem is not limited to SELinux.




Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 26 Mar 2014 23:24:34 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 26 19:24:34 2014
Received: from localhost ([127.0.0.1]:51479 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WSxBM-0006xL-Ux
	for submit <at> debbugs.gnu.org; Wed, 26 Mar 2014 19:24:34 -0400
Received: from ishtar.tlinx.org ([173.164.175.65]:56031)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <coreutils@HIDDEN>) id 1WSxBE-0006x2-Sm
 for 17103 <at> debbugs.gnu.org; Wed, 26 Mar 2014 19:24:26 -0400
Received: from [192.168.4.12] (Athenae [192.168.4.12])
 by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id
 s2QNO1B4084810; Wed, 26 Mar 2014 16:24:05 -0700
Message-ID: <53336190.702@HIDDEN>
Date: Wed, 26 Mar 2014 16:24:00 -0700
From: Linda Walsh <coreutils@HIDDEN>
User-Agent: Thunderbird
MIME-Version: 1.0
To: Paul Eggert <eggert@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks,
 but tries to link to them (fail)
References: <53331795.8080202@HIDDEN> <53335928.1020206@HIDDEN>
In-Reply-To: <53335928.1020206@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.4 (/)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.4 (/)



Paul Eggert wrote:
> Linda Walsh wrote:
>> Any idea how this managed to be broken?
> 
> My guess is that it's SELinux.  Try doing the following: 
----
I compile my own kernel.
I don't have SELinux compile in.


----
FWIW, here's my config.sys:
#
# Automatically generated file; DO NOT EDIT.
# Linux/x86 3.13.5 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
CONFIG_X86=y
CONFIG_INSTRUCTION_DECODER=y
CONFIG_OUTPUT_FORMAT="elf64-x86-64"
CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig"
CONFIG_LOCKDEP_SUPPORT=y
CONFIG_STACKTRACE_SUPPORT=y
CONFIG_HAVE_LATENCYTOP_SUPPORT=y
CONFIG_MMU=y
CONFIG_NEED_DMA_MAP_STATE=y
CONFIG_NEED_SG_DMA_LENGTH=y
CONFIG_GENERIC_ISA_DMA=y
CONFIG_GENERIC_BUG=y
CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y
CONFIG_GENERIC_HWEIGHT=y
CONFIG_ARCH_MAY_HAVE_PC_FDC=y
CONFIG_RWSEM_XCHGADD_ALGORITHM=y
CONFIG_GENERIC_CALIBRATE_DELAY=y
CONFIG_ARCH_HAS_CPU_RELAX=y
CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y
CONFIG_ARCH_HAS_CPU_AUTOPROBE=y
CONFIG_HAVE_SETUP_PER_CPU_AREA=y
CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y
CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y
CONFIG_ARCH_HIBERNATION_POSSIBLE=y
CONFIG_ARCH_SUSPEND_POSSIBLE=y
CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y
CONFIG_ARCH_WANT_GENERAL_HUGETLB=y
CONFIG_ZONE_DMA32=y
CONFIG_AUDIT_ARCH=y
CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y
CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y
CONFIG_HAVE_INTEL_TXT=y
CONFIG_X86_64_SMP=y
CONFIG_X86_HT=y
CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx 
-fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11"
CONFIG_ARCH_SUPPORTS_UPROBES=y
CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
CONFIG_IRQ_WORK=y
CONFIG_BUILDTIME_EXTABLE_SORT=y

#
# General setup
#
CONFIG_INIT_ENV_ARG_LIMIT=32
CONFIG_CROSS_COMPILE=""
# CONFIG_COMPILE_TEST is not set
CONFIG_LOCALVERSION="-Isht-Van"
# CONFIG_LOCALVERSION_AUTO is not set
CONFIG_HAVE_KERNEL_GZIP=y
CONFIG_HAVE_KERNEL_BZIP2=y
CONFIG_HAVE_KERNEL_LZMA=y
CONFIG_HAVE_KERNEL_XZ=y
CONFIG_HAVE_KERNEL_LZO=y
CONFIG_HAVE_KERNEL_LZ4=y
# CONFIG_KERNEL_GZIP is not set
# CONFIG_KERNEL_BZIP2 is not set
# CONFIG_KERNEL_LZMA is not set
# CONFIG_KERNEL_XZ is not set
# CONFIG_KERNEL_LZO is not set
CONFIG_KERNEL_LZ4=y
CONFIG_DEFAULT_HOSTNAME="Ishtar"
CONFIG_SWAP=y
CONFIG_SYSVIPC=y
CONFIG_SYSVIPC_SYSCTL=y
CONFIG_POSIX_MQUEUE=y
CONFIG_POSIX_MQUEUE_SYSCTL=y
CONFIG_FHANDLE=y
# CONFIG_AUDIT is not set

#
# IRQ subsystem
#
CONFIG_GENERIC_IRQ_PROBE=y
CONFIG_GENERIC_IRQ_SHOW=y
CONFIG_GENERIC_PENDING_IRQ=y
CONFIG_IRQ_DOMAIN=y
CONFIG_IRQ_DOMAIN_DEBUG=y
CONFIG_IRQ_FORCED_THREADING=y
CONFIG_SPARSE_IRQ=y
CONFIG_CLOCKSOURCE_WATCHDOG=y
CONFIG_ARCH_CLOCKSOURCE_DATA=y
CONFIG_GENERIC_TIME_VSYSCALL=y
CONFIG_GENERIC_CLOCKEVENTS=y
CONFIG_GENERIC_CLOCKEVENTS_BUILD=y
CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y
CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y
CONFIG_GENERIC_CMOS_UPDATE=y

#
# Timers subsystem
#
CONFIG_TICK_ONESHOT=y
CONFIG_NO_HZ_COMMON=y
# CONFIG_HZ_PERIODIC is not set
CONFIG_NO_HZ_IDLE=y
# CONFIG_NO_HZ_FULL is not set
CONFIG_NO_HZ=y
CONFIG_HIGH_RES_TIMERS=y

#
# CPU/Task time and stats accounting
#
CONFIG_TICK_CPU_ACCOUNTING=y
# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
# CONFIG_IRQ_TIME_ACCOUNTING is not set
CONFIG_BSD_PROCESS_ACCT=y
CONFIG_BSD_PROCESS_ACCT_V3=y
CONFIG_TASKSTATS=y
CONFIG_TASK_DELAY_ACCT=y
CONFIG_TASK_XACCT=y
CONFIG_TASK_IO_ACCOUNTING=y

#
# RCU Subsystem
#
CONFIG_TREE_PREEMPT_RCU=y
CONFIG_PREEMPT_RCU=y
CONFIG_RCU_STALL_COMMON=y
# CONFIG_RCU_USER_QS is not set
CONFIG_RCU_FANOUT=64
CONFIG_RCU_FANOUT_LEAF=16
# CONFIG_RCU_FANOUT_EXACT is not set
# CONFIG_RCU_FAST_NO_HZ is not set
# CONFIG_TREE_RCU_TRACE is not set
CONFIG_RCU_BOOST=y
CONFIG_RCU_BOOST_PRIO=1
CONFIG_RCU_BOOST_DELAY=500
# CONFIG_RCU_NOCB_CPU is not set
CONFIG_IKCONFIG=y
CONFIG_IKCONFIG_PROC=y
CONFIG_LOG_BUF_SHIFT=19
CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
CONFIG_ARCH_SUPPORTS_INT128=y
CONFIG_ARCH_WANTS_PROT_NUMA_PROT_NONE=y
CONFIG_ARCH_USES_NUMA_PROT_NONE=y
CONFIG_NUMA_BALANCING_DEFAULT_ENABLED=y
CONFIG_NUMA_BALANCING=y
CONFIG_CGROUPS=y
CONFIG_CGROUP_DEBUG=y
CONFIG_CGROUP_FREEZER=y
CONFIG_CGROUP_DEVICE=y
CONFIG_CPUSETS=y
CONFIG_PROC_PID_CPUSET=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_RESOURCE_COUNTERS=y
CONFIG_MEMCG=y
CONFIG_MEMCG_SWAP=y
CONFIG_MEMCG_SWAP_ENABLED=y
CONFIG_MEMCG_KMEM=y
# CONFIG_CGROUP_HUGETLB is not set
# CONFIG_CGROUP_PERF is not set
CONFIG_CGROUP_SCHED=y
CONFIG_FAIR_GROUP_SCHED=y
CONFIG_CFS_BANDWIDTH=y
CONFIG_RT_GROUP_SCHED=y
CONFIG_BLK_CGROUP=y
CONFIG_DEBUG_BLK_CGROUP=y
CONFIG_CHECKPOINT_RESTORE=y
CONFIG_NAMESPACES=y
CONFIG_UTS_NS=y
CONFIG_IPC_NS=y
CONFIG_USER_NS=y
CONFIG_PID_NS=y
CONFIG_NET_NS=y
CONFIG_UIDGID_STRICT_TYPE_CHECKS=y
CONFIG_SCHED_AUTOGROUP=y
CONFIG_MM_OWNER=y
# CONFIG_SYSFS_DEPRECATED is not set
CONFIG_RELAY=y
# CONFIG_BLK_DEV_INITRD is not set
# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set
CONFIG_SYSCTL=y
CONFIG_ANON_INODES=y
CONFIG_HAVE_UID16=y
CONFIG_SYSCTL_EXCEPTION_TRACE=y
CONFIG_HAVE_PCSPKR_PLATFORM=y
CONFIG_EXPERT=y
# CONFIG_UID16 is not set
# CONFIG_SYSCTL_SYSCALL is not set
CONFIG_KALLSYMS=y
CONFIG_KALLSYMS_ALL=y
CONFIG_PRINTK=y
CONFIG_BUG=y
CONFIG_ELF_CORE=y
CONFIG_PCSPKR_PLATFORM=y
CONFIG_BASE_FULL=y
CONFIG_FUTEX=y
CONFIG_EPOLL=y
CONFIG_SIGNALFD=y
CONFIG_TIMERFD=y
CONFIG_EVENTFD=y
CONFIG_SHMEM=y
CONFIG_AIO=y
CONFIG_PCI_QUIRKS=y
# CONFIG_EMBEDDED is not set
CONFIG_HAVE_PERF_EVENTS=y

#
# Kernel Performance Events And Counters
#
CONFIG_PERF_EVENTS=y
# CONFIG_DEBUG_PERF_USE_VMALLOC is not set
CONFIG_VM_EVENT_COUNTERS=y
CONFIG_SLUB_DEBUG=y
# CONFIG_COMPAT_BRK is not set
# CONFIG_SLAB is not set
CONFIG_SLUB=y
# CONFIG_SLOB is not set
CONFIG_SLUB_CPU_PARTIAL=y
# CONFIG_PROFILING is not set
CONFIG_TRACEPOINTS=y
CONFIG_HAVE_OPROFILE=y
CONFIG_OPROFILE_NMI_TIMER=y
CONFIG_KPROBES=y
CONFIG_JUMP_LABEL=y
CONFIG_UPROBES=y
# CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set
CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y
CONFIG_ARCH_USE_BUILTIN_BSWAP=y
CONFIG_KRETPROBES=y
CONFIG_USER_RETURN_NOTIFIER=y
CONFIG_HAVE_IOREMAP_PROT=y
CONFIG_HAVE_KPROBES=y
CONFIG_HAVE_KRETPROBES=y
CONFIG_HAVE_OPTPROBES=y
CONFIG_HAVE_KPROBES_ON_FTRACE=y
CONFIG_HAVE_ARCH_TRACEHOOK=y
CONFIG_HAVE_DMA_ATTRS=y
CONFIG_GENERIC_SMP_IDLE_THREAD=y
CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
CONFIG_HAVE_DMA_API_DEBUG=y
CONFIG_HAVE_HW_BREAKPOINT=y
CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y
CONFIG_HAVE_USER_RETURN_NOTIFIER=y
CONFIG_HAVE_PERF_EVENTS_NMI=y
CONFIG_HAVE_PERF_REGS=y
CONFIG_HAVE_PERF_USER_STACK_DUMP=y
CONFIG_HAVE_ARCH_JUMP_LABEL=y
CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y
CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y
CONFIG_HAVE_CMPXCHG_LOCAL=y
CONFIG_HAVE_CMPXCHG_DOUBLE=y
CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION=y
CONFIG_ARCH_WANT_OLD_COMPAT_IPC=y
CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
CONFIG_SECCOMP_FILTER=y
CONFIG_HAVE_CONTEXT_TRACKING=y
CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y
CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y
CONFIG_HAVE_ARCH_SOFT_DIRTY=y
CONFIG_MODULES_USE_ELF_RELA=y
CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y
CONFIG_OLD_SIGSUSPEND3=y
CONFIG_COMPAT_OLD_SIGACTION=y

#
# GCOV-based kernel profiling
#
# CONFIG_GCOV_KERNEL is not set
# CONFIG_HAVE_GENERIC_DMA_COHERENT is not set
CONFIG_SLABINFO=y
CONFIG_RT_MUTEXES=y
CONFIG_BASE_SMALL=0
# CONFIG_SYSTEM_TRUSTED_KEYRING is not set
CONFIG_MODULES=y
# CONFIG_MODULE_FORCE_LOAD is not set
CONFIG_MODULE_UNLOAD=y
# CONFIG_MODULE_FORCE_UNLOAD is not set
CONFIG_MODVERSIONS=y
# CONFIG_MODULE_SRCVERSION_ALL is not set
# CONFIG_MODULE_SIG is not set
CONFIG_STOP_MACHINE=y
CONFIG_BLOCK=y
CONFIG_BLK_DEV_BSG=y
CONFIG_BLK_DEV_BSGLIB=y
CONFIG_BLK_DEV_INTEGRITY=y
CONFIG_BLK_DEV_THROTTLING=y
# CONFIG_BLK_CMDLINE_PARSER is not set

#
# Partition Types
#
CONFIG_PARTITION_ADVANCED=y
# CONFIG_ACORN_PARTITION is not set
# CONFIG_AIX_PARTITION is not set
# CONFIG_OSF_PARTITION is not set
# CONFIG_AMIGA_PARTITION is not set
# CONFIG_ATARI_PARTITION is not set
# CONFIG_MAC_PARTITION is not set
CONFIG_MSDOS_PARTITION=y
# CONFIG_BSD_DISKLABEL is not set
# CONFIG_MINIX_SUBPARTITION is not set
# CONFIG_SOLARIS_X86_PARTITION is not set
# CONFIG_UNIXWARE_DISKLABEL is not set
CONFIG_LDM_PARTITION=y
# CONFIG_LDM_DEBUG is not set
# CONFIG_SGI_PARTITION is not set
# CONFIG_ULTRIX_PARTITION is not set
# CONFIG_SUN_PARTITION is not set
# CONFIG_KARMA_PARTITION is not set
CONFIG_EFI_PARTITION=y
# CONFIG_SYSV68_PARTITION is not set
# CONFIG_CMDLINE_PARTITION is not set
CONFIG_BLOCK_COMPAT=y

#
# IO Schedulers
#
CONFIG_IOSCHED_NOOP=y
CONFIG_IOSCHED_DEADLINE=y
CONFIG_IOSCHED_CFQ=y
CONFIG_CFQ_GROUP_IOSCHED=y
CONFIG_DEFAULT_DEADLINE=y
# CONFIG_DEFAULT_CFQ is not set
# CONFIG_DEFAULT_NOOP is not set
CONFIG_DEFAULT_IOSCHED="deadline"
CONFIG_PREEMPT_NOTIFIERS=y
CONFIG_UNINLINE_SPIN_UNLOCK=y
CONFIG_FREEZER=y

#
# Processor type and features
#
CONFIG_ZONE_DMA=y
CONFIG_SMP=y
CONFIG_X86_X2APIC=y
# CONFIG_X86_MPPARSE is not set
# CONFIG_X86_EXTENDED_PLATFORM is not set
# CONFIG_X86_INTEL_LPSS is not set
CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y
CONFIG_SCHED_OMIT_FRAME_POINTER=y
# CONFIG_HYPERVISOR_GUEST is not set
CONFIG_NO_BOOTMEM=y
# CONFIG_MEMTEST is not set
# CONFIG_MK8 is not set
# CONFIG_MPSC is not set
CONFIG_MCORE2=y
# CONFIG_MATOM is not set
# CONFIG_GENERIC_CPU is not set
CONFIG_X86_INTERNODE_CACHE_SHIFT=6
CONFIG_X86_L1_CACHE_SHIFT=6
CONFIG_X86_INTEL_USERCOPY=y
CONFIG_X86_USE_PPRO_CHECKSUM=y
CONFIG_X86_P6_NOP=y
CONFIG_X86_TSC=y
CONFIG_X86_CMPXCHG64=y
CONFIG_X86_CMOV=y
CONFIG_X86_MINIMUM_CPU_FAMILY=64
CONFIG_X86_DEBUGCTLMSR=y
CONFIG_PROCESSOR_SELECT=y
CONFIG_CPU_SUP_INTEL=y
# CONFIG_CPU_SUP_AMD is not set
# CONFIG_CPU_SUP_CENTAUR is not set
CONFIG_HPET_TIMER=y
CONFIG_HPET_EMULATE_RTC=y
CONFIG_DMI=y
# CONFIG_CALGARY_IOMMU is not set
CONFIG_SWIOTLB=y
CONFIG_IOMMU_HELPER=y
# CONFIG_MAXSMP is not set
CONFIG_NR_CPUS=12
# CONFIG_SCHED_SMT is not set
CONFIG_SCHED_MC=y
# CONFIG_PREEMPT_NONE is not set
# CONFIG_PREEMPT_VOLUNTARY is not set
CONFIG_PREEMPT=y
CONFIG_PREEMPT_COUNT=y
CONFIG_X86_LOCAL_APIC=y
CONFIG_X86_IO_APIC=y
CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y
CONFIG_X86_MCE=y
CONFIG_X86_MCE_INTEL=y
# CONFIG_X86_MCE_AMD is not set
CONFIG_X86_MCE_THRESHOLD=y
# CONFIG_X86_MCE_INJECT is not set
CONFIG_X86_THERMAL_VECTOR=y
# CONFIG_I8K is not set
CONFIG_MICROCODE=y
CONFIG_MICROCODE_INTEL=y
# CONFIG_MICROCODE_AMD is not set
CONFIG_MICROCODE_OLD_INTERFACE=y
CONFIG_MICROCODE_INTEL_LIB=y
# CONFIG_MICROCODE_INTEL_EARLY is not set
# CONFIG_MICROCODE_AMD_EARLY is not set
CONFIG_X86_MSR=y
CONFIG_X86_CPUID=y
CONFIG_ARCH_PHYS_ADDR_T_64BIT=y
CONFIG_ARCH_DMA_ADDR_T_64BIT=y
CONFIG_DIRECT_GBPAGES=y
CONFIG_NUMA=y
# CONFIG_AMD_NUMA is not set
CONFIG_X86_64_ACPI_NUMA=y
CONFIG_NODES_SPAN_OTHER_NODES=y
# CONFIG_NUMA_EMU is not set
CONFIG_NODES_SHIFT=4
CONFIG_ARCH_SPARSEMEM_ENABLE=y
CONFIG_ARCH_SPARSEMEM_DEFAULT=y
CONFIG_ARCH_SELECT_MEMORY_MODEL=y
CONFIG_ARCH_PROC_KCORE_TEXT=y
CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
CONFIG_SELECT_MEMORY_MODEL=y
CONFIG_SPARSEMEM_MANUAL=y
CONFIG_SPARSEMEM=y
CONFIG_NEED_MULTIPLE_NODES=y
CONFIG_HAVE_MEMORY_PRESENT=y
CONFIG_SPARSEMEM_EXTREME=y
CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y
CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y
CONFIG_SPARSEMEM_VMEMMAP=y
CONFIG_HAVE_MEMBLOCK=y
CONFIG_HAVE_MEMBLOCK_NODE_MAP=y
CONFIG_ARCH_DISCARD_MEMBLOCK=y
CONFIG_MEMORY_ISOLATION=y
# CONFIG_MOVABLE_NODE is not set
# CONFIG_HAVE_BOOTMEM_INFO_NODE is not set
# CONFIG_MEMORY_HOTPLUG is not set
CONFIG_PAGEFLAGS_EXTENDED=y
CONFIG_SPLIT_PTLOCK_CPUS=4
CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y
CONFIG_BALLOON_COMPACTION=y
CONFIG_COMPACTION=y
CONFIG_MIGRATION=y
CONFIG_PHYS_ADDR_T_64BIT=y
CONFIG_ZONE_DMA_FLAG=1
CONFIG_BOUNCE=y
CONFIG_NEED_BOUNCE_POOL=y
CONFIG_VIRT_TO_BUS=y
CONFIG_MMU_NOTIFIER=y
CONFIG_KSM=y
CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y
CONFIG_MEMORY_FAILURE=y
# CONFIG_HWPOISON_INJECT is not set
CONFIG_TRANSPARENT_HUGEPAGE=y
# CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS is not set
CONFIG_TRANSPARENT_HUGEPAGE_MADVISE=y
CONFIG_CROSS_MEMORY_ATTACH=y
CONFIG_CLEANCACHE=y
CONFIG_FRONTSWAP=y
CONFIG_CMA=y
# CONFIG_CMA_DEBUG is not set
CONFIG_ZBUD=y
CONFIG_ZSWAP=y
# CONFIG_MEM_SOFT_DIRTY is not set
# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set
CONFIG_X86_RESERVE_LOW=4
CONFIG_MTRR=y
CONFIG_MTRR_SANITIZER=y
CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0
CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1
CONFIG_X86_PAT=y
CONFIG_ARCH_USES_PG_UNCACHED=y
CONFIG_ARCH_RANDOM=y
# CONFIG_X86_SMAP is not set
CONFIG_EFI=y
CONFIG_EFI_STUB=y
CONFIG_SECCOMP=y
# CONFIG_CC_STACKPROTECTOR is not set
# CONFIG_HZ_100 is not set
# CONFIG_HZ_250 is not set
# CONFIG_HZ_300 is not set
CONFIG_HZ_1000=y
CONFIG_HZ=1000
CONFIG_SCHED_HRTICK=y
CONFIG_KEXEC=y
CONFIG_CRASH_DUMP=y
CONFIG_PHYSICAL_START=0x200000
CONFIG_RELOCATABLE=y
CONFIG_PHYSICAL_ALIGN=0x1000000
CONFIG_HOTPLUG_CPU=y
# CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set
# CONFIG_DEBUG_HOTPLUG_CPU0 is not set
# CONFIG_COMPAT_VDSO is not set
CONFIG_CMDLINE_BOOL=y
CONFIG_CMDLINE="reboot=bios"
# CONFIG_CMDLINE_OVERRIDE is not set
CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
CONFIG_USE_PERCPU_NUMA_NODE_ID=y

#
# Power management and ACPI options
#
# CONFIG_SUSPEND is not set
# CONFIG_HIBERNATION is not set
CONFIG_PM_RUNTIME=y
CONFIG_PM=y
CONFIG_PM_DEBUG=y
# CONFIG_PM_ADVANCED_DEBUG is not set
# CONFIG_DPM_WATCHDOG is not set
# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set
CONFIG_ACPI=y
# CONFIG_ACPI_PROCFS is not set
# CONFIG_ACPI_EC_DEBUGFS is not set
# CONFIG_ACPI_AC is not set
# CONFIG_ACPI_BATTERY is not set
CONFIG_ACPI_BUTTON=y
# CONFIG_ACPI_FAN is not set
# CONFIG_ACPI_DOCK is not set
CONFIG_ACPI_PROCESSOR=y
CONFIG_ACPI_IPMI=y
CONFIG_ACPI_HOTPLUG_CPU=y
CONFIG_ACPI_PROCESSOR_AGGREGATOR=m
CONFIG_ACPI_THERMAL=m
CONFIG_ACPI_NUMA=y
# CONFIG_ACPI_CUSTOM_DSDT is not set
CONFIG_ACPI_DEBUG=y
CONFIG_ACPI_PCI_SLOT=y
CONFIG_X86_PM_TIMER=y
CONFIG_ACPI_CONTAINER=y
# CONFIG_ACPI_SBS is not set
CONFIG_ACPI_HED=y
CONFIG_ACPI_CUSTOM_METHOD=y
CONFIG_ACPI_BGRT=y
CONFIG_ACPI_APEI=y
CONFIG_ACPI_APEI_GHES=y
CONFIG_ACPI_APEI_PCIEAER=y
CONFIG_ACPI_APEI_MEMORY_FAILURE=y
# CONFIG_ACPI_APEI_EINJ is not set
# CONFIG_ACPI_APEI_ERST_DEBUG is not set
# CONFIG_ACPI_EXTLOG is not set
# CONFIG_SFI is not set

#
# CPU Frequency scaling
#
CONFIG_CPU_FREQ=y
CONFIG_CPU_FREQ_GOV_COMMON=y
CONFIG_CPU_FREQ_STAT=y
CONFIG_CPU_FREQ_STAT_DETAILS=y
# CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE is not set
# CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE is not set
# CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE is not set
CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND=y
# CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE is not set
CONFIG_CPU_FREQ_GOV_PERFORMANCE=y
# CONFIG_CPU_FREQ_GOV_POWERSAVE is not set
# CONFIG_CPU_FREQ_GOV_USERSPACE is not set
CONFIG_CPU_FREQ_GOV_ONDEMAND=y
# CONFIG_CPU_FREQ_GOV_CONSERVATIVE is not set

#
# x86 CPU frequency scaling drivers
#
# CONFIG_X86_INTEL_PSTATE is not set
# CONFIG_X86_PCC_CPUFREQ is not set
CONFIG_X86_ACPI_CPUFREQ=y
# CONFIG_X86_POWERNOW_K8 is not set
# CONFIG_X86_SPEEDSTEP_CENTRINO is not set
# CONFIG_X86_P4_CLOCKMOD is not set

#
# shared options
#
# CONFIG_X86_SPEEDSTEP_LIB is not set

#
# CPU Idle
#
CONFIG_CPU_IDLE=y
# CONFIG_CPU_IDLE_MULTIPLE_DRIVERS is not set
# CONFIG_CPU_IDLE_GOV_LADDER is not set
CONFIG_CPU_IDLE_GOV_MENU=y
# CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set
CONFIG_INTEL_IDLE=y

#
# Memory power savings
#
CONFIG_I7300_IDLE_IOAT_CHANNEL=y
CONFIG_I7300_IDLE=y

#
# Bus options (PCI etc.)
#
CONFIG_PCI=y
CONFIG_PCI_DIRECT=y
CONFIG_PCI_MMCONFIG=y
CONFIG_PCI_DOMAINS=y
# CONFIG_PCI_CNB20LE_QUIRK is not set
CONFIG_PCIEPORTBUS=y
CONFIG_PCIEAER=y
CONFIG_PCIE_ECRC=y
# CONFIG_PCIEAER_INJECT is not set
# CONFIG_PCIEASPM is not set
CONFIG_PCIE_PME=y
CONFIG_PCI_MSI=y
# CONFIG_PCI_DEBUG is not set
CONFIG_PCI_REALLOC_ENABLE_AUTO=y
# CONFIG_PCI_STUB is not set
# CONFIG_HT_IRQ is not set
CONFIG_PCI_ATS=y
CONFIG_PCI_IOV=y
CONFIG_PCI_PRI=y
CONFIG_PCI_PASID=y
CONFIG_PCI_IOAPIC=y
CONFIG_PCI_LABEL=y

#
# PCI host controller drivers
#
CONFIG_ISA_DMA_API=y
# CONFIG_PCCARD is not set
# CONFIG_HOTPLUG_PCI is not set
# CONFIG_RAPIDIO is not set
CONFIG_X86_SYSFB=y

#
# Executable file formats / Emulations
#
CONFIG_BINFMT_ELF=y
CONFIG_COMPAT_BINFMT_ELF=y
CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE=y
CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y
CONFIG_BINFMT_SCRIPT=y
# CONFIG_HAVE_AOUT is not set
CONFIG_BINFMT_MISC=y
CONFIG_COREDUMP=y
CONFIG_IA32_EMULATION=y
CONFIG_IA32_AOUT=m
# CONFIG_X86_X32 is not set
CONFIG_COMPAT=y
CONFIG_COMPAT_FOR_U64_ALIGNMENT=y
CONFIG_SYSVIPC_COMPAT=y
CONFIG_KEYS_COMPAT=y
CONFIG_X86_DEV_DMA_OPS=y
CONFIG_NET=y

#
# Networking options
#
CONFIG_PACKET=y
CONFIG_PACKET_DIAG=m
CONFIG_UNIX=y
CONFIG_UNIX_DIAG=y
CONFIG_XFRM=y
CONFIG_XFRM_ALGO=m
CONFIG_XFRM_USER=m
# CONFIG_XFRM_SUB_POLICY is not set
# CONFIG_XFRM_MIGRATE is not set
# CONFIG_XFRM_STATISTICS is not set
CONFIG_NET_KEY=m
# CONFIG_NET_KEY_MIGRATE is not set
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_FIB_TRIE_STATS=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_VERBOSE=y
CONFIG_IP_ROUTE_CLASSID=y
# CONFIG_IP_PNP is not set
CONFIG_NET_IPIP=m
CONFIG_NET_IPGRE_DEMUX=m
CONFIG_NET_IP_TUNNEL=m
CONFIG_NET_IPGRE=m
# CONFIG_NET_IPGRE_BROADCAST is not set
CONFIG_IP_MROUTE=y
CONFIG_IP_MROUTE_MULTIPLE_TABLES=y
# CONFIG_IP_PIMSM_V1 is not set
# CONFIG_IP_PIMSM_V2 is not set
CONFIG_SYN_COOKIES=y
# CONFIG_INET_AH is not set
# CONFIG_INET_ESP is not set
# CONFIG_INET_IPCOMP is not set
# CONFIG_INET_XFRM_TUNNEL is not set
CONFIG_INET_TUNNEL=m
# CONFIG_INET_XFRM_MODE_TRANSPORT is not set
# CONFIG_INET_XFRM_MODE_TUNNEL is not set
# CONFIG_INET_XFRM_MODE_BEET is not set
CONFIG_INET_LRO=y
CONFIG_INET_DIAG=y
CONFIG_INET_TCP_DIAG=y
CONFIG_INET_UDP_DIAG=m
CONFIG_TCP_CONG_ADVANCED=y
# CONFIG_TCP_CONG_BIC is not set
# CONFIG_TCP_CONG_CUBIC is not set
CONFIG_TCP_CONG_WESTWOOD=m
CONFIG_TCP_CONG_HTCP=y
CONFIG_TCP_CONG_HSTCP=y
# CONFIG_TCP_CONG_HYBLA is not set
# CONFIG_TCP_CONG_VEGAS is not set
CONFIG_TCP_CONG_SCALABLE=y
CONFIG_TCP_CONG_LP=y
# CONFIG_TCP_CONG_VENO is not set
# CONFIG_TCP_CONG_YEAH is not set
# CONFIG_TCP_CONG_ILLINOIS is not set
CONFIG_DEFAULT_HTCP=y
# CONFIG_DEFAULT_RENO is not set
CONFIG_DEFAULT_TCP_CONG="htcp"
# CONFIG_TCP_MD5SIG is not set
# CONFIG_IPV6 is not set
# CONFIG_NETLABEL is not set
# CONFIG_NETWORK_SECMARK is not set
CONFIG_NETWORK_PHY_TIMESTAMPING=y
CONFIG_NETFILTER=y
CONFIG_NETFILTER_DEBUG=y
CONFIG_NETFILTER_ADVANCED=y
CONFIG_BRIDGE_NETFILTER=y

#
# Core Netfilter Configuration
#
CONFIG_NETFILTER_NETLINK=m
CONFIG_NETFILTER_NETLINK_ACCT=m
CONFIG_NETFILTER_NETLINK_QUEUE=m
CONFIG_NETFILTER_NETLINK_LOG=m
CONFIG_NF_CONNTRACK=m
CONFIG_NF_CONNTRACK_MARK=y
CONFIG_NF_CONNTRACK_ZONES=y
# CONFIG_NF_CONNTRACK_PROCFS is not set
CONFIG_NF_CONNTRACK_EVENTS=y
CONFIG_NF_CONNTRACK_TIMEOUT=y
CONFIG_NF_CONNTRACK_TIMESTAMP=y
CONFIG_NF_CONNTRACK_LABELS=y
CONFIG_NF_CT_PROTO_DCCP=m
CONFIG_NF_CT_PROTO_GRE=m
CONFIG_NF_CT_PROTO_SCTP=m
CONFIG_NF_CT_PROTO_UDPLITE=m
# CONFIG_NF_CONNTRACK_AMANDA is not set
CONFIG_NF_CONNTRACK_FTP=m
CONFIG_NF_CONNTRACK_H323=m
CONFIG_NF_CONNTRACK_IRC=m
CONFIG_NF_CONNTRACK_BROADCAST=m
CONFIG_NF_CONNTRACK_NETBIOS_NS=m
CONFIG_NF_CONNTRACK_SNMP=m
CONFIG_NF_CONNTRACK_PPTP=m
# CONFIG_NF_CONNTRACK_SANE is not set
CONFIG_NF_CONNTRACK_SIP=m
# CONFIG_NF_CONNTRACK_TFTP is not set
CONFIG_NF_CT_NETLINK=m
CONFIG_NF_CT_NETLINK_TIMEOUT=m
CONFIG_NF_CT_NETLINK_HELPER=m
CONFIG_NETFILTER_NETLINK_QUEUE_CT=y
CONFIG_NF_NAT=m
CONFIG_NF_NAT_NEEDED=y
CONFIG_NF_NAT_PROTO_DCCP=m
CONFIG_NF_NAT_PROTO_UDPLITE=m
CONFIG_NF_NAT_PROTO_SCTP=m
# CONFIG_NF_NAT_AMANDA is not set
CONFIG_NF_NAT_FTP=m
CONFIG_NF_NAT_IRC=m
CONFIG_NF_NAT_SIP=m
# CONFIG_NF_NAT_TFTP is not set
CONFIG_NETFILTER_SYNPROXY=m
CONFIG_NF_TABLES=m
# CONFIG_NFT_EXTHDR is not set
CONFIG_NFT_META=m
CONFIG_NFT_CT=m
CONFIG_NFT_RBTREE=m
CONFIG_NFT_HASH=m
CONFIG_NFT_COUNTER=m
CONFIG_NFT_LOG=m
CONFIG_NFT_LIMIT=m
CONFIG_NFT_NAT=m
CONFIG_NFT_COMPAT=m
CONFIG_NETFILTER_XTABLES=y

#
# Xtables combined modules
#
CONFIG_NETFILTER_XT_MARK=m
CONFIG_NETFILTER_XT_CONNMARK=m
CONFIG_NETFILTER_XT_SET=m

#
# Xtables targets
#
# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
CONFIG_NETFILTER_XT_TARGET_CT=m
CONFIG_NETFILTER_XT_TARGET_DSCP=m
CONFIG_NETFILTER_XT_TARGET_HL=m
CONFIG_NETFILTER_XT_TARGET_HMARK=m
CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m
CONFIG_NETFILTER_XT_TARGET_LOG=m
CONFIG_NETFILTER_XT_TARGET_MARK=m
CONFIG_NETFILTER_XT_TARGET_NETMAP=m
CONFIG_NETFILTER_XT_TARGET_NFLOG=m
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
# CONFIG_NETFILTER_XT_TARGET_NOTRACK is not set
CONFIG_NETFILTER_XT_TARGET_RATEEST=m
CONFIG_NETFILTER_XT_TARGET_REDIRECT=m
CONFIG_NETFILTER_XT_TARGET_TEE=m
CONFIG_NETFILTER_XT_TARGET_TPROXY=m
CONFIG_NETFILTER_XT_TARGET_TRACE=m
CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m

#
# Xtables matches
#
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m
CONFIG_NETFILTER_XT_MATCH_BPF=m
# CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set
CONFIG_NETFILTER_XT_MATCH_COMMENT=m
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
CONFIG_NETFILTER_XT_MATCH_CONNLABEL=m
CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=m
CONFIG_NETFILTER_XT_MATCH_CONNMARK=m
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
CONFIG_NETFILTER_XT_MATCH_CPU=m
CONFIG_NETFILTER_XT_MATCH_DCCP=m
CONFIG_NETFILTER_XT_MATCH_DEVGROUP=m
CONFIG_NETFILTER_XT_MATCH_DSCP=m
CONFIG_NETFILTER_XT_MATCH_ECN=y
# CONFIG_NETFILTER_XT_MATCH_ESP is not set
CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m
CONFIG_NETFILTER_XT_MATCH_HELPER=m
CONFIG_NETFILTER_XT_MATCH_HL=m
CONFIG_NETFILTER_XT_MATCH_IPRANGE=m
CONFIG_NETFILTER_XT_MATCH_LENGTH=m
CONFIG_NETFILTER_XT_MATCH_LIMIT=m
CONFIG_NETFILTER_XT_MATCH_MAC=m
CONFIG_NETFILTER_XT_MATCH_MARK=m
CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m
CONFIG_NETFILTER_XT_MATCH_NFACCT=m
CONFIG_NETFILTER_XT_MATCH_OSF=m
CONFIG_NETFILTER_XT_MATCH_OWNER=m
# CONFIG_NETFILTER_XT_MATCH_POLICY is not set
CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m
CONFIG_NETFILTER_XT_MATCH_QUOTA=m
CONFIG_NETFILTER_XT_MATCH_RATEEST=m
CONFIG_NETFILTER_XT_MATCH_REALM=m
CONFIG_NETFILTER_XT_MATCH_RECENT=m
CONFIG_NETFILTER_XT_MATCH_SCTP=m
CONFIG_NETFILTER_XT_MATCH_SOCKET=m
CONFIG_NETFILTER_XT_MATCH_STATE=m
CONFIG_NETFILTER_XT_MATCH_STATISTIC=m
CONFIG_NETFILTER_XT_MATCH_STRING=m
CONFIG_NETFILTER_XT_MATCH_TCPMSS=m
CONFIG_NETFILTER_XT_MATCH_TIME=m
CONFIG_NETFILTER_XT_MATCH_U32=m
CONFIG_IP_SET=m
CONFIG_IP_SET_MAX=256
CONFIG_IP_SET_BITMAP_IP=m
CONFIG_IP_SET_BITMAP_IPMAC=m
CONFIG_IP_SET_BITMAP_PORT=m
CONFIG_IP_SET_HASH_IP=m
CONFIG_IP_SET_HASH_IPPORT=m
CONFIG_IP_SET_HASH_IPPORTIP=m
CONFIG_IP_SET_HASH_IPPORTNET=m
CONFIG_IP_SET_HASH_NETPORTNET=m
CONFIG_IP_SET_HASH_NET=m
CONFIG_IP_SET_HASH_NETNET=m
CONFIG_IP_SET_HASH_NETPORT=m
CONFIG_IP_SET_HASH_NETIFACE=m
CONFIG_IP_SET_LIST_SET=m
# CONFIG_IP_VS is not set

#
# IP: Netfilter Configuration
#
CONFIG_NF_DEFRAG_IPV4=m
CONFIG_NF_CONNTRACK_IPV4=m
CONFIG_NF_TABLES_IPV4=m
CONFIG_NFT_REJECT_IPV4=m
CONFIG_NFT_CHAIN_ROUTE_IPV4=m
CONFIG_NFT_CHAIN_NAT_IPV4=m
CONFIG_NF_TABLES_ARP=m
CONFIG_IP_NF_IPTABLES=y
# CONFIG_IP_NF_MATCH_AH is not set
CONFIG_IP_NF_MATCH_ECN=y
CONFIG_IP_NF_MATCH_RPFILTER=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_SYNPROXY=m
# CONFIG_IP_NF_TARGET_ULOG is not set
CONFIG_NF_NAT_IPV4=m
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_NF_NAT_SNMP_BASIC=m
CONFIG_NF_NAT_PROTO_GRE=m
CONFIG_NF_NAT_PPTP=m
CONFIG_NF_NAT_H323=m
CONFIG_IP_NF_MANGLE=m
# CONFIG_IP_NF_TARGET_CLUSTERIP is not set
# CONFIG_IP_NF_TARGET_ECN is not set
# CONFIG_IP_NF_TARGET_TTL is not set
CONFIG_IP_NF_RAW=y
# CONFIG_IP_NF_SECURITY is not set
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
# CONFIG_IP_NF_ARP_MANGLE is not set
# CONFIG_NF_TABLES_BRIDGE is not set
CONFIG_BRIDGE_NF_EBTABLES=m
CONFIG_BRIDGE_EBT_BROUTE=m
CONFIG_BRIDGE_EBT_T_FILTER=m
CONFIG_BRIDGE_EBT_T_NAT=m
CONFIG_BRIDGE_EBT_802_3=m
CONFIG_BRIDGE_EBT_AMONG=m
CONFIG_BRIDGE_EBT_ARP=m
CONFIG_BRIDGE_EBT_IP=m
CONFIG_BRIDGE_EBT_LIMIT=m
CONFIG_BRIDGE_EBT_MARK=m
CONFIG_BRIDGE_EBT_PKTTYPE=m
CONFIG_BRIDGE_EBT_STP=m
CONFIG_BRIDGE_EBT_VLAN=m
CONFIG_BRIDGE_EBT_ARPREPLY=m
CONFIG_BRIDGE_EBT_DNAT=m
CONFIG_BRIDGE_EBT_MARK_T=m
CONFIG_BRIDGE_EBT_REDIRECT=m
CONFIG_BRIDGE_EBT_SNAT=m
CONFIG_BRIDGE_EBT_LOG=m
# CONFIG_BRIDGE_EBT_ULOG is not set
CONFIG_BRIDGE_EBT_NFLOG=m
CONFIG_IP_DCCP=m
CONFIG_INET_DCCP_DIAG=m

#
# DCCP CCIDs Configuration
#
# CONFIG_IP_DCCP_CCID2_DEBUG is not set
CONFIG_IP_DCCP_CCID3=y
# CONFIG_IP_DCCP_CCID3_DEBUG is not set
CONFIG_IP_DCCP_TFRC_LIB=y

#
# DCCP Kernel Hacking
#
# CONFIG_IP_DCCP_DEBUG is not set
# CONFIG_NET_DCCPPROBE is not set
CONFIG_IP_SCTP=m
CONFIG_NET_SCTPPROBE=m
# CONFIG_SCTP_DBG_OBJCNT is not set
# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5 is not set
# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_SHA1 is not set
CONFIG_SCTP_DEFAULT_COOKIE_HMAC_NONE=y
CONFIG_SCTP_COOKIE_HMAC_MD5=y
CONFIG_SCTP_COOKIE_HMAC_SHA1=y
CONFIG_RDS=m
CONFIG_RDS_TCP=m
# CONFIG_RDS_DEBUG is not set
# CONFIG_TIPC is not set
# CONFIG_ATM is not set
CONFIG_L2TP=m
# CONFIG_L2TP_DEBUGFS is not set
CONFIG_L2TP_V3=y
CONFIG_L2TP_IP=m
CONFIG_L2TP_ETH=m
CONFIG_STP=m
CONFIG_BRIDGE=m
CONFIG_BRIDGE_IGMP_SNOOPING=y
CONFIG_BRIDGE_VLAN_FILTERING=y
CONFIG_HAVE_NET_DSA=y
CONFIG_VLAN_8021Q=m
# CONFIG_VLAN_8021Q_GVRP is not set
# CONFIG_VLAN_8021Q_MVRP is not set
# CONFIG_DECNET is not set
CONFIG_LLC=m
CONFIG_LLC2=m
CONFIG_IPX=m
# CONFIG_IPX_INTERN is not set
# CONFIG_ATALK is not set
# CONFIG_X25 is not set
# CONFIG_LAPB is not set
# CONFIG_PHONET is not set
# CONFIG_IEEE802154 is not set
CONFIG_NET_SCHED=y

#
# Queueing/Scheduling
#
CONFIG_NET_SCH_CBQ=m
CONFIG_NET_SCH_HTB=m
CONFIG_NET_SCH_HFSC=m
CONFIG_NET_SCH_PRIO=m
CONFIG_NET_SCH_MULTIQ=m
CONFIG_NET_SCH_RED=m
CONFIG_NET_SCH_SFB=m
CONFIG_NET_SCH_SFQ=m
CONFIG_NET_SCH_TEQL=m
CONFIG_NET_SCH_TBF=m
CONFIG_NET_SCH_GRED=m
CONFIG_NET_SCH_DSMARK=m
CONFIG_NET_SCH_NETEM=m
CONFIG_NET_SCH_DRR=m
CONFIG_NET_SCH_MQPRIO=m
CONFIG_NET_SCH_CHOKE=m
CONFIG_NET_SCH_QFQ=m
CONFIG_NET_SCH_CODEL=m
CONFIG_NET_SCH_FQ_CODEL=m
CONFIG_NET_SCH_FQ=m
CONFIG_NET_SCH_INGRESS=y
CONFIG_NET_SCH_PLUG=m

#
# Classification
#
CONFIG_NET_CLS=y
CONFIG_NET_CLS_BASIC=y
CONFIG_NET_CLS_TCINDEX=m
CONFIG_NET_CLS_ROUTE4=m
CONFIG_NET_CLS_FW=m
CONFIG_NET_CLS_U32=m
CONFIG_CLS_U32_PERF=y
CONFIG_CLS_U32_MARK=y
CONFIG_NET_CLS_RSVP=m
# CONFIG_NET_CLS_RSVP6 is not set
CONFIG_NET_CLS_FLOW=m
CONFIG_NET_CLS_CGROUP=m
CONFIG_NET_CLS_BPF=m
CONFIG_NET_EMATCH=y
CONFIG_NET_EMATCH_STACK=32
CONFIG_NET_EMATCH_CMP=y
CONFIG_NET_EMATCH_NBYTE=m
CONFIG_NET_EMATCH_U32=y
CONFIG_NET_EMATCH_META=m
CONFIG_NET_EMATCH_TEXT=m
CONFIG_NET_EMATCH_IPSET=m
CONFIG_NET_CLS_ACT=y
CONFIG_NET_ACT_POLICE=m
CONFIG_NET_ACT_GACT=y
CONFIG_GACT_PROB=y
CONFIG_NET_ACT_MIRRED=m
CONFIG_NET_ACT_IPT=y
CONFIG_NET_ACT_NAT=m
CONFIG_NET_ACT_PEDIT=m
# CONFIG_NET_ACT_SIMP is not set
CONFIG_NET_ACT_SKBEDIT=m
# CONFIG_NET_ACT_CSUM is not set
CONFIG_NET_CLS_IND=y
CONFIG_NET_SCH_FIFO=y
# CONFIG_DCB is not set
CONFIG_DNS_RESOLVER=y
# CONFIG_BATMAN_ADV is not set
# CONFIG_OPENVSWITCH is not set
CONFIG_VSOCKETS=m
CONFIG_NETLINK_MMAP=y
CONFIG_NETLINK_DIAG=y
# CONFIG_NET_MPLS_GSO is not set
# CONFIG_HSR is not set
CONFIG_RPS=y
CONFIG_RFS_ACCEL=y
CONFIG_XPS=y
CONFIG_NETPRIO_CGROUP=y
CONFIG_NET_RX_BUSY_POLL=y
CONFIG_BQL=y
CONFIG_BPF_JIT=y
CONFIG_NET_FLOW_LIMIT=y

#
# Network testing
#
# CONFIG_NET_PKTGEN is not set
# CONFIG_NET_TCPPROBE is not set
CONFIG_NET_DROP_MONITOR=m
# CONFIG_HAMRADIO is not set
# CONFIG_CAN is not set
# CONFIG_IRDA is not set
# CONFIG_BT is not set
# CONFIG_AF_RXRPC is not set
CONFIG_FIB_RULES=y
# CONFIG_WIRELESS is not set
# CONFIG_WIMAX is not set
# CONFIG_RFKILL is not set
# CONFIG_NET_9P is not set
# CONFIG_CAIF is not set
# CONFIG_CEPH_LIB is not set
# CONFIG_NFC is not set
CONFIG_HAVE_BPF_JIT=y

#
# Device Drivers
#

#
# Generic Driver Options
#
CONFIG_UEVENT_HELPER_PATH=""
CONFIG_DEVTMPFS=y
CONFIG_DEVTMPFS_MOUNT=y
CONFIG_STANDALONE=y
CONFIG_PREVENT_FIRMWARE_BUILD=y
CONFIG_FW_LOADER=y
# CONFIG_FIRMWARE_IN_KERNEL is not set
CONFIG_EXTRA_FIRMWARE=""
CONFIG_FW_LOADER_USER_HELPER=y
# CONFIG_DEBUG_DRIVER is not set
# CONFIG_DEBUG_DEVRES is not set
# CONFIG_SYS_HYPERVISOR is not set
# CONFIG_GENERIC_CPU_DEVICES is not set
# CONFIG_DMA_SHARED_BUFFER is not set

#
# Bus devices
#
CONFIG_CONNECTOR=y
CONFIG_PROC_EVENTS=y
# CONFIG_MTD is not set
CONFIG_PARPORT=m
CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y
CONFIG_PARPORT_PC=m
# CONFIG_PARPORT_SERIAL is not set
CONFIG_PARPORT_PC_FIFO=y
# CONFIG_PARPORT_PC_SUPERIO is not set
# CONFIG_PARPORT_GSC is not set
# CONFIG_PARPORT_AX88796 is not set
# CONFIG_PARPORT_1284 is not set
CONFIG_PNP=y
CONFIG_PNP_DEBUG_MESSAGES=y

#
# Protocols
#
CONFIG_PNPACPI=y
CONFIG_BLK_DEV=y
# CONFIG_BLK_DEV_NULL_BLK is not set
# CONFIG_BLK_DEV_FD is not set
# CONFIG_PARIDE is not set
# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set
# CONFIG_BLK_CPQ_CISS_DA is not set
# CONFIG_BLK_DEV_DAC960 is not set
# CONFIG_BLK_DEV_UMEM is not set
# CONFIG_BLK_DEV_COW_COMMON is not set
CONFIG_BLK_DEV_LOOP=y
CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
# CONFIG_BLK_DEV_CRYPTOLOOP is not set
# CONFIG_BLK_DEV_DRBD is not set
CONFIG_BLK_DEV_NBD=y
# CONFIG_BLK_DEV_NVME is not set
# CONFIG_BLK_DEV_SKD is not set
# CONFIG_BLK_DEV_SX8 is not set
CONFIG_BLK_DEV_RAM=y
CONFIG_BLK_DEV_RAM_COUNT=16
CONFIG_BLK_DEV_RAM_SIZE=8192
CONFIG_BLK_DEV_XIP=y
CONFIG_CDROM_PKTCDVD=m
CONFIG_CDROM_PKTCDVD_BUFFERS=8
# CONFIG_CDROM_PKTCDVD_WCACHE is not set
# CONFIG_ATA_OVER_ETH is not set
CONFIG_VIRTIO_BLK=m
# CONFIG_BLK_DEV_HD is not set
# CONFIG_BLK_DEV_RBD is not set
# CONFIG_BLK_DEV_RSXX is not set

#
# Misc devices
#
# CONFIG_SENSORS_LIS3LV02D is not set
# CONFIG_AD525X_DPOT is not set
# CONFIG_DUMMY_IRQ is not set
# CONFIG_IBM_ASM is not set
# CONFIG_PHANTOM is not set
# CONFIG_SGI_IOC4 is not set
# CONFIG_TIFM_CORE is not set
# CONFIG_ICS932S401 is not set
# CONFIG_ATMEL_SSC is not set
CONFIG_ENCLOSURE_SERVICES=y
# CONFIG_HP_ILO is not set
# CONFIG_APDS9802ALS is not set
# CONFIG_ISL29003 is not set
# CONFIG_ISL29020 is not set
# CONFIG_SENSORS_TSL2550 is not set
# CONFIG_SENSORS_BH1780 is not set
# CONFIG_SENSORS_BH1770 is not set
# CONFIG_SENSORS_APDS990X is not set
# CONFIG_HMC6352 is not set
# CONFIG_DS1682 is not set
# CONFIG_BMP085_I2C is not set
# CONFIG_PCH_PHUB is not set
# CONFIG_USB_SWITCH_FSA9480 is not set
# CONFIG_SRAM is not set
# CONFIG_C2PORT is not set

#
# EEPROM support
#
CONFIG_EEPROM_AT24=m
CONFIG_EEPROM_LEGACY=m
# CONFIG_EEPROM_MAX6875 is not set
# CONFIG_EEPROM_93CX6 is not set
# CONFIG_CB710_CORE is not set

#
# Texas Instruments shared transport line discipline
#
# CONFIG_TI_ST is not set
# CONFIG_SENSORS_LIS3_I2C is not set

#
# Altera FPGA firmware download module
#
# CONFIG_ALTERA_STAPL is not set
CONFIG_INTEL_MEI=m
# CONFIG_INTEL_MEI_ME is not set
# CONFIG_VMWARE_VMCI is not set

#
# Intel MIC Host Driver
#
# CONFIG_INTEL_MIC_HOST is not set

#
# Intel MIC Card Driver
#
# CONFIG_INTEL_MIC_CARD is not set
CONFIG_HAVE_IDE=y
# CONFIG_IDE is not set

#
# SCSI device support
#
CONFIG_SCSI_MOD=y
CONFIG_RAID_ATTRS=y
CONFIG_SCSI=y
CONFIG_SCSI_DMA=y
CONFIG_SCSI_TGT=y
CONFIG_SCSI_NETLINK=y
# CONFIG_SCSI_PROC_FS is not set

#
# SCSI support type (disk, tape, CD-ROM)
#
CONFIG_BLK_DEV_SD=y
# CONFIG_CHR_DEV_ST is not set
# CONFIG_CHR_DEV_OSST is not set
CONFIG_BLK_DEV_SR=y
CONFIG_BLK_DEV_SR_VENDOR=y
CONFIG_CHR_DEV_SG=y
# CONFIG_CHR_DEV_SCH is not set
CONFIG_SCSI_ENCLOSURE=y
CONFIG_SCSI_MULTI_LUN=y
CONFIG_SCSI_CONSTANTS=y
CONFIG_SCSI_LOGGING=y
CONFIG_SCSI_SCAN_ASYNC=y

#
# SCSI Transports
#
CONFIG_SCSI_SPI_ATTRS=y
CONFIG_SCSI_FC_ATTRS=m
# CONFIG_SCSI_FC_TGT_ATTRS is not set
CONFIG_SCSI_ISCSI_ATTRS=y
CONFIG_SCSI_SAS_ATTRS=y
CONFIG_SCSI_SAS_LIBSAS=y
CONFIG_SCSI_SAS_ATA=y
CONFIG_SCSI_SAS_HOST_SMP=y
CONFIG_SCSI_SRP_ATTRS=m
CONFIG_SCSI_SRP_TGT_ATTRS=y
CONFIG_SCSI_LOWLEVEL=y
CONFIG_ISCSI_TCP=m
CONFIG_ISCSI_BOOT_SYSFS=m
# CONFIG_SCSI_CXGB3_ISCSI is not set
# CONFIG_SCSI_CXGB4_ISCSI is not set
CONFIG_SCSI_BNX2_ISCSI=m
CONFIG_SCSI_BNX2X_FCOE=m
# CONFIG_BE2ISCSI is not set
# CONFIG_BLK_DEV_3W_XXXX_RAID is not set
# CONFIG_SCSI_HPSA is not set
# CONFIG_SCSI_3W_9XXX is not set
# CONFIG_SCSI_3W_SAS is not set
# CONFIG_SCSI_ACARD is not set
# CONFIG_SCSI_AACRAID is not set
# CONFIG_SCSI_AIC7XXX is not set
# CONFIG_SCSI_AIC7XXX_OLD is not set
# CONFIG_SCSI_AIC79XX is not set
# CONFIG_SCSI_AIC94XX is not set
# CONFIG_SCSI_MVSAS is not set
# CONFIG_SCSI_MVUMI is not set
# CONFIG_SCSI_DPT_I2O is not set
# CONFIG_SCSI_ADVANSYS is not set
# CONFIG_SCSI_ARCMSR is not set
# CONFIG_SCSI_ESAS2R is not set
# CONFIG_MEGARAID_NEWGEN is not set
# CONFIG_MEGARAID_LEGACY is not set
CONFIG_MEGARAID_SAS=y
CONFIG_SCSI_MPT2SAS=y
CONFIG_SCSI_MPT2SAS_MAX_SGE=128
# CONFIG_SCSI_MPT2SAS_LOGGING is not set
# CONFIG_SCSI_MPT3SAS is not set
# CONFIG_SCSI_UFSHCD is not set
# CONFIG_SCSI_HPTIOP is not set
# CONFIG_SCSI_BUSLOGIC is not set
CONFIG_VMWARE_PVSCSI=m
CONFIG_LIBFC=m
CONFIG_LIBFCOE=m
# CONFIG_FCOE is not set
# CONFIG_FCOE_FNIC is not set
# CONFIG_SCSI_DMX3191D is not set
# CONFIG_SCSI_EATA is not set
# CONFIG_SCSI_FUTURE_DOMAIN is not set
# CONFIG_SCSI_GDTH is not set
# CONFIG_SCSI_ISCI is not set
# CONFIG_SCSI_IPS is not set
# CONFIG_SCSI_INITIO is not set
# CONFIG_SCSI_INIA100 is not set
# CONFIG_SCSI_PPA is not set
# CONFIG_SCSI_IMM is not set
# CONFIG_SCSI_STEX is not set
# CONFIG_SCSI_SYM53C8XX_2 is not set
# CONFIG_SCSI_IPR is not set
# CONFIG_SCSI_QLOGIC_1280 is not set
# CONFIG_SCSI_QLA_FC is not set
# CONFIG_SCSI_QLA_ISCSI is not set
# CONFIG_SCSI_LPFC is not set
# CONFIG_SCSI_DC395x is not set
# CONFIG_SCSI_DC390T is not set
# CONFIG_SCSI_DEBUG is not set
# CONFIG_SCSI_PMCRAID is not set
# CONFIG_SCSI_PM8001 is not set
# CONFIG_SCSI_SRP is not set
# CONFIG_SCSI_BFA_FC is not set
CONFIG_SCSI_VIRTIO=m
# CONFIG_SCSI_CHELSIO_FCOE is not set
# CONFIG_SCSI_DH is not set
# CONFIG_SCSI_OSD_INITIATOR is not set
CONFIG_ATA=y
# CONFIG_ATA_NONSTANDARD is not set
CONFIG_ATA_VERBOSE_ERROR=y
CONFIG_ATA_ACPI=y
# CONFIG_SATA_ZPODD is not set
# CONFIG_SATA_PMP is not set

#
# Controllers with non-SFF native interface
#
CONFIG_SATA_AHCI=m
CONFIG_SATA_AHCI_PLATFORM=m
# CONFIG_SATA_INIC162X is not set
# CONFIG_SATA_ACARD_AHCI is not set
# CONFIG_SATA_SIL24 is not set
# CONFIG_ATA_SFF is not set
CONFIG_MD=y
CONFIG_BLK_DEV_MD=m
CONFIG_MD_LINEAR=m
CONFIG_MD_RAID0=m
CONFIG_MD_RAID1=m
CONFIG_MD_RAID10=m
CONFIG_MD_RAID456=m
# CONFIG_MD_MULTIPATH is not set
# CONFIG_MD_FAULTY is not set
# CONFIG_BCACHE is not set
CONFIG_BLK_DEV_DM_BUILTIN=y
CONFIG_BLK_DEV_DM=y
# CONFIG_DM_DEBUG is not set
CONFIG_DM_BUFIO=y
CONFIG_DM_BIO_PRISON=y
CONFIG_DM_PERSISTENT_DATA=y
# CONFIG_DM_CRYPT is not set
CONFIG_DM_SNAPSHOT=y
CONFIG_DM_THIN_PROVISIONING=y
# CONFIG_DM_DEBUG_BLOCK_STACK_TRACING is not set
# CONFIG_DM_CACHE is not set
CONFIG_DM_MIRROR=m
# CONFIG_DM_LOG_USERSPACE is not set
CONFIG_DM_RAID=m
CONFIG_DM_ZERO=m
# CONFIG_DM_MULTIPATH is not set
# CONFIG_DM_DELAY is not set
CONFIG_DM_UEVENT=y
# CONFIG_DM_FLAKEY is not set
# CONFIG_DM_VERITY is not set
# CONFIG_DM_SWITCH is not set
CONFIG_TARGET_CORE=m
CONFIG_TCM_IBLOCK=m
CONFIG_TCM_FILEIO=m
CONFIG_TCM_PSCSI=m
CONFIG_LOOPBACK_TARGET=m
# CONFIG_TCM_FC is not set
CONFIG_ISCSI_TARGET=m
CONFIG_SBP_TARGET=m
CONFIG_FUSION=y
# CONFIG_FUSION_SPI is not set
# CONFIG_FUSION_FC is not set
CONFIG_FUSION_SAS=y
CONFIG_FUSION_MAX_SGE=128
CONFIG_FUSION_CTL=m
CONFIG_FUSION_LOGGING=y

#
# IEEE 1394 (FireWire) support
#
CONFIG_FIREWIRE=y
CONFIG_FIREWIRE_OHCI=y
CONFIG_FIREWIRE_SBP2=m
# CONFIG_FIREWIRE_NET is not set
# CONFIG_FIREWIRE_NOSY is not set
# CONFIG_I2O is not set
# CONFIG_MACINTOSH_DRIVERS is not set
CONFIG_NETDEVICES=y
CONFIG_NET_CORE=y
CONFIG_BONDING=y
# CONFIG_DUMMY is not set
# CONFIG_EQUALIZER is not set
# CONFIG_NET_FC is not set
CONFIG_IFB=m
CONFIG_NET_TEAM=m
# CONFIG_NET_TEAM_MODE_BROADCAST is not set
CONFIG_NET_TEAM_MODE_ROUNDROBIN=m
# CONFIG_NET_TEAM_MODE_RANDOM is not set
# CONFIG_NET_TEAM_MODE_ACTIVEBACKUP is not set
# CONFIG_NET_TEAM_MODE_LOADBALANCE is not set
CONFIG_MACVLAN=m
# CONFIG_MACVTAP is not set
# CONFIG_VXLAN is not set
CONFIG_NETCONSOLE=y
CONFIG_NETPOLL=y
CONFIG_NETPOLL_TRAP=y
CONFIG_NET_POLL_CONTROLLER=y
CONFIG_TUN=m
CONFIG_VETH=m
CONFIG_VIRTIO_NET=m
# CONFIG_NLMON is not set
# CONFIG_ARCNET is not set

#
# CAIF transport drivers
#
CONFIG_VHOST_NET=m
# CONFIG_VHOST_SCSI is not set
CONFIG_VHOST_RING=m
CONFIG_VHOST=m

#
# Distributed Switch Architecture drivers
#
# CONFIG_NET_DSA_MV88E6XXX is not set
# CONFIG_NET_DSA_MV88E6060 is not set
# CONFIG_NET_DSA_MV88E6XXX_NEED_PPU is not set
# CONFIG_NET_DSA_MV88E6131 is not set
# CONFIG_NET_DSA_MV88E6123_61_65 is not set
CONFIG_ETHERNET=y
CONFIG_MDIO=m
# CONFIG_NET_VENDOR_3COM is not set
# CONFIG_NET_VENDOR_ADAPTEC is not set
# CONFIG_NET_VENDOR_ALTEON is not set
# CONFIG_NET_VENDOR_AMD is not set
# CONFIG_NET_VENDOR_ARC is not set
# CONFIG_NET_VENDOR_ATHEROS is not set
# CONFIG_NET_CADENCE is not set
CONFIG_NET_VENDOR_BROADCOM=y
# CONFIG_B44 is not set
CONFIG_BNX2=m
CONFIG_CNIC=m
# CONFIG_TIGON3 is not set
# CONFIG_BNX2X is not set
# CONFIG_NET_VENDOR_BROCADE is not set
# CONFIG_NET_CALXEDA_XGMAC is not set
# CONFIG_NET_VENDOR_CHELSIO is not set
# CONFIG_NET_VENDOR_CISCO is not set
# CONFIG_DNET is not set
# CONFIG_NET_VENDOR_DEC is not set
# CONFIG_NET_VENDOR_DLINK is not set
# CONFIG_NET_VENDOR_EMULEX is not set
# CONFIG_NET_VENDOR_EXAR is not set
# CONFIG_NET_VENDOR_HP is not set
CONFIG_NET_VENDOR_INTEL=y
# CONFIG_E100 is not set
# CONFIG_E1000 is not set
CONFIG_E1000E=y
# CONFIG_IGB is not set
# CONFIG_IGBVF is not set
# CONFIG_IXGB is not set
CONFIG_IXGBE=m
CONFIG_IXGBE_HWMON=y
CONFIG_IXGBE_DCA=y
# CONFIG_IXGBEVF is not set
# CONFIG_I40E is not set
# CONFIG_NET_VENDOR_I825XX is not set
# CONFIG_IP1000 is not set
# CONFIG_JME is not set
# CONFIG_NET_VENDOR_MARVELL is not set
# CONFIG_NET_VENDOR_MELLANOX is not set
# CONFIG_NET_VENDOR_MICREL is not set
# CONFIG_NET_VENDOR_MYRI is not set
# CONFIG_FEALNX is not set
# CONFIG_NET_VENDOR_NATSEMI is not set
# CONFIG_NET_VENDOR_NVIDIA is not set
# CONFIG_NET_VENDOR_OKI is not set
# CONFIG_ETHOC is not set
# CONFIG_NET_PACKET_ENGINE is not set
# CONFIG_NET_VENDOR_QLOGIC is not set
# CONFIG_NET_VENDOR_REALTEK is not set
# CONFIG_SH_ETH is not set
# CONFIG_NET_VENDOR_RDC is not set
# CONFIG_NET_VENDOR_SEEQ is not set
# CONFIG_NET_VENDOR_SILAN is not set
# CONFIG_NET_VENDOR_SIS is not set
# CONFIG_SFC is not set
# CONFIG_NET_VENDOR_SMSC is not set
# CONFIG_NET_VENDOR_STMICRO is not set
# CONFIG_NET_VENDOR_SUN is not set
# CONFIG_NET_VENDOR_TEHUTI is not set
# CONFIG_NET_VENDOR_TI is not set
# CONFIG_NET_VENDOR_VIA is not set
# CONFIG_NET_VENDOR_WIZNET is not set
# CONFIG_FDDI is not set
# CONFIG_HIPPI is not set
# CONFIG_NET_SB1000 is not set
CONFIG_PHYLIB=m

#
# MII PHY device drivers
#
# CONFIG_AT803X_PHY is not set
# CONFIG_AMD_PHY is not set
# CONFIG_MARVELL_PHY is not set
# CONFIG_DAVICOM_PHY is not set
# CONFIG_QSEMI_PHY is not set
CONFIG_LXT_PHY=m
# CONFIG_CICADA_PHY is not set
# CONFIG_VITESSE_PHY is not set
# CONFIG_SMSC_PHY is not set
CONFIG_BROADCOM_PHY=m
CONFIG_BCM87XX_PHY=m
# CONFIG_ICPLUS_PHY is not set
# CONFIG_REALTEK_PHY is not set
# CONFIG_NATIONAL_PHY is not set
# CONFIG_STE10XP is not set
# CONFIG_LSI_ET1011C_PHY is not set
# CONFIG_MICREL_PHY is not set
CONFIG_MDIO_BITBANG=m
CONFIG_MDIO_GPIO=m
# CONFIG_PLIP is not set
# CONFIG_PPP is not set
# CONFIG_SLIP is not set

#
# USB Network Adapters
#
# CONFIG_USB_CATC is not set
# CONFIG_USB_KAWETH is not set
# CONFIG_USB_PEGASUS is not set
# CONFIG_USB_RTL8150 is not set
# CONFIG_USB_RTL8152 is not set
# CONFIG_USB_USBNET is not set
# CONFIG_USB_IPHETH is not set
# CONFIG_WLAN is not set

#
# Enable WiMAX (Networking options) to see the WiMAX drivers
#
# CONFIG_WAN is not set
CONFIG_VMXNET3=m
# CONFIG_ISDN is not set

#
# Input device support
#
CONFIG_INPUT=y
CONFIG_INPUT_FF_MEMLESS=m
CONFIG_INPUT_POLLDEV=m
CONFIG_INPUT_SPARSEKMAP=m
# CONFIG_INPUT_MATRIXKMAP is not set

#
# Userland interfaces
#
CONFIG_INPUT_MOUSEDEV=m
CONFIG_INPUT_MOUSEDEV_PSAUX=y
CONFIG_INPUT_MOUSEDEV_SCREEN_X=1280
CONFIG_INPUT_MOUSEDEV_SCREEN_Y=1200
# CONFIG_INPUT_JOYDEV is not set
CONFIG_INPUT_EVDEV=y
# CONFIG_INPUT_EVBUG is not set

#
# Input Device Drivers
#
CONFIG_INPUT_KEYBOARD=y
# CONFIG_KEYBOARD_ADP5588 is not set
# CONFIG_KEYBOARD_ADP5589 is not set
CONFIG_KEYBOARD_ATKBD=y
# CONFIG_KEYBOARD_QT1070 is not set
# CONFIG_KEYBOARD_QT2160 is not set
# CONFIG_KEYBOARD_LKKBD is not set
# CONFIG_KEYBOARD_GPIO is not set
# CONFIG_KEYBOARD_GPIO_POLLED is not set
# CONFIG_KEYBOARD_TCA6416 is not set
# CONFIG_KEYBOARD_TCA8418 is not set
# CONFIG_KEYBOARD_MATRIX is not set
# CONFIG_KEYBOARD_LM8323 is not set
# CONFIG_KEYBOARD_LM8333 is not set
# CONFIG_KEYBOARD_MAX7359 is not set
# CONFIG_KEYBOARD_MCS is not set
# CONFIG_KEYBOARD_MPR121 is not set
# CONFIG_KEYBOARD_NEWTON is not set
# CONFIG_KEYBOARD_OPENCORES is not set
# CONFIG_KEYBOARD_STOWAWAY is not set
# CONFIG_KEYBOARD_SUNKBD is not set
# CONFIG_KEYBOARD_XTKBD is not set
CONFIG_INPUT_MOUSE=y
CONFIG_MOUSE_PS2=m
# CONFIG_MOUSE_PS2_ALPS is not set
# CONFIG_MOUSE_PS2_LOGIPS2PP is not set
# CONFIG_MOUSE_PS2_SYNAPTICS is not set
# CONFIG_MOUSE_PS2_CYPRESS is not set
# CONFIG_MOUSE_PS2_LIFEBOOK is not set
# CONFIG_MOUSE_PS2_TRACKPOINT is not set
# CONFIG_MOUSE_PS2_ELANTECH is not set
# CONFIG_MOUSE_PS2_SENTELIC is not set
# CONFIG_MOUSE_PS2_TOUCHKIT is not set
CONFIG_MOUSE_SERIAL=m
# CONFIG_MOUSE_APPLETOUCH is not set
# CONFIG_MOUSE_BCM5974 is not set
# CONFIG_MOUSE_CYAPA is not set
# CONFIG_MOUSE_VSXXXAA is not set
# CONFIG_MOUSE_GPIO is not set
# CONFIG_MOUSE_SYNAPTICS_I2C is not set
# CONFIG_MOUSE_SYNAPTICS_USB is not set
CONFIG_INPUT_JOYSTICK=y
CONFIG_JOYSTICK_ANALOG=m
# CONFIG_JOYSTICK_A3D is not set
# CONFIG_JOYSTICK_ADI is not set
# CONFIG_JOYSTICK_COBRA is not set
# CONFIG_JOYSTICK_GF2K is not set
# CONFIG_JOYSTICK_GRIP is not set
# CONFIG_JOYSTICK_GRIP_MP is not set
# CONFIG_JOYSTICK_GUILLEMOT is not set
# CONFIG_JOYSTICK_INTERACT is not set
# CONFIG_JOYSTICK_SIDEWINDER is not set
# CONFIG_JOYSTICK_TMDC is not set
# CONFIG_JOYSTICK_IFORCE is not set
# CONFIG_JOYSTICK_WARRIOR is not set
# CONFIG_JOYSTICK_MAGELLAN is not set
# CONFIG_JOYSTICK_SPACEORB is not set
# CONFIG_JOYSTICK_SPACEBALL is not set
# CONFIG_JOYSTICK_STINGER is not set
# CONFIG_JOYSTICK_TWIDJOY is not set
# CONFIG_JOYSTICK_ZHENHUA is not set
# CONFIG_JOYSTICK_DB9 is not set
# CONFIG_JOYSTICK_GAMECON is not set
# CONFIG_JOYSTICK_TURBOGRAFX is not set
# CONFIG_JOYSTICK_AS5011 is not set
# CONFIG_JOYSTICK_JOYDUMP is not set
CONFIG_JOYSTICK_XPAD=m
CONFIG_JOYSTICK_XPAD_FF=y
# CONFIG_JOYSTICK_XPAD_LEDS is not set
# CONFIG_JOYSTICK_WALKERA0701 is not set
CONFIG_INPUT_TABLET=y
# CONFIG_TABLET_USB_ACECAD is not set
# CONFIG_TABLET_USB_AIPTEK is not set
# CONFIG_TABLET_USB_GTCO is not set
# CONFIG_TABLET_USB_HANWANG is not set
# CONFIG_TABLET_USB_KBTAB is not set
CONFIG_TABLET_USB_WACOM=y
CONFIG_INPUT_TOUCHSCREEN=y
# CONFIG_TOUCHSCREEN_AD7879 is not set
# CONFIG_TOUCHSCREEN_ATMEL_MXT is not set
# CONFIG_TOUCHSCREEN_AUO_PIXCIR is not set
# CONFIG_TOUCHSCREEN_BU21013 is not set
# CONFIG_TOUCHSCREEN_CY8CTMG110 is not set
# CONFIG_TOUCHSCREEN_CYTTSP_CORE is not set
# CONFIG_TOUCHSCREEN_CYTTSP4_CORE is not set
# CONFIG_TOUCHSCREEN_DYNAPRO is not set
# CONFIG_TOUCHSCREEN_HAMPSHIRE is not set
# CONFIG_TOUCHSCREEN_EETI is not set
# CONFIG_TOUCHSCREEN_FUJITSU is not set
# CONFIG_TOUCHSCREEN_ILI210X is not set
# CONFIG_TOUCHSCREEN_GUNZE is not set
# CONFIG_TOUCHSCREEN_ELO is not set
CONFIG_TOUCHSCREEN_WACOM_W8001=m
# CONFIG_TOUCHSCREEN_WACOM_I2C is not set
# CONFIG_TOUCHSCREEN_MAX11801 is not set
# CONFIG_TOUCHSCREEN_MCS5000 is not set
# CONFIG_TOUCHSCREEN_MMS114 is not set
# CONFIG_TOUCHSCREEN_MTOUCH is not set
# CONFIG_TOUCHSCREEN_INEXIO is not set
# CONFIG_TOUCHSCREEN_MK712 is not set
# CONFIG_TOUCHSCREEN_PENMOUNT is not set
# CONFIG_TOUCHSCREEN_EDT_FT5X06 is not set
# CONFIG_TOUCHSCREEN_TOUCHRIGHT is not set
# CONFIG_TOUCHSCREEN_TOUCHWIN is not set
# CONFIG_TOUCHSCREEN_PIXCIR is not set
CONFIG_TOUCHSCREEN_USB_COMPOSITE=m
# CONFIG_TOUCHSCREEN_USB_EGALAX is not set
# CONFIG_TOUCHSCREEN_USB_PANJIT is not set
# CONFIG_TOUCHSCREEN_USB_3M is not set
# CONFIG_TOUCHSCREEN_USB_ITM is not set
# CONFIG_TOUCHSCREEN_USB_ETURBO is not set
# CONFIG_TOUCHSCREEN_USB_GUNZE is not set
# CONFIG_TOUCHSCREEN_USB_DMC_TSC10 is not set
# CONFIG_TOUCHSCREEN_USB_IRTOUCH is not set
# CONFIG_TOUCHSCREEN_USB_IDEALTEK is not set
# CONFIG_TOUCHSCREEN_USB_GENERAL_TOUCH is not set
# CONFIG_TOUCHSCREEN_USB_GOTOP is not set
# CONFIG_TOUCHSCREEN_USB_JASTEC is not set
CONFIG_TOUCHSCREEN_USB_ELO=y
# CONFIG_TOUCHSCREEN_USB_E2I is not set
# CONFIG_TOUCHSCREEN_USB_ZYTRONIC is not set
# CONFIG_TOUCHSCREEN_USB_ETT_TC45USB is not set
# CONFIG_TOUCHSCREEN_USB_NEXIO is not set
CONFIG_TOUCHSCREEN_USB_EASYTOUCH=y
# CONFIG_TOUCHSCREEN_TOUCHIT213 is not set
# CONFIG_TOUCHSCREEN_TSC_SERIO is not set
# CONFIG_TOUCHSCREEN_TSC2007 is not set
# CONFIG_TOUCHSCREEN_ST1232 is not set
# CONFIG_TOUCHSCREEN_SUR40 is not set
# CONFIG_TOUCHSCREEN_TPS6507X is not set
# CONFIG_TOUCHSCREEN_ZFORCE is not set
CONFIG_INPUT_MISC=y
# CONFIG_INPUT_AD714X is not set
# CONFIG_INPUT_BMA150 is not set
CONFIG_INPUT_PCSPKR=y
# CONFIG_INPUT_MMA8450 is not set
# CONFIG_INPUT_MPU3050 is not set
# CONFIG_INPUT_APANEL is not set
# CONFIG_INPUT_GP2A is not set
# CONFIG_INPUT_GPIO_TILT_POLLED is not set
# CONFIG_INPUT_ATLAS_BTNS is not set
# CONFIG_INPUT_ATI_REMOTE2 is not set
# CONFIG_INPUT_KEYSPAN_REMOTE is not set
# CONFIG_INPUT_KXTJ9 is not set
# CONFIG_INPUT_POWERMATE is not set
# CONFIG_INPUT_YEALINK is not set
# CONFIG_INPUT_CM109 is not set
CONFIG_INPUT_UINPUT=y
# CONFIG_INPUT_PCF8574 is not set
# CONFIG_INPUT_GPIO_ROTARY_ENCODER is not set
# CONFIG_INPUT_ADXL34X is not set
# CONFIG_INPUT_IMS_PCU is not set
# CONFIG_INPUT_CMA3000 is not set
# CONFIG_INPUT_IDEAPAD_SLIDEBAR is not set

#
# Hardware I/O ports
#
CONFIG_SERIO=y
CONFIG_SERIO_I8042=y
CONFIG_SERIO_SERPORT=y
# CONFIG_SERIO_CT82C710 is not set
# CONFIG_SERIO_PARKBD is not set
# CONFIG_SERIO_PCIPS2 is not set
CONFIG_SERIO_LIBPS2=y
CONFIG_SERIO_RAW=y
# CONFIG_SERIO_ALTERA_PS2 is not set
# CONFIG_SERIO_PS2MULT is not set
# CONFIG_SERIO_ARC_PS2 is not set
CONFIG_GAMEPORT=m
# CONFIG_GAMEPORT_NS558 is not set
# CONFIG_GAMEPORT_L4 is not set
# CONFIG_GAMEPORT_EMU10K1 is not set
# CONFIG_GAMEPORT_FM801 is not set

#
# Character devices
#
CONFIG_TTY=y
CONFIG_VT=y
CONFIG_CONSOLE_TRANSLATIONS=y
CONFIG_VT_CONSOLE=y
CONFIG_HW_CONSOLE=y
CONFIG_VT_HW_CONSOLE_BINDING=y
CONFIG_UNIX98_PTYS=y
CONFIG_DEVPTS_MULTIPLE_INSTANCES=y
# CONFIG_LEGACY_PTYS is not set
# CONFIG_SERIAL_NONSTANDARD is not set
# CONFIG_NOZOMI is not set
# CONFIG_N_GSM is not set
# CONFIG_TRACE_SINK is not set
CONFIG_DEVKMEM=y

#
# Serial drivers
#
CONFIG_SERIAL_8250=y
CONFIG_SERIAL_8250_DEPRECATED_OPTIONS=y
CONFIG_SERIAL_8250_PNP=y
CONFIG_SERIAL_8250_CONSOLE=y
CONFIG_FIX_EARLYCON_MEM=y
CONFIG_SERIAL_8250_DMA=y
CONFIG_SERIAL_8250_PCI=y
CONFIG_SERIAL_8250_NR_UARTS=4
CONFIG_SERIAL_8250_RUNTIME_UARTS=4
CONFIG_SERIAL_8250_EXTENDED=y
# CONFIG_SERIAL_8250_MANY_PORTS is not set
CONFIG_SERIAL_8250_SHARE_IRQ=y
# CONFIG_SERIAL_8250_DETECT_IRQ is not set
# CONFIG_SERIAL_8250_RSA is not set
# CONFIG_SERIAL_8250_DW is not set

#
# Non-8250 serial port support
#
# CONFIG_SERIAL_KGDB_NMI is not set
# CONFIG_SERIAL_MFD_HSU is not set
CONFIG_SERIAL_CORE=y
CONFIG_SERIAL_CORE_CONSOLE=y
CONFIG_CONSOLE_POLL=y
# CONFIG_SERIAL_JSM is not set
# CONFIG_SERIAL_SCCNXP is not set
# CONFIG_SERIAL_TIMBERDALE is not set
# CONFIG_SERIAL_ALTERA_JTAGUART is not set
# CONFIG_SERIAL_ALTERA_UART is not set
# CONFIG_SERIAL_PCH_UART is not set
# CONFIG_SERIAL_ARC is not set
# CONFIG_SERIAL_RP2 is not set
# CONFIG_SERIAL_FSL_LPUART is not set
CONFIG_TTY_PRINTK=y
# CONFIG_PRINTER is not set
# CONFIG_PPDEV is not set
CONFIG_HVC_DRIVER=y
CONFIG_VIRTIO_CONSOLE=m
CONFIG_IPMI_HANDLER=y
CONFIG_IPMI_PANIC_EVENT=y
CONFIG_IPMI_PANIC_STRING=y
CONFIG_IPMI_DEVICE_INTERFACE=y
CONFIG_IPMI_SI=y
CONFIG_IPMI_WATCHDOG=y
CONFIG_IPMI_POWEROFF=y
CONFIG_HW_RANDOM=y
CONFIG_HW_RANDOM_TIMERIOMEM=m
CONFIG_HW_RANDOM_INTEL=y
# CONFIG_HW_RANDOM_AMD is not set
# CONFIG_HW_RANDOM_VIA is not set
CONFIG_HW_RANDOM_VIRTIO=m
CONFIG_NVRAM=y
# CONFIG_R3964 is not set
# CONFIG_APPLICOM is not set
# CONFIG_MWAVE is not set
CONFIG_RAW_DRIVER=y
CONFIG_MAX_RAW_DEVS=256
CONFIG_HPET=y
CONFIG_HPET_MMAP=y
CONFIG_HPET_MMAP_DEFAULT=y
CONFIG_HANGCHECK_TIMER=m
# CONFIG_TCG_TPM is not set
# CONFIG_TELCLOCK is not set
CONFIG_DEVPORT=y
CONFIG_I2C=y
CONFIG_I2C_BOARDINFO=y
CONFIG_I2C_COMPAT=y
CONFIG_I2C_CHARDEV=y
CONFIG_I2C_MUX=m

#
# Multiplexer I2C Chip support
#
CONFIG_I2C_MUX_GPIO=m
CONFIG_I2C_MUX_PCA9541=m
CONFIG_I2C_MUX_PCA954x=m
CONFIG_I2C_HELPER_AUTO=y
CONFIG_I2C_ALGOBIT=m

#
# I2C Hardware Bus support
#

#
# PC SMBus host controller drivers
#
# CONFIG_I2C_ALI1535 is not set
# CONFIG_I2C_ALI1563 is not set
# CONFIG_I2C_ALI15X3 is not set
# CONFIG_I2C_AMD756 is not set
# CONFIG_I2C_AMD8111 is not set
CONFIG_I2C_I801=y
CONFIG_I2C_ISCH=m
CONFIG_I2C_ISMT=m
CONFIG_I2C_PIIX4=m
# CONFIG_I2C_NFORCE2 is not set
# CONFIG_I2C_SIS5595 is not set
# CONFIG_I2C_SIS630 is not set
# CONFIG_I2C_SIS96X is not set
# CONFIG_I2C_VIA is not set
# CONFIG_I2C_VIAPRO is not set

#
# ACPI drivers
#
CONFIG_I2C_SCMI=y

#
# I2C system bus drivers (mostly embedded / system-on-chip)
#
# CONFIG_I2C_CBUS_GPIO is not set
# CONFIG_I2C_DESIGNWARE_PCI is not set
# CONFIG_I2C_EG20T is not set
CONFIG_I2C_GPIO=m
# CONFIG_I2C_OCORES is not set
# CONFIG_I2C_PCA_PLATFORM is not set
# CONFIG_I2C_PXA_PCI is not set
# CONFIG_I2C_SIMTEC is not set
# CONFIG_I2C_XILINX is not set

#
# External I2C/SMBus adapter drivers
#
# CONFIG_I2C_DIOLAN_U2C is not set
# CONFIG_I2C_PARPORT is not set
# CONFIG_I2C_PARPORT_LIGHT is not set
# CONFIG_I2C_TAOS_EVM is not set
CONFIG_I2C_TINY_USB=m

#
# Other I2C/SMBus bus drivers
#
CONFIG_I2C_STUB=m
# CONFIG_I2C_DEBUG_CORE is not set
# CONFIG_I2C_DEBUG_ALGO is not set
# CONFIG_I2C_DEBUG_BUS is not set
# CONFIG_SPI is not set
# CONFIG_HSI is not set

#
# PPS support
#
CONFIG_PPS=y
# CONFIG_PPS_DEBUG is not set

#
# PPS clients support
#
# CONFIG_PPS_CLIENT_KTIMER is not set
# CONFIG_PPS_CLIENT_LDISC is not set
# CONFIG_PPS_CLIENT_PARPORT is not set
# CONFIG_PPS_CLIENT_GPIO is not set

#
# PPS generators support
#

#
# PTP clock support
#
CONFIG_PTP_1588_CLOCK=y
# CONFIG_DP83640_PHY is not set
CONFIG_PTP_1588_CLOCK_PCH=m
CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y
CONFIG_GPIOLIB=y
CONFIG_GPIO_DEVRES=y
CONFIG_GPIO_ACPI=y
# CONFIG_DEBUG_GPIO is not set
# CONFIG_GPIO_SYSFS is not set
CONFIG_GPIO_GENERIC=y

#
# Memory mapped GPIO drivers:
#
CONFIG_GPIO_GENERIC_PLATFORM=y
# CONFIG_GPIO_IT8761E is not set
# CONFIG_GPIO_F7188X is not set
# CONFIG_GPIO_TS5500 is not set
# CONFIG_GPIO_SCH is not set
CONFIG_GPIO_ICH=y
# CONFIG_GPIO_VX855 is not set
# CONFIG_GPIO_LYNXPOINT is not set

#
# I2C GPIO expanders:
#
# CONFIG_GPIO_MAX7300 is not set
# CONFIG_GPIO_MAX732X is not set
# CONFIG_GPIO_PCA953X is not set
# CONFIG_GPIO_PCF857X is not set
# CONFIG_GPIO_SX150X is not set
# CONFIG_GPIO_ADP5588 is not set

#
# PCI GPIO expanders:
#
# CONFIG_GPIO_BT8XX is not set
# CONFIG_GPIO_AMD8111 is not set
# CONFIG_GPIO_INTEL_MID is not set
# CONFIG_GPIO_PCH is not set
# CONFIG_GPIO_ML_IOH is not set
# CONFIG_GPIO_RDC321X is not set

#
# SPI GPIO expanders:
#
# CONFIG_GPIO_MCP23S08 is not set

#
# AC97 GPIO expanders:
#

#
# LPC GPIO expanders:
#

#
# MODULbus GPIO expanders:
#

#
# USB GPIO expanders:
#
# CONFIG_W1 is not set
CONFIG_POWER_SUPPLY=y
# CONFIG_POWER_SUPPLY_DEBUG is not set
# CONFIG_PDA_POWER is not set
# CONFIG_TEST_POWER is not set
# CONFIG_BATTERY_DS2780 is not set
# CONFIG_BATTERY_DS2781 is not set
# CONFIG_BATTERY_DS2782 is not set
# CONFIG_BATTERY_SBS is not set
# CONFIG_BATTERY_BQ27x00 is not set
# CONFIG_BATTERY_MAX17040 is not set
# CONFIG_BATTERY_MAX17042 is not set
# CONFIG_CHARGER_MAX8903 is not set
# CONFIG_CHARGER_LP8727 is not set
# CONFIG_CHARGER_GPIO is not set
# CONFIG_CHARGER_BQ2415X is not set
# CONFIG_CHARGER_BQ24190 is not set
# CONFIG_CHARGER_BQ24735 is not set
# CONFIG_CHARGER_SMB347 is not set
CONFIG_POWER_RESET=y
# CONFIG_POWER_AVS is not set
CONFIG_HWMON=y
# CONFIG_HWMON_VID is not set
CONFIG_HWMON_DEBUG_CHIP=y

#
# Native drivers
#
# CONFIG_SENSORS_ABITUGURU is not set
# CONFIG_SENSORS_ABITUGURU3 is not set
# CONFIG_SENSORS_AD7414 is not set
# CONFIG_SENSORS_AD7418 is not set
# CONFIG_SENSORS_ADM1021 is not set
# CONFIG_SENSORS_ADM1025 is not set
# CONFIG_SENSORS_ADM1026 is not set
# CONFIG_SENSORS_ADM1029 is not set
# CONFIG_SENSORS_ADM1031 is not set
# CONFIG_SENSORS_ADM9240 is not set
# CONFIG_SENSORS_ADT7410 is not set
# CONFIG_SENSORS_ADT7411 is not set
# CONFIG_SENSORS_ADT7462 is not set
# CONFIG_SENSORS_ADT7470 is not set
# CONFIG_SENSORS_ADT7475 is not set
# CONFIG_SENSORS_ASC7621 is not set
# CONFIG_SENSORS_K8TEMP is not set
# CONFIG_SENSORS_K10TEMP is not set
# CONFIG_SENSORS_FAM15H_POWER is not set
# CONFIG_SENSORS_ASB100 is not set
# CONFIG_SENSORS_ATXP1 is not set
# CONFIG_SENSORS_DS620 is not set
# CONFIG_SENSORS_DS1621 is not set
# CONFIG_SENSORS_I5K_AMB is not set
# CONFIG_SENSORS_F71805F is not set
# CONFIG_SENSORS_F71882FG is not set
# CONFIG_SENSORS_F75375S is not set
# CONFIG_SENSORS_FSCHMD is not set
# CONFIG_SENSORS_G760A is not set
# CONFIG_SENSORS_G762 is not set
# CONFIG_SENSORS_GL518SM is not set
# CONFIG_SENSORS_GL520SM is not set
# CONFIG_SENSORS_GPIO_FAN is not set
# CONFIG_SENSORS_HIH6130 is not set
# CONFIG_SENSORS_HTU21 is not set
CONFIG_SENSORS_CORETEMP=y
# CONFIG_SENSORS_IBMAEM is not set
# CONFIG_SENSORS_IBMPEX is not set
# CONFIG_SENSORS_IT87 is not set
# CONFIG_SENSORS_JC42 is not set
# CONFIG_SENSORS_LINEAGE is not set
# CONFIG_SENSORS_LM63 is not set
# CONFIG_SENSORS_LM73 is not set
# CONFIG_SENSORS_LM75 is not set
# CONFIG_SENSORS_LM77 is not set
# CONFIG_SENSORS_LM78 is not set
# CONFIG_SENSORS_LM80 is not set
# CONFIG_SENSORS_LM83 is not set
# CONFIG_SENSORS_LM85 is not set
# CONFIG_SENSORS_LM87 is not set
# CONFIG_SENSORS_LM90 is not set
# CONFIG_SENSORS_LM92 is not set
# CONFIG_SENSORS_LM93 is not set
# CONFIG_SENSORS_LTC4151 is not set
# CONFIG_SENSORS_LTC4215 is not set
# CONFIG_SENSORS_LTC4245 is not set
# CONFIG_SENSORS_LTC4261 is not set
# CONFIG_SENSORS_LM95234 is not set
# CONFIG_SENSORS_LM95241 is not set
# CONFIG_SENSORS_LM95245 is not set
# CONFIG_SENSORS_MAX16065 is not set
# CONFIG_SENSORS_MAX1619 is not set
# CONFIG_SENSORS_MAX1668 is not set
# CONFIG_SENSORS_MAX197 is not set
# CONFIG_SENSORS_MAX6639 is not set
# CONFIG_SENSORS_MAX6642 is not set
# CONFIG_SENSORS_MAX6650 is not set
# CONFIG_SENSORS_MAX6697 is not set
# CONFIG_SENSORS_MCP3021 is not set
# CONFIG_SENSORS_NCT6775 is not set
# CONFIG_SENSORS_NTC_THERMISTOR is not set
# CONFIG_SENSORS_PC87360 is not set
# CONFIG_SENSORS_PC87427 is not set
# CONFIG_SENSORS_PCF8591 is not set
CONFIG_PMBUS=m
CONFIG_SENSORS_PMBUS=m
# CONFIG_SENSORS_ADM1275 is not set
# CONFIG_SENSORS_LM25066 is not set
# CONFIG_SENSORS_LTC2978 is not set
# CONFIG_SENSORS_MAX16064 is not set
# CONFIG_SENSORS_MAX34440 is not set
# CONFIG_SENSORS_MAX8688 is not set
# CONFIG_SENSORS_UCD9000 is not set
# CONFIG_SENSORS_UCD9200 is not set
# CONFIG_SENSORS_ZL6100 is not set
# CONFIG_SENSORS_SHT15 is not set
# CONFIG_SENSORS_SHT21 is not set
# CONFIG_SENSORS_SIS5595 is not set
# CONFIG_SENSORS_SMM665 is not set
# CONFIG_SENSORS_DME1737 is not set
# CONFIG_SENSORS_EMC1403 is not set
# CONFIG_SENSORS_EMC2103 is not set
# CONFIG_SENSORS_EMC6W201 is not set
# CONFIG_SENSORS_SMSC47M1 is not set
# CONFIG_SENSORS_SMSC47M192 is not set
# CONFIG_SENSORS_SMSC47B397 is not set
# CONFIG_SENSORS_SCH56XX_COMMON is not set
# CONFIG_SENSORS_SCH5627 is not set
# CONFIG_SENSORS_SCH5636 is not set
# CONFIG_SENSORS_ADS1015 is not set
# CONFIG_SENSORS_ADS7828 is not set
# CONFIG_SENSORS_AMC6821 is not set
# CONFIG_SENSORS_INA209 is not set
# CONFIG_SENSORS_INA2XX is not set
# CONFIG_SENSORS_THMC50 is not set
# CONFIG_SENSORS_TMP102 is not set
# CONFIG_SENSORS_TMP401 is not set
# CONFIG_SENSORS_TMP421 is not set
# CONFIG_SENSORS_VIA_CPUTEMP is not set
# CONFIG_SENSORS_VIA686A is not set
# CONFIG_SENSORS_VT1211 is not set
# CONFIG_SENSORS_VT8231 is not set
# CONFIG_SENSORS_W83781D is not set
# CONFIG_SENSORS_W83791D is not set
# CONFIG_SENSORS_W83792D is not set
# CONFIG_SENSORS_W83793 is not set
# CONFIG_SENSORS_W83795 is not set
# CONFIG_SENSORS_W83L785TS is not set
# CONFIG_SENSORS_W83L786NG is not set
# CONFIG_SENSORS_W83627HF is not set
# CONFIG_SENSORS_W83627EHF is not set
# CONFIG_SENSORS_APPLESMC is not set

#
# ACPI drivers
#
# CONFIG_SENSORS_ACPI_POWER is not set
# CONFIG_SENSORS_ATK0110 is not set
CONFIG_THERMAL=y
CONFIG_THERMAL_HWMON=y
CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y
# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set
# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set
# CONFIG_THERMAL_GOV_FAIR_SHARE is not set
CONFIG_THERMAL_GOV_STEP_WISE=y
CONFIG_THERMAL_GOV_USER_SPACE=y
# CONFIG_CPU_THERMAL is not set
# CONFIG_THERMAL_EMULATION is not set
# CONFIG_INTEL_POWERCLAMP is not set
CONFIG_X86_PKG_TEMP_THERMAL=m

#
# Texas Instruments thermal drivers
#
CONFIG_WATCHDOG=y
CONFIG_WATCHDOG_CORE=y
# CONFIG_WATCHDOG_NOWAYOUT is not set

#
# Watchdog Device Drivers
#
# CONFIG_SOFT_WATCHDOG is not set
# CONFIG_ACQUIRE_WDT is not set
# CONFIG_ADVANTECH_WDT is not set
# CONFIG_ALIM1535_WDT is not set
# CONFIG_ALIM7101_WDT is not set
# CONFIG_F71808E_WDT is not set
# CONFIG_SP5100_TCO is not set
# CONFIG_SC520_WDT is not set
# CONFIG_SBC_FITPC2_WATCHDOG is not set
# CONFIG_EUROTECH_WDT is not set
# CONFIG_IB700_WDT is not set
# CONFIG_IBMASR is not set
# CONFIG_WAFER_WDT is not set
# CONFIG_I6300ESB_WDT is not set
# CONFIG_IE6XX_WDT is not set
CONFIG_ITCO_WDT=y
# CONFIG_ITCO_VENDOR_SUPPORT is not set
# CONFIG_IT8712F_WDT is not set
# CONFIG_IT87_WDT is not set
# CONFIG_HP_WATCHDOG is not set
# CONFIG_SC1200_WDT is not set
# CONFIG_PC87413_WDT is not set
# CONFIG_NV_TCO is not set
# CONFIG_60XX_WDT is not set
# CONFIG_SBC8360_WDT is not set
# CONFIG_CPU5_WDT is not set
# CONFIG_SMSC_SCH311X_WDT is not set
# CONFIG_SMSC37B787_WDT is not set
# CONFIG_VIA_WDT is not set
# CONFIG_W83627HF_WDT is not set
# CONFIG_W83697HF_WDT is not set
# CONFIG_W83697UG_WDT is not set
# CONFIG_W83877F_WDT is not set
# CONFIG_W83977F_WDT is not set
# CONFIG_MACHZ_WDT is not set
# CONFIG_SBC_EPX_C3_WATCHDOG is not set
# CONFIG_MEN_A21_WDT is not set

#
# PCI-based Watchdog Cards
#
# CONFIG_PCIPCWATCHDOG is not set
# CONFIG_WDTPCI is not set

#
# USB-based Watchdog Cards
#
# CONFIG_USBPCWATCHDOG is not set
CONFIG_SSB_POSSIBLE=y

#
# Sonics Silicon Backplane
#
# CONFIG_SSB is not set
CONFIG_BCMA_POSSIBLE=y

#
# Broadcom specific AMBA
#
# CONFIG_BCMA is not set

#
# Multifunction device drivers
#
CONFIG_MFD_CORE=y
# CONFIG_MFD_CS5535 is not set
# CONFIG_MFD_AS3711 is not set
# CONFIG_PMIC_ADP5520 is not set
# CONFIG_MFD_AAT2870_CORE is not set
# CONFIG_MFD_CROS_EC is not set
# CONFIG_PMIC_DA903X is not set
# CONFIG_MFD_DA9052_I2C is not set
# CONFIG_MFD_DA9055 is not set
# CONFIG_MFD_DA9063 is not set
# CONFIG_MFD_MC13XXX_I2C is not set
# CONFIG_HTC_PASIC3 is not set
# CONFIG_HTC_I2CPLD is not set
CONFIG_LPC_ICH=y
CONFIG_LPC_SCH=m
# CONFIG_MFD_JANZ_CMODIO is not set
# CONFIG_MFD_KEMPLD is not set
# CONFIG_MFD_88PM800 is not set
# CONFIG_MFD_88PM805 is not set
# CONFIG_MFD_88PM860X is not set
# CONFIG_MFD_MAX77686 is not set
# CONFIG_MFD_MAX77693 is not set
# CONFIG_MFD_MAX8907 is not set
# CONFIG_MFD_MAX8925 is not set
# CONFIG_MFD_MAX8997 is not set
# CONFIG_MFD_MAX8998 is not set
# CONFIG_MFD_VIPERBOARD is not set
# CONFIG_MFD_RETU is not set
# CONFIG_MFD_PCF50633 is not set
# CONFIG_MFD_RDC321X is not set
# CONFIG_MFD_RTSX_PCI is not set
# CONFIG_MFD_RC5T583 is not set
# CONFIG_MFD_SEC_CORE is not set
# CONFIG_MFD_SI476X_CORE is not set
# CONFIG_MFD_SM501 is not set
# CONFIG_MFD_SMSC is not set
# CONFIG_ABX500_CORE is not set
# CONFIG_MFD_STMPE is not set
# CONFIG_MFD_SYSCON is not set
# CONFIG_MFD_TI_AM335X_TSCADC is not set
# CONFIG_MFD_LP8788 is not set
# CONFIG_MFD_PALMAS is not set
# CONFIG_TPS6105X is not set
# CONFIG_TPS65010 is not set
# CONFIG_TPS6507X is not set
# CONFIG_MFD_TPS65090 is not set
# CONFIG_MFD_TPS65217 is not set
# CONFIG_MFD_TPS6586X is not set
# CONFIG_MFD_TPS65910 is not set
# CONFIG_MFD_TPS65912 is not set
# CONFIG_MFD_TPS65912_I2C is not set
# CONFIG_MFD_TPS80031 is not set
# CONFIG_TWL4030_CORE is not set
# CONFIG_TWL6040_CORE is not set
# CONFIG_MFD_WL1273_CORE is not set
# CONFIG_MFD_LM3533 is not set
# CONFIG_MFD_TIMBERDALE is not set
# CONFIG_MFD_TC3589X is not set
# CONFIG_MFD_TMIO is not set
# CONFIG_MFD_VX855 is not set
# CONFIG_MFD_ARIZONA_I2C is not set
# CONFIG_MFD_WM8400 is not set
# CONFIG_MFD_WM831X_I2C is not set
# CONFIG_MFD_WM8350_I2C is not set
# CONFIG_MFD_WM8994 is not set
# CONFIG_REGULATOR is not set
# CONFIG_MEDIA_SUPPORT is not set

#
# Graphics support
#
# CONFIG_AGP is not set
# CONFIG_VGA_ARB is not set
# CONFIG_VGA_SWITCHEROO is not set
# CONFIG_DRM is not set
# CONFIG_VGASTATE is not set
# CONFIG_VIDEO_OUTPUT_CONTROL is not set
# CONFIG_FB is not set
# CONFIG_EXYNOS_VIDEO is not set
# CONFIG_BACKLIGHT_LCD_SUPPORT is not set

#
# Console display driver support
#
CONFIG_VGA_CONSOLE=y
CONFIG_VGACON_SOFT_SCROLLBACK=y
CONFIG_VGACON_SOFT_SCROLLBACK_SIZE=1024
CONFIG_DUMMY_CONSOLE=y
# CONFIG_SOUND is not set

#
# HID support
#
CONFIG_HID=y
# CONFIG_HID_BATTERY_STRENGTH is not set
CONFIG_HIDRAW=y
# CONFIG_UHID is not set
CONFIG_HID_GENERIC=y

#
# Special HID drivers
#
# CONFIG_HID_A4TECH is not set
# CONFIG_HID_ACRUX is not set
# CONFIG_HID_APPLE is not set
# CONFIG_HID_APPLEIR is not set
# CONFIG_HID_AUREAL is not set
# CONFIG_HID_BELKIN is not set
# CONFIG_HID_CHERRY is not set
# CONFIG_HID_CHICONY is not set
# CONFIG_HID_CYPRESS is not set
# CONFIG_HID_DRAGONRISE is not set
# CONFIG_HID_EMS_FF is not set
# CONFIG_HID_ELECOM is not set
# CONFIG_HID_ELO is not set
# CONFIG_HID_EZKEY is not set
# CONFIG_HID_HOLTEK is not set
# CONFIG_HID_HUION is not set
# CONFIG_HID_KEYTOUCH is not set
# CONFIG_HID_KYE is not set
# CONFIG_HID_UCLOGIC is not set
# CONFIG_HID_WALTOP is not set
# CONFIG_HID_GYRATION is not set
# CONFIG_HID_ICADE is not set
# CONFIG_HID_TWINHAN is not set
CONFIG_HID_KENSINGTON=y
# CONFIG_HID_LCPOWER is not set
# CONFIG_HID_LENOVO_TPKBD is not set
# CONFIG_HID_LOGITECH is not set
# CONFIG_HID_MAGICMOUSE is not set
CONFIG_HID_MICROSOFT=m
# CONFIG_HID_MONTEREY is not set
# CONFIG_HID_MULTITOUCH is not set
# CONFIG_HID_NTRIG is not set
# CONFIG_HID_ORTEK is not set
# CONFIG_HID_PANTHERLORD is not set
# CONFIG_HID_PETALYNX is not set
# CONFIG_HID_PICOLCD is not set
# CONFIG_HID_PRIMAX is not set
# CONFIG_HID_ROCCAT is not set
# CONFIG_HID_SAITEK is not set
# CONFIG_HID_SAMSUNG is not set
# CONFIG_HID_SONY is not set
# CONFIG_HID_SPEEDLINK is not set
# CONFIG_HID_STEELSERIES is not set
# CONFIG_HID_SUNPLUS is not set
# CONFIG_HID_GREENASIA is not set
# CONFIG_HID_SMARTJOYPLUS is not set
# CONFIG_HID_TIVO is not set
# CONFIG_HID_TOPSEED is not set
# CONFIG_HID_THINGM is not set
# CONFIG_HID_THRUSTMASTER is not set
# CONFIG_HID_WACOM is not set
# CONFIG_HID_WIIMOTE is not set
# CONFIG_HID_XINMO is not set
# CONFIG_HID_ZEROPLUS is not set
# CONFIG_HID_ZYDACRON is not set
# CONFIG_HID_SENSOR_HUB is not set

#
# USB HID support
#
CONFIG_USB_HID=y
CONFIG_HID_PID=y
CONFIG_USB_HIDDEV=y

#
# I2C HID support
#
# CONFIG_I2C_HID is not set
CONFIG_USB_OHCI_LITTLE_ENDIAN=y
CONFIG_USB_SUPPORT=y
CONFIG_USB_COMMON=y
CONFIG_USB_ARCH_HAS_HCD=y
CONFIG_USB=y
# CONFIG_USB_DEBUG is not set
CONFIG_USB_ANNOUNCE_NEW_DEVICES=y

#
# Miscellaneous USB options
#
CONFIG_USB_DEFAULT_PERSIST=y
# CONFIG_USB_DYNAMIC_MINORS is not set
# CONFIG_USB_OTG is not set
# CONFIG_USB_OTG_WHITELIST is not set
# CONFIG_USB_OTG_BLACKLIST_HUB is not set
CONFIG_USB_MON=y
# CONFIG_USB_WUSB_CBAF is not set

#
# USB Host Controller Drivers
#
# CONFIG_USB_C67X00_HCD is not set
# CONFIG_USB_XHCI_HCD is not set
CONFIG_USB_EHCI_HCD=y
CONFIG_USB_EHCI_ROOT_HUB_TT=y
CONFIG_USB_EHCI_TT_NEWSCHED=y
CONFIG_USB_EHCI_PCI=y
# CONFIG_USB_EHCI_HCD_PLATFORM is not set
# CONFIG_USB_OXU210HP_HCD is not set
# CONFIG_USB_ISP116X_HCD is not set
# CONFIG_USB_ISP1760_HCD is not set
# CONFIG_USB_ISP1362_HCD is not set
# CONFIG_USB_FUSBH200_HCD is not set
# CONFIG_USB_FOTG210_HCD is not set
# CONFIG_USB_OHCI_HCD is not set
CONFIG_USB_UHCI_HCD=y
# CONFIG_USB_SL811_HCD is not set
# CONFIG_USB_R8A66597_HCD is not set
# CONFIG_USB_HCD_TEST_MODE is not set

#
# USB Device Class drivers
#
# CONFIG_USB_ACM is not set
# CONFIG_USB_PRINTER is not set
# CONFIG_USB_WDM is not set
# CONFIG_USB_TMC is not set

#
# NOTE: USB_STORAGE depends on SCSI but BLK_DEV_SD may
#

#
# also be needed; see USB_STORAGE Help for more info
#
CONFIG_USB_STORAGE=m
# CONFIG_USB_STORAGE_DEBUG is not set
# CONFIG_USB_STORAGE_REALTEK is not set
# CONFIG_USB_STORAGE_DATAFAB is not set
# CONFIG_USB_STORAGE_FREECOM is not set
# CONFIG_USB_STORAGE_ISD200 is not set
# CONFIG_USB_STORAGE_USBAT is not set
# CONFIG_USB_STORAGE_SDDR09 is not set
# CONFIG_USB_STORAGE_SDDR55 is not set
# CONFIG_USB_STORAGE_JUMPSHOT is not set
# CONFIG_USB_STORAGE_ALAUDA is not set
# CONFIG_USB_STORAGE_ONETOUCH is not set
# CONFIG_USB_STORAGE_KARMA is not set
# CONFIG_USB_STORAGE_CYPRESS_ATACB is not set
# CONFIG_USB_STORAGE_ENE_UB6250 is not set

#
# USB Imaging devices
#
# CONFIG_USB_MDC800 is not set
# CONFIG_USB_MICROTEK is not set
# CONFIG_USB_DWC3 is not set
# CONFIG_USB_CHIPIDEA is not set

#
# USB port drivers
#
# CONFIG_USB_USS720 is not set
# CONFIG_USB_SERIAL is not set

#
# USB Miscellaneous drivers
#
# CONFIG_USB_EMI62 is not set
# CONFIG_USB_EMI26 is not set
# CONFIG_USB_ADUTUX is not set
# CONFIG_USB_SEVSEG is not set
# CONFIG_USB_RIO500 is not set
# CONFIG_USB_LEGOTOWER is not set
# CONFIG_USB_LCD is not set
# CONFIG_USB_LED is not set
# CONFIG_USB_CYPRESS_CY7C63 is not set
# CONFIG_USB_CYTHERM is not set
# CONFIG_USB_IDMOUSE is not set
# CONFIG_USB_FTDI_ELAN is not set
# CONFIG_USB_APPLEDISPLAY is not set
# CONFIG_USB_SISUSBVGA is not set
# CONFIG_USB_LD is not set
# CONFIG_USB_TRANCEVIBRATOR is not set
# CONFIG_USB_IOWARRIOR is not set
# CONFIG_USB_TEST is not set
# CONFIG_USB_EHSET_TEST_FIXTURE is not set
# CONFIG_USB_ISIGHTFW is not set
# CONFIG_USB_YUREX is not set
# CONFIG_USB_EZUSB_FX2 is not set
# CONFIG_USB_HSIC_USB3503 is not set

#
# USB Physical Layer drivers
#
# CONFIG_USB_PHY is not set
# CONFIG_NOP_USB_XCEIV is not set
# CONFIG_SAMSUNG_USB2PHY is not set
# CONFIG_SAMSUNG_USB3PHY is not set
# CONFIG_USB_GPIO_VBUS is not set
# CONFIG_USB_ISP1301 is not set
# CONFIG_USB_RCAR_PHY is not set
# CONFIG_USB_GADGET is not set
# CONFIG_UWB is not set
# CONFIG_MMC is not set
# CONFIG_MEMSTICK is not set
CONFIG_NEW_LEDS=y
CONFIG_LEDS_CLASS=y

#
# LED drivers
#
# CONFIG_LEDS_LM3530 is not set
# CONFIG_LEDS_LM3642 is not set
# CONFIG_LEDS_PCA9532 is not set
# CONFIG_LEDS_GPIO is not set
# CONFIG_LEDS_LP3944 is not set
# CONFIG_LEDS_LP5521 is not set
# CONFIG_LEDS_LP5523 is not set
# CONFIG_LEDS_LP5562 is not set
# CONFIG_LEDS_LP8501 is not set
# CONFIG_LEDS_CLEVO_MAIL is not set
# CONFIG_LEDS_PCA955X is not set
# CONFIG_LEDS_PCA963X is not set
# CONFIG_LEDS_PCA9685 is not set
# CONFIG_LEDS_BD2802 is not set
# CONFIG_LEDS_INTEL_SS4200 is not set
# CONFIG_LEDS_LT3593 is not set
# CONFIG_LEDS_DELL_NETBOOKS is not set
# CONFIG_LEDS_TCA6507 is not set
# CONFIG_LEDS_LM355x is not set
# CONFIG_LEDS_OT200 is not set
# CONFIG_LEDS_BLINKM is not set

#
# LED Triggers
#
# CONFIG_LEDS_TRIGGERS is not set
# CONFIG_ACCESSIBILITY is not set
# CONFIG_INFINIBAND is not set
CONFIG_EDAC=y
CONFIG_EDAC_LEGACY_SYSFS=y
# CONFIG_EDAC_DEBUG is not set
CONFIG_EDAC_MM_EDAC=y
# CONFIG_EDAC_GHES is not set
# CONFIG_EDAC_E752X is not set
# CONFIG_EDAC_I82975X is not set
# CONFIG_EDAC_I3000 is not set
# CONFIG_EDAC_I3200 is not set
# CONFIG_EDAC_X38 is not set
# CONFIG_EDAC_I5400 is not set
CONFIG_EDAC_I7CORE=y
# CONFIG_EDAC_I5000 is not set
# CONFIG_EDAC_I5100 is not set
# CONFIG_EDAC_I7300 is not set
# CONFIG_EDAC_SBRIDGE is not set
CONFIG_RTC_LIB=y
CONFIG_RTC_CLASS=y
CONFIG_RTC_HCTOSYS=y
CONFIG_RTC_SYSTOHC=y
CONFIG_RTC_HCTOSYS_DEVICE="rtc0"
# CONFIG_RTC_DEBUG is not set

#
# RTC interfaces
#
CONFIG_RTC_INTF_SYSFS=y
CONFIG_RTC_INTF_PROC=y
CONFIG_RTC_INTF_DEV=y
# CONFIG_RTC_INTF_DEV_UIE_EMUL is not set
# CONFIG_RTC_DRV_TEST is not set

#
# I2C RTC drivers
#
# CONFIG_RTC_DRV_DS1307 is not set
# CONFIG_RTC_DRV_DS1374 is not set
# CONFIG_RTC_DRV_DS1672 is not set
# CONFIG_RTC_DRV_DS3232 is not set
# CONFIG_RTC_DRV_MAX6900 is not set
# CONFIG_RTC_DRV_RS5C372 is not set
# CONFIG_RTC_DRV_ISL1208 is not set
# CONFIG_RTC_DRV_ISL12022 is not set
# CONFIG_RTC_DRV_X1205 is not set
# CONFIG_RTC_DRV_PCF2127 is not set
# CONFIG_RTC_DRV_PCF8523 is not set
# CONFIG_RTC_DRV_PCF8563 is not set
# CONFIG_RTC_DRV_PCF8583 is not set
# CONFIG_RTC_DRV_M41T80 is not set
# CONFIG_RTC_DRV_BQ32K is not set
# CONFIG_RTC_DRV_S35390A is not set
# CONFIG_RTC_DRV_FM3130 is not set
# CONFIG_RTC_DRV_RX8581 is not set
# CONFIG_RTC_DRV_RX8025 is not set
# CONFIG_RTC_DRV_EM3027 is not set
# CONFIG_RTC_DRV_RV3029C2 is not set

#
# SPI RTC drivers
#

#
# Platform RTC drivers
#
CONFIG_RTC_DRV_CMOS=y
# CONFIG_RTC_DRV_DS1286 is not set
# CONFIG_RTC_DRV_DS1511 is not set
# CONFIG_RTC_DRV_DS1553 is not set
# CONFIG_RTC_DRV_DS1742 is not set
# CONFIG_RTC_DRV_STK17TA8 is not set
# CONFIG_RTC_DRV_M48T86 is not set
# CONFIG_RTC_DRV_M48T35 is not set
# CONFIG_RTC_DRV_M48T59 is not set
# CONFIG_RTC_DRV_MSM6242 is not set
# CONFIG_RTC_DRV_BQ4802 is not set
# CONFIG_RTC_DRV_RP5C01 is not set
# CONFIG_RTC_DRV_V3020 is not set
# CONFIG_RTC_DRV_DS2404 is not set

#
# on-CPU RTC drivers
#
# CONFIG_RTC_DRV_MOXART is not set

#
# HID Sensor RTC drivers
#
# CONFIG_RTC_DRV_HID_SENSOR_TIME is not set
CONFIG_DMADEVICES=y
# CONFIG_DMADEVICES_DEBUG is not set

#
# DMA Devices
#
# CONFIG_INTEL_MID_DMAC is not set
CONFIG_INTEL_IOATDMA=y
# CONFIG_DW_DMAC_CORE is not set
# CONFIG_DW_DMAC is not set
# CONFIG_DW_DMAC_PCI is not set
# CONFIG_TIMB_DMA is not set
# CONFIG_PCH_DMA is not set
CONFIG_DMA_ENGINE=y
CONFIG_DMA_ACPI=y

#
# DMA Clients
#
CONFIG_ASYNC_TX_DMA=y
# CONFIG_DMATEST is not set
CONFIG_DMA_ENGINE_RAID=y
CONFIG_DCA=y
# CONFIG_AUXDISPLAY is not set
CONFIG_UIO=m
# CONFIG_UIO_CIF is not set
# CONFIG_UIO_PDRV_GENIRQ is not set
# CONFIG_UIO_DMEM_GENIRQ is not set
# CONFIG_UIO_AEC is not set
# CONFIG_UIO_SERCOS3 is not set
# CONFIG_UIO_PCI_GENERIC is not set
# CONFIG_UIO_NETX is not set
# CONFIG_UIO_MF624 is not set
CONFIG_VFIO_IOMMU_TYPE1=m
CONFIG_VFIO=m
# CONFIG_VFIO_PCI is not set
CONFIG_VIRT_DRIVERS=y
CONFIG_VIRTIO=m

#
# Virtio drivers
#
CONFIG_VIRTIO_PCI=m
CONFIG_VIRTIO_BALLOON=m
CONFIG_VIRTIO_MMIO=m
# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set

#
# Microsoft Hyper-V guest support
#
# CONFIG_STAGING is not set
CONFIG_X86_PLATFORM_DEVICES=y
# CONFIG_ACERHDF is not set
# CONFIG_ASUS_LAPTOP is not set
# CONFIG_DELL_WMI is not set
# CONFIG_DELL_WMI_AIO is not set
# CONFIG_FUJITSU_TABLET is not set
# CONFIG_HP_ACCEL is not set
# CONFIG_HP_WMI is not set
# CONFIG_THINKPAD_ACPI is not set
# CONFIG_SENSORS_HDAPS is not set
# CONFIG_INTEL_MENLOW is not set
CONFIG_ACPI_WMI=m
# CONFIG_TOPSTAR_LAPTOP is not set
# CONFIG_TOSHIBA_BT_RFKILL is not set
# CONFIG_ACPI_CMPC is not set
# CONFIG_INTEL_IPS is not set
# CONFIG_IBM_RTL is not set
# CONFIG_XO15_EBOOK is not set
# CONFIG_MXM_WMI is not set
# CONFIG_SAMSUNG_Q10 is not set
# CONFIG_INTEL_RST is not set
# CONFIG_INTEL_SMARTCONNECT is not set
# CONFIG_PVPANIC is not set
# CONFIG_CHROME_PLATFORMS is not set

#
# Hardware Spinlock drivers
#
CONFIG_CLKEVT_I8253=y
CONFIG_I8253_LOCK=y
CONFIG_CLKBLD_I8253=y
# CONFIG_MAILBOX is not set
CONFIG_IOMMU_API=y
CONFIG_IOMMU_SUPPORT=y
# CONFIG_AMD_IOMMU is not set
CONFIG_DMAR_TABLE=y
CONFIG_INTEL_IOMMU=y
CONFIG_INTEL_IOMMU_DEFAULT_ON=y
CONFIG_INTEL_IOMMU_FLOPPY_WA=y
CONFIG_IRQ_REMAP=y

#
# Remoteproc drivers
#
# CONFIG_STE_MODEM_RPROC is not set

#
# Rpmsg drivers
#
# CONFIG_PM_DEVFREQ is not set
# CONFIG_EXTCON is not set
CONFIG_MEMORY=y
# CONFIG_IIO is not set
# CONFIG_NTB is not set
# CONFIG_VME_BUS is not set
# CONFIG_PWM is not set
# CONFIG_IPACK_BUS is not set
# CONFIG_RESET_CONTROLLER is not set
# CONFIG_FMC is not set

#
# PHY Subsystem
#
CONFIG_GENERIC_PHY=m
# CONFIG_PHY_EXYNOS_MIPI_VIDEO is not set
# CONFIG_POWERCAP is not set

#
# Firmware Drivers
#
CONFIG_EDD=m
# CONFIG_EDD_OFF is not set
CONFIG_FIRMWARE_MEMMAP=y
CONFIG_DELL_RBU=y
CONFIG_DCDBAS=y
CONFIG_DMIID=y
CONFIG_DMI_SYSFS=y
# CONFIG_ISCSI_IBFT_FIND is not set
# CONFIG_GOOGLE_FIRMWARE is not set

#
# EFI (Extensible Firmware Interface) Support
#
CONFIG_EFI_VARS=y
CONFIG_EFI_VARS_PSTORE=y
CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE=y
CONFIG_UEFI_CPER=y

#
# File systems
#
CONFIG_DCACHE_WORD_ACCESS=y
# CONFIG_EXT2_FS is not set
CONFIG_EXT3_FS=m
# CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set
CONFIG_EXT3_FS_XATTR=y
CONFIG_EXT3_FS_POSIX_ACL=y
# CONFIG_EXT3_FS_SECURITY is not set
CONFIG_EXT4_FS=m
CONFIG_EXT4_USE_FOR_EXT23=y
CONFIG_EXT4_FS_POSIX_ACL=y
# CONFIG_EXT4_FS_SECURITY is not set
# CONFIG_EXT4_DEBUG is not set
CONFIG_JBD=m
# CONFIG_JBD_DEBUG is not set
CONFIG_JBD2=m
# CONFIG_JBD2_DEBUG is not set
CONFIG_FS_MBCACHE=m
# CONFIG_REISERFS_FS is not set
# CONFIG_JFS_FS is not set
CONFIG_XFS_FS=y
# CONFIG_XFS_QUOTA is not set
CONFIG_XFS_POSIX_ACL=y
CONFIG_XFS_RT=y
# CONFIG_XFS_WARN is not set
# CONFIG_XFS_DEBUG is not set
# CONFIG_GFS2_FS is not set
# CONFIG_OCFS2_FS is not set
CONFIG_BTRFS_FS=m
CONFIG_BTRFS_FS_POSIX_ACL=y
# CONFIG_BTRFS_FS_CHECK_INTEGRITY is not set
# CONFIG_BTRFS_FS_RUN_SANITY_TESTS is not set
# CONFIG_BTRFS_DEBUG is not set
# CONFIG_BTRFS_ASSERT is not set
CONFIG_NILFS2_FS=m
CONFIG_FS_POSIX_ACL=y
CONFIG_EXPORTFS=y
CONFIG_FILE_LOCKING=y
CONFIG_FSNOTIFY=y
CONFIG_DNOTIFY=y
CONFIG_INOTIFY_USER=y
CONFIG_FANOTIFY=y
# CONFIG_FANOTIFY_ACCESS_PERMISSIONS is not set
# CONFIG_QUOTA is not set
# CONFIG_QUOTACTL is not set
CONFIG_AUTOFS4_FS=y
CONFIG_FUSE_FS=m
CONFIG_CUSE=m
CONFIG_GENERIC_ACL=y

#
# Caches
#
CONFIG_FSCACHE=y
# CONFIG_FSCACHE_STATS is not set
# CONFIG_FSCACHE_HISTOGRAM is not set
# CONFIG_FSCACHE_DEBUG is not set
# CONFIG_FSCACHE_OBJECT_LIST is not set
# CONFIG_CACHEFILES is not set

#
# CD-ROM/DVD Filesystems
#
CONFIG_ISO9660_FS=m
CONFIG_JOLIET=y
CONFIG_ZISOFS=y
CONFIG_UDF_FS=y
CONFIG_UDF_NLS=y

#
# DOS/FAT/NT Filesystems
#
CONFIG_FAT_FS=y
CONFIG_MSDOS_FS=m
CONFIG_VFAT_FS=y
CONFIG_FAT_DEFAULT_CODEPAGE=65001
CONFIG_FAT_DEFAULT_IOCHARSET="65001"
CONFIG_NTFS_FS=m
# CONFIG_NTFS_DEBUG is not set
CONFIG_NTFS_RW=y

#
# Pseudo filesystems
#
CONFIG_PROC_FS=y
CONFIG_PROC_KCORE=y
CONFIG_PROC_VMCORE=y
CONFIG_PROC_SYSCTL=y
CONFIG_PROC_PAGE_MONITOR=y
CONFIG_SYSFS=y
CONFIG_TMPFS=y
CONFIG_TMPFS_POSIX_ACL=y
CONFIG_TMPFS_XATTR=y
CONFIG_HUGETLBFS=y
CONFIG_HUGETLB_PAGE=y
CONFIG_CONFIGFS_FS=m
CONFIG_MISC_FILESYSTEMS=y
# CONFIG_ADFS_FS is not set
# CONFIG_AFFS_FS is not set
# CONFIG_ECRYPT_FS is not set
# CONFIG_HFS_FS is not set
# CONFIG_HFSPLUS_FS is not set
# CONFIG_BEFS_FS is not set
# CONFIG_BFS_FS is not set
# CONFIG_EFS_FS is not set
# CONFIG_LOGFS is not set
CONFIG_CRAMFS=m
CONFIG_SQUASHFS=m
# CONFIG_SQUASHFS_FILE_CACHE is not set
CONFIG_SQUASHFS_FILE_DIRECT=y
# CONFIG_SQUASHFS_DECOMP_SINGLE is not set
CONFIG_SQUASHFS_DECOMP_MULTI=y
# CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU is not set
CONFIG_SQUASHFS_XATTR=y
CONFIG_SQUASHFS_ZLIB=y
CONFIG_SQUASHFS_LZO=y
CONFIG_SQUASHFS_XZ=y
# CONFIG_SQUASHFS_4K_DEVBLK_SIZE is not set
# CONFIG_SQUASHFS_EMBEDDED is not set
CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE=3
# CONFIG_VXFS_FS is not set
# CONFIG_MINIX_FS is not set
# CONFIG_OMFS_FS is not set
# CONFIG_HPFS_FS is not set
# CONFIG_QNX4FS_FS is not set
# CONFIG_QNX6FS_FS is not set
# CONFIG_ROMFS_FS is not set
CONFIG_PSTORE=y
# CONFIG_PSTORE_CONSOLE is not set
# CONFIG_PSTORE_RAM is not set
# CONFIG_SYSV_FS is not set
# CONFIG_UFS_FS is not set
# CONFIG_F2FS_FS is not set
# CONFIG_EFIVAR_FS is not set
CONFIG_NETWORK_FILESYSTEMS=y
CONFIG_NFS_FS=m
# CONFIG_NFS_V2 is not set
CONFIG_NFS_V3=m
CONFIG_NFS_V3_ACL=y
CONFIG_NFS_V4=m
# CONFIG_NFS_SWAP is not set
# CONFIG_NFS_V4_1 is not set
# CONFIG_NFS_FSCACHE is not set
# CONFIG_NFS_USE_LEGACY_DNS is not set
CONFIG_NFS_USE_KERNEL_DNS=y
CONFIG_NFSD=m
CONFIG_NFSD_V2_ACL=y
CONFIG_NFSD_V3=y
CONFIG_NFSD_V3_ACL=y
CONFIG_NFSD_V4=y
# CONFIG_NFSD_V4_SECURITY_LABEL is not set
# CONFIG_NFSD_FAULT_INJECTION is not set
CONFIG_LOCKD=m
CONFIG_LOCKD_V4=y
CONFIG_NFS_ACL_SUPPORT=m
CONFIG_NFS_COMMON=y
CONFIG_SUNRPC=m
CONFIG_SUNRPC_GSS=m
# CONFIG_SUNRPC_DEBUG is not set
# CONFIG_CEPH_FS is not set
CONFIG_CIFS=y
CONFIG_CIFS_STATS=y
# CONFIG_CIFS_STATS2 is not set
# CONFIG_CIFS_WEAK_PW_HASH is not set
# CONFIG_CIFS_UPCALL is not set
CONFIG_CIFS_XATTR=y
CONFIG_CIFS_POSIX=y
CONFIG_CIFS_ACL=y
CONFIG_CIFS_DEBUG=y
# CONFIG_CIFS_DEBUG2 is not set
# CONFIG_CIFS_DFS_UPCALL is not set
CONFIG_CIFS_SMB2=y
# CONFIG_CIFS_FSCACHE is not set
# CONFIG_NCP_FS is not set
# CONFIG_CODA_FS is not set
# CONFIG_AFS_FS is not set
CONFIG_NLS=y
CONFIG_NLS_DEFAULT="utf8"
CONFIG_NLS_CODEPAGE_437=m
# CONFIG_NLS_CODEPAGE_737 is not set
# CONFIG_NLS_CODEPAGE_775 is not set
# CONFIG_NLS_CODEPAGE_850 is not set
# CONFIG_NLS_CODEPAGE_852 is not set
# CONFIG_NLS_CODEPAGE_855 is not set
# CONFIG_NLS_CODEPAGE_857 is not set
# CONFIG_NLS_CODEPAGE_860 is not set
# CONFIG_NLS_CODEPAGE_861 is not set
# CONFIG_NLS_CODEPAGE_862 is not set
# CONFIG_NLS_CODEPAGE_863 is not set
# CONFIG_NLS_CODEPAGE_864 is not set
# CONFIG_NLS_CODEPAGE_865 is not set
# CONFIG_NLS_CODEPAGE_866 is not set
# CONFIG_NLS_CODEPAGE_869 is not set
# CONFIG_NLS_CODEPAGE_936 is not set
# CONFIG_NLS_CODEPAGE_950 is not set
# CONFIG_NLS_CODEPAGE_932 is not set
# CONFIG_NLS_CODEPAGE_949 is not set
# CONFIG_NLS_CODEPAGE_874 is not set
# CONFIG_NLS_ISO8859_8 is not set
# CONFIG_NLS_CODEPAGE_1250 is not set
# CONFIG_NLS_CODEPAGE_1251 is not set
CONFIG_NLS_ASCII=m
CONFIG_NLS_ISO8859_1=m
# CONFIG_NLS_ISO8859_2 is not set
# CONFIG_NLS_ISO8859_3 is not set
# CONFIG_NLS_ISO8859_4 is not set
# CONFIG_NLS_ISO8859_5 is not set
# CONFIG_NLS_ISO8859_6 is not set
# CONFIG_NLS_ISO8859_7 is not set
# CONFIG_NLS_ISO8859_9 is not set
# CONFIG_NLS_ISO8859_13 is not set
# CONFIG_NLS_ISO8859_14 is not set
CONFIG_NLS_ISO8859_15=m
# CONFIG_NLS_KOI8_R is not set
# CONFIG_NLS_KOI8_U is not set
# CONFIG_NLS_MAC_ROMAN is not set
# CONFIG_NLS_MAC_CELTIC is not set
# CONFIG_NLS_MAC_CENTEURO is not set
# CONFIG_NLS_MAC_CROATIAN is not set
# CONFIG_NLS_MAC_CYRILLIC is not set
# CONFIG_NLS_MAC_GAELIC is not set
# CONFIG_NLS_MAC_GREEK is not set
# CONFIG_NLS_MAC_ICELAND is not set
# CONFIG_NLS_MAC_INUIT is not set
# CONFIG_NLS_MAC_ROMANIAN is not set
# CONFIG_NLS_MAC_TURKISH is not set
CONFIG_NLS_UTF8=y
# CONFIG_DLM is not set

#
# Kernel hacking
#
CONFIG_TRACE_IRQFLAGS_SUPPORT=y

#
# printk and dmesg options
#
CONFIG_PRINTK_TIME=y
CONFIG_DEFAULT_MESSAGE_LOGLEVEL=4
# CONFIG_BOOT_PRINTK_DELAY is not set
# CONFIG_DYNAMIC_DEBUG is not set

#
# Compile-time checks and compiler options
#
CONFIG_DEBUG_INFO=y
# CONFIG_DEBUG_INFO_REDUCED is not set
# CONFIG_ENABLE_WARN_DEPRECATED is not set
# CONFIG_ENABLE_MUST_CHECK is not set
CONFIG_FRAME_WARN=2048
CONFIG_STRIP_ASM_SYMS=y
# CONFIG_READABLE_ASM is not set
# CONFIG_UNUSED_SYMBOLS is not set
CONFIG_DEBUG_FS=y
# CONFIG_HEADERS_CHECK is not set
# CONFIG_DEBUG_SECTION_MISMATCH is not set
CONFIG_ARCH_WANT_FRAME_POINTERS=y
CONFIG_FRAME_POINTER=y
# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
CONFIG_MAGIC_SYSRQ=y
CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x1
CONFIG_DEBUG_KERNEL=y

#
# Memory Debugging
#
# CONFIG_DEBUG_PAGEALLOC is not set
# CONFIG_DEBUG_OBJECTS is not set
# CONFIG_SLUB_DEBUG_ON is not set
# CONFIG_SLUB_STATS is not set
CONFIG_HAVE_DEBUG_KMEMLEAK=y
# CONFIG_DEBUG_KMEMLEAK is not set
CONFIG_DEBUG_STACK_USAGE=y
# CONFIG_DEBUG_VM is not set
# CONFIG_DEBUG_VIRTUAL is not set
# CONFIG_DEBUG_MEMORY_INIT is not set
# CONFIG_DEBUG_PER_CPU_MAPS is not set
CONFIG_HAVE_DEBUG_STACKOVERFLOW=y
# CONFIG_DEBUG_STACKOVERFLOW is not set
CONFIG_HAVE_ARCH_KMEMCHECK=y
# CONFIG_KMEMCHECK is not set
# CONFIG_DEBUG_SHIRQ is not set

#
# Debug Lockups and Hangs
#
CONFIG_LOCKUP_DETECTOR=y
CONFIG_HARDLOCKUP_DETECTOR=y
CONFIG_BOOTPARAM_HARDLOCKUP_PANIC=y
CONFIG_BOOTPARAM_HARDLOCKUP_PANIC_VALUE=1
CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC=y
CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC_VALUE=1
CONFIG_DETECT_HUNG_TASK=y
CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120
# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set
CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0
# CONFIG_PANIC_ON_OOPS is not set
CONFIG_PANIC_ON_OOPS_VALUE=0
CONFIG_SCHED_DEBUG=y
CONFIG_SCHEDSTATS=y
CONFIG_TIMER_STATS=y
# CONFIG_DEBUG_PREEMPT is not set

#
# Lock Debugging (spinlocks, mutexes, etc...)
#
CONFIG_DEBUG_RT_MUTEXES=y
CONFIG_DEBUG_PI_LIST=y
# CONFIG_RT_MUTEX_TESTER is not set
CONFIG_DEBUG_SPINLOCK=y
CONFIG_DEBUG_MUTEXES=y
# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set
CONFIG_DEBUG_LOCK_ALLOC=y
# CONFIG_PROVE_LOCKING is not set
CONFIG_LOCKDEP=y
CONFIG_LOCK_STAT=y
# CONFIG_DEBUG_LOCKDEP is not set
# CONFIG_DEBUG_ATOMIC_SLEEP is not set
# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
CONFIG_TRACE_IRQFLAGS=y
CONFIG_STACKTRACE=y
# CONFIG_DEBUG_KOBJECT is not set
CONFIG_DEBUG_BUGVERBOSE=y
# CONFIG_DEBUG_WRITECOUNT is not set
# CONFIG_DEBUG_LIST is not set
# CONFIG_DEBUG_SG is not set
# CONFIG_DEBUG_NOTIFIERS is not set
# CONFIG_DEBUG_CREDENTIALS is not set

#
# RCU Debugging
#
# CONFIG_PROVE_RCU_DELAY is not set
# CONFIG_SPARSE_RCU_POINTER is not set
# CONFIG_RCU_TORTURE_TEST is not set
CONFIG_RCU_CPU_STALL_TIMEOUT=30
# CONFIG_RCU_CPU_STALL_VERBOSE is not set
# CONFIG_RCU_CPU_STALL_INFO is not set
# CONFIG_RCU_TRACE is not set
# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set
# CONFIG_NOTIFIER_ERROR_INJECTION is not set
# CONFIG_FAULT_INJECTION is not set
CONFIG_LATENCYTOP=y
CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y
# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set
CONFIG_USER_STACKTRACE_SUPPORT=y
CONFIG_NOP_TRACER=y
CONFIG_HAVE_FUNCTION_TRACER=y
CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST=y
CONFIG_HAVE_FUNCTION_TRACE_MCOUNT_TEST=y
CONFIG_HAVE_DYNAMIC_FTRACE=y
CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y
CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y
CONFIG_HAVE_SYSCALL_TRACEPOINTS=y
CONFIG_HAVE_FENTRY=y
CONFIG_HAVE_C_RECORDMCOUNT=y
CONFIG_TRACER_MAX_TRACE=y
CONFIG_TRACE_CLOCK=y
CONFIG_RING_BUFFER=y
CONFIG_EVENT_TRACING=y
CONFIG_CONTEXT_SWITCH_TRACER=y
CONFIG_RING_BUFFER_ALLOW_SWAP=y
CONFIG_TRACING=y
CONFIG_GENERIC_TRACER=y
CONFIG_TRACING_SUPPORT=y
CONFIG_FTRACE=y
# CONFIG_FUNCTION_TRACER is not set
CONFIG_IRQSOFF_TRACER=y
CONFIG_PREEMPT_TRACER=y
CONFIG_SCHED_TRACER=y
# CONFIG_FTRACE_SYSCALLS is not set
CONFIG_TRACER_SNAPSHOT=y
CONFIG_TRACER_SNAPSHOT_PER_CPU_SWAP=y
CONFIG_BRANCH_PROFILE_NONE=y
# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set
# CONFIG_PROFILE_ALL_BRANCHES is not set
# CONFIG_STACK_TRACER is not set
CONFIG_BLK_DEV_IO_TRACE=y
CONFIG_KPROBE_EVENT=y
CONFIG_UPROBE_EVENT=y
CONFIG_PROBE_EVENTS=y
# CONFIG_FTRACE_STARTUP_TEST is not set
# CONFIG_MMIOTRACE is not set
# CONFIG_RING_BUFFER_BENCHMARK is not set
# CONFIG_RING_BUFFER_STARTUP_TEST is not set

#
# Runtime Testing
#
# CONFIG_LKDTM is not set
# CONFIG_TEST_LIST_SORT is not set
# CONFIG_KPROBES_SANITY_TEST is not set
# CONFIG_BACKTRACE_SELF_TEST is not set
# CONFIG_RBTREE_TEST is not set
# CONFIG_INTERVAL_TREE_TEST is not set
# CONFIG_PERCPU_TEST is not set
# CONFIG_ATOMIC64_SELFTEST is not set
# CONFIG_ASYNC_RAID6_TEST is not set
# CONFIG_TEST_STRING_HELPERS is not set
# CONFIG_TEST_KSTRTOX is not set
# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set
# CONFIG_FIREWIRE_OHCI_REMOTE_DMA is not set
# CONFIG_DMA_API_DEBUG is not set
# CONFIG_SAMPLES is not set
CONFIG_HAVE_ARCH_KGDB=y
CONFIG_KGDB=y
CONFIG_KGDB_SERIAL_CONSOLE=y
# CONFIG_KGDB_TESTS is not set
# CONFIG_KGDB_LOW_LEVEL_TRAP is not set
CONFIG_KGDB_KDB=y
CONFIG_KDB_KEYBOARD=y
CONFIG_KDB_CONTINUE_CATASTROPHIC=0
# CONFIG_STRICT_DEVMEM is not set
CONFIG_X86_VERBOSE_BOOTUP=y
CONFIG_EARLY_PRINTK=y
# CONFIG_EARLY_PRINTK_DBGP is not set
# CONFIG_EARLY_PRINTK_EFI is not set
# CONFIG_X86_PTDUMP is not set
CONFIG_DEBUG_RODATA=y
# CONFIG_DEBUG_RODATA_TEST is not set
# CONFIG_DEBUG_SET_MODULE_RONX is not set
# CONFIG_DEBUG_NX_TEST is not set
CONFIG_DOUBLEFAULT=y
# CONFIG_DEBUG_TLBFLUSH is not set
# CONFIG_IOMMU_STRESS is not set
CONFIG_HAVE_MMIOTRACE_SUPPORT=y
# CONFIG_X86_DECODER_SELFTEST is not set
CONFIG_IO_DELAY_TYPE_0X80=0
CONFIG_IO_DELAY_TYPE_0XED=1
CONFIG_IO_DELAY_TYPE_UDELAY=2
CONFIG_IO_DELAY_TYPE_NONE=3
CONFIG_IO_DELAY_0X80=y
# CONFIG_IO_DELAY_0XED is not set
# CONFIG_IO_DELAY_UDELAY is not set
# CONFIG_IO_DELAY_NONE is not set
CONFIG_DEFAULT_IO_DELAY_TYPE=0
CONFIG_DEBUG_BOOT_PARAMS=y
# CONFIG_CPA_DEBUG is not set
CONFIG_OPTIMIZE_INLINING=y
# CONFIG_DEBUG_NMI_SELFTEST is not set
# CONFIG_X86_DEBUG_STATIC_CPU_HAS is not set

#
# Security options
#
CONFIG_KEYS=y
CONFIG_PERSISTENT_KEYRINGS=y
# CONFIG_BIG_KEYS is not set
# CONFIG_ENCRYPTED_KEYS is not set
CONFIG_KEYS_DEBUG_PROC_KEYS=y
# CONFIG_SECURITY_DMESG_RESTRICT is not set
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
# CONFIG_SECURITY_NETWORK is not set
# CONFIG_SECURITY_PATH is not set
# CONFIG_INTEL_TXT is not set
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
# CONFIG_SECURITY_APPARMOR is not set
# CONFIG_SECURITY_YAMA is not set
# CONFIG_IMA is not set
# CONFIG_EVM is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_DEFAULT_SECURITY=""
CONFIG_XOR_BLOCKS=m
CONFIG_ASYNC_CORE=m
CONFIG_ASYNC_MEMCPY=m
CONFIG_ASYNC_XOR=m
CONFIG_ASYNC_PQ=m
CONFIG_ASYNC_RAID6_RECOV=m
CONFIG_CRYPTO=y

#
# Crypto core or helper
#
# CONFIG_CRYPTO_FIPS is not set
CONFIG_CRYPTO_ALGAPI=y
CONFIG_CRYPTO_ALGAPI2=y
CONFIG_CRYPTO_AEAD2=y
CONFIG_CRYPTO_BLKCIPHER=y
CONFIG_CRYPTO_BLKCIPHER2=y
CONFIG_CRYPTO_HASH=y
CONFIG_CRYPTO_HASH2=y
CONFIG_CRYPTO_RNG=m
CONFIG_CRYPTO_RNG2=y
CONFIG_CRYPTO_PCOMP=m
CONFIG_CRYPTO_PCOMP2=y
CONFIG_CRYPTO_MANAGER=y
CONFIG_CRYPTO_MANAGER2=y
# CONFIG_CRYPTO_USER is not set
# CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set
# CONFIG_CRYPTO_GF128MUL is not set
# CONFIG_CRYPTO_NULL is not set
# CONFIG_CRYPTO_PCRYPT is not set
CONFIG_CRYPTO_WORKQUEUE=y
# CONFIG_CRYPTO_CRYPTD is not set
# CONFIG_CRYPTO_AUTHENC is not set
# CONFIG_CRYPTO_TEST is not set

#
# Authenticated Encryption with Associated Data
#
# CONFIG_CRYPTO_CCM is not set
# CONFIG_CRYPTO_GCM is not set
# CONFIG_CRYPTO_SEQIV is not set

#
# Block modes
#
# CONFIG_CRYPTO_CBC is not set
# CONFIG_CRYPTO_CTR is not set
# CONFIG_CRYPTO_CTS is not set
CONFIG_CRYPTO_ECB=y
# CONFIG_CRYPTO_LRW is not set
# CONFIG_CRYPTO_PCBC is not set
# CONFIG_CRYPTO_XTS is not set

#
# Hash modes
#
CONFIG_CRYPTO_CMAC=y
CONFIG_CRYPTO_HMAC=y
# CONFIG_CRYPTO_XCBC is not set
# CONFIG_CRYPTO_VMAC is not set

#
# Digest
#
CONFIG_CRYPTO_CRC32C=y
CONFIG_CRYPTO_CRC32C_INTEL=y
CONFIG_CRYPTO_CRC32=m
CONFIG_CRYPTO_CRC32_PCLMUL=m
CONFIG_CRYPTO_CRCT10DIF=y
# CONFIG_CRYPTO_CRCT10DIF_PCLMUL is not set
# CONFIG_CRYPTO_GHASH is not set
CONFIG_CRYPTO_MD4=y
CONFIG_CRYPTO_MD5=y
# CONFIG_CRYPTO_MICHAEL_MIC is not set
# CONFIG_CRYPTO_RMD128 is not set
# CONFIG_CRYPTO_RMD160 is not set
# CONFIG_CRYPTO_RMD256 is not set
# CONFIG_CRYPTO_RMD320 is not set
CONFIG_CRYPTO_SHA1=y
CONFIG_CRYPTO_SHA1_SSSE3=y
CONFIG_CRYPTO_SHA256_SSSE3=m
CONFIG_CRYPTO_SHA512_SSSE3=m
CONFIG_CRYPTO_SHA256=y
CONFIG_CRYPTO_SHA512=m
# CONFIG_CRYPTO_TGR192 is not set
# CONFIG_CRYPTO_WP512 is not set
# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set

#
# Ciphers
#
CONFIG_CRYPTO_AES=y
# CONFIG_CRYPTO_AES_X86_64 is not set
# CONFIG_CRYPTO_AES_NI_INTEL is not set
# CONFIG_CRYPTO_ANUBIS is not set
CONFIG_CRYPTO_ARC4=y
# CONFIG_CRYPTO_BLOWFISH is not set
# CONFIG_CRYPTO_BLOWFISH_X86_64 is not set
# CONFIG_CRYPTO_CAMELLIA is not set
# CONFIG_CRYPTO_CAMELLIA_X86_64 is not set
# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64 is not set
# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 is not set
# CONFIG_CRYPTO_CAST5 is not set
# CONFIG_CRYPTO_CAST5_AVX_X86_64 is not set
# CONFIG_CRYPTO_CAST6 is not set
# CONFIG_CRYPTO_CAST6_AVX_X86_64 is not set
CONFIG_CRYPTO_DES=y
# CONFIG_CRYPTO_FCRYPT is not set
# CONFIG_CRYPTO_KHAZAD is not set
# CONFIG_CRYPTO_SALSA20 is not set
# CONFIG_CRYPTO_SALSA20_X86_64 is not set
# CONFIG_CRYPTO_SEED is not set
# CONFIG_CRYPTO_SERPENT is not set
# CONFIG_CRYPTO_SERPENT_SSE2_X86_64 is not set
# CONFIG_CRYPTO_SERPENT_AVX_X86_64 is not set
# CONFIG_CRYPTO_SERPENT_AVX2_X86_64 is not set
# CONFIG_CRYPTO_TEA is not set
# CONFIG_CRYPTO_TWOFISH is not set
# CONFIG_CRYPTO_TWOFISH_X86_64 is not set
# CONFIG_CRYPTO_TWOFISH_X86_64_3WAY is not set
# CONFIG_CRYPTO_TWOFISH_AVX_X86_64 is not set

#
# Compression
#
CONFIG_CRYPTO_DEFLATE=m
CONFIG_CRYPTO_ZLIB=m
CONFIG_CRYPTO_LZO=y
# CONFIG_CRYPTO_LZ4 is not set
# CONFIG_CRYPTO_LZ4HC is not set

#
# Random Number Generation
#
CONFIG_CRYPTO_ANSI_CPRNG=m
CONFIG_CRYPTO_USER_API=m
CONFIG_CRYPTO_USER_API_HASH=m
CONFIG_CRYPTO_USER_API_SKCIPHER=m
# CONFIG_CRYPTO_HW is not set
# CONFIG_ASYMMETRIC_KEY_TYPE is not set
CONFIG_HAVE_KVM=y
CONFIG_HAVE_KVM_IRQCHIP=y
CONFIG_HAVE_KVM_IRQ_ROUTING=y
CONFIG_HAVE_KVM_EVENTFD=y
CONFIG_KVM_APIC_ARCHITECTURE=y
CONFIG_KVM_MMIO=y
CONFIG_KVM_ASYNC_PF=y
CONFIG_HAVE_KVM_MSI=y
CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y
CONFIG_KVM_VFIO=y
CONFIG_VIRTUALIZATION=y
CONFIG_KVM=y
CONFIG_KVM_INTEL=y
# CONFIG_KVM_AMD is not set
# CONFIG_KVM_MMU_AUDIT is not set
CONFIG_KVM_DEVICE_ASSIGNMENT=y
CONFIG_BINARY_PRINTF=y

#
# Library routines
#
CONFIG_RAID6_PQ=m
CONFIG_BITREVERSE=y
CONFIG_GENERIC_STRNCPY_FROM_USER=y
CONFIG_GENERIC_STRNLEN_USER=y
CONFIG_GENERIC_NET_UTILS=y
CONFIG_GENERIC_FIND_FIRST_BIT=y
CONFIG_GENERIC_PCI_IOMAP=y
CONFIG_GENERIC_IOMAP=y
CONFIG_GENERIC_IO=y
CONFIG_PERCPU_RWSEM=y
CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y
# CONFIG_CRC_CCITT is not set
CONFIG_CRC16=m
CONFIG_CRC_T10DIF=y
CONFIG_CRC_ITU_T=y
CONFIG_CRC32=y
# CONFIG_CRC32_SELFTEST is not set
CONFIG_CRC32_SLICEBY8=y
# CONFIG_CRC32_SLICEBY4 is not set
# CONFIG_CRC32_SARWATE is not set
# CONFIG_CRC32_BIT is not set
# CONFIG_CRC7 is not set
CONFIG_LIBCRC32C=y
# CONFIG_CRC8 is not set
# CONFIG_RANDOM32_SELFTEST is not set
CONFIG_ZLIB_INFLATE=y
CONFIG_ZLIB_DEFLATE=y
CONFIG_LZO_COMPRESS=y
CONFIG_LZO_DECOMPRESS=y
CONFIG_XZ_DEC=m
CONFIG_XZ_DEC_X86=y
# CONFIG_XZ_DEC_POWERPC is not set
# CONFIG_XZ_DEC_IA64 is not set
# CONFIG_XZ_DEC_ARM is not set
# CONFIG_XZ_DEC_ARMTHUMB is not set
# CONFIG_XZ_DEC_SPARC is not set
CONFIG_XZ_DEC_BCJ=y
# CONFIG_XZ_DEC_TEST is not set
CONFIG_GENERIC_ALLOCATOR=y
CONFIG_TEXTSEARCH=y
CONFIG_TEXTSEARCH_KMP=m
CONFIG_TEXTSEARCH_BM=m
CONFIG_TEXTSEARCH_FSM=m
CONFIG_ASSOCIATIVE_ARRAY=y
CONFIG_HAS_IOMEM=y
CONFIG_HAS_IOPORT=y
CONFIG_HAS_DMA=y
CONFIG_CHECK_SIGNATURE=y
CONFIG_CPU_RMAP=y
CONFIG_DQL=y
CONFIG_NLATTR=y
CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE=y
# CONFIG_AVERAGE is not set
# CONFIG_CORDIC is not set
# CONFIG_DDR is not set
CONFIG_OID_REGISTRY=m
CONFIG_UCS2_STRING=y





Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 26 Mar 2014 22:48:14 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 26 18:48:14 2014
Received: from localhost ([127.0.0.1]:51458 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WSwcH-0005z4-RK
	for submit <at> debbugs.gnu.org; Wed, 26 Mar 2014 18:48:14 -0400
Received: from smtp.cs.ucla.edu ([131.179.128.62]:41572)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <eggert@HIDDEN>) id 1WSwcE-0005yu-LX
 for 17103 <at> debbugs.gnu.org; Wed, 26 Mar 2014 18:48:11 -0400
Received: from localhost (localhost.localdomain [127.0.0.1])
 by smtp.cs.ucla.edu (Postfix) with ESMTP id 43B2939E8011;
 Wed, 26 Mar 2014 15:48:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu
Received: from smtp.cs.ucla.edu ([127.0.0.1])
 by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ESkyfQ422CLL; Wed, 26 Mar 2014 15:48:08 -0700 (PDT)
Received: from [192.168.1.9] (pool-108-0-233-62.lsanca.fios.verizon.net
 [108.0.233.62])
 by smtp.cs.ucla.edu (Postfix) with ESMTPSA id C96B739E8008;
 Wed, 26 Mar 2014 15:48:08 -0700 (PDT)
Message-ID: <53335928.1020206@HIDDEN>
Date: Wed, 26 Mar 2014 15:48:08 -0700
From: Paul Eggert <eggert@HIDDEN>
Organization: UCLA Computer Science Department
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Linda Walsh <coreutils@HIDDEN>, 17103 <at> debbugs.gnu.org
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks, but tries
 to link to them (fail)
References: <53331795.8080202@HIDDEN>
In-Reply-To: <53331795.8080202@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: -2.7 (--)
X-Debbugs-Envelope-To: 17103
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.7 (--)

Linda Walsh wrote:
> Any idea how this managed to be broken?

My guess is that it's SELinux.  Try doing the following:

1.  Create 'dir' as before.
2.  As the user, run the following shell commands:

LC_ALL=C
export LC_ALL
ln dir/a/symfile dir/b

Assuming this fails, look at the output of:

strace ln dir/a/symfile dir/b

My guess is that you'll see something like this:

linkat(AT_FDCWD, "dir/a/symfile", AT_FDCWD, "dir/b/symfile", 0) = -1 
EPERM (Operation not permitted)

If so, the problem would appear to be in SELinux itself.




Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 26 Mar 2014 21:06:17 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 26 17:06:17 2014
Received: from localhost ([127.0.0.1]:51424 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WSv1d-0003G7-Ba
	for submit <at> debbugs.gnu.org; Wed, 26 Mar 2014 17:06:17 -0400
Received: from ishtar.tlinx.org ([173.164.175.65]:52193)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <coreutils@HIDDEN>) id 1WSv1b-0003Fz-1Q
 for 17103 <at> debbugs.gnu.org; Wed, 26 Mar 2014 17:06:16 -0400
Received: from [192.168.4.12] (Athenae [192.168.4.12])
 by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id
 s2QL61Gx017608; Wed, 26 Mar 2014 14:06:05 -0700
Message-ID: <53334137.2050100@HIDDEN>
Date: Wed, 26 Mar 2014 14:05:59 -0700
From: Linda Walsh <coreutils@HIDDEN>
User-Agent: Thunderbird
MIME-Version: 1.0
To: Pádraig Brady <P@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks,
 but tries to link to them (fail)
References: <53331795.8080202@HIDDEN> <5333313E.6070105@HIDDEN>
 <533336B9.6070800@HIDDEN> <53333E8E.1030806@HIDDEN>
In-Reply-To: <53333E8E.1030806@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.4 (/)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org, keescook@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.4 (/)



Pádraig Brady wrote:
> That is true, but I confirmed that this is caused by "protected_hardlinks"
> Perhaps there is a blanket ban on symlinks if you're not the owner,
> since the symlink could be later changed to point somewhere more sensitive?
> Kees do you know if this is the case?
---
	If you have 'write' access to the symlink, I would say
yes, if not, then no.  however, traditionally, the ownership and permissions
on symlinks haven't been considered important.

	Still -- that I can link to a file but not a symlink is an
obvious flaw in the implementation.  I.e. I have write access to the
file -- so I should be able to link to it under their new rules,
but I also have write access to the symlink as the mode bits are 777.

	That's a bit bogus.  They are creating a special case where
there shouldn't be one.  I'm the directory owner -- I should be able
to create arbitrary 'entries' in the directory as I own the directory's
content -- that's been the tradition interpretation.

	Though the traditional rules never applied to symlinks -- and
now they've come up with an incompatible access method for symlinks...
If they really wanted to make them non-linkable, they should start
recognizing the mode bits on the symlink (to change the content of the
symlink -- which, in this case, is where it points).





Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 26 Mar 2014 21:06:03 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 26 17:06:03 2014
Received: from localhost ([127.0.0.1]:51421 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WSv1O-0003FL-3O
	for submit <at> debbugs.gnu.org; Wed, 26 Mar 2014 17:06:02 -0400
Received: from mx1.redhat.com ([209.132.183.28]:17834)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <eblake@HIDDEN>) id 1WSv1K-0003F8-Uy
 for 17103 <at> debbugs.gnu.org; Wed, 26 Mar 2014 17:06:00 -0400
Received: from int-mx10.intmail.prod.int.phx2.redhat.com
 (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23])
 by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s2QL5v3n018956
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
 Wed, 26 Mar 2014 17:05:57 -0400
Received: from [10.3.113.70] (ovpn-113-70.phx2.redhat.com [10.3.113.70])
 by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id
 s2QL5vXX001813; Wed, 26 Mar 2014 17:05:57 -0400
Message-ID: <53334134.7050905@HIDDEN>
Date: Wed, 26 Mar 2014 15:05:56 -0600
From: Eric Blake <eblake@HIDDEN>
Organization: Red Hat, Inc.
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Linda Walsh <coreutils@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks, but tries
 to link to them (fail)
References: <53331795.8080202@HIDDEN> <5333313E.6070105@HIDDEN>
 <533336B9.6070800@HIDDEN> <53333A89.7000503@HIDDEN>
 <53333F2B.5030508@HIDDEN>
In-Reply-To: <53333F2B.5030508@HIDDEN>
X-Enigmail-Version: 1.6
OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="k0kiNv8sF9SsExls5ufs7mI6SsR1gitOp"
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
X-Spam-Score: -5.4 (-----)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org, =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= <P@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.4 (-----)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--k0kiNv8sF9SsExls5ufs7mI6SsR1gitOp
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 03/26/2014 02:57 PM, Linda Walsh wrote:
> Furthermore, the man page says "-l: hard link files instead
> of copying'.  AFAIK, symlinks are not files any more
> than directories (or is that wrong too and they are now
> considered to be 'files'?

Per the POSIX definition, symlinks, directories, FIFOS, and all other
special files are still "files" - the term "file" includes not only
"regular files" but all other named entities in the file system.
Directories are the only special file type that cannot generally be
hardlinked according to POSIX rules (and even then, POSIX allows the
Solaris behavior where the superuser CAN hardlink directories, with the
caveat that doing so causes weird behaviors).

--=20
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


--k0kiNv8sF9SsExls5ufs7mI6SsR1gitOp
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJTM0E0AAoJEKeha0olJ0NqT6QIAJP5HNY+WjwrmvKT3Yhe82zg
a2SZUbpytdQIm6dyXI992SueIme1gboPWDfqFbO1MQo1q0v5YpYgcwMMWQpUGS+y
8xtYv0nWPHbVvjxYo1ejtCkB9XvWS/jtJXMfv31TefAa5JCNv5tfDl2F6Z/WO4HL
dvTfqr2SG7vjdyefeGGb5V5BwdVsIWYeC4K1nF7gHAXY8jyi/SrUAbwAExf9OnDk
MnkVhfh1wU9sIL+o2AGcDTYt3abzDOxzTD4PI2XktH611qZ7HfdRO/NqHMLDayo8
DBREC3rgXbI6AcSpGkHWvYbmaDoCnnqA2EGajySA8StghiLsryuk3yutdkry1kQ=
=1xp+
-----END PGP SIGNATURE-----

--k0kiNv8sF9SsExls5ufs7mI6SsR1gitOp--




Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 26 Mar 2014 20:57:33 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 26 16:57:33 2014
Received: from localhost ([127.0.0.1]:51413 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WSutA-00030V-56
	for submit <at> debbugs.gnu.org; Wed, 26 Mar 2014 16:57:32 -0400
Received: from ishtar.tlinx.org ([173.164.175.65]:52018)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <coreutils@HIDDEN>) id 1WSut6-00030K-II
 for 17103 <at> debbugs.gnu.org; Wed, 26 Mar 2014 16:57:29 -0400
Received: from [192.168.4.12] (Athenae [192.168.4.12])
 by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id
 s2QKvHuQ006315; Wed, 26 Mar 2014 13:57:21 -0700
Message-ID: <53333F2B.5030508@HIDDEN>
Date: Wed, 26 Mar 2014 13:57:15 -0700
From: Linda Walsh <coreutils@HIDDEN>
User-Agent: Thunderbird
MIME-Version: 1.0
To: Eric Blake <eblake@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks,
 but tries to link to them (fail)
References: <53331795.8080202@HIDDEN> <5333313E.6070105@HIDDEN>
 <533336B9.6070800@HIDDEN> <53333A89.7000503@HIDDEN>
In-Reply-To: <53333A89.7000503@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: -0.4 (/)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org, Pádraig Brady <P@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.4 (/)



Eric Blake wrote:
> On 03/26/2014 02:21 PM, Linda Walsh wrote:
> 
>>     As far as I know, you could never hardlink
>> to a symlink.  only to a file.
> 
> Wrong. 
---
	How can you presume to say what I wrote
about my 'knowledge' (as far as I knew), is wrong?  You
are implying that I wrote differently than I thought --
an accusation of deliberate lying if one was to look at
your response (which I don't think is what you intended --
you were just trying to be abrasive in your answer).

You could say what I knew was dated, but simply saying
'wrong' to that sentence shows a lack of understanding
of what was said.

Nevertheless, it if it can't link to the symlink (like
it cannot like to directories), then it should copy the
symlink.  Whether it is a relative or an absolute
symlink, the symlink is readable and can be copied.

Furthermore, the man page says "-l: hard link files instead
of copying'.  AFAIK, symlinks are not files any more
than directories (or is that wrong too and they are now
considered to be 'files'?

FWIW, the behavior does seem to be caused by the new
buggy security behavior.   I.e. it makes no sense that
I can hardlink to a file, but not a symlink in the same
directory.






Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 26 Mar 2014 20:54:59 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 26 16:54:58 2014
Received: from localhost ([127.0.0.1]:51406 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WSuqf-0002vo-BL
	for submit <at> debbugs.gnu.org; Wed, 26 Mar 2014 16:54:58 -0400
Received: from mx1.redhat.com ([209.132.183.28]:53771)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <P@HIDDEN>) id 1WSuqc-0002vd-L3
 for 17103 <at> debbugs.gnu.org; Wed, 26 Mar 2014 16:54:55 -0400
Received: from int-mx02.intmail.prod.int.phx2.redhat.com
 (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12])
 by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s2QKsgwK028469
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
 Wed, 26 Mar 2014 16:54:42 -0400
Received: from [10.36.116.32] (ovpn-116-32.ams2.redhat.com [10.36.116.32])
 by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id
 s2QKsdx5032157
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
 Wed, 26 Mar 2014 16:54:41 -0400
Message-ID: <53333E8E.1030806@HIDDEN>
Date: Wed, 26 Mar 2014 20:54:38 +0000
From: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= <P@HIDDEN>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:17.0) Gecko/20130110 Thunderbird/17.0.2
MIME-Version: 1.0
To: Linda Walsh <coreutils@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks, but tries
 to link to them (fail)
References: <53331795.8080202@HIDDEN> <5333313E.6070105@HIDDEN>
 <533336B9.6070800@HIDDEN>
In-Reply-To: <533336B9.6070800@HIDDEN>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.67 on 10.5.11.12
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org, keescook@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

On 03/26/2014 08:21 PM, Linda Walsh wrote:
> 
> 
> Pádraig Brady wrote:
>> On 03/26/2014 06:08 PM, Linda Walsh wrote:
>>> have a simple test case:
>>> as root (w /umask 002):
>>>
>>> mkdir -p dir/{a,b}
>>> touch dir/b/file
>>> ln -s ../b/file dir/a/symfile
>>> ---
>>>
>>> So now tree should look like:
>>>
>>>>  tree -AFugp dir
>>> dir
>>> +-- [drwxrwxr-x root     root    ]  a/
>>> |   +-- [lrwxrwxrwx root     root    ]  symfile -> ../b/file
>>> +-- [drwxrwxr-x root     root    ]  b/
>>>     +-- [-rw-rw-r-- root     root    ]  file
>>> ----
>>>
>>> Now, w/normal user, who is in group root, try:
>>>
>>> cp -al dir dir2
>>> cp: cannot create hard link ‘dir2/dir/a/symfile’ to ‘dir/a/symfile’: Operation not permitted
>>> -----
>>>
>>> Trying to link to a symlink is the bug --
>>> it used to duplicate the symlink.
>>>
>>> This is a recent behavior
>>> change -- i.e. looking at earlier behavior, the symlinks,
>>> like the directories are created as the 'user', and
>>> only files are linked to.
>>>
>>> Core utils version: 8.21 (suse rpm coreutils-8.21-7.7.7.x86_64)
>>>
>>> Any idea how this managed to be broken?
>>
>> So I think the change to use hardlinks to symlinks rather than new symlinks happened with:
>> http://git.sv.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=594292a1
>>
>> I.E. The "new symlink" behaviour only happened between v8.0 and v8.10 inclusive.
>>
>> So why is the hardlink to symlink being disallowed?
>> I wonder is it due to "protected_hardlinks":
>> http://danwalsh.livejournal.com/64493.html
> ----
>     As far as I know, you could never hardlink
> to a symlink.  only to a file.  A symlink is more like
> a directory in that regard.
> 
> Looking at the article, it doesn't seem it should apply...it
> says
> 1) The solution is to permit symlinks to only be followed when outside a sticky world-writable directory,
>    [it isn't in a sticky world writable directory] or when the uid of the symlink and follower match, or when the directory owner matches the symlink's owner.
>     [in the created dir, the symlink and directory owner match]
> 2) The solution is to permit hardlinks to only be created when the user is already the existing file's owner, or if they already have read/write access to the existing file.
>    [ Already have r/w access to the file via being in group root and the group
> having write access]
> 
> I think I did run into this change, though, and because of it, my system
> is less secure.  ... I.e. in my use case, am copying a source tree
> into a 2nd tree.  I am the directory owner of all dirs in the 2nd tree,
> but all the source files should allow my linking to it as the permissions
> on the inode protect the contents of the inode.  The access to create a
> hardlink to that inode has always been controlled by the directory owner,
> but it never gives them write access to the content.
> 
> Their exploit case was for a stupid admin who chowned all files in a user's dir "for them" -- why would that EVER be done?   I.e. the root admin should
> be immediately suspicious as to why they'd need that done.  Since you
> can't hardlink directories, the only way for a foreign owned directory
> to get into someone's home space, would be if they opened the permissions
> on the parent then later closed them.
> 
> The whole premise of their change relies on the user tricking the admin.
> 
> But if that's so easy, the user already has root access, effectively,
> and the games up.
> 
> 
>>
>> If we fell back to using symlinks, would that only
>> push the perm issue on to when the symlink was followed?
> ----
>     No, the file it points to, if you look at my example
> is rw for the 'group' members.

That is true, but I confirmed that this is caused by "protected_hardlinks"
Perhaps there is a blanket ban on symlinks if you're not the owner,
since the symlink could be later changed to point somewhere more sensitive?
Kees do you know if this is the case?

$ ln dir/b/file flink
$ ln dir/a/symfile slink
ln: failed to create hard link ‘slink’ => ‘dir/a/symfile’: Operation not permitted

tp2:lt$ echo 0 | sudo tee /proc/sys/fs/protected_hardlinks
0
$ ln dir/a/symfile slink
$ rm slink

# And to demonstrate that "protected_symlinks" doesn't seem to be significant here:
$ echo 1 | sudo tee /proc/sys/fs/protected_hardlinks
1
$ echo 0 | sudo tee /proc/sys/fs/protected_symlinks
0
$ ln dir/a/symfile slink
ln: failed to create hard link ‘slink’ => ‘dir/a/symfile’: Operation not permitted

So should we fall back to our symlink emulation if we get EPERM from linkat() ?
I'd like to get some more info on this behavior before doing that though.

thanks,
Pádraig.




Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 26 Mar 2014 20:37:42 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 26 16:37:42 2014
Received: from localhost ([127.0.0.1]:51383 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WSuZx-0002Su-9L
	for submit <at> debbugs.gnu.org; Wed, 26 Mar 2014 16:37:41 -0400
Received: from mx1.redhat.com ([209.132.183.28]:61877)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <eblake@HIDDEN>) id 1WSuZp-0002Sg-LM
 for 17103 <at> debbugs.gnu.org; Wed, 26 Mar 2014 16:37:35 -0400
Received: from int-mx12.intmail.prod.int.phx2.redhat.com
 (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.25])
 by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s2QKbUOG029176
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
 Wed, 26 Mar 2014 16:37:31 -0400
Received: from [10.3.113.70] (ovpn-113-70.phx2.redhat.com [10.3.113.70])
 by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id
 s2QKbU3A030276; Wed, 26 Mar 2014 16:37:30 -0400
Message-ID: <53333A89.7000503@HIDDEN>
Date: Wed, 26 Mar 2014 14:37:29 -0600
From: Eric Blake <eblake@HIDDEN>
Organization: Red Hat, Inc.
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Linda Walsh <coreutils@HIDDEN>, =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?=
 <P@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks, but tries
 to link to them (fail)
References: <53331795.8080202@HIDDEN> <5333313E.6070105@HIDDEN>
 <533336B9.6070800@HIDDEN>
In-Reply-To: <533336B9.6070800@HIDDEN>
X-Enigmail-Version: 1.6
OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="A5wR3nE9G6BJqLJoT6XtJXNicoTiUqkA0"
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25
X-Spam-Score: -5.4 (-----)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.4 (-----)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--A5wR3nE9G6BJqLJoT6XtJXNicoTiUqkA0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 03/26/2014 02:21 PM, Linda Walsh wrote:

>     As far as I know, you could never hardlink
> to a symlink.  only to a file.

Wrong.  Linux and Solaris have been able to hard link to symlinks for
YEARS; and POSIX 2008 standardized that ability when it added the
linkat() syscall.  BSD has been behind in adding that ability, but is
slowly getting there.

--=20
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


--A5wR3nE9G6BJqLJoT6XtJXNicoTiUqkA0
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJTMzqJAAoJEKeha0olJ0Nqfp0H/i4w3kqZVx8Hif+Kiyj+lmmT
LRWJZGLqsXlmZj84+mAuTHRT44mzRuky8mAYTNukObDHlhA5QjkU5zOudU3wI4mq
4/JzMzl7x/XqHIh+Pkj1JmVcgDS5z/19Z4PRInj1i9P17qjhy2UuYe9IiBWsFwig
40GI6EZhh1quhGaOZS64GMhK6KgethJItrFdxuC69Iu4vYaZJHK0Ts2CenazTlEw
rp9WCh9fhNxP+RUJVjlbkMt23XVBOUK8fllszUO8U9XqnUIfrr+bc/FQUSAKtPnx
I1qMTErxT6mXwQsBgNssfyZULslOegDAfw1cVfYZYINU6PrLZcLTL9UBi6DGGTY=
=Fi/q
-----END PGP SIGNATURE-----

--A5wR3nE9G6BJqLJoT6XtJXNicoTiUqkA0--




Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 26 Mar 2014 20:21:30 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 26 16:21:30 2014
Received: from localhost ([127.0.0.1]:51375 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WSuKG-000213-EZ
	for submit <at> debbugs.gnu.org; Wed, 26 Mar 2014 16:21:29 -0400
Received: from ishtar.tlinx.org ([173.164.175.65]:50519)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <coreutils@HIDDEN>) id 1WSuKD-00020t-Cg
 for 17103 <at> debbugs.gnu.org; Wed, 26 Mar 2014 16:21:26 -0400
Received: from [192.168.4.12] (Athenae [192.168.4.12])
 by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id
 s2QKLF7T071687; Wed, 26 Mar 2014 13:21:19 -0700
Message-ID: <533336B9.6070800@HIDDEN>
Date: Wed, 26 Mar 2014 13:21:13 -0700
From: Linda Walsh <coreutils@HIDDEN>
User-Agent: Thunderbird
MIME-Version: 1.0
To: Pádraig Brady <P@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks,
 but tries to link to them (fail)
References: <53331795.8080202@HIDDEN> <5333313E.6070105@HIDDEN>
In-Reply-To: <5333313E.6070105@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.4 (/)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.4 (/)



Pádraig Brady wrote:
> On 03/26/2014 06:08 PM, Linda Walsh wrote:
>> have a simple test case:
>> as root (w /umask 002):
>>
>> mkdir -p dir/{a,b}
>> touch dir/b/file
>> ln -s ../b/file dir/a/symfile
>> ---
>>
>> So now tree should look like:
>>
>>>  tree -AFugp dir
>> dir
>> +-- [drwxrwxr-x root     root    ]  a/
>> |   +-- [lrwxrwxrwx root     root    ]  symfile -> ../b/file
>> +-- [drwxrwxr-x root     root    ]  b/
>>     +-- [-rw-rw-r-- root     root    ]  file
>> ----
>>
>> Now, w/normal user, who is in group root, try:
>>
>> cp -al dir dir2
>> cp: cannot create hard link ‘dir2/dir/a/symfile’ to ‘dir/a/symfile’: Operation not permitted
>> -----
>>
>> Trying to link to a symlink is the bug --
>> it used to duplicate the symlink.
>>
>> This is a recent behavior
>> change -- i.e. looking at earlier behavior, the symlinks,
>> like the directories are created as the 'user', and
>> only files are linked to.
>>
>> Core utils version: 8.21 (suse rpm coreutils-8.21-7.7.7.x86_64)
>>
>> Any idea how this managed to be broken?
> 
> So I think the change to use hardlinks to symlinks rather than new symlinks happened with:
> http://git.sv.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=594292a1
> 
> I.E. The "new symlink" behaviour only happened between v8.0 and v8.10 inclusive.
> 
> So why is the hardlink to symlink being disallowed?
> I wonder is it due to "protected_hardlinks":
> http://danwalsh.livejournal.com/64493.html
----
	As far as I know, you could never hardlink
to a symlink.  only to a file.  A symlink is more like
a directory in that regard.

Looking at the article, it doesn't seem it should apply...it
says
1) The solution is to permit symlinks to only be followed when outside a sticky 
world-writable directory,
    [it isn't in a sticky world writable directory] or when the uid of the 
symlink and follower match, or when the directory owner matches the symlink's owner.
     [in the created dir, the symlink and directory owner match]
2) The solution is to permit hardlinks to only be created when the user is 
already the existing file's owner, or if they already have read/write access to 
the existing file.
    [ Already have r/w access to the file via being in group root and the group
having write access]

I think I did run into this change, though, and because of it, my system
is less secure.  ... I.e. in my use case, am copying a source tree
into a 2nd tree.  I am the directory owner of all dirs in the 2nd tree,
but all the source files should allow my linking to it as the permissions
on the inode protect the contents of the inode.  The access to create a
hardlink to that inode has always been controlled by the directory owner,
but it never gives them write access to the content.

Their exploit case was for a stupid admin who chowned all files in a user's dir 
"for them" -- why would that EVER be done?   I.e. the root admin should
be immediately suspicious as to why they'd need that done.  Since you
can't hardlink directories, the only way for a foreign owned directory
to get into someone's home space, would be if they opened the permissions
on the parent then later closed them.

The whole premise of their change relies on the user tricking the admin.

But if that's so easy, the user already has root access, effectively,
and the games up.


> 
> If we fell back to using symlinks, would that only
> push the perm issue on to when the symlink was followed?
----
	No, the file it points to, if you look at my example
is rw for the 'group' members.





Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at 17103 <at> debbugs.gnu.org:


Received: (at 17103) by debbugs.gnu.org; 26 Mar 2014 19:57:59 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 26 15:57:59 2014
Received: from localhost ([127.0.0.1]:51354 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WStxW-0001Lh-3V
	for submit <at> debbugs.gnu.org; Wed, 26 Mar 2014 15:57:58 -0400
Received: from mx1.redhat.com ([209.132.183.28]:1302)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <P@HIDDEN>) id 1WStxS-0001LV-RK
 for 17103 <at> debbugs.gnu.org; Wed, 26 Mar 2014 15:57:55 -0400
Received: from int-mx01.intmail.prod.int.phx2.redhat.com
 (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11])
 by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s2QJvr41031598
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
 Wed, 26 Mar 2014 15:57:53 -0400
Received: from [10.36.116.32] (ovpn-116-32.ams2.redhat.com [10.36.116.32])
 by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id
 s2QJvoPT014050
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
 Wed, 26 Mar 2014 15:57:52 -0400
Message-ID: <5333313E.6070105@HIDDEN>
Date: Wed, 26 Mar 2014 19:57:50 +0000
From: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= <P@HIDDEN>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:17.0) Gecko/20130110 Thunderbird/17.0.2
MIME-Version: 1.0
To: Linda Walsh <coreutils@HIDDEN>
Subject: Re: bug#17103: regression: cp -al doesn't copy symlinks, but tries
 to link to them (fail)
References: <53331795.8080202@HIDDEN>
In-Reply-To: <53331795.8080202@HIDDEN>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 17103
Cc: 17103 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

On 03/26/2014 06:08 PM, Linda Walsh wrote:
> have a simple test case:
> as root (w /umask 002):
> 
> mkdir -p dir/{a,b}
> touch dir/b/file
> ln -s ../b/file dir/a/symfile
> ---
> 
> So now tree should look like:
> 
>>  tree -AFugp dir
> 
> dir
> +-- [drwxrwxr-x root     root    ]  a/
> |   +-- [lrwxrwxrwx root     root    ]  symfile -> ../b/file
> +-- [drwxrwxr-x root     root    ]  b/
>     +-- [-rw-rw-r-- root     root    ]  file
> ----
> 
> Now, w/normal user, who is in group root, try:
> 
> cp -al dir dir2
> cp: cannot create hard link ‘dir2/dir/a/symfile’ to ‘dir/a/symfile’: Operation not permitted
> -----
> 
> Trying to link to a symlink is the bug --
> it used to duplicate the symlink.
> 
> This is a recent behavior
> change -- i.e. looking at earlier behavior, the symlinks,
> like the directories are created as the 'user', and
> only files are linked to.
> 
> Core utils version: 8.21 (suse rpm coreutils-8.21-7.7.7.x86_64)
> 
> Any idea how this managed to be broken?

So I think the change to use hardlinks to symlinks rather than new symlinks happened with:
http://git.sv.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=594292a1

I.E. The "new symlink" behaviour only happened between v8.0 and v8.10 inclusive.

So why is the hardlink to symlink being disallowed?
I wonder is it due to "protected_hardlinks":
http://danwalsh.livejournal.com/64493.html

If we fell back to using symlinks, would that only
push the perm issue on to when the symlink was followed?

Pádraig.




Information forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 26 Mar 2014 18:08:57 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 26 14:08:57 2014
Received: from localhost ([127.0.0.1]:51278 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1WSsG0-0006dX-Iv
	for submit <at> debbugs.gnu.org; Wed, 26 Mar 2014 14:08:56 -0400
Received: from eggs.gnu.org ([208.118.235.92]:52903)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <coreutils@HIDDEN>) id 1WSsFx-0006dM-PE
 for submit <at> debbugs.gnu.org; Wed, 26 Mar 2014 14:08:54 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <coreutils@HIDDEN>) id 1WSsFp-0003JU-3j
 for submit <at> debbugs.gnu.org; Wed, 26 Mar 2014 14:08:53 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=disabled
 version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:38356)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <coreutils@HIDDEN>) id 1WSsFp-0003JQ-1P
 for submit <at> debbugs.gnu.org; Wed, 26 Mar 2014 14:08:45 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54602)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <coreutils@HIDDEN>) id 1WSsFj-0001Eb-10
 for bug-coreutils@HIDDEN; Wed, 26 Mar 2014 14:08:44 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <coreutils@HIDDEN>) id 1WSsFd-0003HX-1P
 for bug-coreutils@HIDDEN; Wed, 26 Mar 2014 14:08:38 -0400
Received: from ishtar.tlinx.org ([173.164.175.65]:48788)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <coreutils@HIDDEN>) id 1WSsFc-0003HH-NA
 for bug-coreutils@HIDDEN; Wed, 26 Mar 2014 14:08:32 -0400
Received: from [192.168.4.12] (Athenae [192.168.4.12])
 by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id
 s2QI8Naf088022
 for <bug-coreutils@HIDDEN>; Wed, 26 Mar 2014 11:08:27 -0700
Message-ID: <53331795.8080202@HIDDEN>
Date: Wed, 26 Mar 2014 11:08:21 -0700
From: Linda Walsh <coreutils@HIDDEN>
User-Agent: Thunderbird
MIME-Version: 1.0
To: bug-coreutils@HIDDEN
Subject: regression: cp -al doesn't copy symlinks,
 but tries to link to them (fail)
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by Ishtar.tlinx.org id
 s2QI8Naf088022
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x (no
 timestamps) [generic]
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
 (bad octet value).
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

have a simple test case:
as root (w /umask 002):

mkdir -p dir/{a,b}
touch dir/b/file
ln -s ../b/file dir/a/symfile
---

So now tree should look like:

>  tree -AFugp dir

dir
+-- [drwxrwxr-x root     root    ]  a/
|   +-- [lrwxrwxrwx root     root    ]  symfile -> ../b/file
+-- [drwxrwxr-x root     root    ]  b/
     +-- [-rw-rw-r-- root     root    ]  file
----

Now, w/normal user, who is in group root, try:

cp -al dir dir2
cp: cannot create hard link =E2=80=98dir2/dir/a/symfile=E2=80=99 to =E2=80=
=98dir/a/symfile=E2=80=99: Operation=20
not permitted
-----

Trying to link to a symlink is the bug --
it used to duplicate the symlink.

This is a recent behavior
change -- i.e. looking at earlier behavior, the symlinks,
like the directories are created as the 'user', and
only files are linked to.

Core utils version: 8.21 (suse rpm coreutils-8.21-7.7.7.x86_64)

Any idea how this managed to be broken?







Acknowledgement sent to Linda Walsh <coreutils@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-coreutils@HIDDEN. Full text available.
Report forwarded to bug-coreutils@HIDDEN:
bug#17103; Package coreutils. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Fri, 11 Jan 2019 09:15:01 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.