Split immutability linux kernel patch

Straight to the downloads:


There is an extended attribute in Linux called "immutable". If you set this attribute on a file (with the chattr(1) utility), then you cannot change, delete or rename the file, even with root privileges.

Normally, with files, if you set read-only on the directory that file is in, then you cannot rename or delete the file, or make new files in that directory. If you set read-only on the file itself, then you can't changes to the file contents, but you are still free to delete it.

This patch adds a similar level of seperation to the immutable attribute. It is possible to have immutable files that can be unlinked/renamed, and mutable files that can't be unlinked/renamed.

This is achieved through a new file attribute, which I have tentatively called "Immutable Linkage Invert". Note that "Linkage" refers to any change to a file that merely changes the list of filenames associated with it (hard links), not the actual contents.

Note: this patch currently works for ext2 and ext3 out of the box, but there is another version that will work on reiserfs with the latest patches from namesys.com already applied.

The below table denotes the behaviour of the new attribute.

ImmutableImmutable Linkage InvertFile Data ImmutableFile Linkage Immutable

For backwards compatibility, if this new flag is unset, the the old behaviour of immutability is retained completely. If it is set, then the "Immutable Linkage" of the file is the opposite of the "Immutableness" of the file - hence the name, Immutable Linkage Invert.

This change requires a patch to the Linux kernel, and a patch to e2fsprogs. After both the kernel and e2fsprogs have been patched, you should see behaviour like this:

[root@vshost tmp]# chattr +I file1 file3
[root@vshost tmp]# chattr +i file1 file2
[root@vshost tmp]# lsattr 
---iI--------- ./file1
---i---------- ./file2
----I--------- ./file3
-------------- ./file4
[root@vshost tmp]# rm -f file3
rm: cannot unlink `file3': Operation not permitted
[root@vshost tmp]# echo "Cheese" >> file1
bash: file1: Permission denied
[root@vshost tmp]# echo "Cheese" >> file2
bash: file2: Permission denied
[root@vshost tmp]# echo "Cheese" >> file3
[root@vshost tmp]# echo "Cheese" >> file4
[root@vshost tmp]# rm -f file*
rm: cannot unlink `file2': Operation not permitted
rm: cannot unlink `file3': Operation not permitted
[root@vshost tmp]# lsattr 
---i---------- ./file2
----I--------- ./file3
[root@vshost tmp]# 


I have made some .rpms of the patched e2fsprogs for Redhat 6.2 and 7.1. I have tested the version for 7.1, but not 6.2, so please let me know if it works.

PackageRedhat 6.2 .rpmRedhat 7.1 .rpm.srpm
e2fsprogs420,461 bytes535,084 bytes1,210,173 bytes
e2fsprogs-devel424,015 bytes535,084 bytes

Sam Vilain, sam@vilain.net

Back to homepage