TOC   Previous   Next

Extended Attributes

How

Extended attributes are name-value pairs.

• Each file can have multiple EAs.
  
  
• Name is a null-terminated, case-sensitive string, up to 255 characters.
  
  
• Value can be up to 64kB (VFS limit).
  
  
• Some file systems impose limits on total data in EAs that are associated with a file.

  e.g., one disk block for ext2 and ext3.

EA Names and Namespaces

EA names are of the form namespace.name.

namespace is one of the following:

• user: can be manipulated by unprivileged userland processes, subject to file permissions;

  • retrieving EA value requires read permission; changing EA value requires write permission.
    
    
  • Some file systems (e.g., ext2, etx3, Reiserfs) require mount -o user_xattr.

• trusted: can be manipulated by privileged (CAP_SYS_ADMIN) userland processes;
  
  
• extended: used by kernel to associate system objects with a file.

  • Only current use is to implement Access Control Lists (ACLs).

• security: provided to support storage of file security labels for operating system security modules (devised to support SELinux).
  
  

(C) 2006, Michael Kerrisk