On Mon, Oct 11, 2004 at 05:49:00PM +0200, Manuel Bouyer wrote:
> Hi,
> I've build a box where I used (among other things) the schg flags where
> possible to increase security. Then I've done a dump of this system,
> and I can't fully restore it: restore puts the schg flags before creating
> the hard links:
> extract special file ./dev/systrace
> extract special file ./dev/lkm
> extract special file ./dev/clockctl
> Add links
> warning: cannot create hard link ./bin/cpio->./bin/tar: Operation not permitted
> warning: cannot create hard link ./bin/pax->./bin/tar: Operation not permitted
> [...]
> pop# ls -ldo bin
> drwxr-xr-x  2 root  wheel  schg 512 Oct  7 16:04 bin

It's not because of the flags on the durectory, it' because of the
flags on the original file:
pop# ls -ldo
drwxr-xr-x  2 root  wheel  - 512 Oct 11 18:36 .
pop# ls -lo tar pax
ls: pax: No such file or directory
-r-xr-xr-x  1 root  wheel  schg 138497 Sep 18 22:16 tar
pop# ln tar pax
ln: pax: Operation not permitted

restore will delay restoring modes/flags for directories, but not for regular
files. We should probably keep in memory the flags on files as well, 
and restore them after the createlinks() step.
I didn't look closely at this, but maybe we can extend the mechanism used
for directories to regular files.
Comments ? Has anyone a better idea ?

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--