New API: ntfs_chmod

Add an API to do the equivalent of `chmod [-r] MODE PATH` for NTFS filesystems. Files created on a linux ntfs-3g mount can not change permissions directly. New files and directories are created with rough windows equivalent of `chmod 777`. These wide open permissions can generate security warnings on windows after virt-v2v installs bits into `Program Files\Guestfs`. Behind the scenes we use `ntfssecaudit(8)` from `ntfsprogs` which is already part of the appliance. We only expose the chmod-style feature; the rest of `ntfssecaudit` is concerned reporting and managing fine grained windows security info which is way more than we need. Also note, `ntfssecaudit` needs to run on an unmounted partition so using this is more complicated than a traditional `chmod` call. Related: https://issues.redhat.com/browse/RHEL-104352 Signed-off-by: Cole Robinson <crobinso@redhat.com>
2026-03-22 07:03:38 +00:00 · 2025-09-06 09:36:15 -04:00
parent e218dd73cc
commit a2e7dfc73b
5 changed files with 58 additions and 1 deletions
--- a/gobject/Makefile.inc
+++ b/gobject/Makefile.inc
@@ -97,6 +97,7 @@ guestfs_gobject_headers= \
  include/guestfs-gobject/optargs-mktemp.h \
  include/guestfs-gobject/optargs-mount_9p.h \
  include/guestfs-gobject/optargs-mount_local.h \
+  include/guestfs-gobject/optargs-ntfs_chmod.h \
  include/guestfs-gobject/optargs-ntfsclone_out.h \
  include/guestfs-gobject/optargs-ntfsfix.h \
  include/guestfs-gobject/optargs-ntfsresize.h \
@@ -193,6 +194,7 @@ guestfs_gobject_sources= \
  src/optargs-mktemp.c \
  src/optargs-mount_9p.c \
  src/optargs-mount_local.c \
+  src/optargs-ntfs_chmod.c \
  src/optargs-ntfsclone_out.c \
  src/optargs-ntfsfix.c \
  src/optargs-ntfsresize.c \