# cdrtools and XATTR

## Xywa

Hi,

During system's update I have found such message bellow. Do I need to switch on XATTR in kernel? I usually use k3b.

```
 * Messages for package app-cdr/cdrtools-3.01_alpha17-r1:

 * Could not set caps on '/usr/bin/cdrecord' due to missing filesystem support:

 * * enable XATTR support for 'ext2/ext3' in your kernel (if configurable)

 * * mount the fs with the user_xattr option (if not the default)

 * * enable the relevant FS_SECURITY option (if configurable)

 * Could not set caps on '/usr/bin/cdda2wav' due to missing filesystem support:

 * * enable XATTR support for 'ext2/ext3' in your kernel (if configurable)

 * * mount the fs with the user_xattr option (if not the default)

 * * enable the relevant FS_SECURITY option (if configurable)

 * Could not set caps on '/usr/bin/readcd' due to missing filesystem support:

 * * enable XATTR support for 'ext2/ext3' in your kernel (if configurable)

 * * mount the fs with the user_xattr option (if not the default)

 * * enable the relevant FS_SECURITY option (if configurable)

>>> Auto-cleaning packages...

```

----------

## RobPearce

Same question here. I'm using EXT4 so it's the FS_SECURITY that cdrtools wants - but the kernel help says it's for SELinux.

----------

## p04ty

What is that "caps" anyway?

----------

## mv

If you use "caps" (and your filesystem has corresponding attributes), you can use cdrtools as a user, and the program will get the required privileges. Otherwise, you either have to make it SUID root or to run it only as root which is both not an ideal solution (especiall SUID root is usually a bad idea concerning security).

----------

## gcyoung

I have the same result after a systemd update even though I have now added XATTR to my kernel.

As above, I'd like to know what "caps" are. Mv tells us what they 'do', but not what they 'are'. I use k3b to burn CD's/DVD's and have never had a problem doing this as an ordinary user, so I image it probably doesn't matter!

----------

## mv

 *gcyoung wrote:*   

> As above, I'd like to know what "caps" are. Mv tells us what they 'do', but not what they 'are'.

 

Caps are "capabilities": The kernel gives these to programs which have certain special information stored in extended attributes.

So for it to work, your filesystem must support security attributes, and the kernel must be configured to honour them.

 *Quote:*   

> I use k3b to burn CD's/DVD's and have never had a problem doing this as an ordinary user

 

Some versions of k3b suggest to change cdrtools to SUID root; maybe it even automatically changes it.

Moreover, cdrtools can do most things also in user mode, but some certain special SCSI sequences can be used only if the program has corresponding capabilities (or is root). I do not know the details, but without these sequences it might happen that you CD is written in a suboptimal way (it might then contain some gaps etc.); you need special hardware to check whether the written CD is really good or whether you are just "saved" by some error correction.

----------

## gcyoung

Nice, clear explanation. Thanks Mv.

----------

