Richard W.M. Jones
2016-Oct-13 11:47 UTC
[Libguestfs] [PATCH] tar-in: Add workaround because tar doesn't restore capabilities (RHBZ#1384241).
Current GNU tar does not restore all extended attributes. In particular only user.* capabilities are restored (although all are saved in the tarball). To restore capabilities, SELinux security attributes, and other things we need to use --xattrs-include=* For further information on the tar bug, see: https://bugzilla.redhat.com/show_bug.cgi?id=771927 --- daemon/tar.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/daemon/tar.c b/daemon/tar.c index c5d9524..2ebd2fe 100644 --- a/daemon/tar.c +++ b/daemon/tar.c @@ -190,7 +190,11 @@ do_tar_in (const char *dir, const char *compress, int xattrs, int selinux, int a str_tar, dir, filter, chown_supported ? "" : "--no-same-owner ", - xattrs ? "--xattrs " : "", + /* --xattrs-include=* is a workaround for a bug + * in tar, and hopefully won't be required + * forever. See RHBZ#771927. + */ + xattrs ? "--xattrs --xattrs-include='*' " : "", selinux ? "--selinux " : "", acls ? "--acls " : "", error_file) == -1) { -- 2.9.3
Pino Toscano
2016-Oct-17 15:21 UTC
Re: [Libguestfs] [PATCH] tar-in: Add workaround because tar doesn't restore capabilities (RHBZ#1384241).
On Thursday, 13 October 2016 12:47:43 CEST Richard W.M. Jones wrote:> Current GNU tar does not restore all extended attributes. In > particular only user.* capabilities are restored (although all > are saved in the tarball). > > To restore capabilities, SELinux security attributes, and other things > we need to use --xattrs-include=* > > For further information on the tar bug, see: > https://bugzilla.redhat.com/show_bug.cgi?id=771927 > ---Pity tar cannot handle properly this kind of metadata... LGTM. Thanks, -- Pino Toscano
Reasonably Related Threads
- [PATCH 1/2] actions: tar_out: add xattrs and selinux optargs
- [PATCH v2] daemon: collect list of called external commands
- [PATCH] collect list of called external commands
- Re: [PATCH 6/6] lib: Use guestfs_int_make_temp_path in a few more places.
- [PATCH v2] daemon: Remove GUESTFSD_EXT_CMD.