From debbugs-submit-bounces@debbugs.gnu.org Thu Dec 06 08:08:31 2018 Received: (at submit) by debbugs.gnu.org; 6 Dec 2018 13:08:31 +0000 Received: from localhost ([127.0.0.1]:35016 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gUtOJ-0001NG-29 for submit@debbugs.gnu.org; Thu, 06 Dec 2018 08:08:31 -0500 Received: from eggs.gnu.org ([208.118.235.92]:55454) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gUtOH-0001N1-6D for submit@debbugs.gnu.org; Thu, 06 Dec 2018 08:08:29 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gUtOB-0004FF-37 for submit@debbugs.gnu.org; Thu, 06 Dec 2018 08:08:23 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:32807) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gUtOA-0004F3-Vq for submit@debbugs.gnu.org; Thu, 06 Dec 2018 08:08:23 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36819) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gUtO9-0001Op-WD for bug-coreutils@gnu.org; Thu, 06 Dec 2018 08:08:22 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gUtO4-00049j-SE for bug-coreutils@gnu.org; Thu, 06 Dec 2018 08:08:21 -0500 Received: from mx1.redhat.com ([209.132.183.28]:44186) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gUtO2-00044k-Pr for bug-coreutils@gnu.org; Thu, 06 Dec 2018 08:08:15 -0500 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8FC85A4045 for ; Thu, 6 Dec 2018 13:08:10 +0000 (UTC) Received: from localhost.localdomain (unknown [10.43.2.44]) by smtp.corp.redhat.com (Postfix) with ESMTP id DBA5860F89; Thu, 6 Dec 2018 13:08:09 +0000 (UTC) From: Kamil Dudka To: bug-coreutils@gnu.org Subject: [PATCH] cp --preserve=xattr: preserve NFSv4 ACL extended attributes Date: Thu, 6 Dec 2018 14:08:09 +0100 Message-Id: <20181206130809.11864-1-kdudka@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Thu, 06 Dec 2018 13:08:10 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.1 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.1 (-----) ... which cannot be preserved by other means Bug: https://bugzilla.redhat.com/1031423#c4 --- src/copy.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/src/copy.c b/src/copy.c index 3221b9997..754c5e1aa 100644 --- a/src/copy.c +++ b/src/copy.c @@ -640,6 +640,17 @@ copy_attr_free (struct error_context *ctx _GL_UNUSED, { } +/* Include NFSv4 ACL extended attributes, which cannot be preserved by + other means. Otherwise honor attributes configured for exclusion + in /etc/xattr.conf. Return zero to skip. */ +static int +check_not_nfs4_acl (const char *name, struct error_context *ctx) +{ + return attr_copy_check_permissions(name, ctx) + || !STRNCMP_LIT (name, "system.nfs4_acl") + || !STRNCMP_LIT (name, "system.nfs4acl"); +} + /* Exclude SELinux extended attributes that are otherwise handled, and are problematic to copy again. Also honor attributes configured for exclusion in /etc/xattr.conf. @@ -649,7 +660,7 @@ static int check_selinux_attr (const char *name, struct error_context *ctx) { return STRNCMP_LIT (name, "security.selinux") - && attr_copy_check_permissions (name, ctx); + && check_not_nfs4_acl (name, ctx); } /* If positive SRC_FD and DST_FD descriptors are passed, @@ -663,6 +674,9 @@ copy_attr (char const *src_path, int src_fd, bool all_errors = (!x->data_copy_required || x->require_preserve_xattr); bool some_errors = (!all_errors && !x->reduce_diagnostics); bool selinux_done = (x->preserve_security_context || x->set_security_context); + int (*check) (const char *, struct error_context *) = (selinux_done) + ? check_selinux_attr + : check_not_nfs4_acl; struct error_context ctx = { .error = all_errors ? copy_attr_allerror : copy_attr_error, @@ -670,12 +684,10 @@ copy_attr (char const *src_path, int src_fd, .quote_free = copy_attr_free }; if (0 <= src_fd && 0 <= dst_fd) - ret = attr_copy_fd (src_path, src_fd, dst_path, dst_fd, - selinux_done ? check_selinux_attr : NULL, + ret = attr_copy_fd (src_path, src_fd, dst_path, dst_fd, check, (all_errors || some_errors ? &ctx : NULL)); else - ret = attr_copy_file (src_path, dst_path, - selinux_done ? check_selinux_attr : NULL, + ret = attr_copy_file (src_path, dst_path, check, (all_errors || some_errors ? &ctx : NULL)); return ret == 0; -- 2.17.2 From debbugs-submit-bounces@debbugs.gnu.org Mon Feb 11 00:07:28 2019 Received: (at 33644) by debbugs.gnu.org; 11 Feb 2019 05:07:28 +0000 Received: from localhost ([127.0.0.1]:43051 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gt3oW-0004Jy-BR for submit@debbugs.gnu.org; Mon, 11 Feb 2019 00:07:28 -0500 Received: from mail.magicbluesmoke.com ([82.195.144.49]:53412) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gt3oU-0004Jp-2F for 33644@debbugs.gnu.org; Mon, 11 Feb 2019 00:07:26 -0500 Received: from localhost.localdomain (unknown [76.21.115.186]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.magicbluesmoke.com (Postfix) with ESMTPSA id 3F797A3B1; Mon, 11 Feb 2019 05:07:21 +0000 (GMT) Subject: Re: bug#33644: [PATCH] cp --preserve=xattr: preserve NFSv4 ACL extended attributes To: Kamil Dudka , 33644@debbugs.gnu.org References: <20181206130809.11864-1-kdudka@redhat.com> From: =?UTF-8?Q?P=c3=a1draig_Brady?= Message-ID: Date: Sun, 10 Feb 2019 21:07:18 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <20181206130809.11864-1-kdudka@redhat.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 33644 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) On 06/12/18 05:08, Kamil Dudka wrote: > ... which cannot be preserved by other means > > Bug: https://bugzilla.redhat.com/1031423#c4 > --- > src/copy.c | 22 +++++++++++++++++----- > 1 file changed, 17 insertions(+), 5 deletions(-) > > diff --git a/src/copy.c b/src/copy.c > index 3221b9997..754c5e1aa 100644 > --- a/src/copy.c > +++ b/src/copy.c > @@ -640,6 +640,17 @@ copy_attr_free (struct error_context *ctx _GL_UNUSED, > { > } > > +/* Include NFSv4 ACL extended attributes, which cannot be preserved by > + other means. Otherwise honor attributes configured for exclusion > + in /etc/xattr.conf. Return zero to skip. */ > +static int > +check_not_nfs4_acl (const char *name, struct error_context *ctx) > +{ > + return attr_copy_check_permissions(name, ctx) > + || !STRNCMP_LIT (name, "system.nfs4_acl") > + || !STRNCMP_LIT (name, "system.nfs4acl"); > +} > + > /* Exclude SELinux extended attributes that are otherwise handled, > and are problematic to copy again. Also honor attributes > configured for exclusion in /etc/xattr.conf. > @@ -649,7 +660,7 @@ static int > check_selinux_attr (const char *name, struct error_context *ctx) > { > return STRNCMP_LIT (name, "security.selinux") > - && attr_copy_check_permissions (name, ctx); > + && check_not_nfs4_acl (name, ctx); > } > > /* If positive SRC_FD and DST_FD descriptors are passed, > @@ -663,6 +674,9 @@ copy_attr (char const *src_path, int src_fd, > bool all_errors = (!x->data_copy_required || x->require_preserve_xattr); > bool some_errors = (!all_errors && !x->reduce_diagnostics); > bool selinux_done = (x->preserve_security_context || x->set_security_context); > + int (*check) (const char *, struct error_context *) = (selinux_done) > + ? check_selinux_attr > + : check_not_nfs4_acl; > struct error_context ctx = > { > .error = all_errors ? copy_attr_allerror : copy_attr_error, > @@ -670,12 +684,10 @@ copy_attr (char const *src_path, int src_fd, > .quote_free = copy_attr_free > }; > if (0 <= src_fd && 0 <= dst_fd) > - ret = attr_copy_fd (src_path, src_fd, dst_path, dst_fd, > - selinux_done ? check_selinux_attr : NULL, > + ret = attr_copy_fd (src_path, src_fd, dst_path, dst_fd, check, > (all_errors || some_errors ? &ctx : NULL)); > else > - ret = attr_copy_file (src_path, dst_path, > - selinux_done ? check_selinux_attr : NULL, > + ret = attr_copy_file (src_path, dst_path, check, > (all_errors || some_errors ? &ctx : NULL)); > > return ret == 0; > This patch is confusing to read, though looks functional. It's clearer of you rename check_not_nfs4_acl() to check_but_allow_nfs4_acl(). So in summary, any xattr in /etc/xattr.conf is _not_ copied. You want to essentially ignore the nfs4 entries in that config file. So why not just remove the entries from that file? Is that something that could be done in attr.git? Why would one want to treat nfs4 attrs differently to the posix_acl_access attrs? thanks, Pádraig. From debbugs-submit-bounces@debbugs.gnu.org Mon Feb 11 06:49:39 2019 Received: (at 33644) by debbugs.gnu.org; 11 Feb 2019 11:49:39 +0000 Received: from localhost ([127.0.0.1]:43229 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gtA5j-0005un-65 for submit@debbugs.gnu.org; Mon, 11 Feb 2019 06:49:39 -0500 Received: from mx1.redhat.com ([209.132.183.28]:59968) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gtA5g-0005ua-VI for 33644@debbugs.gnu.org; Mon, 11 Feb 2019 06:49:37 -0500 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 302C6C049589; Mon, 11 Feb 2019 11:49:31 +0000 (UTC) Received: from kdudka-nb.localnet (unknown [10.43.2.246]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5C62160A9A; Mon, 11 Feb 2019 11:49:30 +0000 (UTC) From: Kamil Dudka To: =?ISO-8859-1?Q?P=E1draig?= Brady Subject: Re: bug#33644: [PATCH] cp --preserve=xattr: preserve NFSv4 ACL extended attributes Date: Mon, 11 Feb 2019 12:50:11 +0100 Message-ID: <5715007.UKFcK3GVW6@kdudka-nb> In-Reply-To: References: <20181206130809.11864-1-kdudka@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-1" X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Mon, 11 Feb 2019 11:49:31 +0000 (UTC) X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 33644 Cc: 33644@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) On Monday, February 11, 2019 6:07:18 AM CET P=E1draig Brady wrote: > On 06/12/18 05:08, Kamil Dudka wrote: > > ... which cannot be preserved by other means > >=20 > > Bug: https://bugzilla.redhat.com/1031423#c4 > > --- > >=20 > > src/copy.c | 22 +++++++++++++++++----- > > 1 file changed, 17 insertions(+), 5 deletions(-) > >=20 > > diff --git a/src/copy.c b/src/copy.c > > index 3221b9997..754c5e1aa 100644 > > --- a/src/copy.c > > +++ b/src/copy.c > > @@ -640,6 +640,17 @@ copy_attr_free (struct error_context *ctx _GL_UNUS= ED, > >=20 > > { > > } > >=20 > > +/* Include NFSv4 ACL extended attributes, which cannot be preserved by > > + other means. Otherwise honor attributes configured for exclusion > > + in /etc/xattr.conf. Return zero to skip. */ > > +static int > > +check_not_nfs4_acl (const char *name, struct error_context *ctx) > > +{ > > + return attr_copy_check_permissions(name, ctx) > > + || !STRNCMP_LIT (name, "system.nfs4_acl") > > + || !STRNCMP_LIT (name, "system.nfs4acl"); > > +} > > + > >=20 > > /* Exclude SELinux extended attributes that are otherwise handled, > > =20 > > and are problematic to copy again. Also honor attributes > > configured for exclusion in /etc/xattr.conf. > >=20 > > @@ -649,7 +660,7 @@ static int > >=20 > > check_selinux_attr (const char *name, struct error_context *ctx) > > { > > =20 > > return STRNCMP_LIT (name, "security.selinux") > >=20 > > - && attr_copy_check_permissions (name, ctx); > > + && check_not_nfs4_acl (name, ctx); > >=20 > > } > > =20 > > /* If positive SRC_FD and DST_FD descriptors are passed, > >=20 > > @@ -663,6 +674,9 @@ copy_attr (char const *src_path, int src_fd, > >=20 > > bool all_errors =3D (!x->data_copy_required || > > x->require_preserve_xattr); > > bool some_errors =3D (!all_errors && !x->reduce_diagnostics); > > bool selinux_done =3D (x->preserve_security_context || > > x->set_security_context);>=20 > > + int (*check) (const char *, struct error_context *) =3D (selinux_don= e) > > + ? check_selinux_attr > > + : check_not_nfs4_acl; > >=20 > > struct error_context ctx =3D > > { > > =20 > > .error =3D all_errors ? copy_attr_allerror : copy_attr_error, > >=20 > > @@ -670,12 +684,10 @@ copy_attr (char const *src_path, int src_fd, > >=20 > > .quote_free =3D copy_attr_free > > =20 > > }; > > if (0 <=3D src_fd && 0 <=3D dst_fd) > >=20 > > - ret =3D attr_copy_fd (src_path, src_fd, dst_path, dst_fd, > > - selinux_done ? check_selinux_attr : NULL, > > + ret =3D attr_copy_fd (src_path, src_fd, dst_path, dst_fd, check, > >=20 > > (all_errors || some_errors ? &ctx : NULL)); > > =20 > > else > >=20 > > - ret =3D attr_copy_file (src_path, dst_path, > > - selinux_done ? check_selinux_attr : NULL, > > + ret =3D attr_copy_file (src_path, dst_path, check, > >=20 > > (all_errors || some_errors ? &ctx : NULL)); > > =20 > > return ret =3D=3D 0; >=20 > This patch is confusing to read, though looks functional. I can submit deduplication of the `selinux_done ? check_selinux_attr : NULL= `=20 code as a separate patch if you prefer it. > It's clearer of you rename check_not_nfs4_acl() to > check_but_allow_nfs4_acl(). =46ine by me. > So in summary, any xattr in /etc/xattr.conf is _not_ copied. > You want to essentially ignore the nfs4 entries in that config file. > So why not just remove the entries from that file? See how xattr.conf is documented: # Actions: # permissions - copy when trying to preserve permissions. # skip - do not copy. The fact that coreutils handles `persmissions` equally as `skip` is IMO a=20 problem of coreutils, not a problem of xattr.conf. > Is that something that could be done in attr.git? I think that the information in xattr.conf is correct. system.nfs4_acl is= =20 really an attribute one wants to copy when trying to preserve permissions. > Why would one want to treat nfs4 attrs differently to the posix_acl_access > attrs? It was written in the commit message. One can use `cp --preserve=3Dmode` to preserve POSIX ACLs whereas the only way to preserve NFSv4 ACLs was `cp --preserve=3Dxattr`. > thanks, > P=E1draig. On Monday, February 11, 2019 6:21:49 AM CET P=E1draig Brady wrote: > BTW is there anything interesting behind this paywall I can't access? > https://access.redhat.com/solutions/115043 It just says that `cp a b` does not preserve NFSv4 ACLs whereas `cp -a a b`, `cp --preserve=3Dall a b`, or `cp --preserve=3Dxattr a b` does. Unfortunat= ely,=20 this is currently true only for Red Hat Enterprise Linux. Kamil From debbugs-submit-bounces@debbugs.gnu.org Mon Feb 11 13:30:49 2019 Received: (at 33644) by debbugs.gnu.org; 11 Feb 2019 18:30:49 +0000 Received: from localhost ([127.0.0.1]:44072 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gtGLw-0006Jm-Ri for submit@debbugs.gnu.org; Mon, 11 Feb 2019 13:30:49 -0500 Received: from mail.magicbluesmoke.com ([82.195.144.49]:38272) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gtGLu-0006G1-9l for 33644@debbugs.gnu.org; Mon, 11 Feb 2019 13:30:47 -0500 Received: from localhost.localdomain (unknown [76.21.115.186]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.magicbluesmoke.com (Postfix) with ESMTPSA id 28627A472; Mon, 11 Feb 2019 18:30:43 +0000 (GMT) Subject: Re: bug#33644: [PATCH] cp --preserve=xattr: preserve NFSv4 ACL extended attributes To: Kamil Dudka References: <20181206130809.11864-1-kdudka@redhat.com> <5715007.UKFcK3GVW6@kdudka-nb> From: =?UTF-8?Q?P=c3=a1draig_Brady?= Message-ID: Date: Mon, 11 Feb 2019 10:30:42 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <5715007.UKFcK3GVW6@kdudka-nb> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 33644 Cc: 33644@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) On 11/02/19 03:50, Kamil Dudka wrote: > On Monday, February 11, 2019 6:07:18 AM CET Pádraig Brady wrote: >> On 06/12/18 05:08, Kamil Dudka wrote: >>> ... which cannot be preserved by other means >>> >>> Bug: https://bugzilla.redhat.com/1031423#c4 >>> --- >>> >>> src/copy.c | 22 +++++++++++++++++----- >>> 1 file changed, 17 insertions(+), 5 deletions(-) >>> >>> diff --git a/src/copy.c b/src/copy.c >>> index 3221b9997..754c5e1aa 100644 >>> --- a/src/copy.c >>> +++ b/src/copy.c >>> @@ -640,6 +640,17 @@ copy_attr_free (struct error_context *ctx _GL_UNUSED, >>> >>> { >>> } >>> >>> +/* Include NFSv4 ACL extended attributes, which cannot be preserved by >>> + other means. Otherwise honor attributes configured for exclusion >>> + in /etc/xattr.conf. Return zero to skip. */ >>> +static int >>> +check_not_nfs4_acl (const char *name, struct error_context *ctx) >>> +{ >>> + return attr_copy_check_permissions(name, ctx) >>> + || !STRNCMP_LIT (name, "system.nfs4_acl") >>> + || !STRNCMP_LIT (name, "system.nfs4acl"); >>> +} >>> + >>> >>> /* Exclude SELinux extended attributes that are otherwise handled, >>> >>> and are problematic to copy again. Also honor attributes >>> configured for exclusion in /etc/xattr.conf. >>> >>> @@ -649,7 +660,7 @@ static int >>> >>> check_selinux_attr (const char *name, struct error_context *ctx) >>> { >>> >>> return STRNCMP_LIT (name, "security.selinux") >>> >>> - && attr_copy_check_permissions (name, ctx); >>> + && check_not_nfs4_acl (name, ctx); >>> >>> } >>> >>> /* If positive SRC_FD and DST_FD descriptors are passed, >>> >>> @@ -663,6 +674,9 @@ copy_attr (char const *src_path, int src_fd, >>> >>> bool all_errors = (!x->data_copy_required || >>> x->require_preserve_xattr); >>> bool some_errors = (!all_errors && !x->reduce_diagnostics); >>> bool selinux_done = (x->preserve_security_context || >>> x->set_security_context);> >>> + int (*check) (const char *, struct error_context *) = (selinux_done) >>> + ? check_selinux_attr >>> + : check_not_nfs4_acl; >>> >>> struct error_context ctx = >>> { >>> >>> .error = all_errors ? copy_attr_allerror : copy_attr_error, >>> >>> @@ -670,12 +684,10 @@ copy_attr (char const *src_path, int src_fd, >>> >>> .quote_free = copy_attr_free >>> >>> }; >>> if (0 <= src_fd && 0 <= dst_fd) >>> >>> - ret = attr_copy_fd (src_path, src_fd, dst_path, dst_fd, >>> - selinux_done ? check_selinux_attr : NULL, >>> + ret = attr_copy_fd (src_path, src_fd, dst_path, dst_fd, check, >>> >>> (all_errors || some_errors ? &ctx : NULL)); >>> >>> else >>> >>> - ret = attr_copy_file (src_path, dst_path, >>> - selinux_done ? check_selinux_attr : NULL, >>> + ret = attr_copy_file (src_path, dst_path, check, >>> >>> (all_errors || some_errors ? &ctx : NULL)); >>> >>> return ret == 0; >> >> This patch is confusing to read, though looks functional. > > I can submit deduplication of the `selinux_done ? check_selinux_attr : NULL` > code as a separate patch if you prefer it. > >> It's clearer of you rename check_not_nfs4_acl() to >> check_but_allow_nfs4_acl(). > > Fine by me. > >> So in summary, any xattr in /etc/xattr.conf is _not_ copied. >> You want to essentially ignore the nfs4 entries in that config file. >> So why not just remove the entries from that file? > > See how xattr.conf is documented: > > # Actions: > # permissions - copy when trying to preserve permissions. > # skip - do not copy. > > The fact that coreutils handles `persmissions` equally as `skip` is IMO a > problem of coreutils, not a problem of xattr.conf. > >> Is that something that could be done in attr.git? > > I think that the information in xattr.conf is correct. system.nfs4_acl is > really an attribute one wants to copy when trying to preserve permissions. Right. What I was getting at was attr_copy_file() from libattr seems to skip all entries in xattr.conf by default. I need to dig in to see what's preserving system.posix_acl_access (these might be implicitly generated upon attr reading for example). My question was why does coreutils need to explicitly handle the nfs4 acls if it doesn't need to handle the posix ones. I'm not saying the patch is wrong at all, I'm just not seeing the full picture. > >> Why would one want to treat nfs4 attrs differently to the posix_acl_access >> attrs? > > It was written in the commit message. One can use `cp --preserve=mode` > to preserve POSIX ACLs whereas the only way to preserve NFSv4 ACLs was > `cp --preserve=xattr`. > >> thanks, >> Pádraig. > > On Monday, February 11, 2019 6:21:49 AM CET Pádraig Brady wrote: >> BTW is there anything interesting behind this paywall I can't access? >> https://access.redhat.com/solutions/115043 > > It just says that `cp a b` does not preserve NFSv4 ACLs whereas `cp -a a b`, > `cp --preserve=all a b`, or `cp --preserve=xattr a b` does. Unfortunately, > this is currently true only for Red Hat Enterprise Linux. I'll dig in some more. thanks, Pádraig From debbugs-submit-bounces@debbugs.gnu.org Tue Feb 12 07:03:01 2019 Received: (at 33644) by debbugs.gnu.org; 12 Feb 2019 12:03:01 +0000 Received: from localhost ([127.0.0.1]:44477 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gtWmC-0005ox-S3 for submit@debbugs.gnu.org; Tue, 12 Feb 2019 07:03:01 -0500 Received: from mx1.redhat.com ([209.132.183.28]:58148) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gtWmB-0005ok-8c for 33644@debbugs.gnu.org; Tue, 12 Feb 2019 07:02:59 -0500 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6A27280F7A; Tue, 12 Feb 2019 12:02:53 +0000 (UTC) Received: from kdudka-nb.localnet (unknown [10.43.2.246]) by smtp.corp.redhat.com (Postfix) with ESMTP id C5BA6648B6; Tue, 12 Feb 2019 12:02:52 +0000 (UTC) From: Kamil Dudka To: =?ISO-8859-1?Q?P=E1draig?= Brady Subject: Re: bug#33644: [PATCH] cp --preserve=xattr: preserve NFSv4 ACL extended attributes Date: Tue, 12 Feb 2019 13:03:34 +0100 Message-ID: <1891831.qNVIlpH7AN@kdudka-nb> In-Reply-To: References: <20181206130809.11864-1-kdudka@redhat.com> <5715007.UKFcK3GVW6@kdudka-nb> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-1" X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Tue, 12 Feb 2019 12:02:53 +0000 (UTC) X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 33644 Cc: 33644@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) On Monday, February 11, 2019 7:30:42 PM CET P=E1draig Brady wrote: > On 11/02/19 03:50, Kamil Dudka wrote: > > I think that the information in xattr.conf is correct. system.nfs4_acl= is > > really an attribute one wants to copy when trying to preserve permissio= ns. >=20 > Right. What I was getting at was attr_copy_file() from libattr seems > to skip all entries in xattr.conf by default. I need to dig in to > see what's preserving system.posix_acl_access (these might be > implicitly generated upon attr reading for example). I do not know the reasoning behind the default behavior of attr_copy_file(). There is a comment before the function definition but it does not talk about NFSv4 ACLs: http://git.savannah.nongnu.org/cgit/attr.git/tree/libattr/attr_copy_file.c?= id=3Dcb4786f1#n54 > My question was why does coreutils need to explicitly handle > the nfs4 acls if it doesn't need to handle the posix ones. I think the answer is obvious. cp is able preserve POSIX ACLs at a higher level (using gnulib's acl module, which uses libacl internally on Linux). There is, unfortunately, no such module (neither library) for NFSv4 ACLs. So copying the value of the low-level attribute is currently the only way to make cp preserve NFSv4 ACLs. Kamil From debbugs-submit-bounces@debbugs.gnu.org Sat Mar 02 21:07:59 2019 Received: (at 33644) by debbugs.gnu.org; 3 Mar 2019 02:07:59 +0000 Received: from localhost ([127.0.0.1]:57995 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h0GXm-0002Nr-Pl for submit@debbugs.gnu.org; Sat, 02 Mar 2019 21:07:59 -0500 Received: from mail.magicbluesmoke.com ([82.195.144.49]:36600) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h0GXl-0002Ng-Cs; Sat, 02 Mar 2019 21:07:57 -0500 Received: from localhost.localdomain (unknown [76.21.115.186]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.magicbluesmoke.com (Postfix) with ESMTPSA id 8A055AF79; Sun, 3 Mar 2019 02:07:55 +0000 (GMT) Subject: Re: bug#33644: [PATCH] cp --preserve=xattr: preserve NFSv4 ACL extended attributes To: Kamil Dudka References: <20181206130809.11864-1-kdudka@redhat.com> <5715007.UKFcK3GVW6@kdudka-nb> <1891831.qNVIlpH7AN@kdudka-nb> From: =?UTF-8?Q?P=c3=a1draig_Brady?= Message-ID: <8474bab1-da56-402f-5bd2-160d513ab6c3@draigBrady.com> Date: Sat, 2 Mar 2019 18:07:53 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <1891831.qNVIlpH7AN@kdudka-nb> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 33644 Cc: 33644@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) tag 33644 notabug close 33644 stop rationale below... On 12/02/19 04:03, Kamil Dudka wrote: > On Monday, February 11, 2019 7:30:42 PM CET Pádraig Brady wrote: >> On 11/02/19 03:50, Kamil Dudka wrote: >>> I think that the information in xattr.conf is correct. system.nfs4_acl is >>> really an attribute one wants to copy when trying to preserve permissions. >> >> Right. What I was getting at was attr_copy_file() from libattr seems >> to skip all entries in xattr.conf by default. I need to dig in to >> see what's preserving system.posix_acl_access (these might be >> implicitly generated upon attr reading for example). > > I do not know the reasoning behind the default behavior of attr_copy_file(). > There is a comment before the function definition but it does not talk about > NFSv4 ACLs: > > http://git.savannah.nongnu.org/cgit/attr.git/tree/libattr/attr_copy_file.c?id=cb4786f1#n54 > >> My question was why does coreutils need to explicitly handle >> the nfs4 acls if it doesn't need to handle the posix ones. > > I think the answer is obvious. cp is able preserve POSIX ACLs at a higher > level (using gnulib's acl module, which uses libacl internally on Linux). > There is, unfortunately, no such module (neither library) for NFSv4 ACLs. > So copying the value of the low-level attribute is currently the only way > to make cp preserve NFSv4 ACLs. You used "obvious" and "ACLs" in the same email :) Looking a bit more... So attr_copy_file() copies all except those defined in /etc/xattr.conf ACL xattrs are listed in that file with the rationale from a comment in libattr being: "ACLs are excluded by default because copying them between file systems with and without ACL support needs some additional logic so that no unexpected permissions result." So the ACL handling specifically is deferred to libacl. Now system.posix_acl_access is handled by libacl, but system.nfs4_acl is not. So I think the correct fix here is to remove the nfs entries from /etc/xattr.conf, and then cp will copy. This has the advantage of being configurable, and also removes nfs4 specific handling from cp. Any nfs4 specific handling should be in libacl. thanks, Pádraig From debbugs-submit-bounces@debbugs.gnu.org Mon Mar 04 04:37:46 2019 Received: (at 33644) by debbugs.gnu.org; 4 Mar 2019 09:37:46 +0000 Received: from localhost ([127.0.0.1]:58948 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h0k2b-0001rU-Rr for submit@debbugs.gnu.org; Mon, 04 Mar 2019 04:37:46 -0500 Received: from mx1.redhat.com ([209.132.183.28]:41138) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h0k2Z-0001rD-Tk for 33644@debbugs.gnu.org; Mon, 04 Mar 2019 04:37:44 -0500 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E7FC88830B; Mon, 4 Mar 2019 09:37:37 +0000 (UTC) Received: from kdudka-nb.localnet (unknown [10.43.2.82]) by smtp.corp.redhat.com (Postfix) with ESMTP id 17A37519C1; Mon, 4 Mar 2019 09:37:36 +0000 (UTC) From: Kamil Dudka To: =?ISO-8859-1?Q?P=E1draig?= Brady Subject: Re: bug#33644: [PATCH] cp --preserve=xattr: preserve NFSv4 ACL extended attributes Date: Mon, 04 Mar 2019 10:38:27 +0100 Message-ID: <34489326.mP440nPcYt@kdudka-nb> In-Reply-To: <8474bab1-da56-402f-5bd2-160d513ab6c3@draigBrady.com> References: <20181206130809.11864-1-kdudka@redhat.com> <1891831.qNVIlpH7AN@kdudka-nb> <8474bab1-da56-402f-5bd2-160d513ab6c3@draigBrady.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-1" X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Mon, 04 Mar 2019 09:37:38 +0000 (UTC) X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 33644 Cc: bug-coreutils@gnu.org, 33644@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) On Sunday, March 3, 2019 3:07:53 AM CET P=E1draig Brady wrote: > So attr_copy_file() copies all except those defined in /etc/xattr.conf =2E.. which is, however, not how xattr.conf is currently documented: # /etc/xattr.conf # # Format: # # # Actions: # permissions - copy when trying to preserve permissions. # skip - do not copy. > ACL xattrs are listed in that file with the rationale from a comment in > libattr being: >=20 > "ACLs are excluded by default because copying them between > file systems with and without ACL support needs some > additional logic so that no unexpected permissions result." >=20 > So the ACL handling specifically is deferred to libacl. > Now system.posix_acl_access is handled by libacl, > but system.nfs4_acl is not. True. > So I think the correct fix here is to remove the > nfs entries from /etc/xattr.conf, and then cp will copy. OK, I will propose it on the acl-devel mailing list, together with updating= =20 the documentation of xattr.conf. We will see what attr/acl upstream thinks= =20 about it. > This has the advantage of being configurable, > and also removes nfs4 specific handling from cp. > Any nfs4 specific handling should be in libacl. So you think it should. Nevertheless, in reality, libacl is not aware of NFSv4 ACLs at all. And I am not aware of any plans to change this. Kamil > thanks, > P=E1draig From unknown Fri Sep 05 15:37:11 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Mon, 01 Apr 2019 11:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator