[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
qcopy-acl: Fix copying of ACLs on CentOS 7
|
From: |
Bruno Haible |
|
Subject: |
qcopy-acl: Fix copying of ACLs on CentOS 7 |
|
Date: |
Mon, 15 Jul 2024 14:59:19 +0200 |
The CI of GNU sed shows a test failure of the Gnulib 'acl' tests on CentOS 7
[1]. Namely:
FAIL: test-copy-acl.sh
FAIL: test-copy-acl-1.sh
FAIL: test-copy-acl-2.sh
It can be reproduced like this:
$ echo 'Simple contents' > tmpfile0
$ echo 'Simple contents' > tmpfile2
$ chmod 600 tmpfile0
$ setfacl -m user:1:1 tmpfile0
$ getfacl tmpfile0
user::rw-
user:bin:--x
group::---
mask::--x
other::---
$ ./test-copy-acl tmpfile0 tmpfile2
$ getfacl tmpfile2
user::rw-
group::--x
other::---
The tests passed in older gnulib:
2018-01-01 PASS
2020-01-01 PASS
2023-01-01 PASS
2023-04-12 FAIL
2024-01-01 FAIL
So, it must have been a regression from the 2023-01-12 commit.
Debugging it, I see two invocations of is_attr_permissions:
is_attr_permissions("security.selinux",NULL) => 0
is_attr_permissions("system.posix_acl_access",NULL) => 0
It is the latter which causes libattr to copy no attributes.
The patch below fixes it.
[1] https://github.com/gnu-sed/ci-check/actions/runs/9935643107
2024-07-15 Bruno Haible <bruno@clisp.org>
qcopy-acl: Fix copying of ACLs on CentOS 7 (regression 2023-01-12).
* lib/qcopy-acl.c: Include <string.h>, <linux/xattr.h>.
(XATTR_NAME_NFSV4_ACL, XATTR_NAME_POSIX_ACL_ACCESS,
XATTR_NAME_POSIX_ACL_DEFAULT): New macros, from file-has-acl.c.
(is_attr_permissions): Test for these names explicitly.
* m4/acl.m4 (gl_QCOPY_ACL): New macro.
* modules/qcopy-acl (Files): Add m4/acl.m4.
(configure.ac): Invoke gl_QCOPY_ACL.
diff --git a/lib/qcopy-acl.c b/lib/qcopy-acl.c
index dfc39cead0..877f42588b 100644
--- a/lib/qcopy-acl.c
+++ b/lib/qcopy-acl.c
@@ -26,6 +26,20 @@
#if USE_XATTR
# include <attr/libattr.h>
+# include <string.h>
+
+# if HAVE_LINUX_XATTR_H
+# include <linux/xattr.h>
+# endif
+# ifndef XATTR_NAME_NFSV4_ACL
+# define XATTR_NAME_NFSV4_ACL "system.nfs4_acl"
+# endif
+# ifndef XATTR_NAME_POSIX_ACL_ACCESS
+# define XATTR_NAME_POSIX_ACL_ACCESS "system.posix_acl_access"
+# endif
+# ifndef XATTR_NAME_POSIX_ACL_DEFAULT
+# define XATTR_NAME_POSIX_ACL_DEFAULT "system.posix_acl_default"
+# endif
/* Returns 1 if NAME is the name of an extended attribute that is related
to permissions, i.e. ACLs. Returns 0 otherwise. */
@@ -33,7 +47,12 @@
static int
is_attr_permissions (const char *name, struct error_context *ctx)
{
- return attr_copy_action (name, ctx) == ATTR_ACTION_PERMISSIONS;
+ /* We need to explicitly test for the known extended attribute names,
+ because at least on CentOS 7, attr_copy_action does not do it. */
+ return strcmp (name, XATTR_NAME_POSIX_ACL_ACCESS) == 0
+ || strcmp (name, XATTR_NAME_POSIX_ACL_DEFAULT) == 0
+ || strcmp (name, XATTR_NAME_NFSV4_ACL) == 0
+ || attr_copy_action (name, ctx) == ATTR_ACTION_PERMISSIONS;
}
#endif /* USE_XATTR */
diff --git a/m4/acl.m4 b/m4/acl.m4
index c7b6ec2b14..be88f1b831 100644
--- a/m4/acl.m4
+++ b/m4/acl.m4
@@ -1,5 +1,5 @@
# acl.m4
-# serial 30
+# serial 31
dnl Copyright (C) 2002, 2004-2024 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
@@ -178,13 +178,14 @@ AC_DEFUN([gl_ACL_GET_FILE]
AS_IF([test "$gl_cv_func_working_acl_get_file" != no], [$1], [$2])
])
-# On GNU/Linux, testing if a file has an acl can be done with the
-# listxattr and getxattr syscalls, which don't require linking
-# against additional libraries. Assume this works if linux/attr.h
-# and listxattr are present.
+# Prerequisites of module file-has-acl.
AC_DEFUN([gl_FILE_HAS_ACL],
[
AC_REQUIRE([gl_FUNC_ACL_ARG])
+ # On GNU/Linux, testing if a file has an acl can be done with the
+ # listxattr and getxattr syscalls, which don't require linking
+ # against additional libraries. Assume this works if linux/attr.h
+ # and listxattr are present.
AC_CHECK_HEADERS_ONCE([linux/xattr.h])
AC_CHECK_FUNCS_ONCE([listxattr])
FILE_HAS_ACL_LIB=
@@ -198,3 +199,17 @@ AC_DEFUN([gl_FILE_HAS_ACL]
FILE_HAS_ACL_LIB=$LIB_ACL])
AC_SUBST([FILE_HAS_ACL_LIB])
])
+
+# Prerequisites of module qcopy-acl.
+AC_DEFUN([gl_QCOPY_ACL],
+[
+ AC_REQUIRE([gl_FUNC_ACL])
+ AC_CHECK_HEADERS_ONCE([linux/xattr.h])
+ gl_FUNC_XATTR
+ if test "$use_xattr" = yes; then
+ QCOPY_ACL_LIB="$LIB_XATTR"
+ else
+ QCOPY_ACL_LIB="$LIB_ACL"
+ fi
+ AC_SUBST([QCOPY_ACL_LIB])
+])
diff --git a/modules/qcopy-acl b/modules/qcopy-acl
index b89d8ecab6..e692a28625 100644
--- a/modules/qcopy-acl
+++ b/modules/qcopy-acl
@@ -3,20 +3,14 @@ Copy access control list from one file to another.
(Unportable.)
Files:
lib/qcopy-acl.c
+m4/acl.m4
m4/xattr.m4
Depends-on:
acl-permissions [test "$use_xattr" != yes]
configure.ac:
-gl_FUNC_XATTR
-AC_REQUIRE([gl_FUNC_ACL])
-if test "$use_xattr" = yes; then
- QCOPY_ACL_LIB="$LIB_XATTR"
-else
- QCOPY_ACL_LIB="$LIB_ACL"
-fi
-AC_SUBST([QCOPY_ACL_LIB])
+gl_QCOPY_ACL
Makefile.am:
lib_SOURCES += qcopy-acl.c
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- qcopy-acl: Fix copying of ACLs on CentOS 7,
Bruno Haible <=