Re: [Bug-tar] patches for acl, xattrs, and selinux support

[Andreas Dilger]

On Feb 02, 2009  23:41 -0800, Tim Kientzle wrote:
> Andreas Dilger wrote:
>>
>> If all of the xattrs are backed up, there is still a whitelist for the
>> restore step, and in the worst case the user will have to update to a newer
>> tar (or edit the code and recompile) to restore their data.  Ideally, there
>> would be a default list of attributes to restore, and users could specify
>> via arguments which xattrs to restore if they have some specific requirement.
>
> This makes a lot of sense.
>
> I suspect it will be very difficult to restore anything
> other than "user" attributes by default.  System and filesystem
> attributes can carry a lot of surprises, especially when
> porting data across different OSes (or even just different
> filesystems or different kernel revisions).

In Linux at least if the user or root is trying to restore attributes to
a namespace that can't be written to directly (e.g. acl.* or security.*,
or trusted.* if non-root) it will return an error.  I'm not sure what
other OSes will do with attribute namespaces they don't understand.  It is
possible that the attributes will be restored, but ignored by the OS.

>>>> - Change the restoration of xattrs to be before any file data is written.
>>>>  This allows the xattrs to contain layout hints, ...
>>>
>>> I can't think of any problems with this, esp. if you just move the
>>> xattrs and not ACLs/SELinux too ...
>
> True, as long as the xattrs don't include security
> information that would break the rest of the restore.

Since there is still a whitelist of xattrs that will be restored, the ACL
and security attributes should be ignored for Linux at least, we may want
a different list of inclusions/exclusions for other OSes.  All the more
reason to have a generic mechanism to include/exclude xattrs via regexp
when doing the restore in case the default whitelist is wrong.

Cheers, Andreas
--
Andreas Dilger
Sr. Staff Engineer, Lustre Group
Sun Microsystems of Canada, Inc.