[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-tar] [PATCH] new XATTRS/SELinux/ACLs propsal

From: Pavel Raiskup
Subject: [Bug-tar] [PATCH] new XATTRS/SELinux/ACLs propsal
Date: Fri, 17 Aug 2012 13:34:50 +0200

Hello, I would like to propose you set of patches adding the support for
extended attributes, SELinux and POSIX ACLs into GNU tar.  This proposal
was improved a little bit from last time.

Overall, I'm attaching 5 patches -- steps how to get it worked and
description for proposed patches are here:

  0. be sure you have applied the one-line patch:


     Otherwise the bootstrap will fail (independently on following

  1. Apply the 0001-*.patch - this just prepares bootstrap to apply two
     additional patches against upstream gnulib.  It is all about
     *xattrat() wrappers that are handy due to
     open()-like ~~> openat()-like conversion done in GNU tar.

     Note that this patch will become irrelevant once following proposal
     becomes gnulib usptream (or I may prepare patch with addition of this
     functionality directly into tar when my proposal will be trashed):


  2. Apply the 0002-*.patch - this patch is adding support for extended
     attributes into tar.  This is slightly modified version of Red Hat
     patch that is deployed in Fedora distribution of tar for many years.
     AFAIK, very similar patch is also compiled in Gentoo's tar.

     It is possible to disable this feature during ./configure phase using
     the --without-xattrs option.  It will disable the possibility for
     archiving/restoring of extended attributes -- but it still allows tar
     to read (list) the archive contents (including tar --xattrs -tvvf)
     and do not print the "unknown extended header keyword" warning on
     error output when extended attributes are present in an archive.

     Inside this patch are also basic tests for this feature.  Note that
     this will need probably some improvements from the portability
     perspective -- now these tests are simply skipped when utilities
     needed for proper testing are missing on system.

     When this feature is compiled and tar is unable to write extended
     attributes onto file system, the ENOTSUP warning may be silenced by
     using '--warning=no-xattr-write'.

     As is documented (patch #5), default behaviour of tar will be that
     it will store all extended attributes by default when '--xattrs'
     option is present but it restores only 'user.*' domain by default.
     Anyway, this may be controlled by --xattrs-include/--xattrs-exclude
     patterns.  These options have non-state validity (when these are
     used they are valid for whole list of files that is going to be

     The --no-xattrs is also present just for the situation that on some
     systems may be --xattrs option enabled by default (hardwired or in
     set in $TAR_OPTIONS).  (slightly different semantics against
     --wildcards/--no-wildcards options that has state behaviour)

  3. Apply 0003-*.patch - adding support for POSIX ACLs.  This feature is
     fully compatible with classic Linux permissions but it is not ready
     to be used with more detailed Solaris/NTFSv4 ACLs.  Anyway, once
     these ACLs becomes wide used, it will be possible to handle these in
     parallel with POSIX.  I hope that this feature is very useful for
     quite a lot of users that are already using POSIX ACLs.

     We are using the same header keywords in tar's posix archive format
     as star uses.  POSIX ACLs are then portable between both tools, star and
     GNU tar.

     Same way as in --xattrs patch is done, --no-acls option is added by
     this patch and as before possible warnings during writing ACLs may be
     suppressed by using of the '--warning=no-xattr-write option'.

     This feature may be disabled by --without-posix-acls during
     ./configure phase.

  4. Apply the 0004-*.patch - support for SELinux context activation.
     This feature uses very same principles as --acls support.

     Again, this may be disabled by `./configure --without-selinux'.
     Possible writing errors may be suppressed using the same options and
     the --no-selinux option also exists to disable SELinux support in
     case that this feature is turned on by default.

  5. Apply the last patch 0005-*.patch which adds documentation for
     features brought by patches 0002/0003/0004.

  6. ./bootstrap && ./configure && ./make

Some notes:

- there should be no forward dependency between patches (so the --xattrs
  are independent on --acls, acls are not dependant on selinux), anyway,
  it should be quite easy to make --acls/--selinux self standing patches
  from this proposal if somebody wants.

- ad listing of extended attributes, after a discussion here:


  I have decided not to implement the YAML/fully parsable approach.  The
  reason is that this proposed format was *very* easy for implementation
  (does not break other listing features like multivolume headers and
  incremental backups) and in the parsable way it would be quite extensive
  work aside of extended attributes.  Anyway, I think that it would be
  very nice to employ some yaml library (or other?) and propose the
  '--yaml' or '--parsable' option in future.  I expect that this format
  will coexist with actual listing support.

  Anyway -- even now it is possible to parse tar's output.  Problem is
  that it is quite hard job to prepare parser that will be able to guess
  what options were the tar command run with (but it is not impossible).

Please, could you look at attached patches and tell me what needs to be
repaired before your acceptance?  I'll be glad to fix what you will


Attachment: 0001-Edit-of-bootstrap-to-automatically-prepare-gnulib.patch
Description: Text Data

Attachment: 0002-Support-for-extended-attributes-added.patch
Description: Text Data

Attachment: 0003-Support-for-POSIX-ACLs.patch
Description: Text Data

Attachment: 0004-SELinux-context-store-restore-list-support-added.patch
Description: Text Data

Attachment: 0005-Documentation-for-XATTRS-SELinux-POSIX-ACLs.patch
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]