|
From: | Pavel Raiskup |
Subject: | [Bug-tar] [PATCH] new XATTRS/SELinux/ACLs propsal |
Date: | Fri, 17 Aug 2012 13:34:50 +0200 |
Hello, I would like to propose you set of patches adding the support for extended attributes, SELinux and POSIX ACLs into GNU tar. This proposal was improved a little bit from last time. Overall, I'm attaching 5 patches -- steps how to get it worked and description for proposed patches are here: 0. be sure you have applied the one-line patch: http://lists.gnu.org/archive/html/bug-tar/2012-08/msg00005.html Otherwise the bootstrap will fail (independently on following patches). 1. Apply the 0001-*.patch - this just prepares bootstrap to apply two additional patches against upstream gnulib. It is all about *xattrat() wrappers that are handy due to open()-like ~~> openat()-like conversion done in GNU tar. Note that this patch will become irrelevant once following proposal becomes gnulib usptream (or I may prepare patch with addition of this functionality directly into tar when my proposal will be trashed): http://lists.gnu.org/archive/html/bug-gnulib/2012-08/msg00042.html 2. Apply the 0002-*.patch - this patch is adding support for extended attributes into tar. This is slightly modified version of Red Hat patch that is deployed in Fedora distribution of tar for many years. AFAIK, very similar patch is also compiled in Gentoo's tar. It is possible to disable this feature during ./configure phase using the --without-xattrs option. It will disable the possibility for archiving/restoring of extended attributes -- but it still allows tar to read (list) the archive contents (including tar --xattrs -tvvf) and do not print the "unknown extended header keyword" warning on error output when extended attributes are present in an archive. Inside this patch are also basic tests for this feature. Note that this will need probably some improvements from the portability perspective -- now these tests are simply skipped when utilities needed for proper testing are missing on system. When this feature is compiled and tar is unable to write extended attributes onto file system, the ENOTSUP warning may be silenced by using '--warning=no-xattr-write'. As is documented (patch #5), default behaviour of tar will be that it will store all extended attributes by default when '--xattrs' option is present but it restores only 'user.*' domain by default. Anyway, this may be controlled by --xattrs-include/--xattrs-exclude patterns. These options have non-state validity (when these are used they are valid for whole list of files that is going to be stored/restored/listed). The --no-xattrs is also present just for the situation that on some systems may be --xattrs option enabled by default (hardwired or in set in $TAR_OPTIONS). (slightly different semantics against --wildcards/--no-wildcards options that has state behaviour) 3. Apply 0003-*.patch - adding support for POSIX ACLs. This feature is fully compatible with classic Linux permissions but it is not ready to be used with more detailed Solaris/NTFSv4 ACLs. Anyway, once these ACLs becomes wide used, it will be possible to handle these in parallel with POSIX. I hope that this feature is very useful for quite a lot of users that are already using POSIX ACLs. We are using the same header keywords in tar's posix archive format as star uses. POSIX ACLs are then portable between both tools, star and GNU tar. Same way as in --xattrs patch is done, --no-acls option is added by this patch and as before possible warnings during writing ACLs may be suppressed by using of the '--warning=no-xattr-write option'. This feature may be disabled by --without-posix-acls during ./configure phase. 4. Apply the 0004-*.patch - support for SELinux context activation. This feature uses very same principles as --acls support. Again, this may be disabled by `./configure --without-selinux'. Possible writing errors may be suppressed using the same options and the --no-selinux option also exists to disable SELinux support in case that this feature is turned on by default. 5. Apply the last patch 0005-*.patch which adds documentation for features brought by patches 0002/0003/0004. 6. ./bootstrap && ./configure && ./make Some notes: - there should be no forward dependency between patches (so the --xattrs are independent on --acls, acls are not dependant on selinux), anyway, it should be quite easy to make --acls/--selinux self standing patches from this proposal if somebody wants. - ad listing of extended attributes, after a discussion here: http://lists.gnu.org/archive/html/bug-tar/2012-05/msg00001.html I have decided not to implement the YAML/fully parsable approach. The reason is that this proposed format was *very* easy for implementation (does not break other listing features like multivolume headers and incremental backups) and in the parsable way it would be quite extensive work aside of extended attributes. Anyway, I think that it would be very nice to employ some yaml library (or other?) and propose the '--yaml' or '--parsable' option in future. I expect that this format will coexist with actual listing support. Anyway -- even now it is possible to parse tar's output. Problem is that it is quite hard job to prepare parser that will be able to guess what options were the tar command run with (but it is not impossible). Please, could you look at attached patches and tell me what needs to be repaired before your acceptance? I'll be glad to fix what you will require. Pavel
0001-Edit-of-bootstrap-to-automatically-prepare-gnulib.patch
Description: Text Data
0002-Support-for-extended-attributes-added.patch
Description: Text Data
0003-Support-for-POSIX-ACLs.patch
Description: Text Data
0004-SELinux-context-store-restore-list-support-added.patch
Description: Text Data
0005-Documentation-for-XATTRS-SELinux-POSIX-ACLs.patch
Description: Text Data
[Prev in Thread] | Current Thread | [Next in Thread] |