Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xattr error with rsync #453

Closed
mabod opened this issue Feb 28, 2020 · 5 comments
Closed

xattr error with rsync #453

mabod opened this issue Feb 28, 2020 · 5 comments

Comments

@mabod
Copy link

mabod commented Feb 28, 2020

I am moving from encfs to gocryptfs. Today I realized that gocryptfs has issues with extended attributes although the changelog for v1.5, 2018-06-12 says that it supports extended attributes (https://github.com/rfjakob/gocryptfs#changelog)

rsync is throwing the following error when syncing with -X option to a gocryptfs directory:

rsync: rsync_xal_set: lsetxattr("/tmp/aaa/etc/udisks2","trusted.overlay.opaque") failed: Operation not supported (95)
rsync: rsync_xal_set: lsetxattr("/tmp/aaa/etc/xdg","trusted.overlay.origin") failed: Operation not supported (95)

withouth -X the rsync is fine.
@mabod
Copy link
Author

mabod commented Feb 28, 2020

...and it does not support ACLs as well. With rsync option -A I get:

rsync: set_acl: sys_acl_set_file(var/log/journal/0505cdc13f324759b3680580649550fd/.system.journal.N18prd, ACL_TYPE_ACCESS): Operation not supported (95)

encfs did support all this. This comes as a real surprise.

@rfjakob
Copy link
Owner

rfjakob commented Feb 28, 2020

Hi, thanks for the report. I was honestly not aware that gocryptfs is still missing features compared to encfs.

@rfjakob rfjakob closed this as completed Feb 28, 2020
@rfjakob
Copy link
Owner

rfjakob commented Feb 28, 2020

Wrong button, reopening, sorry

@rfjakob rfjakob reopened this Feb 28, 2020
rfjakob added a commit that referenced this issue Feb 29, 2020
@rfjakob
fusefrontend: drop xattr user namespace restriction
ca9e912 
We used to restrict setting xattrs to the "user."
namespace. I don't see a real reason for this
anymore, and it causes trouble for users who are using
acls.

Tests will be added in the next commit.

#453
@rfjakob
Copy link
Owner

rfjakob commented Feb 29, 2020

Up to now, only user xattrs were allowed, but there is really no technical reason for this. I have dropped the restriction in ca9e912 , and ACLs seem to work fine now.

@rfjakob
Copy link
Owner

rfjakob commented Feb 7, 2021

For future reference: encfs does not seem to encrypt xattrs, but passes them through as-is.

encfs-mnt$ getfattr -d -m . x
# file: x
security.selinux="system_u:object_r:fusefs_t:s0"
system.posix_acl_access=0sAgAAAAEABgD/////AgAHAAIAAAAEAAQA/////xAABwD/////IAAEAP////8=
user.foo="xxxxxxxxxxxxxxxxxxxxxxxxx"

encfs-cipher$ getfattr -d -m . 23hwMMldZeMJ2BsuFtJ1Ucsd 
# file: 23hwMMldZeMJ2BsuFtJ1Ucsd
security.selinux="unconfined_u:object_r:user_tmp_t:s0"
system.posix_acl_access=0sAgAAAAEABgD/////AgAHAAIAAAAEAAQA/////xAABwD/////IAAEAP////8=
user.foo="xxxxxxxxxxxxxxxxxxxxxxxxx"

rfjakob added a commit that referenced this issue Feb 7, 2021
@rfjakob
README: warn about incomplete ACL support
4b4a68e 
#543
#542
#453
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rfjakob @mabod