Bug 1127220

Summary: Libguestfs NTFS not setting ACLs
Product: Red Hat Enterprise Linux 6 Reporter: Javier Ramirez <javier.ramirez>
Component: libguestfs-winsupportAssignee: Pino Toscano <ptoscano>
Status: CLOSED WONTFIX QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.3CC: cww, javier.ramirez, leiwang, linl, pablo.iranzo, ptoscano, rjones, wshi, xchen
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1129110 (view as bug list) Environment:
Last Closed: 2016-08-23 19:21:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1129110    
Bug Blocks: 1002711, 1075802, 1172231, 1269194, 1301844, 1359965    

Description Javier Ramirez 2014-08-06 12:21:40 UTC 
Created attachment 924462 [details]
Original vmdk with the ntfs filesystem disk

Description of problem:
When using guestmount to try backing up images once a snapshot has been taken (vmdk), We can't see any ACL in place

Version-Release number of selected component (if applicable):
libguestfs-1.20.11-8.el6.x86_64
libguestfs-debuginfo-1.20.11-8.el6.x86_64
libguestfs-devel-1.20.11-8.el6.x86_64
libguestfs-java-1.20.11-8.el6.x86_64
libguestfs-java-devel-1.20.11-8.el6.x86_64
libguestfs-javadoc-1.20.11-8.el6.x86_64
libguestfs-tools-1.20.11-8.el6.x86_64
libguestfs-tools-c-1.20.11-8.el6.x86_64
ocaml-libguestfs-1.20.11-8.el6.x86_64
ocaml-libguestfs-devel-1.20.11-8.el6.x86_64
perl-Sys-Guestfs-1.20.11-8.el6.x86_64
python-libguestfs-1.20.11-8.el6.x86_64
ruby-libguestfs-1.20.11-8.el6.x86_64

From https://bugzilla.redhat.com/show_bug.cgi?id=1106548 

How reproducible:
Always

Steps to Reproduce:
1. Mount vmdk with following command:

# guestmount -a rmavmhdd06-flat.vmdk -i -m /dev/sda3:/:acl,user_xattr:ntfs --ro /mnt/vmdk

2. Check ACL with getfacl:
# cd /mnt/vmdk/
# ll
total 12
drwxrwxrwx 1 root root 4096 Aug 22  2012 ccmcache
drwxrwxrwx 1 root root 4096 Feb 21  2012 Logs
drwxrwxrwx 1 root root    0 May 29  2013 PerfLogs
drwxrwxrwx 1 root root 4096 May 23  2013 $RECYCLE.BIN
drwxrwxrwx 1 root root    0 Feb 22  2012 System Volume Information
drwxrwxrwx 1 root root    0 Jun 24 12:38 TestPerms

# getfacl TestPerms/
# file: TestPerms/
# owner: root
# group: root
user::rwx
group::rwx
other::rwx

Actual results:
No ACLs in place

Expected results:
Get the ACLs

Additional info:
Attaching the original vmdk (vmdk.tar.gz) and a text file with the ACL details for the vmdk acls_details.txt
Comment 1 Javier Ramirez 2014-08-06 12:22:25 UTC 
Created attachment 924463 [details]
Text file the ACLs details from the NTFS files
Comment 4 Richard W.M. Jones 2014-08-12 09:11:26 UTC 
Since this requires exploration and development I've filed
upstream bug 1129110.

Please can you communicate what I wrote back to the customer,
since I think any approach which involves trying to read ACLs
through two or more layers of translation is going to be doomed.

<quote>

(1) guestmount uses a FUSE layer, which complicates things.  (If you
include ntfs-3g itself, that means that FUSE translation is being done
twice).  They would be better off using something like virt-tar-out.

(2) I don't think it's a good idea to do backups at the file level.
They would be much better off taking a backup of the partition or even
the whole disk image at the block level.  That also avoids the ACL
problem.  Libguestfs can be used for this:

http://libguestfs.org/guestfs-recipes.1.html#dump-raw-filesystem-content-from-inside-a-disk-image-or-vm

</quote>
Comment 5 Pablo Iranzo Gómez 2014-08-14 11:54:36 UTC 
Thanks Richard,

The idea from customer side is to use it to do 'restores' from vmdk backups, so they can just restore the affected file with its ACL's.

I wish this makes it easier

Regards,
Pablo
Comment 6 Pablo Iranzo Gómez 2014-09-05 07:26:12 UTC 
Richard,
Does this use case fits well for you?

Thanks,
Pablo
Comment 7 Richard W.M. Jones 2014-09-05 08:35:04 UTC 
(In reply to Pablo Iranzo Gómez from comment #6)
> Richard,
> Does this use case fits well for you?

I don't understand the question.  However we need to do a bunch
of work upstream to implement this, and it's not going to get done
for RHEL 7.1.
Comment 8 Pablo Iranzo Gómez 2014-09-05 09:16:12 UTC 
Hi,
I meant, that customer uses this for getting the files with the ACL on restore.


No problem, I'll inform about this going to take a while.

Thanks!
Pablo
Comment 10 Hu Zhang 2015-01-14 08:30:43 UTC 
Reproduced this case.

Reproduce steps:
1. Mount vmdk with following command:
guestmount -a rmavmhdd06_9-flat.vmdk -m /dev/sda1:/:acl,user_xattr:ntfs --ro /mnt/vmdk

2. Check ACL with getfacl:
# cd /mnt/vmdk/
# ll
total 0
drwxrwxrwx. 1 root root 0 Aug  1 16:27 Marketing
drwxrwxrwx. 1 root root 0 Aug  1 16:25 Sales

# getfacl Sales/
# file: Sales/
# owner: root
# group: root
user::rwx
group::rwx
other::rwx

No ACLs in place.