Bug 980302
| Summary: | should add ACL as default attribute when mount a disk for libguestfs in rhel6 | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | bfan |
| Component: | libguestfs | Assignee: | Richard W.M. Jones <rjones> |
| Status: | CLOSED NOTABUG | QA Contact: | Virtualization Bugs <virt-bugs> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6.5 | CC: | leiwang, qguan, wshi |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-07-05 12:12:01 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
bfan
2013-07-02 03:24:58 UTC
There's actually a lot of subtle machinery going on here.
The 'getfacl' external command uses the following system call to
get ACLs:
getxattr("/sysroot", "system.posix_acl_default", 0x7fffb2d46720, 132)
Inside the RHEL 6 appliance, this fails with EOPNOTSUPP
(Operation not supported). The getfacl command *ignores* this
error and just reports an empty list of ACLs.
The daemon uses the library call 'acl_get_file' which fails with
ENOTSUP (this is the same as EOPNOTSUPP). The daemon *does not ignore*
this error and reports it back to the user, as reported above.
The following code from getfacl shows how it ignores ENOTSUP
and just uses fstat instead:
if (opt_print_acl) {
acl = acl_get_file(path_p, ACL_TYPE_ACCESS);
if (acl == NULL && (errno == ENOSYS || errno == ENOTSUP))
acl = acl_get_file_mode(path_p);
if (acl == NULL)
goto fail;
}
if (opt_print_default_acl && S_ISDIR(st->st_mode)) {
default_acl = acl_get_file(path_p, ACL_TYPE_DEFAULT);
if (default_acl == NULL) {
if (errno != ENOSYS && errno != ENOTSUP)
goto fail;
} else if (acl_entries(default_acl) == 0) {
acl_free(default_acl);
default_acl = NULL;
}
}
I don't think we should try ignoring errors in libguestfs. It's
going to cause confusion in upper layers.
----
On the RHEL 6 host, things are different. The same system call
fails with ENODATA. Note the mount options and filesystem type
are identical.
So the real bug is why does the same getxattr call fail in two
different ways?
OK, I see. If you use the following command you can see the real kernel options, instead of having them filtered by mount. RHEL 6 host: $ awk '$2=="/"' /proc/mounts rootfs / rootfs rw 0 0 /dev/mapper/vg_builderrhel6-lv_root / ext4 rw,seclabel,relatime,barrier=1,data=ordered 0 0 Appliance (using virt-rescue): ><rescue> mount /dev/sda1 /sysroot [ 217.365747] EXT4-fs (sda1): mounted filesystem with ordered data mode. Opts: ><rescue> awk '$2=="/sysroot"' /proc/mounts /dev/sda1 /sysroot ext4 rw,relatime,barrier=1,data=ordered 0 0 The key here is "seclabel". This is not a real mount option, but it's printed by the Linux Security Module if security labels are being used, which implies that xattrs have been turned on (implicitly?). That explains it. However I don't think this is a bug. People should use the 'acl' option if it's not the default, and it's not the default in RHEL 6. |