Red Hat Bugzilla – Bug 1013345
RHEL7: xfsrestore does not preserve file capabilities
Last modified: 2014-06-18 00:50:40 EDT
*** Bug 1054570 has been marked as a duplicate of this bug. ***
We believe below upstream patch fixes this problem.
Which RHEL7 snapshot will include the patch?
Author: Dave Chinner <firstname.lastname@example.org>
Date: Thu Feb 6 16:48:39 2014 +1100
restore: don't trash file capabilities
xfsrestore fails to restore file capabilities correctly because it
sets the owner on the file after it has restored the capability
attributes. This results in the kernel stripping the capabilities
when changing the owner of the file and hence the restored file is
Fix this by changing the owner of the file when it is created rather
than after it has been fully restored. This ensures we don't kill
the caps as they are restored after the owner it appropriately set.
This fixes the xfs/296 failure.
*** Bug 905586 has been marked as a duplicate of this bug. ***
Yes, that fixes it. The next build of xfsdump will have this fix, I will fill in the fixed-in field when it's done. I do not know which snapshot will include it.
I can fix it after I gain blocker approval for this bug.
Built in xfsdump-3.1.3-5.el7
Verified with xfsdump-3.1.3-5.el7, though xfs/296 still fails, but I believe it's a test case issue, and has been fixed upstream in xfstests.
=== full diff out/out.bad ===
--- /dev/fd/63 2014-02-23 02:06:31.460922512 -0500
+++ results/xfs/296.out.bad 2014-02-23 02:06:30.913942889 -0500
@@ -50,6 +50,7 @@
Checking for capability on restored file
+RESTORE_DIR/DUMP_SUBDIR/testfile = cap_setgid,cap_setuid+ep
# file: RESTORE_DIR/DUMP_SUBDIR/testfile
Date: Wed, 5 Feb 2014 12:53:12 +1100
From: Dave Chinner <email@example.com>
Subject: [PATCH] xfs/296: fix golden output
From: Dave Chinner <firstname.lastname@example.org>
This test never passed, so the golden output was never properly
verified as correct. Now that the bug is fixed, fix the golden
output to match the actual test output.
Signed-off-by: Dave Chinner <email@example.com>
Set to VERIFIED.
This request was resolved in Red Hat Enterprise Linux 7.0.
Contact your manager or support representative in case you have further questions about the request.