RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1127220 - Libguestfs NTFS not setting ACLs
Summary: Libguestfs NTFS not setting ACLs
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libguestfs-winsupport
Version: 6.3
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Pino Toscano
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On: 1129110
Blocks: 1002711 1075802 1172231 1269194 1301844 1359965
TreeView+ depends on / blocked
 
Reported: 2014-08-06 12:21 UTC by Javier Ramirez
Modified: 2019-10-10 09:21 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1129110 (view as bug list)
Environment:
Last Closed: 2016-08-23 19:21:58 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Javier Ramirez 2014-08-06 12:21:40 UTC 
Created attachment 924462 [details]
Original vmdk with the ntfs filesystem disk

Description of problem:
When using guestmount to try backing up images once a snapshot has been taken (vmdk), We can't see any ACL in place

Version-Release number of selected component (if applicable):
libguestfs-1.20.11-8.el6.x86_64
libguestfs-debuginfo-1.20.11-8.el6.x86_64
libguestfs-devel-1.20.11-8.el6.x86_64
libguestfs-java-1.20.11-8.el6.x86_64
libguestfs-java-devel-1.20.11-8.el6.x86_64
libguestfs-javadoc-1.20.11-8.el6.x86_64
libguestfs-tools-1.20.11-8.el6.x86_64
libguestfs-tools-c-1.20.11-8.el6.x86_64
ocaml-libguestfs-1.20.11-8.el6.x86_64
ocaml-libguestfs-devel-1.20.11-8.el6.x86_64
perl-Sys-Guestfs-1.20.11-8.el6.x86_64
python-libguestfs-1.20.11-8.el6.x86_64
ruby-libguestfs-1.20.11-8.el6.x86_64

From https://bugzilla.redhat.com/show_bug.cgi?id=1106548 

How reproducible:
Always

Steps to Reproduce:
1. Mount vmdk with following command:

# guestmount -a rmavmhdd06-flat.vmdk -i -m /dev/sda3:/:acl,user_xattr:ntfs --ro /mnt/vmdk

2. Check ACL with getfacl:
# cd /mnt/vmdk/
# ll
total 12
drwxrwxrwx 1 root root 4096 Aug 22  2012 ccmcache
drwxrwxrwx 1 root root 4096 Feb 21  2012 Logs
drwxrwxrwx 1 root root    0 May 29  2013 PerfLogs
drwxrwxrwx 1 root root 4096 May 23  2013 $RECYCLE.BIN
drwxrwxrwx 1 root root    0 Feb 22  2012 System Volume Information
drwxrwxrwx 1 root root    0 Jun 24 12:38 TestPerms

# getfacl TestPerms/
# file: TestPerms/
# owner: root
# group: root
user::rwx
group::rwx
other::rwx

Actual results:
No ACLs in place

Expected results:
Get the ACLs

Additional info:
Attaching the original vmdk (vmdk.tar.gz) and a text file with the ACL details for the vmdk acls_details.txt
Comment 1 Javier Ramirez 2014-08-06 12:22:25 UTC 
Created attachment 924463 [details]
Text file the ACLs details from the NTFS files
Comment 4 Richard W.M. Jones 2014-08-12 09:11:26 UTC 
Since this requires exploration and development I've filed
upstream bug 1129110.

Please can you communicate what I wrote back to the customer,
since I think any approach which involves trying to read ACLs
through two or more layers of translation is going to be doomed.

<quote>

(1) guestmount uses a FUSE layer, which complicates things.  (If you
include ntfs-3g itself, that means that FUSE translation is being done
twice).  They would be better off using something like virt-tar-out.

(2) I don't think it's a good idea to do backups at the file level.
They would be much better off taking a backup of the partition or even
the whole disk image at the block level.  That also avoids the ACL
problem.  Libguestfs can be used for this:

http://libguestfs.org/guestfs-recipes.1.html#dump-raw-filesystem-content-from-inside-a-disk-image-or-vm

</quote>
Comment 5 Pablo Iranzo Gómez 2014-08-14 11:54:36 UTC 
Thanks Richard,

The idea from customer side is to use it to do 'restores' from vmdk backups, so they can just restore the affected file with its ACL's.

I wish this makes it easier

Regards,
Pablo
Comment 6 Pablo Iranzo Gómez 2014-09-05 07:26:12 UTC 
Richard,
Does this use case fits well for you?

Thanks,
Pablo
Comment 7 Richard W.M. Jones 2014-09-05 08:35:04 UTC 
(In reply to Pablo Iranzo Gómez from comment #6)
> Richard,
> Does this use case fits well for you?

I don't understand the question.  However we need to do a bunch
of work upstream to implement this, and it's not going to get done
for RHEL 7.1.
Comment 8 Pablo Iranzo Gómez 2014-09-05 09:16:12 UTC 
Hi,
I meant, that customer uses this for getting the files with the ACL on restore.


No problem, I'll inform about this going to take a while.

Thanks!
Pablo
Comment 10 Hu Zhang 2015-01-14 08:30:43 UTC 
Reproduced this case.

Reproduce steps:
1. Mount vmdk with following command:
guestmount -a rmavmhdd06_9-flat.vmdk -m /dev/sda1:/:acl,user_xattr:ntfs --ro /mnt/vmdk

2. Check ACL with getfacl:
# cd /mnt/vmdk/
# ll
total 0
drwxrwxrwx. 1 root root 0 Aug  1 16:27 Marketing
drwxrwxrwx. 1 root root 0 Aug  1 16:25 Sales

# getfacl Sales/
# file: Sales/
# owner: root
# group: root
user::rwx
group::rwx
other::rwx

No ACLs in place.
Note You need to log in before you can comment on or make changes to this bug.