Bug 1127220 - Libguestfs NTFS not setting ACLs
Summary: Libguestfs NTFS not setting ACLs
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libguestfs-winsupport
Version: 6.3
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Pino Toscano
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On: 1129110
Blocks: 1002711 1075802 1172231 1269194 1301844 1359965
TreeView+ depends on / blocked
 
Reported: 2014-08-06 12:21 UTC by Javier Ramirez
Modified: 2016-08-23 19:21 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1129110 (view as bug list)
Environment:
Last Closed: 2016-08-23 19:21:58 UTC


Attachments (Terms of Use)

Description Javier Ramirez 2014-08-06 12:21:40 UTC
Created attachment 924462 [details]
Original vmdk with the ntfs filesystem disk

Description of problem:
When using guestmount to try backing up images once a snapshot has been taken (vmdk), We can't see any ACL in place

Version-Release number of selected component (if applicable):
libguestfs-1.20.11-8.el6.x86_64
libguestfs-debuginfo-1.20.11-8.el6.x86_64
libguestfs-devel-1.20.11-8.el6.x86_64
libguestfs-java-1.20.11-8.el6.x86_64
libguestfs-java-devel-1.20.11-8.el6.x86_64
libguestfs-javadoc-1.20.11-8.el6.x86_64
libguestfs-tools-1.20.11-8.el6.x86_64
libguestfs-tools-c-1.20.11-8.el6.x86_64
ocaml-libguestfs-1.20.11-8.el6.x86_64
ocaml-libguestfs-devel-1.20.11-8.el6.x86_64
perl-Sys-Guestfs-1.20.11-8.el6.x86_64
python-libguestfs-1.20.11-8.el6.x86_64
ruby-libguestfs-1.20.11-8.el6.x86_64

From https://bugzilla.redhat.com/show_bug.cgi?id=1106548 

How reproducible:
Always

Steps to Reproduce:
1. Mount vmdk with following command:

# guestmount -a rmavmhdd06-flat.vmdk -i -m /dev/sda3:/:acl,user_xattr:ntfs --ro /mnt/vmdk

2. Check ACL with getfacl:
# cd /mnt/vmdk/
# ll
total 12
drwxrwxrwx 1 root root 4096 Aug 22  2012 ccmcache
drwxrwxrwx 1 root root 4096 Feb 21  2012 Logs
drwxrwxrwx 1 root root    0 May 29  2013 PerfLogs
drwxrwxrwx 1 root root 4096 May 23  2013 $RECYCLE.BIN
drwxrwxrwx 1 root root    0 Feb 22  2012 System Volume Information
drwxrwxrwx 1 root root    0 Jun 24 12:38 TestPerms

# getfacl TestPerms/
# file: TestPerms/
# owner: root
# group: root
user::rwx
group::rwx
other::rwx

Actual results:
No ACLs in place

Expected results:
Get the ACLs

Additional info:
Attaching the original vmdk (vmdk.tar.gz) and a text file with the ACL details for the vmdk acls_details.txt

Comment 1 Javier Ramirez 2014-08-06 12:22:25 UTC
Created attachment 924463 [details]
Text file the ACLs details from the NTFS files

Comment 4 Richard W.M. Jones 2014-08-12 09:11:26 UTC
Since this requires exploration and development I've filed
upstream bug 1129110.

Please can you communicate what I wrote back to the customer,
since I think any approach which involves trying to read ACLs
through two or more layers of translation is going to be doomed.

<quote>

(1) guestmount uses a FUSE layer, which complicates things.  (If you
include ntfs-3g itself, that means that FUSE translation is being done
twice).  They would be better off using something like virt-tar-out.

(2) I don't think it's a good idea to do backups at the file level.
They would be much better off taking a backup of the partition or even
the whole disk image at the block level.  That also avoids the ACL
problem.  Libguestfs can be used for this:

http://libguestfs.org/guestfs-recipes.1.html#dump-raw-filesystem-content-from-inside-a-disk-image-or-vm

</quote>

Comment 5 Pablo Iranzo Gómez 2014-08-14 11:54:36 UTC
Thanks Richard,

The idea from customer side is to use it to do 'restores' from vmdk backups, so they can just restore the affected file with its ACL's.

I wish this makes it easier

Regards,
Pablo

Comment 6 Pablo Iranzo Gómez 2014-09-05 07:26:12 UTC
Richard,
Does this use case fits well for you?

Thanks,
Pablo

Comment 7 Richard W.M. Jones 2014-09-05 08:35:04 UTC
(In reply to Pablo Iranzo Gómez from comment #6)
> Richard,
> Does this use case fits well for you?

I don't understand the question.  However we need to do a bunch
of work upstream to implement this, and it's not going to get done
for RHEL 7.1.

Comment 8 Pablo Iranzo Gómez 2014-09-05 09:16:12 UTC
Hi,
I meant, that customer uses this for getting the files with the ACL on restore.


No problem, I'll inform about this going to take a while.

Thanks!
Pablo

Comment 10 Hu Zhang 2015-01-14 08:30:43 UTC
Reproduced this case.

Reproduce steps:
1. Mount vmdk with following command:
guestmount -a rmavmhdd06_9-flat.vmdk -m /dev/sda1:/:acl,user_xattr:ntfs --ro /mnt/vmdk

2. Check ACL with getfacl:
# cd /mnt/vmdk/
# ll
total 0
drwxrwxrwx. 1 root root 0 Aug  1 16:27 Marketing
drwxrwxrwx. 1 root root 0 Aug  1 16:25 Sales

# getfacl Sales/
# file: Sales/
# owner: root
# group: root
user::rwx
group::rwx
other::rwx

No ACLs in place.


Note You need to log in before you can comment on or make changes to this bug.