Bug 1730565 - Geo-replication does not sync default ACL
Summary: Geo-replication does not sync default ACL
Keywords:
Status: NEW
Alias: None
Product: GlusterFS
Classification: Community
Component: geo-replication
Version: mainline
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: ---
Assignee: Sunny Kumar
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-07-17 07:08 UTC by homma
Modified: 2019-11-29 22:35 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:


Attachments (Terms of Use)

Description homma 2019-07-17 07:08:12 UTC
Description of problem:
Default ACLs are not synced to geo-replication slave.

Version-Release number of selected component (if applicable):

How reproducible:
Always

Steps to Reproduce:
1. On geo-rep master:
  mkdir dir1
  setfacl -d -m g::rwx dir1
  getfacl dir1

2. On geo-rep slave:
  getfacl dir1

Actual results:
Default ACL is not set on slave.

Expected results:
Default ACL is set on slave.

Additional info:
Access ACLs are synced as expected.

With slave-gluster-log-level=DEBUG, the following log messages appears.

[2019-07-17 03:49:00.305670] D [fuse-helpers.c:649:fuse_ignore_xattr_set] 0-glusterfs-fuse: disallowing setxattr: key [system.posix_acl_default],  client pid [-1]
[2019-07-17 03:49:00.308140] D [fuse-helpers.c:649:fuse_ignore_xattr_set] 0-glusterfs-fuse: disallowing setxattr: key [trusted.SGI_ACL_DEFAULT],  client pid [-1]

On the other hand, for access ACL,

[2019-07-17 06:11:27.892153] D [fuse-helpers.c:649:fuse_ignore_xattr_set] 0-glusterfs-fuse: allowing setxattr: key [system.posix_acl_access],  client pid [-1]

In fuse_ignore_xattr_set(), only the following xattrs are allowed to be set by gsyncd:

    /* trusted NS check */
    if (!((fnmatch("*.glusterfs.*.xtime", key, FNM_PERIOD) == 0) ||
          (fnmatch("*.glusterfs.volume-mark", key, FNM_PERIOD) == 0) ||
          (fnmatch("*.glusterfs.volume-mark.*", key, FNM_PERIOD) == 0) ||
          (fnmatch("system.posix_acl_access", key, FNM_PERIOD) == 0) ||
          (fnmatch("glusterfs.gfid.newfile", key, FNM_PERIOD) == 0) ||
          (fnmatch("*.glusterfs.shard.block-size", key, FNM_PERIOD) == 0) ||
          (fnmatch("*.glusterfs.shard.file-size", key, FNM_PERIOD) == 0)))
        ret = -1;

out:
    gf_log("glusterfs-fuse", GF_LOG_DEBUG,
           "%s setxattr: key [%s], "
           " client pid [%d]",
           (ret ? "disallowing" : "allowing"), key, priv->client_pid);


Also, on hybrid crawl, only MKDIR and SETATTR changelog records are genereated for directories. I think SETXATTR records should also be generated.


Note You need to log in before you can comment on or make changes to this bug.