Bug 1730565 - Geo-replication does not sync default ACL
Summary: Geo-replication does not sync default ACL
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: GlusterFS
Classification: Community
Component: geo-replication
Version: mainline
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: ---
Assignee: Sunny Kumar
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-07-17 07:08 UTC by homma
Modified: 2020-03-12 12:49 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-03-12 12:49:52 UTC
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:


Attachments (Terms of Use)

Description homma 2019-07-17 07:08:12 UTC
Description of problem:
Default ACLs are not synced to geo-replication slave.

Version-Release number of selected component (if applicable):

How reproducible:
Always

Steps to Reproduce:
1. On geo-rep master:
  mkdir dir1
  setfacl -d -m g::rwx dir1
  getfacl dir1

2. On geo-rep slave:
  getfacl dir1

Actual results:
Default ACL is not set on slave.

Expected results:
Default ACL is set on slave.

Additional info:
Access ACLs are synced as expected.

With slave-gluster-log-level=DEBUG, the following log messages appears.

[2019-07-17 03:49:00.305670] D [fuse-helpers.c:649:fuse_ignore_xattr_set] 0-glusterfs-fuse: disallowing setxattr: key [system.posix_acl_default],  client pid [-1]
[2019-07-17 03:49:00.308140] D [fuse-helpers.c:649:fuse_ignore_xattr_set] 0-glusterfs-fuse: disallowing setxattr: key [trusted.SGI_ACL_DEFAULT],  client pid [-1]

On the other hand, for access ACL,

[2019-07-17 06:11:27.892153] D [fuse-helpers.c:649:fuse_ignore_xattr_set] 0-glusterfs-fuse: allowing setxattr: key [system.posix_acl_access],  client pid [-1]

In fuse_ignore_xattr_set(), only the following xattrs are allowed to be set by gsyncd:

    /* trusted NS check */
    if (!((fnmatch("*.glusterfs.*.xtime", key, FNM_PERIOD) == 0) ||
          (fnmatch("*.glusterfs.volume-mark", key, FNM_PERIOD) == 0) ||
          (fnmatch("*.glusterfs.volume-mark.*", key, FNM_PERIOD) == 0) ||
          (fnmatch("system.posix_acl_access", key, FNM_PERIOD) == 0) ||
          (fnmatch("glusterfs.gfid.newfile", key, FNM_PERIOD) == 0) ||
          (fnmatch("*.glusterfs.shard.block-size", key, FNM_PERIOD) == 0) ||
          (fnmatch("*.glusterfs.shard.file-size", key, FNM_PERIOD) == 0)))
        ret = -1;

out:
    gf_log("glusterfs-fuse", GF_LOG_DEBUG,
           "%s setxattr: key [%s], "
           " client pid [%d]",
           (ret ? "disallowing" : "allowing"), key, priv->client_pid);


Also, on hybrid crawl, only MKDIR and SETATTR changelog records are genereated for directories. I think SETXATTR records should also be generated.

Comment 1 Worker Ant 2020-03-12 12:49:52 UTC
This bug is moved to https://github.com/gluster/glusterfs/issues/959, and will be tracked there from now on. Visit GitHub issues URL for further details


Note You need to log in before you can comment on or make changes to this bug.