Description of problem: If you use guestmount to mount a filesystem that contains extended attributes (xattrs) or ACLs, then you cannot "see" these on the host side under the mount point. This is not exactly unexpected: on the appliance side you have to mount the filesystem with the -o acl and -o user_xattr options if you expect to see ACLs and xattrs, and we were not doing this, so libguestfs would never see them. (Note that ACLs are implemented on Linux using xattrs). I added a third sub-parameter to the --mount flag allowing mount options to be specified. Now you can do: -m /dev/sda1:/:acl,user_xattr However, even with this extra flag, the xattrs (and hence ACLs) were not being passed over to the host side. It appears that our code contains a bug which causes the syscall to fail badly. For example stracing 'getfattr' shows: lstat("user_xattr", {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 listxattr("user_xattr", (nil), 0) = -1 ERANGE (Numerical result out of range) Obviously the ERANGE error really shouldn't be happening there. Version-Release number of selected component (if applicable): libguestfs 1.9.13. How reproducible: Always. Steps to Reproduce: 1. Create a test filesystem containing some files with xattrs. 2. Mount it using guestmount. 3. Try to use getfattr command on the host side. Actual results: getfattr dies with "Numerical result out of range" error. Expected results: Should pass through the xattrs, ACLs etc with fidelity. Additional info: Original bug report was https://www.redhat.com/archives/libguestfs/2011-March/msg00126.html
This patch allows mount options to be specified: https://www.redhat.com/archives/libguestfs/2011-March/msg00134.html
Patches posted: https://www.redhat.com/archives/libguestfs/2011-March/msg00136.html https://www.redhat.com/archives/libguestfs/2011-March/msg00137.html
Upstream commits which fix reading: http://git.annexia.org/?p=libguestfs.git;a=commitdiff;h=4e529e06a4500959cd783f5029354fea47a253a6 http://git.annexia.org/?p=libguestfs.git;a=commitdiff;h=0d6fd9e1d2488841c912c5351086e536772837ef Since I have not tested writing/setting extended attributes or ACLs, leaving the bug in MODIFIED for now.
*** Bug 814933 has been marked as a duplicate of this bug. ***
Set back to ASSIGNED to indicate this bug isn't fully fixed.
Created attachment 579191 [details] Regression test for (unfixed) bug 814933. Regression test for (unfixed) bug 814933. This test runs emacs in batch mode to edit a file, demonstrating that it fails with an selinux error.
See also: https://bugzilla.redhat.com/show_bug.cgi?id=811217 https://bugzilla.redhat.com/show_bug.cgi?id=812798#c42
Also: http://www.spinics.net/lists/selinux/msg09455.html http://www.spinics.net/lists/selinux/msg09492.html http://sourceforge.net/mailarchive/message.php?msg_id=29654774