borgbackup
check xattr namespace behaviour
there was a strange issue in #6988 and the root cause was a strange xattr named user.security.selinux (the correct name would be security.selinux).
the processing (or rather ignoring) of such invalid stuff was solved by #6990.
but the open question is still: where did that invalid xattr initially come from?
we should make sure it did not come from borg.
@rudd-o if you have some time, you could maybe test that, like:
- locate some file that has a correct
security.selinuxxattr and not any invalid xattrs - backup that file with
borg create ... - restore that file with
borg extract ...- anything strange to see in the extracted file's xattrs? - restore that file with
borg mount ...and copying it from within the mounted fs - anything strange to see in the extracted file's xattrs?
Notes:
- tests in
borg.testsuite.xattrwork ok on macOS (I also added some withsecurity.namespace and didn't spot anything unusual) - the freebsd api for xattrs is a bit different as it has a separate argument for the namespace
@rudd-o do you use freebsd? if so, did you restore a linux backup on a freebsd machine?
It looks like the borg.platform.freebsd.setxattr code is problematic when used cross-platform:
- when backing up on freebsd, borg only queries the xattrs from the EXTATTR_NAMESPACE_USER (and writes them with a
user.prefix into the archive) - check if we also need to back up other namespaces, like EXTATTR_NAMESPACE_SYSTEM. - so when restoring such an archive on freebsd, only
user.*xattrs are expected and processed correctly (as far as i could see) - but, if an archive has
security.*xattrs,borg.platform.freebsd.setxattris misbehaved:- it does not find the usual
user.prefix (and thus does not strip it) - it does not expect a
security.prefix (and thus does not strip it) - but it still calls the freebsd api with EXTATTR_NAMESPACE_USER, so the result could be something like
user.security.*. :-(
- it does not find the usual
- on freebsd, there is no security namespace and guess extracting something like
security.selinuxdoes not make sense anyway as it is platform-specific to "Linux with SElinux".
Only Linux. No FreeBSD. The attributes must have been set by either Syncthing or some other tool. Right now all I want is those attributes gone. user.security.selinux is ridiculous and meaningless.
I am not familiar with xattr usage on freebsd, so guess this needs somebody with knowledge about this, see my previous comment.
FreeBSD manual of extattr(3) says
Although a file system may implement arbitrary namespaces, these functions only support the EXTATTR_NAMESPACE_USER ("user") and EXTATTR_NAMESPACE_SYSTEM ("system") namespaces, which are defined in extattr(9).
does this help?
@oikumene for what are xattrs typically used for under freebsd? Is there some list of the "usual stuff" (keys)?
From WP: "The user namespace has no restrictions with regard to naming or contents. The system namespace is primarily used by the kernel for access control lists and mandatory access control."
for what are xattrs typically used for under freebsd? Is there some list of the "usual stuff" (keys)?
I do not know well, but I think there are no "usual stuff" for xattr in FreeBSD. I have never encountered one. For Mandatory Access Control (MAC) (which is similar to SELinux), they use maclabel which seems different from xattr (as far as reading manpages.)