Opencloud tries to write xattrs in the security namespace

[butonic]

Followup of https://github.com/opencloud-eu/opencloud/issues/1853

If we read the security.SMACK64 we won't be able to write it back. This leads to errors in environments where selinux is enabled.

We should filter the attributes and only withe attributes from the user namespace.

IIRC there are differences with BSD because there the user.prefix might be stripped IIRC ... keep that in mind.

[teo]

Log with this issue: opencloud-stuck.log.txt

[teo]

Disabling SELinux is a workaround for the time being. Note that enabled+permissive isn't enough, it must be disabled.

I also lost some data: all the files that didn't get written ended up with zero length, but at least with the workaround new files get written correctly.

[butonic]

hm ... we last week merged a commit that should skip non opencloud xattrs: https://github.com/opencloud-eu/reva/commit/1ef13620952f3ba7081a11fcb19615626dc30619

[butonic]

🤔 @teo which version of opencloud are you using?

[butonic]

@rhafer @aduffeck do we need to skip attributes when writing blobs?

{
    "level": "error",
    "spaceid": "e62187ea-3b66-4b39-9ddb-c5b527a26ab8",
    "nodeid": "e009da1a-ef9a-4e1a-b2ff-4560e8a5159f",
    "error": "failed to upload file to blobstore: failed to set xattr 'security.selinux' on temp file '/var/lib/opencloud/storage/projects/e62187ea-3b66-4b39-9ddb-c5b527a26ab8/.oc-tmp/b95e9ec9-5173-4e38-a037-b1e3fd6564e3' - xattr.Set /var/lib/opencloud/storage/projects/e62187ea-3b66-4b39-9ddb-c5b527a26ab8/.oc-tmp/b95e9ec9-5173-4e38-a037-b1e3fd6564e3 security.selinux: operation not supported",
    "time": "2025-12-03T10:57:48Z",
    "message": "could not finalize upload"
}

[teo]

3.7.0

[butonic]

@teo we released 4.0.0 on monday. It contains a fix for this issue. Can you confirm that v4.0.0 fixes this for you?

[teo]

I confirm this issue is fixed in 4.0.0 with SELinux enabled+permissive.