Proposal: Xattr handling of files/directories without read permission on macOS

[slackner]

On macOS, the xattr tests still cause a couple of test failures:

DecryptBlock: Block is too short: 3 bytes
DecryptBlock: Block is too short: 2 bytes
GetXAttr: Block is too short
GetXAttr: cipher: message authentication failed
GetXAttr: cipher: message authentication failed
GetXAttr: cipher: message authentication failed
--- FAIL: TestList0000File (0.00s)
    xattr_integration_test.go:303: xattr.list /var/folders/6x/tlqzyq0j38j9xw6qkl8p3jcm0000gq/T/gocryptfs-test-parent/016447944/default-plain/TestList0000File : permission denied
--- FAIL: TestList0000Dir (0.00s)
    xattr_integration_test.go:330: xattr.list /var/folders/6x/tlqzyq0j38j9xw6qkl8p3jcm0000gq/T/gocryptfs-test-parent/016447944/default-plain/TestList0000Dir : permission denied
--- FAIL: TestSet0200Dir (0.00s)
    xattr_integration_test.go:344: xattr.LSet /var/folders/6x/tlqzyq0j38j9xw6qkl8p3jcm0000gq/T/gocryptfs-test-parent/016447944/default-plain/TestSet0200Dir user.foo: permission denied
FAIL
FAIL	github.com/rfjakob/gocryptfs/tests/xattr	0.282s

On Linux we fixed these with the /proc/self/... trick, but this method doesn't work on macOS. However, there is one way how we could solve it (already mentioned in previous bug reports): Emulating it with Fchdir. The method would work like this:

• First try to open a fd - if this works then used fd-based methods since this doesn't involve any locks.
• If the first method fails due to the lack of read permissions, use Fchdir to switch to the parent directory. Then use path-based xattr functions with options = XATTR_NOFOLLOW.

Unfortunately, this means we have to add new emulation code involving the chdirMutex. However, with these fixes, both Linux and macOS would handle all xattr corner cases correctly. What do you think?

[rfjakob]

Sounds good, yes