[pve-devel] [PATCH tar v2 2/5] Add acls-bugfix patch for PVE Bug 928

Emmanuel Kasper e.kasper at proxmox.com
Tue Apr 19 11:23:36 CEST 2016 

---
 Makefile          |   1 +
 acls-bugfix.patch | 109 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 110 insertions(+)
 create mode 100644 acls-bugfix.patch

diff --git a/Makefile b/Makefile
index 3ed2e94..8062c1c 100644
--- a/Makefile
+++ b/Makefile
@@ -33,6 +33,7 @@ deb ${DEB}: ${TARSRC}
 	echo "debian/SOURCE" >>${TARDIR}/debian/docs
 	mv ${TARDIR}/debian/changelog ${TARDIR}/debian/changelog.org
 	cat changelog ${TARDIR}/debian/changelog.org >${TARDIR}/debian/changelog
+	cd ${TARDIR}; patch -p1 <../acls-bugfix.patch
 	cd ${TARDIR}; dpkg-buildpackage -b -uc -us
 
 .PHONY: upload
diff --git a/acls-bugfix.patch b/acls-bugfix.patch
new file mode 100644
index 0000000..dcdcc0e
--- /dev/null
+++ b/acls-bugfix.patch
@@ -0,0 +1,109 @@
+Description: Do not set default acls when --acls flag is used 
+Origin: http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7fe7adcbb985e78aaf9f78051fa26167779be1f6
+Forwarded: not-needed
+Author: Pavel Raiskup <praiskup at redhat.com>
+Bug-Upstream: http://www.mail-archive.com/bug-tar@gnu.org/msg04355.html
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819978
+Bug-PVE: https://bugzilla.proxmox.com/show_bug.cgi?id=928
+
+acls: bugfix for default ACLs extraction
+    
+    When --acls option is on (regardless of tarball contents or
+    tarball format), we should explicitly set OR delete default ACLs
+    for extracted directories.  Prior to this update, we always
+    created arbitrary default ACLs based standard file permissions.
+    
+    * configure.ac (with_posix_acls): Check also for acl_free and
+    acl_delete_def_file to mark IEEE 1003.1e ACLs as supported.
+    * src/xattrs.c (acl_delete_def_file_at): New function.
+    (xattrs__acls_set): Do not treat acls_option at all;  Delete
+    default ACLs if appropriate.
+    
+    References:
+    http://www.mail-archive.com/bug-tar@gnu.org/msg04355.html
+    Thanks: Juan J. Martínez and Mark Steinborn
+
+diff --git a/configure.ac b/configure.ac
+index 08bed2b..d393876 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -74,7 +74,8 @@ AC_ARG_WITH([posix-acls],
+ if test "x$with_posix_acls" != "xno"; then
+   AC_CHECK_HEADERS(sys/acl.h,, [with_posix_acls=no])
+   for tar_acl_func in acl_get_file acl_get_fd acl_set_file acl_set_fd \
+-		      acl_to_text acl_from_text; do \
++		      acl_to_text acl_from_text acl_delete_def_file \
++		      acl_free; do \
+     test "x$with_posix_acls" = xno && break
+     AC_SEARCH_LIBS([$tar_acl_func], [acl pacl], [], [with_posix_acls=no])
+   done
+diff --git a/src/xattrs.c b/src/xattrs.c
+index dbaa209..307ee38 100644
+--- a/src/xattrs.c
++++ b/src/xattrs.c
+@@ -61,6 +61,7 @@ static struct
+ static acl_t acl_get_file_at (int, const char *, acl_type_t);
+ static int acl_set_file_at (int, const char *, acl_type_t, acl_t);
+ static int file_has_acl_at (int, char const *, struct stat const *);
++static int acl_delete_def_file_at (int, char const *);
+ 
+ /* acl_get_file_at */
+ #define AT_FUNC_NAME acl_get_file_at
+@@ -88,6 +89,17 @@ static int file_has_acl_at (int, char const *, struct stat const *);
+ #undef AT_FUNC_POST_FILE_PARAM_DECLS
+ #undef AT_FUNC_POST_FILE_ARGS
+ 
++/* acl_delete_def_file_at */
++#define AT_FUNC_NAME acl_delete_def_file_at
++#define AT_FUNC_F1 acl_delete_def_file
++#define AT_FUNC_POST_FILE_PARAM_DECLS
++#define AT_FUNC_POST_FILE_ARGS
++#include "at-func.c"
++#undef AT_FUNC_NAME
++#undef AT_FUNC_F1
++#undef AT_FUNC_POST_FILE_PARAM_DECLS
++#undef AT_FUNC_POST_FILE_ARGS
++
+ /* gnulib file_has_acl_at */
+ #define AT_FUNC_NAME file_has_acl_at
+ #define AT_FUNC_F1 file_has_acl
+@@ -187,7 +199,8 @@ fixup_extra_acl_fields (char *ptr)
+   return ptr;
+ }
+ 
+-/* "system.posix_acl_access" */
++/* Set the "system.posix_acl_access/system.posix_acl_default" extended
++   attribute.  Called only when acls_option > 0. */
+ static void
+ xattrs__acls_set (struct tar_stat_info const *st,
+                   char const *file_name, int type,
+@@ -199,15 +212,23 @@ xattrs__acls_set (struct tar_stat_info const *st,
+     {
+       /* assert (strlen (ptr) == len); */
+       ptr = fixup_extra_acl_fields (ptr);
+-
+       acl = acl_from_text (ptr);
+-      acls_option = 1;
+     }
+-  else if (acls_option > 0)
+-    acl = perms2acl (st->stat.st_mode);
++  else if (def)
++    {
++      /* No "default" IEEE 1003.1e ACL set for directory.  At this moment,
++         FILE_NAME may already have inherited default acls from parent
++         directory;  clean them up. */
++      if (acl_delete_def_file_at (chdir_fd, file_name))
++        WARNOPT (WARN_XATTR_WRITE,
++                (0, errno,
++                 _("acl_delete_def_file_at: Cannot drop default POSIX ACLs "
++                   "for file '%s'"),
++                 file_name));
++      return;
++    }
+   else
+-    return;  /* don't call acl functions unless we first hit an ACL, or
+-		--acls was passed explicitly */
++    acl = perms2acl (st->stat.st_mode);
+ 
+   if (!acl)
+     {
-- 
2.1.4

More information about the pve-devel mailing list