rsync xattr support doesn't play nice with selinux
L A Walsh
rsync at tlinx.org
Fri Oct 12 22:25:43 UTC 2018
On 8/22/2018 2:09 PM, Shaya Potter via rsync wrote:
> If one is rsyncing a machine without selinux (therefore no
> security.selinux xattr on each file), to a system that has selinux (even
> in permissive mode), rsync doesn't play nice.
> basically selinux seems to make it appear that every file has
> security.selinux xattr on each file (I think this is virtually if
> there's no physical attribute, as if one disables selinux, the attribute
normally you can't see root or security attributes as a normal user.
on a non-security aware OS.
> rsync sees that on the temp file it created there is an
> xattr which is not on the source file and therefore tries to remove it, ...
Ick. I thought there was going to be a list of attrs
for utils that copy attrs to ignore? I guess you don't have
an rsync that does that (if it has been done yet).
SE linux has to label things when they get written
to disk -- it's a mandatory action that a program can only "ignore",
but not stop.
FWIW many tests in perl that check unix mode bits
fail on modern disks with ACL's. Of course they don't want to fix
perl, as it might break some older program.
> It be nice if there was way to tell rsync to ignore some xattrs that
> might be automatically created on the destination while still allowing
> xattr syncing.
I may be mistaken, but I thought it had been discussed and
planned at one point (?). sigh.
More information about the rsync