qcopy-acl: Fix copying of ACLs on CentOS 7

Mon, 15 Jul 2024 05:59:59 -0700 

The CI of GNU sed shows a test failure of the Gnulib 'acl' tests on CentOS 7
[1]. Namely:

  FAIL: test-copy-acl.sh
  FAIL: test-copy-acl-1.sh
  FAIL: test-copy-acl-2.sh

It can be reproduced like this:

  $ echo 'Simple contents' > tmpfile0
  $ echo 'Simple contents' > tmpfile2
  $ chmod 600 tmpfile0
  $ setfacl -m user:1:1 tmpfile0
  $ getfacl tmpfile0
  user::rw-
  user:bin:--x
  group::---
  mask::--x
  other::---
  $ ./test-copy-acl tmpfile0 tmpfile2
  $ getfacl tmpfile2
  user::rw-
  group::--x
  other::---

The tests passed in older gnulib:

  2018-01-01 PASS
  2020-01-01 PASS
  2023-01-01 PASS
  2023-04-12 FAIL
  2024-01-01 FAIL

So, it must have been a regression from the 2023-01-12 commit.

Debugging it, I see two invocations of is_attr_permissions:

  is_attr_permissions("security.selinux",NULL) => 0
  is_attr_permissions("system.posix_acl_access",NULL) => 0

It is the latter which causes libattr to copy no attributes.

The patch below fixes it.

[1] https://github.com/gnu-sed/ci-check/actions/runs/9935643107


2024-07-15  Bruno Haible  <br...@clisp.org>

        qcopy-acl: Fix copying of ACLs on CentOS 7 (regression 2023-01-12).
        * lib/qcopy-acl.c: Include <string.h>, <linux/xattr.h>.
        (XATTR_NAME_NFSV4_ACL, XATTR_NAME_POSIX_ACL_ACCESS,
        XATTR_NAME_POSIX_ACL_DEFAULT): New macros, from file-has-acl.c.
        (is_attr_permissions): Test for these names explicitly.
        * m4/acl.m4 (gl_QCOPY_ACL): New macro.
        * modules/qcopy-acl (Files): Add m4/acl.m4.
        (configure.ac): Invoke gl_QCOPY_ACL.

diff --git a/lib/qcopy-acl.c b/lib/qcopy-acl.c
index dfc39cead0..877f42588b 100644
--- a/lib/qcopy-acl.c
+++ b/lib/qcopy-acl.c
@@ -26,6 +26,20 @@
 #if USE_XATTR
 
 # include <attr/libattr.h>
+# include <string.h>
+
+# if HAVE_LINUX_XATTR_H
+#  include <linux/xattr.h>
+# endif
+# ifndef XATTR_NAME_NFSV4_ACL
+#  define XATTR_NAME_NFSV4_ACL "system.nfs4_acl"
+# endif
+# ifndef XATTR_NAME_POSIX_ACL_ACCESS
+#  define XATTR_NAME_POSIX_ACL_ACCESS "system.posix_acl_access"
+# endif
+# ifndef XATTR_NAME_POSIX_ACL_DEFAULT
+#  define XATTR_NAME_POSIX_ACL_DEFAULT "system.posix_acl_default"
+# endif
 
 /* Returns 1 if NAME is the name of an extended attribute that is related
    to permissions, i.e. ACLs.  Returns 0 otherwise.  */
@@ -33,7 +47,12 @@
 static int
 is_attr_permissions (const char *name, struct error_context *ctx)
 {
-  return attr_copy_action (name, ctx) == ATTR_ACTION_PERMISSIONS;
+  /* We need to explicitly test for the known extended attribute names,
+     because at least on CentOS 7, attr_copy_action does not do it.  */
+  return strcmp (name, XATTR_NAME_POSIX_ACL_ACCESS) == 0
+         || strcmp (name, XATTR_NAME_POSIX_ACL_DEFAULT) == 0
+         || strcmp (name, XATTR_NAME_NFSV4_ACL) == 0
+         || attr_copy_action (name, ctx) == ATTR_ACTION_PERMISSIONS;
 }
 
 #endif  /* USE_XATTR */
diff --git a/m4/acl.m4 b/m4/acl.m4
index c7b6ec2b14..be88f1b831 100644
--- a/m4/acl.m4
+++ b/m4/acl.m4
@@ -1,5 +1,5 @@
 # acl.m4
-# serial 30
+# serial 31
 dnl Copyright (C) 2002, 2004-2024 Free Software Foundation, Inc.
 dnl This file is free software; the Free Software Foundation
 dnl gives unlimited permission to copy and/or distribute it,
@@ -178,13 +178,14 @@ AC_DEFUN([gl_ACL_GET_FILE]
   AS_IF([test "$gl_cv_func_working_acl_get_file" != no], [$1], [$2])
 ])
 
-# On GNU/Linux, testing if a file has an acl can be done with the
-# listxattr and getxattr syscalls, which don't require linking
-# against additional libraries.  Assume this works if linux/attr.h
-# and listxattr are present.
+# Prerequisites of module file-has-acl.
 AC_DEFUN([gl_FILE_HAS_ACL],
 [
   AC_REQUIRE([gl_FUNC_ACL_ARG])
+  # On GNU/Linux, testing if a file has an acl can be done with the
+  # listxattr and getxattr syscalls, which don't require linking
+  # against additional libraries.  Assume this works if linux/attr.h
+  # and listxattr are present.
   AC_CHECK_HEADERS_ONCE([linux/xattr.h])
   AC_CHECK_FUNCS_ONCE([listxattr])
   FILE_HAS_ACL_LIB=
@@ -198,3 +199,17 @@ AC_DEFUN([gl_FILE_HAS_ACL]
        FILE_HAS_ACL_LIB=$LIB_ACL])
   AC_SUBST([FILE_HAS_ACL_LIB])
 ])
+
+# Prerequisites of module qcopy-acl.
+AC_DEFUN([gl_QCOPY_ACL],
+[
+  AC_REQUIRE([gl_FUNC_ACL])
+  AC_CHECK_HEADERS_ONCE([linux/xattr.h])
+  gl_FUNC_XATTR
+  if test "$use_xattr" = yes; then
+    QCOPY_ACL_LIB="$LIB_XATTR"
+  else
+    QCOPY_ACL_LIB="$LIB_ACL"
+  fi
+  AC_SUBST([QCOPY_ACL_LIB])
+])
diff --git a/modules/qcopy-acl b/modules/qcopy-acl
index b89d8ecab6..e692a28625 100644
--- a/modules/qcopy-acl
+++ b/modules/qcopy-acl
@@ -3,20 +3,14 @@ Copy access control list from one file to another.  
(Unportable.)
 
 Files:
 lib/qcopy-acl.c
+m4/acl.m4
 m4/xattr.m4
 
 Depends-on:
 acl-permissions [test "$use_xattr" != yes]
 
 configure.ac:
-gl_FUNC_XATTR
-AC_REQUIRE([gl_FUNC_ACL])
-if test "$use_xattr" = yes; then
-  QCOPY_ACL_LIB="$LIB_XATTR"
-else
-  QCOPY_ACL_LIB="$LIB_ACL"
-fi
-AC_SUBST([QCOPY_ACL_LIB])
+gl_QCOPY_ACL
 
 Makefile.am:
 lib_SOURCES += qcopy-acl.c

Reply via email to