On Monday, June 3, 2019 10:27:12 PM CEST Brian Murray wrote: > When enabling extended attribute support in a tar file (--xattrs) all > extended attributes are stored in the archive, however when the same archive > is extracted only the user.* extended attributes are extracted. To have all > the extended attributes read and applied on extraction one must also use the > '--xattrs-include=*' option.
This decision was done because only user.* attributes are 100% safe to extract. The security.* (especially capabilities) can have some binary format specific to the box creating the archive but incompatible with host extracting the archive. For security.selinux there is special option --selinux (so xattr security.selinux can be ignored), and for security.capability there should be implemented some new option (probably using libcap.so?). > I find this behavior surprising and especially so given that the documentation > indicates that "By default, when `--xattr' is used, all names are stored > in the archive (or extracted, if using `--extract')"[1]. Probably the docs need an update then. Pavel
