RFC: baseline requirements for Ubuntu rootfs: xattrs and fscaps

Steve Langasek steve.langasek at ubuntu.com
Fri Aug 3 18:50:54 UTC 2018


On Thu, Aug 02, 2018 at 01:29:26PM -0700, Kees Cook wrote:
> > > >  - Users who are unpacking root tarballs need to take care to pass
> > > >    --xattrs-include=* to tar.
> > > >  - Users who are backing up or streaming Ubuntu root filesystems with tar or
> > > >    rsync will need to take care to pass non-default xattr-preserving options
> > > >    (tar --xattrs; rsync -X).

> > > How about making these default-enabled? Hoping people will remember seems
> > > fragile.

> > I think that's appropriate to pursue with the upstream, but that we should
> > still socialize the recommendation to use the options explicitly for
> > portability.

> While I agree about pursuing it with upstreams, I don't agree about just
> leaving this to documentation/luck. The problem is distro-specific (i.e.
> the packages built and the root filesystem being used), so I think it's
> fair to make the tools involved in that distro DTRT by default when it
> comes to xattrs. (Everything else is expected to work together correctly,
> why not the tools too?)

I don't think this is an either-or proposition.  I think we need to document
it because existing tooling doesn't DTRT by default, and I think we need to
work with upstream to get the defaults changed (upstream, because we can't
assume that our users are using Ubuntu's tar binary when unpacking Ubuntu
root tarballs).

I've filed two bugs in launchpad for this on the respective packages.

  https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1785291
  https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1785302

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                   https://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20180803/a87ee0a1/attachment.sig>


More information about the ubuntu-devel mailing list