Christian Heimes <li...@cheimes.de> added the comment:
The issue came up at $WORK now. Core utils like copy command ignore "security.selinux" xattr unless the user explicitly asks to preserve the security context, see https://github.com/coreutils/coreutils/blob/6a3d2883fed853ee01079477020091068074e12d/src/copy.c#L867-L891 https://github.com/philips/attr/blob/1cc88bd4c17ef99ace22c8be362d513f155b1387/libattr/attr_copy_fd.c#L109-L111 _copyxattr() ignores most errnos that are listed in the man page of setxattr(2) but not EACCES. The man page of setxattr(2) also points to stat(2) which lists EACCES as possible errno. I see three simple and two more complicated solutions: 1) ignore EACCES completely 2) ignore EACCES for "security.selinux" 3) ignore EACCES for "security.*" 4) provide a callback similar to the check() callback in libattr's attr_copy_fd(). Only copy an xattr when the callback is not set or returns True. 5) provide an extra option to skip security context Related: https://bugs.python.org/issue24564#msg351555 also suggests that copyxattr should ignore ENOSYS in listxattr. Some file systems (NFS?) seem to lack xattr. Hynek, you implemented most of copyxattr in 0beab058dd4 back in 2013. What's your opinion? ---------- nosy: +hynek _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue38893> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
