its undocumented that only user.* extended attributes are restored upon extraction
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU tar |
Unknown
|
Unknown
|
|||
tar (Debian) |
New
|
Unknown
|
|||
tar (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
The tar info page and upstream documentation indicate that when --xattr is used "all names are stored in the archive (or extracted, if using '--extract')", however when using --xattr with extract the security.capability extended attributes are not restored. If one also uses "--xattrs-
[Test Case]
mkdir orig restore
touch orig/file_
setcap cap_net_raw=p orig/file_
(eoan-amd64)
# file: orig/file_
security.
user.testkey=
(eoan-amd64)
(eoan-amd64)
# file: restore/
user.testkey=
(eoan-amd64)
(eoan-amd64)
# file: restore/
security.
user.testkey=
I think tar's extract behavior should be changed to match that of create so that all names are actually extracted.
tags: | added: eoan |
summary: |
- security.capability extended attributes not restored upon extraction + only user.* extended attributes restored upon extraction |
Changed in tar (Debian): | |
status: | Unknown → New |
After discussing this with upstream it became clear that the documentation is incorrect and it is deliberate that only the "user.*" extended attributes are applied by default during extraction.
"This decision was done because only user.* attributes are 100% safe to
extract. The security.* (especially capabilities) can have some binary
format specific to the box creating the archive but incompatible with host
extracting the archive."
https:/ /lists. gnu.org/ archive/ html/bug- tar/2019- 06/msg00001. html
The man for tar should be updated to reflect that to avoid any confusion.