[Bugs] [Bug 1730565] New: Geo-replication does not sync default ACL

bugzilla at redhat.com bugzilla at redhat.com
Wed Jul 17 07:08:12 UTC 2019


https://bugzilla.redhat.com/show_bug.cgi?id=1730565

            Bug ID: 1730565
           Summary: Geo-replication does not sync default ACL
           Product: GlusterFS
           Version: mainline
            Status: NEW
         Component: geo-replication
          Severity: high
          Assignee: bugs at gluster.org
          Reporter: homma at allworks.co.jp
                CC: bugs at gluster.org
  Target Milestone: ---
    Classification: Community



Description of problem:
Default ACLs are not synced to geo-replication slave.

Version-Release number of selected component (if applicable):

How reproducible:
Always

Steps to Reproduce:
1. On geo-rep master:
  mkdir dir1
  setfacl -d -m g::rwx dir1
  getfacl dir1

2. On geo-rep slave:
  getfacl dir1

Actual results:
Default ACL is not set on slave.

Expected results:
Default ACL is set on slave.

Additional info:
Access ACLs are synced as expected.

With slave-gluster-log-level=DEBUG, the following log messages appears.

[2019-07-17 03:49:00.305670] D [fuse-helpers.c:649:fuse_ignore_xattr_set]
0-glusterfs-fuse: disallowing setxattr: key [system.posix_acl_default],  client
pid [-1]
[2019-07-17 03:49:00.308140] D [fuse-helpers.c:649:fuse_ignore_xattr_set]
0-glusterfs-fuse: disallowing setxattr: key [trusted.SGI_ACL_DEFAULT],  client
pid [-1]

On the other hand, for access ACL,

[2019-07-17 06:11:27.892153] D [fuse-helpers.c:649:fuse_ignore_xattr_set]
0-glusterfs-fuse: allowing setxattr: key [system.posix_acl_access],  client pid
[-1]

In fuse_ignore_xattr_set(), only the following xattrs are allowed to be set by
gsyncd:

    /* trusted NS check */
    if (!((fnmatch("*.glusterfs.*.xtime", key, FNM_PERIOD) == 0) ||
          (fnmatch("*.glusterfs.volume-mark", key, FNM_PERIOD) == 0) ||
          (fnmatch("*.glusterfs.volume-mark.*", key, FNM_PERIOD) == 0) ||
          (fnmatch("system.posix_acl_access", key, FNM_PERIOD) == 0) ||
          (fnmatch("glusterfs.gfid.newfile", key, FNM_PERIOD) == 0) ||
          (fnmatch("*.glusterfs.shard.block-size", key, FNM_PERIOD) == 0) ||
          (fnmatch("*.glusterfs.shard.file-size", key, FNM_PERIOD) == 0)))
        ret = -1;

out:
    gf_log("glusterfs-fuse", GF_LOG_DEBUG,
           "%s setxattr: key [%s], "
           " client pid [%d]",
           (ret ? "disallowing" : "allowing"), key, priv->client_pid);


Also, on hybrid crawl, only MKDIR and SETATTR changelog records are genereated
for directories. I think SETXATTR records should also be generated.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.


More information about the Bugs mailing list