-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
extended attributes discarded for layered changes #654
Comments
Here is a workaround required due to this at the moment. Since bazzite is using rechunk this can be removed, but it is used throughout Universal Blue images and derivatives. For other applications as well. I was told this might be corrupting OSTree file hashes, and might be partially behind secureblue/secureblue#369 which fails when setting xattrs. Or at least the variant used there, since the only 5 files that error during |
@cgwalters , the mentioned workaround is for an executable on the host file system. If we know that we "lost" a capability in an executable inside a given image, is there a better way to set it rather than the following?
|
(edited) There's no trivial build-time workaround for this possible, the xattrs are being discarded on the client side. What would fix it is "rechunking" an image and generating an ostree commit, which we're working on tooling for, but is more invasive. |
Right now when we filter the tar stream we end up discarding xattrs - there's a bit of nontrivial work necessary on our side to handle this.
It also opens up the interesting question of whether we try to e.g. honor any
security.selinux
that may be present.It is clear that we definitely want
security.capability
, and for that matter we might as well propagate things likeuser.
.The text was updated successfully, but these errors were encountered: