diff -up rsync-3.1.2/exclude.c.orig rsync-3.1.2/exclude.c
--- rsync-3.1.2/exclude.c.orig 2018-09-27 17:06:15.413701320 -0300
+++ rsync-3.1.2/exclude.c 2018-09-27 17:06:19.259579122 -0300
@@ -44,6 +44,8 @@ filter_rule_list filter_list = { .debug_
filter_rule_list cvs_filter_list = { .debug_type = " [global CVS]" };
filter_rule_list daemon_filter_list = { .debug_type = " [daemon]" };
+int saw_xattr_filter = 0;
+
/* Need room enough for ":MODS " prefix plus some room to grow. */
#define MAX_RULE_PREFIX (16)
@@ -622,7 +624,7 @@ void change_local_filter_dir(const char
filt_array[cur_depth] = push_local_filters(dname, dlen);
}
-static int rule_matches(const char *fname, filter_rule *ex, int name_is_dir)
+static int rule_matches(const char *fname, filter_rule *ex, int name_flags)
{
int slash_handling, str_cnt = 0, anchored_match = 0;
int ret_match = ex->rflags & FILTRULE_NEGATE ? 0 : 1;
@@ -633,6 +635,9 @@ static int rule_matches(const char *fnam
if (!*name)
return 0;
+ if (!(name_flags & NAME_IS_XATTR) ^ !(ex->rflags & FILTRULE_XATTR))
+ return 0;
+
if (!ex->u.slash_cnt && !(ex->rflags & FILTRULE_WILD2)) {
/* If the pattern does not have any slashes AND it does
* not have a "**" (which could match a slash), then we
@@ -650,7 +655,7 @@ static int rule_matches(const char *fnam
strings[str_cnt++] = "/";
}
strings[str_cnt++] = name;
- if (name_is_dir) {
+ if (name_flags & NAME_IS_DIR) {
/* Allow a trailing "/"+"***" to match the directory. */
if (ex->rflags & FILTRULE_WILD3_SUFFIX)
strings[str_cnt++] = "/";
@@ -702,7 +707,7 @@ static int rule_matches(const char *fnam
static void report_filter_result(enum logcode code, char const *name,
filter_rule const *ent,
- int name_is_dir, const char *type)
+ int name_flags, const char *type)
{
/* If a trailing slash is present to match only directories,
* then it is stripped out by add_rule(). So as a special
@@ -712,17 +717,40 @@ static void report_filter_result(enum lo
static char *actions[2][2]
= { {"show", "hid"}, {"risk", "protect"} };
const char *w = who_am_i();
+ const char *t = name_flags & NAME_IS_XATTR ? "xattr"
+ : name_flags & NAME_IS_DIR ? "directory"
+ : "file";
rprintf(code, "[%s] %sing %s %s because of pattern %s%s%s\n",
w, actions[*w!='s'][!(ent->rflags & FILTRULE_INCLUDE)],
- name_is_dir ? "directory" : "file", name, ent->pattern,
+ t, name, ent->pattern,
ent->rflags & FILTRULE_DIRECTORY ? "/" : "", type);
}
}
+/* This function is used to check if a file should be included/excluded
+ * from the list of files based on its name and type etc. The value of
+ * filter_level is set to either SERVER_FILTERS or ALL_FILTERS. */
+int name_is_excluded(const char *fname, int name_flags, int filter_level)
+{
+ if (daemon_filter_list.head && check_filter(&daemon_filter_list, FLOG, fname, name_flags) < 0) {
+ if (!(name_flags & NAME_IS_XATTR))
+ errno = ENOENT;
+ return 1;
+ }
+
+ if (filter_level != ALL_FILTERS)
+ return 0;
+
+ if (filter_list.head && check_filter(&filter_list, FINFO, fname, name_flags) < 0)
+ return 1;
+
+ return 0;
+}
+
/* Return -1 if file "name" is defined to be excluded by the specified
* exclude list, 1 if it is included, and 0 if it was not matched. */
int check_filter(filter_rule_list *listp, enum logcode code,
- const char *name, int name_is_dir)
+ const char *name, int name_flags)
{
filter_rule *ent;
@@ -730,22 +758,19 @@ int check_filter(filter_rule_list *listp
if (ignore_perishable && ent->rflags & FILTRULE_PERISHABLE)
continue;
if (ent->rflags & FILTRULE_PERDIR_MERGE) {
- int rc = check_filter(ent->u.mergelist, code, name,
- name_is_dir);
+ int rc = check_filter(ent->u.mergelist, code, name, name_flags);
if (rc)
return rc;
continue;
}
if (ent->rflags & FILTRULE_CVS_IGNORE) {
- int rc = check_filter(&cvs_filter_list, code, name,
- name_is_dir);
+ int rc = check_filter(&cvs_filter_list, code, name, name_flags);
if (rc)
return rc;
continue;
}
- if (rule_matches(name, ent, name_is_dir)) {
- report_filter_result(code, name, ent, name_is_dir,
- listp->debug_type);
+ if (rule_matches(name, ent, name_flags)) {
+ report_filter_result(code, name, ent, name_flags, listp->debug_type);
return ent->rflags & FILTRULE_INCLUDE ? 1 : -1;
}
}
@@ -970,6 +995,10 @@ static filter_rule *parse_rule_tok(const
goto invalid;
rule->rflags |= FILTRULE_WORD_SPLIT;
break;
+ case 'x':
+ rule->rflags |= FILTRULE_XATTR;
+ saw_xattr_filter = 1;
+ break;
}
}
if (*s)
@@ -1286,6 +1286,8 @@ char *get_rule_prefix(filter_rule *rule, const char *pat, int for_xfer,
}
if (rule->rflags & FILTRULE_EXCLUDE_SELF)
*op++ = 'e';
+ if (rule->rflags & FILTRULE_XATTR)
+ *op++ = 'x';
if (rule->rflags & FILTRULE_SENDER_SIDE
&& (!for_xfer || protocol_version >= 29))
*op++ = 's';
diff -up rsync-3.1.2/flist.c.orig rsync-3.1.2/flist.c
--- rsync-3.1.2/flist.c.orig 2018-09-27 17:06:15.420701098 -0300
+++ rsync-3.1.2/flist.c 2018-09-27 17:06:19.262579026 -0300
@@ -237,16 +237,6 @@ int link_stat(const char *path, STRUCT_S
#endif
}
-static inline int is_daemon_excluded(const char *fname, int is_dir)
-{
- if (daemon_filter_list.head
- && check_filter(&daemon_filter_list, FLOG, fname, is_dir) < 0) {
- errno = ENOENT;
- return 1;
- }
- return 0;
-}
-
static inline int path_is_daemon_excluded(char *path, int ignore_filename)
{
if (daemon_filter_list.head) {
@@ -273,23 +263,10 @@ static inline int path_is_daemon_exclude
return 0;
}
-/* This function is used to check if a file should be included/excluded
- * from the list of files based on its name and type etc. The value of
- * filter_level is set to either SERVER_FILTERS or ALL_FILTERS. */
-static int is_excluded(const char *fname, int is_dir, int filter_level)
+
+static inline int is_excluded(const char *fname, int is_dir, int filter_level)
{
-#if 0 /* This currently never happens, so avoid a useless compare. */
- if (filter_level == NO_FILTERS)
- return 0;
-#endif
- if (is_daemon_excluded(fname, is_dir))
- return 1;
- if (filter_level != ALL_FILTERS)
- return 0;
- if (filter_list.head
- && check_filter(&filter_list, FINFO, fname, is_dir) < 0)
- return 1;
- return 0;
+ return name_is_excluded(fname, is_dir ? NAME_IS_DIR : NAME_IS_FILE, filter_level);
}
static void send_directory(int f, struct file_list *flist,
@@ -2262,7 +2239,7 @@ struct file_list *send_file_list(int f,
memmove(fbuf, fn, len + 1);
if (link_stat(fbuf, &st, copy_dirlinks || name_type != NORMAL_NAME) != 0
- || (name_type != DOTDIR_NAME && is_daemon_excluded(fbuf, S_ISDIR(st.st_mode)))
+ || (name_type != DOTDIR_NAME && is_excluded(fbuf, S_ISDIR(st.st_mode) != 0, SERVER_FILTERS))
|| (relative_paths && path_is_daemon_excluded(fbuf, 1))) {
if (errno != ENOENT || missing_args == 0) {
/* This is a transfer error, but inhibit deletion
diff -up rsync-3.1.2/rsync.h.orig rsync-3.1.2/rsync.h
--- rsync-3.1.2/rsync.h.orig 2018-09-27 17:06:15.426700907 -0300
+++ rsync-3.1.2/rsync.h 2018-09-27 17:06:19.263578995 -0300
@@ -856,6 +856,10 @@ struct map_struct {
int status; /* first errno from read errors */
};
+#define NAME_IS_FILE (0) /* filter name as a file */
+#define NAME_IS_DIR (1<<0) /* filter name as a dir */
+#define NAME_IS_XATTR (1<<2) /* filter name as an xattr */
+
#define FILTRULE_WILD (1<<0) /* pattern has '*', '[', and/or '?' */
#define FILTRULE_WILD2 (1<<1) /* pattern has '**' */
#define FILTRULE_WILD2_PREFIX (1<<2) /* pattern starts with "**" */
@@ -876,6 +880,7 @@ struct map_struct {
#define FILTRULE_RECEIVER_SIDE (1<<17)/* rule applies to the receiving side */
#define FILTRULE_CLEAR_LIST (1<<18)/* this item is the "!" token */
#define FILTRULE_PERISHABLE (1<<19)/* perishable if parent dir goes away */
+#define FILTRULE_XATTR (1<<20)/* rule only applies to xattr names */
#define FILTRULES_SIDES (FILTRULE_SENDER_SIDE | FILTRULE_RECEIVER_SIDE)
diff -up rsync-3.1.2/rsync.yo.orig rsync-3.1.2/rsync.yo
--- rsync-3.1.2/rsync.yo.orig 2018-09-27 17:06:15.433700685 -0300
+++ rsync-3.1.2/rsync.yo 2018-09-27 17:06:19.266578899 -0300
@@ -1109,9 +1109,27 @@ super-user copies all namespaces except
the user.* namespace. To be able to backup and restore non-user namespaces as
a normal user, see the bf(--fake-super) option.
-Note that this option does not copy rsyncs special xattr values (e.g. those
-used by bf(--fake-super)) unless you repeat the option (e.g. -XX). This
-"copy all xattrs" mode cannot be used with bf(--fake-super).
+The above name filtering can be overridden by using one or more filter options
+with the bf(x) modifier. When you specify an xattr-affecting filter rule, rsync
+requires that you do your own system/user filtering, as well as any additional
+filtering for what xattr names are copied and what names are allowed to be
+deleted. For example, to skip the system namespace, you could specify:
+
+quote(--filter='-x system.*')
+
+To skip all namespaces except the user namespace, you could specify a
+negated-user match:
+
+quote(--filter='-x! user.*')
+
+To prevent any attributes from being deleted, you could specify a receiver-only
+rule that excludes all names:
+
+quote(--filter='-xr *')
+
+Note that the bf(-X) option does not copy rsync's special xattr values (e.g.
+those used by bf(--fake-super)) unless you repeat the option (e.g. -XX).
+This "copy all xattrs" mode cannot be used with bf(--fake-super).
dit(bf(--chmod)) This option tells rsync to apply one or more
comma-separated "chmod" modes to the permission of the files in the
@@ -2890,6 +2908,10 @@ itemization(
option's default rules that exclude things like "CVS" and "*.o" are
marked as perishable, and will not prevent a directory that was removed
on the source from being deleted on the destination.
+ it() An bf(x) indicates that a rule affects xattr names in xattr copy/delete
+ operations (and is thus ignored when matching file/dir names). If no
+ xattr-matching rules are specified, a default xattr filtering rule is
+ used (see the bf(--xattrs) option).
)
manpagesection(MERGE-FILE FILTER RULES)
diff -up rsync-3.1.2/testsuite/xattrs.test.orig rsync-3.1.2/testsuite/xattrs.test
--- rsync-3.1.2/testsuite/xattrs.test.orig 2018-09-27 17:06:15.439700494 -0300
+++ rsync-3.1.2/testsuite/xattrs.test 2018-09-27 17:06:19.267578867 -0300
@@ -127,8 +127,10 @@ esac
xls $dirs $files >"$scratchdir/xattrs.txt"
+XFILT='-f-x_system.* -f-x_security.*'
+
# OK, let's try a simple xattr copy.
-checkit "$RSYNC -avX $dashH --super . '$chkdir/'" "$fromdir" "$chkdir"
+checkit "$RSYNC -avX $XFILT $dashH --super . '$chkdir/'" "$fromdir" "$chkdir"
cd "$chkdir"
xls $dirs $files | diff $diffopt "$scratchdir/xattrs.txt" -
@@ -142,7 +144,7 @@ if [ "$dashH" ]; then
done
fi
-checkit "$RSYNC -aiX $dashH --super $altDest=../chk . ../to" "$fromdir" "$todir"
+checkit "$RSYNC -aiX $XFILT $dashH --super $altDest=../chk . ../to" "$fromdir" "$todir"
cd "$todir"
xls $dirs $files | diff $diffopt "$scratchdir/xattrs.txt" -
@@ -156,7 +158,7 @@ xset user.nice 'this is nice, but differ
xls $dirs $files >"$scratchdir/xattrs.txt"
-checkit "$RSYNC -aiX $dashH --fake-super --link-dest=../chk . ../to" "$chkdir" "$todir"
+checkit "$RSYNC -aiX $XFILT $dashH --fake-super --link-dest=../chk . ../to" "$chkdir" "$todir"
cd "$todir"
xls $dirs $files | diff $diffopt "$scratchdir/xattrs.txt" -
@@ -186,7 +188,7 @@ cd "$fromdir"
rm -rf "$todir"
# When run by a non-root tester, this checks if no-user-perm files/dirs can be copied.
-checkit "$RSYNC -aiX $dashH --fake-super --chmod=a= . ../to" "$chkdir" "$todir" # 2>"$scratchdir/errors.txt"
+checkit "$RSYNC -aiX $XFILT $dashH --fake-super --chmod=a= . ../to" "$chkdir" "$todir" # 2>"$scratchdir/errors.txt"
cd "$todir"
xls $dirs $files | diff $diffopt "$scratchdir/xattrs.txt" -
@@ -202,7 +204,7 @@ $RSYNC -aX file1 ../lnk/
xls file1 file2 >"$scratchdir/xattrs.txt"
-checkit "$RSYNC -aiiX $dashH $altDest=../lnk . ../to" "$chkdir" "$todir"
+checkit "$RSYNC -aiiX $XFILT $dashH $altDest=../lnk . ../to" "$chkdir" "$todir"
[ "$dashH" ] && rm ../lnk/extra-link
@@ -215,7 +217,7 @@ rm "$todir/file2"
echo extra >file1
$RSYNC -aX . ../chk/
-checkit "$RSYNC -aiiX . ../to" "$chkdir" "$todir"
+checkit "$RSYNC -aiiX $XFILT . ../to" "$chkdir" "$todir"
cd "$todir"
xls file1 file2 | diff $diffopt "$scratchdir/xattrs.txt" -
diff -up rsync-3.1.2/xattrs.c.orig rsync-3.1.2/xattrs.c
--- rsync-3.1.2/xattrs.c.orig 2018-09-27 17:06:15.442700399 -0300
+++ rsync-3.1.2/xattrs.c 2018-09-27 17:07:50.900667319 -0300
@@ -39,6 +39,7 @@ extern int preserve_devices;
extern int preserve_specials;
extern int checksum_seed;
extern int protocol_version;
+extern int saw_xattr_filter;
#define RSYNC_XAL_INITIAL 5
#define RSYNC_XAL_LIST_INITIAL 100
@@ -234,11 +235,14 @@ static int rsync_xal_get(const char *fna
name_len = strlen(name) + 1;
list_len -= name_len;
+ if (saw_xattr_filter) {
+ if (name_is_excluded(name, NAME_IS_XATTR, ALL_FILTERS))
+ continue;
+ }
#ifdef HAVE_LINUX_XATTRS
/* We always ignore the system namespace, and non-root
* ignores everything but the user namespace. */
- if (user_only ? !HAS_PREFIX(name, USER_PREFIX)
- : HAS_PREFIX(name, SYSTEM_PREFIX))
+ else if (user_only ? !HAS_PREFIX(name, USER_PREFIX) : HAS_PREFIX(name, SYSTEM_PREFIX))
continue;
#endif
@@ -337,11 +341,14 @@ int copy_xattrs(const char *source, cons
name_len = strlen(name) + 1;
list_len -= name_len;
+ if (saw_xattr_filter) {
+ if (name_is_excluded(name, NAME_IS_XATTR, ALL_FILTERS))
+ continue;
+ }
#ifdef HAVE_LINUX_XATTRS
/* We always ignore the system namespace, and non-root
* ignores everything but the user namespace. */
- if (user_only ? !HAS_PREFIX(name, USER_PREFIX)
- : HAS_PREFIX(name, SYSTEM_PREFIX))
+ else if (user_only ? !HAS_PREFIX(name, USER_PREFIX) : HAS_PREFIX(name, SYSTEM_PREFIX))
continue;
#endif
@@ -735,10 +742,17 @@ void receive_xattr(int f, struct file_st
*ptr = XSTATE_ABBREV;
read_buf(f, ptr + 1, MAX_DIGEST_LEN);
}
+
+ if (saw_xattr_filter) {
+ if (name_is_excluded(name, NAME_IS_XATTR, ALL_FILTERS)) {
+ free(ptr);
+ continue;
+ }
+ }
#ifdef HAVE_LINUX_XATTRS
/* Non-root can only save the user namespace. */
if (am_root <= 0 && !HAS_PREFIX(name, USER_PREFIX)) {
- if (!am_root) {
+ if (!am_root && !saw_xattr_filter) {
free(ptr);
continue;
}
@@ -899,11 +913,14 @@ static int rsync_xal_set(const char *fna
name_len = strlen(name) + 1;
list_len -= name_len;
+ if (saw_xattr_filter) {
+ if (name_is_excluded(name, NAME_IS_XATTR, ALL_FILTERS))
+ continue;
+ }
#ifdef HAVE_LINUX_XATTRS
/* We always ignore the system namespace, and non-root
* ignores everything but the user namespace. */
- if (user_only ? !HAS_PREFIX(name, USER_PREFIX)
- : HAS_PREFIX(name, SYSTEM_PREFIX))
+ else if (user_only ? !HAS_PREFIX(name, USER_PREFIX) : HAS_PREFIX(name, SYSTEM_PREFIX))
continue;
#endif
if (am_root < 0 && name_len > RPRE_LEN