Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bpo-38893: Ignore EACCES, ENOSYS in copyxattr #21430

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

bpo-38893: Ignore EACCES, ENOSYS in copyxattr #21430

wants to merge 1 commit into from
+9 −3

Conversation

tiran
Copy link
Member

@tiran tiran commented Jul 10, 2020
edited by bedevere-bot

:func:shutil.copystat now ignores :const:errno.ENOSYS and
:const:errno.EACCES when copying extended file attributes.
:func:os.listxattr can fail with ENOSYS on some file systems (e.g. NFS).
An LSM may block :func:os.setxattr for security attributes like
security.selinux.

Signed-off-by: Christian Heimes christian@python.org

https://bugs.python.org/issue38893

@tiran
bpo-38893: Ignore EACCES, ENOSYS in copyxattr
f5c1cf9 
:func:`shutil.copystat` now ignores :const:`errno.ENOSYS` and
:const:`errno.EACCES` when copying extended file attributes.
:func:`os.listxattr` can fail with ENOSYS on some file systems (e.g. NFS).
An LSM may block :func:`os.setxattr` for security attributes like
``security.selinux``.

Signed-off-by: Christian Heimes <christian@python.org>
@tiran tiran added type-bug An unexpected behavior, bug, or error needs backport to 3.8 needs backport to 3.9 labels Jul 10, 2020
@tiran tiran requested a review from hynek Jul 10, 2020
@tiran
Copy link
Member Author

tiran commented Jul 10, 2020

CC @adelton, @wrabcak

@adelton
Copy link

adelton commented Jul 10, 2020
edited

I am not sure I'm fond of silently ignoring errors -- that can have security implications since the result might not be as expected.
I'd rather see an approach where the operation (copying specific extended attributes) is not attempted at all in situations or environments where it is not supported or not expected to work. That way after copystat that passed you'd know that things are in expected shape. If you ignore the errors, in case of SELinux labels you will likely still get AVC denials on the host, so the result will be even more confusing.

@Tubbles
Copy link

Tubbles commented Feb 25, 2022

Also fixes https://bugs.python.org/issue38633

@ambv
Copy link
Contributor

ambv commented May 17, 2022

This missed the boat for inclusion in Python 3.9 which accepts security fixes only as of today.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hynek hynek

Assignees
No one assigned
Labels
awaiting core review type-bug An unexpected behavior, bug, or error
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@tiran @adelton @Tubbles @ambv @the-knights-who-say-ni @ezio-melotti @bedevere-bot