Re: RFC: baseline requirements for Ubuntu rootfs: xattrs and fscaps

On Thu, Aug 02, 2018 at 01:29:26PM -0700, Kees Cook wrote:
> > > > - Users who are unpacking root tarballs need to take care to pass
> > > > --xattrs-include=* to tar.
> > > > - Users who are backing up or streaming Ubuntu root filesystems with tar or
> > > > rsync will need to take care to pass non-default xattr-preserving options
> > > > (tar --xattrs; rsync -X).

> > > How about making these default-enabled? Hoping people will remember seems
> > > fragile.

> > I think that's appropriate to pursue with the upstream, but that we should
> > still socialize the recommendation to use the options explicitly for
> > portability.

> While I agree about pursuing it with upstreams, I don't agree about just
> leaving this to documentation/luck. The problem is distro-specific (i.e.
> the packages built and the root filesystem being used), so I think it's
> fair to make the tools involved in that distro DTRT by default when it
> comes to xattrs. (Everything else is expected to work together correctly,
> why not the tools too?)

I don't think this is an either-or proposition. I think we need to document
it because existing tooling doesn't DTRT by default, and I think we need to
work with upstream to get the defaults changed (upstream, because we can't
assume that our users are using Ubuntu's tar binary when unpacking Ubuntu
root tarballs).

I've filed two bugs in launchpad for this on the respective packages.

