'ACL issue with XFS as backing filesystem with overlay2 driver docker
Inside docker container, for few file paths, we are doing backup restore, since those file paths can not be taken as volumes. The failure file paths have ACL set as below:
setfacl -Rm u:user:rwx,u:new_user:rwx /opt/integrations/integrations/connectors/ssh/
setfacl -Rdm u:user:rwx,u:new_user:rwx /opt/integrations/integrations/connectors/ssh/
Before container stop, we take backup as below:
cd /opt/integrations/integrations/
tar -czf /data/ssh.tgz connectors/ssh
Note: /data is docker volume
On next container boot, we restore as below:
setfacl -Rm u:user:rwx,u:new_user:rwx /opt/integrations/integrations/connectors/ssh/
setfacl -Rdm u:user:rwx,u:new_user:rwx /opt/integrations/integrations/connectors/ssh/
tar -xvzf /data/ssh.tgz -C /opt/integrations/integrations/
Above tar extract result in below error:
connectors/ssh/
connectors/ssh/__pycache__/
connectors/ssh/__pycache__/builtins.cpython-36.pyc
tar: connectors/ssh/__pycache__/builtins.cpython-36.pyc: Cannot open: Invalid argument
connectors/ssh/__pycache__/connector.cpython-36.pyc
tar: connectors/ssh/__pycache__/connector.cpython-36.pyc: Cannot open: Invalid argument
connectors/ssh/builtins.py
tar: connectors/ssh/builtins.py: Cannot open: Invalid argument
connectors/ssh/connector.py
tar: connectors/ssh/connector.py: Cannot open: Invalid argument
connectors/ssh/images/
connectors/ssh/images/ssh_large.png
tar: connectors/ssh/images/ssh_large.png: Cannot open: Invalid argument
Note: Same operation works if backing filesystem for docker(/var/lib/docker) is ext4, but failing for XFS. Also it works for XFS if ACL is NOT set. i.e permission for user and new_user. But for legacy reasons, we need that ACL.
Setup details:
# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.8.1-docker)
scan: Docker Scan (Docker Inc., v0.17.0)
Server:
Containers: 4
Running: 1
Paused: 0
Stopped: 3
Images: 2
Server Version: 20.10.14
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 3df54a852345ae127d1fa3092b95168e4a88e2f8
runc version: v1.0.3-0-gf46b6ba
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-1062.12.1.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.638GiB
Name: myhost.localhost
ID: OCDH:DQ2A:NAVR:AHZQ:GJ23:MS55:CJNB:OL7V:O3GB:3NIC:DTSJ:5BB6
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
#
strace:
write(1, "connectors/ssh/connector."..., 35connectors/ssh/connector.py
) = 35
openat(4, "connectors/ssh/connector.py", O_WRONLY|O_CREAT|O_EXCL|O_NOCTTY|O_NONBLOCK|O_CLOEXEC, 0700) = -1 EEXIST (File exists)
unlinkat(4, "connectors/ssh/connector.py", 0) = 0
openat(4, "connectors/ssh/connector.py", O_WRONLY|O_CREAT|O_EXCL|O_NOCTTY|O_NONBLOCK|O_CLOEXEC, 0700) = -1 EINVAL (Invalid argument)
write(2, "tar: ", 5tar: ) = 5
write(2, "connectors/ssh/connector."..., 47connectors/ssh/connector.py: Cannot open) = 47
write(2, ": Invalid argument", 18: Invalid argument) = 18
write(2, "\n", 1
) = 1
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|