error reading extended attribute "user.security.selinux"

NomadCF

Active Member
Dec 20, 2017
29
1
43
43
On a few of our Promox (8.1.3) servers we're getting the following PBS backup client errors when trying to backup flat files.

Server Spec:
* Proxmox 8.1.3
* zfs-2.2.2-pve1
* zfs-kmod-2.2.2-pve1
* raidz2, all drive are clean, 3x scrubs have been run and come back clean, smart data is also clean.

We've also deleted the files can recopied them and still we get the following error.

Code:
 error reading extended attribute "user.security.selinux"
 
Hi!
could you please show me the zfs config for xattrs? For example with `zfs get xattr`.
You can also try using `getfattr` [0] (from the `attr` package) to get the xattrs from the file like this:
`getfattr- d <file-name>`.
So we will check if 1) xattrs is enabled on your zfs dataset, and 2) the attributes are somehow not too big (more than the 64kB limit).

[0]: https://www.man7.org/linux/man-pages/man1/getfattr.1.html
 
Sure, this only started after we upgraded the proxmox servers.

Code:
storage                                                 xattr     on     default
storage/backups                                         xattr     sa     local
storage/backups/backup3                                 xattr     sa     inherited from storage/backups


Code:
getfattr -d /storage/backups/backup3/servers/bhs1/home/bhs/bhs1/shared/Staff/World\ Language\ Audio\ for\ Tests\ May\ 2016-/T\'es\ branche\ Teacher\ Resources\ 2016/Level\ 1\ -\ T\'es\ branche\ Teacher\ Resources\ 2016/AUTORUN.INF  | tee > /tmp/file.txt
getfattr: Removing leading '/' from absolute path names
/storage/backups/backup3/servers/bhs1/home/bhs/bhs1/shared/Staff/World Language Audio for Tests May 2016-/T'es branche Teacher Resources 2016/Level 1 - T'es branche Teacher Resources 2016/AUTORUN.INF: user.security.selinux: Invalid argument


PS. It would be useful to have a continue on error option with a warnings (etc). This was the other files could still be backed up.
 
Hi!
turns out `user.security.selinux` is a perfectly valid xattr in linux, but not in zfs! (isn't this fun?)
The kernel strips the `user.` away and calls the user-xattr-handler in zfs (fs/xattr.c:424). zfs then checks if the xattr-name (without the prefix) is a valid name (module/os/linux/zfs/zpl_xattr.c:738). The name is not valid because it begins with "security.", which is somehow an invalid prefix.

> PS. It would be useful to have a continue on error option with a warnings (etc). This was the other files could still be backed up.
Working on this :)
 
Last edited:
  • Like
Reactions: ladymilch
Okay, so how do we move forward? This error or issue only (for us) comes up when using PBS backup client.
 
There is also this bug open in zfs: https://github.com/openzfs/zfs/issues/13823 (I'll try to have a look at it later, maybe we can fix it upstream)

In the meantime you could: copy the files into another folder and strip them from their xattrs (by using `cp --no-preserve=xattr` )
 
@ggoller, Thanks for the suggestion. But this bug has bad PBS unusable for us as any new rsync/zsync copies Just recreate this attribute. And we need to do preserve the original attributes with our copies.

This issue appears to exist in other backup utilities/applications, and with those the backup application was augmented to account for or ignore this error.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!