From ea8f3bd7e7ae4d46bd6830bc1301bcfd8854b121 Mon Sep 17 00:00:00 2001
From: Thomas Waldmann <tw@waldmann-edv.de>
Date: Fri, 28 Aug 2015 23:22:26 +0200
Subject: [PATCH 1/2] restore_xattrs: minor cleanup / simplification

if we use {} as default for item.get(), we do not need the "if" as iteration over an empty dict won't do anything.
also fixes too deep indentation the original code had.
---
 borg/archive.py | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/borg/archive.py b/borg/archive.py
index e214c7857..b2f14b668 100644
--- a/borg/archive.py
+++ b/borg/archive.py
@@ -323,14 +323,13 @@ class Archive:
             raise Exception('Unknown archive item type %r' % item[b'mode'])
 
     def restore_attrs(self, path, item, symlink=False, fd=None):
-        xattrs = item.get(b'xattrs')
-        if xattrs:
-                for k, v in xattrs.items():
-                    try:
-                        xattr.setxattr(fd or path, k, v, follow_symlinks=False)
-                    except OSError as e:
-                        if e.errno != errno.ENOTSUP:
-                            raise
+        xattrs = item.get(b'xattrs', {})
+        for k, v in xattrs.items():
+            try:
+                xattr.setxattr(fd or path, k, v, follow_symlinks=False)
+            except OSError as e:
+                if e.errno != errno.ENOTSUP:
+                    raise
         uid = gid = None
         if not self.numeric_owner:
             uid = user2uid(item[b'user'])

From 9ebc53ad77b1e7e728fe4bc474f617482e249cc2 Mon Sep 17 00:00:00 2001
From: Thomas Waldmann <tw@waldmann-edv.de>
Date: Sat, 29 Aug 2015 00:11:04 +0200
Subject: [PATCH 2/2] restore_xattrs: ignore if setxattr fails with EACCES, 
 fixes #162

e.g.:
- setting any security.* key is expected to fail with EACCES if one is not root.
- issue #162 on our issue tracker: user was root, but due to some specific scenario
  involving docker and selinux, setting security.selinux key fails even when running as root

not sure if it is the best solution to silently ignore this, but some lines below this change
failure to do a chown is also silently ignored (happens e.g. when restoring a file not owned
by the current user as a non-root user).
---
 borg/archive.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/borg/archive.py b/borg/archive.py
index b2f14b668..18867dbd9 100644
--- a/borg/archive.py
+++ b/borg/archive.py
@@ -328,7 +328,11 @@ class Archive:
             try:
                 xattr.setxattr(fd or path, k, v, follow_symlinks=False)
             except OSError as e:
-                if e.errno != errno.ENOTSUP:
+                if e.errno not in (errno.ENOTSUP, errno.EACCES, ):
+                    # only raise if the errno is not on our ignore list:
+                    # ENOTSUP == xattrs not supported here
+                    # EACCES == permission denied to set this specific xattr
+                    #           (this may happen related to security.* keys)
                     raise
         uid = gid = None
         if not self.numeric_owner: