I am moving from encfs to gocryptfs. Today I realized that gocryptfs has issues with extended attributes although the changelog for v1.5, 2018-06-12 says that it supports extended attributes (https://github.com/rfjakob/gocryptfs#changelog)

rsync is throwing the following error when syncing with -X option to a gocryptfs directory:

rsync: rsync_xal_set: lsetxattr("/tmp/aaa/etc/udisks2","trusted.overlay.opaque") failed: Operation not supported (95)
rsync: rsync_xal_set: lsetxattr("/tmp/aaa/etc/xdg","trusted.overlay.origin") failed: Operation not supported (95)

withouth -X the rsync is fine.

...and it does not support ACLs as well. With rsync option -A I get:

rsync: set_acl: sys_acl_set_file(var/log/journal/0505cdc13f324759b3680580649550fd/.system.journal.N18prd, ACL_TYPE_ACCESS): Operation not supported (95)

encfs did support all this. This comes as a real surprise.

Hi, thanks for the report. I was honestly not aware that gocryptfs is still missing features compared to encfs.

Wrong button, reopening, sorry

Up to now, only user xattrs were allowed, but there is really no technical reason for this. I have dropped the restriction in ca9e912 , and ACLs seem to work fine now.

For future reference: encfs does not seem to encrypt xattrs, but passes them through as-is.

encfs-mnt$ getfattr -d -m . x
# file: x
security.selinux="system_u:object_r:fusefs_t:s0"
system.posix_acl_access=0sAgAAAAEABgD/////AgAHAAIAAAAEAAQA/////xAABwD/////IAAEAP////8=
user.foo="xxxxxxxxxxxxxxxxxxxxxxxxx"

encfs-cipher$ getfattr -d -m . 23hwMMldZeMJ2BsuFtJ1Ucsd 
# file: 23hwMMldZeMJ2BsuFtJ1Ucsd
security.selinux="unconfined_u:object_r:user_tmp_t:s0"
system.posix_acl_access=0sAgAAAAEABgD/////AgAHAAIAAAAEAAQA/////xAABwD/////IAAEAP////8=
user.foo="xxxxxxxxxxxxxxxxxxxxxxxxx"