Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

improve acl_get / acl_set error handling (1.4-maint) #8125

Merged
merged 15 commits into from Mar 30, 2024
Merged

improve acl_get / acl_set error handling (1.4-maint) #8125

merged 15 commits into from Mar 30, 2024
+192 −98

Conversation

ThomasWaldmann
Copy link
Member

@ThomasWaldmann ThomasWaldmann commented Feb 24, 2024
edited

This definitely will need some review and practical testing.

Fixes #4049.
Fixes #8139.

@codecov-commenter
Copy link

codecov-commenter commented Feb 24, 2024
edited

Codecov Report

Attention: Patch coverage is 50.00000% with 5 lines in your changes are missing coverage. Please review.

Project coverage is 82.84%. Comparing base (3647426) to head (7ba843b).
Report is 16 commits behind head on 1.4-maint.

Files Patch % Lines
src/borg/archive.py 50.00% 4 Missing and 1 partial ⚠️

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@              Coverage Diff              @@
##           1.4-maint    #8125      +/-   ##
=============================================
+ Coverage      82.61%   82.84%   +0.23%     
=============================================
  Files             38       38              
  Lines          10973    10981       +8     
  Branches        2100     2102       +2     
=============================================
+ Hits            9065     9097      +32     
+ Misses          1345     1326      -19     
+ Partials         563      558       -5

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@ThomasWaldmann ThomasWaldmann mentioned this pull request Feb 25, 2024
Closed
@borgbackup borgbackup deleted a comment from m3nu Mar 2, 2024
@borgbackup borgbackup deleted a comment from m3nu Mar 2, 2024
@ThomasWaldmann ThomasWaldmann force-pushed the acl-error-handling-1.4 branch 2 times, most recently from 6fc86db to 49539a4 Compare March 3, 2024 14:08
@ThomasWaldmann ThomasWaldmann force-pushed the acl-error-handling-1.4 branch 4 times, most recently from 86c1bf2 to be8e9b7 Compare March 16, 2024 14:38
@ThomasWaldmann
improve acl_get / acl_set error handling, see borgbackup#4049
d4a83ed
@ThomasWaldmann
raise OSError if acl_to_text / acl_from_text returns NULL
2c53a63 
Also did a small structural refactors there.
@ThomasWaldmann
improve are_acls_working function
926b5a6 
- ACLs are not working, if ENOTSUP ("Operation not supported") happens
- fix check for macOS
  On macOS borg uses "acl_extended", not "acl_access" and
  also the ACL text format is a bit different.
@ThomasWaldmann
platform tests: misc. minor cleanups
d870c58 
- remove unused global / import
- use is_linux and is_darwin
- rename darwin acl test method
@ThomasWaldmann ThomasWaldmann marked this pull request as ready for review March 17, 2024 17:16
@ThomasWaldmann
create/extract: ignore OSError if ACLs are not supported (ENOTSUP)
33f1ba6 
but do not silence other OSErrors.
@ThomasWaldmann
Linux: acl_get: raise OSError for errors in acl_extended_* call
519e3eb 
Previously, these conditions were handled the same (just return):
- no extended acl here
- some error happened (e.g. ACLs unsupported, bad file descriptor, file not found, permission error, ...)

Now there will be OSErrors for the error cases.
@ThomasWaldmann
Linux: acl_get: use "nofollow" variant of acl_extended_file call
17e3cee 
This is NOT a bug fix, because the previous code contained a
check for symlinks before that line - because symlinks can not
have ACLs under Linux.

Now, this "is it a symlink" check is removed to simplify the
code and the "nofollow" variant of acl_extended_file* is used
to look at the symlink fs object (in the symlink case).

It then should tell us that this does NOT have an extended ACL
(because symlinks can't have ACLs) and so we return there.

Overall the code gets simpler and looks less suspect.
@ThomasWaldmann
Linux: acl_set bug fix: always fsencode path
6ad1ad6 
We use path when raising OSErrors, even if we have an fd.
@ThomasWaldmann
FreeBSD: acl_get: add an acl_extended_* call
9d638e8 
... to implement same semantics as on linux (only store ACL
if it defines permissions other than those defined by the
traditional file permissions).

Looks like there is no call working with an fd on FreeBSD.
@ThomasWaldmann
FreeBSD: acl_get: raise OSError if lpathconf fails
f8e8608 
Previously:
- acl_get just returned for lpathconf returning EINVAL
- acl_get silently ignored all other lpathconf errors and
  implied it is not a NFS4 acl

Now:
- not sure why the EINVAL silent return was done, but it seems
  wrong. guess it could be the system not implementing a check
  for nfs4. but in that case guess we still would like to get
  the default and access ACL!? Thus, I removed the silent return.
- raise OSError for all lpathconf errors

Cosmetic: add a nfs4_acl boolean, so the code reads better.
@ThomasWaldmann
FreeBSD: added tests, only get default ACL from dirs
b060790
@ThomasWaldmann
FreeBSD: simplify numeric_ids check
47e291e
@ThomasWaldmann
FreeBSD: check first if kind of ACL can be set on a file
b45f572
@ThomasWaldmann
Linux: acl tests: move ACCESS_ACL and DEFAULT_ACL constants
54c7da3 
They are only used at one place, move them there rather than having globals.
@ThomasWaldmann
Linux: refactor acl_get
7ba843b
@ThomasWaldmann ThomasWaldmann changed the title improve acl_get / acl_set error handling, fixes #4049 improve acl_get / acl_set error handling (1.4-maint) Mar 17, 2024
@ThomasWaldmann
Copy link
Member Author

OK, looks like nobody wants to review this, so we'll test it as is in next beta...

@ThomasWaldmann ThomasWaldmann merged commit 5ad7364 into borgbackup:1.4-maint Mar 30, 2024
10 checks passed
@ThomasWaldmann ThomasWaldmann deleted the acl-error-handling-1.4 branch March 30, 2024 16:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
help wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ThomasWaldmann @codecov-commenter