[pbs-devel] [PATCH proxmox-backup 2/3] skip xattr/acl/ownership options
Markus Frank
m.frank at proxmox.com
Tue Aug 16 11:19:28 CEST 2022
added cases to skip xattr/acl/ownership if the flags are not set.
Also added WITH_PERMISSIONS to Default-Flags, because otherwise it
would be needed to activly set it and most filesystems that support
XATTR and ACL also support POSIX-Permissions.
Signed-off-by: Markus Frank <m.frank at proxmox.com>
---
pbs-client/src/pxar/flags.rs | 1 +
pbs-client/src/pxar/metadata.rs | 48 +++++++++++++++++++++------------
2 files changed, 32 insertions(+), 17 deletions(-)
diff --git a/pbs-client/src/pxar/flags.rs b/pbs-client/src/pxar/flags.rs
index d46c8af3..938d0c57 100644
--- a/pbs-client/src/pxar/flags.rs
+++ b/pbs-client/src/pxar/flags.rs
@@ -135,6 +135,7 @@ bitflags! {
Flags::WITH_FLAG_PROJINHERIT.bits() |
Flags::WITH_SUBVOLUME.bits() |
Flags::WITH_SUBVOLUME_RO.bits() |
+ Flags::WITH_PERMISSIONS.bits() |
Flags::WITH_XATTRS.bits() |
Flags::WITH_ACL.bits() |
Flags::WITH_SELINUX.bits() |
diff --git a/pbs-client/src/pxar/metadata.rs b/pbs-client/src/pxar/metadata.rs
index 22bc5f9d..3195fb03 100644
--- a/pbs-client/src/pxar/metadata.rs
+++ b/pbs-client/src/pxar/metadata.rs
@@ -100,27 +100,17 @@ pub fn apply(
on_error: &mut (dyn FnMut(Error) -> Result<(), Error> + Send),
) -> Result<(), Error> {
let c_proc_path = CString::new(format!("/proc/self/fd/{}", fd)).unwrap();
+ apply_ownership(flags, c_proc_path.as_ptr(), metadata, &mut *on_error)?;
- unsafe {
- // UID and GID first, as this fails if we lose access anyway.
- c_result!(libc::chown(
- c_proc_path.as_ptr(),
- metadata.stat.uid,
- metadata.stat.gid
- ))
- .map(drop)
- .or_else(allow_notsupp)
- .map_err(|err| format_err!("failed to set ownership: {}", err))
- .or_else(&mut *on_error)?;
- }
-
- let mut skip_xattrs = false;
+ let mut skip_xattrs = !flags.contains(Flags::WITH_XATTRS);
apply_xattrs(flags, c_proc_path.as_ptr(), metadata, &mut skip_xattrs)
.or_else(&mut *on_error)?;
add_fcaps(flags, c_proc_path.as_ptr(), metadata, &mut skip_xattrs).or_else(&mut *on_error)?;
- apply_acls(flags, &c_proc_path, metadata, path_info)
- .map_err(|err| format_err!("failed to apply acls: {}", err))
- .or_else(&mut *on_error)?;
+ if flags.contains(Flags::WITH_ACL) {
+ apply_acls(flags, &c_proc_path, metadata, path_info)
+ .map_err(|err| format_err!("failed to apply acls: {}", err))
+ .or_else(&mut *on_error)?;
+ }
apply_quota_project_id(flags, fd, metadata).or_else(&mut *on_error)?;
// Finally mode and time. We may lose access with mode, but the changing the mode also
@@ -162,6 +152,30 @@ pub fn apply(
Ok(())
}
+pub fn apply_ownership(
+ flags: Flags,
+ c_proc_path: *const libc::c_char,
+ metadata: &Metadata,
+ on_error: &mut (dyn FnMut(Error) -> Result<(), Error> + Send),
+) -> Result<(), Error> {
+ if !flags.contains(Flags::WITH_PERMISSIONS) {
+ return Ok(());
+ }
+ unsafe {
+ // UID and GID first, as this fails if we lose access anyway.
+ c_result!(libc::chown(
+ c_proc_path,
+ metadata.stat.uid,
+ metadata.stat.gid
+ ))
+ .map(drop)
+ .or_else(allow_notsupp)
+ .map_err(|err| format_err!("failed to set ownership: {}", err))
+ .or_else(&mut *on_error)?;
+ }
+ Ok(())
+}
+
fn add_fcaps(
flags: Flags,
c_proc_path: *const libc::c_char,
--
2.30.2
More information about the pbs-devel
mailing list