[pbs-devel] [RFC proxmox-backup 2/2] pxar: extract: make invalid ACLs non-fatal

Fabian Grünbichler f.gruenbichler at proxmox.com
Tue Oct 8 10:33:55 CEST 2024


these can occur in practice, and neither setting nor getting them throws an
error. if "invalid" ACLs are non-restorable, this means that creating a pxar
archive with such an ACL is possible, but restoring it isn't.

reported in our community forum:
https://forum.proxmox.com/threads/155477

Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---

Notes:
    we could also forbid creation of course, but since other tools might create
    such ACLs, this would just reduce what we can backup in practice.. and
    doesn't solve the issue for users that have such backups..
    
    another alternative approach would be to detect and handle certain kinds of
    invalidity, e.g., with multiple entries for a single uid/gid, we could drop all
    but the most restrictive one, and require the resulting ACL to still pass `acl_valid`.

 pbs-client/src/pxar/metadata.rs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pbs-client/src/pxar/metadata.rs b/pbs-client/src/pxar/metadata.rs
index 071547094..ad6332157 100644
--- a/pbs-client/src/pxar/metadata.rs
+++ b/pbs-client/src/pxar/metadata.rs
@@ -2,7 +2,7 @@ use std::ffi::{CStr, CString};
 use std::os::unix::io::{AsRawFd, RawFd};
 use std::path::Path;
 
-use anyhow::{anyhow, bail, Context, Error};
+use anyhow::{anyhow, Context, Error};
 use nix::errno::Errno;
 use nix::fcntl::OFlag;
 use nix::sys::stat::Mode;
@@ -300,7 +300,7 @@ fn apply_acls(
     }
 
     if !acl.is_valid() {
-        bail!("Error while restoring ACL - ACL invalid");
+        log::warn!("Warning: {path_info:?} - ACL invalid, attempting restore anyway..");
     }
 
     acl.set_file(c_proc_path, acl::ACL_TYPE_ACCESS)?;
@@ -329,7 +329,7 @@ fn apply_acls(
         }
 
         if !acl.is_valid() {
-            bail!("Error while restoring ACL - ACL invalid");
+            log::warn!("Warning: {path_info:?} - ACL invalid, attempting restore anyway..");
         }
 
         acl.set_file(c_proc_path, acl::ACL_TYPE_DEFAULT)?;
-- 
2.39.5





More information about the pbs-devel mailing list