[pbs-devel] [RFC proxmox-backup 2/2] pxar: extract: make invalid ACLs non-fatal
Gabriel Goller
g.goller at proxmox.com
Thu Oct 10 16:53:22 CEST 2024
On 08.10.2024 10:33, Fabian Grünbichler wrote:
>these can occur in practice, and neither setting nor getting them throws an
>error. if "invalid" ACLs are non-restorable, this means that creating a pxar
>archive with such an ACL is possible, but restoring it isn't.
>
>reported in our community forum:
>https://forum.proxmox.com/threads/155477
>
>Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
>---
>
>Notes:
> we could also forbid creation of course, but since other tools might create
> such ACLs, this would just reduce what we can backup in practice.. and
> doesn't solve the issue for users that have such backups..
If we go this way, then we could implement something like the
`--skip-e2big-xattr` option.
> another alternative approach would be to detect and handle certain kinds of
> invalidity, e.g., with multiple entries for a single uid/gid, we could drop all
> but the most restrictive one, and require the resulting ACL to still pass `acl_valid`.
We could make it quite 'correct' by also merging entries (when duplicate
user/groups appear) and add empty user/group/other entries if none are
existing [0].
But I don't think it's quite worth it tbh. This approach looks fine to
me.
> pbs-client/src/pxar/metadata.rs | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
Patch is trivial, but nonetheless consider:
Tested-by: Gabriel Goller <g.goller at proxmox.com>
[0]: https://man7.org/linux/man-pages/man3/acl_valid.3.html
More information about the pbs-devel
mailing list