all lists on lists.proxmox.com
 help / color / mirror / Atom feed
From: Christian Ebner <c.ebner@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [PATCH proxmox-backup v2 5/5] fix #7642: avoid expensive user lookups on file locking
Date: Wed,  1 Jul 2026 11:46:42 +0200	[thread overview]
Message-ID: <20260701094642.23895-6-c.ebner@proxmox.com> (raw)
In-Reply-To: <20260701094642.23895-1-c.ebner@proxmox.com>

Currently each time a backup lock file is being acquired, the backup
user is looked in order to instantiate the create options used if the
lock file is not pre-existing, which requires knowledge of the uid
and gid. backup_user() internally however calls User::from_name(),
which itself uses getpwnam_r(3) [0] and therefore can involve
nsswitch.conf and /etc/passwd parsing, including several syscalls to
do so (see backtrace in linked issue).

Ideally proxmox_product_config::open_api_lockfile() would be used as
drop in replacement for open_backup_lockfile(), which is however not
possible until the currently required legacy locking fallback
implementation remains in place (to be dropped with PBS 5).
Therefore, only switch to
proxmox_product_config::lockfile_create_options() for the time being.
By this the api user as read on init is used for all file lock
operations using this helper.

[0] https://docs.rs/nix/0.29.0/nix/unistd/struct.User.html#method.from_name

Fixes: https://bugzilla.proxmox.com/show_bug.cgi?id=7642
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
---
 pbs-config/src/lib.rs | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/pbs-config/src/lib.rs b/pbs-config/src/lib.rs
index b9d5a4d20..73a8a87fa 100644
--- a/pbs-config/src/lib.rs
+++ b/pbs-config/src/lib.rs
@@ -4,6 +4,7 @@ use anyhow::{Error, bail, format_err};
 use hex::FromHex;
 use nix::unistd::{Gid, Group, Uid, User};
 
+use proxmox_product_config::lockfile_create_options;
 use proxmox_sys::fs::DirLockGuard;
 
 pub use pbs_buildcfg::{BACKUP_GROUP_NAME, BACKUP_USER_NAME};
@@ -106,11 +107,9 @@ pub fn open_backup_lockfile<P: AsRef<std::path::Path>>(
     timeout: Option<std::time::Duration>,
     exclusive: bool,
 ) -> Result<BackupLockGuard, Error> {
-    let user = backup_user()?;
-    let options = proxmox_sys::fs::CreateOptions::new()
-        .perm(nix::sys::stat::Mode::from_bits_truncate(0o660))
-        .owner(user.uid)
-        .group(user.gid);
+    // TODO: Replace whole helper with proxmox_product_config::open_api_lockfile() when
+    // dropping _legacy_dir in in PBS5.
+    let options = lockfile_create_options();
 
     let timeout = timeout.unwrap_or(std::time::Duration::new(10, 0));
 
-- 
2.47.3





  parent reply	other threads:[~2026-07-01  9:46 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-01  9:46 [PATCH proxmox-backup v2 0/5] fix 7642: avoid expensive uid/gid lookups for lock- and config-files Christian Ebner
2026-07-01  9:46 ` [PATCH proxmox-backup v2 1/5] bin: api: early init proxmox-product-config Christian Ebner
2026-07-01  9:46 ` [PATCH proxmox-backup v2 2/5] bin: daily update: refactor to use proxmox-product-config Christian Ebner
2026-07-01  9:46 ` [PATCH proxmox-backup v2 3/5] pbs-config: use proxmox-product-config::replace_secret_config() Christian Ebner
2026-07-01  9:46 ` [PATCH proxmox-backup v2 4/5] pbs-config: use proxmox-product-config::replace_config() Christian Ebner
2026-07-01  9:46 ` Christian Ebner [this message]
2026-07-01 14:06 ` superseded: [PATCH proxmox-backup v2 0/5] fix 7642: avoid expensive uid/gid lookups for lock- and config-files Christian Ebner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260701094642.23895-6-c.ebner@proxmox.com \
    --to=c.ebner@proxmox.com \
    --cc=pbs-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal