From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 1B1FA1FF38C for ; Thu, 16 May 2024 12:15:43 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id B2A5D34A33; Thu, 16 May 2024 12:15:55 +0200 (CEST) Date: Thu, 16 May 2024 12:15:18 +0200 From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= To: Proxmox Backup Server development discussion References: <20240510095836.108283-1-g.goller@proxmox.com> In-Reply-To: <20240510095836.108283-1-g.goller@proxmox.com> MIME-Version: 1.0 User-Agent: astroid/0.16.0 (https://github.com/astroidmail/astroid) Message-Id: <1715854228.w2ulz6r4kh.astroid@yuna.none> X-SPAM-LEVEL: Spam detection results: 0 AWL 0.054 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pbs-devel] [PATCH proxmox-backup] fix #5439: disallow creation of datastore in root X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" On May 10, 2024 11:58 am, Gabriel Goller wrote: > Creating a datastore in root ('/') works, but afterwards gc fails (can't > traverse all directories). It might be sensible to restrict this and > disallow creation of datastores in the root directory. if we do this, we should also forbid it on the frontend side ;) I wonder whether we shouldn't handle this in a more generic fashion though: - disallow path being non-empty (ignoring .zfs ?) -> `/` is not allowed by default - unless a flag is set -> in case we forget to handle something, we need an escape hatch - if the flag is set, check whether .chunks already exists, and if it does, do not recreate the chunk store that way, we could also solve the "re-add datastore after re-install" issue users are frequently facing.. obviously, even with that we can explicitly always forbid '/' (before or after implementing such a mechanism), since that one is always wrong. > Signed-off-by: Gabriel Goller > --- > src/api2/config/datastore.rs | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/src/api2/config/datastore.rs b/src/api2/config/datastore.rs > index 6b742acb..671f07e9 100644 > --- a/src/api2/config/datastore.rs > +++ b/src/api2/config/datastore.rs > @@ -1,7 +1,7 @@ > use std::path::PathBuf; > > use ::serde::{Deserialize, Serialize}; > -use anyhow::Error; > +use anyhow::{bail, Error}; > use hex::FromHex; > use serde_json::Value; > > @@ -74,6 +74,10 @@ pub(crate) fn do_create_datastore( > ) -> Result<(), Error> { > let path: PathBuf = datastore.path.clone().into(); > > + if path.parent().is_none() { > + bail!("cannot create datastore in root path"); > + } > + > let tuning: DatastoreTuning = serde_json::from_value( > DatastoreTuning::API_SCHEMA > .parse_property_string(datastore.tuning.as_deref().unwrap_or(""))?, > -- > 2.43.0 > > > > _______________________________________________ > pbs-devel mailing list > pbs-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel > > > _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel