From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: Proxmox Backup Server development discussion
<pbs-devel@lists.proxmox.com>
Subject: Re: [pbs-devel] [PATCH proxmox v2 1/2] sys: fs: set CLOEXEC when creating temp files
Date: Mon, 02 Dec 2024 15:02:11 +0100 [thread overview]
Message-ID: <1733148120.6mkpgsmmoj.astroid@yuna.none> (raw)
In-Reply-To: <20241129142801.3334969-1-d.csapak@proxmox.com>
Reviewed-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
On November 29, 2024 3:28 pm, Dominik Csapak wrote:
> In general we want all open files to have set CLOEXEC since our
> reloading mechanism can basically fork at any moment and we don't want
> newer daemons to carry around old file descriptors, especially lock
> files.
>
> Since `make_tmp_file` is called by many things (e.g. open_file_locked,
> logrotate, rrd), set O_CLOEXEC with mkostemp.
>
> This fixes issues with leftover file descriptors e.g. tape backups not
> working because of lingering locks after a reload, or having deleted
> rrd files open.
>
> Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
> ---
> changes from v1:
> * introduce mkostemp helper which is similar to nix's mkstemp helper
> (the code is a copy of mkstemp aside from the call to libcmkostemp +
> the oflag handling)
>
> I did it this way, since we may be able to upstream this, have
> to look more closer at this though.
>
> proxmox-sys/src/fs/file.rs | 25 ++++++++++++++++++++++++-
> 1 file changed, 24 insertions(+), 1 deletion(-)
>
> diff --git a/proxmox-sys/src/fs/file.rs b/proxmox-sys/src/fs/file.rs
> index fbfc0b58..74b9e74e 100644
> --- a/proxmox-sys/src/fs/file.rs
> +++ b/proxmox-sys/src/fs/file.rs
> @@ -116,6 +116,29 @@ pub fn file_read_firstline<P: AsRef<Path>>(path: P) -> Result<String, Error> {
> read_firstline(path).map_err(|err| format_err!("unable to read {path:?} - {err}"))
> }
>
> +#[inline]
> +/// Creates a tmpfile like [`nix::unistd::mkstemp`], but with [`nix::fctnl::Oflag`] set.
> +///
> +/// Note that some flags are masked out since they can produce an error, see mkostemp(2) for details.
> +// code is mostly copied from nix mkstemp
> +fn mkostemp<P: ?Sized + NixPath>(
> + template: &P,
> + oflag: OFlag,
> +) -> nix::Result<(std::os::fd::RawFd, PathBuf)> {
> + use std::os::unix::ffi::OsStringExt;
> + let mut path = template.with_nix_path(|path| path.to_bytes_with_nul().to_owned())?;
> + let p = path.as_mut_ptr().cast();
> +
> + let flags = OFlag::intersection(OFlag::O_APPEND | OFlag::O_CLOEXEC | OFlag::O_SYNC, oflag);
> +
> + let fd = unsafe { libc::mkostemp(p, flags.bits()) };
> + let last = path.pop(); // drop the trailing nul
> + debug_assert!(last == Some(b'\0'));
> + let pathname = std::ffi::OsString::from_vec(path);
> + Errno::result(fd)?;
> + Ok((fd, PathBuf::from(pathname)))
> +}
> +
> /// Takes a Path and CreateOptions, creates a tmpfile from it and returns
> /// a RawFd and PathBuf for it
> pub fn make_tmp_file<P: AsRef<Path>>(
> @@ -127,7 +150,7 @@ pub fn make_tmp_file<P: AsRef<Path>>(
> // use mkstemp here, because it works with different processes, threads, even tokio tasks
> let mut template = path.to_owned();
> template.set_extension("tmp_XXXXXX");
> - let (mut file, tmp_path) = match unistd::mkstemp(&template) {
> + let (mut file, tmp_path) = match mkostemp(&template, OFlag::O_CLOEXEC) {
> Ok((fd, path)) => (unsafe { File::from_raw_fd(fd) }, path),
> Err(err) => bail!("mkstemp {:?} failed: {}", template, err),
> };
> --
> 2.39.5
>
>
>
> _______________________________________________
> pbs-devel mailing list
> pbs-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
>
>
>
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
next prev parent reply other threads:[~2024-12-02 14:02 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-29 14:28 Dominik Csapak
2024-11-29 14:28 ` [pbs-devel] [PATCH proxmox v2 2/2] sys: open directories with O_CLOEXEC Dominik Csapak
2024-12-02 14:01 ` Fabian Grünbichler
2024-12-02 14:55 ` Dominik Csapak
2024-12-02 15:03 ` Fabian Grünbichler
2024-12-02 14:02 ` Fabian Grünbichler [this message]
2024-12-02 16:07 ` [pbs-devel] applied: [PATCH proxmox v2 1/2] sys: fs: set CLOEXEC when creating temp files Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1733148120.6mkpgsmmoj.astroid@yuna.none \
--to=f.gruenbichler@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox