From: Mira Limbeck <m.limbeck@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH v4 proxmox] Add tempfile() helper function
Date: Fri, 14 Aug 2020 17:01:06 +0200 [thread overview]
Message-ID: <20200814150107.7425-1-m.limbeck@proxmox.com> (raw)
The tempfile() helper function tries to create a temporary file in /tmp
with the O_TMPFILE option. If that fails it falls back to using
mkstemp(). This happens in /tmp/proxmox-<UID> which is either created,
or if it already exists, checked for the right owner and permissions.
As O_TMPFILE was introduced in kernel 3.11 this fallback can help with
CentOS 7 and its 3.10 kernel as well as with WSL (Windows Subsystem for
Linux).
Signed-off-by: Mira Limbeck <m.limbeck@proxmox.com>
---
v4:
- changed directory from proxmox-backup-<UID> to proxmox-<UID>
- added check for owner and permissions
v3:
- O_TMPFILE support is tested on first run of tempfile()
- EISDIR is handled specifically to test for O_TMPFILE support
- AtomicBool is used as it provides a safe interface, but 'static mut'
could also be used
- mkstemp() now creates the tempfile in a subdirectory called
proxmox-backup-<UID>
proxmox/src/tools/fs.rs | 77 +++++++++++++++++++++++++++++++++++++++--
1 file changed, 75 insertions(+), 2 deletions(-)
diff --git a/proxmox/src/tools/fs.rs b/proxmox/src/tools/fs.rs
index b1a95b5..7e13ede 100644
--- a/proxmox/src/tools/fs.rs
+++ b/proxmox/src/tools/fs.rs
@@ -1,17 +1,20 @@
//! File related utilities such as `replace_file`.
use std::ffi::CStr;
-use std::fs::{File, OpenOptions};
+use std::fs::{DirBuilder, File, OpenOptions};
use std::io::{self, BufRead, BufReader, Write};
+use std::os::unix::fs::{DirBuilderExt, MetadataExt, OpenOptionsExt, PermissionsExt};
use std::os::unix::io::{AsRawFd, FromRawFd, RawFd};
use std::path::Path;
+use std::sync::atomic::{AtomicBool, Ordering};
use std::time::Duration;
use anyhow::{bail, format_err, Error};
+use lazy_static::lazy_static;
use nix::errno::Errno;
use nix::fcntl::OFlag;
use nix::sys::stat;
-use nix::unistd::{self, Gid, Uid};
+use nix::unistd::{self, geteuid, mkstemp, unlink, Gid, Uid};
use serde_json::Value;
use crate::sys::error::SysResult;
@@ -518,3 +521,73 @@ pub fn open_file_locked<P: AsRef<Path>>(path: P, timeout: Duration) -> Result<Fi
Err(err) => bail!("Unable to acquire lock {:?} - {}", path, err),
}
}
+
+static O_TMPFILE_SUPPORT: AtomicBool = AtomicBool::new(true);
+lazy_static! {
+ static ref MKSTEMP_PATH: String = {
+ let uid = geteuid();
+ format!("/tmp/proxmox-{}", uid)
+ };
+ static ref MKSTEMP_FILE: String = { format!("{}/tmpfile_XXXXXX", MKSTEMP_PATH.as_str()) };
+}
+
+/// Create a new tempfile by using O_TMPFILE with a fallback to mkstemp() if it fails (e.g. not supported).
+pub fn tempfile() -> Result<File, Error> {
+ if O_TMPFILE_SUPPORT.load(Ordering::Relaxed) {
+ match std::fs::OpenOptions::new()
+ .write(true)
+ .read(true)
+ .custom_flags(libc::O_TMPFILE)
+ .open("/tmp")
+ {
+ Ok(file) => return Ok(file),
+ Err(err) => {
+ let raw_os_error = match err.raw_os_error() {
+ Some(v) => v,
+ None => -1,
+ };
+ if raw_os_error == 21 {
+ O_TMPFILE_SUPPORT.store(false, Ordering::Relaxed);
+ eprintln!(
+ "Error creating tempfile: 'EISDIR', falling back to mkstemp() instead",
+ );
+ } else {
+ bail!("creating tempfile failed: '{}'", err);
+ }
+ }
+ }
+ }
+
+ match DirBuilder::new().mode(0o700).create(MKSTEMP_PATH.as_str()) {
+ Err(err) => {
+ if err.kind() != std::io::ErrorKind::AlreadyExists {
+ bail!("creating directory failed: '{}'", MKSTEMP_PATH.as_str());
+ } else {
+ // check owner
+ let metadata = std::fs::metadata(MKSTEMP_PATH.as_str())?;
+ if metadata.uid() != geteuid().as_raw() {
+ bail!(
+ "directory '{}' has wrong owner: {}",
+ MKSTEMP_PATH.as_str(),
+ metadata.uid()
+ );
+ }
+
+ // check permissions
+ let perm = metadata.permissions();
+ if (perm.mode() & 0o077) != 0 {
+ bail!(
+ "directory '{}' already exists with wrong permissions: {:o}",
+ MKSTEMP_PATH.as_str(),
+ perm.mode() & 0o777
+ );
+ }
+ }
+ }
+ _ => {}
+ }
+ let (fd, path) = mkstemp(MKSTEMP_FILE.as_str())?;
+ unlink(path.as_path())?;
+ let file = unsafe { File::from_raw_fd(fd) };
+ Ok(file)
+}
--
2.20.1
next reply other threads:[~2020-08-14 15:01 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-14 15:01 Mira Limbeck [this message]
2020-08-14 15:01 ` [pbs-devel] [PATCH v4 proxmox-backup] Replace all occurences of open() with O_TMPFILE Mira Limbeck
2020-08-17 7:41 ` [pbs-devel] [PATCH v4 proxmox] Add tempfile() helper function Wolfgang Bumiller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200814150107.7425-1-m.limbeck@proxmox.com \
--to=m.limbeck@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox