From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 084578AA7D for ; Fri, 19 Aug 2022 12:49:02 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 04F67195AB for ; Fri, 19 Aug 2022 12:49:02 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Fri, 19 Aug 2022 12:49:00 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 1A9D040984 for ; Fri, 19 Aug 2022 12:49:00 +0200 (CEST) From: Markus Frank To: pbs-devel@lists.proxmox.com Date: Fri, 19 Aug 2022 12:48:47 +0200 Message-Id: <20220819104848.58076-3-m.frank@proxmox.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220819104848.58076-1-m.frank@proxmox.com> References: <20220819104848.58076-1-m.frank@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.061 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [flags.rs, metadata.rs] Subject: [pbs-devel] [PATCH proxmox-backup v3 2/3] pbs-client: added options to skip acls/xattrs/ownership/permissions X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Aug 2022 10:49:02 -0000 Also added WITH_OWNER and WITH_PERMISSION to Default-Flags, because otherwise it would be needed to activly set these flags and most filesystems that support XATTR and ACL also support POSIX-Permissions & Ownership. Signed-off-by: Markus Frank --- v2: * created new WITH_OWNER Flag and use WITH_PERMISSIONS for skipping chmod * removed redundant if pbs-client/src/pxar/flags.rs | 6 +++++ pbs-client/src/pxar/metadata.rs | 40 +++++++++++++++++++++------------ 2 files changed, 32 insertions(+), 14 deletions(-) diff --git a/pbs-client/src/pxar/flags.rs b/pbs-client/src/pxar/flags.rs index d46c8af3..b3280de7 100644 --- a/pbs-client/src/pxar/flags.rs +++ b/pbs-client/src/pxar/flags.rs @@ -71,6 +71,9 @@ bitflags! { /// Preserve XFS/ext4/ZFS project quota ID const WITH_QUOTA_PROJID = 0x0001_0000_0000; + /// UNIX OWNERSHIP + const WITH_OWNER = 0x0002_0000_0000; + /// Support ".pxarexclude" files const EXCLUDE_FILE = 0x1000_0000_0000_0000; /// Exclude submounts @@ -105,6 +108,7 @@ bitflags! { Flags::WITH_2SEC_TIME.bits() | Flags::WITH_READ_ONLY.bits() | Flags::WITH_PERMISSIONS.bits() | + Flags::WITH_OWNER.bits() | Flags::WITH_SYMLINKS.bits() | Flags::WITH_DEVICE_NODES.bits() | Flags::WITH_FIFOS.bits() | @@ -135,6 +139,8 @@ bitflags! { Flags::WITH_FLAG_PROJINHERIT.bits() | Flags::WITH_SUBVOLUME.bits() | Flags::WITH_SUBVOLUME_RO.bits() | + Flags::WITH_PERMISSIONS.bits() | + Flags::WITH_OWNER.bits() | Flags::WITH_XATTRS.bits() | Flags::WITH_ACL.bits() | Flags::WITH_SELINUX.bits() | diff --git a/pbs-client/src/pxar/metadata.rs b/pbs-client/src/pxar/metadata.rs index 22bc5f9d..be1911a7 100644 --- a/pbs-client/src/pxar/metadata.rs +++ b/pbs-client/src/pxar/metadata.rs @@ -100,19 +100,7 @@ pub fn apply( on_error: &mut (dyn FnMut(Error) -> Result<(), Error> + Send), ) -> Result<(), Error> { let c_proc_path = CString::new(format!("/proc/self/fd/{}", fd)).unwrap(); - - unsafe { - // UID and GID first, as this fails if we lose access anyway. - c_result!(libc::chown( - c_proc_path.as_ptr(), - metadata.stat.uid, - metadata.stat.gid - )) - .map(drop) - .or_else(allow_notsupp) - .map_err(|err| format_err!("failed to set ownership: {}", err)) - .or_else(&mut *on_error)?; - } + apply_ownership(flags, c_proc_path.as_ptr(), metadata, &mut *on_error)?; let mut skip_xattrs = false; apply_xattrs(flags, c_proc_path.as_ptr(), metadata, &mut skip_xattrs) @@ -125,7 +113,7 @@ pub fn apply( // Finally mode and time. We may lose access with mode, but the changing the mode also // affects times. - if !metadata.is_symlink() { + if !metadata.is_symlink() && flags.contains(Flags::WITH_PERMISSIONS) { c_result!(unsafe { libc::chmod(c_proc_path.as_ptr(), perms_from_metadata(metadata)?.bits()) }) @@ -162,6 +150,30 @@ pub fn apply( Ok(()) } +pub fn apply_ownership( + flags: Flags, + c_proc_path: *const libc::c_char, + metadata: &Metadata, + on_error: &mut (dyn FnMut(Error) -> Result<(), Error> + Send), +) -> Result<(), Error> { + if !flags.contains(Flags::WITH_OWNER) { + return Ok(()); + } + unsafe { + // UID and GID first, as this fails if we lose access anyway. + c_result!(libc::chown( + c_proc_path, + metadata.stat.uid, + metadata.stat.gid + )) + .map(drop) + .or_else(allow_notsupp) + .map_err(|err| format_err!("failed to set ownership: {}", err)) + .or_else(&mut *on_error)?; + } + Ok(()) +} + fn add_fcaps( flags: Flags, c_proc_path: *const libc::c_char, -- 2.30.2