From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [RFC proxmox-backup 2/2] pxar: extract: make invalid ACLs non-fatal
Date: Tue, 8 Oct 2024 10:33:55 +0200 [thread overview]
Message-ID: <20241008083355.181031-2-f.gruenbichler@proxmox.com> (raw)
In-Reply-To: <20241008083355.181031-1-f.gruenbichler@proxmox.com>
these can occur in practice, and neither setting nor getting them throws an
error. if "invalid" ACLs are non-restorable, this means that creating a pxar
archive with such an ACL is possible, but restoring it isn't.
reported in our community forum:
https://forum.proxmox.com/threads/155477
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
Notes:
we could also forbid creation of course, but since other tools might create
such ACLs, this would just reduce what we can backup in practice.. and
doesn't solve the issue for users that have such backups..
another alternative approach would be to detect and handle certain kinds of
invalidity, e.g., with multiple entries for a single uid/gid, we could drop all
but the most restrictive one, and require the resulting ACL to still pass `acl_valid`.
pbs-client/src/pxar/metadata.rs | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/pbs-client/src/pxar/metadata.rs b/pbs-client/src/pxar/metadata.rs
index 071547094..ad6332157 100644
--- a/pbs-client/src/pxar/metadata.rs
+++ b/pbs-client/src/pxar/metadata.rs
@@ -2,7 +2,7 @@ use std::ffi::{CStr, CString};
use std::os::unix::io::{AsRawFd, RawFd};
use std::path::Path;
-use anyhow::{anyhow, bail, Context, Error};
+use anyhow::{anyhow, Context, Error};
use nix::errno::Errno;
use nix::fcntl::OFlag;
use nix::sys::stat::Mode;
@@ -300,7 +300,7 @@ fn apply_acls(
}
if !acl.is_valid() {
- bail!("Error while restoring ACL - ACL invalid");
+ log::warn!("Warning: {path_info:?} - ACL invalid, attempting restore anyway..");
}
acl.set_file(c_proc_path, acl::ACL_TYPE_ACCESS)?;
@@ -329,7 +329,7 @@ fn apply_acls(
}
if !acl.is_valid() {
- bail!("Error while restoring ACL - ACL invalid");
+ log::warn!("Warning: {path_info:?} - ACL invalid, attempting restore anyway..");
}
acl.set_file(c_proc_path, acl::ACL_TYPE_DEFAULT)?;
--
2.39.5
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
next prev parent reply other threads:[~2024-10-08 8:33 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-08 8:33 [pbs-devel] [PATCH proxmox-backup 1/2] pxar: add file name to path_info when applying metadata Fabian Grünbichler
2024-10-08 8:33 ` Fabian Grünbichler [this message]
2024-10-10 14:53 ` [pbs-devel] [RFC proxmox-backup 2/2] pxar: extract: make invalid ACLs non-fatal Gabriel Goller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241008083355.181031-2-f.gruenbichler@proxmox.com \
--to=f.gruenbichler@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox