From: Dominik Csapak <d.csapak@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox v2 1/2] sys: fs: set CLOEXEC when creating temp files
Date: Fri, 29 Nov 2024 15:28:00 +0100 [thread overview]
Message-ID: <20241129142801.3334969-1-d.csapak@proxmox.com> (raw)
In general we want all open files to have set CLOEXEC since our
reloading mechanism can basically fork at any moment and we don't want
newer daemons to carry around old file descriptors, especially lock
files.
Since `make_tmp_file` is called by many things (e.g. open_file_locked,
logrotate, rrd), set O_CLOEXEC with mkostemp.
This fixes issues with leftover file descriptors e.g. tape backups not
working because of lingering locks after a reload, or having deleted
rrd files open.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
changes from v1:
* introduce mkostemp helper which is similar to nix's mkstemp helper
(the code is a copy of mkstemp aside from the call to libcmkostemp +
the oflag handling)
I did it this way, since we may be able to upstream this, have
to look more closer at this though.
proxmox-sys/src/fs/file.rs | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/proxmox-sys/src/fs/file.rs b/proxmox-sys/src/fs/file.rs
index fbfc0b58..74b9e74e 100644
--- a/proxmox-sys/src/fs/file.rs
+++ b/proxmox-sys/src/fs/file.rs
@@ -116,6 +116,29 @@ pub fn file_read_firstline<P: AsRef<Path>>(path: P) -> Result<String, Error> {
read_firstline(path).map_err(|err| format_err!("unable to read {path:?} - {err}"))
}
+#[inline]
+/// Creates a tmpfile like [`nix::unistd::mkstemp`], but with [`nix::fctnl::Oflag`] set.
+///
+/// Note that some flags are masked out since they can produce an error, see mkostemp(2) for details.
+// code is mostly copied from nix mkstemp
+fn mkostemp<P: ?Sized + NixPath>(
+ template: &P,
+ oflag: OFlag,
+) -> nix::Result<(std::os::fd::RawFd, PathBuf)> {
+ use std::os::unix::ffi::OsStringExt;
+ let mut path = template.with_nix_path(|path| path.to_bytes_with_nul().to_owned())?;
+ let p = path.as_mut_ptr().cast();
+
+ let flags = OFlag::intersection(OFlag::O_APPEND | OFlag::O_CLOEXEC | OFlag::O_SYNC, oflag);
+
+ let fd = unsafe { libc::mkostemp(p, flags.bits()) };
+ let last = path.pop(); // drop the trailing nul
+ debug_assert!(last == Some(b'\0'));
+ let pathname = std::ffi::OsString::from_vec(path);
+ Errno::result(fd)?;
+ Ok((fd, PathBuf::from(pathname)))
+}
+
/// Takes a Path and CreateOptions, creates a tmpfile from it and returns
/// a RawFd and PathBuf for it
pub fn make_tmp_file<P: AsRef<Path>>(
@@ -127,7 +150,7 @@ pub fn make_tmp_file<P: AsRef<Path>>(
// use mkstemp here, because it works with different processes, threads, even tokio tasks
let mut template = path.to_owned();
template.set_extension("tmp_XXXXXX");
- let (mut file, tmp_path) = match unistd::mkstemp(&template) {
+ let (mut file, tmp_path) = match mkostemp(&template, OFlag::O_CLOEXEC) {
Ok((fd, path)) => (unsafe { File::from_raw_fd(fd) }, path),
Err(err) => bail!("mkstemp {:?} failed: {}", template, err),
};
--
2.39.5
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
next reply other threads:[~2024-11-29 14:28 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-29 14:28 Dominik Csapak [this message]
2024-11-29 14:28 ` [pbs-devel] [PATCH proxmox v2 2/2] sys: open directories with O_CLOEXEC Dominik Csapak
2024-12-02 14:01 ` Fabian Grünbichler
2024-12-02 14:55 ` Dominik Csapak
2024-12-02 15:03 ` Fabian Grünbichler
2024-12-02 14:02 ` [pbs-devel] [PATCH proxmox v2 1/2] sys: fs: set CLOEXEC when creating temp files Fabian Grünbichler
2024-12-02 16:07 ` [pbs-devel] applied: " Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241129142801.3334969-1-d.csapak@proxmox.com \
--to=d.csapak@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox