From: "Lukas Wagner" <l.wagner@proxmox.com>
To: "Thomas Lamprecht" <t.lamprecht@proxmox.com>,
"Lukas Wagner" <l.wagner@proxmox.com>
Cc: pdm-devel@lists.proxmox.com
Subject: Re: [PATCH datacenter-manager 2/4] add api_cache as a specialized wrapper around the namespaced cache
Date: Fri, 15 May 2026 11:22:30 +0200 [thread overview]
Message-ID: <DIJ52LMJC07V.1J18H373XVVRB@proxmox.com> (raw)
In-Reply-To: <20260515090637.950992-2-t.lamprecht@proxmox.com>
On Fri May 15, 2026 at 11:06 AM CEST, Thomas Lamprecht wrote:
> On Wed, 13 May 2026 15:54:55 +0200, Lukas Wagner wrote:
>> diff --git a/server/src/api_cache.rs b/server/src/api_cache.rs
>> new file mode 100644
>> --- /dev/null
>> +++ b/server/src/api_cache.rs
>> @@ -0,0 +1,126 @@
> [...]
>> +const GLOBAL_NAMESPACE: &str = "global";
>> +const LOCK_TIMEOUT: Duration = Duration::from_secs(10);
>> +
>> +static CACHE: LazyLock<NamespacedCache> = LazyLock::new(|| {
>> + let file_options = proxmox_product_config::default_create_options();
>> + let dir_options = file_options.perm(Mode::from_bits_truncate(0o750));
>
> w.r.t. 0o750 mode for per-namespace subdirectories here and ...
>
>> +
>> + NamespacedCache::new(PathBuf::from(PDM_API_CACHE_PATH), dir_options, file_options)
>> +});
>
>> diff --git a/server/src/bin/proxmox-datacenter-privileged-api.rs b/server/src/bin/proxmox-datacenter-privileged-api.rs
>> --- a/server/src/bin/proxmox-datacenter-privileged-api.rs
>> +++ b/server/src/bin/proxmox-datacenter-privileged-api.rs
>> @@ -102,6 +102,13 @@ fn create_directories() -> Result<(), Error> {
> [...]
>> + pdm_config::setup::mkdir_perms(
>> + api_cache::PDM_API_CACHE_PATH,
>> + api_user.uid,
>> + api_user.gid,
>> + 0o755,
>> + )?;
>
> .. the cache root is created with 0o755 here - is that on purpose? With
> the current modes any local user can list the cache root and see which
> remotes have cached data from the directory names, even though they
> cannot read the cached contents. Either drop the root to 0o750 to match,
> or add a short comment explaining why the two levels differ.
Good catch! This was a copy-paste mistake, the mkdir_perms call was
copied from from a section above. will be fixed for the next revision,
I'll change it to 0o750.
Thanks!
next prev parent reply other threads:[~2026-05-15 9:22 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-13 13:54 [PATCH datacenter-manager 0/4] add generic, per-remote (and global) cache for remote API responses Lukas Wagner
2026-05-13 13:54 ` [PATCH datacenter-manager 1/4] add persistent, generic, namespaced key-value cache implementation Lukas Wagner
2026-05-15 9:06 ` Thomas Lamprecht
2026-05-15 9:19 ` Lukas Wagner
2026-05-13 13:54 ` [PATCH datacenter-manager 2/4] add api_cache as a specialized wrapper around the namespaced cache Lukas Wagner
2026-05-15 9:06 ` Thomas Lamprecht
2026-05-15 9:22 ` Lukas Wagner [this message]
2026-05-13 13:54 ` [PATCH datacenter-manager 3/4] api: resources: subscriptions: switch over to api_cache Lukas Wagner
2026-05-15 9:06 ` Thomas Lamprecht
2026-05-15 9:49 ` Lukas Wagner
2026-05-13 13:54 ` [PATCH datacenter-manager 4/4] remote-updates: switch over to new api_cache Lukas Wagner
2026-05-15 9:06 ` Thomas Lamprecht
2026-05-15 12:56 ` Lukas Wagner
2026-05-15 8:30 ` superseded: [PATCH datacenter-manager 0/4] add generic, per-remote (and global) cache for remote API responses Lukas Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DIJ52LMJC07V.1J18H373XVVRB@proxmox.com \
--to=l.wagner@proxmox.com \
--cc=pdm-devel@lists.proxmox.com \
--cc=t.lamprecht@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox