[pve-devel] [PATCH proxmox-perl-rs 1/1] firewall: sdn: ignore EPERM when reading the legacy IPAM file

[pve-devel] [PATCH proxmox-perl-rs 1/1] firewall: sdn: ignore EPERM when reading the legacy IPAM file

[Stefan Hanreich]

On fresh installations, neither the new nor the old IPAM db file
exist. This triggers our fallback code path and leads to errors in the
syslog on fresh installs where there is no IPAM database. This happens
whenever a firewall API call is made. Because of this, we choose to
ignore EPERM when reading the legacy files. This is okay, because we
move existing databases in the postinstall script of
libpve-network-perl, making the situation where the new file does not
exist, but the old file exists unlikely.

Reported-by: Alexander Zeidler <a.zeidler@proxmox.com>
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
The change from () to {} is due to rustfmt quirks. Adding the or made
rustfmt change () to {()}, leading to another complaint by clippy
about an unnecessary unit type in the closure, which I then removed.

 pve-rs/src/firewall/sdn.rs | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pve-rs/src/firewall/sdn.rs b/pve-rs/src/firewall/sdn.rs
index a7d7b80..faf5156 100644
--- a/pve-rs/src/firewall/sdn.rs
+++ b/pve-rs/src/firewall/sdn.rs
@@ -126,7 +126,9 @@ mod export {
             Err(e) if e.kind() == io::ErrorKind::NotFound => {
                 match fs::read_to_string(SDN_IPAM_LEGACY) {
                     Ok(data) => add_ipam_ipsets(data)?,
-                    Err(e) if e.kind() == io::ErrorKind::NotFound => (),
+                    Err(e)
+                        if e.kind() == io::ErrorKind::NotFound
+                            || e.kind() == io::ErrorKind::PermissionDenied => {}
                     Err(e) => bail!("Cannot open legacy IPAM database: {e:#}"),
                 }
             }
-- 
2.39.5


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] applied: [PATCH proxmox-perl-rs 1/1] firewall: sdn: ignore EPERM when reading the legacy IPAM file

[Thomas Lamprecht]

Am 20.11.24 um 15:47 schrieb Stefan Hanreich:
> On fresh installations, neither the new nor the old IPAM db file
> exist. This triggers our fallback code path and leads to errors in the
> syslog on fresh installs where there is no IPAM database. This happens
> whenever a firewall API call is made. Because of this, we choose to
> ignore EPERM when reading the legacy files. This is okay, because we
> move existing databases in the postinstall script of
> libpve-network-perl, making the situation where the new file does not
> exist, but the old file exists unlikely.
> 
> Reported-by: Alexander Zeidler <a.zeidler@proxmox.com>
> Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
> ---
> The change from () to {} is due to rustfmt quirks. Adding the or made
> rustfmt change () to {()}, leading to another complaint by clippy
> about an unnecessary unit type in the closure, which I then removed.

I changed it a bit to be added as separate match arm, being explicit here
can be nice w.r.t. using git blame to find out why this is the way it is.

> 
>  pve-rs/src/firewall/sdn.rs | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
>

applied, thanks!


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel