ENT-10961, CFE-1840: Files promise can now modify immutable bit in file system attributes#5752
ENT-10961, CFE-1840: Files promise can now modify immutable bit in file system attributes#5752larsewi wants to merge 38 commits into
Conversation
|
Thank you for submitting a PR! Maybe @craigcomstock can review this? |
bdd1918 to
69b1f52
Compare
06b3676 to
578286c
Compare
|
MMM, the transformer attribute comes to mind. Looking at the files promise docs I imagine that And the And I added them to the description. |
f82867d to
2f16047
Compare
7b81817 to
50ad347
Compare
50ad347 to
2eec801
Compare
|
@cf-bottom Jenkins with exotics please :) |
|
Alright, I triggered a build: (with exotics) Jenkins: https://ci.cfengine.com/job/pr-pipeline/12188/ Packages: http://buildcache.cfengine.com/packages/testing-pr/jenkins-pr-pipeline-12188/ |
b1c4763 to
0559bfe
Compare
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
Ticket: CFE-4529 Changelog: Title Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
Ticket: CFE-4529 Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
Ticket: ENT-10961, CFE-1840 Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
Ticket: ENT-10961, CFE-1840 Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
Ticket: ENT-10961, CFE-1840 Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
Ticket: ENT-10961, CFE-1840 Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
Ticket: ENT-10961, CFE-1840 Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
Ticket: ENT-10961, CFE-1840 Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
Ticket: ENT-10961, CFE-1840 Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
Ticket: ENT-10961, CFE-1840 Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
Ticket: ENT-10961, CFE-1840 Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
Ticket: ENT-10961, CFE-1840 Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
Ticket: ENT-10961, CFE-1840 Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
Ticket: ENT-10961, CFE-1840 Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
Ticket: ENT-10961, CFE-1840 Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
Ticket: ENT-10961, CFE-1840 Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
Ticket: ENT-10961, CFE-1840 Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
13f8333 to
7dc51ff
Compare
|
Sure, I triggered a build: (with exotics) Jenkins: https://ci.cfengine.com/job/pr-pipeline/12284/ Packages: http://buildcache.cfengine.com/packages/testing-pr/jenkins-pr-pipeline-12284/ |
craigcomstock
left a comment
There was a problem hiding this comment.
Looks good! A high-level question about atomicity and maybe one typo. :)
| } | ||
|
|
||
| /* We'll match the original file permissions on commit */ | ||
| if (!CopyRegularFileDiskPerms(orig, copy, 0600)) |
There was a problem hiding this comment.
I think you should change the orig file to immutable just before this copy. Not 100% atomic but pretty close so that between this Begin() and the Commit() no one else can "easily" modify the file without also modifying the immutable bit of course.
There was a problem hiding this comment.
Not sure if this is a good idea. Let's discuss in digital F2F format :)
| * @return false in case of failure | ||
| * @note The immutable bit is reset to it's original state | ||
| */ | ||
| bool OverrideImmutableCommit( |
There was a problem hiding this comment.
Here it seems that we should have something like:
OverrideImmutableBegin(struct utimbuf *times) to capture the modified/access times when we begin the "transaction"
Also, during this Begin() we should make the file immutable to attempt to restrict access as much as possible while we do "work" and before we call Commit().
And then OverrideImmutableCommit() takes that as a parameter and if the original file has changed mod/access since Begin() we should fail to commit saying that the file changed inside of the window of time of the transaction to modify the immutable file.
There was a problem hiding this comment.
Also, during this Begin() we should make the file immutable to attempt to restrict access as much as possible while we do "work" and before we call Commit().
If we make the file immutable while another process is writing it, we can maybe cause it to be left in an inconsistent state?
There was a problem hiding this comment.
I think this very quickly is becoming like the yak shaving. The task is to implement immutable bit support. Not to make CFEngine file operations atomic (they never have been). I created a value-add project CFE-4551 to try to achieve this.
There was a problem hiding this comment.
All CFEngine file operations are supposed to be atomic.
There was a problem hiding this comment.
All CFEngine file operations are supposed to be atomic.
They unfortunately are not. However, this code uses the same attempt to achieve "atomic" file operations as before. I.e., write changes to a temporary file and swap it with the original.
|
|
||
| if (a.havefsattrs && a.fsattrs.haveimmutable && !a.fsattrs.immutable) | ||
| { | ||
| /* Here we only handle the clearing of the immutable the immutable |
There was a problem hiding this comment.
| /* Here we only handle the clearing of the immutable the immutable | |
| /* Here we only handle the clearing of the immutable |
|
|
||
| /* If we encounter any promises to mutate the file and the immutable | ||
| * attribute in body fsattrs is "true", we will override the immutable bit | ||
| * by temporarily clearing it when ever needed. */ |
There was a problem hiding this comment.
| * by temporarily clearing it when ever needed. */ | |
| * by temporarily clearing it whenever needed. */ |
| static const FnCallArg GET_ACLS_ARGS[] = | ||
| { | ||
| {CF_ABSPATHRANGE, CF_DATA_TYPE_STRING, "Path to file or directory"}, | ||
| {"default,access", CF_DATA_TYPE_OPTION, "Whether to get default or access ACL"}, |
There was a problem hiding this comment.
So this is our "menu" item list for an attribute right? Is this required and if not, defaulted to "default"? I will probably find out later in the review. :)
There was a problem hiding this comment.
If me make it optional and default to one of them, then we cannot add any more arguments in the future. Maybe this is OK?
Also it does not make sense to default to "default", since "default" only works on directories. "default" is like a template ACL that is inherited by all child objects.
😮💨 😅 |
@vpodzime I heard you like file systems and C code :) |
vpodzime
left a comment
There was a problem hiding this comment.
Looks good to me in general. Three things that I'd change:
- split the
GetACL()stuff into a separate PR - do not add anything to
EvalContextit's already in the attributes, a macro/inline function to get the boolean should do git reset BEFORE_ALL_THESE_CHANGESand then add the final version of the utility functions as one commit and then one or multiple commits for supporting theset_immutablein all the attributes
| * attribute in body fsattrs is "true", we will override the immutable bit | ||
| * by temporarily clearing it when ever needed. */ | ||
| const bool override_immutable = a.havefsattrs && a.fsattrs.haveimmutable && a.fsattrs.immutable && is_immutable; | ||
| EvalContextOverrideImmutableSet(ctx, a.havefsattrs && a.fsattrs.haveimmutable && a.fsattrs.immutable && is_immutable); |
There was a problem hiding this comment.
It's already in the attributes and we do pass those into gazillions functions already, right?
There was a problem hiding this comment.
It's not passed everywhere. We also would need to pass the is_immutable variable each function.
| if (!IsExecutable(CommandArg0(BufferData(command)))) | ||
| { | ||
| RecordFailure(ctx, pp, attr, "Transformer '%s' for file '%s' failed", attr->transformer, file); | ||
| RecordFailure(ctx, pp, attr, " '%s' for file '%s' failed", attr->transformer, file); |
There was a problem hiding this comment.
Yup, I don't know how that happened. Maybe some typos in normal mode 😆
|
Superseded by #5833 |
TODO:
contentattributecopy_fromattributedeleteattributeedit_lineattributeedit_xmlattributepermsattributetouchattributeedit_templateattributeaclattributetransformerattributerenameattributeIs there any other ones that I've missed?