From 66c2917ae48d889e18f1e459710a1e84711e2e19 Mon Sep 17 00:00:00 2001 From: Lars Erik Wik Date: Thu, 21 Aug 2025 14:09:56 +0200 Subject: [PATCH 1/2] Fixed bug where rename fails to reset temporarily cleared immutable bit The problem was that it tried to reset the immutable bit status of the old file, instead of the new file after calling rename(). The old file obviously is not immutable because it is the temporary file that we want to replace the original file with after e.g., rendering its contents. Ticket: ENT-13179 Changelog: Title Signed-off-by: Lars Erik Wik --- libpromises/override_fsattrs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libpromises/override_fsattrs.c b/libpromises/override_fsattrs.c index 3f3487a4e9..b578b75067 100644 --- a/libpromises/override_fsattrs.c +++ b/libpromises/override_fsattrs.c @@ -221,7 +221,7 @@ bool OverrideImmutableRename( } ResetTemporarilyClearedImmutableBit( - new_filename, override, res_old, old_is_immutable); + new_filename, override, res_old, new_is_immutable); return true; } From cad2292c01bb36ab5a0ec846460c5d5209c1e97e Mon Sep 17 00:00:00 2001 From: Lars Erik Wik Date: Thu, 21 Aug 2025 14:40:20 +0200 Subject: [PATCH 2/2] Added missing record changes/failures to when flipping the immutable bit Ticket: ENT-13179 Changelog: Title Signed-off-by: Lars Erik Wik --- cf-agent/verify_files.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/cf-agent/verify_files.c b/cf-agent/verify_files.c index 748ac1e24d..f9d3dd7116 100644 --- a/cf-agent/verify_files.c +++ b/cf-agent/verify_files.c @@ -373,8 +373,8 @@ static PromiseResult VerifyFilePromise(EvalContext *ctx, char *path, const Promi break; case FS_ATTRS_FAILURE: RecordFailure(ctx, pp, &a, - "Failed to clear the immutable bit on file '%s'", - changes_path); + "Failed to clear the immutable bit on file '%s': %s", + changes_path, FSAttrsErrorCodeToString(res)); result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL); break; case FS_ATTRS_NOT_SUPPORTED: @@ -663,14 +663,15 @@ static PromiseResult VerifyFilePromise(EvalContext *ctx, char *path, const Promi switch (res) { case FS_ATTRS_SUCCESS: - Log(LOG_LEVEL_VERBOSE, "Set the immutable bit on file '%s'", - changes_path); + RecordChange(ctx, pp, &a, + "Set the immutable bit on file '%s'", + changes_path); break; case FS_ATTRS_FAILURE: /* Things still may be fine as long as the agent does not try to mutate the file */ - Log(LOG_LEVEL_VERBOSE, - "Failed to set the immutable bit on file '%s': %s", - changes_path, FSAttrsErrorCodeToString(res)); + RecordFailure(ctx, pp, &a, + "Failed to set the immutable bit on file '%s': %s", + changes_path, FSAttrsErrorCodeToString(res)); break; case FS_ATTRS_NOT_SUPPORTED: /* We will not treat this as a promise failure because this