From 96cac5f3810de7f15bb992be051221008c9be38a Mon Sep 17 00:00:00 2001 From: Thomas Waldmann Date: Sat, 2 Mar 2024 20:04:22 +0100 Subject: [PATCH] Linux: acl_get: use "nofollow" variant of acl_extended_file call This is NOT a bug fix, because the previous code contained a check for symlinks before that line - because symlinks can not have ACLs under Linux. Now, this "is it a symlink" check is removed to simplify the code and the "nofollow" variant of acl_extended_file* is used to look at the symlink fs object (in the symlink case). It then should tell us that this does NOT have an extended ACL (because symlinks can't have ACLs) and so we return there. Overall the code gets simpler and looks less suspect. --- src/borg/platform/linux.pyx | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/borg/platform/linux.pyx b/src/borg/platform/linux.pyx index dfbf925b..2f02065f 100644 --- a/src/borg/platform/linux.pyx +++ b/src/borg/platform/linux.pyx @@ -50,7 +50,7 @@ cdef extern from "sys/acl.h": char *acl_to_text(acl_t acl, ssize_t *len) cdef extern from "acl/libacl.h": - int acl_extended_file(const char *path) + int acl_extended_file_nofollow(const char *path) int acl_extended_fd(int fd) cdef extern from "linux/fs.h": @@ -235,17 +235,15 @@ def acl_get(path, item, st, numeric_ids=False, fd=None): cdef char *access_text = NULL cdef int ret = 0 - if stat.S_ISLNK(st.st_mode): - # symlinks can not have ACLs - return if isinstance(path, str): path = os.fsencode(path) if fd is not None: ret = acl_extended_fd(fd) else: - ret = acl_extended_file(path) + ret = acl_extended_file_nofollow(path) if ret == 0: # there is no ACL defining permissions other than those defined by the traditional file permission bits. + # note: this should also be the case for symlink fs objects, as they can not have ACLs. return if ret < 0: raise OSError(errno.errno, os.strerror(errno.errno), os.fsdecode(path))