mirror/borg
1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2025-01-01 12:45:34 +00:00
Code Issues Releases Wiki Activity

improve are_acls_working function

Browse source 
- ACLs are not working, if ENOTSUP ("Operation not supported") happens
- fix check for macOS
  On macOS borg uses "acl_extended", not "acl_access" and
  also the ACL text format is a bit different.
This commit is contained in:
Thomas Waldmann 2024-02-25 02:19:38 +01:00
parent b3554cdc0f
commit d5396feebd
No known key found for this signature in database
GPG key ID: 243ACFA951F78E01
1 changed files with 16 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
src/borg/testsuite/platform.py
View file

@ -1,3 +1,4 @@
import errno
import functools
import os
@ -31,25 +32,26 @@ def are_acls_working():
with unopened_tempfile() as filepath:
open(filepath, "w").close()
try:
if is_freebsd:
access = b"user::rw-\ngroup::r--\nmask::rw-\nother::---\nuser:root:rw-\n"
contained = b"user:root:rw-"
elif is_linux:
access = b"user::rw-\ngroup::r--\nmask::rw-\nother::---\nuser:root:rw-:0\n"
contained = b"user:root:rw-:0"
elif is_darwin:
return True # improve?
if is_darwin:
acl_key = "acl_extended"
acl_value = b"!#acl 1\nuser:FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000:root:0:allow:read\n"
else:
return False # unsupported platform
acl = {"acl_access": access}
acl_set(filepath, acl)
acl_key = "acl_access"
acl_value = b"user::rw-\ngroup::r--\nmask::rw-\nother::---\nuser:root:rw-:9999\ngroup:root:rw-:9999\n"
write_acl = {acl_key: acl_value}
acl_set(filepath, write_acl)
read_acl = {}
acl_get(filepath, read_acl, os.stat(filepath))
read_acl_access = read_acl.get("acl_access", None)
if read_acl_access and contained in read_acl_access:
return True
acl = read_acl.get(acl_key, None)
if acl is not None:
check_for = b"root:0:allow:read" if is_darwin else b"user::rw-"
if check_for in acl:
return True
except PermissionError:
pass
except OSError as e:
if e.errno not in (errno.ENOTSUP,):
raise
return False