From d5396feebde1f79b9075e5712d10af6f957461c6 Mon Sep 17 00:00:00 2001 From: Thomas Waldmann Date: Sun, 25 Feb 2024 02:19:38 +0100 Subject: [PATCH] improve are_acls_working function - ACLs are not working, if ENOTSUP ("Operation not supported") happens - fix check for macOS On macOS borg uses "acl_extended", not "acl_access" and also the ACL text format is a bit different. --- src/borg/testsuite/platform.py | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/src/borg/testsuite/platform.py b/src/borg/testsuite/platform.py index a8a859b0..d08b1d9a 100644 --- a/src/borg/testsuite/platform.py +++ b/src/borg/testsuite/platform.py @@ -1,3 +1,4 @@ +import errno import functools import os @@ -31,25 +32,26 @@ def are_acls_working(): with unopened_tempfile() as filepath: open(filepath, "w").close() try: - if is_freebsd: - access = b"user::rw-\ngroup::r--\nmask::rw-\nother::---\nuser:root:rw-\n" - contained = b"user:root:rw-" - elif is_linux: - access = b"user::rw-\ngroup::r--\nmask::rw-\nother::---\nuser:root:rw-:0\n" - contained = b"user:root:rw-:0" - elif is_darwin: - return True # improve? + if is_darwin: + acl_key = "acl_extended" + acl_value = b"!#acl 1\nuser:FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000:root:0:allow:read\n" else: - return False # unsupported platform - acl = {"acl_access": access} - acl_set(filepath, acl) + acl_key = "acl_access" + acl_value = b"user::rw-\ngroup::r--\nmask::rw-\nother::---\nuser:root:rw-:9999\ngroup:root:rw-:9999\n" + write_acl = {acl_key: acl_value} + acl_set(filepath, write_acl) read_acl = {} acl_get(filepath, read_acl, os.stat(filepath)) - read_acl_access = read_acl.get("acl_access", None) - if read_acl_access and contained in read_acl_access: - return True + acl = read_acl.get(acl_key, None) + if acl is not None: + check_for = b"root:0:allow:read" if is_darwin else b"user::rw-" + if check_for in acl: + return True except PermissionError: pass + except OSError as e: + if e.errno not in (errno.ENOTSUP,): + raise return False