This is NOT a bug fix, because the previous code contained a
check for symlinks before that line - because symlinks can not
have ACLs under Linux.
Now, this "is it a symlink" check is removed to simplify the
code and the "nofollow" variant of acl_extended_file* is used
to look at the symlink fs object (in the symlink case).
It then should tell us that this does NOT have an extended ACL
(because symlinks can't have ACLs) and so we return there.
Overall the code gets simpler and looks less suspect.
Previously, these conditions were handled the same (just return):
- no extended acl here
- some error happened (e.g. ACLs unsupported, bad file descriptor, file not found, permission error, ...)
Now there will be OSErrors for the error cases.
Thanks to Andrey Bienkowski (@hexagonrecursion) for reporting this and writing reproducer code.
Changes:
- use different, randomly (but recognizably) named temp files while writing (securely made by os.mkstemp())
- make sure temp files are cleaned up in normal and error conditions
- SyncFile can now get corresponding pair of path + open os-level fd
- cleaned up: fd now means os-level fd, f means python-file-like object
- fixed a caller of SaveFile
remove WSL autodetection. if WSL still has this problem, you need to
set BORG_WORKAROUNDS=basesyncfile in the borg process environment to
work around it.
(cherry picked from commit beb948fc71)
acl_get:
remove assumption that having an FD means it is a regular file, we try
to use FDs a much as possible.
only get the default acl for directories - other fs objects are not
expected to have a default acl.
the path needs to be encoded also for the case when we have an fd,
it is needed to get the default acl for directories.
also: micro-opt: encode path later, not needed for ISLNK check.
acl_set:
remove the "if False" branch, it is the same here: the fd-based api
only supports access ACLs, but not default ACLs, so we always need
to use the path-based api here.
this optimization is only needed for linux, the bsd-like platforms
do not need an open file to run a ioctl against, but have bsdflags
in the stat result already.
on linux, this optimization saves 1 file open/close per input file.
this code used to live in borg.xattr and used ctypes
(and was the only ctypes-using code in borg).
the low level code now was converted to cython and
the platform code moved to platform package.
got rid of the code that tried to find the libc.
- move stuff to platform.base (should be platform independent according
to the docs).
- bump platform API version
- parseformat: import fqdn from platform instead of recomputing it
This is not yet fixing #3471, just a preparation for it.
opening a device file for a non-existing device can be very slow.
symlinks will make the open() call fail as it is using O_NOFOLLOW.
also: lstat -> stat(..., follow_symlinks=False) like everywhere else.
Thomas Waldmann