Check for the needed capabilites at the SD startup

diff --git a/bacula/src/stored/global.c b/bacula/src/stored/global.c
index 9ff96ac1096fe8a1878414e60ef59a11b16db9d7..f8b08f9b5291d06e4a3b6bce7c2c380cc15fbe55 100644 (file)
--- a/bacula/src/stored/global.c
+++ b/bacula/src/stored/global.c
@@ -24,3 +24,5 @@ STORES *me = NULL;                    /* our Global resource */
 bool forge_on = false;                /* proceed inspite of I/O errors */
 pthread_mutex_t device_release_mutex = PTHREAD_MUTEX_INITIALIZER;
 pthread_cond_t wait_device_release = PTHREAD_COND_INITIALIZER;
+/* Determines if we run with capabilities required for APPEND and IMMUTABLE file attributes */
+bool got_caps_needed = false;

diff --git a/bacula/src/stored/stored.c b/bacula/src/stored/stored.c
index fb95c6727e68120a961bae9ca16c428ba1729371..58308bedd8ce2fbba20268137606bc00d546d773 100644 (file)
--- a/bacula/src/stored/stored.c
+++ b/bacula/src/stored/stored.c
@@ -37,6 +37,10 @@
  */
 #include "sd_plugins.h"
 
+#if defined(HAVE_LINUX_OS) && defined(HAVE_LIBCAP)
+#include <sys/capability.h>
+#endif
+
 /* Imported functions and variables */
 extern bool parse_sd_config(CONFIG *config, const char *configfile, int exit_code);
 
@@ -112,6 +116,49 @@ static void sd_debug_print(JCR *jcr, FILE *fp)
    }
 }
 
+#if defined(HAVE_LINUX_OS) && defined(HAVE_LIBCAP)
+static bool get_needed_caps()
+{
+   /* Storage Daemon must be running with following capabilities to be able to set/clear
+    * APPEND and IMMUTABLE flags on volumes. */
+   const char *caps_needed = "cap_linux_immutable";
+   cap_t caps = NULL;
+   char *cap_text = NULL;
+   bool ret = false;
+
+   caps = cap_get_proc();
+   if (!caps) {
+      Dmsg1(90, "Calling cap_get_proc() failed, errno: %d!\n", errno);
+      goto bail_out;
+   }
+
+   cap_text = cap_to_text(caps, NULL);
+   if (!cap_text) {
+      Dmsg1(90, "Calling cap_get_proc() failed, errno: %d!\n", errno);
+      goto bail_out;
+   }
+
+   /* Check if we are running with capabilities needed */
+   ret = strstr(cap_text, caps_needed) == NULL ? false : true;
+
+bail_out:
+      if (cap_text) {
+         cap_free(cap_text);
+      }
+      if (caps) {
+         cap_free(caps);
+      }
+      if (ret) {
+         Dmsg0(90, "Have needed caps, APPEND and IMMUTABLE flags can be used for volumes.\n");
+      } else {
+         Dmsg0(90, "Do not have needed caps, APPEND and IMMUTABLE flags cannot be used for volumes.\n");
+      }
+      return ret;
+}
+#else
+static bool get_needed_caps() { return false; }
+#endif   // HAVE_LINUX_OS && HAVE_LIBCAP
+
 /*********************************************************************
  *
  *  Main Bacula Unix Storage Daemon
@@ -297,6 +344,8 @@ int main (int argc, char *argv[])
    set_thread_concurrency(me->max_concurrent_jobs * 2 + 4);
    lmgr_init_thread(); /* initialize the lockmanager stack */
 
+   got_caps_needed = get_needed_caps();
+
    load_sd_plugins(me->plugin_directory);
 
    drop(uid, gid, false);

diff --git a/bacula/src/stored/stored.h b/bacula/src/stored/stored.h
index dde26f7fda521fb1e622854b7e3867930ccf8ab3..5d39e4e868d407daf955441eef097780d22d0df6 100644 (file)
--- a/bacula/src/stored/stored.h
+++ b/bacula/src/stored/stored.h
@@ -123,5 +123,6 @@ extern pthread_cond_t wait_device_release; /* wait for any device to be released
 extern bool update_permanent_stats(void *data);
 extern bstatcollect *statcollector;
 extern sdstatmetrics_t sdstatmetrics;
+extern bool got_caps_needed;
 
 #endif /* __STORED_H_ */