copy: handle system security config issues with copy_file_range()

* src/copy.c (sparse_copy): Upon EPERM from copy_file_range(),
fall back to a standard copy, which will give a more accurate
error as to whether the issue is with the source or destination.
Also this will avoid the issue where seccomp or apparmor are
not configured to handle copy_file_range(), in which case
the fall back standard copy would succeed without issue.
This specific issue with seccomp was noticed for example in:
https://github.com/golang/go/issues/40900

diff --git a/src/copy.c b/src/copy.c
index f626cfed72f039715f1575a8c4e5f8522b26f462..e929963901c3be16c00414df56ced9fee756c333 100644 (file)
--- a/src/copy.c
+++ b/src/copy.c
@@ -294,6 +294,15 @@ sparse_copy (int src_fd, int dest_fd, char *buf, size_t buf_size,
                 || errno == EINVAL || errno == EBADF
                 || errno == EXDEV || errno == ETXTBSY)
               break;
+
+            /* copy_file_range might not be enabled in seccomp filters,
+               so retry with a standard copy.  EPERM can also occur
+               for immutable files, but that would only be in the edge case
+               where the file is made immutable after creating/truncating,
+               in which case the (more accurate) error is still shown.  */
+            if (errno == EPERM && *total_n_read == 0)
+              break;
+
             if (errno == EINTR)
               n_copied = 0;
             else