From: Michal Rakowski Date: Thu, 9 Sep 2021 11:04:19 +0000 (+0200) Subject: Check for the needed capabilites at the SD startup X-Git-Tag: Beta-15.0.0~838 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1676d59c78a69213103967ce77a0fbeb382ebaeb;p=thirdparty%2Fbacula.git Check for the needed capabilites at the SD startup --- diff --git a/bacula/src/stored/global.c b/bacula/src/stored/global.c index 9ff96ac10..f8b08f9b5 100644 --- a/bacula/src/stored/global.c +++ b/bacula/src/stored/global.c @@ -24,3 +24,5 @@ STORES *me = NULL; /* our Global resource */ bool forge_on = false; /* proceed inspite of I/O errors */ pthread_mutex_t device_release_mutex = PTHREAD_MUTEX_INITIALIZER; pthread_cond_t wait_device_release = PTHREAD_COND_INITIALIZER; +/* Determines if we run with capabilities required for APPEND and IMMUTABLE file attributes */ +bool got_caps_needed = false; diff --git a/bacula/src/stored/stored.c b/bacula/src/stored/stored.c index fb95c6727..58308bedd 100644 --- a/bacula/src/stored/stored.c +++ b/bacula/src/stored/stored.c @@ -37,6 +37,10 @@ */ #include "sd_plugins.h" +#if defined(HAVE_LINUX_OS) && defined(HAVE_LIBCAP) +#include +#endif + /* Imported functions and variables */ extern bool parse_sd_config(CONFIG *config, const char *configfile, int exit_code); @@ -112,6 +116,49 @@ static void sd_debug_print(JCR *jcr, FILE *fp) } } +#if defined(HAVE_LINUX_OS) && defined(HAVE_LIBCAP) +static bool get_needed_caps() +{ + /* Storage Daemon must be running with following capabilities to be able to set/clear + * APPEND and IMMUTABLE flags on volumes. */ + const char *caps_needed = "cap_linux_immutable"; + cap_t caps = NULL; + char *cap_text = NULL; + bool ret = false; + + caps = cap_get_proc(); + if (!caps) { + Dmsg1(90, "Calling cap_get_proc() failed, errno: %d!\n", errno); + goto bail_out; + } + + cap_text = cap_to_text(caps, NULL); + if (!cap_text) { + Dmsg1(90, "Calling cap_get_proc() failed, errno: %d!\n", errno); + goto bail_out; + } + + /* Check if we are running with capabilities needed */ + ret = strstr(cap_text, caps_needed) == NULL ? false : true; + +bail_out: + if (cap_text) { + cap_free(cap_text); + } + if (caps) { + cap_free(caps); + } + if (ret) { + Dmsg0(90, "Have needed caps, APPEND and IMMUTABLE flags can be used for volumes.\n"); + } else { + Dmsg0(90, "Do not have needed caps, APPEND and IMMUTABLE flags cannot be used for volumes.\n"); + } + return ret; +} +#else +static bool get_needed_caps() { return false; } +#endif // HAVE_LINUX_OS && HAVE_LIBCAP + /********************************************************************* * * Main Bacula Unix Storage Daemon @@ -297,6 +344,8 @@ int main (int argc, char *argv[]) set_thread_concurrency(me->max_concurrent_jobs * 2 + 4); lmgr_init_thread(); /* initialize the lockmanager stack */ + got_caps_needed = get_needed_caps(); + load_sd_plugins(me->plugin_directory); drop(uid, gid, false); diff --git a/bacula/src/stored/stored.h b/bacula/src/stored/stored.h index dde26f7fd..5d39e4e86 100644 --- a/bacula/src/stored/stored.h +++ b/bacula/src/stored/stored.h @@ -123,5 +123,6 @@ extern pthread_cond_t wait_device_release; /* wait for any device to be released extern bool update_permanent_stats(void *data); extern bstatcollect *statcollector; extern sdstatmetrics_t sdstatmetrics; +extern bool got_caps_needed; #endif /* __STORED_H_ */