[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] copy: handle system security config issues with copy_file_range(
From: |
Pádraig Brady |
Subject: |
[PATCH] copy: handle system security config issues with copy_file_range() |
Date: |
Sat, 8 May 2021 19:31:43 +0100 |
* src/copy.c (sparse_copy): Upon EPERM from copy_file_range(),
fall back to a standard copy, which will give a more accurate
error as to whether the issue is with the source or destination.
Also this will avoid the issue where seccomp or apparmor are
not configured to handle copy_file_range(), in which case
the fall back standard copy would succeed without issue.
This specific issue with seccomp was noticed for example in:
https://github.com/golang/go/issues/40900
---
src/copy.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/copy.c b/src/copy.c
index 69ba94b11..d945a5d94 100644
--- a/src/copy.c
+++ b/src/copy.c
@@ -294,6 +294,15 @@ sparse_copy (int src_fd, int dest_fd, char *buf, size_t
buf_size,
|| errno == EINVAL || errno == EBADF
|| errno == EXDEV || errno == ETXTBSY)
break;
+
+ /* copy_file_range might not be enabled in seccomp filters,
+ so retry with a standard copy. EPERM can also occur
+ for immutable files, but that would only be in the edge case
+ where the file is made immutable after creating/truncating,
+ in which case the (more accurate) error is still shown. */
+ if (errno == EPERM && *total_n_read == 0)
+ break;
+
if (errno == EINTR)
n_copied = 0;
else
--
2.26.2
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [PATCH] copy: handle system security config issues with copy_file_range(),
Pádraig Brady <=