Skip to content

Don't let plugins fail due to read-only fs #3239

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Don't let plugins fail due to read-only fs #3239

wants to merge 1 commit into from

Conversation

@dmnks
Copy link
Contributor

@dmnks dmnks commented Aug 12, 2024

Read-only file systems fall into the same category as unsupported ones (i.e. writing the desired file metadata to them is meaningless) so handle those gracefully in the plugin hooks, too.

This is useful e.g. when preparing a system for IMA by reinstalling the desired packages with the IMA plugin enabled, including ones that own paths such as /mnt which are meant to be used as mount points, often read-only (e.g. when mounting an ISO).

Fixes: RHEL-33726

@dmnks
Don't let plugins fail due to read-only fs
ad2cd2a 
Read-only file systems fall into the same category as unsupported ones
(i.e. writing the desired file metadata to them is meaningless) so
handle those gracefully in the plugin hooks, too.

This is useful e.g. when preparing a system for IMA by reinstalling the
desired packages with the IMA plugin enabled, including ones that own
paths such as /mnt which are meant to be used as mount points, often
read-only (e.g. when mounting an ISO).

Fixes: RHEL-33726
@dmnks
Copy link
Contributor Author

dmnks commented Aug 12, 2024
edited
Loading

One scenario just came to mind:

  1. You mount a directory (as read-only) over another directory that's owned by an installed package
  2. The plugin skips the directory silently
  3. You unmount the directory
  4. The original directory does not have the file attributes applied (!)

In a way, this is a security risk, too.

Maybe we should make this into a warning after all...

@pmatilai
Copy link
Member

pmatilai commented Aug 13, 2024

These should probably be handled the same as fsm does (see commit 09d554d): if there's an error applying, skip if the attributes match, otherwise it's an error.

@dmnks
Copy link
Contributor Author

dmnks commented Aug 13, 2024

Ack, I'll look into that.

@dmnks dmnks added the DONT DO NOT merge, for whatever reason label Aug 13, 2024
@pmatilai
Copy link
Member

pmatilai commented Aug 26, 2024

Of course, the issue of underlying directory not getting updated goes for any (temporary) mounts we happen to touch during a transaction. This may call for stepping back a bit for an overall strategy (fancy expression for "I don't know" 😆 )

We know what mounts we cross paths with, and we technically even know which ones are readonly mounts. We just don't make a good use of that information: if we try to install something on such a filesystem we fail out with "not enough space" which is a bit confusing. Maybe we could automatically add readonly mounts to %_netsharedpath so they get skipped, but we shouldn't do that for an fs where we're actually trying to install to, only for the mountpoints.

And, that still leaves the question of what to do with any temporary mounts.

@dmnks
Copy link
Contributor Author

dmnks commented Oct 2, 2024

Indeed, this needs a step back, failure to write to a file system is not a plugin specific thing, unlike e.g. EOPNOTSUPP that we already handle in plugins. I'll close this PR since it obviously isn't the right solution, and will open a discussion item instead.

@dmnks dmnks closed this Oct 2, 2024
@dmnks dmnks mentioned this pull request Oct 23, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

DONT DO NOT merge, for whatever reason

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dmnks @pmatilai