From: Miklos S. <mi...@sz...> - 2008-11-19 18:11:41
|
On Tue, 18 Nov 2008, Nikolaus Rath wrote: > Here is an example of the problems that arise from this: > > I regularly back up /home/* with storeBackup. Since there is a fuse > mounted .gvfs in the home directories, root is not able to access it. > Hence I have added an exclude rule for /home/*/.gvfs and expected > everything to work fine. However, storeBackup apparently relies on the > fact that it can stat() stuff returned by readdir(), so the > excludeRule is only applied *afterwards*. Therefore storeBackup still > tries to stat() the .gvfs, which gives a very unexpected error > (permission denied rather than 'file not found' which is handled > because it could happen if the file has been deleted after the > readdir() call). > > I would believe that similar problems arise with many other backup > programs, because the assumption that one can stat() everything in a > directorywith at worst getting a "file not found" seems very > reasonable. > > > Therefore I'd argue in favor of returning something useful. IMO root > should at least be able to find out that the entry corresponds to a > directory. So what about returning the properties of the original > directory, before it became a mountpoint? mkdir /tmp/a chown foo /tmp/a chmod 777 /tmp/a mkdir /tmp/b chown bar /tmp/b chmod 444 /tmp/b fusefs /tmp/a mount --bind /tmp/a /tmp/b now the same filesystem is mounted over both /tmp/a and /tmp/b. What should stat return? (NB. the filesystem doesn't know which path it was accessed through) So no, this doesn't work. We can return a zero permission for both: d--------- 2 owner group 0 1970-01-01 a This would work, but it's still an ugly hack, because it means that we return different attributes depending on the user ID of the process asking. The nice solution is private namespaces, it _is_ possible to set them up, but not trivial. And unfortunately distros are not yet forced into implementing this. Maybe the pain with ~/.gvfs vs. backups will do that ;) Want to become early testers? There's a pam module that does some of this private namespace stuff, but last I looked it was hopelessly buggy. Miklos |