From 17e3cee604970971f2a7aaaea4674a83d281efbb Mon Sep 17 00:00:00 2001 From: Thomas Waldmann Date: Sat, 2 Mar 2024 20:04:22 +0100 Subject: [PATCH] Linux: acl_get: use "nofollow" variant of acl_extended_file call This is NOT a bug fix, because the previous code contained a check for symlinks before that line - because symlinks can not have ACLs under Linux. Now, this "is it a symlink" check is removed to simplify the code and the "nofollow" variant of acl_extended_file* is used to look at the symlink fs object (in the symlink case). It then should tell us that this does NOT have an extended ACL (because symlinks can't have ACLs) and so we return there. Overall the code gets simpler and looks less suspect. --- src/borg/platform/linux.pyx | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/borg/platform/linux.pyx b/src/borg/platform/linux.pyx index dbb07fd89..196d8bd82 100644 --- a/src/borg/platform/linux.pyx +++ b/src/borg/platform/linux.pyx @@ -52,7 +52,7 @@ cdef extern from "sys/acl.h": char *acl_to_text(acl_t acl, ssize_t *len) cdef extern from "acl/libacl.h": - int acl_extended_file(const char *path) + int acl_extended_file_nofollow(const char *path) int acl_extended_fd(int fd) cdef extern from "linux/fs.h": @@ -234,17 +234,15 @@ def acl_get(path, item, st, numeric_ids=False, fd=None): cdef char *access_text = NULL cdef int ret = 0 - if stat.S_ISLNK(st.st_mode): - # symlinks can not have ACLs - return if isinstance(path, str): path = os.fsencode(path) if fd is not None: ret = acl_extended_fd(fd) else: - ret = acl_extended_file(path) + ret = acl_extended_file_nofollow(path) if ret == 0: # there is no ACL defining permissions other than those defined by the traditional file permission bits. + # note: this should also be the case for symlink fs objects, as they can not have ACLs. return if ret < 0: raise OSError(errno.errno, os.strerror(errno.errno), os.fsdecode(path))