[PATCH] core-agent-linux: bind-dirs: copy from ro only if bind target doesn't exists
31 views
Skip to first unread message
HW42
Aug 30, 2016, 7:39:50 PM8/30/16
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
from the commit message:
f4d367a6 dropped the check if the bind target exists and added
"--no-clobber" to the cp call. For directories this does not work as
desired: cp checks per (recursive) file instead of once for the
specified directory.
This leads to strange behavior. For example if /test is configured as
bind-dir and the template contains a file /test/foo, you can edit
/test/foo in a AppVM but if you delete it it will be readded. So this
patch readds the check if the target dir already exists.
@Patrick: CC'ing you to ensure that I didn't miss a use case.
Side note: The mount will fail if the target is a file and the source a
dir or vice versa. But this was already the case before f4d367a6.
HW42
-----BEGIN PGP SIGNATURE-----
iQIsBAEBCgAWBQJXxhkeDxxodzQyQGlwc3Vtai5kZQAKCRDkrMknimRoFknpEACl
Vm/t7guEAA2+ojIJCIZvy2nv9Dpj4uHLfj+4S6788HpRaJcyXEXtGZb5sRJeEQ12
4glodpUe/8fGI6ZtzHxt2GOCLEEImCaBc29GHr/s2QwkURUyxSe7hfSCC3dKg9tW
Ma7hbuEmh6KFLx9U9YV0AL/2FJOQ1J4XN3QCrommcn3IwGEvOU4APGgAtPf/Hn9t
Ms4prb9sYdvTmt4AS5BCz5EiGIz21zH4dAjrGBTupC8STw+oMJNSKjaLpizUeYCc
a6f6A7DwU8fD1MR4s8T/K4fqBNB5gdTyJGZMgflJVGtu2FiVt273NZ+l9m0ELExR
id4Cat17I9OuM7p/MD4kfnhgTX0OfmMHerR8WlgwZRoX7if3DMFmx+q1aaof7+1D
F8Ey68vkS8Jq8rZylCqIwkLdqC/Fu4rxIW86d6ckpdSRPPIhIHoyesMndJQzb/At
IddWIyDkZtqq/0gIHsRSbDXDfOwNQeW/1J+/VFY0YKJkFTcaMyaBE7BCWM3YqqJl
OMuZ8bqIY+5QoqXYkp8ZEBTFJiJ6a0MVtQzBQbujEw4QxODJfmmyU2KJwdvTFZf5
832lk6S9zxjKwEX6LwoIsYPeoFx87VXCtVo7cn5FtagMNUMaN9vOtMFbitKxEsTJ
WekYO6QB2iK3MrdrxPeMCcA2aIM1gm1MA66o3IqKKQ==
=Jajh
-----END PGP SIGNATURE-----
Hash: SHA512
Hi,
from the commit message:
f4d367a6 dropped the check if the bind target exists and added
"--no-clobber" to the cp call. For directories this does not work as
desired: cp checks per (recursive) file instead of once for the
specified directory.
This leads to strange behavior. For example if /test is configured as
bind-dir and the template contains a file /test/foo, you can edit
/test/foo in a AppVM but if you delete it it will be readded. So this
patch readds the check if the target dir already exists.
@Patrick: CC'ing you to ensure that I didn't miss a use case.
Side note: The mount will fail if the target is a file and the source a
dir or vice versa. But this was already the case before f4d367a6.
HW42
-----BEGIN PGP SIGNATURE-----
iQIsBAEBCgAWBQJXxhkeDxxodzQyQGlwc3Vtai5kZQAKCRDkrMknimRoFknpEACl
Vm/t7guEAA2+ojIJCIZvy2nv9Dpj4uHLfj+4S6788HpRaJcyXEXtGZb5sRJeEQ12
4glodpUe/8fGI6ZtzHxt2GOCLEEImCaBc29GHr/s2QwkURUyxSe7hfSCC3dKg9tW
Ma7hbuEmh6KFLx9U9YV0AL/2FJOQ1J4XN3QCrommcn3IwGEvOU4APGgAtPf/Hn9t
Ms4prb9sYdvTmt4AS5BCz5EiGIz21zH4dAjrGBTupC8STw+oMJNSKjaLpizUeYCc
a6f6A7DwU8fD1MR4s8T/K4fqBNB5gdTyJGZMgflJVGtu2FiVt273NZ+l9m0ELExR
id4Cat17I9OuM7p/MD4kfnhgTX0OfmMHerR8WlgwZRoX7if3DMFmx+q1aaof7+1D
F8Ey68vkS8Jq8rZylCqIwkLdqC/Fu4rxIW86d6ckpdSRPPIhIHoyesMndJQzb/At
IddWIyDkZtqq/0gIHsRSbDXDfOwNQeW/1J+/VFY0YKJkFTcaMyaBE7BCWM3YqqJl
OMuZ8bqIY+5QoqXYkp8ZEBTFJiJ6a0MVtQzBQbujEw4QxODJfmmyU2KJwdvTFZf5
832lk6S9zxjKwEX6LwoIsYPeoFx87VXCtVo7cn5FtagMNUMaN9vOtMFbitKxEsTJ
WekYO6QB2iK3MrdrxPeMCcA2aIM1gm1MA66o3IqKKQ==
=Jajh
-----END PGP SIGNATURE-----
Marek Marczykowski-Górecki
Aug 31, 2016, 9:44:26 PM8/31/16
to HW42, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Tue, Aug 30, 2016 at 11:39:00PM +0000, HW42 wrote:
> Hi,
>
> from the commit message:
>
> f4d367a6 dropped the check if the bind target exists and added
> "--no-clobber" to the cp call. For directories this does not work as
> desired: cp checks per (recursive) file instead of once for the
> specified directory.
>
> This leads to strange behavior. For example if /test is configured as
> bind-dir and the template contains a file /test/foo, you can edit
> /test/foo in a AppVM but if you delete it it will be readded. So this
> patch readds the check if the target dir already exists.
Applied, thanks!
> @Patrick: CC'ing you to ensure that I didn't miss a use case.
>
> Side note: The mount will fail if the target is a file and the source a
> dir or vice versa. But this was already the case before f4d367a6.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXx4fzAAoJENuP0xzK19csc28H/22rH4m0imQcE1GMOb1f5qfG
Jys0pf9UyuqEq3uf7uiKc2XSAfetUmz4li5w2hywoId4F2XvT03A71g33w0YArfo
HAka0xWuo3NOaxcn1UEcxB2DS27tiNZGskYHKK59vGEmgq3ibNf1Z6c7yAcyUMUb
pa29bAENDMwWinyGyorRt9V6aXTujr0AicEBAX0/KIvqIlVorIV+SUjz4j3TfMvn
8gxMTli11GKoEhDylCGHaaf9mlSJogSrPormr1LWMsMncY6zm9FChO6kt50VUL0+
iGsgrBIOQ7XnopT8Qz8AqyNvr5Cmwht4Ua3cirtnEO70A/tY7zpEoAaca/jKUmA=
=IKk/
-----END PGP SIGNATURE-----
Hash: SHA256
On Tue, Aug 30, 2016 at 11:39:00PM +0000, HW42 wrote:
> Hi,
>
> from the commit message:
>
> f4d367a6 dropped the check if the bind target exists and added
> "--no-clobber" to the cp call. For directories this does not work as
> desired: cp checks per (recursive) file instead of once for the
> specified directory.
>
> This leads to strange behavior. For example if /test is configured as
> bind-dir and the template contains a file /test/foo, you can edit
> /test/foo in a AppVM but if you delete it it will be readded. So this
> patch readds the check if the target dir already exists.
> @Patrick: CC'ing you to ensure that I didn't miss a use case.
>
> Side note: The mount will fail if the target is a file and the source a
> dir or vice versa. But this was already the case before f4d367a6.
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXx4fzAAoJENuP0xzK19csc28H/22rH4m0imQcE1GMOb1f5qfG
Jys0pf9UyuqEq3uf7uiKc2XSAfetUmz4li5w2hywoId4F2XvT03A71g33w0YArfo
HAka0xWuo3NOaxcn1UEcxB2DS27tiNZGskYHKK59vGEmgq3ibNf1Z6c7yAcyUMUb
pa29bAENDMwWinyGyorRt9V6aXTujr0AicEBAX0/KIvqIlVorIV+SUjz4j3TfMvn
8gxMTli11GKoEhDylCGHaaf9mlSJogSrPormr1LWMsMncY6zm9FChO6kt50VUL0+
iGsgrBIOQ7XnopT8Qz8AqyNvr5Cmwht4Ua3cirtnEO70A/tY7zpEoAaca/jKUmA=
=IKk/
-----END PGP SIGNATURE-----
Patrick Schleizer
Sep 9, 2016, 12:34:43 PM9/9/16
to Marek Marczykowski-Górecki, HW42, qubes...@googlegroups.com, Patrick Schleizer
Great! Thanks! This was one of the original bind-dirs limitations.
Looks good for me and works. However, should be tested in new Whonix
builds before calling Qubes R3.2 final.
Glad, that bind-dirs is useful for other use cases than Whonix also!
For reference, original thread:
TemplateBasedVMs: make selected files and folders located in the root
image persistent- review bind-dirs.sh
https://groups.google.com/forum/#!searchin/qubes-devel/bind-dirs|sort:relevance/qubes-devel/tcYQ4eV-XX4/J89DRLzOBQAJ
Cheers,
Patrick
Looks good for me and works. However, should be tested in new Whonix
builds before calling Qubes R3.2 final.
Glad, that bind-dirs is useful for other use cases than Whonix also!
For reference, original thread:
TemplateBasedVMs: make selected files and folders located in the root
image persistent- review bind-dirs.sh
https://groups.google.com/forum/#!searchin/qubes-devel/bind-dirs|sort:relevance/qubes-devel/tcYQ4eV-XX4/J89DRLzOBQAJ
Cheers,
Patrick
Reply all
Reply to author
Forward
0 new messages