forked from lix-project/lix
b9c2b4d5b4
Using the immutable bit is problematic, especially in conjunction with store optimisation. For instance, if the garbage collector deletes a file, it has to clear its immutable bit, but if the file has additional hard links, we can't set the bit afterwards because we don't know the remaining paths. So now that we support having the entire Nix store as a read-only mount, we may as well drop the immutable bit. Unfortunately, we have to keep the code to clear the immutable bit for backwards compatibility.
50 lines
1.2 KiB
C++
50 lines
1.2 KiB
C++
#include "config.h"
|
|
|
|
#include "immutable.hh"
|
|
#include "util.hh"
|
|
|
|
#include <sys/types.h>
|
|
#include <sys/stat.h>
|
|
#include <fcntl.h>
|
|
|
|
#if HAVE_LINUX_FS_H
|
|
#include <linux/fs.h>
|
|
#include <sys/ioctl.h>
|
|
#include <errno.h>
|
|
#endif
|
|
|
|
namespace nix {
|
|
|
|
|
|
void makeMutable(const Path & path)
|
|
{
|
|
#if defined(FS_IOC_SETFLAGS) && defined(FS_IOC_GETFLAGS) && defined(FS_IMMUTABLE_FL)
|
|
|
|
/* Don't even try if we're not root. One day we should support
|
|
the CAP_LINUX_IMMUTABLE capability. */
|
|
if (getuid() != 0) return;
|
|
|
|
/* The O_NOFOLLOW is important to prevent us from changing the
|
|
mutable bit on the target of a symlink (which would be a
|
|
security hole). */
|
|
AutoCloseFD fd = open(path.c_str(), O_RDONLY | O_NOFOLLOW);
|
|
if (fd == -1) {
|
|
if (errno == ELOOP) return; // it's a symlink
|
|
throw SysError(format("opening file `%1%'") % path);
|
|
}
|
|
|
|
unsigned int flags = 0, old;
|
|
|
|
/* Silently ignore errors getting/setting the immutable flag so
|
|
that we work correctly on filesystems that don't support it. */
|
|
if (ioctl(fd, FS_IOC_GETFLAGS, &flags)) return;
|
|
old = flags;
|
|
flags &= ~FS_IMMUTABLE_FL;
|
|
if (old == flags) return;
|
|
if (ioctl(fd, FS_IOC_SETFLAGS, &flags)) return;
|
|
#endif
|
|
}
|
|
|
|
|
|
}
|