Fix race condition in copyfile() causing inotify permission errors#68860
Open
wblinux wants to merge 1 commit intosaltstack:masterfrom
Open
Fix race condition in copyfile() causing inotify permission errors#68860wblinux wants to merge 1 commit intosaltstack:masterfrom
wblinux wants to merge 1 commit intosaltstack:masterfrom
Conversation
Apply the destination file's ownership and permissions to the temp file BEFORE the atomic move, instead of after. Previously, mkstemp() created the temp file with default 0600 permissions. After shutil.move() atomically replaced the destination, there was a brief window where the file was visible with restrictive permissions. Services using inotify to watch managed files (e.g. nscd watching /etc/resolv.conf) would detect the replacement via IN_DELETE_SELF, then fail to re-add a file watch with "Permission denied" due to the 0600 permissions, leading to service failures such as DNS resolution loss. By setting chown/chmod on the temp file before shutil.move(), the destination file is never visible with incorrect permissions, eliminating the race condition entirely. Fixes saltstack#65651
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Moves
chown/chmodfrom aftershutil.move()to before it insalt.utils.files.copyfile(), applying the destination file'sownership and permissions to the temp file before the atomic rename.
What issues does this PR fix or reference?
Fixes #65651
Previous Behavior
mkstemp()created a temp file with default0600permissions.shutil.move()atomically replaced the destination, thenchown/chmodwas applied afterward. This left a brief window where the destination
file had restrictive permissions. Services using inotify (e.g. nscd
watching
/etc/resolv.conf) would detect the replacement viaIN_DELETE_SELF, fail to re-add a file watch with "Permission denied",and lose functionality (e.g. DNS resolution failure).
New Behavior
Ownership and permissions are applied to the temp file before
shutil.move(), so the destination file is never visible withincorrect permissions. If
chown/chmodfails, the temp file iscleaned up and the error is propagated.
Merge requirements satisfied?
Commits signed with GPG?
No