Hi,
we ran into a problem, while using filesystem snapshots on a GPFS-filesystem. With this we want to give the users the opportunity to restore Mailboxes from this snapshots in case they deleted mail by accident.
For each snapshot we create a namespace via a postlogin skript (with INDEX=MEMORY to avoid writing index files to a ro filesystem). The snapshot are of course read only. When accessing the mailboxes in the namespaces, dovecot generates an error (ro filesystem): Error: Mailbox #backup20/Mail/deleted-messages: open() failed with mbox: Read-only file system
We tracked that down to a problem in src/lib-storage/index/mbox/mbox-file.c (yes, we are still using mbox ;) )
fd = open(mailbox_get_path(&mbox->box), mbox_is_backend_readonly(mbox) ? O_RDONLY : O_RDWR); if (fd == -1 && errno == EACCES && !mbox->backend_readonly) { mbox->backend_readonly = TRUE; fd = open(mailbox_get_path(&mbox->box), O_RDONLY); }
Here the mailbox is opened and it is checked wether the file is ro or rw. Since the snapshot contains the original file permissions, the file is of course rw, but the filesystem is ro. Unfortunately the code only checks for file permissions (errno == EACCES), which doesn’t catch our error condition (FS ro).
We think that exchanging this to (errno == EACCESS || errno == EROFS) would catch the file system ro error correctly and set the readonly flag correctly and open the mailbox ro. (this probably hast to be done for other mailbox formats in the corresponding files too)
What do you think? Is there a chance to implement that in an upcoming release?
Best regards Damian
— Postmaster@WWU WWU IT Westfälische Wilhelms-Universität (WWU) Münster Röntgenstr. 7-13, 48149 Münster
mailto:postmaster@uni-muenster.de
Hi!
This is on our backlog already as DOP-2294, lets see if we get it forward at some point.
Aki
On 29/06/2021 12:48 Bucher, Dr. Damian bucher@uni-muenster.de wrote:
Hi,
we ran into a problem, while using filesystem snapshots on a GPFS-filesystem. With this we want to give the users the opportunity to restore Mailboxes from this snapshots in case they deleted mail by accident.
For each snapshot we create a namespace via a postlogin skript (with INDEX=MEMORY to avoid writing index files to a ro filesystem). The snapshot are of course read only. When accessing the mailboxes in the namespaces, dovecot generates an error (ro filesystem): Error: Mailbox #backup20/Mail/deleted-messages: open() failed with mbox: Read-only file system
We tracked that down to a problem in src/lib-storage/index/mbox/mbox-file.c (yes, we are still using mbox ;) )
fd = open(mailbox_get_path(&mbox->box), mbox_is_backend_readonly(mbox) ? O_RDONLY : O_RDWR); if (fd == -1 && errno == EACCES && !mbox->backend_readonly) { mbox->backend_readonly = TRUE; fd = open(mailbox_get_path(&mbox->box), O_RDONLY); }
Here the mailbox is opened and it is checked wether the file is ro or rw. Since the snapshot contains the original file permissions, the file is of course rw, but the filesystem is ro. Unfortunately the code only checks for file permissions (errno == EACCES), which doesn’t catch our error condition (FS ro).
We think that exchanging this to (errno == EACCESS || errno == EROFS) would catch the file system ro error correctly and set the readonly flag correctly and open the mailbox ro. (this probably hast to be done for other mailbox formats in the corresponding files too)
What do you think? Is there a chance to implement that in an upcoming release?
Best regards Damian
— Postmaster@WWU WWU IT Westfälische Wilhelms-Universität (WWU) Münster Röntgenstr. 7-13, 48149 Münster
mailto:postmaster@uni-muenster.de
Hi,
we tested a wrapper around the open() function, which rewrites the error code to EACCES in case the mailbox is from a snapshot and which we load with LD_PRELOAD. (See https://www.samanbarghi.com/blog/2014/09/05/how-to-wrap-a-system-call-libc-f...) Unfortunately that was not successful, so we added a wrapper around access(), which does the job (you could even skip the open()-wrapper).
So the below mentioned code snippet is not the only one to be modified ;)
Best regards Damian
Am 29.06.2021 um 12:29 schrieb Aki Tuomi aki.tuomi@open-xchange.com:
Hi!
This is on our backlog already as DOP-2294, lets see if we get it forward at some point.
Aki
On 29/06/2021 12:48 Bucher, Dr. Damian bucher@uni-muenster.de wrote:
Hi,
we ran into a problem, while using filesystem snapshots on a GPFS-filesystem. With this we want to give the users the opportunity to restore Mailboxes from this snapshots in case they deleted mail by accident.
For each snapshot we create a namespace via a postlogin skript (with INDEX=MEMORY to avoid writing index files to a ro filesystem). The snapshot are of course read only. When accessing the mailboxes in the namespaces, dovecot generates an error (ro filesystem): Error: Mailbox #backup20/Mail/deleted-messages: open() failed with mbox: Read-only file system
We tracked that down to a problem in src/lib-storage/index/mbox/mbox-file.c (yes, we are still using mbox ;) )
fd = open(mailbox_get_path(&mbox->box), mbox_is_backend_readonly(mbox) ? O_RDONLY : O_RDWR); if (fd == -1 && errno == EACCES && !mbox->backend_readonly) { mbox->backend_readonly = TRUE; fd = open(mailbox_get_path(&mbox->box), O_RDONLY); }
Here the mailbox is opened and it is checked wether the file is ro or rw. Since the snapshot contains the original file permissions, the file is of course rw, but the filesystem is ro. Unfortunately the code only checks for file permissions (errno == EACCES), which doesn’t catch our error condition (FS ro).
We think that exchanging this to (errno == EACCESS || errno == EROFS) would catch the file system ro error correctly and set the readonly flag correctly and open the mailbox ro. (this probably hast to be done for other mailbox formats in the corresponding files too)
What do you think? Is there a chance to implement that in an upcoming release?
Best regards Damian
— Postmaster@WWU WWU IT Westfälische Wilhelms-Universität (WWU) Münster Röntgenstr. 7-13, 48149 Münster
mailto:postmaster@uni-muenster.de
—
Westfälische Wilhelms-Universität (WWU) Münster
WWU IT
Dr. Damian Bucher
Abt. 6.2 Systemdienste
Röntgenstr. 7-13, 48149 Münster
Tel.: +49 251 83-31658 Fax: +49 251 8393331658 mailto:bucher@uni-muenster.de Website: www.uni-muenster.de/it
participants (2)
-
Aki Tuomi
-
Bucher, Dr. Damian