Feature/patch request

Bucher, Dr. Damian bucher at uni-muenster.de
Wed Jun 30 12:29:08 EEST 2021 

Hi,

we tested a wrapper around the open() function, which rewrites the error code to EACCES in case the mailbox is from a snapshot and which we load with LD_PRELOAD. (See https://www.samanbarghi.com/blog/2014/09/05/how-to-wrap-a-system-call-libc-function-in-linux/) 
Unfortunately that was not successful, so we added a wrapper around access(), which does the job (you could even skip the open()-wrapper).

So the below mentioned code snippet is not the only one to be modified ;)

Best regards
Damian

> Am 29.06.2021 um 12:29 schrieb Aki Tuomi <aki.tuomi at open-xchange.com>:
> 
> Hi!
> 
> This is on our backlog already as DOP-2294, lets see if we get it forward at some point.
> 
> Aki
> 
>> On 29/06/2021 12:48 Bucher, Dr. Damian <bucher at uni-muenster.de> wrote:
>> 
>> 
>> Hi,
>> 
>> we ran into a problem, while using filesystem snapshots on a GPFS-filesystem. With this we want to give the users the opportunity to restore Mailboxes from this snapshots in case they deleted mail by accident.
>> 
>> For each snapshot we create a namespace via a postlogin skript (with INDEX=MEMORY to avoid writing index files to a ro filesystem). The snapshot are of course read only.
>> When accessing the mailboxes in the namespaces, dovecot generates an error (ro filesystem):
>> Error: Mailbox #backup20/Mail/deleted-messages: open() failed with mbox: Read-only file system
>> 
>> 
>> We tracked that down to a problem in src/lib-storage/index/mbox/mbox-file.c (yes, we are still using mbox ;) )
>> 
>> fd = open(mailbox_get_path(&mbox->box),
>>                  mbox_is_backend_readonly(mbox) ? O_RDONLY : O_RDWR);
>>        if (fd == -1 && errno == EACCES && !mbox->backend_readonly) {
>>                mbox->backend_readonly = TRUE;
>>                fd = open(mailbox_get_path(&mbox->box), O_RDONLY);
>>        }
>> 
>> Here the mailbox is opened and it is checked wether the file is ro or rw.
>> Since the snapshot contains the original file permissions, the file is of course rw, but the filesystem is ro.
>> Unfortunately the code only checks for file permissions (errno == EACCES), which doesn’t catch our error condition (FS ro).
>> 
>> We think that exchanging this to (errno == EACCESS || errno == EROFS) would catch the file system ro error correctly and set the readonly flag correctly and open the mailbox ro.
>> (this probably hast to be done for other mailbox formats in the corresponding files too)
>> 
>> What do you think? Is there a chance to implement that in an upcoming release?
>> 
>> Best regards
>> Damian
>> 
>>>> Postmaster at WWU
>> WWU IT
>> Westfälische Wilhelms-Universität (WWU) Münster
>> Röntgenstr. 7-13, 48149 Münster
>> 
>> mailto:postmaster at uni-muenster.de

—  
Westfälische Wilhelms-Universität (WWU) Münster
WWU IT
Dr. Damian Bucher
Abt. 6.2 Systemdienste
Röntgenstr. 7-13, 48149 Münster

Tel.: +49 251 83-31658 Fax: +49 251 8393331658
mailto:bucher at uni-muenster.de
Website: www.uni-muenster.de/it






-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5641 bytes
Desc: not available
URL: <https://dovecot.org/pipermail/dovecot/attachments/20210630/87fb0e6e/attachment.p7s>

More information about the dovecot mailing list