tape/drive/linux_tape: fix and refactor usage of sg-tape-cmd
when executing this code as non-root, we use sg-tape-cmd (a setuid binary) to execute various ioctls on the tape device we give the command the open tape device fd as stdin, but did not dup it, so the std::process:Stdio handle closed it on drop, which let subsequent operation on that file fail (since it was closed) fix it by dup'ing it before giving it to the command, and also refactor the calling code, so that we do not forget to do this Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
This commit is contained in:
parent
627d000098
commit
00ac86c31b
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
use std::fs::{OpenOptions, File};
|
use std::fs::{OpenOptions, File};
|
||||||
use std::os::unix::fs::OpenOptionsExt;
|
use std::os::unix::fs::OpenOptionsExt;
|
||||||
use std::os::unix::io::{AsRawFd, FromRawFd};
|
use std::os::unix::io::{AsRawFd, FromRawFd, RawFd};
|
||||||
use std::convert::TryFrom;
|
use std::convert::TryFrom;
|
||||||
|
|
||||||
use anyhow::{bail, format_err, Error};
|
use anyhow::{bail, format_err, Error};
|
||||||
@ -51,6 +51,17 @@ use crate::{
|
|||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
fn run_sg_tape_cmd(subcmd: &str, args: &[&str], fd: RawFd) -> Result<String, Error> {
|
||||||
|
let mut command = std::process::Command::new(
|
||||||
|
"/usr/lib/x86_64-linux-gnu/proxmox-backup/sg-tape-cmd");
|
||||||
|
command.args(&[subcmd]);
|
||||||
|
command.args(&["--stdin"]);
|
||||||
|
command.args(args);
|
||||||
|
let device_fd = nix::unistd::dup(fd)?;
|
||||||
|
command.stdin(unsafe { std::process::Stdio::from_raw_fd(device_fd)});
|
||||||
|
run_command(command, None)
|
||||||
|
}
|
||||||
|
|
||||||
/// Linux tape drive status
|
/// Linux tape drive status
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub struct LinuxDriveStatus {
|
pub struct LinuxDriveStatus {
|
||||||
@ -351,12 +362,7 @@ impl LinuxTapeHandle {
|
|||||||
return read_mam_attributes(&mut self.file);
|
return read_mam_attributes(&mut self.file);
|
||||||
}
|
}
|
||||||
|
|
||||||
let mut command = std::process::Command::new(
|
let output = run_sg_tape_cmd("cartridge-memory", &[], self.file.as_raw_fd())?;
|
||||||
"/usr/lib/x86_64-linux-gnu/proxmox-backup/sg-tape-cmd");
|
|
||||||
command.args(&["cartridge-memory"]);
|
|
||||||
command.args(&["--stdin"]);
|
|
||||||
command.stdin(unsafe { std::process::Stdio::from_raw_fd(self.file.as_raw_fd())});
|
|
||||||
let output = run_command(command, None)?;
|
|
||||||
let result: Result<Vec<MamAttribute>, String> = serde_json::from_str(&output)?;
|
let result: Result<Vec<MamAttribute>, String> = serde_json::from_str(&output)?;
|
||||||
result.map_err(|err| format_err!("{}", err))
|
result.map_err(|err| format_err!("{}", err))
|
||||||
}
|
}
|
||||||
@ -371,12 +377,7 @@ impl LinuxTapeHandle {
|
|||||||
return read_volume_statistics(&mut self.file);
|
return read_volume_statistics(&mut self.file);
|
||||||
}
|
}
|
||||||
|
|
||||||
let mut command = std::process::Command::new(
|
let output = run_sg_tape_cmd("volume-statistics", &[], self.file.as_raw_fd())?;
|
||||||
"/usr/lib/x86_64-linux-gnu/proxmox-backup/sg-tape-cmd");
|
|
||||||
command.args(&["volume-statistics"]);
|
|
||||||
command.args(&["--stdin"]);
|
|
||||||
command.stdin(unsafe { std::process::Stdio::from_raw_fd(self.file.as_raw_fd())});
|
|
||||||
let output = run_command(command, None)?;
|
|
||||||
let result: Result<Lp17VolumeStatistics, String> = serde_json::from_str(&output)?;
|
let result: Result<Lp17VolumeStatistics, String> = serde_json::from_str(&output)?;
|
||||||
result.map_err(|err| format_err!("{}", err))
|
result.map_err(|err| format_err!("{}", err))
|
||||||
}
|
}
|
||||||
@ -533,12 +534,7 @@ impl TapeDriver for LinuxTapeHandle {
|
|||||||
return read_tape_alert_flags(&mut self.file);
|
return read_tape_alert_flags(&mut self.file);
|
||||||
}
|
}
|
||||||
|
|
||||||
let mut command = std::process::Command::new(
|
let output = run_sg_tape_cmd("tape-alert-flags", &[], self.file.as_raw_fd())?;
|
||||||
"/usr/lib/x86_64-linux-gnu/proxmox-backup/sg-tape-cmd");
|
|
||||||
command.args(&["tape-alert-flags"]);
|
|
||||||
command.args(&["--stdin"]);
|
|
||||||
command.stdin(unsafe { std::process::Stdio::from_raw_fd(self.file.as_raw_fd())});
|
|
||||||
let output = run_command(command, None)?;
|
|
||||||
let result: Result<u64, String> = serde_json::from_str(&output)?;
|
let result: Result<u64, String> = serde_json::from_str(&output)?;
|
||||||
result
|
result
|
||||||
.map_err(|err| format_err!("{}", err))
|
.map_err(|err| format_err!("{}", err))
|
||||||
@ -585,17 +581,15 @@ impl TapeDriver for LinuxTapeHandle {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let mut command = std::process::Command::new(
|
let output = if let Some((fingerprint, uuid)) = key_fingerprint {
|
||||||
"/usr/lib/x86_64-linux-gnu/proxmox-backup/sg-tape-cmd");
|
|
||||||
command.args(&["encryption"]);
|
|
||||||
if let Some((fingerprint, uuid)) = key_fingerprint {
|
|
||||||
let fingerprint = crate::tools::format::as_fingerprint(fingerprint.bytes());
|
let fingerprint = crate::tools::format::as_fingerprint(fingerprint.bytes());
|
||||||
command.args(&["--fingerprint", &fingerprint]);
|
run_sg_tape_cmd("encryption", &[
|
||||||
command.args(&["--uuid", &uuid.to_string()]);
|
"--fingerprint", &fingerprint,
|
||||||
}
|
"--uuid", &uuid.to_string(),
|
||||||
command.args(&["--stdin"]);
|
], self.file.as_raw_fd())?
|
||||||
command.stdin(unsafe { std::process::Stdio::from_raw_fd(self.file.as_raw_fd())});
|
} else {
|
||||||
let output = run_command(command, None)?;
|
run_sg_tape_cmd("encryption", &[], self.file.as_raw_fd())?
|
||||||
|
};
|
||||||
let result: Result<(), String> = serde_json::from_str(&output)?;
|
let result: Result<(), String> = serde_json::from_str(&output)?;
|
||||||
result.map_err(|err| format_err!("{}", err))
|
result.map_err(|err| format_err!("{}", err))
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user