Skip to content

Commit

Permalink
lib: Stop setting MAGIC_PRESERVE_ATIME flag
Browse files Browse the repository at this point in the history
On RedHat systems setting MAGIC_PRESERVE_ATIME caused SELinux errors.

RedHat bugzilla identified in BZ
   https://bugzilla.redhat.com/show_bug.cgi?id=1997148
that this was caused by a call to utimensat().

Issue #2333 identified that setting MAGIC_PRESERVE_ATIME triggers the
call of utimensat(). Inspecting src/magic.c in the "file" utility source
code shows that the call of utimensat() was made due to utimes() being
called. glibc maps this to a call of utimensat().

Although setting the flag, and hence preserving atime when ascertaining
the file type is not unreasonable, the atime will be modified anyway
when the file is subsequently executed. Also it is clear from the
"file" code in src/magic.c, that not only is the atime not properly
restored when MAGIC_PRESERVE_ATIME is set, but that mtime is also
modified, even though the file has not been modified. This is due to
close_and_restore() in src/magic.c only restoring the seconds field,
and not the microseconds that utimes() can specify, and that
utime()/utimes() update both the atime and mtime fields. Consequently
the fractions of a second of atime and mtime are both set to 0.

Further, there is a comment in src/magic.c:
    /*
     * Try to restore access, modification times if read it.
     * This is really *bad* because it will modify the status
     * time of the file... And of course this will affect
     * backup programs
     */

We don't want to be doing *bad* things in keepalived, so that reinforces
removing MAGIC_PRESERVE_ATIME.

Signed-off-by: Quentin Armitage <[email protected]>
  • Loading branch information
pqarmitage committed Aug 23, 2023
1 parent af61b26 commit b2b6539
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion lib/keepalived_magic.h
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@
static inline magic_t
ka_magic_open(void)
{
magic_t magic = magic_open(MAGIC_PRESERVE_ATIME | MAGIC_ERROR | MAGIC_NO_CHECK_CDF | MAGIC_NO_CHECK_COMPRESS);
magic_t magic = magic_open(MAGIC_ERROR | MAGIC_NO_CHECK_CDF | MAGIC_NO_CHECK_COMPRESS);
if (!magic)
log_message(LOG_INFO, "Unable to open magic");
else if (magic_load(magic, NULL)) {
Expand Down

0 comments on commit b2b6539

Please sign in to comment.