PypiFacade and other file tracking faux services implemented by CsmakeServiceProvider track permissions of files that it seeks to change...if the permissions are changed by a secondary actor while the facade is active and has gained ownership of a file, then the service will incorrectly restore the old permissions.
Three things need to happen:
We should tighten the contention window for permissions to be for only the times when CsmakeServiceProvider needs to make a change to a monitored file....this is hard because this means that every time ensure is run, the permissions will have to be captured and released vs. now when we simply have the files we need captured with the state of the permissions at the time of the capture....this may cause the file tracking and ensuring of faux service state to become less stable and slower.
We need to ensure that external changes to permissions win in contention situations.
a) This implies that we must check the "owned" state against the current state before restoring the previous state if owned != current -> abort restore of permissions.
b) inotify has an IN_ATTRIB notification that we could handle and track....this may be easier to simply check a list of all the IN_ATTRIB'ed files we encounter.....however, the catch is that we strip tracking for files where we can to free up inotify resources and in scarce inotify instances we have the problem that we may not be tracking some files via inotify.
autumnpat
commented
7 years ago
PypiFacade and other file tracking faux services implemented by CsmakeServiceProvider track permissions of files that it seeks to change...if the permissions are changed by a secondary actor while the facade is active and has gained ownership of a file, then the service will incorrectly restore the old permissions.
Three things need to happen: