andreacavalli/rocksdb
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Make database files' permissions configurable

Browse Source 
Summary: Closes https://github.com/facebook/rocksdb/pull/3709

Differential Revision: D7610227

Pulled By: xiaofeidu008

fbshipit-source-id: 88a52f0f9f96e2195fccde995cf9760b785e9f07
This commit is contained in:
Xiaofei Du 2018-04-13 13:05:28 -07:00 committed by Facebook Github Bot
parent 31ee4bf240
commit a0102aa6d7
3 changed files with 63 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
env/env_posix.cc vendored
View File

@ -74,6 +74,10 @@ ThreadStatusUpdater* CreateThreadStatusUpdater() {
return new ThreadStatusUpdater(); return new ThreadStatusUpdater();
} }
inline mode_t GetDBFileMode(bool allow_non_owner_access) {
return allow_non_owner_access ? 0644 : 0600;
}
// list of pathnames that are locked // list of pathnames that are locked
static std::set<std::string> lockedFiles; static std::set<std::string> lockedFiles;
static port::Mutex mutex_lockedFiles; static port::Mutex mutex_lockedFiles;
@ -167,7 +171,7 @@ class PosixEnv : public Env {
do { do {
IOSTATS_TIMER_GUARD(open_nanos); IOSTATS_TIMER_GUARD(open_nanos);
fd = open(fname.c_str(), flags, 0644); fd = open(fname.c_str(), flags, GetDBFileMode(allow_non_owner_access_));
} while (fd < 0 && errno == EINTR); } while (fd < 0 && errno == EINTR);
if (fd < 0) { if (fd < 0) {
return IOError("While opening a file for sequentially reading", fname, return IOError("While opening a file for sequentially reading", fname,
@ -217,7 +221,7 @@ class PosixEnv : public Env {
do { do {
IOSTATS_TIMER_GUARD(open_nanos); IOSTATS_TIMER_GUARD(open_nanos);
fd = open(fname.c_str(), flags, 0644); fd = open(fname.c_str(), flags, GetDBFileMode(allow_non_owner_access_));
} while (fd < 0 && errno == EINTR); } while (fd < 0 && errno == EINTR);
if (fd < 0) { if (fd < 0) {
return IOError("While open a file for random read", fname, errno); return IOError("While open a file for random read", fname, errno);
@ -288,7 +292,7 @@ class PosixEnv : public Env {
do { do {
IOSTATS_TIMER_GUARD(open_nanos); IOSTATS_TIMER_GUARD(open_nanos);
fd = open(fname.c_str(), flags, 0644); fd = open(fname.c_str(), flags, GetDBFileMode(allow_non_owner_access_));
} while (fd < 0 && errno == EINTR); } while (fd < 0 && errno == EINTR);
if (fd < 0) { if (fd < 0) {
@ -376,7 +380,8 @@ class PosixEnv : public Env {
do { do {
IOSTATS_TIMER_GUARD(open_nanos); IOSTATS_TIMER_GUARD(open_nanos);
fd = open(old_fname.c_str(), flags, 0644); fd = open(old_fname.c_str(), flags,
GetDBFileMode(allow_non_owner_access_));
} while (fd < 0 && errno == EINTR); } while (fd < 0 && errno == EINTR);
if (fd < 0) { if (fd < 0) {
s = IOError("while reopen file for write", fname, errno); s = IOError("while reopen file for write", fname, errno);
@ -436,7 +441,8 @@ class PosixEnv : public Env {
int fd = -1; int fd = -1;
while (fd < 0) { while (fd < 0) {
IOSTATS_TIMER_GUARD(open_nanos); IOSTATS_TIMER_GUARD(open_nanos);
fd = open(fname.c_str(), O_CREAT | O_RDWR, 0644); fd = open(fname.c_str(), O_CREAT | O_RDWR,
GetDBFileMode(allow_non_owner_access_));
if (fd < 0) { if (fd < 0) {
// Error while opening the file // Error while opening the file
if (errno == EINTR) { if (errno == EINTR) {
@ -789,6 +795,11 @@ class PosixEnv : public Env {
return thread_pools_[pri].GetBackgroundThreads(); return thread_pools_[pri].GetBackgroundThreads();
} }
virtual Status SetAllowNonOwnerAccess(bool allow_non_owner_access) override {
allow_non_owner_access_ = allow_non_owner_access;
return Status::OK();
}
// Allow increasing the number of worker threads. // Allow increasing the number of worker threads.
virtual void IncBackgroundThreadsIfNeeded(int num, Priority pri) override { virtual void IncBackgroundThreadsIfNeeded(int num, Priority pri) override {
assert(pri >= Priority::BOTTOM && pri <= Priority::HIGH); assert(pri >= Priority::BOTTOM && pri <= Priority::HIGH);
@ -888,13 +899,17 @@ class PosixEnv : public Env {
std::vector<ThreadPoolImpl> thread_pools_; std::vector<ThreadPoolImpl> thread_pools_;
pthread_mutex_t mu_; pthread_mutex_t mu_;
std::vector<pthread_t> threads_to_join_; std::vector<pthread_t> threads_to_join_;
// If true, allow non owner read access for db files. Otherwise, non-owner
// has no access to db files.
bool allow_non_owner_access_;
}; };
PosixEnv::PosixEnv() PosixEnv::PosixEnv()
: checkedDiskForMmap_(false), : checkedDiskForMmap_(false),
forceMmapOff_(false), forceMmapOff_(false),
page_size_(getpagesize()), page_size_(getpagesize()),
thread_pools_(Priority::TOTAL) { thread_pools_(Priority::TOTAL),
allow_non_owner_access_(true) {
ThreadPoolImpl::PthreadCall("mutex_init", pthread_mutex_init(&mu_, nullptr)); ThreadPoolImpl::PthreadCall("mutex_init", pthread_mutex_init(&mu_, nullptr));
for (int pool_id = 0; pool_id < Env::Priority::TOTAL; ++pool_id) { for (int pool_id = 0; pool_id < Env::Priority::TOTAL; ++pool_id) {
thread_pools_[pool_id].SetThreadPriority( thread_pools_[pool_id].SetThreadPriority(

34
env/env_test.cc vendored
View File

@ -166,6 +166,40 @@ TEST_F(EnvPosixTest, AreFilesSame) {
} }
#endif #endif
#ifdef OS_LINUX
TEST_F(EnvPosixTest, FilePermission) {
// Only works for Linux environment
if (env_ == Env::Default()) {
EnvOptions soptions;
std::vector<std::string> fileNames {
test::TmpDir(env_) + "/testfile", test::TmpDir(env_) + "/testfile1"};
unique_ptr<WritableFile> wfile;
ASSERT_OK(env_->NewWritableFile(fileNames[0], &wfile, soptions));
unique_ptr<RandomRWFile> rwfile;
ASSERT_OK(env_->NewRandomRWFile(fileNames[1], &rwfile, soptions));
struct stat sb;
for (const auto& filename : fileNames) {
if (::stat(filename.c_str(), &sb) == 0) {
ASSERT_EQ(sb.st_mode & 0777, 0644);
}
env_->DeleteFile(filename);
}
env_->SetAllowNonOwnerAccess(false);
ASSERT_OK(env_->NewWritableFile(fileNames[0], &wfile, soptions));
ASSERT_OK(env_->NewRandomRWFile(fileNames[1], &rwfile, soptions));
for (const auto& filename : fileNames) {
if (::stat(filename.c_str(), &sb) == 0) {
ASSERT_EQ(sb.st_mode & 0777, 0600);
}
env_->DeleteFile(filename);
}
}
}
#endif
TEST_P(EnvPosixTestWithParam, UnSchedule) { TEST_P(EnvPosixTestWithParam, UnSchedule) {
std::atomic<bool> called(false); std::atomic<bool> called(false);
env_->SetBackgroundThreads(1, Env::LOW); env_->SetBackgroundThreads(1, Env::LOW);

8
include/rocksdb/env.h
View File

@ -383,6 +383,10 @@ class Env {
virtual void SetBackgroundThreads(int number, Priority pri = LOW) = 0; virtual void SetBackgroundThreads(int number, Priority pri = LOW) = 0;
virtual int GetBackgroundThreads(Priority pri = LOW) = 0; virtual int GetBackgroundThreads(Priority pri = LOW) = 0;
virtual Status SetAllowNonOwnerAccess(bool /*allow_non_owner_access*/) {
return Status::NotSupported("Not supported.");
}
// Enlarge number of background worker threads of a specific thread pool // Enlarge number of background worker threads of a specific thread pool
// for this environment if it is smaller than specified. 'LOW' is the default // for this environment if it is smaller than specified. 'LOW' is the default
// pool. // pool.
@ -1074,6 +1078,10 @@ class EnvWrapper : public Env {
return target_->GetBackgroundThreads(pri); return target_->GetBackgroundThreads(pri);
} }
Status SetAllowNonOwnerAccess(bool allow_non_owner_access) override {
return target_->SetAllowNonOwnerAccess(allow_non_owner_access);
}
void IncBackgroundThreadsIfNeeded(int num, Priority pri) override { void IncBackgroundThreadsIfNeeded(int num, Priority pri) override {
return target_->IncBackgroundThreadsIfNeeded(num, pri); return target_->IncBackgroundThreadsIfNeeded(num, pri);
} }