New kernel has stricter checks on tmpfs with stick-bit on directories, so some
commands (i.e. proxmox-tape changer status) fails when executed as root, because
permission checks fails when locking the drive.
This patch move the drive locks to /run/proxmox-backup/drive-lock.
Note: This is incompatible to old locking mechmanism, so users may not
run tape backups during update (or running backup can fail).
proxmox_backup::tape::create_tape_status_dir()?;
proxmox_backup::tape::create_drive_state_dir()?;
proxmox_backup::tape::create_changer_state_dir()?;
proxmox_backup::tape::create_tape_status_dir()?;
proxmox_backup::tape::create_drive_state_dir()?;
proxmox_backup::tape::create_changer_state_dir()?;
+ proxmox_backup::tape::create_drive_lock_dir()?;
if let Err(err) = generate_auth_key() {
bail!("unable to generate auth key - {}", err);
if let Err(err) = generate_auth_key() {
bail!("unable to generate auth key - {}", err);
config: &SectionConfigData,
drive: &str,
) -> Result<Option<String>, Error> {
config: &SectionConfigData,
drive: &str,
) -> Result<Option<String>, Error> {
- let path = format!("/run/proxmox-backup/drive-state/{}", drive);
+ let path = format!("{}/{}", crate::tape::DRIVE_STATE_DIR, drive);
let state = file_read_optional_string(path)?;
let device_path = tape_device_path(config, drive)?;
let state = file_read_optional_string(path)?;
let device_path = tape_device_path(config, drive)?;
let lock_name = crate::tools::systemd::escape_unit(device_path, true);
let lock_name = crate::tools::systemd::escape_unit(device_path, true);
- let mut path = std::path::PathBuf::from("/var/lock");
+ let mut path = std::path::PathBuf::from(crate::tape::DRIVE_LOCK_DIR);
path.push(lock_name);
let timeout = std::time::Duration::new(10, 0);
path.push(lock_name);
let timeout = std::time::Duration::new(10, 0);
let lock_name = crate::tools::systemd::escape_unit(device_path, true);
let lock_name = crate::tools::systemd::escape_unit(device_path, true);
- let mut path = std::path::PathBuf::from("/var/lock");
+ let mut path = std::path::PathBuf::from(crate::tape::DRIVE_LOCK_DIR);
path.push(lock_name);
let timeout = std::time::Duration::new(0, 0);
path.push(lock_name);
let timeout = std::time::Duration::new(0, 0);
/// Directory path where we store all tape status information
pub const TAPE_STATUS_DIR: &str = "/var/lib/proxmox-backup/tape";
/// Directory path where we store all tape status information
pub const TAPE_STATUS_DIR: &str = "/var/lib/proxmox-backup/tape";
+/// Directory path where we store drive lock file
+pub const DRIVE_LOCK_DIR: &str = concat!(PROXMOX_BACKUP_RUN_DIR_M!(), "/drive-lock");
+
/// Directory path where we store temporary drive state
pub const DRIVE_STATE_DIR: &str = concat!(PROXMOX_BACKUP_RUN_DIR_M!(), "/drive-state");
/// Directory path where we store temporary drive state
pub const DRIVE_STATE_DIR: &str = concat!(PROXMOX_BACKUP_RUN_DIR_M!(), "/drive-state");
+/// Create drive lock dir with correct permission
+pub fn create_drive_lock_dir() -> Result<(), Error> {
+ let backup_user = crate::backup::backup_user()?;
+ let mode = nix::sys::stat::Mode::from_bits_truncate(0o0750);
+ let options = CreateOptions::new()
+ .perm(mode)
+ .owner(backup_user.uid)
+ .group(backup_user.gid);
+
+ create_path(DRIVE_LOCK_DIR, None, Some(options))
+ .map_err(|err: Error| format_err!("unable to create drive state dir - {}", err))?;
+
+ Ok(())
+}
+
/// Create drive state dir with correct permission
pub fn create_drive_state_dir() -> Result<(), Error> {
let backup_user = crate::backup::backup_user()?;
/// Create drive state dir with correct permission
pub fn create_drive_state_dir() -> Result<(), Error> {
let backup_user = crate::backup::backup_user()?;