Perms attribute can now override immutable bit

The perms attribute of the files promise can now override the immutable
bit.

Ticket: ENT-10961, CFE-1840
Changelog: Commit
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>

Author: larsewi

cf-agent/verify_files_utils.c

@@ -2320,7 +2320,8 @@ static PromiseResult VerifyName(EvalContext *ctx, char *path, const struct stat
 
         if (MakingChanges(ctx, pp, attr, &result, "rename file '%s' to '%s'", path, newname))
         {
-            if (safe_chmod(changes_path, newperm) == 0)
+            const bool override_immutable = EvalContextOverrideImmutableGet(ctx);
+            if (OverrideImmutableChmod(changes_path, newperm, override_immutable))
             {
                 RecordChange(ctx, pp, attr, "Changed permissions of '%s' to 'mode %04jo'",
                              path, (uintmax_t)newperm);
@@ -2335,7 +2336,6 @@ static PromiseResult VerifyName(EvalContext *ctx, char *path, const struct stat
 
             if (!FileInRepository(newname))
             {
-                const bool override_immutable = EvalContextOverrideImmutableGet(ctx);
                 if (!OverrideImmutableRename(changes_path, changes_newname, override_immutable))
                 {
                     RecordFailure(ctx, pp, attr, "Error occurred while renaming '%s'", path);
@@ -2653,7 +2653,8 @@ static PromiseResult VerifyFileAttributes(EvalContext *ctx, const char *file, co
         if (MakingChanges(ctx, pp, attr, &result, "change permissions of '%s' from %04jo to %04jo",
                           file, (uintmax_t)dstat->st_mode & 07777, (uintmax_t)newperm & 07777))
         {
-            if (safe_chmod(changes_file, newperm & 07777) == -1)
+            const bool override_immutable = EvalContextOverrideImmutableGet(ctx);
+            if (!OverrideImmutableChmod(changes_file, newperm & 07777, override_immutable))
             {
                 RecordFailure(ctx, pp, attr, "Failed to change permissions of '%s'. (chmod: %s)",
                               file, GetErrorStr());

libpromises/override_fsattrs.c

@@ -5,6 +5,7 @@
 #include <files_copy.h>
 #include <cf3.defs.h>
 #include <string_lib.h>
+#include "file_lib.h"
 
 bool OverrideImmutableBegin(
     const char *orig, char *copy, size_t copy_len, bool override)
@@ -162,6 +163,28 @@ void ResetTemporarilyClearedImmutableBit(
     }
 }
 
+bool OverrideImmutableChmod(const char *filename, mode_t mode, bool override)
+{
+    assert(filename != NULL);
+
+    bool is_immutable;
+    FSAttrsResult res =
+        TemporarilyClearImmutableBit(filename, override, &is_immutable);
+
+    int ret = safe_chmod(filename, mode);
+    if (ret == -1)
+    {
+        Log(LOG_LEVEL_ERR,
+            "Failed to change mode on file '%s': %s",
+            filename,
+            GetErrorStr());
+    }
+
+    ResetTemporarilyClearedImmutableBit(filename, override, res, is_immutable);
+
+    return ret == 0;
+}
+
 bool OverrideImmutableRename(
     const char *old_filename, const char *new_filename, bool override)
 {

libpromises/override_fsattrs.h

@@ -29,6 +29,7 @@
 #include <stdbool.h>
 #include <stddef.h>
 #include <utime.h>
+#include <sys/types.h>
 
 /**
  * @brief Creates a mutable copy of the original file
@@ -55,6 +56,16 @@ bool OverrideImmutableBegin(
 bool OverrideImmutableCommit(
     const char *orig, const char *copy, bool override, bool abort);
 
+/**
+ * @brief Change mode on an immutable file
+ * @param filename Name of the file
+ * @param mode The file mode
+ * @param override Whether to actually do override
+ * @return false in case of failure
+ * @note It uses safe_chmod() under the hood
+ */
+bool OverrideImmutableChmod(const char *filename, mode_t mode, bool override);
+
 /**
  * @brief Temporarily clears the immutable bit of the old file and renames the
  * new to the old