cockpit: support access attributes in fsinfo

jelly · tomasmatus · commit 6ffaa9cdfd4e · 2025-05-21T15:23:59.000+02:00
For cockpit-files it is useful to know if the current watched directory or for example a text file is editable for the current user. Doing this based on the existing file permissions doesn't take ACL's into account. The `access` syscall only handles one access check (read/write/execute) per call making it rather inefficient to check for multiple scenario's, so that's why there are separate attrs depending on what the user want so in worst case we only add 1 extra syscall. As Python does not support AT_EMPTY_PATH, for the case where `name` is an empty string we read the access bits from `/proc/self/fd/$fd`. Closes: #21596
diff --git a/src/cockpit/channels/filesystem.py b/src/cockpit/channels/filesystem.py
@@ -440,6 +440,16 @@ def get_group(gid: int) -> 'str | int':
             except KeyError:
                 return gid
 
+        def get_access(dir_fd: int, name: str, mode: int, *, follow_symlinks: bool = False) -> 'bool | None':
+            try:
+                if name:
+                    return os.access(name, mode, dir_fd=dir_fd, follow_symlinks=follow_symlinks)
+                else:
+                    # This is the given path for which systemd_ctypes has already resolved the symlink
+                    return os.access(f'/proc/self/fd/{dir_fd}', mode, follow_symlinks=True)
+            except OSError:
+                return None
+
         stat_types = {stat.S_IFREG: 'reg', stat.S_IFDIR: 'dir', stat.S_IFLNK: 'lnk', stat.S_IFCHR: 'chr',
                       stat.S_IFBLK: 'blk', stat.S_IFIFO: 'fifo', stat.S_IFSOCK: 'sock'}
         available_stat_getters = {
@@ -469,6 +479,10 @@ def get_attrs(fd: int, name: str, follow: Follow) -> 'JsonDict | None':
                 with contextlib.suppress(OSError):
                     result['target'] = os.readlink(name, dir_fd=fd)
 
+            for (attr, mask) in [('r-ok', os.R_OK), ('w-ok', os.W_OK), ('x-ok', os.X_OK)]:
+                if attr in result:
+                    result[attr] = get_access(fd, name, mask, follow_symlinks=follow.value)
+
             return result
 
         return get_attrs
diff --git a/test/pytest/test_bridge.py b/test/pytest/test_bridge.py
@@ -1359,7 +1359,7 @@ async def test_fsinfo_onlydir(transport: MockTransport, fsinfo_test_cases: 'dict
 
         # with '/' appended, this should only open dirs
         client = await FsInfoClient.open(transport, str(path) + '/')
-        assert await client.wait() == expected_state
+        assert await client.wait() == expected_state, f'for {path}'
 
 
 @pytest.mark.asyncio
@@ -1587,3 +1587,39 @@ async def test_fsinfo_targets(transport: MockTransport, tmp_path: Path) -> None:
     # double-check with the non-watch variant
     client = await FsInfoClient.open(transport, tmp_path, ['type', 'target', 'targets'], fnmatch='l*')
     assert await client.wait() == state
+
+
+@pytest.mark.asyncio
+async def test_fsinfo_access_attrs(transport: MockTransport, fsinfo_test_cases: 'dict[Path, JsonObject]') -> None:
+    for path, expected_state in fsinfo_test_cases.items():
+        # these are errors
+        if path.name == 'dangling' or path.name == 'loopy':
+            continue
+
+        read_ok = True
+        write_ok = True
+        exec_ok = path.is_dir()
+
+        if path.name == 'no-r-dir':
+            read_ok = False
+        elif path.name == 'no-x-dir':
+            exec_ok = False
+        elif path.name == 'no-r-file':
+            read_ok = False
+            write_ok = False
+            exec_ok = False
+
+        expected_state = {'info': {'r-ok': read_ok, 'w-ok': write_ok, 'x-ok': exec_ok}}
+
+        # fnmatch='' to not include entries
+        client = await FsInfoClient.open(transport, path, attrs=['w-ok', 'r-ok', 'x-ok'], fnmatch='')
+        assert await client.wait() == expected_state, f'for path={path.name}'
+
+    # Symlink access bits are always allowed
+    for path, expected_state in fsinfo_test_cases.items():
+        if path.name != 'dev':
+            continue
+
+        expected_state = {'info': {'r-ok': True, 'w-ok': True, 'x-ok': True}}
+        client = await FsInfoClient.open(transport, path, attrs=['w-ok', 'r-ok', 'x-ok'], follow=False)
+        assert await client.wait() == expected_state, f'for path={path.name}'
