[pve-devel] firewall : possible bug/race when cluster.fw is replicated and rules are updated ?

Thomas Lamprecht t.lamprecht at proxmox.com
Wed Jan 9 09:17:58 CET 2019


On 1/9/19 8:36 AM, Alexandre DERUMIER wrote:
>>> Hmm, but if one wants to restore the defaults by simply deleting the file he'd 
>>> need to restart the firewall daemon too. Not really sure if this is ideal 
>>> either... Even if we could do heuristics for if the file was really 
>>> removed/truncated (double checks) that would be just feel hacky and as said 
>>> above, such actions can get you in trouble with all processes where there are 
>>> reader writers, so this should be handled by the one updating the file. 
> 
> Ok I understand.
> I'm also think of case, where we could have a corosync/network failure, 
> where /etc/pve couldn't be mounted anymore or not readable, 
> that mean that in this case the firewall will be off too.
> That's seem bad for security....

Yeah, that's a valid concern.
Maybe we could simply omit changing rules or anything else if we are not quorate?
Would seem like the right thing to do, because in that case we cannot assume
anything so it's best to keep the last valid state intact.

> 
>>> But maybe a note like "As with all other filesystems you need to ensure a write 
>>> operation is seen atomic by any read process by writing to a temporary file and 
>>> then renaming (move) it. 
> 
> Sound great :)




More information about the pve-devel mailing list