Andrew Savchenko
Andrew Savchenko
Clsync should be able to create temp dir as root, but it can't in this case: ``` # echo $TMPDIR /tmp/.private/root # stat -c "%a/%A %u:%g" /tmp/.private/root 1700/drwx-----T 0:0 #...
$ clsync -v -M rsyncdirect -W alt -D test --inherit-capabilities Segmentation fault
``` [home] watch-dir = /home/user mode = rsyncdirect destination-dir = user@host:path -- = %RSYNC-ARGS% -AX -x --backup --backup-dir=/path_to_backup -e 'ssh -i /home/user/.ssh/backup_key' %watch-dir%/ %destination-dir%/ splitting = thread seccomp-filter = 1...
After issue #19 implementation it will be reasonable to allow fine-tune of delays and subsecond delays before syncs.
Support profile guided optimization for gcc and lcc. This will likely require some extensive testing.
clsync with --enable-seccomp fails to build on aarch64: 149 | FILTER_TABLE_ARCHDEPENDED privileged.c:88:34: error: initializer element is not constant 88 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_##syscall, 0, 1), \ -- 149 | FILTER_TABLE_ARCHDEPENDED privileged.c:88:34:...
# clsync --secure-splitting --only-initialsync -Mrsyncdirect -S rsync -W/root/.temp/tmp/a -D/root/.temp/tmp/b Bad system call Without either --secure-splitting or --only-initialsync works as expected.
Clsync has plenty of security related options. ATM it is not easy to understand how they should be used together to gain maximum security for various use cases. So please...
I was testing clsync so handler and found that clsync API is unstable due to its dependence on defines. E.g. when compiling helper module I found that ctx_p->watchdir contains "nolabel"...
As discussed in [Gentoo bug 717340][1] musl based system don't provide execinfo.h interface. Right now this problem is fixed with commit f989c31bb8b735c600144527f44658dc992246d8 by disabling bactracing support if execinfo.h is not...