| From: | Andres Freund <andres(at)anarazel(dot)de> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | errcode_for_file_access() maps EROFS to INSUFFICIENT_PRIVILEGE |
| Date: | 2023-11-18 22:59:18 |
| Message-ID: | 20231118225918.br45qtdf26wd4apj@awork3.anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
On linux, many filesystems default to remounting themselves read-only when
metadata IO fails. I.e. one common reaction to disks failing is a previously
read-write filesystem becoming read-only.
When e.g. trying to create a file on such a filesystem, errno is set to
EROFS. Writing with pre-existing FDs seems to mostly generate EIO.
In errcode_for_file_access(), we map EROFS to
ERRCODE_INSUFFICIENT_PRIVILEGE. An error code that's used very widely for many
other purposes.
Because it is so widely used, just searching for log messages with an
ERRCODE_INSUFFICIENT_PRIVILEGE sqlstate isn't promising, obviously stuff like
ERROR: permission denied to set parameter \"%s\"
isn't interesting.
Nor is EROFS a question of insufficient privileges - the filesystem is read
only, even root would not be permitted to write.
I think ERRCODE_IO_ERROR would be more appropriate than
ERRCODE_INSUFFICIENT_PRIVILEGE, but not exactly great.
The only real downside would be a slightly odd sqlstate for postmaster's
creation of a lock file. If a tablespace were mounted read-only, IO_ERROR
actually seems fine.
Greetings,
Andres Freund
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2023-11-18 23:09:58 | reindexing an invalid index should not use ERRCODE_INDEX_CORRUPTED |
| Previous Message | Andres Freund | 2023-11-18 22:29:11 | PANIC serves too many masters |