From 0f2e24d2801efa866d5443f581ee25f3783a9a41 Mon Sep 17 00:00:00 2001
From: Marek Blaha <mblaha@redhat.com>
Date: Fri, 7 Feb 2025 10:04:50 +0100
Subject: [PATCH 15/15] module: Warn if module config file is inaccessible

If a DNF module configuration file is unreadable, `dnf` may return
unexpected results without warning the user, potentially affecting
command output.

Steps to reproduce:

1. Enable the `nginx` module as root with a restrictive `umask`, making
   the config file unreadable for normal users:

   # umask 0066
   # dnf module enable nginx:1.24
   # ls -l /etc/dnf/modules.d/nginx.module
   -rw-------. 1 root root 55 Oct 16 09:59 /etc/dnf/modules.d/nginx.module

2. Check available packages as root (CORRECT):

   # dnf list --available nginx
   [...]
   Available Packages
   nginx.x86_64            1:1.24.0-1.module+el9.4.0+21950+8ebc21e2.1

3. Check available packages as a normal user (INCORRECT):

   $ dnf list --available nginx
   [...]
   Available Packages
   nginx.x86_64            1:1.20.1-16.el9_4.1

This patch introduces a warning when a module config file exists but is
inaccessible, helping users diagnose potential issues:

   $ dnf list --available nginx
   [...]
   Cannot read "/etc/dnf/modules.d/nginx.module". Modular filtering may be affected.
   Available Packages
   nginx.x86_64            1:1.20.1-16.el9_4.1

Resolves: https://issues.redhat.com/browse/RHEL-62833
Resolves: https://issues.redhat.com/browse/RHEL-83804

Upstream commit: 28805cd
---
 libdnf/module/ModulePackageContainer.cpp | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/libdnf/module/ModulePackageContainer.cpp b/libdnf/module/ModulePackageContainer.cpp
index 5727a96b..3745160f 100644
--- a/libdnf/module/ModulePackageContainer.cpp
+++ b/libdnf/module/ModulePackageContainer.cpp
@@ -1370,10 +1370,10 @@ static inline void
 parseConfig(ConfigParser &parser, const std::string &name, const char *path)
 {
     auto logger(Log::getLogger());
+    const auto fname = name + ".module";
+    g_autofree gchar * cfn = g_build_filename(path, fname.c_str(), NULL);
 
     try {
-        const auto fname = name + ".module";
-        g_autofree gchar * cfn = g_build_filename(path, fname.c_str(), NULL);
         parser.read(cfn);
 
         /* FIXME: init empty config or throw error? */
@@ -1393,10 +1393,15 @@ parseConfig(ConfigParser &parser, const std::string &name, const char *path)
             parser.setValue(name, "state", parser.getValue(name, "enabled"));
             parser.removeOption(name, "enabled");
         }
-    } catch (const ConfigParser::CantOpenFile &) {
+    } catch (const ConfigParser::FileDoesNotExist &) {
         /* No module config file present. Fill values in */
         initConfig(parser, name);
         return;
+    } catch (const ConfigParser::CantOpenFile &) {
+        /* File exists but is not readable. */
+        logger->warning(tfm::format("Cannot read \"%s\". Modular filtering may be affected.", cfn));
+        initConfig(parser, name);
+        return;
     }
 }
 
-- 
2.48.1