Rollback for snapshot merge

[typpos]

Is your feature request related to a problem or use case?

Feature:

• Snapshot system to be able to roll back when a merge fails

Motivation:

• Even though the snapshot manager seems to try to l,ock the base folders, a merge can still fail because of unboxed applications, junctions, and other reasons. In such cases, the user ends up with an inconsistent UI state, inconsistent snapshot data, and is required to manually resolve the merge.
• I've had issues twice so far when working (not 'testing') with snapshots where a merge fails. Once I lost files (dunno how), and another time I had to manually complete the merge by carefully copying files across directories, leaving me unsure if registry and other data are consistent.

Example Repro:

• Create a sandox
• Create some folders in it
• Create a snapshot
• Browse the sandboxed folders with an unsandboxed File Explorer
• Change directory away/out of the sandboxed folders
• Delete the snapshot
• Not always, but reasonably often the delete fails

Suggestion:

NTFS has / used to have transactional file operations (TxF), but they are being deprecated so probably not an option.

A workable alternative might be to create a log file with reversible actions (essentially just move actions), and to move to-be-deleted/replaced files to a temp folder before actually deleting that entire temp folder at the very end. The log can be re-processed by sandboxie even in case of a crash or for a retry.

Describe the solution you'd like

Ability to roll back.

Being sure my sandboxes remain consistent without data loss when using snapshots.

Describe alternatives you've considered

Manually copy a snapshot / current outside the sandbox before merging.

[DavidXanatos]

This is a good idea we should make the snapshot Featue more robust.

[typpos]

If you revisit the core merge algorithm, maybe consider:

• Option to copy or move files, ie apply vs merge.
• Option to treat source as parent (target wins merge conflict) or child (source wins)

This would enable a range of interesting use cases where a snapshot can be treated as a "storage package" that can be used across multiple boxes (move-to, copy, drop, merge-into-X-as-parent, apply-to-X-as-child, etc).

[DavidXanatos]

In the next build the snapshot should not be left in an unusable state, the plan is to throw an error and then let the user try to delete it again and again and again until it works.
So the code now should gracefully handle partially merged snapshots and be able to continue when encountering a snapshot that was already attempted to be merged.