[systemd-devel] [PATCH] support statically configured acls

Tue, 19 Mar 2013 09:39:39 -0700 

useful to get ACLs on files, sockets etc not known to udev
---
 src/login/logind-acl.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)

diff --git a/src/login/logind-acl.c b/src/login/logind-acl.c
index cb045a9..a44ecdc 100644
--- a/src/login/logind-acl.c
+++ b/src/login/logind-acl.c
@@ -28,6 +28,18 @@
 #include "logind-acl.h"
 #include "util.h"
 #include "acl-util.h"
+#include "strv.h"
+#include "conf-files.h"
+
+static const char conf_file_dirs[] =
+        "/etc/systemd/acls.d\0"
+        "/run/systemd/acls.d\0"
+        "/usr/local/lib/systemd/acls.d\0"
+        "/usr/lib/systemd/acls.d\0"
+#ifdef HAVE_SPLIT_USR
+        "/lib/systemd/acls.d\0"
+#endif
+       ;
 
 static int flush_acl(acl_t acl) {
         acl_entry_t i;
@@ -171,6 +183,51 @@ finish:
         return r;
 }
 
+static int apply_static_file_acls(
+               const char *seat,
+               bool flush,
+                bool del, uid_t old_uid,
+                bool add, uid_t new_uid) {
+       _cleanup_strv_free_ char **files = NULL;
+       int r;
+       char **fn;
+
+       r = conf_files_list_nulstr(&files, ".conf", NULL, conf_file_dirs);
+       if (r < 0) {
+               log_error("Failed to enumerate acl.d files: %s", strerror(-r));
+               goto finish;
+       }
+
+       STRV_FOREACH(fn, files) {
+               _cleanup_fclose_ FILE* fp = NULL;
+               char line[LINE_MAX];
+
+               r = search_and_fopen_nulstr(*fn, "re", conf_file_dirs, &fp);
+               if (r < 0)
+                       continue;
+
+               FOREACH_LINE(line, fp, return -errno) {
+                       int k;
+                       char* l = strstrip(line);
+                       const char* sn = seat; // TODO: allow to specify seat 
in second column?
+
+                       if (*l == '#' || *l == 0)
+                               continue;
+
+                       log_debug("Fixing up static entry %s for seat %s...", 
l, sn);
+
+                       k = devnode_acl(l, flush, del, old_uid, add, new_uid);
+                       if (k < 0) {
+                               log_error("Failed to set acl on %s: %s", l, 
strerror(-k));
+                       }
+               }
+
+       }
+
+finish:
+       return r;
+}
+
 int devnode_acl_all(struct udev *udev,
                     const char *seat,
                     bool flush,
@@ -240,6 +297,8 @@ int devnode_acl_all(struct udev *udev,
                         goto finish;
         }
 
+       apply_static_file_acls(seat, flush, del, old_uid, add, new_uid);
+
 finish:
         if (e)
                 udev_enumerate_unref(e);
-- 
1.8.1.4

_______________________________________________
systemd-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Reply via email to