On Tue, 19.03.13 17:36, Ludwig Nussel ([email protected]) wrote:
> useful to get ACLs on files, sockets etc not known to udev
Can't say I like this one. Sounds like an awful lot of code to me to
support evil closed source drivers.
Kay, what do you say?
If we could find a simpler way (for example, a list setting in
logind.conf) and emphasize that this is for any file, for example
sockets/fifos, this might be more palatable to me, but I still don't
like it.
> ---
> src/login/logind-acl.c | 59
> ++++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 59 insertions(+)
>
> diff --git a/src/login/logind-acl.c b/src/login/logind-acl.c
> index cb045a9..a44ecdc 100644
> --- a/src/login/logind-acl.c
> +++ b/src/login/logind-acl.c
> @@ -28,6 +28,18 @@
> #include "logind-acl.h"
> #include "util.h"
> #include "acl-util.h"
> +#include "strv.h"
> +#include "conf-files.h"
> +
> +static const char conf_file_dirs[] =
> + "/etc/systemd/acls.d\0"
> + "/run/systemd/acls.d\0"
> + "/usr/local/lib/systemd/acls.d\0"
> + "/usr/lib/systemd/acls.d\0"
> +#ifdef HAVE_SPLIT_USR
> + "/lib/systemd/acls.d\0"
> +#endif
> + ;
>
> static int flush_acl(acl_t acl) {
> acl_entry_t i;
> @@ -171,6 +183,51 @@ finish:
> return r;
> }
>
> +static int apply_static_file_acls(
> + const char *seat,
> + bool flush,
> + bool del, uid_t old_uid,
> + bool add, uid_t new_uid) {
> + _cleanup_strv_free_ char **files = NULL;
> + int r;
> + char **fn;
> +
> + r = conf_files_list_nulstr(&files, ".conf", NULL, conf_file_dirs);
> + if (r < 0) {
> + log_error("Failed to enumerate acl.d files: %s", strerror(-r));
> + goto finish;
> + }
> +
> + STRV_FOREACH(fn, files) {
> + _cleanup_fclose_ FILE* fp = NULL;
> + char line[LINE_MAX];
> +
> + r = search_and_fopen_nulstr(*fn, "re", conf_file_dirs, &fp);
> + if (r < 0)
> + continue;
> +
> + FOREACH_LINE(line, fp, return -errno) {
> + int k;
> + char* l = strstrip(line);
> + const char* sn = seat; // TODO: allow to specify seat
> in second column?
> +
> + if (*l == '#' || *l == 0)
> + continue;
> +
> + log_debug("Fixing up static entry %s for seat %s...",
> l, sn);
> +
> + k = devnode_acl(l, flush, del, old_uid, add, new_uid);
> + if (k < 0) {
> + log_error("Failed to set acl on %s: %s", l,
> strerror(-k));
> + }
> + }
> +
> + }
> +
> +finish:
> + return r;
> +}
> +
> int devnode_acl_all(struct udev *udev,
> const char *seat,
> bool flush,
> @@ -240,6 +297,8 @@ int devnode_acl_all(struct udev *udev,
> goto finish;
> }
>
> + apply_static_file_acls(seat, flush, del, old_uid, add, new_uid);
> +
> finish:
> if (e)
> udev_enumerate_unref(e);
Lennart
--
Lennart Poettering - Red Hat, Inc.
_______________________________________________
systemd-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
