diff options
author | Luke Shumaker <lukeshu@sbcglobal.net> | 2016-06-13 11:45:35 -0400 |
---|---|---|
committer | Luke Shumaker <lukeshu@sbcglobal.net> | 2016-06-13 11:45:35 -0400 |
commit | a41d8b2e2f8de1b3fc3953acc85a38540678dbae (patch) | |
tree | d359441d8b9d1fd3b6669083cacd5ae07501d54f /src/grp-udev/libudev-core/udev-builtin-uaccess.c | |
parent | 2a75cd50d49bf1ee06f6ed15949af70edb3c89f9 (diff) | |
parent | 44b313b1bcbdcda969b37cbb28983bf983fff403 (diff) |
Merge branch 'lukeshu/postmove' into lukeshu/master
Diffstat (limited to 'src/grp-udev/libudev-core/udev-builtin-uaccess.c')
-rw-r--r-- | src/grp-udev/libudev-core/udev-builtin-uaccess.c | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/src/grp-udev/libudev-core/udev-builtin-uaccess.c b/src/grp-udev/libudev-core/udev-builtin-uaccess.c new file mode 100644 index 0000000000..2c27116ae9 --- /dev/null +++ b/src/grp-udev/libudev-core/udev-builtin-uaccess.c @@ -0,0 +1,88 @@ +/* + * manage device node user ACL + * + * Copyright 2010-2012 Kay Sievers <kay@vrfy.org> + * Copyright 2010 Lennart Poettering + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#include <errno.h> +#include <stdio.h> +#include <stdlib.h> + +#include <systemd/sd-login.h> + +#include "login-util.h" +#include "logind-acl.h" +#include "udev.h" +#include "util.h" + +static int builtin_uaccess(struct udev_device *dev, int argc, char *argv[], bool test) { + int r; + const char *path = NULL, *seat; + bool changed_acl = false; + uid_t uid; + + umask(0022); + + /* don't muck around with ACLs when the system is not running systemd */ + if (!logind_running()) + return 0; + + path = udev_device_get_devnode(dev); + seat = udev_device_get_property_value(dev, "ID_SEAT"); + if (!seat) + seat = "seat0"; + + r = sd_seat_get_active(seat, NULL, &uid); + if (r == -ENXIO || r == -ENODATA) { + /* No active session on this seat */ + r = 0; + goto finish; + } else if (r < 0) { + log_error("Failed to determine active user on seat %s.", seat); + goto finish; + } + + r = devnode_acl(path, true, false, 0, true, uid); + if (r < 0) { + log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, "Failed to apply ACL on %s: %m", path); + goto finish; + } + + changed_acl = true; + r = 0; + +finish: + if (path && !changed_acl) { + int k; + + /* Better be safe than sorry and reset ACL */ + k = devnode_acl(path, true, false, 0, false, 0); + if (k < 0) { + log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, k, "Failed to apply ACL on %s: %m", path); + if (r >= 0) + r = k; + } + } + + return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; +} + +const struct udev_builtin udev_builtin_uaccess = { + .name = "uaccess", + .cmd = builtin_uaccess, + .help = "Manage device node user ACL", +}; |