journald: DO recalculate the ACL mask, but only if it doesn't exist

Since 11ec7ce, journald isn't setting the ACLs properly anymore if the files had no ACLs to begin with: acl_set_fd fails with EINVAL. An ACL with ACL_USER or ACL_GROUP entries but no ACL_MASK entry is invalid, so make sure a mask exists before trying to set the ACL.
author: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com> 2013-05-28 20:45:34 +0200
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2013-05-30 00:43:39 -0400
commit: 23ad4dd8844c582929115a11ed2830a1371568d6 (patch)
tree: 72da26672d1661c56b8ac5e2735167682692d952 /src/journal
parent: 8de1fd281e82c038797b02a447056a382f9b5110 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index b717b92ffb..da5b725863 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -227,9 +227,11 @@ void server_fix_perms(Server *s, JournalFile *f, uid_t uid) {
                 }
         }
 
-        /* We do not recalculate the mask here, so that the fchmod() mask above stays intact. */
+        /* We do not recalculate the mask unconditionally here,
+         * so that the fchmod() mask above stays intact. */
         if (acl_get_permset(entry, &permset) < 0 ||
-            acl_add_perm(permset, ACL_READ) < 0) {
+            acl_add_perm(permset, ACL_READ) < 0 ||
+            calc_acl_mask_if_needed(&acl) < 0) {
                 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
                 goto finish;
         }
author	Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>	2013-05-28 20:45:34 +0200
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2013-05-30 00:43:39 -0400
commit	23ad4dd8844c582929115a11ed2830a1371568d6 (patch)
tree	72da26672d1661c56b8ac5e2735167682692d952 /src/journal
parent	8de1fd281e82c038797b02a447056a382f9b5110 (diff)