summaryrefslogtreecommitdiff
path: root/src/tmpfiles
diff options
context:
space:
mode:
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2015-01-18 18:22:27 -0500
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2015-01-22 01:14:53 -0500
commitdd4105b0a90c3c146a01e5a7734ee76c3a9aa1cd (patch)
tree8495e75a56e34df54a13fcca25a5a2e2ec0248c2 /src/tmpfiles
parenta48a62a1af02aec4473c9deed98dd5b89d210f93 (diff)
shared/acl-util: add mask only when needed, always add base ACLs
For ACLs to be valid, a set of entries for user, group, and other must be always present. Always add those entries. While at it, only add the mask ACL if it is actually required, i.e. when at least on ACL for non-owner group or user exists.
Diffstat (limited to 'src/tmpfiles')
-rw-r--r--src/tmpfiles/tmpfiles.c25
1 files changed, 19 insertions, 6 deletions
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 3c8993e894..7edeeb7428 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -614,22 +614,35 @@ static int get_acls_from_arg(Item *item) {
}
static int path_set_acl(const char *path, acl_type_t type, acl_t acl, bool modify) {
- _cleanup_(acl_freep) acl_t cleanme = NULL;
+ _cleanup_(acl_freep) acl_t dup = NULL;
int r;
if (modify) {
- r = acls_for_file(path, type, acl, &cleanme);
+ r = acls_for_file(path, type, acl, &dup);
if (r < 0)
return r;
- acl = cleanme;
- };
- r = acl_set_file(path, type, acl);
+ r = calc_acl_mask_if_needed(&dup);
+ if (r < 0)
+ return r;
+ } else {
+ dup = acl_dup(acl);
+ if (!dup)
+ return -errno;
+
+ /* the mask was already added earlier if needed */
+ }
+
+ r = add_base_acls_if_needed(&dup, path);
+ if (r < 0)
+ return r;
+
+ r = acl_set_file(path, type, dup);
if (r < 0) {
_cleanup_(acl_free_charpp) char *t;
r = -errno;
- t = acl_to_any_text(acl, NULL, ',', TEXT_ABBREVIATE);
+ t = acl_to_any_text(dup, NULL, ',', TEXT_ABBREVIATE);
log_error_errno(r,
"Setting %s ACL \"%s\" on %s failed: %m",
type == ACL_TYPE_ACCESS ? "access" : "default",