diff options
| -rw-r--r-- | man/tmpfiles.d.xml | 31 | ||||
| -rw-r--r-- | src/tmpfiles/tmpfiles.c | 57 |
2 files changed, 65 insertions, 23 deletions
diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml index 7c1ef42c20..ee33afcf6b 100644 --- a/man/tmpfiles.d.xml +++ b/man/tmpfiles.d.xml @@ -273,7 +273,7 @@ <listitem><para>Adjust the access mode, group and user, and restore the SELinux security context of a file or directory, if it exists. Lines of this type accept shell-style globs in - place of normal path names. </para></listitem> + place of normal path names.</para></listitem> </varlistentry> <varlistentry> @@ -288,16 +288,35 @@ <varlistentry> <term><varname>t</varname></term> - <listitem><para>Set extended attributes on the specified - path. This can be useful for setting SMACK labels. + <listitem><para>Set extended attributes. Lines of this type + accept shell-style globs in place of normal path names. + This can be useful for setting SMACK labels. + </para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>T</varname></term> + <listitem><para>Recursively set extended attributes. Lines + of this type accept shell-style globs in place of normal + path names. This can be useful for setting SMACK labels. </para></listitem> </varlistentry> <varlistentry> <term><varname>a</varname></term> - <listitem><para>Set POSIX ACLs (access control lists) on the - specified path. This can be useful for allowing aditional - access to certain files.</para></listitem> + <listitem><para>Set POSIX ACLs (access control lists). + Lines of this type accept shell-style globs in + place of normal path names. This can be useful for + allowing additional access to certain files. + </para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>A</varname></term> + <listitem><para>Recursively set POSIX ACLs. Lines of this + type accept shell-style globs in place of normal path + names. This can be useful for allowing additional access to + certain files.</para></listitem> </varlistentry> </variablelist> diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c index d563989790..44a087807e 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c @@ -76,10 +76,12 @@ typedef enum ItemType { CREATE_CHAR_DEVICE = 'c', CREATE_BLOCK_DEVICE = 'b', COPY_FILES = 'C', - SET_XATTR = 't', - SET_ACL = 'a', /* These ones take globs */ + SET_XATTR = 't', + RECURSIVE_SET_XATTR = 'T', + SET_ACL = 'a', + RECURSIVE_SET_ACL = 'A', WRITE_FILE = 'w', IGNORE_PATH = 'x', IGNORE_DIRECTORY_PATH = 'X', @@ -151,7 +153,11 @@ static bool needs_glob(ItemType t) { RECURSIVE_REMOVE_PATH, ADJUST_MODE, RELABEL_PATH, - RECURSIVE_RELABEL_PATH); + RECURSIVE_RELABEL_PATH, + SET_XATTR, + RECURSIVE_SET_XATTR, + SET_ACL, + RECURSIVE_SET_ACL); } static bool takes_ownership(ItemType t) { @@ -486,7 +492,7 @@ finish: return r; } -static int item_set_perms(Item *i, const char *path) { +static int path_set_perms(Item *i, const char *path) { struct stat st; bool st_valid; @@ -568,7 +574,7 @@ static int get_xattrs_from_arg(Item *i) { return r; } -static int item_set_xattrs(Item *i, const char *path) { +static int path_set_xattrs(Item *i, const char *path) { char **name, **value; assert(i); @@ -605,7 +611,7 @@ static int get_acls_from_arg(Item *item) { return 0; } -static int item_set_acl(Item *item, const char *path) { +static int path_set_acls(Item *item, const char *path) { #ifdef HAVE_ACL int r; @@ -693,7 +699,7 @@ static int write_one_file(Item *i, const char *path) { return -EEXIST; } - r = item_set_perms(i, path); + r = path_set_perms(i, path); if (r < 0) return r; @@ -817,7 +823,7 @@ static int create_item(Item *i) { } } - r = item_set_perms(i, i->path); + r = path_set_perms(i, i->path); if (r < 0) return r; @@ -861,7 +867,7 @@ static int create_item(Item *i) { } } - r = item_set_perms(i, i->path); + r = path_set_perms(i, i->path); if (r < 0) return r; @@ -901,7 +907,7 @@ static int create_item(Item *i) { } } - r = item_set_perms(i, i->path); + r = path_set_perms(i, i->path); if (r < 0) return r; @@ -992,7 +998,7 @@ static int create_item(Item *i) { } } - r = item_set_perms(i, i->path); + r = path_set_perms(i, i->path); if (r < 0) return r; @@ -1001,29 +1007,40 @@ static int create_item(Item *i) { case ADJUST_MODE: case RELABEL_PATH: - - r = glob_item(i, item_set_perms, false); + r = glob_item(i, path_set_perms, false); if (r < 0) return r; break; case RECURSIVE_RELABEL_PATH: - - r = glob_item(i, item_set_perms, true); + r = glob_item(i, path_set_perms, true); if (r < 0) return r; break; case SET_XATTR: - r = item_set_xattrs(i, i->path); + r = glob_item(i, path_set_xattrs, false); + if (r < 0) + return r; + break; + + case RECURSIVE_SET_XATTR: + r = glob_item(i, path_set_xattrs, true); if (r < 0) return r; break; case SET_ACL: - r = item_set_acl(i, i->path); + r = glob_item(i, path_set_acls, false); if (r < 0) return r; + break; + + case RECURSIVE_SET_ACL: + r = glob_item(i, path_set_acls, true); + if (r < 0) + return r; + break; } log_debug("%s created successfully.", i->path); @@ -1054,7 +1071,9 @@ static int remove_item_instance(Item *i, const char *instance) { case WRITE_FILE: case COPY_FILES: case SET_XATTR: + case RECURSIVE_SET_XATTR: case SET_ACL: + case RECURSIVE_SET_ACL: break; case REMOVE_PATH: @@ -1100,7 +1119,9 @@ static int remove_item(Item *i) { case WRITE_FILE: case COPY_FILES: case SET_XATTR: + case RECURSIVE_SET_XATTR: case SET_ACL: + case RECURSIVE_SET_ACL: break; case REMOVE_PATH: @@ -1444,6 +1465,7 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) { } case SET_XATTR: + case RECURSIVE_SET_XATTR: if (!i.argument) { log_error("[%s:%u] Set extended attribute requires argument.", fname, line); return -EBADMSG; @@ -1454,6 +1476,7 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) { break; case SET_ACL: + case RECURSIVE_SET_ACL: if (!i.argument) { log_error("[%s:%u] Set ACLs requires argument.", fname, line); return -EBADMSG; |