diff options
-rw-r--r-- | man/systemd-tmpfiles.xml | 4 | ||||
-rw-r--r-- | man/tmpfiles.d.xml | 14 | ||||
-rw-r--r-- | src/tmpfiles.c | 34 |
3 files changed, 38 insertions, 14 deletions
diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml index 74dfd5ac7e..bbb80b2f98 100644 --- a/man/systemd-tmpfiles.xml +++ b/man/systemd-tmpfiles.xml @@ -84,8 +84,8 @@ <listitem><para>If this option is passed all files and directories marked with f, F, d, D in the configuration files are - created. Files and directories marked with Z - have their ownership, access mode and security + created. Files and directories marked with z, + Z have their ownership, access mode and security labels set.</para></listitem> </varlistentry> diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml index e137967654..4a8e8316cd 100644 --- a/man/tmpfiles.d.xml +++ b/man/tmpfiles.d.xml @@ -157,6 +157,16 @@ d /run/user 0755 root root 10d</programlisting> </varlistentry> <varlistentry> + <term><varname>z</varname></term> + <listitem><para>Set ownership, access + mode and relabel security context of + a file or directory if it exists. + Lines of this type accept shell-style + globs in place of normal path names. + </para></listitem> + </varlistentry> + + <varlistentry> <term><varname>Z</varname></term> <listitem><para>Recursively set ownership, access mode and relabel @@ -175,7 +185,7 @@ d /run/user 0755 root root 10d</programlisting> <para>The file access mode to use when creating this file or directory. If omitted or when set to - the default is used: 0755 for - directories, 0644 for files. For Z lines + directories, 0644 for files. For z, Z lines if omitted or when set to - the file access mode will not be modified. This parameter is ignored for x, r, R lines.</para> @@ -188,7 +198,7 @@ d /run/user 0755 root root 10d</programlisting> or directory. This may either be a numeric user/group ID or a user or group name. If omitted or when set to - the default 0 (root) - is used. For Z lines when omitted or when set to - + is used. For z, Z lines when omitted or when set to - the file ownership will not be modified. These parameters are ignored for x, r, R lines.</para> </refsect2> diff --git a/src/tmpfiles.c b/src/tmpfiles.c index 13950824e0..19a7c08c40 100644 --- a/src/tmpfiles.c +++ b/src/tmpfiles.c @@ -62,6 +62,7 @@ typedef enum ItemType { IGNORE_PATH = 'x', REMOVE_PATH = 'r', RECURSIVE_REMOVE_PATH = 'R', + RELABEL_PATH = 'z', RECURSIVE_RELABEL_PATH = 'Z' } ItemType; @@ -92,7 +93,7 @@ static const char *arg_prefix = NULL; #define MAX_DEPTH 256 static bool needs_glob(ItemType t) { - return t == IGNORE_PATH || t == REMOVE_PATH || t == RECURSIVE_REMOVE_PATH || t == RECURSIVE_RELABEL_PATH; + return t == IGNORE_PATH || t == REMOVE_PATH || t == RECURSIVE_REMOVE_PATH || t == RELABEL_PATH || t == RECURSIVE_RELABEL_PATH; } static struct Item* find_glob(Hashmap *h, const char *match) { @@ -646,6 +647,13 @@ static int create_item(Item *i) { break; + case RELABEL_PATH: + + r = glob_item(i, item_set_perms); + if (r < 0) + return 0; + break; + case RECURSIVE_RELABEL_PATH: r = glob_item(i, recursive_relabel); @@ -670,6 +678,7 @@ static int remove_item_instance(Item *i, const char *instance) { case CREATE_DIRECTORY: case CREATE_FIFO: case IGNORE_PATH: + case RELABEL_PATH: case RECURSIVE_RELABEL_PATH: break; @@ -707,6 +716,7 @@ static int remove_item(Item *i) { case CREATE_DIRECTORY: case CREATE_FIFO: case IGNORE_PATH: + case RELABEL_PATH: case RECURSIVE_RELABEL_PATH: break; @@ -808,15 +818,19 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) { goto finish; } - if (type != CREATE_FILE && - type != TRUNCATE_FILE && - type != CREATE_DIRECTORY && - type != TRUNCATE_DIRECTORY && - type != CREATE_FIFO && - type != IGNORE_PATH && - type != REMOVE_PATH && - type != RECURSIVE_REMOVE_PATH && - type != RECURSIVE_RELABEL_PATH) { + switch(type) { + case CREATE_FILE: + case TRUNCATE_FILE: + case CREATE_DIRECTORY: + case TRUNCATE_DIRECTORY: + case CREATE_FIFO: + case IGNORE_PATH: + case REMOVE_PATH: + case RECURSIVE_REMOVE_PATH: + case RELABEL_PATH: + case RECURSIVE_RELABEL_PATH: + break; + default: log_error("[%s:%u] Unknown file type '%c'.", fname, line, type); r = -EBADMSG; goto finish; |