From 23ad4dd8844c582929115a11ed2830a1371568d6 Mon Sep 17 00:00:00 2001 From: "Jan Alexander Steffens (heftig)" Date: Tue, 28 May 2013 20:45:34 +0200 Subject: journald: DO recalculate the ACL mask, but only if it doesn't exist Since 11ec7ce, journald isn't setting the ACLs properly anymore if the files had no ACLs to begin with: acl_set_fd fails with EINVAL. An ACL with ACL_USER or ACL_GROUP entries but no ACL_MASK entry is invalid, so make sure a mask exists before trying to set the ACL. --- src/journal/journald-server.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'src/journal') diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c index b717b92ffb..da5b725863 100644 --- a/src/journal/journald-server.c +++ b/src/journal/journald-server.c @@ -227,9 +227,11 @@ void server_fix_perms(Server *s, JournalFile *f, uid_t uid) { } } - /* We do not recalculate the mask here, so that the fchmod() mask above stays intact. */ + /* We do not recalculate the mask unconditionally here, + * so that the fchmod() mask above stays intact. */ if (acl_get_permset(entry, &permset) < 0 || - acl_add_perm(permset, ACL_READ) < 0) { + acl_add_perm(permset, ACL_READ) < 0 || + calc_acl_mask_if_needed(&acl) < 0) { log_warning("Failed to patch ACL on %s, ignoring: %m", f->path); goto finish; } -- cgit v1.2.3-54-g00ecf