diff options
Diffstat (limited to 'core/systemd/0001-journald-DO-recalculate-the-ACL-mask-but-only-if-it-.patch')
| -rw-r--r-- | core/systemd/0001-journald-DO-recalculate-the-ACL-mask-but-only-if-it-.patch | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/core/systemd/0001-journald-DO-recalculate-the-ACL-mask-but-only-if-it-.patch b/core/systemd/0001-journald-DO-recalculate-the-ACL-mask-but-only-if-it-.patch new file mode 100644 index 000000000..372ecebff --- /dev/null +++ b/core/systemd/0001-journald-DO-recalculate-the-ACL-mask-but-only-if-it-.patch @@ -0,0 +1,87 @@ +From 23ad4dd8844c582929115a11ed2830a1371568d6 Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> +Date: Tue, 28 May 2013 20:45:34 +0200 +Subject: [PATCH] journald: DO recalculate the ACL mask, but only if it doesn't + exist + +Since 11ec7ce, journald isn't setting the ACLs properly anymore if +the files had no ACLs to begin with: acl_set_fd fails with EINVAL. + +An ACL with ACL_USER or ACL_GROUP entries but no ACL_MASK entry is +invalid, so make sure a mask exists before trying to set the ACL. +--- + src/journal/journald-server.c | 6 ++++-- + src/shared/acl-util.c | 28 ++++++++++++++++++++++++++++ + src/shared/acl-util.h | 1 + + 3 files changed, 33 insertions(+), 2 deletions(-) + +diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c +index b717b92..da5b725 100644 +--- a/src/journal/journald-server.c ++++ b/src/journal/journald-server.c +@@ -227,9 +227,11 @@ void server_fix_perms(Server *s, JournalFile *f, uid_t uid) { + } + } + +- /* We do not recalculate the mask here, so that the fchmod() mask above stays intact. */ ++ /* We do not recalculate the mask unconditionally here, ++ * so that the fchmod() mask above stays intact. */ + if (acl_get_permset(entry, &permset) < 0 || +- acl_add_perm(permset, ACL_READ) < 0) { ++ acl_add_perm(permset, ACL_READ) < 0 || ++ calc_acl_mask_if_needed(&acl) < 0) { + log_warning("Failed to patch ACL on %s, ignoring: %m", f->path); + goto finish; + } +diff --git a/src/shared/acl-util.c b/src/shared/acl-util.c +index 48bb12f..fb04e49 100644 +--- a/src/shared/acl-util.c ++++ b/src/shared/acl-util.c +@@ -69,6 +69,34 @@ int acl_find_uid(acl_t acl, uid_t uid, acl_entry_t *entry) { + return 0; + } + ++int calc_acl_mask_if_needed(acl_t *acl_p) { ++ acl_entry_t i; ++ int found; ++ ++ assert(acl_p); ++ ++ for (found = acl_get_entry(*acl_p, ACL_FIRST_ENTRY, &i); ++ found > 0; ++ found = acl_get_entry(*acl_p, ACL_NEXT_ENTRY, &i)) { ++ ++ acl_tag_t tag; ++ ++ if (acl_get_tag_type(i, &tag) < 0) ++ return -errno; ++ ++ if (tag == ACL_MASK) ++ return 0; ++ } ++ ++ if (found < 0) ++ return -errno; ++ ++ if (acl_calc_mask(acl_p) < 0) ++ return -errno; ++ ++ return 0; ++} ++ + int search_acl_groups(char*** dst, const char* path, bool* belong) { + acl_t acl; + +diff --git a/src/shared/acl-util.h b/src/shared/acl-util.h +index 23090d9..36ef490 100644 +--- a/src/shared/acl-util.h ++++ b/src/shared/acl-util.h +@@ -24,4 +24,5 @@ + #include <stdbool.h> + + int acl_find_uid(acl_t acl, uid_t uid, acl_entry_t *entry); ++int calc_acl_mask_if_needed(acl_t *acl_p); + int search_acl_groups(char*** dst, const char* path, bool* belong); +-- +1.8.3 + |