diff options
author | root <root@rshg054.dnsready.net> | 2013-09-19 02:14:35 -0700 |
---|---|---|
committer | root <root@rshg054.dnsready.net> | 2013-09-19 02:14:35 -0700 |
commit | aa563cdeb6975b896ccf30d96943830c15becde0 (patch) | |
tree | d0638199c86e6331f0935043e76d0f7579a34a06 /core/systemd/0001-journald-DO-recalculate-the-ACL-mask-but-only-if-it-.patch | |
parent | d21b8cdc0567fba4d6e74284363fedb98f2f7d07 (diff) |
Thu Sep 19 02:13:45 PDT 2013
Diffstat (limited to 'core/systemd/0001-journald-DO-recalculate-the-ACL-mask-but-only-if-it-.patch')
-rw-r--r-- | core/systemd/0001-journald-DO-recalculate-the-ACL-mask-but-only-if-it-.patch | 87 |
1 files changed, 0 insertions, 87 deletions
diff --git a/core/systemd/0001-journald-DO-recalculate-the-ACL-mask-but-only-if-it-.patch b/core/systemd/0001-journald-DO-recalculate-the-ACL-mask-but-only-if-it-.patch deleted file mode 100644 index 372ecebff..000000000 --- a/core/systemd/0001-journald-DO-recalculate-the-ACL-mask-but-only-if-it-.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 23ad4dd8844c582929115a11ed2830a1371568d6 Mon Sep 17 00:00:00 2001 -From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> -Date: Tue, 28 May 2013 20:45:34 +0200 -Subject: [PATCH] journald: DO recalculate the ACL mask, but only if it doesn't - exist - -Since 11ec7ce, journald isn't setting the ACLs properly anymore if -the files had no ACLs to begin with: acl_set_fd fails with EINVAL. - -An ACL with ACL_USER or ACL_GROUP entries but no ACL_MASK entry is -invalid, so make sure a mask exists before trying to set the ACL. ---- - src/journal/journald-server.c | 6 ++++-- - src/shared/acl-util.c | 28 ++++++++++++++++++++++++++++ - src/shared/acl-util.h | 1 + - 3 files changed, 33 insertions(+), 2 deletions(-) - -diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c -index b717b92..da5b725 100644 ---- a/src/journal/journald-server.c -+++ b/src/journal/journald-server.c -@@ -227,9 +227,11 @@ void server_fix_perms(Server *s, JournalFile *f, uid_t uid) { - } - } - -- /* We do not recalculate the mask here, so that the fchmod() mask above stays intact. */ -+ /* We do not recalculate the mask unconditionally here, -+ * so that the fchmod() mask above stays intact. */ - if (acl_get_permset(entry, &permset) < 0 || -- acl_add_perm(permset, ACL_READ) < 0) { -+ acl_add_perm(permset, ACL_READ) < 0 || -+ calc_acl_mask_if_needed(&acl) < 0) { - log_warning("Failed to patch ACL on %s, ignoring: %m", f->path); - goto finish; - } -diff --git a/src/shared/acl-util.c b/src/shared/acl-util.c -index 48bb12f..fb04e49 100644 ---- a/src/shared/acl-util.c -+++ b/src/shared/acl-util.c -@@ -69,6 +69,34 @@ int acl_find_uid(acl_t acl, uid_t uid, acl_entry_t *entry) { - return 0; - } - -+int calc_acl_mask_if_needed(acl_t *acl_p) { -+ acl_entry_t i; -+ int found; -+ -+ assert(acl_p); -+ -+ for (found = acl_get_entry(*acl_p, ACL_FIRST_ENTRY, &i); -+ found > 0; -+ found = acl_get_entry(*acl_p, ACL_NEXT_ENTRY, &i)) { -+ -+ acl_tag_t tag; -+ -+ if (acl_get_tag_type(i, &tag) < 0) -+ return -errno; -+ -+ if (tag == ACL_MASK) -+ return 0; -+ } -+ -+ if (found < 0) -+ return -errno; -+ -+ if (acl_calc_mask(acl_p) < 0) -+ return -errno; -+ -+ return 0; -+} -+ - int search_acl_groups(char*** dst, const char* path, bool* belong) { - acl_t acl; - -diff --git a/src/shared/acl-util.h b/src/shared/acl-util.h -index 23090d9..36ef490 100644 ---- a/src/shared/acl-util.h -+++ b/src/shared/acl-util.h -@@ -24,4 +24,5 @@ - #include <stdbool.h> - - int acl_find_uid(acl_t acl, uid_t uid, acl_entry_t *entry); -+int calc_acl_mask_if_needed(acl_t *acl_p); - int search_acl_groups(char*** dst, const char* path, bool* belong); --- -1.8.3 - |