CREATE_CHAR_DEVICE = 'c',
CREATE_BLOCK_DEVICE = 'b',
COPY_FILES = 'C',
- SET_XATTR = 't',
- SET_ACL = 'a',
/* These ones take globs */
+ SET_XATTR = 't',
+ RECURSIVE_SET_XATTR = 'T',
+ SET_ACL = 'a',
+ RECURSIVE_SET_ACL = 'A',
WRITE_FILE = 'w',
IGNORE_PATH = 'x',
IGNORE_DIRECTORY_PATH = 'X',
RECURSIVE_REMOVE_PATH,
ADJUST_MODE,
RELABEL_PATH,
- RECURSIVE_RELABEL_PATH);
+ RECURSIVE_RELABEL_PATH,
+ SET_XATTR,
+ RECURSIVE_SET_XATTR,
+ SET_ACL,
+ RECURSIVE_SET_ACL);
}
static bool takes_ownership(ItemType t) {
usec_t age;
_cleanup_free_ char *sub_path = NULL;
- if (streq(dent->d_name, ".") ||
- streq(dent->d_name, ".."))
+ if (STR_IN_SET(dent->d_name, ".", ".."))
continue;
if (fstatat(dirfd(d), dent->d_name, &s, AT_SYMLINK_NOFOLLOW) < 0) {
return r;
}
-static int item_set_perms(Item *i, const char *path) {
+static int path_set_perms(Item *i, const char *path) {
struct stat st;
bool st_valid;
return r;
}
-static int item_set_xattrs(Item *i, const char *path) {
+static int path_set_xattrs(Item *i, const char *path) {
char **name, **value;
assert(i);
assert(item);
- r = parse_acl(item->argument, &item->acl_access, &item->acl_default);
+ /* If force (= modify) is set, we will not modify the acl
+ * afterwards, so the mask can be added now if necessary. */
+ r = parse_acl(item->argument, &item->acl_access, &item->acl_default, !item->force);
if (r < 0)
log_warning_errno(errno, "Failed to parse ACL \"%s\": %m. Ignoring",
item->argument);
return 0;
}
-static int item_set_acl(Item *item, const char *path) {
+static int path_set_acl(const char *path, acl_type_t type, acl_t acl, bool modify) {
+ _cleanup_(acl_freep) acl_t dup = NULL;
+ int r;
+
+ if (modify) {
+ r = acls_for_file(path, type, acl, &dup);
+ if (r < 0)
+ return r;
+
+ r = calc_acl_mask_if_needed(&dup);
+ if (r < 0)
+ return r;
+ } else {
+ dup = acl_dup(acl);
+ if (!dup)
+ return -errno;
+
+ /* the mask was already added earlier if needed */
+ }
+
+ r = add_base_acls_if_needed(&dup, path);
+ if (r < 0)
+ return r;
+
+ r = acl_set_file(path, type, dup);
+ if (r < 0) {
+ _cleanup_(acl_free_charpp) char *t;
+
+ r = -errno;
+ t = acl_to_any_text(dup, NULL, ',', TEXT_ABBREVIATE);
+ log_error_errno(r,
+ "Setting %s ACL \"%s\" on %s failed: %m",
+ type == ACL_TYPE_ACCESS ? "access" : "default",
+ strna(t), path);
+ }
+
+ return r;
+}
+
+static int path_set_acls(Item *item, const char *path) {
#ifdef HAVE_ACL
int r;
assert(path);
if (item->acl_access) {
- r = acl_set_file(path, ACL_TYPE_ACCESS, item->acl_access);
- if (r < 0) {
- _cleanup_(acl_free_charpp) char *t;
-
- t = acl_to_any_text(item->acl_access, NULL, ',', TEXT_ABBREVIATE);
- return log_error_errno(errno,
- "Setting access ACL \"%s\" on %s failed: %m",
- strna(t), path);
- }
+ r = path_set_acl(path, ACL_TYPE_ACCESS, item->acl_access, item->force);
+ if (r < 0)
+ return r;
}
if (item->acl_default) {
- r = acl_set_file(path, ACL_TYPE_DEFAULT, item->acl_default);
- if (r < 0) {
- _cleanup_(acl_free_charpp) char *t;
-
- t = acl_to_any_text(item->acl_default, NULL, ',', TEXT_ABBREVIATE);
- return log_error_errno(errno,
- "Setting default ACL \"%s\" on %s failed: %m",
- strna(t), path);
- }
+ r = path_set_acl(path, ACL_TYPE_DEFAULT, item->acl_default, item->force);
+ if (r < 0)
+ return r;
}
#endif
return -EEXIST;
}
- r = item_set_perms(i, path);
+ r = path_set_perms(i, path);
if (r < 0)
return r;
break;
}
- if (streq(de->d_name, ".") || streq(de->d_name, ".."))
+ if (STR_IN_SET(de->d_name, ".", ".."))
continue;
p = strjoin(path, "/", de->d_name, NULL);
}
}
- r = item_set_perms(i, i->path);
+ r = path_set_perms(i, i->path);
if (r < 0)
return r;
}
}
- r = item_set_perms(i, i->path);
+ r = path_set_perms(i, i->path);
if (r < 0)
return r;
}
}
- r = item_set_perms(i, i->path);
+ r = path_set_perms(i, i->path);
if (r < 0)
return r;
}
}
- r = item_set_perms(i, i->path);
+ r = path_set_perms(i, i->path);
if (r < 0)
return r;
case ADJUST_MODE:
case RELABEL_PATH:
-
- r = glob_item(i, item_set_perms, false);
+ r = glob_item(i, path_set_perms, false);
if (r < 0)
return r;
break;
case RECURSIVE_RELABEL_PATH:
-
- r = glob_item(i, item_set_perms, true);
+ r = glob_item(i, path_set_perms, true);
if (r < 0)
return r;
break;
case SET_XATTR:
- r = item_set_xattrs(i, i->path);
+ r = glob_item(i, path_set_xattrs, false);
+ if (r < 0)
+ return r;
+ break;
+
+ case RECURSIVE_SET_XATTR:
+ r = glob_item(i, path_set_xattrs, true);
if (r < 0)
return r;
break;
case SET_ACL:
- r = item_set_acl(i, i->path);
+ r = glob_item(i, path_set_acls, false);
if (r < 0)
return r;
+ break;
+
+ case RECURSIVE_SET_ACL:
+ r = glob_item(i, path_set_acls, true);
+ if (r < 0)
+ return r;
+ break;
}
log_debug("%s created successfully.", i->path);
switch (i->type) {
- case CREATE_FILE:
- case TRUNCATE_FILE:
- case CREATE_DIRECTORY:
- case CREATE_SUBVOLUME:
- case CREATE_FIFO:
- case CREATE_SYMLINK:
- case CREATE_BLOCK_DEVICE:
- case CREATE_CHAR_DEVICE:
- case IGNORE_PATH:
- case IGNORE_DIRECTORY_PATH:
- case ADJUST_MODE:
- case RELABEL_PATH:
- case RECURSIVE_RELABEL_PATH:
- case WRITE_FILE:
- case COPY_FILES:
- case SET_XATTR:
- case SET_ACL:
- break;
-
case REMOVE_PATH:
if (remove(instance) < 0 && errno != ENOENT)
return log_error_errno(errno, "rm(%s): %m", instance);
return log_error_errno(r, "rm_rf(%s): %m", instance);
break;
+
+ default:
+ assert_not_reached("wut?");
}
return 0;
case WRITE_FILE:
case COPY_FILES:
case SET_XATTR:
+ case RECURSIVE_SET_XATTR:
case SET_ACL:
+ case RECURSIVE_SET_ACL:
break;
case REMOVE_PATH:
}
case SET_XATTR:
+ case RECURSIVE_SET_XATTR:
if (!i.argument) {
log_error("[%s:%u] Set extended attribute requires argument.", fname, line);
return -EBADMSG;
break;
case SET_ACL:
+ case RECURSIVE_SET_ACL:
if (!i.argument) {
log_error("[%s:%u] Set ACLs requires argument.", fname, line);
return -EBADMSG;