#include "logind-acl.h"
#include "util.h"
#include "log.h"
+#include "sd-daemon.h"
+#include "sd-login.h"
int main(int argc, char *argv[]) {
int r;
- const char *path, *seat;
- char *p, *active_uid = NULL;
- unsigned long ul;
+ const char *path = NULL, *seat;
+ bool changed_acl = false;
+ uid_t uid;
log_set_target(LOG_TARGET_AUTO);
log_parse_environment();
log_open();
- if (argc != 2) {
- log_error("This program expects two argument.");
- r = -EINVAL;
- goto finish;
- }
+ umask(0022);
- path = argv[1];
- seat = argv[2];
-
- p = strappend("/run/systemd/seat/", seat);
- if (!p) {
- log_error("Out of memory.");
+ if (argc < 2 || argc > 3) {
+ log_error("This program expects one or two arguments.");
+ r = -EINVAL;
goto finish;
}
- r = parse_env_file(p, NEWLINE,
- "ACTIVE_UID", &active_uid,
- NULL);
- free(p);
+ /* Make sure we don't muck around with ACLs the system is not
+ * running systemd. */
+ if (!sd_booted())
+ return 0;
- if (r < 0) {
- if (errno == ENOENT) {
- r = 0;
- goto finish;
- }
+ path = argv[1];
+ seat = argc < 3 || isempty(argv[2]) ? "seat0" : argv[2];
- log_error("Failed to read seat data for %s: %s", seat, strerror(-r));
+ r = sd_seat_get_active(seat, NULL, &uid);
+ if (r == -ENOENT) {
+ /* No active session on this seat */
+ r = 0;
goto finish;
- }
-
- r = safe_atolu(active_uid, &ul);
- if (r < 0) {
- log_error("Failed to parse active UID value %s: %s", active_uid, strerror(-r));
+ } else if (r < 0) {
+ log_error("Failed to determine active user on seat %s.", seat);
goto finish;
}
- r = devnode_acl(path, true, false, 0, true, (uid_t) ul);
+ r = devnode_acl(path, true, false, 0, true, uid);
if (r < 0) {
log_error("Failed to apply ACL on %s: %s", path, strerror(-r));
goto finish;
}
+ changed_acl = true;
r = 0;
finish:
- free(active_uid);
+ if (path && !changed_acl) {
+ int k;
+ /* Better be safe that sorry and reset ACL */
+
+ k = devnode_acl(path, true, false, 0, false, 0);
+ if (k < 0) {
+ log_error("Failed to apply ACL on %s: %s", path, strerror(-k));
+ if (r >= 0)
+ r = k;
+ }
+ }
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}