<listitem><para>Adjust the access mode, group and user, and
restore the SELinux security context of a file or directory,
if it exists. Lines of this type accept shell-style globs in
- place of normal path names. </para></listitem>
+ place of normal path names.</para></listitem>
</varlistentry>
<varlistentry>
<varlistentry>
<term><varname>t</varname></term>
- <listitem><para>Set extended attributes on the specified
- path. This can be useful for setting SMACK labels.
+ <listitem><para>Set extended attributes. Lines of this type
+ accept shell-style globs in place of normal path names.
+ This can be useful for setting SMACK labels.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>T</varname></term>
+ <listitem><para>Recursively set extended attributes. Lines
+ of this type accept shell-style globs in place of normal
+ path names. This can be useful for setting SMACK labels.
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>a</varname></term>
- <listitem><para>Set POSIX ACLs (access control lists) on the
- specified path. This can be useful for allowing aditional
- access to certain files.</para></listitem>
+ <listitem><para>Set POSIX ACLs (access control lists).
+ Lines of this type accept shell-style globs in
+ place of normal path names. This can be useful for
+ allowing additional access to certain files.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>A</varname></term>
+ <listitem><para>Recursively set POSIX ACLs. Lines of this
+ type accept shell-style globs in place of normal path
+ names. This can be useful for allowing additional access to
+ certain files.</para></listitem>
</varlistentry>
</variablelist>
CREATE_CHAR_DEVICE = 'c',
CREATE_BLOCK_DEVICE = 'b',
COPY_FILES = 'C',
- SET_XATTR = 't',
- SET_ACL = 'a',
/* These ones take globs */
+ SET_XATTR = 't',
+ RECURSIVE_SET_XATTR = 'T',
+ SET_ACL = 'a',
+ RECURSIVE_SET_ACL = 'A',
WRITE_FILE = 'w',
IGNORE_PATH = 'x',
IGNORE_DIRECTORY_PATH = 'X',
RECURSIVE_REMOVE_PATH,
ADJUST_MODE,
RELABEL_PATH,
- RECURSIVE_RELABEL_PATH);
+ RECURSIVE_RELABEL_PATH,
+ SET_XATTR,
+ RECURSIVE_SET_XATTR,
+ SET_ACL,
+ RECURSIVE_SET_ACL);
}
static bool takes_ownership(ItemType t) {
return r;
}
-static int item_set_perms(Item *i, const char *path) {
+static int path_set_perms(Item *i, const char *path) {
struct stat st;
bool st_valid;
return r;
}
-static int item_set_xattrs(Item *i, const char *path) {
+static int path_set_xattrs(Item *i, const char *path) {
char **name, **value;
assert(i);
return 0;
}
-static int item_set_acl(Item *item, const char *path) {
+static int path_set_acls(Item *item, const char *path) {
#ifdef HAVE_ACL
int r;
return -EEXIST;
}
- r = item_set_perms(i, path);
+ r = path_set_perms(i, path);
if (r < 0)
return r;
}
}
- r = item_set_perms(i, i->path);
+ r = path_set_perms(i, i->path);
if (r < 0)
return r;
}
}
- r = item_set_perms(i, i->path);
+ r = path_set_perms(i, i->path);
if (r < 0)
return r;
}
}
- r = item_set_perms(i, i->path);
+ r = path_set_perms(i, i->path);
if (r < 0)
return r;
}
}
- r = item_set_perms(i, i->path);
+ r = path_set_perms(i, i->path);
if (r < 0)
return r;
case ADJUST_MODE:
case RELABEL_PATH:
-
- r = glob_item(i, item_set_perms, false);
+ r = glob_item(i, path_set_perms, false);
if (r < 0)
return r;
break;
case RECURSIVE_RELABEL_PATH:
-
- r = glob_item(i, item_set_perms, true);
+ r = glob_item(i, path_set_perms, true);
if (r < 0)
return r;
break;
case SET_XATTR:
- r = item_set_xattrs(i, i->path);
+ r = glob_item(i, path_set_xattrs, false);
+ if (r < 0)
+ return r;
+ break;
+
+ case RECURSIVE_SET_XATTR:
+ r = glob_item(i, path_set_xattrs, true);
if (r < 0)
return r;
break;
case SET_ACL:
- r = item_set_acl(i, i->path);
+ r = glob_item(i, path_set_acls, false);
if (r < 0)
return r;
+ break;
+
+ case RECURSIVE_SET_ACL:
+ r = glob_item(i, path_set_acls, true);
+ if (r < 0)
+ return r;
+ break;
}
log_debug("%s created successfully.", i->path);
case WRITE_FILE:
case COPY_FILES:
case SET_XATTR:
+ case RECURSIVE_SET_XATTR:
case SET_ACL:
+ case RECURSIVE_SET_ACL:
break;
case REMOVE_PATH:
case WRITE_FILE:
case COPY_FILES:
case SET_XATTR:
+ case RECURSIVE_SET_XATTR:
case SET_ACL:
+ case RECURSIVE_SET_ACL:
break;
case REMOVE_PATH:
}
case SET_XATTR:
+ case RECURSIVE_SET_XATTR:
if (!i.argument) {
log_error("[%s:%u] Set extended attribute requires argument.", fname, line);
return -EBADMSG;
break;
case SET_ACL:
+ case RECURSIVE_SET_ACL:
if (!i.argument) {
log_error("[%s:%u] Set ACLs requires argument.", fname, line);
return -EBADMSG;