For types which adapt existing files it is generally more useful to accept
globs.
In analogy to z and Z, add recursive versions using uppercase letters.
Technically, making a accept globs is backwards incompatible, but in
practice it probably isn't yet widely used and we can assume that most
people don't create files with wildcards in names.
Functions which are used as callbacks, but not directly on items, are
renamed not to have "item_" prefix.
<listitem><para>Adjust the access mode, group and user, and
restore the SELinux security context of a file or directory,
if it exists. Lines of this type accept shell-style globs in
<listitem><para>Adjust the access mode, group and user, and
restore the SELinux security context of a file or directory,
if it exists. Lines of this type accept shell-style globs in
- place of normal path names. </para></listitem>
+ place of normal path names.</para></listitem>
</varlistentry>
<varlistentry>
</varlistentry>
<varlistentry>
<varlistentry>
<term><varname>t</varname></term>
<varlistentry>
<term><varname>t</varname></term>
- <listitem><para>Set extended attributes on the specified
- path. This can be useful for setting SMACK labels.
+ <listitem><para>Set extended attributes. Lines of this type
+ accept shell-style globs in place of normal path names.
+ This can be useful for setting SMACK labels.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>T</varname></term>
+ <listitem><para>Recursively set extended attributes. Lines
+ of this type accept shell-style globs in place of normal
+ path names. This can be useful for setting SMACK labels.
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>a</varname></term>
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>a</varname></term>
- <listitem><para>Set POSIX ACLs (access control lists) on the
- specified path. This can be useful for allowing aditional
- access to certain files.</para></listitem>
+ <listitem><para>Set POSIX ACLs (access control lists).
+ Lines of this type accept shell-style globs in
+ place of normal path names. This can be useful for
+ allowing additional access to certain files.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>A</varname></term>
+ <listitem><para>Recursively set POSIX ACLs. Lines of this
+ type accept shell-style globs in place of normal path
+ names. This can be useful for allowing additional access to
+ certain files.</para></listitem>
</varlistentry>
</variablelist>
</varlistentry>
</variablelist>
CREATE_CHAR_DEVICE = 'c',
CREATE_BLOCK_DEVICE = 'b',
COPY_FILES = 'C',
CREATE_CHAR_DEVICE = 'c',
CREATE_BLOCK_DEVICE = 'b',
COPY_FILES = 'C',
- SET_XATTR = 't',
- SET_ACL = 'a',
/* These ones take globs */
/* These ones take globs */
+ SET_XATTR = 't',
+ RECURSIVE_SET_XATTR = 'T',
+ SET_ACL = 'a',
+ RECURSIVE_SET_ACL = 'A',
WRITE_FILE = 'w',
IGNORE_PATH = 'x',
IGNORE_DIRECTORY_PATH = 'X',
WRITE_FILE = 'w',
IGNORE_PATH = 'x',
IGNORE_DIRECTORY_PATH = 'X',
RECURSIVE_REMOVE_PATH,
ADJUST_MODE,
RELABEL_PATH,
RECURSIVE_REMOVE_PATH,
ADJUST_MODE,
RELABEL_PATH,
- RECURSIVE_RELABEL_PATH);
+ RECURSIVE_RELABEL_PATH,
+ SET_XATTR,
+ RECURSIVE_SET_XATTR,
+ SET_ACL,
+ RECURSIVE_SET_ACL);
}
static bool takes_ownership(ItemType t) {
}
static bool takes_ownership(ItemType t) {
-static int item_set_perms(Item *i, const char *path) {
+static int path_set_perms(Item *i, const char *path) {
struct stat st;
bool st_valid;
struct stat st;
bool st_valid;
-static int item_set_xattrs(Item *i, const char *path) {
+static int path_set_xattrs(Item *i, const char *path) {
char **name, **value;
assert(i);
char **name, **value;
assert(i);
-static int item_set_acl(Item *item, const char *path) {
+static int path_set_acls(Item *item, const char *path) {
- r = item_set_perms(i, path);
+ r = path_set_perms(i, path);
- r = item_set_perms(i, i->path);
+ r = path_set_perms(i, i->path);
- r = item_set_perms(i, i->path);
+ r = path_set_perms(i, i->path);
- r = item_set_perms(i, i->path);
+ r = path_set_perms(i, i->path);
- r = item_set_perms(i, i->path);
+ r = path_set_perms(i, i->path);
case ADJUST_MODE:
case RELABEL_PATH:
case ADJUST_MODE:
case RELABEL_PATH:
-
- r = glob_item(i, item_set_perms, false);
+ r = glob_item(i, path_set_perms, false);
if (r < 0)
return r;
break;
case RECURSIVE_RELABEL_PATH:
if (r < 0)
return r;
break;
case RECURSIVE_RELABEL_PATH:
-
- r = glob_item(i, item_set_perms, true);
+ r = glob_item(i, path_set_perms, true);
if (r < 0)
return r;
break;
case SET_XATTR:
if (r < 0)
return r;
break;
case SET_XATTR:
- r = item_set_xattrs(i, i->path);
+ r = glob_item(i, path_set_xattrs, false);
+ if (r < 0)
+ return r;
+ break;
+
+ case RECURSIVE_SET_XATTR:
+ r = glob_item(i, path_set_xattrs, true);
if (r < 0)
return r;
break;
case SET_ACL:
if (r < 0)
return r;
break;
case SET_ACL:
- r = item_set_acl(i, i->path);
+ r = glob_item(i, path_set_acls, false);
+ break;
+
+ case RECURSIVE_SET_ACL:
+ r = glob_item(i, path_set_acls, true);
+ if (r < 0)
+ return r;
+ break;
}
log_debug("%s created successfully.", i->path);
}
log_debug("%s created successfully.", i->path);
case WRITE_FILE:
case COPY_FILES:
case SET_XATTR:
case WRITE_FILE:
case COPY_FILES:
case SET_XATTR:
+ case RECURSIVE_SET_XATTR:
+ case RECURSIVE_SET_ACL:
case WRITE_FILE:
case COPY_FILES:
case SET_XATTR:
case WRITE_FILE:
case COPY_FILES:
case SET_XATTR:
+ case RECURSIVE_SET_XATTR:
+ case RECURSIVE_SET_ACL:
+ case RECURSIVE_SET_XATTR:
if (!i.argument) {
log_error("[%s:%u] Set extended attribute requires argument.", fname, line);
return -EBADMSG;
if (!i.argument) {
log_error("[%s:%u] Set extended attribute requires argument.", fname, line);
return -EBADMSG;
+ case RECURSIVE_SET_ACL:
if (!i.argument) {
log_error("[%s:%u] Set ACLs requires argument.", fname, line);
return -EBADMSG;
if (!i.argument) {
log_error("[%s:%u] Set ACLs requires argument.", fname, line);
return -EBADMSG;