From: Zbigniew Jędrzejewski-Szmek Date: Sun, 18 Jan 2015 07:10:00 +0000 (-0500) Subject: tmpfiles: make t and a globby, add their recursive versions T and A X-Git-Tag: v219~371 X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=b705ab6a838937f947216af7b2d1fffb00f8b0dc tmpfiles: make t and a globby, add their recursive versions T and A For types which adapt existing files it is generally more useful to accept globs. In analogy to z and Z, add recursive versions using uppercase letters. Technically, making a accept globs is backwards incompatible, but in practice it probably isn't yet widely used and we can assume that most people don't create files with wildcards in names. Functions which are used as callbacks, but not directly on items, are renamed not to have "item_" prefix. --- diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml index 7c1ef42c2..ee33afcf6 100644 --- a/man/tmpfiles.d.xml +++ b/man/tmpfiles.d.xml @@ -273,7 +273,7 @@ Adjust the access mode, group and user, and restore the SELinux security context of a file or directory, if it exists. Lines of this type accept shell-style globs in - place of normal path names. + place of normal path names. @@ -288,16 +288,35 @@ t - Set extended attributes on the specified - path. This can be useful for setting SMACK labels. + Set extended attributes. Lines of this type + accept shell-style globs in place of normal path names. + This can be useful for setting SMACK labels. + + + + + T + Recursively set extended attributes. Lines + of this type accept shell-style globs in place of normal + path names. This can be useful for setting SMACK labels. a - Set POSIX ACLs (access control lists) on the - specified path. This can be useful for allowing aditional - access to certain files. + Set POSIX ACLs (access control lists). + Lines of this type accept shell-style globs in + place of normal path names. This can be useful for + allowing additional access to certain files. + + + + + A + Recursively set POSIX ACLs. Lines of this + type accept shell-style globs in place of normal path + names. This can be useful for allowing additional access to + certain files. diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c index d56398979..44a087807 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c @@ -76,10 +76,12 @@ typedef enum ItemType { CREATE_CHAR_DEVICE = 'c', CREATE_BLOCK_DEVICE = 'b', COPY_FILES = 'C', - SET_XATTR = 't', - SET_ACL = 'a', /* These ones take globs */ + SET_XATTR = 't', + RECURSIVE_SET_XATTR = 'T', + SET_ACL = 'a', + RECURSIVE_SET_ACL = 'A', WRITE_FILE = 'w', IGNORE_PATH = 'x', IGNORE_DIRECTORY_PATH = 'X', @@ -151,7 +153,11 @@ static bool needs_glob(ItemType t) { RECURSIVE_REMOVE_PATH, ADJUST_MODE, RELABEL_PATH, - RECURSIVE_RELABEL_PATH); + RECURSIVE_RELABEL_PATH, + SET_XATTR, + RECURSIVE_SET_XATTR, + SET_ACL, + RECURSIVE_SET_ACL); } static bool takes_ownership(ItemType t) { @@ -486,7 +492,7 @@ finish: return r; } -static int item_set_perms(Item *i, const char *path) { +static int path_set_perms(Item *i, const char *path) { struct stat st; bool st_valid; @@ -568,7 +574,7 @@ static int get_xattrs_from_arg(Item *i) { return r; } -static int item_set_xattrs(Item *i, const char *path) { +static int path_set_xattrs(Item *i, const char *path) { char **name, **value; assert(i); @@ -605,7 +611,7 @@ static int get_acls_from_arg(Item *item) { return 0; } -static int item_set_acl(Item *item, const char *path) { +static int path_set_acls(Item *item, const char *path) { #ifdef HAVE_ACL int r; @@ -693,7 +699,7 @@ static int write_one_file(Item *i, const char *path) { return -EEXIST; } - r = item_set_perms(i, path); + r = path_set_perms(i, path); if (r < 0) return r; @@ -817,7 +823,7 @@ static int create_item(Item *i) { } } - r = item_set_perms(i, i->path); + r = path_set_perms(i, i->path); if (r < 0) return r; @@ -861,7 +867,7 @@ static int create_item(Item *i) { } } - r = item_set_perms(i, i->path); + r = path_set_perms(i, i->path); if (r < 0) return r; @@ -901,7 +907,7 @@ static int create_item(Item *i) { } } - r = item_set_perms(i, i->path); + r = path_set_perms(i, i->path); if (r < 0) return r; @@ -992,7 +998,7 @@ static int create_item(Item *i) { } } - r = item_set_perms(i, i->path); + r = path_set_perms(i, i->path); if (r < 0) return r; @@ -1001,29 +1007,40 @@ static int create_item(Item *i) { case ADJUST_MODE: case RELABEL_PATH: - - r = glob_item(i, item_set_perms, false); + r = glob_item(i, path_set_perms, false); if (r < 0) return r; break; case RECURSIVE_RELABEL_PATH: - - r = glob_item(i, item_set_perms, true); + r = glob_item(i, path_set_perms, true); if (r < 0) return r; break; case SET_XATTR: - r = item_set_xattrs(i, i->path); + r = glob_item(i, path_set_xattrs, false); + if (r < 0) + return r; + break; + + case RECURSIVE_SET_XATTR: + r = glob_item(i, path_set_xattrs, true); if (r < 0) return r; break; case SET_ACL: - r = item_set_acl(i, i->path); + r = glob_item(i, path_set_acls, false); if (r < 0) return r; + break; + + case RECURSIVE_SET_ACL: + r = glob_item(i, path_set_acls, true); + if (r < 0) + return r; + break; } log_debug("%s created successfully.", i->path); @@ -1054,7 +1071,9 @@ static int remove_item_instance(Item *i, const char *instance) { case WRITE_FILE: case COPY_FILES: case SET_XATTR: + case RECURSIVE_SET_XATTR: case SET_ACL: + case RECURSIVE_SET_ACL: break; case REMOVE_PATH: @@ -1100,7 +1119,9 @@ static int remove_item(Item *i) { case WRITE_FILE: case COPY_FILES: case SET_XATTR: + case RECURSIVE_SET_XATTR: case SET_ACL: + case RECURSIVE_SET_ACL: break; case REMOVE_PATH: @@ -1444,6 +1465,7 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) { } case SET_XATTR: + case RECURSIVE_SET_XATTR: if (!i.argument) { log_error("[%s:%u] Set extended attribute requires argument.", fname, line); return -EBADMSG; @@ -1454,6 +1476,7 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) { break; case SET_ACL: + case RECURSIVE_SET_ACL: if (!i.argument) { log_error("[%s:%u] Set ACLs requires argument.", fname, line); return -EBADMSG;