[PATCH v6] allow disabling ACL

David Heidelberger david.heidelberger at ixit.cz
Wed Apr 16 14:39:43 PDT 2014


Here is totally improved version. Thanks a lot for help! :)

David
---

This patch provide option to build and run udisks without ACL.
v2: as replacement of ACL is used chown call
v3: do not change uid, change gid
v4: fix indentation & formating issues
v5: one missed empty line
v6: add g_set_error for chown

Thanks Peter Wu for helping me with improving code.
---
  configure.ac                | 38 ++++++++++++++++++++++++++------------
  src/udiskslinuxfilesystem.c | 17 +++++++++++++++++
  2 files changed, 43 insertions(+), 12 deletions(-)

diff --git a/configure.ac b/configure.ac
index 3a39b5a..22b1f0c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -174,18 +174,31 @@ if test "x$with_systemdsystemunitdir" != "xno"; 
then
  fi
  AM_CONDITIONAL(HAVE_SYSTEMD, [test -n "$systemdsystemunitdir"])

-# libacl
-AC_CHECK_HEADERS(
-        [sys/acl.h acl/libacl.h],
-        [ACL_CFLAGS=""],
-        AC_MSG_ERROR([*** ACL headers not found.]))
-AC_CHECK_LIB(
-        [acl],
-        [acl_get_file],
-        [ACL_LIBS="-lacl"],
-        AC_MSG_ERROR([*** libacl not found.]))
-AC_SUBST(ACL_CFLAGS)
-AC_SUBST(ACL_LIBS)
+have_acl=no
+AC_ARG_ENABLE(acl, AS_HELP_STRING([--disable-acl], [disable acl 
support]))
+if test "x$enable_acl" != "xno"; then
+  AC_CHECK_HEADERS(
+          [sys/acl.h acl/libacl.h],
+          [
+            AC_CHECK_LIB(
+                [acl],
+                [acl_get_file],
+                [AC_DEFINE(HAVE_ACL, 1, [Define if libacl is 
available]) have_acl=yes],
+                have_acl=no)
+          ],
+          have_acl=no)
+  if test "x$have_acl" = "xyes"; then
+    ACL_CFLAGS=""
+    ACL_LIBS="-lacl"
+  fi
+  AC_SUBST(ACL_CFLAGS)
+  AC_SUBST(ACL_LIBS)
+  if test "x$have_acl" = xno -a "x$enable_acl" = xyes; then
+    AC_MSG_ERROR([acl support requested but libraries not found])
+  fi
+fi
+AM_CONDITIONAL(HAVE_ACL, [test "$have_acl" = "yes"])
+

  # Internationalization
  #
@@ -232,6 +245,7 @@ echo "
          udevdir:                    ${udevdir}
          systemdsystemunitdir:       ${systemdsystemunitdir}
          using libsystemd-login:     ${have_libsystemd_login}
+        acl support:                ${have_acl}

          compiler:                   ${CC}
          cflags:                     ${CFLAGS}
diff --git a/src/udiskslinuxfilesystem.c b/src/udiskslinuxfilesystem.c
index f243046..e5e1470 100644
--- a/src/udiskslinuxfilesystem.c
+++ b/src/udiskslinuxfilesystem.c
@@ -29,7 +29,9 @@
  #include <stdio.h>
  #include <mntent.h>
  #include <sys/types.h>
+#ifdef HAVE_ACL
  #include <sys/acl.h>
+#endif
  #include <errno.h>

  #include <glib/gstdio.h>
@@ -796,6 +798,7 @@ ensure_utf8 (const gchar *s)

  /* 
---------------------------------------------------------------------------------------------------- 
*/

+#ifdef HAVE_ACL
  static gboolean
  add_acl (const gchar  *path,
           uid_t         uid,
@@ -831,6 +834,7 @@ add_acl (const gchar  *path,
      acl_free (acl);
    return ret;
  }
+#endif

  /*
   * calculate_mount_point: <internal>
@@ -911,7 +915,11 @@ calculate_mount_point (UDisksDaemon              
*daemon,
                  }
              }
            /* Then create the per-user /run/media/$USER */
+#ifdef HAVE_ACL
            if (g_mkdir (mount_dir, 0700) != 0)
+#else
+          if (g_mkdir (mount_dir, 0750) != 0)
+#endif
              {
                g_set_error (error,
                             UDISKS_ERROR,
@@ -921,8 +929,17 @@ calculate_mount_point (UDisksDaemon              
*daemon,
                goto out;
              }
            /* Finally, add the read+execute ACL for $USER */
+#ifdef HAVE_ACL
            if (!add_acl (mount_dir, uid, error))
              {
+#else
+          if (chown (mount_dir, -1, gid) == -1)
+            {
+               g_set_error (error, G_IO_ERROR,
+                            g_io_error_from_errno (errno),
+                            "Failed to change gid to %d for %s: %m",
+                            (gint) gid, mount_dir);
+#endif
                if (rmdir (mount_dir) != 0)
                  udisks_warning ("Error calling rmdir() on %s: %m", 
mount_dir);
                goto out;
-- 
1.9.0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-v6-allow-disabling-ACL.patch
Type: text/x-diff
Size: 4246 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/devkit-devel/attachments/20140416/d64487e7/attachment.patch>


More information about the devkit-devel mailing list