[PATCH v6] allow disabling ACL
David Heidelberger
david.heidelberger at ixit.cz
Wed Apr 16 14:39:43 PDT 2014
Here is totally improved version. Thanks a lot for help! :)
David
---
This patch provide option to build and run udisks without ACL.
v2: as replacement of ACL is used chown call
v3: do not change uid, change gid
v4: fix indentation & formating issues
v5: one missed empty line
v6: add g_set_error for chown
Thanks Peter Wu for helping me with improving code.
---
configure.ac | 38 ++++++++++++++++++++++++++------------
src/udiskslinuxfilesystem.c | 17 +++++++++++++++++
2 files changed, 43 insertions(+), 12 deletions(-)
diff --git a/configure.ac b/configure.ac
index 3a39b5a..22b1f0c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -174,18 +174,31 @@ if test "x$with_systemdsystemunitdir" != "xno";
then
fi
AM_CONDITIONAL(HAVE_SYSTEMD, [test -n "$systemdsystemunitdir"])
-# libacl
-AC_CHECK_HEADERS(
- [sys/acl.h acl/libacl.h],
- [ACL_CFLAGS=""],
- AC_MSG_ERROR([*** ACL headers not found.]))
-AC_CHECK_LIB(
- [acl],
- [acl_get_file],
- [ACL_LIBS="-lacl"],
- AC_MSG_ERROR([*** libacl not found.]))
-AC_SUBST(ACL_CFLAGS)
-AC_SUBST(ACL_LIBS)
+have_acl=no
+AC_ARG_ENABLE(acl, AS_HELP_STRING([--disable-acl], [disable acl
support]))
+if test "x$enable_acl" != "xno"; then
+ AC_CHECK_HEADERS(
+ [sys/acl.h acl/libacl.h],
+ [
+ AC_CHECK_LIB(
+ [acl],
+ [acl_get_file],
+ [AC_DEFINE(HAVE_ACL, 1, [Define if libacl is
available]) have_acl=yes],
+ have_acl=no)
+ ],
+ have_acl=no)
+ if test "x$have_acl" = "xyes"; then
+ ACL_CFLAGS=""
+ ACL_LIBS="-lacl"
+ fi
+ AC_SUBST(ACL_CFLAGS)
+ AC_SUBST(ACL_LIBS)
+ if test "x$have_acl" = xno -a "x$enable_acl" = xyes; then
+ AC_MSG_ERROR([acl support requested but libraries not found])
+ fi
+fi
+AM_CONDITIONAL(HAVE_ACL, [test "$have_acl" = "yes"])
+
# Internationalization
#
@@ -232,6 +245,7 @@ echo "
udevdir: ${udevdir}
systemdsystemunitdir: ${systemdsystemunitdir}
using libsystemd-login: ${have_libsystemd_login}
+ acl support: ${have_acl}
compiler: ${CC}
cflags: ${CFLAGS}
diff --git a/src/udiskslinuxfilesystem.c b/src/udiskslinuxfilesystem.c
index f243046..e5e1470 100644
--- a/src/udiskslinuxfilesystem.c
+++ b/src/udiskslinuxfilesystem.c
@@ -29,7 +29,9 @@
#include <stdio.h>
#include <mntent.h>
#include <sys/types.h>
+#ifdef HAVE_ACL
#include <sys/acl.h>
+#endif
#include <errno.h>
#include <glib/gstdio.h>
@@ -796,6 +798,7 @@ ensure_utf8 (const gchar *s)
/*
----------------------------------------------------------------------------------------------------
*/
+#ifdef HAVE_ACL
static gboolean
add_acl (const gchar *path,
uid_t uid,
@@ -831,6 +834,7 @@ add_acl (const gchar *path,
acl_free (acl);
return ret;
}
+#endif
/*
* calculate_mount_point: <internal>
@@ -911,7 +915,11 @@ calculate_mount_point (UDisksDaemon
*daemon,
}
}
/* Then create the per-user /run/media/$USER */
+#ifdef HAVE_ACL
if (g_mkdir (mount_dir, 0700) != 0)
+#else
+ if (g_mkdir (mount_dir, 0750) != 0)
+#endif
{
g_set_error (error,
UDISKS_ERROR,
@@ -921,8 +929,17 @@ calculate_mount_point (UDisksDaemon
*daemon,
goto out;
}
/* Finally, add the read+execute ACL for $USER */
+#ifdef HAVE_ACL
if (!add_acl (mount_dir, uid, error))
{
+#else
+ if (chown (mount_dir, -1, gid) == -1)
+ {
+ g_set_error (error, G_IO_ERROR,
+ g_io_error_from_errno (errno),
+ "Failed to change gid to %d for %s: %m",
+ (gint) gid, mount_dir);
+#endif
if (rmdir (mount_dir) != 0)
udisks_warning ("Error calling rmdir() on %s: %m",
mount_dir);
goto out;
--
1.9.0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-v6-allow-disabling-ACL.patch
Type: text/x-diff
Size: 4246 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/devkit-devel/attachments/20140416/d64487e7/attachment.patch>
More information about the devkit-devel
mailing list