[systemd-devel] [PATCH] support statically configured acls

Tue Mar 19 09:36:46 PDT 2013

useful to get ACLs on files, sockets etc not known to udev
---
 src/login/logind-acl.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)

diff --git a/src/login/logind-acl.c b/src/login/logind-acl.c
index cb045a9..a44ecdc 100644
--- a/src/login/logind-acl.c
+++ b/src/login/logind-acl.c
@@ -28,6 +28,18 @@
 #include "logind-acl.h"
 #include "util.h"
 #include "acl-util.h"
+#include "strv.h"
+#include "conf-files.h"
+
+static const char conf_file_dirs[] =
+        "/etc/systemd/acls.d\0"
+        "/run/systemd/acls.d\0"
+        "/usr/local/lib/systemd/acls.d\0"
+        "/usr/lib/systemd/acls.d\0"
+#ifdef HAVE_SPLIT_USR
+        "/lib/systemd/acls.d\0"
+#endif
+	;
 
 static int flush_acl(acl_t acl) {
         acl_entry_t i;
@@ -171,6 +183,51 @@ finish:
         return r;
 }
 
+static int apply_static_file_acls(
+		const char *seat,
+		bool flush,
+                bool del, uid_t old_uid,
+                bool add, uid_t new_uid) {
+	_cleanup_strv_free_ char **files = NULL;
+	int r;
+	char **fn;
+
+	r = conf_files_list_nulstr(&files, ".conf", NULL, conf_file_dirs);
+	if (r < 0) {
+		log_error("Failed to enumerate acl.d files: %s", strerror(-r));
+		goto finish;
+	}
+
+	STRV_FOREACH(fn, files) {
+		_cleanup_fclose_ FILE* fp = NULL;
+		char line[LINE_MAX];
+
+		r = search_and_fopen_nulstr(*fn, "re", conf_file_dirs, &fp);
+		if (r < 0)
+			continue;
+
+		FOREACH_LINE(line, fp, return -errno) {
+			int k;
+			char* l = strstrip(line);
+			const char* sn = seat; // TODO: allow to specify seat in second column?
+
+			if (*l == '#' || *l == 0)
+				continue;
+
+			log_debug("Fixing up static entry %s for seat %s...", l, sn);
+
+			k = devnode_acl(l, flush, del, old_uid, add, new_uid);
+			if (k < 0) {
+				log_error("Failed to set acl on %s: %s", l, strerror(-k));
+			}
+		}
+
+	}
+
+finish:
+	return r;
+}
+
 int devnode_acl_all(struct udev *udev,
                     const char *seat,
                     bool flush,
@@ -240,6 +297,8 @@ int devnode_acl_all(struct udev *udev,
                         goto finish;
         }
 
+	apply_static_file_acls(seat, flush, del, old_uid, add, new_uid);
+
 finish:
         if (e)
                 udev_enumerate_unref(e);
-- 
1.8.1.4

