From 062e01bbdbc3201e4c99bc0b702cb04a0ae2190c Mon Sep 17 00:00:00 2001 From: Michal Schmidt Date: Fri, 16 Dec 2011 18:00:11 +0100 Subject: [PATCH] tmpfiles: apply chown, chmod for 'Z' entries too If changing ownership or permissions is not desired, they can be configured to '-' or omitted entirely. --- man/systemd-tmpfiles.xml | 3 ++- man/tmpfiles.d.xml | 16 +++++++----- src/tmpfiles.c | 55 ++++++++++++++++++++-------------------- 3 files changed, 40 insertions(+), 34 deletions(-) diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml index 20e399bfd4c..74dfd5ac7e7 100644 --- a/man/systemd-tmpfiles.xml +++ b/man/systemd-tmpfiles.xml @@ -85,7 +85,8 @@ files and directories marked with f, F, d, D in the configuration files are created. Files and directories marked with Z - are relabeled. + have their ownership, access mode and security + labels set. diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml index 6a2a3774ae6..e137967654e 100644 --- a/man/tmpfiles.d.xml +++ b/man/tmpfiles.d.xml @@ -158,8 +158,9 @@ d /run/user 0755 root root 10d Z - Recursively - relabel security context of a path and + Recursively set + ownership, access mode and relabel + security context of a path and all its subdirectories (if it is a directory). Lines of this type accept shell-style globs in place of normal @@ -174,8 +175,10 @@ d /run/user 0755 root root 10d The file access mode to use when creating this file or directory. If omitted or when set to - the default is used: 0755 for - directories, 0644 for files. This parameter is - ignored for x, r, R, Z lines. + directories, 0644 for files. For Z lines + if omitted or when set to - the file access mode will + not be modified. This parameter is ignored for x, r, R + lines. @@ -185,8 +188,9 @@ d /run/user 0755 root root 10d or directory. This may either be a numeric user/group ID or a user or group name. If omitted or when set to - the default 0 (root) - is used. . These parameters are ignored for x, - r, R, Z lines. + is used. For Z lines when omitted or when set to - + the file ownership will not be modified. + These parameters are ignored for x, r, R lines. diff --git a/src/tmpfiles.c b/src/tmpfiles.c index 18067c4b1f7..13950824e08 100644 --- a/src/tmpfiles.c +++ b/src/tmpfiles.c @@ -406,7 +406,27 @@ finish: return r; } -static int recursive_relabel_children(const char *path) { +static int item_set_perms(Item *i, const char *path) { + /* not using i->path directly because it may be a glob */ + if (i->mode_set) + if (chmod(path, i->mode) < 0) { + log_error("chmod(%s) failed: %m", path); + return -errno; + } + + if (i->uid_set || i->gid_set) + if (chown(path, + i->uid_set ? i->uid : (uid_t) -1, + i->gid_set ? i->gid : (gid_t) -1) < 0) { + + log_error("chown(%s) failed: %m", path); + return -errno; + } + + return label_fix(path, false); +} + +static int recursive_relabel_children(Item *i, const char *path) { DIR *d; int ret = 0; @@ -457,7 +477,7 @@ static int recursive_relabel_children(const char *path) { } else is_dir = de->d_type == DT_DIR; - r = label_fix(entry_path, false); + r = item_set_perms(i, entry_path); if (r < 0) { if (ret == 0 && r != -ENOENT) ret = r; @@ -466,7 +486,7 @@ static int recursive_relabel_children(const char *path) { } if (is_dir) { - r = recursive_relabel_children(entry_path); + r = recursive_relabel_children(i, entry_path); if (r < 0 && ret == 0) ret = r; } @@ -483,7 +503,7 @@ static int recursive_relabel(Item *i, const char *path) { int r; struct stat st; - r = label_fix(path, false); + r = item_set_perms(i, path); if (r < 0) return r; @@ -491,7 +511,7 @@ static int recursive_relabel(Item *i, const char *path) { return -errno; if (S_ISDIR(st.st_mode)) - r = recursive_relabel_children(path); + r = recursive_relabel_children(i, path); return r; } @@ -523,25 +543,6 @@ static int glob_item(Item *i, int (*action)(Item *, const char *)) { return r; } -static int item_set_perms(Item *i) { - if (i->mode_set) - if (chmod(i->path, i->mode) < 0) { - log_error("chmod(%s) failed: %m", i->path); - return -errno; - } - - if (i->uid_set || i->gid_set) - if (chown(i->path, - i->uid_set ? i->uid : (uid_t) -1, - i->gid_set ? i->gid : (gid_t) -1) < 0) { - - log_error("chown(%s) failed: %m", i->path); - return -errno; - } - - return label_fix(i->path, false); -} - static int create_item(Item *i) { int r; mode_t u; @@ -582,7 +583,7 @@ static int create_item(Item *i) { return -EEXIST; } - r = item_set_perms(i); + r = item_set_perms(i, i->path); if (r < 0) return r; @@ -612,7 +613,7 @@ static int create_item(Item *i) { return -EEXIST; } - r = item_set_perms(i); + r = item_set_perms(i, i->path); if (r < 0) return r; @@ -639,7 +640,7 @@ static int create_item(Item *i) { return -EEXIST; } - r = item_set_perms(i); + r = item_set_perms(i, i->path); if (r < 0) return r;