1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00

tmpfiles: apply chown, chmod for 'Z' entries too

If changing ownership or permissions is not desired, they can be
configured to '-' or omitted entirely.
This commit is contained in:
Michal Schmidt 2011-12-16 18:00:11 +01:00
parent 18d01523c8
commit 062e01bbdb
3 changed files with 40 additions and 34 deletions

View File

@ -85,7 +85,8 @@
files and directories marked with f, files and directories marked with f,
F, d, D in the configuration files are F, d, D in the configuration files are
created. Files and directories marked with Z created. Files and directories marked with Z
are relabeled.</para></listitem> have their ownership, access mode and security
labels set.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>

View File

@ -158,8 +158,9 @@ d /run/user 0755 root root 10d</programlisting>
<varlistentry> <varlistentry>
<term><varname>Z</varname></term> <term><varname>Z</varname></term>
<listitem><para>Recursively <listitem><para>Recursively set
relabel security context of a path and ownership, access mode and relabel
security context of a path and
all its subdirectories (if it is a all its subdirectories (if it is a
directory). Lines of this type accept directory). Lines of this type accept
shell-style globs in place of normal shell-style globs in place of normal
@ -174,8 +175,10 @@ d /run/user 0755 root root 10d</programlisting>
<para>The file access mode to use when <para>The file access mode to use when
creating this file or directory. If omitted or creating this file or directory. If omitted or
when set to - the default is used: 0755 for when set to - the default is used: 0755 for
directories, 0644 for files. This parameter is directories, 0644 for files. For Z lines
ignored for x, r, R, Z lines.</para> if omitted or when set to - the file access mode will
not be modified. This parameter is ignored for x, r, R
lines.</para>
</refsect2> </refsect2>
<refsect2> <refsect2>
@ -185,8 +188,9 @@ d /run/user 0755 root root 10d</programlisting>
or directory. This may either be a numeric or directory. This may either be a numeric
user/group ID or a user or group name. If user/group ID or a user or group name. If
omitted or when set to - the default 0 (root) omitted or when set to - the default 0 (root)
is used. . These parameters are ignored for x, is used. For Z lines when omitted or when set to -
r, R, Z lines.</para> the file ownership will not be modified.
These parameters are ignored for x, r, R lines.</para>
</refsect2> </refsect2>
<refsect2> <refsect2>

View File

@ -406,7 +406,27 @@ finish:
return r; return r;
} }
static int recursive_relabel_children(const char *path) { static int item_set_perms(Item *i, const char *path) {
/* not using i->path directly because it may be a glob */
if (i->mode_set)
if (chmod(path, i->mode) < 0) {
log_error("chmod(%s) failed: %m", path);
return -errno;
}
if (i->uid_set || i->gid_set)
if (chown(path,
i->uid_set ? i->uid : (uid_t) -1,
i->gid_set ? i->gid : (gid_t) -1) < 0) {
log_error("chown(%s) failed: %m", path);
return -errno;
}
return label_fix(path, false);
}
static int recursive_relabel_children(Item *i, const char *path) {
DIR *d; DIR *d;
int ret = 0; int ret = 0;
@ -457,7 +477,7 @@ static int recursive_relabel_children(const char *path) {
} else } else
is_dir = de->d_type == DT_DIR; is_dir = de->d_type == DT_DIR;
r = label_fix(entry_path, false); r = item_set_perms(i, entry_path);
if (r < 0) { if (r < 0) {
if (ret == 0 && r != -ENOENT) if (ret == 0 && r != -ENOENT)
ret = r; ret = r;
@ -466,7 +486,7 @@ static int recursive_relabel_children(const char *path) {
} }
if (is_dir) { if (is_dir) {
r = recursive_relabel_children(entry_path); r = recursive_relabel_children(i, entry_path);
if (r < 0 && ret == 0) if (r < 0 && ret == 0)
ret = r; ret = r;
} }
@ -483,7 +503,7 @@ static int recursive_relabel(Item *i, const char *path) {
int r; int r;
struct stat st; struct stat st;
r = label_fix(path, false); r = item_set_perms(i, path);
if (r < 0) if (r < 0)
return r; return r;
@ -491,7 +511,7 @@ static int recursive_relabel(Item *i, const char *path) {
return -errno; return -errno;
if (S_ISDIR(st.st_mode)) if (S_ISDIR(st.st_mode))
r = recursive_relabel_children(path); r = recursive_relabel_children(i, path);
return r; return r;
} }
@ -523,25 +543,6 @@ static int glob_item(Item *i, int (*action)(Item *, const char *)) {
return r; return r;
} }
static int item_set_perms(Item *i) {
if (i->mode_set)
if (chmod(i->path, i->mode) < 0) {
log_error("chmod(%s) failed: %m", i->path);
return -errno;
}
if (i->uid_set || i->gid_set)
if (chown(i->path,
i->uid_set ? i->uid : (uid_t) -1,
i->gid_set ? i->gid : (gid_t) -1) < 0) {
log_error("chown(%s) failed: %m", i->path);
return -errno;
}
return label_fix(i->path, false);
}
static int create_item(Item *i) { static int create_item(Item *i) {
int r; int r;
mode_t u; mode_t u;
@ -582,7 +583,7 @@ static int create_item(Item *i) {
return -EEXIST; return -EEXIST;
} }
r = item_set_perms(i); r = item_set_perms(i, i->path);
if (r < 0) if (r < 0)
return r; return r;
@ -612,7 +613,7 @@ static int create_item(Item *i) {
return -EEXIST; return -EEXIST;
} }
r = item_set_perms(i); r = item_set_perms(i, i->path);
if (r < 0) if (r < 0)
return r; return r;
@ -639,7 +640,7 @@ static int create_item(Item *i) {
return -EEXIST; return -EEXIST;
} }
r = item_set_perms(i); r = item_set_perms(i, i->path);
if (r < 0) if (r < 0)
return r; return r;