mirror of
https://github.com/systemd/systemd.git
synced 2024-12-25 01:34:28 +03:00
tmpfiles: apply chown, chmod for 'Z' entries too
If changing ownership or permissions is not desired, they can be configured to '-' or omitted entirely.
This commit is contained in:
parent
18d01523c8
commit
062e01bbdb
@ -85,7 +85,8 @@
|
|||||||
files and directories marked with f,
|
files and directories marked with f,
|
||||||
F, d, D in the configuration files are
|
F, d, D in the configuration files are
|
||||||
created. Files and directories marked with Z
|
created. Files and directories marked with Z
|
||||||
are relabeled.</para></listitem>
|
have their ownership, access mode and security
|
||||||
|
labels set.</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
|
@ -158,8 +158,9 @@ d /run/user 0755 root root 10d</programlisting>
|
|||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><varname>Z</varname></term>
|
<term><varname>Z</varname></term>
|
||||||
<listitem><para>Recursively
|
<listitem><para>Recursively set
|
||||||
relabel security context of a path and
|
ownership, access mode and relabel
|
||||||
|
security context of a path and
|
||||||
all its subdirectories (if it is a
|
all its subdirectories (if it is a
|
||||||
directory). Lines of this type accept
|
directory). Lines of this type accept
|
||||||
shell-style globs in place of normal
|
shell-style globs in place of normal
|
||||||
@ -174,8 +175,10 @@ d /run/user 0755 root root 10d</programlisting>
|
|||||||
<para>The file access mode to use when
|
<para>The file access mode to use when
|
||||||
creating this file or directory. If omitted or
|
creating this file or directory. If omitted or
|
||||||
when set to - the default is used: 0755 for
|
when set to - the default is used: 0755 for
|
||||||
directories, 0644 for files. This parameter is
|
directories, 0644 for files. For Z lines
|
||||||
ignored for x, r, R, Z lines.</para>
|
if omitted or when set to - the file access mode will
|
||||||
|
not be modified. This parameter is ignored for x, r, R
|
||||||
|
lines.</para>
|
||||||
</refsect2>
|
</refsect2>
|
||||||
|
|
||||||
<refsect2>
|
<refsect2>
|
||||||
@ -185,8 +188,9 @@ d /run/user 0755 root root 10d</programlisting>
|
|||||||
or directory. This may either be a numeric
|
or directory. This may either be a numeric
|
||||||
user/group ID or a user or group name. If
|
user/group ID or a user or group name. If
|
||||||
omitted or when set to - the default 0 (root)
|
omitted or when set to - the default 0 (root)
|
||||||
is used. . These parameters are ignored for x,
|
is used. For Z lines when omitted or when set to -
|
||||||
r, R, Z lines.</para>
|
the file ownership will not be modified.
|
||||||
|
These parameters are ignored for x, r, R lines.</para>
|
||||||
</refsect2>
|
</refsect2>
|
||||||
|
|
||||||
<refsect2>
|
<refsect2>
|
||||||
|
@ -406,7 +406,27 @@ finish:
|
|||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int recursive_relabel_children(const char *path) {
|
static int item_set_perms(Item *i, const char *path) {
|
||||||
|
/* not using i->path directly because it may be a glob */
|
||||||
|
if (i->mode_set)
|
||||||
|
if (chmod(path, i->mode) < 0) {
|
||||||
|
log_error("chmod(%s) failed: %m", path);
|
||||||
|
return -errno;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (i->uid_set || i->gid_set)
|
||||||
|
if (chown(path,
|
||||||
|
i->uid_set ? i->uid : (uid_t) -1,
|
||||||
|
i->gid_set ? i->gid : (gid_t) -1) < 0) {
|
||||||
|
|
||||||
|
log_error("chown(%s) failed: %m", path);
|
||||||
|
return -errno;
|
||||||
|
}
|
||||||
|
|
||||||
|
return label_fix(path, false);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int recursive_relabel_children(Item *i, const char *path) {
|
||||||
DIR *d;
|
DIR *d;
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
@ -457,7 +477,7 @@ static int recursive_relabel_children(const char *path) {
|
|||||||
} else
|
} else
|
||||||
is_dir = de->d_type == DT_DIR;
|
is_dir = de->d_type == DT_DIR;
|
||||||
|
|
||||||
r = label_fix(entry_path, false);
|
r = item_set_perms(i, entry_path);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
if (ret == 0 && r != -ENOENT)
|
if (ret == 0 && r != -ENOENT)
|
||||||
ret = r;
|
ret = r;
|
||||||
@ -466,7 +486,7 @@ static int recursive_relabel_children(const char *path) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (is_dir) {
|
if (is_dir) {
|
||||||
r = recursive_relabel_children(entry_path);
|
r = recursive_relabel_children(i, entry_path);
|
||||||
if (r < 0 && ret == 0)
|
if (r < 0 && ret == 0)
|
||||||
ret = r;
|
ret = r;
|
||||||
}
|
}
|
||||||
@ -483,7 +503,7 @@ static int recursive_relabel(Item *i, const char *path) {
|
|||||||
int r;
|
int r;
|
||||||
struct stat st;
|
struct stat st;
|
||||||
|
|
||||||
r = label_fix(path, false);
|
r = item_set_perms(i, path);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
@ -491,7 +511,7 @@ static int recursive_relabel(Item *i, const char *path) {
|
|||||||
return -errno;
|
return -errno;
|
||||||
|
|
||||||
if (S_ISDIR(st.st_mode))
|
if (S_ISDIR(st.st_mode))
|
||||||
r = recursive_relabel_children(path);
|
r = recursive_relabel_children(i, path);
|
||||||
|
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
@ -523,25 +543,6 @@ static int glob_item(Item *i, int (*action)(Item *, const char *)) {
|
|||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int item_set_perms(Item *i) {
|
|
||||||
if (i->mode_set)
|
|
||||||
if (chmod(i->path, i->mode) < 0) {
|
|
||||||
log_error("chmod(%s) failed: %m", i->path);
|
|
||||||
return -errno;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (i->uid_set || i->gid_set)
|
|
||||||
if (chown(i->path,
|
|
||||||
i->uid_set ? i->uid : (uid_t) -1,
|
|
||||||
i->gid_set ? i->gid : (gid_t) -1) < 0) {
|
|
||||||
|
|
||||||
log_error("chown(%s) failed: %m", i->path);
|
|
||||||
return -errno;
|
|
||||||
}
|
|
||||||
|
|
||||||
return label_fix(i->path, false);
|
|
||||||
}
|
|
||||||
|
|
||||||
static int create_item(Item *i) {
|
static int create_item(Item *i) {
|
||||||
int r;
|
int r;
|
||||||
mode_t u;
|
mode_t u;
|
||||||
@ -582,7 +583,7 @@ static int create_item(Item *i) {
|
|||||||
return -EEXIST;
|
return -EEXIST;
|
||||||
}
|
}
|
||||||
|
|
||||||
r = item_set_perms(i);
|
r = item_set_perms(i, i->path);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
@ -612,7 +613,7 @@ static int create_item(Item *i) {
|
|||||||
return -EEXIST;
|
return -EEXIST;
|
||||||
}
|
}
|
||||||
|
|
||||||
r = item_set_perms(i);
|
r = item_set_perms(i, i->path);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
@ -639,7 +640,7 @@ static int create_item(Item *i) {
|
|||||||
return -EEXIST;
|
return -EEXIST;
|
||||||
}
|
}
|
||||||
|
|
||||||
r = item_set_perms(i);
|
r = item_set_perms(i, i->path);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user