summaryrefslogtreecommitdiff
path: root/src/shared/acl-util.c
diff options
context:
space:
mode:
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2015-11-27 22:24:33 -0500
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2015-11-27 23:32:32 -0500
commit5c3bde3fa8613e09e694198862ea9038566af422 (patch)
tree42871668b350263e3adabd20343e9c4e17425f82 /src/shared/acl-util.c
parent564c44436cf64adc7a9eff8c17f386899194a893 (diff)
downloadsystemd-5c3bde3fa8613e09e694198862ea9038566af422.tar.gz
journal: move the gist of server_fix_perms to acl-util.[hc]
Most of the function is moved to acl-util.c to make it possible to add tests in subsequent commit. Setting of the mode in server_fix_perms is removed: - we either just created the file ourselves, and the permission be better right, - or the file was already there, and we should not modify the permissions. server_fix_perms is renamed to server_fix_acls to better reflect new meaning, and made static because it is only used in one file.
Diffstat (limited to 'src/shared/acl-util.c')
-rw-r--r--src/shared/acl-util.c31
1 files changed, 31 insertions, 0 deletions
diff --git a/src/shared/acl-util.c b/src/shared/acl-util.c
index 35f2e1b67d..9f3b1ff51c 100644
--- a/src/shared/acl-util.c
+++ b/src/shared/acl-util.c
@@ -398,3 +398,34 @@ int acls_for_file(const char *path, acl_type_t type, acl_t new, acl_t *acl) {
old = NULL;
return 0;
}
+
+int add_acls_for_user(int fd, uid_t uid) {
+ _cleanup_(acl_freep) acl_t acl = NULL;
+ acl_entry_t entry;
+ acl_permset_t permset;
+ int r;
+
+ acl = acl_get_fd(fd);
+ if (!acl)
+ return -errno;
+
+ r = acl_find_uid(acl, uid, &entry);
+ if (r <= 0) {
+ if (acl_create_entry(&acl, &entry) < 0 ||
+ acl_set_tag_type(entry, ACL_USER) < 0 ||
+ acl_set_qualifier(entry, &uid) < 0)
+ return -errno;
+ }
+
+ /* We do not recalculate the mask unconditionally here,
+ * so that the fchmod() mask above stays intact. */
+ if (acl_get_permset(entry, &permset) < 0 ||
+ acl_add_perm(permset, ACL_READ) < 0)
+ return -errno;
+
+ r = calc_acl_mask_if_needed(&acl);
+ if (r < 0)
+ return r;
+
+ return acl_set_fd(fd, acl);
+}