diff options
| -rw-r--r-- | configure.ac | 26 | ||||
| -rw-r--r-- | lib/Makefile.am | 1 | ||||
| -rw-r--r-- | lib/verify.c | 14 | ||||
| -rw-r--r-- | system.h | 4 |
4 files changed, 45 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index 28d12457c..03e83630b 100644 --- a/configure.ac +++ b/configure.ac @@ -764,6 +764,32 @@ AS_IF([test "$with_cap" = yes],[ AC_SUBST(WITH_CAP_LIB) AM_CONDITIONAL(CAP,[test "$with_cap" = yes]) +WITH_ACL_LIB= +AC_ARG_WITH(acl, [ --with-acl build with acl support ], +[case "$with_acl" in +yes|no) ;; +*) AC_MSG_ERROR([invalid argument to --with-acl]) + ;; +esac], +[with_acl=no]) + +AS_IF([test "$with_acl" = yes],[ + dnl verification uses non-portable acl_equiv_mode() + AC_CHECK_HEADER([acl/libacl.h],[ + AC_CHECK_LIB(acl,[acl_equiv_mode],[with_acl=yes],[ + AC_MSG_ERROR([--with-acl given, but libacl not found or not suitable])]) + ],[ + AC_MSG_ERROR([--with-acl given, but acl/libacl.h not found]) + ]) +]) + +AS_IF([test "$with_acl" = yes],[ + AC_DEFINE(WITH_ACL, 1, [Build with acl support?]) + WITH_ACL_LIB="-lacl" +]) +AC_SUBST(WITH_ACL_LIB) +AM_CONDITIONAL(ACL,[test "$with_acl" = yes]) + WITH_LUA_LIB= WITH_LUA_INCLUDE= AC_ARG_WITH(lua, [ --with-lua build with lua support ],,[with_lua=yes]) diff --git a/lib/Makefile.am b/lib/Makefile.am index 6befe8637..dbd204bd4 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -48,6 +48,7 @@ librpm_la_LIBADD = \ @WITH_SELINUX_LIB@ \ @WITH_SQLITE3_LIB@ \ @WITH_CAP_LIB@ \ + @WITH_ACL_LIB@ \ @LIBINTL@ if WITH_INTERNAL_DB diff --git a/lib/verify.c b/lib/verify.c index da485c835..c4ce1186c 100644 --- a/lib/verify.c +++ b/lib/verify.c @@ -152,6 +152,20 @@ int rpmVerifyFile(const rpmts ts, const rpmfi fi, if (metamode != filemode) *res |= RPMVERIFY_MODE; + +#if WITH_ACL + /* + * For now, any non-default acl's on a file is a difference as rpm + * cannot have set them. + */ + acl_t facl = acl_get_file(fn, ACL_TYPE_ACCESS); + if (facl) { + if (acl_equiv_mode(facl, NULL) == 1) { + *res |= RPMVERIFY_MODE; + } + acl_free(facl); + } +#endif } if (flags & RPMVERIFY_RDEV) { @@ -231,6 +231,10 @@ void * _free(void * p) #include <sys/capability.h> #endif +#if WITH_ACL +#include <acl/libacl.h> +#endif + /** * Wrapper to free(3), permit NULL, return NULL. * For documenting cases where const is used to protect long-lived |