diff options
| author | Lennart Poettering <lennart@poettering.net> | 2018-10-19 11:28:40 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2018-10-26 15:13:26 +0200 |
| commit | f89bc84f3242449cbc308892c87573b131f121df (patch) | |
| tree | 5dffba353b352c7d18a972228ef7492562547a8f | |
| parent | 5de6cce58b3e8b79239b6e83653459d91af6e57c (diff) | |
| download | systemd-f89bc84f3242449cbc308892c87573b131f121df.tar.gz systemd-f89bc84f3242449cbc308892c87573b131f121df.tar.bz2 systemd-f89bc84f3242449cbc308892c87573b131f121df.zip | |
chown-recursive: also drop ACLs when recursively chown()ing
Let's better be safe than sorry and also drop ACLs.
| -rw-r--r-- | src/core/chown-recursive.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/src/core/chown-recursive.c b/src/core/chown-recursive.c index 27c64489b5..447b771267 100644 --- a/src/core/chown-recursive.c +++ b/src/core/chown-recursive.c @@ -3,6 +3,7 @@ #include <fcntl.h> #include <sys/stat.h> #include <sys/types.h> +#include <sys/xattr.h> #include "chown-recursive.h" #include "dirent-util.h" @@ -14,6 +15,7 @@ static int chown_one(int fd, const struct stat *st, uid_t uid, gid_t gid) { char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int) + 1]; + const char *n; assert(fd >= 0); assert(st); @@ -26,13 +28,19 @@ static int chown_one(int fd, const struct stat *st, uid_t uid, gid_t gid) { * O_PATH. (Note: fchown() and fchmod() do not work with O_PATH, the kernel refuses that. */ xsprintf(procfs_path, "/proc/self/fd/%i", fd); + /* Drop any ACL if there is one */ + FOREACH_STRING(n, "system.posix_acl_access", "system.posix_acl_default") + if (removexattr(procfs_path, n) < 0) + if (!IN_SET(errno, ENODATA, EOPNOTSUPP, ENOSYS, ENOTTY)) + return -errno; + if (chown(procfs_path, uid, gid) < 0) return -errno; - /* The linux kernel alters the mode in some cases of chown(). Let's undo this. We do this only for non-symlinks - * however. That's because for symlinks the access mode is ignored anyway and because on some kernels/file - * systems trying to change the access mode will succeed but has no effect while on others it actively - * fails. */ + /* The linux kernel alters the mode in some cases of chown(), as well when we change ACLs. Let's undo this. We + * do this only for non-symlinks however. That's because for symlinks the access mode is ignored anyway and + * because on some kernels/file systems trying to change the access mode will succeed but has no effect while + * on others it actively fails. */ if (!S_ISLNK(st->st_mode)) if (chmod(procfs_path, st->st_mode & 07777) < 0) return -errno; |