1 /* SPDX-License-Identifier: GPL-2.0+ */
3 * manage device node user ACL
12 #include "login-util.h"
13 #include "logind-acl.h"
17 static int builtin_uaccess(struct udev_device
*dev
, int argc
, char *argv
[], bool test
) {
19 const char *path
= NULL
, *seat
;
20 bool changed_acl
= false;
25 /* don't muck around with ACLs when the system is not running systemd */
26 if (!logind_running())
29 path
= udev_device_get_devnode(dev
);
30 seat
= udev_device_get_property_value(dev
, "ID_SEAT");
34 r
= sd_seat_get_active(seat
, NULL
, &uid
);
35 if (IN_SET(r
, -ENXIO
, -ENODATA
)) {
36 /* No active session on this seat */
40 log_error("Failed to determine active user on seat %s.", seat
);
44 r
= devnode_acl(path
, true, false, 0, true, uid
);
46 log_full_errno(r
== -ENOENT
? LOG_DEBUG
: LOG_ERR
, r
, "Failed to apply ACL on %s: %m", path
);
54 if (path
&& !changed_acl
) {
57 /* Better be safe than sorry and reset ACL */
58 k
= devnode_acl(path
, true, false, 0, false, 0);
60 log_full_errno(errno
== ENOENT
? LOG_DEBUG
: LOG_ERR
, k
, "Failed to apply ACL on %s: %m", path
);
66 return r
< 0 ? EXIT_FAILURE
: EXIT_SUCCESS
;
69 const struct udev_builtin udev_builtin_uaccess
= {
71 .cmd
= builtin_uaccess
,
72 .help
= "Manage device node user ACL",