1 /* SPDX-License-Identifier: GPL-2.0+ */
3 * manage device node user ACL
14 #include "login-util.h"
15 #include "logind-acl.h"
19 static int builtin_uaccess(struct udev_device
*dev
, int argc
, char *argv
[], bool test
) {
21 const char *path
= NULL
, *seat
;
22 bool changed_acl
= false;
27 /* don't muck around with ACLs when the system is not running systemd */
28 if (!logind_running())
31 path
= udev_device_get_devnode(dev
);
32 seat
= udev_device_get_property_value(dev
, "ID_SEAT");
36 r
= sd_seat_get_active(seat
, NULL
, &uid
);
37 if (IN_SET(r
, -ENXIO
, -ENODATA
)) {
38 /* No active session on this seat */
42 log_error("Failed to determine active user on seat %s.", seat
);
46 r
= devnode_acl(path
, true, false, 0, true, uid
);
48 log_full_errno(r
== -ENOENT
? LOG_DEBUG
: LOG_ERR
, r
, "Failed to apply ACL on %s: %m", path
);
56 if (path
&& !changed_acl
) {
59 /* Better be safe than sorry and reset ACL */
60 k
= devnode_acl(path
, true, false, 0, false, 0);
62 log_full_errno(errno
== ENOENT
? LOG_DEBUG
: LOG_ERR
, k
, "Failed to apply ACL on %s: %m", path
);
68 return r
< 0 ? EXIT_FAILURE
: EXIT_SUCCESS
;
71 const struct udev_builtin udev_builtin_uaccess
= {
73 .cmd
= builtin_uaccess
,
74 .help
= "Manage device node user ACL",