1 /* SPDX-License-Identifier: GPL-2.0+ */
3 * manage device node user ACL
13 #include "login-util.h"
14 #include "logind-acl.h"
16 #include "udev-builtin.h"
18 static int builtin_uaccess(struct udev_device
*dev
, int argc
, char *argv
[], bool test
) {
20 const char *path
= NULL
, *seat
;
21 bool changed_acl
= false;
26 /* don't muck around with ACLs when the system is not running systemd */
27 if (!logind_running())
30 path
= udev_device_get_devnode(dev
);
31 seat
= udev_device_get_property_value(dev
, "ID_SEAT");
35 r
= sd_seat_get_active(seat
, NULL
, &uid
);
36 if (IN_SET(r
, -ENXIO
, -ENODATA
)) {
37 /* No active session on this seat */
41 log_error("Failed to determine active user on seat %s.", seat
);
45 r
= devnode_acl(path
, true, false, 0, true, uid
);
47 log_full_errno(r
== -ENOENT
? LOG_DEBUG
: LOG_ERR
, r
, "Failed to apply ACL on %s: %m", path
);
55 if (path
&& !changed_acl
) {
58 /* Better be safe than sorry and reset ACL */
59 k
= devnode_acl(path
, true, false, 0, false, 0);
61 log_full_errno(errno
== ENOENT
? LOG_DEBUG
: LOG_ERR
, k
, "Failed to apply ACL on %s: %m", path
);
67 return r
< 0 ? EXIT_FAILURE
: EXIT_SUCCESS
;
70 const struct udev_builtin udev_builtin_uaccess
= {
72 .cmd
= builtin_uaccess
,
73 .help
= "Manage device node user ACL",