1 /* SPDX-License-Identifier: GPL-2.0+ */
3 * manage device node user ACL
13 #include "login-util.h"
14 #include "logind-acl.h"
16 #include "udev-builtin.h"
18 static int builtin_uaccess(sd_device
*dev
, int argc
, char *argv
[], bool test
) {
20 const char *path
= NULL
, *seat
;
21 bool changed_acl
= false;
26 /* don't muck around with ACLs when the system is not running systemd */
27 if (!logind_running())
30 r
= sd_device_get_devname(dev
, &path
);
34 if (sd_device_get_property_value(dev
, "ID_SEAT", &seat
) < 0)
37 r
= sd_seat_get_active(seat
, NULL
, &uid
);
39 if (IN_SET(r
, -ENXIO
, -ENODATA
))
40 /* No active session on this seat */
43 log_error_errno(r
, "Failed to determine active user on seat %s: %m", seat
);
48 r
= devnode_acl(path
, true, false, 0, true, uid
);
50 log_full_errno(r
== -ENOENT
? LOG_DEBUG
: LOG_ERR
, r
, "Failed to apply ACL on %s: %m", path
);
58 if (path
&& !changed_acl
) {
61 /* Better be safe than sorry and reset ACL */
62 k
= devnode_acl(path
, true, false, 0, false, 0);
64 log_full_errno(errno
== ENOENT
? LOG_DEBUG
: LOG_ERR
, k
, "Failed to apply ACL on %s: %m", path
);
73 const struct udev_builtin udev_builtin_uaccess
= {
75 .cmd
= builtin_uaccess
,
76 .help
= "Manage device node user ACL",