git.ipfire.org Git - thirdparty/systemd.git/commit

author	Lennart Poettering <lennart@poettering.net>
	Tue, 23 Sep 2025 09:46:49 +0000 (11:46 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Wed, 24 Sep 2025 07:47:41 +0000 (09:47 +0200)
commit	7c3a7f925f83bd05a49e8b1f09726cccc26977f7
tree	753da7684f3882c17fc1f1829ed70c1a70ff34b8	tree \| snapshot
parent	ab2b43048750aa7e8ba7e6e7710aca1d97e8376a	commit \| diff

acl: turn libacl dep into a dlopen() one

I initially didn't think it would be worth doing this, but I changed my
mind. People out there quite successfully build systemd without ACL
support, and that suggests life without it is quite possible. Moreover
we only use it as very specific places:

1. in udev/logind for "uaccess" mgmt
2. in tmpfiles to implement explicitly configured acl changes
3. in journald/coredump/pstore to manage access to unpriv users
4. in pid1 to manage access to credential files
5. when shifting UIDs of container trees

I specific container environments it should be entirely fine to live without all
of these, hence let's pull this in on demand only.

meson.build		diff \| blob \| blame \| history
src/shared/acl-util.c		diff \| blob \| blame \| history
src/shared/acl-util.h		diff \| blob \| blame \| history
src/shared/meson.build		diff \| blob \| blame \| history
src/shared/shift-uid.c		diff \| blob \| blame \| history
src/test/test-dlopen-so.c		diff \| blob \| blame \| history
src/tmpfiles/meson.build		diff \| blob \| blame \| history
src/tmpfiles/tmpfiles.c		diff \| blob \| blame \| history
src/udev/meson.build		diff \| blob \| blame \| history