From: Yu Watanabe Date: Wed, 22 Jan 2025 20:59:04 +0000 (+0900) Subject: udev-rules: ignore OWNER=/GROUP= with unknown user/group X-Git-Tag: v258-rc1~1506^2~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a1ee55e3c9eaa02737cb74cf3fc93583b307c8cd;p=thirdparty%2Fsystemd.git udev-rules: ignore OWNER=/GROUP= with unknown user/group Previously, when an unknown or invalid user/group is specified, a token was installed with UID_INVALID/GID_INVALID. That's not only meaningless in most cases, but also clears previous assignment, if multiple OWNER=/GROUP= token exist for the same device, e.g. KERNEL=="sda", GROUP="disk" KERNEL=="sda", GROUP="nonexistentuser" This makes when an unknown user/group is specified, the line will be ignored. Hence, in the above example, the device will be owned by the group "disk". --- diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c index 2fbf422aa49..91a0d1f01aa 100644 --- a/src/udev/udev-rules.c +++ b/src/udev/udev-rules.c @@ -496,23 +496,18 @@ static int rule_resolve_user(UdevRuleLine *rule_line, const char *name, uid_t *r /* ret_home = */ NULL, /* ret_shell = */ NULL, USER_CREDS_ALLOW_MISSING); - if (r < 0) { - if (r == -ESRCH) - log_line_error_errno(rule_line, r, "Unknown user '%s', ignoring.", name); - else - log_line_error_errno(rule_line, r, "Failed to resolve user '%s', ignoring: %m", name); - - *ret = UID_INVALID; - return 0; - } + if (r == -ESRCH) + return log_line_error_errno(rule_line, r, "Unknown user '%s', ignoring.", name); + if (r < 0) + return log_line_error_errno(rule_line, r, "Failed to resolve user '%s', ignoring: %m", name); n = strdup(name); if (!n) - return -ENOMEM; + return log_oom(); r = hashmap_ensure_put(known_users, &string_hash_ops_free, n, UID_TO_PTR(uid)); if (r < 0) - return r; + return log_oom(); TAKE_PTR(n); *ret = uid; @@ -536,23 +531,18 @@ static int rule_resolve_group(UdevRuleLine *rule_line, const char *name, gid_t * } r = get_group_creds(&name, &gid, USER_CREDS_ALLOW_MISSING); - if (r < 0) { - if (r == -ESRCH) - log_line_error_errno(rule_line, r, "Unknown group '%s', ignoring.", name); - else - log_line_error_errno(rule_line, r, "Failed to resolve group '%s', ignoring: %m", name); - - *ret = GID_INVALID; - return 0; - } + if (r == -ESRCH) + return log_line_error_errno(rule_line, r, "Unknown group '%s', ignoring.", name); + if (r < 0) + return log_line_error_errno(rule_line, r, "Failed to resolve group '%s', ignoring: %m", name); n = strdup(name); if (!n) - return -ENOMEM; + return log_oom(); r = hashmap_ensure_put(known_groups, &string_hash_ops_free, n, GID_TO_PTR(gid)); if (r < 0) - return r; + return log_oom(); TAKE_PTR(n); *ret = gid; @@ -1052,9 +1042,10 @@ static int parse_token( r = rule_line_add_token(rule_line, TK_A_OWNER_ID, op, NULL, UID_TO_PTR(uid), /* is_case_insensitive = */ false, token_str); else if (resolve_name_timing == RESOLVE_NAME_EARLY && rule_get_substitution_type(value) == SUBST_TYPE_PLAIN) { + r = rule_resolve_user(rule_line, value, &uid); if (r < 0) - return log_line_error_errno(rule_line, r, "Failed to resolve user name '%s': %m", value); + return r; r = rule_line_add_token(rule_line, TK_A_OWNER_ID, op, NULL, UID_TO_PTR(uid), /* is_case_insensitive = */ false, token_str); } else if (resolve_name_timing != RESOLVE_NAME_NEVER) { @@ -1080,9 +1071,10 @@ static int parse_token( r = rule_line_add_token(rule_line, TK_A_GROUP_ID, op, NULL, GID_TO_PTR(gid), /* is_case_insensitive = */ false, token_str); else if (resolve_name_timing == RESOLVE_NAME_EARLY && rule_get_substitution_type(value) == SUBST_TYPE_PLAIN) { + r = rule_resolve_group(rule_line, value, &gid); if (r < 0) - return log_line_error_errno(rule_line, r, "Failed to resolve group name '%s': %m", value); + return r; r = rule_line_add_token(rule_line, TK_A_GROUP_ID, op, NULL, GID_TO_PTR(gid), /* is_case_insensitive = */ false, token_str); } else if (resolve_name_timing != RESOLVE_NAME_NEVER) {