]>
Commit | Line | Data |
---|---|---|
e7145211 | 1 | /* SPDX-License-Identifier: GPL-2.0+ */ |
83cd6b75 KS |
2 | /* |
3 | * manage device node user ACL | |
4 | * | |
96b2fb93 | 5 | * Copyright © 2010-2012 Kay Sievers <kay@vrfy.org> |
83cd6b75 | 6 | * |
83cd6b75 KS |
7 | */ |
8 | ||
cf0fbc49 | 9 | #include <errno.h> |
83cd6b75 KS |
10 | #include <stdio.h> |
11 | #include <stdlib.h> | |
83cd6b75 | 12 | |
00229fe4 LP |
13 | #include "sd-login.h" |
14 | ||
15 | #include "login-util.h" | |
83cd6b75 KS |
16 | #include "logind-acl.h" |
17 | #include "udev.h" | |
18 | #include "util.h" | |
19 | ||
9ec6e95b | 20 | static int builtin_uaccess(struct udev_device *dev, int argc, char *argv[], bool test) { |
83cd6b75 KS |
21 | int r; |
22 | const char *path = NULL, *seat; | |
23 | bool changed_acl = false; | |
24 | uid_t uid; | |
25 | ||
83cd6b75 KS |
26 | umask(0022); |
27 | ||
28 | /* don't muck around with ACLs when the system is not running systemd */ | |
79d860fe | 29 | if (!logind_running()) |
83cd6b75 KS |
30 | return 0; |
31 | ||
32 | path = udev_device_get_devnode(dev); | |
33 | seat = udev_device_get_property_value(dev, "ID_SEAT"); | |
34 | if (!seat) | |
35 | seat = "seat0"; | |
36 | ||
37 | r = sd_seat_get_active(seat, NULL, &uid); | |
4c701096 | 38 | if (IN_SET(r, -ENXIO, -ENODATA)) { |
83cd6b75 KS |
39 | /* No active session on this seat */ |
40 | r = 0; | |
41 | goto finish; | |
42 | } else if (r < 0) { | |
43 | log_error("Failed to determine active user on seat %s.", seat); | |
44 | goto finish; | |
45 | } | |
46 | ||
47 | r = devnode_acl(path, true, false, 0, true, uid); | |
48 | if (r < 0) { | |
709f6e46 | 49 | log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, "Failed to apply ACL on %s: %m", path); |
83cd6b75 KS |
50 | goto finish; |
51 | } | |
52 | ||
53 | changed_acl = true; | |
54 | r = 0; | |
55 | ||
56 | finish: | |
57 | if (path && !changed_acl) { | |
58 | int k; | |
59 | ||
60 | /* Better be safe than sorry and reset ACL */ | |
61 | k = devnode_acl(path, true, false, 0, false, 0); | |
62 | if (k < 0) { | |
8dbf6265 | 63 | log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, k, "Failed to apply ACL on %s: %m", path); |
83cd6b75 KS |
64 | if (r >= 0) |
65 | r = k; | |
66 | } | |
67 | } | |
68 | ||
69 | return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; | |
70 | } | |
71 | ||
72 | const struct udev_builtin udev_builtin_uaccess = { | |
73 | .name = "uaccess", | |
74 | .cmd = builtin_uaccess, | |
5ac0162c | 75 | .help = "Manage device node user ACL", |
83cd6b75 | 76 | }; |