richardphibel / rpms / systemd

Forked from rpms/systemd 2 years ago
Clone
Source Code
GIT

Blame SOURCES/0850-acl-util-only-set-the-mask-if-not-present.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-atomic-beta c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   eb68537edcd4d5d50cfb5ae34eb943128851adb5
  2.   SOURCES
  3.   0850-acl-util-only-set-the-mask-if-not-present.patch
Blob History Raw
eb6853 
From cedab11bf07cdb5275ac12104d4dad6debbedce4 Mon Sep 17 00:00:00 2001
eb6853 
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
eb6853 
Date: Sat, 28 Nov 2015 18:41:08 -0500
eb6853 
Subject: [PATCH] acl-util: only set the mask if not present
eb6853 
MIME-Version: 1.0
eb6853 
Content-Type: text/plain; charset=UTF-8
eb6853 
Content-Transfer-Encoding: 8bit
eb6853
eb6853 
When we have non-owner user or group entries, we need the mask
eb6853 
for the acl to be valid. But acl_calc_mask() calculates the mask
eb6853 
to include all permissions, even those that were masked before.
eb6853 
Apparently this happens when we inherit *:r-x permissions from
eb6853 
a parent directory — the kernel sets *:r-x, mask:r--, effectively
eb6853 
masking the executable bit. acl_calc_mask() would set the mask:r-x,
eb6853 
effectively enabling the bit. To avoid this, be more conservative when
eb6853 
to add the mask entry: first iterate over all entries, and do nothing
eb6853 
if a mask.
eb6853
eb6853 
This returns the code closer to J.A.Steffens' original version
eb6853 
in v204-90-g23ad4dd884.
eb6853
eb6853 
Should fix https://github.com/systemd/systemd/issues/1977.
eb6853
eb6853 
(cherry picked from commit 6debb3982612b1fce9b2dd878bad07fe5ae9c0a9)
eb6853
eb6853 
Resolves: #2026361
eb6853 
---
eb6853 
 src/shared/acl-util.c | 14 +++++++-------
eb6853 
 1 file changed, 7 insertions(+), 7 deletions(-)
eb6853
eb6853 
diff --git a/src/shared/acl-util.c b/src/shared/acl-util.c
eb6853 
index d18a02f503..ec08661167 100644
eb6853 
--- a/src/shared/acl-util.c
eb6853 
+++ b/src/shared/acl-util.c
eb6853 
@@ -69,6 +69,7 @@ int acl_find_uid(acl_t acl, uid_t uid, acl_entry_t *entry) {
eb6853 
 int calc_acl_mask_if_needed(acl_t *acl_p) {
eb6853 
         acl_entry_t i;
eb6853 
         int r;
eb6853 
+        bool need = false;
eb6853
eb6853 
         assert(acl_p);
eb6853
eb6853 
@@ -83,17 +84,16 @@ int calc_acl_mask_if_needed(acl_t *acl_p) {
eb6853 
                 if (tag == ACL_MASK)
eb6853 
                         return 0;
eb6853
eb6853 
-                if (IN_SET(tag, ACL_USER, ACL_GROUP)) {
eb6853 
-                        if (acl_calc_mask(acl_p) < 0)
eb6853 
-                                return -errno;
eb6853 
-
eb6853 
-                        return 1;
eb6853 
-                }
eb6853 
+                if (IN_SET(tag, ACL_USER, ACL_GROUP))
eb6853 
+                        need = true;
eb6853 
         }
eb6853 
         if (r < 0)
eb6853 
                 return -errno;
eb6853
eb6853 
-        return 0;
eb6853 
+        if (need && acl_calc_mask(acl_p) < 0)
eb6853 
+                return -errno;
eb6853 
+
eb6853 
+        return need;
eb6853 
 }
eb6853
eb6853 
 int add_base_acls_if_needed(acl_t *acl_p, const char *path) {

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation