[udisks2/f17] Use libacl instead of calling out to setfacl(1) (#865801)
David Zeuthen
davidz at fedoraproject.org
Fri Oct 12 19:58:47 UTC 2012
commit 219d3e6e01daf7430f98d1083f9434734ee9965d
Author: David Zeuthen <zeuthen at gmail.com>
Date: Fri Oct 12 15:57:12 2012 -0400
Use libacl instead of calling out to setfacl(1) (#865801)
udisks-1.94.0-use-libacl.patch | 160 ++++++++++++++++++++++++++++++++++++++++
udisks2.spec | 24 ++++++-
2 files changed, 183 insertions(+), 1 deletions(-)
---
diff --git a/udisks-1.94.0-use-libacl.patch b/udisks-1.94.0-use-libacl.patch
new file mode 100644
index 0000000..bc1058b
--- /dev/null
+++ b/udisks-1.94.0-use-libacl.patch
@@ -0,0 +1,160 @@
+From 15250f35ff8770389cc579c304fbcac9beebc203 Mon Sep 17 00:00:00 2001
+From: David Zeuthen <davidz at redhat.com>
+Date: Fri, 20 Apr 2012 13:33:08 +0000
+Subject: Use libacl library instead of setfacl(1)
+
+https://bugs.freedesktop.org/show_bug.cgi?id=48842
+
+Signed-off-by: David Zeuthen <davidz at redhat.com>
+---
+diff --git a/configure.ac b/configure.ac
+index 63bd396..20c2042 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -71,6 +71,19 @@ if test "x$with_systemdsystemunitdir" != "xno"; then
+ fi
+ AM_CONDITIONAL(HAVE_SYSTEMD, [test -n "$systemdsystemunitdir"])
+
++# libacl
++AC_CHECK_HEADERS(
++ [sys/acl.h acl/libacl.h],
++ [ACL_CFLAGS=""],
++ AC_MSG_ERROR([*** ACL headers not found.]))
++AC_CHECK_LIB(
++ [acl],
++ [acl_get_file],
++ [ACL_LIBS="-lacl"],
++ AC_MSG_ERROR([*** libacl not found.]))
++AC_SUBST(ACL_CFLAGS)
++AC_SUBST(ACL_LIBS)
++
+ # Internationalization
+ #
+
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 250ed48..a3a5787 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -86,6 +86,7 @@ libudisks_daemon_la_CFLAGS = \
+ $(GUDEV_CFLAGS) \
+ $(LIBATASMART_CFLAGS) \
+ $(POLKIT_GOBJECT_1_CFLAGS) \
++ $(ACL_CFLAGS) \
+ $(NULL)
+
+ libudisks_daemon_la_LIBADD = \
+@@ -94,6 +95,7 @@ libudisks_daemon_la_LIBADD = \
+ $(GUDEV_LIBS) \
+ $(LIBATASMART_LIBS) \
+ $(POLKIT_GOBJECT_1_LIBS) \
++ $(ACL_LIBS) \
+ $(top_builddir)/udisks/libudisks2.la \
+ $(NULL)
+
+diff --git a/src/udiskslinuxfilesystem.c b/src/udiskslinuxfilesystem.c
+index 7c36f53..9dde4e4 100644
+--- a/src/udiskslinuxfilesystem.c
++++ b/src/udiskslinuxfilesystem.c
+@@ -29,6 +29,8 @@
+ #include <stdio.h>
+ #include <mntent.h>
+ #include <sys/types.h>
++#include <sys/acl.h>
++#include <errno.h>
+
+ #include <glib/gstdio.h>
+
+@@ -758,6 +760,42 @@ ensure_utf8 (const gchar *s)
+
+ /* ---------------------------------------------------------------------------------------------------- */
+
++static gboolean
++add_acl (const gchar *path,
++ uid_t uid,
++ GError **error)
++{
++ gboolean ret = FALSE;
++ acl_t acl = NULL;
++ acl_entry_t entry;
++ acl_permset_t permset;
++
++ acl = acl_get_file(path, ACL_TYPE_ACCESS);
++ if (acl == NULL ||
++ acl_create_entry (&acl, &entry) == -1 ||
++ acl_set_tag_type (entry, ACL_USER) == -1 ||
++ acl_set_qualifier (entry, &uid) == -1 ||
++ acl_get_permset (entry, &permset) == -1 ||
++ acl_add_perm (permset, ACL_READ|ACL_EXECUTE) == -1 ||
++ acl_calc_mask (&acl) == -1 ||
++ acl_set_file (path, ACL_TYPE_ACCESS, acl) == -1)
++ {
++ g_set_error (error,
++ G_IO_ERROR,
++ g_io_error_from_errno (errno),
++ "Adding read ACL for uid %d to `%s' failed: %m",
++ (gint) uid, path);
++ goto out;
++ }
++
++ ret = TRUE;
++
++ out:
++ if (acl != NULL)
++ acl_free (acl);
++ return ret;
++}
++
+ /*
+ * calculate_mount_point: <internal>
+ * @block: A #UDisksBlock.
+@@ -803,9 +841,6 @@ calculate_mount_point (UDisksBlock *block,
+ mount_dir = g_strdup_printf ("/run/media/%s", user_name);
+ if (!g_file_test (mount_dir, G_FILE_TEST_EXISTS))
+ {
+- gchar *stderr_txt;
+- gint exit_status;
+-
+ /* First ensure that /run/media exists */
+ if (!g_file_test ("/run/media", G_FILE_TEST_EXISTS))
+ {
+@@ -828,36 +863,13 @@ calculate_mount_point (UDisksBlock *block,
+ mount_dir);
+ goto out;
+ }
+- /* Then set the ACL such that only $USER can actually access it */
+- escaped_user_name = udisks_daemon_util_escape (user_name);;
+- s = g_strdup_printf ("setfacl -m \"u:%s:rx\" \"%s\"",
+- escaped_user_name,
+- mount_dir);
+- if (!g_spawn_command_line_sync (s,
+- NULL, /* stdout_txt */
+- &stderr_txt,
+- &exit_status,
+- error))
++ /* Finally, add the read+execute ACL for $USER */
++ if (!add_acl (mount_dir, uid, error))
+ {
+- g_free (s);
+- if (rmdir (mount_dir) != 0)
+- udisks_warning ("Error calling rmdir() on %s: %m", mount_dir);
+- goto out;
+- }
+- if (!(WIFEXITED (exit_status) && WEXITSTATUS (exit_status) == 0))
+- {
+- g_set_error (error,
+- UDISKS_ERROR,
+- UDISKS_ERROR_FAILED,
+- "Command-line `%s' didn't exit normally: %s", s, stderr_txt);
+- g_free (stderr_txt);
+- g_free (s);
+ if (rmdir (mount_dir) != 0)
+ udisks_warning ("Error calling rmdir() on %s: %m", mount_dir);
+ goto out;
+ }
+- g_free (stderr_txt);
+- g_free (s);
+ }
+ }
+ /* otherwise fall back to mounting in /media */
+--
+cgit v0.9.0.2-2-gbebe
diff --git a/udisks2.spec b/udisks2.spec
index 2db169b..ca396b0 100644
--- a/udisks2.spec
+++ b/udisks2.spec
@@ -5,10 +5,15 @@
%define libatasmart_version 0.12
%define dbus_version 1.4.0
+# Only enable if using patches that touches configure.ac,
+# Makefile.am or other build system related files
+#
+%define enable_autoreconf 1
+
Summary: Disk Manager
Name: udisks2
Version: 1.94.0
-Release: 8%{?dist}
+Release: 9%{?dist}
License: GPLv2+
Group: System Environment/Libraries
URL: http://www.freedesktop.org/wiki/Software/udisks
@@ -21,6 +26,7 @@ BuildRequires: libatasmart-devel >= %{libatasmart_version}
BuildRequires: libgudev1-devel >= %{udev_version}
BuildRequires: gtk-doc
BuildRequires: systemd-devel
+BuildRequires: libacl-devel
# needed to pull in the system bus daemon
Requires: dbus >= %{dbus_version}
# needed to pull in the udev daemon
@@ -53,6 +59,12 @@ Requires: eject
# for /proc/self/mountinfo, only available in 2.6.26 or higher
Conflicts: kernel < 2.6.26
+%if 0%{?enable_autoreconf}
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: libtool
+%endif
+
Patch0: udisks-1.97.0-Add-work-around-to-show-FS-on-CDs-USB-sticks-created.patch
Patch1: udisks-1.97-Also-check-for-target-is-busy-when-checking-umount-8.patch
# https://bugs.freedesktop.org/show_bug.cgi?id=49842
@@ -63,6 +75,9 @@ Patch3: udisks-1.97.0-If-a-block-device-has-ID_PATH-set-consider-it-to-be-a-driv
# https://bugzilla.redhat.com/show_bug.cgi?id=838691
Patch4: udisks-1.99.0-Black-list-seemingly-invalid-WWN-for-SAMSUNG-SP1604N.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=865801
+Patch5: udisks-1.94.0-use-libacl.patch
+
%description
udisks provides a daemon, D-Bus API and command line tools for
managing disks and storage devices. This package is for the udisks 2.x
@@ -97,8 +112,12 @@ daemon. This package is for the udisks 2.x series.
%patch2 -p1
%patch3 -p1
%patch4 -p1
+%patch5 -p1
%build
+%if 0%{?enable_autoreconf}
+autoreconf
+%endif
%configure --enable-gtk-doc
make
@@ -154,6 +173,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
# Note: please don't forget the %{?dist} in the changelog. Thanks
%changelog
+* Fri Oct 12 2012 David Zeuthen <davidz at redhat.com> - 1.94.0-9%{?dist}
+- Use libacl instead of calling out to setfacl(1) (#865801)
+
* Tue Jul 10 2012 David Zeuthen <davidz at redhat.com> - 1.94.0-8%{?dist}
- Avoid using non-unique WWN for Samsung drives (#838691)
More information about the scm-commits
mailing list