[acl/f14] add function acl_extended_file_nofollow() (#692982)
Kamil Dudka
kdudka at fedoraproject.org
Fri Jul 8 11:29:26 UTC 2011
commit e2156cb487aebab4c48f3cdbf78b816ef958d0e5
Author: Kamil Dudka <kdudka at redhat.com>
Date: Wed Apr 6 13:36:16 2011 +0200
add function acl_extended_file_nofollow() (#692982)
acl-2.2.49-bz692982.patch | 375 +++++++++++++++++++++++++++++++++++++++++++++
acl.spec | 5 +
2 files changed, 380 insertions(+), 0 deletions(-)
---
diff --git a/acl-2.2.49-bz692982.patch b/acl-2.2.49-bz692982.patch
new file mode 100644
index 0000000..0b5ef44
--- /dev/null
+++ b/acl-2.2.49-bz692982.patch
@@ -0,0 +1,375 @@
+From 6bf5e24d48077db58b389e90558100fc121b8134 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka at redhat.com>
+Date: Mon, 4 Apr 2011 12:43:39 +0200
+Subject: [PATCH 1/2] libacl: Add acl_extended_file_nofollow()
+
+This function calls lgetxattr() instead of getxattr(), which helps ls(1)
+to prevent unnecessary automatic mounts, which acl_extended_file()
+triggers. See the following bug report for more details:
+https://bugzilla.redhat.com/692982
+---
+ exports | 1 +
+ include/libacl.h | 1 +
+ libacl/Makefile | 3 +-
+ libacl/__acl_extended_file.c | 49 +++++++++++++++++++++++++++++++++++
+ libacl/__acl_extended_file.h | 4 +++
+ libacl/acl_extended_file.c | 20 ++------------
+ libacl/acl_extended_file_nofollow.c | 34 ++++++++++++++++++++++++
+ man/man3/acl_extended_file.3 | 11 +++++++-
+ man/man5/acl.5 | 1 +
+ 9 files changed, 105 insertions(+), 19 deletions(-)
+ create mode 100644 libacl/__acl_extended_file.c
+ create mode 100644 libacl/__acl_extended_file.h
+ create mode 100644 libacl/acl_extended_file_nofollow.c
+
+diff --git a/exports b/exports
+index ef02842..b368c22 100644
+--- a/exports
++++ b/exports
+@@ -82,4 +82,5 @@ ACL_1.1 {
+ # Linux specific extensions
+ perm_copy_fd;
+ perm_copy_file;
++ acl_extended_file_nofollow;
+ } ACL_1.0;
+diff --git a/include/libacl.h b/include/libacl.h
+index 41ec48e..d6a6650 100644
+--- a/include/libacl.h
++++ b/include/libacl.h
+@@ -59,6 +59,7 @@ extern int acl_check(acl_t acl, int *last);
+ extern acl_t acl_from_mode(mode_t mode);
+ extern int acl_equiv_mode(acl_t acl, mode_t *mode_p);
+ int acl_extended_file(const char *path_p);
++int acl_extended_file_nofollow(const char *path_p);
+ int acl_extended_fd(int fd);
+ extern int acl_entries(acl_t acl);
+ extern const char *acl_error(int code);
+diff --git a/libacl/Makefile b/libacl/Makefile
+index 1224b65..cfe3d3a 100644
+--- a/libacl/Makefile
++++ b/libacl/Makefile
+@@ -47,7 +47,8 @@ POSIX_CFILES = \
+
+ LIBACL_CFILES = \
+ acl_to_any_text.c acl_entries.c acl_check.c acl_error.c acl_cmp.c \
+- acl_extended_fd.c acl_extended_file.c acl_equiv_mode.c acl_from_mode.c
++ acl_extended_fd.c acl_extended_file.c acl_equiv_mode.c acl_from_mode.c \
++ acl_extended_file_nofollow.c __acl_extended_file.c
+
+ INTERNAL_CFILES = \
+ __acl_to_any_text.c __acl_to_xattr.c __acl_from_xattr.c \
+diff --git a/libacl/__acl_extended_file.c b/libacl/__acl_extended_file.c
+new file mode 100644
+index 0000000..629afe9
+--- /dev/null
++++ b/libacl/__acl_extended_file.c
+@@ -0,0 +1,49 @@
++/*
++ File: acl_extended_file.c
++
++ Copyright (C) 2000, 2011
++ Andreas Gruenbacher, <a.gruenbacher at bestbits.at>
++
++ This program is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with this library; if not, write to the Free Software
++ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
++*/
++
++#include <unistd.h>
++#include <attr/xattr.h>
++#include "libacl.h"
++
++#include "byteorder.h"
++#include "acl_ea.h"
++#include "__acl_extended_file.h"
++
++
++int
++__acl_extended_file(const char *path_p, getxattr_t fun)
++{
++ int base_size = sizeof(acl_ea_header) + 3 * sizeof(acl_ea_entry);
++ int retval;
++
++ retval = fun(path_p, ACL_EA_ACCESS, NULL, 0);
++ if (retval < 0 && errno != ENOATTR && errno != ENODATA)
++ return -1;
++ if (retval > base_size)
++ return 1;
++ retval = fun(path_p, ACL_EA_DEFAULT, NULL, 0);
++ if (retval < 0 && errno != ENOATTR && errno != ENODATA)
++ return -1;
++ if (retval >= base_size)
++ return 1;
++ return 0;
++}
++
+diff --git a/libacl/__acl_extended_file.h b/libacl/__acl_extended_file.h
+new file mode 100644
+index 0000000..f8881a1
+--- /dev/null
++++ b/libacl/__acl_extended_file.h
+@@ -0,0 +1,4 @@
++typedef ssize_t (*getxattr_t)(const char *, const char *, void *value,
++ size_t size);
++
++int __acl_extended_file(const char *path_p, getxattr_t fun);
+diff --git a/libacl/acl_extended_file.c b/libacl/acl_extended_file.c
+index d1cb85d..f417784 100644
+--- a/libacl/acl_extended_file.c
++++ b/libacl/acl_extended_file.c
+@@ -1,7 +1,7 @@
+ /*
+ File: acl_extended_file.c
+
+- Copyright (C) 2000
++ Copyright (C) 2011
+ Andreas Gruenbacher, <a.gruenbacher at bestbits.at>
+
+ This program is free software; you can redistribute it and/or
+@@ -23,26 +23,12 @@
+ #include <attr/xattr.h>
+ #include "libacl.h"
+
+-#include "byteorder.h"
+-#include "acl_ea.h"
++#include "__acl_extended_file.h"
+
+
+ int
+ acl_extended_file(const char *path_p)
+ {
+- int base_size = sizeof(acl_ea_header) + 3 * sizeof(acl_ea_entry);
+- int retval;
+-
+- retval = getxattr(path_p, ACL_EA_ACCESS, NULL, 0);
+- if (retval < 0 && errno != ENOATTR && errno != ENODATA)
+- return -1;
+- if (retval > base_size)
+- return 1;
+- retval = getxattr(path_p, ACL_EA_DEFAULT, NULL, 0);
+- if (retval < 0 && errno != ENOATTR && errno != ENODATA)
+- return -1;
+- if (retval >= base_size)
+- return 1;
+- return 0;
++ return __acl_extended_file(path_p, getxattr);
+ }
+
+diff --git a/libacl/acl_extended_file_nofollow.c b/libacl/acl_extended_file_nofollow.c
+new file mode 100644
+index 0000000..8f4711f
+--- /dev/null
++++ b/libacl/acl_extended_file_nofollow.c
+@@ -0,0 +1,34 @@
++/*
++ File: acl_extended_file.c
++
++ Copyright (C) 2011
++ Andreas Gruenbacher, <a.gruenbacher at bestbits.at>
++
++ This program is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with this library; if not, write to the Free Software
++ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
++*/
++
++#include <unistd.h>
++#include <attr/xattr.h>
++#include "libacl.h"
++
++#include "__acl_extended_file.h"
++
++
++int
++acl_extended_file_nofollow(const char *path_p)
++{
++ return __acl_extended_file(path_p, lgetxattr);
++}
++
+diff --git a/man/man3/acl_extended_file.3 b/man/man3/acl_extended_file.3
+index 0ca7e0f..1f04331 100644
+--- a/man/man3/acl_extended_file.3
++++ b/man/man3/acl_extended_file.3
+@@ -25,7 +25,7 @@
+ .Dt ACL_EXTENDED_FILE 3
+ .Os "Linux ACL"
+ .Sh NAME
+-.Nm acl_extended_file
++.Nm acl_extended_file, acl_extended_file_nofollow
+ .Nd test for information in ACLs by file name
+ .Sh LIBRARY
+ Linux Access Control Lists library (libacl, \-lacl).
+@@ -34,6 +34,8 @@ Linux Access Control Lists library (libacl, \-lacl).
+ .In acl/libacl.h
+ .Ft int
+ .Fn acl_extended_file "const char *path_p"
++.Ft int
++.Fn acl_extended_file_nofollow "const char *path_p"
+ .Sh DESCRIPTION
+ The
+ .Fn acl_extended_file
+@@ -61,6 +63,13 @@ mechanisms, such as Mandatory Access Control schemes. The
+ .Xr access 2
+ system call can be used to check whether a given type of access to a file
+ object would be granted.
++.Pp
++.Fn acl_extended_file_nofollow
++is identical to
++.Fn acl_extended_file ,
++except in the case of a symbolic link, where the link itself is interrogated,
++not the file that it refers to. Since symbolic links have no ACL themselves,
++the operation is supposed to fail on them.
+ .Sh RETURN VALUE
+ If successful, the
+ .Fn acl_extended_file
+diff --git a/man/man5/acl.5 b/man/man5/acl.5
+index 6b0f468..aec58aa 100644
+--- a/man/man5/acl.5
++++ b/man/man5/acl.5
+@@ -497,6 +497,7 @@ These non-portable extensions are available on Linux systems.
+ .Xr acl_error 3 ,
+ .Xr acl_extended_fd 3 ,
+ .Xr acl_extended_file 3 ,
++.Xr acl_extended_file_nofollow 3 ,
+ .Xr acl_from_mode 3 ,
+ .Xr acl_get_perm 3 ,
+ .Xr acl_to_any_text 3
+--
+1.7.4
+
+
+From ad4ca5aaee96e98b2e8e8a4351fa5e6c58d65216 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen at linbit.com>
+Date: Mon, 4 Apr 2011 17:18:38 +0200
+Subject: [PATCH 2/2] Minor fixes to the previous commit
+
+* Assign the new libacl version ACL_1.2 to acl_extended_file_nofollow
+ so that package managers will end up with the appropriate
+ dependencies.
+* Add a manpage entry for acl_extended_file_nofollow which sources
+ ("links to") the acl_extended_file manpage.
+* Remove the prototype for getxattr/lgetxattr.
+* Whitespace cleanups.
+---
+ exports | 7 ++++++-
+ libacl/__acl_extended_file.c | 7 ++++---
+ libacl/__acl_extended_file.h | 7 +++----
+ libacl/acl_extended_file_nofollow.c | 3 +--
+ man/man3/acl_extended_file.3 | 2 +-
+ man/man3/acl_extended_file_nofollow.3 | 1 +
+ 6 files changed, 16 insertions(+), 11 deletions(-)
+ create mode 100644 man/man3/acl_extended_file_nofollow.3
+
+diff --git a/exports b/exports
+index b368c22..7d8e69e 100644
+--- a/exports
++++ b/exports
+@@ -82,5 +82,10 @@ ACL_1.1 {
+ # Linux specific extensions
+ perm_copy_fd;
+ perm_copy_file;
+- acl_extended_file_nofollow;
+ } ACL_1.0;
++
++ACL_1.2 {
++ global:
++ # Linux specific extensions
++ acl_extended_file_nofollow;
++} ACL_1.1;
+diff --git a/libacl/__acl_extended_file.c b/libacl/__acl_extended_file.c
+index 629afe9..3e45abd 100644
+--- a/libacl/__acl_extended_file.c
++++ b/libacl/__acl_extended_file.c
+@@ -1,5 +1,5 @@
+ /*
+- File: acl_extended_file.c
++ File: __acl_extended_file.c
+
+ Copyright (C) 2000, 2011
+ Andreas Gruenbacher, <a.gruenbacher at bestbits.at>
+@@ -29,7 +29,9 @@
+
+
+ int
+-__acl_extended_file(const char *path_p, getxattr_t fun)
++__acl_extended_file(const char *path_p,
++ ssize_t (*fun)(const char *, const char *,
++ void *, size_t))
+ {
+ int base_size = sizeof(acl_ea_header) + 3 * sizeof(acl_ea_entry);
+ int retval;
+@@ -46,4 +48,3 @@ __acl_extended_file(const char *path_p, getxattr_t fun)
+ return 1;
+ return 0;
+ }
+-
+diff --git a/libacl/__acl_extended_file.h b/libacl/__acl_extended_file.h
+index f8881a1..0b0da9e 100644
+--- a/libacl/__acl_extended_file.h
++++ b/libacl/__acl_extended_file.h
+@@ -1,4 +1,3 @@
+-typedef ssize_t (*getxattr_t)(const char *, const char *, void *value,
+- size_t size);
+-
+-int __acl_extended_file(const char *path_p, getxattr_t fun);
++int __acl_extended_file(const char *path_p,
++ ssize_t (*)(const char *, const char *,
++ void *, size_t));
+diff --git a/libacl/acl_extended_file_nofollow.c b/libacl/acl_extended_file_nofollow.c
+index 8f4711f..c253e4d 100644
+--- a/libacl/acl_extended_file_nofollow.c
++++ b/libacl/acl_extended_file_nofollow.c
+@@ -1,5 +1,5 @@
+ /*
+- File: acl_extended_file.c
++ File: acl_extended_file_nofollow.c
+
+ Copyright (C) 2011
+ Andreas Gruenbacher, <a.gruenbacher at bestbits.at>
+@@ -31,4 +31,3 @@ acl_extended_file_nofollow(const char *path_p)
+ {
+ return __acl_extended_file(path_p, lgetxattr);
+ }
+-
+diff --git a/man/man3/acl_extended_file.3 b/man/man3/acl_extended_file.3
+index 1f04331..fdeef86 100644
+--- a/man/man3/acl_extended_file.3
++++ b/man/man3/acl_extended_file.3
+@@ -65,7 +65,7 @@ system call can be used to check whether a given type of access to a file
+ object would be granted.
+ .Pp
+ .Fn acl_extended_file_nofollow
+-is identical to
++is identical to
+ .Fn acl_extended_file ,
+ except in the case of a symbolic link, where the link itself is interrogated,
+ not the file that it refers to. Since symbolic links have no ACL themselves,
+diff --git a/man/man3/acl_extended_file_nofollow.3 b/man/man3/acl_extended_file_nofollow.3
+new file mode 100644
+index 0000000..44fc24f
+--- /dev/null
++++ b/man/man3/acl_extended_file_nofollow.3
+@@ -0,0 +1 @@
++.so man3/acl_extended_file.3
+--
+1.7.4
+
diff --git a/acl.spec b/acl.spec
index 9ff0fb8..102b4a7 100644
--- a/acl.spec
+++ b/acl.spec
@@ -26,6 +26,9 @@ Patch5: acl-2.2.49-setfacl-restore.patch
# fix typos in setfacl(1) man page (#675451)
Patch6: acl-2.2.49-bz675451.patch
+# add function acl_extended_file_nofollow() (#692982)
+Patch7: acl-2.2.49-bz692982.patch
+
License: GPLv2+
Group: System Environment/Base
URL: http://oss.sgi.com/projects/xfs/
@@ -65,6 +68,7 @@ defined in POSIX 1003.1e draft standard 17.
%patch4 -p1
%patch5 -p1
%patch6 -p1
+%patch7 -p1
%build
touch .census
@@ -140,6 +144,7 @@ rm -rf $RPM_BUILD_ROOT
%changelog
* Fri Jul 08 2011 Kamil Dudka <kdudka at redhat.com> 2.2.49-9
- fix typos in setfacl(1) man page (#675451)
+- add function acl_extended_file_nofollow() (#692982)
* Thu Jul 08 2010 Kamil Dudka <kdudka at redhat.com> 2.2.49-8
- remove dependency of libacl-devel on nfs-utils-lib and openldap
More information about the scm-commits
mailing list