]>
Commit | Line | Data |
---|---|---|
39d1dc12 EK |
1 | Description: Do not set default acls when --acls flag is used |
2 | Origin: http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7fe7adcbb985e78aaf9f78051fa26167779be1f6 | |
3 | Forwarded: not-needed | |
4 | Author: Pavel Raiskup <praiskup@redhat.com> | |
5 | Bug-Upstream: http://www.mail-archive.com/bug-tar@gnu.org/msg04355.html | |
6 | Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819978 | |
7 | Bug-PVE: https://bugzilla.proxmox.com/show_bug.cgi?id=928 | |
8 | ||
9 | acls: bugfix for default ACLs extraction | |
10 | ||
11 | When --acls option is on (regardless of tarball contents or | |
12 | tarball format), we should explicitly set OR delete default ACLs | |
13 | for extracted directories. Prior to this update, we always | |
14 | created arbitrary default ACLs based standard file permissions. | |
15 | ||
16 | * configure.ac (with_posix_acls): Check also for acl_free and | |
17 | acl_delete_def_file to mark IEEE 1003.1e ACLs as supported. | |
18 | * src/xattrs.c (acl_delete_def_file_at): New function. | |
19 | (xattrs__acls_set): Do not treat acls_option at all; Delete | |
20 | default ACLs if appropriate. | |
21 | ||
22 | References: | |
23 | http://www.mail-archive.com/bug-tar@gnu.org/msg04355.html | |
24 | Thanks: Juan J. MartÃnez and Mark Steinborn | |
25 | ||
26 | diff --git a/configure.ac b/configure.ac | |
27 | index 08bed2b..d393876 100644 | |
28 | --- a/configure.ac | |
29 | +++ b/configure.ac | |
30 | @@ -74,7 +74,8 @@ AC_ARG_WITH([posix-acls], | |
31 | if test "x$with_posix_acls" != "xno"; then | |
32 | AC_CHECK_HEADERS(sys/acl.h,, [with_posix_acls=no]) | |
33 | for tar_acl_func in acl_get_file acl_get_fd acl_set_file acl_set_fd \ | |
34 | - acl_to_text acl_from_text; do \ | |
35 | + acl_to_text acl_from_text acl_delete_def_file \ | |
36 | + acl_free; do \ | |
37 | test "x$with_posix_acls" = xno && break | |
38 | AC_SEARCH_LIBS([$tar_acl_func], [acl pacl], [], [with_posix_acls=no]) | |
39 | done | |
40 | diff --git a/src/xattrs.c b/src/xattrs.c | |
41 | index dbaa209..307ee38 100644 | |
42 | --- a/src/xattrs.c | |
43 | +++ b/src/xattrs.c | |
44 | @@ -61,6 +61,7 @@ static struct | |
45 | static acl_t acl_get_file_at (int, const char *, acl_type_t); | |
46 | static int acl_set_file_at (int, const char *, acl_type_t, acl_t); | |
47 | static int file_has_acl_at (int, char const *, struct stat const *); | |
48 | +static int acl_delete_def_file_at (int, char const *); | |
49 | ||
50 | /* acl_get_file_at */ | |
51 | #define AT_FUNC_NAME acl_get_file_at | |
52 | @@ -88,6 +89,17 @@ static int file_has_acl_at (int, char const *, struct stat const *); | |
53 | #undef AT_FUNC_POST_FILE_PARAM_DECLS | |
54 | #undef AT_FUNC_POST_FILE_ARGS | |
55 | ||
56 | +/* acl_delete_def_file_at */ | |
57 | +#define AT_FUNC_NAME acl_delete_def_file_at | |
58 | +#define AT_FUNC_F1 acl_delete_def_file | |
59 | +#define AT_FUNC_POST_FILE_PARAM_DECLS | |
60 | +#define AT_FUNC_POST_FILE_ARGS | |
61 | +#include "at-func.c" | |
62 | +#undef AT_FUNC_NAME | |
63 | +#undef AT_FUNC_F1 | |
64 | +#undef AT_FUNC_POST_FILE_PARAM_DECLS | |
65 | +#undef AT_FUNC_POST_FILE_ARGS | |
66 | + | |
67 | /* gnulib file_has_acl_at */ | |
68 | #define AT_FUNC_NAME file_has_acl_at | |
69 | #define AT_FUNC_F1 file_has_acl | |
70 | @@ -187,7 +199,8 @@ fixup_extra_acl_fields (char *ptr) | |
71 | return ptr; | |
72 | } | |
73 | ||
74 | -/* "system.posix_acl_access" */ | |
75 | +/* Set the "system.posix_acl_access/system.posix_acl_default" extended | |
76 | + attribute. Called only when acls_option > 0. */ | |
77 | static void | |
78 | xattrs__acls_set (struct tar_stat_info const *st, | |
79 | char const *file_name, int type, | |
80 | @@ -199,15 +212,23 @@ xattrs__acls_set (struct tar_stat_info const *st, | |
81 | { | |
82 | /* assert (strlen (ptr) == len); */ | |
83 | ptr = fixup_extra_acl_fields (ptr); | |
84 | - | |
85 | acl = acl_from_text (ptr); | |
86 | - acls_option = 1; | |
87 | } | |
88 | - else if (acls_option > 0) | |
89 | - acl = perms2acl (st->stat.st_mode); | |
90 | + else if (def) | |
91 | + { | |
92 | + /* No "default" IEEE 1003.1e ACL set for directory. At this moment, | |
93 | + FILE_NAME may already have inherited default acls from parent | |
94 | + directory; clean them up. */ | |
95 | + if (acl_delete_def_file_at (chdir_fd, file_name)) | |
96 | + WARNOPT (WARN_XATTR_WRITE, | |
97 | + (0, errno, | |
98 | + _("acl_delete_def_file_at: Cannot drop default POSIX ACLs " | |
99 | + "for file '%s'"), | |
100 | + file_name)); | |
101 | + return; | |
102 | + } | |
103 | else | |
104 | - return; /* don't call acl functions unless we first hit an ACL, or | |
105 | - --acls was passed explicitly */ | |
106 | + acl = perms2acl (st->stat.st_mode); | |
107 | ||
108 | if (!acl) | |
109 | { |