virfile: Introduce ACL helpers

Namely, virFileGetACLs, virFileSetACLs, virFileFreeACLs and virFileCopyACLs. These functions are going to be required when we are creating /dev for qemu. We have copy anything that's in host's /dev exactly as is. Including ACLs. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2025-02-21 19:02:25 +00:00 · 2016-11-22 11:14:08 +01:00 · 2016-11-22 11:14:08 +01:00 · 654b4d48bc
commit 654b4d48bc
parent 1a7c9a5d50
6 changed files with 109 additions and 3 deletions
--- a/config-post.h
+++ b/config-post.h
@ -30,6 +30,7 @@
 # undef HAVE_LIBNL
 # undef HAVE_LIBNL3
 # undef HAVE_LIBSASL2
+# undef HAVE_SYS_ACL_H
 # undef WITH_CAPNG
 # undef WITH_CURL
 # undef WITH_DBUS
@ -56,6 +57,7 @@
 # undef HAVE_LIBNL
 # undef HAVE_LIBNL3
 # undef HAVE_LIBSASL2
+# undef HAVE_SYS_ACL_H
 # undef WITH_CAPNG
 # undef WITH_CURL
 # undef WITH_DTRACE_PROBES
--- a/configure.ac
+++ b/configure.ac
@ -313,11 +313,19 @@ dnl Availability of various common headers (non-fatal if missing).
 AC_CHECK_HEADERS([pwd.h regex.h sys/un.h \
  sys/poll.h syslog.h mntent.h net/ethernet.h linux/magic.h \
  sys/un.h sys/syscall.h sys/sysctl.h netinet/tcp.h ifaddrs.h \
-  libtasn1.h sys/ucred.h sys/mount.h])
+  libtasn1.h sys/ucred.h sys/mount.h sys/acl.h])
 dnl Check whether endian provides handy macros.
 AC_CHECK_DECLS([htole64], [], [], [[#include <endian.h>]])
 AC_CHECK_FUNCS([stat stat64 __xstat __xstat64 lstat lstat64 __lxstat __lxstat64])

+ACL_CFLAGS=""
+ACL_LIBS=""
+if test "x$ac_cv_header_sys_acl_h" = "xyes" ; then
+    ACL_LIBS="-lacl"
+fi
+AC_SUBST([ACL_CFLAGS])
+AC_SUBST([ACL_LIBS])
+
 dnl We need to decide at configure time if libvirt will use real atomic
 dnl operations ("lock free") or emulated ones with a mutex.

--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -1127,12 +1127,12 @@ libvirt_util_la_SOURCES =					\
 libvirt_util_la_CFLAGS = $(CAPNG_CFLAGS) $(YAJL_CFLAGS) $(LIBNL_CFLAGS) \
 		$(AM_CFLAGS) $(AUDIT_CFLAGS) $(DEVMAPPER_CFLAGS) \
 		$(DBUS_CFLAGS) $(LDEXP_LIBM) $(NUMACTL_CFLAGS)	\
-		$(POLKIT_CFLAGS) $(GNUTLS_CFLAGS) \
+		$(POLKIT_CFLAGS) $(GNUTLS_CFLAGS) $(ACL_CFLAGS) \
 		-I$(srcdir)/conf
 libvirt_util_la_LIBADD = $(CAPNG_LIBS) $(YAJL_LIBS) $(LIBNL_LIBS) \
 		$(THREAD_LIBS) $(AUDIT_LIBS) $(DEVMAPPER_LIBS) \
 		$(LIB_CLOCK_GETTIME) $(DBUS_LIBS) $(MSCOM_LIBS) $(LIBXML_LIBS) \
-		$(SECDRIVER_LIBS) $(NUMACTL_LIBS) \
+		$(SECDRIVER_LIBS) $(NUMACTL_LIBS) $(ACL_LIBS) \
 		$(POLKIT_LIBS)


--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@ -1559,6 +1559,7 @@ virFileActivateDirOverride;
 virFileBindMountDevice;
 virFileBuildPath;
 virFileClose;
+virFileCopyACLs;
 virFileDeleteTree;
 virFileDirectFdFlag;
 virFileExists;
@ -1568,6 +1569,8 @@ virFileFindHugeTLBFS;
 virFileFindMountPoint;
 virFileFindResource;
 virFileFindResourceFull;
+virFileFreeACLs;
+virFileGetACLs;
 virFileGetHugepageSize;
 virFileGetMountReverseSubtree;
 virFileGetMountSubtree;
@ -1604,6 +1607,7 @@ virFileResolveLink;
 virFileRewrite;
 virFileRewriteStr;
 virFileSanitizePath;
+virFileSetACLs;
 virFileSetupDev;
 virFileSkipRoot;
 virFileStripSuffix;
--- a/src/util/virfile.c
+++ b/src/util/virfile.c
@ -48,6 +48,9 @@
 #if HAVE_SYS_SYSCALL_H
 # include <sys/syscall.h>
 #endif
+#if HAVE_SYS_ACL_H
+# include <sys/acl.h>
+#endif

 #ifdef __linux__
 # if HAVE_LINUX_MAGIC_H
@ -3629,3 +3632,81 @@ virFileBindMountDevice(const char *src ATTRIBUTE_UNUSED,
    return -1;
 }
 #endif /* !defined(HAVE_SYS_MOUNT_H) */
+
+
+#if defined(HAVE_SYS_ACL_H)
+int
+virFileGetACLs(const char *file,
+               void **acl)
+{
+    if (!(*acl = acl_get_file(file, ACL_TYPE_ACCESS)))
+        return -1;
+
+    return 0;
+}
+
+
+int
+virFileSetACLs(const char *file,
+               void *acl)
+{
+    if (acl_set_file(file, ACL_TYPE_ACCESS, acl) < 0)
+        return -1;
+
+    return 0;
+}
+
+
+void
+virFileFreeACLs(void **acl)
+{
+    acl_free(*acl);
+    *acl = NULL;
+}
+
+#else /* !defined(HAVE_SYS_ACL_H) */
+
+int
+virFileGetACLs(const char *file ATTRIBUTE_UNUSED,
+               void **acl ATTRIBUTE_UNUSED)
+{
+    errno = ENOTSUP;
+    return -1;
+}
+
+
+int
+virFileSetACLs(const char *file ATTRIBUTE_UNUSED,
+               void *acl ATTRIBUTE_UNUSED)
+{
+    errno = ENOTSUP;
+    return -1;
+}
+
+
+void
+virFileFreeACLs(void **acl)
+{
+    *acl = NULL;
+}
+
+#endif /* !defined(HAVE_SYS_ACL_H) */
+
+int
+virFileCopyACLs(const char *src,
+                const char *dst)
+{
+    void *acl = NULL;
+    int ret = -1;
+
+    if (virFileGetACLs(src, &acl) < 0)
+        return ret;
+
+    if (virFileSetACLs(dst, acl) < 0)
+        goto cleanup;
+
+    ret = 0;
+ cleanup:
+    virFileFreeACLs(&acl);
+    return ret;
+}
--- a/src/util/virfile.h
+++ b/src/util/virfile.h
@ -317,4 +317,15 @@ int virFileSetupDev(const char *path,

 int virFileBindMountDevice(const char *src,
                           const char *dst);
+
+int virFileGetACLs(const char *file,
+                   void **acl);
+
+int virFileSetACLs(const char *file,
+                   void *acl);
+
+void virFileFreeACLs(void **acl);
+
+int virFileCopyACLs(const char *src,
+                    const char *dst);
 #endif /* __VIR_FILE_H */