int cg_set_task_access(const char *controller, const char *path, mode_t mode, uid_t uid, gid_t gid) { char *fs; int r; assert(controller); assert(path); if ((r = cg_get_path(controller, path, "tasks", &fs)) < 0) return r; r = chmod_and_chown(fs, mode, uid, gid); free(fs); return r; }
int cg_set_task_access(const char *controller, const char *path, mode_t mode, uid_t uid, gid_t gid, int sticky) { char *fs; int r; assert(controller); assert(path); if (mode == (mode_t) -1 && uid == (uid_t) -1 && gid == (gid_t) -1 && sticky < 0) return 0; if (mode != (mode_t) -1) mode &= 0666; r = cg_get_path(controller, path, "tasks", &fs); if (r < 0) return r; if (sticky >= 0 && mode != (mode_t) -1) /* Both mode and sticky param are passed */ mode |= (sticky ? S_ISVTX : 0); else if ((sticky >= 0 && mode == (mode_t) -1) || (mode != (mode_t) -1 && sticky < 0)) { struct stat st; /* Only one param is passed, hence read the current * mode from the file itself */ r = lstat(fs, &st); if (r < 0) { free(fs); return -errno; } if (mode == (mode_t) -1) /* No mode set, we just shall set the sticky bit */ mode = (st.st_mode & ~S_ISVTX) | (sticky ? S_ISVTX : 0); else /* Only mode set, leave sticky bit untouched */ mode = (st.st_mode & ~0777) | mode; } r = chmod_and_chown(fs, mode, uid, gid); free(fs); return r; }
int cg_set_group_access(const char *controller, const char *path, mode_t mode, uid_t uid, gid_t gid) { char *fs; int r; assert(controller); assert(path); if (mode != (mode_t) -1) mode &= 0777; r = cg_get_path(controller, path, NULL, &fs); if (r < 0) return r; r = chmod_and_chown(fs, mode, uid, gid); free(fs); return r; }
int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, mkdir_func_t _mkdir) { struct stat st; if (_mkdir(path, mode) >= 0) if (chmod_and_chown(path, mode, uid, gid) < 0) return -errno; if (lstat(path, &st) < 0) return -errno; if ((st.st_mode & 0007) > (mode & 0007) || (st.st_mode & 0070) > (mode & 0070) || (st.st_mode & 0700) > (mode & 0700) || (uid != UID_INVALID && st.st_uid != uid) || (gid != GID_INVALID && st.st_gid != gid) || !S_ISDIR(st.st_mode)) return -EEXIST; return 0; }
static int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, bool apply) { struct stat st; if (label_mkdir(path, mode, apply) >= 0) if (chmod_and_chown(path, mode, uid, gid) < 0) return -errno; if (lstat(path, &st) < 0) return -errno; if ((st.st_mode & 0777) != mode || st.st_uid != uid || st.st_gid != gid || !S_ISDIR(st.st_mode)) { errno = EEXIST; return -errno; } return 0; }
int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink, mkdir_func_t _mkdir) { struct stat st; int r; assert(_mkdir != mkdir); if (_mkdir(path, mode) >= 0) { r = chmod_and_chown(path, mode, uid, gid); if (r < 0) return r; } if (lstat(path, &st) < 0) return -errno; if (follow_symlink && S_ISLNK(st.st_mode)) { _cleanup_free_ char *p = NULL; r = chase_symlinks(path, NULL, CHASE_NONEXISTENT, &p); if (r < 0) return r; if (r == 0) return mkdir_safe_internal(p, mode, uid, gid, false, _mkdir); if (lstat(p, &st) < 0) return -errno; } if ((st.st_mode & 0007) > (mode & 0007) || (st.st_mode & 0070) > (mode & 0070) || (st.st_mode & 0700) > (mode & 0700) || (uid != UID_INVALID && st.st_uid != uid) || (gid != GID_INVALID && st.st_gid != gid) || !S_ISDIR(st.st_mode)) return -EEXIST; return 0; }