diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml
index 7c1ef42c20..ee33afcf6b 100644
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@@ -273,7 +273,7 @@
Adjust the access mode, group and user, and
restore the SELinux security context of a file or directory,
if it exists. Lines of this type accept shell-style globs in
- place of normal path names.
+ place of normal path names.
@@ -288,16 +288,35 @@
t
- Set extended attributes on the specified
- path. This can be useful for setting SMACK labels.
+ Set extended attributes. Lines of this type
+ accept shell-style globs in place of normal path names.
+ This can be useful for setting SMACK labels.
+
+
+
+
+ T
+ Recursively set extended attributes. Lines
+ of this type accept shell-style globs in place of normal
+ path names. This can be useful for setting SMACK labels.
a
- Set POSIX ACLs (access control lists) on the
- specified path. This can be useful for allowing aditional
- access to certain files.
+ Set POSIX ACLs (access control lists).
+ Lines of this type accept shell-style globs in
+ place of normal path names. This can be useful for
+ allowing additional access to certain files.
+
+
+
+
+ A
+ Recursively set POSIX ACLs. Lines of this
+ type accept shell-style globs in place of normal path
+ names. This can be useful for allowing additional access to
+ certain files.
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index d563989790..44a087807e 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -76,10 +76,12 @@ typedef enum ItemType {
CREATE_CHAR_DEVICE = 'c',
CREATE_BLOCK_DEVICE = 'b',
COPY_FILES = 'C',
- SET_XATTR = 't',
- SET_ACL = 'a',
/* These ones take globs */
+ SET_XATTR = 't',
+ RECURSIVE_SET_XATTR = 'T',
+ SET_ACL = 'a',
+ RECURSIVE_SET_ACL = 'A',
WRITE_FILE = 'w',
IGNORE_PATH = 'x',
IGNORE_DIRECTORY_PATH = 'X',
@@ -151,7 +153,11 @@ static bool needs_glob(ItemType t) {
RECURSIVE_REMOVE_PATH,
ADJUST_MODE,
RELABEL_PATH,
- RECURSIVE_RELABEL_PATH);
+ RECURSIVE_RELABEL_PATH,
+ SET_XATTR,
+ RECURSIVE_SET_XATTR,
+ SET_ACL,
+ RECURSIVE_SET_ACL);
}
static bool takes_ownership(ItemType t) {
@@ -486,7 +492,7 @@ finish:
return r;
}
-static int item_set_perms(Item *i, const char *path) {
+static int path_set_perms(Item *i, const char *path) {
struct stat st;
bool st_valid;
@@ -568,7 +574,7 @@ static int get_xattrs_from_arg(Item *i) {
return r;
}
-static int item_set_xattrs(Item *i, const char *path) {
+static int path_set_xattrs(Item *i, const char *path) {
char **name, **value;
assert(i);
@@ -605,7 +611,7 @@ static int get_acls_from_arg(Item *item) {
return 0;
}
-static int item_set_acl(Item *item, const char *path) {
+static int path_set_acls(Item *item, const char *path) {
#ifdef HAVE_ACL
int r;
@@ -693,7 +699,7 @@ static int write_one_file(Item *i, const char *path) {
return -EEXIST;
}
- r = item_set_perms(i, path);
+ r = path_set_perms(i, path);
if (r < 0)
return r;
@@ -817,7 +823,7 @@ static int create_item(Item *i) {
}
}
- r = item_set_perms(i, i->path);
+ r = path_set_perms(i, i->path);
if (r < 0)
return r;
@@ -861,7 +867,7 @@ static int create_item(Item *i) {
}
}
- r = item_set_perms(i, i->path);
+ r = path_set_perms(i, i->path);
if (r < 0)
return r;
@@ -901,7 +907,7 @@ static int create_item(Item *i) {
}
}
- r = item_set_perms(i, i->path);
+ r = path_set_perms(i, i->path);
if (r < 0)
return r;
@@ -992,7 +998,7 @@ static int create_item(Item *i) {
}
}
- r = item_set_perms(i, i->path);
+ r = path_set_perms(i, i->path);
if (r < 0)
return r;
@@ -1001,29 +1007,40 @@ static int create_item(Item *i) {
case ADJUST_MODE:
case RELABEL_PATH:
-
- r = glob_item(i, item_set_perms, false);
+ r = glob_item(i, path_set_perms, false);
if (r < 0)
return r;
break;
case RECURSIVE_RELABEL_PATH:
-
- r = glob_item(i, item_set_perms, true);
+ r = glob_item(i, path_set_perms, true);
if (r < 0)
return r;
break;
case SET_XATTR:
- r = item_set_xattrs(i, i->path);
+ r = glob_item(i, path_set_xattrs, false);
+ if (r < 0)
+ return r;
+ break;
+
+ case RECURSIVE_SET_XATTR:
+ r = glob_item(i, path_set_xattrs, true);
if (r < 0)
return r;
break;
case SET_ACL:
- r = item_set_acl(i, i->path);
+ r = glob_item(i, path_set_acls, false);
if (r < 0)
return r;
+ break;
+
+ case RECURSIVE_SET_ACL:
+ r = glob_item(i, path_set_acls, true);
+ if (r < 0)
+ return r;
+ break;
}
log_debug("%s created successfully.", i->path);
@@ -1054,7 +1071,9 @@ static int remove_item_instance(Item *i, const char *instance) {
case WRITE_FILE:
case COPY_FILES:
case SET_XATTR:
+ case RECURSIVE_SET_XATTR:
case SET_ACL:
+ case RECURSIVE_SET_ACL:
break;
case REMOVE_PATH:
@@ -1100,7 +1119,9 @@ static int remove_item(Item *i) {
case WRITE_FILE:
case COPY_FILES:
case SET_XATTR:
+ case RECURSIVE_SET_XATTR:
case SET_ACL:
+ case RECURSIVE_SET_ACL:
break;
case REMOVE_PATH:
@@ -1444,6 +1465,7 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) {
}
case SET_XATTR:
+ case RECURSIVE_SET_XATTR:
if (!i.argument) {
log_error("[%s:%u] Set extended attribute requires argument.", fname, line);
return -EBADMSG;
@@ -1454,6 +1476,7 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) {
break;
case SET_ACL:
+ case RECURSIVE_SET_ACL:
if (!i.argument) {
log_error("[%s:%u] Set ACLs requires argument.", fname, line);
return -EBADMSG;