Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'origin/pr/141'

Browse Source 
* origin/pr/141:
  is_protected_file: if no config dir is present, assume the file is _not_ protected
  /rw/config
  Fix logic bug.
  Allow per-VM protected file list
This commit is contained in:
Marek Marczykowski-Górecki 2018-12-06 17:28:45 +01:00
commit 8216e40007
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
init/functions
View File

@ -2,6 +2,7 @@
# Location of files which contains list of protected files # Location of files which contains list of protected files
PROTECTED_FILE_LIST='/etc/qubes/protected-files.d' PROTECTED_FILE_LIST='/etc/qubes/protected-files.d'
PER_VM_PROTECTED_FILE_LIST='/rw/config/protected-files.d'
qsvc() { qsvc() {
# Returns whether a service is enabled. # Returns whether a service is enabled.
@ -100,7 +101,16 @@ reload_random_seed() {
} }
is_protected_file() { is_protected_file() {
grep -Fxrq --exclude='*.rpmsave' --exclude='*~' --exclude='*.rpmnew' --exclude='*.rpmold' -- "${1}" "$PROTECTED_FILE_LIST" 2>/dev/null local ret=1
local pfilelist
for pfilelist in "$PROTECTED_FILE_LIST" "$PER_VM_PROTECTED_FILE_LIST" ; do
if test -d "$pfilelist" ; then
# If this succeeds, we return immediately to the caller.
# If not, we let the loop continue.
grep -Fxrq --exclude='*.rpmsave' --exclude='*~' --exclude='*.rpmnew' --exclude='*.rpmold' -- "${1}" "$pfilelist" 2>/dev/null && return 0 || ret="$?"
fi
done
return "$ret"
} }
umount_retry() { umount_retry() {