security/fortify
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 35 Wiki Activity

system/acl: do not fail gone revert target
All checks were successful
Test / Create distribution (push) Successful in 25s
Details
Test / Fortify (push) Successful in 2m20s
Details
Test / Data race detector (push) Successful in 3m3s
Details
Test / Flake checks (push) Successful in 46s
Details

Browse Source 
A removed file effectively already has its ACLs stripped, so failing this makes no sense. Still print a message to warn about it.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra 2025-02-25 01:11:05 +09:00
parent 65094b63cd
commit 1818dc3a4c
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
system/acl.go
View File

@ -1,7 +1,9 @@
package system
import (
"errors"
"fmt"
"os"
"slices"
"git.gensokyo.uk/security/fortify/acl"
@ -41,7 +43,13 @@ func (a *ACL) apply(sys *I) error {
func (a *ACL) revert(sys *I, ec *Criteria) error {
if ec.hasType(a) {
sys.println("stripping ACL", a)
return sys.wrapErrSuffix(acl.Update(a.path, sys.uid),
err := acl.Update(a.path, sys.uid)
if errors.Is(err, os.ErrNotExist) {
// the ACL is effectively stripped if the file no longer exists
sys.printf("target of ACL %s no longer exists", a)
err = nil
}
return sys.wrapErrSuffix(err,
fmt.Sprintf("cannot strip ACL entry from %q:", a.path))
} else {
sys.println("skipping ACL", a)