diff options
| author | Timo Teräs <timo.teras@iki.fi> | 2012-02-23 15:05:06 +0200 |
|---|---|---|
| committer | Timo Teräs <timo.teras@iki.fi> | 2012-02-23 15:05:06 +0200 |
| commit | ba3ee3f86396f05123f732da7c7879c8ed016c9d (patch) | |
| tree | 4523614e903b40915c699a6ca6c3644dd0650618 /src/apk_database.h | |
| parent | a1d16c5d5d0cb86773346cda85b93c44ef876218 (diff) | |
| download | apk-tools-ba3ee3f86396f05123f732da7c7879c8ed016c9d.tar.gz apk-tools-ba3ee3f86396f05123f732da7c7879c8ed016c9d.tar.bz2 apk-tools-ba3ee3f86396f05123f732da7c7879c8ed016c9d.tar.xz apk-tools-ba3ee3f86396f05123f732da7c7879c8ed016c9d.zip | |
audit, db: add etc/apk/protected_files.d and new audit features
fixes #607.
audit is now mostly rewritten for the new functionality. And
has new features like --check-permissions, --recursive and
--packages.
$ROOT/etc/apk/protected_files.d/*.list can now contain additional
protected paths, one path per line:
+etc
@etc/init.d
-tmp
+ will include the directory as protected configuration directory.
@ considers the directory protected, but will backup only symlinks.
- removes any protection
lbu should be modified to put include and exclude paths in
etc/apk/protected_files.d/lbu.list. Additionally, some packages
might provide their own listings.
E.g. ssh might want to provide ssh.list with something like:
+root/.ssh
+home/*/.ssh
Diffstat (limited to 'src/apk_database.h')
| -rw-r--r-- | src/apk_database.h | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/src/apk_database.h b/src/apk_database.h index 177f18f..c9e1634 100644 --- a/src/apk_database.h +++ b/src/apk_database.h @@ -38,22 +38,32 @@ struct apk_db_file { char name[]; }; -#define APK_DBDIRF_PROTECTED 0x01 -#define APK_DBDIRF_SYMLINKS_ONLY 0x02 -#define APK_DBDIRF_MODIFIED 0x04 -#define APK_DBDIRF_RECALC_MODE 0x08 +struct apk_protected_path { + char *relative_pattern; + unsigned protected : 1; + unsigned symlinks_only : 1; +}; +APK_ARRAY(apk_protected_path_array, struct apk_protected_path); struct apk_db_dir { apk_hash_node hash_node; unsigned long hash; + struct apk_db_dir *parent; + struct apk_protected_path_array *protected_paths; mode_t mode; uid_t uid; gid_t gid; unsigned short refs; unsigned short namelen; - unsigned char flags; + + unsigned protected : 1; + unsigned symlinks_only : 1; + unsigned has_protected_children : 1; + unsigned modified : 1; + unsigned recalc_mode : 1; + char rooted_name[1]; char name[]; }; @@ -125,7 +135,7 @@ struct apk_database { int compat_old_world : 1; struct apk_dependency_array *world; - struct apk_string_array *protected_paths; + struct apk_protected_path_array *protected_paths; struct apk_repository repos[APK_MAX_REPOS]; struct apk_repository_tag repo_tags[APK_MAX_TAGS]; struct apk_id_cache id_cache; @@ -158,11 +168,10 @@ struct apk_name *apk_db_get_name(struct apk_database *db, apk_blob_t name); struct apk_name *apk_db_query_name(struct apk_database *db, apk_blob_t name); int apk_db_get_tag_id(struct apk_database *db, apk_blob_t tag); -struct apk_db_dir *apk_db_dir_query(struct apk_database *db, - apk_blob_t name); +struct apk_db_dir *apk_db_dir_get(struct apk_database *db, apk_blob_t name); +struct apk_db_dir *apk_db_dir_query(struct apk_database *db, apk_blob_t name); struct apk_db_file *apk_db_file_query(struct apk_database *db, - apk_blob_t dir, - apk_blob_t name); + apk_blob_t dir, apk_blob_t name); #define APK_OPENF_READ 0x0001 #define APK_OPENF_WRITE 0x0002 |