CFE-4529: Added policy function getacls()#5832
Conversation
larsewi
commented
Jun 30, 2025
- Added policy function to get ACLs
- Added acceptance test for getacls()
Ticket: CFE-4529 Changelog: Title Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
|
@cf-bottom Jenkins please :) |
|
Alright, I triggered a build: Jenkins: https://ci.cfengine.com/job/pr-pipeline/12308/ Packages: http://buildcache.cfengine.com/packages/testing-pr/jenkins-pr-pipeline-12308/ |
Ticket: CFE-4529 Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech> Co-authored-by: Ole Herman Schumacher Elgesem <4048546+olehermanse@users.noreply.github.com>
| #endif /* _WIN32 */ | ||
| if (acls == NULL) | ||
| { | ||
| Log((errno != ENOTSUP) ? LOG_LEVEL_ERR : LOG_LEVEL_VERBOSE, |
There was a problem hiding this comment.
@larsewi I am a bit unsure about this error. Directories might not have acls on them, and rather than error, it sort of feels more correct to simply return an empty list. I want to say that getindcies and some other functions behave similarly to that.
This came up after the workshop when i was following up on a note to add example output to the documentation example.
root@hub:~# cf-agent -Kf ./t.cf
error: Function getacls failed to get ACLs for '/etc': No data available
error: Function getacls failed to get ACLs for '/etc': No data available
error: Function getacls failed to get ACLs for '/etc': No data available
error: Function getacls failed to get ACLs for '/etc': No data available
error: Function getacls failed to get ACLs for '/etc': No data available
error: Function getacls failed to get ACLs for '/etc': No data available
error: Function getacls failed to get ACLs for '/etc': No data available
error: Function getacls failed to get ACLs for '/etc': No data available
error: Function getacls failed to get ACLs for '/etc': No data available
error: Function getacls failed to get ACLs for '/etc': No data available
error: Function getacls failed to get ACLs for '/etc': No data available
error: Function getacls failed to get ACLs for '/etc': No data available
error: Function getacls failed to get ACLs for '/etc': No data available
R: Access acl: user::rw-
R: Access acl: group::r--
R: Access acl: other::r--
error: Function getacls failed to get ACLs for '/etc': No data available
error: Function getacls failed to get ACLs for '/etc': No data available
error: Function getacls failed to get ACLs for '/etc': No data available
error: Function getacls failed to get ACLs for '/etc': No data available
error: Function getacls failed to get ACLs for '/etc': No data available
error: Function getacls failed to get ACLs for '/etc': No data available
R: Default acl: $(default_acls)
root@hub:~# cat t.cf
bundle agent __main__
{
vars:
"default_acls"
slist => getacls("/etc", "default");
"access_acls"
slist => getacls("/tmp/bar", "access");
reports:
"Default acl: $(default_acls)";
"Access acl: $(access_acls)";
}
There was a problem hiding this comment.
I was triggered by this update from @nickanderson and error is definitely not okl I assume we want the same as the getfacl command:
11:25 install3:~ $ getfacl /etc
getfacl: Removing leading '/' from absolute path names
# file: etc
# owner: root
# group: root
user::rwx
group::r-x
other::r-x