picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

tmpfiles: make create_fifo() safe

This commit is contained in:
Franck Bui 2018-04-27 18:17:32 +02:00
parent 4fe3828c58
commit 7ea5a87f92
1 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/tmpfiles/tmpfiles.c
View File

@ -1715,13 +1715,21 @@ static int create_device(Item *i, mode_t file_type) {
}
static int create_fifo(Item *i, const char *path) {
_cleanup_close_ int pfd = -1, fd = -1;
CreationMode creation;
struct stat st;
char *bn;
int r;
pfd = path_open_parent_safe(path);
if (pfd < 0)
return pfd;
bn = basename(path);
RUN_WITH_UMASK(0000) {
mac_selinux_create_file_prepare(path, S_IFIFO);
r = mkfifo(path, i->mode);
r = mkfifoat(pfd, bn, i->mode);
mac_selinux_create_file_clear();
}
@ -1729,7 +1737,7 @@ static int create_fifo(Item *i, const char *path) {
if (errno != EEXIST)
return log_error_errno(errno, "Failed to create fifo %s: %m", path);
if (lstat(path, &st) < 0)
if (fstatat(pfd, bn, &st, AT_SYMLINK_NOFOLLOW) < 0)
return log_error_errno(errno, "stat(%s) failed: %m", path);
if (!S_ISFIFO(st.st_mode)) {
@ -1737,7 +1745,7 @@ static int create_fifo(Item *i, const char *path) {
if (i->force) {
RUN_WITH_UMASK(0000) {
mac_selinux_create_file_prepare(path, S_IFIFO);
r = mkfifo_atomic(path, i->mode);
r = mkfifoat_atomic(pfd, bn, i->mode);
mac_selinux_create_file_clear();
}
@ -1752,9 +1760,14 @@ static int create_fifo(Item *i, const char *path) {
creation = CREATION_EXISTING;
} else
creation = CREATION_NORMAL;
log_debug("%s fifo \"%s\".", creation_mode_verb_to_string(creation), path);
return path_set_perms(i, path);
fd = openat(pfd, bn, O_NOFOLLOW|O_CLOEXEC|O_PATH);
if (fd < 0)
return log_error_errno(fd, "Failed to openat(%s): %m", path);
return fd_set_perms(i, fd, NULL);
}
typedef int (*action_t)(Item *, const char *);