picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

tmpfiles: use CHASE_WARN in addition to CHASE_SAFE

Browse source 
and let's emit a more comprehensive warning when an unsafe transition is
encountered.

Before this patch:

 Unsafe symlinks encountered in /run/nrpe, refusing.

After:

 Detected unsafe path transition / → /run during canonicalization of /run/nrpe.
This commit is contained in:
Franck Bui 2018-11-28 16:09:16 +01:00
parent 36c97decbe
commit 7f0704da94
1 changed files with 4 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/tmpfiles/tmpfiles.c
View file

@ -861,10 +861,8 @@ static int path_open_parent_safe(const char *path) {
if (!dn) if (!dn)
return log_oom(); return log_oom();
fd = chase_symlinks(dn, NULL, CHASE_OPEN|CHASE_SAFE, NULL); fd = chase_symlinks(dn, NULL, CHASE_OPEN|CHASE_SAFE|CHASE_WARN, NULL);
if (fd == -ENOLINK) if (fd < 0 && fd != -ENOLINK)
return log_error_errno(fd, "Unsafe symlinks encountered in %s, refusing.", path);
if (fd < 0)
return log_error_errno(fd, "Failed to validate path %s: %m", path); return log_error_errno(fd, "Failed to validate path %s: %m", path);
return fd; return fd;
@ -884,10 +882,8 @@ static int path_open_safe(const char *path) {
"Failed to open invalid path '%s'.", "Failed to open invalid path '%s'.",
path); path);
fd = chase_symlinks(path, NULL, CHASE_OPEN|CHASE_SAFE|CHASE_NOFOLLOW, NULL); fd = chase_symlinks(path, NULL, CHASE_OPEN|CHASE_SAFE|CHASE_WARN|CHASE_NOFOLLOW, NULL);
if (fd == -ENOLINK) if (fd < 0 && fd != -ENOLINK)
return log_error_errno(fd, "Unsafe symlinks encountered in %s, refusing.", path);
if (fd < 0)
return log_error_errno(fd, "Failed to validate path %s: %m", path); return log_error_errno(fd, "Failed to validate path %s: %m", path);
return fd; return fd;