tmpfiles: use CHASE_WARN in addition to CHASE_SAFE
and let's emit a more comprehensive warning when an unsafe transition is encountered. Before this patch: Unsafe symlinks encountered in /run/nrpe, refusing. After: Detected unsafe path transition / → /run during canonicalization of /run/nrpe.
This commit is contained in:
parent
36c97decbe
commit
7f0704da94
|
@ -861,10 +861,8 @@ static int path_open_parent_safe(const char *path) {
|
||||||
if (!dn)
|
if (!dn)
|
||||||
return log_oom();
|
return log_oom();
|
||||||
|
|
||||||
fd = chase_symlinks(dn, NULL, CHASE_OPEN|CHASE_SAFE, NULL);
|
fd = chase_symlinks(dn, NULL, CHASE_OPEN|CHASE_SAFE|CHASE_WARN, NULL);
|
||||||
if (fd == -ENOLINK)
|
if (fd < 0 && fd != -ENOLINK)
|
||||||
return log_error_errno(fd, "Unsafe symlinks encountered in %s, refusing.", path);
|
|
||||||
if (fd < 0)
|
|
||||||
return log_error_errno(fd, "Failed to validate path %s: %m", path);
|
return log_error_errno(fd, "Failed to validate path %s: %m", path);
|
||||||
|
|
||||||
return fd;
|
return fd;
|
||||||
|
@ -884,10 +882,8 @@ static int path_open_safe(const char *path) {
|
||||||
"Failed to open invalid path '%s'.",
|
"Failed to open invalid path '%s'.",
|
||||||
path);
|
path);
|
||||||
|
|
||||||
fd = chase_symlinks(path, NULL, CHASE_OPEN|CHASE_SAFE|CHASE_NOFOLLOW, NULL);
|
fd = chase_symlinks(path, NULL, CHASE_OPEN|CHASE_SAFE|CHASE_WARN|CHASE_NOFOLLOW, NULL);
|
||||||
if (fd == -ENOLINK)
|
if (fd < 0 && fd != -ENOLINK)
|
||||||
return log_error_errno(fd, "Unsafe symlinks encountered in %s, refusing.", path);
|
|
||||||
if (fd < 0)
|
|
||||||
return log_error_errno(fd, "Failed to validate path %s: %m", path);
|
return log_error_errno(fd, "Failed to validate path %s: %m", path);
|
||||||
|
|
||||||
return fd;
|
return fd;
|
||||||
|
|
Loading…
Reference in a new issue