Merge pull request #15033 from yuwata/state-directory-migrate-issue

execute: Fix migration from DynamicUser=yes to no
2020-03-09 17:34:55 +01:00 · 2020-03-09 17:34:55 +01:00 · 908055f61f
parent 47cc458e97 abaaa79b22
commit 908055f61f
2 changed files with 12 additions and 2 deletions
--- a/src/core/execute.c
+++ b/src/core/execute.c
@ -2247,7 +2247,7 @@ static int setup_exec_directory(

                        if (type != EXEC_DIRECTORY_CONFIGURATION &&
                            readlink_and_make_absolute(p, &target) >= 0) {
-                                _cleanup_free_ char *q = NULL;
+                                _cleanup_free_ char *q = NULL, *q_resolved = NULL, *target_resolved = NULL;

                                /* This already exists and is a symlink? Interesting. Maybe it's one created
                                 * by DynamicUser=1 (see above)?
@ -2256,13 +2256,22 @@ static int setup_exec_directory(
                                 * since they all support the private/ symlink logic at least in some
                                 * configurations, see above. */

+                                r = chase_symlinks(target, NULL, 0, &target_resolved, NULL);
+                                if (r < 0)
+                                        goto fail;
+
                                q = path_join(params->prefix[type], "private", *rt);
                                if (!q) {
                                        r = -ENOMEM;
                                        goto fail;
                                }

-                                if (path_equal(q, target)) {
+                                /* /var/lib or friends may be symlinks. So, let's chase them also. */
+                                r = chase_symlinks(q, NULL, CHASE_NONEXISTENT, &q_resolved, NULL);
+                                if (r < 0)
+                                        goto fail;
+
+                                if (path_equal(q_resolved, target_resolved)) {

                                        /* Hmm, apparently DynamicUser= was once turned on for this service,
                                         * but is no longer. Let's move the directory back up. */
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@ -561,6 +561,7 @@ static void test_exec_dynamicuser(Manager *m) {

        test(__func__, m, "exec-dynamicuser-statedir-migrate-step1.service", 0, CLD_EXITED);
        test(__func__, m, "exec-dynamicuser-statedir-migrate-step2.service", can_unshare ? 0 : EXIT_NAMESPACE, CLD_EXITED);
+        test(__func__, m, "exec-dynamicuser-statedir-migrate-step1.service", 0, CLD_EXITED);

        (void) rm_rf("/var/lib/test-dynamicuser-migrate", REMOVE_ROOT|REMOVE_PHYSICAL);
        (void) rm_rf("/var/lib/test-dynamicuser-migrate2", REMOVE_ROOT|REMOVE_PHYSICAL);