picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Merge pull request #9026 from yuwata/followup-9021

Browse source 
core: refuse StateDirectory=private
This commit is contained in:
Lennart Poettering 2018-05-18 20:02:43 +02:00 committed by GitHub
parent 7fbb5dd5e2 5e2d3a5496
commit c55b280158
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/core/dbus-execute.c
View file

@ -2139,8 +2139,14 @@ int bus_exec_context_set_transient_property(
return r;
STRV_FOREACH(p, l) {
if (!path_is_normalized(*p) || path_is_absolute(*p))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= path is not valid: %s", name, *p);
if (!path_is_normalized(*p))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= path is not normalized: %s", name, *p);
if (path_is_absolute(*p))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= path is absolute: %s", name, *p);
if (path_startswith(*p, "private"))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= path can't be 'private': %s", name, *p);
}
if (!UNIT_WRITE_FLAGS_NOOP(flags)) {

5
src/core/load-fragment.c
View file

@ -365,7 +365,7 @@ int config_parse_socket_listen(const char *unit,
p->type = SOCKET_SOCKET;
r = unit_full_printf(UNIT(s), rvalue, &k);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r,"Failed to resolve unit specifiers on %s, ignoring: %m", rvalue);
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers on %s, ignoring: %m", rvalue);
return 0;
}
@ -816,8 +816,7 @@ int config_parse_socket_bindtodevice(
} else
n = NULL;
free(s->bind_to_device);
s->bind_to_device = n;
free_and_replace(s->bind_to_device, n);
return 0;
}