From 404308486aa285c67c5af4c8e7d6be393ce5a3c7 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 9 Jan 2020 12:01:45 +0100
Subject: [PATCH] core: be more restrictive on the dependency types we allow to
 be created transiently

We should allow the ones that the [Unit] section of regular unit files
may accet, but no other, in particular not the internal deps we
synthesize as reverse of explicitly configured ones, such was WantedBy=.

Fixes: #14251
---
 src/core/dbus-unit.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index 9477c471401..1c5fd2a23b8 100644
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -2012,6 +2012,21 @@ static int bus_unit_set_transient_property(
         if (d >= 0) {
                 const char *other;
 
+                if (!IN_SET(d,
+                            UNIT_REQUIRES,
+                            UNIT_REQUISITE,
+                            UNIT_WANTS,
+                            UNIT_BINDS_TO,
+                            UNIT_PART_OF,
+                            UNIT_CONFLICTS,
+                            UNIT_BEFORE,
+                            UNIT_AFTER,
+                            UNIT_ON_FAILURE,
+                            UNIT_PROPAGATES_RELOAD_TO,
+                            UNIT_RELOAD_PROPAGATED_FROM,
+                            UNIT_JOINS_NAMESPACE_OF))
+                    return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Dependency type %s may not be created transiently.", unit_dependency_to_string(d));
+
                 r = sd_bus_message_enter_container(message, 'a', "s");
                 if (r < 0)
                         return r;