tmpfiles: clean up hardlinks_vulnerable a bit

dangerous_hardlinks() -> hardlinks_protected(), and the meaning of the function is now in line with fs.protected_hardlinks value. Plus, We ship 50-default.conf where the sysctl is enabled. Mention it in the comment.
2025-02-09 13:57:42 +03:00 · 2024-05-10 17:53:44 +08:00 · 2024-05-10 17:53:44 +08:00 · 570c940d42
commit 570c940d42
parent 1df2c9a597
1 changed files with 14 additions and 15 deletions
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@ -67,6 +67,7 @@
 #include "string-table.h"
 #include "string-util.h"
 #include "strv.h"
+#include "sysctl-util.h"
 #include "terminal-util.h"
 #include "umask-util.h"
 #include "user-util.h"
@ -932,37 +933,35 @@ finish:
        return r;
 }

-static bool dangerous_hardlinks(void) {
-        _cleanup_free_ char *value = NULL;
+static bool hardlinks_protected(void) {
        static int cached = -1;
        int r;

        /* Check whether the fs.protected_hardlinks sysctl is on. If we can't determine it we assume its off,
-         * as that's what the upstream default is. */
+         * as that's what the kernel default is.
+         * Note that we ship 50-default.conf where it is enabled, but better be safe than sorry. */

        if (cached >= 0)
                return cached;

-        r = read_one_line_file("/proc/sys/fs/protected_hardlinks", &value);
+        _cleanup_free_ char *value = NULL;
+
+        r = sysctl_read("fs/protected_hardlinks", &value);
        if (r < 0) {
-                log_debug_errno(r, "Failed to read fs.protected_hardlinks sysctl: %m");
-                return true;
+                log_debug_errno(r, "Failed to read fs.protected_hardlinks sysctl, assuming disabled: %m");
+                return false;
        }

-        r = parse_boolean(value);
-        if (r < 0) {
-                log_debug_errno(r, "Failed to parse fs.protected_hardlinks sysctl: %m");
-                return true;
-        }
-
-        cached = r == 0;
-        return cached;
+        cached = parse_boolean(value);
+        if (cached < 0)
+                log_debug_errno(cached, "Failed to parse fs.protected_hardlinks sysctl, assuming disabled: %m");
+        return cached > 0;
 }

 static bool hardlink_vulnerable(const struct stat *st) {
        assert(st);

-        return !S_ISDIR(st->st_mode) && st->st_nlink > 1 && dangerous_hardlinks();
+        return !S_ISDIR(st->st_mode) && st->st_nlink > 1 && !hardlinks_protected();
 }

 static mode_t process_mask_perms(mode_t mode, mode_t current) {