Remove /sbin from paths if split-bin is false (#8324)

Follow-up for 157baa87e4.
2025-01-09 01:18:19 +03:00 · 2018-03-01 21:48:36 +01:00 · 2018-03-01 21:48:36 +01:00 · 671f0f8de0
commit 671f0f8de0
parent 7df4b832d0
4 changed files with 25 additions and 9 deletions
--- a/meson.build
+++ b/meson.build
@ -59,13 +59,16 @@ if get_option('split-usr') == 'auto'
 else
        split_usr = get_option('split-usr') == 'true'
 endif
-conf.set10('HAVE_SPLIT_USR', split_usr)
+conf.set10('HAVE_SPLIT_USR', split_usr,
+           description : '/usr/bin and /bin directories are separate')

 if get_option('split-bin') == 'auto'
        split_bin = run_command('test', '-L', '/usr/sbin').returncode() != 0
 else
        split_bin = get_option('split-bin') == 'true'
 endif
+conf.set10('HAVE_SPLIT_BIN', split_bin,
+           description : 'bin and sbin directories are separate')

 rootprefixdir = get_option('rootprefix')
 # Unusual rootprefixdir values are used by some distros
--- a/src/basic/path-util.h
+++ b/src/basic/path-util.h
@ -28,8 +28,14 @@
 #include "string-util.h"
 #include "time-util.h"

-#define DEFAULT_PATH_NORMAL "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin"
-#define DEFAULT_PATH_SPLIT_USR DEFAULT_PATH_NORMAL ":/sbin:/bin"
+#if HAVE_SPLIT_BIN
+#  define PATH_SBIN_BIN(x) x "sbin:" x "bin"
+#else
+#  define PATH_SBIN_BIN(x) x "bin"
+#endif
+
+#define DEFAULT_PATH_NORMAL PATH_SBIN_BIN("/usr/local/") ":" PATH_SBIN_BIN("/usr/")
+#define DEFAULT_PATH_SPLIT_USR DEFAULT_PATH_NORMAL ":" PATH_SBIN_BIN("/")

 #if HAVE_SPLIT_USR
 #  define DEFAULT_PATH DEFAULT_PATH_SPLIT_USR
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@ -152,7 +152,9 @@ static const MountEntry protect_system_yes_table[] = {
        { "/lib",                READONLY,     true  },
        { "/lib64",              READONLY,     true  },
        { "/bin",                READONLY,     true  },
+#  if HAVE_SPLIT_BIN
        { "/sbin",               READONLY,     true  },
+#  endif
 #endif
 };

@ -166,7 +168,9 @@ static const MountEntry protect_system_full_table[] = {
        { "/lib",                READONLY,     true  },
        { "/lib64",              READONLY,     true  },
        { "/bin",                READONLY,     true  },
+#  if HAVE_SPLIT_BIN
        { "/sbin",               READONLY,     true  },
+#  endif
 #endif
 };

--- a/src/libsystemd/sd-path/sd-path.c
+++ b/src/libsystemd/sd-path/sd-path.c
@ -478,6 +478,12 @@ static int search_from_environment(
        return 0;
 }

+#if HAVE_SPLIT_BIN
+#  define ARRAY_SBIN_BIN(x) x "sbin", x "bin"
+#else
+#  define ARRAY_SBIN_BIN(x) x "bin"
+#endif
+
 static int get_search(uint64_t type, char ***list) {

        assert(list);
@ -490,13 +496,10 @@ static int get_search(uint64_t type, char ***list) {
                                               ".local/bin",
                                               "PATH",
                                               true,
-                                               "/usr/local/sbin",
-                                               "/usr/local/bin",
-                                               "/usr/sbin",
-                                               "/usr/bin",
+                                               ARRAY_SBIN_BIN("/usr/local/"),
+                                               ARRAY_SBIN_BIN("/usr/"),
 #if HAVE_SPLIT_USR
-                                               "/sbin",
-                                               "/bin",
+                                               ARRAY_SBIN_BIN("/"),
 #endif
                                               NULL);