mirror of
https://github.com/systemd/systemd.git
synced 2024-12-23 21:35:11 +03:00
Merge pull request #15063 from topimiettinen/execute-dont-create-tmp-dirs-if-inaccessible
Execute: don't create temp dirs if inaccessible
This commit is contained in:
commit
693040bde5
@ -1125,3 +1125,19 @@ bool path_strv_contains(char **l, const char *path) {
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
bool prefixed_path_strv_contains(char **l, const char *path) {
|
||||
char **i, *j;
|
||||
|
||||
STRV_FOREACH(i, l) {
|
||||
j = *i;
|
||||
if (*j == '-')
|
||||
j++;
|
||||
if (*j == '+')
|
||||
j++;
|
||||
if (path_equal(j, path))
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
@ -173,3 +173,4 @@ static inline const char *empty_to_root(const char *path) {
|
||||
}
|
||||
|
||||
bool path_strv_contains(char **l, const char *path);
|
||||
bool prefixed_path_strv_contains(char **l, const char *path);
|
||||
|
@ -5371,7 +5371,10 @@ static int exec_runtime_make(Manager *m, const ExecContext *c, const char *id, E
|
||||
if (!c->private_network && !c->private_tmp && !c->network_namespace_path)
|
||||
return 0;
|
||||
|
||||
if (c->private_tmp) {
|
||||
if (c->private_tmp &&
|
||||
!(prefixed_path_strv_contains(c->inaccessible_paths, "/tmp") &&
|
||||
(prefixed_path_strv_contains(c->inaccessible_paths, "/var/tmp") ||
|
||||
prefixed_path_strv_contains(c->inaccessible_paths, "/var")))) {
|
||||
r = setup_tmp_dirs(id, &tmp_dir, &var_tmp_dir);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
@ -1192,7 +1192,7 @@ static bool root_read_only(
|
||||
if (protect_system == PROTECT_SYSTEM_STRICT)
|
||||
return true;
|
||||
|
||||
if (path_strv_contains(read_only_paths, "/"))
|
||||
if (prefixed_path_strv_contains(read_only_paths, "/"))
|
||||
return true;
|
||||
|
||||
return false;
|
||||
@ -1217,9 +1217,9 @@ static bool home_read_only(
|
||||
if (protect_home != PROTECT_HOME_NO)
|
||||
return true;
|
||||
|
||||
if (path_strv_contains(read_only_paths, "/home") ||
|
||||
path_strv_contains(inaccessible_paths, "/home") ||
|
||||
path_strv_contains(empty_directories, "/home"))
|
||||
if (prefixed_path_strv_contains(read_only_paths, "/home") ||
|
||||
prefixed_path_strv_contains(inaccessible_paths, "/home") ||
|
||||
prefixed_path_strv_contains(empty_directories, "/home"))
|
||||
return true;
|
||||
|
||||
for (i = 0; i < n_temporary_filesystems; i++)
|
||||
|
Loading…
Reference in New Issue
Block a user