From 844863c61e7b501097da84a1e4d1e4a6aa6d9f0d Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Tue, 23 Apr 2024 22:33:10 +0800
Subject: [PATCH] core/manager: add unmerged-bin taint

---
 catalog/systemd.catalog.in       |  1 +
 man/org.freedesktop.systemd1.xml |  9 +++++++++
 src/core/manager.c               | 16 ++++++++++------
 3 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/catalog/systemd.catalog.in b/catalog/systemd.catalog.in
index 3bf9b6cffbc..f0fc62dd855 100644
--- a/catalog/systemd.catalog.in
+++ b/catalog/systemd.catalog.in
@@ -560,6 +560,7 @@ Support: %SUPPORT_URL%
 The following "tags" are possible:
 - "unmerged-usr" - /bin, /sbin, /lib* are not symlinks to their counterparts
   under /usr/
+- "unmerged-bin" - /usr/sbin is not a symlink to /usr/bin/
 - "var-run-bad" — /var/run is not a symlink to /run/
 - "cgroupsv1" - the system is using the deprecated cgroup v1 hierarchy
 - "local-hwclock" - the local hardware clock (RTC) is configured to be in
diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml
index 1c5b7d38f5c..749e6e3653e 100644
--- a/man/org.freedesktop.systemd1.xml
+++ b/man/org.freedesktop.systemd1.xml
@@ -1667,6 +1667,15 @@ node /org/freedesktop/systemd1 {
           <xi:include href="version-info.xml" xpointer="v252"/></listitem>
         </varlistentry>
 
+        <varlistentry>
+          <term><literal>unmerged-bin</literal></term>
+
+          <listitem><para><filename>/usr/sbin</filename> is not a symlink to <filename>/usr/bin/</filename>.
+          </para>
+
+          <xi:include href="version-info.xml" xpointer="v256"/></listitem>
+        </varlistentry>
+
         <varlistentry>
           <term><literal>var-run-bad</literal></term>
 
diff --git a/src/core/manager.c b/src/core/manager.c
index 35e08e5f771..ebaf33bc5f6 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -4836,7 +4836,7 @@ static int short_uid_range(const char *path) {
 }
 
 char* manager_taint_string(const Manager *m) {
-        const char *stage[11] = {};
+        const char *stage[12] = {};
         size_t n = 0;
 
         /* Returns a "taint string", e.g. "local-hwclock:var-run-bad". Only things that are detected at
@@ -4845,13 +4845,17 @@ char* manager_taint_string(const Manager *m) {
 
         assert(m);
 
-        _cleanup_free_ char *usrbin = NULL;
-        if (readlink_malloc("/bin", &usrbin) < 0 || !PATH_IN_SET(usrbin, "usr/bin", "/usr/bin"))
+        _cleanup_free_ char *bin = NULL, *usr_sbin = NULL, *var_run = NULL;
+
+        if (readlink_malloc("/bin", &bin) < 0 || !PATH_IN_SET(bin, "usr/bin", "/usr/bin"))
                 stage[n++] = "unmerged-usr";
 
-        _cleanup_free_ char *destination = NULL;
-        if (readlink_malloc("/var/run", &destination) < 0 ||
-            !PATH_IN_SET(destination, "../run", "/run"))
+        /* Note that the check is different from default_PATH(), as we want to taint on uncanonical symlinks
+         * too. */
+        if (readlink_malloc("/usr/sbin", &usr_sbin) < 0 || !PATH_IN_SET(usr_sbin, "bin", "/usr/bin"))
+                stage[n++] = "unmerged-bin";
+
+        if (readlink_malloc("/var/run", &var_run) < 0 || !PATH_IN_SET(var_run, "../run", "/run"))
                 stage[n++] = "var-run-bad";
 
         if (cg_all_unified() == 0)