mirror of
https://github.com/systemd/systemd.git
synced 2025-01-04 09:18:12 +03:00
core/manager: add unmerged-bin taint
This commit is contained in:
parent
ea81442892
commit
844863c61e
@ -560,6 +560,7 @@ Support: %SUPPORT_URL%
|
|||||||
The following "tags" are possible:
|
The following "tags" are possible:
|
||||||
- "unmerged-usr" - /bin, /sbin, /lib* are not symlinks to their counterparts
|
- "unmerged-usr" - /bin, /sbin, /lib* are not symlinks to their counterparts
|
||||||
under /usr/
|
under /usr/
|
||||||
|
- "unmerged-bin" - /usr/sbin is not a symlink to /usr/bin/
|
||||||
- "var-run-bad" — /var/run is not a symlink to /run/
|
- "var-run-bad" — /var/run is not a symlink to /run/
|
||||||
- "cgroupsv1" - the system is using the deprecated cgroup v1 hierarchy
|
- "cgroupsv1" - the system is using the deprecated cgroup v1 hierarchy
|
||||||
- "local-hwclock" - the local hardware clock (RTC) is configured to be in
|
- "local-hwclock" - the local hardware clock (RTC) is configured to be in
|
||||||
|
@ -1667,6 +1667,15 @@ node /org/freedesktop/systemd1 {
|
|||||||
<xi:include href="version-info.xml" xpointer="v252"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v252"/></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><literal>unmerged-bin</literal></term>
|
||||||
|
|
||||||
|
<listitem><para><filename>/usr/sbin</filename> is not a symlink to <filename>/usr/bin/</filename>.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><literal>var-run-bad</literal></term>
|
<term><literal>var-run-bad</literal></term>
|
||||||
|
|
||||||
|
@ -4836,7 +4836,7 @@ static int short_uid_range(const char *path) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
char* manager_taint_string(const Manager *m) {
|
char* manager_taint_string(const Manager *m) {
|
||||||
const char *stage[11] = {};
|
const char *stage[12] = {};
|
||||||
size_t n = 0;
|
size_t n = 0;
|
||||||
|
|
||||||
/* Returns a "taint string", e.g. "local-hwclock:var-run-bad". Only things that are detected at
|
/* Returns a "taint string", e.g. "local-hwclock:var-run-bad". Only things that are detected at
|
||||||
@ -4845,13 +4845,17 @@ char* manager_taint_string(const Manager *m) {
|
|||||||
|
|
||||||
assert(m);
|
assert(m);
|
||||||
|
|
||||||
_cleanup_free_ char *usrbin = NULL;
|
_cleanup_free_ char *bin = NULL, *usr_sbin = NULL, *var_run = NULL;
|
||||||
if (readlink_malloc("/bin", &usrbin) < 0 || !PATH_IN_SET(usrbin, "usr/bin", "/usr/bin"))
|
|
||||||
|
if (readlink_malloc("/bin", &bin) < 0 || !PATH_IN_SET(bin, "usr/bin", "/usr/bin"))
|
||||||
stage[n++] = "unmerged-usr";
|
stage[n++] = "unmerged-usr";
|
||||||
|
|
||||||
_cleanup_free_ char *destination = NULL;
|
/* Note that the check is different from default_PATH(), as we want to taint on uncanonical symlinks
|
||||||
if (readlink_malloc("/var/run", &destination) < 0 ||
|
* too. */
|
||||||
!PATH_IN_SET(destination, "../run", "/run"))
|
if (readlink_malloc("/usr/sbin", &usr_sbin) < 0 || !PATH_IN_SET(usr_sbin, "bin", "/usr/bin"))
|
||||||
|
stage[n++] = "unmerged-bin";
|
||||||
|
|
||||||
|
if (readlink_malloc("/var/run", &var_run) < 0 || !PATH_IN_SET(var_run, "../run", "/run"))
|
||||||
stage[n++] = "var-run-bad";
|
stage[n++] = "var-run-bad";
|
||||||
|
|
||||||
if (cg_all_unified() == 0)
|
if (cg_all_unified() == 0)
|
||||||
|
Loading…
Reference in New Issue
Block a user