repart: Fail early if we're missing privileges to populate a filesystem

author: Daan De Meyer <daan.j.demeyer@gmail.com> 2022-10-11 10:56:16 +0200
committer: Daan De Meyer <daan.j.demeyer@gmail.com> 2022-11-15 20:23:51 +0100
commit: 6d6cefad37e4bf098ed0df487f8bbfb4ed5a9d0b (patch)
tree: ca12218e0a1ea288f5f6392b170a143a2284d377 /src/partition
parent: repart: Ensure files end up owned by root in generated filesystems (diff)
download: systemd-6d6cefad37e4bf098ed0df487f8bbfb4ed5a9d0b.tar.xz
systemd-6d6cefad37e4bf098ed0df487f8bbfb4ed5a9d0b.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/src/partition/repart.c b/src/partition/repart.c
index 0bc5055283..6f4da2c6b5 100644
--- a/src/partition/repart.c
+++ b/src/partition/repart.c
@@ -1594,6 +1594,11 @@ static int partition_read_definition(Partition *p, const char *path, const char
                 return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EINVAL),
                                   "Minimize= can only be enabled if Format= is set");
 
+        if ((!strv_isempty(p->copy_files) || !strv_isempty(p->make_directories)) && !mkfs_supports_root_option(p->format) && geteuid() != 0)
+                return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EPERM),
+                                  "Need to be root to populate %s filesystems with CopyFiles=/MakeDirectories=",
+                                  p->format);
+
         if (p->verity != VERITY_OFF || p->encrypt != ENCRYPT_OFF) {
                 r = dlopen_cryptsetup();
                 if (r < 0)
author	Daan De Meyer <daan.j.demeyer@gmail.com>	2022-10-11 10:56:16 +0200
committer	Daan De Meyer <daan.j.demeyer@gmail.com>	2022-11-15 20:23:51 +0100
commit	6d6cefad37e4bf098ed0df487f8bbfb4ed5a9d0b (patch)
tree	ca12218e0a1ea288f5f6392b170a143a2284d377 /src/partition
parent	repart: Ensure files end up owned by root in generated filesystems (diff)
download	systemd-6d6cefad37e4bf098ed0df487f8bbfb4ed5a9d0b.tar.xz systemd-6d6cefad37e4bf098ed0df487f8bbfb4ed5a9d0b.zip