diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-03-11 09:06:10 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-03-11 09:06:10 +0100 |
| commit | 693040bde5162c8af3d0f063414288eba5255b3c (patch) | |
| tree | 4004787972d41376702e9b39b19469c8fe85b486 /src | |
| parent | udev: add debug logs for delaying and delegation of events (diff) | |
| parent | execute: don't create /tmp and /var/tmp if both are inaccessible (diff) | |
| download | systemd-693040bde5162c8af3d0f063414288eba5255b3c.tar.xz systemd-693040bde5162c8af3d0f063414288eba5255b3c.zip | |
Merge pull request #15063 from topimiettinen/execute-dont-create-tmp-dirs-if-inaccessible
Execute: don't create temp dirs if inaccessible
Diffstat (limited to 'src')
| -rw-r--r-- | src/basic/path-util.c | 16 | ||||
| -rw-r--r-- | src/basic/path-util.h | 1 | ||||
| -rw-r--r-- | src/core/execute.c | 5 | ||||
| -rw-r--r-- | src/core/namespace.c | 8 |
4 files changed, 25 insertions, 5 deletions
diff --git a/src/basic/path-util.c b/src/basic/path-util.c index 49a211a527..ba13de01ff 100644 --- a/src/basic/path-util.c +++ b/src/basic/path-util.c @@ -1125,3 +1125,19 @@ bool path_strv_contains(char **l, const char *path) { return false; } + +bool prefixed_path_strv_contains(char **l, const char *path) { + char **i, *j; + + STRV_FOREACH(i, l) { + j = *i; + if (*j == '-') + j++; + if (*j == '+') + j++; + if (path_equal(j, path)) + return true; + } + + return false; +} diff --git a/src/basic/path-util.h b/src/basic/path-util.h index f49a876f3d..30031fca8e 100644 --- a/src/basic/path-util.h +++ b/src/basic/path-util.h @@ -173,3 +173,4 @@ static inline const char *empty_to_root(const char *path) { } bool path_strv_contains(char **l, const char *path); +bool prefixed_path_strv_contains(char **l, const char *path); diff --git a/src/core/execute.c b/src/core/execute.c index 587b77a3f4..00a2f2e17e 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -5371,7 +5371,10 @@ static int exec_runtime_make(Manager *m, const ExecContext *c, const char *id, E if (!c->private_network && !c->private_tmp && !c->network_namespace_path) return 0; - if (c->private_tmp) { + if (c->private_tmp && + !(prefixed_path_strv_contains(c->inaccessible_paths, "/tmp") && + (prefixed_path_strv_contains(c->inaccessible_paths, "/var/tmp") || + prefixed_path_strv_contains(c->inaccessible_paths, "/var")))) { r = setup_tmp_dirs(id, &tmp_dir, &var_tmp_dir); if (r < 0) return r; diff --git a/src/core/namespace.c b/src/core/namespace.c index cda9d2ca1d..a461a3cce4 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -1192,7 +1192,7 @@ static bool root_read_only( if (protect_system == PROTECT_SYSTEM_STRICT) return true; - if (path_strv_contains(read_only_paths, "/")) + if (prefixed_path_strv_contains(read_only_paths, "/")) return true; return false; @@ -1217,9 +1217,9 @@ static bool home_read_only( if (protect_home != PROTECT_HOME_NO) return true; - if (path_strv_contains(read_only_paths, "/home") || - path_strv_contains(inaccessible_paths, "/home") || - path_strv_contains(empty_directories, "/home")) + if (prefixed_path_strv_contains(read_only_paths, "/home") || + prefixed_path_strv_contains(inaccessible_paths, "/home") || + prefixed_path_strv_contains(empty_directories, "/home")) return true; for (i = 0; i < n_temporary_filesystems; i++) |