diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 02:25:51 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 02:25:51 +0000 |
| commit | ac8399db6ce846597966360732ce6d39a247bdd2 (patch) | |
| tree | 046a28d2cbd02afa147291e8f69e9bb5dc29f1aa /debian/patches/core-change-ownership-mode-of-the-execution-directories-a.patch | |
| parent | Adding upstream version 241. (diff) | |
| download | systemd-ac8399db6ce846597966360732ce6d39a247bdd2.tar.xz systemd-ac8399db6ce846597966360732ce6d39a247bdd2.zip | |
Adding debian version 241-7~deb10u8.debian/241-7_deb10u8
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/core-change-ownership-mode-of-the-execution-directories-a.patch')
| -rw-r--r-- | debian/patches/core-change-ownership-mode-of-the-execution-directories-a.patch | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/debian/patches/core-change-ownership-mode-of-the-execution-directories-a.patch b/debian/patches/core-change-ownership-mode-of-the-execution-directories-a.patch new file mode 100644 index 0000000..6f8b0fc --- /dev/null +++ b/debian/patches/core-change-ownership-mode-of-the-execution-directories-a.patch @@ -0,0 +1,85 @@ +From: Lennart Poettering <lennart@poettering.net> +Date: Thu, 14 Mar 2019 17:19:30 +0100 +Subject: core: change ownership/mode of the execution directories also for + static users + +It's probably unexpected if we do a recursive chown() when dynamic users +are used but not on static users. + +hence, let's tweak the logic slightly, and recursively chown in both +cases, except when operating on the configuration directory. + +Fixes: #11842 +(cherry picked from commit 206e9864de460dd79d9edd7bedb47dee168765e1) +--- + src/core/execute.c | 47 ++++++++++++++++++++++++++--------------------- + 1 file changed, 26 insertions(+), 21 deletions(-) + +diff --git a/src/core/execute.c b/src/core/execute.c +index 5486e37..5c3930e 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -2151,37 +2151,42 @@ static int setup_exec_directory( + if (r < 0) + goto fail; + +- /* Lock down the access mode */ +- if (chmod(pp, context->directories[type].mode) < 0) { +- r = -errno; +- goto fail; +- } + } else { + r = mkdir_label(p, context->directories[type].mode); + if (r < 0) { +- struct stat st; +- + if (r != -EEXIST) + goto fail; + +- if (stat(p, &st) < 0) { +- r = -errno; +- goto fail; +- } +- if (((st.st_mode ^ context->directories[type].mode) & 07777) != 0) +- log_warning("%s \'%s\' already exists but the mode is different. " +- "(filesystem: %o %sMode: %o)", +- exec_directory_type_to_string(type), *rt, +- st.st_mode & 07777, exec_directory_type_to_string(type), context->directories[type].mode & 07777); +- if (!context->dynamic_user) ++ if (type == EXEC_DIRECTORY_CONFIGURATION) { ++ struct stat st; ++ ++ /* Don't change the owner/access mode of the configuration directory, ++ * as in the common case it is not written to by a service, and shall ++ * not be writable. */ ++ ++ if (stat(p, &st) < 0) { ++ r = -errno; ++ goto fail; ++ } ++ ++ /* Still complain if the access mode doesn't match */ ++ if (((st.st_mode ^ context->directories[type].mode) & 07777) != 0) ++ log_warning("%s \'%s\' already exists but the mode is different. " ++ "(File system: %o %sMode: %o)", ++ exec_directory_type_to_string(type), *rt, ++ st.st_mode & 07777, exec_directory_type_to_string(type), context->directories[type].mode & 07777); ++ + continue; ++ } + } + } + +- /* Don't change the owner of the configuration directory, as in the common case it is not written to by +- * a service, and shall not be writable. */ +- if (type == EXEC_DIRECTORY_CONFIGURATION) +- continue; ++ /* Lock down the access mode (we use chmod_and_chown() to make this idempotent. We don't ++ * specifiy UID/GID here, so that path_chown_recursive() can optimize things depending on the ++ * current UID/GID ownership.) */ ++ r = chmod_and_chown(pp ?: p, context->directories[type].mode, UID_INVALID, GID_INVALID); ++ if (r < 0) ++ goto fail; + + /* Then, change the ownership of the whole tree, if necessary */ + r = path_chown_recursive(pp ?: p, uid, gid); |