Commit 992f87e1 authored by Lennart Poettering's avatar Lennart Poettering
Browse files

install: refuse installation of symlinked units

parent 7461d1b7
...@@ -24,6 +24,7 @@ ...@@ -24,6 +24,7 @@
#include <getopt.h> #include <getopt.h>
#include <errno.h> #include <errno.h>
#include <unistd.h> #include <unistd.h>
#include <fcntl.h>
#include "log.h" #include "log.h"
#include "path-lookup.h" #include "path-lookup.h"
...@@ -722,22 +723,32 @@ static int install_info_apply(LookupPaths *paths, InstallInfo *i, const char *co ...@@ -722,22 +723,32 @@ static int install_info_apply(LookupPaths *paths, InstallInfo *i, const char *co
assert(i); assert(i);
STRV_FOREACH(p, paths->unit_path) { STRV_FOREACH(p, paths->unit_path) {
int fd;
if (!(filename = path_make_absolute(i->name, *p))) { if (!(filename = path_make_absolute(i->name, *p))) {
log_error("Out of memory"); log_error("Out of memory");
return -ENOMEM; return -ENOMEM;
} }
if ((f = fopen(filename, "re"))) /* Ensure that we don't follow symlinks */
break; if ((fd = open(filename, O_RDONLY|O_CLOEXEC|O_NOFOLLOW|O_NOCTTY)) >= 0)
if ((f = fdopen(fd, "re")))
break;
free(filename); if (errno == ELOOP) {
filename = NULL; log_error("Refusing to operate on symlinks, please pass unit names or absolute paths to unit files.");
free(filename);
return -errno;
}
if (errno != ENOENT) { if (errno != ENOENT) {
log_error("Failed to open %s: %m", filename); log_error("Failed to open %s: %m", filename);
free(filename);
return -errno; return -errno;
} }
free(filename);
filename = NULL;
} }
if (!f) { if (!f) {
...@@ -810,7 +821,7 @@ static int do_realize(bool enabled) { ...@@ -810,7 +821,7 @@ static int do_realize(bool enabled) {
} }
if (arg_where == WHERE_SYSTEM && sd_booted() <= 0) { if (arg_where == WHERE_SYSTEM && sd_booted() <= 0) {
log_info("systemd is not running, --realize has not effect."); log_info("systemd is not running, --realize has no effect.");
return 0; return 0;
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment