#include "label.h"
#include "mkdir.h"
-int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid) {
- return mkdir_safe_internal(path, mode, uid, gid, mkdir_label);
+int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink) {
+ return mkdir_safe_internal(path, mode, uid, gid, follow_symlink, mkdir_label);
}
int mkdir_parents_label(const char *path, mode_t mode) {
#include <string.h>
#include <sys/stat.h>
+#include "alloc-util.h"
#include "fs-util.h"
#include "macro.h"
#include "mkdir.h"
#include "stat-util.h"
#include "user-util.h"
-int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, mkdir_func_t _mkdir) {
+int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink, mkdir_func_t _mkdir) {
struct stat st;
int r;
if (lstat(path, &st) < 0)
return -errno;
+ if (follow_symlink && S_ISLNK(st.st_mode)) {
+ _cleanup_free_ char *p = NULL;
+
+ r = chase_symlinks(path, NULL, CHASE_NONEXISTENT, &p);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ return mkdir_safe_internal(p, mode, uid, gid, false, _mkdir);
+
+ if (lstat(p, &st) < 0)
+ return -errno;
+ }
+
if ((st.st_mode & 0007) > (mode & 0007) ||
(st.st_mode & 0070) > (mode & 0070) ||
(st.st_mode & 0700) > (mode & 0700) ||
return 0;
}
-int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid) {
- return mkdir_safe_internal(path, mode, uid, gid, mkdir);
+int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink) {
+ return mkdir_safe_internal(path, mode, uid, gid, follow_symlink, mkdir);
}
int mkdir_parents_internal(const char *prefix, const char *path, mode_t mode, mkdir_func_t _mkdir) {
#include <sys/types.h>
-int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid);
+int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink);
int mkdir_parents(const char *path, mode_t mode);
int mkdir_p(const char *path, mode_t mode);
/* mandatory access control(MAC) versions */
-int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid);
+int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink);
int mkdir_parents_label(const char *path, mode_t mode);
int mkdir_p_label(const char *path, mode_t mode);
/* internally used */
typedef int (*mkdir_func_t)(const char *pathname, mode_t mode);
-int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, mkdir_func_t _mkdir);
+int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink, mkdir_func_t _mkdir);
int mkdir_parents_internal(const char *prefix, const char *path, mode_t mode, mkdir_func_t _mkdir);
int mkdir_p_internal(const char *prefix, const char *path, mode_t mode, mkdir_func_t _mkdir);
}
/* First set up private root if it doesn't exist yet, with access mode 0700 and owned by root:root */
- r = mkdir_safe_label(private_root, 0700, 0, 0);
+ r = mkdir_safe_label(private_root, 0700, 0, 0, false);
if (r < 0)
goto fail;
mkdir_p_label("/var/lib/systemd", 0755);
- r = mkdir_safe_label("/var/lib/systemd/linger", 0755, 0, 0);
+ r = mkdir_safe_label("/var/lib/systemd/linger", 0755, 0, 0, false);
if (r < 0)
return r;
assert(m);
- r = mkdir_safe_label("/run/systemd/shutdown", 0755, 0, 0);
+ r = mkdir_safe_label("/run/systemd/shutdown", 0755, 0, 0, false);
if (r < 0)
return log_error_errno(r, "Failed to create shutdown subdirectory: %m");
assert(i);
- r = mkdir_safe_label("/run/systemd/inhibit", 0755, 0, 0);
+ r = mkdir_safe_label("/run/systemd/inhibit", 0755, 0, 0, false);
if (r < 0)
goto fail;
/* Create FIFO */
if (!i->fifo_path) {
- r = mkdir_safe_label("/run/systemd/inhibit", 0755, 0, 0);
+ r = mkdir_safe_label("/run/systemd/inhibit", 0755, 0, 0, false);
if (r < 0)
return r;
if (!s->started)
return 0;
- r = mkdir_safe_label("/run/systemd/seats", 0755, 0, 0);
+ r = mkdir_safe_label("/run/systemd/seats", 0755, 0, 0, false);
if (r < 0)
goto fail;
if (!s->started)
return 0;
- r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0);
+ r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0, false);
if (r < 0)
goto fail;
/* Create FIFO */
if (!s->fifo_path) {
- r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0);
+ r = mkdir_safe_label("/run/systemd/sessions", 0755, 0, 0, false);
if (r < 0)
return r;
assert(u);
assert(u->state_file);
- r = mkdir_safe_label("/run/systemd/users", 0755, 0, 0);
+ r = mkdir_safe_label("/run/systemd/users", 0755, 0, 0, false);
if (r < 0)
goto fail;
assert(u);
- r = mkdir_safe_label("/run/user", 0755, 0, 0);
+ r = mkdir_safe_label("/run/user", 0755, 0, 0, false);
if (r < 0)
return log_error_errno(r, "Failed to create /run/user: %m");
if (!m->started)
return 0;
- r = mkdir_safe_label("/run/systemd/machines", 0755, 0, 0);
+ r = mkdir_safe_label("/run/systemd/machines", 0755, 0, 0, false);
if (r < 0)
goto fail;
/* Always create the directories people can create inotify
* watches in. */
- r = mkdir_safe_label("/run/systemd/netif", 0755, uid, gid);
+ r = mkdir_safe_label("/run/systemd/netif", 0755, uid, gid, false);
if (r < 0)
log_warning_errno(r, "Could not create runtime directory: %m");
- r = mkdir_safe_label("/run/systemd/netif/links", 0755, uid, gid);
+ r = mkdir_safe_label("/run/systemd/netif/links", 0755, uid, gid, false);
if (r < 0)
log_warning_errno(r, "Could not create runtime directory 'links': %m");
- r = mkdir_safe_label("/run/systemd/netif/leases", 0755, uid, gid);
+ r = mkdir_safe_label("/run/systemd/netif/leases", 0755, uid, gid, false);
if (r < 0)
log_warning_errno(r, "Could not create runtime directory 'leases': %m");
- r = mkdir_safe_label("/run/systemd/netif/lldp", 0755, uid, gid);
+ r = mkdir_safe_label("/run/systemd/netif/lldp", 0755, uid, gid, false);
if (r < 0)
log_warning_errno(r, "Could not create runtime directory 'lldp': %m");
if (r < 0)
return log_error_errno(r, "Failed to make home root directory: %m");
- r = mkdir_safe(home, 0755, uid, gid);
+ r = mkdir_safe(home, 0755, uid, gid, false);
if (r < 0 && r != -EEXIST)
return log_error_errno(r, "Failed to make home directory: %m");
}
/* Always create the directory where resolv.conf will live */
- r = mkdir_safe_label("/run/systemd/resolve", 0755, uid, gid);
+ r = mkdir_safe_label("/run/systemd/resolve", 0755, uid, gid, false);
if (r < 0) {
log_error_errno(r, "Could not create runtime directory: %m");
goto finish;
char name_alias[] = "/tmp/test-readlink_and_make_absolute-alias";
char *r = NULL;
- assert_se(mkdir_safe(tempdir, 0755, getuid(), getgid()) >= 0);
+ assert_se(mkdir_safe(tempdir, 0755, getuid(), getgid(), false) >= 0);
assert_se(touch(name) >= 0);
assert_se(symlink(name, name_alias) >= 0);
}
} else {
- r = mkdir_safe_label("/var/lib/systemd/timesync", 0755, uid, gid);
+ r = mkdir_safe_label("/var/lib/systemd/timesync", 0755, uid, gid, false);
if (r < 0)
return log_error_errno(r, "Failed to create state directory: %m");
projects / thirdparty / systemd.git / commitdiff
