FHS: Do not allow any executable files in /var

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/libpakfire/fhs.c b/src/libpakfire/fhs.c
index 720d3d7ea98ed15e350a47aaaa20dc9872016894..75d3fbf82a7b81890412dc4a3d327ddff74c8006 100644 (file)
--- a/src/libpakfire/fhs.c
+++ b/src/libpakfire/fhs.c
@@ -96,6 +96,9 @@ static const struct pakfire_fhs_check {
        { "/var/empty/**",              0,    0,   NULL,   NULL, PAKFIRE_FHS_MUSTNOTEXIST },
        { "/var/tmp/**",                0,    0,   NULL,   NULL, PAKFIRE_FHS_MUSTNOTEXIST },
 
+       // No files in /var may be executable
+       { "/var/**",              S_IFREG,    0,   NULL,   NULL, PAKFIRE_FHS_NOEXEC },
+
        // /boot
        { "/boot",                S_IFDIR, 0755, "root", "root", 0 },
        { "/boot/efi",            S_IFDIR, 0755, "root", "root", 0 },