From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 17 Mar 2023 10:53:13 +0000 (+0000)
Subject: FHS: Do not allow any unknown subdirectories in /var
X-Git-Tag: 0.9.29~288
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=386b30c2f9b682eea98e4cc0852f218eb1dfa6b6;p=pakfire.git

FHS: Do not allow any unknown subdirectories in /var

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/libpakfire/fhs.c b/src/libpakfire/fhs.c
index 14dd70ff5..bf4ad3e85 100644
--- a/src/libpakfire/fhs.c
+++ b/src/libpakfire/fhs.c
@@ -76,6 +76,10 @@ static const struct pakfire_fhs_check {
 	{ "/var/run",     S_IFLNK, 0, 0755, "root", "root" },
 	{ "/var/spool",   S_IFDIR, 0, 0755, "root", "root" },
 	{ "/var/tmp",     S_IFDIR, 0, 0755, "root", "root" },
+
+	// Do not allow any subdirectories in /var
+	{ "/var/*",       0, PAKFIRE_FHS_MUSTNOTEXIST, 0, NULL, NULL },
+	{ "/var/empty/**",0, PAKFIRE_FHS_MUSTNOTEXIST, 0, NULL, NULL },
 	{ "/var/tmp/**",  0, PAKFIRE_FHS_MUSTNOTEXIST, 0, NULL, NULL },
 
 	// /boot