From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 15 Dec 2017 15:38:20 +0000 (+0100)
Subject: core: add more safety check
X-Git-Tag: v237~209^2~18
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=febf46a46ca9d3454abaeb7ebda1b5582bfcbca0;p=thirdparty%2Fsystemd.git

core: add more safety check

Let's make sure that if we are PID 1 we are invoked in ACTION_RUN mode,
and in arg_system mode, as well as the opposite.

Everything else is untested and probably not worth supporting hence
let's bail out early if people try anyway.
---

diff --git a/src/core/main.c b/src/core/main.c
index f342875f6f0..c6702a9630f 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -2093,6 +2093,25 @@ static int load_configuration(int argc, char **argv, const char **ret_error_mess
 
 static int safety_checks(void) {
 
+        if (getpid_cached() == 1 &&
+            arg_action != ACTION_RUN) {
+                log_error("Unsupported execution mode while PID 1.");
+                return -EPERM;
+        }
+
+        if (getpid_cached() == 1 &&
+            !arg_system) {
+                log_error("Can't run --user mode as PID 1.");
+                return -EPERM;
+        }
+
+        if (arg_action == ACTION_RUN &&
+            arg_system &&
+            getpid_cached() != 1) {
+                log_error("Can't run system mode unless PID 1.");
+                return -EPERM;
+        }
+
         if (arg_action == ACTION_TEST &&
             geteuid() == 0) {
                 log_error("Don't run test mode as root.");