From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 4 Sep 2025 16:43:31 +0000 (+0200)
Subject: sd-id128: tighten rules on chasing machine-id files
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F38984%2Fhead;p=thirdparty%2Fsystemd.git

sd-id128: tighten rules on chasing machine-id files
---

diff --git a/src/libsystemd/sd-id128/sd-id128.c b/src/libsystemd/sd-id128/sd-id128.c
index d3838ba2458..e08f0b64120 100644
--- a/src/libsystemd/sd-id128/sd-id128.c
+++ b/src/libsystemd/sd-id128/sd-id128.c
@@ -136,7 +136,6 @@ _public_ int sd_id128_get_machine(sd_id128_t *ret) {
 }
 
 int id128_get_machine_at(int rfd, sd_id128_t *ret) {
-        _cleanup_close_ int fd = -EBADF;
         int r;
 
         assert(rfd >= 0 || rfd == AT_FDCWD);
@@ -147,7 +146,8 @@ int id128_get_machine_at(int rfd, sd_id128_t *ret) {
         if (r > 0)
                 return sd_id128_get_machine(ret);
 
-        fd = chase_and_openat(rfd, "/etc/machine-id", CHASE_AT_RESOLVE_IN_ROOT, O_RDONLY|O_CLOEXEC|O_NOCTTY, NULL);
+        _cleanup_close_ int fd =
+                chase_and_openat(rfd, "/etc/machine-id", CHASE_AT_RESOLVE_IN_ROOT|CHASE_MUST_BE_REGULAR, O_RDONLY|O_CLOEXEC|O_NOCTTY, /* ret_path= */ NULL);
         if (fd < 0)
                 return fd;
 
@@ -155,12 +155,11 @@ int id128_get_machine_at(int rfd, sd_id128_t *ret) {
 }
 
 int id128_get_machine(const char *root, sd_id128_t *ret) {
-        _cleanup_close_ int fd = -EBADF;
-
         if (empty_or_root(root))
                 return sd_id128_get_machine(ret);
 
-        fd = chase_and_open("/etc/machine-id", root, CHASE_PREFIX_ROOT, O_RDONLY|O_CLOEXEC|O_NOCTTY, NULL);
+        _cleanup_close_ int fd =
+                chase_and_open("/etc/machine-id", root, CHASE_PREFIX_ROOT|CHASE_MUST_BE_REGULAR, O_RDONLY|O_CLOEXEC|O_NOCTTY, /* ret_path= */ NULL);
         if (fd < 0)
                 return fd;