From 386b30c2f9b682eea98e4cc0852f218eb1dfa6b6 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 17 Mar 2023 10:53:13 +0000
Subject: [PATCH] FHS: Do not allow any unknown subdirectories in /var

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/libpakfire/fhs.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/libpakfire/fhs.c b/src/libpakfire/fhs.c
index 14dd70ff5..bf4ad3e85 100644
--- a/src/libpakfire/fhs.c
+++ b/src/libpakfire/fhs.c
@@ -76,6 +76,10 @@ static const struct pakfire_fhs_check {
 	{ "/var/run",     S_IFLNK, 0, 0755, "root", "root" },
 	{ "/var/spool",   S_IFDIR, 0, 0755, "root", "root" },
 	{ "/var/tmp",     S_IFDIR, 0, 0755, "root", "root" },
+
+	// Do not allow any subdirectories in /var
+	{ "/var/*",       0, PAKFIRE_FHS_MUSTNOTEXIST, 0, NULL, NULL },
+	{ "/var/empty/**",0, PAKFIRE_FHS_MUSTNOTEXIST, 0, NULL, NULL },
 	{ "/var/tmp/**",  0, PAKFIRE_FHS_MUSTNOTEXIST, 0, NULL, NULL },
 
 	// /boot
-- 
2.39.5