Remove /sbin from paths if split-bin is false (#8324)

Follow-up for 157baa87e4.

diff --git a/meson.build b/meson.build
index 607502c937a9bc9eb70627cde1b908d7bef26b65..7cf89ecf2ed20d652f06d27ef21480dd2b7049a6 100644 (file)
--- a/meson.build
+++ b/meson.build
@@ -59,13 +59,16 @@ if get_option('split-usr') == 'auto'
 else
         split_usr = get_option('split-usr') == 'true'
 endif
-conf.set10('HAVE_SPLIT_USR', split_usr)
+conf.set10('HAVE_SPLIT_USR', split_usr,
+           description : '/usr/bin and /bin directories are separate')
 
 if get_option('split-bin') == 'auto'
         split_bin = run_command('test', '-L', '/usr/sbin').returncode() != 0
 else
         split_bin = get_option('split-bin') == 'true'
 endif
+conf.set10('HAVE_SPLIT_BIN', split_bin,
+           description : 'bin and sbin directories are separate')
 
 rootprefixdir = get_option('rootprefix')
 # Unusual rootprefixdir values are used by some distros

diff --git a/src/basic/path-util.h b/src/basic/path-util.h
index 89c285e07684b3796ce52d5a3afaaefafa9b6834..73f1769fd94c8591a7083a88c4af2a76c61874f7 100644 (file)
--- a/src/basic/path-util.h
+++ b/src/basic/path-util.h
@@ -28,8 +28,14 @@
 #include "string-util.h"
 #include "time-util.h"
 
-#define DEFAULT_PATH_NORMAL "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin"
-#define DEFAULT_PATH_SPLIT_USR DEFAULT_PATH_NORMAL ":/sbin:/bin"
+#if HAVE_SPLIT_BIN
+#  define PATH_SBIN_BIN(x) x "sbin:" x "bin"
+#else
+#  define PATH_SBIN_BIN(x) x "bin"
+#endif
+
+#define DEFAULT_PATH_NORMAL PATH_SBIN_BIN("/usr/local/") ":" PATH_SBIN_BIN("/usr/")
+#define DEFAULT_PATH_SPLIT_USR DEFAULT_PATH_NORMAL ":" PATH_SBIN_BIN("/")
 
 #if HAVE_SPLIT_USR
 #  define DEFAULT_PATH DEFAULT_PATH_SPLIT_USR

diff --git a/src/core/namespace.c b/src/core/namespace.c
index 876faa7f55897d8571efa98516a7e909deddc70c..0e9c7b8fb4cfd63d57fb481a5dd3f6a853d349ff 100644 (file)
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -152,7 +152,9 @@ static const MountEntry protect_system_yes_table[] = {
         { "/lib",                READONLY,     true  },
         { "/lib64",              READONLY,     true  },
         { "/bin",                READONLY,     true  },
+#  if HAVE_SPLIT_BIN
         { "/sbin",               READONLY,     true  },
+#  endif
 #endif
 };
 
@@ -166,7 +168,9 @@ static const MountEntry protect_system_full_table[] = {
         { "/lib",                READONLY,     true  },
         { "/lib64",              READONLY,     true  },
         { "/bin",                READONLY,     true  },
+#  if HAVE_SPLIT_BIN
         { "/sbin",               READONLY,     true  },
+#  endif
 #endif
 };
 

diff --git a/src/libsystemd/sd-path/sd-path.c b/src/libsystemd/sd-path/sd-path.c
index cd76e3507c94bf2f8ae7d4bc47c4114be9935b28..419c763668ed7fa202e0e128b5cf5ff479412890 100644 (file)
--- a/src/libsystemd/sd-path/sd-path.c
+++ b/src/libsystemd/sd-path/sd-path.c
@@ -478,6 +478,12 @@ static int search_from_environment(
         return 0;
 }
 
+#if HAVE_SPLIT_BIN
+#  define ARRAY_SBIN_BIN(x) x "sbin", x "bin"
+#else
+#  define ARRAY_SBIN_BIN(x) x "bin"
+#endif
+
 static int get_search(uint64_t type, char ***list) {
 
         assert(list);
@@ -490,13 +496,10 @@ static int get_search(uint64_t type, char ***list) {
                                                ".local/bin",
                                                "PATH",
                                                true,
-                                               "/usr/local/sbin",
-                                               "/usr/local/bin",
-                                               "/usr/sbin",
-                                               "/usr/bin",
+                                               ARRAY_SBIN_BIN("/usr/local/"),
+                                               ARRAY_SBIN_BIN("/usr/"),
 #if HAVE_SPLIT_USR
-                                               "/sbin",
-                                               "/bin",
+                                               ARRAY_SBIN_BIN("/"),
 #endif
                                                NULL);