bootctl: toughen fd validation in Install() handler

Let's also check the fd flags. Just in case.

diff --git a/src/bootctl/bootctl-install.c b/src/bootctl/bootctl-install.c
index 8399a2da72176d1db6acf1f6f5a18c04f963ee75..a25557895bc00430c4af9f16568544c623ee0921 100644 (file)
--- a/src/bootctl/bootctl-install.c
+++ b/src/bootctl/bootctl-install.c
@@ -2035,6 +2035,10 @@ int vl_method_install(
                 if (p.context.root_fd < 0)
                         return log_debug_errno(p.context.root_fd, "Failed to acquire root fd from Varlink: %m");
 
+                r = fd_verify_safe_flags_full(p.context.root_fd, O_DIRECTORY);
+                if (r < 0)
+                        return sd_varlink_error_invalid_parameter_name(link, "rootFileDescriptor");
+
                 r = fd_verify_directory(p.context.root_fd);
                 if (r < 0)
                         return log_debug_errno(r, "Specified file descriptor does not refer to a directory: %m");