From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 25 Mar 2024 13:15:51 +0000 (+0900)
Subject: journalctl-authenticate: use is_dir() and refuse symlink for /var/log/journal
X-Git-Tag: v256-rc1~372^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4c56862170889020300dec147a6e522d2c0b819c;p=thirdparty%2Fsystemd.git

journalctl-authenticate: use is_dir() and refuse symlink for /var/log/journal

I am not sure it is explicitly documented that /var/log/journal should
be a directory, rather than a symlink to a directory, but the current
code of journald seems not to support symlinked directory well. Let's
refuse that at least here and now.
---

diff --git a/src/journal/journalctl-authenticate.c b/src/journal/journalctl-authenticate.c
index 79f09b1fb0a..de14a057ab4 100644
--- a/src/journal/journalctl-authenticate.c
+++ b/src/journal/journalctl-authenticate.c
@@ -13,6 +13,7 @@
 #include "memstream-util.h"
 #include "qrcode-util.h"
 #include "random-util.h"
+#include "stat-util.h"
 #include "terminal-util.h"
 #include "tmpfile-util.h"
 
@@ -63,21 +64,19 @@ int action_setup_keys(void) {
         uint8_t *mpk, *seed, *state;
         _cleanup_close_ int fd = -EBADF;
         sd_id128_t machine, boot;
-        struct stat st;
         uint64_t n;
         int r;
 
         assert(arg_action == ACTION_SETUP_KEYS);
 
-        r = stat("/var/log/journal", &st);
-        if (r < 0 && !IN_SET(errno, ENOENT, ENOTDIR))
-                return log_error_errno(errno, "stat(\"%s\") failed: %m", "/var/log/journal");
-
-        if (r < 0 || !S_ISDIR(st.st_mode)) {
-                log_error("%s is not a directory, must be using persistent logging for FSS.",
-                          "/var/log/journal");
-                return r < 0 ? -errno : -ENOTDIR;
-        }
+        r = is_dir("/var/log/journal/", /* follow = */ false);
+        if (r == 0)
+                return log_error_errno(SYNTHETIC_ERRNO(ENOTDIR),
+                                       "/var/log/journal is not a directory, must be using persistent logging for FSS.");
+        if (r == -ENOENT)
+                return log_error_errno(r, "Directory /var/log/journal/ does not exist, must be using persistent logging for FSS.");
+        if (r < 0)
+                return log_error_errno(r, "Failed to check if /var/log/journal/ is a directory: %m");
 
         r = sd_id128_get_machine(&machine);
         if (r < 0)