From 8994a11790dc9bf91cdd94f5f90db0c3faaa23bf Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 18 May 2018 13:29:26 +0900
Subject: [PATCH] core: refuse StateDirectory=private

Follow-up for e8865688735ba3bd34297fa89cca6bde7ba33997 (#9021).
---
 src/core/dbus-execute.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index 3b1c77e9676..fe9701b33d0 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -2139,8 +2139,14 @@ int bus_exec_context_set_transient_property(
                         return r;
 
                 STRV_FOREACH(p, l) {
-                        if (!path_is_normalized(*p) || path_is_absolute(*p))
-                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= path is not valid: %s", name, *p);
+                        if (!path_is_normalized(*p))
+                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= path is not normalized: %s", name, *p);
+
+                        if (path_is_absolute(*p))
+                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= path is absolute: %s", name, *p);
+
+                        if (path_startswith(*p, "private"))
+                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= path can't be 'private': %s", name, *p);
                 }
 
                 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
-- 
2.47.3