From 9883cbb203b1648cc8c49038a03dd7fe30a24761 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 13 Apr 2022 23:03:22 +0200
Subject: [PATCH] execute: sort directory entries when loading credentials
 recursively

Given that the recusive credential loading allows two ways to load the
same credentials, it's important to define a clear order so that it is
always the same one that wins.

i.e. if you use LoadCredential=foobar:/tmp/xyz and there are two files
/tmp/xyz/abc/cde and /tmp/xyz/abc_cde these would both result in a
credential foobar_abc_cde being set, hence it is important to make clear
which one shall win, and that it is always the same one.
---
 src/core/execute.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/core/execute.c b/src/core/execute.c
index a0c58ac255e..c85ca2a3564 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2819,7 +2819,7 @@ static int acquire_credentials(
                                         /* path= */ lc->id, /* recurse_dir() will suffix the subdir paths from here to the top-level id */
                                         /* statx_mask= */ 0,
                                         /* n_depth_max= */ UINT_MAX,
-                                        RECURSE_DIR_IGNORE_DOT|RECURSE_DIR_ENSURE_TYPE,
+                                        RECURSE_DIR_SORT|RECURSE_DIR_IGNORE_DOT|RECURSE_DIR_ENSURE_TYPE,
                                         load_cred_recurse_dir_cb,
                                         &(struct load_cred_args) {
                                                 .context = context,
-- 
2.47.3