From ee8e7000f2ac7a3168e3232fdea0ee004f9d4ca3 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 18 Jun 2025 10:23:42 +0200
Subject: [PATCH] tmpfiles: fix symlink creation when replacing

When we remove an existing inode in order to create a symlink we need to
create the symlink via a pinned directory again, instead of using an
absolute path, otherwise this will not work in the --root= case.

Let's fix this, and switch this over to symlinkat_atomic_full().
---
 src/tmpfiles/tmpfiles.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 5a4fcc61173..16e2742fc1f 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -2477,9 +2477,7 @@ static int create_symlink(Context *c, Item *i) {
                         if (r < 0)
                                 return log_error_errno(r, "rm -rf %s failed: %m", i->path);
 
-                        mac_selinux_create_file_prepare(i->path, S_IFLNK);
-                        r = RET_NERRNO(symlinkat(i->argument, pfd, i->path));
-                        mac_selinux_create_file_clear();
+                        r = symlinkat_atomic_full(i->argument, pfd, bn, SYMLINK_LABEL);
                 }
                 if (r < 0)
                         return log_error_errno(r, "symlink(%s, %s) failed: %m", i->argument, i->path);
-- 
2.47.3