From febf46a46ca9d3454abaeb7ebda1b5582bfcbca0 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 15 Dec 2017 16:38:20 +0100
Subject: [PATCH] core: add more safety check

Let's make sure that if we are PID 1 we are invoked in ACTION_RUN mode,
and in arg_system mode, as well as the opposite.

Everything else is untested and probably not worth supporting hence
let's bail out early if people try anyway.
---
 src/core/main.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/src/core/main.c b/src/core/main.c
index f342875f6f0..c6702a9630f 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -2093,6 +2093,25 @@ static int load_configuration(int argc, char **argv, const char **ret_error_mess
 
 static int safety_checks(void) {
 
+        if (getpid_cached() == 1 &&
+            arg_action != ACTION_RUN) {
+                log_error("Unsupported execution mode while PID 1.");
+                return -EPERM;
+        }
+
+        if (getpid_cached() == 1 &&
+            !arg_system) {
+                log_error("Can't run --user mode as PID 1.");
+                return -EPERM;
+        }
+
+        if (arg_action == ACTION_RUN &&
+            arg_system &&
+            getpid_cached() != 1) {
+                log_error("Can't run system mode unless PID 1.");
+                return -EPERM;
+        }
+
         if (arg_action == ACTION_TEST &&
             geteuid() == 0) {
                 log_error("Don't run test mode as root.");
-- 
2.47.3