core: be more restrictive on the dependency types we allow to be created transiently

We should allow the ones that the [Unit] section of regular unit files
may accet, but no other, in particular not the internal deps we
synthesize as reverse of explicitly configured ones, such was WantedBy=.

Fixes: #14251

diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index 9477c4714013df0898a6b3224e5e99865110e0c3..1c5fd2a23b83b2f38379c7b8bd36f7b099278110 100644 (file)
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -2012,6 +2012,21 @@ static int bus_unit_set_transient_property(
         if (d >= 0) {
                 const char *other;
 
+                if (!IN_SET(d,
+                            UNIT_REQUIRES,
+                            UNIT_REQUISITE,
+                            UNIT_WANTS,
+                            UNIT_BINDS_TO,
+                            UNIT_PART_OF,
+                            UNIT_CONFLICTS,
+                            UNIT_BEFORE,
+                            UNIT_AFTER,
+                            UNIT_ON_FAILURE,
+                            UNIT_PROPAGATES_RELOAD_TO,
+                            UNIT_RELOAD_PROPAGATED_FROM,
+                            UNIT_JOINS_NAMESPACE_OF))
+                    return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Dependency type %s may not be created transiently.", unit_dependency_to_string(d));
+
                 r = sd_bus_message_enter_container(message, 'a', "s");
                 if (r < 0)
                         return r;