firstboot: Do not dereference symlinks

Let's always operate on paths without resolving the final component.
If the path is a symlink, it could point to a vendor default in /usr,
in which case we definitely do not want to modify the vendor defaults.
To avoid this from happening, we replace the symlink with our own file
instead of modifying the file the symlink points at.

diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c
index ba7e08913f338a543305df3735bb6fc5f2d2da82..7119f9970e860476b4d5a39185a670dc487d9938 100644 (file)
--- a/src/firstboot/firstboot.c
+++ b/src/firstboot/firstboot.c
@@ -334,7 +334,7 @@ static int process_locale(int rfd) {
         assert(rfd >= 0);
 
         pfd = chase_and_open_parent_at(rfd, "/etc/locale.conf",
-                                       CHASE_AT_RESOLVE_IN_ROOT|CHASE_MKDIR_0755|CHASE_WARN,
+                                       CHASE_AT_RESOLVE_IN_ROOT|CHASE_MKDIR_0755|CHASE_WARN|CHASE_NOFOLLOW,
                                        &f);
         if (pfd < 0)
                 return log_error_errno(pfd, "Failed to chase /etc/locale.conf: %m");
@@ -423,7 +423,7 @@ static int process_keymap(int rfd) {
         assert(rfd >= 0);
 
         pfd = chase_and_open_parent_at(rfd, "/etc/vconsole.conf",
-                                       CHASE_AT_RESOLVE_IN_ROOT|CHASE_MKDIR_0755|CHASE_WARN,
+                                       CHASE_AT_RESOLVE_IN_ROOT|CHASE_MKDIR_0755|CHASE_WARN|CHASE_NOFOLLOW,
                                        &f);
         if (pfd < 0)
                 return log_error_errno(pfd, "Failed to chase /etc/vconsole.conf: %m");
@@ -647,7 +647,7 @@ static int process_machine_id(int rfd) {
         assert(rfd >= 0);
 
         pfd = chase_and_open_parent_at(rfd, "/etc/machine-id",
-                                       CHASE_AT_RESOLVE_IN_ROOT|CHASE_MKDIR_0755|CHASE_WARN,
+                                       CHASE_AT_RESOLVE_IN_ROOT|CHASE_MKDIR_0755|CHASE_WARN|CHASE_NOFOLLOW,
                                        &f);
         if (pfd < 0)
                 return log_error_errno(pfd, "Failed to chase /etc/machine-id: %m");
@@ -1064,7 +1064,7 @@ static int process_kernel_cmdline(int rfd) {
         assert(rfd >= 0);
 
         pfd = chase_and_open_parent_at(rfd, "/etc/kernel/cmdline",
-                                       CHASE_AT_RESOLVE_IN_ROOT|CHASE_MKDIR_0755|CHASE_WARN,
+                                       CHASE_AT_RESOLVE_IN_ROOT|CHASE_MKDIR_0755|CHASE_WARN|CHASE_NOFOLLOW,
                                        &f);
         if (pfd < 0)
                 return log_error_errno(pfd, "Failed to chase /etc/kernel/cmdline: %m");