tmpfiles attempts to correct the label of a file during various actions
via the function fd_set_perms(). Currently, said function generally
respects the dry-run mode. However, it attempts to fix the label of a
given file regardless of the state of said dry-run mode.
This causes problems, because a user could attempt to run tmpfiles with
elevated permissions and dry run enabled, expecting the tool to not
modify their system. Instead, tmpfiles would falsely relabel a file,
modifying their system.
This commit explicitly checks for when dry-run is enabled and skips the
file relabelling process. Furthermore, I added logging for both cases.
I found helpful during debugging. That said, I don't think it's
necessary to use the level LOG_INFO on the dry-run path, as it would
always produce an info log.
(cherry picked from commit
7bb8e9e82f1b53081ad60ae71ff7045495130cd6)
}
shortcut:
+ if (arg_dry_run) {
+ log_debug("Would relabel \"%s\"", path);
+ return 0;
+ }
+
+ log_debug("Relabelling \"%s\"", path);
return label_fix_full(fd, /* inode_path= */ NULL, /* label_path= */ path, 0);
}
projects / thirdparty / systemd.git / commitdiff
