namespace: ignore prefix chars when comparing paths

author Topi Miettinen <toiwoton@gmail.com>

Tue, 10 Mar 2020 14:43:10 +0000 (16:43 +0200)

committer Topi Miettinen <toiwoton@gmail.com>

Tue, 10 Mar 2020 14:48:34 +0000 (16:48 +0200)
author Topi Miettinen <toiwoton@gmail.com>
Tue, 10 Mar 2020 14:43:10 +0000 (16:43 +0200)
committer Topi Miettinen <toiwoton@gmail.com>
Tue, 10 Mar 2020 14:48:34 +0000 (16:48 +0200)
diff --git a/src/basic/path-util.c b/src/basic/path-util.c

index 49a211a527d2b01aa7f3b2df914dbf233cd3534a..ba13de01ff0b194f6cc9925fe0fcd6e7078458d4 100644 (file)
--- a/src/basic/path-util.c
+++ b/src/basic/path-util.c
@@ -1125,3 +1125,19 @@ bool path_strv_contains(char **l, const char *path) {
  
          return false;
  }
+
+bool prefixed_path_strv_contains(char **l, const char *path) {
+        char **i, *j;
+
+        STRV_FOREACH(i, l) {
+                j = *i;
+                if (*j == '-')
+                        j++;
+                if (*j == '+')
+                        j++;
+                if (path_equal(j, path))
+                        return true;
+        }
+
+        return false;
+}
diff --git a/src/basic/path-util.h b/src/basic/path-util.h

index f49a876f3d22d6324b578fb61154f10d695f2911..30031fca8ef52274215af234306c8020b2f9f2c2 100644 (file)
--- a/src/basic/path-util.h
+++ b/src/basic/path-util.h
@@ -173,3 +173,4 @@ static inline const char *empty_to_root(const char *path) {
  }
  
  bool path_strv_contains(char **l, const char *path);
+bool prefixed_path_strv_contains(char **l, const char *path);
diff --git a/src/core/namespace.c b/src/core/namespace.c

index cda9d2ca1d368cd5d090b8fd86127446d09a7e93..a461a3cce4340d1076b466856653c76377b46592 100644 (file)
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -1192,7 +1192,7 @@ static bool root_read_only(
          if (protect_system == PROTECT_SYSTEM_STRICT)
                  return true;
  
-        if (path_strv_contains(read_only_paths, "/"))
+        if (prefixed_path_strv_contains(read_only_paths, "/"))
                  return true;
  
          return false;
@@ -1217,9 +1217,9 @@ static bool home_read_only(
          if (protect_home != PROTECT_HOME_NO)
                  return true;
  
-        if (path_strv_contains(read_only_paths, "/home") ||
-            path_strv_contains(inaccessible_paths, "/home") ||
-            path_strv_contains(empty_directories, "/home"))
+        if (prefixed_path_strv_contains(read_only_paths, "/home") ||
+            prefixed_path_strv_contains(inaccessible_paths, "/home") ||
+            prefixed_path_strv_contains(empty_directories, "/home"))
                  return true;
  
          for (i = 0; i < n_temporary_filesystems; i++)
author	Topi Miettinen <toiwoton@gmail.com>
	Tue, 10 Mar 2020 14:43:10 +0000 (16:43 +0200)
committer	Topi Miettinen <toiwoton@gmail.com>
	Tue, 10 Mar 2020 14:48:34 +0000 (16:48 +0200)
src/basic/path-util.c		patch \| blob \| blame \| history
src/basic/path-util.h		patch \| blob \| blame \| history
src/core/namespace.c		patch \| blob \| blame \| history