core: add more safety check

Let's make sure that if we are PID 1 we are invoked in ACTION_RUN mode,
and in arg_system mode, as well as the opposite.

Everything else is untested and probably not worth supporting hence
let's bail out early if people try anyway.

diff --git a/src/core/main.c b/src/core/main.c
index f342875f6f0053ba5f809e78638f3b5009a6e7cb..c6702a9630fab79db1cd32687f5a8f19aaa3a722 100644 (file)
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -2093,6 +2093,25 @@ static int load_configuration(int argc, char **argv, const char **ret_error_mess
 
 static int safety_checks(void) {
 
+        if (getpid_cached() == 1 &&
+            arg_action != ACTION_RUN) {
+                log_error("Unsupported execution mode while PID 1.");
+                return -EPERM;
+        }
+
+        if (getpid_cached() == 1 &&
+            !arg_system) {
+                log_error("Can't run --user mode as PID 1.");
+                return -EPERM;
+        }
+
+        if (arg_action == ACTION_RUN &&
+            arg_system &&
+            getpid_cached() != 1) {
+                log_error("Can't run system mode unless PID 1.");
+                return -EPERM;
+        }
+
         if (arg_action == ACTION_TEST &&
             geteuid() == 0) {
                 log_error("Don't run test mode as root.");