From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 23 Nov 2022 12:28:57 +0000 (+0100)
Subject: Revert "find-esp: Relax filesystem root directory check"
X-Git-Tag: v253-rc1~461
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3f9b0e1343a814704485d27def77b7f025573d83;p=thirdparty%2Fsystemd.git

Revert "find-esp: Relax filesystem root directory check"

This reverts commit d91a5f6481d35e28148fe46bc490bb4f34656947.

This is the wrong approach as we don't detect the UUID and devid
of valid ESP/XBOOTLDR partitions.
---

diff --git a/src/shared/find-esp.c b/src/shared/find-esp.c
index a4cd4b26b19..fa234c8b5fe 100644
--- a/src/shared/find-esp.c
+++ b/src/shared/find-esp.c
@@ -353,9 +353,8 @@ static int verify_esp(
                 dev_t *ret_devid,
                 VerifyESPFlags flags) {
 
-        bool searching = FLAGS_SET(flags, VERIFY_ESP_SEARCHING),
+        bool relax_checks, searching = FLAGS_SET(flags, VERIFY_ESP_SEARCHING),
              unprivileged_mode = FLAGS_SET(flags, VERIFY_ESP_UNPRIVILEGED_MODE);
-        struct statfs sfs;
         dev_t devid = 0;
         int r;
 
@@ -368,36 +367,39 @@ static int verify_esp(
          *  -EACESS        â if 'unprivileged_mode' is set, and we have trouble accessing the thing
          */
 
-        /* Non-root user can only check the status, so if an error occurred in the following, it does not
-         * cause any issues. Let's also, silence the error messages. */
+        relax_checks =
+                getenv_bool("SYSTEMD_RELAX_ESP_CHECKS") > 0 ||
+                FLAGS_SET(flags, VERIFY_ESP_RELAX_CHECKS);
 
-        if (getenv_bool("SYSTEMD_RELAX_ESP_CHECKS") > 0 || FLAGS_SET(flags, VERIFY_ESP_RELAX_CHECKS))
-                /* If relaxed checks are requested, don't require the ESP directory to be the root of the
-                 * filesystem so that image builders can install the bootloader to a regular directory before
-                 * packing that directory up into its own partition. */
-                goto finish;
+        /* Non-root user can only check the status, so if an error occurred in the following, it does not cause any
+         * issues. Let's also, silence the error messages. */
 
-        if (statfs(p, &sfs) < 0)
-                /* If we are searching for the mount point, don't generate a log message if we can't
-                 * find the path */
-                return log_full_errno((searching && errno == ENOENT) || (unprivileged_mode && errno == EACCES) ? LOG_DEBUG : LOG_ERR,
-                                      errno,
-                                      "Failed to check file system type of \"%s\": %m",
-                                      p);
+        if (!relax_checks) {
+                struct statfs sfs;
 
-        if (!F_TYPE_EQUAL(sfs.f_type, MSDOS_SUPER_MAGIC))
-                return log_full_errno(searching ? LOG_DEBUG : LOG_ERR,
-                                      SYNTHETIC_ERRNO(searching ? EADDRNOTAVAIL : ENODEV),
-                                      "File system \"%s\" is not a FAT EFI System Partition (ESP) file system.",
-                                      p);
+                if (statfs(p, &sfs) < 0)
+                        /* If we are searching for the mount point, don't generate a log message if we can't find the path */
+                        return log_full_errno((searching && errno == ENOENT) ||
+                                              (unprivileged_mode && errno == EACCES) ? LOG_DEBUG : LOG_ERR, errno,
+                                              "Failed to check file system type of \"%s\": %m", p);
 
-        r = verify_fsroot_dir(p, searching, unprivileged_mode, detect_container() > 0 ? NULL : &devid);
+                if (!F_TYPE_EQUAL(sfs.f_type, MSDOS_SUPER_MAGIC))
+                        return log_full_errno(searching ? LOG_DEBUG : LOG_ERR,
+                                              SYNTHETIC_ERRNO(searching ? EADDRNOTAVAIL : ENODEV),
+                                              "File system \"%s\" is not a FAT EFI System Partition (ESP) file system.", p);
+        }
+
+        relax_checks =
+                relax_checks ||
+                detect_container() > 0;
+
+        r = verify_fsroot_dir(p, searching, unprivileged_mode, relax_checks ? NULL : &devid);
         if (r < 0)
                 return r;
 
         /* In a container we don't have access to block devices, skip this part of the verification, we trust
          * the container manager set everything up correctly on its own. */
-        if (detect_container() > 0)
+        if (relax_checks)
                 goto finish;
 
         /* If we are unprivileged we ask udev for the metadata about the partition. If we are privileged we
@@ -703,22 +705,21 @@ static int verify_xbootldr(
                 sd_id128_t *ret_uuid,
                 dev_t *ret_devid) {
 
+        bool relax_checks;
         dev_t devid = 0;
         int r;
 
         assert(p);
 
-        /* If relaxed checks are requested, don't require the XBOOTLDR directory to be the root of the
-         * filesystem so that image builders can install the bootloader to a regular directory before
-         * packing that directory up into its own partition. */
-        if (getenv_bool("SYSTEMD_RELAX_XBOOTLDR_CHECKS") > 0)
-                goto finish;
+        relax_checks =
+                getenv_bool("SYSTEMD_RELAX_XBOOTLDR_CHECKS") > 0 ||
+                detect_container() > 0;
 
-        r = verify_fsroot_dir(p, searching, unprivileged_mode, detect_container() > 0 ? NULL : &devid);
+        r = verify_fsroot_dir(p, searching, unprivileged_mode, relax_checks ? NULL : &devid);
         if (r < 0)
                 return r;
 
-        if (detect_container() > 0)
+        if (relax_checks)
                 goto finish;
 
         if (unprivileged_mode)