From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 11 Oct 2022 08:56:16 +0000 (+0200)
Subject: repart: Fail early if we're missing privileges to populate a filesystem
X-Git-Tag: v253-rc1~520^2~5
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6d6cefad37e4bf098ed0df487f8bbfb4ed5a9d0b;p=thirdparty%2Fsystemd.git

repart: Fail early if we're missing privileges to populate a filesystem
---

diff --git a/src/partition/repart.c b/src/partition/repart.c
index 0bc50552838..6f4da2c6b5f 100644
--- a/src/partition/repart.c
+++ b/src/partition/repart.c
@@ -1594,6 +1594,11 @@ static int partition_read_definition(Partition *p, const char *path, const char
                 return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EINVAL),
                                   "Minimize= can only be enabled if Format= is set");
 
+        if ((!strv_isempty(p->copy_files) || !strv_isempty(p->make_directories)) && !mkfs_supports_root_option(p->format) && geteuid() != 0)
+                return log_syntax(NULL, LOG_ERR, path, 1, SYNTHETIC_ERRNO(EPERM),
+                                  "Need to be root to populate %s filesystems with CopyFiles=/MakeDirectories=",
+                                  p->format);
+
         if (p->verity != VERITY_OFF || p->encrypt != ENCRYPT_OFF) {
                 r = dlopen_cryptsetup();
                 if (r < 0)