From: Zbigniew Jędrzejewski-Szmek Date: Wed, 12 Oct 2022 05:58:54 +0000 (+0200) Subject: basic/chase-symlinks: add note that CHASE_WARN is not for PID 1 X-Git-Tag: v252-rc2~57^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9154bd57db6aed4823830638126b95bf7f63f25a;p=thirdparty%2Fsystemd.git basic/chase-symlinks: add note that CHASE_WARN is not for PID 1 This should be enough to make us remember that constraint. A more heavy-weight approach like renaming the option to CHASE_WARN_NSS_LOOKUP would be possible, but it'd make the callers quite verbose and doesn't seem worth it. --- diff --git a/src/basic/chase-symlinks.c b/src/basic/chase-symlinks.c index ad1c92900b6..afab54f0675 100644 --- a/src/basic/chase-symlinks.c +++ b/src/basic/chase-symlinks.c @@ -125,11 +125,12 @@ int chase_symlinks( * * 4. With CHASE_SAFE: in this case the path must not contain unsafe transitions, i.e. transitions from * unprivileged to privileged files or directories. In such cases the return value is -ENOLINK. If - * CHASE_WARN is also set, a warning describing the unsafe transition is emitted. + * CHASE_WARN is also set, a warning describing the unsafe transition is emitted. CHASE_WARN cannot + * be used in PID 1. * * 5. With CHASE_NO_AUTOFS: in this case if an autofs mount point is encountered, path normalization * is aborted and -EREMOTE is returned. If CHASE_WARN is also set, a warning showing the path of - * the mount point is emitted. + * the mount point is emitted. CHASE_WARN cannot be used in PID 1. */ /* A root directory of "/" or "" is identical to none */ diff --git a/src/basic/chase-symlinks.h b/src/basic/chase-symlinks.h index 7e45b0cbab5..a9ee58f9f73 100644 --- a/src/basic/chase-symlinks.h +++ b/src/basic/chase-symlinks.h @@ -15,7 +15,8 @@ typedef enum ChaseSymlinksFlags { CHASE_STEP = 1 << 5, /* Just execute a single step of the normalization */ CHASE_NOFOLLOW = 1 << 6, /* Do not follow the path's right-most component. With ret_fd, when the path's * right-most component refers to symlink, return O_PATH fd of the symlink. */ - CHASE_WARN = 1 << 7, /* Emit an appropriate warning when an error is encountered */ + CHASE_WARN = 1 << 7, /* Emit an appropriate warning when an error is encountered. + * Note: this may do an NSS lookup, hence this flag cannot be used in PID 1. */ } ChaseSymlinksFlags; bool unsafe_transition(const struct stat *a, const struct stat *b);