From: Topi Miettinen <toiwoton@gmail.com>
Date: Tue, 10 Mar 2020 14:43:10 +0000 (+0200)
Subject: namespace: ignore prefix chars when comparing paths
X-Git-Tag: v246-rc1~765^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=de46b2be07538b55df0ba5e312a89eebb87c710a;p=thirdparty%2Fsystemd.git

namespace: ignore prefix chars when comparing paths

Other callers of path_strv_contains() or PATH_IN_SET() don't seem to handle
paths prefixed with -+.
---

diff --git a/src/basic/path-util.c b/src/basic/path-util.c
index 49a211a527d..ba13de01ff0 100644
--- a/src/basic/path-util.c
+++ b/src/basic/path-util.c
@@ -1125,3 +1125,19 @@ bool path_strv_contains(char **l, const char *path) {
 
         return false;
 }
+
+bool prefixed_path_strv_contains(char **l, const char *path) {
+        char **i, *j;
+
+        STRV_FOREACH(i, l) {
+                j = *i;
+                if (*j == '-')
+                        j++;
+                if (*j == '+')
+                        j++;
+                if (path_equal(j, path))
+                        return true;
+        }
+
+        return false;
+}
diff --git a/src/basic/path-util.h b/src/basic/path-util.h
index f49a876f3d2..30031fca8ef 100644
--- a/src/basic/path-util.h
+++ b/src/basic/path-util.h
@@ -173,3 +173,4 @@ static inline const char *empty_to_root(const char *path) {
 }
 
 bool path_strv_contains(char **l, const char *path);
+bool prefixed_path_strv_contains(char **l, const char *path);
diff --git a/src/core/namespace.c b/src/core/namespace.c
index cda9d2ca1d3..a461a3cce43 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -1192,7 +1192,7 @@ static bool root_read_only(
         if (protect_system == PROTECT_SYSTEM_STRICT)
                 return true;
 
-        if (path_strv_contains(read_only_paths, "/"))
+        if (prefixed_path_strv_contains(read_only_paths, "/"))
                 return true;
 
         return false;
@@ -1217,9 +1217,9 @@ static bool home_read_only(
         if (protect_home != PROTECT_HOME_NO)
                 return true;
 
-        if (path_strv_contains(read_only_paths, "/home") ||
-            path_strv_contains(inaccessible_paths, "/home") ||
-            path_strv_contains(empty_directories, "/home"))
+        if (prefixed_path_strv_contains(read_only_paths, "/home") ||
+            prefixed_path_strv_contains(inaccessible_paths, "/home") ||
+            prefixed_path_strv_contains(empty_directories, "/home"))
                 return true;
 
         for (i = 0; i < n_temporary_filesystems; i++)