git.ipfire.org Git - thirdparty/systemd.git/commit

author	Jan Fooken <jan@faulty.computer>
	Fri, 22 Aug 2025 09:26:25 +0000 (11:26 +0200)
committer	Yu Watanabe <watanabe.yu+github@gmail.com>
	Mon, 25 Aug 2025 19:07:24 +0000 (04:07 +0900)
commit	7bb8e9e82f1b53081ad60ae71ff7045495130cd6
tree	e76cbdb8d753a6055537cb2ff08ec350371157e9	tree \| snapshot
parent	9ce6d08196bf0aa7364ce757ca083856d62654c0	commit \| diff

tmpfiles: don't relabel files in dry run mode

tmpfiles attempts to correct the label of a file during various actions
via the function fd_set_perms().  Currently, said function generally
respects the dry-run mode.  However, it attempts to fix the label of a
given file regardless of the state of said dry-run mode.

This causes problems, because a user could attempt to run tmpfiles with
elevated permissions and dry run enabled, expecting the tool to not
modify their system.  Instead, tmpfiles would falsely relabel a file,
modifying their system.

This commit explicitly checks for when dry-run is enabled and skips the
file relabelling process.  Furthermore, I added logging for both cases.
I found helpful during debugging.  That said, I don't think it's
necessary to use the level LOG_INFO on the dry-run path, as it would
always produce an info log.