ryantimwilson / rpms / systemd

Forked from rpms/systemd a month ago
Clone
b9a53a
From 789806ac06bb13d1b579fef47dbb85f224b6dbb1 Mon Sep 17 00:00:00 2001
b9a53a
From: Lennart Poettering <lennart@poettering.net>
b9a53a
Date: Thu, 14 Mar 2019 17:19:30 +0100
b9a53a
Subject: [PATCH] core: change ownership/mode of the execution directories also
b9a53a
 for static users
b9a53a
b9a53a
It's probably unexpected if we do a recursive chown() when dynamic users
b9a53a
are used but not on static users.
b9a53a
b9a53a
hence, let's tweak the logic slightly, and recursively chown in both
b9a53a
cases, except when operating on the configuration directory.
b9a53a
b9a53a
Fixes: #11842
b9a53a
(cherry picked from commit 206e9864de460dd79d9edd7bedb47dee168765e1)
b9a53a
b9a53a
Resolves: #1778384
b9a53a
---
b9a53a
 src/core/execute.c | 47 +++++++++++++++++++++++++---------------------
b9a53a
 1 file changed, 26 insertions(+), 21 deletions(-)
b9a53a
b9a53a
diff --git a/src/core/execute.c b/src/core/execute.c
b9a53a
index 46aa733937..c42300a41e 100644
b9a53a
--- a/src/core/execute.c
b9a53a
+++ b/src/core/execute.c
b9a53a
@@ -2090,37 +2090,42 @@ static int setup_exec_directory(
b9a53a
                         if (r < 0)
b9a53a
                                 goto fail;
b9a53a
 
b9a53a
-                        /* Lock down the access mode */
b9a53a
-                        if (chmod(pp, context->directories[type].mode) < 0) {
b9a53a
-                                r = -errno;
b9a53a
-                                goto fail;
b9a53a
-                        }
b9a53a
                 } else {
b9a53a
                         r = mkdir_label(p, context->directories[type].mode);
b9a53a
                         if (r < 0) {
b9a53a
-                                struct stat st;
b9a53a
-
b9a53a
                                 if (r != -EEXIST)
b9a53a
                                         goto fail;
b9a53a
 
b9a53a
-                                if (stat(p, &st) < 0) {
b9a53a
-                                        r = -errno;
b9a53a
-                                        goto fail;
b9a53a
-                                }
b9a53a
-                                if (((st.st_mode ^ context->directories[type].mode) & 07777) != 0)
b9a53a
-                                        log_warning("%s \'%s\' already exists but the mode is different. "
b9a53a
-                                                    "(filesystem: %o %sMode: %o)",
b9a53a
-                                                    exec_directory_type_to_string(type), *rt,
b9a53a
-                                                    st.st_mode & 07777, exec_directory_type_to_string(type), context->directories[type].mode & 07777);
b9a53a
-                                if (!context->dynamic_user)
b9a53a
+                                if (type == EXEC_DIRECTORY_CONFIGURATION) {
b9a53a
+                                        struct stat st;
b9a53a
+
b9a53a
+                                        /* Don't change the owner/access mode of the configuration directory,
b9a53a
+                                         * as in the common case it is not written to by a service, and shall
b9a53a
+                                         * not be writable. */
b9a53a
+
b9a53a
+                                        if (stat(p, &st) < 0) {
b9a53a
+                                                r = -errno;
b9a53a
+                                                goto fail;
b9a53a
+                                        }
b9a53a
+
b9a53a
+                                        /* Still complain if the access mode doesn't match */
b9a53a
+                                        if (((st.st_mode ^ context->directories[type].mode) & 07777) != 0)
b9a53a
+                                                log_warning("%s \'%s\' already exists but the mode is different. "
b9a53a
+                                                            "(File system: %o %sMode: %o)",
b9a53a
+                                                            exec_directory_type_to_string(type), *rt,
b9a53a
+                                                            st.st_mode & 07777, exec_directory_type_to_string(type), context->directories[type].mode & 07777);
b9a53a
+
b9a53a
                                         continue;
b9a53a
+                                }
b9a53a
                         }
b9a53a
                 }
b9a53a
 
b9a53a
-                /* Don't change the owner of the configuration directory, as in the common case it is not written to by
b9a53a
-                 * a service, and shall not be writable. */
b9a53a
-                if (type == EXEC_DIRECTORY_CONFIGURATION)
b9a53a
-                        continue;
b9a53a
+                /* Lock down the access mode (we use chmod_and_chown() to make this idempotent. We don't
b9a53a
+                 * specifiy UID/GID here, so that path_chown_recursive() can optimize things depending on the
b9a53a
+                 * current UID/GID ownership.) */
b9a53a
+                r = chmod_and_chown(pp ?: p, context->directories[type].mode, UID_INVALID, GID_INVALID);
b9a53a
+                if (r < 0)
b9a53a
+                        goto fail;
b9a53a
 
b9a53a
                 /* Then, change the ownership of the whole tree, if necessary */
b9a53a
                 r = path_chown_recursive(pp ?: p, uid, gid);