X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Ftmpfiles.c;h=1234cbf3480c9c1bc190dfdfe3c3a768cba0e66f;hb=0736af98c6fae9c7d31e3dd17589421b7e883ef5;hp=73246bdd6773a605ea8f388a9bbf75e7c6acc8f9;hpb=29003cffa7389256a9ac1e42c8a47f85a633573d;p=elogind.git

diff --git a/src/tmpfiles.c b/src/tmpfiles.c
index 73246bdd6..1234cbf34 100644
--- a/src/tmpfiles.c
+++ b/src/tmpfiles.c
@@ -149,7 +149,7 @@ static int dir_cleanup(
                                 DIR *sub_dir;
                                 int q;
 
-                                sub_dir = xopendirat(dirfd(d), dent->d_name);
+                                sub_dir = xopendirat(dirfd(d), dent->d_name, O_NOFOLLOW);
                                 if (sub_dir == NULL) {
                                         if (errno != ENOENT) {
                                                 log_error("opendir(%s/%s) failed: %m", p, dent->d_name);
@@ -182,6 +182,13 @@ static int dir_cleanup(
                         }
 
                 } else {
+                        /* Skip files for which the sticky bit is
+                         * set. These are semantics we define, and are
+                         * unknown elsewhere. See XDG_RUNTIME_DIR
+                         * specification for details. */
+                        if (s.st_mode & S_ISVTX)
+                                continue;
+
                         if (mountpoint) {
                                 if (streq(dent->d_name, ".journal") &&
                                     s.st_uid == 0)
@@ -497,8 +504,9 @@ static int parse_line(const char *fname, unsigned line, const char *buffer, cons
         }
 
         if (i->type != CREATE_FILE &&
-            i->type != CREATE_DIRECTORY &&
             i->type != TRUNCATE_FILE &&
+            i->type != CREATE_DIRECTORY &&
+            i->type != TRUNCATE_DIRECTORY &&
             i->type != IGNORE_PATH &&
             i->type != REMOVE_PATH &&
             i->type != RECURSIVE_REMOVE_PATH) {