main: add configuration option to alter capability bounding set for PID 1

[elogind.git] / src / core / dbus-manager.c

diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
index 2e6bc3dfec885a02a9323c3ce3024d2b64be6677..7a06ca64929c0986c35ecbf265dc7a8930ad0497 100644 (file)
--- a/src/core/dbus-manager.c
+++ b/src/core/dbus-manager.c
@@ -310,13 +310,14 @@ static int bus_manager_append_tainted(DBusMessageIter *i, const char *property,
                 free(p);
 
         if (access("/proc/cgroups", F_OK) < 0)
-                stpcpy(e, "cgroups-missing:");
+                e = stpcpy(e, "cgroups-missing:");
 
         if (hwclock_is_localtime() > 0)
-                stpcpy(e, "local-hwclock:");
+                e = stpcpy(e, "local-hwclock:");
 
-        if (endswith(buf, ":"))
-                buf[strlen(buf)-1] = 0;
+        /* remove the last ':' */
+        if (e != buf)
+                e[-1] = 0;
 
         t = buf;
 
@@ -1185,6 +1186,7 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
         } else if (dbus_message_is_method_call(message, "org.freedesktop.systemd1.Manager", "SwitchRoot")) {
                 const char *switch_root, *switch_root_init;
                 char *u, *v;
+                int k;
 
                 if (!dbus_message_get_args(
                                     message,
@@ -1194,10 +1196,10 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
                                     DBUS_TYPE_INVALID))
                         return bus_send_error_reply(connection, message, &error, -EINVAL);
 
-                if (path_equal(switch_root, "/") || !is_path(switch_root))
+                if (path_equal(switch_root, "/") || !path_is_absolute(switch_root))
                         return bus_send_error_reply(connection, message, NULL, -EINVAL);
 
-                if (!isempty(switch_root_init) && !is_path(switch_root_init))
+                if (!isempty(switch_root_init) && !path_is_absolute(switch_root_init))
                         return bus_send_error_reply(connection, message, NULL, -EINVAL);
 
                 if (m->running_as != MANAGER_SYSTEM) {
@@ -1205,6 +1207,22 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
                         return bus_send_error_reply(connection, message, &error, -ENOTSUP);
                 }
 
+                /* Safety check */
+                if (isempty(switch_root_init))
+                        k = access(switch_root, F_OK);
+                else {
+                        char *p;
+
+                        p = join(switch_root, "/", switch_root_init, NULL);
+                        if (!p)
+                                goto oom;
+
+                        k = access(p, X_OK);
+                        free(p);
+                }
+                if (k < 0)
+                        return bus_send_error_reply(connection, message, NULL, -errno);
+
                 u = strdup(switch_root);
                 if (!u)
                         goto oom;