tmpfiles: ensure we do no follow symlinks when cleaning up dirs

[elogind.git] / src / tmpfiles.c

diff --git a/src/tmpfiles.c b/src/tmpfiles.c
index 73246bdd6773a605ea8f388a9bbf75e7c6acc8f9..1234cbf3480c9c1bc190dfdfe3c3a768cba0e66f 100644 (file)
--- a/src/tmpfiles.c
+++ b/src/tmpfiles.c
@@ -149,7 +149,7 @@ static int dir_cleanup(
                                 DIR *sub_dir;
                                 int q;
 
-                                sub_dir = xopendirat(dirfd(d), dent->d_name);
+                                sub_dir = xopendirat(dirfd(d), dent->d_name, O_NOFOLLOW);
                                 if (sub_dir == NULL) {
                                         if (errno != ENOENT) {
                                                 log_error("opendir(%s/%s) failed: %m", p, dent->d_name);
@@ -182,6 +182,13 @@ static int dir_cleanup(
                         }
 
                 } else {
+                        /* Skip files for which the sticky bit is
+                         * set. These are semantics we define, and are
+                         * unknown elsewhere. See XDG_RUNTIME_DIR
+                         * specification for details. */
+                        if (s.st_mode & S_ISVTX)
+                                continue;
+
                         if (mountpoint) {
                                 if (streq(dent->d_name, ".journal") &&
                                     s.st_uid == 0)
@@ -497,8 +504,9 @@ static int parse_line(const char *fname, unsigned line, const char *buffer, cons
         }
 
         if (i->type != CREATE_FILE &&
-            i->type != CREATE_DIRECTORY &&
             i->type != TRUNCATE_FILE &&
+            i->type != CREATE_DIRECTORY &&
+            i->type != TRUNCATE_DIRECTORY &&
             i->type != IGNORE_PATH &&
             i->type != REMOVE_PATH &&
             i->type != RECURSIVE_REMOVE_PATH) {