paranoia: refuse rm_rf("/")

diff --git a/TODO b/TODO
index 5efd11b2e4289c45b2b32af1cdb6ba672168f97c..dde1b90d438852204af7cdd587fd75de2d814580 100644 (file)
--- a/TODO
+++ b/TODO
@@ -22,6 +22,10 @@ Bugfixes:
 
 Features:
 
+* refuse taking lower-case variable names in sd_journal_send() and friends.
+
+* when running as user instance: implicitly default to WorkingDirectory=$HOME for all services.
+
 * journalctl highlight reboots
 
 * Merge KillUnit()'s mode and who params into one

diff --git a/src/journal/journald.c b/src/journal/journald.c
index 8d1b10d270aacbacfb5f2bd0ff053d329acd5c35..0629f79f1c382fa8ebf624a2faeebee78812642d 100644 (file)
--- a/src/journal/journald.c
+++ b/src/journal/journald.c
@@ -2058,7 +2058,6 @@ static int system_journal_open(Server *s) {
 }
 
 static int server_flush_to_var(Server *s) {
-        char path[] = "/run/log/journal/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
         Object *o = NULL;
         int r;
         sd_id128_t machine;
@@ -2135,6 +2134,7 @@ finish:
         s->runtime_journal = NULL;
 
         if (r >= 0) {
+                char path[] = "/run/log/journal/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
                 sd_id128_to_string(machine, path + 17);
                 rm_rf(path, false, true, false);
         }

diff --git a/src/shared/util.c b/src/shared/util.c
index 041a63bb4baae8f070313daf806e22b007413afa..41505b2ca79bac962510704a22c65fbea92ba2df 100644 (file)
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -3339,6 +3339,9 @@ int rm_rf(const char *path, bool only_dirs, bool delete_root, bool honour_sticky
 
         assert(path);
 
+        /* Be paranoid */
+        assert(!streq(path, "/"));
+
         fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
         if (fd < 0) {