chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Make PrivateTmp dirs also inaccessible from the outside
[elogind.git]
/
src
/
core
/
execute.c
diff --git
a/src/core/execute.c
b/src/core/execute.c
index 18e25fa6e69dd14ad7cf3dae0dde69b53da3195c..bc876a32920270febcd25a4c66c0cef3e9f8d2ef 100644
(file)
--- a/
src/core/execute.c
+++ b/
src/core/execute.c
@@
-40,6
+40,7
@@
#include <sys/poll.h>
#include <linux/seccomp-bpf.h>
#include <glob.h>
#include <sys/poll.h>
#include <linux/seccomp-bpf.h>
#include <glob.h>
+#include <libgen.h>
#ifdef HAVE_PAM
#include <security/pam_appl.h>
#ifdef HAVE_PAM
#include <security/pam_appl.h>
@@
-1551,19
+1552,22
@@
void exec_context_init(ExecContext *c) {
}
void exec_context_tmp_dirs_done(ExecContext *c) {
}
void exec_context_tmp_dirs_done(ExecContext *c) {
- assert(c);
+ char* dirs[] = {c->tmp_dir ? c->tmp_dir : c->var_tmp_dir,
+ c->tmp_dir ? c->var_tmp_dir : NULL,
+ NULL};
+ char **dirp;
- if (c->tmp_dir) {
- rm_rf_dangerous(c->tmp_dir, false, true, false);
- free(c->tmp_dir);
- c->tmp_dir = NULL;
- }
+ for(dirp = dirs; *dirp; dirp++) {
+ char *dir;
+ rm_rf_dangerous(*dirp, false, true, false);
- if (c->var_tmp_dir) {
- rm
_rf_dangerous(c->var_tmp_dir, false, true, false
);
- free(c->var_tmp_dir);
-
c->var_tmp_dir = NULL
;
+ dir = dirname(*dirp);
+ rm
dir(dir
);
+
+
free(*dirp)
;
}
}
+
+ c->tmp_dir = c->var_tmp_dir = NULL;
}
void exec_context_done(ExecContext *c, bool reloading_or_reexecuting) {
}
void exec_context_done(ExecContext *c, bool reloading_or_reexecuting) {