X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Ftmpfiles.c;h=1234cbf3480c9c1bc190dfdfe3c3a768cba0e66f;hb=ec14911e0d6b9473f4f1d6b43d7fcd67c48c2ffc;hp=4953649252a19d3ff94f19320d3f9c7b4b111c17;hpb=3b63d2d31d0850bd7a81ab9b468218d2c4c461e8;p=elogind.git diff --git a/src/tmpfiles.c b/src/tmpfiles.c index 495364925..1234cbf34 100644 --- a/src/tmpfiles.c +++ b/src/tmpfiles.c @@ -149,7 +149,7 @@ static int dir_cleanup( DIR *sub_dir; int q; - sub_dir = xopendirat(dirfd(d), dent->d_name); + sub_dir = xopendirat(dirfd(d), dent->d_name, O_NOFOLLOW); if (sub_dir == NULL) { if (errno != ENOENT) { log_error("opendir(%s/%s) failed: %m", p, dent->d_name); @@ -182,6 +182,13 @@ static int dir_cleanup( } } else { + /* Skip files for which the sticky bit is + * set. These are semantics we define, and are + * unknown elsewhere. See XDG_RUNTIME_DIR + * specification for details. */ + if (s.st_mode & S_ISVTX) + continue; + if (mountpoint) { if (streq(dent->d_name, ".journal") && s.st_uid == 0) @@ -497,8 +504,9 @@ static int parse_line(const char *fname, unsigned line, const char *buffer, cons } if (i->type != CREATE_FILE && - i->type != CREATE_DIRECTORY && i->type != TRUNCATE_FILE && + i->type != CREATE_DIRECTORY && + i->type != TRUNCATE_DIRECTORY && i->type != IGNORE_PATH && i->type != REMOVE_PATH && i->type != RECURSIVE_REMOVE_PATH) { @@ -792,5 +800,7 @@ finish: hashmap_free(items); + label_finish(); + return r; }