Make PrivateTmp dirs also inaccessible from the outside

[elogind.git] / src / shared / util.c

diff --git a/src/shared/util.c b/src/shared/util.c
index dc2651f3f2004f0bf8dfe3aa4de56ccdc6ff029c..bdef9f0431d5afc2c6d86e18f319041e419315b5 100644 (file)
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -5682,3 +5682,50 @@ int search_and_fopen_nulstr(const char *path, const char *mode, const char *sear
 
         return search_and_fopen_internal(path, mode, s, _f);
 }
+
+int create_tmp_dir(char template[], char** dir_name) {
+        int r = 0;
+        char *d, *dt;
+        mode_t _cleanup_umask_ u;
+
+        assert(dir_name);
+
+        u = umask(0077);
+        d = mkdtemp(template);
+        if (!d) {
+                log_error("Can't create directory %s: %m", template);
+                return -errno;
+        }
+
+        dt = strjoin(d, "/tmp", NULL);
+        if (!dt) {
+                r = log_oom();
+                goto fail2;
+        }
+
+        umask(0000);
+        r = mkdir(dt, 0777);
+        if (r) {
+                log_error("Can't create directory %s: %m", dt);
+                r = -errno;
+                goto fail1;
+        }
+        log_debug("Created temporary directory %s", dt);
+
+        r = chmod(dt, 0777 | S_ISVTX);
+        if (r < 0) {
+                log_error("Failed to chmod %s: %m", dt);
+                r = -errno;
+                goto fail1;
+        }
+        log_debug("Set sticky bit on %s", dt);
+
+        *dir_name = dt;
+
+        return 0;
+fail1:
+        rmdir(dt);
+fail2:
+        rmdir(template);
+        return r;
+}