2014-08-15 2:00 GMT+03:00 Lennart Poettering <lenn...@poettering.net>:
> On Fri, 15.08.14 01:43, Timofey Titovets (nefelim...@gmail.com) wrote:
>
>>
>> +int fail_if_symlink(const char *unit, const char* where) {
>> + assert(where);
>> +
>> + if (is_symlink(where) > 0) {
>> + log_struct_unit(LOG_WARNING,
>> + unit,
>> + "MESSAGE=%s: Mount on symlink %s
>> not allowed.",
>> + unit, where,
>> + "WHERE=%s", where,
>> + MESSAGE_ID(SD_MESSAGE_OVERMOUNTING),
>> + NULL);
>> +
>> + return -ELOOP;
>> + }
>> + return 0;
>> +}
>
> Looks good, but the patch is line broken, I can't apply it like
> that... Maybe attach the patch?
>
>> diff --git a/src/core/mount.h b/src/core/mount.h
>> index 2dcb663..5fc1fe1 100644
>> --- a/src/core/mount.h
>> +++ b/src/core/mount.h
>> @@ -128,3 +128,5 @@ const char* mount_result_to_string(MountResult
>> i) _const_;
>> MountResult mount_result_from_string(const char *s) _pure_;
>>
>> void warn_if_dir_nonempty(const char *unit, const char* where);
>> +
>> +int fail_if_symlink(const char *unit, const char* where);
>
> No reason to export this, or am I missing something? Just make the
> function static, and don't include it in the header file, unless some
> other .c file is actually using it.
Fixed in patch
> Otherwise looks good.
>
> Lennart
>
> --
> Lennart Poettering, Red Hat
--
Have a nice day,
Timofey.
From 5f4325df1cd8f3c6ee3790e6c9c23b6dd0aaffec Mon Sep 17 00:00:00 2001
From: Timofey <nefelim...@gmail.com>
Date: Fri, 15 Aug 2014 02:05:47 +0300
Subject: [PATCH] Refuse mount on symlink
Signed-off-by: Timofey <nefelim...@gmail.com>
---
TODO | 2 --
src/core/mount.c | 21 +++++++++++++++++++++
src/shared/util.c | 12 ++++++++++++
src/shared/util.h | 2 ++
4 files changed, 35 insertions(+), 2 deletions(-)
diff --git a/TODO b/TODO
index d58da71..c8e9f27 100644
--- a/TODO
+++ b/TODO
@@ -93,8 +93,6 @@ Features:
* Add a new verb "systemctl top"
-* refuse mounting on symlinks
-
* logind: allow users to kill or lock their own sessions
* add new gpt type for btrfs volumes
diff --git a/src/core/mount.c b/src/core/mount.c
index 39a9aaf..ec90b0a 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -827,6 +827,23 @@ void warn_if_dir_nonempty(const char *unit, const char* where) {
NULL);
}
+static int fail_if_symlink(const char *unit, const char* where) {
+ assert(where);
+
+ if (is_symlink(where) > 0) {
+ log_struct_unit(LOG_WARNING,
+ unit,
+ "MESSAGE=%s: Mount on symlink %s not allowed.",
+ unit, where,
+ "WHERE=%s", where,
+ MESSAGE_ID(SD_MESSAGE_OVERMOUNTING),
+ NULL);
+
+ return -ELOOP;
+ }
+ return 0;
+}
+
static void mount_enter_unmounting(Mount *m) {
int r;
@@ -877,6 +894,10 @@ static void mount_enter_mounting(Mount *m) {
if (p && mount_is_bind(p))
mkdir_p_label(p->what, m->directory_mode);
+ r = fail_if_symlink(m->meta.id, m->where);
+ if (r < 0)
+ goto fail;
+
if (m->from_fragment)
r = exec_command_set(
m->control_command,
diff --git a/src/shared/util.c b/src/shared/util.c
index 3d16cd1..0db4bd9 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -6918,3 +6918,15 @@ int take_password_lock(const char *root) {
return fd;
}
+
+int is_symlink(const char *path) {
+ struct stat info;
+
+ if (lstat(path, &info) < 0)
+ return -errno;
+
+ if (S_ISLNK(info.st_mode))
+ return 1;
+
+ return 0;
+}
\ No newline at end of file
diff --git a/src/shared/util.h b/src/shared/util.h
index 101d2df..bd8bbb2 100644
--- a/src/shared/util.h
+++ b/src/shared/util.h
@@ -966,3 +966,5 @@ char *tempfn_random(const char *p);
bool is_localhost(const char *hostname);
int take_password_lock(const char *root);
+
+int is_symlink(const char *path);
\ No newline at end of file
--
2.0.4
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
