firstboot: Do not dereference symlinks

Let's always operate on paths without resolving the final component. If the path is a symlink, it could point to a vendor default in /usr, in which case we definitely do not want to modify the vendor defaults. To avoid this from happening, we replace the symlink with our own file instead of modifying the file the symlink points at.
author: Daan De Meyer <daan.j.demeyer@gmail.com> 2023-04-01 10:46:42 +0200
committer: Daan De Meyer <daan.j.demeyer@gmail.com> 2023-04-01 10:46:42 +0200
commit: b39710cccf42fd31ff84fb27f84741cbb0ff82c3 (patch)
tree: 2a4852e5c66085ac6736761501aa4dd8c420721b /src/firstboot
parent: 86c20937c29da637878a1282444b057bc1a519fb (diff)
download: systemd-b39710cccf42fd31ff84fb27f84741cbb0ff82c3.tar.gz
1 files changed, 4 insertions, 4 deletions
diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c
index ba7e08913f..7119f9970e 100644
--- a/src/firstboot/firstboot.c
+++ b/src/firstboot/firstboot.c
@@ -334,7 +334,7 @@ static int process_locale(int rfd) {
         assert(rfd >= 0);
 
         pfd = chase_and_open_parent_at(rfd, "/etc/locale.conf",
-                                       CHASE_AT_RESOLVE_IN_ROOT|CHASE_MKDIR_0755|CHASE_WARN,
+                                       CHASE_AT_RESOLVE_IN_ROOT|CHASE_MKDIR_0755|CHASE_WARN|CHASE_NOFOLLOW,
                                        &f);
         if (pfd < 0)
                 return log_error_errno(pfd, "Failed to chase /etc/locale.conf: %m");
@@ -423,7 +423,7 @@ static int process_keymap(int rfd) {
         assert(rfd >= 0);
 
         pfd = chase_and_open_parent_at(rfd, "/etc/vconsole.conf",
-                                       CHASE_AT_RESOLVE_IN_ROOT|CHASE_MKDIR_0755|CHASE_WARN,
+                                       CHASE_AT_RESOLVE_IN_ROOT|CHASE_MKDIR_0755|CHASE_WARN|CHASE_NOFOLLOW,
                                        &f);
         if (pfd < 0)
                 return log_error_errno(pfd, "Failed to chase /etc/vconsole.conf: %m");
@@ -647,7 +647,7 @@ static int process_machine_id(int rfd) {
         assert(rfd >= 0);
 
         pfd = chase_and_open_parent_at(rfd, "/etc/machine-id",
-                                       CHASE_AT_RESOLVE_IN_ROOT|CHASE_MKDIR_0755|CHASE_WARN,
+                                       CHASE_AT_RESOLVE_IN_ROOT|CHASE_MKDIR_0755|CHASE_WARN|CHASE_NOFOLLOW,
                                        &f);
         if (pfd < 0)
                 return log_error_errno(pfd, "Failed to chase /etc/machine-id: %m");
@@ -1064,7 +1064,7 @@ static int process_kernel_cmdline(int rfd) {
         assert(rfd >= 0);
 
         pfd = chase_and_open_parent_at(rfd, "/etc/kernel/cmdline",
-                                       CHASE_AT_RESOLVE_IN_ROOT|CHASE_MKDIR_0755|CHASE_WARN,
+                                       CHASE_AT_RESOLVE_IN_ROOT|CHASE_MKDIR_0755|CHASE_WARN|CHASE_NOFOLLOW,
                                        &f);
         if (pfd < 0)
                 return log_error_errno(pfd, "Failed to chase /etc/kernel/cmdline: %m");
author	Daan De Meyer <daan.j.demeyer@gmail.com>	2023-04-01 10:46:42 +0200
committer	Daan De Meyer <daan.j.demeyer@gmail.com>	2023-04-01 10:46:42 +0200
commit	b39710cccf42fd31ff84fb27f84741cbb0ff82c3 (patch)
tree	2a4852e5c66085ac6736761501aa4dd8c420721b /src/firstboot
parent	86c20937c29da637878a1282444b057bc1a519fb (diff)
download	systemd-b39710cccf42fd31ff84fb27f84741cbb0ff82c3.tar.gz