diff options
| author | Lennart Poettering <lennart@poettering.net> | 2022-12-13 16:27:48 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2023-04-05 20:53:04 +0200 |
| commit | a594288d79f27147d95662927aa67c0567deb6cc (patch) | |
| tree | 129114f3a525ea689d2fedb228d56d66b3e3db59 /src/sysext/sysext.c | |
| parent | 73740c9f842a6fda8bba9af65dff82658a9aec90 (diff) | |
| download | systemd-a594288d79f27147d95662927aa67c0567deb6cc.tar.gz | |
sysext: default to a stricter image policy when reading /.extra/sysext/ DDIs
Diffstat (limited to 'src/sysext/sysext.c')
| -rw-r--r-- | src/sysext/sysext.c | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/src/sysext/sysext.c b/src/sysext/sysext.c index ce076f665a..f784627e82 100644 --- a/src/sysext/sysext.c +++ b/src/sysext/sysext.c @@ -410,6 +410,24 @@ static int strverscmp_improvedp(char *const* a, char *const* b) { return strverscmp_improved(*a, *b); } +static const ImagePolicy *pick_image_policy(const Image *img) { + assert(img); + assert(img->path); + + /* Explicitly specified policy always wins */ + if (arg_image_policy) + return arg_image_policy; + + /* If located in /.extra/sysext/ in the initrd, then it was placed there by systemd-stub, and was + * picked up from an untrusted ESP. Thus, require a stricter policy by default for them. (For the + * other directories we assume the appropriate level of trust was already established already. */ + + if (in_initrd() && path_startswith(img->path, "/.extra/sysext/")) + return &image_policy_sysext_strict; + + return &image_policy_sysext; +} + static int merge_subprocess(Hashmap *images, const char *workspace) { _cleanup_free_ char *host_os_release_id = NULL, *host_os_release_version_id = NULL, *host_os_release_sysext_level = NULL, *buf = NULL; @@ -526,7 +544,7 @@ static int merge_subprocess(Hashmap *images, const char *workspace) { d, &verity_settings, /* mount_options= */ NULL, - arg_image_policy ?: &image_policy_sysext, + pick_image_policy(img), flags, &m); if (r < 0) |