1#!/bin/bash 2# SPDX-License-Identifier: LGPL-2.1-or-later 3# 4# Verify tmpfiles can run in a root directory under a path prefix that contains 5# directories owned by unprivileged users, for example when a root file system 6# is mounted in a regular user's home directory. 7# 8# https://github.com/systemd/systemd/pull/11820 9set -eux 10set -o pipefail 11 12rm -fr /tmp/root /tmp/user 13mkdir -p /tmp/root /tmp/user/root 14chown daemon:daemon /tmp/user 15 16# Verify the command works as expected with no prefix or a root-owned prefix. 17echo 'd /tmp/root/test1' | systemd-tmpfiles --create - 18test -d /tmp/root/test1 19echo 'd /test2' | systemd-tmpfiles --root=/tmp/root --create - 20test -d /tmp/root/test2 21 22# Verify the command fails to write to a root-owned subdirectory under an 23# unprivileged user's directory when it's not part of the prefix, as expected 24# by the unsafe_transition function. 25echo 'd /tmp/user/root/test' | systemd-tmpfiles --create - \ 26 && { echo 'unexpected success'; exit 1; } 27test ! -e /tmp/user/root/test 28echo 'd /user/root/test' | systemd-tmpfiles --root=/tmp --create - \ 29 && { echo 'unexpected success'; exit 1; } 30test ! -e /tmp/user/root/test 31 32# Verify the above works when all user-owned directories are in the prefix. 33echo 'd /test' | systemd-tmpfiles --root=/tmp/user/root --create - 34test -d /tmp/user/root/test 35