Re: git: 39e8c2a29a86 - main - cleanvar: Be more careful when cleaning up /var.
Date: Tue, 28 Feb 2023 06:14:04 UTC
On 2023-02-27 3:51 PM, Piotr P. Stefaniak wrote: > On 2023-02-13 04:57:08, Xin LI wrote: >> cleanvar: Be more careful when cleaning up /var. >> >> The cleanvar script uses find -delete to remove stale files under >> /var, >> which could lead to unwanted removal of files in some unusual >> scenarios. >> For example, when a mounted fdescfs(5) is present under >> /var/run/samba/fd, >> find(1) could descend into a directory that is out of /var/run and >> remove >> files that should not be removed. >> >> To mitigate this, modify the script to use find -x, which restricts >> the >> find scope to one file system only instead of descending into mounted >> file systems. > >> @@ -31,15 +31,15 @@ cleanvar_start() >> { >> if [ -d /var/run -a ! -f /var/run/clean_var ]; then >> # Skip over logging sockets >> - find /var/run \( -type f -or -type s ! -name log -and ! -name >> logpriv \) -delete >> + find -x /var/run \( -type f -or -type s ! -name log -and ! >> -name logpriv \) -delete >> >/var/run/clean_var >> fi > > Do we want to assume that /var/run is never a symlink? If not, we > probably want to use find -xH here. No, I don't think it's safe to follow symlinks. If it's desirable to follow /var/run itself, perhaps this should be changed to "/var/run/".