Re: git: 39e8c2a29a86 - main - cleanvar: Be more careful when cleaning up /var.

From: Xin Li <delphij_at_FreeBSD.org>
Date: Tue, 28 Feb 2023 06:14:04 UTC
On 2023-02-27 3:51 PM, Piotr P. Stefaniak wrote:
> On 2023-02-13 04:57:08, Xin LI wrote:
>>    cleanvar: Be more careful when cleaning up /var.
>>
>>    The cleanvar script uses find -delete to remove stale files under 
>> /var,
>>    which could lead to unwanted removal of files in some unusual 
>> scenarios.
>>    For example, when a mounted fdescfs(5) is present under 
>> /var/run/samba/fd,
>>    find(1) could descend into a directory that is out of /var/run and 
>> remove
>>    files that should not be removed.
>>
>>    To mitigate this, modify the script to use find -x, which restricts 
>> the
>>    find scope to one file system only instead of descending into mounted
>>    file systems.
> 
>> @@ -31,15 +31,15 @@ cleanvar_start()
>> {
>>     if [ -d /var/run -a ! -f /var/run/clean_var ]; then
>>         # Skip over logging sockets
>> -        find /var/run \( -type f -or -type s ! -name log -and ! -name 
>> logpriv \) -delete
>> +        find -x /var/run \( -type f -or -type s ! -name log -and ! 
>> -name logpriv \) -delete
>>         >/var/run/clean_var
>>     fi
> 
> Do we want to assume that /var/run is never a symlink? If not, we
> probably want to use find -xH here.

No, I don't think it's safe to follow symlinks.  If it's desirable to 
follow /var/run itself, perhaps this should be changed to "/var/run/".