diff options
| author | Xin LI <delphij@FreeBSD.org> | 2023-02-13 04:56:17 +0000 |
|---|---|---|
| committer | Xin LI <delphij@FreeBSD.org> | 2023-02-21 15:37:30 +0000 |
| commit | 57c37babde3664c81bc30ec5086092ae950aab49 (patch) | |
| tree | 9ea35cc636f28e923b916c60c9c2976903964f49 | |
| parent | 50796dea719a4ca2e26376eaab67eafd94532fee (diff) | |
| download | src-57c37babde3664c81bc30ec5086092ae950aab49.tar.gz src-57c37babde3664c81bc30ec5086092ae950aab49.zip | |
cleanvar: Be more careful when cleaning up /var.
The cleanvar script uses find -delete to remove stale files under /var,
which could lead to unwanted removal of files in some unusual scenarios.
For example, when a mounted fdescfs(5) is present under /var/run/samba/fd,
find(1) could descend into a directory that is out of /var/run and remove
files that should not be removed.
To mitigate this, modify the script to use find -x, which restricts the
find scope to one file system only instead of descending into mounted
file systems.
PR: 269213
Approved by: re (cperciva)
(cherry picked from commit 39e8c2a29a860bdb69ffcfbc06de4d4ad103b458)
(cherry picked from commit 0699f0d43416776d87d20d7953b7d686f1e2e572)
| -rwxr-xr-x | libexec/rc/rc.d/cleanvar | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/libexec/rc/rc.d/cleanvar b/libexec/rc/rc.d/cleanvar index fcfd365268c3..a682021ce5f6 100755 --- a/libexec/rc/rc.d/cleanvar +++ b/libexec/rc/rc.d/cleanvar @@ -31,15 +31,15 @@ cleanvar_start() { if [ -d /var/run -a ! -f /var/run/clean_var ]; then # Skip over logging sockets - find /var/run \( -type f -or -type s ! -name log -and ! -name logpriv \) -delete + find -x /var/run \( -type f -or -type s ! -name log -and ! -name logpriv \) -delete >/var/run/clean_var fi if [ -d /var/spool/lock -a ! -f /var/spool/lock/clean_var ]; then - find /var/spool/lock -type f -delete + find -x /var/spool/lock -type f -delete >/var/spool/lock/clean_var fi if [ -d /var/spool/uucp/.Temp ]; then - find /var/spool/uucp/.Temp -delete + find -x /var/spool/uucp/.Temp -delete fi } |