On 2023-02-13 04:57:08, Xin LI wrote:
cleanvar: Be more careful when cleaning up /var.
The cleanvar script uses find -delete to remove stale files under /var,
which could lead to unwanted removal of files in some unusual scenarios.
For example, when a mounted fdescfs(5) is present under /var/run/samba/fd,
find(1) could descend into a directory that is out of /var/run and remove
files that should not be removed.
To mitigate this, modify the script to use find -x, which restricts the
find scope to one file system only instead of descending into mounted
file systems.
@@ -31,15 +31,15 @@ cleanvar_start()
{
if [ -d /var/run -a ! -f /var/run/clean_var ]; then
# Skip over logging sockets
- find /var/run \( -type f -or -type s ! -name log -and ! -name
logpriv \) -delete
+ find -x /var/run \( -type f -or -type s ! -name log -and !
-name logpriv \) -delete
>/var/run/clean_var
fi
Do we want to assume that /var/run is never a symlink? If not, we
probably want to use find -xH here.
Piotr