Make PrivateTmp dirs also inaccessible from the outside

Currently, PrivateTmp=yes means that the service cannot see the /tmp
shared by rest of the system and is isolated from other services using
PrivateTmp, but users can access and modify /tmp as seen by the
service.

Move the private /tmp and /var/tmp directories into a 0077-mode
directory. This way unpriviledged users on the system cannot see (or
modify) /tmp as seen by the service.

1 files changed, 7 insertions, 9 deletions

diff --git a/src/core/namespace.c b/src/core/namespace.c
index ceeed2e1ae..972380abc0 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -183,22 +183,20 @@ int setup_tmpdirs(char **tmp_dir,
         assert(tmp_dir);
         assert(var_tmp_dir);
 
-        r = create_tmp_dir(tmp_dir_template, 0000, true, tmp_dir);
+        r = create_tmp_dir(tmp_dir_template, tmp_dir);
         if (r < 0)
-                goto fail2;
+                return r;
 
-        r = create_tmp_dir(var_tmp_dir_template, 0000, true, var_tmp_dir);
-        if (r < 0)
-                goto fail1;
-
-        return 0;
+        r = create_tmp_dir(var_tmp_dir_template, var_tmp_dir);
+        if (r == 0)
+                return 0;
 
-fail1:
+        /* failure */
         rmdir(*tmp_dir);
+        rmdir(tmp_dir_template);
         free(*tmp_dir);
         *tmp_dir = NULL;
 
-fail2:
         return r;
 }