2 files changed, 30 insertions, 5 deletions

diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c
index 1e3774dafb..69a685c06f 100644
--- a/src/journal/journald-native.c
+++ b/src/journal/journald-native.c
@@ -22,6 +22,7 @@
 #include <stddef.h>
 #include <sys/epoll.h>
 #include <sys/mman.h>
+#include <sys/statvfs.h>
 #include <unistd.h>
 
 #include "alloc-util.h"
@@ -399,8 +400,37 @@ void server_process_native_file(
                 assert_se(munmap(p, ps) >= 0);
         } else {
                 _cleanup_free_ void *p = NULL;
+                struct statvfs vfs;
                 ssize_t n;
 
+                if (fstatvfs(fd, &vfs) < 0) {
+                        log_error_errno(errno, "Failed to stat file system of passed file, ignoring: %m");
+                        return;
+                }
+
+                /* Refuse operating on file systems that have
+                 * mandatory locking enabled, see:
+                 *
+                 * https://github.com/systemd/systemd/issues/1822
+                 */
+                if (vfs.f_flag & ST_MANDLOCK) {
+                        log_error("Received file descriptor from file system with mandatory locking enable, refusing.");
+                        return;
+                }
+
+                /* Make the fd non-blocking. On regular files this has
+                 * the effect of bypassing mandatory locking. Of
+                 * course, this should normally not be necessary given
+                 * the check above, but let's better be safe than
+                 * sorry, after all NFS is pretty confusing regarding
+                 * file system flags, and we better don't trust it,
+                 * and so is SMB. */
+                r = fd_nonblock(fd, true);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to make fd non-blocking, ignoring: %m");
+                        return;
+                }
+
                 /* The file is not sealed, we can't map the file here, since
                  * clients might then truncate it and trigger a SIGBUS for
                  * us. So let's stupidly read it */
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index 36fe739073..a6e5e4a20f 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -1484,11 +1484,6 @@ static int dispatch_notify_event(sd_event_source *es, int fd, uint32_t revents,
         assert(s->notify_event_source == es);
         assert(s->notify_fd == fd);
 
-        if (revents != EPOLLOUT) {
-                log_error("Invalid events on notify file descriptor.");
-                return -EINVAL;
-        }
-
         /* The $NOTIFY_SOCKET is writable again, now send exactly one
          * message on it. Either it's the wtachdog event, the initial
          * READY=1 event or an stdout stream event. If there's nothing