tree-wide: use CONF_FILES_CHASE_BASENAME where root directory is specified

Otherwise, the result may point to outside of the root directory.

This also sets CONF_FILES_REGULAR and CONF_FILES_FILTER_MASKED, as the
callers will call fopen() or friends for the result, thus the enumerated
results must be non-empty regular files.

src/libsystemd/sd-journal/catalog.c

@@ -450,7 +450,9 @@ int catalog_update(const char *database, const char *root, const char* const *di
                 dirs = catalog_file_dirs;
 
         _cleanup_strv_free_ char **files = NULL;
-        r = conf_files_list_strv(&files, ".catalog", root, 0, dirs);
+        r = conf_files_list_strv(&files, ".catalog", root,
+                                 CONF_FILES_REGULAR | CONF_FILES_CHASE_BASENAME | CONF_FILES_FILTER_MASKED,
+                                 dirs);
         if (r < 0)
                 return log_error_errno(r, "Failed to get catalog files: %m");
 

src/shared/hwdb-util.c

@@ -601,7 +601,9 @@ int hwdb_update(const char *root, const char *hwdb_bin_dir, bool strict, bool co
 
         trie->nodes_count++;
 
-        err = conf_files_list_strv(&files, ".hwdb", root, 0, conf_file_dirs);
+        err = conf_files_list_strv(&files, ".hwdb", root,
+                                   CONF_FILES_REGULAR | CONF_FILES_CHASE_BASENAME | CONF_FILES_FILTER_MASKED,
+                                   conf_file_dirs);
         if (err < 0)
                 return log_error_errno(err, "Failed to enumerate hwdb files: %m");
 

src/shared/install.c

@@ -3298,7 +3298,9 @@ static int presets_find_config(RuntimeScope scope, const char *root_dir, char **
         else
                 assert_not_reached();
 
-        return conf_files_list_strv(files, ".preset", root_dir, 0, dirs);
+        return conf_files_list_strv(files, ".preset", root_dir,
+                                    CONF_FILES_REGULAR | CONF_FILES_CHASE_BASENAME | CONF_FILES_FILTER_MASKED,
+                                    dirs);
 }
 
 static int read_presets(RuntimeScope scope, const char *root_dir, UnitFilePresets *presets) {

src/udev/udevadm-util.c

@@ -282,7 +282,9 @@ static int search_rules_file(const char *s, const char *root, char ***files) {
         if (r == -EISDIR) {
                 _cleanup_strv_free_ char **files_in_dir = NULL;
 
-                r = conf_files_list_strv(&files_in_dir, ".rules", root, 0, (const char* const*) STRV_MAKE_CONST(s));
+                r = conf_files_list_strv(&files_in_dir, ".rules", root,
+                                         CONF_FILES_REGULAR | CONF_FILES_CHASE_BASENAME | CONF_FILES_FILTER_MASKED,
+                                         STRV_MAKE_CONST(s));
                 if (r < 0)
                         return log_error_errno(r, "Failed to enumerate rules files in '%s': %m", resolved);
 
@@ -309,7 +311,9 @@ int search_rules_files(char * const *a, const char *root, char ***ret) {
         assert(ret);
 
         if (strv_isempty(a)) {
-                r = conf_files_list_strv(&files, ".rules", root, 0, (const char* const*) CONF_PATHS_STRV("udev/rules.d"));
+                r = conf_files_list_strv(&files, ".rules", root,
+                                         CONF_FILES_REGULAR | CONF_FILES_CHASE_BASENAME | CONF_FILES_FILTER_MASKED,
+                                         (const char* const*) CONF_PATHS_STRV("udev/rules.d"));
                 if (r < 0)
                         return log_error_errno(r, "Failed to enumerate rules files: %m");
 

test/units/TEST-17-UDEV.verify.sh

@@ -130,9 +130,9 @@ assert_1 --root="${workdir}"
 cp "${workdir}/output_0_files" "${exo}"
 assert_0 "${rules_dir}"
 
-# Directory with a loop.
+# Directory with an invalid loop.
 ln -s . "${rules_dir}/loop.rules"
-assert_1 "${rules_dir}"
+assert_0 "${rules_dir}"
 rm "${rules_dir}/loop.rules"
 
 # Empty rules.