core: add more safety check

Let's make sure that if we are PID 1 we are invoked in ACTION_RUN mode,
and in arg_system mode, as well as the opposite.

Everything else is untested and probably not worth supporting hence
let's bail out early if people try anyway.

1 files changed, 19 insertions, 0 deletions

diff --git a/src/core/main.c b/src/core/main.c
index f342875f6f..c6702a9630 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -2093,6 +2093,25 @@ static int load_configuration(int argc, char **argv, const char **ret_error_mess
 
 static int safety_checks(void) {
 
+        if (getpid_cached() == 1 &&
+            arg_action != ACTION_RUN) {
+                log_error("Unsupported execution mode while PID 1.");
+                return -EPERM;
+        }
+
+        if (getpid_cached() == 1 &&
+            !arg_system) {
+                log_error("Can't run --user mode as PID 1.");
+                return -EPERM;
+        }
+
+        if (arg_action == ACTION_RUN &&
+            arg_system &&
+            getpid_cached() != 1) {
+                log_error("Can't run system mode unless PID 1.");
+                return -EPERM;
+        }
+
         if (arg_action == ACTION_TEST &&
             geteuid() == 0) {
                 log_error("Don't run test mode as root.");