diff options
author | Lennart Poettering <lennart@poettering.net> | 2010-06-16 16:25:42 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2010-06-16 16:27:24 +0200 |
commit | df1f0afe0c0d044a42ee726fa03730291d7082ee (patch) | |
tree | ec9aba0611608c2666aabac5ebc1b41b1c2508bd | |
parent | 0213c3f8102bdc934c629d11a44ca0b408762287 (diff) |
tcpwrap: execute tcpwrap check in forked client, to avoid blocking name lookups in main systemd process
-rw-r--r-- | fixme | 2 | ||||
-rw-r--r-- | src/dbus-execute.h | 6 | ||||
-rw-r--r-- | src/dbus-socket.c | 2 | ||||
-rw-r--r-- | src/execute.c | 18 | ||||
-rw-r--r-- | src/execute.h | 5 | ||||
-rw-r--r-- | src/load-fragment.c | 4 | ||||
-rw-r--r-- | src/socket.c | 15 | ||||
-rw-r--r-- | src/socket.h | 2 |
8 files changed, 28 insertions, 26 deletions
@@ -53,8 +53,6 @@ * run PAM session stuff -* tcpwrap - * use setproctitle() when forking, before exec() (waiting for (PR_SET_PROCTITLE_AREA to enter the kernel) * follow property change dbus spec diff --git a/src/dbus-execute.h b/src/dbus-execute.h index 6abae1657c..243854f893 100644 --- a/src/dbus-execute.h +++ b/src/dbus-execute.h @@ -43,7 +43,8 @@ " <property name=\"CapabilityBoundingSetDrop\" type=\"t\" access=\"read\"/>\n" \ " <property name=\"User\" type=\"s\" access=\"read\"/>\n" \ " <property name=\"Group\" type=\"s\" access=\"read\"/>\n" \ - " <property name=\"SupplementaryGroups\" type=\"as\" access=\"read\"/>\n" + " <property name=\"SupplementaryGroups\" type=\"as\" access=\"read\"/>\n" \ + " <property name=\"TCPWrapName\" type=\"s\" access=\"read\"/>\n" #define BUS_EXEC_CONTEXT_PROPERTIES(interface, context) \ { interface, "Environment", bus_property_append_strv, "as", (context).environment }, \ @@ -71,7 +72,8 @@ { interface, "CapabilityBoundingSetDrop", bus_property_append_uint64, "t", &(context).capability_bounding_set_drop }, \ { interface, "User", bus_property_append_string, "s", (context).user }, \ { interface, "Group", bus_property_append_string, "s", (context).group }, \ - { interface, "SupplementaryGroups", bus_property_append_strv, "as", (context).supplementary_groups } + { interface, "SupplementaryGroups", bus_property_append_strv, "as", (context).supplementary_groups }, \ + { interface, "TCPWrapName", bus_property_append_string, "s", (context).tcpwrap_name } int bus_execute_append_output(Manager *m, DBusMessageIter *i, const char *property, void *data); int bus_execute_append_input(Manager *m, DBusMessageIter *i, const char *property, void *data); diff --git a/src/dbus-socket.c b/src/dbus-socket.c index fa84191140..426af2b4cf 100644 --- a/src/dbus-socket.c +++ b/src/dbus-socket.c @@ -37,7 +37,6 @@ " <property name=\"DirectoryMode\" type=\"u\" access=\"read\"/>\n" \ " <property name=\"SocketMode\" type=\"u\" access=\"read\"/>\n" \ " <property name=\"Accept\" type=\"b\" access=\"read\"/>\n" \ - " <property name=\"TCPWrapName\" type=\"s\" access=\"read\"/>\n" \ " </interface>\n" \ #define INTROSPECTION \ @@ -67,7 +66,6 @@ DBusHandlerResult bus_socket_message_handler(Unit *u, DBusMessage *message) { { "org.freedesktop.systemd1.Socket", "DirectoryMode", bus_property_append_mode, "u", &u->socket.directory_mode }, { "org.freedesktop.systemd1.Socket", "SocketMode", bus_property_append_mode, "u", &u->socket.socket_mode }, { "org.freedesktop.systemd1.Socket", "Accept", bus_property_append_bool, "b", &u->socket.accept }, - { "org.freedesktop.systemd1.Socket", "TCPWrapName", bus_property_append_string, "s", u->socket.tcpwrap_name }, { NULL, NULL, NULL, NULL, NULL } }; diff --git a/src/execute.c b/src/execute.c index 1b37f2efe4..b61c1f838b 100644 --- a/src/execute.c +++ b/src/execute.c @@ -46,6 +46,7 @@ #include "securebits.h" #include "cgroup.h" #include "namespace.h" +#include "tcpwrap.h" /* This assumes there is a 'tty' group */ #define TTY_MODE 0620 @@ -803,6 +804,12 @@ int exec_spawn(ExecCommand *command, goto fail; } + if (socket_fd >= 0 && context->tcpwrap_name) + if (!socket_tcpwrap(socket_fd, context->tcpwrap_name)) { + r = EXIT_TCPWRAP; + goto fail; + } + if (confirm_spawn) { char response; @@ -1111,6 +1118,9 @@ void exec_context_done(ExecContext *c) { free(c->tty_path); c->tty_path = NULL; + free(c->tcpwrap_name); + c->tcpwrap_name = NULL; + free(c->syslog_identifier); c->syslog_identifier = NULL; @@ -1209,6 +1219,11 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) { for (e = c->environment; *e; e++) fprintf(f, "%sEnvironment: %s\n", prefix, *e); + if (c->tcpwrap_name) + fprintf(f, + "%sTCPWrapName: %s\n", + prefix, c->tcpwrap_name); + if (c->nice_set) fprintf(f, "%sNice: %i\n", @@ -1595,6 +1610,9 @@ const char* exit_status_to_string(ExitStatus status) { case EXIT_STDERR: return "STDERR"; + case EXIT_TCPWRAP: + return "TCPWRAP"; + default: return NULL; } diff --git a/src/execute.h b/src/execute.h index 4585fe43a7..1adf41ea67 100644 --- a/src/execute.h +++ b/src/execute.h @@ -104,6 +104,8 @@ struct ExecContext { char *syslog_identifier; bool syslog_no_prefix; + char *tcpwrap_name; + char *tty_path; /* Since resolving these names might might involve socket @@ -179,7 +181,8 @@ typedef enum ExitStatus { EXIT_CGROUP, EXIT_SETSID, /* 220 */ EXIT_CONFIRM, - EXIT_STDERR + EXIT_STDERR, + EXIT_TCPWRAP } ExitStatus; diff --git a/src/load-fragment.c b/src/load-fragment.c index 94a637541f..f409776e88 100644 --- a/src/load-fragment.c +++ b/src/load-fragment.c @@ -1391,7 +1391,8 @@ static int load_from_path(Unit *u, const char *path) { { "ReadOnlyDirectories", config_parse_path_strv, &(context).read_only_dirs, section }, \ { "InaccessibleDirectories",config_parse_path_strv, &(context).inaccessible_dirs, section }, \ { "PrivateTmp", config_parse_bool, &(context).private_tmp, section }, \ - { "MountFlags", config_parse_mount_flags, &(context), section } + { "MountFlags", config_parse_mount_flags, &(context), section }, \ + { "TCPWrapName", config_parse_string, &(context).tcpwrap_name, section } const ConfigItem items[] = { { "Names", config_parse_names, u, "Unit" }, @@ -1444,7 +1445,6 @@ static int load_from_path(Unit *u, const char *path) { { "SocketMode", config_parse_mode, &u->socket.socket_mode, "Socket" }, { "KillMode", config_parse_kill_mode, &u->socket.kill_mode, "Socket" }, { "Accept", config_parse_bool, &u->socket.accept, "Socket" }, - { "TCPWrapName", config_parse_string, &u->socket.tcpwrap_name, "Socket" }, EXEC_CONTEXT_CONFIG_ITEMS(u->socket.exec_context, "Socket"), { "What", config_parse_string, &u->mount.parameters_fragment.what, "Mount" }, diff --git a/src/socket.c b/src/socket.c index 71f1672027..1852fe9375 100644 --- a/src/socket.c +++ b/src/socket.c @@ -36,7 +36,6 @@ #include "strv.h" #include "unit-name.h" #include "dbus-socket.h" -#include "tcpwrap.h" static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = { [SOCKET_DEAD] = UNIT_INACTIVE, @@ -108,9 +107,6 @@ static void socket_done(Unit *u) { free(s->bind_to_device); s->bind_to_device = NULL; - free(s->tcpwrap_name); - s->tcpwrap_name = NULL; - unit_unwatch_timer(u, &s->timer_watch); } @@ -309,11 +305,6 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) { "%sBindToDevice: %s\n", prefix, s->bind_to_device); - if (s->tcpwrap_name) - fprintf(f, - "%sTCPWrapName: %s\n", - prefix, s->tcpwrap_name); - if (s->accept) fprintf(f, "%sAccepted: %u\n", @@ -1221,12 +1212,6 @@ static void socket_fd_event(Unit *u, int fd, uint32_t events, Watch *w) { break; } - - if (s->tcpwrap_name) - if (!socket_tcpwrap(cfd, s->tcpwrap_name)) { - close_nointr_nofail(cfd); - return; - } } socket_enter_running(s, cfd); diff --git a/src/socket.h b/src/socket.h index de3e913f7c..5a2cd06d9d 100644 --- a/src/socket.h +++ b/src/socket.h @@ -101,8 +101,6 @@ struct Socket { mode_t directory_mode; mode_t socket_mode; - char *tcpwrap_name; - bool accept; unsigned n_accepted; |