summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-07-26 17:53:07 +0200
committerLennart Poettering <lennart@poettering.net>2016-08-04 16:27:07 +0200
commit9c1a61adba1ed61a405bc30675f08b8442eefd70 (patch)
tree3c646807a15ca405bf7599d4e043c795ca06b552
parentc39f1ce24ddb1aa683991c5099dcc2afbfcbc57c (diff)
core: move masking of chroot/permission masking into service_spawn()
Let's fix up the flags fields in service_spawn() rather than its callers, in order to simplify things a bit.
-rw-r--r--src/core/execute.h2
-rw-r--r--src/core/service.c34
2 files changed, 16 insertions, 20 deletions
diff --git a/src/core/execute.h b/src/core/execute.h
index 77418ea2ad..8d659ca178 100644
--- a/src/core/execute.h
+++ b/src/core/execute.h
@@ -214,7 +214,7 @@ typedef enum ExecFlags {
EXEC_APPLY_CHROOT = 1U << 2,
EXEC_APPLY_TTY_STDIN = 1U << 3,
- /* The following are not usec by execute.c, but by consumers internally */
+ /* The following are not used by execute.c, but by consumers internally */
EXEC_PASS_FDS = 1U << 4,
EXEC_IS_CONTROL = 1U << 5,
} ExecFlags;
diff --git a/src/core/service.c b/src/core/service.c
index b4db7d17ed..32b8e7d2c5 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -1174,6 +1174,14 @@ static int service_spawn(
assert(c);
assert(_pid);
+ if (flags & EXEC_IS_CONTROL) {
+ /* If this is a control process, mask the permissions/chroot application if this is requested. */
+ if (s->permissions_start_only)
+ exec_params.flags &= ~EXEC_APPLY_PERMISSIONS;
+ if (s->root_directory_start_only)
+ exec_params.flags &= ~EXEC_APPLY_CHROOT;
+ }
+
(void) unit_realize_cgroup(UNIT(s));
if (s->reset_cpu_usage) {
(void) unit_reset_cpu_usage(UNIT(s));
@@ -1459,9 +1467,7 @@ static void service_enter_stop_post(Service *s, ServiceResult f) {
r = service_spawn(s,
s->control_command,
s->timeout_stop_usec,
- (s->permissions_start_only ? 0 : EXEC_APPLY_PERMISSIONS) |
- (s->root_directory_start_only ? 0 : EXEC_APPLY_CHROOT) |
- EXEC_APPLY_TTY_STDIN | EXEC_IS_CONTROL,
+ EXEC_APPLY_PERMISSIONS|EXEC_APPLY_CHROOT|EXEC_APPLY_TTY_STDIN|EXEC_IS_CONTROL,
&s->control_pid);
if (r < 0)
goto fail;
@@ -1572,9 +1578,7 @@ static void service_enter_stop(Service *s, ServiceResult f) {
r = service_spawn(s,
s->control_command,
s->timeout_stop_usec,
- (s->permissions_start_only ? 0 : EXEC_APPLY_PERMISSIONS) |
- (s->root_directory_start_only ? 0 : EXEC_APPLY_CHROOT) |
- EXEC_IS_CONTROL,
+ EXEC_APPLY_PERMISSIONS|EXEC_APPLY_CHROOT|EXEC_IS_CONTROL,
&s->control_pid);
if (r < 0)
goto fail;
@@ -1651,9 +1655,7 @@ static void service_enter_start_post(Service *s) {
r = service_spawn(s,
s->control_command,
s->timeout_start_usec,
- (s->permissions_start_only ? 0 : EXEC_APPLY_PERMISSIONS)|
- (s->root_directory_start_only ? 0 : EXEC_APPLY_CHROOT)|
- EXEC_IS_CONTROL,
+ EXEC_APPLY_PERMISSIONS|EXEC_APPLY_CHROOT|EXEC_IS_CONTROL,
&s->control_pid);
if (r < 0)
goto fail;
@@ -1782,9 +1784,7 @@ static void service_enter_start_pre(Service *s) {
r = service_spawn(s,
s->control_command,
s->timeout_start_usec,
- (s->permissions_start_only ? 0 : EXEC_APPLY_PERMISSIONS) |
- (s->root_directory_start_only ? 0: EXEC_APPLY_CHROOT) |
- EXEC_IS_CONTROL|EXEC_APPLY_TTY_STDIN,
+ EXEC_APPLY_PERMISSIONS|EXEC_APPLY_CHROOT|EXEC_IS_CONTROL|EXEC_APPLY_TTY_STDIN,
&s->control_pid);
if (r < 0)
goto fail;
@@ -1859,9 +1859,7 @@ static void service_enter_reload(Service *s) {
r = service_spawn(s,
s->control_command,
s->timeout_start_usec,
- (s->permissions_start_only ? 0 : EXEC_APPLY_PERMISSIONS) |
- (s->root_directory_start_only ? 0 : EXEC_APPLY_CHROOT) |
- EXEC_IS_CONTROL,
+ EXEC_APPLY_PERMISSIONS|EXEC_APPLY_CHROOT|EXEC_IS_CONTROL,
&s->control_pid);
if (r < 0)
goto fail;
@@ -1899,10 +1897,8 @@ static void service_run_next_control(Service *s) {
r = service_spawn(s,
s->control_command,
timeout,
- (s->permissions_start_only ? 0 : EXEC_APPLY_PERMISSIONS) |
- (s->root_directory_start_only ? 0 : EXEC_APPLY_CHROOT) |
- (IN_SET(s->control_command_id, SERVICE_EXEC_START_PRE, SERVICE_EXEC_STOP_POST) ? EXEC_APPLY_TTY_STDIN : 0)|
- EXEC_IS_CONTROL,
+ EXEC_APPLY_PERMISSIONS|EXEC_APPLY_CHROOT|EXEC_IS_CONTROL|
+ (IN_SET(s->control_command_id, SERVICE_EXEC_START_PRE, SERVICE_EXEC_STOP_POST) ? EXEC_APPLY_TTY_STDIN : 0),
&s->control_pid);
if (r < 0)
goto fail;