diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-07-26 17:53:07 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-08-04 16:27:07 +0200 |
commit | 9c1a61adba1ed61a405bc30675f08b8442eefd70 (patch) | |
tree | 3c646807a15ca405bf7599d4e043c795ca06b552 | |
parent | c39f1ce24ddb1aa683991c5099dcc2afbfcbc57c (diff) |
core: move masking of chroot/permission masking into service_spawn()
Let's fix up the flags fields in service_spawn() rather than its callers, in
order to simplify things a bit.
-rw-r--r-- | src/core/execute.h | 2 | ||||
-rw-r--r-- | src/core/service.c | 34 |
2 files changed, 16 insertions, 20 deletions
diff --git a/src/core/execute.h b/src/core/execute.h index 77418ea2ad..8d659ca178 100644 --- a/src/core/execute.h +++ b/src/core/execute.h @@ -214,7 +214,7 @@ typedef enum ExecFlags { EXEC_APPLY_CHROOT = 1U << 2, EXEC_APPLY_TTY_STDIN = 1U << 3, - /* The following are not usec by execute.c, but by consumers internally */ + /* The following are not used by execute.c, but by consumers internally */ EXEC_PASS_FDS = 1U << 4, EXEC_IS_CONTROL = 1U << 5, } ExecFlags; diff --git a/src/core/service.c b/src/core/service.c index b4db7d17ed..32b8e7d2c5 100644 --- a/src/core/service.c +++ b/src/core/service.c @@ -1174,6 +1174,14 @@ static int service_spawn( assert(c); assert(_pid); + if (flags & EXEC_IS_CONTROL) { + /* If this is a control process, mask the permissions/chroot application if this is requested. */ + if (s->permissions_start_only) + exec_params.flags &= ~EXEC_APPLY_PERMISSIONS; + if (s->root_directory_start_only) + exec_params.flags &= ~EXEC_APPLY_CHROOT; + } + (void) unit_realize_cgroup(UNIT(s)); if (s->reset_cpu_usage) { (void) unit_reset_cpu_usage(UNIT(s)); @@ -1459,9 +1467,7 @@ static void service_enter_stop_post(Service *s, ServiceResult f) { r = service_spawn(s, s->control_command, s->timeout_stop_usec, - (s->permissions_start_only ? 0 : EXEC_APPLY_PERMISSIONS) | - (s->root_directory_start_only ? 0 : EXEC_APPLY_CHROOT) | - EXEC_APPLY_TTY_STDIN | EXEC_IS_CONTROL, + EXEC_APPLY_PERMISSIONS|EXEC_APPLY_CHROOT|EXEC_APPLY_TTY_STDIN|EXEC_IS_CONTROL, &s->control_pid); if (r < 0) goto fail; @@ -1572,9 +1578,7 @@ static void service_enter_stop(Service *s, ServiceResult f) { r = service_spawn(s, s->control_command, s->timeout_stop_usec, - (s->permissions_start_only ? 0 : EXEC_APPLY_PERMISSIONS) | - (s->root_directory_start_only ? 0 : EXEC_APPLY_CHROOT) | - EXEC_IS_CONTROL, + EXEC_APPLY_PERMISSIONS|EXEC_APPLY_CHROOT|EXEC_IS_CONTROL, &s->control_pid); if (r < 0) goto fail; @@ -1651,9 +1655,7 @@ static void service_enter_start_post(Service *s) { r = service_spawn(s, s->control_command, s->timeout_start_usec, - (s->permissions_start_only ? 0 : EXEC_APPLY_PERMISSIONS)| - (s->root_directory_start_only ? 0 : EXEC_APPLY_CHROOT)| - EXEC_IS_CONTROL, + EXEC_APPLY_PERMISSIONS|EXEC_APPLY_CHROOT|EXEC_IS_CONTROL, &s->control_pid); if (r < 0) goto fail; @@ -1782,9 +1784,7 @@ static void service_enter_start_pre(Service *s) { r = service_spawn(s, s->control_command, s->timeout_start_usec, - (s->permissions_start_only ? 0 : EXEC_APPLY_PERMISSIONS) | - (s->root_directory_start_only ? 0: EXEC_APPLY_CHROOT) | - EXEC_IS_CONTROL|EXEC_APPLY_TTY_STDIN, + EXEC_APPLY_PERMISSIONS|EXEC_APPLY_CHROOT|EXEC_IS_CONTROL|EXEC_APPLY_TTY_STDIN, &s->control_pid); if (r < 0) goto fail; @@ -1859,9 +1859,7 @@ static void service_enter_reload(Service *s) { r = service_spawn(s, s->control_command, s->timeout_start_usec, - (s->permissions_start_only ? 0 : EXEC_APPLY_PERMISSIONS) | - (s->root_directory_start_only ? 0 : EXEC_APPLY_CHROOT) | - EXEC_IS_CONTROL, + EXEC_APPLY_PERMISSIONS|EXEC_APPLY_CHROOT|EXEC_IS_CONTROL, &s->control_pid); if (r < 0) goto fail; @@ -1899,10 +1897,8 @@ static void service_run_next_control(Service *s) { r = service_spawn(s, s->control_command, timeout, - (s->permissions_start_only ? 0 : EXEC_APPLY_PERMISSIONS) | - (s->root_directory_start_only ? 0 : EXEC_APPLY_CHROOT) | - (IN_SET(s->control_command_id, SERVICE_EXEC_START_PRE, SERVICE_EXEC_STOP_POST) ? EXEC_APPLY_TTY_STDIN : 0)| - EXEC_IS_CONTROL, + EXEC_APPLY_PERMISSIONS|EXEC_APPLY_CHROOT|EXEC_IS_CONTROL| + (IN_SET(s->control_command_id, SERVICE_EXEC_START_PRE, SERVICE_EXEC_STOP_POST) ? EXEC_APPLY_TTY_STDIN : 0), &s->control_pid); if (r < 0) goto fail; |