summaryrefslogtreecommitdiff
path: root/src/core/dbus-execute.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-10-21 12:08:44 +0200
committerLennart Poettering <lennart@poettering.net>2015-10-21 12:08:44 +0200
commit5e4cecfb67efa5f62345271af30865de1721b8f2 (patch)
tree28c341274e428dc3c3d29ebb612a9bbdd53c87ba /src/core/dbus-execute.c
parent27f9eda40a73d419ddb7a62b67a7284f5543180d (diff)
parent64a713d94dea614ac6bd35d8c4b1d5b96add3347 (diff)
Merge pull request #1623 from evverx/run-rw-ro-ia-dirs
systemd-run can launch units with ReadWriteDirectories, ReadOnlyDirectories, InaccessibleDirectories
Diffstat (limited to 'src/core/dbus-execute.c')
-rw-r--r--src/core/dbus-execute.c51
1 files changed, 51 insertions, 0 deletions
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index e5d1cbb6be..6712b86232 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -36,6 +36,7 @@
#include "af-list.h"
#include "namespace.h"
#include "path-util.h"
+#include "utf8.h"
#include "dbus-execute.h"
#ifdef HAVE_SECCOMP
@@ -1284,6 +1285,56 @@ int bus_exec_context_set_transient_property(
return 1;
+ } else if (STR_IN_SET(name, "ReadWriteDirectories", "ReadOnlyDirectories", "InaccessibleDirectories")) {
+
+ _cleanup_strv_free_ char **l = NULL;
+ char ***dirs;
+ char **p;
+
+ r = sd_bus_message_read_strv(message, &l);
+ if (r < 0)
+ return r;
+
+ STRV_FOREACH(p, l) {
+ int offset;
+ if (!utf8_is_valid(*p))
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid %s", name);
+
+ offset = **p == '-';
+ if (!path_is_absolute(*p + offset))
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid %s", name);
+ }
+
+ if (mode != UNIT_CHECK) {
+ _cleanup_free_ char *joined = NULL;
+
+ if (streq(name, "ReadWriteDirectories"))
+ dirs = &c->read_write_dirs;
+ else if (streq(name, "ReadOnlyDirectories"))
+ dirs = &c->read_only_dirs;
+ else if (streq(name, "InaccessibleDirectories"))
+ dirs = &c->inaccessible_dirs;
+
+ if (strv_length(l) == 0) {
+ *dirs = strv_free(*dirs);
+ unit_write_drop_in_private_format(u, mode, name, "%s=\n", name);
+ } else {
+ r = strv_extend_strv(dirs, l, true);
+
+ if (r < 0)
+ return -ENOMEM;
+
+ joined = strv_join_quoted(*dirs);
+ if (!joined)
+ return -ENOMEM;
+
+ unit_write_drop_in_private_format(u, mode, name, "%s=%s\n", name, joined);
+ }
+
+ }
+
+ return 1;
+
} else if (rlimit_from_string(name) >= 0) {
uint64_t rl;
rlim_t x;