diff options
| author | Lennart Poettering <lennart@poettering.net> | 2014-11-05 17:57:23 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2014-11-05 18:49:14 +0100 |
| commit | a931ad47a8623163a29d898224d8a8c1177ffdaf (patch) | |
| tree | 34741242cc98bf038f3b57058e4b283b0d53b275 /src/core/execute.c | |
| parent | c962cb68d5754690cbe924a0d0b4251053217783 (diff) | |
core: introduce new Delegate=yes/no property controlling creation of cgroup subhierarchies
For priviliged units this resource control property ensures that the
processes have all controllers systemd manages enabled.
For unpriviliged services (those with User= set) this ensures that
access rights to the service cgroup is granted to the user in question,
to create further subgroups. Note that this only applies to the
name=systemd hierarchy though, as access to other controllers is not
safe for unpriviliged processes.
Delegate=yes should be set for container scopes where a systemd instance
inside the container shall manage the hierarchies below its own cgroup
and have access to all controllers.
Delegate=yes should also be set for user@.service, so that systemd
--user can run, controlling its own cgroup tree.
This commit changes machined, systemd-nspawn@.service and user@.service
to set this boolean, in order to ensure that container management will
just work, and the user systemd instance can run fine.
Diffstat (limited to 'src/core/execute.c')
| -rw-r--r-- | src/core/execute.c | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/src/core/execute.c b/src/core/execute.c index c41aec222d..5cfd4a1f97 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -1444,8 +1444,10 @@ static int exec_child(ExecCommand *command, } #endif -#ifdef HAVE_PAM - if (params->cgroup_path && context->user && context->pam_name) { + /* If delegation is enabled we'll pass ownership of the cgroup + * (but only in systemd's own controller hierarchy!) to the + * user of the new process. */ + if (params->cgroup_path && context->user && params->cgroup_delegate) { err = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER, params->cgroup_path, 0644, uid, gid); if (err < 0) { *error = EXIT_CGROUP; @@ -1459,7 +1461,6 @@ static int exec_child(ExecCommand *command, return err; } } -#endif if (!strv_isempty(context->runtime_directory) && params->runtime_prefix) { char **rt; @@ -2402,6 +2403,21 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) { prefix, c->apparmor_profile_ignore ? "-" : "", c->apparmor_profile); } +bool exec_context_maintains_privileges(ExecContext *c) { + assert(c); + + /* Returns true if the process forked off would run run under + * an unchanged UID or as root. */ + + if (!c->user) + return true; + + if (streq(c->user, "root") || streq(c->user, "0")) + return true; + + return false; +} + void exec_status_start(ExecStatus *s, pid_t pid) { assert(s); |