diff options
author | Lennart Poettering <lennart@poettering.net> | 2015-05-13 16:34:02 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2015-05-13 16:34:02 +0200 |
commit | 8b44a3d22c1fdfc5ce5fcb77e38a90ec02ba8019 (patch) | |
tree | 81c7be1fffa891ea25605cf2a09255ee55134fae /src/core/execute.c | |
parent | f42348ace7feb2311593b8cf6c876856eecf256a (diff) |
core: make exec code a bit more readable
Let's add a function that checks whether we need fs namespacing, to make
things easier to read, instead of using a humungous if expression...
Diffstat (limited to 'src/core/execute.c')
-rw-r--r-- | src/core/execute.c | 41 |
1 files changed, 31 insertions, 10 deletions
diff --git a/src/core/execute.c b/src/core/execute.c index 1a297ba96c..0cca4813a8 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -1257,6 +1257,36 @@ static int build_environment( return 0; } +static bool exec_needs_mount_namespace( + const ExecContext *context, + const ExecParameters *params, + ExecRuntime *runtime) { + + assert(context); + assert(params); + + if (!strv_isempty(context->read_write_dirs) || + !strv_isempty(context->read_only_dirs) || + !strv_isempty(context->inaccessible_dirs)) + return true; + + if (context->mount_flags != 0) + return true; + + if (context->private_tmp && runtime && (runtime->tmp_dir || runtime->var_tmp_dir)) + return true; + + if (params->bus_endpoint_path) + return true; + + if (context->private_devices || + context->protect_system != PROTECT_SYSTEM_NO || + context->protect_home != PROTECT_HOME_NO) + return true; + + return false; +} + static int exec_child( Unit *unit, ExecCommand *command, @@ -1555,16 +1585,7 @@ static int exec_child( } } - if (!strv_isempty(context->read_write_dirs) || - !strv_isempty(context->read_only_dirs) || - !strv_isempty(context->inaccessible_dirs) || - context->mount_flags != 0 || - (context->private_tmp && runtime && (runtime->tmp_dir || runtime->var_tmp_dir)) || - params->bus_endpoint_path || - context->private_devices || - context->protect_system != PROTECT_SYSTEM_NO || - context->protect_home != PROTECT_HOME_NO) { - + if (exec_needs_mount_namespace(context, params, runtime)) { char *tmp = NULL, *var = NULL; /* The runtime struct only contains the parent |