diff options
| author | Lennart Poettering <lennart@poettering.net> | 2013-04-29 19:15:30 -0300 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2013-04-30 08:36:01 -0300 |
| commit | 5954c07433b134694256b9989f2ad3f85a643976 (patch) | |
| tree | 199057819796d79598ee974a8a12101d49ff222a /src/core/unit.c | |
| parent | aa96c6cb44a6eeccc506ae055aae2519a7f914e1 (diff) | |
cgroup: do not allow manipulating the cgroup path of units within the systemd:/system subtree
Diffstat (limited to 'src/core/unit.c')
| -rw-r--r-- | src/core/unit.c | 35 |
1 files changed, 20 insertions, 15 deletions
diff --git a/src/core/unit.c b/src/core/unit.c index 282852fed3..c0f156c928 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -1977,10 +1977,16 @@ static int unit_add_cgroup(Unit *u, CGroupBonding *b) { } char *unit_default_cgroup_path(Unit *u) { + _cleanup_free_ char *escaped_instance = NULL; + assert(u); + escaped_instance = cg_escape(u->id); + if (!escaped_instance) + return NULL; + if (u->instance) { - _cleanup_free_ char *t = NULL, *escaped_template = NULL, *escaped_instance = NULL; + _cleanup_free_ char *t = NULL, *escaped_template = NULL; t = unit_name_template(u->id); if (!t) @@ -1990,20 +1996,9 @@ char *unit_default_cgroup_path(Unit *u) { if (!escaped_template) return NULL; - escaped_instance = cg_escape(u->id); - if (!escaped_instance) - return NULL; - return strjoin(u->manager->cgroup_hierarchy, "/", escaped_template, "/", escaped_instance, NULL); - } else { - _cleanup_free_ char *escaped = NULL; - - escaped = cg_escape(u->id); - if (!escaped) - return NULL; - - return strjoin(u->manager->cgroup_hierarchy, "/", escaped, NULL); - } + } else + return strjoin(u->manager->cgroup_hierarchy, "/", escaped_instance, NULL); } int unit_add_cgroup_from_text(Unit *u, const char *name, bool overwrite, CGroupBonding **ret) { @@ -2025,7 +2020,7 @@ int unit_add_cgroup_from_text(Unit *u, const char *name, bool overwrite, CGroupB } if (!controller) { - controller = strdup(SYSTEMD_CGROUP_CONTROLLER); + controller = strdup("systemd"); ours = true; } @@ -2035,6 +2030,16 @@ int unit_add_cgroup_from_text(Unit *u, const char *name, bool overwrite, CGroupB return log_oom(); } + if (streq(controller, "systemd")) { + /* Within the systemd unit hierarchy we do not allow changes. */ + if (path_startswith(path, "/system")) { + log_warning_unit(u->id, "Manipulating the systemd:/system cgroup hierarchy is not permitted."); + free(path); + free(controller); + return -EPERM; + } + } + b = cgroup_bonding_find_list(u->cgroup_bondings, controller); if (b) { if (streq(path, b->path)) { |