diff options
author | Lennart Poettering <lennart@poettering.net> | 2010-06-18 23:12:48 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2010-06-18 23:12:48 +0200 |
commit | c952c6ece28b6c0f774f823c917f458fe3424993 (patch) | |
tree | 03de0a764b996486406baeedd5721b6338334ea8 /src/service.c | |
parent | e55224ca655e6c4ec745a84ae5a051a9e6e5f74f (diff) |
service: add minimal access control logic for notifcation socket
Diffstat (limited to 'src/service.c')
-rw-r--r-- | src/service.c | 73 |
1 files changed, 67 insertions, 6 deletions
diff --git a/src/service.c b/src/service.c index 905eadb986..abd2a6d7c2 100644 --- a/src/service.c +++ b/src/service.c @@ -850,6 +850,9 @@ static int service_load(Unit *u) { if ((r = unit_watch_bus_name(u, s->bus_name)) < 0) return r; } + + if (s->type == SERVICE_NOTIFY && s->notify_access == NOTIFY_NONE) + s->notify_access = NOTIFY_MAIN; } return service_verify(s); @@ -873,13 +876,15 @@ static void service_dump(Unit *u, FILE *f, const char *prefix) { "%sRootDirectoryStartOnly: %s\n" "%sValidNoProcess: %s\n" "%sKillMode: %s\n" - "%sType: %s\n", + "%sType: %s\n" + "%sNotifyAccess: %s\n", prefix, service_state_to_string(s->state), prefix, yes_no(s->permissions_start_only), prefix, yes_no(s->root_directory_start_only), prefix, yes_no(s->valid_no_process), prefix, kill_mode_to_string(s->kill_mode), - prefix, service_type_to_string(s->type)); + prefix, service_type_to_string(s->type), + prefix, notify_access_to_string(s->notify_access)); if (s->control_pid > 0) fprintf(f, @@ -1245,13 +1250,14 @@ static int service_spawn( bool pass_fds, bool apply_permissions, bool apply_chroot, + bool set_notify_socket, pid_t *_pid) { pid_t pid; int r; int *fds = NULL; unsigned n_fds = 0; - char **argv; + char **argv = NULL, **env = NULL; assert(s); assert(c); @@ -1276,11 +1282,29 @@ static int service_spawn( goto fail; } + if (set_notify_socket) { + char *t; + + if (asprintf(&t, "NOTIFY_SOCKET=@%s", s->meta.manager->notify_socket) < 0) { + r = -ENOMEM; + goto fail; + } + + env = strv_env_set(s->meta.manager->environment, t); + free(t); + + if (!env) { + r = -ENOMEM; + goto fail; + } + } else + env = s->meta.manager->environment; + r = exec_spawn(c, argv, &s->exec_context, fds, n_fds, - s->meta.manager->environment, + env, apply_permissions, apply_chroot, UNIT(s)->meta.manager->confirm_spawn, @@ -1288,6 +1312,12 @@ static int service_spawn( &pid); strv_free(argv); + argv = NULL; + + if (set_notify_socket) + strv_free(env); + env = NULL; + if (r < 0) goto fail; @@ -1309,6 +1339,11 @@ static int service_spawn( fail: free(fds); + strv_free(argv); + + if (set_notify_socket) + strv_free(env); + if (timeout) unit_unwatch_timer(UNIT(s), &s->timer_watch); @@ -1395,6 +1430,7 @@ static void service_enter_stop_post(Service *s, bool success) { false, !s->permissions_start_only, !s->root_directory_start_only, + false, &s->control_pid)) < 0) goto fail; @@ -1493,6 +1529,7 @@ static void service_enter_stop(Service *s, bool success) { false, !s->permissions_start_only, !s->root_directory_start_only, + false, &s->control_pid)) < 0) goto fail; @@ -1537,6 +1574,7 @@ static void service_enter_start_post(Service *s) { false, !s->permissions_start_only, !s->root_directory_start_only, + false, &s->control_pid)) < 0) goto fail; @@ -1571,6 +1609,7 @@ static void service_enter_start(Service *s) { true, true, true, + s->notify_access != NOTIFY_NONE, &pid)) < 0) goto fail; @@ -1630,6 +1669,7 @@ static void service_enter_start_pre(Service *s) { false, !s->permissions_start_only, !s->root_directory_start_only, + false, &s->control_pid)) < 0) goto fail; @@ -1677,6 +1717,7 @@ static void service_enter_reload(Service *s) { false, !s->permissions_start_only, !s->root_directory_start_only, + false, &s->control_pid)) < 0) goto fail; @@ -1711,6 +1752,7 @@ static void service_run_next(Service *s, bool success) { false, !s->permissions_start_only, !s->root_directory_start_only, + false, &s->control_pid)) < 0) goto fail; @@ -2218,12 +2260,24 @@ static void service_cgroup_notify_event(Unit *u) { } } -static void service_notify_message(Unit *u, char **tags) { +static void service_notify_message(Unit *u, pid_t pid, char **tags) { Service *s = SERVICE(u); const char *e; assert(u); + if (s->notify_access == NOTIFY_NONE) { + log_warning("%s: Got notification message from PID %lu, but reception is disabled.", + u->meta.id, (unsigned long) pid); + return; + } + + if (s->notify_access == NOTIFY_MAIN && pid != s->main_pid) { + log_warning("%s: Got notification message from PID %lu, but reception only permitted for PID %lu", + u->meta.id, (unsigned long) pid, (unsigned long) s->main_pid); + return; + } + log_debug("%s: Got message", u->meta.id); /* Interpret MAINPID= */ @@ -2232,7 +2286,6 @@ static void service_notify_message(Unit *u, char **tags) { s->state == SERVICE_START_POST || s->state == SERVICE_RUNNING || s->state == SERVICE_RELOAD)) { - pid_t pid; if (parse_pid(e + 8, &pid) < 0) log_warning("Failed to parse %s", e); @@ -2545,6 +2598,14 @@ static const char* const service_exec_command_table[_SERVICE_EXEC_COMMAND_MAX] = DEFINE_STRING_TABLE_LOOKUP(service_exec_command, ServiceExecCommand); +static const char* const notify_access_table[_NOTIFY_ACCESS_MAX] = { + [NOTIFY_NONE] = "none", + [NOTIFY_MAIN] = "main", + [NOTIFY_ALL] = "all" +}; + +DEFINE_STRING_TABLE_LOOKUP(notify_access, NotifyAccess); + const UnitVTable service_vtable = { .suffix = ".service", |