diff options
-rw-r--r-- | shell-completion/bash/systemd-run | 3 | ||||
-rw-r--r-- | src/core/dbus-execute.c | 51 | ||||
-rw-r--r-- | src/shared/bus-util.c | 50 |
3 files changed, 103 insertions, 1 deletions
diff --git a/shell-completion/bash/systemd-run b/shell-completion/bash/systemd-run index ea59a42407..63c50c97ff 100644 --- a/shell-completion/bash/systemd-run +++ b/shell-completion/bash/systemd-run @@ -84,7 +84,8 @@ _systemd_run() { LimitNICE= LimitRTPRIO= LimitRTTIME= PrivateTmp= PrivateDevices= PrivateNetwork= NoNewPrivileges= WorkingDirectory= RootDirectory= TTYPath= SyslogIdentifier= SyslogLevelPrefix= SyslogLevel= - SyslogFacility= TimerSlackNSec= OOMScoreAdjust=' + SyslogFacility= TimerSlackNSec= OOMScoreAdjust= ReadWriteDirectories= + ReadOnlyDirectories= InaccessibleDirectories=' COMPREPLY=( $(compgen -W '$comps' -- "$cur") ) return 0 diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c index e5d1cbb6be..6712b86232 100644 --- a/src/core/dbus-execute.c +++ b/src/core/dbus-execute.c @@ -36,6 +36,7 @@ #include "af-list.h" #include "namespace.h" #include "path-util.h" +#include "utf8.h" #include "dbus-execute.h" #ifdef HAVE_SECCOMP @@ -1284,6 +1285,56 @@ int bus_exec_context_set_transient_property( return 1; + } else if (STR_IN_SET(name, "ReadWriteDirectories", "ReadOnlyDirectories", "InaccessibleDirectories")) { + + _cleanup_strv_free_ char **l = NULL; + char ***dirs; + char **p; + + r = sd_bus_message_read_strv(message, &l); + if (r < 0) + return r; + + STRV_FOREACH(p, l) { + int offset; + if (!utf8_is_valid(*p)) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid %s", name); + + offset = **p == '-'; + if (!path_is_absolute(*p + offset)) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid %s", name); + } + + if (mode != UNIT_CHECK) { + _cleanup_free_ char *joined = NULL; + + if (streq(name, "ReadWriteDirectories")) + dirs = &c->read_write_dirs; + else if (streq(name, "ReadOnlyDirectories")) + dirs = &c->read_only_dirs; + else if (streq(name, "InaccessibleDirectories")) + dirs = &c->inaccessible_dirs; + + if (strv_length(l) == 0) { + *dirs = strv_free(*dirs); + unit_write_drop_in_private_format(u, mode, name, "%s=\n", name); + } else { + r = strv_extend_strv(dirs, l, true); + + if (r < 0) + return -ENOMEM; + + joined = strv_join_quoted(*dirs); + if (!joined) + return -ENOMEM; + + unit_write_drop_in_private_format(u, mode, name, "%s=%s\n", name, joined); + } + + } + + return 1; + } else if (rlimit_from_string(name) >= 0) { uint64_t rl; rlim_t x; diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c index 044862199b..9c4d6a2da0 100644 --- a/src/shared/bus-util.c +++ b/src/shared/bus-util.c @@ -39,6 +39,7 @@ #include "signal-util.h" #include "strv.h" #include "unit-name.h" +#include "utf8.h" #include "util.h" #include "bus-util.h" @@ -1728,6 +1729,55 @@ int bus_append_unit_property_assignment(sd_bus_message *m, const char *assignmen } r = sd_bus_message_append(m, "v", "i", oa); + } else if (STR_IN_SET(field, "ReadWriteDirectories", "ReadOnlyDirectories", "InaccessibleDirectories")) { + const char *p; + + r = sd_bus_message_open_container(m, 'v', "as"); + if (r < 0) + return bus_log_create_error(r); + + r = sd_bus_message_open_container(m, 'a', "s"); + if (r < 0) + return bus_log_create_error(r); + + p = eq; + + for (;;) { + _cleanup_free_ char *word = NULL; + int offset; + + r = extract_first_word(&p, &word, NULL, EXTRACT_QUOTES); + if (r < 0) { + log_error("Failed to parse %s value %s", field, eq); + return -EINVAL; + } + if (r == 0) + break; + + if (!utf8_is_valid(word)) { + log_error("Failed to parse %s value %s", field, eq); + return -EINVAL; + } + + offset = word[0] == '-'; + if (!path_is_absolute(word + offset)) { + log_error("Failed to parse %s value %s", field, eq); + return -EINVAL; + } + + path_kill_slashes(word + offset); + + r = sd_bus_message_append_basic(m, 's', word); + if (r < 0) + return bus_log_create_error(r); + } + + r = sd_bus_message_close_container(m); + if (r < 0) + return bus_log_create_error(r); + + r = sd_bus_message_close_container(m); + } else { log_error("Unknown assignment %s.", assignment); return -EINVAL; |