summaryrefslogtreecommitdiff
path: root/src/core
diff options
context:
space:
mode:
Diffstat (limited to 'src/core')
-rw-r--r--src/core/cgroup.h1
-rw-r--r--src/core/dbus-cgroup.c1
-rw-r--r--src/core/dbus-execute.c6
-rw-r--r--src/core/execute.c8
-rw-r--r--src/core/execute.h6
-rw-r--r--src/core/manager.c1
-rw-r--r--src/core/namespace.c18
-rw-r--r--src/core/scope.h2
8 files changed, 21 insertions, 22 deletions
diff --git a/src/core/cgroup.h b/src/core/cgroup.h
index f21409bd5d..a57403e79f 100644
--- a/src/core/cgroup.h
+++ b/src/core/cgroup.h
@@ -119,7 +119,6 @@ struct CGroupContext {
bool delegate;
};
-#include "cgroup-util.h"
#include "unit.h"
void cgroup_context_init(CGroupContext *c);
diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c
index 27bbe2d26d..6167ce92cd 100644
--- a/src/core/dbus-cgroup.c
+++ b/src/core/dbus-cgroup.c
@@ -960,6 +960,7 @@ int bus_cgroup_set_property(
while ((r = sd_bus_message_read(message, "(ss)", &path, &rwm)) > 0) {
if ((!startswith(path, "/dev/") &&
+ !startswith(path, "/run/systemd/inaccessible/") &&
!startswith(path, "block-") &&
!startswith(path, "char-")) ||
strpbrk(path, WHITESPACE))
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index b2ef3db491..307c3d8e7a 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -695,9 +695,9 @@ const sd_bus_vtable bus_exec_vtable[] = {
SD_BUS_PROPERTY("Group", "s", NULL, offsetof(ExecContext, group), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("SupplementaryGroups", "as", NULL, offsetof(ExecContext, supplementary_groups), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("PAMName", "s", NULL, offsetof(ExecContext, pam_name), SD_BUS_VTABLE_PROPERTY_CONST),
- SD_BUS_PROPERTY("ReadWriteDirectories", "as", NULL, offsetof(ExecContext, read_write_paths), SD_BUS_VTABLE_PROPERTY_CONST),
- SD_BUS_PROPERTY("ReadOnlyDirectories", "as", NULL, offsetof(ExecContext, read_only_paths), SD_BUS_VTABLE_PROPERTY_CONST),
- SD_BUS_PROPERTY("InaccessibleDirectories", "as", NULL, offsetof(ExecContext, inaccessible_paths), SD_BUS_VTABLE_PROPERTY_CONST),
+ SD_BUS_PROPERTY("ReadWriteDirectories", "as", NULL, offsetof(ExecContext, read_write_paths), SD_BUS_VTABLE_PROPERTY_CONST|SD_BUS_VTABLE_HIDDEN),
+ SD_BUS_PROPERTY("ReadOnlyDirectories", "as", NULL, offsetof(ExecContext, read_only_paths), SD_BUS_VTABLE_PROPERTY_CONST|SD_BUS_VTABLE_HIDDEN),
+ SD_BUS_PROPERTY("InaccessibleDirectories", "as", NULL, offsetof(ExecContext, inaccessible_paths), SD_BUS_VTABLE_PROPERTY_CONST|SD_BUS_VTABLE_HIDDEN),
SD_BUS_PROPERTY("ReadWritePaths", "as", NULL, offsetof(ExecContext, read_write_paths), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("ReadOnlyPaths", "as", NULL, offsetof(ExecContext, read_only_paths), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("InaccessiblePaths", "as", NULL, offsetof(ExecContext, inaccessible_paths), SD_BUS_VTABLE_PROPERTY_CONST),
diff --git a/src/core/execute.c b/src/core/execute.c
index 05dc1aaec1..7c178b97c3 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -290,10 +290,10 @@ static int connect_journal_socket(int fd, uid_t uid, gid_t gid) {
}
static int connect_logger_as(
+ Unit *unit,
const ExecContext *context,
ExecOutput output,
const char *ident,
- const char *unit_id,
int nfd,
uid_t uid,
gid_t gid) {
@@ -329,7 +329,7 @@ static int connect_logger_as(
"%i\n"
"%i\n",
context->syslog_identifier ? context->syslog_identifier : ident,
- unit_id,
+ unit->id,
context->syslog_priority,
!!context->syslog_level_prefix,
output == EXEC_OUTPUT_SYSLOG || output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
@@ -544,7 +544,7 @@ static int setup_output(
case EXEC_OUTPUT_KMSG_AND_CONSOLE:
case EXEC_OUTPUT_JOURNAL:
case EXEC_OUTPUT_JOURNAL_AND_CONSOLE:
- r = connect_logger_as(context, o, ident, unit->id, fileno, uid, gid);
+ r = connect_logger_as(unit, context, o, ident, fileno, uid, gid);
if (r < 0) {
log_unit_error_errno(unit, r, "Failed to connect %s to the journal socket, ignoring: %m", fileno == STDOUT_FILENO ? "stdout" : "stderr");
r = open_null_as(O_WRONLY, fileno);
@@ -3062,7 +3062,7 @@ int exec_runtime_make(ExecRuntime **rt, ExecContext *c, const char *id) {
return r;
if (c->private_network && (*rt)->netns_storage_socket[0] < 0) {
- if (socketpair(AF_UNIX, SOCK_DGRAM, 0, (*rt)->netns_storage_socket) < 0)
+ if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, (*rt)->netns_storage_socket) < 0)
return -errno;
}
diff --git a/src/core/execute.h b/src/core/execute.h
index 73b8a119b0..189c4d0999 100644
--- a/src/core/execute.h
+++ b/src/core/execute.h
@@ -30,6 +30,7 @@ typedef struct ExecParameters ExecParameters;
#include <stdio.h>
#include <sys/capability.h>
+#include "cgroup-util.h"
#include "fdset.h"
#include "list.h"
#include "missing.h"
@@ -203,9 +204,6 @@ struct ExecContext {
bool no_new_privileges_set:1;
};
-#include "cgroup-util.h"
-#include "cgroup.h"
-
struct ExecParameters {
char **argv;
char **environment;
@@ -236,6 +234,8 @@ struct ExecParameters {
int stderr_fd;
};
+#include "unit.h"
+
int exec_spawn(Unit *unit,
ExecCommand *command,
const ExecContext *context,
diff --git a/src/core/manager.c b/src/core/manager.c
index c69b797430..a0181e2138 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -64,7 +64,6 @@
#include "manager.h"
#include "missing.h"
#include "mkdir.h"
-#include "mkdir.h"
#include "parse-util.h"
#include "path-lookup.h"
#include "path-util.h"
diff --git a/src/core/namespace.c b/src/core/namespace.c
index 722538caf1..52a2505d94 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -291,16 +291,15 @@ static int apply_mount(
* inaccessible path. */
umount_recursive(m->path, 0);
- r = lstat(m->path, &target);
- if (r != 0) {
+ if (lstat(m->path, &target) < 0) {
if (m->ignore && errno == ENOENT)
return 0;
return -errno;
}
what = mode_to_inaccessible_node(target.st_mode);
- if (what == NULL) {
- log_debug("File type not supported. Note that symlinks are not allowed");
+ if (!what) {
+ log_debug("File type not supported for inaccessible mounts. Note that symlinks are not allowed");
return -ELOOP;
}
break;
@@ -331,12 +330,10 @@ static int apply_mount(
if (r >= 0) {
log_debug("Successfully mounted %s to %s", what, m->path);
return r;
- }
- else {
+ } else {
if (m->ignore && errno == ENOENT)
return 0;
- log_debug("Failed mounting %s to %s: %s", what, m->path, strerror(errno));
- return -errno;
+ return log_debug_errno(errno, "Failed to mount %s to %s: %m", what, m->path);
}
}
@@ -350,7 +347,8 @@ static int make_read_only(BindMount *m) {
else if (IN_SET(m->mode, READWRITE, PRIVATE_TMP, PRIVATE_VAR_TMP, PRIVATE_DEV)) {
r = bind_remount_recursive(m->path, false);
if (r == 0 && m->mode == PRIVATE_DEV) /* can be readonly but the submounts can't*/
- r = mount(NULL, m->path, NULL, MS_REMOUNT|DEV_MOUNT_OPTIONS|MS_RDONLY, NULL);
+ if (mount(NULL, m->path, NULL, MS_REMOUNT|DEV_MOUNT_OPTIONS|MS_RDONLY, NULL) < 0)
+ r = -errno;
} else
r = 0;
@@ -644,7 +642,7 @@ int setup_netns(int netns_storage_socket[2]) {
}
fail:
- lockf(netns_storage_socket[0], F_ULOCK, 0);
+ (void) lockf(netns_storage_socket[0], F_ULOCK, 0);
return r;
}
diff --git a/src/core/scope.h b/src/core/scope.h
index 94e9807bff..eaf8e8b447 100644
--- a/src/core/scope.h
+++ b/src/core/scope.h
@@ -21,7 +21,9 @@
typedef struct Scope Scope;
+#include "cgroup.h"
#include "kill.h"
+#include "unit.h"
typedef enum ScopeResult {
SCOPE_SUCCESS,
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-26 11:46:21 +0000