1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-20 14:03:39 +03:00

core: change ExecStart=! syntax to ExecStart=+ (#3797)

As suggested by @mbiebl we already use the "!" special char in unit file
assignments for negation, hence we should not use it in a different context for
privileged execution. Let's use "+" instead.
This commit is contained in:
Lennart Poettering 2016-07-25 16:53:33 +02:00 committed by Martin Pitt
parent f777b4345e
commit 43eb109aa9
4 changed files with 20 additions and 24 deletions

2
NEWS
View File

@ -4,7 +4,7 @@ CHANGES WITH 231:
* In service units the various ExecXYZ= settings have been extended * In service units the various ExecXYZ= settings have been extended
with an additional special character as first argument of the with an additional special character as first argument of the
assigned value: if the character '!' is used the specified command assigned value: if the character '+' is used the specified command
line it will be run with full privileges, regardless of User=, line it will be run with full privileges, regardless of User=,
Group=, CapabilityBoundingSet= and similar options. The effect is Group=, CapabilityBoundingSet= and similar options. The effect is
similar to the existing PermissionsStartOnly= option, but allows similar to the existing PermissionsStartOnly= option, but allows

View File

@ -146,7 +146,7 @@
<listitem><para>Sets the Unix user or group that the processes <listitem><para>Sets the Unix user or group that the processes
are executed as, respectively. Takes a single user or group are executed as, respectively. Takes a single user or group
name or ID as argument. If no group is set, the default group name or ID as argument. If no group is set, the default group
of the user is chosen. These do not affect commands prefixed with <literal>!</literal>.</para></listitem> of the user is chosen. These do not affect commands prefixed with <literal>+</literal>.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -161,7 +161,7 @@
this one will have no effect. In any way, this option does not this one will have no effect. In any way, this option does not
override, but extends the list of supplementary groups override, but extends the list of supplementary groups
configured in the system group database for the configured in the system group database for the
user. This does not affect commands prefixed with <literal>!</literal>.</para></listitem> user. This does not affect commands prefixed with <literal>+</literal>.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -796,7 +796,7 @@
empty string is assigned to this option, the bounding set is reset to the empty capability set, and all prior empty string is assigned to this option, the bounding set is reset to the empty capability set, and all prior
settings have no effect. If set to <literal>~</literal> (without any further argument), the bounding set is settings have no effect. If set to <literal>~</literal> (without any further argument), the bounding set is
reset to the full set of available capabilities, also undoing any previous settings. This does not affect reset to the full set of available capabilities, also undoing any previous settings. This does not affect
commands prefixed with <literal>!</literal>.</para></listitem> commands prefixed with <literal>+</literal>.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -826,7 +826,7 @@
Note that in this case option <constant>keep-caps</constant> is Note that in this case option <constant>keep-caps</constant> is
automatically added to <varname>SecureBits=</varname> to retain the automatically added to <varname>SecureBits=</varname> to retain the
capabilities over the user change. <varname>AmbientCapabilities=</varname> does not affect capabilities over the user change. <varname>AmbientCapabilities=</varname> does not affect
commands prefixed with <literal>!</literal>.</para></listitem> commands prefixed with <literal>+</literal>.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -842,7 +842,7 @@
<option>noroot-locked</option>. <option>noroot-locked</option>.
This option may appear more than once, in which case the secure This option may appear more than once, in which case the secure
bits are ORed. If the empty string is assigned to this option, bits are ORed. If the empty string is assigned to this option,
the bits are reset to 0. This does not affect commands prefixed with <literal>!</literal>. the bits are reset to 0. This does not affect commands prefixed with <literal>+</literal>.
See <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> See <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for details.</para></listitem> for details.</para></listitem>
</varlistentry> </varlistentry>
@ -1101,7 +1101,7 @@
domain transition. However, the policy still needs to domain transition. However, the policy still needs to
authorize the transition. This directive is ignored if SELinux authorize the transition. This directive is ignored if SELinux
is disabled. If prefixed by <literal>-</literal>, all errors is disabled. If prefixed by <literal>-</literal>, all errors
will be ignored. This does not affect commands prefixed with <literal>!</literal>. will be ignored. This does not affect commands prefixed with <literal>+</literal>.
See <citerefentry project='die-net'><refentrytitle>setexeccon</refentrytitle><manvolnum>3</manvolnum></citerefentry> See <citerefentry project='die-net'><refentrytitle>setexeccon</refentrytitle><manvolnum>3</manvolnum></citerefentry>
for details.</para></listitem> for details.</para></listitem>
</varlistentry> </varlistentry>
@ -1114,7 +1114,7 @@
Profiles must already be loaded in the kernel, or the unit Profiles must already be loaded in the kernel, or the unit
will fail. This result in a non operation if AppArmor is not will fail. This result in a non operation if AppArmor is not
enabled. If prefixed by <literal>-</literal>, all errors will enabled. If prefixed by <literal>-</literal>, all errors will
be ignored. This does not affect commands prefixed with <literal>!</literal>.</para></listitem> be ignored. This does not affect commands prefixed with <literal>+</literal>.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -1134,7 +1134,7 @@
<para>The value may be prefixed by <literal>-</literal>, in <para>The value may be prefixed by <literal>-</literal>, in
which case all errors will be ignored. An empty value may be which case all errors will be ignored. An empty value may be
specified to unset previous assignments. This does not affect specified to unset previous assignments. This does not affect
commands prefixed with <literal>!</literal>.</para> commands prefixed with <literal>+</literal>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1185,7 +1185,7 @@
listed explicitly. This option may be specified more than once, listed explicitly. This option may be specified more than once,
in which case the filter masks are merged. If the empty string in which case the filter masks are merged. If the empty string
is assigned, the filter is reset, all prior assignments will is assigned, the filter is reset, all prior assignments will
have no effect. This does not affect commands prefixed with <literal>!</literal>.</para> have no effect. This does not affect commands prefixed with <literal>+</literal>.</para>
<para>If you specify both types of this option (i.e. <para>If you specify both types of this option (i.e.
whitelisting and blacklisting), the first encountered will whitelisting and blacklisting), the first encountered will
@ -1354,7 +1354,7 @@
family should be included in the configured whitelist as it is family should be included in the configured whitelist as it is
frequently used for local communication, including for frequently used for local communication, including for
<citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>2</manvolnum></citerefentry> <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>2</manvolnum></citerefentry>
logging. This does not affect commands prefixed with <literal>!</literal>.</para></listitem> logging. This does not affect commands prefixed with <literal>+</literal>.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>

View File

@ -288,18 +288,14 @@
<varname>ExecStart=</varname> is specified, then the service <varname>ExecStart=</varname> is specified, then the service
must have <varname>RemainAfterExit=yes</varname> set.</para> must have <varname>RemainAfterExit=yes</varname> set.</para>
<para>For each of the specified commands, the first argument <para>For each of the specified commands, the first argument must be an absolute path to an
must be an absolute path to an executable. Optionally, if this executable. Optionally, if this file name is prefixed with <literal>@</literal>, the second token will be
file name is prefixed with <literal>@</literal>, the second passed as <literal>argv[0]</literal> to the executed process, followed by the further arguments specified. If
token will be passed as <literal>argv[0]</literal> to the the absolute filename is prefixed with <literal>-</literal>, an exit code of the command normally considered a
executed process, followed by the further arguments specified. failure (i.e. non-zero exit status or abnormal exit due to signal) is ignored and considered success. If the
If the absolute filename is prefixed with absolute path is prefixed with <literal>+</literal> then it is executed with full
<literal>-</literal>, an exit code of the command normally privileges. <literal>-</literal>, <literal>@</literal>, and <literal>+</literal> may be used together and they
considered a failure (i.e. non-zero exit status or abnormal can appear in any order.</para>
exit due to signal) is ignored and considered success.
If the absolute path is prefixed with <literal>!</literal> then
it is executed with full privileges. <literal>-</literal>, <literal>@</literal>, and <literal>!</literal>
may be used together and they can appear in any order.</para>
<para>If more than one command is specified, the commands are <para>If more than one command is specified, the commands are
invoked sequentially in the order they appear in the unit invoked sequentially in the order they appear in the unit

View File

@ -620,7 +620,7 @@ int config_parse_exec(
ignore = true; ignore = true;
else if (*f == '@' && !separate_argv0) else if (*f == '@' && !separate_argv0)
separate_argv0 = true; separate_argv0 = true;
else if (*f == '!' && !privileged) else if (*f == '+' && !privileged)
privileged = true; privileged = true;
else else
break; break;