mirror of
https://github.com/systemd/systemd-stable.git
synced 2025-01-20 14:03:39 +03:00
core: change ExecStart=! syntax to ExecStart=+ (#3797)
As suggested by @mbiebl we already use the "!" special char in unit file assignments for negation, hence we should not use it in a different context for privileged execution. Let's use "+" instead.
This commit is contained in:
parent
f777b4345e
commit
43eb109aa9
2
NEWS
2
NEWS
@ -4,7 +4,7 @@ CHANGES WITH 231:
|
|||||||
|
|
||||||
* In service units the various ExecXYZ= settings have been extended
|
* In service units the various ExecXYZ= settings have been extended
|
||||||
with an additional special character as first argument of the
|
with an additional special character as first argument of the
|
||||||
assigned value: if the character '!' is used the specified command
|
assigned value: if the character '+' is used the specified command
|
||||||
line it will be run with full privileges, regardless of User=,
|
line it will be run with full privileges, regardless of User=,
|
||||||
Group=, CapabilityBoundingSet= and similar options. The effect is
|
Group=, CapabilityBoundingSet= and similar options. The effect is
|
||||||
similar to the existing PermissionsStartOnly= option, but allows
|
similar to the existing PermissionsStartOnly= option, but allows
|
||||||
|
@ -146,7 +146,7 @@
|
|||||||
<listitem><para>Sets the Unix user or group that the processes
|
<listitem><para>Sets the Unix user or group that the processes
|
||||||
are executed as, respectively. Takes a single user or group
|
are executed as, respectively. Takes a single user or group
|
||||||
name or ID as argument. If no group is set, the default group
|
name or ID as argument. If no group is set, the default group
|
||||||
of the user is chosen. These do not affect commands prefixed with <literal>!</literal>.</para></listitem>
|
of the user is chosen. These do not affect commands prefixed with <literal>+</literal>.</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
@ -161,7 +161,7 @@
|
|||||||
this one will have no effect. In any way, this option does not
|
this one will have no effect. In any way, this option does not
|
||||||
override, but extends the list of supplementary groups
|
override, but extends the list of supplementary groups
|
||||||
configured in the system group database for the
|
configured in the system group database for the
|
||||||
user. This does not affect commands prefixed with <literal>!</literal>.</para></listitem>
|
user. This does not affect commands prefixed with <literal>+</literal>.</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
@ -796,7 +796,7 @@
|
|||||||
empty string is assigned to this option, the bounding set is reset to the empty capability set, and all prior
|
empty string is assigned to this option, the bounding set is reset to the empty capability set, and all prior
|
||||||
settings have no effect. If set to <literal>~</literal> (without any further argument), the bounding set is
|
settings have no effect. If set to <literal>~</literal> (without any further argument), the bounding set is
|
||||||
reset to the full set of available capabilities, also undoing any previous settings. This does not affect
|
reset to the full set of available capabilities, also undoing any previous settings. This does not affect
|
||||||
commands prefixed with <literal>!</literal>.</para></listitem>
|
commands prefixed with <literal>+</literal>.</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
@ -826,7 +826,7 @@
|
|||||||
Note that in this case option <constant>keep-caps</constant> is
|
Note that in this case option <constant>keep-caps</constant> is
|
||||||
automatically added to <varname>SecureBits=</varname> to retain the
|
automatically added to <varname>SecureBits=</varname> to retain the
|
||||||
capabilities over the user change. <varname>AmbientCapabilities=</varname> does not affect
|
capabilities over the user change. <varname>AmbientCapabilities=</varname> does not affect
|
||||||
commands prefixed with <literal>!</literal>.</para></listitem>
|
commands prefixed with <literal>+</literal>.</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
@ -842,7 +842,7 @@
|
|||||||
<option>noroot-locked</option>.
|
<option>noroot-locked</option>.
|
||||||
This option may appear more than once, in which case the secure
|
This option may appear more than once, in which case the secure
|
||||||
bits are ORed. If the empty string is assigned to this option,
|
bits are ORed. If the empty string is assigned to this option,
|
||||||
the bits are reset to 0. This does not affect commands prefixed with <literal>!</literal>.
|
the bits are reset to 0. This does not affect commands prefixed with <literal>+</literal>.
|
||||||
See <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
See <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||||
for details.</para></listitem>
|
for details.</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
@ -1101,7 +1101,7 @@
|
|||||||
domain transition. However, the policy still needs to
|
domain transition. However, the policy still needs to
|
||||||
authorize the transition. This directive is ignored if SELinux
|
authorize the transition. This directive is ignored if SELinux
|
||||||
is disabled. If prefixed by <literal>-</literal>, all errors
|
is disabled. If prefixed by <literal>-</literal>, all errors
|
||||||
will be ignored. This does not affect commands prefixed with <literal>!</literal>.
|
will be ignored. This does not affect commands prefixed with <literal>+</literal>.
|
||||||
See <citerefentry project='die-net'><refentrytitle>setexeccon</refentrytitle><manvolnum>3</manvolnum></citerefentry>
|
See <citerefentry project='die-net'><refentrytitle>setexeccon</refentrytitle><manvolnum>3</manvolnum></citerefentry>
|
||||||
for details.</para></listitem>
|
for details.</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
@ -1114,7 +1114,7 @@
|
|||||||
Profiles must already be loaded in the kernel, or the unit
|
Profiles must already be loaded in the kernel, or the unit
|
||||||
will fail. This result in a non operation if AppArmor is not
|
will fail. This result in a non operation if AppArmor is not
|
||||||
enabled. If prefixed by <literal>-</literal>, all errors will
|
enabled. If prefixed by <literal>-</literal>, all errors will
|
||||||
be ignored. This does not affect commands prefixed with <literal>!</literal>.</para></listitem>
|
be ignored. This does not affect commands prefixed with <literal>+</literal>.</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
@ -1134,7 +1134,7 @@
|
|||||||
<para>The value may be prefixed by <literal>-</literal>, in
|
<para>The value may be prefixed by <literal>-</literal>, in
|
||||||
which case all errors will be ignored. An empty value may be
|
which case all errors will be ignored. An empty value may be
|
||||||
specified to unset previous assignments. This does not affect
|
specified to unset previous assignments. This does not affect
|
||||||
commands prefixed with <literal>!</literal>.</para>
|
commands prefixed with <literal>+</literal>.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
@ -1185,7 +1185,7 @@
|
|||||||
listed explicitly. This option may be specified more than once,
|
listed explicitly. This option may be specified more than once,
|
||||||
in which case the filter masks are merged. If the empty string
|
in which case the filter masks are merged. If the empty string
|
||||||
is assigned, the filter is reset, all prior assignments will
|
is assigned, the filter is reset, all prior assignments will
|
||||||
have no effect. This does not affect commands prefixed with <literal>!</literal>.</para>
|
have no effect. This does not affect commands prefixed with <literal>+</literal>.</para>
|
||||||
|
|
||||||
<para>If you specify both types of this option (i.e.
|
<para>If you specify both types of this option (i.e.
|
||||||
whitelisting and blacklisting), the first encountered will
|
whitelisting and blacklisting), the first encountered will
|
||||||
@ -1354,7 +1354,7 @@
|
|||||||
family should be included in the configured whitelist as it is
|
family should be included in the configured whitelist as it is
|
||||||
frequently used for local communication, including for
|
frequently used for local communication, including for
|
||||||
<citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>2</manvolnum></citerefentry>
|
<citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>2</manvolnum></citerefentry>
|
||||||
logging. This does not affect commands prefixed with <literal>!</literal>.</para></listitem>
|
logging. This does not affect commands prefixed with <literal>+</literal>.</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
|
@ -288,18 +288,14 @@
|
|||||||
<varname>ExecStart=</varname> is specified, then the service
|
<varname>ExecStart=</varname> is specified, then the service
|
||||||
must have <varname>RemainAfterExit=yes</varname> set.</para>
|
must have <varname>RemainAfterExit=yes</varname> set.</para>
|
||||||
|
|
||||||
<para>For each of the specified commands, the first argument
|
<para>For each of the specified commands, the first argument must be an absolute path to an
|
||||||
must be an absolute path to an executable. Optionally, if this
|
executable. Optionally, if this file name is prefixed with <literal>@</literal>, the second token will be
|
||||||
file name is prefixed with <literal>@</literal>, the second
|
passed as <literal>argv[0]</literal> to the executed process, followed by the further arguments specified. If
|
||||||
token will be passed as <literal>argv[0]</literal> to the
|
the absolute filename is prefixed with <literal>-</literal>, an exit code of the command normally considered a
|
||||||
executed process, followed by the further arguments specified.
|
failure (i.e. non-zero exit status or abnormal exit due to signal) is ignored and considered success. If the
|
||||||
If the absolute filename is prefixed with
|
absolute path is prefixed with <literal>+</literal> then it is executed with full
|
||||||
<literal>-</literal>, an exit code of the command normally
|
privileges. <literal>-</literal>, <literal>@</literal>, and <literal>+</literal> may be used together and they
|
||||||
considered a failure (i.e. non-zero exit status or abnormal
|
can appear in any order.</para>
|
||||||
exit due to signal) is ignored and considered success.
|
|
||||||
If the absolute path is prefixed with <literal>!</literal> then
|
|
||||||
it is executed with full privileges. <literal>-</literal>, <literal>@</literal>, and <literal>!</literal>
|
|
||||||
may be used together and they can appear in any order.</para>
|
|
||||||
|
|
||||||
<para>If more than one command is specified, the commands are
|
<para>If more than one command is specified, the commands are
|
||||||
invoked sequentially in the order they appear in the unit
|
invoked sequentially in the order they appear in the unit
|
||||||
|
@ -620,7 +620,7 @@ int config_parse_exec(
|
|||||||
ignore = true;
|
ignore = true;
|
||||||
else if (*f == '@' && !separate_argv0)
|
else if (*f == '@' && !separate_argv0)
|
||||||
separate_argv0 = true;
|
separate_argv0 = true;
|
||||||
else if (*f == '!' && !privileged)
|
else if (*f == '+' && !privileged)
|
||||||
privileged = true;
|
privileged = true;
|
||||||
else
|
else
|
||||||
break;
|
break;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user