1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-23 17:34:00 +03:00

Merge pull request #1623 from evverx/run-rw-ro-ia-dirs

systemd-run can launch units with ReadWriteDirectories, ReadOnlyDirectories, InaccessibleDirectories
This commit is contained in:
Lennart Poettering 2015-10-21 12:08:44 +02:00
commit 5e4cecfb67
3 changed files with 103 additions and 1 deletions

View File

@ -84,7 +84,8 @@ _systemd_run() {
LimitNICE= LimitRTPRIO= LimitRTTIME= PrivateTmp= PrivateDevices=
PrivateNetwork= NoNewPrivileges= WorkingDirectory= RootDirectory=
TTYPath= SyslogIdentifier= SyslogLevelPrefix= SyslogLevel=
SyslogFacility= TimerSlackNSec= OOMScoreAdjust='
SyslogFacility= TimerSlackNSec= OOMScoreAdjust= ReadWriteDirectories=
ReadOnlyDirectories= InaccessibleDirectories='
COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
return 0

View File

@ -36,6 +36,7 @@
#include "af-list.h"
#include "namespace.h"
#include "path-util.h"
#include "utf8.h"
#include "dbus-execute.h"
#ifdef HAVE_SECCOMP
@ -1284,6 +1285,56 @@ int bus_exec_context_set_transient_property(
return 1;
} else if (STR_IN_SET(name, "ReadWriteDirectories", "ReadOnlyDirectories", "InaccessibleDirectories")) {
_cleanup_strv_free_ char **l = NULL;
char ***dirs;
char **p;
r = sd_bus_message_read_strv(message, &l);
if (r < 0)
return r;
STRV_FOREACH(p, l) {
int offset;
if (!utf8_is_valid(*p))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid %s", name);
offset = **p == '-';
if (!path_is_absolute(*p + offset))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid %s", name);
}
if (mode != UNIT_CHECK) {
_cleanup_free_ char *joined = NULL;
if (streq(name, "ReadWriteDirectories"))
dirs = &c->read_write_dirs;
else if (streq(name, "ReadOnlyDirectories"))
dirs = &c->read_only_dirs;
else if (streq(name, "InaccessibleDirectories"))
dirs = &c->inaccessible_dirs;
if (strv_length(l) == 0) {
*dirs = strv_free(*dirs);
unit_write_drop_in_private_format(u, mode, name, "%s=\n", name);
} else {
r = strv_extend_strv(dirs, l, true);
if (r < 0)
return -ENOMEM;
joined = strv_join_quoted(*dirs);
if (!joined)
return -ENOMEM;
unit_write_drop_in_private_format(u, mode, name, "%s=%s\n", name, joined);
}
}
return 1;
} else if (rlimit_from_string(name) >= 0) {
uint64_t rl;
rlim_t x;

View File

@ -39,6 +39,7 @@
#include "signal-util.h"
#include "strv.h"
#include "unit-name.h"
#include "utf8.h"
#include "util.h"
#include "bus-util.h"
@ -1728,6 +1729,55 @@ int bus_append_unit_property_assignment(sd_bus_message *m, const char *assignmen
}
r = sd_bus_message_append(m, "v", "i", oa);
} else if (STR_IN_SET(field, "ReadWriteDirectories", "ReadOnlyDirectories", "InaccessibleDirectories")) {
const char *p;
r = sd_bus_message_open_container(m, 'v', "as");
if (r < 0)
return bus_log_create_error(r);
r = sd_bus_message_open_container(m, 'a', "s");
if (r < 0)
return bus_log_create_error(r);
p = eq;
for (;;) {
_cleanup_free_ char *word = NULL;
int offset;
r = extract_first_word(&p, &word, NULL, EXTRACT_QUOTES);
if (r < 0) {
log_error("Failed to parse %s value %s", field, eq);
return -EINVAL;
}
if (r == 0)
break;
if (!utf8_is_valid(word)) {
log_error("Failed to parse %s value %s", field, eq);
return -EINVAL;
}
offset = word[0] == '-';
if (!path_is_absolute(word + offset)) {
log_error("Failed to parse %s value %s", field, eq);
return -EINVAL;
}
path_kill_slashes(word + offset);
r = sd_bus_message_append_basic(m, 's', word);
if (r < 0)
return bus_log_create_error(r);
}
r = sd_bus_message_close_container(m);
if (r < 0)
return bus_log_create_error(r);
r = sd_bus_message_close_container(m);
} else {
log_error("Unknown assignment %s.", assignment);
return -EINVAL;