mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-22 13:33:56 +03:00
execute: Make '+' exec prefix ignore PrivateTmp=yes
The man pages state that the '+' prefix in Exec* directives should ignore filesystem namespacing options such as PrivateTmp. Now it does. This is very similar to #8842, just with PrivateTmp instead of PrivateDevices.
This commit is contained in:
parent
ec0c9d3bcd
commit
ecf63c9102
@ -2565,17 +2565,6 @@ static int apply_mount_namespace(
|
||||
|
||||
assert(context);
|
||||
|
||||
/* The runtime struct only contains the parent of the private /tmp,
|
||||
* which is non-accessible to world users. Inside of it there's a /tmp
|
||||
* that is sticky, and that's the one we want to use here. */
|
||||
|
||||
if (context->private_tmp && runtime) {
|
||||
if (runtime->tmp_dir)
|
||||
tmp = strjoina(runtime->tmp_dir, "/tmp");
|
||||
if (runtime->var_tmp_dir)
|
||||
var = strjoina(runtime->var_tmp_dir, "/tmp");
|
||||
}
|
||||
|
||||
if (params->flags & EXEC_APPLY_CHROOT) {
|
||||
root_image = context->root_image;
|
||||
|
||||
@ -2588,7 +2577,18 @@ static int apply_mount_namespace(
|
||||
return r;
|
||||
|
||||
needs_sandboxing = (params->flags & EXEC_APPLY_SANDBOXING) && !(command->flags & EXEC_COMMAND_FULLY_PRIVILEGED);
|
||||
if (needs_sandboxing)
|
||||
if (needs_sandboxing) {
|
||||
/* The runtime struct only contains the parent of the private /tmp,
|
||||
* which is non-accessible to world users. Inside of it there's a /tmp
|
||||
* that is sticky, and that's the one we want to use here. */
|
||||
|
||||
if (context->private_tmp && runtime) {
|
||||
if (runtime->tmp_dir)
|
||||
tmp = strjoina(runtime->tmp_dir, "/tmp");
|
||||
if (runtime->var_tmp_dir)
|
||||
var = strjoina(runtime->var_tmp_dir, "/tmp");
|
||||
}
|
||||
|
||||
ns_info = (NamespaceInfo) {
|
||||
.ignore_protect_paths = false,
|
||||
.private_dev = context->private_devices,
|
||||
@ -2600,7 +2600,7 @@ static int apply_mount_namespace(
|
||||
.mount_apivfs = context->mount_apivfs,
|
||||
.private_mounts = context->private_mounts,
|
||||
};
|
||||
else if (!context->dynamic_user && root_dir)
|
||||
} else if (!context->dynamic_user && root_dir)
|
||||
/*
|
||||
* If DynamicUser=no and RootDirectory= is set then lets pass a relaxed
|
||||
* sandbox info, otherwise enforce it, don't ignore protected paths and
|
||||
|
@ -294,6 +294,7 @@ static void test_exec_privatetmp(Manager *m) {
|
||||
|
||||
test(__func__, m, "exec-privatetmp-yes.service", can_unshare ? 0 : EXIT_FAILURE, CLD_EXITED);
|
||||
test(__func__, m, "exec-privatetmp-no.service", 0, CLD_EXITED);
|
||||
test(__func__, m, "exec-privatetmp-disabled-by-prefix.service", can_unshare ? 0 : EXIT_FAILURE, CLD_EXITED);
|
||||
|
||||
unlink("/tmp/test-exec_privatetmp");
|
||||
}
|
||||
|
@ -109,6 +109,7 @@ test_data_files = '''
|
||||
test-execute/exec-privatenetwork-yes.service
|
||||
test-execute/exec-privatetmp-no.service
|
||||
test-execute/exec-privatetmp-yes.service
|
||||
test-execute/exec-privatetmp-disabled-by-prefix.service
|
||||
test-execute/exec-protecthome-tmpfs-vs-protectsystem-strict.service
|
||||
test-execute/exec-protectkernellogs-yes-capabilities.service
|
||||
test-execute/exec-protectkernellogs-no-capabilities.service
|
||||
|
@ -10,7 +10,6 @@ ExecStart=touch /tmp/a ; /bin/sh -c 'touch /tmp/b' ; touch /tmp/c
|
||||
ExecStart=test -f /tmp/a
|
||||
ExecStart=!test -f /tmp/b
|
||||
ExecStart=!!test -f /tmp/c
|
||||
ExecStart=+test -f /tmp/c
|
||||
ExecStartPost=rm /tmp/a /tmp/b /tmp/c
|
||||
|
||||
PrivateTmp=true
|
||||
|
@ -0,0 +1,8 @@
|
||||
[Unit]
|
||||
Description=Test for PrivateTmp=yes with prefix
|
||||
|
||||
[Service]
|
||||
ExecStart=/bin/sh -x -c 'test ! -f /tmp/test-exec_privatetmp'
|
||||
ExecStart=+/bin/sh -x -c 'test -f /tmp/test-exec_privatetmp'
|
||||
Type=oneshot
|
||||
PrivateTmp=yes
|
Loading…
Reference in New Issue
Block a user