1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-29 21:55:36 +03:00

core/execute: reduce indentation level a bit

This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2020-09-17 12:19:05 +02:00
parent 9f71ba8d95
commit 0af07108e4

View File

@ -3691,11 +3691,11 @@ static int exec_child(
return log_unit_error_errno(unit, r, "Failed to close unwanted file descriptors: %m"); return log_unit_error_errno(unit, r, "Failed to close unwanted file descriptors: %m");
} }
if (!context->same_pgrp) if (!context->same_pgrp &&
if (setsid() < 0) { setsid() < 0) {
*exit_status = EXIT_SETSID; *exit_status = EXIT_SETSID;
return log_unit_error_errno(unit, errno, "Failed to create new process session: %m"); return log_unit_error_errno(unit, errno, "Failed to create new process session: %m");
} }
exec_context_tty_reset(context, params); exec_context_tty_reset(context, params);
@ -3716,8 +3716,8 @@ static int exec_child(
return 0; return 0;
} }
*exit_status = EXIT_CONFIRM; *exit_status = EXIT_CONFIRM;
log_unit_error(unit, "Execution cancelled by the user"); return log_unit_error_errno(unit, SYNTHETIC_ERRNO(ECANCELED),
return -ECANCELED; "Execution cancelled by the user");
} }
} }
@ -4076,37 +4076,33 @@ static int exec_child(
} }
} }
if (needs_setuid) { if (needs_setuid && context->pam_name && username) {
/* Let's call into PAM after we set up our own idea of resource limits to that pam_limits /* Let's call into PAM after we set up our own idea of resource limits to that pam_limits
* wins here. (See above.) */ * wins here. (See above.) */
if (context->pam_name && username) { r = setup_pam(context->pam_name, username, uid, gid, context->tty_path, &accum_env, fds, n_fds);
r = setup_pam(context->pam_name, username, uid, gid, context->tty_path, &accum_env, fds, n_fds); if (r < 0) {
if (r < 0) { *exit_status = EXIT_PAM;
*exit_status = EXIT_PAM; return log_unit_error_errno(unit, r, "Failed to set up PAM session: %m");
return log_unit_error_errno(unit, r, "Failed to set up PAM session: %m"); }
}
ngids_after_pam = getgroups_alloc(&gids_after_pam); ngids_after_pam = getgroups_alloc(&gids_after_pam);
if (ngids_after_pam < 0) { if (ngids_after_pam < 0) {
*exit_status = EXIT_MEMORY; *exit_status = EXIT_MEMORY;
return log_unit_error_errno(unit, ngids_after_pam, "Failed to obtain groups after setting up PAM: %m"); return log_unit_error_errno(unit, ngids_after_pam, "Failed to obtain groups after setting up PAM: %m");
}
} }
} }
if (needs_sandboxing) { if (needs_sandboxing && context->private_users && !have_effective_cap(CAP_SYS_ADMIN)) {
/* If we're unprivileged, set up the user namespace first to enable use of the other namespaces. /* If we're unprivileged, set up the user namespace first to enable use of the other namespaces.
* Users with CAP_SYS_ADMIN can set up user namespaces last because they will be able to * Users with CAP_SYS_ADMIN can set up user namespaces last because they will be able to
* set up the all of the other namespaces (i.e. network, mount, UTS) without a user namespace. */ * set up the all of the other namespaces (i.e. network, mount, UTS) without a user namespace. */
if (context->private_users && !have_effective_cap(CAP_SYS_ADMIN)) {
userns_set_up = true; userns_set_up = true;
r = setup_private_users(saved_uid, saved_gid, uid, gid); r = setup_private_users(saved_uid, saved_gid, uid, gid);
if (r < 0) { if (r < 0) {
*exit_status = EXIT_USER; *exit_status = EXIT_USER;
return log_unit_error_errno(unit, r, "Failed to set up user namespacing for unprivileged user: %m"); return log_unit_error_errno(unit, r, "Failed to set up user namespacing for unprivileged user: %m");
}
} }
} }