mirror of
https://github.com/systemd/systemd.git
synced 2025-03-31 14:50:15 +03:00
doc,core: Read{Write,Only}Paths= and InaccessiblePaths=
This patch renames Read{Write,Only}Directories= and InaccessibleDirectories=
to Read{Write,Only}Paths= and InaccessiblePaths=, previous names are kept
as aliases but they are not advertised in the documentation.
Renamed variables:
`read_write_dirs` --> `read_write_paths`
`read_only_dirs` --> `read_only_paths`
`inaccessible_dirs` --> `inaccessible_paths`
This commit is contained in:
Alessandro Puccetti
parent
c4b4170746
commit
2a624c36e6
@ -848,9 +848,9 @@
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>ReadWriteDirectories=</varname></term>
|
||||
<term><varname>ReadOnlyDirectories=</varname></term>
|
||||
<term><varname>InaccessibleDirectories=</varname></term>
|
||||
<term><varname>ReadWritePaths=</varname></term>
|
||||
<term><varname>ReadOnlyPaths=</varname></term>
|
||||
<term><varname>InaccessiblePaths=</varname></term>
|
||||
|
||||
<listitem><para>Sets up a new file system namespace for
|
||||
executed processes. These options may be used to limit access
|
||||
@ -858,18 +858,18 @@
|
||||
setting takes a space-separated list of paths relative to
|
||||
the host's root directory (i.e. the system running the service manager).
|
||||
Note that if entries contain symlinks, they are resolved from the host's root directory as well.
|
||||
Entries (files or directories) listed in
|
||||
<varname>ReadWriteDirectories=</varname> are accessible from
|
||||
Entries (files or directories) listed in
|
||||
<varname>ReadWritePaths=</varname> are accessible from
|
||||
within the namespace with the same access rights as from
|
||||
outside. Entries listed in
|
||||
<varname>ReadOnlyDirectories=</varname> are accessible for
|
||||
<varname>ReadOnlyPaths=</varname> are accessible for
|
||||
reading only, writing will be refused even if the usual file
|
||||
access controls would permit this. Entries listed in
|
||||
<varname>InaccessibleDirectories=</varname> will be made
|
||||
<varname>InaccessiblePaths=</varname> will be made
|
||||
inaccessible for processes inside the namespace, and may not
|
||||
countain any other mountpoints, including those specified by
|
||||
<varname>ReadWriteDirectories=</varname> or
|
||||
<varname>ReadOnlyDirectories=</varname>.
|
||||
<varname>ReadWritePaths=</varname> or
|
||||
<varname>ReadOnlyPaths=</varname>.
|
||||
Note that restricting access with these options does not extend
|
||||
to submounts of a directory that are created later on.
|
||||
Non-directory paths can be specified as well. These
|
||||
@ -879,9 +879,9 @@
|
||||
specific list is reset, and all prior assignments have no
|
||||
effect.</para>
|
||||
<para>Paths in
|
||||
<varname>ReadOnlyDirectories=</varname>
|
||||
<varname>ReadOnlyPaths=</varname>
|
||||
and
|
||||
<varname>InaccessibleDirectories=</varname>
|
||||
<varname>InaccessiblePaths=</varname>
|
||||
may be prefixed with
|
||||
<literal>-</literal>, in which case
|
||||
they will be ignored when they do not
|
||||
@ -1036,9 +1036,9 @@
|
||||
<varname>PrivateDevices=</varname>,
|
||||
<varname>ProtectSystem=</varname>,
|
||||
<varname>ProtectHome=</varname>,
|
||||
<varname>ReadOnlyDirectories=</varname>,
|
||||
<varname>InaccessibleDirectories=</varname> and
|
||||
<varname>ReadWriteDirectories=</varname>) require that mount
|
||||
<varname>ReadOnlyPaths=</varname>,
|
||||
<varname>InaccessiblePaths=</varname> and
|
||||
<varname>ReadWritePaths=</varname>) require that mount
|
||||
and unmount propagation from the unit's file system namespace
|
||||
is disabled, and hence downgrade <option>shared</option> to
|
||||
<option>slave</option>. </para></listitem>
|
||||
|
||||
@ -84,8 +84,8 @@ _systemd_run() {
|
||||
LimitNICE= LimitRTPRIO= LimitRTTIME= PrivateTmp= PrivateDevices=
|
||||
PrivateNetwork= NoNewPrivileges= WorkingDirectory= RootDirectory=
|
||||
TTYPath= SyslogIdentifier= SyslogLevelPrefix= SyslogLevel=
|
||||
SyslogFacility= TimerSlackNSec= OOMScoreAdjust= ReadWriteDirectories=
|
||||
ReadOnlyDirectories= InaccessibleDirectories= EnvironmentFile=
|
||||
SyslogFacility= TimerSlackNSec= OOMScoreAdjust= ReadWritePaths=
|
||||
ReadOnlyPaths= InaccessiblePaths= EnvironmentFile=
|
||||
ProtectSystem= ProtectHome= RuntimeDirectory= PassEnvironment='
|
||||
|
||||
COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
|
||||
|
||||
@ -37,8 +37,8 @@ _arguments \
|
||||
LimitNICE= LimitRTPRIO= LimitRTTIME= PrivateTmp= PrivateDevices= \
|
||||
PrivateNetwork= NoNewPrivileges= WorkingDirectory= RootDirectory= \
|
||||
TTYPath= SyslogIdentifier= SyslogLevelPrefix= SyslogLevel= \
|
||||
SyslogFacility= TimerSlackNSec= OOMScoreAdjust= ReadWriteDirectories= \
|
||||
ReadOnlyDirectories= InaccessibleDirectories= EnvironmentFile= \
|
||||
SyslogFacility= TimerSlackNSec= OOMScoreAdjust= ReadWritePaths= \
|
||||
ReadOnlyPaths= InaccessiblePaths= EnvironmentFile= \
|
||||
ProtectSystem= ProtectHome= RuntimeDirectory= PassEnvironment= \
|
||||
))' \
|
||||
'--description=[Description for unit]:description' \
|
||||
|
||||
@ -695,9 +695,12 @@ const sd_bus_vtable bus_exec_vtable[] = {
|
||||
SD_BUS_PROPERTY("Group", "s", NULL, offsetof(ExecContext, group), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("SupplementaryGroups", "as", NULL, offsetof(ExecContext, supplementary_groups), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("PAMName", "s", NULL, offsetof(ExecContext, pam_name), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("ReadWriteDirectories", "as", NULL, offsetof(ExecContext, read_write_dirs), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("ReadOnlyDirectories", "as", NULL, offsetof(ExecContext, read_only_dirs), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("InaccessibleDirectories", "as", NULL, offsetof(ExecContext, inaccessible_dirs), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("ReadWriteDirectories", "as", NULL, offsetof(ExecContext, read_write_paths), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("ReadOnlyDirectories", "as", NULL, offsetof(ExecContext, read_only_paths), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("InaccessibleDirectories", "as", NULL, offsetof(ExecContext, inaccessible_paths), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("ReadWritePaths", "as", NULL, offsetof(ExecContext, read_write_paths), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("ReadOnlyPaths", "as", NULL, offsetof(ExecContext, read_only_paths), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("InaccessiblePaths", "as", NULL, offsetof(ExecContext, inaccessible_paths), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("MountFlags", "t", bus_property_get_ulong, offsetof(ExecContext, mount_flags), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("PrivateTmp", "b", bus_property_get_bool, offsetof(ExecContext, private_tmp), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("PrivateNetwork", "b", bus_property_get_bool, offsetof(ExecContext, private_network), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
@ -1323,8 +1326,8 @@ int bus_exec_context_set_transient_property(
|
||||
|
||||
return 1;
|
||||
|
||||
} else if (STR_IN_SET(name, "ReadWriteDirectories", "ReadOnlyDirectories", "InaccessibleDirectories")) {
|
||||
|
||||
} else if (STR_IN_SET(name, "ReadWriteDirectories", "ReadOnlyDirectories", "InaccessibleDirectories",
|
||||
"ReadWritePaths", "ReadOnlyPaths", "InaccessiblePaths")) {
|
||||
_cleanup_strv_free_ char **l = NULL;
|
||||
char ***dirs;
|
||||
char **p;
|
||||
|
||||
@ -1507,9 +1507,9 @@ static bool exec_needs_mount_namespace(
|
||||
assert(context);
|
||||
assert(params);
|
||||
|
||||
if (!strv_isempty(context->read_write_dirs) ||
|
||||
!strv_isempty(context->read_only_dirs) ||
|
||||
!strv_isempty(context->inaccessible_dirs))
|
||||
if (!strv_isempty(context->read_write_paths) ||
|
||||
!strv_isempty(context->read_only_paths) ||
|
||||
!strv_isempty(context->inaccessible_paths))
|
||||
return true;
|
||||
|
||||
if (context->mount_flags != 0)
|
||||
@ -1933,9 +1933,9 @@ static int exec_child(
|
||||
|
||||
r = setup_namespace(
|
||||
params->apply_chroot ? context->root_directory : NULL,
|
||||
context->read_write_dirs,
|
||||
context->read_only_dirs,
|
||||
context->inaccessible_dirs,
|
||||
context->read_write_paths,
|
||||
context->read_only_paths,
|
||||
context->inaccessible_paths,
|
||||
tmp,
|
||||
var,
|
||||
context->private_devices,
|
||||
@ -2324,9 +2324,9 @@ void exec_context_done(ExecContext *c) {
|
||||
|
||||
c->pam_name = mfree(c->pam_name);
|
||||
|
||||
c->read_only_dirs = strv_free(c->read_only_dirs);
|
||||
c->read_write_dirs = strv_free(c->read_write_dirs);
|
||||
c->inaccessible_dirs = strv_free(c->inaccessible_dirs);
|
||||
c->read_only_paths = strv_free(c->read_only_paths);
|
||||
c->read_write_paths = strv_free(c->read_write_paths);
|
||||
c->inaccessible_paths = strv_free(c->inaccessible_paths);
|
||||
|
||||
if (c->cpuset)
|
||||
CPU_FREE(c->cpuset);
|
||||
@ -2732,21 +2732,21 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
|
||||
if (c->pam_name)
|
||||
fprintf(f, "%sPAMName: %s\n", prefix, c->pam_name);
|
||||
|
||||
if (strv_length(c->read_write_dirs) > 0) {
|
||||
fprintf(f, "%sReadWriteDirs:", prefix);
|
||||
strv_fprintf(f, c->read_write_dirs);
|
||||
if (strv_length(c->read_write_paths) > 0) {
|
||||
fprintf(f, "%sReadWritePaths:", prefix);
|
||||
strv_fprintf(f, c->read_write_paths);
|
||||
fputs("\n", f);
|
||||
}
|
||||
|
||||
if (strv_length(c->read_only_dirs) > 0) {
|
||||
fprintf(f, "%sReadOnlyDirs:", prefix);
|
||||
strv_fprintf(f, c->read_only_dirs);
|
||||
if (strv_length(c->read_only_paths) > 0) {
|
||||
fprintf(f, "%sReadOnlyPaths:", prefix);
|
||||
strv_fprintf(f, c->read_only_paths);
|
||||
fputs("\n", f);
|
||||
}
|
||||
|
||||
if (strv_length(c->inaccessible_dirs) > 0) {
|
||||
fprintf(f, "%sInaccessibleDirs:", prefix);
|
||||
strv_fprintf(f, c->inaccessible_dirs);
|
||||
if (strv_length(c->inaccessible_paths) > 0) {
|
||||
fprintf(f, "%sInaccessiblePaths:", prefix);
|
||||
strv_fprintf(f, c->inaccessible_paths);
|
||||
fputs("\n", f);
|
||||
}
|
||||
|
||||
|
||||
@ -152,7 +152,7 @@ struct ExecContext {
|
||||
bool smack_process_label_ignore;
|
||||
char *smack_process_label;
|
||||
|
||||
char **read_write_dirs, **read_only_dirs, **inaccessible_dirs;
|
||||
char **read_write_paths, **read_only_paths, **inaccessible_paths;
|
||||
unsigned long mount_flags;
|
||||
|
||||
uint64_t capability_bounding_set;
|
||||
|
||||
@ -80,9 +80,12 @@ $1.LimitMSGQUEUE, config_parse_limit, RLIMIT_MSGQ
|
||||
$1.LimitNICE, config_parse_limit, RLIMIT_NICE, offsetof($1, exec_context.rlimit)
|
||||
$1.LimitRTPRIO, config_parse_limit, RLIMIT_RTPRIO, offsetof($1, exec_context.rlimit)
|
||||
$1.LimitRTTIME, config_parse_limit, RLIMIT_RTTIME, offsetof($1, exec_context.rlimit)
|
||||
$1.ReadWriteDirectories, config_parse_namespace_path_strv, 0, offsetof($1, exec_context.read_write_dirs)
|
||||
$1.ReadOnlyDirectories, config_parse_namespace_path_strv, 0, offsetof($1, exec_context.read_only_dirs)
|
||||
$1.InaccessibleDirectories, config_parse_namespace_path_strv, 0, offsetof($1, exec_context.inaccessible_dirs)
|
||||
$1.ReadWriteDirectories, config_parse_namespace_path_strv, 0, offsetof($1, exec_context.read_write_paths)
|
||||
$1.ReadOnlyDirectories, config_parse_namespace_path_strv, 0, offsetof($1, exec_context.read_only_paths)
|
||||
$1.InaccessibleDirectories, config_parse_namespace_path_strv, 0, offsetof($1, exec_context.inaccessible_paths)
|
||||
$1.ReadWritePaths, config_parse_namespace_path_strv, 0, offsetof($1, exec_context.read_write_paths)
|
||||
$1.ReadOnlyPaths, config_parse_namespace_path_strv, 0, offsetof($1, exec_context.read_only_paths)
|
||||
$1.InaccessiblePaths, config_parse_namespace_path_strv, 0, offsetof($1, exec_context.inaccessible_paths)
|
||||
$1.PrivateTmp, config_parse_bool, 0, offsetof($1, exec_context.private_tmp)
|
||||
$1.PrivateNetwork, config_parse_bool, 0, offsetof($1, exec_context.private_network)
|
||||
$1.PrivateDevices, config_parse_bool, 0, offsetof($1, exec_context.private_devices)
|
||||
|
||||
@ -362,9 +362,9 @@ static int make_read_only(BindMount *m) {
|
||||
|
||||
int setup_namespace(
|
||||
const char* root_directory,
|
||||
char** read_write_dirs,
|
||||
char** read_only_dirs,
|
||||
char** inaccessible_dirs,
|
||||
char** read_write_paths,
|
||||
char** read_only_paths,
|
||||
char** inaccessible_paths,
|
||||
const char* tmp_dir,
|
||||
const char* var_tmp_dir,
|
||||
bool private_dev,
|
||||
@ -383,9 +383,9 @@ int setup_namespace(
|
||||
return -errno;
|
||||
|
||||
n = !!tmp_dir + !!var_tmp_dir +
|
||||
strv_length(read_write_dirs) +
|
||||
strv_length(read_only_dirs) +
|
||||
strv_length(inaccessible_dirs) +
|
||||
strv_length(read_write_paths) +
|
||||
strv_length(read_only_paths) +
|
||||
strv_length(inaccessible_paths) +
|
||||
private_dev +
|
||||
(protect_home != PROTECT_HOME_NO ? 3 : 0) +
|
||||
(protect_system != PROTECT_SYSTEM_NO ? 2 : 0) +
|
||||
@ -393,15 +393,15 @@ int setup_namespace(
|
||||
|
||||
if (n > 0) {
|
||||
m = mounts = (BindMount *) alloca0(n * sizeof(BindMount));
|
||||
r = append_mounts(&m, read_write_dirs, READWRITE);
|
||||
r = append_mounts(&m, read_write_paths, READWRITE);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = append_mounts(&m, read_only_dirs, READONLY);
|
||||
r = append_mounts(&m, read_only_paths, READONLY);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = append_mounts(&m, inaccessible_dirs, INACCESSIBLE);
|
||||
r = append_mounts(&m, inaccessible_paths, INACCESSIBLE);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
||||
@ -40,9 +40,9 @@ typedef enum ProtectSystem {
|
||||
} ProtectSystem;
|
||||
|
||||
int setup_namespace(const char *chroot,
|
||||
char **read_write_dirs,
|
||||
char **read_only_dirs,
|
||||
char **inaccessible_dirs,
|
||||
char **read_write_paths,
|
||||
char **read_only_paths,
|
||||
char **inaccessible_paths,
|
||||
const char *tmp_dir,
|
||||
const char *var_tmp_dir,
|
||||
bool private_dev,
|
||||
|
||||
@ -453,7 +453,8 @@ int bus_append_unit_property_assignment(sd_bus_message *m, const char *assignmen
|
||||
}
|
||||
|
||||
r = sd_bus_message_append(m, "v", "i", oa);
|
||||
} else if (STR_IN_SET(field, "ReadWriteDirectories", "ReadOnlyDirectories", "InaccessibleDirectories")) {
|
||||
} else if (STR_IN_SET(field, "ReadWriteDirectories", "ReadOnlyDirectories", "InaccessibleDirectories",
|
||||
"ReadWritePaths", "ReadOnlyPaths", "InaccessiblePaths")) {
|
||||
const char *p;
|
||||
|
||||
r = sd_bus_message_open_container(m, 'v', "as");
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user