core/namespace: use ProtectHostname in NamespaceParameters

To make the type of NamespaceParameters.protect_hostname consistent with the one in ExecContext. Addresses https://github.com/systemd/systemd/pull/35447#discussion_r1880372452. Fixes #35566.
2025-02-07 05:57:46 +03:00 · 2024-12-12 13:00:41 +09:00 · 2024-12-12 13:00:41 +09:00 · 2e6025b1b1
commit 2e6025b1b1
parent 2d80c9c801
3 changed files with 12 additions and 13 deletions
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@ -3419,16 +3419,12 @@ static int apply_mount_namespace(
                .protect_kernel_tunables = needs_sandboxing && context->protect_kernel_tunables,
                .protect_kernel_modules = needs_sandboxing && context->protect_kernel_modules,
                .protect_kernel_logs = needs_sandboxing && context->protect_kernel_logs,
-                /* Only mount /proc/sys/kernel/hostname and domainname read-only if ProtectHostname=yes. Otherwise, ProtectHostname=no
-                 * allows changing hostname for the host and ProtectHostname=private allows changing the hostname in the unit's UTS
-                 * namespace. */
-                .protect_hostname = needs_sandboxing && context->protect_hostname == PROTECT_HOSTNAME_YES,

                .private_dev = needs_sandboxing && context->private_devices,
                .private_network = needs_sandboxing && exec_needs_network_namespace(context),
                .private_ipc = needs_sandboxing && exec_needs_ipc_namespace(context),
                .private_pids = needs_sandboxing && exec_needs_pid_namespace(context) ? context->private_pids : PRIVATE_PIDS_NO,
-                .private_tmp = needs_sandboxing ? context->private_tmp : false,
+                .private_tmp = needs_sandboxing ? context->private_tmp : PRIVATE_TMP_NO,

                .mount_apivfs = needs_sandboxing && exec_context_get_effective_mount_apivfs(context),
                .bind_log_sockets = needs_sandboxing && exec_context_get_effective_bind_log_sockets(context),
@ -3436,10 +3432,11 @@ static int apply_mount_namespace(
                /* If NNP is on, we can turn on MS_NOSUID, since it won't have any effect anymore. */
                .mount_nosuid = needs_sandboxing && context->no_new_privileges && !mac_selinux_use(),

-                .protect_home = needs_sandboxing ? context->protect_home : false,
-                .protect_system = needs_sandboxing ? context->protect_system : false,
-                .protect_proc = needs_sandboxing ? context->protect_proc : false,
-                .proc_subset = needs_sandboxing ? context->proc_subset : false,
+                .protect_home = needs_sandboxing ? context->protect_home : PROTECT_HOME_NO,
+                .protect_hostname = needs_sandboxing ? context->protect_hostname : PROTECT_HOSTNAME_NO,
+                .protect_system = needs_sandboxing ? context->protect_system : PROTECT_SYSTEM_NO,
+                .protect_proc = needs_sandboxing ? context->protect_proc : PROTECT_PROC_DEFAULT,
+                .proc_subset = needs_sandboxing ? context->proc_subset : PROC_SUBSET_ALL,
        };

        r = setup_namespace(&parameters, reterr_path);
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@ -2637,9 +2637,11 @@ int setup_namespace(const NamespaceParameters *p, char **reterr_path) {
                        return r;
        }

-        /* Note, if proc is mounted with subset=pid then neither of the two paths will exist, i.e. they are
-         * implicitly protected by the mount option. */
-        if (p->protect_hostname) {
+        /* Only mount /proc/sys/kernel/hostname and domainname read-only if ProtectHostname=yes. Otherwise,
+         * ProtectHostname=no allows changing hostname for the host, and ProtectHostname=private allows
+         * changing the hostname in the unit's UTS namespace. Note, if proc is mounted with subset=pid then
+         * neither of the two paths will exist, i.e. they are implicitly protected by the mount option. */
+        if (p->protect_hostname == PROTECT_HOSTNAME_YES) {
                r = append_static_mounts(
                                &ml,
                                protect_hostname_yes_table,
--- a/src/core/namespace.h
+++ b/src/core/namespace.h
@ -181,7 +181,6 @@ struct NamespaceParameters {
        bool protect_kernel_tunables;
        bool protect_kernel_modules;
        bool protect_kernel_logs;
-        bool protect_hostname;

        bool private_dev;
        bool private_network;
@ -193,6 +192,7 @@ struct NamespaceParameters {

        ProtectControlGroups protect_control_groups;
        ProtectHome protect_home;
+        ProtectHostname protect_hostname;
        ProtectSystem protect_system;
        ProtectProc protect_proc;
        ProcSubset proc_subset;