execute: if RuntimeDirectory= is set, it should be writable

Implicitly make all dirs set with RuntimeDirectory= writable, as the concept otherwise makes no sense.
2024-12-27 07:22:31 +03:00 · 2016-08-25 10:42:38 +02:00 · 2016-08-25 10:42:38 +02:00 · 3fbe8dbe41
commit 3fbe8dbe41
parent be39ccf3a0
1 changed files with 46 additions and 2 deletions
--- a/src/core/execute.c
+++ b/src/core/execute.c
@ -1820,6 +1820,44 @@ static int setup_runtime_directory(
        return 0;
 }

+static int compile_read_write_paths(
+                const ExecContext *context,
+                const ExecParameters *params,
+                char ***ret) {
+
+        _cleanup_strv_free_ char **l = NULL;
+        char **rt;
+
+        /* Compile the list of writable paths. This is the combination of the explicitly configured paths, plus all
+         * runtime directories. */
+
+        if (strv_isempty(context->read_write_paths) &&
+            strv_isempty(context->runtime_directory)) {
+                *ret = NULL; /* NOP if neither is set */
+                return 0;
+        }
+
+        l = strv_copy(context->read_write_paths);
+        if (!l)
+                return -ENOMEM;
+
+        STRV_FOREACH(rt, context->runtime_directory) {
+                char *s;
+
+                s = strjoin(params->runtime_prefix, "/", *rt, NULL);
+                if (!s)
+                        return -ENOMEM;
+
+                if (strv_consume(&l, s) < 0)
+                        return -ENOMEM;
+        }
+
+        *ret = l;
+        l = NULL;
+
+        return 0;
+}
+
 static void append_socket_pair(int *array, unsigned *n, int pair[2]) {
        assert(array);
        assert(n);
@ -2307,8 +2345,8 @@ static int exec_child(
        }

        needs_mount_namespace = exec_needs_mount_namespace(context, params, runtime);
-
        if (needs_mount_namespace) {
+                _cleanup_free_ char **rw = NULL;
                char *tmp = NULL, *var = NULL;

                /* The runtime struct only contains the parent
@ -2324,9 +2362,15 @@ static int exec_child(
                                var = strjoina(runtime->var_tmp_dir, "/tmp");
                }

+                r = compile_read_write_paths(context, params, &rw);
+                if (r < 0) {
+                        *exit_status = EXIT_NAMESPACE;
+                        return r;
+                }
+
                r = setup_namespace(
                                (params->flags & EXEC_APPLY_CHROOT) ? context->root_directory : NULL,
-                                context->read_write_paths,
+                                rw,
                                context->read_only_paths,
                                context->inaccessible_paths,
                                tmp,