execute: add helper for checking if root_directory/root_image are set in ExecContext

2025-02-15 09:57:39 +03:00 · 2020-10-01 10:42:10 +02:00 · 2020-10-01 10:42:10 +02:00 · 74e1252072
commit 74e1252072
parent 36296ae2ad
2 changed files with 12 additions and 3 deletions
--- a/src/core/execute.c
+++ b/src/core/execute.c
@ -2983,7 +2983,7 @@ static int compile_bind_mounts(
                        continue;

                if (exec_directory_is_private(context, t) &&
-                    !(context->root_directory || context->root_image)) {
+                    !exec_context_with_rootfs(context)) {
                        char *private_root;

                        /* So this is for a dynamic user, and we need to make sure the process can access its own
@ -3014,7 +3014,7 @@ static int compile_bind_mounts(
                        }

                        if (exec_directory_is_private(context, t) &&
-                            (context->root_directory || context->root_image))
+                            exec_context_with_rootfs(context))
                                /* When RootDirectory= or RootImage= are set, then the symbolic link to the private
                                 * directory is not created on the root directory. So, let's bind-mount the directory
                                 * on the 'non-private' place. */
@ -5658,7 +5658,7 @@ bool exec_context_get_effective_mount_apivfs(const ExecContext *c) {
                return c->mount_apivfs;

        /* Default to "yes" if root directory or image are specified */
-        if (c->root_image || !empty_or_root(c->root_directory))
+        if (exec_context_with_rootfs(c))
                return true;

        return false;
--- a/src/core/execute.h
+++ b/src/core/execute.h
@ -23,6 +23,7 @@ typedef struct Manager Manager;
 #include "namespace.h"
 #include "nsflags.h"
 #include "numa-util.h"
+#include "path-util.h"
 #include "time-util.h"

 #define EXEC_STDIN_DATA_MAX (64U*1024U*1024U)
@ -325,6 +326,14 @@ static inline bool exec_context_restrict_namespaces_set(const ExecContext *c) {
        return (c->restrict_namespaces & NAMESPACE_FLAGS_ALL) != NAMESPACE_FLAGS_ALL;
 }

+static inline bool exec_context_with_rootfs(const ExecContext *c) {
+        assert(c);
+
+        /* Checks if RootDirectory= or RootImage= are used */
+
+        return !empty_or_root(c->root_directory) || c->root_image;
+}
+
 typedef enum ExecFlags {
        EXEC_APPLY_SANDBOXING  = 1 << 0,
        EXEC_APPLY_CHROOT      = 1 << 1,