shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-12 13:18:14 +03:00
Code

core: don't override NoNewPriviliges= from SystemCallFilter= if it is already explicitly set

Browse Source
This commit is contained in:
Lennart Poettering 2014-03-05 04:41:01 +01:00
parent e567439ec6
commit 760b9d7cba
4 changed files with 39 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/core/execute.h
View File

@ -185,6 +185,7 @@ struct ExecContext {
bool nice_set:1;
bool ioprio_set:1;
bool cpu_sched_set:1;
bool no_new_privileges_set:1;
};
#include "cgroup.h"

2
src/core/load-fragment-gperf.gperf.m4
View File

@ -48,7 +48,7 @@ $1.Capabilities, config_parse_exec_capabilities, 0,
$1.SecureBits, config_parse_exec_secure_bits, 0, offsetof($1, exec_context)
$1.CapabilityBoundingSet, config_parse_bounding_set, 0, offsetof($1, exec_context.capability_bounding_set_drop)
$1.TimerSlackNSec, config_parse_nsec, 0, offsetof($1, exec_context.timer_slack_nsec)
$1.NoNewPrivileges, config_parse_bool, 0, offsetof($1, exec_context.no_new_privileges)
$1.NoNewPrivileges, config_parse_no_new_priviliges, 0, offsetof($1, exec_context)
m4_ifdef(`HAVE_SECCOMP',
`$1.SystemCallFilter, config_parse_syscall_filter, 0, offsetof($1, exec_context)
$1.SystemCallArchitectures, config_parse_syscall_archs, 0, offsetof($1, exec_context.syscall_archs)

37
src/core/load-fragment.c
View File

@ -2122,7 +2122,10 @@ int config_parse_syscall_filter(
set_remove(c->syscall_filter, INT_TO_PTR(id + 1));
}
c->no_new_privileges = true;
/* Turn on NNP, but only if it wasn't configured explicitly
* before, and only if we are in user mode. */
if (!c->no_new_privileges_set && u->manager->running_as == SYSTEMD_USER)
c->no_new_privileges = true;
return 0;
}
@ -2902,6 +2905,38 @@ int config_parse_namespace_path_strv(
return 0;
}
int config_parse_no_new_priviliges(
const char* unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
ExecContext *c = data;
int k;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
k = parse_boolean(rvalue);
if (k < 0) {
log_syntax(unit, LOG_ERR, filename, line, -k, "Failed to parse boolean value, ignoring: %s", rvalue);
return 0;
}
c->no_new_privileges = !!k;
c->no_new_privileges_set = true;
return 0;
}
#define FOLLOW_MAX 8
static int open_follow(char **filename, FILE **_f, Set *names, char **_final) {

1
src/core/load-fragment.h
View File

@ -94,6 +94,7 @@ int config_parse_address_families(const char *unit, const char *filename, unsign
int config_parse_runtime_directory(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_set_status(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_namespace_path_strv(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_no_new_priviliges(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
/* gperf prototypes */
const struct ConfigPerfItem* load_fragment_gperf_lookup(const char *key, unsigned length);