shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-11 09:18:07 +03:00
Code

core: turn various execution flags into a proper flags parameter

Browse Source 
The ExecParameters structure contains a number of bit-flags, that were so far
exposed as bool:1, change this to a proper, single binary bit flag field. This
makes things a bit more expressive, and is helpful as we add more flags, since
these booleans are passed around in various callers, for example
service_spawn(), whose signature can be made much shorter now.

Not all bit booleans from ExecParameters are moved into the flags field for
now, but this can be added later.
This commit is contained in:
Lennart Poettering 2016-07-26 17:40:35 +02:00
parent 992e8f224b
commit c39f1ce24d
6 changed files with 72 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/core/execute.c
View File

@ -427,7 +427,7 @@ static int setup_input(
return STDIN_FILENO;
}
i = fixup_input(context->std_input, socket_fd, params->apply_tty_stdin);
i = fixup_input(context->std_input, socket_fd, params->flags & EXEC_APPLY_TTY_STDIN);
switch (i) {
@ -502,7 +502,7 @@ static int setup_output(
return STDERR_FILENO;
}
i = fixup_input(context->std_input, socket_fd, params->apply_tty_stdin);
i = fixup_input(context->std_input, socket_fd, params->flags & EXEC_APPLY_TTY_STDIN);
o = fixup_output(context->std_output, socket_fd);
if (fileno == STDERR_FILENO) {
@ -1675,7 +1675,7 @@ static int exec_child(
exec_context_tty_reset(context, params);
if (params->confirm_spawn) {
if (params->flags & EXEC_CONFIRM_SPAWN) {
char response;
r = ask_for_confirmation(&response, argv);
@ -1940,7 +1940,7 @@ static int exec_child(
umask(context->umask);
if (params->apply_permissions && !command->privileged) {
if ((params->flags & EXEC_APPLY_PERMISSIONS) && !command->privileged) {
r = enforce_groups(context, username, gid);
if (r < 0) {
*exit_status = EXIT_GROUP;
@ -2010,7 +2010,7 @@ static int exec_child(
}
r = setup_namespace(
params->apply_chroot ? context->root_directory : NULL,
(params->flags & EXEC_APPLY_CHROOT) ? context->root_directory : NULL,
context->read_write_paths,
context->read_only_paths,
context->inaccessible_paths,
@ -2041,7 +2041,7 @@ static int exec_child(
else
wd = "/";
if (params->apply_chroot) {
if (params->flags & EXEC_APPLY_CHROOT) {
if (!needs_mount_namespace && context->root_directory)
if (chroot(context->root_directory) < 0) {
*exit_status = EXIT_CHROOT;
@ -2065,7 +2065,12 @@ static int exec_child(
}
#ifdef HAVE_SELINUX
if (params->apply_permissions && mac_selinux_use() && params->selinux_context_net && socket_fd >= 0 && !command->privileged) {
if ((params->flags & EXEC_APPLY_PERMISSIONS) &&
mac_selinux_use() &&
params->selinux_context_net &&
socket_fd >= 0 &&
!command->privileged) {
r = mac_selinux_get_child_mls_label(socket_fd, command->path, context->selinux_context, &mac_selinux_context_net);
if (r < 0) {
*exit_status = EXIT_SELINUX_CONTEXT;
@ -2090,7 +2095,7 @@ static int exec_child(
return r;
}
if (params->apply_permissions && !command->privileged) {
if ((params->flags & EXEC_APPLY_PERMISSIONS) && !command->privileged) {
bool use_address_families = context->address_families_whitelist ||
!set_isempty(context->address_families);

17
src/core/execute.h
View File

@ -208,6 +208,17 @@ struct ExecContext {
bool no_new_privileges_set:1;
};
typedef enum ExecFlags {
EXEC_CONFIRM_SPAWN = 1U << 0,
EXEC_APPLY_PERMISSIONS = 1U << 1,
EXEC_APPLY_CHROOT = 1U << 2,
EXEC_APPLY_TTY_STDIN = 1U << 3,
/* The following are not usec by execute.c, but by consumers internally */
EXEC_PASS_FDS = 1U << 4,
EXEC_IS_CONTROL = 1U << 5,
} ExecFlags;
struct ExecParameters {
char **argv;
char **environment;
@ -216,11 +227,7 @@ struct ExecParameters {
char **fd_names;
unsigned n_fds;
bool apply_permissions:1;
bool apply_chroot:1;
bool apply_tty_stdin:1;
bool confirm_spawn:1;
ExecFlags flags;
bool selinux_context_net:1;
bool cgroup_delegate:1;

12
src/core/mount.c
View File

@ -701,12 +701,10 @@ static int mount_spawn(Mount *m, ExecCommand *c, pid_t *_pid) {
pid_t pid;
int r;
ExecParameters exec_params = {
.apply_permissions = true,
.apply_chroot = true,
.apply_tty_stdin = true,
.stdin_fd = -1,
.stdout_fd = -1,
.stderr_fd = -1,
.flags = EXEC_APPLY_PERMISSIONS|EXEC_APPLY_CHROOT|EXEC_APPLY_TTY_STDIN,
.stdin_fd = -1,
.stdout_fd = -1,
.stderr_fd = -1,
};
assert(m);
@ -732,7 +730,7 @@ static int mount_spawn(Mount *m, ExecCommand *c, pid_t *_pid) {
return r;
exec_params.environment = UNIT(m)->manager->environment;
exec_params.confirm_spawn = UNIT(m)->manager->confirm_spawn;
exec_params.flags |= UNIT(m)->manager->confirm_spawn ? EXEC_CONFIRM_SPAWN : 0;
exec_params.cgroup_supported = UNIT(m)->manager->cgroup_supported;
exec_params.cgroup_path = UNIT(m)->cgroup_path;
exec_params.cgroup_delegate = m->cgroup_context.delegate;

90
src/core/service.c
View File

@ -1152,11 +1152,7 @@ static int service_spawn(
Service *s,
ExecCommand *c,
usec_t timeout,
bool pass_fds,
bool apply_permissions,
bool apply_chroot,
bool apply_tty_stdin,
bool is_control,
ExecFlags flags,
pid_t *_pid) {
_cleanup_strv_free_ char **argv = NULL, **final_env = NULL, **our_env = NULL, **fd_names = NULL;
@ -1166,12 +1162,10 @@ static int service_spawn(
pid_t pid;
ExecParameters exec_params = {
.apply_permissions = apply_permissions,
.apply_chroot = apply_chroot,
.apply_tty_stdin = apply_tty_stdin,
.stdin_fd = -1,
.stdout_fd = -1,
.stderr_fd = -1,
.flags = flags,
.stdin_fd = -1,
.stdout_fd = -1,
.stderr_fd = -1,
};
int r;
@ -1194,7 +1188,7 @@ static int service_spawn(
if (r < 0)
return r;
if (pass_fds ||
if ((flags & EXEC_PASS_FDS) ||
s->exec_context.std_input == EXEC_INPUT_SOCKET ||
s->exec_context.std_output == EXEC_OUTPUT_SOCKET ||
s->exec_context.std_error == EXEC_OUTPUT_SOCKET) {
@ -1218,7 +1212,7 @@ static int service_spawn(
if (!our_env)
return -ENOMEM;
if (is_control ? s->notify_access == NOTIFY_ALL : s->notify_access != NOTIFY_NONE)
if ((flags & EXEC_IS_CONTROL) ? s->notify_access == NOTIFY_ALL : s->notify_access != NOTIFY_NONE)
if (asprintf(our_env + n_env++, "NOTIFY_SOCKET=%s", UNIT(s)->manager->notify_socket) < 0)
return -ENOMEM;
@ -1226,7 +1220,7 @@ static int service_spawn(
if (asprintf(our_env + n_env++, "MAINPID="PID_FMT, s->main_pid) < 0)
return -ENOMEM;
if (!MANAGER_IS_SYSTEM(UNIT(s)->manager))
if (MANAGER_IS_USER(UNIT(s)->manager))
if (asprintf(our_env + n_env++, "MANAGERPID="PID_FMT, getpid()) < 0)
return -ENOMEM;
@ -1266,18 +1260,18 @@ static int service_spawn(
if (!final_env)
return -ENOMEM;
if (is_control && UNIT(s)->cgroup_path) {
if ((flags & EXEC_IS_CONTROL) && UNIT(s)->cgroup_path) {
path = strjoina(UNIT(s)->cgroup_path, "/control");
(void) cg_create(SYSTEMD_CGROUP_CONTROLLER, path);
} else
path = UNIT(s)->cgroup_path;
exec_params.argv = argv;
exec_params.environment = final_env;
exec_params.fds = fds;
exec_params.fd_names = fd_names;
exec_params.n_fds = n_fds;
exec_params.environment = final_env;
exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
exec_params.flags |= UNIT(s)->manager->confirm_spawn ? EXEC_CONFIRM_SPAWN : 0;
exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
exec_params.cgroup_path = path;
exec_params.cgroup_delegate = s->cgroup_context.delegate;
@ -1465,11 +1459,9 @@ static void service_enter_stop_post(Service *s, ServiceResult f) {
r = service_spawn(s,
s->control_command,
s->timeout_stop_usec,
false,
!s->permissions_start_only,
!s->root_directory_start_only,
true,
true,
(s->permissions_start_only ? 0 : EXEC_APPLY_PERMISSIONS) |
(s->root_directory_start_only ? 0 : EXEC_APPLY_CHROOT) |
EXEC_APPLY_TTY_STDIN | EXEC_IS_CONTROL,
&s->control_pid);
if (r < 0)
goto fail;
@ -1580,11 +1572,9 @@ static void service_enter_stop(Service *s, ServiceResult f) {
r = service_spawn(s,
s->control_command,
s->timeout_stop_usec,
false,
!s->permissions_start_only,
!s->root_directory_start_only,
false,
true,
(s->permissions_start_only ? 0 : EXEC_APPLY_PERMISSIONS) |
(s->root_directory_start_only ? 0 : EXEC_APPLY_CHROOT) |
EXEC_IS_CONTROL,
&s->control_pid);
if (r < 0)
goto fail;
@ -1661,11 +1651,9 @@ static void service_enter_start_post(Service *s) {
r = service_spawn(s,
s->control_command,
s->timeout_start_usec,
false,
!s->permissions_start_only,
!s->root_directory_start_only,
false,
true,
(s->permissions_start_only ? 0 : EXEC_APPLY_PERMISSIONS)|
(s->root_directory_start_only ? 0 : EXEC_APPLY_CHROOT)|
EXEC_IS_CONTROL,
&s->control_pid);
if (r < 0)
goto fail;
@ -1735,11 +1723,7 @@ static void service_enter_start(Service *s) {
r = service_spawn(s,
c,
timeout,
true,
true,
true,
true,
false,
EXEC_PASS_FDS|EXEC_APPLY_PERMISSIONS|EXEC_APPLY_CHROOT|EXEC_APPLY_TTY_STDIN,
&pid);
if (r < 0)
goto fail;
@ -1798,11 +1782,9 @@ static void service_enter_start_pre(Service *s) {
r = service_spawn(s,
s->control_command,
s->timeout_start_usec,
false,
!s->permissions_start_only,
!s->root_directory_start_only,
true,
true,
(s->permissions_start_only ? 0 : EXEC_APPLY_PERMISSIONS) |
(s->root_directory_start_only ? 0: EXEC_APPLY_CHROOT) |
EXEC_IS_CONTROL|EXEC_APPLY_TTY_STDIN,
&s->control_pid);
if (r < 0)
goto fail;
@ -1877,11 +1859,9 @@ static void service_enter_reload(Service *s) {
r = service_spawn(s,
s->control_command,
s->timeout_start_usec,
false,
!s->permissions_start_only,
!s->root_directory_start_only,
false,
true,
(s->permissions_start_only ? 0 : EXEC_APPLY_PERMISSIONS) |
(s->root_directory_start_only ? 0 : EXEC_APPLY_CHROOT) |
EXEC_IS_CONTROL,
&s->control_pid);
if (r < 0)
goto fail;
@ -1919,12 +1899,10 @@ static void service_run_next_control(Service *s) {
r = service_spawn(s,
s->control_command,
timeout,
false,
!s->permissions_start_only,
!s->root_directory_start_only,
s->control_command_id == SERVICE_EXEC_START_PRE ||
s->control_command_id == SERVICE_EXEC_STOP_POST,
true,
(s->permissions_start_only ? 0 : EXEC_APPLY_PERMISSIONS) |
(s->root_directory_start_only ? 0 : EXEC_APPLY_CHROOT) |
(IN_SET(s->control_command_id, SERVICE_EXEC_START_PRE, SERVICE_EXEC_STOP_POST) ? EXEC_APPLY_TTY_STDIN : 0)|
EXEC_IS_CONTROL,
&s->control_pid);
if (r < 0)
goto fail;
@ -1962,11 +1940,7 @@ static void service_run_next_main(Service *s) {
r = service_spawn(s,
s->main_command,
s->timeout_start_usec,
true,
true,
true,
true,
false,
EXEC_PASS_FDS|EXEC_APPLY_PERMISSIONS|EXEC_APPLY_CHROOT|EXEC_APPLY_TTY_STDIN,
&pid);
if (r < 0)
goto fail;

12
src/core/socket.c
View File

@ -1664,12 +1664,10 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
pid_t pid;
int r;
ExecParameters exec_params = {
.apply_permissions = true,
.apply_chroot = true,
.apply_tty_stdin = true,
.stdin_fd = -1,
.stdout_fd = -1,
.stderr_fd = -1,
.flags = EXEC_APPLY_PERMISSIONS|EXEC_APPLY_CHROOT|EXEC_APPLY_TTY_STDIN,
.stdin_fd = -1,
.stdout_fd = -1,
.stderr_fd = -1,
};
assert(s);
@ -1700,7 +1698,7 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
exec_params.argv = argv;
exec_params.environment = UNIT(s)->manager->environment;
exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
exec_params.flags |= UNIT(s)->manager->confirm_spawn ? EXEC_CONFIRM_SPAWN : 0;
exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
exec_params.cgroup_path = UNIT(s)->cgroup_path;
exec_params.cgroup_delegate = s->cgroup_context.delegate;

12
src/core/swap.c
View File

@ -611,12 +611,10 @@ static int swap_spawn(Swap *s, ExecCommand *c, pid_t *_pid) {
pid_t pid;
int r;
ExecParameters exec_params = {
.apply_permissions = true,
.apply_chroot = true,
.apply_tty_stdin = true,
.stdin_fd = -1,
.stdout_fd = -1,
.stderr_fd = -1,
.flags = EXEC_APPLY_PERMISSIONS|EXEC_APPLY_CHROOT|EXEC_APPLY_TTY_STDIN,
.stdin_fd = -1,
.stdout_fd = -1,
.stderr_fd = -1,
};
assert(s);
@ -642,7 +640,7 @@ static int swap_spawn(Swap *s, ExecCommand *c, pid_t *_pid) {
goto fail;
exec_params.environment = UNIT(s)->manager->environment;
exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
exec_params.flags |= UNIT(s)->manager->confirm_spawn ? EXEC_CONFIRM_SPAWN : 0;
exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
exec_params.cgroup_path = UNIT(s)->cgroup_path;
exec_params.cgroup_delegate = s->cgroup_context.delegate;