mirror of
https://github.com/systemd/systemd.git
synced 2025-08-25 13:49:55 +03:00
Revert "Implement SocketUser= and SocketGroup= for [Socket]"
This was never intended to be pushed.
This reverts commit aea54018a5.
This commit is contained in:
Dave Reisner
@ -357,30 +357,6 @@
|
|||||||
0666.</para></listitem>
|
0666.</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term><varname>SocketUser=</varname></term>
|
|
||||||
<listitem><para>If listening on a file system
|
|
||||||
socket or FIFO, this option specifies the
|
|
||||||
user owner of the created socket. When
|
|
||||||
defining this, keep in mind that name
|
|
||||||
switch services for user name lookups may
|
|
||||||
not be available. It is advisable to use a
|
|
||||||
numeric UID for this
|
|
||||||
setting.</para></listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term><varname>SocketGroup=</varname></term>
|
|
||||||
<listitem><para>If listening on a file system
|
|
||||||
socket or FIFO, this option specifies the
|
|
||||||
group owner of the created socket. When
|
|
||||||
defining this, keep in mind that name
|
|
||||||
switch services for group name lookups may
|
|
||||||
not be available. It is advisable to use a
|
|
||||||
numeric GID for this
|
|
||||||
setting.</para></listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><varname>Accept=</varname></term>
|
<term><varname>Accept=</varname></term>
|
||||||
<listitem><para>Takes a boolean
|
<listitem><para>Takes a boolean
|
||||||
|
|||||||
@ -43,8 +43,6 @@
|
|||||||
" <property name=\"BindToDevice\" type=\"s\" access=\"read\"/>\n" \
|
" <property name=\"BindToDevice\" type=\"s\" access=\"read\"/>\n" \
|
||||||
" <property name=\"DirectoryMode\" type=\"u\" access=\"read\"/>\n" \
|
" <property name=\"DirectoryMode\" type=\"u\" access=\"read\"/>\n" \
|
||||||
" <property name=\"SocketMode\" type=\"u\" access=\"read\"/>\n" \
|
" <property name=\"SocketMode\" type=\"u\" access=\"read\"/>\n" \
|
||||||
" <property name=\"SocketUser\" type=\"s\" access=\"read\"/>\n" \
|
|
||||||
" <property name=\"SocketGroup\" type=\"s\" access=\"read\"/>\n" \
|
|
||||||
" <property name=\"Accept\" type=\"b\" access=\"read\"/>\n" \
|
" <property name=\"Accept\" type=\"b\" access=\"read\"/>\n" \
|
||||||
" <property name=\"KeepAlive\" type=\"b\" access=\"read\"/>\n" \
|
" <property name=\"KeepAlive\" type=\"b\" access=\"read\"/>\n" \
|
||||||
" <property name=\"Priority\" type=\"i\" access=\"read\"/>\n" \
|
" <property name=\"Priority\" type=\"i\" access=\"read\"/>\n" \
|
||||||
@ -111,8 +109,6 @@ static const BusProperty bus_socket_properties[] = {
|
|||||||
{ "BindToDevice", bus_property_append_string, "s", offsetof(Socket, bind_to_device), true },
|
{ "BindToDevice", bus_property_append_string, "s", offsetof(Socket, bind_to_device), true },
|
||||||
{ "DirectoryMode", bus_property_append_mode, "u", offsetof(Socket, directory_mode) },
|
{ "DirectoryMode", bus_property_append_mode, "u", offsetof(Socket, directory_mode) },
|
||||||
{ "SocketMode", bus_property_append_mode, "u", offsetof(Socket, socket_mode) },
|
{ "SocketMode", bus_property_append_mode, "u", offsetof(Socket, socket_mode) },
|
||||||
{ "SocketUser", bus_property_append_string, "s", offsetof(Socket, socket_user), true },
|
|
||||||
{ "SocketGroup", bus_property_append_string, "s", offsetof(Socket, socket_group), true },
|
|
||||||
{ "Accept", bus_property_append_bool, "b", offsetof(Socket, accept) },
|
{ "Accept", bus_property_append_bool, "b", offsetof(Socket, accept) },
|
||||||
{ "KeepAlive", bus_property_append_bool, "b", offsetof(Socket, keep_alive) },
|
{ "KeepAlive", bus_property_append_bool, "b", offsetof(Socket, keep_alive) },
|
||||||
{ "Priority", bus_property_append_int, "i", offsetof(Socket, priority) },
|
{ "Priority", bus_property_append_int, "i", offsetof(Socket, priority) },
|
||||||
|
|||||||
@ -189,8 +189,6 @@ Socket.ExecStopPost, config_parse_exec, SOCKET_EXEC
|
|||||||
Socket.TimeoutSec, config_parse_usec, 0, offsetof(Socket, timeout_usec)
|
Socket.TimeoutSec, config_parse_usec, 0, offsetof(Socket, timeout_usec)
|
||||||
Socket.DirectoryMode, config_parse_mode, 0, offsetof(Socket, directory_mode)
|
Socket.DirectoryMode, config_parse_mode, 0, offsetof(Socket, directory_mode)
|
||||||
Socket.SocketMode, config_parse_mode, 0, offsetof(Socket, socket_mode)
|
Socket.SocketMode, config_parse_mode, 0, offsetof(Socket, socket_mode)
|
||||||
Socket.SocketUser, config_parse_string, 0, offsetof(Socket, socket_user)
|
|
||||||
Socket.SocketGroup, config_parse_string, 0, offsetof(Socket, socket_group)
|
|
||||||
Socket.Accept, config_parse_bool, 0, offsetof(Socket, accept)
|
Socket.Accept, config_parse_bool, 0, offsetof(Socket, accept)
|
||||||
Socket.MaxConnections, config_parse_unsigned, 0, offsetof(Socket, max_connections)
|
Socket.MaxConnections, config_parse_unsigned, 0, offsetof(Socket, max_connections)
|
||||||
Socket.KeepAlive, config_parse_bool, 0, offsetof(Socket, keep_alive)
|
Socket.KeepAlive, config_parse_bool, 0, offsetof(Socket, keep_alive)
|
||||||
|
|||||||
@ -136,12 +136,6 @@ static void socket_done(Unit *u) {
|
|||||||
free(s->smack_ip_in);
|
free(s->smack_ip_in);
|
||||||
free(s->smack_ip_out);
|
free(s->smack_ip_out);
|
||||||
|
|
||||||
free(s->socket_user);
|
|
||||||
s->socket_user = NULL;
|
|
||||||
|
|
||||||
free(s->socket_group);
|
|
||||||
s->socket_group = NULL;
|
|
||||||
|
|
||||||
unit_unwatch_timer(u, &s->timer_watch);
|
unit_unwatch_timer(u, &s->timer_watch);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -455,16 +449,6 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
|
|||||||
prefix, yes_no(s->pass_sec),
|
prefix, yes_no(s->pass_sec),
|
||||||
prefix, strna(s->tcp_congestion));
|
prefix, strna(s->tcp_congestion));
|
||||||
|
|
||||||
if (s->socket_user)
|
|
||||||
fprintf(f,
|
|
||||||
"SocketUser: %s\n",
|
|
||||||
s->socket_user);
|
|
||||||
|
|
||||||
if (s->socket_group)
|
|
||||||
fprintf(f,
|
|
||||||
"SocketGroup: %s\n",
|
|
||||||
s->socket_group);
|
|
||||||
|
|
||||||
if (s->control_pid > 0)
|
if (s->control_pid > 0)
|
||||||
fprintf(f,
|
fprintf(f,
|
||||||
"%sControl PID: %lu\n",
|
"%sControl PID: %lu\n",
|
||||||
@ -708,9 +692,6 @@ static void socket_close_fds(Socket *s) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
static void socket_apply_socket_options(Socket *s, int fd) {
|
static void socket_apply_socket_options(Socket *s, int fd) {
|
||||||
uid_t uid = 0;
|
|
||||||
gid_t gid = 0;
|
|
||||||
|
|
||||||
assert(s);
|
assert(s);
|
||||||
assert(fd >= 0);
|
assert(fd >= 0);
|
||||||
|
|
||||||
@ -794,21 +775,6 @@ static void socket_apply_socket_options(Socket *s, int fd) {
|
|||||||
if (s->smack_ip_out)
|
if (s->smack_ip_out)
|
||||||
if (fsetxattr(fd, "security.SMACK64IPOUT", s->smack_ip_out, strlen(s->smack_ip_out), 0) < 0)
|
if (fsetxattr(fd, "security.SMACK64IPOUT", s->smack_ip_out, strlen(s->smack_ip_out), 0) < 0)
|
||||||
log_error("fsetxattr(\"security.SMACK64IPOUT\"): %m");
|
log_error("fsetxattr(\"security.SMACK64IPOUT\"): %m");
|
||||||
|
|
||||||
if (s->socket_user &&
|
|
||||||
get_user_creds((const char **)&s->socket_user, &uid,
|
|
||||||
NULL, NULL, NULL) < 0) {
|
|
||||||
log_warning("failed to lookup user: %s", s->socket_user);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (s->socket_group &&
|
|
||||||
get_group_creds((const char **)&s->socket_group, &gid) < 0) {
|
|
||||||
log_warning("failed to lookup group: %s", s->socket_group);
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((uid != 0 || gid != 0) && fchown(fd, uid, gid) < 0) {
|
|
||||||
log_warning("failed to change ownership of socket");
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void socket_apply_fifo_options(Socket *s, int fd) {
|
static void socket_apply_fifo_options(Socket *s, int fd) {
|
||||||
@ -828,15 +794,11 @@ static int fifo_address_create(
|
|||||||
const char *path,
|
const char *path,
|
||||||
mode_t directory_mode,
|
mode_t directory_mode,
|
||||||
mode_t socket_mode,
|
mode_t socket_mode,
|
||||||
const char *socket_user,
|
|
||||||
const char *socket_group,
|
|
||||||
int *_fd) {
|
int *_fd) {
|
||||||
|
|
||||||
int fd = -1, r = 0;
|
int fd = -1, r = 0;
|
||||||
struct stat st;
|
struct stat st;
|
||||||
mode_t old_mask;
|
mode_t old_mask;
|
||||||
uid_t uid = 0;
|
|
||||||
gid_t gid = 0;
|
|
||||||
|
|
||||||
assert(path);
|
assert(path);
|
||||||
assert(_fd);
|
assert(_fd);
|
||||||
@ -861,8 +823,7 @@ static int fifo_address_create(
|
|||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
|
if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
|
||||||
if (fd < 0) {
|
|
||||||
r = -errno;
|
r = -errno;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
@ -874,35 +835,15 @@ static int fifo_address_create(
|
|||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (socket_user &&
|
|
||||||
get_user_creds(&socket_user, &uid, NULL, NULL, NULL) < 0) {
|
|
||||||
r = -errno;
|
|
||||||
log_error("failed to lookup user: %s", socket_user);
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (socket_group &&
|
|
||||||
get_group_creds(&socket_group, &gid) < 0) {
|
|
||||||
r = -errno;
|
|
||||||
log_error("failed to lookup group: %s", socket_group);
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!S_ISFIFO(st.st_mode) ||
|
if (!S_ISFIFO(st.st_mode) ||
|
||||||
(st.st_mode & 0777) != (socket_mode & ~old_mask) ||
|
(st.st_mode & 0777) != (socket_mode & ~old_mask) ||
|
||||||
st.st_uid != uid ||
|
st.st_uid != getuid() ||
|
||||||
st.st_gid != gid) {
|
st.st_gid != getgid()) {
|
||||||
|
|
||||||
r = -EEXIST;
|
r = -EEXIST;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((uid != 0 || gid != 0) && fchown(fd, uid, gid) < 0) {
|
|
||||||
r = -errno;
|
|
||||||
log_error("failed to changed ownership of FIFO: %s", path);
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
|
|
||||||
*_fd = fd;
|
*_fd = fd;
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
@ -1072,8 +1013,6 @@ static int socket_open_fds(Socket *s) {
|
|||||||
p->path,
|
p->path,
|
||||||
s->directory_mode,
|
s->directory_mode,
|
||||||
s->socket_mode,
|
s->socket_mode,
|
||||||
s->socket_user,
|
|
||||||
s->socket_group,
|
|
||||||
&p->fd)) < 0)
|
&p->fd)) < 0)
|
||||||
goto rollback;
|
goto rollback;
|
||||||
|
|
||||||
|
|||||||
@ -118,8 +118,6 @@ struct Socket {
|
|||||||
|
|
||||||
mode_t directory_mode;
|
mode_t directory_mode;
|
||||||
mode_t socket_mode;
|
mode_t socket_mode;
|
||||||
char *socket_user;
|
|
||||||
char *socket_group;
|
|
||||||
|
|
||||||
SocketResult result;
|
SocketResult result;
|
||||||
|
|
||||||
|
|||||||
@ -52,7 +52,6 @@ int socket_address_listen(
|
|||||||
int *ret) {
|
int *ret) {
|
||||||
|
|
||||||
int r, fd, one;
|
int r, fd, one;
|
||||||
|
|
||||||
assert(a);
|
assert(a);
|
||||||
assert(ret);
|
assert(ret);
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user