execute: also fold the cgroup delegate bit into ExecFlags
This commit is contained in:
parent
ac6479781e
commit
584b8688d1
|
@ -2589,7 +2589,7 @@ static int exec_child(
|
||||||
/* If delegation is enabled we'll pass ownership of the cgroup
|
/* If delegation is enabled we'll pass ownership of the cgroup
|
||||||
* (but only in systemd's own controller hierarchy!) to the
|
* (but only in systemd's own controller hierarchy!) to the
|
||||||
* user of the new process. */
|
* user of the new process. */
|
||||||
if (params->cgroup_path && context->user && params->cgroup_delegate) {
|
if (params->cgroup_path && context->user && (params->flags & EXEC_CGROUP_DELEGATE)) {
|
||||||
r = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER, params->cgroup_path, 0644, uid, gid);
|
r = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER, params->cgroup_path, 0644, uid, gid);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
*exit_status = EXIT_CGROUP;
|
*exit_status = EXIT_CGROUP;
|
||||||
|
|
|
@ -262,12 +262,13 @@ typedef enum ExecFlags {
|
||||||
EXEC_PASS_LOG_UNIT = 1U << 4, /* Whether to pass the unit name to the service's journal stream connection */
|
EXEC_PASS_LOG_UNIT = 1U << 4, /* Whether to pass the unit name to the service's journal stream connection */
|
||||||
EXEC_CHOWN_DIRECTORIES = 1U << 5, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */
|
EXEC_CHOWN_DIRECTORIES = 1U << 5, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */
|
||||||
EXEC_NSS_BYPASS_BUS = 1U << 6, /* Set the SYSTEMD_NSS_BYPASS_BUS environment variable, to disable nss-systemd for dbus */
|
EXEC_NSS_BYPASS_BUS = 1U << 6, /* Set the SYSTEMD_NSS_BYPASS_BUS environment variable, to disable nss-systemd for dbus */
|
||||||
|
EXEC_CGROUP_DELEGATE = 1U << 7,
|
||||||
|
|
||||||
/* The following are not used by execute.c, but by consumers internally */
|
/* The following are not used by execute.c, but by consumers internally */
|
||||||
EXEC_PASS_FDS = 1U << 7,
|
EXEC_PASS_FDS = 1U << 8,
|
||||||
EXEC_IS_CONTROL = 1U << 8,
|
EXEC_IS_CONTROL = 1U << 9,
|
||||||
EXEC_SETENV_RESULT = 1U << 9,
|
EXEC_SETENV_RESULT = 1U << 10,
|
||||||
EXEC_SET_WATCHDOG = 1U << 10,
|
EXEC_SET_WATCHDOG = 1U << 11,
|
||||||
} ExecFlags;
|
} ExecFlags;
|
||||||
|
|
||||||
struct ExecParameters {
|
struct ExecParameters {
|
||||||
|
@ -282,7 +283,6 @@ struct ExecParameters {
|
||||||
ExecFlags flags;
|
ExecFlags flags;
|
||||||
bool selinux_context_net:1;
|
bool selinux_context_net:1;
|
||||||
|
|
||||||
bool cgroup_delegate:1;
|
|
||||||
CGroupMask cgroup_supported;
|
CGroupMask cgroup_supported;
|
||||||
const char *cgroup_path;
|
const char *cgroup_path;
|
||||||
|
|
||||||
|
|
|
@ -775,7 +775,7 @@ static int mount_spawn(Mount *m, ExecCommand *c, pid_t *_pid) {
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
exec_params.cgroup_path = UNIT(m)->cgroup_path;
|
exec_params.cgroup_path = UNIT(m)->cgroup_path;
|
||||||
exec_params.cgroup_delegate = m->cgroup_context.delegate;
|
SET_FLAG(exec_params.flags, EXEC_CGROUP_DELEGATE, m->cgroup_context.delegate);
|
||||||
|
|
||||||
r = exec_spawn(UNIT(m),
|
r = exec_spawn(UNIT(m),
|
||||||
c,
|
c,
|
||||||
|
|
|
@ -1365,6 +1365,8 @@ static int service_spawn(
|
||||||
SET_FLAG(exec_params.flags, EXEC_NSS_BYPASS_BUS,
|
SET_FLAG(exec_params.flags, EXEC_NSS_BYPASS_BUS,
|
||||||
MANAGER_IS_SYSTEM(UNIT(s)->manager) && unit_has_name(UNIT(s), SPECIAL_DBUS_SERVICE));
|
MANAGER_IS_SYSTEM(UNIT(s)->manager) && unit_has_name(UNIT(s), SPECIAL_DBUS_SERVICE));
|
||||||
|
|
||||||
|
SET_FLAG(exec_params.flags, EXEC_CGROUP_DELEGATE, s->cgroup_context.delegate);
|
||||||
|
|
||||||
exec_params.argv = c->argv;
|
exec_params.argv = c->argv;
|
||||||
exec_params.environment = final_env;
|
exec_params.environment = final_env;
|
||||||
exec_params.fds = fds;
|
exec_params.fds = fds;
|
||||||
|
@ -1372,7 +1374,6 @@ static int service_spawn(
|
||||||
exec_params.n_storage_fds = n_storage_fds;
|
exec_params.n_storage_fds = n_storage_fds;
|
||||||
exec_params.n_socket_fds = n_socket_fds;
|
exec_params.n_socket_fds = n_socket_fds;
|
||||||
exec_params.cgroup_path = path;
|
exec_params.cgroup_path = path;
|
||||||
exec_params.cgroup_delegate = s->cgroup_context.delegate;
|
|
||||||
exec_params.watchdog_usec = s->watchdog_usec;
|
exec_params.watchdog_usec = s->watchdog_usec;
|
||||||
exec_params.selinux_context_net = s->socket_fd_selinux_context_net;
|
exec_params.selinux_context_net = s->socket_fd_selinux_context_net;
|
||||||
if (s->type == SERVICE_IDLE)
|
if (s->type == SERVICE_IDLE)
|
||||||
|
|
|
@ -1796,7 +1796,8 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
|
||||||
|
|
||||||
exec_params.argv = c->argv;
|
exec_params.argv = c->argv;
|
||||||
exec_params.cgroup_path = UNIT(s)->cgroup_path;
|
exec_params.cgroup_path = UNIT(s)->cgroup_path;
|
||||||
exec_params.cgroup_delegate = s->cgroup_context.delegate;
|
|
||||||
|
SET_FLAG(exec_params.flags, EXEC_CGROUP_DELEGATE, s->cgroup_context.delegate);
|
||||||
|
|
||||||
r = exec_spawn(UNIT(s),
|
r = exec_spawn(UNIT(s),
|
||||||
c,
|
c,
|
||||||
|
|
|
@ -641,7 +641,7 @@ static int swap_spawn(Swap *s, ExecCommand *c, pid_t *_pid) {
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
exec_params.cgroup_path = UNIT(s)->cgroup_path;
|
exec_params.cgroup_path = UNIT(s)->cgroup_path;
|
||||||
exec_params.cgroup_delegate = s->cgroup_context.delegate;
|
SET_FLAG(exec_params.flags, EXEC_CGROUP_DELEGATE, s->cgroup_context.delegate);
|
||||||
|
|
||||||
r = exec_spawn(UNIT(s),
|
r = exec_spawn(UNIT(s),
|
||||||
c,
|
c,
|
||||||
|
|
Loading…
Reference in a new issue