Merge pull request #15318 from fbuihuu/inherit-umask-for-user-units
pid1: by default make user units inherit their umask from the user ma…
This commit is contained in:
commit
611cb82612
|
@ -652,8 +652,13 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
|
||||||
<term><varname>UMask=</varname></term>
|
<term><varname>UMask=</varname></term>
|
||||||
|
|
||||||
<listitem><para>Controls the file mode creation mask. Takes an access mode in octal notation. See
|
<listitem><para>Controls the file mode creation mask. Takes an access mode in octal notation. See
|
||||||
<citerefentry><refentrytitle>umask</refentrytitle><manvolnum>2</manvolnum></citerefentry> for details. Defaults
|
<citerefentry><refentrytitle>umask</refentrytitle><manvolnum>2</manvolnum></citerefentry> for
|
||||||
to 0022.</para></listitem>
|
details. Defaults to 0022 for system units. For units of the user service manager the default value
|
||||||
|
is inherited from the user instance (whose default is inherited from the system service manager, and
|
||||||
|
thus also is 0022). Hence changing the default value of a user instance, either via
|
||||||
|
<varname>UMask=</varname> or via a PAM module, will affect the user instance itself and all user
|
||||||
|
units started by the user instance unless a user unit has specified its own
|
||||||
|
<varname>UMask=</varname>.</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
|
|
|
@ -628,6 +628,23 @@ int get_process_ppid(pid_t pid, pid_t *_ppid) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int get_process_umask(pid_t pid, mode_t *umask) {
|
||||||
|
_cleanup_free_ char *m = NULL;
|
||||||
|
const char *p;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
assert(umask);
|
||||||
|
assert(pid >= 0);
|
||||||
|
|
||||||
|
p = procfs_file_alloca(pid, "status");
|
||||||
|
|
||||||
|
r = get_proc_field(p, "Umask", WHITESPACE, &m);
|
||||||
|
if (r == -ENOENT)
|
||||||
|
return -ESRCH;
|
||||||
|
|
||||||
|
return parse_mode(m, umask);
|
||||||
|
}
|
||||||
|
|
||||||
int wait_for_terminate(pid_t pid, siginfo_t *status) {
|
int wait_for_terminate(pid_t pid, siginfo_t *status) {
|
||||||
siginfo_t dummy;
|
siginfo_t dummy;
|
||||||
|
|
||||||
|
|
|
@ -45,6 +45,7 @@ int get_process_cwd(pid_t pid, char **cwd);
|
||||||
int get_process_root(pid_t pid, char **root);
|
int get_process_root(pid_t pid, char **root);
|
||||||
int get_process_environ(pid_t pid, char **environ);
|
int get_process_environ(pid_t pid, char **environ);
|
||||||
int get_process_ppid(pid_t pid, pid_t *ppid);
|
int get_process_ppid(pid_t pid, pid_t *ppid);
|
||||||
|
int get_process_umask(pid_t pid, mode_t *umask);
|
||||||
|
|
||||||
int wait_for_terminate(pid_t pid, siginfo_t *status);
|
int wait_for_terminate(pid_t pid, siginfo_t *status);
|
||||||
|
|
||||||
|
|
|
@ -187,8 +187,16 @@ static void unit_init(Unit *u) {
|
||||||
if (ec) {
|
if (ec) {
|
||||||
exec_context_init(ec);
|
exec_context_init(ec);
|
||||||
|
|
||||||
ec->keyring_mode = MANAGER_IS_SYSTEM(u->manager) ?
|
if (MANAGER_IS_SYSTEM(u->manager))
|
||||||
EXEC_KEYRING_SHARED : EXEC_KEYRING_INHERIT;
|
ec->keyring_mode = EXEC_KEYRING_SHARED;
|
||||||
|
else {
|
||||||
|
ec->keyring_mode = EXEC_KEYRING_INHERIT;
|
||||||
|
|
||||||
|
/* User manager might have its umask redefined by PAM or UMask=. In this
|
||||||
|
* case let the units it manages inherit this value by default. They can
|
||||||
|
* still tune this value through their own unit file */
|
||||||
|
(void) get_process_umask(getpid_cached(), &ec->umask);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
kc = unit_get_kill_context(u);
|
kc = unit_get_kill_context(u);
|
||||||
|
|
Loading…
Reference in a new issue