execute: add one more ExecFlags flag, for controlling unconditional directory chowning

Let's decouple the Manager object from the execution logic a bit more here too, and simply pass along the fact whether we should unconditionally chown the runtime/... directories via the ExecFlags field too.
2017-08-01 10:35:10 +02:00 · 2017-08-01 10:35:10 +02:00 · 8679efde21
parent af635cf377
commit 8679efde21
3 changed files with 8 additions and 8 deletions
--- a/src/core/execute.c
+++ b/src/core/execute.c
@ -1843,7 +1843,6 @@ static int setup_exec_directory(
                const ExecParameters *params,
                uid_t uid,
                gid_t gid,
-                bool manager_is_system,
                ExecDirectoryType type,
                int *exit_status) {

@ -1865,7 +1864,7 @@ static int setup_exec_directory(
        if (!params->prefix[type])
                return 0;

-        if (manager_is_system) {
+        if (params->flags & EXEC_CHOWN_DIRECTORIES) {
                if (!uid_is_valid(uid))
                        uid = 0;
                if (!gid_is_valid(gid))
@ -2601,7 +2600,7 @@ static int exec_child(
        }

        for (dt = 0; dt < _EXEC_DIRECTORY_MAX; dt++) {
-                r = setup_exec_directory(context, params, uid, gid, MANAGER_IS_SYSTEM(unit->manager), dt, exit_status);
+                r = setup_exec_directory(context, params, uid, gid, dt, exit_status);
                if (r < 0)
                        return r;
        }
--- a/src/core/execute.h
+++ b/src/core/execute.h
@ -260,12 +260,13 @@ typedef enum ExecFlags {
        EXEC_APPLY_TTY_STDIN   = 1U << 2,
        EXEC_NEW_KEYRING       = 1U << 3,
        EXEC_PASS_LOG_UNIT     = 1U << 4, /* Whether to pass the unit name to the service's journal stream connection */
+        EXEC_CHOWN_DIRECTORIES = 1U << 5, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */

        /* The following are not used by execute.c, but by consumers internally */
-        EXEC_PASS_FDS          = 1U << 5,
-        EXEC_IS_CONTROL        = 1U << 6,
-        EXEC_SETENV_RESULT     = 1U << 7,
-        EXEC_SET_WATCHDOG      = 1U << 8,
+        EXEC_PASS_FDS          = 1U << 6,
+        EXEC_IS_CONTROL        = 1U << 7,
+        EXEC_SETENV_RESULT     = 1U << 8,
+        EXEC_SET_WATCHDOG      = 1U << 9,
 } ExecFlags;

 struct ExecParameters {
--- a/src/core/manager.c
+++ b/src/core/manager.c
@ -3422,7 +3422,7 @@ int manager_set_exec_params(Manager *m, ExecParameters *p) {
        p->cgroup_supported = m->cgroup_supported;
        p->prefix = m->prefix;

-        SET_FLAG(p->flags, EXEC_PASS_LOG_UNIT, MANAGER_IS_SYSTEM(m));
+        SET_FLAG(p->flags, EXEC_PASS_LOG_UNIT|EXEC_CHOWN_DIRECTORIES, MANAGER_IS_SYSTEM(m));

        return 0;
 }