picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

nspawn: split out code parsing env vars into a function of its own 

This then let's us to ensure it's called after we parsed the cmdline,
and after we loaded the settings file, so that it these env var settings
override everything loaded from there.
This commit is contained in:
Lennart Poettering 2018-12-06 21:54:11 +01:00
parent 5eee829043
commit d5455d2f98
1 changed files with 27 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
src/nspawn/nspawn.c
View File

@ -431,6 +431,30 @@ static void parse_mount_settings_env(void) {
SET_FLAG(arg_mount_settings, MOUNT_APPLY_APIVFS_NETNS, false);
}
static void parse_environment(void) {
const char *e;
int r;
parse_share_ns_env("SYSTEMD_NSPAWN_SHARE_NS_IPC", CLONE_NEWIPC);
parse_share_ns_env("SYSTEMD_NSPAWN_SHARE_NS_PID", CLONE_NEWPID);
parse_share_ns_env("SYSTEMD_NSPAWN_SHARE_NS_UTS", CLONE_NEWUTS);
parse_share_ns_env("SYSTEMD_NSPAWN_SHARE_SYSTEM", CLONE_NEWIPC|CLONE_NEWPID|CLONE_NEWUTS);
parse_mount_settings_env();
r = getenv_bool("SYSTEMD_NSPAWN_USE_CGNS");
if (r < 0)
arg_use_cgns = cg_ns_supported();
else
arg_use_cgns = r;
e = getenv("SYSTEMD_NSPAWN_CONTAINER_SERVICE");
if (e)
arg_container_service_name = e;
detect_unified_cgroup_hierarchy_from_environment();
}
static int parse_argv(int argc, char *argv[]) {
enum {
ARG_VERSION = 0x100,
@ -539,7 +563,7 @@ static int parse_argv(int argc, char *argv[]) {
};
int c, r;
const char *p, *e;
const char *p;
uint64_t plus = 0, minus = 0;
bool mask_all_settings = false, mask_no_settings = false;
@ -1243,10 +1267,6 @@ static int parse_argv(int argc, char *argv[]) {
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"--network-namespace-path cannot be combined with other network options.");
parse_share_ns_env("SYSTEMD_NSPAWN_SHARE_NS_IPC", CLONE_NEWIPC);
parse_share_ns_env("SYSTEMD_NSPAWN_SHARE_NS_PID", CLONE_NEWPID);
parse_share_ns_env("SYSTEMD_NSPAWN_SHARE_NS_UTS", CLONE_NEWUTS);
parse_share_ns_env("SYSTEMD_NSPAWN_SHARE_SYSTEM", CLONE_NEWIPC|CLONE_NEWPID|CLONE_NEWUTS);
if (arg_userns_mode != USER_NAMESPACE_NO)
arg_mount_settings |= MOUNT_USE_USERNS;
@ -1254,8 +1274,6 @@ static int parse_argv(int argc, char *argv[]) {
if (arg_private_network)
arg_mount_settings |= MOUNT_APPLY_APIVFS_NETNS;
parse_mount_settings_env();
if (!(arg_clone_ns_flags & CLONE_NEWPID) ||
!(arg_clone_ns_flags & CLONE_NEWUTS)) {
arg_register = false;
@ -1332,16 +1350,6 @@ static int parse_argv(int argc, char *argv[]) {
arg_caps_retain = (arg_caps_retain | plus | (arg_private_network ? 1ULL << CAP_NET_ADMIN : 0)) & ~minus;
e = getenv("SYSTEMD_NSPAWN_CONTAINER_SERVICE");
if (e)
arg_container_service_name = e;
r = getenv_bool("SYSTEMD_NSPAWN_USE_CGNS");
if (r < 0)
arg_use_cgns = cg_ns_supported();
else
arg_use_cgns = r;
r = custom_mount_check_all();
if (r < 0)
return r;
@ -4222,6 +4230,8 @@ int main(int argc, char *argv[]) {
if (r < 0)
goto finish;
parse_environment();
r = cg_unified_flush();
if (r < 0) {
log_error_errno(r, "Failed to determine whether the unified cgroups hierarchy is used: %m");