picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

"-" prefix for InaccessibleDirectories and ReadOnlyDirectories

This commit is contained in:
Maciej Wereski 2013-08-21 16:43:55 +02:00 committed by Zbigniew Jędrzejewski-Szmek
parent ac8e20c6e9
commit ea92ae33e0
4 changed files with 31 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
TODO
View File

@ -23,6 +23,9 @@ Bugfixes:
- make the resulting line the requested number of *characters*, not *bytes*, - make the resulting line the requested number of *characters*, not *bytes*,
- avoid truncuating multi-byte sequences in the middle. - avoid truncuating multi-byte sequences in the middle.
* When we detect invalid UTF-8, we cant't use it in an error message:
log...("Path is not UTF-8 clean, ignoring assignment: %s", rvalue);
* shorten the message to sane length: * shorten the message to sane length:
Cannot add dependency job for unit display-manager.service, ignoring: Unit display-manager.service failed to load: No such file or directory. See system logs and 'systemctl status display-manager.service' for details. Cannot add dependency job for unit display-manager.service, ignoring: Unit display-manager.service failed to load: No such file or directory. See system logs and 'systemctl status display-manager.service' for details.
@ -285,9 +288,6 @@ Features:
* timedate: have global on/off switches for auto-time (NTP), and auto-timezone that connman can subscribe to. * timedate: have global on/off switches for auto-time (NTP), and auto-timezone that connman can subscribe to.
* Honour "-" prefix for InaccessibleDirectories= and ReadOnlyDirectories= to
suppress errors of the specified path doesn't exist
* dev-setup.c: when running in a container, create a tiny stub udev * dev-setup.c: when running in a container, create a tiny stub udev
database with the systemd tag set for all network interfaces found, database with the systemd tag set for all network interfaces found,
so that libudev reports them as present, and systemd's .device units so that libudev reports them as present, and systemd's .device units

10
man/systemd.exec.xml
View File

@ -828,7 +828,15 @@
the empty string is assigned to this the empty string is assigned to this
option the specific list is reset, and option the specific list is reset, and
all prior assignments have no all prior assignments have no
effect.</para></listitem> effect.</para>
<para>Paths in
<varname>ReadOnlyDirectories=</varname>
and
<varname>InaccessibleDirectories=</varname>
may be prefixed with
<literal>-</literal>, in which case
they will be ignored when they don't
exist.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>

12
src/core/namespace.c
View File

@ -51,6 +51,7 @@ typedef struct BindMount {
const char *path; const char *path;
MountMode mode; MountMode mode;
bool done; bool done;
bool ignore;
} BindMount; } BindMount;
static int append_mounts(BindMount **p, char **strv, MountMode mode) { static int append_mounts(BindMount **p, char **strv, MountMode mode) {
@ -58,6 +59,13 @@ static int append_mounts(BindMount **p, char **strv, MountMode mode) {
STRV_FOREACH(i, strv) { STRV_FOREACH(i, strv) {
(*p)->ignore = false;
if ((mode == INACCESSIBLE || mode == READONLY) && (*i)[0] == '-') {
(*p)->ignore = true;
(*i)++;
}
if (!path_is_absolute(*i)) if (!path_is_absolute(*i))
return -EINVAL; return -EINVAL;
@ -155,6 +163,8 @@ static int apply_mount(
r = mount(what, m->path, NULL, MS_BIND|MS_REC, NULL); r = mount(what, m->path, NULL, MS_BIND|MS_REC, NULL);
if (r >= 0) if (r >= 0)
log_debug("Successfully mounted %s to %s", what, m->path); log_debug("Successfully mounted %s to %s", what, m->path);
else if (m->ignore && errno == ENOENT)
r = 0;
return r; return r;
} }
@ -168,7 +178,7 @@ static int make_read_only(BindMount *m) {
return 0; return 0;
r = mount(NULL, m->path, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY|MS_REC, NULL); r = mount(NULL, m->path, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY|MS_REC, NULL);
if (r < 0) if (r < 0 && !(m->ignore && errno == ENOENT))
return -errno; return -errno;
return 0; return 0;

10
src/shared/conf-parser.c
View File

@ -599,6 +599,7 @@ int config_parse_path(const char *unit,
char **s = data; char **s = data;
char *n; char *n;
int offset;
assert(filename); assert(filename);
assert(lvalue); assert(lvalue);
@ -611,7 +612,9 @@ int config_parse_path(const char *unit,
return 0; return 0;
} }
if (!path_is_absolute(rvalue)) { offset = rvalue[0] == '-' && (streq(lvalue, "InaccessibleDirectories") ||
streq(lvalue, "ReadOnlyDirectories"));
if (!path_is_absolute(rvalue + offset)) {
log_syntax(unit, LOG_ERR, filename, line, EINVAL, log_syntax(unit, LOG_ERR, filename, line, EINVAL,
"Not an absolute path, ignoring: %s", rvalue); "Not an absolute path, ignoring: %s", rvalue);
return 0; return 0;
@ -713,6 +716,7 @@ int config_parse_path_strv(const char *unit,
FOREACH_WORD_QUOTED(w, l, rvalue, state) { FOREACH_WORD_QUOTED(w, l, rvalue, state) {
_cleanup_free_ char *n; _cleanup_free_ char *n;
int offset;
n = strndup(w, l); n = strndup(w, l);
if (!n) if (!n)
@ -724,7 +728,9 @@ int config_parse_path_strv(const char *unit,
continue; continue;
} }
if (!path_is_absolute(n)) { offset = n[0] == '-' && (streq(lvalue, "InaccessibleDirectories") ||
streq(lvalue, "ReadOnlyDirectories"));
if (!path_is_absolute(n + offset)) {
log_syntax(unit, LOG_ERR, filename, line, EINVAL, log_syntax(unit, LOG_ERR, filename, line, EINVAL,
"Not an absolute path, ignoring: %s", rvalue); "Not an absolute path, ignoring: %s", rvalue);
continue; continue;