execute: also control the SYSTEMD_NSS_BYPASS_BUS through an ExecFlags field

Also, correct the logic while we are at it: the variable is only required for system services, not user services.
2017-08-01 10:43:04 +02:00 · 2017-08-01 10:43:04 +02:00 · ac6479781e
parent 5bf7569cf8
commit ac6479781e
3 changed files with 11 additions and 5 deletions
--- a/src/core/execute.c
+++ b/src/core/execute.c
@ -1536,7 +1536,7 @@ static int build_environment(
        /* If this is D-Bus, tell the nss-systemd module, since it relies on being able to use D-Bus look up dynamic
         * users via PID 1, possibly dead-locking the dbus daemon. This way it will not use D-Bus to resolve names, but
         * check the database directly. */
-        if (unit_has_name(u, SPECIAL_DBUS_SERVICE)) {
+        if (p->flags & EXEC_NSS_BYPASS_BUS) {
                x = strdup("SYSTEMD_NSS_BYPASS_BUS=1");
                if (!x)
                        return -ENOMEM;
--- a/src/core/execute.h
+++ b/src/core/execute.h
@ -261,12 +261,13 @@ typedef enum ExecFlags {
        EXEC_NEW_KEYRING       = 1U << 3,
        EXEC_PASS_LOG_UNIT     = 1U << 4, /* Whether to pass the unit name to the service's journal stream connection */
        EXEC_CHOWN_DIRECTORIES = 1U << 5, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */
+        EXEC_NSS_BYPASS_BUS    = 1U << 6, /* Set the SYSTEMD_NSS_BYPASS_BUS environment variable, to disable nss-systemd for dbus */

        /* The following are not used by execute.c, but by consumers internally */
-        EXEC_PASS_FDS          = 1U << 6,
-        EXEC_IS_CONTROL        = 1U << 7,
-        EXEC_SETENV_RESULT     = 1U << 8,
-        EXEC_SET_WATCHDOG      = 1U << 9,
+        EXEC_PASS_FDS          = 1U << 7,
+        EXEC_IS_CONTROL        = 1U << 8,
+        EXEC_SETENV_RESULT     = 1U << 9,
+        EXEC_SET_WATCHDOG      = 1U << 10,
 } ExecFlags;

 struct ExecParameters {
--- a/src/core/service.c
+++ b/src/core/service.c
@ -1360,6 +1360,11 @@ static int service_spawn(

        /* System services should get a new keyring by default. */
        SET_FLAG(exec_params.flags, EXEC_NEW_KEYRING, MANAGER_IS_SYSTEM(UNIT(s)->manager));
+
+        /* System D-Bus needs nss-systemd disabled, so that we don't deadlock */
+        SET_FLAG(exec_params.flags, EXEC_NSS_BYPASS_BUS,
+                 MANAGER_IS_SYSTEM(UNIT(s)->manager) && unit_has_name(UNIT(s), SPECIAL_DBUS_SERVICE));
+
        exec_params.argv = c->argv;
        exec_params.environment = final_env;
        exec_params.fds = fds;