/* SPDX-License-Identifier: LGPL-2.1+ */
#if HAVE_BLKID
-#include <blkid.h>
#endif
#include <errno.h>
#include <getopt.h>
-#include <grp.h>
#include <linux/fs.h>
#include <linux/loop.h>
-#include <pwd.h>
-#include <sched.h>
#if HAVE_SELINUX
#include <selinux/selinux.h>
#endif
-#include <signal.h>
-#include <stdio.h>
#include <stdlib.h>
-#include <string.h>
#include <sys/file.h>
#include <sys/personality.h>
#include <sys/prctl.h>
e = getenv(var);
if (!e) {
- static bool warned = false;
-
+ /* $UNIFIED_CGROUP_HIERARCHY has been renamed to $SYSTEMD_NSPAWN_UNIFIED_HIERARCHY. */
var = "UNIFIED_CGROUP_HIERARCHY";
e = getenv(var);
- if (e && !warned) {
- log_info("$UNIFIED_CGROUP_HIERARCHY has been renamed to $SYSTEMD_NSPAWN_UNIFIED_HIERARCHY.");
- warned = true;
- }
}
if (!isempty(e)) {
return 0;
}
+static int parse_capability_spec(const char *spec, uint64_t *ret_mask) {
+ uint64_t mask = 0;
+ int r;
+
+ for (;;) {
+ _cleanup_free_ char *t = NULL;
+
+ r = extract_first_word(&spec, &t, ",", 0);
+ if (r < 0)
+ return log_error_errno(r, "Failed to parse capability %s.", t);
+ if (r == 0)
+ break;
+
+ if (streq(t, "help")) {
+ for (int i = 0; i < capability_list_length(); i++) {
+ const char *name;
+
+ name = capability_to_name(i);
+ if (name)
+ puts(name);
+ }
+
+ return 0; /* quit */
+ }
+
+ if (streq(t, "all"))
+ mask = (uint64_t) -1;
+ else {
+ r = capability_from_name(t);
+ if (r < 0)
+ return log_error_errno(r, "Failed to parse capability %s.", t);
+
+ mask |= 1ULL << r;
+ }
+ }
+
+ *ret_mask = mask;
+ return 1; /* continue */
+}
+
static int parse_share_ns_env(const char *name, unsigned long ns_flag) {
int r;
};
int c, r;
- const char *p;
uint64_t plus = 0, minus = 0;
bool mask_all_settings = false, mask_no_settings = false;
case ARG_CAPABILITY:
case ARG_DROP_CAPABILITY: {
- p = optarg;
- for (;;) {
- _cleanup_free_ char *t = NULL;
-
- r = extract_first_word(&p, &t, ",", 0);
- if (r < 0)
- return log_error_errno(r, "Failed to parse capability %s.", t);
- if (r == 0)
- break;
-
- if (streq(t, "all")) {
- if (c == ARG_CAPABILITY)
- plus = (uint64_t) -1;
- else
- minus = (uint64_t) -1;
- } else {
- r = capability_from_name(t);
- if (r < 0)
- return log_error_errno(r, "Failed to parse capability %s.", t);
-
- if (c == ARG_CAPABILITY)
- plus |= 1ULL << r;
- else
- minus |= 1ULL << r;
- }
- }
+ uint64_t m;
+ r = parse_capability_spec(optarg, &m);
+ if (r <= 0)
+ return r;
+ if (c == ARG_CAPABILITY)
+ plus |= m;
+ else
+ minus |= m;
arg_settings_mask |= SETTING_CAPABILITY;
break;
}
-
case ARG_NO_NEW_PRIVILEGES:
r = parse_boolean(optarg);
if (r < 0)
/* If we're not using OCI, proceed with mangled capabilities (so we don't error out)
* in order to maintain the same behavior as systemd < 242. */
if (capability_quintet_mangle(&q))
- log_warning("Some capabilities will not be set because they are not in the current bounding set.");
+ log_full(arg_quiet ? LOG_DEBUG : LOG_WARNING,
+ "Some capabilities will not be set because they are not in the current bounding set.");
}
if ((arg_settings_mask & SETTING_CAPABILITY) == 0) {
uint64_t plus, minus;
+ uint64_t network_minus = 0;
/* Note that we copy both the simple plus/minus caps here, and the full quintet from the
* Settings structure */
if (settings_private_network(settings))
plus |= UINT64_C(1) << CAP_NET_ADMIN;
else
- minus |= UINT64_C(1) << CAP_NET_ADMIN;
+ network_minus |= UINT64_C(1) << CAP_NET_ADMIN;
}
if (!arg_settings_trusted && plus != 0) {
if (settings->capability != 0)
log_warning("Ignoring Capability= setting, file %s is not trusted.", path);
- } else
+ } else {
+ arg_caps_retain &= ~network_minus;
arg_caps_retain |= plus;
+ }
arg_caps_retain &= ~minus;
projects / thirdparty / systemd.git / blobdiff