core/execute: make PrivateMounts= tristate

author Yu Watanabe <watanabe.yu+github@gmail.com>

Fri, 17 Feb 2023 06:35:48 +0000 (15:35 +0900)

committer Yu Watanabe <watanabe.yu+github@gmail.com>

Thu, 23 Feb 2023 06:09:13 +0000 (15:09 +0900)
author Yu Watanabe <watanabe.yu+github@gmail.com>
Fri, 17 Feb 2023 06:35:48 +0000 (15:35 +0900)
committer Yu Watanabe <watanabe.yu+github@gmail.com>
Thu, 23 Feb 2023 06:09:13 +0000 (15:09 +0900)
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c

index b07b5775ff4e5364834dd9d986b04e780edd5b8f..8c3fa7b286939db475270618461384fdc3d12599 100644 (file)
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -1274,7 +1274,7 @@ const sd_bus_vtable bus_exec_vtable[] = {
          SD_BUS_PROPERTY("ProtectControlGroups", "b", bus_property_get_bool, offsetof(ExecContext, protect_control_groups), SD_BUS_VTABLE_PROPERTY_CONST),
          SD_BUS_PROPERTY("PrivateNetwork", "b", bus_property_get_bool, offsetof(ExecContext, private_network), SD_BUS_VTABLE_PROPERTY_CONST),
          SD_BUS_PROPERTY("PrivateUsers", "b", bus_property_get_bool, offsetof(ExecContext, private_users), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("PrivateMounts", "b", bus_property_get_bool, offsetof(ExecContext, private_mounts), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("PrivateMounts", "b", bus_property_get_tristate, offsetof(ExecContext, private_mounts), SD_BUS_VTABLE_PROPERTY_CONST),
          SD_BUS_PROPERTY("PrivateIPC", "b", bus_property_get_bool, offsetof(ExecContext, private_ipc), SD_BUS_VTABLE_PROPERTY_CONST),
          SD_BUS_PROPERTY("ProtectHome", "s", property_get_protect_home, offsetof(ExecContext, protect_home), SD_BUS_VTABLE_PROPERTY_CONST),
          SD_BUS_PROPERTY("ProtectSystem", "s", property_get_protect_system, offsetof(ExecContext, protect_system), SD_BUS_VTABLE_PROPERTY_CONST),
@@ -1933,7 +1933,7 @@ int bus_exec_context_set_transient_property(
                  return bus_set_transient_bool(u, name, &c->private_devices, message, flags, error);
  
          if (streq(name, "PrivateMounts"))
-                return bus_set_transient_bool(u, name, &c->private_mounts, message, flags, error);
+                return bus_set_transient_tristate(u, name, &c->private_mounts, message, flags, error);
  
          if (streq(name, "PrivateNetwork"))
                  return bus_set_transient_bool(u, name, &c->private_network, message, flags, error);
diff --git a/src/core/execute.c b/src/core/execute.c

index e19f38211849d7812c7650ef07aa53f011430a49..39ece6e7358af2d4ac41bb6b7dab97042dc5b107 100644 (file)
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2074,7 +2074,7 @@ bool exec_needs_mount_namespace(
                  return true;
  
          if (context->private_devices ||
-            context->private_mounts ||
+            context->private_mounts > 0 ||
              context->protect_system != PROTECT_SYSTEM_NO ||
              context->protect_home != PROTECT_HOME_NO ||
              context->protect_kernel_tunables ||
@@ -5488,6 +5488,7 @@ void exec_context_init(ExecContext *c) {
          c->tty_rows = UINT_MAX;
          c->tty_cols = UINT_MAX;
          numa_policy_reset(&c->numa_policy);
+        c->private_mounts = -1;
  }
  
  void exec_context_done(ExecContext *c) {
diff --git a/src/core/execute.h b/src/core/execute.h

index b115a52a732b80c3f475a811eef1fddbbe635a4d..79f98daf30321bf97424296fb6e7a2b4c5844b87 100644 (file)
--- a/src/core/execute.h
+++ b/src/core/execute.h
@@ -301,11 +301,11 @@ struct ExecContext {
          ProtectProc protect_proc;  /* hidepid= */
          ProcSubset proc_subset;    /* subset= */
  
+        int private_mounts;
          bool private_tmp;
          bool private_network;
          bool private_devices;
          bool private_users;
-        bool private_mounts;
          bool private_ipc;
          bool protect_kernel_tunables;
          bool protect_kernel_modules;
diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in

index 58ace4627913b4f63391d3e7681bb35bede9c973..2a8a10819b32e9fcdf9b5f13ed6b1bd6f7767f66 100644 (file)
--- a/src/core/load-fragment-gperf.gperf.in
+++ b/src/core/load-fragment-gperf.gperf.in
@@ -126,7 +126,7 @@
  {{type}}.LogNamespace,                     config_parse_log_namespace,                  0,                                  offsetof({{type}}, exec_context)
  {{type}}.PrivateNetwork,                   config_parse_bool,                           0,                                  offsetof({{type}}, exec_context.private_network)
  {{type}}.PrivateUsers,                     config_parse_bool,                           0,                                  offsetof({{type}}, exec_context.private_users)
-{{type}}.PrivateMounts,                    config_parse_bool,                           0,                                  offsetof({{type}}, exec_context.private_mounts)
+{{type}}.PrivateMounts,                    config_parse_tristate,                       0,                                  offsetof({{type}}, exec_context.private_mounts)
  {{type}}.PrivateIPC,                       config_parse_bool,                           0,                                  offsetof({{type}}, exec_context.private_ipc)
  {{type}}.ProtectSystem,                    config_parse_protect_system,                 0,                                  offsetof({{type}}, exec_context.protect_system)
  {{type}}.ProtectHome,                      config_parse_protect_home,                   0,                                  offsetof({{type}}, exec_context.protect_home)
author	Yu Watanabe <watanabe.yu+github@gmail.com>
	Fri, 17 Feb 2023 06:35:48 +0000 (15:35 +0900)
committer	Yu Watanabe <watanabe.yu+github@gmail.com>
	Thu, 23 Feb 2023 06:09:13 +0000 (15:09 +0900)
src/core/dbus-execute.c		patch \| blob \| blame \| history
src/core/execute.c		patch \| blob \| blame \| history
src/core/execute.h		patch \| blob \| blame \| history
src/core/load-fragment-gperf.gperf.in		patch \| blob \| blame \| history