nspawn: support .nspawn files in per-user mode

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index afe7ebd500ce4896741314aa215c67acbce42532..f1ed036b6224da2e7bf530bf238db8caa9d25ec8 100644 (file)
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -18,6 +18,7 @@
 #include "sd-event.h"
 #include "sd-id128.h"
 #include "sd-netlink.h"
+#include "sd-path.h"
 
 #include "alloc-util.h"
 #include "barrier.h"
@@ -4936,30 +4937,49 @@ static int load_settings(void) {
         if (FLAGS_SET(arg_settings_mask, _SETTINGS_MASK_ALL))
                 return 0;
 
-        /* We first look in the admin's directories in /etc and /run */
-        if (arg_privileged)
-                FOREACH_STRING(i, "/etc/systemd/nspawn", "/run/systemd/nspawn") {
-                        _cleanup_free_ char *j = NULL;
+        /* We first look in the admin's directories in /etc/ and /run/ */
+        static const uint64_t lookup_dir_system[] = {
+                SD_PATH_SYSTEM_CONFIGURATION,
+                SD_PATH_SYSTEM_RUNTIME,
+                _SD_PATH_INVALID,
+        };
+        static const uint64_t lookup_dir_user[] = {
+                SD_PATH_USER_CONFIGURATION,
+                SD_PATH_USER_RUNTIME,
+                _SD_PATH_INVALID,
+        };
 
-                        j = path_join(i, arg_settings_filename);
-                        if (!j)
-                                return log_oom();
+        const uint64_t *q = arg_privileged ? lookup_dir_system : lookup_dir_user;
+        for (; *q != _SD_PATH_INVALID; q++) {
+                _cleanup_free_ char *cd = NULL;
+                r = sd_path_lookup(*q, "systemd/nspawn", &cd);
+                if (r < 0) {
+                        log_warning_errno(r, "Failed to determine settings directory, ignoring: %m");
+                        continue;
+                }
 
-                        f = fopen(j, "re");
-                        if (f) {
-                                p = TAKE_PTR(j);
+                _cleanup_free_ char *j = NULL;
+                j = path_join(cd, arg_settings_filename);
+                if (!j)
+                        return log_oom();
 
-                                /* By default, we trust configuration from /etc and /run */
-                                if (arg_settings_trusted < 0)
-                                        arg_settings_trusted = true;
+                f = fopen(j, "re");
+                if (f) {
+                        p = TAKE_PTR(j);
 
-                                break;
-                        }
+                        log_debug("Found settings file: %s", p);
+
+                        /* By default, we trust configuration from /etc and /run */
+                        if (arg_settings_trusted < 0)
+                                arg_settings_trusted = true;
 
-                        if (errno != ENOENT)
-                                return log_error_errno(errno, "Failed to open %s: %m", j);
+                        break;
                 }
 
+                if (errno != ENOENT)
+                        return log_error_errno(errno, "Failed to open %s: %m", j);
+        }
+
         if (!f) {
                 /* After that, let's look for a file next to the
                  * actual image we shall boot. */
@@ -4979,6 +4999,9 @@ static int load_settings(void) {
                         if (!f && errno != ENOENT)
                                 return log_error_errno(errno, "Failed to open %s: %m", p);
 
+                        if (f)
+                                log_debug("Found settings file: %s", p);
+
                         /* By default, we do not trust configuration from /var/lib/machines */
                         if (arg_settings_trusted < 0)
                                 arg_settings_trusted = false;

diff --git a/src/systemd/sd-path.h b/src/systemd/sd-path.h
index 58726f731cee5b00b51df9c5aa4fd5df3705cd01..eb42e31a689ccf39bf6ed17ce16982d16cb29b8a 100644 (file)
--- a/src/systemd/sd-path.h
+++ b/src/systemd/sd-path.h
@@ -21,7 +21,7 @@
 
 _SD_BEGIN_DECLARATIONS;
 
-enum {
+__extension__ enum {
         /* Temporary files */
         SD_PATH_TEMPORARY,
         SD_PATH_TEMPORARY_LARGE,
@@ -129,7 +129,8 @@ enum {
         SD_PATH_USER_CREDENTIAL_STORE_ENCRYPTED,
         SD_PATH_USER_SEARCH_CREDENTIAL_STORE_ENCRYPTED,
 
-        _SD_PATH_MAX
+        _SD_PATH_MAX,
+        _SD_PATH_INVALID = UINT64_MAX
 };
 
 int sd_path_lookup(uint64_t type, const char *suffix, char **ret);