return false;
}
-int exec_context_destroy_credentials(const ExecContext *c, const char *runtime_prefix, const char *unit) {
- _cleanup_free_ char *p = NULL;
+static int get_credential_directory(
+ const char *runtime_prefix,
+ const char *unit,
+ char **ret) {
- assert(c);
+ char *p;
- if (!runtime_prefix || !unit)
+ assert(ret);
+
+ if (!runtime_prefix || !unit) {
+ *ret = NULL;
return 0;
+ }
p = path_join(runtime_prefix, "credentials", unit);
if (!p)
return -ENOMEM;
+ *ret = p;
+ return 1;
+}
+
+int unit_add_default_credential_dependencies(Unit *u, const ExecContext *c) {
+ _cleanup_free_ char *p = NULL, *m = NULL;
+ int r;
+
+ assert(u);
+ assert(c);
+
+ if (!exec_context_has_credentials(c))
+ return 0;
+
+ /* Let's make sure the credentials directory of this service is unmounted *after* the service itself
+ * shuts down. This only matters if mount namespacing is not used for the service, and hence the
+ * credentials mount appears on the host. */
+
+ r = get_credential_directory(u->manager->prefix[EXEC_DIRECTORY_RUNTIME], u->id, &p);
+ if (r <= 0)
+ return r;
+
+ r = unit_name_from_path(p, ".mount", &m);
+ if (r < 0)
+ return r;
+
+ return unit_add_dependency_by_name(u, UNIT_AFTER, m, /* add_reference= */ true, UNIT_DEPENDENCY_FILE);
+}
+
+int exec_context_destroy_credentials(const ExecContext *c, const char *runtime_prefix, const char *unit) {
+ _cleanup_free_ char *p = NULL;
+ int r;
+
+ assert(c);
+
+ r = get_credential_directory(runtime_prefix, unit, &p);
+ if (r <= 0)
+ return r;
+
/* This is either a tmpfs/ramfs of its own, or a plain directory. Either way, let's first try to
* unmount it, and afterwards remove the mount point */
(void) umount2(p, MNT_DETACH|UMOUNT_NOFOLLOW);
typedef struct ExecContext ExecContext;
typedef struct ExecParameters ExecParameters;
+typedef struct Unit Unit;
/* A credential configured with LoadCredential= */
typedef struct ExecLoadCredential {
bool exec_context_has_encrypted_credentials(ExecContext *c);
bool exec_context_has_credentials(const ExecContext *c);
+int unit_add_default_credential_dependencies(Unit *u, const ExecContext *c);
+
int exec_context_destroy_credentials(const ExecContext *c, const char *runtime_root, const char *unit);
int setup_credentials(
const ExecContext *context,
r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_REQUIRES, varlink_socket_unit, true, UNIT_DEPENDENCY_FILE);
if (r < 0)
return r;
- } else
+ } else {
r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_JOURNALD_SOCKET, true, UNIT_DEPENDENCY_FILE);
- if (r < 0)
- return r;
-
- if (exec_context_has_credentials(c) && u->manager->prefix[EXEC_DIRECTORY_RUNTIME]) {
- _cleanup_free_ char *p = NULL, *m = NULL;
-
- /* Let's make sure the credentials directory of this service is unmounted *after* the service
- * itself shuts down. This only matters if mount namespacing is not used for the service, and
- * hence the credentials mount appears on the host. */
-
- p = path_join(u->manager->prefix[EXEC_DIRECTORY_RUNTIME], "credentials", u->id);
- if (!p)
- return -ENOMEM;
-
- r = unit_name_from_path(p, ".mount", &m);
- if (r < 0)
- return r;
-
- r = unit_add_dependency_by_name(u, UNIT_AFTER, m, /* add_reference= */ true, UNIT_DEPENDENCY_FILE);
if (r < 0)
return r;
}
+ r = unit_add_default_credential_dependencies(u, c);
+ if (r < 0)
+ return r;
+
return 0;
}