core: don't insert an extra space before each SocketBind{Allow,Deny}= item

author Frantisek Sumsal <frantisek@sumsal.cz>

Fri, 27 Oct 2023 16:36:35 +0000 (18:36 +0200)

committer Frantisek Sumsal <frantisek@sumsal.cz>

Fri, 27 Oct 2023 18:08:47 +0000 (20:08 +0200)
author Frantisek Sumsal <frantisek@sumsal.cz>
Fri, 27 Oct 2023 16:36:35 +0000 (18:36 +0200)
committer Frantisek Sumsal <frantisek@sumsal.cz>
Fri, 27 Oct 2023 18:08:47 +0000 (20:08 +0200)
diff --git a/src/core/cgroup.c b/src/core/cgroup.c

index 15dfc56fb77482bf0eb67dfa26336116aa736859..535f457fa836adac666f0cff114de7a626430d0e 100644 (file)
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -698,16 +698,14 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
                          prefix, bpf_cgroup_attach_type_to_string(p->attach_type), p->bpffs_path);
  
          if (c->socket_bind_allow) {
-                fprintf(f, "%sSocketBindAllow:", prefix);
-                LIST_FOREACH(socket_bind_items, bi, c->socket_bind_allow)
-                        cgroup_context_dump_socket_bind_item(bi, f);
+                fprintf(f, "%sSocketBindAllow: ", prefix);
+                cgroup_context_dump_socket_bind_items(c->socket_bind_allow, f);
                  fputc('\n', f);
          }
  
          if (c->socket_bind_deny) {
-                fprintf(f, "%sSocketBindDeny:", prefix);
-                LIST_FOREACH(socket_bind_items, bi, c->socket_bind_deny)
-                        cgroup_context_dump_socket_bind_item(bi, f);
+                fprintf(f, "%sSocketBindDeny: ", prefix);
+                cgroup_context_dump_socket_bind_items(c->socket_bind_deny, f);
                  fputc('\n', f);
          }
  
@@ -734,16 +732,29 @@ void cgroup_context_dump_socket_bind_item(const CGroupSocketBindItem *item, FILE
          }
  
          if (item->nr_ports == 0)
-                fprintf(f, " %s%s%s%sany", family, colon1, protocol, colon2);
+                fprintf(f, "%s%s%s%sany", family, colon1, protocol, colon2);
          else if (item->nr_ports == 1)
-                fprintf(f, " %s%s%s%s%" PRIu16, family, colon1, protocol, colon2, item->port_min);
+                fprintf(f, "%s%s%s%s%" PRIu16, family, colon1, protocol, colon2, item->port_min);
          else {
                  uint16_t port_max = item->port_min + item->nr_ports - 1;
-                fprintf(f, " %s%s%s%s%" PRIu16 "-%" PRIu16, family, colon1, protocol, colon2,
+                fprintf(f, "%s%s%s%s%" PRIu16 "-%" PRIu16, family, colon1, protocol, colon2,
                          item->port_min, port_max);
          }
  }
  
+void cgroup_context_dump_socket_bind_items(const CGroupSocketBindItem *items, FILE *f) {
+        bool first = true;
+
+        LIST_FOREACH(socket_bind_items, bi, items) {
+                if (first)
+                        first = false;
+                else
+                        fputc(' ', f);
+
+                cgroup_context_dump_socket_bind_item(bi, f);
+        }
+}
+
  int cgroup_context_add_device_allow(CGroupContext *c, const char *dev, CGroupDevicePermissions p) {
          _cleanup_free_ CGroupDeviceAllow *a = NULL;
          _cleanup_free_ char *d = NULL;
diff --git a/src/core/cgroup.h b/src/core/cgroup.h

index 9816966dbb221156a6fea6af13e5d3b79d1d48a5..d7cc842835b454e157c86153b14fcf0cc59ff98f 100644 (file)
--- a/src/core/cgroup.h
+++ b/src/core/cgroup.h
@@ -273,6 +273,7 @@ void cgroup_context_init(CGroupContext *c);
  void cgroup_context_done(CGroupContext *c);
  void cgroup_context_dump(Unit *u, FILE* f, const char *prefix);
  void cgroup_context_dump_socket_bind_item(const CGroupSocketBindItem *item, FILE *f);
+void cgroup_context_dump_socket_bind_items(const CGroupSocketBindItem *items, FILE *f);
  
  void cgroup_context_free_device_allow(CGroupContext *c, CGroupDeviceAllow *a);
  void cgroup_context_free_io_device_weight(CGroupContext *c, CGroupIODeviceWeight *w);
diff --git a/src/test/test-socket-bind.c b/src/test/test-socket-bind.c

index 9372f208ae95ac020ac1fb28e135b9af02a6957d..84a897801a5595546d0665d3878b865e4fb9a837 100644 (file)
--- a/src/test/test-socket-bind.c
+++ b/src/test/test-socket-bind.c
@@ -49,9 +49,8 @@ static int test_socket_bind(
                          return log_unit_error_errno(u, r, "Failed to parse SocketBindAllow: %m");
          }
  
-        fprintf(stderr, "SocketBindAllow:");
-        LIST_FOREACH(socket_bind_items, bi, cc->socket_bind_allow)
-                cgroup_context_dump_socket_bind_item(bi, stderr);
+        fprintf(stderr, "SocketBindAllow: ");
+        cgroup_context_dump_socket_bind_items(cc->socket_bind_allow, stderr);
          fputc('\n', stderr);
  
          STRV_FOREACH(rule, deny_rules) {
@@ -62,9 +61,8 @@ static int test_socket_bind(
                          return log_unit_error_errno(u, r, "Failed to parse SocketBindDeny: %m");
          }
  
-        fprintf(stderr, "SocketBindDeny:");
-        LIST_FOREACH(socket_bind_items, bi, cc->socket_bind_deny)
-                cgroup_context_dump_socket_bind_item(bi, stderr);
+        fprintf(stderr, "SocketBindDeny: ");
+        cgroup_context_dump_socket_bind_items(cc->socket_bind_deny, stderr);
          fputc('\n', stderr);
  
          exec_start = strjoin("-timeout --preserve-status -sSIGTERM 1s ", netcat_path, " -l ", port, " -vv");
author	Frantisek Sumsal <frantisek@sumsal.cz>
	Fri, 27 Oct 2023 16:36:35 +0000 (18:36 +0200)
committer	Frantisek Sumsal <frantisek@sumsal.cz>
	Fri, 27 Oct 2023 18:08:47 +0000 (20:08 +0200)
src/core/cgroup.c		patch \| blob \| blame \| history
src/core/cgroup.h		patch \| blob \| blame \| history
src/test/test-socket-bind.c		patch \| blob \| blame \| history