#include <sys/prctl.h>
-#ifdef HAVE_SECCOMP
+#if HAVE_SECCOMP
#include <seccomp.h>
#endif
#include "path-util.h"
#include "process-util.h"
#include "rlimit-util.h"
-#ifdef HAVE_SECCOMP
+#if HAVE_SECCOMP
#include "seccomp-util.h"
#endif
#include "securebits-util.h"
_cleanup_strv_free_ char **l = NULL;
int r;
-#ifdef HAVE_SECCOMP
+#if HAVE_SECCOMP
Iterator i;
void *id;
#endif
if (r < 0)
return r;
-#ifdef HAVE_SECCOMP
+#if HAVE_SECCOMP
SET_FOREACH(id, c->syscall_filter, i) {
char *name;
_cleanup_strv_free_ char **l = NULL;
int r;
-#ifdef HAVE_SECCOMP
+#if HAVE_SECCOMP
Iterator i;
void *id;
#endif
assert(reply);
assert(c);
-#ifdef HAVE_SECCOMP
+#if HAVE_SECCOMP
SET_FOREACH(id, c->syscall_archs, i) {
const char *name;
return 1;
-#ifdef HAVE_SECCOMP
+#if HAVE_SECCOMP
} else if (streq(name, "SystemCallFilter")) {
int whitelist;
if (streq(name, "UMask"))
c->umask = m;
else
- for (i = 0; i < _EXEC_DIRECTORY_MAX; i++)
+ for (i = 0; i < _EXEC_DIRECTORY_TYPE_MAX; i++)
if (startswith(name, exec_directory_type_to_string(i))) {
c->directories[i].mode = m;
break;
return r;
STRV_FOREACH(p, l) {
- if (!filename_is_valid(*p))
- return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s is not valid %s", name, *p);
+ if (!path_is_safe(*p) || path_is_absolute(*p))
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= path is not valid: %s", name, *p);
}
if (mode != UNIT_CHECK) {
char ***dirs = NULL;
ExecDirectoryType i;
- for (i = 0; i < _EXEC_DIRECTORY_MAX; i++)
+ for (i = 0; i < _EXEC_DIRECTORY_TYPE_MAX; i++)
if (streq(name, exec_directory_type_to_string(i))) {
dirs = &c->directories[i].paths;
break;
unit_write_drop_in_private_format(u, mode, name, "%s=", name);
} else {
r = strv_extend_strv(dirs, l, true);
-
if (r < 0)
return -ENOMEM;