#include <sys/prctl.h>
-#ifdef HAVE_SECCOMP
+#if HAVE_SECCOMP
#include <seccomp.h>
#endif
#include "path-util.h"
#include "process-util.h"
#include "rlimit-util.h"
-#ifdef HAVE_SECCOMP
+#if HAVE_SECCOMP
#include "seccomp-util.h"
#endif
#include "securebits-util.h"
#include "utf8.h"
BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_exec_output, exec_output, ExecOutput);
-
static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_input, exec_input, ExecInput);
static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_utmp_mode, exec_utmp_mode, ExecUtmpMode);
-
static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_preserve_mode, exec_preserve_mode, ExecPreserveMode);
+static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_keyring_mode, exec_keyring_mode, ExecKeyringMode);
static BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_protect_home, protect_home, ProtectHome);
static BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_protect_system, protect_system, ProtectSystem);
_cleanup_strv_free_ char **l = NULL;
int r;
-#ifdef HAVE_SECCOMP
+#if HAVE_SECCOMP
Iterator i;
void *id;
#endif
if (r < 0)
return r;
-#ifdef HAVE_SECCOMP
+#if HAVE_SECCOMP
SET_FOREACH(id, c->syscall_filter, i) {
char *name;
_cleanup_strv_free_ char **l = NULL;
int r;
-#ifdef HAVE_SECCOMP
+#if HAVE_SECCOMP
Iterator i;
void *id;
#endif
assert(reply);
assert(c);
-#ifdef HAVE_SECCOMP
+#if HAVE_SECCOMP
SET_FOREACH(id, c->syscall_archs, i) {
const char *name;
SD_BUS_PROPERTY("Environment", "as", NULL, offsetof(ExecContext, environment), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("EnvironmentFiles", "a(sb)", property_get_environment_files, 0, SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("PassEnvironment", "as", NULL, offsetof(ExecContext, pass_environment), SD_BUS_VTABLE_PROPERTY_CONST),
+ SD_BUS_PROPERTY("UnsetEnvironment", "as", NULL, offsetof(ExecContext, unset_environment), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("UMask", "u", bus_property_get_mode, offsetof(ExecContext, umask), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("LimitCPU", "t", bus_property_get_rlimit, offsetof(ExecContext, rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("LimitCPUSoft", "t", bus_property_get_rlimit, offsetof(ExecContext, rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("SystemCallArchitectures", "as", property_get_syscall_archs, 0, SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("SystemCallErrorNumber", "i", property_get_syscall_errno, 0, SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("Personality", "s", property_get_personality, 0, SD_BUS_VTABLE_PROPERTY_CONST),
+ SD_BUS_PROPERTY("LockPersonality", "b", bus_property_get_bool, offsetof(ExecContext, lock_personality), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("RestrictAddressFamilies", "(bas)", property_get_address_families, 0, SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("RuntimeDirectoryPreserve", "s", property_get_exec_preserve_mode, offsetof(ExecContext, runtime_directory_preserve_mode), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("RuntimeDirectoryMode", "u", bus_property_get_mode, offsetof(ExecContext, directories[EXEC_DIRECTORY_RUNTIME].mode), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("BindPaths", "a(ssbt)", property_get_bind_paths, 0, SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("BindReadOnlyPaths", "a(ssbt)", property_get_bind_paths, 0, SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("MountAPIVFS", "b", bus_property_get_bool, offsetof(ExecContext, mount_apivfs), SD_BUS_VTABLE_PROPERTY_CONST),
+ SD_BUS_PROPERTY("KeyringMode", "s", property_get_exec_keyring_mode, offsetof(ExecContext, keyring_mode), SD_BUS_VTABLE_PROPERTY_CONST),
/* Obsolete/redundant properties: */
SD_BUS_PROPERTY("Capabilities", "s", property_get_empty_string, 0, SD_BUS_VTABLE_PROPERTY_CONST|SD_BUS_VTABLE_HIDDEN),
return r;
r = sd_bus_message_append(reply, "bttttuii",
- c->ignore,
+ !!(c->flags & EXEC_COMMAND_IGNORE_FAILURE),
c->exec_status.start_timestamp.realtime,
c->exec_status.start_timestamp.monotonic,
c->exec_status.exit_timestamp.realtime,
return 1;
-#ifdef HAVE_SECCOMP
+#if HAVE_SECCOMP
} else if (streq(name, "SystemCallFilter")) {
int whitelist;
"NoNewPrivileges", "SyslogLevelPrefix", "MemoryDenyWriteExecute",
"RestrictRealtime", "DynamicUser", "RemoveIPC", "ProtectKernelTunables",
"ProtectKernelModules", "ProtectControlGroups", "MountAPIVFS",
- "CPUSchedulingResetOnFork", "NonBlocking")) {
+ "CPUSchedulingResetOnFork", "NonBlocking", "LockPersonality")) {
int b;
r = sd_bus_message_read(message, "b", &b);
c->cpu_sched_reset_on_fork = b;
else if (streq(name, "NonBlocking"))
c->non_blocking = b;
+ else if (streq(name, "LockPersonality"))
+ c->lock_personality = b;
unit_write_drop_in_private_format(u, mode, name, "%s=%s", name, yes_no(b));
}
if (r < 0)
return r;
- if (!strv_env_is_valid(l))
- return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid environment block.");
-
r = unit_full_printf_strv(u, l, &q);
if (r < 0)
return r;
+ if (!strv_env_is_valid(q))
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid environment block.");
+
if (mode != UNIT_CHECK) {
if (strv_length(q) == 0) {
c->environment = strv_free(c->environment);
c->environment = e;
/* We write just the new settings out to file, with unresolved specifiers */
- joined = strv_join_quoted(q);
+ joined = strv_join_quoted(l);
if (!joined)
return -ENOMEM;
return 1;
+ } else if (streq(name, "UnsetEnvironment")) {
+
+ _cleanup_strv_free_ char **l = NULL, **q = NULL;
+
+ r = sd_bus_message_read_strv(message, &l);
+ if (r < 0)
+ return r;
+
+ r = unit_full_printf_strv(u, l, &q);
+ if (r < 0)
+ return r;
+
+ if (!strv_env_name_or_assignment_is_valid(q))
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid UnsetEnvironment= list.");
+
+ if (mode != UNIT_CHECK) {
+ if (strv_length(q) == 0) {
+ c->unset_environment = strv_free(c->unset_environment);
+ unit_write_drop_in_private_format(u, mode, name, "UnsetEnvironment=");
+ } else {
+ _cleanup_free_ char *joined = NULL;
+ char **e;
+
+ e = strv_env_merge(2, c->unset_environment, q);
+ if (!e)
+ return -ENOMEM;
+
+ strv_free(c->unset_environment);
+ c->unset_environment = e;
+
+ /* We write just the new settings out to file, with unresolved specifiers */
+ joined = strv_join_quoted(l);
+ if (!joined)
+ return -ENOMEM;
+
+ unit_write_drop_in_private_format(u, mode, name, "UnsetEnvironment=%s", joined);
+ }
+ }
+
+ return 1;
+
} else if (streq(name, "TimerSlackNSec")) {
nsec_t n;
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path %s is not absolute.", path);
if (mode != UNIT_CHECK) {
- char *buf = NULL;
+ char *buf;
buf = strjoin(b ? "-" : "", path);
if (!buf)
} else if (streq(name, "PassEnvironment")) {
- _cleanup_strv_free_ char **l = NULL;
+ _cleanup_strv_free_ char **l = NULL, **q = NULL;
r = sd_bus_message_read_strv(message, &l);
if (r < 0)
return r;
- if (!strv_env_name_is_valid(l))
- return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid PassEnvironment block.");
+ r = unit_full_printf_strv(u, l, &q);
+ if (r < 0)
+ return r;
+
+ if (!strv_env_name_is_valid(q))
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid PassEnvironment= block.");
if (mode != UNIT_CHECK) {
if (strv_isempty(l)) {
} else {
_cleanup_free_ char *joined = NULL;
- r = strv_extend_strv(&c->pass_environment, l, true);
+ r = strv_extend_strv(&c->pass_environment, q, true);
if (r < 0)
return r;
- joined = strv_join_quoted(c->pass_environment);
+ /* We write just the new settings out to file, with unresolved specifiers. */
+ joined = strv_join_quoted(l);
if (!joined)
return -ENOMEM;
return 1;
+ } else if (streq(name, "KeyringMode")) {
+
+ const char *s;
+ ExecKeyringMode m;
+
+ r = sd_bus_message_read(message, "s", &s);
+ if (r < 0)
+ return r;
+
+ m = exec_keyring_mode_from_string(s);
+ if (m < 0)
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid keyring mode");
+
+ if (mode != UNIT_CHECK) {
+ c->keyring_mode = m;
+
+ unit_write_drop_in_private_format(u, mode, name, "KeyringMode=%s", exec_keyring_mode_to_string(m));
+ }
+
+ return 1;
+
} else if (streq(name, "RuntimeDirectoryPreserve")) {
const char *s;
ExecPreserveMode m;
if (streq(name, "UMask"))
c->umask = m;
else
- for (i = 0; i < _EXEC_DIRECTORY_MAX; i++)
+ for (i = 0; i < _EXEC_DIRECTORY_TYPE_MAX; i++)
if (startswith(name, exec_directory_type_to_string(i))) {
c->directories[i].mode = m;
break;
return r;
STRV_FOREACH(p, l) {
- if (!filename_is_valid(*p))
- return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s is not valid %s", name, *p);
+ if (!path_is_safe(*p) || path_is_absolute(*p))
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= path is not valid: %s", name, *p);
}
if (mode != UNIT_CHECK) {
char ***dirs = NULL;
ExecDirectoryType i;
- for (i = 0; i < _EXEC_DIRECTORY_MAX; i++)
+ for (i = 0; i < _EXEC_DIRECTORY_TYPE_MAX; i++)
if (streq(name, exec_directory_type_to_string(i))) {
dirs = &c->directories[i].paths;
break;
unit_write_drop_in_private_format(u, mode, name, "%s=", name);
} else {
r = strv_extend_strv(dirs, l, true);
-
if (r < 0)
return -ENOMEM;