Features:
+* replace all uses of fgets() + LINE_MAX by read_line()
+
+ * fix logging in execute.c: extend log.c to have an optional mode where
+ log_open() is implicitly done before each log line and log_close() right
+ after. This way we don't have open fds around but logs will still
+ work. Because it is slow this mode should used exclusively in the execute.c
+ case.
+
+ * set IPAddressDeny=any on all services that shouldn't do networking (possibly
+ combined with IPAddressAllow=localhost).
+
* dissect: when we discover squashfs, don't claim we had a "writable" partition
in systemd-dissect
return 0;
}
-void unit_set_exec_params(Unit *s, ExecParameters *p) {
- CGroupContext *c;
-
- assert(s);
- assert(s);
-
- p->cgroup_path = s->cgroup_path;
+void unit_set_exec_params(Unit *u, ExecParameters *p) {
+ assert(u);
+ assert(p);
- c = unit_get_cgroup_context(s);
- SET_FLAG(p->flags, EXEC_CGROUP_DELEGATE, c && c->delegate);
+ p->cgroup_path = u->cgroup_path;
+ SET_FLAG(p->flags, EXEC_CGROUP_DELEGATE, unit_cgroup_delegate(u));
}
+
+ int unit_fork_helper_process(Unit *u, pid_t *ret) {
+ pid_t pid;
+ int r;
+
+ assert(u);
+ assert(ret);
+
+ /* Forks off a helper process and makes sure it is a member of the unit's cgroup. Returns == 0 in the child,
+ * and > 0 in the parent. The pid parameter is always filled in with the child's PID. */
+
+ (void) unit_realize_cgroup(u);
+
+ pid = fork();
+ if (pid < 0)
+ return -errno;
+
+ if (pid == 0) {
+
+ (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
+ (void) ignore_signals(SIGPIPE, -1);
+
+ log_close();
+ log_open();
+
+ if (u->cgroup_path) {
+ r = cg_attach_everywhere(u->manager->cgroup_supported, u->cgroup_path, 0, NULL, NULL);
+ if (r < 0) {
+ log_unit_error_errno(u, r, "Failed to join unit cgroup %s: %m", u->cgroup_path);
+ _exit(EXIT_CGROUP);
+ }
+ }
+
+ *ret = getpid_cached();
+ return 0;
+ }
+
+ *ret = pid;
+ return 1;
+ }
projects / thirdparty / systemd.git / commitdiff
