Merge pull request #1675 from evverx/run-protect-home

systemd-run can launch units with ProtectHome

diff --git a/shell-completion/bash/systemd-run b/shell-completion/bash/systemd-run
index dee47d9dbea0125bac86d8be34c9f78c40e4c5f9..dfcb01231fd7aa8ef61475668c2ec8ec5ba0d4b2 100644 (file)
--- a/shell-completion/bash/systemd-run
+++ b/shell-completion/bash/systemd-run
@@ -86,7 +86,7 @@ _systemd_run() {
                          TTYPath= SyslogIdentifier= SyslogLevelPrefix= SyslogLevel=
                          SyslogFacility= TimerSlackNSec= OOMScoreAdjust= ReadWriteDirectories=
                          ReadOnlyDirectories= InaccessibleDirectories= EnvironmentFile=
-                         ProtectSystem='
+                         ProtectSystem= ProtectHome='
 
             COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
             return 0

diff --git a/shell-completion/zsh/_systemd-run b/shell-completion/zsh/_systemd-run
index 3254d05135766b1028a3b503f993038b9d15f8fa..d4fa39341cb66c765a150781756a5b42819f9ded 100644 (file)
--- a/shell-completion/zsh/_systemd-run
+++ b/shell-completion/zsh/_systemd-run
@@ -39,7 +39,7 @@ _arguments \
                 TTYPath= SyslogIdentifier= SyslogLevelPrefix= SyslogLevel= \
                 SyslogFacility= TimerSlackNSec= OOMScoreAdjust= ReadWriteDirectories= \
                 ReadOnlyDirectories= InaccessibleDirectories= EnvironmentFile= \
-                ProtectSystem= \
+                ProtectSystem= ProtectHome= \
                 ))' \
         '--description=[Description for unit]:description' \
         '--slice=[Run in the specified slice]:slices:__slices' \

diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index af352531a485fbcd3004895f292649db5b9c76a2..6f1e0dc6ac25e259a4c240d16a595d73290c9326 100644 (file)
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -1361,6 +1361,32 @@ int bus_exec_context_set_transient_property(
 
                 return 1;
 
+        } else if (streq(name, "ProtectHome")) {
+                const char *s;
+                ProtectHome ph;
+
+                r = sd_bus_message_read(message, "s", &s);
+                if (r < 0)
+                        return r;
+
+                r = parse_boolean(s);
+                if (r > 0)
+                        ph = PROTECT_HOME_YES;
+                else if (r == 0)
+                        ph = PROTECT_HOME_NO;
+                else {
+                        ph = protect_home_from_string(s);
+                        if (ph < 0)
+                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Failed to parse protect home value");
+                }
+
+                if (mode != UNIT_CHECK) {
+                        c->protect_home = ph;
+                        unit_write_drop_in_private_format(u, mode, name, "%s=%s\n", name, s);
+                }
+
+                return 1;
+
         } else if (rlimit_from_string(name) >= 0) {
                 uint64_t rl;
                 rlim_t x;

diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c
index fdb6fced021039d82c14c789865dd670a7ab9f1a..604b8f248a2b3f089806ddc403fe4d3ec83ac61b 100644 (file)
--- a/src/shared/bus-util.c
+++ b/src/shared/bus-util.c
@@ -1509,7 +1509,8 @@ int bus_append_unit_property_assignment(sd_bus_message *m, const char *assignmen
                               "UtmpIdentifier", "UtmpMode", "PAMName", "TTYPath",
                               "StandardInput", "StandardOutput", "StandardError",
                               "Description", "Slice", "Type", "WorkingDirectory",
-                              "RootDirectory", "SyslogIdentifier", "ProtectSystem"))
+                              "RootDirectory", "SyslogIdentifier", "ProtectSystem",
+                              "ProtectHome"))
                 r = sd_bus_message_append(m, "v", "s", eq);
 
         else if (streq(field, "SyslogLevel")) {