git.ipfire.org Git - thirdparty/systemd.git/commit

author	Mike Yuan <me@yhndnzj.com>
	Sun, 4 Feb 2024 15:22:46 +0000 (23:22 +0800)
committer	Mike Yuan <me@yhndnzj.com>
	Tue, 6 Feb 2024 16:43:33 +0000 (00:43 +0800)
commit	cfbf7538d87023840c5574fa5b0452e5b0f42149
tree	00e260c107bc67e7e83d02278aa642186128f32d	tree \| snapshot
parent	1221ba0f6f2438035a601ef55cb651bb030456f1	commit \| diff

core: reuse credential dir across start and start-post if populated,
fresh otherwise

Currently, exec_setup_credential() always rewrite all credentials
upon exec_invoke(), i.e. invocation of each ExecCommand, and within
a single tmpfs instance. This is problematic though:

* When writing each tmp cred file, we essentially double the size
  of the credential. Therefore, if one cred is bigger than half
  of CREDENTIALS_TOTAL_SIZE_MAX, confusing ENOSPC occurs (see also
  https://github.com/systemd/systemd/pull/24734#issuecomment-1925440546)

* Credential is a unit-wide thing and thus should not change
  during the whole lifetime of main process. However, if e.g.
  a on-disk credential or SetCredential= in unit file
  changes between ExecStart= and ExecStartPost=,
  the credentials are overwritten when the latter gets to run,
  and the already-running main process is suddenly seeing
  completely different creds.

So, let's try to reuse final cred dir if the main process has started
and the tmpfs has been populated, so that the creds used is stable
across all ExecStart= and ExecStartPost=-s. We still want to retain
the ability of updating creds through ExecStartPre= though, therefore
we forcibly use a fresh cred dir for those. 'Fresh' means to actually
unmount the old tmpfs first, so the first problem goes away, too.

src/core/exec-credential.c		diff \| blob \| blame \| history
src/core/execute.h		diff \| blob \| blame \| history
src/core/service.c		diff \| blob \| blame \| history
test/units/testsuite-54.sh		diff \| blob \| blame \| history