We have two very similar checks in place: in some contexts we want to
know if *any* RootDirectory= is configured, in the other we want to
suppress if it is configured to our regular root. Let's add a helper for
both (even if we only need it once), to make the mirrored behaviour
clear.
context->bind_log_sockets > 0 ||
context->n_bind_mounts > 0 ||
context->n_temporary_filesystems > 0 ||
- context->root_directory ||
- context->root_directory_as_fd ||
+ exec_context_with_rootfs_strict(context) ||
!strv_isempty(context->extension_directories) ||
- context->root_image ||
context->n_mount_images > 0 ||
context->n_extension_images > 0 ||
context->protect_system != PROTECT_SYSTEM_NO ||
return !empty_or_root(c->root_directory) || c->root_image || c->root_directory_as_fd;
}
+bool exec_context_with_rootfs_strict(const ExecContext *c) {
+ assert(c);
+
+ /* just like exec_context_with_rootfs(), but doesn't suppress a root directory of "/", i.e. returns
+ * true in more cases: when a root directory is explicitly configured, even if it's our usual
+ * root. */
+
+ return c->root_directory || c->root_image || c->root_directory_as_fd;
+}
+
int exec_context_has_vpicked_extensions(const ExecContext *context) {
int r;
bool exec_context_restrict_namespaces_set(const ExecContext *c);
bool exec_context_restrict_filesystems_set(const ExecContext *c);
bool exec_context_with_rootfs(const ExecContext *c);
+bool exec_context_with_rootfs_strict(const ExecContext *c);
int exec_context_has_vpicked_extensions(const ExecContext *context);
projects / thirdparty / systemd.git / commitdiff
