load-fragment: allow to specify RestrictNamespaces= multiple times

If multiple RestrictNamespaces= settings are set, then merge the settings.
This also drops supporting "~yes" and "~no".

diff --git a/src/core/execute.c b/src/core/execute.c
index a910eb89a309d36b29ec4d65105a6c1bd9752573..87909c07e94ae3c5db7e5c872e8fd2cfed55bf8d 100644 (file)
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -3562,7 +3562,8 @@ void exec_context_init(ExecContext *c) {
         for (i = 0; i < _EXEC_DIRECTORY_TYPE_MAX; i++)
                 c->directories[i].mode = 0755;
         c->capability_bounding_set = CAP_ALL;
-        c->restrict_namespaces = NAMESPACE_FLAGS_ALL;
+        assert_cc(NAMESPACE_FLAGS_INITIAL != NAMESPACE_FLAGS_ALL);
+        c->restrict_namespaces = NAMESPACE_FLAGS_INITIAL;
         c->log_level_max = -1;
 }
 

diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index dc9914b2769a44ae63025a0e271f86e3366f7f9d..dd8d1874fd22eeedf5e6ef56a16078f8f91c6e44 100644 (file)
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -3123,11 +3123,22 @@ int config_parse_restrict_namespaces(
                 void *userdata) {
 
         ExecContext *c = data;
+        unsigned long flags;
         bool invert = false;
         int r;
 
         if (isempty(rvalue)) {
                 /* Reset to the default. */
+                c->restrict_namespaces = NAMESPACE_FLAGS_INITIAL;
+                return 0;
+        }
+
+        /* Boolean parameter ignores the previous settings */
+        r = parse_boolean(rvalue);
+        if (r > 0) {
+                c->restrict_namespaces = 0;
+                return 0;
+        } else if (r == 0) {
                 c->restrict_namespaces = NAMESPACE_FLAGS_ALL;
                 return 0;
         }
@@ -3137,23 +3148,19 @@ int config_parse_restrict_namespaces(
                 rvalue++;
         }
 
-        r = parse_boolean(rvalue);
-        if (r > 0)
-                c->restrict_namespaces = 0;
-        else if (r == 0)
-                c->restrict_namespaces = NAMESPACE_FLAGS_ALL;
-        else {
-                /* Not a boolean argument, in this case it's a list of namespace types. */
-
-                r = namespace_flags_from_string(rvalue, &c->restrict_namespaces);
-                if (r < 0) {
-                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse namespace type string, ignoring: %s", rvalue);
-                        return 0;
-                }
+        /* Not a boolean argument, in this case it's a list of namespace types. */
+        r = namespace_flags_from_string(rvalue, &flags);
+        if (r < 0) {
+                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse namespace type string, ignoring: %s", rvalue);
+                return 0;
         }
 
-        if (invert)
-                c->restrict_namespaces = (~c->restrict_namespaces) & NAMESPACE_FLAGS_ALL;
+        if (c->restrict_namespaces == NAMESPACE_FLAGS_INITIAL)
+                /* Initial assignment. Just set the value. */
+                c->restrict_namespaces = invert ? (~flags) & NAMESPACE_FLAGS_ALL : flags;
+        else
+                /* Merge the value with the previous one. */
+                SET_FLAG(c->restrict_namespaces, flags, !invert);
 
         return 0;
 }

diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
index 1a375ac88bd7f26a6b7694a5dcad1889ce3d8733..253ac80b87512b854bacf78e8f406abe3e5d0b6f 100644 (file)
--- a/src/shared/bus-unit-util.c
+++ b/src/shared/bus-unit-util.c
@@ -1003,12 +1003,7 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con
 
         if (streq(field, "RestrictNamespaces")) {
                 bool invert = false;
-                unsigned long flags = 0;
-
-                if (eq[0] == '~') {
-                        invert = true;
-                        eq++;
-                }
+                unsigned long flags;
 
                 r = parse_boolean(eq);
                 if (r > 0)
@@ -1016,6 +1011,11 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con
                 else if (r == 0)
                         flags = NAMESPACE_FLAGS_ALL;
                 else {
+                        if (eq[0] == '~') {
+                                invert = true;
+                                eq++;
+                        }
+
                         r = namespace_flags_from_string(eq, &flags);
                         if (r < 0)
                                 return log_error_errno(r, "Failed to parse %s value %s.", field, eq);

diff --git a/src/shared/nsflags.h b/src/shared/nsflags.h
index d3ed5c38575a865ade538548f3bdc9fc6dd7ffde..2133a6c1be920c38f474eaab5f2919946d215135 100644 (file)
--- a/src/shared/nsflags.h
+++ b/src/shared/nsflags.h
@@ -24,6 +24,8 @@
                           CLONE_NEWUSER|                                \
                           CLONE_NEWUTS))
 
+#define NAMESPACE_FLAGS_INITIAL  ((unsigned long) -1)
+
 int namespace_flags_from_string(const char *name, unsigned long *ret);
 int namespace_flags_to_string(unsigned long flags, char **ret);