if (!c->working_directory_home)
return 0;
+ if (c->dynamic_user)
+ return -EADDRNOTAVAIL;
+
r = get_home_dir(ret_buf);
if (r < 0)
return r;
return 0;
}
+static int unit_verify_contexts(const Unit *u, const ExecContext *ec) {
+ assert(u);
+
+ if (!ec)
+ return 0;
+
+ if (MANAGER_IS_USER(u->manager) && ec->dynamic_user)
+ return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOEXEC), "DynamicUser= enabled for user unit, which is not supported. Refusing.");
+
+ if (ec->dynamic_user && ec->working_directory_home)
+ return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOEXEC), "WorkingDirectory=~ is not allowed under DynamicUser=yes. Refusing.");
+
+ return 0;
+}
+
int unit_patch_contexts(Unit *u) {
CGroupContext *cc;
ExecContext *ec;
}
}
- return 0;
+ return unit_verify_contexts(u, ec);
}
ExecContext *unit_get_exec_context(const Unit *u) {
}
static void test_exec_dynamicuser(Manager *m) {
+ if (MANAGER_IS_USER(m)) {
+ log_notice("Skipping %s for user manager", __func__);
+ return;
+ }
+
_cleanup_free_ char *bad = private_directory_bad(m);
if (bad) {
log_warning("%s: %s has bad permissions, skipping test.", __func__, bad);
return;
}
- int status = can_unshare ? 0 : MANAGER_IS_SYSTEM(m) ? EXIT_NAMESPACE : EXIT_GROUP;
+ int status = can_unshare ? 0 : EXIT_NAMESPACE;
test(m, "exec-dynamicuser-fixeduser.service", status, CLD_EXITED);
if (check_user_has_group_with_same_name("adm"))
projects / thirdparty / systemd.git / commitdiff
