From: Mike Yuan Date: Thu, 25 Apr 2024 17:44:15 +0000 (+0800) Subject: core/execute: switch mount_apivfs to tristate X-Git-Tag: v256-rc2~181^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0afd4d214fcb0e59340828f9e927a3f4a6b2afed;p=thirdparty%2Fsystemd.git core/execute: switch mount_apivfs to tristate No functional change, just refactoring. --- diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c index b3cea73c434..e907aa67aff 100644 --- a/src/core/dbus-execute.c +++ b/src/core/dbus-execute.c @@ -1744,6 +1744,9 @@ int bus_exec_context_set_transient_property( if (streq(name, "PrivateMounts")) return bus_set_transient_tristate(u, name, &c->private_mounts, message, flags, error); + if (streq(name, "MountAPIVFS")) + return bus_set_transient_tristate(u, name, &c->mount_apivfs, message, flags, error); + if (streq(name, "PrivateNetwork")) return bus_set_transient_bool(u, name, &c->private_network, message, flags, error); @@ -2711,20 +2714,6 @@ int bus_exec_context_set_transient_property( return 1; - } else if (streq(name, "MountAPIVFS")) { - bool b; - - r = bus_set_transient_bool(u, name, &b, message, flags, error); - if (r < 0) - return r; - - if (!UNIT_WRITE_FLAGS_NOOP(flags)) { - c->mount_apivfs = b; - c->mount_apivfs_set = true; - } - - return 1; - } else if (streq(name, "WorkingDirectory")) { _cleanup_free_ char *simplified = NULL; bool missing_ok, is_home; diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c index 2873563c0bc..0492bfba93b 100644 --- a/src/core/exec-invoke.c +++ b/src/core/exec-invoke.c @@ -3861,7 +3861,7 @@ static bool exec_context_need_unprivileged_private_users( context->private_ipc || context->ipc_namespace_path || context->private_mounts > 0 || - context->mount_apivfs || + context->mount_apivfs > 0 || context->n_bind_mounts > 0 || context->n_temporary_filesystems > 0 || context->root_directory || diff --git a/src/core/execute-serialize.c b/src/core/execute-serialize.c index 7de2066c970..ecd1e70db67 100644 --- a/src/core/execute-serialize.c +++ b/src/core/execute-serialize.c @@ -1832,6 +1832,10 @@ static int exec_context_serialize(const ExecContext *c, FILE *f) { if (r < 0) return r; + r = serialize_item_tristate(f, "exec-context-mount-api-vfs", c->mount_apivfs); + if (r < 0) + return r; + r = serialize_item_tristate(f, "exec-context-memory-ksm", c->memory_ksm); if (r < 0) return r; @@ -1888,12 +1892,6 @@ static int exec_context_serialize(const ExecContext *c, FILE *f) { if (r < 0) return r; - if (c->mount_apivfs_set) { - r = serialize_bool(f, "exec-context-mount-api-vfs", c->mount_apivfs); - if (r < 0) - return r; - } - r = serialize_bool_elide(f, "exec-context-same-pgrp", c->same_pgrp); if (r < 0) return r; @@ -2713,6 +2711,10 @@ static int exec_context_deserialize(ExecContext *c, FILE *f) { r = safe_atoi(val, &c->private_mounts); if (r < 0) return r; + } else if ((val = startswith(l, "exec-context-mount-api-vfs="))) { + r = safe_atoi(val, &c->mount_apivfs); + if (r < 0) + return r; } else if ((val = startswith(l, "exec-context-memory-ksm="))) { r = safe_atoi(val, &c->memory_ksm); if (r < 0) @@ -2780,12 +2782,6 @@ static int exec_context_deserialize(ExecContext *c, FILE *f) { c->protect_system = protect_system_from_string(val); if (c->protect_system < 0) return -EINVAL; - } else if ((val = startswith(l, "exec-context-mount-api-vfs="))) { - r = parse_boolean(val); - if (r < 0) - return r; - c->mount_apivfs = r; - c->mount_apivfs_set = true; } else if ((val = startswith(l, "exec-context-same-pgrp="))) { r = parse_boolean(val); if (r < 0) diff --git a/src/core/execute.c b/src/core/execute.c index 05a7f907a9b..80d5b30720b 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -504,6 +504,7 @@ void exec_context_init(ExecContext *c) { .tty_rows = UINT_MAX, .tty_cols = UINT_MAX, .private_mounts = -1, + .mount_apivfs = -1, .memory_ksm = -1, .set_login_environment = -1, }; @@ -1440,8 +1441,8 @@ bool exec_context_get_effective_mount_apivfs(const ExecContext *c) { assert(c); /* Explicit setting wins */ - if (c->mount_apivfs_set) - return c->mount_apivfs; + if (c->mount_apivfs >= 0) + return c->mount_apivfs > 0; /* Default to "yes" if root directory or image are specified */ if (exec_context_with_rootfs(c)) diff --git a/src/core/execute.h b/src/core/execute.h index 0719d3904a8..77ca1901e7e 100644 --- a/src/core/execute.h +++ b/src/core/execute.h @@ -200,7 +200,6 @@ struct ExecContext { bool nice_set:1; bool ioprio_set:1; bool cpu_sched_set:1; - bool mount_apivfs_set:1; /* This is not exposed to the user but available internally. We need it to make sure that whenever we * spawn /usr/bin/mount it is run in the same process group as us so that the autofs logic detects @@ -313,6 +312,7 @@ struct ExecContext { ProcSubset proc_subset; /* subset= */ int private_mounts; + int mount_apivfs; int memory_ksm; bool private_tmp; bool private_network; @@ -327,7 +327,6 @@ struct ExecContext { ProtectSystem protect_system; ProtectHome protect_home; bool protect_hostname; - bool mount_apivfs; bool dynamic_user; bool remove_ipc; diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in index 27aa27b55a9..5c75dcb155f 100644 --- a/src/core/load-fragment-gperf.gperf.in +++ b/src/core/load-fragment-gperf.gperf.in @@ -136,7 +136,7 @@ {{type}}.ProtectSystem, config_parse_protect_system, 0, offsetof({{type}}, exec_context.protect_system) {{type}}.ProtectHome, config_parse_protect_home, 0, offsetof({{type}}, exec_context.protect_home) {{type}}.MountFlags, config_parse_exec_mount_propagation_flag, 0, offsetof({{type}}, exec_context.mount_propagation_flag) -{{type}}.MountAPIVFS, config_parse_exec_mount_apivfs, 0, offsetof({{type}}, exec_context) +{{type}}.MountAPIVFS, config_parse_tristate, 0, offsetof({{type}}, exec_context.mount_apivfs) {{type}}.Personality, config_parse_personality, 0, offsetof({{type}}, exec_context.personality) {{type}}.RuntimeDirectoryPreserve, config_parse_exec_preserve_mode, 0, offsetof({{type}}, exec_context.runtime_directory_preserve_mode) {{type}}.RuntimeDirectoryMode, config_parse_mode, 0, offsetof({{type}}, exec_context.directories[EXEC_DIRECTORY_RUNTIME].mode) diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index 6d19715e792..d1bcdfe24e0 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -1496,43 +1496,6 @@ int config_parse_exec_cpu_sched_policy(const char *unit, return 0; } -int config_parse_exec_mount_apivfs(const char *unit, - const char *filename, - unsigned line, - const char *section, - unsigned section_line, - const char *lvalue, - int ltype, - const char *rvalue, - void *data, - void *userdata) { - - ExecContext *c = ASSERT_PTR(data); - int k; - - assert(filename); - assert(lvalue); - assert(rvalue); - - if (isempty(rvalue)) { - c->mount_apivfs_set = false; - c->mount_apivfs = false; - return 0; - } - - k = parse_boolean(rvalue); - if (k < 0) { - log_syntax(unit, LOG_WARNING, filename, line, k, - "Failed to parse boolean value, ignoring: %s", - rvalue); - return 0; - } - - c->mount_apivfs_set = true; - c->mount_apivfs = k; - return 0; -} - int config_parse_numa_mask(const char *unit, const char *filename, unsigned line,