From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 4 Sep 2025 01:13:17 +0000 (+0900)
Subject: core/unit: do not load drop-in configs for masked unit files
X-Git-Tag: v258-rc4~18^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2ba0eacc6cf3c2ff94272c100cb713931c768199;p=thirdparty%2Fsystemd.git

core/unit: do not load drop-in configs for masked unit files

Otherwise, ExecXYZ= given by drop-ins may be added to a masked unit,
then commands may be unexpectedly executed. For example, if an ExecStop=
is set in a drop-in for a running unit, then 'systemctl mask --now' for
the unit try to invoke the command specified in ExecStop=.

Fixes #38802.
---

diff --git a/src/core/unit.c b/src/core/unit.c
index 1eb4de64629..7d9e24c5de8 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1422,6 +1422,9 @@ int unit_load_fragment_and_dropin(Unit *u, bool fragment_required) {
         if (r < 0)
                 return r;
 
+        if (u->load_state == UNIT_MASKED)
+                return 0;
+
         if (u->load_state == UNIT_STUB) {
                 if (fragment_required)
                         return -ENOENT;