From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 30 Apr 2025 14:27:59 +0000 (+0900)
Subject: user-record: introduce USERDB_MATCH_ROOT_AND_SYSTEM
X-Git-Tag: v258-rc1~657^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6377f40d265537fdcf90bb4c290e9e2133efb22e;p=thirdparty%2Fsystemd.git

user-record: introduce USERDB_MATCH_ROOT_AND_SYSTEM

It may be useful when we want to resolve root and system user/group
but want to refuse nobody user/group.
---

diff --git a/src/shared/user-record.h b/src/shared/user-record.h
index 246d02f062d..32c8e38d04b 100644
--- a/src/shared/user-record.h
+++ b/src/shared/user-record.h
@@ -7,6 +7,7 @@
 #include "sd-id128.h"
 #include "sd-json.h"
 
+#include "bitfield.h"
 #include "hashmap.h"
 #include "rlimit-util.h"
 #include "strv.h"
@@ -527,12 +528,21 @@ typedef struct UserDBMatch {
 #define USER_DISPOSITION_MASK_ALL ((UINT64_C(1) << _USER_DISPOSITION_MAX) - UINT64_C(1))
 
 #define USERDB_MATCH_NULL                                       \
-        (UserDBMatch) {                                         \
+        (const UserDBMatch) {                                   \
                 .disposition_mask = USER_DISPOSITION_MASK_ALL,  \
                 .uid_min = 0,                                   \
                 .uid_max = UID_INVALID-1,                       \
        }
 
+/* Maybe useful when we want to resolve root and system user/group but want to refuse nobody user/group. */
+#define USERDB_MATCH_ROOT_AND_SYSTEM                            \
+        (const UserDBMatch) {                                   \
+                .disposition_mask =                             \
+                        INDEXES_TO_MASK(uint64_t, USER_INTRINSIC, USER_SYSTEM), \
+                .uid_min = 0,                                   \
+                .uid_max = UID_NOBODY - 1,                      \
+       }
+
 static inline bool userdb_match_is_set(const UserDBMatch *match) {
         if (!match)
                 return false;