From: Lennart Poettering Date: Tue, 1 Aug 2017 08:43:04 +0000 (+0200) Subject: execute: also control the SYSTEMD_NSS_BYPASS_BUS through an ExecFlags field X-Git-Tag: v235~237^2~13 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ac6479781e0ceae33d32f3040dbbaea797884089;p=thirdparty%2Fsystemd.git execute: also control the SYSTEMD_NSS_BYPASS_BUS through an ExecFlags field Also, correct the logic while we are at it: the variable is only required for system services, not user services. --- diff --git a/src/core/execute.c b/src/core/execute.c index 2453cb298c8..9498ebe0987 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -1536,7 +1536,7 @@ static int build_environment( /* If this is D-Bus, tell the nss-systemd module, since it relies on being able to use D-Bus look up dynamic * users via PID 1, possibly dead-locking the dbus daemon. This way it will not use D-Bus to resolve names, but * check the database directly. */ - if (unit_has_name(u, SPECIAL_DBUS_SERVICE)) { + if (p->flags & EXEC_NSS_BYPASS_BUS) { x = strdup("SYSTEMD_NSS_BYPASS_BUS=1"); if (!x) return -ENOMEM; diff --git a/src/core/execute.h b/src/core/execute.h index 1560aff7fd0..14a3bdde1f5 100644 --- a/src/core/execute.h +++ b/src/core/execute.h @@ -261,12 +261,13 @@ typedef enum ExecFlags { EXEC_NEW_KEYRING = 1U << 3, EXEC_PASS_LOG_UNIT = 1U << 4, /* Whether to pass the unit name to the service's journal stream connection */ EXEC_CHOWN_DIRECTORIES = 1U << 5, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */ + EXEC_NSS_BYPASS_BUS = 1U << 6, /* Set the SYSTEMD_NSS_BYPASS_BUS environment variable, to disable nss-systemd for dbus */ /* The following are not used by execute.c, but by consumers internally */ - EXEC_PASS_FDS = 1U << 6, - EXEC_IS_CONTROL = 1U << 7, - EXEC_SETENV_RESULT = 1U << 8, - EXEC_SET_WATCHDOG = 1U << 9, + EXEC_PASS_FDS = 1U << 7, + EXEC_IS_CONTROL = 1U << 8, + EXEC_SETENV_RESULT = 1U << 9, + EXEC_SET_WATCHDOG = 1U << 10, } ExecFlags; struct ExecParameters { diff --git a/src/core/service.c b/src/core/service.c index 04ec3ac90eb..01cc0a5d2a3 100644 --- a/src/core/service.c +++ b/src/core/service.c @@ -1360,6 +1360,11 @@ static int service_spawn( /* System services should get a new keyring by default. */ SET_FLAG(exec_params.flags, EXEC_NEW_KEYRING, MANAGER_IS_SYSTEM(UNIT(s)->manager)); + + /* System D-Bus needs nss-systemd disabled, so that we don't deadlock */ + SET_FLAG(exec_params.flags, EXEC_NSS_BYPASS_BUS, + MANAGER_IS_SYSTEM(UNIT(s)->manager) && unit_has_name(UNIT(s), SPECIAL_DBUS_SERVICE)); + exec_params.argv = c->argv; exec_params.environment = final_env; exec_params.fds = fds;