From: Mike Yuan Date: Thu, 11 Dec 2025 15:26:34 +0000 (+0100) Subject: core/execute-serialize: do not gracefully skip unknown image policies in executor X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cc317bb82f923d9681a682ea2a7df5254b64128b;p=thirdparty%2Fsystemd.git core/execute-serialize: do not gracefully skip unknown image policies in executor Follow-up for 7c0afcdde22d3d94fd23bfd0e473c263aaf54e8a Addresses https://github.com/systemd/systemd/pull/40060#issuecomment-3641288267 As commented, the unknown values should have been filtered out in pid1's initial parsing already, and the communication between pid1 and executor is entirely internal which makes the graceful practice counterproductive. --- diff --git a/src/core/execute-serialize.c b/src/core/execute-serialize.c index bed2776889a..9671899796f 100644 --- a/src/core/execute-serialize.c +++ b/src/core/execute-serialize.c @@ -3740,21 +3740,21 @@ static int exec_context_deserialize(ExecContext *c, FILE *f) { if (c->root_image_policy) return -EINVAL; /* duplicated */ - r = image_policy_from_string(val, /* graceful= */ true, &c->root_image_policy); + r = image_policy_from_string(val, /* graceful= */ false, &c->root_image_policy); if (r < 0) return r; } else if ((val = startswith(l, "exec-context-mount-image-policy="))) { if (c->mount_image_policy) return -EINVAL; /* duplicated */ - r = image_policy_from_string(val, /* graceful= */ true, &c->mount_image_policy); + r = image_policy_from_string(val, /* graceful= */ false, &c->mount_image_policy); if (r < 0) return r; } else if ((val = startswith(l, "exec-context-extension-image-policy="))) { if (c->extension_image_policy) return -EINVAL; /* duplicated */ - r = image_policy_from_string(val, /* graceful= */ true, &c->extension_image_policy); + r = image_policy_from_string(val, /* graceful= */ false, &c->extension_image_policy); if (r < 0) return r; } else