From cc317bb82f923d9681a682ea2a7df5254b64128b Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Thu, 11 Dec 2025 16:26:34 +0100 Subject: [PATCH] core/execute-serialize: do not gracefully skip unknown image policies in executor Follow-up for 7c0afcdde22d3d94fd23bfd0e473c263aaf54e8a Addresses https://github.com/systemd/systemd/pull/40060#issuecomment-3641288267 As commented, the unknown values should have been filtered out in pid1's initial parsing already, and the communication between pid1 and executor is entirely internal which makes the graceful practice counterproductive. --- src/core/execute-serialize.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/core/execute-serialize.c b/src/core/execute-serialize.c index bed2776889a..9671899796f 100644 --- a/src/core/execute-serialize.c +++ b/src/core/execute-serialize.c @@ -3740,21 +3740,21 @@ static int exec_context_deserialize(ExecContext *c, FILE *f) { if (c->root_image_policy) return -EINVAL; /* duplicated */ - r = image_policy_from_string(val, /* graceful= */ true, &c->root_image_policy); + r = image_policy_from_string(val, /* graceful= */ false, &c->root_image_policy); if (r < 0) return r; } else if ((val = startswith(l, "exec-context-mount-image-policy="))) { if (c->mount_image_policy) return -EINVAL; /* duplicated */ - r = image_policy_from_string(val, /* graceful= */ true, &c->mount_image_policy); + r = image_policy_from_string(val, /* graceful= */ false, &c->mount_image_policy); if (r < 0) return r; } else if ((val = startswith(l, "exec-context-extension-image-policy="))) { if (c->extension_image_policy) return -EINVAL; /* duplicated */ - r = image_policy_from_string(val, /* graceful= */ true, &c->extension_image_policy); + r = image_policy_from_string(val, /* graceful= */ false, &c->extension_image_policy); if (r < 0) return r; } else -- 2.47.3