core: introduce exec_params_need_credentials

Also rename EXEC_WRITE_CREDENTIALS to EXEC_SETUP_CREDENTIALS.

diff --git a/src/core/exec-credential.c b/src/core/exec-credential.c
index 7248ad03481cf8bc8d7887c15131d161476f15da..9b76c5a324996b361c60b25247344bc6267c3876 100644 (file)
--- a/src/core/exec-credential.c
+++ b/src/core/exec-credential.c
@@ -49,6 +49,12 @@ DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
         char, string_hash_func, string_compare_func,
         ExecLoadCredential, exec_load_credential_free);
 
+bool exec_params_need_credentials(const ExecParameters *p) {
+        assert(p);
+
+        return FLAGS_SET(p->flags, EXEC_SETUP_CREDENTIALS);
+}
+
 bool exec_context_has_credentials(const ExecContext *c) {
         assert(c);
 
@@ -106,7 +112,7 @@ int exec_context_get_credential_directory(
         assert(unit);
         assert(ret);
 
-        if (!exec_context_has_credentials(context)) {
+        if (!exec_params_need_credentials(params) || !exec_context_has_credentials(context)) {
                 *ret = NULL;
                 return 0;
         }
@@ -936,7 +942,7 @@ int exec_setup_credentials(
         assert(params);
         assert(unit);
 
-        if (!exec_context_has_credentials(context))
+        if (!exec_params_need_credentials(params) || !exec_context_has_credentials(context))
                 return 0;
 
         if (!params->prefix[EXEC_DIRECTORY_RUNTIME])

diff --git a/src/core/exec-credential.h b/src/core/exec-credential.h
index 9e4770d0b8e03256ec1e0f9164db8ef09bed3878..70bb46bdde6847a20a8b37f01d6cb8ab05f438af 100644 (file)
--- a/src/core/exec-credential.h
+++ b/src/core/exec-credential.h
@@ -34,6 +34,8 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(ExecLoadCredential*, exec_load_credential_free);
 extern const struct hash_ops exec_set_credential_hash_ops;
 extern const struct hash_ops exec_load_credential_hash_ops;
 
+bool exec_params_need_credentials(const ExecParameters *p);
+
 bool exec_context_has_credentials(const ExecContext *c);
 bool exec_context_has_encrypted_credentials(const ExecContext *c);
 

diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c
index 81d243c5b204548bbb21530ce30f61308b16aa5e..c62b7385cb3b09dde4d52ce9c2905118a12ffb1e 100644 (file)
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@@ -3175,11 +3175,9 @@ static int apply_mount_namespace(
                                params,
                                "shared mount propagation hidden by other fs namespacing unit settings: ignoring");
 
-        if (FLAGS_SET(params->flags, EXEC_WRITE_CREDENTIALS)) {
-                r = exec_context_get_credential_directory(context, params, params->unit_id, &creds_path);
-                if (r < 0)
-                        return r;
-        }
+        r = exec_context_get_credential_directory(context, params, params->unit_id, &creds_path);
+        if (r < 0)
+                return r;
 
         if (params->runtime_scope == RUNTIME_SCOPE_SYSTEM) {
                 propagate_dir = path_join("/run/systemd/propagate/", params->unit_id);
@@ -4534,12 +4532,10 @@ int exec_invoke(
                         return log_exec_error_errno(context, params, r, "Failed to set up special execution directory in %s: %m", params->prefix[dt]);
         }
 
-        if (FLAGS_SET(params->flags, EXEC_WRITE_CREDENTIALS)) {
-                r = exec_setup_credentials(context, params, params->unit_id, uid, gid);
-                if (r < 0) {
-                        *exit_status = EXIT_CREDENTIALS;
-                        return log_exec_error_errno(context, params, r, "Failed to set up credentials: %m");
-                }
+        r = exec_setup_credentials(context, params, params->unit_id, uid, gid);
+        if (r < 0) {
+                *exit_status = EXIT_CREDENTIALS;
+                return log_exec_error_errno(context, params, r, "Failed to set up credentials: %m");
         }
 
         r = build_environment(

diff --git a/src/core/execute.h b/src/core/execute.h
index e226654c6abe64ef07f4d6be92db304130913171..916e66adcdc3b345d4322264122bec4dab4ecec1 100644 (file)
--- a/src/core/execute.h
+++ b/src/core/execute.h
@@ -399,7 +399,7 @@ typedef enum ExecFlags {
         EXEC_CGROUP_DELEGATE       = 1 << 6,
         EXEC_IS_CONTROL            = 1 << 7,
         EXEC_CONTROL_CGROUP        = 1 << 8, /* Place the process not in the indicated cgroup but in a subcgroup '/.control', but only EXEC_CGROUP_DELEGATE and EXEC_IS_CONTROL is set, too */
-        EXEC_WRITE_CREDENTIALS     = 1 << 9, /* Set up the credential store logic */
+        EXEC_SETUP_CREDENTIALS     = 1 << 9, /* Set up the credential store logic */
 
         /* The following are not used by execute.c, but by consumers internally */
         EXEC_PASS_FDS              = 1 << 10,

diff --git a/src/core/service.c b/src/core/service.c
index 38934390f0394e3855430b15c718a646770cca65..8553e28e1da87cea4b87c063baf514a156a72db5 100644 (file)
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -1609,7 +1609,7 @@ static ExecFlags service_exec_flags(ServiceExecCommand command_id) {
 
         /* All start phases get access to credentials */
         if (IN_SET(command_id, SERVICE_EXEC_START_PRE, SERVICE_EXEC_START, SERVICE_EXEC_START_POST))
-                flags |= EXEC_WRITE_CREDENTIALS;
+                flags |= EXEC_SETUP_CREDENTIALS;
 
         if (IN_SET(command_id, SERVICE_EXEC_START_PRE, SERVICE_EXEC_START))
                 flags |= EXEC_SETENV_MONITOR_RESULT;