dev_t journal_stream_dev,
ino_t journal_stream_ino,
const char *memory_pressure_path,
+ const char *creds_path,
char ***ret) {
_cleanup_strv_free_ char **our_env = NULL;
our_env[n_env++] = x;
}
- if (exec_context_has_credentials(c) &&
- p->prefix[EXEC_DIRECTORY_RUNTIME] &&
- FLAGS_SET(p->flags, EXEC_WRITE_CREDENTIALS)) {
- x = strjoin("CREDENTIALS_DIRECTORY=", p->prefix[EXEC_DIRECTORY_RUNTIME], "/credentials/", u->id);
+ if (creds_path) {
+ x = strjoin("CREDENTIALS_DIRECTORY=", creds_path);
if (!x)
return -ENOMEM;
const ExecParameters *params,
ExecRuntime *runtime,
const char *memory_pressure_path,
+ const char *creds_path,
char **error_path) {
_cleanup_(verity_settings_done) VeritySettings verity = VERITY_SETTINGS_DEFAULT;
_cleanup_strv_free_ char **empty_directories = NULL, **symlinks = NULL,
**read_write_paths_cleanup = NULL;
- _cleanup_free_ char *creds_path = NULL, *incoming_dir = NULL, *propagate_dir = NULL,
+ _cleanup_free_ char *incoming_dir = NULL, *propagate_dir = NULL,
*extension_dir = NULL, *host_os_release_stage = NULL;
const char *root_dir = NULL, *root_image = NULL, *tmp_dir = NULL, *var_tmp_dir = NULL;
char **read_write_paths;
if (context->mount_propagation_flag == MS_SHARED)
log_unit_debug(u, "shared mount propagation hidden by other fs namespacing unit settings: ignoring");
- if (exec_context_has_credentials(context) &&
- params->prefix[EXEC_DIRECTORY_RUNTIME] &&
- FLAGS_SET(params->flags, EXEC_WRITE_CREDENTIALS)) {
- creds_path = path_join(params->prefix[EXEC_DIRECTORY_RUNTIME], "credentials", u->id);
- if (!creds_path)
- return -ENOMEM;
- }
-
if (params->runtime_scope == RUNTIME_SCOPE_SYSTEM) {
propagate_dir = path_join("/run/systemd/propagate/", u->id);
if (!propagate_dir)
int r, ngids = 0, exec_fd;
_cleanup_free_ gid_t *supplementary_gids = NULL;
const char *username = NULL, *groupname = NULL;
- _cleanup_free_ char *home_buffer = NULL, *memory_pressure_path = NULL;
+ _cleanup_free_ char *home_buffer = NULL, *memory_pressure_path = NULL, *creds_path = NULL;
const char *home = NULL, *shell = NULL;
char **final_argv = NULL;
dev_t journal_stream_dev = 0;
}
if (FLAGS_SET(params->flags, EXEC_WRITE_CREDENTIALS)) {
- r = setup_credentials(context, params, unit->id, uid, gid);
+ r = setup_credentials(context, params, unit->id, uid, gid, &creds_path);
if (r < 0) {
*exit_status = EXIT_CREDENTIALS;
return log_unit_error_errno(unit, r, "Failed to set up credentials: %m");
journal_stream_dev,
journal_stream_ino,
memory_pressure_path,
+ creds_path,
&our_env);
if (r < 0) {
*exit_status = EXIT_MEMORY;
if (needs_mount_namespace) {
_cleanup_free_ char *error_path = NULL;
- r = apply_mount_namespace(unit, command->flags, context, params, runtime, memory_pressure_path, &error_path);
+ r = apply_mount_namespace(unit, command->flags, context, params, runtime, memory_pressure_path, creds_path, &error_path);
if (r < 0) {
*exit_status = EXIT_NAMESPACE;
return log_unit_error_errno(unit, r, "Failed to set up mount namespacing%s%s: %m",
projects / thirdparty / systemd.git / commitdiff
