core: move masking of chroot/permission masking into service_spawn()

Let's fix up the flags fields in service_spawn() rather than its callers, in
order to simplify things a bit.

diff --git a/src/core/execute.h b/src/core/execute.h
index 77418ea2adc3993d599735010dd48f655eed1a4c..8d659ca1783fc9398ab81a6d30b51597ca303383 100644 (file)
--- a/src/core/execute.h
+++ b/src/core/execute.h
@@ -214,7 +214,7 @@ typedef enum ExecFlags {
         EXEC_APPLY_CHROOT      = 1U << 2,
         EXEC_APPLY_TTY_STDIN   = 1U << 3,
 
-        /* The following are not usec by execute.c, but by consumers internally */
+        /* The following are not used by execute.c, but by consumers internally */
         EXEC_PASS_FDS          = 1U << 4,
         EXEC_IS_CONTROL        = 1U << 5,
 } ExecFlags;

diff --git a/src/core/service.c b/src/core/service.c
index b4db7d17ed2f84a5125390c11d43d3bf1ccc4239..32b8e7d2c536fc60324c71e307c9913a63e9f01c 100644 (file)
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -1174,6 +1174,14 @@ static int service_spawn(
         assert(c);
         assert(_pid);
 
+        if (flags & EXEC_IS_CONTROL) {
+                /* If this is a control process, mask the permissions/chroot application if this is requested. */
+                if (s->permissions_start_only)
+                        exec_params.flags &= ~EXEC_APPLY_PERMISSIONS;
+                if (s->root_directory_start_only)
+                        exec_params.flags &= ~EXEC_APPLY_CHROOT;
+        }
+
         (void) unit_realize_cgroup(UNIT(s));
         if (s->reset_cpu_usage) {
                 (void) unit_reset_cpu_usage(UNIT(s));
@@ -1459,9 +1467,7 @@ static void service_enter_stop_post(Service *s, ServiceResult f) {
                 r = service_spawn(s,
                                   s->control_command,
                                   s->timeout_stop_usec,
-                                  (s->permissions_start_only ? 0 : EXEC_APPLY_PERMISSIONS) |
-                                  (s->root_directory_start_only ? 0 : EXEC_APPLY_CHROOT) |
-                                  EXEC_APPLY_TTY_STDIN | EXEC_IS_CONTROL,
+                                  EXEC_APPLY_PERMISSIONS|EXEC_APPLY_CHROOT|EXEC_APPLY_TTY_STDIN|EXEC_IS_CONTROL,
                                   &s->control_pid);
                 if (r < 0)
                         goto fail;
@@ -1572,9 +1578,7 @@ static void service_enter_stop(Service *s, ServiceResult f) {
                 r = service_spawn(s,
                                   s->control_command,
                                   s->timeout_stop_usec,
-                                  (s->permissions_start_only ? 0 : EXEC_APPLY_PERMISSIONS) |
-                                  (s->root_directory_start_only ? 0 : EXEC_APPLY_CHROOT) |
-                                  EXEC_IS_CONTROL,
+                                  EXEC_APPLY_PERMISSIONS|EXEC_APPLY_CHROOT|EXEC_IS_CONTROL,
                                   &s->control_pid);
                 if (r < 0)
                         goto fail;
@@ -1651,9 +1655,7 @@ static void service_enter_start_post(Service *s) {
                 r = service_spawn(s,
                                   s->control_command,
                                   s->timeout_start_usec,
-                                  (s->permissions_start_only ? 0 : EXEC_APPLY_PERMISSIONS)|
-                                  (s->root_directory_start_only ? 0 : EXEC_APPLY_CHROOT)|
-                                  EXEC_IS_CONTROL,
+                                  EXEC_APPLY_PERMISSIONS|EXEC_APPLY_CHROOT|EXEC_IS_CONTROL,
                                   &s->control_pid);
                 if (r < 0)
                         goto fail;
@@ -1782,9 +1784,7 @@ static void service_enter_start_pre(Service *s) {
                 r = service_spawn(s,
                                   s->control_command,
                                   s->timeout_start_usec,
-                                  (s->permissions_start_only ? 0 : EXEC_APPLY_PERMISSIONS) |
-                                  (s->root_directory_start_only ? 0: EXEC_APPLY_CHROOT) |
-                                  EXEC_IS_CONTROL|EXEC_APPLY_TTY_STDIN,
+                                  EXEC_APPLY_PERMISSIONS|EXEC_APPLY_CHROOT|EXEC_IS_CONTROL|EXEC_APPLY_TTY_STDIN,
                                   &s->control_pid);
                 if (r < 0)
                         goto fail;
@@ -1859,9 +1859,7 @@ static void service_enter_reload(Service *s) {
                 r = service_spawn(s,
                                   s->control_command,
                                   s->timeout_start_usec,
-                                  (s->permissions_start_only ? 0 : EXEC_APPLY_PERMISSIONS) |
-                                  (s->root_directory_start_only ? 0 : EXEC_APPLY_CHROOT) |
-                                  EXEC_IS_CONTROL,
+                                  EXEC_APPLY_PERMISSIONS|EXEC_APPLY_CHROOT|EXEC_IS_CONTROL,
                                   &s->control_pid);
                 if (r < 0)
                         goto fail;
@@ -1899,10 +1897,8 @@ static void service_run_next_control(Service *s) {
         r = service_spawn(s,
                           s->control_command,
                           timeout,
-                          (s->permissions_start_only ? 0 : EXEC_APPLY_PERMISSIONS) |
-                          (s->root_directory_start_only ? 0 : EXEC_APPLY_CHROOT) |
-                          (IN_SET(s->control_command_id, SERVICE_EXEC_START_PRE, SERVICE_EXEC_STOP_POST) ? EXEC_APPLY_TTY_STDIN : 0)|
-                          EXEC_IS_CONTROL,
+                          EXEC_APPLY_PERMISSIONS|EXEC_APPLY_CHROOT|EXEC_IS_CONTROL|
+                          (IN_SET(s->control_command_id, SERVICE_EXEC_START_PRE, SERVICE_EXEC_STOP_POST) ? EXEC_APPLY_TTY_STDIN : 0),
                           &s->control_pid);
         if (r < 0)
                 goto fail;