nspawn: use three boolean fields from settings file when actually set

Let's turn these three fields into tristates, so that we can distinguish
whether they are not configured at all from explicitly turned off.

Let#s then use this to ensure that we only copy the settings fields into
our execution environment if they are actually configured.

We already do this for some of the boolean settings, this adds it for
the missing ones.

The goal here is to ensure that an empty settings file used in
--settings=override mode (i.e. the default mode used in the
systemd-nspawn@.service unit) is truly a NOP.

diff --git a/src/nspawn/nspawn-gperf.gperf b/src/nspawn/nspawn-gperf.gperf
index 4af00c8d95b0114f0f0956d2d1e664c95ab1f60d..d25bef74689e67a86779223457722857ea36699c 100644 (file)
--- a/src/nspawn/nspawn-gperf.gperf
+++ b/src/nspawn/nspawn-gperf.gperf
@@ -20,7 +20,7 @@ struct ConfigPerfItem;
 %includes
 %%
 Exec.Boot,                    config_parse_boot,           0,                 0
-Exec.Ephemeral,               config_parse_bool,           0,                 offsetof(Settings, ephemeral)
+Exec.Ephemeral,               config_parse_tristate,       0,                 offsetof(Settings, ephemeral)
 Exec.ProcessTwo,              config_parse_pid2,           0,                 0
 Exec.Parameters,              config_parse_strv,           0,                 offsetof(Settings, parameters)
 Exec.Environment,             config_parse_strv,           0,                 offsetof(Settings, environment)
@@ -34,7 +34,7 @@ Exec.MachineID,               config_parse_id128,          0,                 of
 Exec.WorkingDirectory,        config_parse_path,           0,                 offsetof(Settings, working_directory)
 Exec.PivotRoot,               config_parse_pivot_root,     0,                 0
 Exec.PrivateUsers,            config_parse_private_users,  0,                 0
-Exec.NotifyReady,             config_parse_bool,           0,                 offsetof(Settings, notify_ready)
+Exec.NotifyReady,             config_parse_tristate,       0,                 offsetof(Settings, notify_ready)
 Exec.SystemCallFilter,        config_parse_syscall_filter, 0,                 0,
 Exec.LimitCPU,                config_parse_rlimit,         RLIMIT_CPU,        offsetof(Settings, rlimit)
 Exec.LimitFSIZE,              config_parse_rlimit,         RLIMIT_FSIZE,      offsetof(Settings, rlimit)
@@ -59,7 +59,7 @@ Exec.CPUAffinity,             config_parse_cpu_affinity,   0,                 0
 Exec.ResolvConf,              config_parse_resolv_conf,    0,                 offsetof(Settings, resolv_conf)
 Exec.LinkJournal,             config_parse_link_journal,   0,                 0
 Exec.Timezone,                config_parse_timezone,       0,                 offsetof(Settings, timezone)
-Exec.SuppressSync,            config_parse_bool,           0,                 offsetof(Settings, suppress_sync)
+Exec.SuppressSync,            config_parse_tristate,       0,                 offsetof(Settings, suppress_sync)
 Files.ReadOnly,               config_parse_tristate,       0,                 offsetof(Settings, read_only)
 Files.Volatile,               config_parse_volatile_mode,  0,                 offsetof(Settings, volatile_mode)
 Files.Bind,                   config_parse_bind,           0,                 0

diff --git a/src/nspawn/nspawn-settings.c b/src/nspawn/nspawn-settings.c
index c63b8da23ae65637d70f686be214a33117747fec..1f58bf3ed48ad5df92fa423ae1488405f030c282 100644 (file)
--- a/src/nspawn/nspawn-settings.c
+++ b/src/nspawn/nspawn-settings.c
@@ -27,6 +27,7 @@ Settings *settings_new(void) {
 
         *s = (Settings) {
                 .start_mode = _START_MODE_INVALID,
+                .ephemeral = -1,
                 .personality = PERSONALITY_INVALID,
 
                 .resolv_conf = _RESOLV_CONF_MODE_INVALID,
@@ -57,6 +58,9 @@ Settings *settings_new(void) {
 
                 .clone_ns_flags = ULONG_MAX,
                 .use_cgns = -1,
+
+                .notify_ready = -1,
+                .suppress_sync = -1,
         };
 
         return s;

diff --git a/src/nspawn/nspawn-settings.h b/src/nspawn/nspawn-settings.h
index 797e383401b3734d3a3b3c967a5d9c033567f355..59397ca54be39e1ad5b17762af4167425ad98e57 100644 (file)
--- a/src/nspawn/nspawn-settings.h
+++ b/src/nspawn/nspawn-settings.h
@@ -162,7 +162,7 @@ typedef struct OciHook {
 typedef struct Settings {
         /* [Exec] */
         StartMode start_mode;
-        bool ephemeral;
+        int ephemeral;
         char **parameters;
         char **environment;
         char *user;
@@ -177,7 +177,7 @@ typedef struct Settings {
         char *pivot_root_old;
         UserNamespaceMode userns_mode;
         uid_t uid_shift, uid_range;
-        bool notify_ready;
+        int notify_ready;
         char **syscall_allow_list;
         char **syscall_deny_list;
         struct rlimit *rlimit[_RLIMIT_MAX];
@@ -190,7 +190,7 @@ typedef struct Settings {
         LinkJournal link_journal;
         bool link_journal_try;
         TimezoneMode timezone;
-        bool suppress_sync;
+        int suppress_sync;
 
         /* [Files] */
         int read_only;

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index f8f9e7242145c39a00ae61331614fc35bb60ab69..25075d2b46aa138b372ba37af13d49fca453a916 100644 (file)
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -4284,7 +4284,8 @@ static int merge_settings(Settings *settings, const char *path) {
                 strv_free_and_replace(arg_parameters, settings->parameters);
         }
 
-        if ((arg_settings_mask & SETTING_EPHEMERAL) == 0)
+        if ((arg_settings_mask & SETTING_EPHEMERAL) == 0 &&
+            settings->ephemeral >= 0)
                 arg_ephemeral = settings->ephemeral;
 
         if ((arg_settings_mask & SETTING_DIRECTORY) == 0 &&
@@ -4454,7 +4455,8 @@ static int merge_settings(Settings *settings, const char *path) {
         if ((arg_settings_mask & SETTING_BIND_USER) == 0)
                 strv_free_and_replace(arg_bind_user, settings->bind_user);
 
-        if ((arg_settings_mask & SETTING_NOTIFY_READY) == 0)
+        if ((arg_settings_mask & SETTING_NOTIFY_READY) == 0 &&
+            settings->notify_ready >= 0)
                 arg_notify_ready = settings->notify_ready;
 
         if ((arg_settings_mask & SETTING_SYSCALL_FILTER) == 0) {
@@ -4577,7 +4579,8 @@ static int merge_settings(Settings *settings, const char *path) {
                         arg_console_mode = settings->console_mode;
         }
 
-        if ((arg_settings_mask & SETTING_SUPPRESS_SYNC) == 0)
+        if ((arg_settings_mask & SETTING_SUPPRESS_SYNC) == 0 &&
+            settings->suppress_sync >= 0)
                 arg_suppress_sync = settings->suppress_sync;
 
         /* The following properties can only be set through the OCI settings logic, not from the command line, hence we