also provide credentials in ExecStartPre

Systemd's credential interface is not yet natively supported by all
programs yet. Hence it's often required to run scripts to massage
secrets in the way the programs expect it.

This commit allows the ExecStartPre commands to access credentials.

Fixes https://github.com/systemd/systemd/issues/19604

diff --git a/src/core/service.c b/src/core/service.c
index 6ceb0a20578f59197f9c17ea149594fd72e24347..1e14cdc6ca028c082f9a67d08dc265d11d7486bd 100644 (file)
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -2293,7 +2293,7 @@ static void service_enter_start_pre(Service *s) {
                 r = service_spawn(s,
                                   s->control_command,
                                   s->timeout_start_usec,
-                                  EXEC_APPLY_SANDBOXING|EXEC_APPLY_CHROOT|EXEC_IS_CONTROL|EXEC_APPLY_TTY_STDIN|EXEC_SETENV_MONITOR_RESULT,
+                                  EXEC_APPLY_SANDBOXING|EXEC_APPLY_CHROOT|EXEC_IS_CONTROL|EXEC_APPLY_TTY_STDIN|EXEC_SETENV_MONITOR_RESULT|EXEC_WRITE_CREDENTIALS,
                                   &s->control_pid);
                 if (r < 0)
                         goto fail;