From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 30 Oct 2024 09:59:57 +0000 (+0100)
Subject: core: add EXEC_DIRECTORY_TYPE_SHALL_CHOWN() helper
X-Git-Tag: v257-rc1~101
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2ef87de9d37a58cd6fe14f6a84d52d27779fe30e;p=thirdparty%2Fsystemd.git

core: add EXEC_DIRECTORY_TYPE_SHALL_CHOWN() helper

Let's make ConfigurationDirectory= a bit less "special-casey", by hiding
the fact that it's the only per-service dir we do not do chown()ing for
inside of a new EXEC_DIRECTORY_TYPE_SHALL_CHOWN() helper.
---

diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c
index eda0aee7c2e..feea7897eff 100644
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@@ -2474,7 +2474,7 @@ static int setup_exec_directory(
                 } else {
                         _cleanup_free_ char *target = NULL;
 
-                        if (type != EXEC_DIRECTORY_CONFIGURATION &&
+                        if (EXEC_DIRECTORY_TYPE_SHALL_CHOWN(type) &&
                             readlink_and_make_absolute(p, &target) >= 0) {
                                 _cleanup_free_ char *q = NULL, *q_resolved = NULL, *target_resolved = NULL;
 
@@ -2526,7 +2526,7 @@ static int setup_exec_directory(
                                 if (r != -EEXIST)
                                         goto fail;
 
-                                if (type == EXEC_DIRECTORY_CONFIGURATION) {
+                                if (!EXEC_DIRECTORY_TYPE_SHALL_CHOWN(type)) {
                                         struct stat st;
 
                                         /* Don't change the owner/access mode of the configuration directory,
@@ -3636,7 +3636,8 @@ static int compile_suggested_paths(const ExecContext *c, const ExecParameters *p
          * directories. */
 
         for (ExecDirectoryType t = 0; t < _EXEC_DIRECTORY_TYPE_MAX; t++) {
-                if (t == EXEC_DIRECTORY_CONFIGURATION)
+
+                if (!EXEC_DIRECTORY_TYPE_SHALL_CHOWN(t))
                         continue;
 
                 if (!p->prefix[t])
diff --git a/src/core/execute.c b/src/core/execute.c
index 1fda693344f..a081c429380 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -340,7 +340,7 @@ bool exec_directory_is_private(const ExecContext *context, ExecDirectoryType typ
         if (!context->dynamic_user)
                 return false;
 
-        if (type == EXEC_DIRECTORY_CONFIGURATION)
+        if (!EXEC_DIRECTORY_TYPE_SHALL_CHOWN(type))
                 return false;
 
         if (type == EXEC_DIRECTORY_RUNTIME && context->runtime_directory_preserve_mode == EXEC_PRESERVE_NO)
@@ -1639,7 +1639,7 @@ int exec_context_get_clean_directories(
                                 return r;
 
                         /* Also remove private directories unconditionally. */
-                        if (t != EXEC_DIRECTORY_CONFIGURATION) {
+                        if (EXEC_DIRECTORY_TYPE_SHALL_CHOWN(t)) {
                                 j = path_join(prefix[t], "private", i->path);
                                 if (!j)
                                         return -ENOMEM;
diff --git a/src/core/execute.h b/src/core/execute.h
index 1f9b3f8f142..1fc7e6d7853 100644
--- a/src/core/execute.h
+++ b/src/core/execute.h
@@ -152,6 +152,12 @@ typedef enum ExecDirectoryType {
         _EXEC_DIRECTORY_TYPE_INVALID = -EINVAL,
 } ExecDirectoryType;
 
+static inline bool EXEC_DIRECTORY_TYPE_SHALL_CHOWN(ExecDirectoryType t) {
+        /* Returns true for the ExecDirectoryTypes that we shall chown()ing for the user to. We do this for
+         * all of them, except for configuration */
+        return t >= 0 && t < _EXEC_DIRECTORY_TYPE_MAX && t != EXEC_DIRECTORY_CONFIGURATION;
+}
+
 typedef struct ExecDirectoryItem {
         char *path;
         char **symlinks;