From: Lennart Poettering Date: Sat, 12 May 2018 20:17:16 +0000 (-0700) Subject: nspawn: make --link-journal= configurable through .nspawn files, too X-Git-Tag: v239~213^2~4 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4e1d6aa983b33ab9bc5a25d011452976d636f726;p=thirdparty%2Fsystemd.git nspawn: make --link-journal= configurable through .nspawn files, too --- diff --git a/man/systemd.nspawn.xml b/man/systemd.nspawn.xml index 679052ae78b..3484d5cac6b 100644 --- a/man/systemd.nspawn.xml +++ b/man/systemd.nspawn.xml @@ -349,6 +349,15 @@ details. + + LinkJournal= + + Configures how to link host and container journal setups. This is equivalent to the + command line switch, and takes the same parameter. See + systemd-nspawn1 for + details. + + diff --git a/src/nspawn/nspawn-gperf.gperf b/src/nspawn/nspawn-gperf.gperf index 0f31aa2ec4f..485ae201b8d 100644 --- a/src/nspawn/nspawn-gperf.gperf +++ b/src/nspawn/nspawn-gperf.gperf @@ -54,6 +54,7 @@ Exec.NoNewPrivileges, config_parse_tristate, 0, of Exec.OOMScoreAdjust, config_parse_oom_score_adjust, 0, 0 Exec.CPUAffinity, config_parse_cpu_affinity, 0, 0 Exec.ResolvConf, config_parse_resolv_conf, 0, offsetof(Settings, resolv_conf) +Exec.LinkJournal, config_parse_link_journal, 0, 0 Files.ReadOnly, config_parse_tristate, 0, offsetof(Settings, read_only) Files.Volatile, config_parse_volatile_mode, 0, offsetof(Settings, volatile_mode) Files.Bind, config_parse_bind, 0, 0 diff --git a/src/nspawn/nspawn-settings.c b/src/nspawn/nspawn-settings.c index 367f18c4200..e63a14cbac5 100644 --- a/src/nspawn/nspawn-settings.c +++ b/src/nspawn/nspawn-settings.c @@ -37,6 +37,7 @@ int settings_load(FILE *f, const char *path, Settings **ret) { s->personality = PERSONALITY_INVALID; s->userns_mode = _USER_NAMESPACE_MODE_INVALID; s->resolv_conf = _RESOLV_CONF_MODE_INVALID; + s->link_journal = _LINK_JOURNAL_INVALID; s->uid_shift = UID_INVALID; s->uid_range = UID_INVALID; s->no_new_privileges = -1; @@ -740,3 +741,59 @@ static const char *const resolv_conf_mode_table[_RESOLV_CONF_MODE_MAX] = { }; DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(resolv_conf_mode, ResolvConfMode, RESOLV_CONF_AUTO); + +int parse_link_journal(const char *s, LinkJournal *ret_mode, bool *ret_try) { + assert(s); + assert(ret_mode); + assert(ret_try); + + if (streq(s, "auto")) { + *ret_mode = LINK_AUTO; + *ret_try = false; + } else if (streq(s, "no")) { + *ret_mode = LINK_NO; + *ret_try = false; + } else if (streq(s, "guest")) { + *ret_mode = LINK_GUEST; + *ret_try = false; + } else if (streq(s, "host")) { + *ret_mode = LINK_HOST; + *ret_try = false; + } else if (streq(s, "try-guest")) { + *ret_mode = LINK_GUEST; + *ret_try = true; + } else if (streq(s, "try-host")) { + *ret_mode = LINK_HOST; + *ret_try = true; + } else + return -EINVAL; + + return 0; +} + +int config_parse_link_journal( + const char *unit, + const char *filename, + unsigned line, + const char *section, + unsigned section_line, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { + + Settings *settings = data; + int r; + + assert(rvalue); + assert(settings); + + r = parse_link_journal(rvalue, &settings->link_journal, &settings->link_journal_try); + if (r < 0) { + log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse link journal mode, ignoring: %s", rvalue); + return 0; + } + + return 0; +} diff --git a/src/nspawn/nspawn-settings.h b/src/nspawn/nspawn-settings.h index 8b4b897fa6d..69fce584a9f 100644 --- a/src/nspawn/nspawn-settings.h +++ b/src/nspawn/nspawn-settings.h @@ -45,6 +45,15 @@ typedef enum ResolvConfMode { _RESOLV_CONF_MODE_INVALID = -1 } ResolvConfMode; +typedef enum LinkJournal { + LINK_NO, + LINK_AUTO, + LINK_HOST, + LINK_GUEST, + _LINK_JOURNAL_MAX, + _LINK_JOURNAL_INVALID = -1 +} LinkJournal; + typedef enum SettingsMask { SETTING_START_MODE = UINT64_C(1) << 0, SETTING_ENVIRONMENT = UINT64_C(1) << 1, @@ -68,9 +77,10 @@ typedef enum SettingsMask { SETTING_OOM_SCORE_ADJUST = UINT64_C(1) << 19, SETTING_CPU_AFFINITY = UINT64_C(1) << 20, SETTING_RESOLV_CONF = UINT64_C(1) << 21, - SETTING_RLIMIT_FIRST = UINT64_C(1) << 22, /* we define one bit per resource limit here */ - SETTING_RLIMIT_LAST = UINT64_C(1) << (22 + _RLIMIT_MAX - 1), - _SETTINGS_MASK_ALL = (UINT64_C(1) << (22 + _RLIMIT_MAX)) - 1, + SETTING_LINK_JOURNAL = UINT64_C(1) << 22, + SETTING_RLIMIT_FIRST = UINT64_C(1) << 23, /* we define one bit per resource limit here */ + SETTING_RLIMIT_LAST = UINT64_C(1) << (23 + _RLIMIT_MAX - 1), + _SETTINGS_MASK_ALL = (UINT64_C(1) << (23 + _RLIMIT_MAX)) - 1, _FORCE_ENUM_WIDTH = UINT64_MAX } SettingsMask; @@ -110,6 +120,8 @@ typedef struct Settings { cpu_set_t *cpuset; unsigned cpuset_ncpus; ResolvConfMode resolv_conf; + LinkJournal link_journal; + bool link_journal_try; /* [Image] */ int read_only; @@ -158,6 +170,9 @@ CONFIG_PARSER_PROTOTYPE(config_parse_hostname); CONFIG_PARSER_PROTOTYPE(config_parse_oom_score_adjust); CONFIG_PARSER_PROTOTYPE(config_parse_cpu_affinity); CONFIG_PARSER_PROTOTYPE(config_parse_resolv_conf); +CONFIG_PARSER_PROTOTYPE(config_parse_link_journal); const char *resolv_conf_mode_to_string(ResolvConfMode a) _const_; ResolvConfMode resolv_conf_mode_from_string(const char *s) _pure_; + +int parse_link_journal(const char *s, LinkJournal *ret_mode, bool *ret_try); diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 0ed90edb533..15d43774a49 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -118,13 +118,6 @@ typedef enum ContainerStatus { CONTAINER_REBOOTED } ContainerStatus; -typedef enum LinkJournal { - LINK_NO, - LINK_AUTO, - LINK_HOST, - LINK_GUEST -} LinkJournal; - static char *arg_directory = NULL; static char *arg_template = NULL; static char *arg_chdir = NULL; @@ -810,32 +803,17 @@ static int parse_argv(int argc, char *argv[]) { case 'j': arg_link_journal = LINK_GUEST; arg_link_journal_try = true; + arg_settings_mask |= SETTING_LINK_JOURNAL; break; case ARG_LINK_JOURNAL: - if (streq(optarg, "auto")) { - arg_link_journal = LINK_AUTO; - arg_link_journal_try = false; - } else if (streq(optarg, "no")) { - arg_link_journal = LINK_NO; - arg_link_journal_try = false; - } else if (streq(optarg, "guest")) { - arg_link_journal = LINK_GUEST; - arg_link_journal_try = false; - } else if (streq(optarg, "host")) { - arg_link_journal = LINK_HOST; - arg_link_journal_try = false; - } else if (streq(optarg, "try-guest")) { - arg_link_journal = LINK_GUEST; - arg_link_journal_try = true; - } else if (streq(optarg, "try-host")) { - arg_link_journal = LINK_HOST; - arg_link_journal_try = true; - } else { - log_error("Failed to parse link journal mode %s", optarg); + r = parse_link_journal(optarg, &arg_link_journal, &arg_link_journal_try); + if (r < 0) { + log_error_errno(r, "Failed to parse link journal mode %s", optarg); return -EINVAL; } + arg_settings_mask |= SETTING_LINK_JOURNAL; break; case ARG_BIND: @@ -3451,6 +3429,17 @@ static int merge_settings(Settings *settings, const char *path) { settings->resolv_conf != _RESOLV_CONF_MODE_INVALID) arg_resolv_conf = settings->resolv_conf; + if ((arg_settings_mask & SETTING_LINK_JOURNAL) == 0 && + settings->link_journal != _LINK_JOURNAL_INVALID) { + + if (!arg_settings_trusted) + log_warning("Ignoring journal link setting, file '%s' is not trusted.", path); + else { + arg_link_journal = settings->link_journal; + arg_link_journal_try = settings->link_journal_try; + } + } + return 0; }