From b36ab0d4ce2c75628b2bda2d17b71852e3d24eba Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Fri, 6 Jun 2025 20:31:19 +0200 Subject: [PATCH] core/socket: don't suggest PassFileDescriptorsToExec= is a socket option by not interleaving it among socket options. --- man/org.freedesktop.systemd1.xml | 12 ++++++------ src/core/dbus-socket.c | 11 ++++++----- src/core/load-fragment-gperf.gperf.in | 2 +- src/core/socket.c | 4 ++-- src/core/socket.h | 7 ++++--- src/shared/bus-unit-util.c | 2 +- 6 files changed, 20 insertions(+), 18 deletions(-) diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml index 384d0aa3301..fd7bbab513c 100644 --- a/man/org.freedesktop.systemd1.xml +++ b/man/org.freedesktop.systemd1.xml @@ -4907,8 +4907,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly b PassCredentials = ...; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") - readonly b PassFileDescriptorsToExec = ...; - @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly b PassSecurity = ...; @org.freedesktop.DBus.Property.EmitsChangedSignal("const") readonly b PassPacketInfo = ...; @@ -4962,6 +4960,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { readonly u PollLimitBurst = ...; readonly u UID = ...; readonly u GID = ...; + @org.freedesktop.DBus.Property.EmitsChangedSignal("const") + readonly b PassFileDescriptorsToExec = ...; @org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates") readonly a(sasbttttuii) ExecStartPre = [...]; @org.freedesktop.DBus.Property.EmitsChangedSignal("invalidates") @@ -5576,8 +5576,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { - - @@ -5624,6 +5622,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { + + @@ -6178,8 +6178,6 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { - - @@ -6238,6 +6236,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket { + + diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c index 5781fb59f32..aeb6ae5fe11 100644 --- a/src/core/dbus-socket.c +++ b/src/core/dbus-socket.c @@ -86,7 +86,6 @@ const sd_bus_vtable bus_socket_vtable[] = { SD_BUS_PROPERTY("Transparent", "b", bus_property_get_bool, offsetof(Socket, transparent), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("Broadcast", "b", bus_property_get_bool, offsetof(Socket, broadcast), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("PassCredentials", "b", bus_property_get_bool, offsetof(Socket, pass_cred), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("PassFileDescriptorsToExec", "b", bus_property_get_bool, offsetof(Socket, pass_fds_to_exec), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("PassSecurity", "b", bus_property_get_bool, offsetof(Socket, pass_sec), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("PassPacketInfo", "b", bus_property_get_bool, offsetof(Socket, pass_pktinfo), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("Timestamping", "s", property_get_timestamping, offsetof(Socket, timestamping), SD_BUS_VTABLE_PROPERTY_CONST), @@ -116,6 +115,7 @@ const sd_bus_vtable bus_socket_vtable[] = { SD_BUS_PROPERTY("PollLimitBurst", "u", bus_property_get_unsigned, offsetof(Socket, poll_limit.burst), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("UID", "u", bus_property_get_uid, offsetof(Unit, ref_uid), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), SD_BUS_PROPERTY("GID", "u", bus_property_get_gid, offsetof(Unit, ref_gid), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), + SD_BUS_PROPERTY("PassFileDescriptorsToExec", "b", bus_property_get_bool, offsetof(Socket, pass_fds_to_exec), SD_BUS_VTABLE_PROPERTY_CONST), BUS_EXEC_COMMAND_LIST_VTABLE("ExecStartPre", offsetof(Socket, exec_command[SOCKET_EXEC_START_PRE]), SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION), BUS_EXEC_COMMAND_LIST_VTABLE("ExecStartPost", offsetof(Socket, exec_command[SOCKET_EXEC_START_POST]), SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION), BUS_EXEC_COMMAND_LIST_VTABLE("ExecStopPre", offsetof(Socket, exec_command[SOCKET_EXEC_STOP_PRE]), SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION), @@ -191,9 +191,6 @@ static int bus_socket_set_transient_property( if (streq(name, "PassCredentials")) return bus_set_transient_bool(u, name, &s->pass_cred, message, flags, error); - if (streq(name, "PassFileDescriptorsToExec")) - return bus_set_transient_bool(u, name, &s->pass_fds_to_exec, message, flags, error); - if (streq(name, "PassSecurity")) return bus_set_transient_bool(u, name, &s->pass_sec, message, flags, error); @@ -311,6 +308,9 @@ static int bus_socket_set_transient_property( if (streq(name, "SocketProtocol")) return bus_set_transient_socket_protocol(u, name, &s->socket_protocol, message, flags, error); + if (streq(name, "PassFileDescriptorsToExec")) + return bus_set_transient_bool(u, name, &s->pass_fds_to_exec, message, flags, error); + ci = socket_exec_command_from_string(name); if (ci >= 0) return bus_set_transient_exec_command(u, name, @@ -348,8 +348,9 @@ static int bus_socket_set_transient_property( } return 1; + } - } else if (streq(name, "Listen")) { + if (streq(name, "Listen")) { const char *t, *a; bool empty = true; diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in index 1bd7c950fca..2330bc0f4cf 100644 --- a/src/core/load-fragment-gperf.gperf.in +++ b/src/core/load-fragment-gperf.gperf.in @@ -510,7 +510,6 @@ Socket.FreeBind, config_parse_bool, Socket.Transparent, config_parse_bool, 0, offsetof(Socket, transparent) Socket.Broadcast, config_parse_bool, 0, offsetof(Socket, broadcast) Socket.PassCredentials, config_parse_bool, 0, offsetof(Socket, pass_cred) -Socket.PassFileDescriptorsToExec, config_parse_bool, 0, offsetof(Socket, pass_fds_to_exec) Socket.PassSecurity, config_parse_bool, 0, offsetof(Socket, pass_sec) Socket.PassPacketInfo, config_parse_bool, 0, offsetof(Socket, pass_pktinfo) Socket.Timestamping, config_parse_socket_timestamping, 0, offsetof(Socket, timestamping) @@ -522,6 +521,7 @@ Socket.RemoveOnStop, config_parse_bool, Socket.Symlinks, config_parse_unit_path_strv_printf, 0, offsetof(Socket, symlinks) Socket.FileDescriptorName, config_parse_fdname, 0, 0 Socket.Service, config_parse_socket_service, 0, 0 +Socket.PassFileDescriptorsToExec, config_parse_bool, 0, offsetof(Socket, pass_fds_to_exec) Socket.TriggerLimitIntervalSec, config_parse_sec, 0, offsetof(Socket, trigger_limit.interval) Socket.TriggerLimitBurst, config_parse_unsigned, 0, offsetof(Socket, trigger_limit.burst) Socket.PollLimitIntervalSec, config_parse_sec, 0, offsetof(Socket, poll_limit.interval) diff --git a/src/core/socket.c b/src/core/socket.c index ec75c22c5c9..5517c0ce070 100644 --- a/src/core/socket.c +++ b/src/core/socket.c @@ -610,13 +610,13 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) { "%sTransparent: %s\n" "%sBroadcast: %s\n" "%sPassCredentials: %s\n" - "%sPassFileDescriptorsToExec: %s\n" "%sPassSecurity: %s\n" "%sPassPacketInfo: %s\n" "%sTCPCongestion: %s\n" "%sRemoveOnStop: %s\n" "%sWritable: %s\n" "%sFileDescriptorName: %s\n" + "%sPassFileDescriptorsToExec: %s\n" "%sSELinuxContextFromNet: %s\n", prefix, socket_state_to_string(s->state), prefix, socket_result_to_string(s->result), @@ -631,13 +631,13 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) { prefix, yes_no(s->transparent), prefix, yes_no(s->broadcast), prefix, yes_no(s->pass_cred), - prefix, yes_no(s->pass_fds_to_exec), prefix, yes_no(s->pass_sec), prefix, yes_no(s->pass_pktinfo), prefix, strna(s->tcp_congestion), prefix, yes_no(s->remove_on_stop), prefix, yes_no(s->writable), prefix, socket_fdname(s), + prefix, yes_no(s->pass_fds_to_exec), prefix, yes_no(s->selinux_context_from_net)); if (s->timestamping != SOCKET_TIMESTAMPING_OFF) diff --git a/src/core/socket.h b/src/core/socket.h index 696e0490c13..f85448c4840 100644 --- a/src/core/socket.h +++ b/src/core/socket.h @@ -86,7 +86,7 @@ typedef struct Socket { usec_t keep_alive_interval; usec_t defer_accept; - ExecCommand* exec_command[_SOCKET_EXEC_COMMAND_MAX]; + ExecCommand *exec_command[_SOCKET_EXEC_COMMAND_MAX]; ExecContext exec_context; KillContext kill_context; CGroupContext cgroup_context; @@ -103,10 +103,12 @@ typedef struct Socket { sd_event_source *timer_event_source; - ExecCommand* control_command; + ExecCommand *control_command; SocketExecCommand control_command_id; PidRef control_pid; + bool pass_fds_to_exec; + mode_t directory_mode; mode_t socket_mode; @@ -129,7 +131,6 @@ typedef struct Socket { bool transparent; bool broadcast; bool pass_cred; - bool pass_fds_to_exec; bool pass_sec; bool pass_pktinfo; SocketTimestamping timestamping; diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c index 1e28622668c..d18a9088d4d 100644 --- a/src/shared/bus-unit-util.c +++ b/src/shared/bus-unit-util.c @@ -2583,11 +2583,11 @@ static int bus_append_socket_property(sd_bus_message *m, const char *field, cons "Transparent", "Broadcast", "PassCredentials", - "PassFileDescriptorsToExec", "PassSecurity", "PassPacketInfo", "ReusePort", "RemoveOnStop", + "PassFileDescriptorsToExec", "SELinuxContextFromNet")) return bus_append_parse_boolean(m, field, eq); -- 2.47.3