[systemd-commits] 2 commits - configure.ac fixme Makefile.am src/dbus-execute.h src/dbus-manager.c src/execute.c src/execute.h src/install.c src/load-fragment.c src/log.c src/main.c src/manager.c src/strv.c src/strv.h src/systemctl.c src/util.c src/util.h

Lennart Poettering lennart at kemper.freedesktop.org
Wed Jun 16 12:54:25 PDT 2010


 Makefile.am         |    3 
 configure.ac        |   55 ++++++++++--
 fixme               |    8 +
 src/dbus-execute.h  |    6 -
 src/dbus-manager.c  |    4 
 src/execute.c       |  231 ++++++++++++++++++++++++++++++++++++++++++++++++----
 src/execute.h       |    5 -
 src/install.c       |    2 
 src/load-fragment.c |    3 
 src/log.c           |    4 
 src/main.c          |    2 
 src/manager.c       |    2 
 src/strv.c          |   41 ++++-----
 src/strv.h          |    4 
 src/systemctl.c     |    2 
 src/util.c          |   21 ++++
 src/util.h          |    3 
 17 files changed, 331 insertions(+), 65 deletions(-)

New commits:
commit 5b6319dceedd81f3f1ce7eb70ea5defaef43bcec
Author: Lennart Poettering <lennart at poettering.net>
Date:   Wed Jun 16 21:54:17 2010 +0200

    service: optionally call into PAM when dropping priviliges

diff --git a/Makefile.am b/Makefile.am
index c78968f..b887d26 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -290,7 +290,8 @@ systemd_LDADD = \
 	$(DBUS_LIBS) \
 	$(UDEV_LIBS) \
 	$(CGROUP_LIBS) \
-	$(LIBWRAP_LIBS)
+	$(LIBWRAP_LIBS) \
+	$(PAM_LIBS)
 
 test_engine_SOURCES = \
 	$(COMMON_SOURCES) \
diff --git a/configure.ac b/configure.ac
index ae25200..c5c5cc0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -111,27 +111,61 @@ AC_SUBST(CGROUP_LIBS)
 AC_ARG_ENABLE([tcpwrap],
         AS_HELP_STRING([--disable-tcpwrap],[Disable optional TCP wrappers support]),
                 [case "${enableval}" in
-                        yes) tcpwrap=yes ;;
-                        no) tcpwrap=no ;;
+                        yes) have_tcpwrap=yes ;;
+                        no) have_tcpwrap=no ;;
                         *) AC_MSG_ERROR(bad value ${enableval} for --disable-tcpwrap) ;;
                 esac],
-                [tcpwrap=auto])
+                [have_tcpwrap=auto])
 
-if test "x${tcpwrap}" != xno ; then
+if test "x${have_tcpwrap}" != xno ; then
         ACX_LIBWRAP
         if test "x${LIBWRAP_LIBS}" = x ; then
-                if test "x$tcpwrap" = xyes ; then
-                        AC_MSG_ERROR([*** TCP wrappers support not found])
+                if test "x$have_tcpwrap" = xyes ; then
+                        AC_MSG_ERROR([*** TCP wrappers support not found.])
                 fi
         else
-                tcpwrap=yes
+                have_tcpwrap=yes
         fi
 else
-    LIBWRAP_LIBS=
+        LIBWRAP_LIBS=
 fi
-
 AC_SUBST(LIBWRAP_LIBS)
 
+AC_ARG_ENABLE([pam],
+        AS_HELP_STRING([--disable-pam],[Disable optional PAM support]),
+                [case "${enableval}" in
+                        yes) have_pam=yes ;;
+                        no) have_pam=no ;;
+                        *) AC_MSG_ERROR(bad value ${enableval} for --disable-pam) ;;
+                esac],
+                [have_pam=auto])
+
+if test "x${have_pam}" != xno ; then
+        AC_CHECK_HEADERS(
+                [security/pam_modules.h security/pam_modutil.h security/pam_ext.h],
+                [have_pam=yes],
+                [if test "x$have_pam" = xyes ; then
+                        AC_MSG_ERROR([*** PAM headers not found.])
+                fi])
+
+        AC_CHECK_LIB(
+                [pam],
+                [pam_syslog],
+                [have_pam=yes],
+                [if test "x$have_pam" = xyes ; then
+                        AC_MSG_ERROR([*** libpam not found.])
+                fi])
+
+        if test "x$have_pam" = xyes ; then
+                PAM_LIBS="-lpam -lpam_misc"
+                AC_DEFINE(HAVE_PAM, 1, [PAM available])
+        fi
+else
+        PAM_LIBS=
+fi
+AC_SUBST(PAM_LIBS)
+AM_CONDITIONAL([HAVE_PAM], [test "x$have_pam" != xno])
+
 have_gtk=no
 AC_ARG_ENABLE(gtk, AS_HELP_STRING([--disable-gtk], [disable GTK tools]))
 if test "x$enable_gtk" != "xno"; then
@@ -336,7 +370,8 @@ echo "
         Syslog service:          ${SPECIAL_SYSLOG_SERVICE}
         D-Bus service:           ${SPECIAL_DBUS_SERVICE}
         Gtk:                     ${have_gtk}
-        tcpwrap:                 ${tcpwrap}
+        tcpwrap:                 ${have_tcpwrap}
+        PAM:                     ${have_pam}
         prefix:                  ${prefix}
         root dir:                ${with_rootdir}
         udev rules dir:          ${with_udevrulesdir}
diff --git a/fixme b/fixme
index 17a8ef8..7a443f4 100644
--- a/fixme
+++ b/fixme
@@ -51,14 +51,16 @@
 
 * write utmp record a la upstart for processes
 
-* run PAM session stuff
+* follow property change dbus spec
 
-* use setproctitle() when forking, before exec() (waiting for (PR_SET_PROCTITLE_AREA to enter the kernel)
+* pam module
 
-* follow property change dbus spec
+* selinux
 
 Regularly:
 
 * look for close() vs. close_nointr() vs. close_nointr_nofail()
 
 * check for strerror(r) instead of strerror(-r)
+
+* Use PR_SET_PROCTITLE_AREA if it becomes available in the kernel
diff --git a/src/dbus-execute.h b/src/dbus-execute.h
index 243854f..1e83cac 100644
--- a/src/dbus-execute.h
+++ b/src/dbus-execute.h
@@ -44,7 +44,8 @@
         "  <property name=\"User\" type=\"s\" access=\"read\"/>\n"      \
         "  <property name=\"Group\" type=\"s\" access=\"read\"/>\n"     \
         "  <property name=\"SupplementaryGroups\" type=\"as\" access=\"read\"/>\n" \
-        "  <property name=\"TCPWrapName\" type=\"s\" access=\"read\"/>\n"
+        "  <property name=\"TCPWrapName\" type=\"s\" access=\"read\"/>\n" \
+        "  <property name=\"PAMName\" type=\"s\" access=\"read\"/>\n"
 
 #define BUS_EXEC_CONTEXT_PROPERTIES(interface, context)                 \
         { interface, "Environment",                   bus_property_append_strv,   "as",    (context).environment                   }, \
@@ -73,7 +74,8 @@
         { interface, "User",                          bus_property_append_string, "s",     (context).user                          }, \
         { interface, "Group",                         bus_property_append_string, "s",     (context).group                         }, \
         { interface, "SupplementaryGroups",           bus_property_append_strv,   "as",    (context).supplementary_groups          }, \
-        { interface, "TCPWrapName",                   bus_property_append_string, "s",     (context).tcpwrap_name                  }
+        { interface, "TCPWrapName",                   bus_property_append_string, "s",     (context).tcpwrap_name                  }, \
+        { interface, "PAMName",                       bus_property_append_string, "s",     (context).pam_name                      }
 
 int bus_execute_append_output(Manager *m, DBusMessageIter *i, const char *property, void *data);
 int bus_execute_append_input(Manager *m, DBusMessageIter *i, const char *property, void *data);
diff --git a/src/dbus-manager.c b/src/dbus-manager.c
index c80b22b..d4c9e8f 100644
--- a/src/dbus-manager.c
+++ b/src/dbus-manager.c
@@ -626,7 +626,7 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection  *connection
                         return bus_send_error_reply(m, message, NULL, r);
                 }
 
-                e = strv_env_merge(m->environment, l, NULL);
+                e = strv_env_merge(2, m->environment, l);
                 strv_free(l);
 
                 if (!e)
@@ -650,7 +650,7 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection  *connection
                         return bus_send_error_reply(m, message, NULL, r);
                 }
 
-                e = strv_env_delete(m->environment, l, NULL);
+                e = strv_env_delete(m->environment, 1, l);
                 strv_free(l);
 
                 if (!e)
diff --git a/src/execute.c b/src/execute.c
index 1a7871b..ed10ea2 100644
--- a/src/execute.c
+++ b/src/execute.c
@@ -37,6 +37,10 @@
 #include <sys/mount.h>
 #include <linux/fs.h>
 
+#ifdef HAVE_PAM
+#include <security/pam_appl.h>
+#endif
+
 #include "execute.h"
 #include "strv.h"
 #include "macro.h"
@@ -720,6 +724,164 @@ static int enforce_user(const ExecContext *context, uid_t uid) {
         return 0;
 }
 
+#ifdef HAVE_PAM
+
+static int null_conv(
+                int num_msg,
+                const struct pam_message **msg,
+                struct pam_response **resp,
+                void *appdata_ptr) {
+
+        /* We don't support conversations */
+
+        return PAM_CONV_ERR;
+}
+
+static int setup_pam(
+                const char *name,
+                const char *user,
+                const char *tty,
+                char ***pam_env,
+                int fds[], unsigned n_fds) {
+
+        static const struct pam_conv conv = {
+                .conv = null_conv,
+                .appdata_ptr = NULL
+        };
+
+        pam_handle_t *handle = NULL;
+        sigset_t ss, old_ss;
+        int pam_code = PAM_SUCCESS;
+        char **e = NULL;
+        bool close_session = false;
+        pid_t pam_pid = 0, parent_pid;
+
+        assert(name);
+        assert(user);
+        assert(pam_env);
+
+        /* We set up PAM in the parent process, then fork. The child
+         * will then stay around untill killed via PR_GET_PDEATHSIG or
+         * systemd via the cgroup logic. It will then remove the PAM
+         * session again. The parent process will exec() the actual
+         * daemon. We do things this way to ensure that the main PID
+         * of the daemon is the one we initially fork()ed. */
+
+        if ((pam_code = pam_start(name, user, &conv, &handle)) != PAM_SUCCESS) {
+                handle = NULL;
+                goto fail;
+        }
+
+        if (tty)
+                if ((pam_code = pam_set_item(handle, PAM_TTY, tty)) != PAM_SUCCESS)
+                        goto fail;
+
+        if ((pam_code = pam_acct_mgmt(handle, PAM_SILENT)) != PAM_SUCCESS)
+                goto fail;
+
+        if ((pam_code = pam_open_session(handle, PAM_SILENT)) != PAM_SUCCESS)
+                goto fail;
+
+        close_session = true;
+
+        if ((pam_code = pam_setcred(handle, PAM_ESTABLISH_CRED | PAM_SILENT)) != PAM_SUCCESS)
+                goto fail;
+
+        if ((!(e = pam_getenvlist(handle)))) {
+                pam_code = PAM_BUF_ERR;
+                goto fail;
+        }
+
+        /* Block SIGTERM, so that we know that it won't get lost in
+         * the child */
+        if (sigemptyset(&ss) < 0 ||
+            sigaddset(&ss, SIGTERM) < 0 ||
+            sigprocmask(SIG_BLOCK, &ss, &old_ss) < 0)
+                goto fail;
+
+        parent_pid = getpid();
+
+        if ((pam_pid = fork()) < 0)
+                goto fail;
+
+        if (pam_pid == 0) {
+                int sig;
+                int r = EXIT_PAM;
+
+                /* The child's job is to reset the PAM session on
+                 * termination */
+
+                /* This string must fit in 10 chars (i.e. the length
+                 * of "/sbin/init") */
+                rename_process("sd:pam");
+
+                /* Make sure we don't keep open the passed fds in this
+                child. We assume that otherwise only those fds are
+                open here that have been opened by PAM. */
+                close_many(fds, n_fds);
+
+                /* Wait until our parent died. This will most likely
+                 * not work since the kernel does not allow
+                 * unpriviliged paretns kill their priviliged children
+                 * this way. We rely on the control groups kill logic
+                 * to do the rest for us. */
+                if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
+                        goto child_finish;
+
+                /* Check if our parent process might already have
+                 * died? */
+                if (getppid() == parent_pid) {
+                        if (sigwait(&ss, &sig) < 0)
+                                goto child_finish;
+
+                        assert(sig == SIGTERM);
+                }
+
+                /* Only if our parent died we'll end the session */
+                if (getppid() != parent_pid)
+                        if ((pam_code = pam_close_session(handle, PAM_DATA_SILENT)) != PAM_SUCCESS)
+                                goto child_finish;
+
+                r = 0;
+
+        child_finish:
+                pam_end(handle, pam_code | PAM_DATA_SILENT);
+                _exit(r);
+        }
+
+        /* If the child was forked off successfully it will do all the
+         * cleanups, so forget about the handle here. */
+        handle = NULL;
+
+        /* Unblock SIGSUR1 again in the parent */
+        if (sigprocmask(SIG_SETMASK, &old_ss, NULL) < 0)
+                goto fail;
+
+        /* We close the log explicitly here, since the PAM modules
+         * might have opened it, but we don't want this fd around. */
+        closelog();
+
+        return 0;
+
+fail:
+        if (handle) {
+                if (close_session)
+                        pam_code = pam_close_session(handle, PAM_DATA_SILENT);
+
+                pam_end(handle, pam_code | PAM_DATA_SILENT);
+        }
+
+        strv_free(e);
+
+        closelog();
+
+        if (pam_pid > 1)
+                kill(pam_pid, SIGTERM);
+
+        return EXIT_PAM;
+}
+#endif
+
 int exec_spawn(ExecCommand *command,
                char **argv,
                const ExecContext *context,
@@ -777,13 +939,17 @@ int exec_spawn(ExecCommand *command,
                 const char *username = NULL, *home = NULL;
                 uid_t uid = (uid_t) -1;
                 gid_t gid = (gid_t) -1;
-                char **our_env = NULL, **final_env = NULL;
+                char **our_env = NULL, **pam_env = NULL, **final_env = NULL;
                 unsigned n_env = 0;
                 int saved_stdout = -1, saved_stdin = -1;
                 bool keep_stdout = false, keep_stdin = false;
 
                 /* child */
 
+                /* This string must fit in 10 chars (i.e. the length
+                 * of "/sbin/init") */
+                rename_process("sd:exec");
+
                 /* We reset exactly these signals, since they are the
                  * only ones we set to SIG_IGN in the main daemon. All
                  * others we leave untouched because we set them to
@@ -928,6 +1094,25 @@ int exec_spawn(ExecCommand *command,
                                 }
                 }
 
+#ifdef HAVE_PAM
+                if (context->pam_name && username) {
+                        /* Make sure no fds leak into the PAM
+                         * supervisor process. We will call this later
+                         * on again to make sure that any fds leaked
+                         * by the PAM modules get closed before our
+                         * exec(). */
+                        if (close_all_fds(fds, n_fds) < 0) {
+                                r = EXIT_FDS;
+                                goto fail;
+                        }
+
+                        if (setup_pam(context->pam_name, username, context->tty_path, &pam_env, fds, n_fds) < 0) {
+                                r = EXIT_PAM;
+                                goto fail;
+                        }
+                }
+#endif
+
                 if (apply_permissions)
                         if (enforce_groups(context, username, uid) < 0) {
                                 r = EXIT_GROUP;
@@ -1049,7 +1234,13 @@ int exec_spawn(ExecCommand *command,
 
                 assert(n_env <= 6);
 
-                if (!(final_env = strv_env_merge(environment, our_env, context->environment, NULL))) {
+                if (!(final_env = strv_env_merge(
+                                      4,
+                                      environment,
+                                      our_env,
+                                      context->environment,
+                                      pam_env,
+                                      NULL))) {
                         r = EXIT_MEMORY;
                         goto fail;
                 }
@@ -1060,6 +1251,7 @@ int exec_spawn(ExecCommand *command,
         fail:
                 strv_free(our_env);
                 strv_free(final_env);
+                strv_free(pam_env);
 
                 if (saved_stdin >= 0)
                         close_nointr_nofail(saved_stdin);
@@ -1133,6 +1325,9 @@ void exec_context_done(ExecContext *c) {
         strv_free(c->supplementary_groups);
         c->supplementary_groups = NULL;
 
+        free(c->pam_name);
+        c->pam_name = NULL;
+
         if (c->capabilities) {
                 cap_free(c->capabilities);
                 c->capabilities = NULL;
@@ -1332,6 +1527,9 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
                 fputs("\n", f);
         }
 
+        if (c->pam_name)
+                fprintf(f, "%sPAMName: %s", prefix, c->pam_name);
+
         if (strv_length(c->read_write_dirs) > 0) {
                 fprintf(f, "%sReadWriteDirs:", prefix);
                 strv_fprintf(f, c->read_write_dirs);
@@ -1613,6 +1811,9 @@ const char* exit_status_to_string(ExitStatus status) {
         case EXIT_TCPWRAP:
                 return "TCPWRAP";
 
+        case EXIT_PAM:
+                return "PAM";
+
         default:
                 return NULL;
         }
diff --git a/src/execute.h b/src/execute.h
index 1adf41e..e618049 100644
--- a/src/execute.h
+++ b/src/execute.h
@@ -116,6 +116,8 @@ struct ExecContext {
         char *group;
         char **supplementary_groups;
 
+        char *pam_name;
+
         char **read_write_dirs, **read_only_dirs, **inaccessible_dirs;
         unsigned long mount_flags;
 
@@ -182,7 +184,8 @@ typedef enum ExitStatus {
         EXIT_SETSID,   /* 220 */
         EXIT_CONFIRM,
         EXIT_STDERR,
-        EXIT_TCPWRAP
+        EXIT_TCPWRAP,
+        EXIT_PAM
 
 } ExitStatus;
 
diff --git a/src/install.c b/src/install.c
index e3db637..c3dbe8b 100644
--- a/src/install.c
+++ b/src/install.c
@@ -69,7 +69,7 @@ static int help(void) {
                "  enable [NAME...]    Enable one or more units\n"
                "  disable [NAME...]   Disable one or more units\n"
                "  test [NAME...]      Test whether any of the specified units are enabled\n",
-               __progname);
+               program_invocation_short_name);
 
         return 0;
 }
diff --git a/src/load-fragment.c b/src/load-fragment.c
index f409776..1f082d5 100644
--- a/src/load-fragment.c
+++ b/src/load-fragment.c
@@ -1392,7 +1392,8 @@ static int load_from_path(Unit *u, const char *path) {
                 { "InaccessibleDirectories",config_parse_path_strv,       &(context).inaccessible_dirs,                    section   }, \
                 { "PrivateTmp",             config_parse_bool,            &(context).private_tmp,                          section   }, \
                 { "MountFlags",             config_parse_mount_flags,     &(context),                                      section   }, \
-                { "TCPWrapName",            config_parse_string,          &(context).tcpwrap_name,                         section   }
+                { "TCPWrapName",            config_parse_string,          &(context).tcpwrap_name,                         section   }, \
+                { "PAMName",                config_parse_string,          &(context).pam_name,                             section   }
 
         const ConfigItem items[] = {
                 { "Names",                  config_parse_names,           u,                                               "Unit"    },
diff --git a/src/log.c b/src/log.c
index 265a7f1..b7173eb 100644
--- a/src/log.c
+++ b/src/log.c
@@ -267,7 +267,7 @@ static int write_to_syslog(
         zero(iovec);
         IOVEC_SET_STRING(iovec[0], header_priority);
         IOVEC_SET_STRING(iovec[1], header_time);
-        IOVEC_SET_STRING(iovec[2], __progname);
+        IOVEC_SET_STRING(iovec[2], program_invocation_short_name);
         IOVEC_SET_STRING(iovec[3], header_pid);
         IOVEC_SET_STRING(iovec[4], buffer);
 
@@ -302,7 +302,7 @@ static int write_to_kmsg(
 
         zero(iovec);
         IOVEC_SET_STRING(iovec[0], header_priority);
-        IOVEC_SET_STRING(iovec[1], __progname);
+        IOVEC_SET_STRING(iovec[1], program_invocation_short_name);
         IOVEC_SET_STRING(iovec[2], header_pid);
         IOVEC_SET_STRING(iovec[3], buffer);
         IOVEC_SET_STRING(iovec[4], "\n");
diff --git a/src/main.c b/src/main.c
index 9cdbf2e..e5bdf84 100644
--- a/src/main.c
+++ b/src/main.c
@@ -504,7 +504,7 @@ static int help(void) {
                "     --dump-configuration-items  Dump understood unit configuration items\n"
                "     --confirm-spawn             Ask for confirmation when spawning processes\n"
                "     --introspect[=INTERFACE]    Extract D-Bus interface data\n",
-               __progname);
+               program_invocation_short_name);
 
         return 0;
 }
diff --git a/src/manager.c b/src/manager.c
index 97d05b5..385b371 100644
--- a/src/manager.c
+++ b/src/manager.c
@@ -109,7 +109,7 @@ static int manager_setup_notify(Manager *m) {
                 return -ENOMEM;
 
         ne[1] = NULL;
-        t = strv_env_merge(m->environment, ne, NULL);
+        t = strv_env_merge(2, m->environment, ne);
         free(ne[0]);
 
         if (!t)
diff --git a/src/strv.c b/src/strv.c
index 2ebd0ee..85599fe 100644
--- a/src/strv.c
+++ b/src/strv.c
@@ -374,7 +374,9 @@ char **strv_remove(char **l, const char *s) {
 static int env_append(char **r, char ***k, char **a) {
         assert(r);
         assert(k);
-        assert(a);
+
+        if (!a)
+                return 0;
 
         /* Add the entries of a to *k unless they already exist in *r
          * in which case they are overriden instead. This assumes
@@ -400,38 +402,33 @@ static int env_append(char **r, char ***k, char **a) {
         return 0;
 }
 
-char **strv_env_merge(char **x, ...) {
+char **strv_env_merge(unsigned n_lists, ...) {
         size_t n = 0;
         char **l, **k, **r;
         va_list ap;
+        unsigned i;
 
         /* Merges an arbitrary number of environment sets */
 
-        if (x) {
-                n += strv_length(x);
-
-                va_start(ap, x);
-                while ((l = va_arg(ap, char**)))
-                        n += strv_length(l);
-                va_end(ap);
+        va_start(ap, n_lists);
+        for (i = 0; i < n_lists; i++) {
+                l = va_arg(ap, char**);
+                n += strv_length(l);
         }
-
+        va_end(ap);
 
         if (!(r = new(char*, n+1)))
                 return NULL;
 
         k = r;
 
-        if (x) {
-                if (env_append(r, &k, x) < 0)
+        va_start(ap, n_lists);
+        for (i = 0; i < n_lists; i++) {
+                l = va_arg(ap, char**);
+                if (env_append(r, &k, l) < 0)
                         goto fail;
-
-                va_start(ap, x);
-                while ((l = va_arg(ap, char**)))
-                        if (env_append(r, &k, l) < 0)
-                                goto fail;
-                va_end(ap);
         }
+        va_end(ap);
 
         *k = NULL;
 
@@ -472,7 +469,7 @@ static bool env_match(const char *t, const char *pattern) {
         return false;
 }
 
-char **strv_env_delete(char **x, ...) {
+char **strv_env_delete(char **x, unsigned n_lists, ...) {
         size_t n = 0, i = 0;
         char **l, **k, **r, **j;
         va_list ap;
@@ -486,12 +483,14 @@ char **strv_env_delete(char **x, ...) {
                 return NULL;
 
         STRV_FOREACH(k, x) {
-                va_start(ap, x);
+                va_start(ap, n_lists);
 
-                while ((l = va_arg(ap, char**)))
+                for (i = 0; i < n_lists; i++) {
+                        l = va_arg(ap, char**);
                         STRV_FOREACH(j, l)
                                 if (env_match(*k, *j))
                                         goto delete;
+                }
 
                 va_end(ap);
 
diff --git a/src/strv.h b/src/strv.h
index 2d24b4e..af13983 100644
--- a/src/strv.h
+++ b/src/strv.h
@@ -55,8 +55,8 @@ char **strv_split_quoted(const char *s) _malloc_;
 
 char *strv_join(char **l, const char *separator) _malloc_;
 
-char **strv_env_merge(char **x, ...) _sentinel_;
-char **strv_env_delete(char **x, ...) _sentinel_;
+char **strv_env_merge(unsigned n_lists, ...);
+char **strv_env_delete(char **x, unsigned n_lists, ...);
 
 #define STRV_FOREACH(s, l)                      \
         for ((s) = (l); (s) && *(s); (s)++)
diff --git a/src/systemctl.c b/src/systemctl.c
index 663cb83..35ca082 100644
--- a/src/systemctl.c
+++ b/src/systemctl.c
@@ -1322,7 +1322,7 @@ static int help(void) {
                "  show-environment                Dump environment\n"
                "  set-environment [NAME=VALUE...] Set one or more environment variables\n"
                "  unset-environment [NAME...]     Unset one or more environment variables\n",
-               __progname);
+               program_invocation_short_name);
 
         return 0;
 }
diff --git a/src/util.c b/src/util.c
index 7140903..ed0991a 100644
--- a/src/util.c
+++ b/src/util.c
@@ -43,6 +43,7 @@
 #include <sys/poll.h>
 #include <libgen.h>
 #include <ctype.h>
+#include <sys/prctl.h>
 
 #include "macro.h"
 #include "util.h"
@@ -222,6 +223,13 @@ void close_nointr_nofail(int fd) {
         errno = saved_errno;
 }
 
+void close_many(const int fds[], unsigned n_fd) {
+        unsigned i;
+
+        for (i = 0; i < n_fd; i++)
+                close_nointr_nofail(fds[i]);
+}
+
 int parse_boolean(const char *v) {
         assert(v);
 
@@ -2161,6 +2169,19 @@ fallback:
         return random() * RAND_MAX + random();
 }
 
+void rename_process(const char name[8]) {
+        assert(name);
+
+        prctl(PR_SET_NAME, name);
+
+        /* This is a like a poor man's setproctitle(). The string
+         * passed should fit in 7 chars (i.e. the length of
+         * "systemd") */
+
+        if (program_invocation_name)
+                strncpy(program_invocation_name, name, strlen(program_invocation_name));
+}
+
 static const char *const ioprio_class_table[] = {
         [IOPRIO_CLASS_NONE] = "none",
         [IOPRIO_CLASS_RT] = "realtime",
diff --git a/src/util.h b/src/util.h
index 0b397ac..1e5ee28 100644
--- a/src/util.h
+++ b/src/util.h
@@ -104,6 +104,7 @@ bool first_word(const char *s, const char *word);
 
 int close_nointr(int fd);
 void close_nointr_nofail(int fd);
+void close_many(const int fds[], unsigned n_fd);
 
 int parse_boolean(const char *v);
 int parse_usec(const char *t, usec_t *usec);
@@ -252,7 +253,7 @@ bool is_device_path(const char *path);
 
 int dir_is_empty(const char *path);
 
-extern char * __progname;
+void rename_process(const char name[8]);
 
 const char *ioprio_class_to_string(int i);
 int ioprio_class_from_string(const char *s);
commit 04aa0cb9c46f0a5cd0cf5b4a4e378460423d2635
Author: Lennart Poettering <lennart at poettering.net>
Date:   Wed Jun 16 16:39:28 2010 +0200

    execute: setup namespace after doing NSS calls

diff --git a/src/execute.c b/src/execute.c
index b61c1f8..1a7871b 100644
--- a/src/execute.c
+++ b/src/execute.c
@@ -914,19 +914,6 @@ int exec_spawn(ExecCommand *command,
                                 goto fail;
                         }
 
-                if (strv_length(context->read_write_dirs) > 0 ||
-                    strv_length(context->read_only_dirs) > 0 ||
-                    strv_length(context->inaccessible_dirs) > 0 ||
-                    context->mount_flags != MS_SHARED ||
-                    context->private_tmp)
-                        if ((r = setup_namespace(
-                                             context->read_write_dirs,
-                                             context->read_only_dirs,
-                                             context->inaccessible_dirs,
-                                             context->private_tmp,
-                                             context->mount_flags)) < 0)
-                                goto fail;
-
                 if (context->user) {
                         username = context->user;
                         if (get_user_creds(&username, &uid, &gid, &home) < 0) {
@@ -949,6 +936,19 @@ int exec_spawn(ExecCommand *command,
 
                 umask(context->umask);
 
+                if (strv_length(context->read_write_dirs) > 0 ||
+                    strv_length(context->read_only_dirs) > 0 ||
+                    strv_length(context->inaccessible_dirs) > 0 ||
+                    context->mount_flags != MS_SHARED ||
+                    context->private_tmp)
+                        if ((r = setup_namespace(
+                                             context->read_write_dirs,
+                                             context->read_only_dirs,
+                                             context->inaccessible_dirs,
+                                             context->private_tmp,
+                                             context->mount_flags)) < 0)
+                                goto fail;
+
                 if (apply_chroot) {
                         if (context->root_directory)
                                 if (chroot(context->root_directory) < 0) {


More information about the systemd-commits mailing list