[systemd-commits] 5 commits - man/systemd.unit.xml src/condition.c src/condition.h src/load-fragment.c
Lennart Poettering
lennart at kemper.freedesktop.org
Sun Apr 3 13:20:25 PDT 2011
man/systemd.unit.xml | 8 ++++++++
src/condition.c | 23 +++++++++++++++++++++--
src/condition.h | 1 +
src/load-fragment.c | 45 +++++++--------------------------------------
4 files changed, 37 insertions(+), 40 deletions(-)
New commits:
commit d24e1b4806e7e96b0c5bc0950ce79e8f76c2ab71
Author: Lennart Poettering <lennart at poettering.net>
Date: Sun Apr 3 22:18:35 2011 +0200
condition: use 'selinux' rather than 'SELinux' as preferred spelling
The virtualization condition and others use lowercase identifiers, so
for the sake of keeping things least surprising, use lowercase
identifiers here too.
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 7396806..5460ebe 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -634,7 +634,7 @@
may be used to check whether the given security
module is enabled on the system.
Currently the only recognized value is
- <varname>SELinux</varname>.
+ <varname>selinux</varname>.
The test may be negated by prepending an
exclamation mark. Finally,
<varname>ConditionNull=</varname> may
diff --git a/src/condition.c b/src/condition.c
index ee0809f..a520e43 100644
--- a/src/condition.c
+++ b/src/condition.c
@@ -134,7 +134,7 @@ static bool test_virtualization(const char *parameter) {
static bool test_security(const char *parameter) {
#ifdef HAVE_SELINUX
- if (!strcasecmp(parameter, "SELinux"))
+ if (streq(parameter, "selinux"))
return is_selinux_enabled() > 0;
#endif
return false;
commit 69528c31c64963a1279123fb17d00334c1655cd1
Author: Michal Schmidt <mschmidt at redhat.com>
Date: Sun Apr 3 18:17:05 2011 +0200
man: document ConditionSecurity
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 47ddece..7396806 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -565,6 +565,7 @@
<term><varname>ConditionDirectoryNotEmpty=</varname></term>
<term><varname>ConditionKernelCommandLine=</varname></term>
<term><varname>ConditionVirtualization=</varname></term>
+ <term><varname>ConditionSecurity=</varname></term>
<term><varname>ConditionNull=</varname></term>
<listitem><para>Before starting a unit
@@ -628,6 +629,13 @@
<varname>openvz</varname> to test
against a specific implementation. The
test may be negated by prepending an
+ exclamation mark.
+ <varname>ConditionSecurity=</varname>
+ may be used to check whether the given security
+ module is enabled on the system.
+ Currently the only recognized value is
+ <varname>SELinux</varname>.
+ The test may be negated by prepending an
exclamation mark. Finally,
<varname>ConditionNull=</varname> may
be used to add a constant condition
commit 07e833bc1d60e282b062eb205bb13215dc0e8cdf
Author: Michal Schmidt <mschmidt at redhat.com>
Date: Sun Apr 3 18:16:59 2011 +0200
condition: add ConditionSecurity
Using ConditionSecurity a unit can depend on a security module being
enabled/disabled. For now the only recognized security module is SELinux.
I'd like to use this feature for a unit that creates /.autorelabel if
SELinux is disabled, to ensure a relabel is done automatically when the
system is later rebooted with SELinux enabled.
diff --git a/src/condition.c b/src/condition.c
index 5ab77d8..ee0809f 100644
--- a/src/condition.c
+++ b/src/condition.c
@@ -24,6 +24,10 @@
#include <string.h>
#include <unistd.h>
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#endif
+
#include "util.h"
#include "condition.h"
@@ -128,6 +132,14 @@ static bool test_virtualization(const char *parameter) {
return streq(parameter, id);
}
+static bool test_security(const char *parameter) {
+#ifdef HAVE_SELINUX
+ if (!strcasecmp(parameter, "SELinux"))
+ return is_selinux_enabled() > 0;
+#endif
+ return false;
+}
+
bool condition_test(Condition *c) {
assert(c);
@@ -157,6 +169,9 @@ bool condition_test(Condition *c) {
case CONDITION_VIRTUALIZATION:
return test_virtualization(c->parameter) == !c->negate;
+ case CONDITION_SECURITY:
+ return test_security(c->parameter) == !c->negate;
+
case CONDITION_NULL:
return !c->negate;
@@ -220,6 +235,7 @@ static const char* const condition_type_table[_CONDITION_TYPE_MAX] = {
[CONDITION_DIRECTORY_NOT_EMPTY] = "ConditionDirectoryNotEmpty",
[CONDITION_KERNEL_COMMAND_LINE] = "ConditionKernelCommandLine",
[CONDITION_VIRTUALIZATION] = "ConditionVirtualization",
+ [CONDITION_SECURITY] = "ConditionSecurity",
[CONDITION_NULL] = "ConditionNull"
};
diff --git a/src/condition.h b/src/condition.h
index 9913c8c..8402802 100644
--- a/src/condition.h
+++ b/src/condition.h
@@ -32,6 +32,7 @@ typedef enum ConditionType {
CONDITION_DIRECTORY_NOT_EMPTY,
CONDITION_KERNEL_COMMAND_LINE,
CONDITION_VIRTUALIZATION,
+ CONDITION_SECURITY,
CONDITION_NULL,
_CONDITION_TYPE_MAX,
_CONDITION_TYPE_INVALID = -1
diff --git a/src/load-fragment.c b/src/load-fragment.c
index cb8c250..eea545c 100644
--- a/src/load-fragment.c
+++ b/src/load-fragment.c
@@ -1853,6 +1853,7 @@ static int load_from_path(Unit *u, const char *path) {
{ "ConditionDirectoryNotEmpty", config_parse_condition_path, CONDITION_DIRECTORY_NOT_EMPTY, u, "Unit" },
{ "ConditionKernelCommandLine", config_parse_condition_string, CONDITION_KERNEL_COMMAND_LINE, u, "Unit" },
{ "ConditionVirtualization", config_parse_condition_string, CONDITION_VIRTUALIZATION, u, "Unit" },
+ { "ConditionSecurity", config_parse_condition_string, CONDITION_SECURITY, u, "Unit" },
{ "ConditionNull", config_parse_condition_null, 0, u, "Unit" },
{ "PIDFile", config_parse_path, 0, &u->service.pid_file, "Service" },
commit 41584525cf0a9d3a8bfb76008a3fc663b86bfdde
Author: Michal Schmidt <mschmidt at redhat.com>
Date: Sun Apr 3 18:16:54 2011 +0200
load-fragment: unify config_parse_condition_{kernel, virt}
They only differ in the condition type, otherwise the code is identical.
Replace them with a more generic config_parse_condition_string().
diff --git a/src/load-fragment.c b/src/load-fragment.c
index 05d858e..cb8c250 100644
--- a/src/load-fragment.c
+++ b/src/load-fragment.c
@@ -1479,39 +1479,7 @@ static int config_parse_condition_path(
return 0;
}
-static int config_parse_condition_kernel(
- const char *filename,
- unsigned line,
- const char *section,
- const char *lvalue,
- int ltype,
- const char *rvalue,
- void *data,
- void *userdata) {
-
- Unit *u = data;
- bool trigger, negate;
- Condition *c;
-
- assert(filename);
- assert(lvalue);
- assert(rvalue);
- assert(data);
-
- if ((trigger = rvalue[0] == '|'))
- rvalue++;
-
- if ((negate = rvalue[0] == '!'))
- rvalue++;
-
- if (!(c = condition_new(CONDITION_KERNEL_COMMAND_LINE, rvalue, trigger, negate)))
- return -ENOMEM;
-
- LIST_PREPEND(Condition, conditions, u->meta.conditions, c);
- return 0;
-}
-
-static int config_parse_condition_virt(
+static int config_parse_condition_string(
const char *filename,
unsigned line,
const char *section,
@@ -1521,6 +1489,7 @@ static int config_parse_condition_virt(
void *data,
void *userdata) {
+ ConditionType cond = ltype;
Unit *u = data;
bool trigger, negate;
Condition *c;
@@ -1536,7 +1505,7 @@ static int config_parse_condition_virt(
if ((negate = rvalue[0] == '!'))
rvalue++;
- if (!(c = condition_new(CONDITION_VIRTUALIZATION, rvalue, trigger, negate)))
+ if (!(c = condition_new(cond, rvalue, trigger, negate)))
return -ENOMEM;
LIST_PREPEND(Condition, conditions, u->meta.conditions, c);
@@ -1756,9 +1725,8 @@ static void dump_items(FILE *f, const ConfigItem *items) {
{ config_parse_notify_access, "ACCESS" },
{ config_parse_ip_tos, "TOS" },
{ config_parse_condition_path, "CONDITION" },
- { config_parse_condition_kernel, "CONDITION" },
+ { config_parse_condition_string, "CONDITION" },
{ config_parse_condition_null, "CONDITION" },
- { config_parse_condition_virt, "CONDITION" },
};
assert(f);
@@ -1883,8 +1851,8 @@ static int load_from_path(Unit *u, const char *path) {
{ "ConditionPathExists", config_parse_condition_path, CONDITION_PATH_EXISTS, u, "Unit" },
{ "ConditionPathIsDirectory", config_parse_condition_path, CONDITION_PATH_IS_DIRECTORY, u, "Unit" },
{ "ConditionDirectoryNotEmpty", config_parse_condition_path, CONDITION_DIRECTORY_NOT_EMPTY, u, "Unit" },
- { "ConditionKernelCommandLine", config_parse_condition_kernel, 0, u, "Unit" },
- { "ConditionVirtualization",config_parse_condition_virt, 0, u, "Unit" },
+ { "ConditionKernelCommandLine", config_parse_condition_string, CONDITION_KERNEL_COMMAND_LINE, u, "Unit" },
+ { "ConditionVirtualization", config_parse_condition_string, CONDITION_VIRTUALIZATION, u, "Unit" },
{ "ConditionNull", config_parse_condition_null, 0, u, "Unit" },
{ "PIDFile", config_parse_path, 0, &u->service.pid_file, "Service" },
commit 8fb81fa7844387377f79cf11d1bf48224a928ba7
Author: Michal Schmidt <mschmidt at redhat.com>
Date: Sun Apr 3 18:16:48 2011 +0200
condition: fix dumping of conditions
Several condition types were missing their strings, they were showing as
"(null)" in systemctl dump.
Indentation was missing too.
diff --git a/src/condition.c b/src/condition.c
index b404b49..5ab77d8 100644
--- a/src/condition.c
+++ b/src/condition.c
@@ -199,7 +199,7 @@ void condition_dump(Condition *c, FILE *f, const char *prefix) {
prefix = "";
fprintf(f,
- "%s%s: %s%s%s\n",
+ "%s\t%s: %s%s%s\n",
prefix,
condition_type_to_string(c->type),
c->trigger ? "|" : "",
@@ -215,8 +215,11 @@ void condition_dump_list(Condition *first, FILE *f, const char *prefix) {
}
static const char* const condition_type_table[_CONDITION_TYPE_MAX] = {
- [CONDITION_KERNEL_COMMAND_LINE] = "ConditionKernelCommandLine",
[CONDITION_PATH_EXISTS] = "ConditionPathExists",
+ [CONDITION_PATH_IS_DIRECTORY] = "ConditionPathIsDirectory",
+ [CONDITION_DIRECTORY_NOT_EMPTY] = "ConditionDirectoryNotEmpty",
+ [CONDITION_KERNEL_COMMAND_LINE] = "ConditionKernelCommandLine",
+ [CONDITION_VIRTUALIZATION] = "ConditionVirtualization",
[CONDITION_NULL] = "ConditionNull"
};
More information about the systemd-commits
mailing list