[systemd-commits] 2 commits - TODO src/core
Lennart Poettering
lennart at kemper.freedesktop.org
Tue Mar 4 19:41:47 PST 2014
TODO | 6 -----
src/core/execute.h | 1
src/core/load-fragment-gperf.gperf.m4 | 2 -
src/core/load-fragment.c | 37 +++++++++++++++++++++++++++++++++-
src/core/load-fragment.h | 1
5 files changed, 39 insertions(+), 8 deletions(-)
New commits:
commit 32f244309902243a20cff5d5d1abb1c888b5fb21
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Mar 5 04:41:40 2014 +0100
update TODO
diff --git a/TODO b/TODO
index 07fd738..fd75eab 100644
--- a/TODO
+++ b/TODO
@@ -409,10 +409,6 @@ Features:
mode, it will never touch the RTC if the no reliable time source is active or the
user did not request anything like it.
-* if booted in "quiet" mode, and an error happens, turn on status
- output again, so that the emergency mode isn't totally
- surprising. Also, terminate plymouth.
-
* libunwind support for coredump pattern hook, and includes this in
the message for coredumps. After all, libunwind is now capable to
unwind coredumps since a few weeks ago. This probably requires that
@@ -509,8 +505,6 @@ Features:
* rename "userspace" to "core-os"
-* syscall filter: optionally don't enforce no new privs?
-
* load-fragment: when loading a unit file via a chain of symlinks
verify that it isn't masked via any of the names traversed.
commit 760b9d7cbaa72cc7446ad915f84d4939c11a360c
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Mar 5 04:41:01 2014 +0100
core: don't override NoNewPriviliges= from SystemCallFilter= if it is already explicitly set
diff --git a/src/core/execute.h b/src/core/execute.h
index a333657..9fcea12 100644
--- a/src/core/execute.h
+++ b/src/core/execute.h
@@ -185,6 +185,7 @@ struct ExecContext {
bool nice_set:1;
bool ioprio_set:1;
bool cpu_sched_set:1;
+ bool no_new_privileges_set:1;
};
#include "cgroup.h"
diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
index 7bdee13..5604ee9 100644
--- a/src/core/load-fragment-gperf.gperf.m4
+++ b/src/core/load-fragment-gperf.gperf.m4
@@ -48,7 +48,7 @@ $1.Capabilities, config_parse_exec_capabilities, 0,
$1.SecureBits, config_parse_exec_secure_bits, 0, offsetof($1, exec_context)
$1.CapabilityBoundingSet, config_parse_bounding_set, 0, offsetof($1, exec_context.capability_bounding_set_drop)
$1.TimerSlackNSec, config_parse_nsec, 0, offsetof($1, exec_context.timer_slack_nsec)
-$1.NoNewPrivileges, config_parse_bool, 0, offsetof($1, exec_context.no_new_privileges)
+$1.NoNewPrivileges, config_parse_no_new_priviliges, 0, offsetof($1, exec_context)
m4_ifdef(`HAVE_SECCOMP',
`$1.SystemCallFilter, config_parse_syscall_filter, 0, offsetof($1, exec_context)
$1.SystemCallArchitectures, config_parse_syscall_archs, 0, offsetof($1, exec_context.syscall_archs)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 5628d8c..18dab02 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -2122,7 +2122,10 @@ int config_parse_syscall_filter(
set_remove(c->syscall_filter, INT_TO_PTR(id + 1));
}
- c->no_new_privileges = true;
+ /* Turn on NNP, but only if it wasn't configured explicitly
+ * before, and only if we are in user mode. */
+ if (!c->no_new_privileges_set && u->manager->running_as == SYSTEMD_USER)
+ c->no_new_privileges = true;
return 0;
}
@@ -2902,6 +2905,38 @@ int config_parse_namespace_path_strv(
return 0;
}
+int config_parse_no_new_priviliges(
+ const char* unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ ExecContext *c = data;
+ int k;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ k = parse_boolean(rvalue);
+ if (k < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, -k, "Failed to parse boolean value, ignoring: %s", rvalue);
+ return 0;
+ }
+
+ c->no_new_privileges = !!k;
+ c->no_new_privileges_set = true;
+
+ return 0;
+}
+
#define FOLLOW_MAX 8
static int open_follow(char **filename, FILE **_f, Set *names, char **_final) {
diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h
index 73f6db7..fabbda2 100644
--- a/src/core/load-fragment.h
+++ b/src/core/load-fragment.h
@@ -94,6 +94,7 @@ int config_parse_address_families(const char *unit, const char *filename, unsign
int config_parse_runtime_directory(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_set_status(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_namespace_path_strv(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_no_new_priviliges(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
/* gperf prototypes */
const struct ConfigPerfItem* load_fragment_gperf_lookup(const char *key, unsigned length);
More information about the systemd-commits
mailing list