[systemd-devel] [PATCH] Hook more properties for transient units
Gabriel de Perthuis
g2p.code at gmail.com
Thu Sep 10 11:17:11 PDT 2015
systemd-run can now launch units with PrivateTmp, PrivateDevices,
PrivateNetwork, NoNewPrivileges set.
---
src/core/dbus-execute.c | 54 ++++++++++++++++++-------------------------------
src/shared/bus-util.c | 3 ++-
2 files changed, 22 insertions(+), 35 deletions(-)
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index ed55fcf..fd13c6d 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -931,51 +931,37 @@ int bus_exec_context_set_transient_property(
unit_write_drop_in_private_format(u, mode, name, "StandardError=%s\n", exec_output_to_string(p));
}
return 1;
- } else if (streq(name, "IgnoreSIGPIPE")) {
+ } else if (STR_IN_SET(name,
+ "IgnoreSIGPIPE", "TTYVHangup", "TTYReset",
+ "PrivateTmp", "PrivateDevices", "PrivateNetwork",
+ "NoNewPrivileges")) {
int b;
r = sd_bus_message_read(message, "b", &b);
if (r < 0)
return r;
if (mode != UNIT_CHECK) {
- c->ignore_sigpipe = b;
-
- unit_write_drop_in_private_format(u, mode, name, "IgnoreSIGPIPE=%s\n", yes_no(b));
- }
-
- return 1;
-
- } else if (streq(name, "TTYVHangup")) {
- int b;
-
- r = sd_bus_message_read(message, "b", &b);
- if (r < 0)
- return r;
-
- if (mode != UNIT_CHECK) {
- c->tty_vhangup = b;
-
- unit_write_drop_in_private_format(u, mode, name, "TTYVHangup=%s\n", yes_no(b));
- }
-
- return 1;
-
- } else if (streq(name, "TTYReset")) {
- int b;
-
- r = sd_bus_message_read(message, "b", &b);
- if (r < 0)
- return r;
-
- if (mode != UNIT_CHECK) {
- c->tty_reset = b;
-
- unit_write_drop_in_private_format(u, mode, name, "TTYReset=%s\n", yes_no(b));
+ if (streq(name, "IgnoreSIGPIPE"))
+ c->ignore_sigpipe = b;
+ else if (streq(name, "TTYVHangup"))
+ c->tty_vhangup = b;
+ else if (streq(name, "TTYReset"))
+ c->tty_reset = b;
+ else if (streq(name, "PrivateTmp"))
+ c->private_tmp = b;
+ else if (streq(name, "PrivateDevices"))
+ c->private_devices = b;
+ else if (streq(name, "PrivateNetwork"))
+ c->private_network = b;
+ else if (streq(name, "NoNewPrivileges"))
+ c->no_new_privileges = b;
+
+ unit_write_drop_in_private_format(u, mode, name, "%s=%s\n", name, yes_no(b));
}
return 1;
} else if (streq(name, "UtmpIdentifier")) {
diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c
index 36c4422..c19dc97 100644
--- a/src/shared/bus-util.c
+++ b/src/shared/bus-util.c
@@ -1421,11 +1421,12 @@ int bus_append_unit_property_assignment(sd_bus_message *m, const char *assignmen
return bus_log_create_error(r);
if (STR_IN_SET(field,
"CPUAccounting", "MemoryAccounting", "BlockIOAccounting",
"SendSIGHUP", "SendSIGKILL", "WakeSystem", "DefaultDependencies",
- "IgnoreSIGPIPE", "TTYVHangup", "TTYReset", "RemainAfterExit")) {
+ "IgnoreSIGPIPE", "TTYVHangup", "TTYReset", "RemainAfterExit",
+ "PrivateTmp", "PrivateDevices", "PrivateNetwork", "NoNewPrivileges")) {
r = parse_boolean(eq);
if (r < 0) {
log_error("Failed to parse boolean assignment %s.", assignment);
return -EINVAL;
--
2.6.0.rc0.29.g24f8d8a
More information about the systemd-devel
mailing list