ryantimwilson / rpms / systemd

Forked from rpms/systemd 3 months ago
Clone
a19bc6
From ccf46ebc548054f876a418fc2e949a05a74a9c2a Mon Sep 17 00:00:00 2001
a19bc6
From: Lennart Poettering <lennart@poettering.net>
a19bc6
Date: Wed, 13 May 2015 16:34:02 +0200
a19bc6
Subject: [PATCH] core: make exec code a bit more readable
a19bc6
a19bc6
Let's add a function that checks whether we need fs namespacing, to make
a19bc6
things easier to read, instead of using a humungous if expression...
a19bc6
a19bc6
Cherry-picked from: 8b44a3d22c1fdfc5ce5fcb77e38a90ec02ba8019
a19bc6
Related: #1421181
a19bc6
---
a19bc6
 src/core/execute.c | 41 +++++++++++++++++++++++++++++++----------
a19bc6
 1 file changed, 31 insertions(+), 10 deletions(-)
a19bc6
a19bc6
diff --git a/src/core/execute.c b/src/core/execute.c
181b3f
index e9b4359a7..59340ec05 100644
a19bc6
--- a/src/core/execute.c
a19bc6
+++ b/src/core/execute.c
a19bc6
@@ -1256,6 +1256,36 @@ static int build_environment(
a19bc6
         return 0;
a19bc6
 }
a19bc6
 
a19bc6
+static bool exec_needs_mount_namespace(
a19bc6
+                const ExecContext *context,
a19bc6
+                const ExecParameters *params,
a19bc6
+                ExecRuntime *runtime) {
a19bc6
+
a19bc6
+        assert(context);
a19bc6
+        assert(params);
a19bc6
+
a19bc6
+        if (!strv_isempty(context->read_write_dirs) ||
a19bc6
+            !strv_isempty(context->read_only_dirs) ||
a19bc6
+            !strv_isempty(context->inaccessible_dirs))
a19bc6
+                return true;
a19bc6
+
a19bc6
+        if (context->mount_flags != 0)
a19bc6
+                return true;
a19bc6
+
a19bc6
+        if (context->private_tmp && runtime && (runtime->tmp_dir || runtime->var_tmp_dir))
a19bc6
+                return true;
a19bc6
+
a19bc6
+        if (params->bus_endpoint_path)
a19bc6
+                return true;
a19bc6
+
a19bc6
+        if (context->private_devices ||
a19bc6
+            context->protect_system != PROTECT_SYSTEM_NO ||
a19bc6
+            context->protect_home != PROTECT_HOME_NO)
a19bc6
+                return true;
a19bc6
+
a19bc6
+        return false;
a19bc6
+}
a19bc6
+
a19bc6
 static int exec_child(
a19bc6
                 ExecCommand *command,
a19bc6
                 const ExecContext *context,
a19bc6
@@ -1563,16 +1593,7 @@ static int exec_child(
a19bc6
                 }
a19bc6
         }
a19bc6
 
a19bc6
-        if (!strv_isempty(context->read_write_dirs) ||
a19bc6
-            !strv_isempty(context->read_only_dirs) ||
a19bc6
-            !strv_isempty(context->inaccessible_dirs) ||
a19bc6
-            context->mount_flags != 0 ||
a19bc6
-            (context->private_tmp && runtime && (runtime->tmp_dir || runtime->var_tmp_dir)) ||
a19bc6
-            params->bus_endpoint_path ||
a19bc6
-            context->private_devices ||
a19bc6
-            context->protect_system != PROTECT_SYSTEM_NO ||
a19bc6
-            context->protect_home != PROTECT_HOME_NO) {
a19bc6
-
a19bc6
+        if (exec_needs_mount_namespace(context, params, runtime)) {
a19bc6
                 char *tmp = NULL, *var = NULL;
a19bc6
 
a19bc6
                 /* The runtime struct only contains the parent