chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
manager: clean environment before passing it on to others
[elogind.git]
/
src
/
core
/
execute.c
diff --git
a/src/core/execute.c
b/src/core/execute.c
index 76284700d7b3044b425775587b8296d62edd9038..aa58bc488ca3a13f02b9badccc01a9639bbcb626 100644
(file)
--- a/
src/core/execute.c
+++ b/
src/core/execute.c
@@
-39,6
+39,7
@@
#include <linux/oom.h>
#include <sys/poll.h>
#include <linux/seccomp-bpf.h>
#include <linux/oom.h>
#include <sys/poll.h>
#include <linux/seccomp-bpf.h>
+#include <glob.h>
#ifdef HAVE_PAM
#include <security/pam_appl.h>
#ifdef HAVE_PAM
#include <security/pam_appl.h>
@@
-63,6
+64,7
@@
#include "loopback-setup.h"
#include "path-util.h"
#include "syscall-list.h"
#include "loopback-setup.h"
#include "path-util.h"
#include "syscall-list.h"
+#include "env-util.h"
#define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)
#define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)
@@
-956,7
+958,7
@@
static int apply_seccomp(uint32_t *syscall_filter) {
for (i = 0, n = 0; i < syscall_max(); i++)
if (syscall_filter[i >> 4] & (1 << (i & 31))) {
struct sock_filter item[] = {
for (i = 0, n = 0; i < syscall_max(); i++)
if (syscall_filter[i >> 4] & (1 << (i & 31))) {
struct sock_filter item[] = {
- BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K,
i
, 0, 1),
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K,
INDEX_TO_SYSCALL(i)
, 0, 1),
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
};
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
};
@@
-1023,8
+1025,8
@@
int exec_spawn(ExecCommand *command,
r = exec_context_load_environment(context, &files_env);
if (r < 0) {
r = exec_context_load_environment(context, &files_env);
if (r < 0) {
- log_struct(LOG_ERR,
-
"UNIT=%s",
unit_id,
+ log_struct
_unit
(LOG_ERR,
+ unit_id,
"MESSAGE=Failed to load environment files: %s", strerror(-r),
"ERRNO=%d", -r,
NULL);
"MESSAGE=Failed to load environment files: %s", strerror(-r),
"ERRNO=%d", -r,
NULL);
@@
-1038,8
+1040,8
@@
int exec_spawn(ExecCommand *command,
if (!line)
return log_oom();
if (!line)
return log_oom();
- log_struct(LOG_DEBUG,
-
"UNIT=%s",
unit_id,
+ log_struct
_unit
(LOG_DEBUG,
+ unit_id,
"MESSAGE=About to execute %s", line,
NULL);
free(line);
"MESSAGE=About to execute %s", line,
NULL);
free(line);
@@
-1511,8
+1513,8
@@
int exec_spawn(ExecCommand *command,
_exit(r);
}
_exit(r);
}
- log_struct(LOG_DEBUG,
-
"UNIT=%s",
unit_id,
+ log_struct
_unit
(LOG_DEBUG,
+ unit_id,
"MESSAGE=Forked %s as %lu",
command->path, (unsigned long) pid,
NULL);
"MESSAGE=Forked %s as %lu",
command->path, (unsigned long) pid,
NULL);
@@
-1657,6
+1659,8
@@
int exec_context_load_environment(const ExecContext *c, char ***l) {
int k;
bool ignore = false;
char **p;
int k;
bool ignore = false;
char **p;
+ glob_t pglob;
+ int count, n;
fn = *i;
fn = *i;
@@
-1674,29
+1678,55
@@
int exec_context_load_environment(const ExecContext *c, char ***l) {
return -EINVAL;
}
return -EINVAL;
}
- if ((k = load_env_file(fn, &p)) < 0) {
+ /* Filename supports globbing, take all matching files */
+ zero(pglob);
+ errno = 0;
+ if (glob(fn, 0, NULL, &pglob) != 0) {
+ globfree(&pglob);
+ if (ignore)
+ continue;
+ strv_free(r);
+ return errno ? -errno : -EINVAL;
+ }
+ count = pglob.gl_pathc;
+ if (count == 0) {
+ globfree(&pglob);
if (ignore)
continue;
strv_free(r);
if (ignore)
continue;
strv_free(r);
- return
k
;
+ return
-EINVAL
;
}
}
+ for (n = 0; n < count; n++) {
+ k = load_env_file(pglob.gl_pathv[n], &p);
+ if (k < 0) {
+ if (ignore)
+ continue;
- if (r == NULL)
-
r = p
;
- else {
- char **m;
+ strv_free(r);
+
globfree(&pglob)
;
+ return k;
+ }
- m = strv_env_merge(2, r, p);
- strv_free(r);
- strv_free(p);
+ if (r == NULL)
+ r = p;
+ else {
+ char **m;
+
+ m = strv_env_merge(2, r, p);
+ strv_free(r);
+ strv_free(p);
- if (!m)
- return -ENOMEM;
+ if (!m) {
+ globfree(&pglob);
+ return -ENOMEM;
+ }
- r = m;
+ r = m;
+ }
}
}
+ globfree(&pglob);
}
*l = r;
}
*l = r;
@@
-1798,7
+1828,7
@@
void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
prefix, c->cpu_sched_priority,
prefix, yes_no(c->cpu_sched_reset_on_fork));
free(policy_str);
prefix, c->cpu_sched_priority,
prefix, yes_no(c->cpu_sched_reset_on_fork));
free(policy_str);
- }
+
}
if (c->cpuset) {
fprintf(f, "%sCPUAffinity:", prefix);
if (c->cpuset) {
fprintf(f, "%sCPUAffinity:", prefix);