man: make it more clear that the concepts systemctl(1) manage are introduced in syste...

[elogind.git] / src / core / execute.c

diff --git a/src/core/execute.c b/src/core/execute.c
index 129791294eea816d1f9e186b9dad22b76472a4f8..066efd6fdf1c41ec0b90c51dfae13cbe212de7fd 100644 (file)
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -83,7 +83,6 @@
 #include "af-list.h"
 #include "mkdir.h"
 #include "apparmor-util.h"
-#include "label.h"
 
 #ifdef HAVE_SECCOMP
 #include "seccomp-util.h"
@@ -1302,7 +1301,6 @@ int exec_spawn(ExecCommand *command,
                 int dont_close[n_fds + 3];
                 uid_t uid = (uid_t) -1;
                 gid_t gid = (gid_t) -1;
-                sigset_t ss;
                 int i, err;
 
                 /* child */
@@ -1320,9 +1318,8 @@ int exec_spawn(ExecCommand *command,
                 if (context->ignore_sigpipe)
                         ignore_signals(SIGPIPE, -1);
 
-                assert_se(sigemptyset(&ss) == 0);
-                if (sigprocmask(SIG_SETMASK, &ss, NULL) < 0) {
-                        err = -errno;
+                err = reset_signal_mask();
+                if (err < 0) {
                         r = EXIT_SIGNAL_MASK;
                         goto fail_child;
                 }
@@ -1636,7 +1633,9 @@ int exec_spawn(ExecCommand *command,
                 }
 
                 /* We repeat the fd closing here, to make sure that
-                 * nothing is leaked from the PAM modules */
+                 * nothing is leaked from the PAM modules. Note that
+                 * we are more aggressive this time since socket_fd
+                 * and the netns fds we don#t need anymore. */
                 err = close_all_fds(fds, n_fds);
                 if (err >= 0)
                         err = shift_fds(fds, n_fds);
@@ -1730,22 +1729,6 @@ int exec_spawn(ExecCommand *command,
                                         goto fail_child;
                                 }
                         }
-
-                        if (context->selinux_label_via_net && use_selinux()) {
-                                _cleanup_free_ char *label = NULL;
-
-                                err = label_get_child_label(socket_fd, command->path, &label);
-                                if (err < 0) {
-                                        r = EXIT_SELINUX_CONTEXT;
-                                        goto fail_child;
-                                }
-
-                                err = setexeccon(label);
-                                if (err < 0) {
-                                        r = EXIT_SELINUX_CONTEXT;
-                                        goto fail_child;
-                                }
-                        }
 #endif
 
 #ifdef HAVE_APPARMOR
@@ -2129,8 +2112,7 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
                 "%sPrivateDevices: %s\n"
                 "%sProtectHome: %s\n"
                 "%sProtectSystem: %s\n"
-                "%sIgnoreSIGPIPE: %s\n"
-                "%sSELinuxLabelViaNet: %s\n",
+                "%sIgnoreSIGPIPE: %s\n",
                 prefix, c->umask,
                 prefix, c->working_directory ? c->working_directory : "/",
                 prefix, c->root_directory ? c->root_directory : "/",
@@ -2140,8 +2122,7 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
                 prefix, yes_no(c->private_devices),
                 prefix, protect_home_to_string(c->protect_home),
                 prefix, protect_system_to_string(c->protect_system),
-                prefix, yes_no(c->ignore_sigpipe),
-                prefix, yes_no(c->selinux_label_via_net));
+                prefix, yes_no(c->ignore_sigpipe));
 
         STRV_FOREACH(e, c->environment)
                 fprintf(f, "%sEnvironment: %s\n", prefix, *e);
@@ -2417,12 +2398,11 @@ void exec_status_dump(ExecStatus *s, FILE *f, const char *prefix) {
         assert(s);
         assert(f);
 
-        if (!prefix)
-                prefix = "";
-
         if (s->pid <= 0)
                 return;
 
+        prefix = strempty(prefix);
+
         fprintf(f,
                 "%sPID: "PID_FMT"\n",
                 prefix, s->pid);
@@ -2482,21 +2462,16 @@ char *exec_command_line(char **argv) {
 }
 
 void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix) {
-        _cleanup_free_ char *p2 = NULL;
-        const char *prefix2;
-
         _cleanup_free_ char *cmd = NULL;
+        const char *prefix2;
 
         assert(c);
         assert(f);
 
-        if (!prefix)
-                prefix = "";
-        p2 = strappend(prefix, "\t");
-        prefix2 = p2 ? p2 : prefix;
+        prefix = strempty(prefix);
+        prefix2 = strappenda(prefix, "\t");
 
         cmd = exec_command_line(c->argv);
-
         fprintf(f,
                 "%sCommand Line: %s\n",
                 prefix, cmd ? cmd : strerror(ENOMEM));
@@ -2507,8 +2482,7 @@ void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix) {
 void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix) {
         assert(f);
 
-        if (!prefix)
-                prefix = "";
+        prefix = strempty(prefix);
 
         LIST_FOREACH(command, c, c)
                 exec_command_dump(c, f, prefix);