#include "env-util.h"
#include "fileio.h"
#include "unit.h"
+#include "async.h"
#define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)
+#define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC)
/* This assumes there is a 'tty' group */
#define TTY_MODE 0620
return 0;
}
+static void do_idle_pipe_dance(int idle_pipe[4]) {
+ assert(idle_pipe);
+
+ if (idle_pipe[1] >= 0)
+ close_nointr_nofail(idle_pipe[1]);
+ if (idle_pipe[2] >= 0)
+ close_nointr_nofail(idle_pipe[2]);
+
+ if (idle_pipe[0] >= 0) {
+ int r;
+
+ r = fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT_USEC);
+
+ if (idle_pipe[3] >= 0 && r == 0 /* timeout */) {
+ /* Signal systemd that we are bored and want to continue. */
+ write(idle_pipe[3], "x", 1);
+
+ /* Wait for systemd to react to the signal above. */
+ fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT2_USEC);
+ }
+
+ close_nointr_nofail(idle_pipe[0]);
+
+ }
+
+ if (idle_pipe[3] >= 0)
+ close_nointr_nofail(idle_pipe[3]);
+}
+
int exec_spawn(ExecCommand *command,
char **argv,
ExecContext *context,
CGroupControllerMask cgroup_mask,
const char *cgroup_path,
const char *unit_id,
- int idle_pipe[2],
+ int idle_pipe[4],
pid_t *ret) {
_cleanup_strv_free_ char **files_env = NULL;
goto fail_child;
}
- if (idle_pipe) {
- if (idle_pipe[1] >= 0)
- close_nointr_nofail(idle_pipe[1]);
- if (idle_pipe[0] >= 0) {
- fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT_USEC);
- close_nointr_nofail(idle_pipe[0]);
- }
- }
+ if (idle_pipe)
+ do_idle_pipe_dance(idle_pipe);
/* Close sockets very early to make sure we don't
* block init reexecution because it cannot bind its
}
}
+#ifdef HAVE_PAM
+ if (cgroup_path && context->user && context->pam_name) {
+ err = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0644, uid, gid);
+ if (err < 0) {
+ r = EXIT_CGROUP;
+ goto fail_child;
+ }
+
+
+ err = cg_set_group_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0755, uid, gid);
+ if (err < 0) {
+ r = EXIT_CGROUP;
+ goto fail_child;
+ }
+ }
+#endif
+
if (apply_permissions) {
err = enforce_groups(context, username, gid);
if (err < 0) {
c->timer_slack_nsec = (nsec_t) -1;
}
+static void *remove_tmpdir_thread(void *p) {
+ int r;
+ _cleanup_free_ char *dirp = p;
+ char *dir;
+
+ assert(dirp);
+
+ r = rm_rf_dangerous(dirp, false, true, false);
+ dir = dirname(dirp);
+ if (r < 0)
+ log_warning("Failed to remove content of temporary directory %s: %s",
+ dir, strerror(-r));
+ else {
+ r = rmdir(dir);
+ if (r < 0)
+ log_warning("Failed to remove temporary directory %s: %s",
+ dir, strerror(-r));
+ }
+
+ return NULL;
+}
+
void exec_context_tmp_dirs_done(ExecContext *c) {
char* dirs[] = {c->tmp_dir ? c->tmp_dir : c->var_tmp_dir,
c->tmp_dir ? c->var_tmp_dir : NULL,
char **dirp;
for(dirp = dirs; *dirp; dirp++) {
- char *dir;
- int r;
-
- r = rm_rf_dangerous(*dirp, false, true, false);
- dir = dirname(*dirp);
- if (r < 0)
- log_warning("Failed to remove content of temporary directory %s: %s",
- dir, strerror(-r));
- else {
- r = rmdir(dir);
- if (r < 0)
- log_warning("Failed to remove temporary directory %s: %s",
- dir, strerror(-r));
- }
-
- free(*dirp);
+ log_debug("Spawning thread to nuke %s", *dirp);
+ asynchronous_job(remove_tmpdir_thread, *dirp);
}
c->tmp_dir = c->var_tmp_dir = NULL;
strv_free(r);
return k;
- }
+ }
/* Log invalid environment variables with filename */
- if (p)
- p = strv_env_clean_log(p, pglob.gl_pathv[n]);
+ if (p)
+ p = strv_env_clean_log(p, pglob.gl_pathv[n]);
if (r == NULL)
r = p;