swap: refuse start/stop of swaps in container

[elogind.git] / src / core / swap.c

diff --git a/src/core/swap.c b/src/core/swap.c
index 03993b1e60ecffdc81a8186b72e3c62246a0c1f8..41ece2708f009a3b52d061ee76e45595659d0161 100644 (file)
--- a/src/core/swap.c
+++ b/src/core/swap.c
@@ -39,6 +39,7 @@
 #include "exit-status.h"
 #include "def.h"
 #include "path-util.h"
+#include "virt.h"
 
 static const UnitActiveState state_translation_table[_SWAP_STATE_MAX] = {
         [SWAP_DEAD] = UNIT_INACTIVE,
@@ -296,7 +297,7 @@ static int swap_load(Unit *u) {
                         if ((r = swap_add_default_dependencies(s)) < 0)
                                 return r;
 
-                r = unit_patch_working_directory(UNIT(s), &s->exec_context);
+                r = unit_exec_context_defaults(u, &s->exec_context);
                 if (r < 0)
                         return r;
         }
@@ -797,6 +798,9 @@ static int swap_start(Unit *u) {
 
         assert(s->state == SWAP_DEAD || s->state == SWAP_FAILED);
 
+        if (detect_container(NULL) > 0)
+                return -EPERM;
+
         s->result = SWAP_SUCCESS;
         swap_enter_activating(s);
         return 0;
@@ -817,6 +821,9 @@ static int swap_stop(Unit *u) {
         assert(s->state == SWAP_ACTIVATING ||
                s->state == SWAP_ACTIVE);
 
+        if (detect_container(NULL) > 0)
+                return -EPERM;
+
         swap_enter_deactivating(s);
         return 0;
 }
@@ -917,7 +924,7 @@ static void swap_sigchld_event(Unit *u, pid_t pid, int code, int status) {
 
         s->control_pid = 0;
 
-        if (is_clean_exit(code, status))
+        if (is_clean_exit(code, status, NULL))
                 f = SWAP_SUCCESS;
         else if (code == CLD_EXITED)
                 f = SWAP_FAILURE_EXIT_CODE;
@@ -1260,7 +1267,7 @@ static void swap_reset_failed(Unit *u) {
         s->result = SWAP_SUCCESS;
 }
 
-static int swap_kill(Unit *u, KillWho who, KillMode mode, int signo, DBusError *error) {
+static int swap_kill(Unit *u, KillWho who, int signo, DBusError *error) {
         Swap *s = SWAP(u);
         int r = 0;
         Set *pid_set = NULL;
@@ -1282,23 +1289,25 @@ static int swap_kill(Unit *u, KillWho who, KillMode mode, int signo, DBusError *
                         if (kill(s->control_pid, signo) < 0)
                                 r = -errno;
 
-        if (who == KILL_ALL && mode == KILL_CONTROL_GROUP) {
+        if (who == KILL_ALL) {
                 int q;
 
-                if (!(pid_set = set_new(trivial_hash_func, trivial_compare_func)))
+                pid_set = set_new(trivial_hash_func, trivial_compare_func);
+                if (!pid_set)
                         return -ENOMEM;
 
                 /* Exclude the control pid from being killed via the cgroup */
-                if (s->control_pid > 0)
-                        if ((q = set_put(pid_set, LONG_TO_PTR(s->control_pid))) < 0) {
+                if (s->control_pid > 0) {
+                        q = set_put(pid_set, LONG_TO_PTR(s->control_pid));
+                        if (q < 0) {
                                 r = q;
                                 goto finish;
                         }
+                }
 
                 q = cgroup_bonding_kill_list(UNIT(s)->cgroup_bondings, signo, false, false, pid_set, NULL);
-                if (q < 0)
-                        if (q != -EAGAIN && q != -ESRCH && q != -ENOENT)
-                                r = q;
+                if (q < 0 && q != -EAGAIN && q != -ESRCH && q != -ENOENT)
+                        r = q;
         }
 
 finish: