X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fcore%2Fexecute.c;h=6e76bd5b504922141e6de5961fce0ae19a09a562;hb=ffc90a11962274ac597b7838f31a4aff0362aa46;hp=353f2d1297619f9ca4e6b4077d5ea85cf664fbfe;hpb=3d94f76c99da13e5603831d0b278f8c8c21bcb02;p=elogind.git diff --git a/src/core/execute.c b/src/core/execute.c index 353f2d129..6e76bd5b5 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -69,7 +69,6 @@ #include "ioprio.h" #include "securebits.h" #include "namespace.h" -#include "tcpwrap.h" #include "exit-status.h" #include "missing.h" #include "utmp-wtmp.h" @@ -562,7 +561,7 @@ static int restore_confirm_stdio(int *saved_stdin, static int ask_for_confirmation(char *response, char **argv) { int saved_stdout = -1, saved_stdin = -1, r; - char *line; + _cleanup_free_ char *line = NULL; r = setup_confirm_stdio(&saved_stdin, &saved_stdout); if (r < 0) @@ -572,8 +571,7 @@ static int ask_for_confirmation(char *response, char **argv) { if (!line) return -ENOMEM; - r = ask(response, "yns", "Execute %s? [Yes, No, Skip] ", line); - free(line); + r = ask_char(response, "yns", "Execute %s? [Yes, No, Skip] ", line); restore_confirm_stdio(&saved_stdin, &saved_stdout); @@ -1174,7 +1172,7 @@ static int build_environment( return -ENOMEM; our_env[n_env++] = x; - if (asprintf(&x, "WATCHDOG_USEC=%llu", (unsigned long long) watchdog_usec) < 0) + if (asprintf(&x, "WATCHDOG_USEC="USEC_FMT, watchdog_usec) < 0) return -ENOMEM; our_env[n_env++] = x; } @@ -1362,23 +1360,6 @@ int exec_spawn(ExecCommand *command, goto fail_child; } - if (context->tcpwrap_name) { - if (socket_fd >= 0) - if (!socket_tcpwrap(socket_fd, context->tcpwrap_name)) { - err = -EACCES; - r = EXIT_TCPWRAP; - goto fail_child; - } - - for (i = 0; i < (int) n_fds; i++) { - if (!socket_tcpwrap(fds[i], context->tcpwrap_name)) { - err = -EACCES; - r = EXIT_TCPWRAP; - goto fail_child; - } - } - } - exec_context_tty_reset(context); if (confirm_spawn) { @@ -1587,7 +1568,9 @@ int exec_spawn(ExecCommand *command, !strv_isempty(context->inaccessible_dirs) || context->mount_flags != 0 || (context->private_tmp && runtime && (runtime->tmp_dir || runtime->var_tmp_dir)) || - context->private_devices) { + context->private_devices || + context->protect_system != PROTECT_SYSTEM_NO || + context->protect_home != PROTECT_HOME_NO) { char *tmp = NULL, *var = NULL; @@ -1611,8 +1594,9 @@ int exec_spawn(ExecCommand *command, tmp, var, context->private_devices, + context->protect_home, + context->protect_system, context->mount_flags); - if (err < 0) { r = EXIT_NAMESPACE; goto fail_child; @@ -1878,9 +1862,6 @@ void exec_context_done(ExecContext *c) { free(c->tty_path); c->tty_path = NULL; - free(c->tcpwrap_name); - c->tcpwrap_name = NULL; - free(c->syslog_identifier); c->syslog_identifier = NULL; @@ -2042,7 +2023,7 @@ int exec_context_load_environment(const ExecContext *c, char ***l) { return -EINVAL; } for (n = 0; n < count; n++) { - k = load_env_file(pglob.gl_pathv[n], NULL, &p); + k = load_env_file(NULL, pglob.gl_pathv[n], NULL, &p); if (k < 0) { if (ignore) continue; @@ -2076,8 +2057,8 @@ int exec_context_load_environment(const ExecContext *c, char ***l) { } static bool tty_may_match_dev_console(const char *tty) { - char *active = NULL, *console; - bool b; + _cleanup_free_ char *active = NULL; + char *console; if (startswith(tty, "/dev/")) tty += 5; @@ -2092,10 +2073,7 @@ static bool tty_may_match_dev_console(const char *tty) { return true; /* "tty0" means the active VC, so it may be the same sometimes */ - b = streq(console, tty) || (streq(console, "tty0") && tty_is_vc(tty)); - free(active); - - return b; + return streq(console, tty) || (streq(console, "tty0") && tty_is_vc(tty)); } bool exec_context_may_touch_console(ExecContext *ec) { @@ -2132,6 +2110,8 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) { "%sPrivateTmp: %s\n" "%sPrivateNetwork: %s\n" "%sPrivateDevices: %s\n" + "%sProtectHome: %s\n" + "%sProtectSystem: %s\n" "%sIgnoreSIGPIPE: %s\n", prefix, c->umask, prefix, c->working_directory ? c->working_directory : "/", @@ -2140,6 +2120,8 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) { prefix, yes_no(c->private_tmp), prefix, yes_no(c->private_network), prefix, yes_no(c->private_devices), + prefix, protect_home_to_string(c->protect_home), + prefix, protect_system_to_string(c->protect_system), prefix, yes_no(c->ignore_sigpipe)); STRV_FOREACH(e, c->environment) @@ -2148,11 +2130,6 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) { STRV_FOREACH(e, c->environment_files) fprintf(f, "%sEnvironmentFile: %s\n", prefix, *e); - if (c->tcpwrap_name) - fprintf(f, - "%sTCPWrapName: %s\n", - prefix, c->tcpwrap_name); - if (c->nice_set) fprintf(f, "%sNice: %i\n", @@ -2165,7 +2142,8 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) { for (i = 0; i < RLIM_NLIMITS; i++) if (c->rlimit[i]) - fprintf(f, "%s%s: %llu\n", prefix, rlimit_to_string(i), (unsigned long long) c->rlimit[i]->rlim_max); + fprintf(f, "%s%s: "RLIM_FMT"\n", + prefix, rlimit_to_string(i), c->rlimit[i]->rlim_max); if (c->ioprio_set) { _cleanup_free_ char *class_str = NULL; @@ -2485,10 +2463,10 @@ char *exec_command_line(char **argv) { } void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix) { - char *p2; + _cleanup_free_ char *p2 = NULL; const char *prefix2; - char *cmd; + _cleanup_free_ char *cmd = NULL; assert(c); assert(f); @@ -2504,11 +2482,7 @@ void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix) { "%sCommand Line: %s\n", prefix, cmd ? cmd : strerror(ENOMEM)); - free(cmd); - exec_status_dump(&c->exec_status, f, prefix2); - - free(p2); } void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix) {