"-" prefix for InaccessibleDirectories and ReadOnlyDirectories

diff --git a/TODO b/TODO
index 3800ce47676db92c1c528a1e29495dca3a52d88c..fe305ecb66b31ae47f2cf5dc17fd8ac8945aaacd 100644 (file)
--- a/TODO
+++ b/TODO
@@ -23,6 +23,9 @@ Bugfixes:
   - make the resulting line the requested number of *characters*, not *bytes*,
   - avoid truncuating multi-byte sequences in the middle.
 
   - make the resulting line the requested number of *characters*, not *bytes*,
   - avoid truncuating multi-byte sequences in the middle.
 

+* When we detect invalid UTF-8, we cant't use it in an error message:
+  log...("Path is not UTF-8 clean, ignoring assignment: %s", rvalue);
+

 * shorten the message to sane length:
 
   Cannot add dependency job for unit display-manager.service, ignoring: Unit display-manager.service failed to load: No such file or directory. See system logs and 'systemctl status display-manager.service' for details.
 * shorten the message to sane length:
 
   Cannot add dependency job for unit display-manager.service, ignoring: Unit display-manager.service failed to load: No such file or directory. See system logs and 'systemctl status display-manager.service' for details.


@@ -285,9 +288,6 @@ Features:
 
 * timedate: have global on/off switches for auto-time (NTP), and auto-timezone that connman can subscribe to.
 
 
 * timedate: have global on/off switches for auto-time (NTP), and auto-timezone that connman can subscribe to.
 

-* Honour "-" prefix for InaccessibleDirectories= and ReadOnlyDirectories= to
-  suppress errors of the specified path doesn't exist
-

 * dev-setup.c: when running in a container, create a tiny stub udev
   database with the systemd tag set for all network interfaces found,
   so that libudev reports them as present, and systemd's .device units
 * dev-setup.c: when running in a container, create a tiny stub udev
   database with the systemd tag set for all network interfaces found,
   so that libudev reports them as present, and systemd's .device units

diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index c0e1d862a62b350d90b5f510c1ff411daa8b1f97..b761832ed6bbdca94debe5df33cdb579d4c0376f 100644 (file)
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -828,7 +828,15 @@
                                 the empty string is assigned to this
                                 option the specific list is reset, and
                                 all prior assignments have no
                                 the empty string is assigned to this
                                 option the specific list is reset, and
                                 all prior assignments have no

-                                effect.</para></listitem>
+                                effect.</para>
+                                <para>Paths in
+                                <varname>ReadOnlyDirectories=</varname>
+                                and
+                                <varname>InaccessibleDirectories=</varname>
+                                may be prefixed with
+                                <literal>-</literal>, in which case
+                                they will be ignored when they don't
+                                exist.</para></listitem>

                         </varlistentry>
 
                         <varlistentry>
                         </varlistentry>
 
                         <varlistentry>

diff --git a/src/core/namespace.c b/src/core/namespace.c
index 7e33d84156348497d574308a7557f7e330aa9b7f..16b132ba566327a7b4ed2908fba55d3c887cb2db 100644 (file)
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -51,6 +51,7 @@ typedef struct BindMount {
         const char *path;
         MountMode mode;
         bool done;
         const char *path;
         MountMode mode;
         bool done;

+        bool ignore;

 } BindMount;
 
 static int append_mounts(BindMount **p, char **strv, MountMode mode) {
 } BindMount;
 
 static int append_mounts(BindMount **p, char **strv, MountMode mode) {


@@ -58,6 +59,13 @@ static int append_mounts(BindMount **p, char **strv, MountMode mode) {
 
         STRV_FOREACH(i, strv) {
 
 
         STRV_FOREACH(i, strv) {
 

+                (*p)->ignore = false;
+
+                if ((mode == INACCESSIBLE || mode == READONLY) && (*i)[0] == '-') {
+                        (*p)->ignore = true;
+                        (*i)++;
+                }
+

                 if (!path_is_absolute(*i))
                         return -EINVAL;
 
                 if (!path_is_absolute(*i))
                         return -EINVAL;
 


@@ -155,6 +163,8 @@ static int apply_mount(
         r = mount(what, m->path, NULL, MS_BIND|MS_REC, NULL);
         if (r >= 0)
                 log_debug("Successfully mounted %s to %s", what, m->path);
         r = mount(what, m->path, NULL, MS_BIND|MS_REC, NULL);
         if (r >= 0)
                 log_debug("Successfully mounted %s to %s", what, m->path);

+        else if (m->ignore && errno == ENOENT)
+                r = 0;

 
         return r;
 }
 
         return r;
 }


@@ -168,7 +178,7 @@ static int make_read_only(BindMount *m) {
                 return 0;
 
         r = mount(NULL, m->path, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY|MS_REC, NULL);
                 return 0;
 
         r = mount(NULL, m->path, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY|MS_REC, NULL);

-        if (r < 0)
+        if (r < 0 && !(m->ignore && errno == ENOENT))

                 return -errno;
 
         return 0;
                 return -errno;
 
         return 0;

diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c
index 2303d9a50b7bb348bba6f2631f0708d40a02022b..6085d33391baeb2d4f51e3e017813eabbef57575 100644 (file)
--- a/src/shared/conf-parser.c
+++ b/src/shared/conf-parser.c
@@ -599,6 +599,7 @@ int config_parse_path(const char *unit,
 
         char **s = data;
         char *n;
 
         char **s = data;
         char *n;

+        int offset;

 
         assert(filename);
         assert(lvalue);
 
         assert(filename);
         assert(lvalue);


@@ -611,7 +612,9 @@ int config_parse_path(const char *unit,
                 return 0;
         }
 
                 return 0;
         }
 

-        if (!path_is_absolute(rvalue)) {
+        offset = rvalue[0] == '-' && (streq(lvalue, "InaccessibleDirectories") ||
+                                      streq(lvalue, "ReadOnlyDirectories"));
+        if (!path_is_absolute(rvalue + offset)) {

                 log_syntax(unit, LOG_ERR, filename, line, EINVAL,
                            "Not an absolute path, ignoring: %s", rvalue);
                 return 0;
                 log_syntax(unit, LOG_ERR, filename, line, EINVAL,
                            "Not an absolute path, ignoring: %s", rvalue);
                 return 0;


@@ -713,6 +716,7 @@ int config_parse_path_strv(const char *unit,
 
         FOREACH_WORD_QUOTED(w, l, rvalue, state) {
                 _cleanup_free_ char *n;
 
         FOREACH_WORD_QUOTED(w, l, rvalue, state) {
                 _cleanup_free_ char *n;

+                int offset;

 
                 n = strndup(w, l);
                 if (!n)
 
                 n = strndup(w, l);
                 if (!n)


@@ -724,7 +728,9 @@ int config_parse_path_strv(const char *unit,
                         continue;
                 }
 
                         continue;
                 }
 

-                if (!path_is_absolute(n)) {
+                offset = n[0] == '-' && (streq(lvalue, "InaccessibleDirectories") ||
+                                         streq(lvalue, "ReadOnlyDirectories"));
+                if (!path_is_absolute(n + offset)) {

                         log_syntax(unit, LOG_ERR, filename, line, EINVAL,
                                    "Not an absolute path, ignoring: %s", rvalue);
                         continue;
                         log_syntax(unit, LOG_ERR, filename, line, EINVAL,
                                    "Not an absolute path, ignoring: %s", rvalue);
                         continue;