#include "securebits.h"
#include "cgroup.h"
#include "namespace.h"
+#include "tcpwrap.h"
/* This assumes there is a 'tty' group */
#define TTY_MODE 0620
/* child */
- /* We reset exactly these two signals, since they are
- * the only ones we set to SIG_IGN in the main
- * daemon. All others */
- default_signals(SIGNALS_CRASH_HANLDER,
+ /* We reset exactly these signals, since they are the
+ * only ones we set to SIG_IGN in the main daemon. All
+ * others we leave untouched because we set them to
+ * SIG_DFL or a valid handler initially, both of which
+ * will be demoted to SIG_DFL. */
+ default_signals(SIGNALS_CRASH_HANDLER,
SIGNALS_IGNORE, -1);
if (sigemptyset(&ss) < 0 ||
goto fail;
}
+ if (socket_fd >= 0 && context->tcpwrap_name)
+ if (!socket_tcpwrap(socket_fd, context->tcpwrap_name)) {
+ r = EXIT_TCPWRAP;
+ goto fail;
+ }
+
if (confirm_spawn) {
char response;
goto fail;
}
- if (strv_length(context->read_write_dirs) > 0 ||
- strv_length(context->read_only_dirs) > 0 ||
- strv_length(context->inaccessible_dirs) > 0 ||
- context->mount_flags != MS_SHARED ||
- context->private_tmp)
- if ((r = setup_namespace(
- context->read_write_dirs,
- context->read_only_dirs,
- context->inaccessible_dirs,
- context->private_tmp,
- context->mount_flags)) < 0)
- goto fail;
-
if (context->user) {
username = context->user;
if (get_user_creds(&username, &uid, &gid, &home) < 0) {
umask(context->umask);
+ if (strv_length(context->read_write_dirs) > 0 ||
+ strv_length(context->read_only_dirs) > 0 ||
+ strv_length(context->inaccessible_dirs) > 0 ||
+ context->mount_flags != MS_SHARED ||
+ context->private_tmp)
+ if ((r = setup_namespace(
+ context->read_write_dirs,
+ context->read_only_dirs,
+ context->inaccessible_dirs,
+ context->private_tmp,
+ context->mount_flags)) < 0)
+ goto fail;
+
if (apply_chroot) {
if (context->root_directory)
if (chroot(context->root_directory) < 0) {
free(c->tty_path);
c->tty_path = NULL;
+ free(c->tcpwrap_name);
+ c->tcpwrap_name = NULL;
+
free(c->syslog_identifier);
c->syslog_identifier = NULL;
for (e = c->environment; *e; e++)
fprintf(f, "%sEnvironment: %s\n", prefix, *e);
+ if (c->tcpwrap_name)
+ fprintf(f,
+ "%sTCPWrapName: %s\n",
+ prefix, c->tcpwrap_name);
+
if (c->nice_set)
fprintf(f,
"%sNice: %i\n",
case EXIT_STDERR:
return "STDERR";
+ case EXIT_TCPWRAP:
+ return "TCPWRAP";
+
default:
return NULL;
}