s->state = SERVICE_DEAD;
s->sysv_start_priority = -1;
+ s->permissions_start_only = false;
+ s->root_directory_start_only = false;
RATELIMIT_INIT(s->ratelimit, 10*USEC_PER_SEC, 5);
prefix2 = p2 ? p2 : prefix;
fprintf(f,
- "%sService State: %s\n",
- prefix, service_state_to_string(s->state));
+ "%sService State: %s\n"
+ "%sPermissionsStartOnly: %s\n"
+ "%sRootDirectoryStartOnly: %s\n",
+ prefix, service_state_to_string(s->state),
+ prefix, yes_no(s->permissions_start_only),
+ prefix, yes_no(s->root_directory_start_only));
if (s->pid_file)
fprintf(f,
return r;
}
-static int service_spawn(Service *s, ExecCommand *c, bool timeout, bool pass_fds, pid_t *_pid) {
+static int service_spawn(
+ Service *s,
+ ExecCommand *c,
+ bool timeout,
+ bool pass_fds,
+ bool apply_permissions,
+ bool apply_chroot,
+ pid_t *_pid) {
+
pid_t pid;
int r;
int *fds = NULL;
} else
unit_unwatch_timer(UNIT(s), &s->timer_watch);
- if ((r = exec_spawn(c, &s->exec_context, fds, n_fds, &pid)) < 0)
+ if ((r = exec_spawn(c,
+ &s->exec_context,
+ fds, n_fds,
+ apply_permissions,
+ apply_chroot,
+ &pid)) < 0)
goto fail;
if ((r = unit_watch_pid(UNIT(s), pid)) < 0)
s->failure = true;
if ((s->control_command = s->exec_command[SERVICE_EXEC_STOP_POST]))
- if ((r = service_spawn(s, s->control_command, true, false, &s->control_pid)) < 0)
+ if ((r = service_spawn(s,
+ s->control_command,
+ true,
+ false,
+ !s->permissions_start_only,
+ !s->root_directory_start_only,
+ &s->control_pid)) < 0)
goto fail;
s->failure = true;
if ((s->control_command = s->exec_command[SERVICE_EXEC_STOP]))
- if ((r = service_spawn(s, s->control_command, true, false, &s->control_pid)) < 0)
+ if ((r = service_spawn(s,
+ s->control_command,
+ true,
+ false,
+ !s->permissions_start_only,
+ !s->root_directory_start_only,
+ &s->control_pid)) < 0)
goto fail;
service_set_state(s, SERVICE_STOP);
assert(s);
if ((s->control_command = s->exec_command[SERVICE_EXEC_START_POST]))
- if ((r = service_spawn(s, s->control_command, true, false, &s->control_pid)) < 0)
+ if ((r = service_spawn(s,
+ s->control_command,
+ true,
+ false,
+ !s->permissions_start_only,
+ !s->root_directory_start_only,
+ &s->control_pid)) < 0)
goto fail;
assert(s->exec_command[SERVICE_EXEC_START]);
assert(!s->exec_command[SERVICE_EXEC_START]->command_next);
- if ((r = service_spawn(s, s->exec_command[SERVICE_EXEC_START], s->type == SERVICE_FORKING, true, &pid)) < 0)
+ if ((r = service_spawn(s,
+ s->exec_command[SERVICE_EXEC_START],
+ s->type == SERVICE_FORKING,
+ true,
+ true,
+ true,
+ &pid)) < 0)
goto fail;
service_set_state(s, SERVICE_START);
assert(s);
if ((s->control_command = s->exec_command[SERVICE_EXEC_START_PRE]))
- if ((r = service_spawn(s, s->control_command, true, false, &s->control_pid)) < 0)
+ if ((r = service_spawn(s,
+ s->control_command,
+ true,
+ false,
+ !s->permissions_start_only,
+ !s->root_directory_start_only,
+ &s->control_pid)) < 0)
goto fail;
service_set_state(s, SERVICE_START_PRE);
assert(s);
if ((s->control_command = s->exec_command[SERVICE_EXEC_RELOAD]))
- if ((r = service_spawn(s, s->control_command, true, false, &s->control_pid)) < 0)
+ if ((r = service_spawn(s,
+ s->control_command,
+ true,
+ false,
+ !s->permissions_start_only,
+ !s->root_directory_start_only,
+ &s->control_pid)) < 0)
goto fail;
service_set_state(s, SERVICE_RELOAD);
s->control_command = s->control_command->command_next;
- if ((r = service_spawn(s, s->control_command, true, false, &s->control_pid)) < 0)
+ if ((r = service_spawn(s,
+ s->control_command,
+ true,
+ false,
+ !s->permissions_start_only,
+ !s->root_directory_start_only,
+ &s->control_pid)) < 0)
goto fail;
return;
if ((r = manager_load_unit(m, name, &service)) < 0)
goto finish;
- /* Don't allow that non-SysV services
- * are started via rcN.d/ links. */
- if (!SERVICE(service)->sysv_path)
- continue;
-
if ((r = manager_load_unit(m, rcnd[i+1], &runlevel)) < 0)
goto finish;