X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;ds=sidebyside;f=src%2Fexecute.c;h=1a7871b4e030b374b4699a0bc8f91362a91b209c;hb=04aa0cb9c46f0a5cd0cf5b4a4e378460423d2635;hp=53f6d9ad06dcaf8169ef825278bae2753ebaae46;hpb=ff876e283a61320b718ec752d93b1fd40a5fdd0c;p=elogind.git diff --git a/src/execute.c b/src/execute.c index 53f6d9ad0..1a7871b4e 100644 --- a/src/execute.c +++ b/src/execute.c @@ -46,6 +46,7 @@ #include "securebits.h" #include "cgroup.h" #include "namespace.h" +#include "tcpwrap.h" /* This assumes there is a 'tty' group */ #define TTY_MODE 0620 @@ -305,8 +306,8 @@ static int setup_output(const ExecContext *context, int socket_fd, const char *i return dup2(STDIN_FILENO, STDOUT_FILENO) < 0 ? -errno : STDOUT_FILENO; /* For PID 1 stdout is always connected to /dev/null, - * hence reopen the console if necessary. */ - if (getpid() == 1) + * hence reopen the console if out parent is PID1. */ + if (getppid() == 1) return open_terminal_as(tty_path(context), O_WRONLY, STDOUT_FILENO); return STDOUT_FILENO; @@ -352,7 +353,7 @@ static int setup_error(const ExecContext *context, int socket_fd, const char *id if (e == EXEC_OUTPUT_INHERIT && o == EXEC_OUTPUT_INHERIT && i != EXEC_INPUT_NULL && - getpid () != 1) + getppid () != 1) return STDERR_FILENO; /* Duplicate form stdout if possible */ @@ -783,7 +784,13 @@ int exec_spawn(ExecCommand *command, /* child */ - reset_all_signal_handlers(); + /* We reset exactly these signals, since they are the + * only ones we set to SIG_IGN in the main daemon. All + * others we leave untouched because we set them to + * SIG_DFL or a valid handler initially, both of which + * will be demoted to SIG_DFL. */ + default_signals(SIGNALS_CRASH_HANDLER, + SIGNALS_IGNORE, -1); if (sigemptyset(&ss) < 0 || sigprocmask(SIG_SETMASK, &ss, NULL) < 0) { @@ -797,6 +804,12 @@ int exec_spawn(ExecCommand *command, goto fail; } + if (socket_fd >= 0 && context->tcpwrap_name) + if (!socket_tcpwrap(socket_fd, context->tcpwrap_name)) { + r = EXIT_TCPWRAP; + goto fail; + } + if (confirm_spawn) { char response; @@ -901,19 +914,6 @@ int exec_spawn(ExecCommand *command, goto fail; } - if (strv_length(context->read_write_dirs) > 0 || - strv_length(context->read_only_dirs) > 0 || - strv_length(context->inaccessible_dirs) > 0 || - context->mount_flags != MS_SHARED || - context->private_tmp) - if ((r = setup_namespace( - context->read_write_dirs, - context->read_only_dirs, - context->inaccessible_dirs, - context->private_tmp, - context->mount_flags)) < 0) - goto fail; - if (context->user) { username = context->user; if (get_user_creds(&username, &uid, &gid, &home) < 0) { @@ -936,6 +936,19 @@ int exec_spawn(ExecCommand *command, umask(context->umask); + if (strv_length(context->read_write_dirs) > 0 || + strv_length(context->read_only_dirs) > 0 || + strv_length(context->inaccessible_dirs) > 0 || + context->mount_flags != MS_SHARED || + context->private_tmp) + if ((r = setup_namespace( + context->read_write_dirs, + context->read_only_dirs, + context->inaccessible_dirs, + context->private_tmp, + context->mount_flags)) < 0) + goto fail; + if (apply_chroot) { if (context->root_directory) if (chroot(context->root_directory) < 0) { @@ -1105,6 +1118,9 @@ void exec_context_done(ExecContext *c) { free(c->tty_path); c->tty_path = NULL; + free(c->tcpwrap_name); + c->tcpwrap_name = NULL; + free(c->syslog_identifier); c->syslog_identifier = NULL; @@ -1203,6 +1219,11 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) { for (e = c->environment; *e; e++) fprintf(f, "%sEnvironment: %s\n", prefix, *e); + if (c->tcpwrap_name) + fprintf(f, + "%sTCPWrapName: %s\n", + prefix, c->tcpwrap_name); + if (c->nice_set) fprintf(f, "%sNice: %i\n", @@ -1589,6 +1610,9 @@ const char* exit_status_to_string(ExitStatus status) { case EXIT_STDERR: return "STDERR"; + case EXIT_TCPWRAP: + return "TCPWRAP"; + default: return NULL; }