X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fcore%2Fload-fragment.c;h=7260d205788664167931e6f8b9724074296f605f;hb=4fb7242cbbed0d865eb343548b8f0ee0fee71d85;hp=ec04ad28baed5ffac6e5b088dfaea6fcda506654;hpb=57183d117a1d6a96d71ce99d648beb0d2b36228d;p=elogind.git diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index ec04ad28b..7260d2057 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -61,7 +61,7 @@ #include "seccomp-util.h" #endif -#if !defined(HAVE_SYSV_COMPAT) || !defined(HAVE_SECCOMP) +#if !defined(HAVE_SYSV_COMPAT) || !defined(HAVE_SECCOMP) || !defined(HAVE_LIBWRAP) || !defined(HAVE_PAM) || !defined(HAVE_SELINUX) || !defined(HAVE_SMACK) int config_parse_warn_compat( const char *unit, const char *filename, @@ -1143,6 +1143,55 @@ int config_parse_exec_mount_flags(const char *unit, return 0; } +int config_parse_exec_selinux_context( + const char *unit, + const char *filename, + unsigned line, + const char *section, + unsigned section_line, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { + + ExecContext *c = data; + Unit *u = userdata; + bool ignore; + char *k; + int r; + + assert(filename); + assert(lvalue); + assert(rvalue); + assert(data); + + if (isempty(rvalue)) { + free(c->selinux_context); + c->selinux_context = NULL; + c->selinux_context_ignore = false; + return 0; + } + + if (rvalue[0] == '-') { + ignore = true; + rvalue++; + } else + ignore = false; + + r = unit_name_printf(u, rvalue, &k); + if (r < 0) { + log_syntax(unit, LOG_ERR, filename, line, -r, "Failed to resolve specifiers, ignoring: %s", strerror(-r)); + return 0; + } + + free(c->selinux_context); + c->selinux_context = k; + c->selinux_context_ignore = ignore; + + return 0; +} + int config_parse_timer(const char *unit, const char *filename, unsigned line, @@ -2045,18 +2094,18 @@ int config_parse_syscall_archs( void *data, void *userdata) { - ExecContext *c = data; + Set **archs = data; char *w, *state; size_t l; int r; if (isempty(rvalue)) { - set_free(c->syscall_archs); - c->syscall_archs = NULL; + set_free(*archs); + *archs = NULL; return 0; } - r = set_ensure_allocated(&c->syscall_archs, trivial_hash_func, trivial_compare_func); + r = set_ensure_allocated(archs, trivial_hash_func, trivial_compare_func); if (r < 0) return log_oom(); @@ -2074,7 +2123,7 @@ int config_parse_syscall_archs( continue; } - r = set_put(c->syscall_archs, UINT32_TO_PTR(a + 1)); + r = set_put(*archs, UINT32_TO_PTR(a + 1)); if (r == -EEXIST) continue; if (r < 0) @@ -2831,7 +2880,7 @@ void unit_dump_config_items(FILE *f) { const ConfigParserCallback callback; const char *rvalue; } table[] = { -#if !defined(HAVE_SYSV_COMPAT) || !defined(HAVE_SECCOMP) +#if !defined(HAVE_SYSV_COMPAT) || !defined(HAVE_SECCOMP) || !defined(HAVE_LIBWRAP) || !defined(HAVE_PAM) || !defined(HAVE_SELINUX) || !defined(HAVE_SMACK) { config_parse_warn_compat, "NOTSUPPORTED" }, #endif { config_parse_int, "INTEGER" }, @@ -2894,6 +2943,7 @@ void unit_dump_config_items(FILE *f) { { config_parse_environ, "ENVIRON" }, #ifdef HAVE_SECCOMP { config_parse_syscall_filter, "SYSCALLS" }, + { config_parse_syscall_archs, "ARCHS" }, { config_parse_syscall_errno, "ERRNO" }, #endif { config_parse_cpu_shares, "SHARES" }, @@ -2905,6 +2955,11 @@ void unit_dump_config_items(FILE *f) { { config_parse_blockio_device_weight, "DEVICEWEIGHT" }, { config_parse_long, "LONG" }, { config_parse_socket_service, "SERVICE" }, +#ifdef HAVE_SELINUX + { config_parse_exec_selinux_context, "LABEL" }, +#endif + { config_parse_job_mode, "MODE" }, + { config_parse_job_mode_isolate, "BOOLEAN" }, }; const char *prev = NULL;