X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fcore%2Fsocket.c;h=68e21e60ac9356dd032d97e39ccde62b9442a540;hb=671174136525ddf208cdbe75d6d6bd159afa961f;hp=34ce1b1ffd54c6f84da894447aad23295884921f;hpb=cf8bd44339b00330fdbc91041d6731ba8aba9fec;p=elogind.git diff --git a/src/core/socket.c b/src/core/socket.c index 34ce1b1ff..68e21e60a 100644 --- a/src/core/socket.c +++ b/src/core/socket.c @@ -31,10 +31,6 @@ #include #include -#ifdef HAVE_SELINUX -#include -#endif - #include "sd-event.h" #include "log.h" #include "load-dropin.h" @@ -475,6 +471,7 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) { assert(s); assert(f); + prefix = strempty(prefix); prefix2 = strappenda(prefix, "\t"); fprintf(f, @@ -492,8 +489,7 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) { "%sPassCredentials: %s\n" "%sPassSecurity: %s\n" "%sTCPCongestion: %s\n" - "%sRemoveOnStop: %s\n" - "%sSELinuxLabelViaNet: %s\n", + "%sRemoveOnStop: %s\n", prefix, socket_state_to_string(s->state), prefix, socket_result_to_string(s->result), prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only), @@ -508,8 +504,7 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) { prefix, yes_no(s->pass_cred), prefix, yes_no(s->pass_sec), prefix, strna(s->tcp_congestion), - prefix, yes_no(s->remove_on_stop), - prefix, yes_no(s->selinux_label_via_net)); + prefix, yes_no(s->remove_on_stop)); if (s->control_pid > 0) fprintf(f, @@ -602,28 +597,25 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) { prefix, strna(s->user), prefix, strna(s->group)); - if(s->keep_alive_time) + if (s->keep_alive_time > 0) fprintf(f, - "%sKeepAliveTime: %s\n", - prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, - s->keep_alive_time, USEC_PER_SEC)); + "%sKeepAliveTimeSec: %s\n", + prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC)); - if(s->keep_alive_interval) + if (s->keep_alive_interval) fprintf(f, - "%sKeepAliveInterval: %s\n", - prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, - s->keep_alive_interval, USEC_PER_SEC)); + "%sKeepAliveIntervalSec: %s\n", + prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC)); - if(s->keep_alive_cnt) + if (s->keep_alive_cnt) fprintf(f, "%sKeepAliveProbes: %u\n", prefix, s->keep_alive_cnt); - if(s->defer_accept) + if (s->defer_accept) fprintf(f, - "%sDeferAccept: %s\n", - prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, - s->defer_accept, USEC_PER_SEC)); + "%sDeferAcceptSec: %s\n", + prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC)); LIST_FOREACH(port, p, s->ports) { @@ -1136,14 +1128,7 @@ static int socket_open_fds(Socket *s) { continue; if (p->type == SOCKET_SOCKET) { -#ifdef HAVE_SELINUX - if (!know_label && s->selinux_label_via_net) { - r = getcon(&label); - if (r < 0) - return r; - know_label = true; - } -#endif + if (!know_label) { r = socket_instantiate_service(s); @@ -1373,6 +1358,11 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) { _cleanup_free_ char **argv = NULL; pid_t pid; int r; + ExecParameters exec_params = { + .apply_permissions = true, + .apply_chroot = true, + .apply_tty_stdin = true, + }; assert(s); assert(c); @@ -1392,21 +1382,17 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) { if (r < 0) goto fail; + exec_params.argv = argv; + exec_params.environment = UNIT(s)->manager->environment; + exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn; + exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported; + exec_params.cgroup_path = UNIT(s)->cgroup_path; + exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager); + exec_params.unit_id = UNIT(s)->id; + r = exec_spawn(c, - argv, &s->exec_context, - NULL, 0, - UNIT(s)->manager->environment, - true, - true, - true, - UNIT(s)->manager->confirm_spawn, - UNIT(s)->manager->cgroup_supported, - UNIT(s)->cgroup_path, - manager_get_runtime_prefix(UNIT(s)->manager), - UNIT(s)->id, - 0, - NULL, + &exec_params, s->exec_runtime, &pid); if (r < 0) @@ -1842,9 +1828,6 @@ static void socket_enter_running(Socket *s, int cfd) { cfd = -1; s->n_connections ++; - if (s->selinux_label_via_net) - service->exec_context.selinux_label_via_net = true; - r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL); if (r < 0) goto fail;