chiark / gitweb /
~ianmdlvl / elogind.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e567439)
core: don't override NoNewPriviliges= from SystemCallFilter= if it is already explici...
authorLennart Poettering <lennart@poettering.net>
Wed, 5 Mar 2014 03:41:01 +0000 (04:41 +0100)
committerLennart Poettering <lennart@poettering.net>
Wed, 5 Mar 2014 03:41:01 +0000 (04:41 +0100)
src/core/execute.h patch | blob | history
src/core/load-fragment-gperf.gperf.m4 patch | blob | history
src/core/load-fragment.c patch | blob | history
src/core/load-fragment.h patch | blob | history

diff --git a/src/core/execute.h b/src/core/execute.h
index a3336573280ba4cbdb558d5dc314f9b31103e292..9fcea121fa8211a036ff07d1cb7ee852ab776999 100644 (file)
--- a/src/core/execute.h
+++ b/src/core/execute.h
@@ -185,6 +185,7 @@ struct ExecContext {
         bool nice_set:1;
         bool ioprio_set:1;
         bool cpu_sched_set:1;
+        bool no_new_privileges_set:1;
 };
 
 #include "cgroup.h"
diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
index 7bdee13faae13b08b4187314193805ca385dd938..5604ee975d6992004008d8478209f16d965f98ca 100644 (file)
--- a/src/core/load-fragment-gperf.gperf.m4
+++ b/src/core/load-fragment-gperf.gperf.m4
@@ -48,7 +48,7 @@ $1.Capabilities,                 config_parse_exec_capabilities,     0,
 $1.SecureBits,                   config_parse_exec_secure_bits,      0,                             offsetof($1, exec_context)
 $1.CapabilityBoundingSet,        config_parse_bounding_set,          0,                             offsetof($1, exec_context.capability_bounding_set_drop)
 $1.TimerSlackNSec,               config_parse_nsec,                  0,                             offsetof($1, exec_context.timer_slack_nsec)
-$1.NoNewPrivileges,              config_parse_bool,                  0,                             offsetof($1, exec_context.no_new_privileges)
+$1.NoNewPrivileges,              config_parse_no_new_priviliges,     0,                             offsetof($1, exec_context)
 m4_ifdef(`HAVE_SECCOMP',
 `$1.SystemCallFilter,            config_parse_syscall_filter,        0,                             offsetof($1, exec_context)
 $1.SystemCallArchitectures,      config_parse_syscall_archs,         0,                             offsetof($1, exec_context.syscall_archs)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 5628d8c910df94530471c462a33568feb08d5144..18dab02cd771058d0be83708f40fdc829ad74a31 100644 (file)
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -2122,7 +2122,10 @@ int config_parse_syscall_filter(
                         set_remove(c->syscall_filter, INT_TO_PTR(id + 1));
         }
 
-        c->no_new_privileges = true;
+        /* Turn on NNP, but only if it wasn't configured explicitly
+         * before, and only if we are in user mode. */
+        if (!c->no_new_privileges_set && u->manager->running_as == SYSTEMD_USER)
+                c->no_new_privileges = true;
 
         return 0;
 }
@@ -2902,6 +2905,38 @@ int config_parse_namespace_path_strv(
         return 0;
 }
 
+int config_parse_no_new_priviliges(
+                const char* unit,
+                const char *filename,
+                unsigned line,
+                const char *section,
+                unsigned section_line,
+                const char *lvalue,
+                int ltype,
+                const char *rvalue,
+                void *data,
+                void *userdata) {
+
+        ExecContext *c = data;
+        int k;
+
+        assert(filename);
+        assert(lvalue);
+        assert(rvalue);
+        assert(data);
+
+        k = parse_boolean(rvalue);
+        if (k < 0) {
+                log_syntax(unit, LOG_ERR, filename, line, -k, "Failed to parse boolean value, ignoring: %s", rvalue);
+                return 0;
+        }
+
+        c->no_new_privileges = !!k;
+        c->no_new_privileges_set = true;
+
+        return 0;
+}
+
 #define FOLLOW_MAX 8
 
 static int open_follow(char **filename, FILE **_f, Set *names, char **_final) {
diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h
index 73f6db72edf5b2b70edee775c5691a36deb345c2..fabbda212da8a612b26e6aa704067349370fa34d 100644 (file)
--- a/src/core/load-fragment.h
+++ b/src/core/load-fragment.h
@@ -94,6 +94,7 @@ int config_parse_address_families(const char *unit, const char *filename, unsign
 int config_parse_runtime_directory(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
 int config_parse_set_status(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
 int config_parse_namespace_path_strv(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_no_new_priviliges(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
 
 /* gperf prototypes */
 const struct ConfigPerfItem* load_fragment_gperf_lookup(const char *key, unsigned length);
Unnamed repository; edit this file 'description' to name the repository.