diff options
| author | Lennart Poettering <lennart@poettering.net> | 2021-11-09 18:23:36 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2021-11-09 18:32:15 +0100 |
| commit | d3689b94353d5f29b9d99d80bf6d888bd4eb70cc (patch) | |
| tree | 179541a14e8158783d325bdb66193e8cc2ecc753 | |
| parent | a1dfd585c4a3a737b0c4b61e82148bbdfd201733 (diff) | |
| download | systemd-d3689b94353d5f29b9d99d80bf6d888bd4eb70cc.tar.gz | |
nspawn: use three boolean fields from settings file when actually set
Let's turn these three fields into tristates, so that we can distinguish
whether they are not configured at all from explicitly turned off.
Let#s then use this to ensure that we only copy the settings fields into
our execution environment if they are actually configured.
We already do this for some of the boolean settings, this adds it for
the missing ones.
The goal here is to ensure that an empty settings file used in
--settings=override mode (i.e. the default mode used in the
systemd-nspawn@.service unit) is truly a NOP.
| -rw-r--r-- | src/nspawn/nspawn-gperf.gperf | 6 | ||||
| -rw-r--r-- | src/nspawn/nspawn-settings.c | 4 | ||||
| -rw-r--r-- | src/nspawn/nspawn-settings.h | 6 | ||||
| -rw-r--r-- | src/nspawn/nspawn.c | 9 |
4 files changed, 16 insertions, 9 deletions
diff --git a/src/nspawn/nspawn-gperf.gperf b/src/nspawn/nspawn-gperf.gperf index 4af00c8d95..d25bef7468 100644 --- a/src/nspawn/nspawn-gperf.gperf +++ b/src/nspawn/nspawn-gperf.gperf @@ -20,7 +20,7 @@ struct ConfigPerfItem; %includes %% Exec.Boot, config_parse_boot, 0, 0 -Exec.Ephemeral, config_parse_bool, 0, offsetof(Settings, ephemeral) +Exec.Ephemeral, config_parse_tristate, 0, offsetof(Settings, ephemeral) Exec.ProcessTwo, config_parse_pid2, 0, 0 Exec.Parameters, config_parse_strv, 0, offsetof(Settings, parameters) Exec.Environment, config_parse_strv, 0, offsetof(Settings, environment) @@ -34,7 +34,7 @@ Exec.MachineID, config_parse_id128, 0, of Exec.WorkingDirectory, config_parse_path, 0, offsetof(Settings, working_directory) Exec.PivotRoot, config_parse_pivot_root, 0, 0 Exec.PrivateUsers, config_parse_private_users, 0, 0 -Exec.NotifyReady, config_parse_bool, 0, offsetof(Settings, notify_ready) +Exec.NotifyReady, config_parse_tristate, 0, offsetof(Settings, notify_ready) Exec.SystemCallFilter, config_parse_syscall_filter, 0, 0, Exec.LimitCPU, config_parse_rlimit, RLIMIT_CPU, offsetof(Settings, rlimit) Exec.LimitFSIZE, config_parse_rlimit, RLIMIT_FSIZE, offsetof(Settings, rlimit) @@ -59,7 +59,7 @@ Exec.CPUAffinity, config_parse_cpu_affinity, 0, 0 Exec.ResolvConf, config_parse_resolv_conf, 0, offsetof(Settings, resolv_conf) Exec.LinkJournal, config_parse_link_journal, 0, 0 Exec.Timezone, config_parse_timezone, 0, offsetof(Settings, timezone) -Exec.SuppressSync, config_parse_bool, 0, offsetof(Settings, suppress_sync) +Exec.SuppressSync, config_parse_tristate, 0, offsetof(Settings, suppress_sync) Files.ReadOnly, config_parse_tristate, 0, offsetof(Settings, read_only) Files.Volatile, config_parse_volatile_mode, 0, offsetof(Settings, volatile_mode) Files.Bind, config_parse_bind, 0, 0 diff --git a/src/nspawn/nspawn-settings.c b/src/nspawn/nspawn-settings.c index c63b8da23a..1f58bf3ed4 100644 --- a/src/nspawn/nspawn-settings.c +++ b/src/nspawn/nspawn-settings.c @@ -27,6 +27,7 @@ Settings *settings_new(void) { *s = (Settings) { .start_mode = _START_MODE_INVALID, + .ephemeral = -1, .personality = PERSONALITY_INVALID, .resolv_conf = _RESOLV_CONF_MODE_INVALID, @@ -57,6 +58,9 @@ Settings *settings_new(void) { .clone_ns_flags = ULONG_MAX, .use_cgns = -1, + + .notify_ready = -1, + .suppress_sync = -1, }; return s; diff --git a/src/nspawn/nspawn-settings.h b/src/nspawn/nspawn-settings.h index 797e383401..59397ca54b 100644 --- a/src/nspawn/nspawn-settings.h +++ b/src/nspawn/nspawn-settings.h @@ -162,7 +162,7 @@ typedef struct OciHook { typedef struct Settings { /* [Exec] */ StartMode start_mode; - bool ephemeral; + int ephemeral; char **parameters; char **environment; char *user; @@ -177,7 +177,7 @@ typedef struct Settings { char *pivot_root_old; UserNamespaceMode userns_mode; uid_t uid_shift, uid_range; - bool notify_ready; + int notify_ready; char **syscall_allow_list; char **syscall_deny_list; struct rlimit *rlimit[_RLIMIT_MAX]; @@ -190,7 +190,7 @@ typedef struct Settings { LinkJournal link_journal; bool link_journal_try; TimezoneMode timezone; - bool suppress_sync; + int suppress_sync; /* [Files] */ int read_only; diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index f8f9e72421..25075d2b46 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -4284,7 +4284,8 @@ static int merge_settings(Settings *settings, const char *path) { strv_free_and_replace(arg_parameters, settings->parameters); } - if ((arg_settings_mask & SETTING_EPHEMERAL) == 0) + if ((arg_settings_mask & SETTING_EPHEMERAL) == 0 && + settings->ephemeral >= 0) arg_ephemeral = settings->ephemeral; if ((arg_settings_mask & SETTING_DIRECTORY) == 0 && @@ -4454,7 +4455,8 @@ static int merge_settings(Settings *settings, const char *path) { if ((arg_settings_mask & SETTING_BIND_USER) == 0) strv_free_and_replace(arg_bind_user, settings->bind_user); - if ((arg_settings_mask & SETTING_NOTIFY_READY) == 0) + if ((arg_settings_mask & SETTING_NOTIFY_READY) == 0 && + settings->notify_ready >= 0) arg_notify_ready = settings->notify_ready; if ((arg_settings_mask & SETTING_SYSCALL_FILTER) == 0) { @@ -4577,7 +4579,8 @@ static int merge_settings(Settings *settings, const char *path) { arg_console_mode = settings->console_mode; } - if ((arg_settings_mask & SETTING_SUPPRESS_SYNC) == 0) + if ((arg_settings_mask & SETTING_SUPPRESS_SYNC) == 0 && + settings->suppress_sync >= 0) arg_suppress_sync = settings->suppress_sync; /* The following properties can only be set through the OCI settings logic, not from the command line, hence we |