diff options
| -rw-r--r-- | src/basic/special.h | 4 | ||||
| -rw-r--r-- | src/basic/unit-name.c | 25 | ||||
| -rw-r--r-- | src/basic/unit-name.h | 2 | ||||
| -rw-r--r-- | src/core/service.c | 5 | ||||
| -rw-r--r-- | src/test/test-unit-name.c | 19 |
5 files changed, 55 insertions, 0 deletions
diff --git a/src/basic/special.h b/src/basic/special.h index add1c1d507..6475501078 100644 --- a/src/basic/special.h +++ b/src/basic/special.h @@ -105,3 +105,7 @@ /* The root directory. */ #define SPECIAL_ROOT_MOUNT "-.mount" + +/* Used to apply settings to all services through drop-ins. + * Should not exist as an actual service. */ +#define SPECIAL_ROOT_SERVICE "-.service" diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c index 4226f3014d..ecbf5ae7f5 100644 --- a/src/basic/unit-name.c +++ b/src/basic/unit-name.c @@ -665,6 +665,31 @@ good: return 0; } +bool service_unit_name_is_valid(const char *name) { + _cleanup_free_ char *prefix = NULL, *s = NULL; + const char *e, *service_name = name; + + if (!unit_name_is_valid(name, UNIT_NAME_ANY)) + return false; + + e = endswith(name, ".service"); + if (!e) + return false; + + /* If it's a template or instance, get the prefix as a service name. */ + if (unit_name_is_valid(name, UNIT_NAME_INSTANCE|UNIT_NAME_TEMPLATE)) { + assert_se(unit_name_to_prefix(name, &prefix) == 0); + assert_se(s = strjoin(prefix, ".service")); + service_name = s; + } + + /* Reject reserved service name(s). */ + if (streq(service_name, SPECIAL_ROOT_SERVICE)) + return false; + + return true; +} + int slice_build_parent_slice(const char *slice, char **ret) { char *s, *dash; int r; diff --git a/src/basic/unit-name.h b/src/basic/unit-name.h index 2e060ff3e8..ddcfc1b349 100644 --- a/src/basic/unit-name.h +++ b/src/basic/unit-name.h @@ -58,6 +58,8 @@ static inline int unit_name_mangle(const char *name, UnitNameMangle flags, char return unit_name_mangle_with_suffix(name, flags, ".service", ret); } +bool service_unit_name_is_valid(const char *name); + int slice_build_parent_slice(const char *slice, char **ret); int slice_build_subslice(const char *slice, const char *name, char **subslice); bool slice_name_is_valid(const char *name); diff --git a/src/core/service.c b/src/core/service.c index ada25e634a..6880b24535 100644 --- a/src/core/service.c +++ b/src/core/service.c @@ -552,6 +552,11 @@ static int service_verify(Service *s) { if (UNIT(s)->load_state != UNIT_LOADED) return 0; + if (!service_unit_name_is_valid(UNIT(s)->id)) { + log_unit_error(UNIT(s), "Service name is invalid or reserved. Refusing."); + return -ENOEXEC; + } + if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP] && UNIT(s)->success_action == EMERGENCY_ACTION_NONE) { /* FailureAction= only makes sense if one of the start or stop commands is specified. diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c index 25c649828e..aa072c4ca8 100644 --- a/src/test/test-unit-name.c +++ b/src/test/test-unit-name.c @@ -355,6 +355,24 @@ static void test_unit_name_build(void) { free(t); } +static void test_service_unit_name_is_valid(void) { + assert_se(service_unit_name_is_valid("foo.service")); + assert_se(service_unit_name_is_valid("foo@bar.service")); + assert_se(service_unit_name_is_valid("foo@bar@bar.service")); + assert_se(service_unit_name_is_valid("--.service")); + assert_se(service_unit_name_is_valid(".-.service")); + assert_se(service_unit_name_is_valid("-foo-bar.service")); + assert_se(service_unit_name_is_valid("-foo-bar-.service")); + assert_se(service_unit_name_is_valid("foo-bar-.service")); + + assert_se(!service_unit_name_is_valid("-.service")); + assert_se(!service_unit_name_is_valid("")); + assert_se(!service_unit_name_is_valid("foo.slice")); + assert_se(!service_unit_name_is_valid("@.service")); + assert_se(!service_unit_name_is_valid("@bar.service")); + assert_se(!service_unit_name_is_valid("-@.service")); +} + static void test_slice_name_is_valid(void) { assert_se( slice_name_is_valid(SPECIAL_ROOT_SLICE)); assert_se( slice_name_is_valid("foo.slice")); @@ -840,6 +858,7 @@ int main(int argc, char* argv[]) { test_unit_prefix_is_valid(); test_unit_name_change_suffix(); test_unit_name_build(); + test_service_unit_name_is_valid(); test_slice_name_is_valid(); test_build_subslice(); test_build_parent_slice(); |