diff options
Diffstat (limited to 'src/shared')
-rw-r--r-- | src/shared/bus-unit-util.c | 14 | ||||
-rw-r--r-- | src/shared/bus-util.c | 2 | ||||
-rw-r--r-- | src/shared/nsflags.c | 49 | ||||
-rw-r--r-- | src/shared/nsflags.h | 13 | ||||
-rw-r--r-- | src/shared/seccomp-util.c | 2 |
5 files changed, 24 insertions, 56 deletions
diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c index fc035e796e..539a7b4d9d 100644 --- a/src/shared/bus-unit-util.c +++ b/src/shared/bus-unit-util.c @@ -1008,12 +1008,7 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con if (streq(field, "RestrictNamespaces")) { bool invert = false; - unsigned long flags = 0; - - if (eq[0] == '~') { - invert = true; - eq++; - } + unsigned long flags; r = parse_boolean(eq); if (r > 0) @@ -1021,7 +1016,12 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con else if (r == 0) flags = NAMESPACE_FLAGS_ALL; else { - r = namespace_flag_from_string_many(eq, &flags); + if (eq[0] == '~') { + invert = true; + eq++; + } + + r = namespace_flags_from_string(eq, &flags); if (r < 0) return log_error_errno(r, "Failed to parse %s value %s.", field, eq); } diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c index 1564966e52..ed30edfb60 100644 --- a/src/shared/bus-util.c +++ b/src/shared/bus-util.c @@ -716,7 +716,7 @@ int bus_print_property(const char *name, sd_bus_message *m, bool value, bool all else if ((u & NAMESPACE_FLAGS_ALL) == NAMESPACE_FLAGS_ALL) result = "no"; else { - r = namespace_flag_to_string_many(u, &s); + r = namespace_flags_to_string(u, &s); if (r < 0) return r; diff --git a/src/shared/nsflags.c b/src/shared/nsflags.c index 4e01976d58..baac16bbb4 100644 --- a/src/shared/nsflags.c +++ b/src/shared/nsflags.c @@ -25,32 +25,7 @@ const struct namespace_flag_map namespace_flag_map[] = { {} }; -const char* namespace_flag_to_string(unsigned long flag) { - unsigned i; - - flag &= NAMESPACE_FLAGS_ALL; - - for (i = 0; namespace_flag_map[i].name; i++) - if (flag == namespace_flag_map[i].flag) - return namespace_flag_map[i].name; - - return NULL; /* either unknown namespace flag, or a combination of many. This call supports neither. */ -} - -unsigned long namespace_flag_from_string(const char *name) { - unsigned i; - - if (isempty(name)) - return 0; - - for (i = 0; namespace_flag_map[i].name; i++) - if (streq(name, namespace_flag_map[i].name)) - return namespace_flag_map[i].flag; - - return 0; -} - -int namespace_flag_from_string_many(const char *name, unsigned long *ret) { +int namespace_flags_from_string(const char *name, unsigned long *ret) { unsigned long flags = 0; int r; @@ -58,7 +33,8 @@ int namespace_flag_from_string_many(const char *name, unsigned long *ret) { for (;;) { _cleanup_free_ char *word = NULL; - unsigned long f; + unsigned long f = 0; + unsigned i; r = extract_first_word(&name, &word, NULL, 0); if (r < 0) @@ -66,7 +42,12 @@ int namespace_flag_from_string_many(const char *name, unsigned long *ret) { if (r == 0) break; - f = namespace_flag_from_string(word); + for (i = 0; namespace_flag_map[i].name; i++) + if (streq(word, namespace_flag_map[i].name)) { + f = namespace_flag_map[i].flag; + break; + } + if (f == 0) return -EINVAL; @@ -77,7 +58,7 @@ int namespace_flag_from_string_many(const char *name, unsigned long *ret) { return 0; } -int namespace_flag_to_string_many(unsigned long flags, char **ret) { +int namespace_flags_to_string(unsigned long flags, char **ret) { _cleanup_free_ char *s = NULL; unsigned i; @@ -85,14 +66,8 @@ int namespace_flag_to_string_many(unsigned long flags, char **ret) { if ((flags & namespace_flag_map[i].flag) != namespace_flag_map[i].flag) continue; - if (!s) { - s = strdup(namespace_flag_map[i].name); - if (!s) - return -ENOMEM; - } else { - if (!strextend(&s, " ", namespace_flag_map[i].name, NULL)) - return -ENOMEM; - } + if (!strextend_with_separator(&s, " ", namespace_flag_map[i].name, NULL)) + return -ENOMEM; } if (!s) { diff --git a/src/shared/nsflags.h b/src/shared/nsflags.h index c5bc83e723..2133a6c1be 100644 --- a/src/shared/nsflags.h +++ b/src/shared/nsflags.h @@ -24,17 +24,10 @@ CLONE_NEWUSER| \ CLONE_NEWUTS)) -const char* namespace_flag_to_string(unsigned long flag); -unsigned long namespace_flag_from_string(const char *name); -int namespace_flag_from_string_many(const char *name, unsigned long *ret); -int namespace_flag_to_string_many(unsigned long flags, char **ret); +#define NAMESPACE_FLAGS_INITIAL ((unsigned long) -1) -static inline int namespace_flag_to_string_many_with_check(unsigned long n, char **s) { - if ((n & NAMESPACE_FLAGS_ALL) != n) - return -EINVAL; - - return namespace_flag_to_string_many(n, s); -} +int namespace_flags_from_string(const char *name, unsigned long *ret); +int namespace_flags_to_string(unsigned long flags, char **ret); struct namespace_flag_map { unsigned long flag; diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index 8332942002..cddfc05bd3 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -1007,7 +1007,7 @@ int seccomp_restrict_namespaces(unsigned long retain) { if (DEBUG_LOGGING) { _cleanup_free_ char *s = NULL; - (void) namespace_flag_to_string_many(retain, &s); + (void) namespace_flags_to_string(retain, &s); log_debug("Restricting namespace to: %s.", strna(s)); } |