dasharo/systemd
0
0
Fork 0
mirror of https://github.com/Dasharo/systemd.git synced 2026-03-06 15:02:31 -08:00
Code Issues Packages Projects Releases Wiki Activity

core/exec-invoke: don't duplicate needs_sandboxing condition

Browse Source
This commit is contained in:
Mike Yuan
2024-02-03 23:54:00 +08:00
parent 881dbad1f1
commit d3131ea28c
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/core/exec-invoke.c
View File

@@ -3090,6 +3090,7 @@ static int apply_mount_namespace(
const ExecParameters *params,
ExecRuntime *runtime,
const char *memory_pressure_path,
bool needs_sandboxing,
char **error_path) {
_cleanup_(verity_settings_done) VeritySettings verity = VERITY_SETTINGS_DEFAULT;
@@ -3099,7 +3100,7 @@ static int apply_mount_namespace(
*extension_dir = NULL, *host_os_release_stage = NULL, *root_image = NULL, *root_dir = NULL;
const char *tmp_dir = NULL, *var_tmp_dir = NULL;
char **read_write_paths;
bool needs_sandboxing, setup_os_release_symlink;
bool setup_os_release_symlink;
BindMount *bind_mounts = NULL;
size_t n_bind_mounts = 0;
int r;
@@ -3145,7 +3146,6 @@ static int apply_mount_namespace(
} else
read_write_paths = context->read_write_paths;
needs_sandboxing = (params->flags & EXEC_APPLY_SANDBOXING) && !(command_flags & EXEC_COMMAND_FULLY_PRIVILEGED);
if (needs_sandboxing) {
/* The runtime struct only contains the parent of the private /tmp, which is non-accessible
* to world users. Inside of it there's a /tmp that is sticky, and that's the one we want to
@@ -4738,7 +4738,13 @@ int exec_invoke(
if (needs_mount_namespace) {
_cleanup_free_ char *error_path = NULL;
r = apply_mount_namespace(command->flags, context, params, runtime, memory_pressure_path, &error_path);
r = apply_mount_namespace(command->flags,
context,
params,
runtime,
memory_pressure_path,
needs_sandboxing,
&error_path);
if (r < 0) {
*exit_status = EXIT_NAMESPACE;
return log_exec_error_errno(context, params, r, "Failed to set up mount namespacing%s%s: %m",