diff options
Diffstat (limited to 'src/core')
-rw-r--r-- | src/core/exec-credential.c | 21 | ||||
-rw-r--r-- | src/core/exec-invoke.c | 16 | ||||
-rw-r--r-- | src/core/execute-serialize.c | 56 | ||||
-rw-r--r-- | src/core/execute.c | 1 | ||||
-rw-r--r-- | src/core/load-dropin.c | 2 | ||||
-rw-r--r-- | src/core/load-dropin.h | 4 | ||||
-rw-r--r-- | src/core/socket.c | 4 | ||||
-rw-r--r-- | src/core/unit.c | 2 |
8 files changed, 63 insertions, 43 deletions
diff --git a/src/core/exec-credential.c b/src/core/exec-credential.c index f4cff57..6157ac4 100644 --- a/src/core/exec-credential.c +++ b/src/core/exec-credential.c @@ -353,6 +353,17 @@ static int load_credential_glob( _cleanup_(erase_and_freep) char *data = NULL; size_t size; + r = path_extract_filename(*p, &fn); + if (r < 0) + return log_debug_errno(r, "Failed to extract filename from '%s': %m", *p); + + if (faccessat(write_dfd, fn, F_OK, AT_SYMLINK_NOFOLLOW) >= 0) { + log_debug("Skipping credential with duplicated ID %s at %s", fn, *p); + continue; + } + if (errno != ENOENT) + return log_debug_errno(errno, "Failed to test if credential %s exists: %m", fn); + /* path is absolute, hence pass AT_FDCWD as nop dir fd here */ r = read_full_file_full( AT_FDCWD, @@ -365,10 +376,6 @@ static int load_credential_glob( if (r < 0) return log_debug_errno(r, "Failed to read credential '%s': %m", *p); - r = path_extract_filename(*p, &fn); - if (r < 0) - return log_debug_errno(r, "Failed to extract filename from '%s': %m", *p); - r = maybe_decrypt_and_write_credential( write_dfd, fn, @@ -378,8 +385,6 @@ static int load_credential_glob( ownership_ok, data, size, left); - if (r == -EEXIST) - continue; if (r < 0) return r; } @@ -717,8 +722,10 @@ static int acquire_credentials( * EEXIST if the credential already exists. That's because the TPM2-based decryption is kinda * slow and involved, hence it's nice to be able to skip that if the credential already * exists anyway. */ - if (faccessat(dfd, sc->id, F_OK, AT_SYMLINK_NOFOLLOW) >= 0) + if (faccessat(dfd, sc->id, F_OK, AT_SYMLINK_NOFOLLOW) >= 0) { + log_debug("Skipping credential with duplicated ID %s", sc->id); continue; + } if (errno != ENOENT) return log_debug_errno(errno, "Failed to test if credential %s exists: %m", sc->id); diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c index 09f98d3..5850a59 100644 --- a/src/core/exec-invoke.c +++ b/src/core/exec-invoke.c @@ -4402,14 +4402,6 @@ int exec_invoke( } } - if (context->nice_set) { - r = setpriority_closest(context->nice); - if (r < 0) { - *exit_status = EXIT_NICE; - return log_exec_error_errno(context, params, r, "Failed to set up process scheduling priority (nice level): %m"); - } - } - if (context->cpu_sched_set) { struct sched_attr attr = { .size = sizeof(attr), @@ -4425,6 +4417,14 @@ int exec_invoke( } } + if (context->nice_set) { + r = setpriority_closest(context->nice); + if (r < 0) { + *exit_status = EXIT_NICE; + return log_exec_error_errno(context, params, r, "Failed to set up process scheduling priority (nice level): %m"); + } + } + if (context->cpu_affinity_from_numa || context->cpu_set.set) { _cleanup_(cpu_set_reset) CPUSet converted_cpu_set = {}; const CPUSet *cpu_set; diff --git a/src/core/execute-serialize.c b/src/core/execute-serialize.c index ecd1e70..41b31e9 100644 --- a/src/core/execute-serialize.c +++ b/src/core/execute-serialize.c @@ -434,11 +434,11 @@ static int exec_cgroup_context_serialize(const CGroupContext *c, FILE *f) { if (r < 0) return r; - r = serialize_strv(f, "exec-cgroup-context-ip-ingress-filter-path=", c->ip_filters_ingress); + r = serialize_strv(f, "exec-cgroup-context-ip-ingress-filter-path", c->ip_filters_ingress); if (r < 0) return r; - r = serialize_strv(f, "exec-cgroup-context-ip-egress-filter-path=", c->ip_filters_egress); + r = serialize_strv(f, "exec-cgroup-context-ip-egress-filter-path", c->ip_filters_egress); if (r < 0) return r; @@ -1759,15 +1759,23 @@ static int exec_context_serialize(const ExecContext *c, FILE *f) { if (r < 0) return r; - r = serialize_item(f, "exec-context-working-directory", c->working_directory); + r = serialize_item_escaped(f, "exec-context-working-directory", c->working_directory); if (r < 0) return r; - r = serialize_item(f, "exec-context-root-directory", c->root_directory); + r = serialize_bool_elide(f, "exec-context-working-directory-missing-ok", c->working_directory_missing_ok); if (r < 0) return r; - r = serialize_item(f, "exec-context-root-image", c->root_image); + r = serialize_bool_elide(f, "exec-context-working-directory-home", c->working_directory_home); + if (r < 0) + return r; + + r = serialize_item_escaped(f, "exec-context-root-directory", c->root_directory); + if (r < 0) + return r; + + r = serialize_item_escaped(f, "exec-context-root-image", c->root_image); if (r < 0) return r; @@ -1982,14 +1990,6 @@ static int exec_context_serialize(const ExecContext *c, FILE *f) { return r; } - r = serialize_bool_elide(f, "exec-context-working-directory-missing-ok", c->working_directory_missing_ok); - if (r < 0) - return r; - - r = serialize_bool_elide(f, "exec-context-working-directory-home", c->working_directory_home); - if (r < 0) - return r; - if (c->oom_score_adjust_set) { r = serialize_item_format(f, "exec-context-oom-score-adjust", "%i", c->oom_score_adjust); if (r < 0) @@ -2627,17 +2627,29 @@ static int exec_context_deserialize(ExecContext *c, FILE *f) { if (r < 0) return r; } else if ((val = startswith(l, "exec-context-working-directory="))) { - r = free_and_strdup(&c->working_directory, val); - if (r < 0) - return r; + ssize_t k; + char *p; + + k = cunescape(val, 0, &p); + if (k < 0) + return k; + free_and_replace(c->working_directory, p); } else if ((val = startswith(l, "exec-context-root-directory="))) { - r = free_and_strdup(&c->root_directory, val); - if (r < 0) - return r; + ssize_t k; + char *p; + + k = cunescape(val, 0, &p); + if (k < 0) + return k; + free_and_replace(c->root_directory, p); } else if ((val = startswith(l, "exec-context-root-image="))) { - r = free_and_strdup(&c->root_image, val); - if (r < 0) - return r; + ssize_t k; + char *p; + + k = cunescape(val, 0, &p); + if (k < 0) + return k; + free_and_replace(c->root_image, p); } else if ((val = startswith(l, "exec-context-root-image-options="))) { for (;;) { _cleanup_free_ char *word = NULL, *mount_options = NULL, *partition = NULL; diff --git a/src/core/execute.c b/src/core/execute.c index 513e95e..f74665f 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -379,6 +379,7 @@ int exec_spawn( assert(ret); LOG_CONTEXT_PUSH_UNIT(unit); + LOG_CONTEXT_SET_LOG_LEVEL(context->log_level_max >= 0 ? context->log_level_max : log_get_max_level()); r = exec_context_load_environment(unit, context, ¶ms->files_env); if (r < 0) diff --git a/src/core/load-dropin.c b/src/core/load-dropin.c index fd45744..dc9c44e 100644 --- a/src/core/load-dropin.c +++ b/src/core/load-dropin.c @@ -102,7 +102,7 @@ int unit_load_dropin(Unit *u) { return r; /* Load .conf dropins */ - r = unit_find_dropin_paths(u, &l); + r = unit_find_dropin_paths(u, /* use_unit_path_cache = */ true, &l); if (r <= 0) return 0; diff --git a/src/core/load-dropin.h b/src/core/load-dropin.h index f0b87d3..141bc7d 100644 --- a/src/core/load-dropin.h +++ b/src/core/load-dropin.h @@ -6,12 +6,12 @@ /* Read service data supplementary drop-in directories */ -static inline int unit_find_dropin_paths(Unit *u, char ***paths) { +static inline int unit_find_dropin_paths(Unit *u, bool use_unit_path_cache, char ***paths) { assert(u); return unit_file_find_dropin_paths(NULL, u->manager->lookup_paths.search_path, - u->manager->unit_path_cache, + use_unit_path_cache ? u->manager->unit_path_cache : NULL, ".d", ".conf", u->id, u->aliases, paths); diff --git a/src/core/socket.c b/src/core/socket.c index 41147d4..0694fe7 100644 --- a/src/core/socket.c +++ b/src/core/socket.c @@ -2481,7 +2481,7 @@ static int socket_start(Unit *u) { /* If the service is already active we cannot start the * socket */ if (!IN_SET(service->state, - SERVICE_DEAD, SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_FAILED, SERVICE_FAILED_BEFORE_AUTO_RESTART, + SERVICE_DEAD, SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_DEAD_RESOURCES_PINNED, SERVICE_FAILED, SERVICE_FAILED_BEFORE_AUTO_RESTART, SERVICE_AUTO_RESTART, SERVICE_AUTO_RESTART_QUEUED)) return log_unit_error_errno(u, SYNTHETIC_ERRNO(EBUSY), "Socket service %s already active, refusing.", UNIT(service)->id); @@ -3369,7 +3369,7 @@ static void socket_trigger_notify(Unit *u, Unit *other) { return; if (IN_SET(SERVICE(other)->state, - SERVICE_DEAD, SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_FAILED, SERVICE_FAILED_BEFORE_AUTO_RESTART, + SERVICE_DEAD, SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_DEAD_RESOURCES_PINNED, SERVICE_FAILED, SERVICE_FAILED_BEFORE_AUTO_RESTART, SERVICE_FINAL_SIGTERM, SERVICE_FINAL_SIGKILL, SERVICE_AUTO_RESTART, SERVICE_AUTO_RESTART_QUEUED)) socket_enter_listening(s); diff --git a/src/core/unit.c b/src/core/unit.c index 01c9983..4ca7dc4 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -3831,7 +3831,7 @@ bool unit_need_daemon_reload(Unit *u) { if (u->load_state == UNIT_LOADED) { _cleanup_strv_free_ char **dropins = NULL; - (void) unit_find_dropin_paths(u, &dropins); + (void) unit_find_dropin_paths(u, /* use_unit_path_cache = */ false, &dropins); if (!strv_equal(u->dropin_paths, dropins)) return true; |