summaryrefslogtreecommitdiffstats
path: root/src/core
diff options
context:
space:
mode:
Diffstat (limited to 'src/core')
-rw-r--r--src/core/exec-credential.c21
-rw-r--r--src/core/exec-invoke.c16
-rw-r--r--src/core/execute-serialize.c56
-rw-r--r--src/core/execute.c1
-rw-r--r--src/core/load-dropin.c2
-rw-r--r--src/core/load-dropin.h4
-rw-r--r--src/core/socket.c4
-rw-r--r--src/core/unit.c2
8 files changed, 63 insertions, 43 deletions
diff --git a/src/core/exec-credential.c b/src/core/exec-credential.c
index f4cff57..6157ac4 100644
--- a/src/core/exec-credential.c
+++ b/src/core/exec-credential.c
@@ -353,6 +353,17 @@ static int load_credential_glob(
_cleanup_(erase_and_freep) char *data = NULL;
size_t size;
+ r = path_extract_filename(*p, &fn);
+ if (r < 0)
+ return log_debug_errno(r, "Failed to extract filename from '%s': %m", *p);
+
+ if (faccessat(write_dfd, fn, F_OK, AT_SYMLINK_NOFOLLOW) >= 0) {
+ log_debug("Skipping credential with duplicated ID %s at %s", fn, *p);
+ continue;
+ }
+ if (errno != ENOENT)
+ return log_debug_errno(errno, "Failed to test if credential %s exists: %m", fn);
+
/* path is absolute, hence pass AT_FDCWD as nop dir fd here */
r = read_full_file_full(
AT_FDCWD,
@@ -365,10 +376,6 @@ static int load_credential_glob(
if (r < 0)
return log_debug_errno(r, "Failed to read credential '%s': %m", *p);
- r = path_extract_filename(*p, &fn);
- if (r < 0)
- return log_debug_errno(r, "Failed to extract filename from '%s': %m", *p);
-
r = maybe_decrypt_and_write_credential(
write_dfd,
fn,
@@ -378,8 +385,6 @@ static int load_credential_glob(
ownership_ok,
data, size,
left);
- if (r == -EEXIST)
- continue;
if (r < 0)
return r;
}
@@ -717,8 +722,10 @@ static int acquire_credentials(
* EEXIST if the credential already exists. That's because the TPM2-based decryption is kinda
* slow and involved, hence it's nice to be able to skip that if the credential already
* exists anyway. */
- if (faccessat(dfd, sc->id, F_OK, AT_SYMLINK_NOFOLLOW) >= 0)
+ if (faccessat(dfd, sc->id, F_OK, AT_SYMLINK_NOFOLLOW) >= 0) {
+ log_debug("Skipping credential with duplicated ID %s", sc->id);
continue;
+ }
if (errno != ENOENT)
return log_debug_errno(errno, "Failed to test if credential %s exists: %m", sc->id);
diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c
index 09f98d3..5850a59 100644
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@@ -4402,14 +4402,6 @@ int exec_invoke(
}
}
- if (context->nice_set) {
- r = setpriority_closest(context->nice);
- if (r < 0) {
- *exit_status = EXIT_NICE;
- return log_exec_error_errno(context, params, r, "Failed to set up process scheduling priority (nice level): %m");
- }
- }
-
if (context->cpu_sched_set) {
struct sched_attr attr = {
.size = sizeof(attr),
@@ -4425,6 +4417,14 @@ int exec_invoke(
}
}
+ if (context->nice_set) {
+ r = setpriority_closest(context->nice);
+ if (r < 0) {
+ *exit_status = EXIT_NICE;
+ return log_exec_error_errno(context, params, r, "Failed to set up process scheduling priority (nice level): %m");
+ }
+ }
+
if (context->cpu_affinity_from_numa || context->cpu_set.set) {
_cleanup_(cpu_set_reset) CPUSet converted_cpu_set = {};
const CPUSet *cpu_set;
diff --git a/src/core/execute-serialize.c b/src/core/execute-serialize.c
index ecd1e70..41b31e9 100644
--- a/src/core/execute-serialize.c
+++ b/src/core/execute-serialize.c
@@ -434,11 +434,11 @@ static int exec_cgroup_context_serialize(const CGroupContext *c, FILE *f) {
if (r < 0)
return r;
- r = serialize_strv(f, "exec-cgroup-context-ip-ingress-filter-path=", c->ip_filters_ingress);
+ r = serialize_strv(f, "exec-cgroup-context-ip-ingress-filter-path", c->ip_filters_ingress);
if (r < 0)
return r;
- r = serialize_strv(f, "exec-cgroup-context-ip-egress-filter-path=", c->ip_filters_egress);
+ r = serialize_strv(f, "exec-cgroup-context-ip-egress-filter-path", c->ip_filters_egress);
if (r < 0)
return r;
@@ -1759,15 +1759,23 @@ static int exec_context_serialize(const ExecContext *c, FILE *f) {
if (r < 0)
return r;
- r = serialize_item(f, "exec-context-working-directory", c->working_directory);
+ r = serialize_item_escaped(f, "exec-context-working-directory", c->working_directory);
if (r < 0)
return r;
- r = serialize_item(f, "exec-context-root-directory", c->root_directory);
+ r = serialize_bool_elide(f, "exec-context-working-directory-missing-ok", c->working_directory_missing_ok);
if (r < 0)
return r;
- r = serialize_item(f, "exec-context-root-image", c->root_image);
+ r = serialize_bool_elide(f, "exec-context-working-directory-home", c->working_directory_home);
+ if (r < 0)
+ return r;
+
+ r = serialize_item_escaped(f, "exec-context-root-directory", c->root_directory);
+ if (r < 0)
+ return r;
+
+ r = serialize_item_escaped(f, "exec-context-root-image", c->root_image);
if (r < 0)
return r;
@@ -1982,14 +1990,6 @@ static int exec_context_serialize(const ExecContext *c, FILE *f) {
return r;
}
- r = serialize_bool_elide(f, "exec-context-working-directory-missing-ok", c->working_directory_missing_ok);
- if (r < 0)
- return r;
-
- r = serialize_bool_elide(f, "exec-context-working-directory-home", c->working_directory_home);
- if (r < 0)
- return r;
-
if (c->oom_score_adjust_set) {
r = serialize_item_format(f, "exec-context-oom-score-adjust", "%i", c->oom_score_adjust);
if (r < 0)
@@ -2627,17 +2627,29 @@ static int exec_context_deserialize(ExecContext *c, FILE *f) {
if (r < 0)
return r;
} else if ((val = startswith(l, "exec-context-working-directory="))) {
- r = free_and_strdup(&c->working_directory, val);
- if (r < 0)
- return r;
+ ssize_t k;
+ char *p;
+
+ k = cunescape(val, 0, &p);
+ if (k < 0)
+ return k;
+ free_and_replace(c->working_directory, p);
} else if ((val = startswith(l, "exec-context-root-directory="))) {
- r = free_and_strdup(&c->root_directory, val);
- if (r < 0)
- return r;
+ ssize_t k;
+ char *p;
+
+ k = cunescape(val, 0, &p);
+ if (k < 0)
+ return k;
+ free_and_replace(c->root_directory, p);
} else if ((val = startswith(l, "exec-context-root-image="))) {
- r = free_and_strdup(&c->root_image, val);
- if (r < 0)
- return r;
+ ssize_t k;
+ char *p;
+
+ k = cunescape(val, 0, &p);
+ if (k < 0)
+ return k;
+ free_and_replace(c->root_image, p);
} else if ((val = startswith(l, "exec-context-root-image-options="))) {
for (;;) {
_cleanup_free_ char *word = NULL, *mount_options = NULL, *partition = NULL;
diff --git a/src/core/execute.c b/src/core/execute.c
index 513e95e..f74665f 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -379,6 +379,7 @@ int exec_spawn(
assert(ret);
LOG_CONTEXT_PUSH_UNIT(unit);
+ LOG_CONTEXT_SET_LOG_LEVEL(context->log_level_max >= 0 ? context->log_level_max : log_get_max_level());
r = exec_context_load_environment(unit, context, &params->files_env);
if (r < 0)
diff --git a/src/core/load-dropin.c b/src/core/load-dropin.c
index fd45744..dc9c44e 100644
--- a/src/core/load-dropin.c
+++ b/src/core/load-dropin.c
@@ -102,7 +102,7 @@ int unit_load_dropin(Unit *u) {
return r;
/* Load .conf dropins */
- r = unit_find_dropin_paths(u, &l);
+ r = unit_find_dropin_paths(u, /* use_unit_path_cache = */ true, &l);
if (r <= 0)
return 0;
diff --git a/src/core/load-dropin.h b/src/core/load-dropin.h
index f0b87d3..141bc7d 100644
--- a/src/core/load-dropin.h
+++ b/src/core/load-dropin.h
@@ -6,12 +6,12 @@
/* Read service data supplementary drop-in directories */
-static inline int unit_find_dropin_paths(Unit *u, char ***paths) {
+static inline int unit_find_dropin_paths(Unit *u, bool use_unit_path_cache, char ***paths) {
assert(u);
return unit_file_find_dropin_paths(NULL,
u->manager->lookup_paths.search_path,
- u->manager->unit_path_cache,
+ use_unit_path_cache ? u->manager->unit_path_cache : NULL,
".d", ".conf",
u->id, u->aliases,
paths);
diff --git a/src/core/socket.c b/src/core/socket.c
index 41147d4..0694fe7 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -2481,7 +2481,7 @@ static int socket_start(Unit *u) {
/* If the service is already active we cannot start the
* socket */
if (!IN_SET(service->state,
- SERVICE_DEAD, SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_FAILED, SERVICE_FAILED_BEFORE_AUTO_RESTART,
+ SERVICE_DEAD, SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_DEAD_RESOURCES_PINNED, SERVICE_FAILED, SERVICE_FAILED_BEFORE_AUTO_RESTART,
SERVICE_AUTO_RESTART, SERVICE_AUTO_RESTART_QUEUED))
return log_unit_error_errno(u, SYNTHETIC_ERRNO(EBUSY),
"Socket service %s already active, refusing.", UNIT(service)->id);
@@ -3369,7 +3369,7 @@ static void socket_trigger_notify(Unit *u, Unit *other) {
return;
if (IN_SET(SERVICE(other)->state,
- SERVICE_DEAD, SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_FAILED, SERVICE_FAILED_BEFORE_AUTO_RESTART,
+ SERVICE_DEAD, SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_DEAD_RESOURCES_PINNED, SERVICE_FAILED, SERVICE_FAILED_BEFORE_AUTO_RESTART,
SERVICE_FINAL_SIGTERM, SERVICE_FINAL_SIGKILL,
SERVICE_AUTO_RESTART, SERVICE_AUTO_RESTART_QUEUED))
socket_enter_listening(s);
diff --git a/src/core/unit.c b/src/core/unit.c
index 01c9983..4ca7dc4 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -3831,7 +3831,7 @@ bool unit_need_daemon_reload(Unit *u) {
if (u->load_state == UNIT_LOADED) {
_cleanup_strv_free_ char **dropins = NULL;
- (void) unit_find_dropin_paths(u, &dropins);
+ (void) unit_find_dropin_paths(u, /* use_unit_path_cache = */ false, &dropins);
if (!strv_equal(u->dropin_paths, dropins))
return true;