morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 00:14:32 +09:00
Code Issues Packages Projects Releases Wiki Activity

core/credential: split out unit_add_default_credential_dependencies()

Browse Source 
No functional change, just refactoring.
This commit is contained in:
Yu Watanabe
2023-08-12 15:06:43 +09:00
parent 602c74cf78
commit 7d202fb35d
3 changed files with 57 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
src/core/credential.c
View File

@@ -72,18 +72,63 @@ bool exec_context_has_encrypted_credentials(ExecContext *c) {
return false;
}
int exec_context_destroy_credentials(const ExecContext *c, const char *runtime_prefix, const char *unit) {
_cleanup_free_ char *p = NULL;
static int get_credential_directory(
const char *runtime_prefix,
const char *unit,
char **ret) {
assert(c);
char *p;
if (!runtime_prefix || !unit)
assert(ret);
if (!runtime_prefix || !unit) {
*ret = NULL;
return 0;
}
p = path_join(runtime_prefix, "credentials", unit);
if (!p)
return -ENOMEM;
*ret = p;
return 1;
}
int unit_add_default_credential_dependencies(Unit *u, const ExecContext *c) {
_cleanup_free_ char *p = NULL, *m = NULL;
int r;
assert(u);
assert(c);
if (!exec_context_has_credentials(c))
return 0;
/* Let's make sure the credentials directory of this service is unmounted *after* the service itself
* shuts down. This only matters if mount namespacing is not used for the service, and hence the
* credentials mount appears on the host. */
r = get_credential_directory(u->manager->prefix[EXEC_DIRECTORY_RUNTIME], u->id, &p);
if (r <= 0)
return r;
r = unit_name_from_path(p, ".mount", &m);
if (r < 0)
return r;
return unit_add_dependency_by_name(u, UNIT_AFTER, m, /* add_reference= */ true, UNIT_DEPENDENCY_FILE);
}
int exec_context_destroy_credentials(const ExecContext *c, const char *runtime_prefix, const char *unit) {
_cleanup_free_ char *p = NULL;
int r;
assert(c);
r = get_credential_directory(runtime_prefix, unit, &p);
if (r <= 0)
return r;
/* This is either a tmpfs/ramfs of its own, or a plain directory. Either way, let's first try to
* unmount it, and afterwards remove the mount point */
(void) umount2(p, MNT_DETACH|UMOUNT_NOFOLLOW);

3
src/core/credential.h
View File

@@ -9,6 +9,7 @@
typedef struct ExecContext ExecContext;
typedef struct ExecParameters ExecParameters;
typedef struct Unit Unit;
/* A credential configured with LoadCredential= */
typedef struct ExecLoadCredential {
@@ -36,6 +37,8 @@ extern const struct hash_ops exec_load_credential_hash_ops;
bool exec_context_has_encrypted_credentials(ExecContext *c);
bool exec_context_has_credentials(const ExecContext *c);
int unit_add_default_credential_dependencies(Unit *u, const ExecContext *c);
int exec_context_destroy_credentials(const ExecContext *c, const char *runtime_root, const char *unit);
int setup_credentials(
const ExecContext *context,

25
src/core/unit.c
View File

@@ -1376,31 +1376,16 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) {
r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_REQUIRES, varlink_socket_unit, true, UNIT_DEPENDENCY_FILE);
if (r < 0)
return r;
} else
} else {
r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_JOURNALD_SOCKET, true, UNIT_DEPENDENCY_FILE);
if (r < 0)
return r;
if (exec_context_has_credentials(c) && u->manager->prefix[EXEC_DIRECTORY_RUNTIME]) {
_cleanup_free_ char *p = NULL, *m = NULL;
/* Let's make sure the credentials directory of this service is unmounted *after* the service
* itself shuts down. This only matters if mount namespacing is not used for the service, and
* hence the credentials mount appears on the host. */
p = path_join(u->manager->prefix[EXEC_DIRECTORY_RUNTIME], "credentials", u->id);
if (!p)
return -ENOMEM;
r = unit_name_from_path(p, ".mount", &m);
if (r < 0)
return r;
r = unit_add_dependency_by_name(u, UNIT_AFTER, m, /* add_reference= */ true, UNIT_DEPENDENCY_FILE);
if (r < 0)
return r;
}
r = unit_add_default_credential_dependencies(u, c);
if (r < 0)
return r;
return 0;
}