diff options
| author | Mike Yuan <me@yhndnzj.com> | 2024-06-18 16:18:56 +0200 |
|---|---|---|
| committer | Mike Yuan <me@yhndnzj.com> | 2024-06-21 17:31:44 +0200 |
| commit | 9d50d053f327e5471a514bc36487bfc3358c15d8 (patch) | |
| tree | f464e0de7a484277351256c17c55d080266b7c4e /src/core/load-fragment.c | |
| parent | core/namespace: add assertion for PRIVATE_TMP_CONNECTED (diff) | |
| download | systemd-9d50d053f327e5471a514bc36487bfc3358c15d8.tar.xz systemd-9d50d053f327e5471a514bc36487bfc3358c15d8.zip | |
core: expose PrivateTmp=disconnected
As discussed in https://github.com/systemd/systemd/pull/32724#discussion_r1638963071
I don't find the opposite reasoning particularly convincing.
We have ProtectHome=tmpfs and friends, and those can be
pretty much trivially implemented through TemporaryFileSystem=
too. The new logic brings many benefits, and is completely generic,
hence I see no reason not to expose it. We can even get more tests
for the code path if we make it public.
Diffstat (limited to 'src/core/load-fragment.c')
| -rw-r--r-- | src/core/load-fragment.c | 29 |
1 files changed, 1 insertions, 28 deletions
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index 3701270ab5..deeeafe2b8 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -133,6 +133,7 @@ DEFINE_CONFIG_PARSE_ENUM(config_parse_device_policy, cgroup_device_policy, CGrou DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_keyring_mode, exec_keyring_mode, ExecKeyringMode, "Failed to parse keyring mode"); DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_proc, protect_proc, ProtectProc, "Failed to parse /proc/ protection mode"); DEFINE_CONFIG_PARSE_ENUM(config_parse_proc_subset, proc_subset, ProcSubset, "Failed to parse /proc/ subset mode"); +DEFINE_CONFIG_PARSE_ENUM(config_parse_private_tmp, private_tmp, PrivateTmp, "Failed to parse private tmp value"); DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_utmp_mode, exec_utmp_mode, ExecUtmpMode, "Failed to parse utmp mode"); DEFINE_CONFIG_PARSE_ENUM(config_parse_job_mode, job_mode, JobMode, "Failed to parse job mode"); DEFINE_CONFIG_PARSE_ENUM(config_parse_notify_access, notify_access, NotifyAccess, "Failed to parse notify access specifier"); @@ -5199,34 +5200,6 @@ int config_parse_temporary_filesystems( } } -int config_parse_private_tmp( - const char* unit, - const char *filename, - unsigned line, - const char *section, - unsigned section_line, - const char *lvalue, - int ltype, - const char *rvalue, - void *data, - void *userdata) { - - ExecContext *c = ASSERT_PTR(data); - int r; - - assert(filename); - assert(rvalue); - - r = parse_boolean(rvalue); - if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse boolean value: %s ignoring", rvalue); - return 0; - } - - c->private_tmp = r ? PRIVATE_TMP_CONNECTED : PRIVATE_TMP_OFF; - return 0; -} - int config_parse_bind_paths( const char *unit, const char *filename, |