summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/core/exec-invoke.c60
-rw-r--r--src/core/namespace.c8
-rw-r--r--src/shared/mount-setup.c2
3 files changed, 33 insertions, 37 deletions
diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c
index 1a734a972a..2873563c0b 100644
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@@ -2292,10 +2292,10 @@ static int setup_exec_directory(
gid = 0;
}
- for (size_t i = 0; i < context->directories[type].n_items; i++) {
+ FOREACH_ARRAY(i, context->directories[type].items, context->directories[type].n_items) {
_cleanup_free_ char *p = NULL, *pp = NULL;
- p = path_join(params->prefix[type], context->directories[type].items[i].path);
+ p = path_join(params->prefix[type], i->path);
if (!p) {
r = -ENOMEM;
goto fail;
@@ -2332,9 +2332,9 @@ static int setup_exec_directory(
* under the configuration hierarchy. */
if (type == EXEC_DIRECTORY_STATE)
- q = path_join(params->prefix[EXEC_DIRECTORY_CONFIGURATION], context->directories[type].items[i].path);
+ q = path_join(params->prefix[EXEC_DIRECTORY_CONFIGURATION], i->path);
else if (type == EXEC_DIRECTORY_LOGS)
- q = path_join(params->prefix[EXEC_DIRECTORY_CONFIGURATION], "log", context->directories[type].items[i].path);
+ q = path_join(params->prefix[EXEC_DIRECTORY_CONFIGURATION], "log", i->path);
else
assert_not_reached();
if (!q) {
@@ -2397,7 +2397,7 @@ static int setup_exec_directory(
if (r < 0)
goto fail;
- if (!path_extend(&pp, context->directories[type].items[i].path)) {
+ if (!path_extend(&pp, i->path)) {
r = -ENOMEM;
goto fail;
}
@@ -2431,7 +2431,7 @@ static int setup_exec_directory(
goto fail;
}
- if (!context->directories[type].items[i].only_create) {
+ if (!i->only_create) {
/* And link it up from the original place.
* Notes
* 1) If a mount namespace is going to be used, then this symlink remains on
@@ -2468,7 +2468,7 @@ static int setup_exec_directory(
if (r < 0)
goto fail;
- q = path_join(params->prefix[type], "private", context->directories[type].items[i].path);
+ q = path_join(params->prefix[type], "private", i->path);
if (!q) {
r = -ENOMEM;
goto fail;
@@ -2522,7 +2522,7 @@ static int setup_exec_directory(
params,
"%s \'%s\' already exists but the mode is different. "
"(File system: %o %sMode: %o)",
- exec_directory_type_to_string(type), context->directories[type].items[i].path,
+ exec_directory_type_to_string(type), i->path,
st.st_mode & 07777, exec_directory_type_to_string(type), context->directories[type].mode & 07777);
continue;
@@ -2553,10 +2553,8 @@ static int setup_exec_directory(
/* If we are not going to run in a namespace, set up the symlinks - otherwise
* they are set up later, to allow configuring empty var/run/etc. */
if (!needs_mount_namespace)
- for (size_t i = 0; i < context->directories[type].n_items; i++) {
- r = create_many_symlinks(params->prefix[type],
- context->directories[type].items[i].path,
- context->directories[type].items[i].symlinks);
+ FOREACH_ARRAY(i, context->directories[type].items, context->directories[type].n_items) {
+ r = create_many_symlinks(params->prefix[type], i->path, i->symlinks);
if (r < 0)
goto fail;
}
@@ -2623,8 +2621,8 @@ static int compile_bind_mounts(
if (!params->prefix[t])
continue;
- for (size_t i = 0; i < context->directories[t].n_items; i++)
- n += !context->directories[t].items[i].only_create;
+ FOREACH_ARRAY(i, context->directories[t].items, context->directories[t].n_items)
+ n += !i->only_create;
}
if (n <= 0) {
@@ -2638,8 +2636,7 @@ static int compile_bind_mounts(
if (!bind_mounts)
return -ENOMEM;
- for (size_t i = 0; i < context->n_bind_mounts; i++) {
- BindMount *item = context->bind_mounts + i;
+ FOREACH_ARRAY(item, context->bind_mounts, context->n_bind_mounts) {
_cleanup_free_ char *s = NULL, *d = NULL;
s = strdup(item->source);
@@ -2683,18 +2680,18 @@ static int compile_bind_mounts(
return r;
}
- for (size_t i = 0; i < context->directories[t].n_items; i++) {
+ FOREACH_ARRAY(i, context->directories[t].items, context->directories[t].n_items) {
_cleanup_free_ char *s = NULL, *d = NULL;
/* When one of the parent directories is in the list, we cannot create the symlink
* for the child directory. See also the comments in setup_exec_directory(). */
- if (context->directories[t].items[i].only_create)
+ if (i->only_create)
continue;
if (exec_directory_is_private(context, t))
- s = path_join(params->prefix[t], "private", context->directories[t].items[i].path);
+ s = path_join(params->prefix[t], "private", i->path);
else
- s = path_join(params->prefix[t], context->directories[t].items[i].path);
+ s = path_join(params->prefix[t], i->path);
if (!s)
return -ENOMEM;
@@ -2703,7 +2700,7 @@ static int compile_bind_mounts(
/* When RootDirectory= or RootImage= are set, then the symbolic link to the private
* directory is not created on the root directory. So, let's bind-mount the directory
* on the 'non-private' place. */
- d = path_join(params->prefix[t], context->directories[t].items[i].path);
+ d = path_join(params->prefix[t], i->path);
else
d = strdup(s);
if (!d)
@@ -2712,10 +2709,8 @@ static int compile_bind_mounts(
bind_mounts[h++] = (BindMount) {
.source = TAKE_PTR(s),
.destination = TAKE_PTR(d),
- .read_only = false,
.nosuid = context->dynamic_user, /* don't allow suid/sgid when DynamicUser= is on */
.recursive = true,
- .ignore_enoent = false,
};
}
}
@@ -2745,14 +2740,14 @@ static int compile_symlinks(
assert(params);
assert(ret_symlinks);
- for (ExecDirectoryType dt = 0; dt < _EXEC_DIRECTORY_TYPE_MAX; dt++) {
- for (size_t i = 0; i < context->directories[dt].n_items; i++) {
+ for (ExecDirectoryType dt = 0; dt < _EXEC_DIRECTORY_TYPE_MAX; dt++)
+ FOREACH_ARRAY(i, context->directories[dt].items, context->directories[dt].n_items) {
_cleanup_free_ char *private_path = NULL, *path = NULL;
- STRV_FOREACH(symlink, context->directories[dt].items[i].symlinks) {
+ STRV_FOREACH(symlink, i->symlinks) {
_cleanup_free_ char *src_abs = NULL, *dst_abs = NULL;
- src_abs = path_join(params->prefix[dt], context->directories[dt].items[i].path);
+ src_abs = path_join(params->prefix[dt], i->path);
dst_abs = path_join(params->prefix[dt], *symlink);
if (!src_abs || !dst_abs)
return -ENOMEM;
@@ -2764,14 +2759,14 @@ static int compile_symlinks(
if (!exec_directory_is_private(context, dt) ||
exec_context_with_rootfs(context) ||
- context->directories[dt].items[i].only_create)
+ i->only_create)
continue;
- private_path = path_join(params->prefix[dt], "private", context->directories[dt].items[i].path);
+ private_path = path_join(params->prefix[dt], "private", i->path);
if (!private_path)
return -ENOMEM;
- path = path_join(params->prefix[dt], context->directories[dt].items[i].path);
+ path = path_join(params->prefix[dt], i->path);
if (!path)
return -ENOMEM;
@@ -2779,7 +2774,6 @@ static int compile_symlinks(
if (r < 0)
return r;
}
- }
/* We make the host's os-release available via a symlink, so that we can copy it atomically
* and readers will never get a half-written version. Note that, while the paths specified here are
@@ -2830,8 +2824,8 @@ static bool insist_on_sandboxing(
/* If there are any bind mounts set that don't map back onto themselves, fs namespacing becomes
* essential. */
- for (size_t i = 0; i < n_bind_mounts; i++)
- if (!path_equal(bind_mounts[i].source, bind_mounts[i].destination))
+ FOREACH_ARRAY(i, bind_mounts, n_bind_mounts)
+ if (!path_equal(i->source, i->destination))
return true;
if (context->log_namespace)
diff --git a/src/core/namespace.c b/src/core/namespace.c
index 3ade7913c7..763520842d 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -1474,6 +1474,8 @@ static int follow_symlink(
_cleanup_free_ char *target = NULL;
int r;
+ assert(m);
+
/* Let's chase symlinks, but only one step at a time. That's because depending where the symlink points we
* might need to change the order in which we mount stuff. Hence: let's normalize piecemeal, and do one step at
* a time by specifying CHASE_STEP. This function returns 0 if we resolved one step, and > 0 if we reached the
@@ -1614,13 +1616,13 @@ static int apply_one_mount(
host_os_release_id,
host_os_release_version_id,
host_os_release_level,
- /* host_extension_scope */ NULL, /* Leave empty, we need to accept both system and portable */
+ /* host_extension_scope = */ NULL, /* Leave empty, we need to accept both system and portable */
extension_release,
class);
- if (r == 0)
- return log_debug_errno(SYNTHETIC_ERRNO(ESTALE), "Directory %s extension-release metadata does not match the root's", extension_name);
if (r < 0)
return log_debug_errno(r, "Failed to compare directory %s extension-release metadata with the root's os-release: %m", extension_name);
+ if (r == 0)
+ return log_debug_errno(SYNTHETIC_ERRNO(ESTALE), "Directory %s extension-release metadata does not match the root's", extension_name);
_fallthrough_;
}
diff --git a/src/shared/mount-setup.c b/src/shared/mount-setup.c
index 6511d48a90..ba291bd76f 100644
--- a/src/shared/mount-setup.c
+++ b/src/shared/mount-setup.c
@@ -69,7 +69,7 @@ static bool check_recursiveprot_supported(void) {
r = mount_option_supported("cgroup2", "memory_recursiveprot", NULL);
if (r < 0)
- log_debug_errno(r, "Failed to determiner whether the 'memory_recursiveprot' mount option is supported, assuming not: %m");
+ log_debug_errno(r, "Failed to determine whether the 'memory_recursiveprot' mount option is supported, assuming not: %m");
else if (r == 0)
log_debug("This kernel version does not support 'memory_recursiveprot', not using mount option.");