Lines Matching defs:context
184 static const char *exec_context_tty_path(const ExecContext *context) {
185 assert(context);
187 if (context->stdio_as_fds)
190 if (context->tty_path)
191 return context->tty_path;
196 static void exec_context_tty_reset(const ExecContext *context, const ExecParameters *p) {
199 assert(context);
201 path = exec_context_tty_path(context);
203 if (context->tty_vhangup) {
210 if (context->tty_reset) {
217 if (context->tty_vt_disallocate && path)
291 static int connect_logger_as(const ExecContext *context, ExecOutput output, const char *ident, const char *unit_id, int nfd, uid_t uid, gid_t gid) {
294 assert(context);
322 context->syslog_identifier ? context->syslog_identifier : ident,
324 context->syslog_priority,
325 !!context->syslog_level_prefix,
384 const ExecContext *context,
390 assert(context);
398 (void) ioctl(STDIN_FILENO, TIOCSCTTY, context->std_input == EXEC_INPUT_TTY_FORCE);
404 i = fixup_input(context->std_input, socket_fd, params->apply_tty_stdin);
416 fd = acquire_terminal(exec_context_tty_path(context),
443 const ExecContext *context,
455 assert(context);
474 i = fixup_input(context->std_input, socket_fd, params->apply_tty_stdin);
475 o = fixup_output(context->std_output, socket_fd);
479 e = fixup_output(context->std_error, socket_fd);
488 !is_terminal_input(context->std_input) &&
500 if (i == EXEC_INPUT_NULL && is_terminal_input(context->std_input))
501 return open_terminal_as(exec_context_tty_path(context), O_WRONLY, fileno);
525 return open_terminal_as(exec_context_tty_path(context), O_WRONLY, fileno);
533 r = connect_logger_as(context, o, ident, unit->id, fileno, uid, gid);
675 static int enforce_groups(const ExecContext *context, const char *username, gid_t gid) {
679 assert(context);
684 if (context->group || username) {
698 if (context->supplementary_groups) {
718 STRV_FOREACH(i, context->supplementary_groups) {
747 static int enforce_user(const ExecContext *context, uid_t uid) {
748 assert(context);
753 if (context->capabilities || context->capability_ambient_set != 0) {
759 int sb = context->secure_bits | 1<<SECURE_KEEP_CAPS;
769 if (context->capabilities) {
776 d = cap_dup(context->capabilities);
1372 const ExecContext *context,
1376 assert(context);
1379 if (!strv_isempty(context->read_write_dirs) ||
1380 !strv_isempty(context->read_only_dirs) ||
1381 !strv_isempty(context->inaccessible_dirs))
1384 if (context->mount_flags != 0)
1387 if (context->private_tmp && runtime && (runtime->tmp_dir || runtime->var_tmp_dir))
1393 if (context->private_devices ||
1394 context->protect_system != PROTECT_SYSTEM_NO ||
1395 context->protect_home != PROTECT_HOME_NO)
1442 const ExecContext *context,
1461 assert(context);
1475 if (context->ignore_sigpipe)
1499 if (!context->same_pgrp)
1505 exec_context_tty_reset(context, params);
1526 if (context->user) {
1527 username = context->user;
1535 if (context->group) {
1536 const char *g = context->group;
1551 r = setup_input(context, params, socket_fd);
1557 r = setup_output(unit, context, params, STDOUT_FILENO, socket_fd, basename(command->path), uid, gid);
1563 r = setup_output(unit, context, params, STDERR_FILENO, socket_fd, basename(command->path), uid, gid);
1577 if (context->oom_score_adjust_set) {
1578 char t[DECIMAL_STR_MAX(context->oom_score_adjust)];
1585 sprintf(t, "%i", context->oom_score_adjust);
1597 if (context->nice_set)
1598 if (setpriority(PRIO_PROCESS, 0, context->nice) < 0) {
1603 if (context->cpu_sched_set) {
1605 .sched_priority = context->cpu_sched_priority,
1609 context->cpu_sched_policy |
1610 (context->cpu_sched_reset_on_fork ?
1619 if (context->cpuset)
1620 if (sched_setaffinity(0, CPU_ALLOC_SIZE(context->cpuset_ncpus), context->cpuset) < 0) {
1625 if (context->ioprio_set)
1626 if (ioprio_set(IOPRIO_WHO_PROCESS, 0, context->ioprio) < 0) {
1631 if (context->timer_slack_nsec != NSEC_INFINITY)
1632 if (prctl(PR_SET_TIMERSLACK, context->timer_slack_nsec) < 0) {
1637 if (context->personality != PERSONALITY_INVALID)
1638 if (personality(context->personality) < 0) {
1643 if (context->utmp_id)
1644 utmp_put_init_process(context->utmp_id, getpid(), getsid(0), context->tty_path,
1645 context->utmp_mode == EXEC_UTMP_INIT ? INIT_PROCESS :
1646 context->utmp_mode == EXEC_UTMP_LOGIN ? LOGIN_PROCESS :
1648 username ? "root" : context->user);
1650 if (context->user && is_terminal_input(context->std_input)) {
1658 if (params->bus_endpoint_fd >= 0 && context->bus_endpoint) {
1661 r = bus_kernel_set_endpoint_policy(params->bus_endpoint_fd, ep_uid, context->bus_endpoint);
1671 if (params->cgroup_path && context->user && params->cgroup_delegate) {
1686 if (!strv_isempty(context->runtime_directory) && params->runtime_prefix) {
1689 STRV_FOREACH(rt, context->runtime_directory) {
1698 r = mkdir_p_label(p, context->runtime_directory_mode);
1704 r = chmod_and_chown(p, context->runtime_directory_mode, uid, gid);
1712 umask(context->umask);
1715 r = enforce_groups(context, username, gid);
1721 if (context->smack_process_label) {
1722 r = mac_smack_apply_pid(0, context->smack_process_label);
1747 if (context->pam_name && username) {
1748 r = setup_pam(context->pam_name, username, uid, context->tty_path, &pam_env, fds, n_fds);
1757 if (context->private_network && runtime && runtime->netns_storage_socket[0] >= 0) {
1765 needs_mount_namespace = exec_needs_mount_namespace(context, params, runtime);
1776 if (context->private_tmp && runtime) {
1784 params->apply_chroot ? context->root_directory : NULL,
1785 context->read_write_dirs,
1786 context->read_only_dirs,
1787 context->inaccessible_dirs,
1791 context->private_devices,
1792 context->protect_home,
1793 context->protect_system,
1794 context->mount_flags);
1809 if (context->working_directory_home)
1811 else if (context->working_directory)
1812 wd = context->working_directory;
1817 if (!needs_mount_namespace && context->root_directory)
1818 if (chroot(context->root_directory) < 0) {
1824 !context->working_directory_missing_ok) {
1831 d = strjoina(strempty(context->root_directory), "/", strempty(wd));
1833 !context->working_directory_missing_ok) {
1841 r = mac_selinux_get_child_mls_label(socket_fd, command->path, context->selinux_context, &mac_selinux_context_net);
1859 r = flags_fds(fds, n_fds, context->non_blocking);
1867 int secure_bits = context->secure_bits;
1870 if (!context->rlimit[i])
1873 if (setrlimit_closest(i, context->rlimit[i]) < 0) {
1879 if (!cap_test_all(context->capability_bounding_set)) {
1880 r = capability_bounding_set_drop(context->capability_bounding_set, false);
1889 if (context->capability_ambient_set != 0) {
1890 r = capability_ambient_set_apply(context->capability_ambient_set, true);
1896 if (context->capabilities) {
1900 * set inherited capabilities to the capability set in the context.
1904 r = capability_update_inherited_set(context->capabilities, context->capability_ambient_set);
1912 if (context->user) {
1913 r = enforce_user(context, uid);
1918 if (context->capability_ambient_set != 0) {
1921 r = capability_ambient_set_apply(context->capability_ambient_set, false);
1931 * also to the context secure_bits so that we don't try to
1948 if (context->capabilities)
1949 if (cap_set_proc(context->capabilities) < 0) {
1954 if (context->no_new_privileges)
1961 if (context->address_families_whitelist ||
1962 !set_isempty(context->address_families)) {
1963 r = apply_address_families(context);
1970 if (context->syscall_whitelist ||
1971 !set_isempty(context->syscall_filter) ||
1972 !set_isempty(context->syscall_archs)) {
1973 r = apply_seccomp(context);
1983 char *exec_context = mac_selinux_context_net ?: context->selinux_context;
1996 if (context->apparmor_profile && mac_apparmor_use()) {
1997 r = aa_change_onexec(context->apparmor_profile);
1998 if (r < 0 && !context->apparmor_profile_ignore) {
2006 r = build_environment(context, params, n_fds, home, username, shell, &our_env);
2012 r = build_pass_environment(context, &pass_env);
2022 context->environment,
2061 const ExecContext *context,
2075 assert(context);
2080 if (context->std_input == EXEC_INPUT_SOCKET ||
2081 context->std_output == EXEC_OUTPUT_SOCKET ||
2082 context->std_error == EXEC_OUTPUT_SOCKET) {
2096 r = exec_context_load_environment(unit, context, &files_env);
2119 context,
2731 void exec_status_exit(ExecStatus *s, ExecContext *context, pid_t pid, int code, int status) {
2743 if (context) {
2744 if (context->utmp_id)
2745 utmp_put_dead_process(context->utmp_id, pid, code, status);
2747 exec_context_tty_reset(context, NULL);