From 2e8a581b9cc1132743c2341fc334461096266ad4 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 9 Oct 2024 05:49:00 +0900 Subject: [PATCH] core: drop implicit support of PrivateTmp=off Follow-up for 0e551b04efb911d38b586cca1a6a462c87a2cb1b. Similar to the previous commit, but for PrivateTmp=. --- src/core/dbus-execute.c | 4 ++-- src/core/exec-invoke.c | 2 +- src/core/namespace.c | 2 +- src/core/namespace.h | 2 +- src/core/unit.c | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c index 08c1acf397d..9e067854280 100644 --- a/src/core/dbus-execute.c +++ b/src/core/dbus-execute.c @@ -1023,7 +1023,7 @@ static int property_get_private_tmp( sd_bus_error *error) { PrivateTmp *p = ASSERT_PTR(userdata); - int b = *p != PRIVATE_TMP_OFF; + int b = *p != PRIVATE_TMP_NO; return sd_bus_message_append_basic(reply, 'b', &b); } @@ -1847,7 +1847,7 @@ int bus_exec_context_set_transient_property( return r; if (!UNIT_WRITE_FLAGS_NOOP(flags)) { - c->private_tmp = v ? PRIVATE_TMP_CONNECTED : PRIVATE_TMP_OFF; + c->private_tmp = v ? PRIVATE_TMP_CONNECTED : PRIVATE_TMP_NO; (void) unit_write_settingf(u, flags, name, "%s=%s", name, yes_no(v)); } diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c index 499ac4d4c66..d5bd43bcd78 100644 --- a/src/core/exec-invoke.c +++ b/src/core/exec-invoke.c @@ -3852,7 +3852,7 @@ static bool exec_context_need_unprivileged_private_users( return false; return context->private_users != PRIVATE_USERS_NO || - context->private_tmp != PRIVATE_TMP_OFF || + context->private_tmp != PRIVATE_TMP_NO || context->private_devices || context->private_network || context->network_namespace_path || diff --git a/src/core/namespace.c b/src/core/namespace.c index 6909fb4a06b..dac476be271 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -3221,7 +3221,7 @@ static const char* const proc_subset_table[_PROC_SUBSET_MAX] = { DEFINE_STRING_TABLE_LOOKUP(proc_subset, ProcSubset); static const char* const private_tmp_table[_PRIVATE_TMP_MAX] = { - [PRIVATE_TMP_OFF] = "off", + [PRIVATE_TMP_NO] = "no", [PRIVATE_TMP_CONNECTED] = "connected", [PRIVATE_TMP_DISCONNECTED] = "disconnected", }; diff --git a/src/core/namespace.h b/src/core/namespace.h index d158b8b515a..dfb42b7c37d 100644 --- a/src/core/namespace.h +++ b/src/core/namespace.h @@ -54,7 +54,7 @@ typedef enum ProcSubset { } ProcSubset; typedef enum PrivateTmp { - PRIVATE_TMP_OFF, + PRIVATE_TMP_NO, PRIVATE_TMP_CONNECTED, /* Bind mounted from the host's filesystem */ PRIVATE_TMP_DISCONNECTED, /* A completely private tmpfs, invisible from the host */ _PRIVATE_TMP_MAX, diff --git a/src/core/unit.c b/src/core/unit.c index c303ce9282a..684fe698eea 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -4305,7 +4305,7 @@ int unit_patch_contexts(Unit *u) { /* With DynamicUser= we want private directories, so if the user hasn't manually * selected PrivateTmp=, enable it, but to a fully private (disconnected) tmpfs * instance. */ - if (ec->private_tmp == PRIVATE_TMP_OFF) + if (ec->private_tmp == PRIVATE_TMP_NO) ec->private_tmp = PRIVATE_TMP_DISCONNECTED; ec->remove_ipc = true; ec->protect_system = PROTECT_SYSTEM_STRICT;