diff options
author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2017-12-19 11:05:43 +0900 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-01-11 10:13:00 +0100 |
commit | a93970d1b901e8eed23fb35dd0f62fbf9fcd1d08 (patch) | |
tree | 49ed6a391b95da94c389cf11b1672fd4c6afd219 | |
parent | core,seccomp: fix logic to parse syscall filter in dbus-execute.c (diff) | |
download | systemd-a93970d1b901e8eed23fb35dd0f62fbf9fcd1d08.tar.gz systemd-a93970d1b901e8eed23fb35dd0f62fbf9fcd1d08.tar.bz2 systemd-a93970d1b901e8eed23fb35dd0f62fbf9fcd1d08.zip |
core,seccomp: fix logic to parse RestrictAddressFamilies= in dbus-execute.c
If multiple RestrictAddressFamilies= settings, some of them are
whitelist and the others are blacklist, are sent to bus, then parsing
result was corrupted.
This fixes the parse logic, now it is the same as one used in
load-fragment.c
(cherry picked from commit 9ee896d5dd98ee9fba7c0ee40784a1266661cd5f)
-rw-r--r-- | src/core/dbus-execute.c | 32 |
1 files changed, 20 insertions, 12 deletions
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c index fbce9a7d0..a72077acb 100644 --- a/src/core/dbus-execute.c +++ b/src/core/dbus-execute.c @@ -1490,30 +1490,38 @@ int bus_exec_context_set_transient_property( if (!UNIT_WRITE_FLAGS_NOOP(flags)) { _cleanup_free_ char *joined = NULL; + bool invert = !whitelist; + char **s; if (strv_isempty(l)) { c->address_families_whitelist = false; c->address_families = set_free(c->address_families); - } else { - char **s; - c->address_families_whitelist = whitelist; + unit_write_settingf(u, flags, name, "RestrictAddressFamilies="); + return 1; + } - r = set_ensure_allocated(&c->address_families, NULL); - if (r < 0) - return r; + if (!c->address_families) { + c->address_families = set_new(NULL); + if (!c->address_families) + return log_oom(); - STRV_FOREACH(s, l) { - int af; + c->address_families_whitelist = whitelist; + } - af = af_from_name(*s); - if (af <= 0) - return -EINVAL; + STRV_FOREACH(s, l) { + int af; + + af = af_from_name(*s); + if (af <= 0) + return -EINVAL; + if (!invert == c->address_families_whitelist) { r = set_put(c->address_families, INT_TO_PTR(af)); if (r < 0) return r; - } + } else + (void) set_remove(c->address_families, INT_TO_PTR(af)); } joined = strv_join(l, " "); |