Merge pull request systemd#6497 from yuwata/bus-prop

core: add missing properties in bus_exec_context_set_transient_property()

Author: poettering

src/basic/cap-list.c

@@ -20,7 +20,10 @@
 #include <errno.h>
 #include <string.h>
 
+#include "alloc-util.h"
+#include "capability-util.h"
 #include "cap-list.h"
+#include "extract-word.h"
 #include "macro.h"
 #include "missing.h"
 #include "parse-util.h"
@@ -64,3 +67,65 @@ int capability_from_name(const char *name) {
 int capability_list_length(void) {
         return (int) ELEMENTSOF(capability_names);
 }
+
+int capability_set_to_string_alloc(uint64_t set, char **s) {
+        _cleanup_free_ char *str = NULL;
+        unsigned long i;
+        size_t allocated = 0, n = 0;
+
+        assert(s);
+
+        for (i = 0; i < cap_last_cap(); i++)
+                if (set & (UINT64_C(1) << i)) {
+                        const char *p;
+                        size_t add;
+
+                        p = capability_to_name(i);
+                        if (!p)
+                                return -EINVAL;
+
+                        add = strlen(p);
+
+                        if (!GREEDY_REALLOC0(str, allocated, n + add + 2))
+                                return -ENOMEM;
+
+                        strcpy(mempcpy(str + n, p, add), " ");
+                        n += add + 1;
+                }
+
+        if (n != 0)
+                str[n - 1] = '\0';
+
+        *s = str;
+        str = NULL;
+
+        return 0;
+}
+
+int capability_set_from_string(const char *s, uint64_t *set) {
+        uint64_t val = 0;
+        const char *p;
+
+        assert(set);
+
+        for (p = s;;) {
+                _cleanup_free_ char *word = NULL;
+                int r;
+
+                r = extract_first_word(&p, &word, NULL, EXTRACT_QUOTES);
+                if (r == -ENOMEM)
+                        return r;
+                if (r <= 0)
+                        break;
+
+                r = capability_from_name(word);
+                if (r < 0)
+                        continue;
+
+                val |= ((uint64_t) UINT64_C(1)) << (uint64_t) r;
+        }
+
+        *set = val;
+
+        return 0;
+}

src/basic/cap-list.h

@@ -22,3 +22,6 @@
 const char *capability_to_name(int id);
 int capability_from_name(const char *name);
 int capability_list_length(void);
+
+int capability_set_to_string_alloc(uint64_t set, char **s);
+int capability_set_from_string(const char *s, uint64_t *set);

src/basic/cpu-set-util.c

@@ -112,3 +112,49 @@ int parse_cpu_set_and_warn(
 
         return (int) ncpus;
 }
+
+int parse_cpu_set(
+                const char *rvalue,
+                cpu_set_t **cpu_set) {
+
+        _cleanup_cpu_free_ cpu_set_t *c = NULL;
+        unsigned ncpus = 0;
+
+        assert(rvalue);
+
+        for (;;) {
+                _cleanup_free_ char *word = NULL;
+                unsigned cpu, cpu_lower, cpu_upper;
+                int r;
+
+                r = extract_first_word(&rvalue, &word, WHITESPACE ",", EXTRACT_QUOTES);
+                if (r == -ENOMEM)
+                        return r;
+                if (r <= 0)
+                        break;
+
+                if (!c) {
+                        c = cpu_set_malloc(&ncpus);
+                        if (!c)
+                                return -ENOMEM;
+                }
+
+                r = parse_range(word, &cpu_lower, &cpu_upper);
+                if (r < 0)
+                        return r;
+                if (cpu_lower >= ncpus || cpu_upper >= ncpus)
+                        return -EINVAL;
+
+                if (cpu_lower <= cpu_upper)
+                        for (cpu = cpu_lower; cpu <= cpu_upper; cpu++)
+                                CPU_SET_S(cpu, CPU_ALLOC_SIZE(ncpus), c);
+        }
+
+        /* On success, sets *cpu_set and returns ncpus for the system. */
+        if (c) {
+                *cpu_set = c;
+                c = NULL;
+        }
+
+        return (int) ncpus;
+}

src/basic/cpu-set-util.h

@@ -30,3 +30,4 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(cpu_set_t*, CPU_FREE);
 cpu_set_t* cpu_set_malloc(unsigned *ncpus);
 
 int parse_cpu_set_and_warn(const char *rvalue, cpu_set_t **cpu_set, const char *unit, const char *filename, unsigned line, const char *lvalue);
+int parse_cpu_set(const char *rvalue, cpu_set_t **cpu_set);

src/basic/meson.build

@@ -139,6 +139,8 @@ basic_sources_plain = files('''
         rm-rf.c
         rm-rf.h
         securebits.h
+        securebits-util.c
+        securebits-util.h
         selinux-util.c
         selinux-util.h
         set.h

src/basic/process-util.h

@@ -20,6 +20,7 @@
 ***/
 
 #include <alloca.h>
+#include <sched.h>
 #include <signal.h>
 #include <stdbool.h>
 #include <stddef.h>
@@ -110,6 +111,14 @@ static inline bool nice_is_valid(int n) {
         return n >= PRIO_MIN && n < PRIO_MAX;
 }
 
+static inline bool sched_policy_is_valid(int i) {
+        return IN_SET(i, SCHED_OTHER, SCHED_BATCH, SCHED_IDLE, SCHED_FIFO, SCHED_RR);
+}
+
+static inline bool sched_priority_is_valid(int i) {
+        return i >= 0 && i <= sched_get_priority_max(SCHED_RR);
+}
+
 static inline bool ioprio_class_is_valid(int i) {
         return IN_SET(i, IOPRIO_CLASS_NONE, IOPRIO_CLASS_RT, IOPRIO_CLASS_BE, IOPRIO_CLASS_IDLE);
 }

src/basic/securebits-util.c

@@ -0,0 +1,84 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2017 Yu Watanabe
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+
+#include "alloc-util.h"
+#include "extract-word.h"
+#include "securebits.h"
+#include "securebits-util.h"
+#include "string-util.h"
+
+int secure_bits_to_string_alloc(int i, char **s) {
+        _cleanup_free_ char *str = NULL;
+        size_t len;
+        int r;
+
+        assert(s);
+
+        r = asprintf(&str, "%s%s%s%s%s%s",
+                     (i & (1 << SECURE_KEEP_CAPS)) ? "keep-caps " : "",
+                     (i & (1 << SECURE_KEEP_CAPS_LOCKED)) ? "keep-caps-locked " : "",
+                     (i & (1 << SECURE_NO_SETUID_FIXUP)) ? "no-setuid-fixup " : "",
+                     (i & (1 << SECURE_NO_SETUID_FIXUP_LOCKED)) ? "no-setuid-fixup-locked " : "",
+                     (i & (1 << SECURE_NOROOT)) ? "noroot " : "",
+                     (i & (1 << SECURE_NOROOT_LOCKED)) ? "noroot-locked " : "");
+        if (r < 0)
+                return -ENOMEM;
+
+        len = strlen(str);
+        if (len != 0)
+                str[len - 1] = '\0';
+
+        *s = str;
+        str = NULL;
+
+        return 0;
+}
+
+int secure_bits_from_string(const char *s) {
+        int secure_bits = 0;
+        const char *p;
+        int r;
+
+        for (p = s;;) {
+                _cleanup_free_ char *word = NULL;
+
+                r = extract_first_word(&p, &word, NULL, EXTRACT_QUOTES);
+                if (r == -ENOMEM)
+                        return r;
+                if (r <= 0)
+                        break;
+
+                if (streq(word, "keep-caps"))
+                        secure_bits |= 1 << SECURE_KEEP_CAPS;
+                else if (streq(word, "keep-caps-locked"))
+                        secure_bits |= 1 << SECURE_KEEP_CAPS_LOCKED;
+                else if (streq(word, "no-setuid-fixup"))
+                        secure_bits |= 1 << SECURE_NO_SETUID_FIXUP;
+                else if (streq(word, "no-setuid-fixup-locked"))
+                        secure_bits |= 1 << SECURE_NO_SETUID_FIXUP_LOCKED;
+                else if (streq(word, "noroot"))
+                        secure_bits |= 1 << SECURE_NOROOT;
+                else if (streq(word, "noroot-locked"))
+                        secure_bits |= 1 << SECURE_NOROOT_LOCKED;
+        }
+
+        return secure_bits;
+}

src/basic/securebits-util.h

@@ -0,0 +1,28 @@
+#pragma once
+
+/***
+  This file is part of systemd.
+
+  Copyright 2017 Yu Watanabe
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include "securebits.h"
+
+int secure_bits_to_string_alloc(int i, char **s);
+int secure_bits_from_string(const char *s);
+static inline bool secure_bits_is_valid(int i) {
+        return ((SECURE_ALL_BITS | SECURE_ALL_LOCKS) & i) == i;
+}