const ExecParameters *params,
uid_t uid,
gid_t gid,
- bool manager_is_system,
ExecDirectoryType type,
int *exit_status) {
if (!params->prefix[type])
return 0;
- if (manager_is_system) {
+ if (params->flags & EXEC_CHOWN_DIRECTORIES) {
if (!uid_is_valid(uid))
uid = 0;
if (!gid_is_valid(gid))
}
for (dt = 0; dt < _EXEC_DIRECTORY_MAX; dt++) {
- r = setup_exec_directory(context, params, uid, gid, MANAGER_IS_SYSTEM(unit->manager), dt, exit_status);
+ r = setup_exec_directory(context, params, uid, gid, dt, exit_status);
if (r < 0)
return r;
}
EXEC_APPLY_TTY_STDIN = 1U << 2,
EXEC_NEW_KEYRING = 1U << 3,
EXEC_PASS_LOG_UNIT = 1U << 4, /* Whether to pass the unit name to the service's journal stream connection */
+ EXEC_CHOWN_DIRECTORIES = 1U << 5, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */
/* The following are not used by execute.c, but by consumers internally */
- EXEC_PASS_FDS = 1U << 5,
- EXEC_IS_CONTROL = 1U << 6,
- EXEC_SETENV_RESULT = 1U << 7,
- EXEC_SET_WATCHDOG = 1U << 8,
+ EXEC_PASS_FDS = 1U << 6,
+ EXEC_IS_CONTROL = 1U << 7,
+ EXEC_SETENV_RESULT = 1U << 8,
+ EXEC_SET_WATCHDOG = 1U << 9,
} ExecFlags;
struct ExecParameters {
p->cgroup_supported = m->cgroup_supported;
p->prefix = m->prefix;
- SET_FLAG(p->flags, EXEC_PASS_LOG_UNIT, MANAGER_IS_SYSTEM(m));
+ SET_FLAG(p->flags, EXEC_PASS_LOG_UNIT|EXEC_CHOWN_DIRECTORIES, MANAGER_IS_SYSTEM(m));
return 0;
}