Merge pull request #17219 from poettering/exec-root-dir

minor tweaks to execute.[ch]

coccinelle/empty-to-root.cocci

@@ -9,3 +9,8 @@ expression s;
 @@
 - (empty_or_root(s) ? "/" : s)
 + empty_to_root(s)
+@@
+expression s;
+@@
+- (s ? s : "/")
++ empty_to_root(s)

src/core/execute.c

@@ -2983,7 +2983,7 @@ static int compile_bind_mounts(
                         continue;
 
                 if (exec_directory_is_private(context, t) &&
-                    !(context->root_directory || context->root_image)) {
+                    !exec_context_with_rootfs(context)) {
                         char *private_root;
 
                         /* So this is for a dynamic user, and we need to make sure the process can access its own
@@ -3014,7 +3014,7 @@ static int compile_bind_mounts(
                         }
 
                         if (exec_directory_is_private(context, t) &&
-                            (context->root_directory || context->root_image))
+                            exec_context_with_rootfs(context))
                                 /* When RootDirectory= or RootImage= are set, then the symbolic link to the private
                                  * directory is not created on the root directory. So, let's bind-mount the directory
                                  * on the 'non-private' place. */
@@ -3245,10 +3245,8 @@ static int apply_working_directory(
 
                 wd = home;
 
-        } else if (context->working_directory)
+        } else
-                wd = context->working_directory;
+                wd = empty_to_root(context->working_directory);
-        else
-                wd = "/";
 
         if (params->flags & EXEC_APPLY_CHROOT)
                 d = wd;
@@ -5171,8 +5169,8 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) {
                 "%sProtectProc: %s\n"
                 "%sProcSubset: %s\n",
                 prefix, c->umask,
-                prefix, c->working_directory ? c->working_directory : "/",
+                prefix, empty_to_root(c->working_directory),
-                prefix, c->root_directory ? c->root_directory : "/",
+                prefix, empty_to_root(c->root_directory),
                 prefix, yes_no(c->non_blocking),
                 prefix, yes_no(c->private_tmp),
                 prefix, yes_no(c->private_devices),
@@ -5658,7 +5656,7 @@ bool exec_context_get_effective_mount_apivfs(const ExecContext *c) {
                 return c->mount_apivfs;
 
         /* Default to "yes" if root directory or image are specified */
-        if (c->root_image || !empty_or_root(c->root_directory))
+        if (exec_context_with_rootfs(c))
                 return true;
 
         return false;

src/core/execute.h

@@ -23,6 +23,7 @@ typedef struct Manager Manager;
 #include "namespace.h"
 #include "nsflags.h"
 #include "numa-util.h"
+#include "path-util.h"
 #include "time-util.h"
 
 #define EXEC_STDIN_DATA_MAX (64U*1024U*1024U)
@@ -325,6 +326,14 @@ static inline bool exec_context_restrict_namespaces_set(const ExecContext *c) {
         return (c->restrict_namespaces & NAMESPACE_FLAGS_ALL) != NAMESPACE_FLAGS_ALL;
 }
 
+static inline bool exec_context_with_rootfs(const ExecContext *c) {
+        assert(c);
+
+        /* Checks if RootDirectory= or RootImage= are used */
+
+        return !empty_or_root(c->root_directory) || c->root_image;
+}
+
 typedef enum ExecFlags {
         EXEC_APPLY_SANDBOXING  = 1 << 0,
         EXEC_APPLY_CHROOT      = 1 << 1,