From 24002121289698569bc28c0fe32dbb553a648545 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 17 Feb 2023 15:35:48 +0900
Subject: [PATCH] core/execute: make PrivateMounts= tristate

No functional change, just preparation for later commits.
---
 src/core/dbus-execute.c               | 4 ++--
 src/core/execute.c                    | 3 ++-
 src/core/execute.h                    | 2 +-
 src/core/load-fragment-gperf.gperf.in | 2 +-
 4 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index b07b5775ff..8c3fa7b286 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -1274,7 +1274,7 @@ const sd_bus_vtable bus_exec_vtable[] = {
         SD_BUS_PROPERTY("ProtectControlGroups", "b", bus_property_get_bool, offsetof(ExecContext, protect_control_groups), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("PrivateNetwork", "b", bus_property_get_bool, offsetof(ExecContext, private_network), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("PrivateUsers", "b", bus_property_get_bool, offsetof(ExecContext, private_users), SD_BUS_VTABLE_PROPERTY_CONST),
-        SD_BUS_PROPERTY("PrivateMounts", "b", bus_property_get_bool, offsetof(ExecContext, private_mounts), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("PrivateMounts", "b", bus_property_get_tristate, offsetof(ExecContext, private_mounts), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("PrivateIPC", "b", bus_property_get_bool, offsetof(ExecContext, private_ipc), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("ProtectHome", "s", property_get_protect_home, offsetof(ExecContext, protect_home), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("ProtectSystem", "s", property_get_protect_system, offsetof(ExecContext, protect_system), SD_BUS_VTABLE_PROPERTY_CONST),
@@ -1933,7 +1933,7 @@ int bus_exec_context_set_transient_property(
                 return bus_set_transient_bool(u, name, &c->private_devices, message, flags, error);
 
         if (streq(name, "PrivateMounts"))
-                return bus_set_transient_bool(u, name, &c->private_mounts, message, flags, error);
+                return bus_set_transient_tristate(u, name, &c->private_mounts, message, flags, error);
 
         if (streq(name, "PrivateNetwork"))
                 return bus_set_transient_bool(u, name, &c->private_network, message, flags, error);
diff --git a/src/core/execute.c b/src/core/execute.c
index e19f382118..39ece6e735 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2074,7 +2074,7 @@ bool exec_needs_mount_namespace(
                 return true;
 
         if (context->private_devices ||
-            context->private_mounts ||
+            context->private_mounts > 0 ||
             context->protect_system != PROTECT_SYSTEM_NO ||
             context->protect_home != PROTECT_HOME_NO ||
             context->protect_kernel_tunables ||
@@ -5488,6 +5488,7 @@ void exec_context_init(ExecContext *c) {
         c->tty_rows = UINT_MAX;
         c->tty_cols = UINT_MAX;
         numa_policy_reset(&c->numa_policy);
+        c->private_mounts = -1;
 }
 
 void exec_context_done(ExecContext *c) {
diff --git a/src/core/execute.h b/src/core/execute.h
index b115a52a73..79f98daf30 100644
--- a/src/core/execute.h
+++ b/src/core/execute.h
@@ -301,11 +301,11 @@ struct ExecContext {
         ProtectProc protect_proc;  /* hidepid= */
         ProcSubset proc_subset;    /* subset= */
 
+        int private_mounts;
         bool private_tmp;
         bool private_network;
         bool private_devices;
         bool private_users;
-        bool private_mounts;
         bool private_ipc;
         bool protect_kernel_tunables;
         bool protect_kernel_modules;
diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in
index 58ace46279..2a8a10819b 100644
--- a/src/core/load-fragment-gperf.gperf.in
+++ b/src/core/load-fragment-gperf.gperf.in
@@ -126,7 +126,7 @@
 {{type}}.LogNamespace,                     config_parse_log_namespace,                  0,                                  offsetof({{type}}, exec_context)
 {{type}}.PrivateNetwork,                   config_parse_bool,                           0,                                  offsetof({{type}}, exec_context.private_network)
 {{type}}.PrivateUsers,                     config_parse_bool,                           0,                                  offsetof({{type}}, exec_context.private_users)
-{{type}}.PrivateMounts,                    config_parse_bool,                           0,                                  offsetof({{type}}, exec_context.private_mounts)
+{{type}}.PrivateMounts,                    config_parse_tristate,                       0,                                  offsetof({{type}}, exec_context.private_mounts)
 {{type}}.PrivateIPC,                       config_parse_bool,                           0,                                  offsetof({{type}}, exec_context.private_ipc)
 {{type}}.ProtectSystem,                    config_parse_protect_system,                 0,                                  offsetof({{type}}, exec_context.protect_system)
 {{type}}.ProtectHome,                      config_parse_protect_home,                   0,                                  offsetof({{type}}, exec_context.protect_home)
-- 
2.25.1