From ad43c784bb537eea2d175087f621e5687fc5dee1 Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Tue, 19 Mar 2024 14:01:00 +0100
Subject: [PATCH] sysext: Add support for mutable mode environment variables

The environment variable names are SYSTEMD_SYSEXT_MUTABLE_MODE for
systemd-sysext and SYSTEMD_CONFEXT_MUTABLE_MODE for systemd-confext. These
override the default mutable mode setting, but can be still overridden by a
command-line flag.
---
 src/sysext/sysext.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/sysext/sysext.c b/src/sysext/sysext.c
index 496c5596a7..0fd5afe221 100644
--- a/src/sysext/sysext.c
+++ b/src/sysext/sysext.c
@@ -90,6 +90,7 @@ static const struct {
         const char *level_env;
         const char *scope_env;
         const char *name_env;
+        const char *mode_env;
         const ImagePolicy *default_image_policy;
         unsigned long default_mount_flags;
 } image_class_info[_IMAGE_CLASS_MAX] = {
@@ -102,6 +103,7 @@ static const struct {
                 .level_env = "SYSEXT_LEVEL",
                 .scope_env = "SYSEXT_SCOPE",
                 .name_env = "SYSTEMD_SYSEXT_HIERARCHIES",
+                .mode_env = "SYSTEMD_SYSEXT_MUTABLE_MODE",
                 .default_image_policy = &image_policy_sysext,
                 .default_mount_flags = MS_RDONLY|MS_NODEV,
         },
@@ -114,6 +116,7 @@ static const struct {
                 .level_env = "CONFEXT_LEVEL",
                 .scope_env = "CONFEXT_SCOPE",
                 .name_env = "SYSTEMD_CONFEXT_HIERARCHIES",
+                .mode_env = "SYSTEMD_CONFEXT_MUTABLE_MODE",
                 .default_image_policy = &image_policy_confext,
                 .default_mount_flags = MS_RDONLY|MS_NODEV|MS_NOSUID|MS_NOEXEC,
         }
@@ -2165,12 +2168,23 @@ static int sysext_main(int argc, char *argv[]) {
 }
 
 static int run(int argc, char *argv[]) {
+        const char* env_var;
         int r;
 
         log_setup();
 
         arg_image_class = invoked_as(argv, "systemd-confext") ? IMAGE_CONFEXT : IMAGE_SYSEXT;
 
+        env_var = getenv(image_class_info[arg_image_class].mode_env);
+        if (env_var) {
+                r = parse_mutable_mode(env_var);
+                if (r < 0)
+                        log_warning("Failed to parse %s environment variable value '%s'. Ignoring.",
+                                    image_class_info[arg_image_class].mode_env, env_var);
+                else
+                        arg_mutable = r;
+        }
+
         r = parse_argv(argc, argv);
         if (r <= 0)
                 return r;
-- 
2.25.1