1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
25 #include <sys/types.h>
26 #include <sys/syscall.h>
27 #include <sys/mount.h>
33 #include <sys/prctl.h>
34 #include <sys/capability.h>
37 #include <sys/signalfd.h>
41 #include <sys/socket.h>
42 #include <linux/netlink.h>
43 #include <sys/eventfd.h>
45 #include <linux/veth.h>
46 #include <sys/personality.h>
47 #include <linux/loop.h>
50 #include <selinux/selinux.h>
58 #include <blkid/blkid.h>
61 #include "sd-daemon.h"
71 #include "cgroup-util.h"
73 #include "path-util.h"
74 #include "loopback-setup.h"
75 #include "dev-setup.h"
80 #include "bus-error.h"
82 #include "bus-kernel.h"
85 #include "rtnl-util.h"
86 #include "udev-util.h"
87 #include "eventfd-util.h"
88 #include "blkid-util.h"
90 #include "siphash24.h"
93 #include "seccomp-util.h"
96 typedef enum ContainerStatus {
101 typedef enum LinkJournal {
108 static char *arg_directory = NULL;
109 static char *arg_user = NULL;
110 static sd_id128_t arg_uuid = {};
111 static char *arg_machine = NULL;
112 static const char *arg_selinux_context = NULL;
113 static const char *arg_selinux_apifs_context = NULL;
114 static const char *arg_slice = NULL;
115 static bool arg_private_network = false;
116 static bool arg_read_only = false;
117 static bool arg_boot = false;
118 static LinkJournal arg_link_journal = LINK_AUTO;
119 static uint64_t arg_retain =
120 (1ULL << CAP_CHOWN) |
121 (1ULL << CAP_DAC_OVERRIDE) |
122 (1ULL << CAP_DAC_READ_SEARCH) |
123 (1ULL << CAP_FOWNER) |
124 (1ULL << CAP_FSETID) |
125 (1ULL << CAP_IPC_OWNER) |
127 (1ULL << CAP_LEASE) |
128 (1ULL << CAP_LINUX_IMMUTABLE) |
129 (1ULL << CAP_NET_BIND_SERVICE) |
130 (1ULL << CAP_NET_BROADCAST) |
131 (1ULL << CAP_NET_RAW) |
132 (1ULL << CAP_SETGID) |
133 (1ULL << CAP_SETFCAP) |
134 (1ULL << CAP_SETPCAP) |
135 (1ULL << CAP_SETUID) |
136 (1ULL << CAP_SYS_ADMIN) |
137 (1ULL << CAP_SYS_CHROOT) |
138 (1ULL << CAP_SYS_NICE) |
139 (1ULL << CAP_SYS_PTRACE) |
140 (1ULL << CAP_SYS_TTY_CONFIG) |
141 (1ULL << CAP_SYS_RESOURCE) |
142 (1ULL << CAP_SYS_BOOT) |
143 (1ULL << CAP_AUDIT_WRITE) |
144 (1ULL << CAP_AUDIT_CONTROL) |
146 static char **arg_bind = NULL;
147 static char **arg_bind_ro = NULL;
148 static char **arg_setenv = NULL;
149 static bool arg_quiet = false;
150 static bool arg_share_system = false;
151 static bool arg_register = true;
152 static bool arg_keep_unit = false;
153 static char **arg_network_interfaces = NULL;
154 static char **arg_network_macvlan = NULL;
155 static bool arg_network_veth = false;
156 static const char *arg_network_bridge = NULL;
157 static unsigned long arg_personality = 0xffffffffLU;
158 static const char *arg_image = NULL;
160 static int help(void) {
162 printf("%s [OPTIONS...] [PATH] [ARGUMENTS...]\n\n"
163 "Spawn a minimal namespace container for debugging, testing and building.\n\n"
164 " -h --help Show this help\n"
165 " --version Print version string\n"
166 " -q --quiet Do not show status information\n"
167 " -D --directory=PATH Root directory for the container\n"
168 " -i --image=PATH File system device or image for the container\n"
169 " -b --boot Boot up full system (i.e. invoke init)\n"
170 " -u --user=USER Run the command under specified user or uid\n"
171 " -M --machine=NAME Set the machine name for the container\n"
172 " --uuid=UUID Set a specific machine UUID for the container\n"
173 " -S --slice=SLICE Place the container in the specified slice\n"
174 " --private-network Disable network in container\n"
175 " --network-interface=INTERFACE\n"
176 " Assign an existing network interface to the\n"
178 " --network-macvlan=INTERFACE\n"
179 " Create a macvlan network interface based on an\n"
180 " existing network interface to the container\n"
181 " --network-veth Add a virtual ethernet connection between host\n"
183 " --network-bridge=INTERFACE\n"
184 " Add a virtual ethernet connection between host\n"
185 " and container and add it to an existing bridge on\n"
187 " -Z --selinux-context=SECLABEL\n"
188 " Set the SELinux security context to be used by\n"
189 " processes in the container\n"
190 " -L --selinux-apifs-context=SECLABEL\n"
191 " Set the SELinux security context to be used by\n"
192 " API/tmpfs file systems in the container\n"
193 " --capability=CAP In addition to the default, retain specified\n"
195 " --drop-capability=CAP Drop the specified capability from the default set\n"
196 " --link-journal=MODE Link up guest journal, one of no, auto, guest, host\n"
197 " -j Equivalent to --link-journal=host\n"
198 " --read-only Mount the root directory read-only\n"
199 " --bind=PATH[:PATH] Bind mount a file or directory from the host into\n"
201 " --bind-ro=PATH[:PATH] Similar, but creates a read-only bind mount\n"
202 " --setenv=NAME=VALUE Pass an environment variable to PID 1\n"
203 " --share-system Share system namespaces with host\n"
204 " --register=BOOLEAN Register container as machine\n"
205 " --keep-unit Do not register a scope for the machine, reuse\n"
206 " the service unit nspawn is running in\n",
207 program_invocation_short_name);
212 static int parse_argv(int argc, char *argv[]) {
228 ARG_NETWORK_INTERFACE,
235 static const struct option options[] = {
236 { "help", no_argument, NULL, 'h' },
237 { "version", no_argument, NULL, ARG_VERSION },
238 { "directory", required_argument, NULL, 'D' },
239 { "user", required_argument, NULL, 'u' },
240 { "private-network", no_argument, NULL, ARG_PRIVATE_NETWORK },
241 { "boot", no_argument, NULL, 'b' },
242 { "uuid", required_argument, NULL, ARG_UUID },
243 { "read-only", no_argument, NULL, ARG_READ_ONLY },
244 { "capability", required_argument, NULL, ARG_CAPABILITY },
245 { "drop-capability", required_argument, NULL, ARG_DROP_CAPABILITY },
246 { "link-journal", required_argument, NULL, ARG_LINK_JOURNAL },
247 { "bind", required_argument, NULL, ARG_BIND },
248 { "bind-ro", required_argument, NULL, ARG_BIND_RO },
249 { "machine", required_argument, NULL, 'M' },
250 { "slice", required_argument, NULL, 'S' },
251 { "setenv", required_argument, NULL, ARG_SETENV },
252 { "selinux-context", required_argument, NULL, 'Z' },
253 { "selinux-apifs-context", required_argument, NULL, 'L' },
254 { "quiet", no_argument, NULL, 'q' },
255 { "share-system", no_argument, NULL, ARG_SHARE_SYSTEM },
256 { "register", required_argument, NULL, ARG_REGISTER },
257 { "keep-unit", no_argument, NULL, ARG_KEEP_UNIT },
258 { "network-interface", required_argument, NULL, ARG_NETWORK_INTERFACE },
259 { "network-macvlan", required_argument, NULL, ARG_NETWORK_MACVLAN },
260 { "network-veth", no_argument, NULL, ARG_NETWORK_VETH },
261 { "network-bridge", required_argument, NULL, ARG_NETWORK_BRIDGE },
262 { "personality", required_argument, NULL, ARG_PERSONALITY },
263 { "image", required_argument, NULL, 'i' },
268 uint64_t plus = 0, minus = 0;
273 while ((c = getopt_long(argc, argv, "+hD:u:bL:M:jS:Z:qi:", options, NULL)) >= 0) {
281 puts(PACKAGE_STRING);
282 puts(SYSTEMD_FEATURES);
287 arg_directory = canonicalize_file_name(optarg);
288 if (!arg_directory) {
289 log_error("Invalid root directory: %m");
301 arg_user = strdup(optarg);
307 case ARG_NETWORK_BRIDGE:
308 arg_network_bridge = optarg;
312 case ARG_NETWORK_VETH:
313 arg_network_veth = true;
314 arg_private_network = true;
317 case ARG_NETWORK_INTERFACE:
318 if (strv_extend(&arg_network_interfaces, optarg) < 0)
321 arg_private_network = true;
324 case ARG_NETWORK_MACVLAN:
325 if (strv_extend(&arg_network_macvlan, optarg) < 0)
330 case ARG_PRIVATE_NETWORK:
331 arg_private_network = true;
339 r = sd_id128_from_string(optarg, &arg_uuid);
341 log_error("Invalid UUID: %s", optarg);
351 if (isempty(optarg)) {
356 if (!hostname_is_valid(optarg)) {
357 log_error("Invalid machine name: %s", optarg);
362 arg_machine = strdup(optarg);
370 arg_selinux_context = optarg;
374 arg_selinux_apifs_context = optarg;
378 arg_read_only = true;
382 case ARG_DROP_CAPABILITY: {
386 FOREACH_WORD_SEPARATOR(word, length, optarg, ",", state) {
387 _cleanup_free_ char *t;
390 t = strndup(word, length);
394 if (streq(t, "all")) {
395 if (c == ARG_CAPABILITY)
396 plus = (uint64_t) -1;
398 minus = (uint64_t) -1;
400 if (cap_from_name(t, &cap) < 0) {
401 log_error("Failed to parse capability %s.", t);
405 if (c == ARG_CAPABILITY)
406 plus |= 1ULL << (uint64_t) cap;
408 minus |= 1ULL << (uint64_t) cap;
416 arg_link_journal = LINK_GUEST;
419 case ARG_LINK_JOURNAL:
420 if (streq(optarg, "auto"))
421 arg_link_journal = LINK_AUTO;
422 else if (streq(optarg, "no"))
423 arg_link_journal = LINK_NO;
424 else if (streq(optarg, "guest"))
425 arg_link_journal = LINK_GUEST;
426 else if (streq(optarg, "host"))
427 arg_link_journal = LINK_HOST;
429 log_error("Failed to parse link journal mode %s", optarg);
437 _cleanup_free_ char *a = NULL, *b = NULL;
441 x = c == ARG_BIND ? &arg_bind : &arg_bind_ro;
443 e = strchr(optarg, ':');
445 a = strndup(optarg, e - optarg);
455 if (!path_is_absolute(a) || !path_is_absolute(b)) {
456 log_error("Invalid bind mount specification: %s", optarg);
460 r = strv_extend(x, a);
464 r = strv_extend(x, b);
474 if (!env_assignment_is_valid(optarg)) {
475 log_error("Environment variable assignment '%s' is not valid.", optarg);
479 n = strv_env_set(arg_setenv, optarg);
483 strv_free(arg_setenv);
492 case ARG_SHARE_SYSTEM:
493 arg_share_system = true;
497 r = parse_boolean(optarg);
499 log_error("Failed to parse --register= argument: %s", optarg);
507 arg_keep_unit = true;
510 case ARG_PERSONALITY:
512 arg_personality = personality_from_string(optarg);
513 if (arg_personality == 0xffffffffLU) {
514 log_error("Unknown or unsupported personality '%s'.", optarg);
524 assert_not_reached("Unhandled option");
528 if (arg_share_system)
529 arg_register = false;
531 if (arg_boot && arg_share_system) {
532 log_error("--boot and --share-system may not be combined.");
536 if (arg_keep_unit && cg_pid_get_owner_uid(0, NULL) >= 0) {
537 log_error("--keep-unit may not be used when invoked from a user session.");
541 if (arg_directory && arg_image) {
542 log_error("--directory= and --image= may not be combined.");
546 arg_retain = (arg_retain | plus | (arg_private_network ? 1ULL << CAP_NET_ADMIN : 0)) & ~minus;
551 static int mount_all(const char *dest) {
553 typedef struct MountPoint {
562 static const MountPoint mount_table[] = {
563 { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
564 { "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND, true }, /* Bind mount first */
565 { NULL, "/proc/sys", NULL, NULL, MS_BIND|MS_RDONLY|MS_REMOUNT, true }, /* Then, make it r/o */
566 { "sysfs", "/sys", "sysfs", NULL, MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
567 { "tmpfs", "/dev", "tmpfs", "mode=755", MS_NOSUID|MS_STRICTATIME, true },
568 { "devpts", "/dev/pts", "devpts","newinstance,ptmxmode=0666,mode=620,gid=" STRINGIFY(TTY_GID), MS_NOSUID|MS_NOEXEC, true },
569 { "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME, true },
570 { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME, true },
572 { "/sys/fs/selinux", "/sys/fs/selinux", NULL, NULL, MS_BIND, false }, /* Bind mount first */
573 { NULL, "/sys/fs/selinux", NULL, NULL, MS_BIND|MS_RDONLY|MS_REMOUNT, false }, /* Then, make it r/o */
580 for (k = 0; k < ELEMENTSOF(mount_table); k++) {
581 _cleanup_free_ char *where = NULL;
583 _cleanup_free_ char *options = NULL;
588 where = strjoin(dest, "/", mount_table[k].where, NULL);
592 t = path_is_mount_point(where, true);
594 log_error("Failed to detect whether %s is a mount point: %s", where, strerror(-t));
602 /* Skip this entry if it is not a remount. */
603 if (mount_table[k].what && t > 0)
606 mkdir_p(where, 0755);
609 if (arg_selinux_apifs_context &&
610 (streq_ptr(mount_table[k].what, "tmpfs") || streq_ptr(mount_table[k].what, "devpts"))) {
611 options = strjoin(mount_table[k].options, ",context=\"", arg_selinux_apifs_context, "\"", NULL);
618 o = mount_table[k].options;
621 if (mount(mount_table[k].what,
624 mount_table[k].flags,
626 mount_table[k].fatal) {
628 log_error("mount(%s) failed: %m", where);
638 static int mount_binds(const char *dest, char **l, unsigned long flags) {
641 STRV_FOREACH_PAIR(x, y, l) {
643 struct stat source_st, dest_st;
646 if (stat(*x, &source_st) < 0) {
647 log_error("Failed to stat %s: %m", *x);
651 where = strappenda(dest, *y);
652 r = stat(where, &dest_st);
654 if ((source_st.st_mode & S_IFMT) != (dest_st.st_mode & S_IFMT)) {
655 log_error("The file types of %s and %s do not match. Refusing bind mount",
659 } else if (errno == ENOENT) {
660 r = mkdir_parents_label(where, 0755);
662 log_error("Failed to bind mount %s: %s", *x, strerror(-r));
666 log_error("Failed to bind mount %s: %m", *x);
669 /* Create the mount point, but be conservative -- refuse to create block
670 * and char devices. */
671 if (S_ISDIR(source_st.st_mode))
672 mkdir_label(where, 0755);
673 else if (S_ISFIFO(source_st.st_mode))
675 else if (S_ISSOCK(source_st.st_mode))
676 mknod(where, 0644 | S_IFSOCK, 0);
677 else if (S_ISREG(source_st.st_mode))
680 log_error("Refusing to create mountpoint for file: %s", *x);
684 if (mount(*x, where, "bind", MS_BIND, NULL) < 0) {
685 log_error("mount(%s) failed: %m", where);
689 if (flags && mount(NULL, where, NULL, MS_REMOUNT|MS_BIND|flags, NULL) < 0) {
690 log_error("mount(%s) failed: %m", where);
698 static int setup_timezone(const char *dest) {
699 _cleanup_free_ char *where = NULL, *p = NULL, *q = NULL, *check = NULL, *what = NULL;
705 /* Fix the timezone, if possible */
706 r = readlink_malloc("/etc/localtime", &p);
708 log_warning("/etc/localtime is not a symlink, not updating container timezone.");
712 z = path_startswith(p, "../usr/share/zoneinfo/");
714 z = path_startswith(p, "/usr/share/zoneinfo/");
716 log_warning("/etc/localtime does not point into /usr/share/zoneinfo/, not updating container timezone.");
720 where = strappend(dest, "/etc/localtime");
724 r = readlink_malloc(where, &q);
726 y = path_startswith(q, "../usr/share/zoneinfo/");
728 y = path_startswith(q, "/usr/share/zoneinfo/");
731 /* Already pointing to the right place? Then do nothing .. */
732 if (y && streq(y, z))
736 check = strjoin(dest, "/usr/share/zoneinfo/", z, NULL);
740 if (access(check, F_OK) < 0) {
741 log_warning("Timezone %s does not exist in container, not updating container timezone.", z);
745 what = strappend("../usr/share/zoneinfo/", z);
750 if (symlink(what, where) < 0) {
751 log_error("Failed to correct timezone of container: %m");
758 static int setup_resolv_conf(const char *dest) {
759 char _cleanup_free_ *where = NULL;
763 if (arg_private_network)
766 /* Fix resolv.conf, if possible */
767 where = strappend(dest, "/etc/resolv.conf");
771 /* We don't really care for the results of this really. If it
772 * fails, it fails, but meh... */
773 copy_file("/etc/resolv.conf", where, O_TRUNC|O_NOFOLLOW);
778 static char* id128_format_as_uuid(sd_id128_t id, char s[37]) {
781 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x",
782 SD_ID128_FORMAT_VAL(id));
787 static int setup_boot_id(const char *dest) {
788 _cleanup_free_ char *from = NULL, *to = NULL;
795 if (arg_share_system)
798 /* Generate a new randomized boot ID, so that each boot-up of
799 * the container gets a new one */
801 from = strappend(dest, "/dev/proc-sys-kernel-random-boot-id");
802 to = strappend(dest, "/proc/sys/kernel/random/boot_id");
806 r = sd_id128_randomize(&rnd);
808 log_error("Failed to generate random boot id: %s", strerror(-r));
812 id128_format_as_uuid(rnd, as_uuid);
814 r = write_string_file(from, as_uuid);
816 log_error("Failed to write boot id: %s", strerror(-r));
820 if (mount(from, to, "bind", MS_BIND, NULL) < 0) {
821 log_error("Failed to bind mount boot id: %m");
823 } else if (mount(from, to, "bind", MS_BIND|MS_REMOUNT|MS_RDONLY, NULL))
824 log_warning("Failed to make boot id read-only: %m");
830 static int copy_devnodes(const char *dest) {
832 static const char devnodes[] =
842 _cleanup_umask_ mode_t u;
848 NULSTR_FOREACH(d, devnodes) {
849 _cleanup_free_ char *from = NULL, *to = NULL;
852 from = strappend("/dev/", d);
853 to = strjoin(dest, "/dev/", d, NULL);
857 if (stat(from, &st) < 0) {
859 if (errno != ENOENT) {
860 log_error("Failed to stat %s: %m", from);
864 } else if (!S_ISCHR(st.st_mode) && !S_ISBLK(st.st_mode)) {
866 log_error("%s is not a char or block device, cannot copy", from);
869 } else if (mknod(to, st.st_mode, st.st_rdev) < 0) {
871 log_error("mknod(%s) failed: %m", dest);
879 static int setup_ptmx(const char *dest) {
880 _cleanup_free_ char *p = NULL;
882 p = strappend(dest, "/dev/ptmx");
886 if (symlink("pts/ptmx", p) < 0) {
887 log_error("Failed to create /dev/ptmx symlink: %m");
894 static int setup_dev_console(const char *dest, const char *console) {
895 _cleanup_umask_ mode_t u;
905 if (stat("/dev/null", &st) < 0) {
906 log_error("Failed to stat /dev/null: %m");
910 r = chmod_and_chown(console, 0600, 0, 0);
912 log_error("Failed to correct access mode for TTY: %s", strerror(-r));
916 /* We need to bind mount the right tty to /dev/console since
917 * ptys can only exist on pts file systems. To have something
918 * to bind mount things on we create a device node first, and
919 * use /dev/null for that since we the cgroups device policy
920 * allows us to create that freely, while we cannot create
921 * /dev/console. (Note that the major minor doesn't actually
922 * matter here, since we mount it over anyway). */
924 to = strappenda(dest, "/dev/console");
925 if (mknod(to, (st.st_mode & ~07777) | 0600, st.st_rdev) < 0) {
926 log_error("mknod() for /dev/console failed: %m");
930 if (mount(console, to, "bind", MS_BIND, NULL) < 0) {
931 log_error("Bind mount for /dev/console failed: %m");
938 static int setup_kmsg(const char *dest, int kmsg_socket) {
939 _cleanup_free_ char *from = NULL, *to = NULL;
941 _cleanup_umask_ mode_t u;
943 struct cmsghdr cmsghdr;
944 uint8_t buf[CMSG_SPACE(sizeof(int))];
947 .msg_control = &control,
948 .msg_controllen = sizeof(control),
950 struct cmsghdr *cmsg;
953 assert(kmsg_socket >= 0);
957 /* We create the kmsg FIFO as /dev/kmsg, but immediately
958 * delete it after bind mounting it to /proc/kmsg. While FIFOs
959 * on the reading side behave very similar to /proc/kmsg,
960 * their writing side behaves differently from /dev/kmsg in
961 * that writing blocks when nothing is reading. In order to
962 * avoid any problems with containers deadlocking due to this
963 * we simply make /dev/kmsg unavailable to the container. */
964 if (asprintf(&from, "%s/dev/kmsg", dest) < 0 ||
965 asprintf(&to, "%s/proc/kmsg", dest) < 0)
968 if (mkfifo(from, 0600) < 0) {
969 log_error("mkfifo() for /dev/kmsg failed: %m");
973 r = chmod_and_chown(from, 0600, 0, 0);
975 log_error("Failed to correct access mode for /dev/kmsg: %s", strerror(-r));
979 if (mount(from, to, "bind", MS_BIND, NULL) < 0) {
980 log_error("Bind mount for /proc/kmsg failed: %m");
984 fd = open(from, O_RDWR|O_NDELAY|O_CLOEXEC);
986 log_error("Failed to open fifo: %m");
990 cmsg = CMSG_FIRSTHDR(&mh);
991 cmsg->cmsg_level = SOL_SOCKET;
992 cmsg->cmsg_type = SCM_RIGHTS;
993 cmsg->cmsg_len = CMSG_LEN(sizeof(int));
994 memcpy(CMSG_DATA(cmsg), &fd, sizeof(int));
996 mh.msg_controllen = cmsg->cmsg_len;
998 /* Store away the fd in the socket, so that it stays open as
999 * long as we run the child */
1000 k = sendmsg(kmsg_socket, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
1004 log_error("Failed to send FIFO fd: %m");
1008 /* And now make the FIFO unavailable as /dev/kmsg... */
1013 static int setup_hostname(void) {
1015 if (arg_share_system)
1018 if (sethostname(arg_machine, strlen(arg_machine)) < 0)
1024 static int setup_journal(const char *directory) {
1025 sd_id128_t machine_id, this_id;
1026 _cleanup_free_ char *p = NULL, *b = NULL, *q = NULL, *d = NULL;
1030 p = strappend(directory, "/etc/machine-id");
1034 r = read_one_line_file(p, &b);
1035 if (r == -ENOENT && arg_link_journal == LINK_AUTO)
1038 log_error("Failed to read machine ID from %s: %s", p, strerror(-r));
1043 if (isempty(id) && arg_link_journal == LINK_AUTO)
1046 /* Verify validity */
1047 r = sd_id128_from_string(id, &machine_id);
1049 log_error("Failed to parse machine ID from %s: %s", p, strerror(-r));
1053 r = sd_id128_get_machine(&this_id);
1055 log_error("Failed to retrieve machine ID: %s", strerror(-r));
1059 if (sd_id128_equal(machine_id, this_id)) {
1060 log_full(arg_link_journal == LINK_AUTO ? LOG_WARNING : LOG_ERR,
1061 "Host and machine ids are equal (%s): refusing to link journals", id);
1062 if (arg_link_journal == LINK_AUTO)
1068 if (arg_link_journal == LINK_NO)
1072 p = strappend("/var/log/journal/", id);
1073 q = strjoin(directory, "/var/log/journal/", id, NULL);
1077 if (path_is_mount_point(p, false) > 0) {
1078 if (arg_link_journal != LINK_AUTO) {
1079 log_error("%s: already a mount point, refusing to use for journal", p);
1086 if (path_is_mount_point(q, false) > 0) {
1087 if (arg_link_journal != LINK_AUTO) {
1088 log_error("%s: already a mount point, refusing to use for journal", q);
1095 r = readlink_and_make_absolute(p, &d);
1097 if ((arg_link_journal == LINK_GUEST ||
1098 arg_link_journal == LINK_AUTO) &&
1101 r = mkdir_p(q, 0755);
1103 log_warning("failed to create directory %s: %m", q);
1107 if (unlink(p) < 0) {
1108 log_error("Failed to remove symlink %s: %m", p);
1111 } else if (r == -EINVAL) {
1113 if (arg_link_journal == LINK_GUEST &&
1116 if (errno == ENOTDIR) {
1117 log_error("%s already exists and is neither a symlink nor a directory", p);
1120 log_error("Failed to remove %s: %m", p);
1124 } else if (r != -ENOENT) {
1125 log_error("readlink(%s) failed: %m", p);
1129 if (arg_link_journal == LINK_GUEST) {
1131 if (symlink(q, p) < 0) {
1132 log_error("Failed to symlink %s to %s: %m", q, p);
1136 r = mkdir_p(q, 0755);
1138 log_warning("failed to create directory %s: %m", q);
1142 if (arg_link_journal == LINK_HOST) {
1143 r = mkdir_p(p, 0755);
1145 log_error("Failed to create %s: %m", p);
1149 } else if (access(p, F_OK) < 0)
1152 if (dir_is_empty(q) == 0)
1153 log_warning("%s is not empty, proceeding anyway.", q);
1155 r = mkdir_p(q, 0755);
1157 log_error("Failed to create %s: %m", q);
1161 if (mount(p, q, "bind", MS_BIND, NULL) < 0) {
1162 log_error("Failed to bind mount journal from host into guest: %m");
1169 static int setup_kdbus(const char *dest, const char *path) {
1175 p = strappenda(dest, "/dev/kdbus");
1176 if (mkdir(p, 0755) < 0) {
1177 log_error("Failed to create kdbus path: %m");
1181 if (mount(path, p, "bind", MS_BIND, NULL) < 0) {
1182 log_error("Failed to mount kdbus domain path: %m");
1189 static int drop_capabilities(void) {
1190 return capability_bounding_set_drop(~arg_retain, false);
1193 static int register_machine(pid_t pid) {
1194 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1195 _cleanup_bus_unref_ sd_bus *bus = NULL;
1201 r = sd_bus_default_system(&bus);
1203 log_error("Failed to open system bus: %s", strerror(-r));
1207 if (arg_keep_unit) {
1208 r = sd_bus_call_method(
1210 "org.freedesktop.machine1",
1211 "/org/freedesktop/machine1",
1212 "org.freedesktop.machine1.Manager",
1218 SD_BUS_MESSAGE_APPEND_ID128(arg_uuid),
1222 strempty(arg_directory));
1224 _cleanup_bus_message_unref_ sd_bus_message *m = NULL;
1226 r = sd_bus_message_new_method_call(
1229 "org.freedesktop.machine1",
1230 "/org/freedesktop/machine1",
1231 "org.freedesktop.machine1.Manager",
1234 log_error("Failed to create message: %s", strerror(-r));
1238 r = sd_bus_message_append(
1242 SD_BUS_MESSAGE_APPEND_ID128(arg_uuid),
1246 strempty(arg_directory));
1248 log_error("Failed to append message arguments: %s", strerror(-r));
1252 r = sd_bus_message_open_container(m, 'a', "(sv)");
1254 log_error("Failed to open container: %s", strerror(-r));
1258 if (!isempty(arg_slice)) {
1259 r = sd_bus_message_append(m, "(sv)", "Slice", "s", arg_slice);
1261 log_error("Failed to append slice: %s", strerror(-r));
1266 r = sd_bus_message_append(m, "(sv)", "DevicePolicy", "s", "strict");
1268 log_error("Failed to add device policy: %s", strerror(-r));
1272 r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 10,
1273 /* Allow the container to
1274 * access and create the API
1275 * device nodes, so that
1276 * PrivateDevices= in the
1277 * container can work
1282 "/dev/random", "rwm",
1283 "/dev/urandom", "rwm",
1285 /* Allow the container
1286 * access to ptys. However,
1288 * container to ever create
1289 * these device nodes. */
1290 "/dev/pts/ptmx", "rw",
1292 /* Allow the container
1293 * access to all kdbus
1294 * devices. Again, the
1295 * container cannot create
1296 * these nodes, only use
1297 * them. We use a pretty
1298 * open match here, so that
1299 * the kernel API can still
1302 "char-kdbus/*", "rw");
1304 log_error("Failed to add device whitelist: %s", strerror(-r));
1308 r = sd_bus_message_close_container(m);
1310 log_error("Failed to close container: %s", strerror(-r));
1314 r = sd_bus_call(bus, m, 0, &error, NULL);
1318 log_error("Failed to register machine: %s", bus_error_message(&error, r));
1325 static int terminate_machine(pid_t pid) {
1326 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1327 _cleanup_bus_message_unref_ sd_bus_message *reply = NULL;
1328 _cleanup_bus_unref_ sd_bus *bus = NULL;
1335 r = sd_bus_default_system(&bus);
1337 log_error("Failed to open system bus: %s", strerror(-r));
1341 r = sd_bus_call_method(
1343 "org.freedesktop.machine1",
1344 "/org/freedesktop/machine1",
1345 "org.freedesktop.machine1.Manager",
1352 /* Note that the machine might already have been
1353 * cleaned up automatically, hence don't consider it a
1354 * failure if we cannot get the machine object. */
1355 log_debug("Failed to get machine: %s", bus_error_message(&error, r));
1359 r = sd_bus_message_read(reply, "o", &path);
1361 return bus_log_parse_error(r);
1363 r = sd_bus_call_method(
1365 "org.freedesktop.machine1",
1367 "org.freedesktop.machine1.Machine",
1373 log_debug("Failed to terminate machine: %s", bus_error_message(&error, r));
1380 static int reset_audit_loginuid(void) {
1381 _cleanup_free_ char *p = NULL;
1384 if (arg_share_system)
1387 r = read_one_line_file("/proc/self/loginuid", &p);
1391 log_error("Failed to read /proc/self/loginuid: %s", strerror(-r));
1395 /* Already reset? */
1396 if (streq(p, "4294967295"))
1399 r = write_string_file("/proc/self/loginuid", "4294967295");
1401 log_error("Failed to reset audit login UID. This probably means that your kernel is too\n"
1402 "old and you have audit enabled. Note that the auditing subsystem is known to\n"
1403 "be incompatible with containers on old kernels. Please make sure to upgrade\n"
1404 "your kernel or to off auditing with 'audit=0' on the kernel command line before\n"
1405 "using systemd-nspawn. Sleeping for 5s... (%s)\n", strerror(-r));
1413 #define HASH_KEY SD_ID128_MAKE(c3,c4,f9,19,b5,57,b2,1c,e6,cf,14,27,03,9c,ee,a2)
1415 static int get_mac(struct ether_addr *mac) {
1422 l = strlen(arg_machine);
1423 sz = sizeof(sd_id128_t) + l;
1426 /* fetch some persistent data unique to the host */
1427 r = sd_id128_get_machine((sd_id128_t*) v);
1431 /* combine with some data unique (on this host) to this
1432 * container instance */
1433 memcpy(v + sizeof(sd_id128_t), arg_machine, l);
1435 /* Let's hash the host machine ID plus the container name. We
1436 * use a fixed, but originally randomly created hash key here. */
1437 siphash24(result, v, sz, HASH_KEY.bytes);
1439 assert_cc(ETH_ALEN <= sizeof(result));
1440 memcpy(mac->ether_addr_octet, result, ETH_ALEN);
1442 /* see eth_random_addr in the kernel */
1443 mac->ether_addr_octet[0] &= 0xfe; /* clear multicast bit */
1444 mac->ether_addr_octet[0] |= 0x02; /* set local assignment bit (IEEE802) */
1449 static int setup_veth(pid_t pid, char iface_name[IFNAMSIZ]) {
1450 _cleanup_rtnl_message_unref_ sd_rtnl_message *m = NULL;
1451 _cleanup_rtnl_unref_ sd_rtnl *rtnl = NULL;
1452 struct ether_addr mac;
1455 if (!arg_private_network)
1458 if (!arg_network_veth)
1461 /* Use two different interface name prefixes depending whether
1462 * we are in bridge mode or not. */
1463 if (arg_network_bridge)
1464 memcpy(iface_name, "vb-", 3);
1466 memcpy(iface_name, "ve-", 3);
1467 strncpy(iface_name+3, arg_machine, IFNAMSIZ - 3);
1471 log_error("Failed to generate predictable MAC address for host0");
1475 r = sd_rtnl_open(&rtnl, 0);
1477 log_error("Failed to connect to netlink: %s", strerror(-r));
1481 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
1483 log_error("Failed to allocate netlink message: %s", strerror(-r));
1487 r = sd_rtnl_message_append_string(m, IFLA_IFNAME, iface_name);
1489 log_error("Failed to add netlink interface name: %s", strerror(-r));
1493 r = sd_rtnl_message_open_container(m, IFLA_LINKINFO);
1495 log_error("Failed to open netlink container: %s", strerror(-r));
1499 r = sd_rtnl_message_open_container_union(m, IFLA_INFO_DATA, "veth");
1501 log_error("Failed to open netlink container: %s", strerror(-r));
1505 r = sd_rtnl_message_open_container(m, VETH_INFO_PEER);
1507 log_error("Failed to open netlink container: %s", strerror(-r));
1511 r = sd_rtnl_message_append_string(m, IFLA_IFNAME, "host0");
1513 log_error("Failed to add netlink interface name: %s", strerror(-r));
1517 r = sd_rtnl_message_append_ether_addr(m, IFLA_ADDRESS, &mac);
1519 log_error("Failed to add netlink MAC address: %s", strerror(-r));
1523 r = sd_rtnl_message_append_u32(m, IFLA_NET_NS_PID, pid);
1525 log_error("Failed to add netlink namespace field: %s", strerror(-r));
1529 r = sd_rtnl_message_close_container(m);
1531 log_error("Failed to close netlink container: %s", strerror(-r));
1535 r = sd_rtnl_message_close_container(m);
1537 log_error("Failed to close netlink container: %s", strerror(-r));
1541 r = sd_rtnl_message_close_container(m);
1543 log_error("Failed to close netlink container: %s", strerror(-r));
1547 r = sd_rtnl_call(rtnl, m, 0, NULL);
1549 log_error("Failed to add new veth interfaces: %s", strerror(-r));
1556 static int setup_bridge(const char veth_name[]) {
1557 _cleanup_rtnl_message_unref_ sd_rtnl_message *m = NULL;
1558 _cleanup_rtnl_unref_ sd_rtnl *rtnl = NULL;
1561 if (!arg_private_network)
1564 if (!arg_network_veth)
1567 if (!arg_network_bridge)
1570 bridge = (int) if_nametoindex(arg_network_bridge);
1572 log_error("Failed to resolve interface %s: %m", arg_network_bridge);
1576 r = sd_rtnl_open(&rtnl, 0);
1578 log_error("Failed to connect to netlink: %s", strerror(-r));
1582 r = sd_rtnl_message_new_link(rtnl, &m, RTM_SETLINK, 0);
1584 log_error("Failed to allocate netlink message: %s", strerror(-r));
1588 r = sd_rtnl_message_link_set_flags(m, IFF_UP, IFF_UP);
1590 log_error("Failed to set IFF_UP flag: %s", strerror(-r));
1594 r = sd_rtnl_message_append_string(m, IFLA_IFNAME, veth_name);
1596 log_error("Failed to add netlink interface name field: %s", strerror(-r));
1600 r = sd_rtnl_message_append_u32(m, IFLA_MASTER, bridge);
1602 log_error("Failed to add netlink master field: %s", strerror(-r));
1606 r = sd_rtnl_call(rtnl, m, 0, NULL);
1608 log_error("Failed to add veth interface to bridge: %s", strerror(-r));
1615 static int parse_interface(struct udev *udev, const char *name) {
1616 _cleanup_udev_device_unref_ struct udev_device *d = NULL;
1617 char ifi_str[2 + DECIMAL_STR_MAX(int)];
1620 ifi = (int) if_nametoindex(name);
1622 log_error("Failed to resolve interface %s: %m", name);
1626 sprintf(ifi_str, "n%i", ifi);
1627 d = udev_device_new_from_device_id(udev, ifi_str);
1629 log_error("Failed to get udev device for interface %s: %m", name);
1633 if (udev_device_get_is_initialized(d) <= 0) {
1634 log_error("Network interface %s is not initialized yet.", name);
1641 static int move_network_interfaces(pid_t pid) {
1642 _cleanup_udev_unref_ struct udev *udev = NULL;
1643 _cleanup_rtnl_unref_ sd_rtnl *rtnl = NULL;
1647 if (!arg_private_network)
1650 if (strv_isempty(arg_network_interfaces))
1653 r = sd_rtnl_open(&rtnl, 0);
1655 log_error("Failed to connect to netlink: %s", strerror(-r));
1661 log_error("Failed to connect to udev.");
1665 STRV_FOREACH(i, arg_network_interfaces) {
1666 _cleanup_rtnl_message_unref_ sd_rtnl_message *m = NULL;
1669 ifi = parse_interface(udev, *i);
1673 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, ifi);
1675 log_error("Failed to allocate netlink message: %s", strerror(-r));
1679 r = sd_rtnl_message_append_u32(m, IFLA_NET_NS_PID, pid);
1681 log_error("Failed to append namespace PID to netlink message: %s", strerror(-r));
1685 r = sd_rtnl_call(rtnl, m, 0, NULL);
1687 log_error("Failed to move interface %s to namespace: %s", *i, strerror(-r));
1695 static int setup_macvlan(pid_t pid) {
1696 _cleanup_udev_unref_ struct udev *udev = NULL;
1697 _cleanup_rtnl_unref_ sd_rtnl *rtnl = NULL;
1701 if (!arg_private_network)
1704 if (strv_isempty(arg_network_macvlan))
1707 r = sd_rtnl_open(&rtnl, 0);
1709 log_error("Failed to connect to netlink: %s", strerror(-r));
1715 log_error("Failed to connect to udev.");
1719 STRV_FOREACH(i, arg_network_macvlan) {
1720 _cleanup_rtnl_message_unref_ sd_rtnl_message *m = NULL;
1721 _cleanup_free_ char *n = NULL;
1724 ifi = parse_interface(udev, *i);
1728 r = sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINK, 0);
1730 log_error("Failed to allocate netlink message: %s", strerror(-r));
1734 r = sd_rtnl_message_append_u32(m, IFLA_LINK, ifi);
1736 log_error("Failed to add netlink interface index: %s", strerror(-r));
1740 n = strappend("mv-", *i);
1744 strshorten(n, IFNAMSIZ-1);
1746 r = sd_rtnl_message_append_string(m, IFLA_IFNAME, n);
1748 log_error("Failed to add netlink interface name: %s", strerror(-r));
1752 r = sd_rtnl_message_append_u32(m, IFLA_NET_NS_PID, pid);
1754 log_error("Failed to add netlink namespace field: %s", strerror(-r));
1758 r = sd_rtnl_message_open_container(m, IFLA_LINKINFO);
1760 log_error("Failed to open netlink container: %s", strerror(-r));
1764 r = sd_rtnl_message_open_container_union(m, IFLA_INFO_DATA, "macvlan");
1766 log_error("Failed to open netlink container: %s", strerror(-r));
1770 r = sd_rtnl_message_append_u32(m, IFLA_MACVLAN_MODE, MACVLAN_MODE_BRIDGE);
1772 log_error("Failed to append macvlan mode: %s", strerror(-r));
1776 r = sd_rtnl_message_close_container(m);
1778 log_error("Failed to close netlink container: %s", strerror(-r));
1782 r = sd_rtnl_message_close_container(m);
1784 log_error("Failed to close netlink container: %s", strerror(-r));
1788 r = sd_rtnl_call(rtnl, m, 0, NULL);
1790 log_error("Failed to add new macvlan interfaces: %s", strerror(-r));
1798 static int audit_still_doesnt_work_in_containers(void) {
1801 scmp_filter_ctx seccomp;
1805 Audit is broken in containers, much of the userspace audit
1806 hookup will fail if running inside a container. We don't
1807 care and just turn off creation of audit sockets.
1809 This will make socket(AF_NETLINK, *, NETLINK_AUDIT) fail
1810 with EAFNOSUPPORT which audit userspace uses as indication
1811 that audit is disabled in the kernel.
1814 seccomp = seccomp_init(SCMP_ACT_ALLOW);
1818 r = seccomp_add_secondary_archs(seccomp);
1820 log_error("Failed to add secondary archs to seccomp filter: %s", strerror(-r));
1824 r = seccomp_rule_add(
1826 SCMP_ACT_ERRNO(EAFNOSUPPORT),
1829 SCMP_A0(SCMP_CMP_EQ, AF_NETLINK),
1830 SCMP_A2(SCMP_CMP_EQ, NETLINK_AUDIT));
1832 log_error("Failed to add audit seccomp rule: %s", strerror(-r));
1836 r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);
1838 log_error("Failed to unset NO_NEW_PRIVS: %s", strerror(-r));
1842 r = seccomp_load(seccomp);
1844 log_error("Failed to install seccomp audit filter: %s", strerror(-r));
1847 seccomp_release(seccomp);
1855 static int setup_image(char **device_path, int *loop_nr) {
1856 struct loop_info64 info = {
1857 .lo_flags = LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN
1859 _cleanup_close_ int fd = -1, control = -1, loop = -1;
1860 _cleanup_free_ char* loopdev = NULL;
1864 assert(device_path);
1867 fd = open(arg_image, O_CLOEXEC|(arg_read_only ? O_RDONLY : O_RDWR)|O_NONBLOCK|O_NOCTTY);
1869 log_error("Failed to open %s: %m", arg_image);
1873 if (fstat(fd, &st) < 0) {
1874 log_error("Failed to stat %s: %m", arg_image);
1878 if (S_ISBLK(st.st_mode)) {
1881 p = strdup(arg_image);
1895 if (!S_ISREG(st.st_mode)) {
1896 log_error("%s is not a regular file or block device: %m", arg_image);
1900 control = open("/dev/loop-control", O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
1902 log_error("Failed to open /dev/loop-control: %m");
1906 nr = ioctl(control, LOOP_CTL_GET_FREE);
1908 log_error("Failed to allocate loop device: %m");
1912 if (asprintf(&loopdev, "/dev/loop%i", nr) < 0)
1915 loop = open(loopdev, O_CLOEXEC|(arg_read_only ? O_RDONLY : O_RDWR)|O_NONBLOCK|O_NOCTTY);
1917 log_error("Failed to open loop device %s: %m", loopdev);
1921 if (ioctl(loop, LOOP_SET_FD, fd) < 0) {
1922 log_error("Failed to set loopback file descriptor on %s: %m", loopdev);
1927 info.lo_flags |= LO_FLAGS_READ_ONLY;
1929 if (ioctl(loop, LOOP_SET_STATUS64, &info) < 0) {
1930 log_error("Failed to set loopback settings on %s: %m", loopdev);
1934 *device_path = loopdev;
1945 static int dissect_image(
1947 char **root_device, bool *root_device_rw,
1948 char **home_device, bool *home_device_rw,
1949 char **srv_device, bool *srv_device_rw,
1953 int home_nr = -1, root_nr = -1, secondary_root_nr = -1, srv_nr = -1;
1954 _cleanup_free_ char *home = NULL, *root = NULL, *secondary_root = NULL, *srv = NULL;
1955 _cleanup_udev_enumerate_unref_ struct udev_enumerate *e = NULL;
1956 _cleanup_udev_device_unref_ struct udev_device *d = NULL;
1957 _cleanup_blkid_free_probe_ blkid_probe b = NULL;
1958 _cleanup_udev_unref_ struct udev *udev = NULL;
1959 struct udev_list_entry *first, *item;
1960 bool home_rw = true, root_rw = true, secondary_root_rw = true, srv_rw = true;
1961 const char *pttype = NULL;
1967 assert(root_device);
1968 assert(home_device);
1972 b = blkid_new_probe();
1977 r = blkid_probe_set_device(b, fd, 0, 0);
1982 log_error("Failed to set device on blkid probe: %m");
1986 blkid_probe_enable_partitions(b, 1);
1987 blkid_probe_set_partitions_flags(b, BLKID_PARTS_ENTRY_DETAILS);
1990 r = blkid_do_safeprobe(b);
1991 if (r == -2 || r == 1) {
1992 log_error("Failed to identify any partition table on %s.\n"
1993 "Note that the disk image needs to follow http://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec/ to be supported by systemd-nspawn.", arg_image);
1995 } else if (r != 0) {
1998 log_error("Failed to probe: %m");
2002 blkid_probe_lookup_value(b, "PTTYPE", &pttype, NULL);
2003 if (!streq_ptr(pttype, "gpt")) {
2004 log_error("Image %s does not carry a GUID Partition Table.\n"
2005 "Note that the disk image needs to follow http://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec/ to be supported by systemd-nspawn.", arg_image);
2010 pl = blkid_probe_get_partitions(b);
2015 log_error("Failed to list partitions of %s", arg_image);
2023 if (fstat(fd, &st) < 0) {
2024 log_error("Failed to stat block device: %m");
2028 d = udev_device_new_from_devnum(udev, 'b', st.st_rdev);
2032 e = udev_enumerate_new(udev);
2036 r = udev_enumerate_add_match_parent(e, d);
2040 r = udev_enumerate_scan_devices(e);
2042 log_error("Failed to scan for partition devices of %s: %s", arg_image, strerror(-r));
2046 first = udev_enumerate_get_list_entry(e);
2047 udev_list_entry_foreach(item, first) {
2048 _cleanup_udev_device_unref_ struct udev_device *q;
2049 const char *stype, *node;
2050 unsigned long long flags;
2057 q = udev_device_new_from_syspath(udev, udev_list_entry_get_name(item));
2062 log_error("Failed to get partition device of %s: %m", arg_image);
2066 qn = udev_device_get_devnum(q);
2070 if (st.st_rdev == qn)
2073 node = udev_device_get_devnode(q);
2077 pp = blkid_partlist_devno_to_partition(pl, qn);
2081 flags = blkid_partition_get_flags(pp);
2082 if (flags & GPT_FLAG_NO_AUTO)
2085 nr = blkid_partition_get_partno(pp);
2089 stype = blkid_partition_get_type_string(pp);
2093 if (sd_id128_from_string(stype, &type_id) < 0)
2096 if (sd_id128_equal(type_id, GPT_HOME)) {
2098 if (home && nr >= home_nr)
2102 home_rw = !(flags & GPT_FLAG_READ_ONLY);
2105 home = strdup(node);
2108 } else if (sd_id128_equal(type_id, GPT_SRV)) {
2110 if (srv && nr >= srv_nr)
2114 srv_rw = !(flags & GPT_FLAG_READ_ONLY);
2121 #ifdef GPT_ROOT_NATIVE
2122 else if (sd_id128_equal(type_id, GPT_ROOT_NATIVE)) {
2124 if (root && nr >= root_nr)
2128 root_rw = !(flags & GPT_FLAG_READ_ONLY);
2131 root = strdup(node);
2136 #ifdef GPT_ROOT_SECONDARY
2137 else if (sd_id128_equal(type_id, GPT_ROOT_SECONDARY)) {
2139 if (secondary_root && nr >= secondary_root_nr)
2142 secondary_root_nr = nr;
2143 secondary_root_rw = !(flags & GPT_FLAG_READ_ONLY);
2146 free(secondary_root);
2147 secondary_root = strdup(node);
2148 if (!secondary_root)
2154 if (!root && !secondary_root) {
2155 log_error("Failed to identify root partition in disk image %s.\n"
2156 "Note that the disk image needs to follow http://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec/ to be supported by systemd-nspawn.", arg_image);
2161 *root_device = root;
2164 *root_device_rw = root_rw;
2166 } else if (secondary_root) {
2167 *root_device = secondary_root;
2168 secondary_root = NULL;
2170 *root_device_rw = secondary_root_rw;
2175 *home_device = home;
2178 *home_device_rw = home_rw;
2185 *srv_device_rw = srv_rw;
2190 log_error("--image= is not supported, compiled without blkid support.");
2195 static int mount_device(const char *what, const char *where, const char *directory, bool rw) {
2197 _cleanup_blkid_free_probe_ blkid_probe b = NULL;
2198 const char *fstype, *p;
2208 p = strappenda(where, directory);
2213 b = blkid_new_probe_from_filename(what);
2217 log_error("Failed to allocate prober for %s: %m", what);
2221 blkid_probe_enable_superblocks(b, 1);
2222 blkid_probe_set_superblocks_flags(b, BLKID_SUBLKS_TYPE);
2225 r = blkid_do_safeprobe(b);
2226 if (r == -1 || r == 1) {
2227 log_error("Cannot determine file system type of %s", what);
2229 } else if (r != 0) {
2232 log_error("Failed to probe %s: %m", what);
2237 if (blkid_probe_lookup_value(b, "TYPE", &fstype, NULL) < 0) {
2240 log_error("Failed to determine file system type of %s", what);
2244 if (streq(fstype, "crypto_LUKS")) {
2245 log_error("nspawn currently does not support LUKS disk images.");
2249 if (mount(what, p, fstype, MS_NODEV|(rw ? 0 : MS_RDONLY), NULL) < 0) {
2250 log_error("Failed to mount %s: %m", what);
2256 log_error("--image= is not supported, compiled without blkid support.");
2261 static int mount_devices(
2263 const char *root_device, bool root_device_rw,
2264 const char *home_device, bool home_device_rw,
2265 const char *srv_device, bool srv_device_rw) {
2271 r = mount_device(root_device, arg_directory, NULL, root_device_rw);
2273 log_error("Failed to mount root directory: %s", strerror(-r));
2279 r = mount_device(home_device, arg_directory, "/home", home_device_rw);
2281 log_error("Failed to mount home directory: %s", strerror(-r));
2287 r = mount_device(srv_device, arg_directory, "/srv", srv_device_rw);
2289 log_error("Failed to mount server data directory: %s", strerror(-r));
2297 static void loop_remove(int nr, int *image_fd) {
2298 _cleanup_close_ int control = -1;
2303 if (image_fd && *image_fd >= 0) {
2304 ioctl(*image_fd, LOOP_CLR_FD);
2305 *image_fd = safe_close(*image_fd);
2308 control = open("/dev/loop-control", O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
2312 ioctl(control, LOOP_CTL_REMOVE, nr);
2315 static int spawn_getent(const char *database, const char *key, pid_t *rpid) {
2323 if (pipe2(pipe_fds, O_CLOEXEC) < 0) {
2324 log_error("Failed to allocate pipe: %m");
2330 log_error("Failed to fork getent child: %m");
2332 } else if (pid == 0) {
2334 char *empty_env = NULL;
2336 if (dup3(pipe_fds[1], STDOUT_FILENO, 0) < 0)
2337 _exit(EXIT_FAILURE);
2339 if (pipe_fds[0] > 2)
2340 safe_close(pipe_fds[0]);
2341 if (pipe_fds[1] > 2)
2342 safe_close(pipe_fds[1]);
2344 nullfd = open("/dev/null", O_RDWR);
2346 _exit(EXIT_FAILURE);
2348 if (dup3(nullfd, STDIN_FILENO, 0) < 0)
2349 _exit(EXIT_FAILURE);
2351 if (dup3(nullfd, STDERR_FILENO, 0) < 0)
2352 _exit(EXIT_FAILURE);
2357 reset_all_signal_handlers();
2358 close_all_fds(NULL, 0);
2360 execle("/usr/bin/getent", "getent", database, key, NULL, &empty_env);
2361 execle("/bin/getent", "getent", database, key, NULL, &empty_env);
2362 _exit(EXIT_FAILURE);
2365 pipe_fds[1] = safe_close(pipe_fds[1]);
2372 static int change_uid_gid(char **_home) {
2373 char line[LINE_MAX], *w, *x, *state, *u, *g, *h;
2374 _cleanup_free_ uid_t *uids = NULL;
2375 _cleanup_free_ char *home = NULL;
2376 _cleanup_fclose_ FILE *f = NULL;
2377 _cleanup_close_ int fd = -1;
2378 unsigned n_uids = 0;
2387 if (!arg_user || streq(arg_user, "root") || streq(arg_user, "0")) {
2388 /* Reset everything fully to 0, just in case */
2390 if (setgroups(0, NULL) < 0) {
2391 log_error("setgroups() failed: %m");
2395 if (setresgid(0, 0, 0) < 0) {
2396 log_error("setregid() failed: %m");
2400 if (setresuid(0, 0, 0) < 0) {
2401 log_error("setreuid() failed: %m");
2409 /* First, get user credentials */
2410 fd = spawn_getent("passwd", arg_user, &pid);
2414 f = fdopen(fd, "r");
2419 if (!fgets(line, sizeof(line), f)) {
2422 log_error("Failed to resolve user %s.", arg_user);
2426 log_error("Failed to read from getent: %m");
2432 wait_for_terminate_and_warn("getent passwd", pid);
2434 x = strchr(line, ':');
2436 log_error("/etc/passwd entry has invalid user field.");
2440 u = strchr(x+1, ':');
2442 log_error("/etc/passwd entry has invalid password field.");
2449 log_error("/etc/passwd entry has invalid UID field.");
2457 log_error("/etc/passwd entry has invalid GID field.");
2462 h = strchr(x+1, ':');
2464 log_error("/etc/passwd entry has invalid GECOS field.");
2471 log_error("/etc/passwd entry has invalid home directory field.");
2477 r = parse_uid(u, &uid);
2479 log_error("Failed to parse UID of user.");
2483 r = parse_gid(g, &gid);
2485 log_error("Failed to parse GID of user.");
2493 /* Second, get group memberships */
2494 fd = spawn_getent("initgroups", arg_user, &pid);
2499 f = fdopen(fd, "r");
2504 if (!fgets(line, sizeof(line), f)) {
2506 log_error("Failed to resolve user %s.", arg_user);
2510 log_error("Failed to read from getent: %m");
2516 wait_for_terminate_and_warn("getent initgroups", pid);
2518 /* Skip over the username and subsequent separator whitespace */
2520 x += strcspn(x, WHITESPACE);
2521 x += strspn(x, WHITESPACE);
2523 FOREACH_WORD(w, l, x, state) {
2529 if (!GREEDY_REALLOC(uids, sz, n_uids+1))
2532 r = parse_uid(c, &uids[n_uids++]);
2534 log_error("Failed to parse group data from getent.");
2539 r = mkdir_parents(home, 0775);
2541 log_error("Failed to make home root directory: %s", strerror(-r));
2545 r = mkdir_safe(home, 0755, uid, gid);
2546 if (r < 0 && r != -EEXIST) {
2547 log_error("Failed to make home directory: %s", strerror(-r));
2551 fchown(STDIN_FILENO, uid, gid);
2552 fchown(STDOUT_FILENO, uid, gid);
2553 fchown(STDERR_FILENO, uid, gid);
2555 if (setgroups(n_uids, uids) < 0) {
2556 log_error("Failed to set auxiliary groups: %m");
2560 if (setresgid(gid, gid, gid) < 0) {
2561 log_error("setregid() failed: %m");
2565 if (setresuid(uid, uid, uid) < 0) {
2566 log_error("setreuid() failed: %m");
2579 * Return 0 in case the container is being rebooted, has been shut
2580 * down or exited successfully. On failures a negative value is
2583 * The status of the container "CONTAINER_TERMINATED" or
2584 * "CONTAINER_REBOOTED" will be saved in the container argument
2586 static int wait_for_container(pid_t pid, ContainerStatus *container) {
2590 r = wait_for_terminate(pid, &status);
2594 switch (status.si_code) {
2596 r = status.si_status;
2599 log_debug("Container %s exited successfully.",
2602 *container = CONTAINER_TERMINATED;
2604 log_error("Container %s failed with error code %i.",
2605 arg_machine, status.si_status);
2611 if (status.si_status == SIGINT) {
2613 log_info("Container %s has been shut down.",
2616 *container = CONTAINER_TERMINATED;
2619 } else if (status.si_status == SIGHUP) {
2621 log_info("Container %s is being rebooted.",
2624 *container = CONTAINER_REBOOTED;
2628 /* CLD_KILLED fallthrough */
2631 log_error("Container %s terminated by signal %s.",
2632 arg_machine, signal_to_string(status.si_status));
2637 log_error("Container %s failed due to unknown reason.",
2646 static void nop_handler(int sig) {}
2648 int main(int argc, char *argv[]) {
2650 _cleanup_free_ char *kdbus_domain = NULL, *device_path = NULL, *root_device = NULL, *home_device = NULL, *srv_device = NULL;
2651 bool root_device_rw = true, home_device_rw = true, srv_device_rw = true;
2652 _cleanup_close_ int master = -1, kdbus_fd = -1, image_fd = -1;
2653 _cleanup_close_pair_ int kmsg_socket_pair[2] = { -1, -1 };
2654 _cleanup_fdset_free_ FDSet *fds = NULL;
2655 int r = EXIT_FAILURE, k, n_fd_passed, loop_nr = -1;
2656 const char *console = NULL;
2657 char veth_name[IFNAMSIZ];
2658 bool secondary = false;
2659 sigset_t mask, mask_chld;
2662 log_parse_environment();
2665 k = parse_argv(argc, argv);
2674 if (arg_directory) {
2677 p = path_make_absolute_cwd(arg_directory);
2678 free(arg_directory);
2681 arg_directory = get_current_dir_name();
2683 if (!arg_directory) {
2684 log_error("Failed to determine path, please use -D.");
2687 path_kill_slashes(arg_directory);
2691 arg_machine = strdup(basename(arg_image ? arg_image : arg_directory));
2697 hostname_cleanup(arg_machine, false);
2698 if (isempty(arg_machine)) {
2699 log_error("Failed to determine machine name automatically, please use -M.");
2704 if (geteuid() != 0) {
2705 log_error("Need to be root.");
2709 if (sd_booted() <= 0) {
2710 log_error("Not running on a systemd system.");
2715 n_fd_passed = sd_listen_fds(false);
2716 if (n_fd_passed > 0) {
2717 k = fdset_new_listen_fds(&fds, false);
2719 log_error("Failed to collect file descriptors: %s", strerror(-k));
2723 fdset_close_others(fds);
2726 if (arg_directory) {
2727 if (path_equal(arg_directory, "/")) {
2728 log_error("Spawning container on root directory not supported.");
2733 if (path_is_os_tree(arg_directory) <= 0) {
2734 log_error("Directory %s doesn't look like an OS root directory (/etc/os-release is missing). Refusing.", arg_directory);
2740 p = strappenda(arg_directory,
2741 argc > optind && path_is_absolute(argv[optind]) ? argv[optind] : "/usr/bin/");
2742 if (access(p, F_OK) < 0) {
2743 log_error("Directory %s lacks the binary to execute or doesn't look like a binary tree. Refusing.", arg_directory);
2749 char template[] = "/tmp/nspawn-root-XXXXXX";
2751 if (!mkdtemp(template)) {
2752 log_error("Failed to create temporary directory: %m");
2757 arg_directory = strdup(template);
2758 if (!arg_directory) {
2763 image_fd = setup_image(&device_path, &loop_nr);
2769 r = dissect_image(image_fd, &root_device, &root_device_rw, &home_device, &home_device_rw, &srv_device, &srv_device_rw, &secondary);
2774 master = posix_openpt(O_RDWR|O_NOCTTY|O_CLOEXEC|O_NDELAY);
2776 log_error("Failed to acquire pseudo tty: %m");
2780 console = ptsname(master);
2782 log_error("Failed to determine tty name: %m");
2787 log_info("Spawning container %s on %s. Press ^] three times within 1s to abort execution.", arg_machine, arg_image ? arg_image : arg_directory);
2789 if (unlockpt(master) < 0) {
2790 log_error("Failed to unlock tty: %m");
2794 if (access("/dev/kdbus/control", F_OK) >= 0) {
2796 if (arg_share_system) {
2797 kdbus_domain = strdup("/dev/kdbus");
2798 if (!kdbus_domain) {
2805 ns = strappenda("machine-", arg_machine);
2806 kdbus_fd = bus_kernel_create_domain(ns, &kdbus_domain);
2808 log_debug("Failed to create kdbus domain: %s", strerror(-r));
2810 log_debug("Successfully created kdbus domain as %s", kdbus_domain);
2814 if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0, kmsg_socket_pair) < 0) {
2815 log_error("Failed to create kmsg socket pair: %m");
2819 sd_notify(0, "READY=1");
2821 assert_se(sigemptyset(&mask) == 0);
2822 assert_se(sigemptyset(&mask_chld) == 0);
2823 sigaddset(&mask_chld, SIGCHLD);
2824 sigset_add_many(&mask, SIGCHLD, SIGWINCH, SIGTERM, SIGINT, -1);
2825 assert_se(sigprocmask(SIG_BLOCK, &mask, NULL) == 0);
2828 ContainerStatus container_status;
2829 int eventfds[2] = { -1, -1 };
2830 struct sigaction sa = {
2831 .sa_handler = nop_handler,
2832 .sa_flags = SA_NOCLDSTOP,
2835 /* Child can be killed before execv(), so handle SIGCHLD
2836 * in order to interrupt parent's blocking calls and
2837 * give it a chance to call wait() and terminate. */
2838 r = sigprocmask(SIG_UNBLOCK, &mask_chld, NULL);
2840 log_error("Failed to change the signal mask: %m");
2844 r = sigaction(SIGCHLD, &sa, NULL);
2846 log_error("Failed to install SIGCHLD handler: %m");
2850 pid = clone_with_eventfd(SIGCHLD|CLONE_NEWNS|
2851 (arg_share_system ? 0 : CLONE_NEWIPC|CLONE_NEWPID|CLONE_NEWUTS)|
2852 (arg_private_network ? CLONE_NEWNET : 0), eventfds);
2854 if (errno == EINVAL)
2855 log_error("clone() failed, do you have namespace support enabled in your kernel? (You need UTS, IPC, PID and NET namespacing built in): %m");
2857 log_error("clone() failed: %m");
2865 _cleanup_free_ char *home = NULL;
2867 const char *envp[] = {
2868 "PATH=" DEFAULT_PATH_SPLIT_USR,
2869 "container=systemd-nspawn", /* LXC sets container=lxc, so follow the scheme here */
2874 NULL, /* container_uuid */
2875 NULL, /* LISTEN_FDS */
2876 NULL, /* LISTEN_PID */
2881 envp[n_env] = strv_find_prefix(environ, "TERM=");
2885 master = safe_close(master);
2887 close_nointr(STDIN_FILENO);
2888 close_nointr(STDOUT_FILENO);
2889 close_nointr(STDERR_FILENO);
2891 kmsg_socket_pair[0] = safe_close(kmsg_socket_pair[0]);
2893 reset_all_signal_handlers();
2895 assert_se(sigemptyset(&mask) == 0);
2896 assert_se(sigprocmask(SIG_SETMASK, &mask, NULL) == 0);
2898 k = open_terminal(console, O_RDWR);
2899 if (k != STDIN_FILENO) {
2905 log_error("Failed to open console: %s", strerror(-k));
2909 if (dup2(STDIN_FILENO, STDOUT_FILENO) != STDOUT_FILENO ||
2910 dup2(STDIN_FILENO, STDERR_FILENO) != STDERR_FILENO) {
2911 log_error("Failed to duplicate console: %m");
2916 log_error("setsid() failed: %m");
2920 if (reset_audit_loginuid() < 0)
2923 if (prctl(PR_SET_PDEATHSIG, SIGKILL) < 0) {
2924 log_error("PR_SET_PDEATHSIG failed: %m");
2928 /* Mark everything as slave, so that we still
2929 * receive mounts from the real root, but don't
2930 * propagate mounts to the real root. */
2931 if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) {
2932 log_error("MS_SLAVE|MS_REC failed: %m");
2936 if (mount_devices(arg_directory,
2937 root_device, root_device_rw,
2938 home_device, home_device_rw,
2939 srv_device, srv_device_rw) < 0)
2942 /* Turn directory into bind mount */
2943 if (mount(arg_directory, arg_directory, "bind", MS_BIND|MS_REC, NULL) < 0) {
2944 log_error("Failed to make bind mount.");
2949 if (mount(arg_directory, arg_directory, "bind", MS_BIND|MS_REMOUNT|MS_RDONLY|MS_REC, NULL) < 0) {
2950 log_error("Failed to make read-only.");
2954 if (mount_all(arg_directory) < 0)
2957 if (copy_devnodes(arg_directory) < 0)
2960 if (setup_ptmx(arg_directory) < 0)
2963 dev_setup(arg_directory);
2965 if (audit_still_doesnt_work_in_containers() < 0)
2968 if (setup_dev_console(arg_directory, console) < 0)
2971 if (setup_kmsg(arg_directory, kmsg_socket_pair[1]) < 0)
2974 kmsg_socket_pair[1] = safe_close(kmsg_socket_pair[1]);
2976 if (setup_boot_id(arg_directory) < 0)
2979 if (setup_timezone(arg_directory) < 0)
2982 if (setup_resolv_conf(arg_directory) < 0)
2985 if (setup_journal(arg_directory) < 0)
2988 if (mount_binds(arg_directory, arg_bind, 0) < 0)
2991 if (mount_binds(arg_directory, arg_bind_ro, MS_RDONLY) < 0)
2994 if (setup_kdbus(arg_directory, kdbus_domain) < 0)
2997 /* Tell the parent that we are ready, and that
2998 * it can cgroupify us to that we lack access
2999 * to certain devices and resources. */
3000 r = eventfd_send_state(eventfds[1],
3001 EVENTFD_CHILD_SUCCEEDED);
3002 eventfds[1] = safe_close(eventfds[1]);
3006 if (chdir(arg_directory) < 0) {
3007 log_error("chdir(%s) failed: %m", arg_directory);
3011 if (mount(arg_directory, "/", NULL, MS_MOVE, NULL) < 0) {
3012 log_error("mount(MS_MOVE) failed: %m");
3016 if (chroot(".") < 0) {
3017 log_error("chroot() failed: %m");
3021 if (chdir("/") < 0) {
3022 log_error("chdir() failed: %m");
3028 if (arg_private_network)
3031 if (drop_capabilities() < 0) {
3032 log_error("drop_capabilities() failed: %m");
3036 r = change_uid_gid(&home);
3040 if ((asprintf((char**)(envp + n_env++), "HOME=%s", home ? home: "/root") < 0) ||
3041 (asprintf((char**)(envp + n_env++), "USER=%s", arg_user ? arg_user : "root") < 0) ||
3042 (asprintf((char**)(envp + n_env++), "LOGNAME=%s", arg_user ? arg_user : "root") < 0)) {
3047 if (!sd_id128_equal(arg_uuid, SD_ID128_NULL)) {
3050 if (asprintf((char**)(envp + n_env++), "container_uuid=%s", id128_format_as_uuid(arg_uuid, as_uuid)) < 0) {
3056 if (fdset_size(fds) > 0) {
3057 k = fdset_cloexec(fds, false);
3059 log_error("Failed to unset O_CLOEXEC for file descriptors.");
3063 if ((asprintf((char **)(envp + n_env++), "LISTEN_FDS=%u", n_fd_passed) < 0) ||
3064 (asprintf((char **)(envp + n_env++), "LISTEN_PID=1") < 0)) {
3072 if (arg_personality != 0xffffffffLU) {
3073 if (personality(arg_personality) < 0) {
3074 log_error("personality() failed: %m");
3077 } else if (secondary) {
3078 if (personality(PER_LINUX32) < 0) {
3079 log_error("personality() failed: %m");
3085 if (arg_selinux_context)
3086 if (setexeccon((security_context_t) arg_selinux_context) < 0) {
3087 log_error("setexeccon(\"%s\") failed: %m", arg_selinux_context);
3092 if (!strv_isempty(arg_setenv)) {
3095 n = strv_env_merge(2, envp, arg_setenv);
3103 env_use = (char**) envp;
3105 /* Wait until the parent is ready with the setup, too... */
3106 r = eventfd_parent_succeeded(eventfds[0]);
3107 eventfds[0] = safe_close(eventfds[0]);
3115 /* Automatically search for the init system */
3117 l = 1 + argc - optind;
3118 a = newa(char*, l + 1);
3119 memcpy(a + 1, argv + optind, l * sizeof(char*));
3121 a[0] = (char*) "/usr/lib/systemd/systemd";
3122 execve(a[0], a, env_use);
3124 a[0] = (char*) "/lib/systemd/systemd";
3125 execve(a[0], a, env_use);
3127 a[0] = (char*) "/sbin/init";
3128 execve(a[0], a, env_use);
3129 } else if (argc > optind)
3130 execvpe(argv[optind], argv + optind, env_use);
3132 chdir(home ? home : "/root");
3133 execle("/bin/bash", "-bash", NULL, env_use);
3134 execle("/bin/sh", "-sh", NULL, env_use);
3137 log_error("execv() failed: %m");
3140 /* Tell the parent that the setup failed, so he
3141 * can clean up resources and terminate. */
3142 if (eventfds[1] != -1)
3143 eventfd_send_state(eventfds[1],
3144 EVENTFD_CHILD_FAILED);
3145 _exit(EXIT_FAILURE);
3151 /* Wait for the child event:
3152 * If EVENTFD_CHILD_FAILED, the child will terminate soon.
3153 * If EVENTFD_CHILD_SUCCEEDED, the child is reporting that
3154 * it is ready with all it needs to do with priviliges.
3155 * After we got the notification we can make the process
3156 * join its cgroup which might limit what it can do */
3157 r = eventfd_child_succeeded(eventfds[1]);
3158 eventfds[1] = safe_close(eventfds[1]);
3160 goto check_container_status;
3162 r = register_machine(pid);
3166 r = move_network_interfaces(pid);
3170 r = setup_veth(pid, veth_name);
3174 r = setup_bridge(veth_name);
3178 r = setup_macvlan(pid);
3182 /* Block SIGCHLD here, before notifying child.
3183 * process_pty() will handle it with the other signals. */
3184 r = sigprocmask(SIG_BLOCK, &mask_chld, NULL);
3188 /* Reset signal to default */
3189 r = default_signals(SIGCHLD, -1);
3193 /* Notify the child that the parent is ready with all
3194 * its setup, and that the child can now hand over
3195 * control to the code to run inside the container. */
3196 r = eventfd_send_state(eventfds[0],
3197 EVENTFD_PARENT_SUCCEEDED);
3198 eventfds[0] = safe_close(eventfds[0]);
3202 k = process_pty(master, &mask, arg_boot ? pid : 0, SIGRTMIN+3);
3211 /* Kill if it is not dead yet anyway */
3212 terminate_machine(pid);
3214 check_container_status:
3215 /* Redundant, but better safe than sorry */
3218 r = wait_for_container(pid, &container_status);
3224 } else if (container_status == CONTAINER_TERMINATED)
3227 /* CONTAINER_REBOOTED, loop again */
3231 loop_remove(loop_nr, &image_fd);
3236 free(arg_directory);
3239 strv_free(arg_setenv);
3240 strv_free(arg_network_interfaces);
3241 strv_free(arg_network_macvlan);
3242 strv_free(arg_bind);
3243 strv_free(arg_bind_ro);