#include <string.h>
#include <unistd.h>
#include <fcntl.h>
+#include <sched.h>
+#include <sys/prctl.h>
#include "unit.h"
#include "strv.h"
#include "conf-parser.h"
#include "load-fragment.h"
#include "log.h"
+#include "ioprio.h"
+#include "securebits.h"
+#include "missing.h"
static int config_parse_deps(
const char *filename,
void *userdata) {
Service *s = data;
+ ServiceType x;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
- if (streq(rvalue, "forking"))
- s->type = SERVICE_FORKING;
- else if (streq(rvalue, "simple"))
- s->type = SERVICE_SIMPLE;
- else {
+ if ((x = service_type_from_string(rvalue)) < 0) {
log_error("[%s:%u] Failed to parse service type: %s", filename, line, rvalue);
return -EBADMSG;
}
+ s->type = x;
+
return 0;
}
void *userdata) {
Service *s = data;
+ ServiceRestart x;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
- if (streq(rvalue, "once"))
- s->restart = SERVICE_ONCE;
- else if (streq(rvalue, "on-success"))
- s->type = SERVICE_RESTART_ON_SUCCESS;
- else if (streq(rvalue, "always"))
- s->type = SERVICE_RESTART_ALWAYS;
- else {
- log_error("[%s:%u] Failed to parse service type: %s", filename, line, rvalue);
+ if ((x = service_restart_from_string(rvalue)) < 0) {
+ log_error("[%s:%u] Failed to parse service restart specifier: %s", filename, line, rvalue);
return -EBADMSG;
}
+ s->restart = x;
+
return 0;
}
void *data,
void *userdata) {
- ExecOutput *o = data;
+ ExecOutput *o = data, x;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
- if (streq(rvalue, "syslog"))
- *o = EXEC_SYSLOG;
- else if (streq(rvalue, "null"))
- *o = EXEC_NULL;
- else if (streq(rvalue, "syslog"))
- *o = EXEC_SYSLOG;
- else if (streq(rvalue, "kernel"))
- *o = EXEC_KERNEL;
- else {
- log_error("[%s:%u] Failed to parse log output: %s", filename, line, rvalue);
+ if ((x = exec_output_from_string(rvalue)) < 0) {
+ log_error("[%s:%u] Failed to parse output specifier: %s", filename, line, rvalue);
return -EBADMSG;
}
+ *o = x;
+
+ return 0;
+}
+
+int config_parse_input(
+ const char *filename,
+ unsigned line,
+ const char *section,
+ const char *lvalue,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ ExecInput *i = data, x;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ if ((x = exec_input_from_string(rvalue)) < 0) {
+ log_error("[%s:%u] Failed to parse input specifier: %s", filename, line, rvalue);
+ return -EBADMSG;
+ }
+
+ *i = x;
+
return 0;
}
void *data,
void *userdata) {
- static const char * const table[LOG_NFACILITIES] = {
- [LOG_FAC(LOG_KERN)] = "kern",
- [LOG_FAC(LOG_USER)] = "user",
- [LOG_FAC(LOG_MAIL)] = "mail",
- [LOG_FAC(LOG_DAEMON)] = "daemon",
- [LOG_FAC(LOG_AUTH)] = "auth",
- [LOG_FAC(LOG_SYSLOG)] = "syslog",
- [LOG_FAC(LOG_LPR)] = "lpr",
- [LOG_FAC(LOG_NEWS)] = "news",
- [LOG_FAC(LOG_UUCP)] = "uucp",
- [LOG_FAC(LOG_CRON)] = "cron",
- [LOG_FAC(LOG_AUTHPRIV)] = "authpriv",
- [LOG_FAC(LOG_FTP)] = "ftp",
- [LOG_FAC(LOG_LOCAL0)] = "local0",
- [LOG_FAC(LOG_LOCAL1)] = "local1",
- [LOG_FAC(LOG_LOCAL2)] = "local2",
- [LOG_FAC(LOG_LOCAL3)] = "local3",
- [LOG_FAC(LOG_LOCAL4)] = "local4",
- [LOG_FAC(LOG_LOCAL5)] = "local5",
- [LOG_FAC(LOG_LOCAL6)] = "local6",
- [LOG_FAC(LOG_LOCAL7)] = "local7"
- };
- ExecOutput *o = data;
- int i;
+ int *o = data, x;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
- for (i = 0; i < (int) ELEMENTSOF(table); i++)
- if (streq(rvalue, table[i])) {
- *o = LOG_MAKEPRI(i, LOG_PRI(*o));
- break;
+ if ((x = log_facility_from_string(rvalue)) < 0)
+
+ /* Second try, let's see if this is a number. */
+ if (safe_atoi(rvalue, &x) < 0 || !log_facility_to_string(x)) {
+ log_error("[%s:%u] Failed to parse log facility: %s", filename, line, rvalue);
+ return -EBADMSG;
}
- if (i >= (int) ELEMENTSOF(table)) {
+ *o = LOG_MAKEPRI(x, LOG_PRI(*o));
+
+ return 0;
+}
+
+int config_parse_level(
+ const char *filename,
+ unsigned line,
+ const char *section,
+ const char *lvalue,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+
+ int *o = data, x;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ if ((x = log_level_from_string(rvalue)) < 0)
/* Second try, let's see if this is a number. */
- if (safe_atoi(rvalue, &i) >= 0 &&
- i >= 0 &&
- i < (int) ELEMENTSOF(table))
- *o = LOG_MAKEPRI(i, LOG_PRI(*o));
- else {
- log_error("[%s:%u] Failed to parse log output: %s", filename, line, rvalue);
+ if (safe_atoi(rvalue, &x) < 0 || !log_level_to_string(x)) {
+ log_error("[%s:%u] Failed to parse log level: %s", filename, line, rvalue);
+ return -EBADMSG;
+ }
+
+ *o = LOG_MAKEPRI(LOG_FAC(*o), x);
+ return 0;
+}
+
+int config_parse_io_class(
+ const char *filename,
+ unsigned line,
+ const char *section,
+ const char *lvalue,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ ExecContext *c = data;
+ int x;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ if ((x = ioprio_class_from_string(rvalue)) < 0)
+
+ /* Second try, let's see if this is a number. */
+ if (safe_atoi(rvalue, &x) < 0 || !ioprio_class_to_string(x)) {
+ log_error("[%s:%u] Failed to parse IO scheduling class: %s", filename, line, rvalue);
return -EBADMSG;
}
+
+ c->ioprio = IOPRIO_PRIO_VALUE(x, IOPRIO_PRIO_DATA(c->ioprio));
+ c->ioprio_set = true;
+
+ return 0;
+}
+
+int config_parse_io_priority(
+ const char *filename,
+ unsigned line,
+ const char *section,
+ const char *lvalue,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ ExecContext *c = data;
+ int i;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ if (safe_atoi(rvalue, &i) < 0 || i < 0 || i >= IOPRIO_BE_NR) {
+ log_error("[%s:%u] Failed to parse io priority: %s", filename, line, rvalue);
+ return -EBADMSG;
}
+ c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_PRIO_CLASS(c->ioprio), i);
+ c->ioprio_set = true;
+
return 0;
}
-int config_parse_level(
+int config_parse_cpu_sched_policy(
const char *filename,
unsigned line,
const char *section,
void *data,
void *userdata) {
- static const char * const table[LOG_DEBUG+1] = {
- [LOG_EMERG] = "emerg",
- [LOG_ALERT] = "alert",
- [LOG_CRIT] = "crit",
- [LOG_ERR] = "err",
- [LOG_WARNING] = "warning",
- [LOG_NOTICE] = "notice",
- [LOG_INFO] = "info",
- [LOG_DEBUG] = "debug"
- };
- ExecOutput *o = data;
+ ExecContext *c = data;
+ int x;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ if ((x = sched_policy_from_string(rvalue)) < 0)
+
+ /* Second try, let's see if this is a number. */
+ if (safe_atoi(rvalue, &x) < 0 || !sched_policy_to_string(x)) {
+ log_error("[%s:%u] Failed to parse CPU scheduling policy: %s", filename, line, rvalue);
+ return -EBADMSG;
+ }
+
+ c->cpu_sched_policy = x;
+ c->cpu_sched_set = true;
+
+ return 0;
+}
+
+int config_parse_cpu_sched_prio(
+ const char *filename,
+ unsigned line,
+ const char *section,
+ const char *lvalue,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ ExecContext *c = data;
int i;
assert(filename);
assert(rvalue);
assert(data);
- for (i = 0; i < (int) ELEMENTSOF(table); i++)
- if (streq(rvalue, table[i])) {
- *o = LOG_MAKEPRI(LOG_FAC(*o), i);
- break;
+ /* On Linux RR/FIFO have the same range */
+ if (safe_atoi(rvalue, &i) < 0 || i < sched_get_priority_min(SCHED_RR) || i > sched_get_priority_max(SCHED_RR)) {
+ log_error("[%s:%u] Failed to parse CPU scheduling priority: %s", filename, line, rvalue);
+ return -EBADMSG;
+ }
+
+ c->cpu_sched_priority = i;
+ c->cpu_sched_set = true;
+
+ return 0;
+}
+
+int config_parse_cpu_affinity(
+ const char *filename,
+ unsigned line,
+ const char *section,
+ const char *lvalue,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ ExecContext *c = data;
+ char *w;
+ size_t l;
+ char *state;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ FOREACH_WORD(w, &l, rvalue, state) {
+ char *t;
+ int r;
+ unsigned cpu;
+
+ if (!(t = strndup(w, l)))
+ return -ENOMEM;
+
+ r = safe_atou(t, &cpu);
+ free(t);
+
+ if (r < 0 || cpu >= CPU_SETSIZE) {
+ log_error("[%s:%u] Failed to parse CPU affinity: %s", filename, line, rvalue);
+ return -EBADMSG;
}
- if (i >= LOG_NFACILITIES) {
+ CPU_SET(cpu, &c->cpu_affinity);
+ }
+
+ c->cpu_affinity_set = true;
- /* Second try, let's see if this is a number. */
- if (safe_atoi(rvalue, &i) >= 0 &&
- i >= 0 &&
- i < (int) ELEMENTSOF(table))
- *o = LOG_MAKEPRI(LOG_FAC(*o), i);
+ return 0;
+}
+
+int config_parse_capabilities(
+ const char *filename,
+ unsigned line,
+ const char *section,
+ const char *lvalue,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ ExecContext *c = data;
+ cap_t cap;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ if (!(cap = cap_from_text(rvalue))) {
+ if (errno == ENOMEM)
+ return -ENOMEM;
+
+ log_error("[%s:%u] Failed to parse capabilities: %s", filename, line, rvalue);
+ return -EBADMSG;
+ }
+
+ if (c->capabilities)
+ cap_free(c->capabilities);
+ c->capabilities = cap;
+
+ return 0;
+}
+
+int config_parse_secure_bits(
+ const char *filename,
+ unsigned line,
+ const char *section,
+ const char *lvalue,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ ExecContext *c = data;
+ char *w;
+ size_t l;
+ char *state;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ FOREACH_WORD(w, &l, rvalue, state) {
+ if (first_word(w, "keep-caps"))
+ c->secure_bits |= SECURE_KEEP_CAPS;
+ else if (first_word(w, "keep-caps-locked"))
+ c->secure_bits |= SECURE_KEEP_CAPS_LOCKED;
+ else if (first_word(w, "no-setuid-fixup"))
+ c->secure_bits |= SECURE_NO_SETUID_FIXUP;
+ else if (first_word(w, "no-setuid-fixup-locked"))
+ c->secure_bits |= SECURE_NO_SETUID_FIXUP_LOCKED;
+ else if (first_word(w, "noroot"))
+ c->secure_bits |= SECURE_NOROOT;
+ else if (first_word(w, "noroot-locked"))
+ c->secure_bits |= SECURE_NOROOT_LOCKED;
else {
- log_error("[%s:%u] Failed to parse log output: %s", filename, line, rvalue);
+ log_error("[%s:%u] Failed to parse secure bits: %s", filename, line, rvalue);
+ return -EBADMSG;
+ }
+ }
+
+ return 0;
+}
+
+int config_parse_bounding_set(
+ const char *filename,
+ unsigned line,
+ const char *section,
+ const char *lvalue,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ ExecContext *c = data;
+ char *w;
+ size_t l;
+ char *state;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ FOREACH_WORD(w, &l, rvalue, state) {
+ char *t;
+ int r;
+ cap_value_t cap;
+
+ if (!(t = strndup(w, l)))
+ return -ENOMEM;
+
+ r = cap_from_name(t, &cap);
+ free(t);
+
+ if (r < 0) {
+ log_error("[%s:%u] Failed to parse capability bounding set: %s", filename, line, rvalue);
return -EBADMSG;
}
+
+ c->capability_bounding_set_drop |= 1 << cap;
+ }
+
+ return 0;
+}
+
+static int config_parse_timer_slack_ns(
+ const char *filename,
+ unsigned line,
+ const char *section,
+ const char *lvalue,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ ExecContext *c = data;
+ unsigned long u;
+ int r;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ if ((r = safe_atolu(rvalue, &u)) < 0) {
+ log_error("[%s:%u] Failed to parse time slack value: %s", filename, line, rvalue);
+ return r;
}
+ c->timer_slack_ns = u;
+
+ return 0;
+}
+
+static int config_parse_limit(
+ const char *filename,
+ unsigned line,
+ const char *section,
+ const char *lvalue,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ struct rlimit **rl = data;
+ unsigned long long u;
+ int r;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ if ((r = safe_atollu(rvalue, &u)) < 0) {
+ log_error("[%s:%u] Failed to parse resource value: %s", filename, line, rvalue);
+ return r;
+ }
+
+ if (!*rl)
+ if (!(*rl = new(struct rlimit, 1)))
+ return -ENOMEM;
+
+ (*rl)->rlim_cur = (*rl)->rlim_max = (rlim_t) u;
return 0;
}
};
#define EXEC_CONTEXT_CONFIG_ITEMS(context, section) \
- { "Directory", config_parse_path, &(context).directory, section }, \
+ { "WorkingDirectory", config_parse_path, &(context).working_directory, section }, \
+ { "RootDirectory", config_parse_path, &(context).root_directory, section }, \
{ "User", config_parse_string, &(context).user, section }, \
{ "Group", config_parse_string, &(context).group, section }, \
{ "SupplementaryGroups", config_parse_strv, &(context).supplementary_groups, section }, \
{ "Nice", config_parse_nice, &(context), section }, \
{ "OOMAdjust", config_parse_oom_adjust, &(context), section }, \
+ { "IOSchedulingClass", config_parse_io_class, &(context), section }, \
+ { "IOSchedulingPriority", config_parse_io_priority, &(context), section }, \
+ { "CPUSchedulingPolicy", config_parse_cpu_sched_policy,&(context), section }, \
+ { "CPUSchedulingPriority", config_parse_cpu_sched_prio, &(context), section }, \
+ { "CPUAffinity", config_parse_cpu_affinity, &(context), section }, \
{ "UMask", config_parse_umask, &(context).umask, section }, \
{ "Environment", config_parse_strv, &(context).environment, section }, \
{ "Output", config_parse_output, &(context).output, section }, \
+ { "Input", config_parse_input, &(context).input, section }, \
{ "SyslogIdentifier", config_parse_string, &(context).syslog_identifier, section }, \
{ "SyslogFacility", config_parse_facility, &(context).syslog_priority, section }, \
- { "SyslogLevel", config_parse_level, &(context).syslog_priority, section }
+ { "SyslogLevel", config_parse_level, &(context).syslog_priority, section }, \
+ { "Capabilities", config_parse_capabilities, &(context), section }, \
+ { "SecureBits", config_parse_secure_bits, &(context), section }, \
+ { "CapabilityBoundingSetDrop", config_parse_bounding_set, &(context), section }, \
+ { "TimerSlackNS", config_parse_timer_slack_ns, &(context), section }, \
+ { "LimitCPU", config_parse_limit, &(context).rlimit[RLIMIT_CPU], section }, \
+ { "LimitFSIZE", config_parse_limit, &(context).rlimit[RLIMIT_FSIZE], section }, \
+ { "LimitDATA", config_parse_limit, &(context).rlimit[RLIMIT_DATA], section }, \
+ { "LimitSTACK", config_parse_limit, &(context).rlimit[RLIMIT_STACK], section }, \
+ { "LimitCORE", config_parse_limit, &(context).rlimit[RLIMIT_CORE], section }, \
+ { "LimitRSS", config_parse_limit, &(context).rlimit[RLIMIT_RSS], section }, \
+ { "LimitNOFILE", config_parse_limit, &(context).rlimit[RLIMIT_NOFILE], section }, \
+ { "LimitAS", config_parse_limit, &(context).rlimit[RLIMIT_AS], section }, \
+ { "LimitNPROC", config_parse_limit, &(context).rlimit[RLIMIT_NPROC], section }, \
+ { "LimitMEMLOCK", config_parse_limit, &(context).rlimit[RLIMIT_MEMLOCK], section }, \
+ { "LimitLOCKS", config_parse_limit, &(context).rlimit[RLIMIT_LOCKS], section }, \
+ { "LimitSIGPENDING", config_parse_limit, &(context).rlimit[RLIMIT_SIGPENDING], section }, \
+ { "LimitMSGQUEUE", config_parse_limit, &(context).rlimit[RLIMIT_MSGQUEUE], section }, \
+ { "LimitNICE", config_parse_limit, &(context).rlimit[RLIMIT_NICE], section }, \
+ { "LimitRTPRIO", config_parse_limit, &(context).rlimit[RLIMIT_RTPRIO], section }, \
+ { "LimitRTTIME", config_parse_limit, &(context).rlimit[RLIMIT_RTTIME], section }
const ConfigItem items[] = {
{ "Names", config_parse_names, u, "Meta" },
{ "Conflicts", config_parse_deps, UINT_TO_PTR(UNIT_CONFLICTS), "Meta" },
{ "Before", config_parse_deps, UINT_TO_PTR(UNIT_BEFORE), "Meta" },
{ "After", config_parse_deps, UINT_TO_PTR(UNIT_AFTER), "Meta" },
+ { "RecursiveStop", config_parse_bool, &u->meta.recursive_stop, "Meta" },
+ { "StopWhenUnneeded", config_parse_bool, &u->meta.stop_when_unneeded, "Meta" },
{ "PIDFile", config_parse_path, &u->service.pid_file, "Service" },
{ "ExecStartPre", config_parse_exec, u->service.exec_command+SERVICE_EXEC_START_PRE, "Service" },
goto finish;
+ if (id == k)
+ unit_choose_id(u, id);
free(k);
}
- unit_choose_id(u, id);
free(u->meta.load_path);
u->meta.load_path = filename;
c = NULL;
if (r >= 0 && c &&
- (c->output == EXEC_KERNEL || c->output == EXEC_SYSLOG)) {
+ (c->output == EXEC_OUTPUT_KERNEL || c->output == EXEC_OUTPUT_SYSLOG)) {
int k;
/* If syslog or kernel logging is requested, make sure
* our own logging daemon is run first. */
- if ((k = unit_add_dependency(u, UNIT_AFTER, u->meta.manager->special_units[SPECIAL_LOGGER_SOCKET])) < 0)
+ if ((k = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_LOGGER_SOCKET)) < 0)
return k;
- if ((k = unit_add_dependency(u, UNIT_REQUIRES, u->meta.manager->special_units[SPECIAL_LOGGER_SOCKET])) < 0)
+ if ((k = unit_add_dependency_by_name(u, UNIT_REQUIRES, SPECIAL_LOGGER_SOCKET)) < 0)
return k;
}