#include "seccomp-util.h"
#endif
-#if !defined(HAVE_SYSV_COMPAT) || !defined(HAVE_SECCOMP) || !defined(HAVE_LIBWRAP) || !defined(HAVE_PAM) || !defined(HAVE_SELINUX) || !defined(HAVE_SMACK) || !defined(HAVE_APPARMOR)
+#if !defined(HAVE_SYSV_COMPAT) || !defined(HAVE_SECCOMP) || !defined(HAVE_PAM) || !defined(HAVE_SELINUX) || !defined(HAVE_SMACK) || !defined(HAVE_APPARMOR)
int config_parse_warn_compat(
const char *unit,
const char *filename,
}
#endif
-int config_parse_unit_deps(const char* unit,
+int config_parse_unit_deps(const char *unit,
const char *filename,
unsigned line,
const char *section,
UnitDependency d = ltype;
Unit *u = userdata;
- char *w;
+ const char *word, *state;
size_t l;
- char *state;
assert(filename);
assert(lvalue);
assert(rvalue);
- FOREACH_WORD_QUOTED(w, l, rvalue, state) {
+ FOREACH_WORD_QUOTED(word, l, rvalue, state) {
_cleanup_free_ char *t = NULL, *k = NULL;
int r;
- t = strndup(w, l);
+ t = strndup(word, l);
if (!t)
return log_oom();
log_syntax(unit, LOG_ERR, filename, line, -r,
"Failed to add dependency on %s, ignoring: %s", k, strerror(-r));
}
+ if (!isempty(state))
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Invalid syntax, ignoring.");
return 0;
}
void *data,
void *userdata) {
- Unit *u = userdata;
_cleanup_free_ char *k = NULL;
+ Unit *u = userdata;
int r;
assert(filename);
assert(u);
r = unit_full_printf(u, rvalue, &k);
- if (r < 0)
- log_syntax(unit, LOG_ERR, filename, line, -r,
- "Failed to resolve unit specifiers on %s, ignoring: %s", rvalue, strerror(-r));
+ if (r < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, -r, "Failed to resolve unit specifiers on %s, ignoring: %s", rvalue, strerror(-r));
+ return 0;
+ }
- return config_parse_path(unit, filename, line, section, section_line, lvalue, ltype,
- k ? k : rvalue, data, userdata);
+ return config_parse_path(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
+}
+
+int config_parse_unit_path_strv_printf(
+ const char *unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ char ***x = data;
+ const char *word, *state;
+ Unit *u = userdata;
+ size_t l;
+ int r;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(u);
+
+ FOREACH_WORD_QUOTED(word, l, rvalue, state) {
+ _cleanup_free_ char *k = NULL;
+ char t[l+1];
+
+ memcpy(t, word, l);
+ t[l] = 0;
+
+ r = unit_full_printf(u, t, &k);
+ if (r < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, -r, "Failed to resolve unit specifiers on %s, ignoring: %s", t, strerror(-r));
+ return 0;
+ }
+
+ if (!utf8_is_valid(k)) {
+ log_invalid_utf8(unit, LOG_ERR, filename, line, EINVAL, rvalue);
+ return 0;
+ }
+
+ if (!path_is_absolute(k)) {
+ log_syntax(unit, LOG_ERR, filename, line, -r, "Symlink path %s is not absolute, ignoring: %s", k, strerror(-r));
+ return 0;
+ }
+
+ path_kill_slashes(k);
+
+ r = strv_push(x, k);
+ if (r < 0)
+ return log_oom();
+
+ k = NULL;
+ }
+ if (!isempty(state))
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Invalid syntax, ignoring.");
+
+ return 0;
}
int config_parse_socket_listen(const char *unit,
void *data,
void *userdata) {
- SocketPort *p, *tail;
+ _cleanup_free_ SocketPort *p = NULL;
+ SocketPort *tail;
Socket *s;
int r;
r = unit_full_printf(UNIT(s), rvalue, &p->path);
if (r < 0) {
p->path = strdup(rvalue);
- if (!p->path) {
- free(p);
+ if (!p->path)
return log_oom();
- } else
+ else
log_syntax(unit, LOG_ERR, filename, line, -r,
"Failed to resolve unit specifiers on %s, ignoring: %s", rvalue, strerror(-r));
}
log_syntax(unit, LOG_ERR, filename, line, -r,
"Failed to resolve unit specifiers on %s, ignoring: %s", rvalue, strerror(-r));
- r = socket_address_parse_netlink(&p->address, k ? k : rvalue);
+ r = socket_address_parse_netlink(&p->address, k ?: rvalue);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, -r,
"Failed to parse address value, ignoring: %s", rvalue);
- free(p);
return 0;
}
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, -r,
"Failed to parse address value, ignoring: %s", rvalue);
- free(p);
return 0;
}
if (socket_address_family(&p->address) != AF_LOCAL && p->address.type == SOCK_SEQPACKET) {
log_syntax(unit, LOG_ERR, filename, line, ENOTSUP,
"Address family not supported, ignoring: %s", rvalue);
- free(p);
return 0;
}
}
LIST_INSERT_AFTER(port, s->ports, tail, p);
} else
LIST_PREPEND(port, s->ports, p);
+ p = NULL;
return 0;
}
* overriding of argv[0]. */
for (;;) {
int i;
- char *w;
+ const char *word, *state;
size_t l;
- char *state;
bool honour_argv0 = false, ignore = false;
path = NULL;
}
k = 0;
- FOREACH_WORD_QUOTED(w, l, rvalue, state) {
- if (strneq(w, ";", MAX(l, 1U)))
- break;
+ FOREACH_WORD_QUOTED(word, l, rvalue, state) {
+ if (strneq(word, ";", MAX(l, 1U)))
+ goto found;
k++;
}
+ if (!isempty(state)) {
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Trailing garbage, ignoring.");
+ return 0;
+ }
+ found:
n = new(char*, k + !honour_argv0);
if (!n)
return log_oom();
k = 0;
- FOREACH_WORD_QUOTED(w, l, rvalue, state) {
- if (strneq(w, ";", MAX(l, 1U)))
+ FOREACH_WORD_QUOTED(word, l, rvalue, state) {
+ if (strneq(word, ";", MAX(l, 1U)))
break;
- else if (strneq(w, "\\;", MAX(l, 1U)))
- w ++;
+ else if (strneq(word, "\\;", MAX(l, 1U)))
+ word ++;
- if (honour_argv0 && w == rvalue) {
+ if (honour_argv0 && word == rvalue) {
assert(!path);
- path = strndup(w, l);
+ path = strndup(word, l);
if (!path) {
r = log_oom();
goto fail;
} else {
char *c;
- c = n[k++] = cunescape_length(w, l);
+ c = n[k++] = cunescape_length(word, l);
if (!c) {
r = log_oom();
goto fail;
void *userdata) {
ExecContext *c = data;
- char *w;
+ const char *word, *state;
size_t l;
- char *state;
assert(filename);
assert(lvalue);
return 0;
}
- FOREACH_WORD_QUOTED(w, l, rvalue, state) {
+ FOREACH_WORD_QUOTED(word, l, rvalue, state) {
_cleanup_free_ char *t = NULL;
int r;
unsigned cpu;
- t = strndup(w, l);
+ t = strndup(word, l);
if (!t)
return log_oom();
CPU_SET_S(cpu, CPU_ALLOC_SIZE(c->cpuset_ncpus), c->cpuset);
}
+ if (!isempty(state))
+ log_syntax(unit, LOG_WARNING, filename, line, EINVAL,
+ "Trailing garbage, ignoring.");
return 0;
}
void *userdata) {
ExecContext *c = data;
- char *w;
size_t l;
- char *state;
+ const char *word, *state;
assert(filename);
assert(lvalue);
return 0;
}
- FOREACH_WORD_QUOTED(w, l, rvalue, state) {
- if (first_word(w, "keep-caps"))
+ FOREACH_WORD_QUOTED(word, l, rvalue, state) {
+ if (first_word(word, "keep-caps"))
c->secure_bits |= 1<<SECURE_KEEP_CAPS;
- else if (first_word(w, "keep-caps-locked"))
+ else if (first_word(word, "keep-caps-locked"))
c->secure_bits |= 1<<SECURE_KEEP_CAPS_LOCKED;
- else if (first_word(w, "no-setuid-fixup"))
+ else if (first_word(word, "no-setuid-fixup"))
c->secure_bits |= 1<<SECURE_NO_SETUID_FIXUP;
- else if (first_word(w, "no-setuid-fixup-locked"))
+ else if (first_word(word, "no-setuid-fixup-locked"))
c->secure_bits |= 1<<SECURE_NO_SETUID_FIXUP_LOCKED;
- else if (first_word(w, "noroot"))
+ else if (first_word(word, "noroot"))
c->secure_bits |= 1<<SECURE_NOROOT;
- else if (first_word(w, "noroot-locked"))
+ else if (first_word(word, "noroot-locked"))
c->secure_bits |= 1<<SECURE_NOROOT_LOCKED;
else {
log_syntax(unit, LOG_ERR, filename, line, EINVAL,
return 0;
}
}
+ if (!isempty(state))
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Invalid syntax, garbage at the end, ignoring.");
return 0;
}
void *userdata) {
uint64_t *capability_bounding_set_drop = data;
- char *w;
+ const char *word, *state;
size_t l;
- char *state;
bool invert = false;
uint64_t sum = 0;
* non-inverted everywhere to have a fully normalized
* interface. */
- FOREACH_WORD_QUOTED(w, l, rvalue, state) {
+ FOREACH_WORD_QUOTED(word, l, rvalue, state) {
_cleanup_free_ char *t = NULL;
int r;
cap_value_t cap;
- t = strndup(w, l);
+ t = strndup(word, l);
if (!t)
return log_oom();
sum |= ((uint64_t) 1ULL) << (uint64_t) cap;
}
+ if (!isempty(state))
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Trailing garbage, ignoring.");
if (invert)
*capability_bounding_set_drop |= sum;
void *userdata) {
ExecContext *c = data;
- char *w;
+ const char *word, *state;
size_t l;
- char *state;
unsigned long flags = 0;
assert(filename);
assert(rvalue);
assert(data);
- FOREACH_WORD_SEPARATOR(w, l, rvalue, ", ", state) {
+ FOREACH_WORD_SEPARATOR(word, l, rvalue, ", ", state) {
_cleanup_free_ char *t;
- t = strndup(w, l);
+ t = strndup(word, l);
if (!t)
return log_oom();
if (streq(t, "shared"))
- flags |= MS_SHARED;
+ flags = MS_SHARED;
else if (streq(t, "slave"))
- flags |= MS_SLAVE;
- else if (streq(w, "private"))
- flags |= MS_PRIVATE;
+ flags = MS_SLAVE;
+ else if (streq(word, "private"))
+ flags = MS_PRIVATE;
else {
log_syntax(unit, LOG_ERR, filename, line, EINVAL,
- "Failed to parse mount flag %s, ignoring: %s",
- t, rvalue);
+ "Failed to parse mount flag %s, ignoring: %s", t, rvalue);
return 0;
}
}
+ if (!isempty(state))
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Trailing garbage, ignoring.");
c->mount_flags = flags;
return 0;
r = unit_name_printf(u, rvalue, &k);
if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, -r, "Failed to resolve specifiers, ignoring: %s", strerror(-r));
+ log_syntax(unit, LOG_ERR, filename, line, -r,
+ "Failed to resolve specifiers, ignoring: %s", strerror(-r));
return 0;
}
r = unit_name_printf(u, rvalue, &k);
if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, -r, "Failed to resolve specifiers, ignoring: %s", strerror(-r));
+ log_syntax(unit, LOG_ERR, filename, line, -r,
+ "Failed to resolve specifiers, ignoring: %s", strerror(-r));
return 0;
}
TimerValue *v;
TimerBase b;
CalendarSpec *c = NULL;
- clockid_t id;
assert(filename);
assert(lvalue);
rvalue);
return 0;
}
-
- id = CLOCK_REALTIME;
} else {
if (parse_sec(rvalue, &u) < 0) {
log_syntax(unit, LOG_ERR, filename, line, EINVAL,
rvalue);
return 0;
}
-
- id = CLOCK_MONOTONIC;
}
v = new0(TimerValue, 1);
- if (!v)
+ if (!v) {
+ calendar_spec_free(c);
return log_oom();
+ }
v->base = b;
- v->clock_id = id;
v->value = u;
v->calendar_spec = c;
r = unit_name_printf(UNIT(s), rvalue, &p);
if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, -r, "Failed to resolve specifiers, ignoring: %s", rvalue);
+ log_syntax(unit, LOG_ERR, filename, line, -r,
+ "Failed to resolve specifiers, ignoring: %s", rvalue);
return 0;
}
if (!endswith(p, ".service")) {
- log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Unit must be of type service, ignoring: %s", rvalue);
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Unit must be of type service, ignoring: %s", rvalue);
return 0;
}
r = manager_load_unit(UNIT(s)->manager, p, NULL, &error, &x);
if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, r, "Failed to load unit %s, ignoring: %s", rvalue, bus_error_message(&error, r));
+ log_syntax(unit, LOG_ERR, filename, line, -r,
+ "Failed to load unit %s, ignoring: %s", rvalue, bus_error_message(&error, r));
return 0;
}
Service *s = data;
int r;
- char *state, *w;
+ const char *word, *state;
size_t l;
assert(filename);
assert(rvalue);
assert(data);
- FOREACH_WORD_QUOTED(w, l, rvalue, state) {
+ FOREACH_WORD_QUOTED(word, l, rvalue, state) {
_cleanup_free_ char *t = NULL, *k = NULL;
- t = strndup(w, l);
+ t = strndup(word, l);
if (!t)
return log_oom();
if (r < 0)
return r;
}
+ if (!isempty(state))
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Trailing garbage, ignoring.");
return 0;
}
r = unit_name_printf(UNIT(n), rvalue, &p);
if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, -r, "Failed to resolve specifiers, ignoring: %s", rvalue);
+ log_syntax(unit, LOG_ERR, filename, line, -r,
+ "Failed to resolve specifiers, ignoring: %s", rvalue);
return 0;
}
if (!endswith(p, ".service")) {
- log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Unit must be of type service, ignoring: %s", rvalue);
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Unit must be of type service, ignoring: %s", rvalue);
return 0;
}
r = manager_load_unit(UNIT(n)->manager, p, NULL, &error, &x);
if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, r, "Failed to load unit %s, ignoring: %s", rvalue, bus_error_message(&error, r));
+ log_syntax(unit, LOG_ERR, filename, line, -r,
+ "Failed to load unit %s, ignoring: %s", rvalue, bus_error_message(&error, r));
return 0;
}
return 0;
}
+DEFINE_CONFIG_PARSE_ENUM(config_parse_bus_policy_world, bus_policy_access, BusPolicyAccess, "Failed to parse bus name policy access");
+
int config_parse_bus_policy(
const char *unit,
const char *filename,
_cleanup_free_ char *id_str = NULL;
BusName *busname = data;
char *access_str;
- int r;
assert(filename);
assert(lvalue);
p->type = BUSNAME_POLICY_TYPE_USER;
else if (streq(lvalue, "AllowGroup"))
p->type = BUSNAME_POLICY_TYPE_GROUP;
- else if (streq(lvalue, "AllowWorld"))
- p->type = BUSNAME_POLICY_TYPE_WORLD;
else
assert_not_reached("Unknown lvalue");
if (!id_str)
return log_oom();
- if (p->type != BUSNAME_POLICY_TYPE_WORLD) {
- access_str = strchr(id_str, ' ');
- if (!access_str) {
- log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Invalid busname policy value '%s'", rvalue);
- return 0;
- }
-
- *access_str = '\0';
- access_str++;
-
- if (p->type == BUSNAME_POLICY_TYPE_USER) {
- const char *user = id_str;
-
- r = get_user_creds(&user, &p->uid, NULL, NULL, NULL);
- if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, r, "Unable to parse uid from '%s'", id_str);
- return 0;
- }
- } else {
- const char *group = id_str;
-
- r = get_group_creds(&group, &p->gid);
- if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, -errno, "Unable to parse gid from '%s'", id_str);
- return 0;
- }
- }
- } else {
- access_str = id_str;
+ access_str = strpbrk(id_str, WHITESPACE);
+ if (!access_str) {
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Invalid busname policy value '%s'", rvalue);
+ return 0;
}
- p->access = busname_policy_access_from_string(access_str);
+ *access_str = '\0';
+ access_str++;
+ access_str += strspn(access_str, WHITESPACE);
+
+ p->access = bus_policy_access_from_string(access_str);
if (p->access < 0) {
- log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Invalid busname policy access type '%s'", access_str);
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Invalid busname policy access type '%s'", access_str);
return 0;
}
+ p->name = id_str;
+ id_str = NULL;
+
LIST_PREPEND(policy, busname->policy, p);
p = NULL;
return 0;
}
+int config_parse_bus_endpoint_policy(
+ const char *unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ _cleanup_free_ char *name = NULL;
+ BusPolicyAccess access;
+ ExecContext *c = data;
+ char *access_str;
+ int r;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ name = strdup(rvalue);
+ if (!name)
+ return log_oom();
+
+ access_str = strpbrk(name, WHITESPACE);
+ if (!access_str) {
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Invalid endpoint policy value '%s'", rvalue);
+ return 0;
+ }
+
+ *access_str = '\0';
+ access_str++;
+ access_str += strspn(access_str, WHITESPACE);
+
+ access = bus_policy_access_from_string(access_str);
+ if (access <= _BUS_POLICY_ACCESS_INVALID ||
+ access >= _BUS_POLICY_ACCESS_MAX) {
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Invalid endpoint policy access type '%s'", access_str);
+ return 0;
+ }
+
+ if (!c->bus_endpoint) {
+ r = bus_endpoint_new(&c->bus_endpoint);
+
+ if (r < 0)
+ return r;
+ }
+
+ return bus_endpoint_add_policy(c->bus_endpoint, name, access);
+}
+
int config_parse_unit_env_file(const char *unit,
const char *filename,
unsigned line,
r = unit_full_printf(u, rvalue, &n);
if (r < 0)
- log_syntax(unit, LOG_ERR, filename, line, r,
+ log_syntax(unit, LOG_ERR, filename, line, -r,
"Failed to resolve specifiers, ignoring: %s", rvalue);
s = n ?: rvalue;
void *userdata) {
Unit *u = userdata;
- char*** env = data, *w, *state;
+ char*** env = data;
+ const char *word, *state;
size_t l;
_cleanup_free_ char *k = NULL;
int r;
if (!k)
return log_oom();
- FOREACH_WORD_QUOTED(w, l, k, state) {
+ FOREACH_WORD_QUOTED(word, l, k, state) {
_cleanup_free_ char *n;
char **x;
- n = cunescape_length(w, l);
+ n = cunescape_length(word, l);
if (!n)
return log_oom();
strv_free(*env);
*env = x;
}
+ if (!isempty(state))
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Trailing garbage, ignoring.");
return 0;
}
}
DEFINE_CONFIG_PARSE_ENUM(config_parse_notify_access, notify_access, NotifyAccess, "Failed to parse notify access specifier");
-DEFINE_CONFIG_PARSE_ENUM(config_parse_start_limit_action, start_limit_action, StartLimitAction, "Failed to parse start limit action specifier");
+DEFINE_CONFIG_PARSE_ENUM(config_parse_failure_action, failure_action, FailureAction, "Failed to parse failure action specifier");
int config_parse_unit_requires_mounts_for(
const char *unit,
void *userdata) {
Unit *u = userdata;
- char *state;
+ const char *word, *state;
size_t l;
- char *w;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
- FOREACH_WORD_QUOTED(w, l, rvalue, state) {
+ FOREACH_WORD_QUOTED(word, l, rvalue, state) {
int r;
_cleanup_free_ char *n;
- n = strndup(w, l);
+ n = strndup(word, l);
if (!n)
return log_oom();
r = unit_require_mounts_for(u, n);
if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, r,
+ log_syntax(unit, LOG_ERR, filename, line, -r,
"Failed to add required mount for, ignoring: %s", rvalue);
continue;
}
}
+ if (!isempty(state))
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Trailing garbage, ignoring.");
return 0;
}
ExecContext *c = data;
Unit *u = userdata;
bool invert = false;
- char *w, *state;
+ const char *word, *state;
size_t l;
int r;
}
if (!c->syscall_filter) {
- c->syscall_filter = set_new(trivial_hash_func, trivial_compare_func);
+ c->syscall_filter = set_new(NULL);
if (!c->syscall_filter)
return log_oom();
}
}
- FOREACH_WORD_QUOTED(w, l, rvalue, state) {
+ FOREACH_WORD_QUOTED(word, l, rvalue, state) {
_cleanup_free_ char *t = NULL;
int id;
- t = strndup(w, l);
+ t = strndup(word, l);
if (!t)
return log_oom();
id = seccomp_syscall_resolve_name(t);
if (id < 0) {
- log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Failed to parse system call, ignoring: %s", t);
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Failed to parse system call, ignoring: %s", t);
continue;
}
} else
set_remove(c->syscall_filter, INT_TO_PTR(id + 1));
}
+ if (!isempty(state))
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Trailing garbage, ignoring.");
/* Turn on NNP, but only if it wasn't configured explicitly
* before, and only if we are in user mode. */
void *userdata) {
Set **archs = data;
- char *w, *state;
+ const char *word, *state;
size_t l;
int r;
return 0;
}
- r = set_ensure_allocated(archs, trivial_hash_func, trivial_compare_func);
+ r = set_ensure_allocated(archs, NULL);
if (r < 0)
return log_oom();
- FOREACH_WORD_QUOTED(w, l, rvalue, state) {
+ FOREACH_WORD_QUOTED(word, l, rvalue, state) {
_cleanup_free_ char *t = NULL;
uint32_t a;
- t = strndup(w, l);
+ t = strndup(word, l);
if (!t)
return log_oom();
r = seccomp_arch_from_string(t, &a);
if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Failed to parse system call architecture, ignoring: %s", t);
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Failed to parse system call architecture, ignoring: %s", t);
continue;
}
if (r < 0)
return log_oom();
}
+ if (!isempty(state))
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Trailing garbage, ignoring.");
return 0;
}
e = errno_from_name(rvalue);
if (e < 0) {
- log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Failed to parse error number, ignoring: %s", rvalue);
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Failed to parse error number, ignoring: %s", rvalue);
return 0;
}
ExecContext *c = data;
Unit *u = userdata;
bool invert = false;
- char *w, *state;
+ const char *word, *state;
size_t l;
int r;
}
if (!c->address_families) {
- c->address_families = set_new(trivial_hash_func, trivial_compare_func);
+ c->address_families = set_new(NULL);
if (!c->address_families)
return log_oom();
c->address_families_whitelist = !invert;
}
- FOREACH_WORD_QUOTED(w, l, rvalue, state) {
+ FOREACH_WORD_QUOTED(word, l, rvalue, state) {
_cleanup_free_ char *t = NULL;
int af;
- t = strndup(w, l);
+ t = strndup(word, l);
if (!t)
return log_oom();
af = af_from_name(t);
if (af <= 0) {
- log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Failed to parse address family, ignoring: %s", t);
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Failed to parse address family, ignoring: %s", t);
continue;
}
} else
set_remove(c->address_families, INT_TO_PTR(af));
}
+ if (!isempty(state))
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Trailing garbage, ignoring.");
return 0;
}
void *data,
void *userdata) {
- CGroupContext *c = data;
- unsigned long lu;
+ unsigned long *shares = data, lu;
int r;
assert(filename);
assert(rvalue);
if (isempty(rvalue)) {
- c->cpu_shares = 1024;
+ *shares = (unsigned long) -1;
return 0;
}
return 0;
}
- c->cpu_shares = lu;
+ *shares = lu;
+ return 0;
+}
+
+int config_parse_cpu_quota(
+ const char *unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ CGroupContext *c = data;
+ double percent;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+
+ if (isempty(rvalue)) {
+ c->cpu_quota_per_sec_usec = USEC_INFINITY;
+ return 0;
+ }
+
+ if (!endswith(rvalue, "%")) {
+
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "CPU quota '%s' not ending in '%%'. Ignoring.", rvalue);
+ return 0;
+ }
+
+ if (sscanf(rvalue, "%lf%%", &percent) != 1 || percent <= 0) {
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "CPU quota '%s' invalid. Ignoring.", rvalue);
+ return 0;
+ }
+
+ c->cpu_quota_per_sec_usec = (usec_t) (percent * USEC_PER_SEC / 100);
+
return 0;
}
r = parse_size(rvalue, 1024, &bytes);
if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Memory limit '%s' invalid. Ignoring.", rvalue);
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Memory limit '%s' invalid. Ignoring.", rvalue);
return 0;
}
if (!startswith(path, "/dev/") &&
!startswith(path, "block-") &&
!startswith(path, "char-")) {
- log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Invalid device node path '%s'. Ignoring.", path);
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Invalid device node path '%s'. Ignoring.", path);
return 0;
}
m = "rwm";
if (!in_charset(m, "rwm")) {
- log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Invalid device rights '%s'. Ignoring.", m);
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Invalid device rights '%s'. Ignoring.", m);
return 0;
}
void *data,
void *userdata) {
- CGroupContext *c = data;
- unsigned long lu;
+ unsigned long *weight = data, lu;
int r;
assert(filename);
assert(rvalue);
if (isempty(rvalue)) {
- c->blockio_weight = 1000;
+ *weight = (unsigned long) -1;
return 0;
}
return 0;
}
- c->blockio_weight = lu;
-
+ *weight = lu;
return 0;
}
return 0;
}
-
w = new0(CGroupBlockIODeviceWeight, 1);
if (!w)
return log_oom();
r = parse_size(bandwidth, 1000, &bytes);
if (r < 0 || bytes <= 0) {
- log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Block IO Bandwidth '%s' invalid. Ignoring.", rvalue);
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Block IO Bandwidth '%s' invalid. Ignoring.", rvalue);
return 0;
}
r = parse_boolean(rvalue);
if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Failed to parse boolean, ignoring: %s", rvalue);
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Failed to parse boolean, ignoring: %s", rvalue);
return 0;
}
void *data,
void *userdata) {
- char***rt = data, *w, *state;
+ char***rt = data;
+ const char *word, *state;
size_t l;
int r;
return 0;
}
- FOREACH_WORD_QUOTED(w, l, rvalue, state) {
+ FOREACH_WORD_QUOTED(word, l, rvalue, state) {
_cleanup_free_ char *n;
- n = strndup(w, l);
+ n = strndup(word, l);
if (!n)
return log_oom();
if (!filename_is_safe(n)) {
- log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Runtime directory is not valid, ignoring assignment: %s", rvalue);
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Runtime directory is not valid, ignoring assignment: %s", rvalue);
continue;
}
n = NULL;
}
+ if (!isempty(state))
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Trailing garbage, ignoring.");
return 0;
}
void *data,
void *userdata) {
- char *w;
size_t l;
- char *state;
+ const char *word, *state;
int r;
ExitStatusSet *status_set = data;
assert(rvalue);
assert(data);
+ /* Empty assignment resets the list */
if (isempty(rvalue)) {
- /* Empty assignment resets the list */
-
- set_free(status_set->signal);
- set_free(status_set->code);
-
- status_set->signal = status_set->code = NULL;
+ exit_status_set_free(status_set);
return 0;
}
- FOREACH_WORD(w, l, rvalue, state) {
+ FOREACH_WORD(word, l, rvalue, state) {
_cleanup_free_ char *temp;
int val;
- temp = strndup(w, l);
+ temp = strndup(word, l);
if (!temp)
return log_oom();
if (r < 0) {
val = signal_from_string_try_harder(temp);
- if (val > 0) {
- r = set_ensure_allocated(&status_set->signal, trivial_hash_func, trivial_compare_func);
- if (r < 0)
- return log_oom();
-
- r = set_put(status_set->signal, INT_TO_PTR(val));
- if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, -r, "Unable to store: %s", w);
- return r;
- }
- } else {
- log_syntax(unit, LOG_ERR, filename, line, -val, "Failed to parse value, ignoring: %s", w);
+ if (val <= 0) {
+ log_syntax(unit, LOG_ERR, filename, line, -val,
+ "Failed to parse value, ignoring: %s", word);
return 0;
}
} else {
- if (val < 0 || val > 255)
- log_syntax(unit, LOG_ERR, filename, line, ERANGE, "Value %d is outside range 0-255, ignoring", val);
- else {
- r = set_ensure_allocated(&status_set->code, trivial_hash_func, trivial_compare_func);
- if (r < 0)
- return log_oom();
-
- r = set_put(status_set->code, INT_TO_PTR(val));
- if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, -r, "Unable to store: %s", w);
- return r;
- }
+ if (val < 0 || val > 255) {
+ log_syntax(unit, LOG_ERR, filename, line, ERANGE,
+ "Value %d is outside range 0-255, ignoring", val);
+ continue;
}
}
+
+ r = set_ensure_allocated(&status_set->status, NULL);
+ if (r < 0)
+ return log_oom();
+
+ r = set_put(status_set->status, INT_TO_PTR(val));
+ if (r < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, -r,
+ "Unable to store: %s", word);
+ return r;
+ }
}
+ if (!isempty(state))
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Trailing garbage, ignoring.");
return 0;
}
void *data,
void *userdata) {
- char*** sv = data, *w, *state;
+ char*** sv = data;
+ const char *word, *state;
size_t l;
int r;
return 0;
}
- FOREACH_WORD_QUOTED(w, l, rvalue, state) {
+ FOREACH_WORD_QUOTED(word, l, rvalue, state) {
_cleanup_free_ char *n;
int offset;
- n = strndup(w, l);
+ n = strndup(word, l);
if (!n)
return log_oom();
offset = n[0] == '-';
if (!path_is_absolute(n + offset)) {
- log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Not an absolute path, ignoring: %s", rvalue);
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Not an absolute path, ignoring: %s", rvalue);
continue;
}
n = NULL;
}
+ if (!isempty(state))
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL,
+ "Trailing garbage, ignoring.");
return 0;
}
-int config_parse_no_new_priviliges(
+int config_parse_no_new_privileges(
const char* unit,
const char *filename,
unsigned line,
k = parse_boolean(rvalue);
if (k < 0) {
- log_syntax(unit, LOG_ERR, filename, line, -k, "Failed to parse boolean value, ignoring: %s", rvalue);
+ log_syntax(unit, LOG_ERR, filename, line, -k,
+ "Failed to parse boolean value, ignoring: %s", rvalue);
return 0;
}
return 0;
}
+int config_parse_protect_home(
+ const char* unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ ExecContext *c = data;
+ int k;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ /* Our enum shall be a superset of booleans, hence first try
+ * to parse as as boolean, and then as enum */
+
+ k = parse_boolean(rvalue);
+ if (k > 0)
+ c->protect_home = PROTECT_HOME_YES;
+ else if (k == 0)
+ c->protect_home = PROTECT_HOME_NO;
+ else {
+ ProtectHome h;
+
+ h = protect_home_from_string(rvalue);
+ if (h < 0){
+ log_syntax(unit, LOG_ERR, filename, line, -h,
+ "Failed to parse protect home value, ignoring: %s", rvalue);
+ return 0;
+ }
+
+ c->protect_home = h;
+ }
+
+ return 0;
+}
+
+int config_parse_protect_system(
+ const char* unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ ExecContext *c = data;
+ int k;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ /* Our enum shall be a superset of booleans, hence first try
+ * to parse as as boolean, and then as enum */
+
+ k = parse_boolean(rvalue);
+ if (k > 0)
+ c->protect_system = PROTECT_SYSTEM_YES;
+ else if (k == 0)
+ c->protect_system = PROTECT_SYSTEM_NO;
+ else {
+ ProtectSystem s;
+
+ s = protect_system_from_string(rvalue);
+ if (s < 0){
+ log_syntax(unit, LOG_ERR, filename, line, -s,
+ "Failed to parse protect system value, ignoring: %s", rvalue);
+ return 0;
+ }
+
+ c->protect_system = s;
+ }
+
+ return 0;
+}
+
#define FOLLOW_MAX 8
static int open_follow(char **filename, FILE **_f, Set *names, char **_final) {
f = fdopen(fd, "re");
if (!f) {
r = -errno;
- close_nointr_nofail(fd);
+ safe_close(fd);
return r;
}
assert(u);
assert(path);
- symlink_names = set_new(string_hash_func, string_compare_func);
+ symlink_names = set_new(&string_hash_ops);
if (!symlink_names)
return -ENOMEM;
u->load_state = UNIT_LOADED;
/* Now, parse the file contents */
- r = config_parse(u->id, filename, f, UNIT_VTABLE(u)->sections,
- config_item_perf_lookup,
- (void*) load_fragment_gperf_lookup, false, true, u);
+ r = config_parse(u->id, filename, f,
+ UNIT_VTABLE(u)->sections,
+ config_item_perf_lookup, load_fragment_gperf_lookup,
+ false, true, false, u);
if (r < 0)
return r;
}
const ConfigParserCallback callback;
const char *rvalue;
} table[] = {
-#if !defined(HAVE_SYSV_COMPAT) || !defined(HAVE_SECCOMP) || !defined(HAVE_LIBWRAP) || !defined(HAVE_PAM) || !defined(HAVE_SELINUX) || !defined(HAVE_SMACK) || !defined(HAVE_APPARMOR)
+#if !defined(HAVE_SYSV_COMPAT) || !defined(HAVE_SECCOMP) || !defined(HAVE_PAM) || !defined(HAVE_SELINUX) || !defined(HAVE_SMACK) || !defined(HAVE_APPARMOR)
{ config_parse_warn_compat, "NOTSUPPORTED" },
#endif
{ config_parse_int, "INTEGER" },
{ config_parse_unit_slice, "SLICE" },
{ config_parse_documentation, "URL" },
{ config_parse_service_timeout, "SECONDS" },
- { config_parse_start_limit_action, "ACTION" },
+ { config_parse_failure_action, "ACTION" },
{ config_parse_set_status, "STATUS" },
{ config_parse_service_sockets, "SOCKETS" },
{ config_parse_environ, "ENVIRON" },