#include "selinux-setup.h"
#include "ima-setup.h"
#include "smack-setup.h"
-#ifdef HAVE_KMOD
#include "kmod-setup.h"
-#endif
static enum {
ACTION_RUN,
static bool arg_default_cpu_accounting = false;
static bool arg_default_blockio_accounting = false;
static bool arg_default_memory_accounting = false;
-static usec_t arg_start_timeout_usec = DEFAULT_MANAGER_START_TIMEOUT_USEC;
-static FailureAction arg_start_timeout_action = FAILURE_ACTION_POWEROFF_FORCE;
-static char *arg_start_timeout_reboot_arg = NULL;
static void nop_handler(int sig) {}
/* Pass this on immediately, if this is not PID 1 */
raise(sig);
else if (!arg_dump_core)
- log_error("Caught <%s>, not dumping core.", signal_to_string(sig));
+ log_emergency("Caught <%s>, not dumping core.", signal_to_string(sig));
else {
struct sigaction sa = {
.sa_handler = nop_handler,
pid = fork();
if (pid < 0)
- log_error("Caught <%s>, cannot fork for core dump: %m", signal_to_string(sig));
+ log_emergency("Caught <%s>, cannot fork for core dump: %m", signal_to_string(sig));
else if (pid == 0) {
struct rlimit rl = {};
/* Order things nicely. */
r = wait_for_terminate(pid, &status);
if (r < 0)
- log_error("Caught <%s>, waitpid() failed: %s", signal_to_string(sig), strerror(-r));
+ log_emergency("Caught <%s>, waitpid() failed: %s", signal_to_string(sig), strerror(-r));
else if (status.si_code != CLD_DUMPED)
- log_error("Caught <%s>, core dump failed.", signal_to_string(sig));
+ log_emergency("Caught <%s>, core dump failed.", signal_to_string(sig));
else
- log_error("Caught <%s>, dumped core as pid "PID_FMT".", signal_to_string(sig), pid);
+ log_emergency("Caught <%s>, dumped core as pid "PID_FMT".", signal_to_string(sig), pid);
}
}
pid = fork();
if (pid < 0)
- log_error("Failed to fork off crash shell: %m");
+ log_emergency("Failed to fork off crash shell: %m");
else if (pid == 0) {
make_console_stdio();
execl("/bin/sh", "/bin/sh", NULL);
- log_error("execl() failed: %m");
+ log_emergency("execl() failed: %m");
_exit(1);
}
log_info("Successfully spawned crash shell as pid "PID_FMT".", pid);
}
- log_info("Freezing execution.");
+ log_emergency("Freezing execution.");
freeze();
}
if (c) {
if (sched_setaffinity(0, CPU_ALLOC_SIZE(ncpus), c) < 0)
- log_warning_unit(unit, "Failed to set CPU affinity: %m");
+ log_unit_warning(unit, "Failed to set CPU affinity: %m");
CPU_FREE(c);
}
{ "Manager", "DefaultCPUAccounting", config_parse_bool, 0, &arg_default_cpu_accounting },
{ "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_default_blockio_accounting },
{ "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_default_memory_accounting },
- { "Manager", "StartTimeoutSec", config_parse_sec, 0, &arg_start_timeout_usec },
- { "Manager", "StartTimeoutAction", config_parse_failure_action, 0, &arg_start_timeout_action },
- { "Manager", "StartTimeoutRebootArgument",config_parse_string, 0, &arg_start_timeout_reboot_arg },
{}
};
bool empty_etc = false;
char *switch_root_dir = NULL, *switch_root_init = NULL;
static struct rlimit saved_rlimit_nofile = { 0, 0 };
+ const char *error_message = NULL;
#ifdef HAVE_SYSV_COMPAT
if (getpid() != 1 && strstr(program_invocation_short_name, "init")) {
if (!skip_setup) {
mount_setup_early();
dual_timestamp_get(&security_start_timestamp);
- if (selinux_setup(&loaded_policy) < 0)
+ if (mac_selinux_setup(&loaded_policy) < 0) {
+ error_message = "Failed to load SELinux policy";
goto finish;
- if (ima_setup() < 0)
+ } else if (ima_setup() < 0) {
+ error_message = "Failed to load IMA policy";
goto finish;
- if (smack_setup(&loaded_policy) < 0)
+ } else if (mac_smack_setup(&loaded_policy) < 0) {
+ error_message = "Failed to load SMACK policy";
goto finish;
+ }
dual_timestamp_get(&security_finish_timestamp);
}
- if (label_init(NULL) < 0)
+ if (mac_selinux_init(NULL) < 0) {
+ error_message = "Failed to initialize SELinux policy";
goto finish;
+ }
if (!skip_setup) {
if (clock_is_localtime() > 0) {
/* Initialize default unit */
r = set_default_unit(SPECIAL_DEFAULT_TARGET);
if (r < 0) {
- log_error("Failed to set default unit %s: %s", SPECIAL_DEFAULT_TARGET, strerror(-r));
+ log_emergency("Failed to set default unit %s: %s", SPECIAL_DEFAULT_TARGET, strerror(-r));
+ error_message = "Failed to set default unit";
goto finish;
}
r = initialize_join_controllers();
- if (r < 0)
+ if (r < 0) {
+ error_message = "Failed to initalize cgroup controllers";
goto finish;
+ }
/* Mount /proc, /sys and friends, so that /proc/cmdline and
* /proc/$PID/fd is available. */
if (getpid() == 1) {
+
+ /* Load the kernel modules early, so that we kdbus.ko is loaded before kdbusfs shall be mounted */
+ if (!skip_setup)
+ kmod_setup();
+
r = mount_setup(loaded_policy);
- if (r < 0)
+ if (r < 0) {
+ error_message = "Failed to mount API filesystems";
goto finish;
+ }
}
/* Reset all signal handlers. */
ignore_signals(SIGNALS_IGNORE, -1);
- if (parse_config_file() < 0)
+ if (parse_config_file() < 0) {
+ error_message = "Failed to parse config file";
goto finish;
+ }
- if (arg_running_as == SYSTEMD_SYSTEM)
- if (parse_proc_cmdline(parse_proc_cmdline_item) < 0)
- goto finish;
+ if (arg_running_as == SYSTEMD_SYSTEM) {
+ r = parse_proc_cmdline(parse_proc_cmdline_item);
+ if (r < 0)
+ log_warning("Failed to parse kernel command line, ignoring: %s", strerror(-r));
+ }
/* Note that this also parses bits from the kernel command
* line, including "debug". */
log_parse_environment();
- if (parse_argv(argc, argv) < 0)
+ if (parse_argv(argc, argv) < 0) {
+ error_message = "Failed to parse commandline arguments";
goto finish;
+ }
if (arg_action == ACTION_TEST &&
geteuid() == 0) {
/* Remember open file descriptors for later deserialization */
r = fdset_new_fill(&fds);
if (r < 0) {
- log_error("Failed to allocate fd set: %s", strerror(-r));
+ log_emergency("Failed to allocate fd set: %s", strerror(-r));
+ error_message = "Failed to allocate fd set";
goto finish;
} else
fdset_cloexec(fds, true);
if (arg_show_status > 0 || plymouth_running())
status_welcome();
-#ifdef HAVE_KMOD
- kmod_setup();
-#endif
hostname_setup();
machine_id_setup(NULL);
loopback_setup();
if (arg_capability_bounding_set_drop) {
r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop);
if (r < 0) {
- log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r));
+ log_emergency("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r));
+ error_message = "Failed to drop capability bounding set of usermode helpers";
goto finish;
}
r = capability_bounding_set_drop(arg_capability_bounding_set_drop, true);
if (r < 0) {
- log_error("Failed to drop capability bounding set: %s", strerror(-r));
+ log_emergency("Failed to drop capability bounding set: %s", strerror(-r));
+ error_message = "Failed to drop capability bounding set";
goto finish;
}
}
if (arg_syscall_archs) {
r = enforce_syscall_archs(arg_syscall_archs);
- if (r < 0)
+ if (r < 0) {
+ error_message = "Failed to set syscall architectures";
goto finish;
+ }
}
if (arg_running_as == SYSTEMD_USER) {
r = manager_new(arg_running_as, arg_action == ACTION_TEST, &m);
if (r < 0) {
- log_error("Failed to allocate manager object: %s", strerror(-r));
+ log_emergency("Failed to allocate manager object: %s", strerror(-r));
+ error_message = "Failed to allocate manager object";
goto finish;
}
m->default_memory_accounting = arg_default_memory_accounting;
m->runtime_watchdog = arg_runtime_watchdog;
m->shutdown_watchdog = arg_shutdown_watchdog;
- m->start_timeout_usec = arg_start_timeout_usec;
- m->start_timeout_action = arg_start_timeout_action;
- free_and_strdup(&m->start_timeout_reboot_arg, arg_start_timeout_reboot_arg);
m->userspace_timestamp = userspace_timestamp;
m->kernel_timestamp = kernel_timestamp;
r = manager_load_unit(m, SPECIAL_RESCUE_TARGET, NULL, &error, &target);
if (r < 0) {
- log_error("Failed to load rescue target: %s", bus_error_message(&error, r));
+ log_emergency("Failed to load rescue target: %s", bus_error_message(&error, r));
+ error_message = "Failed to load rescue target";
goto finish;
} else if (target->load_state == UNIT_ERROR || target->load_state == UNIT_NOT_FOUND) {
- log_error("Failed to load rescue target: %s", strerror(-target->load_error));
+ log_emergency("Failed to load rescue target: %s", strerror(-target->load_error));
+ error_message = "Failed to load rescue target";
goto finish;
} else if (target->load_state == UNIT_MASKED) {
- log_error("Rescue target masked.");
+ log_emergency("Rescue target masked.");
+ error_message = "Rescue target masked";
goto finish;
}
}
r = manager_add_job(m, JOB_START, target, JOB_REPLACE, false, &error, &default_unit_job);
if (r < 0) {
- log_error("Failed to start default target: %s", bus_error_message(&error, r));
+ log_emergency("Failed to start default target: %s", bus_error_message(&error, r));
+ error_message = "Failed to start default target";
goto finish;
}
} else if (r < 0) {
- log_error("Failed to isolate default target: %s", bus_error_message(&error, r));
+ log_emergency("Failed to isolate default target: %s", bus_error_message(&error, r));
+ error_message = "Failed to isolate default target";
goto finish;
}
for (;;) {
r = manager_loop(m);
if (r < 0) {
- log_error("Failed to run mainloop: %s", strerror(-r));
+ log_emergency("Failed to run main loop: %s", strerror(-r));
+ error_message = "Failed to run main loop";
goto finish;
}
case MANAGER_REEXECUTE:
- if (prepare_reexecute(m, &arg_serialization, &fds, false) < 0)
+ if (prepare_reexecute(m, &arg_serialization, &fds, false) < 0) {
+ error_message = "Failed to prepare for reexection";
goto finish;
+ }
reexecute = true;
log_notice("Reexecuting.");
m->switch_root = m->switch_root_init = NULL;
if (!switch_root_init)
- if (prepare_reexecute(m, &arg_serialization, &fds, true) < 0)
+ if (prepare_reexecute(m, &arg_serialization, &fds, true) < 0) {
+ error_message = "Failed to prepare for reexection";
goto finish;
+ }
reexecute = true;
log_notice("Switching root.");
finish:
pager_close();
- if (m) {
- manager_free(m);
- m = NULL;
- }
+ m = manager_free(m);
for (j = 0; j < ELEMENTSOF(arg_default_rlimit); j++) {
free(arg_default_rlimit[j]);
set_free(arg_syscall_archs);
arg_syscall_archs = NULL;
- free(arg_start_timeout_reboot_arg);
- arg_start_timeout_reboot_arg = NULL;
-
- label_finish();
+ mac_selinux_finish();
if (reexecute) {
const char **args;
getpid() == 1 ? "freezing" : "quitting");
}
- if (getpid() == 1)
+ if (getpid() == 1) {
+ if (error_message)
+ manager_status_printf(NULL, STATUS_TYPE_EMERGENCY,
+ ANSI_HIGHLIGHT_RED_ON "!!!!!!" ANSI_HIGHLIGHT_OFF,
+ "%s, freezing.", error_message);
freeze();
+ }
return retval;
}