1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
29 #include <sys/socket.h>
31 #include <sys/prctl.h>
32 #include <linux/sched.h>
33 #include <sys/types.h>
37 #include <sys/mount.h>
39 #include <linux/oom.h>
46 #include <security/pam_appl.h>
50 #include <selinux/selinux.h>
60 #include "capability.h"
63 #include "sd-messages.h"
65 #include "securebits.h"
66 #include "namespace.h"
68 #include "exit-status.h"
70 #include "utmp-wtmp.h"
72 #include "path-util.h"
77 #include "selinux-util.h"
78 #include "errno-list.h"
81 #include "seccomp-util.h"
84 #define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)
85 #define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC)
87 /* This assumes there is a 'tty' group */
90 #define SNDBUF_SIZE (8*1024*1024)
92 static int shift_fds(int fds[], unsigned n_fds) {
93 int start, restart_from;
98 /* Modifies the fds array! (sorts it) */
108 for (i = start; i < (int) n_fds; i++) {
111 /* Already at right index? */
115 if ((nfd = fcntl(fds[i], F_DUPFD, i+3)) < 0)
118 close_nointr_nofail(fds[i]);
121 /* Hmm, the fd we wanted isn't free? Then
122 * let's remember that and try again from here*/
123 if (nfd != i+3 && restart_from < 0)
127 if (restart_from < 0)
130 start = restart_from;
136 static int flags_fds(const int fds[], unsigned n_fds, bool nonblock) {
145 /* Drops/Sets O_NONBLOCK and FD_CLOEXEC from the file flags */
147 for (i = 0; i < n_fds; i++) {
149 if ((r = fd_nonblock(fds[i], nonblock)) < 0)
152 /* We unconditionally drop FD_CLOEXEC from the fds,
153 * since after all we want to pass these fds to our
156 if ((r = fd_cloexec(fds[i], false)) < 0)
163 _pure_ static const char *tty_path(const ExecContext *context) {
166 if (context->tty_path)
167 return context->tty_path;
169 return "/dev/console";
172 static void exec_context_tty_reset(const ExecContext *context) {
175 if (context->tty_vhangup)
176 terminal_vhangup(tty_path(context));
178 if (context->tty_reset)
179 reset_terminal(tty_path(context));
181 if (context->tty_vt_disallocate && context->tty_path)
182 vt_disallocate(context->tty_path);
185 static bool is_terminal_output(ExecOutput o) {
187 o == EXEC_OUTPUT_TTY ||
188 o == EXEC_OUTPUT_SYSLOG_AND_CONSOLE ||
189 o == EXEC_OUTPUT_KMSG_AND_CONSOLE ||
190 o == EXEC_OUTPUT_JOURNAL_AND_CONSOLE;
193 static int open_null_as(int flags, int nfd) {
198 fd = open("/dev/null", flags|O_NOCTTY);
203 r = dup2(fd, nfd) < 0 ? -errno : nfd;
204 close_nointr_nofail(fd);
211 static int connect_logger_as(const ExecContext *context, ExecOutput output, const char *ident, const char *unit_id, int nfd) {
213 union sockaddr_union sa = {
214 .un.sun_family = AF_UNIX,
215 .un.sun_path = "/run/systemd/journal/stdout",
219 assert(output < _EXEC_OUTPUT_MAX);
223 fd = socket(AF_UNIX, SOCK_STREAM, 0);
227 r = connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path));
229 close_nointr_nofail(fd);
233 if (shutdown(fd, SHUT_RD) < 0) {
234 close_nointr_nofail(fd);
238 fd_inc_sndbuf(fd, SNDBUF_SIZE);
248 context->syslog_identifier ? context->syslog_identifier : ident,
250 context->syslog_priority,
251 !!context->syslog_level_prefix,
252 output == EXEC_OUTPUT_SYSLOG || output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
253 output == EXEC_OUTPUT_KMSG || output == EXEC_OUTPUT_KMSG_AND_CONSOLE,
254 is_terminal_output(output));
257 r = dup2(fd, nfd) < 0 ? -errno : nfd;
258 close_nointr_nofail(fd);
264 static int open_terminal_as(const char *path, mode_t mode, int nfd) {
270 if ((fd = open_terminal(path, mode | O_NOCTTY)) < 0)
274 r = dup2(fd, nfd) < 0 ? -errno : nfd;
275 close_nointr_nofail(fd);
282 static bool is_terminal_input(ExecInput i) {
284 i == EXEC_INPUT_TTY ||
285 i == EXEC_INPUT_TTY_FORCE ||
286 i == EXEC_INPUT_TTY_FAIL;
289 static int fixup_input(ExecInput std_input, int socket_fd, bool apply_tty_stdin) {
291 if (is_terminal_input(std_input) && !apply_tty_stdin)
292 return EXEC_INPUT_NULL;
294 if (std_input == EXEC_INPUT_SOCKET && socket_fd < 0)
295 return EXEC_INPUT_NULL;
300 static int fixup_output(ExecOutput std_output, int socket_fd) {
302 if (std_output == EXEC_OUTPUT_SOCKET && socket_fd < 0)
303 return EXEC_OUTPUT_INHERIT;
308 static int setup_input(const ExecContext *context, int socket_fd, bool apply_tty_stdin) {
313 i = fixup_input(context->std_input, socket_fd, apply_tty_stdin);
317 case EXEC_INPUT_NULL:
318 return open_null_as(O_RDONLY, STDIN_FILENO);
321 case EXEC_INPUT_TTY_FORCE:
322 case EXEC_INPUT_TTY_FAIL: {
325 fd = acquire_terminal(tty_path(context),
326 i == EXEC_INPUT_TTY_FAIL,
327 i == EXEC_INPUT_TTY_FORCE,
333 if (fd != STDIN_FILENO) {
334 r = dup2(fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;
335 close_nointr_nofail(fd);
342 case EXEC_INPUT_SOCKET:
343 return dup2(socket_fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;
346 assert_not_reached("Unknown input type");
350 static int setup_output(const ExecContext *context, int fileno, int socket_fd, const char *ident, const char *unit_id, bool apply_tty_stdin) {
358 i = fixup_input(context->std_input, socket_fd, apply_tty_stdin);
359 o = fixup_output(context->std_output, socket_fd);
361 if (fileno == STDERR_FILENO) {
363 e = fixup_output(context->std_error, socket_fd);
365 /* This expects the input and output are already set up */
367 /* Don't change the stderr file descriptor if we inherit all
368 * the way and are not on a tty */
369 if (e == EXEC_OUTPUT_INHERIT &&
370 o == EXEC_OUTPUT_INHERIT &&
371 i == EXEC_INPUT_NULL &&
372 !is_terminal_input(context->std_input) &&
376 /* Duplicate from stdout if possible */
377 if (e == o || e == EXEC_OUTPUT_INHERIT)
378 return dup2(STDOUT_FILENO, fileno) < 0 ? -errno : fileno;
382 } else if (o == EXEC_OUTPUT_INHERIT) {
383 /* If input got downgraded, inherit the original value */
384 if (i == EXEC_INPUT_NULL && is_terminal_input(context->std_input))
385 return open_terminal_as(tty_path(context), O_WRONLY, fileno);
387 /* If the input is connected to anything that's not a /dev/null, inherit that... */
388 if (i != EXEC_INPUT_NULL)
389 return dup2(STDIN_FILENO, fileno) < 0 ? -errno : fileno;
391 /* If we are not started from PID 1 we just inherit STDOUT from our parent process. */
395 /* We need to open /dev/null here anew, to get the right access mode. */
396 return open_null_as(O_WRONLY, fileno);
401 case EXEC_OUTPUT_NULL:
402 return open_null_as(O_WRONLY, fileno);
404 case EXEC_OUTPUT_TTY:
405 if (is_terminal_input(i))
406 return dup2(STDIN_FILENO, fileno) < 0 ? -errno : fileno;
408 /* We don't reset the terminal if this is just about output */
409 return open_terminal_as(tty_path(context), O_WRONLY, fileno);
411 case EXEC_OUTPUT_SYSLOG:
412 case EXEC_OUTPUT_SYSLOG_AND_CONSOLE:
413 case EXEC_OUTPUT_KMSG:
414 case EXEC_OUTPUT_KMSG_AND_CONSOLE:
415 case EXEC_OUTPUT_JOURNAL:
416 case EXEC_OUTPUT_JOURNAL_AND_CONSOLE:
417 r = connect_logger_as(context, o, ident, unit_id, fileno);
419 log_struct_unit(LOG_CRIT, unit_id,
420 "MESSAGE=Failed to connect std%s of %s to the journal socket: %s",
421 fileno == STDOUT_FILENO ? "out" : "err",
422 unit_id, strerror(-r),
425 r = open_null_as(O_WRONLY, fileno);
429 case EXEC_OUTPUT_SOCKET:
430 assert(socket_fd >= 0);
431 return dup2(socket_fd, fileno) < 0 ? -errno : fileno;
434 assert_not_reached("Unknown error type");
438 static int chown_terminal(int fd, uid_t uid) {
443 /* This might fail. What matters are the results. */
444 (void) fchown(fd, uid, -1);
445 (void) fchmod(fd, TTY_MODE);
447 if (fstat(fd, &st) < 0)
450 if (st.st_uid != uid || (st.st_mode & 0777) != TTY_MODE)
456 static int setup_confirm_stdio(int *_saved_stdin,
457 int *_saved_stdout) {
458 int fd = -1, saved_stdin, saved_stdout = -1, r;
460 assert(_saved_stdin);
461 assert(_saved_stdout);
463 saved_stdin = fcntl(STDIN_FILENO, F_DUPFD, 3);
467 saved_stdout = fcntl(STDOUT_FILENO, F_DUPFD, 3);
468 if (saved_stdout < 0) {
473 fd = acquire_terminal(
478 DEFAULT_CONFIRM_USEC);
484 r = chown_terminal(fd, getuid());
488 if (dup2(fd, STDIN_FILENO) < 0) {
493 if (dup2(fd, STDOUT_FILENO) < 0) {
499 close_nointr_nofail(fd);
501 *_saved_stdin = saved_stdin;
502 *_saved_stdout = saved_stdout;
507 if (saved_stdout >= 0)
508 close_nointr_nofail(saved_stdout);
510 if (saved_stdin >= 0)
511 close_nointr_nofail(saved_stdin);
514 close_nointr_nofail(fd);
519 _printf_(1, 2) static int write_confirm_message(const char *format, ...) {
525 fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
529 va_start(ap, format);
530 vdprintf(fd, format, ap);
533 close_nointr_nofail(fd);
538 static int restore_confirm_stdio(int *saved_stdin,
544 assert(saved_stdout);
548 if (*saved_stdin >= 0)
549 if (dup2(*saved_stdin, STDIN_FILENO) < 0)
552 if (*saved_stdout >= 0)
553 if (dup2(*saved_stdout, STDOUT_FILENO) < 0)
556 if (*saved_stdin >= 0)
557 close_nointr_nofail(*saved_stdin);
559 if (*saved_stdout >= 0)
560 close_nointr_nofail(*saved_stdout);
565 static int ask_for_confirmation(char *response, char **argv) {
566 int saved_stdout = -1, saved_stdin = -1, r;
569 r = setup_confirm_stdio(&saved_stdin, &saved_stdout);
573 line = exec_command_line(argv);
577 r = ask(response, "yns", "Execute %s? [Yes, No, Skip] ", line);
580 restore_confirm_stdio(&saved_stdin, &saved_stdout);
585 static int enforce_groups(const ExecContext *context, const char *username, gid_t gid) {
586 bool keep_groups = false;
591 /* Lookup and set GID and supplementary group list. Here too
592 * we avoid NSS lookups for gid=0. */
594 if (context->group || username) {
596 if (context->group) {
597 const char *g = context->group;
599 if ((r = get_group_creds(&g, &gid)) < 0)
603 /* First step, initialize groups from /etc/groups */
604 if (username && gid != 0) {
605 if (initgroups(username, gid) < 0)
611 /* Second step, set our gids */
612 if (setresgid(gid, gid, gid) < 0)
616 if (context->supplementary_groups) {
621 /* Final step, initialize any manually set supplementary groups */
622 assert_se((ngroups_max = (int) sysconf(_SC_NGROUPS_MAX)) > 0);
624 if (!(gids = new(gid_t, ngroups_max)))
628 if ((k = getgroups(ngroups_max, gids)) < 0) {
635 STRV_FOREACH(i, context->supplementary_groups) {
638 if (k >= ngroups_max) {
644 r = get_group_creds(&g, gids+k);
653 if (setgroups(k, gids) < 0) {
664 static int enforce_user(const ExecContext *context, uid_t uid) {
667 /* Sets (but doesn't lookup) the uid and make sure we keep the
668 * capabilities while doing so. */
670 if (context->capabilities) {
671 _cleanup_cap_free_ cap_t d = NULL;
672 static const cap_value_t bits[] = {
673 CAP_SETUID, /* Necessary so that we can run setresuid() below */
674 CAP_SETPCAP /* Necessary so that we can set PR_SET_SECUREBITS later on */
677 /* First step: If we need to keep capabilities but
678 * drop privileges we need to make sure we keep our
679 * caps, while we drop privileges. */
681 int sb = context->secure_bits | 1<<SECURE_KEEP_CAPS;
683 if (prctl(PR_GET_SECUREBITS) != sb)
684 if (prctl(PR_SET_SECUREBITS, sb) < 0)
688 /* Second step: set the capabilities. This will reduce
689 * the capabilities to the minimum we need. */
691 d = cap_dup(context->capabilities);
695 if (cap_set_flag(d, CAP_EFFECTIVE, ELEMENTSOF(bits), bits, CAP_SET) < 0 ||
696 cap_set_flag(d, CAP_PERMITTED, ELEMENTSOF(bits), bits, CAP_SET) < 0)
699 if (cap_set_proc(d) < 0)
703 /* Third step: actually set the uids */
704 if (setresuid(uid, uid, uid) < 0)
707 /* At this point we should have all necessary capabilities but
708 are otherwise a normal user. However, the caps might got
709 corrupted due to the setresuid() so we need clean them up
710 later. This is done outside of this call. */
717 static int null_conv(
719 const struct pam_message **msg,
720 struct pam_response **resp,
723 /* We don't support conversations */
728 static int setup_pam(
734 int fds[], unsigned n_fds) {
736 static const struct pam_conv conv = {
741 pam_handle_t *handle = NULL;
743 int pam_code = PAM_SUCCESS;
746 bool close_session = false;
747 pid_t pam_pid = 0, parent_pid;
754 /* We set up PAM in the parent process, then fork. The child
755 * will then stay around until killed via PR_GET_PDEATHSIG or
756 * systemd via the cgroup logic. It will then remove the PAM
757 * session again. The parent process will exec() the actual
758 * daemon. We do things this way to ensure that the main PID
759 * of the daemon is the one we initially fork()ed. */
761 if (log_get_max_level() < LOG_PRI(LOG_DEBUG))
764 pam_code = pam_start(name, user, &conv, &handle);
765 if (pam_code != PAM_SUCCESS) {
771 pam_code = pam_set_item(handle, PAM_TTY, tty);
772 if (pam_code != PAM_SUCCESS)
776 pam_code = pam_acct_mgmt(handle, flags);
777 if (pam_code != PAM_SUCCESS)
780 pam_code = pam_open_session(handle, flags);
781 if (pam_code != PAM_SUCCESS)
784 close_session = true;
786 e = pam_getenvlist(handle);
788 pam_code = PAM_BUF_ERR;
792 /* Block SIGTERM, so that we know that it won't get lost in
794 if (sigemptyset(&ss) < 0 ||
795 sigaddset(&ss, SIGTERM) < 0 ||
796 sigprocmask(SIG_BLOCK, &ss, &old_ss) < 0)
799 parent_pid = getpid();
809 /* The child's job is to reset the PAM session on
812 /* This string must fit in 10 chars (i.e. the length
813 * of "/sbin/init"), to look pretty in /bin/ps */
814 rename_process("(sd-pam)");
816 /* Make sure we don't keep open the passed fds in this
817 child. We assume that otherwise only those fds are
818 open here that have been opened by PAM. */
819 close_many(fds, n_fds);
821 /* Drop privileges - we don't need any to pam_close_session
822 * and this will make PR_SET_PDEATHSIG work in most cases.
823 * If this fails, ignore the error - but expect sd-pam threads
824 * to fail to exit normally */
825 if (setresuid(uid, uid, uid) < 0)
826 log_error("Error: Failed to setresuid() in sd-pam: %s", strerror(-r));
828 /* Wait until our parent died. This will only work if
829 * the above setresuid() succeeds, otherwise the kernel
830 * will not allow unprivileged parents kill their privileged
831 * children this way. We rely on the control groups kill logic
832 * to do the rest for us. */
833 if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
836 /* Check if our parent process might already have
838 if (getppid() == parent_pid) {
840 if (sigwait(&ss, &sig) < 0) {
847 assert(sig == SIGTERM);
852 /* If our parent died we'll end the session */
853 if (getppid() != parent_pid) {
854 pam_code = pam_close_session(handle, flags);
855 if (pam_code != PAM_SUCCESS)
862 pam_end(handle, pam_code | flags);
866 /* If the child was forked off successfully it will do all the
867 * cleanups, so forget about the handle here. */
870 /* Unblock SIGTERM again in the parent */
871 if (sigprocmask(SIG_SETMASK, &old_ss, NULL) < 0)
874 /* We close the log explicitly here, since the PAM modules
875 * might have opened it, but we don't want this fd around. */
884 if (pam_code != PAM_SUCCESS) {
885 log_error("PAM failed: %s", pam_strerror(handle, pam_code));
886 err = -EPERM; /* PAM errors do not map to errno */
888 log_error("PAM failed: %m");
894 pam_code = pam_close_session(handle, flags);
896 pam_end(handle, pam_code | flags);
904 kill(pam_pid, SIGTERM);
905 kill(pam_pid, SIGCONT);
912 static void rename_process_from_path(const char *path) {
913 char process_name[11];
917 /* This resulting string must fit in 10 chars (i.e. the length
918 * of "/sbin/init") to look pretty in /bin/ps */
922 rename_process("(...)");
928 /* The end of the process name is usually more
929 * interesting, since the first bit might just be
935 process_name[0] = '(';
936 memcpy(process_name+1, p, l);
937 process_name[1+l] = ')';
938 process_name[1+l+1] = 0;
940 rename_process(process_name);
945 static int apply_seccomp(ExecContext *c) {
946 uint32_t negative_action, action;
947 scmp_filter_ctx *seccomp;
954 negative_action = c->syscall_errno == 0 ? SCMP_ACT_KILL : SCMP_ACT_ERRNO(c->syscall_errno);
956 seccomp = seccomp_init(c->syscall_whitelist ? negative_action : SCMP_ACT_ALLOW);
960 if (c->syscall_archs) {
962 SET_FOREACH(id, c->syscall_archs, i) {
963 r = seccomp_arch_add(seccomp, PTR_TO_UINT32(id) - 1);
967 seccomp_release(seccomp);
973 r = seccomp_add_secondary_archs(seccomp);
975 seccomp_release(seccomp);
980 action = c->syscall_whitelist ? SCMP_ACT_ALLOW : negative_action;
981 SET_FOREACH(id, c->syscall_filter, i) {
982 r = seccomp_rule_add(seccomp, action, PTR_TO_INT(id) - 1, 0);
984 seccomp_release(seccomp);
989 r = seccomp_load(seccomp);
990 seccomp_release(seccomp);
996 static void do_idle_pipe_dance(int idle_pipe[4]) {
999 if (idle_pipe[1] >= 0)
1000 close_nointr_nofail(idle_pipe[1]);
1001 if (idle_pipe[2] >= 0)
1002 close_nointr_nofail(idle_pipe[2]);
1004 if (idle_pipe[0] >= 0) {
1007 r = fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT_USEC);
1009 if (idle_pipe[3] >= 0 && r == 0 /* timeout */) {
1010 /* Signal systemd that we are bored and want to continue. */
1011 write(idle_pipe[3], "x", 1);
1013 /* Wait for systemd to react to the signal above. */
1014 fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT2_USEC);
1017 close_nointr_nofail(idle_pipe[0]);
1021 if (idle_pipe[3] >= 0)
1022 close_nointr_nofail(idle_pipe[3]);
1025 static int build_environment(
1028 usec_t watchdog_usec,
1030 const char *username,
1034 _cleanup_strv_free_ char **our_env = NULL;
1041 our_env = new0(char*, 10);
1046 if (asprintf(&x, "LISTEN_PID="PID_FMT, getpid()) < 0)
1048 our_env[n_env++] = x;
1050 if (asprintf(&x, "LISTEN_FDS=%u", n_fds) < 0)
1052 our_env[n_env++] = x;
1055 if (watchdog_usec > 0) {
1056 if (asprintf(&x, "WATCHDOG_PID="PID_FMT, getpid()) < 0)
1058 our_env[n_env++] = x;
1060 if (asprintf(&x, "WATCHDOG_USEC=%llu", (unsigned long long) watchdog_usec) < 0)
1062 our_env[n_env++] = x;
1066 x = strappend("HOME=", home);
1069 our_env[n_env++] = x;
1073 x = strappend("LOGNAME=", username);
1076 our_env[n_env++] = x;
1078 x = strappend("USER=", username);
1081 our_env[n_env++] = x;
1085 x = strappend("SHELL=", shell);
1088 our_env[n_env++] = x;
1091 if (is_terminal_input(c->std_input) ||
1092 c->std_output == EXEC_OUTPUT_TTY ||
1093 c->std_error == EXEC_OUTPUT_TTY ||
1096 x = strdup(default_term_for_tty(tty_path(c)));
1099 our_env[n_env++] = x;
1102 our_env[n_env++] = NULL;
1103 assert(n_env <= 10);
1111 int exec_spawn(ExecCommand *command,
1113 ExecContext *context,
1114 int fds[], unsigned n_fds,
1116 bool apply_permissions,
1118 bool apply_tty_stdin,
1120 CGroupControllerMask cgroup_supported,
1121 const char *cgroup_path,
1122 const char *unit_id,
1123 usec_t watchdog_usec,
1125 ExecRuntime *runtime,
1128 _cleanup_strv_free_ char **files_env = NULL;
1137 assert(fds || n_fds <= 0);
1139 if (context->std_input == EXEC_INPUT_SOCKET ||
1140 context->std_output == EXEC_OUTPUT_SOCKET ||
1141 context->std_error == EXEC_OUTPUT_SOCKET) {
1153 r = exec_context_load_environment(context, &files_env);
1155 log_struct_unit(LOG_ERR,
1157 "MESSAGE=Failed to load environment files: %s", strerror(-r),
1164 argv = command->argv;
1166 line = exec_command_line(argv);
1170 log_struct_unit(LOG_DEBUG,
1172 "EXECUTABLE=%s", command->path,
1173 "MESSAGE=About to execute: %s", line,
1182 _cleanup_strv_free_ char **our_env = NULL, **pam_env = NULL, **final_env = NULL, **final_argv = NULL;
1183 const char *username = NULL, *home = NULL, *shell = NULL;
1184 unsigned n_dont_close = 0;
1185 int dont_close[n_fds + 3];
1186 uid_t uid = (uid_t) -1;
1187 gid_t gid = (gid_t) -1;
1193 rename_process_from_path(command->path);
1195 /* We reset exactly these signals, since they are the
1196 * only ones we set to SIG_IGN in the main daemon. All
1197 * others we leave untouched because we set them to
1198 * SIG_DFL or a valid handler initially, both of which
1199 * will be demoted to SIG_DFL. */
1200 default_signals(SIGNALS_CRASH_HANDLER,
1201 SIGNALS_IGNORE, -1);
1203 if (context->ignore_sigpipe)
1204 ignore_signals(SIGPIPE, -1);
1206 assert_se(sigemptyset(&ss) == 0);
1207 if (sigprocmask(SIG_SETMASK, &ss, NULL) < 0) {
1209 r = EXIT_SIGNAL_MASK;
1214 do_idle_pipe_dance(idle_pipe);
1216 /* Close sockets very early to make sure we don't
1217 * block init reexecution because it cannot bind its
1222 dont_close[n_dont_close++] = socket_fd;
1224 memcpy(dont_close + n_dont_close, fds, sizeof(int) * n_fds);
1225 n_dont_close += n_fds;
1228 if (runtime->netns_storage_socket[0] >= 0)
1229 dont_close[n_dont_close++] = runtime->netns_storage_socket[0];
1230 if (runtime->netns_storage_socket[1] >= 0)
1231 dont_close[n_dont_close++] = runtime->netns_storage_socket[1];
1234 err = close_all_fds(dont_close, n_dont_close);
1240 if (!context->same_pgrp)
1247 if (context->tcpwrap_name) {
1249 if (!socket_tcpwrap(socket_fd, context->tcpwrap_name)) {
1255 for (i = 0; i < (int) n_fds; i++) {
1256 if (!socket_tcpwrap(fds[i], context->tcpwrap_name)) {
1264 exec_context_tty_reset(context);
1266 if (confirm_spawn) {
1269 err = ask_for_confirmation(&response, argv);
1270 if (err == -ETIMEDOUT)
1271 write_confirm_message("Confirmation question timed out, assuming positive response.\n");
1273 write_confirm_message("Couldn't ask confirmation question, assuming positive response: %s\n", strerror(-err));
1274 else if (response == 's') {
1275 write_confirm_message("Skipping execution.\n");
1279 } else if (response == 'n') {
1280 write_confirm_message("Failing execution.\n");
1286 /* If a socket is connected to STDIN/STDOUT/STDERR, we
1287 * must sure to drop O_NONBLOCK */
1289 fd_nonblock(socket_fd, false);
1291 err = setup_input(context, socket_fd, apply_tty_stdin);
1297 err = setup_output(context, STDOUT_FILENO, socket_fd, basename(command->path), unit_id, apply_tty_stdin);
1303 err = setup_output(context, STDERR_FILENO, socket_fd, basename(command->path), unit_id, apply_tty_stdin);
1310 err = cg_attach_everywhere(cgroup_supported, cgroup_path, 0);
1317 if (context->oom_score_adjust_set) {
1320 snprintf(t, sizeof(t), "%i", context->oom_score_adjust);
1323 if (write_string_file("/proc/self/oom_score_adj", t) < 0) {
1325 r = EXIT_OOM_ADJUST;
1330 if (context->nice_set)
1331 if (setpriority(PRIO_PROCESS, 0, context->nice) < 0) {
1337 if (context->cpu_sched_set) {
1338 struct sched_param param = {
1339 .sched_priority = context->cpu_sched_priority,
1342 r = sched_setscheduler(0,
1343 context->cpu_sched_policy |
1344 (context->cpu_sched_reset_on_fork ?
1345 SCHED_RESET_ON_FORK : 0),
1349 r = EXIT_SETSCHEDULER;
1354 if (context->cpuset)
1355 if (sched_setaffinity(0, CPU_ALLOC_SIZE(context->cpuset_ncpus), context->cpuset) < 0) {
1357 r = EXIT_CPUAFFINITY;
1361 if (context->ioprio_set)
1362 if (ioprio_set(IOPRIO_WHO_PROCESS, 0, context->ioprio) < 0) {
1368 if (context->timer_slack_nsec != (nsec_t) -1)
1369 if (prctl(PR_SET_TIMERSLACK, context->timer_slack_nsec) < 0) {
1371 r = EXIT_TIMERSLACK;
1375 if (context->utmp_id)
1376 utmp_put_init_process(context->utmp_id, getpid(), getsid(0), context->tty_path);
1378 if (context->user) {
1379 username = context->user;
1380 err = get_user_creds(&username, &uid, &gid, &home, &shell);
1386 if (is_terminal_input(context->std_input)) {
1387 err = chown_terminal(STDIN_FILENO, uid);
1396 if (cgroup_path && context->user && context->pam_name) {
1397 err = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0644, uid, gid);
1404 err = cg_set_group_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0755, uid, gid);
1412 if (apply_permissions) {
1413 err = enforce_groups(context, username, gid);
1420 umask(context->umask);
1423 if (apply_permissions && context->pam_name && username) {
1424 err = setup_pam(context->pam_name, username, uid, context->tty_path, &pam_env, fds, n_fds);
1431 if (context->private_network && runtime && runtime->netns_storage_socket[0] >= 0) {
1432 err = setup_netns(runtime->netns_storage_socket);
1439 if (!strv_isempty(context->read_write_dirs) ||
1440 !strv_isempty(context->read_only_dirs) ||
1441 !strv_isempty(context->inaccessible_dirs) ||
1442 context->mount_flags != 0 ||
1443 (context->private_tmp && runtime && (runtime->tmp_dir || runtime->var_tmp_dir)) ||
1444 context->private_devices) {
1446 char *tmp = NULL, *var = NULL;
1448 /* The runtime struct only contains the parent
1449 * of the private /tmp, which is
1450 * non-accessible to world users. Inside of it
1451 * there's a /tmp that is sticky, and that's
1452 * the one we want to use here. */
1454 if (context->private_tmp && runtime) {
1455 if (runtime->tmp_dir)
1456 tmp = strappenda(runtime->tmp_dir, "/tmp");
1457 if (runtime->var_tmp_dir)
1458 var = strappenda(runtime->var_tmp_dir, "/tmp");
1461 err = setup_namespace(
1462 context->read_write_dirs,
1463 context->read_only_dirs,
1464 context->inaccessible_dirs,
1467 context->private_devices,
1468 context->mount_flags);
1477 if (context->root_directory)
1478 if (chroot(context->root_directory) < 0) {
1484 if (chdir(context->working_directory ? context->working_directory : "/") < 0) {
1490 _cleanup_free_ char *d = NULL;
1492 if (asprintf(&d, "%s/%s",
1493 context->root_directory ? context->root_directory : "",
1494 context->working_directory ? context->working_directory : "") < 0) {
1507 /* We repeat the fd closing here, to make sure that
1508 * nothing is leaked from the PAM modules */
1509 err = close_all_fds(fds, n_fds);
1511 err = shift_fds(fds, n_fds);
1513 err = flags_fds(fds, n_fds, context->non_blocking);
1519 if (apply_permissions) {
1521 for (i = 0; i < RLIMIT_NLIMITS; i++) {
1522 if (!context->rlimit[i])
1525 if (setrlimit_closest(i, context->rlimit[i]) < 0) {
1532 if (context->capability_bounding_set_drop) {
1533 err = capability_bounding_set_drop(context->capability_bounding_set_drop, false);
1535 r = EXIT_CAPABILITIES;
1540 if (context->user) {
1541 err = enforce_user(context, uid);
1548 /* PR_GET_SECUREBITS is not privileged, while
1549 * PR_SET_SECUREBITS is. So to suppress
1550 * potential EPERMs we'll try not to call
1551 * PR_SET_SECUREBITS unless necessary. */
1552 if (prctl(PR_GET_SECUREBITS) != context->secure_bits)
1553 if (prctl(PR_SET_SECUREBITS, context->secure_bits) < 0) {
1555 r = EXIT_SECUREBITS;
1559 if (context->capabilities)
1560 if (cap_set_proc(context->capabilities) < 0) {
1562 r = EXIT_CAPABILITIES;
1566 if (context->no_new_privileges)
1567 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
1569 r = EXIT_NO_NEW_PRIVILEGES;
1574 if (context->syscall_filter || context->syscall_archs) {
1575 err = apply_seccomp(context);
1584 if (context->selinux_context && use_selinux()) {
1585 err = setexeccon(context->selinux_context);
1586 if (err < 0 && !context->selinux_context_ignore) {
1587 r = EXIT_SELINUX_CONTEXT;
1594 err = build_environment(context, n_fds, watchdog_usec, home, username, shell, &our_env);
1600 final_env = strv_env_merge(5,
1603 context->environment,
1613 final_argv = replace_env_argv(argv, final_env);
1620 final_env = strv_env_clean(final_env);
1622 if (_unlikely_(log_get_max_level() >= LOG_PRI(LOG_DEBUG))) {
1623 line = exec_command_line(final_argv);
1626 log_struct_unit(LOG_DEBUG,
1628 "EXECUTABLE=%s", command->path,
1629 "MESSAGE=Executing: %s", line,
1636 execve(command->path, final_argv, final_env);
1643 log_struct(LOG_ERR, MESSAGE_ID(SD_MESSAGE_SPAWN_FAILED),
1644 "EXECUTABLE=%s", command->path,
1645 "MESSAGE=Failed at step %s spawning %s: %s",
1646 exit_status_to_string(r, EXIT_STATUS_SYSTEMD),
1647 command->path, strerror(-err),
1656 log_struct_unit(LOG_DEBUG,
1658 "MESSAGE=Forked %s as "PID_FMT,
1662 /* We add the new process to the cgroup both in the child (so
1663 * that we can be sure that no user code is ever executed
1664 * outside of the cgroup) and in the parent (so that we can be
1665 * sure that when we kill the cgroup the process will be
1668 cg_attach(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, pid);
1670 exec_status_start(&command->exec_status, pid);
1676 void exec_context_init(ExecContext *c) {
1680 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
1681 c->cpu_sched_policy = SCHED_OTHER;
1682 c->syslog_priority = LOG_DAEMON|LOG_INFO;
1683 c->syslog_level_prefix = true;
1684 c->ignore_sigpipe = true;
1685 c->timer_slack_nsec = (nsec_t) -1;
1688 void exec_context_done(ExecContext *c) {
1693 strv_free(c->environment);
1694 c->environment = NULL;
1696 strv_free(c->environment_files);
1697 c->environment_files = NULL;
1699 for (l = 0; l < ELEMENTSOF(c->rlimit); l++) {
1701 c->rlimit[l] = NULL;
1704 free(c->working_directory);
1705 c->working_directory = NULL;
1706 free(c->root_directory);
1707 c->root_directory = NULL;
1712 free(c->tcpwrap_name);
1713 c->tcpwrap_name = NULL;
1715 free(c->syslog_identifier);
1716 c->syslog_identifier = NULL;
1724 strv_free(c->supplementary_groups);
1725 c->supplementary_groups = NULL;
1730 if (c->capabilities) {
1731 cap_free(c->capabilities);
1732 c->capabilities = NULL;
1735 strv_free(c->read_only_dirs);
1736 c->read_only_dirs = NULL;
1738 strv_free(c->read_write_dirs);
1739 c->read_write_dirs = NULL;
1741 strv_free(c->inaccessible_dirs);
1742 c->inaccessible_dirs = NULL;
1745 CPU_FREE(c->cpuset);
1750 free(c->selinux_context);
1751 c->selinux_context = NULL;
1754 set_free(c->syscall_filter);
1755 c->syscall_filter = NULL;
1757 set_free(c->syscall_archs);
1758 c->syscall_archs = NULL;
1762 void exec_command_done(ExecCommand *c) {
1772 void exec_command_done_array(ExecCommand *c, unsigned n) {
1775 for (i = 0; i < n; i++)
1776 exec_command_done(c+i);
1779 void exec_command_free_list(ExecCommand *c) {
1783 LIST_REMOVE(command, c, i);
1784 exec_command_done(i);
1789 void exec_command_free_array(ExecCommand **c, unsigned n) {
1792 for (i = 0; i < n; i++) {
1793 exec_command_free_list(c[i]);
1798 int exec_context_load_environment(const ExecContext *c, char ***l) {
1799 char **i, **r = NULL;
1804 STRV_FOREACH(i, c->environment_files) {
1807 bool ignore = false;
1809 _cleanup_globfree_ glob_t pglob = {};
1819 if (!path_is_absolute(fn)) {
1827 /* Filename supports globbing, take all matching files */
1829 if (glob(fn, 0, NULL, &pglob) != 0) {
1834 return errno ? -errno : -EINVAL;
1836 count = pglob.gl_pathc;
1844 for (n = 0; n < count; n++) {
1845 k = load_env_file(pglob.gl_pathv[n], NULL, &p);
1853 /* Log invalid environment variables with filename */
1855 p = strv_env_clean_log(p, pglob.gl_pathv[n]);
1862 m = strv_env_merge(2, r, p);
1878 static bool tty_may_match_dev_console(const char *tty) {
1879 char *active = NULL, *console;
1882 if (startswith(tty, "/dev/"))
1885 /* trivial identity? */
1886 if (streq(tty, "console"))
1889 console = resolve_dev_console(&active);
1890 /* if we could not resolve, assume it may */
1894 /* "tty0" means the active VC, so it may be the same sometimes */
1895 b = streq(console, tty) || (streq(console, "tty0") && tty_is_vc(tty));
1901 bool exec_context_may_touch_console(ExecContext *ec) {
1902 return (ec->tty_reset || ec->tty_vhangup || ec->tty_vt_disallocate ||
1903 is_terminal_input(ec->std_input) ||
1904 is_terminal_output(ec->std_output) ||
1905 is_terminal_output(ec->std_error)) &&
1906 tty_may_match_dev_console(tty_path(ec));
1909 static void strv_fprintf(FILE *f, char **l) {
1915 fprintf(f, " %s", *g);
1918 void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
1925 prefix = strempty(prefix);
1929 "%sWorkingDirectory: %s\n"
1930 "%sRootDirectory: %s\n"
1931 "%sNonBlocking: %s\n"
1932 "%sPrivateTmp: %s\n"
1933 "%sPrivateNetwork: %s\n"
1934 "%sPrivateDevices: %s\n"
1935 "%sIgnoreSIGPIPE: %s\n",
1937 prefix, c->working_directory ? c->working_directory : "/",
1938 prefix, c->root_directory ? c->root_directory : "/",
1939 prefix, yes_no(c->non_blocking),
1940 prefix, yes_no(c->private_tmp),
1941 prefix, yes_no(c->private_network),
1942 prefix, yes_no(c->private_devices),
1943 prefix, yes_no(c->ignore_sigpipe));
1945 STRV_FOREACH(e, c->environment)
1946 fprintf(f, "%sEnvironment: %s\n", prefix, *e);
1948 STRV_FOREACH(e, c->environment_files)
1949 fprintf(f, "%sEnvironmentFile: %s\n", prefix, *e);
1951 if (c->tcpwrap_name)
1953 "%sTCPWrapName: %s\n",
1954 prefix, c->tcpwrap_name);
1961 if (c->oom_score_adjust_set)
1963 "%sOOMScoreAdjust: %i\n",
1964 prefix, c->oom_score_adjust);
1966 for (i = 0; i < RLIM_NLIMITS; i++)
1968 fprintf(f, "%s%s: %llu\n", prefix, rlimit_to_string(i), (unsigned long long) c->rlimit[i]->rlim_max);
1970 if (c->ioprio_set) {
1974 r = ioprio_class_to_string_alloc(IOPRIO_PRIO_CLASS(c->ioprio), &class_str);
1978 "%sIOSchedulingClass: %s\n"
1979 "%sIOPriority: %i\n",
1980 prefix, strna(class_str),
1981 prefix, (int) IOPRIO_PRIO_DATA(c->ioprio));
1985 if (c->cpu_sched_set) {
1989 r = sched_policy_to_string_alloc(c->cpu_sched_policy, &policy_str);
1993 "%sCPUSchedulingPolicy: %s\n"
1994 "%sCPUSchedulingPriority: %i\n"
1995 "%sCPUSchedulingResetOnFork: %s\n",
1996 prefix, strna(policy_str),
1997 prefix, c->cpu_sched_priority,
1998 prefix, yes_no(c->cpu_sched_reset_on_fork));
2003 fprintf(f, "%sCPUAffinity:", prefix);
2004 for (i = 0; i < c->cpuset_ncpus; i++)
2005 if (CPU_ISSET_S(i, CPU_ALLOC_SIZE(c->cpuset_ncpus), c->cpuset))
2006 fprintf(f, " %u", i);
2010 if (c->timer_slack_nsec != (nsec_t) -1)
2011 fprintf(f, "%sTimerSlackNSec: "NSEC_FMT "\n", prefix, c->timer_slack_nsec);
2014 "%sStandardInput: %s\n"
2015 "%sStandardOutput: %s\n"
2016 "%sStandardError: %s\n",
2017 prefix, exec_input_to_string(c->std_input),
2018 prefix, exec_output_to_string(c->std_output),
2019 prefix, exec_output_to_string(c->std_error));
2025 "%sTTYVHangup: %s\n"
2026 "%sTTYVTDisallocate: %s\n",
2027 prefix, c->tty_path,
2028 prefix, yes_no(c->tty_reset),
2029 prefix, yes_no(c->tty_vhangup),
2030 prefix, yes_no(c->tty_vt_disallocate));
2032 if (c->std_output == EXEC_OUTPUT_SYSLOG ||
2033 c->std_output == EXEC_OUTPUT_KMSG ||
2034 c->std_output == EXEC_OUTPUT_JOURNAL ||
2035 c->std_output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE ||
2036 c->std_output == EXEC_OUTPUT_KMSG_AND_CONSOLE ||
2037 c->std_output == EXEC_OUTPUT_JOURNAL_AND_CONSOLE ||
2038 c->std_error == EXEC_OUTPUT_SYSLOG ||
2039 c->std_error == EXEC_OUTPUT_KMSG ||
2040 c->std_error == EXEC_OUTPUT_JOURNAL ||
2041 c->std_error == EXEC_OUTPUT_SYSLOG_AND_CONSOLE ||
2042 c->std_error == EXEC_OUTPUT_KMSG_AND_CONSOLE ||
2043 c->std_error == EXEC_OUTPUT_JOURNAL_AND_CONSOLE) {
2045 _cleanup_free_ char *fac_str = NULL, *lvl_str = NULL;
2047 log_facility_unshifted_to_string_alloc(c->syslog_priority >> 3, &fac_str);
2048 log_level_to_string_alloc(LOG_PRI(c->syslog_priority), &lvl_str);
2051 "%sSyslogFacility: %s\n"
2052 "%sSyslogLevel: %s\n",
2053 prefix, strna(fac_str),
2054 prefix, strna(lvl_str));
2057 if (c->capabilities) {
2058 _cleanup_cap_free_charp_ char *t;
2060 t = cap_to_text(c->capabilities, NULL);
2062 fprintf(f, "%sCapabilities: %s\n", prefix, t);
2066 fprintf(f, "%sSecure Bits:%s%s%s%s%s%s\n",
2068 (c->secure_bits & 1<<SECURE_KEEP_CAPS) ? " keep-caps" : "",
2069 (c->secure_bits & 1<<SECURE_KEEP_CAPS_LOCKED) ? " keep-caps-locked" : "",
2070 (c->secure_bits & 1<<SECURE_NO_SETUID_FIXUP) ? " no-setuid-fixup" : "",
2071 (c->secure_bits & 1<<SECURE_NO_SETUID_FIXUP_LOCKED) ? " no-setuid-fixup-locked" : "",
2072 (c->secure_bits & 1<<SECURE_NOROOT) ? " noroot" : "",
2073 (c->secure_bits & 1<<SECURE_NOROOT_LOCKED) ? "noroot-locked" : "");
2075 if (c->capability_bounding_set_drop) {
2077 fprintf(f, "%sCapabilityBoundingSet:", prefix);
2079 for (l = 0; l <= cap_last_cap(); l++)
2080 if (!(c->capability_bounding_set_drop & ((uint64_t) 1ULL << (uint64_t) l))) {
2081 _cleanup_cap_free_charp_ char *t;
2085 fprintf(f, " %s", t);
2092 fprintf(f, "%sUser: %s\n", prefix, c->user);
2094 fprintf(f, "%sGroup: %s\n", prefix, c->group);
2096 if (strv_length(c->supplementary_groups) > 0) {
2097 fprintf(f, "%sSupplementaryGroups:", prefix);
2098 strv_fprintf(f, c->supplementary_groups);
2103 fprintf(f, "%sPAMName: %s\n", prefix, c->pam_name);
2105 if (strv_length(c->read_write_dirs) > 0) {
2106 fprintf(f, "%sReadWriteDirs:", prefix);
2107 strv_fprintf(f, c->read_write_dirs);
2111 if (strv_length(c->read_only_dirs) > 0) {
2112 fprintf(f, "%sReadOnlyDirs:", prefix);
2113 strv_fprintf(f, c->read_only_dirs);
2117 if (strv_length(c->inaccessible_dirs) > 0) {
2118 fprintf(f, "%sInaccessibleDirs:", prefix);
2119 strv_fprintf(f, c->inaccessible_dirs);
2125 "%sUtmpIdentifier: %s\n",
2126 prefix, c->utmp_id);
2128 if (c->selinux_context)
2130 "%sSELinuxContext: %s%s\n",
2131 prefix, c->selinux_context_ignore ? "-" : "", c->selinux_context);
2133 if (c->syscall_filter) {
2141 "%sSystemCallFilter: ",
2144 if (!c->syscall_whitelist)
2148 SET_FOREACH(id, c->syscall_filter, j) {
2149 _cleanup_free_ char *name = NULL;
2156 name = seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE, PTR_TO_INT(id) - 1);
2157 fputs(strna(name), f);
2164 if (c->syscall_archs) {
2171 "%sSystemCallArchitectures:",
2175 SET_FOREACH(id, c->syscall_archs, j)
2176 fprintf(f, " %s", strna(seccomp_arch_to_string(PTR_TO_UINT32(id) - 1)));
2181 if (c->syscall_errno != 0)
2183 "%sSystemCallErrorNumber: %s\n",
2184 prefix, strna(errno_to_name(c->syscall_errno)));
2187 void exec_status_start(ExecStatus *s, pid_t pid) {
2192 dual_timestamp_get(&s->start_timestamp);
2195 void exec_status_exit(ExecStatus *s, ExecContext *context, pid_t pid, int code, int status) {
2198 if (s->pid && s->pid != pid)
2202 dual_timestamp_get(&s->exit_timestamp);
2208 if (context->utmp_id)
2209 utmp_put_dead_process(context->utmp_id, pid, code, status);
2211 exec_context_tty_reset(context);
2215 void exec_status_dump(ExecStatus *s, FILE *f, const char *prefix) {
2216 char buf[FORMAT_TIMESTAMP_MAX];
2228 "%sPID: "PID_FMT"\n",
2231 if (s->start_timestamp.realtime > 0)
2233 "%sStart Timestamp: %s\n",
2234 prefix, format_timestamp(buf, sizeof(buf), s->start_timestamp.realtime));
2236 if (s->exit_timestamp.realtime > 0)
2238 "%sExit Timestamp: %s\n"
2240 "%sExit Status: %i\n",
2241 prefix, format_timestamp(buf, sizeof(buf), s->exit_timestamp.realtime),
2242 prefix, sigchld_code_to_string(s->code),
2246 char *exec_command_line(char **argv) {
2254 STRV_FOREACH(a, argv)
2257 if (!(n = new(char, k)))
2261 STRV_FOREACH(a, argv) {
2268 if (strpbrk(*a, WHITESPACE)) {
2279 /* FIXME: this doesn't really handle arguments that have
2280 * spaces and ticks in them */
2285 void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix) {
2287 const char *prefix2;
2296 p2 = strappend(prefix, "\t");
2297 prefix2 = p2 ? p2 : prefix;
2299 cmd = exec_command_line(c->argv);
2302 "%sCommand Line: %s\n",
2303 prefix, cmd ? cmd : strerror(ENOMEM));
2307 exec_status_dump(&c->exec_status, f, prefix2);
2312 void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix) {
2318 LIST_FOREACH(command, c, c)
2319 exec_command_dump(c, f, prefix);
2322 void exec_command_append_list(ExecCommand **l, ExecCommand *e) {
2329 /* It's kind of important, that we keep the order here */
2330 LIST_FIND_TAIL(command, *l, end);
2331 LIST_INSERT_AFTER(command, *l, end, e);
2336 int exec_command_set(ExecCommand *c, const char *path, ...) {
2344 l = strv_new_ap(path, ap);
2365 static int exec_runtime_allocate(ExecRuntime **rt) {
2370 *rt = new0(ExecRuntime, 1);
2375 (*rt)->netns_storage_socket[0] = (*rt)->netns_storage_socket[1] = -1;
2380 int exec_runtime_make(ExecRuntime **rt, ExecContext *c, const char *id) {
2390 if (!c->private_network && !c->private_tmp)
2393 r = exec_runtime_allocate(rt);
2397 if (c->private_network && (*rt)->netns_storage_socket[0] < 0) {
2398 if (socketpair(AF_UNIX, SOCK_DGRAM, 0, (*rt)->netns_storage_socket) < 0)
2402 if (c->private_tmp && !(*rt)->tmp_dir) {
2403 r = setup_tmp_dirs(id, &(*rt)->tmp_dir, &(*rt)->var_tmp_dir);
2411 ExecRuntime *exec_runtime_ref(ExecRuntime *r) {
2413 assert(r->n_ref > 0);
2419 ExecRuntime *exec_runtime_unref(ExecRuntime *r) {
2424 assert(r->n_ref > 0);
2427 if (r->n_ref <= 0) {
2429 free(r->var_tmp_dir);
2430 close_pipe(r->netns_storage_socket);
2437 int exec_runtime_serialize(ExecRuntime *rt, Unit *u, FILE *f, FDSet *fds) {
2446 unit_serialize_item(u, f, "tmp-dir", rt->tmp_dir);
2448 if (rt->var_tmp_dir)
2449 unit_serialize_item(u, f, "var-tmp-dir", rt->var_tmp_dir);
2451 if (rt->netns_storage_socket[0] >= 0) {
2454 copy = fdset_put_dup(fds, rt->netns_storage_socket[0]);
2458 unit_serialize_item_format(u, f, "netns-socket-0", "%i", copy);
2461 if (rt->netns_storage_socket[1] >= 0) {
2464 copy = fdset_put_dup(fds, rt->netns_storage_socket[1]);
2468 unit_serialize_item_format(u, f, "netns-socket-1", "%i", copy);
2474 int exec_runtime_deserialize_item(ExecRuntime **rt, Unit *u, const char *key, const char *value, FDSet *fds) {
2481 if (streq(key, "tmp-dir")) {
2484 r = exec_runtime_allocate(rt);
2488 copy = strdup(value);
2492 free((*rt)->tmp_dir);
2493 (*rt)->tmp_dir = copy;
2495 } else if (streq(key, "var-tmp-dir")) {
2498 r = exec_runtime_allocate(rt);
2502 copy = strdup(value);
2506 free((*rt)->var_tmp_dir);
2507 (*rt)->var_tmp_dir = copy;
2509 } else if (streq(key, "netns-socket-0")) {
2512 r = exec_runtime_allocate(rt);
2516 if (safe_atoi(value, &fd) < 0 || !fdset_contains(fds, fd))
2517 log_debug_unit(u->id, "Failed to parse netns socket value %s", value);
2519 if ((*rt)->netns_storage_socket[0] >= 0)
2520 close_nointr_nofail((*rt)->netns_storage_socket[0]);
2522 (*rt)->netns_storage_socket[0] = fdset_remove(fds, fd);
2524 } else if (streq(key, "netns-socket-1")) {
2527 r = exec_runtime_allocate(rt);
2531 if (safe_atoi(value, &fd) < 0 || !fdset_contains(fds, fd))
2532 log_debug_unit(u->id, "Failed to parse netns socket value %s", value);
2534 if ((*rt)->netns_storage_socket[1] >= 0)
2535 close_nointr_nofail((*rt)->netns_storage_socket[1]);
2537 (*rt)->netns_storage_socket[1] = fdset_remove(fds, fd);
2545 static void *remove_tmpdir_thread(void *p) {
2546 _cleanup_free_ char *path = p;
2548 rm_rf_dangerous(path, false, true, false);
2552 void exec_runtime_destroy(ExecRuntime *rt) {
2556 /* If there are multiple users of this, let's leave the stuff around */
2561 log_debug("Spawning thread to nuke %s", rt->tmp_dir);
2562 asynchronous_job(remove_tmpdir_thread, rt->tmp_dir);
2566 if (rt->var_tmp_dir) {
2567 log_debug("Spawning thread to nuke %s", rt->var_tmp_dir);
2568 asynchronous_job(remove_tmpdir_thread, rt->var_tmp_dir);
2569 rt->var_tmp_dir = NULL;
2572 close_pipe(rt->netns_storage_socket);
2575 static const char* const exec_input_table[_EXEC_INPUT_MAX] = {
2576 [EXEC_INPUT_NULL] = "null",
2577 [EXEC_INPUT_TTY] = "tty",
2578 [EXEC_INPUT_TTY_FORCE] = "tty-force",
2579 [EXEC_INPUT_TTY_FAIL] = "tty-fail",
2580 [EXEC_INPUT_SOCKET] = "socket"
2583 DEFINE_STRING_TABLE_LOOKUP(exec_input, ExecInput);
2585 static const char* const exec_output_table[_EXEC_OUTPUT_MAX] = {
2586 [EXEC_OUTPUT_INHERIT] = "inherit",
2587 [EXEC_OUTPUT_NULL] = "null",
2588 [EXEC_OUTPUT_TTY] = "tty",
2589 [EXEC_OUTPUT_SYSLOG] = "syslog",
2590 [EXEC_OUTPUT_SYSLOG_AND_CONSOLE] = "syslog+console",
2591 [EXEC_OUTPUT_KMSG] = "kmsg",
2592 [EXEC_OUTPUT_KMSG_AND_CONSOLE] = "kmsg+console",
2593 [EXEC_OUTPUT_JOURNAL] = "journal",
2594 [EXEC_OUTPUT_JOURNAL_AND_CONSOLE] = "journal+console",
2595 [EXEC_OUTPUT_SOCKET] = "socket"
2598 DEFINE_STRING_TABLE_LOOKUP(exec_output, ExecOutput);
~ianmdlvl / elogind.git / blob