1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
29 #include <sys/socket.h>
31 #include <sys/prctl.h>
32 #include <linux/sched.h>
33 #include <sys/types.h>
37 #include <sys/mount.h>
39 #include <linux/oom.h>
41 #include <linux/seccomp-bpf.h>
47 #include <security/pam_appl.h>
53 #include "capability.h"
56 #include "sd-messages.h"
58 #include "securebits.h"
59 #include "namespace.h"
61 #include "exit-status.h"
63 #include "utmp-wtmp.h"
65 #include "path-util.h"
66 #include "syscall-list.h"
72 #define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)
73 #define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC)
75 /* This assumes there is a 'tty' group */
78 static int shift_fds(int fds[], unsigned n_fds) {
79 int start, restart_from;
84 /* Modifies the fds array! (sorts it) */
94 for (i = start; i < (int) n_fds; i++) {
97 /* Already at right index? */
101 if ((nfd = fcntl(fds[i], F_DUPFD, i+3)) < 0)
104 close_nointr_nofail(fds[i]);
107 /* Hmm, the fd we wanted isn't free? Then
108 * let's remember that and try again from here*/
109 if (nfd != i+3 && restart_from < 0)
113 if (restart_from < 0)
116 start = restart_from;
122 static int flags_fds(const int fds[], unsigned n_fds, bool nonblock) {
131 /* Drops/Sets O_NONBLOCK and FD_CLOEXEC from the file flags */
133 for (i = 0; i < n_fds; i++) {
135 if ((r = fd_nonblock(fds[i], nonblock)) < 0)
138 /* We unconditionally drop FD_CLOEXEC from the fds,
139 * since after all we want to pass these fds to our
142 if ((r = fd_cloexec(fds[i], false)) < 0)
149 _pure_ static const char *tty_path(const ExecContext *context) {
152 if (context->tty_path)
153 return context->tty_path;
155 return "/dev/console";
158 static void exec_context_tty_reset(const ExecContext *context) {
161 if (context->tty_vhangup)
162 terminal_vhangup(tty_path(context));
164 if (context->tty_reset)
165 reset_terminal(tty_path(context));
167 if (context->tty_vt_disallocate && context->tty_path)
168 vt_disallocate(context->tty_path);
171 static bool is_terminal_output(ExecOutput o) {
173 o == EXEC_OUTPUT_TTY ||
174 o == EXEC_OUTPUT_SYSLOG_AND_CONSOLE ||
175 o == EXEC_OUTPUT_KMSG_AND_CONSOLE ||
176 o == EXEC_OUTPUT_JOURNAL_AND_CONSOLE;
179 static int open_null_as(int flags, int nfd) {
184 fd = open("/dev/null", flags|O_NOCTTY);
189 r = dup2(fd, nfd) < 0 ? -errno : nfd;
190 close_nointr_nofail(fd);
197 static int connect_logger_as(const ExecContext *context, ExecOutput output, const char *ident, const char *unit_id, int nfd) {
199 union sockaddr_union sa = {
200 .un.sun_family = AF_UNIX,
201 .un.sun_path = "/run/systemd/journal/stdout",
205 assert(output < _EXEC_OUTPUT_MAX);
209 fd = socket(AF_UNIX, SOCK_STREAM, 0);
213 r = connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path));
215 close_nointr_nofail(fd);
219 if (shutdown(fd, SHUT_RD) < 0) {
220 close_nointr_nofail(fd);
232 context->syslog_identifier ? context->syslog_identifier : ident,
234 context->syslog_priority,
235 !!context->syslog_level_prefix,
236 output == EXEC_OUTPUT_SYSLOG || output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
237 output == EXEC_OUTPUT_KMSG || output == EXEC_OUTPUT_KMSG_AND_CONSOLE,
238 is_terminal_output(output));
241 r = dup2(fd, nfd) < 0 ? -errno : nfd;
242 close_nointr_nofail(fd);
248 static int open_terminal_as(const char *path, mode_t mode, int nfd) {
254 if ((fd = open_terminal(path, mode | O_NOCTTY)) < 0)
258 r = dup2(fd, nfd) < 0 ? -errno : nfd;
259 close_nointr_nofail(fd);
266 static bool is_terminal_input(ExecInput i) {
268 i == EXEC_INPUT_TTY ||
269 i == EXEC_INPUT_TTY_FORCE ||
270 i == EXEC_INPUT_TTY_FAIL;
273 static int fixup_input(ExecInput std_input, int socket_fd, bool apply_tty_stdin) {
275 if (is_terminal_input(std_input) && !apply_tty_stdin)
276 return EXEC_INPUT_NULL;
278 if (std_input == EXEC_INPUT_SOCKET && socket_fd < 0)
279 return EXEC_INPUT_NULL;
284 static int fixup_output(ExecOutput std_output, int socket_fd) {
286 if (std_output == EXEC_OUTPUT_SOCKET && socket_fd < 0)
287 return EXEC_OUTPUT_INHERIT;
292 static int setup_input(const ExecContext *context, int socket_fd, bool apply_tty_stdin) {
297 i = fixup_input(context->std_input, socket_fd, apply_tty_stdin);
301 case EXEC_INPUT_NULL:
302 return open_null_as(O_RDONLY, STDIN_FILENO);
305 case EXEC_INPUT_TTY_FORCE:
306 case EXEC_INPUT_TTY_FAIL: {
309 fd = acquire_terminal(tty_path(context),
310 i == EXEC_INPUT_TTY_FAIL,
311 i == EXEC_INPUT_TTY_FORCE,
317 if (fd != STDIN_FILENO) {
318 r = dup2(fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;
319 close_nointr_nofail(fd);
326 case EXEC_INPUT_SOCKET:
327 return dup2(socket_fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;
330 assert_not_reached("Unknown input type");
334 static int setup_output(const ExecContext *context, int fileno, int socket_fd, const char *ident, const char *unit_id, bool apply_tty_stdin) {
342 i = fixup_input(context->std_input, socket_fd, apply_tty_stdin);
343 o = fixup_output(context->std_output, socket_fd);
345 if (fileno == STDERR_FILENO) {
347 e = fixup_output(context->std_error, socket_fd);
349 /* This expects the input and output are already set up */
351 /* Don't change the stderr file descriptor if we inherit all
352 * the way and are not on a tty */
353 if (e == EXEC_OUTPUT_INHERIT &&
354 o == EXEC_OUTPUT_INHERIT &&
355 i == EXEC_INPUT_NULL &&
356 !is_terminal_input(context->std_input) &&
360 /* Duplicate from stdout if possible */
361 if (e == o || e == EXEC_OUTPUT_INHERIT)
362 return dup2(STDOUT_FILENO, fileno) < 0 ? -errno : fileno;
366 } else if (o == EXEC_OUTPUT_INHERIT) {
367 /* If input got downgraded, inherit the original value */
368 if (i == EXEC_INPUT_NULL && is_terminal_input(context->std_input))
369 return open_terminal_as(tty_path(context), O_WRONLY, fileno);
371 /* If the input is connected to anything that's not a /dev/null, inherit that... */
372 if (i != EXEC_INPUT_NULL)
373 return dup2(STDIN_FILENO, fileno) < 0 ? -errno : fileno;
375 /* If we are not started from PID 1 we just inherit STDOUT from our parent process. */
379 /* We need to open /dev/null here anew, to get the right access mode. */
380 return open_null_as(O_WRONLY, fileno);
385 case EXEC_OUTPUT_NULL:
386 return open_null_as(O_WRONLY, fileno);
388 case EXEC_OUTPUT_TTY:
389 if (is_terminal_input(i))
390 return dup2(STDIN_FILENO, fileno) < 0 ? -errno : fileno;
392 /* We don't reset the terminal if this is just about output */
393 return open_terminal_as(tty_path(context), O_WRONLY, fileno);
395 case EXEC_OUTPUT_SYSLOG:
396 case EXEC_OUTPUT_SYSLOG_AND_CONSOLE:
397 case EXEC_OUTPUT_KMSG:
398 case EXEC_OUTPUT_KMSG_AND_CONSOLE:
399 case EXEC_OUTPUT_JOURNAL:
400 case EXEC_OUTPUT_JOURNAL_AND_CONSOLE:
401 r = connect_logger_as(context, o, ident, unit_id, fileno);
403 log_struct_unit(LOG_CRIT, unit_id,
404 "MESSAGE=Failed to connect std%s of %s to the journal socket: %s",
405 fileno == STDOUT_FILENO ? "out" : "err",
406 unit_id, strerror(-r),
409 r = open_null_as(O_WRONLY, fileno);
413 case EXEC_OUTPUT_SOCKET:
414 assert(socket_fd >= 0);
415 return dup2(socket_fd, fileno) < 0 ? -errno : fileno;
418 assert_not_reached("Unknown error type");
422 static int chown_terminal(int fd, uid_t uid) {
427 /* This might fail. What matters are the results. */
428 (void) fchown(fd, uid, -1);
429 (void) fchmod(fd, TTY_MODE);
431 if (fstat(fd, &st) < 0)
434 if (st.st_uid != uid || (st.st_mode & 0777) != TTY_MODE)
440 static int setup_confirm_stdio(int *_saved_stdin,
441 int *_saved_stdout) {
442 int fd = -1, saved_stdin, saved_stdout = -1, r;
444 assert(_saved_stdin);
445 assert(_saved_stdout);
447 saved_stdin = fcntl(STDIN_FILENO, F_DUPFD, 3);
451 saved_stdout = fcntl(STDOUT_FILENO, F_DUPFD, 3);
452 if (saved_stdout < 0) {
457 fd = acquire_terminal(
462 DEFAULT_CONFIRM_USEC);
468 r = chown_terminal(fd, getuid());
472 if (dup2(fd, STDIN_FILENO) < 0) {
477 if (dup2(fd, STDOUT_FILENO) < 0) {
483 close_nointr_nofail(fd);
485 *_saved_stdin = saved_stdin;
486 *_saved_stdout = saved_stdout;
491 if (saved_stdout >= 0)
492 close_nointr_nofail(saved_stdout);
494 if (saved_stdin >= 0)
495 close_nointr_nofail(saved_stdin);
498 close_nointr_nofail(fd);
503 _printf_(1, 2) static int write_confirm_message(const char *format, ...) {
509 fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
513 va_start(ap, format);
514 vdprintf(fd, format, ap);
517 close_nointr_nofail(fd);
522 static int restore_confirm_stdio(int *saved_stdin,
528 assert(saved_stdout);
532 if (*saved_stdin >= 0)
533 if (dup2(*saved_stdin, STDIN_FILENO) < 0)
536 if (*saved_stdout >= 0)
537 if (dup2(*saved_stdout, STDOUT_FILENO) < 0)
540 if (*saved_stdin >= 0)
541 close_nointr_nofail(*saved_stdin);
543 if (*saved_stdout >= 0)
544 close_nointr_nofail(*saved_stdout);
549 static int ask_for_confirmation(char *response, char **argv) {
550 int saved_stdout = -1, saved_stdin = -1, r;
553 r = setup_confirm_stdio(&saved_stdin, &saved_stdout);
557 line = exec_command_line(argv);
561 r = ask(response, "yns", "Execute %s? [Yes, No, Skip] ", line);
564 restore_confirm_stdio(&saved_stdin, &saved_stdout);
569 static int enforce_groups(const ExecContext *context, const char *username, gid_t gid) {
570 bool keep_groups = false;
575 /* Lookup and set GID and supplementary group list. Here too
576 * we avoid NSS lookups for gid=0. */
578 if (context->group || username) {
580 if (context->group) {
581 const char *g = context->group;
583 if ((r = get_group_creds(&g, &gid)) < 0)
587 /* First step, initialize groups from /etc/groups */
588 if (username && gid != 0) {
589 if (initgroups(username, gid) < 0)
595 /* Second step, set our gids */
596 if (setresgid(gid, gid, gid) < 0)
600 if (context->supplementary_groups) {
605 /* Final step, initialize any manually set supplementary groups */
606 assert_se((ngroups_max = (int) sysconf(_SC_NGROUPS_MAX)) > 0);
608 if (!(gids = new(gid_t, ngroups_max)))
612 if ((k = getgroups(ngroups_max, gids)) < 0) {
619 STRV_FOREACH(i, context->supplementary_groups) {
622 if (k >= ngroups_max) {
628 r = get_group_creds(&g, gids+k);
637 if (setgroups(k, gids) < 0) {
648 static int enforce_user(const ExecContext *context, uid_t uid) {
652 /* Sets (but doesn't lookup) the uid and make sure we keep the
653 * capabilities while doing so. */
655 if (context->capabilities) {
657 static const cap_value_t bits[] = {
658 CAP_SETUID, /* Necessary so that we can run setresuid() below */
659 CAP_SETPCAP /* Necessary so that we can set PR_SET_SECUREBITS later on */
662 /* First step: If we need to keep capabilities but
663 * drop privileges we need to make sure we keep our
664 * caps, while we drop privileges. */
666 int sb = context->secure_bits | 1<<SECURE_KEEP_CAPS;
668 if (prctl(PR_GET_SECUREBITS) != sb)
669 if (prctl(PR_SET_SECUREBITS, sb) < 0)
673 /* Second step: set the capabilities. This will reduce
674 * the capabilities to the minimum we need. */
676 if (!(d = cap_dup(context->capabilities)))
679 if (cap_set_flag(d, CAP_EFFECTIVE, ELEMENTSOF(bits), bits, CAP_SET) < 0 ||
680 cap_set_flag(d, CAP_PERMITTED, ELEMENTSOF(bits), bits, CAP_SET) < 0) {
686 if (cap_set_proc(d) < 0) {
695 /* Third step: actually set the uids */
696 if (setresuid(uid, uid, uid) < 0)
699 /* At this point we should have all necessary capabilities but
700 are otherwise a normal user. However, the caps might got
701 corrupted due to the setresuid() so we need clean them up
702 later. This is done outside of this call. */
709 static int null_conv(
711 const struct pam_message **msg,
712 struct pam_response **resp,
715 /* We don't support conversations */
720 static int setup_pam(
726 int fds[], unsigned n_fds) {
728 static const struct pam_conv conv = {
733 pam_handle_t *handle = NULL;
735 int pam_code = PAM_SUCCESS;
738 bool close_session = false;
739 pid_t pam_pid = 0, parent_pid;
746 /* We set up PAM in the parent process, then fork. The child
747 * will then stay around until killed via PR_GET_PDEATHSIG or
748 * systemd via the cgroup logic. It will then remove the PAM
749 * session again. The parent process will exec() the actual
750 * daemon. We do things this way to ensure that the main PID
751 * of the daemon is the one we initially fork()ed. */
753 if (log_get_max_level() < LOG_PRI(LOG_DEBUG))
756 pam_code = pam_start(name, user, &conv, &handle);
757 if (pam_code != PAM_SUCCESS) {
763 pam_code = pam_set_item(handle, PAM_TTY, tty);
764 if (pam_code != PAM_SUCCESS)
768 pam_code = pam_acct_mgmt(handle, flags);
769 if (pam_code != PAM_SUCCESS)
772 pam_code = pam_open_session(handle, flags);
773 if (pam_code != PAM_SUCCESS)
776 close_session = true;
778 e = pam_getenvlist(handle);
780 pam_code = PAM_BUF_ERR;
784 /* Block SIGTERM, so that we know that it won't get lost in
786 if (sigemptyset(&ss) < 0 ||
787 sigaddset(&ss, SIGTERM) < 0 ||
788 sigprocmask(SIG_BLOCK, &ss, &old_ss) < 0)
791 parent_pid = getpid();
801 /* The child's job is to reset the PAM session on
804 /* This string must fit in 10 chars (i.e. the length
805 * of "/sbin/init"), to look pretty in /bin/ps */
806 rename_process("(sd-pam)");
808 /* Make sure we don't keep open the passed fds in this
809 child. We assume that otherwise only those fds are
810 open here that have been opened by PAM. */
811 close_many(fds, n_fds);
813 /* Drop privileges - we don't need any to pam_close_session
814 * and this will make PR_SET_PDEATHSIG work in most cases.
815 * If this fails, ignore the error - but expect sd-pam threads
816 * to fail to exit normally */
817 if (setresuid(uid, uid, uid) < 0)
818 log_error("Error: Failed to setresuid() in sd-pam: %s", strerror(-r));
820 /* Wait until our parent died. This will only work if
821 * the above setresuid() succeeds, otherwise the kernel
822 * will not allow unprivileged parents kill their privileged
823 * children this way. We rely on the control groups kill logic
824 * to do the rest for us. */
825 if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
828 /* Check if our parent process might already have
830 if (getppid() == parent_pid) {
832 if (sigwait(&ss, &sig) < 0) {
839 assert(sig == SIGTERM);
844 /* If our parent died we'll end the session */
845 if (getppid() != parent_pid) {
846 pam_code = pam_close_session(handle, flags);
847 if (pam_code != PAM_SUCCESS)
854 pam_end(handle, pam_code | flags);
858 /* If the child was forked off successfully it will do all the
859 * cleanups, so forget about the handle here. */
862 /* Unblock SIGTERM again in the parent */
863 if (sigprocmask(SIG_SETMASK, &old_ss, NULL) < 0)
866 /* We close the log explicitly here, since the PAM modules
867 * might have opened it, but we don't want this fd around. */
876 if (pam_code != PAM_SUCCESS) {
877 log_error("PAM failed: %s", pam_strerror(handle, pam_code));
878 err = -EPERM; /* PAM errors do not map to errno */
880 log_error("PAM failed: %m");
886 pam_code = pam_close_session(handle, flags);
888 pam_end(handle, pam_code | flags);
896 kill(pam_pid, SIGTERM);
897 kill(pam_pid, SIGCONT);
904 static void rename_process_from_path(const char *path) {
905 char process_name[11];
909 /* This resulting string must fit in 10 chars (i.e. the length
910 * of "/sbin/init") to look pretty in /bin/ps */
914 rename_process("(...)");
920 /* The end of the process name is usually more
921 * interesting, since the first bit might just be
927 process_name[0] = '(';
928 memcpy(process_name+1, p, l);
929 process_name[1+l] = ')';
930 process_name[1+l+1] = 0;
932 rename_process(process_name);
935 static int apply_seccomp(uint32_t *syscall_filter) {
936 static const struct sock_filter header[] = {
937 VALIDATE_ARCHITECTURE,
940 static const struct sock_filter footer[] = {
946 struct sock_filter *f;
947 struct sock_fprog prog = {};
949 assert(syscall_filter);
951 /* First: count the syscalls to check for */
952 for (i = 0, n = 0; i < syscall_max(); i++)
953 if (syscall_filter[i >> 4] & (1 << (i & 31)))
956 /* Second: build the filter program from a header the syscall
957 * matches and the footer */
958 f = alloca(sizeof(struct sock_filter) * (ELEMENTSOF(header) + 2*n + ELEMENTSOF(footer)));
959 memcpy(f, header, sizeof(header));
961 for (i = 0, n = 0; i < syscall_max(); i++)
962 if (syscall_filter[i >> 4] & (1 << (i & 31))) {
963 struct sock_filter item[] = {
964 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, INDEX_TO_SYSCALL(i), 0, 1),
965 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
968 assert_cc(ELEMENTSOF(item) == 2);
970 f[ELEMENTSOF(header) + 2*n] = item[0];
971 f[ELEMENTSOF(header) + 2*n+1] = item[1];
976 memcpy(f + (ELEMENTSOF(header) + 2*n), footer, sizeof(footer));
978 /* Third: install the filter */
979 prog.len = ELEMENTSOF(header) + ELEMENTSOF(footer) + 2*n;
981 if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog) < 0)
987 static void do_idle_pipe_dance(int idle_pipe[4]) {
990 if (idle_pipe[1] >= 0)
991 close_nointr_nofail(idle_pipe[1]);
992 if (idle_pipe[2] >= 0)
993 close_nointr_nofail(idle_pipe[2]);
995 if (idle_pipe[0] >= 0) {
998 r = fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT_USEC);
1000 if (idle_pipe[3] >= 0 && r == 0 /* timeout */) {
1001 /* Signal systemd that we are bored and want to continue. */
1002 write(idle_pipe[3], "x", 1);
1004 /* Wait for systemd to react to the signal above. */
1005 fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT2_USEC);
1008 close_nointr_nofail(idle_pipe[0]);
1012 if (idle_pipe[3] >= 0)
1013 close_nointr_nofail(idle_pipe[3]);
1016 int exec_spawn(ExecCommand *command,
1018 ExecContext *context,
1019 int fds[], unsigned n_fds,
1021 bool apply_permissions,
1023 bool apply_tty_stdin,
1025 CGroupControllerMask cgroup_supported,
1026 const char *cgroup_path,
1027 const char *unit_id,
1029 ExecRuntime *runtime,
1032 _cleanup_strv_free_ char **files_env = NULL;
1041 assert(fds || n_fds <= 0);
1043 if (context->std_input == EXEC_INPUT_SOCKET ||
1044 context->std_output == EXEC_OUTPUT_SOCKET ||
1045 context->std_error == EXEC_OUTPUT_SOCKET) {
1057 r = exec_context_load_environment(context, &files_env);
1059 log_struct_unit(LOG_ERR,
1061 "MESSAGE=Failed to load environment files: %s", strerror(-r),
1068 argv = command->argv;
1070 line = exec_command_line(argv);
1074 log_struct_unit(LOG_DEBUG,
1076 "EXECUTABLE=%s", command->path,
1077 "MESSAGE=About to execute: %s", line,
1086 _cleanup_strv_free_ char **our_env = NULL, **pam_env = NULL, **final_env = NULL, **final_argv = NULL;
1087 const char *username = NULL, *home = NULL, *shell = NULL;
1088 unsigned n_dont_close = 0, n_env = 0;
1089 int dont_close[n_fds + 3];
1090 uid_t uid = (uid_t) -1;
1091 gid_t gid = (gid_t) -1;
1097 rename_process_from_path(command->path);
1099 /* We reset exactly these signals, since they are the
1100 * only ones we set to SIG_IGN in the main daemon. All
1101 * others we leave untouched because we set them to
1102 * SIG_DFL or a valid handler initially, both of which
1103 * will be demoted to SIG_DFL. */
1104 default_signals(SIGNALS_CRASH_HANDLER,
1105 SIGNALS_IGNORE, -1);
1107 if (context->ignore_sigpipe)
1108 ignore_signals(SIGPIPE, -1);
1110 assert_se(sigemptyset(&ss) == 0);
1111 if (sigprocmask(SIG_SETMASK, &ss, NULL) < 0) {
1113 r = EXIT_SIGNAL_MASK;
1118 do_idle_pipe_dance(idle_pipe);
1120 /* Close sockets very early to make sure we don't
1121 * block init reexecution because it cannot bind its
1126 dont_close[n_dont_close++] = socket_fd;
1128 memcpy(dont_close + n_dont_close, fds, sizeof(int) * n_fds);
1129 n_dont_close += n_fds;
1132 if (runtime->netns_storage_socket[0] >= 0)
1133 dont_close[n_dont_close++] = runtime->netns_storage_socket[0];
1134 if (runtime->netns_storage_socket[1] >= 0)
1135 dont_close[n_dont_close++] = runtime->netns_storage_socket[1];
1138 err = close_all_fds(dont_close, n_dont_close);
1144 if (!context->same_pgrp)
1151 if (context->tcpwrap_name) {
1153 if (!socket_tcpwrap(socket_fd, context->tcpwrap_name)) {
1159 for (i = 0; i < (int) n_fds; i++) {
1160 if (!socket_tcpwrap(fds[i], context->tcpwrap_name)) {
1168 exec_context_tty_reset(context);
1170 if (confirm_spawn) {
1173 err = ask_for_confirmation(&response, argv);
1174 if (err == -ETIMEDOUT)
1175 write_confirm_message("Confirmation question timed out, assuming positive response.\n");
1177 write_confirm_message("Couldn't ask confirmation question, assuming positive response: %s\n", strerror(-err));
1178 else if (response == 's') {
1179 write_confirm_message("Skipping execution.\n");
1183 } else if (response == 'n') {
1184 write_confirm_message("Failing execution.\n");
1190 /* If a socket is connected to STDIN/STDOUT/STDERR, we
1191 * must sure to drop O_NONBLOCK */
1193 fd_nonblock(socket_fd, false);
1195 err = setup_input(context, socket_fd, apply_tty_stdin);
1201 err = setup_output(context, STDOUT_FILENO, socket_fd, basename(command->path), unit_id, apply_tty_stdin);
1207 err = setup_output(context, STDERR_FILENO, socket_fd, basename(command->path), unit_id, apply_tty_stdin);
1214 err = cg_attach_everywhere(cgroup_supported, cgroup_path, 0);
1221 if (context->oom_score_adjust_set) {
1224 snprintf(t, sizeof(t), "%i", context->oom_score_adjust);
1227 if (write_string_file("/proc/self/oom_score_adj", t) < 0) {
1229 r = EXIT_OOM_ADJUST;
1234 if (context->nice_set)
1235 if (setpriority(PRIO_PROCESS, 0, context->nice) < 0) {
1241 if (context->cpu_sched_set) {
1242 struct sched_param param = {
1243 .sched_priority = context->cpu_sched_priority,
1246 r = sched_setscheduler(0,
1247 context->cpu_sched_policy |
1248 (context->cpu_sched_reset_on_fork ?
1249 SCHED_RESET_ON_FORK : 0),
1253 r = EXIT_SETSCHEDULER;
1258 if (context->cpuset)
1259 if (sched_setaffinity(0, CPU_ALLOC_SIZE(context->cpuset_ncpus), context->cpuset) < 0) {
1261 r = EXIT_CPUAFFINITY;
1265 if (context->ioprio_set)
1266 if (ioprio_set(IOPRIO_WHO_PROCESS, 0, context->ioprio) < 0) {
1272 if (context->timer_slack_nsec != (nsec_t) -1)
1273 if (prctl(PR_SET_TIMERSLACK, context->timer_slack_nsec) < 0) {
1275 r = EXIT_TIMERSLACK;
1279 if (context->utmp_id)
1280 utmp_put_init_process(context->utmp_id, getpid(), getsid(0), context->tty_path);
1282 if (context->user) {
1283 username = context->user;
1284 err = get_user_creds(&username, &uid, &gid, &home, &shell);
1290 if (is_terminal_input(context->std_input)) {
1291 err = chown_terminal(STDIN_FILENO, uid);
1300 if (cgroup_path && context->user && context->pam_name) {
1301 err = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0644, uid, gid);
1308 err = cg_set_group_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0755, uid, gid);
1316 if (apply_permissions) {
1317 err = enforce_groups(context, username, gid);
1324 umask(context->umask);
1327 if (apply_permissions && context->pam_name && username) {
1328 err = setup_pam(context->pam_name, username, uid, context->tty_path, &pam_env, fds, n_fds);
1335 if (context->private_network && runtime && runtime->netns_storage_socket[0] >= 0) {
1336 err = setup_netns(runtime->netns_storage_socket);
1343 if (!strv_isempty(context->read_write_dirs) ||
1344 !strv_isempty(context->read_only_dirs) ||
1345 !strv_isempty(context->inaccessible_dirs) ||
1346 context->mount_flags != 0 ||
1347 (context->private_tmp && runtime && (runtime->tmp_dir || runtime->var_tmp_dir))) {
1349 char *tmp = NULL, *var = NULL;
1351 /* The runtime struct only contains the parent
1352 * of the private /tmp, which is
1353 * non-accessible to world users. Inside of it
1354 * there's a /tmp that is sticky, and that's
1355 * the one we want to use here. */
1357 if (context->private_tmp && runtime) {
1358 if (runtime->tmp_dir)
1359 tmp = strappenda(runtime->tmp_dir, "/tmp");
1360 if (runtime->var_tmp_dir)
1361 var = strappenda(runtime->var_tmp_dir, "/tmp");
1364 err = setup_namespace(
1365 context->read_write_dirs,
1366 context->read_only_dirs,
1367 context->inaccessible_dirs,
1370 context->mount_flags);
1379 if (context->root_directory)
1380 if (chroot(context->root_directory) < 0) {
1386 if (chdir(context->working_directory ? context->working_directory : "/") < 0) {
1392 _cleanup_free_ char *d = NULL;
1394 if (asprintf(&d, "%s/%s",
1395 context->root_directory ? context->root_directory : "",
1396 context->working_directory ? context->working_directory : "") < 0) {
1409 /* We repeat the fd closing here, to make sure that
1410 * nothing is leaked from the PAM modules */
1411 err = close_all_fds(fds, n_fds);
1413 err = shift_fds(fds, n_fds);
1415 err = flags_fds(fds, n_fds, context->non_blocking);
1421 if (apply_permissions) {
1423 for (i = 0; i < RLIMIT_NLIMITS; i++) {
1424 if (!context->rlimit[i])
1427 if (setrlimit_closest(i, context->rlimit[i]) < 0) {
1434 if (context->capability_bounding_set_drop) {
1435 err = capability_bounding_set_drop(context->capability_bounding_set_drop, false);
1437 r = EXIT_CAPABILITIES;
1442 if (context->user) {
1443 err = enforce_user(context, uid);
1450 /* PR_GET_SECUREBITS is not privileged, while
1451 * PR_SET_SECUREBITS is. So to suppress
1452 * potential EPERMs we'll try not to call
1453 * PR_SET_SECUREBITS unless necessary. */
1454 if (prctl(PR_GET_SECUREBITS) != context->secure_bits)
1455 if (prctl(PR_SET_SECUREBITS, context->secure_bits) < 0) {
1457 r = EXIT_SECUREBITS;
1461 if (context->capabilities)
1462 if (cap_set_proc(context->capabilities) < 0) {
1464 r = EXIT_CAPABILITIES;
1468 if (context->no_new_privileges)
1469 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
1471 r = EXIT_NO_NEW_PRIVILEGES;
1475 if (context->syscall_filter) {
1476 err = apply_seccomp(context->syscall_filter);
1484 our_env = new(char*, 8);
1487 asprintf(our_env + n_env++, "LISTEN_PID=%lu", (unsigned long) getpid()) < 0 ||
1488 asprintf(our_env + n_env++, "LISTEN_FDS=%u", n_fds) < 0)) ||
1489 (home && asprintf(our_env + n_env++, "HOME=%s", home) < 0) ||
1491 asprintf(our_env + n_env++, "LOGNAME=%s", username) < 0 ||
1492 asprintf(our_env + n_env++, "USER=%s", username) < 0)) ||
1493 (shell && asprintf(our_env + n_env++, "SHELL=%s", shell) < 0) ||
1494 ((is_terminal_input(context->std_input) ||
1495 context->std_output == EXEC_OUTPUT_TTY ||
1496 context->std_error == EXEC_OUTPUT_TTY) && (
1497 !(our_env[n_env++] = strdup(default_term_for_tty(tty_path(context))))))) {
1504 our_env[n_env++] = NULL;
1507 final_env = strv_env_merge(5,
1510 context->environment,
1520 final_argv = replace_env_argv(argv, final_env);
1527 final_env = strv_env_clean(final_env);
1529 if (_unlikely_(log_get_max_level() >= LOG_PRI(LOG_DEBUG))) {
1530 line = exec_command_line(final_argv);
1533 log_struct_unit(LOG_DEBUG,
1535 "EXECUTABLE=%s", command->path,
1536 "MESSAGE=Executing: %s", line,
1543 execve(command->path, final_argv, final_env);
1550 log_struct(LOG_ERR, MESSAGE_ID(SD_MESSAGE_SPAWN_FAILED),
1551 "EXECUTABLE=%s", command->path,
1552 "MESSAGE=Failed at step %s spawning %s: %s",
1553 exit_status_to_string(r, EXIT_STATUS_SYSTEMD),
1554 command->path, strerror(-err),
1563 log_struct_unit(LOG_DEBUG,
1565 "MESSAGE=Forked %s as %lu",
1566 command->path, (unsigned long) pid,
1569 /* We add the new process to the cgroup both in the child (so
1570 * that we can be sure that no user code is ever executed
1571 * outside of the cgroup) and in the parent (so that we can be
1572 * sure that when we kill the cgroup the process will be
1575 cg_attach(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, pid);
1577 exec_status_start(&command->exec_status, pid);
1583 void exec_context_init(ExecContext *c) {
1587 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
1588 c->cpu_sched_policy = SCHED_OTHER;
1589 c->syslog_priority = LOG_DAEMON|LOG_INFO;
1590 c->syslog_level_prefix = true;
1591 c->ignore_sigpipe = true;
1592 c->timer_slack_nsec = (nsec_t) -1;
1595 void exec_context_done(ExecContext *c) {
1600 strv_free(c->environment);
1601 c->environment = NULL;
1603 strv_free(c->environment_files);
1604 c->environment_files = NULL;
1606 for (l = 0; l < ELEMENTSOF(c->rlimit); l++) {
1608 c->rlimit[l] = NULL;
1611 free(c->working_directory);
1612 c->working_directory = NULL;
1613 free(c->root_directory);
1614 c->root_directory = NULL;
1619 free(c->tcpwrap_name);
1620 c->tcpwrap_name = NULL;
1622 free(c->syslog_identifier);
1623 c->syslog_identifier = NULL;
1631 strv_free(c->supplementary_groups);
1632 c->supplementary_groups = NULL;
1637 if (c->capabilities) {
1638 cap_free(c->capabilities);
1639 c->capabilities = NULL;
1642 strv_free(c->read_only_dirs);
1643 c->read_only_dirs = NULL;
1645 strv_free(c->read_write_dirs);
1646 c->read_write_dirs = NULL;
1648 strv_free(c->inaccessible_dirs);
1649 c->inaccessible_dirs = NULL;
1652 CPU_FREE(c->cpuset);
1657 free(c->syscall_filter);
1658 c->syscall_filter = NULL;
1661 void exec_command_done(ExecCommand *c) {
1671 void exec_command_done_array(ExecCommand *c, unsigned n) {
1674 for (i = 0; i < n; i++)
1675 exec_command_done(c+i);
1678 void exec_command_free_list(ExecCommand *c) {
1682 LIST_REMOVE(command, c, i);
1683 exec_command_done(i);
1688 void exec_command_free_array(ExecCommand **c, unsigned n) {
1691 for (i = 0; i < n; i++) {
1692 exec_command_free_list(c[i]);
1697 int exec_context_load_environment(const ExecContext *c, char ***l) {
1698 char **i, **r = NULL;
1703 STRV_FOREACH(i, c->environment_files) {
1706 bool ignore = false;
1708 _cleanup_globfree_ glob_t pglob = {};
1718 if (!path_is_absolute(fn)) {
1726 /* Filename supports globbing, take all matching files */
1728 if (glob(fn, 0, NULL, &pglob) != 0) {
1733 return errno ? -errno : -EINVAL;
1735 count = pglob.gl_pathc;
1743 for (n = 0; n < count; n++) {
1744 k = load_env_file(pglob.gl_pathv[n], NULL, &p);
1752 /* Log invalid environment variables with filename */
1754 p = strv_env_clean_log(p, pglob.gl_pathv[n]);
1761 m = strv_env_merge(2, r, p);
1777 static bool tty_may_match_dev_console(const char *tty) {
1778 char *active = NULL, *console;
1781 if (startswith(tty, "/dev/"))
1784 /* trivial identity? */
1785 if (streq(tty, "console"))
1788 console = resolve_dev_console(&active);
1789 /* if we could not resolve, assume it may */
1793 /* "tty0" means the active VC, so it may be the same sometimes */
1794 b = streq(console, tty) || (streq(console, "tty0") && tty_is_vc(tty));
1800 bool exec_context_may_touch_console(ExecContext *ec) {
1801 return (ec->tty_reset || ec->tty_vhangup || ec->tty_vt_disallocate ||
1802 is_terminal_input(ec->std_input) ||
1803 is_terminal_output(ec->std_output) ||
1804 is_terminal_output(ec->std_error)) &&
1805 tty_may_match_dev_console(tty_path(ec));
1808 static void strv_fprintf(FILE *f, char **l) {
1814 fprintf(f, " %s", *g);
1817 void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
1824 prefix = strempty(prefix);
1828 "%sWorkingDirectory: %s\n"
1829 "%sRootDirectory: %s\n"
1830 "%sNonBlocking: %s\n"
1831 "%sPrivateTmp: %s\n"
1832 "%sPrivateNetwork: %s\n"
1833 "%sIgnoreSIGPIPE: %s\n",
1835 prefix, c->working_directory ? c->working_directory : "/",
1836 prefix, c->root_directory ? c->root_directory : "/",
1837 prefix, yes_no(c->non_blocking),
1838 prefix, yes_no(c->private_tmp),
1839 prefix, yes_no(c->private_network),
1840 prefix, yes_no(c->ignore_sigpipe));
1842 STRV_FOREACH(e, c->environment)
1843 fprintf(f, "%sEnvironment: %s\n", prefix, *e);
1845 STRV_FOREACH(e, c->environment_files)
1846 fprintf(f, "%sEnvironmentFile: %s\n", prefix, *e);
1848 if (c->tcpwrap_name)
1850 "%sTCPWrapName: %s\n",
1851 prefix, c->tcpwrap_name);
1858 if (c->oom_score_adjust_set)
1860 "%sOOMScoreAdjust: %i\n",
1861 prefix, c->oom_score_adjust);
1863 for (i = 0; i < RLIM_NLIMITS; i++)
1865 fprintf(f, "%s%s: %llu\n", prefix, rlimit_to_string(i), (unsigned long long) c->rlimit[i]->rlim_max);
1867 if (c->ioprio_set) {
1871 r = ioprio_class_to_string_alloc(IOPRIO_PRIO_CLASS(c->ioprio), &class_str);
1875 "%sIOSchedulingClass: %s\n"
1876 "%sIOPriority: %i\n",
1877 prefix, strna(class_str),
1878 prefix, (int) IOPRIO_PRIO_DATA(c->ioprio));
1882 if (c->cpu_sched_set) {
1886 r = sched_policy_to_string_alloc(c->cpu_sched_policy, &policy_str);
1890 "%sCPUSchedulingPolicy: %s\n"
1891 "%sCPUSchedulingPriority: %i\n"
1892 "%sCPUSchedulingResetOnFork: %s\n",
1893 prefix, strna(policy_str),
1894 prefix, c->cpu_sched_priority,
1895 prefix, yes_no(c->cpu_sched_reset_on_fork));
1900 fprintf(f, "%sCPUAffinity:", prefix);
1901 for (i = 0; i < c->cpuset_ncpus; i++)
1902 if (CPU_ISSET_S(i, CPU_ALLOC_SIZE(c->cpuset_ncpus), c->cpuset))
1903 fprintf(f, " %i", i);
1907 if (c->timer_slack_nsec != (nsec_t) -1)
1908 fprintf(f, "%sTimerSlackNSec: %lu\n", prefix, (unsigned long)c->timer_slack_nsec);
1911 "%sStandardInput: %s\n"
1912 "%sStandardOutput: %s\n"
1913 "%sStandardError: %s\n",
1914 prefix, exec_input_to_string(c->std_input),
1915 prefix, exec_output_to_string(c->std_output),
1916 prefix, exec_output_to_string(c->std_error));
1922 "%sTTYVHangup: %s\n"
1923 "%sTTYVTDisallocate: %s\n",
1924 prefix, c->tty_path,
1925 prefix, yes_no(c->tty_reset),
1926 prefix, yes_no(c->tty_vhangup),
1927 prefix, yes_no(c->tty_vt_disallocate));
1929 if (c->std_output == EXEC_OUTPUT_SYSLOG || c->std_output == EXEC_OUTPUT_KMSG || c->std_output == EXEC_OUTPUT_JOURNAL ||
1930 c->std_output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE || c->std_output == EXEC_OUTPUT_KMSG_AND_CONSOLE || c->std_output == EXEC_OUTPUT_JOURNAL_AND_CONSOLE ||
1931 c->std_error == EXEC_OUTPUT_SYSLOG || c->std_error == EXEC_OUTPUT_KMSG || c->std_error == EXEC_OUTPUT_JOURNAL ||
1932 c->std_error == EXEC_OUTPUT_SYSLOG_AND_CONSOLE || c->std_error == EXEC_OUTPUT_KMSG_AND_CONSOLE || c->std_error == EXEC_OUTPUT_JOURNAL_AND_CONSOLE) {
1933 char *fac_str, *lvl_str;
1936 r = log_facility_unshifted_to_string_alloc(c->syslog_priority >> 3, &fac_str);
1940 r = log_level_to_string_alloc(LOG_PRI(c->syslog_priority), &lvl_str);
1945 "%sSyslogFacility: %s\n"
1946 "%sSyslogLevel: %s\n",
1947 prefix, strna(fac_str),
1948 prefix, strna(lvl_str));
1953 if (c->capabilities) {
1955 if ((t = cap_to_text(c->capabilities, NULL))) {
1956 fprintf(f, "%sCapabilities: %s\n",
1963 fprintf(f, "%sSecure Bits:%s%s%s%s%s%s\n",
1965 (c->secure_bits & 1<<SECURE_KEEP_CAPS) ? " keep-caps" : "",
1966 (c->secure_bits & 1<<SECURE_KEEP_CAPS_LOCKED) ? " keep-caps-locked" : "",
1967 (c->secure_bits & 1<<SECURE_NO_SETUID_FIXUP) ? " no-setuid-fixup" : "",
1968 (c->secure_bits & 1<<SECURE_NO_SETUID_FIXUP_LOCKED) ? " no-setuid-fixup-locked" : "",
1969 (c->secure_bits & 1<<SECURE_NOROOT) ? " noroot" : "",
1970 (c->secure_bits & 1<<SECURE_NOROOT_LOCKED) ? "noroot-locked" : "");
1972 if (c->capability_bounding_set_drop) {
1974 fprintf(f, "%sCapabilityBoundingSet:", prefix);
1976 for (l = 0; l <= cap_last_cap(); l++)
1977 if (!(c->capability_bounding_set_drop & ((uint64_t) 1ULL << (uint64_t) l))) {
1980 if ((t = cap_to_name(l))) {
1981 fprintf(f, " %s", t);
1990 fprintf(f, "%sUser: %s\n", prefix, c->user);
1992 fprintf(f, "%sGroup: %s\n", prefix, c->group);
1994 if (strv_length(c->supplementary_groups) > 0) {
1995 fprintf(f, "%sSupplementaryGroups:", prefix);
1996 strv_fprintf(f, c->supplementary_groups);
2001 fprintf(f, "%sPAMName: %s\n", prefix, c->pam_name);
2003 if (strv_length(c->read_write_dirs) > 0) {
2004 fprintf(f, "%sReadWriteDirs:", prefix);
2005 strv_fprintf(f, c->read_write_dirs);
2009 if (strv_length(c->read_only_dirs) > 0) {
2010 fprintf(f, "%sReadOnlyDirs:", prefix);
2011 strv_fprintf(f, c->read_only_dirs);
2015 if (strv_length(c->inaccessible_dirs) > 0) {
2016 fprintf(f, "%sInaccessibleDirs:", prefix);
2017 strv_fprintf(f, c->inaccessible_dirs);
2023 "%sUtmpIdentifier: %s\n",
2024 prefix, c->utmp_id);
2027 void exec_status_start(ExecStatus *s, pid_t pid) {
2032 dual_timestamp_get(&s->start_timestamp);
2035 void exec_status_exit(ExecStatus *s, ExecContext *context, pid_t pid, int code, int status) {
2038 if (s->pid && s->pid != pid)
2042 dual_timestamp_get(&s->exit_timestamp);
2048 if (context->utmp_id)
2049 utmp_put_dead_process(context->utmp_id, pid, code, status);
2051 exec_context_tty_reset(context);
2055 void exec_status_dump(ExecStatus *s, FILE *f, const char *prefix) {
2056 char buf[FORMAT_TIMESTAMP_MAX];
2069 prefix, (unsigned long) s->pid);
2071 if (s->start_timestamp.realtime > 0)
2073 "%sStart Timestamp: %s\n",
2074 prefix, format_timestamp(buf, sizeof(buf), s->start_timestamp.realtime));
2076 if (s->exit_timestamp.realtime > 0)
2078 "%sExit Timestamp: %s\n"
2080 "%sExit Status: %i\n",
2081 prefix, format_timestamp(buf, sizeof(buf), s->exit_timestamp.realtime),
2082 prefix, sigchld_code_to_string(s->code),
2086 char *exec_command_line(char **argv) {
2094 STRV_FOREACH(a, argv)
2097 if (!(n = new(char, k)))
2101 STRV_FOREACH(a, argv) {
2108 if (strpbrk(*a, WHITESPACE)) {
2119 /* FIXME: this doesn't really handle arguments that have
2120 * spaces and ticks in them */
2125 void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix) {
2127 const char *prefix2;
2136 p2 = strappend(prefix, "\t");
2137 prefix2 = p2 ? p2 : prefix;
2139 cmd = exec_command_line(c->argv);
2142 "%sCommand Line: %s\n",
2143 prefix, cmd ? cmd : strerror(ENOMEM));
2147 exec_status_dump(&c->exec_status, f, prefix2);
2152 void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix) {
2158 LIST_FOREACH(command, c, c)
2159 exec_command_dump(c, f, prefix);
2162 void exec_command_append_list(ExecCommand **l, ExecCommand *e) {
2169 /* It's kind of important, that we keep the order here */
2170 LIST_FIND_TAIL(command, *l, end);
2171 LIST_INSERT_AFTER(command, *l, end, e);
2176 int exec_command_set(ExecCommand *c, const char *path, ...) {
2184 l = strv_new_ap(path, ap);
2205 static int exec_runtime_allocate(ExecRuntime **rt) {
2210 *rt = new0(ExecRuntime, 1);
2215 (*rt)->netns_storage_socket[0] = (*rt)->netns_storage_socket[1] = -1;
2220 int exec_runtime_make(ExecRuntime **rt, ExecContext *c, const char *id) {
2230 if (!c->private_network && !c->private_tmp)
2233 r = exec_runtime_allocate(rt);
2237 if (c->private_network && (*rt)->netns_storage_socket[0] < 0) {
2238 if (socketpair(AF_UNIX, SOCK_DGRAM, 0, (*rt)->netns_storage_socket) < 0)
2242 if (c->private_tmp && !(*rt)->tmp_dir) {
2243 r = setup_tmp_dirs(id, &(*rt)->tmp_dir, &(*rt)->var_tmp_dir);
2251 ExecRuntime *exec_runtime_ref(ExecRuntime *r) {
2253 assert(r->n_ref > 0);
2259 ExecRuntime *exec_runtime_unref(ExecRuntime *r) {
2264 assert(r->n_ref > 0);
2267 if (r->n_ref <= 0) {
2269 free(r->var_tmp_dir);
2270 close_pipe(r->netns_storage_socket);
2277 int exec_runtime_serialize(ExecRuntime *rt, Unit *u, FILE *f, FDSet *fds) {
2286 unit_serialize_item(u, f, "tmp-dir", rt->tmp_dir);
2288 if (rt->var_tmp_dir)
2289 unit_serialize_item(u, f, "var-tmp-dir", rt->var_tmp_dir);
2291 if (rt->netns_storage_socket[0] >= 0) {
2294 copy = fdset_put_dup(fds, rt->netns_storage_socket[0]);
2298 unit_serialize_item_format(u, f, "netns-socket-0", "%i", copy);
2301 if (rt->netns_storage_socket[1] >= 0) {
2304 copy = fdset_put_dup(fds, rt->netns_storage_socket[1]);
2308 unit_serialize_item_format(u, f, "netns-socket-1", "%i", copy);
2314 int exec_runtime_deserialize_item(ExecRuntime **rt, Unit *u, const char *key, const char *value, FDSet *fds) {
2321 if (streq(key, "tmp-dir")) {
2324 r = exec_runtime_allocate(rt);
2328 copy = strdup(value);
2332 free((*rt)->tmp_dir);
2333 (*rt)->tmp_dir = copy;
2335 } else if (streq(key, "var-tmp-dir")) {
2338 r = exec_runtime_allocate(rt);
2342 copy = strdup(value);
2346 free((*rt)->var_tmp_dir);
2347 (*rt)->var_tmp_dir = copy;
2349 } else if (streq(key, "netns-socket-0")) {
2352 r = exec_runtime_allocate(rt);
2356 if (safe_atoi(value, &fd) < 0 || !fdset_contains(fds, fd))
2357 log_debug_unit(u->id, "Failed to parse netns socket value %s", value);
2359 if ((*rt)->netns_storage_socket[0] >= 0)
2360 close_nointr_nofail((*rt)->netns_storage_socket[0]);
2362 (*rt)->netns_storage_socket[0] = fdset_remove(fds, fd);
2364 } else if (streq(key, "netns-socket-1")) {
2367 r = exec_runtime_allocate(rt);
2371 if (safe_atoi(value, &fd) < 0 || !fdset_contains(fds, fd))
2372 log_debug_unit(u->id, "Failed to parse netns socket value %s", value);
2374 if ((*rt)->netns_storage_socket[1] >= 0)
2375 close_nointr_nofail((*rt)->netns_storage_socket[1]);
2377 (*rt)->netns_storage_socket[1] = fdset_remove(fds, fd);
2385 static void *remove_tmpdir_thread(void *p) {
2386 _cleanup_free_ char *path = p;
2388 rm_rf_dangerous(path, false, true, false);
2392 void exec_runtime_destroy(ExecRuntime *rt) {
2396 /* If there are multiple users of this, let's leave the stuff around */
2401 log_debug("Spawning thread to nuke %s", rt->tmp_dir);
2402 asynchronous_job(remove_tmpdir_thread, rt->tmp_dir);
2406 if (rt->var_tmp_dir) {
2407 log_debug("Spawning thread to nuke %s", rt->var_tmp_dir);
2408 asynchronous_job(remove_tmpdir_thread, rt->var_tmp_dir);
2409 rt->var_tmp_dir = NULL;
2412 close_pipe(rt->netns_storage_socket);
2415 static const char* const exec_input_table[_EXEC_INPUT_MAX] = {
2416 [EXEC_INPUT_NULL] = "null",
2417 [EXEC_INPUT_TTY] = "tty",
2418 [EXEC_INPUT_TTY_FORCE] = "tty-force",
2419 [EXEC_INPUT_TTY_FAIL] = "tty-fail",
2420 [EXEC_INPUT_SOCKET] = "socket"
2423 DEFINE_STRING_TABLE_LOOKUP(exec_input, ExecInput);
2425 static const char* const exec_output_table[_EXEC_OUTPUT_MAX] = {
2426 [EXEC_OUTPUT_INHERIT] = "inherit",
2427 [EXEC_OUTPUT_NULL] = "null",
2428 [EXEC_OUTPUT_TTY] = "tty",
2429 [EXEC_OUTPUT_SYSLOG] = "syslog",
2430 [EXEC_OUTPUT_SYSLOG_AND_CONSOLE] = "syslog+console",
2431 [EXEC_OUTPUT_KMSG] = "kmsg",
2432 [EXEC_OUTPUT_KMSG_AND_CONSOLE] = "kmsg+console",
2433 [EXEC_OUTPUT_JOURNAL] = "journal",
2434 [EXEC_OUTPUT_JOURNAL_AND_CONSOLE] = "journal+console",
2435 [EXEC_OUTPUT_SOCKET] = "socket"
2438 DEFINE_STRING_TABLE_LOOKUP(exec_output, ExecOutput);
~ianmdlvl / elogind.git / blob