1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
29 #include <sys/socket.h>
31 #include <sys/prctl.h>
32 #include <linux/sched.h>
33 #include <sys/types.h>
37 #include <sys/mount.h>
39 #include <linux/oom.h>
41 #include <linux/seccomp-bpf.h>
47 #include <security/pam_appl.h>
53 #include "capability.h"
56 #include "sd-messages.h"
58 #include "securebits.h"
59 #include "namespace.h"
61 #include "exit-status.h"
63 #include "utmp-wtmp.h"
65 #include "path-util.h"
66 #include "syscall-list.h"
72 #define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)
73 #define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC)
75 /* This assumes there is a 'tty' group */
78 #define SNDBUF_SIZE (8*1024*1024)
80 static int shift_fds(int fds[], unsigned n_fds) {
81 int start, restart_from;
86 /* Modifies the fds array! (sorts it) */
96 for (i = start; i < (int) n_fds; i++) {
99 /* Already at right index? */
103 if ((nfd = fcntl(fds[i], F_DUPFD, i+3)) < 0)
106 close_nointr_nofail(fds[i]);
109 /* Hmm, the fd we wanted isn't free? Then
110 * let's remember that and try again from here*/
111 if (nfd != i+3 && restart_from < 0)
115 if (restart_from < 0)
118 start = restart_from;
124 static int flags_fds(const int fds[], unsigned n_fds, bool nonblock) {
133 /* Drops/Sets O_NONBLOCK and FD_CLOEXEC from the file flags */
135 for (i = 0; i < n_fds; i++) {
137 if ((r = fd_nonblock(fds[i], nonblock)) < 0)
140 /* We unconditionally drop FD_CLOEXEC from the fds,
141 * since after all we want to pass these fds to our
144 if ((r = fd_cloexec(fds[i], false)) < 0)
151 _pure_ static const char *tty_path(const ExecContext *context) {
154 if (context->tty_path)
155 return context->tty_path;
157 return "/dev/console";
160 static void exec_context_tty_reset(const ExecContext *context) {
163 if (context->tty_vhangup)
164 terminal_vhangup(tty_path(context));
166 if (context->tty_reset)
167 reset_terminal(tty_path(context));
169 if (context->tty_vt_disallocate && context->tty_path)
170 vt_disallocate(context->tty_path);
173 static bool is_terminal_output(ExecOutput o) {
175 o == EXEC_OUTPUT_TTY ||
176 o == EXEC_OUTPUT_SYSLOG_AND_CONSOLE ||
177 o == EXEC_OUTPUT_KMSG_AND_CONSOLE ||
178 o == EXEC_OUTPUT_JOURNAL_AND_CONSOLE;
181 static int open_null_as(int flags, int nfd) {
186 fd = open("/dev/null", flags|O_NOCTTY);
191 r = dup2(fd, nfd) < 0 ? -errno : nfd;
192 close_nointr_nofail(fd);
199 static int connect_logger_as(const ExecContext *context, ExecOutput output, const char *ident, const char *unit_id, int nfd) {
201 union sockaddr_union sa = {
202 .un.sun_family = AF_UNIX,
203 .un.sun_path = "/run/systemd/journal/stdout",
207 assert(output < _EXEC_OUTPUT_MAX);
211 fd = socket(AF_UNIX, SOCK_STREAM, 0);
215 r = connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path));
217 close_nointr_nofail(fd);
221 if (shutdown(fd, SHUT_RD) < 0) {
222 close_nointr_nofail(fd);
226 fd_inc_sndbuf(fd, SNDBUF_SIZE);
236 context->syslog_identifier ? context->syslog_identifier : ident,
238 context->syslog_priority,
239 !!context->syslog_level_prefix,
240 output == EXEC_OUTPUT_SYSLOG || output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
241 output == EXEC_OUTPUT_KMSG || output == EXEC_OUTPUT_KMSG_AND_CONSOLE,
242 is_terminal_output(output));
245 r = dup2(fd, nfd) < 0 ? -errno : nfd;
246 close_nointr_nofail(fd);
252 static int open_terminal_as(const char *path, mode_t mode, int nfd) {
258 if ((fd = open_terminal(path, mode | O_NOCTTY)) < 0)
262 r = dup2(fd, nfd) < 0 ? -errno : nfd;
263 close_nointr_nofail(fd);
270 static bool is_terminal_input(ExecInput i) {
272 i == EXEC_INPUT_TTY ||
273 i == EXEC_INPUT_TTY_FORCE ||
274 i == EXEC_INPUT_TTY_FAIL;
277 static int fixup_input(ExecInput std_input, int socket_fd, bool apply_tty_stdin) {
279 if (is_terminal_input(std_input) && !apply_tty_stdin)
280 return EXEC_INPUT_NULL;
282 if (std_input == EXEC_INPUT_SOCKET && socket_fd < 0)
283 return EXEC_INPUT_NULL;
288 static int fixup_output(ExecOutput std_output, int socket_fd) {
290 if (std_output == EXEC_OUTPUT_SOCKET && socket_fd < 0)
291 return EXEC_OUTPUT_INHERIT;
296 static int setup_input(const ExecContext *context, int socket_fd, bool apply_tty_stdin) {
301 i = fixup_input(context->std_input, socket_fd, apply_tty_stdin);
305 case EXEC_INPUT_NULL:
306 return open_null_as(O_RDONLY, STDIN_FILENO);
309 case EXEC_INPUT_TTY_FORCE:
310 case EXEC_INPUT_TTY_FAIL: {
313 fd = acquire_terminal(tty_path(context),
314 i == EXEC_INPUT_TTY_FAIL,
315 i == EXEC_INPUT_TTY_FORCE,
321 if (fd != STDIN_FILENO) {
322 r = dup2(fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;
323 close_nointr_nofail(fd);
330 case EXEC_INPUT_SOCKET:
331 return dup2(socket_fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;
334 assert_not_reached("Unknown input type");
338 static int setup_output(const ExecContext *context, int fileno, int socket_fd, const char *ident, const char *unit_id, bool apply_tty_stdin) {
346 i = fixup_input(context->std_input, socket_fd, apply_tty_stdin);
347 o = fixup_output(context->std_output, socket_fd);
349 if (fileno == STDERR_FILENO) {
351 e = fixup_output(context->std_error, socket_fd);
353 /* This expects the input and output are already set up */
355 /* Don't change the stderr file descriptor if we inherit all
356 * the way and are not on a tty */
357 if (e == EXEC_OUTPUT_INHERIT &&
358 o == EXEC_OUTPUT_INHERIT &&
359 i == EXEC_INPUT_NULL &&
360 !is_terminal_input(context->std_input) &&
364 /* Duplicate from stdout if possible */
365 if (e == o || e == EXEC_OUTPUT_INHERIT)
366 return dup2(STDOUT_FILENO, fileno) < 0 ? -errno : fileno;
370 } else if (o == EXEC_OUTPUT_INHERIT) {
371 /* If input got downgraded, inherit the original value */
372 if (i == EXEC_INPUT_NULL && is_terminal_input(context->std_input))
373 return open_terminal_as(tty_path(context), O_WRONLY, fileno);
375 /* If the input is connected to anything that's not a /dev/null, inherit that... */
376 if (i != EXEC_INPUT_NULL)
377 return dup2(STDIN_FILENO, fileno) < 0 ? -errno : fileno;
379 /* If we are not started from PID 1 we just inherit STDOUT from our parent process. */
383 /* We need to open /dev/null here anew, to get the right access mode. */
384 return open_null_as(O_WRONLY, fileno);
389 case EXEC_OUTPUT_NULL:
390 return open_null_as(O_WRONLY, fileno);
392 case EXEC_OUTPUT_TTY:
393 if (is_terminal_input(i))
394 return dup2(STDIN_FILENO, fileno) < 0 ? -errno : fileno;
396 /* We don't reset the terminal if this is just about output */
397 return open_terminal_as(tty_path(context), O_WRONLY, fileno);
399 case EXEC_OUTPUT_SYSLOG:
400 case EXEC_OUTPUT_SYSLOG_AND_CONSOLE:
401 case EXEC_OUTPUT_KMSG:
402 case EXEC_OUTPUT_KMSG_AND_CONSOLE:
403 case EXEC_OUTPUT_JOURNAL:
404 case EXEC_OUTPUT_JOURNAL_AND_CONSOLE:
405 r = connect_logger_as(context, o, ident, unit_id, fileno);
407 log_struct_unit(LOG_CRIT, unit_id,
408 "MESSAGE=Failed to connect std%s of %s to the journal socket: %s",
409 fileno == STDOUT_FILENO ? "out" : "err",
410 unit_id, strerror(-r),
413 r = open_null_as(O_WRONLY, fileno);
417 case EXEC_OUTPUT_SOCKET:
418 assert(socket_fd >= 0);
419 return dup2(socket_fd, fileno) < 0 ? -errno : fileno;
422 assert_not_reached("Unknown error type");
426 static int chown_terminal(int fd, uid_t uid) {
431 /* This might fail. What matters are the results. */
432 (void) fchown(fd, uid, -1);
433 (void) fchmod(fd, TTY_MODE);
435 if (fstat(fd, &st) < 0)
438 if (st.st_uid != uid || (st.st_mode & 0777) != TTY_MODE)
444 static int setup_confirm_stdio(int *_saved_stdin,
445 int *_saved_stdout) {
446 int fd = -1, saved_stdin, saved_stdout = -1, r;
448 assert(_saved_stdin);
449 assert(_saved_stdout);
451 saved_stdin = fcntl(STDIN_FILENO, F_DUPFD, 3);
455 saved_stdout = fcntl(STDOUT_FILENO, F_DUPFD, 3);
456 if (saved_stdout < 0) {
461 fd = acquire_terminal(
466 DEFAULT_CONFIRM_USEC);
472 r = chown_terminal(fd, getuid());
476 if (dup2(fd, STDIN_FILENO) < 0) {
481 if (dup2(fd, STDOUT_FILENO) < 0) {
487 close_nointr_nofail(fd);
489 *_saved_stdin = saved_stdin;
490 *_saved_stdout = saved_stdout;
495 if (saved_stdout >= 0)
496 close_nointr_nofail(saved_stdout);
498 if (saved_stdin >= 0)
499 close_nointr_nofail(saved_stdin);
502 close_nointr_nofail(fd);
507 _printf_(1, 2) static int write_confirm_message(const char *format, ...) {
513 fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
517 va_start(ap, format);
518 vdprintf(fd, format, ap);
521 close_nointr_nofail(fd);
526 static int restore_confirm_stdio(int *saved_stdin,
532 assert(saved_stdout);
536 if (*saved_stdin >= 0)
537 if (dup2(*saved_stdin, STDIN_FILENO) < 0)
540 if (*saved_stdout >= 0)
541 if (dup2(*saved_stdout, STDOUT_FILENO) < 0)
544 if (*saved_stdin >= 0)
545 close_nointr_nofail(*saved_stdin);
547 if (*saved_stdout >= 0)
548 close_nointr_nofail(*saved_stdout);
553 static int ask_for_confirmation(char *response, char **argv) {
554 int saved_stdout = -1, saved_stdin = -1, r;
557 r = setup_confirm_stdio(&saved_stdin, &saved_stdout);
561 line = exec_command_line(argv);
565 r = ask(response, "yns", "Execute %s? [Yes, No, Skip] ", line);
568 restore_confirm_stdio(&saved_stdin, &saved_stdout);
573 static int enforce_groups(const ExecContext *context, const char *username, gid_t gid) {
574 bool keep_groups = false;
579 /* Lookup and set GID and supplementary group list. Here too
580 * we avoid NSS lookups for gid=0. */
582 if (context->group || username) {
584 if (context->group) {
585 const char *g = context->group;
587 if ((r = get_group_creds(&g, &gid)) < 0)
591 /* First step, initialize groups from /etc/groups */
592 if (username && gid != 0) {
593 if (initgroups(username, gid) < 0)
599 /* Second step, set our gids */
600 if (setresgid(gid, gid, gid) < 0)
604 if (context->supplementary_groups) {
609 /* Final step, initialize any manually set supplementary groups */
610 assert_se((ngroups_max = (int) sysconf(_SC_NGROUPS_MAX)) > 0);
612 if (!(gids = new(gid_t, ngroups_max)))
616 if ((k = getgroups(ngroups_max, gids)) < 0) {
623 STRV_FOREACH(i, context->supplementary_groups) {
626 if (k >= ngroups_max) {
632 r = get_group_creds(&g, gids+k);
641 if (setgroups(k, gids) < 0) {
652 static int enforce_user(const ExecContext *context, uid_t uid) {
656 /* Sets (but doesn't lookup) the uid and make sure we keep the
657 * capabilities while doing so. */
659 if (context->capabilities) {
661 static const cap_value_t bits[] = {
662 CAP_SETUID, /* Necessary so that we can run setresuid() below */
663 CAP_SETPCAP /* Necessary so that we can set PR_SET_SECUREBITS later on */
666 /* First step: If we need to keep capabilities but
667 * drop privileges we need to make sure we keep our
668 * caps, while we drop privileges. */
670 int sb = context->secure_bits | 1<<SECURE_KEEP_CAPS;
672 if (prctl(PR_GET_SECUREBITS) != sb)
673 if (prctl(PR_SET_SECUREBITS, sb) < 0)
677 /* Second step: set the capabilities. This will reduce
678 * the capabilities to the minimum we need. */
680 if (!(d = cap_dup(context->capabilities)))
683 if (cap_set_flag(d, CAP_EFFECTIVE, ELEMENTSOF(bits), bits, CAP_SET) < 0 ||
684 cap_set_flag(d, CAP_PERMITTED, ELEMENTSOF(bits), bits, CAP_SET) < 0) {
690 if (cap_set_proc(d) < 0) {
699 /* Third step: actually set the uids */
700 if (setresuid(uid, uid, uid) < 0)
703 /* At this point we should have all necessary capabilities but
704 are otherwise a normal user. However, the caps might got
705 corrupted due to the setresuid() so we need clean them up
706 later. This is done outside of this call. */
713 static int null_conv(
715 const struct pam_message **msg,
716 struct pam_response **resp,
719 /* We don't support conversations */
724 static int setup_pam(
730 int fds[], unsigned n_fds) {
732 static const struct pam_conv conv = {
737 pam_handle_t *handle = NULL;
739 int pam_code = PAM_SUCCESS;
742 bool close_session = false;
743 pid_t pam_pid = 0, parent_pid;
750 /* We set up PAM in the parent process, then fork. The child
751 * will then stay around until killed via PR_GET_PDEATHSIG or
752 * systemd via the cgroup logic. It will then remove the PAM
753 * session again. The parent process will exec() the actual
754 * daemon. We do things this way to ensure that the main PID
755 * of the daemon is the one we initially fork()ed. */
757 if (log_get_max_level() < LOG_PRI(LOG_DEBUG))
760 pam_code = pam_start(name, user, &conv, &handle);
761 if (pam_code != PAM_SUCCESS) {
767 pam_code = pam_set_item(handle, PAM_TTY, tty);
768 if (pam_code != PAM_SUCCESS)
772 pam_code = pam_acct_mgmt(handle, flags);
773 if (pam_code != PAM_SUCCESS)
776 pam_code = pam_open_session(handle, flags);
777 if (pam_code != PAM_SUCCESS)
780 close_session = true;
782 e = pam_getenvlist(handle);
784 pam_code = PAM_BUF_ERR;
788 /* Block SIGTERM, so that we know that it won't get lost in
790 if (sigemptyset(&ss) < 0 ||
791 sigaddset(&ss, SIGTERM) < 0 ||
792 sigprocmask(SIG_BLOCK, &ss, &old_ss) < 0)
795 parent_pid = getpid();
805 /* The child's job is to reset the PAM session on
808 /* This string must fit in 10 chars (i.e. the length
809 * of "/sbin/init"), to look pretty in /bin/ps */
810 rename_process("(sd-pam)");
812 /* Make sure we don't keep open the passed fds in this
813 child. We assume that otherwise only those fds are
814 open here that have been opened by PAM. */
815 close_many(fds, n_fds);
817 /* Drop privileges - we don't need any to pam_close_session
818 * and this will make PR_SET_PDEATHSIG work in most cases.
819 * If this fails, ignore the error - but expect sd-pam threads
820 * to fail to exit normally */
821 if (setresuid(uid, uid, uid) < 0)
822 log_error("Error: Failed to setresuid() in sd-pam: %s", strerror(-r));
824 /* Wait until our parent died. This will only work if
825 * the above setresuid() succeeds, otherwise the kernel
826 * will not allow unprivileged parents kill their privileged
827 * children this way. We rely on the control groups kill logic
828 * to do the rest for us. */
829 if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
832 /* Check if our parent process might already have
834 if (getppid() == parent_pid) {
836 if (sigwait(&ss, &sig) < 0) {
843 assert(sig == SIGTERM);
848 /* If our parent died we'll end the session */
849 if (getppid() != parent_pid) {
850 pam_code = pam_close_session(handle, flags);
851 if (pam_code != PAM_SUCCESS)
858 pam_end(handle, pam_code | flags);
862 /* If the child was forked off successfully it will do all the
863 * cleanups, so forget about the handle here. */
866 /* Unblock SIGTERM again in the parent */
867 if (sigprocmask(SIG_SETMASK, &old_ss, NULL) < 0)
870 /* We close the log explicitly here, since the PAM modules
871 * might have opened it, but we don't want this fd around. */
880 if (pam_code != PAM_SUCCESS) {
881 log_error("PAM failed: %s", pam_strerror(handle, pam_code));
882 err = -EPERM; /* PAM errors do not map to errno */
884 log_error("PAM failed: %m");
890 pam_code = pam_close_session(handle, flags);
892 pam_end(handle, pam_code | flags);
900 kill(pam_pid, SIGTERM);
901 kill(pam_pid, SIGCONT);
908 static void rename_process_from_path(const char *path) {
909 char process_name[11];
913 /* This resulting string must fit in 10 chars (i.e. the length
914 * of "/sbin/init") to look pretty in /bin/ps */
918 rename_process("(...)");
924 /* The end of the process name is usually more
925 * interesting, since the first bit might just be
931 process_name[0] = '(';
932 memcpy(process_name+1, p, l);
933 process_name[1+l] = ')';
934 process_name[1+l+1] = 0;
936 rename_process(process_name);
939 static int apply_seccomp(uint32_t *syscall_filter) {
940 static const struct sock_filter header[] = {
941 VALIDATE_ARCHITECTURE,
944 static const struct sock_filter footer[] = {
950 struct sock_filter *f;
951 struct sock_fprog prog = {};
953 assert(syscall_filter);
955 /* First: count the syscalls to check for */
956 for (i = 0, n = 0; i < syscall_max(); i++)
957 if (syscall_filter[i >> 4] & (1 << (i & 31)))
960 /* Second: build the filter program from a header the syscall
961 * matches and the footer */
962 f = alloca(sizeof(struct sock_filter) * (ELEMENTSOF(header) + 2*n + ELEMENTSOF(footer)));
963 memcpy(f, header, sizeof(header));
965 for (i = 0, n = 0; i < syscall_max(); i++)
966 if (syscall_filter[i >> 4] & (1 << (i & 31))) {
967 struct sock_filter item[] = {
968 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, INDEX_TO_SYSCALL(i), 0, 1),
969 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
972 assert_cc(ELEMENTSOF(item) == 2);
974 f[ELEMENTSOF(header) + 2*n] = item[0];
975 f[ELEMENTSOF(header) + 2*n+1] = item[1];
980 memcpy(f + (ELEMENTSOF(header) + 2*n), footer, sizeof(footer));
982 /* Third: install the filter */
983 prog.len = ELEMENTSOF(header) + ELEMENTSOF(footer) + 2*n;
985 if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog) < 0)
991 static void do_idle_pipe_dance(int idle_pipe[4]) {
994 if (idle_pipe[1] >= 0)
995 close_nointr_nofail(idle_pipe[1]);
996 if (idle_pipe[2] >= 0)
997 close_nointr_nofail(idle_pipe[2]);
999 if (idle_pipe[0] >= 0) {
1002 r = fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT_USEC);
1004 if (idle_pipe[3] >= 0 && r == 0 /* timeout */) {
1005 /* Signal systemd that we are bored and want to continue. */
1006 write(idle_pipe[3], "x", 1);
1008 /* Wait for systemd to react to the signal above. */
1009 fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT2_USEC);
1012 close_nointr_nofail(idle_pipe[0]);
1016 if (idle_pipe[3] >= 0)
1017 close_nointr_nofail(idle_pipe[3]);
1020 static int build_environment(
1023 usec_t watchdog_usec,
1025 const char *username,
1029 _cleanup_strv_free_ char **our_env = NULL;
1036 our_env = new0(char*, 10);
1041 if (asprintf(&x, "LISTEN_PID=%lu", (unsigned long) getpid()) < 0)
1043 our_env[n_env++] = x;
1045 if (asprintf(&x, "LISTEN_FDS=%u", n_fds) < 0)
1047 our_env[n_env++] = x;
1050 if (watchdog_usec > 0) {
1051 if (asprintf(&x, "WATCHDOG_PID=%lu", (unsigned long) getpid()) < 0)
1053 our_env[n_env++] = x;
1055 if (asprintf(&x, "WATCHDOG_USEC=%llu", (unsigned long long) watchdog_usec) < 0)
1057 our_env[n_env++] = x;
1061 x = strappend("HOME=", home);
1064 our_env[n_env++] = x;
1068 x = strappend("LOGNAME=", username);
1071 our_env[n_env++] = x;
1073 x = strappend("USER=", username);
1076 our_env[n_env++] = x;
1080 x = strappend("SHELL=", shell);
1083 our_env[n_env++] = x;
1086 if (is_terminal_input(c->std_input) ||
1087 c->std_output == EXEC_OUTPUT_TTY ||
1088 c->std_error == EXEC_OUTPUT_TTY ||
1091 x = strdup(default_term_for_tty(tty_path(c)));
1094 our_env[n_env++] = x;
1097 our_env[n_env++] = NULL;
1098 assert(n_env <= 10);
1106 int exec_spawn(ExecCommand *command,
1108 ExecContext *context,
1109 int fds[], unsigned n_fds,
1111 bool apply_permissions,
1113 bool apply_tty_stdin,
1115 CGroupControllerMask cgroup_supported,
1116 const char *cgroup_path,
1117 const char *unit_id,
1118 usec_t watchdog_usec,
1120 ExecRuntime *runtime,
1123 _cleanup_strv_free_ char **files_env = NULL;
1132 assert(fds || n_fds <= 0);
1134 if (context->std_input == EXEC_INPUT_SOCKET ||
1135 context->std_output == EXEC_OUTPUT_SOCKET ||
1136 context->std_error == EXEC_OUTPUT_SOCKET) {
1148 r = exec_context_load_environment(context, &files_env);
1150 log_struct_unit(LOG_ERR,
1152 "MESSAGE=Failed to load environment files: %s", strerror(-r),
1159 argv = command->argv;
1161 line = exec_command_line(argv);
1165 log_struct_unit(LOG_DEBUG,
1167 "EXECUTABLE=%s", command->path,
1168 "MESSAGE=About to execute: %s", line,
1177 _cleanup_strv_free_ char **our_env = NULL, **pam_env = NULL, **final_env = NULL, **final_argv = NULL;
1178 const char *username = NULL, *home = NULL, *shell = NULL;
1179 unsigned n_dont_close = 0;
1180 int dont_close[n_fds + 3];
1181 uid_t uid = (uid_t) -1;
1182 gid_t gid = (gid_t) -1;
1188 rename_process_from_path(command->path);
1190 /* We reset exactly these signals, since they are the
1191 * only ones we set to SIG_IGN in the main daemon. All
1192 * others we leave untouched because we set them to
1193 * SIG_DFL or a valid handler initially, both of which
1194 * will be demoted to SIG_DFL. */
1195 default_signals(SIGNALS_CRASH_HANDLER,
1196 SIGNALS_IGNORE, -1);
1198 if (context->ignore_sigpipe)
1199 ignore_signals(SIGPIPE, -1);
1201 assert_se(sigemptyset(&ss) == 0);
1202 if (sigprocmask(SIG_SETMASK, &ss, NULL) < 0) {
1204 r = EXIT_SIGNAL_MASK;
1209 do_idle_pipe_dance(idle_pipe);
1211 /* Close sockets very early to make sure we don't
1212 * block init reexecution because it cannot bind its
1217 dont_close[n_dont_close++] = socket_fd;
1219 memcpy(dont_close + n_dont_close, fds, sizeof(int) * n_fds);
1220 n_dont_close += n_fds;
1223 if (runtime->netns_storage_socket[0] >= 0)
1224 dont_close[n_dont_close++] = runtime->netns_storage_socket[0];
1225 if (runtime->netns_storage_socket[1] >= 0)
1226 dont_close[n_dont_close++] = runtime->netns_storage_socket[1];
1229 err = close_all_fds(dont_close, n_dont_close);
1235 if (!context->same_pgrp)
1242 if (context->tcpwrap_name) {
1244 if (!socket_tcpwrap(socket_fd, context->tcpwrap_name)) {
1250 for (i = 0; i < (int) n_fds; i++) {
1251 if (!socket_tcpwrap(fds[i], context->tcpwrap_name)) {
1259 exec_context_tty_reset(context);
1261 if (confirm_spawn) {
1264 err = ask_for_confirmation(&response, argv);
1265 if (err == -ETIMEDOUT)
1266 write_confirm_message("Confirmation question timed out, assuming positive response.\n");
1268 write_confirm_message("Couldn't ask confirmation question, assuming positive response: %s\n", strerror(-err));
1269 else if (response == 's') {
1270 write_confirm_message("Skipping execution.\n");
1274 } else if (response == 'n') {
1275 write_confirm_message("Failing execution.\n");
1281 /* If a socket is connected to STDIN/STDOUT/STDERR, we
1282 * must sure to drop O_NONBLOCK */
1284 fd_nonblock(socket_fd, false);
1286 err = setup_input(context, socket_fd, apply_tty_stdin);
1292 err = setup_output(context, STDOUT_FILENO, socket_fd, basename(command->path), unit_id, apply_tty_stdin);
1298 err = setup_output(context, STDERR_FILENO, socket_fd, basename(command->path), unit_id, apply_tty_stdin);
1305 err = cg_attach_everywhere(cgroup_supported, cgroup_path, 0);
1312 if (context->oom_score_adjust_set) {
1315 snprintf(t, sizeof(t), "%i", context->oom_score_adjust);
1318 if (write_string_file("/proc/self/oom_score_adj", t) < 0) {
1320 r = EXIT_OOM_ADJUST;
1325 if (context->nice_set)
1326 if (setpriority(PRIO_PROCESS, 0, context->nice) < 0) {
1332 if (context->cpu_sched_set) {
1333 struct sched_param param = {
1334 .sched_priority = context->cpu_sched_priority,
1337 r = sched_setscheduler(0,
1338 context->cpu_sched_policy |
1339 (context->cpu_sched_reset_on_fork ?
1340 SCHED_RESET_ON_FORK : 0),
1344 r = EXIT_SETSCHEDULER;
1349 if (context->cpuset)
1350 if (sched_setaffinity(0, CPU_ALLOC_SIZE(context->cpuset_ncpus), context->cpuset) < 0) {
1352 r = EXIT_CPUAFFINITY;
1356 if (context->ioprio_set)
1357 if (ioprio_set(IOPRIO_WHO_PROCESS, 0, context->ioprio) < 0) {
1363 if (context->timer_slack_nsec != (nsec_t) -1)
1364 if (prctl(PR_SET_TIMERSLACK, context->timer_slack_nsec) < 0) {
1366 r = EXIT_TIMERSLACK;
1370 if (context->utmp_id)
1371 utmp_put_init_process(context->utmp_id, getpid(), getsid(0), context->tty_path);
1373 if (context->user) {
1374 username = context->user;
1375 err = get_user_creds(&username, &uid, &gid, &home, &shell);
1381 if (is_terminal_input(context->std_input)) {
1382 err = chown_terminal(STDIN_FILENO, uid);
1391 if (cgroup_path && context->user && context->pam_name) {
1392 err = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0644, uid, gid);
1399 err = cg_set_group_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0755, uid, gid);
1407 if (apply_permissions) {
1408 err = enforce_groups(context, username, gid);
1415 umask(context->umask);
1418 if (apply_permissions && context->pam_name && username) {
1419 err = setup_pam(context->pam_name, username, uid, context->tty_path, &pam_env, fds, n_fds);
1426 if (context->private_network && runtime && runtime->netns_storage_socket[0] >= 0) {
1427 err = setup_netns(runtime->netns_storage_socket);
1434 if (!strv_isempty(context->read_write_dirs) ||
1435 !strv_isempty(context->read_only_dirs) ||
1436 !strv_isempty(context->inaccessible_dirs) ||
1437 context->mount_flags != 0 ||
1438 (context->private_tmp && runtime && (runtime->tmp_dir || runtime->var_tmp_dir))) {
1440 char *tmp = NULL, *var = NULL;
1442 /* The runtime struct only contains the parent
1443 * of the private /tmp, which is
1444 * non-accessible to world users. Inside of it
1445 * there's a /tmp that is sticky, and that's
1446 * the one we want to use here. */
1448 if (context->private_tmp && runtime) {
1449 if (runtime->tmp_dir)
1450 tmp = strappenda(runtime->tmp_dir, "/tmp");
1451 if (runtime->var_tmp_dir)
1452 var = strappenda(runtime->var_tmp_dir, "/tmp");
1455 err = setup_namespace(
1456 context->read_write_dirs,
1457 context->read_only_dirs,
1458 context->inaccessible_dirs,
1461 context->mount_flags);
1470 if (context->root_directory)
1471 if (chroot(context->root_directory) < 0) {
1477 if (chdir(context->working_directory ? context->working_directory : "/") < 0) {
1483 _cleanup_free_ char *d = NULL;
1485 if (asprintf(&d, "%s/%s",
1486 context->root_directory ? context->root_directory : "",
1487 context->working_directory ? context->working_directory : "") < 0) {
1500 /* We repeat the fd closing here, to make sure that
1501 * nothing is leaked from the PAM modules */
1502 err = close_all_fds(fds, n_fds);
1504 err = shift_fds(fds, n_fds);
1506 err = flags_fds(fds, n_fds, context->non_blocking);
1512 if (apply_permissions) {
1514 for (i = 0; i < RLIMIT_NLIMITS; i++) {
1515 if (!context->rlimit[i])
1518 if (setrlimit_closest(i, context->rlimit[i]) < 0) {
1525 if (context->capability_bounding_set_drop) {
1526 err = capability_bounding_set_drop(context->capability_bounding_set_drop, false);
1528 r = EXIT_CAPABILITIES;
1533 if (context->user) {
1534 err = enforce_user(context, uid);
1541 /* PR_GET_SECUREBITS is not privileged, while
1542 * PR_SET_SECUREBITS is. So to suppress
1543 * potential EPERMs we'll try not to call
1544 * PR_SET_SECUREBITS unless necessary. */
1545 if (prctl(PR_GET_SECUREBITS) != context->secure_bits)
1546 if (prctl(PR_SET_SECUREBITS, context->secure_bits) < 0) {
1548 r = EXIT_SECUREBITS;
1552 if (context->capabilities)
1553 if (cap_set_proc(context->capabilities) < 0) {
1555 r = EXIT_CAPABILITIES;
1559 if (context->no_new_privileges)
1560 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
1562 r = EXIT_NO_NEW_PRIVILEGES;
1566 if (context->syscall_filter) {
1567 err = apply_seccomp(context->syscall_filter);
1575 err = build_environment(context, n_fds, watchdog_usec, home, username, shell, &our_env);
1581 final_env = strv_env_merge(5,
1584 context->environment,
1594 final_argv = replace_env_argv(argv, final_env);
1601 final_env = strv_env_clean(final_env);
1603 if (_unlikely_(log_get_max_level() >= LOG_PRI(LOG_DEBUG))) {
1604 line = exec_command_line(final_argv);
1607 log_struct_unit(LOG_DEBUG,
1609 "EXECUTABLE=%s", command->path,
1610 "MESSAGE=Executing: %s", line,
1617 execve(command->path, final_argv, final_env);
1624 log_struct(LOG_ERR, MESSAGE_ID(SD_MESSAGE_SPAWN_FAILED),
1625 "EXECUTABLE=%s", command->path,
1626 "MESSAGE=Failed at step %s spawning %s: %s",
1627 exit_status_to_string(r, EXIT_STATUS_SYSTEMD),
1628 command->path, strerror(-err),
1637 log_struct_unit(LOG_DEBUG,
1639 "MESSAGE=Forked %s as %lu",
1640 command->path, (unsigned long) pid,
1643 /* We add the new process to the cgroup both in the child (so
1644 * that we can be sure that no user code is ever executed
1645 * outside of the cgroup) and in the parent (so that we can be
1646 * sure that when we kill the cgroup the process will be
1649 cg_attach(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, pid);
1651 exec_status_start(&command->exec_status, pid);
1657 void exec_context_init(ExecContext *c) {
1661 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
1662 c->cpu_sched_policy = SCHED_OTHER;
1663 c->syslog_priority = LOG_DAEMON|LOG_INFO;
1664 c->syslog_level_prefix = true;
1665 c->ignore_sigpipe = true;
1666 c->timer_slack_nsec = (nsec_t) -1;
1669 void exec_context_done(ExecContext *c) {
1674 strv_free(c->environment);
1675 c->environment = NULL;
1677 strv_free(c->environment_files);
1678 c->environment_files = NULL;
1680 for (l = 0; l < ELEMENTSOF(c->rlimit); l++) {
1682 c->rlimit[l] = NULL;
1685 free(c->working_directory);
1686 c->working_directory = NULL;
1687 free(c->root_directory);
1688 c->root_directory = NULL;
1693 free(c->tcpwrap_name);
1694 c->tcpwrap_name = NULL;
1696 free(c->syslog_identifier);
1697 c->syslog_identifier = NULL;
1705 strv_free(c->supplementary_groups);
1706 c->supplementary_groups = NULL;
1711 if (c->capabilities) {
1712 cap_free(c->capabilities);
1713 c->capabilities = NULL;
1716 strv_free(c->read_only_dirs);
1717 c->read_only_dirs = NULL;
1719 strv_free(c->read_write_dirs);
1720 c->read_write_dirs = NULL;
1722 strv_free(c->inaccessible_dirs);
1723 c->inaccessible_dirs = NULL;
1726 CPU_FREE(c->cpuset);
1731 free(c->syscall_filter);
1732 c->syscall_filter = NULL;
1735 void exec_command_done(ExecCommand *c) {
1745 void exec_command_done_array(ExecCommand *c, unsigned n) {
1748 for (i = 0; i < n; i++)
1749 exec_command_done(c+i);
1752 void exec_command_free_list(ExecCommand *c) {
1756 LIST_REMOVE(command, c, i);
1757 exec_command_done(i);
1762 void exec_command_free_array(ExecCommand **c, unsigned n) {
1765 for (i = 0; i < n; i++) {
1766 exec_command_free_list(c[i]);
1771 int exec_context_load_environment(const ExecContext *c, char ***l) {
1772 char **i, **r = NULL;
1777 STRV_FOREACH(i, c->environment_files) {
1780 bool ignore = false;
1782 _cleanup_globfree_ glob_t pglob = {};
1792 if (!path_is_absolute(fn)) {
1800 /* Filename supports globbing, take all matching files */
1802 if (glob(fn, 0, NULL, &pglob) != 0) {
1807 return errno ? -errno : -EINVAL;
1809 count = pglob.gl_pathc;
1817 for (n = 0; n < count; n++) {
1818 k = load_env_file(pglob.gl_pathv[n], NULL, &p);
1826 /* Log invalid environment variables with filename */
1828 p = strv_env_clean_log(p, pglob.gl_pathv[n]);
1835 m = strv_env_merge(2, r, p);
1851 static bool tty_may_match_dev_console(const char *tty) {
1852 char *active = NULL, *console;
1855 if (startswith(tty, "/dev/"))
1858 /* trivial identity? */
1859 if (streq(tty, "console"))
1862 console = resolve_dev_console(&active);
1863 /* if we could not resolve, assume it may */
1867 /* "tty0" means the active VC, so it may be the same sometimes */
1868 b = streq(console, tty) || (streq(console, "tty0") && tty_is_vc(tty));
1874 bool exec_context_may_touch_console(ExecContext *ec) {
1875 return (ec->tty_reset || ec->tty_vhangup || ec->tty_vt_disallocate ||
1876 is_terminal_input(ec->std_input) ||
1877 is_terminal_output(ec->std_output) ||
1878 is_terminal_output(ec->std_error)) &&
1879 tty_may_match_dev_console(tty_path(ec));
1882 static void strv_fprintf(FILE *f, char **l) {
1888 fprintf(f, " %s", *g);
1891 void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
1898 prefix = strempty(prefix);
1902 "%sWorkingDirectory: %s\n"
1903 "%sRootDirectory: %s\n"
1904 "%sNonBlocking: %s\n"
1905 "%sPrivateTmp: %s\n"
1906 "%sPrivateNetwork: %s\n"
1907 "%sIgnoreSIGPIPE: %s\n",
1909 prefix, c->working_directory ? c->working_directory : "/",
1910 prefix, c->root_directory ? c->root_directory : "/",
1911 prefix, yes_no(c->non_blocking),
1912 prefix, yes_no(c->private_tmp),
1913 prefix, yes_no(c->private_network),
1914 prefix, yes_no(c->ignore_sigpipe));
1916 STRV_FOREACH(e, c->environment)
1917 fprintf(f, "%sEnvironment: %s\n", prefix, *e);
1919 STRV_FOREACH(e, c->environment_files)
1920 fprintf(f, "%sEnvironmentFile: %s\n", prefix, *e);
1922 if (c->tcpwrap_name)
1924 "%sTCPWrapName: %s\n",
1925 prefix, c->tcpwrap_name);
1932 if (c->oom_score_adjust_set)
1934 "%sOOMScoreAdjust: %i\n",
1935 prefix, c->oom_score_adjust);
1937 for (i = 0; i < RLIM_NLIMITS; i++)
1939 fprintf(f, "%s%s: %llu\n", prefix, rlimit_to_string(i), (unsigned long long) c->rlimit[i]->rlim_max);
1941 if (c->ioprio_set) {
1945 r = ioprio_class_to_string_alloc(IOPRIO_PRIO_CLASS(c->ioprio), &class_str);
1949 "%sIOSchedulingClass: %s\n"
1950 "%sIOPriority: %i\n",
1951 prefix, strna(class_str),
1952 prefix, (int) IOPRIO_PRIO_DATA(c->ioprio));
1956 if (c->cpu_sched_set) {
1960 r = sched_policy_to_string_alloc(c->cpu_sched_policy, &policy_str);
1964 "%sCPUSchedulingPolicy: %s\n"
1965 "%sCPUSchedulingPriority: %i\n"
1966 "%sCPUSchedulingResetOnFork: %s\n",
1967 prefix, strna(policy_str),
1968 prefix, c->cpu_sched_priority,
1969 prefix, yes_no(c->cpu_sched_reset_on_fork));
1974 fprintf(f, "%sCPUAffinity:", prefix);
1975 for (i = 0; i < c->cpuset_ncpus; i++)
1976 if (CPU_ISSET_S(i, CPU_ALLOC_SIZE(c->cpuset_ncpus), c->cpuset))
1977 fprintf(f, " %u", i);
1981 if (c->timer_slack_nsec != (nsec_t) -1)
1982 fprintf(f, "%sTimerSlackNSec: %lu\n", prefix, (unsigned long)c->timer_slack_nsec);
1985 "%sStandardInput: %s\n"
1986 "%sStandardOutput: %s\n"
1987 "%sStandardError: %s\n",
1988 prefix, exec_input_to_string(c->std_input),
1989 prefix, exec_output_to_string(c->std_output),
1990 prefix, exec_output_to_string(c->std_error));
1996 "%sTTYVHangup: %s\n"
1997 "%sTTYVTDisallocate: %s\n",
1998 prefix, c->tty_path,
1999 prefix, yes_no(c->tty_reset),
2000 prefix, yes_no(c->tty_vhangup),
2001 prefix, yes_no(c->tty_vt_disallocate));
2003 if (c->std_output == EXEC_OUTPUT_SYSLOG || c->std_output == EXEC_OUTPUT_KMSG || c->std_output == EXEC_OUTPUT_JOURNAL ||
2004 c->std_output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE || c->std_output == EXEC_OUTPUT_KMSG_AND_CONSOLE || c->std_output == EXEC_OUTPUT_JOURNAL_AND_CONSOLE ||
2005 c->std_error == EXEC_OUTPUT_SYSLOG || c->std_error == EXEC_OUTPUT_KMSG || c->std_error == EXEC_OUTPUT_JOURNAL ||
2006 c->std_error == EXEC_OUTPUT_SYSLOG_AND_CONSOLE || c->std_error == EXEC_OUTPUT_KMSG_AND_CONSOLE || c->std_error == EXEC_OUTPUT_JOURNAL_AND_CONSOLE) {
2007 char *fac_str, *lvl_str;
2010 r = log_facility_unshifted_to_string_alloc(c->syslog_priority >> 3, &fac_str);
2014 r = log_level_to_string_alloc(LOG_PRI(c->syslog_priority), &lvl_str);
2019 "%sSyslogFacility: %s\n"
2020 "%sSyslogLevel: %s\n",
2021 prefix, strna(fac_str),
2022 prefix, strna(lvl_str));
2027 if (c->capabilities) {
2029 if ((t = cap_to_text(c->capabilities, NULL))) {
2030 fprintf(f, "%sCapabilities: %s\n",
2037 fprintf(f, "%sSecure Bits:%s%s%s%s%s%s\n",
2039 (c->secure_bits & 1<<SECURE_KEEP_CAPS) ? " keep-caps" : "",
2040 (c->secure_bits & 1<<SECURE_KEEP_CAPS_LOCKED) ? " keep-caps-locked" : "",
2041 (c->secure_bits & 1<<SECURE_NO_SETUID_FIXUP) ? " no-setuid-fixup" : "",
2042 (c->secure_bits & 1<<SECURE_NO_SETUID_FIXUP_LOCKED) ? " no-setuid-fixup-locked" : "",
2043 (c->secure_bits & 1<<SECURE_NOROOT) ? " noroot" : "",
2044 (c->secure_bits & 1<<SECURE_NOROOT_LOCKED) ? "noroot-locked" : "");
2046 if (c->capability_bounding_set_drop) {
2048 fprintf(f, "%sCapabilityBoundingSet:", prefix);
2050 for (l = 0; l <= cap_last_cap(); l++)
2051 if (!(c->capability_bounding_set_drop & ((uint64_t) 1ULL << (uint64_t) l))) {
2054 if ((t = cap_to_name(l))) {
2055 fprintf(f, " %s", t);
2064 fprintf(f, "%sUser: %s\n", prefix, c->user);
2066 fprintf(f, "%sGroup: %s\n", prefix, c->group);
2068 if (strv_length(c->supplementary_groups) > 0) {
2069 fprintf(f, "%sSupplementaryGroups:", prefix);
2070 strv_fprintf(f, c->supplementary_groups);
2075 fprintf(f, "%sPAMName: %s\n", prefix, c->pam_name);
2077 if (strv_length(c->read_write_dirs) > 0) {
2078 fprintf(f, "%sReadWriteDirs:", prefix);
2079 strv_fprintf(f, c->read_write_dirs);
2083 if (strv_length(c->read_only_dirs) > 0) {
2084 fprintf(f, "%sReadOnlyDirs:", prefix);
2085 strv_fprintf(f, c->read_only_dirs);
2089 if (strv_length(c->inaccessible_dirs) > 0) {
2090 fprintf(f, "%sInaccessibleDirs:", prefix);
2091 strv_fprintf(f, c->inaccessible_dirs);
2097 "%sUtmpIdentifier: %s\n",
2098 prefix, c->utmp_id);
2101 void exec_status_start(ExecStatus *s, pid_t pid) {
2106 dual_timestamp_get(&s->start_timestamp);
2109 void exec_status_exit(ExecStatus *s, ExecContext *context, pid_t pid, int code, int status) {
2112 if (s->pid && s->pid != pid)
2116 dual_timestamp_get(&s->exit_timestamp);
2122 if (context->utmp_id)
2123 utmp_put_dead_process(context->utmp_id, pid, code, status);
2125 exec_context_tty_reset(context);
2129 void exec_status_dump(ExecStatus *s, FILE *f, const char *prefix) {
2130 char buf[FORMAT_TIMESTAMP_MAX];
2143 prefix, (unsigned long) s->pid);
2145 if (s->start_timestamp.realtime > 0)
2147 "%sStart Timestamp: %s\n",
2148 prefix, format_timestamp(buf, sizeof(buf), s->start_timestamp.realtime));
2150 if (s->exit_timestamp.realtime > 0)
2152 "%sExit Timestamp: %s\n"
2154 "%sExit Status: %i\n",
2155 prefix, format_timestamp(buf, sizeof(buf), s->exit_timestamp.realtime),
2156 prefix, sigchld_code_to_string(s->code),
2160 char *exec_command_line(char **argv) {
2168 STRV_FOREACH(a, argv)
2171 if (!(n = new(char, k)))
2175 STRV_FOREACH(a, argv) {
2182 if (strpbrk(*a, WHITESPACE)) {
2193 /* FIXME: this doesn't really handle arguments that have
2194 * spaces and ticks in them */
2199 void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix) {
2201 const char *prefix2;
2210 p2 = strappend(prefix, "\t");
2211 prefix2 = p2 ? p2 : prefix;
2213 cmd = exec_command_line(c->argv);
2216 "%sCommand Line: %s\n",
2217 prefix, cmd ? cmd : strerror(ENOMEM));
2221 exec_status_dump(&c->exec_status, f, prefix2);
2226 void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix) {
2232 LIST_FOREACH(command, c, c)
2233 exec_command_dump(c, f, prefix);
2236 void exec_command_append_list(ExecCommand **l, ExecCommand *e) {
2243 /* It's kind of important, that we keep the order here */
2244 LIST_FIND_TAIL(command, *l, end);
2245 LIST_INSERT_AFTER(command, *l, end, e);
2250 int exec_command_set(ExecCommand *c, const char *path, ...) {
2258 l = strv_new_ap(path, ap);
2279 static int exec_runtime_allocate(ExecRuntime **rt) {
2284 *rt = new0(ExecRuntime, 1);
2289 (*rt)->netns_storage_socket[0] = (*rt)->netns_storage_socket[1] = -1;
2294 int exec_runtime_make(ExecRuntime **rt, ExecContext *c, const char *id) {
2304 if (!c->private_network && !c->private_tmp)
2307 r = exec_runtime_allocate(rt);
2311 if (c->private_network && (*rt)->netns_storage_socket[0] < 0) {
2312 if (socketpair(AF_UNIX, SOCK_DGRAM, 0, (*rt)->netns_storage_socket) < 0)
2316 if (c->private_tmp && !(*rt)->tmp_dir) {
2317 r = setup_tmp_dirs(id, &(*rt)->tmp_dir, &(*rt)->var_tmp_dir);
2325 ExecRuntime *exec_runtime_ref(ExecRuntime *r) {
2327 assert(r->n_ref > 0);
2333 ExecRuntime *exec_runtime_unref(ExecRuntime *r) {
2338 assert(r->n_ref > 0);
2341 if (r->n_ref <= 0) {
2343 free(r->var_tmp_dir);
2344 close_pipe(r->netns_storage_socket);
2351 int exec_runtime_serialize(ExecRuntime *rt, Unit *u, FILE *f, FDSet *fds) {
2360 unit_serialize_item(u, f, "tmp-dir", rt->tmp_dir);
2362 if (rt->var_tmp_dir)
2363 unit_serialize_item(u, f, "var-tmp-dir", rt->var_tmp_dir);
2365 if (rt->netns_storage_socket[0] >= 0) {
2368 copy = fdset_put_dup(fds, rt->netns_storage_socket[0]);
2372 unit_serialize_item_format(u, f, "netns-socket-0", "%i", copy);
2375 if (rt->netns_storage_socket[1] >= 0) {
2378 copy = fdset_put_dup(fds, rt->netns_storage_socket[1]);
2382 unit_serialize_item_format(u, f, "netns-socket-1", "%i", copy);
2388 int exec_runtime_deserialize_item(ExecRuntime **rt, Unit *u, const char *key, const char *value, FDSet *fds) {
2395 if (streq(key, "tmp-dir")) {
2398 r = exec_runtime_allocate(rt);
2402 copy = strdup(value);
2406 free((*rt)->tmp_dir);
2407 (*rt)->tmp_dir = copy;
2409 } else if (streq(key, "var-tmp-dir")) {
2412 r = exec_runtime_allocate(rt);
2416 copy = strdup(value);
2420 free((*rt)->var_tmp_dir);
2421 (*rt)->var_tmp_dir = copy;
2423 } else if (streq(key, "netns-socket-0")) {
2426 r = exec_runtime_allocate(rt);
2430 if (safe_atoi(value, &fd) < 0 || !fdset_contains(fds, fd))
2431 log_debug_unit(u->id, "Failed to parse netns socket value %s", value);
2433 if ((*rt)->netns_storage_socket[0] >= 0)
2434 close_nointr_nofail((*rt)->netns_storage_socket[0]);
2436 (*rt)->netns_storage_socket[0] = fdset_remove(fds, fd);
2438 } else if (streq(key, "netns-socket-1")) {
2441 r = exec_runtime_allocate(rt);
2445 if (safe_atoi(value, &fd) < 0 || !fdset_contains(fds, fd))
2446 log_debug_unit(u->id, "Failed to parse netns socket value %s", value);
2448 if ((*rt)->netns_storage_socket[1] >= 0)
2449 close_nointr_nofail((*rt)->netns_storage_socket[1]);
2451 (*rt)->netns_storage_socket[1] = fdset_remove(fds, fd);
2459 static void *remove_tmpdir_thread(void *p) {
2460 _cleanup_free_ char *path = p;
2462 rm_rf_dangerous(path, false, true, false);
2466 void exec_runtime_destroy(ExecRuntime *rt) {
2470 /* If there are multiple users of this, let's leave the stuff around */
2475 log_debug("Spawning thread to nuke %s", rt->tmp_dir);
2476 asynchronous_job(remove_tmpdir_thread, rt->tmp_dir);
2480 if (rt->var_tmp_dir) {
2481 log_debug("Spawning thread to nuke %s", rt->var_tmp_dir);
2482 asynchronous_job(remove_tmpdir_thread, rt->var_tmp_dir);
2483 rt->var_tmp_dir = NULL;
2486 close_pipe(rt->netns_storage_socket);
2489 static const char* const exec_input_table[_EXEC_INPUT_MAX] = {
2490 [EXEC_INPUT_NULL] = "null",
2491 [EXEC_INPUT_TTY] = "tty",
2492 [EXEC_INPUT_TTY_FORCE] = "tty-force",
2493 [EXEC_INPUT_TTY_FAIL] = "tty-fail",
2494 [EXEC_INPUT_SOCKET] = "socket"
2497 DEFINE_STRING_TABLE_LOOKUP(exec_input, ExecInput);
2499 static const char* const exec_output_table[_EXEC_OUTPUT_MAX] = {
2500 [EXEC_OUTPUT_INHERIT] = "inherit",
2501 [EXEC_OUTPUT_NULL] = "null",
2502 [EXEC_OUTPUT_TTY] = "tty",
2503 [EXEC_OUTPUT_SYSLOG] = "syslog",
2504 [EXEC_OUTPUT_SYSLOG_AND_CONSOLE] = "syslog+console",
2505 [EXEC_OUTPUT_KMSG] = "kmsg",
2506 [EXEC_OUTPUT_KMSG_AND_CONSOLE] = "kmsg+console",
2507 [EXEC_OUTPUT_JOURNAL] = "journal",
2508 [EXEC_OUTPUT_JOURNAL_AND_CONSOLE] = "journal+console",
2509 [EXEC_OUTPUT_SOCKET] = "socket"
2512 DEFINE_STRING_TABLE_LOOKUP(exec_output, ExecOutput);
~ianmdlvl / elogind.git / blob