chiark / gitweb /
timer: support timers that can resume the system from suspend
[elogind.git] / src / core / main.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4   This file is part of systemd.
5
6   Copyright 2010 Lennart Poettering
7
8   systemd is free software; you can redistribute it and/or modify it
9   under the terms of the GNU Lesser General Public License as published by
10   the Free Software Foundation; either version 2.1 of the License, or
11   (at your option) any later version.
12
13   systemd is distributed in the hope that it will be useful, but
14   WITHOUT ANY WARRANTY; without even the implied warranty of
15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16   Lesser General Public License for more details.
17
18   You should have received a copy of the GNU Lesser General Public License
19   along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <stdio.h>
23 #include <errno.h>
24 #include <string.h>
25 #include <unistd.h>
26 #include <sys/types.h>
27 #include <sys/stat.h>
28 #include <getopt.h>
29 #include <signal.h>
30 #include <sys/wait.h>
31 #include <fcntl.h>
32 #include <sys/prctl.h>
33 #include <sys/mount.h>
34
35 #ifdef HAVE_VALGRIND_VALGRIND_H
36 #include <valgrind/valgrind.h>
37 #endif
38 #ifdef HAVE_SECCOMP
39 #include <seccomp.h>
40 #endif
41
42 #include "sd-daemon.h"
43 #include "sd-messages.h"
44 #include "sd-bus.h"
45 #include "manager.h"
46 #include "log.h"
47 #include "load-fragment.h"
48 #include "fdset.h"
49 #include "special.h"
50 #include "conf-parser.h"
51 #include "missing.h"
52 #include "label.h"
53 #include "build.h"
54 #include "strv.h"
55 #include "def.h"
56 #include "virt.h"
57 #include "architecture.h"
58 #include "watchdog.h"
59 #include "path-util.h"
60 #include "switch-root.h"
61 #include "capability.h"
62 #include "killall.h"
63 #include "env-util.h"
64 #include "hwclock.h"
65 #include "fileio.h"
66 #include "dbus-manager.h"
67 #include "bus-error.h"
68 #include "bus-util.h"
69
70 #include "mount-setup.h"
71 #include "loopback-setup.h"
72 #include "hostname-setup.h"
73 #include "machine-id-setup.h"
74 #include "selinux-setup.h"
75 #include "ima-setup.h"
76 #include "smack-setup.h"
77 #ifdef HAVE_KMOD
78 #include "kmod-setup.h"
79 #endif
80
81 static enum {
82         ACTION_RUN,
83         ACTION_HELP,
84         ACTION_VERSION,
85         ACTION_TEST,
86         ACTION_DUMP_CONFIGURATION_ITEMS,
87         ACTION_DONE
88 } arg_action = ACTION_RUN;
89 static char *arg_default_unit = NULL;
90 static SystemdRunningAs arg_running_as = _SYSTEMD_RUNNING_AS_INVALID;
91 static bool arg_dump_core = true;
92 static bool arg_crash_shell = false;
93 static int arg_crash_chvt = -1;
94 static bool arg_confirm_spawn = false;
95 static ShowStatus arg_show_status = _SHOW_STATUS_UNSET;
96 static bool arg_switched_root = false;
97 static char ***arg_join_controllers = NULL;
98 static ExecOutput arg_default_std_output = EXEC_OUTPUT_JOURNAL;
99 static ExecOutput arg_default_std_error = EXEC_OUTPUT_INHERIT;
100 static usec_t arg_default_restart_usec = DEFAULT_RESTART_USEC;
101 static usec_t arg_default_timeout_start_usec = DEFAULT_TIMEOUT_USEC;
102 static usec_t arg_default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC;
103 static usec_t arg_default_start_limit_interval = DEFAULT_START_LIMIT_INTERVAL;
104 static unsigned arg_default_start_limit_burst = DEFAULT_START_LIMIT_BURST;
105 static usec_t arg_runtime_watchdog = 0;
106 static usec_t arg_shutdown_watchdog = 10 * USEC_PER_MINUTE;
107 static char **arg_default_environment = NULL;
108 static struct rlimit *arg_default_rlimit[_RLIMIT_MAX] = {};
109 static uint64_t arg_capability_bounding_set_drop = 0;
110 static nsec_t arg_timer_slack_nsec = (nsec_t) -1;
111 static Set* arg_syscall_archs = NULL;
112 static FILE* arg_serialization = NULL;
113 static bool arg_default_cpu_accounting = false;
114 static bool arg_default_blockio_accounting = false;
115 static bool arg_default_memory_accounting = false;
116
117 static void nop_handler(int sig) {}
118
119 noreturn static void crash(int sig) {
120
121         if (getpid() != 1)
122                 /* Pass this on immediately, if this is not PID 1 */
123                 raise(sig);
124         else if (!arg_dump_core)
125                 log_error("Caught <%s>, not dumping core.", signal_to_string(sig));
126         else {
127                 struct sigaction sa = {
128                         .sa_handler = nop_handler,
129                         .sa_flags = SA_NOCLDSTOP|SA_RESTART,
130                 };
131                 pid_t pid;
132
133                 /* We want to wait for the core process, hence let's enable SIGCHLD */
134                 sigaction(SIGCHLD, &sa, NULL);
135
136                 pid = fork();
137                 if (pid < 0)
138                         log_error("Caught <%s>, cannot fork for core dump: %m", signal_to_string(sig));
139
140                 else if (pid == 0) {
141                         struct rlimit rl = {};
142
143                         /* Enable default signal handler for core dump */
144                         zero(sa);
145                         sa.sa_handler = SIG_DFL;
146                         sigaction(sig, &sa, NULL);
147
148                         /* Don't limit the core dump size */
149                         rl.rlim_cur = RLIM_INFINITY;
150                         rl.rlim_max = RLIM_INFINITY;
151                         setrlimit(RLIMIT_CORE, &rl);
152
153                         /* Just to be sure... */
154                         chdir("/");
155
156                         /* Raise the signal again */
157                         raise(sig);
158
159                         assert_not_reached("We shouldn't be here...");
160                         _exit(1);
161
162                 } else {
163                         siginfo_t status;
164                         int r;
165
166                         /* Order things nicely. */
167                         r = wait_for_terminate(pid, &status);
168                         if (r < 0)
169                                 log_error("Caught <%s>, waitpid() failed: %s", signal_to_string(sig), strerror(-r));
170                         else if (status.si_code != CLD_DUMPED)
171                                 log_error("Caught <%s>, core dump failed.", signal_to_string(sig));
172                         else
173                                 log_error("Caught <%s>, dumped core as pid "PID_FMT".", signal_to_string(sig), pid);
174                 }
175         }
176
177         if (arg_crash_chvt)
178                 chvt(arg_crash_chvt);
179
180         if (arg_crash_shell) {
181                 struct sigaction sa = {
182                         .sa_handler = SIG_IGN,
183                         .sa_flags = SA_NOCLDSTOP|SA_NOCLDWAIT|SA_RESTART,
184                 };
185                 pid_t pid;
186
187                 log_info("Executing crash shell in 10s...");
188                 sleep(10);
189
190                 /* Let the kernel reap children for us */
191                 assert_se(sigaction(SIGCHLD, &sa, NULL) == 0);
192
193                 pid = fork();
194                 if (pid < 0)
195                         log_error("Failed to fork off crash shell: %m");
196                 else if (pid == 0) {
197                         make_console_stdio();
198                         execl("/bin/sh", "/bin/sh", NULL);
199
200                         log_error("execl() failed: %m");
201                         _exit(1);
202                 }
203
204                 log_info("Successfully spawned crash shell as pid "PID_FMT".", pid);
205         }
206
207         log_info("Freezing execution.");
208         freeze();
209 }
210
211 static void install_crash_handler(void) {
212         struct sigaction sa = {
213                 .sa_handler = crash,
214                 .sa_flags = SA_NODEFER,
215         };
216
217         sigaction_many(&sa, SIGNALS_CRASH_HANDLER, -1);
218 }
219
220 static int console_setup(bool do_reset) {
221         int tty_fd, r;
222
223         /* If we are init, we connect stdin/stdout/stderr to /dev/null
224          * and make sure we don't have a controlling tty. */
225
226         release_terminal();
227
228         if (!do_reset)
229                 return 0;
230
231         tty_fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
232         if (tty_fd < 0) {
233                 log_error("Failed to open /dev/console: %s", strerror(-tty_fd));
234                 return -tty_fd;
235         }
236
237         /* We don't want to force text mode.
238          * plymouth may be showing pictures already from initrd. */
239         r = reset_terminal_fd(tty_fd, false);
240         if (r < 0)
241                 log_error("Failed to reset /dev/console: %s", strerror(-r));
242
243         safe_close(tty_fd);
244         return r;
245 }
246
247 static int set_default_unit(const char *u) {
248         char *c;
249
250         assert(u);
251
252         c = strdup(u);
253         if (!c)
254                 return -ENOMEM;
255
256         free(arg_default_unit);
257         arg_default_unit = c;
258
259         return 0;
260 }
261
262 static int parse_proc_cmdline_item(const char *key, const char *value) {
263
264         static const char * const rlmap[] = {
265                 "emergency", SPECIAL_EMERGENCY_TARGET,
266                 "-b",        SPECIAL_EMERGENCY_TARGET,
267                 "single",    SPECIAL_RESCUE_TARGET,
268                 "-s",        SPECIAL_RESCUE_TARGET,
269                 "s",         SPECIAL_RESCUE_TARGET,
270                 "S",         SPECIAL_RESCUE_TARGET,
271                 "1",         SPECIAL_RESCUE_TARGET,
272                 "2",         SPECIAL_RUNLEVEL2_TARGET,
273                 "3",         SPECIAL_RUNLEVEL3_TARGET,
274                 "4",         SPECIAL_RUNLEVEL4_TARGET,
275                 "5",         SPECIAL_RUNLEVEL5_TARGET,
276         };
277         int r;
278
279         assert(key);
280
281         if (streq(key, "systemd.unit") && value) {
282
283                 if (!in_initrd())
284                         return set_default_unit(value);
285
286         } else if (streq(key, "rd.systemd.unit") && value) {
287
288                 return set_default_unit(value);
289
290         } else if (streq(key, "systemd.log_target") && value) {
291
292                 if (log_set_target_from_string(value) < 0)
293                         log_warning("Failed to parse log target %s. Ignoring.", value);
294
295         } else if (streq(key, "systemd.log_level") && value) {
296
297                 if (log_set_max_level_from_string(value) < 0)
298                         log_warning("Failed to parse log level %s. Ignoring.", value);
299
300         } else if (streq(key, "systemd.log_color") && value) {
301
302                 if (log_show_color_from_string(value) < 0)
303                         log_warning("Failed to parse log color setting %s. Ignoring.", value);
304
305         } else if (streq(key, "systemd.log_location") && value) {
306
307                 if (log_show_location_from_string(value) < 0)
308                         log_warning("Failed to parse log location setting %s. Ignoring.", value);
309
310         } else if (streq(key, "systemd.dump_core") && value) {
311
312                 r = parse_boolean(value);
313                 if (r < 0)
314                         log_warning("Failed to parse dump core switch %s. Ignoring.", value);
315                 else
316                         arg_dump_core = r;
317
318         } else if (streq(key, "systemd.crash_shell") && value) {
319
320                 r = parse_boolean(value);
321                 if (r < 0)
322                         log_warning("Failed to parse crash shell switch %s. Ignoring.", value);
323                 else
324                         arg_crash_shell = r;
325
326         } else if (streq(key, "systemd.crash_chvt") && value) {
327
328                 if (safe_atoi(value, &r) < 0)
329                         log_warning("Failed to parse crash chvt switch %s. Ignoring.", value);
330                 else
331                         arg_crash_chvt = r;
332
333         } else if (streq(key, "systemd.confirm_spawn") && value) {
334
335                 r = parse_boolean(value);
336                 if (r < 0)
337                         log_warning("Failed to parse confirm spawn switch %s. Ignoring.", value);
338                 else
339                         arg_confirm_spawn = r;
340
341         } else if (streq(key, "systemd.show_status") && value) {
342
343                 r = parse_show_status(value, &arg_show_status);
344                 if (r < 0)
345                         log_warning("Failed to parse show status switch %s. Ignoring.", value);
346
347         } else if (streq(key, "systemd.default_standard_output") && value) {
348
349                 r = exec_output_from_string(value);
350                 if (r < 0)
351                         log_warning("Failed to parse default standard output switch %s. Ignoring.", value);
352                 else
353                         arg_default_std_output = r;
354
355         } else if (streq(key, "systemd.default_standard_error") && value) {
356
357                 r = exec_output_from_string(value);
358                 if (r < 0)
359                         log_warning("Failed to parse default standard error switch %s. Ignoring.", value);
360                 else
361                         arg_default_std_error = r;
362
363         } else if (streq(key, "systemd.setenv") && value) {
364
365                 if (env_assignment_is_valid(value)) {
366                         char **env;
367
368                         env = strv_env_set(arg_default_environment, value);
369                         if (env)
370                                 arg_default_environment = env;
371                         else
372                                 log_warning("Setting environment variable '%s' failed, ignoring: %s", value, strerror(ENOMEM));
373                 } else
374                         log_warning("Environment variable name '%s' is not valid. Ignoring.", value);
375
376         } else if (!streq(key, "systemd.restore_state") &&
377                    !streq(key, "systemd.gpt_auto") &&
378                    (startswith(key, "systemd.") || startswith(key, "rd.systemd."))) {
379
380                 const char *c;
381
382                 /* Ignore systemd.journald.xyz and friends */
383                 c = key;
384                 if (startswith(c, "rd."))
385                         c += 3;
386                 if (startswith(c, "systemd."))
387                         c += 8;
388                 if (c[strcspn(c, ".=")] != '.')  {
389
390                         log_warning("Unknown kernel switch %s. Ignoring.", key);
391
392                         log_info("Supported kernel switches:\n"
393                                  "systemd.unit=UNIT                        Default unit to start\n"
394                                  "rd.systemd.unit=UNIT                     Default unit to start when run in initrd\n"
395                                  "systemd.dump_core=0|1                    Dump core on crash\n"
396                                  "systemd.crash_shell=0|1                  Run shell on crash\n"
397                                  "systemd.crash_chvt=N                     Change to VT #N on crash\n"
398                                  "systemd.confirm_spawn=0|1                Confirm every process spawn\n"
399                                  "systemd.show_status=0|1|auto             Show status updates on the console during bootup\n"
400                                  "systemd.log_target=console|kmsg|journal|journal-or-kmsg|syslog|syslog-or-kmsg|null\n"
401                                  "                                         Log target\n"
402                                  "systemd.log_level=LEVEL                  Log level\n"
403                                  "systemd.log_color=0|1                    Highlight important log messages\n"
404                                  "systemd.log_location=0|1                 Include code location in log messages\n"
405                                  "systemd.default_standard_output=null|tty|syslog|syslog+console|kmsg|kmsg+console|journal|journal+console\n"
406                                  "                                         Set default log output for services\n"
407                                  "systemd.default_standard_error=null|tty|syslog|syslog+console|kmsg|kmsg+console|journal|journal+console\n"
408                                  "                                         Set default log error output for services\n"
409                                  "systemd.setenv=ASSIGNMENT                Set an environment variable for all spawned processes\n"
410                                  "systemd.restore_state=0|1                Restore backlight/rfkill state at boot\n");
411                 }
412
413         } else if (streq(key, "quiet") && !value) {
414
415                 if (arg_show_status == _SHOW_STATUS_UNSET)
416                         arg_show_status = SHOW_STATUS_AUTO;
417
418         } else if (streq(key, "debug") && !value) {
419
420                 /* Log to kmsg, the journal socket will fill up before the
421                  * journal is started and tools running during that time
422                  * will block with every log message for for 60 seconds,
423                  * before they give up. */
424                 log_set_max_level(LOG_DEBUG);
425                 log_set_target(detect_container(NULL) > 0 ? LOG_TARGET_CONSOLE : LOG_TARGET_KMSG);
426
427         } else if (!in_initrd() && !value) {
428                 unsigned i;
429
430                 /* SysV compatibility */
431                 for (i = 0; i < ELEMENTSOF(rlmap); i += 2)
432                         if (streq(key, rlmap[i]))
433                                 return set_default_unit(rlmap[i+1]);
434         }
435
436         return 0;
437 }
438
439 #define DEFINE_SETTER(name, func, descr)                              \
440         static int name(const char *unit,                             \
441                         const char *filename,                         \
442                         unsigned line,                                \
443                         const char *section,                          \
444                         unsigned section_line,                        \
445                         const char *lvalue,                           \
446                         int ltype,                                    \
447                         const char *rvalue,                           \
448                         void *data,                                   \
449                         void *userdata) {                             \
450                                                                       \
451                 int r;                                                \
452                                                                       \
453                 assert(filename);                                     \
454                 assert(lvalue);                                       \
455                 assert(rvalue);                                       \
456                                                                       \
457                 r = func(rvalue);                                     \
458                 if (r < 0)                                            \
459                         log_syntax(unit, LOG_ERR, filename, line, -r, \
460                                    "Invalid " descr "'%s': %s",       \
461                                    rvalue, strerror(-r));             \
462                                                                       \
463                 return 0;                                             \
464         }
465
466 DEFINE_SETTER(config_parse_level2, log_set_max_level_from_string, "log level")
467 DEFINE_SETTER(config_parse_target, log_set_target_from_string, "target")
468 DEFINE_SETTER(config_parse_color, log_show_color_from_string, "color" )
469 DEFINE_SETTER(config_parse_location, log_show_location_from_string, "location")
470
471 static int config_parse_cpu_affinity2(
472                 const char *unit,
473                 const char *filename,
474                 unsigned line,
475                 const char *section,
476                 unsigned section_line,
477                 const char *lvalue,
478                 int ltype,
479                 const char *rvalue,
480                 void *data,
481                 void *userdata) {
482
483         char *w;
484         size_t l;
485         char *state;
486         cpu_set_t *c = NULL;
487         unsigned ncpus = 0;
488
489         assert(filename);
490         assert(lvalue);
491         assert(rvalue);
492
493         FOREACH_WORD_QUOTED(w, l, rvalue, state) {
494                 char *t;
495                 int r;
496                 unsigned cpu;
497
498                 if (!(t = strndup(w, l)))
499                         return log_oom();
500
501                 r = safe_atou(t, &cpu);
502                 free(t);
503
504                 if (!c)
505                         if (!(c = cpu_set_malloc(&ncpus)))
506                                 return log_oom();
507
508                 if (r < 0 || cpu >= ncpus) {
509                         log_syntax(unit, LOG_ERR, filename, line, -r,
510                                    "Failed to parse CPU affinity '%s'", rvalue);
511                         CPU_FREE(c);
512                         return -EBADMSG;
513                 }
514
515                 CPU_SET_S(cpu, CPU_ALLOC_SIZE(ncpus), c);
516         }
517
518         if (c) {
519                 if (sched_setaffinity(0, CPU_ALLOC_SIZE(ncpus), c) < 0)
520                         log_warning_unit(unit, "Failed to set CPU affinity: %m");
521
522                 CPU_FREE(c);
523         }
524
525         return 0;
526 }
527
528 static int config_parse_show_status(
529                 const char* unit,
530                 const char *filename,
531                 unsigned line,
532                 const char *section,
533                 unsigned section_line,
534                 const char *lvalue,
535                 int ltype,
536                 const char *rvalue,
537                 void *data,
538                 void *userdata) {
539
540         int k;
541         ShowStatus *b = data;
542
543         assert(filename);
544         assert(lvalue);
545         assert(rvalue);
546         assert(data);
547
548         k = parse_show_status(rvalue, b);
549         if (k < 0) {
550                 log_syntax(unit, LOG_ERR, filename, line, -k,
551                            "Failed to parse show status setting, ignoring: %s", rvalue);
552                 return 0;
553         }
554
555         return 0;
556 }
557
558 static void strv_free_free(char ***l) {
559         char ***i;
560
561         if (!l)
562                 return;
563
564         for (i = l; *i; i++)
565                 strv_free(*i);
566
567         free(l);
568 }
569
570 static void free_join_controllers(void) {
571         strv_free_free(arg_join_controllers);
572         arg_join_controllers = NULL;
573 }
574
575 static int config_parse_join_controllers(const char *unit,
576                                          const char *filename,
577                                          unsigned line,
578                                          const char *section,
579                                          unsigned section_line,
580                                          const char *lvalue,
581                                          int ltype,
582                                          const char *rvalue,
583                                          void *data,
584                                          void *userdata) {
585
586         unsigned n = 0;
587         char *state, *w;
588         size_t length;
589
590         assert(filename);
591         assert(lvalue);
592         assert(rvalue);
593
594         free_join_controllers();
595
596         FOREACH_WORD_QUOTED(w, length, rvalue, state) {
597                 char *s, **l;
598
599                 s = strndup(w, length);
600                 if (!s)
601                         return log_oom();
602
603                 l = strv_split(s, ",");
604                 free(s);
605
606                 strv_uniq(l);
607
608                 if (strv_length(l) <= 1) {
609                         strv_free(l);
610                         continue;
611                 }
612
613                 if (!arg_join_controllers) {
614                         arg_join_controllers = new(char**, 2);
615                         if (!arg_join_controllers) {
616                                 strv_free(l);
617                                 return log_oom();
618                         }
619
620                         arg_join_controllers[0] = l;
621                         arg_join_controllers[1] = NULL;
622
623                         n = 1;
624                 } else {
625                         char ***a;
626                         char ***t;
627
628                         t = new0(char**, n+2);
629                         if (!t) {
630                                 strv_free(l);
631                                 return log_oom();
632                         }
633
634                         n = 0;
635
636                         for (a = arg_join_controllers; *a; a++) {
637
638                                 if (strv_overlap(*a, l)) {
639                                         if (strv_extend_strv(&l, *a) < 0) {
640                                                 strv_free(l);
641                                                 strv_free_free(t);
642                                                 return log_oom();
643                                         }
644
645                                 } else {
646                                         char **c;
647
648                                         c = strv_copy(*a);
649                                         if (!c) {
650                                                 strv_free(l);
651                                                 strv_free_free(t);
652                                                 return log_oom();
653                                         }
654
655                                         t[n++] = c;
656                                 }
657                         }
658
659                         t[n++] = strv_uniq(l);
660
661                         strv_free_free(arg_join_controllers);
662                         arg_join_controllers = t;
663                 }
664         }
665
666         return 0;
667 }
668
669 static int parse_config_file(void) {
670
671         const ConfigTableItem items[] = {
672                 { "Manager", "LogLevel",                  config_parse_level2,           0, NULL                                   },
673                 { "Manager", "LogTarget",                 config_parse_target,           0, NULL                                   },
674                 { "Manager", "LogColor",                  config_parse_color,            0, NULL                                   },
675                 { "Manager", "LogLocation",               config_parse_location,         0, NULL                                   },
676                 { "Manager", "DumpCore",                  config_parse_bool,             0, &arg_dump_core                         },
677                 { "Manager", "CrashShell",                config_parse_bool,             0, &arg_crash_shell                       },
678                 { "Manager", "ShowStatus",                config_parse_show_status,      0, &arg_show_status                       },
679                 { "Manager", "CrashChVT",                 config_parse_int,              0, &arg_crash_chvt                        },
680                 { "Manager", "CPUAffinity",               config_parse_cpu_affinity2,    0, NULL                                   },
681                 { "Manager", "JoinControllers",           config_parse_join_controllers, 0, &arg_join_controllers                  },
682                 { "Manager", "RuntimeWatchdogSec",        config_parse_sec,              0, &arg_runtime_watchdog                  },
683                 { "Manager", "ShutdownWatchdogSec",       config_parse_sec,              0, &arg_shutdown_watchdog                 },
684                 { "Manager", "CapabilityBoundingSet",     config_parse_bounding_set,     0, &arg_capability_bounding_set_drop      },
685 #ifdef HAVE_SECCOMP
686                 { "Manager", "SystemCallArchitectures",   config_parse_syscall_archs,    0, &arg_syscall_archs                     },
687 #endif
688                 { "Manager", "TimerSlackNSec",            config_parse_nsec,             0, &arg_timer_slack_nsec                  },
689                 { "Manager", "DefaultStandardOutput",     config_parse_output,           0, &arg_default_std_output                },
690                 { "Manager", "DefaultStandardError",      config_parse_output,           0, &arg_default_std_error                 },
691                 { "Manager", "DefaultTimeoutStartSec",    config_parse_sec,              0, &arg_default_timeout_start_usec        },
692                 { "Manager", "DefaultTimeoutStopSec",     config_parse_sec,              0, &arg_default_timeout_stop_usec         },
693                 { "Manager", "DefaultRestartSec",         config_parse_sec,              0, &arg_default_restart_usec              },
694                 { "Manager", "DefaultStartLimitInterval", config_parse_sec,              0, &arg_default_start_limit_interval      },
695                 { "Manager", "DefaultStartLimitBurst",    config_parse_unsigned,         0, &arg_default_start_limit_burst         },
696                 { "Manager", "DefaultEnvironment",        config_parse_environ,          0, &arg_default_environment               },
697                 { "Manager", "DefaultLimitCPU",           config_parse_limit,            0, &arg_default_rlimit[RLIMIT_CPU]        },
698                 { "Manager", "DefaultLimitFSIZE",         config_parse_limit,            0, &arg_default_rlimit[RLIMIT_FSIZE]      },
699                 { "Manager", "DefaultLimitDATA",          config_parse_limit,            0, &arg_default_rlimit[RLIMIT_DATA]       },
700                 { "Manager", "DefaultLimitSTACK",         config_parse_limit,            0, &arg_default_rlimit[RLIMIT_STACK]      },
701                 { "Manager", "DefaultLimitCORE",          config_parse_limit,            0, &arg_default_rlimit[RLIMIT_CORE]       },
702                 { "Manager", "DefaultLimitRSS",           config_parse_limit,            0, &arg_default_rlimit[RLIMIT_RSS]        },
703                 { "Manager", "DefaultLimitNOFILE",        config_parse_limit,            0, &arg_default_rlimit[RLIMIT_NOFILE]     },
704                 { "Manager", "DefaultLimitAS",            config_parse_limit,            0, &arg_default_rlimit[RLIMIT_AS]         },
705                 { "Manager", "DefaultLimitNPROC",         config_parse_limit,            0, &arg_default_rlimit[RLIMIT_NPROC]      },
706                 { "Manager", "DefaultLimitMEMLOCK",       config_parse_limit,            0, &arg_default_rlimit[RLIMIT_MEMLOCK]    },
707                 { "Manager", "DefaultLimitLOCKS",         config_parse_limit,            0, &arg_default_rlimit[RLIMIT_LOCKS]      },
708                 { "Manager", "DefaultLimitSIGPENDING",    config_parse_limit,            0, &arg_default_rlimit[RLIMIT_SIGPENDING] },
709                 { "Manager", "DefaultLimitMSGQUEUE",      config_parse_limit,            0, &arg_default_rlimit[RLIMIT_MSGQUEUE]   },
710                 { "Manager", "DefaultLimitNICE",          config_parse_limit,            0, &arg_default_rlimit[RLIMIT_NICE]       },
711                 { "Manager", "DefaultLimitRTPRIO",        config_parse_limit,            0, &arg_default_rlimit[RLIMIT_RTPRIO]     },
712                 { "Manager", "DefaultLimitRTTIME",        config_parse_limit,            0, &arg_default_rlimit[RLIMIT_RTTIME]     },
713                 { "Manager", "DefaultCPUAccounting",      config_parse_bool,             0, &arg_default_cpu_accounting            },
714                 { "Manager", "DefaultBlockIOAccounting",  config_parse_bool,             0, &arg_default_blockio_accounting        },
715                 { "Manager", "DefaultMemoryAccounting",   config_parse_bool,             0, &arg_default_memory_accounting         },
716                 {}
717         };
718
719         _cleanup_fclose_ FILE *f;
720         const char *fn;
721         int r;
722
723         fn = arg_running_as == SYSTEMD_SYSTEM ? PKGSYSCONFDIR "/system.conf" : PKGSYSCONFDIR "/user.conf";
724         f = fopen(fn, "re");
725         if (!f) {
726                 if (errno == ENOENT)
727                         return 0;
728
729                 log_warning("Failed to open configuration file '%s': %m", fn);
730                 return 0;
731         }
732
733         r = config_parse(NULL, fn, f, "Manager\0", config_item_table_lookup, (void*) items, false, false, NULL);
734         if (r < 0)
735                 log_warning("Failed to parse configuration file: %s", strerror(-r));
736
737         return 0;
738 }
739
740 static int parse_argv(int argc, char *argv[]) {
741
742         enum {
743                 ARG_LOG_LEVEL = 0x100,
744                 ARG_LOG_TARGET,
745                 ARG_LOG_COLOR,
746                 ARG_LOG_LOCATION,
747                 ARG_UNIT,
748                 ARG_SYSTEM,
749                 ARG_USER,
750                 ARG_TEST,
751                 ARG_VERSION,
752                 ARG_DUMP_CONFIGURATION_ITEMS,
753                 ARG_DUMP_CORE,
754                 ARG_CRASH_SHELL,
755                 ARG_CONFIRM_SPAWN,
756                 ARG_SHOW_STATUS,
757                 ARG_DESERIALIZE,
758                 ARG_SWITCHED_ROOT,
759                 ARG_DEFAULT_STD_OUTPUT,
760                 ARG_DEFAULT_STD_ERROR
761         };
762
763         static const struct option options[] = {
764                 { "log-level",                required_argument, NULL, ARG_LOG_LEVEL                },
765                 { "log-target",               required_argument, NULL, ARG_LOG_TARGET               },
766                 { "log-color",                optional_argument, NULL, ARG_LOG_COLOR                },
767                 { "log-location",             optional_argument, NULL, ARG_LOG_LOCATION             },
768                 { "unit",                     required_argument, NULL, ARG_UNIT                     },
769                 { "system",                   no_argument,       NULL, ARG_SYSTEM                   },
770                 { "user",                     no_argument,       NULL, ARG_USER                     },
771                 { "test",                     no_argument,       NULL, ARG_TEST                     },
772                 { "help",                     no_argument,       NULL, 'h'                          },
773                 { "version",                  no_argument,       NULL, ARG_VERSION                  },
774                 { "dump-configuration-items", no_argument,       NULL, ARG_DUMP_CONFIGURATION_ITEMS },
775                 { "dump-core",                optional_argument, NULL, ARG_DUMP_CORE                },
776                 { "crash-shell",              optional_argument, NULL, ARG_CRASH_SHELL              },
777                 { "confirm-spawn",            optional_argument, NULL, ARG_CONFIRM_SPAWN            },
778                 { "show-status",              optional_argument, NULL, ARG_SHOW_STATUS              },
779                 { "deserialize",              required_argument, NULL, ARG_DESERIALIZE              },
780                 { "switched-root",            no_argument,       NULL, ARG_SWITCHED_ROOT            },
781                 { "default-standard-output",  required_argument, NULL, ARG_DEFAULT_STD_OUTPUT,      },
782                 { "default-standard-error",   required_argument, NULL, ARG_DEFAULT_STD_ERROR,       },
783                 {}
784         };
785
786         int c, r;
787
788         assert(argc >= 1);
789         assert(argv);
790
791         if (getpid() == 1)
792                 opterr = 0;
793
794         while ((c = getopt_long(argc, argv, "hDbsz:", options, NULL)) >= 0)
795
796                 switch (c) {
797
798                 case ARG_LOG_LEVEL:
799                         r = log_set_max_level_from_string(optarg);
800                         if (r < 0) {
801                                 log_error("Failed to parse log level %s.", optarg);
802                                 return r;
803                         }
804
805                         break;
806
807                 case ARG_LOG_TARGET:
808                         r = log_set_target_from_string(optarg);
809                         if (r < 0) {
810                                 log_error("Failed to parse log target %s.", optarg);
811                                 return r;
812                         }
813
814                         break;
815
816                 case ARG_LOG_COLOR:
817
818                         if (optarg) {
819                                 r = log_show_color_from_string(optarg);
820                                 if (r < 0) {
821                                         log_error("Failed to parse log color setting %s.", optarg);
822                                         return r;
823                                 }
824                         } else
825                                 log_show_color(true);
826
827                         break;
828
829                 case ARG_LOG_LOCATION:
830                         if (optarg) {
831                                 r = log_show_location_from_string(optarg);
832                                 if (r < 0) {
833                                         log_error("Failed to parse log location setting %s.", optarg);
834                                         return r;
835                                 }
836                         } else
837                                 log_show_location(true);
838
839                         break;
840
841                 case ARG_DEFAULT_STD_OUTPUT:
842                         r = exec_output_from_string(optarg);
843                         if (r < 0) {
844                                 log_error("Failed to parse default standard output setting %s.", optarg);
845                                 return r;
846                         } else
847                                 arg_default_std_output = r;
848                         break;
849
850                 case ARG_DEFAULT_STD_ERROR:
851                         r = exec_output_from_string(optarg);
852                         if (r < 0) {
853                                 log_error("Failed to parse default standard error output setting %s.", optarg);
854                                 return r;
855                         } else
856                                 arg_default_std_error = r;
857                         break;
858
859                 case ARG_UNIT:
860
861                         r = set_default_unit(optarg);
862                         if (r < 0) {
863                                 log_error("Failed to set default unit %s: %s", optarg, strerror(-r));
864                                 return r;
865                         }
866
867                         break;
868
869                 case ARG_SYSTEM:
870                         arg_running_as = SYSTEMD_SYSTEM;
871                         break;
872
873                 case ARG_USER:
874                         arg_running_as = SYSTEMD_USER;
875                         break;
876
877                 case ARG_TEST:
878                         arg_action = ACTION_TEST;
879                         break;
880
881                 case ARG_VERSION:
882                         arg_action = ACTION_VERSION;
883                         break;
884
885                 case ARG_DUMP_CONFIGURATION_ITEMS:
886                         arg_action = ACTION_DUMP_CONFIGURATION_ITEMS;
887                         break;
888
889                 case ARG_DUMP_CORE:
890                         r = optarg ? parse_boolean(optarg) : 1;
891                         if (r < 0) {
892                                 log_error("Failed to parse dump core boolean %s.", optarg);
893                                 return r;
894                         }
895                         arg_dump_core = r;
896                         break;
897
898                 case ARG_CRASH_SHELL:
899                         r = optarg ? parse_boolean(optarg) : 1;
900                         if (r < 0) {
901                                 log_error("Failed to parse crash shell boolean %s.", optarg);
902                                 return r;
903                         }
904                         arg_crash_shell = r;
905                         break;
906
907                 case ARG_CONFIRM_SPAWN:
908                         r = optarg ? parse_boolean(optarg) : 1;
909                         if (r < 0) {
910                                 log_error("Failed to parse confirm spawn boolean %s.", optarg);
911                                 return r;
912                         }
913                         arg_confirm_spawn = r;
914                         break;
915
916                 case ARG_SHOW_STATUS:
917                         if (optarg) {
918                                 r = parse_show_status(optarg, &arg_show_status);
919                                 if (r < 0) {
920                                         log_error("Failed to parse show status boolean %s.", optarg);
921                                         return r;
922                                 }
923                         } else
924                                 arg_show_status = SHOW_STATUS_YES;
925                         break;
926
927                 case ARG_DESERIALIZE: {
928                         int fd;
929                         FILE *f;
930
931                         r = safe_atoi(optarg, &fd);
932                         if (r < 0 || fd < 0) {
933                                 log_error("Failed to parse deserialize option %s.", optarg);
934                                 return r < 0 ? r : -EINVAL;
935                         }
936
937                         fd_cloexec(fd, true);
938
939                         f = fdopen(fd, "r");
940                         if (!f) {
941                                 log_error("Failed to open serialization fd: %m");
942                                 return -errno;
943                         }
944
945                         if (arg_serialization)
946                                 fclose(arg_serialization);
947
948                         arg_serialization = f;
949
950                         break;
951                 }
952
953                 case ARG_SWITCHED_ROOT:
954                         arg_switched_root = true;
955                         break;
956
957                 case 'h':
958                         arg_action = ACTION_HELP;
959                         break;
960
961                 case 'D':
962                         log_set_max_level(LOG_DEBUG);
963                         break;
964
965                 case 'b':
966                 case 's':
967                 case 'z':
968                         /* Just to eat away the sysvinit kernel
969                          * cmdline args without getopt() error
970                          * messages that we'll parse in
971                          * parse_proc_cmdline_word() or ignore. */
972
973                 case '?':
974                 default:
975                         if (getpid() != 1) {
976                                 log_error("Unknown option code %c", c);
977                                 return -EINVAL;
978                         }
979
980                         break;
981                 }
982
983         if (optind < argc && getpid() != 1) {
984                 /* Hmm, when we aren't run as init system
985                  * let's complain about excess arguments */
986
987                 log_error("Excess arguments.");
988                 return -EINVAL;
989         }
990
991         if (detect_container(NULL) > 0) {
992                 char **a;
993
994                 /* All /proc/cmdline arguments the kernel didn't
995                  * understand it passed to us. We're not really
996                  * interested in that usually since /proc/cmdline is
997                  * more interesting and complete. With one exception:
998                  * if we are run in a container /proc/cmdline is not
999                  * relevant for the container, hence we rely on argv[]
1000                  * instead. */
1001
1002                 for (a = argv; a < argv + argc; a++) {
1003                         _cleanup_free_ char *w;
1004                         char *value;
1005
1006                         w = strdup(*a);
1007                         if (!w)
1008                                 return log_oom();
1009
1010                         value = strchr(w, '=');
1011                         if (value)
1012                                 *(value++) = 0;
1013
1014                         r = parse_proc_cmdline_item(w, value);
1015                         if (r < 0) {
1016                                 log_error("Failed on cmdline argument %s: %s", *a, strerror(-r));
1017                                 return r;
1018                         }
1019                 }
1020         }
1021
1022         return 0;
1023 }
1024
1025 static int help(void) {
1026
1027         printf("%s [OPTIONS...]\n\n"
1028                "Starts up and maintains the system or user services.\n\n"
1029                "  -h --help                      Show this help\n"
1030                "     --test                      Determine startup sequence, dump it and exit\n"
1031                "     --dump-configuration-items  Dump understood unit configuration items\n"
1032                "     --unit=UNIT                 Set default unit\n"
1033                "     --system                    Run a system instance, even if PID != 1\n"
1034                "     --user                      Run a user instance\n"
1035                "     --dump-core[=0|1]           Dump core on crash\n"
1036                "     --crash-shell[=0|1]         Run shell on crash\n"
1037                "     --confirm-spawn[=0|1]       Ask for confirmation when spawning processes\n"
1038                "     --show-status[=0|1]         Show status updates on the console during bootup\n"
1039                "     --log-target=TARGET         Set log target (console, journal, syslog, kmsg, journal-or-kmsg, syslog-or-kmsg, null)\n"
1040                "     --log-level=LEVEL           Set log level (debug, info, notice, warning, err, crit, alert, emerg)\n"
1041                "     --log-color[=0|1]           Highlight important log messages\n"
1042                "     --log-location[=0|1]        Include code location in log messages\n"
1043                "     --default-standard-output=  Set default standard output for services\n"
1044                "     --default-standard-error=   Set default standard error output for services\n",
1045                program_invocation_short_name);
1046
1047         return 0;
1048 }
1049
1050 static int version(void) {
1051         puts(PACKAGE_STRING);
1052         puts(SYSTEMD_FEATURES);
1053
1054         return 0;
1055 }
1056
1057 static int prepare_reexecute(Manager *m, FILE **_f, FDSet **_fds, bool switching_root) {
1058         FILE *f = NULL;
1059         FDSet *fds = NULL;
1060         int r;
1061
1062         assert(m);
1063         assert(_f);
1064         assert(_fds);
1065
1066         r = manager_open_serialization(m, &f);
1067         if (r < 0) {
1068                 log_error("Failed to create serialization file: %s", strerror(-r));
1069                 goto fail;
1070         }
1071
1072         /* Make sure nothing is really destructed when we shut down */
1073         m->n_reloading ++;
1074         bus_manager_send_reloading(m, true);
1075
1076         fds = fdset_new();
1077         if (!fds) {
1078                 r = -ENOMEM;
1079                 log_error("Failed to allocate fd set: %s", strerror(-r));
1080                 goto fail;
1081         }
1082
1083         r = manager_serialize(m, f, fds, switching_root);
1084         if (r < 0) {
1085                 log_error("Failed to serialize state: %s", strerror(-r));
1086                 goto fail;
1087         }
1088
1089         if (fseeko(f, 0, SEEK_SET) < 0) {
1090                 log_error("Failed to rewind serialization fd: %m");
1091                 goto fail;
1092         }
1093
1094         r = fd_cloexec(fileno(f), false);
1095         if (r < 0) {
1096                 log_error("Failed to disable O_CLOEXEC for serialization: %s", strerror(-r));
1097                 goto fail;
1098         }
1099
1100         r = fdset_cloexec(fds, false);
1101         if (r < 0) {
1102                 log_error("Failed to disable O_CLOEXEC for serialization fds: %s", strerror(-r));
1103                 goto fail;
1104         }
1105
1106         *_f = f;
1107         *_fds = fds;
1108
1109         return 0;
1110
1111 fail:
1112         fdset_free(fds);
1113
1114         if (f)
1115                 fclose(f);
1116
1117         return r;
1118 }
1119
1120 static int bump_rlimit_nofile(struct rlimit *saved_rlimit) {
1121         struct rlimit nl;
1122         int r;
1123
1124         assert(saved_rlimit);
1125
1126         /* Save the original RLIMIT_NOFILE so that we can reset it
1127          * later when transitioning from the initrd to the main
1128          * systemd or suchlike. */
1129         if (getrlimit(RLIMIT_NOFILE, saved_rlimit) < 0) {
1130                 log_error("Reading RLIMIT_NOFILE failed: %m");
1131                 return -errno;
1132         }
1133
1134         /* Make sure forked processes get the default kernel setting */
1135         if (!arg_default_rlimit[RLIMIT_NOFILE]) {
1136                 struct rlimit *rl;
1137
1138                 rl = newdup(struct rlimit, saved_rlimit, 1);
1139                 if (!rl)
1140                         return log_oom();
1141
1142                 arg_default_rlimit[RLIMIT_NOFILE] = rl;
1143         }
1144
1145         /* Bump up the resource limit for ourselves substantially */
1146         nl.rlim_cur = nl.rlim_max = 64*1024;
1147         r = setrlimit_closest(RLIMIT_NOFILE, &nl);
1148         if (r < 0) {
1149                 log_error("Setting RLIMIT_NOFILE failed: %s", strerror(-r));
1150                 return r;
1151         }
1152
1153         return 0;
1154 }
1155
1156 static void test_mtab(void) {
1157         char *p;
1158
1159         /* Check that /etc/mtab is a symlink */
1160
1161         if (readlink_malloc("/etc/mtab", &p) >= 0) {
1162                 bool b;
1163
1164                 b = streq(p, "/proc/self/mounts") || streq(p, "/proc/mounts");
1165                 free(p);
1166
1167                 if (b)
1168                         return;
1169         }
1170
1171         log_warning("/etc/mtab is not a symlink or not pointing to /proc/self/mounts. "
1172                     "This is not supported anymore. "
1173                     "Please make sure to replace this file by a symlink to avoid incorrect or misleading mount(8) output.");
1174 }
1175
1176 static void test_usr(void) {
1177
1178         /* Check that /usr is not a separate fs */
1179
1180         if (dir_is_empty("/usr") <= 0)
1181                 return;
1182
1183         log_warning("/usr appears to be on its own filesytem and is not already mounted. This is not a supported setup. "
1184                     "Some things will probably break (sometimes even silently) in mysterious ways. "
1185                     "Consult http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken for more information.");
1186 }
1187
1188 static void test_cgroups(void) {
1189
1190         if (access("/proc/cgroups", F_OK) >= 0)
1191                 return;
1192
1193         log_warning("CONFIG_CGROUPS was not set when your kernel was compiled. "
1194                     "Systems without control groups are not supported. "
1195                     "We will now sleep for 10s, and then continue boot-up. "
1196                     "Expect breakage and please do not file bugs. "
1197                     "Instead fix your kernel and enable CONFIG_CGROUPS. "
1198                     "Consult http://0pointer.de/blog/projects/cgroups-vs-cgroups.html for more information.");
1199
1200         sleep(10);
1201 }
1202
1203 static int initialize_join_controllers(void) {
1204         /* By default, mount "cpu" + "cpuacct" together, and "net_cls"
1205          * + "net_prio". We'd like to add "cpuset" to the mix, but
1206          * "cpuset" does't really work for groups with no initialized
1207          * attributes. */
1208
1209         arg_join_controllers = new(char**, 3);
1210         if (!arg_join_controllers)
1211                 return -ENOMEM;
1212
1213         arg_join_controllers[0] = strv_new("cpu", "cpuacct", NULL);
1214         arg_join_controllers[1] = strv_new("net_cls", "net_prio", NULL);
1215         arg_join_controllers[2] = NULL;
1216
1217         if (!arg_join_controllers[0] || !arg_join_controllers[1]) {
1218                 free_join_controllers();
1219                 return -ENOMEM;
1220         }
1221
1222         return 0;
1223 }
1224
1225 static int enforce_syscall_archs(Set *archs) {
1226 #ifdef HAVE_SECCOMP
1227         scmp_filter_ctx *seccomp;
1228         Iterator i;
1229         void *id;
1230         int r;
1231
1232         seccomp = seccomp_init(SCMP_ACT_ALLOW);
1233         if (!seccomp)
1234                 return log_oom();
1235
1236         SET_FOREACH(id, arg_syscall_archs, i) {
1237                 r = seccomp_arch_add(seccomp, PTR_TO_UINT32(id) - 1);
1238                 if (r == -EEXIST)
1239                         continue;
1240                 if (r < 0) {
1241                         log_error("Failed to add architecture to seccomp: %s", strerror(-r));
1242                         goto finish;
1243                 }
1244         }
1245
1246         r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);
1247         if (r < 0) {
1248                 log_error("Failed to unset NO_NEW_PRIVS: %s", strerror(-r));
1249                 goto finish;
1250         }
1251
1252         r = seccomp_load(seccomp);
1253         if (r < 0)
1254                 log_error("Failed to add install architecture seccomp: %s", strerror(-r));
1255
1256 finish:
1257         seccomp_release(seccomp);
1258         return r;
1259 #else
1260         return 0;
1261 #endif
1262 }
1263
1264 static int status_welcome(void) {
1265         _cleanup_free_ char *pretty_name = NULL, *ansi_color = NULL;
1266         int r;
1267
1268         r = parse_env_file("/etc/os-release", NEWLINE,
1269                            "PRETTY_NAME", &pretty_name,
1270                            "ANSI_COLOR", &ansi_color,
1271                            NULL);
1272
1273         if (r < 0 && r != -ENOENT)
1274                 log_warning("Failed to read /etc/os-release: %s", strerror(-r));
1275
1276         return status_printf(NULL, false, false,
1277                              "\nWelcome to \x1B[%sm%s\x1B[0m!\n",
1278                              isempty(ansi_color) ? "1" : ansi_color,
1279                              isempty(pretty_name) ? "Linux" : pretty_name);
1280 }
1281
1282 int main(int argc, char *argv[]) {
1283         Manager *m = NULL;
1284         int r, retval = EXIT_FAILURE;
1285         usec_t before_startup, after_startup;
1286         char timespan[FORMAT_TIMESPAN_MAX];
1287         FDSet *fds = NULL;
1288         bool reexecute = false;
1289         const char *shutdown_verb = NULL;
1290         dual_timestamp initrd_timestamp = { 0ULL, 0ULL };
1291         dual_timestamp userspace_timestamp = { 0ULL, 0ULL };
1292         dual_timestamp kernel_timestamp = { 0ULL, 0ULL };
1293         dual_timestamp security_start_timestamp = { 0ULL, 0ULL };
1294         dual_timestamp security_finish_timestamp = { 0ULL, 0ULL };
1295         static char systemd[] = "systemd";
1296         bool skip_setup = false;
1297         unsigned j;
1298         bool loaded_policy = false;
1299         bool arm_reboot_watchdog = false;
1300         bool queue_default_job = false;
1301         char *switch_root_dir = NULL, *switch_root_init = NULL;
1302         static struct rlimit saved_rlimit_nofile = { 0, 0 };
1303
1304 #ifdef HAVE_SYSV_COMPAT
1305         if (getpid() != 1 && strstr(program_invocation_short_name, "init")) {
1306                 /* This is compatibility support for SysV, where
1307                  * calling init as a user is identical to telinit. */
1308
1309                 errno = -ENOENT;
1310                 execv(SYSTEMCTL_BINARY_PATH, argv);
1311                 log_error("Failed to exec " SYSTEMCTL_BINARY_PATH ": %m");
1312                 return 1;
1313         }
1314 #endif
1315
1316         dual_timestamp_from_monotonic(&kernel_timestamp, 0);
1317         dual_timestamp_get(&userspace_timestamp);
1318
1319         /* Determine if this is a reexecution or normal bootup. We do
1320          * the full command line parsing much later, so let's just
1321          * have a quick peek here. */
1322         if (strv_find(argv+1, "--deserialize"))
1323                 skip_setup = true;
1324
1325         /* If we have switched root, do all the special setup
1326          * things */
1327         if (strv_find(argv+1, "--switched-root"))
1328                 skip_setup = false;
1329
1330         /* If we get started via the /sbin/init symlink then we are
1331            called 'init'. After a subsequent reexecution we are then
1332            called 'systemd'. That is confusing, hence let's call us
1333            systemd right-away. */
1334         program_invocation_short_name = systemd;
1335         prctl(PR_SET_NAME, systemd);
1336
1337         saved_argv = argv;
1338         saved_argc = argc;
1339
1340         log_show_color(isatty(STDERR_FILENO) > 0);
1341
1342         /* Disable the umask logic */
1343         if (getpid() == 1)
1344                 umask(0);
1345
1346         if (getpid() == 1 && detect_container(NULL) <= 0) {
1347
1348                 /* Running outside of a container as PID 1 */
1349                 arg_running_as = SYSTEMD_SYSTEM;
1350                 make_null_stdio();
1351                 log_set_target(LOG_TARGET_KMSG);
1352                 log_open();
1353
1354                 if (in_initrd())
1355                         initrd_timestamp = userspace_timestamp;
1356
1357                 if (!skip_setup) {
1358                         mount_setup_early();
1359                         dual_timestamp_get(&security_start_timestamp);
1360                         if (selinux_setup(&loaded_policy) < 0)
1361                                 goto finish;
1362                         if (ima_setup() < 0)
1363                                 goto finish;
1364                         if (smack_setup(&loaded_policy) < 0)
1365                                 goto finish;
1366                         dual_timestamp_get(&security_finish_timestamp);
1367                 }
1368
1369                 if (label_init(NULL) < 0)
1370                         goto finish;
1371
1372                 if (!skip_setup) {
1373                         if (hwclock_is_localtime() > 0) {
1374                                 int min;
1375
1376                                 /* The first-time call to settimeofday() does a time warp in the kernel */
1377                                 r = hwclock_set_timezone(&min);
1378                                 if (r < 0)
1379                                         log_error("Failed to apply local time delta, ignoring: %s", strerror(-r));
1380                                 else
1381                                         log_info("RTC configured in localtime, applying delta of %i minutes to system time.", min);
1382                         } else if (!in_initrd()) {
1383                                 /*
1384                                  * Do dummy first-time call to seal the kernel's time warp magic
1385                                  *
1386                                  * Do not call this this from inside the initrd. The initrd might not
1387                                  * carry /etc/adjtime with LOCAL, but the real system could be set up
1388                                  * that way. In such case, we need to delay the time-warp or the sealing
1389                                  * until we reach the real system.
1390                                  */
1391                                 hwclock_reset_timezone();
1392
1393                                 /* Tell the kernel our timezone */
1394                                 r = hwclock_set_timezone(NULL);
1395                                 if (r < 0)
1396                                         log_error("Failed to set the kernel's timezone, ignoring: %s", strerror(-r));
1397                         }
1398                 }
1399
1400                 /* Set the default for later on, but don't actually
1401                  * open the logs like this for now. Note that if we
1402                  * are transitioning from the initrd there might still
1403                  * be journal fd open, and we shouldn't attempt
1404                  * opening that before we parsed /proc/cmdline which
1405                  * might redirect output elsewhere. */
1406                 log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
1407
1408         } else if (getpid() == 1) {
1409                 /* Running inside a container, as PID 1 */
1410                 arg_running_as = SYSTEMD_SYSTEM;
1411                 log_set_target(LOG_TARGET_CONSOLE);
1412                 log_close_console(); /* force reopen of /dev/console */
1413                 log_open();
1414
1415                 /* For the later on, see above... */
1416                 log_set_target(LOG_TARGET_JOURNAL);
1417
1418                 /* clear the kernel timestamp,
1419                  * because we are in a container */
1420                 kernel_timestamp.monotonic = 0ULL;
1421                 kernel_timestamp.realtime = 0ULL;
1422
1423         } else {
1424                 /* Running as user instance */
1425                 arg_running_as = SYSTEMD_USER;
1426                 log_set_target(LOG_TARGET_AUTO);
1427                 log_open();
1428
1429                 /* clear the kernel timestamp,
1430                  * because we are not PID 1 */
1431                 kernel_timestamp.monotonic = 0ULL;
1432                 kernel_timestamp.realtime = 0ULL;
1433         }
1434
1435         /* Initialize default unit */
1436         r = set_default_unit(SPECIAL_DEFAULT_TARGET);
1437         if (r < 0) {
1438                 log_error("Failed to set default unit %s: %s", SPECIAL_DEFAULT_TARGET, strerror(-r));
1439                 goto finish;
1440         }
1441
1442         r = initialize_join_controllers();
1443         if (r < 0)
1444                 goto finish;
1445
1446         /* Mount /proc, /sys and friends, so that /proc/cmdline and
1447          * /proc/$PID/fd is available. */
1448         if (getpid() == 1) {
1449                 r = mount_setup(loaded_policy);
1450                 if (r < 0)
1451                         goto finish;
1452         }
1453
1454         /* Reset all signal handlers. */
1455         assert_se(reset_all_signal_handlers() == 0);
1456
1457         ignore_signals(SIGNALS_IGNORE, -1);
1458
1459         if (parse_config_file() < 0)
1460                 goto finish;
1461
1462         if (arg_running_as == SYSTEMD_SYSTEM)
1463                 if (parse_proc_cmdline(parse_proc_cmdline_item) < 0)
1464                         goto finish;
1465
1466         log_parse_environment();
1467
1468         if (parse_argv(argc, argv) < 0)
1469                 goto finish;
1470
1471         if (arg_action == ACTION_TEST &&
1472             geteuid() == 0) {
1473                 log_error("Don't run test mode as root.");
1474                 goto finish;
1475         }
1476
1477         if (arg_running_as == SYSTEMD_USER &&
1478             arg_action == ACTION_RUN &&
1479             sd_booted() <= 0) {
1480                 log_error("Trying to run as user instance, but the system has not been booted with systemd.");
1481                 goto finish;
1482         }
1483
1484         if (arg_running_as == SYSTEMD_SYSTEM &&
1485             arg_action == ACTION_RUN &&
1486             running_in_chroot() > 0) {
1487                 log_error("Cannot be run in a chroot() environment.");
1488                 goto finish;
1489         }
1490
1491         if (arg_action == ACTION_HELP) {
1492                 retval = help();
1493                 goto finish;
1494         } else if (arg_action == ACTION_VERSION) {
1495                 retval = version();
1496                 goto finish;
1497         } else if (arg_action == ACTION_DUMP_CONFIGURATION_ITEMS) {
1498                 unit_dump_config_items(stdout);
1499                 retval = EXIT_SUCCESS;
1500                 goto finish;
1501         } else if (arg_action == ACTION_DONE) {
1502                 retval = EXIT_SUCCESS;
1503                 goto finish;
1504         }
1505
1506         if (arg_running_as == SYSTEMD_USER &&
1507             !getenv("XDG_RUNTIME_DIR")) {
1508                 log_error("Trying to run as user instance, but $XDG_RUNTIME_DIR is not set.");
1509                 goto finish;
1510         }
1511
1512         assert_se(arg_action == ACTION_RUN || arg_action == ACTION_TEST);
1513
1514         /* Close logging fds, in order not to confuse fdset below */
1515         log_close();
1516
1517         /* Remember open file descriptors for later deserialization */
1518         r = fdset_new_fill(&fds);
1519         if (r < 0) {
1520                 log_error("Failed to allocate fd set: %s", strerror(-r));
1521                 goto finish;
1522         } else
1523                 fdset_cloexec(fds, true);
1524
1525         if (arg_serialization)
1526                 assert_se(fdset_remove(fds, fileno(arg_serialization)) >= 0);
1527
1528         if (arg_running_as == SYSTEMD_SYSTEM)
1529                 /* Become a session leader if we aren't one yet. */
1530                 setsid();
1531
1532         /* Move out of the way, so that we won't block unmounts */
1533         assert_se(chdir("/")  == 0);
1534
1535         /* Reset the console, but only if this is really init and we
1536          * are freshly booted */
1537         if (arg_running_as == SYSTEMD_SYSTEM && arg_action == ACTION_RUN)
1538                 console_setup(getpid() == 1 && !skip_setup);
1539
1540         /* Open the logging devices, if possible and necessary */
1541         log_open();
1542
1543         if (arg_show_status == _SHOW_STATUS_UNSET)
1544                 arg_show_status = SHOW_STATUS_YES;
1545
1546         /* Make sure we leave a core dump without panicing the
1547          * kernel. */
1548         if (getpid() == 1) {
1549                 install_crash_handler();
1550
1551                 r = mount_cgroup_controllers(arg_join_controllers);
1552                 if (r < 0)
1553                         goto finish;
1554         }
1555
1556         if (arg_running_as == SYSTEMD_SYSTEM) {
1557                 const char *virtualization = NULL;
1558
1559                 log_info(PACKAGE_STRING " running in system mode. (" SYSTEMD_FEATURES ")");
1560
1561                 detect_virtualization(&virtualization);
1562                 if (virtualization)
1563                         log_info("Detected virtualization '%s'.", virtualization);
1564
1565                 log_info("Detected architecture '%s'.", architecture_to_string(uname_architecture()));
1566
1567                 if (in_initrd())
1568                         log_info("Running in initial RAM disk.");
1569
1570         } else {
1571                 _cleanup_free_ char *t = uid_to_name(getuid());
1572                 log_debug(PACKAGE_STRING " running in user mode for user "PID_FMT"/%s. (" SYSTEMD_FEATURES ")",
1573                           getuid(), t);
1574         }
1575
1576         if (arg_running_as == SYSTEMD_SYSTEM && !skip_setup) {
1577                 if (arg_show_status > 0 || plymouth_running())
1578                         status_welcome();
1579
1580 #ifdef HAVE_KMOD
1581                 if (detect_container(NULL) <= 0)
1582                         kmod_setup();
1583 #endif
1584                 hostname_setup();
1585                 machine_id_setup("");
1586                 loopback_setup();
1587
1588                 test_mtab();
1589                 test_usr();
1590                 test_cgroups();
1591         }
1592
1593         if (arg_running_as == SYSTEMD_SYSTEM && arg_runtime_watchdog > 0)
1594                 watchdog_set_timeout(&arg_runtime_watchdog);
1595
1596         if (arg_timer_slack_nsec != (nsec_t) -1)
1597                 if (prctl(PR_SET_TIMERSLACK, arg_timer_slack_nsec) < 0)
1598                         log_error("Failed to adjust timer slack: %m");
1599
1600         if (arg_capability_bounding_set_drop) {
1601                 r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop);
1602                 if (r < 0) {
1603                         log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r));
1604                         goto finish;
1605                 }
1606                 r = capability_bounding_set_drop(arg_capability_bounding_set_drop, true);
1607                 if (r < 0) {
1608                         log_error("Failed to drop capability bounding set: %s", strerror(-r));
1609                         goto finish;
1610                 }
1611         }
1612
1613         if (arg_syscall_archs) {
1614                 r = enforce_syscall_archs(arg_syscall_archs);
1615                 if (r < 0)
1616                         goto finish;
1617         }
1618
1619         if (arg_running_as == SYSTEMD_USER) {
1620                 /* Become reaper of our children */
1621                 if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0) {
1622                         log_warning("Failed to make us a subreaper: %m");
1623                         if (errno == EINVAL)
1624                                 log_info("Perhaps the kernel version is too old (< 3.4?)");
1625                 }
1626         }
1627
1628         if (arg_running_as == SYSTEMD_SYSTEM)
1629                 bump_rlimit_nofile(&saved_rlimit_nofile);
1630
1631         r = manager_new(arg_running_as, &m);
1632         if (r < 0) {
1633                 log_error("Failed to allocate manager object: %s", strerror(-r));
1634                 goto finish;
1635         }
1636
1637         m->confirm_spawn = arg_confirm_spawn;
1638         m->default_std_output = arg_default_std_output;
1639         m->default_std_error = arg_default_std_error;
1640         m->default_restart_usec = arg_default_restart_usec;
1641         m->default_timeout_start_usec = arg_default_timeout_start_usec;
1642         m->default_timeout_stop_usec = arg_default_timeout_stop_usec;
1643         m->default_start_limit_interval = arg_default_start_limit_interval;
1644         m->default_start_limit_burst = arg_default_start_limit_burst;
1645         m->default_cpu_accounting = arg_default_cpu_accounting;
1646         m->default_blockio_accounting = arg_default_blockio_accounting;
1647         m->default_memory_accounting = arg_default_memory_accounting;
1648         m->runtime_watchdog = arg_runtime_watchdog;
1649         m->shutdown_watchdog = arg_shutdown_watchdog;
1650         m->userspace_timestamp = userspace_timestamp;
1651         m->kernel_timestamp = kernel_timestamp;
1652         m->initrd_timestamp = initrd_timestamp;
1653         m->security_start_timestamp = security_start_timestamp;
1654         m->security_finish_timestamp = security_finish_timestamp;
1655
1656         manager_set_default_rlimits(m, arg_default_rlimit);
1657         manager_environment_add(m, NULL, arg_default_environment);
1658         manager_set_show_status(m, arg_show_status);
1659
1660         /* Remember whether we should queue the default job */
1661         queue_default_job = !arg_serialization || arg_switched_root;
1662
1663         before_startup = now(CLOCK_MONOTONIC);
1664
1665         r = manager_startup(m, arg_serialization, fds);
1666         if (r < 0)
1667                 log_error("Failed to fully start up daemon: %s", strerror(-r));
1668
1669         /* This will close all file descriptors that were opened, but
1670          * not claimed by any unit. */
1671         fdset_free(fds);
1672         fds = NULL;
1673
1674         if (arg_serialization) {
1675                 fclose(arg_serialization);
1676                 arg_serialization = NULL;
1677         }
1678
1679         if (queue_default_job) {
1680                 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1681                 Unit *target = NULL;
1682                 Job *default_unit_job;
1683
1684                 log_debug("Activating default unit: %s", arg_default_unit);
1685
1686                 r = manager_load_unit(m, arg_default_unit, NULL, &error, &target);
1687                 if (r < 0)
1688                         log_error("Failed to load default target: %s", bus_error_message(&error, r));
1689                 else if (target->load_state == UNIT_ERROR || target->load_state == UNIT_NOT_FOUND)
1690                         log_error("Failed to load default target: %s", strerror(-target->load_error));
1691                 else if (target->load_state == UNIT_MASKED)
1692                         log_error("Default target masked.");
1693
1694                 if (!target || target->load_state != UNIT_LOADED) {
1695                         log_info("Trying to load rescue target...");
1696
1697                         r = manager_load_unit(m, SPECIAL_RESCUE_TARGET, NULL, &error, &target);
1698                         if (r < 0) {
1699                                 log_error("Failed to load rescue target: %s", bus_error_message(&error, r));
1700                                 goto finish;
1701                         } else if (target->load_state == UNIT_ERROR || target->load_state == UNIT_NOT_FOUND) {
1702                                 log_error("Failed to load rescue target: %s", strerror(-target->load_error));
1703                                 goto finish;
1704                         } else if (target->load_state == UNIT_MASKED) {
1705                                 log_error("Rescue target masked.");
1706                                 goto finish;
1707                         }
1708                 }
1709
1710                 assert(target->load_state == UNIT_LOADED);
1711
1712                 if (arg_action == ACTION_TEST) {
1713                         printf("-> By units:\n");
1714                         manager_dump_units(m, stdout, "\t");
1715                 }
1716
1717                 r = manager_add_job(m, JOB_START, target, JOB_ISOLATE, false, &error, &default_unit_job);
1718                 if (r == -EPERM) {
1719                         log_debug("Default target could not be isolated, starting instead: %s", bus_error_message(&error, r));
1720
1721                         r = manager_add_job(m, JOB_START, target, JOB_REPLACE, false, &error, &default_unit_job);
1722                         if (r < 0) {
1723                                 log_error("Failed to start default target: %s", bus_error_message(&error, r));
1724                                 goto finish;
1725                         }
1726                 } else if (r < 0) {
1727                         log_error("Failed to isolate default target: %s", bus_error_message(&error, r));
1728                         goto finish;
1729                 }
1730
1731                 m->default_unit_job_id = default_unit_job->id;
1732
1733                 after_startup = now(CLOCK_MONOTONIC);
1734                 log_full(arg_action == ACTION_TEST ? LOG_INFO : LOG_DEBUG,
1735                          "Loaded units and determined initial transaction in %s.",
1736                          format_timespan(timespan, sizeof(timespan), after_startup - before_startup, 0));
1737
1738                 if (arg_action == ACTION_TEST) {
1739                         printf("-> By jobs:\n");
1740                         manager_dump_jobs(m, stdout, "\t");
1741                         retval = EXIT_SUCCESS;
1742                         goto finish;
1743                 }
1744         }
1745
1746         for (;;) {
1747                 r = manager_loop(m);
1748                 if (r < 0) {
1749                         log_error("Failed to run mainloop: %s", strerror(-r));
1750                         goto finish;
1751                 }
1752
1753                 switch (m->exit_code) {
1754
1755                 case MANAGER_EXIT:
1756                         retval = EXIT_SUCCESS;
1757                         log_debug("Exit.");
1758                         goto finish;
1759
1760                 case MANAGER_RELOAD:
1761                         log_info("Reloading.");
1762                         r = manager_reload(m);
1763                         if (r < 0)
1764                                 log_error("Failed to reload: %s", strerror(-r));
1765                         break;
1766
1767                 case MANAGER_REEXECUTE:
1768
1769                         if (prepare_reexecute(m, &arg_serialization, &fds, false) < 0)
1770                                 goto finish;
1771
1772                         reexecute = true;
1773                         log_notice("Reexecuting.");
1774                         goto finish;
1775
1776                 case MANAGER_SWITCH_ROOT:
1777                         /* Steal the switch root parameters */
1778                         switch_root_dir = m->switch_root;
1779                         switch_root_init = m->switch_root_init;
1780                         m->switch_root = m->switch_root_init = NULL;
1781
1782                         if (!switch_root_init)
1783                                 if (prepare_reexecute(m, &arg_serialization, &fds, true) < 0)
1784                                         goto finish;
1785
1786                         reexecute = true;
1787                         log_notice("Switching root.");
1788                         goto finish;
1789
1790                 case MANAGER_REBOOT:
1791                 case MANAGER_POWEROFF:
1792                 case MANAGER_HALT:
1793                 case MANAGER_KEXEC: {
1794                         static const char * const table[_MANAGER_EXIT_CODE_MAX] = {
1795                                 [MANAGER_REBOOT] = "reboot",
1796                                 [MANAGER_POWEROFF] = "poweroff",
1797                                 [MANAGER_HALT] = "halt",
1798                                 [MANAGER_KEXEC] = "kexec"
1799                         };
1800
1801                         assert_se(shutdown_verb = table[m->exit_code]);
1802                         arm_reboot_watchdog = m->exit_code == MANAGER_REBOOT;
1803
1804                         log_notice("Shutting down.");
1805                         goto finish;
1806                 }
1807
1808                 default:
1809                         assert_not_reached("Unknown exit code.");
1810                 }
1811         }
1812
1813 finish:
1814         if (m) {
1815                 manager_free(m);
1816                 m = NULL;
1817         }
1818
1819         for (j = 0; j < ELEMENTSOF(arg_default_rlimit); j++) {
1820                 free(arg_default_rlimit[j]);
1821                 arg_default_rlimit[j] = NULL;
1822         }
1823
1824         free(arg_default_unit);
1825         arg_default_unit = NULL;
1826
1827         free_join_controllers();
1828
1829         strv_free(arg_default_environment);
1830         arg_default_environment = NULL;
1831
1832         set_free(arg_syscall_archs);
1833         arg_syscall_archs = NULL;
1834
1835         label_finish();
1836
1837         if (reexecute) {
1838                 const char **args;
1839                 unsigned i, args_size;
1840
1841                 /* Close and disarm the watchdog, so that the new
1842                  * instance can reinitialize it, but doesn't get
1843                  * rebooted while we do that */
1844                 watchdog_close(true);
1845
1846                 /* Reset the RLIMIT_NOFILE to the kernel default, so
1847                  * that the new systemd can pass the kernel default to
1848                  * its child processes */
1849                 if (saved_rlimit_nofile.rlim_cur > 0)
1850                         setrlimit(RLIMIT_NOFILE, &saved_rlimit_nofile);
1851
1852                 if (switch_root_dir) {
1853                         /* Kill all remaining processes from the
1854                          * initrd, but don't wait for them, so that we
1855                          * can handle the SIGCHLD for them after
1856                          * deserializing. */
1857                         broadcast_signal(SIGTERM, false, true);
1858
1859                         /* And switch root */
1860                         r = switch_root(switch_root_dir);
1861                         if (r < 0)
1862                                 log_error("Failed to switch root, ignoring: %s", strerror(-r));
1863                 }
1864
1865                 args_size = MAX(6, argc+1);
1866                 args = newa(const char*, args_size);
1867
1868                 if (!switch_root_init) {
1869                         char sfd[16];
1870
1871                         /* First try to spawn ourselves with the right
1872                          * path, and with full serialization. We do
1873                          * this only if the user didn't specify an
1874                          * explicit init to spawn. */
1875
1876                         assert(arg_serialization);
1877                         assert(fds);
1878
1879                         snprintf(sfd, sizeof(sfd), "%i", fileno(arg_serialization));
1880                         char_array_0(sfd);
1881
1882                         i = 0;
1883                         args[i++] = SYSTEMD_BINARY_PATH;
1884                         if (switch_root_dir)
1885                                 args[i++] = "--switched-root";
1886                         args[i++] = arg_running_as == SYSTEMD_SYSTEM ? "--system" : "--user";
1887                         args[i++] = "--deserialize";
1888                         args[i++] = sfd;
1889                         args[i++] = NULL;
1890
1891                         /* do not pass along the environment we inherit from the kernel or initrd */
1892                         if (switch_root_dir)
1893                                 clearenv();
1894
1895                         assert(i <= args_size);
1896                         execv(args[0], (char* const*) args);
1897                 }
1898
1899                 /* Try the fallback, if there is any, without any
1900                  * serialization. We pass the original argv[] and
1901                  * envp[]. (Well, modulo the ordering changes due to
1902                  * getopt() in argv[], and some cleanups in envp[],
1903                  * but let's hope that doesn't matter.) */
1904
1905                 if (arg_serialization) {
1906                         fclose(arg_serialization);
1907                         arg_serialization = NULL;
1908                 }
1909
1910                 if (fds) {
1911                         fdset_free(fds);
1912                         fds = NULL;
1913                 }
1914
1915                 /* Reopen the console */
1916                 make_console_stdio();
1917
1918                 for (j = 1, i = 1; j < (unsigned) argc; j++)
1919                         args[i++] = argv[j];
1920                 args[i++] = NULL;
1921                 assert(i <= args_size);
1922
1923                 if (switch_root_init) {
1924                         args[0] = switch_root_init;
1925                         execv(args[0], (char* const*) args);
1926                         log_warning("Failed to execute configured init, trying fallback: %m");
1927                 }
1928
1929                 args[0] = "/sbin/init";
1930                 execv(args[0], (char* const*) args);
1931
1932                 if (errno == ENOENT) {
1933                         log_warning("No /sbin/init, trying fallback");
1934
1935                         args[0] = "/bin/sh";
1936                         args[1] = NULL;
1937                         execv(args[0], (char* const*) args);
1938                         log_error("Failed to execute /bin/sh, giving up: %m");
1939                 } else
1940                         log_warning("Failed to execute /sbin/init, giving up: %m");
1941         }
1942
1943         if (arg_serialization) {
1944                 fclose(arg_serialization);
1945                 arg_serialization = NULL;
1946         }
1947
1948         if (fds) {
1949                 fdset_free(fds);
1950                 fds = NULL;
1951         }
1952
1953 #ifdef HAVE_VALGRIND_VALGRIND_H
1954         /* If we are PID 1 and running under valgrind, then let's exit
1955          * here explicitly. valgrind will only generate nice output on
1956          * exit(), not on exec(), hence let's do the former not the
1957          * latter here. */
1958         if (getpid() == 1 && RUNNING_ON_VALGRIND)
1959                 return 0;
1960 #endif
1961
1962         if (shutdown_verb) {
1963                 char log_level[DECIMAL_STR_MAX(int) + 1];
1964                 const char* command_line[9] = {
1965                         SYSTEMD_SHUTDOWN_BINARY_PATH,
1966                         shutdown_verb,
1967                         "--log-level", log_level,
1968                         "--log-target",
1969                 };
1970                 unsigned pos = 5;
1971                 _cleanup_strv_free_ char **env_block = NULL;
1972
1973                 assert(command_line[pos] == NULL);
1974                 env_block = strv_copy(environ);
1975
1976                 snprintf(log_level, sizeof(log_level), "%d", log_get_max_level());
1977
1978                 switch (log_get_target()) {
1979                 case LOG_TARGET_KMSG:
1980                 case LOG_TARGET_JOURNAL_OR_KMSG:
1981                 case LOG_TARGET_SYSLOG_OR_KMSG:
1982                         command_line[pos++] = "kmsg";
1983                         break;
1984
1985                 case LOG_TARGET_CONSOLE:
1986                 default:
1987                         command_line[pos++] = "console";
1988                         break;
1989                 };
1990
1991                 if (log_get_show_color())
1992                         command_line[pos++] = "--log-color";
1993
1994                 if (log_get_show_location())
1995                         command_line[pos++] = "--log-location";
1996
1997                 assert(pos < ELEMENTSOF(command_line));
1998
1999                 if (arm_reboot_watchdog && arg_shutdown_watchdog > 0) {
2000                         char *e;
2001
2002                         /* If we reboot let's set the shutdown
2003                          * watchdog and tell the shutdown binary to
2004                          * repeatedly ping it */
2005                         watchdog_set_timeout(&arg_shutdown_watchdog);
2006                         watchdog_close(false);
2007
2008                         /* Tell the binary how often to ping, ignore failure */
2009                         if (asprintf(&e, "WATCHDOG_USEC="USEC_FMT, arg_shutdown_watchdog) > 0)
2010                                 strv_push(&env_block, e);
2011                 } else
2012                         watchdog_close(true);
2013
2014                 /* Avoid the creation of new processes forked by the
2015                  * kernel; at this point, we will not listen to the
2016                  * signals anyway */
2017                 if (detect_container(NULL) <= 0)
2018                         cg_uninstall_release_agent(SYSTEMD_CGROUP_CONTROLLER);
2019
2020                 execve(SYSTEMD_SHUTDOWN_BINARY_PATH, (char **) command_line, env_block);
2021                 log_error("Failed to execute shutdown binary, %s: %m",
2022                           getpid() == 1 ? "freezing" : "quitting");
2023         }
2024
2025         if (getpid() == 1)
2026                 freeze();
2027
2028         return retval;
2029 }