1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
31 #include <sys/resource.h>
32 #include <linux/sched.h>
33 #include <sys/types.h>
37 #include <sys/ioctl.h>
39 #include <linux/tiocl.h>
42 #include <sys/inotify.h>
45 #include <sys/prctl.h>
46 #include <sys/utsname.h>
48 #include <netinet/ip.h>
57 #include <sys/mount.h>
58 #include <linux/magic.h>
62 #include <sys/personality.h>
66 #ifdef HAVE_SYS_AUXV_H
78 #include "path-util.h"
79 #include "exit-status.h"
83 #include "device-nodes.h"
90 char **saved_argv = NULL;
92 static volatile unsigned cached_columns = 0;
93 static volatile unsigned cached_lines = 0;
95 size_t page_size(void) {
96 static thread_local size_t pgsz = 0;
99 if (_likely_(pgsz > 0))
102 r = sysconf(_SC_PAGESIZE);
109 bool streq_ptr(const char *a, const char *b) {
111 /* Like streq(), but tries to make sense of NULL pointers */
122 char* endswith(const char *s, const char *postfix) {
129 pl = strlen(postfix);
132 return (char*) s + sl;
137 if (memcmp(s + sl - pl, postfix, pl) != 0)
140 return (char*) s + sl - pl;
143 char* first_word(const char *s, const char *word) {
150 /* Checks if the string starts with the specified word, either
151 * followed by NUL or by whitespace. Returns a pointer to the
152 * NUL or the first character after the whitespace. */
163 if (memcmp(s, word, wl) != 0)
170 if (!strchr(WHITESPACE, *p))
173 p += strspn(p, WHITESPACE);
177 int close_nointr(int fd) {
184 * Just ignore EINTR; a retry loop is the wrong thing to do on
187 * http://lkml.indiana.edu/hypermail/linux/kernel/0509.1/0877.html
188 * https://bugzilla.gnome.org/show_bug.cgi?id=682819
189 * http://utcc.utoronto.ca/~cks/space/blog/unix/CloseEINTR
190 * https://sites.google.com/site/michaelsafyan/software-engineering/checkforeintrwheninvokingclosethinkagain
198 int safe_close(int fd) {
201 * Like close_nointr() but cannot fail. Guarantees errno is
202 * unchanged. Is a NOP with negative fds passed, and returns
203 * -1, so that it can be used in this syntax:
205 * fd = safe_close(fd);
211 /* The kernel might return pretty much any error code
212 * via close(), but the fd will be closed anyway. The
213 * only condition we want to check for here is whether
214 * the fd was invalid at all... */
216 assert_se(close_nointr(fd) != -EBADF);
222 void close_many(const int fds[], unsigned n_fd) {
225 assert(fds || n_fd <= 0);
227 for (i = 0; i < n_fd; i++)
231 int unlink_noerrno(const char *path) {
242 int parse_boolean(const char *v) {
245 if (streq(v, "1") || strcaseeq(v, "yes") || strcaseeq(v, "y") || strcaseeq(v, "true") || strcaseeq(v, "t") || strcaseeq(v, "on"))
247 else if (streq(v, "0") || strcaseeq(v, "no") || strcaseeq(v, "n") || strcaseeq(v, "false") || strcaseeq(v, "f") || strcaseeq(v, "off"))
253 int parse_pid(const char *s, pid_t* ret_pid) {
254 unsigned long ul = 0;
261 r = safe_atolu(s, &ul);
267 if ((unsigned long) pid != ul)
277 int parse_uid(const char *s, uid_t* ret_uid) {
278 unsigned long ul = 0;
285 r = safe_atolu(s, &ul);
291 if ((unsigned long) uid != ul)
294 /* Some libc APIs use (uid_t) -1 as special placeholder */
295 if (uid == (uid_t) 0xFFFFFFFF)
298 /* A long time ago UIDs where 16bit, hence explicitly avoid the 16bit -1 too */
299 if (uid == (uid_t) 0xFFFF)
306 int safe_atou(const char *s, unsigned *ret_u) {
314 l = strtoul(s, &x, 0);
316 if (!x || x == s || *x || errno)
317 return errno > 0 ? -errno : -EINVAL;
319 if ((unsigned long) (unsigned) l != l)
322 *ret_u = (unsigned) l;
326 int safe_atoi(const char *s, int *ret_i) {
334 l = strtol(s, &x, 0);
336 if (!x || x == s || *x || errno)
337 return errno > 0 ? -errno : -EINVAL;
339 if ((long) (int) l != l)
346 int safe_atou8(const char *s, uint8_t *ret) {
354 l = strtoul(s, &x, 0);
356 if (!x || x == s || *x || errno)
357 return errno > 0 ? -errno : -EINVAL;
359 if ((unsigned long) (uint8_t) l != l)
366 int safe_atou16(const char *s, uint16_t *ret) {
374 l = strtoul(s, &x, 0);
376 if (!x || x == s || *x || errno)
377 return errno > 0 ? -errno : -EINVAL;
379 if ((unsigned long) (uint16_t) l != l)
386 int safe_atoi16(const char *s, int16_t *ret) {
394 l = strtol(s, &x, 0);
396 if (!x || x == s || *x || errno)
397 return errno > 0 ? -errno : -EINVAL;
399 if ((long) (int16_t) l != l)
406 int safe_atollu(const char *s, long long unsigned *ret_llu) {
408 unsigned long long l;
414 l = strtoull(s, &x, 0);
416 if (!x || x == s || *x || errno)
417 return errno ? -errno : -EINVAL;
423 int safe_atolli(const char *s, long long int *ret_lli) {
431 l = strtoll(s, &x, 0);
433 if (!x || x == s || *x || errno)
434 return errno ? -errno : -EINVAL;
440 int safe_atod(const char *s, double *ret_d) {
447 RUN_WITH_LOCALE(LC_NUMERIC_MASK, "C") {
452 if (!x || x == s || *x || errno)
453 return errno ? -errno : -EINVAL;
459 static size_t strcspn_escaped(const char *s, const char *reject) {
460 bool escaped = false;
463 for (n=0; s[n]; n++) {
466 else if (s[n] == '\\')
468 else if (strchr(reject, s[n]))
471 /* if s ends in \, return index of previous char */
475 /* Split a string into words. */
476 const char* split(const char **state, size_t *l, const char *separator, bool quoted) {
482 assert(**state == '\0');
486 current += strspn(current, separator);
492 if (quoted && strchr("\'\"", *current)) {
493 char quotechars[2] = {*current, '\0'};
495 *l = strcspn_escaped(current + 1, quotechars);
496 if (current[*l + 1] == '\0' ||
497 (current[*l + 2] && !strchr(separator, current[*l + 2]))) {
498 /* right quote missing or garbage at the end*/
502 assert(current[*l + 1] == quotechars[0]);
503 *state = current++ + *l + 2;
505 *l = strcspn_escaped(current, separator);
506 *state = current + *l;
508 *l = strcspn(current, separator);
509 *state = current + *l;
515 int get_parent_of_pid(pid_t pid, pid_t *_ppid) {
517 _cleanup_free_ char *line = NULL;
529 p = procfs_file_alloca(pid, "stat");
530 r = read_one_line_file(p, &line);
534 /* Let's skip the pid and comm fields. The latter is enclosed
535 * in () but does not escape any () in its value, so let's
536 * skip over it manually */
538 p = strrchr(line, ')');
550 if ((long unsigned) (pid_t) ppid != ppid)
553 *_ppid = (pid_t) ppid;
558 int get_starttime_of_pid(pid_t pid, unsigned long long *st) {
560 _cleanup_free_ char *line = NULL;
566 p = procfs_file_alloca(pid, "stat");
567 r = read_one_line_file(p, &line);
571 /* Let's skip the pid and comm fields. The latter is enclosed
572 * in () but does not escape any () in its value, so let's
573 * skip over it manually */
575 p = strrchr(line, ')');
597 "%*d " /* priority */
599 "%*d " /* num_threads */
600 "%*d " /* itrealvalue */
601 "%llu " /* starttime */,
608 int fchmod_umask(int fd, mode_t m) {
613 r = fchmod(fd, m & (~u)) < 0 ? -errno : 0;
619 char *truncate_nl(char *s) {
622 s[strcspn(s, NEWLINE)] = 0;
626 int get_process_state(pid_t pid) {
630 _cleanup_free_ char *line = NULL;
634 p = procfs_file_alloca(pid, "stat");
635 r = read_one_line_file(p, &line);
639 p = strrchr(line, ')');
645 if (sscanf(p, " %c", &state) != 1)
648 return (unsigned char) state;
651 int get_process_comm(pid_t pid, char **name) {
658 p = procfs_file_alloca(pid, "comm");
660 r = read_one_line_file(p, name);
667 int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char **line) {
668 _cleanup_fclose_ FILE *f = NULL;
676 p = procfs_file_alloca(pid, "cmdline");
682 if (max_length == 0) {
683 size_t len = 0, allocated = 0;
685 while ((c = getc(f)) != EOF) {
687 if (!GREEDY_REALLOC(r, allocated, len+2)) {
692 r[len++] = isprint(c) ? c : ' ';
702 r = new(char, max_length);
708 while ((c = getc(f)) != EOF) {
730 size_t n = MIN(left-1, 3U);
737 /* Kernel threads have no argv[] */
739 _cleanup_free_ char *t = NULL;
747 h = get_process_comm(pid, &t);
751 r = strjoin("[", t, "]", NULL);
760 int is_kernel_thread(pid_t pid) {
772 p = procfs_file_alloca(pid, "cmdline");
777 count = fread(&c, 1, 1, f);
781 /* Kernel threads have an empty cmdline */
784 return eof ? 1 : -errno;
789 int get_process_capeff(pid_t pid, char **capeff) {
795 p = procfs_file_alloca(pid, "status");
797 return get_status_field(p, "\nCapEff:", capeff);
800 int get_process_exe(pid_t pid, char **name) {
808 p = procfs_file_alloca(pid, "exe");
810 r = readlink_malloc(p, name);
812 return r == -ENOENT ? -ESRCH : r;
814 d = endswith(*name, " (deleted)");
821 static int get_process_id(pid_t pid, const char *field, uid_t *uid) {
822 _cleanup_fclose_ FILE *f = NULL;
832 p = procfs_file_alloca(pid, "status");
837 FOREACH_LINE(line, f, return -errno) {
842 if (startswith(l, field)) {
844 l += strspn(l, WHITESPACE);
846 l[strcspn(l, WHITESPACE)] = 0;
848 return parse_uid(l, uid);
855 int get_process_uid(pid_t pid, uid_t *uid) {
856 return get_process_id(pid, "Uid:", uid);
859 int get_process_gid(pid_t pid, gid_t *gid) {
860 assert_cc(sizeof(uid_t) == sizeof(gid_t));
861 return get_process_id(pid, "Gid:", gid);
864 char *strnappend(const char *s, const char *suffix, size_t b) {
872 return strndup(suffix, b);
881 if (b > ((size_t) -1) - a)
884 r = new(char, a+b+1);
889 memcpy(r+a, suffix, b);
895 char *strappend(const char *s, const char *suffix) {
896 return strnappend(s, suffix, suffix ? strlen(suffix) : 0);
899 int readlinkat_malloc(int fd, const char *p, char **ret) {
914 n = readlinkat(fd, p, c, l-1);
921 if ((size_t) n < l-1) {
932 int readlink_malloc(const char *p, char **ret) {
933 return readlinkat_malloc(AT_FDCWD, p, ret);
936 int readlink_value(const char *p, char **ret) {
937 _cleanup_free_ char *link = NULL;
941 r = readlink_malloc(p, &link);
945 value = basename(link);
949 value = strdup(value);
958 int readlink_and_make_absolute(const char *p, char **r) {
959 _cleanup_free_ char *target = NULL;
966 j = readlink_malloc(p, &target);
970 k = file_in_same_dir(p, target);
978 int readlink_and_canonicalize(const char *p, char **r) {
985 j = readlink_and_make_absolute(p, &t);
989 s = canonicalize_file_name(t);
996 path_kill_slashes(*r);
1001 int reset_all_signal_handlers(void) {
1004 for (sig = 1; sig < _NSIG; sig++) {
1005 struct sigaction sa = {
1006 .sa_handler = SIG_DFL,
1007 .sa_flags = SA_RESTART,
1010 /* These two cannot be caught... */
1011 if (sig == SIGKILL || sig == SIGSTOP)
1014 /* On Linux the first two RT signals are reserved by
1015 * glibc, and sigaction() will return EINVAL for them. */
1016 if ((sigaction(sig, &sa, NULL) < 0))
1017 if (errno != EINVAL && r == 0)
1024 int reset_signal_mask(void) {
1027 if (sigemptyset(&ss) < 0)
1030 if (sigprocmask(SIG_SETMASK, &ss, NULL) < 0)
1036 char *strstrip(char *s) {
1039 /* Drops trailing whitespace. Modifies the string in
1040 * place. Returns pointer to first non-space character */
1042 s += strspn(s, WHITESPACE);
1044 for (e = strchr(s, 0); e > s; e --)
1045 if (!strchr(WHITESPACE, e[-1]))
1053 char *delete_chars(char *s, const char *bad) {
1056 /* Drops all whitespace, regardless where in the string */
1058 for (f = s, t = s; *f; f++) {
1059 if (strchr(bad, *f))
1070 char *file_in_same_dir(const char *path, const char *filename) {
1077 /* This removes the last component of path and appends
1078 * filename, unless the latter is absolute anyway or the
1081 if (path_is_absolute(filename))
1082 return strdup(filename);
1084 if (!(e = strrchr(path, '/')))
1085 return strdup(filename);
1087 k = strlen(filename);
1088 if (!(r = new(char, e-path+1+k+1)))
1091 memcpy(r, path, e-path+1);
1092 memcpy(r+(e-path)+1, filename, k+1);
1097 int rmdir_parents(const char *path, const char *stop) {
1106 /* Skip trailing slashes */
1107 while (l > 0 && path[l-1] == '/')
1113 /* Skip last component */
1114 while (l > 0 && path[l-1] != '/')
1117 /* Skip trailing slashes */
1118 while (l > 0 && path[l-1] == '/')
1124 if (!(t = strndup(path, l)))
1127 if (path_startswith(stop, t)) {
1136 if (errno != ENOENT)
1143 char hexchar(int x) {
1144 static const char table[16] = "0123456789abcdef";
1146 return table[x & 15];
1149 int unhexchar(char c) {
1151 if (c >= '0' && c <= '9')
1154 if (c >= 'a' && c <= 'f')
1155 return c - 'a' + 10;
1157 if (c >= 'A' && c <= 'F')
1158 return c - 'A' + 10;
1163 char *hexmem(const void *p, size_t l) {
1167 z = r = malloc(l * 2 + 1);
1171 for (x = p; x < (const uint8_t*) p + l; x++) {
1172 *(z++) = hexchar(*x >> 4);
1173 *(z++) = hexchar(*x & 15);
1180 void *unhexmem(const char *p, size_t l) {
1186 z = r = malloc((l + 1) / 2 + 1);
1190 for (x = p; x < p + l; x += 2) {
1193 a = unhexchar(x[0]);
1195 b = unhexchar(x[1]);
1199 *(z++) = (uint8_t) a << 4 | (uint8_t) b;
1206 char octchar(int x) {
1207 return '0' + (x & 7);
1210 int unoctchar(char c) {
1212 if (c >= '0' && c <= '7')
1218 char decchar(int x) {
1219 return '0' + (x % 10);
1222 int undecchar(char c) {
1224 if (c >= '0' && c <= '9')
1230 char *cescape(const char *s) {
1236 /* Does C style string escaping. */
1238 r = new(char, strlen(s)*4 + 1);
1242 for (f = s, t = r; *f; f++)
1288 /* For special chars we prefer octal over
1289 * hexadecimal encoding, simply because glib's
1290 * g_strescape() does the same */
1291 if ((*f < ' ') || (*f >= 127)) {
1293 *(t++) = octchar((unsigned char) *f >> 6);
1294 *(t++) = octchar((unsigned char) *f >> 3);
1295 *(t++) = octchar((unsigned char) *f);
1306 char *cunescape_length_with_prefix(const char *s, size_t length, const char *prefix) {
1313 /* Undoes C style string escaping, and optionally prefixes it. */
1315 pl = prefix ? strlen(prefix) : 0;
1317 r = new(char, pl+length+1);
1322 memcpy(r, prefix, pl);
1324 for (f = s, t = r + pl; f < s + length; f++) {
1367 /* This is an extension of the XDG syntax files */
1372 /* hexadecimal encoding */
1375 a = unhexchar(f[1]);
1376 b = unhexchar(f[2]);
1378 if (a < 0 || b < 0 || (a == 0 && b == 0)) {
1379 /* Invalid escape code, let's take it literal then */
1383 *(t++) = (char) ((a << 4) | b);
1398 /* octal encoding */
1401 a = unoctchar(f[0]);
1402 b = unoctchar(f[1]);
1403 c = unoctchar(f[2]);
1405 if (a < 0 || b < 0 || c < 0 || (a == 0 && b == 0 && c == 0)) {
1406 /* Invalid escape code, let's take it literal then */
1410 *(t++) = (char) ((a << 6) | (b << 3) | c);
1418 /* premature end of string.*/
1423 /* Invalid escape code, let's take it literal then */
1435 char *cunescape_length(const char *s, size_t length) {
1436 return cunescape_length_with_prefix(s, length, NULL);
1439 char *cunescape(const char *s) {
1442 return cunescape_length(s, strlen(s));
1445 char *xescape(const char *s, const char *bad) {
1449 /* Escapes all chars in bad, in addition to \ and all special
1450 * chars, in \xFF style escaping. May be reversed with
1453 r = new(char, strlen(s) * 4 + 1);
1457 for (f = s, t = r; *f; f++) {
1459 if ((*f < ' ') || (*f >= 127) ||
1460 (*f == '\\') || strchr(bad, *f)) {
1463 *(t++) = hexchar(*f >> 4);
1464 *(t++) = hexchar(*f);
1474 char *ascii_strlower(char *t) {
1479 for (p = t; *p; p++)
1480 if (*p >= 'A' && *p <= 'Z')
1481 *p = *p - 'A' + 'a';
1486 _pure_ static bool ignore_file_allow_backup(const char *filename) {
1490 filename[0] == '.' ||
1491 streq(filename, "lost+found") ||
1492 streq(filename, "aquota.user") ||
1493 streq(filename, "aquota.group") ||
1494 endswith(filename, ".rpmnew") ||
1495 endswith(filename, ".rpmsave") ||
1496 endswith(filename, ".rpmorig") ||
1497 endswith(filename, ".dpkg-old") ||
1498 endswith(filename, ".dpkg-new") ||
1499 endswith(filename, ".dpkg-tmp") ||
1500 endswith(filename, ".swp");
1503 bool ignore_file(const char *filename) {
1506 if (endswith(filename, "~"))
1509 return ignore_file_allow_backup(filename);
1512 int fd_nonblock(int fd, bool nonblock) {
1517 flags = fcntl(fd, F_GETFL, 0);
1522 nflags = flags | O_NONBLOCK;
1524 nflags = flags & ~O_NONBLOCK;
1526 if (nflags == flags)
1529 if (fcntl(fd, F_SETFL, nflags) < 0)
1535 int fd_cloexec(int fd, bool cloexec) {
1540 flags = fcntl(fd, F_GETFD, 0);
1545 nflags = flags | FD_CLOEXEC;
1547 nflags = flags & ~FD_CLOEXEC;
1549 if (nflags == flags)
1552 if (fcntl(fd, F_SETFD, nflags) < 0)
1558 _pure_ static bool fd_in_set(int fd, const int fdset[], unsigned n_fdset) {
1561 assert(n_fdset == 0 || fdset);
1563 for (i = 0; i < n_fdset; i++)
1570 int close_all_fds(const int except[], unsigned n_except) {
1571 _cleanup_closedir_ DIR *d = NULL;
1575 assert(n_except == 0 || except);
1577 d = opendir("/proc/self/fd");
1582 /* When /proc isn't available (for example in chroots)
1583 * the fallback is brute forcing through the fd
1586 assert_se(getrlimit(RLIMIT_NOFILE, &rl) >= 0);
1587 for (fd = 3; fd < (int) rl.rlim_max; fd ++) {
1589 if (fd_in_set(fd, except, n_except))
1592 if (close_nointr(fd) < 0)
1593 if (errno != EBADF && r == 0)
1600 while ((de = readdir(d))) {
1603 if (ignore_file(de->d_name))
1606 if (safe_atoi(de->d_name, &fd) < 0)
1607 /* Let's better ignore this, just in case */
1616 if (fd_in_set(fd, except, n_except))
1619 if (close_nointr(fd) < 0) {
1620 /* Valgrind has its own FD and doesn't want to have it closed */
1621 if (errno != EBADF && r == 0)
1629 bool chars_intersect(const char *a, const char *b) {
1632 /* Returns true if any of the chars in a are in b. */
1633 for (p = a; *p; p++)
1640 bool fstype_is_network(const char *fstype) {
1641 static const char table[] =
1655 x = startswith(fstype, "fuse.");
1659 return nulstr_contains(table, fstype);
1663 _cleanup_close_ int fd;
1665 fd = open_terminal("/dev/tty0", O_RDWR|O_NOCTTY|O_CLOEXEC);
1671 TIOCL_GETKMSGREDIRECT,
1675 if (ioctl(fd, TIOCLINUX, tiocl) < 0)
1678 vt = tiocl[0] <= 0 ? 1 : tiocl[0];
1681 if (ioctl(fd, VT_ACTIVATE, vt) < 0)
1687 int read_one_char(FILE *f, char *ret, usec_t t, bool *need_nl) {
1688 struct termios old_termios, new_termios;
1689 char c, line[LINE_MAX];
1694 if (tcgetattr(fileno(f), &old_termios) >= 0) {
1695 new_termios = old_termios;
1697 new_termios.c_lflag &= ~ICANON;
1698 new_termios.c_cc[VMIN] = 1;
1699 new_termios.c_cc[VTIME] = 0;
1701 if (tcsetattr(fileno(f), TCSADRAIN, &new_termios) >= 0) {
1704 if (t != USEC_INFINITY) {
1705 if (fd_wait_for_event(fileno(f), POLLIN, t) <= 0) {
1706 tcsetattr(fileno(f), TCSADRAIN, &old_termios);
1711 k = fread(&c, 1, 1, f);
1713 tcsetattr(fileno(f), TCSADRAIN, &old_termios);
1719 *need_nl = c != '\n';
1726 if (t != USEC_INFINITY) {
1727 if (fd_wait_for_event(fileno(f), POLLIN, t) <= 0)
1732 if (!fgets(line, sizeof(line), f))
1733 return errno ? -errno : -EIO;
1737 if (strlen(line) != 1)
1747 int ask_char(char *ret, const char *replies, const char *text, ...) {
1757 bool need_nl = true;
1760 fputs(ANSI_HIGHLIGHT_ON, stdout);
1767 fputs(ANSI_HIGHLIGHT_OFF, stdout);
1771 r = read_one_char(stdin, &c, USEC_INFINITY, &need_nl);
1774 if (r == -EBADMSG) {
1775 puts("Bad input, please try again.");
1786 if (strchr(replies, c)) {
1791 puts("Read unexpected character, please try again.");
1795 int ask_string(char **ret, const char *text, ...) {
1800 char line[LINE_MAX];
1804 fputs(ANSI_HIGHLIGHT_ON, stdout);
1811 fputs(ANSI_HIGHLIGHT_OFF, stdout);
1816 if (!fgets(line, sizeof(line), stdin))
1817 return errno ? -errno : -EIO;
1819 if (!endswith(line, "\n"))
1838 int reset_terminal_fd(int fd, bool switch_to_text) {
1839 struct termios termios;
1842 /* Set terminal to some sane defaults */
1846 /* We leave locked terminal attributes untouched, so that
1847 * Plymouth may set whatever it wants to set, and we don't
1848 * interfere with that. */
1850 /* Disable exclusive mode, just in case */
1851 ioctl(fd, TIOCNXCL);
1853 /* Switch to text mode */
1855 ioctl(fd, KDSETMODE, KD_TEXT);
1857 /* Enable console unicode mode */
1858 ioctl(fd, KDSKBMODE, K_UNICODE);
1860 if (tcgetattr(fd, &termios) < 0) {
1865 /* We only reset the stuff that matters to the software. How
1866 * hardware is set up we don't touch assuming that somebody
1867 * else will do that for us */
1869 termios.c_iflag &= ~(IGNBRK | BRKINT | ISTRIP | INLCR | IGNCR | IUCLC);
1870 termios.c_iflag |= ICRNL | IMAXBEL | IUTF8;
1871 termios.c_oflag |= ONLCR;
1872 termios.c_cflag |= CREAD;
1873 termios.c_lflag = ISIG | ICANON | IEXTEN | ECHO | ECHOE | ECHOK | ECHOCTL | ECHOPRT | ECHOKE;
1875 termios.c_cc[VINTR] = 03; /* ^C */
1876 termios.c_cc[VQUIT] = 034; /* ^\ */
1877 termios.c_cc[VERASE] = 0177;
1878 termios.c_cc[VKILL] = 025; /* ^X */
1879 termios.c_cc[VEOF] = 04; /* ^D */
1880 termios.c_cc[VSTART] = 021; /* ^Q */
1881 termios.c_cc[VSTOP] = 023; /* ^S */
1882 termios.c_cc[VSUSP] = 032; /* ^Z */
1883 termios.c_cc[VLNEXT] = 026; /* ^V */
1884 termios.c_cc[VWERASE] = 027; /* ^W */
1885 termios.c_cc[VREPRINT] = 022; /* ^R */
1886 termios.c_cc[VEOL] = 0;
1887 termios.c_cc[VEOL2] = 0;
1889 termios.c_cc[VTIME] = 0;
1890 termios.c_cc[VMIN] = 1;
1892 if (tcsetattr(fd, TCSANOW, &termios) < 0)
1896 /* Just in case, flush all crap out */
1897 tcflush(fd, TCIOFLUSH);
1902 int reset_terminal(const char *name) {
1903 _cleanup_close_ int fd = -1;
1905 fd = open_terminal(name, O_RDWR|O_NOCTTY|O_CLOEXEC);
1909 return reset_terminal_fd(fd, true);
1912 int open_terminal(const char *name, int mode) {
1917 * If a TTY is in the process of being closed opening it might
1918 * cause EIO. This is horribly awful, but unlikely to be
1919 * changed in the kernel. Hence we work around this problem by
1920 * retrying a couple of times.
1922 * https://bugs.launchpad.net/ubuntu/+source/linux/+bug/554172/comments/245
1925 assert(!(mode & O_CREAT));
1928 fd = open(name, mode, 0);
1935 /* Max 1s in total */
1939 usleep(50 * USEC_PER_MSEC);
1957 int flush_fd(int fd) {
1958 struct pollfd pollfd = {
1968 r = poll(&pollfd, 1, 0);
1978 l = read(fd, buf, sizeof(buf));
1984 if (errno == EAGAIN)
1993 int acquire_terminal(
1997 bool ignore_tiocstty_eperm,
2000 int fd = -1, notify = -1, r = 0, wd = -1;
2005 /* We use inotify to be notified when the tty is closed. We
2006 * create the watch before checking if we can actually acquire
2007 * it, so that we don't lose any event.
2009 * Note: strictly speaking this actually watches for the
2010 * device being closed, it does *not* really watch whether a
2011 * tty loses its controlling process. However, unless some
2012 * rogue process uses TIOCNOTTY on /dev/tty *after* closing
2013 * its tty otherwise this will not become a problem. As long
2014 * as the administrator makes sure not configure any service
2015 * on the same tty as an untrusted user this should not be a
2016 * problem. (Which he probably should not do anyway.) */
2018 if (timeout != USEC_INFINITY)
2019 ts = now(CLOCK_MONOTONIC);
2021 if (!fail && !force) {
2022 notify = inotify_init1(IN_CLOEXEC | (timeout != USEC_INFINITY ? IN_NONBLOCK : 0));
2028 wd = inotify_add_watch(notify, name, IN_CLOSE);
2036 struct sigaction sa_old, sa_new = {
2037 .sa_handler = SIG_IGN,
2038 .sa_flags = SA_RESTART,
2042 r = flush_fd(notify);
2047 /* We pass here O_NOCTTY only so that we can check the return
2048 * value TIOCSCTTY and have a reliable way to figure out if we
2049 * successfully became the controlling process of the tty */
2050 fd = open_terminal(name, O_RDWR|O_NOCTTY|O_CLOEXEC);
2054 /* Temporarily ignore SIGHUP, so that we don't get SIGHUP'ed
2055 * if we already own the tty. */
2056 assert_se(sigaction(SIGHUP, &sa_new, &sa_old) == 0);
2058 /* First, try to get the tty */
2059 if (ioctl(fd, TIOCSCTTY, force) < 0)
2062 assert_se(sigaction(SIGHUP, &sa_old, NULL) == 0);
2064 /* Sometimes it makes sense to ignore TIOCSCTTY
2065 * returning EPERM, i.e. when very likely we already
2066 * are have this controlling terminal. */
2067 if (r < 0 && r == -EPERM && ignore_tiocstty_eperm)
2070 if (r < 0 && (force || fail || r != -EPERM)) {
2079 assert(notify >= 0);
2082 uint8_t inotify_buffer[sizeof(struct inotify_event) + FILENAME_MAX];
2084 struct inotify_event *e;
2086 if (timeout != USEC_INFINITY) {
2089 n = now(CLOCK_MONOTONIC);
2090 if (ts + timeout < n) {
2095 r = fd_wait_for_event(fd, POLLIN, ts + timeout - n);
2105 l = read(notify, inotify_buffer, sizeof(inotify_buffer));
2108 if (errno == EINTR || errno == EAGAIN)
2115 e = (struct inotify_event*) inotify_buffer;
2120 if (e->wd != wd || !(e->mask & IN_CLOSE)) {
2125 step = sizeof(struct inotify_event) + e->len;
2126 assert(step <= (size_t) l);
2128 e = (struct inotify_event*) ((uint8_t*) e + step);
2135 /* We close the tty fd here since if the old session
2136 * ended our handle will be dead. It's important that
2137 * we do this after sleeping, so that we don't enter
2138 * an endless loop. */
2139 fd = safe_close(fd);
2144 r = reset_terminal_fd(fd, true);
2146 log_warning("Failed to reset terminal: %s", strerror(-r));
2157 int release_terminal(void) {
2158 static const struct sigaction sa_new = {
2159 .sa_handler = SIG_IGN,
2160 .sa_flags = SA_RESTART,
2163 _cleanup_close_ int fd = -1;
2164 struct sigaction sa_old;
2167 fd = open("/dev/tty", O_RDWR|O_NOCTTY|O_NDELAY|O_CLOEXEC);
2171 /* Temporarily ignore SIGHUP, so that we don't get SIGHUP'ed
2172 * by our own TIOCNOTTY */
2173 assert_se(sigaction(SIGHUP, &sa_new, &sa_old) == 0);
2175 if (ioctl(fd, TIOCNOTTY) < 0)
2178 assert_se(sigaction(SIGHUP, &sa_old, NULL) == 0);
2183 int sigaction_many(const struct sigaction *sa, ...) {
2188 while ((sig = va_arg(ap, int)) > 0)
2189 if (sigaction(sig, sa, NULL) < 0)
2196 int ignore_signals(int sig, ...) {
2197 struct sigaction sa = {
2198 .sa_handler = SIG_IGN,
2199 .sa_flags = SA_RESTART,
2204 if (sigaction(sig, &sa, NULL) < 0)
2208 while ((sig = va_arg(ap, int)) > 0)
2209 if (sigaction(sig, &sa, NULL) < 0)
2216 int default_signals(int sig, ...) {
2217 struct sigaction sa = {
2218 .sa_handler = SIG_DFL,
2219 .sa_flags = SA_RESTART,
2224 if (sigaction(sig, &sa, NULL) < 0)
2228 while ((sig = va_arg(ap, int)) > 0)
2229 if (sigaction(sig, &sa, NULL) < 0)
2236 void safe_close_pair(int p[]) {
2240 /* Special case pairs which use the same fd in both
2242 p[0] = p[1] = safe_close(p[0]);
2246 p[0] = safe_close(p[0]);
2247 p[1] = safe_close(p[1]);
2250 ssize_t loop_read(int fd, void *buf, size_t nbytes, bool do_poll) {
2257 while (nbytes > 0) {
2260 k = read(fd, p, nbytes);
2261 if (k < 0 && errno == EINTR)
2264 if (k < 0 && errno == EAGAIN && do_poll) {
2266 /* We knowingly ignore any return value here,
2267 * and expect that any error/EOF is reported
2270 fd_wait_for_event(fd, POLLIN, USEC_INFINITY);
2275 return n > 0 ? n : (k < 0 ? -errno : 0);
2285 ssize_t loop_write(int fd, const void *buf, size_t nbytes, bool do_poll) {
2286 const uint8_t *p = buf;
2292 while (nbytes > 0) {
2295 k = write(fd, p, nbytes);
2296 if (k < 0 && errno == EINTR)
2299 if (k < 0 && errno == EAGAIN && do_poll) {
2301 /* We knowingly ignore any return value here,
2302 * and expect that any error/EOF is reported
2305 fd_wait_for_event(fd, POLLOUT, USEC_INFINITY);
2310 return n > 0 ? n : (k < 0 ? -errno : 0);
2320 int parse_size(const char *t, off_t base, off_t *size) {
2322 /* Soo, sometimes we want to parse IEC binary suffxies, and
2323 * sometimes SI decimal suffixes. This function can parse
2324 * both. Which one is the right way depends on the
2325 * context. Wikipedia suggests that SI is customary for
2326 * hardrware metrics and network speeds, while IEC is
2327 * customary for most data sizes used by software and volatile
2328 * (RAM) memory. Hence be careful which one you pick!
2330 * In either case we use just K, M, G as suffix, and not Ki,
2331 * Mi, Gi or so (as IEC would suggest). That's because that's
2332 * frickin' ugly. But this means you really need to make sure
2333 * to document which base you are parsing when you use this
2338 unsigned long long factor;
2341 static const struct table iec[] = {
2342 { "E", 1024ULL*1024ULL*1024ULL*1024ULL*1024ULL*1024ULL },
2343 { "P", 1024ULL*1024ULL*1024ULL*1024ULL*1024ULL },
2344 { "T", 1024ULL*1024ULL*1024ULL*1024ULL },
2345 { "G", 1024ULL*1024ULL*1024ULL },
2346 { "M", 1024ULL*1024ULL },
2352 static const struct table si[] = {
2353 { "E", 1000ULL*1000ULL*1000ULL*1000ULL*1000ULL*1000ULL },
2354 { "P", 1000ULL*1000ULL*1000ULL*1000ULL*1000ULL },
2355 { "T", 1000ULL*1000ULL*1000ULL*1000ULL },
2356 { "G", 1000ULL*1000ULL*1000ULL },
2357 { "M", 1000ULL*1000ULL },
2363 const struct table *table;
2365 unsigned long long r = 0;
2366 unsigned n_entries, start_pos = 0;
2369 assert(base == 1000 || base == 1024);
2374 n_entries = ELEMENTSOF(si);
2377 n_entries = ELEMENTSOF(iec);
2383 unsigned long long l2;
2389 l = strtoll(p, &e, 10);
2402 if (*e >= '0' && *e <= '9') {
2405 /* strotoull itself would accept space/+/- */
2406 l2 = strtoull(e, &e2, 10);
2408 if (errno == ERANGE)
2411 /* Ignore failure. E.g. 10.M is valid */
2418 e += strspn(e, WHITESPACE);
2420 for (i = start_pos; i < n_entries; i++)
2421 if (startswith(e, table[i].suffix)) {
2422 unsigned long long tmp;
2423 if ((unsigned long long) l + (frac > 0) > ULLONG_MAX / table[i].factor)
2425 tmp = l * table[i].factor + (unsigned long long) (frac * table[i].factor);
2426 if (tmp > ULLONG_MAX - r)
2430 if ((unsigned long long) (off_t) r != r)
2433 p = e + strlen(table[i].suffix);
2449 int make_stdio(int fd) {
2454 r = dup3(fd, STDIN_FILENO, 0);
2455 s = dup3(fd, STDOUT_FILENO, 0);
2456 t = dup3(fd, STDERR_FILENO, 0);
2461 if (r < 0 || s < 0 || t < 0)
2464 /* We rely here that the new fd has O_CLOEXEC not set */
2469 int make_null_stdio(void) {
2472 null_fd = open("/dev/null", O_RDWR|O_NOCTTY);
2476 return make_stdio(null_fd);
2479 bool is_device_path(const char *path) {
2481 /* Returns true on paths that refer to a device, either in
2482 * sysfs or in /dev */
2485 path_startswith(path, "/dev/") ||
2486 path_startswith(path, "/sys/");
2489 int dir_is_empty(const char *path) {
2490 _cleanup_closedir_ DIR *d;
2501 if (!de && errno != 0)
2507 if (!ignore_file(de->d_name))
2512 char* dirname_malloc(const char *path) {
2513 char *d, *dir, *dir2;
2530 int dev_urandom(void *p, size_t n) {
2531 static int have_syscall = -1;
2535 /* Gathers some randomness from the kernel. This call will
2536 * never block, and will always return some data from the
2537 * kernel, regardless if the random pool is fully initialized
2538 * or not. It thus makes no guarantee for the quality of the
2539 * returned entropy, but is good enough for or usual usecases
2540 * of seeding the hash functions for hashtable */
2542 /* Use the getrandom() syscall unless we know we don't have
2543 * it, or when the requested size is too large for it. */
2544 if (have_syscall != 0 || (size_t) (int) n != n) {
2545 r = getrandom(p, n, GRND_NONBLOCK);
2547 have_syscall = true;
2552 if (errno == ENOSYS)
2553 /* we lack the syscall, continue with
2554 * reading from /dev/urandom */
2555 have_syscall = false;
2556 else if (errno == EAGAIN)
2557 /* not enough entropy for now. Let's
2558 * remember to use the syscall the
2559 * next time, again, but also read
2560 * from /dev/urandom for now, which
2561 * doesn't care about the current
2562 * amount of entropy. */
2563 have_syscall = true;
2567 /* too short read? */
2571 fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC|O_NOCTTY);
2573 return errno == ENOENT ? -ENOSYS : -errno;
2575 k = loop_read(fd, p, n, true);
2580 if ((size_t) k != n)
2586 void initialize_srand(void) {
2587 static bool srand_called = false;
2589 #ifdef HAVE_SYS_AUXV_H
2598 #ifdef HAVE_SYS_AUXV_H
2599 /* The kernel provides us with a bit of entropy in auxv, so
2600 * let's try to make use of that to seed the pseudo-random
2601 * generator. It's better than nothing... */
2603 auxv = (void*) getauxval(AT_RANDOM);
2605 x ^= *(unsigned*) auxv;
2608 x ^= (unsigned) now(CLOCK_REALTIME);
2609 x ^= (unsigned) gettid();
2612 srand_called = true;
2615 void random_bytes(void *p, size_t n) {
2619 r = dev_urandom(p, n);
2623 /* If some idiot made /dev/urandom unavailable to us, he'll
2624 * get a PRNG instead. */
2628 for (q = p; q < (uint8_t*) p + n; q ++)
2632 void rename_process(const char name[8]) {
2635 /* This is a like a poor man's setproctitle(). It changes the
2636 * comm field, argv[0], and also the glibc's internally used
2637 * name of the process. For the first one a limit of 16 chars
2638 * applies, to the second one usually one of 10 (i.e. length
2639 * of "/sbin/init"), to the third one one of 7 (i.e. length of
2640 * "systemd"). If you pass a longer string it will be
2643 prctl(PR_SET_NAME, name);
2645 if (program_invocation_name)
2646 strncpy(program_invocation_name, name, strlen(program_invocation_name));
2648 if (saved_argc > 0) {
2652 strncpy(saved_argv[0], name, strlen(saved_argv[0]));
2654 for (i = 1; i < saved_argc; i++) {
2658 memzero(saved_argv[i], strlen(saved_argv[i]));
2663 void sigset_add_many(sigset_t *ss, ...) {
2670 while ((sig = va_arg(ap, int)) > 0)
2671 assert_se(sigaddset(ss, sig) == 0);
2675 int sigprocmask_many(int how, ...) {
2680 assert_se(sigemptyset(&ss) == 0);
2683 while ((sig = va_arg(ap, int)) > 0)
2684 assert_se(sigaddset(&ss, sig) == 0);
2687 if (sigprocmask(how, &ss, NULL) < 0)
2693 char* gethostname_malloc(void) {
2696 assert_se(uname(&u) >= 0);
2698 if (!isempty(u.nodename) && !streq(u.nodename, "(none)"))
2699 return strdup(u.nodename);
2701 return strdup(u.sysname);
2704 bool hostname_is_set(void) {
2707 assert_se(uname(&u) >= 0);
2709 return !isempty(u.nodename) && !streq(u.nodename, "(none)");
2712 char *lookup_uid(uid_t uid) {
2715 _cleanup_free_ char *buf = NULL;
2716 struct passwd pwbuf, *pw = NULL;
2718 /* Shortcut things to avoid NSS lookups */
2720 return strdup("root");
2722 bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
2726 buf = malloc(bufsize);
2730 if (getpwuid_r(uid, &pwbuf, buf, bufsize, &pw) == 0 && pw)
2731 return strdup(pw->pw_name);
2733 if (asprintf(&name, UID_FMT, uid) < 0)
2739 char* getlogname_malloc(void) {
2743 if (isatty(STDIN_FILENO) && fstat(STDIN_FILENO, &st) >= 0)
2748 return lookup_uid(uid);
2751 char *getusername_malloc(void) {
2758 return lookup_uid(getuid());
2761 int getttyname_malloc(int fd, char **r) {
2762 char path[PATH_MAX], *c;
2767 k = ttyname_r(fd, path, sizeof(path));
2773 c = strdup(startswith(path, "/dev/") ? path + 5 : path);
2781 int getttyname_harder(int fd, char **r) {
2785 k = getttyname_malloc(fd, &s);
2789 if (streq(s, "tty")) {
2791 return get_ctty(0, NULL, r);
2798 int get_ctty_devnr(pid_t pid, dev_t *d) {
2800 _cleanup_free_ char *line = NULL;
2802 unsigned long ttynr;
2806 p = procfs_file_alloca(pid, "stat");
2807 r = read_one_line_file(p, &line);
2811 p = strrchr(line, ')');
2821 "%*d " /* session */
2826 if (major(ttynr) == 0 && minor(ttynr) == 0)
2835 int get_ctty(pid_t pid, dev_t *_devnr, char **r) {
2836 char fn[sizeof("/dev/char/")-1 + 2*DECIMAL_STR_MAX(unsigned) + 1 + 1], *b = NULL;
2837 _cleanup_free_ char *s = NULL;
2844 k = get_ctty_devnr(pid, &devnr);
2848 sprintf(fn, "/dev/char/%u:%u", major(devnr), minor(devnr));
2850 k = readlink_malloc(fn, &s);
2856 /* This is an ugly hack */
2857 if (major(devnr) == 136) {
2858 asprintf(&b, "pts/%u", minor(devnr));
2862 /* Probably something like the ptys which have no
2863 * symlink in /dev/char. Let's return something
2864 * vaguely useful. */
2870 if (startswith(s, "/dev/"))
2872 else if (startswith(s, "../"))
2890 int rm_rf_children_dangerous(int fd, bool only_dirs, bool honour_sticky, struct stat *root_dev) {
2891 _cleanup_closedir_ DIR *d = NULL;
2896 /* This returns the first error we run into, but nevertheless
2897 * tries to go on. This closes the passed fd. */
2903 return errno == ENOENT ? 0 : -errno;
2908 bool is_dir, keep_around;
2915 if (errno != 0 && ret == 0)
2920 if (streq(de->d_name, ".") || streq(de->d_name, ".."))
2923 if (de->d_type == DT_UNKNOWN ||
2925 (de->d_type == DT_DIR && root_dev)) {
2926 if (fstatat(fd, de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
2927 if (ret == 0 && errno != ENOENT)
2932 is_dir = S_ISDIR(st.st_mode);
2935 (st.st_uid == 0 || st.st_uid == getuid()) &&
2936 (st.st_mode & S_ISVTX);
2938 is_dir = de->d_type == DT_DIR;
2939 keep_around = false;
2945 /* if root_dev is set, remove subdirectories only, if device is same as dir */
2946 if (root_dev && st.st_dev != root_dev->st_dev)
2949 subdir_fd = openat(fd, de->d_name,
2950 O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
2951 if (subdir_fd < 0) {
2952 if (ret == 0 && errno != ENOENT)
2957 r = rm_rf_children_dangerous(subdir_fd, only_dirs, honour_sticky, root_dev);
2958 if (r < 0 && ret == 0)
2962 if (unlinkat(fd, de->d_name, AT_REMOVEDIR) < 0) {
2963 if (ret == 0 && errno != ENOENT)
2967 } else if (!only_dirs && !keep_around) {
2969 if (unlinkat(fd, de->d_name, 0) < 0) {
2970 if (ret == 0 && errno != ENOENT)
2977 _pure_ static int is_temporary_fs(struct statfs *s) {
2980 return F_TYPE_EQUAL(s->f_type, TMPFS_MAGIC) ||
2981 F_TYPE_EQUAL(s->f_type, RAMFS_MAGIC);
2984 int rm_rf_children(int fd, bool only_dirs, bool honour_sticky, struct stat *root_dev) {
2989 if (fstatfs(fd, &s) < 0) {
2994 /* We refuse to clean disk file systems with this call. This
2995 * is extra paranoia just to be sure we never ever remove
2997 if (!is_temporary_fs(&s)) {
2998 log_error("Attempted to remove disk file system, and we can't allow that.");
3003 return rm_rf_children_dangerous(fd, only_dirs, honour_sticky, root_dev);
3006 static int file_is_priv_sticky(const char *p) {
3011 if (lstat(p, &st) < 0)
3015 (st.st_uid == 0 || st.st_uid == getuid()) &&
3016 (st.st_mode & S_ISVTX);
3019 static int rm_rf_internal(const char *path, bool only_dirs, bool delete_root, bool honour_sticky, bool dangerous) {
3025 /* We refuse to clean the root file system with this
3026 * call. This is extra paranoia to never cause a really
3027 * seriously broken system. */
3028 if (path_equal(path, "/")) {
3029 log_error("Attempted to remove entire root file system, and we can't allow that.");
3033 fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
3036 if (errno != ENOTDIR)
3040 if (statfs(path, &s) < 0)
3043 if (!is_temporary_fs(&s)) {
3044 log_error("Attempted to remove disk file system, and we can't allow that.");
3049 if (delete_root && !only_dirs)
3050 if (unlink(path) < 0 && errno != ENOENT)
3057 if (fstatfs(fd, &s) < 0) {
3062 if (!is_temporary_fs(&s)) {
3063 log_error("Attempted to remove disk file system, and we can't allow that.");
3069 r = rm_rf_children_dangerous(fd, only_dirs, honour_sticky, NULL);
3072 if (honour_sticky && file_is_priv_sticky(path) > 0)
3075 if (rmdir(path) < 0 && errno != ENOENT) {
3084 int rm_rf(const char *path, bool only_dirs, bool delete_root, bool honour_sticky) {
3085 return rm_rf_internal(path, only_dirs, delete_root, honour_sticky, false);
3088 int rm_rf_dangerous(const char *path, bool only_dirs, bool delete_root, bool honour_sticky) {
3089 return rm_rf_internal(path, only_dirs, delete_root, honour_sticky, true);
3092 int chmod_and_chown(const char *path, mode_t mode, uid_t uid, gid_t gid) {
3095 /* Under the assumption that we are running privileged we
3096 * first change the access mode and only then hand out
3097 * ownership to avoid a window where access is too open. */
3099 if (mode != (mode_t) -1)
3100 if (chmod(path, mode) < 0)
3103 if (uid != (uid_t) -1 || gid != (gid_t) -1)
3104 if (chown(path, uid, gid) < 0)
3110 int fchmod_and_fchown(int fd, mode_t mode, uid_t uid, gid_t gid) {
3113 /* Under the assumption that we are running privileged we
3114 * first change the access mode and only then hand out
3115 * ownership to avoid a window where access is too open. */
3117 if (mode != (mode_t) -1)
3118 if (fchmod(fd, mode) < 0)
3121 if (uid != (uid_t) -1 || gid != (gid_t) -1)
3122 if (fchown(fd, uid, gid) < 0)
3128 cpu_set_t* cpu_set_malloc(unsigned *ncpus) {
3132 /* Allocates the cpuset in the right size */
3135 if (!(r = CPU_ALLOC(n)))
3138 if (sched_getaffinity(0, CPU_ALLOC_SIZE(n), r) >= 0) {
3139 CPU_ZERO_S(CPU_ALLOC_SIZE(n), r);
3149 if (errno != EINVAL)
3156 int status_vprintf(const char *status, bool ellipse, bool ephemeral, const char *format, va_list ap) {
3157 static const char status_indent[] = " "; /* "[" STATUS "] " */
3158 _cleanup_free_ char *s = NULL;
3159 _cleanup_close_ int fd = -1;
3160 struct iovec iovec[6] = {};
3162 static bool prev_ephemeral;
3166 /* This is independent of logging, as status messages are
3167 * optional and go exclusively to the console. */
3169 if (vasprintf(&s, format, ap) < 0)
3172 fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
3185 sl = status ? sizeof(status_indent)-1 : 0;
3191 e = ellipsize(s, emax, 50);
3199 IOVEC_SET_STRING(iovec[n++], "\r" ANSI_ERASE_TO_END_OF_LINE);
3200 prev_ephemeral = ephemeral;
3203 if (!isempty(status)) {
3204 IOVEC_SET_STRING(iovec[n++], "[");
3205 IOVEC_SET_STRING(iovec[n++], status);
3206 IOVEC_SET_STRING(iovec[n++], "] ");
3208 IOVEC_SET_STRING(iovec[n++], status_indent);
3211 IOVEC_SET_STRING(iovec[n++], s);
3213 IOVEC_SET_STRING(iovec[n++], "\n");
3215 if (writev(fd, iovec, n) < 0)
3221 int status_printf(const char *status, bool ellipse, bool ephemeral, const char *format, ...) {
3227 va_start(ap, format);
3228 r = status_vprintf(status, ellipse, ephemeral, format, ap);
3234 char *replace_env(const char *format, char **env) {
3241 const char *e, *word = format;
3246 for (e = format; *e; e ++) {
3257 k = strnappend(r, word, e-word-1);
3267 } else if (*e == '$') {
3268 k = strnappend(r, word, e-word);
3285 t = strempty(strv_env_get_n(env, word+2, e-word-2));
3287 k = strappend(r, t);
3301 k = strnappend(r, word, e-word);
3313 char **replace_env_argv(char **argv, char **env) {
3315 unsigned k = 0, l = 0;
3317 l = strv_length(argv);
3319 ret = new(char*, l+1);
3323 STRV_FOREACH(i, argv) {
3325 /* If $FOO appears as single word, replace it by the split up variable */
3326 if ((*i)[0] == '$' && (*i)[1] != '{') {
3331 e = strv_env_get(env, *i+1);
3335 r = strv_split_quoted(&m, e, true);
3347 w = realloc(ret, sizeof(char*) * (l+1));
3357 memcpy(ret + k, m, q * sizeof(char*));
3365 /* If ${FOO} appears as part of a word, replace it by the variable as-is */
3366 ret[k] = replace_env(*i, env);
3378 int fd_columns(int fd) {
3379 struct winsize ws = {};
3381 if (ioctl(fd, TIOCGWINSZ, &ws) < 0)
3390 unsigned columns(void) {
3394 if (_likely_(cached_columns > 0))
3395 return cached_columns;
3398 e = getenv("COLUMNS");
3400 (void) safe_atoi(e, &c);
3403 c = fd_columns(STDOUT_FILENO);
3412 int fd_lines(int fd) {
3413 struct winsize ws = {};
3415 if (ioctl(fd, TIOCGWINSZ, &ws) < 0)
3424 unsigned lines(void) {
3428 if (_likely_(cached_lines > 0))
3429 return cached_lines;
3432 e = getenv("LINES");
3434 (void) safe_atou(e, &l);
3437 l = fd_lines(STDOUT_FILENO);
3443 return cached_lines;
3446 /* intended to be used as a SIGWINCH sighandler */
3447 void columns_lines_cache_reset(int signum) {
3453 static int cached_on_tty = -1;
3455 if (_unlikely_(cached_on_tty < 0))
3456 cached_on_tty = isatty(STDOUT_FILENO) > 0;
3458 return cached_on_tty;
3461 int files_same(const char *filea, const char *fileb) {
3464 if (stat(filea, &a) < 0)
3467 if (stat(fileb, &b) < 0)
3470 return a.st_dev == b.st_dev &&
3471 a.st_ino == b.st_ino;
3474 int running_in_chroot(void) {
3477 ret = files_same("/proc/1/root", "/");
3484 static char *ascii_ellipsize_mem(const char *s, size_t old_length, size_t new_length, unsigned percent) {
3489 assert(percent <= 100);
3490 assert(new_length >= 3);
3492 if (old_length <= 3 || old_length <= new_length)
3493 return strndup(s, old_length);
3495 r = new0(char, new_length+1);
3499 x = (new_length * percent) / 100;
3501 if (x > new_length - 3)
3509 s + old_length - (new_length - x - 3),
3510 new_length - x - 3);
3515 char *ellipsize_mem(const char *s, size_t old_length, size_t new_length, unsigned percent) {
3519 unsigned k, len, len2;
3522 assert(percent <= 100);
3523 assert(new_length >= 3);
3525 /* if no multibyte characters use ascii_ellipsize_mem for speed */
3526 if (ascii_is_valid(s))
3527 return ascii_ellipsize_mem(s, old_length, new_length, percent);
3529 if (old_length <= 3 || old_length <= new_length)
3530 return strndup(s, old_length);
3532 x = (new_length * percent) / 100;
3534 if (x > new_length - 3)
3538 for (i = s; k < x && i < s + old_length; i = utf8_next_char(i)) {
3541 c = utf8_encoded_to_unichar(i);
3544 k += unichar_iswide(c) ? 2 : 1;
3547 if (k > x) /* last character was wide and went over quota */
3550 for (j = s + old_length; k < new_length && j > i; ) {
3553 j = utf8_prev_char(j);
3554 c = utf8_encoded_to_unichar(j);
3557 k += unichar_iswide(c) ? 2 : 1;
3561 /* we don't actually need to ellipsize */
3563 return memdup(s, old_length + 1);
3565 /* make space for ellipsis */
3566 j = utf8_next_char(j);
3569 len2 = s + old_length - j;
3570 e = new(char, len + 3 + len2 + 1);
3575 printf("old_length=%zu new_length=%zu x=%zu len=%u len2=%u k=%u\n",
3576 old_length, new_length, x, len, len2, k);
3580 e[len] = 0xe2; /* tri-dot ellipsis: … */
3584 memcpy(e + len + 3, j, len2 + 1);
3589 char *ellipsize(const char *s, size_t length, unsigned percent) {
3590 return ellipsize_mem(s, strlen(s), length, percent);
3593 int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gid, mode_t mode) {
3594 _cleanup_close_ int fd;
3600 mkdir_parents(path, 0755);
3602 fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY, mode > 0 ? mode : 0644);
3607 r = fchmod(fd, mode);
3612 if (uid != (uid_t) -1 || gid != (gid_t) -1) {
3613 r = fchown(fd, uid, gid);
3618 if (stamp != USEC_INFINITY) {
3619 struct timespec ts[2];
3621 timespec_store(&ts[0], stamp);
3623 r = futimens(fd, ts);
3625 r = futimens(fd, NULL);
3632 int touch(const char *path) {
3633 return touch_file(path, false, USEC_INFINITY, (uid_t) -1, (gid_t) -1, 0);
3636 char *unquote(const char *s, const char* quotes) {
3640 /* This is rather stupid, simply removes the heading and
3641 * trailing quotes if there is one. Doesn't care about
3642 * escaping or anything. We should make this smarter one
3649 if (strchr(quotes, s[0]) && s[l-1] == s[0])
3650 return strndup(s+1, l-2);
3655 char *normalize_env_assignment(const char *s) {
3656 _cleanup_free_ char *value = NULL;
3660 eq = strchr(s, '=');
3670 memmove(r, t, strlen(t) + 1);
3675 name = strndupa(s, eq - s);
3676 p = strdupa(eq + 1);
3678 value = unquote(strstrip(p), QUOTES);
3682 return strjoin(strstrip(name), "=", value, NULL);
3685 int wait_for_terminate(pid_t pid, siginfo_t *status) {
3696 if (waitid(P_PID, pid, status, WEXITED) < 0) {
3710 * < 0 : wait_for_terminate() failed to get the state of the
3711 * process, the process was terminated by a signal, or
3712 * failed for an unknown reason.
3713 * >=0 : The process terminated normally, and its exit code is
3716 * That is, success is indicated by a return value of zero, and an
3717 * error is indicated by a non-zero value.
3719 int wait_for_terminate_and_warn(const char *name, pid_t pid) {
3726 r = wait_for_terminate(pid, &status);
3728 log_warning("Failed to wait for %s: %s", name, strerror(-r));
3732 if (status.si_code == CLD_EXITED) {
3733 if (status.si_status != 0) {
3734 log_warning("%s failed with error code %i.", name, status.si_status);
3735 return status.si_status;
3738 log_debug("%s succeeded.", name);
3741 } else if (status.si_code == CLD_KILLED ||
3742 status.si_code == CLD_DUMPED) {
3744 log_warning("%s terminated by signal %s.", name, signal_to_string(status.si_status));
3748 log_warning("%s failed due to unknown reason.", name);
3752 noreturn void freeze(void) {
3754 /* Make sure nobody waits for us on a socket anymore */
3755 close_all_fds(NULL, 0);
3763 bool null_or_empty(struct stat *st) {
3766 if (S_ISREG(st->st_mode) && st->st_size <= 0)
3769 if (S_ISCHR(st->st_mode) || S_ISBLK(st->st_mode))
3775 int null_or_empty_path(const char *fn) {
3780 if (stat(fn, &st) < 0)
3783 return null_or_empty(&st);
3786 int null_or_empty_fd(int fd) {
3791 if (fstat(fd, &st) < 0)
3794 return null_or_empty(&st);
3797 DIR *xopendirat(int fd, const char *name, int flags) {
3801 assert(!(flags & O_CREAT));
3803 nfd = openat(fd, name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|flags, 0);
3816 int signal_from_string_try_harder(const char *s) {
3820 signo = signal_from_string(s);
3822 if (startswith(s, "SIG"))
3823 return signal_from_string(s+3);
3828 static char *tag_to_udev_node(const char *tagvalue, const char *by) {
3829 _cleanup_free_ char *t = NULL, *u = NULL;
3832 u = unquote(tagvalue, "\"\'");
3836 enc_len = strlen(u) * 4 + 1;
3837 t = new(char, enc_len);
3841 if (encode_devnode_name(u, t, enc_len) < 0)
3844 return strjoin("/dev/disk/by-", by, "/", t, NULL);
3847 char *fstab_node_to_udev_node(const char *p) {
3850 if (startswith(p, "LABEL="))
3851 return tag_to_udev_node(p+6, "label");
3853 if (startswith(p, "UUID="))
3854 return tag_to_udev_node(p+5, "uuid");
3856 if (startswith(p, "PARTUUID="))
3857 return tag_to_udev_node(p+9, "partuuid");
3859 if (startswith(p, "PARTLABEL="))
3860 return tag_to_udev_node(p+10, "partlabel");
3865 bool tty_is_vc(const char *tty) {
3868 return vtnr_from_tty(tty) >= 0;
3871 bool tty_is_console(const char *tty) {
3874 if (startswith(tty, "/dev/"))
3877 return streq(tty, "console");
3880 int vtnr_from_tty(const char *tty) {
3885 if (startswith(tty, "/dev/"))
3888 if (!startswith(tty, "tty") )
3891 if (tty[3] < '0' || tty[3] > '9')
3894 r = safe_atoi(tty+3, &i);
3898 if (i < 0 || i > 63)
3904 char *resolve_dev_console(char **active) {
3907 /* Resolve where /dev/console is pointing to, if /sys is actually ours
3908 * (i.e. not read-only-mounted which is a sign for container setups) */
3910 if (path_is_read_only_fs("/sys") > 0)
3913 if (read_one_line_file("/sys/class/tty/console/active", active) < 0)
3916 /* If multiple log outputs are configured the last one is what
3917 * /dev/console points to */
3918 tty = strrchr(*active, ' ');
3924 if (streq(tty, "tty0")) {
3927 /* Get the active VC (e.g. tty1) */
3928 if (read_one_line_file("/sys/class/tty/tty0/active", &tmp) >= 0) {
3930 tty = *active = tmp;
3937 bool tty_is_vc_resolve(const char *tty) {
3938 _cleanup_free_ char *active = NULL;
3942 if (startswith(tty, "/dev/"))
3945 if (streq(tty, "console")) {
3946 tty = resolve_dev_console(&active);
3951 return tty_is_vc(tty);
3954 const char *default_term_for_tty(const char *tty) {
3957 return tty_is_vc_resolve(tty) ? "TERM=linux" : "TERM=vt102";
3960 bool dirent_is_file(const struct dirent *de) {
3963 if (ignore_file(de->d_name))
3966 if (de->d_type != DT_REG &&
3967 de->d_type != DT_LNK &&
3968 de->d_type != DT_UNKNOWN)
3974 bool dirent_is_file_with_suffix(const struct dirent *de, const char *suffix) {
3977 if (de->d_type != DT_REG &&
3978 de->d_type != DT_LNK &&
3979 de->d_type != DT_UNKNOWN)
3982 if (ignore_file_allow_backup(de->d_name))
3985 return endswith(de->d_name, suffix);
3988 void execute_directory(const char *directory, DIR *d, usec_t timeout, char *argv[]) {
3994 /* Executes all binaries in a directory in parallel and waits
3995 * for them to finish. Optionally a timeout is applied. */
3997 executor_pid = fork();
3998 if (executor_pid < 0) {
3999 log_error("Failed to fork: %m");
4002 } else if (executor_pid == 0) {
4003 _cleanup_hashmap_free_free_ Hashmap *pids = NULL;
4004 _cleanup_closedir_ DIR *_d = NULL;
4007 /* We fork this all off from a child process so that
4008 * we can somewhat cleanly make use of SIGALRM to set
4011 reset_all_signal_handlers();
4012 reset_signal_mask();
4014 assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);
4017 d = _d = opendir(directory);
4019 if (errno == ENOENT)
4020 _exit(EXIT_SUCCESS);
4022 log_error("Failed to enumerate directory %s: %m", directory);
4023 _exit(EXIT_FAILURE);
4027 pids = hashmap_new(NULL);
4030 _exit(EXIT_FAILURE);
4033 FOREACH_DIRENT(de, d, break) {
4034 _cleanup_free_ char *path = NULL;
4037 if (!dirent_is_file(de))
4040 path = strjoin(directory, "/", de->d_name, NULL);
4043 _exit(EXIT_FAILURE);
4048 log_error("Failed to fork: %m");
4050 } else if (pid == 0) {
4053 assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);
4063 log_error("Failed to execute %s: %m", path);
4064 _exit(EXIT_FAILURE);
4067 log_debug("Spawned %s as " PID_FMT ".", path, pid);
4069 r = hashmap_put(pids, UINT_TO_PTR(pid), path);
4072 _exit(EXIT_FAILURE);
4078 /* Abort execution of this process after the
4079 * timout. We simply rely on SIGALRM as default action
4080 * terminating the process, and turn on alarm(). */
4082 if (timeout != USEC_INFINITY)
4083 alarm((timeout + USEC_PER_SEC - 1) / USEC_PER_SEC);
4085 while (!hashmap_isempty(pids)) {
4086 _cleanup_free_ char *path = NULL;
4089 pid = PTR_TO_UINT(hashmap_first_key(pids));
4092 path = hashmap_remove(pids, UINT_TO_PTR(pid));
4095 wait_for_terminate_and_warn(path, pid);
4098 _exit(EXIT_SUCCESS);
4101 wait_for_terminate_and_warn(directory, executor_pid);
4104 int kill_and_sigcont(pid_t pid, int sig) {
4107 r = kill(pid, sig) < 0 ? -errno : 0;
4115 bool nulstr_contains(const char*nulstr, const char *needle) {
4121 NULSTR_FOREACH(i, nulstr)
4122 if (streq(i, needle))
4128 bool plymouth_running(void) {
4129 return access("/run/plymouth/pid", F_OK) >= 0;
4132 char* strshorten(char *s, size_t l) {
4141 static bool hostname_valid_char(char c) {
4143 (c >= 'a' && c <= 'z') ||
4144 (c >= 'A' && c <= 'Z') ||
4145 (c >= '0' && c <= '9') ||
4151 bool hostname_is_valid(const char *s) {
4158 for (p = s, dot = true; *p; p++) {
4165 if (!hostname_valid_char(*p))
4175 if (p-s > HOST_NAME_MAX)
4181 char* hostname_cleanup(char *s, bool lowercase) {
4185 for (p = s, d = s, dot = true; *p; p++) {
4192 } else if (hostname_valid_char(*p)) {
4193 *(d++) = lowercase ? tolower(*p) : *p;
4204 strshorten(s, HOST_NAME_MAX);
4209 bool machine_name_is_valid(const char *s) {
4211 if (!hostname_is_valid(s))
4214 /* Machine names should be useful hostnames, but also be
4215 * useful in unit names, hence we enforce a stricter length
4224 int pipe_eof(int fd) {
4225 struct pollfd pollfd = {
4227 .events = POLLIN|POLLHUP,
4232 r = poll(&pollfd, 1, 0);
4239 return pollfd.revents & POLLHUP;
4242 int fd_wait_for_event(int fd, int event, usec_t t) {
4244 struct pollfd pollfd = {
4252 r = ppoll(&pollfd, 1, t == USEC_INFINITY ? NULL : timespec_store(&ts, t), NULL);
4259 return pollfd.revents;
4262 int fopen_temporary(const char *path, FILE **_f, char **_temp_path) {
4271 t = tempfn_xxxxxx(path);
4275 fd = mkostemp_safe(t, O_WRONLY|O_CLOEXEC);
4281 f = fdopen(fd, "we");
4294 int terminal_vhangup_fd(int fd) {
4297 if (ioctl(fd, TIOCVHANGUP) < 0)
4303 int terminal_vhangup(const char *name) {
4304 _cleanup_close_ int fd;
4306 fd = open_terminal(name, O_RDWR|O_NOCTTY|O_CLOEXEC);
4310 return terminal_vhangup_fd(fd);
4313 int vt_disallocate(const char *name) {
4317 /* Deallocate the VT if possible. If not possible
4318 * (i.e. because it is the active one), at least clear it
4319 * entirely (including the scrollback buffer) */
4321 if (!startswith(name, "/dev/"))
4324 if (!tty_is_vc(name)) {
4325 /* So this is not a VT. I guess we cannot deallocate
4326 * it then. But let's at least clear the screen */
4328 fd = open_terminal(name, O_RDWR|O_NOCTTY|O_CLOEXEC);
4333 "\033[r" /* clear scrolling region */
4334 "\033[H" /* move home */
4335 "\033[2J", /* clear screen */
4342 if (!startswith(name, "/dev/tty"))
4345 r = safe_atou(name+8, &u);
4352 /* Try to deallocate */
4353 fd = open_terminal("/dev/tty0", O_RDWR|O_NOCTTY|O_CLOEXEC);
4357 r = ioctl(fd, VT_DISALLOCATE, u);
4366 /* Couldn't deallocate, so let's clear it fully with
4368 fd = open_terminal(name, O_RDWR|O_NOCTTY|O_CLOEXEC);
4373 "\033[r" /* clear scrolling region */
4374 "\033[H" /* move home */
4375 "\033[3J", /* clear screen including scrollback, requires Linux 2.6.40 */
4382 int symlink_atomic(const char *from, const char *to) {
4383 _cleanup_free_ char *t = NULL;
4388 t = tempfn_random(to);
4392 if (symlink(from, t) < 0)
4395 if (rename(t, to) < 0) {
4403 int mknod_atomic(const char *path, mode_t mode, dev_t dev) {
4404 _cleanup_free_ char *t = NULL;
4408 t = tempfn_random(path);
4412 if (mknod(t, mode, dev) < 0)
4415 if (rename(t, path) < 0) {
4423 int mkfifo_atomic(const char *path, mode_t mode) {
4424 _cleanup_free_ char *t = NULL;
4428 t = tempfn_random(path);
4432 if (mkfifo(t, mode) < 0)
4435 if (rename(t, path) < 0) {
4443 bool display_is_local(const char *display) {
4447 display[0] == ':' &&
4448 display[1] >= '0' &&
4452 int socket_from_display(const char *display, char **path) {
4459 if (!display_is_local(display))
4462 k = strspn(display+1, "0123456789");
4464 f = new(char, strlen("/tmp/.X11-unix/X") + k + 1);
4468 c = stpcpy(f, "/tmp/.X11-unix/X");
4469 memcpy(c, display+1, k);
4478 const char **username,
4479 uid_t *uid, gid_t *gid,
4481 const char **shell) {
4489 /* We enforce some special rules for uid=0: in order to avoid
4490 * NSS lookups for root we hardcode its data. */
4492 if (streq(*username, "root") || streq(*username, "0")) {
4510 if (parse_uid(*username, &u) >= 0) {
4514 /* If there are multiple users with the same id, make
4515 * sure to leave $USER to the configured value instead
4516 * of the first occurrence in the database. However if
4517 * the uid was configured by a numeric uid, then let's
4518 * pick the real username from /etc/passwd. */
4520 *username = p->pw_name;
4523 p = getpwnam(*username);
4527 return errno > 0 ? -errno : -ESRCH;
4539 *shell = p->pw_shell;
4544 char* uid_to_name(uid_t uid) {
4549 return strdup("root");
4553 return strdup(p->pw_name);
4555 if (asprintf(&r, UID_FMT, uid) < 0)
4561 char* gid_to_name(gid_t gid) {
4566 return strdup("root");
4570 return strdup(p->gr_name);
4572 if (asprintf(&r, GID_FMT, gid) < 0)
4578 int get_group_creds(const char **groupname, gid_t *gid) {
4584 /* We enforce some special rules for gid=0: in order to avoid
4585 * NSS lookups for root we hardcode its data. */
4587 if (streq(*groupname, "root") || streq(*groupname, "0")) {
4588 *groupname = "root";
4596 if (parse_gid(*groupname, &id) >= 0) {
4601 *groupname = g->gr_name;
4604 g = getgrnam(*groupname);
4608 return errno > 0 ? -errno : -ESRCH;
4616 int in_gid(gid_t gid) {
4618 int ngroups_max, r, i;
4620 if (getgid() == gid)
4623 if (getegid() == gid)
4626 ngroups_max = sysconf(_SC_NGROUPS_MAX);
4627 assert(ngroups_max > 0);
4629 gids = alloca(sizeof(gid_t) * ngroups_max);
4631 r = getgroups(ngroups_max, gids);
4635 for (i = 0; i < r; i++)
4642 int in_group(const char *name) {
4646 r = get_group_creds(&name, &gid);
4653 int glob_exists(const char *path) {
4654 _cleanup_globfree_ glob_t g = {};
4660 k = glob(path, GLOB_NOSORT|GLOB_BRACE, NULL, &g);
4662 if (k == GLOB_NOMATCH)
4664 else if (k == GLOB_NOSPACE)
4667 return !strv_isempty(g.gl_pathv);
4669 return errno ? -errno : -EIO;
4672 int glob_extend(char ***strv, const char *path) {
4673 _cleanup_globfree_ glob_t g = {};
4678 k = glob(path, GLOB_NOSORT|GLOB_BRACE, NULL, &g);
4680 if (k == GLOB_NOMATCH)
4682 else if (k == GLOB_NOSPACE)
4684 else if (k != 0 || strv_isempty(g.gl_pathv))
4685 return errno ? -errno : -EIO;
4687 STRV_FOREACH(p, g.gl_pathv) {
4688 k = strv_extend(strv, *p);
4696 int dirent_ensure_type(DIR *d, struct dirent *de) {
4702 if (de->d_type != DT_UNKNOWN)
4705 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0)
4709 S_ISREG(st.st_mode) ? DT_REG :
4710 S_ISDIR(st.st_mode) ? DT_DIR :
4711 S_ISLNK(st.st_mode) ? DT_LNK :
4712 S_ISFIFO(st.st_mode) ? DT_FIFO :
4713 S_ISSOCK(st.st_mode) ? DT_SOCK :
4714 S_ISCHR(st.st_mode) ? DT_CHR :
4715 S_ISBLK(st.st_mode) ? DT_BLK :
4721 int get_files_in_directory(const char *path, char ***list) {
4722 _cleanup_closedir_ DIR *d = NULL;
4723 size_t bufsize = 0, n = 0;
4724 _cleanup_strv_free_ char **l = NULL;
4728 /* Returns all files in a directory in *list, and the number
4729 * of files as return value. If list is NULL returns only the
4741 if (!de && errno != 0)
4746 dirent_ensure_type(d, de);
4748 if (!dirent_is_file(de))
4752 /* one extra slot is needed for the terminating NULL */
4753 if (!GREEDY_REALLOC(l, bufsize, n + 2))
4756 l[n] = strdup(de->d_name);
4767 l = NULL; /* avoid freeing */
4773 char *strjoin(const char *x, ...) {
4787 t = va_arg(ap, const char *);
4792 if (n > ((size_t) -1) - l) {
4816 t = va_arg(ap, const char *);
4830 bool is_main_thread(void) {
4831 static thread_local int cached = 0;
4833 if (_unlikely_(cached == 0))
4834 cached = getpid() == gettid() ? 1 : -1;
4839 int block_get_whole_disk(dev_t d, dev_t *ret) {
4846 /* If it has a queue this is good enough for us */
4847 if (asprintf(&p, "/sys/dev/block/%u:%u/queue", major(d), minor(d)) < 0)
4850 r = access(p, F_OK);
4858 /* If it is a partition find the originating device */
4859 if (asprintf(&p, "/sys/dev/block/%u:%u/partition", major(d), minor(d)) < 0)
4862 r = access(p, F_OK);
4868 /* Get parent dev_t */
4869 if (asprintf(&p, "/sys/dev/block/%u:%u/../dev", major(d), minor(d)) < 0)
4872 r = read_one_line_file(p, &s);
4878 r = sscanf(s, "%u:%u", &m, &n);
4884 /* Only return this if it is really good enough for us. */
4885 if (asprintf(&p, "/sys/dev/block/%u:%u/queue", m, n) < 0)
4888 r = access(p, F_OK);
4892 *ret = makedev(m, n);
4899 static const char *const ioprio_class_table[] = {
4900 [IOPRIO_CLASS_NONE] = "none",
4901 [IOPRIO_CLASS_RT] = "realtime",
4902 [IOPRIO_CLASS_BE] = "best-effort",
4903 [IOPRIO_CLASS_IDLE] = "idle"
4906 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(ioprio_class, int, INT_MAX);
4908 static const char *const sigchld_code_table[] = {
4909 [CLD_EXITED] = "exited",
4910 [CLD_KILLED] = "killed",
4911 [CLD_DUMPED] = "dumped",
4912 [CLD_TRAPPED] = "trapped",
4913 [CLD_STOPPED] = "stopped",
4914 [CLD_CONTINUED] = "continued",
4917 DEFINE_STRING_TABLE_LOOKUP(sigchld_code, int);
4919 static const char *const log_facility_unshifted_table[LOG_NFACILITIES] = {
4920 [LOG_FAC(LOG_KERN)] = "kern",
4921 [LOG_FAC(LOG_USER)] = "user",
4922 [LOG_FAC(LOG_MAIL)] = "mail",
4923 [LOG_FAC(LOG_DAEMON)] = "daemon",
4924 [LOG_FAC(LOG_AUTH)] = "auth",
4925 [LOG_FAC(LOG_SYSLOG)] = "syslog",
4926 [LOG_FAC(LOG_LPR)] = "lpr",
4927 [LOG_FAC(LOG_NEWS)] = "news",
4928 [LOG_FAC(LOG_UUCP)] = "uucp",
4929 [LOG_FAC(LOG_CRON)] = "cron",
4930 [LOG_FAC(LOG_AUTHPRIV)] = "authpriv",
4931 [LOG_FAC(LOG_FTP)] = "ftp",
4932 [LOG_FAC(LOG_LOCAL0)] = "local0",
4933 [LOG_FAC(LOG_LOCAL1)] = "local1",
4934 [LOG_FAC(LOG_LOCAL2)] = "local2",
4935 [LOG_FAC(LOG_LOCAL3)] = "local3",
4936 [LOG_FAC(LOG_LOCAL4)] = "local4",
4937 [LOG_FAC(LOG_LOCAL5)] = "local5",
4938 [LOG_FAC(LOG_LOCAL6)] = "local6",
4939 [LOG_FAC(LOG_LOCAL7)] = "local7"
4942 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(log_facility_unshifted, int, LOG_FAC(~0));
4944 static const char *const log_level_table[] = {
4945 [LOG_EMERG] = "emerg",
4946 [LOG_ALERT] = "alert",
4947 [LOG_CRIT] = "crit",
4949 [LOG_WARNING] = "warning",
4950 [LOG_NOTICE] = "notice",
4951 [LOG_INFO] = "info",
4952 [LOG_DEBUG] = "debug"
4955 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(log_level, int, LOG_DEBUG);
4957 static const char* const sched_policy_table[] = {
4958 [SCHED_OTHER] = "other",
4959 [SCHED_BATCH] = "batch",
4960 [SCHED_IDLE] = "idle",
4961 [SCHED_FIFO] = "fifo",
4965 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(sched_policy, int, INT_MAX);
4967 static const char* const rlimit_table[_RLIMIT_MAX] = {
4968 [RLIMIT_CPU] = "LimitCPU",
4969 [RLIMIT_FSIZE] = "LimitFSIZE",
4970 [RLIMIT_DATA] = "LimitDATA",
4971 [RLIMIT_STACK] = "LimitSTACK",
4972 [RLIMIT_CORE] = "LimitCORE",
4973 [RLIMIT_RSS] = "LimitRSS",
4974 [RLIMIT_NOFILE] = "LimitNOFILE",
4975 [RLIMIT_AS] = "LimitAS",
4976 [RLIMIT_NPROC] = "LimitNPROC",
4977 [RLIMIT_MEMLOCK] = "LimitMEMLOCK",
4978 [RLIMIT_LOCKS] = "LimitLOCKS",
4979 [RLIMIT_SIGPENDING] = "LimitSIGPENDING",
4980 [RLIMIT_MSGQUEUE] = "LimitMSGQUEUE",
4981 [RLIMIT_NICE] = "LimitNICE",
4982 [RLIMIT_RTPRIO] = "LimitRTPRIO",
4983 [RLIMIT_RTTIME] = "LimitRTTIME"
4986 DEFINE_STRING_TABLE_LOOKUP(rlimit, int);
4988 static const char* const ip_tos_table[] = {
4989 [IPTOS_LOWDELAY] = "low-delay",
4990 [IPTOS_THROUGHPUT] = "throughput",
4991 [IPTOS_RELIABILITY] = "reliability",
4992 [IPTOS_LOWCOST] = "low-cost",
4995 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(ip_tos, int, 0xff);
4997 static const char *const __signal_table[] = {
5014 [SIGSTKFLT] = "STKFLT", /* Linux on SPARC doesn't know SIGSTKFLT */
5025 [SIGVTALRM] = "VTALRM",
5027 [SIGWINCH] = "WINCH",
5033 DEFINE_PRIVATE_STRING_TABLE_LOOKUP(__signal, int);
5035 const char *signal_to_string(int signo) {
5036 static thread_local char buf[sizeof("RTMIN+")-1 + DECIMAL_STR_MAX(int) + 1];
5039 name = __signal_to_string(signo);
5043 if (signo >= SIGRTMIN && signo <= SIGRTMAX)
5044 snprintf(buf, sizeof(buf), "RTMIN+%d", signo - SIGRTMIN);
5046 snprintf(buf, sizeof(buf), "%d", signo);
5051 int signal_from_string(const char *s) {
5056 signo = __signal_from_string(s);
5060 if (startswith(s, "RTMIN+")) {
5064 if (safe_atou(s, &u) >= 0) {
5065 signo = (int) u + offset;
5066 if (signo > 0 && signo < _NSIG)
5072 bool kexec_loaded(void) {
5073 bool loaded = false;
5076 if (read_one_line_file("/sys/kernel/kexec_loaded", &s) >= 0) {
5084 int prot_from_flags(int flags) {
5086 switch (flags & O_ACCMODE) {
5095 return PROT_READ|PROT_WRITE;
5102 char *format_bytes(char *buf, size_t l, off_t t) {
5105 static const struct {
5109 { "E", 1024ULL*1024ULL*1024ULL*1024ULL*1024ULL*1024ULL },
5110 { "P", 1024ULL*1024ULL*1024ULL*1024ULL*1024ULL },
5111 { "T", 1024ULL*1024ULL*1024ULL*1024ULL },
5112 { "G", 1024ULL*1024ULL*1024ULL },
5113 { "M", 1024ULL*1024ULL },
5117 for (i = 0; i < ELEMENTSOF(table); i++) {
5119 if (t >= table[i].factor) {
5122 (unsigned long long) (t / table[i].factor),
5123 (unsigned long long) (((t*10ULL) / table[i].factor) % 10ULL),
5130 snprintf(buf, l, "%lluB", (unsigned long long) t);
5138 void* memdup(const void *p, size_t l) {
5151 int fd_inc_sndbuf(int fd, size_t n) {
5153 socklen_t l = sizeof(value);
5155 r = getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, &l);
5156 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
5159 /* If we have the privileges we will ignore the kernel limit. */
5162 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
5163 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
5169 int fd_inc_rcvbuf(int fd, size_t n) {
5171 socklen_t l = sizeof(value);
5173 r = getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, &l);
5174 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
5177 /* If we have the privileges we will ignore the kernel limit. */
5180 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
5181 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
5186 int fork_agent(pid_t *pid, const int except[], unsigned n_except, const char *path, ...) {
5187 bool stdout_is_tty, stderr_is_tty;
5188 pid_t parent_pid, agent_pid;
5189 sigset_t ss, saved_ss;
5197 /* Spawns a temporary TTY agent, making sure it goes away when
5200 parent_pid = getpid();
5202 /* First we temporarily block all signals, so that the new
5203 * child has them blocked initially. This way, we can be sure
5204 * that SIGTERMs are not lost we might send to the agent. */
5205 assert_se(sigfillset(&ss) >= 0);
5206 assert_se(sigprocmask(SIG_SETMASK, &ss, &saved_ss) >= 0);
5209 if (agent_pid < 0) {
5210 assert_se(sigprocmask(SIG_SETMASK, &saved_ss, NULL) >= 0);
5214 if (agent_pid != 0) {
5215 assert_se(sigprocmask(SIG_SETMASK, &saved_ss, NULL) >= 0);
5222 * Make sure the agent goes away when the parent dies */
5223 if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
5224 _exit(EXIT_FAILURE);
5226 /* Make sure we actually can kill the agent, if we need to, in
5227 * case somebody invoked us from a shell script that trapped
5228 * SIGTERM or so... */
5229 reset_all_signal_handlers();
5230 reset_signal_mask();
5232 /* Check whether our parent died before we were able
5233 * to set the death signal and unblock the signals */
5234 if (getppid() != parent_pid)
5235 _exit(EXIT_SUCCESS);
5237 /* Don't leak fds to the agent */
5238 close_all_fds(except, n_except);
5240 stdout_is_tty = isatty(STDOUT_FILENO);
5241 stderr_is_tty = isatty(STDERR_FILENO);
5243 if (!stdout_is_tty || !stderr_is_tty) {
5246 /* Detach from stdout/stderr. and reopen
5247 * /dev/tty for them. This is important to
5248 * ensure that when systemctl is started via
5249 * popen() or a similar call that expects to
5250 * read EOF we actually do generate EOF and
5251 * not delay this indefinitely by because we
5252 * keep an unused copy of stdin around. */
5253 fd = open("/dev/tty", O_WRONLY);
5255 log_error("Failed to open /dev/tty: %m");
5256 _exit(EXIT_FAILURE);
5260 dup2(fd, STDOUT_FILENO);
5263 dup2(fd, STDERR_FILENO);
5269 /* Count arguments */
5271 for (n = 0; va_arg(ap, char*); n++)
5276 l = alloca(sizeof(char *) * (n + 1));
5278 /* Fill in arguments */
5280 for (i = 0; i <= n; i++)
5281 l[i] = va_arg(ap, char*);
5285 _exit(EXIT_FAILURE);
5288 int setrlimit_closest(int resource, const struct rlimit *rlim) {
5289 struct rlimit highest, fixed;
5293 if (setrlimit(resource, rlim) >= 0)
5299 /* So we failed to set the desired setrlimit, then let's try
5300 * to get as close as we can */
5301 assert_se(getrlimit(resource, &highest) == 0);
5303 fixed.rlim_cur = MIN(rlim->rlim_cur, highest.rlim_max);
5304 fixed.rlim_max = MIN(rlim->rlim_max, highest.rlim_max);
5306 if (setrlimit(resource, &fixed) < 0)
5312 int getenv_for_pid(pid_t pid, const char *field, char **_value) {
5313 _cleanup_fclose_ FILE *f = NULL;
5324 path = procfs_file_alloca(pid, "environ");
5326 f = fopen(path, "re");
5334 char line[LINE_MAX];
5337 for (i = 0; i < sizeof(line)-1; i++) {
5341 if (_unlikely_(c == EOF)) {
5351 if (memcmp(line, field, l) == 0 && line[l] == '=') {
5352 value = strdup(line + l + 1);
5366 bool is_valid_documentation_url(const char *url) {
5369 if (startswith(url, "http://") && url[7])
5372 if (startswith(url, "https://") && url[8])
5375 if (startswith(url, "file:") && url[5])
5378 if (startswith(url, "info:") && url[5])
5381 if (startswith(url, "man:") && url[4])
5387 bool in_initrd(void) {
5388 static int saved = -1;
5394 /* We make two checks here:
5396 * 1. the flag file /etc/initrd-release must exist
5397 * 2. the root file system must be a memory file system
5399 * The second check is extra paranoia, since misdetecting an
5400 * initrd can have bad bad consequences due the initrd
5401 * emptying when transititioning to the main systemd.
5404 saved = access("/etc/initrd-release", F_OK) >= 0 &&
5405 statfs("/", &s) >= 0 &&
5406 is_temporary_fs(&s);
5411 void warn_melody(void) {
5412 _cleanup_close_ int fd = -1;
5414 fd = open("/dev/console", O_WRONLY|O_CLOEXEC|O_NOCTTY);
5418 /* Yeah, this is synchronous. Kinda sucks. But well... */
5420 ioctl(fd, KIOCSOUND, (int)(1193180/440));
5421 usleep(125*USEC_PER_MSEC);
5423 ioctl(fd, KIOCSOUND, (int)(1193180/220));
5424 usleep(125*USEC_PER_MSEC);
5426 ioctl(fd, KIOCSOUND, (int)(1193180/220));
5427 usleep(125*USEC_PER_MSEC);
5429 ioctl(fd, KIOCSOUND, 0);
5432 int make_console_stdio(void) {
5435 /* Make /dev/console the controlling terminal and stdin/stdout/stderr */
5437 fd = acquire_terminal("/dev/console", false, true, true, USEC_INFINITY);
5439 log_error("Failed to acquire terminal: %s", strerror(-fd));
5445 log_error("Failed to duplicate terminal fd: %s", strerror(-r));
5452 int get_home_dir(char **_h) {
5460 /* Take the user specified one */
5461 e = secure_getenv("HOME");
5462 if (e && path_is_absolute(e)) {
5471 /* Hardcode home directory for root to avoid NSS */
5474 h = strdup("/root");
5482 /* Check the database... */
5486 return errno > 0 ? -errno : -ESRCH;
5488 if (!path_is_absolute(p->pw_dir))
5491 h = strdup(p->pw_dir);
5499 int get_shell(char **_s) {
5507 /* Take the user specified one */
5508 e = getenv("SHELL");
5518 /* Hardcode home directory for root to avoid NSS */
5521 s = strdup("/bin/sh");
5529 /* Check the database... */
5533 return errno > 0 ? -errno : -ESRCH;
5535 if (!path_is_absolute(p->pw_shell))
5538 s = strdup(p->pw_shell);
5546 bool filename_is_safe(const char *p) {
5560 if (strlen(p) > FILENAME_MAX)
5566 bool string_is_safe(const char *p) {
5572 for (t = p; *t; t++) {
5573 if (*t > 0 && *t < ' ')
5576 if (strchr("\\\"\'\0x7f", *t))
5584 * Check if a string contains control characters. If 'ok' is non-NULL
5585 * it may be a string containing additional CCs to be considered OK.
5587 bool string_has_cc(const char *p, const char *ok) {
5592 for (t = p; *t; t++) {
5593 if (ok && strchr(ok, *t))
5596 if (*t > 0 && *t < ' ')
5606 bool path_is_safe(const char *p) {
5611 if (streq(p, "..") || startswith(p, "../") || endswith(p, "/..") || strstr(p, "/../"))
5614 if (strlen(p) > PATH_MAX)
5617 /* The following two checks are not really dangerous, but hey, they still are confusing */
5618 if (streq(p, ".") || startswith(p, "./") || endswith(p, "/.") || strstr(p, "/./"))
5621 if (strstr(p, "//"))
5627 /* hey glibc, APIs with callbacks without a user pointer are so useless */
5628 void *xbsearch_r(const void *key, const void *base, size_t nmemb, size_t size,
5629 int (*compar) (const void *, const void *, void *), void *arg) {
5638 p = (void *)(((const char *) base) + (idx * size));
5639 comparison = compar(key, p, arg);
5642 else if (comparison > 0)
5650 bool is_locale_utf8(void) {
5652 static int cached_answer = -1;
5654 if (cached_answer >= 0)
5657 if (!setlocale(LC_ALL, "")) {
5658 cached_answer = true;
5662 set = nl_langinfo(CODESET);
5664 cached_answer = true;
5668 if (streq(set, "UTF-8")) {
5669 cached_answer = true;
5673 /* For LC_CTYPE=="C" return true, because CTYPE is effectly
5674 * unset and everything can do to UTF-8 nowadays. */
5675 set = setlocale(LC_CTYPE, NULL);
5677 cached_answer = true;
5681 /* Check result, but ignore the result if C was set
5685 !getenv("LC_ALL") &&
5686 !getenv("LC_CTYPE") &&
5690 return (bool) cached_answer;
5693 const char *draw_special_char(DrawSpecialChar ch) {
5694 static const char *draw_table[2][_DRAW_SPECIAL_CHAR_MAX] = {
5697 [DRAW_TREE_VERTICAL] = "\342\224\202 ", /* │ */
5698 [DRAW_TREE_BRANCH] = "\342\224\234\342\224\200", /* ├─ */
5699 [DRAW_TREE_RIGHT] = "\342\224\224\342\224\200", /* └─ */
5700 [DRAW_TREE_SPACE] = " ", /* */
5701 [DRAW_TRIANGULAR_BULLET] = "\342\200\243", /* ‣ */
5702 [DRAW_BLACK_CIRCLE] = "\342\227\217", /* ● */
5703 [DRAW_ARROW] = "\342\206\222", /* → */
5704 [DRAW_DASH] = "\342\200\223", /* – */
5707 /* ASCII fallback */ {
5708 [DRAW_TREE_VERTICAL] = "| ",
5709 [DRAW_TREE_BRANCH] = "|-",
5710 [DRAW_TREE_RIGHT] = "`-",
5711 [DRAW_TREE_SPACE] = " ",
5712 [DRAW_TRIANGULAR_BULLET] = ">",
5713 [DRAW_BLACK_CIRCLE] = "*",
5714 [DRAW_ARROW] = "->",
5719 return draw_table[!is_locale_utf8()][ch];
5722 char *strreplace(const char *text, const char *old_string, const char *new_string) {
5725 size_t l, old_len, new_len;
5731 old_len = strlen(old_string);
5732 new_len = strlen(new_string);
5745 if (!startswith(f, old_string)) {
5751 nl = l - old_len + new_len;
5752 a = realloc(r, nl + 1);
5760 t = stpcpy(t, new_string);
5772 char *strip_tab_ansi(char **ibuf, size_t *_isz) {
5773 const char *i, *begin = NULL;
5778 } state = STATE_OTHER;
5780 size_t osz = 0, isz;
5786 /* Strips ANSI color and replaces TABs by 8 spaces */
5788 isz = _isz ? *_isz : strlen(*ibuf);
5790 f = open_memstream(&obuf, &osz);
5794 for (i = *ibuf; i < *ibuf + isz + 1; i++) {
5799 if (i >= *ibuf + isz) /* EOT */
5801 else if (*i == '\x1B')
5802 state = STATE_ESCAPE;
5803 else if (*i == '\t')
5810 if (i >= *ibuf + isz) { /* EOT */
5813 } else if (*i == '[') {
5814 state = STATE_BRACKET;
5819 state = STATE_OTHER;
5826 if (i >= *ibuf + isz || /* EOT */
5827 (!(*i >= '0' && *i <= '9') && *i != ';' && *i != 'm')) {
5830 state = STATE_OTHER;
5832 } else if (*i == 'm')
5833 state = STATE_OTHER;
5855 int on_ac_power(void) {
5856 bool found_offline = false, found_online = false;
5857 _cleanup_closedir_ DIR *d = NULL;
5859 d = opendir("/sys/class/power_supply");
5865 _cleanup_close_ int fd = -1, device = -1;
5871 if (!de && errno != 0)
5877 if (ignore_file(de->d_name))
5880 device = openat(dirfd(d), de->d_name, O_DIRECTORY|O_RDONLY|O_CLOEXEC|O_NOCTTY);
5882 if (errno == ENOENT || errno == ENOTDIR)
5888 fd = openat(device, "type", O_RDONLY|O_CLOEXEC|O_NOCTTY);
5890 if (errno == ENOENT)
5896 n = read(fd, contents, sizeof(contents));
5900 if (n != 6 || memcmp(contents, "Mains\n", 6))
5904 fd = openat(device, "online", O_RDONLY|O_CLOEXEC|O_NOCTTY);
5906 if (errno == ENOENT)
5912 n = read(fd, contents, sizeof(contents));
5916 if (n != 2 || contents[1] != '\n')
5919 if (contents[0] == '1') {
5920 found_online = true;
5922 } else if (contents[0] == '0')
5923 found_offline = true;
5928 return found_online || !found_offline;
5931 static int search_and_fopen_internal(const char *path, const char *mode, const char *root, char **search, FILE **_f) {
5938 if (!path_strv_resolve_uniq(search, root))
5941 STRV_FOREACH(i, search) {
5942 _cleanup_free_ char *p = NULL;
5946 p = strjoin(root, *i, "/", path, NULL);
5948 p = strjoin(*i, "/", path, NULL);
5958 if (errno != ENOENT)
5965 int search_and_fopen(const char *path, const char *mode, const char *root, const char **search, FILE **_f) {
5966 _cleanup_strv_free_ char **copy = NULL;
5972 if (path_is_absolute(path)) {
5975 f = fopen(path, mode);
5984 copy = strv_copy((char**) search);
5988 return search_and_fopen_internal(path, mode, root, copy, _f);
5991 int search_and_fopen_nulstr(const char *path, const char *mode, const char *root, const char *search, FILE **_f) {
5992 _cleanup_strv_free_ char **s = NULL;
5994 if (path_is_absolute(path)) {
5997 f = fopen(path, mode);
6006 s = strv_split_nulstr(search);
6010 return search_and_fopen_internal(path, mode, root, s, _f);
6013 char *strextend(char **x, ...) {
6020 l = f = *x ? strlen(*x) : 0;
6027 t = va_arg(ap, const char *);
6032 if (n > ((size_t) -1) - l) {
6041 r = realloc(*x, l+1);
6051 t = va_arg(ap, const char *);
6065 char *strrep(const char *s, unsigned n) {
6073 p = r = malloc(l * n + 1);
6077 for (i = 0; i < n; i++)
6084 void* greedy_realloc(void **p, size_t *allocated, size_t need, size_t size) {
6091 if (*allocated >= need)
6094 newalloc = MAX(need * 2, 64u / size);
6095 a = newalloc * size;
6097 /* check for overflows */
6098 if (a < size * need)
6106 *allocated = newalloc;
6110 void* greedy_realloc0(void **p, size_t *allocated, size_t need, size_t size) {
6119 q = greedy_realloc(p, allocated, need, size);
6123 if (*allocated > prev)
6124 memzero(q + prev * size, (*allocated - prev) * size);
6129 bool id128_is_valid(const char *s) {
6135 /* Simple formatted 128bit hex string */
6137 for (i = 0; i < l; i++) {
6140 if (!(c >= '0' && c <= '9') &&
6141 !(c >= 'a' && c <= 'z') &&
6142 !(c >= 'A' && c <= 'Z'))
6146 } else if (l == 36) {
6148 /* Formatted UUID */
6150 for (i = 0; i < l; i++) {
6153 if ((i == 8 || i == 13 || i == 18 || i == 23)) {
6157 if (!(c >= '0' && c <= '9') &&
6158 !(c >= 'a' && c <= 'z') &&
6159 !(c >= 'A' && c <= 'Z'))
6170 int split_pair(const char *s, const char *sep, char **l, char **r) {
6185 a = strndup(s, x - s);
6189 b = strdup(x + strlen(sep));
6201 int shall_restore_state(void) {
6202 _cleanup_free_ char *line = NULL;
6206 r = proc_cmdline(&line);
6214 _cleanup_free_ char *word = NULL;
6218 k = unquote_first_word(&p, &word, true);
6224 e = startswith(word, "systemd.restore_state=");
6228 k = parse_boolean(e);
6236 int proc_cmdline(char **ret) {
6239 if (detect_container(NULL) > 0)
6240 return get_process_cmdline(1, 0, false, ret);
6242 return read_one_line_file("/proc/cmdline", ret);
6245 int parse_proc_cmdline(int (*parse_item)(const char *key, const char *value)) {
6246 _cleanup_free_ char *line = NULL;
6252 r = proc_cmdline(&line);
6258 _cleanup_free_ char *word = NULL;
6261 r = unquote_first_word(&p, &word, true);
6267 /* Filter out arguments that are intended only for the
6269 if (!in_initrd() && startswith(word, "rd."))
6272 value = strchr(word, '=');
6276 r = parse_item(word, value);
6284 int container_get_leader(const char *machine, pid_t *pid) {
6285 _cleanup_free_ char *s = NULL, *class = NULL;
6293 p = strappenda("/run/systemd/machines/", machine);
6294 r = parse_env_file(p, NEWLINE, "LEADER", &s, "CLASS", &class, NULL);
6302 if (!streq_ptr(class, "container"))
6305 r = parse_pid(s, &leader);
6315 int namespace_open(pid_t pid, int *pidns_fd, int *mntns_fd, int *netns_fd, int *root_fd) {
6316 _cleanup_close_ int pidnsfd = -1, mntnsfd = -1, netnsfd = -1;
6324 mntns = procfs_file_alloca(pid, "ns/mnt");
6325 mntnsfd = open(mntns, O_RDONLY|O_NOCTTY|O_CLOEXEC);
6333 pidns = procfs_file_alloca(pid, "ns/pid");
6334 pidnsfd = open(pidns, O_RDONLY|O_NOCTTY|O_CLOEXEC);
6342 netns = procfs_file_alloca(pid, "ns/net");
6343 netnsfd = open(netns, O_RDONLY|O_NOCTTY|O_CLOEXEC);
6351 root = procfs_file_alloca(pid, "root");
6352 rfd = open(root, O_RDONLY|O_NOCTTY|O_CLOEXEC|O_DIRECTORY);
6358 *pidns_fd = pidnsfd;
6361 *mntns_fd = mntnsfd;
6364 *netns_fd = netnsfd;
6369 pidnsfd = mntnsfd = netnsfd = -1;
6374 int namespace_enter(int pidns_fd, int mntns_fd, int netns_fd, int root_fd) {
6377 if (setns(pidns_fd, CLONE_NEWPID) < 0)
6381 if (setns(mntns_fd, CLONE_NEWNS) < 0)
6385 if (setns(netns_fd, CLONE_NEWNET) < 0)
6389 if (fchdir(root_fd) < 0)
6392 if (chroot(".") < 0)
6396 if (setresgid(0, 0, 0) < 0)
6399 if (setgroups(0, NULL) < 0)
6402 if (setresuid(0, 0, 0) < 0)
6408 bool pid_is_unwaited(pid_t pid) {
6409 /* Checks whether a PID is still valid at all, including a zombie */
6414 if (kill(pid, 0) >= 0)
6417 return errno != ESRCH;
6420 bool pid_is_alive(pid_t pid) {
6423 /* Checks whether a PID is still valid and not a zombie */
6428 r = get_process_state(pid);
6429 if (r == -ENOENT || r == 'Z')
6435 int getpeercred(int fd, struct ucred *ucred) {
6436 socklen_t n = sizeof(struct ucred);
6443 r = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &u, &n);
6447 if (n != sizeof(struct ucred))
6450 /* Check if the data is actually useful and not suppressed due
6451 * to namespacing issues */
6459 int getpeersec(int fd, char **ret) {
6471 r = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, s, &n);
6475 if (errno != ERANGE)
6482 r = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, s, &n);
6498 /* This is much like like mkostemp() but is subject to umask(). */
6499 int mkostemp_safe(char *pattern, int flags) {
6500 _cleanup_umask_ mode_t u;
6507 fd = mkostemp(pattern, flags);
6514 int open_tmpfile(const char *path, int flags) {
6521 /* Try O_TMPFILE first, if it is supported */
6522 fd = open(path, flags|O_TMPFILE, S_IRUSR|S_IWUSR);
6527 /* Fall back to unguessable name + unlinking */
6528 p = strappenda(path, "/systemd-tmp-XXXXXX");
6530 fd = mkostemp_safe(p, flags);
6538 int fd_warn_permissions(const char *path, int fd) {
6541 if (fstat(fd, &st) < 0)
6544 if (st.st_mode & 0111)
6545 log_warning("Configuration file %s is marked executable. Please remove executable permission bits. Proceeding anyway.", path);
6547 if (st.st_mode & 0002)
6548 log_warning("Configuration file %s is marked world-writable. Please remove world writability permission bits. Proceeding anyway.", path);
6550 if (getpid() == 1 && (st.st_mode & 0044) != 0044)
6551 log_warning("Configuration file %s is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.", path);
6556 unsigned long personality_from_string(const char *p) {
6558 /* Parse a personality specifier. We introduce our own
6559 * identifiers that indicate specific ABIs, rather than just
6560 * hints regarding the register size, since we want to keep
6561 * things open for multiple locally supported ABIs for the
6562 * same register size. We try to reuse the ABI identifiers
6563 * used by libseccomp. */
6565 #if defined(__x86_64__)
6567 if (streq(p, "x86"))
6570 if (streq(p, "x86-64"))
6573 #elif defined(__i386__)
6575 if (streq(p, "x86"))
6579 /* personality(7) documents that 0xffffffffUL is used for
6580 * querying the current personality, hence let's use that here
6581 * as error indicator. */
6582 return 0xffffffffUL;
6585 const char* personality_to_string(unsigned long p) {
6587 #if defined(__x86_64__)
6589 if (p == PER_LINUX32)
6595 #elif defined(__i386__)
6604 uint64_t physical_memory(void) {
6607 /* We return this as uint64_t in case we are running as 32bit
6608 * process on a 64bit kernel with huge amounts of memory */
6610 mem = sysconf(_SC_PHYS_PAGES);
6613 return (uint64_t) mem * (uint64_t) page_size();
6616 char* mount_test_option(const char *haystack, const char *needle) {
6618 struct mntent me = {
6619 .mnt_opts = (char*) haystack
6624 /* Like glibc's hasmntopt(), but works on a string, not a
6630 return hasmntopt(&me, needle);
6633 void hexdump(FILE *f, const void *p, size_t s) {
6634 const uint8_t *b = p;
6637 assert(s == 0 || b);
6642 fprintf(f, "%04x ", n);
6644 for (i = 0; i < 16; i++) {
6649 fprintf(f, "%02x ", b[i]);
6657 for (i = 0; i < 16; i++) {
6662 fputc(isprint(b[i]) ? (char) b[i] : '.', f);
6676 int update_reboot_param_file(const char *param) {
6681 r = write_string_file(REBOOT_PARAM_FILE, param);
6683 log_error("Failed to write reboot param to "
6684 REBOOT_PARAM_FILE": %s", strerror(-r));
6686 unlink(REBOOT_PARAM_FILE);
6691 int umount_recursive(const char *prefix, int flags) {
6695 /* Try to umount everything recursively below a
6696 * directory. Also, take care of stacked mounts, and keep
6697 * unmounting them until they are gone. */
6700 _cleanup_fclose_ FILE *proc_self_mountinfo = NULL;
6705 proc_self_mountinfo = fopen("/proc/self/mountinfo", "re");
6706 if (!proc_self_mountinfo)
6710 _cleanup_free_ char *path = NULL, *p = NULL;
6713 k = fscanf(proc_self_mountinfo,
6714 "%*s " /* (1) mount id */
6715 "%*s " /* (2) parent id */
6716 "%*s " /* (3) major:minor */
6717 "%*s " /* (4) root */
6718 "%ms " /* (5) mount point */
6719 "%*s" /* (6) mount options */
6720 "%*[^-]" /* (7) optional fields */
6721 "- " /* (8) separator */
6722 "%*s " /* (9) file system type */
6723 "%*s" /* (10) mount source */
6724 "%*s" /* (11) mount options 2 */
6725 "%*[^\n]", /* some rubbish at the end */
6734 p = cunescape(path);
6738 if (!path_startswith(p, prefix))
6741 if (umount2(p, flags) < 0) {
6757 int bind_remount_recursive(const char *prefix, bool ro) {
6758 _cleanup_set_free_free_ Set *done = NULL;
6759 _cleanup_free_ char *cleaned = NULL;
6762 /* Recursively remount a directory (and all its submounts)
6763 * read-only or read-write. If the directory is already
6764 * mounted, we reuse the mount and simply mark it
6765 * MS_BIND|MS_RDONLY (or remove the MS_RDONLY for read-write
6766 * operation). If it isn't we first make it one. Afterwards we
6767 * apply MS_BIND|MS_RDONLY (or remove MS_RDONLY) to all
6768 * submounts we can access, too. When mounts are stacked on
6769 * the same mount point we only care for each individual
6770 * "top-level" mount on each point, as we cannot
6771 * influence/access the underlying mounts anyway. We do not
6772 * have any effect on future submounts that might get
6773 * propagated, they migt be writable. This includes future
6774 * submounts that have been triggered via autofs. */
6776 cleaned = strdup(prefix);
6780 path_kill_slashes(cleaned);
6782 done = set_new(&string_hash_ops);
6787 _cleanup_fclose_ FILE *proc_self_mountinfo = NULL;
6788 _cleanup_set_free_free_ Set *todo = NULL;
6789 bool top_autofs = false;
6792 todo = set_new(&string_hash_ops);
6796 proc_self_mountinfo = fopen("/proc/self/mountinfo", "re");
6797 if (!proc_self_mountinfo)
6801 _cleanup_free_ char *path = NULL, *p = NULL, *type = NULL;
6804 k = fscanf(proc_self_mountinfo,
6805 "%*s " /* (1) mount id */
6806 "%*s " /* (2) parent id */
6807 "%*s " /* (3) major:minor */
6808 "%*s " /* (4) root */
6809 "%ms " /* (5) mount point */
6810 "%*s" /* (6) mount options (superblock) */
6811 "%*[^-]" /* (7) optional fields */
6812 "- " /* (8) separator */
6813 "%ms " /* (9) file system type */
6814 "%*s" /* (10) mount source */
6815 "%*s" /* (11) mount options (bind mount) */
6816 "%*[^\n]", /* some rubbish at the end */
6826 p = cunescape(path);
6830 /* Let's ignore autofs mounts. If they aren't
6831 * triggered yet, we want to avoid triggering
6832 * them, as we don't make any guarantees for
6833 * future submounts anyway. If they are
6834 * already triggered, then we will find
6835 * another entry for this. */
6836 if (streq(type, "autofs")) {
6837 top_autofs = top_autofs || path_equal(cleaned, p);
6841 if (path_startswith(p, cleaned) &&
6842 !set_contains(done, p)) {
6844 r = set_consume(todo, p);
6854 /* If we have no submounts to process anymore and if
6855 * the root is either already done, or an autofs, we
6857 if (set_isempty(todo) &&
6858 (top_autofs || set_contains(done, cleaned)))
6861 if (!set_contains(done, cleaned) &&
6862 !set_contains(todo, cleaned)) {
6863 /* The prefix directory itself is not yet a
6864 * mount, make it one. */
6865 if (mount(cleaned, cleaned, NULL, MS_BIND|MS_REC, NULL) < 0)
6868 if (mount(NULL, prefix, NULL, MS_BIND|MS_REMOUNT|(ro ? MS_RDONLY : 0), NULL) < 0)
6871 x = strdup(cleaned);
6875 r = set_consume(done, x);
6880 while ((x = set_steal_first(todo))) {
6882 r = set_consume(done, x);
6888 if (mount(NULL, x, NULL, MS_BIND|MS_REMOUNT|(ro ? MS_RDONLY : 0), NULL) < 0) {
6890 /* Deal with mount points that are
6891 * obstructed by a later mount */
6893 if (errno != ENOENT)
6901 int fflush_and_check(FILE *f) {
6908 return errno ? -errno : -EIO;
6913 char *tempfn_xxxxxx(const char *p) {
6920 t = new(char, strlen(p) + 1 + 6 + 1);
6927 strcpy(stpcpy(stpcpy(mempcpy(t, p, k), "."), fn), "XXXXXX");
6932 char *tempfn_random(const char *p) {
6941 t = new(char, strlen(p) + 1 + 16 + 1);
6948 x = stpcpy(stpcpy(mempcpy(t, p, k), "."), fn);
6951 for (i = 0; i < 16; i++) {
6952 *(x++) = hexchar(u & 0xF);
6961 /* make sure the hostname is not "localhost" */
6962 bool is_localhost(const char *hostname) {
6965 /* This tries to identify local host and domain names
6966 * described in RFC6761 plus the redhatism of .localdomain */
6968 return streq(hostname, "localhost") ||
6969 streq(hostname, "localhost.") ||
6970 streq(hostname, "localdomain.") ||
6971 streq(hostname, "localdomain") ||
6972 endswith(hostname, ".localhost") ||
6973 endswith(hostname, ".localhost.") ||
6974 endswith(hostname, ".localdomain") ||
6975 endswith(hostname, ".localdomain.");
6978 int take_password_lock(const char *root) {
6980 struct flock flock = {
6982 .l_whence = SEEK_SET,
6990 /* This is roughly the same as lckpwdf(), but not as awful. We
6991 * don't want to use alarm() and signals, hence we implement
6992 * our own trivial version of this.
6994 * Note that shadow-utils also takes per-database locks in
6995 * addition to lckpwdf(). However, we don't given that they
6996 * are redundant as they they invoke lckpwdf() first and keep
6997 * it during everything they do. The per-database locks are
6998 * awfully racy, and thus we just won't do them. */
7001 path = strappenda(root, "/etc/.pwd.lock");
7003 path = "/etc/.pwd.lock";
7005 fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0600);
7009 r = fcntl(fd, F_SETLKW, &flock);
7018 int is_symlink(const char *path) {
7021 if (lstat(path, &info) < 0)
7024 return !!S_ISLNK(info.st_mode);
7027 int is_dir(const char* path, bool follow) {
7032 r = stat(path, &st);
7034 r = lstat(path, &st);
7038 return !!S_ISDIR(st.st_mode);
7041 int unquote_first_word(const char **p, char **ret, bool relax) {
7042 _cleanup_free_ char *s = NULL;
7043 size_t allocated = 0, sz = 0;
7050 SINGLE_QUOTE_ESCAPE,
7052 DOUBLE_QUOTE_ESCAPE,
7060 /* Parses the first word of a string, and returns it in
7061 * *ret. Removes all quotes in the process. When parsing fails
7062 * (because of an uneven number of quotes or similar), leaves
7063 * the pointer *p at the first invalid character. */
7073 else if (strchr(WHITESPACE, c))
7083 state = SINGLE_QUOTE;
7085 state = VALUE_ESCAPE;
7087 state = DOUBLE_QUOTE;
7088 else if (strchr(WHITESPACE, c))
7091 if (!GREEDY_REALLOC(s, allocated, sz+2))
7106 if (!GREEDY_REALLOC(s, allocated, sz+2))
7119 } else if (c == '\'')
7122 state = SINGLE_QUOTE_ESCAPE;
7124 if (!GREEDY_REALLOC(s, allocated, sz+2))
7132 case SINGLE_QUOTE_ESCAPE:
7139 if (!GREEDY_REALLOC(s, allocated, sz+2))
7143 state = SINGLE_QUOTE;
7152 state = DOUBLE_QUOTE_ESCAPE;
7154 if (!GREEDY_REALLOC(s, allocated, sz+2))
7162 case DOUBLE_QUOTE_ESCAPE:
7169 if (!GREEDY_REALLOC(s, allocated, sz+2))
7173 state = DOUBLE_QUOTE;
7179 if (!strchr(WHITESPACE, c))
7201 int unquote_many_words(const char **p, ...) {
7206 /* Parses a number of words from a string, stripping any
7207 * quotes if necessary. */
7211 /* Count how many words are expected */
7214 if (!va_arg(ap, char **))
7223 /* Read all words into a temporary array */
7224 l = newa0(char*, n);
7225 for (c = 0; c < n; c++) {
7227 r = unquote_first_word(p, &l[c], false);
7231 for (j = 0; j < c; j++)
7241 /* If we managed to parse all words, return them in the passed
7244 for (i = 0; i < n; i++) {
7247 v = va_arg(ap, char **);
7257 int free_and_strdup(char **p, const char *s) {
7262 /* Replaces a string pointer with an strdup()ed new string,
7263 * possibly freeing the old one. */
7278 int sethostname_idempotent(const char *s) {
7280 char buf[HOST_NAME_MAX + 1] = {};
7284 r = gethostname(buf, sizeof(buf));
7291 r = sethostname(s, strlen(s));