1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
31 #include <sys/resource.h>
32 #include <linux/sched.h>
33 #include <sys/types.h>
37 #include <sys/ioctl.h>
39 #include <linux/tiocl.h>
42 #include <sys/inotify.h>
45 #include <sys/prctl.h>
46 #include <sys/utsname.h>
48 #include <netinet/ip.h>
57 #include <sys/mount.h>
58 #include <linux/magic.h>
62 #include <sys/personality.h>
66 #ifdef HAVE_SYS_AUXV_H
78 #include "path-util.h"
79 #include "exit-status.h"
83 #include "device-nodes.h"
90 char **saved_argv = NULL;
92 static volatile unsigned cached_columns = 0;
93 static volatile unsigned cached_lines = 0;
95 size_t page_size(void) {
96 static thread_local size_t pgsz = 0;
99 if (_likely_(pgsz > 0))
102 r = sysconf(_SC_PAGESIZE);
109 bool streq_ptr(const char *a, const char *b) {
111 /* Like streq(), but tries to make sense of NULL pointers */
122 char* endswith(const char *s, const char *postfix) {
129 pl = strlen(postfix);
132 return (char*) s + sl;
137 if (memcmp(s + sl - pl, postfix, pl) != 0)
140 return (char*) s + sl - pl;
143 char* first_word(const char *s, const char *word) {
150 /* Checks if the string starts with the specified word, either
151 * followed by NUL or by whitespace. Returns a pointer to the
152 * NUL or the first character after the whitespace. */
163 if (memcmp(s, word, wl) != 0)
170 if (!strchr(WHITESPACE, *p))
173 p += strspn(p, WHITESPACE);
177 static size_t cescape_char(char c, char *buf) {
178 char * buf_old = buf;
224 /* For special chars we prefer octal over
225 * hexadecimal encoding, simply because glib's
226 * g_strescape() does the same */
227 if ((c < ' ') || (c >= 127)) {
229 *(buf++) = octchar((unsigned char) c >> 6);
230 *(buf++) = octchar((unsigned char) c >> 3);
231 *(buf++) = octchar((unsigned char) c);
237 return buf - buf_old;
240 int close_nointr(int fd) {
247 * Just ignore EINTR; a retry loop is the wrong thing to do on
250 * http://lkml.indiana.edu/hypermail/linux/kernel/0509.1/0877.html
251 * https://bugzilla.gnome.org/show_bug.cgi?id=682819
252 * http://utcc.utoronto.ca/~cks/space/blog/unix/CloseEINTR
253 * https://sites.google.com/site/michaelsafyan/software-engineering/checkforeintrwheninvokingclosethinkagain
261 int safe_close(int fd) {
264 * Like close_nointr() but cannot fail. Guarantees errno is
265 * unchanged. Is a NOP with negative fds passed, and returns
266 * -1, so that it can be used in this syntax:
268 * fd = safe_close(fd);
274 /* The kernel might return pretty much any error code
275 * via close(), but the fd will be closed anyway. The
276 * only condition we want to check for here is whether
277 * the fd was invalid at all... */
279 assert_se(close_nointr(fd) != -EBADF);
285 void close_many(const int fds[], unsigned n_fd) {
288 assert(fds || n_fd <= 0);
290 for (i = 0; i < n_fd; i++)
294 int unlink_noerrno(const char *path) {
305 int parse_boolean(const char *v) {
308 if (streq(v, "1") || strcaseeq(v, "yes") || strcaseeq(v, "y") || strcaseeq(v, "true") || strcaseeq(v, "t") || strcaseeq(v, "on"))
310 else if (streq(v, "0") || strcaseeq(v, "no") || strcaseeq(v, "n") || strcaseeq(v, "false") || strcaseeq(v, "f") || strcaseeq(v, "off"))
316 int parse_pid(const char *s, pid_t* ret_pid) {
317 unsigned long ul = 0;
324 r = safe_atolu(s, &ul);
330 if ((unsigned long) pid != ul)
340 int parse_uid(const char *s, uid_t* ret_uid) {
341 unsigned long ul = 0;
348 r = safe_atolu(s, &ul);
354 if ((unsigned long) uid != ul)
357 /* Some libc APIs use UID_INVALID as special placeholder */
358 if (uid == (uid_t) 0xFFFFFFFF)
361 /* A long time ago UIDs where 16bit, hence explicitly avoid the 16bit -1 too */
362 if (uid == (uid_t) 0xFFFF)
369 int safe_atou(const char *s, unsigned *ret_u) {
377 l = strtoul(s, &x, 0);
379 if (!x || x == s || *x || errno)
380 return errno > 0 ? -errno : -EINVAL;
382 if ((unsigned long) (unsigned) l != l)
385 *ret_u = (unsigned) l;
389 int safe_atoi(const char *s, int *ret_i) {
397 l = strtol(s, &x, 0);
399 if (!x || x == s || *x || errno)
400 return errno > 0 ? -errno : -EINVAL;
402 if ((long) (int) l != l)
409 int safe_atou8(const char *s, uint8_t *ret) {
417 l = strtoul(s, &x, 0);
419 if (!x || x == s || *x || errno)
420 return errno > 0 ? -errno : -EINVAL;
422 if ((unsigned long) (uint8_t) l != l)
429 int safe_atou16(const char *s, uint16_t *ret) {
437 l = strtoul(s, &x, 0);
439 if (!x || x == s || *x || errno)
440 return errno > 0 ? -errno : -EINVAL;
442 if ((unsigned long) (uint16_t) l != l)
449 int safe_atoi16(const char *s, int16_t *ret) {
457 l = strtol(s, &x, 0);
459 if (!x || x == s || *x || errno)
460 return errno > 0 ? -errno : -EINVAL;
462 if ((long) (int16_t) l != l)
469 int safe_atollu(const char *s, long long unsigned *ret_llu) {
471 unsigned long long l;
477 l = strtoull(s, &x, 0);
479 if (!x || x == s || *x || errno)
480 return errno ? -errno : -EINVAL;
486 int safe_atolli(const char *s, long long int *ret_lli) {
494 l = strtoll(s, &x, 0);
496 if (!x || x == s || *x || errno)
497 return errno ? -errno : -EINVAL;
503 int safe_atod(const char *s, double *ret_d) {
510 RUN_WITH_LOCALE(LC_NUMERIC_MASK, "C") {
515 if (!x || x == s || *x || errno)
516 return errno ? -errno : -EINVAL;
522 static size_t strcspn_escaped(const char *s, const char *reject) {
523 bool escaped = false;
526 for (n=0; s[n]; n++) {
529 else if (s[n] == '\\')
531 else if (strchr(reject, s[n]))
534 /* if s ends in \, return index of previous char */
538 /* Split a string into words. */
539 const char* split(const char **state, size_t *l, const char *separator, bool quoted) {
545 assert(**state == '\0');
549 current += strspn(current, separator);
555 if (quoted && strchr("\'\"", *current)) {
556 char quotechars[2] = {*current, '\0'};
558 *l = strcspn_escaped(current + 1, quotechars);
559 if (current[*l + 1] == '\0' ||
560 (current[*l + 2] && !strchr(separator, current[*l + 2]))) {
561 /* right quote missing or garbage at the end*/
565 assert(current[*l + 1] == quotechars[0]);
566 *state = current++ + *l + 2;
568 *l = strcspn_escaped(current, separator);
569 *state = current + *l;
571 *l = strcspn(current, separator);
572 *state = current + *l;
578 int get_parent_of_pid(pid_t pid, pid_t *_ppid) {
580 _cleanup_free_ char *line = NULL;
592 p = procfs_file_alloca(pid, "stat");
593 r = read_one_line_file(p, &line);
597 /* Let's skip the pid and comm fields. The latter is enclosed
598 * in () but does not escape any () in its value, so let's
599 * skip over it manually */
601 p = strrchr(line, ')');
613 if ((long unsigned) (pid_t) ppid != ppid)
616 *_ppid = (pid_t) ppid;
621 int fchmod_umask(int fd, mode_t m) {
626 r = fchmod(fd, m & (~u)) < 0 ? -errno : 0;
632 char *truncate_nl(char *s) {
635 s[strcspn(s, NEWLINE)] = 0;
639 int get_process_state(pid_t pid) {
643 _cleanup_free_ char *line = NULL;
647 p = procfs_file_alloca(pid, "stat");
648 r = read_one_line_file(p, &line);
652 p = strrchr(line, ')');
658 if (sscanf(p, " %c", &state) != 1)
661 return (unsigned char) state;
664 int get_process_comm(pid_t pid, char **name) {
671 p = procfs_file_alloca(pid, "comm");
673 r = read_one_line_file(p, name);
680 int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char **line) {
681 _cleanup_fclose_ FILE *f = NULL;
689 p = procfs_file_alloca(pid, "cmdline");
695 if (max_length == 0) {
696 size_t len = 0, allocated = 0;
698 while ((c = getc(f)) != EOF) {
700 if (!GREEDY_REALLOC(r, allocated, len+2)) {
705 r[len++] = isprint(c) ? c : ' ';
715 r = new(char, max_length);
721 while ((c = getc(f)) != EOF) {
743 size_t n = MIN(left-1, 3U);
750 /* Kernel threads have no argv[] */
752 _cleanup_free_ char *t = NULL;
760 h = get_process_comm(pid, &t);
764 r = strjoin("[", t, "]", NULL);
773 int is_kernel_thread(pid_t pid) {
785 p = procfs_file_alloca(pid, "cmdline");
790 count = fread(&c, 1, 1, f);
794 /* Kernel threads have an empty cmdline */
797 return eof ? 1 : -errno;
802 int get_process_capeff(pid_t pid, char **capeff) {
808 p = procfs_file_alloca(pid, "status");
810 return get_status_field(p, "\nCapEff:", capeff);
813 static int get_process_link_contents(const char *proc_file, char **name) {
819 r = readlink_malloc(proc_file, name);
821 return r == -ENOENT ? -ESRCH : r;
826 int get_process_exe(pid_t pid, char **name) {
833 p = procfs_file_alloca(pid, "exe");
834 r = get_process_link_contents(p, name);
838 d = endswith(*name, " (deleted)");
845 static int get_process_id(pid_t pid, const char *field, uid_t *uid) {
846 _cleanup_fclose_ FILE *f = NULL;
856 p = procfs_file_alloca(pid, "status");
861 FOREACH_LINE(line, f, return -errno) {
866 if (startswith(l, field)) {
868 l += strspn(l, WHITESPACE);
870 l[strcspn(l, WHITESPACE)] = 0;
872 return parse_uid(l, uid);
879 int get_process_uid(pid_t pid, uid_t *uid) {
880 return get_process_id(pid, "Uid:", uid);
883 int get_process_gid(pid_t pid, gid_t *gid) {
884 assert_cc(sizeof(uid_t) == sizeof(gid_t));
885 return get_process_id(pid, "Gid:", gid);
888 int get_process_cwd(pid_t pid, char **cwd) {
893 p = procfs_file_alloca(pid, "cwd");
895 return get_process_link_contents(p, cwd);
898 int get_process_root(pid_t pid, char **root) {
903 p = procfs_file_alloca(pid, "root");
905 return get_process_link_contents(p, root);
908 int get_process_environ(pid_t pid, char **env) {
909 _cleanup_fclose_ FILE *f = NULL;
910 _cleanup_free_ char *outcome = NULL;
913 size_t allocated = 0, sz = 0;
918 p = procfs_file_alloca(pid, "environ");
924 while ((c = fgetc(f)) != EOF) {
925 if (!GREEDY_REALLOC(outcome, allocated, sz + 5))
929 outcome[sz++] = '\n';
931 sz += cescape_char(c, outcome + sz);
941 char *strnappend(const char *s, const char *suffix, size_t b) {
949 return strndup(suffix, b);
958 if (b > ((size_t) -1) - a)
961 r = new(char, a+b+1);
966 memcpy(r+a, suffix, b);
972 char *strappend(const char *s, const char *suffix) {
973 return strnappend(s, suffix, suffix ? strlen(suffix) : 0);
976 int readlinkat_malloc(int fd, const char *p, char **ret) {
991 n = readlinkat(fd, p, c, l-1);
998 if ((size_t) n < l-1) {
1009 int readlink_malloc(const char *p, char **ret) {
1010 return readlinkat_malloc(AT_FDCWD, p, ret);
1013 int readlink_value(const char *p, char **ret) {
1014 _cleanup_free_ char *link = NULL;
1018 r = readlink_malloc(p, &link);
1022 value = basename(link);
1026 value = strdup(value);
1035 int readlink_and_make_absolute(const char *p, char **r) {
1036 _cleanup_free_ char *target = NULL;
1043 j = readlink_malloc(p, &target);
1047 k = file_in_same_dir(p, target);
1055 int readlink_and_canonicalize(const char *p, char **r) {
1062 j = readlink_and_make_absolute(p, &t);
1066 s = canonicalize_file_name(t);
1073 path_kill_slashes(*r);
1078 int reset_all_signal_handlers(void) {
1081 for (sig = 1; sig < _NSIG; sig++) {
1082 struct sigaction sa = {
1083 .sa_handler = SIG_DFL,
1084 .sa_flags = SA_RESTART,
1087 /* These two cannot be caught... */
1088 if (sig == SIGKILL || sig == SIGSTOP)
1091 /* On Linux the first two RT signals are reserved by
1092 * glibc, and sigaction() will return EINVAL for them. */
1093 if ((sigaction(sig, &sa, NULL) < 0))
1094 if (errno != EINVAL && r == 0)
1101 int reset_signal_mask(void) {
1104 if (sigemptyset(&ss) < 0)
1107 if (sigprocmask(SIG_SETMASK, &ss, NULL) < 0)
1113 char *strstrip(char *s) {
1116 /* Drops trailing whitespace. Modifies the string in
1117 * place. Returns pointer to first non-space character */
1119 s += strspn(s, WHITESPACE);
1121 for (e = strchr(s, 0); e > s; e --)
1122 if (!strchr(WHITESPACE, e[-1]))
1130 char *delete_chars(char *s, const char *bad) {
1133 /* Drops all whitespace, regardless where in the string */
1135 for (f = s, t = s; *f; f++) {
1136 if (strchr(bad, *f))
1147 char *file_in_same_dir(const char *path, const char *filename) {
1154 /* This removes the last component of path and appends
1155 * filename, unless the latter is absolute anyway or the
1158 if (path_is_absolute(filename))
1159 return strdup(filename);
1161 if (!(e = strrchr(path, '/')))
1162 return strdup(filename);
1164 k = strlen(filename);
1165 if (!(r = new(char, e-path+1+k+1)))
1168 memcpy(r, path, e-path+1);
1169 memcpy(r+(e-path)+1, filename, k+1);
1174 int rmdir_parents(const char *path, const char *stop) {
1183 /* Skip trailing slashes */
1184 while (l > 0 && path[l-1] == '/')
1190 /* Skip last component */
1191 while (l > 0 && path[l-1] != '/')
1194 /* Skip trailing slashes */
1195 while (l > 0 && path[l-1] == '/')
1201 if (!(t = strndup(path, l)))
1204 if (path_startswith(stop, t)) {
1213 if (errno != ENOENT)
1220 char hexchar(int x) {
1221 static const char table[16] = "0123456789abcdef";
1223 return table[x & 15];
1226 int unhexchar(char c) {
1228 if (c >= '0' && c <= '9')
1231 if (c >= 'a' && c <= 'f')
1232 return c - 'a' + 10;
1234 if (c >= 'A' && c <= 'F')
1235 return c - 'A' + 10;
1240 char *hexmem(const void *p, size_t l) {
1244 z = r = malloc(l * 2 + 1);
1248 for (x = p; x < (const uint8_t*) p + l; x++) {
1249 *(z++) = hexchar(*x >> 4);
1250 *(z++) = hexchar(*x & 15);
1257 void *unhexmem(const char *p, size_t l) {
1263 z = r = malloc((l + 1) / 2 + 1);
1267 for (x = p; x < p + l; x += 2) {
1270 a = unhexchar(x[0]);
1272 b = unhexchar(x[1]);
1276 *(z++) = (uint8_t) a << 4 | (uint8_t) b;
1283 char octchar(int x) {
1284 return '0' + (x & 7);
1287 int unoctchar(char c) {
1289 if (c >= '0' && c <= '7')
1295 char decchar(int x) {
1296 return '0' + (x % 10);
1299 int undecchar(char c) {
1301 if (c >= '0' && c <= '9')
1307 char *cescape(const char *s) {
1313 /* Does C style string escaping. */
1315 r = new(char, strlen(s)*4 + 1);
1319 for (f = s, t = r; *f; f++)
1320 t += cescape_char(*f, t);
1327 char *cunescape_length_with_prefix(const char *s, size_t length, const char *prefix) {
1334 /* Undoes C style string escaping, and optionally prefixes it. */
1336 pl = prefix ? strlen(prefix) : 0;
1338 r = new(char, pl+length+1);
1343 memcpy(r, prefix, pl);
1345 for (f = s, t = r + pl; f < s + length; f++) {
1388 /* This is an extension of the XDG syntax files */
1393 /* hexadecimal encoding */
1396 a = unhexchar(f[1]);
1397 b = unhexchar(f[2]);
1399 if (a < 0 || b < 0 || (a == 0 && b == 0)) {
1400 /* Invalid escape code, let's take it literal then */
1404 *(t++) = (char) ((a << 4) | b);
1419 /* octal encoding */
1422 a = unoctchar(f[0]);
1423 b = unoctchar(f[1]);
1424 c = unoctchar(f[2]);
1426 if (a < 0 || b < 0 || c < 0 || (a == 0 && b == 0 && c == 0)) {
1427 /* Invalid escape code, let's take it literal then */
1431 *(t++) = (char) ((a << 6) | (b << 3) | c);
1439 /* premature end of string.*/
1444 /* Invalid escape code, let's take it literal then */
1456 char *cunescape_length(const char *s, size_t length) {
1457 return cunescape_length_with_prefix(s, length, NULL);
1460 char *cunescape(const char *s) {
1463 return cunescape_length(s, strlen(s));
1466 char *xescape(const char *s, const char *bad) {
1470 /* Escapes all chars in bad, in addition to \ and all special
1471 * chars, in \xFF style escaping. May be reversed with
1474 r = new(char, strlen(s) * 4 + 1);
1478 for (f = s, t = r; *f; f++) {
1480 if ((*f < ' ') || (*f >= 127) ||
1481 (*f == '\\') || strchr(bad, *f)) {
1484 *(t++) = hexchar(*f >> 4);
1485 *(t++) = hexchar(*f);
1495 char *ascii_strlower(char *t) {
1500 for (p = t; *p; p++)
1501 if (*p >= 'A' && *p <= 'Z')
1502 *p = *p - 'A' + 'a';
1507 _pure_ static bool ignore_file_allow_backup(const char *filename) {
1511 filename[0] == '.' ||
1512 streq(filename, "lost+found") ||
1513 streq(filename, "aquota.user") ||
1514 streq(filename, "aquota.group") ||
1515 endswith(filename, ".rpmnew") ||
1516 endswith(filename, ".rpmsave") ||
1517 endswith(filename, ".rpmorig") ||
1518 endswith(filename, ".dpkg-old") ||
1519 endswith(filename, ".dpkg-new") ||
1520 endswith(filename, ".dpkg-tmp") ||
1521 endswith(filename, ".swp");
1524 bool ignore_file(const char *filename) {
1527 if (endswith(filename, "~"))
1530 return ignore_file_allow_backup(filename);
1533 int fd_nonblock(int fd, bool nonblock) {
1538 flags = fcntl(fd, F_GETFL, 0);
1543 nflags = flags | O_NONBLOCK;
1545 nflags = flags & ~O_NONBLOCK;
1547 if (nflags == flags)
1550 if (fcntl(fd, F_SETFL, nflags) < 0)
1556 int fd_cloexec(int fd, bool cloexec) {
1561 flags = fcntl(fd, F_GETFD, 0);
1566 nflags = flags | FD_CLOEXEC;
1568 nflags = flags & ~FD_CLOEXEC;
1570 if (nflags == flags)
1573 if (fcntl(fd, F_SETFD, nflags) < 0)
1579 _pure_ static bool fd_in_set(int fd, const int fdset[], unsigned n_fdset) {
1582 assert(n_fdset == 0 || fdset);
1584 for (i = 0; i < n_fdset; i++)
1591 int close_all_fds(const int except[], unsigned n_except) {
1592 _cleanup_closedir_ DIR *d = NULL;
1596 assert(n_except == 0 || except);
1598 d = opendir("/proc/self/fd");
1603 /* When /proc isn't available (for example in chroots)
1604 * the fallback is brute forcing through the fd
1607 assert_se(getrlimit(RLIMIT_NOFILE, &rl) >= 0);
1608 for (fd = 3; fd < (int) rl.rlim_max; fd ++) {
1610 if (fd_in_set(fd, except, n_except))
1613 if (close_nointr(fd) < 0)
1614 if (errno != EBADF && r == 0)
1621 while ((de = readdir(d))) {
1624 if (ignore_file(de->d_name))
1627 if (safe_atoi(de->d_name, &fd) < 0)
1628 /* Let's better ignore this, just in case */
1637 if (fd_in_set(fd, except, n_except))
1640 if (close_nointr(fd) < 0) {
1641 /* Valgrind has its own FD and doesn't want to have it closed */
1642 if (errno != EBADF && r == 0)
1650 bool chars_intersect(const char *a, const char *b) {
1653 /* Returns true if any of the chars in a are in b. */
1654 for (p = a; *p; p++)
1661 bool fstype_is_network(const char *fstype) {
1662 static const char table[] =
1676 x = startswith(fstype, "fuse.");
1680 return nulstr_contains(table, fstype);
1684 _cleanup_close_ int fd;
1686 fd = open_terminal("/dev/tty0", O_RDWR|O_NOCTTY|O_CLOEXEC);
1692 TIOCL_GETKMSGREDIRECT,
1696 if (ioctl(fd, TIOCLINUX, tiocl) < 0)
1699 vt = tiocl[0] <= 0 ? 1 : tiocl[0];
1702 if (ioctl(fd, VT_ACTIVATE, vt) < 0)
1708 int read_one_char(FILE *f, char *ret, usec_t t, bool *need_nl) {
1709 struct termios old_termios, new_termios;
1710 char c, line[LINE_MAX];
1715 if (tcgetattr(fileno(f), &old_termios) >= 0) {
1716 new_termios = old_termios;
1718 new_termios.c_lflag &= ~ICANON;
1719 new_termios.c_cc[VMIN] = 1;
1720 new_termios.c_cc[VTIME] = 0;
1722 if (tcsetattr(fileno(f), TCSADRAIN, &new_termios) >= 0) {
1725 if (t != USEC_INFINITY) {
1726 if (fd_wait_for_event(fileno(f), POLLIN, t) <= 0) {
1727 tcsetattr(fileno(f), TCSADRAIN, &old_termios);
1732 k = fread(&c, 1, 1, f);
1734 tcsetattr(fileno(f), TCSADRAIN, &old_termios);
1740 *need_nl = c != '\n';
1747 if (t != USEC_INFINITY) {
1748 if (fd_wait_for_event(fileno(f), POLLIN, t) <= 0)
1753 if (!fgets(line, sizeof(line), f))
1754 return errno ? -errno : -EIO;
1758 if (strlen(line) != 1)
1768 int ask_char(char *ret, const char *replies, const char *text, ...) {
1778 bool need_nl = true;
1781 fputs(ANSI_HIGHLIGHT_ON, stdout);
1788 fputs(ANSI_HIGHLIGHT_OFF, stdout);
1792 r = read_one_char(stdin, &c, USEC_INFINITY, &need_nl);
1795 if (r == -EBADMSG) {
1796 puts("Bad input, please try again.");
1807 if (strchr(replies, c)) {
1812 puts("Read unexpected character, please try again.");
1816 int ask_string(char **ret, const char *text, ...) {
1821 char line[LINE_MAX];
1825 fputs(ANSI_HIGHLIGHT_ON, stdout);
1832 fputs(ANSI_HIGHLIGHT_OFF, stdout);
1837 if (!fgets(line, sizeof(line), stdin))
1838 return errno ? -errno : -EIO;
1840 if (!endswith(line, "\n"))
1859 int reset_terminal_fd(int fd, bool switch_to_text) {
1860 struct termios termios;
1863 /* Set terminal to some sane defaults */
1867 /* We leave locked terminal attributes untouched, so that
1868 * Plymouth may set whatever it wants to set, and we don't
1869 * interfere with that. */
1871 /* Disable exclusive mode, just in case */
1872 ioctl(fd, TIOCNXCL);
1874 /* Switch to text mode */
1876 ioctl(fd, KDSETMODE, KD_TEXT);
1878 /* Enable console unicode mode */
1879 ioctl(fd, KDSKBMODE, K_UNICODE);
1881 if (tcgetattr(fd, &termios) < 0) {
1886 /* We only reset the stuff that matters to the software. How
1887 * hardware is set up we don't touch assuming that somebody
1888 * else will do that for us */
1890 termios.c_iflag &= ~(IGNBRK | BRKINT | ISTRIP | INLCR | IGNCR | IUCLC);
1891 termios.c_iflag |= ICRNL | IMAXBEL | IUTF8;
1892 termios.c_oflag |= ONLCR;
1893 termios.c_cflag |= CREAD;
1894 termios.c_lflag = ISIG | ICANON | IEXTEN | ECHO | ECHOE | ECHOK | ECHOCTL | ECHOPRT | ECHOKE;
1896 termios.c_cc[VINTR] = 03; /* ^C */
1897 termios.c_cc[VQUIT] = 034; /* ^\ */
1898 termios.c_cc[VERASE] = 0177;
1899 termios.c_cc[VKILL] = 025; /* ^X */
1900 termios.c_cc[VEOF] = 04; /* ^D */
1901 termios.c_cc[VSTART] = 021; /* ^Q */
1902 termios.c_cc[VSTOP] = 023; /* ^S */
1903 termios.c_cc[VSUSP] = 032; /* ^Z */
1904 termios.c_cc[VLNEXT] = 026; /* ^V */
1905 termios.c_cc[VWERASE] = 027; /* ^W */
1906 termios.c_cc[VREPRINT] = 022; /* ^R */
1907 termios.c_cc[VEOL] = 0;
1908 termios.c_cc[VEOL2] = 0;
1910 termios.c_cc[VTIME] = 0;
1911 termios.c_cc[VMIN] = 1;
1913 if (tcsetattr(fd, TCSANOW, &termios) < 0)
1917 /* Just in case, flush all crap out */
1918 tcflush(fd, TCIOFLUSH);
1923 int reset_terminal(const char *name) {
1924 _cleanup_close_ int fd = -1;
1926 fd = open_terminal(name, O_RDWR|O_NOCTTY|O_CLOEXEC);
1930 return reset_terminal_fd(fd, true);
1933 int open_terminal(const char *name, int mode) {
1938 * If a TTY is in the process of being closed opening it might
1939 * cause EIO. This is horribly awful, but unlikely to be
1940 * changed in the kernel. Hence we work around this problem by
1941 * retrying a couple of times.
1943 * https://bugs.launchpad.net/ubuntu/+source/linux/+bug/554172/comments/245
1946 assert(!(mode & O_CREAT));
1949 fd = open(name, mode, 0);
1956 /* Max 1s in total */
1960 usleep(50 * USEC_PER_MSEC);
1978 int flush_fd(int fd) {
1979 struct pollfd pollfd = {
1989 r = poll(&pollfd, 1, 0);
1999 l = read(fd, buf, sizeof(buf));
2005 if (errno == EAGAIN)
2014 int acquire_terminal(
2018 bool ignore_tiocstty_eperm,
2021 int fd = -1, notify = -1, r = 0, wd = -1;
2026 /* We use inotify to be notified when the tty is closed. We
2027 * create the watch before checking if we can actually acquire
2028 * it, so that we don't lose any event.
2030 * Note: strictly speaking this actually watches for the
2031 * device being closed, it does *not* really watch whether a
2032 * tty loses its controlling process. However, unless some
2033 * rogue process uses TIOCNOTTY on /dev/tty *after* closing
2034 * its tty otherwise this will not become a problem. As long
2035 * as the administrator makes sure not configure any service
2036 * on the same tty as an untrusted user this should not be a
2037 * problem. (Which he probably should not do anyway.) */
2039 if (timeout != USEC_INFINITY)
2040 ts = now(CLOCK_MONOTONIC);
2042 if (!fail && !force) {
2043 notify = inotify_init1(IN_CLOEXEC | (timeout != USEC_INFINITY ? IN_NONBLOCK : 0));
2049 wd = inotify_add_watch(notify, name, IN_CLOSE);
2057 struct sigaction sa_old, sa_new = {
2058 .sa_handler = SIG_IGN,
2059 .sa_flags = SA_RESTART,
2063 r = flush_fd(notify);
2068 /* We pass here O_NOCTTY only so that we can check the return
2069 * value TIOCSCTTY and have a reliable way to figure out if we
2070 * successfully became the controlling process of the tty */
2071 fd = open_terminal(name, O_RDWR|O_NOCTTY|O_CLOEXEC);
2075 /* Temporarily ignore SIGHUP, so that we don't get SIGHUP'ed
2076 * if we already own the tty. */
2077 assert_se(sigaction(SIGHUP, &sa_new, &sa_old) == 0);
2079 /* First, try to get the tty */
2080 if (ioctl(fd, TIOCSCTTY, force) < 0)
2083 assert_se(sigaction(SIGHUP, &sa_old, NULL) == 0);
2085 /* Sometimes it makes sense to ignore TIOCSCTTY
2086 * returning EPERM, i.e. when very likely we already
2087 * are have this controlling terminal. */
2088 if (r < 0 && r == -EPERM && ignore_tiocstty_eperm)
2091 if (r < 0 && (force || fail || r != -EPERM)) {
2100 assert(notify >= 0);
2103 uint8_t buffer[INOTIFY_EVENT_MAX] _alignas_(struct inotify_event);
2104 struct inotify_event *e;
2107 if (timeout != USEC_INFINITY) {
2110 n = now(CLOCK_MONOTONIC);
2111 if (ts + timeout < n) {
2116 r = fd_wait_for_event(fd, POLLIN, ts + timeout - n);
2126 l = read(notify, buffer, sizeof(buffer));
2128 if (errno == EINTR || errno == EAGAIN)
2135 FOREACH_INOTIFY_EVENT(e, buffer, l) {
2136 if (e->wd != wd || !(e->mask & IN_CLOSE)) {
2145 /* We close the tty fd here since if the old session
2146 * ended our handle will be dead. It's important that
2147 * we do this after sleeping, so that we don't enter
2148 * an endless loop. */
2149 fd = safe_close(fd);
2154 r = reset_terminal_fd(fd, true);
2156 log_warning_errno(r, "Failed to reset terminal: %m");
2167 int release_terminal(void) {
2168 static const struct sigaction sa_new = {
2169 .sa_handler = SIG_IGN,
2170 .sa_flags = SA_RESTART,
2173 _cleanup_close_ int fd = -1;
2174 struct sigaction sa_old;
2177 fd = open("/dev/tty", O_RDWR|O_NOCTTY|O_NDELAY|O_CLOEXEC);
2181 /* Temporarily ignore SIGHUP, so that we don't get SIGHUP'ed
2182 * by our own TIOCNOTTY */
2183 assert_se(sigaction(SIGHUP, &sa_new, &sa_old) == 0);
2185 if (ioctl(fd, TIOCNOTTY) < 0)
2188 assert_se(sigaction(SIGHUP, &sa_old, NULL) == 0);
2193 int sigaction_many(const struct sigaction *sa, ...) {
2198 while ((sig = va_arg(ap, int)) > 0)
2199 if (sigaction(sig, sa, NULL) < 0)
2206 int ignore_signals(int sig, ...) {
2207 struct sigaction sa = {
2208 .sa_handler = SIG_IGN,
2209 .sa_flags = SA_RESTART,
2214 if (sigaction(sig, &sa, NULL) < 0)
2218 while ((sig = va_arg(ap, int)) > 0)
2219 if (sigaction(sig, &sa, NULL) < 0)
2226 int default_signals(int sig, ...) {
2227 struct sigaction sa = {
2228 .sa_handler = SIG_DFL,
2229 .sa_flags = SA_RESTART,
2234 if (sigaction(sig, &sa, NULL) < 0)
2238 while ((sig = va_arg(ap, int)) > 0)
2239 if (sigaction(sig, &sa, NULL) < 0)
2246 void safe_close_pair(int p[]) {
2250 /* Special case pairs which use the same fd in both
2252 p[0] = p[1] = safe_close(p[0]);
2256 p[0] = safe_close(p[0]);
2257 p[1] = safe_close(p[1]);
2260 ssize_t loop_read(int fd, void *buf, size_t nbytes, bool do_poll) {
2267 while (nbytes > 0) {
2270 k = read(fd, p, nbytes);
2271 if (k < 0 && errno == EINTR)
2274 if (k < 0 && errno == EAGAIN && do_poll) {
2276 /* We knowingly ignore any return value here,
2277 * and expect that any error/EOF is reported
2280 fd_wait_for_event(fd, POLLIN, USEC_INFINITY);
2285 return n > 0 ? n : (k < 0 ? -errno : 0);
2295 ssize_t loop_write(int fd, const void *buf, size_t nbytes, bool do_poll) {
2296 const uint8_t *p = buf;
2302 while (nbytes > 0) {
2305 k = write(fd, p, nbytes);
2306 if (k < 0 && errno == EINTR)
2309 if (k < 0 && errno == EAGAIN && do_poll) {
2311 /* We knowingly ignore any return value here,
2312 * and expect that any error/EOF is reported
2315 fd_wait_for_event(fd, POLLOUT, USEC_INFINITY);
2320 return n > 0 ? n : (k < 0 ? -errno : 0);
2330 int parse_size(const char *t, off_t base, off_t *size) {
2332 /* Soo, sometimes we want to parse IEC binary suffxies, and
2333 * sometimes SI decimal suffixes. This function can parse
2334 * both. Which one is the right way depends on the
2335 * context. Wikipedia suggests that SI is customary for
2336 * hardrware metrics and network speeds, while IEC is
2337 * customary for most data sizes used by software and volatile
2338 * (RAM) memory. Hence be careful which one you pick!
2340 * In either case we use just K, M, G as suffix, and not Ki,
2341 * Mi, Gi or so (as IEC would suggest). That's because that's
2342 * frickin' ugly. But this means you really need to make sure
2343 * to document which base you are parsing when you use this
2348 unsigned long long factor;
2351 static const struct table iec[] = {
2352 { "E", 1024ULL*1024ULL*1024ULL*1024ULL*1024ULL*1024ULL },
2353 { "P", 1024ULL*1024ULL*1024ULL*1024ULL*1024ULL },
2354 { "T", 1024ULL*1024ULL*1024ULL*1024ULL },
2355 { "G", 1024ULL*1024ULL*1024ULL },
2356 { "M", 1024ULL*1024ULL },
2362 static const struct table si[] = {
2363 { "E", 1000ULL*1000ULL*1000ULL*1000ULL*1000ULL*1000ULL },
2364 { "P", 1000ULL*1000ULL*1000ULL*1000ULL*1000ULL },
2365 { "T", 1000ULL*1000ULL*1000ULL*1000ULL },
2366 { "G", 1000ULL*1000ULL*1000ULL },
2367 { "M", 1000ULL*1000ULL },
2373 const struct table *table;
2375 unsigned long long r = 0;
2376 unsigned n_entries, start_pos = 0;
2379 assert(base == 1000 || base == 1024);
2384 n_entries = ELEMENTSOF(si);
2387 n_entries = ELEMENTSOF(iec);
2393 unsigned long long l2;
2399 l = strtoll(p, &e, 10);
2412 if (*e >= '0' && *e <= '9') {
2415 /* strotoull itself would accept space/+/- */
2416 l2 = strtoull(e, &e2, 10);
2418 if (errno == ERANGE)
2421 /* Ignore failure. E.g. 10.M is valid */
2428 e += strspn(e, WHITESPACE);
2430 for (i = start_pos; i < n_entries; i++)
2431 if (startswith(e, table[i].suffix)) {
2432 unsigned long long tmp;
2433 if ((unsigned long long) l + (frac > 0) > ULLONG_MAX / table[i].factor)
2435 tmp = l * table[i].factor + (unsigned long long) (frac * table[i].factor);
2436 if (tmp > ULLONG_MAX - r)
2440 if ((unsigned long long) (off_t) r != r)
2443 p = e + strlen(table[i].suffix);
2459 int make_stdio(int fd) {
2464 r = dup3(fd, STDIN_FILENO, 0);
2465 s = dup3(fd, STDOUT_FILENO, 0);
2466 t = dup3(fd, STDERR_FILENO, 0);
2471 if (r < 0 || s < 0 || t < 0)
2474 /* We rely here that the new fd has O_CLOEXEC not set */
2479 int make_null_stdio(void) {
2482 null_fd = open("/dev/null", O_RDWR|O_NOCTTY);
2486 return make_stdio(null_fd);
2489 bool is_device_path(const char *path) {
2491 /* Returns true on paths that refer to a device, either in
2492 * sysfs or in /dev */
2495 path_startswith(path, "/dev/") ||
2496 path_startswith(path, "/sys/");
2499 int dir_is_empty(const char *path) {
2500 _cleanup_closedir_ DIR *d;
2511 if (!de && errno != 0)
2517 if (!ignore_file(de->d_name))
2522 char* dirname_malloc(const char *path) {
2523 char *d, *dir, *dir2;
2540 int dev_urandom(void *p, size_t n) {
2541 static int have_syscall = -1;
2545 /* Gathers some randomness from the kernel. This call will
2546 * never block, and will always return some data from the
2547 * kernel, regardless if the random pool is fully initialized
2548 * or not. It thus makes no guarantee for the quality of the
2549 * returned entropy, but is good enough for or usual usecases
2550 * of seeding the hash functions for hashtable */
2552 /* Use the getrandom() syscall unless we know we don't have
2553 * it, or when the requested size is too large for it. */
2554 if (have_syscall != 0 || (size_t) (int) n != n) {
2555 r = getrandom(p, n, GRND_NONBLOCK);
2557 have_syscall = true;
2562 if (errno == ENOSYS)
2563 /* we lack the syscall, continue with
2564 * reading from /dev/urandom */
2565 have_syscall = false;
2566 else if (errno == EAGAIN)
2567 /* not enough entropy for now. Let's
2568 * remember to use the syscall the
2569 * next time, again, but also read
2570 * from /dev/urandom for now, which
2571 * doesn't care about the current
2572 * amount of entropy. */
2573 have_syscall = true;
2577 /* too short read? */
2581 fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC|O_NOCTTY);
2583 return errno == ENOENT ? -ENOSYS : -errno;
2585 k = loop_read(fd, p, n, true);
2590 if ((size_t) k != n)
2596 void initialize_srand(void) {
2597 static bool srand_called = false;
2599 #ifdef HAVE_SYS_AUXV_H
2608 #ifdef HAVE_SYS_AUXV_H
2609 /* The kernel provides us with a bit of entropy in auxv, so
2610 * let's try to make use of that to seed the pseudo-random
2611 * generator. It's better than nothing... */
2613 auxv = (void*) getauxval(AT_RANDOM);
2615 x ^= *(unsigned*) auxv;
2618 x ^= (unsigned) now(CLOCK_REALTIME);
2619 x ^= (unsigned) gettid();
2622 srand_called = true;
2625 void random_bytes(void *p, size_t n) {
2629 r = dev_urandom(p, n);
2633 /* If some idiot made /dev/urandom unavailable to us, he'll
2634 * get a PRNG instead. */
2638 for (q = p; q < (uint8_t*) p + n; q ++)
2642 void rename_process(const char name[8]) {
2645 /* This is a like a poor man's setproctitle(). It changes the
2646 * comm field, argv[0], and also the glibc's internally used
2647 * name of the process. For the first one a limit of 16 chars
2648 * applies, to the second one usually one of 10 (i.e. length
2649 * of "/sbin/init"), to the third one one of 7 (i.e. length of
2650 * "systemd"). If you pass a longer string it will be
2653 prctl(PR_SET_NAME, name);
2655 if (program_invocation_name)
2656 strncpy(program_invocation_name, name, strlen(program_invocation_name));
2658 if (saved_argc > 0) {
2662 strncpy(saved_argv[0], name, strlen(saved_argv[0]));
2664 for (i = 1; i < saved_argc; i++) {
2668 memzero(saved_argv[i], strlen(saved_argv[i]));
2673 void sigset_add_many(sigset_t *ss, ...) {
2680 while ((sig = va_arg(ap, int)) > 0)
2681 assert_se(sigaddset(ss, sig) == 0);
2685 int sigprocmask_many(int how, ...) {
2690 assert_se(sigemptyset(&ss) == 0);
2693 while ((sig = va_arg(ap, int)) > 0)
2694 assert_se(sigaddset(&ss, sig) == 0);
2697 if (sigprocmask(how, &ss, NULL) < 0)
2703 char* gethostname_malloc(void) {
2706 assert_se(uname(&u) >= 0);
2708 if (!isempty(u.nodename) && !streq(u.nodename, "(none)"))
2709 return strdup(u.nodename);
2711 return strdup(u.sysname);
2714 bool hostname_is_set(void) {
2717 assert_se(uname(&u) >= 0);
2719 return !isempty(u.nodename) && !streq(u.nodename, "(none)");
2722 char *lookup_uid(uid_t uid) {
2725 _cleanup_free_ char *buf = NULL;
2726 struct passwd pwbuf, *pw = NULL;
2728 /* Shortcut things to avoid NSS lookups */
2730 return strdup("root");
2732 bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
2736 buf = malloc(bufsize);
2740 if (getpwuid_r(uid, &pwbuf, buf, bufsize, &pw) == 0 && pw)
2741 return strdup(pw->pw_name);
2743 if (asprintf(&name, UID_FMT, uid) < 0)
2749 char* getlogname_malloc(void) {
2753 if (isatty(STDIN_FILENO) && fstat(STDIN_FILENO, &st) >= 0)
2758 return lookup_uid(uid);
2761 char *getusername_malloc(void) {
2768 return lookup_uid(getuid());
2771 int getttyname_malloc(int fd, char **r) {
2772 char path[PATH_MAX], *c;
2777 k = ttyname_r(fd, path, sizeof(path));
2783 c = strdup(startswith(path, "/dev/") ? path + 5 : path);
2791 int getttyname_harder(int fd, char **r) {
2795 k = getttyname_malloc(fd, &s);
2799 if (streq(s, "tty")) {
2801 return get_ctty(0, NULL, r);
2808 int get_ctty_devnr(pid_t pid, dev_t *d) {
2810 _cleanup_free_ char *line = NULL;
2812 unsigned long ttynr;
2816 p = procfs_file_alloca(pid, "stat");
2817 r = read_one_line_file(p, &line);
2821 p = strrchr(line, ')');
2831 "%*d " /* session */
2836 if (major(ttynr) == 0 && minor(ttynr) == 0)
2845 int get_ctty(pid_t pid, dev_t *_devnr, char **r) {
2846 char fn[sizeof("/dev/char/")-1 + 2*DECIMAL_STR_MAX(unsigned) + 1 + 1], *b = NULL;
2847 _cleanup_free_ char *s = NULL;
2854 k = get_ctty_devnr(pid, &devnr);
2858 sprintf(fn, "/dev/char/%u:%u", major(devnr), minor(devnr));
2860 k = readlink_malloc(fn, &s);
2866 /* This is an ugly hack */
2867 if (major(devnr) == 136) {
2868 asprintf(&b, "pts/%u", minor(devnr));
2872 /* Probably something like the ptys which have no
2873 * symlink in /dev/char. Let's return something
2874 * vaguely useful. */
2880 if (startswith(s, "/dev/"))
2882 else if (startswith(s, "../"))
2900 int rm_rf_children_dangerous(int fd, bool only_dirs, bool honour_sticky, struct stat *root_dev) {
2901 _cleanup_closedir_ DIR *d = NULL;
2906 /* This returns the first error we run into, but nevertheless
2907 * tries to go on. This closes the passed fd. */
2913 return errno == ENOENT ? 0 : -errno;
2918 bool is_dir, keep_around;
2925 if (errno != 0 && ret == 0)
2930 if (streq(de->d_name, ".") || streq(de->d_name, ".."))
2933 if (de->d_type == DT_UNKNOWN ||
2935 (de->d_type == DT_DIR && root_dev)) {
2936 if (fstatat(fd, de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
2937 if (ret == 0 && errno != ENOENT)
2942 is_dir = S_ISDIR(st.st_mode);
2945 (st.st_uid == 0 || st.st_uid == getuid()) &&
2946 (st.st_mode & S_ISVTX);
2948 is_dir = de->d_type == DT_DIR;
2949 keep_around = false;
2955 /* if root_dev is set, remove subdirectories only, if device is same as dir */
2956 if (root_dev && st.st_dev != root_dev->st_dev)
2959 subdir_fd = openat(fd, de->d_name,
2960 O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
2961 if (subdir_fd < 0) {
2962 if (ret == 0 && errno != ENOENT)
2967 r = rm_rf_children_dangerous(subdir_fd, only_dirs, honour_sticky, root_dev);
2968 if (r < 0 && ret == 0)
2972 if (unlinkat(fd, de->d_name, AT_REMOVEDIR) < 0) {
2973 if (ret == 0 && errno != ENOENT)
2977 } else if (!only_dirs && !keep_around) {
2979 if (unlinkat(fd, de->d_name, 0) < 0) {
2980 if (ret == 0 && errno != ENOENT)
2987 _pure_ static int is_temporary_fs(struct statfs *s) {
2990 return F_TYPE_EQUAL(s->f_type, TMPFS_MAGIC) ||
2991 F_TYPE_EQUAL(s->f_type, RAMFS_MAGIC);
2994 int is_fd_on_temporary_fs(int fd) {
2997 if (fstatfs(fd, &s) < 0)
3000 return is_temporary_fs(&s);
3003 int rm_rf_children(int fd, bool only_dirs, bool honour_sticky, struct stat *root_dev) {
3008 if (fstatfs(fd, &s) < 0) {
3013 /* We refuse to clean disk file systems with this call. This
3014 * is extra paranoia just to be sure we never ever remove
3016 if (!is_temporary_fs(&s)) {
3017 log_error("Attempted to remove disk file system, and we can't allow that.");
3022 return rm_rf_children_dangerous(fd, only_dirs, honour_sticky, root_dev);
3025 static int file_is_priv_sticky(const char *p) {
3030 if (lstat(p, &st) < 0)
3034 (st.st_uid == 0 || st.st_uid == getuid()) &&
3035 (st.st_mode & S_ISVTX);
3038 static int rm_rf_internal(const char *path, bool only_dirs, bool delete_root, bool honour_sticky, bool dangerous) {
3044 /* We refuse to clean the root file system with this
3045 * call. This is extra paranoia to never cause a really
3046 * seriously broken system. */
3047 if (path_equal(path, "/")) {
3048 log_error("Attempted to remove entire root file system, and we can't allow that.");
3052 fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
3055 if (errno != ENOTDIR)
3059 if (statfs(path, &s) < 0)
3062 if (!is_temporary_fs(&s)) {
3063 log_error("Attempted to remove disk file system, and we can't allow that.");
3068 if (delete_root && !only_dirs)
3069 if (unlink(path) < 0 && errno != ENOENT)
3076 if (fstatfs(fd, &s) < 0) {
3081 if (!is_temporary_fs(&s)) {
3082 log_error("Attempted to remove disk file system, and we can't allow that.");
3088 r = rm_rf_children_dangerous(fd, only_dirs, honour_sticky, NULL);
3091 if (honour_sticky && file_is_priv_sticky(path) > 0)
3094 if (rmdir(path) < 0 && errno != ENOENT) {
3103 int rm_rf(const char *path, bool only_dirs, bool delete_root, bool honour_sticky) {
3104 return rm_rf_internal(path, only_dirs, delete_root, honour_sticky, false);
3107 int rm_rf_dangerous(const char *path, bool only_dirs, bool delete_root, bool honour_sticky) {
3108 return rm_rf_internal(path, only_dirs, delete_root, honour_sticky, true);
3111 int chmod_and_chown(const char *path, mode_t mode, uid_t uid, gid_t gid) {
3114 /* Under the assumption that we are running privileged we
3115 * first change the access mode and only then hand out
3116 * ownership to avoid a window where access is too open. */
3118 if (mode != MODE_INVALID)
3119 if (chmod(path, mode) < 0)
3122 if (uid != UID_INVALID || gid != GID_INVALID)
3123 if (chown(path, uid, gid) < 0)
3129 int fchmod_and_fchown(int fd, mode_t mode, uid_t uid, gid_t gid) {
3132 /* Under the assumption that we are running privileged we
3133 * first change the access mode and only then hand out
3134 * ownership to avoid a window where access is too open. */
3136 if (mode != MODE_INVALID)
3137 if (fchmod(fd, mode) < 0)
3140 if (uid != UID_INVALID || gid != GID_INVALID)
3141 if (fchown(fd, uid, gid) < 0)
3147 cpu_set_t* cpu_set_malloc(unsigned *ncpus) {
3151 /* Allocates the cpuset in the right size */
3154 if (!(r = CPU_ALLOC(n)))
3157 if (sched_getaffinity(0, CPU_ALLOC_SIZE(n), r) >= 0) {
3158 CPU_ZERO_S(CPU_ALLOC_SIZE(n), r);
3168 if (errno != EINVAL)
3175 int status_vprintf(const char *status, bool ellipse, bool ephemeral, const char *format, va_list ap) {
3176 static const char status_indent[] = " "; /* "[" STATUS "] " */
3177 _cleanup_free_ char *s = NULL;
3178 _cleanup_close_ int fd = -1;
3179 struct iovec iovec[6] = {};
3181 static bool prev_ephemeral;
3185 /* This is independent of logging, as status messages are
3186 * optional and go exclusively to the console. */
3188 if (vasprintf(&s, format, ap) < 0)
3191 fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
3204 sl = status ? sizeof(status_indent)-1 : 0;
3210 e = ellipsize(s, emax, 50);
3218 IOVEC_SET_STRING(iovec[n++], "\r" ANSI_ERASE_TO_END_OF_LINE);
3219 prev_ephemeral = ephemeral;
3222 if (!isempty(status)) {
3223 IOVEC_SET_STRING(iovec[n++], "[");
3224 IOVEC_SET_STRING(iovec[n++], status);
3225 IOVEC_SET_STRING(iovec[n++], "] ");
3227 IOVEC_SET_STRING(iovec[n++], status_indent);
3230 IOVEC_SET_STRING(iovec[n++], s);
3232 IOVEC_SET_STRING(iovec[n++], "\n");
3234 if (writev(fd, iovec, n) < 0)
3240 int status_printf(const char *status, bool ellipse, bool ephemeral, const char *format, ...) {
3246 va_start(ap, format);
3247 r = status_vprintf(status, ellipse, ephemeral, format, ap);
3253 char *replace_env(const char *format, char **env) {
3260 const char *e, *word = format;
3265 for (e = format; *e; e ++) {
3276 k = strnappend(r, word, e-word-1);
3286 } else if (*e == '$') {
3287 k = strnappend(r, word, e-word);
3304 t = strempty(strv_env_get_n(env, word+2, e-word-2));
3306 k = strappend(r, t);
3320 k = strnappend(r, word, e-word);
3332 char **replace_env_argv(char **argv, char **env) {
3334 unsigned k = 0, l = 0;
3336 l = strv_length(argv);
3338 ret = new(char*, l+1);
3342 STRV_FOREACH(i, argv) {
3344 /* If $FOO appears as single word, replace it by the split up variable */
3345 if ((*i)[0] == '$' && (*i)[1] != '{') {
3350 e = strv_env_get(env, *i+1);
3354 r = strv_split_quoted(&m, e, true);
3366 w = realloc(ret, sizeof(char*) * (l+1));
3376 memcpy(ret + k, m, q * sizeof(char*));
3384 /* If ${FOO} appears as part of a word, replace it by the variable as-is */
3385 ret[k] = replace_env(*i, env);
3397 int fd_columns(int fd) {
3398 struct winsize ws = {};
3400 if (ioctl(fd, TIOCGWINSZ, &ws) < 0)
3409 unsigned columns(void) {
3413 if (_likely_(cached_columns > 0))
3414 return cached_columns;
3417 e = getenv("COLUMNS");
3419 (void) safe_atoi(e, &c);
3422 c = fd_columns(STDOUT_FILENO);
3431 int fd_lines(int fd) {
3432 struct winsize ws = {};
3434 if (ioctl(fd, TIOCGWINSZ, &ws) < 0)
3443 unsigned lines(void) {
3447 if (_likely_(cached_lines > 0))
3448 return cached_lines;
3451 e = getenv("LINES");
3453 (void) safe_atou(e, &l);
3456 l = fd_lines(STDOUT_FILENO);
3462 return cached_lines;
3465 /* intended to be used as a SIGWINCH sighandler */
3466 void columns_lines_cache_reset(int signum) {
3472 static int cached_on_tty = -1;
3474 if (_unlikely_(cached_on_tty < 0))
3475 cached_on_tty = isatty(STDOUT_FILENO) > 0;
3477 return cached_on_tty;
3480 int files_same(const char *filea, const char *fileb) {
3483 if (stat(filea, &a) < 0)
3486 if (stat(fileb, &b) < 0)
3489 return a.st_dev == b.st_dev &&
3490 a.st_ino == b.st_ino;
3493 int running_in_chroot(void) {
3496 ret = files_same("/proc/1/root", "/");
3503 static char *ascii_ellipsize_mem(const char *s, size_t old_length, size_t new_length, unsigned percent) {
3508 assert(percent <= 100);
3509 assert(new_length >= 3);
3511 if (old_length <= 3 || old_length <= new_length)
3512 return strndup(s, old_length);
3514 r = new0(char, new_length+1);
3518 x = (new_length * percent) / 100;
3520 if (x > new_length - 3)
3528 s + old_length - (new_length - x - 3),
3529 new_length - x - 3);
3534 char *ellipsize_mem(const char *s, size_t old_length, size_t new_length, unsigned percent) {
3538 unsigned k, len, len2;
3541 assert(percent <= 100);
3542 assert(new_length >= 3);
3544 /* if no multibyte characters use ascii_ellipsize_mem for speed */
3545 if (ascii_is_valid(s))
3546 return ascii_ellipsize_mem(s, old_length, new_length, percent);
3548 if (old_length <= 3 || old_length <= new_length)
3549 return strndup(s, old_length);
3551 x = (new_length * percent) / 100;
3553 if (x > new_length - 3)
3557 for (i = s; k < x && i < s + old_length; i = utf8_next_char(i)) {
3560 c = utf8_encoded_to_unichar(i);
3563 k += unichar_iswide(c) ? 2 : 1;
3566 if (k > x) /* last character was wide and went over quota */
3569 for (j = s + old_length; k < new_length && j > i; ) {
3572 j = utf8_prev_char(j);
3573 c = utf8_encoded_to_unichar(j);
3576 k += unichar_iswide(c) ? 2 : 1;
3580 /* we don't actually need to ellipsize */
3582 return memdup(s, old_length + 1);
3584 /* make space for ellipsis */
3585 j = utf8_next_char(j);
3588 len2 = s + old_length - j;
3589 e = new(char, len + 3 + len2 + 1);
3594 printf("old_length=%zu new_length=%zu x=%zu len=%u len2=%u k=%u\n",
3595 old_length, new_length, x, len, len2, k);
3599 e[len] = 0xe2; /* tri-dot ellipsis: … */
3603 memcpy(e + len + 3, j, len2 + 1);
3608 char *ellipsize(const char *s, size_t length, unsigned percent) {
3609 return ellipsize_mem(s, strlen(s), length, percent);
3612 int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gid, mode_t mode) {
3613 _cleanup_close_ int fd;
3619 mkdir_parents(path, 0755);
3621 fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY, mode > 0 ? mode : 0644);
3626 r = fchmod(fd, mode);
3631 if (uid != UID_INVALID || gid != GID_INVALID) {
3632 r = fchown(fd, uid, gid);
3637 if (stamp != USEC_INFINITY) {
3638 struct timespec ts[2];
3640 timespec_store(&ts[0], stamp);
3642 r = futimens(fd, ts);
3644 r = futimens(fd, NULL);
3651 int touch(const char *path) {
3652 return touch_file(path, false, USEC_INFINITY, UID_INVALID, GID_INVALID, 0);
3655 char *unquote(const char *s, const char* quotes) {
3659 /* This is rather stupid, simply removes the heading and
3660 * trailing quotes if there is one. Doesn't care about
3661 * escaping or anything. We should make this smarter one
3668 if (strchr(quotes, s[0]) && s[l-1] == s[0])
3669 return strndup(s+1, l-2);
3674 char *normalize_env_assignment(const char *s) {
3675 _cleanup_free_ char *value = NULL;
3679 eq = strchr(s, '=');
3689 memmove(r, t, strlen(t) + 1);
3694 name = strndupa(s, eq - s);
3695 p = strdupa(eq + 1);
3697 value = unquote(strstrip(p), QUOTES);
3701 return strjoin(strstrip(name), "=", value, NULL);
3704 int wait_for_terminate(pid_t pid, siginfo_t *status) {
3715 if (waitid(P_PID, pid, status, WEXITED) < 0) {
3729 * < 0 : wait_for_terminate() failed to get the state of the
3730 * process, the process was terminated by a signal, or
3731 * failed for an unknown reason.
3732 * >=0 : The process terminated normally, and its exit code is
3735 * That is, success is indicated by a return value of zero, and an
3736 * error is indicated by a non-zero value.
3738 * A warning is emitted if the process terminates abnormally,
3739 * and also if it returns non-zero unless check_exit_code is true.
3741 int wait_for_terminate_and_warn(const char *name, pid_t pid, bool check_exit_code) {
3748 r = wait_for_terminate(pid, &status);
3750 return log_warning_errno(r, "Failed to wait for %s: %m", name);
3752 if (status.si_code == CLD_EXITED) {
3753 if (status.si_status != 0)
3754 log_full(check_exit_code ? LOG_WARNING : LOG_DEBUG,
3755 "%s failed with error code %i.", name, status.si_status);
3757 log_debug("%s succeeded.", name);
3759 return status.si_status;
3760 } else if (status.si_code == CLD_KILLED ||
3761 status.si_code == CLD_DUMPED) {
3763 log_warning("%s terminated by signal %s.", name, signal_to_string(status.si_status));
3767 log_warning("%s failed due to unknown reason.", name);
3771 noreturn void freeze(void) {
3773 /* Make sure nobody waits for us on a socket anymore */
3774 close_all_fds(NULL, 0);
3782 bool null_or_empty(struct stat *st) {
3785 if (S_ISREG(st->st_mode) && st->st_size <= 0)
3788 if (S_ISCHR(st->st_mode) || S_ISBLK(st->st_mode))
3794 int null_or_empty_path(const char *fn) {
3799 if (stat(fn, &st) < 0)
3802 return null_or_empty(&st);
3805 int null_or_empty_fd(int fd) {
3810 if (fstat(fd, &st) < 0)
3813 return null_or_empty(&st);
3816 DIR *xopendirat(int fd, const char *name, int flags) {
3820 assert(!(flags & O_CREAT));
3822 nfd = openat(fd, name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|flags, 0);
3835 int signal_from_string_try_harder(const char *s) {
3839 signo = signal_from_string(s);
3841 if (startswith(s, "SIG"))
3842 return signal_from_string(s+3);
3847 static char *tag_to_udev_node(const char *tagvalue, const char *by) {
3848 _cleanup_free_ char *t = NULL, *u = NULL;
3851 u = unquote(tagvalue, "\"\'");
3855 enc_len = strlen(u) * 4 + 1;
3856 t = new(char, enc_len);
3860 if (encode_devnode_name(u, t, enc_len) < 0)
3863 return strjoin("/dev/disk/by-", by, "/", t, NULL);
3866 char *fstab_node_to_udev_node(const char *p) {
3869 if (startswith(p, "LABEL="))
3870 return tag_to_udev_node(p+6, "label");
3872 if (startswith(p, "UUID="))
3873 return tag_to_udev_node(p+5, "uuid");
3875 if (startswith(p, "PARTUUID="))
3876 return tag_to_udev_node(p+9, "partuuid");
3878 if (startswith(p, "PARTLABEL="))
3879 return tag_to_udev_node(p+10, "partlabel");
3884 bool tty_is_vc(const char *tty) {
3887 return vtnr_from_tty(tty) >= 0;
3890 bool tty_is_console(const char *tty) {
3893 if (startswith(tty, "/dev/"))
3896 return streq(tty, "console");
3899 int vtnr_from_tty(const char *tty) {
3904 if (startswith(tty, "/dev/"))
3907 if (!startswith(tty, "tty") )
3910 if (tty[3] < '0' || tty[3] > '9')
3913 r = safe_atoi(tty+3, &i);
3917 if (i < 0 || i > 63)
3923 char *resolve_dev_console(char **active) {
3926 /* Resolve where /dev/console is pointing to, if /sys is actually ours
3927 * (i.e. not read-only-mounted which is a sign for container setups) */
3929 if (path_is_read_only_fs("/sys") > 0)
3932 if (read_one_line_file("/sys/class/tty/console/active", active) < 0)
3935 /* If multiple log outputs are configured the last one is what
3936 * /dev/console points to */
3937 tty = strrchr(*active, ' ');
3943 if (streq(tty, "tty0")) {
3946 /* Get the active VC (e.g. tty1) */
3947 if (read_one_line_file("/sys/class/tty/tty0/active", &tmp) >= 0) {
3949 tty = *active = tmp;
3956 bool tty_is_vc_resolve(const char *tty) {
3957 _cleanup_free_ char *active = NULL;
3961 if (startswith(tty, "/dev/"))
3964 if (streq(tty, "console")) {
3965 tty = resolve_dev_console(&active);
3970 return tty_is_vc(tty);
3973 const char *default_term_for_tty(const char *tty) {
3976 return tty_is_vc_resolve(tty) ? "TERM=linux" : "TERM=vt102";
3979 bool dirent_is_file(const struct dirent *de) {
3982 if (ignore_file(de->d_name))
3985 if (de->d_type != DT_REG &&
3986 de->d_type != DT_LNK &&
3987 de->d_type != DT_UNKNOWN)
3993 bool dirent_is_file_with_suffix(const struct dirent *de, const char *suffix) {
3996 if (de->d_type != DT_REG &&
3997 de->d_type != DT_LNK &&
3998 de->d_type != DT_UNKNOWN)
4001 if (ignore_file_allow_backup(de->d_name))
4004 return endswith(de->d_name, suffix);
4007 void execute_directory(const char *directory, DIR *d, usec_t timeout, char *argv[]) {
4013 /* Executes all binaries in a directory in parallel and waits
4014 * for them to finish. Optionally a timeout is applied. */
4016 executor_pid = fork();
4017 if (executor_pid < 0) {
4018 log_error_errno(errno, "Failed to fork: %m");
4021 } else if (executor_pid == 0) {
4022 _cleanup_hashmap_free_free_ Hashmap *pids = NULL;
4023 _cleanup_closedir_ DIR *_d = NULL;
4026 /* We fork this all off from a child process so that
4027 * we can somewhat cleanly make use of SIGALRM to set
4030 reset_all_signal_handlers();
4031 reset_signal_mask();
4033 assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);
4036 d = _d = opendir(directory);
4038 if (errno == ENOENT)
4039 _exit(EXIT_SUCCESS);
4041 log_error_errno(errno, "Failed to enumerate directory %s: %m", directory);
4042 _exit(EXIT_FAILURE);
4046 pids = hashmap_new(NULL);
4049 _exit(EXIT_FAILURE);
4052 FOREACH_DIRENT(de, d, break) {
4053 _cleanup_free_ char *path = NULL;
4056 if (!dirent_is_file(de))
4059 path = strjoin(directory, "/", de->d_name, NULL);
4062 _exit(EXIT_FAILURE);
4067 log_error_errno(errno, "Failed to fork: %m");
4069 } else if (pid == 0) {
4072 assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);
4082 log_error_errno(errno, "Failed to execute %s: %m", path);
4083 _exit(EXIT_FAILURE);
4086 log_debug("Spawned %s as " PID_FMT ".", path, pid);
4088 r = hashmap_put(pids, UINT_TO_PTR(pid), path);
4091 _exit(EXIT_FAILURE);
4097 /* Abort execution of this process after the
4098 * timout. We simply rely on SIGALRM as default action
4099 * terminating the process, and turn on alarm(). */
4101 if (timeout != USEC_INFINITY)
4102 alarm((timeout + USEC_PER_SEC - 1) / USEC_PER_SEC);
4104 while (!hashmap_isempty(pids)) {
4105 _cleanup_free_ char *path = NULL;
4108 pid = PTR_TO_UINT(hashmap_first_key(pids));
4111 path = hashmap_remove(pids, UINT_TO_PTR(pid));
4114 wait_for_terminate_and_warn(path, pid, true);
4117 _exit(EXIT_SUCCESS);
4120 wait_for_terminate_and_warn(directory, executor_pid, true);
4123 int kill_and_sigcont(pid_t pid, int sig) {
4126 r = kill(pid, sig) < 0 ? -errno : 0;
4134 bool nulstr_contains(const char*nulstr, const char *needle) {
4140 NULSTR_FOREACH(i, nulstr)
4141 if (streq(i, needle))
4147 bool plymouth_running(void) {
4148 return access("/run/plymouth/pid", F_OK) >= 0;
4151 char* strshorten(char *s, size_t l) {
4160 static bool hostname_valid_char(char c) {
4162 (c >= 'a' && c <= 'z') ||
4163 (c >= 'A' && c <= 'Z') ||
4164 (c >= '0' && c <= '9') ||
4170 bool hostname_is_valid(const char *s) {
4177 for (p = s, dot = true; *p; p++) {
4184 if (!hostname_valid_char(*p))
4194 if (p-s > HOST_NAME_MAX)
4200 char* hostname_cleanup(char *s, bool lowercase) {
4204 for (p = s, d = s, dot = true; *p; p++) {
4211 } else if (hostname_valid_char(*p)) {
4212 *(d++) = lowercase ? tolower(*p) : *p;
4223 strshorten(s, HOST_NAME_MAX);
4228 bool machine_name_is_valid(const char *s) {
4230 if (!hostname_is_valid(s))
4233 /* Machine names should be useful hostnames, but also be
4234 * useful in unit names, hence we enforce a stricter length
4243 int pipe_eof(int fd) {
4244 struct pollfd pollfd = {
4246 .events = POLLIN|POLLHUP,
4251 r = poll(&pollfd, 1, 0);
4258 return pollfd.revents & POLLHUP;
4261 int fd_wait_for_event(int fd, int event, usec_t t) {
4263 struct pollfd pollfd = {
4271 r = ppoll(&pollfd, 1, t == USEC_INFINITY ? NULL : timespec_store(&ts, t), NULL);
4278 return pollfd.revents;
4281 int fopen_temporary(const char *path, FILE **_f, char **_temp_path) {
4290 t = tempfn_xxxxxx(path);
4294 fd = mkostemp_safe(t, O_WRONLY|O_CLOEXEC);
4300 f = fdopen(fd, "we");
4313 int terminal_vhangup_fd(int fd) {
4316 if (ioctl(fd, TIOCVHANGUP) < 0)
4322 int terminal_vhangup(const char *name) {
4323 _cleanup_close_ int fd;
4325 fd = open_terminal(name, O_RDWR|O_NOCTTY|O_CLOEXEC);
4329 return terminal_vhangup_fd(fd);
4332 int vt_disallocate(const char *name) {
4336 /* Deallocate the VT if possible. If not possible
4337 * (i.e. because it is the active one), at least clear it
4338 * entirely (including the scrollback buffer) */
4340 if (!startswith(name, "/dev/"))
4343 if (!tty_is_vc(name)) {
4344 /* So this is not a VT. I guess we cannot deallocate
4345 * it then. But let's at least clear the screen */
4347 fd = open_terminal(name, O_RDWR|O_NOCTTY|O_CLOEXEC);
4352 "\033[r" /* clear scrolling region */
4353 "\033[H" /* move home */
4354 "\033[2J", /* clear screen */
4361 if (!startswith(name, "/dev/tty"))
4364 r = safe_atou(name+8, &u);
4371 /* Try to deallocate */
4372 fd = open_terminal("/dev/tty0", O_RDWR|O_NOCTTY|O_CLOEXEC);
4376 r = ioctl(fd, VT_DISALLOCATE, u);
4385 /* Couldn't deallocate, so let's clear it fully with
4387 fd = open_terminal(name, O_RDWR|O_NOCTTY|O_CLOEXEC);
4392 "\033[r" /* clear scrolling region */
4393 "\033[H" /* move home */
4394 "\033[3J", /* clear screen including scrollback, requires Linux 2.6.40 */
4401 int symlink_atomic(const char *from, const char *to) {
4402 _cleanup_free_ char *t = NULL;
4407 t = tempfn_random(to);
4411 if (symlink(from, t) < 0)
4414 if (rename(t, to) < 0) {
4422 int mknod_atomic(const char *path, mode_t mode, dev_t dev) {
4423 _cleanup_free_ char *t = NULL;
4427 t = tempfn_random(path);
4431 if (mknod(t, mode, dev) < 0)
4434 if (rename(t, path) < 0) {
4442 int mkfifo_atomic(const char *path, mode_t mode) {
4443 _cleanup_free_ char *t = NULL;
4447 t = tempfn_random(path);
4451 if (mkfifo(t, mode) < 0)
4454 if (rename(t, path) < 0) {
4462 bool display_is_local(const char *display) {
4466 display[0] == ':' &&
4467 display[1] >= '0' &&
4471 int socket_from_display(const char *display, char **path) {
4478 if (!display_is_local(display))
4481 k = strspn(display+1, "0123456789");
4483 f = new(char, strlen("/tmp/.X11-unix/X") + k + 1);
4487 c = stpcpy(f, "/tmp/.X11-unix/X");
4488 memcpy(c, display+1, k);
4497 const char **username,
4498 uid_t *uid, gid_t *gid,
4500 const char **shell) {
4508 /* We enforce some special rules for uid=0: in order to avoid
4509 * NSS lookups for root we hardcode its data. */
4511 if (streq(*username, "root") || streq(*username, "0")) {
4529 if (parse_uid(*username, &u) >= 0) {
4533 /* If there are multiple users with the same id, make
4534 * sure to leave $USER to the configured value instead
4535 * of the first occurrence in the database. However if
4536 * the uid was configured by a numeric uid, then let's
4537 * pick the real username from /etc/passwd. */
4539 *username = p->pw_name;
4542 p = getpwnam(*username);
4546 return errno > 0 ? -errno : -ESRCH;
4558 *shell = p->pw_shell;
4563 char* uid_to_name(uid_t uid) {
4568 return strdup("root");
4572 return strdup(p->pw_name);
4574 if (asprintf(&r, UID_FMT, uid) < 0)
4580 char* gid_to_name(gid_t gid) {
4585 return strdup("root");
4589 return strdup(p->gr_name);
4591 if (asprintf(&r, GID_FMT, gid) < 0)
4597 int get_group_creds(const char **groupname, gid_t *gid) {
4603 /* We enforce some special rules for gid=0: in order to avoid
4604 * NSS lookups for root we hardcode its data. */
4606 if (streq(*groupname, "root") || streq(*groupname, "0")) {
4607 *groupname = "root";
4615 if (parse_gid(*groupname, &id) >= 0) {
4620 *groupname = g->gr_name;
4623 g = getgrnam(*groupname);
4627 return errno > 0 ? -errno : -ESRCH;
4635 int in_gid(gid_t gid) {
4637 int ngroups_max, r, i;
4639 if (getgid() == gid)
4642 if (getegid() == gid)
4645 ngroups_max = sysconf(_SC_NGROUPS_MAX);
4646 assert(ngroups_max > 0);
4648 gids = alloca(sizeof(gid_t) * ngroups_max);
4650 r = getgroups(ngroups_max, gids);
4654 for (i = 0; i < r; i++)
4661 int in_group(const char *name) {
4665 r = get_group_creds(&name, &gid);
4672 int glob_exists(const char *path) {
4673 _cleanup_globfree_ glob_t g = {};
4679 k = glob(path, GLOB_NOSORT|GLOB_BRACE, NULL, &g);
4681 if (k == GLOB_NOMATCH)
4683 else if (k == GLOB_NOSPACE)
4686 return !strv_isempty(g.gl_pathv);
4688 return errno ? -errno : -EIO;
4691 int glob_extend(char ***strv, const char *path) {
4692 _cleanup_globfree_ glob_t g = {};
4697 k = glob(path, GLOB_NOSORT|GLOB_BRACE, NULL, &g);
4699 if (k == GLOB_NOMATCH)
4701 else if (k == GLOB_NOSPACE)
4703 else if (k != 0 || strv_isempty(g.gl_pathv))
4704 return errno ? -errno : -EIO;
4706 STRV_FOREACH(p, g.gl_pathv) {
4707 k = strv_extend(strv, *p);
4715 int dirent_ensure_type(DIR *d, struct dirent *de) {
4721 if (de->d_type != DT_UNKNOWN)
4724 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0)
4728 S_ISREG(st.st_mode) ? DT_REG :
4729 S_ISDIR(st.st_mode) ? DT_DIR :
4730 S_ISLNK(st.st_mode) ? DT_LNK :
4731 S_ISFIFO(st.st_mode) ? DT_FIFO :
4732 S_ISSOCK(st.st_mode) ? DT_SOCK :
4733 S_ISCHR(st.st_mode) ? DT_CHR :
4734 S_ISBLK(st.st_mode) ? DT_BLK :
4740 int get_files_in_directory(const char *path, char ***list) {
4741 _cleanup_closedir_ DIR *d = NULL;
4742 size_t bufsize = 0, n = 0;
4743 _cleanup_strv_free_ char **l = NULL;
4747 /* Returns all files in a directory in *list, and the number
4748 * of files as return value. If list is NULL returns only the
4760 if (!de && errno != 0)
4765 dirent_ensure_type(d, de);
4767 if (!dirent_is_file(de))
4771 /* one extra slot is needed for the terminating NULL */
4772 if (!GREEDY_REALLOC(l, bufsize, n + 2))
4775 l[n] = strdup(de->d_name);
4786 l = NULL; /* avoid freeing */
4792 char *strjoin(const char *x, ...) {
4806 t = va_arg(ap, const char *);
4811 if (n > ((size_t) -1) - l) {
4835 t = va_arg(ap, const char *);
4849 bool is_main_thread(void) {
4850 static thread_local int cached = 0;
4852 if (_unlikely_(cached == 0))
4853 cached = getpid() == gettid() ? 1 : -1;
4858 int block_get_whole_disk(dev_t d, dev_t *ret) {
4865 /* If it has a queue this is good enough for us */
4866 if (asprintf(&p, "/sys/dev/block/%u:%u/queue", major(d), minor(d)) < 0)
4869 r = access(p, F_OK);
4877 /* If it is a partition find the originating device */
4878 if (asprintf(&p, "/sys/dev/block/%u:%u/partition", major(d), minor(d)) < 0)
4881 r = access(p, F_OK);
4887 /* Get parent dev_t */
4888 if (asprintf(&p, "/sys/dev/block/%u:%u/../dev", major(d), minor(d)) < 0)
4891 r = read_one_line_file(p, &s);
4897 r = sscanf(s, "%u:%u", &m, &n);
4903 /* Only return this if it is really good enough for us. */
4904 if (asprintf(&p, "/sys/dev/block/%u:%u/queue", m, n) < 0)
4907 r = access(p, F_OK);
4911 *ret = makedev(m, n);
4918 static const char *const ioprio_class_table[] = {
4919 [IOPRIO_CLASS_NONE] = "none",
4920 [IOPRIO_CLASS_RT] = "realtime",
4921 [IOPRIO_CLASS_BE] = "best-effort",
4922 [IOPRIO_CLASS_IDLE] = "idle"
4925 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(ioprio_class, int, INT_MAX);
4927 static const char *const sigchld_code_table[] = {
4928 [CLD_EXITED] = "exited",
4929 [CLD_KILLED] = "killed",
4930 [CLD_DUMPED] = "dumped",
4931 [CLD_TRAPPED] = "trapped",
4932 [CLD_STOPPED] = "stopped",
4933 [CLD_CONTINUED] = "continued",
4936 DEFINE_STRING_TABLE_LOOKUP(sigchld_code, int);
4938 static const char *const log_facility_unshifted_table[LOG_NFACILITIES] = {
4939 [LOG_FAC(LOG_KERN)] = "kern",
4940 [LOG_FAC(LOG_USER)] = "user",
4941 [LOG_FAC(LOG_MAIL)] = "mail",
4942 [LOG_FAC(LOG_DAEMON)] = "daemon",
4943 [LOG_FAC(LOG_AUTH)] = "auth",
4944 [LOG_FAC(LOG_SYSLOG)] = "syslog",
4945 [LOG_FAC(LOG_LPR)] = "lpr",
4946 [LOG_FAC(LOG_NEWS)] = "news",
4947 [LOG_FAC(LOG_UUCP)] = "uucp",
4948 [LOG_FAC(LOG_CRON)] = "cron",
4949 [LOG_FAC(LOG_AUTHPRIV)] = "authpriv",
4950 [LOG_FAC(LOG_FTP)] = "ftp",
4951 [LOG_FAC(LOG_LOCAL0)] = "local0",
4952 [LOG_FAC(LOG_LOCAL1)] = "local1",
4953 [LOG_FAC(LOG_LOCAL2)] = "local2",
4954 [LOG_FAC(LOG_LOCAL3)] = "local3",
4955 [LOG_FAC(LOG_LOCAL4)] = "local4",
4956 [LOG_FAC(LOG_LOCAL5)] = "local5",
4957 [LOG_FAC(LOG_LOCAL6)] = "local6",
4958 [LOG_FAC(LOG_LOCAL7)] = "local7"
4961 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(log_facility_unshifted, int, LOG_FAC(~0));
4963 static const char *const log_level_table[] = {
4964 [LOG_EMERG] = "emerg",
4965 [LOG_ALERT] = "alert",
4966 [LOG_CRIT] = "crit",
4968 [LOG_WARNING] = "warning",
4969 [LOG_NOTICE] = "notice",
4970 [LOG_INFO] = "info",
4971 [LOG_DEBUG] = "debug"
4974 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(log_level, int, LOG_DEBUG);
4976 static const char* const sched_policy_table[] = {
4977 [SCHED_OTHER] = "other",
4978 [SCHED_BATCH] = "batch",
4979 [SCHED_IDLE] = "idle",
4980 [SCHED_FIFO] = "fifo",
4984 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(sched_policy, int, INT_MAX);
4986 static const char* const rlimit_table[_RLIMIT_MAX] = {
4987 [RLIMIT_CPU] = "LimitCPU",
4988 [RLIMIT_FSIZE] = "LimitFSIZE",
4989 [RLIMIT_DATA] = "LimitDATA",
4990 [RLIMIT_STACK] = "LimitSTACK",
4991 [RLIMIT_CORE] = "LimitCORE",
4992 [RLIMIT_RSS] = "LimitRSS",
4993 [RLIMIT_NOFILE] = "LimitNOFILE",
4994 [RLIMIT_AS] = "LimitAS",
4995 [RLIMIT_NPROC] = "LimitNPROC",
4996 [RLIMIT_MEMLOCK] = "LimitMEMLOCK",
4997 [RLIMIT_LOCKS] = "LimitLOCKS",
4998 [RLIMIT_SIGPENDING] = "LimitSIGPENDING",
4999 [RLIMIT_MSGQUEUE] = "LimitMSGQUEUE",
5000 [RLIMIT_NICE] = "LimitNICE",
5001 [RLIMIT_RTPRIO] = "LimitRTPRIO",
5002 [RLIMIT_RTTIME] = "LimitRTTIME"
5005 DEFINE_STRING_TABLE_LOOKUP(rlimit, int);
5007 static const char* const ip_tos_table[] = {
5008 [IPTOS_LOWDELAY] = "low-delay",
5009 [IPTOS_THROUGHPUT] = "throughput",
5010 [IPTOS_RELIABILITY] = "reliability",
5011 [IPTOS_LOWCOST] = "low-cost",
5014 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(ip_tos, int, 0xff);
5016 static const char *const __signal_table[] = {
5033 [SIGSTKFLT] = "STKFLT", /* Linux on SPARC doesn't know SIGSTKFLT */
5044 [SIGVTALRM] = "VTALRM",
5046 [SIGWINCH] = "WINCH",
5052 DEFINE_PRIVATE_STRING_TABLE_LOOKUP(__signal, int);
5054 const char *signal_to_string(int signo) {
5055 static thread_local char buf[sizeof("RTMIN+")-1 + DECIMAL_STR_MAX(int) + 1];
5058 name = __signal_to_string(signo);
5062 if (signo >= SIGRTMIN && signo <= SIGRTMAX)
5063 snprintf(buf, sizeof(buf), "RTMIN+%d", signo - SIGRTMIN);
5065 snprintf(buf, sizeof(buf), "%d", signo);
5070 int signal_from_string(const char *s) {
5075 signo = __signal_from_string(s);
5079 if (startswith(s, "RTMIN+")) {
5083 if (safe_atou(s, &u) >= 0) {
5084 signo = (int) u + offset;
5085 if (signo > 0 && signo < _NSIG)
5091 bool kexec_loaded(void) {
5092 bool loaded = false;
5095 if (read_one_line_file("/sys/kernel/kexec_loaded", &s) >= 0) {
5103 int prot_from_flags(int flags) {
5105 switch (flags & O_ACCMODE) {
5114 return PROT_READ|PROT_WRITE;
5121 char *format_bytes(char *buf, size_t l, off_t t) {
5124 static const struct {
5128 { "E", 1024ULL*1024ULL*1024ULL*1024ULL*1024ULL*1024ULL },
5129 { "P", 1024ULL*1024ULL*1024ULL*1024ULL*1024ULL },
5130 { "T", 1024ULL*1024ULL*1024ULL*1024ULL },
5131 { "G", 1024ULL*1024ULL*1024ULL },
5132 { "M", 1024ULL*1024ULL },
5136 for (i = 0; i < ELEMENTSOF(table); i++) {
5138 if (t >= table[i].factor) {
5141 (unsigned long long) (t / table[i].factor),
5142 (unsigned long long) (((t*10ULL) / table[i].factor) % 10ULL),
5149 snprintf(buf, l, "%lluB", (unsigned long long) t);
5157 void* memdup(const void *p, size_t l) {
5170 int fd_inc_sndbuf(int fd, size_t n) {
5172 socklen_t l = sizeof(value);
5174 r = getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, &l);
5175 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
5178 /* If we have the privileges we will ignore the kernel limit. */
5181 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
5182 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
5188 int fd_inc_rcvbuf(int fd, size_t n) {
5190 socklen_t l = sizeof(value);
5192 r = getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, &l);
5193 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
5196 /* If we have the privileges we will ignore the kernel limit. */
5199 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
5200 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
5205 int fork_agent(pid_t *pid, const int except[], unsigned n_except, const char *path, ...) {
5206 bool stdout_is_tty, stderr_is_tty;
5207 pid_t parent_pid, agent_pid;
5208 sigset_t ss, saved_ss;
5216 /* Spawns a temporary TTY agent, making sure it goes away when
5219 parent_pid = getpid();
5221 /* First we temporarily block all signals, so that the new
5222 * child has them blocked initially. This way, we can be sure
5223 * that SIGTERMs are not lost we might send to the agent. */
5224 assert_se(sigfillset(&ss) >= 0);
5225 assert_se(sigprocmask(SIG_SETMASK, &ss, &saved_ss) >= 0);
5228 if (agent_pid < 0) {
5229 assert_se(sigprocmask(SIG_SETMASK, &saved_ss, NULL) >= 0);
5233 if (agent_pid != 0) {
5234 assert_se(sigprocmask(SIG_SETMASK, &saved_ss, NULL) >= 0);
5241 * Make sure the agent goes away when the parent dies */
5242 if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
5243 _exit(EXIT_FAILURE);
5245 /* Make sure we actually can kill the agent, if we need to, in
5246 * case somebody invoked us from a shell script that trapped
5247 * SIGTERM or so... */
5248 reset_all_signal_handlers();
5249 reset_signal_mask();
5251 /* Check whether our parent died before we were able
5252 * to set the death signal and unblock the signals */
5253 if (getppid() != parent_pid)
5254 _exit(EXIT_SUCCESS);
5256 /* Don't leak fds to the agent */
5257 close_all_fds(except, n_except);
5259 stdout_is_tty = isatty(STDOUT_FILENO);
5260 stderr_is_tty = isatty(STDERR_FILENO);
5262 if (!stdout_is_tty || !stderr_is_tty) {
5265 /* Detach from stdout/stderr. and reopen
5266 * /dev/tty for them. This is important to
5267 * ensure that when systemctl is started via
5268 * popen() or a similar call that expects to
5269 * read EOF we actually do generate EOF and
5270 * not delay this indefinitely by because we
5271 * keep an unused copy of stdin around. */
5272 fd = open("/dev/tty", O_WRONLY);
5274 log_error_errno(errno, "Failed to open /dev/tty: %m");
5275 _exit(EXIT_FAILURE);
5279 dup2(fd, STDOUT_FILENO);
5282 dup2(fd, STDERR_FILENO);
5288 /* Count arguments */
5290 for (n = 0; va_arg(ap, char*); n++)
5295 l = alloca(sizeof(char *) * (n + 1));
5297 /* Fill in arguments */
5299 for (i = 0; i <= n; i++)
5300 l[i] = va_arg(ap, char*);
5304 _exit(EXIT_FAILURE);
5307 int setrlimit_closest(int resource, const struct rlimit *rlim) {
5308 struct rlimit highest, fixed;
5312 if (setrlimit(resource, rlim) >= 0)
5318 /* So we failed to set the desired setrlimit, then let's try
5319 * to get as close as we can */
5320 assert_se(getrlimit(resource, &highest) == 0);
5322 fixed.rlim_cur = MIN(rlim->rlim_cur, highest.rlim_max);
5323 fixed.rlim_max = MIN(rlim->rlim_max, highest.rlim_max);
5325 if (setrlimit(resource, &fixed) < 0)
5331 int getenv_for_pid(pid_t pid, const char *field, char **_value) {
5332 _cleanup_fclose_ FILE *f = NULL;
5343 path = procfs_file_alloca(pid, "environ");
5345 f = fopen(path, "re");
5353 char line[LINE_MAX];
5356 for (i = 0; i < sizeof(line)-1; i++) {
5360 if (_unlikely_(c == EOF)) {
5370 if (memcmp(line, field, l) == 0 && line[l] == '=') {
5371 value = strdup(line + l + 1);
5385 bool is_valid_documentation_url(const char *url) {
5388 if (startswith(url, "http://") && url[7])
5391 if (startswith(url, "https://") && url[8])
5394 if (startswith(url, "file:") && url[5])
5397 if (startswith(url, "info:") && url[5])
5400 if (startswith(url, "man:") && url[4])
5406 bool in_initrd(void) {
5407 static int saved = -1;
5413 /* We make two checks here:
5415 * 1. the flag file /etc/initrd-release must exist
5416 * 2. the root file system must be a memory file system
5418 * The second check is extra paranoia, since misdetecting an
5419 * initrd can have bad bad consequences due the initrd
5420 * emptying when transititioning to the main systemd.
5423 saved = access("/etc/initrd-release", F_OK) >= 0 &&
5424 statfs("/", &s) >= 0 &&
5425 is_temporary_fs(&s);
5430 void warn_melody(void) {
5431 _cleanup_close_ int fd = -1;
5433 fd = open("/dev/console", O_WRONLY|O_CLOEXEC|O_NOCTTY);
5437 /* Yeah, this is synchronous. Kinda sucks. But well... */
5439 ioctl(fd, KIOCSOUND, (int)(1193180/440));
5440 usleep(125*USEC_PER_MSEC);
5442 ioctl(fd, KIOCSOUND, (int)(1193180/220));
5443 usleep(125*USEC_PER_MSEC);
5445 ioctl(fd, KIOCSOUND, (int)(1193180/220));
5446 usleep(125*USEC_PER_MSEC);
5448 ioctl(fd, KIOCSOUND, 0);
5451 int make_console_stdio(void) {
5454 /* Make /dev/console the controlling terminal and stdin/stdout/stderr */
5456 fd = acquire_terminal("/dev/console", false, true, true, USEC_INFINITY);
5458 return log_error_errno(fd, "Failed to acquire terminal: %m");
5462 return log_error_errno(r, "Failed to duplicate terminal fd: %m");
5467 int get_home_dir(char **_h) {
5475 /* Take the user specified one */
5476 e = secure_getenv("HOME");
5477 if (e && path_is_absolute(e)) {
5486 /* Hardcode home directory for root to avoid NSS */
5489 h = strdup("/root");
5497 /* Check the database... */
5501 return errno > 0 ? -errno : -ESRCH;
5503 if (!path_is_absolute(p->pw_dir))
5506 h = strdup(p->pw_dir);
5514 int get_shell(char **_s) {
5522 /* Take the user specified one */
5523 e = getenv("SHELL");
5533 /* Hardcode home directory for root to avoid NSS */
5536 s = strdup("/bin/sh");
5544 /* Check the database... */
5548 return errno > 0 ? -errno : -ESRCH;
5550 if (!path_is_absolute(p->pw_shell))
5553 s = strdup(p->pw_shell);
5561 bool filename_is_safe(const char *p) {
5575 if (strlen(p) > FILENAME_MAX)
5581 bool string_is_safe(const char *p) {
5587 for (t = p; *t; t++) {
5588 if (*t > 0 && *t < ' ')
5591 if (strchr("\\\"\'\0x7f", *t))
5599 * Check if a string contains control characters. If 'ok' is non-NULL
5600 * it may be a string containing additional CCs to be considered OK.
5602 bool string_has_cc(const char *p, const char *ok) {
5607 for (t = p; *t; t++) {
5608 if (ok && strchr(ok, *t))
5611 if (*t > 0 && *t < ' ')
5621 bool path_is_safe(const char *p) {
5626 if (streq(p, "..") || startswith(p, "../") || endswith(p, "/..") || strstr(p, "/../"))
5629 if (strlen(p) > PATH_MAX)
5632 /* The following two checks are not really dangerous, but hey, they still are confusing */
5633 if (streq(p, ".") || startswith(p, "./") || endswith(p, "/.") || strstr(p, "/./"))
5636 if (strstr(p, "//"))
5642 /* hey glibc, APIs with callbacks without a user pointer are so useless */
5643 void *xbsearch_r(const void *key, const void *base, size_t nmemb, size_t size,
5644 int (*compar) (const void *, const void *, void *), void *arg) {
5653 p = (void *)(((const char *) base) + (idx * size));
5654 comparison = compar(key, p, arg);
5657 else if (comparison > 0)
5665 bool is_locale_utf8(void) {
5667 static int cached_answer = -1;
5669 if (cached_answer >= 0)
5672 if (!setlocale(LC_ALL, "")) {
5673 cached_answer = true;
5677 set = nl_langinfo(CODESET);
5679 cached_answer = true;
5683 if (streq(set, "UTF-8")) {
5684 cached_answer = true;
5688 /* For LC_CTYPE=="C" return true, because CTYPE is effectly
5689 * unset and everything can do to UTF-8 nowadays. */
5690 set = setlocale(LC_CTYPE, NULL);
5692 cached_answer = true;
5696 /* Check result, but ignore the result if C was set
5700 !getenv("LC_ALL") &&
5701 !getenv("LC_CTYPE") &&
5705 return (bool) cached_answer;
5708 const char *draw_special_char(DrawSpecialChar ch) {
5709 static const char *draw_table[2][_DRAW_SPECIAL_CHAR_MAX] = {
5712 [DRAW_TREE_VERTICAL] = "\342\224\202 ", /* │ */
5713 [DRAW_TREE_BRANCH] = "\342\224\234\342\224\200", /* ├─ */
5714 [DRAW_TREE_RIGHT] = "\342\224\224\342\224\200", /* └─ */
5715 [DRAW_TREE_SPACE] = " ", /* */
5716 [DRAW_TRIANGULAR_BULLET] = "\342\200\243", /* ‣ */
5717 [DRAW_BLACK_CIRCLE] = "\342\227\217", /* ● */
5718 [DRAW_ARROW] = "\342\206\222", /* → */
5719 [DRAW_DASH] = "\342\200\223", /* – */
5722 /* ASCII fallback */ {
5723 [DRAW_TREE_VERTICAL] = "| ",
5724 [DRAW_TREE_BRANCH] = "|-",
5725 [DRAW_TREE_RIGHT] = "`-",
5726 [DRAW_TREE_SPACE] = " ",
5727 [DRAW_TRIANGULAR_BULLET] = ">",
5728 [DRAW_BLACK_CIRCLE] = "*",
5729 [DRAW_ARROW] = "->",
5734 return draw_table[!is_locale_utf8()][ch];
5737 char *strreplace(const char *text, const char *old_string, const char *new_string) {
5740 size_t l, old_len, new_len;
5746 old_len = strlen(old_string);
5747 new_len = strlen(new_string);
5760 if (!startswith(f, old_string)) {
5766 nl = l - old_len + new_len;
5767 a = realloc(r, nl + 1);
5775 t = stpcpy(t, new_string);
5787 char *strip_tab_ansi(char **ibuf, size_t *_isz) {
5788 const char *i, *begin = NULL;
5793 } state = STATE_OTHER;
5795 size_t osz = 0, isz;
5801 /* Strips ANSI color and replaces TABs by 8 spaces */
5803 isz = _isz ? *_isz : strlen(*ibuf);
5805 f = open_memstream(&obuf, &osz);
5809 for (i = *ibuf; i < *ibuf + isz + 1; i++) {
5814 if (i >= *ibuf + isz) /* EOT */
5816 else if (*i == '\x1B')
5817 state = STATE_ESCAPE;
5818 else if (*i == '\t')
5825 if (i >= *ibuf + isz) { /* EOT */
5828 } else if (*i == '[') {
5829 state = STATE_BRACKET;
5834 state = STATE_OTHER;
5841 if (i >= *ibuf + isz || /* EOT */
5842 (!(*i >= '0' && *i <= '9') && *i != ';' && *i != 'm')) {
5845 state = STATE_OTHER;
5847 } else if (*i == 'm')
5848 state = STATE_OTHER;
5870 int on_ac_power(void) {
5871 bool found_offline = false, found_online = false;
5872 _cleanup_closedir_ DIR *d = NULL;
5874 d = opendir("/sys/class/power_supply");
5880 _cleanup_close_ int fd = -1, device = -1;
5886 if (!de && errno != 0)
5892 if (ignore_file(de->d_name))
5895 device = openat(dirfd(d), de->d_name, O_DIRECTORY|O_RDONLY|O_CLOEXEC|O_NOCTTY);
5897 if (errno == ENOENT || errno == ENOTDIR)
5903 fd = openat(device, "type", O_RDONLY|O_CLOEXEC|O_NOCTTY);
5905 if (errno == ENOENT)
5911 n = read(fd, contents, sizeof(contents));
5915 if (n != 6 || memcmp(contents, "Mains\n", 6))
5919 fd = openat(device, "online", O_RDONLY|O_CLOEXEC|O_NOCTTY);
5921 if (errno == ENOENT)
5927 n = read(fd, contents, sizeof(contents));
5931 if (n != 2 || contents[1] != '\n')
5934 if (contents[0] == '1') {
5935 found_online = true;
5937 } else if (contents[0] == '0')
5938 found_offline = true;
5943 return found_online || !found_offline;
5946 static int search_and_fopen_internal(const char *path, const char *mode, const char *root, char **search, FILE **_f) {
5953 if (!path_strv_resolve_uniq(search, root))
5956 STRV_FOREACH(i, search) {
5957 _cleanup_free_ char *p = NULL;
5961 p = strjoin(root, *i, "/", path, NULL);
5963 p = strjoin(*i, "/", path, NULL);
5973 if (errno != ENOENT)
5980 int search_and_fopen(const char *path, const char *mode, const char *root, const char **search, FILE **_f) {
5981 _cleanup_strv_free_ char **copy = NULL;
5987 if (path_is_absolute(path)) {
5990 f = fopen(path, mode);
5999 copy = strv_copy((char**) search);
6003 return search_and_fopen_internal(path, mode, root, copy, _f);
6006 int search_and_fopen_nulstr(const char *path, const char *mode, const char *root, const char *search, FILE **_f) {
6007 _cleanup_strv_free_ char **s = NULL;
6009 if (path_is_absolute(path)) {
6012 f = fopen(path, mode);
6021 s = strv_split_nulstr(search);
6025 return search_and_fopen_internal(path, mode, root, s, _f);
6028 char *strextend(char **x, ...) {
6035 l = f = *x ? strlen(*x) : 0;
6042 t = va_arg(ap, const char *);
6047 if (n > ((size_t) -1) - l) {
6056 r = realloc(*x, l+1);
6066 t = va_arg(ap, const char *);
6080 char *strrep(const char *s, unsigned n) {
6088 p = r = malloc(l * n + 1);
6092 for (i = 0; i < n; i++)
6099 void* greedy_realloc(void **p, size_t *allocated, size_t need, size_t size) {
6106 if (*allocated >= need)
6109 newalloc = MAX(need * 2, 64u / size);
6110 a = newalloc * size;
6112 /* check for overflows */
6113 if (a < size * need)
6121 *allocated = newalloc;
6125 void* greedy_realloc0(void **p, size_t *allocated, size_t need, size_t size) {
6134 q = greedy_realloc(p, allocated, need, size);
6138 if (*allocated > prev)
6139 memzero(q + prev * size, (*allocated - prev) * size);
6144 bool id128_is_valid(const char *s) {
6150 /* Simple formatted 128bit hex string */
6152 for (i = 0; i < l; i++) {
6155 if (!(c >= '0' && c <= '9') &&
6156 !(c >= 'a' && c <= 'z') &&
6157 !(c >= 'A' && c <= 'Z'))
6161 } else if (l == 36) {
6163 /* Formatted UUID */
6165 for (i = 0; i < l; i++) {
6168 if ((i == 8 || i == 13 || i == 18 || i == 23)) {
6172 if (!(c >= '0' && c <= '9') &&
6173 !(c >= 'a' && c <= 'z') &&
6174 !(c >= 'A' && c <= 'Z'))
6185 int split_pair(const char *s, const char *sep, char **l, char **r) {
6200 a = strndup(s, x - s);
6204 b = strdup(x + strlen(sep));
6216 int shall_restore_state(void) {
6217 _cleanup_free_ char *value = NULL;
6220 r = get_proc_cmdline_key("systemd.restore_state=", &value);
6226 return parse_boolean(value) != 0;
6229 int proc_cmdline(char **ret) {
6232 if (detect_container(NULL) > 0)
6233 return get_process_cmdline(1, 0, false, ret);
6235 return read_one_line_file("/proc/cmdline", ret);
6238 int parse_proc_cmdline(int (*parse_item)(const char *key, const char *value)) {
6239 _cleanup_free_ char *line = NULL;
6245 r = proc_cmdline(&line);
6251 _cleanup_free_ char *word = NULL;
6254 r = unquote_first_word(&p, &word, true);
6260 /* Filter out arguments that are intended only for the
6262 if (!in_initrd() && startswith(word, "rd."))
6265 value = strchr(word, '=');
6269 r = parse_item(word, value);
6277 int get_proc_cmdline_key(const char *key, char **value) {
6278 _cleanup_free_ char *line = NULL, *ret = NULL;
6285 r = proc_cmdline(&line);
6291 _cleanup_free_ char *word = NULL;
6294 r = unquote_first_word(&p, &word, true);
6300 /* Filter out arguments that are intended only for the
6302 if (!in_initrd() && startswith(word, "rd."))
6306 e = startswith(word, key);
6310 r = free_and_strdup(&ret, e);
6316 if (streq(word, key))
6330 int container_get_leader(const char *machine, pid_t *pid) {
6331 _cleanup_free_ char *s = NULL, *class = NULL;
6339 p = strappenda("/run/systemd/machines/", machine);
6340 r = parse_env_file(p, NEWLINE, "LEADER", &s, "CLASS", &class, NULL);
6348 if (!streq_ptr(class, "container"))
6351 r = parse_pid(s, &leader);
6361 int namespace_open(pid_t pid, int *pidns_fd, int *mntns_fd, int *netns_fd, int *root_fd) {
6362 _cleanup_close_ int pidnsfd = -1, mntnsfd = -1, netnsfd = -1;
6370 mntns = procfs_file_alloca(pid, "ns/mnt");
6371 mntnsfd = open(mntns, O_RDONLY|O_NOCTTY|O_CLOEXEC);
6379 pidns = procfs_file_alloca(pid, "ns/pid");
6380 pidnsfd = open(pidns, O_RDONLY|O_NOCTTY|O_CLOEXEC);
6388 netns = procfs_file_alloca(pid, "ns/net");
6389 netnsfd = open(netns, O_RDONLY|O_NOCTTY|O_CLOEXEC);
6397 root = procfs_file_alloca(pid, "root");
6398 rfd = open(root, O_RDONLY|O_NOCTTY|O_CLOEXEC|O_DIRECTORY);
6404 *pidns_fd = pidnsfd;
6407 *mntns_fd = mntnsfd;
6410 *netns_fd = netnsfd;
6415 pidnsfd = mntnsfd = netnsfd = -1;
6420 int namespace_enter(int pidns_fd, int mntns_fd, int netns_fd, int root_fd) {
6423 if (setns(pidns_fd, CLONE_NEWPID) < 0)
6427 if (setns(mntns_fd, CLONE_NEWNS) < 0)
6431 if (setns(netns_fd, CLONE_NEWNET) < 0)
6435 if (fchdir(root_fd) < 0)
6438 if (chroot(".") < 0)
6442 if (setresgid(0, 0, 0) < 0)
6445 if (setgroups(0, NULL) < 0)
6448 if (setresuid(0, 0, 0) < 0)
6454 bool pid_is_unwaited(pid_t pid) {
6455 /* Checks whether a PID is still valid at all, including a zombie */
6460 if (kill(pid, 0) >= 0)
6463 return errno != ESRCH;
6466 bool pid_is_alive(pid_t pid) {
6469 /* Checks whether a PID is still valid and not a zombie */
6474 r = get_process_state(pid);
6475 if (r == -ENOENT || r == 'Z')
6481 int getpeercred(int fd, struct ucred *ucred) {
6482 socklen_t n = sizeof(struct ucred);
6489 r = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &u, &n);
6493 if (n != sizeof(struct ucred))
6496 /* Check if the data is actually useful and not suppressed due
6497 * to namespacing issues */
6500 if (u.uid == UID_INVALID)
6502 if (u.gid == GID_INVALID)
6509 int getpeersec(int fd, char **ret) {
6521 r = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, s, &n);
6525 if (errno != ERANGE)
6532 r = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, s, &n);
6548 /* This is much like like mkostemp() but is subject to umask(). */
6549 int mkostemp_safe(char *pattern, int flags) {
6550 _cleanup_umask_ mode_t u;
6557 fd = mkostemp(pattern, flags);
6564 int open_tmpfile(const char *path, int flags) {
6571 /* Try O_TMPFILE first, if it is supported */
6572 fd = open(path, flags|O_TMPFILE, S_IRUSR|S_IWUSR);
6577 /* Fall back to unguessable name + unlinking */
6578 p = strappenda(path, "/systemd-tmp-XXXXXX");
6580 fd = mkostemp_safe(p, flags);
6588 int fd_warn_permissions(const char *path, int fd) {
6591 if (fstat(fd, &st) < 0)
6594 if (st.st_mode & 0111)
6595 log_warning("Configuration file %s is marked executable. Please remove executable permission bits. Proceeding anyway.", path);
6597 if (st.st_mode & 0002)
6598 log_warning("Configuration file %s is marked world-writable. Please remove world writability permission bits. Proceeding anyway.", path);
6600 if (getpid() == 1 && (st.st_mode & 0044) != 0044)
6601 log_warning("Configuration file %s is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.", path);
6606 unsigned long personality_from_string(const char *p) {
6608 /* Parse a personality specifier. We introduce our own
6609 * identifiers that indicate specific ABIs, rather than just
6610 * hints regarding the register size, since we want to keep
6611 * things open for multiple locally supported ABIs for the
6612 * same register size. We try to reuse the ABI identifiers
6613 * used by libseccomp. */
6615 #if defined(__x86_64__)
6617 if (streq(p, "x86"))
6620 if (streq(p, "x86-64"))
6623 #elif defined(__i386__)
6625 if (streq(p, "x86"))
6629 /* personality(7) documents that 0xffffffffUL is used for
6630 * querying the current personality, hence let's use that here
6631 * as error indicator. */
6632 return 0xffffffffUL;
6635 const char* personality_to_string(unsigned long p) {
6637 #if defined(__x86_64__)
6639 if (p == PER_LINUX32)
6645 #elif defined(__i386__)
6654 uint64_t physical_memory(void) {
6657 /* We return this as uint64_t in case we are running as 32bit
6658 * process on a 64bit kernel with huge amounts of memory */
6660 mem = sysconf(_SC_PHYS_PAGES);
6663 return (uint64_t) mem * (uint64_t) page_size();
6666 char* mount_test_option(const char *haystack, const char *needle) {
6668 struct mntent me = {
6669 .mnt_opts = (char*) haystack
6674 /* Like glibc's hasmntopt(), but works on a string, not a
6680 return hasmntopt(&me, needle);
6683 void hexdump(FILE *f, const void *p, size_t s) {
6684 const uint8_t *b = p;
6687 assert(s == 0 || b);
6692 fprintf(f, "%04x ", n);
6694 for (i = 0; i < 16; i++) {
6699 fprintf(f, "%02x ", b[i]);
6707 for (i = 0; i < 16; i++) {
6712 fputc(isprint(b[i]) ? (char) b[i] : '.', f);
6726 int update_reboot_param_file(const char *param) {
6731 r = write_string_file(REBOOT_PARAM_FILE, param);
6733 log_error("Failed to write reboot param to "
6734 REBOOT_PARAM_FILE": %s", strerror(-r));
6736 unlink(REBOOT_PARAM_FILE);
6741 int umount_recursive(const char *prefix, int flags) {
6745 /* Try to umount everything recursively below a
6746 * directory. Also, take care of stacked mounts, and keep
6747 * unmounting them until they are gone. */
6750 _cleanup_fclose_ FILE *proc_self_mountinfo = NULL;
6755 proc_self_mountinfo = fopen("/proc/self/mountinfo", "re");
6756 if (!proc_self_mountinfo)
6760 _cleanup_free_ char *path = NULL, *p = NULL;
6763 k = fscanf(proc_self_mountinfo,
6764 "%*s " /* (1) mount id */
6765 "%*s " /* (2) parent id */
6766 "%*s " /* (3) major:minor */
6767 "%*s " /* (4) root */
6768 "%ms " /* (5) mount point */
6769 "%*s" /* (6) mount options */
6770 "%*[^-]" /* (7) optional fields */
6771 "- " /* (8) separator */
6772 "%*s " /* (9) file system type */
6773 "%*s" /* (10) mount source */
6774 "%*s" /* (11) mount options 2 */
6775 "%*[^\n]", /* some rubbish at the end */
6784 p = cunescape(path);
6788 if (!path_startswith(p, prefix))
6791 if (umount2(p, flags) < 0) {
6807 int bind_remount_recursive(const char *prefix, bool ro) {
6808 _cleanup_set_free_free_ Set *done = NULL;
6809 _cleanup_free_ char *cleaned = NULL;
6812 /* Recursively remount a directory (and all its submounts)
6813 * read-only or read-write. If the directory is already
6814 * mounted, we reuse the mount and simply mark it
6815 * MS_BIND|MS_RDONLY (or remove the MS_RDONLY for read-write
6816 * operation). If it isn't we first make it one. Afterwards we
6817 * apply MS_BIND|MS_RDONLY (or remove MS_RDONLY) to all
6818 * submounts we can access, too. When mounts are stacked on
6819 * the same mount point we only care for each individual
6820 * "top-level" mount on each point, as we cannot
6821 * influence/access the underlying mounts anyway. We do not
6822 * have any effect on future submounts that might get
6823 * propagated, they migt be writable. This includes future
6824 * submounts that have been triggered via autofs. */
6826 cleaned = strdup(prefix);
6830 path_kill_slashes(cleaned);
6832 done = set_new(&string_hash_ops);
6837 _cleanup_fclose_ FILE *proc_self_mountinfo = NULL;
6838 _cleanup_set_free_free_ Set *todo = NULL;
6839 bool top_autofs = false;
6842 todo = set_new(&string_hash_ops);
6846 proc_self_mountinfo = fopen("/proc/self/mountinfo", "re");
6847 if (!proc_self_mountinfo)
6851 _cleanup_free_ char *path = NULL, *p = NULL, *type = NULL;
6854 k = fscanf(proc_self_mountinfo,
6855 "%*s " /* (1) mount id */
6856 "%*s " /* (2) parent id */
6857 "%*s " /* (3) major:minor */
6858 "%*s " /* (4) root */
6859 "%ms " /* (5) mount point */
6860 "%*s" /* (6) mount options (superblock) */
6861 "%*[^-]" /* (7) optional fields */
6862 "- " /* (8) separator */
6863 "%ms " /* (9) file system type */
6864 "%*s" /* (10) mount source */
6865 "%*s" /* (11) mount options (bind mount) */
6866 "%*[^\n]", /* some rubbish at the end */
6876 p = cunescape(path);
6880 /* Let's ignore autofs mounts. If they aren't
6881 * triggered yet, we want to avoid triggering
6882 * them, as we don't make any guarantees for
6883 * future submounts anyway. If they are
6884 * already triggered, then we will find
6885 * another entry for this. */
6886 if (streq(type, "autofs")) {
6887 top_autofs = top_autofs || path_equal(cleaned, p);
6891 if (path_startswith(p, cleaned) &&
6892 !set_contains(done, p)) {
6894 r = set_consume(todo, p);
6904 /* If we have no submounts to process anymore and if
6905 * the root is either already done, or an autofs, we
6907 if (set_isempty(todo) &&
6908 (top_autofs || set_contains(done, cleaned)))
6911 if (!set_contains(done, cleaned) &&
6912 !set_contains(todo, cleaned)) {
6913 /* The prefix directory itself is not yet a
6914 * mount, make it one. */
6915 if (mount(cleaned, cleaned, NULL, MS_BIND|MS_REC, NULL) < 0)
6918 if (mount(NULL, prefix, NULL, MS_BIND|MS_REMOUNT|(ro ? MS_RDONLY : 0), NULL) < 0)
6921 x = strdup(cleaned);
6925 r = set_consume(done, x);
6930 while ((x = set_steal_first(todo))) {
6932 r = set_consume(done, x);
6938 if (mount(NULL, x, NULL, MS_BIND|MS_REMOUNT|(ro ? MS_RDONLY : 0), NULL) < 0) {
6940 /* Deal with mount points that are
6941 * obstructed by a later mount */
6943 if (errno != ENOENT)
6951 int fflush_and_check(FILE *f) {
6958 return errno ? -errno : -EIO;
6963 char *tempfn_xxxxxx(const char *p) {
6970 t = new(char, strlen(p) + 1 + 6 + 1);
6977 strcpy(stpcpy(stpcpy(mempcpy(t, p, k), "."), fn), "XXXXXX");
6982 char *tempfn_random(const char *p) {
6991 t = new(char, strlen(p) + 1 + 16 + 1);
6998 x = stpcpy(stpcpy(mempcpy(t, p, k), "."), fn);
7001 for (i = 0; i < 16; i++) {
7002 *(x++) = hexchar(u & 0xF);
7011 /* make sure the hostname is not "localhost" */
7012 bool is_localhost(const char *hostname) {
7015 /* This tries to identify local host and domain names
7016 * described in RFC6761 plus the redhatism of .localdomain */
7018 return streq(hostname, "localhost") ||
7019 streq(hostname, "localhost.") ||
7020 streq(hostname, "localdomain.") ||
7021 streq(hostname, "localdomain") ||
7022 endswith(hostname, ".localhost") ||
7023 endswith(hostname, ".localhost.") ||
7024 endswith(hostname, ".localdomain") ||
7025 endswith(hostname, ".localdomain.");
7028 int take_password_lock(const char *root) {
7030 struct flock flock = {
7032 .l_whence = SEEK_SET,
7040 /* This is roughly the same as lckpwdf(), but not as awful. We
7041 * don't want to use alarm() and signals, hence we implement
7042 * our own trivial version of this.
7044 * Note that shadow-utils also takes per-database locks in
7045 * addition to lckpwdf(). However, we don't given that they
7046 * are redundant as they they invoke lckpwdf() first and keep
7047 * it during everything they do. The per-database locks are
7048 * awfully racy, and thus we just won't do them. */
7051 path = strappenda(root, "/etc/.pwd.lock");
7053 path = "/etc/.pwd.lock";
7055 fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0600);
7059 r = fcntl(fd, F_SETLKW, &flock);
7068 int is_symlink(const char *path) {
7071 if (lstat(path, &info) < 0)
7074 return !!S_ISLNK(info.st_mode);
7077 int is_dir(const char* path, bool follow) {
7082 r = stat(path, &st);
7084 r = lstat(path, &st);
7088 return !!S_ISDIR(st.st_mode);
7091 int unquote_first_word(const char **p, char **ret, bool relax) {
7092 _cleanup_free_ char *s = NULL;
7093 size_t allocated = 0, sz = 0;
7100 SINGLE_QUOTE_ESCAPE,
7102 DOUBLE_QUOTE_ESCAPE,
7110 /* Parses the first word of a string, and returns it in
7111 * *ret. Removes all quotes in the process. When parsing fails
7112 * (because of an uneven number of quotes or similar), leaves
7113 * the pointer *p at the first invalid character. */
7123 else if (strchr(WHITESPACE, c))
7133 state = SINGLE_QUOTE;
7135 state = VALUE_ESCAPE;
7137 state = DOUBLE_QUOTE;
7138 else if (strchr(WHITESPACE, c))
7141 if (!GREEDY_REALLOC(s, allocated, sz+2))
7156 if (!GREEDY_REALLOC(s, allocated, sz+2))
7169 } else if (c == '\'')
7172 state = SINGLE_QUOTE_ESCAPE;
7174 if (!GREEDY_REALLOC(s, allocated, sz+2))
7182 case SINGLE_QUOTE_ESCAPE:
7189 if (!GREEDY_REALLOC(s, allocated, sz+2))
7193 state = SINGLE_QUOTE;
7202 state = DOUBLE_QUOTE_ESCAPE;
7204 if (!GREEDY_REALLOC(s, allocated, sz+2))
7212 case DOUBLE_QUOTE_ESCAPE:
7219 if (!GREEDY_REALLOC(s, allocated, sz+2))
7223 state = DOUBLE_QUOTE;
7229 if (!strchr(WHITESPACE, c))
7251 int unquote_many_words(const char **p, ...) {
7256 /* Parses a number of words from a string, stripping any
7257 * quotes if necessary. */
7261 /* Count how many words are expected */
7264 if (!va_arg(ap, char **))
7273 /* Read all words into a temporary array */
7274 l = newa0(char*, n);
7275 for (c = 0; c < n; c++) {
7277 r = unquote_first_word(p, &l[c], false);
7281 for (j = 0; j < c; j++)
7291 /* If we managed to parse all words, return them in the passed
7294 for (i = 0; i < n; i++) {
7297 v = va_arg(ap, char **);
7307 int free_and_strdup(char **p, const char *s) {
7312 /* Replaces a string pointer with an strdup()ed new string,
7313 * possibly freeing the old one. */
7328 int sethostname_idempotent(const char *s) {
7330 char buf[HOST_NAME_MAX + 1] = {};
7334 r = gethostname(buf, sizeof(buf));
7341 r = sethostname(s, strlen(s));