/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
-#ifndef fooexecutehfoo
-#define fooexecutehfoo
+#pragma once
/***
This file is part of systemd.
typedef struct ExecStatus ExecStatus;
typedef struct ExecCommand ExecCommand;
typedef struct ExecContext ExecContext;
+typedef struct ExecRuntime ExecRuntime;
+typedef struct ExecParameters ExecParameters;
#include <linux/types.h>
#include <sys/time.h>
#include <stdio.h>
#include <sched.h>
-struct CGroupBonding;
-struct CGroupAttribute;
-
#include "list.h"
#include "util.h"
-
-typedef enum KillMode {
- KILL_CONTROL_GROUP = 0,
- KILL_PROCESS,
- KILL_NONE,
- _KILL_MODE_MAX,
- _KILL_MODE_INVALID = -1
-} KillMode;
-
-typedef enum KillWho {
- KILL_MAIN,
- KILL_CONTROL,
- KILL_ALL,
- _KILL_WHO_MAX,
- _KILL_WHO_INVALID = -1
-} KillWho;
+#include "set.h"
+#include "fdset.h"
+#include "missing.h"
+#include "namespace.h"
+#include "bus-endpoint.h"
typedef enum ExecInput {
EXEC_INPUT_NULL,
bool ignore;
};
+struct ExecRuntime {
+ int n_ref;
+
+ char *tmp_dir;
+ char *var_tmp_dir;
+
+ int netns_storage_socket[2];
+};
+
struct ExecContext {
char **environment;
char **environment_files;
- struct rlimit *rlimit[RLIMIT_NLIMITS];
+ struct rlimit *rlimit[_RLIMIT_MAX];
char *working_directory, *root_directory;
mode_t umask;
ExecOutput std_output;
ExecOutput std_error;
- unsigned long timer_slack_nsec;
-
- char *tcpwrap_name;
+ nsec_t timer_slack_nsec;
char *tty_path;
char *utmp_id;
+ bool selinux_context_ignore;
+ char *selinux_context;
+
+ bool apparmor_profile_ignore;
+ char *apparmor_profile;
+
+ bool smack_process_label_ignore;
+ char *smack_process_label;
+
char **read_write_dirs, **read_only_dirs, **inaccessible_dirs;
unsigned long mount_flags;
uint64_t capability_bounding_set_drop;
- /* Not relevant for spawning processes, just for killing */
- KillMode kill_mode;
- int kill_signal;
- bool send_sigkill;
-
cap_t capabilities;
int secure_bits;
bool non_blocking;
bool private_tmp;
bool private_network;
+ bool private_devices;
+ ProtectSystem protect_system;
+ ProtectHome protect_home;
- bool control_group_modify;
- int control_group_persistent;
+ bool no_new_privileges;
/* This is not exposed to the user but available
* internally. We need it to make sure that whenever we spawn
* don't enter a trigger loop. */
bool same_pgrp;
+ unsigned long personality;
+
+ Set *syscall_filter;
+ Set *syscall_archs;
+ int syscall_errno;
+ bool syscall_whitelist:1;
+
+ Set *address_families;
+ bool address_families_whitelist:1;
+
+ char **runtime_directory;
+ mode_t runtime_directory_mode;
+
bool oom_score_adjust_set:1;
bool nice_set:1;
bool ioprio_set:1;
bool cpu_sched_set:1;
- bool timer_slack_nsec_set:1;
+ bool no_new_privileges_set:1;
+
+ /* custom dbus enpoint */
+ BusEndpoint *bus_endpoint;
+};
+
+#include "cgroup.h"
+
+struct ExecParameters {
+ char **argv;
+ int *fds; unsigned n_fds;
+ char **environment;
+ bool apply_permissions;
+ bool apply_chroot;
+ bool apply_tty_stdin;
+ bool confirm_spawn;
+ bool selinux_context_net;
+ CGroupControllerMask cgroup_supported;
+ const char *cgroup_path;
+ bool cgroup_delegate;
+ const char *runtime_prefix;
+ const char *unit_id;
+ usec_t watchdog_usec;
+ int *idle_pipe;
+ char *bus_endpoint_path;
+ int bus_endpoint_fd;
};
int exec_spawn(ExecCommand *command,
- char **argv,
const ExecContext *context,
- int fds[], unsigned n_fds,
- char **environment,
- bool apply_permissions,
- bool apply_chroot,
- bool apply_tty_stdin,
- bool confirm_spawn,
- struct CGroupBonding *cgroup_bondings,
- struct CGroupAttribute *cgroup_attributes,
- const char *cgroup_suffix,
+ const ExecParameters *exec_params,
+ ExecRuntime *runtime,
pid_t *ret);
void exec_command_done(ExecCommand *c);
void exec_command_done_array(ExecCommand *c, unsigned n);
-void exec_command_free_list(ExecCommand *c);
+ExecCommand* exec_command_free_list(ExecCommand *c);
void exec_command_free_array(ExecCommand **c, unsigned n);
char *exec_command_line(char **argv);
void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix);
void exec_command_append_list(ExecCommand **l, ExecCommand *e);
int exec_command_set(ExecCommand *c, const char *path, ...);
+int exec_command_append(ExecCommand *c, const char *path, ...);
void exec_context_init(ExecContext *c);
void exec_context_done(ExecContext *c);
void exec_context_dump(ExecContext *c, FILE* f, const char *prefix);
-void exec_context_tty_reset(const ExecContext *context);
-int exec_context_load_environment(const ExecContext *c, char ***l);
+int exec_context_destroy_runtime_directory(ExecContext *c, const char *runtime_root);
+
+int exec_context_load_environment(const ExecContext *c, const char *unit_id, char ***l);
+
+bool exec_context_may_touch_console(ExecContext *c);
+bool exec_context_maintains_privileges(ExecContext *c);
void exec_status_start(ExecStatus *s, pid_t pid);
void exec_status_exit(ExecStatus *s, ExecContext *context, pid_t pid, int code, int status);
void exec_status_dump(ExecStatus *s, FILE *f, const char *prefix);
-const char* exec_output_to_string(ExecOutput i);
-ExecOutput exec_output_from_string(const char *s);
+int exec_runtime_make(ExecRuntime **rt, ExecContext *c, const char *id);
+ExecRuntime *exec_runtime_ref(ExecRuntime *r);
+ExecRuntime *exec_runtime_unref(ExecRuntime *r);
-const char* exec_input_to_string(ExecInput i);
-ExecInput exec_input_from_string(const char *s);
+int exec_runtime_serialize(ExecRuntime *rt, Unit *u, FILE *f, FDSet *fds);
+int exec_runtime_deserialize_item(ExecRuntime **rt, Unit *u, const char *key, const char *value, FDSet *fds);
-const char *kill_mode_to_string(KillMode k);
-KillMode kill_mode_from_string(const char *s);
+void exec_runtime_destroy(ExecRuntime *rt);
-const char *kill_who_to_string(KillWho k);
-KillWho kill_who_from_string(const char *s);
+const char* exec_output_to_string(ExecOutput i) _const_;
+ExecOutput exec_output_from_string(const char *s) _pure_;
-#endif
+const char* exec_input_to_string(ExecInput i) _const_;
+ExecInput exec_input_from_string(const char *s) _pure_;
~ianmdlvl / elogind.git / blobdiff