X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fcore%2Fmain.c;h=21c0d274c615117f3bf9ba6f3f7cb4d43c3881fc;hp=2fcd63d3e220ab90e130b06f39372528628a9923;hb=e2b1eb2661e95c8e3d03c5f7183a234fea990b68;hpb=e30431623a7d871da123cc37055ac49abf2c20ea diff --git a/src/core/main.c b/src/core/main.c index 2fcd63d3e..21c0d274c 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -52,6 +52,9 @@ #include "switch-root.h" #include "capability.h" #include "killall.h" +#include "env-util.h" +#include "hwclock.h" +#include "sd-daemon.h" #include "mount-setup.h" #include "loopback-setup.h" @@ -61,10 +64,10 @@ #include "hostname-setup.h" #include "machine-id-setup.h" #include "locale-setup.h" -#include "hwclock.h" #include "selinux-setup.h" #include "ima-setup.h" -#include "sd-daemon.h" +#include "fileio.h" +#include "smack-setup.h" static enum { ACTION_RUN, @@ -342,7 +345,8 @@ static int parse_proc_cmdline_word(const char *word) { else arg_default_std_error = r; } else if (startswith(word, "systemd.setenv=")) { - char *cenv, *eq; + _cleanup_free_ char *cenv = NULL; + char *eq; int r; cenv = strdup(word + 15); @@ -351,40 +355,58 @@ static int parse_proc_cmdline_word(const char *word) { eq = strchr(cenv, '='); if (!eq) { - r = unsetenv(cenv); - if (r < 0) - log_warning("unsetenv failed %m. Ignoring."); + if (!env_name_is_valid(cenv)) + log_warning("Environment variable name '%s' is not valid. Ignoring.", cenv); + else { + r = unsetenv(cenv); + if (r < 0) + log_warning("Unsetting environment variable '%s' failed, ignoring: %m", cenv); + } } else { - *eq = 0; - r = setenv(cenv, eq + 1, 1); - if (r < 0) - log_warning("setenv failed %m. Ignoring."); + if (!env_assignment_is_valid(cenv)) + log_warning("Environment variable assignment '%s' is not valid. Ignoring.", cenv); + else { + *eq = 0; + r = setenv(cenv, eq + 1, 1); + if (r < 0) + log_warning("Setting environment variable '%s=%s' failed, ignoring: %m", cenv, eq + 1); + } } - free(cenv); } else if (startswith(word, "systemd.") || (in_initrd() && startswith(word, "rd.systemd."))) { - log_warning("Unknown kernel switch %s. Ignoring.", word); - - log_info("Supported kernel switches:\n" - "systemd.unit=UNIT Default unit to start\n" - "rd.systemd.unit=UNIT Default unit to start when run in initrd\n" - "systemd.dump_core=0|1 Dump core on crash\n" - "systemd.crash_shell=0|1 Run shell on crash\n" - "systemd.crash_chvt=N Change to VT #N on crash\n" - "systemd.confirm_spawn=0|1 Confirm every process spawn\n" - "systemd.show_status=0|1 Show status updates on the console during bootup\n" - "systemd.log_target=console|kmsg|journal|journal-or-kmsg|syslog|syslog-or-kmsg|null\n" - " Log target\n" - "systemd.log_level=LEVEL Log level\n" - "systemd.log_color=0|1 Highlight important log messages\n" - "systemd.log_location=0|1 Include code location in log messages\n" - "systemd.default_standard_output=null|tty|syslog|syslog+console|kmsg|kmsg+console|journal|journal+console\n" - " Set default log output for services\n" - "systemd.default_standard_error=null|tty|syslog|syslog+console|kmsg|kmsg+console|journal|journal+console\n" - " Set default log error output for services\n" - "systemd.setenv=ASSIGNMENT Set an environment variable for all spawned processes\n"); + const char *c; + + /* Ignore systemd.journald.xyz and friends */ + c = word; + if (startswith(c, "rd.")) + c += 3; + if (startswith(c, "systemd.")) + c += 8; + if (c[strcspn(c, ".=")] != '.') { + + log_warning("Unknown kernel switch %s. Ignoring.", word); + + log_info("Supported kernel switches:\n" + "systemd.unit=UNIT Default unit to start\n" + "rd.systemd.unit=UNIT Default unit to start when run in initrd\n" + "systemd.dump_core=0|1 Dump core on crash\n" + "systemd.crash_shell=0|1 Run shell on crash\n" + "systemd.crash_chvt=N Change to VT #N on crash\n" + "systemd.confirm_spawn=0|1 Confirm every process spawn\n" + "systemd.show_status=0|1 Show status updates on the console during bootup\n" + "systemd.log_target=console|kmsg|journal|journal-or-kmsg|syslog|syslog-or-kmsg|null\n" + " Log target\n" + "systemd.log_level=LEVEL Log level\n" + "systemd.log_color=0|1 Highlight important log messages\n" + "systemd.log_location=0|1 Include code location in log messages\n" + "systemd.default_standard_output=null|tty|syslog|syslog+console|kmsg|kmsg+console|journal|journal+console\n" + " Set default log output for services\n" + "systemd.default_standard_error=null|tty|syslog|syslog+console|kmsg|kmsg+console|journal|journal+console\n" + " Set default log error output for services\n" + "systemd.setenv=ASSIGNMENT Set an environment variable for all spawned processes\n"); + } } else if (streq(word, "quiet")) arg_show_status = false; @@ -934,14 +956,18 @@ static int parse_argv(int argc, char *argv[]) { int fd; FILE *f; - if ((r = safe_atoi(optarg, &fd)) < 0 || fd < 0) { + r = safe_atoi(optarg, &fd); + if (r < 0 || fd < 0) { log_error("Failed to parse deserialize option %s.", optarg); - return r; + return r < 0 ? r : -EINVAL; } - if (!(f = fdopen(fd, "r"))) { + fd_cloexec(fd, true); + + f = fdopen(fd, "r"); + if (!f) { log_error("Failed to open serialization fd: %m"); - return r; + return -errno; } if (serialization) @@ -1060,7 +1086,6 @@ static int help(void) { static int version(void) { puts(PACKAGE_STRING); - puts(DISTRIBUTION); puts(SYSTEMD_FEATURES); return 0; @@ -1333,10 +1358,13 @@ int main(int argc, char *argv[]) { } if (!skip_setup) { + mount_setup_early(); if (selinux_setup(&loaded_policy) < 0) goto finish; if (ima_setup() < 0) goto finish; + if (smack_setup() < 0) + goto finish; } if (label_init(NULL) < 0) @@ -1409,7 +1437,7 @@ int main(int argc, char *argv[]) { /* Mount /proc, /sys and friends, so that /proc/cmdline and * /proc/$PID/fd is available. */ - if (geteuid() == 0 && !getenv("SYSTEMD_SKIP_API_MOUNTS")) { + if (getpid() == 1) { r = mount_setup(loaded_policy); if (r < 0) goto finish; @@ -1474,16 +1502,15 @@ int main(int argc, char *argv[]) { log_close(); /* Remember open file descriptors for later deserialization */ - if (serialization) { - r = fdset_new_fill(&fds); - if (r < 0) { - log_error("Failed to allocate fd set: %s", strerror(-r)); - goto finish; - } + r = fdset_new_fill(&fds); + if (r < 0) { + log_error("Failed to allocate fd set: %s", strerror(-r)); + goto finish; + } else + fdset_cloexec(fds, true); + if (serialization) assert_se(fdset_remove(fds, fileno(serialization)) >= 0); - } else - close_all_fds(NULL, 0); /* Set up PATH unless it is already set */ setenv("PATH", @@ -1518,6 +1545,12 @@ int main(int argc, char *argv[]) { unsetenv("USER"); unsetenv("LOGNAME"); + /* We suppress the socket activation env vars, as + * we'll try to match *any* open fd to units if + * possible. */ + unsetenv("LISTEN_FDS"); + unsetenv("LISTEN_PID"); + /* All other variables are left as is, so that clients * can still read them via /proc/1/environ */ } @@ -1549,7 +1582,7 @@ int main(int argc, char *argv[]) { if (getpid() == 1) install_crash_handler(); - if (geteuid() == 0 && !getenv("SYSTEMD_SKIP_API_MOUNTS")) { + if (getpid() == 1) { r = mount_cgroup_controllers(arg_join_controllers); if (r < 0) goto finish; @@ -1558,7 +1591,7 @@ int main(int argc, char *argv[]) { if (arg_running_as == SYSTEMD_SYSTEM) { const char *virtualization = NULL; - log_info(PACKAGE_STRING " running in system mode. (" SYSTEMD_FEATURES "; " DISTRIBUTION ")"); + log_info(PACKAGE_STRING " running in system mode. (" SYSTEMD_FEATURES ")"); detect_virtualization(&virtualization); if (virtualization) @@ -1568,7 +1601,7 @@ int main(int argc, char *argv[]) { log_info("Running in initial RAM disk."); } else - log_debug(PACKAGE_STRING " running in user mode. (" SYSTEMD_FEATURES "; " DISTRIBUTION ")"); + log_debug(PACKAGE_STRING " running in user mode. (" SYSTEMD_FEATURES ")"); if (arg_running_as == SYSTEMD_SYSTEM && !skip_setup) { locale_setup(); @@ -1653,10 +1686,7 @@ int main(int argc, char *argv[]) { /* This will close all file descriptors that were opened, but * not claimed by any unit. */ - if (fds) { - fdset_free(fds); - fds = NULL; - } + fdset_free(fds); if (serialization) { fclose(serialization); @@ -1705,12 +1735,23 @@ int main(int argc, char *argv[]) { manager_dump_units(m, stdout, "\t"); } - r = manager_add_job(m, JOB_START, target, JOB_REPLACE, false, &error, &default_unit_job); - if (r < 0) { - log_error("Failed to start default target: %s", bus_error(&error, r)); + r = manager_add_job(m, JOB_START, target, JOB_ISOLATE, false, &error, &default_unit_job); + if (r == -EPERM) { + log_error("Default target could not be isolated, starting instead: %s", bus_error(&error, r)); + dbus_error_free(&error); + + r = manager_add_job(m, JOB_START, target, JOB_REPLACE, false, &error, &default_unit_job); + if (r < 0) { + log_error("Failed to start default target: %s", bus_error(&error, r)); + dbus_error_free(&error); + goto finish; + } + } else if (r < 0) { + log_error("Failed to isolate default target: %s", bus_error(&error, r)); dbus_error_free(&error); goto finish; } + m->default_unit_job_id = default_unit_job->id; after_startup = now(CLOCK_MONOTONIC);