X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fcore%2Fmain.c;h=f19e432d4a0b75851746cce028fbd261bafc2a61;hp=e094efeb3c5efb4f9a74587b75cb199a3c75061b;hb=543295ad369793bdac510c6c3bf4afae8f1cdab5;hpb=6bae23a0388dd077fee99e83e161d297c3e2b768 diff --git a/src/core/main.c b/src/core/main.c index e094efeb3..f19e432d4 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -52,17 +52,23 @@ #include "switch-root.h" #include "capability.h" #include "killall.h" +#include "env-util.h" +#include "hwclock.h" +#include "sd-daemon.h" +#include "sd-messages.h" #include "mount-setup.h" #include "loopback-setup.h" +#ifdef HAVE_KMOD #include "kmod-setup.h" +#endif #include "hostname-setup.h" #include "machine-id-setup.h" #include "locale-setup.h" -#include "hwclock.h" #include "selinux-setup.h" #include "ima-setup.h" -#include "sd-daemon.h" +#include "fileio.h" +#include "smack-setup.h" static enum { ACTION_RUN, @@ -102,20 +108,21 @@ _noreturn_ static void crash(int sig) { if (!arg_dump_core) log_error("Caught <%s>, not dumping core.", signal_to_string(sig)); else { - struct sigaction sa; + struct sigaction sa = { + .sa_handler = nop_handler, + .sa_flags = SA_NOCLDSTOP|SA_RESTART, + }; pid_t pid; /* We want to wait for the core process, hence let's enable SIGCHLD */ - zero(sa); - sa.sa_handler = nop_handler; - sa.sa_flags = SA_NOCLDSTOP|SA_RESTART; assert_se(sigaction(SIGCHLD, &sa, NULL) == 0); - if ((pid = fork()) < 0) + pid = fork(); + if (pid < 0) log_error("Caught <%s>, cannot fork for core dump: %s", signal_to_string(sig), strerror(errno)); else if (pid == 0) { - struct rlimit rl; + struct rlimit rl = {}; /* Enable default signal handler for core dump */ zero(sa); @@ -123,7 +130,6 @@ _noreturn_ static void crash(int sig) { assert_se(sigaction(sig, &sa, NULL) == 0); /* Don't limit the core dump size */ - zero(rl); rl.rlim_cur = RLIM_INFINITY; rl.rlim_max = RLIM_INFINITY; setrlimit(RLIMIT_CORE, &rl); @@ -142,7 +148,8 @@ _noreturn_ static void crash(int sig) { int r; /* Order things nicely. */ - if ((r = wait_for_terminate(pid, &status)) < 0) + r = wait_for_terminate(pid, &status); + if (r < 0) log_error("Caught <%s>, waitpid() failed: %s", signal_to_string(sig), strerror(-r)); else if (status.si_code != CLD_DUMPED) log_error("Caught <%s>, core dump failed.", signal_to_string(sig)); @@ -155,16 +162,16 @@ _noreturn_ static void crash(int sig) { chvt(arg_crash_chvt); if (arg_crash_shell) { - struct sigaction sa; + struct sigaction sa = { + .sa_handler = SIG_IGN, + .sa_flags = SA_NOCLDSTOP|SA_NOCLDWAIT|SA_RESTART, + }; pid_t pid; log_info("Executing crash shell in 10s..."); sleep(10); /* Let the kernel reap children for us */ - zero(sa); - sa.sa_handler = SIG_IGN; - sa.sa_flags = SA_NOCLDSTOP|SA_NOCLDWAIT|SA_RESTART; assert_se(sigaction(SIGCHLD, &sa, NULL) == 0); pid = fork(); @@ -186,12 +193,10 @@ _noreturn_ static void crash(int sig) { } static void install_crash_handler(void) { - struct sigaction sa; - - zero(sa); - - sa.sa_handler = crash; - sa.sa_flags = SA_NODEFER; + struct sigaction sa = { + .sa_handler = crash, + .sa_flags = SA_NODEFER, + }; sigaction_many(&sa, SIGNALS_CRASH_HANDLER, -1); } @@ -340,7 +345,8 @@ static int parse_proc_cmdline_word(const char *word) { else arg_default_std_error = r; } else if (startswith(word, "systemd.setenv=")) { - char *cenv, *eq; + _cleanup_free_ char *cenv = NULL; + char *eq; int r; cenv = strdup(word + 15); @@ -349,40 +355,58 @@ static int parse_proc_cmdline_word(const char *word) { eq = strchr(cenv, '='); if (!eq) { - r = unsetenv(cenv); - if (r < 0) - log_warning("unsetenv failed %m. Ignoring."); + if (!env_name_is_valid(cenv)) + log_warning("Environment variable name '%s' is not valid. Ignoring.", cenv); + else { + r = unsetenv(cenv); + if (r < 0) + log_warning("Unsetting environment variable '%s' failed, ignoring: %m", cenv); + } } else { - *eq = 0; - r = setenv(cenv, eq + 1, 1); - if (r < 0) - log_warning("setenv failed %m. Ignoring."); + if (!env_assignment_is_valid(cenv)) + log_warning("Environment variable assignment '%s' is not valid. Ignoring.", cenv); + else { + *eq = 0; + r = setenv(cenv, eq + 1, 1); + if (r < 0) + log_warning("Setting environment variable '%s=%s' failed, ignoring: %m", cenv, eq + 1); + } } - free(cenv); } else if (startswith(word, "systemd.") || (in_initrd() && startswith(word, "rd.systemd."))) { - log_warning("Unknown kernel switch %s. Ignoring.", word); - - log_info("Supported kernel switches:\n" - "systemd.unit=UNIT Default unit to start\n" - "rd.systemd.unit=UNIT Default unit to start when run in initrd\n" - "systemd.dump_core=0|1 Dump core on crash\n" - "systemd.crash_shell=0|1 Run shell on crash\n" - "systemd.crash_chvt=N Change to VT #N on crash\n" - "systemd.confirm_spawn=0|1 Confirm every process spawn\n" - "systemd.show_status=0|1 Show status updates on the console during bootup\n" - "systemd.log_target=console|kmsg|journal|journal-or-kmsg|syslog|syslog-or-kmsg|null\n" - " Log target\n" - "systemd.log_level=LEVEL Log level\n" - "systemd.log_color=0|1 Highlight important log messages\n" - "systemd.log_location=0|1 Include code location in log messages\n" - "systemd.default_standard_output=null|tty|syslog|syslog+console|kmsg|kmsg+console|journal|journal+console\n" - " Set default log output for services\n" - "systemd.default_standard_error=null|tty|syslog|syslog+console|kmsg|kmsg+console|journal|journal+console\n" - " Set default log error output for services\n" - "systemd.setenv=ASSIGNMENT Set an environment variable for all spawned processes\n"); + const char *c; + + /* Ignore systemd.journald.xyz and friends */ + c = word; + if (startswith(c, "rd.")) + c += 3; + if (startswith(c, "systemd.")) + c += 8; + if (c[strcspn(c, ".=")] != '.') { + + log_warning("Unknown kernel switch %s. Ignoring.", word); + + log_info("Supported kernel switches:\n" + "systemd.unit=UNIT Default unit to start\n" + "rd.systemd.unit=UNIT Default unit to start when run in initrd\n" + "systemd.dump_core=0|1 Dump core on crash\n" + "systemd.crash_shell=0|1 Run shell on crash\n" + "systemd.crash_chvt=N Change to VT #N on crash\n" + "systemd.confirm_spawn=0|1 Confirm every process spawn\n" + "systemd.show_status=0|1 Show status updates on the console during bootup\n" + "systemd.log_target=console|kmsg|journal|journal-or-kmsg|syslog|syslog-or-kmsg|null\n" + " Log target\n" + "systemd.log_level=LEVEL Log level\n" + "systemd.log_color=0|1 Highlight important log messages\n" + "systemd.log_location=0|1 Include code location in log messages\n" + "systemd.default_standard_output=null|tty|syslog|syslog+console|kmsg|kmsg+console|journal|journal+console\n" + " Set default log output for services\n" + "systemd.default_standard_error=null|tty|syslog|syslog+console|kmsg|kmsg+console|journal|journal+console\n" + " Set default log error output for services\n" + "systemd.setenv=ASSIGNMENT Set an environment variable for all spawned processes\n"); + } } else if (streq(word, "quiet")) arg_show_status = false; @@ -398,87 +422,47 @@ static int parse_proc_cmdline_word(const char *word) { return 0; } -static int config_parse_level2( - const char *filename, - unsigned line, - const char *section, - const char *lvalue, - int ltype, - const char *rvalue, - void *data, - void *userdata) { - - assert(filename); - assert(lvalue); - assert(rvalue); - - log_set_max_level_from_string(rvalue); - return 0; -} - -static int config_parse_target( - const char *filename, - unsigned line, - const char *section, - const char *lvalue, - int ltype, - const char *rvalue, - void *data, - void *userdata) { - - assert(filename); - assert(lvalue); - assert(rvalue); - - log_set_target_from_string(rvalue); - return 0; -} - -static int config_parse_color( - const char *filename, - unsigned line, - const char *section, - const char *lvalue, - int ltype, - const char *rvalue, - void *data, - void *userdata) { +#define DEFINE_SETTER(name, func, descr) \ + static int name(const char *unit, \ + const char *filename, \ + unsigned line, \ + const char *section, \ + const char *lvalue, \ + int ltype, \ + const char *rvalue, \ + void *data, \ + void *userdata) { \ + \ + int r; \ + \ + assert(filename); \ + assert(lvalue); \ + assert(rvalue); \ + \ + r = func(rvalue); \ + if (r < 0) \ + log_syntax(unit, LOG_ERR, filename, line, -r, \ + "Invalid " descr "'%s': %s", \ + rvalue, strerror(-r)); \ + \ + return 0; \ + } - assert(filename); - assert(lvalue); - assert(rvalue); +DEFINE_SETTER(config_parse_level2, log_set_max_level_from_string, "log level") +DEFINE_SETTER(config_parse_target, log_set_target_from_string, "target") +DEFINE_SETTER(config_parse_color, log_show_color_from_string, "color" ) +DEFINE_SETTER(config_parse_location, log_show_location_from_string, "location") - log_show_color_from_string(rvalue); - return 0; -} -static int config_parse_location( - const char *filename, - unsigned line, - const char *section, - const char *lvalue, - int ltype, - const char *rvalue, - void *data, - void *userdata) { - - assert(filename); - assert(lvalue); - assert(rvalue); - - log_show_location_from_string(rvalue); - return 0; -} - -static int config_parse_cpu_affinity2( - const char *filename, - unsigned line, - const char *section, - const char *lvalue, - int ltype, - const char *rvalue, - void *data, - void *userdata) { +static int config_parse_cpu_affinity2(const char *unit, + const char *filename, + unsigned line, + const char *section, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { char *w; size_t l; @@ -506,7 +490,8 @@ static int config_parse_cpu_affinity2( return log_oom(); if (r < 0 || cpu >= ncpus) { - log_error("[%s:%u] Failed to parse CPU affinity: %s", filename, line, rvalue); + log_syntax(unit, LOG_ERR, filename, line, -r, + "Failed to parse CPU affinity '%s'", rvalue); CPU_FREE(c); return -EBADMSG; } @@ -516,7 +501,7 @@ static int config_parse_cpu_affinity2( if (c) { if (sched_setaffinity(0, CPU_ALLOC_SIZE(ncpus), c) < 0) - log_warning("Failed to set CPU affinity: %m"); + log_warning_unit(unit, "Failed to set CPU affinity: %m"); CPU_FREE(c); } @@ -544,15 +529,15 @@ static void free_join_controllers(void) { arg_join_controllers = NULL; } -static int config_parse_join_controllers( - const char *filename, - unsigned line, - const char *section, - const char *lvalue, - int ltype, - const char *rvalue, - void *data, - void *userdata) { +static int config_parse_join_controllers(const char *unit, + const char *filename, + unsigned line, + const char *section, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { unsigned n = 0; char *state, *w; @@ -658,8 +643,8 @@ static int parse_config_file(void) { { "Manager", "DefaultStandardOutput", config_parse_output, 0, &arg_default_std_output }, { "Manager", "DefaultStandardError", config_parse_output, 0, &arg_default_std_error }, { "Manager", "JoinControllers", config_parse_join_controllers, 0, &arg_join_controllers }, - { "Manager", "RuntimeWatchdogSec", config_parse_usec, 0, &arg_runtime_watchdog }, - { "Manager", "ShutdownWatchdogSec", config_parse_usec, 0, &arg_shutdown_watchdog }, + { "Manager", "RuntimeWatchdogSec", config_parse_sec, 0, &arg_runtime_watchdog }, + { "Manager", "ShutdownWatchdogSec", config_parse_sec, 0, &arg_shutdown_watchdog }, { "Manager", "CapabilityBoundingSet", config_parse_bounding_set, 0, &arg_capability_bounding_set_drop }, { "Manager", "TimerSlackNSec", config_parse_nsec, 0, &arg_timer_slack_nsec }, { "Manager", "DefaultLimitCPU", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_CPU]}, @@ -681,7 +666,7 @@ static int parse_config_file(void) { { NULL, NULL, NULL, 0, NULL } }; - FILE *f; + FILE _cleanup_fclose_ *f; const char *fn; int r; @@ -695,17 +680,16 @@ static int parse_config_file(void) { return 0; } - r = config_parse(fn, f, "Manager\0", config_item_table_lookup, (void*) items, false, NULL); + r = config_parse(NULL, fn, f, "Manager\0", config_item_table_lookup, (void*) items, false, NULL); if (r < 0) log_warning("Failed to parse configuration file: %s", strerror(-r)); - fclose(f); - return 0; } static int parse_proc_cmdline(void) { - char *line, *w, *state; + char _cleanup_free_ *line = NULL; + char *w, *state; int r; size_t l; @@ -714,34 +698,27 @@ static int parse_proc_cmdline(void) { if (detect_container(NULL) > 0) return 0; - if ((r = read_one_line_file("/proc/cmdline", &line)) < 0) { + r = read_one_line_file("/proc/cmdline", &line); + if (r < 0) { log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r)); return 0; } FOREACH_WORD_QUOTED(w, l, line, state) { - char *word; + char _cleanup_free_ *word; - if (!(word = strndup(w, l))) { - r = -ENOMEM; - goto finish; - } + word = strndup(w, l); + if (!word) + return log_oom(); r = parse_proc_cmdline_word(word); if (r < 0) { log_error("Failed on cmdline argument %s: %s", word, strerror(-r)); - free(word); - goto finish; + return r; } - - free(word); } - r = 0; - -finish: - free(line); - return r; + return 0; } static int parse_argv(int argc, char *argv[]) { @@ -932,14 +909,18 @@ static int parse_argv(int argc, char *argv[]) { int fd; FILE *f; - if ((r = safe_atoi(optarg, &fd)) < 0 || fd < 0) { + r = safe_atoi(optarg, &fd); + if (r < 0 || fd < 0) { log_error("Failed to parse deserialize option %s.", optarg); - return r; + return r < 0 ? r : -EINVAL; } - if (!(f = fdopen(fd, "r"))) { + fd_cloexec(fd, true); + + f = fdopen(fd, "r"); + if (!f) { log_error("Failed to open serialization fd: %m"); - return r; + return -errno; } if (serialization) @@ -1058,13 +1039,12 @@ static int help(void) { static int version(void) { puts(PACKAGE_STRING); - puts(DISTRIBUTION); puts(SYSTEMD_FEATURES); return 0; } -static int prepare_reexecute(Manager *m, FILE **_f, FDSet **_fds, bool serialize_jobs) { +static int prepare_reexecute(Manager *m, FILE **_f, FDSet **_fds, bool switching_root) { FILE *f = NULL; FDSet *fds = NULL; int r; @@ -1089,7 +1069,7 @@ static int prepare_reexecute(Manager *m, FILE **_f, FDSet **_fds, bool serialize goto fail; } - r = manager_serialize(m, f, fds, serialize_jobs); + r = manager_serialize(m, f, fds, switching_root); if (r < 0) { log_error("Failed to serialize state: %s", strerror(-r)); goto fail; @@ -1283,19 +1263,13 @@ int main(int argc, char *argv[]) { /* Determine if this is a reexecution or normal bootup. We do * the full command line parsing much later, so let's just * have a quick peek here. */ - for (j = 1; j < argc; j++) - if (streq(argv[j], "--deserialize")) { - skip_setup = true; - break; - } + if (strv_find(argv+1, "--deserialize")) + skip_setup = true; /* If we have switched root, do all the special setup * things */ - for (j = 1; j < argc; j++) - if (streq(argv[j], "--switched-root")) { - skip_setup = false; - break; - } + if (strv_find(argv+1, "--switched-root")) + skip_setup = false; /* If we get started via the /sbin/init symlink then we are called 'init'. After a subsequent reexecution we are then @@ -1331,10 +1305,13 @@ int main(int argc, char *argv[]) { } if (!skip_setup) { + mount_setup_early(); if (selinux_setup(&loaded_policy) < 0) goto finish; if (ima_setup() < 0) goto finish; + if (smack_setup() < 0) + goto finish; } if (label_init(NULL) < 0) @@ -1350,8 +1327,15 @@ int main(int argc, char *argv[]) { log_error("Failed to apply local time delta, ignoring: %s", strerror(-r)); else log_info("RTC configured in localtime, applying delta of %i minutes to system time.", min); - } else { - /* Do dummy first-time call to seal the kernel's time warp magic */ + } else if (!in_initrd()) { + /* + * Do dummy first-time call to seal the kernel's time warp magic + * + * Do not call this this from inside the initrd. The initrd might not + * carry /etc/adjtime with LOCAL, but the real system could be set up + * that way. In such case, we need to delay the time-warp or the sealing + * until we reach the real system. + */ hwclock_reset_timezone(); /* Tell the kernel our time zone */ @@ -1400,7 +1384,7 @@ int main(int argc, char *argv[]) { /* Mount /proc, /sys and friends, so that /proc/cmdline and * /proc/$PID/fd is available. */ - if (geteuid() == 0 && !getenv("SYSTEMD_SKIP_API_MOUNTS")) { + if (getpid() == 1) { r = mount_setup(loaded_policy); if (r < 0) goto finish; @@ -1465,16 +1449,15 @@ int main(int argc, char *argv[]) { log_close(); /* Remember open file descriptors for later deserialization */ - if (serialization) { - r = fdset_new_fill(&fds); - if (r < 0) { - log_error("Failed to allocate fd set: %s", strerror(-r)); - goto finish; - } + r = fdset_new_fill(&fds); + if (r < 0) { + log_error("Failed to allocate fd set: %s", strerror(-r)); + goto finish; + } else + fdset_cloexec(fds, true); + if (serialization) assert_se(fdset_remove(fds, fileno(serialization)) >= 0); - } else - close_all_fds(NULL, 0); /* Set up PATH unless it is already set */ setenv("PATH", @@ -1509,6 +1492,12 @@ int main(int argc, char *argv[]) { unsetenv("USER"); unsetenv("LOGNAME"); + /* We suppress the socket activation env vars, as + * we'll try to match *any* open fd to units if + * possible. */ + unsetenv("LISTEN_FDS"); + unsetenv("LISTEN_PID"); + /* All other variables are left as is, so that clients * can still read them via /proc/1/environ */ } @@ -1537,10 +1526,9 @@ int main(int argc, char *argv[]) { /* Make sure we leave a core dump without panicing the * kernel. */ - if (getpid() == 1) + if (getpid() == 1) { install_crash_handler(); - if (geteuid() == 0 && !getenv("SYSTEMD_SKIP_API_MOUNTS")) { r = mount_cgroup_controllers(arg_join_controllers); if (r < 0) goto finish; @@ -1549,7 +1537,7 @@ int main(int argc, char *argv[]) { if (arg_running_as == SYSTEMD_SYSTEM) { const char *virtualization = NULL; - log_info(PACKAGE_STRING " running in system mode. (" SYSTEMD_FEATURES "; " DISTRIBUTION ")"); + log_info(PACKAGE_STRING " running in system mode. (" SYSTEMD_FEATURES ")"); detect_virtualization(&virtualization); if (virtualization) @@ -1559,7 +1547,7 @@ int main(int argc, char *argv[]) { log_info("Running in initial RAM disk."); } else - log_debug(PACKAGE_STRING " running in user mode. (" SYSTEMD_FEATURES "; " DISTRIBUTION ")"); + log_debug(PACKAGE_STRING " running in user mode. (" SYSTEMD_FEATURES ")"); if (arg_running_as == SYSTEMD_SYSTEM && !skip_setup) { locale_setup(); @@ -1567,7 +1555,9 @@ int main(int argc, char *argv[]) { if (arg_show_status || plymouth_running()) status_welcome(); +#ifdef HAVE_KMOD kmod_setup(); +#endif hostname_setup(); machine_id_setup(); loopback_setup(); @@ -1642,10 +1632,7 @@ int main(int argc, char *argv[]) { /* This will close all file descriptors that were opened, but * not claimed by any unit. */ - if (fds) { - fdset_free(fds); - fds = NULL; - } + fdset_free(fds); if (serialization) { fclose(serialization); @@ -1694,18 +1681,29 @@ int main(int argc, char *argv[]) { manager_dump_units(m, stdout, "\t"); } - r = manager_add_job(m, JOB_START, target, JOB_REPLACE, false, &error, &default_unit_job); - if (r < 0) { - log_error("Failed to start default target: %s", bus_error(&error, r)); + r = manager_add_job(m, JOB_START, target, JOB_ISOLATE, false, &error, &default_unit_job); + if (r == -EPERM) { + log_error("Default target could not be isolated, starting instead: %s", bus_error(&error, r)); + dbus_error_free(&error); + + r = manager_add_job(m, JOB_START, target, JOB_REPLACE, false, &error, &default_unit_job); + if (r < 0) { + log_error("Failed to start default target: %s", bus_error(&error, r)); + dbus_error_free(&error); + goto finish; + } + } else if (r < 0) { + log_error("Failed to isolate default target: %s", bus_error(&error, r)); dbus_error_free(&error); goto finish; } + m->default_unit_job_id = default_unit_job->id; after_startup = now(CLOCK_MONOTONIC); log_full(arg_action == ACTION_TEST ? LOG_INFO : LOG_DEBUG, "Loaded units and determined initial transaction in %s.", - format_timespan(timespan, sizeof(timespan), after_startup - before_startup)); + format_timespan(timespan, sizeof(timespan), after_startup - before_startup, 0)); if (arg_action == ACTION_TEST) { printf("-> By jobs:\n"); @@ -1738,7 +1736,7 @@ int main(int argc, char *argv[]) { case MANAGER_REEXECUTE: - if (prepare_reexecute(m, &serialization, &fds, true) < 0) + if (prepare_reexecute(m, &serialization, &fds, false) < 0) goto finish; reexecute = true; @@ -1752,7 +1750,7 @@ int main(int argc, char *argv[]) { m->switch_root = m->switch_root_init = NULL; if (!switch_root_init) - if (prepare_reexecute(m, &serialization, &fds, false) < 0) + if (prepare_reexecute(m, &serialization, &fds, true) < 0) goto finish; reexecute = true;