1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
32 #include <sys/resource.h>
33 #include <linux/sched.h>
34 #include <sys/types.h>
38 #include <sys/ioctl.h>
40 #include <linux/tiocl.h>
45 #include <sys/prctl.h>
46 #include <sys/utsname.h>
48 #include <netinet/ip.h>
56 #include <sys/mount.h>
57 #include <linux/magic.h>
61 #include <sys/personality.h>
62 #include <sys/xattr.h>
63 #include <sys/statvfs.h>
67 /* When we include libgen.h because we need dirname() we immediately
68 * undefine basename() since libgen.h defines it as a macro to the XDG
69 * version which is really broken. */
73 #ifdef HAVE_SYS_AUXV_H
85 #include "path-util.h"
86 #include "exit-status.h"
90 #include "device-nodes.h"
95 #include "sparse-endian.h"
98 char **saved_argv = NULL;
100 static volatile unsigned cached_columns = 0;
101 static volatile unsigned cached_lines = 0;
103 size_t page_size(void) {
104 static thread_local size_t pgsz = 0;
107 if (_likely_(pgsz > 0))
110 r = sysconf(_SC_PAGESIZE);
117 bool streq_ptr(const char *a, const char *b) {
119 /* Like streq(), but tries to make sense of NULL pointers */
130 char* endswith(const char *s, const char *postfix) {
137 pl = strlen(postfix);
140 return (char*) s + sl;
145 if (memcmp(s + sl - pl, postfix, pl) != 0)
148 return (char*) s + sl - pl;
151 char* first_word(const char *s, const char *word) {
158 /* Checks if the string starts with the specified word, either
159 * followed by NUL or by whitespace. Returns a pointer to the
160 * NUL or the first character after the whitespace. */
171 if (memcmp(s, word, wl) != 0)
178 if (!strchr(WHITESPACE, *p))
181 p += strspn(p, WHITESPACE);
185 static size_t cescape_char(char c, char *buf) {
186 char * buf_old = buf;
232 /* For special chars we prefer octal over
233 * hexadecimal encoding, simply because glib's
234 * g_strescape() does the same */
235 if ((c < ' ') || (c >= 127)) {
237 *(buf++) = octchar((unsigned char) c >> 6);
238 *(buf++) = octchar((unsigned char) c >> 3);
239 *(buf++) = octchar((unsigned char) c);
245 return buf - buf_old;
248 int close_nointr(int fd) {
255 * Just ignore EINTR; a retry loop is the wrong thing to do on
258 * http://lkml.indiana.edu/hypermail/linux/kernel/0509.1/0877.html
259 * https://bugzilla.gnome.org/show_bug.cgi?id=682819
260 * http://utcc.utoronto.ca/~cks/space/blog/unix/CloseEINTR
261 * https://sites.google.com/site/michaelsafyan/software-engineering/checkforeintrwheninvokingclosethinkagain
269 int safe_close(int fd) {
272 * Like close_nointr() but cannot fail. Guarantees errno is
273 * unchanged. Is a NOP with negative fds passed, and returns
274 * -1, so that it can be used in this syntax:
276 * fd = safe_close(fd);
282 /* The kernel might return pretty much any error code
283 * via close(), but the fd will be closed anyway. The
284 * only condition we want to check for here is whether
285 * the fd was invalid at all... */
287 assert_se(close_nointr(fd) != -EBADF);
293 void close_many(const int fds[], unsigned n_fd) {
296 assert(fds || n_fd <= 0);
298 for (i = 0; i < n_fd; i++)
302 int unlink_noerrno(const char *path) {
313 int parse_boolean(const char *v) {
316 if (streq(v, "1") || strcaseeq(v, "yes") || strcaseeq(v, "y") || strcaseeq(v, "true") || strcaseeq(v, "t") || strcaseeq(v, "on"))
318 else if (streq(v, "0") || strcaseeq(v, "no") || strcaseeq(v, "n") || strcaseeq(v, "false") || strcaseeq(v, "f") || strcaseeq(v, "off"))
324 int parse_pid(const char *s, pid_t* ret_pid) {
325 unsigned long ul = 0;
332 r = safe_atolu(s, &ul);
338 if ((unsigned long) pid != ul)
348 int parse_uid(const char *s, uid_t* ret_uid) {
349 unsigned long ul = 0;
356 r = safe_atolu(s, &ul);
362 if ((unsigned long) uid != ul)
365 /* Some libc APIs use UID_INVALID as special placeholder */
366 if (uid == (uid_t) 0xFFFFFFFF)
369 /* A long time ago UIDs where 16bit, hence explicitly avoid the 16bit -1 too */
370 if (uid == (uid_t) 0xFFFF)
377 int safe_atou(const char *s, unsigned *ret_u) {
385 l = strtoul(s, &x, 0);
387 if (!x || x == s || *x || errno)
388 return errno > 0 ? -errno : -EINVAL;
390 if ((unsigned long) (unsigned) l != l)
393 *ret_u = (unsigned) l;
397 int safe_atoi(const char *s, int *ret_i) {
405 l = strtol(s, &x, 0);
407 if (!x || x == s || *x || errno)
408 return errno > 0 ? -errno : -EINVAL;
410 if ((long) (int) l != l)
417 int safe_atou8(const char *s, uint8_t *ret) {
425 l = strtoul(s, &x, 0);
427 if (!x || x == s || *x || errno)
428 return errno > 0 ? -errno : -EINVAL;
430 if ((unsigned long) (uint8_t) l != l)
437 int safe_atou16(const char *s, uint16_t *ret) {
445 l = strtoul(s, &x, 0);
447 if (!x || x == s || *x || errno)
448 return errno > 0 ? -errno : -EINVAL;
450 if ((unsigned long) (uint16_t) l != l)
457 int safe_atoi16(const char *s, int16_t *ret) {
465 l = strtol(s, &x, 0);
467 if (!x || x == s || *x || errno)
468 return errno > 0 ? -errno : -EINVAL;
470 if ((long) (int16_t) l != l)
477 int safe_atollu(const char *s, long long unsigned *ret_llu) {
479 unsigned long long l;
485 l = strtoull(s, &x, 0);
487 if (!x || x == s || *x || errno)
488 return errno ? -errno : -EINVAL;
494 int safe_atolli(const char *s, long long int *ret_lli) {
502 l = strtoll(s, &x, 0);
504 if (!x || x == s || *x || errno)
505 return errno ? -errno : -EINVAL;
511 int safe_atod(const char *s, double *ret_d) {
519 loc = newlocale(LC_NUMERIC_MASK, "C", (locale_t) 0);
520 if (loc == (locale_t) 0)
524 d = strtod_l(s, &x, loc);
526 if (!x || x == s || *x || errno) {
528 return errno ? -errno : -EINVAL;
536 static size_t strcspn_escaped(const char *s, const char *reject) {
537 bool escaped = false;
540 for (n=0; s[n]; n++) {
543 else if (s[n] == '\\')
545 else if (strchr(reject, s[n]))
549 /* if s ends in \, return index of previous char */
553 /* Split a string into words. */
554 const char* split(const char **state, size_t *l, const char *separator, bool quoted) {
560 assert(**state == '\0');
564 current += strspn(current, separator);
570 if (quoted && strchr("\'\"", *current)) {
571 char quotechars[2] = {*current, '\0'};
573 *l = strcspn_escaped(current + 1, quotechars);
574 if (current[*l + 1] == '\0' ||
575 (current[*l + 2] && !strchr(separator, current[*l + 2]))) {
576 /* right quote missing or garbage at the end */
580 assert(current[*l + 1] == quotechars[0]);
581 *state = current++ + *l + 2;
583 *l = strcspn_escaped(current, separator);
584 if (current[*l] && !strchr(separator, current[*l])) {
585 /* unfinished escape */
589 *state = current + *l;
591 *l = strcspn(current, separator);
592 *state = current + *l;
598 int get_parent_of_pid(pid_t pid, pid_t *_ppid) {
600 _cleanup_free_ char *line = NULL;
612 p = procfs_file_alloca(pid, "stat");
613 r = read_one_line_file(p, &line);
617 /* Let's skip the pid and comm fields. The latter is enclosed
618 * in () but does not escape any () in its value, so let's
619 * skip over it manually */
621 p = strrchr(line, ')');
633 if ((long unsigned) (pid_t) ppid != ppid)
636 *_ppid = (pid_t) ppid;
641 int fchmod_umask(int fd, mode_t m) {
646 r = fchmod(fd, m & (~u)) < 0 ? -errno : 0;
652 char *truncate_nl(char *s) {
655 s[strcspn(s, NEWLINE)] = 0;
659 int get_process_state(pid_t pid) {
663 _cleanup_free_ char *line = NULL;
667 p = procfs_file_alloca(pid, "stat");
668 r = read_one_line_file(p, &line);
672 p = strrchr(line, ')');
678 if (sscanf(p, " %c", &state) != 1)
681 return (unsigned char) state;
684 int get_process_comm(pid_t pid, char **name) {
691 p = procfs_file_alloca(pid, "comm");
693 r = read_one_line_file(p, name);
700 int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char **line) {
701 _cleanup_fclose_ FILE *f = NULL;
709 p = procfs_file_alloca(pid, "cmdline");
715 if (max_length == 0) {
716 size_t len = 0, allocated = 0;
718 while ((c = getc(f)) != EOF) {
720 if (!GREEDY_REALLOC(r, allocated, len+2)) {
725 r[len++] = isprint(c) ? c : ' ';
735 r = new(char, max_length);
741 while ((c = getc(f)) != EOF) {
763 size_t n = MIN(left-1, 3U);
770 /* Kernel threads have no argv[] */
772 _cleanup_free_ char *t = NULL;
780 h = get_process_comm(pid, &t);
784 r = strjoin("[", t, "]", NULL);
793 int is_kernel_thread(pid_t pid) {
805 p = procfs_file_alloca(pid, "cmdline");
810 count = fread(&c, 1, 1, f);
814 /* Kernel threads have an empty cmdline */
817 return eof ? 1 : -errno;
822 int get_process_capeff(pid_t pid, char **capeff) {
828 p = procfs_file_alloca(pid, "status");
830 return get_status_field(p, "\nCapEff:", capeff);
833 static int get_process_link_contents(const char *proc_file, char **name) {
839 r = readlink_malloc(proc_file, name);
841 return r == -ENOENT ? -ESRCH : r;
846 int get_process_exe(pid_t pid, char **name) {
853 p = procfs_file_alloca(pid, "exe");
854 r = get_process_link_contents(p, name);
858 d = endswith(*name, " (deleted)");
865 static int get_process_id(pid_t pid, const char *field, uid_t *uid) {
866 _cleanup_fclose_ FILE *f = NULL;
876 p = procfs_file_alloca(pid, "status");
881 FOREACH_LINE(line, f, return -errno) {
886 if (startswith(l, field)) {
888 l += strspn(l, WHITESPACE);
890 l[strcspn(l, WHITESPACE)] = 0;
892 return parse_uid(l, uid);
899 int get_process_uid(pid_t pid, uid_t *uid) {
900 return get_process_id(pid, "Uid:", uid);
903 int get_process_gid(pid_t pid, gid_t *gid) {
904 assert_cc(sizeof(uid_t) == sizeof(gid_t));
905 return get_process_id(pid, "Gid:", gid);
908 int get_process_cwd(pid_t pid, char **cwd) {
913 p = procfs_file_alloca(pid, "cwd");
915 return get_process_link_contents(p, cwd);
918 int get_process_root(pid_t pid, char **root) {
923 p = procfs_file_alloca(pid, "root");
925 return get_process_link_contents(p, root);
928 int get_process_environ(pid_t pid, char **env) {
929 _cleanup_fclose_ FILE *f = NULL;
930 _cleanup_free_ char *outcome = NULL;
933 size_t allocated = 0, sz = 0;
938 p = procfs_file_alloca(pid, "environ");
944 while ((c = fgetc(f)) != EOF) {
945 if (!GREEDY_REALLOC(outcome, allocated, sz + 5))
949 outcome[sz++] = '\n';
951 sz += cescape_char(c, outcome + sz);
961 char *strnappend(const char *s, const char *suffix, size_t b) {
969 return strndup(suffix, b);
978 if (b > ((size_t) -1) - a)
981 r = new(char, a+b+1);
986 memcpy(r+a, suffix, b);
992 char *strappend(const char *s, const char *suffix) {
993 return strnappend(s, suffix, suffix ? strlen(suffix) : 0);
996 int readlinkat_malloc(int fd, const char *p, char **ret) {
1011 n = readlinkat(fd, p, c, l-1);
1018 if ((size_t) n < l-1) {
1029 int readlink_malloc(const char *p, char **ret) {
1030 return readlinkat_malloc(AT_FDCWD, p, ret);
1033 int readlink_value(const char *p, char **ret) {
1034 _cleanup_free_ char *link = NULL;
1038 r = readlink_malloc(p, &link);
1042 value = basename(link);
1046 value = strdup(value);
1055 int readlink_and_make_absolute(const char *p, char **r) {
1056 _cleanup_free_ char *target = NULL;
1063 j = readlink_malloc(p, &target);
1067 k = file_in_same_dir(p, target);
1075 int readlink_and_canonicalize(const char *p, char **r) {
1082 j = readlink_and_make_absolute(p, &t);
1086 s = canonicalize_file_name(t);
1093 path_kill_slashes(*r);
1098 int reset_all_signal_handlers(void) {
1101 for (sig = 1; sig < _NSIG; sig++) {
1102 struct sigaction sa = {
1103 .sa_handler = SIG_DFL,
1104 .sa_flags = SA_RESTART,
1107 /* These two cannot be caught... */
1108 if (sig == SIGKILL || sig == SIGSTOP)
1111 /* On Linux the first two RT signals are reserved by
1112 * glibc, and sigaction() will return EINVAL for them. */
1113 if ((sigaction(sig, &sa, NULL) < 0))
1114 if (errno != EINVAL && r == 0)
1121 int reset_signal_mask(void) {
1124 if (sigemptyset(&ss) < 0)
1127 if (sigprocmask(SIG_SETMASK, &ss, NULL) < 0)
1133 char *strstrip(char *s) {
1136 /* Drops trailing whitespace. Modifies the string in
1137 * place. Returns pointer to first non-space character */
1139 s += strspn(s, WHITESPACE);
1141 for (e = strchr(s, 0); e > s; e --)
1142 if (!strchr(WHITESPACE, e[-1]))
1150 char *delete_chars(char *s, const char *bad) {
1153 /* Drops all whitespace, regardless where in the string */
1155 for (f = s, t = s; *f; f++) {
1156 if (strchr(bad, *f))
1167 char *file_in_same_dir(const char *path, const char *filename) {
1174 /* This removes the last component of path and appends
1175 * filename, unless the latter is absolute anyway or the
1178 if (path_is_absolute(filename))
1179 return strdup(filename);
1181 e = strrchr(path, '/');
1183 return strdup(filename);
1185 k = strlen(filename);
1186 ret = new(char, (e + 1 - path) + k + 1);
1190 memcpy(mempcpy(ret, path, e + 1 - path), filename, k + 1);
1194 int rmdir_parents(const char *path, const char *stop) {
1203 /* Skip trailing slashes */
1204 while (l > 0 && path[l-1] == '/')
1210 /* Skip last component */
1211 while (l > 0 && path[l-1] != '/')
1214 /* Skip trailing slashes */
1215 while (l > 0 && path[l-1] == '/')
1221 if (!(t = strndup(path, l)))
1224 if (path_startswith(stop, t)) {
1233 if (errno != ENOENT)
1240 char hexchar(int x) {
1241 static const char table[16] = "0123456789abcdef";
1243 return table[x & 15];
1246 int unhexchar(char c) {
1248 if (c >= '0' && c <= '9')
1251 if (c >= 'a' && c <= 'f')
1252 return c - 'a' + 10;
1254 if (c >= 'A' && c <= 'F')
1255 return c - 'A' + 10;
1260 char *hexmem(const void *p, size_t l) {
1264 z = r = malloc(l * 2 + 1);
1268 for (x = p; x < (const uint8_t*) p + l; x++) {
1269 *(z++) = hexchar(*x >> 4);
1270 *(z++) = hexchar(*x & 15);
1277 void *unhexmem(const char *p, size_t l) {
1283 z = r = malloc((l + 1) / 2 + 1);
1287 for (x = p; x < p + l; x += 2) {
1290 a = unhexchar(x[0]);
1292 b = unhexchar(x[1]);
1296 *(z++) = (uint8_t) a << 4 | (uint8_t) b;
1303 char octchar(int x) {
1304 return '0' + (x & 7);
1307 int unoctchar(char c) {
1309 if (c >= '0' && c <= '7')
1315 char decchar(int x) {
1316 return '0' + (x % 10);
1319 int undecchar(char c) {
1321 if (c >= '0' && c <= '9')
1327 char *cescape(const char *s) {
1333 /* Does C style string escaping. */
1335 r = new(char, strlen(s)*4 + 1);
1339 for (f = s, t = r; *f; f++)
1340 t += cescape_char(*f, t);
1347 char *cunescape_length_with_prefix(const char *s, size_t length, const char *prefix) {
1354 /* Undoes C style string escaping, and optionally prefixes it. */
1356 pl = prefix ? strlen(prefix) : 0;
1358 r = new(char, pl+length+1);
1363 memcpy(r, prefix, pl);
1365 for (f = s, t = r + pl; f < s + length; f++) {
1366 size_t remaining = s + length - f;
1367 assert(remaining > 0);
1369 if (*f != '\\') { /* a literal literal */
1374 if (--remaining == 0) { /* copy trailing backslash verbatim */
1415 /* This is an extension of the XDG syntax files */
1420 /* hexadecimal encoding */
1423 if (remaining >= 2) {
1424 a = unhexchar(f[1]);
1425 b = unhexchar(f[2]);
1428 if (a < 0 || b < 0 || (a == 0 && b == 0)) {
1429 /* Invalid escape code, let's take it literal then */
1433 *(t++) = (char) ((a << 4) | b);
1448 /* octal encoding */
1449 int a = -1, b = -1, c = -1;
1451 if (remaining >= 3) {
1452 a = unoctchar(f[0]);
1453 b = unoctchar(f[1]);
1454 c = unoctchar(f[2]);
1457 if (a < 0 || b < 0 || c < 0 || (a == 0 && b == 0 && c == 0)) {
1458 /* Invalid escape code, let's take it literal then */
1462 *(t++) = (char) ((a << 6) | (b << 3) | c);
1470 /* Invalid escape code, let's take it literal then */
1481 char *cunescape_length(const char *s, size_t length) {
1482 return cunescape_length_with_prefix(s, length, NULL);
1485 char *cunescape(const char *s) {
1488 return cunescape_length(s, strlen(s));
1491 char *xescape(const char *s, const char *bad) {
1495 /* Escapes all chars in bad, in addition to \ and all special
1496 * chars, in \xFF style escaping. May be reversed with
1499 r = new(char, strlen(s) * 4 + 1);
1503 for (f = s, t = r; *f; f++) {
1505 if ((*f < ' ') || (*f >= 127) ||
1506 (*f == '\\') || strchr(bad, *f)) {
1509 *(t++) = hexchar(*f >> 4);
1510 *(t++) = hexchar(*f);
1520 char *ascii_strlower(char *t) {
1525 for (p = t; *p; p++)
1526 if (*p >= 'A' && *p <= 'Z')
1527 *p = *p - 'A' + 'a';
1532 _pure_ static bool hidden_file_allow_backup(const char *filename) {
1536 filename[0] == '.' ||
1537 streq(filename, "lost+found") ||
1538 streq(filename, "aquota.user") ||
1539 streq(filename, "aquota.group") ||
1540 endswith(filename, ".rpmnew") ||
1541 endswith(filename, ".rpmsave") ||
1542 endswith(filename, ".rpmorig") ||
1543 endswith(filename, ".dpkg-old") ||
1544 endswith(filename, ".dpkg-new") ||
1545 endswith(filename, ".dpkg-tmp") ||
1546 endswith(filename, ".dpkg-dist") ||
1547 endswith(filename, ".dpkg-bak") ||
1548 endswith(filename, ".dpkg-backup") ||
1549 endswith(filename, ".dpkg-remove") ||
1550 endswith(filename, ".swp");
1553 bool hidden_file(const char *filename) {
1556 if (endswith(filename, "~"))
1559 return hidden_file_allow_backup(filename);
1562 int fd_nonblock(int fd, bool nonblock) {
1567 flags = fcntl(fd, F_GETFL, 0);
1572 nflags = flags | O_NONBLOCK;
1574 nflags = flags & ~O_NONBLOCK;
1576 if (nflags == flags)
1579 if (fcntl(fd, F_SETFL, nflags) < 0)
1585 int fd_cloexec(int fd, bool cloexec) {
1590 flags = fcntl(fd, F_GETFD, 0);
1595 nflags = flags | FD_CLOEXEC;
1597 nflags = flags & ~FD_CLOEXEC;
1599 if (nflags == flags)
1602 if (fcntl(fd, F_SETFD, nflags) < 0)
1608 _pure_ static bool fd_in_set(int fd, const int fdset[], unsigned n_fdset) {
1611 assert(n_fdset == 0 || fdset);
1613 for (i = 0; i < n_fdset; i++)
1620 int close_all_fds(const int except[], unsigned n_except) {
1621 _cleanup_closedir_ DIR *d = NULL;
1625 assert(n_except == 0 || except);
1627 d = opendir("/proc/self/fd");
1632 /* When /proc isn't available (for example in chroots)
1633 * the fallback is brute forcing through the fd
1636 assert_se(getrlimit(RLIMIT_NOFILE, &rl) >= 0);
1637 for (fd = 3; fd < (int) rl.rlim_max; fd ++) {
1639 if (fd_in_set(fd, except, n_except))
1642 if (close_nointr(fd) < 0)
1643 if (errno != EBADF && r == 0)
1650 while ((de = readdir(d))) {
1653 if (hidden_file(de->d_name))
1656 if (safe_atoi(de->d_name, &fd) < 0)
1657 /* Let's better ignore this, just in case */
1666 if (fd_in_set(fd, except, n_except))
1669 if (close_nointr(fd) < 0) {
1670 /* Valgrind has its own FD and doesn't want to have it closed */
1671 if (errno != EBADF && r == 0)
1679 bool chars_intersect(const char *a, const char *b) {
1682 /* Returns true if any of the chars in a are in b. */
1683 for (p = a; *p; p++)
1690 bool fstype_is_network(const char *fstype) {
1691 static const char table[] =
1706 x = startswith(fstype, "fuse.");
1710 return nulstr_contains(table, fstype);
1714 _cleanup_close_ int fd;
1716 fd = open_terminal("/dev/tty0", O_RDWR|O_NOCTTY|O_CLOEXEC);
1722 TIOCL_GETKMSGREDIRECT,
1726 if (ioctl(fd, TIOCLINUX, tiocl) < 0)
1729 vt = tiocl[0] <= 0 ? 1 : tiocl[0];
1732 if (ioctl(fd, VT_ACTIVATE, vt) < 0)
1738 int read_one_char(FILE *f, char *ret, usec_t t, bool *need_nl) {
1739 struct termios old_termios, new_termios;
1740 char c, line[LINE_MAX];
1745 if (tcgetattr(fileno(f), &old_termios) >= 0) {
1746 new_termios = old_termios;
1748 new_termios.c_lflag &= ~ICANON;
1749 new_termios.c_cc[VMIN] = 1;
1750 new_termios.c_cc[VTIME] = 0;
1752 if (tcsetattr(fileno(f), TCSADRAIN, &new_termios) >= 0) {
1755 if (t != USEC_INFINITY) {
1756 if (fd_wait_for_event(fileno(f), POLLIN, t) <= 0) {
1757 tcsetattr(fileno(f), TCSADRAIN, &old_termios);
1762 k = fread(&c, 1, 1, f);
1764 tcsetattr(fileno(f), TCSADRAIN, &old_termios);
1770 *need_nl = c != '\n';
1777 if (t != USEC_INFINITY) {
1778 if (fd_wait_for_event(fileno(f), POLLIN, t) <= 0)
1783 if (!fgets(line, sizeof(line), f))
1784 return errno ? -errno : -EIO;
1788 if (strlen(line) != 1)
1798 int ask_char(char *ret, const char *replies, const char *text, ...) {
1808 bool need_nl = true;
1811 fputs(ANSI_HIGHLIGHT_ON, stdout);
1818 fputs(ANSI_HIGHLIGHT_OFF, stdout);
1822 r = read_one_char(stdin, &c, USEC_INFINITY, &need_nl);
1825 if (r == -EBADMSG) {
1826 puts("Bad input, please try again.");
1837 if (strchr(replies, c)) {
1842 puts("Read unexpected character, please try again.");
1846 int ask_string(char **ret, const char *text, ...) {
1851 char line[LINE_MAX];
1855 fputs(ANSI_HIGHLIGHT_ON, stdout);
1862 fputs(ANSI_HIGHLIGHT_OFF, stdout);
1867 if (!fgets(line, sizeof(line), stdin))
1868 return errno ? -errno : -EIO;
1870 if (!endswith(line, "\n"))
1889 int reset_terminal_fd(int fd, bool switch_to_text) {
1890 struct termios termios;
1893 /* Set terminal to some sane defaults */
1897 /* We leave locked terminal attributes untouched, so that
1898 * Plymouth may set whatever it wants to set, and we don't
1899 * interfere with that. */
1901 /* Disable exclusive mode, just in case */
1902 ioctl(fd, TIOCNXCL);
1904 /* Switch to text mode */
1906 ioctl(fd, KDSETMODE, KD_TEXT);
1908 /* Enable console unicode mode */
1909 ioctl(fd, KDSKBMODE, K_UNICODE);
1911 if (tcgetattr(fd, &termios) < 0) {
1916 /* We only reset the stuff that matters to the software. How
1917 * hardware is set up we don't touch assuming that somebody
1918 * else will do that for us */
1920 termios.c_iflag &= ~(IGNBRK | BRKINT | ISTRIP | INLCR | IGNCR | IUCLC);
1921 termios.c_iflag |= ICRNL | IMAXBEL | IUTF8;
1922 termios.c_oflag |= ONLCR;
1923 termios.c_cflag |= CREAD;
1924 termios.c_lflag = ISIG | ICANON | IEXTEN | ECHO | ECHOE | ECHOK | ECHOCTL | ECHOPRT | ECHOKE;
1926 termios.c_cc[VINTR] = 03; /* ^C */
1927 termios.c_cc[VQUIT] = 034; /* ^\ */
1928 termios.c_cc[VERASE] = 0177;
1929 termios.c_cc[VKILL] = 025; /* ^X */
1930 termios.c_cc[VEOF] = 04; /* ^D */
1931 termios.c_cc[VSTART] = 021; /* ^Q */
1932 termios.c_cc[VSTOP] = 023; /* ^S */
1933 termios.c_cc[VSUSP] = 032; /* ^Z */
1934 termios.c_cc[VLNEXT] = 026; /* ^V */
1935 termios.c_cc[VWERASE] = 027; /* ^W */
1936 termios.c_cc[VREPRINT] = 022; /* ^R */
1937 termios.c_cc[VEOL] = 0;
1938 termios.c_cc[VEOL2] = 0;
1940 termios.c_cc[VTIME] = 0;
1941 termios.c_cc[VMIN] = 1;
1943 if (tcsetattr(fd, TCSANOW, &termios) < 0)
1947 /* Just in case, flush all crap out */
1948 tcflush(fd, TCIOFLUSH);
1953 int reset_terminal(const char *name) {
1954 _cleanup_close_ int fd = -1;
1956 fd = open_terminal(name, O_RDWR|O_NOCTTY|O_CLOEXEC);
1960 return reset_terminal_fd(fd, true);
1963 int open_terminal(const char *name, int mode) {
1968 * If a TTY is in the process of being closed opening it might
1969 * cause EIO. This is horribly awful, but unlikely to be
1970 * changed in the kernel. Hence we work around this problem by
1971 * retrying a couple of times.
1973 * https://bugs.launchpad.net/ubuntu/+source/linux/+bug/554172/comments/245
1976 assert(!(mode & O_CREAT));
1979 fd = open(name, mode, 0);
1986 /* Max 1s in total */
1990 usleep(50 * USEC_PER_MSEC);
2008 int flush_fd(int fd) {
2009 struct pollfd pollfd = {
2019 r = poll(&pollfd, 1, 0);
2029 l = read(fd, buf, sizeof(buf));
2035 if (errno == EAGAIN)
2044 int acquire_terminal(
2048 bool ignore_tiocstty_eperm,
2051 int fd = -1, notify = -1, r = 0, wd = -1;
2056 /* We use inotify to be notified when the tty is closed. We
2057 * create the watch before checking if we can actually acquire
2058 * it, so that we don't lose any event.
2060 * Note: strictly speaking this actually watches for the
2061 * device being closed, it does *not* really watch whether a
2062 * tty loses its controlling process. However, unless some
2063 * rogue process uses TIOCNOTTY on /dev/tty *after* closing
2064 * its tty otherwise this will not become a problem. As long
2065 * as the administrator makes sure not configure any service
2066 * on the same tty as an untrusted user this should not be a
2067 * problem. (Which he probably should not do anyway.) */
2069 if (timeout != USEC_INFINITY)
2070 ts = now(CLOCK_MONOTONIC);
2072 if (!fail && !force) {
2073 notify = inotify_init1(IN_CLOEXEC | (timeout != USEC_INFINITY ? IN_NONBLOCK : 0));
2079 wd = inotify_add_watch(notify, name, IN_CLOSE);
2087 struct sigaction sa_old, sa_new = {
2088 .sa_handler = SIG_IGN,
2089 .sa_flags = SA_RESTART,
2093 r = flush_fd(notify);
2098 /* We pass here O_NOCTTY only so that we can check the return
2099 * value TIOCSCTTY and have a reliable way to figure out if we
2100 * successfully became the controlling process of the tty */
2101 fd = open_terminal(name, O_RDWR|O_NOCTTY|O_CLOEXEC);
2105 /* Temporarily ignore SIGHUP, so that we don't get SIGHUP'ed
2106 * if we already own the tty. */
2107 assert_se(sigaction(SIGHUP, &sa_new, &sa_old) == 0);
2109 /* First, try to get the tty */
2110 if (ioctl(fd, TIOCSCTTY, force) < 0)
2113 assert_se(sigaction(SIGHUP, &sa_old, NULL) == 0);
2115 /* Sometimes it makes sense to ignore TIOCSCTTY
2116 * returning EPERM, i.e. when very likely we already
2117 * are have this controlling terminal. */
2118 if (r < 0 && r == -EPERM && ignore_tiocstty_eperm)
2121 if (r < 0 && (force || fail || r != -EPERM)) {
2130 assert(notify >= 0);
2133 union inotify_event_buffer buffer;
2134 struct inotify_event *e;
2137 if (timeout != USEC_INFINITY) {
2140 n = now(CLOCK_MONOTONIC);
2141 if (ts + timeout < n) {
2146 r = fd_wait_for_event(fd, POLLIN, ts + timeout - n);
2156 l = read(notify, &buffer, sizeof(buffer));
2158 if (errno == EINTR || errno == EAGAIN)
2165 FOREACH_INOTIFY_EVENT(e, buffer, l) {
2166 if (e->wd != wd || !(e->mask & IN_CLOSE)) {
2175 /* We close the tty fd here since if the old session
2176 * ended our handle will be dead. It's important that
2177 * we do this after sleeping, so that we don't enter
2178 * an endless loop. */
2179 fd = safe_close(fd);
2184 r = reset_terminal_fd(fd, true);
2186 log_warning_errno(r, "Failed to reset terminal: %m");
2197 int release_terminal(void) {
2198 static const struct sigaction sa_new = {
2199 .sa_handler = SIG_IGN,
2200 .sa_flags = SA_RESTART,
2203 _cleanup_close_ int fd = -1;
2204 struct sigaction sa_old;
2207 fd = open("/dev/tty", O_RDWR|O_NOCTTY|O_NDELAY|O_CLOEXEC);
2211 /* Temporarily ignore SIGHUP, so that we don't get SIGHUP'ed
2212 * by our own TIOCNOTTY */
2213 assert_se(sigaction(SIGHUP, &sa_new, &sa_old) == 0);
2215 if (ioctl(fd, TIOCNOTTY) < 0)
2218 assert_se(sigaction(SIGHUP, &sa_old, NULL) == 0);
2223 int sigaction_many(const struct sigaction *sa, ...) {
2228 while ((sig = va_arg(ap, int)) > 0)
2229 if (sigaction(sig, sa, NULL) < 0)
2236 int ignore_signals(int sig, ...) {
2237 struct sigaction sa = {
2238 .sa_handler = SIG_IGN,
2239 .sa_flags = SA_RESTART,
2244 if (sigaction(sig, &sa, NULL) < 0)
2248 while ((sig = va_arg(ap, int)) > 0)
2249 if (sigaction(sig, &sa, NULL) < 0)
2256 int default_signals(int sig, ...) {
2257 struct sigaction sa = {
2258 .sa_handler = SIG_DFL,
2259 .sa_flags = SA_RESTART,
2264 if (sigaction(sig, &sa, NULL) < 0)
2268 while ((sig = va_arg(ap, int)) > 0)
2269 if (sigaction(sig, &sa, NULL) < 0)
2276 void safe_close_pair(int p[]) {
2280 /* Special case pairs which use the same fd in both
2282 p[0] = p[1] = safe_close(p[0]);
2286 p[0] = safe_close(p[0]);
2287 p[1] = safe_close(p[1]);
2290 ssize_t loop_read(int fd, void *buf, size_t nbytes, bool do_poll) {
2297 while (nbytes > 0) {
2300 k = read(fd, p, nbytes);
2305 if (errno == EAGAIN && do_poll) {
2307 /* We knowingly ignore any return value here,
2308 * and expect that any error/EOF is reported
2311 fd_wait_for_event(fd, POLLIN, USEC_INFINITY);
2315 return n > 0 ? n : -errno;
2329 int loop_write(int fd, const void *buf, size_t nbytes, bool do_poll) {
2330 const uint8_t *p = buf;
2337 while (nbytes > 0) {
2340 k = write(fd, p, nbytes);
2345 if (errno == EAGAIN && do_poll) {
2346 /* We knowingly ignore any return value here,
2347 * and expect that any error/EOF is reported
2350 fd_wait_for_event(fd, POLLOUT, USEC_INFINITY);
2357 if (k == 0) /* Can't really happen */
2367 int parse_size(const char *t, off_t base, off_t *size) {
2369 /* Soo, sometimes we want to parse IEC binary suffxies, and
2370 * sometimes SI decimal suffixes. This function can parse
2371 * both. Which one is the right way depends on the
2372 * context. Wikipedia suggests that SI is customary for
2373 * hardrware metrics and network speeds, while IEC is
2374 * customary for most data sizes used by software and volatile
2375 * (RAM) memory. Hence be careful which one you pick!
2377 * In either case we use just K, M, G as suffix, and not Ki,
2378 * Mi, Gi or so (as IEC would suggest). That's because that's
2379 * frickin' ugly. But this means you really need to make sure
2380 * to document which base you are parsing when you use this
2385 unsigned long long factor;
2388 static const struct table iec[] = {
2389 { "E", 1024ULL*1024ULL*1024ULL*1024ULL*1024ULL*1024ULL },
2390 { "P", 1024ULL*1024ULL*1024ULL*1024ULL*1024ULL },
2391 { "T", 1024ULL*1024ULL*1024ULL*1024ULL },
2392 { "G", 1024ULL*1024ULL*1024ULL },
2393 { "M", 1024ULL*1024ULL },
2399 static const struct table si[] = {
2400 { "E", 1000ULL*1000ULL*1000ULL*1000ULL*1000ULL*1000ULL },
2401 { "P", 1000ULL*1000ULL*1000ULL*1000ULL*1000ULL },
2402 { "T", 1000ULL*1000ULL*1000ULL*1000ULL },
2403 { "G", 1000ULL*1000ULL*1000ULL },
2404 { "M", 1000ULL*1000ULL },
2410 const struct table *table;
2412 unsigned long long r = 0;
2413 unsigned n_entries, start_pos = 0;
2416 assert(base == 1000 || base == 1024);
2421 n_entries = ELEMENTSOF(si);
2424 n_entries = ELEMENTSOF(iec);
2430 unsigned long long l2;
2436 l = strtoll(p, &e, 10);
2449 if (*e >= '0' && *e <= '9') {
2452 /* strotoull itself would accept space/+/- */
2453 l2 = strtoull(e, &e2, 10);
2455 if (errno == ERANGE)
2458 /* Ignore failure. E.g. 10.M is valid */
2465 e += strspn(e, WHITESPACE);
2467 for (i = start_pos; i < n_entries; i++)
2468 if (startswith(e, table[i].suffix)) {
2469 unsigned long long tmp;
2470 if ((unsigned long long) l + (frac > 0) > ULLONG_MAX / table[i].factor)
2472 tmp = l * table[i].factor + (unsigned long long) (frac * table[i].factor);
2473 if (tmp > ULLONG_MAX - r)
2477 if ((unsigned long long) (off_t) r != r)
2480 p = e + strlen(table[i].suffix);
2496 int make_stdio(int fd) {
2501 r = dup2(fd, STDIN_FILENO);
2502 s = dup2(fd, STDOUT_FILENO);
2503 t = dup2(fd, STDERR_FILENO);
2508 if (r < 0 || s < 0 || t < 0)
2511 /* Explicitly unset O_CLOEXEC, since if fd was < 3, then
2512 * dup2() was a NOP and the bit hence possibly set. */
2513 fd_cloexec(STDIN_FILENO, false);
2514 fd_cloexec(STDOUT_FILENO, false);
2515 fd_cloexec(STDERR_FILENO, false);
2520 int make_null_stdio(void) {
2523 null_fd = open("/dev/null", O_RDWR|O_NOCTTY);
2527 return make_stdio(null_fd);
2530 bool is_device_path(const char *path) {
2532 /* Returns true on paths that refer to a device, either in
2533 * sysfs or in /dev */
2536 path_startswith(path, "/dev/") ||
2537 path_startswith(path, "/sys/");
2540 int dir_is_empty(const char *path) {
2541 _cleanup_closedir_ DIR *d;
2552 if (!de && errno != 0)
2558 if (!hidden_file(de->d_name))
2563 char* dirname_malloc(const char *path) {
2564 char *d, *dir, *dir2;
2581 int dev_urandom(void *p, size_t n) {
2582 static int have_syscall = -1;
2586 /* Gathers some randomness from the kernel. This call will
2587 * never block, and will always return some data from the
2588 * kernel, regardless if the random pool is fully initialized
2589 * or not. It thus makes no guarantee for the quality of the
2590 * returned entropy, but is good enough for or usual usecases
2591 * of seeding the hash functions for hashtable */
2593 /* Use the getrandom() syscall unless we know we don't have
2594 * it, or when the requested size is too large for it. */
2595 if (have_syscall != 0 || (size_t) (int) n != n) {
2596 r = getrandom(p, n, GRND_NONBLOCK);
2598 have_syscall = true;
2603 if (errno == ENOSYS)
2604 /* we lack the syscall, continue with
2605 * reading from /dev/urandom */
2606 have_syscall = false;
2607 else if (errno == EAGAIN)
2608 /* not enough entropy for now. Let's
2609 * remember to use the syscall the
2610 * next time, again, but also read
2611 * from /dev/urandom for now, which
2612 * doesn't care about the current
2613 * amount of entropy. */
2614 have_syscall = true;
2618 /* too short read? */
2622 fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC|O_NOCTTY);
2624 return errno == ENOENT ? -ENOSYS : -errno;
2626 k = loop_read(fd, p, n, true);
2631 if ((size_t) k != n)
2637 void initialize_srand(void) {
2638 static bool srand_called = false;
2640 #ifdef HAVE_SYS_AUXV_H
2649 #ifdef HAVE_SYS_AUXV_H
2650 /* The kernel provides us with a bit of entropy in auxv, so
2651 * let's try to make use of that to seed the pseudo-random
2652 * generator. It's better than nothing... */
2654 auxv = (void*) getauxval(AT_RANDOM);
2656 x ^= *(unsigned*) auxv;
2659 x ^= (unsigned) now(CLOCK_REALTIME);
2660 x ^= (unsigned) gettid();
2663 srand_called = true;
2666 void random_bytes(void *p, size_t n) {
2670 r = dev_urandom(p, n);
2674 /* If some idiot made /dev/urandom unavailable to us, he'll
2675 * get a PRNG instead. */
2679 for (q = p; q < (uint8_t*) p + n; q ++)
2683 void rename_process(const char name[8]) {
2686 /* This is a like a poor man's setproctitle(). It changes the
2687 * comm field, argv[0], and also the glibc's internally used
2688 * name of the process. For the first one a limit of 16 chars
2689 * applies, to the second one usually one of 10 (i.e. length
2690 * of "/sbin/init"), to the third one one of 7 (i.e. length of
2691 * "systemd"). If you pass a longer string it will be
2694 prctl(PR_SET_NAME, name);
2696 if (program_invocation_name)
2697 strncpy(program_invocation_name, name, strlen(program_invocation_name));
2699 if (saved_argc > 0) {
2703 strncpy(saved_argv[0], name, strlen(saved_argv[0]));
2705 for (i = 1; i < saved_argc; i++) {
2709 memzero(saved_argv[i], strlen(saved_argv[i]));
2714 void sigset_add_many(sigset_t *ss, ...) {
2721 while ((sig = va_arg(ap, int)) > 0)
2722 assert_se(sigaddset(ss, sig) == 0);
2726 int sigprocmask_many(int how, ...) {
2731 assert_se(sigemptyset(&ss) == 0);
2734 while ((sig = va_arg(ap, int)) > 0)
2735 assert_se(sigaddset(&ss, sig) == 0);
2738 if (sigprocmask(how, &ss, NULL) < 0)
2744 char* gethostname_malloc(void) {
2747 assert_se(uname(&u) >= 0);
2749 if (!isempty(u.nodename) && !streq(u.nodename, "(none)"))
2750 return strdup(u.nodename);
2752 return strdup(u.sysname);
2755 bool hostname_is_set(void) {
2758 assert_se(uname(&u) >= 0);
2760 return !isempty(u.nodename) && !streq(u.nodename, "(none)");
2763 char *lookup_uid(uid_t uid) {
2766 _cleanup_free_ char *buf = NULL;
2767 struct passwd pwbuf, *pw = NULL;
2769 /* Shortcut things to avoid NSS lookups */
2771 return strdup("root");
2773 bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
2777 buf = malloc(bufsize);
2781 if (getpwuid_r(uid, &pwbuf, buf, bufsize, &pw) == 0 && pw)
2782 return strdup(pw->pw_name);
2784 if (asprintf(&name, UID_FMT, uid) < 0)
2790 char* getlogname_malloc(void) {
2794 if (isatty(STDIN_FILENO) && fstat(STDIN_FILENO, &st) >= 0)
2799 return lookup_uid(uid);
2802 char *getusername_malloc(void) {
2809 return lookup_uid(getuid());
2812 int getttyname_malloc(int fd, char **ret) {
2822 r = ttyname_r(fd, path, sizeof(path));
2827 p = startswith(path, "/dev/");
2828 c = strdup(p ?: path);
2845 int getttyname_harder(int fd, char **r) {
2849 k = getttyname_malloc(fd, &s);
2853 if (streq(s, "tty")) {
2855 return get_ctty(0, NULL, r);
2862 int get_ctty_devnr(pid_t pid, dev_t *d) {
2864 _cleanup_free_ char *line = NULL;
2866 unsigned long ttynr;
2870 p = procfs_file_alloca(pid, "stat");
2871 r = read_one_line_file(p, &line);
2875 p = strrchr(line, ')');
2885 "%*d " /* session */
2890 if (major(ttynr) == 0 && minor(ttynr) == 0)
2899 int get_ctty(pid_t pid, dev_t *_devnr, char **r) {
2900 char fn[sizeof("/dev/char/")-1 + 2*DECIMAL_STR_MAX(unsigned) + 1 + 1], *b = NULL;
2901 _cleanup_free_ char *s = NULL;
2908 k = get_ctty_devnr(pid, &devnr);
2912 sprintf(fn, "/dev/char/%u:%u", major(devnr), minor(devnr));
2914 k = readlink_malloc(fn, &s);
2920 /* This is an ugly hack */
2921 if (major(devnr) == 136) {
2922 asprintf(&b, "pts/%u", minor(devnr));
2926 /* Probably something like the ptys which have no
2927 * symlink in /dev/char. Let's return something
2928 * vaguely useful. */
2934 if (startswith(s, "/dev/"))
2936 else if (startswith(s, "../"))
2954 int rm_rf_children_dangerous(int fd, bool only_dirs, bool honour_sticky, struct stat *root_dev) {
2955 _cleanup_closedir_ DIR *d = NULL;
2960 /* This returns the first error we run into, but nevertheless
2961 * tries to go on. This closes the passed fd. */
2967 return errno == ENOENT ? 0 : -errno;
2972 bool is_dir, keep_around;
2979 if (errno != 0 && ret == 0)
2984 if (streq(de->d_name, ".") || streq(de->d_name, ".."))
2987 if (de->d_type == DT_UNKNOWN ||
2989 (de->d_type == DT_DIR && root_dev)) {
2990 if (fstatat(fd, de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
2991 if (ret == 0 && errno != ENOENT)
2996 is_dir = S_ISDIR(st.st_mode);
2999 (st.st_uid == 0 || st.st_uid == getuid()) &&
3000 (st.st_mode & S_ISVTX);
3002 is_dir = de->d_type == DT_DIR;
3003 keep_around = false;
3009 /* if root_dev is set, remove subdirectories only, if device is same as dir */
3010 if (root_dev && st.st_dev != root_dev->st_dev)
3013 subdir_fd = openat(fd, de->d_name,
3014 O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
3015 if (subdir_fd < 0) {
3016 if (ret == 0 && errno != ENOENT)
3021 r = rm_rf_children_dangerous(subdir_fd, only_dirs, honour_sticky, root_dev);
3022 if (r < 0 && ret == 0)
3026 if (unlinkat(fd, de->d_name, AT_REMOVEDIR) < 0) {
3027 if (ret == 0 && errno != ENOENT)
3031 } else if (!only_dirs && !keep_around) {
3033 if (unlinkat(fd, de->d_name, 0) < 0) {
3034 if (ret == 0 && errno != ENOENT)
3041 _pure_ static int is_temporary_fs(struct statfs *s) {
3044 return F_TYPE_EQUAL(s->f_type, TMPFS_MAGIC) ||
3045 F_TYPE_EQUAL(s->f_type, RAMFS_MAGIC);
3048 int is_fd_on_temporary_fs(int fd) {
3051 if (fstatfs(fd, &s) < 0)
3054 return is_temporary_fs(&s);
3057 int rm_rf_children(int fd, bool only_dirs, bool honour_sticky, struct stat *root_dev) {
3062 if (fstatfs(fd, &s) < 0) {
3067 /* We refuse to clean disk file systems with this call. This
3068 * is extra paranoia just to be sure we never ever remove
3070 if (!is_temporary_fs(&s)) {
3071 log_error("Attempted to remove disk file system, and we can't allow that.");
3076 return rm_rf_children_dangerous(fd, only_dirs, honour_sticky, root_dev);
3079 static int file_is_priv_sticky(const char *p) {
3084 if (lstat(p, &st) < 0)
3088 (st.st_uid == 0 || st.st_uid == getuid()) &&
3089 (st.st_mode & S_ISVTX);
3092 static int rm_rf_internal(const char *path, bool only_dirs, bool delete_root, bool honour_sticky, bool dangerous) {
3098 /* We refuse to clean the root file system with this
3099 * call. This is extra paranoia to never cause a really
3100 * seriously broken system. */
3101 if (path_equal(path, "/")) {
3102 log_error("Attempted to remove entire root file system, and we can't allow that.");
3106 fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
3109 if (errno != ENOTDIR && errno != ELOOP)
3113 if (statfs(path, &s) < 0)
3116 if (!is_temporary_fs(&s)) {
3117 log_error("Attempted to remove disk file system, and we can't allow that.");
3122 if (delete_root && !only_dirs)
3123 if (unlink(path) < 0 && errno != ENOENT)
3130 if (fstatfs(fd, &s) < 0) {
3135 if (!is_temporary_fs(&s)) {
3136 log_error("Attempted to remove disk file system, and we can't allow that.");
3142 r = rm_rf_children_dangerous(fd, only_dirs, honour_sticky, NULL);
3145 if (honour_sticky && file_is_priv_sticky(path) > 0)
3148 if (rmdir(path) < 0 && errno != ENOENT) {
3157 int rm_rf(const char *path, bool only_dirs, bool delete_root, bool honour_sticky) {
3158 return rm_rf_internal(path, only_dirs, delete_root, honour_sticky, false);
3161 int rm_rf_dangerous(const char *path, bool only_dirs, bool delete_root, bool honour_sticky) {
3162 return rm_rf_internal(path, only_dirs, delete_root, honour_sticky, true);
3165 int chmod_and_chown(const char *path, mode_t mode, uid_t uid, gid_t gid) {
3168 /* Under the assumption that we are running privileged we
3169 * first change the access mode and only then hand out
3170 * ownership to avoid a window where access is too open. */
3172 if (mode != MODE_INVALID)
3173 if (chmod(path, mode) < 0)
3176 if (uid != UID_INVALID || gid != GID_INVALID)
3177 if (chown(path, uid, gid) < 0)
3183 int fchmod_and_fchown(int fd, mode_t mode, uid_t uid, gid_t gid) {
3186 /* Under the assumption that we are running privileged we
3187 * first change the access mode and only then hand out
3188 * ownership to avoid a window where access is too open. */
3190 if (mode != MODE_INVALID)
3191 if (fchmod(fd, mode) < 0)
3194 if (uid != UID_INVALID || gid != GID_INVALID)
3195 if (fchown(fd, uid, gid) < 0)
3201 cpu_set_t* cpu_set_malloc(unsigned *ncpus) {
3205 /* Allocates the cpuset in the right size */
3208 if (!(r = CPU_ALLOC(n)))
3211 if (sched_getaffinity(0, CPU_ALLOC_SIZE(n), r) >= 0) {
3212 CPU_ZERO_S(CPU_ALLOC_SIZE(n), r);
3222 if (errno != EINVAL)
3229 int status_vprintf(const char *status, bool ellipse, bool ephemeral, const char *format, va_list ap) {
3230 static const char status_indent[] = " "; /* "[" STATUS "] " */
3231 _cleanup_free_ char *s = NULL;
3232 _cleanup_close_ int fd = -1;
3233 struct iovec iovec[6] = {};
3235 static bool prev_ephemeral;
3239 /* This is independent of logging, as status messages are
3240 * optional and go exclusively to the console. */
3242 if (vasprintf(&s, format, ap) < 0)
3245 fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
3258 sl = status ? sizeof(status_indent)-1 : 0;
3264 e = ellipsize(s, emax, 50);
3272 IOVEC_SET_STRING(iovec[n++], "\r" ANSI_ERASE_TO_END_OF_LINE);
3273 prev_ephemeral = ephemeral;
3276 if (!isempty(status)) {
3277 IOVEC_SET_STRING(iovec[n++], "[");
3278 IOVEC_SET_STRING(iovec[n++], status);
3279 IOVEC_SET_STRING(iovec[n++], "] ");
3281 IOVEC_SET_STRING(iovec[n++], status_indent);
3284 IOVEC_SET_STRING(iovec[n++], s);
3286 IOVEC_SET_STRING(iovec[n++], "\n");
3288 if (writev(fd, iovec, n) < 0)
3294 int status_printf(const char *status, bool ellipse, bool ephemeral, const char *format, ...) {
3300 va_start(ap, format);
3301 r = status_vprintf(status, ellipse, ephemeral, format, ap);
3307 char *replace_env(const char *format, char **env) {
3314 const char *e, *word = format;
3319 for (e = format; *e; e ++) {
3330 k = strnappend(r, word, e-word-1);
3340 } else if (*e == '$') {
3341 k = strnappend(r, word, e-word);
3358 t = strempty(strv_env_get_n(env, word+2, e-word-2));
3360 k = strappend(r, t);
3374 k = strnappend(r, word, e-word);
3386 char **replace_env_argv(char **argv, char **env) {
3388 unsigned k = 0, l = 0;
3390 l = strv_length(argv);
3392 ret = new(char*, l+1);
3396 STRV_FOREACH(i, argv) {
3398 /* If $FOO appears as single word, replace it by the split up variable */
3399 if ((*i)[0] == '$' && (*i)[1] != '{') {
3404 e = strv_env_get(env, *i+1);
3408 r = strv_split_quoted(&m, e, true);
3420 w = realloc(ret, sizeof(char*) * (l+1));
3430 memcpy(ret + k, m, q * sizeof(char*));
3438 /* If ${FOO} appears as part of a word, replace it by the variable as-is */
3439 ret[k] = replace_env(*i, env);
3451 int fd_columns(int fd) {
3452 struct winsize ws = {};
3454 if (ioctl(fd, TIOCGWINSZ, &ws) < 0)
3463 unsigned columns(void) {
3467 if (_likely_(cached_columns > 0))
3468 return cached_columns;
3471 e = getenv("COLUMNS");
3473 (void) safe_atoi(e, &c);
3476 c = fd_columns(STDOUT_FILENO);
3482 return cached_columns;
3485 int fd_lines(int fd) {
3486 struct winsize ws = {};
3488 if (ioctl(fd, TIOCGWINSZ, &ws) < 0)
3497 unsigned lines(void) {
3501 if (_likely_(cached_lines > 0))
3502 return cached_lines;
3505 e = getenv("LINES");
3507 (void) safe_atoi(e, &l);
3510 l = fd_lines(STDOUT_FILENO);
3516 return cached_lines;
3519 /* intended to be used as a SIGWINCH sighandler */
3520 void columns_lines_cache_reset(int signum) {
3526 static int cached_on_tty = -1;
3528 if (_unlikely_(cached_on_tty < 0))
3529 cached_on_tty = isatty(STDOUT_FILENO) > 0;
3531 return cached_on_tty;
3534 int files_same(const char *filea, const char *fileb) {
3537 if (stat(filea, &a) < 0)
3540 if (stat(fileb, &b) < 0)
3543 return a.st_dev == b.st_dev &&
3544 a.st_ino == b.st_ino;
3547 int running_in_chroot(void) {
3550 ret = files_same("/proc/1/root", "/");
3557 static char *ascii_ellipsize_mem(const char *s, size_t old_length, size_t new_length, unsigned percent) {
3562 assert(percent <= 100);
3563 assert(new_length >= 3);
3565 if (old_length <= 3 || old_length <= new_length)
3566 return strndup(s, old_length);
3568 r = new0(char, new_length+1);
3572 x = (new_length * percent) / 100;
3574 if (x > new_length - 3)
3582 s + old_length - (new_length - x - 3),
3583 new_length - x - 3);
3588 char *ellipsize_mem(const char *s, size_t old_length, size_t new_length, unsigned percent) {
3592 unsigned k, len, len2;
3595 assert(percent <= 100);
3596 assert(new_length >= 3);
3598 /* if no multibyte characters use ascii_ellipsize_mem for speed */
3599 if (ascii_is_valid(s))
3600 return ascii_ellipsize_mem(s, old_length, new_length, percent);
3602 if (old_length <= 3 || old_length <= new_length)
3603 return strndup(s, old_length);
3605 x = (new_length * percent) / 100;
3607 if (x > new_length - 3)
3611 for (i = s; k < x && i < s + old_length; i = utf8_next_char(i)) {
3614 c = utf8_encoded_to_unichar(i);
3617 k += unichar_iswide(c) ? 2 : 1;
3620 if (k > x) /* last character was wide and went over quota */
3623 for (j = s + old_length; k < new_length && j > i; ) {
3626 j = utf8_prev_char(j);
3627 c = utf8_encoded_to_unichar(j);
3630 k += unichar_iswide(c) ? 2 : 1;
3634 /* we don't actually need to ellipsize */
3636 return memdup(s, old_length + 1);
3638 /* make space for ellipsis */
3639 j = utf8_next_char(j);
3642 len2 = s + old_length - j;
3643 e = new(char, len + 3 + len2 + 1);
3648 printf("old_length=%zu new_length=%zu x=%zu len=%u len2=%u k=%u\n",
3649 old_length, new_length, x, len, len2, k);
3653 e[len] = 0xe2; /* tri-dot ellipsis: … */
3657 memcpy(e + len + 3, j, len2 + 1);
3662 char *ellipsize(const char *s, size_t length, unsigned percent) {
3663 return ellipsize_mem(s, strlen(s), length, percent);
3666 int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gid, mode_t mode) {
3667 _cleanup_close_ int fd;
3673 mkdir_parents(path, 0755);
3675 fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY, mode > 0 ? mode : 0644);
3680 r = fchmod(fd, mode);
3685 if (uid != UID_INVALID || gid != GID_INVALID) {
3686 r = fchown(fd, uid, gid);
3691 if (stamp != USEC_INFINITY) {
3692 struct timespec ts[2];
3694 timespec_store(&ts[0], stamp);
3696 r = futimens(fd, ts);
3698 r = futimens(fd, NULL);
3705 int touch(const char *path) {
3706 return touch_file(path, false, USEC_INFINITY, UID_INVALID, GID_INVALID, 0);
3709 char *unquote(const char *s, const char* quotes) {
3713 /* This is rather stupid, simply removes the heading and
3714 * trailing quotes if there is one. Doesn't care about
3715 * escaping or anything. We should make this smarter one
3722 if (strchr(quotes, s[0]) && s[l-1] == s[0])
3723 return strndup(s+1, l-2);
3728 char *normalize_env_assignment(const char *s) {
3729 _cleanup_free_ char *value = NULL;
3733 eq = strchr(s, '=');
3743 memmove(r, t, strlen(t) + 1);
3748 name = strndupa(s, eq - s);
3749 p = strdupa(eq + 1);
3751 value = unquote(strstrip(p), QUOTES);
3755 return strjoin(strstrip(name), "=", value, NULL);
3758 int wait_for_terminate(pid_t pid, siginfo_t *status) {
3769 if (waitid(P_PID, pid, status, WEXITED) < 0) {
3783 * < 0 : wait_for_terminate() failed to get the state of the
3784 * process, the process was terminated by a signal, or
3785 * failed for an unknown reason.
3786 * >=0 : The process terminated normally, and its exit code is
3789 * That is, success is indicated by a return value of zero, and an
3790 * error is indicated by a non-zero value.
3792 * A warning is emitted if the process terminates abnormally,
3793 * and also if it returns non-zero unless check_exit_code is true.
3795 int wait_for_terminate_and_warn(const char *name, pid_t pid, bool check_exit_code) {
3802 r = wait_for_terminate(pid, &status);
3804 return log_warning_errno(r, "Failed to wait for %s: %m", name);
3806 if (status.si_code == CLD_EXITED) {
3807 if (status.si_status != 0)
3808 log_full(check_exit_code ? LOG_WARNING : LOG_DEBUG,
3809 "%s failed with error code %i.", name, status.si_status);
3811 log_debug("%s succeeded.", name);
3813 return status.si_status;
3814 } else if (status.si_code == CLD_KILLED ||
3815 status.si_code == CLD_DUMPED) {
3817 log_warning("%s terminated by signal %s.", name, signal_to_string(status.si_status));
3821 log_warning("%s failed due to unknown reason.", name);
3825 noreturn void freeze(void) {
3827 /* Make sure nobody waits for us on a socket anymore */
3828 close_all_fds(NULL, 0);
3836 bool null_or_empty(struct stat *st) {
3839 if (S_ISREG(st->st_mode) && st->st_size <= 0)
3842 if (S_ISCHR(st->st_mode) || S_ISBLK(st->st_mode))
3848 int null_or_empty_path(const char *fn) {
3853 if (stat(fn, &st) < 0)
3856 return null_or_empty(&st);
3859 int null_or_empty_fd(int fd) {
3864 if (fstat(fd, &st) < 0)
3867 return null_or_empty(&st);
3870 DIR *xopendirat(int fd, const char *name, int flags) {
3874 assert(!(flags & O_CREAT));
3876 nfd = openat(fd, name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|flags, 0);
3889 int signal_from_string_try_harder(const char *s) {
3893 signo = signal_from_string(s);
3895 if (startswith(s, "SIG"))
3896 return signal_from_string(s+3);
3901 static char *tag_to_udev_node(const char *tagvalue, const char *by) {
3902 _cleanup_free_ char *t = NULL, *u = NULL;
3905 u = unquote(tagvalue, "\"\'");
3909 enc_len = strlen(u) * 4 + 1;
3910 t = new(char, enc_len);
3914 if (encode_devnode_name(u, t, enc_len) < 0)
3917 return strjoin("/dev/disk/by-", by, "/", t, NULL);
3920 char *fstab_node_to_udev_node(const char *p) {
3923 if (startswith(p, "LABEL="))
3924 return tag_to_udev_node(p+6, "label");
3926 if (startswith(p, "UUID="))
3927 return tag_to_udev_node(p+5, "uuid");
3929 if (startswith(p, "PARTUUID="))
3930 return tag_to_udev_node(p+9, "partuuid");
3932 if (startswith(p, "PARTLABEL="))
3933 return tag_to_udev_node(p+10, "partlabel");
3938 bool tty_is_vc(const char *tty) {
3941 return vtnr_from_tty(tty) >= 0;
3944 bool tty_is_console(const char *tty) {
3947 if (startswith(tty, "/dev/"))
3950 return streq(tty, "console");
3953 int vtnr_from_tty(const char *tty) {
3958 if (startswith(tty, "/dev/"))
3961 if (!startswith(tty, "tty") )
3964 if (tty[3] < '0' || tty[3] > '9')
3967 r = safe_atoi(tty+3, &i);
3971 if (i < 0 || i > 63)
3977 char *resolve_dev_console(char **active) {
3980 /* Resolve where /dev/console is pointing to, if /sys is actually ours
3981 * (i.e. not read-only-mounted which is a sign for container setups) */
3983 if (path_is_read_only_fs("/sys") > 0)
3986 if (read_one_line_file("/sys/class/tty/console/active", active) < 0)
3989 /* If multiple log outputs are configured the last one is what
3990 * /dev/console points to */
3991 tty = strrchr(*active, ' ');
3997 if (streq(tty, "tty0")) {
4000 /* Get the active VC (e.g. tty1) */
4001 if (read_one_line_file("/sys/class/tty/tty0/active", &tmp) >= 0) {
4003 tty = *active = tmp;
4010 bool tty_is_vc_resolve(const char *tty) {
4011 _cleanup_free_ char *active = NULL;
4015 if (startswith(tty, "/dev/"))
4018 if (streq(tty, "console")) {
4019 tty = resolve_dev_console(&active);
4024 return tty_is_vc(tty);
4027 const char *default_term_for_tty(const char *tty) {
4030 return tty_is_vc_resolve(tty) ? "TERM=linux" : "TERM=vt220";
4033 bool dirent_is_file(const struct dirent *de) {
4036 if (hidden_file(de->d_name))
4039 if (de->d_type != DT_REG &&
4040 de->d_type != DT_LNK &&
4041 de->d_type != DT_UNKNOWN)
4047 bool dirent_is_file_with_suffix(const struct dirent *de, const char *suffix) {
4050 if (de->d_type != DT_REG &&
4051 de->d_type != DT_LNK &&
4052 de->d_type != DT_UNKNOWN)
4055 if (hidden_file_allow_backup(de->d_name))
4058 return endswith(de->d_name, suffix);
4061 static int do_execute(char **directories, usec_t timeout, char *argv[]) {
4062 _cleanup_hashmap_free_free_ Hashmap *pids = NULL;
4063 _cleanup_set_free_free_ Set *seen = NULL;
4066 /* We fork this all off from a child process so that we can
4067 * somewhat cleanly make use of SIGALRM to set a time limit */
4069 reset_all_signal_handlers();
4070 reset_signal_mask();
4072 assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);
4074 pids = hashmap_new(NULL);
4078 seen = set_new(&string_hash_ops);
4082 STRV_FOREACH(directory, directories) {
4083 _cleanup_closedir_ DIR *d;
4086 d = opendir(*directory);
4088 if (errno == ENOENT)
4091 return log_error_errno(errno, "Failed to open directory %s: %m", *directory);
4094 FOREACH_DIRENT(de, d, break) {
4095 _cleanup_free_ char *path = NULL;
4099 if (!dirent_is_file(de))
4102 if (set_contains(seen, de->d_name)) {
4103 log_debug("%1$s/%2$s skipped (%2$s was already seen).", *directory, de->d_name);
4107 r = set_put_strdup(seen, de->d_name);
4111 path = strjoin(*directory, "/", de->d_name, NULL);
4115 if (null_or_empty_path(path)) {
4116 log_debug("%s is empty (a mask).", path);
4119 log_debug("%s will be executed.", path);
4123 log_error_errno(errno, "Failed to fork: %m");
4125 } else if (pid == 0) {
4128 assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);
4138 return log_error_errno(errno, "Failed to execute %s: %m", path);
4141 log_debug("Spawned %s as " PID_FMT ".", path, pid);
4143 r = hashmap_put(pids, UINT_TO_PTR(pid), path);
4150 /* Abort execution of this process after the timout. We simply
4151 * rely on SIGALRM as default action terminating the process,
4152 * and turn on alarm(). */
4154 if (timeout != USEC_INFINITY)
4155 alarm((timeout + USEC_PER_SEC - 1) / USEC_PER_SEC);
4157 while (!hashmap_isempty(pids)) {
4158 _cleanup_free_ char *path = NULL;
4161 pid = PTR_TO_UINT(hashmap_first_key(pids));
4164 path = hashmap_remove(pids, UINT_TO_PTR(pid));
4167 wait_for_terminate_and_warn(path, pid, true);
4173 void execute_directories(const char* const* directories, usec_t timeout, char *argv[]) {
4177 char **dirs = (char**) directories;
4179 assert(!strv_isempty(dirs));
4181 name = basename(dirs[0]);
4182 assert(!isempty(name));
4184 /* Executes all binaries in the directories in parallel and waits
4185 * for them to finish. Optionally a timeout is applied. If a file
4186 * with the same name exists in more than one directory, the
4187 * earliest one wins. */
4189 executor_pid = fork();
4190 if (executor_pid < 0) {
4191 log_error_errno(errno, "Failed to fork: %m");
4194 } else if (executor_pid == 0) {
4195 r = do_execute(dirs, timeout, argv);
4196 _exit(r < 0 ? EXIT_FAILURE : EXIT_SUCCESS);
4199 wait_for_terminate_and_warn(name, executor_pid, true);
4202 int kill_and_sigcont(pid_t pid, int sig) {
4205 r = kill(pid, sig) < 0 ? -errno : 0;
4213 bool nulstr_contains(const char*nulstr, const char *needle) {
4219 NULSTR_FOREACH(i, nulstr)
4220 if (streq(i, needle))
4226 bool plymouth_running(void) {
4227 return access("/run/plymouth/pid", F_OK) >= 0;
4230 char* strshorten(char *s, size_t l) {
4239 static bool hostname_valid_char(char c) {
4241 (c >= 'a' && c <= 'z') ||
4242 (c >= 'A' && c <= 'Z') ||
4243 (c >= '0' && c <= '9') ||
4249 bool hostname_is_valid(const char *s) {
4256 /* Doesn't accept empty hostnames, hostnames with trailing or
4257 * leading dots, and hostnames with multiple dots in a
4258 * sequence. Also ensures that the length stays below
4261 for (p = s, dot = true; *p; p++) {
4268 if (!hostname_valid_char(*p))
4278 if (p-s > HOST_NAME_MAX)
4284 char* hostname_cleanup(char *s, bool lowercase) {
4288 for (p = s, d = s, dot = true; *p; p++) {
4295 } else if (hostname_valid_char(*p)) {
4296 *(d++) = lowercase ? tolower(*p) : *p;
4307 strshorten(s, HOST_NAME_MAX);
4312 bool machine_name_is_valid(const char *s) {
4314 if (!hostname_is_valid(s))
4317 /* Machine names should be useful hostnames, but also be
4318 * useful in unit names, hence we enforce a stricter length
4327 int pipe_eof(int fd) {
4328 struct pollfd pollfd = {
4330 .events = POLLIN|POLLHUP,
4335 r = poll(&pollfd, 1, 0);
4342 return pollfd.revents & POLLHUP;
4345 int fd_wait_for_event(int fd, int event, usec_t t) {
4347 struct pollfd pollfd = {
4355 r = ppoll(&pollfd, 1, t == USEC_INFINITY ? NULL : timespec_store(&ts, t), NULL);
4362 return pollfd.revents;
4365 int fopen_temporary(const char *path, FILE **_f, char **_temp_path) {
4374 r = tempfn_xxxxxx(path, &t);
4378 fd = mkostemp_safe(t, O_WRONLY|O_CLOEXEC);
4384 f = fdopen(fd, "we");
4397 int terminal_vhangup_fd(int fd) {
4400 if (ioctl(fd, TIOCVHANGUP) < 0)
4406 int terminal_vhangup(const char *name) {
4407 _cleanup_close_ int fd;
4409 fd = open_terminal(name, O_RDWR|O_NOCTTY|O_CLOEXEC);
4413 return terminal_vhangup_fd(fd);
4416 int vt_disallocate(const char *name) {
4420 /* Deallocate the VT if possible. If not possible
4421 * (i.e. because it is the active one), at least clear it
4422 * entirely (including the scrollback buffer) */
4424 if (!startswith(name, "/dev/"))
4427 if (!tty_is_vc(name)) {
4428 /* So this is not a VT. I guess we cannot deallocate
4429 * it then. But let's at least clear the screen */
4431 fd = open_terminal(name, O_RDWR|O_NOCTTY|O_CLOEXEC);
4436 "\033[r" /* clear scrolling region */
4437 "\033[H" /* move home */
4438 "\033[2J", /* clear screen */
4445 if (!startswith(name, "/dev/tty"))
4448 r = safe_atou(name+8, &u);
4455 /* Try to deallocate */
4456 fd = open_terminal("/dev/tty0", O_RDWR|O_NOCTTY|O_CLOEXEC);
4460 r = ioctl(fd, VT_DISALLOCATE, u);
4469 /* Couldn't deallocate, so let's clear it fully with
4471 fd = open_terminal(name, O_RDWR|O_NOCTTY|O_CLOEXEC);
4476 "\033[r" /* clear scrolling region */
4477 "\033[H" /* move home */
4478 "\033[3J", /* clear screen including scrollback, requires Linux 2.6.40 */
4485 int symlink_atomic(const char *from, const char *to) {
4486 _cleanup_free_ char *t = NULL;
4492 r = tempfn_random(to, &t);
4496 if (symlink(from, t) < 0)
4499 if (rename(t, to) < 0) {
4507 int mknod_atomic(const char *path, mode_t mode, dev_t dev) {
4508 _cleanup_free_ char *t = NULL;
4513 r = tempfn_random(path, &t);
4517 if (mknod(t, mode, dev) < 0)
4520 if (rename(t, path) < 0) {
4528 int mkfifo_atomic(const char *path, mode_t mode) {
4529 _cleanup_free_ char *t = NULL;
4534 r = tempfn_random(path, &t);
4538 if (mkfifo(t, mode) < 0)
4541 if (rename(t, path) < 0) {
4549 bool display_is_local(const char *display) {
4553 display[0] == ':' &&
4554 display[1] >= '0' &&
4558 int socket_from_display(const char *display, char **path) {
4565 if (!display_is_local(display))
4568 k = strspn(display+1, "0123456789");
4570 f = new(char, strlen("/tmp/.X11-unix/X") + k + 1);
4574 c = stpcpy(f, "/tmp/.X11-unix/X");
4575 memcpy(c, display+1, k);
4584 const char **username,
4585 uid_t *uid, gid_t *gid,
4587 const char **shell) {
4595 /* We enforce some special rules for uid=0: in order to avoid
4596 * NSS lookups for root we hardcode its data. */
4598 if (streq(*username, "root") || streq(*username, "0")) {
4616 if (parse_uid(*username, &u) >= 0) {
4620 /* If there are multiple users with the same id, make
4621 * sure to leave $USER to the configured value instead
4622 * of the first occurrence in the database. However if
4623 * the uid was configured by a numeric uid, then let's
4624 * pick the real username from /etc/passwd. */
4626 *username = p->pw_name;
4629 p = getpwnam(*username);
4633 return errno > 0 ? -errno : -ESRCH;
4645 *shell = p->pw_shell;
4650 char* uid_to_name(uid_t uid) {
4655 return strdup("root");
4659 return strdup(p->pw_name);
4661 if (asprintf(&r, UID_FMT, uid) < 0)
4667 char* gid_to_name(gid_t gid) {
4672 return strdup("root");
4676 return strdup(p->gr_name);
4678 if (asprintf(&r, GID_FMT, gid) < 0)
4684 int get_group_creds(const char **groupname, gid_t *gid) {
4690 /* We enforce some special rules for gid=0: in order to avoid
4691 * NSS lookups for root we hardcode its data. */
4693 if (streq(*groupname, "root") || streq(*groupname, "0")) {
4694 *groupname = "root";
4702 if (parse_gid(*groupname, &id) >= 0) {
4707 *groupname = g->gr_name;
4710 g = getgrnam(*groupname);
4714 return errno > 0 ? -errno : -ESRCH;
4722 int in_gid(gid_t gid) {
4724 int ngroups_max, r, i;
4726 if (getgid() == gid)
4729 if (getegid() == gid)
4732 ngroups_max = sysconf(_SC_NGROUPS_MAX);
4733 assert(ngroups_max > 0);
4735 gids = alloca(sizeof(gid_t) * ngroups_max);
4737 r = getgroups(ngroups_max, gids);
4741 for (i = 0; i < r; i++)
4748 int in_group(const char *name) {
4752 r = get_group_creds(&name, &gid);
4759 int glob_exists(const char *path) {
4760 _cleanup_globfree_ glob_t g = {};
4766 k = glob(path, GLOB_NOSORT|GLOB_BRACE, NULL, &g);
4768 if (k == GLOB_NOMATCH)
4770 else if (k == GLOB_NOSPACE)
4773 return !strv_isempty(g.gl_pathv);
4775 return errno ? -errno : -EIO;
4778 int glob_extend(char ***strv, const char *path) {
4779 _cleanup_globfree_ glob_t g = {};
4784 k = glob(path, GLOB_NOSORT|GLOB_BRACE, NULL, &g);
4786 if (k == GLOB_NOMATCH)
4788 else if (k == GLOB_NOSPACE)
4790 else if (k != 0 || strv_isempty(g.gl_pathv))
4791 return errno ? -errno : -EIO;
4793 STRV_FOREACH(p, g.gl_pathv) {
4794 k = strv_extend(strv, *p);
4802 int dirent_ensure_type(DIR *d, struct dirent *de) {
4808 if (de->d_type != DT_UNKNOWN)
4811 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0)
4815 S_ISREG(st.st_mode) ? DT_REG :
4816 S_ISDIR(st.st_mode) ? DT_DIR :
4817 S_ISLNK(st.st_mode) ? DT_LNK :
4818 S_ISFIFO(st.st_mode) ? DT_FIFO :
4819 S_ISSOCK(st.st_mode) ? DT_SOCK :
4820 S_ISCHR(st.st_mode) ? DT_CHR :
4821 S_ISBLK(st.st_mode) ? DT_BLK :
4827 int get_files_in_directory(const char *path, char ***list) {
4828 _cleanup_closedir_ DIR *d = NULL;
4829 size_t bufsize = 0, n = 0;
4830 _cleanup_strv_free_ char **l = NULL;
4834 /* Returns all files in a directory in *list, and the number
4835 * of files as return value. If list is NULL returns only the
4847 if (!de && errno != 0)
4852 dirent_ensure_type(d, de);
4854 if (!dirent_is_file(de))
4858 /* one extra slot is needed for the terminating NULL */
4859 if (!GREEDY_REALLOC(l, bufsize, n + 2))
4862 l[n] = strdup(de->d_name);
4873 l = NULL; /* avoid freeing */
4879 char *strjoin(const char *x, ...) {
4893 t = va_arg(ap, const char *);
4898 if (n > ((size_t) -1) - l) {
4922 t = va_arg(ap, const char *);
4936 bool is_main_thread(void) {
4937 static thread_local int cached = 0;
4939 if (_unlikely_(cached == 0))
4940 cached = getpid() == gettid() ? 1 : -1;
4945 int block_get_whole_disk(dev_t d, dev_t *ret) {
4952 /* If it has a queue this is good enough for us */
4953 if (asprintf(&p, "/sys/dev/block/%u:%u/queue", major(d), minor(d)) < 0)
4956 r = access(p, F_OK);
4964 /* If it is a partition find the originating device */
4965 if (asprintf(&p, "/sys/dev/block/%u:%u/partition", major(d), minor(d)) < 0)
4968 r = access(p, F_OK);
4974 /* Get parent dev_t */
4975 if (asprintf(&p, "/sys/dev/block/%u:%u/../dev", major(d), minor(d)) < 0)
4978 r = read_one_line_file(p, &s);
4984 r = sscanf(s, "%u:%u", &m, &n);
4990 /* Only return this if it is really good enough for us. */
4991 if (asprintf(&p, "/sys/dev/block/%u:%u/queue", m, n) < 0)
4994 r = access(p, F_OK);
4998 *ret = makedev(m, n);
5005 static const char *const ioprio_class_table[] = {
5006 [IOPRIO_CLASS_NONE] = "none",
5007 [IOPRIO_CLASS_RT] = "realtime",
5008 [IOPRIO_CLASS_BE] = "best-effort",
5009 [IOPRIO_CLASS_IDLE] = "idle"
5012 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(ioprio_class, int, INT_MAX);
5014 static const char *const sigchld_code_table[] = {
5015 [CLD_EXITED] = "exited",
5016 [CLD_KILLED] = "killed",
5017 [CLD_DUMPED] = "dumped",
5018 [CLD_TRAPPED] = "trapped",
5019 [CLD_STOPPED] = "stopped",
5020 [CLD_CONTINUED] = "continued",
5023 DEFINE_STRING_TABLE_LOOKUP(sigchld_code, int);
5025 static const char *const log_facility_unshifted_table[LOG_NFACILITIES] = {
5026 [LOG_FAC(LOG_KERN)] = "kern",
5027 [LOG_FAC(LOG_USER)] = "user",
5028 [LOG_FAC(LOG_MAIL)] = "mail",
5029 [LOG_FAC(LOG_DAEMON)] = "daemon",
5030 [LOG_FAC(LOG_AUTH)] = "auth",
5031 [LOG_FAC(LOG_SYSLOG)] = "syslog",
5032 [LOG_FAC(LOG_LPR)] = "lpr",
5033 [LOG_FAC(LOG_NEWS)] = "news",
5034 [LOG_FAC(LOG_UUCP)] = "uucp",
5035 [LOG_FAC(LOG_CRON)] = "cron",
5036 [LOG_FAC(LOG_AUTHPRIV)] = "authpriv",
5037 [LOG_FAC(LOG_FTP)] = "ftp",
5038 [LOG_FAC(LOG_LOCAL0)] = "local0",
5039 [LOG_FAC(LOG_LOCAL1)] = "local1",
5040 [LOG_FAC(LOG_LOCAL2)] = "local2",
5041 [LOG_FAC(LOG_LOCAL3)] = "local3",
5042 [LOG_FAC(LOG_LOCAL4)] = "local4",
5043 [LOG_FAC(LOG_LOCAL5)] = "local5",
5044 [LOG_FAC(LOG_LOCAL6)] = "local6",
5045 [LOG_FAC(LOG_LOCAL7)] = "local7"
5048 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(log_facility_unshifted, int, LOG_FAC(~0));
5050 static const char *const log_level_table[] = {
5051 [LOG_EMERG] = "emerg",
5052 [LOG_ALERT] = "alert",
5053 [LOG_CRIT] = "crit",
5055 [LOG_WARNING] = "warning",
5056 [LOG_NOTICE] = "notice",
5057 [LOG_INFO] = "info",
5058 [LOG_DEBUG] = "debug"
5061 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(log_level, int, LOG_DEBUG);
5063 static const char* const sched_policy_table[] = {
5064 [SCHED_OTHER] = "other",
5065 [SCHED_BATCH] = "batch",
5066 [SCHED_IDLE] = "idle",
5067 [SCHED_FIFO] = "fifo",
5071 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(sched_policy, int, INT_MAX);
5073 static const char* const rlimit_table[_RLIMIT_MAX] = {
5074 [RLIMIT_CPU] = "LimitCPU",
5075 [RLIMIT_FSIZE] = "LimitFSIZE",
5076 [RLIMIT_DATA] = "LimitDATA",
5077 [RLIMIT_STACK] = "LimitSTACK",
5078 [RLIMIT_CORE] = "LimitCORE",
5079 [RLIMIT_RSS] = "LimitRSS",
5080 [RLIMIT_NOFILE] = "LimitNOFILE",
5081 [RLIMIT_AS] = "LimitAS",
5082 [RLIMIT_NPROC] = "LimitNPROC",
5083 [RLIMIT_MEMLOCK] = "LimitMEMLOCK",
5084 [RLIMIT_LOCKS] = "LimitLOCKS",
5085 [RLIMIT_SIGPENDING] = "LimitSIGPENDING",
5086 [RLIMIT_MSGQUEUE] = "LimitMSGQUEUE",
5087 [RLIMIT_NICE] = "LimitNICE",
5088 [RLIMIT_RTPRIO] = "LimitRTPRIO",
5089 [RLIMIT_RTTIME] = "LimitRTTIME"
5092 DEFINE_STRING_TABLE_LOOKUP(rlimit, int);
5094 static const char* const ip_tos_table[] = {
5095 [IPTOS_LOWDELAY] = "low-delay",
5096 [IPTOS_THROUGHPUT] = "throughput",
5097 [IPTOS_RELIABILITY] = "reliability",
5098 [IPTOS_LOWCOST] = "low-cost",
5101 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(ip_tos, int, 0xff);
5103 static const char *const __signal_table[] = {
5120 [SIGSTKFLT] = "STKFLT", /* Linux on SPARC doesn't know SIGSTKFLT */
5131 [SIGVTALRM] = "VTALRM",
5133 [SIGWINCH] = "WINCH",
5139 DEFINE_PRIVATE_STRING_TABLE_LOOKUP(__signal, int);
5141 const char *signal_to_string(int signo) {
5142 static thread_local char buf[sizeof("RTMIN+")-1 + DECIMAL_STR_MAX(int) + 1];
5145 name = __signal_to_string(signo);
5149 if (signo >= SIGRTMIN && signo <= SIGRTMAX)
5150 snprintf(buf, sizeof(buf), "RTMIN+%d", signo - SIGRTMIN);
5152 snprintf(buf, sizeof(buf), "%d", signo);
5157 int signal_from_string(const char *s) {
5162 signo = __signal_from_string(s);
5166 if (startswith(s, "RTMIN+")) {
5170 if (safe_atou(s, &u) >= 0) {
5171 signo = (int) u + offset;
5172 if (signo > 0 && signo < _NSIG)
5178 bool kexec_loaded(void) {
5179 bool loaded = false;
5182 if (read_one_line_file("/sys/kernel/kexec_loaded", &s) >= 0) {
5190 int prot_from_flags(int flags) {
5192 switch (flags & O_ACCMODE) {
5201 return PROT_READ|PROT_WRITE;
5208 char *format_bytes(char *buf, size_t l, off_t t) {
5211 static const struct {
5215 { "E", 1024ULL*1024ULL*1024ULL*1024ULL*1024ULL*1024ULL },
5216 { "P", 1024ULL*1024ULL*1024ULL*1024ULL*1024ULL },
5217 { "T", 1024ULL*1024ULL*1024ULL*1024ULL },
5218 { "G", 1024ULL*1024ULL*1024ULL },
5219 { "M", 1024ULL*1024ULL },
5223 if (t == (off_t) -1)
5226 for (i = 0; i < ELEMENTSOF(table); i++) {
5228 if (t >= table[i].factor) {
5231 (unsigned long long) (t / table[i].factor),
5232 (unsigned long long) (((t*10ULL) / table[i].factor) % 10ULL),
5239 snprintf(buf, l, "%lluB", (unsigned long long) t);
5247 void* memdup(const void *p, size_t l) {
5260 int fd_inc_sndbuf(int fd, size_t n) {
5262 socklen_t l = sizeof(value);
5264 r = getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, &l);
5265 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
5268 /* If we have the privileges we will ignore the kernel limit. */
5271 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
5272 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
5278 int fd_inc_rcvbuf(int fd, size_t n) {
5280 socklen_t l = sizeof(value);
5282 r = getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, &l);
5283 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
5286 /* If we have the privileges we will ignore the kernel limit. */
5289 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
5290 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
5295 int fork_agent(pid_t *pid, const int except[], unsigned n_except, const char *path, ...) {
5296 bool stdout_is_tty, stderr_is_tty;
5297 pid_t parent_pid, agent_pid;
5298 sigset_t ss, saved_ss;
5306 /* Spawns a temporary TTY agent, making sure it goes away when
5309 parent_pid = getpid();
5311 /* First we temporarily block all signals, so that the new
5312 * child has them blocked initially. This way, we can be sure
5313 * that SIGTERMs are not lost we might send to the agent. */
5314 assert_se(sigfillset(&ss) >= 0);
5315 assert_se(sigprocmask(SIG_SETMASK, &ss, &saved_ss) >= 0);
5318 if (agent_pid < 0) {
5319 assert_se(sigprocmask(SIG_SETMASK, &saved_ss, NULL) >= 0);
5323 if (agent_pid != 0) {
5324 assert_se(sigprocmask(SIG_SETMASK, &saved_ss, NULL) >= 0);
5331 * Make sure the agent goes away when the parent dies */
5332 if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
5333 _exit(EXIT_FAILURE);
5335 /* Make sure we actually can kill the agent, if we need to, in
5336 * case somebody invoked us from a shell script that trapped
5337 * SIGTERM or so... */
5338 reset_all_signal_handlers();
5339 reset_signal_mask();
5341 /* Check whether our parent died before we were able
5342 * to set the death signal and unblock the signals */
5343 if (getppid() != parent_pid)
5344 _exit(EXIT_SUCCESS);
5346 /* Don't leak fds to the agent */
5347 close_all_fds(except, n_except);
5349 stdout_is_tty = isatty(STDOUT_FILENO);
5350 stderr_is_tty = isatty(STDERR_FILENO);
5352 if (!stdout_is_tty || !stderr_is_tty) {
5355 /* Detach from stdout/stderr. and reopen
5356 * /dev/tty for them. This is important to
5357 * ensure that when systemctl is started via
5358 * popen() or a similar call that expects to
5359 * read EOF we actually do generate EOF and
5360 * not delay this indefinitely by because we
5361 * keep an unused copy of stdin around. */
5362 fd = open("/dev/tty", O_WRONLY);
5364 log_error_errno(errno, "Failed to open /dev/tty: %m");
5365 _exit(EXIT_FAILURE);
5369 dup2(fd, STDOUT_FILENO);
5372 dup2(fd, STDERR_FILENO);
5378 /* Count arguments */
5380 for (n = 0; va_arg(ap, char*); n++)
5385 l = alloca(sizeof(char *) * (n + 1));
5387 /* Fill in arguments */
5389 for (i = 0; i <= n; i++)
5390 l[i] = va_arg(ap, char*);
5394 _exit(EXIT_FAILURE);
5397 int setrlimit_closest(int resource, const struct rlimit *rlim) {
5398 struct rlimit highest, fixed;
5402 if (setrlimit(resource, rlim) >= 0)
5408 /* So we failed to set the desired setrlimit, then let's try
5409 * to get as close as we can */
5410 assert_se(getrlimit(resource, &highest) == 0);
5412 fixed.rlim_cur = MIN(rlim->rlim_cur, highest.rlim_max);
5413 fixed.rlim_max = MIN(rlim->rlim_max, highest.rlim_max);
5415 if (setrlimit(resource, &fixed) < 0)
5421 int getenv_for_pid(pid_t pid, const char *field, char **_value) {
5422 _cleanup_fclose_ FILE *f = NULL;
5433 path = procfs_file_alloca(pid, "environ");
5435 f = fopen(path, "re");
5443 char line[LINE_MAX];
5446 for (i = 0; i < sizeof(line)-1; i++) {
5450 if (_unlikely_(c == EOF)) {
5460 if (memcmp(line, field, l) == 0 && line[l] == '=') {
5461 value = strdup(line + l + 1);
5475 bool http_etag_is_valid(const char *etag) {
5479 if (!endswith(etag, "\""))
5482 if (!startswith(etag, "\"") && !startswith(etag, "W/\""))
5488 bool http_url_is_valid(const char *url) {
5494 p = startswith(url, "http://");
5496 p = startswith(url, "https://");
5503 return ascii_is_valid(p);
5506 bool documentation_url_is_valid(const char *url) {
5512 if (http_url_is_valid(url))
5515 p = startswith(url, "file:/");
5517 p = startswith(url, "info:");
5519 p = startswith(url, "man:");
5524 return ascii_is_valid(p);
5527 bool in_initrd(void) {
5528 static int saved = -1;
5534 /* We make two checks here:
5536 * 1. the flag file /etc/initrd-release must exist
5537 * 2. the root file system must be a memory file system
5539 * The second check is extra paranoia, since misdetecting an
5540 * initrd can have bad bad consequences due the initrd
5541 * emptying when transititioning to the main systemd.
5544 saved = access("/etc/initrd-release", F_OK) >= 0 &&
5545 statfs("/", &s) >= 0 &&
5546 is_temporary_fs(&s);
5551 void warn_melody(void) {
5552 _cleanup_close_ int fd = -1;
5554 fd = open("/dev/console", O_WRONLY|O_CLOEXEC|O_NOCTTY);
5558 /* Yeah, this is synchronous. Kinda sucks. But well... */
5560 ioctl(fd, KIOCSOUND, (int)(1193180/440));
5561 usleep(125*USEC_PER_MSEC);
5563 ioctl(fd, KIOCSOUND, (int)(1193180/220));
5564 usleep(125*USEC_PER_MSEC);
5566 ioctl(fd, KIOCSOUND, (int)(1193180/220));
5567 usleep(125*USEC_PER_MSEC);
5569 ioctl(fd, KIOCSOUND, 0);
5572 int make_console_stdio(void) {
5575 /* Make /dev/console the controlling terminal and stdin/stdout/stderr */
5577 fd = acquire_terminal("/dev/console", false, true, true, USEC_INFINITY);
5579 return log_error_errno(fd, "Failed to acquire terminal: %m");
5583 return log_error_errno(r, "Failed to duplicate terminal fd: %m");
5588 int get_home_dir(char **_h) {
5596 /* Take the user specified one */
5597 e = secure_getenv("HOME");
5598 if (e && path_is_absolute(e)) {
5607 /* Hardcode home directory for root to avoid NSS */
5610 h = strdup("/root");
5618 /* Check the database... */
5622 return errno > 0 ? -errno : -ESRCH;
5624 if (!path_is_absolute(p->pw_dir))
5627 h = strdup(p->pw_dir);
5635 int get_shell(char **_s) {
5643 /* Take the user specified one */
5644 e = getenv("SHELL");
5654 /* Hardcode home directory for root to avoid NSS */
5657 s = strdup("/bin/sh");
5665 /* Check the database... */
5669 return errno > 0 ? -errno : -ESRCH;
5671 if (!path_is_absolute(p->pw_shell))
5674 s = strdup(p->pw_shell);
5682 bool filename_is_valid(const char *p) {
5696 if (strlen(p) > FILENAME_MAX)
5702 bool string_is_safe(const char *p) {
5708 for (t = p; *t; t++) {
5709 if (*t > 0 && *t < ' ')
5712 if (strchr("\\\"\'\0x7f", *t))
5720 * Check if a string contains control characters. If 'ok' is non-NULL
5721 * it may be a string containing additional CCs to be considered OK.
5723 bool string_has_cc(const char *p, const char *ok) {
5728 for (t = p; *t; t++) {
5729 if (ok && strchr(ok, *t))
5732 if (*t > 0 && *t < ' ')
5742 bool path_is_safe(const char *p) {
5747 if (streq(p, "..") || startswith(p, "../") || endswith(p, "/..") || strstr(p, "/../"))
5750 if (strlen(p) > PATH_MAX)
5753 /* The following two checks are not really dangerous, but hey, they still are confusing */
5754 if (streq(p, ".") || startswith(p, "./") || endswith(p, "/.") || strstr(p, "/./"))
5757 if (strstr(p, "//"))
5763 /* hey glibc, APIs with callbacks without a user pointer are so useless */
5764 void *xbsearch_r(const void *key, const void *base, size_t nmemb, size_t size,
5765 int (*compar) (const void *, const void *, void *), void *arg) {
5774 p = (void *)(((const char *) base) + (idx * size));
5775 comparison = compar(key, p, arg);
5778 else if (comparison > 0)
5786 void init_gettext(void) {
5787 setlocale(LC_ALL, "");
5788 textdomain(GETTEXT_PACKAGE);
5791 bool is_locale_utf8(void) {
5793 static int cached_answer = -1;
5795 if (cached_answer >= 0)
5798 if (!setlocale(LC_ALL, "")) {
5799 cached_answer = true;
5803 set = nl_langinfo(CODESET);
5805 cached_answer = true;
5809 if (streq(set, "UTF-8")) {
5810 cached_answer = true;
5814 /* For LC_CTYPE=="C" return true, because CTYPE is effectly
5815 * unset and everything can do to UTF-8 nowadays. */
5816 set = setlocale(LC_CTYPE, NULL);
5818 cached_answer = true;
5822 /* Check result, but ignore the result if C was set
5826 !getenv("LC_ALL") &&
5827 !getenv("LC_CTYPE") &&
5831 return (bool) cached_answer;
5834 const char *draw_special_char(DrawSpecialChar ch) {
5835 static const char *draw_table[2][_DRAW_SPECIAL_CHAR_MAX] = {
5838 [DRAW_TREE_VERTICAL] = "\342\224\202 ", /* │ */
5839 [DRAW_TREE_BRANCH] = "\342\224\234\342\224\200", /* ├─ */
5840 [DRAW_TREE_RIGHT] = "\342\224\224\342\224\200", /* └─ */
5841 [DRAW_TREE_SPACE] = " ", /* */
5842 [DRAW_TRIANGULAR_BULLET] = "\342\200\243", /* ‣ */
5843 [DRAW_BLACK_CIRCLE] = "\342\227\217", /* ● */
5844 [DRAW_ARROW] = "\342\206\222", /* → */
5845 [DRAW_DASH] = "\342\200\223", /* – */
5848 /* ASCII fallback */ {
5849 [DRAW_TREE_VERTICAL] = "| ",
5850 [DRAW_TREE_BRANCH] = "|-",
5851 [DRAW_TREE_RIGHT] = "`-",
5852 [DRAW_TREE_SPACE] = " ",
5853 [DRAW_TRIANGULAR_BULLET] = ">",
5854 [DRAW_BLACK_CIRCLE] = "*",
5855 [DRAW_ARROW] = "->",
5860 return draw_table[!is_locale_utf8()][ch];
5863 char *strreplace(const char *text, const char *old_string, const char *new_string) {
5866 size_t l, old_len, new_len;
5872 old_len = strlen(old_string);
5873 new_len = strlen(new_string);
5886 if (!startswith(f, old_string)) {
5892 nl = l - old_len + new_len;
5893 a = realloc(r, nl + 1);
5901 t = stpcpy(t, new_string);
5913 char *strip_tab_ansi(char **ibuf, size_t *_isz) {
5914 const char *i, *begin = NULL;
5919 } state = STATE_OTHER;
5921 size_t osz = 0, isz;
5927 /* Strips ANSI color and replaces TABs by 8 spaces */
5929 isz = _isz ? *_isz : strlen(*ibuf);
5931 f = open_memstream(&obuf, &osz);
5935 for (i = *ibuf; i < *ibuf + isz + 1; i++) {
5940 if (i >= *ibuf + isz) /* EOT */
5942 else if (*i == '\x1B')
5943 state = STATE_ESCAPE;
5944 else if (*i == '\t')
5951 if (i >= *ibuf + isz) { /* EOT */
5954 } else if (*i == '[') {
5955 state = STATE_BRACKET;
5960 state = STATE_OTHER;
5967 if (i >= *ibuf + isz || /* EOT */
5968 (!(*i >= '0' && *i <= '9') && *i != ';' && *i != 'm')) {
5971 state = STATE_OTHER;
5973 } else if (*i == 'm')
5974 state = STATE_OTHER;
5996 int on_ac_power(void) {
5997 bool found_offline = false, found_online = false;
5998 _cleanup_closedir_ DIR *d = NULL;
6000 d = opendir("/sys/class/power_supply");
6002 return errno == ENOENT ? true : -errno;
6006 _cleanup_close_ int fd = -1, device = -1;
6012 if (!de && errno != 0)
6018 if (hidden_file(de->d_name))
6021 device = openat(dirfd(d), de->d_name, O_DIRECTORY|O_RDONLY|O_CLOEXEC|O_NOCTTY);
6023 if (errno == ENOENT || errno == ENOTDIR)
6029 fd = openat(device, "type", O_RDONLY|O_CLOEXEC|O_NOCTTY);
6031 if (errno == ENOENT)
6037 n = read(fd, contents, sizeof(contents));
6041 if (n != 6 || memcmp(contents, "Mains\n", 6))
6045 fd = openat(device, "online", O_RDONLY|O_CLOEXEC|O_NOCTTY);
6047 if (errno == ENOENT)
6053 n = read(fd, contents, sizeof(contents));
6057 if (n != 2 || contents[1] != '\n')
6060 if (contents[0] == '1') {
6061 found_online = true;
6063 } else if (contents[0] == '0')
6064 found_offline = true;
6069 return found_online || !found_offline;
6072 static int search_and_fopen_internal(const char *path, const char *mode, const char *root, char **search, FILE **_f) {
6079 if (!path_strv_resolve_uniq(search, root))
6082 STRV_FOREACH(i, search) {
6083 _cleanup_free_ char *p = NULL;
6087 p = strjoin(root, *i, "/", path, NULL);
6089 p = strjoin(*i, "/", path, NULL);
6099 if (errno != ENOENT)
6106 int search_and_fopen(const char *path, const char *mode, const char *root, const char **search, FILE **_f) {
6107 _cleanup_strv_free_ char **copy = NULL;
6113 if (path_is_absolute(path)) {
6116 f = fopen(path, mode);
6125 copy = strv_copy((char**) search);
6129 return search_and_fopen_internal(path, mode, root, copy, _f);
6132 int search_and_fopen_nulstr(const char *path, const char *mode, const char *root, const char *search, FILE **_f) {
6133 _cleanup_strv_free_ char **s = NULL;
6135 if (path_is_absolute(path)) {
6138 f = fopen(path, mode);
6147 s = strv_split_nulstr(search);
6151 return search_and_fopen_internal(path, mode, root, s, _f);
6154 char *strextend(char **x, ...) {
6161 l = f = *x ? strlen(*x) : 0;
6168 t = va_arg(ap, const char *);
6173 if (n > ((size_t) -1) - l) {
6182 r = realloc(*x, l+1);
6192 t = va_arg(ap, const char *);
6206 char *strrep(const char *s, unsigned n) {
6214 p = r = malloc(l * n + 1);
6218 for (i = 0; i < n; i++)
6225 void* greedy_realloc(void **p, size_t *allocated, size_t need, size_t size) {
6232 if (*allocated >= need)
6235 newalloc = MAX(need * 2, 64u / size);
6236 a = newalloc * size;
6238 /* check for overflows */
6239 if (a < size * need)
6247 *allocated = newalloc;
6251 void* greedy_realloc0(void **p, size_t *allocated, size_t need, size_t size) {
6260 q = greedy_realloc(p, allocated, need, size);
6264 if (*allocated > prev)
6265 memzero(q + prev * size, (*allocated - prev) * size);
6270 bool id128_is_valid(const char *s) {
6276 /* Simple formatted 128bit hex string */
6278 for (i = 0; i < l; i++) {
6281 if (!(c >= '0' && c <= '9') &&
6282 !(c >= 'a' && c <= 'z') &&
6283 !(c >= 'A' && c <= 'Z'))
6287 } else if (l == 36) {
6289 /* Formatted UUID */
6291 for (i = 0; i < l; i++) {
6294 if ((i == 8 || i == 13 || i == 18 || i == 23)) {
6298 if (!(c >= '0' && c <= '9') &&
6299 !(c >= 'a' && c <= 'z') &&
6300 !(c >= 'A' && c <= 'Z'))
6311 int split_pair(const char *s, const char *sep, char **l, char **r) {
6326 a = strndup(s, x - s);
6330 b = strdup(x + strlen(sep));
6342 int shall_restore_state(void) {
6343 _cleanup_free_ char *value = NULL;
6346 r = get_proc_cmdline_key("systemd.restore_state=", &value);
6352 return parse_boolean(value) != 0;
6355 int proc_cmdline(char **ret) {
6358 if (detect_container(NULL) > 0)
6359 return get_process_cmdline(1, 0, false, ret);
6361 return read_one_line_file("/proc/cmdline", ret);
6364 int parse_proc_cmdline(int (*parse_item)(const char *key, const char *value)) {
6365 _cleanup_free_ char *line = NULL;
6371 r = proc_cmdline(&line);
6377 _cleanup_free_ char *word = NULL;
6380 r = unquote_first_word(&p, &word, true);
6386 /* Filter out arguments that are intended only for the
6388 if (!in_initrd() && startswith(word, "rd."))
6391 value = strchr(word, '=');
6395 r = parse_item(word, value);
6403 int get_proc_cmdline_key(const char *key, char **value) {
6404 _cleanup_free_ char *line = NULL, *ret = NULL;
6411 r = proc_cmdline(&line);
6417 _cleanup_free_ char *word = NULL;
6420 r = unquote_first_word(&p, &word, true);
6426 /* Filter out arguments that are intended only for the
6428 if (!in_initrd() && startswith(word, "rd."))
6432 e = startswith(word, key);
6436 r = free_and_strdup(&ret, e);
6442 if (streq(word, key))
6456 int container_get_leader(const char *machine, pid_t *pid) {
6457 _cleanup_free_ char *s = NULL, *class = NULL;
6465 p = strjoina("/run/systemd/machines/", machine);
6466 r = parse_env_file(p, NEWLINE, "LEADER", &s, "CLASS", &class, NULL);
6474 if (!streq_ptr(class, "container"))
6477 r = parse_pid(s, &leader);
6487 int namespace_open(pid_t pid, int *pidns_fd, int *mntns_fd, int *netns_fd, int *root_fd) {
6488 _cleanup_close_ int pidnsfd = -1, mntnsfd = -1, netnsfd = -1;
6496 mntns = procfs_file_alloca(pid, "ns/mnt");
6497 mntnsfd = open(mntns, O_RDONLY|O_NOCTTY|O_CLOEXEC);
6505 pidns = procfs_file_alloca(pid, "ns/pid");
6506 pidnsfd = open(pidns, O_RDONLY|O_NOCTTY|O_CLOEXEC);
6514 netns = procfs_file_alloca(pid, "ns/net");
6515 netnsfd = open(netns, O_RDONLY|O_NOCTTY|O_CLOEXEC);
6523 root = procfs_file_alloca(pid, "root");
6524 rfd = open(root, O_RDONLY|O_NOCTTY|O_CLOEXEC|O_DIRECTORY);
6530 *pidns_fd = pidnsfd;
6533 *mntns_fd = mntnsfd;
6536 *netns_fd = netnsfd;
6541 pidnsfd = mntnsfd = netnsfd = -1;
6546 int namespace_enter(int pidns_fd, int mntns_fd, int netns_fd, int root_fd) {
6549 if (setns(pidns_fd, CLONE_NEWPID) < 0)
6553 if (setns(mntns_fd, CLONE_NEWNS) < 0)
6557 if (setns(netns_fd, CLONE_NEWNET) < 0)
6561 if (fchdir(root_fd) < 0)
6564 if (chroot(".") < 0)
6568 if (setresgid(0, 0, 0) < 0)
6571 if (setgroups(0, NULL) < 0)
6574 if (setresuid(0, 0, 0) < 0)
6580 bool pid_is_unwaited(pid_t pid) {
6581 /* Checks whether a PID is still valid at all, including a zombie */
6586 if (kill(pid, 0) >= 0)
6589 return errno != ESRCH;
6592 bool pid_is_alive(pid_t pid) {
6595 /* Checks whether a PID is still valid and not a zombie */
6600 r = get_process_state(pid);
6601 if (r == -ENOENT || r == 'Z')
6607 int getpeercred(int fd, struct ucred *ucred) {
6608 socklen_t n = sizeof(struct ucred);
6615 r = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &u, &n);
6619 if (n != sizeof(struct ucred))
6622 /* Check if the data is actually useful and not suppressed due
6623 * to namespacing issues */
6626 if (u.uid == UID_INVALID)
6628 if (u.gid == GID_INVALID)
6635 int getpeersec(int fd, char **ret) {
6647 r = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, s, &n);
6651 if (errno != ERANGE)
6658 r = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, s, &n);
6674 /* This is much like like mkostemp() but is subject to umask(). */
6675 int mkostemp_safe(char *pattern, int flags) {
6676 _cleanup_umask_ mode_t u;
6683 fd = mkostemp(pattern, flags);
6690 int open_tmpfile(const char *path, int flags) {
6697 /* Try O_TMPFILE first, if it is supported */
6698 fd = open(path, flags|O_TMPFILE, S_IRUSR|S_IWUSR);
6703 /* Fall back to unguessable name + unlinking */
6704 p = strjoina(path, "/systemd-tmp-XXXXXX");
6706 fd = mkostemp_safe(p, flags);
6714 int fd_warn_permissions(const char *path, int fd) {
6717 if (fstat(fd, &st) < 0)
6720 if (st.st_mode & 0111)
6721 log_warning("Configuration file %s is marked executable. Please remove executable permission bits. Proceeding anyway.", path);
6723 if (st.st_mode & 0002)
6724 log_warning("Configuration file %s is marked world-writable. Please remove world writability permission bits. Proceeding anyway.", path);
6726 if (getpid() == 1 && (st.st_mode & 0044) != 0044)
6727 log_warning("Configuration file %s is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.", path);
6732 unsigned long personality_from_string(const char *p) {
6734 /* Parse a personality specifier. We introduce our own
6735 * identifiers that indicate specific ABIs, rather than just
6736 * hints regarding the register size, since we want to keep
6737 * things open for multiple locally supported ABIs for the
6738 * same register size. We try to reuse the ABI identifiers
6739 * used by libseccomp. */
6741 #if defined(__x86_64__)
6743 if (streq(p, "x86"))
6746 if (streq(p, "x86-64"))
6749 #elif defined(__i386__)
6751 if (streq(p, "x86"))
6755 /* personality(7) documents that 0xffffffffUL is used for
6756 * querying the current personality, hence let's use that here
6757 * as error indicator. */
6758 return 0xffffffffUL;
6761 const char* personality_to_string(unsigned long p) {
6763 #if defined(__x86_64__)
6765 if (p == PER_LINUX32)
6771 #elif defined(__i386__)
6780 uint64_t physical_memory(void) {
6783 /* We return this as uint64_t in case we are running as 32bit
6784 * process on a 64bit kernel with huge amounts of memory */
6786 mem = sysconf(_SC_PHYS_PAGES);
6789 return (uint64_t) mem * (uint64_t) page_size();
6792 void hexdump(FILE *f, const void *p, size_t s) {
6793 const uint8_t *b = p;
6796 assert(s == 0 || b);
6801 fprintf(f, "%04x ", n);
6803 for (i = 0; i < 16; i++) {
6808 fprintf(f, "%02x ", b[i]);
6816 for (i = 0; i < 16; i++) {
6821 fputc(isprint(b[i]) ? (char) b[i] : '.', f);
6835 int update_reboot_param_file(const char *param) {
6840 r = write_string_file(REBOOT_PARAM_FILE, param);
6842 log_error("Failed to write reboot param to "
6843 REBOOT_PARAM_FILE": %s", strerror(-r));
6845 unlink(REBOOT_PARAM_FILE);
6850 int umount_recursive(const char *prefix, int flags) {
6854 /* Try to umount everything recursively below a
6855 * directory. Also, take care of stacked mounts, and keep
6856 * unmounting them until they are gone. */
6859 _cleanup_fclose_ FILE *proc_self_mountinfo = NULL;
6864 proc_self_mountinfo = fopen("/proc/self/mountinfo", "re");
6865 if (!proc_self_mountinfo)
6869 _cleanup_free_ char *path = NULL, *p = NULL;
6872 k = fscanf(proc_self_mountinfo,
6873 "%*s " /* (1) mount id */
6874 "%*s " /* (2) parent id */
6875 "%*s " /* (3) major:minor */
6876 "%*s " /* (4) root */
6877 "%ms " /* (5) mount point */
6878 "%*s" /* (6) mount options */
6879 "%*[^-]" /* (7) optional fields */
6880 "- " /* (8) separator */
6881 "%*s " /* (9) file system type */
6882 "%*s" /* (10) mount source */
6883 "%*s" /* (11) mount options 2 */
6884 "%*[^\n]", /* some rubbish at the end */
6893 p = cunescape(path);
6897 if (!path_startswith(p, prefix))
6900 if (umount2(p, flags) < 0) {
6916 static int get_mount_flags(const char *path, unsigned long *flags) {
6919 if (statvfs(path, &buf) < 0)
6921 *flags = buf.f_flag;
6925 int bind_remount_recursive(const char *prefix, bool ro) {
6926 _cleanup_set_free_free_ Set *done = NULL;
6927 _cleanup_free_ char *cleaned = NULL;
6930 /* Recursively remount a directory (and all its submounts)
6931 * read-only or read-write. If the directory is already
6932 * mounted, we reuse the mount and simply mark it
6933 * MS_BIND|MS_RDONLY (or remove the MS_RDONLY for read-write
6934 * operation). If it isn't we first make it one. Afterwards we
6935 * apply MS_BIND|MS_RDONLY (or remove MS_RDONLY) to all
6936 * submounts we can access, too. When mounts are stacked on
6937 * the same mount point we only care for each individual
6938 * "top-level" mount on each point, as we cannot
6939 * influence/access the underlying mounts anyway. We do not
6940 * have any effect on future submounts that might get
6941 * propagated, they migt be writable. This includes future
6942 * submounts that have been triggered via autofs. */
6944 cleaned = strdup(prefix);
6948 path_kill_slashes(cleaned);
6950 done = set_new(&string_hash_ops);
6955 _cleanup_fclose_ FILE *proc_self_mountinfo = NULL;
6956 _cleanup_set_free_free_ Set *todo = NULL;
6957 bool top_autofs = false;
6959 unsigned long orig_flags;
6961 todo = set_new(&string_hash_ops);
6965 proc_self_mountinfo = fopen("/proc/self/mountinfo", "re");
6966 if (!proc_self_mountinfo)
6970 _cleanup_free_ char *path = NULL, *p = NULL, *type = NULL;
6973 k = fscanf(proc_self_mountinfo,
6974 "%*s " /* (1) mount id */
6975 "%*s " /* (2) parent id */
6976 "%*s " /* (3) major:minor */
6977 "%*s " /* (4) root */
6978 "%ms " /* (5) mount point */
6979 "%*s" /* (6) mount options (superblock) */
6980 "%*[^-]" /* (7) optional fields */
6981 "- " /* (8) separator */
6982 "%ms " /* (9) file system type */
6983 "%*s" /* (10) mount source */
6984 "%*s" /* (11) mount options (bind mount) */
6985 "%*[^\n]", /* some rubbish at the end */
6995 p = cunescape(path);
6999 /* Let's ignore autofs mounts. If they aren't
7000 * triggered yet, we want to avoid triggering
7001 * them, as we don't make any guarantees for
7002 * future submounts anyway. If they are
7003 * already triggered, then we will find
7004 * another entry for this. */
7005 if (streq(type, "autofs")) {
7006 top_autofs = top_autofs || path_equal(cleaned, p);
7010 if (path_startswith(p, cleaned) &&
7011 !set_contains(done, p)) {
7013 r = set_consume(todo, p);
7023 /* If we have no submounts to process anymore and if
7024 * the root is either already done, or an autofs, we
7026 if (set_isempty(todo) &&
7027 (top_autofs || set_contains(done, cleaned)))
7030 if (!set_contains(done, cleaned) &&
7031 !set_contains(todo, cleaned)) {
7032 /* The prefix directory itself is not yet a
7033 * mount, make it one. */
7034 if (mount(cleaned, cleaned, NULL, MS_BIND|MS_REC, NULL) < 0)
7038 (void) get_mount_flags(cleaned, &orig_flags);
7039 orig_flags &= ~MS_RDONLY;
7041 if (mount(NULL, prefix, NULL, orig_flags|MS_BIND|MS_REMOUNT|(ro ? MS_RDONLY : 0), NULL) < 0)
7044 x = strdup(cleaned);
7048 r = set_consume(done, x);
7053 while ((x = set_steal_first(todo))) {
7055 r = set_consume(done, x);
7061 /* Try to reuse the original flag set, but
7062 * don't care for errors, in case of
7063 * obstructed mounts */
7065 (void) get_mount_flags(x, &orig_flags);
7066 orig_flags &= ~MS_RDONLY;
7068 if (mount(NULL, x, NULL, orig_flags|MS_BIND|MS_REMOUNT|(ro ? MS_RDONLY : 0), NULL) < 0) {
7070 /* Deal with mount points that are
7071 * obstructed by a later mount */
7073 if (errno != ENOENT)
7081 int fflush_and_check(FILE *f) {
7088 return errno ? -errno : -EIO;
7093 int tempfn_xxxxxx(const char *p, char **ret) {
7105 * /foo/bar/.#waldoXXXXXX
7109 if (!filename_is_valid(fn))
7112 t = new(char, strlen(p) + 2 + 6 + 1);
7116 strcpy(stpcpy(stpcpy(mempcpy(t, p, fn - p), ".#"), fn), "XXXXXX");
7118 *ret = path_kill_slashes(t);
7122 int tempfn_random(const char *p, char **ret) {
7136 * /foo/bar/.#waldobaa2a261115984a9
7140 if (!filename_is_valid(fn))
7143 t = new(char, strlen(p) + 2 + 16 + 1);
7147 x = stpcpy(stpcpy(mempcpy(t, p, fn - p), ".#"), fn);
7150 for (i = 0; i < 16; i++) {
7151 *(x++) = hexchar(u & 0xF);
7157 *ret = path_kill_slashes(t);
7161 int tempfn_random_child(const char *p, char **ret) {
7172 * /foo/bar/waldo/.#3c2b6219aa75d7d0
7175 t = new(char, strlen(p) + 3 + 16 + 1);
7179 x = stpcpy(stpcpy(t, p), "/.#");
7182 for (i = 0; i < 16; i++) {
7183 *(x++) = hexchar(u & 0xF);
7189 *ret = path_kill_slashes(t);
7193 /* make sure the hostname is not "localhost" */
7194 bool is_localhost(const char *hostname) {
7197 /* This tries to identify local host and domain names
7198 * described in RFC6761 plus the redhatism of .localdomain */
7200 return streq(hostname, "localhost") ||
7201 streq(hostname, "localhost.") ||
7202 streq(hostname, "localdomain.") ||
7203 streq(hostname, "localdomain") ||
7204 endswith(hostname, ".localhost") ||
7205 endswith(hostname, ".localhost.") ||
7206 endswith(hostname, ".localdomain") ||
7207 endswith(hostname, ".localdomain.");
7210 int take_password_lock(const char *root) {
7212 struct flock flock = {
7214 .l_whence = SEEK_SET,
7222 /* This is roughly the same as lckpwdf(), but not as awful. We
7223 * don't want to use alarm() and signals, hence we implement
7224 * our own trivial version of this.
7226 * Note that shadow-utils also takes per-database locks in
7227 * addition to lckpwdf(). However, we don't given that they
7228 * are redundant as they they invoke lckpwdf() first and keep
7229 * it during everything they do. The per-database locks are
7230 * awfully racy, and thus we just won't do them. */
7233 path = strjoina(root, "/etc/.pwd.lock");
7235 path = "/etc/.pwd.lock";
7237 fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0600);
7241 r = fcntl(fd, F_SETLKW, &flock);
7250 int is_symlink(const char *path) {
7253 if (lstat(path, &info) < 0)
7256 return !!S_ISLNK(info.st_mode);
7259 int is_dir(const char* path, bool follow) {
7264 r = stat(path, &st);
7266 r = lstat(path, &st);
7270 return !!S_ISDIR(st.st_mode);
7273 int unquote_first_word(const char **p, char **ret, bool relax) {
7274 _cleanup_free_ char *s = NULL;
7275 size_t allocated = 0, sz = 0;
7282 SINGLE_QUOTE_ESCAPE,
7284 DOUBLE_QUOTE_ESCAPE,
7292 /* Parses the first word of a string, and returns it in
7293 * *ret. Removes all quotes in the process. When parsing fails
7294 * (because of an uneven number of quotes or similar), leaves
7295 * the pointer *p at the first invalid character. */
7305 else if (strchr(WHITESPACE, c))
7315 state = SINGLE_QUOTE;
7317 state = VALUE_ESCAPE;
7319 state = DOUBLE_QUOTE;
7320 else if (strchr(WHITESPACE, c))
7323 if (!GREEDY_REALLOC(s, allocated, sz+2))
7338 if (!GREEDY_REALLOC(s, allocated, sz+2))
7351 } else if (c == '\'')
7354 state = SINGLE_QUOTE_ESCAPE;
7356 if (!GREEDY_REALLOC(s, allocated, sz+2))
7364 case SINGLE_QUOTE_ESCAPE:
7371 if (!GREEDY_REALLOC(s, allocated, sz+2))
7375 state = SINGLE_QUOTE;
7384 state = DOUBLE_QUOTE_ESCAPE;
7386 if (!GREEDY_REALLOC(s, allocated, sz+2))
7394 case DOUBLE_QUOTE_ESCAPE:
7401 if (!GREEDY_REALLOC(s, allocated, sz+2))
7405 state = DOUBLE_QUOTE;
7411 if (!strchr(WHITESPACE, c))
7433 int unquote_many_words(const char **p, ...) {
7438 /* Parses a number of words from a string, stripping any
7439 * quotes if necessary. */
7443 /* Count how many words are expected */
7446 if (!va_arg(ap, char **))
7455 /* Read all words into a temporary array */
7456 l = newa0(char*, n);
7457 for (c = 0; c < n; c++) {
7459 r = unquote_first_word(p, &l[c], false);
7463 for (j = 0; j < c; j++)
7473 /* If we managed to parse all words, return them in the passed
7476 for (i = 0; i < n; i++) {
7479 v = va_arg(ap, char **);
7489 int free_and_strdup(char **p, const char *s) {
7494 /* Replaces a string pointer with an strdup()ed new string,
7495 * possibly freeing the old one. */
7510 int sethostname_idempotent(const char *s) {
7512 char buf[HOST_NAME_MAX + 1] = {};
7516 r = gethostname(buf, sizeof(buf));
7523 r = sethostname(s, strlen(s));
7530 int ptsname_malloc(int fd, char **ret) {
7543 if (ptsname_r(fd, c, l) == 0) {
7547 if (errno != ERANGE) {
7557 int openpt_in_namespace(pid_t pid, int flags) {
7558 _cleanup_close_ int pidnsfd = -1, mntnsfd = -1, rootfd = -1;
7559 _cleanup_close_pair_ int pair[2] = { -1, -1 };
7561 struct cmsghdr cmsghdr;
7562 uint8_t buf[CMSG_SPACE(sizeof(int))];
7564 struct msghdr mh = {
7565 .msg_control = &control,
7566 .msg_controllen = sizeof(control),
7568 struct cmsghdr *cmsg;
7575 r = namespace_open(pid, &pidnsfd, &mntnsfd, NULL, &rootfd);
7579 if (socketpair(AF_UNIX, SOCK_DGRAM, 0, pair) < 0)
7589 pair[0] = safe_close(pair[0]);
7591 r = namespace_enter(pidnsfd, mntnsfd, -1, rootfd);
7593 _exit(EXIT_FAILURE);
7595 master = posix_openpt(flags);
7597 _exit(EXIT_FAILURE);
7599 cmsg = CMSG_FIRSTHDR(&mh);
7600 cmsg->cmsg_level = SOL_SOCKET;
7601 cmsg->cmsg_type = SCM_RIGHTS;
7602 cmsg->cmsg_len = CMSG_LEN(sizeof(int));
7603 memcpy(CMSG_DATA(cmsg), &master, sizeof(int));
7605 mh.msg_controllen = cmsg->cmsg_len;
7607 if (sendmsg(pair[1], &mh, MSG_NOSIGNAL) < 0)
7608 _exit(EXIT_FAILURE);
7610 _exit(EXIT_SUCCESS);
7613 pair[1] = safe_close(pair[1]);
7615 r = wait_for_terminate(child, &si);
7618 if (si.si_code != CLD_EXITED || si.si_status != EXIT_SUCCESS)
7621 if (recvmsg(pair[0], &mh, MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) < 0)
7624 for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg))
7625 if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
7629 fds = (int*) CMSG_DATA(cmsg);
7630 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
7633 close_many(fds, n_fds);
7643 ssize_t fgetxattrat_fake(int dirfd, const char *filename, const char *attribute, void *value, size_t size, int flags) {
7644 _cleanup_close_ int fd = -1;
7647 /* The kernel doesn't have a fgetxattrat() command, hence let's emulate one */
7649 fd = openat(dirfd, filename, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOATIME|(flags & AT_SYMLINK_NOFOLLOW ? O_NOFOLLOW : 0));
7653 l = fgetxattr(fd, attribute, value, size);
7660 static int parse_crtime(le64_t le, usec_t *usec) {
7666 if (u == 0 || u == (uint64_t) -1)
7673 int fd_getcrtime(int fd, usec_t *usec) {
7680 /* Until Linux gets a real concept of birthtime/creation time,
7681 * let's fake one with xattrs */
7683 n = fgetxattr(fd, "user.crtime_usec", &le, sizeof(le));
7686 if (n != sizeof(le))
7689 return parse_crtime(le, usec);
7692 int fd_getcrtime_at(int dirfd, const char *name, usec_t *usec, int flags) {
7696 n = fgetxattrat_fake(dirfd, name, "user.crtime_usec", &le, sizeof(le), flags);
7699 if (n != sizeof(le))
7702 return parse_crtime(le, usec);
7705 int path_getcrtime(const char *p, usec_t *usec) {
7712 n = getxattr(p, "user.crtime_usec", &le, sizeof(le));
7715 if (n != sizeof(le))
7718 return parse_crtime(le, usec);
7721 int fd_setcrtime(int fd, usec_t usec) {
7727 usec = now(CLOCK_REALTIME);
7729 le = htole64((uint64_t) usec);
7730 if (fsetxattr(fd, "user.crtime_usec", &le, sizeof(le), 0) < 0)
7736 int same_fd(int a, int b) {
7737 struct stat sta, stb;
7744 /* Compares two file descriptors. Note that semantics are
7745 * quite different depending on whether we have kcmp() or we
7746 * don't. If we have kcmp() this will only return true for
7747 * dup()ed file descriptors, but not otherwise. If we don't
7748 * have kcmp() this will also return true for two fds of the same
7749 * file, created by separate open() calls. Since we use this
7750 * call mostly for filtering out duplicates in the fd store
7751 * this difference hopefully doesn't matter too much. */
7756 /* Try to use kcmp() if we have it. */
7758 r = kcmp(pid, pid, KCMP_FILE, a, b);
7763 if (errno != ENOSYS)
7766 /* We don't have kcmp(), use fstat() instead. */
7767 if (fstat(a, &sta) < 0)
7770 if (fstat(b, &stb) < 0)
7773 if ((sta.st_mode & S_IFMT) != (stb.st_mode & S_IFMT))
7776 /* We consider all device fds different, since two device fds
7777 * might refer to quite different device contexts even though
7778 * they share the same inode and backing dev_t. */
7780 if (S_ISCHR(sta.st_mode) || S_ISBLK(sta.st_mode))
7783 if (sta.st_dev != stb.st_dev || sta.st_ino != stb.st_ino)
7786 /* The fds refer to the same inode on disk, let's also check
7787 * if they have the same fd flags. This is useful to
7788 * distuingish the read and write side of a pipe created with
7790 fa = fcntl(a, F_GETFL);
7794 fb = fcntl(b, F_GETFL);
7801 int chattr_fd(int fd, bool b, unsigned mask) {
7802 unsigned old_attr, new_attr;
7809 if (ioctl(fd, FS_IOC_GETFLAGS, &old_attr) < 0)
7813 new_attr = old_attr | mask;
7815 new_attr = old_attr & ~mask;
7817 if (new_attr == old_attr)
7820 if (ioctl(fd, FS_IOC_SETFLAGS, &new_attr) < 0)
7826 int chattr_path(const char *p, bool b, unsigned mask) {
7827 _cleanup_close_ int fd = -1;
7834 fd = open(p, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW);
7838 return chattr_fd(fd, b, mask);
7841 int read_attr_fd(int fd, unsigned *ret) {
7844 if (ioctl(fd, FS_IOC_GETFLAGS, ret) < 0)
7850 int read_attr_path(const char *p, unsigned *ret) {
7851 _cleanup_close_ int fd = -1;
7856 fd = open(p, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW);
7860 return read_attr_fd(fd, ret);
7863 int make_lock_file(const char *p, int operation, LockFile *ret) {
7864 _cleanup_close_ int fd = -1;
7865 _cleanup_free_ char *t = NULL;
7869 * We use UNPOSIX locks if they are available. They have nice
7870 * semantics, and are mostly compatible with NFS. However,
7871 * they are only available on new kernels. When we detect we
7872 * are running on an older kernel, then we fall back to good
7873 * old BSD locks. They also have nice semantics, but are
7874 * slightly problematic on NFS, where they are upgraded to
7875 * POSIX locks, even though locally they are orthogonal to
7885 .l_type = (operation & ~LOCK_NB) == LOCK_EX ? F_WRLCK : F_RDLCK,
7886 .l_whence = SEEK_SET,
7890 fd = open(p, O_CREAT|O_RDWR|O_NOFOLLOW|O_CLOEXEC|O_NOCTTY, 0600);
7894 r = fcntl(fd, (operation & LOCK_NB) ? F_OFD_SETLK : F_OFD_SETLKW, &fl);
7897 /* If the kernel is too old, use good old BSD locks */
7898 if (errno == EINVAL)
7899 r = flock(fd, operation);
7902 return errno == EAGAIN ? -EBUSY : -errno;
7905 /* If we acquired the lock, let's check if the file
7906 * still exists in the file system. If not, then the
7907 * previous exclusive owner removed it and then closed
7908 * it. In such a case our acquired lock is worthless,
7909 * hence try again. */
7914 if (st.st_nlink > 0)
7917 fd = safe_close(fd);
7922 ret->operation = operation;
7930 int make_lock_file_for(const char *p, int operation, LockFile *ret) {
7938 if (!filename_is_valid(fn))
7941 t = newa(char, strlen(p) + 2 + 4 + 1);
7942 stpcpy(stpcpy(stpcpy(mempcpy(t, p, fn - p), ".#"), fn), ".lck");
7944 return make_lock_file(t, operation, ret);
7947 void release_lock_file(LockFile *f) {
7955 /* If we are the exclusive owner we can safely delete
7956 * the lock file itself. If we are not the exclusive
7957 * owner, we can try becoming it. */
7960 (f->operation & ~LOCK_NB) == LOCK_SH) {
7961 static const struct flock fl = {
7963 .l_whence = SEEK_SET,
7966 r = fcntl(f->fd, F_OFD_SETLK, &fl);
7967 if (r < 0 && errno == EINVAL)
7968 r = flock(f->fd, LOCK_EX|LOCK_NB);
7971 f->operation = LOCK_EX|LOCK_NB;
7974 if ((f->operation & ~LOCK_NB) == LOCK_EX)
7975 unlink_noerrno(f->path);
7981 f->fd = safe_close(f->fd);
7985 static size_t nul_length(const uint8_t *p, size_t sz) {
8000 ssize_t sparse_write(int fd, const void *p, size_t sz, size_t run_length) {
8001 const uint8_t *q, *w, *e;
8009 n = nul_length(q, e - q);
8011 /* If there are more than the specified run length of
8012 * NUL bytes, or if this is the beginning or the end
8013 * of the buffer, then seek instead of write */
8014 if ((n > run_length) ||
8015 (n > 0 && q == p) ||
8016 (n > 0 && q + n >= e)) {
8018 l = write(fd, w, q - w);
8025 if (lseek(fd, n, SEEK_CUR) == (off_t) -1)
8037 l = write(fd, w, q - w);
8044 return q - (const uint8_t*) p;
8047 void sigkill_wait(pid_t *pid) {
8053 if (kill(*pid, SIGKILL) > 0)
8054 (void) wait_for_terminate(*pid, NULL);
8057 int syslog_parse_priority(const char **p, int *priority, bool with_facility) {
8058 int a = 0, b = 0, c = 0;
8068 if (!strchr(*p, '>'))
8071 if ((*p)[2] == '>') {
8072 c = undecchar((*p)[1]);
8074 } else if ((*p)[3] == '>') {
8075 b = undecchar((*p)[1]);
8076 c = undecchar((*p)[2]);
8078 } else if ((*p)[4] == '>') {
8079 a = undecchar((*p)[1]);
8080 b = undecchar((*p)[2]);
8081 c = undecchar((*p)[3]);
8086 if (a < 0 || b < 0 || c < 0 ||
8087 (!with_facility && (a || b || c > 7)))
8091 *priority = a*100 + b*10 + c;
8093 *priority = (*priority & LOG_FACMASK) | c;
8099 ssize_t string_table_lookup(const char * const *table, size_t len, const char *key) {
8105 for (i = 0; i < len; ++i)
8106 if (streq_ptr(table[i], key))
8112 void cmsg_close_all(struct msghdr *mh) {
8113 struct cmsghdr *cmsg;
8117 for (cmsg = CMSG_FIRSTHDR(mh); cmsg; cmsg = CMSG_NXTHDR(mh, cmsg))
8118 if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS)
8119 close_many((int*) CMSG_DATA(cmsg), (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int));