1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
31 #include <sys/resource.h>
32 #include <linux/sched.h>
33 #include <sys/types.h>
37 #include <sys/ioctl.h>
39 #include <linux/tiocl.h>
42 #include <sys/inotify.h>
45 #include <sys/prctl.h>
46 #include <sys/utsname.h>
48 #include <netinet/ip.h>
57 #include <sys/mount.h>
58 #include <linux/magic.h>
62 #include <sys/personality.h>
66 #ifdef HAVE_SYS_AUXV_H
78 #include "path-util.h"
79 #include "exit-status.h"
83 #include "device-nodes.h"
90 char **saved_argv = NULL;
92 static volatile unsigned cached_columns = 0;
93 static volatile unsigned cached_lines = 0;
95 size_t page_size(void) {
96 static thread_local size_t pgsz = 0;
99 if (_likely_(pgsz > 0))
102 r = sysconf(_SC_PAGESIZE);
109 bool streq_ptr(const char *a, const char *b) {
111 /* Like streq(), but tries to make sense of NULL pointers */
122 char* endswith(const char *s, const char *postfix) {
129 pl = strlen(postfix);
132 return (char*) s + sl;
137 if (memcmp(s + sl - pl, postfix, pl) != 0)
140 return (char*) s + sl - pl;
143 char* first_word(const char *s, const char *word) {
150 /* Checks if the string starts with the specified word, either
151 * followed by NUL or by whitespace. Returns a pointer to the
152 * NUL or the first character after the whitespace. */
163 if (memcmp(s, word, wl) != 0)
170 if (!strchr(WHITESPACE, *p))
173 p += strspn(p, WHITESPACE);
177 int close_nointr(int fd) {
184 * Just ignore EINTR; a retry loop is the wrong thing to do on
187 * http://lkml.indiana.edu/hypermail/linux/kernel/0509.1/0877.html
188 * https://bugzilla.gnome.org/show_bug.cgi?id=682819
189 * http://utcc.utoronto.ca/~cks/space/blog/unix/CloseEINTR
190 * https://sites.google.com/site/michaelsafyan/software-engineering/checkforeintrwheninvokingclosethinkagain
198 int safe_close(int fd) {
201 * Like close_nointr() but cannot fail. Guarantees errno is
202 * unchanged. Is a NOP with negative fds passed, and returns
203 * -1, so that it can be used in this syntax:
205 * fd = safe_close(fd);
211 /* The kernel might return pretty much any error code
212 * via close(), but the fd will be closed anyway. The
213 * only condition we want to check for here is whether
214 * the fd was invalid at all... */
216 assert_se(close_nointr(fd) != -EBADF);
222 void close_many(const int fds[], unsigned n_fd) {
225 assert(fds || n_fd <= 0);
227 for (i = 0; i < n_fd; i++)
231 int unlink_noerrno(const char *path) {
242 int parse_boolean(const char *v) {
245 if (streq(v, "1") || strcaseeq(v, "yes") || strcaseeq(v, "y") || strcaseeq(v, "true") || strcaseeq(v, "t") || strcaseeq(v, "on"))
247 else if (streq(v, "0") || strcaseeq(v, "no") || strcaseeq(v, "n") || strcaseeq(v, "false") || strcaseeq(v, "f") || strcaseeq(v, "off"))
253 int parse_pid(const char *s, pid_t* ret_pid) {
254 unsigned long ul = 0;
261 r = safe_atolu(s, &ul);
267 if ((unsigned long) pid != ul)
277 int parse_uid(const char *s, uid_t* ret_uid) {
278 unsigned long ul = 0;
285 r = safe_atolu(s, &ul);
291 if ((unsigned long) uid != ul)
294 /* Some libc APIs use (uid_t) -1 as special placeholder */
295 if (uid == (uid_t) 0xFFFFFFFF)
298 /* A long time ago UIDs where 16bit, hence explicitly avoid the 16bit -1 too */
299 if (uid == (uid_t) 0xFFFF)
306 int safe_atou(const char *s, unsigned *ret_u) {
314 l = strtoul(s, &x, 0);
316 if (!x || x == s || *x || errno)
317 return errno > 0 ? -errno : -EINVAL;
319 if ((unsigned long) (unsigned) l != l)
322 *ret_u = (unsigned) l;
326 int safe_atoi(const char *s, int *ret_i) {
334 l = strtol(s, &x, 0);
336 if (!x || x == s || *x || errno)
337 return errno > 0 ? -errno : -EINVAL;
339 if ((long) (int) l != l)
346 int safe_atou8(const char *s, uint8_t *ret) {
354 l = strtoul(s, &x, 0);
356 if (!x || x == s || *x || errno)
357 return errno > 0 ? -errno : -EINVAL;
359 if ((unsigned long) (uint8_t) l != l)
366 int safe_atou16(const char *s, uint16_t *ret) {
374 l = strtoul(s, &x, 0);
376 if (!x || x == s || *x || errno)
377 return errno > 0 ? -errno : -EINVAL;
379 if ((unsigned long) (uint16_t) l != l)
386 int safe_atoi16(const char *s, int16_t *ret) {
394 l = strtol(s, &x, 0);
396 if (!x || x == s || *x || errno)
397 return errno > 0 ? -errno : -EINVAL;
399 if ((long) (int16_t) l != l)
406 int safe_atollu(const char *s, long long unsigned *ret_llu) {
408 unsigned long long l;
414 l = strtoull(s, &x, 0);
416 if (!x || x == s || *x || errno)
417 return errno ? -errno : -EINVAL;
423 int safe_atolli(const char *s, long long int *ret_lli) {
431 l = strtoll(s, &x, 0);
433 if (!x || x == s || *x || errno)
434 return errno ? -errno : -EINVAL;
440 int safe_atod(const char *s, double *ret_d) {
447 RUN_WITH_LOCALE(LC_NUMERIC_MASK, "C") {
452 if (!x || x == s || *x || errno)
453 return errno ? -errno : -EINVAL;
459 static size_t strcspn_escaped(const char *s, const char *reject) {
460 bool escaped = false;
463 for (n=0; s[n]; n++) {
466 else if (s[n] == '\\')
468 else if (strchr(reject, s[n]))
471 /* if s ends in \, return index of previous char */
475 /* Split a string into words. */
476 const char* split(const char **state, size_t *l, const char *separator, bool quoted) {
482 assert(**state == '\0');
486 current += strspn(current, separator);
492 if (quoted && strchr("\'\"", *current)) {
493 char quotechars[2] = {*current, '\0'};
495 *l = strcspn_escaped(current + 1, quotechars);
496 if (current[*l + 1] == '\0' ||
497 (current[*l + 2] && !strchr(separator, current[*l + 2]))) {
498 /* right quote missing or garbage at the end*/
502 assert(current[*l + 1] == quotechars[0]);
503 *state = current++ + *l + 2;
505 *l = strcspn_escaped(current, separator);
506 *state = current + *l;
508 *l = strcspn(current, separator);
509 *state = current + *l;
515 int get_parent_of_pid(pid_t pid, pid_t *_ppid) {
517 _cleanup_free_ char *line = NULL;
529 p = procfs_file_alloca(pid, "stat");
530 r = read_one_line_file(p, &line);
534 /* Let's skip the pid and comm fields. The latter is enclosed
535 * in () but does not escape any () in its value, so let's
536 * skip over it manually */
538 p = strrchr(line, ')');
550 if ((long unsigned) (pid_t) ppid != ppid)
553 *_ppid = (pid_t) ppid;
558 int get_starttime_of_pid(pid_t pid, unsigned long long *st) {
560 _cleanup_free_ char *line = NULL;
566 p = procfs_file_alloca(pid, "stat");
567 r = read_one_line_file(p, &line);
571 /* Let's skip the pid and comm fields. The latter is enclosed
572 * in () but does not escape any () in its value, so let's
573 * skip over it manually */
575 p = strrchr(line, ')');
597 "%*d " /* priority */
599 "%*d " /* num_threads */
600 "%*d " /* itrealvalue */
601 "%llu " /* starttime */,
608 int fchmod_umask(int fd, mode_t m) {
613 r = fchmod(fd, m & (~u)) < 0 ? -errno : 0;
619 char *truncate_nl(char *s) {
622 s[strcspn(s, NEWLINE)] = 0;
626 int get_process_state(pid_t pid) {
630 _cleanup_free_ char *line = NULL;
634 p = procfs_file_alloca(pid, "stat");
635 r = read_one_line_file(p, &line);
639 p = strrchr(line, ')');
645 if (sscanf(p, " %c", &state) != 1)
648 return (unsigned char) state;
651 int get_process_comm(pid_t pid, char **name) {
658 p = procfs_file_alloca(pid, "comm");
660 r = read_one_line_file(p, name);
667 int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char **line) {
668 _cleanup_fclose_ FILE *f = NULL;
676 p = procfs_file_alloca(pid, "cmdline");
682 if (max_length == 0) {
683 size_t len = 0, allocated = 0;
685 while ((c = getc(f)) != EOF) {
687 if (!GREEDY_REALLOC(r, allocated, len+2)) {
692 r[len++] = isprint(c) ? c : ' ';
702 r = new(char, max_length);
708 while ((c = getc(f)) != EOF) {
730 size_t n = MIN(left-1, 3U);
737 /* Kernel threads have no argv[] */
739 _cleanup_free_ char *t = NULL;
747 h = get_process_comm(pid, &t);
751 r = strjoin("[", t, "]", NULL);
760 int is_kernel_thread(pid_t pid) {
772 p = procfs_file_alloca(pid, "cmdline");
777 count = fread(&c, 1, 1, f);
781 /* Kernel threads have an empty cmdline */
784 return eof ? 1 : -errno;
789 int get_process_capeff(pid_t pid, char **capeff) {
795 p = procfs_file_alloca(pid, "status");
797 return get_status_field(p, "\nCapEff:", capeff);
800 static int get_process_link_contents(const char *proc_file, char **name) {
806 r = readlink_malloc(proc_file, name);
808 return r == -ENOENT ? -ESRCH : r;
813 int get_process_exe(pid_t pid, char **name) {
820 p = procfs_file_alloca(pid, "exe");
821 r = get_process_link_contents(p, name);
825 d = endswith(*name, " (deleted)");
832 static int get_process_id(pid_t pid, const char *field, uid_t *uid) {
833 _cleanup_fclose_ FILE *f = NULL;
843 p = procfs_file_alloca(pid, "status");
848 FOREACH_LINE(line, f, return -errno) {
853 if (startswith(l, field)) {
855 l += strspn(l, WHITESPACE);
857 l[strcspn(l, WHITESPACE)] = 0;
859 return parse_uid(l, uid);
866 int get_process_uid(pid_t pid, uid_t *uid) {
867 return get_process_id(pid, "Uid:", uid);
870 int get_process_gid(pid_t pid, gid_t *gid) {
871 assert_cc(sizeof(uid_t) == sizeof(gid_t));
872 return get_process_id(pid, "Gid:", gid);
875 int get_process_cwd(pid_t pid, char **cwd) {
880 p = procfs_file_alloca(pid, "cwd");
882 return get_process_link_contents(p, cwd);
885 int get_process_root(pid_t pid, char **root) {
890 p = procfs_file_alloca(pid, "root");
892 return get_process_link_contents(p, root);
895 char *strnappend(const char *s, const char *suffix, size_t b) {
903 return strndup(suffix, b);
912 if (b > ((size_t) -1) - a)
915 r = new(char, a+b+1);
920 memcpy(r+a, suffix, b);
926 char *strappend(const char *s, const char *suffix) {
927 return strnappend(s, suffix, suffix ? strlen(suffix) : 0);
930 int readlinkat_malloc(int fd, const char *p, char **ret) {
945 n = readlinkat(fd, p, c, l-1);
952 if ((size_t) n < l-1) {
963 int readlink_malloc(const char *p, char **ret) {
964 return readlinkat_malloc(AT_FDCWD, p, ret);
967 int readlink_value(const char *p, char **ret) {
968 _cleanup_free_ char *link = NULL;
972 r = readlink_malloc(p, &link);
976 value = basename(link);
980 value = strdup(value);
989 int readlink_and_make_absolute(const char *p, char **r) {
990 _cleanup_free_ char *target = NULL;
997 j = readlink_malloc(p, &target);
1001 k = file_in_same_dir(p, target);
1009 int readlink_and_canonicalize(const char *p, char **r) {
1016 j = readlink_and_make_absolute(p, &t);
1020 s = canonicalize_file_name(t);
1027 path_kill_slashes(*r);
1032 int reset_all_signal_handlers(void) {
1035 for (sig = 1; sig < _NSIG; sig++) {
1036 struct sigaction sa = {
1037 .sa_handler = SIG_DFL,
1038 .sa_flags = SA_RESTART,
1041 /* These two cannot be caught... */
1042 if (sig == SIGKILL || sig == SIGSTOP)
1045 /* On Linux the first two RT signals are reserved by
1046 * glibc, and sigaction() will return EINVAL for them. */
1047 if ((sigaction(sig, &sa, NULL) < 0))
1048 if (errno != EINVAL && r == 0)
1055 int reset_signal_mask(void) {
1058 if (sigemptyset(&ss) < 0)
1061 if (sigprocmask(SIG_SETMASK, &ss, NULL) < 0)
1067 char *strstrip(char *s) {
1070 /* Drops trailing whitespace. Modifies the string in
1071 * place. Returns pointer to first non-space character */
1073 s += strspn(s, WHITESPACE);
1075 for (e = strchr(s, 0); e > s; e --)
1076 if (!strchr(WHITESPACE, e[-1]))
1084 char *delete_chars(char *s, const char *bad) {
1087 /* Drops all whitespace, regardless where in the string */
1089 for (f = s, t = s; *f; f++) {
1090 if (strchr(bad, *f))
1101 char *file_in_same_dir(const char *path, const char *filename) {
1108 /* This removes the last component of path and appends
1109 * filename, unless the latter is absolute anyway or the
1112 if (path_is_absolute(filename))
1113 return strdup(filename);
1115 if (!(e = strrchr(path, '/')))
1116 return strdup(filename);
1118 k = strlen(filename);
1119 if (!(r = new(char, e-path+1+k+1)))
1122 memcpy(r, path, e-path+1);
1123 memcpy(r+(e-path)+1, filename, k+1);
1128 int rmdir_parents(const char *path, const char *stop) {
1137 /* Skip trailing slashes */
1138 while (l > 0 && path[l-1] == '/')
1144 /* Skip last component */
1145 while (l > 0 && path[l-1] != '/')
1148 /* Skip trailing slashes */
1149 while (l > 0 && path[l-1] == '/')
1155 if (!(t = strndup(path, l)))
1158 if (path_startswith(stop, t)) {
1167 if (errno != ENOENT)
1174 char hexchar(int x) {
1175 static const char table[16] = "0123456789abcdef";
1177 return table[x & 15];
1180 int unhexchar(char c) {
1182 if (c >= '0' && c <= '9')
1185 if (c >= 'a' && c <= 'f')
1186 return c - 'a' + 10;
1188 if (c >= 'A' && c <= 'F')
1189 return c - 'A' + 10;
1194 char *hexmem(const void *p, size_t l) {
1198 z = r = malloc(l * 2 + 1);
1202 for (x = p; x < (const uint8_t*) p + l; x++) {
1203 *(z++) = hexchar(*x >> 4);
1204 *(z++) = hexchar(*x & 15);
1211 void *unhexmem(const char *p, size_t l) {
1217 z = r = malloc((l + 1) / 2 + 1);
1221 for (x = p; x < p + l; x += 2) {
1224 a = unhexchar(x[0]);
1226 b = unhexchar(x[1]);
1230 *(z++) = (uint8_t) a << 4 | (uint8_t) b;
1237 char octchar(int x) {
1238 return '0' + (x & 7);
1241 int unoctchar(char c) {
1243 if (c >= '0' && c <= '7')
1249 char decchar(int x) {
1250 return '0' + (x % 10);
1253 int undecchar(char c) {
1255 if (c >= '0' && c <= '9')
1261 char *cescape(const char *s) {
1267 /* Does C style string escaping. */
1269 r = new(char, strlen(s)*4 + 1);
1273 for (f = s, t = r; *f; f++)
1319 /* For special chars we prefer octal over
1320 * hexadecimal encoding, simply because glib's
1321 * g_strescape() does the same */
1322 if ((*f < ' ') || (*f >= 127)) {
1324 *(t++) = octchar((unsigned char) *f >> 6);
1325 *(t++) = octchar((unsigned char) *f >> 3);
1326 *(t++) = octchar((unsigned char) *f);
1337 char *cunescape_length_with_prefix(const char *s, size_t length, const char *prefix) {
1344 /* Undoes C style string escaping, and optionally prefixes it. */
1346 pl = prefix ? strlen(prefix) : 0;
1348 r = new(char, pl+length+1);
1353 memcpy(r, prefix, pl);
1355 for (f = s, t = r + pl; f < s + length; f++) {
1398 /* This is an extension of the XDG syntax files */
1403 /* hexadecimal encoding */
1406 a = unhexchar(f[1]);
1407 b = unhexchar(f[2]);
1409 if (a < 0 || b < 0 || (a == 0 && b == 0)) {
1410 /* Invalid escape code, let's take it literal then */
1414 *(t++) = (char) ((a << 4) | b);
1429 /* octal encoding */
1432 a = unoctchar(f[0]);
1433 b = unoctchar(f[1]);
1434 c = unoctchar(f[2]);
1436 if (a < 0 || b < 0 || c < 0 || (a == 0 && b == 0 && c == 0)) {
1437 /* Invalid escape code, let's take it literal then */
1441 *(t++) = (char) ((a << 6) | (b << 3) | c);
1449 /* premature end of string.*/
1454 /* Invalid escape code, let's take it literal then */
1466 char *cunescape_length(const char *s, size_t length) {
1467 return cunescape_length_with_prefix(s, length, NULL);
1470 char *cunescape(const char *s) {
1473 return cunescape_length(s, strlen(s));
1476 char *xescape(const char *s, const char *bad) {
1480 /* Escapes all chars in bad, in addition to \ and all special
1481 * chars, in \xFF style escaping. May be reversed with
1484 r = new(char, strlen(s) * 4 + 1);
1488 for (f = s, t = r; *f; f++) {
1490 if ((*f < ' ') || (*f >= 127) ||
1491 (*f == '\\') || strchr(bad, *f)) {
1494 *(t++) = hexchar(*f >> 4);
1495 *(t++) = hexchar(*f);
1505 char *ascii_strlower(char *t) {
1510 for (p = t; *p; p++)
1511 if (*p >= 'A' && *p <= 'Z')
1512 *p = *p - 'A' + 'a';
1517 _pure_ static bool ignore_file_allow_backup(const char *filename) {
1521 filename[0] == '.' ||
1522 streq(filename, "lost+found") ||
1523 streq(filename, "aquota.user") ||
1524 streq(filename, "aquota.group") ||
1525 endswith(filename, ".rpmnew") ||
1526 endswith(filename, ".rpmsave") ||
1527 endswith(filename, ".rpmorig") ||
1528 endswith(filename, ".dpkg-old") ||
1529 endswith(filename, ".dpkg-new") ||
1530 endswith(filename, ".dpkg-tmp") ||
1531 endswith(filename, ".swp");
1534 bool ignore_file(const char *filename) {
1537 if (endswith(filename, "~"))
1540 return ignore_file_allow_backup(filename);
1543 int fd_nonblock(int fd, bool nonblock) {
1548 flags = fcntl(fd, F_GETFL, 0);
1553 nflags = flags | O_NONBLOCK;
1555 nflags = flags & ~O_NONBLOCK;
1557 if (nflags == flags)
1560 if (fcntl(fd, F_SETFL, nflags) < 0)
1566 int fd_cloexec(int fd, bool cloexec) {
1571 flags = fcntl(fd, F_GETFD, 0);
1576 nflags = flags | FD_CLOEXEC;
1578 nflags = flags & ~FD_CLOEXEC;
1580 if (nflags == flags)
1583 if (fcntl(fd, F_SETFD, nflags) < 0)
1589 _pure_ static bool fd_in_set(int fd, const int fdset[], unsigned n_fdset) {
1592 assert(n_fdset == 0 || fdset);
1594 for (i = 0; i < n_fdset; i++)
1601 int close_all_fds(const int except[], unsigned n_except) {
1602 _cleanup_closedir_ DIR *d = NULL;
1606 assert(n_except == 0 || except);
1608 d = opendir("/proc/self/fd");
1613 /* When /proc isn't available (for example in chroots)
1614 * the fallback is brute forcing through the fd
1617 assert_se(getrlimit(RLIMIT_NOFILE, &rl) >= 0);
1618 for (fd = 3; fd < (int) rl.rlim_max; fd ++) {
1620 if (fd_in_set(fd, except, n_except))
1623 if (close_nointr(fd) < 0)
1624 if (errno != EBADF && r == 0)
1631 while ((de = readdir(d))) {
1634 if (ignore_file(de->d_name))
1637 if (safe_atoi(de->d_name, &fd) < 0)
1638 /* Let's better ignore this, just in case */
1647 if (fd_in_set(fd, except, n_except))
1650 if (close_nointr(fd) < 0) {
1651 /* Valgrind has its own FD and doesn't want to have it closed */
1652 if (errno != EBADF && r == 0)
1660 bool chars_intersect(const char *a, const char *b) {
1663 /* Returns true if any of the chars in a are in b. */
1664 for (p = a; *p; p++)
1671 bool fstype_is_network(const char *fstype) {
1672 static const char table[] =
1686 x = startswith(fstype, "fuse.");
1690 return nulstr_contains(table, fstype);
1694 _cleanup_close_ int fd;
1696 fd = open_terminal("/dev/tty0", O_RDWR|O_NOCTTY|O_CLOEXEC);
1702 TIOCL_GETKMSGREDIRECT,
1706 if (ioctl(fd, TIOCLINUX, tiocl) < 0)
1709 vt = tiocl[0] <= 0 ? 1 : tiocl[0];
1712 if (ioctl(fd, VT_ACTIVATE, vt) < 0)
1718 int read_one_char(FILE *f, char *ret, usec_t t, bool *need_nl) {
1719 struct termios old_termios, new_termios;
1720 char c, line[LINE_MAX];
1725 if (tcgetattr(fileno(f), &old_termios) >= 0) {
1726 new_termios = old_termios;
1728 new_termios.c_lflag &= ~ICANON;
1729 new_termios.c_cc[VMIN] = 1;
1730 new_termios.c_cc[VTIME] = 0;
1732 if (tcsetattr(fileno(f), TCSADRAIN, &new_termios) >= 0) {
1735 if (t != USEC_INFINITY) {
1736 if (fd_wait_for_event(fileno(f), POLLIN, t) <= 0) {
1737 tcsetattr(fileno(f), TCSADRAIN, &old_termios);
1742 k = fread(&c, 1, 1, f);
1744 tcsetattr(fileno(f), TCSADRAIN, &old_termios);
1750 *need_nl = c != '\n';
1757 if (t != USEC_INFINITY) {
1758 if (fd_wait_for_event(fileno(f), POLLIN, t) <= 0)
1763 if (!fgets(line, sizeof(line), f))
1764 return errno ? -errno : -EIO;
1768 if (strlen(line) != 1)
1778 int ask_char(char *ret, const char *replies, const char *text, ...) {
1788 bool need_nl = true;
1791 fputs(ANSI_HIGHLIGHT_ON, stdout);
1798 fputs(ANSI_HIGHLIGHT_OFF, stdout);
1802 r = read_one_char(stdin, &c, USEC_INFINITY, &need_nl);
1805 if (r == -EBADMSG) {
1806 puts("Bad input, please try again.");
1817 if (strchr(replies, c)) {
1822 puts("Read unexpected character, please try again.");
1826 int ask_string(char **ret, const char *text, ...) {
1831 char line[LINE_MAX];
1835 fputs(ANSI_HIGHLIGHT_ON, stdout);
1842 fputs(ANSI_HIGHLIGHT_OFF, stdout);
1847 if (!fgets(line, sizeof(line), stdin))
1848 return errno ? -errno : -EIO;
1850 if (!endswith(line, "\n"))
1869 int reset_terminal_fd(int fd, bool switch_to_text) {
1870 struct termios termios;
1873 /* Set terminal to some sane defaults */
1877 /* We leave locked terminal attributes untouched, so that
1878 * Plymouth may set whatever it wants to set, and we don't
1879 * interfere with that. */
1881 /* Disable exclusive mode, just in case */
1882 ioctl(fd, TIOCNXCL);
1884 /* Switch to text mode */
1886 ioctl(fd, KDSETMODE, KD_TEXT);
1888 /* Enable console unicode mode */
1889 ioctl(fd, KDSKBMODE, K_UNICODE);
1891 if (tcgetattr(fd, &termios) < 0) {
1896 /* We only reset the stuff that matters to the software. How
1897 * hardware is set up we don't touch assuming that somebody
1898 * else will do that for us */
1900 termios.c_iflag &= ~(IGNBRK | BRKINT | ISTRIP | INLCR | IGNCR | IUCLC);
1901 termios.c_iflag |= ICRNL | IMAXBEL | IUTF8;
1902 termios.c_oflag |= ONLCR;
1903 termios.c_cflag |= CREAD;
1904 termios.c_lflag = ISIG | ICANON | IEXTEN | ECHO | ECHOE | ECHOK | ECHOCTL | ECHOPRT | ECHOKE;
1906 termios.c_cc[VINTR] = 03; /* ^C */
1907 termios.c_cc[VQUIT] = 034; /* ^\ */
1908 termios.c_cc[VERASE] = 0177;
1909 termios.c_cc[VKILL] = 025; /* ^X */
1910 termios.c_cc[VEOF] = 04; /* ^D */
1911 termios.c_cc[VSTART] = 021; /* ^Q */
1912 termios.c_cc[VSTOP] = 023; /* ^S */
1913 termios.c_cc[VSUSP] = 032; /* ^Z */
1914 termios.c_cc[VLNEXT] = 026; /* ^V */
1915 termios.c_cc[VWERASE] = 027; /* ^W */
1916 termios.c_cc[VREPRINT] = 022; /* ^R */
1917 termios.c_cc[VEOL] = 0;
1918 termios.c_cc[VEOL2] = 0;
1920 termios.c_cc[VTIME] = 0;
1921 termios.c_cc[VMIN] = 1;
1923 if (tcsetattr(fd, TCSANOW, &termios) < 0)
1927 /* Just in case, flush all crap out */
1928 tcflush(fd, TCIOFLUSH);
1933 int reset_terminal(const char *name) {
1934 _cleanup_close_ int fd = -1;
1936 fd = open_terminal(name, O_RDWR|O_NOCTTY|O_CLOEXEC);
1940 return reset_terminal_fd(fd, true);
1943 int open_terminal(const char *name, int mode) {
1948 * If a TTY is in the process of being closed opening it might
1949 * cause EIO. This is horribly awful, but unlikely to be
1950 * changed in the kernel. Hence we work around this problem by
1951 * retrying a couple of times.
1953 * https://bugs.launchpad.net/ubuntu/+source/linux/+bug/554172/comments/245
1956 assert(!(mode & O_CREAT));
1959 fd = open(name, mode, 0);
1966 /* Max 1s in total */
1970 usleep(50 * USEC_PER_MSEC);
1988 int flush_fd(int fd) {
1989 struct pollfd pollfd = {
1999 r = poll(&pollfd, 1, 0);
2009 l = read(fd, buf, sizeof(buf));
2015 if (errno == EAGAIN)
2024 int acquire_terminal(
2028 bool ignore_tiocstty_eperm,
2031 int fd = -1, notify = -1, r = 0, wd = -1;
2036 /* We use inotify to be notified when the tty is closed. We
2037 * create the watch before checking if we can actually acquire
2038 * it, so that we don't lose any event.
2040 * Note: strictly speaking this actually watches for the
2041 * device being closed, it does *not* really watch whether a
2042 * tty loses its controlling process. However, unless some
2043 * rogue process uses TIOCNOTTY on /dev/tty *after* closing
2044 * its tty otherwise this will not become a problem. As long
2045 * as the administrator makes sure not configure any service
2046 * on the same tty as an untrusted user this should not be a
2047 * problem. (Which he probably should not do anyway.) */
2049 if (timeout != USEC_INFINITY)
2050 ts = now(CLOCK_MONOTONIC);
2052 if (!fail && !force) {
2053 notify = inotify_init1(IN_CLOEXEC | (timeout != USEC_INFINITY ? IN_NONBLOCK : 0));
2059 wd = inotify_add_watch(notify, name, IN_CLOSE);
2067 struct sigaction sa_old, sa_new = {
2068 .sa_handler = SIG_IGN,
2069 .sa_flags = SA_RESTART,
2073 r = flush_fd(notify);
2078 /* We pass here O_NOCTTY only so that we can check the return
2079 * value TIOCSCTTY and have a reliable way to figure out if we
2080 * successfully became the controlling process of the tty */
2081 fd = open_terminal(name, O_RDWR|O_NOCTTY|O_CLOEXEC);
2085 /* Temporarily ignore SIGHUP, so that we don't get SIGHUP'ed
2086 * if we already own the tty. */
2087 assert_se(sigaction(SIGHUP, &sa_new, &sa_old) == 0);
2089 /* First, try to get the tty */
2090 if (ioctl(fd, TIOCSCTTY, force) < 0)
2093 assert_se(sigaction(SIGHUP, &sa_old, NULL) == 0);
2095 /* Sometimes it makes sense to ignore TIOCSCTTY
2096 * returning EPERM, i.e. when very likely we already
2097 * are have this controlling terminal. */
2098 if (r < 0 && r == -EPERM && ignore_tiocstty_eperm)
2101 if (r < 0 && (force || fail || r != -EPERM)) {
2110 assert(notify >= 0);
2113 uint8_t inotify_buffer[sizeof(struct inotify_event) + FILENAME_MAX];
2115 struct inotify_event *e;
2117 if (timeout != USEC_INFINITY) {
2120 n = now(CLOCK_MONOTONIC);
2121 if (ts + timeout < n) {
2126 r = fd_wait_for_event(fd, POLLIN, ts + timeout - n);
2136 l = read(notify, inotify_buffer, sizeof(inotify_buffer));
2139 if (errno == EINTR || errno == EAGAIN)
2146 e = (struct inotify_event*) inotify_buffer;
2151 if (e->wd != wd || !(e->mask & IN_CLOSE)) {
2156 step = sizeof(struct inotify_event) + e->len;
2157 assert(step <= (size_t) l);
2159 e = (struct inotify_event*) ((uint8_t*) e + step);
2166 /* We close the tty fd here since if the old session
2167 * ended our handle will be dead. It's important that
2168 * we do this after sleeping, so that we don't enter
2169 * an endless loop. */
2170 fd = safe_close(fd);
2175 r = reset_terminal_fd(fd, true);
2177 log_warning("Failed to reset terminal: %s", strerror(-r));
2188 int release_terminal(void) {
2189 static const struct sigaction sa_new = {
2190 .sa_handler = SIG_IGN,
2191 .sa_flags = SA_RESTART,
2194 _cleanup_close_ int fd = -1;
2195 struct sigaction sa_old;
2198 fd = open("/dev/tty", O_RDWR|O_NOCTTY|O_NDELAY|O_CLOEXEC);
2202 /* Temporarily ignore SIGHUP, so that we don't get SIGHUP'ed
2203 * by our own TIOCNOTTY */
2204 assert_se(sigaction(SIGHUP, &sa_new, &sa_old) == 0);
2206 if (ioctl(fd, TIOCNOTTY) < 0)
2209 assert_se(sigaction(SIGHUP, &sa_old, NULL) == 0);
2214 int sigaction_many(const struct sigaction *sa, ...) {
2219 while ((sig = va_arg(ap, int)) > 0)
2220 if (sigaction(sig, sa, NULL) < 0)
2227 int ignore_signals(int sig, ...) {
2228 struct sigaction sa = {
2229 .sa_handler = SIG_IGN,
2230 .sa_flags = SA_RESTART,
2235 if (sigaction(sig, &sa, NULL) < 0)
2239 while ((sig = va_arg(ap, int)) > 0)
2240 if (sigaction(sig, &sa, NULL) < 0)
2247 int default_signals(int sig, ...) {
2248 struct sigaction sa = {
2249 .sa_handler = SIG_DFL,
2250 .sa_flags = SA_RESTART,
2255 if (sigaction(sig, &sa, NULL) < 0)
2259 while ((sig = va_arg(ap, int)) > 0)
2260 if (sigaction(sig, &sa, NULL) < 0)
2267 void safe_close_pair(int p[]) {
2271 /* Special case pairs which use the same fd in both
2273 p[0] = p[1] = safe_close(p[0]);
2277 p[0] = safe_close(p[0]);
2278 p[1] = safe_close(p[1]);
2281 ssize_t loop_read(int fd, void *buf, size_t nbytes, bool do_poll) {
2288 while (nbytes > 0) {
2291 k = read(fd, p, nbytes);
2292 if (k < 0 && errno == EINTR)
2295 if (k < 0 && errno == EAGAIN && do_poll) {
2297 /* We knowingly ignore any return value here,
2298 * and expect that any error/EOF is reported
2301 fd_wait_for_event(fd, POLLIN, USEC_INFINITY);
2306 return n > 0 ? n : (k < 0 ? -errno : 0);
2316 ssize_t loop_write(int fd, const void *buf, size_t nbytes, bool do_poll) {
2317 const uint8_t *p = buf;
2323 while (nbytes > 0) {
2326 k = write(fd, p, nbytes);
2327 if (k < 0 && errno == EINTR)
2330 if (k < 0 && errno == EAGAIN && do_poll) {
2332 /* We knowingly ignore any return value here,
2333 * and expect that any error/EOF is reported
2336 fd_wait_for_event(fd, POLLOUT, USEC_INFINITY);
2341 return n > 0 ? n : (k < 0 ? -errno : 0);
2351 int parse_size(const char *t, off_t base, off_t *size) {
2353 /* Soo, sometimes we want to parse IEC binary suffxies, and
2354 * sometimes SI decimal suffixes. This function can parse
2355 * both. Which one is the right way depends on the
2356 * context. Wikipedia suggests that SI is customary for
2357 * hardrware metrics and network speeds, while IEC is
2358 * customary for most data sizes used by software and volatile
2359 * (RAM) memory. Hence be careful which one you pick!
2361 * In either case we use just K, M, G as suffix, and not Ki,
2362 * Mi, Gi or so (as IEC would suggest). That's because that's
2363 * frickin' ugly. But this means you really need to make sure
2364 * to document which base you are parsing when you use this
2369 unsigned long long factor;
2372 static const struct table iec[] = {
2373 { "E", 1024ULL*1024ULL*1024ULL*1024ULL*1024ULL*1024ULL },
2374 { "P", 1024ULL*1024ULL*1024ULL*1024ULL*1024ULL },
2375 { "T", 1024ULL*1024ULL*1024ULL*1024ULL },
2376 { "G", 1024ULL*1024ULL*1024ULL },
2377 { "M", 1024ULL*1024ULL },
2383 static const struct table si[] = {
2384 { "E", 1000ULL*1000ULL*1000ULL*1000ULL*1000ULL*1000ULL },
2385 { "P", 1000ULL*1000ULL*1000ULL*1000ULL*1000ULL },
2386 { "T", 1000ULL*1000ULL*1000ULL*1000ULL },
2387 { "G", 1000ULL*1000ULL*1000ULL },
2388 { "M", 1000ULL*1000ULL },
2394 const struct table *table;
2396 unsigned long long r = 0;
2397 unsigned n_entries, start_pos = 0;
2400 assert(base == 1000 || base == 1024);
2405 n_entries = ELEMENTSOF(si);
2408 n_entries = ELEMENTSOF(iec);
2414 unsigned long long l2;
2420 l = strtoll(p, &e, 10);
2433 if (*e >= '0' && *e <= '9') {
2436 /* strotoull itself would accept space/+/- */
2437 l2 = strtoull(e, &e2, 10);
2439 if (errno == ERANGE)
2442 /* Ignore failure. E.g. 10.M is valid */
2449 e += strspn(e, WHITESPACE);
2451 for (i = start_pos; i < n_entries; i++)
2452 if (startswith(e, table[i].suffix)) {
2453 unsigned long long tmp;
2454 if ((unsigned long long) l + (frac > 0) > ULLONG_MAX / table[i].factor)
2456 tmp = l * table[i].factor + (unsigned long long) (frac * table[i].factor);
2457 if (tmp > ULLONG_MAX - r)
2461 if ((unsigned long long) (off_t) r != r)
2464 p = e + strlen(table[i].suffix);
2480 int make_stdio(int fd) {
2485 r = dup3(fd, STDIN_FILENO, 0);
2486 s = dup3(fd, STDOUT_FILENO, 0);
2487 t = dup3(fd, STDERR_FILENO, 0);
2492 if (r < 0 || s < 0 || t < 0)
2495 /* We rely here that the new fd has O_CLOEXEC not set */
2500 int make_null_stdio(void) {
2503 null_fd = open("/dev/null", O_RDWR|O_NOCTTY);
2507 return make_stdio(null_fd);
2510 bool is_device_path(const char *path) {
2512 /* Returns true on paths that refer to a device, either in
2513 * sysfs or in /dev */
2516 path_startswith(path, "/dev/") ||
2517 path_startswith(path, "/sys/");
2520 int dir_is_empty(const char *path) {
2521 _cleanup_closedir_ DIR *d;
2532 if (!de && errno != 0)
2538 if (!ignore_file(de->d_name))
2543 char* dirname_malloc(const char *path) {
2544 char *d, *dir, *dir2;
2561 int dev_urandom(void *p, size_t n) {
2562 static int have_syscall = -1;
2566 /* Gathers some randomness from the kernel. This call will
2567 * never block, and will always return some data from the
2568 * kernel, regardless if the random pool is fully initialized
2569 * or not. It thus makes no guarantee for the quality of the
2570 * returned entropy, but is good enough for or usual usecases
2571 * of seeding the hash functions for hashtable */
2573 /* Use the getrandom() syscall unless we know we don't have
2574 * it, or when the requested size is too large for it. */
2575 if (have_syscall != 0 || (size_t) (int) n != n) {
2576 r = getrandom(p, n, GRND_NONBLOCK);
2578 have_syscall = true;
2583 if (errno == ENOSYS)
2584 /* we lack the syscall, continue with
2585 * reading from /dev/urandom */
2586 have_syscall = false;
2587 else if (errno == EAGAIN)
2588 /* not enough entropy for now. Let's
2589 * remember to use the syscall the
2590 * next time, again, but also read
2591 * from /dev/urandom for now, which
2592 * doesn't care about the current
2593 * amount of entropy. */
2594 have_syscall = true;
2598 /* too short read? */
2602 fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC|O_NOCTTY);
2604 return errno == ENOENT ? -ENOSYS : -errno;
2606 k = loop_read(fd, p, n, true);
2611 if ((size_t) k != n)
2617 void initialize_srand(void) {
2618 static bool srand_called = false;
2620 #ifdef HAVE_SYS_AUXV_H
2629 #ifdef HAVE_SYS_AUXV_H
2630 /* The kernel provides us with a bit of entropy in auxv, so
2631 * let's try to make use of that to seed the pseudo-random
2632 * generator. It's better than nothing... */
2634 auxv = (void*) getauxval(AT_RANDOM);
2636 x ^= *(unsigned*) auxv;
2639 x ^= (unsigned) now(CLOCK_REALTIME);
2640 x ^= (unsigned) gettid();
2643 srand_called = true;
2646 void random_bytes(void *p, size_t n) {
2650 r = dev_urandom(p, n);
2654 /* If some idiot made /dev/urandom unavailable to us, he'll
2655 * get a PRNG instead. */
2659 for (q = p; q < (uint8_t*) p + n; q ++)
2663 void rename_process(const char name[8]) {
2666 /* This is a like a poor man's setproctitle(). It changes the
2667 * comm field, argv[0], and also the glibc's internally used
2668 * name of the process. For the first one a limit of 16 chars
2669 * applies, to the second one usually one of 10 (i.e. length
2670 * of "/sbin/init"), to the third one one of 7 (i.e. length of
2671 * "systemd"). If you pass a longer string it will be
2674 prctl(PR_SET_NAME, name);
2676 if (program_invocation_name)
2677 strncpy(program_invocation_name, name, strlen(program_invocation_name));
2679 if (saved_argc > 0) {
2683 strncpy(saved_argv[0], name, strlen(saved_argv[0]));
2685 for (i = 1; i < saved_argc; i++) {
2689 memzero(saved_argv[i], strlen(saved_argv[i]));
2694 void sigset_add_many(sigset_t *ss, ...) {
2701 while ((sig = va_arg(ap, int)) > 0)
2702 assert_se(sigaddset(ss, sig) == 0);
2706 int sigprocmask_many(int how, ...) {
2711 assert_se(sigemptyset(&ss) == 0);
2714 while ((sig = va_arg(ap, int)) > 0)
2715 assert_se(sigaddset(&ss, sig) == 0);
2718 if (sigprocmask(how, &ss, NULL) < 0)
2724 char* gethostname_malloc(void) {
2727 assert_se(uname(&u) >= 0);
2729 if (!isempty(u.nodename) && !streq(u.nodename, "(none)"))
2730 return strdup(u.nodename);
2732 return strdup(u.sysname);
2735 bool hostname_is_set(void) {
2738 assert_se(uname(&u) >= 0);
2740 return !isempty(u.nodename) && !streq(u.nodename, "(none)");
2743 char *lookup_uid(uid_t uid) {
2746 _cleanup_free_ char *buf = NULL;
2747 struct passwd pwbuf, *pw = NULL;
2749 /* Shortcut things to avoid NSS lookups */
2751 return strdup("root");
2753 bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
2757 buf = malloc(bufsize);
2761 if (getpwuid_r(uid, &pwbuf, buf, bufsize, &pw) == 0 && pw)
2762 return strdup(pw->pw_name);
2764 if (asprintf(&name, UID_FMT, uid) < 0)
2770 char* getlogname_malloc(void) {
2774 if (isatty(STDIN_FILENO) && fstat(STDIN_FILENO, &st) >= 0)
2779 return lookup_uid(uid);
2782 char *getusername_malloc(void) {
2789 return lookup_uid(getuid());
2792 int getttyname_malloc(int fd, char **r) {
2793 char path[PATH_MAX], *c;
2798 k = ttyname_r(fd, path, sizeof(path));
2804 c = strdup(startswith(path, "/dev/") ? path + 5 : path);
2812 int getttyname_harder(int fd, char **r) {
2816 k = getttyname_malloc(fd, &s);
2820 if (streq(s, "tty")) {
2822 return get_ctty(0, NULL, r);
2829 int get_ctty_devnr(pid_t pid, dev_t *d) {
2831 _cleanup_free_ char *line = NULL;
2833 unsigned long ttynr;
2837 p = procfs_file_alloca(pid, "stat");
2838 r = read_one_line_file(p, &line);
2842 p = strrchr(line, ')');
2852 "%*d " /* session */
2857 if (major(ttynr) == 0 && minor(ttynr) == 0)
2866 int get_ctty(pid_t pid, dev_t *_devnr, char **r) {
2867 char fn[sizeof("/dev/char/")-1 + 2*DECIMAL_STR_MAX(unsigned) + 1 + 1], *b = NULL;
2868 _cleanup_free_ char *s = NULL;
2875 k = get_ctty_devnr(pid, &devnr);
2879 sprintf(fn, "/dev/char/%u:%u", major(devnr), minor(devnr));
2881 k = readlink_malloc(fn, &s);
2887 /* This is an ugly hack */
2888 if (major(devnr) == 136) {
2889 asprintf(&b, "pts/%u", minor(devnr));
2893 /* Probably something like the ptys which have no
2894 * symlink in /dev/char. Let's return something
2895 * vaguely useful. */
2901 if (startswith(s, "/dev/"))
2903 else if (startswith(s, "../"))
2921 int rm_rf_children_dangerous(int fd, bool only_dirs, bool honour_sticky, struct stat *root_dev) {
2922 _cleanup_closedir_ DIR *d = NULL;
2927 /* This returns the first error we run into, but nevertheless
2928 * tries to go on. This closes the passed fd. */
2934 return errno == ENOENT ? 0 : -errno;
2939 bool is_dir, keep_around;
2946 if (errno != 0 && ret == 0)
2951 if (streq(de->d_name, ".") || streq(de->d_name, ".."))
2954 if (de->d_type == DT_UNKNOWN ||
2956 (de->d_type == DT_DIR && root_dev)) {
2957 if (fstatat(fd, de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
2958 if (ret == 0 && errno != ENOENT)
2963 is_dir = S_ISDIR(st.st_mode);
2966 (st.st_uid == 0 || st.st_uid == getuid()) &&
2967 (st.st_mode & S_ISVTX);
2969 is_dir = de->d_type == DT_DIR;
2970 keep_around = false;
2976 /* if root_dev is set, remove subdirectories only, if device is same as dir */
2977 if (root_dev && st.st_dev != root_dev->st_dev)
2980 subdir_fd = openat(fd, de->d_name,
2981 O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
2982 if (subdir_fd < 0) {
2983 if (ret == 0 && errno != ENOENT)
2988 r = rm_rf_children_dangerous(subdir_fd, only_dirs, honour_sticky, root_dev);
2989 if (r < 0 && ret == 0)
2993 if (unlinkat(fd, de->d_name, AT_REMOVEDIR) < 0) {
2994 if (ret == 0 && errno != ENOENT)
2998 } else if (!only_dirs && !keep_around) {
3000 if (unlinkat(fd, de->d_name, 0) < 0) {
3001 if (ret == 0 && errno != ENOENT)
3008 _pure_ static int is_temporary_fs(struct statfs *s) {
3011 return F_TYPE_EQUAL(s->f_type, TMPFS_MAGIC) ||
3012 F_TYPE_EQUAL(s->f_type, RAMFS_MAGIC);
3015 int rm_rf_children(int fd, bool only_dirs, bool honour_sticky, struct stat *root_dev) {
3020 if (fstatfs(fd, &s) < 0) {
3025 /* We refuse to clean disk file systems with this call. This
3026 * is extra paranoia just to be sure we never ever remove
3028 if (!is_temporary_fs(&s)) {
3029 log_error("Attempted to remove disk file system, and we can't allow that.");
3034 return rm_rf_children_dangerous(fd, only_dirs, honour_sticky, root_dev);
3037 static int file_is_priv_sticky(const char *p) {
3042 if (lstat(p, &st) < 0)
3046 (st.st_uid == 0 || st.st_uid == getuid()) &&
3047 (st.st_mode & S_ISVTX);
3050 static int rm_rf_internal(const char *path, bool only_dirs, bool delete_root, bool honour_sticky, bool dangerous) {
3056 /* We refuse to clean the root file system with this
3057 * call. This is extra paranoia to never cause a really
3058 * seriously broken system. */
3059 if (path_equal(path, "/")) {
3060 log_error("Attempted to remove entire root file system, and we can't allow that.");
3064 fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
3067 if (errno != ENOTDIR)
3071 if (statfs(path, &s) < 0)
3074 if (!is_temporary_fs(&s)) {
3075 log_error("Attempted to remove disk file system, and we can't allow that.");
3080 if (delete_root && !only_dirs)
3081 if (unlink(path) < 0 && errno != ENOENT)
3088 if (fstatfs(fd, &s) < 0) {
3093 if (!is_temporary_fs(&s)) {
3094 log_error("Attempted to remove disk file system, and we can't allow that.");
3100 r = rm_rf_children_dangerous(fd, only_dirs, honour_sticky, NULL);
3103 if (honour_sticky && file_is_priv_sticky(path) > 0)
3106 if (rmdir(path) < 0 && errno != ENOENT) {
3115 int rm_rf(const char *path, bool only_dirs, bool delete_root, bool honour_sticky) {
3116 return rm_rf_internal(path, only_dirs, delete_root, honour_sticky, false);
3119 int rm_rf_dangerous(const char *path, bool only_dirs, bool delete_root, bool honour_sticky) {
3120 return rm_rf_internal(path, only_dirs, delete_root, honour_sticky, true);
3123 int chmod_and_chown(const char *path, mode_t mode, uid_t uid, gid_t gid) {
3126 /* Under the assumption that we are running privileged we
3127 * first change the access mode and only then hand out
3128 * ownership to avoid a window where access is too open. */
3130 if (mode != (mode_t) -1)
3131 if (chmod(path, mode) < 0)
3134 if (uid != (uid_t) -1 || gid != (gid_t) -1)
3135 if (chown(path, uid, gid) < 0)
3141 int fchmod_and_fchown(int fd, mode_t mode, uid_t uid, gid_t gid) {
3144 /* Under the assumption that we are running privileged we
3145 * first change the access mode and only then hand out
3146 * ownership to avoid a window where access is too open. */
3148 if (mode != (mode_t) -1)
3149 if (fchmod(fd, mode) < 0)
3152 if (uid != (uid_t) -1 || gid != (gid_t) -1)
3153 if (fchown(fd, uid, gid) < 0)
3159 cpu_set_t* cpu_set_malloc(unsigned *ncpus) {
3163 /* Allocates the cpuset in the right size */
3166 if (!(r = CPU_ALLOC(n)))
3169 if (sched_getaffinity(0, CPU_ALLOC_SIZE(n), r) >= 0) {
3170 CPU_ZERO_S(CPU_ALLOC_SIZE(n), r);
3180 if (errno != EINVAL)
3187 int status_vprintf(const char *status, bool ellipse, bool ephemeral, const char *format, va_list ap) {
3188 static const char status_indent[] = " "; /* "[" STATUS "] " */
3189 _cleanup_free_ char *s = NULL;
3190 _cleanup_close_ int fd = -1;
3191 struct iovec iovec[6] = {};
3193 static bool prev_ephemeral;
3197 /* This is independent of logging, as status messages are
3198 * optional and go exclusively to the console. */
3200 if (vasprintf(&s, format, ap) < 0)
3203 fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
3216 sl = status ? sizeof(status_indent)-1 : 0;
3222 e = ellipsize(s, emax, 50);
3230 IOVEC_SET_STRING(iovec[n++], "\r" ANSI_ERASE_TO_END_OF_LINE);
3231 prev_ephemeral = ephemeral;
3234 if (!isempty(status)) {
3235 IOVEC_SET_STRING(iovec[n++], "[");
3236 IOVEC_SET_STRING(iovec[n++], status);
3237 IOVEC_SET_STRING(iovec[n++], "] ");
3239 IOVEC_SET_STRING(iovec[n++], status_indent);
3242 IOVEC_SET_STRING(iovec[n++], s);
3244 IOVEC_SET_STRING(iovec[n++], "\n");
3246 if (writev(fd, iovec, n) < 0)
3252 int status_printf(const char *status, bool ellipse, bool ephemeral, const char *format, ...) {
3258 va_start(ap, format);
3259 r = status_vprintf(status, ellipse, ephemeral, format, ap);
3265 char *replace_env(const char *format, char **env) {
3272 const char *e, *word = format;
3277 for (e = format; *e; e ++) {
3288 k = strnappend(r, word, e-word-1);
3298 } else if (*e == '$') {
3299 k = strnappend(r, word, e-word);
3316 t = strempty(strv_env_get_n(env, word+2, e-word-2));
3318 k = strappend(r, t);
3332 k = strnappend(r, word, e-word);
3344 char **replace_env_argv(char **argv, char **env) {
3346 unsigned k = 0, l = 0;
3348 l = strv_length(argv);
3350 ret = new(char*, l+1);
3354 STRV_FOREACH(i, argv) {
3356 /* If $FOO appears as single word, replace it by the split up variable */
3357 if ((*i)[0] == '$' && (*i)[1] != '{') {
3362 e = strv_env_get(env, *i+1);
3366 r = strv_split_quoted(&m, e, true);
3378 w = realloc(ret, sizeof(char*) * (l+1));
3388 memcpy(ret + k, m, q * sizeof(char*));
3396 /* If ${FOO} appears as part of a word, replace it by the variable as-is */
3397 ret[k] = replace_env(*i, env);
3409 int fd_columns(int fd) {
3410 struct winsize ws = {};
3412 if (ioctl(fd, TIOCGWINSZ, &ws) < 0)
3421 unsigned columns(void) {
3425 if (_likely_(cached_columns > 0))
3426 return cached_columns;
3429 e = getenv("COLUMNS");
3431 (void) safe_atoi(e, &c);
3434 c = fd_columns(STDOUT_FILENO);
3443 int fd_lines(int fd) {
3444 struct winsize ws = {};
3446 if (ioctl(fd, TIOCGWINSZ, &ws) < 0)
3455 unsigned lines(void) {
3459 if (_likely_(cached_lines > 0))
3460 return cached_lines;
3463 e = getenv("LINES");
3465 (void) safe_atou(e, &l);
3468 l = fd_lines(STDOUT_FILENO);
3474 return cached_lines;
3477 /* intended to be used as a SIGWINCH sighandler */
3478 void columns_lines_cache_reset(int signum) {
3484 static int cached_on_tty = -1;
3486 if (_unlikely_(cached_on_tty < 0))
3487 cached_on_tty = isatty(STDOUT_FILENO) > 0;
3489 return cached_on_tty;
3492 int files_same(const char *filea, const char *fileb) {
3495 if (stat(filea, &a) < 0)
3498 if (stat(fileb, &b) < 0)
3501 return a.st_dev == b.st_dev &&
3502 a.st_ino == b.st_ino;
3505 int running_in_chroot(void) {
3508 ret = files_same("/proc/1/root", "/");
3515 static char *ascii_ellipsize_mem(const char *s, size_t old_length, size_t new_length, unsigned percent) {
3520 assert(percent <= 100);
3521 assert(new_length >= 3);
3523 if (old_length <= 3 || old_length <= new_length)
3524 return strndup(s, old_length);
3526 r = new0(char, new_length+1);
3530 x = (new_length * percent) / 100;
3532 if (x > new_length - 3)
3540 s + old_length - (new_length - x - 3),
3541 new_length - x - 3);
3546 char *ellipsize_mem(const char *s, size_t old_length, size_t new_length, unsigned percent) {
3550 unsigned k, len, len2;
3553 assert(percent <= 100);
3554 assert(new_length >= 3);
3556 /* if no multibyte characters use ascii_ellipsize_mem for speed */
3557 if (ascii_is_valid(s))
3558 return ascii_ellipsize_mem(s, old_length, new_length, percent);
3560 if (old_length <= 3 || old_length <= new_length)
3561 return strndup(s, old_length);
3563 x = (new_length * percent) / 100;
3565 if (x > new_length - 3)
3569 for (i = s; k < x && i < s + old_length; i = utf8_next_char(i)) {
3572 c = utf8_encoded_to_unichar(i);
3575 k += unichar_iswide(c) ? 2 : 1;
3578 if (k > x) /* last character was wide and went over quota */
3581 for (j = s + old_length; k < new_length && j > i; ) {
3584 j = utf8_prev_char(j);
3585 c = utf8_encoded_to_unichar(j);
3588 k += unichar_iswide(c) ? 2 : 1;
3592 /* we don't actually need to ellipsize */
3594 return memdup(s, old_length + 1);
3596 /* make space for ellipsis */
3597 j = utf8_next_char(j);
3600 len2 = s + old_length - j;
3601 e = new(char, len + 3 + len2 + 1);
3606 printf("old_length=%zu new_length=%zu x=%zu len=%u len2=%u k=%u\n",
3607 old_length, new_length, x, len, len2, k);
3611 e[len] = 0xe2; /* tri-dot ellipsis: … */
3615 memcpy(e + len + 3, j, len2 + 1);
3620 char *ellipsize(const char *s, size_t length, unsigned percent) {
3621 return ellipsize_mem(s, strlen(s), length, percent);
3624 int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gid, mode_t mode) {
3625 _cleanup_close_ int fd;
3631 mkdir_parents(path, 0755);
3633 fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY, mode > 0 ? mode : 0644);
3638 r = fchmod(fd, mode);
3643 if (uid != (uid_t) -1 || gid != (gid_t) -1) {
3644 r = fchown(fd, uid, gid);
3649 if (stamp != USEC_INFINITY) {
3650 struct timespec ts[2];
3652 timespec_store(&ts[0], stamp);
3654 r = futimens(fd, ts);
3656 r = futimens(fd, NULL);
3663 int touch(const char *path) {
3664 return touch_file(path, false, USEC_INFINITY, (uid_t) -1, (gid_t) -1, 0);
3667 char *unquote(const char *s, const char* quotes) {
3671 /* This is rather stupid, simply removes the heading and
3672 * trailing quotes if there is one. Doesn't care about
3673 * escaping or anything. We should make this smarter one
3680 if (strchr(quotes, s[0]) && s[l-1] == s[0])
3681 return strndup(s+1, l-2);
3686 char *normalize_env_assignment(const char *s) {
3687 _cleanup_free_ char *value = NULL;
3691 eq = strchr(s, '=');
3701 memmove(r, t, strlen(t) + 1);
3706 name = strndupa(s, eq - s);
3707 p = strdupa(eq + 1);
3709 value = unquote(strstrip(p), QUOTES);
3713 return strjoin(strstrip(name), "=", value, NULL);
3716 int wait_for_terminate(pid_t pid, siginfo_t *status) {
3727 if (waitid(P_PID, pid, status, WEXITED) < 0) {
3741 * < 0 : wait_for_terminate() failed to get the state of the
3742 * process, the process was terminated by a signal, or
3743 * failed for an unknown reason.
3744 * >=0 : The process terminated normally, and its exit code is
3747 * That is, success is indicated by a return value of zero, and an
3748 * error is indicated by a non-zero value.
3750 int wait_for_terminate_and_warn(const char *name, pid_t pid) {
3757 r = wait_for_terminate(pid, &status);
3759 log_warning("Failed to wait for %s: %s", name, strerror(-r));
3763 if (status.si_code == CLD_EXITED) {
3764 if (status.si_status != 0) {
3765 log_warning("%s failed with error code %i.", name, status.si_status);
3766 return status.si_status;
3769 log_debug("%s succeeded.", name);
3772 } else if (status.si_code == CLD_KILLED ||
3773 status.si_code == CLD_DUMPED) {
3775 log_warning("%s terminated by signal %s.", name, signal_to_string(status.si_status));
3779 log_warning("%s failed due to unknown reason.", name);
3783 noreturn void freeze(void) {
3785 /* Make sure nobody waits for us on a socket anymore */
3786 close_all_fds(NULL, 0);
3794 bool null_or_empty(struct stat *st) {
3797 if (S_ISREG(st->st_mode) && st->st_size <= 0)
3800 if (S_ISCHR(st->st_mode) || S_ISBLK(st->st_mode))
3806 int null_or_empty_path(const char *fn) {
3811 if (stat(fn, &st) < 0)
3814 return null_or_empty(&st);
3817 int null_or_empty_fd(int fd) {
3822 if (fstat(fd, &st) < 0)
3825 return null_or_empty(&st);
3828 DIR *xopendirat(int fd, const char *name, int flags) {
3832 assert(!(flags & O_CREAT));
3834 nfd = openat(fd, name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|flags, 0);
3847 int signal_from_string_try_harder(const char *s) {
3851 signo = signal_from_string(s);
3853 if (startswith(s, "SIG"))
3854 return signal_from_string(s+3);
3859 static char *tag_to_udev_node(const char *tagvalue, const char *by) {
3860 _cleanup_free_ char *t = NULL, *u = NULL;
3863 u = unquote(tagvalue, "\"\'");
3867 enc_len = strlen(u) * 4 + 1;
3868 t = new(char, enc_len);
3872 if (encode_devnode_name(u, t, enc_len) < 0)
3875 return strjoin("/dev/disk/by-", by, "/", t, NULL);
3878 char *fstab_node_to_udev_node(const char *p) {
3881 if (startswith(p, "LABEL="))
3882 return tag_to_udev_node(p+6, "label");
3884 if (startswith(p, "UUID="))
3885 return tag_to_udev_node(p+5, "uuid");
3887 if (startswith(p, "PARTUUID="))
3888 return tag_to_udev_node(p+9, "partuuid");
3890 if (startswith(p, "PARTLABEL="))
3891 return tag_to_udev_node(p+10, "partlabel");
3896 bool tty_is_vc(const char *tty) {
3899 return vtnr_from_tty(tty) >= 0;
3902 bool tty_is_console(const char *tty) {
3905 if (startswith(tty, "/dev/"))
3908 return streq(tty, "console");
3911 int vtnr_from_tty(const char *tty) {
3916 if (startswith(tty, "/dev/"))
3919 if (!startswith(tty, "tty") )
3922 if (tty[3] < '0' || tty[3] > '9')
3925 r = safe_atoi(tty+3, &i);
3929 if (i < 0 || i > 63)
3935 char *resolve_dev_console(char **active) {
3938 /* Resolve where /dev/console is pointing to, if /sys is actually ours
3939 * (i.e. not read-only-mounted which is a sign for container setups) */
3941 if (path_is_read_only_fs("/sys") > 0)
3944 if (read_one_line_file("/sys/class/tty/console/active", active) < 0)
3947 /* If multiple log outputs are configured the last one is what
3948 * /dev/console points to */
3949 tty = strrchr(*active, ' ');
3955 if (streq(tty, "tty0")) {
3958 /* Get the active VC (e.g. tty1) */
3959 if (read_one_line_file("/sys/class/tty/tty0/active", &tmp) >= 0) {
3961 tty = *active = tmp;
3968 bool tty_is_vc_resolve(const char *tty) {
3969 _cleanup_free_ char *active = NULL;
3973 if (startswith(tty, "/dev/"))
3976 if (streq(tty, "console")) {
3977 tty = resolve_dev_console(&active);
3982 return tty_is_vc(tty);
3985 const char *default_term_for_tty(const char *tty) {
3988 return tty_is_vc_resolve(tty) ? "TERM=linux" : "TERM=vt102";
3991 bool dirent_is_file(const struct dirent *de) {
3994 if (ignore_file(de->d_name))
3997 if (de->d_type != DT_REG &&
3998 de->d_type != DT_LNK &&
3999 de->d_type != DT_UNKNOWN)
4005 bool dirent_is_file_with_suffix(const struct dirent *de, const char *suffix) {
4008 if (de->d_type != DT_REG &&
4009 de->d_type != DT_LNK &&
4010 de->d_type != DT_UNKNOWN)
4013 if (ignore_file_allow_backup(de->d_name))
4016 return endswith(de->d_name, suffix);
4019 void execute_directory(const char *directory, DIR *d, usec_t timeout, char *argv[]) {
4025 /* Executes all binaries in a directory in parallel and waits
4026 * for them to finish. Optionally a timeout is applied. */
4028 executor_pid = fork();
4029 if (executor_pid < 0) {
4030 log_error("Failed to fork: %m");
4033 } else if (executor_pid == 0) {
4034 _cleanup_hashmap_free_free_ Hashmap *pids = NULL;
4035 _cleanup_closedir_ DIR *_d = NULL;
4038 /* We fork this all off from a child process so that
4039 * we can somewhat cleanly make use of SIGALRM to set
4042 reset_all_signal_handlers();
4043 reset_signal_mask();
4045 assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);
4048 d = _d = opendir(directory);
4050 if (errno == ENOENT)
4051 _exit(EXIT_SUCCESS);
4053 log_error("Failed to enumerate directory %s: %m", directory);
4054 _exit(EXIT_FAILURE);
4058 pids = hashmap_new(NULL);
4061 _exit(EXIT_FAILURE);
4064 FOREACH_DIRENT(de, d, break) {
4065 _cleanup_free_ char *path = NULL;
4068 if (!dirent_is_file(de))
4071 path = strjoin(directory, "/", de->d_name, NULL);
4074 _exit(EXIT_FAILURE);
4079 log_error("Failed to fork: %m");
4081 } else if (pid == 0) {
4084 assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);
4094 log_error("Failed to execute %s: %m", path);
4095 _exit(EXIT_FAILURE);
4098 log_debug("Spawned %s as " PID_FMT ".", path, pid);
4100 r = hashmap_put(pids, UINT_TO_PTR(pid), path);
4103 _exit(EXIT_FAILURE);
4109 /* Abort execution of this process after the
4110 * timout. We simply rely on SIGALRM as default action
4111 * terminating the process, and turn on alarm(). */
4113 if (timeout != USEC_INFINITY)
4114 alarm((timeout + USEC_PER_SEC - 1) / USEC_PER_SEC);
4116 while (!hashmap_isempty(pids)) {
4117 _cleanup_free_ char *path = NULL;
4120 pid = PTR_TO_UINT(hashmap_first_key(pids));
4123 path = hashmap_remove(pids, UINT_TO_PTR(pid));
4126 wait_for_terminate_and_warn(path, pid);
4129 _exit(EXIT_SUCCESS);
4132 wait_for_terminate_and_warn(directory, executor_pid);
4135 int kill_and_sigcont(pid_t pid, int sig) {
4138 r = kill(pid, sig) < 0 ? -errno : 0;
4146 bool nulstr_contains(const char*nulstr, const char *needle) {
4152 NULSTR_FOREACH(i, nulstr)
4153 if (streq(i, needle))
4159 bool plymouth_running(void) {
4160 return access("/run/plymouth/pid", F_OK) >= 0;
4163 char* strshorten(char *s, size_t l) {
4172 static bool hostname_valid_char(char c) {
4174 (c >= 'a' && c <= 'z') ||
4175 (c >= 'A' && c <= 'Z') ||
4176 (c >= '0' && c <= '9') ||
4182 bool hostname_is_valid(const char *s) {
4189 for (p = s, dot = true; *p; p++) {
4196 if (!hostname_valid_char(*p))
4206 if (p-s > HOST_NAME_MAX)
4212 char* hostname_cleanup(char *s, bool lowercase) {
4216 for (p = s, d = s, dot = true; *p; p++) {
4223 } else if (hostname_valid_char(*p)) {
4224 *(d++) = lowercase ? tolower(*p) : *p;
4235 strshorten(s, HOST_NAME_MAX);
4240 bool machine_name_is_valid(const char *s) {
4242 if (!hostname_is_valid(s))
4245 /* Machine names should be useful hostnames, but also be
4246 * useful in unit names, hence we enforce a stricter length
4255 int pipe_eof(int fd) {
4256 struct pollfd pollfd = {
4258 .events = POLLIN|POLLHUP,
4263 r = poll(&pollfd, 1, 0);
4270 return pollfd.revents & POLLHUP;
4273 int fd_wait_for_event(int fd, int event, usec_t t) {
4275 struct pollfd pollfd = {
4283 r = ppoll(&pollfd, 1, t == USEC_INFINITY ? NULL : timespec_store(&ts, t), NULL);
4290 return pollfd.revents;
4293 int fopen_temporary(const char *path, FILE **_f, char **_temp_path) {
4302 t = tempfn_xxxxxx(path);
4306 fd = mkostemp_safe(t, O_WRONLY|O_CLOEXEC);
4312 f = fdopen(fd, "we");
4325 int terminal_vhangup_fd(int fd) {
4328 if (ioctl(fd, TIOCVHANGUP) < 0)
4334 int terminal_vhangup(const char *name) {
4335 _cleanup_close_ int fd;
4337 fd = open_terminal(name, O_RDWR|O_NOCTTY|O_CLOEXEC);
4341 return terminal_vhangup_fd(fd);
4344 int vt_disallocate(const char *name) {
4348 /* Deallocate the VT if possible. If not possible
4349 * (i.e. because it is the active one), at least clear it
4350 * entirely (including the scrollback buffer) */
4352 if (!startswith(name, "/dev/"))
4355 if (!tty_is_vc(name)) {
4356 /* So this is not a VT. I guess we cannot deallocate
4357 * it then. But let's at least clear the screen */
4359 fd = open_terminal(name, O_RDWR|O_NOCTTY|O_CLOEXEC);
4364 "\033[r" /* clear scrolling region */
4365 "\033[H" /* move home */
4366 "\033[2J", /* clear screen */
4373 if (!startswith(name, "/dev/tty"))
4376 r = safe_atou(name+8, &u);
4383 /* Try to deallocate */
4384 fd = open_terminal("/dev/tty0", O_RDWR|O_NOCTTY|O_CLOEXEC);
4388 r = ioctl(fd, VT_DISALLOCATE, u);
4397 /* Couldn't deallocate, so let's clear it fully with
4399 fd = open_terminal(name, O_RDWR|O_NOCTTY|O_CLOEXEC);
4404 "\033[r" /* clear scrolling region */
4405 "\033[H" /* move home */
4406 "\033[3J", /* clear screen including scrollback, requires Linux 2.6.40 */
4413 int symlink_atomic(const char *from, const char *to) {
4414 _cleanup_free_ char *t = NULL;
4419 t = tempfn_random(to);
4423 if (symlink(from, t) < 0)
4426 if (rename(t, to) < 0) {
4434 int mknod_atomic(const char *path, mode_t mode, dev_t dev) {
4435 _cleanup_free_ char *t = NULL;
4439 t = tempfn_random(path);
4443 if (mknod(t, mode, dev) < 0)
4446 if (rename(t, path) < 0) {
4454 int mkfifo_atomic(const char *path, mode_t mode) {
4455 _cleanup_free_ char *t = NULL;
4459 t = tempfn_random(path);
4463 if (mkfifo(t, mode) < 0)
4466 if (rename(t, path) < 0) {
4474 bool display_is_local(const char *display) {
4478 display[0] == ':' &&
4479 display[1] >= '0' &&
4483 int socket_from_display(const char *display, char **path) {
4490 if (!display_is_local(display))
4493 k = strspn(display+1, "0123456789");
4495 f = new(char, strlen("/tmp/.X11-unix/X") + k + 1);
4499 c = stpcpy(f, "/tmp/.X11-unix/X");
4500 memcpy(c, display+1, k);
4509 const char **username,
4510 uid_t *uid, gid_t *gid,
4512 const char **shell) {
4520 /* We enforce some special rules for uid=0: in order to avoid
4521 * NSS lookups for root we hardcode its data. */
4523 if (streq(*username, "root") || streq(*username, "0")) {
4541 if (parse_uid(*username, &u) >= 0) {
4545 /* If there are multiple users with the same id, make
4546 * sure to leave $USER to the configured value instead
4547 * of the first occurrence in the database. However if
4548 * the uid was configured by a numeric uid, then let's
4549 * pick the real username from /etc/passwd. */
4551 *username = p->pw_name;
4554 p = getpwnam(*username);
4558 return errno > 0 ? -errno : -ESRCH;
4570 *shell = p->pw_shell;
4575 char* uid_to_name(uid_t uid) {
4580 return strdup("root");
4584 return strdup(p->pw_name);
4586 if (asprintf(&r, UID_FMT, uid) < 0)
4592 char* gid_to_name(gid_t gid) {
4597 return strdup("root");
4601 return strdup(p->gr_name);
4603 if (asprintf(&r, GID_FMT, gid) < 0)
4609 int get_group_creds(const char **groupname, gid_t *gid) {
4615 /* We enforce some special rules for gid=0: in order to avoid
4616 * NSS lookups for root we hardcode its data. */
4618 if (streq(*groupname, "root") || streq(*groupname, "0")) {
4619 *groupname = "root";
4627 if (parse_gid(*groupname, &id) >= 0) {
4632 *groupname = g->gr_name;
4635 g = getgrnam(*groupname);
4639 return errno > 0 ? -errno : -ESRCH;
4647 int in_gid(gid_t gid) {
4649 int ngroups_max, r, i;
4651 if (getgid() == gid)
4654 if (getegid() == gid)
4657 ngroups_max = sysconf(_SC_NGROUPS_MAX);
4658 assert(ngroups_max > 0);
4660 gids = alloca(sizeof(gid_t) * ngroups_max);
4662 r = getgroups(ngroups_max, gids);
4666 for (i = 0; i < r; i++)
4673 int in_group(const char *name) {
4677 r = get_group_creds(&name, &gid);
4684 int glob_exists(const char *path) {
4685 _cleanup_globfree_ glob_t g = {};
4691 k = glob(path, GLOB_NOSORT|GLOB_BRACE, NULL, &g);
4693 if (k == GLOB_NOMATCH)
4695 else if (k == GLOB_NOSPACE)
4698 return !strv_isempty(g.gl_pathv);
4700 return errno ? -errno : -EIO;
4703 int glob_extend(char ***strv, const char *path) {
4704 _cleanup_globfree_ glob_t g = {};
4709 k = glob(path, GLOB_NOSORT|GLOB_BRACE, NULL, &g);
4711 if (k == GLOB_NOMATCH)
4713 else if (k == GLOB_NOSPACE)
4715 else if (k != 0 || strv_isempty(g.gl_pathv))
4716 return errno ? -errno : -EIO;
4718 STRV_FOREACH(p, g.gl_pathv) {
4719 k = strv_extend(strv, *p);
4727 int dirent_ensure_type(DIR *d, struct dirent *de) {
4733 if (de->d_type != DT_UNKNOWN)
4736 if (fstatat(dirfd(d), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0)
4740 S_ISREG(st.st_mode) ? DT_REG :
4741 S_ISDIR(st.st_mode) ? DT_DIR :
4742 S_ISLNK(st.st_mode) ? DT_LNK :
4743 S_ISFIFO(st.st_mode) ? DT_FIFO :
4744 S_ISSOCK(st.st_mode) ? DT_SOCK :
4745 S_ISCHR(st.st_mode) ? DT_CHR :
4746 S_ISBLK(st.st_mode) ? DT_BLK :
4752 int get_files_in_directory(const char *path, char ***list) {
4753 _cleanup_closedir_ DIR *d = NULL;
4754 size_t bufsize = 0, n = 0;
4755 _cleanup_strv_free_ char **l = NULL;
4759 /* Returns all files in a directory in *list, and the number
4760 * of files as return value. If list is NULL returns only the
4772 if (!de && errno != 0)
4777 dirent_ensure_type(d, de);
4779 if (!dirent_is_file(de))
4783 /* one extra slot is needed for the terminating NULL */
4784 if (!GREEDY_REALLOC(l, bufsize, n + 2))
4787 l[n] = strdup(de->d_name);
4798 l = NULL; /* avoid freeing */
4804 char *strjoin(const char *x, ...) {
4818 t = va_arg(ap, const char *);
4823 if (n > ((size_t) -1) - l) {
4847 t = va_arg(ap, const char *);
4861 bool is_main_thread(void) {
4862 static thread_local int cached = 0;
4864 if (_unlikely_(cached == 0))
4865 cached = getpid() == gettid() ? 1 : -1;
4870 int block_get_whole_disk(dev_t d, dev_t *ret) {
4877 /* If it has a queue this is good enough for us */
4878 if (asprintf(&p, "/sys/dev/block/%u:%u/queue", major(d), minor(d)) < 0)
4881 r = access(p, F_OK);
4889 /* If it is a partition find the originating device */
4890 if (asprintf(&p, "/sys/dev/block/%u:%u/partition", major(d), minor(d)) < 0)
4893 r = access(p, F_OK);
4899 /* Get parent dev_t */
4900 if (asprintf(&p, "/sys/dev/block/%u:%u/../dev", major(d), minor(d)) < 0)
4903 r = read_one_line_file(p, &s);
4909 r = sscanf(s, "%u:%u", &m, &n);
4915 /* Only return this if it is really good enough for us. */
4916 if (asprintf(&p, "/sys/dev/block/%u:%u/queue", m, n) < 0)
4919 r = access(p, F_OK);
4923 *ret = makedev(m, n);
4930 static const char *const ioprio_class_table[] = {
4931 [IOPRIO_CLASS_NONE] = "none",
4932 [IOPRIO_CLASS_RT] = "realtime",
4933 [IOPRIO_CLASS_BE] = "best-effort",
4934 [IOPRIO_CLASS_IDLE] = "idle"
4937 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(ioprio_class, int, INT_MAX);
4939 static const char *const sigchld_code_table[] = {
4940 [CLD_EXITED] = "exited",
4941 [CLD_KILLED] = "killed",
4942 [CLD_DUMPED] = "dumped",
4943 [CLD_TRAPPED] = "trapped",
4944 [CLD_STOPPED] = "stopped",
4945 [CLD_CONTINUED] = "continued",
4948 DEFINE_STRING_TABLE_LOOKUP(sigchld_code, int);
4950 static const char *const log_facility_unshifted_table[LOG_NFACILITIES] = {
4951 [LOG_FAC(LOG_KERN)] = "kern",
4952 [LOG_FAC(LOG_USER)] = "user",
4953 [LOG_FAC(LOG_MAIL)] = "mail",
4954 [LOG_FAC(LOG_DAEMON)] = "daemon",
4955 [LOG_FAC(LOG_AUTH)] = "auth",
4956 [LOG_FAC(LOG_SYSLOG)] = "syslog",
4957 [LOG_FAC(LOG_LPR)] = "lpr",
4958 [LOG_FAC(LOG_NEWS)] = "news",
4959 [LOG_FAC(LOG_UUCP)] = "uucp",
4960 [LOG_FAC(LOG_CRON)] = "cron",
4961 [LOG_FAC(LOG_AUTHPRIV)] = "authpriv",
4962 [LOG_FAC(LOG_FTP)] = "ftp",
4963 [LOG_FAC(LOG_LOCAL0)] = "local0",
4964 [LOG_FAC(LOG_LOCAL1)] = "local1",
4965 [LOG_FAC(LOG_LOCAL2)] = "local2",
4966 [LOG_FAC(LOG_LOCAL3)] = "local3",
4967 [LOG_FAC(LOG_LOCAL4)] = "local4",
4968 [LOG_FAC(LOG_LOCAL5)] = "local5",
4969 [LOG_FAC(LOG_LOCAL6)] = "local6",
4970 [LOG_FAC(LOG_LOCAL7)] = "local7"
4973 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(log_facility_unshifted, int, LOG_FAC(~0));
4975 static const char *const log_level_table[] = {
4976 [LOG_EMERG] = "emerg",
4977 [LOG_ALERT] = "alert",
4978 [LOG_CRIT] = "crit",
4980 [LOG_WARNING] = "warning",
4981 [LOG_NOTICE] = "notice",
4982 [LOG_INFO] = "info",
4983 [LOG_DEBUG] = "debug"
4986 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(log_level, int, LOG_DEBUG);
4988 static const char* const sched_policy_table[] = {
4989 [SCHED_OTHER] = "other",
4990 [SCHED_BATCH] = "batch",
4991 [SCHED_IDLE] = "idle",
4992 [SCHED_FIFO] = "fifo",
4996 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(sched_policy, int, INT_MAX);
4998 static const char* const rlimit_table[_RLIMIT_MAX] = {
4999 [RLIMIT_CPU] = "LimitCPU",
5000 [RLIMIT_FSIZE] = "LimitFSIZE",
5001 [RLIMIT_DATA] = "LimitDATA",
5002 [RLIMIT_STACK] = "LimitSTACK",
5003 [RLIMIT_CORE] = "LimitCORE",
5004 [RLIMIT_RSS] = "LimitRSS",
5005 [RLIMIT_NOFILE] = "LimitNOFILE",
5006 [RLIMIT_AS] = "LimitAS",
5007 [RLIMIT_NPROC] = "LimitNPROC",
5008 [RLIMIT_MEMLOCK] = "LimitMEMLOCK",
5009 [RLIMIT_LOCKS] = "LimitLOCKS",
5010 [RLIMIT_SIGPENDING] = "LimitSIGPENDING",
5011 [RLIMIT_MSGQUEUE] = "LimitMSGQUEUE",
5012 [RLIMIT_NICE] = "LimitNICE",
5013 [RLIMIT_RTPRIO] = "LimitRTPRIO",
5014 [RLIMIT_RTTIME] = "LimitRTTIME"
5017 DEFINE_STRING_TABLE_LOOKUP(rlimit, int);
5019 static const char* const ip_tos_table[] = {
5020 [IPTOS_LOWDELAY] = "low-delay",
5021 [IPTOS_THROUGHPUT] = "throughput",
5022 [IPTOS_RELIABILITY] = "reliability",
5023 [IPTOS_LOWCOST] = "low-cost",
5026 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(ip_tos, int, 0xff);
5028 static const char *const __signal_table[] = {
5045 [SIGSTKFLT] = "STKFLT", /* Linux on SPARC doesn't know SIGSTKFLT */
5056 [SIGVTALRM] = "VTALRM",
5058 [SIGWINCH] = "WINCH",
5064 DEFINE_PRIVATE_STRING_TABLE_LOOKUP(__signal, int);
5066 const char *signal_to_string(int signo) {
5067 static thread_local char buf[sizeof("RTMIN+")-1 + DECIMAL_STR_MAX(int) + 1];
5070 name = __signal_to_string(signo);
5074 if (signo >= SIGRTMIN && signo <= SIGRTMAX)
5075 snprintf(buf, sizeof(buf), "RTMIN+%d", signo - SIGRTMIN);
5077 snprintf(buf, sizeof(buf), "%d", signo);
5082 int signal_from_string(const char *s) {
5087 signo = __signal_from_string(s);
5091 if (startswith(s, "RTMIN+")) {
5095 if (safe_atou(s, &u) >= 0) {
5096 signo = (int) u + offset;
5097 if (signo > 0 && signo < _NSIG)
5103 bool kexec_loaded(void) {
5104 bool loaded = false;
5107 if (read_one_line_file("/sys/kernel/kexec_loaded", &s) >= 0) {
5115 int prot_from_flags(int flags) {
5117 switch (flags & O_ACCMODE) {
5126 return PROT_READ|PROT_WRITE;
5133 char *format_bytes(char *buf, size_t l, off_t t) {
5136 static const struct {
5140 { "E", 1024ULL*1024ULL*1024ULL*1024ULL*1024ULL*1024ULL },
5141 { "P", 1024ULL*1024ULL*1024ULL*1024ULL*1024ULL },
5142 { "T", 1024ULL*1024ULL*1024ULL*1024ULL },
5143 { "G", 1024ULL*1024ULL*1024ULL },
5144 { "M", 1024ULL*1024ULL },
5148 for (i = 0; i < ELEMENTSOF(table); i++) {
5150 if (t >= table[i].factor) {
5153 (unsigned long long) (t / table[i].factor),
5154 (unsigned long long) (((t*10ULL) / table[i].factor) % 10ULL),
5161 snprintf(buf, l, "%lluB", (unsigned long long) t);
5169 void* memdup(const void *p, size_t l) {
5182 int fd_inc_sndbuf(int fd, size_t n) {
5184 socklen_t l = sizeof(value);
5186 r = getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, &l);
5187 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
5190 /* If we have the privileges we will ignore the kernel limit. */
5193 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
5194 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
5200 int fd_inc_rcvbuf(int fd, size_t n) {
5202 socklen_t l = sizeof(value);
5204 r = getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, &l);
5205 if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2)
5208 /* If we have the privileges we will ignore the kernel limit. */
5211 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
5212 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
5217 int fork_agent(pid_t *pid, const int except[], unsigned n_except, const char *path, ...) {
5218 bool stdout_is_tty, stderr_is_tty;
5219 pid_t parent_pid, agent_pid;
5220 sigset_t ss, saved_ss;
5228 /* Spawns a temporary TTY agent, making sure it goes away when
5231 parent_pid = getpid();
5233 /* First we temporarily block all signals, so that the new
5234 * child has them blocked initially. This way, we can be sure
5235 * that SIGTERMs are not lost we might send to the agent. */
5236 assert_se(sigfillset(&ss) >= 0);
5237 assert_se(sigprocmask(SIG_SETMASK, &ss, &saved_ss) >= 0);
5240 if (agent_pid < 0) {
5241 assert_se(sigprocmask(SIG_SETMASK, &saved_ss, NULL) >= 0);
5245 if (agent_pid != 0) {
5246 assert_se(sigprocmask(SIG_SETMASK, &saved_ss, NULL) >= 0);
5253 * Make sure the agent goes away when the parent dies */
5254 if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
5255 _exit(EXIT_FAILURE);
5257 /* Make sure we actually can kill the agent, if we need to, in
5258 * case somebody invoked us from a shell script that trapped
5259 * SIGTERM or so... */
5260 reset_all_signal_handlers();
5261 reset_signal_mask();
5263 /* Check whether our parent died before we were able
5264 * to set the death signal and unblock the signals */
5265 if (getppid() != parent_pid)
5266 _exit(EXIT_SUCCESS);
5268 /* Don't leak fds to the agent */
5269 close_all_fds(except, n_except);
5271 stdout_is_tty = isatty(STDOUT_FILENO);
5272 stderr_is_tty = isatty(STDERR_FILENO);
5274 if (!stdout_is_tty || !stderr_is_tty) {
5277 /* Detach from stdout/stderr. and reopen
5278 * /dev/tty for them. This is important to
5279 * ensure that when systemctl is started via
5280 * popen() or a similar call that expects to
5281 * read EOF we actually do generate EOF and
5282 * not delay this indefinitely by because we
5283 * keep an unused copy of stdin around. */
5284 fd = open("/dev/tty", O_WRONLY);
5286 log_error("Failed to open /dev/tty: %m");
5287 _exit(EXIT_FAILURE);
5291 dup2(fd, STDOUT_FILENO);
5294 dup2(fd, STDERR_FILENO);
5300 /* Count arguments */
5302 for (n = 0; va_arg(ap, char*); n++)
5307 l = alloca(sizeof(char *) * (n + 1));
5309 /* Fill in arguments */
5311 for (i = 0; i <= n; i++)
5312 l[i] = va_arg(ap, char*);
5316 _exit(EXIT_FAILURE);
5319 int setrlimit_closest(int resource, const struct rlimit *rlim) {
5320 struct rlimit highest, fixed;
5324 if (setrlimit(resource, rlim) >= 0)
5330 /* So we failed to set the desired setrlimit, then let's try
5331 * to get as close as we can */
5332 assert_se(getrlimit(resource, &highest) == 0);
5334 fixed.rlim_cur = MIN(rlim->rlim_cur, highest.rlim_max);
5335 fixed.rlim_max = MIN(rlim->rlim_max, highest.rlim_max);
5337 if (setrlimit(resource, &fixed) < 0)
5343 int getenv_for_pid(pid_t pid, const char *field, char **_value) {
5344 _cleanup_fclose_ FILE *f = NULL;
5355 path = procfs_file_alloca(pid, "environ");
5357 f = fopen(path, "re");
5365 char line[LINE_MAX];
5368 for (i = 0; i < sizeof(line)-1; i++) {
5372 if (_unlikely_(c == EOF)) {
5382 if (memcmp(line, field, l) == 0 && line[l] == '=') {
5383 value = strdup(line + l + 1);
5397 bool is_valid_documentation_url(const char *url) {
5400 if (startswith(url, "http://") && url[7])
5403 if (startswith(url, "https://") && url[8])
5406 if (startswith(url, "file:") && url[5])
5409 if (startswith(url, "info:") && url[5])
5412 if (startswith(url, "man:") && url[4])
5418 bool in_initrd(void) {
5419 static int saved = -1;
5425 /* We make two checks here:
5427 * 1. the flag file /etc/initrd-release must exist
5428 * 2. the root file system must be a memory file system
5430 * The second check is extra paranoia, since misdetecting an
5431 * initrd can have bad bad consequences due the initrd
5432 * emptying when transititioning to the main systemd.
5435 saved = access("/etc/initrd-release", F_OK) >= 0 &&
5436 statfs("/", &s) >= 0 &&
5437 is_temporary_fs(&s);
5442 void warn_melody(void) {
5443 _cleanup_close_ int fd = -1;
5445 fd = open("/dev/console", O_WRONLY|O_CLOEXEC|O_NOCTTY);
5449 /* Yeah, this is synchronous. Kinda sucks. But well... */
5451 ioctl(fd, KIOCSOUND, (int)(1193180/440));
5452 usleep(125*USEC_PER_MSEC);
5454 ioctl(fd, KIOCSOUND, (int)(1193180/220));
5455 usleep(125*USEC_PER_MSEC);
5457 ioctl(fd, KIOCSOUND, (int)(1193180/220));
5458 usleep(125*USEC_PER_MSEC);
5460 ioctl(fd, KIOCSOUND, 0);
5463 int make_console_stdio(void) {
5466 /* Make /dev/console the controlling terminal and stdin/stdout/stderr */
5468 fd = acquire_terminal("/dev/console", false, true, true, USEC_INFINITY);
5470 log_error("Failed to acquire terminal: %s", strerror(-fd));
5476 log_error("Failed to duplicate terminal fd: %s", strerror(-r));
5483 int get_home_dir(char **_h) {
5491 /* Take the user specified one */
5492 e = secure_getenv("HOME");
5493 if (e && path_is_absolute(e)) {
5502 /* Hardcode home directory for root to avoid NSS */
5505 h = strdup("/root");
5513 /* Check the database... */
5517 return errno > 0 ? -errno : -ESRCH;
5519 if (!path_is_absolute(p->pw_dir))
5522 h = strdup(p->pw_dir);
5530 int get_shell(char **_s) {
5538 /* Take the user specified one */
5539 e = getenv("SHELL");
5549 /* Hardcode home directory for root to avoid NSS */
5552 s = strdup("/bin/sh");
5560 /* Check the database... */
5564 return errno > 0 ? -errno : -ESRCH;
5566 if (!path_is_absolute(p->pw_shell))
5569 s = strdup(p->pw_shell);
5577 bool filename_is_safe(const char *p) {
5591 if (strlen(p) > FILENAME_MAX)
5597 bool string_is_safe(const char *p) {
5603 for (t = p; *t; t++) {
5604 if (*t > 0 && *t < ' ')
5607 if (strchr("\\\"\'\0x7f", *t))
5615 * Check if a string contains control characters. If 'ok' is non-NULL
5616 * it may be a string containing additional CCs to be considered OK.
5618 bool string_has_cc(const char *p, const char *ok) {
5623 for (t = p; *t; t++) {
5624 if (ok && strchr(ok, *t))
5627 if (*t > 0 && *t < ' ')
5637 bool path_is_safe(const char *p) {
5642 if (streq(p, "..") || startswith(p, "../") || endswith(p, "/..") || strstr(p, "/../"))
5645 if (strlen(p) > PATH_MAX)
5648 /* The following two checks are not really dangerous, but hey, they still are confusing */
5649 if (streq(p, ".") || startswith(p, "./") || endswith(p, "/.") || strstr(p, "/./"))
5652 if (strstr(p, "//"))
5658 /* hey glibc, APIs with callbacks without a user pointer are so useless */
5659 void *xbsearch_r(const void *key, const void *base, size_t nmemb, size_t size,
5660 int (*compar) (const void *, const void *, void *), void *arg) {
5669 p = (void *)(((const char *) base) + (idx * size));
5670 comparison = compar(key, p, arg);
5673 else if (comparison > 0)
5681 bool is_locale_utf8(void) {
5683 static int cached_answer = -1;
5685 if (cached_answer >= 0)
5688 if (!setlocale(LC_ALL, "")) {
5689 cached_answer = true;
5693 set = nl_langinfo(CODESET);
5695 cached_answer = true;
5699 if (streq(set, "UTF-8")) {
5700 cached_answer = true;
5704 /* For LC_CTYPE=="C" return true, because CTYPE is effectly
5705 * unset and everything can do to UTF-8 nowadays. */
5706 set = setlocale(LC_CTYPE, NULL);
5708 cached_answer = true;
5712 /* Check result, but ignore the result if C was set
5716 !getenv("LC_ALL") &&
5717 !getenv("LC_CTYPE") &&
5721 return (bool) cached_answer;
5724 const char *draw_special_char(DrawSpecialChar ch) {
5725 static const char *draw_table[2][_DRAW_SPECIAL_CHAR_MAX] = {
5728 [DRAW_TREE_VERTICAL] = "\342\224\202 ", /* │ */
5729 [DRAW_TREE_BRANCH] = "\342\224\234\342\224\200", /* ├─ */
5730 [DRAW_TREE_RIGHT] = "\342\224\224\342\224\200", /* └─ */
5731 [DRAW_TREE_SPACE] = " ", /* */
5732 [DRAW_TRIANGULAR_BULLET] = "\342\200\243", /* ‣ */
5733 [DRAW_BLACK_CIRCLE] = "\342\227\217", /* ● */
5734 [DRAW_ARROW] = "\342\206\222", /* → */
5735 [DRAW_DASH] = "\342\200\223", /* – */
5738 /* ASCII fallback */ {
5739 [DRAW_TREE_VERTICAL] = "| ",
5740 [DRAW_TREE_BRANCH] = "|-",
5741 [DRAW_TREE_RIGHT] = "`-",
5742 [DRAW_TREE_SPACE] = " ",
5743 [DRAW_TRIANGULAR_BULLET] = ">",
5744 [DRAW_BLACK_CIRCLE] = "*",
5745 [DRAW_ARROW] = "->",
5750 return draw_table[!is_locale_utf8()][ch];
5753 char *strreplace(const char *text, const char *old_string, const char *new_string) {
5756 size_t l, old_len, new_len;
5762 old_len = strlen(old_string);
5763 new_len = strlen(new_string);
5776 if (!startswith(f, old_string)) {
5782 nl = l - old_len + new_len;
5783 a = realloc(r, nl + 1);
5791 t = stpcpy(t, new_string);
5803 char *strip_tab_ansi(char **ibuf, size_t *_isz) {
5804 const char *i, *begin = NULL;
5809 } state = STATE_OTHER;
5811 size_t osz = 0, isz;
5817 /* Strips ANSI color and replaces TABs by 8 spaces */
5819 isz = _isz ? *_isz : strlen(*ibuf);
5821 f = open_memstream(&obuf, &osz);
5825 for (i = *ibuf; i < *ibuf + isz + 1; i++) {
5830 if (i >= *ibuf + isz) /* EOT */
5832 else if (*i == '\x1B')
5833 state = STATE_ESCAPE;
5834 else if (*i == '\t')
5841 if (i >= *ibuf + isz) { /* EOT */
5844 } else if (*i == '[') {
5845 state = STATE_BRACKET;
5850 state = STATE_OTHER;
5857 if (i >= *ibuf + isz || /* EOT */
5858 (!(*i >= '0' && *i <= '9') && *i != ';' && *i != 'm')) {
5861 state = STATE_OTHER;
5863 } else if (*i == 'm')
5864 state = STATE_OTHER;
5886 int on_ac_power(void) {
5887 bool found_offline = false, found_online = false;
5888 _cleanup_closedir_ DIR *d = NULL;
5890 d = opendir("/sys/class/power_supply");
5896 _cleanup_close_ int fd = -1, device = -1;
5902 if (!de && errno != 0)
5908 if (ignore_file(de->d_name))
5911 device = openat(dirfd(d), de->d_name, O_DIRECTORY|O_RDONLY|O_CLOEXEC|O_NOCTTY);
5913 if (errno == ENOENT || errno == ENOTDIR)
5919 fd = openat(device, "type", O_RDONLY|O_CLOEXEC|O_NOCTTY);
5921 if (errno == ENOENT)
5927 n = read(fd, contents, sizeof(contents));
5931 if (n != 6 || memcmp(contents, "Mains\n", 6))
5935 fd = openat(device, "online", O_RDONLY|O_CLOEXEC|O_NOCTTY);
5937 if (errno == ENOENT)
5943 n = read(fd, contents, sizeof(contents));
5947 if (n != 2 || contents[1] != '\n')
5950 if (contents[0] == '1') {
5951 found_online = true;
5953 } else if (contents[0] == '0')
5954 found_offline = true;
5959 return found_online || !found_offline;
5962 static int search_and_fopen_internal(const char *path, const char *mode, const char *root, char **search, FILE **_f) {
5969 if (!path_strv_resolve_uniq(search, root))
5972 STRV_FOREACH(i, search) {
5973 _cleanup_free_ char *p = NULL;
5977 p = strjoin(root, *i, "/", path, NULL);
5979 p = strjoin(*i, "/", path, NULL);
5989 if (errno != ENOENT)
5996 int search_and_fopen(const char *path, const char *mode, const char *root, const char **search, FILE **_f) {
5997 _cleanup_strv_free_ char **copy = NULL;
6003 if (path_is_absolute(path)) {
6006 f = fopen(path, mode);
6015 copy = strv_copy((char**) search);
6019 return search_and_fopen_internal(path, mode, root, copy, _f);
6022 int search_and_fopen_nulstr(const char *path, const char *mode, const char *root, const char *search, FILE **_f) {
6023 _cleanup_strv_free_ char **s = NULL;
6025 if (path_is_absolute(path)) {
6028 f = fopen(path, mode);
6037 s = strv_split_nulstr(search);
6041 return search_and_fopen_internal(path, mode, root, s, _f);
6044 char *strextend(char **x, ...) {
6051 l = f = *x ? strlen(*x) : 0;
6058 t = va_arg(ap, const char *);
6063 if (n > ((size_t) -1) - l) {
6072 r = realloc(*x, l+1);
6082 t = va_arg(ap, const char *);
6096 char *strrep(const char *s, unsigned n) {
6104 p = r = malloc(l * n + 1);
6108 for (i = 0; i < n; i++)
6115 void* greedy_realloc(void **p, size_t *allocated, size_t need, size_t size) {
6122 if (*allocated >= need)
6125 newalloc = MAX(need * 2, 64u / size);
6126 a = newalloc * size;
6128 /* check for overflows */
6129 if (a < size * need)
6137 *allocated = newalloc;
6141 void* greedy_realloc0(void **p, size_t *allocated, size_t need, size_t size) {
6150 q = greedy_realloc(p, allocated, need, size);
6154 if (*allocated > prev)
6155 memzero(q + prev * size, (*allocated - prev) * size);
6160 bool id128_is_valid(const char *s) {
6166 /* Simple formatted 128bit hex string */
6168 for (i = 0; i < l; i++) {
6171 if (!(c >= '0' && c <= '9') &&
6172 !(c >= 'a' && c <= 'z') &&
6173 !(c >= 'A' && c <= 'Z'))
6177 } else if (l == 36) {
6179 /* Formatted UUID */
6181 for (i = 0; i < l; i++) {
6184 if ((i == 8 || i == 13 || i == 18 || i == 23)) {
6188 if (!(c >= '0' && c <= '9') &&
6189 !(c >= 'a' && c <= 'z') &&
6190 !(c >= 'A' && c <= 'Z'))
6201 int split_pair(const char *s, const char *sep, char **l, char **r) {
6216 a = strndup(s, x - s);
6220 b = strdup(x + strlen(sep));
6232 int shall_restore_state(void) {
6233 _cleanup_free_ char *line = NULL;
6237 r = proc_cmdline(&line);
6245 _cleanup_free_ char *word = NULL;
6249 k = unquote_first_word(&p, &word, true);
6255 e = startswith(word, "systemd.restore_state=");
6259 k = parse_boolean(e);
6267 int proc_cmdline(char **ret) {
6270 if (detect_container(NULL) > 0)
6271 return get_process_cmdline(1, 0, false, ret);
6273 return read_one_line_file("/proc/cmdline", ret);
6276 int parse_proc_cmdline(int (*parse_item)(const char *key, const char *value)) {
6277 _cleanup_free_ char *line = NULL;
6283 r = proc_cmdline(&line);
6289 _cleanup_free_ char *word = NULL;
6292 r = unquote_first_word(&p, &word, true);
6298 /* Filter out arguments that are intended only for the
6300 if (!in_initrd() && startswith(word, "rd."))
6303 value = strchr(word, '=');
6307 r = parse_item(word, value);
6315 int container_get_leader(const char *machine, pid_t *pid) {
6316 _cleanup_free_ char *s = NULL, *class = NULL;
6324 p = strappenda("/run/systemd/machines/", machine);
6325 r = parse_env_file(p, NEWLINE, "LEADER", &s, "CLASS", &class, NULL);
6333 if (!streq_ptr(class, "container"))
6336 r = parse_pid(s, &leader);
6346 int namespace_open(pid_t pid, int *pidns_fd, int *mntns_fd, int *netns_fd, int *root_fd) {
6347 _cleanup_close_ int pidnsfd = -1, mntnsfd = -1, netnsfd = -1;
6355 mntns = procfs_file_alloca(pid, "ns/mnt");
6356 mntnsfd = open(mntns, O_RDONLY|O_NOCTTY|O_CLOEXEC);
6364 pidns = procfs_file_alloca(pid, "ns/pid");
6365 pidnsfd = open(pidns, O_RDONLY|O_NOCTTY|O_CLOEXEC);
6373 netns = procfs_file_alloca(pid, "ns/net");
6374 netnsfd = open(netns, O_RDONLY|O_NOCTTY|O_CLOEXEC);
6382 root = procfs_file_alloca(pid, "root");
6383 rfd = open(root, O_RDONLY|O_NOCTTY|O_CLOEXEC|O_DIRECTORY);
6389 *pidns_fd = pidnsfd;
6392 *mntns_fd = mntnsfd;
6395 *netns_fd = netnsfd;
6400 pidnsfd = mntnsfd = netnsfd = -1;
6405 int namespace_enter(int pidns_fd, int mntns_fd, int netns_fd, int root_fd) {
6408 if (setns(pidns_fd, CLONE_NEWPID) < 0)
6412 if (setns(mntns_fd, CLONE_NEWNS) < 0)
6416 if (setns(netns_fd, CLONE_NEWNET) < 0)
6420 if (fchdir(root_fd) < 0)
6423 if (chroot(".") < 0)
6427 if (setresgid(0, 0, 0) < 0)
6430 if (setgroups(0, NULL) < 0)
6433 if (setresuid(0, 0, 0) < 0)
6439 bool pid_is_unwaited(pid_t pid) {
6440 /* Checks whether a PID is still valid at all, including a zombie */
6445 if (kill(pid, 0) >= 0)
6448 return errno != ESRCH;
6451 bool pid_is_alive(pid_t pid) {
6454 /* Checks whether a PID is still valid and not a zombie */
6459 r = get_process_state(pid);
6460 if (r == -ENOENT || r == 'Z')
6466 int getpeercred(int fd, struct ucred *ucred) {
6467 socklen_t n = sizeof(struct ucred);
6474 r = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &u, &n);
6478 if (n != sizeof(struct ucred))
6481 /* Check if the data is actually useful and not suppressed due
6482 * to namespacing issues */
6485 if (u.uid == (uid_t) -1)
6487 if (u.gid == (gid_t) -1)
6494 int getpeersec(int fd, char **ret) {
6506 r = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, s, &n);
6510 if (errno != ERANGE)
6517 r = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, s, &n);
6533 /* This is much like like mkostemp() but is subject to umask(). */
6534 int mkostemp_safe(char *pattern, int flags) {
6535 _cleanup_umask_ mode_t u;
6542 fd = mkostemp(pattern, flags);
6549 int open_tmpfile(const char *path, int flags) {
6556 /* Try O_TMPFILE first, if it is supported */
6557 fd = open(path, flags|O_TMPFILE, S_IRUSR|S_IWUSR);
6562 /* Fall back to unguessable name + unlinking */
6563 p = strappenda(path, "/systemd-tmp-XXXXXX");
6565 fd = mkostemp_safe(p, flags);
6573 int fd_warn_permissions(const char *path, int fd) {
6576 if (fstat(fd, &st) < 0)
6579 if (st.st_mode & 0111)
6580 log_warning("Configuration file %s is marked executable. Please remove executable permission bits. Proceeding anyway.", path);
6582 if (st.st_mode & 0002)
6583 log_warning("Configuration file %s is marked world-writable. Please remove world writability permission bits. Proceeding anyway.", path);
6585 if (getpid() == 1 && (st.st_mode & 0044) != 0044)
6586 log_warning("Configuration file %s is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.", path);
6591 unsigned long personality_from_string(const char *p) {
6593 /* Parse a personality specifier. We introduce our own
6594 * identifiers that indicate specific ABIs, rather than just
6595 * hints regarding the register size, since we want to keep
6596 * things open for multiple locally supported ABIs for the
6597 * same register size. We try to reuse the ABI identifiers
6598 * used by libseccomp. */
6600 #if defined(__x86_64__)
6602 if (streq(p, "x86"))
6605 if (streq(p, "x86-64"))
6608 #elif defined(__i386__)
6610 if (streq(p, "x86"))
6614 /* personality(7) documents that 0xffffffffUL is used for
6615 * querying the current personality, hence let's use that here
6616 * as error indicator. */
6617 return 0xffffffffUL;
6620 const char* personality_to_string(unsigned long p) {
6622 #if defined(__x86_64__)
6624 if (p == PER_LINUX32)
6630 #elif defined(__i386__)
6639 uint64_t physical_memory(void) {
6642 /* We return this as uint64_t in case we are running as 32bit
6643 * process on a 64bit kernel with huge amounts of memory */
6645 mem = sysconf(_SC_PHYS_PAGES);
6648 return (uint64_t) mem * (uint64_t) page_size();
6651 char* mount_test_option(const char *haystack, const char *needle) {
6653 struct mntent me = {
6654 .mnt_opts = (char*) haystack
6659 /* Like glibc's hasmntopt(), but works on a string, not a
6665 return hasmntopt(&me, needle);
6668 void hexdump(FILE *f, const void *p, size_t s) {
6669 const uint8_t *b = p;
6672 assert(s == 0 || b);
6677 fprintf(f, "%04x ", n);
6679 for (i = 0; i < 16; i++) {
6684 fprintf(f, "%02x ", b[i]);
6692 for (i = 0; i < 16; i++) {
6697 fputc(isprint(b[i]) ? (char) b[i] : '.', f);
6711 int update_reboot_param_file(const char *param) {
6716 r = write_string_file(REBOOT_PARAM_FILE, param);
6718 log_error("Failed to write reboot param to "
6719 REBOOT_PARAM_FILE": %s", strerror(-r));
6721 unlink(REBOOT_PARAM_FILE);
6726 int umount_recursive(const char *prefix, int flags) {
6730 /* Try to umount everything recursively below a
6731 * directory. Also, take care of stacked mounts, and keep
6732 * unmounting them until they are gone. */
6735 _cleanup_fclose_ FILE *proc_self_mountinfo = NULL;
6740 proc_self_mountinfo = fopen("/proc/self/mountinfo", "re");
6741 if (!proc_self_mountinfo)
6745 _cleanup_free_ char *path = NULL, *p = NULL;
6748 k = fscanf(proc_self_mountinfo,
6749 "%*s " /* (1) mount id */
6750 "%*s " /* (2) parent id */
6751 "%*s " /* (3) major:minor */
6752 "%*s " /* (4) root */
6753 "%ms " /* (5) mount point */
6754 "%*s" /* (6) mount options */
6755 "%*[^-]" /* (7) optional fields */
6756 "- " /* (8) separator */
6757 "%*s " /* (9) file system type */
6758 "%*s" /* (10) mount source */
6759 "%*s" /* (11) mount options 2 */
6760 "%*[^\n]", /* some rubbish at the end */
6769 p = cunescape(path);
6773 if (!path_startswith(p, prefix))
6776 if (umount2(p, flags) < 0) {
6792 int bind_remount_recursive(const char *prefix, bool ro) {
6793 _cleanup_set_free_free_ Set *done = NULL;
6794 _cleanup_free_ char *cleaned = NULL;
6797 /* Recursively remount a directory (and all its submounts)
6798 * read-only or read-write. If the directory is already
6799 * mounted, we reuse the mount and simply mark it
6800 * MS_BIND|MS_RDONLY (or remove the MS_RDONLY for read-write
6801 * operation). If it isn't we first make it one. Afterwards we
6802 * apply MS_BIND|MS_RDONLY (or remove MS_RDONLY) to all
6803 * submounts we can access, too. When mounts are stacked on
6804 * the same mount point we only care for each individual
6805 * "top-level" mount on each point, as we cannot
6806 * influence/access the underlying mounts anyway. We do not
6807 * have any effect on future submounts that might get
6808 * propagated, they migt be writable. This includes future
6809 * submounts that have been triggered via autofs. */
6811 cleaned = strdup(prefix);
6815 path_kill_slashes(cleaned);
6817 done = set_new(&string_hash_ops);
6822 _cleanup_fclose_ FILE *proc_self_mountinfo = NULL;
6823 _cleanup_set_free_free_ Set *todo = NULL;
6824 bool top_autofs = false;
6827 todo = set_new(&string_hash_ops);
6831 proc_self_mountinfo = fopen("/proc/self/mountinfo", "re");
6832 if (!proc_self_mountinfo)
6836 _cleanup_free_ char *path = NULL, *p = NULL, *type = NULL;
6839 k = fscanf(proc_self_mountinfo,
6840 "%*s " /* (1) mount id */
6841 "%*s " /* (2) parent id */
6842 "%*s " /* (3) major:minor */
6843 "%*s " /* (4) root */
6844 "%ms " /* (5) mount point */
6845 "%*s" /* (6) mount options (superblock) */
6846 "%*[^-]" /* (7) optional fields */
6847 "- " /* (8) separator */
6848 "%ms " /* (9) file system type */
6849 "%*s" /* (10) mount source */
6850 "%*s" /* (11) mount options (bind mount) */
6851 "%*[^\n]", /* some rubbish at the end */
6861 p = cunescape(path);
6865 /* Let's ignore autofs mounts. If they aren't
6866 * triggered yet, we want to avoid triggering
6867 * them, as we don't make any guarantees for
6868 * future submounts anyway. If they are
6869 * already triggered, then we will find
6870 * another entry for this. */
6871 if (streq(type, "autofs")) {
6872 top_autofs = top_autofs || path_equal(cleaned, p);
6876 if (path_startswith(p, cleaned) &&
6877 !set_contains(done, p)) {
6879 r = set_consume(todo, p);
6889 /* If we have no submounts to process anymore and if
6890 * the root is either already done, or an autofs, we
6892 if (set_isempty(todo) &&
6893 (top_autofs || set_contains(done, cleaned)))
6896 if (!set_contains(done, cleaned) &&
6897 !set_contains(todo, cleaned)) {
6898 /* The prefix directory itself is not yet a
6899 * mount, make it one. */
6900 if (mount(cleaned, cleaned, NULL, MS_BIND|MS_REC, NULL) < 0)
6903 if (mount(NULL, prefix, NULL, MS_BIND|MS_REMOUNT|(ro ? MS_RDONLY : 0), NULL) < 0)
6906 x = strdup(cleaned);
6910 r = set_consume(done, x);
6915 while ((x = set_steal_first(todo))) {
6917 r = set_consume(done, x);
6923 if (mount(NULL, x, NULL, MS_BIND|MS_REMOUNT|(ro ? MS_RDONLY : 0), NULL) < 0) {
6925 /* Deal with mount points that are
6926 * obstructed by a later mount */
6928 if (errno != ENOENT)
6936 int fflush_and_check(FILE *f) {
6943 return errno ? -errno : -EIO;
6948 char *tempfn_xxxxxx(const char *p) {
6955 t = new(char, strlen(p) + 1 + 6 + 1);
6962 strcpy(stpcpy(stpcpy(mempcpy(t, p, k), "."), fn), "XXXXXX");
6967 char *tempfn_random(const char *p) {
6976 t = new(char, strlen(p) + 1 + 16 + 1);
6983 x = stpcpy(stpcpy(mempcpy(t, p, k), "."), fn);
6986 for (i = 0; i < 16; i++) {
6987 *(x++) = hexchar(u & 0xF);
6996 /* make sure the hostname is not "localhost" */
6997 bool is_localhost(const char *hostname) {
7000 /* This tries to identify local host and domain names
7001 * described in RFC6761 plus the redhatism of .localdomain */
7003 return streq(hostname, "localhost") ||
7004 streq(hostname, "localhost.") ||
7005 streq(hostname, "localdomain.") ||
7006 streq(hostname, "localdomain") ||
7007 endswith(hostname, ".localhost") ||
7008 endswith(hostname, ".localhost.") ||
7009 endswith(hostname, ".localdomain") ||
7010 endswith(hostname, ".localdomain.");
7013 int take_password_lock(const char *root) {
7015 struct flock flock = {
7017 .l_whence = SEEK_SET,
7025 /* This is roughly the same as lckpwdf(), but not as awful. We
7026 * don't want to use alarm() and signals, hence we implement
7027 * our own trivial version of this.
7029 * Note that shadow-utils also takes per-database locks in
7030 * addition to lckpwdf(). However, we don't given that they
7031 * are redundant as they they invoke lckpwdf() first and keep
7032 * it during everything they do. The per-database locks are
7033 * awfully racy, and thus we just won't do them. */
7036 path = strappenda(root, "/etc/.pwd.lock");
7038 path = "/etc/.pwd.lock";
7040 fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0600);
7044 r = fcntl(fd, F_SETLKW, &flock);
7053 int is_symlink(const char *path) {
7056 if (lstat(path, &info) < 0)
7059 return !!S_ISLNK(info.st_mode);
7062 int is_dir(const char* path, bool follow) {
7067 r = stat(path, &st);
7069 r = lstat(path, &st);
7073 return !!S_ISDIR(st.st_mode);
7076 int unquote_first_word(const char **p, char **ret, bool relax) {
7077 _cleanup_free_ char *s = NULL;
7078 size_t allocated = 0, sz = 0;
7085 SINGLE_QUOTE_ESCAPE,
7087 DOUBLE_QUOTE_ESCAPE,
7095 /* Parses the first word of a string, and returns it in
7096 * *ret. Removes all quotes in the process. When parsing fails
7097 * (because of an uneven number of quotes or similar), leaves
7098 * the pointer *p at the first invalid character. */
7108 else if (strchr(WHITESPACE, c))
7118 state = SINGLE_QUOTE;
7120 state = VALUE_ESCAPE;
7122 state = DOUBLE_QUOTE;
7123 else if (strchr(WHITESPACE, c))
7126 if (!GREEDY_REALLOC(s, allocated, sz+2))
7141 if (!GREEDY_REALLOC(s, allocated, sz+2))
7154 } else if (c == '\'')
7157 state = SINGLE_QUOTE_ESCAPE;
7159 if (!GREEDY_REALLOC(s, allocated, sz+2))
7167 case SINGLE_QUOTE_ESCAPE:
7174 if (!GREEDY_REALLOC(s, allocated, sz+2))
7178 state = SINGLE_QUOTE;
7187 state = DOUBLE_QUOTE_ESCAPE;
7189 if (!GREEDY_REALLOC(s, allocated, sz+2))
7197 case DOUBLE_QUOTE_ESCAPE:
7204 if (!GREEDY_REALLOC(s, allocated, sz+2))
7208 state = DOUBLE_QUOTE;
7214 if (!strchr(WHITESPACE, c))
7236 int unquote_many_words(const char **p, ...) {
7241 /* Parses a number of words from a string, stripping any
7242 * quotes if necessary. */
7246 /* Count how many words are expected */
7249 if (!va_arg(ap, char **))
7258 /* Read all words into a temporary array */
7259 l = newa0(char*, n);
7260 for (c = 0; c < n; c++) {
7262 r = unquote_first_word(p, &l[c], false);
7266 for (j = 0; j < c; j++)
7276 /* If we managed to parse all words, return them in the passed
7279 for (i = 0; i < n; i++) {
7282 v = va_arg(ap, char **);
7292 int free_and_strdup(char **p, const char *s) {
7297 /* Replaces a string pointer with an strdup()ed new string,
7298 * possibly freeing the old one. */
7313 int sethostname_idempotent(const char *s) {
7315 char buf[HOST_NAME_MAX + 1] = {};
7319 r = gethostname(buf, sizeof(buf));
7326 r = sethostname(s, strlen(s));