#include "seccomp-util.h"
#endif
-#if !defined(HAVE_SYSV_COMPAT) || !defined(HAVE_SECCOMP) || !defined(HAVE_LIBWRAP) || !defined(HAVE_PAM) || !defined(HAVE_SELINUX) || !defined(HAVE_SMACK) || !defined(HAVE_APPARMOR)
+#if !defined(HAVE_SYSV_COMPAT) || !defined(HAVE_SECCOMP) || !defined(HAVE_PAM) || !defined(HAVE_SELINUX) || !defined(HAVE_SMACK) || !defined(HAVE_APPARMOR)
int config_parse_warn_compat(
const char *unit,
const char *filename,
UnitDependency d = ltype;
Unit *u = userdata;
- char *w;
+ char *w, *state;
size_t l;
- char *state;
assert(filename);
assert(lvalue);
void *data,
void *userdata) {
- Unit *u = userdata;
_cleanup_free_ char *k = NULL;
+ Unit *u = userdata;
int r;
assert(filename);
assert(u);
r = unit_full_printf(u, rvalue, &k);
- if (r < 0)
- log_syntax(unit, LOG_ERR, filename, line, -r,
- "Failed to resolve unit specifiers on %s, ignoring: %s", rvalue, strerror(-r));
+ if (r < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, -r, "Failed to resolve unit specifiers on %s, ignoring: %s", rvalue, strerror(-r));
+ return 0;
+ }
- return config_parse_path(unit, filename, line, section, section_line, lvalue, ltype,
- k ? k : rvalue, data, userdata);
+ return config_parse_path(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
+}
+
+int config_parse_unit_path_strv_printf(
+ const char *unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ char *w, *state, ***x = data;
+ Unit *u = userdata;
+ size_t l;
+ int r;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(u);
+
+ FOREACH_WORD_QUOTED(w, l, rvalue, state) {
+ _cleanup_free_ char *k = NULL;
+ char t[l+1];
+
+ memcpy(t, w, l);
+ t[l] = 0;
+
+ r = unit_full_printf(u, t, &k);
+ if (r < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, -r, "Failed to resolve unit specifiers on %s, ignoring: %s", t, strerror(-r));
+ return 0;
+ }
+
+ if (!utf8_is_valid(k)) {
+ log_invalid_utf8(unit, LOG_ERR, filename, line, EINVAL, rvalue);
+ return 0;
+ }
+
+ if (!path_is_absolute(k)) {
+ log_syntax(unit, LOG_ERR, filename, line, -r, "Symlink path %s is not absolute, ignoring: %s", k, strerror(-r));
+ return 0;
+ }
+
+ path_kill_slashes(k);
+
+ r = strv_push(x, k);
+ if (r < 0)
+ return log_oom();
+
+ k = NULL;
+ }
+
+ return 0;
}
int config_parse_socket_listen(const char *unit,
}
DEFINE_CONFIG_PARSE_ENUM(config_parse_notify_access, notify_access, NotifyAccess, "Failed to parse notify access specifier");
-DEFINE_CONFIG_PARSE_ENUM(config_parse_start_limit_action, start_limit_action, StartLimitAction, "Failed to parse start limit action specifier");
+DEFINE_CONFIG_PARSE_ENUM(config_parse_failure_action, failure_action, FailureAction, "Failed to parse failure action specifier");
int config_parse_unit_requires_mounts_for(
const char *unit,
void *data,
void *userdata) {
- CGroupContext *c = data;
- unsigned long lu;
+ unsigned long *shares = data, lu;
int r;
assert(filename);
assert(rvalue);
if (isempty(rvalue)) {
- c->cpu_shares = 1024;
+ *shares = (unsigned long) -1;
return 0;
}
r = safe_atolu(rvalue, &lu);
if (r < 0 || lu <= 0) {
- log_syntax(unit, LOG_ERR, filename, line, EINVAL,
- "CPU shares '%s' invalid. Ignoring.", rvalue);
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL, "CPU shares '%s' invalid. Ignoring.", rvalue);
return 0;
}
- c->cpu_shares = lu;
+ *shares = lu;
+ return 0;
+}
+
+int config_parse_cpu_quota(
+ const char *unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ CGroupContext *c = data;
+ double percent;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+
+ if (isempty(rvalue)) {
+ c->cpu_quota_per_sec_usec = (usec_t) -1;
+ return 0;
+ }
+
+ if (!endswith(rvalue, "%")) {
+
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL, "CPU quota '%s' not ending in '%%'. Ignoring.", rvalue);
+ return 0;
+ }
+
+ if (sscanf(rvalue, "%lf%%", &percent) != 1 || percent <= 0) {
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL, "CPU quota '%s' invalid. Ignoring.", rvalue);
+ return 0;
+ }
+
+ c->cpu_quota_per_sec_usec = (usec_t) (percent * USEC_PER_SEC / 100);
+
return 0;
}
void *data,
void *userdata) {
- CGroupContext *c = data;
- unsigned long lu;
+ unsigned long *weight = data, lu;
int r;
assert(filename);
assert(rvalue);
if (isempty(rvalue)) {
- c->blockio_weight = 1000;
+ *weight = (unsigned long) -1;
return 0;
}
r = safe_atolu(rvalue, &lu);
if (r < 0 || lu < 10 || lu > 1000) {
- log_syntax(unit, LOG_ERR, filename, line, EINVAL,
- "Block IO weight '%s' invalid. Ignoring.", rvalue);
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Block IO weight '%s' invalid. Ignoring.", rvalue);
return 0;
}
- c->blockio_weight = lu;
-
+ *weight = lu;
return 0;
}
n = strcspn(rvalue, WHITESPACE);
weight = rvalue + n;
if (!*weight) {
- log_syntax(unit, LOG_ERR, filename, line, EINVAL,
- "Expected block device and device weight. Ignoring.");
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Expected block device and device weight. Ignoring.");
return 0;
}
return log_oom();
if (!path_startswith(path, "/dev")) {
- log_syntax(unit, LOG_ERR, filename, line, EINVAL,
- "Invalid device node path '%s'. Ignoring.", path);
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Invalid device node path '%s'. Ignoring.", path);
return 0;
}
weight += strspn(weight, WHITESPACE);
r = safe_atolu(weight, &lu);
if (r < 0 || lu < 10 || lu > 1000) {
- log_syntax(unit, LOG_ERR, filename, line, EINVAL,
- "Block IO weight '%s' invalid. Ignoring.", rvalue);
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Block IO weight '%s' invalid. Ignoring.", rvalue);
return 0;
}
-
w = new0(CGroupBlockIODeviceWeight, 1);
if (!w)
return log_oom();
return 0;
}
-int config_parse_no_new_priviliges(
+int config_parse_no_new_privileges(
const char* unit,
const char *filename,
unsigned line,
return 0;
}
+int config_parse_protect_home(
+ const char* unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ ExecContext *c = data;
+ int k;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ /* Our enum shall be a superset of booleans, hence first try
+ * to parse as as boolean, and then as enum */
+
+ k = parse_boolean(rvalue);
+ if (k > 0)
+ c->protect_home = PROTECT_HOME_YES;
+ else if (k == 0)
+ c->protect_home = PROTECT_HOME_NO;
+ else {
+ ProtectHome h;
+
+ h = protect_home_from_string(rvalue);
+ if (h < 0){
+ log_syntax(unit, LOG_ERR, filename, line, -h, "Failed to parse protect home value, ignoring: %s", rvalue);
+ return 0;
+ }
+
+ c->protect_home = h;
+ }
+
+ return 0;
+}
+
+int config_parse_protect_system(
+ const char* unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ ExecContext *c = data;
+ int k;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ /* Our enum shall be a superset of booleans, hence first try
+ * to parse as as boolean, and then as enum */
+
+ k = parse_boolean(rvalue);
+ if (k > 0)
+ c->protect_system = PROTECT_SYSTEM_YES;
+ else if (k == 0)
+ c->protect_system = PROTECT_SYSTEM_NO;
+ else {
+ ProtectSystem s;
+
+ s = protect_system_from_string(rvalue);
+ if (s < 0){
+ log_syntax(unit, LOG_ERR, filename, line, -s, "Failed to parse protect system value, ignoring: %s", rvalue);
+ return 0;
+ }
+
+ c->protect_system = s;
+ }
+
+ return 0;
+}
+
#define FOLLOW_MAX 8
static int open_follow(char **filename, FILE **_f, Set *names, char **_final) {
const ConfigParserCallback callback;
const char *rvalue;
} table[] = {
-#if !defined(HAVE_SYSV_COMPAT) || !defined(HAVE_SECCOMP) || !defined(HAVE_LIBWRAP) || !defined(HAVE_PAM) || !defined(HAVE_SELINUX) || !defined(HAVE_SMACK) || !defined(HAVE_APPARMOR)
+#if !defined(HAVE_SYSV_COMPAT) || !defined(HAVE_SECCOMP) || !defined(HAVE_PAM) || !defined(HAVE_SELINUX) || !defined(HAVE_SMACK) || !defined(HAVE_APPARMOR)
{ config_parse_warn_compat, "NOTSUPPORTED" },
#endif
{ config_parse_int, "INTEGER" },
{ config_parse_unit_slice, "SLICE" },
{ config_parse_documentation, "URL" },
{ config_parse_service_timeout, "SECONDS" },
- { config_parse_start_limit_action, "ACTION" },
+ { config_parse_failure_action, "ACTION" },
{ config_parse_set_status, "STATUS" },
{ config_parse_service_sockets, "SOCKETS" },
{ config_parse_environ, "ENVIRON" },