#include "exit-status.h"
#include "missing.h"
#include "utmp-wtmp.h"
+#include "def.h"
/* This assumes there is a 'tty' group */
#define TTY_MODE 0620
return "/dev/console";
}
+void exec_context_tty_reset(const ExecContext *context) {
+ assert(context);
+
+ if (context->tty_vhangup)
+ terminal_vhangup(tty_path(context));
+
+ if (context->tty_reset)
+ reset_terminal(tty_path(context));
+
+ if (context->tty_vt_disallocate && context->tty_path)
+ vt_disallocate(context->tty_path);
+}
+
static int open_null_as(int flags, int nfd) {
int fd, r;
char **i;
/* Final step, initialize any manually set supplementary groups */
- ngroups_max = (int) sysconf(_SC_NGROUPS_MAX);
+ assert_se((ngroups_max = (int) sysconf(_SC_NGROUPS_MAX)) > 0);
if (!(gids = new(gid_t, ngroups_max)))
return -ENOMEM;
close_session = true;
- if ((pam_code = pam_setcred(handle, PAM_ESTABLISH_CRED | PAM_SILENT)) != PAM_SUCCESS)
- goto fail;
-
if ((!(e = pam_getenvlist(handle)))) {
pam_code = PAM_BUF_ERR;
goto fail;
/* This string must fit in 10 chars (i.e. the length
* of "/sbin/init") */
- rename_process("sd:pam");
+ rename_process("sd(PAM)");
/* Make sure we don't keep open the passed fds in this
child. We assume that otherwise only those fds are
/* Check if our parent process might already have
* died? */
if (getppid() == parent_pid) {
- if (sigwait(&ss, &sig) < 0)
- goto child_finish;
+ for (;;) {
+ if (sigwait(&ss, &sig) < 0) {
+ if (errno == EINTR)
+ continue;
- assert(sig == SIGTERM);
+ goto child_finish;
+ }
+
+ assert(sig == SIGTERM);
+ break;
+ }
}
- /* Only if our parent died we'll end the session */
+ /* If our parent died we'll end the session */
if (getppid() != parent_pid)
if ((pam_code = pam_close_session(handle, PAM_DATA_SILENT)) != PAM_SUCCESS)
goto child_finish;
* cleanups, so forget about the handle here. */
handle = NULL;
- /* Unblock SIGSUR1 again in the parent */
+ /* Unblock SIGTERM again in the parent */
if (sigprocmask(SIG_SETMASK, &old_ss, NULL) < 0)
goto fail;
}
#endif
+static int do_capability_bounding_set_drop(uint64_t drop) {
+ unsigned long i;
+ cap_t old_cap = NULL, new_cap = NULL;
+ cap_flag_value_t fv;
+ int r;
+
+ /* If we are run as PID 1 we will lack CAP_SETPCAP by default
+ * in the effective set (yes, the kernel drops that when
+ * executing init!), so get it back temporarily so that we can
+ * call PR_CAPBSET_DROP. */
+
+ old_cap = cap_get_proc();
+ if (!old_cap)
+ return -errno;
+
+ if (cap_get_flag(old_cap, CAP_SETPCAP, CAP_EFFECTIVE, &fv) < 0) {
+ r = -errno;
+ goto finish;
+ }
+
+ if (fv != CAP_SET) {
+ static const cap_value_t v = CAP_SETPCAP;
+
+ new_cap = cap_dup(old_cap);
+ if (!new_cap) {
+ r = -errno;
+ goto finish;
+ }
+
+ if (cap_set_flag(new_cap, CAP_EFFECTIVE, 1, &v, CAP_SET) < 0) {
+ r = -errno;
+ goto finish;
+ }
+
+ if (cap_set_proc(new_cap) < 0) {
+ r = -errno;
+ goto finish;
+ }
+ }
+
+ for (i = 0; i <= MAX(63LU, (unsigned long) CAP_LAST_CAP); i++)
+ if (drop & ((uint64_t) 1ULL << (uint64_t) i)) {
+ if (prctl(PR_CAPBSET_DROP, i) < 0) {
+ if (errno == EINVAL)
+ break;
+
+ r = -errno;
+ goto finish;
+ }
+ }
+
+ r = 0;
+
+finish:
+ if (new_cap)
+ cap_free(new_cap);
+
+ if (old_cap) {
+ cap_set_proc(old_cap);
+ cap_free(old_cap);
+ }
+
+ return r;
+}
+
int exec_spawn(ExecCommand *command,
char **argv,
const ExecContext *context,
/* This string must fit in 10 chars (i.e. the length
* of "/sbin/init") */
- rename_process("sd:exec");
+ rename_process("sd.exec");
/* We reset exactly these signals, since they are the
* only ones we set to SIG_IGN in the main daemon. All
}
}
+ exec_context_tty_reset(context);
+
/* We skip the confirmation step if we shall not apply the TTY */
if (confirm_spawn &&
(!is_terminal_input(context->std_input) || apply_tty_stdin)) {
snprintf(t, sizeof(t), "%i", adj);
char_array_0(t);
- if (write_one_line_file("/proc/self/oom_adj", t) < 0) {
+ if (write_one_line_file("/proc/self/oom_adj", t) < 0
+ && errno != EACCES) {
r = EXIT_OOM_ADJUST;
goto fail_child;
}
r = EXIT_STDIN;
goto fail_child;
}
- }
-#ifdef HAVE_PAM
- if (context->pam_name && username) {
- if (setup_pam(context->pam_name, username, context->tty_path, &pam_env, fds, n_fds) < 0) {
- r = EXIT_PAM;
- goto fail_child;
- }
+ if (cgroup_bondings && context->control_group_modify)
+ if (cgroup_bonding_set_group_access_list(cgroup_bondings, 0755, uid, gid) < 0 ||
+ cgroup_bonding_set_task_access_list(cgroup_bondings, 0644, uid, gid) < 0) {
+ r = EXIT_CGROUP;
+ goto fail_child;
+ }
}
-#endif
if (apply_permissions)
if (enforce_groups(context, username, uid) < 0) {
umask(context->umask);
+#ifdef HAVE_PAM
+ if (context->pam_name && username) {
+ if (setup_pam(context->pam_name, username, context->tty_path, &pam_env, fds, n_fds) < 0) {
+ r = EXIT_PAM;
+ goto fail_child;
+ }
+ }
+#endif
+
if (strv_length(context->read_write_dirs) > 0 ||
strv_length(context->read_only_dirs) > 0 ||
strv_length(context->inaccessible_dirs) > 0 ||
}
}
+ if (context->capability_bounding_set_drop)
+ if (do_capability_bounding_set_drop(context->capability_bounding_set_drop) < 0) {
+ r = EXIT_CAPABILITIES;
+ goto fail_child;
+ }
+
if (context->user)
if (enforce_user(context, uid) < 0) {
r = EXIT_USER;
"%sWorkingDirectory: %s\n"
"%sRootDirectory: %s\n"
"%sNonBlocking: %s\n"
- "%sPrivateTmp: %s\n",
+ "%sPrivateTmp: %s\n"
+ "%sControlGroupModify: %s\n",
prefix, c->umask,
prefix, c->working_directory ? c->working_directory : "/",
prefix, c->root_directory ? c->root_directory : "/",
prefix, yes_no(c->non_blocking),
- prefix, yes_no(c->private_tmp));
+ prefix, yes_no(c->private_tmp),
+ prefix, yes_no(c->control_group_modify));
STRV_FOREACH(e, c->environment)
fprintf(f, "%sEnvironment: %s\n", prefix, *e);
if (c->tty_path)
fprintf(f,
- "%sTTYPath: %s\n",
- prefix, c->tty_path);
+ "%sTTYPath: %s\n"
+ "%sTTYReset: %s\n"
+ "%sTTYVHangup: %s\n"
+ "%sTTYVTDisallocate: %s\n",
+ prefix, c->tty_path,
+ prefix, yes_no(c->tty_reset),
+ prefix, yes_no(c->tty_vhangup),
+ prefix, yes_no(c->tty_vt_disallocate));
if (c->std_output == EXEC_OUTPUT_SYSLOG || c->std_output == EXEC_OUTPUT_KMSG ||
c->std_output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE || c->std_output == EXEC_OUTPUT_KMSG_AND_CONSOLE ||
fprintf(f,
"%sSyslogFacility: %s\n"
"%sSyslogLevel: %s\n",
- prefix, log_facility_to_string(LOG_FAC(c->syslog_priority)),
+ prefix, log_facility_unshifted_to_string(c->syslog_priority >> 3),
prefix, log_level_to_string(LOG_PRI(c->syslog_priority)));
if (c->capabilities) {
(c->secure_bits & SECURE_NOROOT_LOCKED) ? "noroot-locked" : "");
if (c->capability_bounding_set_drop) {
- fprintf(f, "%sCapabilityBoundingSetDrop:", prefix);
+ unsigned long l;
+ fprintf(f, "%sCapabilityBoundingSet:", prefix);
- for (i = 0; i <= CAP_LAST_CAP; i++)
- if (c->capability_bounding_set_drop & (1 << i)) {
+ for (l = 0; l <= (unsigned long) CAP_LAST_CAP; l++)
+ if (!(c->capability_bounding_set_drop & ((uint64_t) 1ULL << (uint64_t) l))) {
char *t;
- if ((t = cap_to_name(i))) {
+ if ((t = cap_to_name(l))) {
fprintf(f, " %s", t);
- free(t);
+ cap_free(t);
}
}
dual_timestamp_get(&s->start_timestamp);
}
-void exec_status_exit(ExecStatus *s, pid_t pid, int code, int status, const char *utmp_id) {
+void exec_status_exit(ExecStatus *s, ExecContext *context, pid_t pid, int code, int status) {
assert(s);
if ((s->pid && s->pid != pid) ||
s->code = code;
s->status = status;
- if (utmp_id)
- utmp_put_dead_process(utmp_id, pid, code, status);
+ if (context) {
+ if (context->utmp_id)
+ utmp_put_dead_process(context->utmp_id, pid, code, status);
+
+ exec_context_tty_reset(context);
+ }
}
void exec_status_dump(ExecStatus *s, FILE *f, const char *prefix) {
static const char* const kill_mode_table[_KILL_MODE_MAX] = {
[KILL_CONTROL_GROUP] = "control-group",
- [KILL_PROCESS_GROUP] = "process-group",
[KILL_PROCESS] = "process",
[KILL_NONE] = "none"
};