X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fcore%2Fmain.c;h=c89c12343ecafc6ef097630bb11af58c0fcf7a0b;hb=5b1869eaa22e365ab6595924fe96549b279b5ebc;hp=0178f107200a300e7f38199204f2f39c5d61a00d;hpb=bd6d2963396061ed068c4c6c54d8104b59ba91dc;p=elogind.git diff --git a/src/core/main.c b/src/core/main.c index 0178f1072..c89c12343 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -90,6 +90,11 @@ static bool arg_switched_root = false; static char ***arg_join_controllers = NULL; static ExecOutput arg_default_std_output = EXEC_OUTPUT_JOURNAL; static ExecOutput arg_default_std_error = EXEC_OUTPUT_INHERIT; +static usec_t arg_default_restart_usec = DEFAULT_RESTART_USEC; +static usec_t arg_default_timeout_start_usec = DEFAULT_TIMEOUT_USEC; +static usec_t arg_default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC; +static usec_t arg_default_start_limit_interval = DEFAULT_START_LIMIT_INTERVAL; +static unsigned arg_default_start_limit_burst = DEFAULT_START_LIMIT_BURST; static usec_t arg_runtime_watchdog = 0; static usec_t arg_shutdown_watchdog = 10 * USEC_PER_MINUTE; static char **arg_default_environment = NULL; @@ -636,6 +641,11 @@ static int parse_config_file(void) { { "Manager", "CPUAffinity", config_parse_cpu_affinity2, 0, NULL }, { "Manager", "DefaultStandardOutput", config_parse_output, 0, &arg_default_std_output }, { "Manager", "DefaultStandardError", config_parse_output, 0, &arg_default_std_error }, + { "Manager", "DefaultTimeoutStartSec", config_parse_sec, 0, &arg_default_timeout_start_usec }, + { "Manager", "DefaultTimeoutStopSec", config_parse_sec, 0, &arg_default_timeout_stop_usec }, + { "Manager", "DefaultRestartSec", config_parse_sec, 0, &arg_default_restart_usec }, + { "Manager", "DefaultStartLimitInterval", config_parse_sec, 0, &arg_default_start_limit_interval }, + { "Manager", "DefaultStartLimitBurst", config_parse_unsigned, 0, &arg_default_start_limit_burst }, { "Manager", "JoinControllers", config_parse_join_controllers, 0, &arg_join_controllers }, { "Manager", "RuntimeWatchdogSec", config_parse_sec, 0, &arg_runtime_watchdog }, { "Manager", "ShutdownWatchdogSec", config_parse_sec, 0, &arg_shutdown_watchdog }, @@ -685,19 +695,14 @@ static int parse_config_file(void) { static int parse_proc_cmdline(void) { _cleanup_free_ char *line = NULL; char *w, *state; - int r; size_t l; + int r; - /* Don't read /proc/cmdline if we are in a container, since - * that is only relevant for the host system */ - if (detect_container(NULL) > 0) - return 0; - - r = read_one_line_file("/proc/cmdline", &line); - if (r < 0) { + r = proc_cmdline(&line); + if (r < 0) log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r)); + if (r <= 0) return 0; - } FOREACH_WORD_QUOTED(w, l, line, state) { _cleanup_free_ char *word; @@ -735,7 +740,6 @@ static int parse_argv(int argc, char *argv[]) { ARG_SHOW_STATUS, ARG_DESERIALIZE, ARG_SWITCHED_ROOT, - ARG_INTROSPECT, ARG_DEFAULT_STD_OUTPUT, ARG_DEFAULT_STD_ERROR }; @@ -758,7 +762,6 @@ static int parse_argv(int argc, char *argv[]) { { "show-status", optional_argument, NULL, ARG_SHOW_STATUS }, { "deserialize", required_argument, NULL, ARG_DESERIALIZE }, { "switched-root", no_argument, NULL, ARG_SWITCHED_ROOT }, - { "introspect", optional_argument, NULL, ARG_INTROSPECT }, { "default-standard-output", required_argument, NULL, ARG_DEFAULT_STD_OUTPUT, }, { "default-standard-error", required_argument, NULL, ARG_DEFAULT_STD_ERROR, }, { NULL, 0, NULL, 0 } @@ -930,27 +933,6 @@ static int parse_argv(int argc, char *argv[]) { arg_switched_root = true; break; - case ARG_INTROSPECT: { - const char * const * i = NULL; - - for (i = bus_interface_table; *i; i += 2) - if (!optarg || streq(i[0], optarg)) { - fputs(DBUS_INTROSPECT_1_0_XML_DOCTYPE_DECL_NODE - "\n", stdout); - fputs(i[1], stdout); - fputs("\n", stdout); - - if (optarg) - break; - } - - if (!i[0] && optarg) - log_error("Unknown interface %s.", optarg); - - arg_action = ACTION_DONE; - break; - } - case 'h': arg_action = ACTION_HELP; break; @@ -996,11 +978,13 @@ static int parse_argv(int argc, char *argv[]) { * relevant for the container, hence we rely on argv[] * instead. */ - for (a = argv; a < argv + argc; a++) - if ((r = parse_proc_cmdline_word(*a)) < 0) { + for (a = argv; a < argv + argc; a++) { + r = parse_proc_cmdline_word(*a); + if (r < 0) { log_error("Failed on cmdline argument %s: %s", *a, strerror(-r)); return r; } + } } return 0; @@ -1013,7 +997,6 @@ static int help(void) { " -h --help Show this help\n" " --test Determine startup sequence, dump it and exit\n" " --dump-configuration-items Dump understood unit configuration items\n" - " --introspect[=INTERFACE] Extract D-Bus interface data\n" " --unit=UNIT Set default unit\n" " --system Run a system instance, even if PID != 1\n" " --user Run a user instance\n" @@ -1218,6 +1201,8 @@ int main(int argc, char *argv[]) { dual_timestamp initrd_timestamp = { 0ULL, 0ULL }; dual_timestamp userspace_timestamp = { 0ULL, 0ULL }; dual_timestamp kernel_timestamp = { 0ULL, 0ULL }; + dual_timestamp security_start_timestamp = { 0ULL, 0ULL }; + dual_timestamp security_finish_timestamp = { 0ULL, 0ULL }; static char systemd[] = "systemd"; bool skip_setup = false; int j; @@ -1265,6 +1250,10 @@ int main(int argc, char *argv[]) { log_show_color(isatty(STDERR_FILENO) > 0); + /* Disable the umask logic */ + if (getpid() == 1) + umask(0); + if (getpid() == 1 && detect_container(NULL) <= 0) { /* Running outside of a container as PID 1 */ @@ -1278,12 +1267,14 @@ int main(int argc, char *argv[]) { if (!skip_setup) { mount_setup_early(); + dual_timestamp_get(&security_start_timestamp); if (selinux_setup(&loaded_policy) < 0) goto finish; if (ima_setup() < 0) goto finish; if (smack_setup() < 0) goto finish; + dual_timestamp_get(&security_finish_timestamp); } if (label_init(NULL) < 0) @@ -1422,6 +1413,12 @@ int main(int argc, char *argv[]) { goto finish; } + if (arg_running_as == SYSTEMD_USER && + !getenv("XDG_RUNTIME_DIR")) { + log_error("Trying to run as user instance, but $XDG_RUNTIME_DIR is not set."); + goto finish; + } + assert_se(arg_action == ACTION_RUN || arg_action == ACTION_TEST); /* Close logging fds, in order not to confuse fdset below */ @@ -1438,14 +1435,10 @@ int main(int argc, char *argv[]) { if (serialization) assert_se(fdset_remove(fds, fileno(serialization)) >= 0); - if (arg_running_as == SYSTEMD_SYSTEM) { + if (arg_running_as == SYSTEMD_SYSTEM) /* Become a session leader if we aren't one yet. */ setsid(); - /* Disable the umask logic */ - umask(0); - } - /* Move out of the way, so that we won't block unmounts */ assert_se(chdir("/") == 0); @@ -1509,14 +1502,14 @@ int main(int argc, char *argv[]) { log_error("Failed to adjust timer slack: %m"); if (arg_capability_bounding_set_drop) { - r = capability_bounding_set_drop(arg_capability_bounding_set_drop, true); + r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop); if (r < 0) { - log_error("Failed to drop capability bounding set: %s", strerror(-r)); + log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r)); goto finish; } - r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop); + r = capability_bounding_set_drop(arg_capability_bounding_set_drop, true); if (r < 0) { - log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r)); + log_error("Failed to drop capability bounding set: %s", strerror(-r)); goto finish; } } @@ -1542,11 +1535,18 @@ int main(int argc, char *argv[]) { m->confirm_spawn = arg_confirm_spawn; m->default_std_output = arg_default_std_output; m->default_std_error = arg_default_std_error; + m->default_restart_usec = arg_default_restart_usec; + m->default_timeout_start_usec = arg_default_timeout_start_usec; + m->default_timeout_stop_usec = arg_default_timeout_stop_usec; + m->default_start_limit_interval = arg_default_start_limit_interval; + m->default_start_limit_burst = arg_default_start_limit_burst; m->runtime_watchdog = arg_runtime_watchdog; m->shutdown_watchdog = arg_shutdown_watchdog; m->userspace_timestamp = userspace_timestamp; m->kernel_timestamp = kernel_timestamp; m->initrd_timestamp = initrd_timestamp; + m->security_start_timestamp = security_start_timestamp; + m->security_finish_timestamp = security_finish_timestamp; manager_set_default_rlimits(m, arg_default_rlimit); @@ -1567,6 +1567,7 @@ int main(int argc, char *argv[]) { /* This will close all file descriptors that were opened, but * not claimed by any unit. */ fdset_free(fds); + fds = NULL; if (serialization) { fclose(serialization);