1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
29 #include <sys/socket.h>
31 #include <sys/prctl.h>
32 #include <linux/sched.h>
33 #include <sys/types.h>
37 #include <sys/mount.h>
39 #include <linux/oom.h>
46 #include <security/pam_appl.h>
50 #include <selinux/selinux.h>
60 #include "capability.h"
63 #include "sd-messages.h"
65 #include "securebits.h"
66 #include "namespace.h"
68 #include "exit-status.h"
70 #include "utmp-wtmp.h"
72 #include "path-util.h"
77 #include "selinux-util.h"
78 #include "errno-list.h"
81 #include "seccomp-util.h"
84 #define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)
85 #define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC)
87 /* This assumes there is a 'tty' group */
90 #define SNDBUF_SIZE (8*1024*1024)
92 static int shift_fds(int fds[], unsigned n_fds) {
93 int start, restart_from;
98 /* Modifies the fds array! (sorts it) */
108 for (i = start; i < (int) n_fds; i++) {
111 /* Already at right index? */
115 if ((nfd = fcntl(fds[i], F_DUPFD, i+3)) < 0)
118 close_nointr_nofail(fds[i]);
121 /* Hmm, the fd we wanted isn't free? Then
122 * let's remember that and try again from here*/
123 if (nfd != i+3 && restart_from < 0)
127 if (restart_from < 0)
130 start = restart_from;
136 static int flags_fds(const int fds[], unsigned n_fds, bool nonblock) {
145 /* Drops/Sets O_NONBLOCK and FD_CLOEXEC from the file flags */
147 for (i = 0; i < n_fds; i++) {
149 if ((r = fd_nonblock(fds[i], nonblock)) < 0)
152 /* We unconditionally drop FD_CLOEXEC from the fds,
153 * since after all we want to pass these fds to our
156 if ((r = fd_cloexec(fds[i], false)) < 0)
163 _pure_ static const char *tty_path(const ExecContext *context) {
166 if (context->tty_path)
167 return context->tty_path;
169 return "/dev/console";
172 static void exec_context_tty_reset(const ExecContext *context) {
175 if (context->tty_vhangup)
176 terminal_vhangup(tty_path(context));
178 if (context->tty_reset)
179 reset_terminal(tty_path(context));
181 if (context->tty_vt_disallocate && context->tty_path)
182 vt_disallocate(context->tty_path);
185 static bool is_terminal_output(ExecOutput o) {
187 o == EXEC_OUTPUT_TTY ||
188 o == EXEC_OUTPUT_SYSLOG_AND_CONSOLE ||
189 o == EXEC_OUTPUT_KMSG_AND_CONSOLE ||
190 o == EXEC_OUTPUT_JOURNAL_AND_CONSOLE;
193 static int open_null_as(int flags, int nfd) {
198 fd = open("/dev/null", flags|O_NOCTTY);
203 r = dup2(fd, nfd) < 0 ? -errno : nfd;
204 close_nointr_nofail(fd);
211 static int connect_logger_as(const ExecContext *context, ExecOutput output, const char *ident, const char *unit_id, int nfd) {
213 union sockaddr_union sa = {
214 .un.sun_family = AF_UNIX,
215 .un.sun_path = "/run/systemd/journal/stdout",
219 assert(output < _EXEC_OUTPUT_MAX);
223 fd = socket(AF_UNIX, SOCK_STREAM, 0);
227 r = connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path));
229 close_nointr_nofail(fd);
233 if (shutdown(fd, SHUT_RD) < 0) {
234 close_nointr_nofail(fd);
238 fd_inc_sndbuf(fd, SNDBUF_SIZE);
248 context->syslog_identifier ? context->syslog_identifier : ident,
250 context->syslog_priority,
251 !!context->syslog_level_prefix,
252 output == EXEC_OUTPUT_SYSLOG || output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
253 output == EXEC_OUTPUT_KMSG || output == EXEC_OUTPUT_KMSG_AND_CONSOLE,
254 is_terminal_output(output));
257 r = dup2(fd, nfd) < 0 ? -errno : nfd;
258 close_nointr_nofail(fd);
264 static int open_terminal_as(const char *path, mode_t mode, int nfd) {
270 if ((fd = open_terminal(path, mode | O_NOCTTY)) < 0)
274 r = dup2(fd, nfd) < 0 ? -errno : nfd;
275 close_nointr_nofail(fd);
282 static bool is_terminal_input(ExecInput i) {
284 i == EXEC_INPUT_TTY ||
285 i == EXEC_INPUT_TTY_FORCE ||
286 i == EXEC_INPUT_TTY_FAIL;
289 static int fixup_input(ExecInput std_input, int socket_fd, bool apply_tty_stdin) {
291 if (is_terminal_input(std_input) && !apply_tty_stdin)
292 return EXEC_INPUT_NULL;
294 if (std_input == EXEC_INPUT_SOCKET && socket_fd < 0)
295 return EXEC_INPUT_NULL;
300 static int fixup_output(ExecOutput std_output, int socket_fd) {
302 if (std_output == EXEC_OUTPUT_SOCKET && socket_fd < 0)
303 return EXEC_OUTPUT_INHERIT;
308 static int setup_input(const ExecContext *context, int socket_fd, bool apply_tty_stdin) {
313 i = fixup_input(context->std_input, socket_fd, apply_tty_stdin);
317 case EXEC_INPUT_NULL:
318 return open_null_as(O_RDONLY, STDIN_FILENO);
321 case EXEC_INPUT_TTY_FORCE:
322 case EXEC_INPUT_TTY_FAIL: {
325 fd = acquire_terminal(tty_path(context),
326 i == EXEC_INPUT_TTY_FAIL,
327 i == EXEC_INPUT_TTY_FORCE,
333 if (fd != STDIN_FILENO) {
334 r = dup2(fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;
335 close_nointr_nofail(fd);
342 case EXEC_INPUT_SOCKET:
343 return dup2(socket_fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;
346 assert_not_reached("Unknown input type");
350 static int setup_output(const ExecContext *context, int fileno, int socket_fd, const char *ident, const char *unit_id, bool apply_tty_stdin) {
358 i = fixup_input(context->std_input, socket_fd, apply_tty_stdin);
359 o = fixup_output(context->std_output, socket_fd);
361 if (fileno == STDERR_FILENO) {
363 e = fixup_output(context->std_error, socket_fd);
365 /* This expects the input and output are already set up */
367 /* Don't change the stderr file descriptor if we inherit all
368 * the way and are not on a tty */
369 if (e == EXEC_OUTPUT_INHERIT &&
370 o == EXEC_OUTPUT_INHERIT &&
371 i == EXEC_INPUT_NULL &&
372 !is_terminal_input(context->std_input) &&
376 /* Duplicate from stdout if possible */
377 if (e == o || e == EXEC_OUTPUT_INHERIT)
378 return dup2(STDOUT_FILENO, fileno) < 0 ? -errno : fileno;
382 } else if (o == EXEC_OUTPUT_INHERIT) {
383 /* If input got downgraded, inherit the original value */
384 if (i == EXEC_INPUT_NULL && is_terminal_input(context->std_input))
385 return open_terminal_as(tty_path(context), O_WRONLY, fileno);
387 /* If the input is connected to anything that's not a /dev/null, inherit that... */
388 if (i != EXEC_INPUT_NULL)
389 return dup2(STDIN_FILENO, fileno) < 0 ? -errno : fileno;
391 /* If we are not started from PID 1 we just inherit STDOUT from our parent process. */
395 /* We need to open /dev/null here anew, to get the right access mode. */
396 return open_null_as(O_WRONLY, fileno);
401 case EXEC_OUTPUT_NULL:
402 return open_null_as(O_WRONLY, fileno);
404 case EXEC_OUTPUT_TTY:
405 if (is_terminal_input(i))
406 return dup2(STDIN_FILENO, fileno) < 0 ? -errno : fileno;
408 /* We don't reset the terminal if this is just about output */
409 return open_terminal_as(tty_path(context), O_WRONLY, fileno);
411 case EXEC_OUTPUT_SYSLOG:
412 case EXEC_OUTPUT_SYSLOG_AND_CONSOLE:
413 case EXEC_OUTPUT_KMSG:
414 case EXEC_OUTPUT_KMSG_AND_CONSOLE:
415 case EXEC_OUTPUT_JOURNAL:
416 case EXEC_OUTPUT_JOURNAL_AND_CONSOLE:
417 r = connect_logger_as(context, o, ident, unit_id, fileno);
419 log_struct_unit(LOG_CRIT, unit_id,
420 "MESSAGE=Failed to connect std%s of %s to the journal socket: %s",
421 fileno == STDOUT_FILENO ? "out" : "err",
422 unit_id, strerror(-r),
425 r = open_null_as(O_WRONLY, fileno);
429 case EXEC_OUTPUT_SOCKET:
430 assert(socket_fd >= 0);
431 return dup2(socket_fd, fileno) < 0 ? -errno : fileno;
434 assert_not_reached("Unknown error type");
438 static int chown_terminal(int fd, uid_t uid) {
443 /* This might fail. What matters are the results. */
444 (void) fchown(fd, uid, -1);
445 (void) fchmod(fd, TTY_MODE);
447 if (fstat(fd, &st) < 0)
450 if (st.st_uid != uid || (st.st_mode & 0777) != TTY_MODE)
456 static int setup_confirm_stdio(int *_saved_stdin,
457 int *_saved_stdout) {
458 int fd = -1, saved_stdin, saved_stdout = -1, r;
460 assert(_saved_stdin);
461 assert(_saved_stdout);
463 saved_stdin = fcntl(STDIN_FILENO, F_DUPFD, 3);
467 saved_stdout = fcntl(STDOUT_FILENO, F_DUPFD, 3);
468 if (saved_stdout < 0) {
473 fd = acquire_terminal(
478 DEFAULT_CONFIRM_USEC);
484 r = chown_terminal(fd, getuid());
488 if (dup2(fd, STDIN_FILENO) < 0) {
493 if (dup2(fd, STDOUT_FILENO) < 0) {
499 close_nointr_nofail(fd);
501 *_saved_stdin = saved_stdin;
502 *_saved_stdout = saved_stdout;
507 if (saved_stdout >= 0)
508 close_nointr_nofail(saved_stdout);
510 if (saved_stdin >= 0)
511 close_nointr_nofail(saved_stdin);
514 close_nointr_nofail(fd);
519 _printf_(1, 2) static int write_confirm_message(const char *format, ...) {
525 fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
529 va_start(ap, format);
530 vdprintf(fd, format, ap);
533 close_nointr_nofail(fd);
538 static int restore_confirm_stdio(int *saved_stdin,
544 assert(saved_stdout);
548 if (*saved_stdin >= 0)
549 if (dup2(*saved_stdin, STDIN_FILENO) < 0)
552 if (*saved_stdout >= 0)
553 if (dup2(*saved_stdout, STDOUT_FILENO) < 0)
556 if (*saved_stdin >= 0)
557 close_nointr_nofail(*saved_stdin);
559 if (*saved_stdout >= 0)
560 close_nointr_nofail(*saved_stdout);
565 static int ask_for_confirmation(char *response, char **argv) {
566 int saved_stdout = -1, saved_stdin = -1, r;
569 r = setup_confirm_stdio(&saved_stdin, &saved_stdout);
573 line = exec_command_line(argv);
577 r = ask(response, "yns", "Execute %s? [Yes, No, Skip] ", line);
580 restore_confirm_stdio(&saved_stdin, &saved_stdout);
585 static int enforce_groups(const ExecContext *context, const char *username, gid_t gid) {
586 bool keep_groups = false;
591 /* Lookup and set GID and supplementary group list. Here too
592 * we avoid NSS lookups for gid=0. */
594 if (context->group || username) {
596 if (context->group) {
597 const char *g = context->group;
599 if ((r = get_group_creds(&g, &gid)) < 0)
603 /* First step, initialize groups from /etc/groups */
604 if (username && gid != 0) {
605 if (initgroups(username, gid) < 0)
611 /* Second step, set our gids */
612 if (setresgid(gid, gid, gid) < 0)
616 if (context->supplementary_groups) {
621 /* Final step, initialize any manually set supplementary groups */
622 assert_se((ngroups_max = (int) sysconf(_SC_NGROUPS_MAX)) > 0);
624 if (!(gids = new(gid_t, ngroups_max)))
628 if ((k = getgroups(ngroups_max, gids)) < 0) {
635 STRV_FOREACH(i, context->supplementary_groups) {
638 if (k >= ngroups_max) {
644 r = get_group_creds(&g, gids+k);
653 if (setgroups(k, gids) < 0) {
664 static int enforce_user(const ExecContext *context, uid_t uid) {
667 /* Sets (but doesn't lookup) the uid and make sure we keep the
668 * capabilities while doing so. */
670 if (context->capabilities) {
671 _cleanup_cap_free_ cap_t d = NULL;
672 static const cap_value_t bits[] = {
673 CAP_SETUID, /* Necessary so that we can run setresuid() below */
674 CAP_SETPCAP /* Necessary so that we can set PR_SET_SECUREBITS later on */
677 /* First step: If we need to keep capabilities but
678 * drop privileges we need to make sure we keep our
679 * caps, while we drop privileges. */
681 int sb = context->secure_bits | 1<<SECURE_KEEP_CAPS;
683 if (prctl(PR_GET_SECUREBITS) != sb)
684 if (prctl(PR_SET_SECUREBITS, sb) < 0)
688 /* Second step: set the capabilities. This will reduce
689 * the capabilities to the minimum we need. */
691 d = cap_dup(context->capabilities);
695 if (cap_set_flag(d, CAP_EFFECTIVE, ELEMENTSOF(bits), bits, CAP_SET) < 0 ||
696 cap_set_flag(d, CAP_PERMITTED, ELEMENTSOF(bits), bits, CAP_SET) < 0)
699 if (cap_set_proc(d) < 0)
703 /* Third step: actually set the uids */
704 if (setresuid(uid, uid, uid) < 0)
707 /* At this point we should have all necessary capabilities but
708 are otherwise a normal user. However, the caps might got
709 corrupted due to the setresuid() so we need clean them up
710 later. This is done outside of this call. */
717 static int null_conv(
719 const struct pam_message **msg,
720 struct pam_response **resp,
723 /* We don't support conversations */
728 static int setup_pam(
734 int fds[], unsigned n_fds) {
736 static const struct pam_conv conv = {
741 pam_handle_t *handle = NULL;
743 int pam_code = PAM_SUCCESS;
746 bool close_session = false;
747 pid_t pam_pid = 0, parent_pid;
754 /* We set up PAM in the parent process, then fork. The child
755 * will then stay around until killed via PR_GET_PDEATHSIG or
756 * systemd via the cgroup logic. It will then remove the PAM
757 * session again. The parent process will exec() the actual
758 * daemon. We do things this way to ensure that the main PID
759 * of the daemon is the one we initially fork()ed. */
761 if (log_get_max_level() < LOG_PRI(LOG_DEBUG))
764 pam_code = pam_start(name, user, &conv, &handle);
765 if (pam_code != PAM_SUCCESS) {
771 pam_code = pam_set_item(handle, PAM_TTY, tty);
772 if (pam_code != PAM_SUCCESS)
776 pam_code = pam_acct_mgmt(handle, flags);
777 if (pam_code != PAM_SUCCESS)
780 pam_code = pam_open_session(handle, flags);
781 if (pam_code != PAM_SUCCESS)
784 close_session = true;
786 e = pam_getenvlist(handle);
788 pam_code = PAM_BUF_ERR;
792 /* Block SIGTERM, so that we know that it won't get lost in
794 if (sigemptyset(&ss) < 0 ||
795 sigaddset(&ss, SIGTERM) < 0 ||
796 sigprocmask(SIG_BLOCK, &ss, &old_ss) < 0)
799 parent_pid = getpid();
809 /* The child's job is to reset the PAM session on
812 /* This string must fit in 10 chars (i.e. the length
813 * of "/sbin/init"), to look pretty in /bin/ps */
814 rename_process("(sd-pam)");
816 /* Make sure we don't keep open the passed fds in this
817 child. We assume that otherwise only those fds are
818 open here that have been opened by PAM. */
819 close_many(fds, n_fds);
821 /* Drop privileges - we don't need any to pam_close_session
822 * and this will make PR_SET_PDEATHSIG work in most cases.
823 * If this fails, ignore the error - but expect sd-pam threads
824 * to fail to exit normally */
825 if (setresuid(uid, uid, uid) < 0)
826 log_error("Error: Failed to setresuid() in sd-pam: %s", strerror(-r));
828 /* Wait until our parent died. This will only work if
829 * the above setresuid() succeeds, otherwise the kernel
830 * will not allow unprivileged parents kill their privileged
831 * children this way. We rely on the control groups kill logic
832 * to do the rest for us. */
833 if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
836 /* Check if our parent process might already have
838 if (getppid() == parent_pid) {
840 if (sigwait(&ss, &sig) < 0) {
847 assert(sig == SIGTERM);
852 /* If our parent died we'll end the session */
853 if (getppid() != parent_pid) {
854 pam_code = pam_close_session(handle, flags);
855 if (pam_code != PAM_SUCCESS)
862 pam_end(handle, pam_code | flags);
866 /* If the child was forked off successfully it will do all the
867 * cleanups, so forget about the handle here. */
870 /* Unblock SIGTERM again in the parent */
871 if (sigprocmask(SIG_SETMASK, &old_ss, NULL) < 0)
874 /* We close the log explicitly here, since the PAM modules
875 * might have opened it, but we don't want this fd around. */
884 if (pam_code != PAM_SUCCESS) {
885 log_error("PAM failed: %s", pam_strerror(handle, pam_code));
886 err = -EPERM; /* PAM errors do not map to errno */
888 log_error("PAM failed: %m");
894 pam_code = pam_close_session(handle, flags);
896 pam_end(handle, pam_code | flags);
904 kill(pam_pid, SIGTERM);
905 kill(pam_pid, SIGCONT);
912 static void rename_process_from_path(const char *path) {
913 char process_name[11];
917 /* This resulting string must fit in 10 chars (i.e. the length
918 * of "/sbin/init") to look pretty in /bin/ps */
922 rename_process("(...)");
928 /* The end of the process name is usually more
929 * interesting, since the first bit might just be
935 process_name[0] = '(';
936 memcpy(process_name+1, p, l);
937 process_name[1+l] = ')';
938 process_name[1+l+1] = 0;
940 rename_process(process_name);
945 static int apply_seccomp(ExecContext *c) {
946 uint32_t negative_action, action;
947 scmp_filter_ctx *seccomp;
954 negative_action = c->syscall_errno == 0 ? SCMP_ACT_KILL : SCMP_ACT_ERRNO(c->syscall_errno);
956 seccomp = seccomp_init(c->syscall_whitelist ? negative_action : SCMP_ACT_ALLOW);
960 SET_FOREACH(id, c->syscall_archs, i) {
961 r = seccomp_arch_add(seccomp, PTR_TO_UINT32(id) - 1);
965 seccomp_release(seccomp);
970 action = c->syscall_whitelist ? SCMP_ACT_ALLOW : negative_action;
971 SET_FOREACH(id, c->syscall_filter, i) {
972 r = seccomp_rule_add(seccomp, action, PTR_TO_INT(id) - 1, 0);
974 seccomp_release(seccomp);
979 r = seccomp_load(seccomp);
980 seccomp_release(seccomp);
986 static void do_idle_pipe_dance(int idle_pipe[4]) {
989 if (idle_pipe[1] >= 0)
990 close_nointr_nofail(idle_pipe[1]);
991 if (idle_pipe[2] >= 0)
992 close_nointr_nofail(idle_pipe[2]);
994 if (idle_pipe[0] >= 0) {
997 r = fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT_USEC);
999 if (idle_pipe[3] >= 0 && r == 0 /* timeout */) {
1000 /* Signal systemd that we are bored and want to continue. */
1001 write(idle_pipe[3], "x", 1);
1003 /* Wait for systemd to react to the signal above. */
1004 fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT2_USEC);
1007 close_nointr_nofail(idle_pipe[0]);
1011 if (idle_pipe[3] >= 0)
1012 close_nointr_nofail(idle_pipe[3]);
1015 static int build_environment(
1018 usec_t watchdog_usec,
1020 const char *username,
1024 _cleanup_strv_free_ char **our_env = NULL;
1031 our_env = new0(char*, 10);
1036 if (asprintf(&x, "LISTEN_PID="PID_FMT, getpid()) < 0)
1038 our_env[n_env++] = x;
1040 if (asprintf(&x, "LISTEN_FDS=%u", n_fds) < 0)
1042 our_env[n_env++] = x;
1045 if (watchdog_usec > 0) {
1046 if (asprintf(&x, "WATCHDOG_PID="PID_FMT, getpid()) < 0)
1048 our_env[n_env++] = x;
1050 if (asprintf(&x, "WATCHDOG_USEC=%llu", (unsigned long long) watchdog_usec) < 0)
1052 our_env[n_env++] = x;
1056 x = strappend("HOME=", home);
1059 our_env[n_env++] = x;
1063 x = strappend("LOGNAME=", username);
1066 our_env[n_env++] = x;
1068 x = strappend("USER=", username);
1071 our_env[n_env++] = x;
1075 x = strappend("SHELL=", shell);
1078 our_env[n_env++] = x;
1081 if (is_terminal_input(c->std_input) ||
1082 c->std_output == EXEC_OUTPUT_TTY ||
1083 c->std_error == EXEC_OUTPUT_TTY ||
1086 x = strdup(default_term_for_tty(tty_path(c)));
1089 our_env[n_env++] = x;
1092 our_env[n_env++] = NULL;
1093 assert(n_env <= 10);
1101 int exec_spawn(ExecCommand *command,
1103 ExecContext *context,
1104 int fds[], unsigned n_fds,
1106 bool apply_permissions,
1108 bool apply_tty_stdin,
1110 CGroupControllerMask cgroup_supported,
1111 const char *cgroup_path,
1112 const char *unit_id,
1113 usec_t watchdog_usec,
1115 ExecRuntime *runtime,
1118 _cleanup_strv_free_ char **files_env = NULL;
1127 assert(fds || n_fds <= 0);
1129 if (context->std_input == EXEC_INPUT_SOCKET ||
1130 context->std_output == EXEC_OUTPUT_SOCKET ||
1131 context->std_error == EXEC_OUTPUT_SOCKET) {
1143 r = exec_context_load_environment(context, &files_env);
1145 log_struct_unit(LOG_ERR,
1147 "MESSAGE=Failed to load environment files: %s", strerror(-r),
1154 argv = command->argv;
1156 line = exec_command_line(argv);
1160 log_struct_unit(LOG_DEBUG,
1162 "EXECUTABLE=%s", command->path,
1163 "MESSAGE=About to execute: %s", line,
1172 _cleanup_strv_free_ char **our_env = NULL, **pam_env = NULL, **final_env = NULL, **final_argv = NULL;
1173 const char *username = NULL, *home = NULL, *shell = NULL;
1174 unsigned n_dont_close = 0;
1175 int dont_close[n_fds + 3];
1176 uid_t uid = (uid_t) -1;
1177 gid_t gid = (gid_t) -1;
1183 rename_process_from_path(command->path);
1185 /* We reset exactly these signals, since they are the
1186 * only ones we set to SIG_IGN in the main daemon. All
1187 * others we leave untouched because we set them to
1188 * SIG_DFL or a valid handler initially, both of which
1189 * will be demoted to SIG_DFL. */
1190 default_signals(SIGNALS_CRASH_HANDLER,
1191 SIGNALS_IGNORE, -1);
1193 if (context->ignore_sigpipe)
1194 ignore_signals(SIGPIPE, -1);
1196 assert_se(sigemptyset(&ss) == 0);
1197 if (sigprocmask(SIG_SETMASK, &ss, NULL) < 0) {
1199 r = EXIT_SIGNAL_MASK;
1204 do_idle_pipe_dance(idle_pipe);
1206 /* Close sockets very early to make sure we don't
1207 * block init reexecution because it cannot bind its
1212 dont_close[n_dont_close++] = socket_fd;
1214 memcpy(dont_close + n_dont_close, fds, sizeof(int) * n_fds);
1215 n_dont_close += n_fds;
1218 if (runtime->netns_storage_socket[0] >= 0)
1219 dont_close[n_dont_close++] = runtime->netns_storage_socket[0];
1220 if (runtime->netns_storage_socket[1] >= 0)
1221 dont_close[n_dont_close++] = runtime->netns_storage_socket[1];
1224 err = close_all_fds(dont_close, n_dont_close);
1230 if (!context->same_pgrp)
1237 if (context->tcpwrap_name) {
1239 if (!socket_tcpwrap(socket_fd, context->tcpwrap_name)) {
1245 for (i = 0; i < (int) n_fds; i++) {
1246 if (!socket_tcpwrap(fds[i], context->tcpwrap_name)) {
1254 exec_context_tty_reset(context);
1256 if (confirm_spawn) {
1259 err = ask_for_confirmation(&response, argv);
1260 if (err == -ETIMEDOUT)
1261 write_confirm_message("Confirmation question timed out, assuming positive response.\n");
1263 write_confirm_message("Couldn't ask confirmation question, assuming positive response: %s\n", strerror(-err));
1264 else if (response == 's') {
1265 write_confirm_message("Skipping execution.\n");
1269 } else if (response == 'n') {
1270 write_confirm_message("Failing execution.\n");
1276 /* If a socket is connected to STDIN/STDOUT/STDERR, we
1277 * must sure to drop O_NONBLOCK */
1279 fd_nonblock(socket_fd, false);
1281 err = setup_input(context, socket_fd, apply_tty_stdin);
1287 err = setup_output(context, STDOUT_FILENO, socket_fd, basename(command->path), unit_id, apply_tty_stdin);
1293 err = setup_output(context, STDERR_FILENO, socket_fd, basename(command->path), unit_id, apply_tty_stdin);
1300 err = cg_attach_everywhere(cgroup_supported, cgroup_path, 0);
1307 if (context->oom_score_adjust_set) {
1310 snprintf(t, sizeof(t), "%i", context->oom_score_adjust);
1313 if (write_string_file("/proc/self/oom_score_adj", t) < 0) {
1315 r = EXIT_OOM_ADJUST;
1320 if (context->nice_set)
1321 if (setpriority(PRIO_PROCESS, 0, context->nice) < 0) {
1327 if (context->cpu_sched_set) {
1328 struct sched_param param = {
1329 .sched_priority = context->cpu_sched_priority,
1332 r = sched_setscheduler(0,
1333 context->cpu_sched_policy |
1334 (context->cpu_sched_reset_on_fork ?
1335 SCHED_RESET_ON_FORK : 0),
1339 r = EXIT_SETSCHEDULER;
1344 if (context->cpuset)
1345 if (sched_setaffinity(0, CPU_ALLOC_SIZE(context->cpuset_ncpus), context->cpuset) < 0) {
1347 r = EXIT_CPUAFFINITY;
1351 if (context->ioprio_set)
1352 if (ioprio_set(IOPRIO_WHO_PROCESS, 0, context->ioprio) < 0) {
1358 if (context->timer_slack_nsec != (nsec_t) -1)
1359 if (prctl(PR_SET_TIMERSLACK, context->timer_slack_nsec) < 0) {
1361 r = EXIT_TIMERSLACK;
1365 if (context->utmp_id)
1366 utmp_put_init_process(context->utmp_id, getpid(), getsid(0), context->tty_path);
1368 if (context->user) {
1369 username = context->user;
1370 err = get_user_creds(&username, &uid, &gid, &home, &shell);
1376 if (is_terminal_input(context->std_input)) {
1377 err = chown_terminal(STDIN_FILENO, uid);
1386 if (cgroup_path && context->user && context->pam_name) {
1387 err = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0644, uid, gid);
1394 err = cg_set_group_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0755, uid, gid);
1402 if (apply_permissions) {
1403 err = enforce_groups(context, username, gid);
1410 umask(context->umask);
1413 if (apply_permissions && context->pam_name && username) {
1414 err = setup_pam(context->pam_name, username, uid, context->tty_path, &pam_env, fds, n_fds);
1421 if (context->private_network && runtime && runtime->netns_storage_socket[0] >= 0) {
1422 err = setup_netns(runtime->netns_storage_socket);
1429 if (!strv_isempty(context->read_write_dirs) ||
1430 !strv_isempty(context->read_only_dirs) ||
1431 !strv_isempty(context->inaccessible_dirs) ||
1432 context->mount_flags != 0 ||
1433 (context->private_tmp && runtime && (runtime->tmp_dir || runtime->var_tmp_dir)) ||
1434 context->private_devices) {
1436 char *tmp = NULL, *var = NULL;
1438 /* The runtime struct only contains the parent
1439 * of the private /tmp, which is
1440 * non-accessible to world users. Inside of it
1441 * there's a /tmp that is sticky, and that's
1442 * the one we want to use here. */
1444 if (context->private_tmp && runtime) {
1445 if (runtime->tmp_dir)
1446 tmp = strappenda(runtime->tmp_dir, "/tmp");
1447 if (runtime->var_tmp_dir)
1448 var = strappenda(runtime->var_tmp_dir, "/tmp");
1451 err = setup_namespace(
1452 context->read_write_dirs,
1453 context->read_only_dirs,
1454 context->inaccessible_dirs,
1457 context->private_devices,
1458 context->mount_flags);
1467 if (context->root_directory)
1468 if (chroot(context->root_directory) < 0) {
1474 if (chdir(context->working_directory ? context->working_directory : "/") < 0) {
1480 _cleanup_free_ char *d = NULL;
1482 if (asprintf(&d, "%s/%s",
1483 context->root_directory ? context->root_directory : "",
1484 context->working_directory ? context->working_directory : "") < 0) {
1497 /* We repeat the fd closing here, to make sure that
1498 * nothing is leaked from the PAM modules */
1499 err = close_all_fds(fds, n_fds);
1501 err = shift_fds(fds, n_fds);
1503 err = flags_fds(fds, n_fds, context->non_blocking);
1509 if (apply_permissions) {
1511 for (i = 0; i < RLIMIT_NLIMITS; i++) {
1512 if (!context->rlimit[i])
1515 if (setrlimit_closest(i, context->rlimit[i]) < 0) {
1522 if (context->capability_bounding_set_drop) {
1523 err = capability_bounding_set_drop(context->capability_bounding_set_drop, false);
1525 r = EXIT_CAPABILITIES;
1530 if (context->user) {
1531 err = enforce_user(context, uid);
1538 /* PR_GET_SECUREBITS is not privileged, while
1539 * PR_SET_SECUREBITS is. So to suppress
1540 * potential EPERMs we'll try not to call
1541 * PR_SET_SECUREBITS unless necessary. */
1542 if (prctl(PR_GET_SECUREBITS) != context->secure_bits)
1543 if (prctl(PR_SET_SECUREBITS, context->secure_bits) < 0) {
1545 r = EXIT_SECUREBITS;
1549 if (context->capabilities)
1550 if (cap_set_proc(context->capabilities) < 0) {
1552 r = EXIT_CAPABILITIES;
1556 if (context->no_new_privileges)
1557 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
1559 r = EXIT_NO_NEW_PRIVILEGES;
1564 if (context->syscall_filter || context->syscall_archs) {
1565 err = apply_seccomp(context);
1574 if (context->selinux_context && use_selinux()) {
1575 err = setexeccon(context->selinux_context);
1576 if (err < 0 && !context->selinux_context_ignore) {
1577 r = EXIT_SELINUX_CONTEXT;
1584 err = build_environment(context, n_fds, watchdog_usec, home, username, shell, &our_env);
1590 final_env = strv_env_merge(5,
1593 context->environment,
1603 final_argv = replace_env_argv(argv, final_env);
1610 final_env = strv_env_clean(final_env);
1612 if (_unlikely_(log_get_max_level() >= LOG_PRI(LOG_DEBUG))) {
1613 line = exec_command_line(final_argv);
1616 log_struct_unit(LOG_DEBUG,
1618 "EXECUTABLE=%s", command->path,
1619 "MESSAGE=Executing: %s", line,
1626 execve(command->path, final_argv, final_env);
1633 log_struct(LOG_ERR, MESSAGE_ID(SD_MESSAGE_SPAWN_FAILED),
1634 "EXECUTABLE=%s", command->path,
1635 "MESSAGE=Failed at step %s spawning %s: %s",
1636 exit_status_to_string(r, EXIT_STATUS_SYSTEMD),
1637 command->path, strerror(-err),
1646 log_struct_unit(LOG_DEBUG,
1648 "MESSAGE=Forked %s as "PID_FMT,
1652 /* We add the new process to the cgroup both in the child (so
1653 * that we can be sure that no user code is ever executed
1654 * outside of the cgroup) and in the parent (so that we can be
1655 * sure that when we kill the cgroup the process will be
1658 cg_attach(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, pid);
1660 exec_status_start(&command->exec_status, pid);
1666 void exec_context_init(ExecContext *c) {
1670 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
1671 c->cpu_sched_policy = SCHED_OTHER;
1672 c->syslog_priority = LOG_DAEMON|LOG_INFO;
1673 c->syslog_level_prefix = true;
1674 c->ignore_sigpipe = true;
1675 c->timer_slack_nsec = (nsec_t) -1;
1678 void exec_context_done(ExecContext *c) {
1683 strv_free(c->environment);
1684 c->environment = NULL;
1686 strv_free(c->environment_files);
1687 c->environment_files = NULL;
1689 for (l = 0; l < ELEMENTSOF(c->rlimit); l++) {
1691 c->rlimit[l] = NULL;
1694 free(c->working_directory);
1695 c->working_directory = NULL;
1696 free(c->root_directory);
1697 c->root_directory = NULL;
1702 free(c->tcpwrap_name);
1703 c->tcpwrap_name = NULL;
1705 free(c->syslog_identifier);
1706 c->syslog_identifier = NULL;
1714 strv_free(c->supplementary_groups);
1715 c->supplementary_groups = NULL;
1720 if (c->capabilities) {
1721 cap_free(c->capabilities);
1722 c->capabilities = NULL;
1725 strv_free(c->read_only_dirs);
1726 c->read_only_dirs = NULL;
1728 strv_free(c->read_write_dirs);
1729 c->read_write_dirs = NULL;
1731 strv_free(c->inaccessible_dirs);
1732 c->inaccessible_dirs = NULL;
1735 CPU_FREE(c->cpuset);
1740 free(c->selinux_context);
1741 c->selinux_context = NULL;
1744 set_free(c->syscall_filter);
1745 c->syscall_filter = NULL;
1747 set_free(c->syscall_archs);
1748 c->syscall_archs = NULL;
1752 void exec_command_done(ExecCommand *c) {
1762 void exec_command_done_array(ExecCommand *c, unsigned n) {
1765 for (i = 0; i < n; i++)
1766 exec_command_done(c+i);
1769 void exec_command_free_list(ExecCommand *c) {
1773 LIST_REMOVE(command, c, i);
1774 exec_command_done(i);
1779 void exec_command_free_array(ExecCommand **c, unsigned n) {
1782 for (i = 0; i < n; i++) {
1783 exec_command_free_list(c[i]);
1788 int exec_context_load_environment(const ExecContext *c, char ***l) {
1789 char **i, **r = NULL;
1794 STRV_FOREACH(i, c->environment_files) {
1797 bool ignore = false;
1799 _cleanup_globfree_ glob_t pglob = {};
1809 if (!path_is_absolute(fn)) {
1817 /* Filename supports globbing, take all matching files */
1819 if (glob(fn, 0, NULL, &pglob) != 0) {
1824 return errno ? -errno : -EINVAL;
1826 count = pglob.gl_pathc;
1834 for (n = 0; n < count; n++) {
1835 k = load_env_file(pglob.gl_pathv[n], NULL, &p);
1843 /* Log invalid environment variables with filename */
1845 p = strv_env_clean_log(p, pglob.gl_pathv[n]);
1852 m = strv_env_merge(2, r, p);
1868 static bool tty_may_match_dev_console(const char *tty) {
1869 char *active = NULL, *console;
1872 if (startswith(tty, "/dev/"))
1875 /* trivial identity? */
1876 if (streq(tty, "console"))
1879 console = resolve_dev_console(&active);
1880 /* if we could not resolve, assume it may */
1884 /* "tty0" means the active VC, so it may be the same sometimes */
1885 b = streq(console, tty) || (streq(console, "tty0") && tty_is_vc(tty));
1891 bool exec_context_may_touch_console(ExecContext *ec) {
1892 return (ec->tty_reset || ec->tty_vhangup || ec->tty_vt_disallocate ||
1893 is_terminal_input(ec->std_input) ||
1894 is_terminal_output(ec->std_output) ||
1895 is_terminal_output(ec->std_error)) &&
1896 tty_may_match_dev_console(tty_path(ec));
1899 static void strv_fprintf(FILE *f, char **l) {
1905 fprintf(f, " %s", *g);
1908 void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
1915 prefix = strempty(prefix);
1919 "%sWorkingDirectory: %s\n"
1920 "%sRootDirectory: %s\n"
1921 "%sNonBlocking: %s\n"
1922 "%sPrivateTmp: %s\n"
1923 "%sPrivateNetwork: %s\n"
1924 "%sPrivateDevices: %s\n"
1925 "%sIgnoreSIGPIPE: %s\n",
1927 prefix, c->working_directory ? c->working_directory : "/",
1928 prefix, c->root_directory ? c->root_directory : "/",
1929 prefix, yes_no(c->non_blocking),
1930 prefix, yes_no(c->private_tmp),
1931 prefix, yes_no(c->private_network),
1932 prefix, yes_no(c->private_devices),
1933 prefix, yes_no(c->ignore_sigpipe));
1935 STRV_FOREACH(e, c->environment)
1936 fprintf(f, "%sEnvironment: %s\n", prefix, *e);
1938 STRV_FOREACH(e, c->environment_files)
1939 fprintf(f, "%sEnvironmentFile: %s\n", prefix, *e);
1941 if (c->tcpwrap_name)
1943 "%sTCPWrapName: %s\n",
1944 prefix, c->tcpwrap_name);
1951 if (c->oom_score_adjust_set)
1953 "%sOOMScoreAdjust: %i\n",
1954 prefix, c->oom_score_adjust);
1956 for (i = 0; i < RLIM_NLIMITS; i++)
1958 fprintf(f, "%s%s: %llu\n", prefix, rlimit_to_string(i), (unsigned long long) c->rlimit[i]->rlim_max);
1960 if (c->ioprio_set) {
1964 r = ioprio_class_to_string_alloc(IOPRIO_PRIO_CLASS(c->ioprio), &class_str);
1968 "%sIOSchedulingClass: %s\n"
1969 "%sIOPriority: %i\n",
1970 prefix, strna(class_str),
1971 prefix, (int) IOPRIO_PRIO_DATA(c->ioprio));
1975 if (c->cpu_sched_set) {
1979 r = sched_policy_to_string_alloc(c->cpu_sched_policy, &policy_str);
1983 "%sCPUSchedulingPolicy: %s\n"
1984 "%sCPUSchedulingPriority: %i\n"
1985 "%sCPUSchedulingResetOnFork: %s\n",
1986 prefix, strna(policy_str),
1987 prefix, c->cpu_sched_priority,
1988 prefix, yes_no(c->cpu_sched_reset_on_fork));
1993 fprintf(f, "%sCPUAffinity:", prefix);
1994 for (i = 0; i < c->cpuset_ncpus; i++)
1995 if (CPU_ISSET_S(i, CPU_ALLOC_SIZE(c->cpuset_ncpus), c->cpuset))
1996 fprintf(f, " %u", i);
2000 if (c->timer_slack_nsec != (nsec_t) -1)
2001 fprintf(f, "%sTimerSlackNSec: "NSEC_FMT "\n", prefix, c->timer_slack_nsec);
2004 "%sStandardInput: %s\n"
2005 "%sStandardOutput: %s\n"
2006 "%sStandardError: %s\n",
2007 prefix, exec_input_to_string(c->std_input),
2008 prefix, exec_output_to_string(c->std_output),
2009 prefix, exec_output_to_string(c->std_error));
2015 "%sTTYVHangup: %s\n"
2016 "%sTTYVTDisallocate: %s\n",
2017 prefix, c->tty_path,
2018 prefix, yes_no(c->tty_reset),
2019 prefix, yes_no(c->tty_vhangup),
2020 prefix, yes_no(c->tty_vt_disallocate));
2022 if (c->std_output == EXEC_OUTPUT_SYSLOG ||
2023 c->std_output == EXEC_OUTPUT_KMSG ||
2024 c->std_output == EXEC_OUTPUT_JOURNAL ||
2025 c->std_output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE ||
2026 c->std_output == EXEC_OUTPUT_KMSG_AND_CONSOLE ||
2027 c->std_output == EXEC_OUTPUT_JOURNAL_AND_CONSOLE ||
2028 c->std_error == EXEC_OUTPUT_SYSLOG ||
2029 c->std_error == EXEC_OUTPUT_KMSG ||
2030 c->std_error == EXEC_OUTPUT_JOURNAL ||
2031 c->std_error == EXEC_OUTPUT_SYSLOG_AND_CONSOLE ||
2032 c->std_error == EXEC_OUTPUT_KMSG_AND_CONSOLE ||
2033 c->std_error == EXEC_OUTPUT_JOURNAL_AND_CONSOLE) {
2035 _cleanup_free_ char *fac_str = NULL, *lvl_str = NULL;
2037 log_facility_unshifted_to_string_alloc(c->syslog_priority >> 3, &fac_str);
2038 log_level_to_string_alloc(LOG_PRI(c->syslog_priority), &lvl_str);
2041 "%sSyslogFacility: %s\n"
2042 "%sSyslogLevel: %s\n",
2043 prefix, strna(fac_str),
2044 prefix, strna(lvl_str));
2047 if (c->capabilities) {
2048 _cleanup_cap_free_charp_ char *t;
2050 t = cap_to_text(c->capabilities, NULL);
2052 fprintf(f, "%sCapabilities: %s\n", prefix, t);
2056 fprintf(f, "%sSecure Bits:%s%s%s%s%s%s\n",
2058 (c->secure_bits & 1<<SECURE_KEEP_CAPS) ? " keep-caps" : "",
2059 (c->secure_bits & 1<<SECURE_KEEP_CAPS_LOCKED) ? " keep-caps-locked" : "",
2060 (c->secure_bits & 1<<SECURE_NO_SETUID_FIXUP) ? " no-setuid-fixup" : "",
2061 (c->secure_bits & 1<<SECURE_NO_SETUID_FIXUP_LOCKED) ? " no-setuid-fixup-locked" : "",
2062 (c->secure_bits & 1<<SECURE_NOROOT) ? " noroot" : "",
2063 (c->secure_bits & 1<<SECURE_NOROOT_LOCKED) ? "noroot-locked" : "");
2065 if (c->capability_bounding_set_drop) {
2067 fprintf(f, "%sCapabilityBoundingSet:", prefix);
2069 for (l = 0; l <= cap_last_cap(); l++)
2070 if (!(c->capability_bounding_set_drop & ((uint64_t) 1ULL << (uint64_t) l))) {
2071 _cleanup_cap_free_charp_ char *t;
2075 fprintf(f, " %s", t);
2082 fprintf(f, "%sUser: %s\n", prefix, c->user);
2084 fprintf(f, "%sGroup: %s\n", prefix, c->group);
2086 if (strv_length(c->supplementary_groups) > 0) {
2087 fprintf(f, "%sSupplementaryGroups:", prefix);
2088 strv_fprintf(f, c->supplementary_groups);
2093 fprintf(f, "%sPAMName: %s\n", prefix, c->pam_name);
2095 if (strv_length(c->read_write_dirs) > 0) {
2096 fprintf(f, "%sReadWriteDirs:", prefix);
2097 strv_fprintf(f, c->read_write_dirs);
2101 if (strv_length(c->read_only_dirs) > 0) {
2102 fprintf(f, "%sReadOnlyDirs:", prefix);
2103 strv_fprintf(f, c->read_only_dirs);
2107 if (strv_length(c->inaccessible_dirs) > 0) {
2108 fprintf(f, "%sInaccessibleDirs:", prefix);
2109 strv_fprintf(f, c->inaccessible_dirs);
2115 "%sUtmpIdentifier: %s\n",
2116 prefix, c->utmp_id);
2118 if (c->selinux_context)
2120 "%sSELinuxContext: %s%s\n",
2121 prefix, c->selinux_context_ignore ? "-" : "", c->selinux_context);
2123 if (c->syscall_filter) {
2131 "%sSystemCallFilter: ",
2134 if (!c->syscall_whitelist)
2138 SET_FOREACH(id, c->syscall_filter, j) {
2139 _cleanup_free_ char *name = NULL;
2146 name = seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE, PTR_TO_INT(id) - 1);
2147 fputs(strna(name), f);
2154 if (c->syscall_archs) {
2161 "%sSystemCallArchitectures:",
2165 SET_FOREACH(id, c->syscall_archs, j)
2166 fprintf(f, " %s", strna(seccomp_arch_to_string(PTR_TO_UINT32(id) - 1)));
2171 if (c->syscall_errno != 0)
2173 "%sSystemCallErrorNumber: %s\n",
2174 prefix, strna(errno_to_name(c->syscall_errno)));
2177 void exec_status_start(ExecStatus *s, pid_t pid) {
2182 dual_timestamp_get(&s->start_timestamp);
2185 void exec_status_exit(ExecStatus *s, ExecContext *context, pid_t pid, int code, int status) {
2188 if (s->pid && s->pid != pid)
2192 dual_timestamp_get(&s->exit_timestamp);
2198 if (context->utmp_id)
2199 utmp_put_dead_process(context->utmp_id, pid, code, status);
2201 exec_context_tty_reset(context);
2205 void exec_status_dump(ExecStatus *s, FILE *f, const char *prefix) {
2206 char buf[FORMAT_TIMESTAMP_MAX];
2218 "%sPID: "PID_FMT"\n",
2221 if (s->start_timestamp.realtime > 0)
2223 "%sStart Timestamp: %s\n",
2224 prefix, format_timestamp(buf, sizeof(buf), s->start_timestamp.realtime));
2226 if (s->exit_timestamp.realtime > 0)
2228 "%sExit Timestamp: %s\n"
2230 "%sExit Status: %i\n",
2231 prefix, format_timestamp(buf, sizeof(buf), s->exit_timestamp.realtime),
2232 prefix, sigchld_code_to_string(s->code),
2236 char *exec_command_line(char **argv) {
2244 STRV_FOREACH(a, argv)
2247 if (!(n = new(char, k)))
2251 STRV_FOREACH(a, argv) {
2258 if (strpbrk(*a, WHITESPACE)) {
2269 /* FIXME: this doesn't really handle arguments that have
2270 * spaces and ticks in them */
2275 void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix) {
2277 const char *prefix2;
2286 p2 = strappend(prefix, "\t");
2287 prefix2 = p2 ? p2 : prefix;
2289 cmd = exec_command_line(c->argv);
2292 "%sCommand Line: %s\n",
2293 prefix, cmd ? cmd : strerror(ENOMEM));
2297 exec_status_dump(&c->exec_status, f, prefix2);
2302 void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix) {
2308 LIST_FOREACH(command, c, c)
2309 exec_command_dump(c, f, prefix);
2312 void exec_command_append_list(ExecCommand **l, ExecCommand *e) {
2319 /* It's kind of important, that we keep the order here */
2320 LIST_FIND_TAIL(command, *l, end);
2321 LIST_INSERT_AFTER(command, *l, end, e);
2326 int exec_command_set(ExecCommand *c, const char *path, ...) {
2334 l = strv_new_ap(path, ap);
2355 static int exec_runtime_allocate(ExecRuntime **rt) {
2360 *rt = new0(ExecRuntime, 1);
2365 (*rt)->netns_storage_socket[0] = (*rt)->netns_storage_socket[1] = -1;
2370 int exec_runtime_make(ExecRuntime **rt, ExecContext *c, const char *id) {
2380 if (!c->private_network && !c->private_tmp)
2383 r = exec_runtime_allocate(rt);
2387 if (c->private_network && (*rt)->netns_storage_socket[0] < 0) {
2388 if (socketpair(AF_UNIX, SOCK_DGRAM, 0, (*rt)->netns_storage_socket) < 0)
2392 if (c->private_tmp && !(*rt)->tmp_dir) {
2393 r = setup_tmp_dirs(id, &(*rt)->tmp_dir, &(*rt)->var_tmp_dir);
2401 ExecRuntime *exec_runtime_ref(ExecRuntime *r) {
2403 assert(r->n_ref > 0);
2409 ExecRuntime *exec_runtime_unref(ExecRuntime *r) {
2414 assert(r->n_ref > 0);
2417 if (r->n_ref <= 0) {
2419 free(r->var_tmp_dir);
2420 close_pipe(r->netns_storage_socket);
2427 int exec_runtime_serialize(ExecRuntime *rt, Unit *u, FILE *f, FDSet *fds) {
2436 unit_serialize_item(u, f, "tmp-dir", rt->tmp_dir);
2438 if (rt->var_tmp_dir)
2439 unit_serialize_item(u, f, "var-tmp-dir", rt->var_tmp_dir);
2441 if (rt->netns_storage_socket[0] >= 0) {
2444 copy = fdset_put_dup(fds, rt->netns_storage_socket[0]);
2448 unit_serialize_item_format(u, f, "netns-socket-0", "%i", copy);
2451 if (rt->netns_storage_socket[1] >= 0) {
2454 copy = fdset_put_dup(fds, rt->netns_storage_socket[1]);
2458 unit_serialize_item_format(u, f, "netns-socket-1", "%i", copy);
2464 int exec_runtime_deserialize_item(ExecRuntime **rt, Unit *u, const char *key, const char *value, FDSet *fds) {
2471 if (streq(key, "tmp-dir")) {
2474 r = exec_runtime_allocate(rt);
2478 copy = strdup(value);
2482 free((*rt)->tmp_dir);
2483 (*rt)->tmp_dir = copy;
2485 } else if (streq(key, "var-tmp-dir")) {
2488 r = exec_runtime_allocate(rt);
2492 copy = strdup(value);
2496 free((*rt)->var_tmp_dir);
2497 (*rt)->var_tmp_dir = copy;
2499 } else if (streq(key, "netns-socket-0")) {
2502 r = exec_runtime_allocate(rt);
2506 if (safe_atoi(value, &fd) < 0 || !fdset_contains(fds, fd))
2507 log_debug_unit(u->id, "Failed to parse netns socket value %s", value);
2509 if ((*rt)->netns_storage_socket[0] >= 0)
2510 close_nointr_nofail((*rt)->netns_storage_socket[0]);
2512 (*rt)->netns_storage_socket[0] = fdset_remove(fds, fd);
2514 } else if (streq(key, "netns-socket-1")) {
2517 r = exec_runtime_allocate(rt);
2521 if (safe_atoi(value, &fd) < 0 || !fdset_contains(fds, fd))
2522 log_debug_unit(u->id, "Failed to parse netns socket value %s", value);
2524 if ((*rt)->netns_storage_socket[1] >= 0)
2525 close_nointr_nofail((*rt)->netns_storage_socket[1]);
2527 (*rt)->netns_storage_socket[1] = fdset_remove(fds, fd);
2535 static void *remove_tmpdir_thread(void *p) {
2536 _cleanup_free_ char *path = p;
2538 rm_rf_dangerous(path, false, true, false);
2542 void exec_runtime_destroy(ExecRuntime *rt) {
2546 /* If there are multiple users of this, let's leave the stuff around */
2551 log_debug("Spawning thread to nuke %s", rt->tmp_dir);
2552 asynchronous_job(remove_tmpdir_thread, rt->tmp_dir);
2556 if (rt->var_tmp_dir) {
2557 log_debug("Spawning thread to nuke %s", rt->var_tmp_dir);
2558 asynchronous_job(remove_tmpdir_thread, rt->var_tmp_dir);
2559 rt->var_tmp_dir = NULL;
2562 close_pipe(rt->netns_storage_socket);
2565 static const char* const exec_input_table[_EXEC_INPUT_MAX] = {
2566 [EXEC_INPUT_NULL] = "null",
2567 [EXEC_INPUT_TTY] = "tty",
2568 [EXEC_INPUT_TTY_FORCE] = "tty-force",
2569 [EXEC_INPUT_TTY_FAIL] = "tty-fail",
2570 [EXEC_INPUT_SOCKET] = "socket"
2573 DEFINE_STRING_TABLE_LOOKUP(exec_input, ExecInput);
2575 static const char* const exec_output_table[_EXEC_OUTPUT_MAX] = {
2576 [EXEC_OUTPUT_INHERIT] = "inherit",
2577 [EXEC_OUTPUT_NULL] = "null",
2578 [EXEC_OUTPUT_TTY] = "tty",
2579 [EXEC_OUTPUT_SYSLOG] = "syslog",
2580 [EXEC_OUTPUT_SYSLOG_AND_CONSOLE] = "syslog+console",
2581 [EXEC_OUTPUT_KMSG] = "kmsg",
2582 [EXEC_OUTPUT_KMSG_AND_CONSOLE] = "kmsg+console",
2583 [EXEC_OUTPUT_JOURNAL] = "journal",
2584 [EXEC_OUTPUT_JOURNAL_AND_CONSOLE] = "journal+console",
2585 [EXEC_OUTPUT_SOCKET] = "socket"
2588 DEFINE_STRING_TABLE_LOOKUP(exec_output, ExecOutput);
~ianmdlvl / elogind.git / blob