X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fcore%2Fmain.c;h=aa28cc66517d8a9d59580991d9c85323423a0aec;hp=a2b0a39fd536fb271fcf35813835ea0a6bc4b6f6;hb=7f602784de4fd378120e8ebfe6d830862b9cae03;hpb=0c4025d14201a46a1ce09ef5e266f8f81c47b22f diff --git a/src/core/main.c b/src/core/main.c index a2b0a39fd..aa28cc665 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -66,6 +66,8 @@ #include "locale-setup.h" #include "selinux-setup.h" #include "ima-setup.h" +#include "fileio.h" +#include "smack-setup.h" static enum { ACTION_RUN, @@ -114,7 +116,8 @@ _noreturn_ static void crash(int sig) { sa.sa_flags = SA_NOCLDSTOP|SA_RESTART; assert_se(sigaction(SIGCHLD, &sa, NULL) == 0); - if ((pid = fork()) < 0) + pid = fork(); + if (pid < 0) log_error("Caught <%s>, cannot fork for core dump: %s", signal_to_string(sig), strerror(errno)); else if (pid == 0) { @@ -145,7 +148,8 @@ _noreturn_ static void crash(int sig) { int r; /* Order things nicely. */ - if ((r = wait_for_terminate(pid, &status)) < 0) + r = wait_for_terminate(pid, &status); + if (r < 0) log_error("Caught <%s>, waitpid() failed: %s", signal_to_string(sig), strerror(-r)); else if (status.si_code != CLD_DUMPED) log_error("Caught <%s>, core dump failed.", signal_to_string(sig)); @@ -374,26 +378,37 @@ static int parse_proc_cmdline_word(const char *word) { } else if (startswith(word, "systemd.") || (in_initrd() && startswith(word, "rd.systemd."))) { - log_warning("Unknown kernel switch %s. Ignoring.", word); - - log_info("Supported kernel switches:\n" - "systemd.unit=UNIT Default unit to start\n" - "rd.systemd.unit=UNIT Default unit to start when run in initrd\n" - "systemd.dump_core=0|1 Dump core on crash\n" - "systemd.crash_shell=0|1 Run shell on crash\n" - "systemd.crash_chvt=N Change to VT #N on crash\n" - "systemd.confirm_spawn=0|1 Confirm every process spawn\n" - "systemd.show_status=0|1 Show status updates on the console during bootup\n" - "systemd.log_target=console|kmsg|journal|journal-or-kmsg|syslog|syslog-or-kmsg|null\n" - " Log target\n" - "systemd.log_level=LEVEL Log level\n" - "systemd.log_color=0|1 Highlight important log messages\n" - "systemd.log_location=0|1 Include code location in log messages\n" - "systemd.default_standard_output=null|tty|syslog|syslog+console|kmsg|kmsg+console|journal|journal+console\n" - " Set default log output for services\n" - "systemd.default_standard_error=null|tty|syslog|syslog+console|kmsg|kmsg+console|journal|journal+console\n" - " Set default log error output for services\n" - "systemd.setenv=ASSIGNMENT Set an environment variable for all spawned processes\n"); + const char *c; + + /* Ignore systemd.journald.xyz and friends */ + c = word; + if (startswith(c, "rd.")) + c += 3; + if (startswith(c, "systemd.")) + c += 8; + if (c[strcspn(c, ".=")] != '.') { + + log_warning("Unknown kernel switch %s. Ignoring.", word); + + log_info("Supported kernel switches:\n" + "systemd.unit=UNIT Default unit to start\n" + "rd.systemd.unit=UNIT Default unit to start when run in initrd\n" + "systemd.dump_core=0|1 Dump core on crash\n" + "systemd.crash_shell=0|1 Run shell on crash\n" + "systemd.crash_chvt=N Change to VT #N on crash\n" + "systemd.confirm_spawn=0|1 Confirm every process spawn\n" + "systemd.show_status=0|1 Show status updates on the console during bootup\n" + "systemd.log_target=console|kmsg|journal|journal-or-kmsg|syslog|syslog-or-kmsg|null\n" + " Log target\n" + "systemd.log_level=LEVEL Log level\n" + "systemd.log_color=0|1 Highlight important log messages\n" + "systemd.log_location=0|1 Include code location in log messages\n" + "systemd.default_standard_output=null|tty|syslog|syslog+console|kmsg|kmsg+console|journal|journal+console\n" + " Set default log output for services\n" + "systemd.default_standard_error=null|tty|syslog|syslog+console|kmsg|kmsg+console|journal|journal+console\n" + " Set default log error output for services\n" + "systemd.setenv=ASSIGNMENT Set an environment variable for all spawned processes\n"); + } } else if (streq(word, "quiet")) arg_show_status = false; @@ -669,8 +684,8 @@ static int parse_config_file(void) { { "Manager", "DefaultStandardOutput", config_parse_output, 0, &arg_default_std_output }, { "Manager", "DefaultStandardError", config_parse_output, 0, &arg_default_std_error }, { "Manager", "JoinControllers", config_parse_join_controllers, 0, &arg_join_controllers }, - { "Manager", "RuntimeWatchdogSec", config_parse_usec, 0, &arg_runtime_watchdog }, - { "Manager", "ShutdownWatchdogSec", config_parse_usec, 0, &arg_shutdown_watchdog }, + { "Manager", "RuntimeWatchdogSec", config_parse_sec, 0, &arg_runtime_watchdog }, + { "Manager", "ShutdownWatchdogSec", config_parse_sec, 0, &arg_shutdown_watchdog }, { "Manager", "CapabilityBoundingSet", config_parse_bounding_set, 0, &arg_capability_bounding_set_drop }, { "Manager", "TimerSlackNSec", config_parse_nsec, 0, &arg_timer_slack_nsec }, { "Manager", "DefaultLimitCPU", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_CPU]}, @@ -1297,19 +1312,13 @@ int main(int argc, char *argv[]) { /* Determine if this is a reexecution or normal bootup. We do * the full command line parsing much later, so let's just * have a quick peek here. */ - for (j = 1; j < argc; j++) - if (streq(argv[j], "--deserialize")) { - skip_setup = true; - break; - } + if (strv_find(argv+1, "--deserialize")) + skip_setup = true; /* If we have switched root, do all the special setup * things */ - for (j = 1; j < argc; j++) - if (streq(argv[j], "--switched-root")) { - skip_setup = false; - break; - } + if (strv_find(argv+1, "--switched-root")) + skip_setup = false; /* If we get started via the /sbin/init symlink then we are called 'init'. After a subsequent reexecution we are then @@ -1345,10 +1354,13 @@ int main(int argc, char *argv[]) { } if (!skip_setup) { + mount_setup_early(); if (selinux_setup(&loaded_policy) < 0) goto finish; if (ima_setup() < 0) goto finish; + if (smack_setup() < 0) + goto finish; } if (label_init(NULL) < 0) @@ -1421,7 +1433,7 @@ int main(int argc, char *argv[]) { /* Mount /proc, /sys and friends, so that /proc/cmdline and * /proc/$PID/fd is available. */ - if (geteuid() == 0 && !getenv("SYSTEMD_SKIP_API_MOUNTS")) { + if (getpid() == 1) { r = mount_setup(loaded_policy); if (r < 0) goto finish; @@ -1563,10 +1575,9 @@ int main(int argc, char *argv[]) { /* Make sure we leave a core dump without panicing the * kernel. */ - if (getpid() == 1) + if (getpid() == 1) { install_crash_handler(); - if (geteuid() == 0 && !getenv("SYSTEMD_SKIP_API_MOUNTS")) { r = mount_cgroup_controllers(arg_join_controllers); if (r < 0) goto finish; @@ -1719,12 +1730,23 @@ int main(int argc, char *argv[]) { manager_dump_units(m, stdout, "\t"); } - r = manager_add_job(m, JOB_START, target, JOB_REPLACE, false, &error, &default_unit_job); - if (r < 0) { - log_error("Failed to start default target: %s", bus_error(&error, r)); + r = manager_add_job(m, JOB_START, target, JOB_ISOLATE, false, &error, &default_unit_job); + if (r == -EPERM) { + log_error("Default target could not be isolated, starting instead: %s", bus_error(&error, r)); + dbus_error_free(&error); + + r = manager_add_job(m, JOB_START, target, JOB_REPLACE, false, &error, &default_unit_job); + if (r < 0) { + log_error("Failed to start default target: %s", bus_error(&error, r)); + dbus_error_free(&error); + goto finish; + } + } else if (r < 0) { + log_error("Failed to isolate default target: %s", bus_error(&error, r)); dbus_error_free(&error); goto finish; } + m->default_unit_job_id = default_unit_job->id; after_startup = now(CLOCK_MONOTONIC);