]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
c2f1db8f | 2 | #pragma once |
5cb5a6ff | 3 | |
a7334b09 LP |
4 | /*** |
5 | This file is part of systemd. | |
6 | ||
7 | Copyright 2010 Lennart Poettering | |
8 | ||
9 | systemd is free software; you can redistribute it and/or modify it | |
5430f7f2 LP |
10 | under the terms of the GNU Lesser General Public License as published by |
11 | the Free Software Foundation; either version 2.1 of the License, or | |
a7334b09 LP |
12 | (at your option) any later version. |
13 | ||
14 | systemd is distributed in the hope that it will be useful, but | |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
5430f7f2 | 17 | Lesser General Public License for more details. |
a7334b09 | 18 | |
5430f7f2 | 19 | You should have received a copy of the GNU Lesser General Public License |
a7334b09 LP |
20 | along with systemd; If not, see <http://www.gnu.org/licenses/>. |
21 | ***/ | |
22 | ||
5cb5a6ff LP |
23 | typedef struct ExecStatus ExecStatus; |
24 | typedef struct ExecCommand ExecCommand; | |
25 | typedef struct ExecContext ExecContext; | |
613b411c | 26 | typedef struct ExecRuntime ExecRuntime; |
9fa95f85 | 27 | typedef struct ExecParameters ExecParameters; |
5cb5a6ff | 28 | |
71d35b6b | 29 | #include <sched.h> |
5cb5a6ff LP |
30 | #include <stdbool.h> |
31 | #include <stdio.h> | |
71d35b6b | 32 | #include <sys/capability.h> |
5cb5a6ff | 33 | |
9ce93478 | 34 | #include "cgroup-util.h" |
613b411c | 35 | #include "fdset.h" |
71d35b6b | 36 | #include "list.h" |
517d56b1 | 37 | #include "missing.h" |
417116f2 | 38 | #include "namespace.h" |
add00535 | 39 | #include "nsflags.h" |
5cb5a6ff | 40 | |
08f3be7a LP |
41 | #define EXEC_STDIN_DATA_MAX (64U*1024U*1024U) |
42 | ||
023a4f67 LP |
43 | typedef enum ExecUtmpMode { |
44 | EXEC_UTMP_INIT, | |
45 | EXEC_UTMP_LOGIN, | |
46 | EXEC_UTMP_USER, | |
47 | _EXEC_UTMP_MODE_MAX, | |
2307f37e | 48 | _EXEC_UTMP_MODE_INVALID = -1 |
023a4f67 LP |
49 | } ExecUtmpMode; |
50 | ||
80876c20 LP |
51 | typedef enum ExecInput { |
52 | EXEC_INPUT_NULL, | |
53 | EXEC_INPUT_TTY, | |
54 | EXEC_INPUT_TTY_FORCE, | |
55 | EXEC_INPUT_TTY_FAIL, | |
4f2d528d | 56 | EXEC_INPUT_SOCKET, |
52c239d7 | 57 | EXEC_INPUT_NAMED_FD, |
08f3be7a | 58 | EXEC_INPUT_DATA, |
2038c3f5 | 59 | EXEC_INPUT_FILE, |
80876c20 LP |
60 | _EXEC_INPUT_MAX, |
61 | _EXEC_INPUT_INVALID = -1 | |
62 | } ExecInput; | |
63 | ||
071830ff | 64 | typedef enum ExecOutput { |
80876c20 | 65 | EXEC_OUTPUT_INHERIT, |
94f04347 | 66 | EXEC_OUTPUT_NULL, |
80876c20 | 67 | EXEC_OUTPUT_TTY, |
94f04347 | 68 | EXEC_OUTPUT_SYSLOG, |
28dbc1e8 | 69 | EXEC_OUTPUT_SYSLOG_AND_CONSOLE, |
9a6bca7a | 70 | EXEC_OUTPUT_KMSG, |
28dbc1e8 | 71 | EXEC_OUTPUT_KMSG_AND_CONSOLE, |
706343f4 LP |
72 | EXEC_OUTPUT_JOURNAL, |
73 | EXEC_OUTPUT_JOURNAL_AND_CONSOLE, | |
4f2d528d | 74 | EXEC_OUTPUT_SOCKET, |
52c239d7 | 75 | EXEC_OUTPUT_NAMED_FD, |
2038c3f5 | 76 | EXEC_OUTPUT_FILE, |
94f04347 LP |
77 | _EXEC_OUTPUT_MAX, |
78 | _EXEC_OUTPUT_INVALID = -1 | |
071830ff LP |
79 | } ExecOutput; |
80 | ||
53f47dfc YW |
81 | typedef enum ExecPreserveMode { |
82 | EXEC_PRESERVE_NO, | |
83 | EXEC_PRESERVE_YES, | |
84 | EXEC_PRESERVE_RESTART, | |
85 | _EXEC_PRESERVE_MODE_MAX, | |
86 | _EXEC_PRESERVE_MODE_INVALID = -1 | |
87 | } ExecPreserveMode; | |
88 | ||
b1edf445 LP |
89 | typedef enum ExecKeyringMode { |
90 | EXEC_KEYRING_INHERIT, | |
91 | EXEC_KEYRING_PRIVATE, | |
92 | EXEC_KEYRING_SHARED, | |
93 | _EXEC_KEYRING_MODE_MAX, | |
94 | _EXEC_KEYRING_MODE_INVALID = -1, | |
95 | } ExecKeyringMode; | |
96 | ||
5cb5a6ff | 97 | struct ExecStatus { |
63983207 LP |
98 | dual_timestamp start_timestamp; |
99 | dual_timestamp exit_timestamp; | |
9d58f1db | 100 | pid_t pid; |
9152c765 LP |
101 | int code; /* as in siginfo_t::si_code */ |
102 | int status; /* as in sigingo_t::si_status */ | |
5cb5a6ff LP |
103 | }; |
104 | ||
3ed0cd26 LP |
105 | typedef enum ExecCommandFlags { |
106 | EXEC_COMMAND_IGNORE_FAILURE = 1, | |
107 | EXEC_COMMAND_FULLY_PRIVILEGED = 2, | |
165a31c0 LP |
108 | EXEC_COMMAND_NO_SETUID = 4, |
109 | EXEC_COMMAND_AMBIENT_MAGIC = 8, | |
3ed0cd26 LP |
110 | } ExecCommandFlags; |
111 | ||
5cb5a6ff LP |
112 | struct ExecCommand { |
113 | char *path; | |
114 | char **argv; | |
034c6ed7 | 115 | ExecStatus exec_status; |
3ed0cd26 | 116 | ExecCommandFlags flags; |
034c6ed7 | 117 | LIST_FIELDS(ExecCommand, command); /* useful for chaining commands */ |
5cb5a6ff LP |
118 | }; |
119 | ||
613b411c LP |
120 | struct ExecRuntime { |
121 | int n_ref; | |
122 | ||
123 | char *tmp_dir; | |
124 | char *var_tmp_dir; | |
125 | ||
29206d46 LP |
126 | /* An AF_UNIX socket pair, that contains a datagram containing a file descriptor referring to the network |
127 | * namespace. */ | |
613b411c LP |
128 | int netns_storage_socket[2]; |
129 | }; | |
130 | ||
3536f49e YW |
131 | typedef enum ExecDirectoryType { |
132 | EXEC_DIRECTORY_RUNTIME = 0, | |
133 | EXEC_DIRECTORY_STATE, | |
134 | EXEC_DIRECTORY_CACHE, | |
135 | EXEC_DIRECTORY_LOGS, | |
136 | EXEC_DIRECTORY_CONFIGURATION, | |
72fd1768 LP |
137 | _EXEC_DIRECTORY_TYPE_MAX, |
138 | _EXEC_DIRECTORY_TYPE_INVALID = -1, | |
3536f49e YW |
139 | } ExecDirectoryType; |
140 | ||
141 | typedef struct ExecDirectory { | |
142 | char **paths; | |
143 | mode_t mode; | |
144 | } ExecDirectory; | |
145 | ||
5cb5a6ff LP |
146 | struct ExecContext { |
147 | char **environment; | |
8c7be95e | 148 | char **environment_files; |
b4c14404 | 149 | char **pass_environment; |
00819cc1 | 150 | char **unset_environment; |
8c7be95e | 151 | |
517d56b1 | 152 | struct rlimit *rlimit[_RLIMIT_MAX]; |
915e6d16 | 153 | char *working_directory, *root_directory, *root_image; |
4c08c824 | 154 | bool working_directory_missing_ok; |
5f5d8eab | 155 | bool working_directory_home; |
9d58f1db LP |
156 | |
157 | mode_t umask; | |
dd6c17b1 | 158 | int oom_score_adjust; |
5cb5a6ff | 159 | int nice; |
9eba9da4 | 160 | int ioprio; |
94f04347 LP |
161 | int cpu_sched_policy; |
162 | int cpu_sched_priority; | |
9d58f1db | 163 | |
82c121a4 LP |
164 | cpu_set_t *cpuset; |
165 | unsigned cpuset_ncpus; | |
fb33a393 | 166 | |
80876c20 LP |
167 | ExecInput std_input; |
168 | ExecOutput std_output; | |
169 | ExecOutput std_error; | |
52c239d7 | 170 | char *stdio_fdname[3]; |
2038c3f5 | 171 | char *stdio_file[3]; |
80876c20 | 172 | |
08f3be7a LP |
173 | void *stdin_data; |
174 | size_t stdin_data_size; | |
80876c20 | 175 | |
d88a251b | 176 | nsec_t timer_slack_nsec; |
071830ff | 177 | |
1e22b5cd LP |
178 | bool stdio_as_fds; |
179 | ||
9d58f1db | 180 | char *tty_path; |
5cb5a6ff | 181 | |
6ea832a2 LP |
182 | bool tty_reset; |
183 | bool tty_vhangup; | |
184 | bool tty_vt_disallocate; | |
185 | ||
353e12c2 LP |
186 | bool ignore_sigpipe; |
187 | ||
61233823 | 188 | /* Since resolving these names might involve socket |
5cb5a6ff | 189 | * connections and we don't want to deadlock ourselves these |
94f04347 LP |
190 | * names are resolved on execution only and in the child |
191 | * process. */ | |
5cb5a6ff LP |
192 | char *user; |
193 | char *group; | |
194 | char **supplementary_groups; | |
9d58f1db | 195 | |
5b6319dc LP |
196 | char *pam_name; |
197 | ||
169c1bda | 198 | char *utmp_id; |
023a4f67 | 199 | ExecUtmpMode utmp_mode; |
169c1bda | 200 | |
5f8640fb | 201 | bool selinux_context_ignore; |
7b52a628 MS |
202 | char *selinux_context; |
203 | ||
eef65bf3 MS |
204 | bool apparmor_profile_ignore; |
205 | char *apparmor_profile; | |
206 | ||
2ca620c4 WC |
207 | bool smack_process_label_ignore; |
208 | char *smack_process_label; | |
209 | ||
b1edf445 LP |
210 | ExecKeyringMode keyring_mode; |
211 | ||
2a624c36 | 212 | char **read_write_paths, **read_only_paths, **inaccessible_paths; |
15ae422b | 213 | unsigned long mount_flags; |
d2d6c096 LP |
214 | BindMount *bind_mounts; |
215 | unsigned n_bind_mounts; | |
15ae422b | 216 | |
a103496c | 217 | uint64_t capability_bounding_set; |
755d4b67 | 218 | uint64_t capability_ambient_set; |
9d58f1db LP |
219 | int secure_bits; |
220 | ||
7fab9d01 LP |
221 | int syslog_priority; |
222 | char *syslog_identifier; | |
223 | bool syslog_level_prefix; | |
224 | ||
d3070fbd LP |
225 | int log_level_max; |
226 | ||
227 | struct iovec* log_extra_fields; | |
228 | size_t n_log_extra_fields; | |
229 | ||
9d58f1db LP |
230 | bool cpu_sched_reset_on_fork; |
231 | bool non_blocking; | |
15ae422b | 232 | bool private_tmp; |
ff01d048 | 233 | bool private_network; |
7f112f50 | 234 | bool private_devices; |
d251207d | 235 | bool private_users; |
1b8689f9 LP |
236 | ProtectSystem protect_system; |
237 | ProtectHome protect_home; | |
59eeb84b | 238 | bool protect_kernel_tunables; |
502d704e | 239 | bool protect_kernel_modules; |
59eeb84b | 240 | bool protect_control_groups; |
5d997827 | 241 | bool mount_apivfs; |
9d58f1db | 242 | |
8351ceae LP |
243 | bool no_new_privileges; |
244 | ||
29206d46 | 245 | bool dynamic_user; |
00d9ef85 | 246 | bool remove_ipc; |
29206d46 | 247 | |
9d58f1db LP |
248 | /* This is not exposed to the user but available |
249 | * internally. We need it to make sure that whenever we spawn | |
f00929ad | 250 | * /usr/bin/mount it is run in the same process group as us so |
9d58f1db LP |
251 | * that the autofs logic detects that it belongs to us and we |
252 | * don't enter a trigger loop. */ | |
74922904 | 253 | bool same_pgrp; |
2e22afe9 | 254 | |
ac45f971 | 255 | unsigned long personality; |
78e864e5 | 256 | bool lock_personality; |
ac45f971 | 257 | |
add00535 LP |
258 | unsigned long restrict_namespaces; /* The CLONE_NEWxyz flags permitted to the unit's processes */ |
259 | ||
8cfa775f | 260 | Hashmap *syscall_filter; |
57183d11 | 261 | Set *syscall_archs; |
17df7223 LP |
262 | int syscall_errno; |
263 | bool syscall_whitelist:1; | |
8351ceae | 264 | |
4298d0b5 LP |
265 | Set *address_families; |
266 | bool address_families_whitelist:1; | |
267 | ||
53f47dfc | 268 | ExecPreserveMode runtime_directory_preserve_mode; |
72fd1768 | 269 | ExecDirectory directories[_EXEC_DIRECTORY_TYPE_MAX]; |
e66cf1a3 | 270 | |
f4170c67 LP |
271 | bool memory_deny_write_execute; |
272 | bool restrict_realtime; | |
273 | ||
dd6c17b1 | 274 | bool oom_score_adjust_set:1; |
7fab9d01 LP |
275 | bool nice_set:1; |
276 | bool ioprio_set:1; | |
277 | bool cpu_sched_set:1; | |
5cb5a6ff LP |
278 | }; |
279 | ||
add00535 LP |
280 | static inline bool exec_context_restrict_namespaces_set(const ExecContext *c) { |
281 | assert(c); | |
282 | ||
283 | return (c->restrict_namespaces & NAMESPACE_FLAGS_ALL) != NAMESPACE_FLAGS_ALL; | |
284 | } | |
285 | ||
c39f1ce2 | 286 | typedef enum ExecFlags { |
1703fa41 | 287 | EXEC_APPLY_SANDBOXING = 1U << 0, |
7d5ceb64 FB |
288 | EXEC_APPLY_CHROOT = 1U << 1, |
289 | EXEC_APPLY_TTY_STDIN = 1U << 2, | |
74dd6b51 | 290 | EXEC_NEW_KEYRING = 1U << 3, |
af635cf3 | 291 | EXEC_PASS_LOG_UNIT = 1U << 4, /* Whether to pass the unit name to the service's journal stream connection */ |
8679efde | 292 | EXEC_CHOWN_DIRECTORIES = 1U << 5, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */ |
ac647978 | 293 | EXEC_NSS_BYPASS_BUS = 1U << 6, /* Set the SYSTEMD_NSS_BYPASS_BUS environment variable, to disable nss-systemd for dbus */ |
584b8688 | 294 | EXEC_CGROUP_DELEGATE = 1U << 7, |
c39f1ce2 | 295 | |
9c1a61ad | 296 | /* The following are not used by execute.c, but by consumers internally */ |
584b8688 LP |
297 | EXEC_PASS_FDS = 1U << 8, |
298 | EXEC_IS_CONTROL = 1U << 9, | |
299 | EXEC_SETENV_RESULT = 1U << 10, | |
300 | EXEC_SET_WATCHDOG = 1U << 11, | |
c39f1ce2 LP |
301 | } ExecFlags; |
302 | ||
9fa95f85 DM |
303 | struct ExecParameters { |
304 | char **argv; | |
a34ceba6 | 305 | char **environment; |
8dd4c05b LP |
306 | |
307 | int *fds; | |
308 | char **fd_names; | |
4c47affc | 309 | unsigned n_storage_fds; |
9b141911 | 310 | unsigned n_socket_fds; |
8dd4c05b | 311 | |
c39f1ce2 | 312 | ExecFlags flags; |
a34ceba6 | 313 | bool selinux_context_net:1; |
8dd4c05b | 314 | |
efdb0237 | 315 | CGroupMask cgroup_supported; |
9fa95f85 | 316 | const char *cgroup_path; |
8dd4c05b | 317 | |
3536f49e | 318 | char **prefix; |
8dd4c05b | 319 | |
7d5ceb64 FB |
320 | const char *confirm_spawn; |
321 | ||
9fa95f85 | 322 | usec_t watchdog_usec; |
8dd4c05b | 323 | |
9fa95f85 | 324 | int *idle_pipe; |
8dd4c05b | 325 | |
a34ceba6 LP |
326 | int stdin_fd; |
327 | int stdout_fd; | |
328 | int stderr_fd; | |
9fa95f85 DM |
329 | }; |
330 | ||
9ce93478 | 331 | #include "unit.h" |
29206d46 | 332 | #include "dynamic-user.h" |
9ce93478 | 333 | |
f2341e0a LP |
334 | int exec_spawn(Unit *unit, |
335 | ExecCommand *command, | |
9fa95f85 DM |
336 | const ExecContext *context, |
337 | const ExecParameters *exec_params, | |
613b411c | 338 | ExecRuntime *runtime, |
29206d46 | 339 | DynamicCreds *dynamic_creds, |
81a2b7ce | 340 | pid_t *ret); |
5cb5a6ff | 341 | |
43d0fcbd LP |
342 | void exec_command_done(ExecCommand *c); |
343 | void exec_command_done_array(ExecCommand *c, unsigned n); | |
344 | ||
f1acf85a | 345 | ExecCommand* exec_command_free_list(ExecCommand *c); |
034c6ed7 | 346 | void exec_command_free_array(ExecCommand **c, unsigned n); |
5cb5a6ff | 347 | |
9e2f7c11 LP |
348 | char *exec_command_line(char **argv); |
349 | ||
44d8db9e LP |
350 | void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix); |
351 | void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix); | |
a6a80b4f | 352 | void exec_command_append_list(ExecCommand **l, ExecCommand *e); |
26fd040d | 353 | int exec_command_set(ExecCommand *c, const char *path, ...); |
86b23b07 | 354 | int exec_command_append(ExecCommand *c, const char *path, ...); |
44d8db9e | 355 | |
034c6ed7 | 356 | void exec_context_init(ExecContext *c); |
613b411c | 357 | void exec_context_done(ExecContext *c); |
5cb5a6ff LP |
358 | void exec_context_dump(ExecContext *c, FILE* f, const char *prefix); |
359 | ||
e66cf1a3 LP |
360 | int exec_context_destroy_runtime_directory(ExecContext *c, const char *runtime_root); |
361 | ||
f2341e0a | 362 | int exec_context_load_environment(Unit *unit, const ExecContext *c, char ***l); |
52c239d7 LB |
363 | int exec_context_named_iofds(Unit *unit, const ExecContext *c, const ExecParameters *p, int named_iofds[3]); |
364 | const char* exec_context_fdname(const ExecContext *c, int fd_index); | |
8c7be95e | 365 | |
6ac8fdc9 | 366 | bool exec_context_may_touch_console(ExecContext *c); |
a931ad47 | 367 | bool exec_context_maintains_privileges(ExecContext *c); |
6ac8fdc9 | 368 | |
7f452159 LP |
369 | int exec_context_get_effective_ioprio(ExecContext *c); |
370 | ||
d3070fbd LP |
371 | void exec_context_free_log_extra_fields(ExecContext *c); |
372 | ||
b58b4116 | 373 | void exec_status_start(ExecStatus *s, pid_t pid); |
6ea832a2 | 374 | void exec_status_exit(ExecStatus *s, ExecContext *context, pid_t pid, int code, int status); |
9fb86720 | 375 | void exec_status_dump(ExecStatus *s, FILE *f, const char *prefix); |
5cb5a6ff | 376 | |
613b411c LP |
377 | int exec_runtime_make(ExecRuntime **rt, ExecContext *c, const char *id); |
378 | ExecRuntime *exec_runtime_ref(ExecRuntime *r); | |
379 | ExecRuntime *exec_runtime_unref(ExecRuntime *r); | |
380 | ||
f2341e0a LP |
381 | int exec_runtime_serialize(Unit *unit, ExecRuntime *rt, FILE *f, FDSet *fds); |
382 | int exec_runtime_deserialize_item(Unit *unit, ExecRuntime **rt, const char *key, const char *value, FDSet *fds); | |
613b411c LP |
383 | |
384 | void exec_runtime_destroy(ExecRuntime *rt); | |
385 | ||
44a6b1b6 ZJS |
386 | const char* exec_output_to_string(ExecOutput i) _const_; |
387 | ExecOutput exec_output_from_string(const char *s) _pure_; | |
94f04347 | 388 | |
44a6b1b6 ZJS |
389 | const char* exec_input_to_string(ExecInput i) _const_; |
390 | ExecInput exec_input_from_string(const char *s) _pure_; | |
023a4f67 LP |
391 | |
392 | const char* exec_utmp_mode_to_string(ExecUtmpMode i) _const_; | |
393 | ExecUtmpMode exec_utmp_mode_from_string(const char *s) _pure_; | |
53f47dfc YW |
394 | |
395 | const char* exec_preserve_mode_to_string(ExecPreserveMode i) _const_; | |
396 | ExecPreserveMode exec_preserve_mode_from_string(const char *s) _pure_; | |
3536f49e | 397 | |
b1edf445 LP |
398 | const char* exec_keyring_mode_to_string(ExecKeyringMode i) _const_; |
399 | ExecKeyringMode exec_keyring_mode_from_string(const char *s) _pure_; | |
400 | ||
3536f49e YW |
401 | const char* exec_directory_type_to_string(ExecDirectoryType i) _const_; |
402 | ExecDirectoryType exec_directory_type_from_string(const char *s) _pure_; |