[thirdparty/systemd.git] / src / core / execute.h

/* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once

/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

typedef struct ExecStatus ExecStatus;
typedef struct ExecCommand ExecCommand;
typedef struct ExecContext ExecContext;
typedef struct ExecRuntime ExecRuntime;
typedef struct ExecParameters ExecParameters;

#include <sched.h>
#include <stdbool.h>
#include <stdio.h>
#include <sys/capability.h>

#include "cgroup-util.h"
#include "fdset.h"
#include "list.h"
#include "missing.h"
#include "namespace.h"
#include "nsflags.h"

#define EXEC_STDIN_DATA_MAX (64U*1024U*1024U)

typedef enum ExecUtmpMode {
        EXEC_UTMP_INIT,
        EXEC_UTMP_LOGIN,
        EXEC_UTMP_USER,
        _EXEC_UTMP_MODE_MAX,
        _EXEC_UTMP_MODE_INVALID = -1
} ExecUtmpMode;

typedef enum ExecInput {
        EXEC_INPUT_NULL,
        EXEC_INPUT_TTY,
        EXEC_INPUT_TTY_FORCE,
        EXEC_INPUT_TTY_FAIL,
        EXEC_INPUT_SOCKET,
        EXEC_INPUT_NAMED_FD,
        EXEC_INPUT_DATA,
        EXEC_INPUT_FILE,
        _EXEC_INPUT_MAX,
        _EXEC_INPUT_INVALID = -1
} ExecInput;

typedef enum ExecOutput {
        EXEC_OUTPUT_INHERIT,
        EXEC_OUTPUT_NULL,
        EXEC_OUTPUT_TTY,
        EXEC_OUTPUT_SYSLOG,
        EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
        EXEC_OUTPUT_KMSG,
        EXEC_OUTPUT_KMSG_AND_CONSOLE,
        EXEC_OUTPUT_JOURNAL,
        EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
        EXEC_OUTPUT_SOCKET,
        EXEC_OUTPUT_NAMED_FD,
        EXEC_OUTPUT_FILE,
        _EXEC_OUTPUT_MAX,
        _EXEC_OUTPUT_INVALID = -1
} ExecOutput;

typedef enum ExecPreserveMode {
        EXEC_PRESERVE_NO,
        EXEC_PRESERVE_YES,
        EXEC_PRESERVE_RESTART,
        _EXEC_PRESERVE_MODE_MAX,
        _EXEC_PRESERVE_MODE_INVALID = -1
} ExecPreserveMode;

typedef enum ExecKeyringMode {
        EXEC_KEYRING_INHERIT,
        EXEC_KEYRING_PRIVATE,
        EXEC_KEYRING_SHARED,
        _EXEC_KEYRING_MODE_MAX,
        _EXEC_KEYRING_MODE_INVALID = -1,
} ExecKeyringMode;

struct ExecStatus {
        dual_timestamp start_timestamp;
        dual_timestamp exit_timestamp;
        pid_t pid;
        int code;     /* as in siginfo_t::si_code */
        int status;   /* as in sigingo_t::si_status */
};

typedef enum ExecCommandFlags {
        EXEC_COMMAND_IGNORE_FAILURE = 1,
        EXEC_COMMAND_FULLY_PRIVILEGED = 2,
        EXEC_COMMAND_NO_SETUID = 4,
        EXEC_COMMAND_AMBIENT_MAGIC = 8,
} ExecCommandFlags;

struct ExecCommand {
        char *path;
        char **argv;
        ExecStatus exec_status;
        ExecCommandFlags flags;
        LIST_FIELDS(ExecCommand, command); /* useful for chaining commands */
};

struct ExecRuntime {
        int n_ref;

        char *tmp_dir;
        char *var_tmp_dir;

        /* An AF_UNIX socket pair, that contains a datagram containing a file descriptor referring to the network
         * namespace. */
        int netns_storage_socket[2];
};

typedef enum ExecDirectoryType {
        EXEC_DIRECTORY_RUNTIME = 0,
        EXEC_DIRECTORY_STATE,
        EXEC_DIRECTORY_CACHE,
        EXEC_DIRECTORY_LOGS,
        EXEC_DIRECTORY_CONFIGURATION,
        _EXEC_DIRECTORY_TYPE_MAX,
        _EXEC_DIRECTORY_TYPE_INVALID = -1,
} ExecDirectoryType;

typedef struct ExecDirectory {
        char **paths;
        mode_t mode;
} ExecDirectory;

struct ExecContext {
        char **environment;
        char **environment_files;
        char **pass_environment;
        char **unset_environment;

        struct rlimit *rlimit[_RLIMIT_MAX];
        char *working_directory, *root_directory, *root_image;
        bool working_directory_missing_ok;
        bool working_directory_home;

        mode_t umask;
        int oom_score_adjust;
        int nice;
        int ioprio;
        int cpu_sched_policy;
        int cpu_sched_priority;

        cpu_set_t *cpuset;
        unsigned cpuset_ncpus;

        ExecInput std_input;
        ExecOutput std_output;
        ExecOutput std_error;
        char *stdio_fdname[3];
        char *stdio_file[3];

        void *stdin_data;
        size_t stdin_data_size;

        nsec_t timer_slack_nsec;

        bool stdio_as_fds;

        char *tty_path;

        bool tty_reset;
        bool tty_vhangup;
        bool tty_vt_disallocate;

        bool ignore_sigpipe;

        /* Since resolving these names might involve socket
         * connections and we don't want to deadlock ourselves these
         * names are resolved on execution only and in the child
         * process. */
        char *user;
        char *group;
        char **supplementary_groups;

        char *pam_name;

        char *utmp_id;
        ExecUtmpMode utmp_mode;

        bool selinux_context_ignore;
        char *selinux_context;

        bool apparmor_profile_ignore;
        char *apparmor_profile;

        bool smack_process_label_ignore;
        char *smack_process_label;

        ExecKeyringMode keyring_mode;

        char **read_write_paths, **read_only_paths, **inaccessible_paths;
        unsigned long mount_flags;
        BindMount *bind_mounts;
        unsigned n_bind_mounts;

        uint64_t capability_bounding_set;
        uint64_t capability_ambient_set;
        int secure_bits;

        int syslog_priority;
        char *syslog_identifier;
        bool syslog_level_prefix;

        int log_level_max;

        struct iovec* log_extra_fields;
        size_t n_log_extra_fields;

        bool cpu_sched_reset_on_fork;
        bool non_blocking;
        bool private_tmp;
        bool private_network;
        bool private_devices;
        bool private_users;
        ProtectSystem protect_system;
        ProtectHome protect_home;
        bool protect_kernel_tunables;
        bool protect_kernel_modules;
        bool protect_control_groups;
        bool mount_apivfs;

        bool no_new_privileges;

        bool dynamic_user;
        bool remove_ipc;

        /* This is not exposed to the user but available
         * internally. We need it to make sure that whenever we spawn
         * /usr/bin/mount it is run in the same process group as us so
         * that the autofs logic detects that it belongs to us and we
         * don't enter a trigger loop. */
        bool same_pgrp;

        unsigned long personality;
        bool lock_personality;

        unsigned long restrict_namespaces; /* The CLONE_NEWxyz flags permitted to the unit's processes */

        Hashmap *syscall_filter;
        Set *syscall_archs;
        int syscall_errno;
        bool syscall_whitelist:1;

        Set *address_families;
        bool address_families_whitelist:1;

        ExecPreserveMode runtime_directory_preserve_mode;
        ExecDirectory directories[_EXEC_DIRECTORY_TYPE_MAX];

        bool memory_deny_write_execute;
        bool restrict_realtime;

        bool oom_score_adjust_set:1;
        bool nice_set:1;
        bool ioprio_set:1;
        bool cpu_sched_set:1;
};

static inline bool exec_context_restrict_namespaces_set(const ExecContext *c) {
        assert(c);

        return (c->restrict_namespaces & NAMESPACE_FLAGS_ALL) != NAMESPACE_FLAGS_ALL;
}

typedef enum ExecFlags {
        EXEC_APPLY_SANDBOXING  = 1U << 0,
        EXEC_APPLY_CHROOT      = 1U << 1,
        EXEC_APPLY_TTY_STDIN   = 1U << 2,
        EXEC_NEW_KEYRING       = 1U << 3,
        EXEC_PASS_LOG_UNIT     = 1U << 4, /* Whether to pass the unit name to the service's journal stream connection */
        EXEC_CHOWN_DIRECTORIES = 1U << 5, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */
        EXEC_NSS_BYPASS_BUS    = 1U << 6, /* Set the SYSTEMD_NSS_BYPASS_BUS environment variable, to disable nss-systemd for dbus */
        EXEC_CGROUP_DELEGATE   = 1U << 7,

        /* The following are not used by execute.c, but by consumers internally */
        EXEC_PASS_FDS          = 1U << 8,
        EXEC_IS_CONTROL        = 1U << 9,
        EXEC_SETENV_RESULT     = 1U << 10,
        EXEC_SET_WATCHDOG      = 1U << 11,
} ExecFlags;

struct ExecParameters {
        char **argv;
        char **environment;

        int *fds;
        char **fd_names;
        unsigned n_storage_fds;
        unsigned n_socket_fds;

        ExecFlags flags;
        bool selinux_context_net:1;

        CGroupMask cgroup_supported;
        const char *cgroup_path;

        char **prefix;

        const char *confirm_spawn;

        usec_t watchdog_usec;

        int *idle_pipe;

        int stdin_fd;
        int stdout_fd;
        int stderr_fd;
};

#include "unit.h"
#include "dynamic-user.h"

int exec_spawn(Unit *unit,
               ExecCommand *command,
               const ExecContext *context,
               const ExecParameters *exec_params,
               ExecRuntime *runtime,
               DynamicCreds *dynamic_creds,
               pid_t *ret);

void exec_command_done(ExecCommand *c);
void exec_command_done_array(ExecCommand *c, unsigned n);

ExecCommand* exec_command_free_list(ExecCommand *c);
void exec_command_free_array(ExecCommand **c, unsigned n);

char *exec_command_line(char **argv);

void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix);
void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix);
void exec_command_append_list(ExecCommand **l, ExecCommand *e);
int exec_command_set(ExecCommand *c, const char *path, ...);
int exec_command_append(ExecCommand *c, const char *path, ...);

void exec_context_init(ExecContext *c);
void exec_context_done(ExecContext *c);
void exec_context_dump(ExecContext *c, FILE* f, const char *prefix);

int exec_context_destroy_runtime_directory(ExecContext *c, const char *runtime_root);

int exec_context_load_environment(Unit *unit, const ExecContext *c, char ***l);
int exec_context_named_iofds(Unit *unit, const ExecContext *c, const ExecParameters *p, int named_iofds[3]);
const char* exec_context_fdname(const ExecContext *c, int fd_index);

bool exec_context_may_touch_console(ExecContext *c);
bool exec_context_maintains_privileges(ExecContext *c);

int exec_context_get_effective_ioprio(ExecContext *c);

void exec_context_free_log_extra_fields(ExecContext *c);

void exec_status_start(ExecStatus *s, pid_t pid);
void exec_status_exit(ExecStatus *s, ExecContext *context, pid_t pid, int code, int status);
void exec_status_dump(ExecStatus *s, FILE *f, const char *prefix);

int exec_runtime_make(ExecRuntime **rt, ExecContext *c, const char *id);
ExecRuntime *exec_runtime_ref(ExecRuntime *r);
ExecRuntime *exec_runtime_unref(ExecRuntime *r);

int exec_runtime_serialize(Unit *unit, ExecRuntime *rt, FILE *f, FDSet *fds);
int exec_runtime_deserialize_item(Unit *unit, ExecRuntime **rt, const char *key, const char *value, FDSet *fds);

void exec_runtime_destroy(ExecRuntime *rt);

const char* exec_output_to_string(ExecOutput i) _const_;
ExecOutput exec_output_from_string(const char *s) _pure_;

const char* exec_input_to_string(ExecInput i) _const_;
ExecInput exec_input_from_string(const char *s) _pure_;

const char* exec_utmp_mode_to_string(ExecUtmpMode i) _const_;
ExecUtmpMode exec_utmp_mode_from_string(const char *s) _pure_;

const char* exec_preserve_mode_to_string(ExecPreserveMode i) _const_;
ExecPreserveMode exec_preserve_mode_from_string(const char *s) _pure_;

const char* exec_keyring_mode_to_string(ExecKeyringMode i) _const_;
ExecKeyringMode exec_keyring_mode_from_string(const char *s) _pure_;

const char* exec_directory_type_to_string(ExecDirectoryType i) _const_;
ExecDirectoryType exec_directory_type_from_string(const char *s) _pure_;
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
c2f1db8f	2	#pragma once
5cb5a6ff	3
a7334b09 LP	4	/***
	5	This file is part of systemd.
	6
	7	Copyright 2010 Lennart Poettering
	8
	9	systemd is free software; you can redistribute it and/or modify it
5430f7f2 LP	10	under the terms of the GNU Lesser General Public License as published by
5430f7f2 LP	11	the Free Software Foundation; either version 2.1 of the License, or
a7334b09 LP	12	(at your option) any later version.
	13
	14	systemd is distributed in the hope that it will be useful, but
	15	WITHOUT ANY WARRANTY; without even the implied warranty of
	16	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2	17	Lesser General Public License for more details.
a7334b09	18
5430f7f2	19	You should have received a copy of the GNU Lesser General Public License
a7334b09 LP	20	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	21	***/
	22
5cb5a6ff LP	23	typedef struct ExecStatus ExecStatus;
	24	typedef struct ExecCommand ExecCommand;
	25	typedef struct ExecContext ExecContext;
613b411c	26	typedef struct ExecRuntime ExecRuntime;
9fa95f85	27	typedef struct ExecParameters ExecParameters;
5cb5a6ff	28
71d35b6b	29	#include <sched.h>
5cb5a6ff LP	30	#include <stdbool.h>
5cb5a6ff LP	31	#include <stdio.h>
71d35b6b	32	#include <sys/capability.h>
5cb5a6ff	33
9ce93478	34	#include "cgroup-util.h"
613b411c	35	#include "fdset.h"
71d35b6b	36	#include "list.h"
517d56b1	37	#include "missing.h"
417116f2	38	#include "namespace.h"
add00535	39	#include "nsflags.h"
5cb5a6ff	40
08f3be7a LP	41	#define EXEC_STDIN_DATA_MAX (64U1024U1024U)
08f3be7a LP	42
023a4f67 LP	43	typedef enum ExecUtmpMode {
	44	EXEC_UTMP_INIT,
	45	EXEC_UTMP_LOGIN,
	46	EXEC_UTMP_USER,
	47	_EXEC_UTMP_MODE_MAX,
2307f37e	48	_EXEC_UTMP_MODE_INVALID = -1
023a4f67 LP	49	} ExecUtmpMode;
023a4f67 LP	50
80876c20 LP	51	typedef enum ExecInput {
	52	EXEC_INPUT_NULL,
	53	EXEC_INPUT_TTY,
	54	EXEC_INPUT_TTY_FORCE,
	55	EXEC_INPUT_TTY_FAIL,
4f2d528d	56	EXEC_INPUT_SOCKET,
52c239d7	57	EXEC_INPUT_NAMED_FD,
08f3be7a	58	EXEC_INPUT_DATA,
2038c3f5	59	EXEC_INPUT_FILE,
80876c20 LP	60	_EXEC_INPUT_MAX,
	61	_EXEC_INPUT_INVALID = -1
	62	} ExecInput;
	63
071830ff	64	typedef enum ExecOutput {
80876c20	65	EXEC_OUTPUT_INHERIT,
94f04347	66	EXEC_OUTPUT_NULL,
80876c20	67	EXEC_OUTPUT_TTY,
94f04347	68	EXEC_OUTPUT_SYSLOG,
28dbc1e8	69	EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
9a6bca7a	70	EXEC_OUTPUT_KMSG,
28dbc1e8	71	EXEC_OUTPUT_KMSG_AND_CONSOLE,
706343f4 LP	72	EXEC_OUTPUT_JOURNAL,
706343f4 LP	73	EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
4f2d528d	74	EXEC_OUTPUT_SOCKET,
52c239d7	75	EXEC_OUTPUT_NAMED_FD,
2038c3f5	76	EXEC_OUTPUT_FILE,
94f04347 LP	77	_EXEC_OUTPUT_MAX,
94f04347 LP	78	_EXEC_OUTPUT_INVALID = -1
071830ff LP	79	} ExecOutput;
071830ff LP	80
53f47dfc YW	81	typedef enum ExecPreserveMode {
	82	EXEC_PRESERVE_NO,
	83	EXEC_PRESERVE_YES,
	84	EXEC_PRESERVE_RESTART,
	85	_EXEC_PRESERVE_MODE_MAX,
	86	_EXEC_PRESERVE_MODE_INVALID = -1
	87	} ExecPreserveMode;
	88
b1edf445 LP	89	typedef enum ExecKeyringMode {
	90	EXEC_KEYRING_INHERIT,
	91	EXEC_KEYRING_PRIVATE,
	92	EXEC_KEYRING_SHARED,
	93	_EXEC_KEYRING_MODE_MAX,
	94	_EXEC_KEYRING_MODE_INVALID = -1,
	95	} ExecKeyringMode;
	96
5cb5a6ff	97	struct ExecStatus {
63983207 LP	98	dual_timestamp start_timestamp;
63983207 LP	99	dual_timestamp exit_timestamp;
9d58f1db	100	pid_t pid;
9152c765 LP	101	int code; /* as in siginfo_t::si_code */
9152c765 LP	102	int status; /* as in sigingo_t::si_status */
5cb5a6ff LP	103	};
5cb5a6ff LP	104
3ed0cd26 LP	105	typedef enum ExecCommandFlags {
	106	EXEC_COMMAND_IGNORE_FAILURE = 1,
	107	EXEC_COMMAND_FULLY_PRIVILEGED = 2,
165a31c0 LP	108	EXEC_COMMAND_NO_SETUID = 4,
165a31c0 LP	109	EXEC_COMMAND_AMBIENT_MAGIC = 8,
3ed0cd26 LP	110	} ExecCommandFlags;
3ed0cd26 LP	111
5cb5a6ff LP	112	struct ExecCommand {
	113	char *path;
	114	char **argv;
034c6ed7	115	ExecStatus exec_status;
3ed0cd26	116	ExecCommandFlags flags;
034c6ed7	117	LIST_FIELDS(ExecCommand, command); /* useful for chaining commands */
5cb5a6ff LP	118	};
5cb5a6ff LP	119
613b411c LP	120	struct ExecRuntime {
	121	int n_ref;
	122
	123	char *tmp_dir;
	124	char *var_tmp_dir;
	125
29206d46 LP	126	/* An AF_UNIX socket pair, that contains a datagram containing a file descriptor referring to the network
29206d46 LP	127	* namespace. */
613b411c LP	128	int netns_storage_socket[2];
	129	};
	130
3536f49e YW	131	typedef enum ExecDirectoryType {
	132	EXEC_DIRECTORY_RUNTIME = 0,
	133	EXEC_DIRECTORY_STATE,
	134	EXEC_DIRECTORY_CACHE,
	135	EXEC_DIRECTORY_LOGS,
	136	EXEC_DIRECTORY_CONFIGURATION,
72fd1768 LP	137	_EXEC_DIRECTORY_TYPE_MAX,
72fd1768 LP	138	_EXEC_DIRECTORY_TYPE_INVALID = -1,
3536f49e YW	139	} ExecDirectoryType;
	140
	141	typedef struct ExecDirectory {
	142	char **paths;
	143	mode_t mode;
	144	} ExecDirectory;
	145
5cb5a6ff LP	146	struct ExecContext {
5cb5a6ff LP	147	char **environment;
8c7be95e	148	char **environment_files;
b4c14404	149	char **pass_environment;
00819cc1	150	char **unset_environment;
8c7be95e	151
517d56b1	152	struct rlimit *rlimit[_RLIMIT_MAX];
915e6d16	153	char working_directory, root_directory, *root_image;
4c08c824	154	bool working_directory_missing_ok;
5f5d8eab	155	bool working_directory_home;
9d58f1db LP	156
9d58f1db LP	157	mode_t umask;
dd6c17b1	158	int oom_score_adjust;
5cb5a6ff	159	int nice;
9eba9da4	160	int ioprio;
94f04347 LP	161	int cpu_sched_policy;
94f04347 LP	162	int cpu_sched_priority;
9d58f1db	163
82c121a4 LP	164	cpu_set_t *cpuset;
82c121a4 LP	165	unsigned cpuset_ncpus;
fb33a393	166
80876c20 LP	167	ExecInput std_input;
	168	ExecOutput std_output;
	169	ExecOutput std_error;
52c239d7	170	char *stdio_fdname[3];
2038c3f5	171	char *stdio_file[3];
80876c20	172
08f3be7a LP	173	void *stdin_data;
08f3be7a LP	174	size_t stdin_data_size;
80876c20	175
d88a251b	176	nsec_t timer_slack_nsec;
071830ff	177
1e22b5cd LP	178	bool stdio_as_fds;
1e22b5cd LP	179
9d58f1db	180	char *tty_path;
5cb5a6ff	181
6ea832a2 LP	182	bool tty_reset;
	183	bool tty_vhangup;
	184	bool tty_vt_disallocate;
	185
353e12c2 LP	186	bool ignore_sigpipe;
353e12c2 LP	187
61233823	188	/* Since resolving these names might involve socket
5cb5a6ff	189	* connections and we don't want to deadlock ourselves these
94f04347 LP	190	* names are resolved on execution only and in the child
94f04347 LP	191	* process. */
5cb5a6ff LP	192	char *user;
	193	char *group;
	194	char **supplementary_groups;
9d58f1db	195
5b6319dc LP	196	char *pam_name;
5b6319dc LP	197
169c1bda	198	char *utmp_id;
023a4f67	199	ExecUtmpMode utmp_mode;
169c1bda	200
5f8640fb	201	bool selinux_context_ignore;
7b52a628 MS	202	char *selinux_context;
7b52a628 MS	203
eef65bf3 MS	204	bool apparmor_profile_ignore;
	205	char *apparmor_profile;
	206
2ca620c4 WC	207	bool smack_process_label_ignore;
	208	char *smack_process_label;
	209
b1edf445 LP	210	ExecKeyringMode keyring_mode;
b1edf445 LP	211
2a624c36	212	char read_write_paths, read_only_paths, **inaccessible_paths;
15ae422b	213	unsigned long mount_flags;
d2d6c096 LP	214	BindMount *bind_mounts;
d2d6c096 LP	215	unsigned n_bind_mounts;
15ae422b	216
a103496c	217	uint64_t capability_bounding_set;
755d4b67	218	uint64_t capability_ambient_set;
9d58f1db LP	219	int secure_bits;
9d58f1db LP	220
7fab9d01 LP	221	int syslog_priority;
	222	char *syslog_identifier;
	223	bool syslog_level_prefix;
	224
d3070fbd LP	225	int log_level_max;
	226
	227	struct iovec* log_extra_fields;
	228	size_t n_log_extra_fields;
	229
9d58f1db LP	230	bool cpu_sched_reset_on_fork;
9d58f1db LP	231	bool non_blocking;
15ae422b	232	bool private_tmp;
ff01d048	233	bool private_network;
7f112f50	234	bool private_devices;
d251207d	235	bool private_users;
1b8689f9 LP	236	ProtectSystem protect_system;
1b8689f9 LP	237	ProtectHome protect_home;
59eeb84b	238	bool protect_kernel_tunables;
502d704e	239	bool protect_kernel_modules;
59eeb84b	240	bool protect_control_groups;
5d997827	241	bool mount_apivfs;
9d58f1db	242
8351ceae LP	243	bool no_new_privileges;
8351ceae LP	244
29206d46	245	bool dynamic_user;
00d9ef85	246	bool remove_ipc;
29206d46	247
9d58f1db LP	248	/* This is not exposed to the user but available
9d58f1db LP	249	* internally. We need it to make sure that whenever we spawn
f00929ad	250	* /usr/bin/mount it is run in the same process group as us so
9d58f1db LP	251	* that the autofs logic detects that it belongs to us and we
9d58f1db LP	252	* don't enter a trigger loop. */
74922904	253	bool same_pgrp;
2e22afe9	254
ac45f971	255	unsigned long personality;
78e864e5	256	bool lock_personality;
ac45f971	257
add00535 LP	258	unsigned long restrict_namespaces; /* The CLONE_NEWxyz flags permitted to the unit's processes */
add00535 LP	259
8cfa775f	260	Hashmap *syscall_filter;
57183d11	261	Set *syscall_archs;
17df7223 LP	262	int syscall_errno;
17df7223 LP	263	bool syscall_whitelist:1;
8351ceae	264
4298d0b5 LP	265	Set *address_families;
	266	bool address_families_whitelist:1;
	267
53f47dfc	268	ExecPreserveMode runtime_directory_preserve_mode;
72fd1768	269	ExecDirectory directories[_EXEC_DIRECTORY_TYPE_MAX];
e66cf1a3	270
f4170c67 LP	271	bool memory_deny_write_execute;
	272	bool restrict_realtime;
	273
dd6c17b1	274	bool oom_score_adjust_set:1;
7fab9d01 LP	275	bool nice_set:1;
	276	bool ioprio_set:1;
	277	bool cpu_sched_set:1;
5cb5a6ff LP	278	};
5cb5a6ff LP	279
add00535 LP	280	static inline bool exec_context_restrict_namespaces_set(const ExecContext *c) {
	281	assert(c);
	282
	283	return (c->restrict_namespaces & NAMESPACE_FLAGS_ALL) != NAMESPACE_FLAGS_ALL;
	284	}
	285
c39f1ce2	286	typedef enum ExecFlags {
1703fa41	287	EXEC_APPLY_SANDBOXING = 1U << 0,
7d5ceb64 FB	288	EXEC_APPLY_CHROOT = 1U << 1,
7d5ceb64 FB	289	EXEC_APPLY_TTY_STDIN = 1U << 2,
74dd6b51	290	EXEC_NEW_KEYRING = 1U << 3,
af635cf3	291	EXEC_PASS_LOG_UNIT = 1U << 4, /* Whether to pass the unit name to the service's journal stream connection */
8679efde	292	EXEC_CHOWN_DIRECTORIES = 1U << 5, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */
ac647978	293	EXEC_NSS_BYPASS_BUS = 1U << 6, /* Set the SYSTEMD_NSS_BYPASS_BUS environment variable, to disable nss-systemd for dbus */
584b8688	294	EXEC_CGROUP_DELEGATE = 1U << 7,
c39f1ce2	295
9c1a61ad	296	/* The following are not used by execute.c, but by consumers internally */
584b8688 LP	297	EXEC_PASS_FDS = 1U << 8,
	298	EXEC_IS_CONTROL = 1U << 9,
	299	EXEC_SETENV_RESULT = 1U << 10,
	300	EXEC_SET_WATCHDOG = 1U << 11,
c39f1ce2 LP	301	} ExecFlags;
c39f1ce2 LP	302
9fa95f85 DM	303	struct ExecParameters {
9fa95f85 DM	304	char **argv;
a34ceba6	305	char **environment;
8dd4c05b LP	306
	307	int *fds;
	308	char **fd_names;
4c47affc	309	unsigned n_storage_fds;
9b141911	310	unsigned n_socket_fds;
8dd4c05b	311
c39f1ce2	312	ExecFlags flags;
a34ceba6	313	bool selinux_context_net:1;
8dd4c05b	314
efdb0237	315	CGroupMask cgroup_supported;
9fa95f85	316	const char *cgroup_path;
8dd4c05b	317
3536f49e	318	char **prefix;
8dd4c05b	319
7d5ceb64 FB	320	const char *confirm_spawn;
7d5ceb64 FB	321
9fa95f85	322	usec_t watchdog_usec;
8dd4c05b	323
9fa95f85	324	int *idle_pipe;
8dd4c05b	325
a34ceba6 LP	326	int stdin_fd;
	327	int stdout_fd;
	328	int stderr_fd;
9fa95f85 DM	329	};
9fa95f85 DM	330
9ce93478	331	#include "unit.h"
29206d46	332	#include "dynamic-user.h"
9ce93478	333
f2341e0a LP	334	int exec_spawn(Unit *unit,
f2341e0a LP	335	ExecCommand *command,
9fa95f85 DM	336	const ExecContext *context,
9fa95f85 DM	337	const ExecParameters *exec_params,
613b411c	338	ExecRuntime *runtime,
29206d46	339	DynamicCreds *dynamic_creds,
81a2b7ce	340	pid_t *ret);
5cb5a6ff	341
43d0fcbd LP	342	void exec_command_done(ExecCommand *c);
	343	void exec_command_done_array(ExecCommand *c, unsigned n);
	344
f1acf85a	345	ExecCommand* exec_command_free_list(ExecCommand *c);
034c6ed7	346	void exec_command_free_array(ExecCommand **c, unsigned n);
5cb5a6ff	347
9e2f7c11 LP	348	char exec_command_line(char *argv);
9e2f7c11 LP	349
44d8db9e LP	350	void exec_command_dump(ExecCommand c, FILE f, const char *prefix);
44d8db9e LP	351	void exec_command_dump_list(ExecCommand c, FILE f, const char *prefix);
a6a80b4f	352	void exec_command_append_list(ExecCommand *l, ExecCommand e);
26fd040d	353	int exec_command_set(ExecCommand c, const char path, ...);
86b23b07	354	int exec_command_append(ExecCommand c, const char path, ...);
44d8db9e	355
034c6ed7	356	void exec_context_init(ExecContext *c);
613b411c	357	void exec_context_done(ExecContext *c);
5cb5a6ff LP	358	void exec_context_dump(ExecContext c, FILE f, const char *prefix);
5cb5a6ff LP	359
e66cf1a3 LP	360	int exec_context_destroy_runtime_directory(ExecContext c, const char runtime_root);
e66cf1a3 LP	361
f2341e0a	362	int exec_context_load_environment(Unit unit, const ExecContext c, char ***l);
52c239d7 LB	363	int exec_context_named_iofds(Unit unit, const ExecContext c, const ExecParameters *p, int named_iofds[3]);
52c239d7 LB	364	const char* exec_context_fdname(const ExecContext *c, int fd_index);
8c7be95e	365
6ac8fdc9	366	bool exec_context_may_touch_console(ExecContext *c);
a931ad47	367	bool exec_context_maintains_privileges(ExecContext *c);
6ac8fdc9	368
7f452159 LP	369	int exec_context_get_effective_ioprio(ExecContext *c);
7f452159 LP	370
d3070fbd LP	371	void exec_context_free_log_extra_fields(ExecContext *c);
d3070fbd LP	372
b58b4116	373	void exec_status_start(ExecStatus *s, pid_t pid);
6ea832a2	374	void exec_status_exit(ExecStatus s, ExecContext context, pid_t pid, int code, int status);
9fb86720	375	void exec_status_dump(ExecStatus s, FILE f, const char *prefix);
5cb5a6ff	376
613b411c LP	377	int exec_runtime_make(ExecRuntime *rt, ExecContext c, const char *id);
	378	ExecRuntime exec_runtime_ref(ExecRuntime r);
	379	ExecRuntime exec_runtime_unref(ExecRuntime r);
	380
f2341e0a LP	381	int exec_runtime_serialize(Unit unit, ExecRuntime rt, FILE f, FDSet fds);
f2341e0a LP	382	int exec_runtime_deserialize_item(Unit unit, ExecRuntime rt, const char key, const char value, FDSet fds);
613b411c LP	383
	384	void exec_runtime_destroy(ExecRuntime *rt);
	385
44a6b1b6 ZJS	386	const char* exec_output_to_string(ExecOutput i) _const_;
44a6b1b6 ZJS	387	ExecOutput exec_output_from_string(const char *s) _pure_;
94f04347	388
44a6b1b6 ZJS	389	const char* exec_input_to_string(ExecInput i) _const_;
44a6b1b6 ZJS	390	ExecInput exec_input_from_string(const char *s) _pure_;
023a4f67 LP	391
	392	const char* exec_utmp_mode_to_string(ExecUtmpMode i) _const_;
	393	ExecUtmpMode exec_utmp_mode_from_string(const char *s) _pure_;
53f47dfc YW	394
	395	const char* exec_preserve_mode_to_string(ExecPreserveMode i) _const_;
	396	ExecPreserveMode exec_preserve_mode_from_string(const char *s) _pure_;
3536f49e	397
b1edf445 LP	398	const char* exec_keyring_mode_to_string(ExecKeyringMode i) _const_;
	399	ExecKeyringMode exec_keyring_mode_from_string(const char *s) _pure_;
	400
3536f49e YW	401	const char* exec_directory_type_to_string(ExecDirectoryType i) _const_;
3536f49e YW	402	ExecDirectoryType exec_directory_type_from_string(const char *s) _pure_;