]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/load-fragment.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
core: rename credential.[ch] -> exec-credential.[ch]
[thirdparty/systemd.git] / src / core / load-fragment.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
a7334b09 2/***
96b2fb93 3 Copyright © 2012 Holger Hans Peter Freyther
a7334b09
LP		 4***/
5
3efd4195 6#include <errno.h>
87f0e418 7#include <fcntl.h>
25e870b5 8#include <linux/fs.h>
5f5d8eab
LP		 9#include <linux/oom.h>
10#include <sched.h>
3d57c6ab 11#include <sys/resource.h>
3efd4195 12
bed0b7df
LP		 13#include "sd-messages.h"
14
5f5d8eab 15#include "af-list.h"
57b7a260 16#include "all-units.h"
786d19fd 17#include "alloc-util.h"
fab34748 18#include "bpf-firewall.h"
e59ccd03 19#include "bpf-lsm.h"
0879da98 20#include "bpf-program.h"
cd09a5f3 21#include "bpf-socket-bind.h"
5f5d8eab
LP		 22#include "bus-error.h"
23#include "bus-internal.h"
24#include "bus-util.h"
25#include "cap-list.h"
a103496c 26#include "capability-util.h"
fdb3deca 27#include "cgroup-setup.h"
3efd4195 28#include "conf-parser.h"
e30bbc90 29#include "core-varlink.h"
618234a5 30#include "cpu-set-util.h"
786d19fd 31#include "creds-util.h"
5f5d8eab
LP		 32#include "env-util.h"
33#include "errno-list.h"
4f5dd394 34#include "escape.h"
43962c30 35#include "exec-credential.h"
3ffd4af2 36#include "fd-util.h"
0389f4fa 37#include "fileio.h"
f4f15635 38#include "fs-util.h"
08f3be7a 39#include "hexdecoct.h"
d3070fbd 40#include "io-util.h"
032b3afb 41#include "ioprio-util.h"
da96ad5a 42#include "ip-protocol-list.h"
adce225a 43#include "journal-file.h"
eefc66aa 44#include "limits-util.h"
3ffd4af2 45#include "load-fragment.h"
5f5d8eab 46#include "log.h"
5bead76e 47#include "missing_ioprio.h"
049af8ad 48#include "mountpoint-util.h"
d8b4d14d 49#include "nulstr-util.h"
cd48e23f 50#include "open-file.h"
c3eaba2d 51#include "parse-helpers.h"
6bedfcbb 52#include "parse-util.h"
9eb977db 53#include "path-util.h"
523ea123 54#include "pcre2-util.h"
ed5033fd 55#include "percent-util.h"
7b3e062c 56#include "process-util.h"
57183d11 57#include "seccomp-util.h"
07d46372 58#include "securebits-util.h"
23e9a7dd 59#include "selinux-util.h"
5f5d8eab 60#include "signal-util.h"
5c3fa98d 61#include "socket-netlink.h"
46a9ee5d 62#include "specifier.h"
8fcde012 63#include "stat-util.h"
07630cea 64#include "string-util.h"
5f5d8eab 65#include "strv.h"
91dd5f7c
LP		 66#include "syslog-util.h"
67#include "time-util.h"
5f5d8eab
LP		 68#include "unit-name.h"
69#include "unit-printf.h"
66dccd8d 70#include "user-util.h"
bb0c0d6f 71#include "utf8.h"
49cf4170 72#include "web-util.h"
57183d11 73
d2b42d63 74static int parse_socket_protocol(const char *s) {
53577580
YW		 75 int r;
76
d2b42d63 77 r = parse_ip_protocol(s);
53577580 78 if (r < 0)
acf4d158 79 return r;
53577580
YW		 80 if (!IN_SET(r, IPPROTO_UDPLITE, IPPROTO_SCTP))
81 return -EPROTONOSUPPORT;
82
83 return r;
84}
85
a07a7324
FS		 86int parse_crash_chvt(const char *value, int *data) {
87 int b;
88
89 if (safe_atoi(value, data) >= 0)
90 return 0;
91
92 b = parse_boolean(value);
93 if (b < 0)
94 return b;
95
96 if (b > 0)
97 *data = 0; /* switch to where kmsg goes */
98 else
99 *data = -1; /* turn off switching */
100
101 return 0;
102}
103
104int parse_confirm_spawn(const char *value, char **console) {
105 char *s;
106 int r;
107
108 r = value ? parse_boolean(value) : 1;
109 if (r == 0) {
110 *console = NULL;
111 return 0;
4a8daee7 112 } else if (r > 0) /* on with default tty */
a07a7324
FS		 113 s = strdup("/dev/console");
114 else if (is_path(value)) /* on with fully qualified path */
115 s = strdup(value);
116 else /* on with only a tty file name, not a fully qualified path */
4a8daee7 117 s = path_join("/dev/", value);
a07a7324
FS		 118 if (!s)
119 return -ENOMEM;
120
121 *console = s;
122 return 0;
123}
124
d2b42d63 125DEFINE_CONFIG_PARSE(config_parse_socket_protocol, parse_socket_protocol, "Failed to parse socket protocol");
53577580 126DEFINE_CONFIG_PARSE(config_parse_exec_secure_bits, secure_bits_from_string, "Failed to parse secure bits");
5afe510c 127DEFINE_CONFIG_PARSE_ENUM(config_parse_collect_mode, collect_mode, CollectMode, "Failed to parse garbage collection mode");
53577580 128DEFINE_CONFIG_PARSE_ENUM(config_parse_device_policy, cgroup_device_policy, CGroupDevicePolicy, "Failed to parse device policy");
53577580 129DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_keyring_mode, exec_keyring_mode, ExecKeyringMode, "Failed to parse keyring mode");
4e399953
LP		 130DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_proc, protect_proc, ProtectProc, "Failed to parse /proc/ protection mode");
131DEFINE_CONFIG_PARSE_ENUM(config_parse_proc_subset, proc_subset, ProcSubset, "Failed to parse /proc/ subset mode");
53577580
YW		 132DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_utmp_mode, exec_utmp_mode, ExecUtmpMode, "Failed to parse utmp mode");
133DEFINE_CONFIG_PARSE_ENUM(config_parse_job_mode, job_mode, JobMode, "Failed to parse job mode");
53577580 134DEFINE_CONFIG_PARSE_ENUM(config_parse_notify_access, notify_access, NotifyAccess, "Failed to parse notify access specifier");
1e8c7bd5
YW		 135DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_home, protect_home, ProtectHome, "Failed to parse protect home value");
136DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_system, protect_system, ProtectSystem, "Failed to parse protect system value");
b9c1883a 137DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_preserve_mode, exec_preserve_mode, ExecPreserveMode, "Failed to parse resource preserve mode");
53577580 138DEFINE_CONFIG_PARSE_ENUM(config_parse_service_type, service_type, ServiceType, "Failed to parse service type");
596e4470 139DEFINE_CONFIG_PARSE_ENUM(config_parse_service_exit_type, service_exit_type, ServiceExitType, "Failed to parse service exit type");
53577580 140DEFINE_CONFIG_PARSE_ENUM(config_parse_service_restart, service_restart, ServiceRestart, "Failed to parse service restart specifier");
e568fea9 141DEFINE_CONFIG_PARSE_ENUM(config_parse_service_restart_mode, service_restart_mode, ServiceRestartMode, "Failed to parse service restart mode");
bf760801 142DEFINE_CONFIG_PARSE_ENUM(config_parse_service_timeout_failure_mode, service_timeout_failure_mode, ServiceTimeoutFailureMode, "Failed to parse timeout failure mode");
53577580 143DEFINE_CONFIG_PARSE_ENUM(config_parse_socket_bind, socket_address_bind_ipv6_only_or_bool, SocketAddressBindIPv6Only, "Failed to parse bind IPv6 only value");
afcfaa69 144DEFINE_CONFIG_PARSE_ENUM(config_parse_oom_policy, oom_policy, OOMPolicy, "Failed to parse OOM policy");
4e806bfa 145DEFINE_CONFIG_PARSE_ENUM(config_parse_managed_oom_preference, managed_oom_preference, ManagedOOMPreference, "Failed to parse ManagedOOMPreference=");
054749e4 146DEFINE_CONFIG_PARSE_ENUM(config_parse_memory_pressure_watch, cgroup_pressure_watch, CGroupPressureWatch, "Failed to parse memory pressure watch setting");
53577580
YW		 147DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_ip_tos, ip_tos, int, -1, "Failed to parse IP TOS value");
148DEFINE_CONFIG_PARSE_PTR(config_parse_blockio_weight, cg_blkio_weight_parse, uint64_t, "Invalid block IO weight");
149DEFINE_CONFIG_PARSE_PTR(config_parse_cg_weight, cg_weight_parse, uint64_t, "Invalid weight");
c8340822 150DEFINE_CONFIG_PARSE_PTR(config_parse_cg_cpu_weight, cg_cpu_weight_parse, uint64_t, "Invalid CPU weight");
c1e701e2 151static DEFINE_CONFIG_PARSE_PTR(config_parse_cpu_shares_internal, cg_cpu_shares_parse, uint64_t, "Invalid CPU shares");
874cdcbc 152DEFINE_CONFIG_PARSE_PTR(config_parse_exec_mount_propagation_flag, mount_propagation_flag_from_string, unsigned long, "Failed to parse mount propagation flag");
b070c7c0 153DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_numa_policy, mpol, int, -1, "Invalid NUMA policy type");
6327aa9f 154DEFINE_CONFIG_PARSE_ENUM(config_parse_status_unit_format, status_unit_format, StatusUnitFormat, "Failed to parse status unit format");
9b191525 155DEFINE_CONFIG_PARSE_ENUM_FULL(config_parse_socket_timestamping, socket_timestamping_from_string_harder, SocketTimestamping, "Failed to parse timestamping precision");
5afe510c 156
c1e701e2
LP		 157int config_parse_cpu_shares(
158 const char *unit,
159 const char *filename,
160 unsigned line,
161 const char *section,
162 unsigned section_line,
163 const char *lvalue,
164 int ltype,
165 const char *rvalue,
166 void *data,
167 void *userdata) {
168
169 assert(filename);
170 assert(lvalue);
171 assert(rvalue);
172
173
174 log_syntax(unit, LOG_WARNING, filename, line, 0,
175 "Unit uses %s=; please use CPUWeight= instead. Support for %s= will be removed soon.",
176 lvalue, lvalue);
177
178 return config_parse_cpu_shares_internal(unit, filename, line, section, section_line, lvalue, ltype, rvalue, data, userdata);
179}
180
88022148
DDM		 181bool contains_instance_specifier_superset(const char *s) {
182 const char *p, *q;
183 bool percent = false;
184
185 assert(s);
186
187 p = strchr(s, '@');
188 if (!p)
189 return false;
190
191 p++; /* Skip '@' */
192
193 q = strrchr(p, '.');
194 if (!q)
195 q = p + strlen(p);
196
197 /* If the string is just the instance specifier, it's not a superset of the instance. */
198 if (memcmp_nn(p, q - p, "%i", strlen("%i")) == 0)
199 return false;
200
201 /* %i, %n and %N all expand to the instance or a superset of it. */
24aaf6c6 202 for (; p < q; p++)
88022148
DDM		 203 if (*p == '%')
204 percent = !percent;
205 else if (percent) {
206 if (IN_SET(*p, 'n', 'N', 'i'))
207 return true;
208 percent = false;
209 }
88022148
DDM		 210
211 return false;
212}
213
214/* `name` is the rendered version of `format` via `unit_printf` or similar functions. */
215int unit_is_likely_recursive_template_dependency(Unit *u, const char *name, const char *format) {
216 const char *fragment_path;
217 int r;
218
219 assert(u);
220 assert(name);
221
222 /* If a template unit has a direct dependency on itself that includes the unit instance as part of
223 * the template instance via a unit specifier (%i, %n or %N), this will almost certainly lead to
224 * infinite recursion as systemd will keep instantiating new instances of the template unit.
225 * https://github.com/systemd/systemd/issues/17602 shows a good example of how this can happen in
226 * practice. To guard against this, we check for templates that depend on themselves and have the
227 * instantiated unit instance included as part of the template instance of the dependency via a
228 * specifier.
229 *
230 * For example, if systemd-notify@.service depends on systemd-notify@%n.service, this will result in
231 * infinite recursion.
232 */
233
234 if (!unit_name_is_valid(name, UNIT_NAME_INSTANCE))
235 return false;
236
237 if (!unit_name_prefix_equal(u->id, name))
238 return false;
239
240 if (u->type != unit_name_to_type(name))
241 return false;
242
243 r = unit_file_find_fragment(u->manager->unit_id_map, u->manager->unit_name_map, name, &fragment_path, NULL);
244 if (r < 0)
245 return r;
246
247 /* Fragment paths should also be equal as a custom fragment for a specific template instance
248 * wouldn't necessarily lead to infinite recursion. */
249 if (!path_equal_ptr(u->fragment_path, fragment_path))
250 return false;
251
252 if (!contains_instance_specifier_superset(format))
253 return false;
254
255 return true;
256}
257
f32b43bd
LP		 258int config_parse_unit_deps(
259 const char *unit,
260 const char *filename,
261 unsigned line,
262 const char *section,
263 unsigned section_line,
264 const char *lvalue,
265 int ltype,
266 const char *rvalue,
267 void *data,
268 void *userdata) {
3efd4195 269
f975e971 270 UnitDependency d = ltype;
87f0e418 271 Unit *u = userdata;
3efd4195
LP		 272
273 assert(filename);
274 assert(lvalue);
275 assert(rvalue);
3efd4195 276
323dda78 277 for (const char *p = rvalue;;) {
3d793d29 278 _cleanup_free_ char *word = NULL, *k = NULL;
3efd4195 279 int r;
3efd4195 280
c89f52ac 281 r = extract_first_word(&p, &word, NULL, EXTRACT_RETAIN_ESCAPE);
3d793d29 282 if (r == 0)
323dda78 283 return 0;
3d793d29 284 if (r == -ENOMEM)
74051b9b 285 return log_oom();
3d793d29 286 if (r < 0) {
323dda78
YW		 287 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
288 return 0;
3d793d29 289 }
3efd4195 290
3d793d29 291 r = unit_name_printf(u, word, &k);
19f6d710 292 if (r < 0) {
323dda78 293 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
19f6d710
LP		 294 continue;
295 }
9e2f7c11 296
88022148
DDM		 297 r = unit_is_likely_recursive_template_dependency(u, k, word);
298 if (r < 0) {
299 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to determine if '%s' is a recursive dependency, ignoring: %m", k);
300 continue;
301 }
302 if (r > 0) {
303 log_syntax(unit, LOG_DEBUG, filename, line, 0,
304 "Dropping dependency %s=%s that likely leads to infinite recursion.",
305 unit_dependency_to_string(d), word);
306 continue;
307 }
308
35d8c19a 309 r = unit_add_dependency_by_name(u, d, k, true, UNIT_DEPENDENCY_FILE);
57020a3a 310 if (r < 0)
323dda78 311 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
3efd4195 312 }
3efd4195
LP		 313}
314
f32b43bd
LP		 315int config_parse_obsolete_unit_deps(
316 const char *unit,
317 const char *filename,
318 unsigned line,
319 const char *section,
320 unsigned section_line,
321 const char *lvalue,
322 int ltype,
323 const char *rvalue,
324 void *data,
325 void *userdata) {
326
327 log_syntax(unit, LOG_WARNING, filename, line, 0,
328 "Unit dependency type %s= is obsolete, replacing by %s=, please update your unit file", lvalue, unit_dependency_to_string(ltype));
329
330 return config_parse_unit_deps(unit, filename, line, section, section_line, lvalue, ltype, rvalue, data, userdata);
331}
332
b02cb41c
LP		 333int config_parse_unit_string_printf(
334 const char *unit,
335 const char *filename,
336 unsigned line,
337 const char *section,
338 unsigned section_line,
339 const char *lvalue,
340 int ltype,
341 const char *rvalue,
342 void *data,
343 void *userdata) {
932921b5 344
74051b9b 345 _cleanup_free_ char *k = NULL;
99534007 346 const Unit *u = ASSERT_PTR(userdata);
19f6d710 347 int r;
932921b5
LP		 348
349 assert(filename);
350 assert(lvalue);
351 assert(rvalue);
932921b5 352
19f6d710 353 r = unit_full_printf(u, rvalue, &k);
b02cb41c 354 if (r < 0) {
323dda78 355 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
b02cb41c
LP		 356 return 0;
357 }
932921b5 358
b02cb41c 359 return config_parse_string(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
932921b5
LP		 360}
361
12ca818f
LP		 362int config_parse_unit_strv_printf(
363 const char *unit,
364 const char *filename,
365 unsigned line,
366 const char *section,
367 unsigned section_line,
368 const char *lvalue,
369 int ltype,
370 const char *rvalue,
371 void *data,
372 void *userdata) {
8fef7659 373
99534007 374 const Unit *u = ASSERT_PTR(userdata);
74051b9b 375 _cleanup_free_ char *k = NULL;
19f6d710 376 int r;
8fef7659
LP		 377
378 assert(filename);
379 assert(lvalue);
380 assert(rvalue);
8fef7659 381
19f6d710 382 r = unit_full_printf(u, rvalue, &k);
12ca818f 383 if (r < 0) {
323dda78 384 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
12ca818f
LP		 385 return 0;
386 }
8fef7659 387
12ca818f 388 return config_parse_strv(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
8fef7659
LP		 389}
390
5f5d8eab
LP		 391int config_parse_unit_path_printf(
392 const char *unit,
393 const char *filename,
394 unsigned line,
395 const char *section,
396 unsigned section_line,
397 const char *lvalue,
398 int ltype,
399 const char *rvalue,
400 void *data,
401 void *userdata) {
6ea832a2 402
74051b9b 403 _cleanup_free_ char *k = NULL;
99534007 404 const Unit *u = ASSERT_PTR(userdata);
19f6d710 405 int r;
2c75fb73 406 bool fatal = ltype;
6ea832a2
LP		 407
408 assert(filename);
409 assert(lvalue);
410 assert(rvalue);
6ea832a2 411
06536492 412 r = unit_path_printf(u, rvalue, &k);
811ba7a0 413 if (r < 0) {
323dda78 414 log_syntax(unit, fatal ? LOG_ERR : LOG_WARNING, filename, line, r,
063c4b1a 415 "Failed to resolve unit specifiers in '%s'%s: %m",
e3c3d676 416 rvalue, fatal ? "" : ", ignoring");
2c75fb73 417 return fatal ? -ENOEXEC : 0;
811ba7a0 418 }
6ea832a2 419
811ba7a0
LP		 420 return config_parse_path(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
421}
422
8c35c10d 423int config_parse_colon_separated_paths(
424 const char *unit,
425 const char *filename,
426 unsigned line,
427 const char *section,
428 unsigned section_line,
429 const char *lvalue,
430 int ltype,
431 const char *rvalue,
432 void *data,
433 void *userdata) {
99534007 434 char ***sv = ASSERT_PTR(data);
8c35c10d 435 const Unit *u = userdata;
436 int r;
437
438 assert(filename);
439 assert(lvalue);
440 assert(rvalue);
8c35c10d 441
442 if (isempty(rvalue)) {
443 /* Empty assignment resets the list */
444 *sv = strv_free(*sv);
445 return 0;
446 }
447
448 for (const char *p = rvalue;;) {
449 _cleanup_free_ char *word = NULL, *k = NULL;
450
451 r = extract_first_word(&p, &word, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
452 if (r == -ENOMEM)
453 return log_oom();
454 if (r < 0) {
455 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract first word, ignoring: %s", rvalue);
456 return 0;
457 }
458 if (r == 0)
459 break;
460
461 r = unit_path_printf(u, word, &k);
462 if (r < 0) {
463 log_syntax(unit, LOG_WARNING, filename, line, r,
464 "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
465 return 0;
466 }
467
468 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
469 if (r < 0)
470 return 0;
471
472 r = strv_consume(sv, TAKE_PTR(k));
473 if (r < 0)
474 return log_oom();
475 }
476
477 return 0;
478}
479
811ba7a0
LP		 480int config_parse_unit_path_strv_printf(
481 const char *unit,
482 const char *filename,
483 unsigned line,
484 const char *section,
485 unsigned section_line,
486 const char *lvalue,
487 int ltype,
488 const char *rvalue,
489 void *data,
490 void *userdata) {
491
a2a5291b 492 char ***x = data;
99534007 493 const Unit *u = ASSERT_PTR(userdata);
811ba7a0
LP		 494 int r;
495
496 assert(filename);
497 assert(lvalue);
498 assert(rvalue);
811ba7a0 499
499295fb 500 if (isempty(rvalue)) {
9f2d41a6 501 *x = strv_free(*x);
499295fb
YW		 502 return 0;
503 }
504
323dda78 505 for (const char *p = rvalue;;) {
035fe294 506 _cleanup_free_ char *word = NULL, *k = NULL;
811ba7a0 507
4ec85141 508 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
035fe294
ZJS		 509 if (r == 0)
510 return 0;
511 if (r == -ENOMEM)
512 return log_oom();
513 if (r < 0) {
514 log_syntax(unit, LOG_WARNING, filename, line, r,
515 "Invalid syntax, ignoring: %s", rvalue);
516 return 0;
517 }
811ba7a0 518
06536492 519 r = unit_path_printf(u, word, &k);
811ba7a0 520 if (r < 0) {
323dda78 521 log_syntax(unit, LOG_WARNING, filename, line, r,
063c4b1a 522 "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
811ba7a0
LP		 523 return 0;
524 }
525
2f4d31c1
YW		 526 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
527 if (r < 0)
811ba7a0 528 return 0;
811ba7a0 529
7d2c9c6b 530 r = strv_consume(x, TAKE_PTR(k));
811ba7a0
LP		 531 if (r < 0)
532 return log_oom();
811ba7a0 533 }
6ea832a2
LP		 534}
535
4a66b5c9
LP		 536static int patch_var_run(
537 const char *unit,
538 const char *filename,
539 unsigned line,
540 const char *lvalue,
541 char **path) {
542
543 const char *e;
544 char *z;
545
546 e = path_startswith(*path, "/var/run/");
547 if (!e)
548 return 0;
549
550 z = path_join("/run/", e);
551 if (!z)
552 return log_oom();
553
554 log_syntax(unit, LOG_NOTICE, filename, line, 0,
555 "%s= references a path below legacy directory /var/run/, updating %s → %s; "
556 "please update the unit file accordingly.", lvalue, *path, z);
557
558 free_and_replace(*path, z);
559
560 return 1;
561}
562
563int config_parse_socket_listen(
564 const char *unit,
565 const char *filename,
566 unsigned line,
567 const char *section,
568 unsigned section_line,
569 const char *lvalue,
570 int ltype,
571 const char *rvalue,
572 void *data,
573 void *userdata) {
42f4e3c4 574
b1389b0d
ZJS		 575 _cleanup_free_ SocketPort *p = NULL;
576 SocketPort *tail;
542563ba 577 Socket *s;
19f6d710 578 int r;
16354eff 579
42f4e3c4
LP		 580 assert(filename);
581 assert(lvalue);
582 assert(rvalue);
583 assert(data);
584
595ed347 585 s = SOCKET(data);
542563ba 586
74051b9b
LP		 587 if (isempty(rvalue)) {
588 /* An empty assignment removes all ports */
589 socket_free_ports(s);
590 return 0;
591 }
592
7f110ff9
LP		 593 p = new0(SocketPort, 1);
594 if (!p)
74051b9b 595 return log_oom();
916abb21 596
74051b9b 597 if (ltype != SOCKET_SOCKET) {
2f4d31c1 598 _cleanup_free_ char *k = NULL;
916abb21 599
06536492 600 r = unit_path_printf(UNIT(s), rvalue, &k);
19f6d710 601 if (r < 0) {
323dda78 602 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
12ca818f 603 return 0;
916abb21
LP		 604 }
605
2f4d31c1
YW		 606 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
607 if (r < 0)
608 return 0;
609
4a66b5c9
LP		 610 if (ltype == SOCKET_FIFO) {
611 r = patch_var_run(unit, filename, line, lvalue, &k);
612 if (r < 0)
613 return r;
614 }
615
2f4d31c1
YW		 616 free_and_replace(p->path, k);
617 p->type = ltype;
916abb21 618
7a22745a 619 } else if (streq(lvalue, "ListenNetlink")) {
74051b9b 620 _cleanup_free_ char *k = NULL;
1fd45a90 621
06536492 622 r = unit_path_printf(UNIT(s), rvalue, &k);
12ca818f 623 if (r < 0) {
323dda78 624 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
12ca818f
LP		 625 return 0;
626 }
7a22745a 627
12ca818f 628 r = socket_address_parse_netlink(&p->address, k);
1fd45a90 629 if (r < 0) {
323dda78 630 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse address value in '%s', ignoring: %m", k);
7a22745a
LP		 631 return 0;
632 }
633
2f4d31c1
YW		 634 p->type = SOCKET_SOCKET;
635
542563ba 636 } else {
74051b9b 637 _cleanup_free_ char *k = NULL;
1fd45a90 638
06536492 639 r = unit_path_printf(UNIT(s), rvalue, &k);
12ca818f 640 if (r < 0) {
323dda78 641 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
12ca818f
LP		 642 return 0;
643 }
542563ba 644
4a66b5c9
LP		 645 if (k[0] == '/') { /* Only for AF_UNIX file system sockets… */
646 r = patch_var_run(unit, filename, line, lvalue, &k);
647 if (r < 0)
648 return r;
649 }
650
12ca818f 651 r = socket_address_parse_and_warn(&p->address, k);
1fd45a90 652 if (r < 0) {
f847b8b7 653 if (r != -EAFNOSUPPORT)
323dda78 654 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse address value in '%s', ignoring: %m", k);
c0b34696 655 return 0;
542563ba
LP		 656 }
657
658 if (streq(lvalue, "ListenStream"))
659 p->address.type = SOCK_STREAM;
660 else if (streq(lvalue, "ListenDatagram"))
661 p->address.type = SOCK_DGRAM;
662 else {
663 assert(streq(lvalue, "ListenSequentialPacket"));
664 p->address.type = SOCK_SEQPACKET;
665 }
666
618b3642 667 if (socket_address_family(&p->address) != AF_UNIX && p->address.type == SOCK_SEQPACKET) {
323dda78 668 log_syntax(unit, LOG_WARNING, filename, line, 0, "Address family not supported, ignoring: %s", rvalue);
c0b34696 669 return 0;
542563ba 670 }
2f4d31c1
YW		 671
672 p->type = SOCKET_SOCKET;
16354eff
LP		 673 }
674
254d1313 675 p->fd = -EBADF;
15087cdb
PS		 676 p->auxiliary_fds = NULL;
677 p->n_auxiliary_fds = 0;
2e41a51e 678 p->socket = s;
49f91047 679
cc232fa0 680 tail = LIST_FIND_TAIL(port, s->ports);
533f8a67
YW		 681 LIST_INSERT_AFTER(port, s->ports, tail, p);
682
b1389b0d 683 p = NULL;
542563ba 684
16354eff 685 return 0;
42f4e3c4
LP		 686}
687
41bf0590
LP		 688int config_parse_exec_nice(
689 const char *unit,
690 const char *filename,
691 unsigned line,
692 const char *section,
693 unsigned section_line,
694 const char *lvalue,
695 int ltype,
696 const char *rvalue,
697 void *data,
698 void *userdata) {
034c6ed7 699
99534007 700 ExecContext *c = ASSERT_PTR(data);
e8e581bf 701 int priority, r;
034c6ed7
LP		 702
703 assert(filename);
704 assert(lvalue);
705 assert(rvalue);
034c6ed7 706
de5e6038
YW		 707 if (isempty(rvalue)) {
708 c->nice_set = false;
709 return 0;
710 }
711
41bf0590 712 r = parse_nice(rvalue, &priority);
e8e581bf 713 if (r < 0) {
41bf0590 714 if (r == -ERANGE)
323dda78 715 log_syntax(unit, LOG_WARNING, filename, line, r, "Nice priority out of range, ignoring: %s", rvalue);
41bf0590 716 else
323dda78 717 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse nice priority '%s', ignoring: %m", rvalue);
c0b34696 718 return 0;
034c6ed7
LP		 719 }
720
fb33a393 721 c->nice = priority;
71155933 722 c->nice_set = true;
fb33a393 723
034c6ed7
LP		 724 return 0;
725}
726
e9eb2c02
LP		 727int config_parse_exec_oom_score_adjust(
728 const char* unit,
729 const char *filename,
730 unsigned line,
731 const char *section,
732 unsigned section_line,
733 const char *lvalue,
734 int ltype,
735 const char *rvalue,
736 void *data,
737 void *userdata) {
034c6ed7 738
99534007 739 ExecContext *c = ASSERT_PTR(data);
e8e581bf 740 int oa, r;
034c6ed7
LP		 741
742 assert(filename);
743 assert(lvalue);
744 assert(rvalue);
034c6ed7 745
e9eb2c02
LP		 746 if (isempty(rvalue)) {
747 c->oom_score_adjust_set = false;
c0b34696 748 return 0;
034c6ed7
LP		 749 }
750
e9eb2c02 751 r = parse_oom_score_adjust(rvalue, &oa);
e9eb2c02 752 if (r < 0) {
063c4b1a 753 if (r == -ERANGE)
323dda78 754 log_syntax(unit, LOG_WARNING, filename, line, r, "OOM score adjust value out of range, ignoring: %s", rvalue);
063c4b1a 755 else
323dda78 756 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse the OOM score adjust value '%s', ignoring: %m", rvalue);
c0b34696 757 return 0;
034c6ed7
LP		 758 }
759
dd6c17b1
LP		 760 c->oom_score_adjust = oa;
761 c->oom_score_adjust_set = true;
fb33a393 762
034c6ed7
LP		 763 return 0;
764}
765
ad21e542
ZJS		 766int config_parse_exec_coredump_filter(
767 const char* unit,
768 const char *filename,
769 unsigned line,
770 const char *section,
771 unsigned section_line,
772 const char *lvalue,
773 int ltype,
774 const char *rvalue,
775 void *data,
776 void *userdata) {
777
99534007 778 ExecContext *c = ASSERT_PTR(data);
ad21e542
ZJS		 779 int r;
780
781 assert(filename);
782 assert(lvalue);
783 assert(rvalue);
ad21e542
ZJS		 784
785 if (isempty(rvalue)) {
786 c->coredump_filter = 0;
787 c->coredump_filter_set = false;
788 return 0;
789 }
790
791 uint64_t f;
792 r = coredump_filter_mask_from_string(rvalue, &f);
793 if (r < 0) {
794 log_syntax(unit, LOG_WARNING, filename, line, r,
795 "Failed to parse the CoredumpFilter=%s, ignoring: %m", rvalue);
796 return 0;
797 }
798
799 c->coredump_filter |= f;
9c669abb 800 c->coredump_filter_set = true;
ad21e542
ZJS		 801 return 0;
802}
803
d068765b
LP		 804int config_parse_kill_mode(
805 const char* unit,
806 const char *filename,
807 unsigned line,
808 const char *section,
809 unsigned section_line,
810 const char *lvalue,
811 int ltype,
812 const char *rvalue,
813 void *data,
814 void *userdata) {
815
816 KillMode *k = data, m;
817
818 assert(filename);
819 assert(lvalue);
820 assert(rvalue);
821 assert(data);
822
823 if (isempty(rvalue)) {
824 *k = KILL_CONTROL_GROUP;
825 return 0;
826 }
827
828 m = kill_mode_from_string(rvalue);
829 if (m < 0) {
b98680b2 830 log_syntax(unit, LOG_WARNING, filename, line, m,
d068765b
LP		 831 "Failed to parse kill mode specification, ignoring: %s", rvalue);
832 return 0;
833 }
834
835 if (m == KILL_NONE)
836 log_syntax(unit, LOG_WARNING, filename, line, 0,
af9d5d50 837 "Unit uses KillMode=none. "
15e6a6e8 838 "This is unsafe, as it disables systemd's process lifecycle management for the service. "
af9d5d50 839 "Please update the service to use a safer KillMode=, such as 'mixed' or 'control-group'. "
d068765b
LP		 840 "Support for KillMode=none is deprecated and will eventually be removed.");
841
842 *k = m;
843 return 0;
844}
845
527b7a42
LP		 846int config_parse_exec(
847 const char *unit,
848 const char *filename,
849 unsigned line,
850 const char *section,
851 unsigned section_line,
852 const char *lvalue,
853 int ltype,
854 const char *rvalue,
855 void *data,
856 void *userdata) {
034c6ed7 857
99534007 858 ExecCommand **e = ASSERT_PTR(data);
47538b76 859 const Unit *u = userdata;
46a0d98a
FB		 860 const char *p;
861 bool semicolon;
7f110ff9 862 int r;
034c6ed7
LP		 863
864 assert(filename);
865 assert(lvalue);
866 assert(rvalue);
034c6ed7 867
74051b9b 868 e += ltype;
c83f1f30 869
74051b9b
LP		 870 if (isempty(rvalue)) {
871 /* An empty assignment resets the list */
f1acf85a 872 *e = exec_command_free_list(*e);
74051b9b
LP		 873 return 0;
874 }
875
bd1b973f 876 p = rvalue;
46a0d98a 877 do {
dea7b6b0 878 _cleanup_free_ char *path = NULL, *firstword = NULL;
165a31c0
LP		 879 ExecCommandFlags flags = 0;
880 bool ignore = false, separate_argv0 = false;
dea7b6b0 881 _cleanup_free_ ExecCommand *nce = NULL;
46a0d98a 882 _cleanup_strv_free_ char **n = NULL;
319a4f4b 883 size_t nlen = 0;
5125e762 884 const char *f;
6c666e26 885
46a0d98a
FB		 886 semicolon = false;
887
4ec85141 888 r = extract_first_word_and_warn(&p, &firstword, NULL, EXTRACT_UNQUOTE|EXTRACT_CUNESCAPE, unit, filename, line, rvalue);
46a0d98a
FB		 889 if (r <= 0)
890 return 0;
6c666e26 891
598c47c8
ZJS		 892 /* A lone ";" is a separator. Let's make sure we don't treat it as an executable name. */
893 if (streq(firstword, ";")) {
894 semicolon = true;
895 continue;
896 }
897
46a0d98a 898 f = firstword;
007f48bb 899 for (;;) {
165a31c0
LP		 900 /* We accept an absolute path as first argument. If it's prefixed with - and the path doesn't
901 * exist, we ignore it instead of erroring out; if it's prefixed with @, we allow overriding of
7ca69792
AZ		 902 * argv[0]; if it's prefixed with :, we will not do environment variable substitution;
903 * if it's prefixed with +, it will be run with full privileges and no sandboxing; if
165a31c0
LP		 904 * it's prefixed with '!' we apply sandboxing, but do not change user/group credentials; if
905 * it's prefixed with '!!', then we apply user/group credentials if the kernel supports ambient
906 * capabilities -- if it doesn't we don't apply the credentials themselves, but do apply most
907 * other sandboxing, with some special exceptions for changing UID.
908 *
909 * The idea is that '!!' may be used to write services that can take benefit of systemd's
910 * UID/GID dropping if the kernel supports ambient creds, but provide an automatic fallback to
911 * privilege dropping within the daemon if the kernel does not offer that. */
912
913 if (*f == '-' && !(flags & EXEC_COMMAND_IGNORE_FAILURE)) {
914 flags |= EXEC_COMMAND_IGNORE_FAILURE;
46a0d98a 915 ignore = true;
165a31c0 916 } else if (*f == '@' && !separate_argv0)
46a0d98a 917 separate_argv0 = true;
7ca69792
AZ		 918 else if (*f == ':' && !(flags & EXEC_COMMAND_NO_ENV_EXPAND))
919 flags |= EXEC_COMMAND_NO_ENV_EXPAND;
165a31c0
LP		 920 else if (*f == '+' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_NO_SETUID|EXEC_COMMAND_AMBIENT_MAGIC)))
921 flags |= EXEC_COMMAND_FULLY_PRIVILEGED;
922 else if (*f == '!' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_NO_SETUID|EXEC_COMMAND_AMBIENT_MAGIC)))
923 flags |= EXEC_COMMAND_NO_SETUID;
924 else if (*f == '!' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_AMBIENT_MAGIC))) {
925 flags &= ~EXEC_COMMAND_NO_SETUID;
926 flags |= EXEC_COMMAND_AMBIENT_MAGIC;
927 } else
46a0d98a 928 break;
313cefa1 929 f++;
61e5d8ed 930 }
46a0d98a 931
06536492 932 r = unit_path_printf(u, f, &path);
5125e762 933 if (r < 0) {
323dda78 934 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
063c4b1a 935 "Failed to resolve unit specifiers in '%s'%s: %m",
bb28e684
ZJS		 936 f, ignore ? ", ignoring" : "");
937 return ignore ? 0 : -ENOEXEC;
5125e762
LP		 938 }
939
940 if (isempty(path)) {
46a0d98a 941 /* First word is either "-" or "@" with no command. */
323dda78 942 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
063c4b1a 943 "Empty path in command line%s: '%s'",
bb28e684
ZJS		 944 ignore ? ", ignoring" : "", rvalue);
945 return ignore ? 0 : -ENOEXEC;
b2fadec6 946 }
5125e762 947 if (!string_is_safe(path)) {
323dda78 948 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
5008da1e
ZJS		 949 "Executable name contains special characters%s: %s",
950 ignore ? ", ignoring" : "", path);
bb28e684 951 return ignore ? 0 : -ENOEXEC;
46a0d98a 952 }
5125e762 953 if (endswith(path, "/")) {
323dda78 954 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
bb28e684 955 "Executable path specifies a directory%s: %s",
5008da1e 956 ignore ? ", ignoring" : "", path);
bb28e684 957 return ignore ? 0 : -ENOEXEC;
46a0d98a 958 }
61e5d8ed 959
108144ad 960 if (!(path_is_absolute(path) ? path_is_valid(path) : filename_is_valid(path))) {
9f71ba8d
ZJS		 961 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
962 "Neither a valid executable name nor an absolute path%s: %s",
963 ignore ? ", ignoring" : "", path);
964 return ignore ? 0 : -ENOEXEC;
5008da1e
ZJS		 965 }
966
46a0d98a 967 if (!separate_argv0) {
5125e762
LP		 968 char *w = NULL;
969
15092743 970 if (!GREEDY_REALLOC0(n, nlen + 2))
46a0d98a 971 return log_oom();
5125e762
LP		 972
973 w = strdup(path);
974 if (!w)
46a0d98a 975 return log_oom();
5125e762 976 n[nlen++] = w;
46a0d98a
FB		 977 n[nlen] = NULL;
978 }
7f110ff9 979
4ff361cc 980 path_simplify(path);
46a0d98a 981
4b1c1753 982 while (!isempty(p)) {
5125e762 983 _cleanup_free_ char *word = NULL, *resolved = NULL;
46a0d98a
FB		 984
985 /* Check explicitly for an unquoted semicolon as
986 * command separator token. */
987 if (p[0] == ';' && (!p[1] || strchr(WHITESPACE, p[1]))) {
313cefa1 988 p++;
46a0d98a
FB		 989 p += strspn(p, WHITESPACE);
990 semicolon = true;
991 break;
c8539536 992 }
7f110ff9 993
5125e762
LP		 994 /* Check for \; explicitly, to not confuse it with \\; or "\;" or "\\;" etc.
995 * extract_first_word() would return the same for all of those. */
46a0d98a 996 if (p[0] == '\\' && p[1] == ';' && (!p[2] || strchr(WHITESPACE, p[2]))) {
5125e762
LP		 997 char *w;
998
46a0d98a
FB		 999 p += 2;
1000 p += strspn(p, WHITESPACE);
5125e762 1001
15092743 1002 if (!GREEDY_REALLOC0(n, nlen + 2))
46a0d98a 1003 return log_oom();
5125e762
LP		 1004
1005 w = strdup(";");
1006 if (!w)
46a0d98a 1007 return log_oom();
5125e762 1008 n[nlen++] = w;
46a0d98a
FB		 1009 n[nlen] = NULL;
1010 continue;
61e5d8ed 1011 }
c8539536 1012
4ec85141 1013 r = extract_first_word_and_warn(&p, &word, NULL, EXTRACT_UNQUOTE|EXTRACT_CUNESCAPE, unit, filename, line, rvalue);
46a0d98a
FB		 1014 if (r == 0)
1015 break;
5125e762 1016 if (r < 0)
bb28e684 1017 return ignore ? 0 : -ENOEXEC;
5125e762 1018
58dd4999 1019 r = unit_full_printf(u, word, &resolved);
5125e762 1020 if (r < 0) {
323dda78 1021 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
063c4b1a 1022 "Failed to resolve unit specifiers in %s%s: %m",
bb28e684
ZJS		 1023 word, ignore ? ", ignoring" : "");
1024 return ignore ? 0 : -ENOEXEC;
5125e762 1025 }
46a0d98a 1026
319a4f4b 1027 if (!GREEDY_REALLOC(n, nlen + 2))
46a0d98a 1028 return log_oom();
1cc6c93a
YW		 1029
1030 n[nlen++] = TAKE_PTR(resolved);
46a0d98a 1031 n[nlen] = NULL;
61e5d8ed
LP		 1032 }
1033
46a0d98a 1034 if (!n || !n[0]) {
323dda78 1035 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
bb28e684
ZJS		 1036 "Empty executable name or zeroeth argument%s: %s",
1037 ignore ? ", ignoring" : "", rvalue);
1038 return ignore ? 0 : -ENOEXEC;
7f110ff9 1039 }
6c666e26 1040
7f110ff9 1041 nce = new0(ExecCommand, 1);
46a0d98a
FB		 1042 if (!nce)
1043 return log_oom();
61e5d8ed 1044
1cc6c93a
YW		 1045 nce->argv = TAKE_PTR(n);
1046 nce->path = TAKE_PTR(path);
165a31c0 1047 nce->flags = flags;
034c6ed7 1048
61e5d8ed 1049 exec_command_append_list(e, nce);
01f78473 1050
46a0d98a 1051 /* Do not _cleanup_free_ these. */
46a0d98a 1052 nce = NULL;
034c6ed7 1053
46a0d98a
FB		 1054 rvalue = p;
1055 } while (semicolon);
034c6ed7 1056
46a0d98a 1057 return 0;
034c6ed7
LP		 1058}
1059
d31645ad
LP		 1060int config_parse_socket_bindtodevice(
1061 const char* unit,
1062 const char *filename,
1063 unsigned line,
1064 const char *section,
1065 unsigned section_line,
1066 const char *lvalue,
1067 int ltype,
1068 const char *rvalue,
1069 void *data,
1070 void *userdata) {
acbb0225 1071
99534007 1072 Socket *s = ASSERT_PTR(data);
acbb0225
LP		 1073
1074 assert(filename);
1075 assert(lvalue);
1076 assert(rvalue);
acbb0225 1077
063c4b1a
YW		 1078 if (isempty(rvalue) || streq(rvalue, "*")) {
1079 s->bind_to_device = mfree(s->bind_to_device);
1080 return 0;
1081 }
d31645ad 1082
063c4b1a 1083 if (!ifname_valid(rvalue)) {
323dda78 1084 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid interface name, ignoring: %s", rvalue);
063c4b1a
YW		 1085 return 0;
1086 }
acbb0225 1087
b3f9c17a 1088 return free_and_strdup_warn(&s->bind_to_device, rvalue);
acbb0225
LP		 1089}
1090
9bd6a50e
LP		 1091int config_parse_exec_input(
1092 const char *unit,
1093 const char *filename,
1094 unsigned line,
1095 const char *section,
1096 unsigned section_line,
1097 const char *lvalue,
1098 int ltype,
1099 const char *rvalue,
1100 void *data,
1101 void *userdata) {
52c239d7 1102
99534007 1103 ExecContext *c = ASSERT_PTR(data);
47538b76 1104 const Unit *u = userdata;
2038c3f5
LP		 1105 const char *n;
1106 ExecInput ei;
52c239d7
LB		 1107 int r;
1108
52c239d7
LB		 1109 assert(filename);
1110 assert(line);
1111 assert(rvalue);
1112
2038c3f5
LP		 1113 n = startswith(rvalue, "fd:");
1114 if (n) {
1115 _cleanup_free_ char *resolved = NULL;
1116
06536492 1117 r = unit_fd_printf(u, n, &resolved);
323dda78
YW		 1118 if (r < 0) {
1119 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", n);
1120 return 0;
1121 }
2038c3f5
LP		 1122
1123 if (isempty(resolved))
1124 resolved = mfree(resolved);
1125 else if (!fdname_is_valid(resolved)) {
323dda78
YW		 1126 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid file descriptor name, ignoring: %s", resolved);
1127 return 0;
52c239d7 1128 }
9bd6a50e 1129
2038c3f5
LP		 1130 free_and_replace(c->stdio_fdname[STDIN_FILENO], resolved);
1131
1132 ei = EXEC_INPUT_NAMED_FD;
1133
1134 } else if ((n = startswith(rvalue, "file:"))) {
1135 _cleanup_free_ char *resolved = NULL;
1136
06536492 1137 r = unit_path_printf(u, n, &resolved);
323dda78
YW		 1138 if (r < 0) {
1139 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", n);
1140 return 0;
1141 }
9bd6a50e 1142
2f4d31c1
YW		 1143 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
1144 if (r < 0)
323dda78 1145 return 0;
2038c3f5
LP		 1146
1147 free_and_replace(c->stdio_file[STDIN_FILENO], resolved);
1148
1149 ei = EXEC_INPUT_FILE;
9bd6a50e 1150
52c239d7 1151 } else {
9bd6a50e
LP		 1152 ei = exec_input_from_string(rvalue);
1153 if (ei < 0) {
b98680b2 1154 log_syntax(unit, LOG_WARNING, filename, line, ei, "Failed to parse input specifier, ignoring: %s", rvalue);
9bd6a50e
LP		 1155 return 0;
1156 }
52c239d7 1157 }
9bd6a50e 1158
2038c3f5 1159 c->std_input = ei;
9bd6a50e 1160 return 0;
52c239d7
LB		 1161}
1162
08f3be7a
LP		 1163int config_parse_exec_input_text(
1164 const char *unit,
1165 const char *filename,
1166 unsigned line,
1167 const char *section,
1168 unsigned section_line,
1169 const char *lvalue,
1170 int ltype,
1171 const char *rvalue,
1172 void *data,
1173 void *userdata) {
1174
1175 _cleanup_free_ char *unescaped = NULL, *resolved = NULL;
99534007 1176 ExecContext *c = ASSERT_PTR(data);
47538b76 1177 const Unit *u = userdata;
08f3be7a
LP		 1178 int r;
1179
08f3be7a
LP		 1180 assert(filename);
1181 assert(line);
1182 assert(rvalue);
1183
1184 if (isempty(rvalue)) {
1185 /* Reset if the empty string is assigned */
1186 c->stdin_data = mfree(c->stdin_data);
1187 c->stdin_data_size = 0;
52c239d7
LB		 1188 return 0;
1189 }
08f3be7a 1190
e437538f
ZJS		 1191 ssize_t l = cunescape(rvalue, 0, &unescaped);
1192 if (l < 0) {
1193 log_syntax(unit, LOG_WARNING, filename, line, l,
323dda78
YW		 1194 "Failed to decode C escaped text '%s', ignoring: %m", rvalue);
1195 return 0;
1196 }
08f3be7a 1197
06536492 1198 r = unit_full_printf_full(u, unescaped, EXEC_STDIN_DATA_MAX, &resolved);
323dda78
YW		 1199 if (r < 0) {
1200 log_syntax(unit, LOG_WARNING, filename, line, r,
1201 "Failed to resolve unit specifiers in '%s', ignoring: %m", unescaped);
1202 return 0;
1203 }
08f3be7a 1204
e437538f 1205 size_t sz = strlen(resolved);
08f3be7a
LP		 1206 if (c->stdin_data_size + sz + 1 < c->stdin_data_size || /* check for overflow */
1207 c->stdin_data_size + sz + 1 > EXEC_STDIN_DATA_MAX) {
323dda78
YW		 1208 log_syntax(unit, LOG_WARNING, filename, line, 0,
1209 "Standard input data too large (%zu), maximum of %zu permitted, ignoring.",
1210 c->stdin_data_size + sz, (size_t) EXEC_STDIN_DATA_MAX);
1211 return 0;
08f3be7a
LP		 1212 }
1213
e437538f 1214 void *p = realloc(c->stdin_data, c->stdin_data_size + sz + 1);
08f3be7a
LP		 1215 if (!p)
1216 return log_oom();
1217
1218 *((char*) mempcpy((char*) p + c->stdin_data_size, resolved, sz)) = '\n';
1219
1220 c->stdin_data = p;
1221 c->stdin_data_size += sz + 1;
1222
1223 return 0;
52c239d7
LB		 1224}
1225
08f3be7a
LP		 1226int config_parse_exec_input_data(
1227 const char *unit,
1228 const char *filename,
1229 unsigned line,
1230 const char *section,
1231 unsigned section_line,
1232 const char *lvalue,
1233 int ltype,
1234 const char *rvalue,
1235 void *data,
1236 void *userdata) {
1237
08f3be7a 1238 _cleanup_free_ void *p = NULL;
99534007 1239 ExecContext *c = ASSERT_PTR(data);
08f3be7a
LP		 1240 size_t sz;
1241 void *q;
1242 int r;
1243
08f3be7a
LP		 1244 assert(filename);
1245 assert(line);
1246 assert(rvalue);
1247
1248 if (isempty(rvalue)) {
1249 /* Reset if the empty string is assigned */
1250 c->stdin_data = mfree(c->stdin_data);
1251 c->stdin_data_size = 0;
1252 return 0;
1253 }
1254
f5fbe71d 1255 r = unbase64mem(rvalue, SIZE_MAX, &p, &sz);
323dda78
YW		 1256 if (r < 0) {
1257 log_syntax(unit, LOG_WARNING, filename, line, r,
1258 "Failed to decode base64 data, ignoring: %s", rvalue);
1259 return 0;
1260 }
08f3be7a
LP		 1261
1262 assert(sz > 0);
1263
1264 if (c->stdin_data_size + sz < c->stdin_data_size || /* check for overflow */
1265 c->stdin_data_size + sz > EXEC_STDIN_DATA_MAX) {
323dda78
YW		 1266 log_syntax(unit, LOG_WARNING, filename, line, 0,
1267 "Standard input data too large (%zu), maximum of %zu permitted, ignoring.",
1268 c->stdin_data_size + sz, (size_t) EXEC_STDIN_DATA_MAX);
1269 return 0;
08f3be7a
LP		 1270 }
1271
1272 q = realloc(c->stdin_data, c->stdin_data_size + sz);
1273 if (!q)
1274 return log_oom();
1275
1276 memcpy((uint8_t*) q + c->stdin_data_size, p, sz);
1277
1278 c->stdin_data = q;
1279 c->stdin_data_size += sz;
1280
1281 return 0;
1282}
1283
2038c3f5
LP		 1284int config_parse_exec_output(
1285 const char *unit,
1286 const char *filename,
1287 unsigned line,
1288 const char *section,
1289 unsigned section_line,
1290 const char *lvalue,
1291 int ltype,
1292 const char *rvalue,
1293 void *data,
1294 void *userdata) {
1295
1296 _cleanup_free_ char *resolved = NULL;
1297 const char *n;
99534007 1298 ExecContext *c = ASSERT_PTR(data);
47538b76 1299 const Unit *u = userdata;
f3dc6af2 1300 bool obsolete = false;
52c239d7 1301 ExecOutput eo;
52c239d7
LB		 1302 int r;
1303
52c239d7
LB		 1304 assert(filename);
1305 assert(line);
1306 assert(lvalue);
1307 assert(rvalue);
1308
2038c3f5
LP		 1309 n = startswith(rvalue, "fd:");
1310 if (n) {
06536492 1311 r = unit_fd_printf(u, n, &resolved);
323dda78
YW		 1312 if (r < 0) {
1313 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s: %m", n);
1314 return 0;
1315 }
2038c3f5
LP		 1316
1317 if (isempty(resolved))
1318 resolved = mfree(resolved);
1319 else if (!fdname_is_valid(resolved)) {
323dda78
YW		 1320 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid file descriptor name, ignoring: %s", resolved);
1321 return 0;
52c239d7 1322 }
2038c3f5 1323
52c239d7 1324 eo = EXEC_OUTPUT_NAMED_FD;
2038c3f5 1325
f3dc6af2
LP		 1326 } else if (streq(rvalue, "syslog")) {
1327 eo = EXEC_OUTPUT_JOURNAL;
1328 obsolete = true;
1329
1330 } else if (streq(rvalue, "syslog+console")) {
1331 eo = EXEC_OUTPUT_JOURNAL_AND_CONSOLE;
1332 obsolete = true;
1333
2038c3f5
LP		 1334 } else if ((n = startswith(rvalue, "file:"))) {
1335
06536492 1336 r = unit_path_printf(u, n, &resolved);
323dda78
YW		 1337 if (r < 0) {
1338 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", n);
1339 return 0;
1340 }
2038c3f5 1341
2f4d31c1
YW		 1342 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
1343 if (r < 0)
323dda78 1344 return 0;
2038c3f5
LP		 1345
1346 eo = EXEC_OUTPUT_FILE;
1347
566b7d23
ZD		 1348 } else if ((n = startswith(rvalue, "append:"))) {
1349
06536492 1350 r = unit_path_printf(u, n, &resolved);
323dda78
YW		 1351 if (r < 0) {
1352 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", n);
1353 return 0;
1354 }
566b7d23
ZD		 1355
1356 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
1357 if (r < 0)
323dda78 1358 return 0;
566b7d23
ZD		 1359
1360 eo = EXEC_OUTPUT_FILE_APPEND;
8d7dab1f
LW		 1361
1362 } else if ((n = startswith(rvalue, "truncate:"))) {
1363
06536492 1364 r = unit_path_printf(u, n, &resolved);
8d7dab1f
LW		 1365 if (r < 0) {
1366 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", n);
1367 return 0;
1368 }
1369
1370 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
1371 if (r < 0)
1372 return 0;
1373
1374 eo = EXEC_OUTPUT_FILE_TRUNCATE;
52c239d7
LB		 1375 } else {
1376 eo = exec_output_from_string(rvalue);
2038c3f5 1377 if (eo < 0) {
b98680b2 1378 log_syntax(unit, LOG_WARNING, filename, line, eo, "Failed to parse output specifier, ignoring: %s", rvalue);
52c239d7
LB		 1379 return 0;
1380 }
1381 }
1382
f3dc6af2
LP		 1383 if (obsolete)
1384 log_syntax(unit, LOG_NOTICE, filename, line, 0,
1385 "Standard output type %s is obsolete, automatically updating to %s. Please update your unit file, and consider removing the setting altogether.",
1386 rvalue, exec_output_to_string(eo));
1387
52c239d7 1388 if (streq(lvalue, "StandardOutput")) {
2038c3f5
LP		 1389 if (eo == EXEC_OUTPUT_NAMED_FD)
1390 free_and_replace(c->stdio_fdname[STDOUT_FILENO], resolved);
1391 else
1392 free_and_replace(c->stdio_file[STDOUT_FILENO], resolved);
1393
52c239d7 1394 c->std_output = eo;
2038c3f5 1395
52c239d7 1396 } else {
2038c3f5
LP		 1397 assert(streq(lvalue, "StandardError"));
1398
1399 if (eo == EXEC_OUTPUT_NAMED_FD)
1400 free_and_replace(c->stdio_fdname[STDERR_FILENO], resolved);
1401 else
1402 free_and_replace(c->stdio_file[STDERR_FILENO], resolved);
1403
1404 c->std_error = eo;
52c239d7 1405 }
2038c3f5
LP		 1406
1407 return 0;
52c239d7 1408}
87f0e418 1409
e8e581bf
ZJS		 1410int config_parse_exec_io_class(const char *unit,
1411 const char *filename,
1412 unsigned line,
1413 const char *section,
71a61510 1414 unsigned section_line,
e8e581bf
ZJS		 1415 const char *lvalue,
1416 int ltype,
1417 const char *rvalue,
1418 void *data,
1419 void *userdata) {
94f04347 1420
99534007 1421 ExecContext *c = ASSERT_PTR(data);
94f04347
LP		 1422 int x;
1423
1424 assert(filename);
1425 assert(lvalue);
1426 assert(rvalue);
94f04347 1427
617d253a
YW		 1428 if (isempty(rvalue)) {
1429 c->ioprio_set = false;
0692548c 1430 c->ioprio = IOPRIO_DEFAULT_CLASS_AND_PRIO;
617d253a
YW		 1431 return 0;
1432 }
1433
f8b69d1d
MS		 1434 x = ioprio_class_from_string(rvalue);
1435 if (x < 0) {
b98680b2 1436 log_syntax(unit, LOG_WARNING, filename, line, x, "Failed to parse IO scheduling class, ignoring: %s", rvalue);
c0b34696 1437 return 0;
0d87eb42 1438 }
94f04347 1439
ba7772fe 1440 c->ioprio = ioprio_normalize(ioprio_prio_value(x, ioprio_prio_data(c->ioprio)));
94f04347
LP		 1441 c->ioprio_set = true;
1442
1443 return 0;
1444}
1445
e8e581bf
ZJS		 1446int config_parse_exec_io_priority(const char *unit,
1447 const char *filename,
1448 unsigned line,
1449 const char *section,
71a61510 1450 unsigned section_line,
e8e581bf
ZJS		 1451 const char *lvalue,
1452 int ltype,
1453 const char *rvalue,
1454 void *data,
1455 void *userdata) {
94f04347 1456
99534007 1457 ExecContext *c = ASSERT_PTR(data);
e8e581bf 1458 int i, r;
94f04347
LP		 1459
1460 assert(filename);
1461 assert(lvalue);
1462 assert(rvalue);
94f04347 1463
617d253a
YW		 1464 if (isempty(rvalue)) {
1465 c->ioprio_set = false;
0692548c 1466 c->ioprio = IOPRIO_DEFAULT_CLASS_AND_PRIO;
617d253a
YW		 1467 return 0;
1468 }
1469
7f452159
LP		 1470 r = ioprio_parse_priority(rvalue, &i);
1471 if (r < 0) {
323dda78 1472 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse IO priority, ignoring: %s", rvalue);
c0b34696 1473 return 0;
071830ff
LP		 1474 }
1475
ba7772fe 1476 c->ioprio = ioprio_normalize(ioprio_prio_value(ioprio_prio_class(c->ioprio), i));
94f04347
LP		 1477 c->ioprio_set = true;
1478
071830ff
LP		 1479 return 0;
1480}
1481
e8e581bf
ZJS		 1482int config_parse_exec_cpu_sched_policy(const char *unit,
1483 const char *filename,
1484 unsigned line,
1485 const char *section,
71a61510 1486 unsigned section_line,
e8e581bf
ZJS		 1487 const char *lvalue,
1488 int ltype,
1489 const char *rvalue,
1490 void *data,
1491 void *userdata) {
9eba9da4 1492
99534007 1493 ExecContext *c = ASSERT_PTR(data);
94f04347
LP		 1494 int x;
1495
1496 assert(filename);
1497 assert(lvalue);
1498 assert(rvalue);
94f04347 1499
b00e1a9e
YW		 1500 if (isempty(rvalue)) {
1501 c->cpu_sched_set = false;
1502 c->cpu_sched_policy = SCHED_OTHER;
1503 c->cpu_sched_priority = 0;
1504 return 0;
1505 }
1506
f8b69d1d
MS		 1507 x = sched_policy_from_string(rvalue);
1508 if (x < 0) {
b98680b2 1509 log_syntax(unit, LOG_WARNING, filename, line, x, "Failed to parse CPU scheduling policy, ignoring: %s", rvalue);
c0b34696 1510 return 0;
0d87eb42 1511 }
94f04347
LP		 1512
1513 c->cpu_sched_policy = x;
bb112710
HHPF		 1514 /* Moving to or from real-time policy? We need to adjust the priority */
1515 c->cpu_sched_priority = CLAMP(c->cpu_sched_priority, sched_get_priority_min(x), sched_get_priority_max(x));
94f04347
LP		 1516 c->cpu_sched_set = true;
1517
1518 return 0;
1519}
1520
5e98086d
ZJS		 1521int config_parse_exec_mount_apivfs(const char *unit,
1522 const char *filename,
1523 unsigned line,
1524 const char *section,
1525 unsigned section_line,
1526 const char *lvalue,
1527 int ltype,
1528 const char *rvalue,
1529 void *data,
1530 void *userdata) {
1531
99534007 1532 ExecContext *c = ASSERT_PTR(data);
5e98086d
ZJS		 1533 int k;
1534
1535 assert(filename);
1536 assert(lvalue);
1537 assert(rvalue);
5e98086d
ZJS		 1538
1539 if (isempty(rvalue)) {
1540 c->mount_apivfs_set = false;
1541 c->mount_apivfs = false;
1542 return 0;
1543 }
1544
1545 k = parse_boolean(rvalue);
1546 if (k < 0) {
1547 log_syntax(unit, LOG_WARNING, filename, line, k,
1548 "Failed to parse boolean value, ignoring: %s",
1549 rvalue);
1550 return 0;
1551 }
1552
1553 c->mount_apivfs_set = true;
1554 c->mount_apivfs = k;
1555 return 0;
1556}
1557
b070c7c0
MS		 1558int config_parse_numa_mask(const char *unit,
1559 const char *filename,
1560 unsigned line,
1561 const char *section,
1562 unsigned section_line,
1563 const char *lvalue,
1564 int ltype,
1565 const char *rvalue,
1566 void *data,
1567 void *userdata) {
1568 int r;
99534007 1569 NUMAPolicy *p = ASSERT_PTR(data);
b070c7c0
MS		 1570
1571 assert(filename);
1572 assert(lvalue);
1573 assert(rvalue);
b070c7c0 1574
332d387f
MS		 1575 if (streq(rvalue, "all")) {
1576 r = numa_mask_add_all(&p->nodes);
323dda78
YW		 1577 if (r < 0)
1578 log_syntax(unit, LOG_WARNING, filename, line, r,
1579 "Failed to create NUMA mask representing \"all\" NUMA nodes, ignoring: %m");
332d387f
MS		 1580 } else {
1581 r = parse_cpu_set_extend(rvalue, &p->nodes, true, unit, filename, line, lvalue);
323dda78
YW		 1582 if (r < 0)
1583 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse NUMA node mask, ignoring: %s", rvalue);
b070c7c0
MS		 1584 }
1585
323dda78 1586 return 0;
b070c7c0
MS		 1587}
1588
e8e581bf
ZJS		 1589int config_parse_exec_cpu_sched_prio(const char *unit,
1590 const char *filename,
1591 unsigned line,
1592 const char *section,
71a61510 1593 unsigned section_line,
e8e581bf
ZJS		 1594 const char *lvalue,
1595 int ltype,
1596 const char *rvalue,
1597 void *data,
1598 void *userdata) {
9eba9da4 1599
99534007 1600 ExecContext *c = ASSERT_PTR(data);
40c05a34 1601 int i, r;
9eba9da4
LP		 1602
1603 assert(filename);
1604 assert(lvalue);
1605 assert(rvalue);
9eba9da4 1606
e8e581bf
ZJS		 1607 r = safe_atoi(rvalue, &i);
1608 if (r < 0) {
323dda78 1609 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse CPU scheduling priority, ignoring: %s", rvalue);
c0b34696 1610 return 0;
94f04347 1611 }
9eba9da4 1612
40c05a34
LB		 1613 /* On Linux RR/FIFO range from 1 to 99 and OTHER/BATCH may only be 0. Policy might be set later so
1614 * we do not check the precise range, but only the generic outer bounds. */
1615 if (i < 0 || i > 99) {
323dda78 1616 log_syntax(unit, LOG_WARNING, filename, line, 0, "CPU scheduling priority is out of range, ignoring: %s", rvalue);
bb112710
HHPF		 1617 return 0;
1618 }
1619
94f04347
LP		 1620 c->cpu_sched_priority = i;
1621 c->cpu_sched_set = true;
1622
1623 return 0;
1624}
1625
18d73705
LB		 1626int config_parse_root_image_options(
1627 const char *unit,
1628 const char *filename,
1629 unsigned line,
1630 const char *section,
1631 unsigned section_line,
1632 const char *lvalue,
1633 int ltype,
1634 const char *rvalue,
1635 void *data,
1636 void *userdata) {
1637
1638 _cleanup_(mount_options_free_allp) MountOptions *options = NULL;
bc8d56d3 1639 _cleanup_strv_free_ char **l = NULL;
99534007 1640 ExecContext *c = ASSERT_PTR(data);
18d73705 1641 const Unit *u = userdata;
18d73705
LB		 1642 int r;
1643
1644 assert(filename);
1645 assert(lvalue);
1646 assert(rvalue);
18d73705
LB		 1647
1648 if (isempty(rvalue)) {
1649 c->root_image_options = mount_options_free_all(c->root_image_options);
1650 return 0;
1651 }
1652
bc8d56d3
LB		 1653 r = strv_split_colon_pairs(&l, rvalue);
1654 if (r == -ENOMEM)
1655 return log_oom();
1656 if (r < 0) {
323dda78 1657 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s, ignoring: %s", lvalue, rvalue);
bc8d56d3
LB		 1658 return 0;
1659 }
18d73705 1660
bc8d56d3 1661 STRV_FOREACH_PAIR(first, second, l) {
18d73705 1662 MountOptions *o = NULL;
9ece6444
LB		 1663 _cleanup_free_ char *mount_options_resolved = NULL;
1664 const char *mount_options = NULL, *partition = "root";
569a0e42 1665 PartitionDesignator partition_designator;
18d73705 1666
9ece6444 1667 /* Format is either 'root:foo' or 'foo' (root is implied) */
bc8d56d3 1668 if (!isempty(*second)) {
9ece6444 1669 partition = *first;
bc8d56d3 1670 mount_options = *second;
18d73705 1671 } else
bc8d56d3 1672 mount_options = *first;
18d73705 1673
9ece6444
LB		 1674 partition_designator = partition_designator_from_string(partition);
1675 if (partition_designator < 0) {
b98680b2
YW		 1676 log_syntax(unit, LOG_WARNING, filename, line, partition_designator,
1677 "Invalid partition name %s, ignoring", partition);
18d73705
LB		 1678 continue;
1679 }
18d73705
LB		 1680 r = unit_full_printf(u, mount_options, &mount_options_resolved);
1681 if (r < 0) {
323dda78 1682 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options);
18d73705
LB		 1683 continue;
1684 }
1685
1686 o = new(MountOptions, 1);
1687 if (!o)
1688 return log_oom();
1689 *o = (MountOptions) {
9ece6444 1690 .partition_designator = partition_designator,
18d73705
LB		 1691 .options = TAKE_PTR(mount_options_resolved),
1692 };
9ece6444 1693 LIST_APPEND(mount_options, options, TAKE_PTR(o));
18d73705
LB		 1694 }
1695
64903d18 1696 if (options)
18d73705 1697 LIST_JOIN(mount_options, c->root_image_options, options);
64903d18
ZJS		 1698 else
1699 /* empty spaces/separators only */
1700 c->root_image_options = mount_options_free_all(c->root_image_options);
18d73705
LB		 1701
1702 return 0;
1703}
1704
0389f4fa
LB		 1705int config_parse_exec_root_hash(
1706 const char *unit,
1707 const char *filename,
1708 unsigned line,
1709 const char *section,
1710 unsigned section_line,
1711 const char *lvalue,
1712 int ltype,
1713 const char *rvalue,
1714 void *data,
1715 void *userdata) {
1716
1717 _cleanup_free_ void *roothash_decoded = NULL;
99534007 1718 ExecContext *c = ASSERT_PTR(data);
0389f4fa
LB		 1719 size_t roothash_decoded_size = 0;
1720 int r;
1721
0389f4fa
LB		 1722 assert(filename);
1723 assert(line);
1724 assert(rvalue);
1725
1726 if (isempty(rvalue)) {
1727 /* Reset if the empty string is assigned */
1728 c->root_hash_path = mfree(c->root_hash_path);
1729 c->root_hash = mfree(c->root_hash);
1730 c->root_hash_size = 0;
1731 return 0;
1732 }
1733
1734 if (path_is_absolute(rvalue)) {
1735 /* We have the path to a roothash to load and decode, eg: RootHash=/foo/bar.roothash */
1736 _cleanup_free_ char *p = NULL;
1737
1738 p = strdup(rvalue);
1739 if (!p)
1740 return -ENOMEM;
1741
1742 free_and_replace(c->root_hash_path, p);
1743 c->root_hash = mfree(c->root_hash);
1744 c->root_hash_size = 0;
1745 return 0;
1746 }
1747
1748 /* We have a roothash to decode, eg: RootHash=012345789abcdef */
1749 r = unhexmem(rvalue, strlen(rvalue), &roothash_decoded, &roothash_decoded_size);
323dda78
YW		 1750 if (r < 0) {
1751 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to decode RootHash=, ignoring: %s", rvalue);
1752 return 0;
1753 }
1754 if (roothash_decoded_size < sizeof(sd_id128_t)) {
1755 log_syntax(unit, LOG_WARNING, filename, line, 0, "RootHash= is too short, ignoring: %s", rvalue);
1756 return 0;
1757 }
0389f4fa
LB		 1758
1759 free_and_replace(c->root_hash, roothash_decoded);
1760 c->root_hash_size = roothash_decoded_size;
1761 c->root_hash_path = mfree(c->root_hash_path);
1762
1763 return 0;
1764}
1765
d4d55b0d
LB		 1766int config_parse_exec_root_hash_sig(
1767 const char *unit,
1768 const char *filename,
1769 unsigned line,
1770 const char *section,
1771 unsigned section_line,
1772 const char *lvalue,
1773 int ltype,
1774 const char *rvalue,
1775 void *data,
1776 void *userdata) {
1777
1778 _cleanup_free_ void *roothash_sig_decoded = NULL;
1779 char *value;
99534007 1780 ExecContext *c = ASSERT_PTR(data);
d4d55b0d
LB		 1781 size_t roothash_sig_decoded_size = 0;
1782 int r;
1783
d4d55b0d
LB		 1784 assert(filename);
1785 assert(line);
1786 assert(rvalue);
1787
1788 if (isempty(rvalue)) {
1789 /* Reset if the empty string is assigned */
1790 c->root_hash_sig_path = mfree(c->root_hash_sig_path);
1791 c->root_hash_sig = mfree(c->root_hash_sig);
1792 c->root_hash_sig_size = 0;
1793 return 0;
1794 }
1795
1796 if (path_is_absolute(rvalue)) {
1797 /* We have the path to a roothash signature to load and decode, eg: RootHashSignature=/foo/bar.roothash.p7s */
1798 _cleanup_free_ char *p = NULL;
1799
1800 p = strdup(rvalue);
1801 if (!p)
323dda78 1802 return log_oom();
d4d55b0d
LB		 1803
1804 free_and_replace(c->root_hash_sig_path, p);
1805 c->root_hash_sig = mfree(c->root_hash_sig);
1806 c->root_hash_sig_size = 0;
1807 return 0;
1808 }
1809
323dda78
YW		 1810 if (!(value = startswith(rvalue, "base64:"))) {
1811 log_syntax(unit, LOG_WARNING, filename, line, 0,
1812 "Failed to decode RootHashSignature=, not a path but doesn't start with 'base64:', ignoring: %s", rvalue);
1813 return 0;
1814 }
d4d55b0d
LB		 1815
1816 /* We have a roothash signature to decode, eg: RootHashSignature=base64:012345789abcdef */
1817 r = unbase64mem(value, strlen(value), &roothash_sig_decoded, &roothash_sig_decoded_size);
323dda78
YW		 1818 if (r < 0) {
1819 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to decode RootHashSignature=, ignoring: %s", rvalue);
1820 return 0;
1821 }
d4d55b0d
LB		 1822
1823 free_and_replace(c->root_hash_sig, roothash_sig_decoded);
1824 c->root_hash_sig_size = roothash_sig_decoded_size;
1825 c->root_hash_sig_path = mfree(c->root_hash_sig_path);
1826
1827 return 0;
1828}
1829
ca9169f4
YW		 1830int config_parse_exec_cpu_affinity(
1831 const char *unit,
1832 const char *filename,
1833 unsigned line,
1834 const char *section,
1835 unsigned section_line,
1836 const char *lvalue,
1837 int ltype,
1838 const char *rvalue,
1839 void *data,
1840 void *userdata) {
94f04347 1841
99534007 1842 ExecContext *c = ASSERT_PTR(data);
54cfe9a7
FG		 1843 const Unit *u = userdata;
1844 _cleanup_free_ char *k = NULL;
e2b2fb7f 1845 int r;
94f04347
LP		 1846
1847 assert(filename);
1848 assert(lvalue);
1849 assert(rvalue);
94f04347 1850
e2b2fb7f
MS		 1851 if (streq(rvalue, "numa")) {
1852 c->cpu_affinity_from_numa = true;
1853 cpu_set_reset(&c->cpu_set);
1854
1855 return 0;
1856 }
1857
54cfe9a7
FG		 1858 r = unit_full_printf(u, rvalue, &k);
1859 if (r < 0) {
1860 log_syntax(unit, LOG_WARNING, filename, line, r,
1861 "Failed to resolve unit specifiers in '%s', ignoring: %m",
1862 rvalue);
1863 return 0;
1864 }
1865
1866 r = parse_cpu_set_extend(k, &c->cpu_set, true, unit, filename, line, lvalue);
e2b2fb7f
MS		 1867 if (r >= 0)
1868 c->cpu_affinity_from_numa = false;
1869
ca9169f4 1870 return 0;
94f04347
LP		 1871}
1872
a103496c 1873int config_parse_capability_set(
65dce264
LP		 1874 const char *unit,
1875 const char *filename,
1876 unsigned line,
1877 const char *section,
1878 unsigned section_line,
1879 const char *lvalue,
1880 int ltype,
1881 const char *rvalue,
1882 void *data,
1883 void *userdata) {
94f04347 1884
99534007 1885 uint64_t *capability_set = ASSERT_PTR(data);
3fd5190b 1886 uint64_t sum = 0, initial, def;
260abb78 1887 bool invert = false;
dd1f5bd0 1888 int r;
94f04347
LP		 1889
1890 assert(filename);
1891 assert(lvalue);
1892 assert(rvalue);
94f04347 1893
260abb78
LP		 1894 if (rvalue[0] == '~') {
1895 invert = true;
1896 rvalue++;
1897 }
1898
3fd5190b
LP		 1899 if (streq(lvalue, "CapabilityBoundingSet")) {
1900 initial = CAP_MASK_ALL; /* initialized to all bits on */
1901 def = CAP_MASK_UNSET; /* not set */
1902 } else
1903 def = initial = 0; /* All bits off */
260abb78 1904
dd1f5bd0 1905 r = capability_set_from_string(rvalue, &sum);
dd1f5bd0 1906 if (r < 0) {
323dda78 1907 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s= specifier '%s', ignoring: %m", lvalue, rvalue);
dd1f5bd0 1908 return 0;
94f04347 1909 }
9eba9da4 1910
3fd5190b 1911 if (sum == 0 || *capability_set == def)
c792ec2e
IP		 1912 /* "", "~" or uninitialized data -> replace */
1913 *capability_set = invert ? ~sum : sum;
1914 else {
a103496c 1915 /* previous data -> merge */
c792ec2e
IP		 1916 if (invert)
1917 *capability_set &= ~sum;
1918 else
1919 *capability_set |= sum;
1920 }
260abb78 1921
9eba9da4
LP		 1922 return 0;
1923}
1924
5f8640fb
LP		 1925int config_parse_exec_selinux_context(
1926 const char *unit,
1927 const char *filename,
1928 unsigned line,
1929 const char *section,
1930 unsigned section_line,
1931 const char *lvalue,
1932 int ltype,
1933 const char *rvalue,
1934 void *data,
1935 void *userdata) {
1936
99534007 1937 ExecContext *c = ASSERT_PTR(data);
47538b76 1938 const Unit *u = userdata;
5f8640fb
LP		 1939 bool ignore;
1940 char *k;
1941 int r;
1942
1943 assert(filename);
1944 assert(lvalue);
1945 assert(rvalue);
5f8640fb
LP		 1946
1947 if (isempty(rvalue)) {
a1e58e8e 1948 c->selinux_context = mfree(c->selinux_context);
5f8640fb
LP		 1949 c->selinux_context_ignore = false;
1950 return 0;
1951 }
1952
1953 if (rvalue[0] == '-') {
1954 ignore = true;
1955 rvalue++;
1956 } else
1957 ignore = false;
1958
18913df9 1959 r = unit_full_printf(u, rvalue, &k);
5f8640fb 1960 if (r < 0) {
323dda78 1961 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
063c4b1a
YW		 1962 "Failed to resolve unit specifiers in '%s'%s: %m",
1963 rvalue, ignore ? ", ignoring" : "");
bb28e684 1964 return ignore ? 0 : -ENOEXEC;
5f8640fb
LP		 1965 }
1966
063c4b1a 1967 free_and_replace(c->selinux_context, k);
5f8640fb
LP		 1968 c->selinux_context_ignore = ignore;
1969
1970 return 0;
1971}
1972
eef65bf3
MS		 1973int config_parse_exec_apparmor_profile(
1974 const char *unit,
1975 const char *filename,
1976 unsigned line,
1977 const char *section,
1978 unsigned section_line,
1979 const char *lvalue,
1980 int ltype,
1981 const char *rvalue,
1982 void *data,
1983 void *userdata) {
1984
99534007 1985 ExecContext *c = ASSERT_PTR(data);
47538b76 1986 const Unit *u = userdata;
eef65bf3
MS		 1987 bool ignore;
1988 char *k;
1989 int r;
1990
1991 assert(filename);
1992 assert(lvalue);
1993 assert(rvalue);
eef65bf3
MS		 1994
1995 if (isempty(rvalue)) {
a1e58e8e 1996 c->apparmor_profile = mfree(c->apparmor_profile);
eef65bf3
MS		 1997 c->apparmor_profile_ignore = false;
1998 return 0;
1999 }
2000
2001 if (rvalue[0] == '-') {
2002 ignore = true;
2003 rvalue++;
2004 } else
2005 ignore = false;
2006
18913df9 2007 r = unit_full_printf(u, rvalue, &k);
eef65bf3 2008 if (r < 0) {
323dda78 2009 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
063c4b1a
YW		 2010 "Failed to resolve unit specifiers in '%s'%s: %m",
2011 rvalue, ignore ? ", ignoring" : "");
bb28e684 2012 return ignore ? 0 : -ENOEXEC;
eef65bf3
MS		 2013 }
2014
063c4b1a 2015 free_and_replace(c->apparmor_profile, k);
eef65bf3
MS		 2016 c->apparmor_profile_ignore = ignore;
2017
2018 return 0;
2019}
2020
2ca620c4
WC		 2021int config_parse_exec_smack_process_label(
2022 const char *unit,
2023 const char *filename,
2024 unsigned line,
2025 const char *section,
2026 unsigned section_line,
2027 const char *lvalue,
2028 int ltype,
2029 const char *rvalue,
2030 void *data,
2031 void *userdata) {
2032
99534007 2033 ExecContext *c = ASSERT_PTR(data);
47538b76 2034 const Unit *u = userdata;
2ca620c4
WC		 2035 bool ignore;
2036 char *k;
2037 int r;
2038
2039 assert(filename);
2040 assert(lvalue);
2041 assert(rvalue);
2ca620c4
WC		 2042
2043 if (isempty(rvalue)) {
a1e58e8e 2044 c->smack_process_label = mfree(c->smack_process_label);
2ca620c4
WC		 2045 c->smack_process_label_ignore = false;
2046 return 0;
2047 }
2048
2049 if (rvalue[0] == '-') {
2050 ignore = true;
2051 rvalue++;
2052 } else
2053 ignore = false;
2054
18913df9 2055 r = unit_full_printf(u, rvalue, &k);
2ca620c4 2056 if (r < 0) {
323dda78 2057 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
063c4b1a
YW		 2058 "Failed to resolve unit specifiers in '%s'%s: %m",
2059 rvalue, ignore ? ", ignoring" : "");
bb28e684 2060 return ignore ? 0 : -ENOEXEC;
2ca620c4
WC		 2061 }
2062
063c4b1a 2063 free_and_replace(c->smack_process_label, k);
2ca620c4
WC		 2064 c->smack_process_label_ignore = ignore;
2065
2066 return 0;
2067}
2068
25a04ae5
LP		 2069int config_parse_timer(
2070 const char *unit,
2071 const char *filename,
2072 unsigned line,
2073 const char *section,
2074 unsigned section_line,
2075 const char *lvalue,
2076 int ltype,
2077 const char *rvalue,
2078 void *data,
2079 void *userdata) {
871d7de4 2080
25a04ae5
LP		 2081 _cleanup_(calendar_spec_freep) CalendarSpec *c = NULL;
2082 _cleanup_free_ char *k = NULL;
47538b76 2083 const Unit *u = userdata;
99534007 2084 Timer *t = ASSERT_PTR(data);
2507992f 2085 usec_t usec = 0;
871d7de4 2086 TimerValue *v;
2507992f 2087 int r;
871d7de4
LP		 2088
2089 assert(filename);
2090 assert(lvalue);
2091 assert(rvalue);
871d7de4 2092
74051b9b
LP		 2093 if (isempty(rvalue)) {
2094 /* Empty assignment resets list */
2095 timer_free_values(t);
2096 return 0;
2097 }
2098
2507992f
DC		 2099 r = unit_full_printf(u, rvalue, &k);
2100 if (r < 0) {
323dda78 2101 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
2507992f
DC		 2102 return 0;
2103 }
2104
25a04ae5 2105 if (ltype == TIMER_CALENDAR) {
dc44c96d
LP		 2106 r = calendar_spec_from_string(k, &c);
2107 if (r < 0) {
323dda78 2108 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse calendar specification, ignoring: %s", k);
36697dc0
LP		 2109 return 0;
2110 }
dc44c96d
LP		 2111 } else {
2112 r = parse_sec(k, &usec);
2113 if (r < 0) {
323dda78 2114 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse timer value, ignoring: %s", k);
36697dc0
LP		 2115 return 0;
2116 }
dc44c96d 2117 }
871d7de4 2118
25a04ae5 2119 v = new(TimerValue, 1);
921b5987 2120 if (!v)
74051b9b 2121 return log_oom();
871d7de4 2122
25a04ae5
LP		 2123 *v = (TimerValue) {
2124 .base = ltype,
2125 .value = usec,
2126 .calendar_spec = TAKE_PTR(c),
2127 };
871d7de4 2128
71fda00f 2129 LIST_PREPEND(value, t->values, v);
871d7de4
LP		 2130
2131 return 0;
2132}
2133
3ecaa09b
LP		 2134int config_parse_trigger_unit(
2135 const char *unit,
2136 const char *filename,
2137 unsigned line,
2138 const char *section,
71a61510 2139 unsigned section_line,
3ecaa09b
LP		 2140 const char *lvalue,
2141 int ltype,
2142 const char *rvalue,
2143 void *data,
2144 void *userdata) {
871d7de4 2145
74051b9b 2146 _cleanup_free_ char *p = NULL;
99534007 2147 Unit *u = ASSERT_PTR(data);
3ecaa09b
LP		 2148 UnitType type;
2149 int r;
398ef8ba
LP		 2150
2151 assert(filename);
2152 assert(lvalue);
2153 assert(rvalue);
398ef8ba 2154
bc32241e 2155 if (UNIT_TRIGGER(u)) {
323dda78 2156 log_syntax(unit, LOG_WARNING, filename, line, 0, "Multiple units to trigger specified, ignoring: %s", rvalue);
3ecaa09b
LP		 2157 return 0;
2158 }
871d7de4 2159
19f6d710 2160 r = unit_name_printf(u, rvalue, &p);
12ca818f 2161 if (r < 0) {
323dda78 2162 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
12ca818f
LP		 2163 return 0;
2164 }
74051b9b 2165
12ca818f 2166 type = unit_name_to_type(p);
3ecaa09b 2167 if (type < 0) {
b98680b2 2168 log_syntax(unit, LOG_WARNING, filename, line, type, "Unit type not valid, ignoring: %s", rvalue);
c0b34696 2169 return 0;
871d7de4 2170 }
49219a1c 2171 if (unit_has_name(u, p)) {
323dda78 2172 log_syntax(unit, LOG_WARNING, filename, line, 0, "Units cannot trigger themselves, ignoring: %s", rvalue);
3ecaa09b
LP		 2173 return 0;
2174 }
2175
5a724170 2176 r = unit_add_two_dependencies_by_name(u, UNIT_BEFORE, UNIT_TRIGGERS, p, true, UNIT_DEPENDENCY_FILE);
57020a3a 2177 if (r < 0) {
323dda78 2178 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to add trigger on %s, ignoring: %m", p);
c0b34696 2179 return 0;
871d7de4
LP		 2180 }
2181
2182 return 0;
2183}
2184
e8e581bf
ZJS		 2185int config_parse_path_spec(const char *unit,
2186 const char *filename,
2187 unsigned line,
2188 const char *section,
71a61510 2189 unsigned section_line,
e8e581bf
ZJS		 2190 const char *lvalue,
2191 int ltype,
2192 const char *rvalue,
2193 void *data,
2194 void *userdata) {
01f78473 2195
99534007 2196 Path *p = ASSERT_PTR(data);
01f78473
LP		 2197 PathSpec *s;
2198 PathType b;
7fd1b19b 2199 _cleanup_free_ char *k = NULL;
19f6d710 2200 int r;
01f78473
LP		 2201
2202 assert(filename);
2203 assert(lvalue);
2204 assert(rvalue);
01f78473 2205
74051b9b
LP		 2206 if (isempty(rvalue)) {
2207 /* Empty assignment clears list */
2208 path_free_specs(p);
2209 return 0;
2210 }
2211
93e4c84b
LP		 2212 b = path_type_from_string(lvalue);
2213 if (b < 0) {
b98680b2 2214 log_syntax(unit, LOG_WARNING, filename, line, b, "Failed to parse path type, ignoring: %s", lvalue);
c0b34696 2215 return 0;
01f78473
LP		 2216 }
2217
06536492 2218 r = unit_path_printf(UNIT(p), rvalue, &k);
19f6d710 2219 if (r < 0) {
323dda78 2220 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
12ca818f 2221 return 0;
487060c2 2222 }
93e4c84b 2223
2f4d31c1
YW		 2224 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2225 if (r < 0)
c0b34696 2226 return 0;
01f78473 2227
93e4c84b 2228 s = new0(PathSpec, 1);
543295ad 2229 if (!s)
93e4c84b 2230 return log_oom();
01f78473 2231
718db961 2232 s->unit = UNIT(p);
063c4b1a 2233 s->path = TAKE_PTR(k);
01f78473 2234 s->type = b;
254d1313 2235 s->inotify_fd = -EBADF;
01f78473 2236
71fda00f 2237 LIST_PREPEND(spec, p->specs, s);
01f78473
LP		 2238
2239 return 0;
2240}
2241
b02cb41c
LP		 2242int config_parse_socket_service(
2243 const char *unit,
2244 const char *filename,
2245 unsigned line,
2246 const char *section,
2247 unsigned section_line,
2248 const char *lvalue,
2249 int ltype,
2250 const char *rvalue,
2251 void *data,
2252 void *userdata) {
d9ff321a 2253
4afd3348 2254 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
8dd4c05b 2255 _cleanup_free_ char *p = NULL;
99534007 2256 Socket *s = ASSERT_PTR(data);
4ff77f66 2257 Unit *x;
8dd4c05b 2258 int r;
d9ff321a
LP		 2259
2260 assert(filename);
2261 assert(lvalue);
2262 assert(rvalue);
d9ff321a 2263
19f6d710 2264 r = unit_name_printf(UNIT(s), rvalue, &p);
613b411c 2265 if (r < 0) {
323dda78
YW		 2266 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2267 return 0;
613b411c 2268 }
74051b9b 2269
613b411c 2270 if (!endswith(p, ".service")) {
323dda78
YW		 2271 log_syntax(unit, LOG_WARNING, filename, line, 0, "Unit must be of type service, ignoring: %s", rvalue);
2272 return 0;
d9ff321a
LP		 2273 }
2274
613b411c 2275 r = manager_load_unit(UNIT(s)->manager, p, NULL, &error, &x);
4ff77f66 2276 if (r < 0) {
323dda78
YW		 2277 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to load unit %s, ignoring: %s", rvalue, bus_error_message(&error, r));
2278 return 0;
d9ff321a
LP		 2279 }
2280
7f7d01ed 2281 unit_ref_set(&s->service, UNIT(s), x);
4ff77f66 2282
d9ff321a
LP		 2283 return 0;
2284}
2285
8dd4c05b
LP		 2286int config_parse_fdname(
2287 const char *unit,
2288 const char *filename,
2289 unsigned line,
2290 const char *section,
2291 unsigned section_line,
2292 const char *lvalue,
2293 int ltype,
2294 const char *rvalue,
2295 void *data,
2296 void *userdata) {
2297
2298 _cleanup_free_ char *p = NULL;
99534007 2299 Socket *s = ASSERT_PTR(data);
8dd4c05b
LP		 2300 int r;
2301
2302 assert(filename);
2303 assert(lvalue);
2304 assert(rvalue);
8dd4c05b
LP		 2305
2306 if (isempty(rvalue)) {
2307 s->fdname = mfree(s->fdname);
2308 return 0;
2309 }
2310
06536492 2311 r = unit_fd_printf(UNIT(s), rvalue, &p);
8dd4c05b 2312 if (r < 0) {
323dda78 2313 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
8dd4c05b
LP		 2314 return 0;
2315 }
2316
2317 if (!fdname_is_valid(p)) {
323dda78 2318 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid file descriptor name, ignoring: %s", p);
8dd4c05b
LP		 2319 return 0;
2320 }
2321
3b319885 2322 return free_and_replace(s->fdname, p);
8dd4c05b
LP		 2323}
2324
b02cb41c
LP		 2325int config_parse_service_sockets(
2326 const char *unit,
2327 const char *filename,
2328 unsigned line,
2329 const char *section,
2330 unsigned section_line,
2331 const char *lvalue,
2332 int ltype,
2333 const char *rvalue,
2334 void *data,
2335 void *userdata) {
f976f3f6 2336
99534007 2337 Service *s = ASSERT_PTR(data);
b02cb41c 2338 int r;
f976f3f6
LP		 2339
2340 assert(filename);
2341 assert(lvalue);
2342 assert(rvalue);
f976f3f6 2343
323dda78 2344 for (const char *p = rvalue;;) {
6a0f3175 2345 _cleanup_free_ char *word = NULL, *k = NULL;
f976f3f6 2346
7b2313f5 2347 r = extract_first_word(&p, &word, NULL, 0);
7b2313f5 2348 if (r == -ENOMEM)
74051b9b 2349 return log_oom();
7b2313f5 2350 if (r < 0) {
323dda78
YW		 2351 log_syntax(unit, LOG_WARNING, filename, line, r, "Trailing garbage in sockets, ignoring: %s", rvalue);
2352 return 0;
7b2313f5 2353 }
a687f500
ZJS		 2354 if (r == 0)
2355 return 0;
f976f3f6 2356
7b2313f5 2357 r = unit_name_printf(UNIT(s), word, &k);
b02cb41c 2358 if (r < 0) {
323dda78 2359 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
b02cb41c
LP		 2360 continue;
2361 }
57020a3a 2362
b02cb41c 2363 if (!endswith(k, ".socket")) {
323dda78 2364 log_syntax(unit, LOG_WARNING, filename, line, 0, "Unit must be of type socket, ignoring: %s", k);
f976f3f6
LP		 2365 continue;
2366 }
2367
5a724170 2368 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_WANTS, UNIT_AFTER, k, true, UNIT_DEPENDENCY_FILE);
57020a3a 2369 if (r < 0)
323dda78 2370 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
f976f3f6 2371
35d8c19a 2372 r = unit_add_dependency_by_name(UNIT(s), UNIT_TRIGGERED_BY, k, true, UNIT_DEPENDENCY_FILE);
57020a3a 2373 if (r < 0)
323dda78 2374 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
f976f3f6 2375 }
f976f3f6
LP		 2376}
2377
b02cb41c
LP		 2378int config_parse_bus_name(
2379 const char *unit,
2380 const char *filename,
2381 unsigned line,
2382 const char *section,
2383 unsigned section_line,
2384 const char *lvalue,
2385 int ltype,
2386 const char *rvalue,
2387 void *data,
2388 void *userdata) {
2389
2390 _cleanup_free_ char *k = NULL;
99534007 2391 const Unit *u = ASSERT_PTR(userdata);
b02cb41c
LP		 2392 int r;
2393
2394 assert(filename);
2395 assert(lvalue);
2396 assert(rvalue);
b02cb41c 2397
06536492 2398 r = unit_full_printf_full(u, rvalue, SD_BUS_MAXIMUM_NAME_LENGTH, &k);
b02cb41c 2399 if (r < 0) {
323dda78 2400 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
b02cb41c
LP		 2401 return 0;
2402 }
2403
5453a4b1 2404 if (!sd_bus_service_name_is_valid(k)) {
323dda78 2405 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid bus name, ignoring: %s", k);
b02cb41c
LP		 2406 return 0;
2407 }
2408
2409 return config_parse_string(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
2410}
2411
aad41f08
LP		 2412int config_parse_service_timeout(
2413 const char *unit,
2414 const char *filename,
2415 unsigned line,
2416 const char *section,
2417 unsigned section_line,
2418 const char *lvalue,
2419 int ltype,
2420 const char *rvalue,
2421 void *data,
2422 void *userdata) {
98709151 2423
99534007 2424 Service *s = ASSERT_PTR(userdata);
aad41f08 2425 usec_t usec;
98709151
LN		 2426 int r;
2427
2428 assert(filename);
2429 assert(lvalue);
2430 assert(rvalue);
98709151 2431
6c58305a 2432 /* This is called for two cases: TimeoutSec= and TimeoutStartSec=. */
98709151 2433
fb27be3f
YW		 2434 /* Traditionally, these options accepted 0 to disable the timeouts. However, a timeout of 0 suggests it happens
2435 * immediately, hence fix this to become USEC_INFINITY instead. This is in-line with how we internally handle
2436 * all other timeouts. */
2437 r = parse_sec_fix_0(rvalue, &usec);
aad41f08 2438 if (r < 0) {
323dda78 2439 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s= parameter, ignoring: %s", lvalue, rvalue);
aad41f08
LP		 2440 return 0;
2441 }
d568a335 2442
6c58305a
YW		 2443 s->start_timeout_defined = true;
2444 s->timeout_start_usec = usec;
36c16a7c 2445
6c58305a 2446 if (streq(lvalue, "TimeoutSec"))
aad41f08 2447 s->timeout_stop_usec = usec;
36c16a7c 2448
d568a335 2449 return 0;
98709151
LN		 2450}
2451
a61d6874 2452int config_parse_timeout_abort(
dc653bf4
JK		 2453 const char *unit,
2454 const char *filename,
2455 unsigned line,
2456 const char *section,
2457 unsigned section_line,
2458 const char *lvalue,
2459 int ltype,
2460 const char *rvalue,
2461 void *data,
2462 void *userdata) {
2463
99534007 2464 usec_t *ret = ASSERT_PTR(data);
dc653bf4
JK		 2465 int r;
2466
2467 assert(filename);
2468 assert(lvalue);
2469 assert(rvalue);
a61d6874
ZJS		 2470
2471 /* Note: apart from setting the arg, this returns an extra bit of information in the return value. */
dc653bf4 2472
dc653bf4 2473 if (isempty(rvalue)) {
a61d6874
ZJS		 2474 *ret = 0;
2475 return 0; /* "not set" */
dc653bf4
JK		 2476 }
2477
a61d6874
ZJS		 2478 r = parse_sec(rvalue, ret);
2479 if (r < 0)
323dda78 2480 return log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s= setting, ignoring: %s", lvalue, rvalue);
a61d6874
ZJS		 2481
2482 return 1; /* "set" */
2483}
2484
2485int config_parse_service_timeout_abort(
2486 const char *unit,
2487 const char *filename,
2488 unsigned line,
2489 const char *section,
2490 unsigned section_line,
2491 const char *lvalue,
2492 int ltype,
2493 const char *rvalue,
2494 void *data,
2495 void *userdata) {
2496
99534007 2497 Service *s = ASSERT_PTR(userdata);
a61d6874 2498 int r;
dc653bf4 2499
a61d6874
ZJS		 2500 r = config_parse_timeout_abort(unit, filename, line, section, section_line, lvalue, ltype, rvalue,
2501 &s->timeout_abort_usec, s);
2502 if (r >= 0)
2503 s->timeout_abort_set = r;
dc653bf4
JK		 2504 return 0;
2505}
2506
ae480f0b 2507int config_parse_user_group_compat(
66dccd8d
LP		 2508 const char *unit,
2509 const char *filename,
2510 unsigned line,
2511 const char *section,
2512 unsigned section_line,
2513 const char *lvalue,
2514 int ltype,
2515 const char *rvalue,
2516 void *data,
2517 void *userdata) {
2518
063c4b1a
YW		 2519 _cleanup_free_ char *k = NULL;
2520 char **user = data;
99534007 2521 const Unit *u = ASSERT_PTR(userdata);
66dccd8d
LP		 2522 int r;
2523
2524 assert(filename);
2525 assert(lvalue);
2526 assert(rvalue);
66dccd8d 2527
063c4b1a
YW		 2528 if (isempty(rvalue)) {
2529 *user = mfree(*user);
2530 return 0;
2531 }
66dccd8d 2532
063c4b1a
YW		 2533 r = unit_full_printf(u, rvalue, &k);
2534 if (r < 0) {
2535 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", rvalue);
2536 return -ENOEXEC;
66dccd8d
LP		 2537 }
2538
7a8867ab 2539 if (!valid_user_group_name(k, VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX|VALID_USER_WARN)) {
063c4b1a
YW		 2540 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
2541 return -ENOEXEC;
2542 }
66dccd8d 2543
bed0b7df
LP		 2544 if (strstr(lvalue, "User") && streq(k, NOBODY_USER_NAME))
2545 log_struct(LOG_NOTICE,
2546 "MESSAGE=%s:%u: Special user %s configured, this is not safe!", filename, line, k,
2547 "UNIT=%s", unit,
2548 "MESSAGE_ID=" SD_MESSAGE_NOBODY_USER_UNSUITABLE_STR,
2549 "OFFENDING_USER=%s", k,
2550 "CONFIG_FILE=%s", filename,
2551 "CONFIG_LINE=%u", line);
2552
063c4b1a 2553 return free_and_replace(*user, k);
66dccd8d
LP		 2554}
2555
ae480f0b 2556int config_parse_user_group_strv_compat(
66dccd8d
LP		 2557 const char *unit,
2558 const char *filename,
2559 unsigned line,
2560 const char *section,
2561 unsigned section_line,
2562 const char *lvalue,
2563 int ltype,
2564 const char *rvalue,
2565 void *data,
2566 void *userdata) {
2567
2568 char ***users = data;
99534007 2569 const Unit *u = ASSERT_PTR(userdata);
66dccd8d
LP		 2570 int r;
2571
2572 assert(filename);
2573 assert(lvalue);
2574 assert(rvalue);
66dccd8d
LP		 2575
2576 if (isempty(rvalue)) {
9f2d41a6 2577 *users = strv_free(*users);
66dccd8d
LP		 2578 return 0;
2579 }
2580
323dda78 2581 for (const char *p = rvalue;;) {
66dccd8d
LP		 2582 _cleanup_free_ char *word = NULL, *k = NULL;
2583
9a82ab95 2584 r = extract_first_word(&p, &word, NULL, 0);
66dccd8d
LP		 2585 if (r == -ENOMEM)
2586 return log_oom();
2587 if (r < 0) {
bb28e684
ZJS		 2588 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax: %s", rvalue);
2589 return -ENOEXEC;
66dccd8d 2590 }
a687f500
ZJS		 2591 if (r == 0)
2592 return 0;
66dccd8d
LP		 2593
2594 r = unit_full_printf(u, word, &k);
2595 if (r < 0) {
bb28e684
ZJS		 2596 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", word);
2597 return -ENOEXEC;
66dccd8d
LP		 2598 }
2599
7a8867ab 2600 if (!valid_user_group_name(k, VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX|VALID_USER_WARN)) {
bb28e684
ZJS		 2601 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
2602 return -ENOEXEC;
66dccd8d
LP		 2603 }
2604
2605 r = strv_push(users, k);
2606 if (r < 0)
2607 return log_oom();
2608
2609 k = NULL;
2610 }
66dccd8d
LP		 2611}
2612
5f5d8eab
LP		 2613int config_parse_working_directory(
2614 const char *unit,
2615 const char *filename,
2616 unsigned line,
2617 const char *section,
2618 unsigned section_line,
2619 const char *lvalue,
2620 int ltype,
2621 const char *rvalue,
2622 void *data,
2623 void *userdata) {
2624
99534007
DT		 2625 ExecContext *c = ASSERT_PTR(data);
2626 const Unit *u = ASSERT_PTR(userdata);
5f5d8eab
LP		 2627 bool missing_ok;
2628 int r;
2629
2630 assert(filename);
2631 assert(lvalue);
2632 assert(rvalue);
5f5d8eab 2633
862fcffd
YW		 2634 if (isempty(rvalue)) {
2635 c->working_directory_home = false;
2636 c->working_directory = mfree(c->working_directory);
2637 return 0;
2638 }
2639
5f5d8eab
LP		 2640 if (rvalue[0] == '-') {
2641 missing_ok = true;
2642 rvalue++;
2643 } else
2644 missing_ok = false;
2645
2646 if (streq(rvalue, "~")) {
2647 c->working_directory_home = true;
2648 c->working_directory = mfree(c->working_directory);
2649 } else {
2650 _cleanup_free_ char *k = NULL;
2651
06536492 2652 r = unit_path_printf(u, rvalue, &k);
5f5d8eab 2653 if (r < 0) {
323dda78 2654 log_syntax(unit, missing_ok ? LOG_WARNING : LOG_ERR, filename, line, r,
bb28e684
ZJS		 2655 "Failed to resolve unit specifiers in working directory path '%s'%s: %m",
2656 rvalue, missing_ok ? ", ignoring" : "");
2657 return missing_ok ? 0 : -ENOEXEC;
5f5d8eab
LP		 2658 }
2659
2f4d31c1
YW		 2660 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE | (missing_ok ? 0 : PATH_CHECK_FATAL), unit, filename, line, lvalue);
2661 if (r < 0)
bb28e684 2662 return missing_ok ? 0 : -ENOEXEC;
5f5d8eab 2663
5f5d8eab 2664 c->working_directory_home = false;
bb28e684 2665 free_and_replace(c->working_directory, k);
5f5d8eab
LP		 2666 }
2667
2668 c->working_directory_missing_ok = missing_ok;
2669 return 0;
2670}
2671
e8e581bf
ZJS		 2672int config_parse_unit_env_file(const char *unit,
2673 const char *filename,
2674 unsigned line,
2675 const char *section,
71a61510 2676 unsigned section_line,
e8e581bf
ZJS		 2677 const char *lvalue,
2678 int ltype,
2679 const char *rvalue,
2680 void *data,
2681 void *userdata) {
ddb26e18 2682
99534007 2683 char ***env = ASSERT_PTR(data);
47538b76 2684 const Unit *u = userdata;
19f6d710 2685 _cleanup_free_ char *n = NULL;
853b8397 2686 int r;
ddb26e18
LP		 2687
2688 assert(filename);
2689 assert(lvalue);
2690 assert(rvalue);
ddb26e18 2691
74051b9b
LP		 2692 if (isempty(rvalue)) {
2693 /* Empty assignment frees the list */
6796073e 2694 *env = strv_free(*env);
74051b9b
LP		 2695 return 0;
2696 }
2697
06536492 2698 r = unit_full_printf_full(u, rvalue, PATH_MAX, &n);
12ca818f 2699 if (r < 0) {
323dda78 2700 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
12ca818f
LP		 2701 return 0;
2702 }
8fef7659 2703
2f4d31c1
YW		 2704 r = path_simplify_and_warn(n[0] == '-' ? n + 1 : n, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2705 if (r < 0)
afe4bfe2 2706 return 0;
afe4bfe2 2707
2f4d31c1 2708 r = strv_push(env, n);
853b8397
LP		 2709 if (r < 0)
2710 return log_oom();
2711
2f4d31c1
YW		 2712 n = NULL;
2713
853b8397
LP		 2714 return 0;
2715}
2716
f7f3f5c3
LP		 2717int config_parse_environ(
2718 const char *unit,
2719 const char *filename,
2720 unsigned line,
2721 const char *section,
2722 unsigned section_line,
2723 const char *lvalue,
2724 int ltype,
2725 const char *rvalue,
2726 void *data,
2727 void *userdata) {
853b8397 2728
47538b76 2729 const Unit *u = userdata;
99534007 2730 char ***env = ASSERT_PTR(data);
19f6d710 2731 int r;
853b8397
LP		 2732
2733 assert(filename);
2734 assert(lvalue);
2735 assert(rvalue);
853b8397
LP		 2736
2737 if (isempty(rvalue)) {
2738 /* Empty assignment resets the list */
6796073e 2739 *env = strv_free(*env);
853b8397
LP		 2740 return 0;
2741 }
2742
4870133b
LP		 2743 /* If 'u' is set, we operate on the regular unit specifier table. Otherwise we use a manager-specific
2744 * specifier table (in which case ltype must contain the runtime scope). */
2745 const Specifier *table = u ? NULL : (const Specifier[]) {
0b40688d
RP		 2746 COMMON_SYSTEM_SPECIFIERS,
2747 COMMON_TMP_SPECIFIERS,
4870133b 2748 COMMON_CREDS_SPECIFIERS(ltype),
0b40688d
RP		 2749 { 'h', specifier_user_home, NULL },
2750 { 's', specifier_user_shell, NULL },
2751 };
2752
323dda78 2753 for (const char *p = rvalue;; ) {
13734c75 2754 _cleanup_free_ char *word = NULL, *resolved = NULL;
035fe294 2755
4ec85141 2756 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
035fe294
ZJS		 2757 if (r == -ENOMEM)
2758 return log_oom();
12ca818f 2759 if (r < 0) {
035fe294
ZJS		 2760 log_syntax(unit, LOG_WARNING, filename, line, r,
2761 "Invalid syntax, ignoring: %s", rvalue);
12ca818f
LP		 2762 return 0;
2763 }
a687f500
ZJS		 2764 if (r == 0)
2765 return 0;
97d0e5f8 2766
4870133b 2767 if (table)
0b40688d 2768 r = specifier_printf(word, sc_arg_max(), table, NULL, NULL, &resolved);
4870133b
LP		 2769 else
2770 r = unit_env_printf(u, word, &resolved);
46a9ee5d
LP		 2771 if (r < 0) {
2772 log_syntax(unit, LOG_WARNING, filename, line, r,
2773 "Failed to resolve specifiers in %s, ignoring: %m", word);
2774 continue;
2775 }
853b8397 2776
13734c75 2777 if (!env_assignment_is_valid(resolved)) {
323dda78 2778 log_syntax(unit, LOG_WARNING, filename, line, 0,
13734c75 2779 "Invalid environment assignment, ignoring: %s", resolved);
853b8397
LP		 2780 continue;
2781 }
2782
13734c75 2783 r = strv_env_replace_consume(env, TAKE_PTR(resolved));
54ac3494 2784 if (r < 0)
13734c75 2785 return log_error_errno(r, "Failed to update environment: %m");
853b8397 2786 }
ddb26e18
LP		 2787}
2788
00819cc1
LP		 2789int config_parse_pass_environ(
2790 const char *unit,
2791 const char *filename,
2792 unsigned line,
2793 const char *section,
2794 unsigned section_line,
2795 const char *lvalue,
2796 int ltype,
2797 const char *rvalue,
2798 void *data,
2799 void *userdata) {
b4c14404 2800
b4c14404 2801 _cleanup_strv_free_ char **n = NULL;
47538b76 2802 const Unit *u = userdata;
99534007 2803 char*** passenv = ASSERT_PTR(data);
319a4f4b 2804 size_t nlen = 0;
b4c14404
FB		 2805 int r;
2806
2807 assert(filename);
2808 assert(lvalue);
2809 assert(rvalue);
b4c14404
FB		 2810
2811 if (isempty(rvalue)) {
2812 /* Empty assignment resets the list */
2813 *passenv = strv_free(*passenv);
2814 return 0;
2815 }
2816
323dda78 2817 for (const char *p = rvalue;;) {
41de9cc2 2818 _cleanup_free_ char *word = NULL, *k = NULL;
b4c14404 2819
4ec85141 2820 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
b4c14404
FB		 2821 if (r == -ENOMEM)
2822 return log_oom();
2823 if (r < 0) {
323dda78 2824 log_syntax(unit, LOG_WARNING, filename, line, r,
063c4b1a 2825 "Trailing garbage in %s, ignoring: %s", lvalue, rvalue);
b4c14404
FB		 2826 break;
2827 }
a687f500
ZJS		 2828 if (r == 0)
2829 break;
b4c14404 2830
41de9cc2 2831 if (u) {
06536492 2832 r = unit_env_printf(u, word, &k);
41de9cc2 2833 if (r < 0) {
323dda78 2834 log_syntax(unit, LOG_WARNING, filename, line, r,
063c4b1a 2835 "Failed to resolve specifiers in %s, ignoring: %m", word);
41de9cc2
LP		 2836 continue;
2837 }
ae2a15bc
LP		 2838 } else
2839 k = TAKE_PTR(word);
41de9cc2
LP		 2840
2841 if (!env_name_is_valid(k)) {
323dda78 2842 log_syntax(unit, LOG_WARNING, filename, line, 0,
41de9cc2 2843 "Invalid environment name for %s, ignoring: %s", lvalue, k);
b4c14404
FB		 2844 continue;
2845 }
2846
319a4f4b 2847 if (!GREEDY_REALLOC(n, nlen + 2))
b4c14404 2848 return log_oom();
41de9cc2 2849
1cc6c93a 2850 n[nlen++] = TAKE_PTR(k);
b4c14404 2851 n[nlen] = NULL;
b4c14404
FB		 2852 }
2853
2854 if (n) {
2855 r = strv_extend_strv(passenv, n, true);
2856 if (r < 0)
16eb0c4a 2857 return log_oom();
b4c14404
FB		 2858 }
2859
2860 return 0;
2861}
2862
00819cc1
LP		 2863int config_parse_unset_environ(
2864 const char *unit,
2865 const char *filename,
2866 unsigned line,
2867 const char *section,
2868 unsigned section_line,
2869 const char *lvalue,
2870 int ltype,
2871 const char *rvalue,
2872 void *data,
2873 void *userdata) {
2874
2875 _cleanup_strv_free_ char **n = NULL;
99534007 2876 char*** unsetenv = ASSERT_PTR(data);
47538b76 2877 const Unit *u = userdata;
319a4f4b 2878 size_t nlen = 0;
00819cc1
LP		 2879 int r;
2880
2881 assert(filename);
2882 assert(lvalue);
2883 assert(rvalue);
00819cc1
LP		 2884
2885 if (isempty(rvalue)) {
2886 /* Empty assignment resets the list */
2887 *unsetenv = strv_free(*unsetenv);
2888 return 0;
2889 }
2890
323dda78 2891 for (const char *p = rvalue;;) {
00819cc1
LP		 2892 _cleanup_free_ char *word = NULL, *k = NULL;
2893
4ec85141 2894 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
00819cc1
LP		 2895 if (r == -ENOMEM)
2896 return log_oom();
2897 if (r < 0) {
323dda78 2898 log_syntax(unit, LOG_WARNING, filename, line, r,
063c4b1a 2899 "Trailing garbage in %s, ignoring: %s", lvalue, rvalue);
00819cc1
LP		 2900 break;
2901 }
a687f500
ZJS		 2902 if (r == 0)
2903 break;
00819cc1
LP		 2904
2905 if (u) {
06536492 2906 r = unit_env_printf(u, word, &k);
00819cc1 2907 if (r < 0) {
323dda78 2908 log_syntax(unit, LOG_WARNING, filename, line, r,
063c4b1a 2909 "Failed to resolve unit specifiers in %s, ignoring: %m", word);
00819cc1
LP		 2910 continue;
2911 }
ae2a15bc
LP		 2912 } else
2913 k = TAKE_PTR(word);
00819cc1
LP		 2914
2915 if (!env_assignment_is_valid(k) && !env_name_is_valid(k)) {
323dda78 2916 log_syntax(unit, LOG_WARNING, filename, line, 0,
00819cc1
LP		 2917 "Invalid environment name or assignment %s, ignoring: %s", lvalue, k);
2918 continue;
2919 }
2920
319a4f4b 2921 if (!GREEDY_REALLOC(n, nlen + 2))
00819cc1
LP		 2922 return log_oom();
2923
1cc6c93a 2924 n[nlen++] = TAKE_PTR(k);
00819cc1 2925 n[nlen] = NULL;
00819cc1
LP		 2926 }
2927
2928 if (n) {
2929 r = strv_extend_strv(unsetenv, n, true);
2930 if (r < 0)
16eb0c4a 2931 return log_oom();
00819cc1
LP		 2932 }
2933
2934 return 0;
2935}
2936
d3070fbd
LP		 2937int config_parse_log_extra_fields(
2938 const char *unit,
2939 const char *filename,
2940 unsigned line,
2941 const char *section,
2942 unsigned section_line,
2943 const char *lvalue,
2944 int ltype,
2945 const char *rvalue,
2946 void *data,
2947 void *userdata) {
2948
99534007 2949 ExecContext *c = ASSERT_PTR(data);
47538b76 2950 const Unit *u = userdata;
d3070fbd
LP		 2951 int r;
2952
2953 assert(filename);
2954 assert(lvalue);
2955 assert(rvalue);
d3070fbd
LP		 2956
2957 if (isempty(rvalue)) {
2958 exec_context_free_log_extra_fields(c);
2959 return 0;
2960 }
2961
323dda78 2962 for (const char *p = rvalue;;) {
d3070fbd
LP		 2963 _cleanup_free_ char *word = NULL, *k = NULL;
2964 struct iovec *t;
2965 const char *eq;
2966
4ec85141 2967 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
d3070fbd
LP		 2968 if (r == -ENOMEM)
2969 return log_oom();
2970 if (r < 0) {
2971 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
2972 return 0;
2973 }
a687f500
ZJS		 2974 if (r == 0)
2975 return 0;
d3070fbd
LP		 2976
2977 r = unit_full_printf(u, word, &k);
2978 if (r < 0) {
323dda78 2979 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", word);
d3070fbd
LP		 2980 continue;
2981 }
2982
2983 eq = strchr(k, '=');
2984 if (!eq) {
323dda78 2985 log_syntax(unit, LOG_WARNING, filename, line, 0, "Log field lacks '=' character, ignoring: %s", k);
d3070fbd
LP		 2986 continue;
2987 }
2988
2989 if (!journal_field_valid(k, eq-k, false)) {
323dda78 2990 log_syntax(unit, LOG_WARNING, filename, line, 0, "Log field name is invalid, ignoring: %s", k);
d3070fbd
LP		 2991 continue;
2992 }
2993
aa484f35 2994 t = reallocarray(c->log_extra_fields, c->n_log_extra_fields+1, sizeof(struct iovec));
d3070fbd
LP		 2995 if (!t)
2996 return log_oom();
2997
2998 c->log_extra_fields = t;
2999 c->log_extra_fields[c->n_log_extra_fields++] = IOVEC_MAKE_STRING(k);
3000
3001 k = NULL;
3002 }
d3070fbd
LP		 3003}
3004
91dd5f7c
LP		 3005int config_parse_log_namespace(
3006 const char *unit,
3007 const char *filename,
3008 unsigned line,
3009 const char *section,
3010 unsigned section_line,
3011 const char *lvalue,
3012 int ltype,
3013 const char *rvalue,
3014 void *data,
3015 void *userdata) {
3016
3017 _cleanup_free_ char *k = NULL;
99534007 3018 ExecContext *c = ASSERT_PTR(data);
91dd5f7c
LP		 3019 const Unit *u = userdata;
3020 int r;
3021
3022 assert(filename);
3023 assert(lvalue);
3024 assert(rvalue);
91dd5f7c
LP		 3025
3026 if (isempty(rvalue)) {
3027 c->log_namespace = mfree(c->log_namespace);
3028 return 0;
3029 }
3030
06536492 3031 r = unit_full_printf_full(u, rvalue, NAME_MAX, &k);
91dd5f7c 3032 if (r < 0) {
323dda78 3033 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
91dd5f7c
LP		 3034 return 0;
3035 }
3036
3037 if (!log_namespace_name_valid(k)) {
323dda78 3038 log_syntax(unit, LOG_WARNING, filename, line, 0, "Specified log namespace name is not valid, ignoring: %s", k);
91dd5f7c
LP		 3039 return 0;
3040 }
3041
3042 free_and_replace(c->log_namespace, k);
3043 return 0;
3044}
3045
59fccdc5
LP		 3046int config_parse_unit_condition_path(
3047 const char *unit,
3048 const char *filename,
3049 unsigned line,
3050 const char *section,
3051 unsigned section_line,
3052 const char *lvalue,
3053 int ltype,
3054 const char *rvalue,
3055 void *data,
3056 void *userdata) {
52661efd 3057
2fbe635a 3058 _cleanup_free_ char *p = NULL;
99534007 3059 Condition **list = ASSERT_PTR(data), *c;
59fccdc5
LP		 3060 ConditionType t = ltype;
3061 bool trigger, negate;
47538b76 3062 const Unit *u = userdata;
19f6d710 3063 int r;
52661efd
LP		 3064
3065 assert(filename);
3066 assert(lvalue);
3067 assert(rvalue);
52661efd 3068
74051b9b
LP		 3069 if (isempty(rvalue)) {
3070 /* Empty assignment resets the list */
447021aa 3071 *list = condition_free_list(*list);
74051b9b
LP		 3072 return 0;
3073 }
3074
ab7f148f
LP		 3075 trigger = rvalue[0] == '|';
3076 if (trigger)
267632f0
LP		 3077 rvalue++;
3078
ab7f148f
LP		 3079 negate = rvalue[0] == '!';
3080 if (negate)
52661efd
LP		 3081 rvalue++;
3082
06536492 3083 r = unit_path_printf(u, rvalue, &p);
59fccdc5 3084 if (r < 0) {
323dda78 3085 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
59fccdc5 3086 return 0;
19f6d710 3087 }
095b2d7a 3088
2f4d31c1
YW		 3089 r = path_simplify_and_warn(p, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
3090 if (r < 0)
52661efd 3091 return 0;
52661efd 3092
59fccdc5 3093 c = condition_new(t, p, trigger, negate);
ab7f148f 3094 if (!c)
74051b9b 3095 return log_oom();
52661efd 3096
59fccdc5 3097 LIST_PREPEND(conditions, *list, c);
52661efd
LP		 3098 return 0;
3099}
3100
59fccdc5
LP		 3101int config_parse_unit_condition_string(
3102 const char *unit,
3103 const char *filename,
3104 unsigned line,
3105 const char *section,
3106 unsigned section_line,
3107 const char *lvalue,
3108 int ltype,
3109 const char *rvalue,
3110 void *data,
3111 void *userdata) {
039655a4 3112
2fbe635a 3113 _cleanup_free_ char *s = NULL;
99534007 3114 Condition **list = ASSERT_PTR(data), *c;
59fccdc5
LP		 3115 ConditionType t = ltype;
3116 bool trigger, negate;
47538b76 3117 const Unit *u = userdata;
19f6d710 3118 int r;
039655a4
LP		 3119
3120 assert(filename);
3121 assert(lvalue);
3122 assert(rvalue);
039655a4 3123
74051b9b
LP		 3124 if (isempty(rvalue)) {
3125 /* Empty assignment resets the list */
447021aa 3126 *list = condition_free_list(*list);
74051b9b
LP		 3127 return 0;
3128 }
3129
9266f31e 3130 trigger = *rvalue == '|';
c0d6e764 3131 if (trigger)
9266f31e 3132 rvalue += 1 + strspn(rvalue + 1, WHITESPACE);
267632f0 3133
9266f31e 3134 negate = *rvalue == '!';
c0d6e764 3135 if (negate)
9266f31e 3136 rvalue += 1 + strspn(rvalue + 1, WHITESPACE);
039655a4 3137
19f6d710 3138 r = unit_full_printf(u, rvalue, &s);
59fccdc5 3139 if (r < 0) {
323dda78 3140 log_syntax(unit, LOG_WARNING, filename, line, r,
cae90de3 3141 "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
59fccdc5 3142 return 0;
19f6d710 3143 }
095b2d7a 3144
59fccdc5 3145 c = condition_new(t, s, trigger, negate);
c0d6e764
LP		 3146 if (!c)
3147 return log_oom();
039655a4 3148
59fccdc5 3149 LIST_PREPEND(conditions, *list, c);
039655a4
LP		 3150 return 0;
3151}
3152
a57f7e2c
LP		 3153int config_parse_unit_requires_mounts_for(
3154 const char *unit,
3155 const char *filename,
3156 unsigned line,
3157 const char *section,
71a61510 3158 unsigned section_line,
a57f7e2c
LP		 3159 const char *lvalue,
3160 int ltype,
3161 const char *rvalue,
3162 void *data,
3163 void *userdata) {
7c8fa05c
LP		 3164
3165 Unit *u = userdata;
035fe294 3166 int r;
7c8fa05c
LP		 3167
3168 assert(filename);
3169 assert(lvalue);
3170 assert(rvalue);
3171 assert(data);
3172
323dda78 3173 for (const char *p = rvalue;;) {
744bb5b1 3174 _cleanup_free_ char *word = NULL, *resolved = NULL;
a57f7e2c 3175
4ec85141 3176 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
035fe294 3177 if (r == -ENOMEM)
a57f7e2c 3178 return log_oom();
035fe294
ZJS		 3179 if (r < 0) {
3180 log_syntax(unit, LOG_WARNING, filename, line, r,
3181 "Invalid syntax, ignoring: %s", rvalue);
3182 return 0;
3183 }
a687f500
ZJS		 3184 if (r == 0)
3185 return 0;
7c8fa05c 3186
06536492 3187 r = unit_path_printf(u, word, &resolved);
744bb5b1 3188 if (r < 0) {
323dda78 3189 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
744bb5b1
LP		 3190 continue;
3191 }
3192
2f4d31c1
YW		 3193 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
3194 if (r < 0)
3195 continue;
3196
eef85c4a 3197 r = unit_require_mounts_for(u, resolved, UNIT_DEPENDENCY_FILE);
a57f7e2c 3198 if (r < 0) {
323dda78 3199 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to add required mount '%s', ignoring: %m", resolved);
a57f7e2c
LP		 3200 continue;
3201 }
3202 }
7c8fa05c 3203}
9e372868 3204
8c6493e5
YW		 3205int config_parse_documentation(
3206 const char *unit,
3207 const char *filename,
3208 unsigned line,
3209 const char *section,
3210 unsigned section_line,
3211 const char *lvalue,
3212 int ltype,
3213 const char *rvalue,
3214 void *data,
3215 void *userdata) {
49dbfa7b 3216
99534007 3217 Unit *u = ASSERT_PTR(userdata);
49dbfa7b
LP		 3218 int r;
3219 char **a, **b;
3220
3221 assert(filename);
3222 assert(lvalue);
3223 assert(rvalue);
49dbfa7b 3224
74051b9b
LP		 3225 if (isempty(rvalue)) {
3226 /* Empty assignment resets the list */
6796073e 3227 u->documentation = strv_free(u->documentation);
74051b9b
LP		 3228 return 0;
3229 }
3230
71a61510 3231 r = config_parse_unit_strv_printf(unit, filename, line, section, section_line, lvalue, ltype,
e8e581bf 3232 rvalue, data, userdata);
49dbfa7b
LP		 3233 if (r < 0)
3234 return r;
3235
3236 for (a = b = u->documentation; a && *a; a++) {
3237
a2e03378 3238 if (documentation_url_is_valid(*a))
49dbfa7b
LP		 3239 *(b++) = *a;
3240 else {
323dda78 3241 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid URL, ignoring: %s", *a);
49dbfa7b
LP		 3242 free(*a);
3243 }
3244 }
f6d2d421
ZJS		 3245 if (b)
3246 *b = NULL;
49dbfa7b 3247
8c6493e5 3248 return 0;
49dbfa7b
LP		 3249}
3250
349cc4a5 3251#if HAVE_SECCOMP
17df7223
LP		 3252int config_parse_syscall_filter(
3253 const char *unit,
3254 const char *filename,
3255 unsigned line,
3256 const char *section,
3257 unsigned section_line,
3258 const char *lvalue,
3259 int ltype,
3260 const char *rvalue,
3261 void *data,
3262 void *userdata) {
3263
8351ceae 3264 ExecContext *c = data;
99534007 3265 _unused_ const Unit *u = ASSERT_PTR(userdata);
b5fb3789 3266 bool invert = false;
17df7223 3267 int r;
8351ceae
LP		 3268
3269 assert(filename);
3270 assert(lvalue);
3271 assert(rvalue);
8351ceae 3272
74051b9b
LP		 3273 if (isempty(rvalue)) {
3274 /* Empty assignment resets the list */
8cfa775f 3275 c->syscall_filter = hashmap_free(c->syscall_filter);
6b000af4 3276 c->syscall_allow_list = false;
74051b9b
LP		 3277 return 0;
3278 }
3279
8351ceae
LP		 3280 if (rvalue[0] == '~') {
3281 invert = true;
3282 rvalue++;
3283 }
3284
17df7223 3285 if (!c->syscall_filter) {
8cfa775f 3286 c->syscall_filter = hashmap_new(NULL);
17df7223
LP		 3287 if (!c->syscall_filter)
3288 return log_oom();
3289
c0467cf3 3290 if (invert)
17df7223 3291 /* Allow everything but the ones listed */
6b000af4 3292 c->syscall_allow_list = false;
c0467cf3 3293 else {
17df7223 3294 /* Allow nothing but the ones listed */
6b000af4 3295 c->syscall_allow_list = true;
8351ceae 3296
387f6955 3297 /* Accept default syscalls if we are on an allow_list */
2f6b9110
LP		 3298 r = seccomp_parse_syscall_filter(
3299 "@default", -1, c->syscall_filter,
6b000af4 3300 SECCOMP_PARSE_PERMISSIVE|SECCOMP_PARSE_ALLOW_LIST,
58f6ab44
ZJS		 3301 unit,
3302 NULL, 0);
201c1cc2
TM		 3303 if (r < 0)
3304 return r;
c0467cf3 3305 }
8351ceae
LP		 3306 }
3307
323dda78 3308 for (const char *p = rvalue;;) {
8cfa775f
YW		 3309 _cleanup_free_ char *word = NULL, *name = NULL;
3310 int num;
8351ceae 3311
8130926d 3312 r = extract_first_word(&p, &word, NULL, 0);
8130926d 3313 if (r == -ENOMEM)
74051b9b 3314 return log_oom();
8130926d 3315 if (r < 0) {
084a46d7
YW		 3316 log_syntax(unit, LOG_WARNING, filename, line, r,
3317 "Invalid syntax, ignoring: %s", rvalue);
063c4b1a 3318 return 0;
8130926d 3319 }
a687f500
ZJS		 3320 if (r == 0)
3321 return 0;
8351ceae 3322
8cfa775f
YW		 3323 r = parse_syscall_and_errno(word, &name, &num);
3324 if (r < 0) {
084a46d7
YW		 3325 log_syntax(unit, LOG_WARNING, filename, line, r,
3326 "Failed to parse syscall:errno, ignoring: %s", word);
3327 continue;
3328 }
3329 if (!invert && num >= 0) {
3330 log_syntax(unit, LOG_WARNING, filename, line, 0,
3331 "Allow-listed system calls cannot take error number, ignoring: %s", word);
8cfa775f
YW		 3332 continue;
3333 }
3334
58f6ab44 3335 r = seccomp_parse_syscall_filter(
acd142af
LP		 3336 name, num, c->syscall_filter,
3337 SECCOMP_PARSE_LOG|SECCOMP_PARSE_PERMISSIVE|
3338 (invert ? SECCOMP_PARSE_INVERT : 0)|
6b000af4 3339 (c->syscall_allow_list ? SECCOMP_PARSE_ALLOW_LIST : 0),
acd142af 3340 unit, filename, line);
201c1cc2
TM		 3341 if (r < 0)
3342 return r;
c0467cf3 3343 }
17df7223
LP		 3344}
3345
9df2cdd8
TM		 3346int config_parse_syscall_log(
3347 const char *unit,
3348 const char *filename,
3349 unsigned line,
3350 const char *section,
3351 unsigned section_line,
3352 const char *lvalue,
3353 int ltype,
3354 const char *rvalue,
3355 void *data,
3356 void *userdata) {
3357
3358 ExecContext *c = data;
99534007 3359 _unused_ const Unit *u = ASSERT_PTR(userdata);
9df2cdd8
TM		 3360 bool invert = false;
3361 const char *p;
3362 int r;
3363
3364 assert(filename);
3365 assert(lvalue);
3366 assert(rvalue);
9df2cdd8
TM		 3367
3368 if (isempty(rvalue)) {
3369 /* Empty assignment resets the list */
3370 c->syscall_log = hashmap_free(c->syscall_log);
3371 c->syscall_log_allow_list = false;
3372 return 0;
3373 }
3374
3375 if (rvalue[0] == '~') {
3376 invert = true;
3377 rvalue++;
3378 }
3379
3380 if (!c->syscall_log) {
3381 c->syscall_log = hashmap_new(NULL);
3382 if (!c->syscall_log)
3383 return log_oom();
3384
3385 if (invert)
3386 /* Log everything but the ones listed */
3387 c->syscall_log_allow_list = false;
3388 else
3389 /* Log nothing but the ones listed */
3390 c->syscall_log_allow_list = true;
3391 }
3392
3393 p = rvalue;
3394 for (;;) {
696a13ba 3395 _cleanup_free_ char *word = NULL;
9df2cdd8
TM		 3396
3397 r = extract_first_word(&p, &word, NULL, 0);
9df2cdd8
TM		 3398 if (r == -ENOMEM)
3399 return log_oom();
3400 if (r < 0) {
3401 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
3402 return 0;
3403 }
a687f500
ZJS		 3404 if (r == 0)
3405 return 0;
9df2cdd8 3406
9df2cdd8 3407 r = seccomp_parse_syscall_filter(
696a13ba 3408 word, -1, c->syscall_log,
9df2cdd8
TM		 3409 SECCOMP_PARSE_LOG|SECCOMP_PARSE_PERMISSIVE|
3410 (invert ? SECCOMP_PARSE_INVERT : 0)|
3411 (c->syscall_log_allow_list ? SECCOMP_PARSE_ALLOW_LIST : 0),
3412 unit, filename, line);
3413 if (r < 0)
3414 return r;
3415 }
3416}
3417
57183d11
LP		 3418int config_parse_syscall_archs(
3419 const char *unit,
3420 const char *filename,
3421 unsigned line,
3422 const char *section,
3423 unsigned section_line,
3424 const char *lvalue,
3425 int ltype,
3426 const char *rvalue,
3427 void *data,
3428 void *userdata) {
3429
d3b1c508 3430 Set **archs = data;
57183d11
LP		 3431 int r;
3432
3433 if (isempty(rvalue)) {
525d3cc7 3434 *archs = set_free(*archs);
57183d11
LP		 3435 return 0;
3436 }
3437
323dda78 3438 for (const char *p = rvalue;;) {
035fe294 3439 _cleanup_free_ char *word = NULL;
57183d11
LP		 3440 uint32_t a;
3441
4ec85141 3442 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
035fe294 3443 if (r == -ENOMEM)
57183d11 3444 return log_oom();
035fe294
ZJS		 3445 if (r < 0) {
3446 log_syntax(unit, LOG_WARNING, filename, line, r,
3447 "Invalid syntax, ignoring: %s", rvalue);
3448 return 0;
3449 }
a687f500
ZJS		 3450 if (r == 0)
3451 return 0;
57183d11 3452
035fe294 3453 r = seccomp_arch_from_string(word, &a);
57183d11 3454 if (r < 0) {
323dda78 3455 log_syntax(unit, LOG_WARNING, filename, line, r,
035fe294 3456 "Failed to parse system call architecture \"%s\", ignoring: %m", word);
57183d11
LP		 3457 continue;
3458 }
3459
de7fef4b 3460 r = set_ensure_put(archs, NULL, UINT32_TO_PTR(a + 1));
57183d11
LP		 3461 if (r < 0)
3462 return log_oom();
3463 }
57183d11
LP		 3464}
3465
17df7223
LP		 3466int config_parse_syscall_errno(
3467 const char *unit,
3468 const char *filename,
3469 unsigned line,
3470 const char *section,
3471 unsigned section_line,
3472 const char *lvalue,
3473 int ltype,
3474 const char *rvalue,
3475 void *data,
3476 void *userdata) {
3477
3478 ExecContext *c = data;
3479 int e;
3480
3481 assert(filename);
3482 assert(lvalue);
3483 assert(rvalue);
3484
005bfaf1 3485 if (isempty(rvalue) || streq(rvalue, "kill")) {
17df7223 3486 /* Empty assignment resets to KILL */
005bfaf1 3487 c->syscall_errno = SECCOMP_ERROR_NUMBER_KILL;
17df7223 3488 return 0;
8351ceae
LP		 3489 }
3490
3df90f24 3491 e = parse_errno(rvalue);
b98680b2
YW		 3492 if (e < 0) {
3493 log_syntax(unit, LOG_WARNING, filename, line, e, "Failed to parse error number, ignoring: %s", rvalue);
3494 return 0;
3495 }
3496 if (e == 0) {
3497 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid error number, ignoring: %s", rvalue);
17df7223
LP		 3498 return 0;
3499 }
8351ceae 3500
17df7223 3501 c->syscall_errno = e;
8351ceae
LP		 3502 return 0;
3503}
4298d0b5
LP		 3504
3505int config_parse_address_families(
3506 const char *unit,
3507 const char *filename,
3508 unsigned line,
3509 const char *section,
3510 unsigned section_line,
3511 const char *lvalue,
3512 int ltype,
3513 const char *rvalue,
3514 void *data,
3515 void *userdata) {
3516
3517 ExecContext *c = data;
4298d0b5 3518 bool invert = false;
4298d0b5
LP		 3519 int r;
3520
3521 assert(filename);
3522 assert(lvalue);
3523 assert(rvalue);
4298d0b5
LP		 3524
3525 if (isempty(rvalue)) {
3526 /* Empty assignment resets the list */
525d3cc7 3527 c->address_families = set_free(c->address_families);
6b000af4 3528 c->address_families_allow_list = false;
4298d0b5
LP		 3529 return 0;
3530 }
3531
4e6c50a5
YW		 3532 if (streq(rvalue, "none")) {
3533 /* Forbid all address families. */
3534 c->address_families = set_free(c->address_families);
3535 c->address_families_allow_list = true;
3536 return 0;
3537 }
3538
4298d0b5
LP		 3539 if (rvalue[0] == '~') {
3540 invert = true;
3541 rvalue++;
3542 }
3543
3544 if (!c->address_families) {
d5099efc 3545 c->address_families = set_new(NULL);
4298d0b5
LP		 3546 if (!c->address_families)
3547 return log_oom();
3548
6b000af4 3549 c->address_families_allow_list = !invert;
4298d0b5
LP		 3550 }
3551
323dda78 3552 for (const char *p = rvalue;;) {
035fe294 3553 _cleanup_free_ char *word = NULL;
4298d0b5
LP		 3554 int af;
3555
4ec85141 3556 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
035fe294 3557 if (r == -ENOMEM)
4298d0b5 3558 return log_oom();
035fe294
ZJS		 3559 if (r < 0) {
3560 log_syntax(unit, LOG_WARNING, filename, line, r,
3561 "Invalid syntax, ignoring: %s", rvalue);
3562 return 0;
3563 }
a687f500
ZJS		 3564 if (r == 0)
3565 return 0;
4298d0b5 3566
035fe294 3567 af = af_from_name(word);
acf4d158 3568 if (af < 0) {
323dda78 3569 log_syntax(unit, LOG_WARNING, filename, line, af,
063c4b1a 3570 "Failed to parse address family, ignoring: %s", word);
4298d0b5
LP		 3571 continue;
3572 }
3573
3574 /* If we previously wanted to forbid an address family and now
035fe294 3575 * we want to allow it, then just remove it from the list.
4298d0b5 3576 */
6b000af4 3577 if (!invert == c->address_families_allow_list) {
4298d0b5 3578 r = set_put(c->address_families, INT_TO_PTR(af));
4298d0b5
LP		 3579 if (r < 0)
3580 return log_oom();
3581 } else
3582 set_remove(c->address_families, INT_TO_PTR(af));
3583 }
4298d0b5 3584}
add00535
LP		 3585
3586int config_parse_restrict_namespaces(
3587 const char *unit,
3588 const char *filename,
3589 unsigned line,
3590 const char *section,
3591 unsigned section_line,
3592 const char *lvalue,
3593 int ltype,
3594 const char *rvalue,
3595 void *data,
3596 void *userdata) {
3597
3598 ExecContext *c = data;
aa9d574d 3599 unsigned long flags;
add00535
LP		 3600 bool invert = false;
3601 int r;
3602
3603 if (isempty(rvalue)) {
3604 /* Reset to the default. */
aa9d574d
YW		 3605 c->restrict_namespaces = NAMESPACE_FLAGS_INITIAL;
3606 return 0;
3607 }
3608
3609 /* Boolean parameter ignores the previous settings */
3610 r = parse_boolean(rvalue);
3611 if (r > 0) {
3612 c->restrict_namespaces = 0;
3613 return 0;
3614 } else if (r == 0) {
add00535
LP		 3615 c->restrict_namespaces = NAMESPACE_FLAGS_ALL;
3616 return 0;
3617 }
3618
3619 if (rvalue[0] == '~') {
3620 invert = true;
3621 rvalue++;
3622 }
3623
aa9d574d
YW		 3624 /* Not a boolean argument, in this case it's a list of namespace types. */
3625 r = namespace_flags_from_string(rvalue, &flags);
3626 if (r < 0) {
323dda78 3627 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse namespace type string, ignoring: %s", rvalue);
aa9d574d 3628 return 0;
add00535
LP		 3629 }
3630
aa9d574d
YW		 3631 if (c->restrict_namespaces == NAMESPACE_FLAGS_INITIAL)
3632 /* Initial assignment. Just set the value. */
3633 c->restrict_namespaces = invert ? (~flags) & NAMESPACE_FLAGS_ALL : flags;
3634 else
3635 /* Merge the value with the previous one. */
3636 SET_FLAG(c->restrict_namespaces, flags, !invert);
add00535
LP		 3637
3638 return 0;
3639}
c0467cf3 3640#endif
8351ceae 3641
e59ccd03
ILG		 3642int config_parse_restrict_filesystems(
3643 const char *unit,
3644 const char *filename,
3645 unsigned line,
3646 const char *section,
3647 unsigned section_line,
3648 const char *lvalue,
3649 int ltype,
3650 const char *rvalue,
3651 void *data,
3652 void *userdata) {
99534007 3653 ExecContext *c = ASSERT_PTR(data);
e59ccd03
ILG		 3654 bool invert = false;
3655 int r;
3656
3657 assert(filename);
3658 assert(lvalue);
3659 assert(rvalue);
e59ccd03
ILG		 3660
3661 if (isempty(rvalue)) {
3662 /* Empty assignment resets the list */
1a572fd0 3663 c->restrict_filesystems = set_free_free(c->restrict_filesystems);
e59ccd03
ILG		 3664 c->restrict_filesystems_allow_list = false;
3665 return 0;
3666 }
3667
3668 if (rvalue[0] == '~') {
3669 invert = true;
3670 rvalue++;
3671 }
3672
3673 if (!c->restrict_filesystems) {
3674 if (invert)
3675 /* Allow everything but the ones listed */
3676 c->restrict_filesystems_allow_list = false;
3677 else
3678 /* Allow nothing but the ones listed */
3679 c->restrict_filesystems_allow_list = true;
3680 }
3681
3682 for (const char *p = rvalue;;) {
3683 _cleanup_free_ char *word = NULL;
3684
3685 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
3686 if (r == 0)
3687 break;
3688 if (r == -ENOMEM)
3689 return log_oom();
3690 if (r < 0) {
3691 log_syntax(unit, LOG_WARNING, filename, line, r,
3692 "Trailing garbage in %s, ignoring: %s", lvalue, rvalue);
3693 break;
3694 }
3695
3696 r = lsm_bpf_parse_filesystem(
3697 word,
3698 &c->restrict_filesystems,
3699 FILESYSTEM_PARSE_LOG|
3700 (invert ? FILESYSTEM_PARSE_INVERT : 0)|
3701 (c->restrict_filesystems_allow_list ? FILESYSTEM_PARSE_ALLOW_LIST : 0),
3702 unit, filename, line);
3703
3704 if (r < 0)
3705 return r;
3706 }
3707
3708 return 0;
3709}
3710
a016b922
LP		 3711int config_parse_unit_slice(
3712 const char *unit,
3713 const char *filename,
3714 unsigned line,
3715 const char *section,
71a61510 3716 unsigned section_line,
a016b922
LP		 3717 const char *lvalue,
3718 int ltype,
3719 const char *rvalue,
3720 void *data,
3721 void *userdata) {
3722
063c4b1a 3723 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
a016b922 3724 _cleanup_free_ char *k = NULL;
abc9fa1c 3725 Unit *u = userdata, *slice;
a016b922
LP		 3726 int r;
3727
3728 assert(filename);
3729 assert(lvalue);
3730 assert(rvalue);
3731 assert(u);
3732
19f6d710 3733 r = unit_name_printf(u, rvalue, &k);
d79200e2 3734 if (r < 0) {
323dda78 3735 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
d79200e2 3736 return 0;
19f6d710 3737 }
a016b922 3738
063c4b1a 3739 r = manager_load_unit(u->manager, k, NULL, &error, &slice);
a016b922 3740 if (r < 0) {
323dda78 3741 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to load slice unit %s, ignoring: %s", k, bus_error_message(&error, r));
a016b922
LP		 3742 return 0;
3743 }
3744
899acf5c 3745 r = unit_set_slice(u, slice);
d79200e2 3746 if (r < 0) {
323dda78 3747 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to assign slice %s to unit %s, ignoring: %m", slice->id, u->id);
a016b922
LP		 3748 return 0;
3749 }
3750
a016b922
LP		 3751 return 0;
3752}
3753
b2f8b02e
LP		 3754int config_parse_cpu_quota(
3755 const char *unit,
3756 const char *filename,
3757 unsigned line,
3758 const char *section,
3759 unsigned section_line,
3760 const char *lvalue,
3761 int ltype,
3762 const char *rvalue,
3763 void *data,
3764 void *userdata) {
3765
3766 CGroupContext *c = data;
9184ca48 3767 int r;
b2f8b02e
LP		 3768
3769 assert(filename);
3770 assert(lvalue);
3771 assert(rvalue);
3772
3773 if (isempty(rvalue)) {
3a43da28 3774 c->cpu_quota_per_sec_usec = USEC_INFINITY;
b2f8b02e
LP		 3775 return 0;
3776 }
3777
fe845b5e 3778 r = parse_permyriad_unbounded(rvalue);
9184ca48 3779 if (r <= 0) {
323dda78 3780 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid CPU quota '%s', ignoring.", rvalue);
9a054909 3781 return 0;
b2f8b02e
LP		 3782 }
3783
fe845b5e 3784 c->cpu_quota_per_sec_usec = ((usec_t) r * USEC_PER_SEC) / 10000U;
b2f8b02e
LP		 3785 return 0;
3786}
3787
31d3a520 3788int config_parse_allowed_cpuset(
047f5d63
PH		 3789 const char *unit,
3790 const char *filename,
3791 unsigned line,
3792 const char *section,
3793 unsigned section_line,
3794 const char *lvalue,
3795 int ltype,
3796 const char *rvalue,
3797 void *data,
3798 void *userdata) {
3799
31d3a520 3800 CPUSet *c = data;
047f5d63 3801
31d3a520 3802 (void) parse_cpu_set_extend(rvalue, c, true, unit, filename, line, lvalue);
047f5d63
PH		 3803 return 0;
3804}
3805
4ad49000
LP		 3806int config_parse_memory_limit(
3807 const char *unit,
3808 const char *filename,
3809 unsigned line,
3810 const char *section,
71a61510 3811 unsigned section_line,
4ad49000
LP		 3812 const char *lvalue,
3813 int ltype,
3814 const char *rvalue,
3815 void *data,
3816 void *userdata) {
3817
3818 CGroupContext *c = data;
da4d897e 3819 uint64_t bytes = CGROUP_LIMIT_MAX;
4ad49000
LP		 3820 int r;
3821
67e2baff
MK		 3822 if (isempty(rvalue) && STR_IN_SET(lvalue, "DefaultMemoryLow",
3823 "DefaultMemoryMin",
3824 "MemoryLow",
53fda560 3825 "StartupMemoryLow",
67e2baff 3826 "MemoryMin"))
db2b8d2e 3827 bytes = CGROUP_LIMIT_MIN;
67e2baff 3828 else if (!isempty(rvalue) && !streq(rvalue, "infinity")) {
875ae566 3829
fe845b5e 3830 r = parse_permyriad(rvalue);
875ae566
LP		 3831 if (r < 0) {
3832 r = parse_size(rvalue, 1024, &bytes);
3833 if (r < 0) {
323dda78 3834 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid memory limit '%s', ignoring: %m", rvalue);
875ae566
LP		 3835 return 0;
3836 }
3837 } else
fe845b5e 3838 bytes = physical_memory_scale(r, 10000U);
875ae566 3839
906bdbf5 3840 if (bytes >= UINT64_MAX ||
53fda560
LB		 3841 (bytes <= 0 && !STR_IN_SET(lvalue,
3842 "MemorySwapMax",
3843 "StartupMemorySwapMax",
3844 "MemoryZSwapMax",
3845 "StartupMemoryZSwapMax",
3846 "MemoryLow",
3847 "StartupMemoryLow",
3848 "MemoryMin",
3849 "DefaultMemoryLow",
3850 "DefaultstartupMemoryLow",
3851 "DefaultMemoryMin"))) {
323dda78 3852 log_syntax(unit, LOG_WARNING, filename, line, 0, "Memory limit '%s' out of range, ignoring.", rvalue);
da4d897e
TH		 3853 return 0;
3854 }
4ad49000
LP		 3855 }
3856
c52db42b 3857 if (streq(lvalue, "DefaultMemoryLow")) {
db2b8d2e 3858 c->default_memory_low = bytes;
c52db42b 3859 c->default_memory_low_set = true;
53fda560
LB		 3860 } else if (streq(lvalue, "DefaultStartupMemoryLow")) {
3861 c->default_startup_memory_low = bytes;
3862 c->default_startup_memory_low_set = true;
7ad5439e 3863 } else if (streq(lvalue, "DefaultMemoryMin")) {
db2b8d2e 3864 c->default_memory_min = bytes;
7ad5439e 3865 c->default_memory_min_set = true;
7ad5439e 3866 } else if (streq(lvalue, "MemoryMin")) {
48422635 3867 c->memory_min = bytes;
311a0e2e 3868 c->memory_min_set = true;
7ad5439e 3869 } else if (streq(lvalue, "MemoryLow")) {
da4d897e 3870 c->memory_low = bytes;
311a0e2e 3871 c->memory_low_set = true;
53fda560
LB		 3872 } else if (streq(lvalue, "StartupMemoryLow")) {
3873 c->startup_memory_low = bytes;
3874 c->startup_memory_low_set = true;
c52db42b 3875 } else if (streq(lvalue, "MemoryHigh"))
da4d897e 3876 c->memory_high = bytes;
53fda560
LB		 3877 else if (streq(lvalue, "StartupMemoryHigh")) {
3878 c->startup_memory_high = bytes;
3879 c->startup_memory_high_set = true;
3880 } else if (streq(lvalue, "MemoryMax"))
da4d897e 3881 c->memory_max = bytes;
53fda560
LB		 3882 else if (streq(lvalue, "StartupMemoryMax")) {
3883 c->startup_memory_max = bytes;
3884 c->startup_memory_max_set = true;
3885 } else if (streq(lvalue, "MemorySwapMax"))
96e131ea 3886 c->memory_swap_max = bytes;
53fda560
LB		 3887 else if (streq(lvalue, "StartupMemorySwapMax")) {
3888 c->startup_memory_swap_max = bytes;
3889 c->startup_memory_swap_max_set = true;
3890 } else if (streq(lvalue, "MemoryZSwapMax"))
d7fe0a67 3891 c->memory_zswap_max = bytes;
53fda560
LB		 3892 else if (streq(lvalue, "StartupMemoryZSwapMax")) {
3893 c->startup_memory_zswap_max = bytes;
3894 c->startup_memory_zswap_max_set = true;
3895 } else if (streq(lvalue, "MemoryLimit")) {
c1e701e2
LP		 3896 log_syntax(unit, LOG_WARNING, filename, line, 0,
3897 "Unit uses MemoryLimit=; please use MemoryMax= instead. Support for MemoryLimit= will be removed soon.");
da4d897e 3898 c->memory_limit = bytes;
c1e701e2 3899 } else
96e131ea 3900 return -EINVAL;
4ad49000 3901
4ad49000
LP		 3902 return 0;
3903}
3904
03a7b521
LP		 3905int config_parse_tasks_max(
3906 const char *unit,
3907 const char *filename,
3908 unsigned line,
3909 const char *section,
3910 unsigned section_line,
3911 const char *lvalue,
3912 int ltype,
3913 const char *rvalue,
3914 void *data,
3915 void *userdata) {
3916
47538b76 3917 const Unit *u = userdata;
3a0f06c4
ZJS		 3918 TasksMax *tasks_max = data;
3919 uint64_t v;
03a7b521
LP		 3920 int r;
3921
f5058264 3922 if (isempty(rvalue)) {
3a0f06c4 3923 *tasks_max = u ? u->manager->default_tasks_max : TASKS_MAX_UNSET;
f5058264
TH		 3924 return 0;
3925 }
3926
3927 if (streq(rvalue, "infinity")) {
3a0f06c4 3928 *tasks_max = TASKS_MAX_UNSET;
03a7b521
LP		 3929 return 0;
3930 }
3931
fe845b5e 3932 r = parse_permyriad(rvalue);
3a0f06c4 3933 if (r >= 0)
fe845b5e 3934 *tasks_max = (TasksMax) { r, 10000U }; /* r‱ */
3a0f06c4 3935 else {
f5058264 3936 r = safe_atou64(rvalue, &v);
83f8e808 3937 if (r < 0) {
323dda78 3938 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid maximum tasks value '%s', ignoring: %m", rvalue);
83f8e808
LP		 3939 return 0;
3940 }
83f8e808 3941
3a0f06c4 3942 if (v <= 0 || v >= UINT64_MAX) {
323dda78 3943 log_syntax(unit, LOG_WARNING, filename, line, 0, "Maximum tasks value '%s' out of range, ignoring.", rvalue);
3a0f06c4
ZJS		 3944 return 0;
3945 }
3946
3947 *tasks_max = (TasksMax) { v };
03a7b521
LP		 3948 }
3949
3950 return 0;
3951}
3952
02638280
LP		 3953int config_parse_delegate(
3954 const char *unit,
3955 const char *filename,
3956 unsigned line,
3957 const char *section,
3958 unsigned section_line,
3959 const char *lvalue,
3960 int ltype,
3961 const char *rvalue,
3962 void *data,
3963 void *userdata) {
3964
3965 CGroupContext *c = data;
ecae73d7 3966 UnitType t;
02638280
LP		 3967 int r;
3968
ecae73d7
ZJS		 3969 t = unit_name_to_type(unit);
3970 assert(t != _UNIT_TYPE_INVALID);
3971
3972 if (!unit_vtable[t]->can_delegate) {
323dda78 3973 log_syntax(unit, LOG_WARNING, filename, line, 0, "Delegate= setting not supported for this unit type, ignoring.");
ecae73d7
ZJS		 3974 return 0;
3975 }
3976
449172f9
ZJS		 3977 /* We either accept a boolean value, which may be used to turn on delegation for all controllers, or
3978 * turn it off for all. Or it takes a list of controller names, in which case we add the specified
3979 * controllers to the mask to delegate. Delegate= enables delegation without any controllers. */
02638280 3980
1bdfc7b9 3981 if (isempty(rvalue)) {
449172f9 3982 /* An empty string resets controllers and sets Delegate=yes. */
d48013f8 3983 c->delegate = true;
1bdfc7b9
YW		 3984 c->delegate_controllers = 0;
3985 return 0;
3986 }
3987
02638280
LP		 3988 r = parse_boolean(rvalue);
3989 if (r < 0) {
02638280
LP		 3990 CGroupMask mask = 0;
3991
323dda78 3992 for (const char *p = rvalue;;) {
02638280
LP		 3993 _cleanup_free_ char *word = NULL;
3994 CGroupController cc;
3995
4ec85141 3996 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
02638280
LP		 3997 if (r == -ENOMEM)
3998 return log_oom();
3999 if (r < 0) {
323dda78 4000 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
ff1b8455 4001 return 0;
02638280 4002 }
a687f500
ZJS		 4003 if (r == 0)
4004 break;
02638280
LP		 4005
4006 cc = cgroup_controller_from_string(word);
4007 if (cc < 0) {
323dda78 4008 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid controller name '%s', ignoring", word);
02638280
LP		 4009 continue;
4010 }
4011
4012 mask |= CGROUP_CONTROLLER_TO_MASK(cc);
4013 }
4014
4015 c->delegate = true;
4016 c->delegate_controllers |= mask;
4017
4018 } else if (r > 0) {
4019 c->delegate = true;
4020 c->delegate_controllers = _CGROUP_MASK_ALL;
4021 } else {
4022 c->delegate = false;
4023 c->delegate_controllers = 0;
4024 }
4025
4026 return 0;
4027}
4028
a8b993dc
LP		 4029int config_parse_delegate_subgroup(
4030 const char *unit,
4031 const char *filename,
4032 unsigned line,
4033 const char *section,
4034 unsigned section_line,
4035 const char *lvalue,
4036 int ltype,
4037 const char *rvalue,
4038 void *data,
4039 void *userdata) {
4040
4041 CGroupContext *c = ASSERT_PTR(data);
4042 UnitType t;
4043
4044 t = unit_name_to_type(unit);
4045 assert(t >= 0);
4046
4047 if (!unit_vtable[t]->can_delegate) {
4048 log_syntax(unit, LOG_WARNING, filename, line, 0, "DelegateSubgroup= setting not supported for this unit type, ignoring.");
4049 return 0;
4050 }
4051
4052 if (isempty(rvalue)) {
4053 c->delegate_subgroup = mfree(c->delegate_subgroup);
4054 return 0;
4055 }
4056
4057 if (cg_needs_escape(rvalue)) { /* Insist that specified names don't need escaping */
4058 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid control group name, ignoring: %s", rvalue);
4059 return 0;
4060 }
4061
4062 return free_and_strdup_warn(&c->delegate_subgroup, rvalue);
4063}
4064
4d824a4e
AZ		 4065int config_parse_managed_oom_mode(
4066 const char *unit,
4067 const char *filename,
4068 unsigned line,
4069 const char *section,
4070 unsigned section_line,
4071 const char *lvalue,
4072 int ltype,
4073 const char *rvalue,
4074 void *data,
4075 void *userdata) {
ed5033fd 4076
4d824a4e
AZ		 4077 ManagedOOMMode *mode = data, m;
4078 UnitType t;
4079
4080 t = unit_name_to_type(unit);
4081 assert(t != _UNIT_TYPE_INVALID);
4082
4083 if (!unit_vtable[t]->can_set_managed_oom)
4084 return log_syntax(unit, LOG_WARNING, filename, line, 0, "%s= is not supported for this unit type, ignoring.", lvalue);
4085
4086 if (isempty(rvalue)) {
4087 *mode = MANAGED_OOM_AUTO;
f561e8c6 4088 return 0;
4d824a4e
AZ		 4089 }
4090
4091 m = managed_oom_mode_from_string(rvalue);
4092 if (m < 0) {
b98680b2 4093 log_syntax(unit, LOG_WARNING, filename, line, m, "Invalid syntax, ignoring: %s", rvalue);
4d824a4e
AZ		 4094 return 0;
4095 }
ed5033fd 4096
4d824a4e
AZ		 4097 *mode = m;
4098 return 0;
4099}
4100
4101int config_parse_managed_oom_mem_pressure_limit(
4102 const char *unit,
4103 const char *filename,
4104 unsigned line,
4105 const char *section,
4106 unsigned section_line,
4107 const char *lvalue,
4108 int ltype,
4109 const char *rvalue,
4110 void *data,
4111 void *userdata) {
ed5033fd 4112
0a9f9344 4113 uint32_t *limit = data;
4d824a4e
AZ		 4114 UnitType t;
4115 int r;
4116
4117 t = unit_name_to_type(unit);
4118 assert(t != _UNIT_TYPE_INVALID);
4119
4120 if (!unit_vtable[t]->can_set_managed_oom)
4121 return log_syntax(unit, LOG_WARNING, filename, line, 0, "%s= is not supported for this unit type, ignoring.", lvalue);
4122
4123 if (isempty(rvalue)) {
f561e8c6
AZ		 4124 *limit = 0;
4125 return 0;
4d824a4e
AZ		 4126 }
4127
0a9f9344 4128 r = parse_permyriad(rvalue);
4d824a4e 4129 if (r < 0) {
0a9f9344 4130 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse memory pressure limit value, ignoring: %s", rvalue);
4d824a4e
AZ		 4131 return 0;
4132 }
4133
d9d3f05d
LP		 4134 /* Normalize to 2^32-1 == 100% */
4135 *limit = UINT32_SCALE_FROM_PERMYRIAD(r);
4d824a4e
AZ		 4136 return 0;
4137}
4138
4ad49000
LP		 4139int config_parse_device_allow(
4140 const char *unit,
4141 const char *filename,
4142 unsigned line,
4143 const char *section,
71a61510 4144 unsigned section_line,
4ad49000
LP		 4145 const char *lvalue,
4146 int ltype,
4147 const char *rvalue,
4148 void *data,
4149 void *userdata) {
4150
c9f620bf 4151 _cleanup_free_ char *path = NULL, *resolved = NULL;
4ad49000 4152 CGroupContext *c = data;
c9f620bf 4153 const char *p = rvalue;
1116e14c 4154 int r;
4ad49000
LP		 4155
4156 if (isempty(rvalue)) {
4157 while (c->device_allow)
4158 cgroup_context_free_device_allow(c, c->device_allow);
4159
4160 return 0;
4161 }
4162
4ec85141 4163 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
c9f620bf
YW		 4164 if (r == -ENOMEM)
4165 return log_oom();
a687f500 4166 if (r <= 0) {
1116e14c 4167 log_syntax(unit, LOG_WARNING, filename, line, r,
c9f620bf 4168 "Failed to extract device path and rights from '%s', ignoring.", rvalue);
20d52ab6 4169 return 0;
1116e14c
NBS		 4170 }
4171
06536492 4172 r = unit_path_printf(userdata, path, &resolved);
c9f620bf
YW		 4173 if (r < 0) {
4174 log_syntax(unit, LOG_WARNING, filename, line, r,
4175 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4ad49000
LP		 4176 return 0;
4177 }
4178
49fe5c09 4179 if (!STARTSWITH_SET(resolved, "block-", "char-")) {
2f4d31c1 4180
57e84e75
LP		 4181 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4182 if (r < 0)
4183 return 0;
4184
4185 if (!valid_device_node_path(resolved)) {
323dda78 4186 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid device node path '%s', ignoring.", resolved);
57e84e75
LP		 4187 return 0;
4188 }
c9f620bf 4189 }
4ad49000 4190
c9f620bf 4191 if (!isempty(p) && !in_charset(p, "rwm")) {
323dda78 4192 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid device rights '%s', ignoring.", p);
4ad49000
LP		 4193 return 0;
4194 }
4195
fd870bac 4196 return cgroup_add_device_allow(c, resolved, p);
4ad49000
LP		 4197}
4198
13c31542
TH		 4199int config_parse_io_device_weight(
4200 const char *unit,
4201 const char *filename,
4202 unsigned line,
4203 const char *section,
4204 unsigned section_line,
4205 const char *lvalue,
4206 int ltype,
4207 const char *rvalue,
4208 void *data,
4209 void *userdata) {
4210
c9f620bf 4211 _cleanup_free_ char *path = NULL, *resolved = NULL;
13c31542
TH		 4212 CGroupIODeviceWeight *w;
4213 CGroupContext *c = data;
99534007 4214 const char *p = ASSERT_PTR(rvalue);
13c31542 4215 uint64_t u;
13c31542
TH		 4216 int r;
4217
4218 assert(filename);
4219 assert(lvalue);
13c31542
TH		 4220
4221 if (isempty(rvalue)) {
4222 while (c->io_device_weights)
4223 cgroup_context_free_io_device_weight(c, c->io_device_weights);
4224
4225 return 0;
4226 }
4227
4ec85141 4228 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
c9f620bf
YW		 4229 if (r == -ENOMEM)
4230 return log_oom();
6a35d52d 4231 if (r < 0) {
c9f620bf 4232 log_syntax(unit, LOG_WARNING, filename, line, r,
c9f620bf 4233 "Failed to extract device path and weight from '%s', ignoring.", rvalue);
13c31542
TH		 4234 return 0;
4235 }
6a35d52d
YW		 4236 if (r == 0 || isempty(p)) {
4237 log_syntax(unit, LOG_WARNING, filename, line, 0,
4238 "Invalid device path or weight specified in '%s', ignoring.", rvalue);
4239 return 0;
4240 }
13c31542 4241
06536492 4242 r = unit_path_printf(userdata, path, &resolved);
c9f620bf
YW		 4243 if (r < 0) {
4244 log_syntax(unit, LOG_WARNING, filename, line, r,
4245 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4246 return 0;
4247 }
13c31542 4248
2f4d31c1
YW		 4249 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4250 if (r < 0)
4251 return 0;
4252
c9f620bf 4253 r = cg_weight_parse(p, &u);
13c31542 4254 if (r < 0) {
323dda78 4255 log_syntax(unit, LOG_WARNING, filename, line, r, "IO weight '%s' invalid, ignoring: %m", p);
13c31542
TH		 4256 return 0;
4257 }
4258
4259 assert(u != CGROUP_WEIGHT_INVALID);
4260
4261 w = new0(CGroupIODeviceWeight, 1);
4262 if (!w)
4263 return log_oom();
4264
c9f620bf 4265 w->path = TAKE_PTR(resolved);
13c31542
TH		 4266 w->weight = u;
4267
4268 LIST_PREPEND(device_weights, c->io_device_weights, w);
4269 return 0;
4270}
4271
6ae4283c
TH		 4272int config_parse_io_device_latency(
4273 const char *unit,
4274 const char *filename,
4275 unsigned line,
4276 const char *section,
4277 unsigned section_line,
4278 const char *lvalue,
4279 int ltype,
4280 const char *rvalue,
4281 void *data,
4282 void *userdata) {
4283
4284 _cleanup_free_ char *path = NULL, *resolved = NULL;
4285 CGroupIODeviceLatency *l;
4286 CGroupContext *c = data;
99534007 4287 const char *p = ASSERT_PTR(rvalue);
6ae4283c
TH		 4288 usec_t usec;
4289 int r;
4290
4291 assert(filename);
4292 assert(lvalue);
6ae4283c
TH		 4293
4294 if (isempty(rvalue)) {
4295 while (c->io_device_latencies)
4296 cgroup_context_free_io_device_latency(c, c->io_device_latencies);
4297
4298 return 0;
4299 }
4300
4ec85141 4301 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
6ae4283c
TH		 4302 if (r == -ENOMEM)
4303 return log_oom();
6a35d52d 4304 if (r < 0) {
6ae4283c 4305 log_syntax(unit, LOG_WARNING, filename, line, r,
6ae4283c
TH		 4306 "Failed to extract device path and latency from '%s', ignoring.", rvalue);
4307 return 0;
4308 }
6a35d52d
YW		 4309 if (r == 0 || isempty(p)) {
4310 log_syntax(unit, LOG_WARNING, filename, line, 0,
4311 "Invalid device path or latency specified in '%s', ignoring.", rvalue);
4312 return 0;
4313 }
6ae4283c 4314
06536492 4315 r = unit_path_printf(userdata, path, &resolved);
6ae4283c
TH		 4316 if (r < 0) {
4317 log_syntax(unit, LOG_WARNING, filename, line, r,
4318 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4319 return 0;
4320 }
4321
4322 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4323 if (r < 0)
4324 return 0;
4325
323dda78
YW		 4326 r = parse_sec(p, &usec);
4327 if (r < 0) {
4328 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse timer value, ignoring: %s", p);
6ae4283c
TH		 4329 return 0;
4330 }
4331
4332 l = new0(CGroupIODeviceLatency, 1);
4333 if (!l)
4334 return log_oom();
4335
4336 l->path = TAKE_PTR(resolved);
4337 l->target_usec = usec;
4338
4339 LIST_PREPEND(device_latencies, c->io_device_latencies, l);
4340 return 0;
4341}
4342
13c31542
TH		 4343int config_parse_io_limit(
4344 const char *unit,
4345 const char *filename,
4346 unsigned line,
4347 const char *section,
4348 unsigned section_line,
4349 const char *lvalue,
4350 int ltype,
4351 const char *rvalue,
4352 void *data,
4353 void *userdata) {
4354
c9f620bf 4355 _cleanup_free_ char *path = NULL, *resolved = NULL;
03677889 4356 CGroupIODeviceLimit *l = NULL;
13c31542 4357 CGroupContext *c = data;
9be57249 4358 CGroupIOLimitType type;
99534007 4359 const char *p = ASSERT_PTR(rvalue);
13c31542 4360 uint64_t num;
13c31542
TH		 4361 int r;
4362
4363 assert(filename);
4364 assert(lvalue);
13c31542 4365
9be57249
TH		 4366 type = cgroup_io_limit_type_from_string(lvalue);
4367 assert(type >= 0);
13c31542
TH		 4368
4369 if (isempty(rvalue)) {
03677889
YW		 4370 LIST_FOREACH(device_limits, t, c->io_device_limits)
4371 t->limits[type] = cgroup_io_limit_defaults[type];
13c31542
TH		 4372 return 0;
4373 }
4374
4ec85141 4375 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
c9f620bf
YW		 4376 if (r == -ENOMEM)
4377 return log_oom();
6a35d52d 4378 if (r < 0) {
c9f620bf 4379 log_syntax(unit, LOG_WARNING, filename, line, r,
c9f620bf 4380 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue);
13c31542
TH		 4381 return 0;
4382 }
6a35d52d
YW		 4383 if (r == 0 || isempty(p)) {
4384 log_syntax(unit, LOG_WARNING, filename, line, 0,
4385 "Invalid device node or bandwidth specified in '%s', ignoring.", rvalue);
4386 return 0;
4387 }
13c31542 4388
06536492 4389 r = unit_path_printf(userdata, path, &resolved);
c9f620bf
YW		 4390 if (r < 0) {
4391 log_syntax(unit, LOG_WARNING, filename, line, r,
4392 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4393 return 0;
4394 }
13c31542 4395
2f4d31c1
YW		 4396 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4397 if (r < 0)
4398 return 0;
4399
9d5e9b4a 4400 if (streq("infinity", p))
13c31542 4401 num = CGROUP_LIMIT_MAX;
9d5e9b4a 4402 else {
c9f620bf 4403 r = parse_size(p, 1000, &num);
13c31542 4404 if (r < 0 || num <= 0) {
323dda78 4405 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid IO limit '%s', ignoring.", p);
13c31542
TH		 4406 return 0;
4407 }
4408 }
4409
03677889 4410 LIST_FOREACH(device_limits, t, c->io_device_limits)
c9f620bf 4411 if (path_equal(resolved, t->path)) {
13c31542
TH		 4412 l = t;
4413 break;
4414 }
13c31542
TH		 4415
4416 if (!l) {
4417 l = new0(CGroupIODeviceLimit, 1);
4418 if (!l)
4419 return log_oom();
4420
c9f620bf 4421 l->path = TAKE_PTR(resolved);
24aaf6c6
ZJS		 4422 for (CGroupIOLimitType i = 0; i < _CGROUP_IO_LIMIT_TYPE_MAX; i++)
4423 l->limits[i] = cgroup_io_limit_defaults[i];
13c31542
TH		 4424
4425 LIST_PREPEND(device_limits, c->io_device_limits, l);
4426 }
4427
9be57249 4428 l->limits[type] = num;
13c31542
TH		 4429
4430 return 0;
4431}
4432
8e7076ca
LP		 4433int config_parse_blockio_device_weight(
4434 const char *unit,
4435 const char *filename,
4436 unsigned line,
4437 const char *section,
71a61510 4438 unsigned section_line,
8e7076ca
LP		 4439 const char *lvalue,
4440 int ltype,
4441 const char *rvalue,
4442 void *data,
4443 void *userdata) {
4444
c9f620bf 4445 _cleanup_free_ char *path = NULL, *resolved = NULL;
8e7076ca 4446 CGroupBlockIODeviceWeight *w;
4ad49000 4447 CGroupContext *c = data;
99534007 4448 const char *p = ASSERT_PTR(rvalue);
d53d9474 4449 uint64_t u;
4ad49000
LP		 4450 int r;
4451
4452 assert(filename);
4453 assert(lvalue);
4ad49000 4454
c1e701e2
LP		 4455 log_syntax(unit, LOG_WARNING, filename, line, 0,
4456 "Unit uses %s=; please use IO*= settings instead. Support for %s= will be removed soon.",
4457 lvalue, lvalue);
4458
4ad49000 4459 if (isempty(rvalue)) {
4ad49000
LP		 4460 while (c->blockio_device_weights)
4461 cgroup_context_free_blockio_device_weight(c, c->blockio_device_weights);
4462
4463 return 0;
4464 }
4465
4ec85141 4466 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
c9f620bf
YW		 4467 if (r == -ENOMEM)
4468 return log_oom();
6a35d52d 4469 if (r < 0) {
c9f620bf 4470 log_syntax(unit, LOG_WARNING, filename, line, r,
c9f620bf 4471 "Failed to extract device node and weight from '%s', ignoring.", rvalue);
8e7076ca
LP		 4472 return 0;
4473 }
6a35d52d
YW		 4474 if (r == 0 || isempty(p)) {
4475 log_syntax(unit, LOG_WARNING, filename, line, 0,
4476 "Invalid device node or weight specified in '%s', ignoring.", rvalue);
4477 return 0;
4478 }
4ad49000 4479
06536492 4480 r = unit_path_printf(userdata, path, &resolved);
c9f620bf
YW		 4481 if (r < 0) {
4482 log_syntax(unit, LOG_WARNING, filename, line, r,
4483 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4484 return 0;
4485 }
4ad49000 4486
2f4d31c1
YW		 4487 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4488 if (r < 0)
4489 return 0;
4490
c9f620bf 4491 r = cg_blkio_weight_parse(p, &u);
d53d9474 4492 if (r < 0) {
323dda78 4493 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid block IO weight '%s', ignoring: %m", p);
4ad49000
LP		 4494 return 0;
4495 }
4496
d53d9474
LP		 4497 assert(u != CGROUP_BLKIO_WEIGHT_INVALID);
4498
8e7076ca
LP		 4499 w = new0(CGroupBlockIODeviceWeight, 1);
4500 if (!w)
4501 return log_oom();
4ad49000 4502
c9f620bf 4503 w->path = TAKE_PTR(resolved);
d53d9474 4504 w->weight = u;
4ad49000 4505
71fda00f 4506 LIST_PREPEND(device_weights, c->blockio_device_weights, w);
4ad49000
LP		 4507 return 0;
4508}
4509
4510int config_parse_blockio_bandwidth(
4511 const char *unit,
4512 const char *filename,
4513 unsigned line,
4514 const char *section,
71a61510 4515 unsigned section_line,
4ad49000
LP		 4516 const char *lvalue,
4517 int ltype,
4518 const char *rvalue,
4519 void *data,
4520 void *userdata) {
4521
c9f620bf 4522 _cleanup_free_ char *path = NULL, *resolved = NULL;
03677889 4523 CGroupBlockIODeviceBandwidth *b = NULL;
4ad49000 4524 CGroupContext *c = data;
99534007 4525 const char *p = ASSERT_PTR(rvalue);
59f448cf 4526 uint64_t bytes;
47c0980d 4527 bool read;
4ad49000
LP		 4528 int r;
4529
4530 assert(filename);
4531 assert(lvalue);
4ad49000 4532
c1e701e2
LP		 4533 log_syntax(unit, LOG_WARNING, filename, line, 0,
4534 "Unit uses %s=; please use IO*= settings instead. Support for %s= will be removed soon.",
4535 lvalue, lvalue);
4536
47c0980d
G		 4537 read = streq("BlockIOReadBandwidth", lvalue);
4538
4ad49000 4539 if (isempty(rvalue)) {
03677889
YW		 4540 LIST_FOREACH(device_bandwidths, t, c->blockio_device_bandwidths) {
4541 t->rbps = CGROUP_LIMIT_MAX;
4542 t->wbps = CGROUP_LIMIT_MAX;
979d0311 4543 }
4ad49000
LP		 4544 return 0;
4545 }
4546
4ec85141 4547 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
c9f620bf
YW		 4548 if (r == -ENOMEM)
4549 return log_oom();
6a35d52d 4550 if (r < 0) {
c9f620bf 4551 log_syntax(unit, LOG_WARNING, filename, line, r,
c9f620bf 4552 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue);
4ad49000
LP		 4553 return 0;
4554 }
6a35d52d
YW		 4555 if (r == 0 || isempty(p)) {
4556 log_syntax(unit, LOG_WARNING, filename, line, 0,
4557 "Invalid device node or bandwidth specified in '%s', ignoring.", rvalue);
4558 return 0;
4559 }
4ad49000 4560
06536492 4561 r = unit_path_printf(userdata, path, &resolved);
c9f620bf
YW		 4562 if (r < 0) {
4563 log_syntax(unit, LOG_WARNING, filename, line, r,
4564 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4565 return 0;
4566 }
4ad49000 4567
2f4d31c1
YW		 4568 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4569 if (r < 0)
4570 return 0;
4571
c9f620bf 4572 r = parse_size(p, 1000, &bytes);
4ad49000 4573 if (r < 0 || bytes <= 0) {
323dda78 4574 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid Block IO Bandwidth '%s', ignoring.", p);
4ad49000
LP		 4575 return 0;
4576 }
4577
03677889 4578 LIST_FOREACH(device_bandwidths, t, c->blockio_device_bandwidths)
c9f620bf 4579 if (path_equal(resolved, t->path)) {
979d0311
TH		 4580 b = t;
4581 break;
4582 }
4ad49000 4583
03677889 4584 if (!b) {
979d0311
TH		 4585 b = new0(CGroupBlockIODeviceBandwidth, 1);
4586 if (!b)
4587 return log_oom();
4588
c9f620bf 4589 b->path = TAKE_PTR(resolved);
979d0311
TH		 4590 b->rbps = CGROUP_LIMIT_MAX;
4591 b->wbps = CGROUP_LIMIT_MAX;
4592
4593 LIST_PREPEND(device_bandwidths, c->blockio_device_bandwidths, b);
4594 }
4ad49000 4595
979d0311
TH		 4596 if (read)
4597 b->rbps = bytes;
4598 else
4599 b->wbps = bytes;
4ad49000
LP		 4600
4601 return 0;
4602}
4603
d420282b
LP		 4604int config_parse_job_mode_isolate(
4605 const char *unit,
4606 const char *filename,
4607 unsigned line,
4608 const char *section,
4609 unsigned section_line,
4610 const char *lvalue,
4611 int ltype,
4612 const char *rvalue,
4613 void *data,
4614 void *userdata) {
4615
4616 JobMode *m = data;
4617 int r;
4618
4619 assert(filename);
4620 assert(lvalue);
4621 assert(rvalue);
4622
4623 r = parse_boolean(rvalue);
4624 if (r < 0) {
323dda78 4625 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse boolean, ignoring: %s", rvalue);
d420282b
LP		 4626 return 0;
4627 }
4628
8ab39347
YW		 4629 log_notice("%s is deprecated. Please use OnFailureJobMode= instead", lvalue);
4630
d420282b
LP		 4631 *m = r ? JOB_ISOLATE : JOB_REPLACE;
4632 return 0;
4633}
4634
3536f49e 4635int config_parse_exec_directories(
e66cf1a3
LP		 4636 const char *unit,
4637 const char *filename,
4638 unsigned line,
4639 const char *section,
4640 unsigned section_line,
4641 const char *lvalue,
4642 int ltype,
4643 const char *rvalue,
4644 void *data,
4645 void *userdata) {
4646
99534007 4647 ExecDirectory *ed = ASSERT_PTR(data);
47538b76 4648 const Unit *u = userdata;
e66cf1a3
LP		 4649 int r;
4650
4651 assert(filename);
4652 assert(lvalue);
4653 assert(rvalue);
e66cf1a3
LP		 4654
4655 if (isempty(rvalue)) {
4656 /* Empty assignment resets the list */
211a3d87 4657 exec_directory_done(ed);
e66cf1a3
LP		 4658 return 0;
4659 }
4660
323dda78 4661 for (const char *p = rvalue;;) {
211a3d87 4662 _cleanup_free_ char *tuple = NULL;
e66cf1a3 4663
211a3d87 4664 r = extract_first_word(&p, &tuple, NULL, EXTRACT_UNQUOTE|EXTRACT_RETAIN_ESCAPE);
035fe294 4665 if (r == -ENOMEM)
e66cf1a3 4666 return log_oom();
035fe294
ZJS		 4667 if (r < 0) {
4668 log_syntax(unit, LOG_WARNING, filename, line, r,
211a3d87 4669 "Invalid syntax %s=%s, ignoring: %m", lvalue, rvalue);
035fe294
ZJS		 4670 return 0;
4671 }
091e9efe
LP		 4672 if (r == 0)
4673 return 0;
e66cf1a3 4674
211a3d87
LB		 4675 _cleanup_free_ char *src = NULL, *dest = NULL;
4676 const char *q = tuple;
4677 r = extract_many_words(&q, ":", EXTRACT_CUNESCAPE|EXTRACT_UNESCAPE_SEPARATORS, &src, &dest, NULL);
4678 if (r == -ENOMEM)
4679 return log_oom();
4680 if (r <= 0) {
5afdb462 4681 log_syntax(unit, LOG_WARNING, filename, line, r,
211a3d87
LB		 4682 "Invalid syntax in %s=, ignoring: %s", lvalue, tuple);
4683 return 0;
4684 }
4685
4686 _cleanup_free_ char *sresolved = NULL;
4687 r = unit_path_printf(u, src, &sresolved);
9b5864d9 4688 if (r < 0) {
330f8990 4689 log_syntax(unit, LOG_WARNING, filename, line, r,
211a3d87 4690 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", src);
9b5864d9
MG		 4691 continue;
4692 }
4693
211a3d87 4694 r = path_simplify_and_warn(sresolved, PATH_CHECK_RELATIVE, unit, filename, line, lvalue);
2f4d31c1 4695 if (r < 0)
e8865688 4696 continue;
e8865688 4697
211a3d87 4698 if (path_startswith(sresolved, "private")) {
330f8990 4699 log_syntax(unit, LOG_WARNING, filename, line, 0,
211a3d87 4700 "%s= path can't be 'private', ignoring assignment: %s", lvalue, tuple);
e66cf1a3
LP		 4701 continue;
4702 }
4703
211a3d87
LB		 4704 /* For State and Runtime directories we support an optional destination parameter, which
4705 * will be used to create a symlink to the source. */
564e5c98 4706 _cleanup_free_ char *dresolved = NULL;
211a3d87 4707 if (!isempty(dest)) {
211a3d87
LB		 4708 if (streq(lvalue, "ConfigurationDirectory")) {
4709 log_syntax(unit, LOG_WARNING, filename, line, 0,
4710 "Destination parameter is not supported for ConfigurationDirectory, ignoring: %s", tuple);
4711 continue;
4712 }
4713
4714 r = unit_path_printf(u, dest, &dresolved);
4715 if (r < 0) {
4716 log_syntax(unit, LOG_WARNING, filename, line, r,
4717 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", dest);
4718 continue;
4719 }
4720
4721 r = path_simplify_and_warn(dresolved, PATH_CHECK_RELATIVE, unit, filename, line, lvalue);
4722 if (r < 0)
4723 continue;
211a3d87
LB		 4724 }
4725
564e5c98 4726 r = exec_directory_add(ed, sresolved, dresolved);
e66cf1a3
LP		 4727 if (r < 0)
4728 return log_oom();
e66cf1a3 4729 }
e66cf1a3
LP		 4730}
4731
bb0c0d6f
LP		 4732int config_parse_set_credential(
4733 const char *unit,
4734 const char *filename,
4735 unsigned line,
4736 const char *section,
4737 unsigned section_line,
4738 const char *lvalue,
4739 int ltype,
4740 const char *rvalue,
4741 void *data,
4742 void *userdata) {
4743
43144be4
LP		 4744 _cleanup_free_ char *word = NULL, *k = NULL;
4745 _cleanup_free_ void *d = NULL;
99534007 4746 ExecContext *context = ASSERT_PTR(data);
bb0c0d6f
LP		 4747 ExecSetCredential *old;
4748 Unit *u = userdata;
43144be4 4749 bool encrypted = ltype;
99534007 4750 const char *p = ASSERT_PTR(rvalue);
43144be4
LP		 4751 size_t size;
4752 int r;
bb0c0d6f
LP		 4753
4754 assert(filename);
4755 assert(lvalue);
bb0c0d6f
LP		 4756
4757 if (isempty(rvalue)) {
4758 /* Empty assignment resets the list */
4759 context->set_credentials = hashmap_free(context->set_credentials);
4760 return 0;
4761 }
4762
bb0c0d6f
LP		 4763 r = extract_first_word(&p, &word, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
4764 if (r == -ENOMEM)
4765 return log_oom();
6a35d52d
YW		 4766 if (r < 0) {
4767 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract credential name, ignoring: %s", rvalue);
4768 return 0;
4769 }
4770 if (r == 0 || isempty(p)) {
4771 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid syntax, ignoring: %s", rvalue);
bb0c0d6f
LP		 4772 return 0;
4773 }
4774
06536492 4775 r = unit_cred_printf(u, word, &k);
bb0c0d6f
LP		 4776 if (r < 0) {
4777 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word);
4778 return 0;
4779 }
4780 if (!credential_name_valid(k)) {
4781 log_syntax(unit, LOG_WARNING, filename, line, 0, "Credential name \"%s\" not valid, ignoring.", k);
4782 return 0;
4783 }
4784
43144be4
LP		 4785 if (encrypted) {
4786 r = unbase64mem_full(p, SIZE_MAX, true, &d, &size);
4787 if (r < 0) {
4788 log_syntax(unit, LOG_WARNING, filename, line, r, "Encrypted credential data not valid Base64 data, ignoring.");
4789 return 0;
4790 }
4791 } else {
1421705d 4792 char *unescaped;
e437538f 4793 ssize_t l;
43144be4
LP		 4794
4795 /* We support escape codes here, so that users can insert trailing \n if they like */
4796 l = cunescape(p, UNESCAPE_ACCEPT_NUL, &unescaped);
4797 if (l < 0) {
4798 log_syntax(unit, LOG_WARNING, filename, line, l, "Can't unescape \"%s\", ignoring: %m", p);
4799 return 0;
4800 }
4801
4802 d = unescaped;
4803 size = l;
bb0c0d6f
LP		 4804 }
4805
4806 old = hashmap_get(context->set_credentials, k);
4807 if (old) {
43144be4
LP		 4808 free_and_replace(old->data, d);
4809 old->size = size;
4810 old->encrypted = encrypted;
bb0c0d6f
LP		 4811 } else {
4812 _cleanup_(exec_set_credential_freep) ExecSetCredential *sc = NULL;
4813
43144be4 4814 sc = new(ExecSetCredential, 1);
bb0c0d6f
LP		 4815 if (!sc)
4816 return log_oom();
4817
43144be4
LP		 4818 *sc = (ExecSetCredential) {
4819 .id = TAKE_PTR(k),
4820 .data = TAKE_PTR(d),
4821 .size = size,
4822 .encrypted = encrypted,
4823 };
bb0c0d6f 4824
f85f5f0d
SS		 4825 r = hashmap_ensure_put(&context->set_credentials, &exec_set_credential_hash_ops, sc->id, sc);
4826 if (r == -ENOMEM)
4827 return log_oom();
2400743e 4828 if (r < 0) {
43144be4 4829 log_syntax(unit, LOG_WARNING, filename, line, r,
2400743e
YW		 4830 "Duplicated credential value '%s', ignoring assignment: %s", sc->id, rvalue);
4831 return 0;
4832 }
bb0c0d6f 4833
bb0c0d6f
LP		 4834 TAKE_PTR(sc);
4835 }
4836
4837 return 0;
4838}
4839
bbfb25f4
DDM		 4840int hashmap_put_credential(Hashmap **h, const char *id, const char *path, bool encrypted) {
4841 ExecLoadCredential *old;
4842 int r;
4843
4844 assert(h);
4845 assert(id);
4846 assert(path);
4847
4848 old = hashmap_get(*h, id);
4849 if (old) {
4850 r = free_and_strdup(&old->path, path);
4851 if (r < 0)
4852 return r;
4853
4854 old->encrypted = encrypted;
4855 } else {
4856 _cleanup_(exec_load_credential_freep) ExecLoadCredential *lc = NULL;
4857
4858 lc = new(ExecLoadCredential, 1);
4859 if (!lc)
4860 return log_oom();
4861
4862 *lc = (ExecLoadCredential) {
4863 .id = strdup(id),
4864 .path = strdup(path),
4865 .encrypted = encrypted,
4866 };
4867 if (!lc->id || !lc->path)
4868 return -ENOMEM;
4869
4870 r = hashmap_ensure_put(h, &exec_load_credential_hash_ops, lc->id, lc);
4871 if (r < 0)
4872 return r;
4873
4874 TAKE_PTR(lc);
4875 }
4876
4877 return 0;
4878}
4879
bb0c0d6f
LP		 4880int config_parse_load_credential(
4881 const char *unit,
4882 const char *filename,
4883 unsigned line,
4884 const char *section,
4885 unsigned section_line,
4886 const char *lvalue,
4887 int ltype,
4888 const char *rvalue,
4889 void *data,
4890 void *userdata) {
4891
4892 _cleanup_free_ char *word = NULL, *k = NULL, *q = NULL;
99534007 4893 ExecContext *context = ASSERT_PTR(data);
43144be4 4894 bool encrypted = ltype;
bb0c0d6f
LP		 4895 Unit *u = userdata;
4896 const char *p;
4897 int r;
4898
4899 assert(filename);
4900 assert(lvalue);
4901 assert(rvalue);
bb0c0d6f
LP		 4902
4903 if (isempty(rvalue)) {
4904 /* Empty assignment resets the list */
43144be4 4905 context->load_credentials = hashmap_free(context->load_credentials);
bb0c0d6f
LP		 4906 return 0;
4907 }
4908
4909 p = rvalue;
4910 r = extract_first_word(&p, &word, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
4911 if (r == -ENOMEM)
4912 return log_oom();
4913 if (r <= 0) {
4914 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
4915 return 0;
4916 }
4917
06536492 4918 r = unit_cred_printf(u, word, &k);
bb0c0d6f
LP		 4919 if (r < 0) {
4920 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word);
4921 return 0;
4922 }
4923 if (!credential_name_valid(k)) {
4924 log_syntax(unit, LOG_WARNING, filename, line, 0, "Credential name \"%s\" not valid, ignoring.", k);
4925 return 0;
4926 }
8a29862e
LP		 4927
4928 if (isempty(p)) {
08a7e545 4929 /* If only one field is specified take it as shortcut for inheriting a credential named
8a29862e
LP		 4930 * the same way from our parent */
4931 q = strdup(k);
4932 if (!q)
4933 return log_oom();
4934 } else {
06536492 4935 r = unit_path_printf(u, p, &q);
8a29862e
LP		 4936 if (r < 0) {
4937 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", p);
4938 return 0;
4939 }
4940 if (path_is_absolute(q) ? !path_is_normalized(q) : !credential_name_valid(q)) {
43144be4 4941 log_syntax(unit, LOG_WARNING, filename, line, 0, "Credential source \"%s\" not valid, ignoring.", q);
8a29862e
LP		 4942 return 0;
4943 }
bb0c0d6f
LP		 4944 }
4945
bbfb25f4
DDM		 4946 r = hashmap_put_credential(&context->load_credentials, k, q, encrypted);
4947 if (r < 0)
4948 return log_error_errno(r, "Failed to store load credential '%s': %m", rvalue);
43144be4 4949
bbfb25f4
DDM		 4950 return 0;
4951}
43144be4 4952
bbfb25f4
DDM		 4953int config_parse_import_credential(
4954 const char *unit,
4955 const char *filename,
4956 unsigned line,
4957 const char *section,
4958 unsigned section_line,
4959 const char *lvalue,
4960 int ltype,
4961 const char *rvalue,
4962 void *data,
4963 void *userdata) {
43144be4 4964
bbfb25f4
DDM		 4965 _cleanup_free_ char *s = NULL;
4966 Set** import_credentials = ASSERT_PTR(data);
4967 Unit *u = userdata;
4968 int r;
43144be4 4969
bbfb25f4
DDM		 4970 assert(filename);
4971 assert(lvalue);
4972 assert(rvalue);
4973
4974 if (isempty(rvalue)) {
4975 /* Empty assignment resets the list */
1a572fd0 4976 *import_credentials = set_free_free(*import_credentials);
bbfb25f4
DDM		 4977 return 0;
4978 }
4979
4980 r = unit_cred_printf(u, rvalue, &s);
4981 if (r < 0) {
4982 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", s);
4983 return 0;
4984 }
947c4d39
LP		 4985 if (!credential_glob_valid(s)) {
4986 log_syntax(unit, LOG_WARNING, filename, line, 0, "Credential name or glob \"%s\" not valid, ignoring.", s);
bbfb25f4 4987 return 0;
43144be4 4988 }
bb0c0d6f 4989
bbfb25f4
DDM		 4990 r = set_put_strdup(import_credentials, s);
4991 if (r < 0)
4992 return log_error_errno(r, "Failed to store credential name '%s': %m", rvalue);
4993
bb0c0d6f
LP		 4994 return 0;
4995}
4996
3af00fb8
LP		 4997int config_parse_set_status(
4998 const char *unit,
4999 const char *filename,
5000 unsigned line,
5001 const char *section,
5002 unsigned section_line,
5003 const char *lvalue,
5004 int ltype,
5005 const char *rvalue,
5006 void *data,
5007 void *userdata) {
5008
99534007 5009 ExitStatusSet *status_set = ASSERT_PTR(data);
7896ad8f 5010 int r;
3af00fb8
LP		 5011
5012 assert(filename);
5013 assert(lvalue);
5014 assert(rvalue);
3af00fb8 5015
3e2d435b 5016 /* Empty assignment resets the list */
3af00fb8 5017 if (isempty(rvalue)) {
3e2d435b 5018 exit_status_set_free(status_set);
3af00fb8
LP		 5019 return 0;
5020 }
5021
7896ad8f
ZJS		 5022 for (const char *p = rvalue;;) {
5023 _cleanup_free_ char *word = NULL;
23d5dd16 5024 Bitmap *bitmap;
3af00fb8 5025
7896ad8f 5026 r = extract_first_word(&p, &word, NULL, 0);
323dda78
YW		 5027 if (r == -ENOMEM)
5028 return log_oom();
5029 if (r < 0) {
5030 log_syntax(unit, LOG_WARNING, filename, line, r,
5031 "Failed to parse %s=%s, ignoring: %m", lvalue, rvalue);
5032 return 0;
5033 }
7896ad8f
ZJS		 5034 if (r == 0)
5035 return 0;
3af00fb8 5036
2e2ed880
ZJS		 5037 /* We need to call exit_status_from_string() first, because we want
5038 * to parse numbers as exit statuses, not signals. */
3af00fb8 5039
7896ad8f 5040 r = exit_status_from_string(word);
2e2ed880
ZJS		 5041 if (r >= 0) {
5042 assert(r >= 0 && r < 256);
5043 bitmap = &status_set->status;
3af00fb8 5044 } else {
7896ad8f
ZJS		 5045 r = signal_from_string(word);
5046 if (r < 0) {
b98680b2 5047 log_syntax(unit, LOG_WARNING, filename, line, r,
2e2ed880 5048 "Failed to parse value, ignoring: %s", word);
1e2fd62d 5049 continue;
3af00fb8 5050 }
2e2ed880 5051 bitmap = &status_set->signal;
3af00fb8 5052 }
1e2fd62d 5053
2e2ed880 5054 r = bitmap_set(bitmap, r);
063c4b1a 5055 if (r < 0)
323dda78
YW		 5056 log_syntax(unit, LOG_WARNING, filename, line, r,
5057 "Failed to set signal or status %s, ignoring: %m", word);
3af00fb8 5058 }
3af00fb8
LP		 5059}
5060
94828d2d
LP		 5061int config_parse_namespace_path_strv(
5062 const char *unit,
5063 const char *filename,
5064 unsigned line,
5065 const char *section,
5066 unsigned section_line,
5067 const char *lvalue,
5068 int ltype,
5069 const char *rvalue,
5070 void *data,
5071 void *userdata) {
5072
47538b76 5073 const Unit *u = userdata;
99534007 5074 char*** sv = ASSERT_PTR(data);
94828d2d
LP		 5075 int r;
5076
5077 assert(filename);
5078 assert(lvalue);
5079 assert(rvalue);
94828d2d
LP		 5080
5081 if (isempty(rvalue)) {
5082 /* Empty assignment resets the list */
6796073e 5083 *sv = strv_free(*sv);
94828d2d
LP		 5084 return 0;
5085 }
5086
323dda78 5087 for (const char *p = rvalue;;) {
7b07e993 5088 _cleanup_free_ char *word = NULL, *resolved = NULL, *joined = NULL;
20b7a007
LP		 5089 const char *w;
5090 bool ignore_enoent = false, shall_prefix = false;
94828d2d 5091
4ec85141 5092 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
0293a7a8
EV		 5093 if (r == -ENOMEM)
5094 return log_oom();
727f76d7 5095 if (r < 0) {
323dda78 5096 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract first word, ignoring: %s", rvalue);
727f76d7
EV		 5097 return 0;
5098 }
a687f500
ZJS		 5099 if (r == 0)
5100 break;
94828d2d 5101
20b7a007
LP		 5102 w = word;
5103 if (startswith(w, "-")) {
5104 ignore_enoent = true;
5105 w++;
5106 }
5107 if (startswith(w, "+")) {
5108 shall_prefix = true;
5109 w++;
5110 }
7b07e993 5111
06536492 5112 r = unit_path_printf(u, w, &resolved);
7b07e993 5113 if (r < 0) {
323dda78 5114 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s: %m", w);
94828d2d
LP		 5115 continue;
5116 }
5117
2f4d31c1
YW		 5118 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5119 if (r < 0)
7b07e993 5120 continue;
94828d2d 5121
20b7a007
LP		 5122 joined = strjoin(ignore_enoent ? "-" : "",
5123 shall_prefix ? "+" : "",
5124 resolved);
7b07e993
LP		 5125
5126 r = strv_push(sv, joined);
94828d2d
LP		 5127 if (r < 0)
5128 return log_oom();
5129
7b07e993 5130 joined = NULL;
94828d2d
LP		 5131 }
5132
5133 return 0;
5134}
5135
2abd4e38
YW		 5136int config_parse_temporary_filesystems(
5137 const char *unit,
5138 const char *filename,
5139 unsigned line,
5140 const char *section,
5141 unsigned section_line,
5142 const char *lvalue,
5143 int ltype,
5144 const char *rvalue,
5145 void *data,
5146 void *userdata) {
5147
47538b76 5148 const Unit *u = userdata;
99534007 5149 ExecContext *c = ASSERT_PTR(data);
2abd4e38
YW		 5150 int r;
5151
5152 assert(filename);
5153 assert(lvalue);
5154 assert(rvalue);
2abd4e38
YW		 5155
5156 if (isempty(rvalue)) {
5157 /* Empty assignment resets the list */
5158 temporary_filesystem_free_many(c->temporary_filesystems, c->n_temporary_filesystems);
5159 c->temporary_filesystems = NULL;
5160 c->n_temporary_filesystems = 0;
5161 return 0;
5162 }
5163
323dda78 5164 for (const char *p = rvalue;;) {
2abd4e38
YW		 5165 _cleanup_free_ char *word = NULL, *path = NULL, *resolved = NULL;
5166 const char *w;
5167
4ec85141 5168 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
2abd4e38
YW		 5169 if (r == -ENOMEM)
5170 return log_oom();
5171 if (r < 0) {
323dda78 5172 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract first word, ignoring: %s", rvalue);
2abd4e38
YW		 5173 return 0;
5174 }
a687f500
ZJS		 5175 if (r == 0)
5176 return 0;
2abd4e38
YW		 5177
5178 w = word;
5179 r = extract_first_word(&w, &path, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
063c4b1a
YW		 5180 if (r == -ENOMEM)
5181 return log_oom();
5182 if (r < 0) {
323dda78 5183 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract first word, ignoring: %s", word);
063c4b1a
YW		 5184 continue;
5185 }
5186 if (r == 0) {
323dda78 5187 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid syntax, ignoring: %s", word);
063c4b1a
YW		 5188 continue;
5189 }
2abd4e38 5190
06536492 5191 r = unit_path_printf(u, path, &resolved);
2abd4e38 5192 if (r < 0) {
323dda78 5193 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", path);
2abd4e38
YW		 5194 continue;
5195 }
5196
2f4d31c1
YW		 5197 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5198 if (r < 0)
2abd4e38 5199 continue;
2abd4e38 5200
a26fec24 5201 r = temporary_filesystem_add(&c->temporary_filesystems, &c->n_temporary_filesystems, resolved, w);
6302d1ea 5202 if (r < 0)
2abd4e38 5203 return log_oom();
2abd4e38 5204 }
2abd4e38
YW		 5205}
5206
d2d6c096
LP		 5207int config_parse_bind_paths(
5208 const char *unit,
5209 const char *filename,
5210 unsigned line,
5211 const char *section,
5212 unsigned section_line,
5213 const char *lvalue,
5214 int ltype,
5215 const char *rvalue,
5216 void *data,
5217 void *userdata) {
5218
99534007 5219 ExecContext *c = ASSERT_PTR(data);
47538b76 5220 const Unit *u = userdata;
d2d6c096
LP		 5221 int r;
5222
5223 assert(filename);
5224 assert(lvalue);
5225 assert(rvalue);
d2d6c096
LP		 5226
5227 if (isempty(rvalue)) {
5228 /* Empty assignment resets the list */
5229 bind_mount_free_many(c->bind_mounts, c->n_bind_mounts);
5230 c->bind_mounts = NULL;
5231 c->n_bind_mounts = 0;
5232 return 0;
5233 }
5234
323dda78 5235 for (const char *p = rvalue;;) {
d2d6c096 5236 _cleanup_free_ char *source = NULL, *destination = NULL;
42d43f21 5237 _cleanup_free_ char *sresolved = NULL, *dresolved = NULL;
d2d6c096
LP		 5238 char *s = NULL, *d = NULL;
5239 bool rbind = true, ignore_enoent = false;
5240
4ec85141 5241 r = extract_first_word(&p, &source, ":" WHITESPACE, EXTRACT_UNQUOTE|EXTRACT_DONT_COALESCE_SEPARATORS);
d2d6c096
LP		 5242 if (r == -ENOMEM)
5243 return log_oom();
5244 if (r < 0) {
323dda78 5245 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s, ignoring: %s", lvalue, rvalue);
d2d6c096
LP		 5246 return 0;
5247 }
a687f500
ZJS		 5248 if (r == 0)
5249 break;
d2d6c096 5250
06536492 5251 r = unit_full_printf_full(u, source, PATH_MAX, &sresolved);
42d43f21 5252 if (r < 0) {
323dda78 5253 log_syntax(unit, LOG_WARNING, filename, line, r,
556a7bbe 5254 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", source);
2f4d31c1 5255 continue;
42d43f21
DC		 5256 }
5257
5258 s = sresolved;
d2d6c096
LP		 5259 if (s[0] == '-') {
5260 ignore_enoent = true;
5261 s++;
5262 }
5263
2f4d31c1
YW		 5264 r = path_simplify_and_warn(s, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5265 if (r < 0)
5266 continue;
d2d6c096
LP		 5267
5268 /* Optionally, the destination is specified. */
5269 if (p && p[-1] == ':') {
4ec85141 5270 r = extract_first_word(&p, &destination, ":" WHITESPACE, EXTRACT_UNQUOTE|EXTRACT_DONT_COALESCE_SEPARATORS);
d2d6c096
LP		 5271 if (r == -ENOMEM)
5272 return log_oom();
5273 if (r < 0) {
323dda78 5274 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s, ignoring: %s", lvalue, rvalue);
d2d6c096
LP		 5275 return 0;
5276 }
5277 if (r == 0) {
323dda78 5278 log_syntax(unit, LOG_WARNING, filename, line, 0, "Missing argument after ':', ignoring: %s", s);
2f4d31c1 5279 continue;
d2d6c096
LP		 5280 }
5281
06536492 5282 r = unit_path_printf(u, destination, &dresolved);
42d43f21 5283 if (r < 0) {
323dda78 5284 log_syntax(unit, LOG_WARNING, filename, line, r,
556a7bbe 5285 "Failed to resolve specifiers in \"%s\", ignoring: %m", destination);
2f4d31c1 5286 continue;
42d43f21
DC		 5287 }
5288
2f4d31c1
YW		 5289 r = path_simplify_and_warn(dresolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5290 if (r < 0)
5291 continue;
d2d6c096 5292
2f4d31c1 5293 d = dresolved;
d2d6c096
LP		 5294
5295 /* Optionally, there's also a short option string specified */
5296 if (p && p[-1] == ':') {
5297 _cleanup_free_ char *options = NULL;
5298
4ec85141 5299 r = extract_first_word(&p, &options, NULL, EXTRACT_UNQUOTE);
d2d6c096
LP		 5300 if (r == -ENOMEM)
5301 return log_oom();
5302 if (r < 0) {
6a35d52d 5303 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s=, ignoring: %s", lvalue, rvalue);
d2d6c096
LP		 5304 return 0;
5305 }
5306
5307 if (isempty(options) || streq(options, "rbind"))
5308 rbind = true;
5309 else if (streq(options, "norbind"))
5310 rbind = false;
5311 else {
323dda78 5312 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid option string, ignoring setting: %s", options);
2f4d31c1 5313 continue;
d2d6c096
LP		 5314 }
5315 }
5316 } else
5317 d = s;
5318
5319 r = bind_mount_add(&c->bind_mounts, &c->n_bind_mounts,
5320 &(BindMount) {
5321 .source = s,
5322 .destination = d,
5323 .read_only = !!strstr(lvalue, "ReadOnly"),
5324 .recursive = rbind,
5325 .ignore_enoent = ignore_enoent,
5326 });
5327 if (r < 0)
5328 return log_oom();
5329 }
5330
5331 return 0;
5332}
5333
b3d13314
LB		 5334int config_parse_mount_images(
5335 const char *unit,
5336 const char *filename,
5337 unsigned line,
5338 const char *section,
5339 unsigned section_line,
5340 const char *lvalue,
5341 int ltype,
5342 const char *rvalue,
5343 void *data,
5344 void *userdata) {
5345
99534007 5346 ExecContext *c = ASSERT_PTR(data);
b3d13314 5347 const Unit *u = userdata;
b3d13314
LB		 5348 int r;
5349
5350 assert(filename);
5351 assert(lvalue);
5352 assert(rvalue);
b3d13314
LB		 5353
5354 if (isempty(rvalue)) {
5355 /* Empty assignment resets the list */
5356 c->mount_images = mount_image_free_many(c->mount_images, &c->n_mount_images);
5357 return 0;
5358 }
5359
323dda78 5360 for (const char *p = rvalue;;) {
427353f6
LB		 5361 _cleanup_(mount_options_free_allp) MountOptions *options = NULL;
5362 _cleanup_free_ char *first = NULL, *second = NULL, *tuple = NULL;
b3d13314 5363 _cleanup_free_ char *sresolved = NULL, *dresolved = NULL;
427353f6 5364 const char *q = NULL;
b3d13314
LB		 5365 char *s = NULL;
5366 bool permissive = false;
5367
427353f6 5368 r = extract_first_word(&p, &tuple, NULL, EXTRACT_UNQUOTE|EXTRACT_RETAIN_ESCAPE);
323dda78
YW		 5369 if (r == -ENOMEM)
5370 return log_oom();
5371 if (r < 0) {
5372 log_syntax(unit, LOG_WARNING, filename, line, r,
5373 "Invalid syntax %s=%s, ignoring: %m", lvalue, rvalue);
5374 return 0;
5375 }
427353f6 5376 if (r == 0)
323dda78 5377 return 0;
427353f6
LB		 5378
5379 q = tuple;
5380 r = extract_many_words(&q, ":", EXTRACT_CUNESCAPE|EXTRACT_UNESCAPE_SEPARATORS, &first, &second, NULL);
323dda78
YW		 5381 if (r == -ENOMEM)
5382 return log_oom();
5383 if (r < 0) {
5384 log_syntax(unit, LOG_WARNING, filename, line, r,
5385 "Invalid syntax in %s=, ignoring: %s", lvalue, tuple);
5386 return 0;
5387 }
427353f6
LB		 5388 if (r == 0)
5389 continue;
5390
6c3f7ca0 5391 s = first;
b3d13314
LB		 5392 if (s[0] == '-') {
5393 permissive = true;
5394 s++;
5395 }
5396
06536492 5397 r = unit_path_printf(u, s, &sresolved);
6c3f7ca0
LB		 5398 if (r < 0) {
5399 log_syntax(unit, LOG_WARNING, filename, line, r,
5400 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", s);
5401 continue;
5402 }
5403
5404 r = path_simplify_and_warn(sresolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
b3d13314
LB		 5405 if (r < 0)
5406 continue;
5407
427353f6 5408 if (isempty(second)) {
323dda78 5409 log_syntax(unit, LOG_WARNING, filename, line, 0, "Missing destination in %s, ignoring: %s", lvalue, rvalue);
b3d13314
LB		 5410 continue;
5411 }
5412
06536492 5413 r = unit_path_printf(u, second, &dresolved);
b3d13314 5414 if (r < 0) {
323dda78 5415 log_syntax(unit, LOG_WARNING, filename, line, r,
427353f6 5416 "Failed to resolve specifiers in \"%s\", ignoring: %m", second);
b3d13314
LB		 5417 continue;
5418 }
5419
5420 r = path_simplify_and_warn(dresolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5421 if (r < 0)
5422 continue;
5423
427353f6
LB		 5424 for (;;) {
5425 _cleanup_free_ char *partition = NULL, *mount_options = NULL, *mount_options_resolved = NULL;
5426 MountOptions *o = NULL;
569a0e42 5427 PartitionDesignator partition_designator;
427353f6
LB		 5428
5429 r = extract_many_words(&q, ":", EXTRACT_CUNESCAPE|EXTRACT_UNESCAPE_SEPARATORS, &partition, &mount_options, NULL);
323dda78
YW		 5430 if (r == -ENOMEM)
5431 return log_oom();
5432 if (r < 0) {
5433 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", q);
5434 return 0;
5435 }
427353f6
LB		 5436 if (r == 0)
5437 break;
5438 /* Single set of options, applying to the root partition/single filesystem */
5439 if (r == 1) {
5440 r = unit_full_printf(u, partition, &mount_options_resolved);
5441 if (r < 0) {
323dda78 5442 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", first);
427353f6
LB		 5443 continue;
5444 }
5445
5446 o = new(MountOptions, 1);
5447 if (!o)
5448 return log_oom();
5449 *o = (MountOptions) {
5450 .partition_designator = PARTITION_ROOT,
5451 .options = TAKE_PTR(mount_options_resolved),
5452 };
5453 LIST_APPEND(mount_options, options, o);
5454
5455 break;
5456 }
5457
5458 partition_designator = partition_designator_from_string(partition);
5459 if (partition_designator < 0) {
b98680b2
YW		 5460 log_syntax(unit, LOG_WARNING, filename, line, partition_designator,
5461 "Invalid partition name %s, ignoring", partition);
427353f6
LB		 5462 continue;
5463 }
5464 r = unit_full_printf(u, mount_options, &mount_options_resolved);
5465 if (r < 0) {
323dda78 5466 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options);
427353f6
LB		 5467 continue;
5468 }
5469
5470 o = new(MountOptions, 1);
5471 if (!o)
5472 return log_oom();
5473 *o = (MountOptions) {
5474 .partition_designator = partition_designator,
5475 .options = TAKE_PTR(mount_options_resolved),
5476 };
5477 LIST_APPEND(mount_options, options, o);
5478 }
5479
b3d13314
LB		 5480 r = mount_image_add(&c->mount_images, &c->n_mount_images,
5481 &(MountImage) {
6c3f7ca0 5482 .source = sresolved,
b3d13314 5483 .destination = dresolved,
427353f6 5484 .mount_options = options,
b3d13314 5485 .ignore_enoent = permissive,
93f59701
LB		 5486 .type = MOUNT_IMAGE_DISCRETE,
5487 });
5488 if (r < 0)
5489 return log_oom();
5490 }
5491}
5492
5493int config_parse_extension_images(
5494 const char *unit,
5495 const char *filename,
5496 unsigned line,
5497 const char *section,
5498 unsigned section_line,
5499 const char *lvalue,
5500 int ltype,
5501 const char *rvalue,
5502 void *data,
5503 void *userdata) {
5504
99534007 5505 ExecContext *c = ASSERT_PTR(data);
93f59701
LB		 5506 const Unit *u = userdata;
5507 int r;
5508
5509 assert(filename);
5510 assert(lvalue);
5511 assert(rvalue);
93f59701
LB		 5512
5513 if (isempty(rvalue)) {
5514 /* Empty assignment resets the list */
5515 c->extension_images = mount_image_free_many(c->extension_images, &c->n_extension_images);
5516 return 0;
5517 }
5518
5519 for (const char *p = rvalue;;) {
5520 _cleanup_free_ char *source = NULL, *tuple = NULL, *sresolved = NULL;
5521 _cleanup_(mount_options_free_allp) MountOptions *options = NULL;
5522 bool permissive = false;
5523 const char *q = NULL;
5524 char *s = NULL;
5525
5526 r = extract_first_word(&p, &tuple, NULL, EXTRACT_UNQUOTE|EXTRACT_RETAIN_ESCAPE);
5527 if (r == -ENOMEM)
5528 return log_oom();
5529 if (r < 0) {
5530 log_syntax(unit, LOG_WARNING, filename, line, r,
5531 "Invalid syntax %s=%s, ignoring: %m", lvalue, rvalue);
5532 return 0;
5533 }
5534 if (r == 0)
5535 return 0;
5536
5537 q = tuple;
5538 r = extract_first_word(&q, &source, ":", EXTRACT_CUNESCAPE|EXTRACT_UNESCAPE_SEPARATORS);
5539 if (r == -ENOMEM)
5540 return log_oom();
5541 if (r < 0) {
5542 log_syntax(unit, LOG_WARNING, filename, line, r,
5543 "Invalid syntax in %s=, ignoring: %s", lvalue, tuple);
5544 return 0;
5545 }
5546 if (r == 0)
5547 continue;
5548
5549 s = source;
5550 if (s[0] == '-') {
5551 permissive = true;
5552 s++;
5553 }
5554
06536492 5555 r = unit_path_printf(u, s, &sresolved);
93f59701
LB		 5556 if (r < 0) {
5557 log_syntax(unit, LOG_WARNING, filename, line, r,
5558 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", s);
5559 continue;
5560 }
5561
5562 r = path_simplify_and_warn(sresolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5563 if (r < 0)
5564 continue;
5565
5566 for (;;) {
5567 _cleanup_free_ char *partition = NULL, *mount_options = NULL, *mount_options_resolved = NULL;
5568 MountOptions *o = NULL;
5569 PartitionDesignator partition_designator;
5570
5571 r = extract_many_words(&q, ":", EXTRACT_CUNESCAPE|EXTRACT_UNESCAPE_SEPARATORS, &partition, &mount_options, NULL);
5572 if (r == -ENOMEM)
5573 return log_oom();
5574 if (r < 0) {
5575 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", q);
5576 return 0;
5577 }
5578 if (r == 0)
5579 break;
5580 /* Single set of options, applying to the root partition/single filesystem */
5581 if (r == 1) {
5582 r = unit_full_printf(u, partition, &mount_options_resolved);
5583 if (r < 0) {
5584 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", partition);
5585 continue;
5586 }
5587
5588 o = new(MountOptions, 1);
5589 if (!o)
5590 return log_oom();
5591 *o = (MountOptions) {
5592 .partition_designator = PARTITION_ROOT,
5593 .options = TAKE_PTR(mount_options_resolved),
5594 };
5595 LIST_APPEND(mount_options, options, o);
5596
5597 break;
5598 }
5599
5600 partition_designator = partition_designator_from_string(partition);
5601 if (partition_designator < 0) {
5602 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid partition name %s, ignoring", partition);
5603 continue;
5604 }
5605 r = unit_full_printf(u, mount_options, &mount_options_resolved);
5606 if (r < 0) {
5607 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options);
5608 continue;
5609 }
5610
5611 o = new(MountOptions, 1);
5612 if (!o)
5613 return log_oom();
5614 *o = (MountOptions) {
5615 .partition_designator = partition_designator,
5616 .options = TAKE_PTR(mount_options_resolved),
5617 };
5618 LIST_APPEND(mount_options, options, o);
5619 }
5620
5621 r = mount_image_add(&c->extension_images, &c->n_extension_images,
5622 &(MountImage) {
5623 .source = sresolved,
5624 .mount_options = options,
5625 .ignore_enoent = permissive,
5626 .type = MOUNT_IMAGE_EXTENSION,
b3d13314
LB		 5627 });
5628 if (r < 0)
5629 return log_oom();
5630 }
b3d13314
LB		 5631}
5632
eae51da3
LP		 5633int config_parse_job_timeout_sec(
5634 const char* unit,
5635 const char *filename,
5636 unsigned line,
5637 const char *section,
5638 unsigned section_line,
5639 const char *lvalue,
5640 int ltype,
5641 const char *rvalue,
5642 void *data,
5643 void *userdata) {
5644
99534007 5645 Unit *u = ASSERT_PTR(data);
eae51da3
LP		 5646 usec_t usec;
5647 int r;
5648
5649 assert(filename);
5650 assert(lvalue);
5651 assert(rvalue);
eae51da3
LP		 5652
5653 r = parse_sec_fix_0(rvalue, &usec);
5654 if (r < 0) {
323dda78 5655 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse JobTimeoutSec= parameter, ignoring: %s", rvalue);
eae51da3
LP		 5656 return 0;
5657 }
5658
5659 /* If the user explicitly changed JobTimeoutSec= also change JobRunningTimeoutSec=, for compatibility with old
c05f3c8f 5660 * versions. If JobRunningTimeoutSec= was explicitly set, avoid this however as whatever the user picked should
eae51da3
LP		 5661 * count. */
5662
5663 if (!u->job_running_timeout_set)
5664 u->job_running_timeout = usec;
5665
5666 u->job_timeout = usec;
5667
5668 return 0;
5669}
5670
5671int config_parse_job_running_timeout_sec(
5672 const char* unit,
5673 const char *filename,
5674 unsigned line,
5675 const char *section,
5676 unsigned section_line,
5677 const char *lvalue,
5678 int ltype,
5679 const char *rvalue,
5680 void *data,
5681 void *userdata) {
5682
99534007 5683 Unit *u = ASSERT_PTR(data);
eae51da3
LP		 5684 usec_t usec;
5685 int r;
5686
5687 assert(filename);
5688 assert(lvalue);
5689 assert(rvalue);
eae51da3
LP		 5690
5691 r = parse_sec_fix_0(rvalue, &usec);
5692 if (r < 0) {
323dda78 5693 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse JobRunningTimeoutSec= parameter, ignoring: %s", rvalue);
eae51da3
LP		 5694 return 0;
5695 }
5696
5697 u->job_running_timeout = usec;
5698 u->job_running_timeout_set = true;
5699
5700 return 0;
5701}
5702
54fcb619
ZJS		 5703int config_parse_emergency_action(
5704 const char* unit,
5705 const char *filename,
5706 unsigned line,
5707 const char *section,
5708 unsigned section_line,
5709 const char *lvalue,
5710 int ltype,
5711 const char *rvalue,
5712 void *data,
5713 void *userdata) {
5714
99534007 5715 EmergencyAction *x = ASSERT_PTR(data);
4870133b 5716 RuntimeScope runtime_scope;
54fcb619
ZJS		 5717 int r;
5718
5719 assert(filename);
5720 assert(lvalue);
5721 assert(rvalue);
54fcb619 5722
724f061d 5723 /* If we have a unit determine the scope based on it */
54fcb619 5724 if (unit)
4870133b 5725 runtime_scope = ((Unit*) ASSERT_PTR(userdata))->manager->runtime_scope;
54fcb619 5726 else
4870133b 5727 runtime_scope = ltype; /* otherwise, assume the scope is passed in via ltype */
54fcb619 5728
4870133b 5729 r = parse_emergency_action(rvalue, runtime_scope, x);
54fcb619
ZJS		 5730 if (r < 0) {
5731 if (r == -EOPNOTSUPP)
323dda78 5732 log_syntax(unit, LOG_WARNING, filename, line, r,
54fcb619 5733 "%s= specified as %s mode action, ignoring: %s",
4870133b 5734 lvalue, runtime_scope_to_string(runtime_scope), rvalue);
54fcb619 5735 else
323dda78 5736 log_syntax(unit, LOG_WARNING, filename, line, r,
54fcb619
ZJS		 5737 "Failed to parse %s=, ignoring: %s", lvalue, rvalue);
5738 return 0;
5739 }
5740
5741 return 0;
5742}
5743
a9353a5c
LP		 5744int config_parse_pid_file(
5745 const char *unit,
5746 const char *filename,
5747 unsigned line,
5748 const char *section,
5749 unsigned section_line,
5750 const char *lvalue,
5751 int ltype,
5752 const char *rvalue,
5753 void *data,
5754 void *userdata) {
5755
5756 _cleanup_free_ char *k = NULL, *n = NULL;
99534007 5757 const Unit *u = ASSERT_PTR(userdata);
a9353a5c 5758 char **s = data;
a9353a5c
LP		 5759 int r;
5760
5761 assert(filename);
5762 assert(lvalue);
5763 assert(rvalue);
a9353a5c 5764
b8055c05
YW		 5765 if (isempty(rvalue)) {
5766 /* An empty assignment removes already set value. */
5767 *s = mfree(*s);
5768 return 0;
5769 }
5770
06536492 5771 r = unit_path_printf(u, rvalue, &k);
a9353a5c 5772 if (r < 0) {
323dda78 5773 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
a9353a5c
LP		 5774 return 0;
5775 }
5776
5777 /* If this is a relative path make it absolute by prefixing the /run */
5778 n = path_make_absolute(k, u->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
5779 if (!n)
5780 return log_oom();
5781
5782 /* Check that the result is a sensible path */
5783 r = path_simplify_and_warn(n, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5784 if (r < 0)
5785 return r;
5786
4a66b5c9
LP		 5787 r = patch_var_run(unit, filename, line, lvalue, &n);
5788 if (r < 0)
5789 return r;
a9353a5c 5790
4a66b5c9 5791 free_and_replace(*s, n);
a9353a5c
LP		 5792 return 0;
5793}
5794
7af67e9a
LP		 5795int config_parse_exit_status(
5796 const char *unit,
5797 const char *filename,
5798 unsigned line,
5799 const char *section,
5800 unsigned section_line,
5801 const char *lvalue,
5802 int ltype,
5803 const char *rvalue,
5804 void *data,
5805 void *userdata) {
5806
5807 int *exit_status = data, r;
5808 uint8_t u;
5809
5810 assert(filename);
5811 assert(lvalue);
5812 assert(rvalue);
5813 assert(exit_status);
5814
5815 if (isempty(rvalue)) {
5816 *exit_status = -1;
5817 return 0;
5818 }
5819
5820 r = safe_atou8(rvalue, &u);
5821 if (r < 0) {
323dda78 5822 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse exit status '%s', ignoring: %m", rvalue);
7af67e9a
LP		 5823 return 0;
5824 }
5825
5826 *exit_status = u;
5827 return 0;
5828}
5829
c72703e2
CD		 5830int config_parse_disable_controllers(
5831 const char *unit,
5832 const char *filename,
5833 unsigned line,
5834 const char *section,
5835 unsigned section_line,
5836 const char *lvalue,
5837 int ltype,
5838 const char *rvalue,
5839 void *data,
5840 void *userdata) {
5841
5842 int r;
5843 CGroupContext *c = data;
5844 CGroupMask disabled_mask;
5845
5846 /* 1. If empty, make all controllers eligible for use again.
5847 * 2. If non-empty, merge all listed controllers, space separated. */
5848
5849 if (isempty(rvalue)) {
5850 c->disable_controllers = 0;
5851 return 0;
5852 }
5853
5854 r = cg_mask_from_string(rvalue, &disabled_mask);
5855 if (r < 0 || disabled_mask <= 0) {
323dda78 5856 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid cgroup string: %s, ignoring", rvalue);
c72703e2
CD		 5857 return 0;
5858 }
5859
5860 c->disable_controllers |= disabled_mask;
5861
5862 return 0;
5863}
5864
fab34748
KL		 5865int config_parse_ip_filter_bpf_progs(
5866 const char *unit,
5867 const char *filename,
5868 unsigned line,
5869 const char *section,
5870 unsigned section_line,
5871 const char *lvalue,
5872 int ltype,
5873 const char *rvalue,
5874 void *data,
5875 void *userdata) {
5876
5877 _cleanup_free_ char *resolved = NULL;
47538b76 5878 const Unit *u = userdata;
99534007 5879 char ***paths = ASSERT_PTR(data);
fab34748
KL		 5880 int r;
5881
5882 assert(filename);
5883 assert(lvalue);
5884 assert(rvalue);
fab34748
KL		 5885
5886 if (isempty(rvalue)) {
5887 *paths = strv_free(*paths);
5888 return 0;
5889 }
5890
06536492 5891 r = unit_path_printf(u, rvalue, &resolved);
fab34748 5892 if (r < 0) {
323dda78 5893 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
fab34748
KL		 5894 return 0;
5895 }
5896
5897 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5898 if (r < 0)
5899 return 0;
5900
5901 if (strv_contains(*paths, resolved))
5902 return 0;
5903
5904 r = strv_extend(paths, resolved);
5905 if (r < 0)
5906 return log_oom();
5907
5908 r = bpf_firewall_supported();
5909 if (r < 0)
5910 return r;
5911 if (r != BPF_FIREWALL_SUPPORTED_WITH_MULTI) {
5912 static bool warned = false;
5913
5914 log_full(warned ? LOG_DEBUG : LOG_WARNING,
5915 "File %s:%u configures an IP firewall with BPF programs (%s=%s), but the local system does not support BPF/cgroup based firewalling with multiple filters.\n"
5916 "Starting this unit will fail! (This warning is only shown for the first loaded unit using IP firewalling.)", filename, line, lvalue, rvalue);
5917
5918 warned = true;
5919 }
5920
5921 return 0;
5922}
5923
0879da98
JK		 5924int config_parse_bpf_foreign_program(
5925 const char *unit,
5926 const char *filename,
5927 unsigned line,
5928 const char *section,
5929 unsigned section_line,
5930 const char *lvalue,
5931 int ltype,
5932 const char *rvalue,
5933 void *data,
5934 void *userdata) {
5935 _cleanup_free_ char *resolved = NULL, *word = NULL;
5936 CGroupContext *c = data;
99534007 5937 const char *p = ASSERT_PTR(rvalue);
0879da98
JK		 5938 Unit *u = userdata;
5939 int attach_type, r;
5940
5941 assert(filename);
5942 assert(lvalue);
0879da98
JK		 5943
5944 if (isempty(rvalue)) {
5945 while (c->bpf_foreign_programs)
5946 cgroup_context_remove_bpf_foreign_program(c, c->bpf_foreign_programs);
5947
5948 return 0;
5949 }
5950
6a35d52d 5951 r = extract_first_word(&p, &word, ":", 0);
0879da98
JK		 5952 if (r == -ENOMEM)
5953 return log_oom();
6a35d52d 5954 if (r < 0) {
0879da98
JK		 5955 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse foreign BPF program, ignoring: %s", rvalue);
5956 return 0;
5957 }
6a35d52d
YW		 5958 if (r == 0 || isempty(p)) {
5959 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid syntax in %s=, ignoring: %s", lvalue, rvalue);
5960 return 0;
5961 }
0879da98
JK		 5962
5963 attach_type = bpf_cgroup_attach_type_from_string(word);
5964 if (attach_type < 0) {
5965 log_syntax(unit, LOG_WARNING, filename, line, 0, "Unknown BPF attach type=%s, ignoring: %s", word, rvalue);
5966 return 0;
5967 }
5968
6a35d52d 5969 r = unit_path_printf(u, p, &resolved);
0879da98 5970 if (r < 0) {
6a35d52d 5971 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %s", p, rvalue);
0879da98
JK		 5972 return 0;
5973 }
5974
5975 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5976 if (r < 0)
5977 return 0;
5978
5979 r = cgroup_add_bpf_foreign_program(c, attach_type, resolved);
5980 if (r < 0)
5981 return log_error_errno(r, "Failed to add foreign BPF program to cgroup context: %m");
5982
5983 return 0;
5984}
5985
8dd210ab
JK		 5986int config_parse_cgroup_socket_bind(
5987 const char *unit,
5988 const char *filename,
5989 unsigned line,
5990 const char *section,
5991 unsigned section_line,
5992 const char *lvalue,
5993 int ltype,
5994 const char *rvalue,
5995 void *data,
5996 void *userdata) {
5997 _cleanup_free_ CGroupSocketBindItem *item = NULL;
8dd210ab 5998 CGroupSocketBindItem **head = data;
5587ce7f
JK		 5999 uint16_t nr_ports, port_min;
6000 int af, ip_protocol, r;
8dd210ab
JK		 6001
6002 if (isempty(rvalue)) {
6003 cgroup_context_remove_socket_bind(head);
6004 return 0;
6005 }
6006
5587ce7f 6007 r = parse_socket_bind_item(rvalue, &af, &ip_protocol, &nr_ports, &port_min);
8dd210ab
JK		 6008 if (r == -ENOMEM)
6009 return log_oom();
5587ce7f 6010 if (r < 0) {
cc87b3f6
ZJS		 6011 log_syntax(unit, LOG_WARNING, filename, line, r,
6012 "Unable to parse %s= assignment, ignoring: %s", lvalue, rvalue);
6013 return 0;
6014 }
8dd210ab 6015
8dd210ab
JK		 6016 item = new(CGroupSocketBindItem, 1);
6017 if (!item)
6018 return log_oom();
6019 *item = (CGroupSocketBindItem) {
6020 .address_family = af,
5587ce7f 6021 .ip_protocol = ip_protocol,
8dd210ab
JK		 6022 .nr_ports = nr_ports,
6023 .port_min = port_min,
6024 };
6025
6026 LIST_PREPEND(socket_bind_items, *head, TAKE_PTR(item));
6027
6028 return 0;
6029}
6030
4f0c25c7
MV		 6031int config_parse_restrict_network_interfaces(
6032 const char *unit,
6033 const char *filename,
6034 unsigned line,
6035 const char *section,
6036 unsigned section_line,
6037 const char *lvalue,
6038 int ltype,
6039 const char *rvalue,
6040 void *data,
6041 void *userdata) {
99534007 6042 CGroupContext *c = ASSERT_PTR(data);
4f0c25c7
MV		 6043 bool is_allow_rule = true;
6044 int r;
6045
6046 assert(filename);
6047 assert(lvalue);
6048 assert(rvalue);
4f0c25c7
MV		 6049
6050 if (isempty(rvalue)) {
6051 /* Empty assignment resets the list */
1a572fd0 6052 c->restrict_network_interfaces = set_free_free(c->restrict_network_interfaces);
4f0c25c7
MV		 6053 return 0;
6054 }
6055
6056 if (rvalue[0] == '~') {
6057 is_allow_rule = false;
6058 rvalue++;
6059 }
6060
6061 if (set_isempty(c->restrict_network_interfaces))
6062 /* Only initialize this when creating the set */
6063 c->restrict_network_interfaces_is_allow_list = is_allow_rule;
6064
6065 for (const char *p = rvalue;;) {
6066 _cleanup_free_ char *word = NULL;
6067
6068 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
6069 if (r == 0)
6070 break;
6071 if (r == -ENOMEM)
6072 return log_oom();
6073 if (r < 0) {
6074 log_syntax(unit, LOG_WARNING, filename, line, r,
6075 "Trailing garbage in %s, ignoring: %s", lvalue, rvalue);
6076 break;
6077 }
6078
6079 if (!ifname_valid(word)) {
6080 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid interface name, ignoring: %s", word);
6081 continue;
6082 }
6083
6084 if (c->restrict_network_interfaces_is_allow_list != is_allow_rule)
6085 free(set_remove(c->restrict_network_interfaces, word));
6086 else {
6087 r = set_put_strdup(&c->restrict_network_interfaces, word);
6088 if (r < 0)
6089 return log_oom();
6090 }
6091 }
6092
6093 return 0;
6094}
6095
57ffa99d 6096static int merge_by_names(Unit *u, Set *names, const char *id) {
23a177ef
LP		 6097 char *k;
6098 int r;
6099
6100 assert(u);
23a177ef 6101
e8630e69 6102 /* Let's try to add in all names that are aliases of this unit */
23a177ef 6103 while ((k = set_steal_first(names))) {
e8630e69 6104 _cleanup_free_ _unused_ char *free_k = k;
23a177ef 6105
e8630e69 6106 /* First try to merge in the other name into our unit */
57ffa99d 6107 r = unit_merge_by_name(u, k);
9946996c 6108 if (r < 0) {
23a177ef
LP		 6109 Unit *other;
6110
e8630e69
ZJS		 6111 /* Hmm, we couldn't merge the other unit into ours? Then let's try it the other way
6112 * round. */
036643a2 6113
57ffa99d 6114 other = manager_get_unit(u->manager, k);
e8630e69
ZJS		 6115 if (!other)
6116 return r; /* return previous failure */
036643a2 6117
57ffa99d 6118 r = unit_merge(other, u);
e8630e69 6119 if (r < 0)
a837f088 6120 return r;
fe51822e 6121
57ffa99d 6122 return merge_by_names(other, names, NULL);
036643a2 6123 }
034c6ed7 6124
e8630e69 6125 if (streq_ptr(id, k))
57ffa99d 6126 unit_choose_id(u, id);
1b64d026
LP		 6127 }
6128
e48614c4 6129 return 0;
0301abf4
LP		 6130}
6131
e537352b 6132int unit_load_fragment(Unit *u) {
e8630e69
ZJS		 6133 const char *fragment;
6134 _cleanup_set_free_free_ Set *names = NULL;
23a177ef 6135 int r;
0301abf4
LP		 6136
6137 assert(u);
ac155bb8
MS		 6138 assert(u->load_state == UNIT_STUB);
6139 assert(u->id);
23a177ef 6140
3f5e8115 6141 if (u->transient) {
23e9a7dd 6142 u->access_selinux_context = mfree(u->access_selinux_context);
3f5e8115
LP		 6143 u->load_state = UNIT_LOADED;
6144 return 0;
6145 }
6146
91e0ee5f
ZJS		 6147 /* Possibly rebuild the fragment map to catch new units */
6148 r = unit_file_build_name_map(&u->manager->lookup_paths,
c2911d48 6149 &u->manager->unit_cache_timestamp_hash,
91e0ee5f
ZJS		 6150 &u->manager->unit_id_map,
6151 &u->manager->unit_name_map,
6152 &u->manager->unit_path_cache);
9946996c 6153 if (r < 0)
14140908 6154 return log_error_errno(r, "Failed to rebuild name map: %m");
91e0ee5f 6155
e8630e69
ZJS		 6156 r = unit_file_find_fragment(u->manager->unit_id_map,
6157 u->manager->unit_name_map,
6158 u->id,
6159 &fragment,
6160 &names);
6161 if (r < 0 && r != -ENOENT)
294d81f1
LP		 6162 return r;
6163
e8630e69
ZJS		 6164 if (fragment) {
6165 /* Open the file, check if this is a mask, otherwise read. */
6166 _cleanup_fclose_ FILE *f = NULL;
c9e06956 6167 struct stat st;
0301abf4 6168
e8630e69
ZJS		 6169 /* Try to open the file name. A symlink is OK, for example for linked files or masks. We
6170 * expect that all symlinks within the lookup paths have been already resolved, but we don't
6171 * verify this here. */
6172 f = fopen(fragment, "re");
6173 if (!f)
6174 return log_unit_notice_errno(u, errno, "Failed to open %s: %m", fragment);
6ccb1b44 6175
e8630e69
ZJS		 6176 if (fstat(fileno(f), &st) < 0)
6177 return -errno;
294d81f1 6178
e8630e69 6179 r = free_and_strdup(&u->fragment_path, fragment);
7410616c
LP		 6180 if (r < 0)
6181 return r;
294d81f1 6182
e8630e69 6183 if (null_or_empty(&st)) {
88414eed
LP		 6184 /* Unit file is masked */
6185
6186 u->load_state = u->perpetual ? UNIT_LOADED : UNIT_MASKED; /* don't allow perpetual units to ever be masked */
e8630e69 6187 u->fragment_mtime = 0;
23e9a7dd 6188 u->access_selinux_context = mfree(u->access_selinux_context);
e8630e69 6189 } else {
23e9a7dd
LP		 6190#if HAVE_SELINUX
6191 if (mac_selinux_use()) {
6192 _cleanup_freecon_ char *selcon = NULL;
6193
6194 /* Cache the SELinux context of the unit file here. We'll make use of when checking access permissions to loaded units */
6195 r = fgetfilecon_raw(fileno(f), &selcon);
6196 if (r < 0)
6197 log_unit_warning_errno(u, r, "Failed to read SELinux context of '%s', ignoring: %m", fragment);
6198
6199 r = free_and_strdup(&u->access_selinux_context, selcon);
6200 if (r < 0)
6201 return r;
6202 } else
6203#endif
6204 u->access_selinux_context = mfree(u->access_selinux_context);
6205
e8630e69
ZJS		 6206 u->load_state = UNIT_LOADED;
6207 u->fragment_mtime = timespec_load(&st.st_mtim);
6208
6209 /* Now, parse the file contents */
6210 r = config_parse(u->id, fragment, f,
6211 UNIT_VTABLE(u)->sections,
6212 config_item_perf_lookup, load_fragment_gperf_lookup,
7ade8982 6213 0,
4f9ff96a
LP		 6214 u,
6215 NULL);
bb28e684 6216 if (r == -ENOEXEC)
e8630e69
ZJS		 6217 log_unit_notice_errno(u, r, "Unit configuration has fatal error, unit will not be started.");
6218 if (r < 0)
6219 return r;
bb28e684 6220 }
e8630e69 6221 }
890f434c 6222
3aa57658
ZJS		 6223 /* Call merge_by_names with the name derived from the fragment path as the preferred name.
6224 *
6225 * We do the merge dance here because for some unit types, the unit might have aliases which are not
e8630e69
ZJS		 6226 * declared in the file system. In particular, this is true (and frequent) for device and swap units.
6227 */
e8630e69 6228 const char *id = u->id;
b58feca6 6229 _cleanup_free_ char *filename = NULL, *free_id = NULL;
294d81f1 6230
e8630e69 6231 if (fragment) {
b58feca6
JR		 6232 r = path_extract_filename(fragment, &filename);
6233 if (r < 0)
6234 return log_debug_errno(r, "Failed to extract filename from fragment '%s': %m", fragment);
6235 id = filename;
6236
e8630e69
ZJS		 6237 if (unit_name_is_valid(id, UNIT_NAME_TEMPLATE)) {
6238 assert(u->instance); /* If we're not trying to use a template for non-instanced unit,
6239 * this must be set. */
890f434c 6240
e8630e69
ZJS		 6241 r = unit_name_replace_instance(id, u->instance, &free_id);
6242 if (r < 0)
6243 return log_debug_errno(r, "Failed to build id (%s + %s): %m", id, u->instance);
6244 id = free_id;
abc08d4d 6245 }
071830ff
LP		 6246 }
6247
57ffa99d 6248 return merge_by_names(u, names, id);
3efd4195 6249}
e537352b
LP		 6250
6251void unit_dump_config_items(FILE *f) {
f975e971
LP		 6252 static const struct {
6253 const ConfigParserCallback callback;
6254 const char *rvalue;
6255 } table[] = {
17df7223 6256 { config_parse_warn_compat, "NOTSUPPORTED" },
f975e971
LP		 6257 { config_parse_int, "INTEGER" },
6258 { config_parse_unsigned, "UNSIGNED" },
5556b5fe 6259 { config_parse_iec_size, "SIZE" },
59f448cf 6260 { config_parse_iec_uint64, "SIZE" },
50299121 6261 { config_parse_si_uint64, "SIZE" },
f975e971
LP		 6262 { config_parse_bool, "BOOLEAN" },
6263 { config_parse_string, "STRING" },
6264 { config_parse_path, "PATH" },
6265 { config_parse_unit_path_printf, "PATH" },
8c35c10d 6266 { config_parse_colon_separated_paths, "PATH" },
f975e971
LP		 6267 { config_parse_strv, "STRING [...]" },
6268 { config_parse_exec_nice, "NICE" },
6269 { config_parse_exec_oom_score_adjust, "OOMSCOREADJUST" },
6270 { config_parse_exec_io_class, "IOCLASS" },
6271 { config_parse_exec_io_priority, "IOPRIORITY" },
6272 { config_parse_exec_cpu_sched_policy, "CPUSCHEDPOLICY" },
6273 { config_parse_exec_cpu_sched_prio, "CPUSCHEDPRIO" },
6274 { config_parse_exec_cpu_affinity, "CPUAFFINITY" },
6275 { config_parse_mode, "MODE" },
6276 { config_parse_unit_env_file, "FILE" },
52c239d7
LB		 6277 { config_parse_exec_output, "OUTPUT" },
6278 { config_parse_exec_input, "INPUT" },
ca37242e
LP		 6279 { config_parse_log_facility, "FACILITY" },
6280 { config_parse_log_level, "LEVEL" },
f975e971 6281 { config_parse_exec_secure_bits, "SECUREBITS" },
a103496c 6282 { config_parse_capability_set, "BOUNDINGSET" },
4f424df7 6283 { config_parse_rlimit, "LIMIT" },
f975e971 6284 { config_parse_unit_deps, "UNIT [...]" },
f975e971
LP		 6285 { config_parse_exec, "PATH [ARGUMENT [...]]" },
6286 { config_parse_service_type, "SERVICETYPE" },
596e4470 6287 { config_parse_service_exit_type, "SERVICEEXITTYPE" },
f975e971 6288 { config_parse_service_restart, "SERVICERESTART" },
e568fea9 6289 { config_parse_service_restart_mode, "SERVICERESTARTMODE" },
bf760801 6290 { config_parse_service_timeout_failure_mode, "TIMEOUTMODE" },
f975e971 6291 { config_parse_kill_mode, "KILLMODE" },
f757855e 6292 { config_parse_signal, "SIGNAL" },
f975e971
LP		 6293 { config_parse_socket_listen, "SOCKET [...]" },
6294 { config_parse_socket_bind, "SOCKETBIND" },
6295 { config_parse_socket_bindtodevice, "NETWORKINTERFACE" },
7f602784 6296 { config_parse_sec, "SECONDS" },
d88a251b 6297 { config_parse_nsec, "NANOSECONDS" },
94828d2d 6298 { config_parse_namespace_path_strv, "PATH [...]" },
d2d6c096 6299 { config_parse_bind_paths, "PATH[:PATH[:OPTIONS]] [...]" },
874cdcbc
LP		 6300 { config_parse_unit_requires_mounts_for,
6301 "PATH [...]" },
6302 { config_parse_exec_mount_propagation_flag,
f0a96d19 6303 "MOUNTFLAG" },
f975e971 6304 { config_parse_unit_string_printf, "STRING" },
3ecaa09b 6305 { config_parse_trigger_unit, "UNIT" },
f975e971 6306 { config_parse_timer, "TIMER" },
f975e971 6307 { config_parse_path_spec, "PATH" },
f975e971
LP		 6308 { config_parse_notify_access, "ACCESS" },
6309 { config_parse_ip_tos, "TOS" },
6310 { config_parse_unit_condition_path, "CONDITION" },
6311 { config_parse_unit_condition_string, "CONDITION" },
a016b922 6312 { config_parse_unit_slice, "SLICE" },
7f0386f6
LP		 6313 { config_parse_documentation, "URL" },
6314 { config_parse_service_timeout, "SECONDS" },
87a47f99 6315 { config_parse_emergency_action, "ACTION" },
7f0386f6
LP		 6316 { config_parse_set_status, "STATUS" },
6317 { config_parse_service_sockets, "SOCKETS" },
7f0386f6 6318 { config_parse_environ, "ENVIRON" },
349cc4a5 6319#if HAVE_SECCOMP
17df7223 6320 { config_parse_syscall_filter, "SYSCALLS" },
6a6751fe 6321 { config_parse_syscall_archs, "ARCHS" },
17df7223 6322 { config_parse_syscall_errno, "ERRNO" },
9df2cdd8 6323 { config_parse_syscall_log, "SYSCALLS" },
4298d0b5 6324 { config_parse_address_families, "FAMILIES" },
add00535 6325 { config_parse_restrict_namespaces, "NAMESPACES" },
c0467cf3 6326#endif
e59ccd03 6327 { config_parse_restrict_filesystems, "FILESYSTEMS" },
7f0386f6 6328 { config_parse_cpu_shares, "SHARES" },
984faf29 6329 { config_parse_cg_weight, "WEIGHT" },
c8340822 6330 { config_parse_cg_cpu_weight, "CPUWEIGHT" },
7f0386f6
LP		 6331 { config_parse_memory_limit, "LIMIT" },
6332 { config_parse_device_allow, "DEVICE" },
6333 { config_parse_device_policy, "POLICY" },
13c31542 6334 { config_parse_io_limit, "LIMIT" },
13c31542 6335 { config_parse_io_device_weight, "DEVICEWEIGHT" },
6ae4283c 6336 { config_parse_io_device_latency, "DEVICELATENCY" },
7f0386f6
LP		 6337 { config_parse_blockio_bandwidth, "BANDWIDTH" },
6338 { config_parse_blockio_weight, "WEIGHT" },
6339 { config_parse_blockio_device_weight, "DEVICEWEIGHT" },
6340 { config_parse_long, "LONG" },
6341 { config_parse_socket_service, "SERVICE" },
349cc4a5 6342#if HAVE_SELINUX
6a6751fe
LP		 6343 { config_parse_exec_selinux_context, "LABEL" },
6344#endif
6345 { config_parse_job_mode, "MODE" },
6346 { config_parse_job_mode_isolate, "BOOLEAN" },
4298d0b5 6347 { config_parse_personality, "PERSONALITY" },
523ea123 6348 { config_parse_log_filter_patterns, "REGEX" },
f975e971
LP		 6349 };
6350
6351 const char *prev = NULL;
f975e971
LP		 6352
6353 assert(f);
e537352b 6354
f975e971
LP		 6355 NULSTR_FOREACH(i, load_fragment_gperf_nulstr) {
6356 const char *rvalue = "OTHER", *lvalue;
313b7856 6357 const ConfigPerfItem *p;
f975e971 6358 const char *dot;
f975e971
LP		 6359
6360 assert_se(p = load_fragment_gperf_lookup(i, strlen(i)));
6361
313b7856
LP		 6362 /* Hide legacy settings */
6363 if (p->parse == config_parse_warn_compat &&
6364 p->ltype == DISABLED_LEGACY)
6365 continue;
6366
601844b7 6367 for (size_t j = 0; j < ELEMENTSOF(table); j++)
313b7856
LP		 6368 if (p->parse == table[j].callback) {
6369 rvalue = table[j].rvalue;
6370 break;
6371 }
6372
f975e971
LP		 6373 dot = strchr(i, '.');
6374 lvalue = dot ? dot + 1 : i;
f975e971 6375
601844b7
YW		 6376 if (dot) {
6377 size_t prefix_len = dot - i;
6378
641906e9 6379 if (!prev || !strneq(prev, i, prefix_len+1)) {
f975e971
LP		 6380 if (prev)
6381 fputc('\n', f);
6382
6383 fprintf(f, "[%.*s]\n", (int) prefix_len, i);
6384 }
601844b7 6385 }
f975e971 6386
f975e971
LP		 6387 fprintf(f, "%s=%s\n", lvalue, rvalue);
6388 prev = i;
6389 }
e537352b 6390}
a07a7324
FS		 6391
6392int config_parse_cpu_affinity2(
6393 const char *unit,
6394 const char *filename,
6395 unsigned line,
6396 const char *section,
6397 unsigned section_line,
6398 const char *lvalue,
6399 int ltype,
6400 const char *rvalue,
6401 void *data,
6402 void *userdata) {
6403
99534007 6404 CPUSet *affinity = ASSERT_PTR(data);
a07a7324
FS		 6405
6406 (void) parse_cpu_set_extend(rvalue, affinity, true, unit, filename, line, lvalue);
6407
6408 return 0;
6409}
6410
6411int config_parse_show_status(
6412 const char* unit,
6413 const char *filename,
6414 unsigned line,
6415 const char *section,
6416 unsigned section_line,
6417 const char *lvalue,
6418 int ltype,
6419 const char *rvalue,
6420 void *data,
6421 void *userdata) {
6422
6423 int k;
99534007 6424 ShowStatus *b = ASSERT_PTR(data);
a07a7324
FS		 6425
6426 assert(filename);
6427 assert(lvalue);
6428 assert(rvalue);
a07a7324
FS		 6429
6430 k = parse_show_status(rvalue, b);
323dda78
YW		 6431 if (k < 0)
6432 log_syntax(unit, LOG_WARNING, filename, line, k, "Failed to parse show status setting, ignoring: %s", rvalue);
a07a7324
FS		 6433
6434 return 0;
6435}
6436
6437int config_parse_output_restricted(
6438 const char* unit,
6439 const char *filename,
6440 unsigned line,
6441 const char *section,
6442 unsigned section_line,
6443 const char *lvalue,
6444 int ltype,
6445 const char *rvalue,
6446 void *data,
6447 void *userdata) {
6448
99534007 6449 ExecOutput t, *eo = ASSERT_PTR(data);
f3dc6af2 6450 bool obsolete = false;
a07a7324
FS		 6451
6452 assert(filename);
6453 assert(lvalue);
6454 assert(rvalue);
a07a7324 6455
f3dc6af2
LP		 6456 if (streq(rvalue, "syslog")) {
6457 t = EXEC_OUTPUT_JOURNAL;
6458 obsolete = true;
6459 } else if (streq(rvalue, "syslog+console")) {
6460 t = EXEC_OUTPUT_JOURNAL_AND_CONSOLE;
6461 obsolete = true;
6462 } else {
6463 t = exec_output_from_string(rvalue);
6464 if (t < 0) {
b98680b2 6465 log_syntax(unit, LOG_WARNING, filename, line, t, "Failed to parse output type, ignoring: %s", rvalue);
f3dc6af2
LP		 6466 return 0;
6467 }
a07a7324 6468
8d7dab1f
LW		 6469 if (IN_SET(t, EXEC_OUTPUT_SOCKET, EXEC_OUTPUT_NAMED_FD, EXEC_OUTPUT_FILE, EXEC_OUTPUT_FILE_APPEND, EXEC_OUTPUT_FILE_TRUNCATE)) {
6470 log_syntax(unit, LOG_WARNING, filename, line, 0, "Standard output types socket, fd:, file:, append:, truncate: are not supported as defaults, ignoring: %s", rvalue);
f3dc6af2
LP		 6471 return 0;
6472 }
a07a7324
FS		 6473 }
6474
f3dc6af2
LP		 6475 if (obsolete)
6476 log_syntax(unit, LOG_NOTICE, filename, line, 0,
6477 "Standard output type %s is obsolete, automatically updating to %s. Please update your configuration.",
6478 rvalue, exec_output_to_string(t));
6479
a07a7324
FS		 6480 *eo = t;
6481 return 0;
6482}
6483
6484int config_parse_crash_chvt(
6485 const char* unit,
6486 const char *filename,
6487 unsigned line,
6488 const char *section,
6489 unsigned section_line,
6490 const char *lvalue,
6491 int ltype,
6492 const char *rvalue,
6493 void *data,
6494 void *userdata) {
6495
6496 int r;
6497
6498 assert(filename);
6499 assert(lvalue);
6500 assert(rvalue);
6501 assert(data);
6502
6503 r = parse_crash_chvt(rvalue, data);
323dda78
YW		 6504 if (r < 0)
6505 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse CrashChangeVT= setting, ignoring: %s", rvalue);
a07a7324
FS		 6506
6507 return 0;
6508}
eb34a981
LP		 6509
6510int config_parse_swap_priority(
6511 const char *unit,
6512 const char *filename,
6513 unsigned line,
6514 const char *section,
6515 unsigned section_line,
6516 const char *lvalue,
6517 int ltype,
6518 const char *rvalue,
6519 void *data,
6520 void *userdata) {
6521
99534007 6522 Swap *s = ASSERT_PTR(userdata);
eb34a981
LP		 6523 int r, priority;
6524
eb34a981
LP		 6525 assert(filename);
6526 assert(lvalue);
6527 assert(rvalue);
6528 assert(data);
6529
6530 if (isempty(rvalue)) {
6531 s->parameters_fragment.priority = -1;
6532 s->parameters_fragment.priority_set = false;
6533 return 0;
6534 }
6535
6536 r = safe_atoi(rvalue, &priority);
6537 if (r < 0) {
323dda78 6538 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid swap priority '%s', ignoring.", rvalue);
eb34a981
LP		 6539 return 0;
6540 }
6541
6542 if (priority < -1) {
323dda78 6543 log_syntax(unit, LOG_WARNING, filename, line, 0, "Sorry, swap priorities smaller than -1 may only be assigned by the kernel itself, ignoring: %s", rvalue);
eb34a981
LP		 6544 return 0;
6545 }
6546
6547 if (priority > 32767) {
323dda78 6548 log_syntax(unit, LOG_WARNING, filename, line, 0, "Swap priority out of range, ignoring: %s", rvalue);
eb34a981
LP		 6549 return 0;
6550 }
6551
6552 s->parameters_fragment.priority = priority;
6553 s->parameters_fragment.priority_set = true;
6554 return 0;
6555}
8a85c5b6
FB		 6556
6557int config_parse_watchdog_sec(
6558 const char *unit,
6559 const char *filename,
6560 unsigned line,
6561 const char *section,
6562 unsigned section_line,
6563 const char *lvalue,
6564 int ltype,
6565 const char *rvalue,
6566 void *data,
6567 void *userdata) {
6568
c91c95e6
LP		 6569 usec_t *usec = data;
6570
8a85c5b6
FB		 6571 assert(filename);
6572 assert(lvalue);
6573 assert(rvalue);
6574
6575 /* This is called for {Runtime,Reboot,KExec}WatchdogSec= where "default" maps to
6576 * USEC_INFINITY internally. */
6577
c91c95e6 6578 if (streq(rvalue, "default"))
8a85c5b6 6579 *usec = USEC_INFINITY;
c91c95e6
LP		 6580 else if (streq(rvalue, "off"))
6581 *usec = 0;
6582 else
6583 return config_parse_sec(unit, filename, line, section, section_line, lvalue, ltype, rvalue, data, userdata);
8a85c5b6 6584
c91c95e6 6585 return 0;
8a85c5b6 6586}
51462135
DDM		 6587
6588int config_parse_tty_size(
6589 const char *unit,
6590 const char *filename,
6591 unsigned line,
6592 const char *section,
6593 unsigned section_line,
6594 const char *lvalue,
6595 int ltype,
6596 const char *rvalue,
6597 void *data,
6598 void *userdata) {
6599
6600 unsigned *sz = data;
6601
6602 assert(filename);
6603 assert(lvalue);
6604 assert(rvalue);
6605
6606 if (isempty(rvalue)) {
6607 *sz = UINT_MAX;
6608 return 0;
6609 }
6610
6611 return config_parse_unsigned(unit, filename, line, section, section_line, lvalue, ltype, rvalue, data, userdata);
6612}
523ea123
QD		 6613
6614int config_parse_log_filter_patterns(
6615 const char *unit,
6616 const char *filename,
6617 unsigned line,
6618 const char *section,
6619 unsigned section_line,
6620 const char *lvalue,
6621 int ltype,
6622 const char *rvalue,
6623 void *data,
6624 void *userdata) {
6625
6626 ExecContext *c = ASSERT_PTR(data);
523ea123
QD		 6627 const char *pattern = ASSERT_PTR(rvalue);
6628 bool is_allowlist = true;
6629 int r;
6630
6631 assert(filename);
6632 assert(lvalue);
6633
6634 if (isempty(pattern)) {
6635 /* Empty assignment resets the lists. */
1a572fd0
DT		 6636 c->log_filter_allowed_patterns = set_free_free(c->log_filter_allowed_patterns);
6637 c->log_filter_denied_patterns = set_free_free(c->log_filter_denied_patterns);
523ea123
QD		 6638 return 0;
6639 }
6640
6641 if (pattern[0] == '~') {
6642 is_allowlist = false;
6643 pattern++;
6644 if (isempty(pattern))
6645 /* LogFilterPatterns=~ is not considered a valid pattern. */
6646 return log_syntax(unit, LOG_WARNING, filename, line, 0,
6647 "Regex pattern invalid, ignoring: %s=%s", lvalue, rvalue);
6648 }
6649
48d85160 6650 if (pattern_compile_and_log(pattern, 0, NULL) < 0)
523ea123
QD		 6651 return 0;
6652
6653 r = set_put_strdup(is_allowlist ? &c->log_filter_allowed_patterns : &c->log_filter_denied_patterns,
6654 pattern);
6655 if (r < 0) {
6656 log_syntax(unit, LOG_WARNING, filename, line, r,
6657 "Failed to store log filtering pattern, ignoring: %s=%s", lvalue, rvalue);
6658 return 0;
6659 }
6660
6661 return 0;
6662}
cd48e23f
RP		 6663
6664int config_parse_open_file(
6665 const char *unit,
6666 const char *filename,
6667 unsigned line,
6668 const char *section,
6669 unsigned section_line,
6670 const char *lvalue,
6671 int ltype,
6672 const char *rvalue,
6673 void *data,
6674 void *userdata) {
6675
6676 _cleanup_(open_file_freep) OpenFile *of = NULL;
6677 OpenFile **head = ASSERT_PTR(data);
6678 int r;
6679
6680 assert(filename);
6681 assert(lvalue);
6682 assert(rvalue);
6683
6684 if (isempty(rvalue)) {
6685 open_file_free_many(head);
6686 return 0;
6687 }
6688
6689 r = open_file_parse(rvalue, &of);
6690 if (r < 0) {
6691 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse OpenFile= setting, ignoring: %s", rvalue);
6692 return 0;
6693 }
6694
6695 LIST_APPEND(open_files, *head, TAKE_PTR(of));
6696
6697 return 0;
6698}
Unnamed repository; edit this file 'description' to name the repository.