]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/main.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #18593 from keszybz/fuzz-more-systemctl-paths
[thirdparty/systemd.git] / src / core / main.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
a7334b09 2
60918275 3#include <errno.h>
3dfc9763 4#include <fcntl.h>
f170852a 5#include <getopt.h>
664f88a7 6#include <sys/mount.h>
3dfc9763 7#include <sys/prctl.h>
b9e74c39 8#include <sys/reboot.h>
3dfc9763 9#include <unistd.h>
349cc4a5 10#if HAVE_SECCOMP
b64a3d86
LP		 11#include <seccomp.h>
12#endif
349cc4a5 13#if HAVE_VALGRIND_VALGRIND_H
3dfc9763
LP		 14#include <valgrind/valgrind.h>
15#endif
54b434b1 16
718db961 17#include "sd-bus.h"
cf0fbc49 18#include "sd-daemon.h"
b2e7486c 19#include "sd-messages.h"
3dfc9763 20
b5efdb8a 21#include "alloc-util.h"
2ffadd3c 22#include "apparmor-setup.h"
d9d93745 23#include "architecture.h"
3dfc9763
LP		 24#include "build.h"
25#include "bus-error.h"
26#include "bus-util.h"
430f0182 27#include "capability-util.h"
a88c5b8a 28#include "cgroup-util.h"
24efb112 29#include "clock-util.h"
3dfc9763 30#include "conf-parser.h"
618234a5 31#include "cpu-set-util.h"
3dfc9763 32#include "dbus-manager.h"
c18ecf03 33#include "dbus.h"
3dfc9763 34#include "def.h"
32429805 35#include "dev-setup.h"
c18ecf03 36#include "efi-random.h"
209b2592 37#include "efivars.h"
eee8b7ab 38#include "emergency-action.h"
3dfc9763 39#include "env-util.h"
57b7a260 40#include "exit-status.h"
3ffd4af2 41#include "fd-util.h"
3dfc9763 42#include "fdset.h"
718db961 43#include "fileio.h"
f97b34a6 44#include "format-util.h"
f4f15635 45#include "fs-util.h"
d247f232 46#include "hexdecoct.h"
3dfc9763
LP		 47#include "hostname-setup.h"
48#include "ima-setup.h"
49#include "killall.h"
50#include "kmod-setup.h"
eefc66aa 51#include "limits-util.h"
d7b8eec7 52#include "load-fragment.h"
3dfc9763 53#include "log.h"
b6e66135 54#include "loopback-setup.h"
b6e66135 55#include "machine-id-setup.h"
3dfc9763 56#include "manager.h"
32429805 57#include "mkdir.h"
3dfc9763 58#include "mount-setup.h"
d58ad743 59#include "os-util.h"
3dfc9763 60#include "pager.h"
614b022c 61#include "parse-argument.h"
6bedfcbb 62#include "parse-util.h"
7d5ceb64 63#include "path-util.h"
294bf0c3 64#include "pretty-print.h"
4e731273 65#include "proc-cmdline.h"
3dfc9763 66#include "process-util.h"
d247f232 67#include "random-util.h"
8869a0b4 68#include "raw-clone.h"
78f22b97 69#include "rlimit-util.h"
349cc4a5 70#if HAVE_SECCOMP
83f12b27
FS		 71#include "seccomp-util.h"
72#endif
b6e66135 73#include "selinux-setup.h"
3dfc9763
LP		 74#include "selinux-util.h"
75#include "signal-util.h"
ffbd2c4d 76#include "smack-setup.h"
3dfc9763 77#include "special.h"
8fcde012 78#include "stat-util.h"
15a5e950 79#include "stdio-util.h"
3dfc9763
LP		 80#include "strv.h"
81#include "switch-root.h"
a8b627aa 82#include "sysctl-util.h"
3dfc9763 83#include "terminal-util.h"
8612da97 84#include "umask-util.h"
b1d4f8e1 85#include "user-util.h"
9ce17593 86#include "util.h"
3dfc9763
LP		 87#include "virt.h"
88#include "watchdog.h"
b6e66135 89
7e11a95e
EV		 90#if HAS_FEATURE_ADDRESS_SANITIZER
91#include <sanitizer/lsan_interface.h>
92#endif
93
3a0f06c4
ZJS		 94#define DEFAULT_TASKS_MAX ((TasksMax) { 15U, 100U }) /* 15% */
95
f170852a
LP		 96static enum {
97 ACTION_RUN,
e965d56d 98 ACTION_HELP,
9ba0bc4e 99 ACTION_VERSION,
e537352b 100 ACTION_TEST,
bbc1acab
YW		 101 ACTION_DUMP_CONFIGURATION_ITEMS,
102 ACTION_DUMP_BUS_PROPERTIES,
5c08257b 103 ACTION_BUS_INTROSPECT,
fa0f4d8a 104} arg_action = ACTION_RUN;
fb39af4c 105
5c08257b
ZJS		 106static const char *arg_bus_introspect = NULL;
107
45250e66
LP		 108/* Those variables are initialized to 0 automatically, so we avoid uninitialized memory access. Real
109 * defaults are assigned in reset_arguments() below. */
fb39af4c
ZJS		 110static char *arg_default_unit;
111static bool arg_system;
112static bool arg_dump_core;
113static int arg_crash_chvt;
114static bool arg_crash_shell;
115static bool arg_crash_reboot;
116static char *arg_confirm_spawn;
117static ShowStatus arg_show_status;
36cf4507 118static StatusUnitFormat arg_status_unit_format;
fb39af4c
ZJS		 119static bool arg_switched_root;
120static PagerFlags arg_pager_flags;
121static bool arg_service_watchdogs;
122static ExecOutput arg_default_std_output;
123static ExecOutput arg_default_std_error;
124static usec_t arg_default_restart_usec;
125static usec_t arg_default_timeout_start_usec;
126static usec_t arg_default_timeout_stop_usec;
127static usec_t arg_default_timeout_abort_usec;
128static bool arg_default_timeout_abort_set;
129static usec_t arg_default_start_limit_interval;
130static unsigned arg_default_start_limit_burst;
131static usec_t arg_runtime_watchdog;
65224c1d 132static usec_t arg_reboot_watchdog;
acafd7d8 133static usec_t arg_kexec_watchdog;
fb39af4c
ZJS		 134static char *arg_early_core_pattern;
135static char *arg_watchdog_device;
136static char **arg_default_environment;
137static struct rlimit *arg_default_rlimit[_RLIMIT_MAX];
138static uint64_t arg_capability_bounding_set;
139static bool arg_no_new_privs;
140static nsec_t arg_timer_slack_nsec;
141static usec_t arg_default_timer_accuracy_usec;
142static Set* arg_syscall_archs;
143static FILE* arg_serialization;
144static int arg_default_cpu_accounting;
145static bool arg_default_io_accounting;
146static bool arg_default_ip_accounting;
147static bool arg_default_blockio_accounting;
148static bool arg_default_memory_accounting;
149static bool arg_default_tasks_accounting;
3a0f06c4 150static TasksMax arg_default_tasks_max;
fb39af4c
ZJS		 151static sd_id128_t arg_machine_id;
152static EmergencyAction arg_cad_burst_action;
153static OOMPolicy arg_default_oom_policy;
154static CPUSet arg_cpu_affinity;
b070c7c0 155static NUMAPolicy arg_numa_policy;
3753325b 156static usec_t arg_clock_usec;
d247f232
LP		 157static void *arg_random_seed;
158static size_t arg_random_seed_size;
61fbbac1 159
0e06a031
LP		 160/* A copy of the original environment block */
161static char **saved_env = NULL;
162
a9fd4cd1
FB		 163static int parse_configuration(const struct rlimit *saved_rlimit_nofile,
164 const struct rlimit *saved_rlimit_memlock);
4fc935ca 165
bb259772
LP		 166_noreturn_ static void freeze_or_exit_or_reboot(void) {
167
c3b6a348
LP		 168 /* If we are running in a container, let's prefer exiting, after all we can propagate an exit code to
169 * the container manager, and thus inform it that something went wrong. */
bb259772
LP		 170 if (detect_container() > 0) {
171 log_emergency("Exiting PID 1...");
c3b6a348 172 _exit(EXIT_EXCEPTION);
bb259772 173 }
b9e74c39
LP		 174
175 if (arg_crash_reboot) {
176 log_notice("Rebooting in 10s...");
177 (void) sleep(10);
178
179 log_notice("Rebooting now...");
180 (void) reboot(RB_AUTOBOOT);
181 log_emergency_errno(errno, "Failed to reboot: %m");
182 }
183
184 log_emergency("Freezing execution.");
185 freeze();
186}
187
848e863a 188_noreturn_ static void crash(int sig) {
7d06dad9
MS		 189 struct sigaction sa;
190 pid_t pid;
97c4f35c 191
df0ff127 192 if (getpid_cached() != 1)
abb26902 193 /* Pass this on immediately, if this is not PID 1 */
92ca4cac 194 (void) raise(sig);
abb26902 195 else if (!arg_dump_core)
4104970e 196 log_emergency("Caught <%s>, not dumping core.", signal_to_string(sig));
97c4f35c 197 else {
7d06dad9 198 sa = (struct sigaction) {
189d5bac 199 .sa_handler = nop_signal_handler,
b92bea5d
ZJS		 200 .sa_flags = SA_NOCLDSTOP|SA_RESTART,
201 };
97c4f35c 202
6f5e3f35 203 /* We want to wait for the core process, hence let's enable SIGCHLD */
92ca4cac 204 (void) sigaction(SIGCHLD, &sa, NULL);
6f5e3f35 205
8869a0b4 206 pid = raw_clone(SIGCHLD);
e62d8c39 207 if (pid < 0)
56f64d95 208 log_emergency_errno(errno, "Caught <%s>, cannot fork for core dump: %m", signal_to_string(sig));
97c4f35c 209 else if (pid == 0) {
97c4f35c 210 /* Enable default signal handler for core dump */
15a90032 211
92ca4cac
LP		 212 sa = (struct sigaction) {
213 .sa_handler = SIG_DFL,
214 };
215 (void) sigaction(sig, &sa, NULL);
97c4f35c 216
15a90032
LP		 217 /* Don't limit the coredump size */
218 (void) setrlimit(RLIMIT_CORE, &RLIMIT_MAKE_CONST(RLIM_INFINITY));
97c4f35c
LP		 219
220 /* Just to be sure... */
e62d9b81 221 (void) chdir("/");
97c4f35c
LP		 222
223 /* Raise the signal again */
ee05e779 224 pid = raw_getpid();
92ca4cac 225 (void) kill(pid, sig); /* raise() would kill the parent */
97c4f35c
LP		 226
227 assert_not_reached("We shouldn't be here...");
bb85a582 228 _exit(EXIT_EXCEPTION);
4fc935ca 229 } else {
8e12a6ae
LP		 230 siginfo_t status;
231 int r;
4fc935ca
LP		 232
233 /* Order things nicely. */
e62d8c39
ZJS		 234 r = wait_for_terminate(pid, &status);
235 if (r < 0)
da927ba9 236 log_emergency_errno(r, "Caught <%s>, waitpid() failed: %m", signal_to_string(sig));
e1714f02
ZJS		 237 else if (status.si_code != CLD_DUMPED) {
238 const char *s = status.si_code == CLD_EXITED
e04ed6db 239 ? exit_status_to_string(status.si_status, EXIT_STATUS_LIBC)
e1714f02
ZJS		 240 : signal_to_string(status.si_status);
241
ee05e779
ZJS		 242 log_emergency("Caught <%s>, core dump failed (child "PID_FMT", code=%s, status=%i/%s).",
243 signal_to_string(sig),
e1714f02
ZJS		 244 pid,
245 sigchld_code_to_string(status.si_code),
246 status.si_status, strna(s));
247 } else
248 log_emergency("Caught <%s>, dumped core as pid "PID_FMT".",
249 signal_to_string(sig), pid);
97c4f35c
LP		 250 }
251 }
252
b9e74c39 253 if (arg_crash_chvt >= 0)
92ca4cac 254 (void) chvt(arg_crash_chvt);
601f6a1e 255
7d06dad9
MS		 256 sa = (struct sigaction) {
257 .sa_handler = SIG_IGN,
258 .sa_flags = SA_NOCLDSTOP|SA_NOCLDWAIT|SA_RESTART,
259 };
260
261 /* Let the kernel reap children for us */
262 (void) sigaction(SIGCHLD, &sa, NULL);
8c43883a 263
7d06dad9 264 if (arg_crash_shell) {
b9e74c39 265 log_notice("Executing crash shell in 10s...");
92ca4cac 266 (void) sleep(10);
4fc935ca 267
8869a0b4 268 pid = raw_clone(SIGCHLD);
cd3bd60a 269 if (pid < 0)
56f64d95 270 log_emergency_errno(errno, "Failed to fork off crash shell: %m");
6f5e3f35 271 else if (pid == 0) {
b9e74c39 272 (void) setsid();
92ca4cac 273 (void) make_console_stdio();
595225af 274 (void) rlimit_nofile_safe();
92ca4cac 275 (void) execle("/bin/sh", "/bin/sh", NULL, environ);
6f5e3f35 276
ee05e779 277 log_emergency_errno(errno, "execle() failed: %m");
bb85a582 278 _exit(EXIT_EXCEPTION);
b9e74c39
LP		 279 } else {
280 log_info("Spawned crash shell as PID "PID_FMT".", pid);
4cf0b03b 281 (void) wait_for_terminate(pid, NULL);
b9e74c39 282 }
4fc935ca
LP		 283 }
284
bb259772 285 freeze_or_exit_or_reboot();
97c4f35c
LP		 286}
287
288static void install_crash_handler(void) {
297d563d 289 static const struct sigaction sa = {
b92bea5d 290 .sa_handler = crash,
297d563d 291 .sa_flags = SA_NODEFER, /* So that we can raise the signal again from the signal handler */
b92bea5d 292 };
297d563d 293 int r;
97c4f35c 294
297d563d
LP		 295 /* We ignore the return value here, since, we don't mind if we
296 * cannot set up a crash handler */
297 r = sigaction_many(&sa, SIGNALS_CRASH_HANDLER, -1);
298 if (r < 0)
299 log_debug_errno(r, "I had trouble setting up the crash handler, ignoring: %m");
97c4f35c 300}
f170852a 301
56d96fc0
LP		 302static int console_setup(void) {
303 _cleanup_close_ int tty_fd = -1;
304 int r;
80876c20 305
512947d4 306 tty_fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
23bbb0de
MS		 307 if (tty_fd < 0)
308 return log_error_errno(tty_fd, "Failed to open /dev/console: %m");
80876c20 309
56d96fc0
LP		 310 /* We don't want to force text mode. plymouth may be showing
311 * pictures already from initrd. */
512947d4 312 r = reset_terminal_fd(tty_fd, false);
23bbb0de
MS		 313 if (r < 0)
314 return log_error_errno(r, "Failed to reset /dev/console: %m");
843d2643 315
56d96fc0 316 return 0;
80876c20
LP		 317}
318
ee48dbd5 319static int set_machine_id(const char *m) {
e042eab7 320 sd_id128_t t;
8b26cdbd 321 assert(m);
ee48dbd5 322
e042eab7 323 if (sd_id128_from_string(m, &t) < 0)
ee48dbd5
NC		 324 return -EINVAL;
325
e042eab7 326 if (sd_id128_is_null(t))
ee48dbd5
NC		 327 return -EINVAL;
328
e042eab7 329 arg_machine_id = t;
ee48dbd5
NC		 330 return 0;
331}
332
96287a49 333static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
059cb385 334 int r;
f170852a 335
059cb385 336 assert(key);
5192bd19 337
1d84ad94 338 if (STR_IN_SET(key, "systemd.unit", "rd.systemd.unit")) {
bf4df7c3 339
1d84ad94
LP		 340 if (proc_cmdline_value_missing(key, value))
341 return 0;
bf4df7c3 342
1d84ad94
LP		 343 if (!unit_name_is_valid(value, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE))
344 log_warning("Unit name specified on %s= is not valid, ignoring: %s", key, value);
cd57038a
ZJS		 345 else if (in_initrd() == !!startswith(key, "rd."))
346 return free_and_strdup_warn(&arg_default_unit, value);
f170852a 347
1d84ad94 348 } else if (proc_cmdline_key_streq(key, "systemd.dump_core")) {
4fc935ca 349
1d84ad94 350 r = value ? parse_boolean(value) : true;
fb472900 351 if (r < 0)
5e1ee764 352 log_warning_errno(r, "Failed to parse dump core switch %s, ignoring: %m", value);
4fc935ca 353 else
fa0f4d8a 354 arg_dump_core = r;
4fc935ca 355
c6885f5f
FB		 356 } else if (proc_cmdline_key_streq(key, "systemd.early_core_pattern")) {
357
358 if (proc_cmdline_value_missing(key, value))
359 return 0;
360
361 if (path_is_absolute(value))
614b022c 362 (void) parse_path_argument(value, false, &arg_early_core_pattern);
c6885f5f
FB		 363 else
364 log_warning("Specified core pattern '%s' is not an absolute path, ignoring.", value);
365
1d84ad94 366 } else if (proc_cmdline_key_streq(key, "systemd.crash_chvt")) {
b9e74c39 367
1d84ad94
LP		 368 if (!value)
369 arg_crash_chvt = 0; /* turn on */
5e1ee764 370 else {
a07a7324 371 r = parse_crash_chvt(value, &arg_crash_chvt);
5e1ee764
YW		 372 if (r < 0)
373 log_warning_errno(r, "Failed to parse crash chvt switch %s, ignoring: %m", value);
374 }
b9e74c39 375
1d84ad94 376 } else if (proc_cmdline_key_streq(key, "systemd.crash_shell")) {
4fc935ca 377
1d84ad94 378 r = value ? parse_boolean(value) : true;
fb472900 379 if (r < 0)
5e1ee764 380 log_warning_errno(r, "Failed to parse crash shell switch %s, ignoring: %m", value);
4fc935ca 381 else
fa0f4d8a 382 arg_crash_shell = r;
5e7ee61c 383
1d84ad94 384 } else if (proc_cmdline_key_streq(key, "systemd.crash_reboot")) {
5e7ee61c 385
1d84ad94 386 r = value ? parse_boolean(value) : true;
b9e74c39 387 if (r < 0)
5e1ee764 388 log_warning_errno(r, "Failed to parse crash reboot switch %s, ignoring: %m", value);
5e7ee61c 389 else
b9e74c39 390 arg_crash_reboot = r;
5e7ee61c 391
1d84ad94
LP		 392 } else if (proc_cmdline_key_streq(key, "systemd.confirm_spawn")) {
393 char *s;
7d5ceb64 394
1d84ad94 395 r = parse_confirm_spawn(value, &s);
059cb385 396 if (r < 0)
5e1ee764
YW		 397 log_warning_errno(r, "Failed to parse confirm_spawn switch %s, ignoring: %m", value);
398 else
399 free_and_replace(arg_confirm_spawn, s);
601f6a1e 400
2a12e32e
JK		 401 } else if (proc_cmdline_key_streq(key, "systemd.service_watchdogs")) {
402
403 r = value ? parse_boolean(value) : true;
404 if (r < 0)
5e1ee764 405 log_warning_errno(r, "Failed to parse service watchdog switch %s, ignoring: %m", value);
2a12e32e
JK		 406 else
407 arg_service_watchdogs = r;
408
1d84ad94 409 } else if (proc_cmdline_key_streq(key, "systemd.show_status")) {
9e58ff9c 410
1d84ad94
LP		 411 if (value) {
412 r = parse_show_status(value, &arg_show_status);
413 if (r < 0)
5e1ee764 414 log_warning_errno(r, "Failed to parse show status switch %s, ignoring: %m", value);
1d84ad94
LP		 415 } else
416 arg_show_status = SHOW_STATUS_YES;
059cb385 417
36cf4507
ZJS		 418 } else if (proc_cmdline_key_streq(key, "systemd.status_unit_format")) {
419
420 if (proc_cmdline_value_missing(key, value))
421 return 0;
422
423 r = status_unit_format_from_string(value);
424 if (r < 0)
425 log_warning_errno(r, "Failed to parse %s=%s, ignoring: %m", key, value);
426 else
427 arg_status_unit_format = r;
428
1d84ad94
LP		 429 } else if (proc_cmdline_key_streq(key, "systemd.default_standard_output")) {
430
431 if (proc_cmdline_value_missing(key, value))
432 return 0;
0a494f1f 433
059cb385 434 r = exec_output_from_string(value);
fb472900 435 if (r < 0)
5e1ee764 436 log_warning_errno(r, "Failed to parse default standard output switch %s, ignoring: %m", value);
0a494f1f
LP		 437 else
438 arg_default_std_output = r;
0a494f1f 439
1d84ad94
LP		 440 } else if (proc_cmdline_key_streq(key, "systemd.default_standard_error")) {
441
442 if (proc_cmdline_value_missing(key, value))
443 return 0;
059cb385
LP		 444
445 r = exec_output_from_string(value);
fb472900 446 if (r < 0)
5e1ee764 447 log_warning_errno(r, "Failed to parse default standard error switch %s, ignoring: %m", value);
0a494f1f
LP		 448 else
449 arg_default_std_error = r;
9e7c5357 450
1d84ad94
LP		 451 } else if (streq(key, "systemd.setenv")) {
452
453 if (proc_cmdline_value_missing(key, value))
454 return 0;
059cb385
LP		 455
456 if (env_assignment_is_valid(value)) {
e21fea24
KS		 457 char **env;
458
059cb385 459 env = strv_env_set(arg_default_environment, value);
1d84ad94
LP		 460 if (!env)
461 return log_oom();
462
463 arg_default_environment = env;
e21fea24 464 } else
059cb385 465 log_warning("Environment variable name '%s' is not valid. Ignoring.", value);
9e58ff9c 466
1d84ad94
LP		 467 } else if (proc_cmdline_key_streq(key, "systemd.machine_id")) {
468
469 if (proc_cmdline_value_missing(key, value))
470 return 0;
471
472 r = set_machine_id(value);
473 if (r < 0)
5e1ee764 474 log_warning_errno(r, "MachineID '%s' is not valid, ignoring: %m", value);
ee48dbd5 475
1d84ad94
LP		 476 } else if (proc_cmdline_key_streq(key, "systemd.default_timeout_start_sec")) {
477
478 if (proc_cmdline_value_missing(key, value))
479 return 0;
480
481 r = parse_sec(value, &arg_default_timeout_start_usec);
482 if (r < 0)
5e1ee764 483 log_warning_errno(r, "Failed to parse default start timeout '%s', ignoring: %m", value);
1d84ad94
LP		 484
485 if (arg_default_timeout_start_usec <= 0)
486 arg_default_timeout_start_usec = USEC_INFINITY;
ee48dbd5 487
68d58f38
LP		 488 } else if (proc_cmdline_key_streq(key, "systemd.cpu_affinity")) {
489
490 if (proc_cmdline_value_missing(key, value))
491 return 0;
492
493 r = parse_cpu_set(value, &arg_cpu_affinity);
494 if (r < 0)
162392b7 495 log_warning_errno(r, "Failed to parse CPU affinity mask '%s', ignoring: %m", value);
68d58f38 496
8a2c1fbf
EJ		 497 } else if (proc_cmdline_key_streq(key, "systemd.watchdog_device")) {
498
499 if (proc_cmdline_value_missing(key, value))
500 return 0;
501
614b022c 502 (void) parse_path_argument(value, false, &arg_watchdog_device);
8a2c1fbf 503
3753325b
LP		 504 } else if (proc_cmdline_key_streq(key, "systemd.clock_usec")) {
505
506 if (proc_cmdline_value_missing(key, value))
507 return 0;
508
509 r = safe_atou64(value, &arg_clock_usec);
510 if (r < 0)
511 log_warning_errno(r, "Failed to parse systemd.clock_usec= argument, ignoring: %s", value);
512
d247f232
LP		 513 } else if (proc_cmdline_key_streq(key, "systemd.random_seed")) {
514 void *p;
515 size_t sz;
516
517 if (proc_cmdline_value_missing(key, value))
518 return 0;
519
520 r = unbase64mem(value, (size_t) -1, &p, &sz);
521 if (r < 0)
522 log_warning_errno(r, "Failed to parse systemd.random_seed= argument, ignoring: %s", value);
523
524 free(arg_random_seed);
525 arg_random_seed = sz > 0 ? p : mfree(p);
526 arg_random_seed_size = sz;
527
059cb385 528 } else if (streq(key, "quiet") && !value) {
d7b15e0a 529
7a293242 530 if (arg_show_status == _SHOW_STATUS_INVALID)
0d066dd1 531 arg_show_status = SHOW_STATUS_ERROR;
059cb385
LP		 532
533 } else if (streq(key, "debug") && !value) {
d7b15e0a 534
1de1c9c3
LP		 535 /* Note that log_parse_environment() handles 'debug'
536 * too, and sets the log level to LOG_DEBUG. */
d7b15e0a 537
75f86906 538 if (detect_container() > 0)
b2103dcc 539 log_set_target(LOG_TARGET_CONSOLE);
059cb385 540
dcd61450 541 } else if (!value) {
e2c9a131 542 const char *target;
f170852a 543
ceae6295 544 /* Compatible with SysV, but supported independently even if SysV compatibility is disabled. */
e2c9a131
EV		 545 target = runlevel_to_target(key);
546 if (target)
cd57038a 547 return free_and_strdup_warn(&arg_default_unit, target);
f170852a
LP		 548 }
549
550 return 0;
551}
552
e8e581bf
ZJS		 553#define DEFINE_SETTER(name, func, descr) \
554 static int name(const char *unit, \
555 const char *filename, \
556 unsigned line, \
557 const char *section, \
71a61510 558 unsigned section_line, \
e8e581bf
ZJS		 559 const char *lvalue, \
560 int ltype, \
561 const char *rvalue, \
562 void *data, \
563 void *userdata) { \
564 \
565 int r; \
566 \
567 assert(filename); \
568 assert(lvalue); \
569 assert(rvalue); \
570 \
571 r = func(rvalue); \
572 if (r < 0) \
d1cefe0a
LP		 573 log_syntax(unit, LOG_ERR, filename, line, r, \
574 "Invalid " descr "'%s': %m", \
575 rvalue); \
e8e581bf
ZJS		 576 \
577 return 0; \
578 }
487393e9 579
a6ecbf83
FB		 580DEFINE_SETTER(config_parse_level2, log_set_max_level_from_string, "log level");
581DEFINE_SETTER(config_parse_target, log_set_target_from_string, "target");
c5673ed0 582DEFINE_SETTER(config_parse_color, log_show_color_from_string, "color");
a6ecbf83 583DEFINE_SETTER(config_parse_location, log_show_location_from_string, "location");
c5673ed0 584DEFINE_SETTER(config_parse_time, log_show_time_from_string, "time");
487393e9 585
a61d6874
ZJS		 586static int config_parse_default_timeout_abort(
587 const char *unit,
588 const char *filename,
589 unsigned line,
590 const char *section,
591 unsigned section_line,
592 const char *lvalue,
593 int ltype,
594 const char *rvalue,
595 void *data,
596 void *userdata) {
597 int r;
598
599 r = config_parse_timeout_abort(unit, filename, line, section, section_line, lvalue, ltype, rvalue,
600 &arg_default_timeout_abort_usec, userdata);
601 if (r >= 0)
602 arg_default_timeout_abort_set = r;
603 return 0;
604}
487393e9 605
a61d6874 606static int parse_config_file(void) {
f975e971 607 const ConfigTableItem items[] = {
a61d6874
ZJS		 608 { "Manager", "LogLevel", config_parse_level2, 0, NULL },
609 { "Manager", "LogTarget", config_parse_target, 0, NULL },
610 { "Manager", "LogColor", config_parse_color, 0, NULL },
611 { "Manager", "LogLocation", config_parse_location, 0, NULL },
c5673ed0 612 { "Manager", "LogTime", config_parse_time, 0, NULL },
a61d6874
ZJS		 613 { "Manager", "DumpCore", config_parse_bool, 0, &arg_dump_core },
614 { "Manager", "CrashChVT", /* legacy */ config_parse_crash_chvt, 0, &arg_crash_chvt },
615 { "Manager", "CrashChangeVT", config_parse_crash_chvt, 0, &arg_crash_chvt },
616 { "Manager", "CrashShell", config_parse_bool, 0, &arg_crash_shell },
617 { "Manager", "CrashReboot", config_parse_bool, 0, &arg_crash_reboot },
618 { "Manager", "ShowStatus", config_parse_show_status, 0, &arg_show_status },
619 { "Manager", "StatusUnitFormat", config_parse_status_unit_format, 0, &arg_status_unit_format },
620 { "Manager", "CPUAffinity", config_parse_cpu_affinity2, 0, &arg_cpu_affinity },
621 { "Manager", "NUMAPolicy", config_parse_numa_policy, 0, &arg_numa_policy.type },
622 { "Manager", "NUMAMask", config_parse_numa_mask, 0, &arg_numa_policy },
623 { "Manager", "JoinControllers", config_parse_warn_compat, DISABLED_CONFIGURATION, NULL },
624 { "Manager", "RuntimeWatchdogSec", config_parse_sec, 0, &arg_runtime_watchdog },
625 { "Manager", "RebootWatchdogSec", config_parse_sec, 0, &arg_reboot_watchdog },
626 { "Manager", "ShutdownWatchdogSec", config_parse_sec, 0, &arg_reboot_watchdog }, /* obsolete alias */
627 { "Manager", "KExecWatchdogSec", config_parse_sec, 0, &arg_kexec_watchdog },
628 { "Manager", "WatchdogDevice", config_parse_path, 0, &arg_watchdog_device },
629 { "Manager", "CapabilityBoundingSet", config_parse_capability_set, 0, &arg_capability_bounding_set },
630 { "Manager", "NoNewPrivileges", config_parse_bool, 0, &arg_no_new_privs },
349cc4a5 631#if HAVE_SECCOMP
a61d6874 632 { "Manager", "SystemCallArchitectures", config_parse_syscall_archs, 0, &arg_syscall_archs },
89fffa27 633#endif
a61d6874
ZJS		 634 { "Manager", "TimerSlackNSec", config_parse_nsec, 0, &arg_timer_slack_nsec },
635 { "Manager", "DefaultTimerAccuracySec", config_parse_sec, 0, &arg_default_timer_accuracy_usec },
636 { "Manager", "DefaultStandardOutput", config_parse_output_restricted, 0, &arg_default_std_output },
637 { "Manager", "DefaultStandardError", config_parse_output_restricted, 0, &arg_default_std_error },
638 { "Manager", "DefaultTimeoutStartSec", config_parse_sec, 0, &arg_default_timeout_start_usec },
639 { "Manager", "DefaultTimeoutStopSec", config_parse_sec, 0, &arg_default_timeout_stop_usec },
640 { "Manager", "DefaultTimeoutAbortSec", config_parse_default_timeout_abort, 0, NULL },
641 { "Manager", "DefaultRestartSec", config_parse_sec, 0, &arg_default_restart_usec },
642 { "Manager", "DefaultStartLimitInterval", config_parse_sec, 0, &arg_default_start_limit_interval }, /* obsolete alias */
643 { "Manager", "DefaultStartLimitIntervalSec", config_parse_sec, 0, &arg_default_start_limit_interval },
644 { "Manager", "DefaultStartLimitBurst", config_parse_unsigned, 0, &arg_default_start_limit_burst },
645 { "Manager", "DefaultEnvironment", config_parse_environ, 0, &arg_default_environment },
646 { "Manager", "DefaultLimitCPU", config_parse_rlimit, RLIMIT_CPU, arg_default_rlimit },
647 { "Manager", "DefaultLimitFSIZE", config_parse_rlimit, RLIMIT_FSIZE, arg_default_rlimit },
648 { "Manager", "DefaultLimitDATA", config_parse_rlimit, RLIMIT_DATA, arg_default_rlimit },
649 { "Manager", "DefaultLimitSTACK", config_parse_rlimit, RLIMIT_STACK, arg_default_rlimit },
650 { "Manager", "DefaultLimitCORE", config_parse_rlimit, RLIMIT_CORE, arg_default_rlimit },
651 { "Manager", "DefaultLimitRSS", config_parse_rlimit, RLIMIT_RSS, arg_default_rlimit },
652 { "Manager", "DefaultLimitNOFILE", config_parse_rlimit, RLIMIT_NOFILE, arg_default_rlimit },
653 { "Manager", "DefaultLimitAS", config_parse_rlimit, RLIMIT_AS, arg_default_rlimit },
654 { "Manager", "DefaultLimitNPROC", config_parse_rlimit, RLIMIT_NPROC, arg_default_rlimit },
655 { "Manager", "DefaultLimitMEMLOCK", config_parse_rlimit, RLIMIT_MEMLOCK, arg_default_rlimit },
656 { "Manager", "DefaultLimitLOCKS", config_parse_rlimit, RLIMIT_LOCKS, arg_default_rlimit },
657 { "Manager", "DefaultLimitSIGPENDING", config_parse_rlimit, RLIMIT_SIGPENDING, arg_default_rlimit },
658 { "Manager", "DefaultLimitMSGQUEUE", config_parse_rlimit, RLIMIT_MSGQUEUE, arg_default_rlimit },
659 { "Manager", "DefaultLimitNICE", config_parse_rlimit, RLIMIT_NICE, arg_default_rlimit },
660 { "Manager", "DefaultLimitRTPRIO", config_parse_rlimit, RLIMIT_RTPRIO, arg_default_rlimit },
661 { "Manager", "DefaultLimitRTTIME", config_parse_rlimit, RLIMIT_RTTIME, arg_default_rlimit },
662 { "Manager", "DefaultCPUAccounting", config_parse_tristate, 0, &arg_default_cpu_accounting },
663 { "Manager", "DefaultIOAccounting", config_parse_bool, 0, &arg_default_io_accounting },
664 { "Manager", "DefaultIPAccounting", config_parse_bool, 0, &arg_default_ip_accounting },
665 { "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_default_blockio_accounting },
666 { "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_default_memory_accounting },
667 { "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_default_tasks_accounting },
668 { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max },
669 { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, 0, &arg_cad_burst_action },
670 { "Manager", "DefaultOOMPolicy", config_parse_oom_policy, 0, &arg_default_oom_policy },
d3b1c508 671 {}
487393e9
LP		 672 };
673
1b907b5c 674 const char *fn, *conf_dirs_nulstr;
487393e9 675
463d0d15 676 fn = arg_system ?
75eb6154
LP		 677 PKGSYSCONFDIR "/system.conf" :
678 PKGSYSCONFDIR "/user.conf";
679
463d0d15 680 conf_dirs_nulstr = arg_system ?
75eb6154
LP		 681 CONF_PATHS_NULSTR("systemd/system.conf.d") :
682 CONF_PATHS_NULSTR("systemd/user.conf.d");
683
4f9ff96a
LP		 684 (void) config_parse_many_nulstr(
685 fn, conf_dirs_nulstr,
686 "Manager\0",
687 config_item_table_lookup, items,
688 CONFIG_PARSE_WARN,
689 NULL,
690 NULL);
36c16a7c
LP		 691
692 /* Traditionally "0" was used to turn off the default unit timeouts. Fix this up so that we used USEC_INFINITY
693 * like everywhere else. */
694 if (arg_default_timeout_start_usec <= 0)
695 arg_default_timeout_start_usec = USEC_INFINITY;
696 if (arg_default_timeout_stop_usec <= 0)
697 arg_default_timeout_stop_usec = USEC_INFINITY;
487393e9 698
487393e9
LP		 699 return 0;
700}
701
85cb4151 702static void set_manager_defaults(Manager *m) {
06af2a04
TB		 703
704 assert(m);
705
5b65ae15
LP		 706 /* Propagates the various default unit property settings into the manager object, i.e. properties that do not
707 * affect the manager itself, but are just what newly allocated units will have set if they haven't set
708 * anything else. (Also see set_manager_settings() for the settings that affect the manager's own behaviour) */
709
06af2a04
TB		 710 m->default_timer_accuracy_usec = arg_default_timer_accuracy_usec;
711 m->default_std_output = arg_default_std_output;
712 m->default_std_error = arg_default_std_error;
713 m->default_timeout_start_usec = arg_default_timeout_start_usec;
714 m->default_timeout_stop_usec = arg_default_timeout_stop_usec;
dc653bf4
JK		 715 m->default_timeout_abort_usec = arg_default_timeout_abort_usec;
716 m->default_timeout_abort_set = arg_default_timeout_abort_set;
06af2a04
TB		 717 m->default_restart_usec = arg_default_restart_usec;
718 m->default_start_limit_interval = arg_default_start_limit_interval;
719 m->default_start_limit_burst = arg_default_start_limit_burst;
a88c5b8a
CD		 720
721 /* On 4.15+ with unified hierarchy, CPU accounting is essentially free as it doesn't require the CPU
722 * controller to be enabled, so the default is to enable it unless we got told otherwise. */
723 if (arg_default_cpu_accounting >= 0)
724 m->default_cpu_accounting = arg_default_cpu_accounting;
725 else
726 m->default_cpu_accounting = cpu_accounting_is_cheap();
727
13c31542 728 m->default_io_accounting = arg_default_io_accounting;
377bfd2d 729 m->default_ip_accounting = arg_default_ip_accounting;
06af2a04
TB		 730 m->default_blockio_accounting = arg_default_blockio_accounting;
731 m->default_memory_accounting = arg_default_memory_accounting;
03a7b521 732 m->default_tasks_accounting = arg_default_tasks_accounting;
0af20ea2 733 m->default_tasks_max = arg_default_tasks_max;
afcfaa69 734 m->default_oom_policy = arg_default_oom_policy;
06af2a04 735
79a224c4
LP		 736 (void) manager_set_default_rlimits(m, arg_default_rlimit);
737
738 (void) manager_default_environment(m);
739 (void) manager_transient_environment_add(m, arg_default_environment);
06af2a04
TB		 740}
741
7b46fc6a
LP		 742static void set_manager_settings(Manager *m) {
743
744 assert(m);
745
986935cf
FB		 746 /* Propagates the various manager settings into the manager object, i.e. properties that
747 * effect the manager itself (as opposed to just being inherited into newly allocated
748 * units, see set_manager_defaults() above). */
5b65ae15 749
7b46fc6a 750 m->confirm_spawn = arg_confirm_spawn;
2a12e32e 751 m->service_watchdogs = arg_service_watchdogs;
7b46fc6a
LP		 752 m->cad_burst_action = arg_cad_burst_action;
753
986935cf
FB		 754 manager_set_watchdog(m, WATCHDOG_RUNTIME, arg_runtime_watchdog);
755 manager_set_watchdog(m, WATCHDOG_REBOOT, arg_reboot_watchdog);
756 manager_set_watchdog(m, WATCHDOG_KEXEC, arg_kexec_watchdog);
757
7365a296 758 manager_set_show_status(m, arg_show_status, "commandline");
36cf4507 759 m->status_unit_format = arg_status_unit_format;
7b46fc6a
LP		 760}
761
f170852a 762static int parse_argv(int argc, char *argv[]) {
f170852a
LP		 763 enum {
764 ARG_LOG_LEVEL = 0x100,
765 ARG_LOG_TARGET,
bbe63281
LP		 766 ARG_LOG_COLOR,
767 ARG_LOG_LOCATION,
c5673ed0 768 ARG_LOG_TIME,
2f198e2f 769 ARG_UNIT,
edb9aaa8 770 ARG_SYSTEM,
af2d49f7 771 ARG_USER,
e537352b 772 ARG_TEST,
b87c2aa6 773 ARG_NO_PAGER,
9ba0bc4e 774 ARG_VERSION,
80876c20 775 ARG_DUMP_CONFIGURATION_ITEMS,
bbc1acab 776 ARG_DUMP_BUS_PROPERTIES,
5c08257b 777 ARG_BUS_INTROSPECT,
9e58ff9c 778 ARG_DUMP_CORE,
b9e74c39 779 ARG_CRASH_CHVT,
9e58ff9c 780 ARG_CRASH_SHELL,
b9e74c39 781 ARG_CRASH_REBOOT,
a16e1123 782 ARG_CONFIRM_SPAWN,
9e58ff9c 783 ARG_SHOW_STATUS,
4288f619 784 ARG_DESERIALIZE,
2660882b 785 ARG_SWITCHED_ROOT,
0a494f1f 786 ARG_DEFAULT_STD_OUTPUT,
ee48dbd5 787 ARG_DEFAULT_STD_ERROR,
2a12e32e
JK		 788 ARG_MACHINE_ID,
789 ARG_SERVICE_WATCHDOGS,
f170852a
LP		 790 };
791
792 static const struct option options[] = {
a16e1123
LP		 793 { "log-level", required_argument, NULL, ARG_LOG_LEVEL },
794 { "log-target", required_argument, NULL, ARG_LOG_TARGET },
bbe63281
LP		 795 { "log-color", optional_argument, NULL, ARG_LOG_COLOR },
796 { "log-location", optional_argument, NULL, ARG_LOG_LOCATION },
c5673ed0 797 { "log-time", optional_argument, NULL, ARG_LOG_TIME },
2f198e2f 798 { "unit", required_argument, NULL, ARG_UNIT },
edb9aaa8 799 { "system", no_argument, NULL, ARG_SYSTEM },
af2d49f7 800 { "user", no_argument, NULL, ARG_USER },
a16e1123 801 { "test", no_argument, NULL, ARG_TEST },
b87c2aa6 802 { "no-pager", no_argument, NULL, ARG_NO_PAGER },
a16e1123 803 { "help", no_argument, NULL, 'h' },
9ba0bc4e 804 { "version", no_argument, NULL, ARG_VERSION },
a16e1123 805 { "dump-configuration-items", no_argument, NULL, ARG_DUMP_CONFIGURATION_ITEMS },
bbc1acab 806 { "dump-bus-properties", no_argument, NULL, ARG_DUMP_BUS_PROPERTIES },
5c08257b 807 { "bus-introspect", required_argument, NULL, ARG_BUS_INTROSPECT },
a5d87bf0 808 { "dump-core", optional_argument, NULL, ARG_DUMP_CORE },
b9e74c39 809 { "crash-chvt", required_argument, NULL, ARG_CRASH_CHVT },
a5d87bf0 810 { "crash-shell", optional_argument, NULL, ARG_CRASH_SHELL },
b9e74c39 811 { "crash-reboot", optional_argument, NULL, ARG_CRASH_REBOOT },
a5d87bf0 812 { "confirm-spawn", optional_argument, NULL, ARG_CONFIRM_SPAWN },
6e98720f 813 { "show-status", optional_argument, NULL, ARG_SHOW_STATUS },
a16e1123 814 { "deserialize", required_argument, NULL, ARG_DESERIALIZE },
2660882b 815 { "switched-root", no_argument, NULL, ARG_SWITCHED_ROOT },
0a494f1f
LP		 816 { "default-standard-output", required_argument, NULL, ARG_DEFAULT_STD_OUTPUT, },
817 { "default-standard-error", required_argument, NULL, ARG_DEFAULT_STD_ERROR, },
ee48dbd5 818 { "machine-id", required_argument, NULL, ARG_MACHINE_ID },
2a12e32e 819 { "service-watchdogs", required_argument, NULL, ARG_SERVICE_WATCHDOGS },
fb472900 820 {}
f170852a
LP		 821 };
822
823 int c, r;
824
825 assert(argc >= 1);
826 assert(argv);
827
df0ff127 828 if (getpid_cached() == 1)
b770165a
LP		 829 opterr = 0;
830
099663ff 831 while ((c = getopt_long(argc, argv, "hDbsz:", options, NULL)) >= 0)
f170852a
LP		 832
833 switch (c) {
834
835 case ARG_LOG_LEVEL:
fb472900 836 r = log_set_max_level_from_string(optarg);
2b5107e1
ZJS		 837 if (r < 0)
838 return log_error_errno(r, "Failed to parse log level \"%s\": %m", optarg);
f170852a
LP		 839
840 break;
841
842 case ARG_LOG_TARGET:
fb472900 843 r = log_set_target_from_string(optarg);
2b5107e1
ZJS		 844 if (r < 0)
845 return log_error_errno(r, "Failed to parse log target \"%s\": %m", optarg);
f170852a
LP		 846
847 break;
848
bbe63281
LP		 849 case ARG_LOG_COLOR:
850
d0b170c8 851 if (optarg) {
fb472900 852 r = log_show_color_from_string(optarg);
2b5107e1
ZJS		 853 if (r < 0)
854 return log_error_errno(r, "Failed to parse log color setting \"%s\": %m",
855 optarg);
d0b170c8
LP		 856 } else
857 log_show_color(true);
bbe63281
LP		 858
859 break;
860
861 case ARG_LOG_LOCATION:
d0b170c8 862 if (optarg) {
fb472900 863 r = log_show_location_from_string(optarg);
2b5107e1
ZJS		 864 if (r < 0)
865 return log_error_errno(r, "Failed to parse log location setting \"%s\": %m",
866 optarg);
d0b170c8
LP		 867 } else
868 log_show_location(true);
bbe63281
LP		 869
870 break;
871
c5673ed0
DS		 872 case ARG_LOG_TIME:
873
874 if (optarg) {
875 r = log_show_time_from_string(optarg);
876 if (r < 0)
877 return log_error_errno(r, "Failed to parse log time setting \"%s\": %m",
878 optarg);
879 } else
880 log_show_time(true);
881
882 break;
883
0a494f1f 884 case ARG_DEFAULT_STD_OUTPUT:
fb472900 885 r = exec_output_from_string(optarg);
2b5107e1
ZJS		 886 if (r < 0)
887 return log_error_errno(r, "Failed to parse default standard output setting \"%s\": %m",
888 optarg);
889 arg_default_std_output = r;
0a494f1f
LP		 890 break;
891
892 case ARG_DEFAULT_STD_ERROR:
fb472900 893 r = exec_output_from_string(optarg);
2b5107e1
ZJS		 894 if (r < 0)
895 return log_error_errno(r, "Failed to parse default standard error output setting \"%s\": %m",
896 optarg);
897 arg_default_std_error = r;
0a494f1f
LP		 898 break;
899
2f198e2f 900 case ARG_UNIT:
e6e242ad 901 r = free_and_strdup(&arg_default_unit, optarg);
23bbb0de 902 if (r < 0)
2b5107e1 903 return log_error_errno(r, "Failed to set default unit \"%s\": %m", optarg);
f170852a
LP		 904
905 break;
906
edb9aaa8 907 case ARG_SYSTEM:
463d0d15 908 arg_system = true;
edb9aaa8 909 break;
a5dab5ce 910
af2d49f7 911 case ARG_USER:
463d0d15 912 arg_system = false;
a5dab5ce 913 break;
a5dab5ce 914
e965d56d 915 case ARG_TEST:
fa0f4d8a 916 arg_action = ACTION_TEST;
b87c2aa6
ZJS		 917 break;
918
919 case ARG_NO_PAGER:
0221d68a 920 arg_pager_flags |= PAGER_DISABLE;
e965d56d
LP		 921 break;
922
9ba0bc4e
ZJS		 923 case ARG_VERSION:
924 arg_action = ACTION_VERSION;
925 break;
926
e537352b 927 case ARG_DUMP_CONFIGURATION_ITEMS:
fa0f4d8a 928 arg_action = ACTION_DUMP_CONFIGURATION_ITEMS;
e537352b
LP		 929 break;
930
bbc1acab
YW		 931 case ARG_DUMP_BUS_PROPERTIES:
932 arg_action = ACTION_DUMP_BUS_PROPERTIES;
933 break;
934
5c08257b
ZJS		 935 case ARG_BUS_INTROSPECT:
936 arg_bus_introspect = optarg;
937 arg_action = ACTION_BUS_INTROSPECT;
938 break;
939
9e58ff9c 940 case ARG_DUMP_CORE:
b9e74c39
LP		 941 if (!optarg)
942 arg_dump_core = true;
943 else {
944 r = parse_boolean(optarg);
945 if (r < 0)
2b5107e1
ZJS		 946 return log_error_errno(r, "Failed to parse dump core boolean: \"%s\": %m",
947 optarg);
b9e74c39 948 arg_dump_core = r;
a5d87bf0 949 }
b9e74c39
LP		 950 break;
951
952 case ARG_CRASH_CHVT:
a07a7324 953 r = parse_crash_chvt(optarg, &arg_crash_chvt);
b9e74c39 954 if (r < 0)
2b5107e1
ZJS		 955 return log_error_errno(r, "Failed to parse crash virtual terminal index: \"%s\": %m",
956 optarg);
9e58ff9c
LP		 957 break;
958
959 case ARG_CRASH_SHELL:
b9e74c39
LP		 960 if (!optarg)
961 arg_crash_shell = true;
962 else {
963 r = parse_boolean(optarg);
964 if (r < 0)
2b5107e1
ZJS		 965 return log_error_errno(r, "Failed to parse crash shell boolean: \"%s\": %m",
966 optarg);
b9e74c39
LP		 967 arg_crash_shell = r;
968 }
969 break;
970
971 case ARG_CRASH_REBOOT:
972 if (!optarg)
973 arg_crash_reboot = true;
974 else {
975 r = parse_boolean(optarg);
976 if (r < 0)
2b5107e1
ZJS		 977 return log_error_errno(r, "Failed to parse crash shell boolean: \"%s\": %m",
978 optarg);
b9e74c39 979 arg_crash_reboot = r;
a5d87bf0 980 }
9e58ff9c
LP		 981 break;
982
80876c20 983 case ARG_CONFIRM_SPAWN:
7d5ceb64
FB		 984 arg_confirm_spawn = mfree(arg_confirm_spawn);
985
986 r = parse_confirm_spawn(optarg, &arg_confirm_spawn);
987 if (r < 0)
2b5107e1
ZJS		 988 return log_error_errno(r, "Failed to parse confirm spawn option: \"%s\": %m",
989 optarg);
80876c20
LP		 990 break;
991
2a12e32e
JK		 992 case ARG_SERVICE_WATCHDOGS:
993 r = parse_boolean(optarg);
994 if (r < 0)
2b5107e1
ZJS		 995 return log_error_errno(r, "Failed to parse service watchdogs boolean: \"%s\": %m",
996 optarg);
2a12e32e
JK		 997 arg_service_watchdogs = r;
998 break;
999
9e58ff9c 1000 case ARG_SHOW_STATUS:
d450b6f2
ZJS		 1001 if (optarg) {
1002 r = parse_show_status(optarg, &arg_show_status);
ac7ec288 1003 if (r < 0)
2b5107e1
ZJS		 1004 return log_error_errno(r, "Failed to parse show status boolean: \"%s\": %m",
1005 optarg);
d450b6f2
ZJS		 1006 } else
1007 arg_show_status = SHOW_STATUS_YES;
6e98720f 1008 break;
a5d87bf0 1009
a16e1123
LP		 1010 case ARG_DESERIALIZE: {
1011 int fd;
1012 FILE *f;
1013
01e10de3 1014 r = safe_atoi(optarg, &fd);
2b5107e1
ZJS		 1015 if (r < 0)
1016 log_error_errno(r, "Failed to parse deserialize option \"%s\": %m", optarg);
baaa35ad
ZJS		 1017 if (fd < 0)
1018 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
1019 "Invalid deserialize fd: %d",
1020 fd);
a16e1123 1021
b9e74c39 1022 (void) fd_cloexec(fd, true);
01e10de3
LP		 1023
1024 f = fdopen(fd, "r");
4a62c710 1025 if (!f)
2b5107e1 1026 return log_error_errno(errno, "Failed to open serialization fd %d: %m", fd);
a16e1123 1027
74ca738f 1028 safe_fclose(arg_serialization);
d3b1c508 1029 arg_serialization = f;
a16e1123
LP		 1030
1031 break;
1032 }
1033
2660882b 1034 case ARG_SWITCHED_ROOT:
bf4df7c3 1035 arg_switched_root = true;
d03bc1b8
HH		 1036 break;
1037
ee48dbd5
NC		 1038 case ARG_MACHINE_ID:
1039 r = set_machine_id(optarg);
54500613 1040 if (r < 0)
2b5107e1 1041 return log_error_errno(r, "MachineID '%s' is not valid: %m", optarg);
ee48dbd5
NC		 1042 break;
1043
f170852a 1044 case 'h':
fa0f4d8a 1045 arg_action = ACTION_HELP;
f170852a
LP		 1046 break;
1047
1d2e23ab
LP		 1048 case 'D':
1049 log_set_max_level(LOG_DEBUG);
1050 break;
1051
099663ff
LP		 1052 case 'b':
1053 case 's':
1054 case 'z':
cd57038a
ZJS		 1055 /* Just to eat away the sysvinit kernel cmdline args that we'll parse in
1056 * parse_proc_cmdline_item() or ignore, without any getopt() error messages.
1057 */
099663ff 1058 case '?':
df0ff127 1059 if (getpid_cached() != 1)
099663ff 1060 return -EINVAL;
601185b4
ZJS		 1061 else
1062 return 0;
099663ff 1063
601185b4
ZJS		 1064 default:
1065 assert_not_reached("Unhandled option code.");
f170852a
LP		 1066 }
1067
d7a0f1f4 1068 if (optind < argc && getpid_cached() != 1)
d821e6d6
LP		 1069 /* Hmm, when we aren't run as init system
1070 * let's complain about excess arguments */
baaa35ad
ZJS		 1071 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
1072 "Excess arguments.");
d821e6d6 1073
f170852a
LP		 1074 return 0;
1075}
1076
1077static int help(void) {
37ec0fdd
LP		 1078 _cleanup_free_ char *link = NULL;
1079 int r;
1080
1081 r = terminal_urlify_man("systemd", "1", &link);
1082 if (r < 0)
1083 return log_oom();
f170852a 1084
2e33c433 1085 printf("%s [OPTIONS...]\n\n"
7ae47326
ZJS		 1086 "%sStarts and monitors system and user services.%s\n\n"
1087 "This program takes no positional arguments.\n\n"
1088 "%sOptions%s:\n"
e537352b 1089 " -h --help Show this help\n"
cb4069d9 1090 " --version Show version\n"
cd69e88b
LP		 1091 " --test Determine initial transaction, dump it and exit\n"
1092 " --system In combination with --test: operate as system service manager\n"
1093 " --user In combination with --test: operate as per-user service manager\n"
b87c2aa6 1094 " --no-pager Do not pipe output into a pager\n"
80876c20 1095 " --dump-configuration-items Dump understood unit configuration items\n"
bbc1acab 1096 " --dump-bus-properties Dump exposed bus properties\n"
5c08257b 1097 " --bus-introspect=PATH Write XML introspection data\n"
9e58ff9c 1098 " --unit=UNIT Set default unit\n"
b9e74c39
LP		 1099 " --dump-core[=BOOL] Dump core on crash\n"
1100 " --crash-vt=NR Change to specified VT on crash\n"
1101 " --crash-reboot[=BOOL] Reboot on crash\n"
1102 " --crash-shell[=BOOL] Run shell on crash\n"
1103 " --confirm-spawn[=BOOL] Ask for confirmation when spawning processes\n"
1104 " --show-status[=BOOL] Show status updates on the console during bootup\n"
c1dc6153 1105 " --log-target=TARGET Set log target (console, journal, kmsg, journal-or-kmsg, null)\n"
9e58ff9c 1106 " --log-level=LEVEL Set log level (debug, info, notice, warning, err, crit, alert, emerg)\n"
b9e74c39
LP		 1107 " --log-color[=BOOL] Highlight important log messages\n"
1108 " --log-location[=BOOL] Include code location in log messages\n"
c5673ed0 1109 " --log-time[=BOOL] Prefix log messages with current time\n"
0a494f1f 1110 " --default-standard-output= Set default standard output for services\n"
37ec0fdd 1111 " --default-standard-error= Set default standard error output for services\n"
bc556335
DDM		 1112 "\nSee the %s for details.\n",
1113 program_invocation_short_name,
1114 ansi_highlight(),
1115 ansi_normal(),
1116 ansi_underline(),
1117 ansi_normal(),
1118 link);
f170852a
LP		 1119
1120 return 0;
1121}
1122
2cc856ac
LP		 1123static int prepare_reexecute(
1124 Manager *m,
1125 FILE **ret_f,
1126 FDSet **ret_fds,
1127 bool switching_root) {
1128
48b90859
LP		 1129 _cleanup_fdset_free_ FDSet *fds = NULL;
1130 _cleanup_fclose_ FILE *f = NULL;
a16e1123
LP		 1131 int r;
1132
1133 assert(m);
2cc856ac
LP		 1134 assert(ret_f);
1135 assert(ret_fds);
a16e1123 1136
6b78f9b4 1137 r = manager_open_serialization(m, &f);
48b90859
LP		 1138 if (r < 0)
1139 return log_error_errno(r, "Failed to create serialization file: %m");
a16e1123 1140
71445ae7 1141 /* Make sure nothing is really destructed when we shut down */
313cefa1 1142 m->n_reloading++;
718db961 1143 bus_manager_send_reloading(m, true);
71445ae7 1144
6b78f9b4 1145 fds = fdset_new();
48b90859
LP		 1146 if (!fds)
1147 return log_oom();
a16e1123 1148
b3680f49 1149 r = manager_serialize(m, f, fds, switching_root);
48b90859 1150 if (r < 0)
d68c645b 1151 return r;
a16e1123 1152
48b90859
LP		 1153 if (fseeko(f, 0, SEEK_SET) == (off_t) -1)
1154 return log_error_errno(errno, "Failed to rewind serialization fd: %m");
a16e1123 1155
6b78f9b4 1156 r = fd_cloexec(fileno(f), false);
48b90859
LP		 1157 if (r < 0)
1158 return log_error_errno(r, "Failed to disable O_CLOEXEC for serialization: %m");
a16e1123 1159
6b78f9b4 1160 r = fdset_cloexec(fds, false);
48b90859
LP		 1161 if (r < 0)
1162 return log_error_errno(r, "Failed to disable O_CLOEXEC for serialization fds: %m");
a16e1123 1163
2cc856ac
LP		 1164 *ret_f = TAKE_PTR(f);
1165 *ret_fds = TAKE_PTR(fds);
a16e1123 1166
48b90859 1167 return 0;
a16e1123
LP		 1168}
1169
a8b627aa
LP		 1170static void bump_file_max_and_nr_open(void) {
1171
1172 /* Let's bump fs.file-max and fs.nr_open to their respective maximums. On current kernels large numbers of file
1173 * descriptors are no longer a performance problem and their memory is properly tracked by memcg, thus counting
1174 * them and limiting them in another two layers of limits is unnecessary and just complicates things. This
1175 * function hence turns off 2 of the 4 levels of limits on file descriptors, and makes RLIMIT_NOLIMIT (soft +
1176 * hard) the only ones that really matter. */
1177
1178#if BUMP_PROC_SYS_FS_FILE_MAX || BUMP_PROC_SYS_FS_NR_OPEN
a8b627aa
LP		 1179 int r;
1180#endif
1181
1182#if BUMP_PROC_SYS_FS_FILE_MAX
6e2f7894
LP		 1183 /* The maximum the kernel allows for this since 5.2 is LONG_MAX, use that. (Previously thing where
1184 * different but the operation would fail silently.) */
56e8419a 1185 r = sysctl_writef("fs/file-max", "%li\n", LONG_MAX);
a8b627aa
LP		 1186 if (r < 0)
1187 log_full_errno(IN_SET(r, -EROFS, -EPERM, -EACCES) ? LOG_DEBUG : LOG_WARNING, r, "Failed to bump fs.file-max, ignoring: %m");
1188#endif
1189
a8b627aa
LP		 1190#if BUMP_PROC_SYS_FS_NR_OPEN
1191 int v = INT_MAX;
1192
1193 /* Arg! The kernel enforces maximum and minimum values on the fs.nr_open, but we don't really know what they
1194 * are. The expression by which the maximum is determined is dependent on the architecture, and is something we
1195 * don't really want to copy to userspace, as it is dependent on implementation details of the kernel. Since
1196 * the kernel doesn't expose the maximum value to us, we can only try and hope. Hence, let's start with
1197 * INT_MAX, and then keep halving the value until we find one that works. Ugly? Yes, absolutely, but kernel
1198 * APIs are kernel APIs, so what do can we do... 🤯 */
1199
1200 for (;;) {
1201 int k;
1202
1203 v &= ~(__SIZEOF_POINTER__ - 1); /* Round down to next multiple of the pointer size */
1204 if (v < 1024) {
1205 log_warning("Can't bump fs.nr_open, value too small.");
1206 break;
1207 }
1208
1209 k = read_nr_open();
1210 if (k < 0) {
1211 log_error_errno(k, "Failed to read fs.nr_open: %m");
1212 break;
1213 }
1214 if (k >= v) { /* Already larger */
1215 log_debug("Skipping bump, value is already larger.");
1216 break;
1217 }
1218
56e8419a 1219 r = sysctl_writef("fs/nr_open", "%i\n", v);
a8b627aa
LP		 1220 if (r == -EINVAL) {
1221 log_debug("Couldn't write fs.nr_open as %i, halving it.", v);
1222 v /= 2;
1223 continue;
1224 }
1225 if (r < 0) {
1226 log_full_errno(IN_SET(r, -EROFS, -EPERM, -EACCES) ? LOG_DEBUG : LOG_WARNING, r, "Failed to bump fs.nr_open, ignoring: %m");
1227 break;
1228 }
1229
1230 log_debug("Successfully bumped fs.nr_open to %i", v);
1231 break;
1232 }
1233#endif
1234}
1235
4096d6f5 1236static int bump_rlimit_nofile(struct rlimit *saved_rlimit) {
cda7faa9 1237 struct rlimit new_rlimit;
9264cc39 1238 int r, nr;
4096d6f5 1239
52d62075
LP		 1240 /* Get the underlying absolute limit the kernel enforces */
1241 nr = read_nr_open();
1242
cda7faa9
LP		 1243 /* Calculate the new limits to use for us. Never lower from what we inherited. */
1244 new_rlimit = (struct rlimit) {
1245 .rlim_cur = MAX((rlim_t) nr, saved_rlimit->rlim_cur),
1246 .rlim_max = MAX((rlim_t) nr, saved_rlimit->rlim_max),
1247 };
1248
1249 /* Shortcut if nothing changes. */
1250 if (saved_rlimit->rlim_max >= new_rlimit.rlim_max &&
1251 saved_rlimit->rlim_cur >= new_rlimit.rlim_cur) {
1252 log_debug("RLIMIT_NOFILE is already as high or higher than we need it, not bumping.");
1253 return 0;
1254 }
1255
52d62075
LP		 1256 /* Bump up the resource limit for ourselves substantially, all the way to the maximum the kernel allows, for
1257 * both hard and soft. */
cda7faa9 1258 r = setrlimit_closest(RLIMIT_NOFILE, &new_rlimit);
23bbb0de 1259 if (r < 0)
3ce40911 1260 return log_warning_errno(r, "Setting RLIMIT_NOFILE failed, ignoring: %m");
4096d6f5
LP		 1261
1262 return 0;
1263}
1264
fb3ae275 1265static int bump_rlimit_memlock(struct rlimit *saved_rlimit) {
cda7faa9 1266 struct rlimit new_rlimit;
04d1ee0f 1267 uint64_t mm;
fb3ae275
LP		 1268 int r;
1269
a17c1712 1270 /* BPF_MAP_TYPE_LPM_TRIE bpf maps are charged against RLIMIT_MEMLOCK, even if we have CAP_IPC_LOCK which should
6e3c443b 1271 * normally disable such checks. We need them to implement IPAddressAllow= and IPAddressDeny=, hence let's bump
a17c1712 1272 * the value high enough for our user. */
fb3ae275 1273
cda7faa9
LP		 1274 /* Using MAX() on resource limits only is safe if RLIM_INFINITY is > 0. POSIX declares that rlim_t
1275 * must be unsigned, hence this is a given, but let's make this clear here. */
1276 assert_cc(RLIM_INFINITY > 0);
1277
04d1ee0f 1278 mm = physical_memory() / 8; /* Let's scale how much we allow to be locked by the amount of physical
2d4f8cf4 1279 * RAM. We allow an eighth to be locked by us, just to pick a value. */
04d1ee0f 1280
cda7faa9 1281 new_rlimit = (struct rlimit) {
04d1ee0f
LP		 1282 .rlim_cur = MAX3(HIGH_RLIMIT_MEMLOCK, saved_rlimit->rlim_cur, mm),
1283 .rlim_max = MAX3(HIGH_RLIMIT_MEMLOCK, saved_rlimit->rlim_max, mm),
cda7faa9
LP		 1284 };
1285
1286 if (saved_rlimit->rlim_max >= new_rlimit.rlim_cur &&
1287 saved_rlimit->rlim_cur >= new_rlimit.rlim_max) {
1288 log_debug("RLIMIT_MEMLOCK is already as high or higher than we need it, not bumping.");
1289 return 0;
1290 }
1291
1292 r = setrlimit_closest(RLIMIT_MEMLOCK, &new_rlimit);
fb3ae275
LP		 1293 if (r < 0)
1294 return log_warning_errno(r, "Setting RLIMIT_MEMLOCK failed, ignoring: %m");
1295
1296 return 0;
1297}
1298
80758717 1299static void test_usr(void) {
80758717 1300
796ac4c1 1301 /* Check that /usr is either on the same file system as / or mounted already. */
80758717 1302
871c44a7
LP		 1303 if (dir_is_empty("/usr") <= 0)
1304 return;
1305
8b173b5e 1306 log_warning("/usr appears to be on its own filesystem and is not already mounted. This is not a supported setup. "
871c44a7
LP		 1307 "Some things will probably break (sometimes even silently) in mysterious ways. "
1308 "Consult http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken for more information.");
1309}
1310
d3b1c508 1311static int enforce_syscall_archs(Set *archs) {
349cc4a5 1312#if HAVE_SECCOMP
d3b1c508
LP		 1313 int r;
1314
83f12b27
FS		 1315 if (!is_seccomp_available())
1316 return 0;
1317
469830d1 1318 r = seccomp_restrict_archs(arg_syscall_archs);
d3b1c508 1319 if (r < 0)
469830d1 1320 return log_error_errno(r, "Failed to enforce system call architecture restrication: %m");
d3b1c508 1321#endif
469830d1 1322 return 0;
d3b1c508
LP		 1323}
1324
b6e2f329
LP		 1325static int status_welcome(void) {
1326 _cleanup_free_ char *pretty_name = NULL, *ansi_color = NULL;
1327 int r;
1328
5ca02bfc 1329 if (!show_status_on(arg_show_status))
fd8c85c6
LP		 1330 return 0;
1331
d58ad743
LP		 1332 r = parse_os_release(NULL,
1333 "PRETTY_NAME", &pretty_name,
1334 "ANSI_COLOR", &ansi_color,
1335 NULL);
1336 if (r < 0)
1337 log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_WARNING, r,
1338 "Failed to read os-release file, ignoring: %m");
b6e2f329 1339
dc9b5816 1340 if (log_get_show_color())
a885727a 1341 return status_printf(NULL, 0,
dc9b5816
ZJS		 1342 "\nWelcome to \x1B[%sm%s\x1B[0m!\n",
1343 isempty(ansi_color) ? "1" : ansi_color,
1344 isempty(pretty_name) ? "Linux" : pretty_name);
1345 else
a885727a 1346 return status_printf(NULL, 0,
dc9b5816
ZJS		 1347 "\nWelcome to %s!\n",
1348 isempty(pretty_name) ? "Linux" : pretty_name);
b6e2f329
LP		 1349}
1350
fdd25311
LP		 1351static int write_container_id(void) {
1352 const char *c;
19854865 1353 int r;
fdd25311
LP		 1354
1355 c = getenv("container");
1356 if (isempty(c))
1357 return 0;
1358
8612da97
LP		 1359 RUN_WITH_UMASK(0022)
1360 r = write_string_file("/run/systemd/container", c, WRITE_STRING_FILE_CREATE);
19854865 1361 if (r < 0)
f1f849b0 1362 return log_warning_errno(r, "Failed to write /run/systemd/container, ignoring: %m");
19854865
LP		 1363
1364 return 1;
1365}
1366
1367static int bump_unix_max_dgram_qlen(void) {
1368 _cleanup_free_ char *qlen = NULL;
1369 unsigned long v;
1370 int r;
1371
3130fca5
LP		 1372 /* Let's bump the net.unix.max_dgram_qlen sysctl. The kernel default of 16 is simply too low. We set the value
1373 * really really early during boot, so that it is actually applied to all our sockets, including the
1374 * $NOTIFY_SOCKET one. */
19854865
LP		 1375
1376 r = read_one_line_file("/proc/sys/net/unix/max_dgram_qlen", &qlen);
1377 if (r < 0)
875622c3 1378 return log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_WARNING, r, "Failed to read AF_UNIX datagram queue length, ignoring: %m");
19854865
LP		 1379
1380 r = safe_atolu(qlen, &v);
1381 if (r < 0)
3130fca5 1382 return log_warning_errno(r, "Failed to parse AF_UNIX datagram queue length '%s', ignoring: %m", qlen);
19854865
LP		 1383
1384 if (v >= DEFAULT_UNIX_MAX_DGRAM_QLEN)
1385 return 0;
1386
57512c89 1387 r = write_string_filef("/proc/sys/net/unix/max_dgram_qlen", WRITE_STRING_FILE_DISABLE_BUFFER, "%lu", DEFAULT_UNIX_MAX_DGRAM_QLEN);
19854865
LP		 1388 if (r < 0)
1389 return log_full_errno(IN_SET(r, -EROFS, -EPERM, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
1390 "Failed to bump AF_UNIX datagram queue length, ignoring: %m");
1391
1392 return 1;
fdd25311
LP		 1393}
1394
32391275
FB		 1395static int fixup_environment(void) {
1396 _cleanup_free_ char *term = NULL;
4dc63c4b 1397 const char *t;
32391275
FB		 1398 int r;
1399
43db615b
LP		 1400 /* Only fix up the environment when we are started as PID 1 */
1401 if (getpid_cached() != 1)
1402 return 0;
1403
1404 /* We expect the environment to be set correctly if run inside a container. */
84af7821
LP		 1405 if (detect_container() > 0)
1406 return 0;
1407
43db615b
LP		 1408 /* When started as PID1, the kernel uses /dev/console for our stdios and uses TERM=linux whatever the backend
1409 * device used by the console. We try to make a better guess here since some consoles might not have support
1410 * for color mode for example.
32391275 1411 *
43db615b 1412 * However if TERM was configured through the kernel command line then leave it alone. */
1d84ad94 1413 r = proc_cmdline_get_key("TERM", 0, &term);
32391275
FB		 1414 if (r < 0)
1415 return r;
32391275 1416
4dc63c4b
LP		 1417 t = term ?: default_term_for_tty("/dev/console");
1418
1419 if (setenv("TERM", t, 1) < 0)
32391275
FB		 1420 return -errno;
1421
9d48671c 1422 /* The kernels sets HOME=/ for init. Let's undo this. */
44ee03d1
ZJS		 1423 if (path_equal_ptr(getenv("HOME"), "/"))
1424 assert_se(unsetenv("HOME") == 0);
9d48671c 1425
32391275
FB		 1426 return 0;
1427}
1428
6808a0bc
LP		 1429static void redirect_telinit(int argc, char *argv[]) {
1430
1431 /* This is compatibility support for SysV, where calling init as a user is identical to telinit. */
1432
1433#if HAVE_SYSV_COMPAT
1434 if (getpid_cached() == 1)
1435 return;
1436
1437 if (!strstr(program_invocation_short_name, "init"))
1438 return;
1439
1440 execv(SYSTEMCTL_BINARY_PATH, argv);
1441 log_error_errno(errno, "Failed to exec " SYSTEMCTL_BINARY_PATH ": %m");
a45d7127 1442 exit(EXIT_FAILURE);
6808a0bc
LP		 1443#endif
1444}
1445
4a36297c
LP		 1446static int become_shutdown(
1447 const char *shutdown_verb,
7eb35049 1448 int retval) {
4a36297c
LP		 1449
1450 char log_level[DECIMAL_STR_MAX(int) + 1],
e73c54b8
JK		 1451 exit_code[DECIMAL_STR_MAX(uint8_t) + 1],
1452 timeout[DECIMAL_STR_MAX(usec_t) + 1];
4a36297c 1453
e73c54b8 1454 const char* command_line[13] = {
4a36297c
LP		 1455 SYSTEMD_SHUTDOWN_BINARY_PATH,
1456 shutdown_verb,
e73c54b8 1457 "--timeout", timeout,
4a36297c
LP		 1458 "--log-level", log_level,
1459 "--log-target",
1460 };
1461
1462 _cleanup_strv_free_ char **env_block = NULL;
e73c54b8 1463 size_t pos = 7;
4a36297c 1464 int r;
acafd7d8 1465 usec_t watchdog_timer = 0;
4a36297c 1466
7eb35049 1467 assert(shutdown_verb);
234519ae 1468 assert(!command_line[pos]);
4a36297c
LP		 1469 env_block = strv_copy(environ);
1470
1471 xsprintf(log_level, "%d", log_get_max_level());
e73c54b8 1472 xsprintf(timeout, "%" PRI_USEC "us", arg_default_timeout_stop_usec);
4a36297c
LP		 1473
1474 switch (log_get_target()) {
1475
1476 case LOG_TARGET_KMSG:
1477 case LOG_TARGET_JOURNAL_OR_KMSG:
1478 case LOG_TARGET_SYSLOG_OR_KMSG:
1479 command_line[pos++] = "kmsg";
1480 break;
1481
1482 case LOG_TARGET_NULL:
1483 command_line[pos++] = "null";
1484 break;
1485
1486 case LOG_TARGET_CONSOLE:
1487 default:
1488 command_line[pos++] = "console";
1489 break;
1490 };
1491
1492 if (log_get_show_color())
1493 command_line[pos++] = "--log-color";
1494
1495 if (log_get_show_location())
1496 command_line[pos++] = "--log-location";
1497
c5673ed0
DS		 1498 if (log_get_show_time())
1499 command_line[pos++] = "--log-time";
1500
4a36297c
LP		 1501 if (streq(shutdown_verb, "exit")) {
1502 command_line[pos++] = "--exit-code";
1503 command_line[pos++] = exit_code;
1504 xsprintf(exit_code, "%d", retval);
1505 }
1506
1507 assert(pos < ELEMENTSOF(command_line));
1508
acafd7d8 1509 if (streq(shutdown_verb, "reboot"))
65224c1d 1510 watchdog_timer = arg_reboot_watchdog;
acafd7d8
LB		 1511 else if (streq(shutdown_verb, "kexec"))
1512 watchdog_timer = arg_kexec_watchdog;
1513
1514 if (watchdog_timer > 0 && watchdog_timer != USEC_INFINITY) {
7eb35049 1515
4a36297c
LP		 1516 char *e;
1517
acafd7d8 1518 /* If we reboot or kexec let's set the shutdown
4a36297c
LP		 1519 * watchdog and tell the shutdown binary to
1520 * repeatedly ping it */
acafd7d8 1521 r = watchdog_set_timeout(&watchdog_timer);
4a36297c
LP		 1522 watchdog_close(r < 0);
1523
1524 /* Tell the binary how often to ping, ignore failure */
acafd7d8 1525 if (asprintf(&e, "WATCHDOG_USEC="USEC_FMT, watchdog_timer) > 0)
8a2c1fbf
EJ		 1526 (void) strv_consume(&env_block, e);
1527
1528 if (arg_watchdog_device &&
1529 asprintf(&e, "WATCHDOG_DEVICE=%s", arg_watchdog_device) > 0)
1530 (void) strv_consume(&env_block, e);
4a36297c
LP		 1531 } else
1532 watchdog_close(true);
1533
1534 /* Avoid the creation of new processes forked by the
1535 * kernel; at this point, we will not listen to the
1536 * signals anyway */
1537 if (detect_container() <= 0)
1538 (void) cg_uninstall_release_agent(SYSTEMD_CGROUP_CONTROLLER);
1539
1540 execve(SYSTEMD_SHUTDOWN_BINARY_PATH, (char **) command_line, env_block);
1541 return -errno;
1542}
1543
e839bafd
LP		 1544static void initialize_clock(void) {
1545 int r;
1546
3753325b
LP		 1547 /* This is called very early on, before we parse the kernel command line or otherwise figure out why
1548 * we are running, but only once. */
1549
e839bafd
LP		 1550 if (clock_is_localtime(NULL) > 0) {
1551 int min;
1552
1553 /*
1554 * The very first call of settimeofday() also does a time warp in the kernel.
1555 *
1556 * In the rtc-in-local time mode, we set the kernel's timezone, and rely on external tools to take care
1557 * of maintaining the RTC and do all adjustments. This matches the behavior of Windows, which leaves
1558 * the RTC alone if the registry tells that the RTC runs in UTC.
1559 */
1560 r = clock_set_timezone(&min);
1561 if (r < 0)
1562 log_error_errno(r, "Failed to apply local time delta, ignoring: %m");
1563 else
1564 log_info("RTC configured in localtime, applying delta of %i minutes to system time.", min);
1565
d46b79bb 1566 } else if (!in_initrd())
e839bafd
LP		 1567 /*
1568 * Do a dummy very first call to seal the kernel's time warp magic.
1569 *
1570 * Do not call this from inside the initrd. The initrd might not carry /etc/adjtime with LOCAL, but the
1571 * real system could be set up that way. In such case, we need to delay the time-warp or the sealing
1572 * until we reach the real system.
1573 *
1574 * Do no set the kernel's timezone. The concept of local time cannot be supported reliably, the time
1575 * will jump or be incorrect at every daylight saving time change. All kernel local time concepts will
1576 * be treated as UTC that way.
1577 */
1578 (void) clock_reset_timewarp();
e839bafd
LP		 1579
1580 r = clock_apply_epoch();
1581 if (r < 0)
1582 log_error_errno(r, "Current system time is before build time, but cannot correct: %m");
1583 else if (r > 0)
1584 log_info("System time before build time, advancing clock.");
1585}
1586
3753325b
LP		 1587static void apply_clock_update(void) {
1588 struct timespec ts;
1589
1590 /* This is called later than initialize_clock(), i.e. after we parsed configuration files/kernel
1591 * command line and such. */
1592
1593 if (arg_clock_usec == 0)
1594 return;
1595
45250e66
LP		 1596 if (getpid_cached() != 1)
1597 return;
1598
3753325b
LP		 1599 if (clock_settime(CLOCK_REALTIME, timespec_store(&ts, arg_clock_usec)) < 0)
1600 log_error_errno(errno, "Failed to set system clock to time specified on kernel command line: %m");
1601 else {
1602 char buf[FORMAT_TIMESTAMP_MAX];
1603
1604 log_info("Set system clock to %s, as specified on the kernel command line.",
1605 format_timestamp(buf, sizeof(buf), arg_clock_usec));
1606 }
1607}
1608
d247f232 1609static void cmdline_take_random_seed(void) {
d247f232
LP		 1610 size_t suggested;
1611 int r;
1612
1613 if (arg_random_seed_size == 0)
1614 return;
1615
1616 if (getpid_cached() != 1)
1617 return;
1618
1619 assert(arg_random_seed);
1620 suggested = random_pool_size();
1621
1622 if (arg_random_seed_size < suggested)
1623 log_warning("Random seed specified on kernel command line has size %zu, but %zu bytes required to fill entropy pool.",
1624 arg_random_seed_size, suggested);
1625
61bd7d1e 1626 r = random_write_entropy(-1, arg_random_seed, arg_random_seed_size, true);
d247f232
LP		 1627 if (r < 0) {
1628 log_warning_errno(r, "Failed to credit entropy specified on kernel command line, ignoring: %m");
1629 return;
1630 }
1631
1632 log_notice("Successfully credited entropy passed on kernel command line.\n"
1633 "Note that the seed provided this way is accessible to unprivileged programs. This functionality should not be used outside of testing environments.");
1634}
1635
1e41242e 1636static void initialize_coredump(bool skip_setup) {
752bcb77 1637#if ENABLE_COREDUMP
1e41242e
LP		 1638 if (getpid_cached() != 1)
1639 return;
1640
1641 /* Don't limit the core dump size, so that coredump handlers such as systemd-coredump (which honour the limit)
1642 * will process core dumps for system services by default. */
1643 if (setrlimit(RLIMIT_CORE, &RLIMIT_MAKE_CONST(RLIM_INFINITY)) < 0)
1644 log_warning_errno(errno, "Failed to set RLIMIT_CORE: %m");
1645
c6885f5f
FB		 1646 /* But at the same time, turn off the core_pattern logic by default, so that no
1647 * coredumps are stored until the systemd-coredump tool is enabled via
1648 * sysctl. However it can be changed via the kernel command line later so core
1649 * dumps can still be generated during early startup and in initramfs. */
1e41242e 1650 if (!skip_setup)
e557b1a6 1651 disable_coredumps();
752bcb77 1652#endif
1e41242e
LP		 1653}
1654
c6885f5f
FB		 1655static void initialize_core_pattern(bool skip_setup) {
1656 int r;
1657
1658 if (skip_setup || !arg_early_core_pattern)
1659 return;
1660
1661 if (getpid_cached() != 1)
1662 return;
1663
57512c89 1664 r = write_string_file("/proc/sys/kernel/core_pattern", arg_early_core_pattern, WRITE_STRING_FILE_DISABLE_BUFFER);
c6885f5f
FB		 1665 if (r < 0)
1666 log_warning_errno(r, "Failed to write '%s' to /proc/sys/kernel/core_pattern, ignoring: %m", arg_early_core_pattern);
1667}
1668
61fbbac1
ZJS		 1669static void update_cpu_affinity(bool skip_setup) {
1670 _cleanup_free_ char *mask = NULL;
1671
1672 if (skip_setup || !arg_cpu_affinity.set)
1673 return;
1674
1675 assert(arg_cpu_affinity.allocated > 0);
1676
1677 mask = cpu_set_to_string(&arg_cpu_affinity);
1678 log_debug("Setting CPU affinity to %s.", strnull(mask));
1679
1680 if (sched_setaffinity(0, arg_cpu_affinity.allocated, arg_cpu_affinity.set) < 0)
1681 log_warning_errno(errno, "Failed to set CPU affinity: %m");
1682}
1683
b070c7c0
MS		 1684static void update_numa_policy(bool skip_setup) {
1685 int r;
1686 _cleanup_free_ char *nodes = NULL;
1687 const char * policy = NULL;
1688
1689 if (skip_setup || !mpol_is_valid(numa_policy_get_type(&arg_numa_policy)))
1690 return;
1691
1692 if (DEBUG_LOGGING) {
1693 policy = mpol_to_string(numa_policy_get_type(&arg_numa_policy));
1694 nodes = cpu_set_to_range_string(&arg_numa_policy.nodes);
1695 log_debug("Setting NUMA policy to %s, with nodes %s.", strnull(policy), strnull(nodes));
1696 }
1697
1698 r = apply_numa_policy(&arg_numa_policy);
1699 if (r == -EOPNOTSUPP)
1700 log_debug_errno(r, "NUMA support not available, ignoring.");
1701 else if (r < 0)
1702 log_warning_errno(r, "Failed to set NUMA memory policy: %m");
1703}
1704
3c7878f9
LP		 1705static void do_reexecute(
1706 int argc,
1707 char *argv[],
1708 const struct rlimit *saved_rlimit_nofile,
1709 const struct rlimit *saved_rlimit_memlock,
1710 FDSet *fds,
1711 const char *switch_root_dir,
1712 const char *switch_root_init,
1713 const char **ret_error_message) {
1714
1715 unsigned i, j, args_size;
1716 const char **args;
1717 int r;
1718
1719 assert(saved_rlimit_nofile);
1720 assert(saved_rlimit_memlock);
1721 assert(ret_error_message);
1722
1723 /* Close and disarm the watchdog, so that the new instance can reinitialize it, but doesn't get rebooted while
1724 * we do that */
1725 watchdog_close(true);
1726
ddfa8b0b
LP		 1727 /* Reset RLIMIT_NOFILE + RLIMIT_MEMLOCK back to the kernel defaults, so that the new systemd can pass
1728 * the kernel default to its child processes */
1729 if (saved_rlimit_nofile->rlim_cur != 0)
3c7878f9 1730 (void) setrlimit(RLIMIT_NOFILE, saved_rlimit_nofile);
ddfa8b0b 1731 if (saved_rlimit_memlock->rlim_cur != RLIM_INFINITY)
3c7878f9
LP		 1732 (void) setrlimit(RLIMIT_MEMLOCK, saved_rlimit_memlock);
1733
1734 if (switch_root_dir) {
1735 /* Kill all remaining processes from the initrd, but don't wait for them, so that we can handle the
1736 * SIGCHLD for them after deserializing. */
e73c54b8 1737 broadcast_signal(SIGTERM, false, true, arg_default_timeout_stop_usec);
3c7878f9
LP		 1738
1739 /* And switch root with MS_MOVE, because we remove the old directory afterwards and detach it. */
1740 r = switch_root(switch_root_dir, "/mnt", true, MS_MOVE);
1741 if (r < 0)
1742 log_error_errno(r, "Failed to switch root, trying to continue: %m");
1743 }
1744
1745 args_size = MAX(6, argc+1);
1746 args = newa(const char*, args_size);
1747
1748 if (!switch_root_init) {
1749 char sfd[DECIMAL_STR_MAX(int) + 1];
1750
1751 /* First try to spawn ourselves with the right path, and with full serialization. We do this only if
1752 * the user didn't specify an explicit init to spawn. */
1753
1754 assert(arg_serialization);
1755 assert(fds);
1756
1757 xsprintf(sfd, "%i", fileno(arg_serialization));
1758
1759 i = 0;
1760 args[i++] = SYSTEMD_BINARY_PATH;
1761 if (switch_root_dir)
1762 args[i++] = "--switched-root";
1763 args[i++] = arg_system ? "--system" : "--user";
1764 args[i++] = "--deserialize";
1765 args[i++] = sfd;
1766 args[i++] = NULL;
1767
1768 assert(i <= args_size);
1769
1770 /*
1771 * We want valgrind to print its memory usage summary before reexecution. Valgrind won't do this is on
1772 * its own on exec(), but it will do it on exit(). Hence, to ensure we get a summary here, fork() off
1773 * a child, let it exit() cleanly, so that it prints the summary, and wait() for it in the parent,
1774 * before proceeding into the exec().
1775 */
1776 valgrind_summary_hack();
1777
1778 (void) execv(args[0], (char* const*) args);
1779 log_debug_errno(errno, "Failed to execute our own binary, trying fallback: %m");
1780 }
1781
1782 /* Try the fallback, if there is any, without any serialization. We pass the original argv[] and envp[]. (Well,
1783 * modulo the ordering changes due to getopt() in argv[], and some cleanups in envp[], but let's hope that
1784 * doesn't matter.) */
1785
1786 arg_serialization = safe_fclose(arg_serialization);
1787 fds = fdset_free(fds);
1788
1789 /* Reopen the console */
1790 (void) make_console_stdio();
1791
1792 for (j = 1, i = 1; j < (unsigned) argc; j++)
1793 args[i++] = argv[j];
1794 args[i++] = NULL;
1795 assert(i <= args_size);
1796
5238e957 1797 /* Re-enable any blocked signals, especially important if we switch from initial ramdisk to init=... */
3c7878f9
LP		 1798 (void) reset_all_signal_handlers();
1799 (void) reset_signal_mask();
595225af 1800 (void) rlimit_nofile_safe();
3c7878f9
LP		 1801
1802 if (switch_root_init) {
1803 args[0] = switch_root_init;
a5cede8c 1804 (void) execve(args[0], (char* const*) args, saved_env);
3c7878f9
LP		 1805 log_warning_errno(errno, "Failed to execute configured init, trying fallback: %m");
1806 }
1807
1808 args[0] = "/sbin/init";
1809 (void) execv(args[0], (char* const*) args);
1810 r = -errno;
1811
1812 manager_status_printf(NULL, STATUS_TYPE_EMERGENCY,
1813 ANSI_HIGHLIGHT_RED " !! " ANSI_NORMAL,
1814 "Failed to execute /sbin/init");
1815
1816 if (r == -ENOENT) {
1817 log_warning("No /sbin/init, trying fallback");
1818
1819 args[0] = "/bin/sh";
1820 args[1] = NULL;
a5cede8c 1821 (void) execve(args[0], (char* const*) args, saved_env);
3c7878f9
LP		 1822 log_error_errno(errno, "Failed to execute /bin/sh, giving up: %m");
1823 } else
1824 log_warning_errno(r, "Failed to execute /sbin/init, giving up: %m");
1825
1826 *ret_error_message = "Failed to execute fallback shell";
1827}
1828
7eb35049
LP		 1829static int invoke_main_loop(
1830 Manager *m,
a9fd4cd1
FB		 1831 const struct rlimit *saved_rlimit_nofile,
1832 const struct rlimit *saved_rlimit_memlock,
7eb35049
LP		 1833 bool *ret_reexecute,
1834 int *ret_retval, /* Return parameters relevant for shutting down */
1835 const char **ret_shutdown_verb, /* … */
1836 FDSet **ret_fds, /* Return parameters for reexecuting */
1837 char **ret_switch_root_dir, /* … */
1838 char **ret_switch_root_init, /* … */
1839 const char **ret_error_message) {
1840
1841 int r;
1842
1843 assert(m);
a9fd4cd1
FB		 1844 assert(saved_rlimit_nofile);
1845 assert(saved_rlimit_memlock);
7eb35049
LP		 1846 assert(ret_reexecute);
1847 assert(ret_retval);
1848 assert(ret_shutdown_verb);
1849 assert(ret_fds);
1850 assert(ret_switch_root_dir);
1851 assert(ret_switch_root_init);
1852 assert(ret_error_message);
1853
1854 for (;;) {
1855 r = manager_loop(m);
1856 if (r < 0) {
1857 *ret_error_message = "Failed to run main loop";
1858 return log_emergency_errno(r, "Failed to run main loop: %m");
1859 }
1860
3ca4d0b3 1861 switch ((ManagerObjective) r) {
7eb35049 1862
a6ecbf83 1863 case MANAGER_RELOAD: {
bda7d78b 1864 LogTarget saved_log_target;
a6ecbf83
FB		 1865 int saved_log_level;
1866
7eb35049
LP		 1867 log_info("Reloading.");
1868
3fe91079 1869 /* First, save any overridden log level/target, then parse the configuration file, which might
bda7d78b
FB		 1870 * change the log level to new settings. */
1871
a6ecbf83 1872 saved_log_level = m->log_level_overridden ? log_get_max_level() : -1;
bda7d78b 1873 saved_log_target = m->log_target_overridden ? log_get_target() : _LOG_TARGET_INVALID;
a6ecbf83 1874
a9fd4cd1 1875 (void) parse_configuration(saved_rlimit_nofile, saved_rlimit_memlock);
7eb35049
LP		 1876
1877 set_manager_defaults(m);
986935cf 1878 set_manager_settings(m);
7eb35049 1879
61fbbac1 1880 update_cpu_affinity(false);
b070c7c0 1881 update_numa_policy(false);
61fbbac1 1882
a6ecbf83
FB		 1883 if (saved_log_level >= 0)
1884 manager_override_log_level(m, saved_log_level);
bda7d78b
FB		 1885 if (saved_log_target >= 0)
1886 manager_override_log_target(m, saved_log_target);
a6ecbf83 1887
7eb35049
LP		 1888 r = manager_reload(m);
1889 if (r < 0)
7a35fa24
LP		 1890 /* Reloading failed before the point of no return. Let's continue running as if nothing happened. */
1891 m->objective = MANAGER_OK;
7eb35049
LP		 1892
1893 break;
a6ecbf83 1894 }
7eb35049
LP		 1895
1896 case MANAGER_REEXECUTE:
1897
1898 r = prepare_reexecute(m, &arg_serialization, ret_fds, false);
1899 if (r < 0) {
1900 *ret_error_message = "Failed to prepare for reexecution";
1901 return r;
1902 }
1903
1904 log_notice("Reexecuting.");
1905
1906 *ret_reexecute = true;
1907 *ret_retval = EXIT_SUCCESS;
1908 *ret_shutdown_verb = NULL;
1909 *ret_switch_root_dir = *ret_switch_root_init = NULL;
1910
1911 return 0;
1912
1913 case MANAGER_SWITCH_ROOT:
1914 if (!m->switch_root_init) {
1915 r = prepare_reexecute(m, &arg_serialization, ret_fds, true);
1916 if (r < 0) {
1917 *ret_error_message = "Failed to prepare for reexecution";
1918 return r;
1919 }
1920 } else
1921 *ret_fds = NULL;
1922
1923 log_notice("Switching root.");
1924
1925 *ret_reexecute = true;
1926 *ret_retval = EXIT_SUCCESS;
1927 *ret_shutdown_verb = NULL;
1928
1929 /* Steal the switch root parameters */
49052946
YW		 1930 *ret_switch_root_dir = TAKE_PTR(m->switch_root);
1931 *ret_switch_root_init = TAKE_PTR(m->switch_root_init);
7eb35049
LP		 1932
1933 return 0;
1934
1935 case MANAGER_EXIT:
1936
1937 if (MANAGER_IS_USER(m)) {
1938 log_debug("Exit.");
1939
1940 *ret_reexecute = false;
1941 *ret_retval = m->return_value;
1942 *ret_shutdown_verb = NULL;
1943 *ret_fds = NULL;
1944 *ret_switch_root_dir = *ret_switch_root_init = NULL;
1945
1946 return 0;
1947 }
1948
1949 _fallthrough_;
1950 case MANAGER_REBOOT:
1951 case MANAGER_POWEROFF:
1952 case MANAGER_HALT:
1953 case MANAGER_KEXEC: {
af41e508
LP		 1954 static const char * const table[_MANAGER_OBJECTIVE_MAX] = {
1955 [MANAGER_EXIT] = "exit",
1956 [MANAGER_REBOOT] = "reboot",
7eb35049 1957 [MANAGER_POWEROFF] = "poweroff",
af41e508
LP		 1958 [MANAGER_HALT] = "halt",
1959 [MANAGER_KEXEC] = "kexec",
7eb35049
LP		 1960 };
1961
1962 log_notice("Shutting down.");
1963
1964 *ret_reexecute = false;
1965 *ret_retval = m->return_value;
af41e508 1966 assert_se(*ret_shutdown_verb = table[m->objective]);
7eb35049
LP		 1967 *ret_fds = NULL;
1968 *ret_switch_root_dir = *ret_switch_root_init = NULL;
1969
1970 return 0;
1971 }
1972
1973 default:
af41e508 1974 assert_not_reached("Unknown or unexpected manager objective.");
7eb35049
LP		 1975 }
1976 }
1977}
1978
31aef7ff
LP		 1979static void log_execution_mode(bool *ret_first_boot) {
1980 assert(ret_first_boot);
1981
1982 if (arg_system) {
1983 int v;
1984
91b79ba8
ZJS		 1985 log_info("systemd " GIT_VERSION " running in %ssystem mode. (%s)",
1986 arg_action == ACTION_TEST ? "test " : "",
1987 systemd_features);
31aef7ff
LP		 1988
1989 v = detect_virtualization();
1990 if (v > 0)
1991 log_info("Detected virtualization %s.", virtualization_to_string(v));
1992
1993 log_info("Detected architecture %s.", architecture_to_string(uname_architecture()));
1994
1995 if (in_initrd()) {
1996 *ret_first_boot = false;
1997 log_info("Running in initial RAM disk.");
1998 } else {
583cef3b
HS		 1999 int r;
2000 _cleanup_free_ char *id_text = NULL;
2001
2002 /* Let's check whether we are in first boot. We use /etc/machine-id as flag file
2003 * for this: If it is missing or contains the value "uninitialized", this is the
2004 * first boot. In any other case, it is not. This allows container managers and
2005 * installers to provision a couple of files already. If the container manager
2006 * wants to provision the machine ID itself it should pass $container_uuid to PID 1. */
2007
2008 r = read_one_line_file("/etc/machine-id", &id_text);
2009 if (r < 0 || streq(id_text, "uninitialized")) {
2010 if (r < 0 && r != -ENOENT)
2011 log_warning_errno(r, "Unexpected error while reading /etc/machine-id, ignoring: %m");
2012
2013 *ret_first_boot = true;
2014 log_info("Detected first boot.");
2015 } else {
2016 *ret_first_boot = false;
2017 log_debug("Detected initialized system, this is not the first boot.");
2018 }
31aef7ff
LP		 2019 }
2020 } else {
b9e90f3a
LP		 2021 if (DEBUG_LOGGING) {
2022 _cleanup_free_ char *t;
31aef7ff 2023
b9e90f3a 2024 t = uid_to_name(getuid());
91b79ba8
ZJS		 2025 log_debug("systemd " GIT_VERSION " running in %suser mode for user " UID_FMT "/%s. (%s)",
2026 arg_action == ACTION_TEST ? " test" : "",
2027 getuid(), strna(t), systemd_features);
b9e90f3a 2028 }
31aef7ff
LP		 2029
2030 *ret_first_boot = false;
2031 }
2032}
2033
5afbaa36
LP		 2034static int initialize_runtime(
2035 bool skip_setup,
3023f2fe 2036 bool first_boot,
5afbaa36
LP		 2037 struct rlimit *saved_rlimit_nofile,
2038 struct rlimit *saved_rlimit_memlock,
2039 const char **ret_error_message) {
5afbaa36
LP		 2040 int r;
2041
2042 assert(ret_error_message);
2043
2044 /* Sets up various runtime parameters. Many of these initializations are conditionalized:
2045 *
2046 * - Some only apply to --system instances
2047 * - Some only apply to --user instances
2048 * - Some only apply when we first start up, but not when we reexecute
2049 */
2050
2d776038
LP		 2051 if (arg_action != ACTION_RUN)
2052 return 0;
2053
61fbbac1 2054 update_cpu_affinity(skip_setup);
b070c7c0 2055 update_numa_policy(skip_setup);
61fbbac1 2056
3c3c6cb9 2057 if (arg_system) {
5238e957 2058 /* Make sure we leave a core dump without panicking the kernel. */
3c3c6cb9 2059 install_crash_handler();
5afbaa36 2060
3c3c6cb9 2061 if (!skip_setup) {
143fadf3 2062 r = mount_cgroup_controllers();
3c3c6cb9
LP		 2063 if (r < 0) {
2064 *ret_error_message = "Failed to mount cgroup hierarchies";
2065 return r;
2066 }
2067
2068 status_welcome();
b6fad306 2069 (void) hostname_setup(true);
3023f2fe
HS		 2070 /* Force transient machine-id on first boot. */
2071 machine_id_setup(NULL, first_boot, arg_machine_id, NULL);
df883de9 2072 (void) loopback_setup();
3c3c6cb9 2073 bump_unix_max_dgram_qlen();
a8b627aa 2074 bump_file_max_and_nr_open();
3c3c6cb9
LP		 2075 test_usr();
2076 write_container_id();
2077 }
8a2c1fbf 2078
3c3c6cb9
LP		 2079 if (arg_watchdog_device) {
2080 r = watchdog_set_device(arg_watchdog_device);
2081 if (r < 0)
2082 log_warning_errno(r, "Failed to set watchdog device to %s, ignoring: %m", arg_watchdog_device);
2083 }
32429805
LP		 2084 } else {
2085 _cleanup_free_ char *p = NULL;
2086
2087 /* Create the runtime directory and place the inaccessible device nodes there, if we run in
2088 * user mode. In system mode mount_setup() already did that. */
2089
2090 r = xdg_user_runtime_dir(&p, "/systemd");
2091 if (r < 0) {
2092 *ret_error_message = "$XDG_RUNTIME_DIR is not set";
2093 return log_emergency_errno(r, "Failed to determine $XDG_RUNTIME_DIR path: %m");
2094 }
2095
e813a74a 2096 (void) mkdir_p_label(p, 0755);
32429805 2097 (void) make_inaccessible_nodes(p, UID_INVALID, GID_INVALID);
3c3c6cb9 2098 }
5afbaa36
LP		 2099
2100 if (arg_timer_slack_nsec != NSEC_INFINITY)
2101 if (prctl(PR_SET_TIMERSLACK, arg_timer_slack_nsec) < 0)
3a671cd1 2102 log_warning_errno(errno, "Failed to adjust timer slack, ignoring: %m");
5afbaa36
LP		 2103
2104 if (arg_system && !cap_test_all(arg_capability_bounding_set)) {
2105 r = capability_bounding_set_drop_usermode(arg_capability_bounding_set);
2106 if (r < 0) {
2107 *ret_error_message = "Failed to drop capability bounding set of usermode helpers";
2108 return log_emergency_errno(r, "Failed to drop capability bounding set of usermode helpers: %m");
2109 }
2110
2111 r = capability_bounding_set_drop(arg_capability_bounding_set, true);
2112 if (r < 0) {
2113 *ret_error_message = "Failed to drop capability bounding set";
2114 return log_emergency_errno(r, "Failed to drop capability bounding set: %m");
2115 }
2116 }
2117
39362f6f
JB		 2118 if (arg_system && arg_no_new_privs) {
2119 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
2120 *ret_error_message = "Failed to disable new privileges";
2121 return log_emergency_errno(errno, "Failed to disable new privileges: %m");
2122 }
2123 }
2124
5afbaa36
LP		 2125 if (arg_syscall_archs) {
2126 r = enforce_syscall_archs(arg_syscall_archs);
2127 if (r < 0) {
2128 *ret_error_message = "Failed to set syscall architectures";
2129 return r;
2130 }
2131 }
2132
2133 if (!arg_system)
2134 /* Become reaper of our children */
2135 if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0)
2136 log_warning_errno(errno, "Failed to make us a subreaper: %m");
2137
a17c1712
LP		 2138 /* Bump up RLIMIT_NOFILE for systemd itself */
2139 (void) bump_rlimit_nofile(saved_rlimit_nofile);
2140 (void) bump_rlimit_memlock(saved_rlimit_memlock);
5afbaa36
LP		 2141
2142 return 0;
2143}
2144
6acca5fc
LP		 2145static int do_queue_default_job(
2146 Manager *m,
2147 const char **ret_error_message) {
2148
2149 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
f1d075dc
ZJS		 2150 const char *unit;
2151 Job *job;
2152 Unit *target;
6acca5fc
LP		 2153 int r;
2154
8755dbad 2155 if (arg_default_unit)
f1d075dc 2156 unit = arg_default_unit;
8755dbad 2157 else if (in_initrd())
f1d075dc 2158 unit = SPECIAL_INITRD_TARGET;
8755dbad 2159 else
f1d075dc 2160 unit = SPECIAL_DEFAULT_TARGET;
8755dbad 2161
f1d075dc 2162 log_debug("Activating default unit: %s", unit);
8755dbad 2163
f1d075dc 2164 r = manager_load_startable_unit_or_warn(m, unit, NULL, &target);
8755dbad
ZJS		 2165 if (r < 0 && in_initrd() && !arg_default_unit) {
2166 /* Fall back to default.target, which we used to always use by default. Only do this if no
2167 * explicit configuration was given. */
2168
2169 log_info("Falling back to " SPECIAL_DEFAULT_TARGET ".");
6acca5fc 2170
8755dbad
ZJS		 2171 r = manager_load_startable_unit_or_warn(m, SPECIAL_DEFAULT_TARGET, NULL, &target);
2172 }
4109ede7 2173 if (r < 0) {
8755dbad 2174 log_info("Falling back to " SPECIAL_RESCUE_TARGET ".");
6acca5fc 2175
4109ede7 2176 r = manager_load_startable_unit_or_warn(m, SPECIAL_RESCUE_TARGET, NULL, &target);
6acca5fc 2177 if (r < 0) {
8755dbad
ZJS		 2178 *ret_error_message = r == -ERFKILL ? SPECIAL_RESCUE_TARGET " masked"
2179 : "Failed to load " SPECIAL_RESCUE_TARGET;
4109ede7 2180 return r;
6acca5fc
LP		 2181 }
2182 }
2183
2184 assert(target->load_state == UNIT_LOADED);
2185
f1d075dc 2186 r = manager_add_job(m, JOB_START, target, JOB_ISOLATE, NULL, &error, &job);
6acca5fc
LP		 2187 if (r == -EPERM) {
2188 log_debug_errno(r, "Default target could not be isolated, starting instead: %s", bus_error_message(&error, r));
2189
2190 sd_bus_error_free(&error);
2191
f1d075dc 2192 r = manager_add_job(m, JOB_START, target, JOB_REPLACE, NULL, &error, &job);
6acca5fc
LP		 2193 if (r < 0) {
2194 *ret_error_message = "Failed to start default target";
2195 return log_emergency_errno(r, "Failed to start default target: %s", bus_error_message(&error, r));
2196 }
2197
2198 } else if (r < 0) {
2199 *ret_error_message = "Failed to isolate default target";
2200 return log_emergency_errno(r, "Failed to isolate default target: %s", bus_error_message(&error, r));
c86c31d9
ZJS		 2201 } else
2202 log_info("Queued %s job for default target %s.",
2203 job_type_to_string(job->type),
2204 unit_status_string(job->unit));
6acca5fc 2205
f1d075dc 2206 m->default_unit_job_id = job->id;
6acca5fc
LP		 2207
2208 return 0;
2209}
2210
a9fd4cd1
FB		 2211static void save_rlimits(struct rlimit *saved_rlimit_nofile,
2212 struct rlimit *saved_rlimit_memlock) {
2213
2214 assert(saved_rlimit_nofile);
2215 assert(saved_rlimit_memlock);
2216
2217 if (getrlimit(RLIMIT_NOFILE, saved_rlimit_nofile) < 0)
2218 log_warning_errno(errno, "Reading RLIMIT_NOFILE failed, ignoring: %m");
2219
2220 if (getrlimit(RLIMIT_MEMLOCK, saved_rlimit_memlock) < 0)
2221 log_warning_errno(errno, "Reading RLIMIT_MEMLOCK failed, ignoring: %m");
2222}
2223
2224static void fallback_rlimit_nofile(const struct rlimit *saved_rlimit_nofile) {
2225 struct rlimit *rl;
2226
2227 if (arg_default_rlimit[RLIMIT_NOFILE])
2228 return;
2229
2230 /* Make sure forked processes get limits based on the original kernel setting */
2231
2232 rl = newdup(struct rlimit, saved_rlimit_nofile, 1);
2233 if (!rl) {
2234 log_oom();
2235 return;
2236 }
2237
2238 /* Bump the hard limit for system services to a substantially higher value. The default
2239 * hard limit current kernels set is pretty low (4K), mostly for historical
2240 * reasons. According to kernel developers, the fd handling in recent kernels has been
2241 * optimized substantially enough, so that we can bump the limit now, without paying too
2242 * high a price in memory or performance. Note however that we only bump the hard limit,
2243 * not the soft limit. That's because select() works the way it works, and chokes on fds
2244 * >= 1024. If we'd bump the soft limit globally, it might accidentally happen to
2245 * unexpecting programs that they get fds higher than what they can process using
2246 * select(). By only bumping the hard limit but leaving the low limit as it is we avoid
2247 * this pitfall: programs that are written by folks aware of the select() problem in mind
2248 * (and thus use poll()/epoll instead of select(), the way everybody should) can
2249 * explicitly opt into high fds by bumping their soft limit beyond 1024, to the hard limit
2250 * we pass. */
2251 if (arg_system) {
2252 int nr;
2253
2254 /* Get the underlying absolute limit the kernel enforces */
2255 nr = read_nr_open();
2256
2257 rl->rlim_max = MIN((rlim_t) nr, MAX(rl->rlim_max, (rlim_t) HIGH_RLIMIT_NOFILE));
2258 }
2259
2260 /* If for some reason we were invoked with a soft limit above 1024 (which should never
2261 * happen!, but who knows what we get passed in from pam_limit when invoked as --user
2262 * instance), then lower what we pass on to not confuse our children */
2263 rl->rlim_cur = MIN(rl->rlim_cur, (rlim_t) FD_SETSIZE);
2264
2265 arg_default_rlimit[RLIMIT_NOFILE] = rl;
2266}
2267
2268static void fallback_rlimit_memlock(const struct rlimit *saved_rlimit_memlock) {
2269 struct rlimit *rl;
2270
2271 /* Pass the original value down to invoked processes */
2272
2273 if (arg_default_rlimit[RLIMIT_MEMLOCK])
2274 return;
2275
2276 rl = newdup(struct rlimit, saved_rlimit_memlock, 1);
2277 if (!rl) {
2278 log_oom();
2279 return;
2280 }
2281
2282 arg_default_rlimit[RLIMIT_MEMLOCK] = rl;
2283}
2284
fb39af4c
ZJS		 2285static void reset_arguments(void) {
2286 /* Frees/resets arg_* variables, with a few exceptions commented below. */
970777b5
LP		 2287
2288 arg_default_unit = mfree(arg_default_unit);
fb39af4c
ZJS		 2289
2290 /* arg_system — ignore */
2291
2292 arg_dump_core = true;
2293 arg_crash_chvt = -1;
2294 arg_crash_shell = false;
2295 arg_crash_reboot = false;
970777b5 2296 arg_confirm_spawn = mfree(arg_confirm_spawn);
fb39af4c 2297 arg_show_status = _SHOW_STATUS_INVALID;
36cf4507 2298 arg_status_unit_format = STATUS_UNIT_FORMAT_DEFAULT;
fb39af4c
ZJS		 2299 arg_switched_root = false;
2300 arg_pager_flags = 0;
2301 arg_service_watchdogs = true;
2302 arg_default_std_output = EXEC_OUTPUT_JOURNAL;
2303 arg_default_std_error = EXEC_OUTPUT_INHERIT;
2304 arg_default_restart_usec = DEFAULT_RESTART_USEC;
2305 arg_default_timeout_start_usec = DEFAULT_TIMEOUT_USEC;
2306 arg_default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC;
2307 arg_default_timeout_abort_usec = DEFAULT_TIMEOUT_USEC;
2308 arg_default_timeout_abort_set = false;
2309 arg_default_start_limit_interval = DEFAULT_START_LIMIT_INTERVAL;
2310 arg_default_start_limit_burst = DEFAULT_START_LIMIT_BURST;
2311 arg_runtime_watchdog = 0;
65224c1d 2312 arg_reboot_watchdog = 10 * USEC_PER_MINUTE;
acafd7d8 2313 arg_kexec_watchdog = 0;
fb39af4c
ZJS		 2314 arg_early_core_pattern = NULL;
2315 arg_watchdog_device = NULL;
2316
970777b5 2317 arg_default_environment = strv_free(arg_default_environment);
fb39af4c
ZJS		 2318 rlimit_free_all(arg_default_rlimit);
2319
2320 arg_capability_bounding_set = CAP_ALL;
2321 arg_no_new_privs = false;
2322 arg_timer_slack_nsec = NSEC_INFINITY;
2323 arg_default_timer_accuracy_usec = 1 * USEC_PER_MINUTE;
2324
970777b5 2325 arg_syscall_archs = set_free(arg_syscall_archs);
61fbbac1 2326
fb39af4c
ZJS		 2327 /* arg_serialization — ignore */
2328
2329 arg_default_cpu_accounting = -1;
2330 arg_default_io_accounting = false;
2331 arg_default_ip_accounting = false;
2332 arg_default_blockio_accounting = false;
2333 arg_default_memory_accounting = MEMORY_ACCOUNTING_DEFAULT;
2334 arg_default_tasks_accounting = true;
3a0f06c4 2335 arg_default_tasks_max = DEFAULT_TASKS_MAX;
fb39af4c
ZJS		 2336 arg_machine_id = (sd_id128_t) {};
2337 arg_cad_burst_action = EMERGENCY_ACTION_REBOOT_FORCE;
2338 arg_default_oom_policy = OOM_STOP;
2339
61fbbac1 2340 cpu_set_reset(&arg_cpu_affinity);
b070c7c0 2341 numa_policy_reset(&arg_numa_policy);
d247f232
LP		 2342
2343 arg_random_seed = mfree(arg_random_seed);
2344 arg_random_seed_size = 0;
33d943d1 2345 arg_clock_usec = 0;
970777b5
LP		 2346}
2347
a9fd4cd1
FB		 2348static int parse_configuration(const struct rlimit *saved_rlimit_nofile,
2349 const struct rlimit *saved_rlimit_memlock) {
97d1fb94
LP		 2350 int r;
2351
a9fd4cd1
FB		 2352 assert(saved_rlimit_nofile);
2353 assert(saved_rlimit_memlock);
2354
fb39af4c
ZJS		 2355 /* Assign configuration defaults */
2356 reset_arguments();
2357
97d1fb94 2358 r = parse_config_file();
470a5e6d
ZJS		 2359 if (r < 0)
2360 log_warning_errno(r, "Failed to parse config file, ignoring: %m");
97d1fb94
LP		 2361
2362 if (arg_system) {
2363 r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, 0);
2364 if (r < 0)
2365 log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
2366 }
2367
a9fd4cd1
FB		 2368 /* Initialize some default rlimits for services if they haven't been configured */
2369 fallback_rlimit_nofile(saved_rlimit_nofile);
2370 fallback_rlimit_memlock(saved_rlimit_memlock);
2371
97d1fb94
LP		 2372 /* Note that this also parses bits from the kernel command line, including "debug". */
2373 log_parse_environment();
2374
db33214b 2375 /* Initialize the show status setting if it hasn't been set explicitly yet */
7a293242 2376 if (arg_show_status == _SHOW_STATUS_INVALID)
db33214b
LP		 2377 arg_show_status = SHOW_STATUS_YES;
2378
97d1fb94
LP		 2379 return 0;
2380}
2381
b0d7c989
LP		 2382static int safety_checks(void) {
2383
febf46a4 2384 if (getpid_cached() == 1 &&
baaa35ad
ZJS		 2385 arg_action != ACTION_RUN)
2386 return log_error_errno(SYNTHETIC_ERRNO(EPERM),
2387 "Unsupported execution mode while PID 1.");
febf46a4
LP		 2388
2389 if (getpid_cached() == 1 &&
baaa35ad
ZJS		 2390 !arg_system)
2391 return log_error_errno(SYNTHETIC_ERRNO(EPERM),
2392 "Can't run --user mode as PID 1.");
febf46a4
LP		 2393
2394 if (arg_action == ACTION_RUN &&
2395 arg_system &&
baaa35ad
ZJS		 2396 getpid_cached() != 1)
2397 return log_error_errno(SYNTHETIC_ERRNO(EPERM),
2398 "Can't run system mode unless PID 1.");
febf46a4 2399
b0d7c989 2400 if (arg_action == ACTION_TEST &&
baaa35ad
ZJS		 2401 geteuid() == 0)
2402 return log_error_errno(SYNTHETIC_ERRNO(EPERM),
2403 "Don't run test mode as root.");
b0d7c989
LP		 2404
2405 if (!arg_system &&
2406 arg_action == ACTION_RUN &&
baaa35ad
ZJS		 2407 sd_booted() <= 0)
2408 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
2409 "Trying to run as user instance, but the system has not been booted with systemd.");
b0d7c989
LP		 2410
2411 if (!arg_system &&
2412 arg_action == ACTION_RUN &&
baaa35ad
ZJS		 2413 !getenv("XDG_RUNTIME_DIR"))
2414 return log_error_errno(SYNTHETIC_ERRNO(EUNATCH),
2415 "Trying to run as user instance, but $XDG_RUNTIME_DIR is not set.");
b0d7c989
LP		 2416
2417 if (arg_system &&
2418 arg_action == ACTION_RUN &&
baaa35ad
ZJS		 2419 running_in_chroot() > 0)
2420 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
2421 "Cannot be run in a chroot() environment.");
b0d7c989
LP		 2422
2423 return 0;
2424}
2425
74da609f
LP		 2426static int initialize_security(
2427 bool *loaded_policy,
2428 dual_timestamp *security_start_timestamp,
2429 dual_timestamp *security_finish_timestamp,
2430 const char **ret_error_message) {
2431
2432 int r;
2433
2434 assert(loaded_policy);
2435 assert(security_start_timestamp);
2436 assert(security_finish_timestamp);
2437 assert(ret_error_message);
2438
2439 dual_timestamp_get(security_start_timestamp);
2440
97149f40 2441 r = mac_selinux_setup(loaded_policy);
74da609f
LP		 2442 if (r < 0) {
2443 *ret_error_message = "Failed to load SELinux policy";
2444 return r;
2445 }
2446
2447 r = mac_smack_setup(loaded_policy);
2448 if (r < 0) {
2449 *ret_error_message = "Failed to load SMACK policy";
2450 return r;
2451 }
2452
2ffadd3c
Y		 2453 r = mac_apparmor_setup();
2454 if (r < 0) {
2455 *ret_error_message = "Failed to load AppArmor policy";
2456 return r;
2457 }
2458
74da609f
LP		 2459 r = ima_setup();
2460 if (r < 0) {
2461 *ret_error_message = "Failed to load IMA policy";
2462 return r;
2463 }
2464
2465 dual_timestamp_get(security_finish_timestamp);
2466 return 0;
2467}
2468
263162da
LP		 2469static void test_summary(Manager *m) {
2470 assert(m);
2471
2472 printf("-> By units:\n");
2473 manager_dump_units(m, stdout, "\t");
2474
2475 printf("-> By jobs:\n");
2476 manager_dump_jobs(m, stdout, "\t");
2477}
2478
efeb853f
LP		 2479static int collect_fds(FDSet **ret_fds, const char **ret_error_message) {
2480 int r;
2481
2482 assert(ret_fds);
2483 assert(ret_error_message);
2484
2485 r = fdset_new_fill(ret_fds);
2486 if (r < 0) {
2487 *ret_error_message = "Failed to allocate fd set";
2488 return log_emergency_errno(r, "Failed to allocate fd set: %m");
2489 }
2490
2491 fdset_cloexec(*ret_fds, true);
2492
2493 if (arg_serialization)
2494 assert_se(fdset_remove(*ret_fds, fileno(arg_serialization)) >= 0);
2495
2496 return 0;
2497}
2498
2e51b31c
LP		 2499static void setup_console_terminal(bool skip_setup) {
2500
2501 if (!arg_system)
2502 return;
2503
2504 /* Become a session leader if we aren't one yet. */
2505 (void) setsid();
2506
2507 /* If we are init, we connect stdin/stdout/stderr to /dev/null and make sure we don't have a controlling
2508 * tty. */
2509 (void) release_terminal();
2510
2511 /* Reset the console, but only if this is really init and we are freshly booted */
2512 if (getpid_cached() == 1 && !skip_setup)
2513 (void) console_setup();
2514}
2515
aa40ff07
LP		 2516static bool early_skip_setup_check(int argc, char *argv[]) {
2517 bool found_deserialize = false;
2518 int i;
2519
2520 /* Determine if this is a reexecution or normal bootup. We do the full command line parsing much later, so
2521 * let's just have a quick peek here. Note that if we have switched root, do all the special setup things
2522 * anyway, even if in that case we also do deserialization. */
2523
2524 for (i = 1; i < argc; i++) {
aa40ff07
LP		 2525 if (streq(argv[i], "--switched-root"))
2526 return false; /* If we switched root, don't skip the setup. */
2527 else if (streq(argv[i], "--deserialize"))
2528 found_deserialize = true;
2529 }
2530
2531 return found_deserialize; /* When we are deserializing, then we are reexecuting, hence avoid the extensive setup */
2532}
2533
0e06a031
LP		 2534static int save_env(void) {
2535 char **l;
2536
2537 l = strv_copy(environ);
2538 if (!l)
2539 return -ENOMEM;
2540
2541 strv_free_and_replace(saved_env, l);
2542 return 0;
2543}
2544
60918275 2545int main(int argc, char *argv[]) {
625e8690
LP		 2546
2547 dual_timestamp initrd_timestamp = DUAL_TIMESTAMP_NULL, userspace_timestamp = DUAL_TIMESTAMP_NULL, kernel_timestamp = DUAL_TIMESTAMP_NULL,
2548 security_start_timestamp = DUAL_TIMESTAMP_NULL, security_finish_timestamp = DUAL_TIMESTAMP_NULL;
ddfa8b0b
LP		 2549 struct rlimit saved_rlimit_nofile = RLIMIT_MAKE_CONST(0),
2550 saved_rlimit_memlock = RLIMIT_MAKE_CONST(RLIM_INFINITY); /* The original rlimits we passed
2551 * in. Note we use different values
2552 * for the two that indicate whether
2553 * these fields are initialized! */
625e8690
LP		 2554 bool skip_setup, loaded_policy = false, queue_default_job = false, first_boot = false, reexecute = false;
2555 char *switch_root_dir = NULL, *switch_root_init = NULL;
9d76d730 2556 usec_t before_startup, after_startup;
625e8690 2557 static char systemd[] = "systemd";
9d76d730 2558 char timespan[FORMAT_TIMESPAN_MAX];
625e8690
LP		 2559 const char *shutdown_verb = NULL, *error_message = NULL;
2560 int r, retval = EXIT_FAILURE;
2561 Manager *m = NULL;
a16e1123 2562 FDSet *fds = NULL;
27b14a22 2563
d72a8f10 2564 /* SysV compatibility: redirect init → telinit */
6808a0bc 2565 redirect_telinit(argc, argv);
2cb1a60d 2566
d72a8f10 2567 /* Take timestamps early on */
c3a170f3
HH		 2568 dual_timestamp_from_monotonic(&kernel_timestamp, 0);
2569 dual_timestamp_get(&userspace_timestamp);
2570
d72a8f10
LP		 2571 /* Figure out whether we need to do initialize the system, or if we already did that because we are
2572 * reexecuting */
aa40ff07 2573 skip_setup = early_skip_setup_check(argc, argv);
d03bc1b8 2574
d72a8f10
LP		 2575 /* If we get started via the /sbin/init symlink then we are called 'init'. After a subsequent reexecution we
2576 * are then called 'systemd'. That is confusing, hence let's call us systemd right-away. */
f3b6a3ed 2577 program_invocation_short_name = systemd;
eee8b7ab 2578 (void) prctl(PR_SET_NAME, systemd);
5d6b1584 2579
d72a8f10 2580 /* Save the original command line */
36fea155 2581 save_argc_argv(argc, argv);
f3b6a3ed 2582
0e06a031
LP		 2583 /* Save the original environment as we might need to restore it if we're requested to execute another
2584 * system manager later. */
2585 r = save_env();
2586 if (r < 0) {
2587 error_message = "Failed to copy environment block";
2588 goto finish;
2589 }
a5cede8c 2590
6fdb8de4 2591 /* Make sure that if the user says "syslog" we actually log to the journal. */
c1dc6153 2592 log_set_upgrade_syslog_to_journal(true);
bbe63281 2593
df0ff127 2594 if (getpid_cached() == 1) {
b5752d23
LP		 2595 /* When we run as PID 1 force system mode */
2596 arg_system = true;
2597
48a601fe 2598 /* Disable the umask logic */
90dc8c2e
MG		 2599 umask(0);
2600
92890452
LP		 2601 /* Make sure that at least initially we do not ever log to journald/syslogd, because it might not be
2602 * activated yet (even though the log socket for it exists). */
d075092f
LP		 2603 log_set_prohibit_ipc(true);
2604
48a601fe
LP		 2605 /* Always reopen /dev/console when running as PID 1 or one of its pre-execve() children. This is
2606 * important so that we never end up logging to any foreign stderr, for example if we have to log in a
2607 * child process right before execve()'ing the actual binary, at a point in time where socket
2608 * activation stderr/stdout area already set up. */
2609 log_set_always_reopen_console(true);
48a601fe 2610
92890452 2611 if (detect_container() <= 0) {
4f8d551f 2612
92890452 2613 /* Running outside of a container as PID 1 */
92890452
LP		 2614 log_set_target(LOG_TARGET_KMSG);
2615 log_open();
a866073d 2616
92890452
LP		 2617 if (in_initrd())
2618 initrd_timestamp = userspace_timestamp;
c3ba6250 2619
92890452
LP		 2620 if (!skip_setup) {
2621 r = mount_setup_early();
2622 if (r < 0) {
2623 error_message = "Failed to mount early API filesystems";
2624 goto finish;
2625 }
2626
0a2eef1e
LP		 2627 /* Let's open the log backend a second time, in case the first time didn't
2628 * work. Quite possibly we have mounted /dev just now, so /dev/kmsg became
2629 * available, and it previously wasn't. */
2630 log_open();
2631
6123dfaa
ZJS		 2632 disable_printk_ratelimit();
2633
92890452
LP		 2634 r = initialize_security(
2635 &loaded_policy,
2636 &security_start_timestamp,
2637 &security_finish_timestamp,
2638 &error_message);
2639 if (r < 0)
2640 goto finish;
d723cd65 2641 }
eee8b7ab 2642
92890452 2643 if (mac_selinux_init() < 0) {
a9ba0e32 2644 error_message = "Failed to initialize SELinux support";
96694e99 2645 goto finish;
92890452 2646 }
0b3325e7 2647
92890452
LP		 2648 if (!skip_setup)
2649 initialize_clock();
2650
2651 /* Set the default for later on, but don't actually open the logs like this for now. Note that
2652 * if we are transitioning from the initrd there might still be journal fd open, and we
2653 * shouldn't attempt opening that before we parsed /proc/cmdline which might redirect output
2654 * elsewhere. */
2655 log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
2656
2657 } else {
2658 /* Running inside a container, as PID 1 */
92890452
LP		 2659 log_set_target(LOG_TARGET_CONSOLE);
2660 log_open();
2661
2662 /* For later on, see above... */
2663 log_set_target(LOG_TARGET_JOURNAL);
2664
45250e66 2665 /* clear the kernel timestamp, because we are in a container */
92890452 2666 kernel_timestamp = DUAL_TIMESTAMP_NULL;
cb6531be 2667 }
7948c4df 2668
92890452 2669 initialize_coredump(skip_setup);
a866073d 2670
92890452
LP		 2671 r = fixup_environment();
2672 if (r < 0) {
2673 log_emergency_errno(r, "Failed to fix up PID 1 environment: %m");
2674 error_message = "Failed to fix up PID1 environment";
2675 goto finish;
2676 }
a866073d 2677
92890452
LP		 2678 /* Try to figure out if we can use colors with the console. No need to do that for user instances since
2679 * they never log into the console. */
3a18b604 2680 log_show_color(colors_enabled());
92890452 2681
c76cf844
AK		 2682 r = make_null_stdio();
2683 if (r < 0)
92890452 2684 log_warning_errno(r, "Failed to redirect standard streams to /dev/null, ignoring: %m");
f84f9974 2685
a132bef0 2686 /* Load the kernel modules early. */
2e75e2a8
DM		 2687 if (!skip_setup)
2688 kmod_setup();
2e75e2a8 2689
3196e423 2690 /* Mount /proc, /sys and friends, so that /proc/cmdline and /proc/$PID/fd is available. */
f74349d8 2691 r = mount_setup(loaded_policy, skip_setup);
cb6531be
ZJS		 2692 if (r < 0) {
2693 error_message = "Failed to mount API filesystems";
8efe3c01 2694 goto finish;
cb6531be 2695 }
c18ecf03
LP		 2696
2697 /* The efivarfs is now mounted, let's read the random seed off it */
2698 (void) efi_take_random_seed();
209b2592
FB		 2699
2700 /* Cache command-line options passed from EFI variables */
2701 if (!skip_setup)
2702 (void) cache_efi_options_variable();
3196e423
LP		 2703 } else {
2704 /* Running as user instance */
2705 arg_system = false;
2706 log_set_target(LOG_TARGET_AUTO);
2707 log_open();
2708
2709 /* clear the kernel timestamp, because we are not PID 1 */
2710 kernel_timestamp = DUAL_TIMESTAMP_NULL;
2711
2712 if (mac_selinux_init() < 0) {
2713 error_message = "Failed to initialize SELinux support";
2714 goto finish;
2715 }
0c85a4f3 2716 }
4ade7963 2717
a9fd4cd1
FB		 2718 /* Save the original RLIMIT_NOFILE/RLIMIT_MEMLOCK so that we can reset it later when
2719 * transitioning from the initrd to the main systemd or suchlike. */
2720 save_rlimits(&saved_rlimit_nofile, &saved_rlimit_memlock);
2721
4ade7963 2722 /* Reset all signal handlers. */
ce30c8dc
LP		 2723 (void) reset_all_signal_handlers();
2724 (void) ignore_signals(SIGNALS_IGNORE, -1);
078e4539 2725
ffe5c01e
FB		 2726 (void) parse_configuration(&saved_rlimit_nofile, &saved_rlimit_memlock);
2727
2728 r = parse_argv(argc, argv);
2729 if (r < 0) {
2730 error_message = "Failed to parse commandline arguments";
f170852a 2731 goto finish;
ffe5c01e 2732 }
10c961b9 2733
b0d7c989
LP		 2734 r = safety_checks();
2735 if (r < 0)
fe783b03 2736 goto finish;
fe783b03 2737
5c08257b 2738 if (IN_SET(arg_action, ACTION_TEST, ACTION_HELP, ACTION_DUMP_CONFIGURATION_ITEMS, ACTION_DUMP_BUS_PROPERTIES, ACTION_BUS_INTROSPECT))
0221d68a 2739 (void) pager_open(arg_pager_flags);
b0d7c989
LP		 2740
2741 if (arg_action != ACTION_RUN)
74e7579c 2742 skip_setup = true;
b87c2aa6 2743
fa0f4d8a 2744 if (arg_action == ACTION_HELP) {
37ec0fdd 2745 retval = help() < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
f170852a 2746 goto finish;
9ba0bc4e
ZJS		 2747 } else if (arg_action == ACTION_VERSION) {
2748 retval = version();
2749 goto finish;
fa0f4d8a 2750 } else if (arg_action == ACTION_DUMP_CONFIGURATION_ITEMS) {
e537352b 2751 unit_dump_config_items(stdout);
22f4096c 2752 retval = EXIT_SUCCESS;
e537352b 2753 goto finish;
bbc1acab
YW		 2754 } else if (arg_action == ACTION_DUMP_BUS_PROPERTIES) {
2755 dump_bus_properties(stdout);
2756 retval = EXIT_SUCCESS;
2757 goto finish;
5c08257b
ZJS		 2758 } else if (arg_action == ACTION_BUS_INTROSPECT) {
2759 r = bus_manager_introspect_implementations(stdout, arg_bus_introspect);
2760 retval = r >= 0 ? EXIT_SUCCESS : EXIT_FAILURE;
2761 goto finish;
f170852a
LP		 2762 }
2763
4c701096 2764 assert_se(IN_SET(arg_action, ACTION_RUN, ACTION_TEST));
f170852a 2765
5a2e0c62
LP		 2766 /* Move out of the way, so that we won't block unmounts */
2767 assert_se(chdir("/") == 0);
2768
dea374e8 2769 if (arg_action == ACTION_RUN) {
d247f232
LP		 2770 if (!skip_setup) {
2771 /* Apply the systemd.clock_usec= kernel command line switch */
45250e66 2772 apply_clock_update();
a70c72a0 2773
d247f232
LP		 2774 /* Apply random seed from kernel command line */
2775 cmdline_take_random_seed();
2776 }
2777
c6885f5f
FB		 2778 /* A core pattern might have been specified via the cmdline. */
2779 initialize_core_pattern(skip_setup);
2780
efeb853f 2781 /* Close logging fds, in order not to confuse collecting passed fds and terminal logic below */
a70c72a0
LP		 2782 log_close();
2783
2784 /* Remember open file descriptors for later deserialization */
efeb853f
LP		 2785 r = collect_fds(&fds, &error_message);
2786 if (r < 0)
dea374e8 2787 goto finish;
a16e1123 2788
2e51b31c
LP		 2789 /* Give up any control of the console, but make sure its initialized. */
2790 setup_console_terminal(skip_setup);
56d96fc0 2791
a70c72a0
LP		 2792 /* Open the logging devices, if possible and necessary */
2793 log_open();
56d96fc0 2794 }
4ade7963 2795
31aef7ff 2796 log_execution_mode(&first_boot);
a5dab5ce 2797
2d776038 2798 r = initialize_runtime(skip_setup,
3023f2fe 2799 first_boot,
2d776038
LP		 2800 &saved_rlimit_nofile,
2801 &saved_rlimit_memlock,
2802 &error_message);
2803 if (r < 0)
2804 goto finish;
4096d6f5 2805
e0a3da1f
ZJS		 2806 r = manager_new(arg_system ? UNIT_FILE_SYSTEM : UNIT_FILE_USER,
2807 arg_action == ACTION_TEST ? MANAGER_TEST_FULL : 0,
2808 &m);
e96d6be7 2809 if (r < 0) {
da927ba9 2810 log_emergency_errno(r, "Failed to allocate manager object: %m");
cb6531be 2811 error_message = "Failed to allocate manager object";
60918275
LP		 2812 goto finish;
2813 }
2814
9f9f0342
LP		 2815 m->timestamps[MANAGER_TIMESTAMP_KERNEL] = kernel_timestamp;
2816 m->timestamps[MANAGER_TIMESTAMP_INITRD] = initrd_timestamp;
2817 m->timestamps[MANAGER_TIMESTAMP_USERSPACE] = userspace_timestamp;
d4ee7bd8
YW		 2818 m->timestamps[manager_timestamp_initrd_mangle(MANAGER_TIMESTAMP_SECURITY_START)] = security_start_timestamp;
2819 m->timestamps[manager_timestamp_initrd_mangle(MANAGER_TIMESTAMP_SECURITY_FINISH)] = security_finish_timestamp;
9e58ff9c 2820
85cb4151 2821 set_manager_defaults(m);
7b46fc6a 2822 set_manager_settings(m);
fd130612 2823 manager_set_first_boot(m, first_boot);
27d340c7 2824
bf4df7c3 2825 /* Remember whether we should queue the default job */
d3b1c508 2826 queue_default_job = !arg_serialization || arg_switched_root;
bf4df7c3 2827
9d76d730
LP		 2828 before_startup = now(CLOCK_MONOTONIC);
2829
d3b1c508 2830 r = manager_startup(m, arg_serialization, fds);
58f88d92 2831 if (r < 0) {
cefb3eda 2832 error_message = "Failed to start up manager";
58f88d92
ZJS		 2833 goto finish;
2834 }
a16e1123 2835
6acca5fc 2836 /* This will close all file descriptors that were opened, but not claimed by any unit. */
2feceb5e 2837 fds = fdset_free(fds);
74ca738f 2838 arg_serialization = safe_fclose(arg_serialization);
bf4df7c3
LP		 2839
2840 if (queue_default_job) {
6acca5fc 2841 r = do_queue_default_job(m, &error_message);
718db961 2842 if (r < 0)
37d88da7 2843 goto finish;
6acca5fc 2844 }
ab17a050 2845
6acca5fc 2846 after_startup = now(CLOCK_MONOTONIC);
60918275 2847
6acca5fc
LP		 2848 log_full(arg_action == ACTION_TEST ? LOG_INFO : LOG_DEBUG,
2849 "Loaded units and determined initial transaction in %s.",
2850 format_timespan(timespan, sizeof(timespan), after_startup - before_startup, 100 * USEC_PER_MSEC));
07672f49 2851
6acca5fc 2852 if (arg_action == ACTION_TEST) {
263162da 2853 test_summary(m);
6acca5fc
LP		 2854 retval = EXIT_SUCCESS;
2855 goto finish;
e965d56d 2856 }
d46de8a1 2857
3046b6db 2858 (void) invoke_main_loop(m,
a9fd4cd1
FB		 2859 &saved_rlimit_nofile,
2860 &saved_rlimit_memlock,
3046b6db
LP		 2861 &reexecute,
2862 &retval,
2863 &shutdown_verb,
2864 &fds,
2865 &switch_root_dir,
2866 &switch_root_init,
2867 &error_message);
f170852a 2868
60918275 2869finish:
b87c2aa6
ZJS		 2870 pager_close();
2871
92890452 2872 if (m) {
986935cf
FB		 2873 arg_reboot_watchdog = manager_get_watchdog(m, WATCHDOG_REBOOT);
2874 arg_kexec_watchdog = manager_get_watchdog(m, WATCHDOG_KEXEC);
92890452
LP		 2875 m = manager_free(m);
2876 }
60918275 2877
cc56fafe 2878 mac_selinux_finish();
b2bb3dbe 2879
3c7878f9
LP		 2880 if (reexecute)
2881 do_reexecute(argc, argv,
2882 &saved_rlimit_nofile,
2883 &saved_rlimit_memlock,
2884 fds,
2885 switch_root_dir,
2886 switch_root_init,
2887 &error_message); /* This only returns if reexecution failed */
a16e1123 2888
74ca738f 2889 arg_serialization = safe_fclose(arg_serialization);
2feceb5e 2890 fds = fdset_free(fds);
a16e1123 2891
0e06a031
LP		 2892 saved_env = strv_free(saved_env);
2893
349cc4a5 2894#if HAVE_VALGRIND_VALGRIND_H
54b434b1
LP		 2895 /* If we are PID 1 and running under valgrind, then let's exit
2896 * here explicitly. valgrind will only generate nice output on
2897 * exit(), not on exec(), hence let's do the former not the
2898 * latter here. */
8a2c1fbf
EJ		 2899 if (getpid_cached() == 1 && RUNNING_ON_VALGRIND) {
2900 /* Cleanup watchdog_device strings for valgrind. We need them
2901 * in become_shutdown() so normally we cannot free them yet. */
2902 watchdog_free_device();
2903 arg_watchdog_device = mfree(arg_watchdog_device);
7d9eea2b 2904 reset_arguments();
27fe58b7 2905 return retval;
8a2c1fbf 2906 }
54b434b1
LP		 2907#endif
2908
7e11a95e
EV		 2909#if HAS_FEATURE_ADDRESS_SANITIZER
2910 __lsan_do_leak_check();
2911#endif
2912
b9080b03 2913 if (shutdown_verb) {
7eb35049 2914 r = become_shutdown(shutdown_verb, retval);
4a36297c 2915 log_error_errno(r, "Failed to execute shutdown binary, %s: %m", getpid_cached() == 1 ? "freezing" : "quitting");
9b9881d7 2916 error_message = "Failed to execute shutdown binary";
b9080b03
FF		 2917 }
2918
8a2c1fbf
EJ		 2919 watchdog_free_device();
2920 arg_watchdog_device = mfree(arg_watchdog_device);
2921
df0ff127 2922 if (getpid_cached() == 1) {
cb6531be
ZJS		 2923 if (error_message)
2924 manager_status_printf(NULL, STATUS_TYPE_EMERGENCY,
1fc464f6 2925 ANSI_HIGHLIGHT_RED "!!!!!!" ANSI_NORMAL,
bb259772
LP		 2926 "%s.", error_message);
2927 freeze_or_exit_or_reboot();
cb6531be 2928 }
c3b3c274 2929
7d9eea2b 2930 reset_arguments();
60918275
LP		 2931 return retval;
2932}
Unnamed repository; edit this file 'description' to name the repository.