]>
Commit | Line | Data |
---|---|---|
5cb5a6ff LP |
1 | /*-*- Mode: C; c-basic-offset: 8 -*-*/ |
2 | ||
a7334b09 LP |
3 | /*** |
4 | This file is part of systemd. | |
5 | ||
6 | Copyright 2010 Lennart Poettering | |
7 | ||
8 | systemd is free software; you can redistribute it and/or modify it | |
9 | under the terms of the GNU General Public License as published by | |
10 | the Free Software Foundation; either version 2 of the License, or | |
11 | (at your option) any later version. | |
12 | ||
13 | systemd is distributed in the hope that it will be useful, but | |
14 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
16 | General Public License for more details. | |
17 | ||
18 | You should have received a copy of the GNU General Public License | |
19 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
20 | ***/ | |
21 | ||
5cb5a6ff | 22 | #include <assert.h> |
034c6ed7 LP |
23 | #include <dirent.h> |
24 | #include <errno.h> | |
25 | #include <fcntl.h> | |
26 | #include <unistd.h> | |
44d8db9e | 27 | #include <string.h> |
309bff19 | 28 | #include <signal.h> |
071830ff LP |
29 | #include <sys/socket.h> |
30 | #include <sys/un.h> | |
94f04347 | 31 | #include <sys/prctl.h> |
66ee3769 | 32 | #include <linux/sched.h> |
451a074f LP |
33 | #include <sys/types.h> |
34 | #include <sys/stat.h> | |
81a2b7ce LP |
35 | #include <grp.h> |
36 | #include <pwd.h> | |
15ae422b | 37 | #include <sys/mount.h> |
25e870b5 | 38 | #include <linux/fs.h> |
5cb5a6ff | 39 | |
5b6319dc LP |
40 | #ifdef HAVE_PAM |
41 | #include <security/pam_appl.h> | |
42 | #endif | |
43 | ||
5cb5a6ff LP |
44 | #include "execute.h" |
45 | #include "strv.h" | |
46 | #include "macro.h" | |
47 | #include "util.h" | |
acbb0225 | 48 | #include "log.h" |
9eba9da4 | 49 | #include "ioprio.h" |
94f04347 | 50 | #include "securebits.h" |
8e274523 | 51 | #include "cgroup.h" |
15ae422b | 52 | #include "namespace.h" |
df1f0afe | 53 | #include "tcpwrap.h" |
5cb5a6ff | 54 | |
02a51aba LP |
55 | /* This assumes there is a 'tty' group */ |
56 | #define TTY_MODE 0620 | |
57 | ||
034c6ed7 LP |
58 | static int shift_fds(int fds[], unsigned n_fds) { |
59 | int start, restart_from; | |
60 | ||
61 | if (n_fds <= 0) | |
62 | return 0; | |
63 | ||
a0d40ac5 LP |
64 | /* Modifies the fds array! (sorts it) */ |
65 | ||
034c6ed7 LP |
66 | assert(fds); |
67 | ||
68 | start = 0; | |
69 | for (;;) { | |
70 | int i; | |
71 | ||
72 | restart_from = -1; | |
73 | ||
74 | for (i = start; i < (int) n_fds; i++) { | |
75 | int nfd; | |
76 | ||
77 | /* Already at right index? */ | |
78 | if (fds[i] == i+3) | |
79 | continue; | |
80 | ||
81 | if ((nfd = fcntl(fds[i], F_DUPFD, i+3)) < 0) | |
82 | return -errno; | |
83 | ||
e1f5e051 | 84 | close_nointr_nofail(fds[i]); |
034c6ed7 LP |
85 | fds[i] = nfd; |
86 | ||
87 | /* Hmm, the fd we wanted isn't free? Then | |
88 | * let's remember that and try again from here*/ | |
89 | if (nfd != i+3 && restart_from < 0) | |
90 | restart_from = i; | |
91 | } | |
92 | ||
93 | if (restart_from < 0) | |
94 | break; | |
95 | ||
96 | start = restart_from; | |
97 | } | |
98 | ||
99 | return 0; | |
100 | } | |
101 | ||
c2748801 | 102 | static int flags_fds(const int fds[], unsigned n_fds, bool nonblock) { |
47a71eed | 103 | unsigned i; |
e2c76839 | 104 | int r; |
47a71eed LP |
105 | |
106 | if (n_fds <= 0) | |
107 | return 0; | |
108 | ||
109 | assert(fds); | |
110 | ||
451a074f | 111 | /* Drops/Sets O_NONBLOCK and FD_CLOEXEC from the file flags */ |
47a71eed LP |
112 | |
113 | for (i = 0; i < n_fds; i++) { | |
47a71eed | 114 | |
e2c76839 LP |
115 | if ((r = fd_nonblock(fds[i], nonblock)) < 0) |
116 | return r; | |
47a71eed | 117 | |
451a074f LP |
118 | /* We unconditionally drop FD_CLOEXEC from the fds, |
119 | * since after all we want to pass these fds to our | |
120 | * children */ | |
47a71eed | 121 | |
e2c76839 LP |
122 | if ((r = fd_cloexec(fds[i], false)) < 0) |
123 | return r; | |
47a71eed LP |
124 | } |
125 | ||
126 | return 0; | |
127 | } | |
128 | ||
80876c20 LP |
129 | static const char *tty_path(const ExecContext *context) { |
130 | assert(context); | |
131 | ||
132 | if (context->tty_path) | |
133 | return context->tty_path; | |
134 | ||
135 | return "/dev/console"; | |
136 | } | |
137 | ||
138 | static int open_null_as(int flags, int nfd) { | |
139 | int fd, r; | |
071830ff | 140 | |
80876c20 | 141 | assert(nfd >= 0); |
071830ff | 142 | |
80876c20 | 143 | if ((fd = open("/dev/null", flags|O_NOCTTY)) < 0) |
071830ff LP |
144 | return -errno; |
145 | ||
80876c20 LP |
146 | if (fd != nfd) { |
147 | r = dup2(fd, nfd) < 0 ? -errno : nfd; | |
e1f5e051 | 148 | close_nointr_nofail(fd); |
80876c20 LP |
149 | } else |
150 | r = nfd; | |
071830ff | 151 | |
80876c20 | 152 | return r; |
071830ff LP |
153 | } |
154 | ||
80876c20 LP |
155 | static int connect_logger_as(const ExecContext *context, ExecOutput output, const char *ident, int nfd) { |
156 | int fd, r; | |
157 | union { | |
158 | struct sockaddr sa; | |
159 | struct sockaddr_un un; | |
160 | } sa; | |
071830ff LP |
161 | |
162 | assert(context); | |
80876c20 LP |
163 | assert(output < _EXEC_OUTPUT_MAX); |
164 | assert(ident); | |
165 | assert(nfd >= 0); | |
071830ff | 166 | |
80876c20 LP |
167 | if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) |
168 | return -errno; | |
071830ff | 169 | |
80876c20 LP |
170 | zero(sa); |
171 | sa.sa.sa_family = AF_UNIX; | |
172 | strncpy(sa.un.sun_path+1, LOGGER_SOCKET, sizeof(sa.un.sun_path)-1); | |
071830ff | 173 | |
80876c20 LP |
174 | if (connect(fd, &sa.sa, sizeof(sa)) < 0) { |
175 | close_nointr_nofail(fd); | |
176 | return -errno; | |
177 | } | |
071830ff | 178 | |
80876c20 LP |
179 | if (shutdown(fd, SHUT_RD) < 0) { |
180 | close_nointr_nofail(fd); | |
181 | return -errno; | |
182 | } | |
071830ff | 183 | |
80876c20 LP |
184 | /* We speak a very simple protocol between log server |
185 | * and client: one line for the log destination (kmsg | |
186 | * or syslog), followed by the priority field, | |
187 | * followed by the process name. Since we replaced | |
188 | * stdin/stderr we simple use stdio to write to | |
189 | * it. Note that we use stderr, to minimize buffer | |
190 | * flushing issues. */ | |
191 | ||
192 | dprintf(fd, | |
193 | "%s\n" | |
194 | "%i\n" | |
4f4a1dbf LP |
195 | "%s\n" |
196 | "%i\n", | |
9a6bca7a | 197 | output == EXEC_OUTPUT_KMSG ? "kmsg" : "syslog", |
80876c20 | 198 | context->syslog_priority, |
4f4a1dbf | 199 | context->syslog_identifier ? context->syslog_identifier : ident, |
74922904 | 200 | context->syslog_level_prefix); |
80876c20 LP |
201 | |
202 | if (fd != nfd) { | |
203 | r = dup2(fd, nfd) < 0 ? -errno : nfd; | |
e1f5e051 | 204 | close_nointr_nofail(fd); |
80876c20 LP |
205 | } else |
206 | r = nfd; | |
071830ff | 207 | |
80876c20 LP |
208 | return r; |
209 | } | |
210 | static int open_terminal_as(const char *path, mode_t mode, int nfd) { | |
211 | int fd, r; | |
071830ff | 212 | |
80876c20 LP |
213 | assert(path); |
214 | assert(nfd >= 0); | |
071830ff | 215 | |
80876c20 LP |
216 | if ((fd = open_terminal(path, mode | O_NOCTTY)) < 0) |
217 | return fd; | |
071830ff | 218 | |
80876c20 LP |
219 | if (fd != nfd) { |
220 | r = dup2(fd, nfd) < 0 ? -errno : nfd; | |
221 | close_nointr_nofail(fd); | |
222 | } else | |
223 | r = nfd; | |
071830ff | 224 | |
80876c20 LP |
225 | return r; |
226 | } | |
071830ff | 227 | |
80876c20 LP |
228 | static bool is_terminal_input(ExecInput i) { |
229 | return | |
230 | i == EXEC_INPUT_TTY || | |
231 | i == EXEC_INPUT_TTY_FORCE || | |
232 | i == EXEC_INPUT_TTY_FAIL; | |
233 | } | |
071830ff | 234 | |
1e3ad081 LP |
235 | static int fixup_input(ExecInput std_input, int socket_fd, bool apply_tty_stdin) { |
236 | ||
237 | if (is_terminal_input(std_input) && !apply_tty_stdin) | |
238 | return EXEC_INPUT_NULL; | |
071830ff | 239 | |
03fd9c49 | 240 | if (std_input == EXEC_INPUT_SOCKET && socket_fd < 0) |
4f2d528d LP |
241 | return EXEC_INPUT_NULL; |
242 | ||
03fd9c49 | 243 | return std_input; |
4f2d528d LP |
244 | } |
245 | ||
03fd9c49 | 246 | static int fixup_output(ExecOutput std_output, int socket_fd) { |
4f2d528d | 247 | |
03fd9c49 | 248 | if (std_output == EXEC_OUTPUT_SOCKET && socket_fd < 0) |
4f2d528d LP |
249 | return EXEC_OUTPUT_INHERIT; |
250 | ||
03fd9c49 | 251 | return std_output; |
4f2d528d LP |
252 | } |
253 | ||
1e3ad081 | 254 | static int setup_input(const ExecContext *context, int socket_fd, bool apply_tty_stdin) { |
4f2d528d LP |
255 | ExecInput i; |
256 | ||
257 | assert(context); | |
258 | ||
1e3ad081 | 259 | i = fixup_input(context->std_input, socket_fd, apply_tty_stdin); |
4f2d528d LP |
260 | |
261 | switch (i) { | |
071830ff | 262 | |
80876c20 LP |
263 | case EXEC_INPUT_NULL: |
264 | return open_null_as(O_RDONLY, STDIN_FILENO); | |
265 | ||
266 | case EXEC_INPUT_TTY: | |
267 | case EXEC_INPUT_TTY_FORCE: | |
268 | case EXEC_INPUT_TTY_FAIL: { | |
269 | int fd, r; | |
071830ff | 270 | |
80876c20 LP |
271 | if ((fd = acquire_terminal( |
272 | tty_path(context), | |
4f2d528d | 273 | i == EXEC_INPUT_TTY_FAIL, |
21de3988 LP |
274 | i == EXEC_INPUT_TTY_FORCE, |
275 | false)) < 0) | |
80876c20 LP |
276 | return fd; |
277 | ||
278 | if (fd != STDIN_FILENO) { | |
279 | r = dup2(fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO; | |
071830ff | 280 | close_nointr_nofail(fd); |
80876c20 LP |
281 | } else |
282 | r = STDIN_FILENO; | |
283 | ||
284 | return r; | |
285 | } | |
286 | ||
4f2d528d LP |
287 | case EXEC_INPUT_SOCKET: |
288 | return dup2(socket_fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO; | |
289 | ||
80876c20 LP |
290 | default: |
291 | assert_not_reached("Unknown input type"); | |
292 | } | |
293 | } | |
294 | ||
1e3ad081 | 295 | static int setup_output(const ExecContext *context, int socket_fd, const char *ident, bool apply_tty_stdin) { |
4f2d528d LP |
296 | ExecOutput o; |
297 | ExecInput i; | |
298 | ||
80876c20 LP |
299 | assert(context); |
300 | assert(ident); | |
301 | ||
1e3ad081 | 302 | i = fixup_input(context->std_input, socket_fd, apply_tty_stdin); |
03fd9c49 | 303 | o = fixup_output(context->std_output, socket_fd); |
4f2d528d | 304 | |
80876c20 LP |
305 | /* This expects the input is already set up */ |
306 | ||
4f2d528d | 307 | switch (o) { |
071830ff | 308 | |
80876c20 LP |
309 | case EXEC_OUTPUT_INHERIT: |
310 | ||
acb591e4 | 311 | /* If the input is connected to anything that's not a /dev/null, inherit that... */ |
ff876e28 | 312 | if (i != EXEC_INPUT_NULL) |
80876c20 | 313 | return dup2(STDIN_FILENO, STDOUT_FILENO) < 0 ? -errno : STDOUT_FILENO; |
071830ff | 314 | |
acb591e4 LP |
315 | /* If we are not started from PID 1 we just inherit STDOUT from our parent process. */ |
316 | if (getppid() != 1) | |
317 | return STDOUT_FILENO; | |
ff876e28 | 318 | |
acb591e4 LP |
319 | /* We need to open /dev/null here anew, to get the |
320 | * right access mode. So we fall through */ | |
80876c20 LP |
321 | |
322 | case EXEC_OUTPUT_NULL: | |
323 | return open_null_as(O_WRONLY, STDOUT_FILENO); | |
324 | ||
4f2d528d LP |
325 | case EXEC_OUTPUT_TTY: |
326 | if (is_terminal_input(i)) | |
80876c20 LP |
327 | return dup2(STDIN_FILENO, STDOUT_FILENO) < 0 ? -errno : STDOUT_FILENO; |
328 | ||
329 | /* We don't reset the terminal if this is just about output */ | |
330 | return open_terminal_as(tty_path(context), O_WRONLY, STDOUT_FILENO); | |
94f04347 | 331 | |
80876c20 | 332 | case EXEC_OUTPUT_SYSLOG: |
9a6bca7a | 333 | case EXEC_OUTPUT_KMSG: |
4f2d528d LP |
334 | return connect_logger_as(context, o, ident, STDOUT_FILENO); |
335 | ||
336 | case EXEC_OUTPUT_SOCKET: | |
337 | assert(socket_fd >= 0); | |
338 | return dup2(socket_fd, STDOUT_FILENO) < 0 ? -errno : STDOUT_FILENO; | |
80876c20 | 339 | |
94f04347 LP |
340 | default: |
341 | assert_not_reached("Unknown output type"); | |
071830ff | 342 | } |
94f04347 LP |
343 | } |
344 | ||
1e3ad081 | 345 | static int setup_error(const ExecContext *context, int socket_fd, const char *ident, bool apply_tty_stdin) { |
4f2d528d LP |
346 | ExecOutput o, e; |
347 | ExecInput i; | |
348 | ||
94f04347 | 349 | assert(context); |
02a51aba | 350 | assert(ident); |
071830ff | 351 | |
1e3ad081 | 352 | i = fixup_input(context->std_input, socket_fd, apply_tty_stdin); |
03fd9c49 LP |
353 | o = fixup_output(context->std_output, socket_fd); |
354 | e = fixup_output(context->std_error, socket_fd); | |
4f2d528d | 355 | |
80876c20 | 356 | /* This expects the input and output are already set up */ |
94f04347 | 357 | |
80876c20 LP |
358 | /* Don't change the stderr file descriptor if we inherit all |
359 | * the way and are not on a tty */ | |
4f2d528d LP |
360 | if (e == EXEC_OUTPUT_INHERIT && |
361 | o == EXEC_OUTPUT_INHERIT && | |
acb591e4 | 362 | i == EXEC_INPUT_NULL && |
dec5d552 | 363 | getppid () != 1) |
80876c20 | 364 | return STDERR_FILENO; |
94f04347 | 365 | |
80876c20 | 366 | /* Duplicate form stdout if possible */ |
4f2d528d | 367 | if (e == o || e == EXEC_OUTPUT_INHERIT) |
80876c20 | 368 | return dup2(STDOUT_FILENO, STDERR_FILENO) < 0 ? -errno : STDERR_FILENO; |
94f04347 | 369 | |
4f2d528d | 370 | switch (e) { |
80876c20 LP |
371 | |
372 | case EXEC_OUTPUT_NULL: | |
373 | return open_null_as(O_WRONLY, STDERR_FILENO); | |
374 | ||
375 | case EXEC_OUTPUT_TTY: | |
4f2d528d | 376 | if (is_terminal_input(i)) |
80876c20 LP |
377 | return dup2(STDIN_FILENO, STDERR_FILENO) < 0 ? -errno : STDERR_FILENO; |
378 | ||
379 | /* We don't reset the terminal if this is just about output */ | |
380 | return open_terminal_as(tty_path(context), O_WRONLY, STDERR_FILENO); | |
381 | ||
382 | case EXEC_OUTPUT_SYSLOG: | |
9a6bca7a | 383 | case EXEC_OUTPUT_KMSG: |
4f2d528d LP |
384 | return connect_logger_as(context, e, ident, STDERR_FILENO); |
385 | ||
386 | case EXEC_OUTPUT_SOCKET: | |
387 | assert(socket_fd >= 0); | |
388 | return dup2(socket_fd, STDERR_FILENO) < 0 ? -errno : STDERR_FILENO; | |
94f04347 LP |
389 | |
390 | default: | |
80876c20 | 391 | assert_not_reached("Unknown error type"); |
94f04347 | 392 | } |
071830ff LP |
393 | } |
394 | ||
02a51aba LP |
395 | static int chown_terminal(int fd, uid_t uid) { |
396 | struct stat st; | |
397 | ||
398 | assert(fd >= 0); | |
02a51aba LP |
399 | |
400 | /* This might fail. What matters are the results. */ | |
bab45044 LP |
401 | (void) fchown(fd, uid, -1); |
402 | (void) fchmod(fd, TTY_MODE); | |
02a51aba LP |
403 | |
404 | if (fstat(fd, &st) < 0) | |
405 | return -errno; | |
406 | ||
d8b4e2e9 | 407 | if (st.st_uid != uid || (st.st_mode & 0777) != TTY_MODE) |
02a51aba LP |
408 | return -EPERM; |
409 | ||
410 | return 0; | |
411 | } | |
412 | ||
80876c20 LP |
413 | static int setup_confirm_stdio(const ExecContext *context, |
414 | int *_saved_stdin, | |
415 | int *_saved_stdout) { | |
416 | int fd = -1, saved_stdin, saved_stdout = -1, r; | |
417 | ||
418 | assert(context); | |
419 | assert(_saved_stdin); | |
420 | assert(_saved_stdout); | |
421 | ||
422 | /* This returns positive EXIT_xxx return values instead of | |
423 | * negative errno style values! */ | |
424 | ||
425 | if ((saved_stdin = fcntl(STDIN_FILENO, F_DUPFD, 3)) < 0) | |
426 | return EXIT_STDIN; | |
427 | ||
428 | if ((saved_stdout = fcntl(STDOUT_FILENO, F_DUPFD, 3)) < 0) { | |
429 | r = EXIT_STDOUT; | |
430 | goto fail; | |
431 | } | |
432 | ||
433 | if ((fd = acquire_terminal( | |
434 | tty_path(context), | |
435 | context->std_input == EXEC_INPUT_TTY_FAIL, | |
21de3988 LP |
436 | context->std_input == EXEC_INPUT_TTY_FORCE, |
437 | false)) < 0) { | |
80876c20 LP |
438 | r = EXIT_STDIN; |
439 | goto fail; | |
440 | } | |
441 | ||
02a51aba LP |
442 | if (chown_terminal(fd, getuid()) < 0) { |
443 | r = EXIT_STDIN; | |
444 | goto fail; | |
445 | } | |
446 | ||
80876c20 LP |
447 | if (dup2(fd, STDIN_FILENO) < 0) { |
448 | r = EXIT_STDIN; | |
449 | goto fail; | |
450 | } | |
451 | ||
452 | if (dup2(fd, STDOUT_FILENO) < 0) { | |
453 | r = EXIT_STDOUT; | |
454 | goto fail; | |
455 | } | |
456 | ||
457 | if (fd >= 2) | |
458 | close_nointr_nofail(fd); | |
459 | ||
460 | *_saved_stdin = saved_stdin; | |
461 | *_saved_stdout = saved_stdout; | |
462 | ||
463 | return 0; | |
464 | ||
465 | fail: | |
466 | if (saved_stdout >= 0) | |
467 | close_nointr_nofail(saved_stdout); | |
468 | ||
469 | if (saved_stdin >= 0) | |
470 | close_nointr_nofail(saved_stdin); | |
471 | ||
472 | if (fd >= 0) | |
473 | close_nointr_nofail(fd); | |
474 | ||
475 | return r; | |
476 | } | |
477 | ||
2608882f | 478 | static int restore_confirm_stdio(const ExecContext *context, |
80876c20 LP |
479 | int *saved_stdin, |
480 | int *saved_stdout, | |
481 | bool *keep_stdin, | |
482 | bool *keep_stdout) { | |
483 | ||
484 | assert(context); | |
485 | assert(saved_stdin); | |
486 | assert(*saved_stdin >= 0); | |
487 | assert(saved_stdout); | |
488 | assert(*saved_stdout >= 0); | |
489 | ||
490 | /* This returns positive EXIT_xxx return values instead of | |
491 | * negative errno style values! */ | |
492 | ||
493 | if (is_terminal_input(context->std_input)) { | |
494 | ||
495 | /* The service wants terminal input. */ | |
496 | ||
497 | *keep_stdin = true; | |
498 | *keep_stdout = | |
499 | context->std_output == EXEC_OUTPUT_INHERIT || | |
500 | context->std_output == EXEC_OUTPUT_TTY; | |
501 | ||
502 | } else { | |
503 | /* If the service doesn't want a controlling terminal, | |
504 | * then we need to get rid entirely of what we have | |
505 | * already. */ | |
506 | ||
507 | if (release_terminal() < 0) | |
508 | return EXIT_STDIN; | |
509 | ||
510 | if (dup2(*saved_stdin, STDIN_FILENO) < 0) | |
511 | return EXIT_STDIN; | |
512 | ||
513 | if (dup2(*saved_stdout, STDOUT_FILENO) < 0) | |
514 | return EXIT_STDOUT; | |
515 | ||
516 | *keep_stdout = *keep_stdin = false; | |
517 | } | |
518 | ||
519 | return 0; | |
520 | } | |
521 | ||
81a2b7ce LP |
522 | static int get_group_creds(const char *groupname, gid_t *gid) { |
523 | struct group *g; | |
524 | unsigned long lu; | |
525 | ||
526 | assert(groupname); | |
527 | assert(gid); | |
528 | ||
529 | /* We enforce some special rules for gid=0: in order to avoid | |
530 | * NSS lookups for root we hardcode its data. */ | |
531 | ||
532 | if (streq(groupname, "root") || streq(groupname, "0")) { | |
533 | *gid = 0; | |
534 | return 0; | |
535 | } | |
536 | ||
537 | if (safe_atolu(groupname, &lu) >= 0) { | |
538 | errno = 0; | |
539 | g = getgrgid((gid_t) lu); | |
540 | } else { | |
541 | errno = 0; | |
542 | g = getgrnam(groupname); | |
543 | } | |
544 | ||
545 | if (!g) | |
546 | return errno != 0 ? -errno : -ESRCH; | |
547 | ||
548 | *gid = g->gr_gid; | |
549 | return 0; | |
550 | } | |
551 | ||
552 | static int get_user_creds(const char **username, uid_t *uid, gid_t *gid, const char **home) { | |
553 | struct passwd *p; | |
554 | unsigned long lu; | |
555 | ||
556 | assert(username); | |
557 | assert(*username); | |
558 | assert(uid); | |
559 | assert(gid); | |
560 | assert(home); | |
561 | ||
562 | /* We enforce some special rules for uid=0: in order to avoid | |
563 | * NSS lookups for root we hardcode its data. */ | |
564 | ||
565 | if (streq(*username, "root") || streq(*username, "0")) { | |
566 | *username = "root"; | |
567 | *uid = 0; | |
568 | *gid = 0; | |
569 | *home = "/root"; | |
570 | return 0; | |
571 | } | |
572 | ||
573 | if (safe_atolu(*username, &lu) >= 0) { | |
574 | errno = 0; | |
575 | p = getpwuid((uid_t) lu); | |
576 | ||
577 | /* If there are multiple users with the same id, make | |
578 | * sure to leave $USER to the configured value instead | |
579 | * of the first occurence in the database. However if | |
580 | * the uid was configured by a numeric uid, then let's | |
581 | * pick the real username from /etc/passwd. */ | |
582 | if (*username && p) | |
583 | *username = p->pw_name; | |
584 | } else { | |
585 | errno = 0; | |
586 | p = getpwnam(*username); | |
587 | } | |
588 | ||
589 | if (!p) | |
590 | return errno != 0 ? -errno : -ESRCH; | |
591 | ||
592 | *uid = p->pw_uid; | |
593 | *gid = p->pw_gid; | |
594 | *home = p->pw_dir; | |
595 | return 0; | |
596 | } | |
597 | ||
598 | static int enforce_groups(const ExecContext *context, const char *username, gid_t gid) { | |
599 | bool keep_groups = false; | |
600 | int r; | |
601 | ||
602 | assert(context); | |
603 | ||
604 | /* Lookup and ser GID and supplementary group list. Here too | |
605 | * we avoid NSS lookups for gid=0. */ | |
606 | ||
607 | if (context->group || username) { | |
608 | ||
609 | if (context->group) | |
610 | if ((r = get_group_creds(context->group, &gid)) < 0) | |
611 | return r; | |
612 | ||
613 | /* First step, initialize groups from /etc/groups */ | |
614 | if (username && gid != 0) { | |
615 | if (initgroups(username, gid) < 0) | |
616 | return -errno; | |
617 | ||
618 | keep_groups = true; | |
619 | } | |
620 | ||
621 | /* Second step, set our gids */ | |
622 | if (setresgid(gid, gid, gid) < 0) | |
623 | return -errno; | |
624 | } | |
625 | ||
626 | if (context->supplementary_groups) { | |
627 | int ngroups_max, k; | |
628 | gid_t *gids; | |
629 | char **i; | |
630 | ||
631 | /* Final step, initialize any manually set supplementary groups */ | |
632 | ngroups_max = (int) sysconf(_SC_NGROUPS_MAX); | |
633 | ||
634 | if (!(gids = new(gid_t, ngroups_max))) | |
635 | return -ENOMEM; | |
636 | ||
637 | if (keep_groups) { | |
638 | if ((k = getgroups(ngroups_max, gids)) < 0) { | |
639 | free(gids); | |
640 | return -errno; | |
641 | } | |
642 | } else | |
643 | k = 0; | |
644 | ||
645 | STRV_FOREACH(i, context->supplementary_groups) { | |
646 | ||
647 | if (k >= ngroups_max) { | |
648 | free(gids); | |
649 | return -E2BIG; | |
650 | } | |
651 | ||
652 | if ((r = get_group_creds(*i, gids+k)) < 0) { | |
653 | free(gids); | |
654 | return r; | |
655 | } | |
656 | ||
657 | k++; | |
658 | } | |
659 | ||
660 | if (setgroups(k, gids) < 0) { | |
661 | free(gids); | |
662 | return -errno; | |
663 | } | |
664 | ||
665 | free(gids); | |
666 | } | |
667 | ||
668 | return 0; | |
669 | } | |
670 | ||
671 | static int enforce_user(const ExecContext *context, uid_t uid) { | |
672 | int r; | |
673 | assert(context); | |
674 | ||
675 | /* Sets (but doesn't lookup) the uid and make sure we keep the | |
676 | * capabilities while doing so. */ | |
677 | ||
678 | if (context->capabilities) { | |
679 | cap_t d; | |
680 | static const cap_value_t bits[] = { | |
681 | CAP_SETUID, /* Necessary so that we can run setresuid() below */ | |
682 | CAP_SETPCAP /* Necessary so that we can set PR_SET_SECUREBITS later on */ | |
683 | }; | |
684 | ||
685 | /* First step: If we need to keep capabilities but | |
686 | * drop privileges we need to make sure we keep our | |
687 | * caps, whiel we drop priviliges. */ | |
693ced48 LP |
688 | if (uid != 0) { |
689 | int sb = context->secure_bits|SECURE_KEEP_CAPS; | |
690 | ||
691 | if (prctl(PR_GET_SECUREBITS) != sb) | |
692 | if (prctl(PR_SET_SECUREBITS, sb) < 0) | |
693 | return -errno; | |
694 | } | |
81a2b7ce LP |
695 | |
696 | /* Second step: set the capabilites. This will reduce | |
697 | * the capabilities to the minimum we need. */ | |
698 | ||
699 | if (!(d = cap_dup(context->capabilities))) | |
700 | return -errno; | |
701 | ||
702 | if (cap_set_flag(d, CAP_EFFECTIVE, ELEMENTSOF(bits), bits, CAP_SET) < 0 || | |
703 | cap_set_flag(d, CAP_PERMITTED, ELEMENTSOF(bits), bits, CAP_SET) < 0) { | |
704 | r = -errno; | |
705 | cap_free(d); | |
706 | return r; | |
707 | } | |
708 | ||
709 | if (cap_set_proc(d) < 0) { | |
710 | r = -errno; | |
711 | cap_free(d); | |
712 | return r; | |
713 | } | |
714 | ||
715 | cap_free(d); | |
716 | } | |
717 | ||
718 | /* Third step: actually set the uids */ | |
719 | if (setresuid(uid, uid, uid) < 0) | |
720 | return -errno; | |
721 | ||
722 | /* At this point we should have all necessary capabilities but | |
723 | are otherwise a normal user. However, the caps might got | |
724 | corrupted due to the setresuid() so we need clean them up | |
725 | later. This is done outside of this call. */ | |
726 | ||
727 | return 0; | |
728 | } | |
729 | ||
5b6319dc LP |
730 | #ifdef HAVE_PAM |
731 | ||
732 | static int null_conv( | |
733 | int num_msg, | |
734 | const struct pam_message **msg, | |
735 | struct pam_response **resp, | |
736 | void *appdata_ptr) { | |
737 | ||
738 | /* We don't support conversations */ | |
739 | ||
740 | return PAM_CONV_ERR; | |
741 | } | |
742 | ||
743 | static int setup_pam( | |
744 | const char *name, | |
745 | const char *user, | |
746 | const char *tty, | |
747 | char ***pam_env, | |
748 | int fds[], unsigned n_fds) { | |
749 | ||
750 | static const struct pam_conv conv = { | |
751 | .conv = null_conv, | |
752 | .appdata_ptr = NULL | |
753 | }; | |
754 | ||
755 | pam_handle_t *handle = NULL; | |
756 | sigset_t ss, old_ss; | |
757 | int pam_code = PAM_SUCCESS; | |
758 | char **e = NULL; | |
759 | bool close_session = false; | |
760 | pid_t pam_pid = 0, parent_pid; | |
761 | ||
762 | assert(name); | |
763 | assert(user); | |
764 | assert(pam_env); | |
765 | ||
766 | /* We set up PAM in the parent process, then fork. The child | |
767 | * will then stay around untill killed via PR_GET_PDEATHSIG or | |
768 | * systemd via the cgroup logic. It will then remove the PAM | |
769 | * session again. The parent process will exec() the actual | |
770 | * daemon. We do things this way to ensure that the main PID | |
771 | * of the daemon is the one we initially fork()ed. */ | |
772 | ||
773 | if ((pam_code = pam_start(name, user, &conv, &handle)) != PAM_SUCCESS) { | |
774 | handle = NULL; | |
775 | goto fail; | |
776 | } | |
777 | ||
778 | if (tty) | |
779 | if ((pam_code = pam_set_item(handle, PAM_TTY, tty)) != PAM_SUCCESS) | |
780 | goto fail; | |
781 | ||
782 | if ((pam_code = pam_acct_mgmt(handle, PAM_SILENT)) != PAM_SUCCESS) | |
783 | goto fail; | |
784 | ||
785 | if ((pam_code = pam_open_session(handle, PAM_SILENT)) != PAM_SUCCESS) | |
786 | goto fail; | |
787 | ||
788 | close_session = true; | |
789 | ||
790 | if ((pam_code = pam_setcred(handle, PAM_ESTABLISH_CRED | PAM_SILENT)) != PAM_SUCCESS) | |
791 | goto fail; | |
792 | ||
793 | if ((!(e = pam_getenvlist(handle)))) { | |
794 | pam_code = PAM_BUF_ERR; | |
795 | goto fail; | |
796 | } | |
797 | ||
798 | /* Block SIGTERM, so that we know that it won't get lost in | |
799 | * the child */ | |
800 | if (sigemptyset(&ss) < 0 || | |
801 | sigaddset(&ss, SIGTERM) < 0 || | |
802 | sigprocmask(SIG_BLOCK, &ss, &old_ss) < 0) | |
803 | goto fail; | |
804 | ||
805 | parent_pid = getpid(); | |
806 | ||
807 | if ((pam_pid = fork()) < 0) | |
808 | goto fail; | |
809 | ||
810 | if (pam_pid == 0) { | |
811 | int sig; | |
812 | int r = EXIT_PAM; | |
813 | ||
814 | /* The child's job is to reset the PAM session on | |
815 | * termination */ | |
816 | ||
817 | /* This string must fit in 10 chars (i.e. the length | |
818 | * of "/sbin/init") */ | |
819 | rename_process("sd:pam"); | |
820 | ||
821 | /* Make sure we don't keep open the passed fds in this | |
822 | child. We assume that otherwise only those fds are | |
823 | open here that have been opened by PAM. */ | |
824 | close_many(fds, n_fds); | |
825 | ||
826 | /* Wait until our parent died. This will most likely | |
827 | * not work since the kernel does not allow | |
828 | * unpriviliged paretns kill their priviliged children | |
829 | * this way. We rely on the control groups kill logic | |
830 | * to do the rest for us. */ | |
831 | if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0) | |
832 | goto child_finish; | |
833 | ||
834 | /* Check if our parent process might already have | |
835 | * died? */ | |
836 | if (getppid() == parent_pid) { | |
837 | if (sigwait(&ss, &sig) < 0) | |
838 | goto child_finish; | |
839 | ||
840 | assert(sig == SIGTERM); | |
841 | } | |
842 | ||
843 | /* Only if our parent died we'll end the session */ | |
844 | if (getppid() != parent_pid) | |
845 | if ((pam_code = pam_close_session(handle, PAM_DATA_SILENT)) != PAM_SUCCESS) | |
846 | goto child_finish; | |
847 | ||
848 | r = 0; | |
849 | ||
850 | child_finish: | |
851 | pam_end(handle, pam_code | PAM_DATA_SILENT); | |
852 | _exit(r); | |
853 | } | |
854 | ||
855 | /* If the child was forked off successfully it will do all the | |
856 | * cleanups, so forget about the handle here. */ | |
857 | handle = NULL; | |
858 | ||
859 | /* Unblock SIGSUR1 again in the parent */ | |
860 | if (sigprocmask(SIG_SETMASK, &old_ss, NULL) < 0) | |
861 | goto fail; | |
862 | ||
863 | /* We close the log explicitly here, since the PAM modules | |
864 | * might have opened it, but we don't want this fd around. */ | |
865 | closelog(); | |
866 | ||
867 | return 0; | |
868 | ||
869 | fail: | |
870 | if (handle) { | |
871 | if (close_session) | |
872 | pam_code = pam_close_session(handle, PAM_DATA_SILENT); | |
873 | ||
874 | pam_end(handle, pam_code | PAM_DATA_SILENT); | |
875 | } | |
876 | ||
877 | strv_free(e); | |
878 | ||
879 | closelog(); | |
880 | ||
881 | if (pam_pid > 1) | |
882 | kill(pam_pid, SIGTERM); | |
883 | ||
884 | return EXIT_PAM; | |
885 | } | |
886 | #endif | |
887 | ||
9fb86720 | 888 | int exec_spawn(ExecCommand *command, |
9e2f7c11 | 889 | char **argv, |
81a2b7ce | 890 | const ExecContext *context, |
c2748801 | 891 | int fds[], unsigned n_fds, |
1137a57c | 892 | char **environment, |
81a2b7ce LP |
893 | bool apply_permissions, |
894 | bool apply_chroot, | |
1e3ad081 | 895 | bool apply_tty_stdin, |
80876c20 | 896 | bool confirm_spawn, |
8e274523 | 897 | CGroupBonding *cgroup_bondings, |
81a2b7ce LP |
898 | pid_t *ret) { |
899 | ||
034c6ed7 | 900 | pid_t pid; |
8e274523 | 901 | int r; |
1a63a750 | 902 | char *line; |
4f2d528d | 903 | int socket_fd; |
034c6ed7 | 904 | |
5cb5a6ff LP |
905 | assert(command); |
906 | assert(context); | |
907 | assert(ret); | |
034c6ed7 LP |
908 | assert(fds || n_fds <= 0); |
909 | ||
4f2d528d LP |
910 | if (context->std_input == EXEC_INPUT_SOCKET || |
911 | context->std_output == EXEC_OUTPUT_SOCKET || | |
912 | context->std_error == EXEC_OUTPUT_SOCKET) { | |
913 | ||
914 | if (n_fds != 1) | |
915 | return -EINVAL; | |
916 | ||
917 | socket_fd = fds[0]; | |
918 | ||
919 | fds = NULL; | |
920 | n_fds = 0; | |
921 | } else | |
922 | socket_fd = -1; | |
923 | ||
9e2f7c11 LP |
924 | if (!argv) |
925 | argv = command->argv; | |
926 | ||
927 | if (!(line = exec_command_line(argv))) | |
1a63a750 LP |
928 | return -ENOMEM; |
929 | ||
930 | log_debug("About to execute: %s", line); | |
931 | free(line); | |
acbb0225 | 932 | |
8e274523 LP |
933 | if (cgroup_bondings) |
934 | if ((r = cgroup_bonding_realize_list(cgroup_bondings))) | |
935 | return r; | |
936 | ||
034c6ed7 LP |
937 | if ((pid = fork()) < 0) |
938 | return -errno; | |
939 | ||
940 | if (pid == 0) { | |
8e274523 | 941 | int i; |
309bff19 | 942 | sigset_t ss; |
81a2b7ce LP |
943 | const char *username = NULL, *home = NULL; |
944 | uid_t uid = (uid_t) -1; | |
945 | gid_t gid = (gid_t) -1; | |
5b6319dc | 946 | char **our_env = NULL, **pam_env = NULL, **final_env = NULL; |
81a2b7ce | 947 | unsigned n_env = 0; |
80876c20 LP |
948 | int saved_stdout = -1, saved_stdin = -1; |
949 | bool keep_stdout = false, keep_stdin = false; | |
309bff19 | 950 | |
034c6ed7 | 951 | /* child */ |
5cb5a6ff | 952 | |
5b6319dc LP |
953 | /* This string must fit in 10 chars (i.e. the length |
954 | * of "/sbin/init") */ | |
955 | rename_process("sd:exec"); | |
956 | ||
1b91d3e8 LP |
957 | /* We reset exactly these signals, since they are the |
958 | * only ones we set to SIG_IGN in the main daemon. All | |
959 | * others we leave untouched because we set them to | |
960 | * SIG_DFL or a valid handler initially, both of which | |
961 | * will be demoted to SIG_DFL. */ | |
962 | default_signals(SIGNALS_CRASH_HANDLER, | |
9a34ec5f | 963 | SIGNALS_IGNORE, -1); |
7b683879 | 964 | |
309bff19 LP |
965 | if (sigemptyset(&ss) < 0 || |
966 | sigprocmask(SIG_SETMASK, &ss, NULL) < 0) { | |
967 | r = EXIT_SIGNAL_MASK; | |
968 | goto fail; | |
969 | } | |
970 | ||
74922904 | 971 | if (!context->same_pgrp) |
8d567588 LP |
972 | if (setsid() < 0) { |
973 | r = EXIT_SETSID; | |
974 | goto fail; | |
975 | } | |
80876c20 | 976 | |
c5da34ef LP |
977 | if (context->tcpwrap_name) { |
978 | if (socket_fd >= 0) | |
979 | if (!socket_tcpwrap(socket_fd, context->tcpwrap_name)) { | |
980 | r = EXIT_TCPWRAP; | |
981 | goto fail; | |
982 | } | |
983 | ||
984 | for (i = 0; i < (int) n_fds; i++) { | |
985 | if (!socket_tcpwrap(fds[i], context->tcpwrap_name)) { | |
986 | r = EXIT_TCPWRAP; | |
987 | goto fail; | |
988 | } | |
df1f0afe | 989 | } |
c5da34ef | 990 | } |
df1f0afe | 991 | |
1e3ad081 LP |
992 | /* We skip the confirmation step if we shall not apply the TTY */ |
993 | if (confirm_spawn && | |
994 | (!is_terminal_input(context->std_input) || apply_tty_stdin)) { | |
80876c20 LP |
995 | char response; |
996 | ||
997 | /* Set up terminal for the question */ | |
998 | if ((r = setup_confirm_stdio(context, | |
999 | &saved_stdin, &saved_stdout))) | |
1000 | goto fail; | |
1001 | ||
1002 | /* Now ask the question. */ | |
9e2f7c11 | 1003 | if (!(line = exec_command_line(argv))) { |
80876c20 | 1004 | r = EXIT_MEMORY; |
ee2b4894 LP |
1005 | goto fail; |
1006 | } | |
80876c20 LP |
1007 | |
1008 | r = ask(&response, "yns", "Execute %s? [Yes, No, Skip] ", line); | |
1009 | free(line); | |
1010 | ||
1011 | if (r < 0 || response == 'n') { | |
1012 | r = EXIT_CONFIRM; | |
1013 | goto fail; | |
1014 | } else if (response == 's') { | |
1015 | r = 0; | |
ee2b4894 LP |
1016 | goto fail; |
1017 | } | |
80876c20 LP |
1018 | |
1019 | /* Release terminal for the question */ | |
2608882f | 1020 | if ((r = restore_confirm_stdio(context, |
80876c20 LP |
1021 | &saved_stdin, &saved_stdout, |
1022 | &keep_stdin, &keep_stdout))) | |
1023 | goto fail; | |
034c6ed7 LP |
1024 | } |
1025 | ||
80876c20 | 1026 | if (!keep_stdin) |
1e3ad081 | 1027 | if (setup_input(context, socket_fd, apply_tty_stdin) < 0) { |
80876c20 LP |
1028 | r = EXIT_STDIN; |
1029 | goto fail; | |
1030 | } | |
9eba9da4 | 1031 | |
80876c20 | 1032 | if (!keep_stdout) |
1e3ad081 | 1033 | if (setup_output(context, socket_fd, file_name_from_path(command->path), apply_tty_stdin) < 0) { |
80876c20 LP |
1034 | r = EXIT_STDOUT; |
1035 | goto fail; | |
1036 | } | |
94f04347 | 1037 | |
1e3ad081 | 1038 | if (setup_error(context, socket_fd, file_name_from_path(command->path), apply_tty_stdin) < 0) { |
80876c20 | 1039 | r = EXIT_STDERR; |
071830ff LP |
1040 | goto fail; |
1041 | } | |
1042 | ||
8e274523 LP |
1043 | if (cgroup_bondings) |
1044 | if ((r = cgroup_bonding_install_list(cgroup_bondings, 0)) < 0) { | |
1045 | r = EXIT_CGROUP; | |
1046 | goto fail; | |
1047 | } | |
1048 | ||
fb33a393 LP |
1049 | if (context->oom_adjust_set) { |
1050 | char t[16]; | |
034c6ed7 | 1051 | |
fb33a393 LP |
1052 | snprintf(t, sizeof(t), "%i", context->oom_adjust); |
1053 | char_array_0(t); | |
034c6ed7 | 1054 | |
fb33a393 LP |
1055 | if (write_one_line_file("/proc/self/oom_adj", t) < 0) { |
1056 | r = EXIT_OOM_ADJUST; | |
1057 | goto fail; | |
1058 | } | |
034c6ed7 LP |
1059 | } |
1060 | ||
fb33a393 LP |
1061 | if (context->nice_set) |
1062 | if (setpriority(PRIO_PROCESS, 0, context->nice) < 0) { | |
1063 | r = EXIT_NICE; | |
1064 | goto fail; | |
1065 | } | |
1066 | ||
94f04347 LP |
1067 | if (context->cpu_sched_set) { |
1068 | struct sched_param param; | |
1069 | ||
1070 | zero(param); | |
1071 | param.sched_priority = context->cpu_sched_priority; | |
1072 | ||
38b48754 LP |
1073 | if (sched_setscheduler(0, context->cpu_sched_policy | |
1074 | (context->cpu_sched_reset_on_fork ? SCHED_RESET_ON_FORK : 0), ¶m) < 0) { | |
94f04347 LP |
1075 | r = EXIT_SETSCHEDULER; |
1076 | goto fail; | |
1077 | } | |
1078 | } | |
1079 | ||
82c121a4 LP |
1080 | if (context->cpuset) |
1081 | if (sched_setaffinity(0, CPU_ALLOC_SIZE(context->cpuset_ncpus), context->cpuset) < 0) { | |
94f04347 LP |
1082 | r = EXIT_CPUAFFINITY; |
1083 | goto fail; | |
1084 | } | |
1085 | ||
9eba9da4 LP |
1086 | if (context->ioprio_set) |
1087 | if (ioprio_set(IOPRIO_WHO_PROCESS, 0, context->ioprio) < 0) { | |
1088 | r = EXIT_IOPRIO; | |
1089 | goto fail; | |
1090 | } | |
1091 | ||
03fae018 LP |
1092 | if (context->timer_slack_nsec_set) |
1093 | if (prctl(PR_SET_TIMERSLACK, context->timer_slack_nsec) < 0) { | |
94f04347 LP |
1094 | r = EXIT_TIMERSLACK; |
1095 | goto fail; | |
1096 | } | |
1097 | ||
81a2b7ce LP |
1098 | if (context->user) { |
1099 | username = context->user; | |
1100 | if (get_user_creds(&username, &uid, &gid, &home) < 0) { | |
1101 | r = EXIT_USER; | |
1102 | goto fail; | |
1103 | } | |
d8b4e2e9 LP |
1104 | |
1105 | if (is_terminal_input(context->std_input)) | |
1106 | if (chown_terminal(STDIN_FILENO, uid) < 0) { | |
1107 | r = EXIT_STDIN; | |
1108 | goto fail; | |
1109 | } | |
81a2b7ce LP |
1110 | } |
1111 | ||
5b6319dc LP |
1112 | #ifdef HAVE_PAM |
1113 | if (context->pam_name && username) { | |
1114 | /* Make sure no fds leak into the PAM | |
1115 | * supervisor process. We will call this later | |
1116 | * on again to make sure that any fds leaked | |
1117 | * by the PAM modules get closed before our | |
1118 | * exec(). */ | |
1119 | if (close_all_fds(fds, n_fds) < 0) { | |
1120 | r = EXIT_FDS; | |
1121 | goto fail; | |
1122 | } | |
1123 | ||
1124 | if (setup_pam(context->pam_name, username, context->tty_path, &pam_env, fds, n_fds) < 0) { | |
1125 | r = EXIT_PAM; | |
1126 | goto fail; | |
1127 | } | |
1128 | } | |
1129 | #endif | |
1130 | ||
81a2b7ce LP |
1131 | if (apply_permissions) |
1132 | if (enforce_groups(context, username, uid) < 0) { | |
1133 | r = EXIT_GROUP; | |
1134 | goto fail; | |
1135 | } | |
1136 | ||
15ae422b LP |
1137 | umask(context->umask); |
1138 | ||
04aa0cb9 LP |
1139 | if (strv_length(context->read_write_dirs) > 0 || |
1140 | strv_length(context->read_only_dirs) > 0 || | |
1141 | strv_length(context->inaccessible_dirs) > 0 || | |
1142 | context->mount_flags != MS_SHARED || | |
1143 | context->private_tmp) | |
1144 | if ((r = setup_namespace( | |
1145 | context->read_write_dirs, | |
1146 | context->read_only_dirs, | |
1147 | context->inaccessible_dirs, | |
1148 | context->private_tmp, | |
1149 | context->mount_flags)) < 0) | |
1150 | goto fail; | |
1151 | ||
81a2b7ce LP |
1152 | if (apply_chroot) { |
1153 | if (context->root_directory) | |
1154 | if (chroot(context->root_directory) < 0) { | |
1155 | r = EXIT_CHROOT; | |
1156 | goto fail; | |
1157 | } | |
1158 | ||
1159 | if (chdir(context->working_directory ? context->working_directory : "/") < 0) { | |
1160 | r = EXIT_CHDIR; | |
1161 | goto fail; | |
1162 | } | |
1163 | } else { | |
1164 | ||
1165 | char *d; | |
1166 | ||
1167 | if (asprintf(&d, "%s/%s", | |
1168 | context->root_directory ? context->root_directory : "", | |
1169 | context->working_directory ? context->working_directory : "") < 0) { | |
1170 | r = EXIT_MEMORY; | |
1171 | goto fail; | |
1172 | } | |
1173 | ||
1174 | if (chdir(d) < 0) { | |
1175 | free(d); | |
1176 | r = EXIT_CHDIR; | |
1177 | goto fail; | |
1178 | } | |
1179 | ||
1180 | free(d); | |
1181 | } | |
1182 | ||
a0d40ac5 | 1183 | if (close_all_fds(fds, n_fds) < 0 || |
47a71eed | 1184 | shift_fds(fds, n_fds) < 0 || |
451a074f | 1185 | flags_fds(fds, n_fds, context->non_blocking) < 0) { |
034c6ed7 LP |
1186 | r = EXIT_FDS; |
1187 | goto fail; | |
1188 | } | |
1189 | ||
81a2b7ce | 1190 | if (apply_permissions) { |
034c6ed7 | 1191 | |
81a2b7ce LP |
1192 | for (i = 0; i < RLIMIT_NLIMITS; i++) { |
1193 | if (!context->rlimit[i]) | |
1194 | continue; | |
1195 | ||
1196 | if (setrlimit(i, context->rlimit[i]) < 0) { | |
1197 | r = EXIT_LIMITS; | |
1198 | goto fail; | |
1199 | } | |
034c6ed7 | 1200 | } |
034c6ed7 | 1201 | |
81a2b7ce LP |
1202 | if (context->user) |
1203 | if (enforce_user(context, uid) < 0) { | |
1204 | r = EXIT_USER; | |
1205 | goto fail; | |
1206 | } | |
1207 | ||
693ced48 LP |
1208 | /* PR_GET_SECUREBITS is not priviliged, while |
1209 | * PR_SET_SECUREBITS is. So to suppress | |
1210 | * potential EPERMs we'll try not to call | |
1211 | * PR_SET_SECUREBITS unless necessary. */ | |
1212 | if (prctl(PR_GET_SECUREBITS) != context->secure_bits) | |
1213 | if (prctl(PR_SET_SECUREBITS, context->secure_bits) < 0) { | |
1214 | r = EXIT_SECUREBITS; | |
1215 | goto fail; | |
1216 | } | |
81a2b7ce LP |
1217 | |
1218 | if (context->capabilities) | |
1219 | if (cap_set_proc(context->capabilities) < 0) { | |
1220 | r = EXIT_CAPABILITIES; | |
1221 | goto fail; | |
1222 | } | |
94f04347 LP |
1223 | } |
1224 | ||
81a2b7ce LP |
1225 | if (!(our_env = new0(char*, 6))) { |
1226 | r = EXIT_MEMORY; | |
1227 | goto fail; | |
1228 | } | |
034c6ed7 | 1229 | |
81a2b7ce | 1230 | if (n_fds > 0) |
bb00e604 | 1231 | if (asprintf(our_env + n_env++, "LISTEN_PID=%lu", (unsigned long) getpid()) < 0 || |
81a2b7ce LP |
1232 | asprintf(our_env + n_env++, "LISTEN_FDS=%u", n_fds) < 0) { |
1233 | r = EXIT_MEMORY; | |
1234 | goto fail; | |
1235 | } | |
034c6ed7 | 1236 | |
81a2b7ce LP |
1237 | if (home) |
1238 | if (asprintf(our_env + n_env++, "HOME=%s", home) < 0) { | |
1239 | r = EXIT_MEMORY; | |
1240 | goto fail; | |
1241 | } | |
034c6ed7 | 1242 | |
81a2b7ce LP |
1243 | if (username) |
1244 | if (asprintf(our_env + n_env++, "LOGNAME=%s", username) < 0 || | |
1245 | asprintf(our_env + n_env++, "USER=%s", username) < 0) { | |
1246 | r = EXIT_MEMORY; | |
1247 | goto fail; | |
1248 | } | |
034c6ed7 | 1249 | |
4e85aff4 LP |
1250 | assert(n_env <= 6); |
1251 | ||
5b6319dc LP |
1252 | if (!(final_env = strv_env_merge( |
1253 | 4, | |
1254 | environment, | |
1255 | our_env, | |
1256 | context->environment, | |
1257 | pam_env, | |
1258 | NULL))) { | |
81a2b7ce LP |
1259 | r = EXIT_MEMORY; |
1260 | goto fail; | |
1261 | } | |
034c6ed7 | 1262 | |
9e2f7c11 | 1263 | execve(command->path, argv, final_env); |
034c6ed7 LP |
1264 | r = EXIT_EXEC; |
1265 | ||
1266 | fail: | |
81a2b7ce LP |
1267 | strv_free(our_env); |
1268 | strv_free(final_env); | |
5b6319dc | 1269 | strv_free(pam_env); |
81a2b7ce | 1270 | |
80876c20 LP |
1271 | if (saved_stdin >= 0) |
1272 | close_nointr_nofail(saved_stdin); | |
1273 | ||
1274 | if (saved_stdout >= 0) | |
1275 | close_nointr_nofail(saved_stdout); | |
1276 | ||
034c6ed7 LP |
1277 | _exit(r); |
1278 | } | |
1279 | ||
80876c20 LP |
1280 | /* We add the new process to the cgroup both in the child (so |
1281 | * that we can be sure that no user code is ever executed | |
1282 | * outside of the cgroup) and in the parent (so that we can be | |
1283 | * sure that when we kill the cgroup the process will be | |
1284 | * killed too). */ | |
1285 | if (cgroup_bondings) | |
4e85aff4 | 1286 | cgroup_bonding_install_list(cgroup_bondings, pid); |
2da3263a | 1287 | |
bb00e604 | 1288 | log_debug("Forked %s as %lu", command->path, (unsigned long) pid); |
2da3263a | 1289 | |
b58b4116 | 1290 | exec_status_start(&command->exec_status, pid); |
9fb86720 | 1291 | |
034c6ed7 | 1292 | *ret = pid; |
5cb5a6ff LP |
1293 | return 0; |
1294 | } | |
1295 | ||
034c6ed7 LP |
1296 | void exec_context_init(ExecContext *c) { |
1297 | assert(c); | |
1298 | ||
1299 | c->umask = 0002; | |
9eba9da4 | 1300 | c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0); |
94f04347 | 1301 | c->cpu_sched_policy = SCHED_OTHER; |
071830ff | 1302 | c->syslog_priority = LOG_DAEMON|LOG_INFO; |
74922904 | 1303 | c->syslog_level_prefix = true; |
15ae422b | 1304 | c->mount_flags = MS_SHARED; |
034c6ed7 LP |
1305 | } |
1306 | ||
1307 | void exec_context_done(ExecContext *c) { | |
5cb5a6ff LP |
1308 | unsigned l; |
1309 | ||
1310 | assert(c); | |
1311 | ||
1312 | strv_free(c->environment); | |
034c6ed7 | 1313 | c->environment = NULL; |
5cb5a6ff | 1314 | |
034c6ed7 | 1315 | for (l = 0; l < ELEMENTSOF(c->rlimit); l++) { |
5cb5a6ff | 1316 | free(c->rlimit[l]); |
034c6ed7 LP |
1317 | c->rlimit[l] = NULL; |
1318 | } | |
1319 | ||
9eba9da4 LP |
1320 | free(c->working_directory); |
1321 | c->working_directory = NULL; | |
1322 | free(c->root_directory); | |
1323 | c->root_directory = NULL; | |
5cb5a6ff | 1324 | |
80876c20 LP |
1325 | free(c->tty_path); |
1326 | c->tty_path = NULL; | |
1327 | ||
df1f0afe LP |
1328 | free(c->tcpwrap_name); |
1329 | c->tcpwrap_name = NULL; | |
1330 | ||
071830ff LP |
1331 | free(c->syslog_identifier); |
1332 | c->syslog_identifier = NULL; | |
1333 | ||
5cb5a6ff | 1334 | free(c->user); |
034c6ed7 LP |
1335 | c->user = NULL; |
1336 | ||
5cb5a6ff | 1337 | free(c->group); |
034c6ed7 LP |
1338 | c->group = NULL; |
1339 | ||
1340 | strv_free(c->supplementary_groups); | |
1341 | c->supplementary_groups = NULL; | |
94f04347 | 1342 | |
5b6319dc LP |
1343 | free(c->pam_name); |
1344 | c->pam_name = NULL; | |
1345 | ||
94f04347 LP |
1346 | if (c->capabilities) { |
1347 | cap_free(c->capabilities); | |
1348 | c->capabilities = NULL; | |
1349 | } | |
15ae422b LP |
1350 | |
1351 | strv_free(c->read_only_dirs); | |
1352 | c->read_only_dirs = NULL; | |
1353 | ||
1354 | strv_free(c->read_write_dirs); | |
1355 | c->read_write_dirs = NULL; | |
1356 | ||
1357 | strv_free(c->inaccessible_dirs); | |
1358 | c->inaccessible_dirs = NULL; | |
82c121a4 LP |
1359 | |
1360 | if (c->cpuset) | |
1361 | CPU_FREE(c->cpuset); | |
5cb5a6ff LP |
1362 | } |
1363 | ||
43d0fcbd LP |
1364 | void exec_command_done(ExecCommand *c) { |
1365 | assert(c); | |
1366 | ||
1367 | free(c->path); | |
1368 | c->path = NULL; | |
1369 | ||
1370 | strv_free(c->argv); | |
1371 | c->argv = NULL; | |
1372 | } | |
1373 | ||
1374 | void exec_command_done_array(ExecCommand *c, unsigned n) { | |
1375 | unsigned i; | |
1376 | ||
1377 | for (i = 0; i < n; i++) | |
1378 | exec_command_done(c+i); | |
1379 | } | |
1380 | ||
5cb5a6ff LP |
1381 | void exec_command_free_list(ExecCommand *c) { |
1382 | ExecCommand *i; | |
1383 | ||
1384 | while ((i = c)) { | |
034c6ed7 | 1385 | LIST_REMOVE(ExecCommand, command, c, i); |
43d0fcbd | 1386 | exec_command_done(i); |
5cb5a6ff LP |
1387 | free(i); |
1388 | } | |
1389 | } | |
1390 | ||
034c6ed7 LP |
1391 | void exec_command_free_array(ExecCommand **c, unsigned n) { |
1392 | unsigned i; | |
1393 | ||
1394 | for (i = 0; i < n; i++) { | |
1395 | exec_command_free_list(c[i]); | |
1396 | c[i] = NULL; | |
1397 | } | |
1398 | } | |
1399 | ||
15ae422b LP |
1400 | static void strv_fprintf(FILE *f, char **l) { |
1401 | char **g; | |
1402 | ||
1403 | assert(f); | |
1404 | ||
1405 | STRV_FOREACH(g, l) | |
1406 | fprintf(f, " %s", *g); | |
1407 | } | |
1408 | ||
5cb5a6ff | 1409 | void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) { |
94f04347 LP |
1410 | char ** e; |
1411 | unsigned i; | |
9eba9da4 | 1412 | |
5cb5a6ff LP |
1413 | assert(c); |
1414 | assert(f); | |
1415 | ||
1416 | if (!prefix) | |
1417 | prefix = ""; | |
1418 | ||
1419 | fprintf(f, | |
94f04347 LP |
1420 | "%sUMask: %04o\n" |
1421 | "%sWorkingDirectory: %s\n" | |
451a074f | 1422 | "%sRootDirectory: %s\n" |
15ae422b LP |
1423 | "%sNonBlocking: %s\n" |
1424 | "%sPrivateTmp: %s\n", | |
5cb5a6ff | 1425 | prefix, c->umask, |
9eba9da4 | 1426 | prefix, c->working_directory ? c->working_directory : "/", |
451a074f | 1427 | prefix, c->root_directory ? c->root_directory : "/", |
15ae422b LP |
1428 | prefix, yes_no(c->non_blocking), |
1429 | prefix, yes_no(c->private_tmp)); | |
fb33a393 | 1430 | |
94f04347 LP |
1431 | if (c->environment) |
1432 | for (e = c->environment; *e; e++) | |
1433 | fprintf(f, "%sEnvironment: %s\n", prefix, *e); | |
1434 | ||
df1f0afe LP |
1435 | if (c->tcpwrap_name) |
1436 | fprintf(f, | |
1437 | "%sTCPWrapName: %s\n", | |
1438 | prefix, c->tcpwrap_name); | |
1439 | ||
fb33a393 LP |
1440 | if (c->nice_set) |
1441 | fprintf(f, | |
1442 | "%sNice: %i\n", | |
1443 | prefix, c->nice); | |
1444 | ||
1445 | if (c->oom_adjust_set) | |
1446 | fprintf(f, | |
1447 | "%sOOMAdjust: %i\n", | |
1448 | prefix, c->oom_adjust); | |
9eba9da4 | 1449 | |
94f04347 LP |
1450 | for (i = 0; i < RLIM_NLIMITS; i++) |
1451 | if (c->rlimit[i]) | |
ea430986 | 1452 | fprintf(f, "%s%s: %llu\n", prefix, rlimit_to_string(i), (unsigned long long) c->rlimit[i]->rlim_max); |
94f04347 | 1453 | |
9eba9da4 LP |
1454 | if (c->ioprio_set) |
1455 | fprintf(f, | |
1456 | "%sIOSchedulingClass: %s\n" | |
1457 | "%sIOPriority: %i\n", | |
94f04347 | 1458 | prefix, ioprio_class_to_string(IOPRIO_PRIO_CLASS(c->ioprio)), |
9eba9da4 | 1459 | prefix, (int) IOPRIO_PRIO_DATA(c->ioprio)); |
94f04347 LP |
1460 | |
1461 | if (c->cpu_sched_set) | |
1462 | fprintf(f, | |
1463 | "%sCPUSchedulingPolicy: %s\n" | |
38b48754 LP |
1464 | "%sCPUSchedulingPriority: %i\n" |
1465 | "%sCPUSchedulingResetOnFork: %s\n", | |
94f04347 | 1466 | prefix, sched_policy_to_string(c->cpu_sched_policy), |
38b48754 LP |
1467 | prefix, c->cpu_sched_priority, |
1468 | prefix, yes_no(c->cpu_sched_reset_on_fork)); | |
94f04347 | 1469 | |
82c121a4 | 1470 | if (c->cpuset) { |
94f04347 | 1471 | fprintf(f, "%sCPUAffinity:", prefix); |
82c121a4 LP |
1472 | for (i = 0; i < c->cpuset_ncpus; i++) |
1473 | if (CPU_ISSET_S(i, CPU_ALLOC_SIZE(c->cpuset_ncpus), c->cpuset)) | |
94f04347 LP |
1474 | fprintf(f, " %i", i); |
1475 | fputs("\n", f); | |
1476 | } | |
1477 | ||
03fae018 LP |
1478 | if (c->timer_slack_nsec_set) |
1479 | fprintf(f, "%sTimerSlackNSec: %lu\n", prefix, c->timer_slack_nsec); | |
94f04347 LP |
1480 | |
1481 | fprintf(f, | |
80876c20 LP |
1482 | "%sStandardInput: %s\n" |
1483 | "%sStandardOutput: %s\n" | |
1484 | "%sStandardError: %s\n", | |
1485 | prefix, exec_input_to_string(c->std_input), | |
1486 | prefix, exec_output_to_string(c->std_output), | |
1487 | prefix, exec_output_to_string(c->std_error)); | |
1488 | ||
1489 | if (c->tty_path) | |
1490 | fprintf(f, | |
1491 | "%sTTYPath: %s\n", | |
1492 | prefix, c->tty_path); | |
94f04347 | 1493 | |
9a6bca7a LP |
1494 | if (c->std_output == EXEC_OUTPUT_SYSLOG || c->std_output == EXEC_OUTPUT_KMSG || |
1495 | c->std_error == EXEC_OUTPUT_SYSLOG || c->std_error == EXEC_OUTPUT_KMSG) | |
94f04347 LP |
1496 | fprintf(f, |
1497 | "%sSyslogFacility: %s\n" | |
1498 | "%sSyslogLevel: %s\n", | |
1499 | prefix, log_facility_to_string(LOG_FAC(c->syslog_priority)), | |
1500 | prefix, log_level_to_string(LOG_PRI(c->syslog_priority))); | |
1501 | ||
1502 | if (c->capabilities) { | |
1503 | char *t; | |
1504 | if ((t = cap_to_text(c->capabilities, NULL))) { | |
1505 | fprintf(f, "%sCapabilities: %s\n", | |
1506 | prefix, t); | |
1507 | cap_free(t); | |
1508 | } | |
1509 | } | |
1510 | ||
1511 | if (c->secure_bits) | |
1512 | fprintf(f, "%sSecure Bits:%s%s%s%s%s%s\n", | |
1513 | prefix, | |
1514 | (c->secure_bits & SECURE_KEEP_CAPS) ? " keep-caps" : "", | |
1515 | (c->secure_bits & SECURE_KEEP_CAPS_LOCKED) ? " keep-caps-locked" : "", | |
1516 | (c->secure_bits & SECURE_NO_SETUID_FIXUP) ? " no-setuid-fixup" : "", | |
1517 | (c->secure_bits & SECURE_NO_SETUID_FIXUP_LOCKED) ? " no-setuid-fixup-locked" : "", | |
1518 | (c->secure_bits & SECURE_NOROOT) ? " noroot" : "", | |
1519 | (c->secure_bits & SECURE_NOROOT_LOCKED) ? "noroot-locked" : ""); | |
1520 | ||
1521 | if (c->capability_bounding_set_drop) { | |
1522 | fprintf(f, "%sCapabilityBoundingSetDrop:", prefix); | |
1523 | ||
1524 | for (i = 0; i <= CAP_LAST_CAP; i++) | |
1525 | if (c->capability_bounding_set_drop & (1 << i)) { | |
1526 | char *t; | |
1527 | ||
1528 | if ((t = cap_to_name(i))) { | |
1529 | fprintf(f, " %s", t); | |
1530 | free(t); | |
1531 | } | |
1532 | } | |
1533 | ||
1534 | fputs("\n", f); | |
1535 | } | |
1536 | ||
1537 | if (c->user) | |
f2d3769a | 1538 | fprintf(f, "%sUser: %s\n", prefix, c->user); |
94f04347 | 1539 | if (c->group) |
f2d3769a | 1540 | fprintf(f, "%sGroup: %s\n", prefix, c->group); |
94f04347 | 1541 | |
15ae422b | 1542 | if (strv_length(c->supplementary_groups) > 0) { |
94f04347 | 1543 | fprintf(f, "%sSupplementaryGroups:", prefix); |
15ae422b LP |
1544 | strv_fprintf(f, c->supplementary_groups); |
1545 | fputs("\n", f); | |
1546 | } | |
94f04347 | 1547 | |
5b6319dc | 1548 | if (c->pam_name) |
f2d3769a | 1549 | fprintf(f, "%sPAMName: %s\n", prefix, c->pam_name); |
5b6319dc | 1550 | |
15ae422b LP |
1551 | if (strv_length(c->read_write_dirs) > 0) { |
1552 | fprintf(f, "%sReadWriteDirs:", prefix); | |
1553 | strv_fprintf(f, c->read_write_dirs); | |
1554 | fputs("\n", f); | |
1555 | } | |
1556 | ||
1557 | if (strv_length(c->read_only_dirs) > 0) { | |
1558 | fprintf(f, "%sReadOnlyDirs:", prefix); | |
1559 | strv_fprintf(f, c->read_only_dirs); | |
1560 | fputs("\n", f); | |
1561 | } | |
94f04347 | 1562 | |
15ae422b LP |
1563 | if (strv_length(c->inaccessible_dirs) > 0) { |
1564 | fprintf(f, "%sInaccessibleDirs:", prefix); | |
1565 | strv_fprintf(f, c->inaccessible_dirs); | |
94f04347 LP |
1566 | fputs("\n", f); |
1567 | } | |
5cb5a6ff LP |
1568 | } |
1569 | ||
b58b4116 | 1570 | void exec_status_start(ExecStatus *s, pid_t pid) { |
034c6ed7 | 1571 | assert(s); |
5cb5a6ff | 1572 | |
b58b4116 LP |
1573 | zero(*s); |
1574 | s->pid = pid; | |
1575 | dual_timestamp_get(&s->start_timestamp); | |
1576 | } | |
1577 | ||
1578 | void exec_status_exit(ExecStatus *s, pid_t pid, int code, int status) { | |
1579 | assert(s); | |
1580 | ||
1581 | if ((s->pid && s->pid != pid) || | |
1582 | !s->start_timestamp.realtime <= 0) | |
1583 | zero(*s); | |
1584 | ||
034c6ed7 | 1585 | s->pid = pid; |
63983207 | 1586 | dual_timestamp_get(&s->exit_timestamp); |
9fb86720 | 1587 | |
034c6ed7 LP |
1588 | s->code = code; |
1589 | s->status = status; | |
9fb86720 LP |
1590 | } |
1591 | ||
1592 | void exec_status_dump(ExecStatus *s, FILE *f, const char *prefix) { | |
1593 | char buf[FORMAT_TIMESTAMP_MAX]; | |
1594 | ||
1595 | assert(s); | |
1596 | assert(f); | |
1597 | ||
1598 | if (!prefix) | |
1599 | prefix = ""; | |
1600 | ||
1601 | if (s->pid <= 0) | |
1602 | return; | |
1603 | ||
1604 | fprintf(f, | |
bb00e604 LP |
1605 | "%sPID: %lu\n", |
1606 | prefix, (unsigned long) s->pid); | |
9fb86720 | 1607 | |
63983207 | 1608 | if (s->start_timestamp.realtime > 0) |
9fb86720 LP |
1609 | fprintf(f, |
1610 | "%sStart Timestamp: %s\n", | |
63983207 | 1611 | prefix, format_timestamp(buf, sizeof(buf), s->start_timestamp.realtime)); |
9fb86720 | 1612 | |
63983207 | 1613 | if (s->exit_timestamp.realtime > 0) |
9fb86720 LP |
1614 | fprintf(f, |
1615 | "%sExit Timestamp: %s\n" | |
1616 | "%sExit Code: %s\n" | |
1617 | "%sExit Status: %i\n", | |
63983207 | 1618 | prefix, format_timestamp(buf, sizeof(buf), s->exit_timestamp.realtime), |
9fb86720 LP |
1619 | prefix, sigchld_code_to_string(s->code), |
1620 | prefix, s->status); | |
5cb5a6ff | 1621 | } |
44d8db9e | 1622 | |
9e2f7c11 | 1623 | char *exec_command_line(char **argv) { |
44d8db9e LP |
1624 | size_t k; |
1625 | char *n, *p, **a; | |
1626 | bool first = true; | |
1627 | ||
9e2f7c11 | 1628 | assert(argv); |
44d8db9e | 1629 | |
9164977d | 1630 | k = 1; |
9e2f7c11 | 1631 | STRV_FOREACH(a, argv) |
44d8db9e LP |
1632 | k += strlen(*a)+3; |
1633 | ||
1634 | if (!(n = new(char, k))) | |
1635 | return NULL; | |
1636 | ||
1637 | p = n; | |
9e2f7c11 | 1638 | STRV_FOREACH(a, argv) { |
44d8db9e LP |
1639 | |
1640 | if (!first) | |
1641 | *(p++) = ' '; | |
1642 | else | |
1643 | first = false; | |
1644 | ||
1645 | if (strpbrk(*a, WHITESPACE)) { | |
1646 | *(p++) = '\''; | |
1647 | p = stpcpy(p, *a); | |
1648 | *(p++) = '\''; | |
1649 | } else | |
1650 | p = stpcpy(p, *a); | |
1651 | ||
1652 | } | |
1653 | ||
9164977d LP |
1654 | *p = 0; |
1655 | ||
44d8db9e LP |
1656 | /* FIXME: this doesn't really handle arguments that have |
1657 | * spaces and ticks in them */ | |
1658 | ||
1659 | return n; | |
1660 | } | |
1661 | ||
1662 | void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix) { | |
9fb86720 LP |
1663 | char *p2; |
1664 | const char *prefix2; | |
1665 | ||
44d8db9e LP |
1666 | char *cmd; |
1667 | ||
1668 | assert(c); | |
1669 | assert(f); | |
1670 | ||
1671 | if (!prefix) | |
1672 | prefix = ""; | |
9fb86720 LP |
1673 | p2 = strappend(prefix, "\t"); |
1674 | prefix2 = p2 ? p2 : prefix; | |
44d8db9e | 1675 | |
9e2f7c11 | 1676 | cmd = exec_command_line(c->argv); |
44d8db9e LP |
1677 | |
1678 | fprintf(f, | |
1679 | "%sCommand Line: %s\n", | |
1680 | prefix, cmd ? cmd : strerror(ENOMEM)); | |
1681 | ||
1682 | free(cmd); | |
9fb86720 LP |
1683 | |
1684 | exec_status_dump(&c->exec_status, f, prefix2); | |
1685 | ||
1686 | free(p2); | |
44d8db9e LP |
1687 | } |
1688 | ||
1689 | void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix) { | |
1690 | assert(f); | |
1691 | ||
1692 | if (!prefix) | |
1693 | prefix = ""; | |
1694 | ||
1695 | LIST_FOREACH(command, c, c) | |
1696 | exec_command_dump(c, f, prefix); | |
1697 | } | |
94f04347 | 1698 | |
a6a80b4f LP |
1699 | void exec_command_append_list(ExecCommand **l, ExecCommand *e) { |
1700 | ExecCommand *end; | |
1701 | ||
1702 | assert(l); | |
1703 | assert(e); | |
1704 | ||
1705 | if (*l) { | |
1706 | /* It's kinda important that we keep the order here */ | |
1707 | LIST_FIND_TAIL(ExecCommand, command, *l, end); | |
1708 | LIST_INSERT_AFTER(ExecCommand, command, *l, end, e); | |
1709 | } else | |
1710 | *l = e; | |
1711 | } | |
1712 | ||
26fd040d LP |
1713 | int exec_command_set(ExecCommand *c, const char *path, ...) { |
1714 | va_list ap; | |
1715 | char **l, *p; | |
1716 | ||
1717 | assert(c); | |
1718 | assert(path); | |
1719 | ||
1720 | va_start(ap, path); | |
1721 | l = strv_new_ap(path, ap); | |
1722 | va_end(ap); | |
1723 | ||
1724 | if (!l) | |
1725 | return -ENOMEM; | |
1726 | ||
1727 | if (!(p = strdup(path))) { | |
1728 | strv_free(l); | |
1729 | return -ENOMEM; | |
1730 | } | |
1731 | ||
1732 | free(c->path); | |
1733 | c->path = p; | |
1734 | ||
1735 | strv_free(c->argv); | |
1736 | c->argv = l; | |
1737 | ||
1738 | return 0; | |
1739 | } | |
1740 | ||
80876c20 | 1741 | const char* exit_status_to_string(ExitStatus status) { |
b8d3418f LP |
1742 | |
1743 | /* We cast to int here, so that -Wenum doesn't complain that | |
1744 | * EXIT_SUCCESS/EXIT_FAILURE aren't in the enum */ | |
1745 | ||
1746 | switch ((int) status) { | |
80876c20 LP |
1747 | |
1748 | case EXIT_SUCCESS: | |
1749 | return "SUCCESS"; | |
1750 | ||
1751 | case EXIT_FAILURE: | |
1752 | return "FAILURE"; | |
1753 | ||
1754 | case EXIT_INVALIDARGUMENT: | |
1755 | return "INVALIDARGUMENT"; | |
1756 | ||
1757 | case EXIT_NOTIMPLEMENTED: | |
1758 | return "NOTIMPLEMENTED"; | |
1759 | ||
1760 | case EXIT_NOPERMISSION: | |
1761 | return "NOPERMISSION"; | |
1762 | ||
1763 | case EXIT_NOTINSTALLED: | |
1764 | return "NOTINSSTALLED"; | |
1765 | ||
1766 | case EXIT_NOTCONFIGURED: | |
1767 | return "NOTCONFIGURED"; | |
1768 | ||
1769 | case EXIT_NOTRUNNING: | |
1770 | return "NOTRUNNING"; | |
1771 | ||
1772 | case EXIT_CHDIR: | |
1773 | return "CHDIR"; | |
1774 | ||
1775 | case EXIT_NICE: | |
1776 | return "NICE"; | |
1777 | ||
1778 | case EXIT_FDS: | |
1779 | return "FDS"; | |
1780 | ||
1781 | case EXIT_EXEC: | |
1782 | return "EXEC"; | |
1783 | ||
1784 | case EXIT_MEMORY: | |
1785 | return "MEMORY"; | |
1786 | ||
1787 | case EXIT_LIMITS: | |
1788 | return "LIMITS"; | |
1789 | ||
1790 | case EXIT_OOM_ADJUST: | |
1791 | return "OOM_ADJUST"; | |
1792 | ||
1793 | case EXIT_SIGNAL_MASK: | |
1794 | return "SIGNAL_MASK"; | |
1795 | ||
1796 | case EXIT_STDIN: | |
1797 | return "STDIN"; | |
1798 | ||
1799 | case EXIT_STDOUT: | |
1800 | return "STDOUT"; | |
1801 | ||
1802 | case EXIT_CHROOT: | |
1803 | return "CHROOT"; | |
1804 | ||
1805 | case EXIT_IOPRIO: | |
1806 | return "IOPRIO"; | |
1807 | ||
1808 | case EXIT_TIMERSLACK: | |
1809 | return "TIMERSLACK"; | |
1810 | ||
1811 | case EXIT_SECUREBITS: | |
1812 | return "SECUREBITS"; | |
1813 | ||
1814 | case EXIT_SETSCHEDULER: | |
1815 | return "SETSCHEDULER"; | |
1816 | ||
1817 | case EXIT_CPUAFFINITY: | |
1818 | return "CPUAFFINITY"; | |
1819 | ||
1820 | case EXIT_GROUP: | |
1821 | return "GROUP"; | |
1822 | ||
1823 | case EXIT_USER: | |
1824 | return "USER"; | |
1825 | ||
1826 | case EXIT_CAPABILITIES: | |
1827 | return "CAPABILITIES"; | |
1828 | ||
1829 | case EXIT_CGROUP: | |
1830 | return "CGROUP"; | |
1831 | ||
1832 | case EXIT_SETSID: | |
1833 | return "SETSID"; | |
1834 | ||
1835 | case EXIT_CONFIRM: | |
1836 | return "CONFIRM"; | |
1837 | ||
1838 | case EXIT_STDERR: | |
1839 | return "STDERR"; | |
1840 | ||
df1f0afe LP |
1841 | case EXIT_TCPWRAP: |
1842 | return "TCPWRAP"; | |
1843 | ||
5b6319dc LP |
1844 | case EXIT_PAM: |
1845 | return "PAM"; | |
1846 | ||
80876c20 LP |
1847 | default: |
1848 | return NULL; | |
1849 | } | |
1850 | } | |
1851 | ||
1852 | static const char* const exec_input_table[_EXEC_INPUT_MAX] = { | |
1853 | [EXEC_INPUT_NULL] = "null", | |
1854 | [EXEC_INPUT_TTY] = "tty", | |
1855 | [EXEC_INPUT_TTY_FORCE] = "tty-force", | |
4f2d528d LP |
1856 | [EXEC_INPUT_TTY_FAIL] = "tty-fail", |
1857 | [EXEC_INPUT_SOCKET] = "socket" | |
80876c20 LP |
1858 | }; |
1859 | ||
94f04347 | 1860 | static const char* const exec_output_table[_EXEC_OUTPUT_MAX] = { |
80876c20 | 1861 | [EXEC_OUTPUT_INHERIT] = "inherit", |
94f04347 | 1862 | [EXEC_OUTPUT_NULL] = "null", |
80876c20 | 1863 | [EXEC_OUTPUT_TTY] = "tty", |
94f04347 | 1864 | [EXEC_OUTPUT_SYSLOG] = "syslog", |
9a6bca7a | 1865 | [EXEC_OUTPUT_KMSG] = "kmsg", |
4f2d528d | 1866 | [EXEC_OUTPUT_SOCKET] = "socket" |
94f04347 LP |
1867 | }; |
1868 | ||
1869 | DEFINE_STRING_TABLE_LOOKUP(exec_output, ExecOutput); | |
1870 | ||
94f04347 | 1871 | DEFINE_STRING_TABLE_LOOKUP(exec_input, ExecInput); |