[thirdparty/systemd.git] / src / sysctl / sysctl.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <errno.h>
#include <getopt.h>
#include <limits.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <sys/types.h>

#include "conf-files.h"
#include "creds-util.h"
#include "def.h"
#include "errno-util.h"
#include "fd-util.h"
#include "fileio.h"
#include "glob-util.h"
#include "hashmap.h"
#include "log.h"
#include "main-func.h"
#include "pager.h"
#include "path-util.h"
#include "pretty-print.h"
#include "string-util.h"
#include "strv.h"
#include "sysctl-util.h"

static char **arg_prefixes = NULL;
static bool arg_cat_config = false;
static bool arg_strict = false;
static PagerFlags arg_pager_flags = 0;

STATIC_DESTRUCTOR_REGISTER(arg_prefixes, strv_freep);

typedef struct Option {
        char *key;
        char *value;
        bool ignore_failure;
} Option;

static Option *option_free(Option *o) {
        if (!o)
                return NULL;

        free(o->key);
        free(o->value);

        return mfree(o);
}

DEFINE_TRIVIAL_CLEANUP_FUNC(Option*, option_free);
DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(option_hash_ops, char, string_hash_func, string_compare_func, Option, option_free);

static bool test_prefix(const char *p) {
        if (strv_isempty(arg_prefixes))
                return true;

        STRV_FOREACH(i, arg_prefixes) {
                const char *t;

                t = path_startswith(*i, "/proc/sys/");
                if (!t)
                        t = *i;

                if (path_startswith(p, t))
                        return true;
        }

        return false;
}

static Option *option_new(
                const char *key,
                const char *value,
                bool ignore_failure) {

        _cleanup_(option_freep) Option *o = NULL;

        assert(key);

        o = new(Option, 1);
        if (!o)
                return NULL;

        *o = (Option) {
                .key = strdup(key),
                .value = value ? strdup(value) : NULL,
                .ignore_failure = ignore_failure,
        };

        if (!o->key)
                return NULL;
        if (value && !o->value)
                return NULL;

        return TAKE_PTR(o);
}

static int sysctl_write_or_warn(const char *key, const char *value, bool ignore_failure) {
        int r;

        r = sysctl_write(key, value);
        if (r < 0) {
                /* Proceed without failing if ignore_failure is true.
                 * If the sysctl is not available in the kernel or we are running with reduced privileges and
                 * cannot write it, then log about the issue, and proceed without failing. Unless strict mode
                 * (arg_strict = true) is enabled, in which case we should fail. (EROFS is treated as a
                 * permission problem here, since that's how container managers usually protected their
                 * sysctls.)
                 * In all other cases log an error and make the tool fail. */
                if (ignore_failure || (!arg_strict && (r == -EROFS || ERRNO_IS_PRIVILEGE(r))))
                        log_debug_errno(r, "Couldn't write '%s' to '%s', ignoring: %m", value, key);
                else if (!arg_strict && r == -ENOENT)
                        log_warning_errno(r, "Couldn't write '%s' to '%s', ignoring: %m", value, key);
                else
                        return log_error_errno(r, "Couldn't write '%s' to '%s': %m", value, key);
        }

        return 0;
}

static int apply_all(OrderedHashmap *sysctl_options) {
        Option *option;
        int r = 0;

        ORDERED_HASHMAP_FOREACH(option, sysctl_options) {
                int k;

                /* Ignore "negative match" options, they are there only to exclude stuff from globs. */
                if (!option->value)
                        continue;

                if (string_is_glob(option->key)) {
                        _cleanup_strv_free_ char **paths = NULL;
                        _cleanup_free_ char *pattern = NULL;

                        pattern = path_join("/proc/sys", option->key);
                        if (!pattern)
                                return log_oom();

                        k = glob_extend(&paths, pattern, GLOB_NOCHECK);
                        if (k < 0) {
                                if (option->ignore_failure || ERRNO_IS_PRIVILEGE(k))
                                        log_debug_errno(k, "Failed to resolve glob '%s', ignoring: %m",
                                                        option->key);
                                else {
                                        log_error_errno(k, "Couldn't resolve glob '%s': %m",
                                                        option->key);
                                        if (r == 0)
                                                r = k;
                                }

                        } else if (strv_isempty(paths))
                                log_debug("No match for glob: %s", option->key);

                        STRV_FOREACH(s, paths) {
                                const char *key;

                                assert_se(key = path_startswith(*s, "/proc/sys"));

                                if (!test_prefix(key))
                                        continue;

                                if (ordered_hashmap_contains(sysctl_options, key)) {
                                        log_debug("Not setting %s (explicit setting exists).", key);
                                        continue;
                                }

                                k = sysctl_write_or_warn(key, option->value, option->ignore_failure);
                                if (r == 0)
                                        r = k;
                        }

                } else {
                        k = sysctl_write_or_warn(option->key, option->value, option->ignore_failure);
                        if (r == 0)
                                r = k;
                }
        }

        return r;
}

static int parse_file(OrderedHashmap **sysctl_options, const char *path, bool ignore_enoent) {
        _cleanup_fclose_ FILE *f = NULL;
        _cleanup_free_ char *pp = NULL;
        unsigned c = 0;
        int r;

        assert(path);

        r = search_and_fopen(path, "re", NULL, (const char**) CONF_PATHS_STRV("sysctl.d"), &f, &pp);
        if (r < 0) {
                if (ignore_enoent && r == -ENOENT)
                        return 0;

                return log_error_errno(r, "Failed to open file '%s', ignoring: %m", path);
        }

        log_debug("Parsing %s", pp);
        for (;;) {
                _cleanup_(option_freep) Option *new_option = NULL;
                _cleanup_free_ char *l = NULL;
                bool ignore_failure = false;
                Option *existing;
                char *p, *value;
                int k;

                k = read_line(f, LONG_LINE_MAX, &l);
                if (k == 0)
                        break;
                if (k < 0)
                        return log_error_errno(k, "Failed to read file '%s', ignoring: %m", pp);

                c++;

                p = strstrip(l);

                if (isempty(p))
                        continue;
                if (strchr(COMMENTS "\n", *p))
                        continue;

                value = strchr(p, '=');
                if (value) {
                        if (p[0] == '-') {
                                ignore_failure = true;
                                p++;
                        }

                        *value = 0;
                        value++;
                        value = strstrip(value);

                } else {
                        if (p[0] == '-')
                                /* We have a "negative match" option. Let's continue with value==NULL. */
                                p++;
                        else {
                                log_syntax(NULL, LOG_WARNING, pp, c, 0,
                                           "Line is not an assignment, ignoring: %s", p);
                                if (r == 0)
                                        r = -EINVAL;
                                continue;
                        }
                }

                p = strstrip(p);
                p = sysctl_normalize(p);

                /* We can't filter out globs at this point, we'll need to do that later. */
                if (!string_is_glob(p) &&
                    !test_prefix(p))
                        continue;

                if (ordered_hashmap_ensure_allocated(sysctl_options, &option_hash_ops) < 0)
                        return log_oom();

                existing = ordered_hashmap_get(*sysctl_options, p);
                if (existing) {
                        if (streq_ptr(value, existing->value)) {
                                existing->ignore_failure = existing->ignore_failure || ignore_failure;
                                continue;
                        }

                        log_debug("Overwriting earlier assignment of %s at '%s:%u'.", p, pp, c);
                        option_free(ordered_hashmap_remove(*sysctl_options, p));
                }

                new_option = option_new(p, value, ignore_failure);
                if (!new_option)
                        return log_oom();

                k = ordered_hashmap_put(*sysctl_options, new_option->key, new_option);
                if (k < 0)
                        return log_error_errno(k, "Failed to add sysctl variable %s to hashmap: %m", p);

                TAKE_PTR(new_option);
        }

        return r;
}

static int read_credential_lines(OrderedHashmap **sysctl_options) {
        _cleanup_free_ char *j = NULL;
        const char *d;
        int r;

        r = get_credentials_dir(&d);
        if (r == -ENXIO)
                return 0;
        if (r < 0)
                return log_error_errno(r, "Failed to get credentials directory: %m");

        j = path_join(d, "sysctl.extra");
        if (!j)
                return log_oom();

        (void) parse_file(sysctl_options, j, /* ignore_enoent= */ true);
        return 0;
}

static int help(void) {
        _cleanup_free_ char *link = NULL;
        int r;

        r = terminal_urlify_man("systemd-sysctl.service", "8", &link);
        if (r < 0)
                return log_oom();

        printf("%s [OPTIONS...] [CONFIGURATION FILE...]\n\n"
               "Applies kernel sysctl settings.\n\n"
               "  -h --help             Show this help\n"
               "     --version          Show package version\n"
               "     --cat-config       Show configuration files\n"
               "     --prefix=PATH      Only apply rules with the specified prefix\n"
               "     --no-pager         Do not pipe output into a pager\n"
               "\nSee the %s for details.\n",
               program_invocation_short_name,
               link);

        return 0;
}

static int parse_argv(int argc, char *argv[]) {

        enum {
                ARG_VERSION = 0x100,
                ARG_CAT_CONFIG,
                ARG_PREFIX,
                ARG_NO_PAGER,
                ARG_STRICT,
        };

        static const struct option options[] = {
                { "help",       no_argument,       NULL, 'h'            },
                { "version",    no_argument,       NULL, ARG_VERSION    },
                { "cat-config", no_argument,       NULL, ARG_CAT_CONFIG },
                { "prefix",     required_argument, NULL, ARG_PREFIX     },
                { "no-pager",   no_argument,       NULL, ARG_NO_PAGER   },
                { "strict",     no_argument,       NULL, ARG_STRICT     },
                {}
        };

        int c;

        assert(argc >= 0);
        assert(argv);

        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)

                switch (c) {

                case 'h':
                        return help();

                case ARG_VERSION:
                        return version();

                case ARG_CAT_CONFIG:
                        arg_cat_config = true;
                        break;

                case ARG_PREFIX: {
                        char *p;

                        /* We used to require people to specify absolute paths
                         * in /proc/sys in the past. This is kinda useless, but
                         * we need to keep compatibility. We now support any
                         * sysctl name available. */
                        sysctl_normalize(optarg);

                        if (path_startswith(optarg, "/proc/sys"))
                                p = strdup(optarg);
                        else
                                p = path_join("/proc/sys", optarg);
                        if (!p)
                                return log_oom();

                        if (strv_consume(&arg_prefixes, p) < 0)
                                return log_oom();

                        break;
                }

                case ARG_NO_PAGER:
                        arg_pager_flags |= PAGER_DISABLE;
                        break;

                case ARG_STRICT:
                        arg_strict = true;
                        break;

                case '?':
                        return -EINVAL;

                default:
                        assert_not_reached();
                }

        if (arg_cat_config && argc > optind)
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                       "Positional arguments are not allowed with --cat-config");

        return 1;
}

static int run(int argc, char *argv[]) {
        _cleanup_(ordered_hashmap_freep) OrderedHashmap *sysctl_options = NULL;
        int r, k;

        r = parse_argv(argc, argv);
        if (r <= 0)
                return r;

        log_setup();

        umask(0022);

        if (argc > optind) {
                int i;

                r = 0;

                for (i = optind; i < argc; i++) {
                        k = parse_file(&sysctl_options, argv[i], false);
                        if (k < 0 && r == 0)
                                r = k;
                }
        } else {
                _cleanup_strv_free_ char **files = NULL;

                r = conf_files_list_strv(&files, ".conf", NULL, 0, (const char**) CONF_PATHS_STRV("sysctl.d"));
                if (r < 0)
                        return log_error_errno(r, "Failed to enumerate sysctl.d files: %m");

                if (arg_cat_config) {
                        pager_open(arg_pager_flags);

                        return cat_files(NULL, files, 0);
                }

                STRV_FOREACH(f, files) {
                        k = parse_file(&sysctl_options, *f, true);
                        if (k < 0 && r == 0)
                                r = k;
                }

                k = read_credential_lines(&sysctl_options);
                if (k < 0 && r == 0)
                        r = k;
        }

        k = apply_all(sysctl_options);
        if (k < 0 && r == 0)
                r = k;

        return r;
}

DEFINE_MAIN_FUNCTION(run);
Commit	Line	Data
db9ecf05	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
8e1bd70d	2
8e1bd70d	3	#include <errno.h>
7a2a0b90	4	#include <getopt.h>
3f6fd1ba LP	5	#include <limits.h>
	6	#include <stdbool.h>
	7	#include <stdio.h>
	8	#include <stdlib.h>
ca78ad1d ZJS	9	#include <sys/stat.h>
ca78ad1d ZJS	10	#include <sys/types.h>
8e1bd70d	11
2c21044f	12	#include "conf-files.h"
39f0d1d2	13	#include "creds-util.h"
a0f29c76	14	#include "def.h"
32458cc9	15	#include "errno-util.h"
3ffd4af2	16	#include "fd-util.h"
a5c32cff	17	#include "fileio.h"
e0f42479	18	#include "glob-util.h"
3f6fd1ba LP	19	#include "hashmap.h"
3f6fd1ba LP	20	#include "log.h"
8eb42d90	21	#include "main-func.h"
dcd5c891	22	#include "pager.h"
3f6fd1ba	23	#include "path-util.h"
294bf0c3	24	#include "pretty-print.h"
07630cea	25	#include "string-util.h"
3f6fd1ba	26	#include "strv.h"
88a60da0	27	#include "sysctl-util.h"
8e1bd70d	28
fabe5c0e	29	static char **arg_prefixes = NULL;
3c51c626	30	static bool arg_cat_config = false;
e88748c1	31	static bool arg_strict = false;
0221d68a	32	static PagerFlags arg_pager_flags = 0;
8e1bd70d	33
fd8bdbc7 LP	34	STATIC_DESTRUCTOR_REGISTER(arg_prefixes, strv_freep);
fd8bdbc7 LP	35
dec02d6e LP	36	typedef struct Option {
	37	char *key;
	38	char *value;
	39	bool ignore_failure;
	40	} Option;
	41
	42	static Option option_free(Option o) {
	43	if (!o)
	44	return NULL;
	45
	46	free(o->key);
	47	free(o->value);
	48
	49	return mfree(o);
	50	}
	51
	52	DEFINE_TRIVIAL_CLEANUP_FUNC(Option*, option_free);
	53	DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(option_hash_ops, char, string_hash_func, string_compare_func, Option, option_free);
	54
e0f42479	55	static bool test_prefix(const char *p) {
e0f42479 ZJS	56	if (strv_isempty(arg_prefixes))
	57	return true;
	58
	59	STRV_FOREACH(i, arg_prefixes) {
	60	const char *t;
	61
	62	t = path_startswith(*i, "/proc/sys/");
	63	if (!t)
	64	t = *i;
	65
	66	if (path_startswith(p, t))
	67	return true;
	68	}
	69
	70	return false;
	71	}
	72
dec02d6e LP	73	static Option *option_new(
	74	const char *key,
	75	const char *value,
	76	bool ignore_failure) {
	77
	78	_cleanup_(option_freep) Option *o = NULL;
	79
	80	assert(key);
dec02d6e LP	81
	82	o = new(Option, 1);
	83	if (!o)
	84	return NULL;
	85
	86	*o = (Option) {
	87	.key = strdup(key),
e0f42479	88	.value = value ? strdup(value) : NULL,
dec02d6e LP	89	.ignore_failure = ignore_failure,
	90	};
	91
e0f42479 ZJS	92	if (!o->key)
	93	return NULL;
	94	if (value && !o->value)
dec02d6e LP	95	return NULL;
	96
	97	return TAKE_PTR(o);
	98	}
	99
e0f42479 ZJS	100	static int sysctl_write_or_warn(const char key, const char value, bool ignore_failure) {
	101	int r;
	102
	103	r = sysctl_write(key, value);
	104	if (r < 0) {
e88748c1 QD	105	/* Proceed without failing if ignore_failure is true.
	106	* If the sysctl is not available in the kernel or we are running with reduced privileges and
	107	* cannot write it, then log about the issue, and proceed without failing. Unless strict mode
	108	* (arg_strict = true) is enabled, in which case we should fail. (EROFS is treated as a
	109	* permission problem here, since that's how container managers usually protected their
	110	* sysctls.)
	111	* In all other cases log an error and make the tool fail. */
	112	if (ignore_failure \|\| (!arg_strict && (r == -EROFS \|\| ERRNO_IS_PRIVILEGE(r))))
e0f42479	113	log_debug_errno(r, "Couldn't write '%s' to '%s', ignoring: %m", value, key);
e88748c1	114	else if (!arg_strict && r == -ENOENT)
1805fbcf	115	log_warning_errno(r, "Couldn't write '%s' to '%s', ignoring: %m", value, key);
e0f42479 ZJS	116	else
	117	return log_error_errno(r, "Couldn't write '%s' to '%s': %m", value, key);
	118	}
	119
	120	return 0;
	121	}
	122
886cf982	123	static int apply_all(OrderedHashmap *sysctl_options) {
dec02d6e	124	Option *option;
e50b33be	125	int r = 0;
fabe5c0e	126
90e74a66	127	ORDERED_HASHMAP_FOREACH(option, sysctl_options) {
86fc77c4 MS	128	int k;
86fc77c4 MS	129
e0f42479 ZJS	130	/* Ignore "negative match" options, they are there only to exclude stuff from globs. */
	131	if (!option->value)
	132	continue;
e50b33be	133
e0f42479 ZJS	134	if (string_is_glob(option->key)) {
	135	_cleanup_strv_free_ char **paths = NULL;
	136	_cleanup_free_ char *pattern = NULL;
86fc77c4	137
e0f42479 ZJS	138	pattern = path_join("/proc/sys", option->key);
	139	if (!pattern)
	140	return log_oom();
9c37b41c	141
544e146b	142	k = glob_extend(&paths, pattern, GLOB_NOCHECK);
e0f42479	143	if (k < 0) {
c53ce14d	144	if (option->ignore_failure \|\| ERRNO_IS_PRIVILEGE(k))
e0f42479 ZJS	145	log_debug_errno(k, "Failed to resolve glob '%s', ignoring: %m",
	146	option->key);
	147	else {
	148	log_error_errno(k, "Couldn't resolve glob '%s': %m",
	149	option->key);
	150	if (r == 0)
	151	r = k;
	152	}
9c37b41c	153
e0f42479 ZJS	154	} else if (strv_isempty(paths))
e0f42479 ZJS	155	log_debug("No match for glob: %s", option->key);
9c37b41c	156
e0f42479 ZJS	157	STRV_FOREACH(s, paths) {
	158	const char *key;
	159
	160	assert_se(key = path_startswith(*s, "/proc/sys"));
	161
	162	if (!test_prefix(key))
	163	continue;
	164
	165	if (ordered_hashmap_contains(sysctl_options, key)) {
42a033f7	166	log_debug("Not setting %s (explicit setting exists).", key);
e0f42479 ZJS	167	continue;
	168	}
	169
	170	k = sysctl_write_or_warn(key, option->value, option->ignore_failure);
	171	if (r == 0)
	172	r = k;
	173	}
	174
	175	} else {
	176	k = sysctl_write_or_warn(option->key, option->value, option->ignore_failure);
	177	if (r == 0)
	178	r = k;
	179	}
9c37b41c LP	180	}
9c37b41c LP	181
e0f42479	182	return r;
9c37b41c LP	183	}
9c37b41c LP	184
b2ae4d9e	185	static int parse_file(OrderedHashmap *sysctl_options, const char path, bool ignore_enoent) {
fabe5c0e	186	_cleanup_fclose_ FILE *f = NULL;
2708160c	187	_cleanup_free_ char *pp = NULL;
98bf5011	188	unsigned c = 0;
fabe5c0e	189	int r;
8e1bd70d LP	190
	191	assert(path);
	192
2708160c	193	r = search_and_fopen(path, "re", NULL, (const char**) CONF_PATHS_STRV("sysctl.d"), &f, &pp);
fabe5c0e	194	if (r < 0) {
6f6fad96	195	if (ignore_enoent && r == -ENOENT)
c1b664d0 LP	196	return 0;
c1b664d0 LP	197
8d3d7072	198	return log_error_errno(r, "Failed to open file '%s', ignoring: %m", path);
8e1bd70d LP	199	}
8e1bd70d LP	200
2708160c	201	log_debug("Parsing %s", pp);
4f14f2bb	202	for (;;) {
dec02d6e	203	_cleanup_(option_freep) Option *new_option = NULL;
a668bfe8	204	_cleanup_free_ char *l = NULL;
e0f42479	205	bool ignore_failure = false;
dec02d6e LP	206	Option *existing;
dec02d6e LP	207	char p, value;
fabe5c0e	208	int k;
548f6937	209
a668bfe8 TSH	210	k = read_line(f, LONG_LINE_MAX, &l);
	211	if (k == 0)
	212	break;
a668bfe8	213	if (k < 0)
2708160c	214	return log_error_errno(k, "Failed to read file '%s', ignoring: %m", pp);
8e1bd70d	215
98bf5011 LP	216	c++;
98bf5011 LP	217
8e1bd70d	218	p = strstrip(l);
8e1bd70d	219
548f6937 LP	220	if (isempty(p))
548f6937 LP	221	continue;
d3b6d0c2	222	if (strchr(COMMENTS "\n", *p))
8e1bd70d LP	223	continue;
8e1bd70d LP	224
86fc77c4	225	value = strchr(p, '=');
e0f42479 ZJS	226	if (value) {
	227	if (p[0] == '-') {
	228	ignore_failure = true;
	229	p++;
	230	}
8e1bd70d	231
e0f42479 ZJS	232	*value = 0;
	233	value++;
	234	value = strstrip(value);
8e1bd70d	235
e0f42479 ZJS	236	} else {
	237	if (p[0] == '-')
	238	/* We have a "negative match" option. Let's continue with value==NULL. */
	239	p++;
	240	else {
2708160c	241	log_syntax(NULL, LOG_WARNING, pp, c, 0,
e0f42479 ZJS	242	"Line is not an assignment, ignoring: %s", p);
	243	if (r == 0)
	244	r = -EINVAL;
	245	continue;
	246	}
	247	}
dec02d6e	248
e0f42479	249	p = strstrip(p);
dec02d6e	250	p = sysctl_normalize(p);
fabe5c0e	251
e0f42479 ZJS	252	/* We can't filter out globs at this point, we'll need to do that later. */
	253	if (!string_is_glob(p) &&
	254	!test_prefix(p))
b99802f7	255	continue;
b99802f7	256
b2ae4d9e ZJS	257	if (ordered_hashmap_ensure_allocated(sysctl_options, &option_hash_ops) < 0)
	258	return log_oom();
	259
	260	existing = ordered_hashmap_get(*sysctl_options, p);
fabe5c0e	261	if (existing) {
db99904b	262	if (streq_ptr(value, existing->value)) {
dec02d6e	263	existing->ignore_failure = existing->ignore_failure \|\| ignore_failure;
04bf3c1a	264	continue;
dec02d6e	265	}
fabe5c0e	266
2708160c	267	log_debug("Overwriting earlier assignment of %s at '%s:%u'.", p, pp, c);
b2ae4d9e	268	option_free(ordered_hashmap_remove(*sysctl_options, p));
86fc77c4 MS	269	}
86fc77c4 MS	270
dec02d6e LP	271	new_option = option_new(p, value, ignore_failure);
dec02d6e LP	272	if (!new_option)
fabe5c0e LP	273	return log_oom();
fabe5c0e LP	274
b2ae4d9e	275	k = ordered_hashmap_put(*sysctl_options, new_option->key, new_option);
dec02d6e LP	276	if (k < 0)
dec02d6e LP	277	return log_error_errno(k, "Failed to add sysctl variable %s to hashmap: %m", p);
86fc77c4	278
dec02d6e	279	TAKE_PTR(new_option);
8e1bd70d LP	280	}
8e1bd70d LP	281
c1b664d0	282	return r;
8e1bd70d LP	283	}
8e1bd70d LP	284
39f0d1d2 LP	285	static int read_credential_lines(OrderedHashmap **sysctl_options) {
	286	_cleanup_free_ char *j = NULL;
	287	const char *d;
	288	int r;
	289
	290	r = get_credentials_dir(&d);
	291	if (r == -ENXIO)
	292	return 0;
	293	if (r < 0)
	294	return log_error_errno(r, "Failed to get credentials directory: %m");
	295
	296	j = path_join(d, "sysctl.extra");
	297	if (!j)
	298	return log_oom();
	299
	300	(void) parse_file(sysctl_options, j, /* ignore_enoent= */ true);
	301	return 0;
	302	}
	303
37ec0fdd LP	304	static int help(void) {
	305	_cleanup_free_ char *link = NULL;
	306	int r;
	307
	308	r = terminal_urlify_man("systemd-sysctl.service", "8", &link);
	309	if (r < 0)
	310	return log_oom();
	311
7a2a0b90 LP	312	printf("%s [OPTIONS...] [CONFIGURATION FILE...]\n\n"
	313	"Applies kernel sysctl settings.\n\n"
	314	" -h --help Show this help\n"
eb9da376	315	" --version Show package version\n"
3c51c626	316	" --cat-config Show configuration files\n"
0e1f5792	317	" --prefix=PATH Only apply rules with the specified prefix\n"
dcd5c891	318	" --no-pager Do not pipe output into a pager\n"
bc556335 DDM	319	"\nSee the %s for details.\n",
	320	program_invocation_short_name,
	321	link);
37ec0fdd LP	322
37ec0fdd LP	323	return 0;
7a2a0b90 LP	324	}
	325
	326	static int parse_argv(int argc, char *argv[]) {
	327
	328	enum {
eb9da376	329	ARG_VERSION = 0x100,
3c51c626 ZJS	330	ARG_CAT_CONFIG,
3c51c626 ZJS	331	ARG_PREFIX,
dcd5c891	332	ARG_NO_PAGER,
e88748c1	333	ARG_STRICT,
7a2a0b90 LP	334	};
	335
	336	static const struct option options[] = {
3c51c626 ZJS	337	{ "help", no_argument, NULL, 'h' },
	338	{ "version", no_argument, NULL, ARG_VERSION },
	339	{ "cat-config", no_argument, NULL, ARG_CAT_CONFIG },
	340	{ "prefix", required_argument, NULL, ARG_PREFIX },
dcd5c891	341	{ "no-pager", no_argument, NULL, ARG_NO_PAGER },
e88748c1	342	{ "strict", no_argument, NULL, ARG_STRICT },
eb9da376	343	{}
7a2a0b90 LP	344	};
	345
	346	int c;
	347
	348	assert(argc >= 0);
	349	assert(argv);
	350
601185b4	351	while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
7a2a0b90 LP	352
	353	switch (c) {
	354
	355	case 'h':
37ec0fdd	356	return help();
eb9da376 LP	357
eb9da376 LP	358	case ARG_VERSION:
3f6fd1ba	359	return version();
7a2a0b90	360
3c51c626 ZJS	361	case ARG_CAT_CONFIG:
	362	arg_cat_config = true;
	363	break;
	364
7a2a0b90 LP	365	case ARG_PREFIX: {
	366	char *p;
	367
0e1f5792 DH	368	/* We used to require people to specify absolute paths
	369	* in /proc/sys in the past. This is kinda useless, but
	370	* we need to keep compatibility. We now support any
	371	* sysctl name available. */
88a60da0	372	sysctl_normalize(optarg);
e50b33be	373
27458ed6	374	if (path_startswith(optarg, "/proc/sys"))
0e1f5792 DH	375	p = strdup(optarg);
0e1f5792 DH	376	else
b910cc72	377	p = path_join("/proc/sys", optarg);
0e1f5792 DH	378	if (!p)
0e1f5792 DH	379	return log_oom();
e50b33be	380
0e1f5792	381	if (strv_consume(&arg_prefixes, p) < 0)
0d0f0c50	382	return log_oom();
f68c5a70	383
7a2a0b90 LP	384	break;
	385	}
	386
dcd5c891	387	case ARG_NO_PAGER:
0221d68a	388	arg_pager_flags \|= PAGER_DISABLE;
dcd5c891 LP	389	break;
dcd5c891 LP	390
e88748c1 QD	391	case ARG_STRICT:
	392	arg_strict = true;
	393	break;
	394
7a2a0b90 LP	395	case '?':
	396	return -EINVAL;
	397
	398	default:
04499a70	399	assert_not_reached();
7a2a0b90	400	}
7a2a0b90	401
baaa35ad ZJS	402	if (arg_cat_config && argc > optind)
	403	return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
	404	"Positional arguments are not allowed with --cat-config");
3c51c626	405
7a2a0b90 LP	406	return 1;
	407	}
	408
8eb42d90	409	static int run(int argc, char *argv[]) {
dec02d6e	410	_cleanup_(ordered_hashmap_freep) OrderedHashmap *sysctl_options = NULL;
a34c79d0	411	int r, k;
8e1bd70d	412
7a2a0b90 LP	413	r = parse_argv(argc, argv);
7a2a0b90 LP	414	if (r <= 0)
a34c79d0	415	return r;
7a2a0b90	416
d2acb93d	417	log_setup();
8e1bd70d	418
4c12626c LP	419	umask(0022);
4c12626c LP	420
de19ece7 LP	421	if (argc > optind) {
	422	int i;
	423
2de30233 LP	424	r = 0;
2de30233 LP	425
de19ece7	426	for (i = optind; i < argc; i++) {
b2ae4d9e	427	k = parse_file(&sysctl_options, argv[i], false);
fabe5c0e	428	if (k < 0 && r == 0)
de19ece7 LP	429	r = k;
	430	}
	431	} else {
fabe5c0e	432	_cleanup_strv_free_ char **files = NULL;
c1b664d0	433
a826d4f7	434	r = conf_files_list_strv(&files, ".conf", NULL, 0, (const char**) CONF_PATHS_STRV("sysctl.d"));
a34c79d0 ZJS	435	if (r < 0)
a34c79d0 ZJS	436	return log_error_errno(r, "Failed to enumerate sysctl.d files: %m");
db1413d7	437
3c51c626	438	if (arg_cat_config) {
384c2c32	439	pager_open(arg_pager_flags);
dcd5c891	440
a34c79d0	441	return cat_files(NULL, files, 0);
3c51c626 ZJS	442	}
3c51c626 ZJS	443
fabe5c0e	444	STRV_FOREACH(f, files) {
b2ae4d9e	445	k = parse_file(&sysctl_options, *f, true);
fabe5c0e	446	if (k < 0 && r == 0)
db1413d7 KS	447	r = k;
db1413d7 KS	448	}
39f0d1d2 LP	449
	450	k = read_credential_lines(&sysctl_options);
	451	if (k < 0 && r == 0)
	452	r = k;
8e1bd70d	453	}
86fc77c4	454
fabe5c0e LP	455	k = apply_all(sysctl_options);
fabe5c0e LP	456	if (k < 0 && r == 0)
0187f62b LP	457	r = k;
0187f62b LP	458
8eb42d90	459	return r;
8e1bd70d	460	}
8eb42d90 LP	461
8eb42d90 LP	462	DEFINE_MAIN_FUNCTION(run);