1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
11 #include "alloc-util.h"
12 #include "bus-get-properties.h"
14 #include "capability-util.h"
15 #include "cpu-set-util.h"
16 #include "creds-util.h"
17 #include "dbus-execute.h"
18 #include "dbus-util.h"
20 #include "errno-list.h"
25 #include "hexdecoct.h"
28 #include "journal-file.h"
29 #include "mountpoint-util.h"
30 #include "namespace.h"
31 #include "parse-util.h"
32 #include "path-util.h"
33 #include "process-util.h"
34 #include "rlimit-util.h"
36 #include "seccomp-util.h"
38 #include "securebits-util.h"
39 #include "specifier.h"
41 #include "syslog-util.h"
42 #include "unit-printf.h"
43 #include "user-util.h"
46 BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_exec_output
, exec_output
, ExecOutput
);
47 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_input
, exec_input
, ExecInput
);
48 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_utmp_mode
, exec_utmp_mode
, ExecUtmpMode
);
49 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_preserve_mode
, exec_preserve_mode
, ExecPreserveMode
);
50 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_keyring_mode
, exec_keyring_mode
, ExecKeyringMode
);
51 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_protect_proc
, protect_proc
, ProtectProc
);
52 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_proc_subset
, proc_subset
, ProcSubset
);
53 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_protect_home
, protect_home
, ProtectHome
);
54 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_protect_system
, protect_system
, ProtectSystem
);
55 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_personality
, personality
, unsigned long);
56 static BUS_DEFINE_PROPERTY_GET(property_get_ioprio
, "i", ExecContext
, exec_context_get_effective_ioprio
);
57 static BUS_DEFINE_PROPERTY_GET(property_get_mount_apivfs
, "b", ExecContext
, exec_context_get_effective_mount_apivfs
);
58 static BUS_DEFINE_PROPERTY_GET2(property_get_ioprio_class
, "i", ExecContext
, exec_context_get_effective_ioprio
, IOPRIO_PRIO_CLASS
);
59 static BUS_DEFINE_PROPERTY_GET2(property_get_ioprio_priority
, "i", ExecContext
, exec_context_get_effective_ioprio
, IOPRIO_PRIO_DATA
);
60 static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_empty_string
, "s", NULL
);
61 static BUS_DEFINE_PROPERTY_GET_REF(property_get_syslog_level
, "i", int, LOG_PRI
);
62 static BUS_DEFINE_PROPERTY_GET_REF(property_get_syslog_facility
, "i", int, LOG_FAC
);
63 static BUS_DEFINE_PROPERTY_GET(property_get_cpu_affinity_from_numa
, "b", ExecContext
, exec_context_get_cpu_affinity_from_numa
);
65 static int property_get_environment_files(
68 const char *interface
,
70 sd_bus_message
*reply
,
72 sd_bus_error
*error
) {
74 ExecContext
*c
= userdata
;
82 r
= sd_bus_message_open_container(reply
, 'a', "(sb)");
86 STRV_FOREACH(j
, c
->environment_files
) {
89 r
= sd_bus_message_append(reply
, "(sb)", fn
[0] == '-' ? fn
+ 1 : fn
, fn
[0] == '-');
94 return sd_bus_message_close_container(reply
);
97 static int property_get_oom_score_adjust(
100 const char *interface
,
101 const char *property
,
102 sd_bus_message
*reply
,
104 sd_bus_error
*error
) {
106 ExecContext
*c
= userdata
;
114 if (c
->oom_score_adjust_set
)
115 n
= c
->oom_score_adjust
;
117 _cleanup_free_
char *t
= NULL
;
120 r
= read_one_line_file("/proc/self/oom_score_adj", &t
);
122 log_debug_errno(r
, "Failed to read /proc/self/oom_score_adj, ignoring: %m");
124 r
= safe_atoi32(t
, &n
);
126 log_debug_errno(r
, "Failed to parse \"%s\" from /proc/self/oom_score_adj, ignoring: %m", t
);
130 return sd_bus_message_append(reply
, "i", n
);
133 static int property_get_coredump_filter(
136 const char *interface
,
137 const char *property
,
138 sd_bus_message
*reply
,
140 sd_bus_error
*error
) {
142 ExecContext
*c
= userdata
;
150 if (c
->coredump_filter_set
)
151 n
= c
->coredump_filter
;
153 _cleanup_free_
char *t
= NULL
;
155 n
= COREDUMP_FILTER_MASK_DEFAULT
;
156 r
= read_one_line_file("/proc/self/coredump_filter", &t
);
158 log_debug_errno(r
, "Failed to read /proc/self/coredump_filter, ignoring: %m");
160 r
= safe_atoux64(t
, &n
);
162 log_debug_errno(r
, "Failed to parse \"%s\" from /proc/self/coredump_filter, ignoring: %m", t
);
166 return sd_bus_message_append(reply
, "t", n
);
169 static int property_get_nice(
172 const char *interface
,
173 const char *property
,
174 sd_bus_message
*reply
,
176 sd_bus_error
*error
) {
178 ExecContext
*c
= userdata
;
189 n
= getpriority(PRIO_PROCESS
, 0);
194 return sd_bus_message_append(reply
, "i", n
);
197 static int property_get_cpu_sched_policy(
200 const char *interface
,
201 const char *property
,
202 sd_bus_message
*reply
,
204 sd_bus_error
*error
) {
206 ExecContext
*c
= userdata
;
213 if (c
->cpu_sched_set
)
214 n
= c
->cpu_sched_policy
;
216 n
= sched_getscheduler(0);
221 return sd_bus_message_append(reply
, "i", n
);
224 static int property_get_cpu_sched_priority(
227 const char *interface
,
228 const char *property
,
229 sd_bus_message
*reply
,
231 sd_bus_error
*error
) {
233 ExecContext
*c
= userdata
;
240 if (c
->cpu_sched_set
)
241 n
= c
->cpu_sched_priority
;
243 struct sched_param p
= {};
245 if (sched_getparam(0, &p
) >= 0)
246 n
= p
.sched_priority
;
251 return sd_bus_message_append(reply
, "i", n
);
254 static int property_get_cpu_affinity(
257 const char *interface
,
258 const char *property
,
259 sd_bus_message
*reply
,
261 sd_bus_error
*error
) {
263 ExecContext
*c
= userdata
;
264 _cleanup_(cpu_set_reset
) CPUSet s
= {};
265 _cleanup_free_
uint8_t *array
= NULL
;
272 if (c
->cpu_affinity_from_numa
) {
275 r
= numa_to_cpu_set(&c
->numa_policy
, &s
);
280 (void) cpu_set_to_dbus(c
->cpu_affinity_from_numa
? &s
: &c
->cpu_set
, &array
, &allocated
);
282 return sd_bus_message_append_array(reply
, 'y', array
, allocated
);
285 static int property_get_numa_mask(
288 const char *interface
,
289 const char *property
,
290 sd_bus_message
*reply
,
292 sd_bus_error
*error
) {
294 ExecContext
*c
= userdata
;
295 _cleanup_free_
uint8_t *array
= NULL
;
302 (void) cpu_set_to_dbus(&c
->numa_policy
.nodes
, &array
, &allocated
);
304 return sd_bus_message_append_array(reply
, 'y', array
, allocated
);
307 static int property_get_numa_policy(
310 const char *interface
,
311 const char *property
,
312 sd_bus_message
*reply
,
314 sd_bus_error
*error
) {
315 ExecContext
*c
= userdata
;
322 policy
= numa_policy_get_type(&c
->numa_policy
);
324 return sd_bus_message_append_basic(reply
, 'i', &policy
);
327 static int property_get_timer_slack_nsec(
330 const char *interface
,
331 const char *property
,
332 sd_bus_message
*reply
,
334 sd_bus_error
*error
) {
336 ExecContext
*c
= userdata
;
343 if (c
->timer_slack_nsec
!= NSEC_INFINITY
)
344 u
= (uint64_t) c
->timer_slack_nsec
;
346 u
= (uint64_t) prctl(PR_GET_TIMERSLACK
);
348 return sd_bus_message_append(reply
, "t", u
);
351 static int property_get_syscall_filter(
354 const char *interface
,
355 const char *property
,
356 sd_bus_message
*reply
,
358 sd_bus_error
*error
) {
360 ExecContext
*c
= userdata
;
361 _cleanup_strv_free_
char **l
= NULL
;
372 r
= sd_bus_message_open_container(reply
, 'r', "bas");
376 r
= sd_bus_message_append(reply
, "b", c
->syscall_allow_list
);
381 HASHMAP_FOREACH_KEY(val
, id
, c
->syscall_filter
) {
382 _cleanup_free_
char *name
= NULL
;
383 const char *e
= NULL
;
385 int num
= PTR_TO_INT(val
);
387 name
= seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE
, PTR_TO_INT(id
) - 1);
392 e
= seccomp_errno_or_action_to_string(num
);
394 s
= strjoin(name
, ":", e
);
398 r
= asprintf(&s
, "%s:%d", name
, num
);
405 r
= strv_consume(&l
, s
);
413 r
= sd_bus_message_append_strv(reply
, l
);
417 return sd_bus_message_close_container(reply
);
420 static int property_get_syscall_log(
423 const char *interface
,
424 const char *property
,
425 sd_bus_message
*reply
,
427 sd_bus_error
*error
) {
429 ExecContext
*c
= userdata
;
430 _cleanup_strv_free_
char **l
= NULL
;
441 r
= sd_bus_message_open_container(reply
, 'r', "bas");
445 r
= sd_bus_message_append(reply
, "b", c
->syscall_log_allow_list
);
450 HASHMAP_FOREACH_KEY(val
, id
, c
->syscall_log
) {
453 name
= seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE
, PTR_TO_INT(id
) - 1);
457 r
= strv_consume(&l
, name
);
465 r
= sd_bus_message_append_strv(reply
, l
);
469 return sd_bus_message_close_container(reply
);
472 static int property_get_syscall_archs(
475 const char *interface
,
476 const char *property
,
477 sd_bus_message
*reply
,
479 sd_bus_error
*error
) {
481 ExecContext
*c
= userdata
;
482 _cleanup_strv_free_
char **l
= NULL
;
494 SET_FOREACH(id
, c
->syscall_archs
) {
497 name
= seccomp_arch_to_string(PTR_TO_UINT32(id
) - 1);
501 r
= strv_extend(&l
, name
);
509 r
= sd_bus_message_append_strv(reply
, l
);
516 static int property_get_selinux_context(
519 const char *interface
,
520 const char *property
,
521 sd_bus_message
*reply
,
523 sd_bus_error
*error
) {
525 ExecContext
*c
= userdata
;
531 return sd_bus_message_append(reply
, "(bs)", c
->selinux_context_ignore
, c
->selinux_context
);
534 static int property_get_apparmor_profile(
537 const char *interface
,
538 const char *property
,
539 sd_bus_message
*reply
,
541 sd_bus_error
*error
) {
543 ExecContext
*c
= userdata
;
549 return sd_bus_message_append(reply
, "(bs)", c
->apparmor_profile_ignore
, c
->apparmor_profile
);
552 static int property_get_smack_process_label(
555 const char *interface
,
556 const char *property
,
557 sd_bus_message
*reply
,
559 sd_bus_error
*error
) {
561 ExecContext
*c
= userdata
;
567 return sd_bus_message_append(reply
, "(bs)", c
->smack_process_label_ignore
, c
->smack_process_label
);
570 static int property_get_address_families(
573 const char *interface
,
574 const char *property
,
575 sd_bus_message
*reply
,
577 sd_bus_error
*error
) {
579 ExecContext
*c
= userdata
;
580 _cleanup_strv_free_
char **l
= NULL
;
588 r
= sd_bus_message_open_container(reply
, 'r', "bas");
592 r
= sd_bus_message_append(reply
, "b", c
->address_families_allow_list
);
596 SET_FOREACH(af
, c
->address_families
) {
599 name
= af_to_name(PTR_TO_INT(af
));
603 r
= strv_extend(&l
, name
);
610 r
= sd_bus_message_append_strv(reply
, l
);
614 return sd_bus_message_close_container(reply
);
617 static int property_get_working_directory(
620 const char *interface
,
621 const char *property
,
622 sd_bus_message
*reply
,
624 sd_bus_error
*error
) {
626 ExecContext
*c
= userdata
;
633 if (c
->working_directory_home
)
636 wd
= c
->working_directory
;
638 if (c
->working_directory_missing_ok
)
639 wd
= strjoina("!", wd
);
641 return sd_bus_message_append(reply
, "s", wd
);
644 static int property_get_stdio_fdname(
647 const char *interface
,
648 const char *property
,
649 sd_bus_message
*reply
,
651 sd_bus_error
*error
) {
653 ExecContext
*c
= userdata
;
661 if (streq(property
, "StandardInputFileDescriptorName"))
662 fileno
= STDIN_FILENO
;
663 else if (streq(property
, "StandardOutputFileDescriptorName"))
664 fileno
= STDOUT_FILENO
;
666 assert(streq(property
, "StandardErrorFileDescriptorName"));
667 fileno
= STDERR_FILENO
;
670 return sd_bus_message_append(reply
, "s", exec_context_fdname(c
, fileno
));
673 static int property_get_input_data(
676 const char *interface
,
677 const char *property
,
678 sd_bus_message
*reply
,
680 sd_bus_error
*error
) {
682 ExecContext
*c
= userdata
;
689 return sd_bus_message_append_array(reply
, 'y', c
->stdin_data
, c
->stdin_data_size
);
692 static int property_get_bind_paths(
695 const char *interface
,
696 const char *property
,
697 sd_bus_message
*reply
,
699 sd_bus_error
*error
) {
701 ExecContext
*c
= userdata
;
710 ro
= strstr(property
, "ReadOnly");
712 r
= sd_bus_message_open_container(reply
, 'a', "(ssbt)");
716 for (size_t i
= 0; i
< c
->n_bind_mounts
; i
++) {
718 if (ro
!= c
->bind_mounts
[i
].read_only
)
721 r
= sd_bus_message_append(
723 c
->bind_mounts
[i
].source
,
724 c
->bind_mounts
[i
].destination
,
725 c
->bind_mounts
[i
].ignore_enoent
,
726 c
->bind_mounts
[i
].recursive
? (uint64_t) MS_REC
: (uint64_t) 0);
731 return sd_bus_message_close_container(reply
);
734 static int property_get_temporary_filesystems(
737 const char *interface
,
738 const char *property
,
739 sd_bus_message
*reply
,
741 sd_bus_error
*error
) {
743 ExecContext
*c
= userdata
;
751 r
= sd_bus_message_open_container(reply
, 'a', "(ss)");
755 for (unsigned i
= 0; i
< c
->n_temporary_filesystems
; i
++) {
756 TemporaryFileSystem
*t
= c
->temporary_filesystems
+ i
;
758 r
= sd_bus_message_append(
766 return sd_bus_message_close_container(reply
);
769 static int property_get_log_extra_fields(
772 const char *interface
,
773 const char *property
,
774 sd_bus_message
*reply
,
776 sd_bus_error
*error
) {
778 ExecContext
*c
= userdata
;
786 r
= sd_bus_message_open_container(reply
, 'a', "ay");
790 for (size_t i
= 0; i
< c
->n_log_extra_fields
; i
++) {
791 r
= sd_bus_message_append_array(reply
, 'y', c
->log_extra_fields
[i
].iov_base
, c
->log_extra_fields
[i
].iov_len
);
796 return sd_bus_message_close_container(reply
);
799 static int property_get_set_credential(
802 const char *interface
,
803 const char *property
,
804 sd_bus_message
*reply
,
806 sd_bus_error
*error
) {
808 ExecContext
*c
= userdata
;
809 ExecSetCredential
*sc
;
817 r
= sd_bus_message_open_container(reply
, 'a', "(say)");
821 HASHMAP_FOREACH(sc
, c
->set_credentials
) {
823 r
= sd_bus_message_open_container(reply
, 'r', "say");
827 r
= sd_bus_message_append(reply
, "s", sc
->id
);
831 r
= sd_bus_message_append_array(reply
, 'y', sc
->data
, sc
->size
);
835 r
= sd_bus_message_close_container(reply
);
840 return sd_bus_message_close_container(reply
);
843 static int property_get_load_credential(
846 const char *interface
,
847 const char *property
,
848 sd_bus_message
*reply
,
850 sd_bus_error
*error
) {
852 ExecContext
*c
= userdata
;
861 r
= sd_bus_message_open_container(reply
, 'a', "(ss)");
865 STRV_FOREACH_PAIR(i
, j
, c
->load_credentials
) {
866 r
= sd_bus_message_append(reply
, "(ss)", *i
, *j
);
871 return sd_bus_message_close_container(reply
);
874 static int property_get_root_hash(
877 const char *interface
,
878 const char *property
,
879 sd_bus_message
*reply
,
881 sd_bus_error
*error
) {
883 ExecContext
*c
= userdata
;
890 return sd_bus_message_append_array(reply
, 'y', c
->root_hash
, c
->root_hash_size
);
893 static int property_get_root_hash_sig(
896 const char *interface
,
897 const char *property
,
898 sd_bus_message
*reply
,
900 sd_bus_error
*error
) {
902 ExecContext
*c
= userdata
;
909 return sd_bus_message_append_array(reply
, 'y', c
->root_hash_sig
, c
->root_hash_sig_size
);
912 static int property_get_root_image_options(
915 const char *interface
,
916 const char *property
,
917 sd_bus_message
*reply
,
919 sd_bus_error
*error
) {
921 ExecContext
*c
= userdata
;
930 r
= sd_bus_message_open_container(reply
, 'a', "(ss)");
934 LIST_FOREACH(mount_options
, m
, c
->root_image_options
) {
935 r
= sd_bus_message_append(reply
, "(ss)",
936 partition_designator_to_string(m
->partition_designator
),
942 return sd_bus_message_close_container(reply
);
945 static int property_get_mount_images(
948 const char *interface
,
949 const char *property
,
950 sd_bus_message
*reply
,
952 sd_bus_error
*error
) {
954 ExecContext
*c
= userdata
;
962 r
= sd_bus_message_open_container(reply
, 'a', "(ssba(ss))");
966 for (size_t i
= 0; i
< c
->n_mount_images
; i
++) {
969 r
= sd_bus_message_open_container(reply
, SD_BUS_TYPE_STRUCT
, "ssba(ss)");
972 r
= sd_bus_message_append(
974 c
->mount_images
[i
].source
,
975 c
->mount_images
[i
].destination
,
976 c
->mount_images
[i
].ignore_enoent
);
979 r
= sd_bus_message_open_container(reply
, 'a', "(ss)");
982 LIST_FOREACH(mount_options
, m
, c
->mount_images
[i
].mount_options
) {
983 r
= sd_bus_message_append(reply
, "(ss)",
984 partition_designator_to_string(m
->partition_designator
),
989 r
= sd_bus_message_close_container(reply
);
992 r
= sd_bus_message_close_container(reply
);
997 return sd_bus_message_close_container(reply
);
1000 static int property_get_extension_images(
1003 const char *interface
,
1004 const char *property
,
1005 sd_bus_message
*reply
,
1007 sd_bus_error
*error
) {
1009 ExecContext
*c
= userdata
;
1017 r
= sd_bus_message_open_container(reply
, 'a', "(sba(ss))");
1021 for (size_t i
= 0; i
< c
->n_extension_images
; i
++) {
1024 r
= sd_bus_message_open_container(reply
, SD_BUS_TYPE_STRUCT
, "sba(ss)");
1027 r
= sd_bus_message_append(
1029 c
->extension_images
[i
].source
,
1030 c
->extension_images
[i
].ignore_enoent
);
1033 r
= sd_bus_message_open_container(reply
, 'a', "(ss)");
1036 LIST_FOREACH(mount_options
, m
, c
->extension_images
[i
].mount_options
) {
1037 r
= sd_bus_message_append(reply
, "(ss)",
1038 partition_designator_to_string(m
->partition_designator
),
1043 r
= sd_bus_message_close_container(reply
);
1046 r
= sd_bus_message_close_container(reply
);
1051 return sd_bus_message_close_container(reply
);
1054 const sd_bus_vtable bus_exec_vtable
[] = {
1055 SD_BUS_VTABLE_START(0),
1056 SD_BUS_PROPERTY("Environment", "as", NULL
, offsetof(ExecContext
, environment
), SD_BUS_VTABLE_PROPERTY_CONST
),
1057 SD_BUS_PROPERTY("EnvironmentFiles", "a(sb)", property_get_environment_files
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1058 SD_BUS_PROPERTY("PassEnvironment", "as", NULL
, offsetof(ExecContext
, pass_environment
), SD_BUS_VTABLE_PROPERTY_CONST
),
1059 SD_BUS_PROPERTY("UnsetEnvironment", "as", NULL
, offsetof(ExecContext
, unset_environment
), SD_BUS_VTABLE_PROPERTY_CONST
),
1060 SD_BUS_PROPERTY("UMask", "u", bus_property_get_mode
, offsetof(ExecContext
, umask
), SD_BUS_VTABLE_PROPERTY_CONST
),
1061 SD_BUS_PROPERTY("LimitCPU", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_CPU
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1062 SD_BUS_PROPERTY("LimitCPUSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_CPU
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1063 SD_BUS_PROPERTY("LimitFSIZE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_FSIZE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1064 SD_BUS_PROPERTY("LimitFSIZESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_FSIZE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1065 SD_BUS_PROPERTY("LimitDATA", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_DATA
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1066 SD_BUS_PROPERTY("LimitDATASoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_DATA
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1067 SD_BUS_PROPERTY("LimitSTACK", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_STACK
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1068 SD_BUS_PROPERTY("LimitSTACKSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_STACK
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1069 SD_BUS_PROPERTY("LimitCORE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_CORE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1070 SD_BUS_PROPERTY("LimitCORESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_CORE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1071 SD_BUS_PROPERTY("LimitRSS", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RSS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1072 SD_BUS_PROPERTY("LimitRSSSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RSS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1073 SD_BUS_PROPERTY("LimitNOFILE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NOFILE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1074 SD_BUS_PROPERTY("LimitNOFILESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NOFILE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1075 SD_BUS_PROPERTY("LimitAS", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_AS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1076 SD_BUS_PROPERTY("LimitASSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_AS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1077 SD_BUS_PROPERTY("LimitNPROC", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NPROC
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1078 SD_BUS_PROPERTY("LimitNPROCSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NPROC
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1079 SD_BUS_PROPERTY("LimitMEMLOCK", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_MEMLOCK
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1080 SD_BUS_PROPERTY("LimitMEMLOCKSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_MEMLOCK
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1081 SD_BUS_PROPERTY("LimitLOCKS", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_LOCKS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1082 SD_BUS_PROPERTY("LimitLOCKSSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_LOCKS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1083 SD_BUS_PROPERTY("LimitSIGPENDING", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_SIGPENDING
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1084 SD_BUS_PROPERTY("LimitSIGPENDINGSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_SIGPENDING
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1085 SD_BUS_PROPERTY("LimitMSGQUEUE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_MSGQUEUE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1086 SD_BUS_PROPERTY("LimitMSGQUEUESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_MSGQUEUE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1087 SD_BUS_PROPERTY("LimitNICE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NICE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1088 SD_BUS_PROPERTY("LimitNICESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NICE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1089 SD_BUS_PROPERTY("LimitRTPRIO", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RTPRIO
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1090 SD_BUS_PROPERTY("LimitRTPRIOSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RTPRIO
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1091 SD_BUS_PROPERTY("LimitRTTIME", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RTTIME
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1092 SD_BUS_PROPERTY("LimitRTTIMESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RTTIME
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1093 SD_BUS_PROPERTY("WorkingDirectory", "s", property_get_working_directory
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1094 SD_BUS_PROPERTY("RootDirectory", "s", NULL
, offsetof(ExecContext
, root_directory
), SD_BUS_VTABLE_PROPERTY_CONST
),
1095 SD_BUS_PROPERTY("RootImage", "s", NULL
, offsetof(ExecContext
, root_image
), SD_BUS_VTABLE_PROPERTY_CONST
),
1096 SD_BUS_PROPERTY("RootImageOptions", "a(ss)", property_get_root_image_options
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1097 SD_BUS_PROPERTY("RootHash", "ay", property_get_root_hash
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1098 SD_BUS_PROPERTY("RootHashPath", "s", NULL
, offsetof(ExecContext
, root_hash_path
), SD_BUS_VTABLE_PROPERTY_CONST
),
1099 SD_BUS_PROPERTY("RootHashSignature", "ay", property_get_root_hash_sig
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1100 SD_BUS_PROPERTY("RootHashSignaturePath", "s", NULL
, offsetof(ExecContext
, root_hash_sig_path
), SD_BUS_VTABLE_PROPERTY_CONST
),
1101 SD_BUS_PROPERTY("RootVerity", "s", NULL
, offsetof(ExecContext
, root_verity
), SD_BUS_VTABLE_PROPERTY_CONST
),
1102 SD_BUS_PROPERTY("ExtensionImages", "a(sba(ss))", property_get_extension_images
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1103 SD_BUS_PROPERTY("MountImages", "a(ssba(ss))", property_get_mount_images
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1104 SD_BUS_PROPERTY("OOMScoreAdjust", "i", property_get_oom_score_adjust
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1105 SD_BUS_PROPERTY("CoredumpFilter", "t", property_get_coredump_filter
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1106 SD_BUS_PROPERTY("Nice", "i", property_get_nice
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1107 SD_BUS_PROPERTY("IOSchedulingClass", "i", property_get_ioprio_class
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1108 SD_BUS_PROPERTY("IOSchedulingPriority", "i", property_get_ioprio_priority
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1109 SD_BUS_PROPERTY("CPUSchedulingPolicy", "i", property_get_cpu_sched_policy
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1110 SD_BUS_PROPERTY("CPUSchedulingPriority", "i", property_get_cpu_sched_priority
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1111 SD_BUS_PROPERTY("CPUAffinity", "ay", property_get_cpu_affinity
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1112 SD_BUS_PROPERTY("CPUAffinityFromNUMA", "b", property_get_cpu_affinity_from_numa
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1113 SD_BUS_PROPERTY("NUMAPolicy", "i", property_get_numa_policy
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1114 SD_BUS_PROPERTY("NUMAMask", "ay", property_get_numa_mask
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1115 SD_BUS_PROPERTY("TimerSlackNSec", "t", property_get_timer_slack_nsec
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1116 SD_BUS_PROPERTY("CPUSchedulingResetOnFork", "b", bus_property_get_bool
, offsetof(ExecContext
, cpu_sched_reset_on_fork
), SD_BUS_VTABLE_PROPERTY_CONST
),
1117 SD_BUS_PROPERTY("NonBlocking", "b", bus_property_get_bool
, offsetof(ExecContext
, non_blocking
), SD_BUS_VTABLE_PROPERTY_CONST
),
1118 SD_BUS_PROPERTY("StandardInput", "s", property_get_exec_input
, offsetof(ExecContext
, std_input
), SD_BUS_VTABLE_PROPERTY_CONST
),
1119 SD_BUS_PROPERTY("StandardInputFileDescriptorName", "s", property_get_stdio_fdname
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1120 SD_BUS_PROPERTY("StandardInputData", "ay", property_get_input_data
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1121 SD_BUS_PROPERTY("StandardOutput", "s", bus_property_get_exec_output
, offsetof(ExecContext
, std_output
), SD_BUS_VTABLE_PROPERTY_CONST
),
1122 SD_BUS_PROPERTY("StandardOutputFileDescriptorName", "s", property_get_stdio_fdname
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1123 SD_BUS_PROPERTY("StandardError", "s", bus_property_get_exec_output
, offsetof(ExecContext
, std_error
), SD_BUS_VTABLE_PROPERTY_CONST
),
1124 SD_BUS_PROPERTY("StandardErrorFileDescriptorName", "s", property_get_stdio_fdname
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1125 SD_BUS_PROPERTY("TTYPath", "s", NULL
, offsetof(ExecContext
, tty_path
), SD_BUS_VTABLE_PROPERTY_CONST
),
1126 SD_BUS_PROPERTY("TTYReset", "b", bus_property_get_bool
, offsetof(ExecContext
, tty_reset
), SD_BUS_VTABLE_PROPERTY_CONST
),
1127 SD_BUS_PROPERTY("TTYVHangup", "b", bus_property_get_bool
, offsetof(ExecContext
, tty_vhangup
), SD_BUS_VTABLE_PROPERTY_CONST
),
1128 SD_BUS_PROPERTY("TTYVTDisallocate", "b", bus_property_get_bool
, offsetof(ExecContext
, tty_vt_disallocate
), SD_BUS_VTABLE_PROPERTY_CONST
),
1129 SD_BUS_PROPERTY("SyslogPriority", "i", bus_property_get_int
, offsetof(ExecContext
, syslog_priority
), SD_BUS_VTABLE_PROPERTY_CONST
),
1130 SD_BUS_PROPERTY("SyslogIdentifier", "s", NULL
, offsetof(ExecContext
, syslog_identifier
), SD_BUS_VTABLE_PROPERTY_CONST
),
1131 SD_BUS_PROPERTY("SyslogLevelPrefix", "b", bus_property_get_bool
, offsetof(ExecContext
, syslog_level_prefix
), SD_BUS_VTABLE_PROPERTY_CONST
),
1132 SD_BUS_PROPERTY("SyslogLevel", "i", property_get_syslog_level
, offsetof(ExecContext
, syslog_priority
), SD_BUS_VTABLE_PROPERTY_CONST
),
1133 SD_BUS_PROPERTY("SyslogFacility", "i", property_get_syslog_facility
, offsetof(ExecContext
, syslog_priority
), SD_BUS_VTABLE_PROPERTY_CONST
),
1134 SD_BUS_PROPERTY("LogLevelMax", "i", bus_property_get_int
, offsetof(ExecContext
, log_level_max
), SD_BUS_VTABLE_PROPERTY_CONST
),
1135 SD_BUS_PROPERTY("LogRateLimitIntervalUSec", "t", bus_property_get_usec
, offsetof(ExecContext
, log_ratelimit_interval_usec
), SD_BUS_VTABLE_PROPERTY_CONST
),
1136 SD_BUS_PROPERTY("LogRateLimitBurst", "u", bus_property_get_unsigned
, offsetof(ExecContext
, log_ratelimit_burst
), SD_BUS_VTABLE_PROPERTY_CONST
),
1137 SD_BUS_PROPERTY("LogExtraFields", "aay", property_get_log_extra_fields
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1138 SD_BUS_PROPERTY("LogNamespace", "s", NULL
, offsetof(ExecContext
, log_namespace
), SD_BUS_VTABLE_PROPERTY_CONST
),
1139 SD_BUS_PROPERTY("SecureBits", "i", bus_property_get_int
, offsetof(ExecContext
, secure_bits
), SD_BUS_VTABLE_PROPERTY_CONST
),
1140 SD_BUS_PROPERTY("CapabilityBoundingSet", "t", NULL
, offsetof(ExecContext
, capability_bounding_set
), SD_BUS_VTABLE_PROPERTY_CONST
),
1141 SD_BUS_PROPERTY("AmbientCapabilities", "t", NULL
, offsetof(ExecContext
, capability_ambient_set
), SD_BUS_VTABLE_PROPERTY_CONST
),
1142 SD_BUS_PROPERTY("User", "s", NULL
, offsetof(ExecContext
, user
), SD_BUS_VTABLE_PROPERTY_CONST
),
1143 SD_BUS_PROPERTY("Group", "s", NULL
, offsetof(ExecContext
, group
), SD_BUS_VTABLE_PROPERTY_CONST
),
1144 SD_BUS_PROPERTY("DynamicUser", "b", bus_property_get_bool
, offsetof(ExecContext
, dynamic_user
), SD_BUS_VTABLE_PROPERTY_CONST
),
1145 SD_BUS_PROPERTY("RemoveIPC", "b", bus_property_get_bool
, offsetof(ExecContext
, remove_ipc
), SD_BUS_VTABLE_PROPERTY_CONST
),
1146 SD_BUS_PROPERTY("SetCredential", "a(say)", property_get_set_credential
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1147 SD_BUS_PROPERTY("LoadCredential", "a(ss)", property_get_load_credential
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1148 SD_BUS_PROPERTY("SupplementaryGroups", "as", NULL
, offsetof(ExecContext
, supplementary_groups
), SD_BUS_VTABLE_PROPERTY_CONST
),
1149 SD_BUS_PROPERTY("PAMName", "s", NULL
, offsetof(ExecContext
, pam_name
), SD_BUS_VTABLE_PROPERTY_CONST
),
1150 SD_BUS_PROPERTY("ReadWritePaths", "as", NULL
, offsetof(ExecContext
, read_write_paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
1151 SD_BUS_PROPERTY("ReadOnlyPaths", "as", NULL
, offsetof(ExecContext
, read_only_paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
1152 SD_BUS_PROPERTY("InaccessiblePaths", "as", NULL
, offsetof(ExecContext
, inaccessible_paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
1153 SD_BUS_PROPERTY("ExecPaths", "as", NULL
, offsetof(ExecContext
, exec_paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
1154 SD_BUS_PROPERTY("NoExecPaths", "as", NULL
, offsetof(ExecContext
, no_exec_paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
1155 SD_BUS_PROPERTY("MountFlags", "t", bus_property_get_ulong
, offsetof(ExecContext
, mount_flags
), SD_BUS_VTABLE_PROPERTY_CONST
),
1156 SD_BUS_PROPERTY("PrivateTmp", "b", bus_property_get_bool
, offsetof(ExecContext
, private_tmp
), SD_BUS_VTABLE_PROPERTY_CONST
),
1157 SD_BUS_PROPERTY("PrivateDevices", "b", bus_property_get_bool
, offsetof(ExecContext
, private_devices
), SD_BUS_VTABLE_PROPERTY_CONST
),
1158 SD_BUS_PROPERTY("ProtectClock", "b", bus_property_get_bool
, offsetof(ExecContext
, protect_clock
), SD_BUS_VTABLE_PROPERTY_CONST
),
1159 SD_BUS_PROPERTY("ProtectKernelTunables", "b", bus_property_get_bool
, offsetof(ExecContext
, protect_kernel_tunables
), SD_BUS_VTABLE_PROPERTY_CONST
),
1160 SD_BUS_PROPERTY("ProtectKernelModules", "b", bus_property_get_bool
, offsetof(ExecContext
, protect_kernel_modules
), SD_BUS_VTABLE_PROPERTY_CONST
),
1161 SD_BUS_PROPERTY("ProtectKernelLogs", "b", bus_property_get_bool
, offsetof(ExecContext
, protect_kernel_logs
), SD_BUS_VTABLE_PROPERTY_CONST
),
1162 SD_BUS_PROPERTY("ProtectControlGroups", "b", bus_property_get_bool
, offsetof(ExecContext
, protect_control_groups
), SD_BUS_VTABLE_PROPERTY_CONST
),
1163 SD_BUS_PROPERTY("PrivateNetwork", "b", bus_property_get_bool
, offsetof(ExecContext
, private_network
), SD_BUS_VTABLE_PROPERTY_CONST
),
1164 SD_BUS_PROPERTY("PrivateUsers", "b", bus_property_get_bool
, offsetof(ExecContext
, private_users
), SD_BUS_VTABLE_PROPERTY_CONST
),
1165 SD_BUS_PROPERTY("PrivateMounts", "b", bus_property_get_bool
, offsetof(ExecContext
, private_mounts
), SD_BUS_VTABLE_PROPERTY_CONST
),
1166 SD_BUS_PROPERTY("PrivateIPC", "b", bus_property_get_bool
, offsetof(ExecContext
, private_ipc
), SD_BUS_VTABLE_PROPERTY_CONST
),
1167 SD_BUS_PROPERTY("ProtectHome", "s", property_get_protect_home
, offsetof(ExecContext
, protect_home
), SD_BUS_VTABLE_PROPERTY_CONST
),
1168 SD_BUS_PROPERTY("ProtectSystem", "s", property_get_protect_system
, offsetof(ExecContext
, protect_system
), SD_BUS_VTABLE_PROPERTY_CONST
),
1169 SD_BUS_PROPERTY("SameProcessGroup", "b", bus_property_get_bool
, offsetof(ExecContext
, same_pgrp
), SD_BUS_VTABLE_PROPERTY_CONST
),
1170 SD_BUS_PROPERTY("UtmpIdentifier", "s", NULL
, offsetof(ExecContext
, utmp_id
), SD_BUS_VTABLE_PROPERTY_CONST
),
1171 SD_BUS_PROPERTY("UtmpMode", "s", property_get_exec_utmp_mode
, offsetof(ExecContext
, utmp_mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
1172 SD_BUS_PROPERTY("SELinuxContext", "(bs)", property_get_selinux_context
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1173 SD_BUS_PROPERTY("AppArmorProfile", "(bs)", property_get_apparmor_profile
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1174 SD_BUS_PROPERTY("SmackProcessLabel", "(bs)", property_get_smack_process_label
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1175 SD_BUS_PROPERTY("IgnoreSIGPIPE", "b", bus_property_get_bool
, offsetof(ExecContext
, ignore_sigpipe
), SD_BUS_VTABLE_PROPERTY_CONST
),
1176 SD_BUS_PROPERTY("NoNewPrivileges", "b", bus_property_get_bool
, offsetof(ExecContext
, no_new_privileges
), SD_BUS_VTABLE_PROPERTY_CONST
),
1177 SD_BUS_PROPERTY("SystemCallFilter", "(bas)", property_get_syscall_filter
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1178 SD_BUS_PROPERTY("SystemCallArchitectures", "as", property_get_syscall_archs
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1179 SD_BUS_PROPERTY("SystemCallErrorNumber", "i", bus_property_get_int
, offsetof(ExecContext
, syscall_errno
), SD_BUS_VTABLE_PROPERTY_CONST
),
1180 SD_BUS_PROPERTY("SystemCallLog", "(bas)", property_get_syscall_log
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1181 SD_BUS_PROPERTY("Personality", "s", property_get_personality
, offsetof(ExecContext
, personality
), SD_BUS_VTABLE_PROPERTY_CONST
),
1182 SD_BUS_PROPERTY("LockPersonality", "b", bus_property_get_bool
, offsetof(ExecContext
, lock_personality
), SD_BUS_VTABLE_PROPERTY_CONST
),
1183 SD_BUS_PROPERTY("RestrictAddressFamilies", "(bas)", property_get_address_families
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1184 SD_BUS_PROPERTY("RuntimeDirectoryPreserve", "s", property_get_exec_preserve_mode
, offsetof(ExecContext
, runtime_directory_preserve_mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
1185 SD_BUS_PROPERTY("RuntimeDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_RUNTIME
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
1186 SD_BUS_PROPERTY("RuntimeDirectory", "as", NULL
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_RUNTIME
].paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
1187 SD_BUS_PROPERTY("StateDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_STATE
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
1188 SD_BUS_PROPERTY("StateDirectory", "as", NULL
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_STATE
].paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
1189 SD_BUS_PROPERTY("CacheDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_CACHE
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
1190 SD_BUS_PROPERTY("CacheDirectory", "as", NULL
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_CACHE
].paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
1191 SD_BUS_PROPERTY("LogsDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_LOGS
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
1192 SD_BUS_PROPERTY("LogsDirectory", "as", NULL
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_LOGS
].paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
1193 SD_BUS_PROPERTY("ConfigurationDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_CONFIGURATION
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
1194 SD_BUS_PROPERTY("ConfigurationDirectory", "as", NULL
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_CONFIGURATION
].paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
1195 SD_BUS_PROPERTY("TimeoutCleanUSec", "t", bus_property_get_usec
, offsetof(ExecContext
, timeout_clean_usec
), SD_BUS_VTABLE_PROPERTY_CONST
),
1196 SD_BUS_PROPERTY("MemoryDenyWriteExecute", "b", bus_property_get_bool
, offsetof(ExecContext
, memory_deny_write_execute
), SD_BUS_VTABLE_PROPERTY_CONST
),
1197 SD_BUS_PROPERTY("RestrictRealtime", "b", bus_property_get_bool
, offsetof(ExecContext
, restrict_realtime
), SD_BUS_VTABLE_PROPERTY_CONST
),
1198 SD_BUS_PROPERTY("RestrictSUIDSGID", "b", bus_property_get_bool
, offsetof(ExecContext
, restrict_suid_sgid
), SD_BUS_VTABLE_PROPERTY_CONST
),
1199 SD_BUS_PROPERTY("RestrictNamespaces", "t", bus_property_get_ulong
, offsetof(ExecContext
, restrict_namespaces
), SD_BUS_VTABLE_PROPERTY_CONST
),
1200 SD_BUS_PROPERTY("BindPaths", "a(ssbt)", property_get_bind_paths
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1201 SD_BUS_PROPERTY("BindReadOnlyPaths", "a(ssbt)", property_get_bind_paths
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1202 SD_BUS_PROPERTY("TemporaryFileSystem", "a(ss)", property_get_temporary_filesystems
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1203 SD_BUS_PROPERTY("MountAPIVFS", "b", property_get_mount_apivfs
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1204 SD_BUS_PROPERTY("KeyringMode", "s", property_get_exec_keyring_mode
, offsetof(ExecContext
, keyring_mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
1205 SD_BUS_PROPERTY("ProtectProc", "s", property_get_protect_proc
, offsetof(ExecContext
, protect_proc
), SD_BUS_VTABLE_PROPERTY_CONST
),
1206 SD_BUS_PROPERTY("ProcSubset", "s", property_get_proc_subset
, offsetof(ExecContext
, proc_subset
), SD_BUS_VTABLE_PROPERTY_CONST
),
1207 SD_BUS_PROPERTY("ProtectHostname", "b", bus_property_get_bool
, offsetof(ExecContext
, protect_hostname
), SD_BUS_VTABLE_PROPERTY_CONST
),
1208 SD_BUS_PROPERTY("NetworkNamespacePath", "s", NULL
, offsetof(ExecContext
, network_namespace_path
), SD_BUS_VTABLE_PROPERTY_CONST
),
1209 SD_BUS_PROPERTY("IPCNamespacePath", "s", NULL
, offsetof(ExecContext
, ipc_namespace_path
), SD_BUS_VTABLE_PROPERTY_CONST
),
1211 /* Obsolete/redundant properties: */
1212 SD_BUS_PROPERTY("Capabilities", "s", property_get_empty_string
, 0, SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
1213 SD_BUS_PROPERTY("ReadWriteDirectories", "as", NULL
, offsetof(ExecContext
, read_write_paths
), SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
1214 SD_BUS_PROPERTY("ReadOnlyDirectories", "as", NULL
, offsetof(ExecContext
, read_only_paths
), SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
1215 SD_BUS_PROPERTY("InaccessibleDirectories", "as", NULL
, offsetof(ExecContext
, inaccessible_paths
), SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
1216 SD_BUS_PROPERTY("IOScheduling", "i", property_get_ioprio
, 0, SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
1221 static int append_exec_command(sd_bus_message
*reply
, ExecCommand
*c
) {
1230 r
= sd_bus_message_open_container(reply
, 'r', "sasbttttuii");
1234 r
= sd_bus_message_append(reply
, "s", c
->path
);
1238 r
= sd_bus_message_append_strv(reply
, c
->argv
);
1242 r
= sd_bus_message_append(reply
, "bttttuii",
1243 !!(c
->flags
& EXEC_COMMAND_IGNORE_FAILURE
),
1244 c
->exec_status
.start_timestamp
.realtime
,
1245 c
->exec_status
.start_timestamp
.monotonic
,
1246 c
->exec_status
.exit_timestamp
.realtime
,
1247 c
->exec_status
.exit_timestamp
.monotonic
,
1248 (uint32_t) c
->exec_status
.pid
,
1249 (int32_t) c
->exec_status
.code
,
1250 (int32_t) c
->exec_status
.status
);
1254 return sd_bus_message_close_container(reply
);
1257 static int append_exec_ex_command(sd_bus_message
*reply
, ExecCommand
*c
) {
1258 _cleanup_strv_free_
char **ex_opts
= NULL
;
1267 r
= sd_bus_message_open_container(reply
, 'r', "sasasttttuii");
1271 r
= sd_bus_message_append(reply
, "s", c
->path
);
1275 r
= sd_bus_message_append_strv(reply
, c
->argv
);
1279 r
= exec_command_flags_to_strv(c
->flags
, &ex_opts
);
1283 r
= sd_bus_message_append_strv(reply
, ex_opts
);
1287 r
= sd_bus_message_append(reply
, "ttttuii",
1288 c
->exec_status
.start_timestamp
.realtime
,
1289 c
->exec_status
.start_timestamp
.monotonic
,
1290 c
->exec_status
.exit_timestamp
.realtime
,
1291 c
->exec_status
.exit_timestamp
.monotonic
,
1292 (uint32_t) c
->exec_status
.pid
,
1293 (int32_t) c
->exec_status
.code
,
1294 (int32_t) c
->exec_status
.status
);
1298 return sd_bus_message_close_container(reply
);
1301 int bus_property_get_exec_command(
1304 const char *interface
,
1305 const char *property
,
1306 sd_bus_message
*reply
,
1308 sd_bus_error
*ret_error
) {
1310 ExecCommand
*c
= (ExecCommand
*) userdata
;
1316 r
= sd_bus_message_open_container(reply
, 'a', "(sasbttttuii)");
1320 r
= append_exec_command(reply
, c
);
1324 return sd_bus_message_close_container(reply
);
1327 int bus_property_get_exec_command_list(
1330 const char *interface
,
1331 const char *property
,
1332 sd_bus_message
*reply
,
1334 sd_bus_error
*ret_error
) {
1336 ExecCommand
*c
= *(ExecCommand
**) userdata
;
1342 r
= sd_bus_message_open_container(reply
, 'a', "(sasbttttuii)");
1346 LIST_FOREACH(command
, c
, c
) {
1347 r
= append_exec_command(reply
, c
);
1352 return sd_bus_message_close_container(reply
);
1355 int bus_property_get_exec_ex_command_list(
1358 const char *interface
,
1359 const char *property
,
1360 sd_bus_message
*reply
,
1362 sd_bus_error
*ret_error
) {
1364 ExecCommand
*c
, *exec_command
= *(ExecCommand
**) userdata
;
1370 r
= sd_bus_message_open_container(reply
, 'a', "(sasasttttuii)");
1374 LIST_FOREACH(command
, c
, exec_command
) {
1375 r
= append_exec_ex_command(reply
, c
);
1380 return sd_bus_message_close_container(reply
);
1383 static char *exec_command_flags_to_exec_chars(ExecCommandFlags flags
) {
1384 return strjoin(FLAGS_SET(flags
, EXEC_COMMAND_IGNORE_FAILURE
) ? "-" : "",
1385 FLAGS_SET(flags
, EXEC_COMMAND_NO_ENV_EXPAND
) ? ":" : "",
1386 FLAGS_SET(flags
, EXEC_COMMAND_FULLY_PRIVILEGED
) ? "+" : "",
1387 FLAGS_SET(flags
, EXEC_COMMAND_NO_SETUID
) ? "!" : "",
1388 FLAGS_SET(flags
, EXEC_COMMAND_AMBIENT_MAGIC
) ? "!!" : "");
1391 int bus_set_transient_exec_command(
1394 ExecCommand
**exec_command
,
1395 sd_bus_message
*message
,
1396 UnitWriteFlags flags
,
1397 sd_bus_error
*error
) {
1398 bool is_ex_prop
= endswith(name
, "Ex");
1402 r
= sd_bus_message_enter_container(message
, 'a', is_ex_prop
? "(sasas)" : "(sasb)");
1406 while ((r
= sd_bus_message_enter_container(message
, 'r', is_ex_prop
? "sasas" : "sasb")) > 0) {
1407 _cleanup_strv_free_
char **argv
= NULL
, **ex_opts
= NULL
;
1411 r
= sd_bus_message_read(message
, "s", &path
);
1415 if (!path_is_absolute(path
) && !filename_is_valid(path
))
1416 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
,
1417 "\"%s\" is neither a valid executable name nor an absolute path",
1420 r
= sd_bus_message_read_strv(message
, &argv
);
1424 r
= is_ex_prop
? sd_bus_message_read_strv(message
, &ex_opts
) : sd_bus_message_read(message
, "b", &b
);
1428 r
= sd_bus_message_exit_container(message
);
1432 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1435 c
= new0(ExecCommand
, 1);
1439 c
->path
= strdup(path
);
1445 c
->argv
= TAKE_PTR(argv
);
1448 r
= exec_command_flags_from_strv(ex_opts
, &c
->flags
);
1452 c
->flags
= b
? EXEC_COMMAND_IGNORE_FAILURE
: 0;
1454 path_simplify(c
->path
, false);
1455 exec_command_append_list(exec_command
, c
);
1463 r
= sd_bus_message_exit_container(message
);
1467 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1468 _cleanup_free_
char *buf
= NULL
;
1469 _cleanup_fclose_
FILE *f
= NULL
;
1474 *exec_command
= exec_command_free_list(*exec_command
);
1476 f
= open_memstream_unlocked(&buf
, &size
);
1480 fprintf(f
, "%s=\n", name
);
1482 LIST_FOREACH(command
, c
, *exec_command
) {
1483 _cleanup_free_
char *a
= NULL
, *exec_chars
= NULL
;
1485 exec_chars
= exec_command_flags_to_exec_chars(c
->flags
);
1489 a
= unit_concat_strv(c
->argv
, UNIT_ESCAPE_C
|UNIT_ESCAPE_SPECIFIERS
);
1493 if (streq_ptr(c
->path
, c
->argv
? c
->argv
[0] : NULL
))
1494 fprintf(f
, "%s=%s%s\n", name
, exec_chars
, a
);
1496 _cleanup_free_
char *t
= NULL
;
1499 p
= unit_escape_setting(c
->path
, UNIT_ESCAPE_C
|UNIT_ESCAPE_SPECIFIERS
, &t
);
1503 fprintf(f
, "%s=%s@%s %s\n", name
, exec_chars
, p
, a
);
1507 r
= fflush_and_check(f
);
1511 unit_write_setting(u
, flags
, name
, buf
);
1517 static int parse_personality(const char *s
, unsigned long *p
) {
1522 v
= personality_from_string(s
);
1523 if (v
== PERSONALITY_INVALID
)
1530 static const char* mount_propagation_flags_to_string_with_check(unsigned long n
) {
1531 if (!IN_SET(n
, 0, MS_SHARED
, MS_PRIVATE
, MS_SLAVE
))
1534 return mount_propagation_flags_to_string(n
);
1537 static BUS_DEFINE_SET_TRANSIENT(nsec
, "t", uint64_t, nsec_t
, NSEC_FMT
);
1538 static BUS_DEFINE_SET_TRANSIENT_IS_VALID(log_level
, "i", int32_t, int, "%" PRIi32
, log_level_is_valid
);
1540 static BUS_DEFINE_SET_TRANSIENT_IS_VALID(errno
, "i", int32_t, int, "%" PRIi32
, seccomp_errno_or_action_is_valid
);
1542 static BUS_DEFINE_SET_TRANSIENT_PARSE(std_input
, ExecInput
, exec_input_from_string
);
1543 static BUS_DEFINE_SET_TRANSIENT_PARSE(std_output
, ExecOutput
, exec_output_from_string
);
1544 static BUS_DEFINE_SET_TRANSIENT_PARSE(utmp_mode
, ExecUtmpMode
, exec_utmp_mode_from_string
);
1545 static BUS_DEFINE_SET_TRANSIENT_PARSE(protect_system
, ProtectSystem
, protect_system_from_string
);
1546 static BUS_DEFINE_SET_TRANSIENT_PARSE(protect_home
, ProtectHome
, protect_home_from_string
);
1547 static BUS_DEFINE_SET_TRANSIENT_PARSE(keyring_mode
, ExecKeyringMode
, exec_keyring_mode_from_string
);
1548 static BUS_DEFINE_SET_TRANSIENT_PARSE(protect_proc
, ProtectProc
, protect_proc_from_string
);
1549 static BUS_DEFINE_SET_TRANSIENT_PARSE(proc_subset
, ProcSubset
, proc_subset_from_string
);
1550 static BUS_DEFINE_SET_TRANSIENT_PARSE(preserve_mode
, ExecPreserveMode
, exec_preserve_mode_from_string
);
1551 static BUS_DEFINE_SET_TRANSIENT_PARSE_PTR(personality
, unsigned long, parse_personality
);
1552 static BUS_DEFINE_SET_TRANSIENT_TO_STRING_ALLOC(secure_bits
, "i", int32_t, int, "%" PRIi32
, secure_bits_to_string_alloc_with_check
);
1553 static BUS_DEFINE_SET_TRANSIENT_TO_STRING_ALLOC(capability
, "t", uint64_t, uint64_t, "%" PRIu64
, capability_set_to_string_alloc
);
1554 static BUS_DEFINE_SET_TRANSIENT_TO_STRING_ALLOC(namespace_flag
, "t", uint64_t, unsigned long, "%" PRIu64
, namespace_flags_to_string
);
1555 static BUS_DEFINE_SET_TRANSIENT_TO_STRING(mount_flags
, "t", uint64_t, unsigned long, "%" PRIu64
, mount_propagation_flags_to_string_with_check
);
1557 int bus_exec_context_set_transient_property(
1561 sd_bus_message
*message
,
1562 UnitWriteFlags flags
,
1563 sd_bus_error
*error
) {
1573 flags
|= UNIT_PRIVATE
;
1575 if (streq(name
, "User"))
1576 return bus_set_transient_user_relaxed(u
, name
, &c
->user
, message
, flags
, error
);
1578 if (streq(name
, "Group"))
1579 return bus_set_transient_user_relaxed(u
, name
, &c
->group
, message
, flags
, error
);
1581 if (streq(name
, "TTYPath"))
1582 return bus_set_transient_path(u
, name
, &c
->tty_path
, message
, flags
, error
);
1584 if (streq(name
, "RootImage"))
1585 return bus_set_transient_path(u
, name
, &c
->root_image
, message
, flags
, error
);
1587 if (streq(name
, "RootImageOptions")) {
1588 _cleanup_(mount_options_free_allp
) MountOptions
*options
= NULL
;
1589 _cleanup_free_
char *format_str
= NULL
;
1591 r
= bus_read_mount_options(message
, error
, &options
, &format_str
, " ");
1595 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1596 if (LIST_IS_EMPTY(options
)) {
1597 c
->root_image_options
= mount_options_free_all(c
->root_image_options
);
1598 unit_write_settingf(u
, flags
, name
, "%s=", name
);
1600 LIST_JOIN(mount_options
, c
->root_image_options
, options
);
1601 unit_write_settingf(
1602 u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
,
1612 if (streq(name
, "RootHash")) {
1613 const void *roothash_decoded
;
1614 size_t roothash_decoded_size
;
1616 r
= sd_bus_message_read_array(message
, 'y', &roothash_decoded
, &roothash_decoded_size
);
1620 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1621 _cleanup_free_
char *encoded
= NULL
;
1623 if (roothash_decoded_size
== 0) {
1624 c
->root_hash_path
= mfree(c
->root_hash_path
);
1625 c
->root_hash
= mfree(c
->root_hash
);
1626 c
->root_hash_size
= 0;
1628 unit_write_settingf(u
, flags
, name
, "RootHash=");
1630 _cleanup_free_
void *p
;
1632 encoded
= hexmem(roothash_decoded
, roothash_decoded_size
);
1636 p
= memdup(roothash_decoded
, roothash_decoded_size
);
1640 free_and_replace(c
->root_hash
, p
);
1641 c
->root_hash_size
= roothash_decoded_size
;
1642 c
->root_hash_path
= mfree(c
->root_hash_path
);
1644 unit_write_settingf(u
, flags
, name
, "RootHash=%s", encoded
);
1651 if (streq(name
, "RootHashPath")) {
1652 c
->root_hash_size
= 0;
1653 c
->root_hash
= mfree(c
->root_hash
);
1655 return bus_set_transient_path(u
, "RootHash", &c
->root_hash_path
, message
, flags
, error
);
1658 if (streq(name
, "RootHashSignature")) {
1659 const void *roothash_sig_decoded
;
1660 size_t roothash_sig_decoded_size
;
1662 r
= sd_bus_message_read_array(message
, 'y', &roothash_sig_decoded
, &roothash_sig_decoded_size
);
1666 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1667 _cleanup_free_
char *encoded
= NULL
;
1669 if (roothash_sig_decoded_size
== 0) {
1670 c
->root_hash_sig_path
= mfree(c
->root_hash_sig_path
);
1671 c
->root_hash_sig
= mfree(c
->root_hash_sig
);
1672 c
->root_hash_sig_size
= 0;
1674 unit_write_settingf(u
, flags
, name
, "RootHashSignature=");
1676 _cleanup_free_
void *p
;
1679 len
= base64mem(roothash_sig_decoded
, roothash_sig_decoded_size
, &encoded
);
1683 p
= memdup(roothash_sig_decoded
, roothash_sig_decoded_size
);
1687 free_and_replace(c
->root_hash_sig
, p
);
1688 c
->root_hash_sig_size
= roothash_sig_decoded_size
;
1689 c
->root_hash_sig_path
= mfree(c
->root_hash_sig_path
);
1691 unit_write_settingf(u
, flags
, name
, "RootHashSignature=base64:%s", encoded
);
1698 if (streq(name
, "RootHashSignaturePath")) {
1699 c
->root_hash_sig_size
= 0;
1700 c
->root_hash_sig
= mfree(c
->root_hash_sig
);
1702 return bus_set_transient_path(u
, "RootHashSignature", &c
->root_hash_sig_path
, message
, flags
, error
);
1705 if (streq(name
, "RootVerity"))
1706 return bus_set_transient_path(u
, name
, &c
->root_verity
, message
, flags
, error
);
1708 if (streq(name
, "RootDirectory"))
1709 return bus_set_transient_path(u
, name
, &c
->root_directory
, message
, flags
, error
);
1711 if (streq(name
, "SyslogIdentifier"))
1712 return bus_set_transient_string(u
, name
, &c
->syslog_identifier
, message
, flags
, error
);
1714 if (streq(name
, "LogLevelMax"))
1715 return bus_set_transient_log_level(u
, name
, &c
->log_level_max
, message
, flags
, error
);
1717 if (streq(name
, "LogRateLimitIntervalUSec"))
1718 return bus_set_transient_usec(u
, name
, &c
->log_ratelimit_interval_usec
, message
, flags
, error
);
1720 if (streq(name
, "LogRateLimitBurst"))
1721 return bus_set_transient_unsigned(u
, name
, &c
->log_ratelimit_burst
, message
, flags
, error
);
1723 if (streq(name
, "Personality"))
1724 return bus_set_transient_personality(u
, name
, &c
->personality
, message
, flags
, error
);
1726 if (streq(name
, "StandardInput"))
1727 return bus_set_transient_std_input(u
, name
, &c
->std_input
, message
, flags
, error
);
1729 if (streq(name
, "StandardOutput"))
1730 return bus_set_transient_std_output(u
, name
, &c
->std_output
, message
, flags
, error
);
1732 if (streq(name
, "StandardError"))
1733 return bus_set_transient_std_output(u
, name
, &c
->std_error
, message
, flags
, error
);
1735 if (streq(name
, "IgnoreSIGPIPE"))
1736 return bus_set_transient_bool(u
, name
, &c
->ignore_sigpipe
, message
, flags
, error
);
1738 if (streq(name
, "TTYVHangup"))
1739 return bus_set_transient_bool(u
, name
, &c
->tty_vhangup
, message
, flags
, error
);
1741 if (streq(name
, "TTYReset"))
1742 return bus_set_transient_bool(u
, name
, &c
->tty_reset
, message
, flags
, error
);
1744 if (streq(name
, "TTYVTDisallocate"))
1745 return bus_set_transient_bool(u
, name
, &c
->tty_vt_disallocate
, message
, flags
, error
);
1747 if (streq(name
, "PrivateTmp"))
1748 return bus_set_transient_bool(u
, name
, &c
->private_tmp
, message
, flags
, error
);
1750 if (streq(name
, "PrivateDevices"))
1751 return bus_set_transient_bool(u
, name
, &c
->private_devices
, message
, flags
, error
);
1753 if (streq(name
, "PrivateMounts"))
1754 return bus_set_transient_bool(u
, name
, &c
->private_mounts
, message
, flags
, error
);
1756 if (streq(name
, "PrivateNetwork"))
1757 return bus_set_transient_bool(u
, name
, &c
->private_network
, message
, flags
, error
);
1759 if (streq(name
, "PrivateIPC"))
1760 return bus_set_transient_bool(u
, name
, &c
->private_ipc
, message
, flags
, error
);
1762 if (streq(name
, "PrivateUsers"))
1763 return bus_set_transient_bool(u
, name
, &c
->private_users
, message
, flags
, error
);
1765 if (streq(name
, "NoNewPrivileges"))
1766 return bus_set_transient_bool(u
, name
, &c
->no_new_privileges
, message
, flags
, error
);
1768 if (streq(name
, "SyslogLevelPrefix"))
1769 return bus_set_transient_bool(u
, name
, &c
->syslog_level_prefix
, message
, flags
, error
);
1771 if (streq(name
, "MemoryDenyWriteExecute"))
1772 return bus_set_transient_bool(u
, name
, &c
->memory_deny_write_execute
, message
, flags
, error
);
1774 if (streq(name
, "RestrictRealtime"))
1775 return bus_set_transient_bool(u
, name
, &c
->restrict_realtime
, message
, flags
, error
);
1777 if (streq(name
, "RestrictSUIDSGID"))
1778 return bus_set_transient_bool(u
, name
, &c
->restrict_suid_sgid
, message
, flags
, error
);
1780 if (streq(name
, "DynamicUser"))
1781 return bus_set_transient_bool(u
, name
, &c
->dynamic_user
, message
, flags
, error
);
1783 if (streq(name
, "RemoveIPC"))
1784 return bus_set_transient_bool(u
, name
, &c
->remove_ipc
, message
, flags
, error
);
1786 if (streq(name
, "ProtectKernelTunables"))
1787 return bus_set_transient_bool(u
, name
, &c
->protect_kernel_tunables
, message
, flags
, error
);
1789 if (streq(name
, "ProtectKernelModules"))
1790 return bus_set_transient_bool(u
, name
, &c
->protect_kernel_modules
, message
, flags
, error
);
1792 if (streq(name
, "ProtectKernelLogs"))
1793 return bus_set_transient_bool(u
, name
, &c
->protect_kernel_logs
, message
, flags
, error
);
1795 if (streq(name
, "ProtectClock"))
1796 return bus_set_transient_bool(u
, name
, &c
->protect_clock
, message
, flags
, error
);
1798 if (streq(name
, "ProtectControlGroups"))
1799 return bus_set_transient_bool(u
, name
, &c
->protect_control_groups
, message
, flags
, error
);
1801 if (streq(name
, "CPUSchedulingResetOnFork"))
1802 return bus_set_transient_bool(u
, name
, &c
->cpu_sched_reset_on_fork
, message
, flags
, error
);
1804 if (streq(name
, "NonBlocking"))
1805 return bus_set_transient_bool(u
, name
, &c
->non_blocking
, message
, flags
, error
);
1807 if (streq(name
, "LockPersonality"))
1808 return bus_set_transient_bool(u
, name
, &c
->lock_personality
, message
, flags
, error
);
1810 if (streq(name
, "ProtectHostname"))
1811 return bus_set_transient_bool(u
, name
, &c
->protect_hostname
, message
, flags
, error
);
1813 if (streq(name
, "UtmpIdentifier"))
1814 return bus_set_transient_string(u
, name
, &c
->utmp_id
, message
, flags
, error
);
1816 if (streq(name
, "UtmpMode"))
1817 return bus_set_transient_utmp_mode(u
, name
, &c
->utmp_mode
, message
, flags
, error
);
1819 if (streq(name
, "PAMName"))
1820 return bus_set_transient_string(u
, name
, &c
->pam_name
, message
, flags
, error
);
1822 if (streq(name
, "TimerSlackNSec"))
1823 return bus_set_transient_nsec(u
, name
, &c
->timer_slack_nsec
, message
, flags
, error
);
1825 if (streq(name
, "ProtectSystem"))
1826 return bus_set_transient_protect_system(u
, name
, &c
->protect_system
, message
, flags
, error
);
1828 if (streq(name
, "ProtectHome"))
1829 return bus_set_transient_protect_home(u
, name
, &c
->protect_home
, message
, flags
, error
);
1831 if (streq(name
, "KeyringMode"))
1832 return bus_set_transient_keyring_mode(u
, name
, &c
->keyring_mode
, message
, flags
, error
);
1834 if (streq(name
, "ProtectProc"))
1835 return bus_set_transient_protect_proc(u
, name
, &c
->protect_proc
, message
, flags
, error
);
1837 if (streq(name
, "ProcSubset"))
1838 return bus_set_transient_proc_subset(u
, name
, &c
->proc_subset
, message
, flags
, error
);
1840 if (streq(name
, "RuntimeDirectoryPreserve"))
1841 return bus_set_transient_preserve_mode(u
, name
, &c
->runtime_directory_preserve_mode
, message
, flags
, error
);
1843 if (streq(name
, "UMask"))
1844 return bus_set_transient_mode_t(u
, name
, &c
->umask
, message
, flags
, error
);
1846 if (streq(name
, "RuntimeDirectoryMode"))
1847 return bus_set_transient_mode_t(u
, name
, &c
->directories
[EXEC_DIRECTORY_RUNTIME
].mode
, message
, flags
, error
);
1849 if (streq(name
, "StateDirectoryMode"))
1850 return bus_set_transient_mode_t(u
, name
, &c
->directories
[EXEC_DIRECTORY_STATE
].mode
, message
, flags
, error
);
1852 if (streq(name
, "CacheDirectoryMode"))
1853 return bus_set_transient_mode_t(u
, name
, &c
->directories
[EXEC_DIRECTORY_CACHE
].mode
, message
, flags
, error
);
1855 if (streq(name
, "LogsDirectoryMode"))
1856 return bus_set_transient_mode_t(u
, name
, &c
->directories
[EXEC_DIRECTORY_LOGS
].mode
, message
, flags
, error
);
1858 if (streq(name
, "ConfigurationDirectoryMode"))
1859 return bus_set_transient_mode_t(u
, name
, &c
->directories
[EXEC_DIRECTORY_CONFIGURATION
].mode
, message
, flags
, error
);
1861 if (streq(name
, "SELinuxContext"))
1862 return bus_set_transient_string(u
, name
, &c
->selinux_context
, message
, flags
, error
);
1864 if (streq(name
, "SecureBits"))
1865 return bus_set_transient_secure_bits(u
, name
, &c
->secure_bits
, message
, flags
, error
);
1867 if (streq(name
, "CapabilityBoundingSet"))
1868 return bus_set_transient_capability(u
, name
, &c
->capability_bounding_set
, message
, flags
, error
);
1870 if (streq(name
, "AmbientCapabilities"))
1871 return bus_set_transient_capability(u
, name
, &c
->capability_ambient_set
, message
, flags
, error
);
1873 if (streq(name
, "RestrictNamespaces"))
1874 return bus_set_transient_namespace_flag(u
, name
, &c
->restrict_namespaces
, message
, flags
, error
);
1876 if (streq(name
, "MountFlags"))
1877 return bus_set_transient_mount_flags(u
, name
, &c
->mount_flags
, message
, flags
, error
);
1879 if (streq(name
, "NetworkNamespacePath"))
1880 return bus_set_transient_path(u
, name
, &c
->network_namespace_path
, message
, flags
, error
);
1882 if (streq(name
, "IPCNamespacePath"))
1883 return bus_set_transient_path(u
, name
, &c
->ipc_namespace_path
, message
, flags
, error
);
1885 if (streq(name
, "SupplementaryGroups")) {
1886 _cleanup_strv_free_
char **l
= NULL
;
1889 r
= sd_bus_message_read_strv(message
, &l
);
1894 if (!isempty(*p
) && !valid_user_group_name(*p
, VALID_USER_ALLOW_NUMERIC
|VALID_USER_RELAX
|VALID_USER_WARN
))
1895 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
,
1896 "Invalid supplementary group names");
1898 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1899 if (strv_isempty(l
)) {
1900 c
->supplementary_groups
= strv_free(c
->supplementary_groups
);
1901 unit_write_settingf(u
, flags
, name
, "%s=", name
);
1903 _cleanup_free_
char *joined
= NULL
;
1905 r
= strv_extend_strv(&c
->supplementary_groups
, l
, true);
1909 joined
= strv_join(c
->supplementary_groups
, " ");
1913 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "%s=%s", name
, joined
);
1919 } else if (streq(name
, "SetCredential")) {
1920 bool isempty
= true;
1922 r
= sd_bus_message_enter_container(message
, 'a', "(say)");
1931 r
= sd_bus_message_enter_container(message
, 'r', "say");
1937 r
= sd_bus_message_read(message
, "s", &id
);
1941 r
= sd_bus_message_read_array(message
, 'y', &p
, &sz
);
1945 r
= sd_bus_message_exit_container(message
);
1949 if (!credential_name_valid(id
))
1950 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Credential ID is invalid: %s", id
);
1954 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1955 _cleanup_free_
char *a
= NULL
, *b
= NULL
;
1956 _cleanup_free_
void *copy
= NULL
;
1957 ExecSetCredential
*old
;
1959 copy
= memdup(p
, sz
);
1963 old
= hashmap_get(c
->set_credentials
, id
);
1965 free_and_replace(old
->data
, copy
);
1968 _cleanup_(exec_set_credential_freep
) ExecSetCredential
*sc
= NULL
;
1970 sc
= new0(ExecSetCredential
, 1);
1974 sc
->id
= strdup(id
);
1978 sc
->data
= TAKE_PTR(copy
);
1981 r
= hashmap_ensure_put(&c
->set_credentials
, &exec_set_credential_hash_ops
, sc
->id
, sc
);
1988 a
= specifier_escape(id
);
1992 b
= cescape_length(p
, sz
);
1996 (void) unit_write_settingf(u
, flags
, name
, "%s=%s:%s", name
, a
, b
);
2000 r
= sd_bus_message_exit_container(message
);
2004 if (!UNIT_WRITE_FLAGS_NOOP(flags
) && isempty
) {
2005 c
->set_credentials
= hashmap_free(c
->set_credentials
);
2006 (void) unit_write_settingf(u
, flags
, name
, "%s=", name
);
2011 } else if (streq(name
, "LoadCredential")) {
2012 bool isempty
= true;
2014 r
= sd_bus_message_enter_container(message
, 'a', "(ss)");
2019 const char *id
, *source
;
2021 r
= sd_bus_message_read(message
, "(ss)", &id
, &source
);
2027 if (!credential_name_valid(id
))
2028 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Credential ID is invalid: %s", id
);
2030 if (!(path_is_absolute(source
) ? path_is_normalized(source
) : credential_name_valid(source
)))
2031 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Credential source is invalid: %s", source
);
2035 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2036 r
= strv_extend_strv(&c
->load_credentials
, STRV_MAKE(id
, source
), /* filter_duplicates = */ false);
2040 (void) unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "%s=%s:%s", name
, id
, source
);
2044 r
= sd_bus_message_exit_container(message
);
2048 if (!UNIT_WRITE_FLAGS_NOOP(flags
) && isempty
) {
2049 c
->load_credentials
= strv_free(c
->load_credentials
);
2050 (void) unit_write_settingf(u
, flags
, name
, "%s=", name
);
2055 } else if (streq(name
, "SyslogLevel")) {
2058 r
= sd_bus_message_read(message
, "i", &level
);
2062 if (!log_level_is_valid(level
))
2063 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Log level value out of range");
2065 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2066 c
->syslog_priority
= (c
->syslog_priority
& LOG_FACMASK
) | level
;
2067 unit_write_settingf(u
, flags
, name
, "SyslogLevel=%i", level
);
2072 } else if (streq(name
, "SyslogFacility")) {
2075 r
= sd_bus_message_read(message
, "i", &facility
);
2079 if (!log_facility_unshifted_is_valid(facility
))
2080 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Log facility value out of range");
2082 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2083 c
->syslog_priority
= (facility
<< 3) | LOG_PRI(c
->syslog_priority
);
2084 unit_write_settingf(u
, flags
, name
, "SyslogFacility=%i", facility
);
2089 } else if (streq(name
, "LogNamespace")) {
2092 r
= sd_bus_message_read(message
, "s", &n
);
2096 if (!isempty(n
) && !log_namespace_name_valid(n
))
2097 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Log namespace name not valid");
2099 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2102 c
->log_namespace
= mfree(c
->log_namespace
);
2103 unit_write_settingf(u
, flags
, name
, "%s=", name
);
2105 r
= free_and_strdup(&c
->log_namespace
, n
);
2109 unit_write_settingf(u
, flags
, name
, "%s=%s", name
, n
);
2115 } else if (streq(name
, "LogExtraFields")) {
2118 r
= sd_bus_message_enter_container(message
, 'a', "ay");
2123 _cleanup_free_
void *copy
= NULL
;
2129 /* Note that we expect a byte array for each field, instead of a string. That's because on the
2130 * lower-level journal fields can actually contain binary data and are not restricted to text,
2131 * and we should not "lose precision" in our types on the way. That said, I am pretty sure
2132 * actually encoding binary data as unit metadata is not a good idea. Hence we actually refuse
2133 * any actual binary data, and only accept UTF-8. This allows us to eventually lift this
2134 * limitation, should a good, valid usecase arise. */
2136 r
= sd_bus_message_read_array(message
, 'y', &p
, &sz
);
2142 if (memchr(p
, 0, sz
))
2143 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Journal field contains zero byte");
2145 eq
= memchr(p
, '=', sz
);
2147 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Journal field contains no '=' character");
2148 if (!journal_field_valid(p
, eq
- (const char*) p
, false))
2149 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Journal field invalid");
2151 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2152 t
= reallocarray(c
->log_extra_fields
, c
->n_log_extra_fields
+1, sizeof(struct iovec
));
2155 c
->log_extra_fields
= t
;
2158 copy
= malloc(sz
+ 1);
2162 memcpy(copy
, p
, sz
);
2163 ((uint8_t*) copy
)[sz
] = 0;
2165 if (!utf8_is_valid(copy
))
2166 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Journal field is not valid UTF-8");
2168 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2169 c
->log_extra_fields
[c
->n_log_extra_fields
++] = IOVEC_MAKE(copy
, sz
);
2170 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
|UNIT_ESCAPE_C
, name
, "LogExtraFields=%s", (char*) copy
);
2178 r
= sd_bus_message_exit_container(message
);
2182 if (!UNIT_WRITE_FLAGS_NOOP(flags
) && n
== 0) {
2183 exec_context_free_log_extra_fields(c
);
2184 unit_write_setting(u
, flags
, name
, "LogExtraFields=");
2192 if (streq(name
, "SystemCallErrorNumber"))
2193 return bus_set_transient_errno(u
, name
, &c
->syscall_errno
, message
, flags
, error
);
2195 if (streq(name
, "SystemCallFilter")) {
2197 _cleanup_strv_free_
char **l
= NULL
;
2199 r
= sd_bus_message_enter_container(message
, 'r', "bas");
2203 r
= sd_bus_message_read(message
, "b", &allow_list
);
2207 r
= sd_bus_message_read_strv(message
, &l
);
2211 r
= sd_bus_message_exit_container(message
);
2215 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2216 _cleanup_free_
char *joined
= NULL
;
2217 SeccompParseFlags invert_flag
= allow_list
? 0 : SECCOMP_PARSE_INVERT
;
2220 if (strv_isempty(l
)) {
2221 c
->syscall_allow_list
= false;
2222 c
->syscall_filter
= hashmap_free(c
->syscall_filter
);
2224 unit_write_settingf(u
, flags
, name
, "SystemCallFilter=");
2228 if (!c
->syscall_filter
) {
2229 c
->syscall_filter
= hashmap_new(NULL
);
2230 if (!c
->syscall_filter
)
2233 c
->syscall_allow_list
= allow_list
;
2235 if (c
->syscall_allow_list
) {
2236 r
= seccomp_parse_syscall_filter("@default",
2239 SECCOMP_PARSE_PERMISSIVE
|
2240 SECCOMP_PARSE_ALLOW_LIST
| invert_flag
,
2248 STRV_FOREACH(s
, l
) {
2249 _cleanup_free_
char *n
= NULL
;
2252 r
= parse_syscall_and_errno(*s
, &n
, &e
);
2256 if (allow_list
&& e
>= 0)
2259 r
= seccomp_parse_syscall_filter(n
,
2262 SECCOMP_PARSE_LOG
| SECCOMP_PARSE_PERMISSIVE
|
2264 (c
->syscall_allow_list
? SECCOMP_PARSE_ALLOW_LIST
: 0),
2271 joined
= strv_join(l
, " ");
2275 unit_write_settingf(u
, flags
, name
, "SystemCallFilter=%s%s", allow_list
? "" : "~", joined
);
2280 } else if (streq(name
, "SystemCallLog")) {
2282 _cleanup_strv_free_
char **l
= NULL
;
2284 r
= sd_bus_message_enter_container(message
, 'r', "bas");
2288 r
= sd_bus_message_read(message
, "b", &allow_list
);
2292 r
= sd_bus_message_read_strv(message
, &l
);
2296 r
= sd_bus_message_exit_container(message
);
2300 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2301 _cleanup_free_
char *joined
= NULL
;
2302 SeccompParseFlags invert_flag
= allow_list
? 0 : SECCOMP_PARSE_INVERT
;
2305 if (strv_isempty(l
)) {
2306 c
->syscall_log_allow_list
= false;
2307 c
->syscall_log
= hashmap_free(c
->syscall_log
);
2309 unit_write_settingf(u
, flags
, name
, "SystemCallLog=");
2313 if (!c
->syscall_log
) {
2314 c
->syscall_log
= hashmap_new(NULL
);
2315 if (!c
->syscall_log
)
2318 c
->syscall_log_allow_list
= allow_list
;
2321 STRV_FOREACH(s
, l
) {
2322 r
= seccomp_parse_syscall_filter(*s
,
2323 -1, /* errno not used */
2325 SECCOMP_PARSE_LOG
| SECCOMP_PARSE_PERMISSIVE
|
2327 (c
->syscall_log_allow_list
? SECCOMP_PARSE_ALLOW_LIST
: 0),
2334 joined
= strv_join(l
, " ");
2338 unit_write_settingf(u
, flags
, name
, "SystemCallLog=%s%s", allow_list
? "" : "~", joined
);
2343 } else if (streq(name
, "SystemCallArchitectures")) {
2344 _cleanup_strv_free_
char **l
= NULL
;
2346 r
= sd_bus_message_read_strv(message
, &l
);
2350 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2351 _cleanup_free_
char *joined
= NULL
;
2353 if (strv_isempty(l
))
2354 c
->syscall_archs
= set_free(c
->syscall_archs
);
2358 STRV_FOREACH(s
, l
) {
2361 r
= seccomp_arch_from_string(*s
, &a
);
2365 r
= set_ensure_put(&c
->syscall_archs
, NULL
, UINT32_TO_PTR(a
+ 1));
2372 joined
= strv_join(l
, " ");
2376 unit_write_settingf(u
, flags
, name
, "%s=%s", name
, joined
);
2381 } else if (streq(name
, "RestrictAddressFamilies")) {
2383 _cleanup_strv_free_
char **l
= NULL
;
2385 r
= sd_bus_message_enter_container(message
, 'r', "bas");
2389 r
= sd_bus_message_read(message
, "b", &allow_list
);
2393 r
= sd_bus_message_read_strv(message
, &l
);
2397 r
= sd_bus_message_exit_container(message
);
2401 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2402 _cleanup_free_
char *joined
= NULL
;
2405 if (strv_isempty(l
)) {
2406 c
->address_families_allow_list
= false;
2407 c
->address_families
= set_free(c
->address_families
);
2409 unit_write_settingf(u
, flags
, name
, "RestrictAddressFamilies=");
2413 if (!c
->address_families
) {
2414 c
->address_families
= set_new(NULL
);
2415 if (!c
->address_families
)
2418 c
->address_families_allow_list
= allow_list
;
2421 STRV_FOREACH(s
, l
) {
2424 af
= af_from_name(*s
);
2428 if (allow_list
== c
->address_families_allow_list
) {
2429 r
= set_put(c
->address_families
, INT_TO_PTR(af
));
2433 (void) set_remove(c
->address_families
, INT_TO_PTR(af
));
2436 joined
= strv_join(l
, " ");
2440 unit_write_settingf(u
, flags
, name
, "RestrictAddressFamilies=%s%s", allow_list
? "" : "~", joined
);
2446 if (STR_IN_SET(name
, "CPUAffinity", "NUMAMask")) {
2449 bool affinity
= streq(name
, "CPUAffinity");
2450 _cleanup_(cpu_set_reset
) CPUSet set
= {};
2452 r
= sd_bus_message_read_array(message
, 'y', &a
, &n
);
2456 r
= cpu_set_from_dbus(a
, n
, &set
);
2460 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2462 cpu_set_reset(affinity
? &c
->cpu_set
: &c
->numa_policy
.nodes
);
2463 unit_write_settingf(u
, flags
, name
, "%s=", name
);
2465 _cleanup_free_
char *str
= NULL
;
2467 str
= cpu_set_to_string(&set
);
2471 /* We forego any optimizations here, and always create the structure using
2472 * cpu_set_add_all(), because we don't want to care if the existing size we
2473 * got over dbus is appropriate. */
2474 r
= cpu_set_add_all(affinity
? &c
->cpu_set
: &c
->numa_policy
.nodes
, &set
);
2478 unit_write_settingf(u
, flags
, name
, "%s=%s", name
, str
);
2484 } else if (streq(name
, "CPUAffinityFromNUMA")) {
2487 r
= sd_bus_message_read_basic(message
, 'b', &q
);
2491 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2492 c
->cpu_affinity_from_numa
= q
;
2493 unit_write_settingf(u
, flags
, name
, "%s=%s", "CPUAffinity", "numa");
2498 } else if (streq(name
, "NUMAPolicy")) {
2501 r
= sd_bus_message_read(message
, "i", &type
);
2505 if (!mpol_is_valid(type
))
2506 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid NUMAPolicy value: %i", type
);
2508 if (!UNIT_WRITE_FLAGS_NOOP(flags
))
2509 c
->numa_policy
.type
= type
;
2513 } else if (streq(name
, "Nice")) {
2516 r
= sd_bus_message_read(message
, "i", &q
);
2520 if (!nice_is_valid(q
))
2521 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid Nice value: %i", q
);
2523 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2527 unit_write_settingf(u
, flags
, name
, "Nice=%i", q
);
2532 } else if (streq(name
, "CPUSchedulingPolicy")) {
2535 r
= sd_bus_message_read(message
, "i", &q
);
2539 if (!sched_policy_is_valid(q
))
2540 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid CPU scheduling policy: %i", q
);
2542 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2543 _cleanup_free_
char *s
= NULL
;
2545 r
= sched_policy_to_string_alloc(q
, &s
);
2549 c
->cpu_sched_policy
= q
;
2550 c
->cpu_sched_priority
= CLAMP(c
->cpu_sched_priority
, sched_get_priority_min(q
), sched_get_priority_max(q
));
2551 c
->cpu_sched_set
= true;
2553 unit_write_settingf(u
, flags
, name
, "CPUSchedulingPolicy=%s", s
);
2558 } else if (streq(name
, "CPUSchedulingPriority")) {
2559 int32_t p
, min
, max
;
2561 r
= sd_bus_message_read(message
, "i", &p
);
2565 min
= sched_get_priority_min(c
->cpu_sched_policy
);
2566 max
= sched_get_priority_max(c
->cpu_sched_policy
);
2567 if (p
< min
|| p
> max
)
2568 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid CPU scheduling priority: %i", p
);
2570 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2571 c
->cpu_sched_priority
= p
;
2572 c
->cpu_sched_set
= true;
2574 unit_write_settingf(u
, flags
, name
, "CPUSchedulingPriority=%i", p
);
2579 } else if (streq(name
, "IOSchedulingClass")) {
2582 r
= sd_bus_message_read(message
, "i", &q
);
2586 if (!ioprio_class_is_valid(q
))
2587 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid IO scheduling class: %i", q
);
2589 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2590 _cleanup_free_
char *s
= NULL
;
2592 r
= ioprio_class_to_string_alloc(q
, &s
);
2596 c
->ioprio
= IOPRIO_PRIO_VALUE(q
, IOPRIO_PRIO_DATA(c
->ioprio
));
2597 c
->ioprio_set
= true;
2599 unit_write_settingf(u
, flags
, name
, "IOSchedulingClass=%s", s
);
2604 } else if (streq(name
, "IOSchedulingPriority")) {
2607 r
= sd_bus_message_read(message
, "i", &p
);
2611 if (!ioprio_priority_is_valid(p
))
2612 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid IO scheduling priority: %i", p
);
2614 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2615 c
->ioprio
= IOPRIO_PRIO_VALUE(IOPRIO_PRIO_CLASS(c
->ioprio
), p
);
2616 c
->ioprio_set
= true;
2618 unit_write_settingf(u
, flags
, name
, "IOSchedulingPriority=%i", p
);
2623 } else if (streq(name
, "MountAPIVFS")) {
2626 r
= bus_set_transient_bool(u
, name
, &b
, message
, flags
, error
);
2630 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2631 c
->mount_apivfs
= b
;
2632 c
->mount_apivfs_set
= true;
2637 } else if (streq(name
, "WorkingDirectory")) {
2641 r
= sd_bus_message_read(message
, "s", &s
);
2651 if (!isempty(s
) && !streq(s
, "~") && !path_is_absolute(s
))
2652 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "WorkingDirectory= expects an absolute path or '~'");
2654 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2655 if (streq(s
, "~")) {
2656 c
->working_directory
= mfree(c
->working_directory
);
2657 c
->working_directory_home
= true;
2659 r
= free_and_strdup(&c
->working_directory
, empty_to_null(s
));
2663 c
->working_directory_home
= false;
2666 c
->working_directory_missing_ok
= missing_ok
;
2667 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "WorkingDirectory=%s%s", missing_ok
? "-" : "", s
);
2672 } else if (STR_IN_SET(name
,
2673 "StandardInputFileDescriptorName", "StandardOutputFileDescriptorName", "StandardErrorFileDescriptorName")) {
2676 r
= sd_bus_message_read(message
, "s", &s
);
2680 if (!isempty(s
) && !fdname_is_valid(s
))
2681 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid file descriptor name");
2683 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2685 if (streq(name
, "StandardInputFileDescriptorName")) {
2686 r
= free_and_strdup(c
->stdio_fdname
+ STDIN_FILENO
, empty_to_null(s
));
2690 c
->std_input
= EXEC_INPUT_NAMED_FD
;
2691 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardInput=fd:%s", exec_context_fdname(c
, STDIN_FILENO
));
2693 } else if (streq(name
, "StandardOutputFileDescriptorName")) {
2694 r
= free_and_strdup(c
->stdio_fdname
+ STDOUT_FILENO
, empty_to_null(s
));
2698 c
->std_output
= EXEC_OUTPUT_NAMED_FD
;
2699 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardOutput=fd:%s", exec_context_fdname(c
, STDOUT_FILENO
));
2702 assert(streq(name
, "StandardErrorFileDescriptorName"));
2704 r
= free_and_strdup(&c
->stdio_fdname
[STDERR_FILENO
], empty_to_null(s
));
2708 c
->std_error
= EXEC_OUTPUT_NAMED_FD
;
2709 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardError=fd:%s", exec_context_fdname(c
, STDERR_FILENO
));
2715 } else if (STR_IN_SET(name
,
2716 "StandardInputFile",
2717 "StandardOutputFile", "StandardOutputFileToAppend", "StandardOutputFileToTruncate",
2718 "StandardErrorFile", "StandardErrorFileToAppend", "StandardErrorFileToTruncate")) {
2721 r
= sd_bus_message_read(message
, "s", &s
);
2726 if (!path_is_absolute(s
))
2727 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Path %s is not absolute", s
);
2728 if (!path_is_normalized(s
))
2729 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Path %s is not normalized", s
);
2732 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2734 if (streq(name
, "StandardInputFile")) {
2735 r
= free_and_strdup(&c
->stdio_file
[STDIN_FILENO
], empty_to_null(s
));
2739 c
->std_input
= EXEC_INPUT_FILE
;
2740 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardInput=file:%s", s
);
2742 } else if (STR_IN_SET(name
, "StandardOutputFile", "StandardOutputFileToAppend", "StandardOutputFileToTruncate")) {
2743 r
= free_and_strdup(&c
->stdio_file
[STDOUT_FILENO
], empty_to_null(s
));
2747 if (streq(name
, "StandardOutputFile")) {
2748 c
->std_output
= EXEC_OUTPUT_FILE
;
2749 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardOutput=file:%s", s
);
2750 } else if (streq(name
, "StandardOutputFileToAppend")) {
2751 c
->std_output
= EXEC_OUTPUT_FILE_APPEND
;
2752 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardOutput=append:%s", s
);
2754 assert(streq(name
, "StandardOutputFileToTruncate"));
2755 c
->std_output
= EXEC_OUTPUT_FILE_TRUNCATE
;
2756 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardOutput=truncate:%s", s
);
2759 assert(STR_IN_SET(name
, "StandardErrorFile", "StandardErrorFileToAppend", "StandardErrorFileToTruncate"));
2761 r
= free_and_strdup(&c
->stdio_file
[STDERR_FILENO
], empty_to_null(s
));
2765 if (streq(name
, "StandardErrorFile")) {
2766 c
->std_error
= EXEC_OUTPUT_FILE
;
2767 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardError=file:%s", s
);
2768 } else if (streq(name
, "StandardErrorFileToAppend")) {
2769 c
->std_error
= EXEC_OUTPUT_FILE_APPEND
;
2770 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardError=append:%s", s
);
2772 assert(streq(name
, "StandardErrorFileToTruncate"));
2773 c
->std_error
= EXEC_OUTPUT_FILE_TRUNCATE
;
2774 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardError=truncate:%s", s
);
2781 } else if (streq(name
, "StandardInputData")) {
2785 r
= sd_bus_message_read_array(message
, 'y', &p
, &sz
);
2789 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2790 _cleanup_free_
char *encoded
= NULL
;
2793 c
->stdin_data
= mfree(c
->stdin_data
);
2794 c
->stdin_data_size
= 0;
2796 unit_write_settingf(u
, flags
, name
, "StandardInputData=");
2801 if (c
->stdin_data_size
+ sz
< c
->stdin_data_size
|| /* check for overflow */
2802 c
->stdin_data_size
+ sz
> EXEC_STDIN_DATA_MAX
)
2805 n
= base64mem(p
, sz
, &encoded
);
2809 q
= realloc(c
->stdin_data
, c
->stdin_data_size
+ sz
);
2813 memcpy((uint8_t*) q
+ c
->stdin_data_size
, p
, sz
);
2816 c
->stdin_data_size
+= sz
;
2818 unit_write_settingf(u
, flags
, name
, "StandardInputData=%s", encoded
);
2824 } else if (streq(name
, "Environment")) {
2826 _cleanup_strv_free_
char **l
= NULL
;
2828 r
= sd_bus_message_read_strv(message
, &l
);
2832 if (!strv_env_is_valid(l
))
2833 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid environment block.");
2835 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2836 if (strv_isempty(l
)) {
2837 c
->environment
= strv_free(c
->environment
);
2838 unit_write_setting(u
, flags
, name
, "Environment=");
2840 _cleanup_free_
char *joined
= NULL
;
2843 joined
= unit_concat_strv(l
, UNIT_ESCAPE_SPECIFIERS
|UNIT_ESCAPE_C
);
2847 e
= strv_env_merge(2, c
->environment
, l
);
2851 strv_free_and_replace(c
->environment
, e
);
2852 unit_write_settingf(u
, flags
, name
, "Environment=%s", joined
);
2858 } else if (streq(name
, "UnsetEnvironment")) {
2860 _cleanup_strv_free_
char **l
= NULL
;
2862 r
= sd_bus_message_read_strv(message
, &l
);
2866 if (!strv_env_name_or_assignment_is_valid(l
))
2867 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid UnsetEnvironment= list.");
2869 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2870 if (strv_isempty(l
)) {
2871 c
->unset_environment
= strv_free(c
->unset_environment
);
2872 unit_write_setting(u
, flags
, name
, "UnsetEnvironment=");
2874 _cleanup_free_
char *joined
= NULL
;
2877 joined
= unit_concat_strv(l
, UNIT_ESCAPE_SPECIFIERS
|UNIT_ESCAPE_C
);
2881 e
= strv_env_merge(2, c
->unset_environment
, l
);
2885 strv_free_and_replace(c
->unset_environment
, e
);
2886 unit_write_settingf(u
, flags
, name
, "UnsetEnvironment=%s", joined
);
2892 } else if (streq(name
, "OOMScoreAdjust")) {
2895 r
= sd_bus_message_read(message
, "i", &oa
);
2899 if (!oom_score_adjust_is_valid(oa
))
2900 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "OOM score adjust value out of range");
2902 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2903 c
->oom_score_adjust
= oa
;
2904 c
->oom_score_adjust_set
= true;
2905 unit_write_settingf(u
, flags
, name
, "OOMScoreAdjust=%i", oa
);
2910 } else if (streq(name
, "CoredumpFilter")) {
2913 r
= sd_bus_message_read(message
, "t", &f
);
2917 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2918 c
->coredump_filter
= f
;
2919 c
->coredump_filter_set
= true;
2920 unit_write_settingf(u
, flags
, name
, "CoredumpFilter=0x%"PRIx64
, f
);
2925 } else if (streq(name
, "EnvironmentFiles")) {
2927 _cleanup_free_
char *joined
= NULL
;
2928 _cleanup_fclose_
FILE *f
= NULL
;
2929 _cleanup_strv_free_
char **l
= NULL
;
2933 r
= sd_bus_message_enter_container(message
, 'a', "(sb)");
2937 f
= open_memstream_unlocked(&joined
, &size
);
2941 fputs("EnvironmentFile=\n", f
);
2943 STRV_FOREACH(i
, c
->environment_files
) {
2944 _cleanup_free_
char *q
= NULL
;
2946 q
= specifier_escape(*i
);
2950 fprintf(f
, "EnvironmentFile=%s\n", q
);
2953 while ((r
= sd_bus_message_enter_container(message
, 'r', "sb")) > 0) {
2957 r
= sd_bus_message_read(message
, "sb", &path
, &b
);
2961 r
= sd_bus_message_exit_container(message
);
2965 if (!path_is_absolute(path
))
2966 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Path %s is not absolute.", path
);
2968 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2969 _cleanup_free_
char *q
= NULL
, *buf
= NULL
;
2971 buf
= strjoin(b
? "-" : "", path
);
2975 q
= specifier_escape(buf
);
2979 fprintf(f
, "EnvironmentFile=%s\n", q
);
2981 r
= strv_consume(&l
, TAKE_PTR(buf
));
2989 r
= sd_bus_message_exit_container(message
);
2993 r
= fflush_and_check(f
);
2997 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2998 if (strv_isempty(l
)) {
2999 c
->environment_files
= strv_free(c
->environment_files
);
3000 unit_write_setting(u
, flags
, name
, "EnvironmentFile=");
3002 r
= strv_extend_strv(&c
->environment_files
, l
, true);
3006 unit_write_setting(u
, flags
, name
, joined
);
3012 } else if (streq(name
, "PassEnvironment")) {
3014 _cleanup_strv_free_
char **l
= NULL
;
3016 r
= sd_bus_message_read_strv(message
, &l
);
3020 if (!strv_env_name_is_valid(l
))
3021 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid PassEnvironment= block.");
3023 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3024 if (strv_isempty(l
)) {
3025 c
->pass_environment
= strv_free(c
->pass_environment
);
3026 unit_write_setting(u
, flags
, name
, "PassEnvironment=");
3028 _cleanup_free_
char *joined
= NULL
;
3030 r
= strv_extend_strv(&c
->pass_environment
, l
, true);
3034 /* We write just the new settings out to file, with unresolved specifiers. */
3035 joined
= unit_concat_strv(l
, UNIT_ESCAPE_SPECIFIERS
);
3039 unit_write_settingf(u
, flags
, name
, "PassEnvironment=%s", joined
);
3045 } else if (STR_IN_SET(name
, "ReadWriteDirectories", "ReadOnlyDirectories", "InaccessibleDirectories",
3046 "ReadWritePaths", "ReadOnlyPaths", "InaccessiblePaths", "ExecPaths", "NoExecPaths")) {
3047 _cleanup_strv_free_
char **l
= NULL
;
3051 r
= sd_bus_message_read_strv(message
, &l
);
3055 STRV_FOREACH(p
, l
) {
3059 offset
= i
[0] == '-';
3060 offset
+= i
[offset
] == '+';
3061 if (!path_is_absolute(i
+ offset
))
3062 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid %s", name
);
3064 path_simplify(i
+ offset
, false);
3067 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3068 if (STR_IN_SET(name
, "ReadWriteDirectories", "ReadWritePaths"))
3069 dirs
= &c
->read_write_paths
;
3070 else if (STR_IN_SET(name
, "ReadOnlyDirectories", "ReadOnlyPaths"))
3071 dirs
= &c
->read_only_paths
;
3072 else if (streq(name
, "ExecPaths"))
3073 dirs
= &c
->exec_paths
;
3074 else if (streq(name
, "NoExecPaths"))
3075 dirs
= &c
->no_exec_paths
;
3076 else /* "InaccessiblePaths" */
3077 dirs
= &c
->inaccessible_paths
;
3079 if (strv_isempty(l
)) {
3080 *dirs
= strv_free(*dirs
);
3081 unit_write_settingf(u
, flags
, name
, "%s=", name
);
3083 _cleanup_free_
char *joined
= NULL
;
3085 joined
= unit_concat_strv(l
, UNIT_ESCAPE_SPECIFIERS
);
3089 r
= strv_extend_strv(dirs
, l
, true);
3093 unit_write_settingf(u
, flags
, name
, "%s=%s", name
, joined
);
3099 } else if (STR_IN_SET(name
, "RuntimeDirectory", "StateDirectory", "CacheDirectory", "LogsDirectory", "ConfigurationDirectory")) {
3100 _cleanup_strv_free_
char **l
= NULL
;
3103 r
= sd_bus_message_read_strv(message
, &l
);
3107 STRV_FOREACH(p
, l
) {
3108 if (!path_is_normalized(*p
))
3109 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "%s= path is not normalized: %s", name
, *p
);
3111 if (path_is_absolute(*p
))
3112 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "%s= path is absolute: %s", name
, *p
);
3114 if (path_startswith(*p
, "private"))
3115 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "%s= path can't be 'private': %s", name
, *p
);
3118 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3119 ExecDirectoryType i
;
3122 assert_se((i
= exec_directory_type_from_string(name
)) >= 0);
3123 d
= c
->directories
+ i
;
3125 if (strv_isempty(l
)) {
3126 d
->paths
= strv_free(d
->paths
);
3127 unit_write_settingf(u
, flags
, name
, "%s=", name
);
3129 _cleanup_free_
char *joined
= NULL
;
3131 r
= strv_extend_strv(&d
->paths
, l
, true);
3135 joined
= unit_concat_strv(l
, UNIT_ESCAPE_SPECIFIERS
);
3139 unit_write_settingf(u
, flags
, name
, "%s=%s", name
, joined
);
3145 } else if (STR_IN_SET(name
, "AppArmorProfile", "SmackProcessLabel")) {
3149 r
= sd_bus_message_read(message
, "(bs)", &ignore
, &s
);
3153 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3157 if (streq(name
, "AppArmorProfile")) {
3158 p
= &c
->apparmor_profile
;
3159 b
= &c
->apparmor_profile_ignore
;
3160 } else { /* "SmackProcessLabel" */
3161 p
= &c
->smack_process_label
;
3162 b
= &c
->smack_process_label_ignore
;
3169 if (free_and_strdup(p
, s
) < 0)
3174 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "%s=%s%s", name
, ignore
? "-" : "", strempty(s
));
3179 } else if (STR_IN_SET(name
, "BindPaths", "BindReadOnlyPaths")) {
3180 char *source
, *destination
;
3182 uint64_t mount_flags
;
3185 r
= sd_bus_message_enter_container(message
, 'a', "(ssbt)");
3189 while ((r
= sd_bus_message_read(message
, "(ssbt)", &source
, &destination
, &ignore_enoent
, &mount_flags
)) > 0) {
3191 if (!path_is_absolute(source
))
3192 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Source path %s is not absolute.", source
);
3193 if (!path_is_absolute(destination
))
3194 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Destination path %s is not absolute.", destination
);
3195 if (!IN_SET(mount_flags
, 0, MS_REC
))
3196 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Unknown mount flags.");
3198 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3199 r
= bind_mount_add(&c
->bind_mounts
, &c
->n_bind_mounts
,
3202 .destination
= destination
,
3203 .read_only
= !!strstr(name
, "ReadOnly"),
3204 .recursive
= !!(mount_flags
& MS_REC
),
3205 .ignore_enoent
= ignore_enoent
,
3210 unit_write_settingf(
3211 u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
,
3214 ignore_enoent
? "-" : "",
3217 (mount_flags
& MS_REC
) ? "rbind" : "norbind");
3225 r
= sd_bus_message_exit_container(message
);
3230 bind_mount_free_many(c
->bind_mounts
, c
->n_bind_mounts
);
3231 c
->bind_mounts
= NULL
;
3232 c
->n_bind_mounts
= 0;
3234 unit_write_settingf(u
, flags
, name
, "%s=", name
);
3239 } else if (streq(name
, "TemporaryFileSystem")) {
3240 const char *path
, *options
;
3243 r
= sd_bus_message_enter_container(message
, 'a', "(ss)");
3247 while ((r
= sd_bus_message_read(message
, "(ss)", &path
, &options
)) > 0) {
3249 if (!path_is_absolute(path
))
3250 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Mount point %s is not absolute.", path
);
3252 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3253 r
= temporary_filesystem_add(&c
->temporary_filesystems
, &c
->n_temporary_filesystems
, path
, options
);
3257 unit_write_settingf(
3258 u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
,
3270 r
= sd_bus_message_exit_container(message
);
3275 temporary_filesystem_free_many(c
->temporary_filesystems
, c
->n_temporary_filesystems
);
3276 c
->temporary_filesystems
= NULL
;
3277 c
->n_temporary_filesystems
= 0;
3279 unit_write_settingf(u
, flags
, name
, "%s=", name
);
3284 } else if ((suffix
= startswith(name
, "Limit"))) {
3285 const char *soft
= NULL
;
3288 ri
= rlimit_from_string(suffix
);
3290 soft
= endswith(suffix
, "Soft");
3294 n
= strndupa(suffix
, soft
- suffix
);
3295 ri
= rlimit_from_string(n
);
3297 name
= strjoina("Limit", n
);
3305 r
= sd_bus_message_read(message
, "t", &rl
);
3309 if (rl
== UINT64_MAX
)
3314 if ((uint64_t) x
!= rl
)
3318 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3319 _cleanup_free_
char *f
= NULL
;
3322 if (c
->rlimit
[ri
]) {
3323 nl
= *c
->rlimit
[ri
];
3330 /* When the resource limit is not initialized yet, then assign the value to both fields */
3331 nl
= (struct rlimit
) {
3336 r
= rlimit_format(&nl
, &f
);
3341 *c
->rlimit
[ri
] = nl
;
3343 c
->rlimit
[ri
] = newdup(struct rlimit
, &nl
, 1);
3348 unit_write_settingf(u
, flags
, name
, "%s=%s", name
, f
);
3354 } else if (streq(name
, "MountImages")) {
3355 _cleanup_free_
char *format_str
= NULL
;
3356 MountImage
*mount_images
= NULL
;
3357 size_t n_mount_images
= 0;
3358 char *source
, *destination
;
3361 r
= sd_bus_message_enter_container(message
, 'a', "(ssba(ss))");
3366 _cleanup_(mount_options_free_allp
) MountOptions
*options
= NULL
;
3367 _cleanup_free_
char *source_escaped
= NULL
, *destination_escaped
= NULL
;
3370 r
= sd_bus_message_enter_container(message
, 'r', "ssba(ss)");
3374 r
= sd_bus_message_read(message
, "ssb", &source
, &destination
, &permissive
);
3378 if (!path_is_absolute(source
))
3379 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Source path %s is not absolute.", source
);
3380 if (!path_is_normalized(source
))
3381 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Source path %s is not normalized.", source
);
3382 if (!path_is_absolute(destination
))
3383 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Destination path %s is not absolute.", destination
);
3384 if (!path_is_normalized(destination
))
3385 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Destination path %s is not normalized.", destination
);
3387 /* Need to store them in the unit with the escapes, so that they can be parsed again */
3388 source_escaped
= shell_escape(source
, ":");
3389 if (!source_escaped
)
3391 destination_escaped
= shell_escape(destination
, ":");
3392 if (!destination_escaped
)
3395 tuple
= strjoin(format_str
,
3396 format_str
? " " : "",
3397 permissive
? "-" : "",
3400 destination_escaped
);
3403 free_and_replace(format_str
, tuple
);
3405 r
= bus_read_mount_options(message
, error
, &options
, &format_str
, ":");
3409 r
= sd_bus_message_exit_container(message
);
3413 r
= mount_image_add(&mount_images
, &n_mount_images
,
3416 .destination
= destination
,
3417 .mount_options
= options
,
3418 .ignore_enoent
= permissive
,
3419 .type
= MOUNT_IMAGE_DISCRETE
,
3427 r
= sd_bus_message_exit_container(message
);
3431 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3432 if (n_mount_images
== 0) {
3433 c
->mount_images
= mount_image_free_many(c
->mount_images
, &c
->n_mount_images
);
3435 unit_write_settingf(u
, flags
, name
, "%s=", name
);
3437 for (size_t i
= 0; i
< n_mount_images
; ++i
) {
3438 r
= mount_image_add(&c
->mount_images
, &c
->n_mount_images
, &mount_images
[i
]);
3443 unit_write_settingf(u
, flags
|UNIT_ESCAPE_C
|UNIT_ESCAPE_SPECIFIERS
,
3451 mount_images
= mount_image_free_many(mount_images
, &n_mount_images
);
3454 } else if (streq(name
, "ExtensionImages")) {
3455 _cleanup_free_
char *format_str
= NULL
;
3456 MountImage
*extension_images
= NULL
;
3457 size_t n_extension_images
= 0;
3459 r
= sd_bus_message_enter_container(message
, 'a', "(sba(ss))");
3464 _cleanup_(mount_options_free_allp
) MountOptions
*options
= NULL
;
3465 _cleanup_free_
char *source_escaped
= NULL
;
3466 char *source
, *tuple
;
3469 r
= sd_bus_message_enter_container(message
, 'r', "sba(ss)");
3473 r
= sd_bus_message_read(message
, "sb", &source
, &permissive
);
3477 if (!path_is_absolute(source
))
3478 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Source path %s is not absolute.", source
);
3479 if (!path_is_normalized(source
))
3480 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Source path %s is not normalized.", source
);
3482 /* Need to store them in the unit with the escapes, so that they can be parsed again */
3483 source_escaped
= shell_escape(source
, ":");
3484 if (!source_escaped
)
3487 tuple
= strjoin(format_str
,
3488 format_str
? " " : "",
3489 permissive
? "-" : "",
3493 free_and_replace(format_str
, tuple
);
3495 r
= bus_read_mount_options(message
, error
, &options
, &format_str
, ":");
3499 r
= sd_bus_message_exit_container(message
);
3503 r
= mount_image_add(&extension_images
, &n_extension_images
,
3506 .mount_options
= options
,
3507 .ignore_enoent
= permissive
,
3508 .type
= MOUNT_IMAGE_EXTENSION
,
3516 r
= sd_bus_message_exit_container(message
);
3520 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3521 if (n_extension_images
== 0) {
3522 c
->extension_images
= mount_image_free_many(c
->extension_images
, &c
->n_extension_images
);
3524 unit_write_settingf(u
, flags
, name
, "%s=", name
);
3526 for (size_t i
= 0; i
< n_extension_images
; ++i
) {
3527 r
= mount_image_add(&c
->extension_images
, &c
->n_extension_images
, &extension_images
[i
]);
3532 unit_write_settingf(u
, flags
|UNIT_ESCAPE_C
|UNIT_ESCAPE_SPECIFIERS
,
3540 extension_images
= mount_image_free_many(extension_images
, &n_extension_images
);