1 /* SPDX-License-Identifier: LGPL-2.1+ */
5 Copyright 2010 Lennart Poettering
8 typedef struct ExecStatus ExecStatus
;
9 typedef struct ExecCommand ExecCommand
;
10 typedef struct ExecContext ExecContext
;
11 typedef struct ExecRuntime ExecRuntime
;
12 typedef struct ExecParameters ExecParameters
;
13 typedef struct Manager Manager
;
18 #include <sys/capability.h>
20 #include "cgroup-util.h"
24 #include "namespace.h"
27 #define EXEC_STDIN_DATA_MAX (64U*1024U*1024U)
29 typedef enum ExecUtmpMode
{
34 _EXEC_UTMP_MODE_INVALID
= -1
37 typedef enum ExecInput
{
47 _EXEC_INPUT_INVALID
= -1
50 typedef enum ExecOutput
{
55 EXEC_OUTPUT_SYSLOG_AND_CONSOLE
,
57 EXEC_OUTPUT_KMSG_AND_CONSOLE
,
59 EXEC_OUTPUT_JOURNAL_AND_CONSOLE
,
64 _EXEC_OUTPUT_INVALID
= -1
67 typedef enum ExecPreserveMode
{
70 EXEC_PRESERVE_RESTART
,
71 _EXEC_PRESERVE_MODE_MAX
,
72 _EXEC_PRESERVE_MODE_INVALID
= -1
75 typedef enum ExecKeyringMode
{
79 _EXEC_KEYRING_MODE_MAX
,
80 _EXEC_KEYRING_MODE_INVALID
= -1,
84 dual_timestamp start_timestamp
;
85 dual_timestamp exit_timestamp
;
87 int code
; /* as in siginfo_t::si_code */
88 int status
; /* as in sigingo_t::si_status */
91 typedef enum ExecCommandFlags
{
92 EXEC_COMMAND_IGNORE_FAILURE
= 1,
93 EXEC_COMMAND_FULLY_PRIVILEGED
= 2,
94 EXEC_COMMAND_NO_SETUID
= 4,
95 EXEC_COMMAND_AMBIENT_MAGIC
= 8,
101 ExecStatus exec_status
;
102 ExecCommandFlags flags
;
103 LIST_FIELDS(ExecCommand
, command
); /* useful for chaining commands */
111 /* unit id of the owner */
117 /* An AF_UNIX socket pair, that contains a datagram containing a file descriptor referring to the network
119 int netns_storage_socket
[2];
122 typedef enum ExecDirectoryType
{
123 EXEC_DIRECTORY_RUNTIME
= 0,
124 EXEC_DIRECTORY_STATE
,
125 EXEC_DIRECTORY_CACHE
,
127 EXEC_DIRECTORY_CONFIGURATION
,
128 _EXEC_DIRECTORY_TYPE_MAX
,
129 _EXEC_DIRECTORY_TYPE_INVALID
= -1,
132 typedef struct ExecDirectory
{
139 char **environment_files
;
140 char **pass_environment
;
141 char **unset_environment
;
143 struct rlimit
*rlimit
[_RLIMIT_MAX
];
144 char *working_directory
, *root_directory
, *root_image
;
145 bool working_directory_missing_ok
;
146 bool working_directory_home
;
149 int oom_score_adjust
;
152 int cpu_sched_policy
;
153 int cpu_sched_priority
;
156 unsigned cpuset_ncpus
;
159 ExecOutput std_output
;
160 ExecOutput std_error
;
161 char *stdio_fdname
[3];
165 size_t stdin_data_size
;
167 nsec_t timer_slack_nsec
;
175 bool tty_vt_disallocate
;
179 /* Since resolving these names might involve socket
180 * connections and we don't want to deadlock ourselves these
181 * names are resolved on execution only and in the child
185 char **supplementary_groups
;
190 ExecUtmpMode utmp_mode
;
192 bool selinux_context_ignore
;
193 char *selinux_context
;
195 bool apparmor_profile_ignore
;
196 char *apparmor_profile
;
198 bool smack_process_label_ignore
;
199 char *smack_process_label
;
201 ExecKeyringMode keyring_mode
;
203 char **read_write_paths
, **read_only_paths
, **inaccessible_paths
;
204 unsigned long mount_flags
;
205 BindMount
*bind_mounts
;
206 size_t n_bind_mounts
;
207 TemporaryFileSystem
*temporary_filesystems
;
208 size_t n_temporary_filesystems
;
210 uint64_t capability_bounding_set
;
211 uint64_t capability_ambient_set
;
215 char *syslog_identifier
;
216 bool syslog_level_prefix
;
220 struct iovec
* log_extra_fields
;
221 size_t n_log_extra_fields
;
223 bool cpu_sched_reset_on_fork
;
226 bool private_network
;
227 bool private_devices
;
230 ProtectSystem protect_system
;
231 ProtectHome protect_home
;
232 bool protect_kernel_tunables
;
233 bool protect_kernel_modules
;
234 bool protect_control_groups
;
237 bool no_new_privileges
;
242 /* This is not exposed to the user but available
243 * internally. We need it to make sure that whenever we spawn
244 * /usr/bin/mount it is run in the same process group as us so
245 * that the autofs logic detects that it belongs to us and we
246 * don't enter a trigger loop. */
249 unsigned long personality
;
250 bool lock_personality
;
252 unsigned long restrict_namespaces
; /* The CLONE_NEWxyz flags permitted to the unit's processes */
254 Hashmap
*syscall_filter
;
257 bool syscall_whitelist
:1;
259 Set
*address_families
;
260 bool address_families_whitelist
:1;
262 ExecPreserveMode runtime_directory_preserve_mode
;
263 ExecDirectory directories
[_EXEC_DIRECTORY_TYPE_MAX
];
265 bool memory_deny_write_execute
;
266 bool restrict_realtime
;
268 bool oom_score_adjust_set
:1;
271 bool cpu_sched_set
:1;
274 static inline bool exec_context_restrict_namespaces_set(const ExecContext
*c
) {
277 return (c
->restrict_namespaces
& NAMESPACE_FLAGS_ALL
) != NAMESPACE_FLAGS_ALL
;
280 typedef enum ExecFlags
{
281 EXEC_APPLY_SANDBOXING
= 1 << 0,
282 EXEC_APPLY_CHROOT
= 1 << 1,
283 EXEC_APPLY_TTY_STDIN
= 1 << 2,
284 EXEC_NEW_KEYRING
= 1 << 3,
285 EXEC_PASS_LOG_UNIT
= 1 << 4, /* Whether to pass the unit name to the service's journal stream connection */
286 EXEC_CHOWN_DIRECTORIES
= 1 << 5, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */
287 EXEC_NSS_BYPASS_BUS
= 1 << 6, /* Set the SYSTEMD_NSS_BYPASS_BUS environment variable, to disable nss-systemd for dbus */
288 EXEC_CGROUP_DELEGATE
= 1 << 7,
290 /* The following are not used by execute.c, but by consumers internally */
291 EXEC_PASS_FDS
= 1 << 8,
292 EXEC_IS_CONTROL
= 1 << 9,
293 EXEC_SETENV_RESULT
= 1 << 10,
294 EXEC_SET_WATCHDOG
= 1 << 11,
297 struct ExecParameters
{
303 size_t n_storage_fds
;
307 bool selinux_context_net
:1;
309 CGroupMask cgroup_supported
;
310 const char *cgroup_path
;
314 const char *confirm_spawn
;
316 usec_t watchdog_usec
;
326 #include "dynamic-user.h"
328 int exec_spawn(Unit
*unit
,
329 ExecCommand
*command
,
330 const ExecContext
*context
,
331 const ExecParameters
*exec_params
,
332 ExecRuntime
*runtime
,
333 DynamicCreds
*dynamic_creds
,
336 void exec_command_done_array(ExecCommand
*c
, size_t n
);
338 ExecCommand
* exec_command_free_list(ExecCommand
*c
);
339 void exec_command_free_array(ExecCommand
**c
, size_t n
);
341 void exec_command_dump_list(ExecCommand
*c
, FILE *f
, const char *prefix
);
342 void exec_command_append_list(ExecCommand
**l
, ExecCommand
*e
);
343 int exec_command_set(ExecCommand
*c
, const char *path
, ...);
344 int exec_command_append(ExecCommand
*c
, const char *path
, ...);
346 void exec_context_init(ExecContext
*c
);
347 void exec_context_done(ExecContext
*c
);
348 void exec_context_dump(const ExecContext
*c
, FILE* f
, const char *prefix
);
350 int exec_context_destroy_runtime_directory(const ExecContext
*c
, const char *runtime_root
);
352 const char* exec_context_fdname(const ExecContext
*c
, int fd_index
);
354 bool exec_context_may_touch_console(const ExecContext
*c
);
355 bool exec_context_maintains_privileges(const ExecContext
*c
);
357 int exec_context_get_effective_ioprio(const ExecContext
*c
);
359 void exec_context_free_log_extra_fields(ExecContext
*c
);
361 void exec_status_start(ExecStatus
*s
, pid_t pid
);
362 void exec_status_exit(ExecStatus
*s
, const ExecContext
*context
, pid_t pid
, int code
, int status
);
363 void exec_status_dump(const ExecStatus
*s
, FILE *f
, const char *prefix
);
365 int exec_runtime_acquire(Manager
*m
, const ExecContext
*c
, const char *name
, bool create
, ExecRuntime
**ret
);
366 ExecRuntime
*exec_runtime_unref(ExecRuntime
*r
, bool destroy
);
368 int exec_runtime_serialize(const Manager
*m
, FILE *f
, FDSet
*fds
);
369 int exec_runtime_deserialize_compat(Unit
*u
, const char *key
, const char *value
, FDSet
*fds
);
370 void exec_runtime_deserialize_one(Manager
*m
, const char *value
, FDSet
*fds
);
371 void exec_runtime_vacuum(Manager
*m
);
373 const char* exec_output_to_string(ExecOutput i
) _const_
;
374 ExecOutput
exec_output_from_string(const char *s
) _pure_
;
376 const char* exec_input_to_string(ExecInput i
) _const_
;
377 ExecInput
exec_input_from_string(const char *s
) _pure_
;
379 const char* exec_utmp_mode_to_string(ExecUtmpMode i
) _const_
;
380 ExecUtmpMode
exec_utmp_mode_from_string(const char *s
) _pure_
;
382 const char* exec_preserve_mode_to_string(ExecPreserveMode i
) _const_
;
383 ExecPreserveMode
exec_preserve_mode_from_string(const char *s
) _pure_
;
385 const char* exec_keyring_mode_to_string(ExecKeyringMode i
) _const_
;
386 ExecKeyringMode
exec_keyring_mode_from_string(const char *s
) _pure_
;
388 const char* exec_directory_type_to_string(ExecDirectoryType i
) _const_
;
389 ExecDirectoryType
exec_directory_type_from_string(const char *s
) _pure_
;