src/core/execute.h

   1 /* SPDX-License-Identifier: LGPL-2.1+ */
   2 #pragma once
   3
   4 /***
   5   Copyright 2010 Lennart Poettering
   6 ***/
   7
   8 typedef struct ExecStatus ExecStatus;
   9 typedef struct ExecCommand ExecCommand;
  10 typedef struct ExecContext ExecContext;
  11 typedef struct ExecRuntime ExecRuntime;
  12 typedef struct ExecParameters ExecParameters;
  13 typedef struct Manager Manager;
  14
  15 #include <sched.h>
  16 #include <stdbool.h>
  17 #include <stdio.h>
  18 #include <sys/capability.h>
  19
  20 #include "cgroup-util.h"
  21 #include "fdset.h"
  22 #include "list.h"
  23 #include "missing.h"
  24 #include "namespace.h"
  25 #include "nsflags.h"
  26
  27 #define EXEC_STDIN_DATA_MAX (64U*1024U*1024U)
  28
  29 typedef enum ExecUtmpMode {
  30         EXEC_UTMP_INIT,
  31         EXEC_UTMP_LOGIN,
  32         EXEC_UTMP_USER,
  33         _EXEC_UTMP_MODE_MAX,
  34         _EXEC_UTMP_MODE_INVALID = -1
  35 } ExecUtmpMode;
  36
  37 typedef enum ExecInput {
  38         EXEC_INPUT_NULL,
  39         EXEC_INPUT_TTY,
  40         EXEC_INPUT_TTY_FORCE,
  41         EXEC_INPUT_TTY_FAIL,
  42         EXEC_INPUT_SOCKET,
  43         EXEC_INPUT_NAMED_FD,
  44         EXEC_INPUT_DATA,
  45         EXEC_INPUT_FILE,
  46         _EXEC_INPUT_MAX,
  47         _EXEC_INPUT_INVALID = -1
  48 } ExecInput;
  49
  50 typedef enum ExecOutput {
  51         EXEC_OUTPUT_INHERIT,
  52         EXEC_OUTPUT_NULL,
  53         EXEC_OUTPUT_TTY,
  54         EXEC_OUTPUT_SYSLOG,
  55         EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
  56         EXEC_OUTPUT_KMSG,
  57         EXEC_OUTPUT_KMSG_AND_CONSOLE,
  58         EXEC_OUTPUT_JOURNAL,
  59         EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
  60         EXEC_OUTPUT_SOCKET,
  61         EXEC_OUTPUT_NAMED_FD,
  62         EXEC_OUTPUT_FILE,
  63         _EXEC_OUTPUT_MAX,
  64         _EXEC_OUTPUT_INVALID = -1
  65 } ExecOutput;
  66
  67 typedef enum ExecPreserveMode {
  68         EXEC_PRESERVE_NO,
  69         EXEC_PRESERVE_YES,
  70         EXEC_PRESERVE_RESTART,
  71         _EXEC_PRESERVE_MODE_MAX,
  72         _EXEC_PRESERVE_MODE_INVALID = -1
  73 } ExecPreserveMode;
  74
  75 typedef enum ExecKeyringMode {
  76         EXEC_KEYRING_INHERIT,
  77         EXEC_KEYRING_PRIVATE,
  78         EXEC_KEYRING_SHARED,
  79         _EXEC_KEYRING_MODE_MAX,
  80         _EXEC_KEYRING_MODE_INVALID = -1,
  81 } ExecKeyringMode;
  82
  83 struct ExecStatus {
  84         dual_timestamp start_timestamp;
  85         dual_timestamp exit_timestamp;
  86         pid_t pid;
  87         int code;     /* as in siginfo_t::si_code */
  88         int status;   /* as in sigingo_t::si_status */
  89 };
  90
  91 typedef enum ExecCommandFlags {
  92         EXEC_COMMAND_IGNORE_FAILURE = 1,
  93         EXEC_COMMAND_FULLY_PRIVILEGED = 2,
  94         EXEC_COMMAND_NO_SETUID = 4,
  95         EXEC_COMMAND_AMBIENT_MAGIC = 8,
  96 } ExecCommandFlags;
  97
  98 struct ExecCommand {
  99         char *path;
 100         char **argv;
 101         ExecStatus exec_status;
 102         ExecCommandFlags flags;
 103         LIST_FIELDS(ExecCommand, command); /* useful for chaining commands */
 104 };
 105
 106 struct ExecRuntime {
 107         int n_ref;
 108
 109         Manager *manager;
 110
 111         /* unit id of the owner */
 112         char *id;
 113
 114         char *tmp_dir;
 115         char *var_tmp_dir;
 116
 117         /* An AF_UNIX socket pair, that contains a datagram containing a file descriptor referring to the network
 118          * namespace. */
 119         int netns_storage_socket[2];
 120 };
 121
 122 typedef enum ExecDirectoryType {
 123         EXEC_DIRECTORY_RUNTIME = 0,
 124         EXEC_DIRECTORY_STATE,
 125         EXEC_DIRECTORY_CACHE,
 126         EXEC_DIRECTORY_LOGS,
 127         EXEC_DIRECTORY_CONFIGURATION,
 128         _EXEC_DIRECTORY_TYPE_MAX,
 129         _EXEC_DIRECTORY_TYPE_INVALID = -1,
 130 } ExecDirectoryType;
 131
 132 typedef struct ExecDirectory {
 133         char **paths;
 134         mode_t mode;
 135 } ExecDirectory;
 136
 137 struct ExecContext {
 138         char **environment;
 139         char **environment_files;
 140         char **pass_environment;
 141         char **unset_environment;
 142
 143         struct rlimit *rlimit[_RLIMIT_MAX];
 144         char *working_directory, *root_directory, *root_image;
 145         bool working_directory_missing_ok;
 146         bool working_directory_home;
 147
 148         mode_t umask;
 149         int oom_score_adjust;
 150         int nice;
 151         int ioprio;
 152         int cpu_sched_policy;
 153         int cpu_sched_priority;
 154
 155         cpu_set_t *cpuset;
 156         unsigned cpuset_ncpus;
 157
 158         ExecInput std_input;
 159         ExecOutput std_output;
 160         ExecOutput std_error;
 161         char *stdio_fdname[3];
 162         char *stdio_file[3];
 163
 164         void *stdin_data;
 165         size_t stdin_data_size;
 166
 167         nsec_t timer_slack_nsec;
 168
 169         bool stdio_as_fds;
 170
 171         char *tty_path;
 172
 173         bool tty_reset;
 174         bool tty_vhangup;
 175         bool tty_vt_disallocate;
 176
 177         bool ignore_sigpipe;
 178
 179         /* Since resolving these names might involve socket
 180          * connections and we don't want to deadlock ourselves these
 181          * names are resolved on execution only and in the child
 182          * process. */
 183         char *user;
 184         char *group;
 185         char **supplementary_groups;
 186
 187         char *pam_name;
 188
 189         char *utmp_id;
 190         ExecUtmpMode utmp_mode;
 191
 192         bool selinux_context_ignore;
 193         char *selinux_context;
 194
 195         bool apparmor_profile_ignore;
 196         char *apparmor_profile;
 197
 198         bool smack_process_label_ignore;
 199         char *smack_process_label;
 200
 201         ExecKeyringMode keyring_mode;
 202
 203         char **read_write_paths, **read_only_paths, **inaccessible_paths;
 204         unsigned long mount_flags;
 205         BindMount *bind_mounts;
 206         size_t n_bind_mounts;
 207         TemporaryFileSystem *temporary_filesystems;
 208         size_t n_temporary_filesystems;
 209
 210         uint64_t capability_bounding_set;
 211         uint64_t capability_ambient_set;
 212         int secure_bits;
 213
 214         int syslog_priority;
 215         char *syslog_identifier;
 216         bool syslog_level_prefix;
 217
 218         int log_level_max;
 219
 220         struct iovec* log_extra_fields;
 221         size_t n_log_extra_fields;
 222
 223         bool cpu_sched_reset_on_fork;
 224         bool non_blocking;
 225         bool private_tmp;
 226         bool private_network;
 227         bool private_devices;
 228         bool private_users;
 229         bool private_mounts;
 230         ProtectSystem protect_system;
 231         ProtectHome protect_home;
 232         bool protect_kernel_tunables;
 233         bool protect_kernel_modules;
 234         bool protect_control_groups;
 235         bool mount_apivfs;
 236
 237         bool no_new_privileges;
 238
 239         bool dynamic_user;
 240         bool remove_ipc;
 241
 242         /* This is not exposed to the user but available
 243          * internally. We need it to make sure that whenever we spawn
 244          * /usr/bin/mount it is run in the same process group as us so
 245          * that the autofs logic detects that it belongs to us and we
 246          * don't enter a trigger loop. */
 247         bool same_pgrp;
 248
 249         unsigned long personality;
 250         bool lock_personality;
 251
 252         unsigned long restrict_namespaces; /* The CLONE_NEWxyz flags permitted to the unit's processes */
 253
 254         Hashmap *syscall_filter;
 255         Set *syscall_archs;
 256         int syscall_errno;
 257         bool syscall_whitelist:1;
 258
 259         Set *address_families;
 260         bool address_families_whitelist:1;
 261
 262         ExecPreserveMode runtime_directory_preserve_mode;
 263         ExecDirectory directories[_EXEC_DIRECTORY_TYPE_MAX];
 264
 265         bool memory_deny_write_execute;
 266         bool restrict_realtime;
 267
 268         bool oom_score_adjust_set:1;
 269         bool nice_set:1;
 270         bool ioprio_set:1;
 271         bool cpu_sched_set:1;
 272 };
 273
 274 static inline bool exec_context_restrict_namespaces_set(const ExecContext *c) {
 275         assert(c);
 276
 277         return (c->restrict_namespaces & NAMESPACE_FLAGS_ALL) != NAMESPACE_FLAGS_ALL;
 278 }
 279
 280 typedef enum ExecFlags {
 281         EXEC_APPLY_SANDBOXING  = 1 << 0,
 282         EXEC_APPLY_CHROOT      = 1 << 1,
 283         EXEC_APPLY_TTY_STDIN   = 1 << 2,
 284         EXEC_NEW_KEYRING       = 1 << 3,
 285         EXEC_PASS_LOG_UNIT     = 1 << 4, /* Whether to pass the unit name to the service's journal stream connection */
 286         EXEC_CHOWN_DIRECTORIES = 1 << 5, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */
 287         EXEC_NSS_BYPASS_BUS    = 1 << 6, /* Set the SYSTEMD_NSS_BYPASS_BUS environment variable, to disable nss-systemd for dbus */
 288         EXEC_CGROUP_DELEGATE   = 1 << 7,
 289
 290         /* The following are not used by execute.c, but by consumers internally */
 291         EXEC_PASS_FDS          = 1 << 8,
 292         EXEC_IS_CONTROL        = 1 << 9,
 293         EXEC_SETENV_RESULT     = 1 << 10,
 294         EXEC_SET_WATCHDOG      = 1 << 11,
 295 } ExecFlags;
 296
 297 struct ExecParameters {
 298         char **argv;
 299         char **environment;
 300
 301         int *fds;
 302         char **fd_names;
 303         size_t n_storage_fds;
 304         size_t n_socket_fds;
 305
 306         ExecFlags flags;
 307         bool selinux_context_net:1;
 308
 309         CGroupMask cgroup_supported;
 310         const char *cgroup_path;
 311
 312         char **prefix;
 313
 314         const char *confirm_spawn;
 315
 316         usec_t watchdog_usec;
 317
 318         int *idle_pipe;
 319
 320         int stdin_fd;
 321         int stdout_fd;
 322         int stderr_fd;
 323 };
 324
 325 #include "unit.h"
 326 #include "dynamic-user.h"
 327
 328 int exec_spawn(Unit *unit,
 329                ExecCommand *command,
 330                const ExecContext *context,
 331                const ExecParameters *exec_params,
 332                ExecRuntime *runtime,
 333                DynamicCreds *dynamic_creds,
 334                pid_t *ret);
 335
 336 void exec_command_done_array(ExecCommand *c, size_t n);
 337
 338 ExecCommand* exec_command_free_list(ExecCommand *c);
 339 void exec_command_free_array(ExecCommand **c, size_t n);
 340
 341 void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix);
 342 void exec_command_append_list(ExecCommand **l, ExecCommand *e);
 343 int exec_command_set(ExecCommand *c, const char *path, ...);
 344 int exec_command_append(ExecCommand *c, const char *path, ...);
 345
 346 void exec_context_init(ExecContext *c);
 347 void exec_context_done(ExecContext *c);
 348 void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix);
 349
 350 int exec_context_destroy_runtime_directory(const ExecContext *c, const char *runtime_root);
 351
 352 const char* exec_context_fdname(const ExecContext *c, int fd_index);
 353
 354 bool exec_context_may_touch_console(const ExecContext *c);
 355 bool exec_context_maintains_privileges(const ExecContext *c);
 356
 357 int exec_context_get_effective_ioprio(const ExecContext *c);
 358
 359 void exec_context_free_log_extra_fields(ExecContext *c);
 360
 361 void exec_status_start(ExecStatus *s, pid_t pid);
 362 void exec_status_exit(ExecStatus *s, const ExecContext *context, pid_t pid, int code, int status);
 363 void exec_status_dump(const ExecStatus *s, FILE *f, const char *prefix);
 364
 365 int exec_runtime_acquire(Manager *m, const ExecContext *c, const char *name, bool create, ExecRuntime **ret);
 366 ExecRuntime *exec_runtime_unref(ExecRuntime *r, bool destroy);
 367
 368 int exec_runtime_serialize(const Manager *m, FILE *f, FDSet *fds);
 369 int exec_runtime_deserialize_compat(Unit *u, const char *key, const char *value, FDSet *fds);
 370 void exec_runtime_deserialize_one(Manager *m, const char *value, FDSet *fds);
 371 void exec_runtime_vacuum(Manager *m);
 372
 373 const char* exec_output_to_string(ExecOutput i) _const_;
 374 ExecOutput exec_output_from_string(const char *s) _pure_;
 375
 376 const char* exec_input_to_string(ExecInput i) _const_;
 377 ExecInput exec_input_from_string(const char *s) _pure_;
 378
 379 const char* exec_utmp_mode_to_string(ExecUtmpMode i) _const_;
 380 ExecUtmpMode exec_utmp_mode_from_string(const char *s) _pure_;
 381
 382 const char* exec_preserve_mode_to_string(ExecPreserveMode i) _const_;
 383 ExecPreserveMode exec_preserve_mode_from_string(const char *s) _pure_;
 384
 385 const char* exec_keyring_mode_to_string(ExecKeyringMode i) _const_;
 386 ExecKeyringMode exec_keyring_mode_from_string(const char *s) _pure_;
 387
 388 const char* exec_directory_type_to_string(ExecDirectoryType i) _const_;
 389 ExecDirectoryType exec_directory_type_from_string(const char *s) _pure_;