]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/load-fragment.c
projects / thirdparty / systemd.git / blob
? search:


3288b0b83885c2fb07631705e0d126e615c32cc6
[thirdparty/systemd.git] / src / core / load-fragment.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 Copyright © 2012 Holger Hans Peter Freyther
4 ***/
5
6 #include <errno.h>
7 #include <fcntl.h>
8 #include <linux/fs.h>
9 #include <linux/oom.h>
10 #if HAVE_SECCOMP
11 #include <seccomp.h>
12 #endif
13 #include <sched.h>
14 #include <string.h>
15 #include <sys/resource.h>
16 #include <sys/stat.h>
17
18 #include "af-list.h"
19 #include "alloc-util.h"
20 #include "all-units.h"
21 #include "bpf-firewall.h"
22 #include "bus-error.h"
23 #include "bus-internal.h"
24 #include "bus-util.h"
25 #include "cap-list.h"
26 #include "capability-util.h"
27 #include "cgroup.h"
28 #include "conf-parser.h"
29 #include "cpu-set-util.h"
30 #include "env-util.h"
31 #include "errno-list.h"
32 #include "escape.h"
33 #include "fd-util.h"
34 #include "fs-util.h"
35 #include "hexdecoct.h"
36 #include "io-util.h"
37 #include "ioprio.h"
38 #include "ip-protocol-list.h"
39 #include "journal-util.h"
40 #include "limits-util.h"
41 #include "load-fragment.h"
42 #include "log.h"
43 #include "missing.h"
44 #include "mountpoint-util.h"
45 #include "nulstr-util.h"
46 #include "parse-util.h"
47 #include "path-util.h"
48 #include "process-util.h"
49 #if HAVE_SECCOMP
50 #include "seccomp-util.h"
51 #endif
52 #include "securebits-util.h"
53 #include "signal-util.h"
54 #include "stat-util.h"
55 #include "string-util.h"
56 #include "strv.h"
57 #include "unit-name.h"
58 #include "unit-printf.h"
59 #include "user-util.h"
60 #include "time-util.h"
61 #include "web-util.h"
62
63 static int parse_socket_protocol(const char *s) {
64 int r;
65
66 r = parse_ip_protocol(s);
67 if (r < 0)
68 return r;
69 if (!IN_SET(r, IPPROTO_UDPLITE, IPPROTO_SCTP))
70 return -EPROTONOSUPPORT;
71
72 return r;
73 }
74
75 int parse_crash_chvt(const char *value, int *data) {
76 int b;
77
78 if (safe_atoi(value, data) >= 0)
79 return 0;
80
81 b = parse_boolean(value);
82 if (b < 0)
83 return b;
84
85 if (b > 0)
86 *data = 0; /* switch to where kmsg goes */
87 else
88 *data = -1; /* turn off switching */
89
90 return 0;
91 }
92
93 int parse_confirm_spawn(const char *value, char **console) {
94 char *s;
95 int r;
96
97 r = value ? parse_boolean(value) : 1;
98 if (r == 0) {
99 *console = NULL;
100 return 0;
101 }
102
103 if (r > 0) /* on with default tty */
104 s = strdup("/dev/console");
105 else if (is_path(value)) /* on with fully qualified path */
106 s = strdup(value);
107 else /* on with only a tty file name, not a fully qualified path */
108 s = strjoin("/dev/", value);
109 if (!s)
110 return -ENOMEM;
111
112 *console = s;
113 return 0;
114 }
115
116 DEFINE_CONFIG_PARSE(config_parse_socket_protocol, parse_socket_protocol, "Failed to parse socket protocol");
117 DEFINE_CONFIG_PARSE(config_parse_exec_secure_bits, secure_bits_from_string, "Failed to parse secure bits");
118 DEFINE_CONFIG_PARSE_ENUM(config_parse_collect_mode, collect_mode, CollectMode, "Failed to parse garbage collection mode");
119 DEFINE_CONFIG_PARSE_ENUM(config_parse_device_policy, cgroup_device_policy, CGroupDevicePolicy, "Failed to parse device policy");
120 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_keyring_mode, exec_keyring_mode, ExecKeyringMode, "Failed to parse keyring mode");
121 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_utmp_mode, exec_utmp_mode, ExecUtmpMode, "Failed to parse utmp mode");
122 DEFINE_CONFIG_PARSE_ENUM(config_parse_job_mode, job_mode, JobMode, "Failed to parse job mode");
123 DEFINE_CONFIG_PARSE_ENUM(config_parse_kill_mode, kill_mode, KillMode, "Failed to parse kill mode");
124 DEFINE_CONFIG_PARSE_ENUM(config_parse_notify_access, notify_access, NotifyAccess, "Failed to parse notify access specifier");
125 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_home, protect_home, ProtectHome, "Failed to parse protect home value");
126 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_system, protect_system, ProtectSystem, "Failed to parse protect system value");
127 DEFINE_CONFIG_PARSE_ENUM(config_parse_runtime_preserve_mode, exec_preserve_mode, ExecPreserveMode, "Failed to parse runtime directory preserve mode");
128 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_type, service_type, ServiceType, "Failed to parse service type");
129 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_restart, service_restart, ServiceRestart, "Failed to parse service restart specifier");
130 DEFINE_CONFIG_PARSE_ENUM(config_parse_socket_bind, socket_address_bind_ipv6_only_or_bool, SocketAddressBindIPv6Only, "Failed to parse bind IPv6 only value");
131 DEFINE_CONFIG_PARSE_ENUM(config_parse_oom_policy, oom_policy, OOMPolicy, "Failed to parse OOM policy");
132 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_ip_tos, ip_tos, int, -1, "Failed to parse IP TOS value");
133 DEFINE_CONFIG_PARSE_PTR(config_parse_blockio_weight, cg_blkio_weight_parse, uint64_t, "Invalid block IO weight");
134 DEFINE_CONFIG_PARSE_PTR(config_parse_cg_weight, cg_weight_parse, uint64_t, "Invalid weight");
135 DEFINE_CONFIG_PARSE_PTR(config_parse_cpu_shares, cg_cpu_shares_parse, uint64_t, "Invalid CPU shares");
136 DEFINE_CONFIG_PARSE_PTR(config_parse_exec_mount_flags, mount_propagation_flags_from_string, unsigned long, "Failed to parse mount flag");
137 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_numa_policy, mpol, int, -1, "Invalid NUMA policy type");
138
139 int config_parse_unit_deps(
140 const char *unit,
141 const char *filename,
142 unsigned line,
143 const char *section,
144 unsigned section_line,
145 const char *lvalue,
146 int ltype,
147 const char *rvalue,
148 void *data,
149 void *userdata) {
150
151 UnitDependency d = ltype;
152 Unit *u = userdata;
153 const char *p;
154
155 assert(filename);
156 assert(lvalue);
157 assert(rvalue);
158
159 p = rvalue;
160 for (;;) {
161 _cleanup_free_ char *word = NULL, *k = NULL;
162 int r;
163
164 r = extract_first_word(&p, &word, NULL, EXTRACT_RETAIN_ESCAPE);
165 if (r == 0)
166 break;
167 if (r == -ENOMEM)
168 return log_oom();
169 if (r < 0) {
170 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
171 break;
172 }
173
174 r = unit_name_printf(u, word, &k);
175 if (r < 0) {
176 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
177 continue;
178 }
179
180 r = unit_add_dependency_by_name(u, d, k, true, UNIT_DEPENDENCY_FILE);
181 if (r < 0)
182 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
183 }
184
185 return 0;
186 }
187
188 int config_parse_obsolete_unit_deps(
189 const char *unit,
190 const char *filename,
191 unsigned line,
192 const char *section,
193 unsigned section_line,
194 const char *lvalue,
195 int ltype,
196 const char *rvalue,
197 void *data,
198 void *userdata) {
199
200 log_syntax(unit, LOG_WARNING, filename, line, 0,
201 "Unit dependency type %s= is obsolete, replacing by %s=, please update your unit file", lvalue, unit_dependency_to_string(ltype));
202
203 return config_parse_unit_deps(unit, filename, line, section, section_line, lvalue, ltype, rvalue, data, userdata);
204 }
205
206 int config_parse_unit_string_printf(
207 const char *unit,
208 const char *filename,
209 unsigned line,
210 const char *section,
211 unsigned section_line,
212 const char *lvalue,
213 int ltype,
214 const char *rvalue,
215 void *data,
216 void *userdata) {
217
218 _cleanup_free_ char *k = NULL;
219 Unit *u = userdata;
220 int r;
221
222 assert(filename);
223 assert(lvalue);
224 assert(rvalue);
225 assert(u);
226
227 r = unit_full_printf(u, rvalue, &k);
228 if (r < 0) {
229 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
230 return 0;
231 }
232
233 return config_parse_string(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
234 }
235
236 int config_parse_unit_strv_printf(
237 const char *unit,
238 const char *filename,
239 unsigned line,
240 const char *section,
241 unsigned section_line,
242 const char *lvalue,
243 int ltype,
244 const char *rvalue,
245 void *data,
246 void *userdata) {
247
248 Unit *u = userdata;
249 _cleanup_free_ char *k = NULL;
250 int r;
251
252 assert(filename);
253 assert(lvalue);
254 assert(rvalue);
255 assert(u);
256
257 r = unit_full_printf(u, rvalue, &k);
258 if (r < 0) {
259 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
260 return 0;
261 }
262
263 return config_parse_strv(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
264 }
265
266 int config_parse_unit_path_printf(
267 const char *unit,
268 const char *filename,
269 unsigned line,
270 const char *section,
271 unsigned section_line,
272 const char *lvalue,
273 int ltype,
274 const char *rvalue,
275 void *data,
276 void *userdata) {
277
278 _cleanup_free_ char *k = NULL;
279 Unit *u = userdata;
280 int r;
281 bool fatal = ltype;
282
283 assert(filename);
284 assert(lvalue);
285 assert(rvalue);
286 assert(u);
287
288 /* Let's not bother with anything that is too long */
289 if (strlen(rvalue) >= PATH_MAX) {
290 log_syntax(unit, LOG_ERR, filename, line, 0,
291 "%s value too long%s.",
292 lvalue, fatal ? "" : ", ignoring");
293 return fatal ? -ENAMETOOLONG : 0;
294 }
295
296 r = unit_full_printf(u, rvalue, &k);
297 if (r < 0) {
298 log_syntax(unit, LOG_ERR, filename, line, r,
299 "Failed to resolve unit specifiers in '%s'%s: %m",
300 rvalue, fatal ? "" : ", ignoring");
301 return fatal ? -ENOEXEC : 0;
302 }
303
304 return config_parse_path(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
305 }
306
307 int config_parse_unit_path_strv_printf(
308 const char *unit,
309 const char *filename,
310 unsigned line,
311 const char *section,
312 unsigned section_line,
313 const char *lvalue,
314 int ltype,
315 const char *rvalue,
316 void *data,
317 void *userdata) {
318
319 char ***x = data;
320 Unit *u = userdata;
321 int r;
322 const char *p;
323
324 assert(filename);
325 assert(lvalue);
326 assert(rvalue);
327 assert(u);
328
329 if (isempty(rvalue)) {
330 *x = strv_free(*x);
331 return 0;
332 }
333
334 for (p = rvalue;;) {
335 _cleanup_free_ char *word = NULL, *k = NULL;
336
337 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
338 if (r == 0)
339 return 0;
340 if (r == -ENOMEM)
341 return log_oom();
342 if (r < 0) {
343 log_syntax(unit, LOG_WARNING, filename, line, r,
344 "Invalid syntax, ignoring: %s", rvalue);
345 return 0;
346 }
347
348 r = unit_full_printf(u, word, &k);
349 if (r < 0) {
350 log_syntax(unit, LOG_ERR, filename, line, r,
351 "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
352 return 0;
353 }
354
355 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
356 if (r < 0)
357 return 0;
358
359 r = strv_consume(x, TAKE_PTR(k));
360 if (r < 0)
361 return log_oom();
362 }
363 }
364
365 static int patch_var_run(
366 const char *unit,
367 const char *filename,
368 unsigned line,
369 const char *lvalue,
370 char **path) {
371
372 const char *e;
373 char *z;
374
375 e = path_startswith(*path, "/var/run/");
376 if (!e)
377 return 0;
378
379 z = path_join("/run/", e);
380 if (!z)
381 return log_oom();
382
383 log_syntax(unit, LOG_NOTICE, filename, line, 0,
384 "%s= references a path below legacy directory /var/run/, updating %s → %s; "
385 "please update the unit file accordingly.", lvalue, *path, z);
386
387 free_and_replace(*path, z);
388
389 return 1;
390 }
391
392 int config_parse_socket_listen(
393 const char *unit,
394 const char *filename,
395 unsigned line,
396 const char *section,
397 unsigned section_line,
398 const char *lvalue,
399 int ltype,
400 const char *rvalue,
401 void *data,
402 void *userdata) {
403
404 _cleanup_free_ SocketPort *p = NULL;
405 SocketPort *tail;
406 Socket *s;
407 int r;
408
409 assert(filename);
410 assert(lvalue);
411 assert(rvalue);
412 assert(data);
413
414 s = SOCKET(data);
415
416 if (isempty(rvalue)) {
417 /* An empty assignment removes all ports */
418 socket_free_ports(s);
419 return 0;
420 }
421
422 p = new0(SocketPort, 1);
423 if (!p)
424 return log_oom();
425
426 if (ltype != SOCKET_SOCKET) {
427 _cleanup_free_ char *k = NULL;
428
429 r = unit_full_printf(UNIT(s), rvalue, &k);
430 if (r < 0) {
431 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
432 return 0;
433 }
434
435 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
436 if (r < 0)
437 return 0;
438
439 if (ltype == SOCKET_FIFO) {
440 r = patch_var_run(unit, filename, line, lvalue, &k);
441 if (r < 0)
442 return r;
443 }
444
445 free_and_replace(p->path, k);
446 p->type = ltype;
447
448 } else if (streq(lvalue, "ListenNetlink")) {
449 _cleanup_free_ char *k = NULL;
450
451 r = unit_full_printf(UNIT(s), rvalue, &k);
452 if (r < 0) {
453 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
454 return 0;
455 }
456
457 r = socket_address_parse_netlink(&p->address, k);
458 if (r < 0) {
459 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse address value in '%s', ignoring: %m", k);
460 return 0;
461 }
462
463 p->type = SOCKET_SOCKET;
464
465 } else {
466 _cleanup_free_ char *k = NULL;
467
468 r = unit_full_printf(UNIT(s), rvalue, &k);
469 if (r < 0) {
470 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
471 return 0;
472 }
473
474 if (k[0] == '/') { /* Only for AF_UNIX file system sockets… */
475 r = patch_var_run(unit, filename, line, lvalue, &k);
476 if (r < 0)
477 return r;
478 }
479
480 r = socket_address_parse_and_warn(&p->address, k);
481 if (r < 0) {
482 if (r != -EAFNOSUPPORT)
483 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse address value in '%s', ignoring: %m", k);
484 return 0;
485 }
486
487 if (streq(lvalue, "ListenStream"))
488 p->address.type = SOCK_STREAM;
489 else if (streq(lvalue, "ListenDatagram"))
490 p->address.type = SOCK_DGRAM;
491 else {
492 assert(streq(lvalue, "ListenSequentialPacket"));
493 p->address.type = SOCK_SEQPACKET;
494 }
495
496 if (socket_address_family(&p->address) != AF_LOCAL && p->address.type == SOCK_SEQPACKET) {
497 log_syntax(unit, LOG_ERR, filename, line, 0, "Address family not supported, ignoring: %s", rvalue);
498 return 0;
499 }
500
501 p->type = SOCKET_SOCKET;
502 }
503
504 p->fd = -1;
505 p->auxiliary_fds = NULL;
506 p->n_auxiliary_fds = 0;
507 p->socket = s;
508
509 LIST_FIND_TAIL(port, s->ports, tail);
510 LIST_INSERT_AFTER(port, s->ports, tail, p);
511
512 p = NULL;
513
514 return 0;
515 }
516
517 int config_parse_exec_nice(
518 const char *unit,
519 const char *filename,
520 unsigned line,
521 const char *section,
522 unsigned section_line,
523 const char *lvalue,
524 int ltype,
525 const char *rvalue,
526 void *data,
527 void *userdata) {
528
529 ExecContext *c = data;
530 int priority, r;
531
532 assert(filename);
533 assert(lvalue);
534 assert(rvalue);
535 assert(data);
536
537 if (isempty(rvalue)) {
538 c->nice_set = false;
539 return 0;
540 }
541
542 r = parse_nice(rvalue, &priority);
543 if (r < 0) {
544 if (r == -ERANGE)
545 log_syntax(unit, LOG_ERR, filename, line, r, "Nice priority out of range, ignoring: %s", rvalue);
546 else
547 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse nice priority '%s', ignoring: %m", rvalue);
548 return 0;
549 }
550
551 c->nice = priority;
552 c->nice_set = true;
553
554 return 0;
555 }
556
557 int config_parse_exec_oom_score_adjust(
558 const char* unit,
559 const char *filename,
560 unsigned line,
561 const char *section,
562 unsigned section_line,
563 const char *lvalue,
564 int ltype,
565 const char *rvalue,
566 void *data,
567 void *userdata) {
568
569 ExecContext *c = data;
570 int oa, r;
571
572 assert(filename);
573 assert(lvalue);
574 assert(rvalue);
575 assert(data);
576
577 if (isempty(rvalue)) {
578 c->oom_score_adjust_set = false;
579 return 0;
580 }
581
582 r = parse_oom_score_adjust(rvalue, &oa);
583 if (r < 0) {
584 if (r == -ERANGE)
585 log_syntax(unit, LOG_ERR, filename, line, r, "OOM score adjust value out of range, ignoring: %s", rvalue);
586 else
587 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse the OOM score adjust value '%s', ignoring: %m", rvalue);
588 return 0;
589 }
590
591 c->oom_score_adjust = oa;
592 c->oom_score_adjust_set = true;
593
594 return 0;
595 }
596
597 int config_parse_exec(
598 const char *unit,
599 const char *filename,
600 unsigned line,
601 const char *section,
602 unsigned section_line,
603 const char *lvalue,
604 int ltype,
605 const char *rvalue,
606 void *data,
607 void *userdata) {
608
609 ExecCommand **e = data;
610 Unit *u = userdata;
611 const char *p;
612 bool semicolon;
613 int r;
614
615 assert(filename);
616 assert(lvalue);
617 assert(rvalue);
618 assert(e);
619
620 e += ltype;
621 rvalue += strspn(rvalue, WHITESPACE);
622
623 if (isempty(rvalue)) {
624 /* An empty assignment resets the list */
625 *e = exec_command_free_list(*e);
626 return 0;
627 }
628
629 p = rvalue;
630 do {
631 _cleanup_free_ char *path = NULL, *firstword = NULL;
632 ExecCommandFlags flags = 0;
633 bool ignore = false, separate_argv0 = false;
634 _cleanup_free_ ExecCommand *nce = NULL;
635 _cleanup_strv_free_ char **n = NULL;
636 size_t nlen = 0, nbufsize = 0;
637 const char *f;
638
639 semicolon = false;
640
641 r = extract_first_word_and_warn(&p, &firstword, NULL, EXTRACT_UNQUOTE|EXTRACT_CUNESCAPE, unit, filename, line, rvalue);
642 if (r <= 0)
643 return 0;
644
645 f = firstword;
646 for (;;) {
647 /* We accept an absolute path as first argument. If it's prefixed with - and the path doesn't
648 * exist, we ignore it instead of erroring out; if it's prefixed with @, we allow overriding of
649 * argv[0]; if it's prefixed with :, we will not do environment variable substitution;
650 * if it's prefixed with +, it will be run with full privileges and no sandboxing; if
651 * it's prefixed with '!' we apply sandboxing, but do not change user/group credentials; if
652 * it's prefixed with '!!', then we apply user/group credentials if the kernel supports ambient
653 * capabilities -- if it doesn't we don't apply the credentials themselves, but do apply most
654 * other sandboxing, with some special exceptions for changing UID.
655 *
656 * The idea is that '!!' may be used to write services that can take benefit of systemd's
657 * UID/GID dropping if the kernel supports ambient creds, but provide an automatic fallback to
658 * privilege dropping within the daemon if the kernel does not offer that. */
659
660 if (*f == '-' && !(flags & EXEC_COMMAND_IGNORE_FAILURE)) {
661 flags |= EXEC_COMMAND_IGNORE_FAILURE;
662 ignore = true;
663 } else if (*f == '@' && !separate_argv0)
664 separate_argv0 = true;
665 else if (*f == ':' && !(flags & EXEC_COMMAND_NO_ENV_EXPAND))
666 flags |= EXEC_COMMAND_NO_ENV_EXPAND;
667 else if (*f == '+' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_NO_SETUID|EXEC_COMMAND_AMBIENT_MAGIC)))
668 flags |= EXEC_COMMAND_FULLY_PRIVILEGED;
669 else if (*f == '!' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_NO_SETUID|EXEC_COMMAND_AMBIENT_MAGIC)))
670 flags |= EXEC_COMMAND_NO_SETUID;
671 else if (*f == '!' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_AMBIENT_MAGIC))) {
672 flags &= ~EXEC_COMMAND_NO_SETUID;
673 flags |= EXEC_COMMAND_AMBIENT_MAGIC;
674 } else
675 break;
676 f++;
677 }
678
679 r = unit_full_printf(u, f, &path);
680 if (r < 0) {
681 log_syntax(unit, LOG_ERR, filename, line, r,
682 "Failed to resolve unit specifiers in '%s'%s: %m",
683 f, ignore ? ", ignoring" : "");
684 return ignore ? 0 : -ENOEXEC;
685 }
686
687 if (isempty(path)) {
688 /* First word is either "-" or "@" with no command. */
689 log_syntax(unit, LOG_ERR, filename, line, 0,
690 "Empty path in command line%s: '%s'",
691 ignore ? ", ignoring" : "", rvalue);
692 return ignore ? 0 : -ENOEXEC;
693 }
694 if (!string_is_safe(path)) {
695 log_syntax(unit, LOG_ERR, filename, line, 0,
696 "Executable name contains special characters%s: %s",
697 ignore ? ", ignoring" : "", path);
698 return ignore ? 0 : -ENOEXEC;
699 }
700 if (endswith(path, "/")) {
701 log_syntax(unit, LOG_ERR, filename, line, 0,
702 "Executable path specifies a directory%s: %s",
703 ignore ? ", ignoring" : "", path);
704 return ignore ? 0 : -ENOEXEC;
705 }
706
707 if (!path_is_absolute(path)) {
708 const char *prefix;
709 bool found = false;
710
711 if (!filename_is_valid(path)) {
712 log_syntax(unit, LOG_ERR, filename, line, 0,
713 "Neither a valid executable name nor an absolute path%s: %s",
714 ignore ? ", ignoring" : "", path);
715 return ignore ? 0 : -ENOEXEC;
716 }
717
718 /* Resolve a single-component name to a full path */
719 NULSTR_FOREACH(prefix, DEFAULT_PATH_NULSTR) {
720 _cleanup_free_ char *fullpath = NULL;
721
722 fullpath = path_join(prefix, path);
723 if (!fullpath)
724 return log_oom();
725
726 if (access(fullpath, F_OK) >= 0) {
727 free_and_replace(path, fullpath);
728 found = true;
729 break;
730 }
731 }
732
733 if (!found) {
734 log_syntax(unit, LOG_ERR, filename, line, 0,
735 "Executable \"%s\" not found in path \"%s\"%s",
736 path, DEFAULT_PATH, ignore ? ", ignoring" : "");
737 return ignore ? 0 : -ENOEXEC;
738 }
739 }
740
741 if (!separate_argv0) {
742 char *w = NULL;
743
744 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
745 return log_oom();
746
747 w = strdup(path);
748 if (!w)
749 return log_oom();
750 n[nlen++] = w;
751 n[nlen] = NULL;
752 }
753
754 path_simplify(path, false);
755
756 while (!isempty(p)) {
757 _cleanup_free_ char *word = NULL, *resolved = NULL;
758
759 /* Check explicitly for an unquoted semicolon as
760 * command separator token. */
761 if (p[0] == ';' && (!p[1] || strchr(WHITESPACE, p[1]))) {
762 p++;
763 p += strspn(p, WHITESPACE);
764 semicolon = true;
765 break;
766 }
767
768 /* Check for \; explicitly, to not confuse it with \\; or "\;" or "\\;" etc.
769 * extract_first_word() would return the same for all of those. */
770 if (p[0] == '\\' && p[1] == ';' && (!p[2] || strchr(WHITESPACE, p[2]))) {
771 char *w;
772
773 p += 2;
774 p += strspn(p, WHITESPACE);
775
776 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
777 return log_oom();
778
779 w = strdup(";");
780 if (!w)
781 return log_oom();
782 n[nlen++] = w;
783 n[nlen] = NULL;
784 continue;
785 }
786
787 r = extract_first_word_and_warn(&p, &word, NULL, EXTRACT_UNQUOTE|EXTRACT_CUNESCAPE, unit, filename, line, rvalue);
788 if (r == 0)
789 break;
790 if (r < 0)
791 return ignore ? 0 : -ENOEXEC;
792
793 r = unit_full_printf(u, word, &resolved);
794 if (r < 0) {
795 log_syntax(unit, LOG_ERR, filename, line, r,
796 "Failed to resolve unit specifiers in %s%s: %m",
797 word, ignore ? ", ignoring" : "");
798 return ignore ? 0 : -ENOEXEC;
799 }
800
801 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
802 return log_oom();
803
804 n[nlen++] = TAKE_PTR(resolved);
805 n[nlen] = NULL;
806 }
807
808 if (!n || !n[0]) {
809 log_syntax(unit, LOG_ERR, filename, line, 0,
810 "Empty executable name or zeroeth argument%s: %s",
811 ignore ? ", ignoring" : "", rvalue);
812 return ignore ? 0 : -ENOEXEC;
813 }
814
815 nce = new0(ExecCommand, 1);
816 if (!nce)
817 return log_oom();
818
819 nce->argv = TAKE_PTR(n);
820 nce->path = TAKE_PTR(path);
821 nce->flags = flags;
822
823 exec_command_append_list(e, nce);
824
825 /* Do not _cleanup_free_ these. */
826 nce = NULL;
827
828 rvalue = p;
829 } while (semicolon);
830
831 return 0;
832 }
833
834 int config_parse_socket_bindtodevice(
835 const char* unit,
836 const char *filename,
837 unsigned line,
838 const char *section,
839 unsigned section_line,
840 const char *lvalue,
841 int ltype,
842 const char *rvalue,
843 void *data,
844 void *userdata) {
845
846 Socket *s = data;
847
848 assert(filename);
849 assert(lvalue);
850 assert(rvalue);
851 assert(data);
852
853 if (isempty(rvalue) || streq(rvalue, "*")) {
854 s->bind_to_device = mfree(s->bind_to_device);
855 return 0;
856 }
857
858 if (!ifname_valid(rvalue)) {
859 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid interface name, ignoring: %s", rvalue);
860 return 0;
861 }
862
863 if (free_and_strdup(&s->bind_to_device, rvalue) < 0)
864 return log_oom();
865
866 return 0;
867 }
868
869 int config_parse_exec_input(
870 const char *unit,
871 const char *filename,
872 unsigned line,
873 const char *section,
874 unsigned section_line,
875 const char *lvalue,
876 int ltype,
877 const char *rvalue,
878 void *data,
879 void *userdata) {
880
881 ExecContext *c = data;
882 Unit *u = userdata;
883 const char *n;
884 ExecInput ei;
885 int r;
886
887 assert(data);
888 assert(filename);
889 assert(line);
890 assert(rvalue);
891
892 n = startswith(rvalue, "fd:");
893 if (n) {
894 _cleanup_free_ char *resolved = NULL;
895
896 r = unit_full_printf(u, n, &resolved);
897 if (r < 0)
898 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s': %m", n);
899
900 if (isempty(resolved))
901 resolved = mfree(resolved);
902 else if (!fdname_is_valid(resolved)) {
903 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid file descriptor name: %s", resolved);
904 return -ENOEXEC;
905 }
906
907 free_and_replace(c->stdio_fdname[STDIN_FILENO], resolved);
908
909 ei = EXEC_INPUT_NAMED_FD;
910
911 } else if ((n = startswith(rvalue, "file:"))) {
912 _cleanup_free_ char *resolved = NULL;
913
914 r = unit_full_printf(u, n, &resolved);
915 if (r < 0)
916 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s': %m", n);
917
918 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
919 if (r < 0)
920 return -ENOEXEC;
921
922 free_and_replace(c->stdio_file[STDIN_FILENO], resolved);
923
924 ei = EXEC_INPUT_FILE;
925
926 } else {
927 ei = exec_input_from_string(rvalue);
928 if (ei < 0) {
929 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse input specifier, ignoring: %s", rvalue);
930 return 0;
931 }
932 }
933
934 c->std_input = ei;
935 return 0;
936 }
937
938 int config_parse_exec_input_text(
939 const char *unit,
940 const char *filename,
941 unsigned line,
942 const char *section,
943 unsigned section_line,
944 const char *lvalue,
945 int ltype,
946 const char *rvalue,
947 void *data,
948 void *userdata) {
949
950 _cleanup_free_ char *unescaped = NULL, *resolved = NULL;
951 ExecContext *c = data;
952 Unit *u = userdata;
953 size_t sz;
954 void *p;
955 int r;
956
957 assert(data);
958 assert(filename);
959 assert(line);
960 assert(rvalue);
961
962 if (isempty(rvalue)) {
963 /* Reset if the empty string is assigned */
964 c->stdin_data = mfree(c->stdin_data);
965 c->stdin_data_size = 0;
966 return 0;
967 }
968
969 r = cunescape(rvalue, 0, &unescaped);
970 if (r < 0)
971 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to decode C escaped text '%s': %m", rvalue);
972
973 r = unit_full_printf(u, unescaped, &resolved);
974 if (r < 0)
975 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s': %m", unescaped);
976
977 sz = strlen(resolved);
978 if (c->stdin_data_size + sz + 1 < c->stdin_data_size || /* check for overflow */
979 c->stdin_data_size + sz + 1 > EXEC_STDIN_DATA_MAX) {
980 log_syntax(unit, LOG_ERR, filename, line, 0, "Standard input data too large (%zu), maximum of %zu permitted, ignoring.", c->stdin_data_size + sz, (size_t) EXEC_STDIN_DATA_MAX);
981 return -E2BIG;
982 }
983
984 p = realloc(c->stdin_data, c->stdin_data_size + sz + 1);
985 if (!p)
986 return log_oom();
987
988 *((char*) mempcpy((char*) p + c->stdin_data_size, resolved, sz)) = '\n';
989
990 c->stdin_data = p;
991 c->stdin_data_size += sz + 1;
992
993 return 0;
994 }
995
996 int config_parse_exec_input_data(
997 const char *unit,
998 const char *filename,
999 unsigned line,
1000 const char *section,
1001 unsigned section_line,
1002 const char *lvalue,
1003 int ltype,
1004 const char *rvalue,
1005 void *data,
1006 void *userdata) {
1007
1008 _cleanup_free_ void *p = NULL;
1009 ExecContext *c = data;
1010 size_t sz;
1011 void *q;
1012 int r;
1013
1014 assert(data);
1015 assert(filename);
1016 assert(line);
1017 assert(rvalue);
1018
1019 if (isempty(rvalue)) {
1020 /* Reset if the empty string is assigned */
1021 c->stdin_data = mfree(c->stdin_data);
1022 c->stdin_data_size = 0;
1023 return 0;
1024 }
1025
1026 r = unbase64mem(rvalue, (size_t) -1, &p, &sz);
1027 if (r < 0)
1028 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to decode base64 data, ignoring: %s", rvalue);
1029
1030 assert(sz > 0);
1031
1032 if (c->stdin_data_size + sz < c->stdin_data_size || /* check for overflow */
1033 c->stdin_data_size + sz > EXEC_STDIN_DATA_MAX) {
1034 log_syntax(unit, LOG_ERR, filename, line, 0, "Standard input data too large (%zu), maximum of %zu permitted, ignoring.", c->stdin_data_size + sz, (size_t) EXEC_STDIN_DATA_MAX);
1035 return -E2BIG;
1036 }
1037
1038 q = realloc(c->stdin_data, c->stdin_data_size + sz);
1039 if (!q)
1040 return log_oom();
1041
1042 memcpy((uint8_t*) q + c->stdin_data_size, p, sz);
1043
1044 c->stdin_data = q;
1045 c->stdin_data_size += sz;
1046
1047 return 0;
1048 }
1049
1050 int config_parse_exec_output(
1051 const char *unit,
1052 const char *filename,
1053 unsigned line,
1054 const char *section,
1055 unsigned section_line,
1056 const char *lvalue,
1057 int ltype,
1058 const char *rvalue,
1059 void *data,
1060 void *userdata) {
1061
1062 _cleanup_free_ char *resolved = NULL;
1063 const char *n;
1064 ExecContext *c = data;
1065 Unit *u = userdata;
1066 ExecOutput eo;
1067 int r;
1068
1069 assert(data);
1070 assert(filename);
1071 assert(line);
1072 assert(lvalue);
1073 assert(rvalue);
1074
1075 n = startswith(rvalue, "fd:");
1076 if (n) {
1077 r = unit_full_printf(u, n, &resolved);
1078 if (r < 0)
1079 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", n);
1080
1081 if (isempty(resolved))
1082 resolved = mfree(resolved);
1083 else if (!fdname_is_valid(resolved)) {
1084 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid file descriptor name: %s", resolved);
1085 return -ENOEXEC;
1086 }
1087
1088 eo = EXEC_OUTPUT_NAMED_FD;
1089
1090 } else if ((n = startswith(rvalue, "file:"))) {
1091
1092 r = unit_full_printf(u, n, &resolved);
1093 if (r < 0)
1094 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", n);
1095
1096 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
1097 if (r < 0)
1098 return -ENOEXEC;
1099
1100 eo = EXEC_OUTPUT_FILE;
1101
1102 } else if ((n = startswith(rvalue, "append:"))) {
1103
1104 r = unit_full_printf(u, n, &resolved);
1105 if (r < 0)
1106 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", n);
1107
1108 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
1109 if (r < 0)
1110 return -ENOEXEC;
1111
1112 eo = EXEC_OUTPUT_FILE_APPEND;
1113 } else {
1114 eo = exec_output_from_string(rvalue);
1115 if (eo < 0) {
1116 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse output specifier, ignoring: %s", rvalue);
1117 return 0;
1118 }
1119 }
1120
1121 if (streq(lvalue, "StandardOutput")) {
1122 if (eo == EXEC_OUTPUT_NAMED_FD)
1123 free_and_replace(c->stdio_fdname[STDOUT_FILENO], resolved);
1124 else
1125 free_and_replace(c->stdio_file[STDOUT_FILENO], resolved);
1126
1127 c->std_output = eo;
1128
1129 } else {
1130 assert(streq(lvalue, "StandardError"));
1131
1132 if (eo == EXEC_OUTPUT_NAMED_FD)
1133 free_and_replace(c->stdio_fdname[STDERR_FILENO], resolved);
1134 else
1135 free_and_replace(c->stdio_file[STDERR_FILENO], resolved);
1136
1137 c->std_error = eo;
1138 }
1139
1140 return 0;
1141 }
1142
1143 int config_parse_exec_io_class(const char *unit,
1144 const char *filename,
1145 unsigned line,
1146 const char *section,
1147 unsigned section_line,
1148 const char *lvalue,
1149 int ltype,
1150 const char *rvalue,
1151 void *data,
1152 void *userdata) {
1153
1154 ExecContext *c = data;
1155 int x;
1156
1157 assert(filename);
1158 assert(lvalue);
1159 assert(rvalue);
1160 assert(data);
1161
1162 if (isempty(rvalue)) {
1163 c->ioprio_set = false;
1164 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
1165 return 0;
1166 }
1167
1168 x = ioprio_class_from_string(rvalue);
1169 if (x < 0) {
1170 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse IO scheduling class, ignoring: %s", rvalue);
1171 return 0;
1172 }
1173
1174 c->ioprio = IOPRIO_PRIO_VALUE(x, IOPRIO_PRIO_DATA(c->ioprio));
1175 c->ioprio_set = true;
1176
1177 return 0;
1178 }
1179
1180 int config_parse_exec_io_priority(const char *unit,
1181 const char *filename,
1182 unsigned line,
1183 const char *section,
1184 unsigned section_line,
1185 const char *lvalue,
1186 int ltype,
1187 const char *rvalue,
1188 void *data,
1189 void *userdata) {
1190
1191 ExecContext *c = data;
1192 int i, r;
1193
1194 assert(filename);
1195 assert(lvalue);
1196 assert(rvalue);
1197 assert(data);
1198
1199 if (isempty(rvalue)) {
1200 c->ioprio_set = false;
1201 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
1202 return 0;
1203 }
1204
1205 r = ioprio_parse_priority(rvalue, &i);
1206 if (r < 0) {
1207 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse IO priority, ignoring: %s", rvalue);
1208 return 0;
1209 }
1210
1211 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_PRIO_CLASS(c->ioprio), i);
1212 c->ioprio_set = true;
1213
1214 return 0;
1215 }
1216
1217 int config_parse_exec_cpu_sched_policy(const char *unit,
1218 const char *filename,
1219 unsigned line,
1220 const char *section,
1221 unsigned section_line,
1222 const char *lvalue,
1223 int ltype,
1224 const char *rvalue,
1225 void *data,
1226 void *userdata) {
1227
1228 ExecContext *c = data;
1229 int x;
1230
1231 assert(filename);
1232 assert(lvalue);
1233 assert(rvalue);
1234 assert(data);
1235
1236 if (isempty(rvalue)) {
1237 c->cpu_sched_set = false;
1238 c->cpu_sched_policy = SCHED_OTHER;
1239 c->cpu_sched_priority = 0;
1240 return 0;
1241 }
1242
1243 x = sched_policy_from_string(rvalue);
1244 if (x < 0) {
1245 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse CPU scheduling policy, ignoring: %s", rvalue);
1246 return 0;
1247 }
1248
1249 c->cpu_sched_policy = x;
1250 /* Moving to or from real-time policy? We need to adjust the priority */
1251 c->cpu_sched_priority = CLAMP(c->cpu_sched_priority, sched_get_priority_min(x), sched_get_priority_max(x));
1252 c->cpu_sched_set = true;
1253
1254 return 0;
1255 }
1256
1257 int config_parse_numa_mask(const char *unit,
1258 const char *filename,
1259 unsigned line,
1260 const char *section,
1261 unsigned section_line,
1262 const char *lvalue,
1263 int ltype,
1264 const char *rvalue,
1265 void *data,
1266 void *userdata) {
1267 int r;
1268 NUMAPolicy *p = data;
1269
1270 assert(filename);
1271 assert(lvalue);
1272 assert(rvalue);
1273 assert(data);
1274
1275 r = parse_cpu_set_extend(rvalue, &p->nodes, true, unit, filename, line, lvalue);
1276 if (r < 0) {
1277 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse NUMA node mask, ignoring: %s", rvalue);
1278 return 0;
1279 }
1280
1281 return r;
1282 }
1283
1284 int config_parse_exec_cpu_sched_prio(const char *unit,
1285 const char *filename,
1286 unsigned line,
1287 const char *section,
1288 unsigned section_line,
1289 const char *lvalue,
1290 int ltype,
1291 const char *rvalue,
1292 void *data,
1293 void *userdata) {
1294
1295 ExecContext *c = data;
1296 int i, min, max, r;
1297
1298 assert(filename);
1299 assert(lvalue);
1300 assert(rvalue);
1301 assert(data);
1302
1303 r = safe_atoi(rvalue, &i);
1304 if (r < 0) {
1305 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse CPU scheduling priority, ignoring: %s", rvalue);
1306 return 0;
1307 }
1308
1309 /* On Linux RR/FIFO range from 1 to 99 and OTHER/BATCH may only be 0 */
1310 min = sched_get_priority_min(c->cpu_sched_policy);
1311 max = sched_get_priority_max(c->cpu_sched_policy);
1312
1313 if (i < min || i > max) {
1314 log_syntax(unit, LOG_ERR, filename, line, 0, "CPU scheduling priority is out of range, ignoring: %s", rvalue);
1315 return 0;
1316 }
1317
1318 c->cpu_sched_priority = i;
1319 c->cpu_sched_set = true;
1320
1321 return 0;
1322 }
1323
1324 int config_parse_exec_cpu_affinity(const char *unit,
1325 const char *filename,
1326 unsigned line,
1327 const char *section,
1328 unsigned section_line,
1329 const char *lvalue,
1330 int ltype,
1331 const char *rvalue,
1332 void *data,
1333 void *userdata) {
1334
1335 ExecContext *c = data;
1336
1337 assert(filename);
1338 assert(lvalue);
1339 assert(rvalue);
1340 assert(data);
1341
1342 return parse_cpu_set_extend(rvalue, &c->cpu_set, true, unit, filename, line, lvalue);
1343 }
1344
1345 int config_parse_capability_set(
1346 const char *unit,
1347 const char *filename,
1348 unsigned line,
1349 const char *section,
1350 unsigned section_line,
1351 const char *lvalue,
1352 int ltype,
1353 const char *rvalue,
1354 void *data,
1355 void *userdata) {
1356
1357 uint64_t *capability_set = data;
1358 uint64_t sum = 0, initial = 0;
1359 bool invert = false;
1360 int r;
1361
1362 assert(filename);
1363 assert(lvalue);
1364 assert(rvalue);
1365 assert(data);
1366
1367 if (rvalue[0] == '~') {
1368 invert = true;
1369 rvalue++;
1370 }
1371
1372 if (streq(lvalue, "CapabilityBoundingSet"))
1373 initial = CAP_ALL; /* initialized to all bits on */
1374 /* else "AmbientCapabilities" initialized to all bits off */
1375
1376 r = capability_set_from_string(rvalue, &sum);
1377 if (r < 0) {
1378 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s= specifier '%s', ignoring: %m", lvalue, rvalue);
1379 return 0;
1380 }
1381
1382 if (sum == 0 || *capability_set == initial)
1383 /* "", "~" or uninitialized data -> replace */
1384 *capability_set = invert ? ~sum : sum;
1385 else {
1386 /* previous data -> merge */
1387 if (invert)
1388 *capability_set &= ~sum;
1389 else
1390 *capability_set |= sum;
1391 }
1392
1393 return 0;
1394 }
1395
1396 int config_parse_exec_selinux_context(
1397 const char *unit,
1398 const char *filename,
1399 unsigned line,
1400 const char *section,
1401 unsigned section_line,
1402 const char *lvalue,
1403 int ltype,
1404 const char *rvalue,
1405 void *data,
1406 void *userdata) {
1407
1408 ExecContext *c = data;
1409 Unit *u = userdata;
1410 bool ignore;
1411 char *k;
1412 int r;
1413
1414 assert(filename);
1415 assert(lvalue);
1416 assert(rvalue);
1417 assert(data);
1418
1419 if (isempty(rvalue)) {
1420 c->selinux_context = mfree(c->selinux_context);
1421 c->selinux_context_ignore = false;
1422 return 0;
1423 }
1424
1425 if (rvalue[0] == '-') {
1426 ignore = true;
1427 rvalue++;
1428 } else
1429 ignore = false;
1430
1431 r = unit_full_printf(u, rvalue, &k);
1432 if (r < 0) {
1433 log_syntax(unit, LOG_ERR, filename, line, r,
1434 "Failed to resolve unit specifiers in '%s'%s: %m",
1435 rvalue, ignore ? ", ignoring" : "");
1436 return ignore ? 0 : -ENOEXEC;
1437 }
1438
1439 free_and_replace(c->selinux_context, k);
1440 c->selinux_context_ignore = ignore;
1441
1442 return 0;
1443 }
1444
1445 int config_parse_exec_apparmor_profile(
1446 const char *unit,
1447 const char *filename,
1448 unsigned line,
1449 const char *section,
1450 unsigned section_line,
1451 const char *lvalue,
1452 int ltype,
1453 const char *rvalue,
1454 void *data,
1455 void *userdata) {
1456
1457 ExecContext *c = data;
1458 Unit *u = userdata;
1459 bool ignore;
1460 char *k;
1461 int r;
1462
1463 assert(filename);
1464 assert(lvalue);
1465 assert(rvalue);
1466 assert(data);
1467
1468 if (isempty(rvalue)) {
1469 c->apparmor_profile = mfree(c->apparmor_profile);
1470 c->apparmor_profile_ignore = false;
1471 return 0;
1472 }
1473
1474 if (rvalue[0] == '-') {
1475 ignore = true;
1476 rvalue++;
1477 } else
1478 ignore = false;
1479
1480 r = unit_full_printf(u, rvalue, &k);
1481 if (r < 0) {
1482 log_syntax(unit, LOG_ERR, filename, line, r,
1483 "Failed to resolve unit specifiers in '%s'%s: %m",
1484 rvalue, ignore ? ", ignoring" : "");
1485 return ignore ? 0 : -ENOEXEC;
1486 }
1487
1488 free_and_replace(c->apparmor_profile, k);
1489 c->apparmor_profile_ignore = ignore;
1490
1491 return 0;
1492 }
1493
1494 int config_parse_exec_smack_process_label(
1495 const char *unit,
1496 const char *filename,
1497 unsigned line,
1498 const char *section,
1499 unsigned section_line,
1500 const char *lvalue,
1501 int ltype,
1502 const char *rvalue,
1503 void *data,
1504 void *userdata) {
1505
1506 ExecContext *c = data;
1507 Unit *u = userdata;
1508 bool ignore;
1509 char *k;
1510 int r;
1511
1512 assert(filename);
1513 assert(lvalue);
1514 assert(rvalue);
1515 assert(data);
1516
1517 if (isempty(rvalue)) {
1518 c->smack_process_label = mfree(c->smack_process_label);
1519 c->smack_process_label_ignore = false;
1520 return 0;
1521 }
1522
1523 if (rvalue[0] == '-') {
1524 ignore = true;
1525 rvalue++;
1526 } else
1527 ignore = false;
1528
1529 r = unit_full_printf(u, rvalue, &k);
1530 if (r < 0) {
1531 log_syntax(unit, LOG_ERR, filename, line, r,
1532 "Failed to resolve unit specifiers in '%s'%s: %m",
1533 rvalue, ignore ? ", ignoring" : "");
1534 return ignore ? 0 : -ENOEXEC;
1535 }
1536
1537 free_and_replace(c->smack_process_label, k);
1538 c->smack_process_label_ignore = ignore;
1539
1540 return 0;
1541 }
1542
1543 int config_parse_timer(
1544 const char *unit,
1545 const char *filename,
1546 unsigned line,
1547 const char *section,
1548 unsigned section_line,
1549 const char *lvalue,
1550 int ltype,
1551 const char *rvalue,
1552 void *data,
1553 void *userdata) {
1554
1555 _cleanup_(calendar_spec_freep) CalendarSpec *c = NULL;
1556 _cleanup_free_ char *k = NULL;
1557 Unit *u = userdata;
1558 Timer *t = data;
1559 usec_t usec = 0;
1560 TimerValue *v;
1561 int r;
1562
1563 assert(filename);
1564 assert(lvalue);
1565 assert(rvalue);
1566 assert(data);
1567
1568 if (isempty(rvalue)) {
1569 /* Empty assignment resets list */
1570 timer_free_values(t);
1571 return 0;
1572 }
1573
1574 r = unit_full_printf(u, rvalue, &k);
1575 if (r < 0) {
1576 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
1577 return 0;
1578 }
1579
1580 if (ltype == TIMER_CALENDAR) {
1581 r = calendar_spec_from_string(k, &c);
1582 if (r < 0) {
1583 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse calendar specification, ignoring: %s", k);
1584 return 0;
1585 }
1586 } else {
1587 r = parse_sec(k, &usec);
1588 if (r < 0) {
1589 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse timer value, ignoring: %s", k);
1590 return 0;
1591 }
1592 }
1593
1594 v = new(TimerValue, 1);
1595 if (!v)
1596 return log_oom();
1597
1598 *v = (TimerValue) {
1599 .base = ltype,
1600 .value = usec,
1601 .calendar_spec = TAKE_PTR(c),
1602 };
1603
1604 LIST_PREPEND(value, t->values, v);
1605
1606 return 0;
1607 }
1608
1609 int config_parse_trigger_unit(
1610 const char *unit,
1611 const char *filename,
1612 unsigned line,
1613 const char *section,
1614 unsigned section_line,
1615 const char *lvalue,
1616 int ltype,
1617 const char *rvalue,
1618 void *data,
1619 void *userdata) {
1620
1621 _cleanup_free_ char *p = NULL;
1622 Unit *u = data;
1623 UnitType type;
1624 int r;
1625
1626 assert(filename);
1627 assert(lvalue);
1628 assert(rvalue);
1629 assert(data);
1630
1631 if (!hashmap_isempty(u->dependencies[UNIT_TRIGGERS])) {
1632 log_syntax(unit, LOG_ERR, filename, line, 0, "Multiple units to trigger specified, ignoring: %s", rvalue);
1633 return 0;
1634 }
1635
1636 r = unit_name_printf(u, rvalue, &p);
1637 if (r < 0) {
1638 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
1639 return 0;
1640 }
1641
1642 type = unit_name_to_type(p);
1643 if (type < 0) {
1644 log_syntax(unit, LOG_ERR, filename, line, 0, "Unit type not valid, ignoring: %s", rvalue);
1645 return 0;
1646 }
1647 if (unit_has_name(u, p)) {
1648 log_syntax(unit, LOG_ERR, filename, line, 0, "Units cannot trigger themselves, ignoring: %s", rvalue);
1649 return 0;
1650 }
1651
1652 r = unit_add_two_dependencies_by_name(u, UNIT_BEFORE, UNIT_TRIGGERS, p, true, UNIT_DEPENDENCY_FILE);
1653 if (r < 0) {
1654 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add trigger on %s, ignoring: %m", p);
1655 return 0;
1656 }
1657
1658 return 0;
1659 }
1660
1661 int config_parse_path_spec(const char *unit,
1662 const char *filename,
1663 unsigned line,
1664 const char *section,
1665 unsigned section_line,
1666 const char *lvalue,
1667 int ltype,
1668 const char *rvalue,
1669 void *data,
1670 void *userdata) {
1671
1672 Path *p = data;
1673 PathSpec *s;
1674 PathType b;
1675 _cleanup_free_ char *k = NULL;
1676 int r;
1677
1678 assert(filename);
1679 assert(lvalue);
1680 assert(rvalue);
1681 assert(data);
1682
1683 if (isempty(rvalue)) {
1684 /* Empty assignment clears list */
1685 path_free_specs(p);
1686 return 0;
1687 }
1688
1689 b = path_type_from_string(lvalue);
1690 if (b < 0) {
1691 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse path type, ignoring: %s", lvalue);
1692 return 0;
1693 }
1694
1695 r = unit_full_printf(UNIT(p), rvalue, &k);
1696 if (r < 0) {
1697 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
1698 return 0;
1699 }
1700
1701 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
1702 if (r < 0)
1703 return 0;
1704
1705 s = new0(PathSpec, 1);
1706 if (!s)
1707 return log_oom();
1708
1709 s->unit = UNIT(p);
1710 s->path = TAKE_PTR(k);
1711 s->type = b;
1712 s->inotify_fd = -1;
1713
1714 LIST_PREPEND(spec, p->specs, s);
1715
1716 return 0;
1717 }
1718
1719 int config_parse_socket_service(
1720 const char *unit,
1721 const char *filename,
1722 unsigned line,
1723 const char *section,
1724 unsigned section_line,
1725 const char *lvalue,
1726 int ltype,
1727 const char *rvalue,
1728 void *data,
1729 void *userdata) {
1730
1731 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
1732 _cleanup_free_ char *p = NULL;
1733 Socket *s = data;
1734 Unit *x;
1735 int r;
1736
1737 assert(filename);
1738 assert(lvalue);
1739 assert(rvalue);
1740 assert(data);
1741
1742 r = unit_name_printf(UNIT(s), rvalue, &p);
1743 if (r < 0) {
1744 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", rvalue);
1745 return -ENOEXEC;
1746 }
1747
1748 if (!endswith(p, ".service")) {
1749 log_syntax(unit, LOG_ERR, filename, line, 0, "Unit must be of type service: %s", rvalue);
1750 return -ENOEXEC;
1751 }
1752
1753 r = manager_load_unit(UNIT(s)->manager, p, NULL, &error, &x);
1754 if (r < 0) {
1755 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to load unit %s: %s", rvalue, bus_error_message(&error, r));
1756 return -ENOEXEC;
1757 }
1758
1759 unit_ref_set(&s->service, UNIT(s), x);
1760
1761 return 0;
1762 }
1763
1764 int config_parse_fdname(
1765 const char *unit,
1766 const char *filename,
1767 unsigned line,
1768 const char *section,
1769 unsigned section_line,
1770 const char *lvalue,
1771 int ltype,
1772 const char *rvalue,
1773 void *data,
1774 void *userdata) {
1775
1776 _cleanup_free_ char *p = NULL;
1777 Socket *s = data;
1778 int r;
1779
1780 assert(filename);
1781 assert(lvalue);
1782 assert(rvalue);
1783 assert(data);
1784
1785 if (isempty(rvalue)) {
1786 s->fdname = mfree(s->fdname);
1787 return 0;
1788 }
1789
1790 r = unit_full_printf(UNIT(s), rvalue, &p);
1791 if (r < 0) {
1792 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
1793 return 0;
1794 }
1795
1796 if (!fdname_is_valid(p)) {
1797 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid file descriptor name, ignoring: %s", p);
1798 return 0;
1799 }
1800
1801 return free_and_replace(s->fdname, p);
1802 }
1803
1804 int config_parse_service_sockets(
1805 const char *unit,
1806 const char *filename,
1807 unsigned line,
1808 const char *section,
1809 unsigned section_line,
1810 const char *lvalue,
1811 int ltype,
1812 const char *rvalue,
1813 void *data,
1814 void *userdata) {
1815
1816 Service *s = data;
1817 const char *p;
1818 int r;
1819
1820 assert(filename);
1821 assert(lvalue);
1822 assert(rvalue);
1823 assert(data);
1824
1825 p = rvalue;
1826 for (;;) {
1827 _cleanup_free_ char *word = NULL, *k = NULL;
1828
1829 r = extract_first_word(&p, &word, NULL, 0);
1830 if (r == 0)
1831 break;
1832 if (r == -ENOMEM)
1833 return log_oom();
1834 if (r < 0) {
1835 log_syntax(unit, LOG_ERR, filename, line, r, "Trailing garbage in sockets, ignoring: %s", rvalue);
1836 break;
1837 }
1838
1839 r = unit_name_printf(UNIT(s), word, &k);
1840 if (r < 0) {
1841 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
1842 continue;
1843 }
1844
1845 if (!endswith(k, ".socket")) {
1846 log_syntax(unit, LOG_ERR, filename, line, 0, "Unit must be of type socket, ignoring: %s", k);
1847 continue;
1848 }
1849
1850 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_WANTS, UNIT_AFTER, k, true, UNIT_DEPENDENCY_FILE);
1851 if (r < 0)
1852 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
1853
1854 r = unit_add_dependency_by_name(UNIT(s), UNIT_TRIGGERED_BY, k, true, UNIT_DEPENDENCY_FILE);
1855 if (r < 0)
1856 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
1857 }
1858
1859 return 0;
1860 }
1861
1862 int config_parse_bus_name(
1863 const char *unit,
1864 const char *filename,
1865 unsigned line,
1866 const char *section,
1867 unsigned section_line,
1868 const char *lvalue,
1869 int ltype,
1870 const char *rvalue,
1871 void *data,
1872 void *userdata) {
1873
1874 _cleanup_free_ char *k = NULL;
1875 Unit *u = userdata;
1876 int r;
1877
1878 assert(filename);
1879 assert(lvalue);
1880 assert(rvalue);
1881 assert(u);
1882
1883 r = unit_full_printf(u, rvalue, &k);
1884 if (r < 0) {
1885 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
1886 return 0;
1887 }
1888
1889 if (!service_name_is_valid(k)) {
1890 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid bus name, ignoring: %s", k);
1891 return 0;
1892 }
1893
1894 return config_parse_string(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
1895 }
1896
1897 int config_parse_service_timeout(
1898 const char *unit,
1899 const char *filename,
1900 unsigned line,
1901 const char *section,
1902 unsigned section_line,
1903 const char *lvalue,
1904 int ltype,
1905 const char *rvalue,
1906 void *data,
1907 void *userdata) {
1908
1909 Service *s = userdata;
1910 usec_t usec;
1911 int r;
1912
1913 assert(filename);
1914 assert(lvalue);
1915 assert(rvalue);
1916 assert(s);
1917
1918 /* This is called for two cases: TimeoutSec= and TimeoutStartSec=. */
1919
1920 /* Traditionally, these options accepted 0 to disable the timeouts. However, a timeout of 0 suggests it happens
1921 * immediately, hence fix this to become USEC_INFINITY instead. This is in-line with how we internally handle
1922 * all other timeouts. */
1923 r = parse_sec_fix_0(rvalue, &usec);
1924 if (r < 0) {
1925 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s= parameter, ignoring: %s", lvalue, rvalue);
1926 return 0;
1927 }
1928
1929 s->start_timeout_defined = true;
1930 s->timeout_start_usec = usec;
1931
1932 if (streq(lvalue, "TimeoutSec"))
1933 s->timeout_stop_usec = usec;
1934
1935 return 0;
1936 }
1937
1938 int config_parse_service_timeout_abort(
1939 const char *unit,
1940 const char *filename,
1941 unsigned line,
1942 const char *section,
1943 unsigned section_line,
1944 const char *lvalue,
1945 int ltype,
1946 const char *rvalue,
1947 void *data,
1948 void *userdata) {
1949
1950 Service *s = userdata;
1951 int r;
1952
1953 assert(filename);
1954 assert(lvalue);
1955 assert(rvalue);
1956 assert(s);
1957
1958 rvalue += strspn(rvalue, WHITESPACE);
1959 if (isempty(rvalue)) {
1960 s->timeout_abort_set = false;
1961 return 0;
1962 }
1963
1964 r = parse_sec(rvalue, &s->timeout_abort_usec);
1965 if (r < 0) {
1966 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse TimeoutAbortSec= setting, ignoring: %s", rvalue);
1967 return 0;
1968 }
1969
1970 s->timeout_abort_set = true;
1971 return 0;
1972 }
1973
1974 int config_parse_sec_fix_0(
1975 const char *unit,
1976 const char *filename,
1977 unsigned line,
1978 const char *section,
1979 unsigned section_line,
1980 const char *lvalue,
1981 int ltype,
1982 const char *rvalue,
1983 void *data,
1984 void *userdata) {
1985
1986 usec_t *usec = data;
1987 int r;
1988
1989 assert(filename);
1990 assert(lvalue);
1991 assert(rvalue);
1992 assert(usec);
1993
1994 /* This is pretty much like config_parse_sec(), except that this treats a time of 0 as infinity, for
1995 * compatibility with older versions of systemd where 0 instead of infinity was used as indicator to turn off a
1996 * timeout. */
1997
1998 r = parse_sec_fix_0(rvalue, usec);
1999 if (r < 0) {
2000 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s= parameter, ignoring: %s", lvalue, rvalue);
2001 return 0;
2002 }
2003
2004 return 0;
2005 }
2006
2007 int config_parse_user_group(
2008 const char *unit,
2009 const char *filename,
2010 unsigned line,
2011 const char *section,
2012 unsigned section_line,
2013 const char *lvalue,
2014 int ltype,
2015 const char *rvalue,
2016 void *data,
2017 void *userdata) {
2018
2019 _cleanup_free_ char *k = NULL;
2020 char **user = data;
2021 Unit *u = userdata;
2022 int r;
2023
2024 assert(filename);
2025 assert(lvalue);
2026 assert(rvalue);
2027 assert(u);
2028
2029 if (isempty(rvalue)) {
2030 *user = mfree(*user);
2031 return 0;
2032 }
2033
2034 r = unit_full_printf(u, rvalue, &k);
2035 if (r < 0) {
2036 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", rvalue);
2037 return -ENOEXEC;
2038 }
2039
2040 if (!valid_user_group_name_or_id(k)) {
2041 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
2042 return -ENOEXEC;
2043 }
2044
2045 return free_and_replace(*user, k);
2046 }
2047
2048 int config_parse_user_group_strv(
2049 const char *unit,
2050 const char *filename,
2051 unsigned line,
2052 const char *section,
2053 unsigned section_line,
2054 const char *lvalue,
2055 int ltype,
2056 const char *rvalue,
2057 void *data,
2058 void *userdata) {
2059
2060 char ***users = data;
2061 Unit *u = userdata;
2062 const char *p = rvalue;
2063 int r;
2064
2065 assert(filename);
2066 assert(lvalue);
2067 assert(rvalue);
2068 assert(u);
2069
2070 if (isempty(rvalue)) {
2071 *users = strv_free(*users);
2072 return 0;
2073 }
2074
2075 for (;;) {
2076 _cleanup_free_ char *word = NULL, *k = NULL;
2077
2078 r = extract_first_word(&p, &word, NULL, 0);
2079 if (r == 0)
2080 break;
2081 if (r == -ENOMEM)
2082 return log_oom();
2083 if (r < 0) {
2084 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax: %s", rvalue);
2085 return -ENOEXEC;
2086 }
2087
2088 r = unit_full_printf(u, word, &k);
2089 if (r < 0) {
2090 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", word);
2091 return -ENOEXEC;
2092 }
2093
2094 if (!valid_user_group_name_or_id(k)) {
2095 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
2096 return -ENOEXEC;
2097 }
2098
2099 r = strv_push(users, k);
2100 if (r < 0)
2101 return log_oom();
2102
2103 k = NULL;
2104 }
2105
2106 return 0;
2107 }
2108
2109 int config_parse_working_directory(
2110 const char *unit,
2111 const char *filename,
2112 unsigned line,
2113 const char *section,
2114 unsigned section_line,
2115 const char *lvalue,
2116 int ltype,
2117 const char *rvalue,
2118 void *data,
2119 void *userdata) {
2120
2121 ExecContext *c = data;
2122 Unit *u = userdata;
2123 bool missing_ok;
2124 int r;
2125
2126 assert(filename);
2127 assert(lvalue);
2128 assert(rvalue);
2129 assert(c);
2130 assert(u);
2131
2132 if (isempty(rvalue)) {
2133 c->working_directory_home = false;
2134 c->working_directory = mfree(c->working_directory);
2135 return 0;
2136 }
2137
2138 if (rvalue[0] == '-') {
2139 missing_ok = true;
2140 rvalue++;
2141 } else
2142 missing_ok = false;
2143
2144 if (streq(rvalue, "~")) {
2145 c->working_directory_home = true;
2146 c->working_directory = mfree(c->working_directory);
2147 } else {
2148 _cleanup_free_ char *k = NULL;
2149
2150 r = unit_full_printf(u, rvalue, &k);
2151 if (r < 0) {
2152 log_syntax(unit, LOG_ERR, filename, line, r,
2153 "Failed to resolve unit specifiers in working directory path '%s'%s: %m",
2154 rvalue, missing_ok ? ", ignoring" : "");
2155 return missing_ok ? 0 : -ENOEXEC;
2156 }
2157
2158 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE | (missing_ok ? 0 : PATH_CHECK_FATAL), unit, filename, line, lvalue);
2159 if (r < 0)
2160 return missing_ok ? 0 : -ENOEXEC;
2161
2162 c->working_directory_home = false;
2163 free_and_replace(c->working_directory, k);
2164 }
2165
2166 c->working_directory_missing_ok = missing_ok;
2167 return 0;
2168 }
2169
2170 int config_parse_unit_env_file(const char *unit,
2171 const char *filename,
2172 unsigned line,
2173 const char *section,
2174 unsigned section_line,
2175 const char *lvalue,
2176 int ltype,
2177 const char *rvalue,
2178 void *data,
2179 void *userdata) {
2180
2181 char ***env = data;
2182 Unit *u = userdata;
2183 _cleanup_free_ char *n = NULL;
2184 int r;
2185
2186 assert(filename);
2187 assert(lvalue);
2188 assert(rvalue);
2189 assert(data);
2190
2191 if (isempty(rvalue)) {
2192 /* Empty assignment frees the list */
2193 *env = strv_free(*env);
2194 return 0;
2195 }
2196
2197 r = unit_full_printf(u, rvalue, &n);
2198 if (r < 0) {
2199 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
2200 return 0;
2201 }
2202
2203 r = path_simplify_and_warn(n[0] == '-' ? n + 1 : n, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2204 if (r < 0)
2205 return 0;
2206
2207 r = strv_push(env, n);
2208 if (r < 0)
2209 return log_oom();
2210
2211 n = NULL;
2212
2213 return 0;
2214 }
2215
2216 int config_parse_environ(
2217 const char *unit,
2218 const char *filename,
2219 unsigned line,
2220 const char *section,
2221 unsigned section_line,
2222 const char *lvalue,
2223 int ltype,
2224 const char *rvalue,
2225 void *data,
2226 void *userdata) {
2227
2228 Unit *u = userdata;
2229 char ***env = data;
2230 const char *p;
2231 int r;
2232
2233 assert(filename);
2234 assert(lvalue);
2235 assert(rvalue);
2236 assert(data);
2237
2238 if (isempty(rvalue)) {
2239 /* Empty assignment resets the list */
2240 *env = strv_free(*env);
2241 return 0;
2242 }
2243
2244 for (p = rvalue;; ) {
2245 _cleanup_free_ char *word = NULL, *k = NULL;
2246
2247 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
2248 if (r == 0)
2249 return 0;
2250 if (r == -ENOMEM)
2251 return log_oom();
2252 if (r < 0) {
2253 log_syntax(unit, LOG_WARNING, filename, line, r,
2254 "Invalid syntax, ignoring: %s", rvalue);
2255 return 0;
2256 }
2257
2258 if (u) {
2259 r = unit_full_printf(u, word, &k);
2260 if (r < 0) {
2261 log_syntax(unit, LOG_ERR, filename, line, r,
2262 "Failed to resolve unit specifiers in %s, ignoring: %m", word);
2263 continue;
2264 }
2265 } else
2266 k = TAKE_PTR(word);
2267
2268 if (!env_assignment_is_valid(k)) {
2269 log_syntax(unit, LOG_ERR, filename, line, 0,
2270 "Invalid environment assignment, ignoring: %s", k);
2271 continue;
2272 }
2273
2274 r = strv_env_replace(env, k);
2275 if (r < 0)
2276 return log_oom();
2277
2278 k = NULL;
2279 }
2280 }
2281
2282 int config_parse_pass_environ(
2283 const char *unit,
2284 const char *filename,
2285 unsigned line,
2286 const char *section,
2287 unsigned section_line,
2288 const char *lvalue,
2289 int ltype,
2290 const char *rvalue,
2291 void *data,
2292 void *userdata) {
2293
2294 _cleanup_strv_free_ char **n = NULL;
2295 size_t nlen = 0, nbufsize = 0;
2296 char*** passenv = data;
2297 const char *p = rvalue;
2298 Unit *u = userdata;
2299 int r;
2300
2301 assert(filename);
2302 assert(lvalue);
2303 assert(rvalue);
2304 assert(data);
2305
2306 if (isempty(rvalue)) {
2307 /* Empty assignment resets the list */
2308 *passenv = strv_free(*passenv);
2309 return 0;
2310 }
2311
2312 for (;;) {
2313 _cleanup_free_ char *word = NULL, *k = NULL;
2314
2315 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
2316 if (r == 0)
2317 break;
2318 if (r == -ENOMEM)
2319 return log_oom();
2320 if (r < 0) {
2321 log_syntax(unit, LOG_ERR, filename, line, r,
2322 "Trailing garbage in %s, ignoring: %s", lvalue, rvalue);
2323 break;
2324 }
2325
2326 if (u) {
2327 r = unit_full_printf(u, word, &k);
2328 if (r < 0) {
2329 log_syntax(unit, LOG_ERR, filename, line, r,
2330 "Failed to resolve specifiers in %s, ignoring: %m", word);
2331 continue;
2332 }
2333 } else
2334 k = TAKE_PTR(word);
2335
2336 if (!env_name_is_valid(k)) {
2337 log_syntax(unit, LOG_ERR, filename, line, 0,
2338 "Invalid environment name for %s, ignoring: %s", lvalue, k);
2339 continue;
2340 }
2341
2342 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
2343 return log_oom();
2344
2345 n[nlen++] = TAKE_PTR(k);
2346 n[nlen] = NULL;
2347 }
2348
2349 if (n) {
2350 r = strv_extend_strv(passenv, n, true);
2351 if (r < 0)
2352 return r;
2353 }
2354
2355 return 0;
2356 }
2357
2358 int config_parse_unset_environ(
2359 const char *unit,
2360 const char *filename,
2361 unsigned line,
2362 const char *section,
2363 unsigned section_line,
2364 const char *lvalue,
2365 int ltype,
2366 const char *rvalue,
2367 void *data,
2368 void *userdata) {
2369
2370 _cleanup_strv_free_ char **n = NULL;
2371 size_t nlen = 0, nbufsize = 0;
2372 char*** unsetenv = data;
2373 const char *p = rvalue;
2374 Unit *u = userdata;
2375 int r;
2376
2377 assert(filename);
2378 assert(lvalue);
2379 assert(rvalue);
2380 assert(data);
2381
2382 if (isempty(rvalue)) {
2383 /* Empty assignment resets the list */
2384 *unsetenv = strv_free(*unsetenv);
2385 return 0;
2386 }
2387
2388 for (;;) {
2389 _cleanup_free_ char *word = NULL, *k = NULL;
2390
2391 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
2392 if (r == 0)
2393 break;
2394 if (r == -ENOMEM)
2395 return log_oom();
2396 if (r < 0) {
2397 log_syntax(unit, LOG_ERR, filename, line, r,
2398 "Trailing garbage in %s, ignoring: %s", lvalue, rvalue);
2399 break;
2400 }
2401
2402 if (u) {
2403 r = unit_full_printf(u, word, &k);
2404 if (r < 0) {
2405 log_syntax(unit, LOG_ERR, filename, line, r,
2406 "Failed to resolve unit specifiers in %s, ignoring: %m", word);
2407 continue;
2408 }
2409 } else
2410 k = TAKE_PTR(word);
2411
2412 if (!env_assignment_is_valid(k) && !env_name_is_valid(k)) {
2413 log_syntax(unit, LOG_ERR, filename, line, 0,
2414 "Invalid environment name or assignment %s, ignoring: %s", lvalue, k);
2415 continue;
2416 }
2417
2418 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
2419 return log_oom();
2420
2421 n[nlen++] = TAKE_PTR(k);
2422 n[nlen] = NULL;
2423 }
2424
2425 if (n) {
2426 r = strv_extend_strv(unsetenv, n, true);
2427 if (r < 0)
2428 return r;
2429 }
2430
2431 return 0;
2432 }
2433
2434 int config_parse_log_extra_fields(
2435 const char *unit,
2436 const char *filename,
2437 unsigned line,
2438 const char *section,
2439 unsigned section_line,
2440 const char *lvalue,
2441 int ltype,
2442 const char *rvalue,
2443 void *data,
2444 void *userdata) {
2445
2446 ExecContext *c = data;
2447 Unit *u = userdata;
2448 const char *p = rvalue;
2449 int r;
2450
2451 assert(filename);
2452 assert(lvalue);
2453 assert(rvalue);
2454 assert(c);
2455
2456 if (isempty(rvalue)) {
2457 exec_context_free_log_extra_fields(c);
2458 return 0;
2459 }
2460
2461 for (;;) {
2462 _cleanup_free_ char *word = NULL, *k = NULL;
2463 struct iovec *t;
2464 const char *eq;
2465
2466 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
2467 if (r == 0)
2468 return 0;
2469 if (r == -ENOMEM)
2470 return log_oom();
2471 if (r < 0) {
2472 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
2473 return 0;
2474 }
2475
2476 r = unit_full_printf(u, word, &k);
2477 if (r < 0) {
2478 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", word);
2479 continue;
2480 }
2481
2482 eq = strchr(k, '=');
2483 if (!eq) {
2484 log_syntax(unit, LOG_ERR, filename, line, 0, "Log field lacks '=' character, ignoring: %s", k);
2485 continue;
2486 }
2487
2488 if (!journal_field_valid(k, eq-k, false)) {
2489 log_syntax(unit, LOG_ERR, filename, line, 0, "Log field name is invalid, ignoring: %s", k);
2490 continue;
2491 }
2492
2493 t = reallocarray(c->log_extra_fields, c->n_log_extra_fields+1, sizeof(struct iovec));
2494 if (!t)
2495 return log_oom();
2496
2497 c->log_extra_fields = t;
2498 c->log_extra_fields[c->n_log_extra_fields++] = IOVEC_MAKE_STRING(k);
2499
2500 k = NULL;
2501 }
2502 }
2503
2504 int config_parse_unit_condition_path(
2505 const char *unit,
2506 const char *filename,
2507 unsigned line,
2508 const char *section,
2509 unsigned section_line,
2510 const char *lvalue,
2511 int ltype,
2512 const char *rvalue,
2513 void *data,
2514 void *userdata) {
2515
2516 _cleanup_free_ char *p = NULL;
2517 Condition **list = data, *c;
2518 ConditionType t = ltype;
2519 bool trigger, negate;
2520 Unit *u = userdata;
2521 int r;
2522
2523 assert(filename);
2524 assert(lvalue);
2525 assert(rvalue);
2526 assert(data);
2527
2528 if (isempty(rvalue)) {
2529 /* Empty assignment resets the list */
2530 *list = condition_free_list(*list);
2531 return 0;
2532 }
2533
2534 trigger = rvalue[0] == '|';
2535 if (trigger)
2536 rvalue++;
2537
2538 negate = rvalue[0] == '!';
2539 if (negate)
2540 rvalue++;
2541
2542 r = unit_full_printf(u, rvalue, &p);
2543 if (r < 0) {
2544 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2545 return 0;
2546 }
2547
2548 r = path_simplify_and_warn(p, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2549 if (r < 0)
2550 return 0;
2551
2552 c = condition_new(t, p, trigger, negate);
2553 if (!c)
2554 return log_oom();
2555
2556 LIST_PREPEND(conditions, *list, c);
2557 return 0;
2558 }
2559
2560 int config_parse_unit_condition_string(
2561 const char *unit,
2562 const char *filename,
2563 unsigned line,
2564 const char *section,
2565 unsigned section_line,
2566 const char *lvalue,
2567 int ltype,
2568 const char *rvalue,
2569 void *data,
2570 void *userdata) {
2571
2572 _cleanup_free_ char *s = NULL;
2573 Condition **list = data, *c;
2574 ConditionType t = ltype;
2575 bool trigger, negate;
2576 Unit *u = userdata;
2577 int r;
2578
2579 assert(filename);
2580 assert(lvalue);
2581 assert(rvalue);
2582 assert(data);
2583
2584 if (isempty(rvalue)) {
2585 /* Empty assignment resets the list */
2586 *list = condition_free_list(*list);
2587 return 0;
2588 }
2589
2590 trigger = *rvalue == '|';
2591 if (trigger)
2592 rvalue += 1 + strspn(rvalue + 1, WHITESPACE);
2593
2594 negate = *rvalue == '!';
2595 if (negate)
2596 rvalue += 1 + strspn(rvalue + 1, WHITESPACE);
2597
2598 r = unit_full_printf(u, rvalue, &s);
2599 if (r < 0) {
2600 log_syntax(unit, LOG_ERR, filename, line, r,
2601 "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
2602 return 0;
2603 }
2604
2605 c = condition_new(t, s, trigger, negate);
2606 if (!c)
2607 return log_oom();
2608
2609 LIST_PREPEND(conditions, *list, c);
2610 return 0;
2611 }
2612
2613 int config_parse_unit_condition_null(
2614 const char *unit,
2615 const char *filename,
2616 unsigned line,
2617 const char *section,
2618 unsigned section_line,
2619 const char *lvalue,
2620 int ltype,
2621 const char *rvalue,
2622 void *data,
2623 void *userdata) {
2624
2625 Condition **list = data, *c;
2626 bool trigger, negate;
2627 int b;
2628
2629 assert(filename);
2630 assert(lvalue);
2631 assert(rvalue);
2632 assert(data);
2633
2634 log_syntax(unit, LOG_WARNING, filename, line, 0, "%s= is deprecated, please do not use.", lvalue);
2635
2636 if (isempty(rvalue)) {
2637 /* Empty assignment resets the list */
2638 *list = condition_free_list(*list);
2639 return 0;
2640 }
2641
2642 trigger = rvalue[0] == '|';
2643 if (trigger)
2644 rvalue++;
2645
2646 negate = rvalue[0] == '!';
2647 if (negate)
2648 rvalue++;
2649
2650 b = parse_boolean(rvalue);
2651 if (b < 0) {
2652 log_syntax(unit, LOG_ERR, filename, line, b, "Failed to parse boolean value in condition, ignoring: %s", rvalue);
2653 return 0;
2654 }
2655
2656 if (!b)
2657 negate = !negate;
2658
2659 c = condition_new(CONDITION_NULL, NULL, trigger, negate);
2660 if (!c)
2661 return log_oom();
2662
2663 LIST_PREPEND(conditions, *list, c);
2664 return 0;
2665 }
2666
2667 int config_parse_unit_requires_mounts_for(
2668 const char *unit,
2669 const char *filename,
2670 unsigned line,
2671 const char *section,
2672 unsigned section_line,
2673 const char *lvalue,
2674 int ltype,
2675 const char *rvalue,
2676 void *data,
2677 void *userdata) {
2678
2679 const char *p = rvalue;
2680 Unit *u = userdata;
2681 int r;
2682
2683 assert(filename);
2684 assert(lvalue);
2685 assert(rvalue);
2686 assert(data);
2687
2688 for (;;) {
2689 _cleanup_free_ char *word = NULL, *resolved = NULL;
2690
2691 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
2692 if (r == 0)
2693 return 0;
2694 if (r == -ENOMEM)
2695 return log_oom();
2696 if (r < 0) {
2697 log_syntax(unit, LOG_WARNING, filename, line, r,
2698 "Invalid syntax, ignoring: %s", rvalue);
2699 return 0;
2700 }
2701
2702 r = unit_full_printf(u, word, &resolved);
2703 if (r < 0) {
2704 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
2705 continue;
2706 }
2707
2708 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2709 if (r < 0)
2710 continue;
2711
2712 r = unit_require_mounts_for(u, resolved, UNIT_DEPENDENCY_FILE);
2713 if (r < 0) {
2714 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add required mount '%s', ignoring: %m", resolved);
2715 continue;
2716 }
2717 }
2718 }
2719
2720 int config_parse_documentation(const char *unit,
2721 const char *filename,
2722 unsigned line,
2723 const char *section,
2724 unsigned section_line,
2725 const char *lvalue,
2726 int ltype,
2727 const char *rvalue,
2728 void *data,
2729 void *userdata) {
2730
2731 Unit *u = userdata;
2732 int r;
2733 char **a, **b;
2734
2735 assert(filename);
2736 assert(lvalue);
2737 assert(rvalue);
2738 assert(u);
2739
2740 if (isempty(rvalue)) {
2741 /* Empty assignment resets the list */
2742 u->documentation = strv_free(u->documentation);
2743 return 0;
2744 }
2745
2746 r = config_parse_unit_strv_printf(unit, filename, line, section, section_line, lvalue, ltype,
2747 rvalue, data, userdata);
2748 if (r < 0)
2749 return r;
2750
2751 for (a = b = u->documentation; a && *a; a++) {
2752
2753 if (documentation_url_is_valid(*a))
2754 *(b++) = *a;
2755 else {
2756 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid URL, ignoring: %s", *a);
2757 free(*a);
2758 }
2759 }
2760 if (b)
2761 *b = NULL;
2762
2763 return r;
2764 }
2765
2766 #if HAVE_SECCOMP
2767 int config_parse_syscall_filter(
2768 const char *unit,
2769 const char *filename,
2770 unsigned line,
2771 const char *section,
2772 unsigned section_line,
2773 const char *lvalue,
2774 int ltype,
2775 const char *rvalue,
2776 void *data,
2777 void *userdata) {
2778
2779 ExecContext *c = data;
2780 Unit *u = userdata;
2781 bool invert = false;
2782 const char *p;
2783 int r;
2784
2785 assert(filename);
2786 assert(lvalue);
2787 assert(rvalue);
2788 assert(u);
2789
2790 if (isempty(rvalue)) {
2791 /* Empty assignment resets the list */
2792 c->syscall_filter = hashmap_free(c->syscall_filter);
2793 c->syscall_whitelist = false;
2794 return 0;
2795 }
2796
2797 if (rvalue[0] == '~') {
2798 invert = true;
2799 rvalue++;
2800 }
2801
2802 if (!c->syscall_filter) {
2803 c->syscall_filter = hashmap_new(NULL);
2804 if (!c->syscall_filter)
2805 return log_oom();
2806
2807 if (invert)
2808 /* Allow everything but the ones listed */
2809 c->syscall_whitelist = false;
2810 else {
2811 /* Allow nothing but the ones listed */
2812 c->syscall_whitelist = true;
2813
2814 /* Accept default syscalls if we are on a whitelist */
2815 r = seccomp_parse_syscall_filter(
2816 "@default", -1, c->syscall_filter,
2817 SECCOMP_PARSE_PERMISSIVE|SECCOMP_PARSE_WHITELIST,
2818 unit,
2819 NULL, 0);
2820 if (r < 0)
2821 return r;
2822 }
2823 }
2824
2825 p = rvalue;
2826 for (;;) {
2827 _cleanup_free_ char *word = NULL, *name = NULL;
2828 int num;
2829
2830 r = extract_first_word(&p, &word, NULL, 0);
2831 if (r == 0)
2832 return 0;
2833 if (r == -ENOMEM)
2834 return log_oom();
2835 if (r < 0) {
2836 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
2837 return 0;
2838 }
2839
2840 r = parse_syscall_and_errno(word, &name, &num);
2841 if (r < 0) {
2842 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse syscall:errno, ignoring: %s", word);
2843 continue;
2844 }
2845
2846 r = seccomp_parse_syscall_filter(
2847 name, num, c->syscall_filter,
2848 SECCOMP_PARSE_LOG|SECCOMP_PARSE_PERMISSIVE|
2849 (invert ? SECCOMP_PARSE_INVERT : 0)|
2850 (c->syscall_whitelist ? SECCOMP_PARSE_WHITELIST : 0),
2851 unit, filename, line);
2852 if (r < 0)
2853 return r;
2854 }
2855 }
2856
2857 int config_parse_syscall_archs(
2858 const char *unit,
2859 const char *filename,
2860 unsigned line,
2861 const char *section,
2862 unsigned section_line,
2863 const char *lvalue,
2864 int ltype,
2865 const char *rvalue,
2866 void *data,
2867 void *userdata) {
2868
2869 const char *p = rvalue;
2870 Set **archs = data;
2871 int r;
2872
2873 if (isempty(rvalue)) {
2874 *archs = set_free(*archs);
2875 return 0;
2876 }
2877
2878 r = set_ensure_allocated(archs, NULL);
2879 if (r < 0)
2880 return log_oom();
2881
2882 for (;;) {
2883 _cleanup_free_ char *word = NULL;
2884 uint32_t a;
2885
2886 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
2887 if (r == 0)
2888 return 0;
2889 if (r == -ENOMEM)
2890 return log_oom();
2891 if (r < 0) {
2892 log_syntax(unit, LOG_WARNING, filename, line, r,
2893 "Invalid syntax, ignoring: %s", rvalue);
2894 return 0;
2895 }
2896
2897 r = seccomp_arch_from_string(word, &a);
2898 if (r < 0) {
2899 log_syntax(unit, LOG_ERR, filename, line, r,
2900 "Failed to parse system call architecture \"%s\", ignoring: %m", word);
2901 continue;
2902 }
2903
2904 r = set_put(*archs, UINT32_TO_PTR(a + 1));
2905 if (r < 0)
2906 return log_oom();
2907 }
2908 }
2909
2910 int config_parse_syscall_errno(
2911 const char *unit,
2912 const char *filename,
2913 unsigned line,
2914 const char *section,
2915 unsigned section_line,
2916 const char *lvalue,
2917 int ltype,
2918 const char *rvalue,
2919 void *data,
2920 void *userdata) {
2921
2922 ExecContext *c = data;
2923 int e;
2924
2925 assert(filename);
2926 assert(lvalue);
2927 assert(rvalue);
2928
2929 if (isempty(rvalue)) {
2930 /* Empty assignment resets to KILL */
2931 c->syscall_errno = 0;
2932 return 0;
2933 }
2934
2935 e = parse_errno(rvalue);
2936 if (e <= 0) {
2937 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse error number, ignoring: %s", rvalue);
2938 return 0;
2939 }
2940
2941 c->syscall_errno = e;
2942 return 0;
2943 }
2944
2945 int config_parse_address_families(
2946 const char *unit,
2947 const char *filename,
2948 unsigned line,
2949 const char *section,
2950 unsigned section_line,
2951 const char *lvalue,
2952 int ltype,
2953 const char *rvalue,
2954 void *data,
2955 void *userdata) {
2956
2957 ExecContext *c = data;
2958 bool invert = false;
2959 const char *p;
2960 int r;
2961
2962 assert(filename);
2963 assert(lvalue);
2964 assert(rvalue);
2965
2966 if (isempty(rvalue)) {
2967 /* Empty assignment resets the list */
2968 c->address_families = set_free(c->address_families);
2969 c->address_families_whitelist = false;
2970 return 0;
2971 }
2972
2973 if (rvalue[0] == '~') {
2974 invert = true;
2975 rvalue++;
2976 }
2977
2978 if (!c->address_families) {
2979 c->address_families = set_new(NULL);
2980 if (!c->address_families)
2981 return log_oom();
2982
2983 c->address_families_whitelist = !invert;
2984 }
2985
2986 for (p = rvalue;;) {
2987 _cleanup_free_ char *word = NULL;
2988 int af;
2989
2990 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
2991 if (r == 0)
2992 return 0;
2993 if (r == -ENOMEM)
2994 return log_oom();
2995 if (r < 0) {
2996 log_syntax(unit, LOG_WARNING, filename, line, r,
2997 "Invalid syntax, ignoring: %s", rvalue);
2998 return 0;
2999 }
3000
3001 af = af_from_name(word);
3002 if (af < 0) {
3003 log_syntax(unit, LOG_ERR, filename, line, af,
3004 "Failed to parse address family, ignoring: %s", word);
3005 continue;
3006 }
3007
3008 /* If we previously wanted to forbid an address family and now
3009 * we want to allow it, then just remove it from the list.
3010 */
3011 if (!invert == c->address_families_whitelist) {
3012 r = set_put(c->address_families, INT_TO_PTR(af));
3013 if (r < 0)
3014 return log_oom();
3015 } else
3016 set_remove(c->address_families, INT_TO_PTR(af));
3017 }
3018 }
3019
3020 int config_parse_restrict_namespaces(
3021 const char *unit,
3022 const char *filename,
3023 unsigned line,
3024 const char *section,
3025 unsigned section_line,
3026 const char *lvalue,
3027 int ltype,
3028 const char *rvalue,
3029 void *data,
3030 void *userdata) {
3031
3032 ExecContext *c = data;
3033 unsigned long flags;
3034 bool invert = false;
3035 int r;
3036
3037 if (isempty(rvalue)) {
3038 /* Reset to the default. */
3039 c->restrict_namespaces = NAMESPACE_FLAGS_INITIAL;
3040 return 0;
3041 }
3042
3043 /* Boolean parameter ignores the previous settings */
3044 r = parse_boolean(rvalue);
3045 if (r > 0) {
3046 c->restrict_namespaces = 0;
3047 return 0;
3048 } else if (r == 0) {
3049 c->restrict_namespaces = NAMESPACE_FLAGS_ALL;
3050 return 0;
3051 }
3052
3053 if (rvalue[0] == '~') {
3054 invert = true;
3055 rvalue++;
3056 }
3057
3058 /* Not a boolean argument, in this case it's a list of namespace types. */
3059 r = namespace_flags_from_string(rvalue, &flags);
3060 if (r < 0) {
3061 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse namespace type string, ignoring: %s", rvalue);
3062 return 0;
3063 }
3064
3065 if (c->restrict_namespaces == NAMESPACE_FLAGS_INITIAL)
3066 /* Initial assignment. Just set the value. */
3067 c->restrict_namespaces = invert ? (~flags) & NAMESPACE_FLAGS_ALL : flags;
3068 else
3069 /* Merge the value with the previous one. */
3070 SET_FLAG(c->restrict_namespaces, flags, !invert);
3071
3072 return 0;
3073 }
3074 #endif
3075
3076 int config_parse_unit_slice(
3077 const char *unit,
3078 const char *filename,
3079 unsigned line,
3080 const char *section,
3081 unsigned section_line,
3082 const char *lvalue,
3083 int ltype,
3084 const char *rvalue,
3085 void *data,
3086 void *userdata) {
3087
3088 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
3089 _cleanup_free_ char *k = NULL;
3090 Unit *u = userdata, *slice = NULL;
3091 int r;
3092
3093 assert(filename);
3094 assert(lvalue);
3095 assert(rvalue);
3096 assert(u);
3097
3098 r = unit_name_printf(u, rvalue, &k);
3099 if (r < 0) {
3100 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
3101 return 0;
3102 }
3103
3104 r = manager_load_unit(u->manager, k, NULL, &error, &slice);
3105 if (r < 0) {
3106 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to load slice unit %s, ignoring: %s", k, bus_error_message(&error, r));
3107 return 0;
3108 }
3109
3110 r = unit_set_slice(u, slice);
3111 if (r < 0) {
3112 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to assign slice %s to unit %s, ignoring: %m", slice->id, u->id);
3113 return 0;
3114 }
3115
3116 return 0;
3117 }
3118
3119 int config_parse_cpu_quota(
3120 const char *unit,
3121 const char *filename,
3122 unsigned line,
3123 const char *section,
3124 unsigned section_line,
3125 const char *lvalue,
3126 int ltype,
3127 const char *rvalue,
3128 void *data,
3129 void *userdata) {
3130
3131 CGroupContext *c = data;
3132 int r;
3133
3134 assert(filename);
3135 assert(lvalue);
3136 assert(rvalue);
3137
3138 if (isempty(rvalue)) {
3139 c->cpu_quota_per_sec_usec = USEC_INFINITY;
3140 return 0;
3141 }
3142
3143 r = parse_permille_unbounded(rvalue);
3144 if (r <= 0) {
3145 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid CPU quota '%s', ignoring.", rvalue);
3146 return 0;
3147 }
3148
3149 c->cpu_quota_per_sec_usec = ((usec_t) r * USEC_PER_SEC) / 1000U;
3150 return 0;
3151 }
3152
3153 int config_parse_memory_limit(
3154 const char *unit,
3155 const char *filename,
3156 unsigned line,
3157 const char *section,
3158 unsigned section_line,
3159 const char *lvalue,
3160 int ltype,
3161 const char *rvalue,
3162 void *data,
3163 void *userdata) {
3164
3165 CGroupContext *c = data;
3166 uint64_t bytes = CGROUP_LIMIT_MAX;
3167 int r;
3168
3169 if (!isempty(rvalue) && !streq(rvalue, "infinity")) {
3170
3171 r = parse_permille(rvalue);
3172 if (r < 0) {
3173 r = parse_size(rvalue, 1024, &bytes);
3174 if (r < 0) {
3175 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid memory limit '%s', ignoring: %m", rvalue);
3176 return 0;
3177 }
3178 } else
3179 bytes = physical_memory_scale(r, 1000U);
3180
3181 if (bytes >= UINT64_MAX ||
3182 (bytes <= 0 && !STR_IN_SET(lvalue, "MemorySwapMax", "MemoryLow", "MemoryMin", "DefaultMemoryLow", "DefaultMemoryMin"))) {
3183 log_syntax(unit, LOG_ERR, filename, line, 0, "Memory limit '%s' out of range, ignoring.", rvalue);
3184 return 0;
3185 }
3186 }
3187
3188 if (streq(lvalue, "DefaultMemoryLow")) {
3189 c->default_memory_low_set = true;
3190 if (isempty(rvalue))
3191 c->default_memory_low = CGROUP_LIMIT_MIN;
3192 else
3193 c->default_memory_low = bytes;
3194 } else if (streq(lvalue, "DefaultMemoryMin")) {
3195 c->default_memory_min_set = true;
3196 if (isempty(rvalue))
3197 c->default_memory_min = CGROUP_LIMIT_MIN;
3198 else
3199 c->default_memory_min = bytes;
3200 } else if (streq(lvalue, "MemoryMin")) {
3201 c->memory_min = bytes;
3202 c->memory_min_set = true;
3203 } else if (streq(lvalue, "MemoryLow")) {
3204 c->memory_low = bytes;
3205 c->memory_low_set = true;
3206 } else if (streq(lvalue, "MemoryHigh"))
3207 c->memory_high = bytes;
3208 else if (streq(lvalue, "MemoryMax"))
3209 c->memory_max = bytes;
3210 else if (streq(lvalue, "MemorySwapMax"))
3211 c->memory_swap_max = bytes;
3212 else if (streq(lvalue, "MemoryLimit"))
3213 c->memory_limit = bytes;
3214 else
3215 return -EINVAL;
3216
3217 return 0;
3218 }
3219
3220 int config_parse_tasks_max(
3221 const char *unit,
3222 const char *filename,
3223 unsigned line,
3224 const char *section,
3225 unsigned section_line,
3226 const char *lvalue,
3227 int ltype,
3228 const char *rvalue,
3229 void *data,
3230 void *userdata) {
3231
3232 uint64_t *tasks_max = data, v;
3233 Unit *u = userdata;
3234 int r;
3235
3236 if (isempty(rvalue)) {
3237 *tasks_max = u ? u->manager->default_tasks_max : UINT64_MAX;
3238 return 0;
3239 }
3240
3241 if (streq(rvalue, "infinity")) {
3242 *tasks_max = CGROUP_LIMIT_MAX;
3243 return 0;
3244 }
3245
3246 r = parse_permille(rvalue);
3247 if (r < 0) {
3248 r = safe_atou64(rvalue, &v);
3249 if (r < 0) {
3250 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid maximum tasks value '%s', ignoring: %m", rvalue);
3251 return 0;
3252 }
3253 } else
3254 v = system_tasks_max_scale(r, 1000U);
3255
3256 if (v <= 0 || v >= UINT64_MAX) {
3257 log_syntax(unit, LOG_ERR, filename, line, 0, "Maximum tasks value '%s' out of range, ignoring.", rvalue);
3258 return 0;
3259 }
3260
3261 *tasks_max = v;
3262 return 0;
3263 }
3264
3265 int config_parse_delegate(
3266 const char *unit,
3267 const char *filename,
3268 unsigned line,
3269 const char *section,
3270 unsigned section_line,
3271 const char *lvalue,
3272 int ltype,
3273 const char *rvalue,
3274 void *data,
3275 void *userdata) {
3276
3277 CGroupContext *c = data;
3278 UnitType t;
3279 int r;
3280
3281 t = unit_name_to_type(unit);
3282 assert(t != _UNIT_TYPE_INVALID);
3283
3284 if (!unit_vtable[t]->can_delegate) {
3285 log_syntax(unit, LOG_ERR, filename, line, 0, "Delegate= setting not supported for this unit type, ignoring.");
3286 return 0;
3287 }
3288
3289 /* We either accept a boolean value, which may be used to turn on delegation for all controllers, or turn it
3290 * off for all. Or it takes a list of controller names, in which case we add the specified controllers to the
3291 * mask to delegate. */
3292
3293 if (isempty(rvalue)) {
3294 /* An empty string resets controllers and set Delegate=yes. */
3295 c->delegate = true;
3296 c->delegate_controllers = 0;
3297 return 0;
3298 }
3299
3300 r = parse_boolean(rvalue);
3301 if (r < 0) {
3302 const char *p = rvalue;
3303 CGroupMask mask = 0;
3304
3305 for (;;) {
3306 _cleanup_free_ char *word = NULL;
3307 CGroupController cc;
3308
3309 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
3310 if (r == 0)
3311 break;
3312 if (r == -ENOMEM)
3313 return log_oom();
3314 if (r < 0) {
3315 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
3316 return 0;
3317 }
3318
3319 cc = cgroup_controller_from_string(word);
3320 if (cc < 0) {
3321 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid controller name '%s', ignoring", word);
3322 continue;
3323 }
3324
3325 mask |= CGROUP_CONTROLLER_TO_MASK(cc);
3326 }
3327
3328 c->delegate = true;
3329 c->delegate_controllers |= mask;
3330
3331 } else if (r > 0) {
3332 c->delegate = true;
3333 c->delegate_controllers = _CGROUP_MASK_ALL;
3334 } else {
3335 c->delegate = false;
3336 c->delegate_controllers = 0;
3337 }
3338
3339 return 0;
3340 }
3341
3342 int config_parse_device_allow(
3343 const char *unit,
3344 const char *filename,
3345 unsigned line,
3346 const char *section,
3347 unsigned section_line,
3348 const char *lvalue,
3349 int ltype,
3350 const char *rvalue,
3351 void *data,
3352 void *userdata) {
3353
3354 _cleanup_free_ char *path = NULL, *resolved = NULL;
3355 CGroupContext *c = data;
3356 const char *p = rvalue;
3357 int r;
3358
3359 if (isempty(rvalue)) {
3360 while (c->device_allow)
3361 cgroup_context_free_device_allow(c, c->device_allow);
3362
3363 return 0;
3364 }
3365
3366 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3367 if (r == -ENOMEM)
3368 return log_oom();
3369 if (r < 0) {
3370 log_syntax(unit, LOG_WARNING, filename, line, r,
3371 "Invalid syntax, ignoring: %s", rvalue);
3372 return 0;
3373 }
3374 if (r == 0) {
3375 log_syntax(unit, LOG_WARNING, filename, line, 0,
3376 "Failed to extract device path and rights from '%s', ignoring.", rvalue);
3377 return 0;
3378 }
3379
3380 r = unit_full_printf(userdata, path, &resolved);
3381 if (r < 0) {
3382 log_syntax(unit, LOG_WARNING, filename, line, r,
3383 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
3384 return 0;
3385 }
3386
3387 if (!STARTSWITH_SET(resolved, "block-", "char-")) {
3388
3389 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3390 if (r < 0)
3391 return 0;
3392
3393 if (!valid_device_node_path(resolved)) {
3394 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid device node path '%s', ignoring.", resolved);
3395 return 0;
3396 }
3397 }
3398
3399 if (!isempty(p) && !in_charset(p, "rwm")) {
3400 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid device rights '%s', ignoring.", p);
3401 return 0;
3402 }
3403
3404 return cgroup_add_device_allow(c, resolved, p);
3405 }
3406
3407 int config_parse_io_device_weight(
3408 const char *unit,
3409 const char *filename,
3410 unsigned line,
3411 const char *section,
3412 unsigned section_line,
3413 const char *lvalue,
3414 int ltype,
3415 const char *rvalue,
3416 void *data,
3417 void *userdata) {
3418
3419 _cleanup_free_ char *path = NULL, *resolved = NULL;
3420 CGroupIODeviceWeight *w;
3421 CGroupContext *c = data;
3422 const char *p = rvalue;
3423 uint64_t u;
3424 int r;
3425
3426 assert(filename);
3427 assert(lvalue);
3428 assert(rvalue);
3429
3430 if (isempty(rvalue)) {
3431 while (c->io_device_weights)
3432 cgroup_context_free_io_device_weight(c, c->io_device_weights);
3433
3434 return 0;
3435 }
3436
3437 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3438 if (r == -ENOMEM)
3439 return log_oom();
3440 if (r < 0) {
3441 log_syntax(unit, LOG_WARNING, filename, line, r,
3442 "Invalid syntax, ignoring: %s", rvalue);
3443 return 0;
3444 }
3445 if (r == 0 || isempty(p)) {
3446 log_syntax(unit, LOG_WARNING, filename, line, 0,
3447 "Failed to extract device path and weight from '%s', ignoring.", rvalue);
3448 return 0;
3449 }
3450
3451 r = unit_full_printf(userdata, path, &resolved);
3452 if (r < 0) {
3453 log_syntax(unit, LOG_WARNING, filename, line, r,
3454 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
3455 return 0;
3456 }
3457
3458 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3459 if (r < 0)
3460 return 0;
3461
3462 r = cg_weight_parse(p, &u);
3463 if (r < 0) {
3464 log_syntax(unit, LOG_ERR, filename, line, r, "IO weight '%s' invalid, ignoring: %m", p);
3465 return 0;
3466 }
3467
3468 assert(u != CGROUP_WEIGHT_INVALID);
3469
3470 w = new0(CGroupIODeviceWeight, 1);
3471 if (!w)
3472 return log_oom();
3473
3474 w->path = TAKE_PTR(resolved);
3475 w->weight = u;
3476
3477 LIST_PREPEND(device_weights, c->io_device_weights, w);
3478 return 0;
3479 }
3480
3481 int config_parse_io_device_latency(
3482 const char *unit,
3483 const char *filename,
3484 unsigned line,
3485 const char *section,
3486 unsigned section_line,
3487 const char *lvalue,
3488 int ltype,
3489 const char *rvalue,
3490 void *data,
3491 void *userdata) {
3492
3493 _cleanup_free_ char *path = NULL, *resolved = NULL;
3494 CGroupIODeviceLatency *l;
3495 CGroupContext *c = data;
3496 const char *p = rvalue;
3497 usec_t usec;
3498 int r;
3499
3500 assert(filename);
3501 assert(lvalue);
3502 assert(rvalue);
3503
3504 if (isempty(rvalue)) {
3505 while (c->io_device_latencies)
3506 cgroup_context_free_io_device_latency(c, c->io_device_latencies);
3507
3508 return 0;
3509 }
3510
3511 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3512 if (r == -ENOMEM)
3513 return log_oom();
3514 if (r < 0) {
3515 log_syntax(unit, LOG_WARNING, filename, line, r,
3516 "Invalid syntax, ignoring: %s", rvalue);
3517 return 0;
3518 }
3519 if (r == 0 || isempty(p)) {
3520 log_syntax(unit, LOG_WARNING, filename, line, 0,
3521 "Failed to extract device path and latency from '%s', ignoring.", rvalue);
3522 return 0;
3523 }
3524
3525 r = unit_full_printf(userdata, path, &resolved);
3526 if (r < 0) {
3527 log_syntax(unit, LOG_WARNING, filename, line, r,
3528 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
3529 return 0;
3530 }
3531
3532 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3533 if (r < 0)
3534 return 0;
3535
3536 if (parse_sec(p, &usec) < 0) {
3537 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse timer value, ignoring: %s", p);
3538 return 0;
3539 }
3540
3541 l = new0(CGroupIODeviceLatency, 1);
3542 if (!l)
3543 return log_oom();
3544
3545 l->path = TAKE_PTR(resolved);
3546 l->target_usec = usec;
3547
3548 LIST_PREPEND(device_latencies, c->io_device_latencies, l);
3549 return 0;
3550 }
3551
3552 int config_parse_io_limit(
3553 const char *unit,
3554 const char *filename,
3555 unsigned line,
3556 const char *section,
3557 unsigned section_line,
3558 const char *lvalue,
3559 int ltype,
3560 const char *rvalue,
3561 void *data,
3562 void *userdata) {
3563
3564 _cleanup_free_ char *path = NULL, *resolved = NULL;
3565 CGroupIODeviceLimit *l = NULL, *t;
3566 CGroupContext *c = data;
3567 CGroupIOLimitType type;
3568 const char *p = rvalue;
3569 uint64_t num;
3570 int r;
3571
3572 assert(filename);
3573 assert(lvalue);
3574 assert(rvalue);
3575
3576 type = cgroup_io_limit_type_from_string(lvalue);
3577 assert(type >= 0);
3578
3579 if (isempty(rvalue)) {
3580 LIST_FOREACH(device_limits, l, c->io_device_limits)
3581 l->limits[type] = cgroup_io_limit_defaults[type];
3582 return 0;
3583 }
3584
3585 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3586 if (r == -ENOMEM)
3587 return log_oom();
3588 if (r < 0) {
3589 log_syntax(unit, LOG_WARNING, filename, line, r,
3590 "Invalid syntax, ignoring: %s", rvalue);
3591 return 0;
3592 }
3593 if (r == 0 || isempty(p)) {
3594 log_syntax(unit, LOG_WARNING, filename, line, 0,
3595 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue);
3596 return 0;
3597 }
3598
3599 r = unit_full_printf(userdata, path, &resolved);
3600 if (r < 0) {
3601 log_syntax(unit, LOG_WARNING, filename, line, r,
3602 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
3603 return 0;
3604 }
3605
3606 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3607 if (r < 0)
3608 return 0;
3609
3610 if (streq("infinity", p))
3611 num = CGROUP_LIMIT_MAX;
3612 else {
3613 r = parse_size(p, 1000, &num);
3614 if (r < 0 || num <= 0) {
3615 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid IO limit '%s', ignoring.", p);
3616 return 0;
3617 }
3618 }
3619
3620 LIST_FOREACH(device_limits, t, c->io_device_limits) {
3621 if (path_equal(resolved, t->path)) {
3622 l = t;
3623 break;
3624 }
3625 }
3626
3627 if (!l) {
3628 CGroupIOLimitType ttype;
3629
3630 l = new0(CGroupIODeviceLimit, 1);
3631 if (!l)
3632 return log_oom();
3633
3634 l->path = TAKE_PTR(resolved);
3635 for (ttype = 0; ttype < _CGROUP_IO_LIMIT_TYPE_MAX; ttype++)
3636 l->limits[ttype] = cgroup_io_limit_defaults[ttype];
3637
3638 LIST_PREPEND(device_limits, c->io_device_limits, l);
3639 }
3640
3641 l->limits[type] = num;
3642
3643 return 0;
3644 }
3645
3646 int config_parse_blockio_device_weight(
3647 const char *unit,
3648 const char *filename,
3649 unsigned line,
3650 const char *section,
3651 unsigned section_line,
3652 const char *lvalue,
3653 int ltype,
3654 const char *rvalue,
3655 void *data,
3656 void *userdata) {
3657
3658 _cleanup_free_ char *path = NULL, *resolved = NULL;
3659 CGroupBlockIODeviceWeight *w;
3660 CGroupContext *c = data;
3661 const char *p = rvalue;
3662 uint64_t u;
3663 int r;
3664
3665 assert(filename);
3666 assert(lvalue);
3667 assert(rvalue);
3668
3669 if (isempty(rvalue)) {
3670 while (c->blockio_device_weights)
3671 cgroup_context_free_blockio_device_weight(c, c->blockio_device_weights);
3672
3673 return 0;
3674 }
3675
3676 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3677 if (r == -ENOMEM)
3678 return log_oom();
3679 if (r < 0) {
3680 log_syntax(unit, LOG_WARNING, filename, line, r,
3681 "Invalid syntax, ignoring: %s", rvalue);
3682 return 0;
3683 }
3684 if (r == 0 || isempty(p)) {
3685 log_syntax(unit, LOG_WARNING, filename, line, 0,
3686 "Failed to extract device node and weight from '%s', ignoring.", rvalue);
3687 return 0;
3688 }
3689
3690 r = unit_full_printf(userdata, path, &resolved);
3691 if (r < 0) {
3692 log_syntax(unit, LOG_WARNING, filename, line, r,
3693 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
3694 return 0;
3695 }
3696
3697 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3698 if (r < 0)
3699 return 0;
3700
3701 r = cg_blkio_weight_parse(p, &u);
3702 if (r < 0) {
3703 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid block IO weight '%s', ignoring: %m", p);
3704 return 0;
3705 }
3706
3707 assert(u != CGROUP_BLKIO_WEIGHT_INVALID);
3708
3709 w = new0(CGroupBlockIODeviceWeight, 1);
3710 if (!w)
3711 return log_oom();
3712
3713 w->path = TAKE_PTR(resolved);
3714 w->weight = u;
3715
3716 LIST_PREPEND(device_weights, c->blockio_device_weights, w);
3717 return 0;
3718 }
3719
3720 int config_parse_blockio_bandwidth(
3721 const char *unit,
3722 const char *filename,
3723 unsigned line,
3724 const char *section,
3725 unsigned section_line,
3726 const char *lvalue,
3727 int ltype,
3728 const char *rvalue,
3729 void *data,
3730 void *userdata) {
3731
3732 _cleanup_free_ char *path = NULL, *resolved = NULL;
3733 CGroupBlockIODeviceBandwidth *b = NULL, *t;
3734 CGroupContext *c = data;
3735 const char *p = rvalue;
3736 uint64_t bytes;
3737 bool read;
3738 int r;
3739
3740 assert(filename);
3741 assert(lvalue);
3742 assert(rvalue);
3743
3744 read = streq("BlockIOReadBandwidth", lvalue);
3745
3746 if (isempty(rvalue)) {
3747 LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths) {
3748 b->rbps = CGROUP_LIMIT_MAX;
3749 b->wbps = CGROUP_LIMIT_MAX;
3750 }
3751 return 0;
3752 }
3753
3754 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3755 if (r == -ENOMEM)
3756 return log_oom();
3757 if (r < 0) {
3758 log_syntax(unit, LOG_WARNING, filename, line, r,
3759 "Invalid syntax, ignoring: %s", rvalue);
3760 return 0;
3761 }
3762 if (r == 0 || isempty(p)) {
3763 log_syntax(unit, LOG_WARNING, filename, line, 0,
3764 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue);
3765 return 0;
3766 }
3767
3768 r = unit_full_printf(userdata, path, &resolved);
3769 if (r < 0) {
3770 log_syntax(unit, LOG_WARNING, filename, line, r,
3771 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
3772 return 0;
3773 }
3774
3775 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3776 if (r < 0)
3777 return 0;
3778
3779 r = parse_size(p, 1000, &bytes);
3780 if (r < 0 || bytes <= 0) {
3781 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid Block IO Bandwidth '%s', ignoring.", p);
3782 return 0;
3783 }
3784
3785 LIST_FOREACH(device_bandwidths, t, c->blockio_device_bandwidths) {
3786 if (path_equal(resolved, t->path)) {
3787 b = t;
3788 break;
3789 }
3790 }
3791
3792 if (!t) {
3793 b = new0(CGroupBlockIODeviceBandwidth, 1);
3794 if (!b)
3795 return log_oom();
3796
3797 b->path = TAKE_PTR(resolved);
3798 b->rbps = CGROUP_LIMIT_MAX;
3799 b->wbps = CGROUP_LIMIT_MAX;
3800
3801 LIST_PREPEND(device_bandwidths, c->blockio_device_bandwidths, b);
3802 }
3803
3804 if (read)
3805 b->rbps = bytes;
3806 else
3807 b->wbps = bytes;
3808
3809 return 0;
3810 }
3811
3812 int config_parse_job_mode_isolate(
3813 const char *unit,
3814 const char *filename,
3815 unsigned line,
3816 const char *section,
3817 unsigned section_line,
3818 const char *lvalue,
3819 int ltype,
3820 const char *rvalue,
3821 void *data,
3822 void *userdata) {
3823
3824 JobMode *m = data;
3825 int r;
3826
3827 assert(filename);
3828 assert(lvalue);
3829 assert(rvalue);
3830
3831 r = parse_boolean(rvalue);
3832 if (r < 0) {
3833 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse boolean, ignoring: %s", rvalue);
3834 return 0;
3835 }
3836
3837 log_notice("%s is deprecated. Please use OnFailureJobMode= instead", lvalue);
3838
3839 *m = r ? JOB_ISOLATE : JOB_REPLACE;
3840 return 0;
3841 }
3842
3843 int config_parse_exec_directories(
3844 const char *unit,
3845 const char *filename,
3846 unsigned line,
3847 const char *section,
3848 unsigned section_line,
3849 const char *lvalue,
3850 int ltype,
3851 const char *rvalue,
3852 void *data,
3853 void *userdata) {
3854
3855 char***rt = data;
3856 Unit *u = userdata;
3857 const char *p;
3858 int r;
3859
3860 assert(filename);
3861 assert(lvalue);
3862 assert(rvalue);
3863 assert(data);
3864
3865 if (isempty(rvalue)) {
3866 /* Empty assignment resets the list */
3867 *rt = strv_free(*rt);
3868 return 0;
3869 }
3870
3871 for (p = rvalue;;) {
3872 _cleanup_free_ char *word = NULL, *k = NULL;
3873
3874 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
3875 if (r == -ENOMEM)
3876 return log_oom();
3877 if (r < 0) {
3878 log_syntax(unit, LOG_WARNING, filename, line, r,
3879 "Invalid syntax, ignoring: %s", rvalue);
3880 return 0;
3881 }
3882 if (r == 0)
3883 return 0;
3884
3885 r = unit_full_printf(u, word, &k);
3886 if (r < 0) {
3887 log_syntax(unit, LOG_ERR, filename, line, r,
3888 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word);
3889 continue;
3890 }
3891
3892 r = path_simplify_and_warn(k, PATH_CHECK_RELATIVE, unit, filename, line, lvalue);
3893 if (r < 0)
3894 continue;
3895
3896 if (path_startswith(k, "private")) {
3897 log_syntax(unit, LOG_ERR, filename, line, 0,
3898 "%s= path can't be 'private', ignoring assignment: %s", lvalue, word);
3899 continue;
3900 }
3901
3902 r = strv_push(rt, k);
3903 if (r < 0)
3904 return log_oom();
3905 k = NULL;
3906 }
3907 }
3908
3909 int config_parse_set_status(
3910 const char *unit,
3911 const char *filename,
3912 unsigned line,
3913 const char *section,
3914 unsigned section_line,
3915 const char *lvalue,
3916 int ltype,
3917 const char *rvalue,
3918 void *data,
3919 void *userdata) {
3920
3921 size_t l;
3922 const char *word, *state;
3923 int r;
3924 ExitStatusSet *status_set = data;
3925
3926 assert(filename);
3927 assert(lvalue);
3928 assert(rvalue);
3929 assert(data);
3930
3931 /* Empty assignment resets the list */
3932 if (isempty(rvalue)) {
3933 exit_status_set_free(status_set);
3934 return 0;
3935 }
3936
3937 FOREACH_WORD(word, l, rvalue, state) {
3938 _cleanup_free_ char *temp;
3939 int val;
3940 Set **set;
3941
3942 temp = strndup(word, l);
3943 if (!temp)
3944 return log_oom();
3945
3946 r = safe_atoi(temp, &val);
3947 if (r < 0) {
3948 val = signal_from_string(temp);
3949
3950 if (val <= 0) {
3951 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse value, ignoring: %s", word);
3952 continue;
3953 }
3954 set = &status_set->signal;
3955 } else {
3956 if (val < 0 || val > 255) {
3957 log_syntax(unit, LOG_ERR, filename, line, 0, "Value %d is outside range 0-255, ignoring", val);
3958 continue;
3959 }
3960 set = &status_set->status;
3961 }
3962
3963 r = set_ensure_allocated(set, NULL);
3964 if (r < 0)
3965 return log_oom();
3966
3967 r = set_put(*set, INT_TO_PTR(val));
3968 if (r < 0)
3969 return log_oom();
3970 }
3971 if (!isempty(state))
3972 log_syntax(unit, LOG_ERR, filename, line, 0, "Trailing garbage, ignoring.");
3973
3974 return 0;
3975 }
3976
3977 int config_parse_namespace_path_strv(
3978 const char *unit,
3979 const char *filename,
3980 unsigned line,
3981 const char *section,
3982 unsigned section_line,
3983 const char *lvalue,
3984 int ltype,
3985 const char *rvalue,
3986 void *data,
3987 void *userdata) {
3988
3989 Unit *u = userdata;
3990 char*** sv = data;
3991 const char *p = rvalue;
3992 int r;
3993
3994 assert(filename);
3995 assert(lvalue);
3996 assert(rvalue);
3997 assert(data);
3998
3999 if (isempty(rvalue)) {
4000 /* Empty assignment resets the list */
4001 *sv = strv_free(*sv);
4002 return 0;
4003 }
4004
4005 for (;;) {
4006 _cleanup_free_ char *word = NULL, *resolved = NULL, *joined = NULL;
4007 const char *w;
4008 bool ignore_enoent = false, shall_prefix = false;
4009
4010 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
4011 if (r == 0)
4012 break;
4013 if (r == -ENOMEM)
4014 return log_oom();
4015 if (r < 0) {
4016 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to extract first word, ignoring: %s", rvalue);
4017 return 0;
4018 }
4019
4020 w = word;
4021 if (startswith(w, "-")) {
4022 ignore_enoent = true;
4023 w++;
4024 }
4025 if (startswith(w, "+")) {
4026 shall_prefix = true;
4027 w++;
4028 }
4029
4030 r = unit_full_printf(u, w, &resolved);
4031 if (r < 0) {
4032 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", w);
4033 continue;
4034 }
4035
4036 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4037 if (r < 0)
4038 continue;
4039
4040 joined = strjoin(ignore_enoent ? "-" : "",
4041 shall_prefix ? "+" : "",
4042 resolved);
4043
4044 r = strv_push(sv, joined);
4045 if (r < 0)
4046 return log_oom();
4047
4048 joined = NULL;
4049 }
4050
4051 return 0;
4052 }
4053
4054 int config_parse_temporary_filesystems(
4055 const char *unit,
4056 const char *filename,
4057 unsigned line,
4058 const char *section,
4059 unsigned section_line,
4060 const char *lvalue,
4061 int ltype,
4062 const char *rvalue,
4063 void *data,
4064 void *userdata) {
4065
4066 Unit *u = userdata;
4067 ExecContext *c = data;
4068 const char *p = rvalue;
4069 int r;
4070
4071 assert(filename);
4072 assert(lvalue);
4073 assert(rvalue);
4074 assert(data);
4075
4076 if (isempty(rvalue)) {
4077 /* Empty assignment resets the list */
4078 temporary_filesystem_free_many(c->temporary_filesystems, c->n_temporary_filesystems);
4079 c->temporary_filesystems = NULL;
4080 c->n_temporary_filesystems = 0;
4081 return 0;
4082 }
4083
4084 for (;;) {
4085 _cleanup_free_ char *word = NULL, *path = NULL, *resolved = NULL;
4086 const char *w;
4087
4088 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
4089 if (r == 0)
4090 return 0;
4091 if (r == -ENOMEM)
4092 return log_oom();
4093 if (r < 0) {
4094 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to extract first word, ignoring: %s", rvalue);
4095 return 0;
4096 }
4097
4098 w = word;
4099 r = extract_first_word(&w, &path, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
4100 if (r == -ENOMEM)
4101 return log_oom();
4102 if (r < 0) {
4103 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to extract first word, ignoring: %s", word);
4104 continue;
4105 }
4106 if (r == 0) {
4107 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid syntax, ignoring: %s", word);
4108 continue;
4109 }
4110
4111 r = unit_full_printf(u, path, &resolved);
4112 if (r < 0) {
4113 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", path);
4114 continue;
4115 }
4116
4117 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4118 if (r < 0)
4119 continue;
4120
4121 r = temporary_filesystem_add(&c->temporary_filesystems, &c->n_temporary_filesystems, resolved, w);
4122 if (r < 0)
4123 return log_oom();
4124 }
4125 }
4126
4127 int config_parse_bind_paths(
4128 const char *unit,
4129 const char *filename,
4130 unsigned line,
4131 const char *section,
4132 unsigned section_line,
4133 const char *lvalue,
4134 int ltype,
4135 const char *rvalue,
4136 void *data,
4137 void *userdata) {
4138
4139 ExecContext *c = data;
4140 Unit *u = userdata;
4141 const char *p;
4142 int r;
4143
4144 assert(filename);
4145 assert(lvalue);
4146 assert(rvalue);
4147 assert(data);
4148
4149 if (isempty(rvalue)) {
4150 /* Empty assignment resets the list */
4151 bind_mount_free_many(c->bind_mounts, c->n_bind_mounts);
4152 c->bind_mounts = NULL;
4153 c->n_bind_mounts = 0;
4154 return 0;
4155 }
4156
4157 p = rvalue;
4158 for (;;) {
4159 _cleanup_free_ char *source = NULL, *destination = NULL;
4160 _cleanup_free_ char *sresolved = NULL, *dresolved = NULL;
4161 char *s = NULL, *d = NULL;
4162 bool rbind = true, ignore_enoent = false;
4163
4164 r = extract_first_word(&p, &source, ":" WHITESPACE, EXTRACT_UNQUOTE|EXTRACT_DONT_COALESCE_SEPARATORS);
4165 if (r == 0)
4166 break;
4167 if (r == -ENOMEM)
4168 return log_oom();
4169 if (r < 0) {
4170 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s, ignoring: %s", lvalue, rvalue);
4171 return 0;
4172 }
4173
4174 r = unit_full_printf(u, source, &sresolved);
4175 if (r < 0) {
4176 log_syntax(unit, LOG_ERR, filename, line, r,
4177 "Failed to resolved unit specifiers in \"%s\", ignoring: %m", source);
4178 continue;
4179 }
4180
4181 s = sresolved;
4182 if (s[0] == '-') {
4183 ignore_enoent = true;
4184 s++;
4185 }
4186
4187 r = path_simplify_and_warn(s, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4188 if (r < 0)
4189 continue;
4190
4191 /* Optionally, the destination is specified. */
4192 if (p && p[-1] == ':') {
4193 r = extract_first_word(&p, &destination, ":" WHITESPACE, EXTRACT_UNQUOTE|EXTRACT_DONT_COALESCE_SEPARATORS);
4194 if (r == -ENOMEM)
4195 return log_oom();
4196 if (r < 0) {
4197 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s, ignoring: %s", lvalue, rvalue);
4198 return 0;
4199 }
4200 if (r == 0) {
4201 log_syntax(unit, LOG_ERR, filename, line, 0, "Missing argument after ':', ignoring: %s", s);
4202 continue;
4203 }
4204
4205 r = unit_full_printf(u, destination, &dresolved);
4206 if (r < 0) {
4207 log_syntax(unit, LOG_ERR, filename, line, r,
4208 "Failed to resolved specifiers in \"%s\", ignoring: %m", destination);
4209 continue;
4210 }
4211
4212 r = path_simplify_and_warn(dresolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4213 if (r < 0)
4214 continue;
4215
4216 d = dresolved;
4217
4218 /* Optionally, there's also a short option string specified */
4219 if (p && p[-1] == ':') {
4220 _cleanup_free_ char *options = NULL;
4221
4222 r = extract_first_word(&p, &options, NULL, EXTRACT_UNQUOTE);
4223 if (r == -ENOMEM)
4224 return log_oom();
4225 if (r < 0) {
4226 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s: %s", lvalue, rvalue);
4227 return 0;
4228 }
4229
4230 if (isempty(options) || streq(options, "rbind"))
4231 rbind = true;
4232 else if (streq(options, "norbind"))
4233 rbind = false;
4234 else {
4235 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid option string, ignoring setting: %s", options);
4236 continue;
4237 }
4238 }
4239 } else
4240 d = s;
4241
4242 r = bind_mount_add(&c->bind_mounts, &c->n_bind_mounts,
4243 &(BindMount) {
4244 .source = s,
4245 .destination = d,
4246 .read_only = !!strstr(lvalue, "ReadOnly"),
4247 .recursive = rbind,
4248 .ignore_enoent = ignore_enoent,
4249 });
4250 if (r < 0)
4251 return log_oom();
4252 }
4253
4254 return 0;
4255 }
4256
4257 int config_parse_job_timeout_sec(
4258 const char* unit,
4259 const char *filename,
4260 unsigned line,
4261 const char *section,
4262 unsigned section_line,
4263 const char *lvalue,
4264 int ltype,
4265 const char *rvalue,
4266 void *data,
4267 void *userdata) {
4268
4269 Unit *u = data;
4270 usec_t usec;
4271 int r;
4272
4273 assert(filename);
4274 assert(lvalue);
4275 assert(rvalue);
4276 assert(u);
4277
4278 r = parse_sec_fix_0(rvalue, &usec);
4279 if (r < 0) {
4280 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse JobTimeoutSec= parameter, ignoring: %s", rvalue);
4281 return 0;
4282 }
4283
4284 /* If the user explicitly changed JobTimeoutSec= also change JobRunningTimeoutSec=, for compatibility with old
4285 * versions. If JobRunningTimeoutSec= was explicitly set, avoid this however as whatever the user picked should
4286 * count. */
4287
4288 if (!u->job_running_timeout_set)
4289 u->job_running_timeout = usec;
4290
4291 u->job_timeout = usec;
4292
4293 return 0;
4294 }
4295
4296 int config_parse_job_running_timeout_sec(
4297 const char* unit,
4298 const char *filename,
4299 unsigned line,
4300 const char *section,
4301 unsigned section_line,
4302 const char *lvalue,
4303 int ltype,
4304 const char *rvalue,
4305 void *data,
4306 void *userdata) {
4307
4308 Unit *u = data;
4309 usec_t usec;
4310 int r;
4311
4312 assert(filename);
4313 assert(lvalue);
4314 assert(rvalue);
4315 assert(u);
4316
4317 r = parse_sec_fix_0(rvalue, &usec);
4318 if (r < 0) {
4319 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse JobRunningTimeoutSec= parameter, ignoring: %s", rvalue);
4320 return 0;
4321 }
4322
4323 u->job_running_timeout = usec;
4324 u->job_running_timeout_set = true;
4325
4326 return 0;
4327 }
4328
4329 int config_parse_emergency_action(
4330 const char* unit,
4331 const char *filename,
4332 unsigned line,
4333 const char *section,
4334 unsigned section_line,
4335 const char *lvalue,
4336 int ltype,
4337 const char *rvalue,
4338 void *data,
4339 void *userdata) {
4340
4341 Manager *m = NULL;
4342 EmergencyAction *x = data;
4343 int r;
4344
4345 assert(filename);
4346 assert(lvalue);
4347 assert(rvalue);
4348 assert(data);
4349
4350 if (unit)
4351 m = ((Unit*) userdata)->manager;
4352 else
4353 m = data;
4354
4355 r = parse_emergency_action(rvalue, MANAGER_IS_SYSTEM(m), x);
4356 if (r < 0) {
4357 if (r == -EOPNOTSUPP && MANAGER_IS_USER(m)) {
4358 /* Compat mode: remove for systemd 241. */
4359
4360 log_syntax(unit, LOG_INFO, filename, line, r,
4361 "%s= in user mode specified as \"%s\", using \"exit-force\" instead.",
4362 lvalue, rvalue);
4363 *x = EMERGENCY_ACTION_EXIT_FORCE;
4364 return 0;
4365 }
4366
4367 if (r == -EOPNOTSUPP)
4368 log_syntax(unit, LOG_ERR, filename, line, r,
4369 "%s= specified as %s mode action, ignoring: %s",
4370 lvalue, MANAGER_IS_SYSTEM(m) ? "user" : "system", rvalue);
4371 else
4372 log_syntax(unit, LOG_ERR, filename, line, r,
4373 "Failed to parse %s=, ignoring: %s", lvalue, rvalue);
4374 return 0;
4375 }
4376
4377 return 0;
4378 }
4379
4380 int config_parse_pid_file(
4381 const char *unit,
4382 const char *filename,
4383 unsigned line,
4384 const char *section,
4385 unsigned section_line,
4386 const char *lvalue,
4387 int ltype,
4388 const char *rvalue,
4389 void *data,
4390 void *userdata) {
4391
4392 _cleanup_free_ char *k = NULL, *n = NULL;
4393 Unit *u = userdata;
4394 char **s = data;
4395 int r;
4396
4397 assert(filename);
4398 assert(lvalue);
4399 assert(rvalue);
4400 assert(u);
4401
4402 if (isempty(rvalue)) {
4403 /* An empty assignment removes already set value. */
4404 *s = mfree(*s);
4405 return 0;
4406 }
4407
4408 r = unit_full_printf(u, rvalue, &k);
4409 if (r < 0) {
4410 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
4411 return 0;
4412 }
4413
4414 /* If this is a relative path make it absolute by prefixing the /run */
4415 n = path_make_absolute(k, u->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
4416 if (!n)
4417 return log_oom();
4418
4419 /* Check that the result is a sensible path */
4420 r = path_simplify_and_warn(n, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4421 if (r < 0)
4422 return r;
4423
4424 r = patch_var_run(unit, filename, line, lvalue, &n);
4425 if (r < 0)
4426 return r;
4427
4428 free_and_replace(*s, n);
4429 return 0;
4430 }
4431
4432 int config_parse_exit_status(
4433 const char *unit,
4434 const char *filename,
4435 unsigned line,
4436 const char *section,
4437 unsigned section_line,
4438 const char *lvalue,
4439 int ltype,
4440 const char *rvalue,
4441 void *data,
4442 void *userdata) {
4443
4444 int *exit_status = data, r;
4445 uint8_t u;
4446
4447 assert(filename);
4448 assert(lvalue);
4449 assert(rvalue);
4450 assert(exit_status);
4451
4452 if (isempty(rvalue)) {
4453 *exit_status = -1;
4454 return 0;
4455 }
4456
4457 r = safe_atou8(rvalue, &u);
4458 if (r < 0) {
4459 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse exit status '%s', ignoring: %m", rvalue);
4460 return 0;
4461 }
4462
4463 *exit_status = u;
4464 return 0;
4465 }
4466
4467 int config_parse_disable_controllers(
4468 const char *unit,
4469 const char *filename,
4470 unsigned line,
4471 const char *section,
4472 unsigned section_line,
4473 const char *lvalue,
4474 int ltype,
4475 const char *rvalue,
4476 void *data,
4477 void *userdata) {
4478
4479 int r;
4480 CGroupContext *c = data;
4481 CGroupMask disabled_mask;
4482
4483 /* 1. If empty, make all controllers eligible for use again.
4484 * 2. If non-empty, merge all listed controllers, space separated. */
4485
4486 if (isempty(rvalue)) {
4487 c->disable_controllers = 0;
4488 return 0;
4489 }
4490
4491 r = cg_mask_from_string(rvalue, &disabled_mask);
4492 if (r < 0 || disabled_mask <= 0) {
4493 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid cgroup string: %s, ignoring", rvalue);
4494 return 0;
4495 }
4496
4497 c->disable_controllers |= disabled_mask;
4498
4499 return 0;
4500 }
4501
4502 int config_parse_ip_filter_bpf_progs(
4503 const char *unit,
4504 const char *filename,
4505 unsigned line,
4506 const char *section,
4507 unsigned section_line,
4508 const char *lvalue,
4509 int ltype,
4510 const char *rvalue,
4511 void *data,
4512 void *userdata) {
4513
4514 _cleanup_free_ char *resolved = NULL;
4515 Unit *u = userdata;
4516 char ***paths = data;
4517 int r;
4518
4519 assert(filename);
4520 assert(lvalue);
4521 assert(rvalue);
4522 assert(paths);
4523
4524 if (isempty(rvalue)) {
4525 *paths = strv_free(*paths);
4526 return 0;
4527 }
4528
4529 r = unit_full_printf(u, rvalue, &resolved);
4530 if (r < 0) {
4531 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
4532 return 0;
4533 }
4534
4535 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4536 if (r < 0)
4537 return 0;
4538
4539 if (strv_contains(*paths, resolved))
4540 return 0;
4541
4542 r = strv_extend(paths, resolved);
4543 if (r < 0)
4544 return log_oom();
4545
4546 r = bpf_firewall_supported();
4547 if (r < 0)
4548 return r;
4549 if (r != BPF_FIREWALL_SUPPORTED_WITH_MULTI) {
4550 static bool warned = false;
4551
4552 log_full(warned ? LOG_DEBUG : LOG_WARNING,
4553 "File %s:%u configures an IP firewall with BPF programs (%s=%s), but the local system does not support BPF/cgroup based firewalling with multiple filters.\n"
4554 "Starting this unit will fail! (This warning is only shown for the first loaded unit using IP firewalling.)", filename, line, lvalue, rvalue);
4555
4556 warned = true;
4557 }
4558
4559 return 0;
4560 }
4561
4562 #define FOLLOW_MAX 8
4563
4564 static int open_follow(char **filename, FILE **_f, Set *names, char **_final) {
4565 char *id = NULL;
4566 unsigned c = 0;
4567 int fd, r;
4568 FILE *f;
4569
4570 assert(filename);
4571 assert(*filename);
4572 assert(_f);
4573 assert(names);
4574
4575 /* This will update the filename pointer if the loaded file is
4576 * reached by a symlink. The old string will be freed. */
4577
4578 for (;;) {
4579 char *target, *name;
4580
4581 if (c++ >= FOLLOW_MAX)
4582 return -ELOOP;
4583
4584 path_simplify(*filename, false);
4585
4586 /* Add the file name we are currently looking at to
4587 * the names of this unit, but only if it is a valid
4588 * unit name. */
4589 name = basename(*filename);
4590 if (unit_name_is_valid(name, UNIT_NAME_ANY)) {
4591
4592 id = set_get(names, name);
4593 if (!id) {
4594 id = strdup(name);
4595 if (!id)
4596 return -ENOMEM;
4597
4598 r = set_consume(names, id);
4599 if (r < 0)
4600 return r;
4601 }
4602 }
4603
4604 /* Try to open the file name, but don't if its a symlink */
4605 fd = open(*filename, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW);
4606 if (fd >= 0)
4607 break;
4608
4609 if (errno != ELOOP)
4610 return -errno;
4611
4612 /* Hmm, so this is a symlink. Let's read the name, and follow it manually */
4613 r = readlink_and_make_absolute(*filename, &target);
4614 if (r < 0)
4615 return r;
4616
4617 free_and_replace(*filename, target);
4618 }
4619
4620 f = fdopen(fd, "r");
4621 if (!f) {
4622 safe_close(fd);
4623 return -errno;
4624 }
4625
4626 *_f = f;
4627 *_final = id;
4628
4629 return 0;
4630 }
4631
4632 static int merge_by_names(Unit **u, Set *names, const char *id) {
4633 char *k;
4634 int r;
4635
4636 assert(u);
4637 assert(*u);
4638 assert(names);
4639
4640 /* Let's try to add in all symlink names we found */
4641 while ((k = set_steal_first(names))) {
4642
4643 /* First try to merge in the other name into our
4644 * unit */
4645 r = unit_merge_by_name(*u, k);
4646 if (r < 0) {
4647 Unit *other;
4648
4649 /* Hmm, we couldn't merge the other unit into
4650 * ours? Then let's try it the other way
4651 * round */
4652
4653 /* If the symlink name we are looking at is unit template, then
4654 we must search for instance of this template */
4655 if (unit_name_is_valid(k, UNIT_NAME_TEMPLATE) && (*u)->instance) {
4656 _cleanup_free_ char *instance = NULL;
4657
4658 r = unit_name_replace_instance(k, (*u)->instance, &instance);
4659 if (r < 0)
4660 return r;
4661
4662 other = manager_get_unit((*u)->manager, instance);
4663 } else
4664 other = manager_get_unit((*u)->manager, k);
4665
4666 free(k);
4667
4668 if (other) {
4669 r = unit_merge(other, *u);
4670 if (r >= 0) {
4671 *u = other;
4672 return merge_by_names(u, names, NULL);
4673 }
4674 }
4675
4676 return r;
4677 }
4678
4679 if (id == k)
4680 unit_choose_id(*u, id);
4681
4682 free(k);
4683 }
4684
4685 return 0;
4686 }
4687
4688 static int load_from_path(Unit *u, const char *path) {
4689 _cleanup_set_free_free_ Set *symlink_names = NULL;
4690 _cleanup_fclose_ FILE *f = NULL;
4691 _cleanup_free_ char *filename = NULL;
4692 char *id = NULL;
4693 Unit *merged;
4694 struct stat st;
4695 int r;
4696
4697 assert(u);
4698 assert(path);
4699
4700 symlink_names = set_new(&string_hash_ops);
4701 if (!symlink_names)
4702 return -ENOMEM;
4703
4704 if (path_is_absolute(path)) {
4705
4706 filename = strdup(path);
4707 if (!filename)
4708 return -ENOMEM;
4709
4710 r = open_follow(&filename, &f, symlink_names, &id);
4711 if (r < 0) {
4712 filename = mfree(filename);
4713 if (r != -ENOENT)
4714 return r;
4715 }
4716
4717 } else {
4718 char **p;
4719
4720 STRV_FOREACH(p, u->manager->lookup_paths.search_path) {
4721
4722 /* Instead of opening the path right away, we manually
4723 * follow all symlinks and add their name to our unit
4724 * name set while doing so */
4725 filename = path_make_absolute(path, *p);
4726 if (!filename)
4727 return -ENOMEM;
4728
4729 if (u->manager->unit_path_cache &&
4730 !set_get(u->manager->unit_path_cache, filename))
4731 r = -ENOENT;
4732 else
4733 r = open_follow(&filename, &f, symlink_names, &id);
4734 if (r >= 0)
4735 break;
4736
4737 /* ENOENT means that the file is missing or is a dangling symlink.
4738 * ENOTDIR means that one of paths we expect to be is a directory
4739 * is not a directory, we should just ignore that.
4740 * EACCES means that the directory or file permissions are wrong.
4741 */
4742 if (r == -EACCES)
4743 log_debug_errno(r, "Cannot access \"%s\": %m", filename);
4744 else if (!IN_SET(r, -ENOENT, -ENOTDIR))
4745 return r;
4746
4747 filename = mfree(filename);
4748 /* Empty the symlink names for the next run */
4749 set_clear_free(symlink_names);
4750 }
4751 }
4752
4753 if (!filename)
4754 /* Hmm, no suitable file found? */
4755 return 0;
4756
4757 if (!unit_type_may_alias(u->type) && set_size(symlink_names) > 1) {
4758 log_unit_warning(u, "Unit type of %s does not support alias names, refusing loading via symlink.", u->id);
4759 return -ELOOP;
4760 }
4761
4762 merged = u;
4763 r = merge_by_names(&merged, symlink_names, id);
4764 if (r < 0)
4765 return r;
4766
4767 if (merged != u) {
4768 u->load_state = UNIT_MERGED;
4769 return 0;
4770 }
4771
4772 if (fstat(fileno(f), &st) < 0)
4773 return -errno;
4774
4775 if (null_or_empty(&st)) {
4776 u->load_state = UNIT_MASKED;
4777 u->fragment_mtime = 0;
4778 } else {
4779 u->load_state = UNIT_LOADED;
4780 u->fragment_mtime = timespec_load(&st.st_mtim);
4781
4782 /* Now, parse the file contents */
4783 r = config_parse(u->id, filename, f,
4784 UNIT_VTABLE(u)->sections,
4785 config_item_perf_lookup, load_fragment_gperf_lookup,
4786 CONFIG_PARSE_ALLOW_INCLUDE, u);
4787 if (r < 0)
4788 return r;
4789 }
4790
4791 free_and_replace(u->fragment_path, filename);
4792
4793 if (u->source_path) {
4794 if (stat(u->source_path, &st) >= 0)
4795 u->source_mtime = timespec_load(&st.st_mtim);
4796 else
4797 u->source_mtime = 0;
4798 }
4799
4800 return 0;
4801 }
4802
4803 int unit_load_fragment(Unit *u) {
4804 int r;
4805 Iterator i;
4806 const char *t;
4807
4808 assert(u);
4809 assert(u->load_state == UNIT_STUB);
4810 assert(u->id);
4811
4812 if (u->transient) {
4813 u->load_state = UNIT_LOADED;
4814 return 0;
4815 }
4816
4817 /* First, try to find the unit under its id. We always look
4818 * for unit files in the default directories, to make it easy
4819 * to override things by placing things in /etc/systemd/system */
4820 r = load_from_path(u, u->id);
4821 if (r < 0)
4822 return r;
4823
4824 /* Try to find an alias we can load this with */
4825 if (u->load_state == UNIT_STUB) {
4826 SET_FOREACH(t, u->names, i) {
4827
4828 if (t == u->id)
4829 continue;
4830
4831 r = load_from_path(u, t);
4832 if (r < 0)
4833 return r;
4834
4835 if (u->load_state != UNIT_STUB)
4836 break;
4837 }
4838 }
4839
4840 /* And now, try looking for it under the suggested (originally linked) path */
4841 if (u->load_state == UNIT_STUB && u->fragment_path) {
4842
4843 r = load_from_path(u, u->fragment_path);
4844 if (r < 0)
4845 return r;
4846
4847 if (u->load_state == UNIT_STUB)
4848 /* Hmm, this didn't work? Then let's get rid
4849 * of the fragment path stored for us, so that
4850 * we don't point to an invalid location. */
4851 u->fragment_path = mfree(u->fragment_path);
4852 }
4853
4854 /* Look for a template */
4855 if (u->load_state == UNIT_STUB && u->instance) {
4856 _cleanup_free_ char *k = NULL;
4857
4858 r = unit_name_template(u->id, &k);
4859 if (r < 0)
4860 return r;
4861
4862 r = load_from_path(u, k);
4863 if (r < 0) {
4864 if (r == -ENOEXEC)
4865 log_unit_notice(u, "Unit configuration has fatal error, unit will not be started.");
4866 return r;
4867 }
4868
4869 if (u->load_state == UNIT_STUB) {
4870 SET_FOREACH(t, u->names, i) {
4871 _cleanup_free_ char *z = NULL;
4872
4873 if (t == u->id)
4874 continue;
4875
4876 r = unit_name_template(t, &z);
4877 if (r < 0)
4878 return r;
4879
4880 r = load_from_path(u, z);
4881 if (r < 0)
4882 return r;
4883
4884 if (u->load_state != UNIT_STUB)
4885 break;
4886 }
4887 }
4888 }
4889
4890 return 0;
4891 }
4892
4893 void unit_dump_config_items(FILE *f) {
4894 static const struct {
4895 const ConfigParserCallback callback;
4896 const char *rvalue;
4897 } table[] = {
4898 { config_parse_warn_compat, "NOTSUPPORTED" },
4899 { config_parse_int, "INTEGER" },
4900 { config_parse_unsigned, "UNSIGNED" },
4901 { config_parse_iec_size, "SIZE" },
4902 { config_parse_iec_uint64, "SIZE" },
4903 { config_parse_si_size, "SIZE" },
4904 { config_parse_bool, "BOOLEAN" },
4905 { config_parse_string, "STRING" },
4906 { config_parse_path, "PATH" },
4907 { config_parse_unit_path_printf, "PATH" },
4908 { config_parse_strv, "STRING [...]" },
4909 { config_parse_exec_nice, "NICE" },
4910 { config_parse_exec_oom_score_adjust, "OOMSCOREADJUST" },
4911 { config_parse_exec_io_class, "IOCLASS" },
4912 { config_parse_exec_io_priority, "IOPRIORITY" },
4913 { config_parse_exec_cpu_sched_policy, "CPUSCHEDPOLICY" },
4914 { config_parse_exec_cpu_sched_prio, "CPUSCHEDPRIO" },
4915 { config_parse_exec_cpu_affinity, "CPUAFFINITY" },
4916 { config_parse_mode, "MODE" },
4917 { config_parse_unit_env_file, "FILE" },
4918 { config_parse_exec_output, "OUTPUT" },
4919 { config_parse_exec_input, "INPUT" },
4920 { config_parse_log_facility, "FACILITY" },
4921 { config_parse_log_level, "LEVEL" },
4922 { config_parse_exec_secure_bits, "SECUREBITS" },
4923 { config_parse_capability_set, "BOUNDINGSET" },
4924 { config_parse_rlimit, "LIMIT" },
4925 { config_parse_unit_deps, "UNIT [...]" },
4926 { config_parse_exec, "PATH [ARGUMENT [...]]" },
4927 { config_parse_service_type, "SERVICETYPE" },
4928 { config_parse_service_restart, "SERVICERESTART" },
4929 { config_parse_kill_mode, "KILLMODE" },
4930 { config_parse_signal, "SIGNAL" },
4931 { config_parse_socket_listen, "SOCKET [...]" },
4932 { config_parse_socket_bind, "SOCKETBIND" },
4933 { config_parse_socket_bindtodevice, "NETWORKINTERFACE" },
4934 { config_parse_sec, "SECONDS" },
4935 { config_parse_nsec, "NANOSECONDS" },
4936 { config_parse_namespace_path_strv, "PATH [...]" },
4937 { config_parse_bind_paths, "PATH[:PATH[:OPTIONS]] [...]" },
4938 { config_parse_unit_requires_mounts_for, "PATH [...]" },
4939 { config_parse_exec_mount_flags, "MOUNTFLAG [...]" },
4940 { config_parse_unit_string_printf, "STRING" },
4941 { config_parse_trigger_unit, "UNIT" },
4942 { config_parse_timer, "TIMER" },
4943 { config_parse_path_spec, "PATH" },
4944 { config_parse_notify_access, "ACCESS" },
4945 { config_parse_ip_tos, "TOS" },
4946 { config_parse_unit_condition_path, "CONDITION" },
4947 { config_parse_unit_condition_string, "CONDITION" },
4948 { config_parse_unit_condition_null, "CONDITION" },
4949 { config_parse_unit_slice, "SLICE" },
4950 { config_parse_documentation, "URL" },
4951 { config_parse_service_timeout, "SECONDS" },
4952 { config_parse_emergency_action, "ACTION" },
4953 { config_parse_set_status, "STATUS" },
4954 { config_parse_service_sockets, "SOCKETS" },
4955 { config_parse_environ, "ENVIRON" },
4956 #if HAVE_SECCOMP
4957 { config_parse_syscall_filter, "SYSCALLS" },
4958 { config_parse_syscall_archs, "ARCHS" },
4959 { config_parse_syscall_errno, "ERRNO" },
4960 { config_parse_address_families, "FAMILIES" },
4961 { config_parse_restrict_namespaces, "NAMESPACES" },
4962 #endif
4963 { config_parse_cpu_shares, "SHARES" },
4964 { config_parse_cg_weight, "WEIGHT" },
4965 { config_parse_memory_limit, "LIMIT" },
4966 { config_parse_device_allow, "DEVICE" },
4967 { config_parse_device_policy, "POLICY" },
4968 { config_parse_io_limit, "LIMIT" },
4969 { config_parse_io_device_weight, "DEVICEWEIGHT" },
4970 { config_parse_io_device_latency, "DEVICELATENCY" },
4971 { config_parse_blockio_bandwidth, "BANDWIDTH" },
4972 { config_parse_blockio_weight, "WEIGHT" },
4973 { config_parse_blockio_device_weight, "DEVICEWEIGHT" },
4974 { config_parse_long, "LONG" },
4975 { config_parse_socket_service, "SERVICE" },
4976 #if HAVE_SELINUX
4977 { config_parse_exec_selinux_context, "LABEL" },
4978 #endif
4979 { config_parse_job_mode, "MODE" },
4980 { config_parse_job_mode_isolate, "BOOLEAN" },
4981 { config_parse_personality, "PERSONALITY" },
4982 };
4983
4984 const char *prev = NULL;
4985 const char *i;
4986
4987 assert(f);
4988
4989 NULSTR_FOREACH(i, load_fragment_gperf_nulstr) {
4990 const char *rvalue = "OTHER", *lvalue;
4991 const ConfigPerfItem *p;
4992 size_t prefix_len;
4993 const char *dot;
4994 unsigned j;
4995
4996 assert_se(p = load_fragment_gperf_lookup(i, strlen(i)));
4997
4998 /* Hide legacy settings */
4999 if (p->parse == config_parse_warn_compat &&
5000 p->ltype == DISABLED_LEGACY)
5001 continue;
5002
5003 for (j = 0; j < ELEMENTSOF(table); j++)
5004 if (p->parse == table[j].callback) {
5005 rvalue = table[j].rvalue;
5006 break;
5007 }
5008
5009 dot = strchr(i, '.');
5010 lvalue = dot ? dot + 1 : i;
5011 prefix_len = dot-i;
5012
5013 if (dot)
5014 if (!prev || !strneq(prev, i, prefix_len+1)) {
5015 if (prev)
5016 fputc('\n', f);
5017
5018 fprintf(f, "[%.*s]\n", (int) prefix_len, i);
5019 }
5020
5021 fprintf(f, "%s=%s\n", lvalue, rvalue);
5022 prev = i;
5023 }
5024 }
5025
5026 int config_parse_cpu_affinity2(
5027 const char *unit,
5028 const char *filename,
5029 unsigned line,
5030 const char *section,
5031 unsigned section_line,
5032 const char *lvalue,
5033 int ltype,
5034 const char *rvalue,
5035 void *data,
5036 void *userdata) {
5037
5038 CPUSet *affinity = data;
5039
5040 assert(affinity);
5041
5042 (void) parse_cpu_set_extend(rvalue, affinity, true, unit, filename, line, lvalue);
5043
5044 return 0;
5045 }
5046
5047 int config_parse_show_status(
5048 const char* unit,
5049 const char *filename,
5050 unsigned line,
5051 const char *section,
5052 unsigned section_line,
5053 const char *lvalue,
5054 int ltype,
5055 const char *rvalue,
5056 void *data,
5057 void *userdata) {
5058
5059 int k;
5060 ShowStatus *b = data;
5061
5062 assert(filename);
5063 assert(lvalue);
5064 assert(rvalue);
5065 assert(data);
5066
5067 k = parse_show_status(rvalue, b);
5068 if (k < 0) {
5069 log_syntax(unit, LOG_ERR, filename, line, k, "Failed to parse show status setting, ignoring: %s", rvalue);
5070 return 0;
5071 }
5072
5073 return 0;
5074 }
5075
5076 int config_parse_output_restricted(
5077 const char* unit,
5078 const char *filename,
5079 unsigned line,
5080 const char *section,
5081 unsigned section_line,
5082 const char *lvalue,
5083 int ltype,
5084 const char *rvalue,
5085 void *data,
5086 void *userdata) {
5087
5088 ExecOutput t, *eo = data;
5089
5090 assert(filename);
5091 assert(lvalue);
5092 assert(rvalue);
5093 assert(data);
5094
5095 t = exec_output_from_string(rvalue);
5096 if (t < 0) {
5097 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse output type, ignoring: %s", rvalue);
5098 return 0;
5099 }
5100
5101 if (IN_SET(t, EXEC_OUTPUT_SOCKET, EXEC_OUTPUT_NAMED_FD, EXEC_OUTPUT_FILE, EXEC_OUTPUT_FILE_APPEND)) {
5102 log_syntax(unit, LOG_ERR, filename, line, 0, "Standard output types socket, fd:, file:, append: are not supported as defaults, ignoring: %s", rvalue);
5103 return 0;
5104 }
5105
5106 *eo = t;
5107 return 0;
5108 }
5109
5110 int config_parse_crash_chvt(
5111 const char* unit,
5112 const char *filename,
5113 unsigned line,
5114 const char *section,
5115 unsigned section_line,
5116 const char *lvalue,
5117 int ltype,
5118 const char *rvalue,
5119 void *data,
5120 void *userdata) {
5121
5122 int r;
5123
5124 assert(filename);
5125 assert(lvalue);
5126 assert(rvalue);
5127 assert(data);
5128
5129 r = parse_crash_chvt(rvalue, data);
5130 if (r < 0) {
5131 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse CrashChangeVT= setting, ignoring: %s", rvalue);
5132 return 0;
5133 }
5134
5135 return 0;
5136 }
5137
5138 int config_parse_timeout_abort(
5139 const char* unit,
5140 const char *filename,
5141 unsigned line,
5142 const char *section,
5143 unsigned section_line,
5144 const char *lvalue,
5145 int ltype,
5146 const char *rvalue,
5147 void *data,
5148 void *userdata) {
5149
5150 usec_t *timeout_usec = data;
5151 int r;
5152
5153 assert(filename);
5154 assert(lvalue);
5155 assert(rvalue);
5156 assert(timeout_usec);
5157
5158 rvalue += strspn(rvalue, WHITESPACE);
5159 if (isempty(rvalue)) {
5160 *timeout_usec = false;
5161 return 0;
5162 }
5163
5164 r = parse_sec(rvalue, timeout_usec);
5165 if (r < 0) {
5166 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse DefaultTimeoutAbortSec= setting, ignoring: %s", rvalue);
5167 return 0;
5168 }
5169
5170 *timeout_usec = true;
5171 return 0;
5172 }
Unnamed repository; edit this file 'description' to name the repository.