]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/load-fragment.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #18214 from elmarco/vsock
[thirdparty/systemd.git] / src / core / load-fragment.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2 /***
3 Copyright © 2012 Holger Hans Peter Freyther
4 ***/
5
6 #include <errno.h>
7 #include <fcntl.h>
8 #include <linux/fs.h>
9 #include <linux/oom.h>
10 #if HAVE_SECCOMP
11 #include <seccomp.h>
12 #endif
13 #include <sched.h>
14 #include <sys/resource.h>
15
16 #include "sd-messages.h"
17
18 #include "af-list.h"
19 #include "alloc-util.h"
20 #include "all-units.h"
21 #include "bpf-firewall.h"
22 #include "bus-error.h"
23 #include "bus-internal.h"
24 #include "bus-util.h"
25 #include "cap-list.h"
26 #include "capability-util.h"
27 #include "cgroup-setup.h"
28 #include "conf-parser.h"
29 #include "core-varlink.h"
30 #include "cpu-set-util.h"
31 #include "env-util.h"
32 #include "errno-list.h"
33 #include "escape.h"
34 #include "fd-util.h"
35 #include "fileio.h"
36 #include "fs-util.h"
37 #include "hexdecoct.h"
38 #include "io-util.h"
39 #include "ioprio.h"
40 #include "ip-protocol-list.h"
41 #include "journal-file.h"
42 #include "limits-util.h"
43 #include "load-fragment.h"
44 #include "log.h"
45 #include "mountpoint-util.h"
46 #include "nulstr-util.h"
47 #include "parse-util.h"
48 #include "path-util.h"
49 #include "process-util.h"
50 #if HAVE_SECCOMP
51 #include "seccomp-util.h"
52 #endif
53 #include "securebits-util.h"
54 #include "signal-util.h"
55 #include "socket-netlink.h"
56 #include "stat-util.h"
57 #include "string-util.h"
58 #include "strv.h"
59 #include "syslog-util.h"
60 #include "time-util.h"
61 #include "unit-name.h"
62 #include "unit-printf.h"
63 #include "user-util.h"
64 #include "utf8.h"
65 #include "web-util.h"
66
67 static int parse_socket_protocol(const char *s) {
68 int r;
69
70 r = parse_ip_protocol(s);
71 if (r < 0)
72 return r;
73 if (!IN_SET(r, IPPROTO_UDPLITE, IPPROTO_SCTP))
74 return -EPROTONOSUPPORT;
75
76 return r;
77 }
78
79 int parse_crash_chvt(const char *value, int *data) {
80 int b;
81
82 if (safe_atoi(value, data) >= 0)
83 return 0;
84
85 b = parse_boolean(value);
86 if (b < 0)
87 return b;
88
89 if (b > 0)
90 *data = 0; /* switch to where kmsg goes */
91 else
92 *data = -1; /* turn off switching */
93
94 return 0;
95 }
96
97 int parse_confirm_spawn(const char *value, char **console) {
98 char *s;
99 int r;
100
101 r = value ? parse_boolean(value) : 1;
102 if (r == 0) {
103 *console = NULL;
104 return 0;
105 } else if (r > 0) /* on with default tty */
106 s = strdup("/dev/console");
107 else if (is_path(value)) /* on with fully qualified path */
108 s = strdup(value);
109 else /* on with only a tty file name, not a fully qualified path */
110 s = path_join("/dev/", value);
111 if (!s)
112 return -ENOMEM;
113
114 *console = s;
115 return 0;
116 }
117
118 DEFINE_CONFIG_PARSE(config_parse_socket_protocol, parse_socket_protocol, "Failed to parse socket protocol");
119 DEFINE_CONFIG_PARSE(config_parse_exec_secure_bits, secure_bits_from_string, "Failed to parse secure bits");
120 DEFINE_CONFIG_PARSE_ENUM(config_parse_collect_mode, collect_mode, CollectMode, "Failed to parse garbage collection mode");
121 DEFINE_CONFIG_PARSE_ENUM(config_parse_device_policy, cgroup_device_policy, CGroupDevicePolicy, "Failed to parse device policy");
122 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_keyring_mode, exec_keyring_mode, ExecKeyringMode, "Failed to parse keyring mode");
123 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_proc, protect_proc, ProtectProc, "Failed to parse /proc/ protection mode");
124 DEFINE_CONFIG_PARSE_ENUM(config_parse_proc_subset, proc_subset, ProcSubset, "Failed to parse /proc/ subset mode");
125 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_utmp_mode, exec_utmp_mode, ExecUtmpMode, "Failed to parse utmp mode");
126 DEFINE_CONFIG_PARSE_ENUM(config_parse_job_mode, job_mode, JobMode, "Failed to parse job mode");
127 DEFINE_CONFIG_PARSE_ENUM(config_parse_notify_access, notify_access, NotifyAccess, "Failed to parse notify access specifier");
128 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_home, protect_home, ProtectHome, "Failed to parse protect home value");
129 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_system, protect_system, ProtectSystem, "Failed to parse protect system value");
130 DEFINE_CONFIG_PARSE_ENUM(config_parse_runtime_preserve_mode, exec_preserve_mode, ExecPreserveMode, "Failed to parse runtime directory preserve mode");
131 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_type, service_type, ServiceType, "Failed to parse service type");
132 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_restart, service_restart, ServiceRestart, "Failed to parse service restart specifier");
133 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_timeout_failure_mode, service_timeout_failure_mode, ServiceTimeoutFailureMode, "Failed to parse timeout failure mode");
134 DEFINE_CONFIG_PARSE_ENUM(config_parse_socket_bind, socket_address_bind_ipv6_only_or_bool, SocketAddressBindIPv6Only, "Failed to parse bind IPv6 only value");
135 DEFINE_CONFIG_PARSE_ENUM(config_parse_oom_policy, oom_policy, OOMPolicy, "Failed to parse OOM policy");
136 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_ip_tos, ip_tos, int, -1, "Failed to parse IP TOS value");
137 DEFINE_CONFIG_PARSE_PTR(config_parse_blockio_weight, cg_blkio_weight_parse, uint64_t, "Invalid block IO weight");
138 DEFINE_CONFIG_PARSE_PTR(config_parse_cg_weight, cg_weight_parse, uint64_t, "Invalid weight");
139 DEFINE_CONFIG_PARSE_PTR(config_parse_cpu_shares, cg_cpu_shares_parse, uint64_t, "Invalid CPU shares");
140 DEFINE_CONFIG_PARSE_PTR(config_parse_exec_mount_flags, mount_propagation_flags_from_string, unsigned long, "Failed to parse mount flag");
141 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_numa_policy, mpol, int, -1, "Invalid NUMA policy type");
142 DEFINE_CONFIG_PARSE_ENUM(config_parse_status_unit_format, status_unit_format, StatusUnitFormat, "Failed to parse status unit format");
143 DEFINE_CONFIG_PARSE_ENUM_FULL(config_parse_socket_timestamping, socket_timestamping_from_string_harder, SocketTimestamping, "Failed to parse timestamping precision");
144
145 int config_parse_unit_deps(
146 const char *unit,
147 const char *filename,
148 unsigned line,
149 const char *section,
150 unsigned section_line,
151 const char *lvalue,
152 int ltype,
153 const char *rvalue,
154 void *data,
155 void *userdata) {
156
157 UnitDependency d = ltype;
158 Unit *u = userdata;
159
160 assert(filename);
161 assert(lvalue);
162 assert(rvalue);
163
164 for (const char *p = rvalue;;) {
165 _cleanup_free_ char *word = NULL, *k = NULL;
166 int r;
167
168 r = extract_first_word(&p, &word, NULL, EXTRACT_RETAIN_ESCAPE);
169 if (r == 0)
170 return 0;
171 if (r == -ENOMEM)
172 return log_oom();
173 if (r < 0) {
174 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
175 return 0;
176 }
177
178 r = unit_name_printf(u, word, &k);
179 if (r < 0) {
180 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
181 continue;
182 }
183
184 r = unit_add_dependency_by_name(u, d, k, true, UNIT_DEPENDENCY_FILE);
185 if (r < 0)
186 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
187 }
188 }
189
190 int config_parse_obsolete_unit_deps(
191 const char *unit,
192 const char *filename,
193 unsigned line,
194 const char *section,
195 unsigned section_line,
196 const char *lvalue,
197 int ltype,
198 const char *rvalue,
199 void *data,
200 void *userdata) {
201
202 log_syntax(unit, LOG_WARNING, filename, line, 0,
203 "Unit dependency type %s= is obsolete, replacing by %s=, please update your unit file", lvalue, unit_dependency_to_string(ltype));
204
205 return config_parse_unit_deps(unit, filename, line, section, section_line, lvalue, ltype, rvalue, data, userdata);
206 }
207
208 int config_parse_unit_string_printf(
209 const char *unit,
210 const char *filename,
211 unsigned line,
212 const char *section,
213 unsigned section_line,
214 const char *lvalue,
215 int ltype,
216 const char *rvalue,
217 void *data,
218 void *userdata) {
219
220 _cleanup_free_ char *k = NULL;
221 const Unit *u = userdata;
222 int r;
223
224 assert(filename);
225 assert(lvalue);
226 assert(rvalue);
227 assert(u);
228
229 r = unit_full_printf(u, rvalue, &k);
230 if (r < 0) {
231 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
232 return 0;
233 }
234
235 return config_parse_string(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
236 }
237
238 int config_parse_unit_strv_printf(
239 const char *unit,
240 const char *filename,
241 unsigned line,
242 const char *section,
243 unsigned section_line,
244 const char *lvalue,
245 int ltype,
246 const char *rvalue,
247 void *data,
248 void *userdata) {
249
250 const Unit *u = userdata;
251 _cleanup_free_ char *k = NULL;
252 int r;
253
254 assert(filename);
255 assert(lvalue);
256 assert(rvalue);
257 assert(u);
258
259 r = unit_full_printf(u, rvalue, &k);
260 if (r < 0) {
261 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
262 return 0;
263 }
264
265 return config_parse_strv(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
266 }
267
268 int config_parse_unit_path_printf(
269 const char *unit,
270 const char *filename,
271 unsigned line,
272 const char *section,
273 unsigned section_line,
274 const char *lvalue,
275 int ltype,
276 const char *rvalue,
277 void *data,
278 void *userdata) {
279
280 _cleanup_free_ char *k = NULL;
281 const Unit *u = userdata;
282 int r;
283 bool fatal = ltype;
284
285 assert(filename);
286 assert(lvalue);
287 assert(rvalue);
288 assert(u);
289
290 /* Let's not bother with anything that is too long */
291 if (strlen(rvalue) >= PATH_MAX) {
292 log_syntax(unit, fatal ? LOG_ERR : LOG_WARNING, filename, line, 0,
293 "%s value too long%s.",
294 lvalue, fatal ? "" : ", ignoring");
295 return fatal ? -ENAMETOOLONG : 0;
296 }
297
298 r = unit_full_printf(u, rvalue, &k);
299 if (r < 0) {
300 log_syntax(unit, fatal ? LOG_ERR : LOG_WARNING, filename, line, r,
301 "Failed to resolve unit specifiers in '%s'%s: %m",
302 rvalue, fatal ? "" : ", ignoring");
303 return fatal ? -ENOEXEC : 0;
304 }
305
306 return config_parse_path(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
307 }
308
309 int config_parse_unit_path_strv_printf(
310 const char *unit,
311 const char *filename,
312 unsigned line,
313 const char *section,
314 unsigned section_line,
315 const char *lvalue,
316 int ltype,
317 const char *rvalue,
318 void *data,
319 void *userdata) {
320
321 char ***x = data;
322 const Unit *u = userdata;
323 int r;
324
325 assert(filename);
326 assert(lvalue);
327 assert(rvalue);
328 assert(u);
329
330 if (isempty(rvalue)) {
331 *x = strv_free(*x);
332 return 0;
333 }
334
335 for (const char *p = rvalue;;) {
336 _cleanup_free_ char *word = NULL, *k = NULL;
337
338 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
339 if (r == 0)
340 return 0;
341 if (r == -ENOMEM)
342 return log_oom();
343 if (r < 0) {
344 log_syntax(unit, LOG_WARNING, filename, line, r,
345 "Invalid syntax, ignoring: %s", rvalue);
346 return 0;
347 }
348
349 r = unit_full_printf(u, word, &k);
350 if (r < 0) {
351 log_syntax(unit, LOG_WARNING, filename, line, r,
352 "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
353 return 0;
354 }
355
356 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
357 if (r < 0)
358 return 0;
359
360 r = strv_consume(x, TAKE_PTR(k));
361 if (r < 0)
362 return log_oom();
363 }
364 }
365
366 static int patch_var_run(
367 const char *unit,
368 const char *filename,
369 unsigned line,
370 const char *lvalue,
371 char **path) {
372
373 const char *e;
374 char *z;
375
376 e = path_startswith(*path, "/var/run/");
377 if (!e)
378 return 0;
379
380 z = path_join("/run/", e);
381 if (!z)
382 return log_oom();
383
384 log_syntax(unit, LOG_NOTICE, filename, line, 0,
385 "%s= references a path below legacy directory /var/run/, updating %s → %s; "
386 "please update the unit file accordingly.", lvalue, *path, z);
387
388 free_and_replace(*path, z);
389
390 return 1;
391 }
392
393 int config_parse_socket_listen(
394 const char *unit,
395 const char *filename,
396 unsigned line,
397 const char *section,
398 unsigned section_line,
399 const char *lvalue,
400 int ltype,
401 const char *rvalue,
402 void *data,
403 void *userdata) {
404
405 _cleanup_free_ SocketPort *p = NULL;
406 SocketPort *tail;
407 Socket *s;
408 int r;
409
410 assert(filename);
411 assert(lvalue);
412 assert(rvalue);
413 assert(data);
414
415 s = SOCKET(data);
416
417 if (isempty(rvalue)) {
418 /* An empty assignment removes all ports */
419 socket_free_ports(s);
420 return 0;
421 }
422
423 p = new0(SocketPort, 1);
424 if (!p)
425 return log_oom();
426
427 if (ltype != SOCKET_SOCKET) {
428 _cleanup_free_ char *k = NULL;
429
430 r = unit_full_printf(UNIT(s), rvalue, &k);
431 if (r < 0) {
432 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
433 return 0;
434 }
435
436 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
437 if (r < 0)
438 return 0;
439
440 if (ltype == SOCKET_FIFO) {
441 r = patch_var_run(unit, filename, line, lvalue, &k);
442 if (r < 0)
443 return r;
444 }
445
446 free_and_replace(p->path, k);
447 p->type = ltype;
448
449 } else if (streq(lvalue, "ListenNetlink")) {
450 _cleanup_free_ char *k = NULL;
451
452 r = unit_full_printf(UNIT(s), rvalue, &k);
453 if (r < 0) {
454 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
455 return 0;
456 }
457
458 r = socket_address_parse_netlink(&p->address, k);
459 if (r < 0) {
460 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse address value in '%s', ignoring: %m", k);
461 return 0;
462 }
463
464 p->type = SOCKET_SOCKET;
465
466 } else {
467 _cleanup_free_ char *k = NULL;
468
469 r = unit_full_printf(UNIT(s), rvalue, &k);
470 if (r < 0) {
471 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
472 return 0;
473 }
474
475 if (k[0] == '/') { /* Only for AF_UNIX file system sockets… */
476 r = patch_var_run(unit, filename, line, lvalue, &k);
477 if (r < 0)
478 return r;
479 }
480
481 r = socket_address_parse_and_warn(&p->address, k);
482 if (r < 0) {
483 if (r != -EAFNOSUPPORT)
484 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse address value in '%s', ignoring: %m", k);
485 return 0;
486 }
487
488 if (streq(lvalue, "ListenStream"))
489 p->address.type = SOCK_STREAM;
490 else if (streq(lvalue, "ListenDatagram"))
491 p->address.type = SOCK_DGRAM;
492 else {
493 assert(streq(lvalue, "ListenSequentialPacket"));
494 p->address.type = SOCK_SEQPACKET;
495 }
496
497 if (socket_address_family(&p->address) != AF_LOCAL && p->address.type == SOCK_SEQPACKET) {
498 log_syntax(unit, LOG_WARNING, filename, line, 0, "Address family not supported, ignoring: %s", rvalue);
499 return 0;
500 }
501
502 p->type = SOCKET_SOCKET;
503 }
504
505 p->fd = -1;
506 p->auxiliary_fds = NULL;
507 p->n_auxiliary_fds = 0;
508 p->socket = s;
509
510 LIST_FIND_TAIL(port, s->ports, tail);
511 LIST_INSERT_AFTER(port, s->ports, tail, p);
512
513 p = NULL;
514
515 return 0;
516 }
517
518 int config_parse_exec_nice(
519 const char *unit,
520 const char *filename,
521 unsigned line,
522 const char *section,
523 unsigned section_line,
524 const char *lvalue,
525 int ltype,
526 const char *rvalue,
527 void *data,
528 void *userdata) {
529
530 ExecContext *c = data;
531 int priority, r;
532
533 assert(filename);
534 assert(lvalue);
535 assert(rvalue);
536 assert(data);
537
538 if (isempty(rvalue)) {
539 c->nice_set = false;
540 return 0;
541 }
542
543 r = parse_nice(rvalue, &priority);
544 if (r < 0) {
545 if (r == -ERANGE)
546 log_syntax(unit, LOG_WARNING, filename, line, r, "Nice priority out of range, ignoring: %s", rvalue);
547 else
548 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse nice priority '%s', ignoring: %m", rvalue);
549 return 0;
550 }
551
552 c->nice = priority;
553 c->nice_set = true;
554
555 return 0;
556 }
557
558 int config_parse_exec_oom_score_adjust(
559 const char* unit,
560 const char *filename,
561 unsigned line,
562 const char *section,
563 unsigned section_line,
564 const char *lvalue,
565 int ltype,
566 const char *rvalue,
567 void *data,
568 void *userdata) {
569
570 ExecContext *c = data;
571 int oa, r;
572
573 assert(filename);
574 assert(lvalue);
575 assert(rvalue);
576 assert(data);
577
578 if (isempty(rvalue)) {
579 c->oom_score_adjust_set = false;
580 return 0;
581 }
582
583 r = parse_oom_score_adjust(rvalue, &oa);
584 if (r < 0) {
585 if (r == -ERANGE)
586 log_syntax(unit, LOG_WARNING, filename, line, r, "OOM score adjust value out of range, ignoring: %s", rvalue);
587 else
588 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse the OOM score adjust value '%s', ignoring: %m", rvalue);
589 return 0;
590 }
591
592 c->oom_score_adjust = oa;
593 c->oom_score_adjust_set = true;
594
595 return 0;
596 }
597
598 int config_parse_exec_coredump_filter(
599 const char* unit,
600 const char *filename,
601 unsigned line,
602 const char *section,
603 unsigned section_line,
604 const char *lvalue,
605 int ltype,
606 const char *rvalue,
607 void *data,
608 void *userdata) {
609
610 ExecContext *c = data;
611 int r;
612
613 assert(filename);
614 assert(lvalue);
615 assert(rvalue);
616 assert(data);
617
618 if (isempty(rvalue)) {
619 c->coredump_filter = 0;
620 c->coredump_filter_set = false;
621 return 0;
622 }
623
624 uint64_t f;
625 r = coredump_filter_mask_from_string(rvalue, &f);
626 if (r < 0) {
627 log_syntax(unit, LOG_WARNING, filename, line, r,
628 "Failed to parse the CoredumpFilter=%s, ignoring: %m", rvalue);
629 return 0;
630 }
631
632 c->coredump_filter |= f;
633 c->oom_score_adjust_set = true;
634 return 0;
635 }
636
637 int config_parse_kill_mode(
638 const char* unit,
639 const char *filename,
640 unsigned line,
641 const char *section,
642 unsigned section_line,
643 const char *lvalue,
644 int ltype,
645 const char *rvalue,
646 void *data,
647 void *userdata) {
648
649 KillMode *k = data, m;
650
651 assert(filename);
652 assert(lvalue);
653 assert(rvalue);
654 assert(data);
655
656 if (isempty(rvalue)) {
657 *k = KILL_CONTROL_GROUP;
658 return 0;
659 }
660
661 m = kill_mode_from_string(rvalue);
662 if (m < 0) {
663 log_syntax(unit, LOG_WARNING, filename, line, 0,
664 "Failed to parse kill mode specification, ignoring: %s", rvalue);
665 return 0;
666 }
667
668 if (m == KILL_NONE)
669 log_syntax(unit, LOG_WARNING, filename, line, 0,
670 "Unit configured to use KillMode=none. "
671 "This is unsafe, as it disables systemd's process lifecycle management for the service. "
672 "Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. "
673 "Support for KillMode=none is deprecated and will eventually be removed.");
674
675 *k = m;
676 return 0;
677 }
678
679 int config_parse_exec(
680 const char *unit,
681 const char *filename,
682 unsigned line,
683 const char *section,
684 unsigned section_line,
685 const char *lvalue,
686 int ltype,
687 const char *rvalue,
688 void *data,
689 void *userdata) {
690
691 ExecCommand **e = data;
692 const Unit *u = userdata;
693 const char *p;
694 bool semicolon;
695 int r;
696
697 assert(filename);
698 assert(lvalue);
699 assert(rvalue);
700 assert(e);
701
702 e += ltype;
703
704 if (isempty(rvalue)) {
705 /* An empty assignment resets the list */
706 *e = exec_command_free_list(*e);
707 return 0;
708 }
709
710 p = rvalue;
711 do {
712 _cleanup_free_ char *path = NULL, *firstword = NULL;
713 ExecCommandFlags flags = 0;
714 bool ignore = false, separate_argv0 = false;
715 _cleanup_free_ ExecCommand *nce = NULL;
716 _cleanup_strv_free_ char **n = NULL;
717 size_t nlen = 0, nbufsize = 0;
718 const char *f;
719
720 semicolon = false;
721
722 r = extract_first_word_and_warn(&p, &firstword, NULL, EXTRACT_UNQUOTE|EXTRACT_CUNESCAPE, unit, filename, line, rvalue);
723 if (r <= 0)
724 return 0;
725
726 /* A lone ";" is a separator. Let's make sure we don't treat it as an executable name. */
727 if (streq(firstword, ";")) {
728 semicolon = true;
729 continue;
730 }
731
732 f = firstword;
733 for (;;) {
734 /* We accept an absolute path as first argument. If it's prefixed with - and the path doesn't
735 * exist, we ignore it instead of erroring out; if it's prefixed with @, we allow overriding of
736 * argv[0]; if it's prefixed with :, we will not do environment variable substitution;
737 * if it's prefixed with +, it will be run with full privileges and no sandboxing; if
738 * it's prefixed with '!' we apply sandboxing, but do not change user/group credentials; if
739 * it's prefixed with '!!', then we apply user/group credentials if the kernel supports ambient
740 * capabilities -- if it doesn't we don't apply the credentials themselves, but do apply most
741 * other sandboxing, with some special exceptions for changing UID.
742 *
743 * The idea is that '!!' may be used to write services that can take benefit of systemd's
744 * UID/GID dropping if the kernel supports ambient creds, but provide an automatic fallback to
745 * privilege dropping within the daemon if the kernel does not offer that. */
746
747 if (*f == '-' && !(flags & EXEC_COMMAND_IGNORE_FAILURE)) {
748 flags |= EXEC_COMMAND_IGNORE_FAILURE;
749 ignore = true;
750 } else if (*f == '@' && !separate_argv0)
751 separate_argv0 = true;
752 else if (*f == ':' && !(flags & EXEC_COMMAND_NO_ENV_EXPAND))
753 flags |= EXEC_COMMAND_NO_ENV_EXPAND;
754 else if (*f == '+' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_NO_SETUID|EXEC_COMMAND_AMBIENT_MAGIC)))
755 flags |= EXEC_COMMAND_FULLY_PRIVILEGED;
756 else if (*f == '!' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_NO_SETUID|EXEC_COMMAND_AMBIENT_MAGIC)))
757 flags |= EXEC_COMMAND_NO_SETUID;
758 else if (*f == '!' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_AMBIENT_MAGIC))) {
759 flags &= ~EXEC_COMMAND_NO_SETUID;
760 flags |= EXEC_COMMAND_AMBIENT_MAGIC;
761 } else
762 break;
763 f++;
764 }
765
766 r = unit_full_printf(u, f, &path);
767 if (r < 0) {
768 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
769 "Failed to resolve unit specifiers in '%s'%s: %m",
770 f, ignore ? ", ignoring" : "");
771 return ignore ? 0 : -ENOEXEC;
772 }
773
774 if (isempty(path)) {
775 /* First word is either "-" or "@" with no command. */
776 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
777 "Empty path in command line%s: '%s'",
778 ignore ? ", ignoring" : "", rvalue);
779 return ignore ? 0 : -ENOEXEC;
780 }
781 if (!string_is_safe(path)) {
782 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
783 "Executable name contains special characters%s: %s",
784 ignore ? ", ignoring" : "", path);
785 return ignore ? 0 : -ENOEXEC;
786 }
787 if (endswith(path, "/")) {
788 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
789 "Executable path specifies a directory%s: %s",
790 ignore ? ", ignoring" : "", path);
791 return ignore ? 0 : -ENOEXEC;
792 }
793
794 if (!path_is_absolute(path) && !filename_is_valid(path)) {
795 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
796 "Neither a valid executable name nor an absolute path%s: %s",
797 ignore ? ", ignoring" : "", path);
798 return ignore ? 0 : -ENOEXEC;
799 }
800
801 if (!separate_argv0) {
802 char *w = NULL;
803
804 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
805 return log_oom();
806
807 w = strdup(path);
808 if (!w)
809 return log_oom();
810 n[nlen++] = w;
811 n[nlen] = NULL;
812 }
813
814 path_simplify(path, false);
815
816 while (!isempty(p)) {
817 _cleanup_free_ char *word = NULL, *resolved = NULL;
818
819 /* Check explicitly for an unquoted semicolon as
820 * command separator token. */
821 if (p[0] == ';' && (!p[1] || strchr(WHITESPACE, p[1]))) {
822 p++;
823 p += strspn(p, WHITESPACE);
824 semicolon = true;
825 break;
826 }
827
828 /* Check for \; explicitly, to not confuse it with \\; or "\;" or "\\;" etc.
829 * extract_first_word() would return the same for all of those. */
830 if (p[0] == '\\' && p[1] == ';' && (!p[2] || strchr(WHITESPACE, p[2]))) {
831 char *w;
832
833 p += 2;
834 p += strspn(p, WHITESPACE);
835
836 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
837 return log_oom();
838
839 w = strdup(";");
840 if (!w)
841 return log_oom();
842 n[nlen++] = w;
843 n[nlen] = NULL;
844 continue;
845 }
846
847 r = extract_first_word_and_warn(&p, &word, NULL, EXTRACT_UNQUOTE|EXTRACT_CUNESCAPE, unit, filename, line, rvalue);
848 if (r == 0)
849 break;
850 if (r < 0)
851 return ignore ? 0 : -ENOEXEC;
852
853 r = unit_full_printf(u, word, &resolved);
854 if (r < 0) {
855 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
856 "Failed to resolve unit specifiers in %s%s: %m",
857 word, ignore ? ", ignoring" : "");
858 return ignore ? 0 : -ENOEXEC;
859 }
860
861 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
862 return log_oom();
863
864 n[nlen++] = TAKE_PTR(resolved);
865 n[nlen] = NULL;
866 }
867
868 if (!n || !n[0]) {
869 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
870 "Empty executable name or zeroeth argument%s: %s",
871 ignore ? ", ignoring" : "", rvalue);
872 return ignore ? 0 : -ENOEXEC;
873 }
874
875 nce = new0(ExecCommand, 1);
876 if (!nce)
877 return log_oom();
878
879 nce->argv = TAKE_PTR(n);
880 nce->path = TAKE_PTR(path);
881 nce->flags = flags;
882
883 exec_command_append_list(e, nce);
884
885 /* Do not _cleanup_free_ these. */
886 nce = NULL;
887
888 rvalue = p;
889 } while (semicolon);
890
891 return 0;
892 }
893
894 int config_parse_socket_bindtodevice(
895 const char* unit,
896 const char *filename,
897 unsigned line,
898 const char *section,
899 unsigned section_line,
900 const char *lvalue,
901 int ltype,
902 const char *rvalue,
903 void *data,
904 void *userdata) {
905
906 Socket *s = data;
907
908 assert(filename);
909 assert(lvalue);
910 assert(rvalue);
911 assert(data);
912
913 if (isempty(rvalue) || streq(rvalue, "*")) {
914 s->bind_to_device = mfree(s->bind_to_device);
915 return 0;
916 }
917
918 if (!ifname_valid(rvalue)) {
919 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid interface name, ignoring: %s", rvalue);
920 return 0;
921 }
922
923 if (free_and_strdup(&s->bind_to_device, rvalue) < 0)
924 return log_oom();
925
926 return 0;
927 }
928
929 int config_parse_exec_input(
930 const char *unit,
931 const char *filename,
932 unsigned line,
933 const char *section,
934 unsigned section_line,
935 const char *lvalue,
936 int ltype,
937 const char *rvalue,
938 void *data,
939 void *userdata) {
940
941 ExecContext *c = data;
942 const Unit *u = userdata;
943 const char *n;
944 ExecInput ei;
945 int r;
946
947 assert(data);
948 assert(filename);
949 assert(line);
950 assert(rvalue);
951
952 n = startswith(rvalue, "fd:");
953 if (n) {
954 _cleanup_free_ char *resolved = NULL;
955
956 r = unit_full_printf(u, n, &resolved);
957 if (r < 0) {
958 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", n);
959 return 0;
960 }
961
962 if (isempty(resolved))
963 resolved = mfree(resolved);
964 else if (!fdname_is_valid(resolved)) {
965 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid file descriptor name, ignoring: %s", resolved);
966 return 0;
967 }
968
969 free_and_replace(c->stdio_fdname[STDIN_FILENO], resolved);
970
971 ei = EXEC_INPUT_NAMED_FD;
972
973 } else if ((n = startswith(rvalue, "file:"))) {
974 _cleanup_free_ char *resolved = NULL;
975
976 r = unit_full_printf(u, n, &resolved);
977 if (r < 0) {
978 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", n);
979 return 0;
980 }
981
982 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
983 if (r < 0)
984 return 0;
985
986 free_and_replace(c->stdio_file[STDIN_FILENO], resolved);
987
988 ei = EXEC_INPUT_FILE;
989
990 } else {
991 ei = exec_input_from_string(rvalue);
992 if (ei < 0) {
993 log_syntax(unit, LOG_WARNING, filename, line, 0, "Failed to parse input specifier, ignoring: %s", rvalue);
994 return 0;
995 }
996 }
997
998 c->std_input = ei;
999 return 0;
1000 }
1001
1002 int config_parse_exec_input_text(
1003 const char *unit,
1004 const char *filename,
1005 unsigned line,
1006 const char *section,
1007 unsigned section_line,
1008 const char *lvalue,
1009 int ltype,
1010 const char *rvalue,
1011 void *data,
1012 void *userdata) {
1013
1014 _cleanup_free_ char *unescaped = NULL, *resolved = NULL;
1015 ExecContext *c = data;
1016 const Unit *u = userdata;
1017 size_t sz;
1018 void *p;
1019 int r;
1020
1021 assert(data);
1022 assert(filename);
1023 assert(line);
1024 assert(rvalue);
1025
1026 if (isempty(rvalue)) {
1027 /* Reset if the empty string is assigned */
1028 c->stdin_data = mfree(c->stdin_data);
1029 c->stdin_data_size = 0;
1030 return 0;
1031 }
1032
1033 r = cunescape(rvalue, 0, &unescaped);
1034 if (r < 0) {
1035 log_syntax(unit, LOG_WARNING, filename, line, r,
1036 "Failed to decode C escaped text '%s', ignoring: %m", rvalue);
1037 return 0;
1038 }
1039
1040 r = unit_full_printf(u, unescaped, &resolved);
1041 if (r < 0) {
1042 log_syntax(unit, LOG_WARNING, filename, line, r,
1043 "Failed to resolve unit specifiers in '%s', ignoring: %m", unescaped);
1044 return 0;
1045 }
1046
1047 sz = strlen(resolved);
1048 if (c->stdin_data_size + sz + 1 < c->stdin_data_size || /* check for overflow */
1049 c->stdin_data_size + sz + 1 > EXEC_STDIN_DATA_MAX) {
1050 log_syntax(unit, LOG_WARNING, filename, line, 0,
1051 "Standard input data too large (%zu), maximum of %zu permitted, ignoring.",
1052 c->stdin_data_size + sz, (size_t) EXEC_STDIN_DATA_MAX);
1053 return 0;
1054 }
1055
1056 p = realloc(c->stdin_data, c->stdin_data_size + sz + 1);
1057 if (!p)
1058 return log_oom();
1059
1060 *((char*) mempcpy((char*) p + c->stdin_data_size, resolved, sz)) = '\n';
1061
1062 c->stdin_data = p;
1063 c->stdin_data_size += sz + 1;
1064
1065 return 0;
1066 }
1067
1068 int config_parse_exec_input_data(
1069 const char *unit,
1070 const char *filename,
1071 unsigned line,
1072 const char *section,
1073 unsigned section_line,
1074 const char *lvalue,
1075 int ltype,
1076 const char *rvalue,
1077 void *data,
1078 void *userdata) {
1079
1080 _cleanup_free_ void *p = NULL;
1081 ExecContext *c = data;
1082 size_t sz;
1083 void *q;
1084 int r;
1085
1086 assert(data);
1087 assert(filename);
1088 assert(line);
1089 assert(rvalue);
1090
1091 if (isempty(rvalue)) {
1092 /* Reset if the empty string is assigned */
1093 c->stdin_data = mfree(c->stdin_data);
1094 c->stdin_data_size = 0;
1095 return 0;
1096 }
1097
1098 r = unbase64mem(rvalue, (size_t) -1, &p, &sz);
1099 if (r < 0) {
1100 log_syntax(unit, LOG_WARNING, filename, line, r,
1101 "Failed to decode base64 data, ignoring: %s", rvalue);
1102 return 0;
1103 }
1104
1105 assert(sz > 0);
1106
1107 if (c->stdin_data_size + sz < c->stdin_data_size || /* check for overflow */
1108 c->stdin_data_size + sz > EXEC_STDIN_DATA_MAX) {
1109 log_syntax(unit, LOG_WARNING, filename, line, 0,
1110 "Standard input data too large (%zu), maximum of %zu permitted, ignoring.",
1111 c->stdin_data_size + sz, (size_t) EXEC_STDIN_DATA_MAX);
1112 return 0;
1113 }
1114
1115 q = realloc(c->stdin_data, c->stdin_data_size + sz);
1116 if (!q)
1117 return log_oom();
1118
1119 memcpy((uint8_t*) q + c->stdin_data_size, p, sz);
1120
1121 c->stdin_data = q;
1122 c->stdin_data_size += sz;
1123
1124 return 0;
1125 }
1126
1127 int config_parse_exec_output(
1128 const char *unit,
1129 const char *filename,
1130 unsigned line,
1131 const char *section,
1132 unsigned section_line,
1133 const char *lvalue,
1134 int ltype,
1135 const char *rvalue,
1136 void *data,
1137 void *userdata) {
1138
1139 _cleanup_free_ char *resolved = NULL;
1140 const char *n;
1141 ExecContext *c = data;
1142 const Unit *u = userdata;
1143 bool obsolete = false;
1144 ExecOutput eo;
1145 int r;
1146
1147 assert(data);
1148 assert(filename);
1149 assert(line);
1150 assert(lvalue);
1151 assert(rvalue);
1152
1153 n = startswith(rvalue, "fd:");
1154 if (n) {
1155 r = unit_full_printf(u, n, &resolved);
1156 if (r < 0) {
1157 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s: %m", n);
1158 return 0;
1159 }
1160
1161 if (isempty(resolved))
1162 resolved = mfree(resolved);
1163 else if (!fdname_is_valid(resolved)) {
1164 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid file descriptor name, ignoring: %s", resolved);
1165 return 0;
1166 }
1167
1168 eo = EXEC_OUTPUT_NAMED_FD;
1169
1170 } else if (streq(rvalue, "syslog")) {
1171 eo = EXEC_OUTPUT_JOURNAL;
1172 obsolete = true;
1173
1174 } else if (streq(rvalue, "syslog+console")) {
1175 eo = EXEC_OUTPUT_JOURNAL_AND_CONSOLE;
1176 obsolete = true;
1177
1178 } else if ((n = startswith(rvalue, "file:"))) {
1179
1180 r = unit_full_printf(u, n, &resolved);
1181 if (r < 0) {
1182 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", n);
1183 return 0;
1184 }
1185
1186 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
1187 if (r < 0)
1188 return 0;
1189
1190 eo = EXEC_OUTPUT_FILE;
1191
1192 } else if ((n = startswith(rvalue, "append:"))) {
1193
1194 r = unit_full_printf(u, n, &resolved);
1195 if (r < 0) {
1196 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", n);
1197 return 0;
1198 }
1199
1200 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
1201 if (r < 0)
1202 return 0;
1203
1204 eo = EXEC_OUTPUT_FILE_APPEND;
1205
1206 } else if ((n = startswith(rvalue, "truncate:"))) {
1207
1208 r = unit_full_printf(u, n, &resolved);
1209 if (r < 0) {
1210 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", n);
1211 return 0;
1212 }
1213
1214 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
1215 if (r < 0)
1216 return 0;
1217
1218 eo = EXEC_OUTPUT_FILE_TRUNCATE;
1219 } else {
1220 eo = exec_output_from_string(rvalue);
1221 if (eo < 0) {
1222 log_syntax(unit, LOG_WARNING, filename, line, 0, "Failed to parse output specifier, ignoring: %s", rvalue);
1223 return 0;
1224 }
1225 }
1226
1227 if (obsolete)
1228 log_syntax(unit, LOG_NOTICE, filename, line, 0,
1229 "Standard output type %s is obsolete, automatically updating to %s. Please update your unit file, and consider removing the setting altogether.",
1230 rvalue, exec_output_to_string(eo));
1231
1232 if (streq(lvalue, "StandardOutput")) {
1233 if (eo == EXEC_OUTPUT_NAMED_FD)
1234 free_and_replace(c->stdio_fdname[STDOUT_FILENO], resolved);
1235 else
1236 free_and_replace(c->stdio_file[STDOUT_FILENO], resolved);
1237
1238 c->std_output = eo;
1239
1240 } else {
1241 assert(streq(lvalue, "StandardError"));
1242
1243 if (eo == EXEC_OUTPUT_NAMED_FD)
1244 free_and_replace(c->stdio_fdname[STDERR_FILENO], resolved);
1245 else
1246 free_and_replace(c->stdio_file[STDERR_FILENO], resolved);
1247
1248 c->std_error = eo;
1249 }
1250
1251 return 0;
1252 }
1253
1254 int config_parse_exec_io_class(const char *unit,
1255 const char *filename,
1256 unsigned line,
1257 const char *section,
1258 unsigned section_line,
1259 const char *lvalue,
1260 int ltype,
1261 const char *rvalue,
1262 void *data,
1263 void *userdata) {
1264
1265 ExecContext *c = data;
1266 int x;
1267
1268 assert(filename);
1269 assert(lvalue);
1270 assert(rvalue);
1271 assert(data);
1272
1273 if (isempty(rvalue)) {
1274 c->ioprio_set = false;
1275 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
1276 return 0;
1277 }
1278
1279 x = ioprio_class_from_string(rvalue);
1280 if (x < 0) {
1281 log_syntax(unit, LOG_WARNING, filename, line, 0, "Failed to parse IO scheduling class, ignoring: %s", rvalue);
1282 return 0;
1283 }
1284
1285 c->ioprio = IOPRIO_PRIO_VALUE(x, IOPRIO_PRIO_DATA(c->ioprio));
1286 c->ioprio_set = true;
1287
1288 return 0;
1289 }
1290
1291 int config_parse_exec_io_priority(const char *unit,
1292 const char *filename,
1293 unsigned line,
1294 const char *section,
1295 unsigned section_line,
1296 const char *lvalue,
1297 int ltype,
1298 const char *rvalue,
1299 void *data,
1300 void *userdata) {
1301
1302 ExecContext *c = data;
1303 int i, r;
1304
1305 assert(filename);
1306 assert(lvalue);
1307 assert(rvalue);
1308 assert(data);
1309
1310 if (isempty(rvalue)) {
1311 c->ioprio_set = false;
1312 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
1313 return 0;
1314 }
1315
1316 r = ioprio_parse_priority(rvalue, &i);
1317 if (r < 0) {
1318 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse IO priority, ignoring: %s", rvalue);
1319 return 0;
1320 }
1321
1322 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_PRIO_CLASS(c->ioprio), i);
1323 c->ioprio_set = true;
1324
1325 return 0;
1326 }
1327
1328 int config_parse_exec_cpu_sched_policy(const char *unit,
1329 const char *filename,
1330 unsigned line,
1331 const char *section,
1332 unsigned section_line,
1333 const char *lvalue,
1334 int ltype,
1335 const char *rvalue,
1336 void *data,
1337 void *userdata) {
1338
1339 ExecContext *c = data;
1340 int x;
1341
1342 assert(filename);
1343 assert(lvalue);
1344 assert(rvalue);
1345 assert(data);
1346
1347 if (isempty(rvalue)) {
1348 c->cpu_sched_set = false;
1349 c->cpu_sched_policy = SCHED_OTHER;
1350 c->cpu_sched_priority = 0;
1351 return 0;
1352 }
1353
1354 x = sched_policy_from_string(rvalue);
1355 if (x < 0) {
1356 log_syntax(unit, LOG_WARNING, filename, line, 0, "Failed to parse CPU scheduling policy, ignoring: %s", rvalue);
1357 return 0;
1358 }
1359
1360 c->cpu_sched_policy = x;
1361 /* Moving to or from real-time policy? We need to adjust the priority */
1362 c->cpu_sched_priority = CLAMP(c->cpu_sched_priority, sched_get_priority_min(x), sched_get_priority_max(x));
1363 c->cpu_sched_set = true;
1364
1365 return 0;
1366 }
1367
1368 int config_parse_exec_mount_apivfs(const char *unit,
1369 const char *filename,
1370 unsigned line,
1371 const char *section,
1372 unsigned section_line,
1373 const char *lvalue,
1374 int ltype,
1375 const char *rvalue,
1376 void *data,
1377 void *userdata) {
1378
1379 ExecContext *c = data;
1380 int k;
1381
1382 assert(filename);
1383 assert(lvalue);
1384 assert(rvalue);
1385 assert(data);
1386
1387 if (isempty(rvalue)) {
1388 c->mount_apivfs_set = false;
1389 c->mount_apivfs = false;
1390 return 0;
1391 }
1392
1393 k = parse_boolean(rvalue);
1394 if (k < 0) {
1395 log_syntax(unit, LOG_WARNING, filename, line, k,
1396 "Failed to parse boolean value, ignoring: %s",
1397 rvalue);
1398 return 0;
1399 }
1400
1401 c->mount_apivfs_set = true;
1402 c->mount_apivfs = k;
1403 return 0;
1404 }
1405
1406 int config_parse_numa_mask(const char *unit,
1407 const char *filename,
1408 unsigned line,
1409 const char *section,
1410 unsigned section_line,
1411 const char *lvalue,
1412 int ltype,
1413 const char *rvalue,
1414 void *data,
1415 void *userdata) {
1416 int r;
1417 NUMAPolicy *p = data;
1418
1419 assert(filename);
1420 assert(lvalue);
1421 assert(rvalue);
1422 assert(data);
1423
1424 if (streq(rvalue, "all")) {
1425 r = numa_mask_add_all(&p->nodes);
1426 if (r < 0)
1427 log_syntax(unit, LOG_WARNING, filename, line, r,
1428 "Failed to create NUMA mask representing \"all\" NUMA nodes, ignoring: %m");
1429 } else {
1430 r = parse_cpu_set_extend(rvalue, &p->nodes, true, unit, filename, line, lvalue);
1431 if (r < 0)
1432 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse NUMA node mask, ignoring: %s", rvalue);
1433 }
1434
1435 return 0;
1436 }
1437
1438 int config_parse_exec_cpu_sched_prio(const char *unit,
1439 const char *filename,
1440 unsigned line,
1441 const char *section,
1442 unsigned section_line,
1443 const char *lvalue,
1444 int ltype,
1445 const char *rvalue,
1446 void *data,
1447 void *userdata) {
1448
1449 ExecContext *c = data;
1450 int i, min, max, r;
1451
1452 assert(filename);
1453 assert(lvalue);
1454 assert(rvalue);
1455 assert(data);
1456
1457 r = safe_atoi(rvalue, &i);
1458 if (r < 0) {
1459 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse CPU scheduling priority, ignoring: %s", rvalue);
1460 return 0;
1461 }
1462
1463 /* On Linux RR/FIFO range from 1 to 99 and OTHER/BATCH may only be 0 */
1464 min = sched_get_priority_min(c->cpu_sched_policy);
1465 max = sched_get_priority_max(c->cpu_sched_policy);
1466
1467 if (i < min || i > max) {
1468 log_syntax(unit, LOG_WARNING, filename, line, 0, "CPU scheduling priority is out of range, ignoring: %s", rvalue);
1469 return 0;
1470 }
1471
1472 c->cpu_sched_priority = i;
1473 c->cpu_sched_set = true;
1474
1475 return 0;
1476 }
1477
1478 int config_parse_root_image_options(
1479 const char *unit,
1480 const char *filename,
1481 unsigned line,
1482 const char *section,
1483 unsigned section_line,
1484 const char *lvalue,
1485 int ltype,
1486 const char *rvalue,
1487 void *data,
1488 void *userdata) {
1489
1490 _cleanup_(mount_options_free_allp) MountOptions *options = NULL;
1491 _cleanup_strv_free_ char **l = NULL;
1492 char **first = NULL, **second = NULL;
1493 ExecContext *c = data;
1494 const Unit *u = userdata;
1495 int r;
1496
1497 assert(filename);
1498 assert(lvalue);
1499 assert(rvalue);
1500 assert(data);
1501
1502 if (isempty(rvalue)) {
1503 c->root_image_options = mount_options_free_all(c->root_image_options);
1504 return 0;
1505 }
1506
1507 r = strv_split_colon_pairs(&l, rvalue);
1508 if (r == -ENOMEM)
1509 return log_oom();
1510 if (r < 0) {
1511 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s, ignoring: %s", lvalue, rvalue);
1512 return 0;
1513 }
1514
1515 STRV_FOREACH_PAIR(first, second, l) {
1516 MountOptions *o = NULL;
1517 _cleanup_free_ char *mount_options_resolved = NULL;
1518 const char *mount_options = NULL, *partition = "root";
1519 PartitionDesignator partition_designator;
1520
1521 /* Format is either 'root:foo' or 'foo' (root is implied) */
1522 if (!isempty(*second)) {
1523 partition = *first;
1524 mount_options = *second;
1525 } else
1526 mount_options = *first;
1527
1528 partition_designator = partition_designator_from_string(partition);
1529 if (partition_designator < 0) {
1530 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid partition name %s, ignoring", partition);
1531 continue;
1532 }
1533 r = unit_full_printf(u, mount_options, &mount_options_resolved);
1534 if (r < 0) {
1535 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options);
1536 continue;
1537 }
1538
1539 o = new(MountOptions, 1);
1540 if (!o)
1541 return log_oom();
1542 *o = (MountOptions) {
1543 .partition_designator = partition_designator,
1544 .options = TAKE_PTR(mount_options_resolved),
1545 };
1546 LIST_APPEND(mount_options, options, TAKE_PTR(o));
1547 }
1548
1549 /* empty spaces/separators only */
1550 if (LIST_IS_EMPTY(options))
1551 c->root_image_options = mount_options_free_all(c->root_image_options);
1552 else
1553 LIST_JOIN(mount_options, c->root_image_options, options);
1554
1555 return 0;
1556 }
1557
1558 int config_parse_exec_root_hash(
1559 const char *unit,
1560 const char *filename,
1561 unsigned line,
1562 const char *section,
1563 unsigned section_line,
1564 const char *lvalue,
1565 int ltype,
1566 const char *rvalue,
1567 void *data,
1568 void *userdata) {
1569
1570 _cleanup_free_ void *roothash_decoded = NULL;
1571 ExecContext *c = data;
1572 size_t roothash_decoded_size = 0;
1573 int r;
1574
1575 assert(data);
1576 assert(filename);
1577 assert(line);
1578 assert(rvalue);
1579
1580 if (isempty(rvalue)) {
1581 /* Reset if the empty string is assigned */
1582 c->root_hash_path = mfree(c->root_hash_path);
1583 c->root_hash = mfree(c->root_hash);
1584 c->root_hash_size = 0;
1585 return 0;
1586 }
1587
1588 if (path_is_absolute(rvalue)) {
1589 /* We have the path to a roothash to load and decode, eg: RootHash=/foo/bar.roothash */
1590 _cleanup_free_ char *p = NULL;
1591
1592 p = strdup(rvalue);
1593 if (!p)
1594 return -ENOMEM;
1595
1596 free_and_replace(c->root_hash_path, p);
1597 c->root_hash = mfree(c->root_hash);
1598 c->root_hash_size = 0;
1599 return 0;
1600 }
1601
1602 /* We have a roothash to decode, eg: RootHash=012345789abcdef */
1603 r = unhexmem(rvalue, strlen(rvalue), &roothash_decoded, &roothash_decoded_size);
1604 if (r < 0) {
1605 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to decode RootHash=, ignoring: %s", rvalue);
1606 return 0;
1607 }
1608 if (roothash_decoded_size < sizeof(sd_id128_t)) {
1609 log_syntax(unit, LOG_WARNING, filename, line, 0, "RootHash= is too short, ignoring: %s", rvalue);
1610 return 0;
1611 }
1612
1613 free_and_replace(c->root_hash, roothash_decoded);
1614 c->root_hash_size = roothash_decoded_size;
1615 c->root_hash_path = mfree(c->root_hash_path);
1616
1617 return 0;
1618 }
1619
1620 int config_parse_exec_root_hash_sig(
1621 const char *unit,
1622 const char *filename,
1623 unsigned line,
1624 const char *section,
1625 unsigned section_line,
1626 const char *lvalue,
1627 int ltype,
1628 const char *rvalue,
1629 void *data,
1630 void *userdata) {
1631
1632 _cleanup_free_ void *roothash_sig_decoded = NULL;
1633 char *value;
1634 ExecContext *c = data;
1635 size_t roothash_sig_decoded_size = 0;
1636 int r;
1637
1638 assert(data);
1639 assert(filename);
1640 assert(line);
1641 assert(rvalue);
1642
1643 if (isempty(rvalue)) {
1644 /* Reset if the empty string is assigned */
1645 c->root_hash_sig_path = mfree(c->root_hash_sig_path);
1646 c->root_hash_sig = mfree(c->root_hash_sig);
1647 c->root_hash_sig_size = 0;
1648 return 0;
1649 }
1650
1651 if (path_is_absolute(rvalue)) {
1652 /* We have the path to a roothash signature to load and decode, eg: RootHashSignature=/foo/bar.roothash.p7s */
1653 _cleanup_free_ char *p = NULL;
1654
1655 p = strdup(rvalue);
1656 if (!p)
1657 return log_oom();
1658
1659 free_and_replace(c->root_hash_sig_path, p);
1660 c->root_hash_sig = mfree(c->root_hash_sig);
1661 c->root_hash_sig_size = 0;
1662 return 0;
1663 }
1664
1665 if (!(value = startswith(rvalue, "base64:"))) {
1666 log_syntax(unit, LOG_WARNING, filename, line, 0,
1667 "Failed to decode RootHashSignature=, not a path but doesn't start with 'base64:', ignoring: %s", rvalue);
1668 return 0;
1669 }
1670
1671 /* We have a roothash signature to decode, eg: RootHashSignature=base64:012345789abcdef */
1672 r = unbase64mem(value, strlen(value), &roothash_sig_decoded, &roothash_sig_decoded_size);
1673 if (r < 0) {
1674 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to decode RootHashSignature=, ignoring: %s", rvalue);
1675 return 0;
1676 }
1677
1678 free_and_replace(c->root_hash_sig, roothash_sig_decoded);
1679 c->root_hash_sig_size = roothash_sig_decoded_size;
1680 c->root_hash_sig_path = mfree(c->root_hash_sig_path);
1681
1682 return 0;
1683 }
1684
1685 int config_parse_exec_cpu_affinity(const char *unit,
1686 const char *filename,
1687 unsigned line,
1688 const char *section,
1689 unsigned section_line,
1690 const char *lvalue,
1691 int ltype,
1692 const char *rvalue,
1693 void *data,
1694 void *userdata) {
1695
1696 ExecContext *c = data;
1697 int r;
1698
1699 assert(filename);
1700 assert(lvalue);
1701 assert(rvalue);
1702 assert(data);
1703
1704 if (streq(rvalue, "numa")) {
1705 c->cpu_affinity_from_numa = true;
1706 cpu_set_reset(&c->cpu_set);
1707
1708 return 0;
1709 }
1710
1711 r = parse_cpu_set_extend(rvalue, &c->cpu_set, true, unit, filename, line, lvalue);
1712 if (r >= 0)
1713 c->cpu_affinity_from_numa = false;
1714
1715 return r;
1716 }
1717
1718 int config_parse_capability_set(
1719 const char *unit,
1720 const char *filename,
1721 unsigned line,
1722 const char *section,
1723 unsigned section_line,
1724 const char *lvalue,
1725 int ltype,
1726 const char *rvalue,
1727 void *data,
1728 void *userdata) {
1729
1730 uint64_t *capability_set = data;
1731 uint64_t sum = 0, initial = 0;
1732 bool invert = false;
1733 int r;
1734
1735 assert(filename);
1736 assert(lvalue);
1737 assert(rvalue);
1738 assert(data);
1739
1740 if (rvalue[0] == '~') {
1741 invert = true;
1742 rvalue++;
1743 }
1744
1745 if (streq(lvalue, "CapabilityBoundingSet"))
1746 initial = CAP_ALL; /* initialized to all bits on */
1747 /* else "AmbientCapabilities" initialized to all bits off */
1748
1749 r = capability_set_from_string(rvalue, &sum);
1750 if (r < 0) {
1751 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s= specifier '%s', ignoring: %m", lvalue, rvalue);
1752 return 0;
1753 }
1754
1755 if (sum == 0 || *capability_set == initial)
1756 /* "", "~" or uninitialized data -> replace */
1757 *capability_set = invert ? ~sum : sum;
1758 else {
1759 /* previous data -> merge */
1760 if (invert)
1761 *capability_set &= ~sum;
1762 else
1763 *capability_set |= sum;
1764 }
1765
1766 return 0;
1767 }
1768
1769 int config_parse_exec_selinux_context(
1770 const char *unit,
1771 const char *filename,
1772 unsigned line,
1773 const char *section,
1774 unsigned section_line,
1775 const char *lvalue,
1776 int ltype,
1777 const char *rvalue,
1778 void *data,
1779 void *userdata) {
1780
1781 ExecContext *c = data;
1782 const Unit *u = userdata;
1783 bool ignore;
1784 char *k;
1785 int r;
1786
1787 assert(filename);
1788 assert(lvalue);
1789 assert(rvalue);
1790 assert(data);
1791
1792 if (isempty(rvalue)) {
1793 c->selinux_context = mfree(c->selinux_context);
1794 c->selinux_context_ignore = false;
1795 return 0;
1796 }
1797
1798 if (rvalue[0] == '-') {
1799 ignore = true;
1800 rvalue++;
1801 } else
1802 ignore = false;
1803
1804 r = unit_full_printf(u, rvalue, &k);
1805 if (r < 0) {
1806 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
1807 "Failed to resolve unit specifiers in '%s'%s: %m",
1808 rvalue, ignore ? ", ignoring" : "");
1809 return ignore ? 0 : -ENOEXEC;
1810 }
1811
1812 free_and_replace(c->selinux_context, k);
1813 c->selinux_context_ignore = ignore;
1814
1815 return 0;
1816 }
1817
1818 int config_parse_exec_apparmor_profile(
1819 const char *unit,
1820 const char *filename,
1821 unsigned line,
1822 const char *section,
1823 unsigned section_line,
1824 const char *lvalue,
1825 int ltype,
1826 const char *rvalue,
1827 void *data,
1828 void *userdata) {
1829
1830 ExecContext *c = data;
1831 const Unit *u = userdata;
1832 bool ignore;
1833 char *k;
1834 int r;
1835
1836 assert(filename);
1837 assert(lvalue);
1838 assert(rvalue);
1839 assert(data);
1840
1841 if (isempty(rvalue)) {
1842 c->apparmor_profile = mfree(c->apparmor_profile);
1843 c->apparmor_profile_ignore = false;
1844 return 0;
1845 }
1846
1847 if (rvalue[0] == '-') {
1848 ignore = true;
1849 rvalue++;
1850 } else
1851 ignore = false;
1852
1853 r = unit_full_printf(u, rvalue, &k);
1854 if (r < 0) {
1855 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
1856 "Failed to resolve unit specifiers in '%s'%s: %m",
1857 rvalue, ignore ? ", ignoring" : "");
1858 return ignore ? 0 : -ENOEXEC;
1859 }
1860
1861 free_and_replace(c->apparmor_profile, k);
1862 c->apparmor_profile_ignore = ignore;
1863
1864 return 0;
1865 }
1866
1867 int config_parse_exec_smack_process_label(
1868 const char *unit,
1869 const char *filename,
1870 unsigned line,
1871 const char *section,
1872 unsigned section_line,
1873 const char *lvalue,
1874 int ltype,
1875 const char *rvalue,
1876 void *data,
1877 void *userdata) {
1878
1879 ExecContext *c = data;
1880 const Unit *u = userdata;
1881 bool ignore;
1882 char *k;
1883 int r;
1884
1885 assert(filename);
1886 assert(lvalue);
1887 assert(rvalue);
1888 assert(data);
1889
1890 if (isempty(rvalue)) {
1891 c->smack_process_label = mfree(c->smack_process_label);
1892 c->smack_process_label_ignore = false;
1893 return 0;
1894 }
1895
1896 if (rvalue[0] == '-') {
1897 ignore = true;
1898 rvalue++;
1899 } else
1900 ignore = false;
1901
1902 r = unit_full_printf(u, rvalue, &k);
1903 if (r < 0) {
1904 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
1905 "Failed to resolve unit specifiers in '%s'%s: %m",
1906 rvalue, ignore ? ", ignoring" : "");
1907 return ignore ? 0 : -ENOEXEC;
1908 }
1909
1910 free_and_replace(c->smack_process_label, k);
1911 c->smack_process_label_ignore = ignore;
1912
1913 return 0;
1914 }
1915
1916 int config_parse_timer(
1917 const char *unit,
1918 const char *filename,
1919 unsigned line,
1920 const char *section,
1921 unsigned section_line,
1922 const char *lvalue,
1923 int ltype,
1924 const char *rvalue,
1925 void *data,
1926 void *userdata) {
1927
1928 _cleanup_(calendar_spec_freep) CalendarSpec *c = NULL;
1929 _cleanup_free_ char *k = NULL;
1930 const Unit *u = userdata;
1931 Timer *t = data;
1932 usec_t usec = 0;
1933 TimerValue *v;
1934 int r;
1935
1936 assert(filename);
1937 assert(lvalue);
1938 assert(rvalue);
1939 assert(data);
1940
1941 if (isempty(rvalue)) {
1942 /* Empty assignment resets list */
1943 timer_free_values(t);
1944 return 0;
1945 }
1946
1947 r = unit_full_printf(u, rvalue, &k);
1948 if (r < 0) {
1949 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
1950 return 0;
1951 }
1952
1953 if (ltype == TIMER_CALENDAR) {
1954 r = calendar_spec_from_string(k, &c);
1955 if (r < 0) {
1956 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse calendar specification, ignoring: %s", k);
1957 return 0;
1958 }
1959 } else {
1960 r = parse_sec(k, &usec);
1961 if (r < 0) {
1962 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse timer value, ignoring: %s", k);
1963 return 0;
1964 }
1965 }
1966
1967 v = new(TimerValue, 1);
1968 if (!v)
1969 return log_oom();
1970
1971 *v = (TimerValue) {
1972 .base = ltype,
1973 .value = usec,
1974 .calendar_spec = TAKE_PTR(c),
1975 };
1976
1977 LIST_PREPEND(value, t->values, v);
1978
1979 return 0;
1980 }
1981
1982 int config_parse_trigger_unit(
1983 const char *unit,
1984 const char *filename,
1985 unsigned line,
1986 const char *section,
1987 unsigned section_line,
1988 const char *lvalue,
1989 int ltype,
1990 const char *rvalue,
1991 void *data,
1992 void *userdata) {
1993
1994 _cleanup_free_ char *p = NULL;
1995 Unit *u = data;
1996 UnitType type;
1997 int r;
1998
1999 assert(filename);
2000 assert(lvalue);
2001 assert(rvalue);
2002 assert(data);
2003
2004 if (!hashmap_isempty(u->dependencies[UNIT_TRIGGERS])) {
2005 log_syntax(unit, LOG_WARNING, filename, line, 0, "Multiple units to trigger specified, ignoring: %s", rvalue);
2006 return 0;
2007 }
2008
2009 r = unit_name_printf(u, rvalue, &p);
2010 if (r < 0) {
2011 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2012 return 0;
2013 }
2014
2015 type = unit_name_to_type(p);
2016 if (type < 0) {
2017 log_syntax(unit, LOG_WARNING, filename, line, 0, "Unit type not valid, ignoring: %s", rvalue);
2018 return 0;
2019 }
2020 if (unit_has_name(u, p)) {
2021 log_syntax(unit, LOG_WARNING, filename, line, 0, "Units cannot trigger themselves, ignoring: %s", rvalue);
2022 return 0;
2023 }
2024
2025 r = unit_add_two_dependencies_by_name(u, UNIT_BEFORE, UNIT_TRIGGERS, p, true, UNIT_DEPENDENCY_FILE);
2026 if (r < 0) {
2027 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to add trigger on %s, ignoring: %m", p);
2028 return 0;
2029 }
2030
2031 return 0;
2032 }
2033
2034 int config_parse_path_spec(const char *unit,
2035 const char *filename,
2036 unsigned line,
2037 const char *section,
2038 unsigned section_line,
2039 const char *lvalue,
2040 int ltype,
2041 const char *rvalue,
2042 void *data,
2043 void *userdata) {
2044
2045 Path *p = data;
2046 PathSpec *s;
2047 PathType b;
2048 _cleanup_free_ char *k = NULL;
2049 int r;
2050
2051 assert(filename);
2052 assert(lvalue);
2053 assert(rvalue);
2054 assert(data);
2055
2056 if (isempty(rvalue)) {
2057 /* Empty assignment clears list */
2058 path_free_specs(p);
2059 return 0;
2060 }
2061
2062 b = path_type_from_string(lvalue);
2063 if (b < 0) {
2064 log_syntax(unit, LOG_WARNING, filename, line, 0, "Failed to parse path type, ignoring: %s", lvalue);
2065 return 0;
2066 }
2067
2068 r = unit_full_printf(UNIT(p), rvalue, &k);
2069 if (r < 0) {
2070 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2071 return 0;
2072 }
2073
2074 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2075 if (r < 0)
2076 return 0;
2077
2078 s = new0(PathSpec, 1);
2079 if (!s)
2080 return log_oom();
2081
2082 s->unit = UNIT(p);
2083 s->path = TAKE_PTR(k);
2084 s->type = b;
2085 s->inotify_fd = -1;
2086
2087 LIST_PREPEND(spec, p->specs, s);
2088
2089 return 0;
2090 }
2091
2092 int config_parse_socket_service(
2093 const char *unit,
2094 const char *filename,
2095 unsigned line,
2096 const char *section,
2097 unsigned section_line,
2098 const char *lvalue,
2099 int ltype,
2100 const char *rvalue,
2101 void *data,
2102 void *userdata) {
2103
2104 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2105 _cleanup_free_ char *p = NULL;
2106 Socket *s = data;
2107 Unit *x;
2108 int r;
2109
2110 assert(filename);
2111 assert(lvalue);
2112 assert(rvalue);
2113 assert(data);
2114
2115 r = unit_name_printf(UNIT(s), rvalue, &p);
2116 if (r < 0) {
2117 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2118 return 0;
2119 }
2120
2121 if (!endswith(p, ".service")) {
2122 log_syntax(unit, LOG_WARNING, filename, line, 0, "Unit must be of type service, ignoring: %s", rvalue);
2123 return 0;
2124 }
2125
2126 r = manager_load_unit(UNIT(s)->manager, p, NULL, &error, &x);
2127 if (r < 0) {
2128 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to load unit %s, ignoring: %s", rvalue, bus_error_message(&error, r));
2129 return 0;
2130 }
2131
2132 unit_ref_set(&s->service, UNIT(s), x);
2133
2134 return 0;
2135 }
2136
2137 int config_parse_fdname(
2138 const char *unit,
2139 const char *filename,
2140 unsigned line,
2141 const char *section,
2142 unsigned section_line,
2143 const char *lvalue,
2144 int ltype,
2145 const char *rvalue,
2146 void *data,
2147 void *userdata) {
2148
2149 _cleanup_free_ char *p = NULL;
2150 Socket *s = data;
2151 int r;
2152
2153 assert(filename);
2154 assert(lvalue);
2155 assert(rvalue);
2156 assert(data);
2157
2158 if (isempty(rvalue)) {
2159 s->fdname = mfree(s->fdname);
2160 return 0;
2161 }
2162
2163 r = unit_full_printf(UNIT(s), rvalue, &p);
2164 if (r < 0) {
2165 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
2166 return 0;
2167 }
2168
2169 if (!fdname_is_valid(p)) {
2170 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid file descriptor name, ignoring: %s", p);
2171 return 0;
2172 }
2173
2174 return free_and_replace(s->fdname, p);
2175 }
2176
2177 int config_parse_service_sockets(
2178 const char *unit,
2179 const char *filename,
2180 unsigned line,
2181 const char *section,
2182 unsigned section_line,
2183 const char *lvalue,
2184 int ltype,
2185 const char *rvalue,
2186 void *data,
2187 void *userdata) {
2188
2189 Service *s = data;
2190 int r;
2191
2192 assert(filename);
2193 assert(lvalue);
2194 assert(rvalue);
2195 assert(data);
2196
2197 for (const char *p = rvalue;;) {
2198 _cleanup_free_ char *word = NULL, *k = NULL;
2199
2200 r = extract_first_word(&p, &word, NULL, 0);
2201 if (r == 0)
2202 return 0;
2203 if (r == -ENOMEM)
2204 return log_oom();
2205 if (r < 0) {
2206 log_syntax(unit, LOG_WARNING, filename, line, r, "Trailing garbage in sockets, ignoring: %s", rvalue);
2207 return 0;
2208 }
2209
2210 r = unit_name_printf(UNIT(s), word, &k);
2211 if (r < 0) {
2212 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
2213 continue;
2214 }
2215
2216 if (!endswith(k, ".socket")) {
2217 log_syntax(unit, LOG_WARNING, filename, line, 0, "Unit must be of type socket, ignoring: %s", k);
2218 continue;
2219 }
2220
2221 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_WANTS, UNIT_AFTER, k, true, UNIT_DEPENDENCY_FILE);
2222 if (r < 0)
2223 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
2224
2225 r = unit_add_dependency_by_name(UNIT(s), UNIT_TRIGGERED_BY, k, true, UNIT_DEPENDENCY_FILE);
2226 if (r < 0)
2227 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
2228 }
2229 }
2230
2231 int config_parse_bus_name(
2232 const char *unit,
2233 const char *filename,
2234 unsigned line,
2235 const char *section,
2236 unsigned section_line,
2237 const char *lvalue,
2238 int ltype,
2239 const char *rvalue,
2240 void *data,
2241 void *userdata) {
2242
2243 _cleanup_free_ char *k = NULL;
2244 const Unit *u = userdata;
2245 int r;
2246
2247 assert(filename);
2248 assert(lvalue);
2249 assert(rvalue);
2250 assert(u);
2251
2252 r = unit_full_printf(u, rvalue, &k);
2253 if (r < 0) {
2254 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2255 return 0;
2256 }
2257
2258 if (!sd_bus_service_name_is_valid(k)) {
2259 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid bus name, ignoring: %s", k);
2260 return 0;
2261 }
2262
2263 return config_parse_string(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
2264 }
2265
2266 int config_parse_service_timeout(
2267 const char *unit,
2268 const char *filename,
2269 unsigned line,
2270 const char *section,
2271 unsigned section_line,
2272 const char *lvalue,
2273 int ltype,
2274 const char *rvalue,
2275 void *data,
2276 void *userdata) {
2277
2278 Service *s = userdata;
2279 usec_t usec;
2280 int r;
2281
2282 assert(filename);
2283 assert(lvalue);
2284 assert(rvalue);
2285 assert(s);
2286
2287 /* This is called for two cases: TimeoutSec= and TimeoutStartSec=. */
2288
2289 /* Traditionally, these options accepted 0 to disable the timeouts. However, a timeout of 0 suggests it happens
2290 * immediately, hence fix this to become USEC_INFINITY instead. This is in-line with how we internally handle
2291 * all other timeouts. */
2292 r = parse_sec_fix_0(rvalue, &usec);
2293 if (r < 0) {
2294 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s= parameter, ignoring: %s", lvalue, rvalue);
2295 return 0;
2296 }
2297
2298 s->start_timeout_defined = true;
2299 s->timeout_start_usec = usec;
2300
2301 if (streq(lvalue, "TimeoutSec"))
2302 s->timeout_stop_usec = usec;
2303
2304 return 0;
2305 }
2306
2307 int config_parse_timeout_abort(
2308 const char *unit,
2309 const char *filename,
2310 unsigned line,
2311 const char *section,
2312 unsigned section_line,
2313 const char *lvalue,
2314 int ltype,
2315 const char *rvalue,
2316 void *data,
2317 void *userdata) {
2318
2319 usec_t *ret = data;
2320 int r;
2321
2322 assert(filename);
2323 assert(lvalue);
2324 assert(rvalue);
2325 assert(ret);
2326
2327 /* Note: apart from setting the arg, this returns an extra bit of information in the return value. */
2328
2329 if (isempty(rvalue)) {
2330 *ret = 0;
2331 return 0; /* "not set" */
2332 }
2333
2334 r = parse_sec(rvalue, ret);
2335 if (r < 0)
2336 return log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s= setting, ignoring: %s", lvalue, rvalue);
2337
2338 return 1; /* "set" */
2339 }
2340
2341 int config_parse_service_timeout_abort(
2342 const char *unit,
2343 const char *filename,
2344 unsigned line,
2345 const char *section,
2346 unsigned section_line,
2347 const char *lvalue,
2348 int ltype,
2349 const char *rvalue,
2350 void *data,
2351 void *userdata) {
2352
2353 Service *s = userdata;
2354 int r;
2355
2356 assert(s);
2357
2358 r = config_parse_timeout_abort(unit, filename, line, section, section_line, lvalue, ltype, rvalue,
2359 &s->timeout_abort_usec, s);
2360 if (r >= 0)
2361 s->timeout_abort_set = r;
2362 return 0;
2363 }
2364
2365 int config_parse_sec_fix_0(
2366 const char *unit,
2367 const char *filename,
2368 unsigned line,
2369 const char *section,
2370 unsigned section_line,
2371 const char *lvalue,
2372 int ltype,
2373 const char *rvalue,
2374 void *data,
2375 void *userdata) {
2376
2377 usec_t *usec = data;
2378 int r;
2379
2380 assert(filename);
2381 assert(lvalue);
2382 assert(rvalue);
2383 assert(usec);
2384
2385 /* This is pretty much like config_parse_sec(), except that this treats a time of 0 as infinity, for
2386 * compatibility with older versions of systemd where 0 instead of infinity was used as indicator to turn off a
2387 * timeout. */
2388
2389 r = parse_sec_fix_0(rvalue, usec);
2390 if (r < 0)
2391 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s= parameter, ignoring: %s", lvalue, rvalue);
2392
2393 return 0;
2394 }
2395
2396 int config_parse_user_group_compat(
2397 const char *unit,
2398 const char *filename,
2399 unsigned line,
2400 const char *section,
2401 unsigned section_line,
2402 const char *lvalue,
2403 int ltype,
2404 const char *rvalue,
2405 void *data,
2406 void *userdata) {
2407
2408 _cleanup_free_ char *k = NULL;
2409 char **user = data;
2410 const Unit *u = userdata;
2411 int r;
2412
2413 assert(filename);
2414 assert(lvalue);
2415 assert(rvalue);
2416 assert(u);
2417
2418 if (isempty(rvalue)) {
2419 *user = mfree(*user);
2420 return 0;
2421 }
2422
2423 r = unit_full_printf(u, rvalue, &k);
2424 if (r < 0) {
2425 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", rvalue);
2426 return -ENOEXEC;
2427 }
2428
2429 if (!valid_user_group_name(k, VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX|VALID_USER_WARN)) {
2430 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
2431 return -ENOEXEC;
2432 }
2433
2434 if (strstr(lvalue, "User") && streq(k, NOBODY_USER_NAME))
2435 log_struct(LOG_NOTICE,
2436 "MESSAGE=%s:%u: Special user %s configured, this is not safe!", filename, line, k,
2437 "UNIT=%s", unit,
2438 "MESSAGE_ID=" SD_MESSAGE_NOBODY_USER_UNSUITABLE_STR,
2439 "OFFENDING_USER=%s", k,
2440 "CONFIG_FILE=%s", filename,
2441 "CONFIG_LINE=%u", line);
2442
2443 return free_and_replace(*user, k);
2444 }
2445
2446 int config_parse_user_group_strv_compat(
2447 const char *unit,
2448 const char *filename,
2449 unsigned line,
2450 const char *section,
2451 unsigned section_line,
2452 const char *lvalue,
2453 int ltype,
2454 const char *rvalue,
2455 void *data,
2456 void *userdata) {
2457
2458 char ***users = data;
2459 const Unit *u = userdata;
2460 int r;
2461
2462 assert(filename);
2463 assert(lvalue);
2464 assert(rvalue);
2465 assert(u);
2466
2467 if (isempty(rvalue)) {
2468 *users = strv_free(*users);
2469 return 0;
2470 }
2471
2472 for (const char *p = rvalue;;) {
2473 _cleanup_free_ char *word = NULL, *k = NULL;
2474
2475 r = extract_first_word(&p, &word, NULL, 0);
2476 if (r == 0)
2477 return 0;
2478 if (r == -ENOMEM)
2479 return log_oom();
2480 if (r < 0) {
2481 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax: %s", rvalue);
2482 return -ENOEXEC;
2483 }
2484
2485 r = unit_full_printf(u, word, &k);
2486 if (r < 0) {
2487 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", word);
2488 return -ENOEXEC;
2489 }
2490
2491 if (!valid_user_group_name(k, VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX|VALID_USER_WARN)) {
2492 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
2493 return -ENOEXEC;
2494 }
2495
2496 r = strv_push(users, k);
2497 if (r < 0)
2498 return log_oom();
2499
2500 k = NULL;
2501 }
2502 }
2503
2504 int config_parse_working_directory(
2505 const char *unit,
2506 const char *filename,
2507 unsigned line,
2508 const char *section,
2509 unsigned section_line,
2510 const char *lvalue,
2511 int ltype,
2512 const char *rvalue,
2513 void *data,
2514 void *userdata) {
2515
2516 ExecContext *c = data;
2517 const Unit *u = userdata;
2518 bool missing_ok;
2519 int r;
2520
2521 assert(filename);
2522 assert(lvalue);
2523 assert(rvalue);
2524 assert(c);
2525 assert(u);
2526
2527 if (isempty(rvalue)) {
2528 c->working_directory_home = false;
2529 c->working_directory = mfree(c->working_directory);
2530 return 0;
2531 }
2532
2533 if (rvalue[0] == '-') {
2534 missing_ok = true;
2535 rvalue++;
2536 } else
2537 missing_ok = false;
2538
2539 if (streq(rvalue, "~")) {
2540 c->working_directory_home = true;
2541 c->working_directory = mfree(c->working_directory);
2542 } else {
2543 _cleanup_free_ char *k = NULL;
2544
2545 r = unit_full_printf(u, rvalue, &k);
2546 if (r < 0) {
2547 log_syntax(unit, missing_ok ? LOG_WARNING : LOG_ERR, filename, line, r,
2548 "Failed to resolve unit specifiers in working directory path '%s'%s: %m",
2549 rvalue, missing_ok ? ", ignoring" : "");
2550 return missing_ok ? 0 : -ENOEXEC;
2551 }
2552
2553 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE | (missing_ok ? 0 : PATH_CHECK_FATAL), unit, filename, line, lvalue);
2554 if (r < 0)
2555 return missing_ok ? 0 : -ENOEXEC;
2556
2557 c->working_directory_home = false;
2558 free_and_replace(c->working_directory, k);
2559 }
2560
2561 c->working_directory_missing_ok = missing_ok;
2562 return 0;
2563 }
2564
2565 int config_parse_unit_env_file(const char *unit,
2566 const char *filename,
2567 unsigned line,
2568 const char *section,
2569 unsigned section_line,
2570 const char *lvalue,
2571 int ltype,
2572 const char *rvalue,
2573 void *data,
2574 void *userdata) {
2575
2576 char ***env = data;
2577 const Unit *u = userdata;
2578 _cleanup_free_ char *n = NULL;
2579 int r;
2580
2581 assert(filename);
2582 assert(lvalue);
2583 assert(rvalue);
2584 assert(data);
2585
2586 if (isempty(rvalue)) {
2587 /* Empty assignment frees the list */
2588 *env = strv_free(*env);
2589 return 0;
2590 }
2591
2592 r = unit_full_printf(u, rvalue, &n);
2593 if (r < 0) {
2594 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
2595 return 0;
2596 }
2597
2598 r = path_simplify_and_warn(n[0] == '-' ? n + 1 : n, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2599 if (r < 0)
2600 return 0;
2601
2602 r = strv_push(env, n);
2603 if (r < 0)
2604 return log_oom();
2605
2606 n = NULL;
2607
2608 return 0;
2609 }
2610
2611 int config_parse_environ(
2612 const char *unit,
2613 const char *filename,
2614 unsigned line,
2615 const char *section,
2616 unsigned section_line,
2617 const char *lvalue,
2618 int ltype,
2619 const char *rvalue,
2620 void *data,
2621 void *userdata) {
2622
2623 const Unit *u = userdata;
2624 char ***env = data;
2625 int r;
2626
2627 assert(filename);
2628 assert(lvalue);
2629 assert(rvalue);
2630 assert(data);
2631
2632 if (isempty(rvalue)) {
2633 /* Empty assignment resets the list */
2634 *env = strv_free(*env);
2635 return 0;
2636 }
2637
2638 for (const char *p = rvalue;; ) {
2639 _cleanup_free_ char *word = NULL, *k = NULL;
2640
2641 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
2642 if (r == 0)
2643 return 0;
2644 if (r == -ENOMEM)
2645 return log_oom();
2646 if (r < 0) {
2647 log_syntax(unit, LOG_WARNING, filename, line, r,
2648 "Invalid syntax, ignoring: %s", rvalue);
2649 return 0;
2650 }
2651
2652 if (u) {
2653 r = unit_full_printf(u, word, &k);
2654 if (r < 0) {
2655 log_syntax(unit, LOG_WARNING, filename, line, r,
2656 "Failed to resolve unit specifiers in %s, ignoring: %m", word);
2657 continue;
2658 }
2659 } else
2660 k = TAKE_PTR(word);
2661
2662 if (!env_assignment_is_valid(k)) {
2663 log_syntax(unit, LOG_WARNING, filename, line, 0,
2664 "Invalid environment assignment, ignoring: %s", k);
2665 continue;
2666 }
2667
2668 r = strv_env_replace(env, k);
2669 if (r < 0)
2670 return log_oom();
2671
2672 k = NULL;
2673 }
2674 }
2675
2676 int config_parse_pass_environ(
2677 const char *unit,
2678 const char *filename,
2679 unsigned line,
2680 const char *section,
2681 unsigned section_line,
2682 const char *lvalue,
2683 int ltype,
2684 const char *rvalue,
2685 void *data,
2686 void *userdata) {
2687
2688 _cleanup_strv_free_ char **n = NULL;
2689 size_t nlen = 0, nbufsize = 0;
2690 char*** passenv = data;
2691 const Unit *u = userdata;
2692 int r;
2693
2694 assert(filename);
2695 assert(lvalue);
2696 assert(rvalue);
2697 assert(data);
2698
2699 if (isempty(rvalue)) {
2700 /* Empty assignment resets the list */
2701 *passenv = strv_free(*passenv);
2702 return 0;
2703 }
2704
2705 for (const char *p = rvalue;;) {
2706 _cleanup_free_ char *word = NULL, *k = NULL;
2707
2708 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
2709 if (r == 0)
2710 break;
2711 if (r == -ENOMEM)
2712 return log_oom();
2713 if (r < 0) {
2714 log_syntax(unit, LOG_WARNING, filename, line, r,
2715 "Trailing garbage in %s, ignoring: %s", lvalue, rvalue);
2716 break;
2717 }
2718
2719 if (u) {
2720 r = unit_full_printf(u, word, &k);
2721 if (r < 0) {
2722 log_syntax(unit, LOG_WARNING, filename, line, r,
2723 "Failed to resolve specifiers in %s, ignoring: %m", word);
2724 continue;
2725 }
2726 } else
2727 k = TAKE_PTR(word);
2728
2729 if (!env_name_is_valid(k)) {
2730 log_syntax(unit, LOG_WARNING, filename, line, 0,
2731 "Invalid environment name for %s, ignoring: %s", lvalue, k);
2732 continue;
2733 }
2734
2735 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
2736 return log_oom();
2737
2738 n[nlen++] = TAKE_PTR(k);
2739 n[nlen] = NULL;
2740 }
2741
2742 if (n) {
2743 r = strv_extend_strv(passenv, n, true);
2744 if (r < 0)
2745 return r;
2746 }
2747
2748 return 0;
2749 }
2750
2751 int config_parse_unset_environ(
2752 const char *unit,
2753 const char *filename,
2754 unsigned line,
2755 const char *section,
2756 unsigned section_line,
2757 const char *lvalue,
2758 int ltype,
2759 const char *rvalue,
2760 void *data,
2761 void *userdata) {
2762
2763 _cleanup_strv_free_ char **n = NULL;
2764 size_t nlen = 0, nbufsize = 0;
2765 char*** unsetenv = data;
2766 const Unit *u = userdata;
2767 int r;
2768
2769 assert(filename);
2770 assert(lvalue);
2771 assert(rvalue);
2772 assert(data);
2773
2774 if (isempty(rvalue)) {
2775 /* Empty assignment resets the list */
2776 *unsetenv = strv_free(*unsetenv);
2777 return 0;
2778 }
2779
2780 for (const char *p = rvalue;;) {
2781 _cleanup_free_ char *word = NULL, *k = NULL;
2782
2783 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
2784 if (r == 0)
2785 break;
2786 if (r == -ENOMEM)
2787 return log_oom();
2788 if (r < 0) {
2789 log_syntax(unit, LOG_WARNING, filename, line, r,
2790 "Trailing garbage in %s, ignoring: %s", lvalue, rvalue);
2791 break;
2792 }
2793
2794 if (u) {
2795 r = unit_full_printf(u, word, &k);
2796 if (r < 0) {
2797 log_syntax(unit, LOG_WARNING, filename, line, r,
2798 "Failed to resolve unit specifiers in %s, ignoring: %m", word);
2799 continue;
2800 }
2801 } else
2802 k = TAKE_PTR(word);
2803
2804 if (!env_assignment_is_valid(k) && !env_name_is_valid(k)) {
2805 log_syntax(unit, LOG_WARNING, filename, line, 0,
2806 "Invalid environment name or assignment %s, ignoring: %s", lvalue, k);
2807 continue;
2808 }
2809
2810 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
2811 return log_oom();
2812
2813 n[nlen++] = TAKE_PTR(k);
2814 n[nlen] = NULL;
2815 }
2816
2817 if (n) {
2818 r = strv_extend_strv(unsetenv, n, true);
2819 if (r < 0)
2820 return r;
2821 }
2822
2823 return 0;
2824 }
2825
2826 int config_parse_log_extra_fields(
2827 const char *unit,
2828 const char *filename,
2829 unsigned line,
2830 const char *section,
2831 unsigned section_line,
2832 const char *lvalue,
2833 int ltype,
2834 const char *rvalue,
2835 void *data,
2836 void *userdata) {
2837
2838 ExecContext *c = data;
2839 const Unit *u = userdata;
2840 int r;
2841
2842 assert(filename);
2843 assert(lvalue);
2844 assert(rvalue);
2845 assert(c);
2846
2847 if (isempty(rvalue)) {
2848 exec_context_free_log_extra_fields(c);
2849 return 0;
2850 }
2851
2852 for (const char *p = rvalue;;) {
2853 _cleanup_free_ char *word = NULL, *k = NULL;
2854 struct iovec *t;
2855 const char *eq;
2856
2857 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
2858 if (r == 0)
2859 return 0;
2860 if (r == -ENOMEM)
2861 return log_oom();
2862 if (r < 0) {
2863 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
2864 return 0;
2865 }
2866
2867 r = unit_full_printf(u, word, &k);
2868 if (r < 0) {
2869 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", word);
2870 continue;
2871 }
2872
2873 eq = strchr(k, '=');
2874 if (!eq) {
2875 log_syntax(unit, LOG_WARNING, filename, line, 0, "Log field lacks '=' character, ignoring: %s", k);
2876 continue;
2877 }
2878
2879 if (!journal_field_valid(k, eq-k, false)) {
2880 log_syntax(unit, LOG_WARNING, filename, line, 0, "Log field name is invalid, ignoring: %s", k);
2881 continue;
2882 }
2883
2884 t = reallocarray(c->log_extra_fields, c->n_log_extra_fields+1, sizeof(struct iovec));
2885 if (!t)
2886 return log_oom();
2887
2888 c->log_extra_fields = t;
2889 c->log_extra_fields[c->n_log_extra_fields++] = IOVEC_MAKE_STRING(k);
2890
2891 k = NULL;
2892 }
2893 }
2894
2895 int config_parse_log_namespace(
2896 const char *unit,
2897 const char *filename,
2898 unsigned line,
2899 const char *section,
2900 unsigned section_line,
2901 const char *lvalue,
2902 int ltype,
2903 const char *rvalue,
2904 void *data,
2905 void *userdata) {
2906
2907 _cleanup_free_ char *k = NULL;
2908 ExecContext *c = data;
2909 const Unit *u = userdata;
2910 int r;
2911
2912 assert(filename);
2913 assert(lvalue);
2914 assert(rvalue);
2915 assert(c);
2916
2917 if (isempty(rvalue)) {
2918 c->log_namespace = mfree(c->log_namespace);
2919 return 0;
2920 }
2921
2922 r = unit_full_printf(u, rvalue, &k);
2923 if (r < 0) {
2924 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2925 return 0;
2926 }
2927
2928 if (!log_namespace_name_valid(k)) {
2929 log_syntax(unit, LOG_WARNING, filename, line, 0, "Specified log namespace name is not valid, ignoring: %s", k);
2930 return 0;
2931 }
2932
2933 free_and_replace(c->log_namespace, k);
2934 return 0;
2935 }
2936
2937 int config_parse_unit_condition_path(
2938 const char *unit,
2939 const char *filename,
2940 unsigned line,
2941 const char *section,
2942 unsigned section_line,
2943 const char *lvalue,
2944 int ltype,
2945 const char *rvalue,
2946 void *data,
2947 void *userdata) {
2948
2949 _cleanup_free_ char *p = NULL;
2950 Condition **list = data, *c;
2951 ConditionType t = ltype;
2952 bool trigger, negate;
2953 const Unit *u = userdata;
2954 int r;
2955
2956 assert(filename);
2957 assert(lvalue);
2958 assert(rvalue);
2959 assert(data);
2960
2961 if (isempty(rvalue)) {
2962 /* Empty assignment resets the list */
2963 *list = condition_free_list(*list);
2964 return 0;
2965 }
2966
2967 trigger = rvalue[0] == '|';
2968 if (trigger)
2969 rvalue++;
2970
2971 negate = rvalue[0] == '!';
2972 if (negate)
2973 rvalue++;
2974
2975 r = unit_full_printf(u, rvalue, &p);
2976 if (r < 0) {
2977 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2978 return 0;
2979 }
2980
2981 r = path_simplify_and_warn(p, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2982 if (r < 0)
2983 return 0;
2984
2985 c = condition_new(t, p, trigger, negate);
2986 if (!c)
2987 return log_oom();
2988
2989 LIST_PREPEND(conditions, *list, c);
2990 return 0;
2991 }
2992
2993 int config_parse_unit_condition_string(
2994 const char *unit,
2995 const char *filename,
2996 unsigned line,
2997 const char *section,
2998 unsigned section_line,
2999 const char *lvalue,
3000 int ltype,
3001 const char *rvalue,
3002 void *data,
3003 void *userdata) {
3004
3005 _cleanup_free_ char *s = NULL;
3006 Condition **list = data, *c;
3007 ConditionType t = ltype;
3008 bool trigger, negate;
3009 const Unit *u = userdata;
3010 int r;
3011
3012 assert(filename);
3013 assert(lvalue);
3014 assert(rvalue);
3015 assert(data);
3016
3017 if (isempty(rvalue)) {
3018 /* Empty assignment resets the list */
3019 *list = condition_free_list(*list);
3020 return 0;
3021 }
3022
3023 trigger = *rvalue == '|';
3024 if (trigger)
3025 rvalue += 1 + strspn(rvalue + 1, WHITESPACE);
3026
3027 negate = *rvalue == '!';
3028 if (negate)
3029 rvalue += 1 + strspn(rvalue + 1, WHITESPACE);
3030
3031 r = unit_full_printf(u, rvalue, &s);
3032 if (r < 0) {
3033 log_syntax(unit, LOG_WARNING, filename, line, r,
3034 "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
3035 return 0;
3036 }
3037
3038 c = condition_new(t, s, trigger, negate);
3039 if (!c)
3040 return log_oom();
3041
3042 LIST_PREPEND(conditions, *list, c);
3043 return 0;
3044 }
3045
3046 int config_parse_unit_requires_mounts_for(
3047 const char *unit,
3048 const char *filename,
3049 unsigned line,
3050 const char *section,
3051 unsigned section_line,
3052 const char *lvalue,
3053 int ltype,
3054 const char *rvalue,
3055 void *data,
3056 void *userdata) {
3057
3058 Unit *u = userdata;
3059 int r;
3060
3061 assert(filename);
3062 assert(lvalue);
3063 assert(rvalue);
3064 assert(data);
3065
3066 for (const char *p = rvalue;;) {
3067 _cleanup_free_ char *word = NULL, *resolved = NULL;
3068
3069 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
3070 if (r == 0)
3071 return 0;
3072 if (r == -ENOMEM)
3073 return log_oom();
3074 if (r < 0) {
3075 log_syntax(unit, LOG_WARNING, filename, line, r,
3076 "Invalid syntax, ignoring: %s", rvalue);
3077 return 0;
3078 }
3079
3080 r = unit_full_printf(u, word, &resolved);
3081 if (r < 0) {
3082 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
3083 continue;
3084 }
3085
3086 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
3087 if (r < 0)
3088 continue;
3089
3090 r = unit_require_mounts_for(u, resolved, UNIT_DEPENDENCY_FILE);
3091 if (r < 0) {
3092 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to add required mount '%s', ignoring: %m", resolved);
3093 continue;
3094 }
3095 }
3096 }
3097
3098 int config_parse_documentation(const char *unit,
3099 const char *filename,
3100 unsigned line,
3101 const char *section,
3102 unsigned section_line,
3103 const char *lvalue,
3104 int ltype,
3105 const char *rvalue,
3106 void *data,
3107 void *userdata) {
3108
3109 Unit *u = userdata;
3110 int r;
3111 char **a, **b;
3112
3113 assert(filename);
3114 assert(lvalue);
3115 assert(rvalue);
3116 assert(u);
3117
3118 if (isempty(rvalue)) {
3119 /* Empty assignment resets the list */
3120 u->documentation = strv_free(u->documentation);
3121 return 0;
3122 }
3123
3124 r = config_parse_unit_strv_printf(unit, filename, line, section, section_line, lvalue, ltype,
3125 rvalue, data, userdata);
3126 if (r < 0)
3127 return r;
3128
3129 for (a = b = u->documentation; a && *a; a++) {
3130
3131 if (documentation_url_is_valid(*a))
3132 *(b++) = *a;
3133 else {
3134 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid URL, ignoring: %s", *a);
3135 free(*a);
3136 }
3137 }
3138 if (b)
3139 *b = NULL;
3140
3141 return r;
3142 }
3143
3144 #if HAVE_SECCOMP
3145 int config_parse_syscall_filter(
3146 const char *unit,
3147 const char *filename,
3148 unsigned line,
3149 const char *section,
3150 unsigned section_line,
3151 const char *lvalue,
3152 int ltype,
3153 const char *rvalue,
3154 void *data,
3155 void *userdata) {
3156
3157 ExecContext *c = data;
3158 _unused_ const Unit *u = userdata;
3159 bool invert = false;
3160 int r;
3161
3162 assert(filename);
3163 assert(lvalue);
3164 assert(rvalue);
3165 assert(u);
3166
3167 if (isempty(rvalue)) {
3168 /* Empty assignment resets the list */
3169 c->syscall_filter = hashmap_free(c->syscall_filter);
3170 c->syscall_allow_list = false;
3171 return 0;
3172 }
3173
3174 if (rvalue[0] == '~') {
3175 invert = true;
3176 rvalue++;
3177 }
3178
3179 if (!c->syscall_filter) {
3180 c->syscall_filter = hashmap_new(NULL);
3181 if (!c->syscall_filter)
3182 return log_oom();
3183
3184 if (invert)
3185 /* Allow everything but the ones listed */
3186 c->syscall_allow_list = false;
3187 else {
3188 /* Allow nothing but the ones listed */
3189 c->syscall_allow_list = true;
3190
3191 /* Accept default syscalls if we are on a allow_list */
3192 r = seccomp_parse_syscall_filter(
3193 "@default", -1, c->syscall_filter,
3194 SECCOMP_PARSE_PERMISSIVE|SECCOMP_PARSE_ALLOW_LIST,
3195 unit,
3196 NULL, 0);
3197 if (r < 0)
3198 return r;
3199 }
3200 }
3201
3202 for (const char *p = rvalue;;) {
3203 _cleanup_free_ char *word = NULL, *name = NULL;
3204 int num;
3205
3206 r = extract_first_word(&p, &word, NULL, 0);
3207 if (r == 0)
3208 return 0;
3209 if (r == -ENOMEM)
3210 return log_oom();
3211 if (r < 0) {
3212 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
3213 return 0;
3214 }
3215
3216 r = parse_syscall_and_errno(word, &name, &num);
3217 if (r < 0) {
3218 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse syscall:errno, ignoring: %s", word);
3219 continue;
3220 }
3221
3222 r = seccomp_parse_syscall_filter(
3223 name, num, c->syscall_filter,
3224 SECCOMP_PARSE_LOG|SECCOMP_PARSE_PERMISSIVE|
3225 (invert ? SECCOMP_PARSE_INVERT : 0)|
3226 (c->syscall_allow_list ? SECCOMP_PARSE_ALLOW_LIST : 0),
3227 unit, filename, line);
3228 if (r < 0)
3229 return r;
3230 }
3231 }
3232
3233 int config_parse_syscall_log(
3234 const char *unit,
3235 const char *filename,
3236 unsigned line,
3237 const char *section,
3238 unsigned section_line,
3239 const char *lvalue,
3240 int ltype,
3241 const char *rvalue,
3242 void *data,
3243 void *userdata) {
3244
3245 ExecContext *c = data;
3246 _unused_ const Unit *u = userdata;
3247 bool invert = false;
3248 const char *p;
3249 int r;
3250
3251 assert(filename);
3252 assert(lvalue);
3253 assert(rvalue);
3254 assert(u);
3255
3256 if (isempty(rvalue)) {
3257 /* Empty assignment resets the list */
3258 c->syscall_log = hashmap_free(c->syscall_log);
3259 c->syscall_log_allow_list = false;
3260 return 0;
3261 }
3262
3263 if (rvalue[0] == '~') {
3264 invert = true;
3265 rvalue++;
3266 }
3267
3268 if (!c->syscall_log) {
3269 c->syscall_log = hashmap_new(NULL);
3270 if (!c->syscall_log)
3271 return log_oom();
3272
3273 if (invert)
3274 /* Log everything but the ones listed */
3275 c->syscall_log_allow_list = false;
3276 else
3277 /* Log nothing but the ones listed */
3278 c->syscall_log_allow_list = true;
3279 }
3280
3281 p = rvalue;
3282 for (;;) {
3283 _cleanup_free_ char *word = NULL, *name = NULL;
3284 int num;
3285
3286 r = extract_first_word(&p, &word, NULL, 0);
3287 if (r == 0)
3288 return 0;
3289 if (r == -ENOMEM)
3290 return log_oom();
3291 if (r < 0) {
3292 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
3293 return 0;
3294 }
3295
3296 r = parse_syscall_and_errno(word, &name, &num);
3297 if (r < 0 || num >= 0) { /* errno code not allowed */
3298 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse syscall, ignoring: %s", word);
3299 continue;
3300 }
3301
3302 r = seccomp_parse_syscall_filter(
3303 name, 0, c->syscall_log,
3304 SECCOMP_PARSE_LOG|SECCOMP_PARSE_PERMISSIVE|
3305 (invert ? SECCOMP_PARSE_INVERT : 0)|
3306 (c->syscall_log_allow_list ? SECCOMP_PARSE_ALLOW_LIST : 0),
3307 unit, filename, line);
3308 if (r < 0)
3309 return r;
3310 }
3311 }
3312
3313 int config_parse_syscall_archs(
3314 const char *unit,
3315 const char *filename,
3316 unsigned line,
3317 const char *section,
3318 unsigned section_line,
3319 const char *lvalue,
3320 int ltype,
3321 const char *rvalue,
3322 void *data,
3323 void *userdata) {
3324
3325 Set **archs = data;
3326 int r;
3327
3328 if (isempty(rvalue)) {
3329 *archs = set_free(*archs);
3330 return 0;
3331 }
3332
3333 for (const char *p = rvalue;;) {
3334 _cleanup_free_ char *word = NULL;
3335 uint32_t a;
3336
3337 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
3338 if (r == 0)
3339 return 0;
3340 if (r == -ENOMEM)
3341 return log_oom();
3342 if (r < 0) {
3343 log_syntax(unit, LOG_WARNING, filename, line, r,
3344 "Invalid syntax, ignoring: %s", rvalue);
3345 return 0;
3346 }
3347
3348 r = seccomp_arch_from_string(word, &a);
3349 if (r < 0) {
3350 log_syntax(unit, LOG_WARNING, filename, line, r,
3351 "Failed to parse system call architecture \"%s\", ignoring: %m", word);
3352 continue;
3353 }
3354
3355 r = set_ensure_put(archs, NULL, UINT32_TO_PTR(a + 1));
3356 if (r < 0)
3357 return log_oom();
3358 }
3359 }
3360
3361 int config_parse_syscall_errno(
3362 const char *unit,
3363 const char *filename,
3364 unsigned line,
3365 const char *section,
3366 unsigned section_line,
3367 const char *lvalue,
3368 int ltype,
3369 const char *rvalue,
3370 void *data,
3371 void *userdata) {
3372
3373 ExecContext *c = data;
3374 int e;
3375
3376 assert(filename);
3377 assert(lvalue);
3378 assert(rvalue);
3379
3380 if (isempty(rvalue) || streq(rvalue, "kill")) {
3381 /* Empty assignment resets to KILL */
3382 c->syscall_errno = SECCOMP_ERROR_NUMBER_KILL;
3383 return 0;
3384 }
3385
3386 e = parse_errno(rvalue);
3387 if (e <= 0) {
3388 log_syntax(unit, LOG_WARNING, filename, line, 0, "Failed to parse error number, ignoring: %s", rvalue);
3389 return 0;
3390 }
3391
3392 c->syscall_errno = e;
3393 return 0;
3394 }
3395
3396 int config_parse_address_families(
3397 const char *unit,
3398 const char *filename,
3399 unsigned line,
3400 const char *section,
3401 unsigned section_line,
3402 const char *lvalue,
3403 int ltype,
3404 const char *rvalue,
3405 void *data,
3406 void *userdata) {
3407
3408 ExecContext *c = data;
3409 bool invert = false;
3410 int r;
3411
3412 assert(filename);
3413 assert(lvalue);
3414 assert(rvalue);
3415
3416 if (isempty(rvalue)) {
3417 /* Empty assignment resets the list */
3418 c->address_families = set_free(c->address_families);
3419 c->address_families_allow_list = false;
3420 return 0;
3421 }
3422
3423 if (rvalue[0] == '~') {
3424 invert = true;
3425 rvalue++;
3426 }
3427
3428 if (!c->address_families) {
3429 c->address_families = set_new(NULL);
3430 if (!c->address_families)
3431 return log_oom();
3432
3433 c->address_families_allow_list = !invert;
3434 }
3435
3436 for (const char *p = rvalue;;) {
3437 _cleanup_free_ char *word = NULL;
3438 int af;
3439
3440 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
3441 if (r == 0)
3442 return 0;
3443 if (r == -ENOMEM)
3444 return log_oom();
3445 if (r < 0) {
3446 log_syntax(unit, LOG_WARNING, filename, line, r,
3447 "Invalid syntax, ignoring: %s", rvalue);
3448 return 0;
3449 }
3450
3451 af = af_from_name(word);
3452 if (af < 0) {
3453 log_syntax(unit, LOG_WARNING, filename, line, af,
3454 "Failed to parse address family, ignoring: %s", word);
3455 continue;
3456 }
3457
3458 /* If we previously wanted to forbid an address family and now
3459 * we want to allow it, then just remove it from the list.
3460 */
3461 if (!invert == c->address_families_allow_list) {
3462 r = set_put(c->address_families, INT_TO_PTR(af));
3463 if (r < 0)
3464 return log_oom();
3465 } else
3466 set_remove(c->address_families, INT_TO_PTR(af));
3467 }
3468 }
3469
3470 int config_parse_restrict_namespaces(
3471 const char *unit,
3472 const char *filename,
3473 unsigned line,
3474 const char *section,
3475 unsigned section_line,
3476 const char *lvalue,
3477 int ltype,
3478 const char *rvalue,
3479 void *data,
3480 void *userdata) {
3481
3482 ExecContext *c = data;
3483 unsigned long flags;
3484 bool invert = false;
3485 int r;
3486
3487 if (isempty(rvalue)) {
3488 /* Reset to the default. */
3489 c->restrict_namespaces = NAMESPACE_FLAGS_INITIAL;
3490 return 0;
3491 }
3492
3493 /* Boolean parameter ignores the previous settings */
3494 r = parse_boolean(rvalue);
3495 if (r > 0) {
3496 c->restrict_namespaces = 0;
3497 return 0;
3498 } else if (r == 0) {
3499 c->restrict_namespaces = NAMESPACE_FLAGS_ALL;
3500 return 0;
3501 }
3502
3503 if (rvalue[0] == '~') {
3504 invert = true;
3505 rvalue++;
3506 }
3507
3508 /* Not a boolean argument, in this case it's a list of namespace types. */
3509 r = namespace_flags_from_string(rvalue, &flags);
3510 if (r < 0) {
3511 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse namespace type string, ignoring: %s", rvalue);
3512 return 0;
3513 }
3514
3515 if (c->restrict_namespaces == NAMESPACE_FLAGS_INITIAL)
3516 /* Initial assignment. Just set the value. */
3517 c->restrict_namespaces = invert ? (~flags) & NAMESPACE_FLAGS_ALL : flags;
3518 else
3519 /* Merge the value with the previous one. */
3520 SET_FLAG(c->restrict_namespaces, flags, !invert);
3521
3522 return 0;
3523 }
3524 #endif
3525
3526 int config_parse_unit_slice(
3527 const char *unit,
3528 const char *filename,
3529 unsigned line,
3530 const char *section,
3531 unsigned section_line,
3532 const char *lvalue,
3533 int ltype,
3534 const char *rvalue,
3535 void *data,
3536 void *userdata) {
3537
3538 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
3539 _cleanup_free_ char *k = NULL;
3540 Unit *u = userdata, *slice;
3541 int r;
3542
3543 assert(filename);
3544 assert(lvalue);
3545 assert(rvalue);
3546 assert(u);
3547
3548 r = unit_name_printf(u, rvalue, &k);
3549 if (r < 0) {
3550 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
3551 return 0;
3552 }
3553
3554 r = manager_load_unit(u->manager, k, NULL, &error, &slice);
3555 if (r < 0) {
3556 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to load slice unit %s, ignoring: %s", k, bus_error_message(&error, r));
3557 return 0;
3558 }
3559
3560 r = unit_set_slice(u, slice);
3561 if (r < 0) {
3562 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to assign slice %s to unit %s, ignoring: %m", slice->id, u->id);
3563 return 0;
3564 }
3565
3566 return 0;
3567 }
3568
3569 int config_parse_cpu_quota(
3570 const char *unit,
3571 const char *filename,
3572 unsigned line,
3573 const char *section,
3574 unsigned section_line,
3575 const char *lvalue,
3576 int ltype,
3577 const char *rvalue,
3578 void *data,
3579 void *userdata) {
3580
3581 CGroupContext *c = data;
3582 int r;
3583
3584 assert(filename);
3585 assert(lvalue);
3586 assert(rvalue);
3587
3588 if (isempty(rvalue)) {
3589 c->cpu_quota_per_sec_usec = USEC_INFINITY;
3590 return 0;
3591 }
3592
3593 r = parse_permille_unbounded(rvalue);
3594 if (r <= 0) {
3595 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid CPU quota '%s', ignoring.", rvalue);
3596 return 0;
3597 }
3598
3599 c->cpu_quota_per_sec_usec = ((usec_t) r * USEC_PER_SEC) / 1000U;
3600 return 0;
3601 }
3602
3603 int config_parse_allowed_cpus(
3604 const char *unit,
3605 const char *filename,
3606 unsigned line,
3607 const char *section,
3608 unsigned section_line,
3609 const char *lvalue,
3610 int ltype,
3611 const char *rvalue,
3612 void *data,
3613 void *userdata) {
3614
3615 CGroupContext *c = data;
3616
3617 (void) parse_cpu_set_extend(rvalue, &c->cpuset_cpus, true, unit, filename, line, lvalue);
3618
3619 return 0;
3620 }
3621
3622 int config_parse_allowed_mems(
3623 const char *unit,
3624 const char *filename,
3625 unsigned line,
3626 const char *section,
3627 unsigned section_line,
3628 const char *lvalue,
3629 int ltype,
3630 const char *rvalue,
3631 void *data,
3632 void *userdata) {
3633
3634 CGroupContext *c = data;
3635
3636 (void) parse_cpu_set_extend(rvalue, &c->cpuset_mems, true, unit, filename, line, lvalue);
3637
3638 return 0;
3639 }
3640
3641 int config_parse_memory_limit(
3642 const char *unit,
3643 const char *filename,
3644 unsigned line,
3645 const char *section,
3646 unsigned section_line,
3647 const char *lvalue,
3648 int ltype,
3649 const char *rvalue,
3650 void *data,
3651 void *userdata) {
3652
3653 CGroupContext *c = data;
3654 uint64_t bytes = CGROUP_LIMIT_MAX;
3655 int r;
3656
3657 if (isempty(rvalue) && STR_IN_SET(lvalue, "DefaultMemoryLow",
3658 "DefaultMemoryMin",
3659 "MemoryLow",
3660 "MemoryMin"))
3661 bytes = CGROUP_LIMIT_MIN;
3662 else if (!isempty(rvalue) && !streq(rvalue, "infinity")) {
3663
3664 r = parse_permille(rvalue);
3665 if (r < 0) {
3666 r = parse_size(rvalue, 1024, &bytes);
3667 if (r < 0) {
3668 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid memory limit '%s', ignoring: %m", rvalue);
3669 return 0;
3670 }
3671 } else
3672 bytes = physical_memory_scale(r, 1000U);
3673
3674 if (bytes >= UINT64_MAX ||
3675 (bytes <= 0 && !STR_IN_SET(lvalue, "MemorySwapMax", "MemoryLow", "MemoryMin", "DefaultMemoryLow", "DefaultMemoryMin"))) {
3676 log_syntax(unit, LOG_WARNING, filename, line, 0, "Memory limit '%s' out of range, ignoring.", rvalue);
3677 return 0;
3678 }
3679 }
3680
3681 if (streq(lvalue, "DefaultMemoryLow")) {
3682 c->default_memory_low = bytes;
3683 c->default_memory_low_set = true;
3684 } else if (streq(lvalue, "DefaultMemoryMin")) {
3685 c->default_memory_min = bytes;
3686 c->default_memory_min_set = true;
3687 } else if (streq(lvalue, "MemoryMin")) {
3688 c->memory_min = bytes;
3689 c->memory_min_set = true;
3690 } else if (streq(lvalue, "MemoryLow")) {
3691 c->memory_low = bytes;
3692 c->memory_low_set = true;
3693 } else if (streq(lvalue, "MemoryHigh"))
3694 c->memory_high = bytes;
3695 else if (streq(lvalue, "MemoryMax"))
3696 c->memory_max = bytes;
3697 else if (streq(lvalue, "MemorySwapMax"))
3698 c->memory_swap_max = bytes;
3699 else if (streq(lvalue, "MemoryLimit"))
3700 c->memory_limit = bytes;
3701 else
3702 return -EINVAL;
3703
3704 return 0;
3705 }
3706
3707 int config_parse_tasks_max(
3708 const char *unit,
3709 const char *filename,
3710 unsigned line,
3711 const char *section,
3712 unsigned section_line,
3713 const char *lvalue,
3714 int ltype,
3715 const char *rvalue,
3716 void *data,
3717 void *userdata) {
3718
3719 const Unit *u = userdata;
3720 TasksMax *tasks_max = data;
3721 uint64_t v;
3722 int r;
3723
3724 if (isempty(rvalue)) {
3725 *tasks_max = u ? u->manager->default_tasks_max : TASKS_MAX_UNSET;
3726 return 0;
3727 }
3728
3729 if (streq(rvalue, "infinity")) {
3730 *tasks_max = TASKS_MAX_UNSET;
3731 return 0;
3732 }
3733
3734 r = parse_permille(rvalue);
3735 if (r >= 0)
3736 *tasks_max = (TasksMax) { r, 1000U }; /* r‰ */
3737 else {
3738 r = safe_atou64(rvalue, &v);
3739 if (r < 0) {
3740 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid maximum tasks value '%s', ignoring: %m", rvalue);
3741 return 0;
3742 }
3743
3744 if (v <= 0 || v >= UINT64_MAX) {
3745 log_syntax(unit, LOG_WARNING, filename, line, 0, "Maximum tasks value '%s' out of range, ignoring.", rvalue);
3746 return 0;
3747 }
3748
3749 *tasks_max = (TasksMax) { v };
3750 }
3751
3752 return 0;
3753 }
3754
3755 int config_parse_delegate(
3756 const char *unit,
3757 const char *filename,
3758 unsigned line,
3759 const char *section,
3760 unsigned section_line,
3761 const char *lvalue,
3762 int ltype,
3763 const char *rvalue,
3764 void *data,
3765 void *userdata) {
3766
3767 CGroupContext *c = data;
3768 UnitType t;
3769 int r;
3770
3771 t = unit_name_to_type(unit);
3772 assert(t != _UNIT_TYPE_INVALID);
3773
3774 if (!unit_vtable[t]->can_delegate) {
3775 log_syntax(unit, LOG_WARNING, filename, line, 0, "Delegate= setting not supported for this unit type, ignoring.");
3776 return 0;
3777 }
3778
3779 /* We either accept a boolean value, which may be used to turn on delegation for all controllers, or turn it
3780 * off for all. Or it takes a list of controller names, in which case we add the specified controllers to the
3781 * mask to delegate. */
3782
3783 if (isempty(rvalue)) {
3784 /* An empty string resets controllers and set Delegate=yes. */
3785 c->delegate = true;
3786 c->delegate_controllers = 0;
3787 return 0;
3788 }
3789
3790 r = parse_boolean(rvalue);
3791 if (r < 0) {
3792 CGroupMask mask = 0;
3793
3794 for (const char *p = rvalue;;) {
3795 _cleanup_free_ char *word = NULL;
3796 CGroupController cc;
3797
3798 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
3799 if (r == 0)
3800 break;
3801 if (r == -ENOMEM)
3802 return log_oom();
3803 if (r < 0) {
3804 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
3805 return 0;
3806 }
3807
3808 cc = cgroup_controller_from_string(word);
3809 if (cc < 0) {
3810 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid controller name '%s', ignoring", word);
3811 continue;
3812 }
3813
3814 mask |= CGROUP_CONTROLLER_TO_MASK(cc);
3815 }
3816
3817 c->delegate = true;
3818 c->delegate_controllers |= mask;
3819
3820 } else if (r > 0) {
3821 c->delegate = true;
3822 c->delegate_controllers = _CGROUP_MASK_ALL;
3823 } else {
3824 c->delegate = false;
3825 c->delegate_controllers = 0;
3826 }
3827
3828 return 0;
3829 }
3830
3831 int config_parse_managed_oom_mode(
3832 const char *unit,
3833 const char *filename,
3834 unsigned line,
3835 const char *section,
3836 unsigned section_line,
3837 const char *lvalue,
3838 int ltype,
3839 const char *rvalue,
3840 void *data,
3841 void *userdata) {
3842 ManagedOOMMode *mode = data, m;
3843 UnitType t;
3844
3845 t = unit_name_to_type(unit);
3846 assert(t != _UNIT_TYPE_INVALID);
3847
3848 if (!unit_vtable[t]->can_set_managed_oom)
3849 return log_syntax(unit, LOG_WARNING, filename, line, 0, "%s= is not supported for this unit type, ignoring.", lvalue);
3850
3851 if (isempty(rvalue)) {
3852 *mode = MANAGED_OOM_AUTO;
3853 return 0;
3854 }
3855
3856 m = managed_oom_mode_from_string(rvalue);
3857 if (m < 0) {
3858 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid syntax, ignoring: %s", rvalue);
3859 return 0;
3860 }
3861 *mode = m;
3862 return 0;
3863 }
3864
3865 int config_parse_managed_oom_mem_pressure_limit(
3866 const char *unit,
3867 const char *filename,
3868 unsigned line,
3869 const char *section,
3870 unsigned section_line,
3871 const char *lvalue,
3872 int ltype,
3873 const char *rvalue,
3874 void *data,
3875 void *userdata) {
3876 int *limit = data;
3877 UnitType t;
3878 int r;
3879
3880 t = unit_name_to_type(unit);
3881 assert(t != _UNIT_TYPE_INVALID);
3882
3883 if (!unit_vtable[t]->can_set_managed_oom)
3884 return log_syntax(unit, LOG_WARNING, filename, line, 0, "%s= is not supported for this unit type, ignoring.", lvalue);
3885
3886 if (isempty(rvalue)) {
3887 *limit = 0;
3888 return 0;
3889 }
3890
3891 r = parse_percent(rvalue);
3892 if (r < 0) {
3893 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse limit percent value, ignoring: %s", rvalue);
3894 return 0;
3895 }
3896
3897 *limit = r;
3898 return 0;
3899 }
3900
3901 int config_parse_device_allow(
3902 const char *unit,
3903 const char *filename,
3904 unsigned line,
3905 const char *section,
3906 unsigned section_line,
3907 const char *lvalue,
3908 int ltype,
3909 const char *rvalue,
3910 void *data,
3911 void *userdata) {
3912
3913 _cleanup_free_ char *path = NULL, *resolved = NULL;
3914 CGroupContext *c = data;
3915 const char *p = rvalue;
3916 int r;
3917
3918 if (isempty(rvalue)) {
3919 while (c->device_allow)
3920 cgroup_context_free_device_allow(c, c->device_allow);
3921
3922 return 0;
3923 }
3924
3925 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3926 if (r == -ENOMEM)
3927 return log_oom();
3928 if (r < 0) {
3929 log_syntax(unit, LOG_WARNING, filename, line, r,
3930 "Invalid syntax, ignoring: %s", rvalue);
3931 return 0;
3932 }
3933 if (r == 0) {
3934 log_syntax(unit, LOG_WARNING, filename, line, 0,
3935 "Failed to extract device path and rights from '%s', ignoring.", rvalue);
3936 return 0;
3937 }
3938
3939 r = unit_full_printf(userdata, path, &resolved);
3940 if (r < 0) {
3941 log_syntax(unit, LOG_WARNING, filename, line, r,
3942 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
3943 return 0;
3944 }
3945
3946 if (!STARTSWITH_SET(resolved, "block-", "char-")) {
3947
3948 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3949 if (r < 0)
3950 return 0;
3951
3952 if (!valid_device_node_path(resolved)) {
3953 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid device node path '%s', ignoring.", resolved);
3954 return 0;
3955 }
3956 }
3957
3958 if (!isempty(p) && !in_charset(p, "rwm")) {
3959 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid device rights '%s', ignoring.", p);
3960 return 0;
3961 }
3962
3963 return cgroup_add_device_allow(c, resolved, p);
3964 }
3965
3966 int config_parse_io_device_weight(
3967 const char *unit,
3968 const char *filename,
3969 unsigned line,
3970 const char *section,
3971 unsigned section_line,
3972 const char *lvalue,
3973 int ltype,
3974 const char *rvalue,
3975 void *data,
3976 void *userdata) {
3977
3978 _cleanup_free_ char *path = NULL, *resolved = NULL;
3979 CGroupIODeviceWeight *w;
3980 CGroupContext *c = data;
3981 const char *p = rvalue;
3982 uint64_t u;
3983 int r;
3984
3985 assert(filename);
3986 assert(lvalue);
3987 assert(rvalue);
3988
3989 if (isempty(rvalue)) {
3990 while (c->io_device_weights)
3991 cgroup_context_free_io_device_weight(c, c->io_device_weights);
3992
3993 return 0;
3994 }
3995
3996 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3997 if (r == -ENOMEM)
3998 return log_oom();
3999 if (r < 0) {
4000 log_syntax(unit, LOG_WARNING, filename, line, r,
4001 "Invalid syntax, ignoring: %s", rvalue);
4002 return 0;
4003 }
4004 if (r == 0 || isempty(p)) {
4005 log_syntax(unit, LOG_WARNING, filename, line, 0,
4006 "Failed to extract device path and weight from '%s', ignoring.", rvalue);
4007 return 0;
4008 }
4009
4010 r = unit_full_printf(userdata, path, &resolved);
4011 if (r < 0) {
4012 log_syntax(unit, LOG_WARNING, filename, line, r,
4013 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4014 return 0;
4015 }
4016
4017 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4018 if (r < 0)
4019 return 0;
4020
4021 r = cg_weight_parse(p, &u);
4022 if (r < 0) {
4023 log_syntax(unit, LOG_WARNING, filename, line, r, "IO weight '%s' invalid, ignoring: %m", p);
4024 return 0;
4025 }
4026
4027 assert(u != CGROUP_WEIGHT_INVALID);
4028
4029 w = new0(CGroupIODeviceWeight, 1);
4030 if (!w)
4031 return log_oom();
4032
4033 w->path = TAKE_PTR(resolved);
4034 w->weight = u;
4035
4036 LIST_PREPEND(device_weights, c->io_device_weights, w);
4037 return 0;
4038 }
4039
4040 int config_parse_io_device_latency(
4041 const char *unit,
4042 const char *filename,
4043 unsigned line,
4044 const char *section,
4045 unsigned section_line,
4046 const char *lvalue,
4047 int ltype,
4048 const char *rvalue,
4049 void *data,
4050 void *userdata) {
4051
4052 _cleanup_free_ char *path = NULL, *resolved = NULL;
4053 CGroupIODeviceLatency *l;
4054 CGroupContext *c = data;
4055 const char *p = rvalue;
4056 usec_t usec;
4057 int r;
4058
4059 assert(filename);
4060 assert(lvalue);
4061 assert(rvalue);
4062
4063 if (isempty(rvalue)) {
4064 while (c->io_device_latencies)
4065 cgroup_context_free_io_device_latency(c, c->io_device_latencies);
4066
4067 return 0;
4068 }
4069
4070 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
4071 if (r == -ENOMEM)
4072 return log_oom();
4073 if (r < 0) {
4074 log_syntax(unit, LOG_WARNING, filename, line, r,
4075 "Invalid syntax, ignoring: %s", rvalue);
4076 return 0;
4077 }
4078 if (r == 0 || isempty(p)) {
4079 log_syntax(unit, LOG_WARNING, filename, line, 0,
4080 "Failed to extract device path and latency from '%s', ignoring.", rvalue);
4081 return 0;
4082 }
4083
4084 r = unit_full_printf(userdata, path, &resolved);
4085 if (r < 0) {
4086 log_syntax(unit, LOG_WARNING, filename, line, r,
4087 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4088 return 0;
4089 }
4090
4091 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4092 if (r < 0)
4093 return 0;
4094
4095 r = parse_sec(p, &usec);
4096 if (r < 0) {
4097 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse timer value, ignoring: %s", p);
4098 return 0;
4099 }
4100
4101 l = new0(CGroupIODeviceLatency, 1);
4102 if (!l)
4103 return log_oom();
4104
4105 l->path = TAKE_PTR(resolved);
4106 l->target_usec = usec;
4107
4108 LIST_PREPEND(device_latencies, c->io_device_latencies, l);
4109 return 0;
4110 }
4111
4112 int config_parse_io_limit(
4113 const char *unit,
4114 const char *filename,
4115 unsigned line,
4116 const char *section,
4117 unsigned section_line,
4118 const char *lvalue,
4119 int ltype,
4120 const char *rvalue,
4121 void *data,
4122 void *userdata) {
4123
4124 _cleanup_free_ char *path = NULL, *resolved = NULL;
4125 CGroupIODeviceLimit *l = NULL, *t;
4126 CGroupContext *c = data;
4127 CGroupIOLimitType type;
4128 const char *p = rvalue;
4129 uint64_t num;
4130 int r;
4131
4132 assert(filename);
4133 assert(lvalue);
4134 assert(rvalue);
4135
4136 type = cgroup_io_limit_type_from_string(lvalue);
4137 assert(type >= 0);
4138
4139 if (isempty(rvalue)) {
4140 LIST_FOREACH(device_limits, l, c->io_device_limits)
4141 l->limits[type] = cgroup_io_limit_defaults[type];
4142 return 0;
4143 }
4144
4145 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
4146 if (r == -ENOMEM)
4147 return log_oom();
4148 if (r < 0) {
4149 log_syntax(unit, LOG_WARNING, filename, line, r,
4150 "Invalid syntax, ignoring: %s", rvalue);
4151 return 0;
4152 }
4153 if (r == 0 || isempty(p)) {
4154 log_syntax(unit, LOG_WARNING, filename, line, 0,
4155 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue);
4156 return 0;
4157 }
4158
4159 r = unit_full_printf(userdata, path, &resolved);
4160 if (r < 0) {
4161 log_syntax(unit, LOG_WARNING, filename, line, r,
4162 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4163 return 0;
4164 }
4165
4166 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4167 if (r < 0)
4168 return 0;
4169
4170 if (streq("infinity", p))
4171 num = CGROUP_LIMIT_MAX;
4172 else {
4173 r = parse_size(p, 1000, &num);
4174 if (r < 0 || num <= 0) {
4175 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid IO limit '%s', ignoring.", p);
4176 return 0;
4177 }
4178 }
4179
4180 LIST_FOREACH(device_limits, t, c->io_device_limits) {
4181 if (path_equal(resolved, t->path)) {
4182 l = t;
4183 break;
4184 }
4185 }
4186
4187 if (!l) {
4188 CGroupIOLimitType ttype;
4189
4190 l = new0(CGroupIODeviceLimit, 1);
4191 if (!l)
4192 return log_oom();
4193
4194 l->path = TAKE_PTR(resolved);
4195 for (ttype = 0; ttype < _CGROUP_IO_LIMIT_TYPE_MAX; ttype++)
4196 l->limits[ttype] = cgroup_io_limit_defaults[ttype];
4197
4198 LIST_PREPEND(device_limits, c->io_device_limits, l);
4199 }
4200
4201 l->limits[type] = num;
4202
4203 return 0;
4204 }
4205
4206 int config_parse_blockio_device_weight(
4207 const char *unit,
4208 const char *filename,
4209 unsigned line,
4210 const char *section,
4211 unsigned section_line,
4212 const char *lvalue,
4213 int ltype,
4214 const char *rvalue,
4215 void *data,
4216 void *userdata) {
4217
4218 _cleanup_free_ char *path = NULL, *resolved = NULL;
4219 CGroupBlockIODeviceWeight *w;
4220 CGroupContext *c = data;
4221 const char *p = rvalue;
4222 uint64_t u;
4223 int r;
4224
4225 assert(filename);
4226 assert(lvalue);
4227 assert(rvalue);
4228
4229 if (isempty(rvalue)) {
4230 while (c->blockio_device_weights)
4231 cgroup_context_free_blockio_device_weight(c, c->blockio_device_weights);
4232
4233 return 0;
4234 }
4235
4236 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
4237 if (r == -ENOMEM)
4238 return log_oom();
4239 if (r < 0) {
4240 log_syntax(unit, LOG_WARNING, filename, line, r,
4241 "Invalid syntax, ignoring: %s", rvalue);
4242 return 0;
4243 }
4244 if (r == 0 || isempty(p)) {
4245 log_syntax(unit, LOG_WARNING, filename, line, 0,
4246 "Failed to extract device node and weight from '%s', ignoring.", rvalue);
4247 return 0;
4248 }
4249
4250 r = unit_full_printf(userdata, path, &resolved);
4251 if (r < 0) {
4252 log_syntax(unit, LOG_WARNING, filename, line, r,
4253 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4254 return 0;
4255 }
4256
4257 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4258 if (r < 0)
4259 return 0;
4260
4261 r = cg_blkio_weight_parse(p, &u);
4262 if (r < 0) {
4263 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid block IO weight '%s', ignoring: %m", p);
4264 return 0;
4265 }
4266
4267 assert(u != CGROUP_BLKIO_WEIGHT_INVALID);
4268
4269 w = new0(CGroupBlockIODeviceWeight, 1);
4270 if (!w)
4271 return log_oom();
4272
4273 w->path = TAKE_PTR(resolved);
4274 w->weight = u;
4275
4276 LIST_PREPEND(device_weights, c->blockio_device_weights, w);
4277 return 0;
4278 }
4279
4280 int config_parse_blockio_bandwidth(
4281 const char *unit,
4282 const char *filename,
4283 unsigned line,
4284 const char *section,
4285 unsigned section_line,
4286 const char *lvalue,
4287 int ltype,
4288 const char *rvalue,
4289 void *data,
4290 void *userdata) {
4291
4292 _cleanup_free_ char *path = NULL, *resolved = NULL;
4293 CGroupBlockIODeviceBandwidth *b = NULL, *t;
4294 CGroupContext *c = data;
4295 const char *p = rvalue;
4296 uint64_t bytes;
4297 bool read;
4298 int r;
4299
4300 assert(filename);
4301 assert(lvalue);
4302 assert(rvalue);
4303
4304 read = streq("BlockIOReadBandwidth", lvalue);
4305
4306 if (isempty(rvalue)) {
4307 LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths) {
4308 b->rbps = CGROUP_LIMIT_MAX;
4309 b->wbps = CGROUP_LIMIT_MAX;
4310 }
4311 return 0;
4312 }
4313
4314 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
4315 if (r == -ENOMEM)
4316 return log_oom();
4317 if (r < 0) {
4318 log_syntax(unit, LOG_WARNING, filename, line, r,
4319 "Invalid syntax, ignoring: %s", rvalue);
4320 return 0;
4321 }
4322 if (r == 0 || isempty(p)) {
4323 log_syntax(unit, LOG_WARNING, filename, line, 0,
4324 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue);
4325 return 0;
4326 }
4327
4328 r = unit_full_printf(userdata, path, &resolved);
4329 if (r < 0) {
4330 log_syntax(unit, LOG_WARNING, filename, line, r,
4331 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4332 return 0;
4333 }
4334
4335 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4336 if (r < 0)
4337 return 0;
4338
4339 r = parse_size(p, 1000, &bytes);
4340 if (r < 0 || bytes <= 0) {
4341 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid Block IO Bandwidth '%s', ignoring.", p);
4342 return 0;
4343 }
4344
4345 LIST_FOREACH(device_bandwidths, t, c->blockio_device_bandwidths) {
4346 if (path_equal(resolved, t->path)) {
4347 b = t;
4348 break;
4349 }
4350 }
4351
4352 if (!t) {
4353 b = new0(CGroupBlockIODeviceBandwidth, 1);
4354 if (!b)
4355 return log_oom();
4356
4357 b->path = TAKE_PTR(resolved);
4358 b->rbps = CGROUP_LIMIT_MAX;
4359 b->wbps = CGROUP_LIMIT_MAX;
4360
4361 LIST_PREPEND(device_bandwidths, c->blockio_device_bandwidths, b);
4362 }
4363
4364 if (read)
4365 b->rbps = bytes;
4366 else
4367 b->wbps = bytes;
4368
4369 return 0;
4370 }
4371
4372 int config_parse_job_mode_isolate(
4373 const char *unit,
4374 const char *filename,
4375 unsigned line,
4376 const char *section,
4377 unsigned section_line,
4378 const char *lvalue,
4379 int ltype,
4380 const char *rvalue,
4381 void *data,
4382 void *userdata) {
4383
4384 JobMode *m = data;
4385 int r;
4386
4387 assert(filename);
4388 assert(lvalue);
4389 assert(rvalue);
4390
4391 r = parse_boolean(rvalue);
4392 if (r < 0) {
4393 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse boolean, ignoring: %s", rvalue);
4394 return 0;
4395 }
4396
4397 log_notice("%s is deprecated. Please use OnFailureJobMode= instead", lvalue);
4398
4399 *m = r ? JOB_ISOLATE : JOB_REPLACE;
4400 return 0;
4401 }
4402
4403 int config_parse_exec_directories(
4404 const char *unit,
4405 const char *filename,
4406 unsigned line,
4407 const char *section,
4408 unsigned section_line,
4409 const char *lvalue,
4410 int ltype,
4411 const char *rvalue,
4412 void *data,
4413 void *userdata) {
4414
4415 char***rt = data;
4416 const Unit *u = userdata;
4417 int r;
4418
4419 assert(filename);
4420 assert(lvalue);
4421 assert(rvalue);
4422 assert(data);
4423
4424 if (isempty(rvalue)) {
4425 /* Empty assignment resets the list */
4426 *rt = strv_free(*rt);
4427 return 0;
4428 }
4429
4430 for (const char *p = rvalue;;) {
4431 _cleanup_free_ char *word = NULL, *k = NULL;
4432
4433 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
4434 if (r == -ENOMEM)
4435 return log_oom();
4436 if (r < 0) {
4437 log_syntax(unit, LOG_WARNING, filename, line, r,
4438 "Invalid syntax, ignoring: %s", rvalue);
4439 return 0;
4440 }
4441 if (r == 0)
4442 return 0;
4443
4444 r = unit_full_printf(u, word, &k);
4445 if (r < 0) {
4446 log_syntax(unit, LOG_WARNING, filename, line, r,
4447 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word);
4448 continue;
4449 }
4450
4451 r = path_simplify_and_warn(k, PATH_CHECK_RELATIVE, unit, filename, line, lvalue);
4452 if (r < 0)
4453 continue;
4454
4455 if (path_startswith(k, "private")) {
4456 log_syntax(unit, LOG_WARNING, filename, line, 0,
4457 "%s= path can't be 'private', ignoring assignment: %s", lvalue, word);
4458 continue;
4459 }
4460
4461 r = strv_push(rt, k);
4462 if (r < 0)
4463 return log_oom();
4464 k = NULL;
4465 }
4466 }
4467
4468 int config_parse_set_credential(
4469 const char *unit,
4470 const char *filename,
4471 unsigned line,
4472 const char *section,
4473 unsigned section_line,
4474 const char *lvalue,
4475 int ltype,
4476 const char *rvalue,
4477 void *data,
4478 void *userdata) {
4479
4480 _cleanup_free_ char *word = NULL, *k = NULL, *unescaped = NULL;
4481 ExecContext *context = data;
4482 ExecSetCredential *old;
4483 Unit *u = userdata;
4484 const char *p;
4485 int r, l;
4486
4487 assert(filename);
4488 assert(lvalue);
4489 assert(rvalue);
4490 assert(context);
4491
4492 if (isempty(rvalue)) {
4493 /* Empty assignment resets the list */
4494 context->set_credentials = hashmap_free(context->set_credentials);
4495 return 0;
4496 }
4497
4498 p = rvalue;
4499 r = extract_first_word(&p, &word, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
4500 if (r == -ENOMEM)
4501 return log_oom();
4502 if (r <= 0 || !p) {
4503 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
4504 return 0;
4505 }
4506
4507 r = unit_full_printf(u, word, &k);
4508 if (r < 0) {
4509 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word);
4510 return 0;
4511 }
4512 if (!credential_name_valid(k)) {
4513 log_syntax(unit, LOG_WARNING, filename, line, 0, "Credential name \"%s\" not valid, ignoring.", k);
4514 return 0;
4515 }
4516
4517 /* We support escape codes here, so that users can insert trailing \n if they like */
4518 l = cunescape(p, UNESCAPE_ACCEPT_NUL, &unescaped);
4519 if (l < 0) {
4520 log_syntax(unit, LOG_WARNING, filename, line, l, "Can't unescape \"%s\", ignoring: %m", p);
4521 return 0;
4522 }
4523
4524 old = hashmap_get(context->set_credentials, k);
4525 if (old) {
4526 free_and_replace(old->data, unescaped);
4527 old->size = l;
4528 } else {
4529 _cleanup_(exec_set_credential_freep) ExecSetCredential *sc = NULL;
4530
4531 sc = new0(ExecSetCredential, 1);
4532 if (!sc)
4533 return log_oom();
4534
4535 sc->id = TAKE_PTR(k);
4536 sc->data = TAKE_PTR(unescaped);
4537 sc->size = l;
4538
4539 r = hashmap_ensure_allocated(&context->set_credentials, &exec_set_credential_hash_ops);
4540 if (r < 0)
4541 return r;
4542
4543 r = hashmap_put(context->set_credentials, sc->id, sc);
4544 if (r < 0)
4545 return log_oom();
4546
4547 TAKE_PTR(sc);
4548 }
4549
4550 return 0;
4551 }
4552
4553 int config_parse_load_credential(
4554 const char *unit,
4555 const char *filename,
4556 unsigned line,
4557 const char *section,
4558 unsigned section_line,
4559 const char *lvalue,
4560 int ltype,
4561 const char *rvalue,
4562 void *data,
4563 void *userdata) {
4564
4565 _cleanup_free_ char *word = NULL, *k = NULL, *q = NULL;
4566 ExecContext *context = data;
4567 Unit *u = userdata;
4568 const char *p;
4569 int r;
4570
4571 assert(filename);
4572 assert(lvalue);
4573 assert(rvalue);
4574 assert(context);
4575
4576 if (isempty(rvalue)) {
4577 /* Empty assignment resets the list */
4578 context->load_credentials = strv_free(context->load_credentials);
4579 return 0;
4580 }
4581
4582 p = rvalue;
4583 r = extract_first_word(&p, &word, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
4584 if (r == -ENOMEM)
4585 return log_oom();
4586 if (r <= 0) {
4587 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
4588 return 0;
4589 }
4590
4591 r = unit_full_printf(u, word, &k);
4592 if (r < 0) {
4593 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word);
4594 return 0;
4595 }
4596 if (!credential_name_valid(k)) {
4597 log_syntax(unit, LOG_WARNING, filename, line, 0, "Credential name \"%s\" not valid, ignoring.", k);
4598 return 0;
4599 }
4600 r = unit_full_printf(u, p, &q);
4601 if (r < 0) {
4602 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", p);
4603 return 0;
4604 }
4605 if (path_is_absolute(q) ? !path_is_normalized(q) : !credential_name_valid(q)) {
4606 log_syntax(unit, LOG_WARNING, filename, line, r, "Credential source \"%s\" not valid, ignoring.", q);
4607 return 0;
4608 }
4609
4610 r = strv_consume_pair(&context->load_credentials, TAKE_PTR(k), TAKE_PTR(q));
4611 if (r < 0)
4612 return log_oom();
4613
4614 return 0;
4615 }
4616
4617 int config_parse_set_status(
4618 const char *unit,
4619 const char *filename,
4620 unsigned line,
4621 const char *section,
4622 unsigned section_line,
4623 const char *lvalue,
4624 int ltype,
4625 const char *rvalue,
4626 void *data,
4627 void *userdata) {
4628
4629 ExitStatusSet *status_set = data;
4630 int r;
4631
4632 assert(filename);
4633 assert(lvalue);
4634 assert(rvalue);
4635 assert(status_set);
4636
4637 /* Empty assignment resets the list */
4638 if (isempty(rvalue)) {
4639 exit_status_set_free(status_set);
4640 return 0;
4641 }
4642
4643 for (const char *p = rvalue;;) {
4644 _cleanup_free_ char *word = NULL;
4645 Bitmap *bitmap;
4646
4647 r = extract_first_word(&p, &word, NULL, 0);
4648 if (r == -ENOMEM)
4649 return log_oom();
4650 if (r < 0) {
4651 log_syntax(unit, LOG_WARNING, filename, line, r,
4652 "Failed to parse %s=%s, ignoring: %m", lvalue, rvalue);
4653 return 0;
4654 }
4655 if (r == 0)
4656 return 0;
4657
4658 /* We need to call exit_status_from_string() first, because we want
4659 * to parse numbers as exit statuses, not signals. */
4660
4661 r = exit_status_from_string(word);
4662 if (r >= 0) {
4663 assert(r >= 0 && r < 256);
4664 bitmap = &status_set->status;
4665 } else {
4666 r = signal_from_string(word);
4667 if (r < 0) {
4668 log_syntax(unit, LOG_WARNING, filename, line, 0,
4669 "Failed to parse value, ignoring: %s", word);
4670 continue;
4671 }
4672 bitmap = &status_set->signal;
4673 }
4674
4675 r = bitmap_set(bitmap, r);
4676 if (r < 0)
4677 log_syntax(unit, LOG_WARNING, filename, line, r,
4678 "Failed to set signal or status %s, ignoring: %m", word);
4679 }
4680 }
4681
4682 int config_parse_namespace_path_strv(
4683 const char *unit,
4684 const char *filename,
4685 unsigned line,
4686 const char *section,
4687 unsigned section_line,
4688 const char *lvalue,
4689 int ltype,
4690 const char *rvalue,
4691 void *data,
4692 void *userdata) {
4693
4694 const Unit *u = userdata;
4695 char*** sv = data;
4696 int r;
4697
4698 assert(filename);
4699 assert(lvalue);
4700 assert(rvalue);
4701 assert(data);
4702
4703 if (isempty(rvalue)) {
4704 /* Empty assignment resets the list */
4705 *sv = strv_free(*sv);
4706 return 0;
4707 }
4708
4709 for (const char *p = rvalue;;) {
4710 _cleanup_free_ char *word = NULL, *resolved = NULL, *joined = NULL;
4711 const char *w;
4712 bool ignore_enoent = false, shall_prefix = false;
4713
4714 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
4715 if (r == 0)
4716 break;
4717 if (r == -ENOMEM)
4718 return log_oom();
4719 if (r < 0) {
4720 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract first word, ignoring: %s", rvalue);
4721 return 0;
4722 }
4723
4724 w = word;
4725 if (startswith(w, "-")) {
4726 ignore_enoent = true;
4727 w++;
4728 }
4729 if (startswith(w, "+")) {
4730 shall_prefix = true;
4731 w++;
4732 }
4733
4734 r = unit_full_printf(u, w, &resolved);
4735 if (r < 0) {
4736 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s: %m", w);
4737 continue;
4738 }
4739
4740 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4741 if (r < 0)
4742 continue;
4743
4744 joined = strjoin(ignore_enoent ? "-" : "",
4745 shall_prefix ? "+" : "",
4746 resolved);
4747
4748 r = strv_push(sv, joined);
4749 if (r < 0)
4750 return log_oom();
4751
4752 joined = NULL;
4753 }
4754
4755 return 0;
4756 }
4757
4758 int config_parse_temporary_filesystems(
4759 const char *unit,
4760 const char *filename,
4761 unsigned line,
4762 const char *section,
4763 unsigned section_line,
4764 const char *lvalue,
4765 int ltype,
4766 const char *rvalue,
4767 void *data,
4768 void *userdata) {
4769
4770 const Unit *u = userdata;
4771 ExecContext *c = data;
4772 int r;
4773
4774 assert(filename);
4775 assert(lvalue);
4776 assert(rvalue);
4777 assert(data);
4778
4779 if (isempty(rvalue)) {
4780 /* Empty assignment resets the list */
4781 temporary_filesystem_free_many(c->temporary_filesystems, c->n_temporary_filesystems);
4782 c->temporary_filesystems = NULL;
4783 c->n_temporary_filesystems = 0;
4784 return 0;
4785 }
4786
4787 for (const char *p = rvalue;;) {
4788 _cleanup_free_ char *word = NULL, *path = NULL, *resolved = NULL;
4789 const char *w;
4790
4791 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
4792 if (r == 0)
4793 return 0;
4794 if (r == -ENOMEM)
4795 return log_oom();
4796 if (r < 0) {
4797 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract first word, ignoring: %s", rvalue);
4798 return 0;
4799 }
4800
4801 w = word;
4802 r = extract_first_word(&w, &path, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
4803 if (r == -ENOMEM)
4804 return log_oom();
4805 if (r < 0) {
4806 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract first word, ignoring: %s", word);
4807 continue;
4808 }
4809 if (r == 0) {
4810 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid syntax, ignoring: %s", word);
4811 continue;
4812 }
4813
4814 r = unit_full_printf(u, path, &resolved);
4815 if (r < 0) {
4816 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", path);
4817 continue;
4818 }
4819
4820 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4821 if (r < 0)
4822 continue;
4823
4824 r = temporary_filesystem_add(&c->temporary_filesystems, &c->n_temporary_filesystems, resolved, w);
4825 if (r < 0)
4826 return log_oom();
4827 }
4828 }
4829
4830 int config_parse_bind_paths(
4831 const char *unit,
4832 const char *filename,
4833 unsigned line,
4834 const char *section,
4835 unsigned section_line,
4836 const char *lvalue,
4837 int ltype,
4838 const char *rvalue,
4839 void *data,
4840 void *userdata) {
4841
4842 ExecContext *c = data;
4843 const Unit *u = userdata;
4844 int r;
4845
4846 assert(filename);
4847 assert(lvalue);
4848 assert(rvalue);
4849 assert(data);
4850
4851 if (isempty(rvalue)) {
4852 /* Empty assignment resets the list */
4853 bind_mount_free_many(c->bind_mounts, c->n_bind_mounts);
4854 c->bind_mounts = NULL;
4855 c->n_bind_mounts = 0;
4856 return 0;
4857 }
4858
4859 for (const char *p = rvalue;;) {
4860 _cleanup_free_ char *source = NULL, *destination = NULL;
4861 _cleanup_free_ char *sresolved = NULL, *dresolved = NULL;
4862 char *s = NULL, *d = NULL;
4863 bool rbind = true, ignore_enoent = false;
4864
4865 r = extract_first_word(&p, &source, ":" WHITESPACE, EXTRACT_UNQUOTE|EXTRACT_DONT_COALESCE_SEPARATORS);
4866 if (r == 0)
4867 break;
4868 if (r == -ENOMEM)
4869 return log_oom();
4870 if (r < 0) {
4871 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s, ignoring: %s", lvalue, rvalue);
4872 return 0;
4873 }
4874
4875 r = unit_full_printf(u, source, &sresolved);
4876 if (r < 0) {
4877 log_syntax(unit, LOG_WARNING, filename, line, r,
4878 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", source);
4879 continue;
4880 }
4881
4882 s = sresolved;
4883 if (s[0] == '-') {
4884 ignore_enoent = true;
4885 s++;
4886 }
4887
4888 r = path_simplify_and_warn(s, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4889 if (r < 0)
4890 continue;
4891
4892 /* Optionally, the destination is specified. */
4893 if (p && p[-1] == ':') {
4894 r = extract_first_word(&p, &destination, ":" WHITESPACE, EXTRACT_UNQUOTE|EXTRACT_DONT_COALESCE_SEPARATORS);
4895 if (r == -ENOMEM)
4896 return log_oom();
4897 if (r < 0) {
4898 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s, ignoring: %s", lvalue, rvalue);
4899 return 0;
4900 }
4901 if (r == 0) {
4902 log_syntax(unit, LOG_WARNING, filename, line, 0, "Missing argument after ':', ignoring: %s", s);
4903 continue;
4904 }
4905
4906 r = unit_full_printf(u, destination, &dresolved);
4907 if (r < 0) {
4908 log_syntax(unit, LOG_WARNING, filename, line, r,
4909 "Failed to resolve specifiers in \"%s\", ignoring: %m", destination);
4910 continue;
4911 }
4912
4913 r = path_simplify_and_warn(dresolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4914 if (r < 0)
4915 continue;
4916
4917 d = dresolved;
4918
4919 /* Optionally, there's also a short option string specified */
4920 if (p && p[-1] == ':') {
4921 _cleanup_free_ char *options = NULL;
4922
4923 r = extract_first_word(&p, &options, NULL, EXTRACT_UNQUOTE);
4924 if (r == -ENOMEM)
4925 return log_oom();
4926 if (r < 0) {
4927 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s: %s", lvalue, rvalue);
4928 return 0;
4929 }
4930
4931 if (isempty(options) || streq(options, "rbind"))
4932 rbind = true;
4933 else if (streq(options, "norbind"))
4934 rbind = false;
4935 else {
4936 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid option string, ignoring setting: %s", options);
4937 continue;
4938 }
4939 }
4940 } else
4941 d = s;
4942
4943 r = bind_mount_add(&c->bind_mounts, &c->n_bind_mounts,
4944 &(BindMount) {
4945 .source = s,
4946 .destination = d,
4947 .read_only = !!strstr(lvalue, "ReadOnly"),
4948 .recursive = rbind,
4949 .ignore_enoent = ignore_enoent,
4950 });
4951 if (r < 0)
4952 return log_oom();
4953 }
4954
4955 return 0;
4956 }
4957
4958 int config_parse_mount_images(
4959 const char *unit,
4960 const char *filename,
4961 unsigned line,
4962 const char *section,
4963 unsigned section_line,
4964 const char *lvalue,
4965 int ltype,
4966 const char *rvalue,
4967 void *data,
4968 void *userdata) {
4969
4970 ExecContext *c = data;
4971 const Unit *u = userdata;
4972 int r;
4973
4974 assert(filename);
4975 assert(lvalue);
4976 assert(rvalue);
4977 assert(data);
4978
4979 if (isempty(rvalue)) {
4980 /* Empty assignment resets the list */
4981 c->mount_images = mount_image_free_many(c->mount_images, &c->n_mount_images);
4982 return 0;
4983 }
4984
4985 for (const char *p = rvalue;;) {
4986 _cleanup_(mount_options_free_allp) MountOptions *options = NULL;
4987 _cleanup_free_ char *first = NULL, *second = NULL, *tuple = NULL;
4988 _cleanup_free_ char *sresolved = NULL, *dresolved = NULL;
4989 const char *q = NULL;
4990 char *s = NULL;
4991 bool permissive = false;
4992
4993 r = extract_first_word(&p, &tuple, NULL, EXTRACT_UNQUOTE|EXTRACT_RETAIN_ESCAPE);
4994 if (r == -ENOMEM)
4995 return log_oom();
4996 if (r < 0) {
4997 log_syntax(unit, LOG_WARNING, filename, line, r,
4998 "Invalid syntax %s=%s, ignoring: %m", lvalue, rvalue);
4999 return 0;
5000 }
5001 if (r == 0)
5002 return 0;
5003
5004 q = tuple;
5005 r = extract_many_words(&q, ":", EXTRACT_CUNESCAPE|EXTRACT_UNESCAPE_SEPARATORS, &first, &second, NULL);
5006 if (r == -ENOMEM)
5007 return log_oom();
5008 if (r < 0) {
5009 log_syntax(unit, LOG_WARNING, filename, line, r,
5010 "Invalid syntax in %s=, ignoring: %s", lvalue, tuple);
5011 return 0;
5012 }
5013 if (r == 0)
5014 continue;
5015
5016 r = unit_full_printf(u, first, &sresolved);
5017 if (r < 0) {
5018 log_syntax(unit, LOG_WARNING, filename, line, r,
5019 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", first);
5020 continue;
5021 }
5022
5023 s = sresolved;
5024 if (s[0] == '-') {
5025 permissive = true;
5026 s++;
5027 }
5028
5029 r = path_simplify_and_warn(s, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5030 if (r < 0)
5031 continue;
5032
5033 if (isempty(second)) {
5034 log_syntax(unit, LOG_WARNING, filename, line, 0, "Missing destination in %s, ignoring: %s", lvalue, rvalue);
5035 continue;
5036 }
5037
5038 r = unit_full_printf(u, second, &dresolved);
5039 if (r < 0) {
5040 log_syntax(unit, LOG_WARNING, filename, line, r,
5041 "Failed to resolve specifiers in \"%s\", ignoring: %m", second);
5042 continue;
5043 }
5044
5045 r = path_simplify_and_warn(dresolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5046 if (r < 0)
5047 continue;
5048
5049 for (;;) {
5050 _cleanup_free_ char *partition = NULL, *mount_options = NULL, *mount_options_resolved = NULL;
5051 MountOptions *o = NULL;
5052 PartitionDesignator partition_designator;
5053
5054 r = extract_many_words(&q, ":", EXTRACT_CUNESCAPE|EXTRACT_UNESCAPE_SEPARATORS, &partition, &mount_options, NULL);
5055 if (r == -ENOMEM)
5056 return log_oom();
5057 if (r < 0) {
5058 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", q);
5059 return 0;
5060 }
5061 if (r == 0)
5062 break;
5063 /* Single set of options, applying to the root partition/single filesystem */
5064 if (r == 1) {
5065 r = unit_full_printf(u, partition, &mount_options_resolved);
5066 if (r < 0) {
5067 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", first);
5068 continue;
5069 }
5070
5071 o = new(MountOptions, 1);
5072 if (!o)
5073 return log_oom();
5074 *o = (MountOptions) {
5075 .partition_designator = PARTITION_ROOT,
5076 .options = TAKE_PTR(mount_options_resolved),
5077 };
5078 LIST_APPEND(mount_options, options, o);
5079
5080 break;
5081 }
5082
5083 partition_designator = partition_designator_from_string(partition);
5084 if (partition_designator < 0) {
5085 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid partition name %s, ignoring", partition);
5086 continue;
5087 }
5088 r = unit_full_printf(u, mount_options, &mount_options_resolved);
5089 if (r < 0) {
5090 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options);
5091 continue;
5092 }
5093
5094 o = new(MountOptions, 1);
5095 if (!o)
5096 return log_oom();
5097 *o = (MountOptions) {
5098 .partition_designator = partition_designator,
5099 .options = TAKE_PTR(mount_options_resolved),
5100 };
5101 LIST_APPEND(mount_options, options, o);
5102 }
5103
5104 r = mount_image_add(&c->mount_images, &c->n_mount_images,
5105 &(MountImage) {
5106 .source = s,
5107 .destination = dresolved,
5108 .mount_options = options,
5109 .ignore_enoent = permissive,
5110 });
5111 if (r < 0)
5112 return log_oom();
5113 }
5114 }
5115
5116 int config_parse_job_timeout_sec(
5117 const char* unit,
5118 const char *filename,
5119 unsigned line,
5120 const char *section,
5121 unsigned section_line,
5122 const char *lvalue,
5123 int ltype,
5124 const char *rvalue,
5125 void *data,
5126 void *userdata) {
5127
5128 Unit *u = data;
5129 usec_t usec;
5130 int r;
5131
5132 assert(filename);
5133 assert(lvalue);
5134 assert(rvalue);
5135 assert(u);
5136
5137 r = parse_sec_fix_0(rvalue, &usec);
5138 if (r < 0) {
5139 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse JobTimeoutSec= parameter, ignoring: %s", rvalue);
5140 return 0;
5141 }
5142
5143 /* If the user explicitly changed JobTimeoutSec= also change JobRunningTimeoutSec=, for compatibility with old
5144 * versions. If JobRunningTimeoutSec= was explicitly set, avoid this however as whatever the user picked should
5145 * count. */
5146
5147 if (!u->job_running_timeout_set)
5148 u->job_running_timeout = usec;
5149
5150 u->job_timeout = usec;
5151
5152 return 0;
5153 }
5154
5155 int config_parse_job_running_timeout_sec(
5156 const char* unit,
5157 const char *filename,
5158 unsigned line,
5159 const char *section,
5160 unsigned section_line,
5161 const char *lvalue,
5162 int ltype,
5163 const char *rvalue,
5164 void *data,
5165 void *userdata) {
5166
5167 Unit *u = data;
5168 usec_t usec;
5169 int r;
5170
5171 assert(filename);
5172 assert(lvalue);
5173 assert(rvalue);
5174 assert(u);
5175
5176 r = parse_sec_fix_0(rvalue, &usec);
5177 if (r < 0) {
5178 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse JobRunningTimeoutSec= parameter, ignoring: %s", rvalue);
5179 return 0;
5180 }
5181
5182 u->job_running_timeout = usec;
5183 u->job_running_timeout_set = true;
5184
5185 return 0;
5186 }
5187
5188 int config_parse_emergency_action(
5189 const char* unit,
5190 const char *filename,
5191 unsigned line,
5192 const char *section,
5193 unsigned section_line,
5194 const char *lvalue,
5195 int ltype,
5196 const char *rvalue,
5197 void *data,
5198 void *userdata) {
5199
5200 Manager *m = NULL;
5201 EmergencyAction *x = data;
5202 int r;
5203
5204 assert(filename);
5205 assert(lvalue);
5206 assert(rvalue);
5207 assert(data);
5208
5209 if (unit)
5210 m = ((Unit*) userdata)->manager;
5211 else
5212 m = data;
5213
5214 r = parse_emergency_action(rvalue, MANAGER_IS_SYSTEM(m), x);
5215 if (r < 0) {
5216 if (r == -EOPNOTSUPP && MANAGER_IS_USER(m)) {
5217 /* Compat mode: remove for systemd 241. */
5218
5219 log_syntax(unit, LOG_INFO, filename, line, r,
5220 "%s= in user mode specified as \"%s\", using \"exit-force\" instead.",
5221 lvalue, rvalue);
5222 *x = EMERGENCY_ACTION_EXIT_FORCE;
5223 return 0;
5224 }
5225
5226 if (r == -EOPNOTSUPP)
5227 log_syntax(unit, LOG_WARNING, filename, line, r,
5228 "%s= specified as %s mode action, ignoring: %s",
5229 lvalue, MANAGER_IS_SYSTEM(m) ? "user" : "system", rvalue);
5230 else
5231 log_syntax(unit, LOG_WARNING, filename, line, r,
5232 "Failed to parse %s=, ignoring: %s", lvalue, rvalue);
5233 return 0;
5234 }
5235
5236 return 0;
5237 }
5238
5239 int config_parse_pid_file(
5240 const char *unit,
5241 const char *filename,
5242 unsigned line,
5243 const char *section,
5244 unsigned section_line,
5245 const char *lvalue,
5246 int ltype,
5247 const char *rvalue,
5248 void *data,
5249 void *userdata) {
5250
5251 _cleanup_free_ char *k = NULL, *n = NULL;
5252 const Unit *u = userdata;
5253 char **s = data;
5254 int r;
5255
5256 assert(filename);
5257 assert(lvalue);
5258 assert(rvalue);
5259 assert(u);
5260
5261 if (isempty(rvalue)) {
5262 /* An empty assignment removes already set value. */
5263 *s = mfree(*s);
5264 return 0;
5265 }
5266
5267 r = unit_full_printf(u, rvalue, &k);
5268 if (r < 0) {
5269 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
5270 return 0;
5271 }
5272
5273 /* If this is a relative path make it absolute by prefixing the /run */
5274 n = path_make_absolute(k, u->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
5275 if (!n)
5276 return log_oom();
5277
5278 /* Check that the result is a sensible path */
5279 r = path_simplify_and_warn(n, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5280 if (r < 0)
5281 return r;
5282
5283 r = patch_var_run(unit, filename, line, lvalue, &n);
5284 if (r < 0)
5285 return r;
5286
5287 free_and_replace(*s, n);
5288 return 0;
5289 }
5290
5291 int config_parse_exit_status(
5292 const char *unit,
5293 const char *filename,
5294 unsigned line,
5295 const char *section,
5296 unsigned section_line,
5297 const char *lvalue,
5298 int ltype,
5299 const char *rvalue,
5300 void *data,
5301 void *userdata) {
5302
5303 int *exit_status = data, r;
5304 uint8_t u;
5305
5306 assert(filename);
5307 assert(lvalue);
5308 assert(rvalue);
5309 assert(exit_status);
5310
5311 if (isempty(rvalue)) {
5312 *exit_status = -1;
5313 return 0;
5314 }
5315
5316 r = safe_atou8(rvalue, &u);
5317 if (r < 0) {
5318 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse exit status '%s', ignoring: %m", rvalue);
5319 return 0;
5320 }
5321
5322 *exit_status = u;
5323 return 0;
5324 }
5325
5326 int config_parse_disable_controllers(
5327 const char *unit,
5328 const char *filename,
5329 unsigned line,
5330 const char *section,
5331 unsigned section_line,
5332 const char *lvalue,
5333 int ltype,
5334 const char *rvalue,
5335 void *data,
5336 void *userdata) {
5337
5338 int r;
5339 CGroupContext *c = data;
5340 CGroupMask disabled_mask;
5341
5342 /* 1. If empty, make all controllers eligible for use again.
5343 * 2. If non-empty, merge all listed controllers, space separated. */
5344
5345 if (isempty(rvalue)) {
5346 c->disable_controllers = 0;
5347 return 0;
5348 }
5349
5350 r = cg_mask_from_string(rvalue, &disabled_mask);
5351 if (r < 0 || disabled_mask <= 0) {
5352 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid cgroup string: %s, ignoring", rvalue);
5353 return 0;
5354 }
5355
5356 c->disable_controllers |= disabled_mask;
5357
5358 return 0;
5359 }
5360
5361 int config_parse_ip_filter_bpf_progs(
5362 const char *unit,
5363 const char *filename,
5364 unsigned line,
5365 const char *section,
5366 unsigned section_line,
5367 const char *lvalue,
5368 int ltype,
5369 const char *rvalue,
5370 void *data,
5371 void *userdata) {
5372
5373 _cleanup_free_ char *resolved = NULL;
5374 const Unit *u = userdata;
5375 char ***paths = data;
5376 int r;
5377
5378 assert(filename);
5379 assert(lvalue);
5380 assert(rvalue);
5381 assert(paths);
5382
5383 if (isempty(rvalue)) {
5384 *paths = strv_free(*paths);
5385 return 0;
5386 }
5387
5388 r = unit_full_printf(u, rvalue, &resolved);
5389 if (r < 0) {
5390 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
5391 return 0;
5392 }
5393
5394 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5395 if (r < 0)
5396 return 0;
5397
5398 if (strv_contains(*paths, resolved))
5399 return 0;
5400
5401 r = strv_extend(paths, resolved);
5402 if (r < 0)
5403 return log_oom();
5404
5405 r = bpf_firewall_supported();
5406 if (r < 0)
5407 return r;
5408 if (r != BPF_FIREWALL_SUPPORTED_WITH_MULTI) {
5409 static bool warned = false;
5410
5411 log_full(warned ? LOG_DEBUG : LOG_WARNING,
5412 "File %s:%u configures an IP firewall with BPF programs (%s=%s), but the local system does not support BPF/cgroup based firewalling with multiple filters.\n"
5413 "Starting this unit will fail! (This warning is only shown for the first loaded unit using IP firewalling.)", filename, line, lvalue, rvalue);
5414
5415 warned = true;
5416 }
5417
5418 return 0;
5419 }
5420
5421 static int merge_by_names(Unit **u, Set *names, const char *id) {
5422 char *k;
5423 int r;
5424
5425 assert(u);
5426 assert(*u);
5427
5428 /* Let's try to add in all names that are aliases of this unit */
5429 while ((k = set_steal_first(names))) {
5430 _cleanup_free_ _unused_ char *free_k = k;
5431
5432 /* First try to merge in the other name into our unit */
5433 r = unit_merge_by_name(*u, k);
5434 if (r < 0) {
5435 Unit *other;
5436
5437 /* Hmm, we couldn't merge the other unit into ours? Then let's try it the other way
5438 * round. */
5439
5440 other = manager_get_unit((*u)->manager, k);
5441 if (!other)
5442 return r; /* return previous failure */
5443
5444 r = unit_merge(other, *u);
5445 if (r < 0)
5446 return r;
5447
5448 *u = other;
5449 return merge_by_names(u, names, NULL);
5450 }
5451
5452 if (streq_ptr(id, k))
5453 unit_choose_id(*u, id);
5454 }
5455
5456 return 0;
5457 }
5458
5459 int unit_load_fragment(Unit *u) {
5460 const char *fragment;
5461 _cleanup_set_free_free_ Set *names = NULL;
5462 int r;
5463
5464 assert(u);
5465 assert(u->load_state == UNIT_STUB);
5466 assert(u->id);
5467
5468 if (u->transient) {
5469 u->load_state = UNIT_LOADED;
5470 return 0;
5471 }
5472
5473 /* Possibly rebuild the fragment map to catch new units */
5474 r = unit_file_build_name_map(&u->manager->lookup_paths,
5475 &u->manager->unit_cache_timestamp_hash,
5476 &u->manager->unit_id_map,
5477 &u->manager->unit_name_map,
5478 &u->manager->unit_path_cache);
5479 if (r < 0)
5480 return log_error_errno(r, "Failed to rebuild name map: %m");
5481
5482 r = unit_file_find_fragment(u->manager->unit_id_map,
5483 u->manager->unit_name_map,
5484 u->id,
5485 &fragment,
5486 &names);
5487 if (r < 0 && r != -ENOENT)
5488 return r;
5489
5490 if (fragment) {
5491 /* Open the file, check if this is a mask, otherwise read. */
5492 _cleanup_fclose_ FILE *f = NULL;
5493 struct stat st;
5494
5495 /* Try to open the file name. A symlink is OK, for example for linked files or masks. We
5496 * expect that all symlinks within the lookup paths have been already resolved, but we don't
5497 * verify this here. */
5498 f = fopen(fragment, "re");
5499 if (!f)
5500 return log_unit_notice_errno(u, errno, "Failed to open %s: %m", fragment);
5501
5502 if (fstat(fileno(f), &st) < 0)
5503 return -errno;
5504
5505 r = free_and_strdup(&u->fragment_path, fragment);
5506 if (r < 0)
5507 return r;
5508
5509 if (null_or_empty(&st)) {
5510 /* Unit file is masked */
5511
5512 u->load_state = u->perpetual ? UNIT_LOADED : UNIT_MASKED; /* don't allow perpetual units to ever be masked */
5513 u->fragment_mtime = 0;
5514 } else {
5515 u->load_state = UNIT_LOADED;
5516 u->fragment_mtime = timespec_load(&st.st_mtim);
5517
5518 /* Now, parse the file contents */
5519 r = config_parse(u->id, fragment, f,
5520 UNIT_VTABLE(u)->sections,
5521 config_item_perf_lookup, load_fragment_gperf_lookup,
5522 0,
5523 u,
5524 NULL);
5525 if (r == -ENOEXEC)
5526 log_unit_notice_errno(u, r, "Unit configuration has fatal error, unit will not be started.");
5527 if (r < 0)
5528 return r;
5529 }
5530 }
5531
5532 /* We do the merge dance here because for some unit types, the unit might have aliases which are not
5533 * declared in the file system. In particular, this is true (and frequent) for device and swap units.
5534 */
5535 Unit *merged;
5536 const char *id = u->id;
5537 _cleanup_free_ char *free_id = NULL;
5538
5539 if (fragment) {
5540 id = basename(fragment);
5541 if (unit_name_is_valid(id, UNIT_NAME_TEMPLATE)) {
5542 assert(u->instance); /* If we're not trying to use a template for non-instanced unit,
5543 * this must be set. */
5544
5545 r = unit_name_replace_instance(id, u->instance, &free_id);
5546 if (r < 0)
5547 return log_debug_errno(r, "Failed to build id (%s + %s): %m", id, u->instance);
5548 id = free_id;
5549 }
5550 }
5551
5552 merged = u;
5553 r = merge_by_names(&merged, names, id);
5554 if (r < 0)
5555 return r;
5556
5557 if (merged != u)
5558 u->load_state = UNIT_MERGED;
5559
5560 return 0;
5561 }
5562
5563 void unit_dump_config_items(FILE *f) {
5564 static const struct {
5565 const ConfigParserCallback callback;
5566 const char *rvalue;
5567 } table[] = {
5568 { config_parse_warn_compat, "NOTSUPPORTED" },
5569 { config_parse_int, "INTEGER" },
5570 { config_parse_unsigned, "UNSIGNED" },
5571 { config_parse_iec_size, "SIZE" },
5572 { config_parse_iec_uint64, "SIZE" },
5573 { config_parse_si_uint64, "SIZE" },
5574 { config_parse_bool, "BOOLEAN" },
5575 { config_parse_string, "STRING" },
5576 { config_parse_path, "PATH" },
5577 { config_parse_unit_path_printf, "PATH" },
5578 { config_parse_strv, "STRING [...]" },
5579 { config_parse_exec_nice, "NICE" },
5580 { config_parse_exec_oom_score_adjust, "OOMSCOREADJUST" },
5581 { config_parse_exec_io_class, "IOCLASS" },
5582 { config_parse_exec_io_priority, "IOPRIORITY" },
5583 { config_parse_exec_cpu_sched_policy, "CPUSCHEDPOLICY" },
5584 { config_parse_exec_cpu_sched_prio, "CPUSCHEDPRIO" },
5585 { config_parse_exec_cpu_affinity, "CPUAFFINITY" },
5586 { config_parse_mode, "MODE" },
5587 { config_parse_unit_env_file, "FILE" },
5588 { config_parse_exec_output, "OUTPUT" },
5589 { config_parse_exec_input, "INPUT" },
5590 { config_parse_log_facility, "FACILITY" },
5591 { config_parse_log_level, "LEVEL" },
5592 { config_parse_exec_secure_bits, "SECUREBITS" },
5593 { config_parse_capability_set, "BOUNDINGSET" },
5594 { config_parse_rlimit, "LIMIT" },
5595 { config_parse_unit_deps, "UNIT [...]" },
5596 { config_parse_exec, "PATH [ARGUMENT [...]]" },
5597 { config_parse_service_type, "SERVICETYPE" },
5598 { config_parse_service_restart, "SERVICERESTART" },
5599 { config_parse_service_timeout_failure_mode, "TIMEOUTMODE" },
5600 { config_parse_kill_mode, "KILLMODE" },
5601 { config_parse_signal, "SIGNAL" },
5602 { config_parse_socket_listen, "SOCKET [...]" },
5603 { config_parse_socket_bind, "SOCKETBIND" },
5604 { config_parse_socket_bindtodevice, "NETWORKINTERFACE" },
5605 { config_parse_sec, "SECONDS" },
5606 { config_parse_nsec, "NANOSECONDS" },
5607 { config_parse_namespace_path_strv, "PATH [...]" },
5608 { config_parse_bind_paths, "PATH[:PATH[:OPTIONS]] [...]" },
5609 { config_parse_unit_requires_mounts_for, "PATH [...]" },
5610 { config_parse_exec_mount_flags, "MOUNTFLAG [...]" },
5611 { config_parse_unit_string_printf, "STRING" },
5612 { config_parse_trigger_unit, "UNIT" },
5613 { config_parse_timer, "TIMER" },
5614 { config_parse_path_spec, "PATH" },
5615 { config_parse_notify_access, "ACCESS" },
5616 { config_parse_ip_tos, "TOS" },
5617 { config_parse_unit_condition_path, "CONDITION" },
5618 { config_parse_unit_condition_string, "CONDITION" },
5619 { config_parse_unit_slice, "SLICE" },
5620 { config_parse_documentation, "URL" },
5621 { config_parse_service_timeout, "SECONDS" },
5622 { config_parse_emergency_action, "ACTION" },
5623 { config_parse_set_status, "STATUS" },
5624 { config_parse_service_sockets, "SOCKETS" },
5625 { config_parse_environ, "ENVIRON" },
5626 #if HAVE_SECCOMP
5627 { config_parse_syscall_filter, "SYSCALLS" },
5628 { config_parse_syscall_archs, "ARCHS" },
5629 { config_parse_syscall_errno, "ERRNO" },
5630 { config_parse_syscall_log, "SYSCALLS" },
5631 { config_parse_address_families, "FAMILIES" },
5632 { config_parse_restrict_namespaces, "NAMESPACES" },
5633 #endif
5634 { config_parse_cpu_shares, "SHARES" },
5635 { config_parse_cg_weight, "WEIGHT" },
5636 { config_parse_memory_limit, "LIMIT" },
5637 { config_parse_device_allow, "DEVICE" },
5638 { config_parse_device_policy, "POLICY" },
5639 { config_parse_io_limit, "LIMIT" },
5640 { config_parse_io_device_weight, "DEVICEWEIGHT" },
5641 { config_parse_io_device_latency, "DEVICELATENCY" },
5642 { config_parse_blockio_bandwidth, "BANDWIDTH" },
5643 { config_parse_blockio_weight, "WEIGHT" },
5644 { config_parse_blockio_device_weight, "DEVICEWEIGHT" },
5645 { config_parse_long, "LONG" },
5646 { config_parse_socket_service, "SERVICE" },
5647 #if HAVE_SELINUX
5648 { config_parse_exec_selinux_context, "LABEL" },
5649 #endif
5650 { config_parse_job_mode, "MODE" },
5651 { config_parse_job_mode_isolate, "BOOLEAN" },
5652 { config_parse_personality, "PERSONALITY" },
5653 };
5654
5655 const char *prev = NULL;
5656 const char *i;
5657
5658 assert(f);
5659
5660 NULSTR_FOREACH(i, load_fragment_gperf_nulstr) {
5661 const char *rvalue = "OTHER", *lvalue;
5662 const ConfigPerfItem *p;
5663 const char *dot;
5664
5665 assert_se(p = load_fragment_gperf_lookup(i, strlen(i)));
5666
5667 /* Hide legacy settings */
5668 if (p->parse == config_parse_warn_compat &&
5669 p->ltype == DISABLED_LEGACY)
5670 continue;
5671
5672 for (size_t j = 0; j < ELEMENTSOF(table); j++)
5673 if (p->parse == table[j].callback) {
5674 rvalue = table[j].rvalue;
5675 break;
5676 }
5677
5678 dot = strchr(i, '.');
5679 lvalue = dot ? dot + 1 : i;
5680
5681 if (dot) {
5682 size_t prefix_len = dot - i;
5683
5684 if (!prev || !strneq(prev, i, prefix_len+1)) {
5685 if (prev)
5686 fputc('\n', f);
5687
5688 fprintf(f, "[%.*s]\n", (int) prefix_len, i);
5689 }
5690 }
5691
5692 fprintf(f, "%s=%s\n", lvalue, rvalue);
5693 prev = i;
5694 }
5695 }
5696
5697 int config_parse_cpu_affinity2(
5698 const char *unit,
5699 const char *filename,
5700 unsigned line,
5701 const char *section,
5702 unsigned section_line,
5703 const char *lvalue,
5704 int ltype,
5705 const char *rvalue,
5706 void *data,
5707 void *userdata) {
5708
5709 CPUSet *affinity = data;
5710
5711 assert(affinity);
5712
5713 (void) parse_cpu_set_extend(rvalue, affinity, true, unit, filename, line, lvalue);
5714
5715 return 0;
5716 }
5717
5718 int config_parse_show_status(
5719 const char* unit,
5720 const char *filename,
5721 unsigned line,
5722 const char *section,
5723 unsigned section_line,
5724 const char *lvalue,
5725 int ltype,
5726 const char *rvalue,
5727 void *data,
5728 void *userdata) {
5729
5730 int k;
5731 ShowStatus *b = data;
5732
5733 assert(filename);
5734 assert(lvalue);
5735 assert(rvalue);
5736 assert(data);
5737
5738 k = parse_show_status(rvalue, b);
5739 if (k < 0)
5740 log_syntax(unit, LOG_WARNING, filename, line, k, "Failed to parse show status setting, ignoring: %s", rvalue);
5741
5742 return 0;
5743 }
5744
5745 int config_parse_output_restricted(
5746 const char* unit,
5747 const char *filename,
5748 unsigned line,
5749 const char *section,
5750 unsigned section_line,
5751 const char *lvalue,
5752 int ltype,
5753 const char *rvalue,
5754 void *data,
5755 void *userdata) {
5756
5757 ExecOutput t, *eo = data;
5758 bool obsolete = false;
5759
5760 assert(filename);
5761 assert(lvalue);
5762 assert(rvalue);
5763 assert(data);
5764
5765 if (streq(rvalue, "syslog")) {
5766 t = EXEC_OUTPUT_JOURNAL;
5767 obsolete = true;
5768 } else if (streq(rvalue, "syslog+console")) {
5769 t = EXEC_OUTPUT_JOURNAL_AND_CONSOLE;
5770 obsolete = true;
5771 } else {
5772 t = exec_output_from_string(rvalue);
5773 if (t < 0) {
5774 log_syntax(unit, LOG_WARNING, filename, line, 0, "Failed to parse output type, ignoring: %s", rvalue);
5775 return 0;
5776 }
5777
5778 if (IN_SET(t, EXEC_OUTPUT_SOCKET, EXEC_OUTPUT_NAMED_FD, EXEC_OUTPUT_FILE, EXEC_OUTPUT_FILE_APPEND, EXEC_OUTPUT_FILE_TRUNCATE)) {
5779 log_syntax(unit, LOG_WARNING, filename, line, 0, "Standard output types socket, fd:, file:, append:, truncate: are not supported as defaults, ignoring: %s", rvalue);
5780 return 0;
5781 }
5782 }
5783
5784 if (obsolete)
5785 log_syntax(unit, LOG_NOTICE, filename, line, 0,
5786 "Standard output type %s is obsolete, automatically updating to %s. Please update your configuration.",
5787 rvalue, exec_output_to_string(t));
5788
5789 *eo = t;
5790 return 0;
5791 }
5792
5793 int config_parse_crash_chvt(
5794 const char* unit,
5795 const char *filename,
5796 unsigned line,
5797 const char *section,
5798 unsigned section_line,
5799 const char *lvalue,
5800 int ltype,
5801 const char *rvalue,
5802 void *data,
5803 void *userdata) {
5804
5805 int r;
5806
5807 assert(filename);
5808 assert(lvalue);
5809 assert(rvalue);
5810 assert(data);
5811
5812 r = parse_crash_chvt(rvalue, data);
5813 if (r < 0)
5814 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse CrashChangeVT= setting, ignoring: %s", rvalue);
5815
5816 return 0;
5817 }
5818
5819 int config_parse_swap_priority(
5820 const char *unit,
5821 const char *filename,
5822 unsigned line,
5823 const char *section,
5824 unsigned section_line,
5825 const char *lvalue,
5826 int ltype,
5827 const char *rvalue,
5828 void *data,
5829 void *userdata) {
5830
5831 Swap *s = userdata;
5832 int r, priority;
5833
5834 assert(s);
5835 assert(filename);
5836 assert(lvalue);
5837 assert(rvalue);
5838 assert(data);
5839
5840 if (isempty(rvalue)) {
5841 s->parameters_fragment.priority = -1;
5842 s->parameters_fragment.priority_set = false;
5843 return 0;
5844 }
5845
5846 r = safe_atoi(rvalue, &priority);
5847 if (r < 0) {
5848 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid swap priority '%s', ignoring.", rvalue);
5849 return 0;
5850 }
5851
5852 if (priority < -1) {
5853 log_syntax(unit, LOG_WARNING, filename, line, 0, "Sorry, swap priorities smaller than -1 may only be assigned by the kernel itself, ignoring: %s", rvalue);
5854 return 0;
5855 }
5856
5857 if (priority > 32767) {
5858 log_syntax(unit, LOG_WARNING, filename, line, 0, "Swap priority out of range, ignoring: %s", rvalue);
5859 return 0;
5860 }
5861
5862 s->parameters_fragment.priority = priority;
5863 s->parameters_fragment.priority_set = true;
5864 return 0;
5865 }
Unnamed repository; edit this file 'description' to name the repository.