1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 Copyright © 2012 Holger Hans Peter Freyther
14 #include <sys/resource.h>
16 #include "sd-messages.h"
19 #include "all-units.h"
20 #include "alloc-util.h"
21 #include "bpf-firewall.h"
23 #include "bpf-program.h"
24 #include "bpf-socket-bind.h"
25 #include "bus-error.h"
26 #include "bus-internal.h"
29 #include "capability-util.h"
30 #include "cgroup-setup.h"
31 #include "conf-parser.h"
32 #include "core-varlink.h"
33 #include "cpu-set-util.h"
34 #include "creds-util.h"
36 #include "errno-list.h"
41 #include "hexdecoct.h"
43 #include "ioprio-util.h"
44 #include "ip-protocol-list.h"
45 #include "journal-file.h"
46 #include "limits-util.h"
47 #include "load-fragment.h"
49 #include "missing_ioprio.h"
50 #include "mountpoint-util.h"
51 #include "nulstr-util.h"
52 #include "parse-helpers.h"
53 #include "parse-util.h"
54 #include "path-util.h"
55 #include "percent-util.h"
56 #include "process-util.h"
58 #include "seccomp-util.h"
60 #include "securebits-util.h"
61 #include "selinux-util.h"
62 #include "signal-util.h"
63 #include "socket-netlink.h"
64 #include "specifier.h"
65 #include "stat-util.h"
66 #include "string-util.h"
68 #include "syslog-util.h"
69 #include "time-util.h"
70 #include "unit-name.h"
71 #include "unit-printf.h"
72 #include "user-util.h"
76 static int parse_socket_protocol(const char *s
) {
79 r
= parse_ip_protocol(s
);
82 if (!IN_SET(r
, IPPROTO_UDPLITE
, IPPROTO_SCTP
))
83 return -EPROTONOSUPPORT
;
88 int parse_crash_chvt(const char *value
, int *data
) {
91 if (safe_atoi(value
, data
) >= 0)
94 b
= parse_boolean(value
);
99 *data
= 0; /* switch to where kmsg goes */
101 *data
= -1; /* turn off switching */
106 int parse_confirm_spawn(const char *value
, char **console
) {
110 r
= value
? parse_boolean(value
) : 1;
114 } else if (r
> 0) /* on with default tty */
115 s
= strdup("/dev/console");
116 else if (is_path(value
)) /* on with fully qualified path */
118 else /* on with only a tty file name, not a fully qualified path */
119 s
= path_join("/dev/", value
);
127 DEFINE_CONFIG_PARSE(config_parse_socket_protocol
, parse_socket_protocol
, "Failed to parse socket protocol");
128 DEFINE_CONFIG_PARSE(config_parse_exec_secure_bits
, secure_bits_from_string
, "Failed to parse secure bits");
129 DEFINE_CONFIG_PARSE_ENUM(config_parse_collect_mode
, collect_mode
, CollectMode
, "Failed to parse garbage collection mode");
130 DEFINE_CONFIG_PARSE_ENUM(config_parse_device_policy
, cgroup_device_policy
, CGroupDevicePolicy
, "Failed to parse device policy");
131 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_keyring_mode
, exec_keyring_mode
, ExecKeyringMode
, "Failed to parse keyring mode");
132 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_proc
, protect_proc
, ProtectProc
, "Failed to parse /proc/ protection mode");
133 DEFINE_CONFIG_PARSE_ENUM(config_parse_proc_subset
, proc_subset
, ProcSubset
, "Failed to parse /proc/ subset mode");
134 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_utmp_mode
, exec_utmp_mode
, ExecUtmpMode
, "Failed to parse utmp mode");
135 DEFINE_CONFIG_PARSE_ENUM(config_parse_job_mode
, job_mode
, JobMode
, "Failed to parse job mode");
136 DEFINE_CONFIG_PARSE_ENUM(config_parse_notify_access
, notify_access
, NotifyAccess
, "Failed to parse notify access specifier");
137 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_home
, protect_home
, ProtectHome
, "Failed to parse protect home value");
138 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_system
, protect_system
, ProtectSystem
, "Failed to parse protect system value");
139 DEFINE_CONFIG_PARSE_ENUM(config_parse_runtime_preserve_mode
, exec_preserve_mode
, ExecPreserveMode
, "Failed to parse runtime directory preserve mode");
140 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_type
, service_type
, ServiceType
, "Failed to parse service type");
141 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_exit_type
, service_exit_type
, ServiceExitType
, "Failed to parse service exit type");
142 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_restart
, service_restart
, ServiceRestart
, "Failed to parse service restart specifier");
143 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_timeout_failure_mode
, service_timeout_failure_mode
, ServiceTimeoutFailureMode
, "Failed to parse timeout failure mode");
144 DEFINE_CONFIG_PARSE_ENUM(config_parse_socket_bind
, socket_address_bind_ipv6_only_or_bool
, SocketAddressBindIPv6Only
, "Failed to parse bind IPv6 only value");
145 DEFINE_CONFIG_PARSE_ENUM(config_parse_oom_policy
, oom_policy
, OOMPolicy
, "Failed to parse OOM policy");
146 DEFINE_CONFIG_PARSE_ENUM(config_parse_managed_oom_preference
, managed_oom_preference
, ManagedOOMPreference
, "Failed to parse ManagedOOMPreference=");
147 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_ip_tos
, ip_tos
, int, -1, "Failed to parse IP TOS value");
148 DEFINE_CONFIG_PARSE_PTR(config_parse_blockio_weight
, cg_blkio_weight_parse
, uint64_t, "Invalid block IO weight");
149 DEFINE_CONFIG_PARSE_PTR(config_parse_cg_weight
, cg_weight_parse
, uint64_t, "Invalid weight");
150 DEFINE_CONFIG_PARSE_PTR(config_parse_cg_cpu_weight
, cg_cpu_weight_parse
, uint64_t, "Invalid CPU weight");
151 static DEFINE_CONFIG_PARSE_PTR(config_parse_cpu_shares_internal
, cg_cpu_shares_parse
, uint64_t, "Invalid CPU shares");
152 DEFINE_CONFIG_PARSE_PTR(config_parse_exec_mount_flags
, mount_propagation_flags_from_string
, unsigned long, "Failed to parse mount flag");
153 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_numa_policy
, mpol
, int, -1, "Invalid NUMA policy type");
154 DEFINE_CONFIG_PARSE_ENUM(config_parse_status_unit_format
, status_unit_format
, StatusUnitFormat
, "Failed to parse status unit format");
155 DEFINE_CONFIG_PARSE_ENUM_FULL(config_parse_socket_timestamping
, socket_timestamping_from_string_harder
, SocketTimestamping
, "Failed to parse timestamping precision");
157 int config_parse_cpu_shares(
159 const char *filename
,
162 unsigned section_line
,
174 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
175 "Unit uses %s=; please use CPUWeight= instead. Support for %s= will be removed soon.",
178 return config_parse_cpu_shares_internal(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, data
, userdata
);
181 bool contains_instance_specifier_superset(const char *s
) {
183 bool percent
= false;
197 /* If the string is just the instance specifier, it's not a superset of the instance. */
198 if (memcmp_nn(p
, q
- p
, "%i", strlen("%i")) == 0)
201 /* %i, %n and %N all expand to the instance or a superset of it. */
206 if (IN_SET(*p
, 'n', 'N', 'i'))
215 /* `name` is the rendered version of `format` via `unit_printf` or similar functions. */
216 int unit_is_likely_recursive_template_dependency(Unit
*u
, const char *name
, const char *format
) {
217 const char *fragment_path
;
223 /* If a template unit has a direct dependency on itself that includes the unit instance as part of
224 * the template instance via a unit specifier (%i, %n or %N), this will almost certainly lead to
225 * infinite recursion as systemd will keep instantiating new instances of the template unit.
226 * https://github.com/systemd/systemd/issues/17602 shows a good example of how this can happen in
227 * practice. To guard against this, we check for templates that depend on themselves and have the
228 * instantiated unit instance included as part of the template instance of the dependency via a
231 * For example, if systemd-notify@.service depends on systemd-notify@%n.service, this will result in
232 * infinite recursion.
235 if (!unit_name_is_valid(name
, UNIT_NAME_INSTANCE
))
238 if (!unit_name_prefix_equal(u
->id
, name
))
241 if (u
->type
!= unit_name_to_type(name
))
244 r
= unit_file_find_fragment(u
->manager
->unit_id_map
, u
->manager
->unit_name_map
, name
, &fragment_path
, NULL
);
248 /* Fragment paths should also be equal as a custom fragment for a specific template instance
249 * wouldn't necessarily lead to infinite recursion. */
250 if (!path_equal_ptr(u
->fragment_path
, fragment_path
))
253 if (!contains_instance_specifier_superset(format
))
259 int config_parse_unit_deps(
261 const char *filename
,
264 unsigned section_line
,
271 UnitDependency d
= ltype
;
278 for (const char *p
= rvalue
;;) {
279 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
282 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_RETAIN_ESCAPE
);
288 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
292 r
= unit_name_printf(u
, word
, &k
);
294 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
298 r
= unit_is_likely_recursive_template_dependency(u
, k
, word
);
300 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to determine if '%s' is a recursive dependency, ignoring: %m", k
);
304 log_syntax(unit
, LOG_DEBUG
, filename
, line
, 0,
305 "Dropping dependency %s=%s that likely leads to infinite recursion.",
306 unit_dependency_to_string(d
), word
);
310 r
= unit_add_dependency_by_name(u
, d
, k
, true, UNIT_DEPENDENCY_FILE
);
312 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add dependency on %s, ignoring: %m", k
);
316 int config_parse_obsolete_unit_deps(
318 const char *filename
,
321 unsigned section_line
,
328 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
329 "Unit dependency type %s= is obsolete, replacing by %s=, please update your unit file", lvalue
, unit_dependency_to_string(ltype
));
331 return config_parse_unit_deps(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, data
, userdata
);
334 int config_parse_unit_string_printf(
336 const char *filename
,
339 unsigned section_line
,
346 _cleanup_free_
char *k
= NULL
;
347 const Unit
*u
= ASSERT_PTR(userdata
);
354 r
= unit_full_printf(u
, rvalue
, &k
);
356 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
360 return config_parse_string(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
363 int config_parse_unit_strv_printf(
365 const char *filename
,
368 unsigned section_line
,
375 const Unit
*u
= ASSERT_PTR(userdata
);
376 _cleanup_free_
char *k
= NULL
;
383 r
= unit_full_printf(u
, rvalue
, &k
);
385 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
389 return config_parse_strv(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
392 int config_parse_unit_path_printf(
394 const char *filename
,
397 unsigned section_line
,
404 _cleanup_free_
char *k
= NULL
;
405 const Unit
*u
= ASSERT_PTR(userdata
);
413 r
= unit_path_printf(u
, rvalue
, &k
);
415 log_syntax(unit
, fatal
? LOG_ERR
: LOG_WARNING
, filename
, line
, r
,
416 "Failed to resolve unit specifiers in '%s'%s: %m",
417 rvalue
, fatal
? "" : ", ignoring");
418 return fatal
? -ENOEXEC
: 0;
421 return config_parse_path(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
424 int config_parse_colon_separated_paths(
426 const char *filename
,
429 unsigned section_line
,
435 char ***sv
= ASSERT_PTR(data
);
436 const Unit
*u
= userdata
;
443 if (isempty(rvalue
)) {
444 /* Empty assignment resets the list */
445 *sv
= strv_free(*sv
);
449 for (const char *p
= rvalue
;;) {
450 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
452 r
= extract_first_word(&p
, &word
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
456 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract first word, ignoring: %s", rvalue
);
462 r
= unit_path_printf(u
, word
, &k
);
464 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
465 "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
469 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
473 r
= strv_consume(sv
, TAKE_PTR(k
));
481 int config_parse_unit_path_strv_printf(
483 const char *filename
,
486 unsigned section_line
,
494 const Unit
*u
= ASSERT_PTR(userdata
);
501 if (isempty(rvalue
)) {
506 for (const char *p
= rvalue
;;) {
507 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
509 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
515 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
516 "Invalid syntax, ignoring: %s", rvalue
);
520 r
= unit_path_printf(u
, word
, &k
);
522 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
523 "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
527 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
531 r
= strv_consume(x
, TAKE_PTR(k
));
537 static int patch_var_run(
539 const char *filename
,
547 e
= path_startswith(*path
, "/var/run/");
551 z
= path_join("/run/", e
);
555 log_syntax(unit
, LOG_NOTICE
, filename
, line
, 0,
556 "%s= references a path below legacy directory /var/run/, updating %s → %s; "
557 "please update the unit file accordingly.", lvalue
, *path
, z
);
559 free_and_replace(*path
, z
);
564 int config_parse_socket_listen(
566 const char *filename
,
569 unsigned section_line
,
576 _cleanup_free_ SocketPort
*p
= NULL
;
588 if (isempty(rvalue
)) {
589 /* An empty assignment removes all ports */
590 socket_free_ports(s
);
594 p
= new0(SocketPort
, 1);
598 if (ltype
!= SOCKET_SOCKET
) {
599 _cleanup_free_
char *k
= NULL
;
601 r
= unit_path_printf(UNIT(s
), rvalue
, &k
);
603 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
607 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
611 if (ltype
== SOCKET_FIFO
) {
612 r
= patch_var_run(unit
, filename
, line
, lvalue
, &k
);
617 free_and_replace(p
->path
, k
);
620 } else if (streq(lvalue
, "ListenNetlink")) {
621 _cleanup_free_
char *k
= NULL
;
623 r
= unit_path_printf(UNIT(s
), rvalue
, &k
);
625 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
629 r
= socket_address_parse_netlink(&p
->address
, k
);
631 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse address value in '%s', ignoring: %m", k
);
635 p
->type
= SOCKET_SOCKET
;
638 _cleanup_free_
char *k
= NULL
;
640 r
= unit_path_printf(UNIT(s
), rvalue
, &k
);
642 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
646 if (k
[0] == '/') { /* Only for AF_UNIX file system sockets… */
647 r
= patch_var_run(unit
, filename
, line
, lvalue
, &k
);
652 r
= socket_address_parse_and_warn(&p
->address
, k
);
654 if (r
!= -EAFNOSUPPORT
)
655 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse address value in '%s', ignoring: %m", k
);
659 if (streq(lvalue
, "ListenStream"))
660 p
->address
.type
= SOCK_STREAM
;
661 else if (streq(lvalue
, "ListenDatagram"))
662 p
->address
.type
= SOCK_DGRAM
;
664 assert(streq(lvalue
, "ListenSequentialPacket"));
665 p
->address
.type
= SOCK_SEQPACKET
;
668 if (socket_address_family(&p
->address
) != AF_UNIX
&& p
->address
.type
== SOCK_SEQPACKET
) {
669 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Address family not supported, ignoring: %s", rvalue
);
673 p
->type
= SOCKET_SOCKET
;
677 p
->auxiliary_fds
= NULL
;
678 p
->n_auxiliary_fds
= 0;
681 LIST_FIND_TAIL(port
, s
->ports
, tail
);
682 LIST_INSERT_AFTER(port
, s
->ports
, tail
, p
);
689 int config_parse_exec_nice(
691 const char *filename
,
694 unsigned section_line
,
701 ExecContext
*c
= ASSERT_PTR(data
);
708 if (isempty(rvalue
)) {
713 r
= parse_nice(rvalue
, &priority
);
716 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Nice priority out of range, ignoring: %s", rvalue
);
718 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse nice priority '%s', ignoring: %m", rvalue
);
728 int config_parse_exec_oom_score_adjust(
730 const char *filename
,
733 unsigned section_line
,
740 ExecContext
*c
= ASSERT_PTR(data
);
747 if (isempty(rvalue
)) {
748 c
->oom_score_adjust_set
= false;
752 r
= parse_oom_score_adjust(rvalue
, &oa
);
755 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "OOM score adjust value out of range, ignoring: %s", rvalue
);
757 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse the OOM score adjust value '%s', ignoring: %m", rvalue
);
761 c
->oom_score_adjust
= oa
;
762 c
->oom_score_adjust_set
= true;
767 int config_parse_exec_coredump_filter(
769 const char *filename
,
772 unsigned section_line
,
779 ExecContext
*c
= ASSERT_PTR(data
);
786 if (isempty(rvalue
)) {
787 c
->coredump_filter
= 0;
788 c
->coredump_filter_set
= false;
793 r
= coredump_filter_mask_from_string(rvalue
, &f
);
795 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
796 "Failed to parse the CoredumpFilter=%s, ignoring: %m", rvalue
);
800 c
->coredump_filter
|= f
;
801 c
->oom_score_adjust_set
= true;
805 int config_parse_kill_mode(
807 const char *filename
,
810 unsigned section_line
,
817 KillMode
*k
= data
, m
;
824 if (isempty(rvalue
)) {
825 *k
= KILL_CONTROL_GROUP
;
829 m
= kill_mode_from_string(rvalue
);
831 log_syntax(unit
, LOG_WARNING
, filename
, line
, m
,
832 "Failed to parse kill mode specification, ignoring: %s", rvalue
);
837 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
838 "Unit uses KillMode=none. "
839 "This is unsafe, as it disables systemd's process lifecycle management for the service. "
840 "Please update the service to use a safer KillMode=, such as 'mixed' or 'control-group'. "
841 "Support for KillMode=none is deprecated and will eventually be removed.");
847 int config_parse_exec(
849 const char *filename
,
852 unsigned section_line
,
859 ExecCommand
**e
= ASSERT_PTR(data
);
860 const Unit
*u
= userdata
;
871 if (isempty(rvalue
)) {
872 /* An empty assignment resets the list */
873 *e
= exec_command_free_list(*e
);
879 _cleanup_free_
char *path
= NULL
, *firstword
= NULL
;
880 ExecCommandFlags flags
= 0;
881 bool ignore
= false, separate_argv0
= false;
882 _cleanup_free_ ExecCommand
*nce
= NULL
;
883 _cleanup_strv_free_
char **n
= NULL
;
889 r
= extract_first_word_and_warn(&p
, &firstword
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_CUNESCAPE
, unit
, filename
, line
, rvalue
);
893 /* A lone ";" is a separator. Let's make sure we don't treat it as an executable name. */
894 if (streq(firstword
, ";")) {
901 /* We accept an absolute path as first argument. If it's prefixed with - and the path doesn't
902 * exist, we ignore it instead of erroring out; if it's prefixed with @, we allow overriding of
903 * argv[0]; if it's prefixed with :, we will not do environment variable substitution;
904 * if it's prefixed with +, it will be run with full privileges and no sandboxing; if
905 * it's prefixed with '!' we apply sandboxing, but do not change user/group credentials; if
906 * it's prefixed with '!!', then we apply user/group credentials if the kernel supports ambient
907 * capabilities -- if it doesn't we don't apply the credentials themselves, but do apply most
908 * other sandboxing, with some special exceptions for changing UID.
910 * The idea is that '!!' may be used to write services that can take benefit of systemd's
911 * UID/GID dropping if the kernel supports ambient creds, but provide an automatic fallback to
912 * privilege dropping within the daemon if the kernel does not offer that. */
914 if (*f
== '-' && !(flags
& EXEC_COMMAND_IGNORE_FAILURE
)) {
915 flags
|= EXEC_COMMAND_IGNORE_FAILURE
;
917 } else if (*f
== '@' && !separate_argv0
)
918 separate_argv0
= true;
919 else if (*f
== ':' && !(flags
& EXEC_COMMAND_NO_ENV_EXPAND
))
920 flags
|= EXEC_COMMAND_NO_ENV_EXPAND
;
921 else if (*f
== '+' && !(flags
& (EXEC_COMMAND_FULLY_PRIVILEGED
|EXEC_COMMAND_NO_SETUID
|EXEC_COMMAND_AMBIENT_MAGIC
)))
922 flags
|= EXEC_COMMAND_FULLY_PRIVILEGED
;
923 else if (*f
== '!' && !(flags
& (EXEC_COMMAND_FULLY_PRIVILEGED
|EXEC_COMMAND_NO_SETUID
|EXEC_COMMAND_AMBIENT_MAGIC
)))
924 flags
|= EXEC_COMMAND_NO_SETUID
;
925 else if (*f
== '!' && !(flags
& (EXEC_COMMAND_FULLY_PRIVILEGED
|EXEC_COMMAND_AMBIENT_MAGIC
))) {
926 flags
&= ~EXEC_COMMAND_NO_SETUID
;
927 flags
|= EXEC_COMMAND_AMBIENT_MAGIC
;
933 r
= unit_path_printf(u
, f
, &path
);
935 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
936 "Failed to resolve unit specifiers in '%s'%s: %m",
937 f
, ignore
? ", ignoring" : "");
938 return ignore
? 0 : -ENOEXEC
;
942 /* First word is either "-" or "@" with no command. */
943 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
944 "Empty path in command line%s: '%s'",
945 ignore
? ", ignoring" : "", rvalue
);
946 return ignore
? 0 : -ENOEXEC
;
948 if (!string_is_safe(path
)) {
949 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
950 "Executable name contains special characters%s: %s",
951 ignore
? ", ignoring" : "", path
);
952 return ignore
? 0 : -ENOEXEC
;
954 if (endswith(path
, "/")) {
955 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
956 "Executable path specifies a directory%s: %s",
957 ignore
? ", ignoring" : "", path
);
958 return ignore
? 0 : -ENOEXEC
;
961 if (!(path_is_absolute(path
) ? path_is_valid(path
) : filename_is_valid(path
))) {
962 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
963 "Neither a valid executable name nor an absolute path%s: %s",
964 ignore
? ", ignoring" : "", path
);
965 return ignore
? 0 : -ENOEXEC
;
968 if (!separate_argv0
) {
971 if (!GREEDY_REALLOC0(n
, nlen
+ 2))
983 while (!isempty(p
)) {
984 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
;
986 /* Check explicitly for an unquoted semicolon as
987 * command separator token. */
988 if (p
[0] == ';' && (!p
[1] || strchr(WHITESPACE
, p
[1]))) {
990 p
+= strspn(p
, WHITESPACE
);
995 /* Check for \; explicitly, to not confuse it with \\; or "\;" or "\\;" etc.
996 * extract_first_word() would return the same for all of those. */
997 if (p
[0] == '\\' && p
[1] == ';' && (!p
[2] || strchr(WHITESPACE
, p
[2]))) {
1001 p
+= strspn(p
, WHITESPACE
);
1003 if (!GREEDY_REALLOC0(n
, nlen
+ 2))
1014 r
= extract_first_word_and_warn(&p
, &word
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_CUNESCAPE
, unit
, filename
, line
, rvalue
);
1018 return ignore
? 0 : -ENOEXEC
;
1020 r
= unit_full_printf(u
, word
, &resolved
);
1022 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
1023 "Failed to resolve unit specifiers in %s%s: %m",
1024 word
, ignore
? ", ignoring" : "");
1025 return ignore
? 0 : -ENOEXEC
;
1028 if (!GREEDY_REALLOC(n
, nlen
+ 2))
1031 n
[nlen
++] = TAKE_PTR(resolved
);
1036 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
1037 "Empty executable name or zeroeth argument%s: %s",
1038 ignore
? ", ignoring" : "", rvalue
);
1039 return ignore
? 0 : -ENOEXEC
;
1042 nce
= new0(ExecCommand
, 1);
1046 nce
->argv
= TAKE_PTR(n
);
1047 nce
->path
= TAKE_PTR(path
);
1050 exec_command_append_list(e
, nce
);
1052 /* Do not _cleanup_free_ these. */
1056 } while (semicolon
);
1061 int config_parse_socket_bindtodevice(
1063 const char *filename
,
1065 const char *section
,
1066 unsigned section_line
,
1073 Socket
*s
= ASSERT_PTR(data
);
1079 if (isempty(rvalue
) || streq(rvalue
, "*")) {
1080 s
->bind_to_device
= mfree(s
->bind_to_device
);
1084 if (!ifname_valid(rvalue
)) {
1085 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid interface name, ignoring: %s", rvalue
);
1089 return free_and_strdup_warn(&s
->bind_to_device
, rvalue
);
1092 int config_parse_exec_input(
1094 const char *filename
,
1096 const char *section
,
1097 unsigned section_line
,
1104 ExecContext
*c
= ASSERT_PTR(data
);
1105 const Unit
*u
= userdata
;
1114 n
= startswith(rvalue
, "fd:");
1116 _cleanup_free_
char *resolved
= NULL
;
1118 r
= unit_fd_printf(u
, n
, &resolved
);
1120 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", n
);
1124 if (isempty(resolved
))
1125 resolved
= mfree(resolved
);
1126 else if (!fdname_is_valid(resolved
)) {
1127 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid file descriptor name, ignoring: %s", resolved
);
1131 free_and_replace(c
->stdio_fdname
[STDIN_FILENO
], resolved
);
1133 ei
= EXEC_INPUT_NAMED_FD
;
1135 } else if ((n
= startswith(rvalue
, "file:"))) {
1136 _cleanup_free_
char *resolved
= NULL
;
1138 r
= unit_path_printf(u
, n
, &resolved
);
1140 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", n
);
1144 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
1148 free_and_replace(c
->stdio_file
[STDIN_FILENO
], resolved
);
1150 ei
= EXEC_INPUT_FILE
;
1153 ei
= exec_input_from_string(rvalue
);
1155 log_syntax(unit
, LOG_WARNING
, filename
, line
, ei
, "Failed to parse input specifier, ignoring: %s", rvalue
);
1164 int config_parse_exec_input_text(
1166 const char *filename
,
1168 const char *section
,
1169 unsigned section_line
,
1176 _cleanup_free_
char *unescaped
= NULL
, *resolved
= NULL
;
1177 ExecContext
*c
= ASSERT_PTR(data
);
1178 const Unit
*u
= userdata
;
1185 if (isempty(rvalue
)) {
1186 /* Reset if the empty string is assigned */
1187 c
->stdin_data
= mfree(c
->stdin_data
);
1188 c
->stdin_data_size
= 0;
1192 ssize_t l
= cunescape(rvalue
, 0, &unescaped
);
1194 log_syntax(unit
, LOG_WARNING
, filename
, line
, l
,
1195 "Failed to decode C escaped text '%s', ignoring: %m", rvalue
);
1199 r
= unit_full_printf_full(u
, unescaped
, EXEC_STDIN_DATA_MAX
, &resolved
);
1201 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1202 "Failed to resolve unit specifiers in '%s', ignoring: %m", unescaped
);
1206 size_t sz
= strlen(resolved
);
1207 if (c
->stdin_data_size
+ sz
+ 1 < c
->stdin_data_size
|| /* check for overflow */
1208 c
->stdin_data_size
+ sz
+ 1 > EXEC_STDIN_DATA_MAX
) {
1209 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1210 "Standard input data too large (%zu), maximum of %zu permitted, ignoring.",
1211 c
->stdin_data_size
+ sz
, (size_t) EXEC_STDIN_DATA_MAX
);
1215 void *p
= realloc(c
->stdin_data
, c
->stdin_data_size
+ sz
+ 1);
1219 *((char*) mempcpy((char*) p
+ c
->stdin_data_size
, resolved
, sz
)) = '\n';
1222 c
->stdin_data_size
+= sz
+ 1;
1227 int config_parse_exec_input_data(
1229 const char *filename
,
1231 const char *section
,
1232 unsigned section_line
,
1239 _cleanup_free_
void *p
= NULL
;
1240 ExecContext
*c
= ASSERT_PTR(data
);
1249 if (isempty(rvalue
)) {
1250 /* Reset if the empty string is assigned */
1251 c
->stdin_data
= mfree(c
->stdin_data
);
1252 c
->stdin_data_size
= 0;
1256 r
= unbase64mem(rvalue
, SIZE_MAX
, &p
, &sz
);
1258 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1259 "Failed to decode base64 data, ignoring: %s", rvalue
);
1265 if (c
->stdin_data_size
+ sz
< c
->stdin_data_size
|| /* check for overflow */
1266 c
->stdin_data_size
+ sz
> EXEC_STDIN_DATA_MAX
) {
1267 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1268 "Standard input data too large (%zu), maximum of %zu permitted, ignoring.",
1269 c
->stdin_data_size
+ sz
, (size_t) EXEC_STDIN_DATA_MAX
);
1273 q
= realloc(c
->stdin_data
, c
->stdin_data_size
+ sz
);
1277 memcpy((uint8_t*) q
+ c
->stdin_data_size
, p
, sz
);
1280 c
->stdin_data_size
+= sz
;
1285 int config_parse_exec_output(
1287 const char *filename
,
1289 const char *section
,
1290 unsigned section_line
,
1297 _cleanup_free_
char *resolved
= NULL
;
1299 ExecContext
*c
= ASSERT_PTR(data
);
1300 const Unit
*u
= userdata
;
1301 bool obsolete
= false;
1310 n
= startswith(rvalue
, "fd:");
1312 r
= unit_fd_printf(u
, n
, &resolved
);
1314 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", n
);
1318 if (isempty(resolved
))
1319 resolved
= mfree(resolved
);
1320 else if (!fdname_is_valid(resolved
)) {
1321 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid file descriptor name, ignoring: %s", resolved
);
1325 eo
= EXEC_OUTPUT_NAMED_FD
;
1327 } else if (streq(rvalue
, "syslog")) {
1328 eo
= EXEC_OUTPUT_JOURNAL
;
1331 } else if (streq(rvalue
, "syslog+console")) {
1332 eo
= EXEC_OUTPUT_JOURNAL_AND_CONSOLE
;
1335 } else if ((n
= startswith(rvalue
, "file:"))) {
1337 r
= unit_path_printf(u
, n
, &resolved
);
1339 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", n
);
1343 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
1347 eo
= EXEC_OUTPUT_FILE
;
1349 } else if ((n
= startswith(rvalue
, "append:"))) {
1351 r
= unit_path_printf(u
, n
, &resolved
);
1353 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", n
);
1357 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
1361 eo
= EXEC_OUTPUT_FILE_APPEND
;
1363 } else if ((n
= startswith(rvalue
, "truncate:"))) {
1365 r
= unit_path_printf(u
, n
, &resolved
);
1367 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", n
);
1371 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
1375 eo
= EXEC_OUTPUT_FILE_TRUNCATE
;
1377 eo
= exec_output_from_string(rvalue
);
1379 log_syntax(unit
, LOG_WARNING
, filename
, line
, eo
, "Failed to parse output specifier, ignoring: %s", rvalue
);
1385 log_syntax(unit
, LOG_NOTICE
, filename
, line
, 0,
1386 "Standard output type %s is obsolete, automatically updating to %s. Please update your unit file, and consider removing the setting altogether.",
1387 rvalue
, exec_output_to_string(eo
));
1389 if (streq(lvalue
, "StandardOutput")) {
1390 if (eo
== EXEC_OUTPUT_NAMED_FD
)
1391 free_and_replace(c
->stdio_fdname
[STDOUT_FILENO
], resolved
);
1393 free_and_replace(c
->stdio_file
[STDOUT_FILENO
], resolved
);
1398 assert(streq(lvalue
, "StandardError"));
1400 if (eo
== EXEC_OUTPUT_NAMED_FD
)
1401 free_and_replace(c
->stdio_fdname
[STDERR_FILENO
], resolved
);
1403 free_and_replace(c
->stdio_file
[STDERR_FILENO
], resolved
);
1411 int config_parse_exec_io_class(const char *unit
,
1412 const char *filename
,
1414 const char *section
,
1415 unsigned section_line
,
1422 ExecContext
*c
= ASSERT_PTR(data
);
1429 if (isempty(rvalue
)) {
1430 c
->ioprio_set
= false;
1431 c
->ioprio
= IOPRIO_DEFAULT_CLASS_AND_PRIO
;
1435 x
= ioprio_class_from_string(rvalue
);
1437 log_syntax(unit
, LOG_WARNING
, filename
, line
, x
, "Failed to parse IO scheduling class, ignoring: %s", rvalue
);
1441 c
->ioprio
= ioprio_normalize(ioprio_prio_value(x
, ioprio_prio_data(c
->ioprio
)));
1442 c
->ioprio_set
= true;
1447 int config_parse_exec_io_priority(const char *unit
,
1448 const char *filename
,
1450 const char *section
,
1451 unsigned section_line
,
1458 ExecContext
*c
= ASSERT_PTR(data
);
1465 if (isempty(rvalue
)) {
1466 c
->ioprio_set
= false;
1467 c
->ioprio
= IOPRIO_DEFAULT_CLASS_AND_PRIO
;
1471 r
= ioprio_parse_priority(rvalue
, &i
);
1473 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse IO priority, ignoring: %s", rvalue
);
1477 c
->ioprio
= ioprio_normalize(ioprio_prio_value(ioprio_prio_class(c
->ioprio
), i
));
1478 c
->ioprio_set
= true;
1483 int config_parse_exec_cpu_sched_policy(const char *unit
,
1484 const char *filename
,
1486 const char *section
,
1487 unsigned section_line
,
1494 ExecContext
*c
= ASSERT_PTR(data
);
1501 if (isempty(rvalue
)) {
1502 c
->cpu_sched_set
= false;
1503 c
->cpu_sched_policy
= SCHED_OTHER
;
1504 c
->cpu_sched_priority
= 0;
1508 x
= sched_policy_from_string(rvalue
);
1510 log_syntax(unit
, LOG_WARNING
, filename
, line
, x
, "Failed to parse CPU scheduling policy, ignoring: %s", rvalue
);
1514 c
->cpu_sched_policy
= x
;
1515 /* Moving to or from real-time policy? We need to adjust the priority */
1516 c
->cpu_sched_priority
= CLAMP(c
->cpu_sched_priority
, sched_get_priority_min(x
), sched_get_priority_max(x
));
1517 c
->cpu_sched_set
= true;
1522 int config_parse_exec_mount_apivfs(const char *unit
,
1523 const char *filename
,
1525 const char *section
,
1526 unsigned section_line
,
1533 ExecContext
*c
= ASSERT_PTR(data
);
1540 if (isempty(rvalue
)) {
1541 c
->mount_apivfs_set
= false;
1542 c
->mount_apivfs
= false;
1546 k
= parse_boolean(rvalue
);
1548 log_syntax(unit
, LOG_WARNING
, filename
, line
, k
,
1549 "Failed to parse boolean value, ignoring: %s",
1554 c
->mount_apivfs_set
= true;
1555 c
->mount_apivfs
= k
;
1559 int config_parse_numa_mask(const char *unit
,
1560 const char *filename
,
1562 const char *section
,
1563 unsigned section_line
,
1570 NUMAPolicy
*p
= ASSERT_PTR(data
);
1576 if (streq(rvalue
, "all")) {
1577 r
= numa_mask_add_all(&p
->nodes
);
1579 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1580 "Failed to create NUMA mask representing \"all\" NUMA nodes, ignoring: %m");
1582 r
= parse_cpu_set_extend(rvalue
, &p
->nodes
, true, unit
, filename
, line
, lvalue
);
1584 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse NUMA node mask, ignoring: %s", rvalue
);
1590 int config_parse_exec_cpu_sched_prio(const char *unit
,
1591 const char *filename
,
1593 const char *section
,
1594 unsigned section_line
,
1601 ExecContext
*c
= ASSERT_PTR(data
);
1608 r
= safe_atoi(rvalue
, &i
);
1610 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse CPU scheduling priority, ignoring: %s", rvalue
);
1614 /* On Linux RR/FIFO range from 1 to 99 and OTHER/BATCH may only be 0 */
1615 min
= sched_get_priority_min(c
->cpu_sched_policy
);
1616 max
= sched_get_priority_max(c
->cpu_sched_policy
);
1618 if (i
< min
|| i
> max
) {
1619 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "CPU scheduling priority is out of range, ignoring: %s", rvalue
);
1623 c
->cpu_sched_priority
= i
;
1624 c
->cpu_sched_set
= true;
1629 int config_parse_root_image_options(
1631 const char *filename
,
1633 const char *section
,
1634 unsigned section_line
,
1641 _cleanup_(mount_options_free_allp
) MountOptions
*options
= NULL
;
1642 _cleanup_strv_free_
char **l
= NULL
;
1643 ExecContext
*c
= ASSERT_PTR(data
);
1644 const Unit
*u
= userdata
;
1651 if (isempty(rvalue
)) {
1652 c
->root_image_options
= mount_options_free_all(c
->root_image_options
);
1656 r
= strv_split_colon_pairs(&l
, rvalue
);
1660 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s, ignoring: %s", lvalue
, rvalue
);
1664 STRV_FOREACH_PAIR(first
, second
, l
) {
1665 MountOptions
*o
= NULL
;
1666 _cleanup_free_
char *mount_options_resolved
= NULL
;
1667 const char *mount_options
= NULL
, *partition
= "root";
1668 PartitionDesignator partition_designator
;
1670 /* Format is either 'root:foo' or 'foo' (root is implied) */
1671 if (!isempty(*second
)) {
1673 mount_options
= *second
;
1675 mount_options
= *first
;
1677 partition_designator
= partition_designator_from_string(partition
);
1678 if (partition_designator
< 0) {
1679 log_syntax(unit
, LOG_WARNING
, filename
, line
, partition_designator
,
1680 "Invalid partition name %s, ignoring", partition
);
1683 r
= unit_full_printf(u
, mount_options
, &mount_options_resolved
);
1685 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options
);
1689 o
= new(MountOptions
, 1);
1692 *o
= (MountOptions
) {
1693 .partition_designator
= partition_designator
,
1694 .options
= TAKE_PTR(mount_options_resolved
),
1696 LIST_APPEND(mount_options
, options
, TAKE_PTR(o
));
1700 LIST_JOIN(mount_options
, c
->root_image_options
, options
);
1702 /* empty spaces/separators only */
1703 c
->root_image_options
= mount_options_free_all(c
->root_image_options
);
1708 int config_parse_exec_root_hash(
1710 const char *filename
,
1712 const char *section
,
1713 unsigned section_line
,
1720 _cleanup_free_
void *roothash_decoded
= NULL
;
1721 ExecContext
*c
= ASSERT_PTR(data
);
1722 size_t roothash_decoded_size
= 0;
1729 if (isempty(rvalue
)) {
1730 /* Reset if the empty string is assigned */
1731 c
->root_hash_path
= mfree(c
->root_hash_path
);
1732 c
->root_hash
= mfree(c
->root_hash
);
1733 c
->root_hash_size
= 0;
1737 if (path_is_absolute(rvalue
)) {
1738 /* We have the path to a roothash to load and decode, eg: RootHash=/foo/bar.roothash */
1739 _cleanup_free_
char *p
= NULL
;
1745 free_and_replace(c
->root_hash_path
, p
);
1746 c
->root_hash
= mfree(c
->root_hash
);
1747 c
->root_hash_size
= 0;
1751 /* We have a roothash to decode, eg: RootHash=012345789abcdef */
1752 r
= unhexmem(rvalue
, strlen(rvalue
), &roothash_decoded
, &roothash_decoded_size
);
1754 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to decode RootHash=, ignoring: %s", rvalue
);
1757 if (roothash_decoded_size
< sizeof(sd_id128_t
)) {
1758 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "RootHash= is too short, ignoring: %s", rvalue
);
1762 free_and_replace(c
->root_hash
, roothash_decoded
);
1763 c
->root_hash_size
= roothash_decoded_size
;
1764 c
->root_hash_path
= mfree(c
->root_hash_path
);
1769 int config_parse_exec_root_hash_sig(
1771 const char *filename
,
1773 const char *section
,
1774 unsigned section_line
,
1781 _cleanup_free_
void *roothash_sig_decoded
= NULL
;
1783 ExecContext
*c
= ASSERT_PTR(data
);
1784 size_t roothash_sig_decoded_size
= 0;
1791 if (isempty(rvalue
)) {
1792 /* Reset if the empty string is assigned */
1793 c
->root_hash_sig_path
= mfree(c
->root_hash_sig_path
);
1794 c
->root_hash_sig
= mfree(c
->root_hash_sig
);
1795 c
->root_hash_sig_size
= 0;
1799 if (path_is_absolute(rvalue
)) {
1800 /* We have the path to a roothash signature to load and decode, eg: RootHashSignature=/foo/bar.roothash.p7s */
1801 _cleanup_free_
char *p
= NULL
;
1807 free_and_replace(c
->root_hash_sig_path
, p
);
1808 c
->root_hash_sig
= mfree(c
->root_hash_sig
);
1809 c
->root_hash_sig_size
= 0;
1813 if (!(value
= startswith(rvalue
, "base64:"))) {
1814 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1815 "Failed to decode RootHashSignature=, not a path but doesn't start with 'base64:', ignoring: %s", rvalue
);
1819 /* We have a roothash signature to decode, eg: RootHashSignature=base64:012345789abcdef */
1820 r
= unbase64mem(value
, strlen(value
), &roothash_sig_decoded
, &roothash_sig_decoded_size
);
1822 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to decode RootHashSignature=, ignoring: %s", rvalue
);
1826 free_and_replace(c
->root_hash_sig
, roothash_sig_decoded
);
1827 c
->root_hash_sig_size
= roothash_sig_decoded_size
;
1828 c
->root_hash_sig_path
= mfree(c
->root_hash_sig_path
);
1833 int config_parse_exec_cpu_affinity(
1835 const char *filename
,
1837 const char *section
,
1838 unsigned section_line
,
1845 ExecContext
*c
= ASSERT_PTR(data
);
1846 const Unit
*u
= userdata
;
1847 _cleanup_free_
char *k
= NULL
;
1854 if (streq(rvalue
, "numa")) {
1855 c
->cpu_affinity_from_numa
= true;
1856 cpu_set_reset(&c
->cpu_set
);
1861 r
= unit_full_printf(u
, rvalue
, &k
);
1863 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1864 "Failed to resolve unit specifiers in '%s', ignoring: %m",
1869 r
= parse_cpu_set_extend(k
, &c
->cpu_set
, true, unit
, filename
, line
, lvalue
);
1871 c
->cpu_affinity_from_numa
= false;
1876 int config_parse_capability_set(
1878 const char *filename
,
1880 const char *section
,
1881 unsigned section_line
,
1888 uint64_t *capability_set
= ASSERT_PTR(data
);
1889 uint64_t sum
= 0, initial
= 0;
1890 bool invert
= false;
1897 if (rvalue
[0] == '~') {
1902 if (streq(lvalue
, "CapabilityBoundingSet"))
1903 initial
= CAP_ALL
; /* initialized to all bits on */
1904 /* else "AmbientCapabilities" initialized to all bits off */
1906 r
= capability_set_from_string(rvalue
, &sum
);
1908 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s= specifier '%s', ignoring: %m", lvalue
, rvalue
);
1912 if (sum
== 0 || *capability_set
== initial
)
1913 /* "", "~" or uninitialized data -> replace */
1914 *capability_set
= invert
? ~sum
: sum
;
1916 /* previous data -> merge */
1918 *capability_set
&= ~sum
;
1920 *capability_set
|= sum
;
1926 int config_parse_exec_selinux_context(
1928 const char *filename
,
1930 const char *section
,
1931 unsigned section_line
,
1938 ExecContext
*c
= ASSERT_PTR(data
);
1939 const Unit
*u
= userdata
;
1948 if (isempty(rvalue
)) {
1949 c
->selinux_context
= mfree(c
->selinux_context
);
1950 c
->selinux_context_ignore
= false;
1954 if (rvalue
[0] == '-') {
1960 r
= unit_full_printf(u
, rvalue
, &k
);
1962 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
1963 "Failed to resolve unit specifiers in '%s'%s: %m",
1964 rvalue
, ignore
? ", ignoring" : "");
1965 return ignore
? 0 : -ENOEXEC
;
1968 free_and_replace(c
->selinux_context
, k
);
1969 c
->selinux_context_ignore
= ignore
;
1974 int config_parse_exec_apparmor_profile(
1976 const char *filename
,
1978 const char *section
,
1979 unsigned section_line
,
1986 ExecContext
*c
= ASSERT_PTR(data
);
1987 const Unit
*u
= userdata
;
1996 if (isempty(rvalue
)) {
1997 c
->apparmor_profile
= mfree(c
->apparmor_profile
);
1998 c
->apparmor_profile_ignore
= false;
2002 if (rvalue
[0] == '-') {
2008 r
= unit_full_printf(u
, rvalue
, &k
);
2010 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
2011 "Failed to resolve unit specifiers in '%s'%s: %m",
2012 rvalue
, ignore
? ", ignoring" : "");
2013 return ignore
? 0 : -ENOEXEC
;
2016 free_and_replace(c
->apparmor_profile
, k
);
2017 c
->apparmor_profile_ignore
= ignore
;
2022 int config_parse_exec_smack_process_label(
2024 const char *filename
,
2026 const char *section
,
2027 unsigned section_line
,
2034 ExecContext
*c
= ASSERT_PTR(data
);
2035 const Unit
*u
= userdata
;
2044 if (isempty(rvalue
)) {
2045 c
->smack_process_label
= mfree(c
->smack_process_label
);
2046 c
->smack_process_label_ignore
= false;
2050 if (rvalue
[0] == '-') {
2056 r
= unit_full_printf(u
, rvalue
, &k
);
2058 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
2059 "Failed to resolve unit specifiers in '%s'%s: %m",
2060 rvalue
, ignore
? ", ignoring" : "");
2061 return ignore
? 0 : -ENOEXEC
;
2064 free_and_replace(c
->smack_process_label
, k
);
2065 c
->smack_process_label_ignore
= ignore
;
2070 int config_parse_timer(
2072 const char *filename
,
2074 const char *section
,
2075 unsigned section_line
,
2082 _cleanup_(calendar_spec_freep
) CalendarSpec
*c
= NULL
;
2083 _cleanup_free_
char *k
= NULL
;
2084 const Unit
*u
= userdata
;
2085 Timer
*t
= ASSERT_PTR(data
);
2094 if (isempty(rvalue
)) {
2095 /* Empty assignment resets list */
2096 timer_free_values(t
);
2100 r
= unit_full_printf(u
, rvalue
, &k
);
2102 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
2106 if (ltype
== TIMER_CALENDAR
) {
2107 r
= calendar_spec_from_string(k
, &c
);
2109 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse calendar specification, ignoring: %s", k
);
2113 r
= parse_sec(k
, &usec
);
2115 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse timer value, ignoring: %s", k
);
2120 v
= new(TimerValue
, 1);
2127 .calendar_spec
= TAKE_PTR(c
),
2130 LIST_PREPEND(value
, t
->values
, v
);
2135 int config_parse_trigger_unit(
2137 const char *filename
,
2139 const char *section
,
2140 unsigned section_line
,
2147 _cleanup_free_
char *p
= NULL
;
2148 Unit
*u
= ASSERT_PTR(data
);
2156 if (UNIT_TRIGGER(u
)) {
2157 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Multiple units to trigger specified, ignoring: %s", rvalue
);
2161 r
= unit_name_printf(u
, rvalue
, &p
);
2163 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2167 type
= unit_name_to_type(p
);
2169 log_syntax(unit
, LOG_WARNING
, filename
, line
, type
, "Unit type not valid, ignoring: %s", rvalue
);
2172 if (unit_has_name(u
, p
)) {
2173 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Units cannot trigger themselves, ignoring: %s", rvalue
);
2177 r
= unit_add_two_dependencies_by_name(u
, UNIT_BEFORE
, UNIT_TRIGGERS
, p
, true, UNIT_DEPENDENCY_FILE
);
2179 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add trigger on %s, ignoring: %m", p
);
2186 int config_parse_path_spec(const char *unit
,
2187 const char *filename
,
2189 const char *section
,
2190 unsigned section_line
,
2197 Path
*p
= ASSERT_PTR(data
);
2200 _cleanup_free_
char *k
= NULL
;
2207 if (isempty(rvalue
)) {
2208 /* Empty assignment clears list */
2213 b
= path_type_from_string(lvalue
);
2215 log_syntax(unit
, LOG_WARNING
, filename
, line
, b
, "Failed to parse path type, ignoring: %s", lvalue
);
2219 r
= unit_path_printf(UNIT(p
), rvalue
, &k
);
2221 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2225 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
2229 s
= new0(PathSpec
, 1);
2234 s
->path
= TAKE_PTR(k
);
2238 LIST_PREPEND(spec
, p
->specs
, s
);
2243 int config_parse_socket_service(
2245 const char *filename
,
2247 const char *section
,
2248 unsigned section_line
,
2255 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2256 _cleanup_free_
char *p
= NULL
;
2257 Socket
*s
= ASSERT_PTR(data
);
2265 r
= unit_name_printf(UNIT(s
), rvalue
, &p
);
2267 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2271 if (!endswith(p
, ".service")) {
2272 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Unit must be of type service, ignoring: %s", rvalue
);
2276 r
= manager_load_unit(UNIT(s
)->manager
, p
, NULL
, &error
, &x
);
2278 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to load unit %s, ignoring: %s", rvalue
, bus_error_message(&error
, r
));
2282 unit_ref_set(&s
->service
, UNIT(s
), x
);
2287 int config_parse_fdname(
2289 const char *filename
,
2291 const char *section
,
2292 unsigned section_line
,
2299 _cleanup_free_
char *p
= NULL
;
2300 Socket
*s
= ASSERT_PTR(data
);
2307 if (isempty(rvalue
)) {
2308 s
->fdname
= mfree(s
->fdname
);
2312 r
= unit_fd_printf(UNIT(s
), rvalue
, &p
);
2314 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
2318 if (!fdname_is_valid(p
)) {
2319 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid file descriptor name, ignoring: %s", p
);
2323 return free_and_replace(s
->fdname
, p
);
2326 int config_parse_service_sockets(
2328 const char *filename
,
2330 const char *section
,
2331 unsigned section_line
,
2338 Service
*s
= ASSERT_PTR(data
);
2345 for (const char *p
= rvalue
;;) {
2346 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2348 r
= extract_first_word(&p
, &word
, NULL
, 0);
2352 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Trailing garbage in sockets, ignoring: %s", rvalue
);
2358 r
= unit_name_printf(UNIT(s
), word
, &k
);
2360 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
2364 if (!endswith(k
, ".socket")) {
2365 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Unit must be of type socket, ignoring: %s", k
);
2369 r
= unit_add_two_dependencies_by_name(UNIT(s
), UNIT_WANTS
, UNIT_AFTER
, k
, true, UNIT_DEPENDENCY_FILE
);
2371 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add dependency on %s, ignoring: %m", k
);
2373 r
= unit_add_dependency_by_name(UNIT(s
), UNIT_TRIGGERED_BY
, k
, true, UNIT_DEPENDENCY_FILE
);
2375 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add dependency on %s, ignoring: %m", k
);
2379 int config_parse_bus_name(
2381 const char *filename
,
2383 const char *section
,
2384 unsigned section_line
,
2391 _cleanup_free_
char *k
= NULL
;
2392 const Unit
*u
= ASSERT_PTR(userdata
);
2399 r
= unit_full_printf_full(u
, rvalue
, SD_BUS_MAXIMUM_NAME_LENGTH
, &k
);
2401 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2405 if (!sd_bus_service_name_is_valid(k
)) {
2406 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid bus name, ignoring: %s", k
);
2410 return config_parse_string(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
2413 int config_parse_service_timeout(
2415 const char *filename
,
2417 const char *section
,
2418 unsigned section_line
,
2425 Service
*s
= ASSERT_PTR(userdata
);
2433 /* This is called for two cases: TimeoutSec= and TimeoutStartSec=. */
2435 /* Traditionally, these options accepted 0 to disable the timeouts. However, a timeout of 0 suggests it happens
2436 * immediately, hence fix this to become USEC_INFINITY instead. This is in-line with how we internally handle
2437 * all other timeouts. */
2438 r
= parse_sec_fix_0(rvalue
, &usec
);
2440 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s= parameter, ignoring: %s", lvalue
, rvalue
);
2444 s
->start_timeout_defined
= true;
2445 s
->timeout_start_usec
= usec
;
2447 if (streq(lvalue
, "TimeoutSec"))
2448 s
->timeout_stop_usec
= usec
;
2453 int config_parse_timeout_abort(
2455 const char *filename
,
2457 const char *section
,
2458 unsigned section_line
,
2465 usec_t
*ret
= ASSERT_PTR(data
);
2472 /* Note: apart from setting the arg, this returns an extra bit of information in the return value. */
2474 if (isempty(rvalue
)) {
2476 return 0; /* "not set" */
2479 r
= parse_sec(rvalue
, ret
);
2481 return log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s= setting, ignoring: %s", lvalue
, rvalue
);
2483 return 1; /* "set" */
2486 int config_parse_service_timeout_abort(
2488 const char *filename
,
2490 const char *section
,
2491 unsigned section_line
,
2498 Service
*s
= ASSERT_PTR(userdata
);
2501 r
= config_parse_timeout_abort(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
,
2502 &s
->timeout_abort_usec
, s
);
2504 s
->timeout_abort_set
= r
;
2508 int config_parse_user_group_compat(
2510 const char *filename
,
2512 const char *section
,
2513 unsigned section_line
,
2520 _cleanup_free_
char *k
= NULL
;
2522 const Unit
*u
= ASSERT_PTR(userdata
);
2529 if (isempty(rvalue
)) {
2530 *user
= mfree(*user
);
2534 r
= unit_full_printf(u
, rvalue
, &k
);
2536 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", rvalue
);
2540 if (!valid_user_group_name(k
, VALID_USER_ALLOW_NUMERIC
|VALID_USER_RELAX
|VALID_USER_WARN
)) {
2541 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Invalid user/group name or numeric ID: %s", k
);
2545 if (strstr(lvalue
, "User") && streq(k
, NOBODY_USER_NAME
))
2546 log_struct(LOG_NOTICE
,
2547 "MESSAGE=%s:%u: Special user %s configured, this is not safe!", filename
, line
, k
,
2549 "MESSAGE_ID=" SD_MESSAGE_NOBODY_USER_UNSUITABLE_STR
,
2550 "OFFENDING_USER=%s", k
,
2551 "CONFIG_FILE=%s", filename
,
2552 "CONFIG_LINE=%u", line
);
2554 return free_and_replace(*user
, k
);
2557 int config_parse_user_group_strv_compat(
2559 const char *filename
,
2561 const char *section
,
2562 unsigned section_line
,
2569 char ***users
= data
;
2570 const Unit
*u
= ASSERT_PTR(userdata
);
2577 if (isempty(rvalue
)) {
2578 *users
= strv_free(*users
);
2582 for (const char *p
= rvalue
;;) {
2583 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2585 r
= extract_first_word(&p
, &word
, NULL
, 0);
2589 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Invalid syntax: %s", rvalue
);
2595 r
= unit_full_printf(u
, word
, &k
);
2597 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", word
);
2601 if (!valid_user_group_name(k
, VALID_USER_ALLOW_NUMERIC
|VALID_USER_RELAX
|VALID_USER_WARN
)) {
2602 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Invalid user/group name or numeric ID: %s", k
);
2606 r
= strv_push(users
, k
);
2614 int config_parse_working_directory(
2616 const char *filename
,
2618 const char *section
,
2619 unsigned section_line
,
2626 ExecContext
*c
= ASSERT_PTR(data
);
2627 const Unit
*u
= ASSERT_PTR(userdata
);
2635 if (isempty(rvalue
)) {
2636 c
->working_directory_home
= false;
2637 c
->working_directory
= mfree(c
->working_directory
);
2641 if (rvalue
[0] == '-') {
2647 if (streq(rvalue
, "~")) {
2648 c
->working_directory_home
= true;
2649 c
->working_directory
= mfree(c
->working_directory
);
2651 _cleanup_free_
char *k
= NULL
;
2653 r
= unit_path_printf(u
, rvalue
, &k
);
2655 log_syntax(unit
, missing_ok
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
2656 "Failed to resolve unit specifiers in working directory path '%s'%s: %m",
2657 rvalue
, missing_ok
? ", ignoring" : "");
2658 return missing_ok
? 0 : -ENOEXEC
;
2661 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
| (missing_ok
? 0 : PATH_CHECK_FATAL
), unit
, filename
, line
, lvalue
);
2663 return missing_ok
? 0 : -ENOEXEC
;
2665 c
->working_directory_home
= false;
2666 free_and_replace(c
->working_directory
, k
);
2669 c
->working_directory_missing_ok
= missing_ok
;
2673 int config_parse_unit_env_file(const char *unit
,
2674 const char *filename
,
2676 const char *section
,
2677 unsigned section_line
,
2684 char ***env
= ASSERT_PTR(data
);
2685 const Unit
*u
= userdata
;
2686 _cleanup_free_
char *n
= NULL
;
2693 if (isempty(rvalue
)) {
2694 /* Empty assignment frees the list */
2695 *env
= strv_free(*env
);
2699 r
= unit_full_printf_full(u
, rvalue
, PATH_MAX
, &n
);
2701 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
2705 r
= path_simplify_and_warn(n
[0] == '-' ? n
+ 1 : n
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
2709 r
= strv_push(env
, n
);
2718 int config_parse_environ(
2720 const char *filename
,
2722 const char *section
,
2723 unsigned section_line
,
2730 const Unit
*u
= userdata
;
2731 char ***env
= ASSERT_PTR(data
);
2738 if (isempty(rvalue
)) {
2739 /* Empty assignment resets the list */
2740 *env
= strv_free(*env
);
2744 for (const char *p
= rvalue
;; ) {
2745 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
;
2747 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_CUNESCAPE
|EXTRACT_UNQUOTE
);
2751 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2752 "Invalid syntax, ignoring: %s", rvalue
);
2759 r
= unit_env_printf(u
, word
, &resolved
);
2761 r
= specifier_printf(word
, sc_arg_max(), system_and_tmp_specifier_table
, NULL
, NULL
, &resolved
);
2763 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2764 "Failed to resolve specifiers in %s, ignoring: %m", word
);
2768 if (!env_assignment_is_valid(resolved
)) {
2769 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2770 "Invalid environment assignment, ignoring: %s", resolved
);
2774 r
= strv_env_replace_consume(env
, TAKE_PTR(resolved
));
2776 return log_error_errno(r
, "Failed to update environment: %m");
2780 int config_parse_pass_environ(
2782 const char *filename
,
2784 const char *section
,
2785 unsigned section_line
,
2792 _cleanup_strv_free_
char **n
= NULL
;
2793 const Unit
*u
= userdata
;
2794 char*** passenv
= ASSERT_PTR(data
);
2802 if (isempty(rvalue
)) {
2803 /* Empty assignment resets the list */
2804 *passenv
= strv_free(*passenv
);
2808 for (const char *p
= rvalue
;;) {
2809 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2811 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
2815 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2816 "Trailing garbage in %s, ignoring: %s", lvalue
, rvalue
);
2823 r
= unit_env_printf(u
, word
, &k
);
2825 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2826 "Failed to resolve specifiers in %s, ignoring: %m", word
);
2832 if (!env_name_is_valid(k
)) {
2833 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2834 "Invalid environment name for %s, ignoring: %s", lvalue
, k
);
2838 if (!GREEDY_REALLOC(n
, nlen
+ 2))
2841 n
[nlen
++] = TAKE_PTR(k
);
2846 r
= strv_extend_strv(passenv
, n
, true);
2854 int config_parse_unset_environ(
2856 const char *filename
,
2858 const char *section
,
2859 unsigned section_line
,
2866 _cleanup_strv_free_
char **n
= NULL
;
2867 char*** unsetenv
= ASSERT_PTR(data
);
2868 const Unit
*u
= userdata
;
2876 if (isempty(rvalue
)) {
2877 /* Empty assignment resets the list */
2878 *unsetenv
= strv_free(*unsetenv
);
2882 for (const char *p
= rvalue
;;) {
2883 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2885 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_CUNESCAPE
|EXTRACT_UNQUOTE
);
2889 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2890 "Trailing garbage in %s, ignoring: %s", lvalue
, rvalue
);
2897 r
= unit_env_printf(u
, word
, &k
);
2899 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2900 "Failed to resolve unit specifiers in %s, ignoring: %m", word
);
2906 if (!env_assignment_is_valid(k
) && !env_name_is_valid(k
)) {
2907 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2908 "Invalid environment name or assignment %s, ignoring: %s", lvalue
, k
);
2912 if (!GREEDY_REALLOC(n
, nlen
+ 2))
2915 n
[nlen
++] = TAKE_PTR(k
);
2920 r
= strv_extend_strv(unsetenv
, n
, true);
2928 int config_parse_log_extra_fields(
2930 const char *filename
,
2932 const char *section
,
2933 unsigned section_line
,
2940 ExecContext
*c
= ASSERT_PTR(data
);
2941 const Unit
*u
= userdata
;
2948 if (isempty(rvalue
)) {
2949 exec_context_free_log_extra_fields(c
);
2953 for (const char *p
= rvalue
;;) {
2954 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2958 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_CUNESCAPE
|EXTRACT_UNQUOTE
);
2962 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
2968 r
= unit_full_printf(u
, word
, &k
);
2970 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", word
);
2974 eq
= strchr(k
, '=');
2976 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Log field lacks '=' character, ignoring: %s", k
);
2980 if (!journal_field_valid(k
, eq
-k
, false)) {
2981 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Log field name is invalid, ignoring: %s", k
);
2985 t
= reallocarray(c
->log_extra_fields
, c
->n_log_extra_fields
+1, sizeof(struct iovec
));
2989 c
->log_extra_fields
= t
;
2990 c
->log_extra_fields
[c
->n_log_extra_fields
++] = IOVEC_MAKE_STRING(k
);
2996 int config_parse_log_namespace(
2998 const char *filename
,
3000 const char *section
,
3001 unsigned section_line
,
3008 _cleanup_free_
char *k
= NULL
;
3009 ExecContext
*c
= ASSERT_PTR(data
);
3010 const Unit
*u
= userdata
;
3017 if (isempty(rvalue
)) {
3018 c
->log_namespace
= mfree(c
->log_namespace
);
3022 r
= unit_full_printf_full(u
, rvalue
, NAME_MAX
, &k
);
3024 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
3028 if (!log_namespace_name_valid(k
)) {
3029 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Specified log namespace name is not valid, ignoring: %s", k
);
3033 free_and_replace(c
->log_namespace
, k
);
3037 int config_parse_unit_condition_path(
3039 const char *filename
,
3041 const char *section
,
3042 unsigned section_line
,
3049 _cleanup_free_
char *p
= NULL
;
3050 Condition
**list
= ASSERT_PTR(data
), *c
;
3051 ConditionType t
= ltype
;
3052 bool trigger
, negate
;
3053 const Unit
*u
= userdata
;
3060 if (isempty(rvalue
)) {
3061 /* Empty assignment resets the list */
3062 *list
= condition_free_list(*list
);
3066 trigger
= rvalue
[0] == '|';
3070 negate
= rvalue
[0] == '!';
3074 r
= unit_path_printf(u
, rvalue
, &p
);
3076 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
3080 r
= path_simplify_and_warn(p
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
3084 c
= condition_new(t
, p
, trigger
, negate
);
3088 LIST_PREPEND(conditions
, *list
, c
);
3092 int config_parse_unit_condition_string(
3094 const char *filename
,
3096 const char *section
,
3097 unsigned section_line
,
3104 _cleanup_free_
char *s
= NULL
;
3105 Condition
**list
= ASSERT_PTR(data
), *c
;
3106 ConditionType t
= ltype
;
3107 bool trigger
, negate
;
3108 const Unit
*u
= userdata
;
3115 if (isempty(rvalue
)) {
3116 /* Empty assignment resets the list */
3117 *list
= condition_free_list(*list
);
3121 trigger
= *rvalue
== '|';
3123 rvalue
+= 1 + strspn(rvalue
+ 1, WHITESPACE
);
3125 negate
= *rvalue
== '!';
3127 rvalue
+= 1 + strspn(rvalue
+ 1, WHITESPACE
);
3129 r
= unit_full_printf(u
, rvalue
, &s
);
3131 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3132 "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
3136 c
= condition_new(t
, s
, trigger
, negate
);
3140 LIST_PREPEND(conditions
, *list
, c
);
3144 int config_parse_unit_requires_mounts_for(
3146 const char *filename
,
3148 const char *section
,
3149 unsigned section_line
,
3164 for (const char *p
= rvalue
;;) {
3165 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
;
3167 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3171 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3172 "Invalid syntax, ignoring: %s", rvalue
);
3178 r
= unit_path_printf(u
, word
, &resolved
);
3180 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
3184 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
3188 r
= unit_require_mounts_for(u
, resolved
, UNIT_DEPENDENCY_FILE
);
3190 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add required mount '%s', ignoring: %m", resolved
);
3196 int config_parse_documentation(
3198 const char *filename
,
3200 const char *section
,
3201 unsigned section_line
,
3208 Unit
*u
= ASSERT_PTR(userdata
);
3216 if (isempty(rvalue
)) {
3217 /* Empty assignment resets the list */
3218 u
->documentation
= strv_free(u
->documentation
);
3222 r
= config_parse_unit_strv_printf(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
,
3223 rvalue
, data
, userdata
);
3227 for (a
= b
= u
->documentation
; a
&& *a
; a
++) {
3229 if (documentation_url_is_valid(*a
))
3232 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid URL, ignoring: %s", *a
);
3243 int config_parse_syscall_filter(
3245 const char *filename
,
3247 const char *section
,
3248 unsigned section_line
,
3255 ExecContext
*c
= data
;
3256 _unused_
const Unit
*u
= ASSERT_PTR(userdata
);
3257 bool invert
= false;
3264 if (isempty(rvalue
)) {
3265 /* Empty assignment resets the list */
3266 c
->syscall_filter
= hashmap_free(c
->syscall_filter
);
3267 c
->syscall_allow_list
= false;
3271 if (rvalue
[0] == '~') {
3276 if (!c
->syscall_filter
) {
3277 c
->syscall_filter
= hashmap_new(NULL
);
3278 if (!c
->syscall_filter
)
3282 /* Allow everything but the ones listed */
3283 c
->syscall_allow_list
= false;
3285 /* Allow nothing but the ones listed */
3286 c
->syscall_allow_list
= true;
3288 /* Accept default syscalls if we are on an allow_list */
3289 r
= seccomp_parse_syscall_filter(
3290 "@default", -1, c
->syscall_filter
,
3291 SECCOMP_PARSE_PERMISSIVE
|SECCOMP_PARSE_ALLOW_LIST
,
3299 for (const char *p
= rvalue
;;) {
3300 _cleanup_free_
char *word
= NULL
, *name
= NULL
;
3303 r
= extract_first_word(&p
, &word
, NULL
, 0);
3307 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3308 "Invalid syntax, ignoring: %s", rvalue
);
3314 r
= parse_syscall_and_errno(word
, &name
, &num
);
3316 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3317 "Failed to parse syscall:errno, ignoring: %s", word
);
3320 if (!invert
&& num
>= 0) {
3321 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
3322 "Allow-listed system calls cannot take error number, ignoring: %s", word
);
3326 r
= seccomp_parse_syscall_filter(
3327 name
, num
, c
->syscall_filter
,
3328 SECCOMP_PARSE_LOG
|SECCOMP_PARSE_PERMISSIVE
|
3329 (invert
? SECCOMP_PARSE_INVERT
: 0)|
3330 (c
->syscall_allow_list
? SECCOMP_PARSE_ALLOW_LIST
: 0),
3331 unit
, filename
, line
);
3337 int config_parse_syscall_log(
3339 const char *filename
,
3341 const char *section
,
3342 unsigned section_line
,
3349 ExecContext
*c
= data
;
3350 _unused_
const Unit
*u
= ASSERT_PTR(userdata
);
3351 bool invert
= false;
3359 if (isempty(rvalue
)) {
3360 /* Empty assignment resets the list */
3361 c
->syscall_log
= hashmap_free(c
->syscall_log
);
3362 c
->syscall_log_allow_list
= false;
3366 if (rvalue
[0] == '~') {
3371 if (!c
->syscall_log
) {
3372 c
->syscall_log
= hashmap_new(NULL
);
3373 if (!c
->syscall_log
)
3377 /* Log everything but the ones listed */
3378 c
->syscall_log_allow_list
= false;
3380 /* Log nothing but the ones listed */
3381 c
->syscall_log_allow_list
= true;
3386 _cleanup_free_
char *word
= NULL
;
3388 r
= extract_first_word(&p
, &word
, NULL
, 0);
3392 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
3398 r
= seccomp_parse_syscall_filter(
3399 word
, -1, c
->syscall_log
,
3400 SECCOMP_PARSE_LOG
|SECCOMP_PARSE_PERMISSIVE
|
3401 (invert
? SECCOMP_PARSE_INVERT
: 0)|
3402 (c
->syscall_log_allow_list
? SECCOMP_PARSE_ALLOW_LIST
: 0),
3403 unit
, filename
, line
);
3409 int config_parse_syscall_archs(
3411 const char *filename
,
3413 const char *section
,
3414 unsigned section_line
,
3424 if (isempty(rvalue
)) {
3425 *archs
= set_free(*archs
);
3429 for (const char *p
= rvalue
;;) {
3430 _cleanup_free_
char *word
= NULL
;
3433 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3437 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3438 "Invalid syntax, ignoring: %s", rvalue
);
3444 r
= seccomp_arch_from_string(word
, &a
);
3446 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3447 "Failed to parse system call architecture \"%s\", ignoring: %m", word
);
3451 r
= set_ensure_put(archs
, NULL
, UINT32_TO_PTR(a
+ 1));
3457 int config_parse_syscall_errno(
3459 const char *filename
,
3461 const char *section
,
3462 unsigned section_line
,
3469 ExecContext
*c
= data
;
3476 if (isempty(rvalue
) || streq(rvalue
, "kill")) {
3477 /* Empty assignment resets to KILL */
3478 c
->syscall_errno
= SECCOMP_ERROR_NUMBER_KILL
;
3482 e
= parse_errno(rvalue
);
3484 log_syntax(unit
, LOG_WARNING
, filename
, line
, e
, "Failed to parse error number, ignoring: %s", rvalue
);
3488 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid error number, ignoring: %s", rvalue
);
3492 c
->syscall_errno
= e
;
3496 int config_parse_address_families(
3498 const char *filename
,
3500 const char *section
,
3501 unsigned section_line
,
3508 ExecContext
*c
= data
;
3509 bool invert
= false;
3516 if (isempty(rvalue
)) {
3517 /* Empty assignment resets the list */
3518 c
->address_families
= set_free(c
->address_families
);
3519 c
->address_families_allow_list
= false;
3523 if (streq(rvalue
, "none")) {
3524 /* Forbid all address families. */
3525 c
->address_families
= set_free(c
->address_families
);
3526 c
->address_families_allow_list
= true;
3530 if (rvalue
[0] == '~') {
3535 if (!c
->address_families
) {
3536 c
->address_families
= set_new(NULL
);
3537 if (!c
->address_families
)
3540 c
->address_families_allow_list
= !invert
;
3543 for (const char *p
= rvalue
;;) {
3544 _cleanup_free_
char *word
= NULL
;
3547 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3551 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3552 "Invalid syntax, ignoring: %s", rvalue
);
3558 af
= af_from_name(word
);
3560 log_syntax(unit
, LOG_WARNING
, filename
, line
, af
,
3561 "Failed to parse address family, ignoring: %s", word
);
3565 /* If we previously wanted to forbid an address family and now
3566 * we want to allow it, then just remove it from the list.
3568 if (!invert
== c
->address_families_allow_list
) {
3569 r
= set_put(c
->address_families
, INT_TO_PTR(af
));
3573 set_remove(c
->address_families
, INT_TO_PTR(af
));
3577 int config_parse_restrict_namespaces(
3579 const char *filename
,
3581 const char *section
,
3582 unsigned section_line
,
3589 ExecContext
*c
= data
;
3590 unsigned long flags
;
3591 bool invert
= false;
3594 if (isempty(rvalue
)) {
3595 /* Reset to the default. */
3596 c
->restrict_namespaces
= NAMESPACE_FLAGS_INITIAL
;
3600 /* Boolean parameter ignores the previous settings */
3601 r
= parse_boolean(rvalue
);
3603 c
->restrict_namespaces
= 0;
3605 } else if (r
== 0) {
3606 c
->restrict_namespaces
= NAMESPACE_FLAGS_ALL
;
3610 if (rvalue
[0] == '~') {
3615 /* Not a boolean argument, in this case it's a list of namespace types. */
3616 r
= namespace_flags_from_string(rvalue
, &flags
);
3618 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse namespace type string, ignoring: %s", rvalue
);
3622 if (c
->restrict_namespaces
== NAMESPACE_FLAGS_INITIAL
)
3623 /* Initial assignment. Just set the value. */
3624 c
->restrict_namespaces
= invert
? (~flags
) & NAMESPACE_FLAGS_ALL
: flags
;
3626 /* Merge the value with the previous one. */
3627 SET_FLAG(c
->restrict_namespaces
, flags
, !invert
);
3633 int config_parse_restrict_filesystems(
3635 const char *filename
,
3637 const char *section
,
3638 unsigned section_line
,
3644 ExecContext
*c
= ASSERT_PTR(data
);
3645 bool invert
= false;
3652 if (isempty(rvalue
)) {
3653 /* Empty assignment resets the list */
3654 c
->restrict_filesystems
= set_free(c
->restrict_filesystems
);
3655 c
->restrict_filesystems_allow_list
= false;
3659 if (rvalue
[0] == '~') {
3664 if (!c
->restrict_filesystems
) {
3666 /* Allow everything but the ones listed */
3667 c
->restrict_filesystems_allow_list
= false;
3669 /* Allow nothing but the ones listed */
3670 c
->restrict_filesystems_allow_list
= true;
3673 for (const char *p
= rvalue
;;) {
3674 _cleanup_free_
char *word
= NULL
;
3676 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3682 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3683 "Trailing garbage in %s, ignoring: %s", lvalue
, rvalue
);
3687 r
= lsm_bpf_parse_filesystem(
3689 &c
->restrict_filesystems
,
3690 FILESYSTEM_PARSE_LOG
|
3691 (invert
? FILESYSTEM_PARSE_INVERT
: 0)|
3692 (c
->restrict_filesystems_allow_list
? FILESYSTEM_PARSE_ALLOW_LIST
: 0),
3693 unit
, filename
, line
);
3702 int config_parse_unit_slice(
3704 const char *filename
,
3706 const char *section
,
3707 unsigned section_line
,
3714 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
3715 _cleanup_free_
char *k
= NULL
;
3716 Unit
*u
= userdata
, *slice
;
3724 r
= unit_name_printf(u
, rvalue
, &k
);
3726 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
3730 r
= manager_load_unit(u
->manager
, k
, NULL
, &error
, &slice
);
3732 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to load slice unit %s, ignoring: %s", k
, bus_error_message(&error
, r
));
3736 r
= unit_set_slice(u
, slice
);
3738 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to assign slice %s to unit %s, ignoring: %m", slice
->id
, u
->id
);
3745 int config_parse_cpu_quota(
3747 const char *filename
,
3749 const char *section
,
3750 unsigned section_line
,
3757 CGroupContext
*c
= data
;
3764 if (isempty(rvalue
)) {
3765 c
->cpu_quota_per_sec_usec
= USEC_INFINITY
;
3769 r
= parse_permyriad_unbounded(rvalue
);
3771 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid CPU quota '%s', ignoring.", rvalue
);
3775 c
->cpu_quota_per_sec_usec
= ((usec_t
) r
* USEC_PER_SEC
) / 10000U;
3779 int config_parse_allowed_cpuset(
3781 const char *filename
,
3783 const char *section
,
3784 unsigned section_line
,
3793 (void) parse_cpu_set_extend(rvalue
, c
, true, unit
, filename
, line
, lvalue
);
3797 int config_parse_memory_limit(
3799 const char *filename
,
3801 const char *section
,
3802 unsigned section_line
,
3809 CGroupContext
*c
= data
;
3810 uint64_t bytes
= CGROUP_LIMIT_MAX
;
3813 if (isempty(rvalue
) && STR_IN_SET(lvalue
, "DefaultMemoryLow",
3817 bytes
= CGROUP_LIMIT_MIN
;
3818 else if (!isempty(rvalue
) && !streq(rvalue
, "infinity")) {
3820 r
= parse_permyriad(rvalue
);
3822 r
= parse_size(rvalue
, 1024, &bytes
);
3824 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid memory limit '%s', ignoring: %m", rvalue
);
3828 bytes
= physical_memory_scale(r
, 10000U);
3830 if (bytes
>= UINT64_MAX
||
3831 (bytes
<= 0 && !STR_IN_SET(lvalue
, "MemorySwapMax", "MemoryLow", "MemoryMin", "DefaultMemoryLow", "DefaultMemoryMin"))) {
3832 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Memory limit '%s' out of range, ignoring.", rvalue
);
3837 if (streq(lvalue
, "DefaultMemoryLow")) {
3838 c
->default_memory_low
= bytes
;
3839 c
->default_memory_low_set
= true;
3840 } else if (streq(lvalue
, "DefaultMemoryMin")) {
3841 c
->default_memory_min
= bytes
;
3842 c
->default_memory_min_set
= true;
3843 } else if (streq(lvalue
, "MemoryMin")) {
3844 c
->memory_min
= bytes
;
3845 c
->memory_min_set
= true;
3846 } else if (streq(lvalue
, "MemoryLow")) {
3847 c
->memory_low
= bytes
;
3848 c
->memory_low_set
= true;
3849 } else if (streq(lvalue
, "MemoryHigh"))
3850 c
->memory_high
= bytes
;
3851 else if (streq(lvalue
, "MemoryMax"))
3852 c
->memory_max
= bytes
;
3853 else if (streq(lvalue
, "MemorySwapMax"))
3854 c
->memory_swap_max
= bytes
;
3855 else if (streq(lvalue
, "MemoryLimit")) {
3856 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
3857 "Unit uses MemoryLimit=; please use MemoryMax= instead. Support for MemoryLimit= will be removed soon.");
3858 c
->memory_limit
= bytes
;
3865 int config_parse_tasks_max(
3867 const char *filename
,
3869 const char *section
,
3870 unsigned section_line
,
3877 const Unit
*u
= userdata
;
3878 TasksMax
*tasks_max
= data
;
3882 if (isempty(rvalue
)) {
3883 *tasks_max
= u
? u
->manager
->default_tasks_max
: TASKS_MAX_UNSET
;
3887 if (streq(rvalue
, "infinity")) {
3888 *tasks_max
= TASKS_MAX_UNSET
;
3892 r
= parse_permyriad(rvalue
);
3894 *tasks_max
= (TasksMax
) { r
, 10000U }; /* r‱ */
3896 r
= safe_atou64(rvalue
, &v
);
3898 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid maximum tasks value '%s', ignoring: %m", rvalue
);
3902 if (v
<= 0 || v
>= UINT64_MAX
) {
3903 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Maximum tasks value '%s' out of range, ignoring.", rvalue
);
3907 *tasks_max
= (TasksMax
) { v
};
3913 int config_parse_delegate(
3915 const char *filename
,
3917 const char *section
,
3918 unsigned section_line
,
3925 CGroupContext
*c
= data
;
3929 t
= unit_name_to_type(unit
);
3930 assert(t
!= _UNIT_TYPE_INVALID
);
3932 if (!unit_vtable
[t
]->can_delegate
) {
3933 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Delegate= setting not supported for this unit type, ignoring.");
3937 /* We either accept a boolean value, which may be used to turn on delegation for all controllers, or turn it
3938 * off for all. Or it takes a list of controller names, in which case we add the specified controllers to the
3939 * mask to delegate. */
3941 if (isempty(rvalue
)) {
3942 /* An empty string resets controllers and set Delegate=yes. */
3944 c
->delegate_controllers
= 0;
3948 r
= parse_boolean(rvalue
);
3950 CGroupMask mask
= 0;
3952 for (const char *p
= rvalue
;;) {
3953 _cleanup_free_
char *word
= NULL
;
3954 CGroupController cc
;
3956 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3960 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
3966 cc
= cgroup_controller_from_string(word
);
3968 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid controller name '%s', ignoring", word
);
3972 mask
|= CGROUP_CONTROLLER_TO_MASK(cc
);
3976 c
->delegate_controllers
|= mask
;
3980 c
->delegate_controllers
= _CGROUP_MASK_ALL
;
3982 c
->delegate
= false;
3983 c
->delegate_controllers
= 0;
3989 int config_parse_managed_oom_mode(
3991 const char *filename
,
3993 const char *section
,
3994 unsigned section_line
,
4001 ManagedOOMMode
*mode
= data
, m
;
4004 t
= unit_name_to_type(unit
);
4005 assert(t
!= _UNIT_TYPE_INVALID
);
4007 if (!unit_vtable
[t
]->can_set_managed_oom
)
4008 return log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "%s= is not supported for this unit type, ignoring.", lvalue
);
4010 if (isempty(rvalue
)) {
4011 *mode
= MANAGED_OOM_AUTO
;
4015 m
= managed_oom_mode_from_string(rvalue
);
4017 log_syntax(unit
, LOG_WARNING
, filename
, line
, m
, "Invalid syntax, ignoring: %s", rvalue
);
4025 int config_parse_managed_oom_mem_pressure_limit(
4027 const char *filename
,
4029 const char *section
,
4030 unsigned section_line
,
4037 uint32_t *limit
= data
;
4041 t
= unit_name_to_type(unit
);
4042 assert(t
!= _UNIT_TYPE_INVALID
);
4044 if (!unit_vtable
[t
]->can_set_managed_oom
)
4045 return log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "%s= is not supported for this unit type, ignoring.", lvalue
);
4047 if (isempty(rvalue
)) {
4052 r
= parse_permyriad(rvalue
);
4054 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse memory pressure limit value, ignoring: %s", rvalue
);
4058 /* Normalize to 2^32-1 == 100% */
4059 *limit
= UINT32_SCALE_FROM_PERMYRIAD(r
);
4063 int config_parse_device_allow(
4065 const char *filename
,
4067 const char *section
,
4068 unsigned section_line
,
4075 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4076 CGroupContext
*c
= data
;
4077 const char *p
= rvalue
;
4080 if (isempty(rvalue
)) {
4081 while (c
->device_allow
)
4082 cgroup_context_free_device_allow(c
, c
->device_allow
);
4087 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4091 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4092 "Failed to extract device path and rights from '%s', ignoring.", rvalue
);
4096 r
= unit_path_printf(userdata
, path
, &resolved
);
4098 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4099 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4103 if (!STARTSWITH_SET(resolved
, "block-", "char-")) {
4105 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4109 if (!valid_device_node_path(resolved
)) {
4110 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid device node path '%s', ignoring.", resolved
);
4115 if (!isempty(p
) && !in_charset(p
, "rwm")) {
4116 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid device rights '%s', ignoring.", p
);
4120 return cgroup_add_device_allow(c
, resolved
, p
);
4123 int config_parse_io_device_weight(
4125 const char *filename
,
4127 const char *section
,
4128 unsigned section_line
,
4135 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4136 CGroupIODeviceWeight
*w
;
4137 CGroupContext
*c
= data
;
4138 const char *p
= ASSERT_PTR(rvalue
);
4145 if (isempty(rvalue
)) {
4146 while (c
->io_device_weights
)
4147 cgroup_context_free_io_device_weight(c
, c
->io_device_weights
);
4152 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4156 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4157 "Failed to extract device path and weight from '%s', ignoring.", rvalue
);
4160 if (r
== 0 || isempty(p
)) {
4161 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4162 "Invalid device path or weight specified in '%s', ignoring.", rvalue
);
4166 r
= unit_path_printf(userdata
, path
, &resolved
);
4168 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4169 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4173 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4177 r
= cg_weight_parse(p
, &u
);
4179 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "IO weight '%s' invalid, ignoring: %m", p
);
4183 assert(u
!= CGROUP_WEIGHT_INVALID
);
4185 w
= new0(CGroupIODeviceWeight
, 1);
4189 w
->path
= TAKE_PTR(resolved
);
4192 LIST_PREPEND(device_weights
, c
->io_device_weights
, w
);
4196 int config_parse_io_device_latency(
4198 const char *filename
,
4200 const char *section
,
4201 unsigned section_line
,
4208 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4209 CGroupIODeviceLatency
*l
;
4210 CGroupContext
*c
= data
;
4211 const char *p
= ASSERT_PTR(rvalue
);
4218 if (isempty(rvalue
)) {
4219 while (c
->io_device_latencies
)
4220 cgroup_context_free_io_device_latency(c
, c
->io_device_latencies
);
4225 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4229 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4230 "Failed to extract device path and latency from '%s', ignoring.", rvalue
);
4233 if (r
== 0 || isempty(p
)) {
4234 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4235 "Invalid device path or latency specified in '%s', ignoring.", rvalue
);
4239 r
= unit_path_printf(userdata
, path
, &resolved
);
4241 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4242 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4246 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4250 r
= parse_sec(p
, &usec
);
4252 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse timer value, ignoring: %s", p
);
4256 l
= new0(CGroupIODeviceLatency
, 1);
4260 l
->path
= TAKE_PTR(resolved
);
4261 l
->target_usec
= usec
;
4263 LIST_PREPEND(device_latencies
, c
->io_device_latencies
, l
);
4267 int config_parse_io_limit(
4269 const char *filename
,
4271 const char *section
,
4272 unsigned section_line
,
4279 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4280 CGroupIODeviceLimit
*l
= NULL
;
4281 CGroupContext
*c
= data
;
4282 CGroupIOLimitType type
;
4283 const char *p
= ASSERT_PTR(rvalue
);
4290 type
= cgroup_io_limit_type_from_string(lvalue
);
4293 if (isempty(rvalue
)) {
4294 LIST_FOREACH(device_limits
, t
, c
->io_device_limits
)
4295 t
->limits
[type
] = cgroup_io_limit_defaults
[type
];
4299 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4303 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4304 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue
);
4307 if (r
== 0 || isempty(p
)) {
4308 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4309 "Invalid device node or bandwidth specified in '%s', ignoring.", rvalue
);
4313 r
= unit_path_printf(userdata
, path
, &resolved
);
4315 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4316 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4320 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4324 if (streq("infinity", p
))
4325 num
= CGROUP_LIMIT_MAX
;
4327 r
= parse_size(p
, 1000, &num
);
4328 if (r
< 0 || num
<= 0) {
4329 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid IO limit '%s', ignoring.", p
);
4334 LIST_FOREACH(device_limits
, t
, c
->io_device_limits
)
4335 if (path_equal(resolved
, t
->path
)) {
4341 CGroupIOLimitType ttype
;
4343 l
= new0(CGroupIODeviceLimit
, 1);
4347 l
->path
= TAKE_PTR(resolved
);
4348 for (ttype
= 0; ttype
< _CGROUP_IO_LIMIT_TYPE_MAX
; ttype
++)
4349 l
->limits
[ttype
] = cgroup_io_limit_defaults
[ttype
];
4351 LIST_PREPEND(device_limits
, c
->io_device_limits
, l
);
4354 l
->limits
[type
] = num
;
4359 int config_parse_blockio_device_weight(
4361 const char *filename
,
4363 const char *section
,
4364 unsigned section_line
,
4371 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4372 CGroupBlockIODeviceWeight
*w
;
4373 CGroupContext
*c
= data
;
4374 const char *p
= ASSERT_PTR(rvalue
);
4381 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4382 "Unit uses %s=; please use IO*= settings instead. Support for %s= will be removed soon.",
4385 if (isempty(rvalue
)) {
4386 while (c
->blockio_device_weights
)
4387 cgroup_context_free_blockio_device_weight(c
, c
->blockio_device_weights
);
4392 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4396 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4397 "Failed to extract device node and weight from '%s', ignoring.", rvalue
);
4400 if (r
== 0 || isempty(p
)) {
4401 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4402 "Invalid device node or weight specified in '%s', ignoring.", rvalue
);
4406 r
= unit_path_printf(userdata
, path
, &resolved
);
4408 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4409 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4413 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4417 r
= cg_blkio_weight_parse(p
, &u
);
4419 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid block IO weight '%s', ignoring: %m", p
);
4423 assert(u
!= CGROUP_BLKIO_WEIGHT_INVALID
);
4425 w
= new0(CGroupBlockIODeviceWeight
, 1);
4429 w
->path
= TAKE_PTR(resolved
);
4432 LIST_PREPEND(device_weights
, c
->blockio_device_weights
, w
);
4436 int config_parse_blockio_bandwidth(
4438 const char *filename
,
4440 const char *section
,
4441 unsigned section_line
,
4448 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4449 CGroupBlockIODeviceBandwidth
*b
= NULL
;
4450 CGroupContext
*c
= data
;
4451 const char *p
= ASSERT_PTR(rvalue
);
4459 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4460 "Unit uses %s=; please use IO*= settings instead. Support for %s= will be removed soon.",
4463 read
= streq("BlockIOReadBandwidth", lvalue
);
4465 if (isempty(rvalue
)) {
4466 LIST_FOREACH(device_bandwidths
, t
, c
->blockio_device_bandwidths
) {
4467 t
->rbps
= CGROUP_LIMIT_MAX
;
4468 t
->wbps
= CGROUP_LIMIT_MAX
;
4473 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4477 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4478 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue
);
4481 if (r
== 0 || isempty(p
)) {
4482 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4483 "Invalid device node or bandwidth specified in '%s', ignoring.", rvalue
);
4487 r
= unit_path_printf(userdata
, path
, &resolved
);
4489 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4490 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4494 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4498 r
= parse_size(p
, 1000, &bytes
);
4499 if (r
< 0 || bytes
<= 0) {
4500 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid Block IO Bandwidth '%s', ignoring.", p
);
4504 LIST_FOREACH(device_bandwidths
, t
, c
->blockio_device_bandwidths
)
4505 if (path_equal(resolved
, t
->path
)) {
4511 b
= new0(CGroupBlockIODeviceBandwidth
, 1);
4515 b
->path
= TAKE_PTR(resolved
);
4516 b
->rbps
= CGROUP_LIMIT_MAX
;
4517 b
->wbps
= CGROUP_LIMIT_MAX
;
4519 LIST_PREPEND(device_bandwidths
, c
->blockio_device_bandwidths
, b
);
4530 int config_parse_job_mode_isolate(
4532 const char *filename
,
4534 const char *section
,
4535 unsigned section_line
,
4549 r
= parse_boolean(rvalue
);
4551 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse boolean, ignoring: %s", rvalue
);
4555 log_notice("%s is deprecated. Please use OnFailureJobMode= instead", lvalue
);
4557 *m
= r
? JOB_ISOLATE
: JOB_REPLACE
;
4561 int config_parse_exec_directories(
4563 const char *filename
,
4565 const char *section
,
4566 unsigned section_line
,
4573 ExecDirectory
*ed
= ASSERT_PTR(data
);
4574 const Unit
*u
= userdata
;
4581 if (isempty(rvalue
)) {
4582 /* Empty assignment resets the list */
4583 exec_directory_done(ed
);
4587 for (const char *p
= rvalue
;;) {
4588 _cleanup_free_
char *tuple
= NULL
;
4590 r
= extract_first_word(&p
, &tuple
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_RETAIN_ESCAPE
);
4594 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4595 "Invalid syntax %s=%s, ignoring: %m", lvalue
, rvalue
);
4601 _cleanup_free_
char *src
= NULL
, *dest
= NULL
;
4602 const char *q
= tuple
;
4603 r
= extract_many_words(&q
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
, &src
, &dest
, NULL
);
4607 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
?: SYNTHETIC_ERRNO(EINVAL
),
4608 "Invalid syntax in %s=, ignoring: %s", lvalue
, tuple
);
4612 _cleanup_free_
char *sresolved
= NULL
;
4613 r
= unit_path_printf(u
, src
, &sresolved
);
4615 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4616 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", src
);
4620 r
= path_simplify_and_warn(sresolved
, PATH_CHECK_RELATIVE
, unit
, filename
, line
, lvalue
);
4624 if (path_startswith(sresolved
, "private")) {
4625 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4626 "%s= path can't be 'private', ignoring assignment: %s", lvalue
, tuple
);
4630 /* For State and Runtime directories we support an optional destination parameter, which
4631 * will be used to create a symlink to the source. */
4632 _cleanup_strv_free_
char **symlinks
= NULL
;
4633 if (!isempty(dest
)) {
4634 _cleanup_free_
char *dresolved
= NULL
;
4636 if (streq(lvalue
, "ConfigurationDirectory")) {
4637 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4638 "Destination parameter is not supported for ConfigurationDirectory, ignoring: %s", tuple
);
4642 r
= unit_path_printf(u
, dest
, &dresolved
);
4644 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4645 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", dest
);
4649 r
= path_simplify_and_warn(dresolved
, PATH_CHECK_RELATIVE
, unit
, filename
, line
, lvalue
);
4653 r
= strv_consume(&symlinks
, TAKE_PTR(dresolved
));
4658 r
= exec_directory_add(&ed
->items
, &ed
->n_items
, sresolved
, symlinks
);
4664 int config_parse_set_credential(
4666 const char *filename
,
4668 const char *section
,
4669 unsigned section_line
,
4676 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
4677 _cleanup_free_
void *d
= NULL
;
4678 ExecContext
*context
= ASSERT_PTR(data
);
4679 ExecSetCredential
*old
;
4681 bool encrypted
= ltype
;
4682 const char *p
= ASSERT_PTR(rvalue
);
4689 if (isempty(rvalue
)) {
4690 /* Empty assignment resets the list */
4691 context
->set_credentials
= hashmap_free(context
->set_credentials
);
4695 r
= extract_first_word(&p
, &word
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
4699 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract credential name, ignoring: %s", rvalue
);
4702 if (r
== 0 || isempty(p
)) {
4703 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid syntax, ignoring: %s", rvalue
);
4707 r
= unit_cred_printf(u
, word
, &k
);
4709 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word
);
4712 if (!credential_name_valid(k
)) {
4713 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Credential name \"%s\" not valid, ignoring.", k
);
4718 r
= unbase64mem_full(p
, SIZE_MAX
, true, &d
, &size
);
4720 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Encrypted credential data not valid Base64 data, ignoring.");
4727 /* We support escape codes here, so that users can insert trailing \n if they like */
4728 l
= cunescape(p
, UNESCAPE_ACCEPT_NUL
, &unescaped
);
4730 log_syntax(unit
, LOG_WARNING
, filename
, line
, l
, "Can't unescape \"%s\", ignoring: %m", p
);
4738 old
= hashmap_get(context
->set_credentials
, k
);
4740 free_and_replace(old
->data
, d
);
4742 old
->encrypted
= encrypted
;
4744 _cleanup_(exec_set_credential_freep
) ExecSetCredential
*sc
= NULL
;
4746 sc
= new(ExecSetCredential
, 1);
4750 *sc
= (ExecSetCredential
) {
4752 .data
= TAKE_PTR(d
),
4754 .encrypted
= encrypted
,
4757 r
= hashmap_ensure_put(&context
->set_credentials
, &exec_set_credential_hash_ops
, sc
->id
, sc
);
4761 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4762 "Duplicated credential value '%s', ignoring assignment: %s", sc
->id
, rvalue
);
4772 int config_parse_load_credential(
4774 const char *filename
,
4776 const char *section
,
4777 unsigned section_line
,
4784 _cleanup_free_
char *word
= NULL
, *k
= NULL
, *q
= NULL
;
4785 ExecContext
*context
= ASSERT_PTR(data
);
4786 ExecLoadCredential
*old
;
4787 bool encrypted
= ltype
;
4796 if (isempty(rvalue
)) {
4797 /* Empty assignment resets the list */
4798 context
->load_credentials
= hashmap_free(context
->load_credentials
);
4803 r
= extract_first_word(&p
, &word
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
4807 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
4811 r
= unit_cred_printf(u
, word
, &k
);
4813 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word
);
4816 if (!credential_name_valid(k
)) {
4817 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Credential name \"%s\" not valid, ignoring.", k
);
4822 /* If only one field is specified take it as shortcut for inheriting a credential named
4823 * the same way from our parent */
4828 r
= unit_path_printf(u
, p
, &q
);
4830 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", p
);
4833 if (path_is_absolute(q
) ? !path_is_normalized(q
) : !credential_name_valid(q
)) {
4834 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Credential source \"%s\" not valid, ignoring.", q
);
4839 old
= hashmap_get(context
->load_credentials
, k
);
4841 free_and_replace(old
->path
, q
);
4842 old
->encrypted
= encrypted
;
4844 _cleanup_(exec_load_credential_freep
) ExecLoadCredential
*lc
= NULL
;
4846 lc
= new(ExecLoadCredential
, 1);
4850 *lc
= (ExecLoadCredential
) {
4852 .path
= TAKE_PTR(q
),
4853 .encrypted
= encrypted
,
4856 r
= hashmap_ensure_put(&context
->load_credentials
, &exec_load_credential_hash_ops
, lc
->id
, lc
);
4860 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4861 "Duplicated credential value '%s', ignoring assignment: %s", lc
->id
, rvalue
);
4871 int config_parse_set_status(
4873 const char *filename
,
4875 const char *section
,
4876 unsigned section_line
,
4883 ExitStatusSet
*status_set
= ASSERT_PTR(data
);
4890 /* Empty assignment resets the list */
4891 if (isempty(rvalue
)) {
4892 exit_status_set_free(status_set
);
4896 for (const char *p
= rvalue
;;) {
4897 _cleanup_free_
char *word
= NULL
;
4900 r
= extract_first_word(&p
, &word
, NULL
, 0);
4904 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4905 "Failed to parse %s=%s, ignoring: %m", lvalue
, rvalue
);
4911 /* We need to call exit_status_from_string() first, because we want
4912 * to parse numbers as exit statuses, not signals. */
4914 r
= exit_status_from_string(word
);
4916 assert(r
>= 0 && r
< 256);
4917 bitmap
= &status_set
->status
;
4919 r
= signal_from_string(word
);
4921 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4922 "Failed to parse value, ignoring: %s", word
);
4925 bitmap
= &status_set
->signal
;
4928 r
= bitmap_set(bitmap
, r
);
4930 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4931 "Failed to set signal or status %s, ignoring: %m", word
);
4935 int config_parse_namespace_path_strv(
4937 const char *filename
,
4939 const char *section
,
4940 unsigned section_line
,
4947 const Unit
*u
= userdata
;
4948 char*** sv
= ASSERT_PTR(data
);
4955 if (isempty(rvalue
)) {
4956 /* Empty assignment resets the list */
4957 *sv
= strv_free(*sv
);
4961 for (const char *p
= rvalue
;;) {
4962 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
, *joined
= NULL
;
4964 bool ignore_enoent
= false, shall_prefix
= false;
4966 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
4970 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract first word, ignoring: %s", rvalue
);
4977 if (startswith(w
, "-")) {
4978 ignore_enoent
= true;
4981 if (startswith(w
, "+")) {
4982 shall_prefix
= true;
4986 r
= unit_path_printf(u
, w
, &resolved
);
4988 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", w
);
4992 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
4996 joined
= strjoin(ignore_enoent
? "-" : "",
4997 shall_prefix
? "+" : "",
5000 r
= strv_push(sv
, joined
);
5010 int config_parse_temporary_filesystems(
5012 const char *filename
,
5014 const char *section
,
5015 unsigned section_line
,
5022 const Unit
*u
= userdata
;
5023 ExecContext
*c
= ASSERT_PTR(data
);
5030 if (isempty(rvalue
)) {
5031 /* Empty assignment resets the list */
5032 temporary_filesystem_free_many(c
->temporary_filesystems
, c
->n_temporary_filesystems
);
5033 c
->temporary_filesystems
= NULL
;
5034 c
->n_temporary_filesystems
= 0;
5038 for (const char *p
= rvalue
;;) {
5039 _cleanup_free_
char *word
= NULL
, *path
= NULL
, *resolved
= NULL
;
5042 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
5046 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract first word, ignoring: %s", rvalue
);
5053 r
= extract_first_word(&w
, &path
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
5057 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract first word, ignoring: %s", word
);
5061 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid syntax, ignoring: %s", word
);
5065 r
= unit_path_printf(u
, path
, &resolved
);
5067 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", path
);
5071 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5075 r
= temporary_filesystem_add(&c
->temporary_filesystems
, &c
->n_temporary_filesystems
, resolved
, w
);
5081 int config_parse_bind_paths(
5083 const char *filename
,
5085 const char *section
,
5086 unsigned section_line
,
5093 ExecContext
*c
= ASSERT_PTR(data
);
5094 const Unit
*u
= userdata
;
5101 if (isempty(rvalue
)) {
5102 /* Empty assignment resets the list */
5103 bind_mount_free_many(c
->bind_mounts
, c
->n_bind_mounts
);
5104 c
->bind_mounts
= NULL
;
5105 c
->n_bind_mounts
= 0;
5109 for (const char *p
= rvalue
;;) {
5110 _cleanup_free_
char *source
= NULL
, *destination
= NULL
;
5111 _cleanup_free_
char *sresolved
= NULL
, *dresolved
= NULL
;
5112 char *s
= NULL
, *d
= NULL
;
5113 bool rbind
= true, ignore_enoent
= false;
5115 r
= extract_first_word(&p
, &source
, ":" WHITESPACE
, EXTRACT_UNQUOTE
|EXTRACT_DONT_COALESCE_SEPARATORS
);
5119 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s, ignoring: %s", lvalue
, rvalue
);
5125 r
= unit_full_printf_full(u
, source
, PATH_MAX
, &sresolved
);
5127 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5128 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", source
);
5134 ignore_enoent
= true;
5138 r
= path_simplify_and_warn(s
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5142 /* Optionally, the destination is specified. */
5143 if (p
&& p
[-1] == ':') {
5144 r
= extract_first_word(&p
, &destination
, ":" WHITESPACE
, EXTRACT_UNQUOTE
|EXTRACT_DONT_COALESCE_SEPARATORS
);
5148 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s, ignoring: %s", lvalue
, rvalue
);
5152 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Missing argument after ':', ignoring: %s", s
);
5156 r
= unit_path_printf(u
, destination
, &dresolved
);
5158 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5159 "Failed to resolve specifiers in \"%s\", ignoring: %m", destination
);
5163 r
= path_simplify_and_warn(dresolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5169 /* Optionally, there's also a short option string specified */
5170 if (p
&& p
[-1] == ':') {
5171 _cleanup_free_
char *options
= NULL
;
5173 r
= extract_first_word(&p
, &options
, NULL
, EXTRACT_UNQUOTE
);
5177 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s=, ignoring: %s", lvalue
, rvalue
);
5181 if (isempty(options
) || streq(options
, "rbind"))
5183 else if (streq(options
, "norbind"))
5186 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid option string, ignoring setting: %s", options
);
5193 r
= bind_mount_add(&c
->bind_mounts
, &c
->n_bind_mounts
,
5197 .read_only
= !!strstr(lvalue
, "ReadOnly"),
5199 .ignore_enoent
= ignore_enoent
,
5208 int config_parse_mount_images(
5210 const char *filename
,
5212 const char *section
,
5213 unsigned section_line
,
5220 ExecContext
*c
= ASSERT_PTR(data
);
5221 const Unit
*u
= userdata
;
5228 if (isempty(rvalue
)) {
5229 /* Empty assignment resets the list */
5230 c
->mount_images
= mount_image_free_many(c
->mount_images
, &c
->n_mount_images
);
5234 for (const char *p
= rvalue
;;) {
5235 _cleanup_(mount_options_free_allp
) MountOptions
*options
= NULL
;
5236 _cleanup_free_
char *first
= NULL
, *second
= NULL
, *tuple
= NULL
;
5237 _cleanup_free_
char *sresolved
= NULL
, *dresolved
= NULL
;
5238 const char *q
= NULL
;
5240 bool permissive
= false;
5242 r
= extract_first_word(&p
, &tuple
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_RETAIN_ESCAPE
);
5246 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5247 "Invalid syntax %s=%s, ignoring: %m", lvalue
, rvalue
);
5254 r
= extract_many_words(&q
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
, &first
, &second
, NULL
);
5258 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5259 "Invalid syntax in %s=, ignoring: %s", lvalue
, tuple
);
5271 r
= unit_path_printf(u
, s
, &sresolved
);
5273 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5274 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", s
);
5278 r
= path_simplify_and_warn(sresolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5282 if (isempty(second
)) {
5283 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Missing destination in %s, ignoring: %s", lvalue
, rvalue
);
5287 r
= unit_path_printf(u
, second
, &dresolved
);
5289 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5290 "Failed to resolve specifiers in \"%s\", ignoring: %m", second
);
5294 r
= path_simplify_and_warn(dresolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5299 _cleanup_free_
char *partition
= NULL
, *mount_options
= NULL
, *mount_options_resolved
= NULL
;
5300 MountOptions
*o
= NULL
;
5301 PartitionDesignator partition_designator
;
5303 r
= extract_many_words(&q
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
, &partition
, &mount_options
, NULL
);
5307 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", q
);
5312 /* Single set of options, applying to the root partition/single filesystem */
5314 r
= unit_full_printf(u
, partition
, &mount_options_resolved
);
5316 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", first
);
5320 o
= new(MountOptions
, 1);
5323 *o
= (MountOptions
) {
5324 .partition_designator
= PARTITION_ROOT
,
5325 .options
= TAKE_PTR(mount_options_resolved
),
5327 LIST_APPEND(mount_options
, options
, o
);
5332 partition_designator
= partition_designator_from_string(partition
);
5333 if (partition_designator
< 0) {
5334 log_syntax(unit
, LOG_WARNING
, filename
, line
, partition_designator
,
5335 "Invalid partition name %s, ignoring", partition
);
5338 r
= unit_full_printf(u
, mount_options
, &mount_options_resolved
);
5340 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options
);
5344 o
= new(MountOptions
, 1);
5347 *o
= (MountOptions
) {
5348 .partition_designator
= partition_designator
,
5349 .options
= TAKE_PTR(mount_options_resolved
),
5351 LIST_APPEND(mount_options
, options
, o
);
5354 r
= mount_image_add(&c
->mount_images
, &c
->n_mount_images
,
5356 .source
= sresolved
,
5357 .destination
= dresolved
,
5358 .mount_options
= options
,
5359 .ignore_enoent
= permissive
,
5360 .type
= MOUNT_IMAGE_DISCRETE
,
5367 int config_parse_extension_images(
5369 const char *filename
,
5371 const char *section
,
5372 unsigned section_line
,
5379 ExecContext
*c
= ASSERT_PTR(data
);
5380 const Unit
*u
= userdata
;
5387 if (isempty(rvalue
)) {
5388 /* Empty assignment resets the list */
5389 c
->extension_images
= mount_image_free_many(c
->extension_images
, &c
->n_extension_images
);
5393 for (const char *p
= rvalue
;;) {
5394 _cleanup_free_
char *source
= NULL
, *tuple
= NULL
, *sresolved
= NULL
;
5395 _cleanup_(mount_options_free_allp
) MountOptions
*options
= NULL
;
5396 bool permissive
= false;
5397 const char *q
= NULL
;
5400 r
= extract_first_word(&p
, &tuple
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_RETAIN_ESCAPE
);
5404 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5405 "Invalid syntax %s=%s, ignoring: %m", lvalue
, rvalue
);
5412 r
= extract_first_word(&q
, &source
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
);
5416 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5417 "Invalid syntax in %s=, ignoring: %s", lvalue
, tuple
);
5429 r
= unit_path_printf(u
, s
, &sresolved
);
5431 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5432 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", s
);
5436 r
= path_simplify_and_warn(sresolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5441 _cleanup_free_
char *partition
= NULL
, *mount_options
= NULL
, *mount_options_resolved
= NULL
;
5442 MountOptions
*o
= NULL
;
5443 PartitionDesignator partition_designator
;
5445 r
= extract_many_words(&q
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
, &partition
, &mount_options
, NULL
);
5449 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", q
);
5454 /* Single set of options, applying to the root partition/single filesystem */
5456 r
= unit_full_printf(u
, partition
, &mount_options_resolved
);
5458 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", partition
);
5462 o
= new(MountOptions
, 1);
5465 *o
= (MountOptions
) {
5466 .partition_designator
= PARTITION_ROOT
,
5467 .options
= TAKE_PTR(mount_options_resolved
),
5469 LIST_APPEND(mount_options
, options
, o
);
5474 partition_designator
= partition_designator_from_string(partition
);
5475 if (partition_designator
< 0) {
5476 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid partition name %s, ignoring", partition
);
5479 r
= unit_full_printf(u
, mount_options
, &mount_options_resolved
);
5481 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options
);
5485 o
= new(MountOptions
, 1);
5488 *o
= (MountOptions
) {
5489 .partition_designator
= partition_designator
,
5490 .options
= TAKE_PTR(mount_options_resolved
),
5492 LIST_APPEND(mount_options
, options
, o
);
5495 r
= mount_image_add(&c
->extension_images
, &c
->n_extension_images
,
5497 .source
= sresolved
,
5498 .mount_options
= options
,
5499 .ignore_enoent
= permissive
,
5500 .type
= MOUNT_IMAGE_EXTENSION
,
5507 int config_parse_job_timeout_sec(
5509 const char *filename
,
5511 const char *section
,
5512 unsigned section_line
,
5519 Unit
*u
= ASSERT_PTR(data
);
5527 r
= parse_sec_fix_0(rvalue
, &usec
);
5529 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse JobTimeoutSec= parameter, ignoring: %s", rvalue
);
5533 /* If the user explicitly changed JobTimeoutSec= also change JobRunningTimeoutSec=, for compatibility with old
5534 * versions. If JobRunningTimeoutSec= was explicitly set, avoid this however as whatever the user picked should
5537 if (!u
->job_running_timeout_set
)
5538 u
->job_running_timeout
= usec
;
5540 u
->job_timeout
= usec
;
5545 int config_parse_job_running_timeout_sec(
5547 const char *filename
,
5549 const char *section
,
5550 unsigned section_line
,
5557 Unit
*u
= ASSERT_PTR(data
);
5565 r
= parse_sec_fix_0(rvalue
, &usec
);
5567 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse JobRunningTimeoutSec= parameter, ignoring: %s", rvalue
);
5571 u
->job_running_timeout
= usec
;
5572 u
->job_running_timeout_set
= true;
5577 int config_parse_emergency_action(
5579 const char *filename
,
5581 const char *section
,
5582 unsigned section_line
,
5590 EmergencyAction
*x
= ASSERT_PTR(data
);
5598 m
= ((Unit
*) userdata
)->manager
;
5602 r
= parse_emergency_action(rvalue
, MANAGER_IS_SYSTEM(m
), x
);
5604 if (r
== -EOPNOTSUPP
&& MANAGER_IS_USER(m
)) {
5605 /* Compat mode: remove for systemd 241. */
5607 log_syntax(unit
, LOG_INFO
, filename
, line
, r
,
5608 "%s= in user mode specified as \"%s\", using \"exit-force\" instead.",
5610 *x
= EMERGENCY_ACTION_EXIT_FORCE
;
5614 if (r
== -EOPNOTSUPP
)
5615 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5616 "%s= specified as %s mode action, ignoring: %s",
5617 lvalue
, MANAGER_IS_SYSTEM(m
) ? "user" : "system", rvalue
);
5619 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5620 "Failed to parse %s=, ignoring: %s", lvalue
, rvalue
);
5627 int config_parse_pid_file(
5629 const char *filename
,
5631 const char *section
,
5632 unsigned section_line
,
5639 _cleanup_free_
char *k
= NULL
, *n
= NULL
;
5640 const Unit
*u
= ASSERT_PTR(userdata
);
5648 if (isempty(rvalue
)) {
5649 /* An empty assignment removes already set value. */
5654 r
= unit_path_printf(u
, rvalue
, &k
);
5656 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
5660 /* If this is a relative path make it absolute by prefixing the /run */
5661 n
= path_make_absolute(k
, u
->manager
->prefix
[EXEC_DIRECTORY_RUNTIME
]);
5665 /* Check that the result is a sensible path */
5666 r
= path_simplify_and_warn(n
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5670 r
= patch_var_run(unit
, filename
, line
, lvalue
, &n
);
5674 free_and_replace(*s
, n
);
5678 int config_parse_exit_status(
5680 const char *filename
,
5682 const char *section
,
5683 unsigned section_line
,
5690 int *exit_status
= data
, r
;
5696 assert(exit_status
);
5698 if (isempty(rvalue
)) {
5703 r
= safe_atou8(rvalue
, &u
);
5705 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse exit status '%s', ignoring: %m", rvalue
);
5713 int config_parse_disable_controllers(
5715 const char *filename
,
5717 const char *section
,
5718 unsigned section_line
,
5726 CGroupContext
*c
= data
;
5727 CGroupMask disabled_mask
;
5729 /* 1. If empty, make all controllers eligible for use again.
5730 * 2. If non-empty, merge all listed controllers, space separated. */
5732 if (isempty(rvalue
)) {
5733 c
->disable_controllers
= 0;
5737 r
= cg_mask_from_string(rvalue
, &disabled_mask
);
5738 if (r
< 0 || disabled_mask
<= 0) {
5739 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid cgroup string: %s, ignoring", rvalue
);
5743 c
->disable_controllers
|= disabled_mask
;
5748 int config_parse_ip_filter_bpf_progs(
5750 const char *filename
,
5752 const char *section
,
5753 unsigned section_line
,
5760 _cleanup_free_
char *resolved
= NULL
;
5761 const Unit
*u
= userdata
;
5762 char ***paths
= ASSERT_PTR(data
);
5769 if (isempty(rvalue
)) {
5770 *paths
= strv_free(*paths
);
5774 r
= unit_path_printf(u
, rvalue
, &resolved
);
5776 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
5780 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5784 if (strv_contains(*paths
, resolved
))
5787 r
= strv_extend(paths
, resolved
);
5791 r
= bpf_firewall_supported();
5794 if (r
!= BPF_FIREWALL_SUPPORTED_WITH_MULTI
) {
5795 static bool warned
= false;
5797 log_full(warned
? LOG_DEBUG
: LOG_WARNING
,
5798 "File %s:%u configures an IP firewall with BPF programs (%s=%s), but the local system does not support BPF/cgroup based firewalling with multiple filters.\n"
5799 "Starting this unit will fail! (This warning is only shown for the first loaded unit using IP firewalling.)", filename
, line
, lvalue
, rvalue
);
5807 int config_parse_bpf_foreign_program(
5809 const char *filename
,
5811 const char *section
,
5812 unsigned section_line
,
5818 _cleanup_free_
char *resolved
= NULL
, *word
= NULL
;
5819 CGroupContext
*c
= data
;
5820 const char *p
= ASSERT_PTR(rvalue
);
5827 if (isempty(rvalue
)) {
5828 while (c
->bpf_foreign_programs
)
5829 cgroup_context_remove_bpf_foreign_program(c
, c
->bpf_foreign_programs
);
5834 r
= extract_first_word(&p
, &word
, ":", 0);
5838 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse foreign BPF program, ignoring: %s", rvalue
);
5841 if (r
== 0 || isempty(p
)) {
5842 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid syntax in %s=, ignoring: %s", lvalue
, rvalue
);
5846 attach_type
= bpf_cgroup_attach_type_from_string(word
);
5847 if (attach_type
< 0) {
5848 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Unknown BPF attach type=%s, ignoring: %s", word
, rvalue
);
5852 r
= unit_path_printf(u
, p
, &resolved
);
5854 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %s", p
, rvalue
);
5858 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5862 r
= cgroup_add_bpf_foreign_program(c
, attach_type
, resolved
);
5864 return log_error_errno(r
, "Failed to add foreign BPF program to cgroup context: %m");
5869 int config_parse_cgroup_socket_bind(
5871 const char *filename
,
5873 const char *section
,
5874 unsigned section_line
,
5880 _cleanup_free_ CGroupSocketBindItem
*item
= NULL
;
5881 CGroupSocketBindItem
**head
= data
;
5882 uint16_t nr_ports
, port_min
;
5883 int af
, ip_protocol
, r
;
5885 if (isempty(rvalue
)) {
5886 cgroup_context_remove_socket_bind(head
);
5890 r
= parse_socket_bind_item(rvalue
, &af
, &ip_protocol
, &nr_ports
, &port_min
);
5894 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5895 "Unable to parse %s= assignment, ignoring: %s", lvalue
, rvalue
);
5899 item
= new(CGroupSocketBindItem
, 1);
5902 *item
= (CGroupSocketBindItem
) {
5903 .address_family
= af
,
5904 .ip_protocol
= ip_protocol
,
5905 .nr_ports
= nr_ports
,
5906 .port_min
= port_min
,
5909 LIST_PREPEND(socket_bind_items
, *head
, TAKE_PTR(item
));
5914 int config_parse_restrict_network_interfaces(
5916 const char *filename
,
5918 const char *section
,
5919 unsigned section_line
,
5925 CGroupContext
*c
= ASSERT_PTR(data
);
5926 bool is_allow_rule
= true;
5933 if (isempty(rvalue
)) {
5934 /* Empty assignment resets the list */
5935 c
->restrict_network_interfaces
= set_free(c
->restrict_network_interfaces
);
5939 if (rvalue
[0] == '~') {
5940 is_allow_rule
= false;
5944 if (set_isempty(c
->restrict_network_interfaces
))
5945 /* Only initialize this when creating the set */
5946 c
->restrict_network_interfaces_is_allow_list
= is_allow_rule
;
5948 for (const char *p
= rvalue
;;) {
5949 _cleanup_free_
char *word
= NULL
;
5951 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
5957 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5958 "Trailing garbage in %s, ignoring: %s", lvalue
, rvalue
);
5962 if (!ifname_valid(word
)) {
5963 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid interface name, ignoring: %s", word
);
5967 if (c
->restrict_network_interfaces_is_allow_list
!= is_allow_rule
)
5968 free(set_remove(c
->restrict_network_interfaces
, word
));
5970 r
= set_put_strdup(&c
->restrict_network_interfaces
, word
);
5979 static int merge_by_names(Unit
**u
, Set
*names
, const char *id
) {
5986 /* Let's try to add in all names that are aliases of this unit */
5987 while ((k
= set_steal_first(names
))) {
5988 _cleanup_free_ _unused_
char *free_k
= k
;
5990 /* First try to merge in the other name into our unit */
5991 r
= unit_merge_by_name(*u
, k
);
5995 /* Hmm, we couldn't merge the other unit into ours? Then let's try it the other way
5998 other
= manager_get_unit((*u
)->manager
, k
);
6000 return r
; /* return previous failure */
6002 r
= unit_merge(other
, *u
);
6007 return merge_by_names(u
, names
, NULL
);
6010 if (streq_ptr(id
, k
))
6011 unit_choose_id(*u
, id
);
6017 int unit_load_fragment(Unit
*u
) {
6018 const char *fragment
;
6019 _cleanup_set_free_free_ Set
*names
= NULL
;
6023 assert(u
->load_state
== UNIT_STUB
);
6027 u
->access_selinux_context
= mfree(u
->access_selinux_context
);
6028 u
->load_state
= UNIT_LOADED
;
6032 /* Possibly rebuild the fragment map to catch new units */
6033 r
= unit_file_build_name_map(&u
->manager
->lookup_paths
,
6034 &u
->manager
->unit_cache_timestamp_hash
,
6035 &u
->manager
->unit_id_map
,
6036 &u
->manager
->unit_name_map
,
6037 &u
->manager
->unit_path_cache
);
6039 return log_error_errno(r
, "Failed to rebuild name map: %m");
6041 r
= unit_file_find_fragment(u
->manager
->unit_id_map
,
6042 u
->manager
->unit_name_map
,
6046 if (r
< 0 && r
!= -ENOENT
)
6050 /* Open the file, check if this is a mask, otherwise read. */
6051 _cleanup_fclose_
FILE *f
= NULL
;
6054 /* Try to open the file name. A symlink is OK, for example for linked files or masks. We
6055 * expect that all symlinks within the lookup paths have been already resolved, but we don't
6056 * verify this here. */
6057 f
= fopen(fragment
, "re");
6059 return log_unit_notice_errno(u
, errno
, "Failed to open %s: %m", fragment
);
6061 if (fstat(fileno(f
), &st
) < 0)
6064 r
= free_and_strdup(&u
->fragment_path
, fragment
);
6068 if (null_or_empty(&st
)) {
6069 /* Unit file is masked */
6071 u
->load_state
= u
->perpetual
? UNIT_LOADED
: UNIT_MASKED
; /* don't allow perpetual units to ever be masked */
6072 u
->fragment_mtime
= 0;
6073 u
->access_selinux_context
= mfree(u
->access_selinux_context
);
6076 if (mac_selinux_use()) {
6077 _cleanup_freecon_
char *selcon
= NULL
;
6079 /* Cache the SELinux context of the unit file here. We'll make use of when checking access permissions to loaded units */
6080 r
= fgetfilecon_raw(fileno(f
), &selcon
);
6082 log_unit_warning_errno(u
, r
, "Failed to read SELinux context of '%s', ignoring: %m", fragment
);
6084 r
= free_and_strdup(&u
->access_selinux_context
, selcon
);
6089 u
->access_selinux_context
= mfree(u
->access_selinux_context
);
6091 u
->load_state
= UNIT_LOADED
;
6092 u
->fragment_mtime
= timespec_load(&st
.st_mtim
);
6094 /* Now, parse the file contents */
6095 r
= config_parse(u
->id
, fragment
, f
,
6096 UNIT_VTABLE(u
)->sections
,
6097 config_item_perf_lookup
, load_fragment_gperf_lookup
,
6102 log_unit_notice_errno(u
, r
, "Unit configuration has fatal error, unit will not be started.");
6108 /* Call merge_by_names with the name derived from the fragment path as the preferred name.
6110 * We do the merge dance here because for some unit types, the unit might have aliases which are not
6111 * declared in the file system. In particular, this is true (and frequent) for device and swap units.
6113 const char *id
= u
->id
;
6114 _cleanup_free_
char *free_id
= NULL
;
6117 id
= basename(fragment
);
6118 if (unit_name_is_valid(id
, UNIT_NAME_TEMPLATE
)) {
6119 assert(u
->instance
); /* If we're not trying to use a template for non-instanced unit,
6120 * this must be set. */
6122 r
= unit_name_replace_instance(id
, u
->instance
, &free_id
);
6124 return log_debug_errno(r
, "Failed to build id (%s + %s): %m", id
, u
->instance
);
6130 r
= merge_by_names(&merged
, names
, id
);
6135 u
->load_state
= UNIT_MERGED
;
6140 void unit_dump_config_items(FILE *f
) {
6141 static const struct {
6142 const ConfigParserCallback callback
;
6145 { config_parse_warn_compat
, "NOTSUPPORTED" },
6146 { config_parse_int
, "INTEGER" },
6147 { config_parse_unsigned
, "UNSIGNED" },
6148 { config_parse_iec_size
, "SIZE" },
6149 { config_parse_iec_uint64
, "SIZE" },
6150 { config_parse_si_uint64
, "SIZE" },
6151 { config_parse_bool
, "BOOLEAN" },
6152 { config_parse_string
, "STRING" },
6153 { config_parse_path
, "PATH" },
6154 { config_parse_unit_path_printf
, "PATH" },
6155 { config_parse_colon_separated_paths
, "PATH" },
6156 { config_parse_strv
, "STRING [...]" },
6157 { config_parse_exec_nice
, "NICE" },
6158 { config_parse_exec_oom_score_adjust
, "OOMSCOREADJUST" },
6159 { config_parse_exec_io_class
, "IOCLASS" },
6160 { config_parse_exec_io_priority
, "IOPRIORITY" },
6161 { config_parse_exec_cpu_sched_policy
, "CPUSCHEDPOLICY" },
6162 { config_parse_exec_cpu_sched_prio
, "CPUSCHEDPRIO" },
6163 { config_parse_exec_cpu_affinity
, "CPUAFFINITY" },
6164 { config_parse_mode
, "MODE" },
6165 { config_parse_unit_env_file
, "FILE" },
6166 { config_parse_exec_output
, "OUTPUT" },
6167 { config_parse_exec_input
, "INPUT" },
6168 { config_parse_log_facility
, "FACILITY" },
6169 { config_parse_log_level
, "LEVEL" },
6170 { config_parse_exec_secure_bits
, "SECUREBITS" },
6171 { config_parse_capability_set
, "BOUNDINGSET" },
6172 { config_parse_rlimit
, "LIMIT" },
6173 { config_parse_unit_deps
, "UNIT [...]" },
6174 { config_parse_exec
, "PATH [ARGUMENT [...]]" },
6175 { config_parse_service_type
, "SERVICETYPE" },
6176 { config_parse_service_exit_type
, "SERVICEEXITTYPE" },
6177 { config_parse_service_restart
, "SERVICERESTART" },
6178 { config_parse_service_timeout_failure_mode
, "TIMEOUTMODE" },
6179 { config_parse_kill_mode
, "KILLMODE" },
6180 { config_parse_signal
, "SIGNAL" },
6181 { config_parse_socket_listen
, "SOCKET [...]" },
6182 { config_parse_socket_bind
, "SOCKETBIND" },
6183 { config_parse_socket_bindtodevice
, "NETWORKINTERFACE" },
6184 { config_parse_sec
, "SECONDS" },
6185 { config_parse_nsec
, "NANOSECONDS" },
6186 { config_parse_namespace_path_strv
, "PATH [...]" },
6187 { config_parse_bind_paths
, "PATH[:PATH[:OPTIONS]] [...]" },
6188 { config_parse_unit_requires_mounts_for
, "PATH [...]" },
6189 { config_parse_exec_mount_flags
, "MOUNTFLAG [...]" },
6190 { config_parse_unit_string_printf
, "STRING" },
6191 { config_parse_trigger_unit
, "UNIT" },
6192 { config_parse_timer
, "TIMER" },
6193 { config_parse_path_spec
, "PATH" },
6194 { config_parse_notify_access
, "ACCESS" },
6195 { config_parse_ip_tos
, "TOS" },
6196 { config_parse_unit_condition_path
, "CONDITION" },
6197 { config_parse_unit_condition_string
, "CONDITION" },
6198 { config_parse_unit_slice
, "SLICE" },
6199 { config_parse_documentation
, "URL" },
6200 { config_parse_service_timeout
, "SECONDS" },
6201 { config_parse_emergency_action
, "ACTION" },
6202 { config_parse_set_status
, "STATUS" },
6203 { config_parse_service_sockets
, "SOCKETS" },
6204 { config_parse_environ
, "ENVIRON" },
6206 { config_parse_syscall_filter
, "SYSCALLS" },
6207 { config_parse_syscall_archs
, "ARCHS" },
6208 { config_parse_syscall_errno
, "ERRNO" },
6209 { config_parse_syscall_log
, "SYSCALLS" },
6210 { config_parse_address_families
, "FAMILIES" },
6211 { config_parse_restrict_namespaces
, "NAMESPACES" },
6213 { config_parse_restrict_filesystems
, "FILESYSTEMS" },
6214 { config_parse_cpu_shares
, "SHARES" },
6215 { config_parse_cg_weight
, "WEIGHT" },
6216 { config_parse_cg_cpu_weight
, "CPUWEIGHT" },
6217 { config_parse_memory_limit
, "LIMIT" },
6218 { config_parse_device_allow
, "DEVICE" },
6219 { config_parse_device_policy
, "POLICY" },
6220 { config_parse_io_limit
, "LIMIT" },
6221 { config_parse_io_device_weight
, "DEVICEWEIGHT" },
6222 { config_parse_io_device_latency
, "DEVICELATENCY" },
6223 { config_parse_blockio_bandwidth
, "BANDWIDTH" },
6224 { config_parse_blockio_weight
, "WEIGHT" },
6225 { config_parse_blockio_device_weight
, "DEVICEWEIGHT" },
6226 { config_parse_long
, "LONG" },
6227 { config_parse_socket_service
, "SERVICE" },
6229 { config_parse_exec_selinux_context
, "LABEL" },
6231 { config_parse_job_mode
, "MODE" },
6232 { config_parse_job_mode_isolate
, "BOOLEAN" },
6233 { config_parse_personality
, "PERSONALITY" },
6236 const char *prev
= NULL
;
6241 NULSTR_FOREACH(i
, load_fragment_gperf_nulstr
) {
6242 const char *rvalue
= "OTHER", *lvalue
;
6243 const ConfigPerfItem
*p
;
6246 assert_se(p
= load_fragment_gperf_lookup(i
, strlen(i
)));
6248 /* Hide legacy settings */
6249 if (p
->parse
== config_parse_warn_compat
&&
6250 p
->ltype
== DISABLED_LEGACY
)
6253 for (size_t j
= 0; j
< ELEMENTSOF(table
); j
++)
6254 if (p
->parse
== table
[j
].callback
) {
6255 rvalue
= table
[j
].rvalue
;
6259 dot
= strchr(i
, '.');
6260 lvalue
= dot
? dot
+ 1 : i
;
6263 size_t prefix_len
= dot
- i
;
6265 if (!prev
|| !strneq(prev
, i
, prefix_len
+1)) {
6269 fprintf(f
, "[%.*s]\n", (int) prefix_len
, i
);
6273 fprintf(f
, "%s=%s\n", lvalue
, rvalue
);
6278 int config_parse_cpu_affinity2(
6280 const char *filename
,
6282 const char *section
,
6283 unsigned section_line
,
6290 CPUSet
*affinity
= ASSERT_PTR(data
);
6292 (void) parse_cpu_set_extend(rvalue
, affinity
, true, unit
, filename
, line
, lvalue
);
6297 int config_parse_show_status(
6299 const char *filename
,
6301 const char *section
,
6302 unsigned section_line
,
6310 ShowStatus
*b
= ASSERT_PTR(data
);
6316 k
= parse_show_status(rvalue
, b
);
6318 log_syntax(unit
, LOG_WARNING
, filename
, line
, k
, "Failed to parse show status setting, ignoring: %s", rvalue
);
6323 int config_parse_output_restricted(
6325 const char *filename
,
6327 const char *section
,
6328 unsigned section_line
,
6335 ExecOutput t
, *eo
= ASSERT_PTR(data
);
6336 bool obsolete
= false;
6342 if (streq(rvalue
, "syslog")) {
6343 t
= EXEC_OUTPUT_JOURNAL
;
6345 } else if (streq(rvalue
, "syslog+console")) {
6346 t
= EXEC_OUTPUT_JOURNAL_AND_CONSOLE
;
6349 t
= exec_output_from_string(rvalue
);
6351 log_syntax(unit
, LOG_WARNING
, filename
, line
, t
, "Failed to parse output type, ignoring: %s", rvalue
);
6355 if (IN_SET(t
, EXEC_OUTPUT_SOCKET
, EXEC_OUTPUT_NAMED_FD
, EXEC_OUTPUT_FILE
, EXEC_OUTPUT_FILE_APPEND
, EXEC_OUTPUT_FILE_TRUNCATE
)) {
6356 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Standard output types socket, fd:, file:, append:, truncate: are not supported as defaults, ignoring: %s", rvalue
);
6362 log_syntax(unit
, LOG_NOTICE
, filename
, line
, 0,
6363 "Standard output type %s is obsolete, automatically updating to %s. Please update your configuration.",
6364 rvalue
, exec_output_to_string(t
));
6370 int config_parse_crash_chvt(
6372 const char *filename
,
6374 const char *section
,
6375 unsigned section_line
,
6389 r
= parse_crash_chvt(rvalue
, data
);
6391 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse CrashChangeVT= setting, ignoring: %s", rvalue
);
6396 int config_parse_swap_priority(
6398 const char *filename
,
6400 const char *section
,
6401 unsigned section_line
,
6408 Swap
*s
= ASSERT_PTR(userdata
);
6416 if (isempty(rvalue
)) {
6417 s
->parameters_fragment
.priority
= -1;
6418 s
->parameters_fragment
.priority_set
= false;
6422 r
= safe_atoi(rvalue
, &priority
);
6424 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid swap priority '%s', ignoring.", rvalue
);
6428 if (priority
< -1) {
6429 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Sorry, swap priorities smaller than -1 may only be assigned by the kernel itself, ignoring: %s", rvalue
);
6433 if (priority
> 32767) {
6434 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Swap priority out of range, ignoring: %s", rvalue
);
6438 s
->parameters_fragment
.priority
= priority
;
6439 s
->parameters_fragment
.priority_set
= true;
6443 int config_parse_watchdog_sec(
6445 const char *filename
,
6447 const char *section
,
6448 unsigned section_line
,
6455 usec_t
*usec
= data
;
6461 /* This is called for {Runtime,Reboot,KExec}WatchdogSec= where "default" maps to
6462 * USEC_INFINITY internally. */
6464 if (streq(rvalue
, "default"))
6465 *usec
= USEC_INFINITY
;
6466 else if (streq(rvalue
, "off"))
6469 return config_parse_sec(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, data
, userdata
);
6474 int config_parse_tty_size(
6476 const char *filename
,
6478 const char *section
,
6479 unsigned section_line
,
6486 unsigned *sz
= data
;
6492 if (isempty(rvalue
)) {
6497 return config_parse_unsigned(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, data
, userdata
);