1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 Copyright © 2012 Holger Hans Peter Freyther
14 #include <sys/resource.h>
16 #include "sd-messages.h"
19 #include "alloc-util.h"
20 #include "all-units.h"
21 #include "bpf-firewall.h"
22 #include "bus-error.h"
23 #include "bus-internal.h"
26 #include "capability-util.h"
27 #include "cgroup-setup.h"
28 #include "conf-parser.h"
29 #include "core-varlink.h"
30 #include "cpu-set-util.h"
32 #include "errno-list.h"
37 #include "hexdecoct.h"
40 #include "ip-protocol-list.h"
41 #include "journal-file.h"
42 #include "limits-util.h"
43 #include "load-fragment.h"
45 #include "mountpoint-util.h"
46 #include "nulstr-util.h"
47 #include "parse-util.h"
48 #include "path-util.h"
49 #include "percent-util.h"
50 #include "process-util.h"
52 #include "seccomp-util.h"
54 #include "securebits-util.h"
55 #include "signal-util.h"
56 #include "socket-netlink.h"
57 #include "stat-util.h"
58 #include "string-util.h"
60 #include "syslog-util.h"
61 #include "time-util.h"
62 #include "unit-name.h"
63 #include "unit-printf.h"
64 #include "user-util.h"
68 static int parse_socket_protocol(const char *s
) {
71 r
= parse_ip_protocol(s
);
74 if (!IN_SET(r
, IPPROTO_UDPLITE
, IPPROTO_SCTP
))
75 return -EPROTONOSUPPORT
;
80 int parse_crash_chvt(const char *value
, int *data
) {
83 if (safe_atoi(value
, data
) >= 0)
86 b
= parse_boolean(value
);
91 *data
= 0; /* switch to where kmsg goes */
93 *data
= -1; /* turn off switching */
98 int parse_confirm_spawn(const char *value
, char **console
) {
102 r
= value
? parse_boolean(value
) : 1;
106 } else if (r
> 0) /* on with default tty */
107 s
= strdup("/dev/console");
108 else if (is_path(value
)) /* on with fully qualified path */
110 else /* on with only a tty file name, not a fully qualified path */
111 s
= path_join("/dev/", value
);
119 DEFINE_CONFIG_PARSE(config_parse_socket_protocol
, parse_socket_protocol
, "Failed to parse socket protocol");
120 DEFINE_CONFIG_PARSE(config_parse_exec_secure_bits
, secure_bits_from_string
, "Failed to parse secure bits");
121 DEFINE_CONFIG_PARSE_ENUM(config_parse_collect_mode
, collect_mode
, CollectMode
, "Failed to parse garbage collection mode");
122 DEFINE_CONFIG_PARSE_ENUM(config_parse_device_policy
, cgroup_device_policy
, CGroupDevicePolicy
, "Failed to parse device policy");
123 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_keyring_mode
, exec_keyring_mode
, ExecKeyringMode
, "Failed to parse keyring mode");
124 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_proc
, protect_proc
, ProtectProc
, "Failed to parse /proc/ protection mode");
125 DEFINE_CONFIG_PARSE_ENUM(config_parse_proc_subset
, proc_subset
, ProcSubset
, "Failed to parse /proc/ subset mode");
126 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_utmp_mode
, exec_utmp_mode
, ExecUtmpMode
, "Failed to parse utmp mode");
127 DEFINE_CONFIG_PARSE_ENUM(config_parse_job_mode
, job_mode
, JobMode
, "Failed to parse job mode");
128 DEFINE_CONFIG_PARSE_ENUM(config_parse_notify_access
, notify_access
, NotifyAccess
, "Failed to parse notify access specifier");
129 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_home
, protect_home
, ProtectHome
, "Failed to parse protect home value");
130 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_system
, protect_system
, ProtectSystem
, "Failed to parse protect system value");
131 DEFINE_CONFIG_PARSE_ENUM(config_parse_runtime_preserve_mode
, exec_preserve_mode
, ExecPreserveMode
, "Failed to parse runtime directory preserve mode");
132 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_type
, service_type
, ServiceType
, "Failed to parse service type");
133 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_exit_type
, service_exit_type
, ServiceExitType
, "Failed to parse service exit type");
134 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_restart
, service_restart
, ServiceRestart
, "Failed to parse service restart specifier");
135 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_timeout_failure_mode
, service_timeout_failure_mode
, ServiceTimeoutFailureMode
, "Failed to parse timeout failure mode");
136 DEFINE_CONFIG_PARSE_ENUM(config_parse_socket_bind
, socket_address_bind_ipv6_only_or_bool
, SocketAddressBindIPv6Only
, "Failed to parse bind IPv6 only value");
137 DEFINE_CONFIG_PARSE_ENUM(config_parse_oom_policy
, oom_policy
, OOMPolicy
, "Failed to parse OOM policy");
138 DEFINE_CONFIG_PARSE_ENUM(config_parse_managed_oom_preference
, managed_oom_preference
, ManagedOOMPreference
, "Failed to parse ManagedOOMPreference=");
139 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_ip_tos
, ip_tos
, int, -1, "Failed to parse IP TOS value");
140 DEFINE_CONFIG_PARSE_PTR(config_parse_blockio_weight
, cg_blkio_weight_parse
, uint64_t, "Invalid block IO weight");
141 DEFINE_CONFIG_PARSE_PTR(config_parse_cg_weight
, cg_weight_parse
, uint64_t, "Invalid weight");
142 DEFINE_CONFIG_PARSE_PTR(config_parse_cpu_shares
, cg_cpu_shares_parse
, uint64_t, "Invalid CPU shares");
143 DEFINE_CONFIG_PARSE_PTR(config_parse_exec_mount_flags
, mount_propagation_flags_from_string
, unsigned long, "Failed to parse mount flag");
144 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_numa_policy
, mpol
, int, -1, "Invalid NUMA policy type");
145 DEFINE_CONFIG_PARSE_ENUM(config_parse_status_unit_format
, status_unit_format
, StatusUnitFormat
, "Failed to parse status unit format");
146 DEFINE_CONFIG_PARSE_ENUM_FULL(config_parse_socket_timestamping
, socket_timestamping_from_string_harder
, SocketTimestamping
, "Failed to parse timestamping precision");
148 int config_parse_unit_deps(
150 const char *filename
,
153 unsigned section_line
,
160 UnitDependency d
= ltype
;
167 for (const char *p
= rvalue
;;) {
168 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
171 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_RETAIN_ESCAPE
);
177 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
181 r
= unit_name_printf(u
, word
, &k
);
183 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
187 r
= unit_add_dependency_by_name(u
, d
, k
, true, UNIT_DEPENDENCY_FILE
);
189 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add dependency on %s, ignoring: %m", k
);
193 int config_parse_obsolete_unit_deps(
195 const char *filename
,
198 unsigned section_line
,
205 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
206 "Unit dependency type %s= is obsolete, replacing by %s=, please update your unit file", lvalue
, unit_dependency_to_string(ltype
));
208 return config_parse_unit_deps(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, data
, userdata
);
211 int config_parse_unit_string_printf(
213 const char *filename
,
216 unsigned section_line
,
223 _cleanup_free_
char *k
= NULL
;
224 const Unit
*u
= userdata
;
232 r
= unit_full_printf(u
, rvalue
, &k
);
234 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
238 return config_parse_string(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
241 int config_parse_unit_strv_printf(
243 const char *filename
,
246 unsigned section_line
,
253 const Unit
*u
= userdata
;
254 _cleanup_free_
char *k
= NULL
;
262 r
= unit_full_printf(u
, rvalue
, &k
);
264 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
268 return config_parse_strv(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
271 int config_parse_unit_path_printf(
273 const char *filename
,
276 unsigned section_line
,
283 _cleanup_free_
char *k
= NULL
;
284 const Unit
*u
= userdata
;
293 /* Let's not bother with anything that is too long */
294 if (strlen(rvalue
) >= PATH_MAX
) {
295 log_syntax(unit
, fatal
? LOG_ERR
: LOG_WARNING
, filename
, line
, 0,
296 "%s value too long%s.",
297 lvalue
, fatal
? "" : ", ignoring");
298 return fatal
? -ENAMETOOLONG
: 0;
301 r
= unit_full_printf(u
, rvalue
, &k
);
303 log_syntax(unit
, fatal
? LOG_ERR
: LOG_WARNING
, filename
, line
, r
,
304 "Failed to resolve unit specifiers in '%s'%s: %m",
305 rvalue
, fatal
? "" : ", ignoring");
306 return fatal
? -ENOEXEC
: 0;
309 return config_parse_path(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
312 int config_parse_unit_path_strv_printf(
314 const char *filename
,
317 unsigned section_line
,
325 const Unit
*u
= userdata
;
333 if (isempty(rvalue
)) {
338 for (const char *p
= rvalue
;;) {
339 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
341 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
347 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
348 "Invalid syntax, ignoring: %s", rvalue
);
352 r
= unit_full_printf(u
, word
, &k
);
354 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
355 "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
359 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
363 r
= strv_consume(x
, TAKE_PTR(k
));
369 static int patch_var_run(
371 const char *filename
,
379 e
= path_startswith(*path
, "/var/run/");
383 z
= path_join("/run/", e
);
387 log_syntax(unit
, LOG_NOTICE
, filename
, line
, 0,
388 "%s= references a path below legacy directory /var/run/, updating %s → %s; "
389 "please update the unit file accordingly.", lvalue
, *path
, z
);
391 free_and_replace(*path
, z
);
396 int config_parse_socket_listen(
398 const char *filename
,
401 unsigned section_line
,
408 _cleanup_free_ SocketPort
*p
= NULL
;
420 if (isempty(rvalue
)) {
421 /* An empty assignment removes all ports */
422 socket_free_ports(s
);
426 p
= new0(SocketPort
, 1);
430 if (ltype
!= SOCKET_SOCKET
) {
431 _cleanup_free_
char *k
= NULL
;
433 r
= unit_full_printf(UNIT(s
), rvalue
, &k
);
435 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
439 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
443 if (ltype
== SOCKET_FIFO
) {
444 r
= patch_var_run(unit
, filename
, line
, lvalue
, &k
);
449 free_and_replace(p
->path
, k
);
452 } else if (streq(lvalue
, "ListenNetlink")) {
453 _cleanup_free_
char *k
= NULL
;
455 r
= unit_full_printf(UNIT(s
), rvalue
, &k
);
457 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
461 r
= socket_address_parse_netlink(&p
->address
, k
);
463 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse address value in '%s', ignoring: %m", k
);
467 p
->type
= SOCKET_SOCKET
;
470 _cleanup_free_
char *k
= NULL
;
472 r
= unit_full_printf(UNIT(s
), rvalue
, &k
);
474 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
478 if (k
[0] == '/') { /* Only for AF_UNIX file system sockets… */
479 r
= patch_var_run(unit
, filename
, line
, lvalue
, &k
);
484 r
= socket_address_parse_and_warn(&p
->address
, k
);
486 if (r
!= -EAFNOSUPPORT
)
487 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse address value in '%s', ignoring: %m", k
);
491 if (streq(lvalue
, "ListenStream"))
492 p
->address
.type
= SOCK_STREAM
;
493 else if (streq(lvalue
, "ListenDatagram"))
494 p
->address
.type
= SOCK_DGRAM
;
496 assert(streq(lvalue
, "ListenSequentialPacket"));
497 p
->address
.type
= SOCK_SEQPACKET
;
500 if (socket_address_family(&p
->address
) != AF_LOCAL
&& p
->address
.type
== SOCK_SEQPACKET
) {
501 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Address family not supported, ignoring: %s", rvalue
);
505 p
->type
= SOCKET_SOCKET
;
509 p
->auxiliary_fds
= NULL
;
510 p
->n_auxiliary_fds
= 0;
513 LIST_FIND_TAIL(port
, s
->ports
, tail
);
514 LIST_INSERT_AFTER(port
, s
->ports
, tail
, p
);
521 int config_parse_exec_nice(
523 const char *filename
,
526 unsigned section_line
,
533 ExecContext
*c
= data
;
541 if (isempty(rvalue
)) {
546 r
= parse_nice(rvalue
, &priority
);
549 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Nice priority out of range, ignoring: %s", rvalue
);
551 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse nice priority '%s', ignoring: %m", rvalue
);
561 int config_parse_exec_oom_score_adjust(
563 const char *filename
,
566 unsigned section_line
,
573 ExecContext
*c
= data
;
581 if (isempty(rvalue
)) {
582 c
->oom_score_adjust_set
= false;
586 r
= parse_oom_score_adjust(rvalue
, &oa
);
589 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "OOM score adjust value out of range, ignoring: %s", rvalue
);
591 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse the OOM score adjust value '%s', ignoring: %m", rvalue
);
595 c
->oom_score_adjust
= oa
;
596 c
->oom_score_adjust_set
= true;
601 int config_parse_exec_coredump_filter(
603 const char *filename
,
606 unsigned section_line
,
613 ExecContext
*c
= data
;
621 if (isempty(rvalue
)) {
622 c
->coredump_filter
= 0;
623 c
->coredump_filter_set
= false;
628 r
= coredump_filter_mask_from_string(rvalue
, &f
);
630 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
631 "Failed to parse the CoredumpFilter=%s, ignoring: %m", rvalue
);
635 c
->coredump_filter
|= f
;
636 c
->oom_score_adjust_set
= true;
640 int config_parse_kill_mode(
642 const char *filename
,
645 unsigned section_line
,
652 KillMode
*k
= data
, m
;
659 if (isempty(rvalue
)) {
660 *k
= KILL_CONTROL_GROUP
;
664 m
= kill_mode_from_string(rvalue
);
666 log_syntax(unit
, LOG_WARNING
, filename
, line
, m
,
667 "Failed to parse kill mode specification, ignoring: %s", rvalue
);
672 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
673 "Unit configured to use KillMode=none. "
674 "This is unsafe, as it disables systemd's process lifecycle management for the service. "
675 "Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. "
676 "Support for KillMode=none is deprecated and will eventually be removed.");
682 int config_parse_exec(
684 const char *filename
,
687 unsigned section_line
,
694 ExecCommand
**e
= data
;
695 const Unit
*u
= userdata
;
707 if (isempty(rvalue
)) {
708 /* An empty assignment resets the list */
709 *e
= exec_command_free_list(*e
);
715 _cleanup_free_
char *path
= NULL
, *firstword
= NULL
;
716 ExecCommandFlags flags
= 0;
717 bool ignore
= false, separate_argv0
= false;
718 _cleanup_free_ ExecCommand
*nce
= NULL
;
719 _cleanup_strv_free_
char **n
= NULL
;
720 size_t nlen
= 0, nbufsize
= 0;
725 r
= extract_first_word_and_warn(&p
, &firstword
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_CUNESCAPE
, unit
, filename
, line
, rvalue
);
729 /* A lone ";" is a separator. Let's make sure we don't treat it as an executable name. */
730 if (streq(firstword
, ";")) {
737 /* We accept an absolute path as first argument. If it's prefixed with - and the path doesn't
738 * exist, we ignore it instead of erroring out; if it's prefixed with @, we allow overriding of
739 * argv[0]; if it's prefixed with :, we will not do environment variable substitution;
740 * if it's prefixed with +, it will be run with full privileges and no sandboxing; if
741 * it's prefixed with '!' we apply sandboxing, but do not change user/group credentials; if
742 * it's prefixed with '!!', then we apply user/group credentials if the kernel supports ambient
743 * capabilities -- if it doesn't we don't apply the credentials themselves, but do apply most
744 * other sandboxing, with some special exceptions for changing UID.
746 * The idea is that '!!' may be used to write services that can take benefit of systemd's
747 * UID/GID dropping if the kernel supports ambient creds, but provide an automatic fallback to
748 * privilege dropping within the daemon if the kernel does not offer that. */
750 if (*f
== '-' && !(flags
& EXEC_COMMAND_IGNORE_FAILURE
)) {
751 flags
|= EXEC_COMMAND_IGNORE_FAILURE
;
753 } else if (*f
== '@' && !separate_argv0
)
754 separate_argv0
= true;
755 else if (*f
== ':' && !(flags
& EXEC_COMMAND_NO_ENV_EXPAND
))
756 flags
|= EXEC_COMMAND_NO_ENV_EXPAND
;
757 else if (*f
== '+' && !(flags
& (EXEC_COMMAND_FULLY_PRIVILEGED
|EXEC_COMMAND_NO_SETUID
|EXEC_COMMAND_AMBIENT_MAGIC
)))
758 flags
|= EXEC_COMMAND_FULLY_PRIVILEGED
;
759 else if (*f
== '!' && !(flags
& (EXEC_COMMAND_FULLY_PRIVILEGED
|EXEC_COMMAND_NO_SETUID
|EXEC_COMMAND_AMBIENT_MAGIC
)))
760 flags
|= EXEC_COMMAND_NO_SETUID
;
761 else if (*f
== '!' && !(flags
& (EXEC_COMMAND_FULLY_PRIVILEGED
|EXEC_COMMAND_AMBIENT_MAGIC
))) {
762 flags
&= ~EXEC_COMMAND_NO_SETUID
;
763 flags
|= EXEC_COMMAND_AMBIENT_MAGIC
;
769 r
= unit_full_printf(u
, f
, &path
);
771 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
772 "Failed to resolve unit specifiers in '%s'%s: %m",
773 f
, ignore
? ", ignoring" : "");
774 return ignore
? 0 : -ENOEXEC
;
778 /* First word is either "-" or "@" with no command. */
779 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
780 "Empty path in command line%s: '%s'",
781 ignore
? ", ignoring" : "", rvalue
);
782 return ignore
? 0 : -ENOEXEC
;
784 if (!string_is_safe(path
)) {
785 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
786 "Executable name contains special characters%s: %s",
787 ignore
? ", ignoring" : "", path
);
788 return ignore
? 0 : -ENOEXEC
;
790 if (endswith(path
, "/")) {
791 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
792 "Executable path specifies a directory%s: %s",
793 ignore
? ", ignoring" : "", path
);
794 return ignore
? 0 : -ENOEXEC
;
797 if (!path_is_absolute(path
) && !filename_is_valid(path
)) {
798 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
799 "Neither a valid executable name nor an absolute path%s: %s",
800 ignore
? ", ignoring" : "", path
);
801 return ignore
? 0 : -ENOEXEC
;
804 if (!separate_argv0
) {
807 if (!GREEDY_REALLOC(n
, nbufsize
, nlen
+ 2))
817 path_simplify(path
, false);
819 while (!isempty(p
)) {
820 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
;
822 /* Check explicitly for an unquoted semicolon as
823 * command separator token. */
824 if (p
[0] == ';' && (!p
[1] || strchr(WHITESPACE
, p
[1]))) {
826 p
+= strspn(p
, WHITESPACE
);
831 /* Check for \; explicitly, to not confuse it with \\; or "\;" or "\\;" etc.
832 * extract_first_word() would return the same for all of those. */
833 if (p
[0] == '\\' && p
[1] == ';' && (!p
[2] || strchr(WHITESPACE
, p
[2]))) {
837 p
+= strspn(p
, WHITESPACE
);
839 if (!GREEDY_REALLOC(n
, nbufsize
, nlen
+ 2))
850 r
= extract_first_word_and_warn(&p
, &word
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_CUNESCAPE
, unit
, filename
, line
, rvalue
);
854 return ignore
? 0 : -ENOEXEC
;
856 r
= unit_full_printf(u
, word
, &resolved
);
858 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
859 "Failed to resolve unit specifiers in %s%s: %m",
860 word
, ignore
? ", ignoring" : "");
861 return ignore
? 0 : -ENOEXEC
;
864 if (!GREEDY_REALLOC(n
, nbufsize
, nlen
+ 2))
867 n
[nlen
++] = TAKE_PTR(resolved
);
872 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
873 "Empty executable name or zeroeth argument%s: %s",
874 ignore
? ", ignoring" : "", rvalue
);
875 return ignore
? 0 : -ENOEXEC
;
878 nce
= new0(ExecCommand
, 1);
882 nce
->argv
= TAKE_PTR(n
);
883 nce
->path
= TAKE_PTR(path
);
886 exec_command_append_list(e
, nce
);
888 /* Do not _cleanup_free_ these. */
897 int config_parse_socket_bindtodevice(
899 const char *filename
,
902 unsigned section_line
,
916 if (isempty(rvalue
) || streq(rvalue
, "*")) {
917 s
->bind_to_device
= mfree(s
->bind_to_device
);
921 if (!ifname_valid(rvalue
)) {
922 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid interface name, ignoring: %s", rvalue
);
926 return free_and_strdup_warn(&s
->bind_to_device
, rvalue
);
929 int config_parse_exec_input(
931 const char *filename
,
934 unsigned section_line
,
941 ExecContext
*c
= data
;
942 const Unit
*u
= userdata
;
952 n
= startswith(rvalue
, "fd:");
954 _cleanup_free_
char *resolved
= NULL
;
956 r
= unit_full_printf(u
, n
, &resolved
);
958 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", n
);
962 if (isempty(resolved
))
963 resolved
= mfree(resolved
);
964 else if (!fdname_is_valid(resolved
)) {
965 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid file descriptor name, ignoring: %s", resolved
);
969 free_and_replace(c
->stdio_fdname
[STDIN_FILENO
], resolved
);
971 ei
= EXEC_INPUT_NAMED_FD
;
973 } else if ((n
= startswith(rvalue
, "file:"))) {
974 _cleanup_free_
char *resolved
= NULL
;
976 r
= unit_full_printf(u
, n
, &resolved
);
978 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", n
);
982 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
986 free_and_replace(c
->stdio_file
[STDIN_FILENO
], resolved
);
988 ei
= EXEC_INPUT_FILE
;
991 ei
= exec_input_from_string(rvalue
);
993 log_syntax(unit
, LOG_WARNING
, filename
, line
, ei
, "Failed to parse input specifier, ignoring: %s", rvalue
);
1002 int config_parse_exec_input_text(
1004 const char *filename
,
1006 const char *section
,
1007 unsigned section_line
,
1014 _cleanup_free_
char *unescaped
= NULL
, *resolved
= NULL
;
1015 ExecContext
*c
= data
;
1016 const Unit
*u
= userdata
;
1026 if (isempty(rvalue
)) {
1027 /* Reset if the empty string is assigned */
1028 c
->stdin_data
= mfree(c
->stdin_data
);
1029 c
->stdin_data_size
= 0;
1033 r
= cunescape(rvalue
, 0, &unescaped
);
1035 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1036 "Failed to decode C escaped text '%s', ignoring: %m", rvalue
);
1040 r
= unit_full_printf(u
, unescaped
, &resolved
);
1042 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1043 "Failed to resolve unit specifiers in '%s', ignoring: %m", unescaped
);
1047 sz
= strlen(resolved
);
1048 if (c
->stdin_data_size
+ sz
+ 1 < c
->stdin_data_size
|| /* check for overflow */
1049 c
->stdin_data_size
+ sz
+ 1 > EXEC_STDIN_DATA_MAX
) {
1050 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1051 "Standard input data too large (%zu), maximum of %zu permitted, ignoring.",
1052 c
->stdin_data_size
+ sz
, (size_t) EXEC_STDIN_DATA_MAX
);
1056 p
= realloc(c
->stdin_data
, c
->stdin_data_size
+ sz
+ 1);
1060 *((char*) mempcpy((char*) p
+ c
->stdin_data_size
, resolved
, sz
)) = '\n';
1063 c
->stdin_data_size
+= sz
+ 1;
1068 int config_parse_exec_input_data(
1070 const char *filename
,
1072 const char *section
,
1073 unsigned section_line
,
1080 _cleanup_free_
void *p
= NULL
;
1081 ExecContext
*c
= data
;
1091 if (isempty(rvalue
)) {
1092 /* Reset if the empty string is assigned */
1093 c
->stdin_data
= mfree(c
->stdin_data
);
1094 c
->stdin_data_size
= 0;
1098 r
= unbase64mem(rvalue
, SIZE_MAX
, &p
, &sz
);
1100 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1101 "Failed to decode base64 data, ignoring: %s", rvalue
);
1107 if (c
->stdin_data_size
+ sz
< c
->stdin_data_size
|| /* check for overflow */
1108 c
->stdin_data_size
+ sz
> EXEC_STDIN_DATA_MAX
) {
1109 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1110 "Standard input data too large (%zu), maximum of %zu permitted, ignoring.",
1111 c
->stdin_data_size
+ sz
, (size_t) EXEC_STDIN_DATA_MAX
);
1115 q
= realloc(c
->stdin_data
, c
->stdin_data_size
+ sz
);
1119 memcpy((uint8_t*) q
+ c
->stdin_data_size
, p
, sz
);
1122 c
->stdin_data_size
+= sz
;
1127 int config_parse_exec_output(
1129 const char *filename
,
1131 const char *section
,
1132 unsigned section_line
,
1139 _cleanup_free_
char *resolved
= NULL
;
1141 ExecContext
*c
= data
;
1142 const Unit
*u
= userdata
;
1143 bool obsolete
= false;
1153 n
= startswith(rvalue
, "fd:");
1155 r
= unit_full_printf(u
, n
, &resolved
);
1157 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", n
);
1161 if (isempty(resolved
))
1162 resolved
= mfree(resolved
);
1163 else if (!fdname_is_valid(resolved
)) {
1164 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid file descriptor name, ignoring: %s", resolved
);
1168 eo
= EXEC_OUTPUT_NAMED_FD
;
1170 } else if (streq(rvalue
, "syslog")) {
1171 eo
= EXEC_OUTPUT_JOURNAL
;
1174 } else if (streq(rvalue
, "syslog+console")) {
1175 eo
= EXEC_OUTPUT_JOURNAL_AND_CONSOLE
;
1178 } else if ((n
= startswith(rvalue
, "file:"))) {
1180 r
= unit_full_printf(u
, n
, &resolved
);
1182 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", n
);
1186 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
1190 eo
= EXEC_OUTPUT_FILE
;
1192 } else if ((n
= startswith(rvalue
, "append:"))) {
1194 r
= unit_full_printf(u
, n
, &resolved
);
1196 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", n
);
1200 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
1204 eo
= EXEC_OUTPUT_FILE_APPEND
;
1206 } else if ((n
= startswith(rvalue
, "truncate:"))) {
1208 r
= unit_full_printf(u
, n
, &resolved
);
1210 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", n
);
1214 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
1218 eo
= EXEC_OUTPUT_FILE_TRUNCATE
;
1220 eo
= exec_output_from_string(rvalue
);
1222 log_syntax(unit
, LOG_WARNING
, filename
, line
, eo
, "Failed to parse output specifier, ignoring: %s", rvalue
);
1228 log_syntax(unit
, LOG_NOTICE
, filename
, line
, 0,
1229 "Standard output type %s is obsolete, automatically updating to %s. Please update your unit file, and consider removing the setting altogether.",
1230 rvalue
, exec_output_to_string(eo
));
1232 if (streq(lvalue
, "StandardOutput")) {
1233 if (eo
== EXEC_OUTPUT_NAMED_FD
)
1234 free_and_replace(c
->stdio_fdname
[STDOUT_FILENO
], resolved
);
1236 free_and_replace(c
->stdio_file
[STDOUT_FILENO
], resolved
);
1241 assert(streq(lvalue
, "StandardError"));
1243 if (eo
== EXEC_OUTPUT_NAMED_FD
)
1244 free_and_replace(c
->stdio_fdname
[STDERR_FILENO
], resolved
);
1246 free_and_replace(c
->stdio_file
[STDERR_FILENO
], resolved
);
1254 int config_parse_exec_io_class(const char *unit
,
1255 const char *filename
,
1257 const char *section
,
1258 unsigned section_line
,
1265 ExecContext
*c
= data
;
1273 if (isempty(rvalue
)) {
1274 c
->ioprio_set
= false;
1275 c
->ioprio
= IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE
, 0);
1279 x
= ioprio_class_from_string(rvalue
);
1281 log_syntax(unit
, LOG_WARNING
, filename
, line
, x
, "Failed to parse IO scheduling class, ignoring: %s", rvalue
);
1285 c
->ioprio
= IOPRIO_PRIO_VALUE(x
, IOPRIO_PRIO_DATA(c
->ioprio
));
1286 c
->ioprio_set
= true;
1291 int config_parse_exec_io_priority(const char *unit
,
1292 const char *filename
,
1294 const char *section
,
1295 unsigned section_line
,
1302 ExecContext
*c
= data
;
1310 if (isempty(rvalue
)) {
1311 c
->ioprio_set
= false;
1312 c
->ioprio
= IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE
, 0);
1316 r
= ioprio_parse_priority(rvalue
, &i
);
1318 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse IO priority, ignoring: %s", rvalue
);
1322 c
->ioprio
= IOPRIO_PRIO_VALUE(IOPRIO_PRIO_CLASS(c
->ioprio
), i
);
1323 c
->ioprio_set
= true;
1328 int config_parse_exec_cpu_sched_policy(const char *unit
,
1329 const char *filename
,
1331 const char *section
,
1332 unsigned section_line
,
1339 ExecContext
*c
= data
;
1347 if (isempty(rvalue
)) {
1348 c
->cpu_sched_set
= false;
1349 c
->cpu_sched_policy
= SCHED_OTHER
;
1350 c
->cpu_sched_priority
= 0;
1354 x
= sched_policy_from_string(rvalue
);
1356 log_syntax(unit
, LOG_WARNING
, filename
, line
, x
, "Failed to parse CPU scheduling policy, ignoring: %s", rvalue
);
1360 c
->cpu_sched_policy
= x
;
1361 /* Moving to or from real-time policy? We need to adjust the priority */
1362 c
->cpu_sched_priority
= CLAMP(c
->cpu_sched_priority
, sched_get_priority_min(x
), sched_get_priority_max(x
));
1363 c
->cpu_sched_set
= true;
1368 int config_parse_exec_mount_apivfs(const char *unit
,
1369 const char *filename
,
1371 const char *section
,
1372 unsigned section_line
,
1379 ExecContext
*c
= data
;
1387 if (isempty(rvalue
)) {
1388 c
->mount_apivfs_set
= false;
1389 c
->mount_apivfs
= false;
1393 k
= parse_boolean(rvalue
);
1395 log_syntax(unit
, LOG_WARNING
, filename
, line
, k
,
1396 "Failed to parse boolean value, ignoring: %s",
1401 c
->mount_apivfs_set
= true;
1402 c
->mount_apivfs
= k
;
1406 int config_parse_numa_mask(const char *unit
,
1407 const char *filename
,
1409 const char *section
,
1410 unsigned section_line
,
1417 NUMAPolicy
*p
= data
;
1424 if (streq(rvalue
, "all")) {
1425 r
= numa_mask_add_all(&p
->nodes
);
1427 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1428 "Failed to create NUMA mask representing \"all\" NUMA nodes, ignoring: %m");
1430 r
= parse_cpu_set_extend(rvalue
, &p
->nodes
, true, unit
, filename
, line
, lvalue
);
1432 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse NUMA node mask, ignoring: %s", rvalue
);
1438 int config_parse_exec_cpu_sched_prio(const char *unit
,
1439 const char *filename
,
1441 const char *section
,
1442 unsigned section_line
,
1449 ExecContext
*c
= data
;
1457 r
= safe_atoi(rvalue
, &i
);
1459 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse CPU scheduling priority, ignoring: %s", rvalue
);
1463 /* On Linux RR/FIFO range from 1 to 99 and OTHER/BATCH may only be 0 */
1464 min
= sched_get_priority_min(c
->cpu_sched_policy
);
1465 max
= sched_get_priority_max(c
->cpu_sched_policy
);
1467 if (i
< min
|| i
> max
) {
1468 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "CPU scheduling priority is out of range, ignoring: %s", rvalue
);
1472 c
->cpu_sched_priority
= i
;
1473 c
->cpu_sched_set
= true;
1478 int config_parse_root_image_options(
1480 const char *filename
,
1482 const char *section
,
1483 unsigned section_line
,
1490 _cleanup_(mount_options_free_allp
) MountOptions
*options
= NULL
;
1491 _cleanup_strv_free_
char **l
= NULL
;
1492 char **first
= NULL
, **second
= NULL
;
1493 ExecContext
*c
= data
;
1494 const Unit
*u
= userdata
;
1502 if (isempty(rvalue
)) {
1503 c
->root_image_options
= mount_options_free_all(c
->root_image_options
);
1507 r
= strv_split_colon_pairs(&l
, rvalue
);
1511 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s, ignoring: %s", lvalue
, rvalue
);
1515 STRV_FOREACH_PAIR(first
, second
, l
) {
1516 MountOptions
*o
= NULL
;
1517 _cleanup_free_
char *mount_options_resolved
= NULL
;
1518 const char *mount_options
= NULL
, *partition
= "root";
1519 PartitionDesignator partition_designator
;
1521 /* Format is either 'root:foo' or 'foo' (root is implied) */
1522 if (!isempty(*second
)) {
1524 mount_options
= *second
;
1526 mount_options
= *first
;
1528 partition_designator
= partition_designator_from_string(partition
);
1529 if (partition_designator
< 0) {
1530 log_syntax(unit
, LOG_WARNING
, filename
, line
, partition_designator
,
1531 "Invalid partition name %s, ignoring", partition
);
1534 r
= unit_full_printf(u
, mount_options
, &mount_options_resolved
);
1536 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options
);
1540 o
= new(MountOptions
, 1);
1543 *o
= (MountOptions
) {
1544 .partition_designator
= partition_designator
,
1545 .options
= TAKE_PTR(mount_options_resolved
),
1547 LIST_APPEND(mount_options
, options
, TAKE_PTR(o
));
1550 /* empty spaces/separators only */
1551 if (LIST_IS_EMPTY(options
))
1552 c
->root_image_options
= mount_options_free_all(c
->root_image_options
);
1554 LIST_JOIN(mount_options
, c
->root_image_options
, options
);
1559 int config_parse_exec_root_hash(
1561 const char *filename
,
1563 const char *section
,
1564 unsigned section_line
,
1571 _cleanup_free_
void *roothash_decoded
= NULL
;
1572 ExecContext
*c
= data
;
1573 size_t roothash_decoded_size
= 0;
1581 if (isempty(rvalue
)) {
1582 /* Reset if the empty string is assigned */
1583 c
->root_hash_path
= mfree(c
->root_hash_path
);
1584 c
->root_hash
= mfree(c
->root_hash
);
1585 c
->root_hash_size
= 0;
1589 if (path_is_absolute(rvalue
)) {
1590 /* We have the path to a roothash to load and decode, eg: RootHash=/foo/bar.roothash */
1591 _cleanup_free_
char *p
= NULL
;
1597 free_and_replace(c
->root_hash_path
, p
);
1598 c
->root_hash
= mfree(c
->root_hash
);
1599 c
->root_hash_size
= 0;
1603 /* We have a roothash to decode, eg: RootHash=012345789abcdef */
1604 r
= unhexmem(rvalue
, strlen(rvalue
), &roothash_decoded
, &roothash_decoded_size
);
1606 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to decode RootHash=, ignoring: %s", rvalue
);
1609 if (roothash_decoded_size
< sizeof(sd_id128_t
)) {
1610 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "RootHash= is too short, ignoring: %s", rvalue
);
1614 free_and_replace(c
->root_hash
, roothash_decoded
);
1615 c
->root_hash_size
= roothash_decoded_size
;
1616 c
->root_hash_path
= mfree(c
->root_hash_path
);
1621 int config_parse_exec_root_hash_sig(
1623 const char *filename
,
1625 const char *section
,
1626 unsigned section_line
,
1633 _cleanup_free_
void *roothash_sig_decoded
= NULL
;
1635 ExecContext
*c
= data
;
1636 size_t roothash_sig_decoded_size
= 0;
1644 if (isempty(rvalue
)) {
1645 /* Reset if the empty string is assigned */
1646 c
->root_hash_sig_path
= mfree(c
->root_hash_sig_path
);
1647 c
->root_hash_sig
= mfree(c
->root_hash_sig
);
1648 c
->root_hash_sig_size
= 0;
1652 if (path_is_absolute(rvalue
)) {
1653 /* We have the path to a roothash signature to load and decode, eg: RootHashSignature=/foo/bar.roothash.p7s */
1654 _cleanup_free_
char *p
= NULL
;
1660 free_and_replace(c
->root_hash_sig_path
, p
);
1661 c
->root_hash_sig
= mfree(c
->root_hash_sig
);
1662 c
->root_hash_sig_size
= 0;
1666 if (!(value
= startswith(rvalue
, "base64:"))) {
1667 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1668 "Failed to decode RootHashSignature=, not a path but doesn't start with 'base64:', ignoring: %s", rvalue
);
1672 /* We have a roothash signature to decode, eg: RootHashSignature=base64:012345789abcdef */
1673 r
= unbase64mem(value
, strlen(value
), &roothash_sig_decoded
, &roothash_sig_decoded_size
);
1675 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to decode RootHashSignature=, ignoring: %s", rvalue
);
1679 free_and_replace(c
->root_hash_sig
, roothash_sig_decoded
);
1680 c
->root_hash_sig_size
= roothash_sig_decoded_size
;
1681 c
->root_hash_sig_path
= mfree(c
->root_hash_sig_path
);
1686 int config_parse_exec_cpu_affinity(
1688 const char *filename
,
1690 const char *section
,
1691 unsigned section_line
,
1698 ExecContext
*c
= data
;
1706 if (streq(rvalue
, "numa")) {
1707 c
->cpu_affinity_from_numa
= true;
1708 cpu_set_reset(&c
->cpu_set
);
1713 r
= parse_cpu_set_extend(rvalue
, &c
->cpu_set
, true, unit
, filename
, line
, lvalue
);
1715 c
->cpu_affinity_from_numa
= false;
1720 int config_parse_capability_set(
1722 const char *filename
,
1724 const char *section
,
1725 unsigned section_line
,
1732 uint64_t *capability_set
= data
;
1733 uint64_t sum
= 0, initial
= 0;
1734 bool invert
= false;
1742 if (rvalue
[0] == '~') {
1747 if (streq(lvalue
, "CapabilityBoundingSet"))
1748 initial
= CAP_ALL
; /* initialized to all bits on */
1749 /* else "AmbientCapabilities" initialized to all bits off */
1751 r
= capability_set_from_string(rvalue
, &sum
);
1753 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s= specifier '%s', ignoring: %m", lvalue
, rvalue
);
1757 if (sum
== 0 || *capability_set
== initial
)
1758 /* "", "~" or uninitialized data -> replace */
1759 *capability_set
= invert
? ~sum
: sum
;
1761 /* previous data -> merge */
1763 *capability_set
&= ~sum
;
1765 *capability_set
|= sum
;
1771 int config_parse_exec_selinux_context(
1773 const char *filename
,
1775 const char *section
,
1776 unsigned section_line
,
1783 ExecContext
*c
= data
;
1784 const Unit
*u
= userdata
;
1794 if (isempty(rvalue
)) {
1795 c
->selinux_context
= mfree(c
->selinux_context
);
1796 c
->selinux_context_ignore
= false;
1800 if (rvalue
[0] == '-') {
1806 r
= unit_full_printf(u
, rvalue
, &k
);
1808 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
1809 "Failed to resolve unit specifiers in '%s'%s: %m",
1810 rvalue
, ignore
? ", ignoring" : "");
1811 return ignore
? 0 : -ENOEXEC
;
1814 free_and_replace(c
->selinux_context
, k
);
1815 c
->selinux_context_ignore
= ignore
;
1820 int config_parse_exec_apparmor_profile(
1822 const char *filename
,
1824 const char *section
,
1825 unsigned section_line
,
1832 ExecContext
*c
= data
;
1833 const Unit
*u
= userdata
;
1843 if (isempty(rvalue
)) {
1844 c
->apparmor_profile
= mfree(c
->apparmor_profile
);
1845 c
->apparmor_profile_ignore
= false;
1849 if (rvalue
[0] == '-') {
1855 r
= unit_full_printf(u
, rvalue
, &k
);
1857 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
1858 "Failed to resolve unit specifiers in '%s'%s: %m",
1859 rvalue
, ignore
? ", ignoring" : "");
1860 return ignore
? 0 : -ENOEXEC
;
1863 free_and_replace(c
->apparmor_profile
, k
);
1864 c
->apparmor_profile_ignore
= ignore
;
1869 int config_parse_exec_smack_process_label(
1871 const char *filename
,
1873 const char *section
,
1874 unsigned section_line
,
1881 ExecContext
*c
= data
;
1882 const Unit
*u
= userdata
;
1892 if (isempty(rvalue
)) {
1893 c
->smack_process_label
= mfree(c
->smack_process_label
);
1894 c
->smack_process_label_ignore
= false;
1898 if (rvalue
[0] == '-') {
1904 r
= unit_full_printf(u
, rvalue
, &k
);
1906 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
1907 "Failed to resolve unit specifiers in '%s'%s: %m",
1908 rvalue
, ignore
? ", ignoring" : "");
1909 return ignore
? 0 : -ENOEXEC
;
1912 free_and_replace(c
->smack_process_label
, k
);
1913 c
->smack_process_label_ignore
= ignore
;
1918 int config_parse_timer(
1920 const char *filename
,
1922 const char *section
,
1923 unsigned section_line
,
1930 _cleanup_(calendar_spec_freep
) CalendarSpec
*c
= NULL
;
1931 _cleanup_free_
char *k
= NULL
;
1932 const Unit
*u
= userdata
;
1943 if (isempty(rvalue
)) {
1944 /* Empty assignment resets list */
1945 timer_free_values(t
);
1949 r
= unit_full_printf(u
, rvalue
, &k
);
1951 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
1955 if (ltype
== TIMER_CALENDAR
) {
1956 r
= calendar_spec_from_string(k
, &c
);
1958 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse calendar specification, ignoring: %s", k
);
1962 r
= parse_sec(k
, &usec
);
1964 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse timer value, ignoring: %s", k
);
1969 v
= new(TimerValue
, 1);
1976 .calendar_spec
= TAKE_PTR(c
),
1979 LIST_PREPEND(value
, t
->values
, v
);
1984 int config_parse_trigger_unit(
1986 const char *filename
,
1988 const char *section
,
1989 unsigned section_line
,
1996 _cleanup_free_
char *p
= NULL
;
2006 if (!hashmap_isempty(u
->dependencies
[UNIT_TRIGGERS
])) {
2007 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Multiple units to trigger specified, ignoring: %s", rvalue
);
2011 r
= unit_name_printf(u
, rvalue
, &p
);
2013 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2017 type
= unit_name_to_type(p
);
2019 log_syntax(unit
, LOG_WARNING
, filename
, line
, type
, "Unit type not valid, ignoring: %s", rvalue
);
2022 if (unit_has_name(u
, p
)) {
2023 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Units cannot trigger themselves, ignoring: %s", rvalue
);
2027 r
= unit_add_two_dependencies_by_name(u
, UNIT_BEFORE
, UNIT_TRIGGERS
, p
, true, UNIT_DEPENDENCY_FILE
);
2029 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add trigger on %s, ignoring: %m", p
);
2036 int config_parse_path_spec(const char *unit
,
2037 const char *filename
,
2039 const char *section
,
2040 unsigned section_line
,
2050 _cleanup_free_
char *k
= NULL
;
2058 if (isempty(rvalue
)) {
2059 /* Empty assignment clears list */
2064 b
= path_type_from_string(lvalue
);
2066 log_syntax(unit
, LOG_WARNING
, filename
, line
, b
, "Failed to parse path type, ignoring: %s", lvalue
);
2070 r
= unit_full_printf(UNIT(p
), rvalue
, &k
);
2072 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2076 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
2080 s
= new0(PathSpec
, 1);
2085 s
->path
= TAKE_PTR(k
);
2089 LIST_PREPEND(spec
, p
->specs
, s
);
2094 int config_parse_socket_service(
2096 const char *filename
,
2098 const char *section
,
2099 unsigned section_line
,
2106 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2107 _cleanup_free_
char *p
= NULL
;
2117 r
= unit_name_printf(UNIT(s
), rvalue
, &p
);
2119 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2123 if (!endswith(p
, ".service")) {
2124 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Unit must be of type service, ignoring: %s", rvalue
);
2128 r
= manager_load_unit(UNIT(s
)->manager
, p
, NULL
, &error
, &x
);
2130 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to load unit %s, ignoring: %s", rvalue
, bus_error_message(&error
, r
));
2134 unit_ref_set(&s
->service
, UNIT(s
), x
);
2139 int config_parse_fdname(
2141 const char *filename
,
2143 const char *section
,
2144 unsigned section_line
,
2151 _cleanup_free_
char *p
= NULL
;
2160 if (isempty(rvalue
)) {
2161 s
->fdname
= mfree(s
->fdname
);
2165 r
= unit_full_printf(UNIT(s
), rvalue
, &p
);
2167 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
2171 if (!fdname_is_valid(p
)) {
2172 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid file descriptor name, ignoring: %s", p
);
2176 return free_and_replace(s
->fdname
, p
);
2179 int config_parse_service_sockets(
2181 const char *filename
,
2183 const char *section
,
2184 unsigned section_line
,
2199 for (const char *p
= rvalue
;;) {
2200 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2202 r
= extract_first_word(&p
, &word
, NULL
, 0);
2208 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Trailing garbage in sockets, ignoring: %s", rvalue
);
2212 r
= unit_name_printf(UNIT(s
), word
, &k
);
2214 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
2218 if (!endswith(k
, ".socket")) {
2219 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Unit must be of type socket, ignoring: %s", k
);
2223 r
= unit_add_two_dependencies_by_name(UNIT(s
), UNIT_WANTS
, UNIT_AFTER
, k
, true, UNIT_DEPENDENCY_FILE
);
2225 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add dependency on %s, ignoring: %m", k
);
2227 r
= unit_add_dependency_by_name(UNIT(s
), UNIT_TRIGGERED_BY
, k
, true, UNIT_DEPENDENCY_FILE
);
2229 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add dependency on %s, ignoring: %m", k
);
2233 int config_parse_bus_name(
2235 const char *filename
,
2237 const char *section
,
2238 unsigned section_line
,
2245 _cleanup_free_
char *k
= NULL
;
2246 const Unit
*u
= userdata
;
2254 r
= unit_full_printf(u
, rvalue
, &k
);
2256 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2260 if (!sd_bus_service_name_is_valid(k
)) {
2261 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid bus name, ignoring: %s", k
);
2265 return config_parse_string(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
2268 int config_parse_service_timeout(
2270 const char *filename
,
2272 const char *section
,
2273 unsigned section_line
,
2280 Service
*s
= userdata
;
2289 /* This is called for two cases: TimeoutSec= and TimeoutStartSec=. */
2291 /* Traditionally, these options accepted 0 to disable the timeouts. However, a timeout of 0 suggests it happens
2292 * immediately, hence fix this to become USEC_INFINITY instead. This is in-line with how we internally handle
2293 * all other timeouts. */
2294 r
= parse_sec_fix_0(rvalue
, &usec
);
2296 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s= parameter, ignoring: %s", lvalue
, rvalue
);
2300 s
->start_timeout_defined
= true;
2301 s
->timeout_start_usec
= usec
;
2303 if (streq(lvalue
, "TimeoutSec"))
2304 s
->timeout_stop_usec
= usec
;
2309 int config_parse_timeout_abort(
2311 const char *filename
,
2313 const char *section
,
2314 unsigned section_line
,
2329 /* Note: apart from setting the arg, this returns an extra bit of information in the return value. */
2331 if (isempty(rvalue
)) {
2333 return 0; /* "not set" */
2336 r
= parse_sec(rvalue
, ret
);
2338 return log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s= setting, ignoring: %s", lvalue
, rvalue
);
2340 return 1; /* "set" */
2343 int config_parse_service_timeout_abort(
2345 const char *filename
,
2347 const char *section
,
2348 unsigned section_line
,
2355 Service
*s
= userdata
;
2360 r
= config_parse_timeout_abort(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
,
2361 &s
->timeout_abort_usec
, s
);
2363 s
->timeout_abort_set
= r
;
2367 int config_parse_sec_fix_0(
2369 const char *filename
,
2371 const char *section
,
2372 unsigned section_line
,
2379 usec_t
*usec
= data
;
2387 /* This is pretty much like config_parse_sec(), except that this treats a time of 0 as infinity, for
2388 * compatibility with older versions of systemd where 0 instead of infinity was used as indicator to turn off a
2391 r
= parse_sec_fix_0(rvalue
, usec
);
2393 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s= parameter, ignoring: %s", lvalue
, rvalue
);
2398 int config_parse_user_group_compat(
2400 const char *filename
,
2402 const char *section
,
2403 unsigned section_line
,
2410 _cleanup_free_
char *k
= NULL
;
2412 const Unit
*u
= userdata
;
2420 if (isempty(rvalue
)) {
2421 *user
= mfree(*user
);
2425 r
= unit_full_printf(u
, rvalue
, &k
);
2427 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", rvalue
);
2431 if (!valid_user_group_name(k
, VALID_USER_ALLOW_NUMERIC
|VALID_USER_RELAX
|VALID_USER_WARN
)) {
2432 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Invalid user/group name or numeric ID: %s", k
);
2436 if (strstr(lvalue
, "User") && streq(k
, NOBODY_USER_NAME
))
2437 log_struct(LOG_NOTICE
,
2438 "MESSAGE=%s:%u: Special user %s configured, this is not safe!", filename
, line
, k
,
2440 "MESSAGE_ID=" SD_MESSAGE_NOBODY_USER_UNSUITABLE_STR
,
2441 "OFFENDING_USER=%s", k
,
2442 "CONFIG_FILE=%s", filename
,
2443 "CONFIG_LINE=%u", line
);
2445 return free_and_replace(*user
, k
);
2448 int config_parse_user_group_strv_compat(
2450 const char *filename
,
2452 const char *section
,
2453 unsigned section_line
,
2460 char ***users
= data
;
2461 const Unit
*u
= userdata
;
2469 if (isempty(rvalue
)) {
2470 *users
= strv_free(*users
);
2474 for (const char *p
= rvalue
;;) {
2475 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2477 r
= extract_first_word(&p
, &word
, NULL
, 0);
2483 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Invalid syntax: %s", rvalue
);
2487 r
= unit_full_printf(u
, word
, &k
);
2489 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", word
);
2493 if (!valid_user_group_name(k
, VALID_USER_ALLOW_NUMERIC
|VALID_USER_RELAX
|VALID_USER_WARN
)) {
2494 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Invalid user/group name or numeric ID: %s", k
);
2498 r
= strv_push(users
, k
);
2506 int config_parse_working_directory(
2508 const char *filename
,
2510 const char *section
,
2511 unsigned section_line
,
2518 ExecContext
*c
= data
;
2519 const Unit
*u
= userdata
;
2529 if (isempty(rvalue
)) {
2530 c
->working_directory_home
= false;
2531 c
->working_directory
= mfree(c
->working_directory
);
2535 if (rvalue
[0] == '-') {
2541 if (streq(rvalue
, "~")) {
2542 c
->working_directory_home
= true;
2543 c
->working_directory
= mfree(c
->working_directory
);
2545 _cleanup_free_
char *k
= NULL
;
2547 r
= unit_full_printf(u
, rvalue
, &k
);
2549 log_syntax(unit
, missing_ok
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
2550 "Failed to resolve unit specifiers in working directory path '%s'%s: %m",
2551 rvalue
, missing_ok
? ", ignoring" : "");
2552 return missing_ok
? 0 : -ENOEXEC
;
2555 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
| (missing_ok
? 0 : PATH_CHECK_FATAL
), unit
, filename
, line
, lvalue
);
2557 return missing_ok
? 0 : -ENOEXEC
;
2559 c
->working_directory_home
= false;
2560 free_and_replace(c
->working_directory
, k
);
2563 c
->working_directory_missing_ok
= missing_ok
;
2567 int config_parse_unit_env_file(const char *unit
,
2568 const char *filename
,
2570 const char *section
,
2571 unsigned section_line
,
2579 const Unit
*u
= userdata
;
2580 _cleanup_free_
char *n
= NULL
;
2588 if (isempty(rvalue
)) {
2589 /* Empty assignment frees the list */
2590 *env
= strv_free(*env
);
2594 r
= unit_full_printf(u
, rvalue
, &n
);
2596 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
2600 r
= path_simplify_and_warn(n
[0] == '-' ? n
+ 1 : n
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
2604 r
= strv_push(env
, n
);
2613 int config_parse_environ(
2615 const char *filename
,
2617 const char *section
,
2618 unsigned section_line
,
2625 const Unit
*u
= userdata
;
2634 if (isempty(rvalue
)) {
2635 /* Empty assignment resets the list */
2636 *env
= strv_free(*env
);
2640 for (const char *p
= rvalue
;; ) {
2641 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
;
2643 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_CUNESCAPE
|EXTRACT_UNQUOTE
);
2649 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2650 "Invalid syntax, ignoring: %s", rvalue
);
2655 r
= unit_full_printf(u
, word
, &resolved
);
2657 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2658 "Failed to resolve unit specifiers in %s, ignoring: %m", word
);
2662 resolved
= TAKE_PTR(word
);
2664 if (!env_assignment_is_valid(resolved
)) {
2665 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2666 "Invalid environment assignment, ignoring: %s", resolved
);
2670 r
= strv_env_replace_consume(env
, TAKE_PTR(resolved
));
2672 return log_error_errno(r
, "Failed to update environment: %m");
2676 int config_parse_pass_environ(
2678 const char *filename
,
2680 const char *section
,
2681 unsigned section_line
,
2688 _cleanup_strv_free_
char **n
= NULL
;
2689 size_t nlen
= 0, nbufsize
= 0;
2690 char*** passenv
= data
;
2691 const Unit
*u
= userdata
;
2699 if (isempty(rvalue
)) {
2700 /* Empty assignment resets the list */
2701 *passenv
= strv_free(*passenv
);
2705 for (const char *p
= rvalue
;;) {
2706 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2708 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
2714 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2715 "Trailing garbage in %s, ignoring: %s", lvalue
, rvalue
);
2720 r
= unit_full_printf(u
, word
, &k
);
2722 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2723 "Failed to resolve specifiers in %s, ignoring: %m", word
);
2729 if (!env_name_is_valid(k
)) {
2730 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2731 "Invalid environment name for %s, ignoring: %s", lvalue
, k
);
2735 if (!GREEDY_REALLOC(n
, nbufsize
, nlen
+ 2))
2738 n
[nlen
++] = TAKE_PTR(k
);
2743 r
= strv_extend_strv(passenv
, n
, true);
2751 int config_parse_unset_environ(
2753 const char *filename
,
2755 const char *section
,
2756 unsigned section_line
,
2763 _cleanup_strv_free_
char **n
= NULL
;
2764 size_t nlen
= 0, nbufsize
= 0;
2765 char*** unsetenv
= data
;
2766 const Unit
*u
= userdata
;
2774 if (isempty(rvalue
)) {
2775 /* Empty assignment resets the list */
2776 *unsetenv
= strv_free(*unsetenv
);
2780 for (const char *p
= rvalue
;;) {
2781 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2783 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_CUNESCAPE
|EXTRACT_UNQUOTE
);
2789 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2790 "Trailing garbage in %s, ignoring: %s", lvalue
, rvalue
);
2795 r
= unit_full_printf(u
, word
, &k
);
2797 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2798 "Failed to resolve unit specifiers in %s, ignoring: %m", word
);
2804 if (!env_assignment_is_valid(k
) && !env_name_is_valid(k
)) {
2805 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2806 "Invalid environment name or assignment %s, ignoring: %s", lvalue
, k
);
2810 if (!GREEDY_REALLOC(n
, nbufsize
, nlen
+ 2))
2813 n
[nlen
++] = TAKE_PTR(k
);
2818 r
= strv_extend_strv(unsetenv
, n
, true);
2826 int config_parse_log_extra_fields(
2828 const char *filename
,
2830 const char *section
,
2831 unsigned section_line
,
2838 ExecContext
*c
= data
;
2839 const Unit
*u
= userdata
;
2847 if (isempty(rvalue
)) {
2848 exec_context_free_log_extra_fields(c
);
2852 for (const char *p
= rvalue
;;) {
2853 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2857 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_CUNESCAPE
|EXTRACT_UNQUOTE
);
2863 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
2867 r
= unit_full_printf(u
, word
, &k
);
2869 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", word
);
2873 eq
= strchr(k
, '=');
2875 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Log field lacks '=' character, ignoring: %s", k
);
2879 if (!journal_field_valid(k
, eq
-k
, false)) {
2880 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Log field name is invalid, ignoring: %s", k
);
2884 t
= reallocarray(c
->log_extra_fields
, c
->n_log_extra_fields
+1, sizeof(struct iovec
));
2888 c
->log_extra_fields
= t
;
2889 c
->log_extra_fields
[c
->n_log_extra_fields
++] = IOVEC_MAKE_STRING(k
);
2895 int config_parse_log_namespace(
2897 const char *filename
,
2899 const char *section
,
2900 unsigned section_line
,
2907 _cleanup_free_
char *k
= NULL
;
2908 ExecContext
*c
= data
;
2909 const Unit
*u
= userdata
;
2917 if (isempty(rvalue
)) {
2918 c
->log_namespace
= mfree(c
->log_namespace
);
2922 r
= unit_full_printf(u
, rvalue
, &k
);
2924 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2928 if (!log_namespace_name_valid(k
)) {
2929 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Specified log namespace name is not valid, ignoring: %s", k
);
2933 free_and_replace(c
->log_namespace
, k
);
2937 int config_parse_unit_condition_path(
2939 const char *filename
,
2941 const char *section
,
2942 unsigned section_line
,
2949 _cleanup_free_
char *p
= NULL
;
2950 Condition
**list
= data
, *c
;
2951 ConditionType t
= ltype
;
2952 bool trigger
, negate
;
2953 const Unit
*u
= userdata
;
2961 if (isempty(rvalue
)) {
2962 /* Empty assignment resets the list */
2963 *list
= condition_free_list(*list
);
2967 trigger
= rvalue
[0] == '|';
2971 negate
= rvalue
[0] == '!';
2975 r
= unit_full_printf(u
, rvalue
, &p
);
2977 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2981 r
= path_simplify_and_warn(p
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
2985 c
= condition_new(t
, p
, trigger
, negate
);
2989 LIST_PREPEND(conditions
, *list
, c
);
2993 int config_parse_unit_condition_string(
2995 const char *filename
,
2997 const char *section
,
2998 unsigned section_line
,
3005 _cleanup_free_
char *s
= NULL
;
3006 Condition
**list
= data
, *c
;
3007 ConditionType t
= ltype
;
3008 bool trigger
, negate
;
3009 const Unit
*u
= userdata
;
3017 if (isempty(rvalue
)) {
3018 /* Empty assignment resets the list */
3019 *list
= condition_free_list(*list
);
3023 trigger
= *rvalue
== '|';
3025 rvalue
+= 1 + strspn(rvalue
+ 1, WHITESPACE
);
3027 negate
= *rvalue
== '!';
3029 rvalue
+= 1 + strspn(rvalue
+ 1, WHITESPACE
);
3031 r
= unit_full_printf(u
, rvalue
, &s
);
3033 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3034 "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
3038 c
= condition_new(t
, s
, trigger
, negate
);
3042 LIST_PREPEND(conditions
, *list
, c
);
3046 int config_parse_unit_requires_mounts_for(
3048 const char *filename
,
3050 const char *section
,
3051 unsigned section_line
,
3066 for (const char *p
= rvalue
;;) {
3067 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
;
3069 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3075 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3076 "Invalid syntax, ignoring: %s", rvalue
);
3080 r
= unit_full_printf(u
, word
, &resolved
);
3082 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
3086 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
3090 r
= unit_require_mounts_for(u
, resolved
, UNIT_DEPENDENCY_FILE
);
3092 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add required mount '%s', ignoring: %m", resolved
);
3098 int config_parse_documentation(
3100 const char *filename
,
3102 const char *section
,
3103 unsigned section_line
,
3119 if (isempty(rvalue
)) {
3120 /* Empty assignment resets the list */
3121 u
->documentation
= strv_free(u
->documentation
);
3125 r
= config_parse_unit_strv_printf(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
,
3126 rvalue
, data
, userdata
);
3130 for (a
= b
= u
->documentation
; a
&& *a
; a
++) {
3132 if (documentation_url_is_valid(*a
))
3135 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid URL, ignoring: %s", *a
);
3146 int config_parse_syscall_filter(
3148 const char *filename
,
3150 const char *section
,
3151 unsigned section_line
,
3158 ExecContext
*c
= data
;
3159 _unused_
const Unit
*u
= userdata
;
3160 bool invert
= false;
3168 if (isempty(rvalue
)) {
3169 /* Empty assignment resets the list */
3170 c
->syscall_filter
= hashmap_free(c
->syscall_filter
);
3171 c
->syscall_allow_list
= false;
3175 if (rvalue
[0] == '~') {
3180 if (!c
->syscall_filter
) {
3181 c
->syscall_filter
= hashmap_new(NULL
);
3182 if (!c
->syscall_filter
)
3186 /* Allow everything but the ones listed */
3187 c
->syscall_allow_list
= false;
3189 /* Allow nothing but the ones listed */
3190 c
->syscall_allow_list
= true;
3192 /* Accept default syscalls if we are on a allow_list */
3193 r
= seccomp_parse_syscall_filter(
3194 "@default", -1, c
->syscall_filter
,
3195 SECCOMP_PARSE_PERMISSIVE
|SECCOMP_PARSE_ALLOW_LIST
,
3203 for (const char *p
= rvalue
;;) {
3204 _cleanup_free_
char *word
= NULL
, *name
= NULL
;
3207 r
= extract_first_word(&p
, &word
, NULL
, 0);
3213 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3214 "Invalid syntax, ignoring: %s", rvalue
);
3218 r
= parse_syscall_and_errno(word
, &name
, &num
);
3220 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3221 "Failed to parse syscall:errno, ignoring: %s", word
);
3224 if (!invert
&& num
>= 0) {
3225 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
3226 "Allow-listed system calls cannot take error number, ignoring: %s", word
);
3230 r
= seccomp_parse_syscall_filter(
3231 name
, num
, c
->syscall_filter
,
3232 SECCOMP_PARSE_LOG
|SECCOMP_PARSE_PERMISSIVE
|
3233 (invert
? SECCOMP_PARSE_INVERT
: 0)|
3234 (c
->syscall_allow_list
? SECCOMP_PARSE_ALLOW_LIST
: 0),
3235 unit
, filename
, line
);
3241 int config_parse_syscall_log(
3243 const char *filename
,
3245 const char *section
,
3246 unsigned section_line
,
3253 ExecContext
*c
= data
;
3254 _unused_
const Unit
*u
= userdata
;
3255 bool invert
= false;
3264 if (isempty(rvalue
)) {
3265 /* Empty assignment resets the list */
3266 c
->syscall_log
= hashmap_free(c
->syscall_log
);
3267 c
->syscall_log_allow_list
= false;
3271 if (rvalue
[0] == '~') {
3276 if (!c
->syscall_log
) {
3277 c
->syscall_log
= hashmap_new(NULL
);
3278 if (!c
->syscall_log
)
3282 /* Log everything but the ones listed */
3283 c
->syscall_log_allow_list
= false;
3285 /* Log nothing but the ones listed */
3286 c
->syscall_log_allow_list
= true;
3291 _cleanup_free_
char *word
= NULL
;
3293 r
= extract_first_word(&p
, &word
, NULL
, 0);
3299 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
3303 r
= seccomp_parse_syscall_filter(
3304 word
, -1, c
->syscall_log
,
3305 SECCOMP_PARSE_LOG
|SECCOMP_PARSE_PERMISSIVE
|
3306 (invert
? SECCOMP_PARSE_INVERT
: 0)|
3307 (c
->syscall_log_allow_list
? SECCOMP_PARSE_ALLOW_LIST
: 0),
3308 unit
, filename
, line
);
3314 int config_parse_syscall_archs(
3316 const char *filename
,
3318 const char *section
,
3319 unsigned section_line
,
3329 if (isempty(rvalue
)) {
3330 *archs
= set_free(*archs
);
3334 for (const char *p
= rvalue
;;) {
3335 _cleanup_free_
char *word
= NULL
;
3338 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3344 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3345 "Invalid syntax, ignoring: %s", rvalue
);
3349 r
= seccomp_arch_from_string(word
, &a
);
3351 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3352 "Failed to parse system call architecture \"%s\", ignoring: %m", word
);
3356 r
= set_ensure_put(archs
, NULL
, UINT32_TO_PTR(a
+ 1));
3362 int config_parse_syscall_errno(
3364 const char *filename
,
3366 const char *section
,
3367 unsigned section_line
,
3374 ExecContext
*c
= data
;
3381 if (isempty(rvalue
) || streq(rvalue
, "kill")) {
3382 /* Empty assignment resets to KILL */
3383 c
->syscall_errno
= SECCOMP_ERROR_NUMBER_KILL
;
3387 e
= parse_errno(rvalue
);
3389 log_syntax(unit
, LOG_WARNING
, filename
, line
, e
, "Failed to parse error number, ignoring: %s", rvalue
);
3393 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid error number, ignoring: %s", rvalue
);
3397 c
->syscall_errno
= e
;
3401 int config_parse_address_families(
3403 const char *filename
,
3405 const char *section
,
3406 unsigned section_line
,
3413 ExecContext
*c
= data
;
3414 bool invert
= false;
3421 if (isempty(rvalue
)) {
3422 /* Empty assignment resets the list */
3423 c
->address_families
= set_free(c
->address_families
);
3424 c
->address_families_allow_list
= false;
3428 if (rvalue
[0] == '~') {
3433 if (!c
->address_families
) {
3434 c
->address_families
= set_new(NULL
);
3435 if (!c
->address_families
)
3438 c
->address_families_allow_list
= !invert
;
3441 for (const char *p
= rvalue
;;) {
3442 _cleanup_free_
char *word
= NULL
;
3445 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3451 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3452 "Invalid syntax, ignoring: %s", rvalue
);
3456 af
= af_from_name(word
);
3458 log_syntax(unit
, LOG_WARNING
, filename
, line
, af
,
3459 "Failed to parse address family, ignoring: %s", word
);
3463 /* If we previously wanted to forbid an address family and now
3464 * we want to allow it, then just remove it from the list.
3466 if (!invert
== c
->address_families_allow_list
) {
3467 r
= set_put(c
->address_families
, INT_TO_PTR(af
));
3471 set_remove(c
->address_families
, INT_TO_PTR(af
));
3475 int config_parse_restrict_namespaces(
3477 const char *filename
,
3479 const char *section
,
3480 unsigned section_line
,
3487 ExecContext
*c
= data
;
3488 unsigned long flags
;
3489 bool invert
= false;
3492 if (isempty(rvalue
)) {
3493 /* Reset to the default. */
3494 c
->restrict_namespaces
= NAMESPACE_FLAGS_INITIAL
;
3498 /* Boolean parameter ignores the previous settings */
3499 r
= parse_boolean(rvalue
);
3501 c
->restrict_namespaces
= 0;
3503 } else if (r
== 0) {
3504 c
->restrict_namespaces
= NAMESPACE_FLAGS_ALL
;
3508 if (rvalue
[0] == '~') {
3513 /* Not a boolean argument, in this case it's a list of namespace types. */
3514 r
= namespace_flags_from_string(rvalue
, &flags
);
3516 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse namespace type string, ignoring: %s", rvalue
);
3520 if (c
->restrict_namespaces
== NAMESPACE_FLAGS_INITIAL
)
3521 /* Initial assignment. Just set the value. */
3522 c
->restrict_namespaces
= invert
? (~flags
) & NAMESPACE_FLAGS_ALL
: flags
;
3524 /* Merge the value with the previous one. */
3525 SET_FLAG(c
->restrict_namespaces
, flags
, !invert
);
3531 int config_parse_unit_slice(
3533 const char *filename
,
3535 const char *section
,
3536 unsigned section_line
,
3543 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
3544 _cleanup_free_
char *k
= NULL
;
3545 Unit
*u
= userdata
, *slice
;
3553 r
= unit_name_printf(u
, rvalue
, &k
);
3555 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
3559 r
= manager_load_unit(u
->manager
, k
, NULL
, &error
, &slice
);
3561 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to load slice unit %s, ignoring: %s", k
, bus_error_message(&error
, r
));
3565 r
= unit_set_slice(u
, slice
);
3567 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to assign slice %s to unit %s, ignoring: %m", slice
->id
, u
->id
);
3574 int config_parse_cpu_quota(
3576 const char *filename
,
3578 const char *section
,
3579 unsigned section_line
,
3586 CGroupContext
*c
= data
;
3593 if (isempty(rvalue
)) {
3594 c
->cpu_quota_per_sec_usec
= USEC_INFINITY
;
3598 r
= parse_permyriad_unbounded(rvalue
);
3600 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid CPU quota '%s', ignoring.", rvalue
);
3604 c
->cpu_quota_per_sec_usec
= ((usec_t
) r
* USEC_PER_SEC
) / 10000U;
3608 int config_parse_allowed_cpus(
3610 const char *filename
,
3612 const char *section
,
3613 unsigned section_line
,
3620 CGroupContext
*c
= data
;
3622 (void) parse_cpu_set_extend(rvalue
, &c
->cpuset_cpus
, true, unit
, filename
, line
, lvalue
);
3627 int config_parse_allowed_mems(
3629 const char *filename
,
3631 const char *section
,
3632 unsigned section_line
,
3639 CGroupContext
*c
= data
;
3641 (void) parse_cpu_set_extend(rvalue
, &c
->cpuset_mems
, true, unit
, filename
, line
, lvalue
);
3646 int config_parse_memory_limit(
3648 const char *filename
,
3650 const char *section
,
3651 unsigned section_line
,
3658 CGroupContext
*c
= data
;
3659 uint64_t bytes
= CGROUP_LIMIT_MAX
;
3662 if (isempty(rvalue
) && STR_IN_SET(lvalue
, "DefaultMemoryLow",
3666 bytes
= CGROUP_LIMIT_MIN
;
3667 else if (!isempty(rvalue
) && !streq(rvalue
, "infinity")) {
3669 r
= parse_permyriad(rvalue
);
3671 r
= parse_size(rvalue
, 1024, &bytes
);
3673 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid memory limit '%s', ignoring: %m", rvalue
);
3677 bytes
= physical_memory_scale(r
, 10000U);
3679 if (bytes
>= UINT64_MAX
||
3680 (bytes
<= 0 && !STR_IN_SET(lvalue
, "MemorySwapMax", "MemoryLow", "MemoryMin", "DefaultMemoryLow", "DefaultMemoryMin"))) {
3681 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Memory limit '%s' out of range, ignoring.", rvalue
);
3686 if (streq(lvalue
, "DefaultMemoryLow")) {
3687 c
->default_memory_low
= bytes
;
3688 c
->default_memory_low_set
= true;
3689 } else if (streq(lvalue
, "DefaultMemoryMin")) {
3690 c
->default_memory_min
= bytes
;
3691 c
->default_memory_min_set
= true;
3692 } else if (streq(lvalue
, "MemoryMin")) {
3693 c
->memory_min
= bytes
;
3694 c
->memory_min_set
= true;
3695 } else if (streq(lvalue
, "MemoryLow")) {
3696 c
->memory_low
= bytes
;
3697 c
->memory_low_set
= true;
3698 } else if (streq(lvalue
, "MemoryHigh"))
3699 c
->memory_high
= bytes
;
3700 else if (streq(lvalue
, "MemoryMax"))
3701 c
->memory_max
= bytes
;
3702 else if (streq(lvalue
, "MemorySwapMax"))
3703 c
->memory_swap_max
= bytes
;
3704 else if (streq(lvalue
, "MemoryLimit"))
3705 c
->memory_limit
= bytes
;
3712 int config_parse_tasks_max(
3714 const char *filename
,
3716 const char *section
,
3717 unsigned section_line
,
3724 const Unit
*u
= userdata
;
3725 TasksMax
*tasks_max
= data
;
3729 if (isempty(rvalue
)) {
3730 *tasks_max
= u
? u
->manager
->default_tasks_max
: TASKS_MAX_UNSET
;
3734 if (streq(rvalue
, "infinity")) {
3735 *tasks_max
= TASKS_MAX_UNSET
;
3739 r
= parse_permyriad(rvalue
);
3741 *tasks_max
= (TasksMax
) { r
, 10000U }; /* r‱ */
3743 r
= safe_atou64(rvalue
, &v
);
3745 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid maximum tasks value '%s', ignoring: %m", rvalue
);
3749 if (v
<= 0 || v
>= UINT64_MAX
) {
3750 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Maximum tasks value '%s' out of range, ignoring.", rvalue
);
3754 *tasks_max
= (TasksMax
) { v
};
3760 int config_parse_delegate(
3762 const char *filename
,
3764 const char *section
,
3765 unsigned section_line
,
3772 CGroupContext
*c
= data
;
3776 t
= unit_name_to_type(unit
);
3777 assert(t
!= _UNIT_TYPE_INVALID
);
3779 if (!unit_vtable
[t
]->can_delegate
) {
3780 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Delegate= setting not supported for this unit type, ignoring.");
3784 /* We either accept a boolean value, which may be used to turn on delegation for all controllers, or turn it
3785 * off for all. Or it takes a list of controller names, in which case we add the specified controllers to the
3786 * mask to delegate. */
3788 if (isempty(rvalue
)) {
3789 /* An empty string resets controllers and set Delegate=yes. */
3791 c
->delegate_controllers
= 0;
3795 r
= parse_boolean(rvalue
);
3797 CGroupMask mask
= 0;
3799 for (const char *p
= rvalue
;;) {
3800 _cleanup_free_
char *word
= NULL
;
3801 CGroupController cc
;
3803 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3809 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
3813 cc
= cgroup_controller_from_string(word
);
3815 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid controller name '%s', ignoring", word
);
3819 mask
|= CGROUP_CONTROLLER_TO_MASK(cc
);
3823 c
->delegate_controllers
|= mask
;
3827 c
->delegate_controllers
= _CGROUP_MASK_ALL
;
3829 c
->delegate
= false;
3830 c
->delegate_controllers
= 0;
3836 int config_parse_managed_oom_mode(
3838 const char *filename
,
3840 const char *section
,
3841 unsigned section_line
,
3848 ManagedOOMMode
*mode
= data
, m
;
3851 t
= unit_name_to_type(unit
);
3852 assert(t
!= _UNIT_TYPE_INVALID
);
3854 if (!unit_vtable
[t
]->can_set_managed_oom
)
3855 return log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "%s= is not supported for this unit type, ignoring.", lvalue
);
3857 if (isempty(rvalue
)) {
3858 *mode
= MANAGED_OOM_AUTO
;
3862 m
= managed_oom_mode_from_string(rvalue
);
3864 log_syntax(unit
, LOG_WARNING
, filename
, line
, m
, "Invalid syntax, ignoring: %s", rvalue
);
3872 int config_parse_managed_oom_mem_pressure_limit(
3874 const char *filename
,
3876 const char *section
,
3877 unsigned section_line
,
3884 uint32_t *limit
= data
;
3888 t
= unit_name_to_type(unit
);
3889 assert(t
!= _UNIT_TYPE_INVALID
);
3891 if (!unit_vtable
[t
]->can_set_managed_oom
)
3892 return log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "%s= is not supported for this unit type, ignoring.", lvalue
);
3894 if (isempty(rvalue
)) {
3899 r
= parse_permyriad(rvalue
);
3901 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse memory pressure limit value, ignoring: %s", rvalue
);
3905 /* Normalize to 2^32-1 == 100% */
3906 *limit
= UINT32_SCALE_FROM_PERMYRIAD(r
);
3910 int config_parse_device_allow(
3912 const char *filename
,
3914 const char *section
,
3915 unsigned section_line
,
3922 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
3923 CGroupContext
*c
= data
;
3924 const char *p
= rvalue
;
3927 if (isempty(rvalue
)) {
3928 while (c
->device_allow
)
3929 cgroup_context_free_device_allow(c
, c
->device_allow
);
3934 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
3938 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3939 "Invalid syntax, ignoring: %s", rvalue
);
3943 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
3944 "Failed to extract device path and rights from '%s', ignoring.", rvalue
);
3948 r
= unit_full_printf(userdata
, path
, &resolved
);
3950 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3951 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
3955 if (!STARTSWITH_SET(resolved
, "block-", "char-")) {
3957 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
3961 if (!valid_device_node_path(resolved
)) {
3962 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid device node path '%s', ignoring.", resolved
);
3967 if (!isempty(p
) && !in_charset(p
, "rwm")) {
3968 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid device rights '%s', ignoring.", p
);
3972 return cgroup_add_device_allow(c
, resolved
, p
);
3975 int config_parse_io_device_weight(
3977 const char *filename
,
3979 const char *section
,
3980 unsigned section_line
,
3987 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
3988 CGroupIODeviceWeight
*w
;
3989 CGroupContext
*c
= data
;
3990 const char *p
= rvalue
;
3998 if (isempty(rvalue
)) {
3999 while (c
->io_device_weights
)
4000 cgroup_context_free_io_device_weight(c
, c
->io_device_weights
);
4005 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4009 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4010 "Invalid syntax, ignoring: %s", rvalue
);
4013 if (r
== 0 || isempty(p
)) {
4014 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4015 "Failed to extract device path and weight from '%s', ignoring.", rvalue
);
4019 r
= unit_full_printf(userdata
, path
, &resolved
);
4021 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4022 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4026 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4030 r
= cg_weight_parse(p
, &u
);
4032 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "IO weight '%s' invalid, ignoring: %m", p
);
4036 assert(u
!= CGROUP_WEIGHT_INVALID
);
4038 w
= new0(CGroupIODeviceWeight
, 1);
4042 w
->path
= TAKE_PTR(resolved
);
4045 LIST_PREPEND(device_weights
, c
->io_device_weights
, w
);
4049 int config_parse_io_device_latency(
4051 const char *filename
,
4053 const char *section
,
4054 unsigned section_line
,
4061 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4062 CGroupIODeviceLatency
*l
;
4063 CGroupContext
*c
= data
;
4064 const char *p
= rvalue
;
4072 if (isempty(rvalue
)) {
4073 while (c
->io_device_latencies
)
4074 cgroup_context_free_io_device_latency(c
, c
->io_device_latencies
);
4079 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4083 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4084 "Invalid syntax, ignoring: %s", rvalue
);
4087 if (r
== 0 || isempty(p
)) {
4088 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4089 "Failed to extract device path and latency from '%s', ignoring.", rvalue
);
4093 r
= unit_full_printf(userdata
, path
, &resolved
);
4095 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4096 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4100 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4104 r
= parse_sec(p
, &usec
);
4106 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse timer value, ignoring: %s", p
);
4110 l
= new0(CGroupIODeviceLatency
, 1);
4114 l
->path
= TAKE_PTR(resolved
);
4115 l
->target_usec
= usec
;
4117 LIST_PREPEND(device_latencies
, c
->io_device_latencies
, l
);
4121 int config_parse_io_limit(
4123 const char *filename
,
4125 const char *section
,
4126 unsigned section_line
,
4133 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4134 CGroupIODeviceLimit
*l
= NULL
, *t
;
4135 CGroupContext
*c
= data
;
4136 CGroupIOLimitType type
;
4137 const char *p
= rvalue
;
4145 type
= cgroup_io_limit_type_from_string(lvalue
);
4148 if (isempty(rvalue
)) {
4149 LIST_FOREACH(device_limits
, l
, c
->io_device_limits
)
4150 l
->limits
[type
] = cgroup_io_limit_defaults
[type
];
4154 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4158 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4159 "Invalid syntax, ignoring: %s", rvalue
);
4162 if (r
== 0 || isempty(p
)) {
4163 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4164 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue
);
4168 r
= unit_full_printf(userdata
, path
, &resolved
);
4170 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4171 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4175 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4179 if (streq("infinity", p
))
4180 num
= CGROUP_LIMIT_MAX
;
4182 r
= parse_size(p
, 1000, &num
);
4183 if (r
< 0 || num
<= 0) {
4184 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid IO limit '%s', ignoring.", p
);
4189 LIST_FOREACH(device_limits
, t
, c
->io_device_limits
) {
4190 if (path_equal(resolved
, t
->path
)) {
4197 CGroupIOLimitType ttype
;
4199 l
= new0(CGroupIODeviceLimit
, 1);
4203 l
->path
= TAKE_PTR(resolved
);
4204 for (ttype
= 0; ttype
< _CGROUP_IO_LIMIT_TYPE_MAX
; ttype
++)
4205 l
->limits
[ttype
] = cgroup_io_limit_defaults
[ttype
];
4207 LIST_PREPEND(device_limits
, c
->io_device_limits
, l
);
4210 l
->limits
[type
] = num
;
4215 int config_parse_blockio_device_weight(
4217 const char *filename
,
4219 const char *section
,
4220 unsigned section_line
,
4227 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4228 CGroupBlockIODeviceWeight
*w
;
4229 CGroupContext
*c
= data
;
4230 const char *p
= rvalue
;
4238 if (isempty(rvalue
)) {
4239 while (c
->blockio_device_weights
)
4240 cgroup_context_free_blockio_device_weight(c
, c
->blockio_device_weights
);
4245 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4249 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4250 "Invalid syntax, ignoring: %s", rvalue
);
4253 if (r
== 0 || isempty(p
)) {
4254 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4255 "Failed to extract device node and weight from '%s', ignoring.", rvalue
);
4259 r
= unit_full_printf(userdata
, path
, &resolved
);
4261 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4262 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4266 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4270 r
= cg_blkio_weight_parse(p
, &u
);
4272 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid block IO weight '%s', ignoring: %m", p
);
4276 assert(u
!= CGROUP_BLKIO_WEIGHT_INVALID
);
4278 w
= new0(CGroupBlockIODeviceWeight
, 1);
4282 w
->path
= TAKE_PTR(resolved
);
4285 LIST_PREPEND(device_weights
, c
->blockio_device_weights
, w
);
4289 int config_parse_blockio_bandwidth(
4291 const char *filename
,
4293 const char *section
,
4294 unsigned section_line
,
4301 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4302 CGroupBlockIODeviceBandwidth
*b
= NULL
, *t
;
4303 CGroupContext
*c
= data
;
4304 const char *p
= rvalue
;
4313 read
= streq("BlockIOReadBandwidth", lvalue
);
4315 if (isempty(rvalue
)) {
4316 LIST_FOREACH(device_bandwidths
, b
, c
->blockio_device_bandwidths
) {
4317 b
->rbps
= CGROUP_LIMIT_MAX
;
4318 b
->wbps
= CGROUP_LIMIT_MAX
;
4323 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4327 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4328 "Invalid syntax, ignoring: %s", rvalue
);
4331 if (r
== 0 || isempty(p
)) {
4332 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4333 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue
);
4337 r
= unit_full_printf(userdata
, path
, &resolved
);
4339 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4340 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4344 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4348 r
= parse_size(p
, 1000, &bytes
);
4349 if (r
< 0 || bytes
<= 0) {
4350 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid Block IO Bandwidth '%s', ignoring.", p
);
4354 LIST_FOREACH(device_bandwidths
, t
, c
->blockio_device_bandwidths
) {
4355 if (path_equal(resolved
, t
->path
)) {
4362 b
= new0(CGroupBlockIODeviceBandwidth
, 1);
4366 b
->path
= TAKE_PTR(resolved
);
4367 b
->rbps
= CGROUP_LIMIT_MAX
;
4368 b
->wbps
= CGROUP_LIMIT_MAX
;
4370 LIST_PREPEND(device_bandwidths
, c
->blockio_device_bandwidths
, b
);
4381 int config_parse_job_mode_isolate(
4383 const char *filename
,
4385 const char *section
,
4386 unsigned section_line
,
4400 r
= parse_boolean(rvalue
);
4402 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse boolean, ignoring: %s", rvalue
);
4406 log_notice("%s is deprecated. Please use OnFailureJobMode= instead", lvalue
);
4408 *m
= r
? JOB_ISOLATE
: JOB_REPLACE
;
4412 int config_parse_exec_directories(
4414 const char *filename
,
4416 const char *section
,
4417 unsigned section_line
,
4425 const Unit
*u
= userdata
;
4433 if (isempty(rvalue
)) {
4434 /* Empty assignment resets the list */
4435 *rt
= strv_free(*rt
);
4439 for (const char *p
= rvalue
;;) {
4440 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
4442 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
4446 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4447 "Invalid syntax, ignoring: %s", rvalue
);
4453 r
= unit_full_printf(u
, word
, &k
);
4455 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4456 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word
);
4460 r
= path_simplify_and_warn(k
, PATH_CHECK_RELATIVE
, unit
, filename
, line
, lvalue
);
4464 if (path_startswith(k
, "private")) {
4465 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4466 "%s= path can't be 'private', ignoring assignment: %s", lvalue
, word
);
4470 r
= strv_push(rt
, k
);
4477 int config_parse_set_credential(
4479 const char *filename
,
4481 const char *section
,
4482 unsigned section_line
,
4489 _cleanup_free_
char *word
= NULL
, *k
= NULL
, *unescaped
= NULL
;
4490 ExecContext
*context
= data
;
4491 ExecSetCredential
*old
;
4501 if (isempty(rvalue
)) {
4502 /* Empty assignment resets the list */
4503 context
->set_credentials
= hashmap_free(context
->set_credentials
);
4508 r
= extract_first_word(&p
, &word
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
4512 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
4516 r
= unit_full_printf(u
, word
, &k
);
4518 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word
);
4521 if (!credential_name_valid(k
)) {
4522 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Credential name \"%s\" not valid, ignoring.", k
);
4526 /* We support escape codes here, so that users can insert trailing \n if they like */
4527 l
= cunescape(p
, UNESCAPE_ACCEPT_NUL
, &unescaped
);
4529 log_syntax(unit
, LOG_WARNING
, filename
, line
, l
, "Can't unescape \"%s\", ignoring: %m", p
);
4533 old
= hashmap_get(context
->set_credentials
, k
);
4535 free_and_replace(old
->data
, unescaped
);
4538 _cleanup_(exec_set_credential_freep
) ExecSetCredential
*sc
= NULL
;
4540 sc
= new0(ExecSetCredential
, 1);
4544 sc
->id
= TAKE_PTR(k
);
4545 sc
->data
= TAKE_PTR(unescaped
);
4548 r
= hashmap_ensure_put(&context
->set_credentials
, &exec_set_credential_hash_ops
, sc
->id
, sc
);
4552 log_syntax(unit
, LOG_WARNING
, filename
, line
, l
,
4553 "Duplicated credential value '%s', ignoring assignment: %s", sc
->id
, rvalue
);
4563 int config_parse_load_credential(
4565 const char *filename
,
4567 const char *section
,
4568 unsigned section_line
,
4575 _cleanup_free_
char *word
= NULL
, *k
= NULL
, *q
= NULL
;
4576 ExecContext
*context
= data
;
4586 if (isempty(rvalue
)) {
4587 /* Empty assignment resets the list */
4588 context
->load_credentials
= strv_free(context
->load_credentials
);
4593 r
= extract_first_word(&p
, &word
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
4597 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
4601 r
= unit_full_printf(u
, word
, &k
);
4603 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word
);
4606 if (!credential_name_valid(k
)) {
4607 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Credential name \"%s\" not valid, ignoring.", k
);
4610 r
= unit_full_printf(u
, p
, &q
);
4612 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", p
);
4615 if (path_is_absolute(q
) ? !path_is_normalized(q
) : !credential_name_valid(q
)) {
4616 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Credential source \"%s\" not valid, ignoring.", q
);
4620 r
= strv_consume_pair(&context
->load_credentials
, TAKE_PTR(k
), TAKE_PTR(q
));
4627 int config_parse_set_status(
4629 const char *filename
,
4631 const char *section
,
4632 unsigned section_line
,
4639 ExitStatusSet
*status_set
= data
;
4647 /* Empty assignment resets the list */
4648 if (isempty(rvalue
)) {
4649 exit_status_set_free(status_set
);
4653 for (const char *p
= rvalue
;;) {
4654 _cleanup_free_
char *word
= NULL
;
4657 r
= extract_first_word(&p
, &word
, NULL
, 0);
4661 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4662 "Failed to parse %s=%s, ignoring: %m", lvalue
, rvalue
);
4668 /* We need to call exit_status_from_string() first, because we want
4669 * to parse numbers as exit statuses, not signals. */
4671 r
= exit_status_from_string(word
);
4673 assert(r
>= 0 && r
< 256);
4674 bitmap
= &status_set
->status
;
4676 r
= signal_from_string(word
);
4678 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4679 "Failed to parse value, ignoring: %s", word
);
4682 bitmap
= &status_set
->signal
;
4685 r
= bitmap_set(bitmap
, r
);
4687 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4688 "Failed to set signal or status %s, ignoring: %m", word
);
4692 int config_parse_namespace_path_strv(
4694 const char *filename
,
4696 const char *section
,
4697 unsigned section_line
,
4704 const Unit
*u
= userdata
;
4713 if (isempty(rvalue
)) {
4714 /* Empty assignment resets the list */
4715 *sv
= strv_free(*sv
);
4719 for (const char *p
= rvalue
;;) {
4720 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
, *joined
= NULL
;
4722 bool ignore_enoent
= false, shall_prefix
= false;
4724 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
4730 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract first word, ignoring: %s", rvalue
);
4735 if (startswith(w
, "-")) {
4736 ignore_enoent
= true;
4739 if (startswith(w
, "+")) {
4740 shall_prefix
= true;
4744 r
= unit_full_printf(u
, w
, &resolved
);
4746 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", w
);
4750 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
4754 joined
= strjoin(ignore_enoent
? "-" : "",
4755 shall_prefix
? "+" : "",
4758 r
= strv_push(sv
, joined
);
4768 int config_parse_temporary_filesystems(
4770 const char *filename
,
4772 const char *section
,
4773 unsigned section_line
,
4780 const Unit
*u
= userdata
;
4781 ExecContext
*c
= data
;
4789 if (isempty(rvalue
)) {
4790 /* Empty assignment resets the list */
4791 temporary_filesystem_free_many(c
->temporary_filesystems
, c
->n_temporary_filesystems
);
4792 c
->temporary_filesystems
= NULL
;
4793 c
->n_temporary_filesystems
= 0;
4797 for (const char *p
= rvalue
;;) {
4798 _cleanup_free_
char *word
= NULL
, *path
= NULL
, *resolved
= NULL
;
4801 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
4807 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract first word, ignoring: %s", rvalue
);
4812 r
= extract_first_word(&w
, &path
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
4816 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract first word, ignoring: %s", word
);
4820 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid syntax, ignoring: %s", word
);
4824 r
= unit_full_printf(u
, path
, &resolved
);
4826 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", path
);
4830 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
4834 r
= temporary_filesystem_add(&c
->temporary_filesystems
, &c
->n_temporary_filesystems
, resolved
, w
);
4840 int config_parse_bind_paths(
4842 const char *filename
,
4844 const char *section
,
4845 unsigned section_line
,
4852 ExecContext
*c
= data
;
4853 const Unit
*u
= userdata
;
4861 if (isempty(rvalue
)) {
4862 /* Empty assignment resets the list */
4863 bind_mount_free_many(c
->bind_mounts
, c
->n_bind_mounts
);
4864 c
->bind_mounts
= NULL
;
4865 c
->n_bind_mounts
= 0;
4869 for (const char *p
= rvalue
;;) {
4870 _cleanup_free_
char *source
= NULL
, *destination
= NULL
;
4871 _cleanup_free_
char *sresolved
= NULL
, *dresolved
= NULL
;
4872 char *s
= NULL
, *d
= NULL
;
4873 bool rbind
= true, ignore_enoent
= false;
4875 r
= extract_first_word(&p
, &source
, ":" WHITESPACE
, EXTRACT_UNQUOTE
|EXTRACT_DONT_COALESCE_SEPARATORS
);
4881 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s, ignoring: %s", lvalue
, rvalue
);
4885 r
= unit_full_printf(u
, source
, &sresolved
);
4887 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4888 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", source
);
4894 ignore_enoent
= true;
4898 r
= path_simplify_and_warn(s
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
4902 /* Optionally, the destination is specified. */
4903 if (p
&& p
[-1] == ':') {
4904 r
= extract_first_word(&p
, &destination
, ":" WHITESPACE
, EXTRACT_UNQUOTE
|EXTRACT_DONT_COALESCE_SEPARATORS
);
4908 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s, ignoring: %s", lvalue
, rvalue
);
4912 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Missing argument after ':', ignoring: %s", s
);
4916 r
= unit_full_printf(u
, destination
, &dresolved
);
4918 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4919 "Failed to resolve specifiers in \"%s\", ignoring: %m", destination
);
4923 r
= path_simplify_and_warn(dresolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
4929 /* Optionally, there's also a short option string specified */
4930 if (p
&& p
[-1] == ':') {
4931 _cleanup_free_
char *options
= NULL
;
4933 r
= extract_first_word(&p
, &options
, NULL
, EXTRACT_UNQUOTE
);
4937 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s: %s", lvalue
, rvalue
);
4941 if (isempty(options
) || streq(options
, "rbind"))
4943 else if (streq(options
, "norbind"))
4946 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid option string, ignoring setting: %s", options
);
4953 r
= bind_mount_add(&c
->bind_mounts
, &c
->n_bind_mounts
,
4957 .read_only
= !!strstr(lvalue
, "ReadOnly"),
4959 .ignore_enoent
= ignore_enoent
,
4968 int config_parse_mount_images(
4970 const char *filename
,
4972 const char *section
,
4973 unsigned section_line
,
4980 ExecContext
*c
= data
;
4981 const Unit
*u
= userdata
;
4989 if (isempty(rvalue
)) {
4990 /* Empty assignment resets the list */
4991 c
->mount_images
= mount_image_free_many(c
->mount_images
, &c
->n_mount_images
);
4995 for (const char *p
= rvalue
;;) {
4996 _cleanup_(mount_options_free_allp
) MountOptions
*options
= NULL
;
4997 _cleanup_free_
char *first
= NULL
, *second
= NULL
, *tuple
= NULL
;
4998 _cleanup_free_
char *sresolved
= NULL
, *dresolved
= NULL
;
4999 const char *q
= NULL
;
5001 bool permissive
= false;
5003 r
= extract_first_word(&p
, &tuple
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_RETAIN_ESCAPE
);
5007 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5008 "Invalid syntax %s=%s, ignoring: %m", lvalue
, rvalue
);
5015 r
= extract_many_words(&q
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
, &first
, &second
, NULL
);
5019 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5020 "Invalid syntax in %s=, ignoring: %s", lvalue
, tuple
);
5032 r
= unit_full_printf(u
, s
, &sresolved
);
5034 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5035 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", s
);
5039 r
= path_simplify_and_warn(sresolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5043 if (isempty(second
)) {
5044 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Missing destination in %s, ignoring: %s", lvalue
, rvalue
);
5048 r
= unit_full_printf(u
, second
, &dresolved
);
5050 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5051 "Failed to resolve specifiers in \"%s\", ignoring: %m", second
);
5055 r
= path_simplify_and_warn(dresolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5060 _cleanup_free_
char *partition
= NULL
, *mount_options
= NULL
, *mount_options_resolved
= NULL
;
5061 MountOptions
*o
= NULL
;
5062 PartitionDesignator partition_designator
;
5064 r
= extract_many_words(&q
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
, &partition
, &mount_options
, NULL
);
5068 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", q
);
5073 /* Single set of options, applying to the root partition/single filesystem */
5075 r
= unit_full_printf(u
, partition
, &mount_options_resolved
);
5077 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", first
);
5081 o
= new(MountOptions
, 1);
5084 *o
= (MountOptions
) {
5085 .partition_designator
= PARTITION_ROOT
,
5086 .options
= TAKE_PTR(mount_options_resolved
),
5088 LIST_APPEND(mount_options
, options
, o
);
5093 partition_designator
= partition_designator_from_string(partition
);
5094 if (partition_designator
< 0) {
5095 log_syntax(unit
, LOG_WARNING
, filename
, line
, partition_designator
,
5096 "Invalid partition name %s, ignoring", partition
);
5099 r
= unit_full_printf(u
, mount_options
, &mount_options_resolved
);
5101 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options
);
5105 o
= new(MountOptions
, 1);
5108 *o
= (MountOptions
) {
5109 .partition_designator
= partition_designator
,
5110 .options
= TAKE_PTR(mount_options_resolved
),
5112 LIST_APPEND(mount_options
, options
, o
);
5115 r
= mount_image_add(&c
->mount_images
, &c
->n_mount_images
,
5117 .source
= sresolved
,
5118 .destination
= dresolved
,
5119 .mount_options
= options
,
5120 .ignore_enoent
= permissive
,
5121 .type
= MOUNT_IMAGE_DISCRETE
,
5128 int config_parse_extension_images(
5130 const char *filename
,
5132 const char *section
,
5133 unsigned section_line
,
5140 ExecContext
*c
= data
;
5141 const Unit
*u
= userdata
;
5149 if (isempty(rvalue
)) {
5150 /* Empty assignment resets the list */
5151 c
->extension_images
= mount_image_free_many(c
->extension_images
, &c
->n_extension_images
);
5155 for (const char *p
= rvalue
;;) {
5156 _cleanup_free_
char *source
= NULL
, *tuple
= NULL
, *sresolved
= NULL
;
5157 _cleanup_(mount_options_free_allp
) MountOptions
*options
= NULL
;
5158 bool permissive
= false;
5159 const char *q
= NULL
;
5162 r
= extract_first_word(&p
, &tuple
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_RETAIN_ESCAPE
);
5166 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5167 "Invalid syntax %s=%s, ignoring: %m", lvalue
, rvalue
);
5174 r
= extract_first_word(&q
, &source
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
);
5178 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5179 "Invalid syntax in %s=, ignoring: %s", lvalue
, tuple
);
5191 r
= unit_full_printf(u
, s
, &sresolved
);
5193 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5194 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", s
);
5198 r
= path_simplify_and_warn(sresolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5203 _cleanup_free_
char *partition
= NULL
, *mount_options
= NULL
, *mount_options_resolved
= NULL
;
5204 MountOptions
*o
= NULL
;
5205 PartitionDesignator partition_designator
;
5207 r
= extract_many_words(&q
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
, &partition
, &mount_options
, NULL
);
5211 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", q
);
5216 /* Single set of options, applying to the root partition/single filesystem */
5218 r
= unit_full_printf(u
, partition
, &mount_options_resolved
);
5220 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", partition
);
5224 o
= new(MountOptions
, 1);
5227 *o
= (MountOptions
) {
5228 .partition_designator
= PARTITION_ROOT
,
5229 .options
= TAKE_PTR(mount_options_resolved
),
5231 LIST_APPEND(mount_options
, options
, o
);
5236 partition_designator
= partition_designator_from_string(partition
);
5237 if (partition_designator
< 0) {
5238 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid partition name %s, ignoring", partition
);
5241 r
= unit_full_printf(u
, mount_options
, &mount_options_resolved
);
5243 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options
);
5247 o
= new(MountOptions
, 1);
5250 *o
= (MountOptions
) {
5251 .partition_designator
= partition_designator
,
5252 .options
= TAKE_PTR(mount_options_resolved
),
5254 LIST_APPEND(mount_options
, options
, o
);
5257 r
= mount_image_add(&c
->extension_images
, &c
->n_extension_images
,
5259 .source
= sresolved
,
5260 .mount_options
= options
,
5261 .ignore_enoent
= permissive
,
5262 .type
= MOUNT_IMAGE_EXTENSION
,
5269 int config_parse_job_timeout_sec(
5271 const char *filename
,
5273 const char *section
,
5274 unsigned section_line
,
5290 r
= parse_sec_fix_0(rvalue
, &usec
);
5292 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse JobTimeoutSec= parameter, ignoring: %s", rvalue
);
5296 /* If the user explicitly changed JobTimeoutSec= also change JobRunningTimeoutSec=, for compatibility with old
5297 * versions. If JobRunningTimeoutSec= was explicitly set, avoid this however as whatever the user picked should
5300 if (!u
->job_running_timeout_set
)
5301 u
->job_running_timeout
= usec
;
5303 u
->job_timeout
= usec
;
5308 int config_parse_job_running_timeout_sec(
5310 const char *filename
,
5312 const char *section
,
5313 unsigned section_line
,
5329 r
= parse_sec_fix_0(rvalue
, &usec
);
5331 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse JobRunningTimeoutSec= parameter, ignoring: %s", rvalue
);
5335 u
->job_running_timeout
= usec
;
5336 u
->job_running_timeout_set
= true;
5341 int config_parse_emergency_action(
5343 const char *filename
,
5345 const char *section
,
5346 unsigned section_line
,
5354 EmergencyAction
*x
= data
;
5363 m
= ((Unit
*) userdata
)->manager
;
5367 r
= parse_emergency_action(rvalue
, MANAGER_IS_SYSTEM(m
), x
);
5369 if (r
== -EOPNOTSUPP
&& MANAGER_IS_USER(m
)) {
5370 /* Compat mode: remove for systemd 241. */
5372 log_syntax(unit
, LOG_INFO
, filename
, line
, r
,
5373 "%s= in user mode specified as \"%s\", using \"exit-force\" instead.",
5375 *x
= EMERGENCY_ACTION_EXIT_FORCE
;
5379 if (r
== -EOPNOTSUPP
)
5380 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5381 "%s= specified as %s mode action, ignoring: %s",
5382 lvalue
, MANAGER_IS_SYSTEM(m
) ? "user" : "system", rvalue
);
5384 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5385 "Failed to parse %s=, ignoring: %s", lvalue
, rvalue
);
5392 int config_parse_pid_file(
5394 const char *filename
,
5396 const char *section
,
5397 unsigned section_line
,
5404 _cleanup_free_
char *k
= NULL
, *n
= NULL
;
5405 const Unit
*u
= userdata
;
5414 if (isempty(rvalue
)) {
5415 /* An empty assignment removes already set value. */
5420 r
= unit_full_printf(u
, rvalue
, &k
);
5422 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
5426 /* If this is a relative path make it absolute by prefixing the /run */
5427 n
= path_make_absolute(k
, u
->manager
->prefix
[EXEC_DIRECTORY_RUNTIME
]);
5431 /* Check that the result is a sensible path */
5432 r
= path_simplify_and_warn(n
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5436 r
= patch_var_run(unit
, filename
, line
, lvalue
, &n
);
5440 free_and_replace(*s
, n
);
5444 int config_parse_exit_status(
5446 const char *filename
,
5448 const char *section
,
5449 unsigned section_line
,
5456 int *exit_status
= data
, r
;
5462 assert(exit_status
);
5464 if (isempty(rvalue
)) {
5469 r
= safe_atou8(rvalue
, &u
);
5471 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse exit status '%s', ignoring: %m", rvalue
);
5479 int config_parse_disable_controllers(
5481 const char *filename
,
5483 const char *section
,
5484 unsigned section_line
,
5492 CGroupContext
*c
= data
;
5493 CGroupMask disabled_mask
;
5495 /* 1. If empty, make all controllers eligible for use again.
5496 * 2. If non-empty, merge all listed controllers, space separated. */
5498 if (isempty(rvalue
)) {
5499 c
->disable_controllers
= 0;
5503 r
= cg_mask_from_string(rvalue
, &disabled_mask
);
5504 if (r
< 0 || disabled_mask
<= 0) {
5505 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid cgroup string: %s, ignoring", rvalue
);
5509 c
->disable_controllers
|= disabled_mask
;
5514 int config_parse_ip_filter_bpf_progs(
5516 const char *filename
,
5518 const char *section
,
5519 unsigned section_line
,
5526 _cleanup_free_
char *resolved
= NULL
;
5527 const Unit
*u
= userdata
;
5528 char ***paths
= data
;
5536 if (isempty(rvalue
)) {
5537 *paths
= strv_free(*paths
);
5541 r
= unit_full_printf(u
, rvalue
, &resolved
);
5543 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
5547 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5551 if (strv_contains(*paths
, resolved
))
5554 r
= strv_extend(paths
, resolved
);
5558 r
= bpf_firewall_supported();
5561 if (r
!= BPF_FIREWALL_SUPPORTED_WITH_MULTI
) {
5562 static bool warned
= false;
5564 log_full(warned
? LOG_DEBUG
: LOG_WARNING
,
5565 "File %s:%u configures an IP firewall with BPF programs (%s=%s), but the local system does not support BPF/cgroup based firewalling with multiple filters.\n"
5566 "Starting this unit will fail! (This warning is only shown for the first loaded unit using IP firewalling.)", filename
, line
, lvalue
, rvalue
);
5574 static int merge_by_names(Unit
**u
, Set
*names
, const char *id
) {
5581 /* Let's try to add in all names that are aliases of this unit */
5582 while ((k
= set_steal_first(names
))) {
5583 _cleanup_free_ _unused_
char *free_k
= k
;
5585 /* First try to merge in the other name into our unit */
5586 r
= unit_merge_by_name(*u
, k
);
5590 /* Hmm, we couldn't merge the other unit into ours? Then let's try it the other way
5593 other
= manager_get_unit((*u
)->manager
, k
);
5595 return r
; /* return previous failure */
5597 r
= unit_merge(other
, *u
);
5602 return merge_by_names(u
, names
, NULL
);
5605 if (streq_ptr(id
, k
))
5606 unit_choose_id(*u
, id
);
5612 int unit_load_fragment(Unit
*u
) {
5613 const char *fragment
;
5614 _cleanup_set_free_free_ Set
*names
= NULL
;
5618 assert(u
->load_state
== UNIT_STUB
);
5622 u
->load_state
= UNIT_LOADED
;
5626 /* Possibly rebuild the fragment map to catch new units */
5627 r
= unit_file_build_name_map(&u
->manager
->lookup_paths
,
5628 &u
->manager
->unit_cache_timestamp_hash
,
5629 &u
->manager
->unit_id_map
,
5630 &u
->manager
->unit_name_map
,
5631 &u
->manager
->unit_path_cache
);
5633 return log_error_errno(r
, "Failed to rebuild name map: %m");
5635 r
= unit_file_find_fragment(u
->manager
->unit_id_map
,
5636 u
->manager
->unit_name_map
,
5640 if (r
< 0 && r
!= -ENOENT
)
5644 /* Open the file, check if this is a mask, otherwise read. */
5645 _cleanup_fclose_
FILE *f
= NULL
;
5648 /* Try to open the file name. A symlink is OK, for example for linked files or masks. We
5649 * expect that all symlinks within the lookup paths have been already resolved, but we don't
5650 * verify this here. */
5651 f
= fopen(fragment
, "re");
5653 return log_unit_notice_errno(u
, errno
, "Failed to open %s: %m", fragment
);
5655 if (fstat(fileno(f
), &st
) < 0)
5658 r
= free_and_strdup(&u
->fragment_path
, fragment
);
5662 if (null_or_empty(&st
)) {
5663 /* Unit file is masked */
5665 u
->load_state
= u
->perpetual
? UNIT_LOADED
: UNIT_MASKED
; /* don't allow perpetual units to ever be masked */
5666 u
->fragment_mtime
= 0;
5668 u
->load_state
= UNIT_LOADED
;
5669 u
->fragment_mtime
= timespec_load(&st
.st_mtim
);
5671 /* Now, parse the file contents */
5672 r
= config_parse(u
->id
, fragment
, f
,
5673 UNIT_VTABLE(u
)->sections
,
5674 config_item_perf_lookup
, load_fragment_gperf_lookup
,
5679 log_unit_notice_errno(u
, r
, "Unit configuration has fatal error, unit will not be started.");
5685 /* Call merge_by_names with the name derived from the fragment path as the preferred name.
5687 * We do the merge dance here because for some unit types, the unit might have aliases which are not
5688 * declared in the file system. In particular, this is true (and frequent) for device and swap units.
5690 const char *id
= u
->id
;
5691 _cleanup_free_
char *free_id
= NULL
;
5694 id
= basename(fragment
);
5695 if (unit_name_is_valid(id
, UNIT_NAME_TEMPLATE
)) {
5696 assert(u
->instance
); /* If we're not trying to use a template for non-instanced unit,
5697 * this must be set. */
5699 r
= unit_name_replace_instance(id
, u
->instance
, &free_id
);
5701 return log_debug_errno(r
, "Failed to build id (%s + %s): %m", id
, u
->instance
);
5707 r
= merge_by_names(&merged
, names
, id
);
5712 u
->load_state
= UNIT_MERGED
;
5717 void unit_dump_config_items(FILE *f
) {
5718 static const struct {
5719 const ConfigParserCallback callback
;
5722 { config_parse_warn_compat
, "NOTSUPPORTED" },
5723 { config_parse_int
, "INTEGER" },
5724 { config_parse_unsigned
, "UNSIGNED" },
5725 { config_parse_iec_size
, "SIZE" },
5726 { config_parse_iec_uint64
, "SIZE" },
5727 { config_parse_si_uint64
, "SIZE" },
5728 { config_parse_bool
, "BOOLEAN" },
5729 { config_parse_string
, "STRING" },
5730 { config_parse_path
, "PATH" },
5731 { config_parse_unit_path_printf
, "PATH" },
5732 { config_parse_strv
, "STRING [...]" },
5733 { config_parse_exec_nice
, "NICE" },
5734 { config_parse_exec_oom_score_adjust
, "OOMSCOREADJUST" },
5735 { config_parse_exec_io_class
, "IOCLASS" },
5736 { config_parse_exec_io_priority
, "IOPRIORITY" },
5737 { config_parse_exec_cpu_sched_policy
, "CPUSCHEDPOLICY" },
5738 { config_parse_exec_cpu_sched_prio
, "CPUSCHEDPRIO" },
5739 { config_parse_exec_cpu_affinity
, "CPUAFFINITY" },
5740 { config_parse_mode
, "MODE" },
5741 { config_parse_unit_env_file
, "FILE" },
5742 { config_parse_exec_output
, "OUTPUT" },
5743 { config_parse_exec_input
, "INPUT" },
5744 { config_parse_log_facility
, "FACILITY" },
5745 { config_parse_log_level
, "LEVEL" },
5746 { config_parse_exec_secure_bits
, "SECUREBITS" },
5747 { config_parse_capability_set
, "BOUNDINGSET" },
5748 { config_parse_rlimit
, "LIMIT" },
5749 { config_parse_unit_deps
, "UNIT [...]" },
5750 { config_parse_exec
, "PATH [ARGUMENT [...]]" },
5751 { config_parse_service_type
, "SERVICETYPE" },
5752 { config_parse_service_exit_type
, "SERVICEEXITTYPE" },
5753 { config_parse_service_restart
, "SERVICERESTART" },
5754 { config_parse_service_timeout_failure_mode
, "TIMEOUTMODE" },
5755 { config_parse_kill_mode
, "KILLMODE" },
5756 { config_parse_signal
, "SIGNAL" },
5757 { config_parse_socket_listen
, "SOCKET [...]" },
5758 { config_parse_socket_bind
, "SOCKETBIND" },
5759 { config_parse_socket_bindtodevice
, "NETWORKINTERFACE" },
5760 { config_parse_sec
, "SECONDS" },
5761 { config_parse_nsec
, "NANOSECONDS" },
5762 { config_parse_namespace_path_strv
, "PATH [...]" },
5763 { config_parse_bind_paths
, "PATH[:PATH[:OPTIONS]] [...]" },
5764 { config_parse_unit_requires_mounts_for
, "PATH [...]" },
5765 { config_parse_exec_mount_flags
, "MOUNTFLAG [...]" },
5766 { config_parse_unit_string_printf
, "STRING" },
5767 { config_parse_trigger_unit
, "UNIT" },
5768 { config_parse_timer
, "TIMER" },
5769 { config_parse_path_spec
, "PATH" },
5770 { config_parse_notify_access
, "ACCESS" },
5771 { config_parse_ip_tos
, "TOS" },
5772 { config_parse_unit_condition_path
, "CONDITION" },
5773 { config_parse_unit_condition_string
, "CONDITION" },
5774 { config_parse_unit_slice
, "SLICE" },
5775 { config_parse_documentation
, "URL" },
5776 { config_parse_service_timeout
, "SECONDS" },
5777 { config_parse_emergency_action
, "ACTION" },
5778 { config_parse_set_status
, "STATUS" },
5779 { config_parse_service_sockets
, "SOCKETS" },
5780 { config_parse_environ
, "ENVIRON" },
5782 { config_parse_syscall_filter
, "SYSCALLS" },
5783 { config_parse_syscall_archs
, "ARCHS" },
5784 { config_parse_syscall_errno
, "ERRNO" },
5785 { config_parse_syscall_log
, "SYSCALLS" },
5786 { config_parse_address_families
, "FAMILIES" },
5787 { config_parse_restrict_namespaces
, "NAMESPACES" },
5789 { config_parse_cpu_shares
, "SHARES" },
5790 { config_parse_cg_weight
, "WEIGHT" },
5791 { config_parse_memory_limit
, "LIMIT" },
5792 { config_parse_device_allow
, "DEVICE" },
5793 { config_parse_device_policy
, "POLICY" },
5794 { config_parse_io_limit
, "LIMIT" },
5795 { config_parse_io_device_weight
, "DEVICEWEIGHT" },
5796 { config_parse_io_device_latency
, "DEVICELATENCY" },
5797 { config_parse_blockio_bandwidth
, "BANDWIDTH" },
5798 { config_parse_blockio_weight
, "WEIGHT" },
5799 { config_parse_blockio_device_weight
, "DEVICEWEIGHT" },
5800 { config_parse_long
, "LONG" },
5801 { config_parse_socket_service
, "SERVICE" },
5803 { config_parse_exec_selinux_context
, "LABEL" },
5805 { config_parse_job_mode
, "MODE" },
5806 { config_parse_job_mode_isolate
, "BOOLEAN" },
5807 { config_parse_personality
, "PERSONALITY" },
5810 const char *prev
= NULL
;
5815 NULSTR_FOREACH(i
, load_fragment_gperf_nulstr
) {
5816 const char *rvalue
= "OTHER", *lvalue
;
5817 const ConfigPerfItem
*p
;
5820 assert_se(p
= load_fragment_gperf_lookup(i
, strlen(i
)));
5822 /* Hide legacy settings */
5823 if (p
->parse
== config_parse_warn_compat
&&
5824 p
->ltype
== DISABLED_LEGACY
)
5827 for (size_t j
= 0; j
< ELEMENTSOF(table
); j
++)
5828 if (p
->parse
== table
[j
].callback
) {
5829 rvalue
= table
[j
].rvalue
;
5833 dot
= strchr(i
, '.');
5834 lvalue
= dot
? dot
+ 1 : i
;
5837 size_t prefix_len
= dot
- i
;
5839 if (!prev
|| !strneq(prev
, i
, prefix_len
+1)) {
5843 fprintf(f
, "[%.*s]\n", (int) prefix_len
, i
);
5847 fprintf(f
, "%s=%s\n", lvalue
, rvalue
);
5852 int config_parse_cpu_affinity2(
5854 const char *filename
,
5856 const char *section
,
5857 unsigned section_line
,
5864 CPUSet
*affinity
= data
;
5868 (void) parse_cpu_set_extend(rvalue
, affinity
, true, unit
, filename
, line
, lvalue
);
5873 int config_parse_show_status(
5875 const char *filename
,
5877 const char *section
,
5878 unsigned section_line
,
5886 ShowStatus
*b
= data
;
5893 k
= parse_show_status(rvalue
, b
);
5895 log_syntax(unit
, LOG_WARNING
, filename
, line
, k
, "Failed to parse show status setting, ignoring: %s", rvalue
);
5900 int config_parse_output_restricted(
5902 const char *filename
,
5904 const char *section
,
5905 unsigned section_line
,
5912 ExecOutput t
, *eo
= data
;
5913 bool obsolete
= false;
5920 if (streq(rvalue
, "syslog")) {
5921 t
= EXEC_OUTPUT_JOURNAL
;
5923 } else if (streq(rvalue
, "syslog+console")) {
5924 t
= EXEC_OUTPUT_JOURNAL_AND_CONSOLE
;
5927 t
= exec_output_from_string(rvalue
);
5929 log_syntax(unit
, LOG_WARNING
, filename
, line
, t
, "Failed to parse output type, ignoring: %s", rvalue
);
5933 if (IN_SET(t
, EXEC_OUTPUT_SOCKET
, EXEC_OUTPUT_NAMED_FD
, EXEC_OUTPUT_FILE
, EXEC_OUTPUT_FILE_APPEND
, EXEC_OUTPUT_FILE_TRUNCATE
)) {
5934 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Standard output types socket, fd:, file:, append:, truncate: are not supported as defaults, ignoring: %s", rvalue
);
5940 log_syntax(unit
, LOG_NOTICE
, filename
, line
, 0,
5941 "Standard output type %s is obsolete, automatically updating to %s. Please update your configuration.",
5942 rvalue
, exec_output_to_string(t
));
5948 int config_parse_crash_chvt(
5950 const char *filename
,
5952 const char *section
,
5953 unsigned section_line
,
5967 r
= parse_crash_chvt(rvalue
, data
);
5969 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse CrashChangeVT= setting, ignoring: %s", rvalue
);
5974 int config_parse_swap_priority(
5976 const char *filename
,
5978 const char *section
,
5979 unsigned section_line
,
5995 if (isempty(rvalue
)) {
5996 s
->parameters_fragment
.priority
= -1;
5997 s
->parameters_fragment
.priority_set
= false;
6001 r
= safe_atoi(rvalue
, &priority
);
6003 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid swap priority '%s', ignoring.", rvalue
);
6007 if (priority
< -1) {
6008 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Sorry, swap priorities smaller than -1 may only be assigned by the kernel itself, ignoring: %s", rvalue
);
6012 if (priority
> 32767) {
6013 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Swap priority out of range, ignoring: %s", rvalue
);
6017 s
->parameters_fragment
.priority
= priority
;
6018 s
->parameters_fragment
.priority_set
= true;