1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 Copyright © 2012 Holger Hans Peter Freyther
14 #include <sys/resource.h>
16 #include "sd-messages.h"
19 #include "alloc-util.h"
20 #include "all-units.h"
21 #include "bpf-firewall.h"
22 #include "bus-error.h"
23 #include "bus-internal.h"
26 #include "capability-util.h"
27 #include "cgroup-setup.h"
28 #include "conf-parser.h"
29 #include "core-varlink.h"
30 #include "cpu-set-util.h"
32 #include "errno-list.h"
37 #include "hexdecoct.h"
40 #include "ip-protocol-list.h"
41 #include "journal-util.h"
42 #include "limits-util.h"
43 #include "load-fragment.h"
45 #include "mountpoint-util.h"
46 #include "nulstr-util.h"
47 #include "parse-util.h"
48 #include "path-util.h"
49 #include "process-util.h"
51 #include "seccomp-util.h"
53 #include "securebits-util.h"
54 #include "signal-util.h"
55 #include "socket-netlink.h"
56 #include "stat-util.h"
57 #include "string-util.h"
59 #include "syslog-util.h"
60 #include "time-util.h"
61 #include "unit-name.h"
62 #include "unit-printf.h"
63 #include "user-util.h"
67 static int parse_socket_protocol(const char *s
) {
70 r
= parse_ip_protocol(s
);
73 if (!IN_SET(r
, IPPROTO_UDPLITE
, IPPROTO_SCTP
))
74 return -EPROTONOSUPPORT
;
79 int parse_crash_chvt(const char *value
, int *data
) {
82 if (safe_atoi(value
, data
) >= 0)
85 b
= parse_boolean(value
);
90 *data
= 0; /* switch to where kmsg goes */
92 *data
= -1; /* turn off switching */
97 int parse_confirm_spawn(const char *value
, char **console
) {
101 r
= value
? parse_boolean(value
) : 1;
105 } else if (r
> 0) /* on with default tty */
106 s
= strdup("/dev/console");
107 else if (is_path(value
)) /* on with fully qualified path */
109 else /* on with only a tty file name, not a fully qualified path */
110 s
= path_join("/dev/", value
);
118 DEFINE_CONFIG_PARSE(config_parse_socket_protocol
, parse_socket_protocol
, "Failed to parse socket protocol");
119 DEFINE_CONFIG_PARSE(config_parse_exec_secure_bits
, secure_bits_from_string
, "Failed to parse secure bits");
120 DEFINE_CONFIG_PARSE_ENUM(config_parse_collect_mode
, collect_mode
, CollectMode
, "Failed to parse garbage collection mode");
121 DEFINE_CONFIG_PARSE_ENUM(config_parse_device_policy
, cgroup_device_policy
, CGroupDevicePolicy
, "Failed to parse device policy");
122 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_keyring_mode
, exec_keyring_mode
, ExecKeyringMode
, "Failed to parse keyring mode");
123 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_proc
, protect_proc
, ProtectProc
, "Failed to parse /proc/ protection mode");
124 DEFINE_CONFIG_PARSE_ENUM(config_parse_proc_subset
, proc_subset
, ProcSubset
, "Failed to parse /proc/ subset mode");
125 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_utmp_mode
, exec_utmp_mode
, ExecUtmpMode
, "Failed to parse utmp mode");
126 DEFINE_CONFIG_PARSE_ENUM(config_parse_job_mode
, job_mode
, JobMode
, "Failed to parse job mode");
127 DEFINE_CONFIG_PARSE_ENUM(config_parse_notify_access
, notify_access
, NotifyAccess
, "Failed to parse notify access specifier");
128 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_home
, protect_home
, ProtectHome
, "Failed to parse protect home value");
129 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_system
, protect_system
, ProtectSystem
, "Failed to parse protect system value");
130 DEFINE_CONFIG_PARSE_ENUM(config_parse_runtime_preserve_mode
, exec_preserve_mode
, ExecPreserveMode
, "Failed to parse runtime directory preserve mode");
131 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_type
, service_type
, ServiceType
, "Failed to parse service type");
132 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_restart
, service_restart
, ServiceRestart
, "Failed to parse service restart specifier");
133 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_timeout_failure_mode
, service_timeout_failure_mode
, ServiceTimeoutFailureMode
, "Failed to parse timeout failure mode");
134 DEFINE_CONFIG_PARSE_ENUM(config_parse_socket_bind
, socket_address_bind_ipv6_only_or_bool
, SocketAddressBindIPv6Only
, "Failed to parse bind IPv6 only value");
135 DEFINE_CONFIG_PARSE_ENUM(config_parse_oom_policy
, oom_policy
, OOMPolicy
, "Failed to parse OOM policy");
136 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_ip_tos
, ip_tos
, int, -1, "Failed to parse IP TOS value");
137 DEFINE_CONFIG_PARSE_PTR(config_parse_blockio_weight
, cg_blkio_weight_parse
, uint64_t, "Invalid block IO weight");
138 DEFINE_CONFIG_PARSE_PTR(config_parse_cg_weight
, cg_weight_parse
, uint64_t, "Invalid weight");
139 DEFINE_CONFIG_PARSE_PTR(config_parse_cpu_shares
, cg_cpu_shares_parse
, uint64_t, "Invalid CPU shares");
140 DEFINE_CONFIG_PARSE_PTR(config_parse_exec_mount_flags
, mount_propagation_flags_from_string
, unsigned long, "Failed to parse mount flag");
141 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_numa_policy
, mpol
, int, -1, "Invalid NUMA policy type");
142 DEFINE_CONFIG_PARSE_ENUM(config_parse_status_unit_format
, status_unit_format
, StatusUnitFormat
, "Failed to parse status unit format");
144 int config_parse_unit_deps(
146 const char *filename
,
149 unsigned section_line
,
156 UnitDependency d
= ltype
;
163 for (const char *p
= rvalue
;;) {
164 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
167 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_RETAIN_ESCAPE
);
173 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
177 r
= unit_name_printf(u
, word
, &k
);
179 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
183 r
= unit_add_dependency_by_name(u
, d
, k
, true, UNIT_DEPENDENCY_FILE
);
185 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add dependency on %s, ignoring: %m", k
);
189 int config_parse_obsolete_unit_deps(
191 const char *filename
,
194 unsigned section_line
,
201 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
202 "Unit dependency type %s= is obsolete, replacing by %s=, please update your unit file", lvalue
, unit_dependency_to_string(ltype
));
204 return config_parse_unit_deps(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, data
, userdata
);
207 int config_parse_unit_string_printf(
209 const char *filename
,
212 unsigned section_line
,
219 _cleanup_free_
char *k
= NULL
;
220 const Unit
*u
= userdata
;
228 r
= unit_full_printf(u
, rvalue
, &k
);
230 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
234 return config_parse_string(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
237 int config_parse_unit_strv_printf(
239 const char *filename
,
242 unsigned section_line
,
249 const Unit
*u
= userdata
;
250 _cleanup_free_
char *k
= NULL
;
258 r
= unit_full_printf(u
, rvalue
, &k
);
260 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
264 return config_parse_strv(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
267 int config_parse_unit_path_printf(
269 const char *filename
,
272 unsigned section_line
,
279 _cleanup_free_
char *k
= NULL
;
280 const Unit
*u
= userdata
;
289 /* Let's not bother with anything that is too long */
290 if (strlen(rvalue
) >= PATH_MAX
) {
291 log_syntax(unit
, fatal
? LOG_ERR
: LOG_WARNING
, filename
, line
, 0,
292 "%s value too long%s.",
293 lvalue
, fatal
? "" : ", ignoring");
294 return fatal
? -ENAMETOOLONG
: 0;
297 r
= unit_full_printf(u
, rvalue
, &k
);
299 log_syntax(unit
, fatal
? LOG_ERR
: LOG_WARNING
, filename
, line
, r
,
300 "Failed to resolve unit specifiers in '%s'%s: %m",
301 rvalue
, fatal
? "" : ", ignoring");
302 return fatal
? -ENOEXEC
: 0;
305 return config_parse_path(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
308 int config_parse_unit_path_strv_printf(
310 const char *filename
,
313 unsigned section_line
,
321 const Unit
*u
= userdata
;
329 if (isempty(rvalue
)) {
334 for (const char *p
= rvalue
;;) {
335 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
337 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
343 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
344 "Invalid syntax, ignoring: %s", rvalue
);
348 r
= unit_full_printf(u
, word
, &k
);
350 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
351 "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
355 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
359 r
= strv_consume(x
, TAKE_PTR(k
));
365 static int patch_var_run(
367 const char *filename
,
375 e
= path_startswith(*path
, "/var/run/");
379 z
= path_join("/run/", e
);
383 log_syntax(unit
, LOG_NOTICE
, filename
, line
, 0,
384 "%s= references a path below legacy directory /var/run/, updating %s → %s; "
385 "please update the unit file accordingly.", lvalue
, *path
, z
);
387 free_and_replace(*path
, z
);
392 int config_parse_socket_listen(
394 const char *filename
,
397 unsigned section_line
,
404 _cleanup_free_ SocketPort
*p
= NULL
;
416 if (isempty(rvalue
)) {
417 /* An empty assignment removes all ports */
418 socket_free_ports(s
);
422 p
= new0(SocketPort
, 1);
426 if (ltype
!= SOCKET_SOCKET
) {
427 _cleanup_free_
char *k
= NULL
;
429 r
= unit_full_printf(UNIT(s
), rvalue
, &k
);
431 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
435 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
439 if (ltype
== SOCKET_FIFO
) {
440 r
= patch_var_run(unit
, filename
, line
, lvalue
, &k
);
445 free_and_replace(p
->path
, k
);
448 } else if (streq(lvalue
, "ListenNetlink")) {
449 _cleanup_free_
char *k
= NULL
;
451 r
= unit_full_printf(UNIT(s
), rvalue
, &k
);
453 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
457 r
= socket_address_parse_netlink(&p
->address
, k
);
459 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse address value in '%s', ignoring: %m", k
);
463 p
->type
= SOCKET_SOCKET
;
466 _cleanup_free_
char *k
= NULL
;
468 r
= unit_full_printf(UNIT(s
), rvalue
, &k
);
470 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
474 if (k
[0] == '/') { /* Only for AF_UNIX file system sockets… */
475 r
= patch_var_run(unit
, filename
, line
, lvalue
, &k
);
480 r
= socket_address_parse_and_warn(&p
->address
, k
);
482 if (r
!= -EAFNOSUPPORT
)
483 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse address value in '%s', ignoring: %m", k
);
487 if (streq(lvalue
, "ListenStream"))
488 p
->address
.type
= SOCK_STREAM
;
489 else if (streq(lvalue
, "ListenDatagram"))
490 p
->address
.type
= SOCK_DGRAM
;
492 assert(streq(lvalue
, "ListenSequentialPacket"));
493 p
->address
.type
= SOCK_SEQPACKET
;
496 if (socket_address_family(&p
->address
) != AF_LOCAL
&& p
->address
.type
== SOCK_SEQPACKET
) {
497 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Address family not supported, ignoring: %s", rvalue
);
501 p
->type
= SOCKET_SOCKET
;
505 p
->auxiliary_fds
= NULL
;
506 p
->n_auxiliary_fds
= 0;
509 LIST_FIND_TAIL(port
, s
->ports
, tail
);
510 LIST_INSERT_AFTER(port
, s
->ports
, tail
, p
);
517 int config_parse_exec_nice(
519 const char *filename
,
522 unsigned section_line
,
529 ExecContext
*c
= data
;
537 if (isempty(rvalue
)) {
542 r
= parse_nice(rvalue
, &priority
);
545 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Nice priority out of range, ignoring: %s", rvalue
);
547 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse nice priority '%s', ignoring: %m", rvalue
);
557 int config_parse_exec_oom_score_adjust(
559 const char *filename
,
562 unsigned section_line
,
569 ExecContext
*c
= data
;
577 if (isempty(rvalue
)) {
578 c
->oom_score_adjust_set
= false;
582 r
= parse_oom_score_adjust(rvalue
, &oa
);
585 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "OOM score adjust value out of range, ignoring: %s", rvalue
);
587 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse the OOM score adjust value '%s', ignoring: %m", rvalue
);
591 c
->oom_score_adjust
= oa
;
592 c
->oom_score_adjust_set
= true;
597 int config_parse_exec_coredump_filter(
599 const char *filename
,
602 unsigned section_line
,
609 ExecContext
*c
= data
;
617 if (isempty(rvalue
)) {
618 c
->coredump_filter
= 0;
619 c
->coredump_filter_set
= false;
624 r
= coredump_filter_mask_from_string(rvalue
, &f
);
626 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
627 "Failed to parse the CoredumpFilter=%s, ignoring: %m", rvalue
);
631 c
->coredump_filter
|= f
;
632 c
->oom_score_adjust_set
= true;
636 int config_parse_kill_mode(
638 const char *filename
,
641 unsigned section_line
,
648 KillMode
*k
= data
, m
;
655 if (isempty(rvalue
)) {
656 *k
= KILL_CONTROL_GROUP
;
660 m
= kill_mode_from_string(rvalue
);
662 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
663 "Failed to parse kill mode specification, ignoring: %s", rvalue
);
668 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
669 "Unit configured to use KillMode=none. "
670 "This is unsafe, as it disables systemd's process lifecycle management for the service. "
671 "Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. "
672 "Support for KillMode=none is deprecated and will eventually be removed.");
678 int config_parse_exec(
680 const char *filename
,
683 unsigned section_line
,
690 ExecCommand
**e
= data
;
691 const Unit
*u
= userdata
;
703 if (isempty(rvalue
)) {
704 /* An empty assignment resets the list */
705 *e
= exec_command_free_list(*e
);
711 _cleanup_free_
char *path
= NULL
, *firstword
= NULL
;
712 ExecCommandFlags flags
= 0;
713 bool ignore
= false, separate_argv0
= false;
714 _cleanup_free_ ExecCommand
*nce
= NULL
;
715 _cleanup_strv_free_
char **n
= NULL
;
716 size_t nlen
= 0, nbufsize
= 0;
721 r
= extract_first_word_and_warn(&p
, &firstword
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_CUNESCAPE
, unit
, filename
, line
, rvalue
);
725 /* A lone ";" is a separator. Let's make sure we don't treat it as an executable name. */
726 if (streq(firstword
, ";")) {
733 /* We accept an absolute path as first argument. If it's prefixed with - and the path doesn't
734 * exist, we ignore it instead of erroring out; if it's prefixed with @, we allow overriding of
735 * argv[0]; if it's prefixed with :, we will not do environment variable substitution;
736 * if it's prefixed with +, it will be run with full privileges and no sandboxing; if
737 * it's prefixed with '!' we apply sandboxing, but do not change user/group credentials; if
738 * it's prefixed with '!!', then we apply user/group credentials if the kernel supports ambient
739 * capabilities -- if it doesn't we don't apply the credentials themselves, but do apply most
740 * other sandboxing, with some special exceptions for changing UID.
742 * The idea is that '!!' may be used to write services that can take benefit of systemd's
743 * UID/GID dropping if the kernel supports ambient creds, but provide an automatic fallback to
744 * privilege dropping within the daemon if the kernel does not offer that. */
746 if (*f
== '-' && !(flags
& EXEC_COMMAND_IGNORE_FAILURE
)) {
747 flags
|= EXEC_COMMAND_IGNORE_FAILURE
;
749 } else if (*f
== '@' && !separate_argv0
)
750 separate_argv0
= true;
751 else if (*f
== ':' && !(flags
& EXEC_COMMAND_NO_ENV_EXPAND
))
752 flags
|= EXEC_COMMAND_NO_ENV_EXPAND
;
753 else if (*f
== '+' && !(flags
& (EXEC_COMMAND_FULLY_PRIVILEGED
|EXEC_COMMAND_NO_SETUID
|EXEC_COMMAND_AMBIENT_MAGIC
)))
754 flags
|= EXEC_COMMAND_FULLY_PRIVILEGED
;
755 else if (*f
== '!' && !(flags
& (EXEC_COMMAND_FULLY_PRIVILEGED
|EXEC_COMMAND_NO_SETUID
|EXEC_COMMAND_AMBIENT_MAGIC
)))
756 flags
|= EXEC_COMMAND_NO_SETUID
;
757 else if (*f
== '!' && !(flags
& (EXEC_COMMAND_FULLY_PRIVILEGED
|EXEC_COMMAND_AMBIENT_MAGIC
))) {
758 flags
&= ~EXEC_COMMAND_NO_SETUID
;
759 flags
|= EXEC_COMMAND_AMBIENT_MAGIC
;
765 r
= unit_full_printf(u
, f
, &path
);
767 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
768 "Failed to resolve unit specifiers in '%s'%s: %m",
769 f
, ignore
? ", ignoring" : "");
770 return ignore
? 0 : -ENOEXEC
;
774 /* First word is either "-" or "@" with no command. */
775 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
776 "Empty path in command line%s: '%s'",
777 ignore
? ", ignoring" : "", rvalue
);
778 return ignore
? 0 : -ENOEXEC
;
780 if (!string_is_safe(path
)) {
781 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
782 "Executable name contains special characters%s: %s",
783 ignore
? ", ignoring" : "", path
);
784 return ignore
? 0 : -ENOEXEC
;
786 if (endswith(path
, "/")) {
787 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
788 "Executable path specifies a directory%s: %s",
789 ignore
? ", ignoring" : "", path
);
790 return ignore
? 0 : -ENOEXEC
;
793 if (!path_is_absolute(path
) && !filename_is_valid(path
)) {
794 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
795 "Neither a valid executable name nor an absolute path%s: %s",
796 ignore
? ", ignoring" : "", path
);
797 return ignore
? 0 : -ENOEXEC
;
800 if (!separate_argv0
) {
803 if (!GREEDY_REALLOC(n
, nbufsize
, nlen
+ 2))
813 path_simplify(path
, false);
815 while (!isempty(p
)) {
816 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
;
818 /* Check explicitly for an unquoted semicolon as
819 * command separator token. */
820 if (p
[0] == ';' && (!p
[1] || strchr(WHITESPACE
, p
[1]))) {
822 p
+= strspn(p
, WHITESPACE
);
827 /* Check for \; explicitly, to not confuse it with \\; or "\;" or "\\;" etc.
828 * extract_first_word() would return the same for all of those. */
829 if (p
[0] == '\\' && p
[1] == ';' && (!p
[2] || strchr(WHITESPACE
, p
[2]))) {
833 p
+= strspn(p
, WHITESPACE
);
835 if (!GREEDY_REALLOC(n
, nbufsize
, nlen
+ 2))
846 r
= extract_first_word_and_warn(&p
, &word
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_CUNESCAPE
, unit
, filename
, line
, rvalue
);
850 return ignore
? 0 : -ENOEXEC
;
852 r
= unit_full_printf(u
, word
, &resolved
);
854 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
855 "Failed to resolve unit specifiers in %s%s: %m",
856 word
, ignore
? ", ignoring" : "");
857 return ignore
? 0 : -ENOEXEC
;
860 if (!GREEDY_REALLOC(n
, nbufsize
, nlen
+ 2))
863 n
[nlen
++] = TAKE_PTR(resolved
);
868 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
869 "Empty executable name or zeroeth argument%s: %s",
870 ignore
? ", ignoring" : "", rvalue
);
871 return ignore
? 0 : -ENOEXEC
;
874 nce
= new0(ExecCommand
, 1);
878 nce
->argv
= TAKE_PTR(n
);
879 nce
->path
= TAKE_PTR(path
);
882 exec_command_append_list(e
, nce
);
884 /* Do not _cleanup_free_ these. */
893 int config_parse_socket_bindtodevice(
895 const char *filename
,
898 unsigned section_line
,
912 if (isempty(rvalue
) || streq(rvalue
, "*")) {
913 s
->bind_to_device
= mfree(s
->bind_to_device
);
917 if (!ifname_valid(rvalue
)) {
918 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid interface name, ignoring: %s", rvalue
);
922 if (free_and_strdup(&s
->bind_to_device
, rvalue
) < 0)
928 int config_parse_exec_input(
930 const char *filename
,
933 unsigned section_line
,
940 ExecContext
*c
= data
;
941 const Unit
*u
= userdata
;
951 n
= startswith(rvalue
, "fd:");
953 _cleanup_free_
char *resolved
= NULL
;
955 r
= unit_full_printf(u
, n
, &resolved
);
957 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", n
);
961 if (isempty(resolved
))
962 resolved
= mfree(resolved
);
963 else if (!fdname_is_valid(resolved
)) {
964 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid file descriptor name, ignoring: %s", resolved
);
968 free_and_replace(c
->stdio_fdname
[STDIN_FILENO
], resolved
);
970 ei
= EXEC_INPUT_NAMED_FD
;
972 } else if ((n
= startswith(rvalue
, "file:"))) {
973 _cleanup_free_
char *resolved
= NULL
;
975 r
= unit_full_printf(u
, n
, &resolved
);
977 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", n
);
981 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
985 free_and_replace(c
->stdio_file
[STDIN_FILENO
], resolved
);
987 ei
= EXEC_INPUT_FILE
;
990 ei
= exec_input_from_string(rvalue
);
992 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Failed to parse input specifier, ignoring: %s", rvalue
);
1001 int config_parse_exec_input_text(
1003 const char *filename
,
1005 const char *section
,
1006 unsigned section_line
,
1013 _cleanup_free_
char *unescaped
= NULL
, *resolved
= NULL
;
1014 ExecContext
*c
= data
;
1015 const Unit
*u
= userdata
;
1025 if (isempty(rvalue
)) {
1026 /* Reset if the empty string is assigned */
1027 c
->stdin_data
= mfree(c
->stdin_data
);
1028 c
->stdin_data_size
= 0;
1032 r
= cunescape(rvalue
, 0, &unescaped
);
1034 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1035 "Failed to decode C escaped text '%s', ignoring: %m", rvalue
);
1039 r
= unit_full_printf(u
, unescaped
, &resolved
);
1041 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1042 "Failed to resolve unit specifiers in '%s', ignoring: %m", unescaped
);
1046 sz
= strlen(resolved
);
1047 if (c
->stdin_data_size
+ sz
+ 1 < c
->stdin_data_size
|| /* check for overflow */
1048 c
->stdin_data_size
+ sz
+ 1 > EXEC_STDIN_DATA_MAX
) {
1049 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1050 "Standard input data too large (%zu), maximum of %zu permitted, ignoring.",
1051 c
->stdin_data_size
+ sz
, (size_t) EXEC_STDIN_DATA_MAX
);
1055 p
= realloc(c
->stdin_data
, c
->stdin_data_size
+ sz
+ 1);
1059 *((char*) mempcpy((char*) p
+ c
->stdin_data_size
, resolved
, sz
)) = '\n';
1062 c
->stdin_data_size
+= sz
+ 1;
1067 int config_parse_exec_input_data(
1069 const char *filename
,
1071 const char *section
,
1072 unsigned section_line
,
1079 _cleanup_free_
void *p
= NULL
;
1080 ExecContext
*c
= data
;
1090 if (isempty(rvalue
)) {
1091 /* Reset if the empty string is assigned */
1092 c
->stdin_data
= mfree(c
->stdin_data
);
1093 c
->stdin_data_size
= 0;
1097 r
= unbase64mem(rvalue
, (size_t) -1, &p
, &sz
);
1099 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1100 "Failed to decode base64 data, ignoring: %s", rvalue
);
1106 if (c
->stdin_data_size
+ sz
< c
->stdin_data_size
|| /* check for overflow */
1107 c
->stdin_data_size
+ sz
> EXEC_STDIN_DATA_MAX
) {
1108 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1109 "Standard input data too large (%zu), maximum of %zu permitted, ignoring.",
1110 c
->stdin_data_size
+ sz
, (size_t) EXEC_STDIN_DATA_MAX
);
1114 q
= realloc(c
->stdin_data
, c
->stdin_data_size
+ sz
);
1118 memcpy((uint8_t*) q
+ c
->stdin_data_size
, p
, sz
);
1121 c
->stdin_data_size
+= sz
;
1126 int config_parse_exec_output(
1128 const char *filename
,
1130 const char *section
,
1131 unsigned section_line
,
1138 _cleanup_free_
char *resolved
= NULL
;
1140 ExecContext
*c
= data
;
1141 const Unit
*u
= userdata
;
1142 bool obsolete
= false;
1152 n
= startswith(rvalue
, "fd:");
1154 r
= unit_full_printf(u
, n
, &resolved
);
1156 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", n
);
1160 if (isempty(resolved
))
1161 resolved
= mfree(resolved
);
1162 else if (!fdname_is_valid(resolved
)) {
1163 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid file descriptor name, ignoring: %s", resolved
);
1167 eo
= EXEC_OUTPUT_NAMED_FD
;
1169 } else if (streq(rvalue
, "syslog")) {
1170 eo
= EXEC_OUTPUT_JOURNAL
;
1173 } else if (streq(rvalue
, "syslog+console")) {
1174 eo
= EXEC_OUTPUT_JOURNAL_AND_CONSOLE
;
1177 } else if ((n
= startswith(rvalue
, "file:"))) {
1179 r
= unit_full_printf(u
, n
, &resolved
);
1181 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", n
);
1185 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
1189 eo
= EXEC_OUTPUT_FILE
;
1191 } else if ((n
= startswith(rvalue
, "append:"))) {
1193 r
= unit_full_printf(u
, n
, &resolved
);
1195 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", n
);
1199 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
1203 eo
= EXEC_OUTPUT_FILE_APPEND
;
1205 eo
= exec_output_from_string(rvalue
);
1207 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Failed to parse output specifier, ignoring: %s", rvalue
);
1213 log_syntax(unit
, LOG_NOTICE
, filename
, line
, 0,
1214 "Standard output type %s is obsolete, automatically updating to %s. Please update your unit file, and consider removing the setting altogether.",
1215 rvalue
, exec_output_to_string(eo
));
1217 if (streq(lvalue
, "StandardOutput")) {
1218 if (eo
== EXEC_OUTPUT_NAMED_FD
)
1219 free_and_replace(c
->stdio_fdname
[STDOUT_FILENO
], resolved
);
1221 free_and_replace(c
->stdio_file
[STDOUT_FILENO
], resolved
);
1226 assert(streq(lvalue
, "StandardError"));
1228 if (eo
== EXEC_OUTPUT_NAMED_FD
)
1229 free_and_replace(c
->stdio_fdname
[STDERR_FILENO
], resolved
);
1231 free_and_replace(c
->stdio_file
[STDERR_FILENO
], resolved
);
1239 int config_parse_exec_io_class(const char *unit
,
1240 const char *filename
,
1242 const char *section
,
1243 unsigned section_line
,
1250 ExecContext
*c
= data
;
1258 if (isempty(rvalue
)) {
1259 c
->ioprio_set
= false;
1260 c
->ioprio
= IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE
, 0);
1264 x
= ioprio_class_from_string(rvalue
);
1266 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Failed to parse IO scheduling class, ignoring: %s", rvalue
);
1270 c
->ioprio
= IOPRIO_PRIO_VALUE(x
, IOPRIO_PRIO_DATA(c
->ioprio
));
1271 c
->ioprio_set
= true;
1276 int config_parse_exec_io_priority(const char *unit
,
1277 const char *filename
,
1279 const char *section
,
1280 unsigned section_line
,
1287 ExecContext
*c
= data
;
1295 if (isempty(rvalue
)) {
1296 c
->ioprio_set
= false;
1297 c
->ioprio
= IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE
, 0);
1301 r
= ioprio_parse_priority(rvalue
, &i
);
1303 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse IO priority, ignoring: %s", rvalue
);
1307 c
->ioprio
= IOPRIO_PRIO_VALUE(IOPRIO_PRIO_CLASS(c
->ioprio
), i
);
1308 c
->ioprio_set
= true;
1313 int config_parse_exec_cpu_sched_policy(const char *unit
,
1314 const char *filename
,
1316 const char *section
,
1317 unsigned section_line
,
1324 ExecContext
*c
= data
;
1332 if (isempty(rvalue
)) {
1333 c
->cpu_sched_set
= false;
1334 c
->cpu_sched_policy
= SCHED_OTHER
;
1335 c
->cpu_sched_priority
= 0;
1339 x
= sched_policy_from_string(rvalue
);
1341 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Failed to parse CPU scheduling policy, ignoring: %s", rvalue
);
1345 c
->cpu_sched_policy
= x
;
1346 /* Moving to or from real-time policy? We need to adjust the priority */
1347 c
->cpu_sched_priority
= CLAMP(c
->cpu_sched_priority
, sched_get_priority_min(x
), sched_get_priority_max(x
));
1348 c
->cpu_sched_set
= true;
1353 int config_parse_exec_mount_apivfs(const char *unit
,
1354 const char *filename
,
1356 const char *section
,
1357 unsigned section_line
,
1364 ExecContext
*c
= data
;
1372 if (isempty(rvalue
)) {
1373 c
->mount_apivfs_set
= false;
1374 c
->mount_apivfs
= false;
1378 k
= parse_boolean(rvalue
);
1380 log_syntax(unit
, LOG_WARNING
, filename
, line
, k
,
1381 "Failed to parse boolean value, ignoring: %s",
1386 c
->mount_apivfs_set
= true;
1387 c
->mount_apivfs
= k
;
1391 int config_parse_numa_mask(const char *unit
,
1392 const char *filename
,
1394 const char *section
,
1395 unsigned section_line
,
1402 NUMAPolicy
*p
= data
;
1409 if (streq(rvalue
, "all")) {
1410 r
= numa_mask_add_all(&p
->nodes
);
1412 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1413 "Failed to create NUMA mask representing \"all\" NUMA nodes, ignoring: %m");
1415 r
= parse_cpu_set_extend(rvalue
, &p
->nodes
, true, unit
, filename
, line
, lvalue
);
1417 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse NUMA node mask, ignoring: %s", rvalue
);
1423 int config_parse_exec_cpu_sched_prio(const char *unit
,
1424 const char *filename
,
1426 const char *section
,
1427 unsigned section_line
,
1434 ExecContext
*c
= data
;
1442 r
= safe_atoi(rvalue
, &i
);
1444 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse CPU scheduling priority, ignoring: %s", rvalue
);
1448 /* On Linux RR/FIFO range from 1 to 99 and OTHER/BATCH may only be 0 */
1449 min
= sched_get_priority_min(c
->cpu_sched_policy
);
1450 max
= sched_get_priority_max(c
->cpu_sched_policy
);
1452 if (i
< min
|| i
> max
) {
1453 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "CPU scheduling priority is out of range, ignoring: %s", rvalue
);
1457 c
->cpu_sched_priority
= i
;
1458 c
->cpu_sched_set
= true;
1463 int config_parse_root_image_options(
1465 const char *filename
,
1467 const char *section
,
1468 unsigned section_line
,
1475 _cleanup_(mount_options_free_allp
) MountOptions
*options
= NULL
;
1476 _cleanup_strv_free_
char **l
= NULL
;
1477 char **first
= NULL
, **second
= NULL
;
1478 ExecContext
*c
= data
;
1479 const Unit
*u
= userdata
;
1487 if (isempty(rvalue
)) {
1488 c
->root_image_options
= mount_options_free_all(c
->root_image_options
);
1492 r
= strv_split_colon_pairs(&l
, rvalue
);
1496 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s, ignoring: %s", lvalue
, rvalue
);
1500 STRV_FOREACH_PAIR(first
, second
, l
) {
1501 MountOptions
*o
= NULL
;
1502 _cleanup_free_
char *mount_options_resolved
= NULL
;
1503 const char *mount_options
= NULL
, *partition
= "root";
1504 PartitionDesignator partition_designator
;
1506 /* Format is either 'root:foo' or 'foo' (root is implied) */
1507 if (!isempty(*second
)) {
1509 mount_options
= *second
;
1511 mount_options
= *first
;
1513 partition_designator
= partition_designator_from_string(partition
);
1514 if (partition_designator
< 0) {
1515 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid partition name %s, ignoring", partition
);
1518 r
= unit_full_printf(u
, mount_options
, &mount_options_resolved
);
1520 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options
);
1524 o
= new(MountOptions
, 1);
1527 *o
= (MountOptions
) {
1528 .partition_designator
= partition_designator
,
1529 .options
= TAKE_PTR(mount_options_resolved
),
1531 LIST_APPEND(mount_options
, options
, TAKE_PTR(o
));
1534 /* empty spaces/separators only */
1535 if (LIST_IS_EMPTY(options
))
1536 c
->root_image_options
= mount_options_free_all(c
->root_image_options
);
1538 LIST_JOIN(mount_options
, c
->root_image_options
, options
);
1543 int config_parse_exec_root_hash(
1545 const char *filename
,
1547 const char *section
,
1548 unsigned section_line
,
1555 _cleanup_free_
void *roothash_decoded
= NULL
;
1556 ExecContext
*c
= data
;
1557 size_t roothash_decoded_size
= 0;
1565 if (isempty(rvalue
)) {
1566 /* Reset if the empty string is assigned */
1567 c
->root_hash_path
= mfree(c
->root_hash_path
);
1568 c
->root_hash
= mfree(c
->root_hash
);
1569 c
->root_hash_size
= 0;
1573 if (path_is_absolute(rvalue
)) {
1574 /* We have the path to a roothash to load and decode, eg: RootHash=/foo/bar.roothash */
1575 _cleanup_free_
char *p
= NULL
;
1581 free_and_replace(c
->root_hash_path
, p
);
1582 c
->root_hash
= mfree(c
->root_hash
);
1583 c
->root_hash_size
= 0;
1587 /* We have a roothash to decode, eg: RootHash=012345789abcdef */
1588 r
= unhexmem(rvalue
, strlen(rvalue
), &roothash_decoded
, &roothash_decoded_size
);
1590 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to decode RootHash=, ignoring: %s", rvalue
);
1593 if (roothash_decoded_size
< sizeof(sd_id128_t
)) {
1594 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "RootHash= is too short, ignoring: %s", rvalue
);
1598 free_and_replace(c
->root_hash
, roothash_decoded
);
1599 c
->root_hash_size
= roothash_decoded_size
;
1600 c
->root_hash_path
= mfree(c
->root_hash_path
);
1605 int config_parse_exec_root_hash_sig(
1607 const char *filename
,
1609 const char *section
,
1610 unsigned section_line
,
1617 _cleanup_free_
void *roothash_sig_decoded
= NULL
;
1619 ExecContext
*c
= data
;
1620 size_t roothash_sig_decoded_size
= 0;
1628 if (isempty(rvalue
)) {
1629 /* Reset if the empty string is assigned */
1630 c
->root_hash_sig_path
= mfree(c
->root_hash_sig_path
);
1631 c
->root_hash_sig
= mfree(c
->root_hash_sig
);
1632 c
->root_hash_sig_size
= 0;
1636 if (path_is_absolute(rvalue
)) {
1637 /* We have the path to a roothash signature to load and decode, eg: RootHashSignature=/foo/bar.roothash.p7s */
1638 _cleanup_free_
char *p
= NULL
;
1644 free_and_replace(c
->root_hash_sig_path
, p
);
1645 c
->root_hash_sig
= mfree(c
->root_hash_sig
);
1646 c
->root_hash_sig_size
= 0;
1650 if (!(value
= startswith(rvalue
, "base64:"))) {
1651 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1652 "Failed to decode RootHashSignature=, not a path but doesn't start with 'base64:', ignoring: %s", rvalue
);
1656 /* We have a roothash signature to decode, eg: RootHashSignature=base64:012345789abcdef */
1657 r
= unbase64mem(value
, strlen(value
), &roothash_sig_decoded
, &roothash_sig_decoded_size
);
1659 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to decode RootHashSignature=, ignoring: %s", rvalue
);
1663 free_and_replace(c
->root_hash_sig
, roothash_sig_decoded
);
1664 c
->root_hash_sig_size
= roothash_sig_decoded_size
;
1665 c
->root_hash_sig_path
= mfree(c
->root_hash_sig_path
);
1670 int config_parse_exec_cpu_affinity(const char *unit
,
1671 const char *filename
,
1673 const char *section
,
1674 unsigned section_line
,
1681 ExecContext
*c
= data
;
1689 if (streq(rvalue
, "numa")) {
1690 c
->cpu_affinity_from_numa
= true;
1691 cpu_set_reset(&c
->cpu_set
);
1696 r
= parse_cpu_set_extend(rvalue
, &c
->cpu_set
, true, unit
, filename
, line
, lvalue
);
1698 c
->cpu_affinity_from_numa
= false;
1703 int config_parse_capability_set(
1705 const char *filename
,
1707 const char *section
,
1708 unsigned section_line
,
1715 uint64_t *capability_set
= data
;
1716 uint64_t sum
= 0, initial
= 0;
1717 bool invert
= false;
1725 if (rvalue
[0] == '~') {
1730 if (streq(lvalue
, "CapabilityBoundingSet"))
1731 initial
= CAP_ALL
; /* initialized to all bits on */
1732 /* else "AmbientCapabilities" initialized to all bits off */
1734 r
= capability_set_from_string(rvalue
, &sum
);
1736 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s= specifier '%s', ignoring: %m", lvalue
, rvalue
);
1740 if (sum
== 0 || *capability_set
== initial
)
1741 /* "", "~" or uninitialized data -> replace */
1742 *capability_set
= invert
? ~sum
: sum
;
1744 /* previous data -> merge */
1746 *capability_set
&= ~sum
;
1748 *capability_set
|= sum
;
1754 int config_parse_exec_selinux_context(
1756 const char *filename
,
1758 const char *section
,
1759 unsigned section_line
,
1766 ExecContext
*c
= data
;
1767 const Unit
*u
= userdata
;
1777 if (isempty(rvalue
)) {
1778 c
->selinux_context
= mfree(c
->selinux_context
);
1779 c
->selinux_context_ignore
= false;
1783 if (rvalue
[0] == '-') {
1789 r
= unit_full_printf(u
, rvalue
, &k
);
1791 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
1792 "Failed to resolve unit specifiers in '%s'%s: %m",
1793 rvalue
, ignore
? ", ignoring" : "");
1794 return ignore
? 0 : -ENOEXEC
;
1797 free_and_replace(c
->selinux_context
, k
);
1798 c
->selinux_context_ignore
= ignore
;
1803 int config_parse_exec_apparmor_profile(
1805 const char *filename
,
1807 const char *section
,
1808 unsigned section_line
,
1815 ExecContext
*c
= data
;
1816 const Unit
*u
= userdata
;
1826 if (isempty(rvalue
)) {
1827 c
->apparmor_profile
= mfree(c
->apparmor_profile
);
1828 c
->apparmor_profile_ignore
= false;
1832 if (rvalue
[0] == '-') {
1838 r
= unit_full_printf(u
, rvalue
, &k
);
1840 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
1841 "Failed to resolve unit specifiers in '%s'%s: %m",
1842 rvalue
, ignore
? ", ignoring" : "");
1843 return ignore
? 0 : -ENOEXEC
;
1846 free_and_replace(c
->apparmor_profile
, k
);
1847 c
->apparmor_profile_ignore
= ignore
;
1852 int config_parse_exec_smack_process_label(
1854 const char *filename
,
1856 const char *section
,
1857 unsigned section_line
,
1864 ExecContext
*c
= data
;
1865 const Unit
*u
= userdata
;
1875 if (isempty(rvalue
)) {
1876 c
->smack_process_label
= mfree(c
->smack_process_label
);
1877 c
->smack_process_label_ignore
= false;
1881 if (rvalue
[0] == '-') {
1887 r
= unit_full_printf(u
, rvalue
, &k
);
1889 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
1890 "Failed to resolve unit specifiers in '%s'%s: %m",
1891 rvalue
, ignore
? ", ignoring" : "");
1892 return ignore
? 0 : -ENOEXEC
;
1895 free_and_replace(c
->smack_process_label
, k
);
1896 c
->smack_process_label_ignore
= ignore
;
1901 int config_parse_timer(
1903 const char *filename
,
1905 const char *section
,
1906 unsigned section_line
,
1913 _cleanup_(calendar_spec_freep
) CalendarSpec
*c
= NULL
;
1914 _cleanup_free_
char *k
= NULL
;
1915 const Unit
*u
= userdata
;
1926 if (isempty(rvalue
)) {
1927 /* Empty assignment resets list */
1928 timer_free_values(t
);
1932 r
= unit_full_printf(u
, rvalue
, &k
);
1934 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
1938 if (ltype
== TIMER_CALENDAR
) {
1939 r
= calendar_spec_from_string(k
, &c
);
1941 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse calendar specification, ignoring: %s", k
);
1945 r
= parse_sec(k
, &usec
);
1947 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse timer value, ignoring: %s", k
);
1952 v
= new(TimerValue
, 1);
1959 .calendar_spec
= TAKE_PTR(c
),
1962 LIST_PREPEND(value
, t
->values
, v
);
1967 int config_parse_trigger_unit(
1969 const char *filename
,
1971 const char *section
,
1972 unsigned section_line
,
1979 _cleanup_free_
char *p
= NULL
;
1989 if (!hashmap_isempty(u
->dependencies
[UNIT_TRIGGERS
])) {
1990 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Multiple units to trigger specified, ignoring: %s", rvalue
);
1994 r
= unit_name_printf(u
, rvalue
, &p
);
1996 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2000 type
= unit_name_to_type(p
);
2002 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Unit type not valid, ignoring: %s", rvalue
);
2005 if (unit_has_name(u
, p
)) {
2006 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Units cannot trigger themselves, ignoring: %s", rvalue
);
2010 r
= unit_add_two_dependencies_by_name(u
, UNIT_BEFORE
, UNIT_TRIGGERS
, p
, true, UNIT_DEPENDENCY_FILE
);
2012 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add trigger on %s, ignoring: %m", p
);
2019 int config_parse_path_spec(const char *unit
,
2020 const char *filename
,
2022 const char *section
,
2023 unsigned section_line
,
2033 _cleanup_free_
char *k
= NULL
;
2041 if (isempty(rvalue
)) {
2042 /* Empty assignment clears list */
2047 b
= path_type_from_string(lvalue
);
2049 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Failed to parse path type, ignoring: %s", lvalue
);
2053 r
= unit_full_printf(UNIT(p
), rvalue
, &k
);
2055 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2059 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
2063 s
= new0(PathSpec
, 1);
2068 s
->path
= TAKE_PTR(k
);
2072 LIST_PREPEND(spec
, p
->specs
, s
);
2077 int config_parse_socket_service(
2079 const char *filename
,
2081 const char *section
,
2082 unsigned section_line
,
2089 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2090 _cleanup_free_
char *p
= NULL
;
2100 r
= unit_name_printf(UNIT(s
), rvalue
, &p
);
2102 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2106 if (!endswith(p
, ".service")) {
2107 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Unit must be of type service, ignoring: %s", rvalue
);
2111 r
= manager_load_unit(UNIT(s
)->manager
, p
, NULL
, &error
, &x
);
2113 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to load unit %s, ignoring: %s", rvalue
, bus_error_message(&error
, r
));
2117 unit_ref_set(&s
->service
, UNIT(s
), x
);
2122 int config_parse_fdname(
2124 const char *filename
,
2126 const char *section
,
2127 unsigned section_line
,
2134 _cleanup_free_
char *p
= NULL
;
2143 if (isempty(rvalue
)) {
2144 s
->fdname
= mfree(s
->fdname
);
2148 r
= unit_full_printf(UNIT(s
), rvalue
, &p
);
2150 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
2154 if (!fdname_is_valid(p
)) {
2155 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid file descriptor name, ignoring: %s", p
);
2159 return free_and_replace(s
->fdname
, p
);
2162 int config_parse_service_sockets(
2164 const char *filename
,
2166 const char *section
,
2167 unsigned section_line
,
2182 for (const char *p
= rvalue
;;) {
2183 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2185 r
= extract_first_word(&p
, &word
, NULL
, 0);
2191 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Trailing garbage in sockets, ignoring: %s", rvalue
);
2195 r
= unit_name_printf(UNIT(s
), word
, &k
);
2197 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
2201 if (!endswith(k
, ".socket")) {
2202 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Unit must be of type socket, ignoring: %s", k
);
2206 r
= unit_add_two_dependencies_by_name(UNIT(s
), UNIT_WANTS
, UNIT_AFTER
, k
, true, UNIT_DEPENDENCY_FILE
);
2208 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add dependency on %s, ignoring: %m", k
);
2210 r
= unit_add_dependency_by_name(UNIT(s
), UNIT_TRIGGERED_BY
, k
, true, UNIT_DEPENDENCY_FILE
);
2212 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add dependency on %s, ignoring: %m", k
);
2216 int config_parse_bus_name(
2218 const char *filename
,
2220 const char *section
,
2221 unsigned section_line
,
2228 _cleanup_free_
char *k
= NULL
;
2229 const Unit
*u
= userdata
;
2237 r
= unit_full_printf(u
, rvalue
, &k
);
2239 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2243 if (!sd_bus_service_name_is_valid(k
)) {
2244 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid bus name, ignoring: %s", k
);
2248 return config_parse_string(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
2251 int config_parse_service_timeout(
2253 const char *filename
,
2255 const char *section
,
2256 unsigned section_line
,
2263 Service
*s
= userdata
;
2272 /* This is called for two cases: TimeoutSec= and TimeoutStartSec=. */
2274 /* Traditionally, these options accepted 0 to disable the timeouts. However, a timeout of 0 suggests it happens
2275 * immediately, hence fix this to become USEC_INFINITY instead. This is in-line with how we internally handle
2276 * all other timeouts. */
2277 r
= parse_sec_fix_0(rvalue
, &usec
);
2279 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s= parameter, ignoring: %s", lvalue
, rvalue
);
2283 s
->start_timeout_defined
= true;
2284 s
->timeout_start_usec
= usec
;
2286 if (streq(lvalue
, "TimeoutSec"))
2287 s
->timeout_stop_usec
= usec
;
2292 int config_parse_timeout_abort(
2294 const char *filename
,
2296 const char *section
,
2297 unsigned section_line
,
2312 /* Note: apart from setting the arg, this returns an extra bit of information in the return value. */
2314 if (isempty(rvalue
)) {
2316 return 0; /* "not set" */
2319 r
= parse_sec(rvalue
, ret
);
2321 return log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s= setting, ignoring: %s", lvalue
, rvalue
);
2323 return 1; /* "set" */
2326 int config_parse_service_timeout_abort(
2328 const char *filename
,
2330 const char *section
,
2331 unsigned section_line
,
2338 Service
*s
= userdata
;
2343 r
= config_parse_timeout_abort(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
,
2344 &s
->timeout_abort_usec
, s
);
2346 s
->timeout_abort_set
= r
;
2350 int config_parse_sec_fix_0(
2352 const char *filename
,
2354 const char *section
,
2355 unsigned section_line
,
2362 usec_t
*usec
= data
;
2370 /* This is pretty much like config_parse_sec(), except that this treats a time of 0 as infinity, for
2371 * compatibility with older versions of systemd where 0 instead of infinity was used as indicator to turn off a
2374 r
= parse_sec_fix_0(rvalue
, usec
);
2376 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s= parameter, ignoring: %s", lvalue
, rvalue
);
2381 int config_parse_user_group_compat(
2383 const char *filename
,
2385 const char *section
,
2386 unsigned section_line
,
2393 _cleanup_free_
char *k
= NULL
;
2395 const Unit
*u
= userdata
;
2403 if (isempty(rvalue
)) {
2404 *user
= mfree(*user
);
2408 r
= unit_full_printf(u
, rvalue
, &k
);
2410 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", rvalue
);
2414 if (!valid_user_group_name(k
, VALID_USER_ALLOW_NUMERIC
|VALID_USER_RELAX
|VALID_USER_WARN
)) {
2415 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Invalid user/group name or numeric ID: %s", k
);
2419 if (strstr(lvalue
, "User") && streq(k
, NOBODY_USER_NAME
))
2420 log_struct(LOG_NOTICE
,
2421 "MESSAGE=%s:%u: Special user %s configured, this is not safe!", filename
, line
, k
,
2423 "MESSAGE_ID=" SD_MESSAGE_NOBODY_USER_UNSUITABLE_STR
,
2424 "OFFENDING_USER=%s", k
,
2425 "CONFIG_FILE=%s", filename
,
2426 "CONFIG_LINE=%u", line
);
2428 return free_and_replace(*user
, k
);
2431 int config_parse_user_group_strv_compat(
2433 const char *filename
,
2435 const char *section
,
2436 unsigned section_line
,
2443 char ***users
= data
;
2444 const Unit
*u
= userdata
;
2452 if (isempty(rvalue
)) {
2453 *users
= strv_free(*users
);
2457 for (const char *p
= rvalue
;;) {
2458 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2460 r
= extract_first_word(&p
, &word
, NULL
, 0);
2466 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Invalid syntax: %s", rvalue
);
2470 r
= unit_full_printf(u
, word
, &k
);
2472 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", word
);
2476 if (!valid_user_group_name(k
, VALID_USER_ALLOW_NUMERIC
|VALID_USER_RELAX
|VALID_USER_WARN
)) {
2477 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Invalid user/group name or numeric ID: %s", k
);
2481 r
= strv_push(users
, k
);
2489 int config_parse_working_directory(
2491 const char *filename
,
2493 const char *section
,
2494 unsigned section_line
,
2501 ExecContext
*c
= data
;
2502 const Unit
*u
= userdata
;
2512 if (isempty(rvalue
)) {
2513 c
->working_directory_home
= false;
2514 c
->working_directory
= mfree(c
->working_directory
);
2518 if (rvalue
[0] == '-') {
2524 if (streq(rvalue
, "~")) {
2525 c
->working_directory_home
= true;
2526 c
->working_directory
= mfree(c
->working_directory
);
2528 _cleanup_free_
char *k
= NULL
;
2530 r
= unit_full_printf(u
, rvalue
, &k
);
2532 log_syntax(unit
, missing_ok
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
2533 "Failed to resolve unit specifiers in working directory path '%s'%s: %m",
2534 rvalue
, missing_ok
? ", ignoring" : "");
2535 return missing_ok
? 0 : -ENOEXEC
;
2538 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
| (missing_ok
? 0 : PATH_CHECK_FATAL
), unit
, filename
, line
, lvalue
);
2540 return missing_ok
? 0 : -ENOEXEC
;
2542 c
->working_directory_home
= false;
2543 free_and_replace(c
->working_directory
, k
);
2546 c
->working_directory_missing_ok
= missing_ok
;
2550 int config_parse_unit_env_file(const char *unit
,
2551 const char *filename
,
2553 const char *section
,
2554 unsigned section_line
,
2562 const Unit
*u
= userdata
;
2563 _cleanup_free_
char *n
= NULL
;
2571 if (isempty(rvalue
)) {
2572 /* Empty assignment frees the list */
2573 *env
= strv_free(*env
);
2577 r
= unit_full_printf(u
, rvalue
, &n
);
2579 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
2583 r
= path_simplify_and_warn(n
[0] == '-' ? n
+ 1 : n
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
2587 r
= strv_push(env
, n
);
2596 int config_parse_environ(
2598 const char *filename
,
2600 const char *section
,
2601 unsigned section_line
,
2608 const Unit
*u
= userdata
;
2617 if (isempty(rvalue
)) {
2618 /* Empty assignment resets the list */
2619 *env
= strv_free(*env
);
2623 for (const char *p
= rvalue
;; ) {
2624 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2626 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_CUNESCAPE
|EXTRACT_UNQUOTE
);
2632 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2633 "Invalid syntax, ignoring: %s", rvalue
);
2638 r
= unit_full_printf(u
, word
, &k
);
2640 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2641 "Failed to resolve unit specifiers in %s, ignoring: %m", word
);
2647 if (!env_assignment_is_valid(k
)) {
2648 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2649 "Invalid environment assignment, ignoring: %s", k
);
2653 r
= strv_env_replace(env
, k
);
2661 int config_parse_pass_environ(
2663 const char *filename
,
2665 const char *section
,
2666 unsigned section_line
,
2673 _cleanup_strv_free_
char **n
= NULL
;
2674 size_t nlen
= 0, nbufsize
= 0;
2675 char*** passenv
= data
;
2676 const Unit
*u
= userdata
;
2684 if (isempty(rvalue
)) {
2685 /* Empty assignment resets the list */
2686 *passenv
= strv_free(*passenv
);
2690 for (const char *p
= rvalue
;;) {
2691 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2693 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
2699 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2700 "Trailing garbage in %s, ignoring: %s", lvalue
, rvalue
);
2705 r
= unit_full_printf(u
, word
, &k
);
2707 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2708 "Failed to resolve specifiers in %s, ignoring: %m", word
);
2714 if (!env_name_is_valid(k
)) {
2715 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2716 "Invalid environment name for %s, ignoring: %s", lvalue
, k
);
2720 if (!GREEDY_REALLOC(n
, nbufsize
, nlen
+ 2))
2723 n
[nlen
++] = TAKE_PTR(k
);
2728 r
= strv_extend_strv(passenv
, n
, true);
2736 int config_parse_unset_environ(
2738 const char *filename
,
2740 const char *section
,
2741 unsigned section_line
,
2748 _cleanup_strv_free_
char **n
= NULL
;
2749 size_t nlen
= 0, nbufsize
= 0;
2750 char*** unsetenv
= data
;
2751 const Unit
*u
= userdata
;
2759 if (isempty(rvalue
)) {
2760 /* Empty assignment resets the list */
2761 *unsetenv
= strv_free(*unsetenv
);
2765 for (const char *p
= rvalue
;;) {
2766 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2768 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_CUNESCAPE
|EXTRACT_UNQUOTE
);
2774 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2775 "Trailing garbage in %s, ignoring: %s", lvalue
, rvalue
);
2780 r
= unit_full_printf(u
, word
, &k
);
2782 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2783 "Failed to resolve unit specifiers in %s, ignoring: %m", word
);
2789 if (!env_assignment_is_valid(k
) && !env_name_is_valid(k
)) {
2790 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2791 "Invalid environment name or assignment %s, ignoring: %s", lvalue
, k
);
2795 if (!GREEDY_REALLOC(n
, nbufsize
, nlen
+ 2))
2798 n
[nlen
++] = TAKE_PTR(k
);
2803 r
= strv_extend_strv(unsetenv
, n
, true);
2811 int config_parse_log_extra_fields(
2813 const char *filename
,
2815 const char *section
,
2816 unsigned section_line
,
2823 ExecContext
*c
= data
;
2824 const Unit
*u
= userdata
;
2832 if (isempty(rvalue
)) {
2833 exec_context_free_log_extra_fields(c
);
2837 for (const char *p
= rvalue
;;) {
2838 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2842 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_CUNESCAPE
|EXTRACT_UNQUOTE
);
2848 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
2852 r
= unit_full_printf(u
, word
, &k
);
2854 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", word
);
2858 eq
= strchr(k
, '=');
2860 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Log field lacks '=' character, ignoring: %s", k
);
2864 if (!journal_field_valid(k
, eq
-k
, false)) {
2865 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Log field name is invalid, ignoring: %s", k
);
2869 t
= reallocarray(c
->log_extra_fields
, c
->n_log_extra_fields
+1, sizeof(struct iovec
));
2873 c
->log_extra_fields
= t
;
2874 c
->log_extra_fields
[c
->n_log_extra_fields
++] = IOVEC_MAKE_STRING(k
);
2880 int config_parse_log_namespace(
2882 const char *filename
,
2884 const char *section
,
2885 unsigned section_line
,
2892 _cleanup_free_
char *k
= NULL
;
2893 ExecContext
*c
= data
;
2894 const Unit
*u
= userdata
;
2902 if (isempty(rvalue
)) {
2903 c
->log_namespace
= mfree(c
->log_namespace
);
2907 r
= unit_full_printf(u
, rvalue
, &k
);
2909 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2913 if (!log_namespace_name_valid(k
)) {
2914 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Specified log namespace name is not valid, ignoring: %s", k
);
2918 free_and_replace(c
->log_namespace
, k
);
2922 int config_parse_unit_condition_path(
2924 const char *filename
,
2926 const char *section
,
2927 unsigned section_line
,
2934 _cleanup_free_
char *p
= NULL
;
2935 Condition
**list
= data
, *c
;
2936 ConditionType t
= ltype
;
2937 bool trigger
, negate
;
2938 const Unit
*u
= userdata
;
2946 if (isempty(rvalue
)) {
2947 /* Empty assignment resets the list */
2948 *list
= condition_free_list(*list
);
2952 trigger
= rvalue
[0] == '|';
2956 negate
= rvalue
[0] == '!';
2960 r
= unit_full_printf(u
, rvalue
, &p
);
2962 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2966 r
= path_simplify_and_warn(p
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
2970 c
= condition_new(t
, p
, trigger
, negate
);
2974 LIST_PREPEND(conditions
, *list
, c
);
2978 int config_parse_unit_condition_string(
2980 const char *filename
,
2982 const char *section
,
2983 unsigned section_line
,
2990 _cleanup_free_
char *s
= NULL
;
2991 Condition
**list
= data
, *c
;
2992 ConditionType t
= ltype
;
2993 bool trigger
, negate
;
2994 const Unit
*u
= userdata
;
3002 if (isempty(rvalue
)) {
3003 /* Empty assignment resets the list */
3004 *list
= condition_free_list(*list
);
3008 trigger
= *rvalue
== '|';
3010 rvalue
+= 1 + strspn(rvalue
+ 1, WHITESPACE
);
3012 negate
= *rvalue
== '!';
3014 rvalue
+= 1 + strspn(rvalue
+ 1, WHITESPACE
);
3016 r
= unit_full_printf(u
, rvalue
, &s
);
3018 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3019 "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
3023 c
= condition_new(t
, s
, trigger
, negate
);
3027 LIST_PREPEND(conditions
, *list
, c
);
3031 int config_parse_unit_requires_mounts_for(
3033 const char *filename
,
3035 const char *section
,
3036 unsigned section_line
,
3051 for (const char *p
= rvalue
;;) {
3052 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
;
3054 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3060 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3061 "Invalid syntax, ignoring: %s", rvalue
);
3065 r
= unit_full_printf(u
, word
, &resolved
);
3067 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
3071 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
3075 r
= unit_require_mounts_for(u
, resolved
, UNIT_DEPENDENCY_FILE
);
3077 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add required mount '%s', ignoring: %m", resolved
);
3083 int config_parse_documentation(const char *unit
,
3084 const char *filename
,
3086 const char *section
,
3087 unsigned section_line
,
3103 if (isempty(rvalue
)) {
3104 /* Empty assignment resets the list */
3105 u
->documentation
= strv_free(u
->documentation
);
3109 r
= config_parse_unit_strv_printf(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
,
3110 rvalue
, data
, userdata
);
3114 for (a
= b
= u
->documentation
; a
&& *a
; a
++) {
3116 if (documentation_url_is_valid(*a
))
3119 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid URL, ignoring: %s", *a
);
3130 int config_parse_syscall_filter(
3132 const char *filename
,
3134 const char *section
,
3135 unsigned section_line
,
3142 ExecContext
*c
= data
;
3143 _unused_
const Unit
*u
= userdata
;
3144 bool invert
= false;
3152 if (isempty(rvalue
)) {
3153 /* Empty assignment resets the list */
3154 c
->syscall_filter
= hashmap_free(c
->syscall_filter
);
3155 c
->syscall_allow_list
= false;
3159 if (rvalue
[0] == '~') {
3164 if (!c
->syscall_filter
) {
3165 c
->syscall_filter
= hashmap_new(NULL
);
3166 if (!c
->syscall_filter
)
3170 /* Allow everything but the ones listed */
3171 c
->syscall_allow_list
= false;
3173 /* Allow nothing but the ones listed */
3174 c
->syscall_allow_list
= true;
3176 /* Accept default syscalls if we are on a allow_list */
3177 r
= seccomp_parse_syscall_filter(
3178 "@default", -1, c
->syscall_filter
,
3179 SECCOMP_PARSE_PERMISSIVE
|SECCOMP_PARSE_ALLOW_LIST
,
3187 for (const char *p
= rvalue
;;) {
3188 _cleanup_free_
char *word
= NULL
, *name
= NULL
;
3191 r
= extract_first_word(&p
, &word
, NULL
, 0);
3197 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
3201 r
= parse_syscall_and_errno(word
, &name
, &num
);
3203 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse syscall:errno, ignoring: %s", word
);
3207 r
= seccomp_parse_syscall_filter(
3208 name
, num
, c
->syscall_filter
,
3209 SECCOMP_PARSE_LOG
|SECCOMP_PARSE_PERMISSIVE
|
3210 (invert
? SECCOMP_PARSE_INVERT
: 0)|
3211 (c
->syscall_allow_list
? SECCOMP_PARSE_ALLOW_LIST
: 0),
3212 unit
, filename
, line
);
3218 int config_parse_syscall_log(
3220 const char *filename
,
3222 const char *section
,
3223 unsigned section_line
,
3230 ExecContext
*c
= data
;
3231 _unused_
const Unit
*u
= userdata
;
3232 bool invert
= false;
3241 if (isempty(rvalue
)) {
3242 /* Empty assignment resets the list */
3243 c
->syscall_log
= hashmap_free(c
->syscall_log
);
3244 c
->syscall_log_allow_list
= false;
3248 if (rvalue
[0] == '~') {
3253 if (!c
->syscall_log
) {
3254 c
->syscall_log
= hashmap_new(NULL
);
3255 if (!c
->syscall_log
)
3259 /* Log everything but the ones listed */
3260 c
->syscall_log_allow_list
= false;
3262 /* Log nothing but the ones listed */
3263 c
->syscall_log_allow_list
= true;
3268 _cleanup_free_
char *word
= NULL
, *name
= NULL
;
3271 r
= extract_first_word(&p
, &word
, NULL
, 0);
3277 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
3281 r
= parse_syscall_and_errno(word
, &name
, &num
);
3282 if (r
< 0 || num
>= 0) { /* errno code not allowed */
3283 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse syscall, ignoring: %s", word
);
3287 r
= seccomp_parse_syscall_filter(
3288 name
, 0, c
->syscall_log
,
3289 SECCOMP_PARSE_LOG
|SECCOMP_PARSE_PERMISSIVE
|
3290 (invert
? SECCOMP_PARSE_INVERT
: 0)|
3291 (c
->syscall_log_allow_list
? SECCOMP_PARSE_ALLOW_LIST
: 0),
3292 unit
, filename
, line
);
3298 int config_parse_syscall_archs(
3300 const char *filename
,
3302 const char *section
,
3303 unsigned section_line
,
3313 if (isempty(rvalue
)) {
3314 *archs
= set_free(*archs
);
3318 for (const char *p
= rvalue
;;) {
3319 _cleanup_free_
char *word
= NULL
;
3322 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3328 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3329 "Invalid syntax, ignoring: %s", rvalue
);
3333 r
= seccomp_arch_from_string(word
, &a
);
3335 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3336 "Failed to parse system call architecture \"%s\", ignoring: %m", word
);
3340 r
= set_ensure_put(archs
, NULL
, UINT32_TO_PTR(a
+ 1));
3346 int config_parse_syscall_errno(
3348 const char *filename
,
3350 const char *section
,
3351 unsigned section_line
,
3358 ExecContext
*c
= data
;
3365 if (isempty(rvalue
) || streq(rvalue
, "kill")) {
3366 /* Empty assignment resets to KILL */
3367 c
->syscall_errno
= SECCOMP_ERROR_NUMBER_KILL
;
3371 e
= parse_errno(rvalue
);
3373 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Failed to parse error number, ignoring: %s", rvalue
);
3377 c
->syscall_errno
= e
;
3381 int config_parse_address_families(
3383 const char *filename
,
3385 const char *section
,
3386 unsigned section_line
,
3393 ExecContext
*c
= data
;
3394 bool invert
= false;
3401 if (isempty(rvalue
)) {
3402 /* Empty assignment resets the list */
3403 c
->address_families
= set_free(c
->address_families
);
3404 c
->address_families_allow_list
= false;
3408 if (rvalue
[0] == '~') {
3413 if (!c
->address_families
) {
3414 c
->address_families
= set_new(NULL
);
3415 if (!c
->address_families
)
3418 c
->address_families_allow_list
= !invert
;
3421 for (const char *p
= rvalue
;;) {
3422 _cleanup_free_
char *word
= NULL
;
3425 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3431 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3432 "Invalid syntax, ignoring: %s", rvalue
);
3436 af
= af_from_name(word
);
3438 log_syntax(unit
, LOG_WARNING
, filename
, line
, af
,
3439 "Failed to parse address family, ignoring: %s", word
);
3443 /* If we previously wanted to forbid an address family and now
3444 * we want to allow it, then just remove it from the list.
3446 if (!invert
== c
->address_families_allow_list
) {
3447 r
= set_put(c
->address_families
, INT_TO_PTR(af
));
3451 set_remove(c
->address_families
, INT_TO_PTR(af
));
3455 int config_parse_restrict_namespaces(
3457 const char *filename
,
3459 const char *section
,
3460 unsigned section_line
,
3467 ExecContext
*c
= data
;
3468 unsigned long flags
;
3469 bool invert
= false;
3472 if (isempty(rvalue
)) {
3473 /* Reset to the default. */
3474 c
->restrict_namespaces
= NAMESPACE_FLAGS_INITIAL
;
3478 /* Boolean parameter ignores the previous settings */
3479 r
= parse_boolean(rvalue
);
3481 c
->restrict_namespaces
= 0;
3483 } else if (r
== 0) {
3484 c
->restrict_namespaces
= NAMESPACE_FLAGS_ALL
;
3488 if (rvalue
[0] == '~') {
3493 /* Not a boolean argument, in this case it's a list of namespace types. */
3494 r
= namespace_flags_from_string(rvalue
, &flags
);
3496 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse namespace type string, ignoring: %s", rvalue
);
3500 if (c
->restrict_namespaces
== NAMESPACE_FLAGS_INITIAL
)
3501 /* Initial assignment. Just set the value. */
3502 c
->restrict_namespaces
= invert
? (~flags
) & NAMESPACE_FLAGS_ALL
: flags
;
3504 /* Merge the value with the previous one. */
3505 SET_FLAG(c
->restrict_namespaces
, flags
, !invert
);
3511 int config_parse_unit_slice(
3513 const char *filename
,
3515 const char *section
,
3516 unsigned section_line
,
3523 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
3524 _cleanup_free_
char *k
= NULL
;
3525 Unit
*u
= userdata
, *slice
;
3533 r
= unit_name_printf(u
, rvalue
, &k
);
3535 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
3539 r
= manager_load_unit(u
->manager
, k
, NULL
, &error
, &slice
);
3541 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to load slice unit %s, ignoring: %s", k
, bus_error_message(&error
, r
));
3545 r
= unit_set_slice(u
, slice
);
3547 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to assign slice %s to unit %s, ignoring: %m", slice
->id
, u
->id
);
3554 int config_parse_cpu_quota(
3556 const char *filename
,
3558 const char *section
,
3559 unsigned section_line
,
3566 CGroupContext
*c
= data
;
3573 if (isempty(rvalue
)) {
3574 c
->cpu_quota_per_sec_usec
= USEC_INFINITY
;
3578 r
= parse_permille_unbounded(rvalue
);
3580 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid CPU quota '%s', ignoring.", rvalue
);
3584 c
->cpu_quota_per_sec_usec
= ((usec_t
) r
* USEC_PER_SEC
) / 1000U;
3588 int config_parse_allowed_cpus(
3590 const char *filename
,
3592 const char *section
,
3593 unsigned section_line
,
3600 CGroupContext
*c
= data
;
3602 (void) parse_cpu_set_extend(rvalue
, &c
->cpuset_cpus
, true, unit
, filename
, line
, lvalue
);
3607 int config_parse_allowed_mems(
3609 const char *filename
,
3611 const char *section
,
3612 unsigned section_line
,
3619 CGroupContext
*c
= data
;
3621 (void) parse_cpu_set_extend(rvalue
, &c
->cpuset_mems
, true, unit
, filename
, line
, lvalue
);
3626 int config_parse_memory_limit(
3628 const char *filename
,
3630 const char *section
,
3631 unsigned section_line
,
3638 CGroupContext
*c
= data
;
3639 uint64_t bytes
= CGROUP_LIMIT_MAX
;
3642 if (isempty(rvalue
) && STR_IN_SET(lvalue
, "DefaultMemoryLow",
3646 bytes
= CGROUP_LIMIT_MIN
;
3647 else if (!isempty(rvalue
) && !streq(rvalue
, "infinity")) {
3649 r
= parse_permille(rvalue
);
3651 r
= parse_size(rvalue
, 1024, &bytes
);
3653 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid memory limit '%s', ignoring: %m", rvalue
);
3657 bytes
= physical_memory_scale(r
, 1000U);
3659 if (bytes
>= UINT64_MAX
||
3660 (bytes
<= 0 && !STR_IN_SET(lvalue
, "MemorySwapMax", "MemoryLow", "MemoryMin", "DefaultMemoryLow", "DefaultMemoryMin"))) {
3661 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Memory limit '%s' out of range, ignoring.", rvalue
);
3666 if (streq(lvalue
, "DefaultMemoryLow")) {
3667 c
->default_memory_low
= bytes
;
3668 c
->default_memory_low_set
= true;
3669 } else if (streq(lvalue
, "DefaultMemoryMin")) {
3670 c
->default_memory_min
= bytes
;
3671 c
->default_memory_min_set
= true;
3672 } else if (streq(lvalue
, "MemoryMin")) {
3673 c
->memory_min
= bytes
;
3674 c
->memory_min_set
= true;
3675 } else if (streq(lvalue
, "MemoryLow")) {
3676 c
->memory_low
= bytes
;
3677 c
->memory_low_set
= true;
3678 } else if (streq(lvalue
, "MemoryHigh"))
3679 c
->memory_high
= bytes
;
3680 else if (streq(lvalue
, "MemoryMax"))
3681 c
->memory_max
= bytes
;
3682 else if (streq(lvalue
, "MemorySwapMax"))
3683 c
->memory_swap_max
= bytes
;
3684 else if (streq(lvalue
, "MemoryLimit"))
3685 c
->memory_limit
= bytes
;
3692 int config_parse_tasks_max(
3694 const char *filename
,
3696 const char *section
,
3697 unsigned section_line
,
3704 const Unit
*u
= userdata
;
3705 TasksMax
*tasks_max
= data
;
3709 if (isempty(rvalue
)) {
3710 *tasks_max
= u
? u
->manager
->default_tasks_max
: TASKS_MAX_UNSET
;
3714 if (streq(rvalue
, "infinity")) {
3715 *tasks_max
= TASKS_MAX_UNSET
;
3719 r
= parse_permille(rvalue
);
3721 *tasks_max
= (TasksMax
) { r
, 1000U }; /* r‰ */
3723 r
= safe_atou64(rvalue
, &v
);
3725 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid maximum tasks value '%s', ignoring: %m", rvalue
);
3729 if (v
<= 0 || v
>= UINT64_MAX
) {
3730 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Maximum tasks value '%s' out of range, ignoring.", rvalue
);
3734 *tasks_max
= (TasksMax
) { v
};
3740 int config_parse_delegate(
3742 const char *filename
,
3744 const char *section
,
3745 unsigned section_line
,
3752 CGroupContext
*c
= data
;
3756 t
= unit_name_to_type(unit
);
3757 assert(t
!= _UNIT_TYPE_INVALID
);
3759 if (!unit_vtable
[t
]->can_delegate
) {
3760 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Delegate= setting not supported for this unit type, ignoring.");
3764 /* We either accept a boolean value, which may be used to turn on delegation for all controllers, or turn it
3765 * off for all. Or it takes a list of controller names, in which case we add the specified controllers to the
3766 * mask to delegate. */
3768 if (isempty(rvalue
)) {
3769 /* An empty string resets controllers and set Delegate=yes. */
3771 c
->delegate_controllers
= 0;
3775 r
= parse_boolean(rvalue
);
3777 CGroupMask mask
= 0;
3779 for (const char *p
= rvalue
;;) {
3780 _cleanup_free_
char *word
= NULL
;
3781 CGroupController cc
;
3783 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3789 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
3793 cc
= cgroup_controller_from_string(word
);
3795 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid controller name '%s', ignoring", word
);
3799 mask
|= CGROUP_CONTROLLER_TO_MASK(cc
);
3803 c
->delegate_controllers
|= mask
;
3807 c
->delegate_controllers
= _CGROUP_MASK_ALL
;
3809 c
->delegate
= false;
3810 c
->delegate_controllers
= 0;
3816 int config_parse_managed_oom_mode(
3818 const char *filename
,
3820 const char *section
,
3821 unsigned section_line
,
3827 ManagedOOMMode
*mode
= data
, m
;
3830 t
= unit_name_to_type(unit
);
3831 assert(t
!= _UNIT_TYPE_INVALID
);
3833 if (!unit_vtable
[t
]->can_set_managed_oom
)
3834 return log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "%s= is not supported for this unit type, ignoring.", lvalue
);
3836 if (isempty(rvalue
)) {
3837 *mode
= MANAGED_OOM_AUTO
;
3841 m
= managed_oom_mode_from_string(rvalue
);
3843 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid syntax, ignoring: %s", rvalue
);
3850 int config_parse_managed_oom_mem_pressure_limit(
3852 const char *filename
,
3854 const char *section
,
3855 unsigned section_line
,
3865 t
= unit_name_to_type(unit
);
3866 assert(t
!= _UNIT_TYPE_INVALID
);
3868 if (!unit_vtable
[t
]->can_set_managed_oom
)
3869 return log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "%s= is not supported for this unit type, ignoring.", lvalue
);
3871 if (isempty(rvalue
)) {
3876 r
= parse_percent(rvalue
);
3878 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse limit percent value, ignoring: %s", rvalue
);
3886 int config_parse_device_allow(
3888 const char *filename
,
3890 const char *section
,
3891 unsigned section_line
,
3898 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
3899 CGroupContext
*c
= data
;
3900 const char *p
= rvalue
;
3903 if (isempty(rvalue
)) {
3904 while (c
->device_allow
)
3905 cgroup_context_free_device_allow(c
, c
->device_allow
);
3910 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
3914 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3915 "Invalid syntax, ignoring: %s", rvalue
);
3919 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
3920 "Failed to extract device path and rights from '%s', ignoring.", rvalue
);
3924 r
= unit_full_printf(userdata
, path
, &resolved
);
3926 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3927 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
3931 if (!STARTSWITH_SET(resolved
, "block-", "char-")) {
3933 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
3937 if (!valid_device_node_path(resolved
)) {
3938 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid device node path '%s', ignoring.", resolved
);
3943 if (!isempty(p
) && !in_charset(p
, "rwm")) {
3944 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid device rights '%s', ignoring.", p
);
3948 return cgroup_add_device_allow(c
, resolved
, p
);
3951 int config_parse_io_device_weight(
3953 const char *filename
,
3955 const char *section
,
3956 unsigned section_line
,
3963 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
3964 CGroupIODeviceWeight
*w
;
3965 CGroupContext
*c
= data
;
3966 const char *p
= rvalue
;
3974 if (isempty(rvalue
)) {
3975 while (c
->io_device_weights
)
3976 cgroup_context_free_io_device_weight(c
, c
->io_device_weights
);
3981 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
3985 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3986 "Invalid syntax, ignoring: %s", rvalue
);
3989 if (r
== 0 || isempty(p
)) {
3990 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
3991 "Failed to extract device path and weight from '%s', ignoring.", rvalue
);
3995 r
= unit_full_printf(userdata
, path
, &resolved
);
3997 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3998 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4002 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4006 r
= cg_weight_parse(p
, &u
);
4008 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "IO weight '%s' invalid, ignoring: %m", p
);
4012 assert(u
!= CGROUP_WEIGHT_INVALID
);
4014 w
= new0(CGroupIODeviceWeight
, 1);
4018 w
->path
= TAKE_PTR(resolved
);
4021 LIST_PREPEND(device_weights
, c
->io_device_weights
, w
);
4025 int config_parse_io_device_latency(
4027 const char *filename
,
4029 const char *section
,
4030 unsigned section_line
,
4037 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4038 CGroupIODeviceLatency
*l
;
4039 CGroupContext
*c
= data
;
4040 const char *p
= rvalue
;
4048 if (isempty(rvalue
)) {
4049 while (c
->io_device_latencies
)
4050 cgroup_context_free_io_device_latency(c
, c
->io_device_latencies
);
4055 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4059 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4060 "Invalid syntax, ignoring: %s", rvalue
);
4063 if (r
== 0 || isempty(p
)) {
4064 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4065 "Failed to extract device path and latency from '%s', ignoring.", rvalue
);
4069 r
= unit_full_printf(userdata
, path
, &resolved
);
4071 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4072 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4076 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4080 r
= parse_sec(p
, &usec
);
4082 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse timer value, ignoring: %s", p
);
4086 l
= new0(CGroupIODeviceLatency
, 1);
4090 l
->path
= TAKE_PTR(resolved
);
4091 l
->target_usec
= usec
;
4093 LIST_PREPEND(device_latencies
, c
->io_device_latencies
, l
);
4097 int config_parse_io_limit(
4099 const char *filename
,
4101 const char *section
,
4102 unsigned section_line
,
4109 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4110 CGroupIODeviceLimit
*l
= NULL
, *t
;
4111 CGroupContext
*c
= data
;
4112 CGroupIOLimitType type
;
4113 const char *p
= rvalue
;
4121 type
= cgroup_io_limit_type_from_string(lvalue
);
4124 if (isempty(rvalue
)) {
4125 LIST_FOREACH(device_limits
, l
, c
->io_device_limits
)
4126 l
->limits
[type
] = cgroup_io_limit_defaults
[type
];
4130 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4134 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4135 "Invalid syntax, ignoring: %s", rvalue
);
4138 if (r
== 0 || isempty(p
)) {
4139 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4140 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue
);
4144 r
= unit_full_printf(userdata
, path
, &resolved
);
4146 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4147 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4151 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4155 if (streq("infinity", p
))
4156 num
= CGROUP_LIMIT_MAX
;
4158 r
= parse_size(p
, 1000, &num
);
4159 if (r
< 0 || num
<= 0) {
4160 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid IO limit '%s', ignoring.", p
);
4165 LIST_FOREACH(device_limits
, t
, c
->io_device_limits
) {
4166 if (path_equal(resolved
, t
->path
)) {
4173 CGroupIOLimitType ttype
;
4175 l
= new0(CGroupIODeviceLimit
, 1);
4179 l
->path
= TAKE_PTR(resolved
);
4180 for (ttype
= 0; ttype
< _CGROUP_IO_LIMIT_TYPE_MAX
; ttype
++)
4181 l
->limits
[ttype
] = cgroup_io_limit_defaults
[ttype
];
4183 LIST_PREPEND(device_limits
, c
->io_device_limits
, l
);
4186 l
->limits
[type
] = num
;
4191 int config_parse_blockio_device_weight(
4193 const char *filename
,
4195 const char *section
,
4196 unsigned section_line
,
4203 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4204 CGroupBlockIODeviceWeight
*w
;
4205 CGroupContext
*c
= data
;
4206 const char *p
= rvalue
;
4214 if (isempty(rvalue
)) {
4215 while (c
->blockio_device_weights
)
4216 cgroup_context_free_blockio_device_weight(c
, c
->blockio_device_weights
);
4221 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4225 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4226 "Invalid syntax, ignoring: %s", rvalue
);
4229 if (r
== 0 || isempty(p
)) {
4230 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4231 "Failed to extract device node and weight from '%s', ignoring.", rvalue
);
4235 r
= unit_full_printf(userdata
, path
, &resolved
);
4237 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4238 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4242 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4246 r
= cg_blkio_weight_parse(p
, &u
);
4248 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid block IO weight '%s', ignoring: %m", p
);
4252 assert(u
!= CGROUP_BLKIO_WEIGHT_INVALID
);
4254 w
= new0(CGroupBlockIODeviceWeight
, 1);
4258 w
->path
= TAKE_PTR(resolved
);
4261 LIST_PREPEND(device_weights
, c
->blockio_device_weights
, w
);
4265 int config_parse_blockio_bandwidth(
4267 const char *filename
,
4269 const char *section
,
4270 unsigned section_line
,
4277 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4278 CGroupBlockIODeviceBandwidth
*b
= NULL
, *t
;
4279 CGroupContext
*c
= data
;
4280 const char *p
= rvalue
;
4289 read
= streq("BlockIOReadBandwidth", lvalue
);
4291 if (isempty(rvalue
)) {
4292 LIST_FOREACH(device_bandwidths
, b
, c
->blockio_device_bandwidths
) {
4293 b
->rbps
= CGROUP_LIMIT_MAX
;
4294 b
->wbps
= CGROUP_LIMIT_MAX
;
4299 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4303 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4304 "Invalid syntax, ignoring: %s", rvalue
);
4307 if (r
== 0 || isempty(p
)) {
4308 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4309 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue
);
4313 r
= unit_full_printf(userdata
, path
, &resolved
);
4315 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4316 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4320 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4324 r
= parse_size(p
, 1000, &bytes
);
4325 if (r
< 0 || bytes
<= 0) {
4326 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid Block IO Bandwidth '%s', ignoring.", p
);
4330 LIST_FOREACH(device_bandwidths
, t
, c
->blockio_device_bandwidths
) {
4331 if (path_equal(resolved
, t
->path
)) {
4338 b
= new0(CGroupBlockIODeviceBandwidth
, 1);
4342 b
->path
= TAKE_PTR(resolved
);
4343 b
->rbps
= CGROUP_LIMIT_MAX
;
4344 b
->wbps
= CGROUP_LIMIT_MAX
;
4346 LIST_PREPEND(device_bandwidths
, c
->blockio_device_bandwidths
, b
);
4357 int config_parse_job_mode_isolate(
4359 const char *filename
,
4361 const char *section
,
4362 unsigned section_line
,
4376 r
= parse_boolean(rvalue
);
4378 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse boolean, ignoring: %s", rvalue
);
4382 log_notice("%s is deprecated. Please use OnFailureJobMode= instead", lvalue
);
4384 *m
= r
? JOB_ISOLATE
: JOB_REPLACE
;
4388 int config_parse_exec_directories(
4390 const char *filename
,
4392 const char *section
,
4393 unsigned section_line
,
4401 const Unit
*u
= userdata
;
4409 if (isempty(rvalue
)) {
4410 /* Empty assignment resets the list */
4411 *rt
= strv_free(*rt
);
4415 for (const char *p
= rvalue
;;) {
4416 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
4418 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
4422 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4423 "Invalid syntax, ignoring: %s", rvalue
);
4429 r
= unit_full_printf(u
, word
, &k
);
4431 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4432 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word
);
4436 r
= path_simplify_and_warn(k
, PATH_CHECK_RELATIVE
, unit
, filename
, line
, lvalue
);
4440 if (path_startswith(k
, "private")) {
4441 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4442 "%s= path can't be 'private', ignoring assignment: %s", lvalue
, word
);
4446 r
= strv_push(rt
, k
);
4453 int config_parse_set_credential(
4455 const char *filename
,
4457 const char *section
,
4458 unsigned section_line
,
4465 _cleanup_free_
char *word
= NULL
, *k
= NULL
, *unescaped
= NULL
;
4466 ExecContext
*context
= data
;
4467 ExecSetCredential
*old
;
4477 if (isempty(rvalue
)) {
4478 /* Empty assignment resets the list */
4479 context
->set_credentials
= hashmap_free(context
->set_credentials
);
4484 r
= extract_first_word(&p
, &word
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
4488 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
4492 r
= unit_full_printf(u
, word
, &k
);
4494 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word
);
4497 if (!credential_name_valid(k
)) {
4498 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Credential name \"%s\" not valid, ignoring.", k
);
4502 /* We support escape codes here, so that users can insert trailing \n if they like */
4503 l
= cunescape(p
, UNESCAPE_ACCEPT_NUL
, &unescaped
);
4505 log_syntax(unit
, LOG_WARNING
, filename
, line
, l
, "Can't unescape \"%s\", ignoring: %m", p
);
4509 old
= hashmap_get(context
->set_credentials
, k
);
4511 free_and_replace(old
->data
, unescaped
);
4514 _cleanup_(exec_set_credential_freep
) ExecSetCredential
*sc
= NULL
;
4516 sc
= new0(ExecSetCredential
, 1);
4520 sc
->id
= TAKE_PTR(k
);
4521 sc
->data
= TAKE_PTR(unescaped
);
4524 r
= hashmap_ensure_allocated(&context
->set_credentials
, &exec_set_credential_hash_ops
);
4528 r
= hashmap_put(context
->set_credentials
, sc
->id
, sc
);
4538 int config_parse_load_credential(
4540 const char *filename
,
4542 const char *section
,
4543 unsigned section_line
,
4550 _cleanup_free_
char *word
= NULL
, *k
= NULL
, *q
= NULL
;
4551 ExecContext
*context
= data
;
4561 if (isempty(rvalue
)) {
4562 /* Empty assignment resets the list */
4563 context
->load_credentials
= strv_free(context
->load_credentials
);
4568 r
= extract_first_word(&p
, &word
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
4572 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
4576 r
= unit_full_printf(u
, word
, &k
);
4578 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word
);
4581 if (!credential_name_valid(k
)) {
4582 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Credential name \"%s\" not valid, ignoring.", k
);
4585 r
= unit_full_printf(u
, p
, &q
);
4587 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", p
);
4590 if (path_is_absolute(q
) ? !path_is_normalized(q
) : !credential_name_valid(q
)) {
4591 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Credential source \"%s\" not valid, ignoring.", q
);
4595 r
= strv_consume_pair(&context
->load_credentials
, TAKE_PTR(k
), TAKE_PTR(q
));
4602 int config_parse_set_status(
4604 const char *filename
,
4606 const char *section
,
4607 unsigned section_line
,
4614 ExitStatusSet
*status_set
= data
;
4622 /* Empty assignment resets the list */
4623 if (isempty(rvalue
)) {
4624 exit_status_set_free(status_set
);
4628 for (const char *p
= rvalue
;;) {
4629 _cleanup_free_
char *word
= NULL
;
4632 r
= extract_first_word(&p
, &word
, NULL
, 0);
4636 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4637 "Failed to parse %s=%s, ignoring: %m", lvalue
, rvalue
);
4643 /* We need to call exit_status_from_string() first, because we want
4644 * to parse numbers as exit statuses, not signals. */
4646 r
= exit_status_from_string(word
);
4648 assert(r
>= 0 && r
< 256);
4649 bitmap
= &status_set
->status
;
4651 r
= signal_from_string(word
);
4653 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4654 "Failed to parse value, ignoring: %s", word
);
4657 bitmap
= &status_set
->signal
;
4660 r
= bitmap_set(bitmap
, r
);
4662 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4663 "Failed to set signal or status %s, ignoring: %m", word
);
4667 int config_parse_namespace_path_strv(
4669 const char *filename
,
4671 const char *section
,
4672 unsigned section_line
,
4679 const Unit
*u
= userdata
;
4688 if (isempty(rvalue
)) {
4689 /* Empty assignment resets the list */
4690 *sv
= strv_free(*sv
);
4694 for (const char *p
= rvalue
;;) {
4695 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
, *joined
= NULL
;
4697 bool ignore_enoent
= false, shall_prefix
= false;
4699 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
4705 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract first word, ignoring: %s", rvalue
);
4710 if (startswith(w
, "-")) {
4711 ignore_enoent
= true;
4714 if (startswith(w
, "+")) {
4715 shall_prefix
= true;
4719 r
= unit_full_printf(u
, w
, &resolved
);
4721 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", w
);
4725 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
4729 joined
= strjoin(ignore_enoent
? "-" : "",
4730 shall_prefix
? "+" : "",
4733 r
= strv_push(sv
, joined
);
4743 int config_parse_temporary_filesystems(
4745 const char *filename
,
4747 const char *section
,
4748 unsigned section_line
,
4755 const Unit
*u
= userdata
;
4756 ExecContext
*c
= data
;
4764 if (isempty(rvalue
)) {
4765 /* Empty assignment resets the list */
4766 temporary_filesystem_free_many(c
->temporary_filesystems
, c
->n_temporary_filesystems
);
4767 c
->temporary_filesystems
= NULL
;
4768 c
->n_temporary_filesystems
= 0;
4772 for (const char *p
= rvalue
;;) {
4773 _cleanup_free_
char *word
= NULL
, *path
= NULL
, *resolved
= NULL
;
4776 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
4782 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract first word, ignoring: %s", rvalue
);
4787 r
= extract_first_word(&w
, &path
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
4791 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract first word, ignoring: %s", word
);
4795 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid syntax, ignoring: %s", word
);
4799 r
= unit_full_printf(u
, path
, &resolved
);
4801 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", path
);
4805 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
4809 r
= temporary_filesystem_add(&c
->temporary_filesystems
, &c
->n_temporary_filesystems
, resolved
, w
);
4815 int config_parse_bind_paths(
4817 const char *filename
,
4819 const char *section
,
4820 unsigned section_line
,
4827 ExecContext
*c
= data
;
4828 const Unit
*u
= userdata
;
4836 if (isempty(rvalue
)) {
4837 /* Empty assignment resets the list */
4838 bind_mount_free_many(c
->bind_mounts
, c
->n_bind_mounts
);
4839 c
->bind_mounts
= NULL
;
4840 c
->n_bind_mounts
= 0;
4844 for (const char *p
= rvalue
;;) {
4845 _cleanup_free_
char *source
= NULL
, *destination
= NULL
;
4846 _cleanup_free_
char *sresolved
= NULL
, *dresolved
= NULL
;
4847 char *s
= NULL
, *d
= NULL
;
4848 bool rbind
= true, ignore_enoent
= false;
4850 r
= extract_first_word(&p
, &source
, ":" WHITESPACE
, EXTRACT_UNQUOTE
|EXTRACT_DONT_COALESCE_SEPARATORS
);
4856 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s, ignoring: %s", lvalue
, rvalue
);
4860 r
= unit_full_printf(u
, source
, &sresolved
);
4862 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4863 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", source
);
4869 ignore_enoent
= true;
4873 r
= path_simplify_and_warn(s
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
4877 /* Optionally, the destination is specified. */
4878 if (p
&& p
[-1] == ':') {
4879 r
= extract_first_word(&p
, &destination
, ":" WHITESPACE
, EXTRACT_UNQUOTE
|EXTRACT_DONT_COALESCE_SEPARATORS
);
4883 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s, ignoring: %s", lvalue
, rvalue
);
4887 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Missing argument after ':', ignoring: %s", s
);
4891 r
= unit_full_printf(u
, destination
, &dresolved
);
4893 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4894 "Failed to resolve specifiers in \"%s\", ignoring: %m", destination
);
4898 r
= path_simplify_and_warn(dresolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
4904 /* Optionally, there's also a short option string specified */
4905 if (p
&& p
[-1] == ':') {
4906 _cleanup_free_
char *options
= NULL
;
4908 r
= extract_first_word(&p
, &options
, NULL
, EXTRACT_UNQUOTE
);
4912 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s: %s", lvalue
, rvalue
);
4916 if (isempty(options
) || streq(options
, "rbind"))
4918 else if (streq(options
, "norbind"))
4921 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid option string, ignoring setting: %s", options
);
4928 r
= bind_mount_add(&c
->bind_mounts
, &c
->n_bind_mounts
,
4932 .read_only
= !!strstr(lvalue
, "ReadOnly"),
4934 .ignore_enoent
= ignore_enoent
,
4943 int config_parse_mount_images(
4945 const char *filename
,
4947 const char *section
,
4948 unsigned section_line
,
4955 ExecContext
*c
= data
;
4956 const Unit
*u
= userdata
;
4964 if (isempty(rvalue
)) {
4965 /* Empty assignment resets the list */
4966 c
->mount_images
= mount_image_free_many(c
->mount_images
, &c
->n_mount_images
);
4970 for (const char *p
= rvalue
;;) {
4971 _cleanup_(mount_options_free_allp
) MountOptions
*options
= NULL
;
4972 _cleanup_free_
char *first
= NULL
, *second
= NULL
, *tuple
= NULL
;
4973 _cleanup_free_
char *sresolved
= NULL
, *dresolved
= NULL
;
4974 const char *q
= NULL
;
4976 bool permissive
= false;
4978 r
= extract_first_word(&p
, &tuple
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_RETAIN_ESCAPE
);
4982 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4983 "Invalid syntax %s=%s, ignoring: %m", lvalue
, rvalue
);
4990 r
= extract_many_words(&q
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
, &first
, &second
, NULL
);
4994 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4995 "Invalid syntax in %s=, ignoring: %s", lvalue
, tuple
);
5001 r
= unit_full_printf(u
, first
, &sresolved
);
5003 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5004 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", first
);
5014 r
= path_simplify_and_warn(s
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5018 if (isempty(second
)) {
5019 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Missing destination in %s, ignoring: %s", lvalue
, rvalue
);
5023 r
= unit_full_printf(u
, second
, &dresolved
);
5025 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5026 "Failed to resolve specifiers in \"%s\", ignoring: %m", second
);
5030 r
= path_simplify_and_warn(dresolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5035 _cleanup_free_
char *partition
= NULL
, *mount_options
= NULL
, *mount_options_resolved
= NULL
;
5036 MountOptions
*o
= NULL
;
5037 PartitionDesignator partition_designator
;
5039 r
= extract_many_words(&q
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
, &partition
, &mount_options
, NULL
);
5043 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", q
);
5048 /* Single set of options, applying to the root partition/single filesystem */
5050 r
= unit_full_printf(u
, partition
, &mount_options_resolved
);
5052 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", first
);
5056 o
= new(MountOptions
, 1);
5059 *o
= (MountOptions
) {
5060 .partition_designator
= PARTITION_ROOT
,
5061 .options
= TAKE_PTR(mount_options_resolved
),
5063 LIST_APPEND(mount_options
, options
, o
);
5068 partition_designator
= partition_designator_from_string(partition
);
5069 if (partition_designator
< 0) {
5070 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid partition name %s, ignoring", partition
);
5073 r
= unit_full_printf(u
, mount_options
, &mount_options_resolved
);
5075 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options
);
5079 o
= new(MountOptions
, 1);
5082 *o
= (MountOptions
) {
5083 .partition_designator
= partition_designator
,
5084 .options
= TAKE_PTR(mount_options_resolved
),
5086 LIST_APPEND(mount_options
, options
, o
);
5089 r
= mount_image_add(&c
->mount_images
, &c
->n_mount_images
,
5092 .destination
= dresolved
,
5093 .mount_options
= options
,
5094 .ignore_enoent
= permissive
,
5101 int config_parse_job_timeout_sec(
5103 const char *filename
,
5105 const char *section
,
5106 unsigned section_line
,
5122 r
= parse_sec_fix_0(rvalue
, &usec
);
5124 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse JobTimeoutSec= parameter, ignoring: %s", rvalue
);
5128 /* If the user explicitly changed JobTimeoutSec= also change JobRunningTimeoutSec=, for compatibility with old
5129 * versions. If JobRunningTimeoutSec= was explicitly set, avoid this however as whatever the user picked should
5132 if (!u
->job_running_timeout_set
)
5133 u
->job_running_timeout
= usec
;
5135 u
->job_timeout
= usec
;
5140 int config_parse_job_running_timeout_sec(
5142 const char *filename
,
5144 const char *section
,
5145 unsigned section_line
,
5161 r
= parse_sec_fix_0(rvalue
, &usec
);
5163 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse JobRunningTimeoutSec= parameter, ignoring: %s", rvalue
);
5167 u
->job_running_timeout
= usec
;
5168 u
->job_running_timeout_set
= true;
5173 int config_parse_emergency_action(
5175 const char *filename
,
5177 const char *section
,
5178 unsigned section_line
,
5186 EmergencyAction
*x
= data
;
5195 m
= ((Unit
*) userdata
)->manager
;
5199 r
= parse_emergency_action(rvalue
, MANAGER_IS_SYSTEM(m
), x
);
5201 if (r
== -EOPNOTSUPP
&& MANAGER_IS_USER(m
)) {
5202 /* Compat mode: remove for systemd 241. */
5204 log_syntax(unit
, LOG_INFO
, filename
, line
, r
,
5205 "%s= in user mode specified as \"%s\", using \"exit-force\" instead.",
5207 *x
= EMERGENCY_ACTION_EXIT_FORCE
;
5211 if (r
== -EOPNOTSUPP
)
5212 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5213 "%s= specified as %s mode action, ignoring: %s",
5214 lvalue
, MANAGER_IS_SYSTEM(m
) ? "user" : "system", rvalue
);
5216 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5217 "Failed to parse %s=, ignoring: %s", lvalue
, rvalue
);
5224 int config_parse_pid_file(
5226 const char *filename
,
5228 const char *section
,
5229 unsigned section_line
,
5236 _cleanup_free_
char *k
= NULL
, *n
= NULL
;
5237 const Unit
*u
= userdata
;
5246 if (isempty(rvalue
)) {
5247 /* An empty assignment removes already set value. */
5252 r
= unit_full_printf(u
, rvalue
, &k
);
5254 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
5258 /* If this is a relative path make it absolute by prefixing the /run */
5259 n
= path_make_absolute(k
, u
->manager
->prefix
[EXEC_DIRECTORY_RUNTIME
]);
5263 /* Check that the result is a sensible path */
5264 r
= path_simplify_and_warn(n
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5268 r
= patch_var_run(unit
, filename
, line
, lvalue
, &n
);
5272 free_and_replace(*s
, n
);
5276 int config_parse_exit_status(
5278 const char *filename
,
5280 const char *section
,
5281 unsigned section_line
,
5288 int *exit_status
= data
, r
;
5294 assert(exit_status
);
5296 if (isempty(rvalue
)) {
5301 r
= safe_atou8(rvalue
, &u
);
5303 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse exit status '%s', ignoring: %m", rvalue
);
5311 int config_parse_disable_controllers(
5313 const char *filename
,
5315 const char *section
,
5316 unsigned section_line
,
5324 CGroupContext
*c
= data
;
5325 CGroupMask disabled_mask
;
5327 /* 1. If empty, make all controllers eligible for use again.
5328 * 2. If non-empty, merge all listed controllers, space separated. */
5330 if (isempty(rvalue
)) {
5331 c
->disable_controllers
= 0;
5335 r
= cg_mask_from_string(rvalue
, &disabled_mask
);
5336 if (r
< 0 || disabled_mask
<= 0) {
5337 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid cgroup string: %s, ignoring", rvalue
);
5341 c
->disable_controllers
|= disabled_mask
;
5346 int config_parse_ip_filter_bpf_progs(
5348 const char *filename
,
5350 const char *section
,
5351 unsigned section_line
,
5358 _cleanup_free_
char *resolved
= NULL
;
5359 const Unit
*u
= userdata
;
5360 char ***paths
= data
;
5368 if (isempty(rvalue
)) {
5369 *paths
= strv_free(*paths
);
5373 r
= unit_full_printf(u
, rvalue
, &resolved
);
5375 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
5379 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5383 if (strv_contains(*paths
, resolved
))
5386 r
= strv_extend(paths
, resolved
);
5390 r
= bpf_firewall_supported();
5393 if (r
!= BPF_FIREWALL_SUPPORTED_WITH_MULTI
) {
5394 static bool warned
= false;
5396 log_full(warned
? LOG_DEBUG
: LOG_WARNING
,
5397 "File %s:%u configures an IP firewall with BPF programs (%s=%s), but the local system does not support BPF/cgroup based firewalling with multiple filters.\n"
5398 "Starting this unit will fail! (This warning is only shown for the first loaded unit using IP firewalling.)", filename
, line
, lvalue
, rvalue
);
5406 static int merge_by_names(Unit
**u
, Set
*names
, const char *id
) {
5413 /* Let's try to add in all names that are aliases of this unit */
5414 while ((k
= set_steal_first(names
))) {
5415 _cleanup_free_ _unused_
char *free_k
= k
;
5417 /* First try to merge in the other name into our unit */
5418 r
= unit_merge_by_name(*u
, k
);
5422 /* Hmm, we couldn't merge the other unit into ours? Then let's try it the other way
5425 other
= manager_get_unit((*u
)->manager
, k
);
5427 return r
; /* return previous failure */
5429 r
= unit_merge(other
, *u
);
5434 return merge_by_names(u
, names
, NULL
);
5437 if (streq_ptr(id
, k
))
5438 unit_choose_id(*u
, id
);
5444 int unit_load_fragment(Unit
*u
) {
5445 const char *fragment
;
5446 _cleanup_set_free_free_ Set
*names
= NULL
;
5450 assert(u
->load_state
== UNIT_STUB
);
5454 u
->load_state
= UNIT_LOADED
;
5458 /* Possibly rebuild the fragment map to catch new units */
5459 r
= unit_file_build_name_map(&u
->manager
->lookup_paths
,
5460 &u
->manager
->unit_cache_timestamp_hash
,
5461 &u
->manager
->unit_id_map
,
5462 &u
->manager
->unit_name_map
,
5463 &u
->manager
->unit_path_cache
);
5465 return log_error_errno(r
, "Failed to rebuild name map: %m");
5467 r
= unit_file_find_fragment(u
->manager
->unit_id_map
,
5468 u
->manager
->unit_name_map
,
5472 if (r
< 0 && r
!= -ENOENT
)
5476 /* Open the file, check if this is a mask, otherwise read. */
5477 _cleanup_fclose_
FILE *f
= NULL
;
5480 /* Try to open the file name. A symlink is OK, for example for linked files or masks. We
5481 * expect that all symlinks within the lookup paths have been already resolved, but we don't
5482 * verify this here. */
5483 f
= fopen(fragment
, "re");
5485 return log_unit_notice_errno(u
, errno
, "Failed to open %s: %m", fragment
);
5487 if (fstat(fileno(f
), &st
) < 0)
5490 r
= free_and_strdup(&u
->fragment_path
, fragment
);
5494 if (null_or_empty(&st
)) {
5495 /* Unit file is masked */
5497 u
->load_state
= u
->perpetual
? UNIT_LOADED
: UNIT_MASKED
; /* don't allow perpetual units to ever be masked */
5498 u
->fragment_mtime
= 0;
5500 u
->load_state
= UNIT_LOADED
;
5501 u
->fragment_mtime
= timespec_load(&st
.st_mtim
);
5503 /* Now, parse the file contents */
5504 r
= config_parse(u
->id
, fragment
, f
,
5505 UNIT_VTABLE(u
)->sections
,
5506 config_item_perf_lookup
, load_fragment_gperf_lookup
,
5511 log_unit_notice_errno(u
, r
, "Unit configuration has fatal error, unit will not be started.");
5517 /* We do the merge dance here because for some unit types, the unit might have aliases which are not
5518 * declared in the file system. In particular, this is true (and frequent) for device and swap units.
5521 const char *id
= u
->id
;
5522 _cleanup_free_
char *free_id
= NULL
;
5525 id
= basename(fragment
);
5526 if (unit_name_is_valid(id
, UNIT_NAME_TEMPLATE
)) {
5527 assert(u
->instance
); /* If we're not trying to use a template for non-instanced unit,
5528 * this must be set. */
5530 r
= unit_name_replace_instance(id
, u
->instance
, &free_id
);
5532 return log_debug_errno(r
, "Failed to build id (%s + %s): %m", id
, u
->instance
);
5538 r
= merge_by_names(&merged
, names
, id
);
5543 u
->load_state
= UNIT_MERGED
;
5548 void unit_dump_config_items(FILE *f
) {
5549 static const struct {
5550 const ConfigParserCallback callback
;
5553 { config_parse_warn_compat
, "NOTSUPPORTED" },
5554 { config_parse_int
, "INTEGER" },
5555 { config_parse_unsigned
, "UNSIGNED" },
5556 { config_parse_iec_size
, "SIZE" },
5557 { config_parse_iec_uint64
, "SIZE" },
5558 { config_parse_si_uint64
, "SIZE" },
5559 { config_parse_bool
, "BOOLEAN" },
5560 { config_parse_string
, "STRING" },
5561 { config_parse_path
, "PATH" },
5562 { config_parse_unit_path_printf
, "PATH" },
5563 { config_parse_strv
, "STRING [...]" },
5564 { config_parse_exec_nice
, "NICE" },
5565 { config_parse_exec_oom_score_adjust
, "OOMSCOREADJUST" },
5566 { config_parse_exec_io_class
, "IOCLASS" },
5567 { config_parse_exec_io_priority
, "IOPRIORITY" },
5568 { config_parse_exec_cpu_sched_policy
, "CPUSCHEDPOLICY" },
5569 { config_parse_exec_cpu_sched_prio
, "CPUSCHEDPRIO" },
5570 { config_parse_exec_cpu_affinity
, "CPUAFFINITY" },
5571 { config_parse_mode
, "MODE" },
5572 { config_parse_unit_env_file
, "FILE" },
5573 { config_parse_exec_output
, "OUTPUT" },
5574 { config_parse_exec_input
, "INPUT" },
5575 { config_parse_log_facility
, "FACILITY" },
5576 { config_parse_log_level
, "LEVEL" },
5577 { config_parse_exec_secure_bits
, "SECUREBITS" },
5578 { config_parse_capability_set
, "BOUNDINGSET" },
5579 { config_parse_rlimit
, "LIMIT" },
5580 { config_parse_unit_deps
, "UNIT [...]" },
5581 { config_parse_exec
, "PATH [ARGUMENT [...]]" },
5582 { config_parse_service_type
, "SERVICETYPE" },
5583 { config_parse_service_restart
, "SERVICERESTART" },
5584 { config_parse_service_timeout_failure_mode
, "TIMEOUTMODE" },
5585 { config_parse_kill_mode
, "KILLMODE" },
5586 { config_parse_signal
, "SIGNAL" },
5587 { config_parse_socket_listen
, "SOCKET [...]" },
5588 { config_parse_socket_bind
, "SOCKETBIND" },
5589 { config_parse_socket_bindtodevice
, "NETWORKINTERFACE" },
5590 { config_parse_sec
, "SECONDS" },
5591 { config_parse_nsec
, "NANOSECONDS" },
5592 { config_parse_namespace_path_strv
, "PATH [...]" },
5593 { config_parse_bind_paths
, "PATH[:PATH[:OPTIONS]] [...]" },
5594 { config_parse_unit_requires_mounts_for
, "PATH [...]" },
5595 { config_parse_exec_mount_flags
, "MOUNTFLAG [...]" },
5596 { config_parse_unit_string_printf
, "STRING" },
5597 { config_parse_trigger_unit
, "UNIT" },
5598 { config_parse_timer
, "TIMER" },
5599 { config_parse_path_spec
, "PATH" },
5600 { config_parse_notify_access
, "ACCESS" },
5601 { config_parse_ip_tos
, "TOS" },
5602 { config_parse_unit_condition_path
, "CONDITION" },
5603 { config_parse_unit_condition_string
, "CONDITION" },
5604 { config_parse_unit_slice
, "SLICE" },
5605 { config_parse_documentation
, "URL" },
5606 { config_parse_service_timeout
, "SECONDS" },
5607 { config_parse_emergency_action
, "ACTION" },
5608 { config_parse_set_status
, "STATUS" },
5609 { config_parse_service_sockets
, "SOCKETS" },
5610 { config_parse_environ
, "ENVIRON" },
5612 { config_parse_syscall_filter
, "SYSCALLS" },
5613 { config_parse_syscall_archs
, "ARCHS" },
5614 { config_parse_syscall_errno
, "ERRNO" },
5615 { config_parse_syscall_log
, "SYSCALLS" },
5616 { config_parse_address_families
, "FAMILIES" },
5617 { config_parse_restrict_namespaces
, "NAMESPACES" },
5619 { config_parse_cpu_shares
, "SHARES" },
5620 { config_parse_cg_weight
, "WEIGHT" },
5621 { config_parse_memory_limit
, "LIMIT" },
5622 { config_parse_device_allow
, "DEVICE" },
5623 { config_parse_device_policy
, "POLICY" },
5624 { config_parse_io_limit
, "LIMIT" },
5625 { config_parse_io_device_weight
, "DEVICEWEIGHT" },
5626 { config_parse_io_device_latency
, "DEVICELATENCY" },
5627 { config_parse_blockio_bandwidth
, "BANDWIDTH" },
5628 { config_parse_blockio_weight
, "WEIGHT" },
5629 { config_parse_blockio_device_weight
, "DEVICEWEIGHT" },
5630 { config_parse_long
, "LONG" },
5631 { config_parse_socket_service
, "SERVICE" },
5633 { config_parse_exec_selinux_context
, "LABEL" },
5635 { config_parse_job_mode
, "MODE" },
5636 { config_parse_job_mode_isolate
, "BOOLEAN" },
5637 { config_parse_personality
, "PERSONALITY" },
5640 const char *prev
= NULL
;
5645 NULSTR_FOREACH(i
, load_fragment_gperf_nulstr
) {
5646 const char *rvalue
= "OTHER", *lvalue
;
5647 const ConfigPerfItem
*p
;
5652 assert_se(p
= load_fragment_gperf_lookup(i
, strlen(i
)));
5654 /* Hide legacy settings */
5655 if (p
->parse
== config_parse_warn_compat
&&
5656 p
->ltype
== DISABLED_LEGACY
)
5659 for (j
= 0; j
< ELEMENTSOF(table
); j
++)
5660 if (p
->parse
== table
[j
].callback
) {
5661 rvalue
= table
[j
].rvalue
;
5665 dot
= strchr(i
, '.');
5666 lvalue
= dot
? dot
+ 1 : i
;
5670 if (!prev
|| !strneq(prev
, i
, prefix_len
+1)) {
5674 fprintf(f
, "[%.*s]\n", (int) prefix_len
, i
);
5677 fprintf(f
, "%s=%s\n", lvalue
, rvalue
);
5682 int config_parse_cpu_affinity2(
5684 const char *filename
,
5686 const char *section
,
5687 unsigned section_line
,
5694 CPUSet
*affinity
= data
;
5698 (void) parse_cpu_set_extend(rvalue
, affinity
, true, unit
, filename
, line
, lvalue
);
5703 int config_parse_show_status(
5705 const char *filename
,
5707 const char *section
,
5708 unsigned section_line
,
5716 ShowStatus
*b
= data
;
5723 k
= parse_show_status(rvalue
, b
);
5725 log_syntax(unit
, LOG_WARNING
, filename
, line
, k
, "Failed to parse show status setting, ignoring: %s", rvalue
);
5730 int config_parse_output_restricted(
5732 const char *filename
,
5734 const char *section
,
5735 unsigned section_line
,
5742 ExecOutput t
, *eo
= data
;
5743 bool obsolete
= false;
5750 if (streq(rvalue
, "syslog")) {
5751 t
= EXEC_OUTPUT_JOURNAL
;
5753 } else if (streq(rvalue
, "syslog+console")) {
5754 t
= EXEC_OUTPUT_JOURNAL_AND_CONSOLE
;
5757 t
= exec_output_from_string(rvalue
);
5759 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Failed to parse output type, ignoring: %s", rvalue
);
5763 if (IN_SET(t
, EXEC_OUTPUT_SOCKET
, EXEC_OUTPUT_NAMED_FD
, EXEC_OUTPUT_FILE
, EXEC_OUTPUT_FILE_APPEND
)) {
5764 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Standard output types socket, fd:, file:, append: are not supported as defaults, ignoring: %s", rvalue
);
5770 log_syntax(unit
, LOG_NOTICE
, filename
, line
, 0,
5771 "Standard output type %s is obsolete, automatically updating to %s. Please update your configuration.",
5772 rvalue
, exec_output_to_string(t
));
5778 int config_parse_crash_chvt(
5780 const char *filename
,
5782 const char *section
,
5783 unsigned section_line
,
5797 r
= parse_crash_chvt(rvalue
, data
);
5799 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse CrashChangeVT= setting, ignoring: %s", rvalue
);
5804 int config_parse_swap_priority(
5806 const char *filename
,
5808 const char *section
,
5809 unsigned section_line
,
5825 if (isempty(rvalue
)) {
5826 s
->parameters_fragment
.priority
= -1;
5827 s
->parameters_fragment
.priority_set
= false;
5831 r
= safe_atoi(rvalue
, &priority
);
5833 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid swap priority '%s', ignoring.", rvalue
);
5837 if (priority
< -1) {
5838 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Sorry, swap priorities smaller than -1 may only be assigned by the kernel itself, ignoring: %s", rvalue
);
5842 if (priority
> 32767) {
5843 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Swap priority out of range, ignoring: %s", rvalue
);
5847 s
->parameters_fragment
.priority
= priority
;
5848 s
->parameters_fragment
.priority_set
= true;