]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/load-fragment.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #18007 from fw-strlen/ipv6_masq_and_dnat
[thirdparty/systemd.git] / src / core / load-fragment.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2 /***
3 Copyright © 2012 Holger Hans Peter Freyther
4 ***/
5
6 #include <errno.h>
7 #include <fcntl.h>
8 #include <linux/fs.h>
9 #include <linux/oom.h>
10 #if HAVE_SECCOMP
11 #include <seccomp.h>
12 #endif
13 #include <sched.h>
14 #include <sys/resource.h>
15
16 #include "sd-messages.h"
17
18 #include "af-list.h"
19 #include "alloc-util.h"
20 #include "all-units.h"
21 #include "bpf-firewall.h"
22 #include "bus-error.h"
23 #include "bus-internal.h"
24 #include "bus-util.h"
25 #include "cap-list.h"
26 #include "capability-util.h"
27 #include "cgroup-setup.h"
28 #include "conf-parser.h"
29 #include "core-varlink.h"
30 #include "cpu-set-util.h"
31 #include "env-util.h"
32 #include "errno-list.h"
33 #include "escape.h"
34 #include "fd-util.h"
35 #include "fileio.h"
36 #include "fs-util.h"
37 #include "hexdecoct.h"
38 #include "io-util.h"
39 #include "ioprio.h"
40 #include "ip-protocol-list.h"
41 #include "journal-file.h"
42 #include "limits-util.h"
43 #include "load-fragment.h"
44 #include "log.h"
45 #include "mountpoint-util.h"
46 #include "nulstr-util.h"
47 #include "parse-util.h"
48 #include "path-util.h"
49 #include "process-util.h"
50 #if HAVE_SECCOMP
51 #include "seccomp-util.h"
52 #endif
53 #include "securebits-util.h"
54 #include "signal-util.h"
55 #include "socket-netlink.h"
56 #include "stat-util.h"
57 #include "string-util.h"
58 #include "strv.h"
59 #include "syslog-util.h"
60 #include "time-util.h"
61 #include "unit-name.h"
62 #include "unit-printf.h"
63 #include "user-util.h"
64 #include "utf8.h"
65 #include "web-util.h"
66
67 static int parse_socket_protocol(const char *s) {
68 int r;
69
70 r = parse_ip_protocol(s);
71 if (r < 0)
72 return r;
73 if (!IN_SET(r, IPPROTO_UDPLITE, IPPROTO_SCTP))
74 return -EPROTONOSUPPORT;
75
76 return r;
77 }
78
79 int parse_crash_chvt(const char *value, int *data) {
80 int b;
81
82 if (safe_atoi(value, data) >= 0)
83 return 0;
84
85 b = parse_boolean(value);
86 if (b < 0)
87 return b;
88
89 if (b > 0)
90 *data = 0; /* switch to where kmsg goes */
91 else
92 *data = -1; /* turn off switching */
93
94 return 0;
95 }
96
97 int parse_confirm_spawn(const char *value, char **console) {
98 char *s;
99 int r;
100
101 r = value ? parse_boolean(value) : 1;
102 if (r == 0) {
103 *console = NULL;
104 return 0;
105 } else if (r > 0) /* on with default tty */
106 s = strdup("/dev/console");
107 else if (is_path(value)) /* on with fully qualified path */
108 s = strdup(value);
109 else /* on with only a tty file name, not a fully qualified path */
110 s = path_join("/dev/", value);
111 if (!s)
112 return -ENOMEM;
113
114 *console = s;
115 return 0;
116 }
117
118 DEFINE_CONFIG_PARSE(config_parse_socket_protocol, parse_socket_protocol, "Failed to parse socket protocol");
119 DEFINE_CONFIG_PARSE(config_parse_exec_secure_bits, secure_bits_from_string, "Failed to parse secure bits");
120 DEFINE_CONFIG_PARSE_ENUM(config_parse_collect_mode, collect_mode, CollectMode, "Failed to parse garbage collection mode");
121 DEFINE_CONFIG_PARSE_ENUM(config_parse_device_policy, cgroup_device_policy, CGroupDevicePolicy, "Failed to parse device policy");
122 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_keyring_mode, exec_keyring_mode, ExecKeyringMode, "Failed to parse keyring mode");
123 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_proc, protect_proc, ProtectProc, "Failed to parse /proc/ protection mode");
124 DEFINE_CONFIG_PARSE_ENUM(config_parse_proc_subset, proc_subset, ProcSubset, "Failed to parse /proc/ subset mode");
125 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_utmp_mode, exec_utmp_mode, ExecUtmpMode, "Failed to parse utmp mode");
126 DEFINE_CONFIG_PARSE_ENUM(config_parse_job_mode, job_mode, JobMode, "Failed to parse job mode");
127 DEFINE_CONFIG_PARSE_ENUM(config_parse_notify_access, notify_access, NotifyAccess, "Failed to parse notify access specifier");
128 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_home, protect_home, ProtectHome, "Failed to parse protect home value");
129 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_system, protect_system, ProtectSystem, "Failed to parse protect system value");
130 DEFINE_CONFIG_PARSE_ENUM(config_parse_runtime_preserve_mode, exec_preserve_mode, ExecPreserveMode, "Failed to parse runtime directory preserve mode");
131 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_type, service_type, ServiceType, "Failed to parse service type");
132 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_restart, service_restart, ServiceRestart, "Failed to parse service restart specifier");
133 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_timeout_failure_mode, service_timeout_failure_mode, ServiceTimeoutFailureMode, "Failed to parse timeout failure mode");
134 DEFINE_CONFIG_PARSE_ENUM(config_parse_socket_bind, socket_address_bind_ipv6_only_or_bool, SocketAddressBindIPv6Only, "Failed to parse bind IPv6 only value");
135 DEFINE_CONFIG_PARSE_ENUM(config_parse_oom_policy, oom_policy, OOMPolicy, "Failed to parse OOM policy");
136 DEFINE_CONFIG_PARSE_ENUM(config_parse_managed_oom_preference, managed_oom_preference, ManagedOOMPreference, "Failed to parse ManagedOOMPreference=");
137 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_ip_tos, ip_tos, int, -1, "Failed to parse IP TOS value");
138 DEFINE_CONFIG_PARSE_PTR(config_parse_blockio_weight, cg_blkio_weight_parse, uint64_t, "Invalid block IO weight");
139 DEFINE_CONFIG_PARSE_PTR(config_parse_cg_weight, cg_weight_parse, uint64_t, "Invalid weight");
140 DEFINE_CONFIG_PARSE_PTR(config_parse_cpu_shares, cg_cpu_shares_parse, uint64_t, "Invalid CPU shares");
141 DEFINE_CONFIG_PARSE_PTR(config_parse_exec_mount_flags, mount_propagation_flags_from_string, unsigned long, "Failed to parse mount flag");
142 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_numa_policy, mpol, int, -1, "Invalid NUMA policy type");
143 DEFINE_CONFIG_PARSE_ENUM(config_parse_status_unit_format, status_unit_format, StatusUnitFormat, "Failed to parse status unit format");
144 DEFINE_CONFIG_PARSE_ENUM_FULL(config_parse_socket_timestamping, socket_timestamping_from_string_harder, SocketTimestamping, "Failed to parse timestamping precision");
145
146 int config_parse_unit_deps(
147 const char *unit,
148 const char *filename,
149 unsigned line,
150 const char *section,
151 unsigned section_line,
152 const char *lvalue,
153 int ltype,
154 const char *rvalue,
155 void *data,
156 void *userdata) {
157
158 UnitDependency d = ltype;
159 Unit *u = userdata;
160
161 assert(filename);
162 assert(lvalue);
163 assert(rvalue);
164
165 for (const char *p = rvalue;;) {
166 _cleanup_free_ char *word = NULL, *k = NULL;
167 int r;
168
169 r = extract_first_word(&p, &word, NULL, EXTRACT_RETAIN_ESCAPE);
170 if (r == 0)
171 return 0;
172 if (r == -ENOMEM)
173 return log_oom();
174 if (r < 0) {
175 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
176 return 0;
177 }
178
179 r = unit_name_printf(u, word, &k);
180 if (r < 0) {
181 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
182 continue;
183 }
184
185 r = unit_add_dependency_by_name(u, d, k, true, UNIT_DEPENDENCY_FILE);
186 if (r < 0)
187 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
188 }
189 }
190
191 int config_parse_obsolete_unit_deps(
192 const char *unit,
193 const char *filename,
194 unsigned line,
195 const char *section,
196 unsigned section_line,
197 const char *lvalue,
198 int ltype,
199 const char *rvalue,
200 void *data,
201 void *userdata) {
202
203 log_syntax(unit, LOG_WARNING, filename, line, 0,
204 "Unit dependency type %s= is obsolete, replacing by %s=, please update your unit file", lvalue, unit_dependency_to_string(ltype));
205
206 return config_parse_unit_deps(unit, filename, line, section, section_line, lvalue, ltype, rvalue, data, userdata);
207 }
208
209 int config_parse_unit_string_printf(
210 const char *unit,
211 const char *filename,
212 unsigned line,
213 const char *section,
214 unsigned section_line,
215 const char *lvalue,
216 int ltype,
217 const char *rvalue,
218 void *data,
219 void *userdata) {
220
221 _cleanup_free_ char *k = NULL;
222 const Unit *u = userdata;
223 int r;
224
225 assert(filename);
226 assert(lvalue);
227 assert(rvalue);
228 assert(u);
229
230 r = unit_full_printf(u, rvalue, &k);
231 if (r < 0) {
232 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
233 return 0;
234 }
235
236 return config_parse_string(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
237 }
238
239 int config_parse_unit_strv_printf(
240 const char *unit,
241 const char *filename,
242 unsigned line,
243 const char *section,
244 unsigned section_line,
245 const char *lvalue,
246 int ltype,
247 const char *rvalue,
248 void *data,
249 void *userdata) {
250
251 const Unit *u = userdata;
252 _cleanup_free_ char *k = NULL;
253 int r;
254
255 assert(filename);
256 assert(lvalue);
257 assert(rvalue);
258 assert(u);
259
260 r = unit_full_printf(u, rvalue, &k);
261 if (r < 0) {
262 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
263 return 0;
264 }
265
266 return config_parse_strv(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
267 }
268
269 int config_parse_unit_path_printf(
270 const char *unit,
271 const char *filename,
272 unsigned line,
273 const char *section,
274 unsigned section_line,
275 const char *lvalue,
276 int ltype,
277 const char *rvalue,
278 void *data,
279 void *userdata) {
280
281 _cleanup_free_ char *k = NULL;
282 const Unit *u = userdata;
283 int r;
284 bool fatal = ltype;
285
286 assert(filename);
287 assert(lvalue);
288 assert(rvalue);
289 assert(u);
290
291 /* Let's not bother with anything that is too long */
292 if (strlen(rvalue) >= PATH_MAX) {
293 log_syntax(unit, fatal ? LOG_ERR : LOG_WARNING, filename, line, 0,
294 "%s value too long%s.",
295 lvalue, fatal ? "" : ", ignoring");
296 return fatal ? -ENAMETOOLONG : 0;
297 }
298
299 r = unit_full_printf(u, rvalue, &k);
300 if (r < 0) {
301 log_syntax(unit, fatal ? LOG_ERR : LOG_WARNING, filename, line, r,
302 "Failed to resolve unit specifiers in '%s'%s: %m",
303 rvalue, fatal ? "" : ", ignoring");
304 return fatal ? -ENOEXEC : 0;
305 }
306
307 return config_parse_path(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
308 }
309
310 int config_parse_unit_path_strv_printf(
311 const char *unit,
312 const char *filename,
313 unsigned line,
314 const char *section,
315 unsigned section_line,
316 const char *lvalue,
317 int ltype,
318 const char *rvalue,
319 void *data,
320 void *userdata) {
321
322 char ***x = data;
323 const Unit *u = userdata;
324 int r;
325
326 assert(filename);
327 assert(lvalue);
328 assert(rvalue);
329 assert(u);
330
331 if (isempty(rvalue)) {
332 *x = strv_free(*x);
333 return 0;
334 }
335
336 for (const char *p = rvalue;;) {
337 _cleanup_free_ char *word = NULL, *k = NULL;
338
339 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
340 if (r == 0)
341 return 0;
342 if (r == -ENOMEM)
343 return log_oom();
344 if (r < 0) {
345 log_syntax(unit, LOG_WARNING, filename, line, r,
346 "Invalid syntax, ignoring: %s", rvalue);
347 return 0;
348 }
349
350 r = unit_full_printf(u, word, &k);
351 if (r < 0) {
352 log_syntax(unit, LOG_WARNING, filename, line, r,
353 "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
354 return 0;
355 }
356
357 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
358 if (r < 0)
359 return 0;
360
361 r = strv_consume(x, TAKE_PTR(k));
362 if (r < 0)
363 return log_oom();
364 }
365 }
366
367 static int patch_var_run(
368 const char *unit,
369 const char *filename,
370 unsigned line,
371 const char *lvalue,
372 char **path) {
373
374 const char *e;
375 char *z;
376
377 e = path_startswith(*path, "/var/run/");
378 if (!e)
379 return 0;
380
381 z = path_join("/run/", e);
382 if (!z)
383 return log_oom();
384
385 log_syntax(unit, LOG_NOTICE, filename, line, 0,
386 "%s= references a path below legacy directory /var/run/, updating %s → %s; "
387 "please update the unit file accordingly.", lvalue, *path, z);
388
389 free_and_replace(*path, z);
390
391 return 1;
392 }
393
394 int config_parse_socket_listen(
395 const char *unit,
396 const char *filename,
397 unsigned line,
398 const char *section,
399 unsigned section_line,
400 const char *lvalue,
401 int ltype,
402 const char *rvalue,
403 void *data,
404 void *userdata) {
405
406 _cleanup_free_ SocketPort *p = NULL;
407 SocketPort *tail;
408 Socket *s;
409 int r;
410
411 assert(filename);
412 assert(lvalue);
413 assert(rvalue);
414 assert(data);
415
416 s = SOCKET(data);
417
418 if (isempty(rvalue)) {
419 /* An empty assignment removes all ports */
420 socket_free_ports(s);
421 return 0;
422 }
423
424 p = new0(SocketPort, 1);
425 if (!p)
426 return log_oom();
427
428 if (ltype != SOCKET_SOCKET) {
429 _cleanup_free_ char *k = NULL;
430
431 r = unit_full_printf(UNIT(s), rvalue, &k);
432 if (r < 0) {
433 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
434 return 0;
435 }
436
437 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
438 if (r < 0)
439 return 0;
440
441 if (ltype == SOCKET_FIFO) {
442 r = patch_var_run(unit, filename, line, lvalue, &k);
443 if (r < 0)
444 return r;
445 }
446
447 free_and_replace(p->path, k);
448 p->type = ltype;
449
450 } else if (streq(lvalue, "ListenNetlink")) {
451 _cleanup_free_ char *k = NULL;
452
453 r = unit_full_printf(UNIT(s), rvalue, &k);
454 if (r < 0) {
455 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
456 return 0;
457 }
458
459 r = socket_address_parse_netlink(&p->address, k);
460 if (r < 0) {
461 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse address value in '%s', ignoring: %m", k);
462 return 0;
463 }
464
465 p->type = SOCKET_SOCKET;
466
467 } else {
468 _cleanup_free_ char *k = NULL;
469
470 r = unit_full_printf(UNIT(s), rvalue, &k);
471 if (r < 0) {
472 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
473 return 0;
474 }
475
476 if (k[0] == '/') { /* Only for AF_UNIX file system sockets… */
477 r = patch_var_run(unit, filename, line, lvalue, &k);
478 if (r < 0)
479 return r;
480 }
481
482 r = socket_address_parse_and_warn(&p->address, k);
483 if (r < 0) {
484 if (r != -EAFNOSUPPORT)
485 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse address value in '%s', ignoring: %m", k);
486 return 0;
487 }
488
489 if (streq(lvalue, "ListenStream"))
490 p->address.type = SOCK_STREAM;
491 else if (streq(lvalue, "ListenDatagram"))
492 p->address.type = SOCK_DGRAM;
493 else {
494 assert(streq(lvalue, "ListenSequentialPacket"));
495 p->address.type = SOCK_SEQPACKET;
496 }
497
498 if (socket_address_family(&p->address) != AF_LOCAL && p->address.type == SOCK_SEQPACKET) {
499 log_syntax(unit, LOG_WARNING, filename, line, 0, "Address family not supported, ignoring: %s", rvalue);
500 return 0;
501 }
502
503 p->type = SOCKET_SOCKET;
504 }
505
506 p->fd = -1;
507 p->auxiliary_fds = NULL;
508 p->n_auxiliary_fds = 0;
509 p->socket = s;
510
511 LIST_FIND_TAIL(port, s->ports, tail);
512 LIST_INSERT_AFTER(port, s->ports, tail, p);
513
514 p = NULL;
515
516 return 0;
517 }
518
519 int config_parse_exec_nice(
520 const char *unit,
521 const char *filename,
522 unsigned line,
523 const char *section,
524 unsigned section_line,
525 const char *lvalue,
526 int ltype,
527 const char *rvalue,
528 void *data,
529 void *userdata) {
530
531 ExecContext *c = data;
532 int priority, r;
533
534 assert(filename);
535 assert(lvalue);
536 assert(rvalue);
537 assert(data);
538
539 if (isempty(rvalue)) {
540 c->nice_set = false;
541 return 0;
542 }
543
544 r = parse_nice(rvalue, &priority);
545 if (r < 0) {
546 if (r == -ERANGE)
547 log_syntax(unit, LOG_WARNING, filename, line, r, "Nice priority out of range, ignoring: %s", rvalue);
548 else
549 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse nice priority '%s', ignoring: %m", rvalue);
550 return 0;
551 }
552
553 c->nice = priority;
554 c->nice_set = true;
555
556 return 0;
557 }
558
559 int config_parse_exec_oom_score_adjust(
560 const char* unit,
561 const char *filename,
562 unsigned line,
563 const char *section,
564 unsigned section_line,
565 const char *lvalue,
566 int ltype,
567 const char *rvalue,
568 void *data,
569 void *userdata) {
570
571 ExecContext *c = data;
572 int oa, r;
573
574 assert(filename);
575 assert(lvalue);
576 assert(rvalue);
577 assert(data);
578
579 if (isempty(rvalue)) {
580 c->oom_score_adjust_set = false;
581 return 0;
582 }
583
584 r = parse_oom_score_adjust(rvalue, &oa);
585 if (r < 0) {
586 if (r == -ERANGE)
587 log_syntax(unit, LOG_WARNING, filename, line, r, "OOM score adjust value out of range, ignoring: %s", rvalue);
588 else
589 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse the OOM score adjust value '%s', ignoring: %m", rvalue);
590 return 0;
591 }
592
593 c->oom_score_adjust = oa;
594 c->oom_score_adjust_set = true;
595
596 return 0;
597 }
598
599 int config_parse_exec_coredump_filter(
600 const char* unit,
601 const char *filename,
602 unsigned line,
603 const char *section,
604 unsigned section_line,
605 const char *lvalue,
606 int ltype,
607 const char *rvalue,
608 void *data,
609 void *userdata) {
610
611 ExecContext *c = data;
612 int r;
613
614 assert(filename);
615 assert(lvalue);
616 assert(rvalue);
617 assert(data);
618
619 if (isempty(rvalue)) {
620 c->coredump_filter = 0;
621 c->coredump_filter_set = false;
622 return 0;
623 }
624
625 uint64_t f;
626 r = coredump_filter_mask_from_string(rvalue, &f);
627 if (r < 0) {
628 log_syntax(unit, LOG_WARNING, filename, line, r,
629 "Failed to parse the CoredumpFilter=%s, ignoring: %m", rvalue);
630 return 0;
631 }
632
633 c->coredump_filter |= f;
634 c->oom_score_adjust_set = true;
635 return 0;
636 }
637
638 int config_parse_kill_mode(
639 const char* unit,
640 const char *filename,
641 unsigned line,
642 const char *section,
643 unsigned section_line,
644 const char *lvalue,
645 int ltype,
646 const char *rvalue,
647 void *data,
648 void *userdata) {
649
650 KillMode *k = data, m;
651
652 assert(filename);
653 assert(lvalue);
654 assert(rvalue);
655 assert(data);
656
657 if (isempty(rvalue)) {
658 *k = KILL_CONTROL_GROUP;
659 return 0;
660 }
661
662 m = kill_mode_from_string(rvalue);
663 if (m < 0) {
664 log_syntax(unit, LOG_WARNING, filename, line, m,
665 "Failed to parse kill mode specification, ignoring: %s", rvalue);
666 return 0;
667 }
668
669 if (m == KILL_NONE)
670 log_syntax(unit, LOG_WARNING, filename, line, 0,
671 "Unit configured to use KillMode=none. "
672 "This is unsafe, as it disables systemd's process lifecycle management for the service. "
673 "Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. "
674 "Support for KillMode=none is deprecated and will eventually be removed.");
675
676 *k = m;
677 return 0;
678 }
679
680 int config_parse_exec(
681 const char *unit,
682 const char *filename,
683 unsigned line,
684 const char *section,
685 unsigned section_line,
686 const char *lvalue,
687 int ltype,
688 const char *rvalue,
689 void *data,
690 void *userdata) {
691
692 ExecCommand **e = data;
693 const Unit *u = userdata;
694 const char *p;
695 bool semicolon;
696 int r;
697
698 assert(filename);
699 assert(lvalue);
700 assert(rvalue);
701 assert(e);
702
703 e += ltype;
704
705 if (isempty(rvalue)) {
706 /* An empty assignment resets the list */
707 *e = exec_command_free_list(*e);
708 return 0;
709 }
710
711 p = rvalue;
712 do {
713 _cleanup_free_ char *path = NULL, *firstword = NULL;
714 ExecCommandFlags flags = 0;
715 bool ignore = false, separate_argv0 = false;
716 _cleanup_free_ ExecCommand *nce = NULL;
717 _cleanup_strv_free_ char **n = NULL;
718 size_t nlen = 0, nbufsize = 0;
719 const char *f;
720
721 semicolon = false;
722
723 r = extract_first_word_and_warn(&p, &firstword, NULL, EXTRACT_UNQUOTE|EXTRACT_CUNESCAPE, unit, filename, line, rvalue);
724 if (r <= 0)
725 return 0;
726
727 /* A lone ";" is a separator. Let's make sure we don't treat it as an executable name. */
728 if (streq(firstword, ";")) {
729 semicolon = true;
730 continue;
731 }
732
733 f = firstword;
734 for (;;) {
735 /* We accept an absolute path as first argument. If it's prefixed with - and the path doesn't
736 * exist, we ignore it instead of erroring out; if it's prefixed with @, we allow overriding of
737 * argv[0]; if it's prefixed with :, we will not do environment variable substitution;
738 * if it's prefixed with +, it will be run with full privileges and no sandboxing; if
739 * it's prefixed with '!' we apply sandboxing, but do not change user/group credentials; if
740 * it's prefixed with '!!', then we apply user/group credentials if the kernel supports ambient
741 * capabilities -- if it doesn't we don't apply the credentials themselves, but do apply most
742 * other sandboxing, with some special exceptions for changing UID.
743 *
744 * The idea is that '!!' may be used to write services that can take benefit of systemd's
745 * UID/GID dropping if the kernel supports ambient creds, but provide an automatic fallback to
746 * privilege dropping within the daemon if the kernel does not offer that. */
747
748 if (*f == '-' && !(flags & EXEC_COMMAND_IGNORE_FAILURE)) {
749 flags |= EXEC_COMMAND_IGNORE_FAILURE;
750 ignore = true;
751 } else if (*f == '@' && !separate_argv0)
752 separate_argv0 = true;
753 else if (*f == ':' && !(flags & EXEC_COMMAND_NO_ENV_EXPAND))
754 flags |= EXEC_COMMAND_NO_ENV_EXPAND;
755 else if (*f == '+' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_NO_SETUID|EXEC_COMMAND_AMBIENT_MAGIC)))
756 flags |= EXEC_COMMAND_FULLY_PRIVILEGED;
757 else if (*f == '!' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_NO_SETUID|EXEC_COMMAND_AMBIENT_MAGIC)))
758 flags |= EXEC_COMMAND_NO_SETUID;
759 else if (*f == '!' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_AMBIENT_MAGIC))) {
760 flags &= ~EXEC_COMMAND_NO_SETUID;
761 flags |= EXEC_COMMAND_AMBIENT_MAGIC;
762 } else
763 break;
764 f++;
765 }
766
767 r = unit_full_printf(u, f, &path);
768 if (r < 0) {
769 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
770 "Failed to resolve unit specifiers in '%s'%s: %m",
771 f, ignore ? ", ignoring" : "");
772 return ignore ? 0 : -ENOEXEC;
773 }
774
775 if (isempty(path)) {
776 /* First word is either "-" or "@" with no command. */
777 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
778 "Empty path in command line%s: '%s'",
779 ignore ? ", ignoring" : "", rvalue);
780 return ignore ? 0 : -ENOEXEC;
781 }
782 if (!string_is_safe(path)) {
783 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
784 "Executable name contains special characters%s: %s",
785 ignore ? ", ignoring" : "", path);
786 return ignore ? 0 : -ENOEXEC;
787 }
788 if (endswith(path, "/")) {
789 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
790 "Executable path specifies a directory%s: %s",
791 ignore ? ", ignoring" : "", path);
792 return ignore ? 0 : -ENOEXEC;
793 }
794
795 if (!path_is_absolute(path) && !filename_is_valid(path)) {
796 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
797 "Neither a valid executable name nor an absolute path%s: %s",
798 ignore ? ", ignoring" : "", path);
799 return ignore ? 0 : -ENOEXEC;
800 }
801
802 if (!separate_argv0) {
803 char *w = NULL;
804
805 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
806 return log_oom();
807
808 w = strdup(path);
809 if (!w)
810 return log_oom();
811 n[nlen++] = w;
812 n[nlen] = NULL;
813 }
814
815 path_simplify(path, false);
816
817 while (!isempty(p)) {
818 _cleanup_free_ char *word = NULL, *resolved = NULL;
819
820 /* Check explicitly for an unquoted semicolon as
821 * command separator token. */
822 if (p[0] == ';' && (!p[1] || strchr(WHITESPACE, p[1]))) {
823 p++;
824 p += strspn(p, WHITESPACE);
825 semicolon = true;
826 break;
827 }
828
829 /* Check for \; explicitly, to not confuse it with \\; or "\;" or "\\;" etc.
830 * extract_first_word() would return the same for all of those. */
831 if (p[0] == '\\' && p[1] == ';' && (!p[2] || strchr(WHITESPACE, p[2]))) {
832 char *w;
833
834 p += 2;
835 p += strspn(p, WHITESPACE);
836
837 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
838 return log_oom();
839
840 w = strdup(";");
841 if (!w)
842 return log_oom();
843 n[nlen++] = w;
844 n[nlen] = NULL;
845 continue;
846 }
847
848 r = extract_first_word_and_warn(&p, &word, NULL, EXTRACT_UNQUOTE|EXTRACT_CUNESCAPE, unit, filename, line, rvalue);
849 if (r == 0)
850 break;
851 if (r < 0)
852 return ignore ? 0 : -ENOEXEC;
853
854 r = unit_full_printf(u, word, &resolved);
855 if (r < 0) {
856 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
857 "Failed to resolve unit specifiers in %s%s: %m",
858 word, ignore ? ", ignoring" : "");
859 return ignore ? 0 : -ENOEXEC;
860 }
861
862 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
863 return log_oom();
864
865 n[nlen++] = TAKE_PTR(resolved);
866 n[nlen] = NULL;
867 }
868
869 if (!n || !n[0]) {
870 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
871 "Empty executable name or zeroeth argument%s: %s",
872 ignore ? ", ignoring" : "", rvalue);
873 return ignore ? 0 : -ENOEXEC;
874 }
875
876 nce = new0(ExecCommand, 1);
877 if (!nce)
878 return log_oom();
879
880 nce->argv = TAKE_PTR(n);
881 nce->path = TAKE_PTR(path);
882 nce->flags = flags;
883
884 exec_command_append_list(e, nce);
885
886 /* Do not _cleanup_free_ these. */
887 nce = NULL;
888
889 rvalue = p;
890 } while (semicolon);
891
892 return 0;
893 }
894
895 int config_parse_socket_bindtodevice(
896 const char* unit,
897 const char *filename,
898 unsigned line,
899 const char *section,
900 unsigned section_line,
901 const char *lvalue,
902 int ltype,
903 const char *rvalue,
904 void *data,
905 void *userdata) {
906
907 Socket *s = data;
908
909 assert(filename);
910 assert(lvalue);
911 assert(rvalue);
912 assert(data);
913
914 if (isempty(rvalue) || streq(rvalue, "*")) {
915 s->bind_to_device = mfree(s->bind_to_device);
916 return 0;
917 }
918
919 if (!ifname_valid(rvalue)) {
920 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid interface name, ignoring: %s", rvalue);
921 return 0;
922 }
923
924 return free_and_strdup_warn(&s->bind_to_device, rvalue);
925 }
926
927 int config_parse_exec_input(
928 const char *unit,
929 const char *filename,
930 unsigned line,
931 const char *section,
932 unsigned section_line,
933 const char *lvalue,
934 int ltype,
935 const char *rvalue,
936 void *data,
937 void *userdata) {
938
939 ExecContext *c = data;
940 const Unit *u = userdata;
941 const char *n;
942 ExecInput ei;
943 int r;
944
945 assert(data);
946 assert(filename);
947 assert(line);
948 assert(rvalue);
949
950 n = startswith(rvalue, "fd:");
951 if (n) {
952 _cleanup_free_ char *resolved = NULL;
953
954 r = unit_full_printf(u, n, &resolved);
955 if (r < 0) {
956 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", n);
957 return 0;
958 }
959
960 if (isempty(resolved))
961 resolved = mfree(resolved);
962 else if (!fdname_is_valid(resolved)) {
963 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid file descriptor name, ignoring: %s", resolved);
964 return 0;
965 }
966
967 free_and_replace(c->stdio_fdname[STDIN_FILENO], resolved);
968
969 ei = EXEC_INPUT_NAMED_FD;
970
971 } else if ((n = startswith(rvalue, "file:"))) {
972 _cleanup_free_ char *resolved = NULL;
973
974 r = unit_full_printf(u, n, &resolved);
975 if (r < 0) {
976 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", n);
977 return 0;
978 }
979
980 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
981 if (r < 0)
982 return 0;
983
984 free_and_replace(c->stdio_file[STDIN_FILENO], resolved);
985
986 ei = EXEC_INPUT_FILE;
987
988 } else {
989 ei = exec_input_from_string(rvalue);
990 if (ei < 0) {
991 log_syntax(unit, LOG_WARNING, filename, line, ei, "Failed to parse input specifier, ignoring: %s", rvalue);
992 return 0;
993 }
994 }
995
996 c->std_input = ei;
997 return 0;
998 }
999
1000 int config_parse_exec_input_text(
1001 const char *unit,
1002 const char *filename,
1003 unsigned line,
1004 const char *section,
1005 unsigned section_line,
1006 const char *lvalue,
1007 int ltype,
1008 const char *rvalue,
1009 void *data,
1010 void *userdata) {
1011
1012 _cleanup_free_ char *unescaped = NULL, *resolved = NULL;
1013 ExecContext *c = data;
1014 const Unit *u = userdata;
1015 size_t sz;
1016 void *p;
1017 int r;
1018
1019 assert(data);
1020 assert(filename);
1021 assert(line);
1022 assert(rvalue);
1023
1024 if (isempty(rvalue)) {
1025 /* Reset if the empty string is assigned */
1026 c->stdin_data = mfree(c->stdin_data);
1027 c->stdin_data_size = 0;
1028 return 0;
1029 }
1030
1031 r = cunescape(rvalue, 0, &unescaped);
1032 if (r < 0) {
1033 log_syntax(unit, LOG_WARNING, filename, line, r,
1034 "Failed to decode C escaped text '%s', ignoring: %m", rvalue);
1035 return 0;
1036 }
1037
1038 r = unit_full_printf(u, unescaped, &resolved);
1039 if (r < 0) {
1040 log_syntax(unit, LOG_WARNING, filename, line, r,
1041 "Failed to resolve unit specifiers in '%s', ignoring: %m", unescaped);
1042 return 0;
1043 }
1044
1045 sz = strlen(resolved);
1046 if (c->stdin_data_size + sz + 1 < c->stdin_data_size || /* check for overflow */
1047 c->stdin_data_size + sz + 1 > EXEC_STDIN_DATA_MAX) {
1048 log_syntax(unit, LOG_WARNING, filename, line, 0,
1049 "Standard input data too large (%zu), maximum of %zu permitted, ignoring.",
1050 c->stdin_data_size + sz, (size_t) EXEC_STDIN_DATA_MAX);
1051 return 0;
1052 }
1053
1054 p = realloc(c->stdin_data, c->stdin_data_size + sz + 1);
1055 if (!p)
1056 return log_oom();
1057
1058 *((char*) mempcpy((char*) p + c->stdin_data_size, resolved, sz)) = '\n';
1059
1060 c->stdin_data = p;
1061 c->stdin_data_size += sz + 1;
1062
1063 return 0;
1064 }
1065
1066 int config_parse_exec_input_data(
1067 const char *unit,
1068 const char *filename,
1069 unsigned line,
1070 const char *section,
1071 unsigned section_line,
1072 const char *lvalue,
1073 int ltype,
1074 const char *rvalue,
1075 void *data,
1076 void *userdata) {
1077
1078 _cleanup_free_ void *p = NULL;
1079 ExecContext *c = data;
1080 size_t sz;
1081 void *q;
1082 int r;
1083
1084 assert(data);
1085 assert(filename);
1086 assert(line);
1087 assert(rvalue);
1088
1089 if (isempty(rvalue)) {
1090 /* Reset if the empty string is assigned */
1091 c->stdin_data = mfree(c->stdin_data);
1092 c->stdin_data_size = 0;
1093 return 0;
1094 }
1095
1096 r = unbase64mem(rvalue, (size_t) -1, &p, &sz);
1097 if (r < 0) {
1098 log_syntax(unit, LOG_WARNING, filename, line, r,
1099 "Failed to decode base64 data, ignoring: %s", rvalue);
1100 return 0;
1101 }
1102
1103 assert(sz > 0);
1104
1105 if (c->stdin_data_size + sz < c->stdin_data_size || /* check for overflow */
1106 c->stdin_data_size + sz > EXEC_STDIN_DATA_MAX) {
1107 log_syntax(unit, LOG_WARNING, filename, line, 0,
1108 "Standard input data too large (%zu), maximum of %zu permitted, ignoring.",
1109 c->stdin_data_size + sz, (size_t) EXEC_STDIN_DATA_MAX);
1110 return 0;
1111 }
1112
1113 q = realloc(c->stdin_data, c->stdin_data_size + sz);
1114 if (!q)
1115 return log_oom();
1116
1117 memcpy((uint8_t*) q + c->stdin_data_size, p, sz);
1118
1119 c->stdin_data = q;
1120 c->stdin_data_size += sz;
1121
1122 return 0;
1123 }
1124
1125 int config_parse_exec_output(
1126 const char *unit,
1127 const char *filename,
1128 unsigned line,
1129 const char *section,
1130 unsigned section_line,
1131 const char *lvalue,
1132 int ltype,
1133 const char *rvalue,
1134 void *data,
1135 void *userdata) {
1136
1137 _cleanup_free_ char *resolved = NULL;
1138 const char *n;
1139 ExecContext *c = data;
1140 const Unit *u = userdata;
1141 bool obsolete = false;
1142 ExecOutput eo;
1143 int r;
1144
1145 assert(data);
1146 assert(filename);
1147 assert(line);
1148 assert(lvalue);
1149 assert(rvalue);
1150
1151 n = startswith(rvalue, "fd:");
1152 if (n) {
1153 r = unit_full_printf(u, n, &resolved);
1154 if (r < 0) {
1155 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s: %m", n);
1156 return 0;
1157 }
1158
1159 if (isempty(resolved))
1160 resolved = mfree(resolved);
1161 else if (!fdname_is_valid(resolved)) {
1162 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid file descriptor name, ignoring: %s", resolved);
1163 return 0;
1164 }
1165
1166 eo = EXEC_OUTPUT_NAMED_FD;
1167
1168 } else if (streq(rvalue, "syslog")) {
1169 eo = EXEC_OUTPUT_JOURNAL;
1170 obsolete = true;
1171
1172 } else if (streq(rvalue, "syslog+console")) {
1173 eo = EXEC_OUTPUT_JOURNAL_AND_CONSOLE;
1174 obsolete = true;
1175
1176 } else if ((n = startswith(rvalue, "file:"))) {
1177
1178 r = unit_full_printf(u, n, &resolved);
1179 if (r < 0) {
1180 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", n);
1181 return 0;
1182 }
1183
1184 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
1185 if (r < 0)
1186 return 0;
1187
1188 eo = EXEC_OUTPUT_FILE;
1189
1190 } else if ((n = startswith(rvalue, "append:"))) {
1191
1192 r = unit_full_printf(u, n, &resolved);
1193 if (r < 0) {
1194 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", n);
1195 return 0;
1196 }
1197
1198 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
1199 if (r < 0)
1200 return 0;
1201
1202 eo = EXEC_OUTPUT_FILE_APPEND;
1203
1204 } else if ((n = startswith(rvalue, "truncate:"))) {
1205
1206 r = unit_full_printf(u, n, &resolved);
1207 if (r < 0) {
1208 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", n);
1209 return 0;
1210 }
1211
1212 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
1213 if (r < 0)
1214 return 0;
1215
1216 eo = EXEC_OUTPUT_FILE_TRUNCATE;
1217 } else {
1218 eo = exec_output_from_string(rvalue);
1219 if (eo < 0) {
1220 log_syntax(unit, LOG_WARNING, filename, line, eo, "Failed to parse output specifier, ignoring: %s", rvalue);
1221 return 0;
1222 }
1223 }
1224
1225 if (obsolete)
1226 log_syntax(unit, LOG_NOTICE, filename, line, 0,
1227 "Standard output type %s is obsolete, automatically updating to %s. Please update your unit file, and consider removing the setting altogether.",
1228 rvalue, exec_output_to_string(eo));
1229
1230 if (streq(lvalue, "StandardOutput")) {
1231 if (eo == EXEC_OUTPUT_NAMED_FD)
1232 free_and_replace(c->stdio_fdname[STDOUT_FILENO], resolved);
1233 else
1234 free_and_replace(c->stdio_file[STDOUT_FILENO], resolved);
1235
1236 c->std_output = eo;
1237
1238 } else {
1239 assert(streq(lvalue, "StandardError"));
1240
1241 if (eo == EXEC_OUTPUT_NAMED_FD)
1242 free_and_replace(c->stdio_fdname[STDERR_FILENO], resolved);
1243 else
1244 free_and_replace(c->stdio_file[STDERR_FILENO], resolved);
1245
1246 c->std_error = eo;
1247 }
1248
1249 return 0;
1250 }
1251
1252 int config_parse_exec_io_class(const char *unit,
1253 const char *filename,
1254 unsigned line,
1255 const char *section,
1256 unsigned section_line,
1257 const char *lvalue,
1258 int ltype,
1259 const char *rvalue,
1260 void *data,
1261 void *userdata) {
1262
1263 ExecContext *c = data;
1264 int x;
1265
1266 assert(filename);
1267 assert(lvalue);
1268 assert(rvalue);
1269 assert(data);
1270
1271 if (isempty(rvalue)) {
1272 c->ioprio_set = false;
1273 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
1274 return 0;
1275 }
1276
1277 x = ioprio_class_from_string(rvalue);
1278 if (x < 0) {
1279 log_syntax(unit, LOG_WARNING, filename, line, x, "Failed to parse IO scheduling class, ignoring: %s", rvalue);
1280 return 0;
1281 }
1282
1283 c->ioprio = IOPRIO_PRIO_VALUE(x, IOPRIO_PRIO_DATA(c->ioprio));
1284 c->ioprio_set = true;
1285
1286 return 0;
1287 }
1288
1289 int config_parse_exec_io_priority(const char *unit,
1290 const char *filename,
1291 unsigned line,
1292 const char *section,
1293 unsigned section_line,
1294 const char *lvalue,
1295 int ltype,
1296 const char *rvalue,
1297 void *data,
1298 void *userdata) {
1299
1300 ExecContext *c = data;
1301 int i, r;
1302
1303 assert(filename);
1304 assert(lvalue);
1305 assert(rvalue);
1306 assert(data);
1307
1308 if (isempty(rvalue)) {
1309 c->ioprio_set = false;
1310 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
1311 return 0;
1312 }
1313
1314 r = ioprio_parse_priority(rvalue, &i);
1315 if (r < 0) {
1316 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse IO priority, ignoring: %s", rvalue);
1317 return 0;
1318 }
1319
1320 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_PRIO_CLASS(c->ioprio), i);
1321 c->ioprio_set = true;
1322
1323 return 0;
1324 }
1325
1326 int config_parse_exec_cpu_sched_policy(const char *unit,
1327 const char *filename,
1328 unsigned line,
1329 const char *section,
1330 unsigned section_line,
1331 const char *lvalue,
1332 int ltype,
1333 const char *rvalue,
1334 void *data,
1335 void *userdata) {
1336
1337 ExecContext *c = data;
1338 int x;
1339
1340 assert(filename);
1341 assert(lvalue);
1342 assert(rvalue);
1343 assert(data);
1344
1345 if (isempty(rvalue)) {
1346 c->cpu_sched_set = false;
1347 c->cpu_sched_policy = SCHED_OTHER;
1348 c->cpu_sched_priority = 0;
1349 return 0;
1350 }
1351
1352 x = sched_policy_from_string(rvalue);
1353 if (x < 0) {
1354 log_syntax(unit, LOG_WARNING, filename, line, x, "Failed to parse CPU scheduling policy, ignoring: %s", rvalue);
1355 return 0;
1356 }
1357
1358 c->cpu_sched_policy = x;
1359 /* Moving to or from real-time policy? We need to adjust the priority */
1360 c->cpu_sched_priority = CLAMP(c->cpu_sched_priority, sched_get_priority_min(x), sched_get_priority_max(x));
1361 c->cpu_sched_set = true;
1362
1363 return 0;
1364 }
1365
1366 int config_parse_exec_mount_apivfs(const char *unit,
1367 const char *filename,
1368 unsigned line,
1369 const char *section,
1370 unsigned section_line,
1371 const char *lvalue,
1372 int ltype,
1373 const char *rvalue,
1374 void *data,
1375 void *userdata) {
1376
1377 ExecContext *c = data;
1378 int k;
1379
1380 assert(filename);
1381 assert(lvalue);
1382 assert(rvalue);
1383 assert(data);
1384
1385 if (isempty(rvalue)) {
1386 c->mount_apivfs_set = false;
1387 c->mount_apivfs = false;
1388 return 0;
1389 }
1390
1391 k = parse_boolean(rvalue);
1392 if (k < 0) {
1393 log_syntax(unit, LOG_WARNING, filename, line, k,
1394 "Failed to parse boolean value, ignoring: %s",
1395 rvalue);
1396 return 0;
1397 }
1398
1399 c->mount_apivfs_set = true;
1400 c->mount_apivfs = k;
1401 return 0;
1402 }
1403
1404 int config_parse_numa_mask(const char *unit,
1405 const char *filename,
1406 unsigned line,
1407 const char *section,
1408 unsigned section_line,
1409 const char *lvalue,
1410 int ltype,
1411 const char *rvalue,
1412 void *data,
1413 void *userdata) {
1414 int r;
1415 NUMAPolicy *p = data;
1416
1417 assert(filename);
1418 assert(lvalue);
1419 assert(rvalue);
1420 assert(data);
1421
1422 if (streq(rvalue, "all")) {
1423 r = numa_mask_add_all(&p->nodes);
1424 if (r < 0)
1425 log_syntax(unit, LOG_WARNING, filename, line, r,
1426 "Failed to create NUMA mask representing \"all\" NUMA nodes, ignoring: %m");
1427 } else {
1428 r = parse_cpu_set_extend(rvalue, &p->nodes, true, unit, filename, line, lvalue);
1429 if (r < 0)
1430 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse NUMA node mask, ignoring: %s", rvalue);
1431 }
1432
1433 return 0;
1434 }
1435
1436 int config_parse_exec_cpu_sched_prio(const char *unit,
1437 const char *filename,
1438 unsigned line,
1439 const char *section,
1440 unsigned section_line,
1441 const char *lvalue,
1442 int ltype,
1443 const char *rvalue,
1444 void *data,
1445 void *userdata) {
1446
1447 ExecContext *c = data;
1448 int i, min, max, r;
1449
1450 assert(filename);
1451 assert(lvalue);
1452 assert(rvalue);
1453 assert(data);
1454
1455 r = safe_atoi(rvalue, &i);
1456 if (r < 0) {
1457 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse CPU scheduling priority, ignoring: %s", rvalue);
1458 return 0;
1459 }
1460
1461 /* On Linux RR/FIFO range from 1 to 99 and OTHER/BATCH may only be 0 */
1462 min = sched_get_priority_min(c->cpu_sched_policy);
1463 max = sched_get_priority_max(c->cpu_sched_policy);
1464
1465 if (i < min || i > max) {
1466 log_syntax(unit, LOG_WARNING, filename, line, 0, "CPU scheduling priority is out of range, ignoring: %s", rvalue);
1467 return 0;
1468 }
1469
1470 c->cpu_sched_priority = i;
1471 c->cpu_sched_set = true;
1472
1473 return 0;
1474 }
1475
1476 int config_parse_root_image_options(
1477 const char *unit,
1478 const char *filename,
1479 unsigned line,
1480 const char *section,
1481 unsigned section_line,
1482 const char *lvalue,
1483 int ltype,
1484 const char *rvalue,
1485 void *data,
1486 void *userdata) {
1487
1488 _cleanup_(mount_options_free_allp) MountOptions *options = NULL;
1489 _cleanup_strv_free_ char **l = NULL;
1490 char **first = NULL, **second = NULL;
1491 ExecContext *c = data;
1492 const Unit *u = userdata;
1493 int r;
1494
1495 assert(filename);
1496 assert(lvalue);
1497 assert(rvalue);
1498 assert(data);
1499
1500 if (isempty(rvalue)) {
1501 c->root_image_options = mount_options_free_all(c->root_image_options);
1502 return 0;
1503 }
1504
1505 r = strv_split_colon_pairs(&l, rvalue);
1506 if (r == -ENOMEM)
1507 return log_oom();
1508 if (r < 0) {
1509 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s, ignoring: %s", lvalue, rvalue);
1510 return 0;
1511 }
1512
1513 STRV_FOREACH_PAIR(first, second, l) {
1514 MountOptions *o = NULL;
1515 _cleanup_free_ char *mount_options_resolved = NULL;
1516 const char *mount_options = NULL, *partition = "root";
1517 PartitionDesignator partition_designator;
1518
1519 /* Format is either 'root:foo' or 'foo' (root is implied) */
1520 if (!isempty(*second)) {
1521 partition = *first;
1522 mount_options = *second;
1523 } else
1524 mount_options = *first;
1525
1526 partition_designator = partition_designator_from_string(partition);
1527 if (partition_designator < 0) {
1528 log_syntax(unit, LOG_WARNING, filename, line, partition_designator,
1529 "Invalid partition name %s, ignoring", partition);
1530 continue;
1531 }
1532 r = unit_full_printf(u, mount_options, &mount_options_resolved);
1533 if (r < 0) {
1534 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options);
1535 continue;
1536 }
1537
1538 o = new(MountOptions, 1);
1539 if (!o)
1540 return log_oom();
1541 *o = (MountOptions) {
1542 .partition_designator = partition_designator,
1543 .options = TAKE_PTR(mount_options_resolved),
1544 };
1545 LIST_APPEND(mount_options, options, TAKE_PTR(o));
1546 }
1547
1548 /* empty spaces/separators only */
1549 if (LIST_IS_EMPTY(options))
1550 c->root_image_options = mount_options_free_all(c->root_image_options);
1551 else
1552 LIST_JOIN(mount_options, c->root_image_options, options);
1553
1554 return 0;
1555 }
1556
1557 int config_parse_exec_root_hash(
1558 const char *unit,
1559 const char *filename,
1560 unsigned line,
1561 const char *section,
1562 unsigned section_line,
1563 const char *lvalue,
1564 int ltype,
1565 const char *rvalue,
1566 void *data,
1567 void *userdata) {
1568
1569 _cleanup_free_ void *roothash_decoded = NULL;
1570 ExecContext *c = data;
1571 size_t roothash_decoded_size = 0;
1572 int r;
1573
1574 assert(data);
1575 assert(filename);
1576 assert(line);
1577 assert(rvalue);
1578
1579 if (isempty(rvalue)) {
1580 /* Reset if the empty string is assigned */
1581 c->root_hash_path = mfree(c->root_hash_path);
1582 c->root_hash = mfree(c->root_hash);
1583 c->root_hash_size = 0;
1584 return 0;
1585 }
1586
1587 if (path_is_absolute(rvalue)) {
1588 /* We have the path to a roothash to load and decode, eg: RootHash=/foo/bar.roothash */
1589 _cleanup_free_ char *p = NULL;
1590
1591 p = strdup(rvalue);
1592 if (!p)
1593 return -ENOMEM;
1594
1595 free_and_replace(c->root_hash_path, p);
1596 c->root_hash = mfree(c->root_hash);
1597 c->root_hash_size = 0;
1598 return 0;
1599 }
1600
1601 /* We have a roothash to decode, eg: RootHash=012345789abcdef */
1602 r = unhexmem(rvalue, strlen(rvalue), &roothash_decoded, &roothash_decoded_size);
1603 if (r < 0) {
1604 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to decode RootHash=, ignoring: %s", rvalue);
1605 return 0;
1606 }
1607 if (roothash_decoded_size < sizeof(sd_id128_t)) {
1608 log_syntax(unit, LOG_WARNING, filename, line, 0, "RootHash= is too short, ignoring: %s", rvalue);
1609 return 0;
1610 }
1611
1612 free_and_replace(c->root_hash, roothash_decoded);
1613 c->root_hash_size = roothash_decoded_size;
1614 c->root_hash_path = mfree(c->root_hash_path);
1615
1616 return 0;
1617 }
1618
1619 int config_parse_exec_root_hash_sig(
1620 const char *unit,
1621 const char *filename,
1622 unsigned line,
1623 const char *section,
1624 unsigned section_line,
1625 const char *lvalue,
1626 int ltype,
1627 const char *rvalue,
1628 void *data,
1629 void *userdata) {
1630
1631 _cleanup_free_ void *roothash_sig_decoded = NULL;
1632 char *value;
1633 ExecContext *c = data;
1634 size_t roothash_sig_decoded_size = 0;
1635 int r;
1636
1637 assert(data);
1638 assert(filename);
1639 assert(line);
1640 assert(rvalue);
1641
1642 if (isempty(rvalue)) {
1643 /* Reset if the empty string is assigned */
1644 c->root_hash_sig_path = mfree(c->root_hash_sig_path);
1645 c->root_hash_sig = mfree(c->root_hash_sig);
1646 c->root_hash_sig_size = 0;
1647 return 0;
1648 }
1649
1650 if (path_is_absolute(rvalue)) {
1651 /* We have the path to a roothash signature to load and decode, eg: RootHashSignature=/foo/bar.roothash.p7s */
1652 _cleanup_free_ char *p = NULL;
1653
1654 p = strdup(rvalue);
1655 if (!p)
1656 return log_oom();
1657
1658 free_and_replace(c->root_hash_sig_path, p);
1659 c->root_hash_sig = mfree(c->root_hash_sig);
1660 c->root_hash_sig_size = 0;
1661 return 0;
1662 }
1663
1664 if (!(value = startswith(rvalue, "base64:"))) {
1665 log_syntax(unit, LOG_WARNING, filename, line, 0,
1666 "Failed to decode RootHashSignature=, not a path but doesn't start with 'base64:', ignoring: %s", rvalue);
1667 return 0;
1668 }
1669
1670 /* We have a roothash signature to decode, eg: RootHashSignature=base64:012345789abcdef */
1671 r = unbase64mem(value, strlen(value), &roothash_sig_decoded, &roothash_sig_decoded_size);
1672 if (r < 0) {
1673 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to decode RootHashSignature=, ignoring: %s", rvalue);
1674 return 0;
1675 }
1676
1677 free_and_replace(c->root_hash_sig, roothash_sig_decoded);
1678 c->root_hash_sig_size = roothash_sig_decoded_size;
1679 c->root_hash_sig_path = mfree(c->root_hash_sig_path);
1680
1681 return 0;
1682 }
1683
1684 int config_parse_exec_cpu_affinity(
1685 const char *unit,
1686 const char *filename,
1687 unsigned line,
1688 const char *section,
1689 unsigned section_line,
1690 const char *lvalue,
1691 int ltype,
1692 const char *rvalue,
1693 void *data,
1694 void *userdata) {
1695
1696 ExecContext *c = data;
1697 int r;
1698
1699 assert(filename);
1700 assert(lvalue);
1701 assert(rvalue);
1702 assert(data);
1703
1704 if (streq(rvalue, "numa")) {
1705 c->cpu_affinity_from_numa = true;
1706 cpu_set_reset(&c->cpu_set);
1707
1708 return 0;
1709 }
1710
1711 r = parse_cpu_set_extend(rvalue, &c->cpu_set, true, unit, filename, line, lvalue);
1712 if (r >= 0)
1713 c->cpu_affinity_from_numa = false;
1714
1715 return 0;
1716 }
1717
1718 int config_parse_capability_set(
1719 const char *unit,
1720 const char *filename,
1721 unsigned line,
1722 const char *section,
1723 unsigned section_line,
1724 const char *lvalue,
1725 int ltype,
1726 const char *rvalue,
1727 void *data,
1728 void *userdata) {
1729
1730 uint64_t *capability_set = data;
1731 uint64_t sum = 0, initial = 0;
1732 bool invert = false;
1733 int r;
1734
1735 assert(filename);
1736 assert(lvalue);
1737 assert(rvalue);
1738 assert(data);
1739
1740 if (rvalue[0] == '~') {
1741 invert = true;
1742 rvalue++;
1743 }
1744
1745 if (streq(lvalue, "CapabilityBoundingSet"))
1746 initial = CAP_ALL; /* initialized to all bits on */
1747 /* else "AmbientCapabilities" initialized to all bits off */
1748
1749 r = capability_set_from_string(rvalue, &sum);
1750 if (r < 0) {
1751 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s= specifier '%s', ignoring: %m", lvalue, rvalue);
1752 return 0;
1753 }
1754
1755 if (sum == 0 || *capability_set == initial)
1756 /* "", "~" or uninitialized data -> replace */
1757 *capability_set = invert ? ~sum : sum;
1758 else {
1759 /* previous data -> merge */
1760 if (invert)
1761 *capability_set &= ~sum;
1762 else
1763 *capability_set |= sum;
1764 }
1765
1766 return 0;
1767 }
1768
1769 int config_parse_exec_selinux_context(
1770 const char *unit,
1771 const char *filename,
1772 unsigned line,
1773 const char *section,
1774 unsigned section_line,
1775 const char *lvalue,
1776 int ltype,
1777 const char *rvalue,
1778 void *data,
1779 void *userdata) {
1780
1781 ExecContext *c = data;
1782 const Unit *u = userdata;
1783 bool ignore;
1784 char *k;
1785 int r;
1786
1787 assert(filename);
1788 assert(lvalue);
1789 assert(rvalue);
1790 assert(data);
1791
1792 if (isempty(rvalue)) {
1793 c->selinux_context = mfree(c->selinux_context);
1794 c->selinux_context_ignore = false;
1795 return 0;
1796 }
1797
1798 if (rvalue[0] == '-') {
1799 ignore = true;
1800 rvalue++;
1801 } else
1802 ignore = false;
1803
1804 r = unit_full_printf(u, rvalue, &k);
1805 if (r < 0) {
1806 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
1807 "Failed to resolve unit specifiers in '%s'%s: %m",
1808 rvalue, ignore ? ", ignoring" : "");
1809 return ignore ? 0 : -ENOEXEC;
1810 }
1811
1812 free_and_replace(c->selinux_context, k);
1813 c->selinux_context_ignore = ignore;
1814
1815 return 0;
1816 }
1817
1818 int config_parse_exec_apparmor_profile(
1819 const char *unit,
1820 const char *filename,
1821 unsigned line,
1822 const char *section,
1823 unsigned section_line,
1824 const char *lvalue,
1825 int ltype,
1826 const char *rvalue,
1827 void *data,
1828 void *userdata) {
1829
1830 ExecContext *c = data;
1831 const Unit *u = userdata;
1832 bool ignore;
1833 char *k;
1834 int r;
1835
1836 assert(filename);
1837 assert(lvalue);
1838 assert(rvalue);
1839 assert(data);
1840
1841 if (isempty(rvalue)) {
1842 c->apparmor_profile = mfree(c->apparmor_profile);
1843 c->apparmor_profile_ignore = false;
1844 return 0;
1845 }
1846
1847 if (rvalue[0] == '-') {
1848 ignore = true;
1849 rvalue++;
1850 } else
1851 ignore = false;
1852
1853 r = unit_full_printf(u, rvalue, &k);
1854 if (r < 0) {
1855 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
1856 "Failed to resolve unit specifiers in '%s'%s: %m",
1857 rvalue, ignore ? ", ignoring" : "");
1858 return ignore ? 0 : -ENOEXEC;
1859 }
1860
1861 free_and_replace(c->apparmor_profile, k);
1862 c->apparmor_profile_ignore = ignore;
1863
1864 return 0;
1865 }
1866
1867 int config_parse_exec_smack_process_label(
1868 const char *unit,
1869 const char *filename,
1870 unsigned line,
1871 const char *section,
1872 unsigned section_line,
1873 const char *lvalue,
1874 int ltype,
1875 const char *rvalue,
1876 void *data,
1877 void *userdata) {
1878
1879 ExecContext *c = data;
1880 const Unit *u = userdata;
1881 bool ignore;
1882 char *k;
1883 int r;
1884
1885 assert(filename);
1886 assert(lvalue);
1887 assert(rvalue);
1888 assert(data);
1889
1890 if (isempty(rvalue)) {
1891 c->smack_process_label = mfree(c->smack_process_label);
1892 c->smack_process_label_ignore = false;
1893 return 0;
1894 }
1895
1896 if (rvalue[0] == '-') {
1897 ignore = true;
1898 rvalue++;
1899 } else
1900 ignore = false;
1901
1902 r = unit_full_printf(u, rvalue, &k);
1903 if (r < 0) {
1904 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
1905 "Failed to resolve unit specifiers in '%s'%s: %m",
1906 rvalue, ignore ? ", ignoring" : "");
1907 return ignore ? 0 : -ENOEXEC;
1908 }
1909
1910 free_and_replace(c->smack_process_label, k);
1911 c->smack_process_label_ignore = ignore;
1912
1913 return 0;
1914 }
1915
1916 int config_parse_timer(
1917 const char *unit,
1918 const char *filename,
1919 unsigned line,
1920 const char *section,
1921 unsigned section_line,
1922 const char *lvalue,
1923 int ltype,
1924 const char *rvalue,
1925 void *data,
1926 void *userdata) {
1927
1928 _cleanup_(calendar_spec_freep) CalendarSpec *c = NULL;
1929 _cleanup_free_ char *k = NULL;
1930 const Unit *u = userdata;
1931 Timer *t = data;
1932 usec_t usec = 0;
1933 TimerValue *v;
1934 int r;
1935
1936 assert(filename);
1937 assert(lvalue);
1938 assert(rvalue);
1939 assert(data);
1940
1941 if (isempty(rvalue)) {
1942 /* Empty assignment resets list */
1943 timer_free_values(t);
1944 return 0;
1945 }
1946
1947 r = unit_full_printf(u, rvalue, &k);
1948 if (r < 0) {
1949 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
1950 return 0;
1951 }
1952
1953 if (ltype == TIMER_CALENDAR) {
1954 r = calendar_spec_from_string(k, &c);
1955 if (r < 0) {
1956 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse calendar specification, ignoring: %s", k);
1957 return 0;
1958 }
1959 } else {
1960 r = parse_sec(k, &usec);
1961 if (r < 0) {
1962 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse timer value, ignoring: %s", k);
1963 return 0;
1964 }
1965 }
1966
1967 v = new(TimerValue, 1);
1968 if (!v)
1969 return log_oom();
1970
1971 *v = (TimerValue) {
1972 .base = ltype,
1973 .value = usec,
1974 .calendar_spec = TAKE_PTR(c),
1975 };
1976
1977 LIST_PREPEND(value, t->values, v);
1978
1979 return 0;
1980 }
1981
1982 int config_parse_trigger_unit(
1983 const char *unit,
1984 const char *filename,
1985 unsigned line,
1986 const char *section,
1987 unsigned section_line,
1988 const char *lvalue,
1989 int ltype,
1990 const char *rvalue,
1991 void *data,
1992 void *userdata) {
1993
1994 _cleanup_free_ char *p = NULL;
1995 Unit *u = data;
1996 UnitType type;
1997 int r;
1998
1999 assert(filename);
2000 assert(lvalue);
2001 assert(rvalue);
2002 assert(data);
2003
2004 if (!hashmap_isempty(u->dependencies[UNIT_TRIGGERS])) {
2005 log_syntax(unit, LOG_WARNING, filename, line, 0, "Multiple units to trigger specified, ignoring: %s", rvalue);
2006 return 0;
2007 }
2008
2009 r = unit_name_printf(u, rvalue, &p);
2010 if (r < 0) {
2011 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2012 return 0;
2013 }
2014
2015 type = unit_name_to_type(p);
2016 if (type < 0) {
2017 log_syntax(unit, LOG_WARNING, filename, line, type, "Unit type not valid, ignoring: %s", rvalue);
2018 return 0;
2019 }
2020 if (unit_has_name(u, p)) {
2021 log_syntax(unit, LOG_WARNING, filename, line, 0, "Units cannot trigger themselves, ignoring: %s", rvalue);
2022 return 0;
2023 }
2024
2025 r = unit_add_two_dependencies_by_name(u, UNIT_BEFORE, UNIT_TRIGGERS, p, true, UNIT_DEPENDENCY_FILE);
2026 if (r < 0) {
2027 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to add trigger on %s, ignoring: %m", p);
2028 return 0;
2029 }
2030
2031 return 0;
2032 }
2033
2034 int config_parse_path_spec(const char *unit,
2035 const char *filename,
2036 unsigned line,
2037 const char *section,
2038 unsigned section_line,
2039 const char *lvalue,
2040 int ltype,
2041 const char *rvalue,
2042 void *data,
2043 void *userdata) {
2044
2045 Path *p = data;
2046 PathSpec *s;
2047 PathType b;
2048 _cleanup_free_ char *k = NULL;
2049 int r;
2050
2051 assert(filename);
2052 assert(lvalue);
2053 assert(rvalue);
2054 assert(data);
2055
2056 if (isempty(rvalue)) {
2057 /* Empty assignment clears list */
2058 path_free_specs(p);
2059 return 0;
2060 }
2061
2062 b = path_type_from_string(lvalue);
2063 if (b < 0) {
2064 log_syntax(unit, LOG_WARNING, filename, line, b, "Failed to parse path type, ignoring: %s", lvalue);
2065 return 0;
2066 }
2067
2068 r = unit_full_printf(UNIT(p), rvalue, &k);
2069 if (r < 0) {
2070 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2071 return 0;
2072 }
2073
2074 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2075 if (r < 0)
2076 return 0;
2077
2078 s = new0(PathSpec, 1);
2079 if (!s)
2080 return log_oom();
2081
2082 s->unit = UNIT(p);
2083 s->path = TAKE_PTR(k);
2084 s->type = b;
2085 s->inotify_fd = -1;
2086
2087 LIST_PREPEND(spec, p->specs, s);
2088
2089 return 0;
2090 }
2091
2092 int config_parse_socket_service(
2093 const char *unit,
2094 const char *filename,
2095 unsigned line,
2096 const char *section,
2097 unsigned section_line,
2098 const char *lvalue,
2099 int ltype,
2100 const char *rvalue,
2101 void *data,
2102 void *userdata) {
2103
2104 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2105 _cleanup_free_ char *p = NULL;
2106 Socket *s = data;
2107 Unit *x;
2108 int r;
2109
2110 assert(filename);
2111 assert(lvalue);
2112 assert(rvalue);
2113 assert(data);
2114
2115 r = unit_name_printf(UNIT(s), rvalue, &p);
2116 if (r < 0) {
2117 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2118 return 0;
2119 }
2120
2121 if (!endswith(p, ".service")) {
2122 log_syntax(unit, LOG_WARNING, filename, line, 0, "Unit must be of type service, ignoring: %s", rvalue);
2123 return 0;
2124 }
2125
2126 r = manager_load_unit(UNIT(s)->manager, p, NULL, &error, &x);
2127 if (r < 0) {
2128 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to load unit %s, ignoring: %s", rvalue, bus_error_message(&error, r));
2129 return 0;
2130 }
2131
2132 unit_ref_set(&s->service, UNIT(s), x);
2133
2134 return 0;
2135 }
2136
2137 int config_parse_fdname(
2138 const char *unit,
2139 const char *filename,
2140 unsigned line,
2141 const char *section,
2142 unsigned section_line,
2143 const char *lvalue,
2144 int ltype,
2145 const char *rvalue,
2146 void *data,
2147 void *userdata) {
2148
2149 _cleanup_free_ char *p = NULL;
2150 Socket *s = data;
2151 int r;
2152
2153 assert(filename);
2154 assert(lvalue);
2155 assert(rvalue);
2156 assert(data);
2157
2158 if (isempty(rvalue)) {
2159 s->fdname = mfree(s->fdname);
2160 return 0;
2161 }
2162
2163 r = unit_full_printf(UNIT(s), rvalue, &p);
2164 if (r < 0) {
2165 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
2166 return 0;
2167 }
2168
2169 if (!fdname_is_valid(p)) {
2170 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid file descriptor name, ignoring: %s", p);
2171 return 0;
2172 }
2173
2174 return free_and_replace(s->fdname, p);
2175 }
2176
2177 int config_parse_service_sockets(
2178 const char *unit,
2179 const char *filename,
2180 unsigned line,
2181 const char *section,
2182 unsigned section_line,
2183 const char *lvalue,
2184 int ltype,
2185 const char *rvalue,
2186 void *data,
2187 void *userdata) {
2188
2189 Service *s = data;
2190 int r;
2191
2192 assert(filename);
2193 assert(lvalue);
2194 assert(rvalue);
2195 assert(data);
2196
2197 for (const char *p = rvalue;;) {
2198 _cleanup_free_ char *word = NULL, *k = NULL;
2199
2200 r = extract_first_word(&p, &word, NULL, 0);
2201 if (r == 0)
2202 return 0;
2203 if (r == -ENOMEM)
2204 return log_oom();
2205 if (r < 0) {
2206 log_syntax(unit, LOG_WARNING, filename, line, r, "Trailing garbage in sockets, ignoring: %s", rvalue);
2207 return 0;
2208 }
2209
2210 r = unit_name_printf(UNIT(s), word, &k);
2211 if (r < 0) {
2212 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
2213 continue;
2214 }
2215
2216 if (!endswith(k, ".socket")) {
2217 log_syntax(unit, LOG_WARNING, filename, line, 0, "Unit must be of type socket, ignoring: %s", k);
2218 continue;
2219 }
2220
2221 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_WANTS, UNIT_AFTER, k, true, UNIT_DEPENDENCY_FILE);
2222 if (r < 0)
2223 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
2224
2225 r = unit_add_dependency_by_name(UNIT(s), UNIT_TRIGGERED_BY, k, true, UNIT_DEPENDENCY_FILE);
2226 if (r < 0)
2227 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
2228 }
2229 }
2230
2231 int config_parse_bus_name(
2232 const char *unit,
2233 const char *filename,
2234 unsigned line,
2235 const char *section,
2236 unsigned section_line,
2237 const char *lvalue,
2238 int ltype,
2239 const char *rvalue,
2240 void *data,
2241 void *userdata) {
2242
2243 _cleanup_free_ char *k = NULL;
2244 const Unit *u = userdata;
2245 int r;
2246
2247 assert(filename);
2248 assert(lvalue);
2249 assert(rvalue);
2250 assert(u);
2251
2252 r = unit_full_printf(u, rvalue, &k);
2253 if (r < 0) {
2254 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2255 return 0;
2256 }
2257
2258 if (!sd_bus_service_name_is_valid(k)) {
2259 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid bus name, ignoring: %s", k);
2260 return 0;
2261 }
2262
2263 return config_parse_string(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
2264 }
2265
2266 int config_parse_service_timeout(
2267 const char *unit,
2268 const char *filename,
2269 unsigned line,
2270 const char *section,
2271 unsigned section_line,
2272 const char *lvalue,
2273 int ltype,
2274 const char *rvalue,
2275 void *data,
2276 void *userdata) {
2277
2278 Service *s = userdata;
2279 usec_t usec;
2280 int r;
2281
2282 assert(filename);
2283 assert(lvalue);
2284 assert(rvalue);
2285 assert(s);
2286
2287 /* This is called for two cases: TimeoutSec= and TimeoutStartSec=. */
2288
2289 /* Traditionally, these options accepted 0 to disable the timeouts. However, a timeout of 0 suggests it happens
2290 * immediately, hence fix this to become USEC_INFINITY instead. This is in-line with how we internally handle
2291 * all other timeouts. */
2292 r = parse_sec_fix_0(rvalue, &usec);
2293 if (r < 0) {
2294 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s= parameter, ignoring: %s", lvalue, rvalue);
2295 return 0;
2296 }
2297
2298 s->start_timeout_defined = true;
2299 s->timeout_start_usec = usec;
2300
2301 if (streq(lvalue, "TimeoutSec"))
2302 s->timeout_stop_usec = usec;
2303
2304 return 0;
2305 }
2306
2307 int config_parse_timeout_abort(
2308 const char *unit,
2309 const char *filename,
2310 unsigned line,
2311 const char *section,
2312 unsigned section_line,
2313 const char *lvalue,
2314 int ltype,
2315 const char *rvalue,
2316 void *data,
2317 void *userdata) {
2318
2319 usec_t *ret = data;
2320 int r;
2321
2322 assert(filename);
2323 assert(lvalue);
2324 assert(rvalue);
2325 assert(ret);
2326
2327 /* Note: apart from setting the arg, this returns an extra bit of information in the return value. */
2328
2329 if (isempty(rvalue)) {
2330 *ret = 0;
2331 return 0; /* "not set" */
2332 }
2333
2334 r = parse_sec(rvalue, ret);
2335 if (r < 0)
2336 return log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s= setting, ignoring: %s", lvalue, rvalue);
2337
2338 return 1; /* "set" */
2339 }
2340
2341 int config_parse_service_timeout_abort(
2342 const char *unit,
2343 const char *filename,
2344 unsigned line,
2345 const char *section,
2346 unsigned section_line,
2347 const char *lvalue,
2348 int ltype,
2349 const char *rvalue,
2350 void *data,
2351 void *userdata) {
2352
2353 Service *s = userdata;
2354 int r;
2355
2356 assert(s);
2357
2358 r = config_parse_timeout_abort(unit, filename, line, section, section_line, lvalue, ltype, rvalue,
2359 &s->timeout_abort_usec, s);
2360 if (r >= 0)
2361 s->timeout_abort_set = r;
2362 return 0;
2363 }
2364
2365 int config_parse_sec_fix_0(
2366 const char *unit,
2367 const char *filename,
2368 unsigned line,
2369 const char *section,
2370 unsigned section_line,
2371 const char *lvalue,
2372 int ltype,
2373 const char *rvalue,
2374 void *data,
2375 void *userdata) {
2376
2377 usec_t *usec = data;
2378 int r;
2379
2380 assert(filename);
2381 assert(lvalue);
2382 assert(rvalue);
2383 assert(usec);
2384
2385 /* This is pretty much like config_parse_sec(), except that this treats a time of 0 as infinity, for
2386 * compatibility with older versions of systemd where 0 instead of infinity was used as indicator to turn off a
2387 * timeout. */
2388
2389 r = parse_sec_fix_0(rvalue, usec);
2390 if (r < 0)
2391 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s= parameter, ignoring: %s", lvalue, rvalue);
2392
2393 return 0;
2394 }
2395
2396 int config_parse_user_group_compat(
2397 const char *unit,
2398 const char *filename,
2399 unsigned line,
2400 const char *section,
2401 unsigned section_line,
2402 const char *lvalue,
2403 int ltype,
2404 const char *rvalue,
2405 void *data,
2406 void *userdata) {
2407
2408 _cleanup_free_ char *k = NULL;
2409 char **user = data;
2410 const Unit *u = userdata;
2411 int r;
2412
2413 assert(filename);
2414 assert(lvalue);
2415 assert(rvalue);
2416 assert(u);
2417
2418 if (isempty(rvalue)) {
2419 *user = mfree(*user);
2420 return 0;
2421 }
2422
2423 r = unit_full_printf(u, rvalue, &k);
2424 if (r < 0) {
2425 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", rvalue);
2426 return -ENOEXEC;
2427 }
2428
2429 if (!valid_user_group_name(k, VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX|VALID_USER_WARN)) {
2430 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
2431 return -ENOEXEC;
2432 }
2433
2434 if (strstr(lvalue, "User") && streq(k, NOBODY_USER_NAME))
2435 log_struct(LOG_NOTICE,
2436 "MESSAGE=%s:%u: Special user %s configured, this is not safe!", filename, line, k,
2437 "UNIT=%s", unit,
2438 "MESSAGE_ID=" SD_MESSAGE_NOBODY_USER_UNSUITABLE_STR,
2439 "OFFENDING_USER=%s", k,
2440 "CONFIG_FILE=%s", filename,
2441 "CONFIG_LINE=%u", line);
2442
2443 return free_and_replace(*user, k);
2444 }
2445
2446 int config_parse_user_group_strv_compat(
2447 const char *unit,
2448 const char *filename,
2449 unsigned line,
2450 const char *section,
2451 unsigned section_line,
2452 const char *lvalue,
2453 int ltype,
2454 const char *rvalue,
2455 void *data,
2456 void *userdata) {
2457
2458 char ***users = data;
2459 const Unit *u = userdata;
2460 int r;
2461
2462 assert(filename);
2463 assert(lvalue);
2464 assert(rvalue);
2465 assert(u);
2466
2467 if (isempty(rvalue)) {
2468 *users = strv_free(*users);
2469 return 0;
2470 }
2471
2472 for (const char *p = rvalue;;) {
2473 _cleanup_free_ char *word = NULL, *k = NULL;
2474
2475 r = extract_first_word(&p, &word, NULL, 0);
2476 if (r == 0)
2477 return 0;
2478 if (r == -ENOMEM)
2479 return log_oom();
2480 if (r < 0) {
2481 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax: %s", rvalue);
2482 return -ENOEXEC;
2483 }
2484
2485 r = unit_full_printf(u, word, &k);
2486 if (r < 0) {
2487 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", word);
2488 return -ENOEXEC;
2489 }
2490
2491 if (!valid_user_group_name(k, VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX|VALID_USER_WARN)) {
2492 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
2493 return -ENOEXEC;
2494 }
2495
2496 r = strv_push(users, k);
2497 if (r < 0)
2498 return log_oom();
2499
2500 k = NULL;
2501 }
2502 }
2503
2504 int config_parse_working_directory(
2505 const char *unit,
2506 const char *filename,
2507 unsigned line,
2508 const char *section,
2509 unsigned section_line,
2510 const char *lvalue,
2511 int ltype,
2512 const char *rvalue,
2513 void *data,
2514 void *userdata) {
2515
2516 ExecContext *c = data;
2517 const Unit *u = userdata;
2518 bool missing_ok;
2519 int r;
2520
2521 assert(filename);
2522 assert(lvalue);
2523 assert(rvalue);
2524 assert(c);
2525 assert(u);
2526
2527 if (isempty(rvalue)) {
2528 c->working_directory_home = false;
2529 c->working_directory = mfree(c->working_directory);
2530 return 0;
2531 }
2532
2533 if (rvalue[0] == '-') {
2534 missing_ok = true;
2535 rvalue++;
2536 } else
2537 missing_ok = false;
2538
2539 if (streq(rvalue, "~")) {
2540 c->working_directory_home = true;
2541 c->working_directory = mfree(c->working_directory);
2542 } else {
2543 _cleanup_free_ char *k = NULL;
2544
2545 r = unit_full_printf(u, rvalue, &k);
2546 if (r < 0) {
2547 log_syntax(unit, missing_ok ? LOG_WARNING : LOG_ERR, filename, line, r,
2548 "Failed to resolve unit specifiers in working directory path '%s'%s: %m",
2549 rvalue, missing_ok ? ", ignoring" : "");
2550 return missing_ok ? 0 : -ENOEXEC;
2551 }
2552
2553 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE | (missing_ok ? 0 : PATH_CHECK_FATAL), unit, filename, line, lvalue);
2554 if (r < 0)
2555 return missing_ok ? 0 : -ENOEXEC;
2556
2557 c->working_directory_home = false;
2558 free_and_replace(c->working_directory, k);
2559 }
2560
2561 c->working_directory_missing_ok = missing_ok;
2562 return 0;
2563 }
2564
2565 int config_parse_unit_env_file(const char *unit,
2566 const char *filename,
2567 unsigned line,
2568 const char *section,
2569 unsigned section_line,
2570 const char *lvalue,
2571 int ltype,
2572 const char *rvalue,
2573 void *data,
2574 void *userdata) {
2575
2576 char ***env = data;
2577 const Unit *u = userdata;
2578 _cleanup_free_ char *n = NULL;
2579 int r;
2580
2581 assert(filename);
2582 assert(lvalue);
2583 assert(rvalue);
2584 assert(data);
2585
2586 if (isempty(rvalue)) {
2587 /* Empty assignment frees the list */
2588 *env = strv_free(*env);
2589 return 0;
2590 }
2591
2592 r = unit_full_printf(u, rvalue, &n);
2593 if (r < 0) {
2594 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
2595 return 0;
2596 }
2597
2598 r = path_simplify_and_warn(n[0] == '-' ? n + 1 : n, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2599 if (r < 0)
2600 return 0;
2601
2602 r = strv_push(env, n);
2603 if (r < 0)
2604 return log_oom();
2605
2606 n = NULL;
2607
2608 return 0;
2609 }
2610
2611 int config_parse_environ(
2612 const char *unit,
2613 const char *filename,
2614 unsigned line,
2615 const char *section,
2616 unsigned section_line,
2617 const char *lvalue,
2618 int ltype,
2619 const char *rvalue,
2620 void *data,
2621 void *userdata) {
2622
2623 const Unit *u = userdata;
2624 char ***env = data;
2625 int r;
2626
2627 assert(filename);
2628 assert(lvalue);
2629 assert(rvalue);
2630 assert(data);
2631
2632 if (isempty(rvalue)) {
2633 /* Empty assignment resets the list */
2634 *env = strv_free(*env);
2635 return 0;
2636 }
2637
2638 for (const char *p = rvalue;; ) {
2639 _cleanup_free_ char *word = NULL, *resolved = NULL;
2640
2641 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
2642 if (r == 0)
2643 return 0;
2644 if (r == -ENOMEM)
2645 return log_oom();
2646 if (r < 0) {
2647 log_syntax(unit, LOG_WARNING, filename, line, r,
2648 "Invalid syntax, ignoring: %s", rvalue);
2649 return 0;
2650 }
2651
2652 if (u) {
2653 r = unit_full_printf(u, word, &resolved);
2654 if (r < 0) {
2655 log_syntax(unit, LOG_WARNING, filename, line, r,
2656 "Failed to resolve unit specifiers in %s, ignoring: %m", word);
2657 continue;
2658 }
2659 } else
2660 resolved = TAKE_PTR(word);
2661
2662 if (!env_assignment_is_valid(resolved)) {
2663 log_syntax(unit, LOG_WARNING, filename, line, 0,
2664 "Invalid environment assignment, ignoring: %s", resolved);
2665 continue;
2666 }
2667
2668 r = strv_env_replace_consume(env, TAKE_PTR(resolved));
2669 if (r < 0)
2670 return log_error_errno(r, "Failed to update environment: %m");
2671 }
2672 }
2673
2674 int config_parse_pass_environ(
2675 const char *unit,
2676 const char *filename,
2677 unsigned line,
2678 const char *section,
2679 unsigned section_line,
2680 const char *lvalue,
2681 int ltype,
2682 const char *rvalue,
2683 void *data,
2684 void *userdata) {
2685
2686 _cleanup_strv_free_ char **n = NULL;
2687 size_t nlen = 0, nbufsize = 0;
2688 char*** passenv = data;
2689 const Unit *u = userdata;
2690 int r;
2691
2692 assert(filename);
2693 assert(lvalue);
2694 assert(rvalue);
2695 assert(data);
2696
2697 if (isempty(rvalue)) {
2698 /* Empty assignment resets the list */
2699 *passenv = strv_free(*passenv);
2700 return 0;
2701 }
2702
2703 for (const char *p = rvalue;;) {
2704 _cleanup_free_ char *word = NULL, *k = NULL;
2705
2706 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
2707 if (r == 0)
2708 break;
2709 if (r == -ENOMEM)
2710 return log_oom();
2711 if (r < 0) {
2712 log_syntax(unit, LOG_WARNING, filename, line, r,
2713 "Trailing garbage in %s, ignoring: %s", lvalue, rvalue);
2714 break;
2715 }
2716
2717 if (u) {
2718 r = unit_full_printf(u, word, &k);
2719 if (r < 0) {
2720 log_syntax(unit, LOG_WARNING, filename, line, r,
2721 "Failed to resolve specifiers in %s, ignoring: %m", word);
2722 continue;
2723 }
2724 } else
2725 k = TAKE_PTR(word);
2726
2727 if (!env_name_is_valid(k)) {
2728 log_syntax(unit, LOG_WARNING, filename, line, 0,
2729 "Invalid environment name for %s, ignoring: %s", lvalue, k);
2730 continue;
2731 }
2732
2733 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
2734 return log_oom();
2735
2736 n[nlen++] = TAKE_PTR(k);
2737 n[nlen] = NULL;
2738 }
2739
2740 if (n) {
2741 r = strv_extend_strv(passenv, n, true);
2742 if (r < 0)
2743 return log_oom();
2744 }
2745
2746 return 0;
2747 }
2748
2749 int config_parse_unset_environ(
2750 const char *unit,
2751 const char *filename,
2752 unsigned line,
2753 const char *section,
2754 unsigned section_line,
2755 const char *lvalue,
2756 int ltype,
2757 const char *rvalue,
2758 void *data,
2759 void *userdata) {
2760
2761 _cleanup_strv_free_ char **n = NULL;
2762 size_t nlen = 0, nbufsize = 0;
2763 char*** unsetenv = data;
2764 const Unit *u = userdata;
2765 int r;
2766
2767 assert(filename);
2768 assert(lvalue);
2769 assert(rvalue);
2770 assert(data);
2771
2772 if (isempty(rvalue)) {
2773 /* Empty assignment resets the list */
2774 *unsetenv = strv_free(*unsetenv);
2775 return 0;
2776 }
2777
2778 for (const char *p = rvalue;;) {
2779 _cleanup_free_ char *word = NULL, *k = NULL;
2780
2781 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
2782 if (r == 0)
2783 break;
2784 if (r == -ENOMEM)
2785 return log_oom();
2786 if (r < 0) {
2787 log_syntax(unit, LOG_WARNING, filename, line, r,
2788 "Trailing garbage in %s, ignoring: %s", lvalue, rvalue);
2789 break;
2790 }
2791
2792 if (u) {
2793 r = unit_full_printf(u, word, &k);
2794 if (r < 0) {
2795 log_syntax(unit, LOG_WARNING, filename, line, r,
2796 "Failed to resolve unit specifiers in %s, ignoring: %m", word);
2797 continue;
2798 }
2799 } else
2800 k = TAKE_PTR(word);
2801
2802 if (!env_assignment_is_valid(k) && !env_name_is_valid(k)) {
2803 log_syntax(unit, LOG_WARNING, filename, line, 0,
2804 "Invalid environment name or assignment %s, ignoring: %s", lvalue, k);
2805 continue;
2806 }
2807
2808 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
2809 return log_oom();
2810
2811 n[nlen++] = TAKE_PTR(k);
2812 n[nlen] = NULL;
2813 }
2814
2815 if (n) {
2816 r = strv_extend_strv(unsetenv, n, true);
2817 if (r < 0)
2818 return log_oom();
2819 }
2820
2821 return 0;
2822 }
2823
2824 int config_parse_log_extra_fields(
2825 const char *unit,
2826 const char *filename,
2827 unsigned line,
2828 const char *section,
2829 unsigned section_line,
2830 const char *lvalue,
2831 int ltype,
2832 const char *rvalue,
2833 void *data,
2834 void *userdata) {
2835
2836 ExecContext *c = data;
2837 const Unit *u = userdata;
2838 int r;
2839
2840 assert(filename);
2841 assert(lvalue);
2842 assert(rvalue);
2843 assert(c);
2844
2845 if (isempty(rvalue)) {
2846 exec_context_free_log_extra_fields(c);
2847 return 0;
2848 }
2849
2850 for (const char *p = rvalue;;) {
2851 _cleanup_free_ char *word = NULL, *k = NULL;
2852 struct iovec *t;
2853 const char *eq;
2854
2855 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
2856 if (r == 0)
2857 return 0;
2858 if (r == -ENOMEM)
2859 return log_oom();
2860 if (r < 0) {
2861 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
2862 return 0;
2863 }
2864
2865 r = unit_full_printf(u, word, &k);
2866 if (r < 0) {
2867 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", word);
2868 continue;
2869 }
2870
2871 eq = strchr(k, '=');
2872 if (!eq) {
2873 log_syntax(unit, LOG_WARNING, filename, line, 0, "Log field lacks '=' character, ignoring: %s", k);
2874 continue;
2875 }
2876
2877 if (!journal_field_valid(k, eq-k, false)) {
2878 log_syntax(unit, LOG_WARNING, filename, line, 0, "Log field name is invalid, ignoring: %s", k);
2879 continue;
2880 }
2881
2882 t = reallocarray(c->log_extra_fields, c->n_log_extra_fields+1, sizeof(struct iovec));
2883 if (!t)
2884 return log_oom();
2885
2886 c->log_extra_fields = t;
2887 c->log_extra_fields[c->n_log_extra_fields++] = IOVEC_MAKE_STRING(k);
2888
2889 k = NULL;
2890 }
2891 }
2892
2893 int config_parse_log_namespace(
2894 const char *unit,
2895 const char *filename,
2896 unsigned line,
2897 const char *section,
2898 unsigned section_line,
2899 const char *lvalue,
2900 int ltype,
2901 const char *rvalue,
2902 void *data,
2903 void *userdata) {
2904
2905 _cleanup_free_ char *k = NULL;
2906 ExecContext *c = data;
2907 const Unit *u = userdata;
2908 int r;
2909
2910 assert(filename);
2911 assert(lvalue);
2912 assert(rvalue);
2913 assert(c);
2914
2915 if (isempty(rvalue)) {
2916 c->log_namespace = mfree(c->log_namespace);
2917 return 0;
2918 }
2919
2920 r = unit_full_printf(u, rvalue, &k);
2921 if (r < 0) {
2922 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2923 return 0;
2924 }
2925
2926 if (!log_namespace_name_valid(k)) {
2927 log_syntax(unit, LOG_WARNING, filename, line, 0, "Specified log namespace name is not valid, ignoring: %s", k);
2928 return 0;
2929 }
2930
2931 free_and_replace(c->log_namespace, k);
2932 return 0;
2933 }
2934
2935 int config_parse_unit_condition_path(
2936 const char *unit,
2937 const char *filename,
2938 unsigned line,
2939 const char *section,
2940 unsigned section_line,
2941 const char *lvalue,
2942 int ltype,
2943 const char *rvalue,
2944 void *data,
2945 void *userdata) {
2946
2947 _cleanup_free_ char *p = NULL;
2948 Condition **list = data, *c;
2949 ConditionType t = ltype;
2950 bool trigger, negate;
2951 const Unit *u = userdata;
2952 int r;
2953
2954 assert(filename);
2955 assert(lvalue);
2956 assert(rvalue);
2957 assert(data);
2958
2959 if (isempty(rvalue)) {
2960 /* Empty assignment resets the list */
2961 *list = condition_free_list(*list);
2962 return 0;
2963 }
2964
2965 trigger = rvalue[0] == '|';
2966 if (trigger)
2967 rvalue++;
2968
2969 negate = rvalue[0] == '!';
2970 if (negate)
2971 rvalue++;
2972
2973 r = unit_full_printf(u, rvalue, &p);
2974 if (r < 0) {
2975 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2976 return 0;
2977 }
2978
2979 r = path_simplify_and_warn(p, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2980 if (r < 0)
2981 return 0;
2982
2983 c = condition_new(t, p, trigger, negate);
2984 if (!c)
2985 return log_oom();
2986
2987 LIST_PREPEND(conditions, *list, c);
2988 return 0;
2989 }
2990
2991 int config_parse_unit_condition_string(
2992 const char *unit,
2993 const char *filename,
2994 unsigned line,
2995 const char *section,
2996 unsigned section_line,
2997 const char *lvalue,
2998 int ltype,
2999 const char *rvalue,
3000 void *data,
3001 void *userdata) {
3002
3003 _cleanup_free_ char *s = NULL;
3004 Condition **list = data, *c;
3005 ConditionType t = ltype;
3006 bool trigger, negate;
3007 const Unit *u = userdata;
3008 int r;
3009
3010 assert(filename);
3011 assert(lvalue);
3012 assert(rvalue);
3013 assert(data);
3014
3015 if (isempty(rvalue)) {
3016 /* Empty assignment resets the list */
3017 *list = condition_free_list(*list);
3018 return 0;
3019 }
3020
3021 trigger = *rvalue == '|';
3022 if (trigger)
3023 rvalue += 1 + strspn(rvalue + 1, WHITESPACE);
3024
3025 negate = *rvalue == '!';
3026 if (negate)
3027 rvalue += 1 + strspn(rvalue + 1, WHITESPACE);
3028
3029 r = unit_full_printf(u, rvalue, &s);
3030 if (r < 0) {
3031 log_syntax(unit, LOG_WARNING, filename, line, r,
3032 "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
3033 return 0;
3034 }
3035
3036 c = condition_new(t, s, trigger, negate);
3037 if (!c)
3038 return log_oom();
3039
3040 LIST_PREPEND(conditions, *list, c);
3041 return 0;
3042 }
3043
3044 int config_parse_unit_requires_mounts_for(
3045 const char *unit,
3046 const char *filename,
3047 unsigned line,
3048 const char *section,
3049 unsigned section_line,
3050 const char *lvalue,
3051 int ltype,
3052 const char *rvalue,
3053 void *data,
3054 void *userdata) {
3055
3056 Unit *u = userdata;
3057 int r;
3058
3059 assert(filename);
3060 assert(lvalue);
3061 assert(rvalue);
3062 assert(data);
3063
3064 for (const char *p = rvalue;;) {
3065 _cleanup_free_ char *word = NULL, *resolved = NULL;
3066
3067 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
3068 if (r == 0)
3069 return 0;
3070 if (r == -ENOMEM)
3071 return log_oom();
3072 if (r < 0) {
3073 log_syntax(unit, LOG_WARNING, filename, line, r,
3074 "Invalid syntax, ignoring: %s", rvalue);
3075 return 0;
3076 }
3077
3078 r = unit_full_printf(u, word, &resolved);
3079 if (r < 0) {
3080 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
3081 continue;
3082 }
3083
3084 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
3085 if (r < 0)
3086 continue;
3087
3088 r = unit_require_mounts_for(u, resolved, UNIT_DEPENDENCY_FILE);
3089 if (r < 0) {
3090 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to add required mount '%s', ignoring: %m", resolved);
3091 continue;
3092 }
3093 }
3094 }
3095
3096 int config_parse_documentation(
3097 const char *unit,
3098 const char *filename,
3099 unsigned line,
3100 const char *section,
3101 unsigned section_line,
3102 const char *lvalue,
3103 int ltype,
3104 const char *rvalue,
3105 void *data,
3106 void *userdata) {
3107
3108 Unit *u = userdata;
3109 int r;
3110 char **a, **b;
3111
3112 assert(filename);
3113 assert(lvalue);
3114 assert(rvalue);
3115 assert(u);
3116
3117 if (isempty(rvalue)) {
3118 /* Empty assignment resets the list */
3119 u->documentation = strv_free(u->documentation);
3120 return 0;
3121 }
3122
3123 r = config_parse_unit_strv_printf(unit, filename, line, section, section_line, lvalue, ltype,
3124 rvalue, data, userdata);
3125 if (r < 0)
3126 return r;
3127
3128 for (a = b = u->documentation; a && *a; a++) {
3129
3130 if (documentation_url_is_valid(*a))
3131 *(b++) = *a;
3132 else {
3133 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid URL, ignoring: %s", *a);
3134 free(*a);
3135 }
3136 }
3137 if (b)
3138 *b = NULL;
3139
3140 return 0;
3141 }
3142
3143 #if HAVE_SECCOMP
3144 int config_parse_syscall_filter(
3145 const char *unit,
3146 const char *filename,
3147 unsigned line,
3148 const char *section,
3149 unsigned section_line,
3150 const char *lvalue,
3151 int ltype,
3152 const char *rvalue,
3153 void *data,
3154 void *userdata) {
3155
3156 ExecContext *c = data;
3157 _unused_ const Unit *u = userdata;
3158 bool invert = false;
3159 int r;
3160
3161 assert(filename);
3162 assert(lvalue);
3163 assert(rvalue);
3164 assert(u);
3165
3166 if (isempty(rvalue)) {
3167 /* Empty assignment resets the list */
3168 c->syscall_filter = hashmap_free(c->syscall_filter);
3169 c->syscall_allow_list = false;
3170 return 0;
3171 }
3172
3173 if (rvalue[0] == '~') {
3174 invert = true;
3175 rvalue++;
3176 }
3177
3178 if (!c->syscall_filter) {
3179 c->syscall_filter = hashmap_new(NULL);
3180 if (!c->syscall_filter)
3181 return log_oom();
3182
3183 if (invert)
3184 /* Allow everything but the ones listed */
3185 c->syscall_allow_list = false;
3186 else {
3187 /* Allow nothing but the ones listed */
3188 c->syscall_allow_list = true;
3189
3190 /* Accept default syscalls if we are on a allow_list */
3191 r = seccomp_parse_syscall_filter(
3192 "@default", -1, c->syscall_filter,
3193 SECCOMP_PARSE_PERMISSIVE|SECCOMP_PARSE_ALLOW_LIST,
3194 unit,
3195 NULL, 0);
3196 if (r < 0)
3197 return r;
3198 }
3199 }
3200
3201 for (const char *p = rvalue;;) {
3202 _cleanup_free_ char *word = NULL, *name = NULL;
3203 int num;
3204
3205 r = extract_first_word(&p, &word, NULL, 0);
3206 if (r == 0)
3207 return 0;
3208 if (r == -ENOMEM)
3209 return log_oom();
3210 if (r < 0) {
3211 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
3212 return 0;
3213 }
3214
3215 r = parse_syscall_and_errno(word, &name, &num);
3216 if (r < 0) {
3217 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse syscall:errno, ignoring: %s", word);
3218 continue;
3219 }
3220
3221 r = seccomp_parse_syscall_filter(
3222 name, num, c->syscall_filter,
3223 SECCOMP_PARSE_LOG|SECCOMP_PARSE_PERMISSIVE|
3224 (invert ? SECCOMP_PARSE_INVERT : 0)|
3225 (c->syscall_allow_list ? SECCOMP_PARSE_ALLOW_LIST : 0),
3226 unit, filename, line);
3227 if (r < 0)
3228 return r;
3229 }
3230 }
3231
3232 int config_parse_syscall_log(
3233 const char *unit,
3234 const char *filename,
3235 unsigned line,
3236 const char *section,
3237 unsigned section_line,
3238 const char *lvalue,
3239 int ltype,
3240 const char *rvalue,
3241 void *data,
3242 void *userdata) {
3243
3244 ExecContext *c = data;
3245 _unused_ const Unit *u = userdata;
3246 bool invert = false;
3247 const char *p;
3248 int r;
3249
3250 assert(filename);
3251 assert(lvalue);
3252 assert(rvalue);
3253 assert(u);
3254
3255 if (isempty(rvalue)) {
3256 /* Empty assignment resets the list */
3257 c->syscall_log = hashmap_free(c->syscall_log);
3258 c->syscall_log_allow_list = false;
3259 return 0;
3260 }
3261
3262 if (rvalue[0] == '~') {
3263 invert = true;
3264 rvalue++;
3265 }
3266
3267 if (!c->syscall_log) {
3268 c->syscall_log = hashmap_new(NULL);
3269 if (!c->syscall_log)
3270 return log_oom();
3271
3272 if (invert)
3273 /* Log everything but the ones listed */
3274 c->syscall_log_allow_list = false;
3275 else
3276 /* Log nothing but the ones listed */
3277 c->syscall_log_allow_list = true;
3278 }
3279
3280 p = rvalue;
3281 for (;;) {
3282 _cleanup_free_ char *word = NULL, *name = NULL;
3283 int num;
3284
3285 r = extract_first_word(&p, &word, NULL, 0);
3286 if (r == 0)
3287 return 0;
3288 if (r == -ENOMEM)
3289 return log_oom();
3290 if (r < 0) {
3291 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
3292 return 0;
3293 }
3294
3295 r = parse_syscall_and_errno(word, &name, &num);
3296 if (r < 0 || num >= 0) { /* errno code not allowed */
3297 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse syscall, ignoring: %s", word);
3298 continue;
3299 }
3300
3301 r = seccomp_parse_syscall_filter(
3302 name, 0, c->syscall_log,
3303 SECCOMP_PARSE_LOG|SECCOMP_PARSE_PERMISSIVE|
3304 (invert ? SECCOMP_PARSE_INVERT : 0)|
3305 (c->syscall_log_allow_list ? SECCOMP_PARSE_ALLOW_LIST : 0),
3306 unit, filename, line);
3307 if (r < 0)
3308 return r;
3309 }
3310 }
3311
3312 int config_parse_syscall_archs(
3313 const char *unit,
3314 const char *filename,
3315 unsigned line,
3316 const char *section,
3317 unsigned section_line,
3318 const char *lvalue,
3319 int ltype,
3320 const char *rvalue,
3321 void *data,
3322 void *userdata) {
3323
3324 Set **archs = data;
3325 int r;
3326
3327 if (isempty(rvalue)) {
3328 *archs = set_free(*archs);
3329 return 0;
3330 }
3331
3332 for (const char *p = rvalue;;) {
3333 _cleanup_free_ char *word = NULL;
3334 uint32_t a;
3335
3336 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
3337 if (r == 0)
3338 return 0;
3339 if (r == -ENOMEM)
3340 return log_oom();
3341 if (r < 0) {
3342 log_syntax(unit, LOG_WARNING, filename, line, r,
3343 "Invalid syntax, ignoring: %s", rvalue);
3344 return 0;
3345 }
3346
3347 r = seccomp_arch_from_string(word, &a);
3348 if (r < 0) {
3349 log_syntax(unit, LOG_WARNING, filename, line, r,
3350 "Failed to parse system call architecture \"%s\", ignoring: %m", word);
3351 continue;
3352 }
3353
3354 r = set_ensure_put(archs, NULL, UINT32_TO_PTR(a + 1));
3355 if (r < 0)
3356 return log_oom();
3357 }
3358 }
3359
3360 int config_parse_syscall_errno(
3361 const char *unit,
3362 const char *filename,
3363 unsigned line,
3364 const char *section,
3365 unsigned section_line,
3366 const char *lvalue,
3367 int ltype,
3368 const char *rvalue,
3369 void *data,
3370 void *userdata) {
3371
3372 ExecContext *c = data;
3373 int e;
3374
3375 assert(filename);
3376 assert(lvalue);
3377 assert(rvalue);
3378
3379 if (isempty(rvalue) || streq(rvalue, "kill")) {
3380 /* Empty assignment resets to KILL */
3381 c->syscall_errno = SECCOMP_ERROR_NUMBER_KILL;
3382 return 0;
3383 }
3384
3385 e = parse_errno(rvalue);
3386 if (e < 0) {
3387 log_syntax(unit, LOG_WARNING, filename, line, e, "Failed to parse error number, ignoring: %s", rvalue);
3388 return 0;
3389 }
3390 if (e == 0) {
3391 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid error number, ignoring: %s", rvalue);
3392 return 0;
3393 }
3394
3395 c->syscall_errno = e;
3396 return 0;
3397 }
3398
3399 int config_parse_address_families(
3400 const char *unit,
3401 const char *filename,
3402 unsigned line,
3403 const char *section,
3404 unsigned section_line,
3405 const char *lvalue,
3406 int ltype,
3407 const char *rvalue,
3408 void *data,
3409 void *userdata) {
3410
3411 ExecContext *c = data;
3412 bool invert = false;
3413 int r;
3414
3415 assert(filename);
3416 assert(lvalue);
3417 assert(rvalue);
3418
3419 if (isempty(rvalue)) {
3420 /* Empty assignment resets the list */
3421 c->address_families = set_free(c->address_families);
3422 c->address_families_allow_list = false;
3423 return 0;
3424 }
3425
3426 if (rvalue[0] == '~') {
3427 invert = true;
3428 rvalue++;
3429 }
3430
3431 if (!c->address_families) {
3432 c->address_families = set_new(NULL);
3433 if (!c->address_families)
3434 return log_oom();
3435
3436 c->address_families_allow_list = !invert;
3437 }
3438
3439 for (const char *p = rvalue;;) {
3440 _cleanup_free_ char *word = NULL;
3441 int af;
3442
3443 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
3444 if (r == 0)
3445 return 0;
3446 if (r == -ENOMEM)
3447 return log_oom();
3448 if (r < 0) {
3449 log_syntax(unit, LOG_WARNING, filename, line, r,
3450 "Invalid syntax, ignoring: %s", rvalue);
3451 return 0;
3452 }
3453
3454 af = af_from_name(word);
3455 if (af < 0) {
3456 log_syntax(unit, LOG_WARNING, filename, line, af,
3457 "Failed to parse address family, ignoring: %s", word);
3458 continue;
3459 }
3460
3461 /* If we previously wanted to forbid an address family and now
3462 * we want to allow it, then just remove it from the list.
3463 */
3464 if (!invert == c->address_families_allow_list) {
3465 r = set_put(c->address_families, INT_TO_PTR(af));
3466 if (r < 0)
3467 return log_oom();
3468 } else
3469 set_remove(c->address_families, INT_TO_PTR(af));
3470 }
3471 }
3472
3473 int config_parse_restrict_namespaces(
3474 const char *unit,
3475 const char *filename,
3476 unsigned line,
3477 const char *section,
3478 unsigned section_line,
3479 const char *lvalue,
3480 int ltype,
3481 const char *rvalue,
3482 void *data,
3483 void *userdata) {
3484
3485 ExecContext *c = data;
3486 unsigned long flags;
3487 bool invert = false;
3488 int r;
3489
3490 if (isempty(rvalue)) {
3491 /* Reset to the default. */
3492 c->restrict_namespaces = NAMESPACE_FLAGS_INITIAL;
3493 return 0;
3494 }
3495
3496 /* Boolean parameter ignores the previous settings */
3497 r = parse_boolean(rvalue);
3498 if (r > 0) {
3499 c->restrict_namespaces = 0;
3500 return 0;
3501 } else if (r == 0) {
3502 c->restrict_namespaces = NAMESPACE_FLAGS_ALL;
3503 return 0;
3504 }
3505
3506 if (rvalue[0] == '~') {
3507 invert = true;
3508 rvalue++;
3509 }
3510
3511 /* Not a boolean argument, in this case it's a list of namespace types. */
3512 r = namespace_flags_from_string(rvalue, &flags);
3513 if (r < 0) {
3514 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse namespace type string, ignoring: %s", rvalue);
3515 return 0;
3516 }
3517
3518 if (c->restrict_namespaces == NAMESPACE_FLAGS_INITIAL)
3519 /* Initial assignment. Just set the value. */
3520 c->restrict_namespaces = invert ? (~flags) & NAMESPACE_FLAGS_ALL : flags;
3521 else
3522 /* Merge the value with the previous one. */
3523 SET_FLAG(c->restrict_namespaces, flags, !invert);
3524
3525 return 0;
3526 }
3527 #endif
3528
3529 int config_parse_unit_slice(
3530 const char *unit,
3531 const char *filename,
3532 unsigned line,
3533 const char *section,
3534 unsigned section_line,
3535 const char *lvalue,
3536 int ltype,
3537 const char *rvalue,
3538 void *data,
3539 void *userdata) {
3540
3541 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
3542 _cleanup_free_ char *k = NULL;
3543 Unit *u = userdata, *slice;
3544 int r;
3545
3546 assert(filename);
3547 assert(lvalue);
3548 assert(rvalue);
3549 assert(u);
3550
3551 r = unit_name_printf(u, rvalue, &k);
3552 if (r < 0) {
3553 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
3554 return 0;
3555 }
3556
3557 r = manager_load_unit(u->manager, k, NULL, &error, &slice);
3558 if (r < 0) {
3559 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to load slice unit %s, ignoring: %s", k, bus_error_message(&error, r));
3560 return 0;
3561 }
3562
3563 r = unit_set_slice(u, slice);
3564 if (r < 0) {
3565 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to assign slice %s to unit %s, ignoring: %m", slice->id, u->id);
3566 return 0;
3567 }
3568
3569 return 0;
3570 }
3571
3572 int config_parse_cpu_quota(
3573 const char *unit,
3574 const char *filename,
3575 unsigned line,
3576 const char *section,
3577 unsigned section_line,
3578 const char *lvalue,
3579 int ltype,
3580 const char *rvalue,
3581 void *data,
3582 void *userdata) {
3583
3584 CGroupContext *c = data;
3585 int r;
3586
3587 assert(filename);
3588 assert(lvalue);
3589 assert(rvalue);
3590
3591 if (isempty(rvalue)) {
3592 c->cpu_quota_per_sec_usec = USEC_INFINITY;
3593 return 0;
3594 }
3595
3596 r = parse_permille_unbounded(rvalue);
3597 if (r <= 0) {
3598 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid CPU quota '%s', ignoring.", rvalue);
3599 return 0;
3600 }
3601
3602 c->cpu_quota_per_sec_usec = ((usec_t) r * USEC_PER_SEC) / 1000U;
3603 return 0;
3604 }
3605
3606 int config_parse_allowed_cpus(
3607 const char *unit,
3608 const char *filename,
3609 unsigned line,
3610 const char *section,
3611 unsigned section_line,
3612 const char *lvalue,
3613 int ltype,
3614 const char *rvalue,
3615 void *data,
3616 void *userdata) {
3617
3618 CGroupContext *c = data;
3619
3620 (void) parse_cpu_set_extend(rvalue, &c->cpuset_cpus, true, unit, filename, line, lvalue);
3621
3622 return 0;
3623 }
3624
3625 int config_parse_allowed_mems(
3626 const char *unit,
3627 const char *filename,
3628 unsigned line,
3629 const char *section,
3630 unsigned section_line,
3631 const char *lvalue,
3632 int ltype,
3633 const char *rvalue,
3634 void *data,
3635 void *userdata) {
3636
3637 CGroupContext *c = data;
3638
3639 (void) parse_cpu_set_extend(rvalue, &c->cpuset_mems, true, unit, filename, line, lvalue);
3640
3641 return 0;
3642 }
3643
3644 int config_parse_memory_limit(
3645 const char *unit,
3646 const char *filename,
3647 unsigned line,
3648 const char *section,
3649 unsigned section_line,
3650 const char *lvalue,
3651 int ltype,
3652 const char *rvalue,
3653 void *data,
3654 void *userdata) {
3655
3656 CGroupContext *c = data;
3657 uint64_t bytes = CGROUP_LIMIT_MAX;
3658 int r;
3659
3660 if (isempty(rvalue) && STR_IN_SET(lvalue, "DefaultMemoryLow",
3661 "DefaultMemoryMin",
3662 "MemoryLow",
3663 "MemoryMin"))
3664 bytes = CGROUP_LIMIT_MIN;
3665 else if (!isempty(rvalue) && !streq(rvalue, "infinity")) {
3666
3667 r = parse_permille(rvalue);
3668 if (r < 0) {
3669 r = parse_size(rvalue, 1024, &bytes);
3670 if (r < 0) {
3671 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid memory limit '%s', ignoring: %m", rvalue);
3672 return 0;
3673 }
3674 } else
3675 bytes = physical_memory_scale(r, 1000U);
3676
3677 if (bytes >= UINT64_MAX ||
3678 (bytes <= 0 && !STR_IN_SET(lvalue, "MemorySwapMax", "MemoryLow", "MemoryMin", "DefaultMemoryLow", "DefaultMemoryMin"))) {
3679 log_syntax(unit, LOG_WARNING, filename, line, 0, "Memory limit '%s' out of range, ignoring.", rvalue);
3680 return 0;
3681 }
3682 }
3683
3684 if (streq(lvalue, "DefaultMemoryLow")) {
3685 c->default_memory_low = bytes;
3686 c->default_memory_low_set = true;
3687 } else if (streq(lvalue, "DefaultMemoryMin")) {
3688 c->default_memory_min = bytes;
3689 c->default_memory_min_set = true;
3690 } else if (streq(lvalue, "MemoryMin")) {
3691 c->memory_min = bytes;
3692 c->memory_min_set = true;
3693 } else if (streq(lvalue, "MemoryLow")) {
3694 c->memory_low = bytes;
3695 c->memory_low_set = true;
3696 } else if (streq(lvalue, "MemoryHigh"))
3697 c->memory_high = bytes;
3698 else if (streq(lvalue, "MemoryMax"))
3699 c->memory_max = bytes;
3700 else if (streq(lvalue, "MemorySwapMax"))
3701 c->memory_swap_max = bytes;
3702 else if (streq(lvalue, "MemoryLimit"))
3703 c->memory_limit = bytes;
3704 else
3705 return -EINVAL;
3706
3707 return 0;
3708 }
3709
3710 int config_parse_tasks_max(
3711 const char *unit,
3712 const char *filename,
3713 unsigned line,
3714 const char *section,
3715 unsigned section_line,
3716 const char *lvalue,
3717 int ltype,
3718 const char *rvalue,
3719 void *data,
3720 void *userdata) {
3721
3722 const Unit *u = userdata;
3723 TasksMax *tasks_max = data;
3724 uint64_t v;
3725 int r;
3726
3727 if (isempty(rvalue)) {
3728 *tasks_max = u ? u->manager->default_tasks_max : TASKS_MAX_UNSET;
3729 return 0;
3730 }
3731
3732 if (streq(rvalue, "infinity")) {
3733 *tasks_max = TASKS_MAX_UNSET;
3734 return 0;
3735 }
3736
3737 r = parse_permille(rvalue);
3738 if (r >= 0)
3739 *tasks_max = (TasksMax) { r, 1000U }; /* r‰ */
3740 else {
3741 r = safe_atou64(rvalue, &v);
3742 if (r < 0) {
3743 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid maximum tasks value '%s', ignoring: %m", rvalue);
3744 return 0;
3745 }
3746
3747 if (v <= 0 || v >= UINT64_MAX) {
3748 log_syntax(unit, LOG_WARNING, filename, line, 0, "Maximum tasks value '%s' out of range, ignoring.", rvalue);
3749 return 0;
3750 }
3751
3752 *tasks_max = (TasksMax) { v };
3753 }
3754
3755 return 0;
3756 }
3757
3758 int config_parse_delegate(
3759 const char *unit,
3760 const char *filename,
3761 unsigned line,
3762 const char *section,
3763 unsigned section_line,
3764 const char *lvalue,
3765 int ltype,
3766 const char *rvalue,
3767 void *data,
3768 void *userdata) {
3769
3770 CGroupContext *c = data;
3771 UnitType t;
3772 int r;
3773
3774 t = unit_name_to_type(unit);
3775 assert(t != _UNIT_TYPE_INVALID);
3776
3777 if (!unit_vtable[t]->can_delegate) {
3778 log_syntax(unit, LOG_WARNING, filename, line, 0, "Delegate= setting not supported for this unit type, ignoring.");
3779 return 0;
3780 }
3781
3782 /* We either accept a boolean value, which may be used to turn on delegation for all controllers, or turn it
3783 * off for all. Or it takes a list of controller names, in which case we add the specified controllers to the
3784 * mask to delegate. */
3785
3786 if (isempty(rvalue)) {
3787 /* An empty string resets controllers and set Delegate=yes. */
3788 c->delegate = true;
3789 c->delegate_controllers = 0;
3790 return 0;
3791 }
3792
3793 r = parse_boolean(rvalue);
3794 if (r < 0) {
3795 CGroupMask mask = 0;
3796
3797 for (const char *p = rvalue;;) {
3798 _cleanup_free_ char *word = NULL;
3799 CGroupController cc;
3800
3801 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
3802 if (r == 0)
3803 break;
3804 if (r == -ENOMEM)
3805 return log_oom();
3806 if (r < 0) {
3807 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
3808 return 0;
3809 }
3810
3811 cc = cgroup_controller_from_string(word);
3812 if (cc < 0) {
3813 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid controller name '%s', ignoring", word);
3814 continue;
3815 }
3816
3817 mask |= CGROUP_CONTROLLER_TO_MASK(cc);
3818 }
3819
3820 c->delegate = true;
3821 c->delegate_controllers |= mask;
3822
3823 } else if (r > 0) {
3824 c->delegate = true;
3825 c->delegate_controllers = _CGROUP_MASK_ALL;
3826 } else {
3827 c->delegate = false;
3828 c->delegate_controllers = 0;
3829 }
3830
3831 return 0;
3832 }
3833
3834 int config_parse_managed_oom_mode(
3835 const char *unit,
3836 const char *filename,
3837 unsigned line,
3838 const char *section,
3839 unsigned section_line,
3840 const char *lvalue,
3841 int ltype,
3842 const char *rvalue,
3843 void *data,
3844 void *userdata) {
3845 ManagedOOMMode *mode = data, m;
3846 UnitType t;
3847
3848 t = unit_name_to_type(unit);
3849 assert(t != _UNIT_TYPE_INVALID);
3850
3851 if (!unit_vtable[t]->can_set_managed_oom)
3852 return log_syntax(unit, LOG_WARNING, filename, line, 0, "%s= is not supported for this unit type, ignoring.", lvalue);
3853
3854 if (isempty(rvalue)) {
3855 *mode = MANAGED_OOM_AUTO;
3856 return 0;
3857 }
3858
3859 m = managed_oom_mode_from_string(rvalue);
3860 if (m < 0) {
3861 log_syntax(unit, LOG_WARNING, filename, line, m, "Invalid syntax, ignoring: %s", rvalue);
3862 return 0;
3863 }
3864 *mode = m;
3865 return 0;
3866 }
3867
3868 int config_parse_managed_oom_mem_pressure_limit(
3869 const char *unit,
3870 const char *filename,
3871 unsigned line,
3872 const char *section,
3873 unsigned section_line,
3874 const char *lvalue,
3875 int ltype,
3876 const char *rvalue,
3877 void *data,
3878 void *userdata) {
3879 uint32_t *limit = data;
3880 UnitType t;
3881 int r;
3882
3883 t = unit_name_to_type(unit);
3884 assert(t != _UNIT_TYPE_INVALID);
3885
3886 if (!unit_vtable[t]->can_set_managed_oom)
3887 return log_syntax(unit, LOG_WARNING, filename, line, 0, "%s= is not supported for this unit type, ignoring.", lvalue);
3888
3889 if (isempty(rvalue)) {
3890 *limit = 0;
3891 return 0;
3892 }
3893
3894 r = parse_permyriad(rvalue);
3895 if (r < 0) {
3896 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse memory pressure limit value, ignoring: %s", rvalue);
3897 return 0;
3898 }
3899
3900 *limit = r;
3901 return 0;
3902 }
3903
3904 int config_parse_device_allow(
3905 const char *unit,
3906 const char *filename,
3907 unsigned line,
3908 const char *section,
3909 unsigned section_line,
3910 const char *lvalue,
3911 int ltype,
3912 const char *rvalue,
3913 void *data,
3914 void *userdata) {
3915
3916 _cleanup_free_ char *path = NULL, *resolved = NULL;
3917 CGroupContext *c = data;
3918 const char *p = rvalue;
3919 int r;
3920
3921 if (isempty(rvalue)) {
3922 while (c->device_allow)
3923 cgroup_context_free_device_allow(c, c->device_allow);
3924
3925 return 0;
3926 }
3927
3928 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3929 if (r == -ENOMEM)
3930 return log_oom();
3931 if (r < 0) {
3932 log_syntax(unit, LOG_WARNING, filename, line, r,
3933 "Invalid syntax, ignoring: %s", rvalue);
3934 return 0;
3935 }
3936 if (r == 0) {
3937 log_syntax(unit, LOG_WARNING, filename, line, 0,
3938 "Failed to extract device path and rights from '%s', ignoring.", rvalue);
3939 return 0;
3940 }
3941
3942 r = unit_full_printf(userdata, path, &resolved);
3943 if (r < 0) {
3944 log_syntax(unit, LOG_WARNING, filename, line, r,
3945 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
3946 return 0;
3947 }
3948
3949 if (!STARTSWITH_SET(resolved, "block-", "char-")) {
3950
3951 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3952 if (r < 0)
3953 return 0;
3954
3955 if (!valid_device_node_path(resolved)) {
3956 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid device node path '%s', ignoring.", resolved);
3957 return 0;
3958 }
3959 }
3960
3961 if (!isempty(p) && !in_charset(p, "rwm")) {
3962 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid device rights '%s', ignoring.", p);
3963 return 0;
3964 }
3965
3966 return cgroup_add_device_allow(c, resolved, p);
3967 }
3968
3969 int config_parse_io_device_weight(
3970 const char *unit,
3971 const char *filename,
3972 unsigned line,
3973 const char *section,
3974 unsigned section_line,
3975 const char *lvalue,
3976 int ltype,
3977 const char *rvalue,
3978 void *data,
3979 void *userdata) {
3980
3981 _cleanup_free_ char *path = NULL, *resolved = NULL;
3982 CGroupIODeviceWeight *w;
3983 CGroupContext *c = data;
3984 const char *p = rvalue;
3985 uint64_t u;
3986 int r;
3987
3988 assert(filename);
3989 assert(lvalue);
3990 assert(rvalue);
3991
3992 if (isempty(rvalue)) {
3993 while (c->io_device_weights)
3994 cgroup_context_free_io_device_weight(c, c->io_device_weights);
3995
3996 return 0;
3997 }
3998
3999 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
4000 if (r == -ENOMEM)
4001 return log_oom();
4002 if (r < 0) {
4003 log_syntax(unit, LOG_WARNING, filename, line, r,
4004 "Invalid syntax, ignoring: %s", rvalue);
4005 return 0;
4006 }
4007 if (r == 0 || isempty(p)) {
4008 log_syntax(unit, LOG_WARNING, filename, line, 0,
4009 "Failed to extract device path and weight from '%s', ignoring.", rvalue);
4010 return 0;
4011 }
4012
4013 r = unit_full_printf(userdata, path, &resolved);
4014 if (r < 0) {
4015 log_syntax(unit, LOG_WARNING, filename, line, r,
4016 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4017 return 0;
4018 }
4019
4020 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4021 if (r < 0)
4022 return 0;
4023
4024 r = cg_weight_parse(p, &u);
4025 if (r < 0) {
4026 log_syntax(unit, LOG_WARNING, filename, line, r, "IO weight '%s' invalid, ignoring: %m", p);
4027 return 0;
4028 }
4029
4030 assert(u != CGROUP_WEIGHT_INVALID);
4031
4032 w = new0(CGroupIODeviceWeight, 1);
4033 if (!w)
4034 return log_oom();
4035
4036 w->path = TAKE_PTR(resolved);
4037 w->weight = u;
4038
4039 LIST_PREPEND(device_weights, c->io_device_weights, w);
4040 return 0;
4041 }
4042
4043 int config_parse_io_device_latency(
4044 const char *unit,
4045 const char *filename,
4046 unsigned line,
4047 const char *section,
4048 unsigned section_line,
4049 const char *lvalue,
4050 int ltype,
4051 const char *rvalue,
4052 void *data,
4053 void *userdata) {
4054
4055 _cleanup_free_ char *path = NULL, *resolved = NULL;
4056 CGroupIODeviceLatency *l;
4057 CGroupContext *c = data;
4058 const char *p = rvalue;
4059 usec_t usec;
4060 int r;
4061
4062 assert(filename);
4063 assert(lvalue);
4064 assert(rvalue);
4065
4066 if (isempty(rvalue)) {
4067 while (c->io_device_latencies)
4068 cgroup_context_free_io_device_latency(c, c->io_device_latencies);
4069
4070 return 0;
4071 }
4072
4073 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
4074 if (r == -ENOMEM)
4075 return log_oom();
4076 if (r < 0) {
4077 log_syntax(unit, LOG_WARNING, filename, line, r,
4078 "Invalid syntax, ignoring: %s", rvalue);
4079 return 0;
4080 }
4081 if (r == 0 || isempty(p)) {
4082 log_syntax(unit, LOG_WARNING, filename, line, 0,
4083 "Failed to extract device path and latency from '%s', ignoring.", rvalue);
4084 return 0;
4085 }
4086
4087 r = unit_full_printf(userdata, path, &resolved);
4088 if (r < 0) {
4089 log_syntax(unit, LOG_WARNING, filename, line, r,
4090 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4091 return 0;
4092 }
4093
4094 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4095 if (r < 0)
4096 return 0;
4097
4098 r = parse_sec(p, &usec);
4099 if (r < 0) {
4100 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse timer value, ignoring: %s", p);
4101 return 0;
4102 }
4103
4104 l = new0(CGroupIODeviceLatency, 1);
4105 if (!l)
4106 return log_oom();
4107
4108 l->path = TAKE_PTR(resolved);
4109 l->target_usec = usec;
4110
4111 LIST_PREPEND(device_latencies, c->io_device_latencies, l);
4112 return 0;
4113 }
4114
4115 int config_parse_io_limit(
4116 const char *unit,
4117 const char *filename,
4118 unsigned line,
4119 const char *section,
4120 unsigned section_line,
4121 const char *lvalue,
4122 int ltype,
4123 const char *rvalue,
4124 void *data,
4125 void *userdata) {
4126
4127 _cleanup_free_ char *path = NULL, *resolved = NULL;
4128 CGroupIODeviceLimit *l = NULL, *t;
4129 CGroupContext *c = data;
4130 CGroupIOLimitType type;
4131 const char *p = rvalue;
4132 uint64_t num;
4133 int r;
4134
4135 assert(filename);
4136 assert(lvalue);
4137 assert(rvalue);
4138
4139 type = cgroup_io_limit_type_from_string(lvalue);
4140 assert(type >= 0);
4141
4142 if (isempty(rvalue)) {
4143 LIST_FOREACH(device_limits, l, c->io_device_limits)
4144 l->limits[type] = cgroup_io_limit_defaults[type];
4145 return 0;
4146 }
4147
4148 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
4149 if (r == -ENOMEM)
4150 return log_oom();
4151 if (r < 0) {
4152 log_syntax(unit, LOG_WARNING, filename, line, r,
4153 "Invalid syntax, ignoring: %s", rvalue);
4154 return 0;
4155 }
4156 if (r == 0 || isempty(p)) {
4157 log_syntax(unit, LOG_WARNING, filename, line, 0,
4158 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue);
4159 return 0;
4160 }
4161
4162 r = unit_full_printf(userdata, path, &resolved);
4163 if (r < 0) {
4164 log_syntax(unit, LOG_WARNING, filename, line, r,
4165 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4166 return 0;
4167 }
4168
4169 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4170 if (r < 0)
4171 return 0;
4172
4173 if (streq("infinity", p))
4174 num = CGROUP_LIMIT_MAX;
4175 else {
4176 r = parse_size(p, 1000, &num);
4177 if (r < 0 || num <= 0) {
4178 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid IO limit '%s', ignoring.", p);
4179 return 0;
4180 }
4181 }
4182
4183 LIST_FOREACH(device_limits, t, c->io_device_limits) {
4184 if (path_equal(resolved, t->path)) {
4185 l = t;
4186 break;
4187 }
4188 }
4189
4190 if (!l) {
4191 CGroupIOLimitType ttype;
4192
4193 l = new0(CGroupIODeviceLimit, 1);
4194 if (!l)
4195 return log_oom();
4196
4197 l->path = TAKE_PTR(resolved);
4198 for (ttype = 0; ttype < _CGROUP_IO_LIMIT_TYPE_MAX; ttype++)
4199 l->limits[ttype] = cgroup_io_limit_defaults[ttype];
4200
4201 LIST_PREPEND(device_limits, c->io_device_limits, l);
4202 }
4203
4204 l->limits[type] = num;
4205
4206 return 0;
4207 }
4208
4209 int config_parse_blockio_device_weight(
4210 const char *unit,
4211 const char *filename,
4212 unsigned line,
4213 const char *section,
4214 unsigned section_line,
4215 const char *lvalue,
4216 int ltype,
4217 const char *rvalue,
4218 void *data,
4219 void *userdata) {
4220
4221 _cleanup_free_ char *path = NULL, *resolved = NULL;
4222 CGroupBlockIODeviceWeight *w;
4223 CGroupContext *c = data;
4224 const char *p = rvalue;
4225 uint64_t u;
4226 int r;
4227
4228 assert(filename);
4229 assert(lvalue);
4230 assert(rvalue);
4231
4232 if (isempty(rvalue)) {
4233 while (c->blockio_device_weights)
4234 cgroup_context_free_blockio_device_weight(c, c->blockio_device_weights);
4235
4236 return 0;
4237 }
4238
4239 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
4240 if (r == -ENOMEM)
4241 return log_oom();
4242 if (r < 0) {
4243 log_syntax(unit, LOG_WARNING, filename, line, r,
4244 "Invalid syntax, ignoring: %s", rvalue);
4245 return 0;
4246 }
4247 if (r == 0 || isempty(p)) {
4248 log_syntax(unit, LOG_WARNING, filename, line, 0,
4249 "Failed to extract device node and weight from '%s', ignoring.", rvalue);
4250 return 0;
4251 }
4252
4253 r = unit_full_printf(userdata, path, &resolved);
4254 if (r < 0) {
4255 log_syntax(unit, LOG_WARNING, filename, line, r,
4256 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4257 return 0;
4258 }
4259
4260 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4261 if (r < 0)
4262 return 0;
4263
4264 r = cg_blkio_weight_parse(p, &u);
4265 if (r < 0) {
4266 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid block IO weight '%s', ignoring: %m", p);
4267 return 0;
4268 }
4269
4270 assert(u != CGROUP_BLKIO_WEIGHT_INVALID);
4271
4272 w = new0(CGroupBlockIODeviceWeight, 1);
4273 if (!w)
4274 return log_oom();
4275
4276 w->path = TAKE_PTR(resolved);
4277 w->weight = u;
4278
4279 LIST_PREPEND(device_weights, c->blockio_device_weights, w);
4280 return 0;
4281 }
4282
4283 int config_parse_blockio_bandwidth(
4284 const char *unit,
4285 const char *filename,
4286 unsigned line,
4287 const char *section,
4288 unsigned section_line,
4289 const char *lvalue,
4290 int ltype,
4291 const char *rvalue,
4292 void *data,
4293 void *userdata) {
4294
4295 _cleanup_free_ char *path = NULL, *resolved = NULL;
4296 CGroupBlockIODeviceBandwidth *b = NULL, *t;
4297 CGroupContext *c = data;
4298 const char *p = rvalue;
4299 uint64_t bytes;
4300 bool read;
4301 int r;
4302
4303 assert(filename);
4304 assert(lvalue);
4305 assert(rvalue);
4306
4307 read = streq("BlockIOReadBandwidth", lvalue);
4308
4309 if (isempty(rvalue)) {
4310 LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths) {
4311 b->rbps = CGROUP_LIMIT_MAX;
4312 b->wbps = CGROUP_LIMIT_MAX;
4313 }
4314 return 0;
4315 }
4316
4317 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
4318 if (r == -ENOMEM)
4319 return log_oom();
4320 if (r < 0) {
4321 log_syntax(unit, LOG_WARNING, filename, line, r,
4322 "Invalid syntax, ignoring: %s", rvalue);
4323 return 0;
4324 }
4325 if (r == 0 || isempty(p)) {
4326 log_syntax(unit, LOG_WARNING, filename, line, 0,
4327 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue);
4328 return 0;
4329 }
4330
4331 r = unit_full_printf(userdata, path, &resolved);
4332 if (r < 0) {
4333 log_syntax(unit, LOG_WARNING, filename, line, r,
4334 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4335 return 0;
4336 }
4337
4338 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4339 if (r < 0)
4340 return 0;
4341
4342 r = parse_size(p, 1000, &bytes);
4343 if (r < 0 || bytes <= 0) {
4344 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid Block IO Bandwidth '%s', ignoring.", p);
4345 return 0;
4346 }
4347
4348 LIST_FOREACH(device_bandwidths, t, c->blockio_device_bandwidths) {
4349 if (path_equal(resolved, t->path)) {
4350 b = t;
4351 break;
4352 }
4353 }
4354
4355 if (!t) {
4356 b = new0(CGroupBlockIODeviceBandwidth, 1);
4357 if (!b)
4358 return log_oom();
4359
4360 b->path = TAKE_PTR(resolved);
4361 b->rbps = CGROUP_LIMIT_MAX;
4362 b->wbps = CGROUP_LIMIT_MAX;
4363
4364 LIST_PREPEND(device_bandwidths, c->blockio_device_bandwidths, b);
4365 }
4366
4367 if (read)
4368 b->rbps = bytes;
4369 else
4370 b->wbps = bytes;
4371
4372 return 0;
4373 }
4374
4375 int config_parse_job_mode_isolate(
4376 const char *unit,
4377 const char *filename,
4378 unsigned line,
4379 const char *section,
4380 unsigned section_line,
4381 const char *lvalue,
4382 int ltype,
4383 const char *rvalue,
4384 void *data,
4385 void *userdata) {
4386
4387 JobMode *m = data;
4388 int r;
4389
4390 assert(filename);
4391 assert(lvalue);
4392 assert(rvalue);
4393
4394 r = parse_boolean(rvalue);
4395 if (r < 0) {
4396 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse boolean, ignoring: %s", rvalue);
4397 return 0;
4398 }
4399
4400 log_notice("%s is deprecated. Please use OnFailureJobMode= instead", lvalue);
4401
4402 *m = r ? JOB_ISOLATE : JOB_REPLACE;
4403 return 0;
4404 }
4405
4406 int config_parse_exec_directories(
4407 const char *unit,
4408 const char *filename,
4409 unsigned line,
4410 const char *section,
4411 unsigned section_line,
4412 const char *lvalue,
4413 int ltype,
4414 const char *rvalue,
4415 void *data,
4416 void *userdata) {
4417
4418 char***rt = data;
4419 const Unit *u = userdata;
4420 int r;
4421
4422 assert(filename);
4423 assert(lvalue);
4424 assert(rvalue);
4425 assert(data);
4426
4427 if (isempty(rvalue)) {
4428 /* Empty assignment resets the list */
4429 *rt = strv_free(*rt);
4430 return 0;
4431 }
4432
4433 for (const char *p = rvalue;;) {
4434 _cleanup_free_ char *word = NULL, *k = NULL;
4435
4436 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
4437 if (r == -ENOMEM)
4438 return log_oom();
4439 if (r < 0) {
4440 log_syntax(unit, LOG_WARNING, filename, line, r,
4441 "Invalid syntax, ignoring: %s", rvalue);
4442 return 0;
4443 }
4444 if (r == 0)
4445 return 0;
4446
4447 r = unit_full_printf(u, word, &k);
4448 if (r < 0) {
4449 log_syntax(unit, LOG_WARNING, filename, line, r,
4450 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word);
4451 continue;
4452 }
4453
4454 r = path_simplify_and_warn(k, PATH_CHECK_RELATIVE, unit, filename, line, lvalue);
4455 if (r < 0)
4456 continue;
4457
4458 if (path_startswith(k, "private")) {
4459 log_syntax(unit, LOG_WARNING, filename, line, 0,
4460 "%s= path can't be 'private', ignoring assignment: %s", lvalue, word);
4461 continue;
4462 }
4463
4464 r = strv_push(rt, k);
4465 if (r < 0)
4466 return log_oom();
4467 k = NULL;
4468 }
4469 }
4470
4471 int config_parse_set_credential(
4472 const char *unit,
4473 const char *filename,
4474 unsigned line,
4475 const char *section,
4476 unsigned section_line,
4477 const char *lvalue,
4478 int ltype,
4479 const char *rvalue,
4480 void *data,
4481 void *userdata) {
4482
4483 _cleanup_free_ char *word = NULL, *k = NULL, *unescaped = NULL;
4484 ExecContext *context = data;
4485 ExecSetCredential *old;
4486 Unit *u = userdata;
4487 const char *p;
4488 int r, l;
4489
4490 assert(filename);
4491 assert(lvalue);
4492 assert(rvalue);
4493 assert(context);
4494
4495 if (isempty(rvalue)) {
4496 /* Empty assignment resets the list */
4497 context->set_credentials = hashmap_free(context->set_credentials);
4498 return 0;
4499 }
4500
4501 p = rvalue;
4502 r = extract_first_word(&p, &word, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
4503 if (r == -ENOMEM)
4504 return log_oom();
4505 if (r <= 0 || !p) {
4506 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
4507 return 0;
4508 }
4509
4510 r = unit_full_printf(u, word, &k);
4511 if (r < 0) {
4512 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word);
4513 return 0;
4514 }
4515 if (!credential_name_valid(k)) {
4516 log_syntax(unit, LOG_WARNING, filename, line, 0, "Credential name \"%s\" not valid, ignoring.", k);
4517 return 0;
4518 }
4519
4520 /* We support escape codes here, so that users can insert trailing \n if they like */
4521 l = cunescape(p, UNESCAPE_ACCEPT_NUL, &unescaped);
4522 if (l < 0) {
4523 log_syntax(unit, LOG_WARNING, filename, line, l, "Can't unescape \"%s\", ignoring: %m", p);
4524 return 0;
4525 }
4526
4527 old = hashmap_get(context->set_credentials, k);
4528 if (old) {
4529 free_and_replace(old->data, unescaped);
4530 old->size = l;
4531 } else {
4532 _cleanup_(exec_set_credential_freep) ExecSetCredential *sc = NULL;
4533
4534 sc = new0(ExecSetCredential, 1);
4535 if (!sc)
4536 return log_oom();
4537
4538 sc->id = TAKE_PTR(k);
4539 sc->data = TAKE_PTR(unescaped);
4540 sc->size = l;
4541
4542 r = hashmap_ensure_put(&context->set_credentials, &exec_set_credential_hash_ops, sc->id, sc);
4543 if (r == -ENOMEM)
4544 return log_oom();
4545 if (r < 0) {
4546 log_syntax(unit, LOG_WARNING, filename, line, l,
4547 "Duplicated credential value '%s', ignoring assignment: %s", sc->id, rvalue);
4548 return 0;
4549 }
4550
4551 TAKE_PTR(sc);
4552 }
4553
4554 return 0;
4555 }
4556
4557 int config_parse_load_credential(
4558 const char *unit,
4559 const char *filename,
4560 unsigned line,
4561 const char *section,
4562 unsigned section_line,
4563 const char *lvalue,
4564 int ltype,
4565 const char *rvalue,
4566 void *data,
4567 void *userdata) {
4568
4569 _cleanup_free_ char *word = NULL, *k = NULL, *q = NULL;
4570 ExecContext *context = data;
4571 Unit *u = userdata;
4572 const char *p;
4573 int r;
4574
4575 assert(filename);
4576 assert(lvalue);
4577 assert(rvalue);
4578 assert(context);
4579
4580 if (isempty(rvalue)) {
4581 /* Empty assignment resets the list */
4582 context->load_credentials = strv_free(context->load_credentials);
4583 return 0;
4584 }
4585
4586 p = rvalue;
4587 r = extract_first_word(&p, &word, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
4588 if (r == -ENOMEM)
4589 return log_oom();
4590 if (r <= 0) {
4591 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
4592 return 0;
4593 }
4594
4595 r = unit_full_printf(u, word, &k);
4596 if (r < 0) {
4597 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word);
4598 return 0;
4599 }
4600 if (!credential_name_valid(k)) {
4601 log_syntax(unit, LOG_WARNING, filename, line, 0, "Credential name \"%s\" not valid, ignoring.", k);
4602 return 0;
4603 }
4604 r = unit_full_printf(u, p, &q);
4605 if (r < 0) {
4606 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", p);
4607 return 0;
4608 }
4609 if (path_is_absolute(q) ? !path_is_normalized(q) : !credential_name_valid(q)) {
4610 log_syntax(unit, LOG_WARNING, filename, line, r, "Credential source \"%s\" not valid, ignoring.", q);
4611 return 0;
4612 }
4613
4614 r = strv_consume_pair(&context->load_credentials, TAKE_PTR(k), TAKE_PTR(q));
4615 if (r < 0)
4616 return log_oom();
4617
4618 return 0;
4619 }
4620
4621 int config_parse_set_status(
4622 const char *unit,
4623 const char *filename,
4624 unsigned line,
4625 const char *section,
4626 unsigned section_line,
4627 const char *lvalue,
4628 int ltype,
4629 const char *rvalue,
4630 void *data,
4631 void *userdata) {
4632
4633 ExitStatusSet *status_set = data;
4634 int r;
4635
4636 assert(filename);
4637 assert(lvalue);
4638 assert(rvalue);
4639 assert(status_set);
4640
4641 /* Empty assignment resets the list */
4642 if (isempty(rvalue)) {
4643 exit_status_set_free(status_set);
4644 return 0;
4645 }
4646
4647 for (const char *p = rvalue;;) {
4648 _cleanup_free_ char *word = NULL;
4649 Bitmap *bitmap;
4650
4651 r = extract_first_word(&p, &word, NULL, 0);
4652 if (r == -ENOMEM)
4653 return log_oom();
4654 if (r < 0) {
4655 log_syntax(unit, LOG_WARNING, filename, line, r,
4656 "Failed to parse %s=%s, ignoring: %m", lvalue, rvalue);
4657 return 0;
4658 }
4659 if (r == 0)
4660 return 0;
4661
4662 /* We need to call exit_status_from_string() first, because we want
4663 * to parse numbers as exit statuses, not signals. */
4664
4665 r = exit_status_from_string(word);
4666 if (r >= 0) {
4667 assert(r >= 0 && r < 256);
4668 bitmap = &status_set->status;
4669 } else {
4670 r = signal_from_string(word);
4671 if (r < 0) {
4672 log_syntax(unit, LOG_WARNING, filename, line, r,
4673 "Failed to parse value, ignoring: %s", word);
4674 continue;
4675 }
4676 bitmap = &status_set->signal;
4677 }
4678
4679 r = bitmap_set(bitmap, r);
4680 if (r < 0)
4681 log_syntax(unit, LOG_WARNING, filename, line, r,
4682 "Failed to set signal or status %s, ignoring: %m", word);
4683 }
4684 }
4685
4686 int config_parse_namespace_path_strv(
4687 const char *unit,
4688 const char *filename,
4689 unsigned line,
4690 const char *section,
4691 unsigned section_line,
4692 const char *lvalue,
4693 int ltype,
4694 const char *rvalue,
4695 void *data,
4696 void *userdata) {
4697
4698 const Unit *u = userdata;
4699 char*** sv = data;
4700 int r;
4701
4702 assert(filename);
4703 assert(lvalue);
4704 assert(rvalue);
4705 assert(data);
4706
4707 if (isempty(rvalue)) {
4708 /* Empty assignment resets the list */
4709 *sv = strv_free(*sv);
4710 return 0;
4711 }
4712
4713 for (const char *p = rvalue;;) {
4714 _cleanup_free_ char *word = NULL, *resolved = NULL, *joined = NULL;
4715 const char *w;
4716 bool ignore_enoent = false, shall_prefix = false;
4717
4718 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
4719 if (r == 0)
4720 break;
4721 if (r == -ENOMEM)
4722 return log_oom();
4723 if (r < 0) {
4724 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract first word, ignoring: %s", rvalue);
4725 return 0;
4726 }
4727
4728 w = word;
4729 if (startswith(w, "-")) {
4730 ignore_enoent = true;
4731 w++;
4732 }
4733 if (startswith(w, "+")) {
4734 shall_prefix = true;
4735 w++;
4736 }
4737
4738 r = unit_full_printf(u, w, &resolved);
4739 if (r < 0) {
4740 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s: %m", w);
4741 continue;
4742 }
4743
4744 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4745 if (r < 0)
4746 continue;
4747
4748 joined = strjoin(ignore_enoent ? "-" : "",
4749 shall_prefix ? "+" : "",
4750 resolved);
4751
4752 r = strv_push(sv, joined);
4753 if (r < 0)
4754 return log_oom();
4755
4756 joined = NULL;
4757 }
4758
4759 return 0;
4760 }
4761
4762 int config_parse_temporary_filesystems(
4763 const char *unit,
4764 const char *filename,
4765 unsigned line,
4766 const char *section,
4767 unsigned section_line,
4768 const char *lvalue,
4769 int ltype,
4770 const char *rvalue,
4771 void *data,
4772 void *userdata) {
4773
4774 const Unit *u = userdata;
4775 ExecContext *c = data;
4776 int r;
4777
4778 assert(filename);
4779 assert(lvalue);
4780 assert(rvalue);
4781 assert(data);
4782
4783 if (isempty(rvalue)) {
4784 /* Empty assignment resets the list */
4785 temporary_filesystem_free_many(c->temporary_filesystems, c->n_temporary_filesystems);
4786 c->temporary_filesystems = NULL;
4787 c->n_temporary_filesystems = 0;
4788 return 0;
4789 }
4790
4791 for (const char *p = rvalue;;) {
4792 _cleanup_free_ char *word = NULL, *path = NULL, *resolved = NULL;
4793 const char *w;
4794
4795 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
4796 if (r == 0)
4797 return 0;
4798 if (r == -ENOMEM)
4799 return log_oom();
4800 if (r < 0) {
4801 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract first word, ignoring: %s", rvalue);
4802 return 0;
4803 }
4804
4805 w = word;
4806 r = extract_first_word(&w, &path, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
4807 if (r == -ENOMEM)
4808 return log_oom();
4809 if (r < 0) {
4810 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract first word, ignoring: %s", word);
4811 continue;
4812 }
4813 if (r == 0) {
4814 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid syntax, ignoring: %s", word);
4815 continue;
4816 }
4817
4818 r = unit_full_printf(u, path, &resolved);
4819 if (r < 0) {
4820 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", path);
4821 continue;
4822 }
4823
4824 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4825 if (r < 0)
4826 continue;
4827
4828 r = temporary_filesystem_add(&c->temporary_filesystems, &c->n_temporary_filesystems, resolved, w);
4829 if (r < 0)
4830 return log_oom();
4831 }
4832 }
4833
4834 int config_parse_bind_paths(
4835 const char *unit,
4836 const char *filename,
4837 unsigned line,
4838 const char *section,
4839 unsigned section_line,
4840 const char *lvalue,
4841 int ltype,
4842 const char *rvalue,
4843 void *data,
4844 void *userdata) {
4845
4846 ExecContext *c = data;
4847 const Unit *u = userdata;
4848 int r;
4849
4850 assert(filename);
4851 assert(lvalue);
4852 assert(rvalue);
4853 assert(data);
4854
4855 if (isempty(rvalue)) {
4856 /* Empty assignment resets the list */
4857 bind_mount_free_many(c->bind_mounts, c->n_bind_mounts);
4858 c->bind_mounts = NULL;
4859 c->n_bind_mounts = 0;
4860 return 0;
4861 }
4862
4863 for (const char *p = rvalue;;) {
4864 _cleanup_free_ char *source = NULL, *destination = NULL;
4865 _cleanup_free_ char *sresolved = NULL, *dresolved = NULL;
4866 char *s = NULL, *d = NULL;
4867 bool rbind = true, ignore_enoent = false;
4868
4869 r = extract_first_word(&p, &source, ":" WHITESPACE, EXTRACT_UNQUOTE|EXTRACT_DONT_COALESCE_SEPARATORS);
4870 if (r == 0)
4871 break;
4872 if (r == -ENOMEM)
4873 return log_oom();
4874 if (r < 0) {
4875 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s, ignoring: %s", lvalue, rvalue);
4876 return 0;
4877 }
4878
4879 r = unit_full_printf(u, source, &sresolved);
4880 if (r < 0) {
4881 log_syntax(unit, LOG_WARNING, filename, line, r,
4882 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", source);
4883 continue;
4884 }
4885
4886 s = sresolved;
4887 if (s[0] == '-') {
4888 ignore_enoent = true;
4889 s++;
4890 }
4891
4892 r = path_simplify_and_warn(s, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4893 if (r < 0)
4894 continue;
4895
4896 /* Optionally, the destination is specified. */
4897 if (p && p[-1] == ':') {
4898 r = extract_first_word(&p, &destination, ":" WHITESPACE, EXTRACT_UNQUOTE|EXTRACT_DONT_COALESCE_SEPARATORS);
4899 if (r == -ENOMEM)
4900 return log_oom();
4901 if (r < 0) {
4902 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s, ignoring: %s", lvalue, rvalue);
4903 return 0;
4904 }
4905 if (r == 0) {
4906 log_syntax(unit, LOG_WARNING, filename, line, 0, "Missing argument after ':', ignoring: %s", s);
4907 continue;
4908 }
4909
4910 r = unit_full_printf(u, destination, &dresolved);
4911 if (r < 0) {
4912 log_syntax(unit, LOG_WARNING, filename, line, r,
4913 "Failed to resolve specifiers in \"%s\", ignoring: %m", destination);
4914 continue;
4915 }
4916
4917 r = path_simplify_and_warn(dresolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4918 if (r < 0)
4919 continue;
4920
4921 d = dresolved;
4922
4923 /* Optionally, there's also a short option string specified */
4924 if (p && p[-1] == ':') {
4925 _cleanup_free_ char *options = NULL;
4926
4927 r = extract_first_word(&p, &options, NULL, EXTRACT_UNQUOTE);
4928 if (r == -ENOMEM)
4929 return log_oom();
4930 if (r < 0) {
4931 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s: %s", lvalue, rvalue);
4932 return 0;
4933 }
4934
4935 if (isempty(options) || streq(options, "rbind"))
4936 rbind = true;
4937 else if (streq(options, "norbind"))
4938 rbind = false;
4939 else {
4940 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid option string, ignoring setting: %s", options);
4941 continue;
4942 }
4943 }
4944 } else
4945 d = s;
4946
4947 r = bind_mount_add(&c->bind_mounts, &c->n_bind_mounts,
4948 &(BindMount) {
4949 .source = s,
4950 .destination = d,
4951 .read_only = !!strstr(lvalue, "ReadOnly"),
4952 .recursive = rbind,
4953 .ignore_enoent = ignore_enoent,
4954 });
4955 if (r < 0)
4956 return log_oom();
4957 }
4958
4959 return 0;
4960 }
4961
4962 int config_parse_mount_images(
4963 const char *unit,
4964 const char *filename,
4965 unsigned line,
4966 const char *section,
4967 unsigned section_line,
4968 const char *lvalue,
4969 int ltype,
4970 const char *rvalue,
4971 void *data,
4972 void *userdata) {
4973
4974 ExecContext *c = data;
4975 const Unit *u = userdata;
4976 int r;
4977
4978 assert(filename);
4979 assert(lvalue);
4980 assert(rvalue);
4981 assert(data);
4982
4983 if (isempty(rvalue)) {
4984 /* Empty assignment resets the list */
4985 c->mount_images = mount_image_free_many(c->mount_images, &c->n_mount_images);
4986 return 0;
4987 }
4988
4989 for (const char *p = rvalue;;) {
4990 _cleanup_(mount_options_free_allp) MountOptions *options = NULL;
4991 _cleanup_free_ char *first = NULL, *second = NULL, *tuple = NULL;
4992 _cleanup_free_ char *sresolved = NULL, *dresolved = NULL;
4993 const char *q = NULL;
4994 char *s = NULL;
4995 bool permissive = false;
4996
4997 r = extract_first_word(&p, &tuple, NULL, EXTRACT_UNQUOTE|EXTRACT_RETAIN_ESCAPE);
4998 if (r == -ENOMEM)
4999 return log_oom();
5000 if (r < 0) {
5001 log_syntax(unit, LOG_WARNING, filename, line, r,
5002 "Invalid syntax %s=%s, ignoring: %m", lvalue, rvalue);
5003 return 0;
5004 }
5005 if (r == 0)
5006 return 0;
5007
5008 q = tuple;
5009 r = extract_many_words(&q, ":", EXTRACT_CUNESCAPE|EXTRACT_UNESCAPE_SEPARATORS, &first, &second, NULL);
5010 if (r == -ENOMEM)
5011 return log_oom();
5012 if (r < 0) {
5013 log_syntax(unit, LOG_WARNING, filename, line, r,
5014 "Invalid syntax in %s=, ignoring: %s", lvalue, tuple);
5015 return 0;
5016 }
5017 if (r == 0)
5018 continue;
5019
5020 r = unit_full_printf(u, first, &sresolved);
5021 if (r < 0) {
5022 log_syntax(unit, LOG_WARNING, filename, line, r,
5023 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", first);
5024 continue;
5025 }
5026
5027 s = sresolved;
5028 if (s[0] == '-') {
5029 permissive = true;
5030 s++;
5031 }
5032
5033 r = path_simplify_and_warn(s, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5034 if (r < 0)
5035 continue;
5036
5037 if (isempty(second)) {
5038 log_syntax(unit, LOG_WARNING, filename, line, 0, "Missing destination in %s, ignoring: %s", lvalue, rvalue);
5039 continue;
5040 }
5041
5042 r = unit_full_printf(u, second, &dresolved);
5043 if (r < 0) {
5044 log_syntax(unit, LOG_WARNING, filename, line, r,
5045 "Failed to resolve specifiers in \"%s\", ignoring: %m", second);
5046 continue;
5047 }
5048
5049 r = path_simplify_and_warn(dresolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5050 if (r < 0)
5051 continue;
5052
5053 for (;;) {
5054 _cleanup_free_ char *partition = NULL, *mount_options = NULL, *mount_options_resolved = NULL;
5055 MountOptions *o = NULL;
5056 PartitionDesignator partition_designator;
5057
5058 r = extract_many_words(&q, ":", EXTRACT_CUNESCAPE|EXTRACT_UNESCAPE_SEPARATORS, &partition, &mount_options, NULL);
5059 if (r == -ENOMEM)
5060 return log_oom();
5061 if (r < 0) {
5062 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", q);
5063 return 0;
5064 }
5065 if (r == 0)
5066 break;
5067 /* Single set of options, applying to the root partition/single filesystem */
5068 if (r == 1) {
5069 r = unit_full_printf(u, partition, &mount_options_resolved);
5070 if (r < 0) {
5071 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", first);
5072 continue;
5073 }
5074
5075 o = new(MountOptions, 1);
5076 if (!o)
5077 return log_oom();
5078 *o = (MountOptions) {
5079 .partition_designator = PARTITION_ROOT,
5080 .options = TAKE_PTR(mount_options_resolved),
5081 };
5082 LIST_APPEND(mount_options, options, o);
5083
5084 break;
5085 }
5086
5087 partition_designator = partition_designator_from_string(partition);
5088 if (partition_designator < 0) {
5089 log_syntax(unit, LOG_WARNING, filename, line, partition_designator,
5090 "Invalid partition name %s, ignoring", partition);
5091 continue;
5092 }
5093 r = unit_full_printf(u, mount_options, &mount_options_resolved);
5094 if (r < 0) {
5095 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options);
5096 continue;
5097 }
5098
5099 o = new(MountOptions, 1);
5100 if (!o)
5101 return log_oom();
5102 *o = (MountOptions) {
5103 .partition_designator = partition_designator,
5104 .options = TAKE_PTR(mount_options_resolved),
5105 };
5106 LIST_APPEND(mount_options, options, o);
5107 }
5108
5109 r = mount_image_add(&c->mount_images, &c->n_mount_images,
5110 &(MountImage) {
5111 .source = s,
5112 .destination = dresolved,
5113 .mount_options = options,
5114 .ignore_enoent = permissive,
5115 });
5116 if (r < 0)
5117 return log_oom();
5118 }
5119 }
5120
5121 int config_parse_job_timeout_sec(
5122 const char* unit,
5123 const char *filename,
5124 unsigned line,
5125 const char *section,
5126 unsigned section_line,
5127 const char *lvalue,
5128 int ltype,
5129 const char *rvalue,
5130 void *data,
5131 void *userdata) {
5132
5133 Unit *u = data;
5134 usec_t usec;
5135 int r;
5136
5137 assert(filename);
5138 assert(lvalue);
5139 assert(rvalue);
5140 assert(u);
5141
5142 r = parse_sec_fix_0(rvalue, &usec);
5143 if (r < 0) {
5144 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse JobTimeoutSec= parameter, ignoring: %s", rvalue);
5145 return 0;
5146 }
5147
5148 /* If the user explicitly changed JobTimeoutSec= also change JobRunningTimeoutSec=, for compatibility with old
5149 * versions. If JobRunningTimeoutSec= was explicitly set, avoid this however as whatever the user picked should
5150 * count. */
5151
5152 if (!u->job_running_timeout_set)
5153 u->job_running_timeout = usec;
5154
5155 u->job_timeout = usec;
5156
5157 return 0;
5158 }
5159
5160 int config_parse_job_running_timeout_sec(
5161 const char* unit,
5162 const char *filename,
5163 unsigned line,
5164 const char *section,
5165 unsigned section_line,
5166 const char *lvalue,
5167 int ltype,
5168 const char *rvalue,
5169 void *data,
5170 void *userdata) {
5171
5172 Unit *u = data;
5173 usec_t usec;
5174 int r;
5175
5176 assert(filename);
5177 assert(lvalue);
5178 assert(rvalue);
5179 assert(u);
5180
5181 r = parse_sec_fix_0(rvalue, &usec);
5182 if (r < 0) {
5183 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse JobRunningTimeoutSec= parameter, ignoring: %s", rvalue);
5184 return 0;
5185 }
5186
5187 u->job_running_timeout = usec;
5188 u->job_running_timeout_set = true;
5189
5190 return 0;
5191 }
5192
5193 int config_parse_emergency_action(
5194 const char* unit,
5195 const char *filename,
5196 unsigned line,
5197 const char *section,
5198 unsigned section_line,
5199 const char *lvalue,
5200 int ltype,
5201 const char *rvalue,
5202 void *data,
5203 void *userdata) {
5204
5205 Manager *m = NULL;
5206 EmergencyAction *x = data;
5207 int r;
5208
5209 assert(filename);
5210 assert(lvalue);
5211 assert(rvalue);
5212 assert(data);
5213
5214 if (unit)
5215 m = ((Unit*) userdata)->manager;
5216 else
5217 m = data;
5218
5219 r = parse_emergency_action(rvalue, MANAGER_IS_SYSTEM(m), x);
5220 if (r < 0) {
5221 if (r == -EOPNOTSUPP && MANAGER_IS_USER(m)) {
5222 /* Compat mode: remove for systemd 241. */
5223
5224 log_syntax(unit, LOG_INFO, filename, line, r,
5225 "%s= in user mode specified as \"%s\", using \"exit-force\" instead.",
5226 lvalue, rvalue);
5227 *x = EMERGENCY_ACTION_EXIT_FORCE;
5228 return 0;
5229 }
5230
5231 if (r == -EOPNOTSUPP)
5232 log_syntax(unit, LOG_WARNING, filename, line, r,
5233 "%s= specified as %s mode action, ignoring: %s",
5234 lvalue, MANAGER_IS_SYSTEM(m) ? "user" : "system", rvalue);
5235 else
5236 log_syntax(unit, LOG_WARNING, filename, line, r,
5237 "Failed to parse %s=, ignoring: %s", lvalue, rvalue);
5238 return 0;
5239 }
5240
5241 return 0;
5242 }
5243
5244 int config_parse_pid_file(
5245 const char *unit,
5246 const char *filename,
5247 unsigned line,
5248 const char *section,
5249 unsigned section_line,
5250 const char *lvalue,
5251 int ltype,
5252 const char *rvalue,
5253 void *data,
5254 void *userdata) {
5255
5256 _cleanup_free_ char *k = NULL, *n = NULL;
5257 const Unit *u = userdata;
5258 char **s = data;
5259 int r;
5260
5261 assert(filename);
5262 assert(lvalue);
5263 assert(rvalue);
5264 assert(u);
5265
5266 if (isempty(rvalue)) {
5267 /* An empty assignment removes already set value. */
5268 *s = mfree(*s);
5269 return 0;
5270 }
5271
5272 r = unit_full_printf(u, rvalue, &k);
5273 if (r < 0) {
5274 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
5275 return 0;
5276 }
5277
5278 /* If this is a relative path make it absolute by prefixing the /run */
5279 n = path_make_absolute(k, u->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
5280 if (!n)
5281 return log_oom();
5282
5283 /* Check that the result is a sensible path */
5284 r = path_simplify_and_warn(n, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5285 if (r < 0)
5286 return r;
5287
5288 r = patch_var_run(unit, filename, line, lvalue, &n);
5289 if (r < 0)
5290 return r;
5291
5292 free_and_replace(*s, n);
5293 return 0;
5294 }
5295
5296 int config_parse_exit_status(
5297 const char *unit,
5298 const char *filename,
5299 unsigned line,
5300 const char *section,
5301 unsigned section_line,
5302 const char *lvalue,
5303 int ltype,
5304 const char *rvalue,
5305 void *data,
5306 void *userdata) {
5307
5308 int *exit_status = data, r;
5309 uint8_t u;
5310
5311 assert(filename);
5312 assert(lvalue);
5313 assert(rvalue);
5314 assert(exit_status);
5315
5316 if (isempty(rvalue)) {
5317 *exit_status = -1;
5318 return 0;
5319 }
5320
5321 r = safe_atou8(rvalue, &u);
5322 if (r < 0) {
5323 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse exit status '%s', ignoring: %m", rvalue);
5324 return 0;
5325 }
5326
5327 *exit_status = u;
5328 return 0;
5329 }
5330
5331 int config_parse_disable_controllers(
5332 const char *unit,
5333 const char *filename,
5334 unsigned line,
5335 const char *section,
5336 unsigned section_line,
5337 const char *lvalue,
5338 int ltype,
5339 const char *rvalue,
5340 void *data,
5341 void *userdata) {
5342
5343 int r;
5344 CGroupContext *c = data;
5345 CGroupMask disabled_mask;
5346
5347 /* 1. If empty, make all controllers eligible for use again.
5348 * 2. If non-empty, merge all listed controllers, space separated. */
5349
5350 if (isempty(rvalue)) {
5351 c->disable_controllers = 0;
5352 return 0;
5353 }
5354
5355 r = cg_mask_from_string(rvalue, &disabled_mask);
5356 if (r < 0 || disabled_mask <= 0) {
5357 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid cgroup string: %s, ignoring", rvalue);
5358 return 0;
5359 }
5360
5361 c->disable_controllers |= disabled_mask;
5362
5363 return 0;
5364 }
5365
5366 int config_parse_ip_filter_bpf_progs(
5367 const char *unit,
5368 const char *filename,
5369 unsigned line,
5370 const char *section,
5371 unsigned section_line,
5372 const char *lvalue,
5373 int ltype,
5374 const char *rvalue,
5375 void *data,
5376 void *userdata) {
5377
5378 _cleanup_free_ char *resolved = NULL;
5379 const Unit *u = userdata;
5380 char ***paths = data;
5381 int r;
5382
5383 assert(filename);
5384 assert(lvalue);
5385 assert(rvalue);
5386 assert(paths);
5387
5388 if (isempty(rvalue)) {
5389 *paths = strv_free(*paths);
5390 return 0;
5391 }
5392
5393 r = unit_full_printf(u, rvalue, &resolved);
5394 if (r < 0) {
5395 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
5396 return 0;
5397 }
5398
5399 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5400 if (r < 0)
5401 return 0;
5402
5403 if (strv_contains(*paths, resolved))
5404 return 0;
5405
5406 r = strv_extend(paths, resolved);
5407 if (r < 0)
5408 return log_oom();
5409
5410 r = bpf_firewall_supported();
5411 if (r < 0)
5412 return r;
5413 if (r != BPF_FIREWALL_SUPPORTED_WITH_MULTI) {
5414 static bool warned = false;
5415
5416 log_full(warned ? LOG_DEBUG : LOG_WARNING,
5417 "File %s:%u configures an IP firewall with BPF programs (%s=%s), but the local system does not support BPF/cgroup based firewalling with multiple filters.\n"
5418 "Starting this unit will fail! (This warning is only shown for the first loaded unit using IP firewalling.)", filename, line, lvalue, rvalue);
5419
5420 warned = true;
5421 }
5422
5423 return 0;
5424 }
5425
5426 static int merge_by_names(Unit **u, Set *names, const char *id) {
5427 char *k;
5428 int r;
5429
5430 assert(u);
5431 assert(*u);
5432
5433 /* Let's try to add in all names that are aliases of this unit */
5434 while ((k = set_steal_first(names))) {
5435 _cleanup_free_ _unused_ char *free_k = k;
5436
5437 /* First try to merge in the other name into our unit */
5438 r = unit_merge_by_name(*u, k);
5439 if (r < 0) {
5440 Unit *other;
5441
5442 /* Hmm, we couldn't merge the other unit into ours? Then let's try it the other way
5443 * round. */
5444
5445 other = manager_get_unit((*u)->manager, k);
5446 if (!other)
5447 return r; /* return previous failure */
5448
5449 r = unit_merge(other, *u);
5450 if (r < 0)
5451 return r;
5452
5453 *u = other;
5454 return merge_by_names(u, names, NULL);
5455 }
5456
5457 if (streq_ptr(id, k))
5458 unit_choose_id(*u, id);
5459 }
5460
5461 return 0;
5462 }
5463
5464 int unit_load_fragment(Unit *u) {
5465 const char *fragment;
5466 _cleanup_set_free_free_ Set *names = NULL;
5467 int r;
5468
5469 assert(u);
5470 assert(u->load_state == UNIT_STUB);
5471 assert(u->id);
5472
5473 if (u->transient) {
5474 u->load_state = UNIT_LOADED;
5475 return 0;
5476 }
5477
5478 /* Possibly rebuild the fragment map to catch new units */
5479 r = unit_file_build_name_map(&u->manager->lookup_paths,
5480 &u->manager->unit_cache_timestamp_hash,
5481 &u->manager->unit_id_map,
5482 &u->manager->unit_name_map,
5483 &u->manager->unit_path_cache);
5484 if (r < 0)
5485 return log_error_errno(r, "Failed to rebuild name map: %m");
5486
5487 r = unit_file_find_fragment(u->manager->unit_id_map,
5488 u->manager->unit_name_map,
5489 u->id,
5490 &fragment,
5491 &names);
5492 if (r < 0 && r != -ENOENT)
5493 return r;
5494
5495 if (fragment) {
5496 /* Open the file, check if this is a mask, otherwise read. */
5497 _cleanup_fclose_ FILE *f = NULL;
5498 struct stat st;
5499
5500 /* Try to open the file name. A symlink is OK, for example for linked files or masks. We
5501 * expect that all symlinks within the lookup paths have been already resolved, but we don't
5502 * verify this here. */
5503 f = fopen(fragment, "re");
5504 if (!f)
5505 return log_unit_notice_errno(u, errno, "Failed to open %s: %m", fragment);
5506
5507 if (fstat(fileno(f), &st) < 0)
5508 return -errno;
5509
5510 r = free_and_strdup(&u->fragment_path, fragment);
5511 if (r < 0)
5512 return r;
5513
5514 if (null_or_empty(&st)) {
5515 /* Unit file is masked */
5516
5517 u->load_state = u->perpetual ? UNIT_LOADED : UNIT_MASKED; /* don't allow perpetual units to ever be masked */
5518 u->fragment_mtime = 0;
5519 } else {
5520 u->load_state = UNIT_LOADED;
5521 u->fragment_mtime = timespec_load(&st.st_mtim);
5522
5523 /* Now, parse the file contents */
5524 r = config_parse(u->id, fragment, f,
5525 UNIT_VTABLE(u)->sections,
5526 config_item_perf_lookup, load_fragment_gperf_lookup,
5527 0,
5528 u,
5529 NULL);
5530 if (r == -ENOEXEC)
5531 log_unit_notice_errno(u, r, "Unit configuration has fatal error, unit will not be started.");
5532 if (r < 0)
5533 return r;
5534 }
5535 }
5536
5537 /* Call merge_by_names with the name derived from the fragment path as the preferred name.
5538 *
5539 * We do the merge dance here because for some unit types, the unit might have aliases which are not
5540 * declared in the file system. In particular, this is true (and frequent) for device and swap units.
5541 */
5542 const char *id = u->id;
5543 _cleanup_free_ char *free_id = NULL;
5544
5545 if (fragment) {
5546 id = basename(fragment);
5547 if (unit_name_is_valid(id, UNIT_NAME_TEMPLATE)) {
5548 assert(u->instance); /* If we're not trying to use a template for non-instanced unit,
5549 * this must be set. */
5550
5551 r = unit_name_replace_instance(id, u->instance, &free_id);
5552 if (r < 0)
5553 return log_debug_errno(r, "Failed to build id (%s + %s): %m", id, u->instance);
5554 id = free_id;
5555 }
5556 }
5557
5558 Unit *merged = u;
5559 r = merge_by_names(&merged, names, id);
5560 if (r < 0)
5561 return r;
5562
5563 if (merged != u)
5564 u->load_state = UNIT_MERGED;
5565
5566 return 0;
5567 }
5568
5569 void unit_dump_config_items(FILE *f) {
5570 static const struct {
5571 const ConfigParserCallback callback;
5572 const char *rvalue;
5573 } table[] = {
5574 { config_parse_warn_compat, "NOTSUPPORTED" },
5575 { config_parse_int, "INTEGER" },
5576 { config_parse_unsigned, "UNSIGNED" },
5577 { config_parse_iec_size, "SIZE" },
5578 { config_parse_iec_uint64, "SIZE" },
5579 { config_parse_si_uint64, "SIZE" },
5580 { config_parse_bool, "BOOLEAN" },
5581 { config_parse_string, "STRING" },
5582 { config_parse_path, "PATH" },
5583 { config_parse_unit_path_printf, "PATH" },
5584 { config_parse_strv, "STRING [...]" },
5585 { config_parse_exec_nice, "NICE" },
5586 { config_parse_exec_oom_score_adjust, "OOMSCOREADJUST" },
5587 { config_parse_exec_io_class, "IOCLASS" },
5588 { config_parse_exec_io_priority, "IOPRIORITY" },
5589 { config_parse_exec_cpu_sched_policy, "CPUSCHEDPOLICY" },
5590 { config_parse_exec_cpu_sched_prio, "CPUSCHEDPRIO" },
5591 { config_parse_exec_cpu_affinity, "CPUAFFINITY" },
5592 { config_parse_mode, "MODE" },
5593 { config_parse_unit_env_file, "FILE" },
5594 { config_parse_exec_output, "OUTPUT" },
5595 { config_parse_exec_input, "INPUT" },
5596 { config_parse_log_facility, "FACILITY" },
5597 { config_parse_log_level, "LEVEL" },
5598 { config_parse_exec_secure_bits, "SECUREBITS" },
5599 { config_parse_capability_set, "BOUNDINGSET" },
5600 { config_parse_rlimit, "LIMIT" },
5601 { config_parse_unit_deps, "UNIT [...]" },
5602 { config_parse_exec, "PATH [ARGUMENT [...]]" },
5603 { config_parse_service_type, "SERVICETYPE" },
5604 { config_parse_service_restart, "SERVICERESTART" },
5605 { config_parse_service_timeout_failure_mode, "TIMEOUTMODE" },
5606 { config_parse_kill_mode, "KILLMODE" },
5607 { config_parse_signal, "SIGNAL" },
5608 { config_parse_socket_listen, "SOCKET [...]" },
5609 { config_parse_socket_bind, "SOCKETBIND" },
5610 { config_parse_socket_bindtodevice, "NETWORKINTERFACE" },
5611 { config_parse_sec, "SECONDS" },
5612 { config_parse_nsec, "NANOSECONDS" },
5613 { config_parse_namespace_path_strv, "PATH [...]" },
5614 { config_parse_bind_paths, "PATH[:PATH[:OPTIONS]] [...]" },
5615 { config_parse_unit_requires_mounts_for, "PATH [...]" },
5616 { config_parse_exec_mount_flags, "MOUNTFLAG [...]" },
5617 { config_parse_unit_string_printf, "STRING" },
5618 { config_parse_trigger_unit, "UNIT" },
5619 { config_parse_timer, "TIMER" },
5620 { config_parse_path_spec, "PATH" },
5621 { config_parse_notify_access, "ACCESS" },
5622 { config_parse_ip_tos, "TOS" },
5623 { config_parse_unit_condition_path, "CONDITION" },
5624 { config_parse_unit_condition_string, "CONDITION" },
5625 { config_parse_unit_slice, "SLICE" },
5626 { config_parse_documentation, "URL" },
5627 { config_parse_service_timeout, "SECONDS" },
5628 { config_parse_emergency_action, "ACTION" },
5629 { config_parse_set_status, "STATUS" },
5630 { config_parse_service_sockets, "SOCKETS" },
5631 { config_parse_environ, "ENVIRON" },
5632 #if HAVE_SECCOMP
5633 { config_parse_syscall_filter, "SYSCALLS" },
5634 { config_parse_syscall_archs, "ARCHS" },
5635 { config_parse_syscall_errno, "ERRNO" },
5636 { config_parse_syscall_log, "SYSCALLS" },
5637 { config_parse_address_families, "FAMILIES" },
5638 { config_parse_restrict_namespaces, "NAMESPACES" },
5639 #endif
5640 { config_parse_cpu_shares, "SHARES" },
5641 { config_parse_cg_weight, "WEIGHT" },
5642 { config_parse_memory_limit, "LIMIT" },
5643 { config_parse_device_allow, "DEVICE" },
5644 { config_parse_device_policy, "POLICY" },
5645 { config_parse_io_limit, "LIMIT" },
5646 { config_parse_io_device_weight, "DEVICEWEIGHT" },
5647 { config_parse_io_device_latency, "DEVICELATENCY" },
5648 { config_parse_blockio_bandwidth, "BANDWIDTH" },
5649 { config_parse_blockio_weight, "WEIGHT" },
5650 { config_parse_blockio_device_weight, "DEVICEWEIGHT" },
5651 { config_parse_long, "LONG" },
5652 { config_parse_socket_service, "SERVICE" },
5653 #if HAVE_SELINUX
5654 { config_parse_exec_selinux_context, "LABEL" },
5655 #endif
5656 { config_parse_job_mode, "MODE" },
5657 { config_parse_job_mode_isolate, "BOOLEAN" },
5658 { config_parse_personality, "PERSONALITY" },
5659 };
5660
5661 const char *prev = NULL;
5662 const char *i;
5663
5664 assert(f);
5665
5666 NULSTR_FOREACH(i, load_fragment_gperf_nulstr) {
5667 const char *rvalue = "OTHER", *lvalue;
5668 const ConfigPerfItem *p;
5669 const char *dot;
5670
5671 assert_se(p = load_fragment_gperf_lookup(i, strlen(i)));
5672
5673 /* Hide legacy settings */
5674 if (p->parse == config_parse_warn_compat &&
5675 p->ltype == DISABLED_LEGACY)
5676 continue;
5677
5678 for (size_t j = 0; j < ELEMENTSOF(table); j++)
5679 if (p->parse == table[j].callback) {
5680 rvalue = table[j].rvalue;
5681 break;
5682 }
5683
5684 dot = strchr(i, '.');
5685 lvalue = dot ? dot + 1 : i;
5686
5687 if (dot) {
5688 size_t prefix_len = dot - i;
5689
5690 if (!prev || !strneq(prev, i, prefix_len+1)) {
5691 if (prev)
5692 fputc('\n', f);
5693
5694 fprintf(f, "[%.*s]\n", (int) prefix_len, i);
5695 }
5696 }
5697
5698 fprintf(f, "%s=%s\n", lvalue, rvalue);
5699 prev = i;
5700 }
5701 }
5702
5703 int config_parse_cpu_affinity2(
5704 const char *unit,
5705 const char *filename,
5706 unsigned line,
5707 const char *section,
5708 unsigned section_line,
5709 const char *lvalue,
5710 int ltype,
5711 const char *rvalue,
5712 void *data,
5713 void *userdata) {
5714
5715 CPUSet *affinity = data;
5716
5717 assert(affinity);
5718
5719 (void) parse_cpu_set_extend(rvalue, affinity, true, unit, filename, line, lvalue);
5720
5721 return 0;
5722 }
5723
5724 int config_parse_show_status(
5725 const char* unit,
5726 const char *filename,
5727 unsigned line,
5728 const char *section,
5729 unsigned section_line,
5730 const char *lvalue,
5731 int ltype,
5732 const char *rvalue,
5733 void *data,
5734 void *userdata) {
5735
5736 int k;
5737 ShowStatus *b = data;
5738
5739 assert(filename);
5740 assert(lvalue);
5741 assert(rvalue);
5742 assert(data);
5743
5744 k = parse_show_status(rvalue, b);
5745 if (k < 0)
5746 log_syntax(unit, LOG_WARNING, filename, line, k, "Failed to parse show status setting, ignoring: %s", rvalue);
5747
5748 return 0;
5749 }
5750
5751 int config_parse_output_restricted(
5752 const char* unit,
5753 const char *filename,
5754 unsigned line,
5755 const char *section,
5756 unsigned section_line,
5757 const char *lvalue,
5758 int ltype,
5759 const char *rvalue,
5760 void *data,
5761 void *userdata) {
5762
5763 ExecOutput t, *eo = data;
5764 bool obsolete = false;
5765
5766 assert(filename);
5767 assert(lvalue);
5768 assert(rvalue);
5769 assert(data);
5770
5771 if (streq(rvalue, "syslog")) {
5772 t = EXEC_OUTPUT_JOURNAL;
5773 obsolete = true;
5774 } else if (streq(rvalue, "syslog+console")) {
5775 t = EXEC_OUTPUT_JOURNAL_AND_CONSOLE;
5776 obsolete = true;
5777 } else {
5778 t = exec_output_from_string(rvalue);
5779 if (t < 0) {
5780 log_syntax(unit, LOG_WARNING, filename, line, t, "Failed to parse output type, ignoring: %s", rvalue);
5781 return 0;
5782 }
5783
5784 if (IN_SET(t, EXEC_OUTPUT_SOCKET, EXEC_OUTPUT_NAMED_FD, EXEC_OUTPUT_FILE, EXEC_OUTPUT_FILE_APPEND, EXEC_OUTPUT_FILE_TRUNCATE)) {
5785 log_syntax(unit, LOG_WARNING, filename, line, 0, "Standard output types socket, fd:, file:, append:, truncate: are not supported as defaults, ignoring: %s", rvalue);
5786 return 0;
5787 }
5788 }
5789
5790 if (obsolete)
5791 log_syntax(unit, LOG_NOTICE, filename, line, 0,
5792 "Standard output type %s is obsolete, automatically updating to %s. Please update your configuration.",
5793 rvalue, exec_output_to_string(t));
5794
5795 *eo = t;
5796 return 0;
5797 }
5798
5799 int config_parse_crash_chvt(
5800 const char* unit,
5801 const char *filename,
5802 unsigned line,
5803 const char *section,
5804 unsigned section_line,
5805 const char *lvalue,
5806 int ltype,
5807 const char *rvalue,
5808 void *data,
5809 void *userdata) {
5810
5811 int r;
5812
5813 assert(filename);
5814 assert(lvalue);
5815 assert(rvalue);
5816 assert(data);
5817
5818 r = parse_crash_chvt(rvalue, data);
5819 if (r < 0)
5820 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse CrashChangeVT= setting, ignoring: %s", rvalue);
5821
5822 return 0;
5823 }
5824
5825 int config_parse_swap_priority(
5826 const char *unit,
5827 const char *filename,
5828 unsigned line,
5829 const char *section,
5830 unsigned section_line,
5831 const char *lvalue,
5832 int ltype,
5833 const char *rvalue,
5834 void *data,
5835 void *userdata) {
5836
5837 Swap *s = userdata;
5838 int r, priority;
5839
5840 assert(s);
5841 assert(filename);
5842 assert(lvalue);
5843 assert(rvalue);
5844 assert(data);
5845
5846 if (isempty(rvalue)) {
5847 s->parameters_fragment.priority = -1;
5848 s->parameters_fragment.priority_set = false;
5849 return 0;
5850 }
5851
5852 r = safe_atoi(rvalue, &priority);
5853 if (r < 0) {
5854 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid swap priority '%s', ignoring.", rvalue);
5855 return 0;
5856 }
5857
5858 if (priority < -1) {
5859 log_syntax(unit, LOG_WARNING, filename, line, 0, "Sorry, swap priorities smaller than -1 may only be assigned by the kernel itself, ignoring: %s", rvalue);
5860 return 0;
5861 }
5862
5863 if (priority > 32767) {
5864 log_syntax(unit, LOG_WARNING, filename, line, 0, "Swap priority out of range, ignoring: %s", rvalue);
5865 return 0;
5866 }
5867
5868 s->parameters_fragment.priority = priority;
5869 s->parameters_fragment.priority_set = true;
5870 return 0;
5871 }
Unnamed repository; edit this file 'description' to name the repository.