]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/shared/exec-util.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #20787 from fbuihuu/watchdog-more-rework
[thirdparty/systemd.git] / src / shared / exec-util.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <dirent.h>
4 #include <errno.h>
5 #include <sys/prctl.h>
6 #include <sys/types.h>
7 #include <unistd.h>
8 #include <stdio.h>
9
10 #include "alloc-util.h"
11 #include "conf-files.h"
12 #include "env-file.h"
13 #include "env-util.h"
14 #include "errno-util.h"
15 #include "exec-util.h"
16 #include "fd-util.h"
17 #include "fileio.h"
18 #include "hashmap.h"
19 #include "macro.h"
20 #include "missing_syscall.h"
21 #include "process-util.h"
22 #include "rlimit-util.h"
23 #include "serialize.h"
24 #include "set.h"
25 #include "signal-util.h"
26 #include "stat-util.h"
27 #include "string-table.h"
28 #include "string-util.h"
29 #include "strv.h"
30 #include "terminal-util.h"
31 #include "tmpfile-util.h"
32 #include "util.h"
33
34 /* Put this test here for a lack of better place */
35 assert_cc(EAGAIN == EWOULDBLOCK);
36
37 static int do_spawn(const char *path, char *argv[], int stdout_fd, pid_t *pid, bool set_systemd_exec_pid) {
38 pid_t _pid;
39 int r;
40
41 if (null_or_empty_path(path)) {
42 log_debug("%s is empty (a mask).", path);
43 return 0;
44 }
45
46 r = safe_fork("(direxec)", FORK_DEATHSIG|FORK_LOG, &_pid);
47 if (r < 0)
48 return r;
49 if (r == 0) {
50 char *_argv[2];
51
52 if (stdout_fd >= 0) {
53 r = rearrange_stdio(STDIN_FILENO, stdout_fd, STDERR_FILENO);
54 if (r < 0)
55 _exit(EXIT_FAILURE);
56 }
57
58 (void) rlimit_nofile_safe();
59
60 if (set_systemd_exec_pid) {
61 r = setenv_systemd_exec_pid(false);
62 if (r < 0)
63 log_warning_errno(r, "Failed to set $SYSTEMD_EXEC_PID, ignoring: %m");
64 }
65
66 if (!argv) {
67 _argv[0] = (char*) path;
68 _argv[1] = NULL;
69 argv = _argv;
70 } else
71 argv[0] = (char*) path;
72
73 execv(path, argv);
74 log_error_errno(errno, "Failed to execute %s: %m", path);
75 _exit(EXIT_FAILURE);
76 }
77
78 *pid = _pid;
79 return 1;
80 }
81
82 static int do_execute(
83 char **directories,
84 usec_t timeout,
85 gather_stdout_callback_t const callbacks[_STDOUT_CONSUME_MAX],
86 void* const callback_args[_STDOUT_CONSUME_MAX],
87 int output_fd,
88 char *argv[],
89 char *envp[],
90 ExecDirFlags flags) {
91
92 _cleanup_hashmap_free_free_ Hashmap *pids = NULL;
93 _cleanup_strv_free_ char **paths = NULL;
94 char **path, **e;
95 int r;
96 bool parallel_execution;
97
98 /* We fork this all off from a child process so that we can somewhat cleanly make
99 * use of SIGALRM to set a time limit.
100 *
101 * We attempt to perform parallel execution if configured by the user, however
102 * if `callbacks` is nonnull, execution must be serial.
103 */
104 parallel_execution = FLAGS_SET(flags, EXEC_DIR_PARALLEL) && !callbacks;
105
106 r = conf_files_list_strv(&paths, NULL, NULL, CONF_FILES_EXECUTABLE|CONF_FILES_REGULAR|CONF_FILES_FILTER_MASKED, (const char* const*) directories);
107 if (r < 0)
108 return log_error_errno(r, "Failed to enumerate executables: %m");
109
110 if (parallel_execution) {
111 pids = hashmap_new(NULL);
112 if (!pids)
113 return log_oom();
114 }
115
116 /* Abort execution of this process after the timeout. We simply rely on SIGALRM as
117 * default action terminating the process, and turn on alarm(). */
118
119 if (timeout != USEC_INFINITY)
120 alarm(DIV_ROUND_UP(timeout, USEC_PER_SEC));
121
122 STRV_FOREACH(e, envp)
123 if (putenv(*e) != 0)
124 return log_error_errno(errno, "Failed to set environment variable: %m");
125
126 STRV_FOREACH(path, paths) {
127 _cleanup_free_ char *t = NULL;
128 _cleanup_close_ int fd = -1;
129 pid_t pid;
130
131 t = strdup(*path);
132 if (!t)
133 return log_oom();
134
135 if (callbacks) {
136 fd = open_serialization_fd(basename(*path));
137 if (fd < 0)
138 return log_error_errno(fd, "Failed to open serialization file: %m");
139 }
140
141 r = do_spawn(t, argv, fd, &pid, FLAGS_SET(flags, EXEC_DIR_SET_SYSTEMD_EXEC_PID));
142 if (r <= 0)
143 continue;
144
145 if (parallel_execution) {
146 r = hashmap_put(pids, PID_TO_PTR(pid), t);
147 if (r < 0)
148 return log_oom();
149 t = NULL;
150 } else {
151 r = wait_for_terminate_and_check(t, pid, WAIT_LOG);
152 if (FLAGS_SET(flags, EXEC_DIR_IGNORE_ERRORS)) {
153 if (r < 0)
154 continue;
155 } else if (r > 0)
156 return r;
157
158 if (callbacks) {
159 if (lseek(fd, 0, SEEK_SET) < 0)
160 return log_error_errno(errno, "Failed to seek on serialization fd: %m");
161
162 r = callbacks[STDOUT_GENERATE](fd, callback_args[STDOUT_GENERATE]);
163 fd = -1;
164 if (r < 0)
165 return log_error_errno(r, "Failed to process output from %s: %m", *path);
166 }
167 }
168 }
169
170 if (callbacks) {
171 r = callbacks[STDOUT_COLLECT](output_fd, callback_args[STDOUT_COLLECT]);
172 if (r < 0)
173 return log_error_errno(r, "Callback two failed: %m");
174 }
175
176 while (!hashmap_isempty(pids)) {
177 _cleanup_free_ char *t = NULL;
178 pid_t pid;
179
180 pid = PTR_TO_PID(hashmap_first_key(pids));
181 assert(pid > 0);
182
183 t = hashmap_remove(pids, PID_TO_PTR(pid));
184 assert(t);
185
186 r = wait_for_terminate_and_check(t, pid, WAIT_LOG);
187 if (!FLAGS_SET(flags, EXEC_DIR_IGNORE_ERRORS) && r > 0)
188 return r;
189 }
190
191 return 0;
192 }
193
194 int execute_directories(
195 const char* const* directories,
196 usec_t timeout,
197 gather_stdout_callback_t const callbacks[_STDOUT_CONSUME_MAX],
198 void* const callback_args[_STDOUT_CONSUME_MAX],
199 char *argv[],
200 char *envp[],
201 ExecDirFlags flags) {
202
203 char **dirs = (char**) directories;
204 _cleanup_close_ int fd = -1;
205 char *name;
206 int r;
207 pid_t executor_pid;
208
209 assert(!strv_isempty(dirs));
210
211 name = basename(dirs[0]);
212 assert(!isempty(name));
213
214 if (callbacks) {
215 assert(callback_args);
216 assert(callbacks[STDOUT_GENERATE]);
217 assert(callbacks[STDOUT_COLLECT]);
218 assert(callbacks[STDOUT_CONSUME]);
219
220 fd = open_serialization_fd(name);
221 if (fd < 0)
222 return log_error_errno(fd, "Failed to open serialization file: %m");
223 }
224
225 /* Executes all binaries in the directories serially or in parallel and waits for
226 * them to finish. Optionally a timeout is applied. If a file with the same name
227 * exists in more than one directory, the earliest one wins. */
228
229 r = safe_fork("(sd-executor)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &executor_pid);
230 if (r < 0)
231 return r;
232 if (r == 0) {
233 r = do_execute(dirs, timeout, callbacks, callback_args, fd, argv, envp, flags);
234 _exit(r < 0 ? EXIT_FAILURE : r);
235 }
236
237 r = wait_for_terminate_and_check("(sd-executor)", executor_pid, 0);
238 if (r < 0)
239 return r;
240 if (!FLAGS_SET(flags, EXEC_DIR_IGNORE_ERRORS) && r > 0)
241 return r;
242
243 if (!callbacks)
244 return 0;
245
246 if (lseek(fd, 0, SEEK_SET) < 0)
247 return log_error_errno(errno, "Failed to rewind serialization fd: %m");
248
249 r = callbacks[STDOUT_CONSUME](fd, callback_args[STDOUT_CONSUME]);
250 fd = -1;
251 if (r < 0)
252 return log_error_errno(r, "Failed to parse returned data: %m");
253 return 0;
254 }
255
256 static int gather_environment_generate(int fd, void *arg) {
257 char ***env = arg, **x, **y;
258 _cleanup_fclose_ FILE *f = NULL;
259 _cleanup_strv_free_ char **new = NULL;
260 int r;
261
262 /* Read a series of VAR=value assignments from fd, use them to update the list of
263 * variables in env. Also update the exported environment.
264 *
265 * fd is always consumed, even on error.
266 */
267
268 assert(env);
269
270 f = fdopen(fd, "r");
271 if (!f) {
272 safe_close(fd);
273 return -errno;
274 }
275
276 r = load_env_file_pairs(f, NULL, &new);
277 if (r < 0)
278 return r;
279
280 STRV_FOREACH_PAIR(x, y, new) {
281 if (!env_name_is_valid(*x)) {
282 log_warning("Invalid variable assignment \"%s=...\", ignoring.", *x);
283 continue;
284 }
285
286 r = strv_env_assign(env, *x, *y);
287 if (r < 0)
288 return r;
289
290 if (setenv(*x, *y, true) < 0)
291 return -errno;
292 }
293
294 return 0;
295 }
296
297 static int gather_environment_collect(int fd, void *arg) {
298 _cleanup_fclose_ FILE *f = NULL;
299 char ***env = arg;
300 int r;
301
302 /* Write out a series of env=cescape(VAR=value) assignments to fd. */
303
304 assert(env);
305
306 f = fdopen(fd, "w");
307 if (!f) {
308 safe_close(fd);
309 return -errno;
310 }
311
312 r = serialize_strv(f, "env", *env);
313 if (r < 0)
314 return r;
315
316 r = fflush_and_check(f);
317 if (r < 0)
318 return r;
319
320 return 0;
321 }
322
323 static int gather_environment_consume(int fd, void *arg) {
324 _cleanup_fclose_ FILE *f = NULL;
325 char ***env = arg;
326 int r = 0;
327
328 /* Read a series of env=cescape(VAR=value) assignments from fd into env. */
329
330 assert(env);
331
332 f = fdopen(fd, "r");
333 if (!f) {
334 safe_close(fd);
335 return -errno;
336 }
337
338 for (;;) {
339 _cleanup_free_ char *line = NULL;
340 const char *v;
341 int k;
342
343 k = read_line(f, LONG_LINE_MAX, &line);
344 if (k < 0)
345 return k;
346 if (k == 0)
347 break;
348
349 v = startswith(line, "env=");
350 if (!v) {
351 log_debug("Serialization line \"%s\" unexpectedly didn't start with \"env=\".", line);
352 if (r == 0)
353 r = -EINVAL;
354
355 continue;
356 }
357
358 k = deserialize_environment(v, env);
359 if (k < 0) {
360 log_debug_errno(k, "Invalid serialization line \"%s\": %m", line);
361
362 if (r == 0)
363 r = k;
364 }
365 }
366
367 return r;
368 }
369
370 int exec_command_flags_from_strv(char **ex_opts, ExecCommandFlags *flags) {
371 ExecCommandFlags ex_flag, ret_flags = 0;
372 char **opt;
373
374 assert(flags);
375
376 STRV_FOREACH(opt, ex_opts) {
377 ex_flag = exec_command_flags_from_string(*opt);
378 if (ex_flag < 0)
379 return ex_flag;
380 ret_flags |= ex_flag;
381 }
382
383 *flags = ret_flags;
384
385 return 0;
386 }
387
388 int exec_command_flags_to_strv(ExecCommandFlags flags, char ***ex_opts) {
389 _cleanup_strv_free_ char **ret_opts = NULL;
390 ExecCommandFlags it = flags;
391 const char *str;
392 int i, r;
393
394 assert(ex_opts);
395
396 if (flags < 0)
397 return flags;
398
399 for (i = 0; it != 0; it &= ~(1 << i), i++) {
400 if (FLAGS_SET(flags, (1 << i))) {
401 str = exec_command_flags_to_string(1 << i);
402 if (!str)
403 return -EINVAL;
404
405 r = strv_extend(&ret_opts, str);
406 if (r < 0)
407 return r;
408 }
409 }
410
411 *ex_opts = TAKE_PTR(ret_opts);
412
413 return 0;
414 }
415
416 const gather_stdout_callback_t gather_environment[] = {
417 gather_environment_generate,
418 gather_environment_collect,
419 gather_environment_consume,
420 };
421
422 static const char* const exec_command_strings[] = {
423 "ignore-failure", /* EXEC_COMMAND_IGNORE_FAILURE */
424 "privileged", /* EXEC_COMMAND_FULLY_PRIVILEGED */
425 "no-setuid", /* EXEC_COMMAND_NO_SETUID */
426 "ambient", /* EXEC_COMMAND_AMBIENT_MAGIC */
427 "no-env-expand", /* EXEC_COMMAND_NO_ENV_EXPAND */
428 };
429
430 const char* exec_command_flags_to_string(ExecCommandFlags i) {
431 size_t idx;
432
433 for (idx = 0; idx < ELEMENTSOF(exec_command_strings); idx++)
434 if (i == (1 << idx))
435 return exec_command_strings[idx];
436
437 return NULL;
438 }
439
440 ExecCommandFlags exec_command_flags_from_string(const char *s) {
441 ssize_t idx;
442
443 idx = string_table_lookup(exec_command_strings, ELEMENTSOF(exec_command_strings), s);
444
445 if (idx < 0)
446 return _EXEC_COMMAND_FLAGS_INVALID;
447 else
448 return 1 << idx;
449 }
450
451 _noreturn_ void freeze(void) {
452 log_close();
453
454 /* Make sure nobody waits for us on a socket anymore */
455 (void) close_all_fds_full(NULL, 0, false);
456
457 sync();
458
459 /* Let's not freeze right away, but keep reaping zombies. */
460 for (;;) {
461 int r;
462 siginfo_t si = {};
463
464 r = waitid(P_ALL, 0, &si, WEXITED);
465 if (r < 0 && errno != EINTR)
466 break;
467 }
468
469 /* waitid() failed with an unexpected error, things are really borked. Freeze now! */
470 for (;;)
471 pause();
472 }
473
474 int fexecve_or_execve(int executable_fd, const char *executable, char *const argv[], char *const envp[]) {
475 #if ENABLE_FEXECVE
476 execveat(executable_fd, "", argv, envp, AT_EMPTY_PATH);
477
478 if (IN_SET(errno, ENOSYS, ENOENT) || ERRNO_IS_PRIVILEGE(errno))
479 /* Old kernel or a script or an overzealous seccomp filter? Let's fall back to execve().
480 *
481 * fexecve(3): "If fd refers to a script (i.e., it is an executable text file that names a
482 * script interpreter with a first line that begins with the characters #!) and the
483 * close-on-exec flag has been set for fd, then fexecve() fails with the error ENOENT. This
484 * error occurs because, by the time the script interpreter is executed, fd has already been
485 * closed because of the close-on-exec flag. Thus, the close-on-exec flag can't be set on fd
486 * if it refers to a script."
487 *
488 * Unfortunately, if we unset close-on-exec, the script will be executed just fine, but (at
489 * least in case of bash) the script name, $0, will be shown as /dev/fd/nnn, which breaks
490 * scripts which make use of $0. Thus, let's fall back to execve() in this case.
491 */
492 #endif
493 execve(executable, argv, envp);
494 return -errno;
495 }
496
497 int fork_agent(const char *name, int except[], size_t n_except, pid_t *ret_pid, const char *path, ...) {
498 bool stdout_is_tty, stderr_is_tty;
499 size_t n, i;
500 va_list ap;
501 char **l;
502 int r;
503
504 assert(path);
505
506 /* Spawns a temporary TTY agent, making sure it goes away when we go away */
507
508 r = safe_fork_full(name,
509 except,
510 n_except,
511 FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_CLOSE_ALL_FDS|FORK_REOPEN_LOG,
512 ret_pid);
513 if (r < 0)
514 return r;
515 if (r > 0)
516 return 0;
517
518 /* In the child: */
519
520 stdout_is_tty = isatty(STDOUT_FILENO);
521 stderr_is_tty = isatty(STDERR_FILENO);
522
523 if (!stdout_is_tty || !stderr_is_tty) {
524 int fd;
525
526 /* Detach from stdout/stderr and reopen /dev/tty for them. This is important to ensure that
527 * when systemctl is started via popen() or a similar call that expects to read EOF we
528 * actually do generate EOF and not delay this indefinitely by keeping an unused copy of
529 * stdin around. */
530 fd = open("/dev/tty", O_WRONLY);
531 if (fd < 0) {
532 if (errno != ENXIO) {
533 log_error_errno(errno, "Failed to open /dev/tty: %m");
534 _exit(EXIT_FAILURE);
535 }
536
537 /* If we get ENXIO here we have no controlling TTY even though stdout/stderr are
538 * connected to a TTY. That's a weird setup, but let's handle it gracefully: let's
539 * skip the forking of the agents, given the TTY setup is not in order. */
540 } else {
541 if (!stdout_is_tty && dup2(fd, STDOUT_FILENO) < 0) {
542 log_error_errno(errno, "Failed to dup2 /dev/tty: %m");
543 _exit(EXIT_FAILURE);
544 }
545
546 if (!stderr_is_tty && dup2(fd, STDERR_FILENO) < 0) {
547 log_error_errno(errno, "Failed to dup2 /dev/tty: %m");
548 _exit(EXIT_FAILURE);
549 }
550
551 fd = safe_close_above_stdio(fd);
552 }
553 }
554
555 (void) rlimit_nofile_safe();
556
557 /* Count arguments */
558 va_start(ap, path);
559 for (n = 0; va_arg(ap, char*); n++)
560 ;
561 va_end(ap);
562
563 /* Allocate strv */
564 l = newa(char*, n + 1);
565
566 /* Fill in arguments */
567 va_start(ap, path);
568 for (i = 0; i <= n; i++)
569 l[i] = va_arg(ap, char*);
570 va_end(ap);
571
572 execv(path, l);
573 _exit(EXIT_FAILURE);
574 }
Unnamed repository; edit this file 'description' to name the repository.