]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/main.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #7801 from keszybz/docs-and-coverity
[thirdparty/systemd.git] / src / core / main.c
CommitLineData
53e1b683 1/* SPDX-License-Identifier: LGPL-2.1+ */
a7334b09
LP		 2/***
3 This file is part of systemd.
4
5 Copyright 2010 Lennart Poettering
6
7 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 10 (at your option) any later version.
11
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 15 Lesser General Public License for more details.
a7334b09 16
5430f7f2 17 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
19***/
20
60918275 21#include <errno.h>
3dfc9763 22#include <fcntl.h>
f170852a 23#include <getopt.h>
97c4f35c 24#include <signal.h>
3dfc9763
LP		 25#include <stdio.h>
26#include <string.h>
664f88a7 27#include <sys/mount.h>
3dfc9763 28#include <sys/prctl.h>
b9e74c39 29#include <sys/reboot.h>
3dfc9763
LP		 30#include <sys/stat.h>
31#include <unistd.h>
349cc4a5 32#if HAVE_SECCOMP
b64a3d86
LP		 33#include <seccomp.h>
34#endif
349cc4a5 35#if HAVE_VALGRIND_VALGRIND_H
3dfc9763
LP		 36#include <valgrind/valgrind.h>
37#endif
54b434b1 38
718db961 39#include "sd-bus.h"
cf0fbc49 40#include "sd-daemon.h"
b2e7486c 41#include "sd-messages.h"
3dfc9763 42
b5efdb8a 43#include "alloc-util.h"
d9d93745 44#include "architecture.h"
3dfc9763
LP		 45#include "build.h"
46#include "bus-error.h"
47#include "bus-util.h"
430f0182 48#include "capability-util.h"
24efb112 49#include "clock-util.h"
3dfc9763 50#include "conf-parser.h"
618234a5 51#include "cpu-set-util.h"
3dfc9763
LP		 52#include "dbus-manager.h"
53#include "def.h"
eee8b7ab 54#include "emergency-action.h"
3dfc9763 55#include "env-util.h"
3ffd4af2 56#include "fd-util.h"
3dfc9763 57#include "fdset.h"
718db961 58#include "fileio.h"
f97b34a6 59#include "format-util.h"
f4f15635 60#include "fs-util.h"
3dfc9763
LP		 61#include "hostname-setup.h"
62#include "ima-setup.h"
63#include "killall.h"
64#include "kmod-setup.h"
d7b8eec7 65#include "load-fragment.h"
3dfc9763 66#include "log.h"
b6e66135 67#include "loopback-setup.h"
b6e66135 68#include "machine-id-setup.h"
3dfc9763
LP		 69#include "manager.h"
70#include "missing.h"
71#include "mount-setup.h"
72#include "pager.h"
6bedfcbb 73#include "parse-util.h"
7d5ceb64 74#include "path-util.h"
4e731273 75#include "proc-cmdline.h"
3dfc9763 76#include "process-util.h"
8869a0b4 77#include "raw-clone.h"
78f22b97 78#include "rlimit-util.h"
349cc4a5 79#if HAVE_SECCOMP
83f12b27
FS		 80#include "seccomp-util.h"
81#endif
b6e66135 82#include "selinux-setup.h"
3dfc9763
LP		 83#include "selinux-util.h"
84#include "signal-util.h"
ffbd2c4d 85#include "smack-setup.h"
3dfc9763 86#include "special.h"
8fcde012 87#include "stat-util.h"
15a5e950 88#include "stdio-util.h"
3dfc9763
LP		 89#include "strv.h"
90#include "switch-root.h"
91#include "terminal-util.h"
8612da97 92#include "umask-util.h"
b1d4f8e1 93#include "user-util.h"
3dfc9763
LP		 94#include "virt.h"
95#include "watchdog.h"
b6e66135 96
f170852a
LP		 97static enum {
98 ACTION_RUN,
e965d56d 99 ACTION_HELP,
9ba0bc4e 100 ACTION_VERSION,
e537352b 101 ACTION_TEST,
494294d6 102 ACTION_DUMP_CONFIGURATION_ITEMS
fa0f4d8a 103} arg_action = ACTION_RUN;
fa0f4d8a 104static char *arg_default_unit = NULL;
463d0d15 105static bool arg_system = false;
fa0f4d8a 106static bool arg_dump_core = true;
fa0f4d8a 107static int arg_crash_chvt = -1;
b9e74c39
LP		 108static bool arg_crash_shell = false;
109static bool arg_crash_reboot = false;
7d5ceb64 110static char *arg_confirm_spawn = NULL;
b6e2f329 111static ShowStatus arg_show_status = _SHOW_STATUS_UNSET;
bf4df7c3 112static bool arg_switched_root = false;
ea4b98e6 113static bool arg_no_pager = false;
0c85a4f3 114static char ***arg_join_controllers = NULL;
706343f4 115static ExecOutput arg_default_std_output = EXEC_OUTPUT_JOURNAL;
0a494f1f 116static ExecOutput arg_default_std_error = EXEC_OUTPUT_INHERIT;
1f19a534
OS		 117static usec_t arg_default_restart_usec = DEFAULT_RESTART_USEC;
118static usec_t arg_default_timeout_start_usec = DEFAULT_TIMEOUT_USEC;
119static usec_t arg_default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC;
3f41e1e5
LN		 120static usec_t arg_default_start_limit_interval = DEFAULT_START_LIMIT_INTERVAL;
121static unsigned arg_default_start_limit_burst = DEFAULT_START_LIMIT_BURST;
e96d6be7
LP		 122static usec_t arg_runtime_watchdog = 0;
123static usec_t arg_shutdown_watchdog = 10 * USEC_PER_MINUTE;
8a2c1fbf 124static char *arg_watchdog_device = NULL;
97d0e5f8 125static char **arg_default_environment = NULL;
517d56b1 126static struct rlimit *arg_default_rlimit[_RLIMIT_MAX] = {};
a103496c 127static uint64_t arg_capability_bounding_set = CAP_ALL;
3a43da28 128static nsec_t arg_timer_slack_nsec = NSEC_INFINITY;
bd8f585b 129static usec_t arg_default_timer_accuracy_usec = 1 * USEC_PER_MINUTE;
d3b1c508
LP		 130static Set* arg_syscall_archs = NULL;
131static FILE* arg_serialization = NULL;
085afe36 132static bool arg_default_cpu_accounting = false;
13c31542 133static bool arg_default_io_accounting = false;
377bfd2d 134static bool arg_default_ip_accounting = false;
085afe36
LP		 135static bool arg_default_blockio_accounting = false;
136static bool arg_default_memory_accounting = false;
9ded9cd1 137static bool arg_default_tasks_accounting = true;
79baeeb9 138static uint64_t arg_default_tasks_max = UINT64_MAX;
ee48dbd5 139static sd_id128_t arg_machine_id = {};
ae8c7939 140static EmergencyAction arg_cad_burst_action = EMERGENCY_ACTION_REBOOT_FORCE;
4fc935ca 141
b9e74c39
LP		 142noreturn static void freeze_or_reboot(void) {
143
144 if (arg_crash_reboot) {
145 log_notice("Rebooting in 10s...");
146 (void) sleep(10);
147
148 log_notice("Rebooting now...");
149 (void) reboot(RB_AUTOBOOT);
150 log_emergency_errno(errno, "Failed to reboot: %m");
151 }
152
153 log_emergency("Freezing execution.");
154 freeze();
155}
156
919ce0b7 157noreturn static void crash(int sig) {
7d06dad9
MS		 158 struct sigaction sa;
159 pid_t pid;
97c4f35c 160
df0ff127 161 if (getpid_cached() != 1)
abb26902 162 /* Pass this on immediately, if this is not PID 1 */
92ca4cac 163 (void) raise(sig);
abb26902 164 else if (!arg_dump_core)
4104970e 165 log_emergency("Caught <%s>, not dumping core.", signal_to_string(sig));
97c4f35c 166 else {
7d06dad9 167 sa = (struct sigaction) {
189d5bac 168 .sa_handler = nop_signal_handler,
b92bea5d
ZJS		 169 .sa_flags = SA_NOCLDSTOP|SA_RESTART,
170 };
97c4f35c 171
6f5e3f35 172 /* We want to wait for the core process, hence let's enable SIGCHLD */
92ca4cac 173 (void) sigaction(SIGCHLD, &sa, NULL);
6f5e3f35 174
8869a0b4 175 pid = raw_clone(SIGCHLD);
e62d8c39 176 if (pid < 0)
56f64d95 177 log_emergency_errno(errno, "Caught <%s>, cannot fork for core dump: %m", signal_to_string(sig));
97c4f35c 178 else if (pid == 0) {
97c4f35c 179 /* Enable default signal handler for core dump */
15a90032 180
92ca4cac
LP		 181 sa = (struct sigaction) {
182 .sa_handler = SIG_DFL,
183 };
184 (void) sigaction(sig, &sa, NULL);
97c4f35c 185
15a90032
LP		 186 /* Don't limit the coredump size */
187 (void) setrlimit(RLIMIT_CORE, &RLIMIT_MAKE_CONST(RLIM_INFINITY));
97c4f35c
LP		 188
189 /* Just to be sure... */
e62d9b81 190 (void) chdir("/");
97c4f35c
LP		 191
192 /* Raise the signal again */
ee05e779 193 pid = raw_getpid();
92ca4cac 194 (void) kill(pid, sig); /* raise() would kill the parent */
97c4f35c
LP		 195
196 assert_not_reached("We shouldn't be here...");
92ca4cac 197 _exit(EXIT_FAILURE);
4fc935ca 198 } else {
8e12a6ae
LP		 199 siginfo_t status;
200 int r;
4fc935ca
LP		 201
202 /* Order things nicely. */
e62d8c39
ZJS		 203 r = wait_for_terminate(pid, &status);
204 if (r < 0)
da927ba9 205 log_emergency_errno(r, "Caught <%s>, waitpid() failed: %m", signal_to_string(sig));
8e12a6ae 206 else if (status.si_code != CLD_DUMPED)
ee05e779
ZJS		 207 log_emergency("Caught <%s>, core dump failed (child "PID_FMT", code=%s, status=%i/%s).",
208 signal_to_string(sig),
209 pid, sigchld_code_to_string(status.si_code),
210 status.si_status,
211 strna(status.si_code == CLD_EXITED
38107f5a 212 ? exit_status_to_string(status.si_status, EXIT_STATUS_MINIMAL)
ee05e779 213 : signal_to_string(status.si_status)));
4fc935ca 214 else
4104970e 215 log_emergency("Caught <%s>, dumped core as pid "PID_FMT".", signal_to_string(sig), pid);
97c4f35c
LP		 216 }
217 }
218
b9e74c39 219 if (arg_crash_chvt >= 0)
92ca4cac 220 (void) chvt(arg_crash_chvt);
601f6a1e 221
7d06dad9
MS		 222 sa = (struct sigaction) {
223 .sa_handler = SIG_IGN,
224 .sa_flags = SA_NOCLDSTOP|SA_NOCLDWAIT|SA_RESTART,
225 };
226
227 /* Let the kernel reap children for us */
228 (void) sigaction(SIGCHLD, &sa, NULL);
8c43883a 229
7d06dad9 230 if (arg_crash_shell) {
b9e74c39 231 log_notice("Executing crash shell in 10s...");
92ca4cac 232 (void) sleep(10);
4fc935ca 233
8869a0b4 234 pid = raw_clone(SIGCHLD);
cd3bd60a 235 if (pid < 0)
56f64d95 236 log_emergency_errno(errno, "Failed to fork off crash shell: %m");
6f5e3f35 237 else if (pid == 0) {
b9e74c39 238 (void) setsid();
92ca4cac
LP		 239 (void) make_console_stdio();
240 (void) execle("/bin/sh", "/bin/sh", NULL, environ);
6f5e3f35 241
ee05e779 242 log_emergency_errno(errno, "execle() failed: %m");
92ca4cac 243 _exit(EXIT_FAILURE);
b9e74c39
LP		 244 } else {
245 log_info("Spawned crash shell as PID "PID_FMT".", pid);
4cf0b03b 246 (void) wait_for_terminate(pid, NULL);
b9e74c39 247 }
4fc935ca
LP		 248 }
249
b9e74c39 250 freeze_or_reboot();
97c4f35c
LP		 251}
252
253static void install_crash_handler(void) {
297d563d 254 static const struct sigaction sa = {
b92bea5d 255 .sa_handler = crash,
297d563d 256 .sa_flags = SA_NODEFER, /* So that we can raise the signal again from the signal handler */
b92bea5d 257 };
297d563d 258 int r;
97c4f35c 259
297d563d
LP		 260 /* We ignore the return value here, since, we don't mind if we
261 * cannot set up a crash handler */
262 r = sigaction_many(&sa, SIGNALS_CRASH_HANDLER, -1);
263 if (r < 0)
264 log_debug_errno(r, "I had trouble setting up the crash handler, ignoring: %m");
97c4f35c 265}
f170852a 266
56d96fc0
LP		 267static int console_setup(void) {
268 _cleanup_close_ int tty_fd = -1;
269 int r;
80876c20 270
512947d4 271 tty_fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
23bbb0de
MS		 272 if (tty_fd < 0)
273 return log_error_errno(tty_fd, "Failed to open /dev/console: %m");
80876c20 274
56d96fc0
LP		 275 /* We don't want to force text mode. plymouth may be showing
276 * pictures already from initrd. */
512947d4 277 r = reset_terminal_fd(tty_fd, false);
23bbb0de
MS		 278 if (r < 0)
279 return log_error_errno(r, "Failed to reset /dev/console: %m");
843d2643 280
56d96fc0 281 return 0;
80876c20
LP		 282}
283
b9e74c39
LP		 284static int parse_crash_chvt(const char *value) {
285 int b;
286
287 if (safe_atoi(value, &arg_crash_chvt) >= 0)
288 return 0;
289
290 b = parse_boolean(value);
291 if (b < 0)
292 return b;
293
294 if (b > 0)
295 arg_crash_chvt = 0; /* switch to where kmsg goes */
296 else
297 arg_crash_chvt = -1; /* turn off switching */
298
299 return 0;
300}
301
7d5ceb64
FB		 302static int parse_confirm_spawn(const char *value, char **console) {
303 char *s;
304 int r;
305
306 r = value ? parse_boolean(value) : 1;
307 if (r == 0) {
308 *console = NULL;
309 return 0;
310 }
311
312 if (r > 0) /* on with default tty */
313 s = strdup("/dev/console");
314 else if (is_path(value)) /* on with fully qualified path */
315 s = strdup(value);
316 else /* on with only a tty file name, not a fully qualified path */
317 s = strjoin("/dev/", value);
318 if (!s)
319 return -ENOMEM;
320 *console = s;
321 return 0;
322}
323
ee48dbd5 324static int set_machine_id(const char *m) {
e042eab7 325 sd_id128_t t;
8b26cdbd 326 assert(m);
ee48dbd5 327
e042eab7 328 if (sd_id128_from_string(m, &t) < 0)
ee48dbd5
NC		 329 return -EINVAL;
330
e042eab7 331 if (sd_id128_is_null(t))
ee48dbd5
NC		 332 return -EINVAL;
333
e042eab7 334 arg_machine_id = t;
ee48dbd5
NC		 335 return 0;
336}
337
96287a49 338static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
f170852a 339
059cb385 340 int r;
f170852a 341
059cb385 342 assert(key);
5192bd19 343
1d84ad94 344 if (STR_IN_SET(key, "systemd.unit", "rd.systemd.unit")) {
bf4df7c3 345
1d84ad94
LP		 346 if (proc_cmdline_value_missing(key, value))
347 return 0;
bf4df7c3 348
1d84ad94
LP		 349 if (!unit_name_is_valid(value, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE))
350 log_warning("Unit name specified on %s= is not valid, ignoring: %s", key, value);
351 else if (in_initrd() == !!startswith(key, "rd.")) {
352 if (free_and_strdup(&arg_default_unit, value) < 0)
353 return log_oom();
354 }
f170852a 355
1d84ad94 356 } else if (proc_cmdline_key_streq(key, "systemd.dump_core")) {
4fc935ca 357
1d84ad94 358 r = value ? parse_boolean(value) : true;
fb472900 359 if (r < 0)
059cb385 360 log_warning("Failed to parse dump core switch %s. Ignoring.", value);
4fc935ca 361 else
fa0f4d8a 362 arg_dump_core = r;
4fc935ca 363
1d84ad94 364 } else if (proc_cmdline_key_streq(key, "systemd.crash_chvt")) {
b9e74c39 365
1d84ad94
LP		 366 if (!value)
367 arg_crash_chvt = 0; /* turn on */
368 else if (parse_crash_chvt(value) < 0)
b9e74c39
LP		 369 log_warning("Failed to parse crash chvt switch %s. Ignoring.", value);
370
1d84ad94 371 } else if (proc_cmdline_key_streq(key, "systemd.crash_shell")) {
4fc935ca 372
1d84ad94 373 r = value ? parse_boolean(value) : true;
fb472900 374 if (r < 0)
059cb385 375 log_warning("Failed to parse crash shell switch %s. Ignoring.", value);
4fc935ca 376 else
fa0f4d8a 377 arg_crash_shell = r;
5e7ee61c 378
1d84ad94 379 } else if (proc_cmdline_key_streq(key, "systemd.crash_reboot")) {
5e7ee61c 380
1d84ad94 381 r = value ? parse_boolean(value) : true;
b9e74c39
LP		 382 if (r < 0)
383 log_warning("Failed to parse crash reboot switch %s. Ignoring.", value);
5e7ee61c 384 else
b9e74c39 385 arg_crash_reboot = r;
5e7ee61c 386
1d84ad94
LP		 387 } else if (proc_cmdline_key_streq(key, "systemd.confirm_spawn")) {
388 char *s;
7d5ceb64 389
1d84ad94 390 r = parse_confirm_spawn(value, &s);
059cb385 391 if (r < 0)
7d5ceb64 392 log_warning_errno(r, "Failed to parse confirm_spawn switch %s. Ignoring.", value);
1d84ad94
LP		 393 else {
394 free(arg_confirm_spawn);
395 arg_confirm_spawn = s;
396 }
601f6a1e 397
1d84ad94 398 } else if (proc_cmdline_key_streq(key, "systemd.show_status")) {
9e58ff9c 399
1d84ad94
LP		 400 if (value) {
401 r = parse_show_status(value, &arg_show_status);
402 if (r < 0)
403 log_warning("Failed to parse show status switch %s. Ignoring.", value);
404 } else
405 arg_show_status = SHOW_STATUS_YES;
059cb385 406
1d84ad94
LP		 407 } else if (proc_cmdline_key_streq(key, "systemd.default_standard_output")) {
408
409 if (proc_cmdline_value_missing(key, value))
410 return 0;
0a494f1f 411
059cb385 412 r = exec_output_from_string(value);
fb472900 413 if (r < 0)
059cb385 414 log_warning("Failed to parse default standard output switch %s. Ignoring.", value);
0a494f1f
LP		 415 else
416 arg_default_std_output = r;
0a494f1f 417
1d84ad94
LP		 418 } else if (proc_cmdline_key_streq(key, "systemd.default_standard_error")) {
419
420 if (proc_cmdline_value_missing(key, value))
421 return 0;
059cb385
LP		 422
423 r = exec_output_from_string(value);
fb472900 424 if (r < 0)
059cb385 425 log_warning("Failed to parse default standard error switch %s. Ignoring.", value);
0a494f1f
LP		 426 else
427 arg_default_std_error = r;
9e7c5357 428
1d84ad94
LP		 429 } else if (streq(key, "systemd.setenv")) {
430
431 if (proc_cmdline_value_missing(key, value))
432 return 0;
059cb385
LP		 433
434 if (env_assignment_is_valid(value)) {
e21fea24
KS		 435 char **env;
436
059cb385 437 env = strv_env_set(arg_default_environment, value);
1d84ad94
LP		 438 if (!env)
439 return log_oom();
440
441 arg_default_environment = env;
e21fea24 442 } else
059cb385 443 log_warning("Environment variable name '%s' is not valid. Ignoring.", value);
9e58ff9c 444
1d84ad94
LP		 445 } else if (proc_cmdline_key_streq(key, "systemd.machine_id")) {
446
447 if (proc_cmdline_value_missing(key, value))
448 return 0;
449
450 r = set_machine_id(value);
451 if (r < 0)
452 log_warning("MachineID '%s' is not valid. Ignoring.", value);
ee48dbd5 453
1d84ad94
LP		 454 } else if (proc_cmdline_key_streq(key, "systemd.default_timeout_start_sec")) {
455
456 if (proc_cmdline_value_missing(key, value))
457 return 0;
458
459 r = parse_sec(value, &arg_default_timeout_start_usec);
460 if (r < 0)
461 log_warning_errno(r, "Failed to parse default start timeout: %s, ignoring.", value);
462
463 if (arg_default_timeout_start_usec <= 0)
464 arg_default_timeout_start_usec = USEC_INFINITY;
ee48dbd5 465
8a2c1fbf
EJ		 466 } else if (proc_cmdline_key_streq(key, "systemd.watchdog_device")) {
467
468 if (proc_cmdline_value_missing(key, value))
469 return 0;
470
471 parse_path_argument_and_warn(value, false, &arg_watchdog_device);
472
059cb385 473 } else if (streq(key, "quiet") && !value) {
d7b15e0a 474
b6e2f329 475 if (arg_show_status == _SHOW_STATUS_UNSET)
d450b6f2 476 arg_show_status = SHOW_STATUS_AUTO;
059cb385
LP		 477
478 } else if (streq(key, "debug") && !value) {
d7b15e0a 479
1de1c9c3
LP		 480 /* Note that log_parse_environment() handles 'debug'
481 * too, and sets the log level to LOG_DEBUG. */
d7b15e0a 482
75f86906 483 if (detect_container() > 0)
b2103dcc 484 log_set_target(LOG_TARGET_CONSOLE);
059cb385 485
dcd61450 486 } else if (!value) {
e2c9a131 487 const char *target;
f170852a
LP		 488
489 /* SysV compatibility */
e2c9a131
EV		 490 target = runlevel_to_target(key);
491 if (target)
492 return free_and_strdup(&arg_default_unit, target);
f170852a
LP		 493 }
494
495 return 0;
496}
497
e8e581bf
ZJS		 498#define DEFINE_SETTER(name, func, descr) \
499 static int name(const char *unit, \
500 const char *filename, \
501 unsigned line, \
502 const char *section, \
71a61510 503 unsigned section_line, \
e8e581bf
ZJS		 504 const char *lvalue, \
505 int ltype, \
506 const char *rvalue, \
507 void *data, \
508 void *userdata) { \
509 \
510 int r; \
511 \
512 assert(filename); \
513 assert(lvalue); \
514 assert(rvalue); \
515 \
516 r = func(rvalue); \
517 if (r < 0) \
d1cefe0a
LP		 518 log_syntax(unit, LOG_ERR, filename, line, r, \
519 "Invalid " descr "'%s': %m", \
520 rvalue); \
e8e581bf
ZJS		 521 \
522 return 0; \
523 }
487393e9 524
e8e581bf
ZJS		 525DEFINE_SETTER(config_parse_level2, log_set_max_level_from_string, "log level")
526DEFINE_SETTER(config_parse_target, log_set_target_from_string, "target")
527DEFINE_SETTER(config_parse_color, log_show_color_from_string, "color" )
528DEFINE_SETTER(config_parse_location, log_show_location_from_string, "location")
487393e9 529
4d7213b2
LP		 530static int config_parse_cpu_affinity2(
531 const char *unit,
532 const char *filename,
533 unsigned line,
534 const char *section,
535 unsigned section_line,
536 const char *lvalue,
537 int ltype,
538 const char *rvalue,
539 void *data,
540 void *userdata) {
487393e9 541
4b40bc38 542 _cleanup_cpu_free_ cpu_set_t *c = NULL;
f5c72b73 543 int ncpus;
487393e9 544
765d143b 545 ncpus = parse_cpu_set_and_warn(rvalue, &c, unit, filename, line, lvalue);
f5c72b73
FB		 546 if (ncpus < 0)
547 return ncpus;
487393e9 548
f5c72b73 549 if (sched_setaffinity(0, CPU_ALLOC_SIZE(ncpus), c) < 0)
25f027c5 550 log_warning_errno(errno, "Failed to set CPU affinity: %m");
487393e9 551
487393e9
LP		 552 return 0;
553}
554
4d7213b2
LP		 555static int config_parse_show_status(
556 const char* unit,
557 const char *filename,
558 unsigned line,
559 const char *section,
560 unsigned section_line,
561 const char *lvalue,
562 int ltype,
563 const char *rvalue,
564 void *data,
565 void *userdata) {
566
567 int k;
568 ShowStatus *b = data;
569
570 assert(filename);
571 assert(lvalue);
572 assert(rvalue);
573 assert(data);
574
575 k = parse_show_status(rvalue, b);
576 if (k < 0) {
12ca818f 577 log_syntax(unit, LOG_ERR, filename, line, k, "Failed to parse show status setting, ignoring: %s", rvalue);
4d7213b2
LP		 578 return 0;
579 }
580
581 return 0;
582}
583
5db98187
LP		 584static int config_parse_output_restricted(
585 const char* unit,
586 const char *filename,
587 unsigned line,
588 const char *section,
589 unsigned section_line,
590 const char *lvalue,
591 int ltype,
592 const char *rvalue,
593 void *data,
594 void *userdata) {
595
596 ExecOutput t, *eo = data;
597
598 assert(filename);
599 assert(lvalue);
600 assert(rvalue);
601 assert(data);
602
603 t = exec_output_from_string(rvalue);
604 if (t < 0) {
605 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse output type, ignoring: %s", rvalue);
606 return 0;
607 }
608
609 if (IN_SET(t, EXEC_OUTPUT_SOCKET, EXEC_OUTPUT_NAMED_FD, EXEC_OUTPUT_FILE)) {
610 log_syntax(unit, LOG_ERR, filename, line, 0, "Standard output types socket, fd:, file: are not supported as defaults, ignoring: %s", rvalue);
611 return 0;
612 }
613
614 *eo = t;
615 return 0;
616}
617
b9e74c39
LP		 618static int config_parse_crash_chvt(
619 const char* unit,
620 const char *filename,
621 unsigned line,
622 const char *section,
623 unsigned section_line,
624 const char *lvalue,
625 int ltype,
626 const char *rvalue,
627 void *data,
628 void *userdata) {
629
630 int r;
631
632 assert(filename);
633 assert(lvalue);
634 assert(rvalue);
b9e74c39
LP		 635
636 r = parse_crash_chvt(rvalue);
637 if (r < 0) {
638 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse CrashChangeVT= setting, ignoring: %s", rvalue);
639 return 0;
640 }
641
642 return 0;
643}
644
e8e581bf
ZJS		 645static int config_parse_join_controllers(const char *unit,
646 const char *filename,
647 unsigned line,
648 const char *section,
71a61510 649 unsigned section_line,
e8e581bf
ZJS		 650 const char *lvalue,
651 int ltype,
652 const char *rvalue,
653 void *data,
654 void *userdata) {
0c85a4f3 655
3875c85b 656 const char *whole_rvalue = rvalue;
0c85a4f3 657 unsigned n = 0;
0c85a4f3
LP		 658
659 assert(filename);
660 assert(lvalue);
661 assert(rvalue);
662
fe382237 663 arg_join_controllers = strv_free_free(arg_join_controllers);
0c85a4f3 664
d4ebeb4f
FB		 665 for (;;) {
666 _cleanup_free_ char *word = NULL;
667 char **l;
668 int r;
0c85a4f3 669
9a82ab95 670 r = extract_first_word(&rvalue, &word, NULL, EXTRACT_QUOTES);
3875c85b
FB		 671 if (r < 0) {
672 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid value for %s: %s", lvalue, whole_rvalue);
d4ebeb4f 673 return r;
3875c85b 674 }
d4ebeb4f
FB		 675 if (r == 0)
676 break;
0c85a4f3 677
d4ebeb4f 678 l = strv_split(word, ",");
1592ec21 679 if (!l)
aa8aeac0 680 return log_oom();
0c85a4f3
LP		 681 strv_uniq(l);
682
683 if (strv_length(l) <= 1) {
684 strv_free(l);
685 continue;
686 }
687
688 if (!arg_join_controllers) {
689 arg_join_controllers = new(char**, 2);
690 if (!arg_join_controllers) {
691 strv_free(l);
14212119 692 return log_oom();
0c85a4f3
LP		 693 }
694
695 arg_join_controllers[0] = l;
696 arg_join_controllers[1] = NULL;
697
698 n = 1;
699 } else {
700 char ***a;
701 char ***t;
702
703 t = new0(char**, n+2);
704 if (!t) {
705 strv_free(l);
14212119 706 return log_oom();
0c85a4f3
LP		 707 }
708
709 n = 0;
710
711 for (a = arg_join_controllers; *a; a++) {
712
713 if (strv_overlap(*a, l)) {
e287086b 714 if (strv_extend_strv(&l, *a, false) < 0) {
0c85a4f3
LP		 715 strv_free(l);
716 strv_free_free(t);
14212119 717 return log_oom();
0c85a4f3
LP		 718 }
719
0c85a4f3
LP		 720 } else {
721 char **c;
722
723 c = strv_copy(*a);
724 if (!c) {
725 strv_free(l);
726 strv_free_free(t);
14212119 727 return log_oom();
0c85a4f3
LP		 728 }
729
730 t[n++] = c;
731 }
732 }
733
734 t[n++] = strv_uniq(l);
735
736 strv_free_free(arg_join_controllers);
737 arg_join_controllers = t;
738 }
739 }
d4ebeb4f 740 if (!isempty(rvalue))
12ca818f 741 log_syntax(unit, LOG_ERR, filename, line, 0, "Trailing garbage, ignoring.");
0c85a4f3
LP		 742
743 return 0;
744}
745
487393e9
LP		 746static int parse_config_file(void) {
747
f975e971 748 const ConfigTableItem items[] = {
d3b1c508
LP		 749 { "Manager", "LogLevel", config_parse_level2, 0, NULL },
750 { "Manager", "LogTarget", config_parse_target, 0, NULL },
751 { "Manager", "LogColor", config_parse_color, 0, NULL },
752 { "Manager", "LogLocation", config_parse_location, 0, NULL },
753 { "Manager", "DumpCore", config_parse_bool, 0, &arg_dump_core },
b9e74c39
LP		 754 { "Manager", "CrashChVT", /* legacy */ config_parse_crash_chvt, 0, NULL },
755 { "Manager", "CrashChangeVT", config_parse_crash_chvt, 0, NULL },
d3b1c508 756 { "Manager", "CrashShell", config_parse_bool, 0, &arg_crash_shell },
b9e74c39 757 { "Manager", "CrashReboot", config_parse_bool, 0, &arg_crash_reboot },
d3b1c508 758 { "Manager", "ShowStatus", config_parse_show_status, 0, &arg_show_status },
d3b1c508
LP		 759 { "Manager", "CPUAffinity", config_parse_cpu_affinity2, 0, NULL },
760 { "Manager", "JoinControllers", config_parse_join_controllers, 0, &arg_join_controllers },
761 { "Manager", "RuntimeWatchdogSec", config_parse_sec, 0, &arg_runtime_watchdog },
762 { "Manager", "ShutdownWatchdogSec", config_parse_sec, 0, &arg_shutdown_watchdog },
8a2c1fbf 763 { "Manager", "WatchdogDevice", config_parse_path, 0, &arg_watchdog_device },
a103496c 764 { "Manager", "CapabilityBoundingSet", config_parse_capability_set, 0, &arg_capability_bounding_set },
349cc4a5 765#if HAVE_SECCOMP
d3b1c508 766 { "Manager", "SystemCallArchitectures", config_parse_syscall_archs, 0, &arg_syscall_archs },
89fffa27 767#endif
d3b1c508 768 { "Manager", "TimerSlackNSec", config_parse_nsec, 0, &arg_timer_slack_nsec },
bd8f585b 769 { "Manager", "DefaultTimerAccuracySec", config_parse_sec, 0, &arg_default_timer_accuracy_usec },
5db98187
LP		 770 { "Manager", "DefaultStandardOutput", config_parse_output_restricted,0, &arg_default_std_output },
771 { "Manager", "DefaultStandardError", config_parse_output_restricted,0, &arg_default_std_error },
d3b1c508
LP		 772 { "Manager", "DefaultTimeoutStartSec", config_parse_sec, 0, &arg_default_timeout_start_usec },
773 { "Manager", "DefaultTimeoutStopSec", config_parse_sec, 0, &arg_default_timeout_stop_usec },
774 { "Manager", "DefaultRestartSec", config_parse_sec, 0, &arg_default_restart_usec },
f0367da7
LP		 775 { "Manager", "DefaultStartLimitInterval", config_parse_sec, 0, &arg_default_start_limit_interval }, /* obsolete alias */
776 { "Manager", "DefaultStartLimitIntervalSec",config_parse_sec, 0, &arg_default_start_limit_interval },
d3b1c508
LP		 777 { "Manager", "DefaultStartLimitBurst", config_parse_unsigned, 0, &arg_default_start_limit_burst },
778 { "Manager", "DefaultEnvironment", config_parse_environ, 0, &arg_default_environment },
d0a7c5f6
LP		 779 { "Manager", "DefaultLimitCPU", config_parse_limit, RLIMIT_CPU, arg_default_rlimit },
780 { "Manager", "DefaultLimitFSIZE", config_parse_limit, RLIMIT_FSIZE, arg_default_rlimit },
781 { "Manager", "DefaultLimitDATA", config_parse_limit, RLIMIT_DATA, arg_default_rlimit },
782 { "Manager", "DefaultLimitSTACK", config_parse_limit, RLIMIT_STACK, arg_default_rlimit },
783 { "Manager", "DefaultLimitCORE", config_parse_limit, RLIMIT_CORE, arg_default_rlimit },
784 { "Manager", "DefaultLimitRSS", config_parse_limit, RLIMIT_RSS, arg_default_rlimit },
785 { "Manager", "DefaultLimitNOFILE", config_parse_limit, RLIMIT_NOFILE, arg_default_rlimit },
786 { "Manager", "DefaultLimitAS", config_parse_limit, RLIMIT_AS, arg_default_rlimit },
787 { "Manager", "DefaultLimitNPROC", config_parse_limit, RLIMIT_NPROC, arg_default_rlimit },
788 { "Manager", "DefaultLimitMEMLOCK", config_parse_limit, RLIMIT_MEMLOCK, arg_default_rlimit },
789 { "Manager", "DefaultLimitLOCKS", config_parse_limit, RLIMIT_LOCKS, arg_default_rlimit },
790 { "Manager", "DefaultLimitSIGPENDING", config_parse_limit, RLIMIT_SIGPENDING, arg_default_rlimit },
791 { "Manager", "DefaultLimitMSGQUEUE", config_parse_limit, RLIMIT_MSGQUEUE, arg_default_rlimit },
792 { "Manager", "DefaultLimitNICE", config_parse_limit, RLIMIT_NICE, arg_default_rlimit },
793 { "Manager", "DefaultLimitRTPRIO", config_parse_limit, RLIMIT_RTPRIO, arg_default_rlimit },
794 { "Manager", "DefaultLimitRTTIME", config_parse_limit, RLIMIT_RTTIME, arg_default_rlimit },
085afe36 795 { "Manager", "DefaultCPUAccounting", config_parse_bool, 0, &arg_default_cpu_accounting },
13c31542 796 { "Manager", "DefaultIOAccounting", config_parse_bool, 0, &arg_default_io_accounting },
377bfd2d 797 { "Manager", "DefaultIPAccounting", config_parse_bool, 0, &arg_default_ip_accounting },
085afe36
LP		 798 { "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_default_blockio_accounting },
799 { "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_default_memory_accounting },
03a7b521 800 { "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_default_tasks_accounting },
0af20ea2 801 { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max },
ae8c7939 802 { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, 0, &arg_cad_burst_action },
d3b1c508 803 {}
487393e9
LP		 804 };
805
1b907b5c 806 const char *fn, *conf_dirs_nulstr;
487393e9 807
463d0d15 808 fn = arg_system ?
75eb6154
LP		 809 PKGSYSCONFDIR "/system.conf" :
810 PKGSYSCONFDIR "/user.conf";
811
463d0d15 812 conf_dirs_nulstr = arg_system ?
75eb6154
LP		 813 CONF_PATHS_NULSTR("systemd/system.conf.d") :
814 CONF_PATHS_NULSTR("systemd/user.conf.d");
815
bcde742e 816 (void) config_parse_many_nulstr(fn, conf_dirs_nulstr, "Manager\0", config_item_table_lookup, items, CONFIG_PARSE_WARN, NULL);
36c16a7c
LP		 817
818 /* Traditionally "0" was used to turn off the default unit timeouts. Fix this up so that we used USEC_INFINITY
819 * like everywhere else. */
820 if (arg_default_timeout_start_usec <= 0)
821 arg_default_timeout_start_usec = USEC_INFINITY;
822 if (arg_default_timeout_stop_usec <= 0)
823 arg_default_timeout_stop_usec = USEC_INFINITY;
487393e9 824
487393e9
LP		 825 return 0;
826}
827
85cb4151 828static void set_manager_defaults(Manager *m) {
06af2a04
TB		 829
830 assert(m);
831
832 m->default_timer_accuracy_usec = arg_default_timer_accuracy_usec;
833 m->default_std_output = arg_default_std_output;
834 m->default_std_error = arg_default_std_error;
835 m->default_timeout_start_usec = arg_default_timeout_start_usec;
836 m->default_timeout_stop_usec = arg_default_timeout_stop_usec;
837 m->default_restart_usec = arg_default_restart_usec;
838 m->default_start_limit_interval = arg_default_start_limit_interval;
839 m->default_start_limit_burst = arg_default_start_limit_burst;
840 m->default_cpu_accounting = arg_default_cpu_accounting;
13c31542 841 m->default_io_accounting = arg_default_io_accounting;
377bfd2d 842 m->default_ip_accounting = arg_default_ip_accounting;
06af2a04
TB		 843 m->default_blockio_accounting = arg_default_blockio_accounting;
844 m->default_memory_accounting = arg_default_memory_accounting;
03a7b521 845 m->default_tasks_accounting = arg_default_tasks_accounting;
0af20ea2 846 m->default_tasks_max = arg_default_tasks_max;
06af2a04
TB		 847
848 manager_set_default_rlimits(m, arg_default_rlimit);
849 manager_environment_add(m, NULL, arg_default_environment);
850}
851
7b46fc6a
LP		 852static void set_manager_settings(Manager *m) {
853
854 assert(m);
855
856 m->confirm_spawn = arg_confirm_spawn;
857 m->runtime_watchdog = arg_runtime_watchdog;
858 m->shutdown_watchdog = arg_shutdown_watchdog;
859 m->cad_burst_action = arg_cad_burst_action;
860
861 manager_set_show_status(m, arg_show_status);
862}
863
f170852a
LP		 864static int parse_argv(int argc, char *argv[]) {
865
866 enum {
867 ARG_LOG_LEVEL = 0x100,
868 ARG_LOG_TARGET,
bbe63281
LP		 869 ARG_LOG_COLOR,
870 ARG_LOG_LOCATION,
2f198e2f 871 ARG_UNIT,
edb9aaa8 872 ARG_SYSTEM,
af2d49f7 873 ARG_USER,
e537352b 874 ARG_TEST,
b87c2aa6 875 ARG_NO_PAGER,
9ba0bc4e 876 ARG_VERSION,
80876c20 877 ARG_DUMP_CONFIGURATION_ITEMS,
9e58ff9c 878 ARG_DUMP_CORE,
b9e74c39 879 ARG_CRASH_CHVT,
9e58ff9c 880 ARG_CRASH_SHELL,
b9e74c39 881 ARG_CRASH_REBOOT,
a16e1123 882 ARG_CONFIRM_SPAWN,
9e58ff9c 883 ARG_SHOW_STATUS,
4288f619 884 ARG_DESERIALIZE,
2660882b 885 ARG_SWITCHED_ROOT,
0a494f1f 886 ARG_DEFAULT_STD_OUTPUT,
ee48dbd5
NC		 887 ARG_DEFAULT_STD_ERROR,
888 ARG_MACHINE_ID
f170852a
LP		 889 };
890
891 static const struct option options[] = {
a16e1123
LP		 892 { "log-level", required_argument, NULL, ARG_LOG_LEVEL },
893 { "log-target", required_argument, NULL, ARG_LOG_TARGET },
bbe63281
LP		 894 { "log-color", optional_argument, NULL, ARG_LOG_COLOR },
895 { "log-location", optional_argument, NULL, ARG_LOG_LOCATION },
2f198e2f 896 { "unit", required_argument, NULL, ARG_UNIT },
edb9aaa8 897 { "system", no_argument, NULL, ARG_SYSTEM },
af2d49f7 898 { "user", no_argument, NULL, ARG_USER },
a16e1123 899 { "test", no_argument, NULL, ARG_TEST },
b87c2aa6 900 { "no-pager", no_argument, NULL, ARG_NO_PAGER },
a16e1123 901 { "help", no_argument, NULL, 'h' },
9ba0bc4e 902 { "version", no_argument, NULL, ARG_VERSION },
a16e1123 903 { "dump-configuration-items", no_argument, NULL, ARG_DUMP_CONFIGURATION_ITEMS },
a5d87bf0 904 { "dump-core", optional_argument, NULL, ARG_DUMP_CORE },
b9e74c39 905 { "crash-chvt", required_argument, NULL, ARG_CRASH_CHVT },
a5d87bf0 906 { "crash-shell", optional_argument, NULL, ARG_CRASH_SHELL },
b9e74c39 907 { "crash-reboot", optional_argument, NULL, ARG_CRASH_REBOOT },
a5d87bf0 908 { "confirm-spawn", optional_argument, NULL, ARG_CONFIRM_SPAWN },
6e98720f 909 { "show-status", optional_argument, NULL, ARG_SHOW_STATUS },
a16e1123 910 { "deserialize", required_argument, NULL, ARG_DESERIALIZE },
2660882b 911 { "switched-root", no_argument, NULL, ARG_SWITCHED_ROOT },
0a494f1f
LP		 912 { "default-standard-output", required_argument, NULL, ARG_DEFAULT_STD_OUTPUT, },
913 { "default-standard-error", required_argument, NULL, ARG_DEFAULT_STD_ERROR, },
ee48dbd5 914 { "machine-id", required_argument, NULL, ARG_MACHINE_ID },
fb472900 915 {}
f170852a
LP		 916 };
917
918 int c, r;
919
920 assert(argc >= 1);
921 assert(argv);
922
df0ff127 923 if (getpid_cached() == 1)
b770165a
LP		 924 opterr = 0;
925
099663ff 926 while ((c = getopt_long(argc, argv, "hDbsz:", options, NULL)) >= 0)
f170852a
LP		 927
928 switch (c) {
929
930 case ARG_LOG_LEVEL:
fb472900
ZJS		 931 r = log_set_max_level_from_string(optarg);
932 if (r < 0) {
f170852a
LP		 933 log_error("Failed to parse log level %s.", optarg);
934 return r;
935 }
936
937 break;
938
939 case ARG_LOG_TARGET:
fb472900
ZJS		 940 r = log_set_target_from_string(optarg);
941 if (r < 0) {
f170852a
LP		 942 log_error("Failed to parse log target %s.", optarg);
943 return r;
944 }
945
946 break;
947
bbe63281
LP		 948 case ARG_LOG_COLOR:
949
d0b170c8 950 if (optarg) {
fb472900
ZJS		 951 r = log_show_color_from_string(optarg);
952 if (r < 0) {
d0b170c8
LP		 953 log_error("Failed to parse log color setting %s.", optarg);
954 return r;
955 }
956 } else
957 log_show_color(true);
bbe63281
LP		 958
959 break;
960
961 case ARG_LOG_LOCATION:
d0b170c8 962 if (optarg) {
fb472900
ZJS		 963 r = log_show_location_from_string(optarg);
964 if (r < 0) {
d0b170c8
LP		 965 log_error("Failed to parse log location setting %s.", optarg);
966 return r;
967 }
968 } else
969 log_show_location(true);
bbe63281
LP		 970
971 break;
972
0a494f1f 973 case ARG_DEFAULT_STD_OUTPUT:
fb472900
ZJS		 974 r = exec_output_from_string(optarg);
975 if (r < 0) {
0a494f1f
LP		 976 log_error("Failed to parse default standard output setting %s.", optarg);
977 return r;
978 } else
979 arg_default_std_output = r;
980 break;
981
982 case ARG_DEFAULT_STD_ERROR:
fb472900
ZJS		 983 r = exec_output_from_string(optarg);
984 if (r < 0) {
0a494f1f
LP		 985 log_error("Failed to parse default standard error output setting %s.", optarg);
986 return r;
987 } else
988 arg_default_std_error = r;
989 break;
990
2f198e2f 991 case ARG_UNIT:
e6e242ad 992 r = free_and_strdup(&arg_default_unit, optarg);
23bbb0de
MS		 993 if (r < 0)
994 return log_error_errno(r, "Failed to set default unit %s: %m", optarg);
f170852a
LP		 995
996 break;
997
edb9aaa8 998 case ARG_SYSTEM:
463d0d15 999 arg_system = true;
edb9aaa8 1000 break;
a5dab5ce 1001
af2d49f7 1002 case ARG_USER:
463d0d15 1003 arg_system = false;
a5dab5ce 1004 break;
a5dab5ce 1005
e965d56d 1006 case ARG_TEST:
fa0f4d8a 1007 arg_action = ACTION_TEST;
b87c2aa6
ZJS		 1008 break;
1009
1010 case ARG_NO_PAGER:
1011 arg_no_pager = true;
e965d56d
LP		 1012 break;
1013
9ba0bc4e
ZJS		 1014 case ARG_VERSION:
1015 arg_action = ACTION_VERSION;
1016 break;
1017
e537352b 1018 case ARG_DUMP_CONFIGURATION_ITEMS:
fa0f4d8a 1019 arg_action = ACTION_DUMP_CONFIGURATION_ITEMS;
e537352b
LP		 1020 break;
1021
9e58ff9c 1022 case ARG_DUMP_CORE:
b9e74c39
LP		 1023 if (!optarg)
1024 arg_dump_core = true;
1025 else {
1026 r = parse_boolean(optarg);
1027 if (r < 0)
1028 return log_error_errno(r, "Failed to parse dump core boolean: %s", optarg);
1029 arg_dump_core = r;
a5d87bf0 1030 }
b9e74c39
LP		 1031 break;
1032
1033 case ARG_CRASH_CHVT:
1034 r = parse_crash_chvt(optarg);
1035 if (r < 0)
1036 return log_error_errno(r, "Failed to parse crash virtual terminal index: %s", optarg);
9e58ff9c
LP		 1037 break;
1038
1039 case ARG_CRASH_SHELL:
b9e74c39
LP		 1040 if (!optarg)
1041 arg_crash_shell = true;
1042 else {
1043 r = parse_boolean(optarg);
1044 if (r < 0)
1045 return log_error_errno(r, "Failed to parse crash shell boolean: %s", optarg);
1046 arg_crash_shell = r;
1047 }
1048 break;
1049
1050 case ARG_CRASH_REBOOT:
1051 if (!optarg)
1052 arg_crash_reboot = true;
1053 else {
1054 r = parse_boolean(optarg);
1055 if (r < 0)
1056 return log_error_errno(r, "Failed to parse crash shell boolean: %s", optarg);
1057 arg_crash_reboot = r;
a5d87bf0 1058 }
9e58ff9c
LP		 1059 break;
1060
80876c20 1061 case ARG_CONFIRM_SPAWN:
7d5ceb64
FB		 1062 arg_confirm_spawn = mfree(arg_confirm_spawn);
1063
1064 r = parse_confirm_spawn(optarg, &arg_confirm_spawn);
1065 if (r < 0)
1066 return log_error_errno(r, "Failed to parse confirm spawn option: %m");
80876c20
LP		 1067 break;
1068
9e58ff9c 1069 case ARG_SHOW_STATUS:
d450b6f2
ZJS		 1070 if (optarg) {
1071 r = parse_show_status(optarg, &arg_show_status);
1072 if (r < 0) {
1073 log_error("Failed to parse show status boolean %s.", optarg);
1074 return r;
1075 }
1076 } else
1077 arg_show_status = SHOW_STATUS_YES;
6e98720f 1078 break;
a5d87bf0 1079
a16e1123
LP		 1080 case ARG_DESERIALIZE: {
1081 int fd;
1082 FILE *f;
1083
01e10de3
LP		 1084 r = safe_atoi(optarg, &fd);
1085 if (r < 0 || fd < 0) {
a16e1123 1086 log_error("Failed to parse deserialize option %s.", optarg);
b9e74c39 1087 return -EINVAL;
a16e1123
LP		 1088 }
1089
b9e74c39 1090 (void) fd_cloexec(fd, true);
01e10de3
LP		 1091
1092 f = fdopen(fd, "r");
4a62c710
MS		 1093 if (!f)
1094 return log_error_errno(errno, "Failed to open serialization fd: %m");
a16e1123 1095
74ca738f 1096 safe_fclose(arg_serialization);
d3b1c508 1097 arg_serialization = f;
a16e1123
LP		 1098
1099 break;
1100 }
1101
2660882b 1102 case ARG_SWITCHED_ROOT:
bf4df7c3 1103 arg_switched_root = true;
d03bc1b8
HH		 1104 break;
1105
ee48dbd5
NC		 1106 case ARG_MACHINE_ID:
1107 r = set_machine_id(optarg);
54500613
LP		 1108 if (r < 0)
1109 return log_error_errno(r, "MachineID '%s' is not valid.", optarg);
ee48dbd5
NC		 1110 break;
1111
f170852a 1112 case 'h':
fa0f4d8a 1113 arg_action = ACTION_HELP;
f170852a
LP		 1114 break;
1115
1d2e23ab
LP		 1116 case 'D':
1117 log_set_max_level(LOG_DEBUG);
1118 break;
1119
099663ff
LP		 1120 case 'b':
1121 case 's':
1122 case 'z':
1123 /* Just to eat away the sysvinit kernel
1124 * cmdline args without getopt() error
1125 * messages that we'll parse in
1126 * parse_proc_cmdline_word() or ignore. */
f170852a 1127
099663ff 1128 case '?':
df0ff127 1129 if (getpid_cached() != 1)
099663ff 1130 return -EINVAL;
601185b4
ZJS		 1131 else
1132 return 0;
099663ff 1133
601185b4
ZJS		 1134 default:
1135 assert_not_reached("Unhandled option code.");
f170852a
LP		 1136 }
1137
df0ff127 1138 if (optind < argc && getpid_cached() != 1) {
d821e6d6
LP		 1139 /* Hmm, when we aren't run as init system
1140 * let's complain about excess arguments */
1141
1142 log_error("Excess arguments.");
1143 return -EINVAL;
1144 }
1145
f170852a
LP		 1146 return 0;
1147}
1148
1149static int help(void) {
1150
2e33c433 1151 printf("%s [OPTIONS...]\n\n"
af2d49f7 1152 "Starts up and maintains the system or user services.\n\n"
e537352b 1153 " -h --help Show this help\n"
cb4069d9 1154 " --version Show version\n"
e537352b 1155 " --test Determine startup sequence, dump it and exit\n"
b87c2aa6 1156 " --no-pager Do not pipe output into a pager\n"
80876c20 1157 " --dump-configuration-items Dump understood unit configuration items\n"
9e58ff9c 1158 " --unit=UNIT Set default unit\n"
edb9aaa8 1159 " --system Run a system instance, even if PID != 1\n"
af2d49f7 1160 " --user Run a user instance\n"
b9e74c39
LP		 1161 " --dump-core[=BOOL] Dump core on crash\n"
1162 " --crash-vt=NR Change to specified VT on crash\n"
1163 " --crash-reboot[=BOOL] Reboot on crash\n"
1164 " --crash-shell[=BOOL] Run shell on crash\n"
1165 " --confirm-spawn[=BOOL] Ask for confirmation when spawning processes\n"
1166 " --show-status[=BOOL] Show status updates on the console during bootup\n"
c1dc6153 1167 " --log-target=TARGET Set log target (console, journal, kmsg, journal-or-kmsg, null)\n"
9e58ff9c 1168 " --log-level=LEVEL Set log level (debug, info, notice, warning, err, crit, alert, emerg)\n"
b9e74c39
LP		 1169 " --log-color[=BOOL] Highlight important log messages\n"
1170 " --log-location[=BOOL] Include code location in log messages\n"
0a494f1f
LP		 1171 " --default-standard-output= Set default standard output for services\n"
1172 " --default-standard-error= Set default standard error output for services\n",
5b6319dc 1173 program_invocation_short_name);
f170852a
LP		 1174
1175 return 0;
1176}
1177
b3680f49 1178static int prepare_reexecute(Manager *m, FILE **_f, FDSet **_fds, bool switching_root) {
48b90859
LP		 1179 _cleanup_fdset_free_ FDSet *fds = NULL;
1180 _cleanup_fclose_ FILE *f = NULL;
a16e1123
LP		 1181 int r;
1182
1183 assert(m);
1184 assert(_f);
1185 assert(_fds);
1186
6b78f9b4 1187 r = manager_open_serialization(m, &f);
48b90859
LP		 1188 if (r < 0)
1189 return log_error_errno(r, "Failed to create serialization file: %m");
a16e1123 1190
71445ae7 1191 /* Make sure nothing is really destructed when we shut down */
313cefa1 1192 m->n_reloading++;
718db961 1193 bus_manager_send_reloading(m, true);
71445ae7 1194
6b78f9b4 1195 fds = fdset_new();
48b90859
LP		 1196 if (!fds)
1197 return log_oom();
a16e1123 1198
b3680f49 1199 r = manager_serialize(m, f, fds, switching_root);
48b90859
LP		 1200 if (r < 0)
1201 return log_error_errno(r, "Failed to serialize state: %m");
a16e1123 1202
48b90859
LP		 1203 if (fseeko(f, 0, SEEK_SET) == (off_t) -1)
1204 return log_error_errno(errno, "Failed to rewind serialization fd: %m");
a16e1123 1205
6b78f9b4 1206 r = fd_cloexec(fileno(f), false);
48b90859
LP		 1207 if (r < 0)
1208 return log_error_errno(r, "Failed to disable O_CLOEXEC for serialization: %m");
a16e1123 1209
6b78f9b4 1210 r = fdset_cloexec(fds, false);
48b90859
LP		 1211 if (r < 0)
1212 return log_error_errno(r, "Failed to disable O_CLOEXEC for serialization fds: %m");
a16e1123
LP		 1213
1214 *_f = f;
1215 *_fds = fds;
1216
48b90859
LP		 1217 f = NULL;
1218 fds = NULL;
a16e1123 1219
48b90859 1220 return 0;
a16e1123
LP		 1221}
1222
4096d6f5
LP		 1223static int bump_rlimit_nofile(struct rlimit *saved_rlimit) {
1224 struct rlimit nl;
1225 int r;
6385cb31
CB		 1226 int min_max;
1227 _cleanup_free_ char *nr_open = NULL;
4096d6f5
LP		 1228
1229 assert(saved_rlimit);
1230
1231 /* Save the original RLIMIT_NOFILE so that we can reset it
1232 * later when transitioning from the initrd to the main
1233 * systemd or suchlike. */
4a62c710 1234 if (getrlimit(RLIMIT_NOFILE, saved_rlimit) < 0)
3ce40911 1235 return log_warning_errno(errno, "Reading RLIMIT_NOFILE failed, ignoring: %m");
4096d6f5
LP		 1236
1237 /* Make sure forked processes get the default kernel setting */
1238 if (!arg_default_rlimit[RLIMIT_NOFILE]) {
1239 struct rlimit *rl;
1240
1241 rl = newdup(struct rlimit, saved_rlimit, 1);
1242 if (!rl)
1243 return log_oom();
1244
1245 arg_default_rlimit[RLIMIT_NOFILE] = rl;
1246 }
1247
6385cb31
CB		 1248 /* Get current RLIMIT_NOFILE maximum compiled into the kernel. */
1249 r = read_one_line_file("/proc/sys/fs/nr_open", &nr_open);
d387cfdd 1250 if (r >= 0)
6385cb31
CB		 1251 r = safe_atoi(nr_open, &min_max);
1252 /* If we fail, fallback to the hard-coded kernel limit of 1024 * 1024. */
1253 if (r < 0)
1254 min_max = 1024 * 1024;
1255
4096d6f5 1256 /* Bump up the resource limit for ourselves substantially */
6385cb31 1257 nl.rlim_cur = nl.rlim_max = min_max;
4096d6f5 1258 r = setrlimit_closest(RLIMIT_NOFILE, &nl);
23bbb0de 1259 if (r < 0)
3ce40911 1260 return log_warning_errno(r, "Setting RLIMIT_NOFILE failed, ignoring: %m");
4096d6f5
LP		 1261
1262 return 0;
1263}
1264
fb3ae275
LP		 1265static int bump_rlimit_memlock(struct rlimit *saved_rlimit) {
1266 int r;
1267
1268 assert(saved_rlimit);
1269 assert(getuid() == 0);
1270
1271 /* BPF_MAP_TYPE_LPM_TRIE bpf maps are charged against RLIMIT_MEMLOCK, even though we have CAP_IPC_LOCK which
1272 * should normally disable such checks. We need them to implement IPAccessAllow= and IPAccessDeny=, hence let's
1273 * bump the value high enough for the root user. */
1274
1275 if (getrlimit(RLIMIT_MEMLOCK, saved_rlimit) < 0)
1276 return log_warning_errno(errno, "Reading RLIMIT_MEMLOCK failed, ignoring: %m");
1277
1278 r = setrlimit_closest(RLIMIT_MEMLOCK, &RLIMIT_MAKE_CONST(1024ULL*1024ULL*16ULL));
1279 if (r < 0)
1280 return log_warning_errno(r, "Setting RLIMIT_MEMLOCK failed, ignoring: %m");
1281
1282 return 0;
1283}
1284
80758717 1285static void test_usr(void) {
80758717 1286
ed1c99fc 1287 /* Check that /usr is not a separate fs */
80758717 1288
871c44a7
LP		 1289 if (dir_is_empty("/usr") <= 0)
1290 return;
1291
8b173b5e 1292 log_warning("/usr appears to be on its own filesystem and is not already mounted. This is not a supported setup. "
871c44a7
LP		 1293 "Some things will probably break (sometimes even silently) in mysterious ways. "
1294 "Consult http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken for more information.");
1295}
1296
a07fdfa3
LP		 1297static int initialize_join_controllers(void) {
1298 /* By default, mount "cpu" + "cpuacct" together, and "net_cls"
1299 * + "net_prio". We'd like to add "cpuset" to the mix, but
f131770b 1300 * "cpuset" doesn't really work for groups with no initialized
a07fdfa3
LP		 1301 * attributes. */
1302
1303 arg_join_controllers = new(char**, 3);
1304 if (!arg_join_controllers)
1305 return -ENOMEM;
1306
1307 arg_join_controllers[0] = strv_new("cpu", "cpuacct", NULL);
fe382237
LP		 1308 if (!arg_join_controllers[0])
1309 goto oom;
a6b26d90 1310
fe382237
LP		 1311 arg_join_controllers[1] = strv_new("net_cls", "net_prio", NULL);
1312 if (!arg_join_controllers[1])
1313 goto oom;
a07fdfa3 1314
fe382237 1315 arg_join_controllers[2] = NULL;
a07fdfa3 1316 return 0;
fe382237
LP		 1317
1318oom:
1319 arg_join_controllers = strv_free_free(arg_join_controllers);
1320 return -ENOMEM;
a07fdfa3
LP		 1321}
1322
d3b1c508 1323static int enforce_syscall_archs(Set *archs) {
349cc4a5 1324#if HAVE_SECCOMP
d3b1c508
LP		 1325 int r;
1326
83f12b27
FS		 1327 if (!is_seccomp_available())
1328 return 0;
1329
469830d1 1330 r = seccomp_restrict_archs(arg_syscall_archs);
d3b1c508 1331 if (r < 0)
469830d1 1332 return log_error_errno(r, "Failed to enforce system call architecture restrication: %m");
d3b1c508 1333#endif
469830d1 1334 return 0;
d3b1c508
LP		 1335}
1336
b6e2f329
LP		 1337static int status_welcome(void) {
1338 _cleanup_free_ char *pretty_name = NULL, *ansi_color = NULL;
72c7329b 1339 const char *fn;
b6e2f329
LP		 1340 int r;
1341
fd8c85c6
LP		 1342 if (arg_show_status <= 0)
1343 return 0;
1344
72c7329b
LP		 1345 FOREACH_STRING(fn, "/etc/os-release", "/usr/lib/os-release") {
1346 r = parse_env_file(fn, NEWLINE,
5ae4d543
LP		 1347 "PRETTY_NAME", &pretty_name,
1348 "ANSI_COLOR", &ansi_color,
1349 NULL);
b6e2f329 1350
72c7329b
LP		 1351 if (r != -ENOENT)
1352 break;
1353 }
b6e2f329 1354 if (r < 0 && r != -ENOENT)
72c7329b 1355 log_warning_errno(r, "Failed to read os-release file, ignoring: %m");
b6e2f329 1356
dc9b5816
ZJS		 1357 if (log_get_show_color())
1358 return status_printf(NULL, false, false,
1359 "\nWelcome to \x1B[%sm%s\x1B[0m!\n",
1360 isempty(ansi_color) ? "1" : ansi_color,
1361 isempty(pretty_name) ? "Linux" : pretty_name);
1362 else
1363 return status_printf(NULL, false, false,
1364 "\nWelcome to %s!\n",
1365 isempty(pretty_name) ? "Linux" : pretty_name);
b6e2f329
LP		 1366}
1367
fdd25311
LP		 1368static int write_container_id(void) {
1369 const char *c;
19854865 1370 int r;
fdd25311
LP		 1371
1372 c = getenv("container");
1373 if (isempty(c))
1374 return 0;
1375
8612da97
LP		 1376 RUN_WITH_UMASK(0022)
1377 r = write_string_file("/run/systemd/container", c, WRITE_STRING_FILE_CREATE);
19854865 1378 if (r < 0)
f1f849b0 1379 return log_warning_errno(r, "Failed to write /run/systemd/container, ignoring: %m");
19854865
LP		 1380
1381 return 1;
1382}
1383
1384static int bump_unix_max_dgram_qlen(void) {
1385 _cleanup_free_ char *qlen = NULL;
1386 unsigned long v;
1387 int r;
1388
1389 /* Let's bump the net.unix.max_dgram_qlen sysctl. The kernel
1390 * default of 16 is simply too low. We set the value really
1391 * really early during boot, so that it is actually applied to
1392 * all our sockets, including the $NOTIFY_SOCKET one. */
1393
1394 r = read_one_line_file("/proc/sys/net/unix/max_dgram_qlen", &qlen);
1395 if (r < 0)
1396 return log_warning_errno(r, "Failed to read AF_UNIX datagram queue length, ignoring: %m");
1397
1398 r = safe_atolu(qlen, &v);
1399 if (r < 0)
1400 return log_warning_errno(r, "Failed to parse AF_UNIX datagram queue length, ignoring: %m");
1401
1402 if (v >= DEFAULT_UNIX_MAX_DGRAM_QLEN)
1403 return 0;
1404
1405 qlen = mfree(qlen);
1406 if (asprintf(&qlen, "%lu\n", DEFAULT_UNIX_MAX_DGRAM_QLEN) < 0)
1407 return log_oom();
1408
1409 r = write_string_file("/proc/sys/net/unix/max_dgram_qlen", qlen, 0);
1410 if (r < 0)
1411 return log_full_errno(IN_SET(r, -EROFS, -EPERM, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
1412 "Failed to bump AF_UNIX datagram queue length, ignoring: %m");
1413
1414 return 1;
fdd25311
LP		 1415}
1416
32391275
FB		 1417static int fixup_environment(void) {
1418 _cleanup_free_ char *term = NULL;
4dc63c4b 1419 const char *t;
32391275
FB		 1420 int r;
1421
43db615b
LP		 1422 /* Only fix up the environment when we are started as PID 1 */
1423 if (getpid_cached() != 1)
1424 return 0;
1425
1426 /* We expect the environment to be set correctly if run inside a container. */
84af7821
LP		 1427 if (detect_container() > 0)
1428 return 0;
1429
43db615b
LP		 1430 /* When started as PID1, the kernel uses /dev/console for our stdios and uses TERM=linux whatever the backend
1431 * device used by the console. We try to make a better guess here since some consoles might not have support
1432 * for color mode for example.
32391275 1433 *
43db615b 1434 * However if TERM was configured through the kernel command line then leave it alone. */
1d84ad94 1435 r = proc_cmdline_get_key("TERM", 0, &term);
32391275
FB		 1436 if (r < 0)
1437 return r;
32391275 1438
4dc63c4b
LP		 1439 t = term ?: default_term_for_tty("/dev/console");
1440
1441 if (setenv("TERM", t, 1) < 0)
32391275
FB		 1442 return -errno;
1443
1444 return 0;
1445}
1446
6808a0bc
LP		 1447static void redirect_telinit(int argc, char *argv[]) {
1448
1449 /* This is compatibility support for SysV, where calling init as a user is identical to telinit. */
1450
1451#if HAVE_SYSV_COMPAT
1452 if (getpid_cached() == 1)
1453 return;
1454
1455 if (!strstr(program_invocation_short_name, "init"))
1456 return;
1457
1458 execv(SYSTEMCTL_BINARY_PATH, argv);
1459 log_error_errno(errno, "Failed to exec " SYSTEMCTL_BINARY_PATH ": %m");
a45d7127 1460 exit(EXIT_FAILURE);
6808a0bc
LP		 1461#endif
1462}
1463
4a36297c
LP		 1464static int become_shutdown(
1465 const char *shutdown_verb,
7eb35049 1466 int retval) {
4a36297c
LP		 1467
1468 char log_level[DECIMAL_STR_MAX(int) + 1],
1469 exit_code[DECIMAL_STR_MAX(uint8_t) + 1];
1470
1471 const char* command_line[11] = {
1472 SYSTEMD_SHUTDOWN_BINARY_PATH,
1473 shutdown_verb,
1474 "--log-level", log_level,
1475 "--log-target",
1476 };
1477
1478 _cleanup_strv_free_ char **env_block = NULL;
1479 size_t pos = 5;
1480 int r;
1481
7eb35049 1482 assert(shutdown_verb);
234519ae 1483 assert(!command_line[pos]);
4a36297c
LP		 1484 env_block = strv_copy(environ);
1485
1486 xsprintf(log_level, "%d", log_get_max_level());
1487
1488 switch (log_get_target()) {
1489
1490 case LOG_TARGET_KMSG:
1491 case LOG_TARGET_JOURNAL_OR_KMSG:
1492 case LOG_TARGET_SYSLOG_OR_KMSG:
1493 command_line[pos++] = "kmsg";
1494 break;
1495
1496 case LOG_TARGET_NULL:
1497 command_line[pos++] = "null";
1498 break;
1499
1500 case LOG_TARGET_CONSOLE:
1501 default:
1502 command_line[pos++] = "console";
1503 break;
1504 };
1505
1506 if (log_get_show_color())
1507 command_line[pos++] = "--log-color";
1508
1509 if (log_get_show_location())
1510 command_line[pos++] = "--log-location";
1511
1512 if (streq(shutdown_verb, "exit")) {
1513 command_line[pos++] = "--exit-code";
1514 command_line[pos++] = exit_code;
1515 xsprintf(exit_code, "%d", retval);
1516 }
1517
1518 assert(pos < ELEMENTSOF(command_line));
1519
7eb35049
LP		 1520 if (streq(shutdown_verb, "reboot") &&
1521 arg_shutdown_watchdog > 0 &&
1522 arg_shutdown_watchdog != USEC_INFINITY) {
1523
4a36297c
LP		 1524 char *e;
1525
1526 /* If we reboot let's set the shutdown
1527 * watchdog and tell the shutdown binary to
1528 * repeatedly ping it */
1529 r = watchdog_set_timeout(&arg_shutdown_watchdog);
1530 watchdog_close(r < 0);
1531
1532 /* Tell the binary how often to ping, ignore failure */
1533 if (asprintf(&e, "WATCHDOG_USEC="USEC_FMT, arg_shutdown_watchdog) > 0)
8a2c1fbf
EJ		 1534 (void) strv_consume(&env_block, e);
1535
1536 if (arg_watchdog_device &&
1537 asprintf(&e, "WATCHDOG_DEVICE=%s", arg_watchdog_device) > 0)
1538 (void) strv_consume(&env_block, e);
4a36297c
LP		 1539 } else
1540 watchdog_close(true);
1541
1542 /* Avoid the creation of new processes forked by the
1543 * kernel; at this point, we will not listen to the
1544 * signals anyway */
1545 if (detect_container() <= 0)
1546 (void) cg_uninstall_release_agent(SYSTEMD_CGROUP_CONTROLLER);
1547
1548 execve(SYSTEMD_SHUTDOWN_BINARY_PATH, (char **) command_line, env_block);
1549 return -errno;
1550}
1551
e839bafd
LP		 1552static void initialize_clock(void) {
1553 int r;
1554
1555 if (clock_is_localtime(NULL) > 0) {
1556 int min;
1557
1558 /*
1559 * The very first call of settimeofday() also does a time warp in the kernel.
1560 *
1561 * In the rtc-in-local time mode, we set the kernel's timezone, and rely on external tools to take care
1562 * of maintaining the RTC and do all adjustments. This matches the behavior of Windows, which leaves
1563 * the RTC alone if the registry tells that the RTC runs in UTC.
1564 */
1565 r = clock_set_timezone(&min);
1566 if (r < 0)
1567 log_error_errno(r, "Failed to apply local time delta, ignoring: %m");
1568 else
1569 log_info("RTC configured in localtime, applying delta of %i minutes to system time.", min);
1570
1571 } else if (!in_initrd()) {
1572 /*
1573 * Do a dummy very first call to seal the kernel's time warp magic.
1574 *
1575 * Do not call this from inside the initrd. The initrd might not carry /etc/adjtime with LOCAL, but the
1576 * real system could be set up that way. In such case, we need to delay the time-warp or the sealing
1577 * until we reach the real system.
1578 *
1579 * Do no set the kernel's timezone. The concept of local time cannot be supported reliably, the time
1580 * will jump or be incorrect at every daylight saving time change. All kernel local time concepts will
1581 * be treated as UTC that way.
1582 */
1583 (void) clock_reset_timewarp();
1584 }
1585
1586 r = clock_apply_epoch();
1587 if (r < 0)
1588 log_error_errno(r, "Current system time is before build time, but cannot correct: %m");
1589 else if (r > 0)
1590 log_info("System time before build time, advancing clock.");
1591}
1592
1e41242e
LP		 1593static void initialize_coredump(bool skip_setup) {
1594
1595 if (getpid_cached() != 1)
1596 return;
1597
1598 /* Don't limit the core dump size, so that coredump handlers such as systemd-coredump (which honour the limit)
1599 * will process core dumps for system services by default. */
1600 if (setrlimit(RLIMIT_CORE, &RLIMIT_MAKE_CONST(RLIM_INFINITY)) < 0)
1601 log_warning_errno(errno, "Failed to set RLIMIT_CORE: %m");
1602
1603 /* But at the same time, turn off the core_pattern logic by default, so that no coredumps are stored
1604 * until the systemd-coredump tool is enabled via sysctl. */
1605 if (!skip_setup)
1606 (void) write_string_file("/proc/sys/kernel/core_pattern", "|/bin/false", 0);
1607}
1608
3c7878f9
LP		 1609static void do_reexecute(
1610 int argc,
1611 char *argv[],
1612 const struct rlimit *saved_rlimit_nofile,
1613 const struct rlimit *saved_rlimit_memlock,
1614 FDSet *fds,
1615 const char *switch_root_dir,
1616 const char *switch_root_init,
1617 const char **ret_error_message) {
1618
1619 unsigned i, j, args_size;
1620 const char **args;
1621 int r;
1622
1623 assert(saved_rlimit_nofile);
1624 assert(saved_rlimit_memlock);
1625 assert(ret_error_message);
1626
1627 /* Close and disarm the watchdog, so that the new instance can reinitialize it, but doesn't get rebooted while
1628 * we do that */
1629 watchdog_close(true);
1630
1631 /* Reset the RLIMIT_NOFILE to the kernel default, so that the new systemd can pass the kernel default to its
1632 * child processes */
1633
1634 if (saved_rlimit_nofile->rlim_cur > 0)
1635 (void) setrlimit(RLIMIT_NOFILE, saved_rlimit_nofile);
1636 if (saved_rlimit_memlock->rlim_cur != (rlim_t) -1)
1637 (void) setrlimit(RLIMIT_MEMLOCK, saved_rlimit_memlock);
1638
1639 if (switch_root_dir) {
1640 /* Kill all remaining processes from the initrd, but don't wait for them, so that we can handle the
1641 * SIGCHLD for them after deserializing. */
1642 broadcast_signal(SIGTERM, false, true);
1643
1644 /* And switch root with MS_MOVE, because we remove the old directory afterwards and detach it. */
1645 r = switch_root(switch_root_dir, "/mnt", true, MS_MOVE);
1646 if (r < 0)
1647 log_error_errno(r, "Failed to switch root, trying to continue: %m");
1648 }
1649
1650 args_size = MAX(6, argc+1);
1651 args = newa(const char*, args_size);
1652
1653 if (!switch_root_init) {
1654 char sfd[DECIMAL_STR_MAX(int) + 1];
1655
1656 /* First try to spawn ourselves with the right path, and with full serialization. We do this only if
1657 * the user didn't specify an explicit init to spawn. */
1658
1659 assert(arg_serialization);
1660 assert(fds);
1661
1662 xsprintf(sfd, "%i", fileno(arg_serialization));
1663
1664 i = 0;
1665 args[i++] = SYSTEMD_BINARY_PATH;
1666 if (switch_root_dir)
1667 args[i++] = "--switched-root";
1668 args[i++] = arg_system ? "--system" : "--user";
1669 args[i++] = "--deserialize";
1670 args[i++] = sfd;
1671 args[i++] = NULL;
1672
1673 assert(i <= args_size);
1674
1675 /*
1676 * We want valgrind to print its memory usage summary before reexecution. Valgrind won't do this is on
1677 * its own on exec(), but it will do it on exit(). Hence, to ensure we get a summary here, fork() off
1678 * a child, let it exit() cleanly, so that it prints the summary, and wait() for it in the parent,
1679 * before proceeding into the exec().
1680 */
1681 valgrind_summary_hack();
1682
1683 (void) execv(args[0], (char* const*) args);
1684 log_debug_errno(errno, "Failed to execute our own binary, trying fallback: %m");
1685 }
1686
1687 /* Try the fallback, if there is any, without any serialization. We pass the original argv[] and envp[]. (Well,
1688 * modulo the ordering changes due to getopt() in argv[], and some cleanups in envp[], but let's hope that
1689 * doesn't matter.) */
1690
1691 arg_serialization = safe_fclose(arg_serialization);
1692 fds = fdset_free(fds);
1693
1694 /* Reopen the console */
1695 (void) make_console_stdio();
1696
1697 for (j = 1, i = 1; j < (unsigned) argc; j++)
1698 args[i++] = argv[j];
1699 args[i++] = NULL;
1700 assert(i <= args_size);
1701
1702 /* Reenable any blocked signals, especially important if we switch from initial ramdisk to init=... */
1703 (void) reset_all_signal_handlers();
1704 (void) reset_signal_mask();
1705
1706 if (switch_root_init) {
1707 args[0] = switch_root_init;
1708 (void) execv(args[0], (char* const*) args);
1709 log_warning_errno(errno, "Failed to execute configured init, trying fallback: %m");
1710 }
1711
1712 args[0] = "/sbin/init";
1713 (void) execv(args[0], (char* const*) args);
1714 r = -errno;
1715
1716 manager_status_printf(NULL, STATUS_TYPE_EMERGENCY,
1717 ANSI_HIGHLIGHT_RED " !! " ANSI_NORMAL,
1718 "Failed to execute /sbin/init");
1719
1720 if (r == -ENOENT) {
1721 log_warning("No /sbin/init, trying fallback");
1722
1723 args[0] = "/bin/sh";
1724 args[1] = NULL;
1725 (void) execv(args[0], (char* const*) args);
1726 log_error_errno(errno, "Failed to execute /bin/sh, giving up: %m");
1727 } else
1728 log_warning_errno(r, "Failed to execute /sbin/init, giving up: %m");
1729
1730 *ret_error_message = "Failed to execute fallback shell";
1731}
1732
7eb35049
LP		 1733static int invoke_main_loop(
1734 Manager *m,
1735 bool *ret_reexecute,
1736 int *ret_retval, /* Return parameters relevant for shutting down */
1737 const char **ret_shutdown_verb, /* … */
1738 FDSet **ret_fds, /* Return parameters for reexecuting */
1739 char **ret_switch_root_dir, /* … */
1740 char **ret_switch_root_init, /* … */
1741 const char **ret_error_message) {
1742
1743 int r;
1744
1745 assert(m);
1746 assert(ret_reexecute);
1747 assert(ret_retval);
1748 assert(ret_shutdown_verb);
1749 assert(ret_fds);
1750 assert(ret_switch_root_dir);
1751 assert(ret_switch_root_init);
1752 assert(ret_error_message);
1753
1754 for (;;) {
1755 r = manager_loop(m);
1756 if (r < 0) {
1757 *ret_error_message = "Failed to run main loop";
1758 return log_emergency_errno(r, "Failed to run main loop: %m");
1759 }
1760
1761 switch (m->exit_code) {
1762
1763 case MANAGER_RELOAD:
1764 log_info("Reloading.");
1765
1766 r = parse_config_file();
1767 if (r < 0)
1768 log_warning_errno(r, "Failed to parse config file, ignoring: %m");
1769
1770 set_manager_defaults(m);
1771
1772 r = manager_reload(m);
1773 if (r < 0)
1774 log_warning_errno(r, "Failed to reload, ignoring: %m");
1775
1776 break;
1777
1778 case MANAGER_REEXECUTE:
1779
1780 r = prepare_reexecute(m, &arg_serialization, ret_fds, false);
1781 if (r < 0) {
1782 *ret_error_message = "Failed to prepare for reexecution";
1783 return r;
1784 }
1785
1786 log_notice("Reexecuting.");
1787
1788 *ret_reexecute = true;
1789 *ret_retval = EXIT_SUCCESS;
1790 *ret_shutdown_verb = NULL;
1791 *ret_switch_root_dir = *ret_switch_root_init = NULL;
1792
1793 return 0;
1794
1795 case MANAGER_SWITCH_ROOT:
1796 if (!m->switch_root_init) {
1797 r = prepare_reexecute(m, &arg_serialization, ret_fds, true);
1798 if (r < 0) {
1799 *ret_error_message = "Failed to prepare for reexecution";
1800 return r;
1801 }
1802 } else
1803 *ret_fds = NULL;
1804
1805 log_notice("Switching root.");
1806
1807 *ret_reexecute = true;
1808 *ret_retval = EXIT_SUCCESS;
1809 *ret_shutdown_verb = NULL;
1810
1811 /* Steal the switch root parameters */
1812 *ret_switch_root_dir = m->switch_root;
1813 *ret_switch_root_init = m->switch_root_init;
1814 m->switch_root = m->switch_root_init = NULL;
1815
1816 return 0;
1817
1818 case MANAGER_EXIT:
1819
1820 if (MANAGER_IS_USER(m)) {
1821 log_debug("Exit.");
1822
1823 *ret_reexecute = false;
1824 *ret_retval = m->return_value;
1825 *ret_shutdown_verb = NULL;
1826 *ret_fds = NULL;
1827 *ret_switch_root_dir = *ret_switch_root_init = NULL;
1828
1829 return 0;
1830 }
1831
1832 _fallthrough_;
1833 case MANAGER_REBOOT:
1834 case MANAGER_POWEROFF:
1835 case MANAGER_HALT:
1836 case MANAGER_KEXEC: {
1837 static const char * const table[_MANAGER_EXIT_CODE_MAX] = {
1838 [MANAGER_EXIT] = "exit",
1839 [MANAGER_REBOOT] = "reboot",
1840 [MANAGER_POWEROFF] = "poweroff",
1841 [MANAGER_HALT] = "halt",
1842 [MANAGER_KEXEC] = "kexec"
1843 };
1844
1845 log_notice("Shutting down.");
1846
1847 *ret_reexecute = false;
1848 *ret_retval = m->return_value;
1849 assert_se(*ret_shutdown_verb = table[m->exit_code]);
1850 *ret_fds = NULL;
1851 *ret_switch_root_dir = *ret_switch_root_init = NULL;
1852
1853 return 0;
1854 }
1855
1856 default:
1857 assert_not_reached("Unknown exit code.");
1858 }
1859 }
1860}
1861
31aef7ff
LP		 1862static void log_execution_mode(bool *ret_first_boot) {
1863 assert(ret_first_boot);
1864
1865 if (arg_system) {
1866 int v;
1867
1868 log_info(PACKAGE_STRING " running in %ssystem mode. (" SYSTEMD_FEATURES ")",
1869 arg_action == ACTION_TEST ? "test " : "" );
1870
1871 v = detect_virtualization();
1872 if (v > 0)
1873 log_info("Detected virtualization %s.", virtualization_to_string(v));
1874
1875 log_info("Detected architecture %s.", architecture_to_string(uname_architecture()));
1876
1877 if (in_initrd()) {
1878 *ret_first_boot = false;
1879 log_info("Running in initial RAM disk.");
1880 } else {
1881 /* Let's check whether we are in first boot, i.e. whether /etc is still unpopulated. We use
1882 * /etc/machine-id as flag file, for this: if it exists we assume /etc is populated, if it
1883 * doesn't it's unpopulated. This allows container managers and installers to provision a
1884 * couple of files already. If the container manager wants to provision the machine ID itself
1885 * it should pass $container_uuid to PID 1. */
1886
1887 *ret_first_boot = access("/etc/machine-id", F_OK) < 0;
1888 if (*ret_first_boot)
1889 log_info("Running with unpopulated /etc.");
1890 }
1891 } else {
b9e90f3a
LP		 1892 if (DEBUG_LOGGING) {
1893 _cleanup_free_ char *t;
31aef7ff 1894
b9e90f3a
LP		 1895 t = uid_to_name(getuid());
1896 log_debug(PACKAGE_STRING " running in %suser mode for user " UID_FMT "/%s. (" SYSTEMD_FEATURES ")",
1897 arg_action == ACTION_TEST ? " test" : "", getuid(), strna(t));
1898 }
31aef7ff
LP		 1899
1900 *ret_first_boot = false;
1901 }
1902}
1903
5afbaa36
LP		 1904static int initialize_runtime(
1905 bool skip_setup,
1906 struct rlimit *saved_rlimit_nofile,
1907 struct rlimit *saved_rlimit_memlock,
1908 const char **ret_error_message) {
1909
1910 int r;
1911
1912 assert(ret_error_message);
1913
1914 /* Sets up various runtime parameters. Many of these initializations are conditionalized:
1915 *
1916 * - Some only apply to --system instances
1917 * - Some only apply to --user instances
1918 * - Some only apply when we first start up, but not when we reexecute
1919 */
1920
2d776038
LP		 1921 if (arg_action != ACTION_RUN)
1922 return 0;
1923
3c3c6cb9
LP		 1924 if (arg_system) {
1925 /* Make sure we leave a core dump without panicing the kernel. */
1926 install_crash_handler();
5afbaa36 1927
3c3c6cb9
LP		 1928 if (!skip_setup) {
1929 r = mount_cgroup_controllers(arg_join_controllers);
1930 if (r < 0) {
1931 *ret_error_message = "Failed to mount cgroup hierarchies";
1932 return r;
1933 }
1934
1935 status_welcome();
1936 hostname_setup();
1937 machine_id_setup(NULL, arg_machine_id, NULL);
1938 loopback_setup();
1939 bump_unix_max_dgram_qlen();
1940 test_usr();
1941 write_container_id();
1942 }
8a2c1fbf 1943
3c3c6cb9
LP		 1944 if (arg_watchdog_device) {
1945 r = watchdog_set_device(arg_watchdog_device);
1946 if (r < 0)
1947 log_warning_errno(r, "Failed to set watchdog device to %s, ignoring: %m", arg_watchdog_device);
1948 }
1949
1950 if (arg_runtime_watchdog > 0 && arg_runtime_watchdog != USEC_INFINITY)
1951 watchdog_set_timeout(&arg_runtime_watchdog);
1952 }
5afbaa36
LP		 1953
1954 if (arg_timer_slack_nsec != NSEC_INFINITY)
1955 if (prctl(PR_SET_TIMERSLACK, arg_timer_slack_nsec) < 0)
3a671cd1 1956 log_warning_errno(errno, "Failed to adjust timer slack, ignoring: %m");
5afbaa36
LP		 1957
1958 if (arg_system && !cap_test_all(arg_capability_bounding_set)) {
1959 r = capability_bounding_set_drop_usermode(arg_capability_bounding_set);
1960 if (r < 0) {
1961 *ret_error_message = "Failed to drop capability bounding set of usermode helpers";
1962 return log_emergency_errno(r, "Failed to drop capability bounding set of usermode helpers: %m");
1963 }
1964
1965 r = capability_bounding_set_drop(arg_capability_bounding_set, true);
1966 if (r < 0) {
1967 *ret_error_message = "Failed to drop capability bounding set";
1968 return log_emergency_errno(r, "Failed to drop capability bounding set: %m");
1969 }
1970 }
1971
1972 if (arg_syscall_archs) {
1973 r = enforce_syscall_archs(arg_syscall_archs);
1974 if (r < 0) {
1975 *ret_error_message = "Failed to set syscall architectures";
1976 return r;
1977 }
1978 }
1979
1980 if (!arg_system)
1981 /* Become reaper of our children */
1982 if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0)
1983 log_warning_errno(errno, "Failed to make us a subreaper: %m");
1984
1985 if (arg_system) {
1986 /* Bump up RLIMIT_NOFILE for systemd itself */
1987 (void) bump_rlimit_nofile(saved_rlimit_nofile);
1988 (void) bump_rlimit_memlock(saved_rlimit_memlock);
1989 }
1990
1991 return 0;
1992}
1993
6acca5fc
LP		 1994static int do_queue_default_job(
1995 Manager *m,
1996 const char **ret_error_message) {
1997
1998 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
1999 Job *default_unit_job;
2000 Unit *target = NULL;
2001 int r;
2002
2003 log_debug("Activating default unit: %s", arg_default_unit);
2004
2005 r = manager_load_unit(m, arg_default_unit, NULL, &error, &target);
2006 if (r < 0)
2007 log_error("Failed to load default target: %s", bus_error_message(&error, r));
2008 else if (IN_SET(target->load_state, UNIT_ERROR, UNIT_NOT_FOUND))
2009 log_error_errno(target->load_error, "Failed to load default target: %m");
2010 else if (target->load_state == UNIT_MASKED)
2011 log_error("Default target masked.");
2012
2013 if (!target || target->load_state != UNIT_LOADED) {
2014 log_info("Trying to load rescue target...");
2015
2016 r = manager_load_unit(m, SPECIAL_RESCUE_TARGET, NULL, &error, &target);
2017 if (r < 0) {
2018 *ret_error_message = "Failed to load rescue target";
2019 return log_emergency_errno(r, "Failed to load rescue target: %s", bus_error_message(&error, r));
2020 } else if (IN_SET(target->load_state, UNIT_ERROR, UNIT_NOT_FOUND)) {
2021 *ret_error_message = "Failed to load rescue target";
2022 return log_emergency_errno(target->load_error, "Failed to load rescue target: %m");
2023 } else if (target->load_state == UNIT_MASKED) {
2024 *ret_error_message = "Rescue target masked";
2025 log_emergency("Rescue target masked.");
2026 return -ERFKILL;
2027 }
2028 }
2029
2030 assert(target->load_state == UNIT_LOADED);
2031
2032 r = manager_add_job(m, JOB_START, target, JOB_ISOLATE, &error, &default_unit_job);
2033 if (r == -EPERM) {
2034 log_debug_errno(r, "Default target could not be isolated, starting instead: %s", bus_error_message(&error, r));
2035
2036 sd_bus_error_free(&error);
2037
2038 r = manager_add_job(m, JOB_START, target, JOB_REPLACE, &error, &default_unit_job);
2039 if (r < 0) {
2040 *ret_error_message = "Failed to start default target";
2041 return log_emergency_errno(r, "Failed to start default target: %s", bus_error_message(&error, r));
2042 }
2043
2044 } else if (r < 0) {
2045 *ret_error_message = "Failed to isolate default target";
2046 return log_emergency_errno(r, "Failed to isolate default target: %s", bus_error_message(&error, r));
2047 }
2048
2049 m->default_unit_job_id = default_unit_job->id;
2050
2051 return 0;
2052}
2053
970777b5
LP		 2054static void free_arguments(void) {
2055 size_t j;
2056
2057 /* Frees all arg_* variables, with the exception of arg_serialization */
2058
2059 for (j = 0; j < ELEMENTSOF(arg_default_rlimit); j++)
2060 arg_default_rlimit[j] = mfree(arg_default_rlimit[j]);
2061
2062 arg_default_unit = mfree(arg_default_unit);
2063 arg_confirm_spawn = mfree(arg_confirm_spawn);
2064 arg_join_controllers = strv_free_free(arg_join_controllers);
2065 arg_default_environment = strv_free(arg_default_environment);
2066 arg_syscall_archs = set_free(arg_syscall_archs);
2067}
2068
97d1fb94
LP		 2069static int load_configuration(int argc, char **argv, const char **ret_error_message) {
2070 int r;
2071
2072 assert(ret_error_message);
2073
6f101b56
LP		 2074 r = initialize_join_controllers();
2075 if (r < 0) {
2076 *ret_error_message = "Failed to initialize cgroup controller joining table";
2077 return r;
2078 }
2079
97d1fb94
LP		 2080 arg_default_tasks_max = system_tasks_max_scale(DEFAULT_TASKS_MAX_PERCENTAGE, 100U);
2081
2082 r = parse_config_file();
2083 if (r < 0) {
2084 *ret_error_message = "Failed to parse config file";
2085 return r;
2086 }
2087
2088 if (arg_system) {
2089 r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, 0);
2090 if (r < 0)
2091 log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
2092 }
2093
2094 /* Note that this also parses bits from the kernel command line, including "debug". */
2095 log_parse_environment();
2096
2097 r = parse_argv(argc, argv);
2098 if (r < 0) {
2099 *ret_error_message = "Failed to parse commandline arguments";
2100 return r;
2101 }
2102
2103 /* Initialize default unit */
2104 if (!arg_default_unit) {
2105 arg_default_unit = strdup(SPECIAL_DEFAULT_TARGET);
2106 if (!arg_default_unit) {
2107 *ret_error_message = "Failed to set default unit";
2108 return log_oom();
2109 }
2110 }
2111
db33214b
LP		 2112 /* Initialize the show status setting if it hasn't been set explicitly yet */
2113 if (arg_show_status == _SHOW_STATUS_UNSET)
2114 arg_show_status = SHOW_STATUS_YES;
2115
97d1fb94
LP		 2116 return 0;
2117}
2118
b0d7c989
LP		 2119static int safety_checks(void) {
2120
febf46a4
LP		 2121 if (getpid_cached() == 1 &&
2122 arg_action != ACTION_RUN) {
2123 log_error("Unsupported execution mode while PID 1.");
2124 return -EPERM;
2125 }
2126
2127 if (getpid_cached() == 1 &&
2128 !arg_system) {
2129 log_error("Can't run --user mode as PID 1.");
2130 return -EPERM;
2131 }
2132
2133 if (arg_action == ACTION_RUN &&
2134 arg_system &&
2135 getpid_cached() != 1) {
2136 log_error("Can't run system mode unless PID 1.");
2137 return -EPERM;
2138 }
2139
b0d7c989
LP		 2140 if (arg_action == ACTION_TEST &&
2141 geteuid() == 0) {
2142 log_error("Don't run test mode as root.");
2143 return -EPERM;
2144 }
2145
2146 if (!arg_system &&
2147 arg_action == ACTION_RUN &&
2148 sd_booted() <= 0) {
2149 log_error("Trying to run as user instance, but the system has not been booted with systemd.");
2150 return -EOPNOTSUPP;
2151 }
2152
2153 if (!arg_system &&
2154 arg_action == ACTION_RUN &&
2155 !getenv("XDG_RUNTIME_DIR")) {
2156 log_error("Trying to run as user instance, but $XDG_RUNTIME_DIR is not set.");
2157 return -EUNATCH;
2158 }
2159
2160 if (arg_system &&
2161 arg_action == ACTION_RUN &&
2162 running_in_chroot() > 0) {
2163 log_error("Cannot be run in a chroot() environment.");
2164 return -EOPNOTSUPP;
2165 }
2166
2167 return 0;
2168}
2169
74da609f
LP		 2170static int initialize_security(
2171 bool *loaded_policy,
2172 dual_timestamp *security_start_timestamp,
2173 dual_timestamp *security_finish_timestamp,
2174 const char **ret_error_message) {
2175
2176 int r;
2177
2178 assert(loaded_policy);
2179 assert(security_start_timestamp);
2180 assert(security_finish_timestamp);
2181 assert(ret_error_message);
2182
2183 dual_timestamp_get(security_start_timestamp);
2184
97149f40 2185 r = mac_selinux_setup(loaded_policy);
74da609f
LP		 2186 if (r < 0) {
2187 *ret_error_message = "Failed to load SELinux policy";
2188 return r;
2189 }
2190
2191 r = mac_smack_setup(loaded_policy);
2192 if (r < 0) {
2193 *ret_error_message = "Failed to load SMACK policy";
2194 return r;
2195 }
2196
2197 r = ima_setup();
2198 if (r < 0) {
2199 *ret_error_message = "Failed to load IMA policy";
2200 return r;
2201 }
2202
2203 dual_timestamp_get(security_finish_timestamp);
2204 return 0;
2205}
2206
263162da
LP		 2207static void test_summary(Manager *m) {
2208 assert(m);
2209
2210 printf("-> By units:\n");
2211 manager_dump_units(m, stdout, "\t");
2212
2213 printf("-> By jobs:\n");
2214 manager_dump_jobs(m, stdout, "\t");
2215}
2216
51e5ff02
LP		 2217static void log_taint_string(Manager *m) {
2218 _cleanup_free_ char *taint = NULL;
2219
2220 assert(m);
2221
2222 if (!arg_system)
2223 return;
2224
2225 taint = manager_taint_string(m);
2226 if (isempty(taint))
2227 return;
2228
2229 log_struct(LOG_NOTICE,
2230 LOG_MESSAGE("System is tainted: %s", taint),
2231 "TAINT=%s", taint,
2232 "MESSAGE_ID=" SD_MESSAGE_TAINTED_STR,
2233 NULL);
2234}
2235
efeb853f
LP		 2236static int collect_fds(FDSet **ret_fds, const char **ret_error_message) {
2237 int r;
2238
2239 assert(ret_fds);
2240 assert(ret_error_message);
2241
2242 r = fdset_new_fill(ret_fds);
2243 if (r < 0) {
2244 *ret_error_message = "Failed to allocate fd set";
2245 return log_emergency_errno(r, "Failed to allocate fd set: %m");
2246 }
2247
2248 fdset_cloexec(*ret_fds, true);
2249
2250 if (arg_serialization)
2251 assert_se(fdset_remove(*ret_fds, fileno(arg_serialization)) >= 0);
2252
2253 return 0;
2254}
2255
2e51b31c
LP		 2256static void setup_console_terminal(bool skip_setup) {
2257
2258 if (!arg_system)
2259 return;
2260
2261 /* Become a session leader if we aren't one yet. */
2262 (void) setsid();
2263
2264 /* If we are init, we connect stdin/stdout/stderr to /dev/null and make sure we don't have a controlling
2265 * tty. */
2266 (void) release_terminal();
2267
2268 /* Reset the console, but only if this is really init and we are freshly booted */
2269 if (getpid_cached() == 1 && !skip_setup)
2270 (void) console_setup();
2271}
2272
aa40ff07
LP		 2273static bool early_skip_setup_check(int argc, char *argv[]) {
2274 bool found_deserialize = false;
2275 int i;
2276
2277 /* Determine if this is a reexecution or normal bootup. We do the full command line parsing much later, so
2278 * let's just have a quick peek here. Note that if we have switched root, do all the special setup things
2279 * anyway, even if in that case we also do deserialization. */
2280
2281 for (i = 1; i < argc; i++) {
2282
2283 if (streq(argv[i], "--switched-root"))
2284 return false; /* If we switched root, don't skip the setup. */
2285 else if (streq(argv[i], "--deserialize"))
2286 found_deserialize = true;
2287 }
2288
2289 return found_deserialize; /* When we are deserializing, then we are reexecuting, hence avoid the extensive setup */
2290}
2291
60918275 2292int main(int argc, char *argv[]) {
625e8690
LP		 2293
2294 dual_timestamp initrd_timestamp = DUAL_TIMESTAMP_NULL, userspace_timestamp = DUAL_TIMESTAMP_NULL, kernel_timestamp = DUAL_TIMESTAMP_NULL,
2295 security_start_timestamp = DUAL_TIMESTAMP_NULL, security_finish_timestamp = DUAL_TIMESTAMP_NULL;
2296 struct rlimit saved_rlimit_nofile = RLIMIT_MAKE_CONST(0), saved_rlimit_memlock = RLIMIT_MAKE_CONST((rlim_t) -1);
2297 bool skip_setup, loaded_policy = false, queue_default_job = false, first_boot = false, reexecute = false;
2298 char *switch_root_dir = NULL, *switch_root_init = NULL;
9d76d730 2299 usec_t before_startup, after_startup;
625e8690 2300 static char systemd[] = "systemd";
9d76d730 2301 char timespan[FORMAT_TIMESPAN_MAX];
625e8690
LP		 2302 const char *shutdown_verb = NULL, *error_message = NULL;
2303 int r, retval = EXIT_FAILURE;
2304 Manager *m = NULL;
a16e1123 2305 FDSet *fds = NULL;
27b14a22 2306
d72a8f10 2307 /* SysV compatibility: redirect init → telinit */
6808a0bc 2308 redirect_telinit(argc, argv);
2cb1a60d 2309
d72a8f10 2310 /* Take timestamps early on */
c3a170f3
HH		 2311 dual_timestamp_from_monotonic(&kernel_timestamp, 0);
2312 dual_timestamp_get(&userspace_timestamp);
2313
d72a8f10
LP		 2314 /* Figure out whether we need to do initialize the system, or if we already did that because we are
2315 * reexecuting */
aa40ff07 2316 skip_setup = early_skip_setup_check(argc, argv);
d03bc1b8 2317
d72a8f10
LP		 2318 /* If we get started via the /sbin/init symlink then we are called 'init'. After a subsequent reexecution we
2319 * are then called 'systemd'. That is confusing, hence let's call us systemd right-away. */
f3b6a3ed 2320 program_invocation_short_name = systemd;
eee8b7ab 2321 (void) prctl(PR_SET_NAME, systemd);
5d6b1584 2322
d72a8f10 2323 /* Save the original command line */
9a0e6896
LP		 2324 saved_argv = argv;
2325 saved_argc = argc;
f3b6a3ed 2326
c1dc6153 2327 log_set_upgrade_syslog_to_journal(true);
bbe63281 2328
df0ff127 2329 if (getpid_cached() == 1) {
48a601fe 2330 /* Disable the umask logic */
90dc8c2e
MG		 2331 umask(0);
2332
48a601fe
LP		 2333 /* Always reopen /dev/console when running as PID 1 or one of its pre-execve() children. This is
2334 * important so that we never end up logging to any foreign stderr, for example if we have to log in a
2335 * child process right before execve()'ing the actual binary, at a point in time where socket
2336 * activation stderr/stdout area already set up. */
2337 log_set_always_reopen_console(true);
2338 }
2339
df0ff127 2340 if (getpid_cached() == 1 && detect_container() <= 0) {
4f8d551f 2341
a866073d 2342 /* Running outside of a container as PID 1 */
463d0d15 2343 arg_system = true;
a866073d
LP		 2344 log_set_target(LOG_TARGET_KMSG);
2345 log_open();
2346
21bf2ab0 2347 if (in_initrd())
c3a170f3 2348 initrd_timestamp = userspace_timestamp;
c3ba6250 2349
2660882b 2350 if (!skip_setup) {
d723cd65
AK		 2351 r = mount_setup_early();
2352 if (r < 0) {
eee8b7ab 2353 error_message = "Failed to mount early API filesystems";
d723cd65
AK		 2354 goto finish;
2355 }
eee8b7ab 2356
74da609f
LP		 2357 r = initialize_security(
2358 &loaded_policy,
2359 &security_start_timestamp,
2360 &security_finish_timestamp,
2361 &error_message);
2362 if (r < 0)
96694e99 2363 goto finish;
81611586 2364 }
0b3325e7 2365
c3dacc8b 2366 if (mac_selinux_init() < 0) {
cb6531be 2367 error_message = "Failed to initialize SELinux policy";
0ff4cdd9 2368 goto finish;
cb6531be 2369 }
7948c4df 2370
e839bafd
LP		 2371 if (!skip_setup)
2372 initialize_clock();
a866073d
LP		 2373
2374 /* Set the default for later on, but don't actually
2375 * open the logs like this for now. Note that if we
2376 * are transitioning from the initrd there might still
2377 * be journal fd open, and we shouldn't attempt
2378 * opening that before we parsed /proc/cmdline which
2379 * might redirect output elsewhere. */
2380 log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
2381
df0ff127 2382 } else if (getpid_cached() == 1) {
a866073d 2383 /* Running inside a container, as PID 1 */
463d0d15 2384 arg_system = true;
a866073d 2385 log_set_target(LOG_TARGET_CONSOLE);
99f09825 2386 log_close_console(); /* force reopen of /dev/console */
a866073d
LP		 2387 log_open();
2388
eee8b7ab 2389 /* For later on, see above... */
a866073d
LP		 2390 log_set_target(LOG_TARGET_JOURNAL);
2391
c3a170f3
HH		 2392 /* clear the kernel timestamp,
2393 * because we are in a container */
0f5f63c3 2394 kernel_timestamp = DUAL_TIMESTAMP_NULL;
c3a170f3 2395 } else {
a866073d 2396 /* Running as user instance */
463d0d15 2397 arg_system = false;
eeecf6e6 2398 log_set_target(LOG_TARGET_AUTO);
871e5809 2399 log_open();
c3a170f3
HH		 2400
2401 /* clear the kernel timestamp,
2402 * because we are not PID 1 */
6513d561 2403 kernel_timestamp = DUAL_TIMESTAMP_NULL;
bbe63281 2404 }
a5dab5ce 2405
1e41242e 2406 initialize_coredump(skip_setup);
15a90032 2407
43db615b
LP		 2408 r = fixup_environment();
2409 if (r < 0) {
2410 log_emergency_errno(r, "Failed to fix up PID 1 environment: %m");
2411 error_message = "Failed to fix up PID1 environment";
2412 goto finish;
2413 }
2414
6edefe0b 2415 if (arg_system) {
32391275 2416
3a18b604
FB		 2417 /* Try to figure out if we can use colors with the console. No
2418 * need to do that for user instances since they never log
2419 * into the console. */
2420 log_show_color(colors_enabled());
c76cf844
AK		 2421 r = make_null_stdio();
2422 if (r < 0)
2423 log_warning_errno(r, "Failed to redirect standard streams to /dev/null: %m");
3a18b604
FB		 2424 }
2425
f170852a
LP		 2426 /* Mount /proc, /sys and friends, so that /proc/cmdline and
2427 * /proc/$PID/fd is available. */
df0ff127 2428 if (getpid_cached() == 1) {
f84f9974 2429
a132bef0 2430 /* Load the kernel modules early. */
2e75e2a8
DM		 2431 if (!skip_setup)
2432 kmod_setup();
2e75e2a8 2433
0c85a4f3 2434 r = mount_setup(loaded_policy);
cb6531be
ZJS		 2435 if (r < 0) {
2436 error_message = "Failed to mount API filesystems";
8efe3c01 2437 goto finish;
cb6531be 2438 }
0c85a4f3 2439 }
4ade7963
LP		 2440
2441 /* Reset all signal handlers. */
ce30c8dc
LP		 2442 (void) reset_all_signal_handlers();
2443 (void) ignore_signals(SIGNALS_IGNORE, -1);
078e4539 2444
97d1fb94
LP		 2445 r = load_configuration(argc, argv, &error_message);
2446 if (r < 0)
f170852a 2447 goto finish;
10c961b9 2448
b0d7c989
LP		 2449 r = safety_checks();
2450 if (r < 0)
fe783b03 2451 goto finish;
fe783b03 2452
5625c18a 2453 if (IN_SET(arg_action, ACTION_TEST, ACTION_HELP, ACTION_DUMP_CONFIGURATION_ITEMS))
ea4b98e6 2454 pager_open(arg_no_pager, false);
b0d7c989
LP		 2455
2456 if (arg_action != ACTION_RUN)
74e7579c 2457 skip_setup = true;
b87c2aa6 2458
fa0f4d8a 2459 if (arg_action == ACTION_HELP) {
f170852a
LP		 2460 retval = help();
2461 goto finish;
9ba0bc4e
ZJS		 2462 } else if (arg_action == ACTION_VERSION) {
2463 retval = version();
2464 goto finish;
fa0f4d8a 2465 } else if (arg_action == ACTION_DUMP_CONFIGURATION_ITEMS) {
e537352b 2466 unit_dump_config_items(stdout);
22f4096c 2467 retval = EXIT_SUCCESS;
e537352b 2468 goto finish;
f170852a
LP		 2469 }
2470
4c701096 2471 assert_se(IN_SET(arg_action, ACTION_RUN, ACTION_TEST));
f170852a 2472
5a2e0c62
LP		 2473 /* Move out of the way, so that we won't block unmounts */
2474 assert_se(chdir("/") == 0);
2475
dea374e8 2476 if (arg_action == ACTION_RUN) {
a70c72a0 2477
efeb853f 2478 /* Close logging fds, in order not to confuse collecting passed fds and terminal logic below */
a70c72a0
LP		 2479 log_close();
2480
2481 /* Remember open file descriptors for later deserialization */
efeb853f
LP		 2482 r = collect_fds(&fds, &error_message);
2483 if (r < 0)
dea374e8 2484 goto finish;
a16e1123 2485
2e51b31c
LP		 2486 /* Give up any control of the console, but make sure its initialized. */
2487 setup_console_terminal(skip_setup);
56d96fc0 2488
a70c72a0
LP		 2489 /* Open the logging devices, if possible and necessary */
2490 log_open();
56d96fc0 2491 }
4ade7963 2492
31aef7ff 2493 log_execution_mode(&first_boot);
a5dab5ce 2494
2d776038
LP		 2495 r = initialize_runtime(skip_setup,
2496 &saved_rlimit_nofile,
2497 &saved_rlimit_memlock,
2498 &error_message);
2499 if (r < 0)
2500 goto finish;
4096d6f5 2501
e0a3da1f
ZJS		 2502 r = manager_new(arg_system ? UNIT_FILE_SYSTEM : UNIT_FILE_USER,
2503 arg_action == ACTION_TEST ? MANAGER_TEST_FULL : 0,
2504 &m);
e96d6be7 2505 if (r < 0) {
da927ba9 2506 log_emergency_errno(r, "Failed to allocate manager object: %m");
cb6531be 2507 error_message = "Failed to allocate manager object";
60918275
LP		 2508 goto finish;
2509 }
2510
9f9f0342
LP		 2511 m->timestamps[MANAGER_TIMESTAMP_KERNEL] = kernel_timestamp;
2512 m->timestamps[MANAGER_TIMESTAMP_INITRD] = initrd_timestamp;
2513 m->timestamps[MANAGER_TIMESTAMP_USERSPACE] = userspace_timestamp;
2514 m->timestamps[MANAGER_TIMESTAMP_SECURITY_START] = security_start_timestamp;
2515 m->timestamps[MANAGER_TIMESTAMP_SECURITY_FINISH] = security_finish_timestamp;
9e58ff9c 2516
85cb4151 2517 set_manager_defaults(m);
7b46fc6a 2518 set_manager_settings(m);
fd130612 2519 manager_set_first_boot(m, first_boot);
27d340c7 2520
bf4df7c3 2521 /* Remember whether we should queue the default job */
d3b1c508 2522 queue_default_job = !arg_serialization || arg_switched_root;
bf4df7c3 2523
9d76d730
LP		 2524 before_startup = now(CLOCK_MONOTONIC);
2525
d3b1c508 2526 r = manager_startup(m, arg_serialization, fds);
58f88d92 2527 if (r < 0) {
da927ba9 2528 log_error_errno(r, "Failed to fully start up daemon: %m");
cefb3eda 2529 error_message = "Failed to start up manager";
58f88d92
ZJS		 2530 goto finish;
2531 }
a16e1123 2532
6acca5fc 2533 /* This will close all file descriptors that were opened, but not claimed by any unit. */
2feceb5e 2534 fds = fdset_free(fds);
74ca738f 2535 arg_serialization = safe_fclose(arg_serialization);
bf4df7c3
LP		 2536
2537 if (queue_default_job) {
6acca5fc 2538 r = do_queue_default_job(m, &error_message);
718db961 2539 if (r < 0)
37d88da7 2540 goto finish;
6acca5fc 2541 }
ab17a050 2542
6acca5fc 2543 after_startup = now(CLOCK_MONOTONIC);
60918275 2544
6acca5fc
LP		 2545 log_full(arg_action == ACTION_TEST ? LOG_INFO : LOG_DEBUG,
2546 "Loaded units and determined initial transaction in %s.",
2547 format_timespan(timespan, sizeof(timespan), after_startup - before_startup, 100 * USEC_PER_MSEC));
07672f49 2548
51e5ff02 2549 log_taint_string(m);
af6b0ecc 2550
6acca5fc 2551 if (arg_action == ACTION_TEST) {
263162da 2552 test_summary(m);
6acca5fc
LP		 2553 retval = EXIT_SUCCESS;
2554 goto finish;
e965d56d 2555 }
d46de8a1 2556
7eb35049
LP		 2557 r = invoke_main_loop(m,
2558 &reexecute,
2559 &retval,
2560 &shutdown_verb,
2561 &fds,
2562 &switch_root_dir,
2563 &switch_root_init,
2564 &error_message);
f170852a 2565
60918275 2566finish:
b87c2aa6
ZJS		 2567 pager_close();
2568
97792515 2569 if (m)
81f5fc2d 2570 arg_shutdown_watchdog = m->shutdown_watchdog;
fe382237 2571
06d8d842 2572 m = manager_free(m);
60918275 2573
970777b5 2574 free_arguments();
cc56fafe 2575 mac_selinux_finish();
b2bb3dbe 2576
3c7878f9
LP		 2577 if (reexecute)
2578 do_reexecute(argc, argv,
2579 &saved_rlimit_nofile,
2580 &saved_rlimit_memlock,
2581 fds,
2582 switch_root_dir,
2583 switch_root_init,
2584 &error_message); /* This only returns if reexecution failed */
a16e1123 2585
74ca738f 2586 arg_serialization = safe_fclose(arg_serialization);
2feceb5e 2587 fds = fdset_free(fds);
a16e1123 2588
349cc4a5 2589#if HAVE_VALGRIND_VALGRIND_H
54b434b1
LP		 2590 /* If we are PID 1 and running under valgrind, then let's exit
2591 * here explicitly. valgrind will only generate nice output on
2592 * exit(), not on exec(), hence let's do the former not the
2593 * latter here. */
8a2c1fbf
EJ		 2594 if (getpid_cached() == 1 && RUNNING_ON_VALGRIND) {
2595 /* Cleanup watchdog_device strings for valgrind. We need them
2596 * in become_shutdown() so normally we cannot free them yet. */
2597 watchdog_free_device();
2598 arg_watchdog_device = mfree(arg_watchdog_device);
54b434b1 2599 return 0;
8a2c1fbf 2600 }
54b434b1
LP		 2601#endif
2602
b9080b03 2603 if (shutdown_verb) {
7eb35049 2604 r = become_shutdown(shutdown_verb, retval);
ad929bcc 2605
4a36297c 2606 log_error_errno(r, "Failed to execute shutdown binary, %s: %m", getpid_cached() == 1 ? "freezing" : "quitting");
9b9881d7 2607 error_message = "Failed to execute shutdown binary";
b9080b03
FF		 2608 }
2609
8a2c1fbf
EJ		 2610 watchdog_free_device();
2611 arg_watchdog_device = mfree(arg_watchdog_device);
2612
df0ff127 2613 if (getpid_cached() == 1) {
cb6531be
ZJS		 2614 if (error_message)
2615 manager_status_printf(NULL, STATUS_TYPE_EMERGENCY,
1fc464f6 2616 ANSI_HIGHLIGHT_RED "!!!!!!" ANSI_NORMAL,
cb6531be 2617 "%s, freezing.", error_message);
b9e74c39 2618 freeze_or_reboot();
cb6531be 2619 }
c3b3c274 2620
60918275
LP		 2621 return retval;
2622}
Unnamed repository; edit this file 'description' to name the repository.