]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/main.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
initialize arg_clock_usec
[thirdparty/systemd.git] / src / core / main.c
CommitLineData
53e1b683 1/* SPDX-License-Identifier: LGPL-2.1+ */
a7334b09 2
60918275 3#include <errno.h>
3dfc9763 4#include <fcntl.h>
f170852a 5#include <getopt.h>
664f88a7 6#include <sys/mount.h>
3dfc9763 7#include <sys/prctl.h>
b9e74c39 8#include <sys/reboot.h>
3dfc9763 9#include <unistd.h>
349cc4a5 10#if HAVE_SECCOMP
b64a3d86
LP		 11#include <seccomp.h>
12#endif
349cc4a5 13#if HAVE_VALGRIND_VALGRIND_H
3dfc9763
LP		 14#include <valgrind/valgrind.h>
15#endif
54b434b1 16
718db961 17#include "sd-bus.h"
cf0fbc49 18#include "sd-daemon.h"
b2e7486c 19#include "sd-messages.h"
3dfc9763 20
b5efdb8a 21#include "alloc-util.h"
2ffadd3c 22#include "apparmor-setup.h"
d9d93745 23#include "architecture.h"
3dfc9763
LP		 24#include "build.h"
25#include "bus-error.h"
26#include "bus-util.h"
430f0182 27#include "capability-util.h"
a88c5b8a 28#include "cgroup-util.h"
24efb112 29#include "clock-util.h"
3dfc9763 30#include "conf-parser.h"
618234a5 31#include "cpu-set-util.h"
3dfc9763 32#include "dbus-manager.h"
c18ecf03 33#include "dbus.h"
3dfc9763 34#include "def.h"
c18ecf03 35#include "efi-random.h"
209b2592 36#include "efivars.h"
eee8b7ab 37#include "emergency-action.h"
3dfc9763 38#include "env-util.h"
57b7a260 39#include "exit-status.h"
3ffd4af2 40#include "fd-util.h"
3dfc9763 41#include "fdset.h"
718db961 42#include "fileio.h"
f97b34a6 43#include "format-util.h"
f4f15635 44#include "fs-util.h"
d247f232 45#include "hexdecoct.h"
3dfc9763
LP		 46#include "hostname-setup.h"
47#include "ima-setup.h"
48#include "killall.h"
49#include "kmod-setup.h"
eefc66aa 50#include "limits-util.h"
d7b8eec7 51#include "load-fragment.h"
3dfc9763 52#include "log.h"
b6e66135 53#include "loopback-setup.h"
b6e66135 54#include "machine-id-setup.h"
3dfc9763 55#include "manager.h"
3dfc9763 56#include "mount-setup.h"
d58ad743 57#include "os-util.h"
3dfc9763 58#include "pager.h"
6bedfcbb 59#include "parse-util.h"
7d5ceb64 60#include "path-util.h"
294bf0c3 61#include "pretty-print.h"
4e731273 62#include "proc-cmdline.h"
3dfc9763 63#include "process-util.h"
d247f232 64#include "random-util.h"
8869a0b4 65#include "raw-clone.h"
78f22b97 66#include "rlimit-util.h"
349cc4a5 67#if HAVE_SECCOMP
83f12b27
FS		 68#include "seccomp-util.h"
69#endif
b6e66135 70#include "selinux-setup.h"
3dfc9763
LP		 71#include "selinux-util.h"
72#include "signal-util.h"
ffbd2c4d 73#include "smack-setup.h"
3dfc9763 74#include "special.h"
8fcde012 75#include "stat-util.h"
15a5e950 76#include "stdio-util.h"
3dfc9763
LP		 77#include "strv.h"
78#include "switch-root.h"
a8b627aa 79#include "sysctl-util.h"
3dfc9763 80#include "terminal-util.h"
8612da97 81#include "umask-util.h"
b1d4f8e1 82#include "user-util.h"
9ce17593 83#include "util.h"
3dfc9763
LP		 84#include "virt.h"
85#include "watchdog.h"
b6e66135 86
7e11a95e
EV		 87#if HAS_FEATURE_ADDRESS_SANITIZER
88#include <sanitizer/lsan_interface.h>
89#endif
90
3a0f06c4
ZJS		 91#define DEFAULT_TASKS_MAX ((TasksMax) { 15U, 100U }) /* 15% */
92
f170852a
LP		 93static enum {
94 ACTION_RUN,
e965d56d 95 ACTION_HELP,
9ba0bc4e 96 ACTION_VERSION,
e537352b 97 ACTION_TEST,
bbc1acab
YW		 98 ACTION_DUMP_CONFIGURATION_ITEMS,
99 ACTION_DUMP_BUS_PROPERTIES,
5c08257b 100 ACTION_BUS_INTROSPECT,
fa0f4d8a 101} arg_action = ACTION_RUN;
fb39af4c 102
5c08257b
ZJS		 103static const char *arg_bus_introspect = NULL;
104
45250e66
LP		 105/* Those variables are initialized to 0 automatically, so we avoid uninitialized memory access. Real
106 * defaults are assigned in reset_arguments() below. */
fb39af4c
ZJS		 107static char *arg_default_unit;
108static bool arg_system;
109static bool arg_dump_core;
110static int arg_crash_chvt;
111static bool arg_crash_shell;
112static bool arg_crash_reboot;
113static char *arg_confirm_spawn;
114static ShowStatus arg_show_status;
36cf4507 115static StatusUnitFormat arg_status_unit_format;
fb39af4c
ZJS		 116static bool arg_switched_root;
117static PagerFlags arg_pager_flags;
118static bool arg_service_watchdogs;
119static ExecOutput arg_default_std_output;
120static ExecOutput arg_default_std_error;
121static usec_t arg_default_restart_usec;
122static usec_t arg_default_timeout_start_usec;
123static usec_t arg_default_timeout_stop_usec;
124static usec_t arg_default_timeout_abort_usec;
125static bool arg_default_timeout_abort_set;
126static usec_t arg_default_start_limit_interval;
127static unsigned arg_default_start_limit_burst;
128static usec_t arg_runtime_watchdog;
65224c1d 129static usec_t arg_reboot_watchdog;
acafd7d8 130static usec_t arg_kexec_watchdog;
fb39af4c
ZJS		 131static char *arg_early_core_pattern;
132static char *arg_watchdog_device;
133static char **arg_default_environment;
134static struct rlimit *arg_default_rlimit[_RLIMIT_MAX];
135static uint64_t arg_capability_bounding_set;
136static bool arg_no_new_privs;
137static nsec_t arg_timer_slack_nsec;
138static usec_t arg_default_timer_accuracy_usec;
139static Set* arg_syscall_archs;
140static FILE* arg_serialization;
141static int arg_default_cpu_accounting;
142static bool arg_default_io_accounting;
143static bool arg_default_ip_accounting;
144static bool arg_default_blockio_accounting;
145static bool arg_default_memory_accounting;
146static bool arg_default_tasks_accounting;
3a0f06c4 147static TasksMax arg_default_tasks_max;
fb39af4c
ZJS		 148static sd_id128_t arg_machine_id;
149static EmergencyAction arg_cad_burst_action;
150static OOMPolicy arg_default_oom_policy;
151static CPUSet arg_cpu_affinity;
b070c7c0 152static NUMAPolicy arg_numa_policy;
3753325b 153static usec_t arg_clock_usec;
d247f232
LP		 154static void *arg_random_seed;
155static size_t arg_random_seed_size;
61fbbac1 156
0e06a031
LP		 157/* A copy of the original environment block */
158static char **saved_env = NULL;
159
a9fd4cd1
FB		 160static int parse_configuration(const struct rlimit *saved_rlimit_nofile,
161 const struct rlimit *saved_rlimit_memlock);
4fc935ca 162
bb259772
LP		 163_noreturn_ static void freeze_or_exit_or_reboot(void) {
164
c3b6a348
LP		 165 /* If we are running in a container, let's prefer exiting, after all we can propagate an exit code to
166 * the container manager, and thus inform it that something went wrong. */
bb259772
LP		 167 if (detect_container() > 0) {
168 log_emergency("Exiting PID 1...");
c3b6a348 169 _exit(EXIT_EXCEPTION);
bb259772 170 }
b9e74c39
LP		 171
172 if (arg_crash_reboot) {
173 log_notice("Rebooting in 10s...");
174 (void) sleep(10);
175
176 log_notice("Rebooting now...");
177 (void) reboot(RB_AUTOBOOT);
178 log_emergency_errno(errno, "Failed to reboot: %m");
179 }
180
181 log_emergency("Freezing execution.");
182 freeze();
183}
184
848e863a 185_noreturn_ static void crash(int sig) {
7d06dad9
MS		 186 struct sigaction sa;
187 pid_t pid;
97c4f35c 188
df0ff127 189 if (getpid_cached() != 1)
abb26902 190 /* Pass this on immediately, if this is not PID 1 */
92ca4cac 191 (void) raise(sig);
abb26902 192 else if (!arg_dump_core)
4104970e 193 log_emergency("Caught <%s>, not dumping core.", signal_to_string(sig));
97c4f35c 194 else {
7d06dad9 195 sa = (struct sigaction) {
189d5bac 196 .sa_handler = nop_signal_handler,
b92bea5d
ZJS		 197 .sa_flags = SA_NOCLDSTOP|SA_RESTART,
198 };
97c4f35c 199
6f5e3f35 200 /* We want to wait for the core process, hence let's enable SIGCHLD */
92ca4cac 201 (void) sigaction(SIGCHLD, &sa, NULL);
6f5e3f35 202
8869a0b4 203 pid = raw_clone(SIGCHLD);
e62d8c39 204 if (pid < 0)
56f64d95 205 log_emergency_errno(errno, "Caught <%s>, cannot fork for core dump: %m", signal_to_string(sig));
97c4f35c 206 else if (pid == 0) {
97c4f35c 207 /* Enable default signal handler for core dump */
15a90032 208
92ca4cac
LP		 209 sa = (struct sigaction) {
210 .sa_handler = SIG_DFL,
211 };
212 (void) sigaction(sig, &sa, NULL);
97c4f35c 213
15a90032
LP		 214 /* Don't limit the coredump size */
215 (void) setrlimit(RLIMIT_CORE, &RLIMIT_MAKE_CONST(RLIM_INFINITY));
97c4f35c
LP		 216
217 /* Just to be sure... */
e62d9b81 218 (void) chdir("/");
97c4f35c
LP		 219
220 /* Raise the signal again */
ee05e779 221 pid = raw_getpid();
92ca4cac 222 (void) kill(pid, sig); /* raise() would kill the parent */
97c4f35c
LP		 223
224 assert_not_reached("We shouldn't be here...");
bb85a582 225 _exit(EXIT_EXCEPTION);
4fc935ca 226 } else {
8e12a6ae
LP		 227 siginfo_t status;
228 int r;
4fc935ca
LP		 229
230 /* Order things nicely. */
e62d8c39
ZJS		 231 r = wait_for_terminate(pid, &status);
232 if (r < 0)
da927ba9 233 log_emergency_errno(r, "Caught <%s>, waitpid() failed: %m", signal_to_string(sig));
e1714f02
ZJS		 234 else if (status.si_code != CLD_DUMPED) {
235 const char *s = status.si_code == CLD_EXITED
e04ed6db 236 ? exit_status_to_string(status.si_status, EXIT_STATUS_LIBC)
e1714f02
ZJS		 237 : signal_to_string(status.si_status);
238
ee05e779
ZJS		 239 log_emergency("Caught <%s>, core dump failed (child "PID_FMT", code=%s, status=%i/%s).",
240 signal_to_string(sig),
e1714f02
ZJS		 241 pid,
242 sigchld_code_to_string(status.si_code),
243 status.si_status, strna(s));
244 } else
245 log_emergency("Caught <%s>, dumped core as pid "PID_FMT".",
246 signal_to_string(sig), pid);
97c4f35c
LP		 247 }
248 }
249
b9e74c39 250 if (arg_crash_chvt >= 0)
92ca4cac 251 (void) chvt(arg_crash_chvt);
601f6a1e 252
7d06dad9
MS		 253 sa = (struct sigaction) {
254 .sa_handler = SIG_IGN,
255 .sa_flags = SA_NOCLDSTOP|SA_NOCLDWAIT|SA_RESTART,
256 };
257
258 /* Let the kernel reap children for us */
259 (void) sigaction(SIGCHLD, &sa, NULL);
8c43883a 260
7d06dad9 261 if (arg_crash_shell) {
b9e74c39 262 log_notice("Executing crash shell in 10s...");
92ca4cac 263 (void) sleep(10);
4fc935ca 264
8869a0b4 265 pid = raw_clone(SIGCHLD);
cd3bd60a 266 if (pid < 0)
56f64d95 267 log_emergency_errno(errno, "Failed to fork off crash shell: %m");
6f5e3f35 268 else if (pid == 0) {
b9e74c39 269 (void) setsid();
92ca4cac 270 (void) make_console_stdio();
595225af 271 (void) rlimit_nofile_safe();
92ca4cac 272 (void) execle("/bin/sh", "/bin/sh", NULL, environ);
6f5e3f35 273
ee05e779 274 log_emergency_errno(errno, "execle() failed: %m");
bb85a582 275 _exit(EXIT_EXCEPTION);
b9e74c39
LP		 276 } else {
277 log_info("Spawned crash shell as PID "PID_FMT".", pid);
4cf0b03b 278 (void) wait_for_terminate(pid, NULL);
b9e74c39 279 }
4fc935ca
LP		 280 }
281
bb259772 282 freeze_or_exit_or_reboot();
97c4f35c
LP		 283}
284
285static void install_crash_handler(void) {
297d563d 286 static const struct sigaction sa = {
b92bea5d 287 .sa_handler = crash,
297d563d 288 .sa_flags = SA_NODEFER, /* So that we can raise the signal again from the signal handler */
b92bea5d 289 };
297d563d 290 int r;
97c4f35c 291
297d563d
LP		 292 /* We ignore the return value here, since, we don't mind if we
293 * cannot set up a crash handler */
294 r = sigaction_many(&sa, SIGNALS_CRASH_HANDLER, -1);
295 if (r < 0)
296 log_debug_errno(r, "I had trouble setting up the crash handler, ignoring: %m");
97c4f35c 297}
f170852a 298
56d96fc0
LP		 299static int console_setup(void) {
300 _cleanup_close_ int tty_fd = -1;
301 int r;
80876c20 302
512947d4 303 tty_fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
23bbb0de
MS		 304 if (tty_fd < 0)
305 return log_error_errno(tty_fd, "Failed to open /dev/console: %m");
80876c20 306
56d96fc0
LP		 307 /* We don't want to force text mode. plymouth may be showing
308 * pictures already from initrd. */
512947d4 309 r = reset_terminal_fd(tty_fd, false);
23bbb0de
MS		 310 if (r < 0)
311 return log_error_errno(r, "Failed to reset /dev/console: %m");
843d2643 312
56d96fc0 313 return 0;
80876c20
LP		 314}
315
ee48dbd5 316static int set_machine_id(const char *m) {
e042eab7 317 sd_id128_t t;
8b26cdbd 318 assert(m);
ee48dbd5 319
e042eab7 320 if (sd_id128_from_string(m, &t) < 0)
ee48dbd5
NC		 321 return -EINVAL;
322
e042eab7 323 if (sd_id128_is_null(t))
ee48dbd5
NC		 324 return -EINVAL;
325
e042eab7 326 arg_machine_id = t;
ee48dbd5
NC		 327 return 0;
328}
329
96287a49 330static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
059cb385 331 int r;
f170852a 332
059cb385 333 assert(key);
5192bd19 334
1d84ad94 335 if (STR_IN_SET(key, "systemd.unit", "rd.systemd.unit")) {
bf4df7c3 336
1d84ad94
LP		 337 if (proc_cmdline_value_missing(key, value))
338 return 0;
bf4df7c3 339
1d84ad94
LP		 340 if (!unit_name_is_valid(value, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE))
341 log_warning("Unit name specified on %s= is not valid, ignoring: %s", key, value);
cd57038a
ZJS		 342 else if (in_initrd() == !!startswith(key, "rd."))
343 return free_and_strdup_warn(&arg_default_unit, value);
f170852a 344
1d84ad94 345 } else if (proc_cmdline_key_streq(key, "systemd.dump_core")) {
4fc935ca 346
1d84ad94 347 r = value ? parse_boolean(value) : true;
fb472900 348 if (r < 0)
5e1ee764 349 log_warning_errno(r, "Failed to parse dump core switch %s, ignoring: %m", value);
4fc935ca 350 else
fa0f4d8a 351 arg_dump_core = r;
4fc935ca 352
c6885f5f
FB		 353 } else if (proc_cmdline_key_streq(key, "systemd.early_core_pattern")) {
354
355 if (proc_cmdline_value_missing(key, value))
356 return 0;
357
358 if (path_is_absolute(value))
359 (void) parse_path_argument_and_warn(value, false, &arg_early_core_pattern);
360 else
361 log_warning("Specified core pattern '%s' is not an absolute path, ignoring.", value);
362
1d84ad94 363 } else if (proc_cmdline_key_streq(key, "systemd.crash_chvt")) {
b9e74c39 364
1d84ad94
LP		 365 if (!value)
366 arg_crash_chvt = 0; /* turn on */
5e1ee764 367 else {
a07a7324 368 r = parse_crash_chvt(value, &arg_crash_chvt);
5e1ee764
YW		 369 if (r < 0)
370 log_warning_errno(r, "Failed to parse crash chvt switch %s, ignoring: %m", value);
371 }
b9e74c39 372
1d84ad94 373 } else if (proc_cmdline_key_streq(key, "systemd.crash_shell")) {
4fc935ca 374
1d84ad94 375 r = value ? parse_boolean(value) : true;
fb472900 376 if (r < 0)
5e1ee764 377 log_warning_errno(r, "Failed to parse crash shell switch %s, ignoring: %m", value);
4fc935ca 378 else
fa0f4d8a 379 arg_crash_shell = r;
5e7ee61c 380
1d84ad94 381 } else if (proc_cmdline_key_streq(key, "systemd.crash_reboot")) {
5e7ee61c 382
1d84ad94 383 r = value ? parse_boolean(value) : true;
b9e74c39 384 if (r < 0)
5e1ee764 385 log_warning_errno(r, "Failed to parse crash reboot switch %s, ignoring: %m", value);
5e7ee61c 386 else
b9e74c39 387 arg_crash_reboot = r;
5e7ee61c 388
1d84ad94
LP		 389 } else if (proc_cmdline_key_streq(key, "systemd.confirm_spawn")) {
390 char *s;
7d5ceb64 391
1d84ad94 392 r = parse_confirm_spawn(value, &s);
059cb385 393 if (r < 0)
5e1ee764
YW		 394 log_warning_errno(r, "Failed to parse confirm_spawn switch %s, ignoring: %m", value);
395 else
396 free_and_replace(arg_confirm_spawn, s);
601f6a1e 397
2a12e32e
JK		 398 } else if (proc_cmdline_key_streq(key, "systemd.service_watchdogs")) {
399
400 r = value ? parse_boolean(value) : true;
401 if (r < 0)
5e1ee764 402 log_warning_errno(r, "Failed to parse service watchdog switch %s, ignoring: %m", value);
2a12e32e
JK		 403 else
404 arg_service_watchdogs = r;
405
1d84ad94 406 } else if (proc_cmdline_key_streq(key, "systemd.show_status")) {
9e58ff9c 407
1d84ad94
LP		 408 if (value) {
409 r = parse_show_status(value, &arg_show_status);
410 if (r < 0)
5e1ee764 411 log_warning_errno(r, "Failed to parse show status switch %s, ignoring: %m", value);
1d84ad94
LP		 412 } else
413 arg_show_status = SHOW_STATUS_YES;
059cb385 414
36cf4507
ZJS		 415 } else if (proc_cmdline_key_streq(key, "systemd.status_unit_format")) {
416
417 if (proc_cmdline_value_missing(key, value))
418 return 0;
419
420 r = status_unit_format_from_string(value);
421 if (r < 0)
422 log_warning_errno(r, "Failed to parse %s=%s, ignoring: %m", key, value);
423 else
424 arg_status_unit_format = r;
425
1d84ad94
LP		 426 } else if (proc_cmdline_key_streq(key, "systemd.default_standard_output")) {
427
428 if (proc_cmdline_value_missing(key, value))
429 return 0;
0a494f1f 430
059cb385 431 r = exec_output_from_string(value);
fb472900 432 if (r < 0)
5e1ee764 433 log_warning_errno(r, "Failed to parse default standard output switch %s, ignoring: %m", value);
0a494f1f
LP		 434 else
435 arg_default_std_output = r;
0a494f1f 436
1d84ad94
LP		 437 } else if (proc_cmdline_key_streq(key, "systemd.default_standard_error")) {
438
439 if (proc_cmdline_value_missing(key, value))
440 return 0;
059cb385
LP		 441
442 r = exec_output_from_string(value);
fb472900 443 if (r < 0)
5e1ee764 444 log_warning_errno(r, "Failed to parse default standard error switch %s, ignoring: %m", value);
0a494f1f
LP		 445 else
446 arg_default_std_error = r;
9e7c5357 447
1d84ad94
LP		 448 } else if (streq(key, "systemd.setenv")) {
449
450 if (proc_cmdline_value_missing(key, value))
451 return 0;
059cb385
LP		 452
453 if (env_assignment_is_valid(value)) {
e21fea24
KS		 454 char **env;
455
059cb385 456 env = strv_env_set(arg_default_environment, value);
1d84ad94
LP		 457 if (!env)
458 return log_oom();
459
460 arg_default_environment = env;
e21fea24 461 } else
059cb385 462 log_warning("Environment variable name '%s' is not valid. Ignoring.", value);
9e58ff9c 463
1d84ad94
LP		 464 } else if (proc_cmdline_key_streq(key, "systemd.machine_id")) {
465
466 if (proc_cmdline_value_missing(key, value))
467 return 0;
468
469 r = set_machine_id(value);
470 if (r < 0)
5e1ee764 471 log_warning_errno(r, "MachineID '%s' is not valid, ignoring: %m", value);
ee48dbd5 472
1d84ad94
LP		 473 } else if (proc_cmdline_key_streq(key, "systemd.default_timeout_start_sec")) {
474
475 if (proc_cmdline_value_missing(key, value))
476 return 0;
477
478 r = parse_sec(value, &arg_default_timeout_start_usec);
479 if (r < 0)
5e1ee764 480 log_warning_errno(r, "Failed to parse default start timeout '%s', ignoring: %m", value);
1d84ad94
LP		 481
482 if (arg_default_timeout_start_usec <= 0)
483 arg_default_timeout_start_usec = USEC_INFINITY;
ee48dbd5 484
68d58f38
LP		 485 } else if (proc_cmdline_key_streq(key, "systemd.cpu_affinity")) {
486
487 if (proc_cmdline_value_missing(key, value))
488 return 0;
489
490 r = parse_cpu_set(value, &arg_cpu_affinity);
491 if (r < 0)
162392b7 492 log_warning_errno(r, "Failed to parse CPU affinity mask '%s', ignoring: %m", value);
68d58f38 493
8a2c1fbf
EJ		 494 } else if (proc_cmdline_key_streq(key, "systemd.watchdog_device")) {
495
496 if (proc_cmdline_value_missing(key, value))
497 return 0;
498
c6885f5f 499 (void) parse_path_argument_and_warn(value, false, &arg_watchdog_device);
8a2c1fbf 500
3753325b
LP		 501 } else if (proc_cmdline_key_streq(key, "systemd.clock_usec")) {
502
503 if (proc_cmdline_value_missing(key, value))
504 return 0;
505
506 r = safe_atou64(value, &arg_clock_usec);
507 if (r < 0)
508 log_warning_errno(r, "Failed to parse systemd.clock_usec= argument, ignoring: %s", value);
509
d247f232
LP		 510 } else if (proc_cmdline_key_streq(key, "systemd.random_seed")) {
511 void *p;
512 size_t sz;
513
514 if (proc_cmdline_value_missing(key, value))
515 return 0;
516
517 r = unbase64mem(value, (size_t) -1, &p, &sz);
518 if (r < 0)
519 log_warning_errno(r, "Failed to parse systemd.random_seed= argument, ignoring: %s", value);
520
521 free(arg_random_seed);
522 arg_random_seed = sz > 0 ? p : mfree(p);
523 arg_random_seed_size = sz;
524
059cb385 525 } else if (streq(key, "quiet") && !value) {
d7b15e0a 526
7a293242 527 if (arg_show_status == _SHOW_STATUS_INVALID)
0d066dd1 528 arg_show_status = SHOW_STATUS_ERROR;
059cb385
LP		 529
530 } else if (streq(key, "debug") && !value) {
d7b15e0a 531
1de1c9c3
LP		 532 /* Note that log_parse_environment() handles 'debug'
533 * too, and sets the log level to LOG_DEBUG. */
d7b15e0a 534
75f86906 535 if (detect_container() > 0)
b2103dcc 536 log_set_target(LOG_TARGET_CONSOLE);
059cb385 537
dcd61450 538 } else if (!value) {
e2c9a131 539 const char *target;
f170852a 540
ceae6295 541 /* Compatible with SysV, but supported independently even if SysV compatibility is disabled. */
e2c9a131
EV		 542 target = runlevel_to_target(key);
543 if (target)
cd57038a 544 return free_and_strdup_warn(&arg_default_unit, target);
f170852a
LP		 545 }
546
547 return 0;
548}
549
e8e581bf
ZJS		 550#define DEFINE_SETTER(name, func, descr) \
551 static int name(const char *unit, \
552 const char *filename, \
553 unsigned line, \
554 const char *section, \
71a61510 555 unsigned section_line, \
e8e581bf
ZJS		 556 const char *lvalue, \
557 int ltype, \
558 const char *rvalue, \
559 void *data, \
560 void *userdata) { \
561 \
562 int r; \
563 \
564 assert(filename); \
565 assert(lvalue); \
566 assert(rvalue); \
567 \
568 r = func(rvalue); \
569 if (r < 0) \
d1cefe0a
LP		 570 log_syntax(unit, LOG_ERR, filename, line, r, \
571 "Invalid " descr "'%s': %m", \
572 rvalue); \
e8e581bf
ZJS		 573 \
574 return 0; \
575 }
487393e9 576
a6ecbf83
FB		 577DEFINE_SETTER(config_parse_level2, log_set_max_level_from_string, "log level");
578DEFINE_SETTER(config_parse_target, log_set_target_from_string, "target");
c5673ed0 579DEFINE_SETTER(config_parse_color, log_show_color_from_string, "color");
a6ecbf83 580DEFINE_SETTER(config_parse_location, log_show_location_from_string, "location");
c5673ed0 581DEFINE_SETTER(config_parse_time, log_show_time_from_string, "time");
487393e9 582
a61d6874
ZJS		 583static int config_parse_default_timeout_abort(
584 const char *unit,
585 const char *filename,
586 unsigned line,
587 const char *section,
588 unsigned section_line,
589 const char *lvalue,
590 int ltype,
591 const char *rvalue,
592 void *data,
593 void *userdata) {
594 int r;
595
596 r = config_parse_timeout_abort(unit, filename, line, section, section_line, lvalue, ltype, rvalue,
597 &arg_default_timeout_abort_usec, userdata);
598 if (r >= 0)
599 arg_default_timeout_abort_set = r;
600 return 0;
601}
487393e9 602
a61d6874 603static int parse_config_file(void) {
f975e971 604 const ConfigTableItem items[] = {
a61d6874
ZJS		 605 { "Manager", "LogLevel", config_parse_level2, 0, NULL },
606 { "Manager", "LogTarget", config_parse_target, 0, NULL },
607 { "Manager", "LogColor", config_parse_color, 0, NULL },
608 { "Manager", "LogLocation", config_parse_location, 0, NULL },
c5673ed0 609 { "Manager", "LogTime", config_parse_time, 0, NULL },
a61d6874
ZJS		 610 { "Manager", "DumpCore", config_parse_bool, 0, &arg_dump_core },
611 { "Manager", "CrashChVT", /* legacy */ config_parse_crash_chvt, 0, &arg_crash_chvt },
612 { "Manager", "CrashChangeVT", config_parse_crash_chvt, 0, &arg_crash_chvt },
613 { "Manager", "CrashShell", config_parse_bool, 0, &arg_crash_shell },
614 { "Manager", "CrashReboot", config_parse_bool, 0, &arg_crash_reboot },
615 { "Manager", "ShowStatus", config_parse_show_status, 0, &arg_show_status },
616 { "Manager", "StatusUnitFormat", config_parse_status_unit_format, 0, &arg_status_unit_format },
617 { "Manager", "CPUAffinity", config_parse_cpu_affinity2, 0, &arg_cpu_affinity },
618 { "Manager", "NUMAPolicy", config_parse_numa_policy, 0, &arg_numa_policy.type },
619 { "Manager", "NUMAMask", config_parse_numa_mask, 0, &arg_numa_policy },
620 { "Manager", "JoinControllers", config_parse_warn_compat, DISABLED_CONFIGURATION, NULL },
621 { "Manager", "RuntimeWatchdogSec", config_parse_sec, 0, &arg_runtime_watchdog },
622 { "Manager", "RebootWatchdogSec", config_parse_sec, 0, &arg_reboot_watchdog },
623 { "Manager", "ShutdownWatchdogSec", config_parse_sec, 0, &arg_reboot_watchdog }, /* obsolete alias */
624 { "Manager", "KExecWatchdogSec", config_parse_sec, 0, &arg_kexec_watchdog },
625 { "Manager", "WatchdogDevice", config_parse_path, 0, &arg_watchdog_device },
626 { "Manager", "CapabilityBoundingSet", config_parse_capability_set, 0, &arg_capability_bounding_set },
627 { "Manager", "NoNewPrivileges", config_parse_bool, 0, &arg_no_new_privs },
349cc4a5 628#if HAVE_SECCOMP
a61d6874 629 { "Manager", "SystemCallArchitectures", config_parse_syscall_archs, 0, &arg_syscall_archs },
89fffa27 630#endif
a61d6874
ZJS		 631 { "Manager", "TimerSlackNSec", config_parse_nsec, 0, &arg_timer_slack_nsec },
632 { "Manager", "DefaultTimerAccuracySec", config_parse_sec, 0, &arg_default_timer_accuracy_usec },
633 { "Manager", "DefaultStandardOutput", config_parse_output_restricted, 0, &arg_default_std_output },
634 { "Manager", "DefaultStandardError", config_parse_output_restricted, 0, &arg_default_std_error },
635 { "Manager", "DefaultTimeoutStartSec", config_parse_sec, 0, &arg_default_timeout_start_usec },
636 { "Manager", "DefaultTimeoutStopSec", config_parse_sec, 0, &arg_default_timeout_stop_usec },
637 { "Manager", "DefaultTimeoutAbortSec", config_parse_default_timeout_abort, 0, NULL },
638 { "Manager", "DefaultRestartSec", config_parse_sec, 0, &arg_default_restart_usec },
639 { "Manager", "DefaultStartLimitInterval", config_parse_sec, 0, &arg_default_start_limit_interval }, /* obsolete alias */
640 { "Manager", "DefaultStartLimitIntervalSec", config_parse_sec, 0, &arg_default_start_limit_interval },
641 { "Manager", "DefaultStartLimitBurst", config_parse_unsigned, 0, &arg_default_start_limit_burst },
642 { "Manager", "DefaultEnvironment", config_parse_environ, 0, &arg_default_environment },
643 { "Manager", "DefaultLimitCPU", config_parse_rlimit, RLIMIT_CPU, arg_default_rlimit },
644 { "Manager", "DefaultLimitFSIZE", config_parse_rlimit, RLIMIT_FSIZE, arg_default_rlimit },
645 { "Manager", "DefaultLimitDATA", config_parse_rlimit, RLIMIT_DATA, arg_default_rlimit },
646 { "Manager", "DefaultLimitSTACK", config_parse_rlimit, RLIMIT_STACK, arg_default_rlimit },
647 { "Manager", "DefaultLimitCORE", config_parse_rlimit, RLIMIT_CORE, arg_default_rlimit },
648 { "Manager", "DefaultLimitRSS", config_parse_rlimit, RLIMIT_RSS, arg_default_rlimit },
649 { "Manager", "DefaultLimitNOFILE", config_parse_rlimit, RLIMIT_NOFILE, arg_default_rlimit },
650 { "Manager", "DefaultLimitAS", config_parse_rlimit, RLIMIT_AS, arg_default_rlimit },
651 { "Manager", "DefaultLimitNPROC", config_parse_rlimit, RLIMIT_NPROC, arg_default_rlimit },
652 { "Manager", "DefaultLimitMEMLOCK", config_parse_rlimit, RLIMIT_MEMLOCK, arg_default_rlimit },
653 { "Manager", "DefaultLimitLOCKS", config_parse_rlimit, RLIMIT_LOCKS, arg_default_rlimit },
654 { "Manager", "DefaultLimitSIGPENDING", config_parse_rlimit, RLIMIT_SIGPENDING, arg_default_rlimit },
655 { "Manager", "DefaultLimitMSGQUEUE", config_parse_rlimit, RLIMIT_MSGQUEUE, arg_default_rlimit },
656 { "Manager", "DefaultLimitNICE", config_parse_rlimit, RLIMIT_NICE, arg_default_rlimit },
657 { "Manager", "DefaultLimitRTPRIO", config_parse_rlimit, RLIMIT_RTPRIO, arg_default_rlimit },
658 { "Manager", "DefaultLimitRTTIME", config_parse_rlimit, RLIMIT_RTTIME, arg_default_rlimit },
659 { "Manager", "DefaultCPUAccounting", config_parse_tristate, 0, &arg_default_cpu_accounting },
660 { "Manager", "DefaultIOAccounting", config_parse_bool, 0, &arg_default_io_accounting },
661 { "Manager", "DefaultIPAccounting", config_parse_bool, 0, &arg_default_ip_accounting },
662 { "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_default_blockio_accounting },
663 { "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_default_memory_accounting },
664 { "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_default_tasks_accounting },
665 { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max },
666 { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, 0, &arg_cad_burst_action },
667 { "Manager", "DefaultOOMPolicy", config_parse_oom_policy, 0, &arg_default_oom_policy },
d3b1c508 668 {}
487393e9
LP		 669 };
670
1b907b5c 671 const char *fn, *conf_dirs_nulstr;
487393e9 672
463d0d15 673 fn = arg_system ?
75eb6154
LP		 674 PKGSYSCONFDIR "/system.conf" :
675 PKGSYSCONFDIR "/user.conf";
676
463d0d15 677 conf_dirs_nulstr = arg_system ?
75eb6154
LP		 678 CONF_PATHS_NULSTR("systemd/system.conf.d") :
679 CONF_PATHS_NULSTR("systemd/user.conf.d");
680
4f9ff96a
LP		 681 (void) config_parse_many_nulstr(
682 fn, conf_dirs_nulstr,
683 "Manager\0",
684 config_item_table_lookup, items,
685 CONFIG_PARSE_WARN,
686 NULL,
687 NULL);
36c16a7c
LP		 688
689 /* Traditionally "0" was used to turn off the default unit timeouts. Fix this up so that we used USEC_INFINITY
690 * like everywhere else. */
691 if (arg_default_timeout_start_usec <= 0)
692 arg_default_timeout_start_usec = USEC_INFINITY;
693 if (arg_default_timeout_stop_usec <= 0)
694 arg_default_timeout_stop_usec = USEC_INFINITY;
487393e9 695
487393e9
LP		 696 return 0;
697}
698
85cb4151 699static void set_manager_defaults(Manager *m) {
06af2a04
TB		 700
701 assert(m);
702
5b65ae15
LP		 703 /* Propagates the various default unit property settings into the manager object, i.e. properties that do not
704 * affect the manager itself, but are just what newly allocated units will have set if they haven't set
705 * anything else. (Also see set_manager_settings() for the settings that affect the manager's own behaviour) */
706
06af2a04
TB		 707 m->default_timer_accuracy_usec = arg_default_timer_accuracy_usec;
708 m->default_std_output = arg_default_std_output;
709 m->default_std_error = arg_default_std_error;
710 m->default_timeout_start_usec = arg_default_timeout_start_usec;
711 m->default_timeout_stop_usec = arg_default_timeout_stop_usec;
dc653bf4
JK		 712 m->default_timeout_abort_usec = arg_default_timeout_abort_usec;
713 m->default_timeout_abort_set = arg_default_timeout_abort_set;
06af2a04
TB		 714 m->default_restart_usec = arg_default_restart_usec;
715 m->default_start_limit_interval = arg_default_start_limit_interval;
716 m->default_start_limit_burst = arg_default_start_limit_burst;
a88c5b8a
CD		 717
718 /* On 4.15+ with unified hierarchy, CPU accounting is essentially free as it doesn't require the CPU
719 * controller to be enabled, so the default is to enable it unless we got told otherwise. */
720 if (arg_default_cpu_accounting >= 0)
721 m->default_cpu_accounting = arg_default_cpu_accounting;
722 else
723 m->default_cpu_accounting = cpu_accounting_is_cheap();
724
13c31542 725 m->default_io_accounting = arg_default_io_accounting;
377bfd2d 726 m->default_ip_accounting = arg_default_ip_accounting;
06af2a04
TB		 727 m->default_blockio_accounting = arg_default_blockio_accounting;
728 m->default_memory_accounting = arg_default_memory_accounting;
03a7b521 729 m->default_tasks_accounting = arg_default_tasks_accounting;
0af20ea2 730 m->default_tasks_max = arg_default_tasks_max;
afcfaa69 731 m->default_oom_policy = arg_default_oom_policy;
06af2a04 732
79a224c4
LP		 733 (void) manager_set_default_rlimits(m, arg_default_rlimit);
734
735 (void) manager_default_environment(m);
736 (void) manager_transient_environment_add(m, arg_default_environment);
06af2a04
TB		 737}
738
7b46fc6a
LP		 739static void set_manager_settings(Manager *m) {
740
741 assert(m);
742
986935cf
FB		 743 /* Propagates the various manager settings into the manager object, i.e. properties that
744 * effect the manager itself (as opposed to just being inherited into newly allocated
745 * units, see set_manager_defaults() above). */
5b65ae15 746
7b46fc6a 747 m->confirm_spawn = arg_confirm_spawn;
2a12e32e 748 m->service_watchdogs = arg_service_watchdogs;
7b46fc6a
LP		 749 m->cad_burst_action = arg_cad_burst_action;
750
986935cf
FB		 751 manager_set_watchdog(m, WATCHDOG_RUNTIME, arg_runtime_watchdog);
752 manager_set_watchdog(m, WATCHDOG_REBOOT, arg_reboot_watchdog);
753 manager_set_watchdog(m, WATCHDOG_KEXEC, arg_kexec_watchdog);
754
7365a296 755 manager_set_show_status(m, arg_show_status, "commandline");
36cf4507 756 m->status_unit_format = arg_status_unit_format;
7b46fc6a
LP		 757}
758
f170852a 759static int parse_argv(int argc, char *argv[]) {
f170852a
LP		 760 enum {
761 ARG_LOG_LEVEL = 0x100,
762 ARG_LOG_TARGET,
bbe63281
LP		 763 ARG_LOG_COLOR,
764 ARG_LOG_LOCATION,
c5673ed0 765 ARG_LOG_TIME,
2f198e2f 766 ARG_UNIT,
edb9aaa8 767 ARG_SYSTEM,
af2d49f7 768 ARG_USER,
e537352b 769 ARG_TEST,
b87c2aa6 770 ARG_NO_PAGER,
9ba0bc4e 771 ARG_VERSION,
80876c20 772 ARG_DUMP_CONFIGURATION_ITEMS,
bbc1acab 773 ARG_DUMP_BUS_PROPERTIES,
5c08257b 774 ARG_BUS_INTROSPECT,
9e58ff9c 775 ARG_DUMP_CORE,
b9e74c39 776 ARG_CRASH_CHVT,
9e58ff9c 777 ARG_CRASH_SHELL,
b9e74c39 778 ARG_CRASH_REBOOT,
a16e1123 779 ARG_CONFIRM_SPAWN,
9e58ff9c 780 ARG_SHOW_STATUS,
4288f619 781 ARG_DESERIALIZE,
2660882b 782 ARG_SWITCHED_ROOT,
0a494f1f 783 ARG_DEFAULT_STD_OUTPUT,
ee48dbd5 784 ARG_DEFAULT_STD_ERROR,
2a12e32e
JK		 785 ARG_MACHINE_ID,
786 ARG_SERVICE_WATCHDOGS,
f170852a
LP		 787 };
788
789 static const struct option options[] = {
a16e1123
LP		 790 { "log-level", required_argument, NULL, ARG_LOG_LEVEL },
791 { "log-target", required_argument, NULL, ARG_LOG_TARGET },
bbe63281
LP		 792 { "log-color", optional_argument, NULL, ARG_LOG_COLOR },
793 { "log-location", optional_argument, NULL, ARG_LOG_LOCATION },
c5673ed0 794 { "log-time", optional_argument, NULL, ARG_LOG_TIME },
2f198e2f 795 { "unit", required_argument, NULL, ARG_UNIT },
edb9aaa8 796 { "system", no_argument, NULL, ARG_SYSTEM },
af2d49f7 797 { "user", no_argument, NULL, ARG_USER },
a16e1123 798 { "test", no_argument, NULL, ARG_TEST },
b87c2aa6 799 { "no-pager", no_argument, NULL, ARG_NO_PAGER },
a16e1123 800 { "help", no_argument, NULL, 'h' },
9ba0bc4e 801 { "version", no_argument, NULL, ARG_VERSION },
a16e1123 802 { "dump-configuration-items", no_argument, NULL, ARG_DUMP_CONFIGURATION_ITEMS },
bbc1acab 803 { "dump-bus-properties", no_argument, NULL, ARG_DUMP_BUS_PROPERTIES },
5c08257b 804 { "bus-introspect", required_argument, NULL, ARG_BUS_INTROSPECT },
a5d87bf0 805 { "dump-core", optional_argument, NULL, ARG_DUMP_CORE },
b9e74c39 806 { "crash-chvt", required_argument, NULL, ARG_CRASH_CHVT },
a5d87bf0 807 { "crash-shell", optional_argument, NULL, ARG_CRASH_SHELL },
b9e74c39 808 { "crash-reboot", optional_argument, NULL, ARG_CRASH_REBOOT },
a5d87bf0 809 { "confirm-spawn", optional_argument, NULL, ARG_CONFIRM_SPAWN },
6e98720f 810 { "show-status", optional_argument, NULL, ARG_SHOW_STATUS },
a16e1123 811 { "deserialize", required_argument, NULL, ARG_DESERIALIZE },
2660882b 812 { "switched-root", no_argument, NULL, ARG_SWITCHED_ROOT },
0a494f1f
LP		 813 { "default-standard-output", required_argument, NULL, ARG_DEFAULT_STD_OUTPUT, },
814 { "default-standard-error", required_argument, NULL, ARG_DEFAULT_STD_ERROR, },
ee48dbd5 815 { "machine-id", required_argument, NULL, ARG_MACHINE_ID },
2a12e32e 816 { "service-watchdogs", required_argument, NULL, ARG_SERVICE_WATCHDOGS },
fb472900 817 {}
f170852a
LP		 818 };
819
820 int c, r;
821
822 assert(argc >= 1);
823 assert(argv);
824
df0ff127 825 if (getpid_cached() == 1)
b770165a
LP		 826 opterr = 0;
827
099663ff 828 while ((c = getopt_long(argc, argv, "hDbsz:", options, NULL)) >= 0)
f170852a
LP		 829
830 switch (c) {
831
832 case ARG_LOG_LEVEL:
fb472900 833 r = log_set_max_level_from_string(optarg);
2b5107e1
ZJS		 834 if (r < 0)
835 return log_error_errno(r, "Failed to parse log level \"%s\": %m", optarg);
f170852a
LP		 836
837 break;
838
839 case ARG_LOG_TARGET:
fb472900 840 r = log_set_target_from_string(optarg);
2b5107e1
ZJS		 841 if (r < 0)
842 return log_error_errno(r, "Failed to parse log target \"%s\": %m", optarg);
f170852a
LP		 843
844 break;
845
bbe63281
LP		 846 case ARG_LOG_COLOR:
847
d0b170c8 848 if (optarg) {
fb472900 849 r = log_show_color_from_string(optarg);
2b5107e1
ZJS		 850 if (r < 0)
851 return log_error_errno(r, "Failed to parse log color setting \"%s\": %m",
852 optarg);
d0b170c8
LP		 853 } else
854 log_show_color(true);
bbe63281
LP		 855
856 break;
857
858 case ARG_LOG_LOCATION:
d0b170c8 859 if (optarg) {
fb472900 860 r = log_show_location_from_string(optarg);
2b5107e1
ZJS		 861 if (r < 0)
862 return log_error_errno(r, "Failed to parse log location setting \"%s\": %m",
863 optarg);
d0b170c8
LP		 864 } else
865 log_show_location(true);
bbe63281
LP		 866
867 break;
868
c5673ed0
DS		 869 case ARG_LOG_TIME:
870
871 if (optarg) {
872 r = log_show_time_from_string(optarg);
873 if (r < 0)
874 return log_error_errno(r, "Failed to parse log time setting \"%s\": %m",
875 optarg);
876 } else
877 log_show_time(true);
878
879 break;
880
0a494f1f 881 case ARG_DEFAULT_STD_OUTPUT:
fb472900 882 r = exec_output_from_string(optarg);
2b5107e1
ZJS		 883 if (r < 0)
884 return log_error_errno(r, "Failed to parse default standard output setting \"%s\": %m",
885 optarg);
886 arg_default_std_output = r;
0a494f1f
LP		 887 break;
888
889 case ARG_DEFAULT_STD_ERROR:
fb472900 890 r = exec_output_from_string(optarg);
2b5107e1
ZJS		 891 if (r < 0)
892 return log_error_errno(r, "Failed to parse default standard error output setting \"%s\": %m",
893 optarg);
894 arg_default_std_error = r;
0a494f1f
LP		 895 break;
896
2f198e2f 897 case ARG_UNIT:
e6e242ad 898 r = free_and_strdup(&arg_default_unit, optarg);
23bbb0de 899 if (r < 0)
2b5107e1 900 return log_error_errno(r, "Failed to set default unit \"%s\": %m", optarg);
f170852a
LP		 901
902 break;
903
edb9aaa8 904 case ARG_SYSTEM:
463d0d15 905 arg_system = true;
edb9aaa8 906 break;
a5dab5ce 907
af2d49f7 908 case ARG_USER:
463d0d15 909 arg_system = false;
a5dab5ce 910 break;
a5dab5ce 911
e965d56d 912 case ARG_TEST:
fa0f4d8a 913 arg_action = ACTION_TEST;
b87c2aa6
ZJS		 914 break;
915
916 case ARG_NO_PAGER:
0221d68a 917 arg_pager_flags |= PAGER_DISABLE;
e965d56d
LP		 918 break;
919
9ba0bc4e
ZJS		 920 case ARG_VERSION:
921 arg_action = ACTION_VERSION;
922 break;
923
e537352b 924 case ARG_DUMP_CONFIGURATION_ITEMS:
fa0f4d8a 925 arg_action = ACTION_DUMP_CONFIGURATION_ITEMS;
e537352b
LP		 926 break;
927
bbc1acab
YW		 928 case ARG_DUMP_BUS_PROPERTIES:
929 arg_action = ACTION_DUMP_BUS_PROPERTIES;
930 break;
931
5c08257b
ZJS		 932 case ARG_BUS_INTROSPECT:
933 arg_bus_introspect = optarg;
934 arg_action = ACTION_BUS_INTROSPECT;
935 break;
936
9e58ff9c 937 case ARG_DUMP_CORE:
b9e74c39
LP		 938 if (!optarg)
939 arg_dump_core = true;
940 else {
941 r = parse_boolean(optarg);
942 if (r < 0)
2b5107e1
ZJS		 943 return log_error_errno(r, "Failed to parse dump core boolean: \"%s\": %m",
944 optarg);
b9e74c39 945 arg_dump_core = r;
a5d87bf0 946 }
b9e74c39
LP		 947 break;
948
949 case ARG_CRASH_CHVT:
a07a7324 950 r = parse_crash_chvt(optarg, &arg_crash_chvt);
b9e74c39 951 if (r < 0)
2b5107e1
ZJS		 952 return log_error_errno(r, "Failed to parse crash virtual terminal index: \"%s\": %m",
953 optarg);
9e58ff9c
LP		 954 break;
955
956 case ARG_CRASH_SHELL:
b9e74c39
LP		 957 if (!optarg)
958 arg_crash_shell = true;
959 else {
960 r = parse_boolean(optarg);
961 if (r < 0)
2b5107e1
ZJS		 962 return log_error_errno(r, "Failed to parse crash shell boolean: \"%s\": %m",
963 optarg);
b9e74c39
LP		 964 arg_crash_shell = r;
965 }
966 break;
967
968 case ARG_CRASH_REBOOT:
969 if (!optarg)
970 arg_crash_reboot = true;
971 else {
972 r = parse_boolean(optarg);
973 if (r < 0)
2b5107e1
ZJS		 974 return log_error_errno(r, "Failed to parse crash shell boolean: \"%s\": %m",
975 optarg);
b9e74c39 976 arg_crash_reboot = r;
a5d87bf0 977 }
9e58ff9c
LP		 978 break;
979
80876c20 980 case ARG_CONFIRM_SPAWN:
7d5ceb64
FB		 981 arg_confirm_spawn = mfree(arg_confirm_spawn);
982
983 r = parse_confirm_spawn(optarg, &arg_confirm_spawn);
984 if (r < 0)
2b5107e1
ZJS		 985 return log_error_errno(r, "Failed to parse confirm spawn option: \"%s\": %m",
986 optarg);
80876c20
LP		 987 break;
988
2a12e32e
JK		 989 case ARG_SERVICE_WATCHDOGS:
990 r = parse_boolean(optarg);
991 if (r < 0)
2b5107e1
ZJS		 992 return log_error_errno(r, "Failed to parse service watchdogs boolean: \"%s\": %m",
993 optarg);
2a12e32e
JK		 994 arg_service_watchdogs = r;
995 break;
996
9e58ff9c 997 case ARG_SHOW_STATUS:
d450b6f2
ZJS		 998 if (optarg) {
999 r = parse_show_status(optarg, &arg_show_status);
ac7ec288 1000 if (r < 0)
2b5107e1
ZJS		 1001 return log_error_errno(r, "Failed to parse show status boolean: \"%s\": %m",
1002 optarg);
d450b6f2
ZJS		 1003 } else
1004 arg_show_status = SHOW_STATUS_YES;
6e98720f 1005 break;
a5d87bf0 1006
a16e1123
LP		 1007 case ARG_DESERIALIZE: {
1008 int fd;
1009 FILE *f;
1010
01e10de3 1011 r = safe_atoi(optarg, &fd);
2b5107e1
ZJS		 1012 if (r < 0)
1013 log_error_errno(r, "Failed to parse deserialize option \"%s\": %m", optarg);
baaa35ad
ZJS		 1014 if (fd < 0)
1015 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
1016 "Invalid deserialize fd: %d",
1017 fd);
a16e1123 1018
b9e74c39 1019 (void) fd_cloexec(fd, true);
01e10de3
LP		 1020
1021 f = fdopen(fd, "r");
4a62c710 1022 if (!f)
2b5107e1 1023 return log_error_errno(errno, "Failed to open serialization fd %d: %m", fd);
a16e1123 1024
74ca738f 1025 safe_fclose(arg_serialization);
d3b1c508 1026 arg_serialization = f;
a16e1123
LP		 1027
1028 break;
1029 }
1030
2660882b 1031 case ARG_SWITCHED_ROOT:
bf4df7c3 1032 arg_switched_root = true;
d03bc1b8
HH		 1033 break;
1034
ee48dbd5
NC		 1035 case ARG_MACHINE_ID:
1036 r = set_machine_id(optarg);
54500613 1037 if (r < 0)
2b5107e1 1038 return log_error_errno(r, "MachineID '%s' is not valid: %m", optarg);
ee48dbd5
NC		 1039 break;
1040
f170852a 1041 case 'h':
fa0f4d8a 1042 arg_action = ACTION_HELP;
f170852a
LP		 1043 break;
1044
1d2e23ab
LP		 1045 case 'D':
1046 log_set_max_level(LOG_DEBUG);
1047 break;
1048
099663ff
LP		 1049 case 'b':
1050 case 's':
1051 case 'z':
cd57038a
ZJS		 1052 /* Just to eat away the sysvinit kernel cmdline args that we'll parse in
1053 * parse_proc_cmdline_item() or ignore, without any getopt() error messages.
1054 */
099663ff 1055 case '?':
df0ff127 1056 if (getpid_cached() != 1)
099663ff 1057 return -EINVAL;
601185b4
ZJS		 1058 else
1059 return 0;
099663ff 1060
601185b4
ZJS		 1061 default:
1062 assert_not_reached("Unhandled option code.");
f170852a
LP		 1063 }
1064
df0ff127 1065 if (optind < argc && getpid_cached() != 1) {
d821e6d6
LP		 1066 /* Hmm, when we aren't run as init system
1067 * let's complain about excess arguments */
1068
baaa35ad
ZJS		 1069 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
1070 "Excess arguments.");
d821e6d6
LP		 1071 }
1072
f170852a
LP		 1073 return 0;
1074}
1075
1076static int help(void) {
37ec0fdd
LP		 1077 _cleanup_free_ char *link = NULL;
1078 int r;
1079
1080 r = terminal_urlify_man("systemd", "1", &link);
1081 if (r < 0)
1082 return log_oom();
f170852a 1083
2e33c433 1084 printf("%s [OPTIONS...]\n\n"
7ae47326
ZJS		 1085 "%sStarts and monitors system and user services.%s\n\n"
1086 "This program takes no positional arguments.\n\n"
1087 "%sOptions%s:\n"
e537352b 1088 " -h --help Show this help\n"
cb4069d9 1089 " --version Show version\n"
cd69e88b
LP		 1090 " --test Determine initial transaction, dump it and exit\n"
1091 " --system In combination with --test: operate as system service manager\n"
1092 " --user In combination with --test: operate as per-user service manager\n"
b87c2aa6 1093 " --no-pager Do not pipe output into a pager\n"
80876c20 1094 " --dump-configuration-items Dump understood unit configuration items\n"
bbc1acab 1095 " --dump-bus-properties Dump exposed bus properties\n"
5c08257b 1096 " --bus-introspect=PATH Write XML introspection data\n"
9e58ff9c 1097 " --unit=UNIT Set default unit\n"
b9e74c39
LP		 1098 " --dump-core[=BOOL] Dump core on crash\n"
1099 " --crash-vt=NR Change to specified VT on crash\n"
1100 " --crash-reboot[=BOOL] Reboot on crash\n"
1101 " --crash-shell[=BOOL] Run shell on crash\n"
1102 " --confirm-spawn[=BOOL] Ask for confirmation when spawning processes\n"
1103 " --show-status[=BOOL] Show status updates on the console during bootup\n"
c1dc6153 1104 " --log-target=TARGET Set log target (console, journal, kmsg, journal-or-kmsg, null)\n"
9e58ff9c 1105 " --log-level=LEVEL Set log level (debug, info, notice, warning, err, crit, alert, emerg)\n"
b9e74c39
LP		 1106 " --log-color[=BOOL] Highlight important log messages\n"
1107 " --log-location[=BOOL] Include code location in log messages\n"
c5673ed0 1108 " --log-time[=BOOL] Prefix log messages with current time\n"
0a494f1f 1109 " --default-standard-output= Set default standard output for services\n"
37ec0fdd
LP		 1110 " --default-standard-error= Set default standard error output for services\n"
1111 "\nSee the %s for details.\n"
1112 , program_invocation_short_name
7ae47326
ZJS		 1113 , ansi_highlight(), ansi_normal()
1114 , ansi_underline(), ansi_normal()
37ec0fdd
LP		 1115 , link
1116 );
f170852a
LP		 1117
1118 return 0;
1119}
1120
2cc856ac
LP		 1121static int prepare_reexecute(
1122 Manager *m,
1123 FILE **ret_f,
1124 FDSet **ret_fds,
1125 bool switching_root) {
1126
48b90859
LP		 1127 _cleanup_fdset_free_ FDSet *fds = NULL;
1128 _cleanup_fclose_ FILE *f = NULL;
a16e1123
LP		 1129 int r;
1130
1131 assert(m);
2cc856ac
LP		 1132 assert(ret_f);
1133 assert(ret_fds);
a16e1123 1134
6b78f9b4 1135 r = manager_open_serialization(m, &f);
48b90859
LP		 1136 if (r < 0)
1137 return log_error_errno(r, "Failed to create serialization file: %m");
a16e1123 1138
71445ae7 1139 /* Make sure nothing is really destructed when we shut down */
313cefa1 1140 m->n_reloading++;
718db961 1141 bus_manager_send_reloading(m, true);
71445ae7 1142
6b78f9b4 1143 fds = fdset_new();
48b90859
LP		 1144 if (!fds)
1145 return log_oom();
a16e1123 1146
b3680f49 1147 r = manager_serialize(m, f, fds, switching_root);
48b90859 1148 if (r < 0)
d68c645b 1149 return r;
a16e1123 1150
48b90859
LP		 1151 if (fseeko(f, 0, SEEK_SET) == (off_t) -1)
1152 return log_error_errno(errno, "Failed to rewind serialization fd: %m");
a16e1123 1153
6b78f9b4 1154 r = fd_cloexec(fileno(f), false);
48b90859
LP		 1155 if (r < 0)
1156 return log_error_errno(r, "Failed to disable O_CLOEXEC for serialization: %m");
a16e1123 1157
6b78f9b4 1158 r = fdset_cloexec(fds, false);
48b90859
LP		 1159 if (r < 0)
1160 return log_error_errno(r, "Failed to disable O_CLOEXEC for serialization fds: %m");
a16e1123 1161
2cc856ac
LP		 1162 *ret_f = TAKE_PTR(f);
1163 *ret_fds = TAKE_PTR(fds);
a16e1123 1164
48b90859 1165 return 0;
a16e1123
LP		 1166}
1167
a8b627aa
LP		 1168static void bump_file_max_and_nr_open(void) {
1169
1170 /* Let's bump fs.file-max and fs.nr_open to their respective maximums. On current kernels large numbers of file
1171 * descriptors are no longer a performance problem and their memory is properly tracked by memcg, thus counting
1172 * them and limiting them in another two layers of limits is unnecessary and just complicates things. This
1173 * function hence turns off 2 of the 4 levels of limits on file descriptors, and makes RLIMIT_NOLIMIT (soft +
1174 * hard) the only ones that really matter. */
1175
1176#if BUMP_PROC_SYS_FS_FILE_MAX || BUMP_PROC_SYS_FS_NR_OPEN
a8b627aa
LP		 1177 int r;
1178#endif
1179
1180#if BUMP_PROC_SYS_FS_FILE_MAX
6e2f7894
LP		 1181 /* The maximum the kernel allows for this since 5.2 is LONG_MAX, use that. (Previously thing where
1182 * different but the operation would fail silently.) */
56e8419a 1183 r = sysctl_writef("fs/file-max", "%li\n", LONG_MAX);
a8b627aa
LP		 1184 if (r < 0)
1185 log_full_errno(IN_SET(r, -EROFS, -EPERM, -EACCES) ? LOG_DEBUG : LOG_WARNING, r, "Failed to bump fs.file-max, ignoring: %m");
1186#endif
1187
a8b627aa
LP		 1188#if BUMP_PROC_SYS_FS_NR_OPEN
1189 int v = INT_MAX;
1190
1191 /* Arg! The kernel enforces maximum and minimum values on the fs.nr_open, but we don't really know what they
1192 * are. The expression by which the maximum is determined is dependent on the architecture, and is something we
1193 * don't really want to copy to userspace, as it is dependent on implementation details of the kernel. Since
1194 * the kernel doesn't expose the maximum value to us, we can only try and hope. Hence, let's start with
1195 * INT_MAX, and then keep halving the value until we find one that works. Ugly? Yes, absolutely, but kernel
1196 * APIs are kernel APIs, so what do can we do... 🤯 */
1197
1198 for (;;) {
1199 int k;
1200
1201 v &= ~(__SIZEOF_POINTER__ - 1); /* Round down to next multiple of the pointer size */
1202 if (v < 1024) {
1203 log_warning("Can't bump fs.nr_open, value too small.");
1204 break;
1205 }
1206
1207 k = read_nr_open();
1208 if (k < 0) {
1209 log_error_errno(k, "Failed to read fs.nr_open: %m");
1210 break;
1211 }
1212 if (k >= v) { /* Already larger */
1213 log_debug("Skipping bump, value is already larger.");
1214 break;
1215 }
1216
56e8419a 1217 r = sysctl_writef("fs/nr_open", "%i\n", v);
a8b627aa
LP		 1218 if (r == -EINVAL) {
1219 log_debug("Couldn't write fs.nr_open as %i, halving it.", v);
1220 v /= 2;
1221 continue;
1222 }
1223 if (r < 0) {
1224 log_full_errno(IN_SET(r, -EROFS, -EPERM, -EACCES) ? LOG_DEBUG : LOG_WARNING, r, "Failed to bump fs.nr_open, ignoring: %m");
1225 break;
1226 }
1227
1228 log_debug("Successfully bumped fs.nr_open to %i", v);
1229 break;
1230 }
1231#endif
1232}
1233
4096d6f5 1234static int bump_rlimit_nofile(struct rlimit *saved_rlimit) {
cda7faa9 1235 struct rlimit new_rlimit;
9264cc39 1236 int r, nr;
4096d6f5 1237
52d62075
LP		 1238 /* Get the underlying absolute limit the kernel enforces */
1239 nr = read_nr_open();
1240
cda7faa9
LP		 1241 /* Calculate the new limits to use for us. Never lower from what we inherited. */
1242 new_rlimit = (struct rlimit) {
1243 .rlim_cur = MAX((rlim_t) nr, saved_rlimit->rlim_cur),
1244 .rlim_max = MAX((rlim_t) nr, saved_rlimit->rlim_max),
1245 };
1246
1247 /* Shortcut if nothing changes. */
1248 if (saved_rlimit->rlim_max >= new_rlimit.rlim_max &&
1249 saved_rlimit->rlim_cur >= new_rlimit.rlim_cur) {
1250 log_debug("RLIMIT_NOFILE is already as high or higher than we need it, not bumping.");
1251 return 0;
1252 }
1253
52d62075
LP		 1254 /* Bump up the resource limit for ourselves substantially, all the way to the maximum the kernel allows, for
1255 * both hard and soft. */
cda7faa9 1256 r = setrlimit_closest(RLIMIT_NOFILE, &new_rlimit);
23bbb0de 1257 if (r < 0)
3ce40911 1258 return log_warning_errno(r, "Setting RLIMIT_NOFILE failed, ignoring: %m");
4096d6f5
LP		 1259
1260 return 0;
1261}
1262
fb3ae275 1263static int bump_rlimit_memlock(struct rlimit *saved_rlimit) {
cda7faa9 1264 struct rlimit new_rlimit;
04d1ee0f 1265 uint64_t mm;
fb3ae275
LP		 1266 int r;
1267
a17c1712 1268 /* BPF_MAP_TYPE_LPM_TRIE bpf maps are charged against RLIMIT_MEMLOCK, even if we have CAP_IPC_LOCK which should
6e3c443b 1269 * normally disable such checks. We need them to implement IPAddressAllow= and IPAddressDeny=, hence let's bump
a17c1712 1270 * the value high enough for our user. */
fb3ae275 1271
cda7faa9
LP		 1272 /* Using MAX() on resource limits only is safe if RLIM_INFINITY is > 0. POSIX declares that rlim_t
1273 * must be unsigned, hence this is a given, but let's make this clear here. */
1274 assert_cc(RLIM_INFINITY > 0);
1275
04d1ee0f 1276 mm = physical_memory() / 8; /* Let's scale how much we allow to be locked by the amount of physical
2d4f8cf4 1277 * RAM. We allow an eighth to be locked by us, just to pick a value. */
04d1ee0f 1278
cda7faa9 1279 new_rlimit = (struct rlimit) {
04d1ee0f
LP		 1280 .rlim_cur = MAX3(HIGH_RLIMIT_MEMLOCK, saved_rlimit->rlim_cur, mm),
1281 .rlim_max = MAX3(HIGH_RLIMIT_MEMLOCK, saved_rlimit->rlim_max, mm),
cda7faa9
LP		 1282 };
1283
1284 if (saved_rlimit->rlim_max >= new_rlimit.rlim_cur &&
1285 saved_rlimit->rlim_cur >= new_rlimit.rlim_max) {
1286 log_debug("RLIMIT_MEMLOCK is already as high or higher than we need it, not bumping.");
1287 return 0;
1288 }
1289
1290 r = setrlimit_closest(RLIMIT_MEMLOCK, &new_rlimit);
fb3ae275
LP		 1291 if (r < 0)
1292 return log_warning_errno(r, "Setting RLIMIT_MEMLOCK failed, ignoring: %m");
1293
1294 return 0;
1295}
1296
80758717 1297static void test_usr(void) {
80758717 1298
796ac4c1 1299 /* Check that /usr is either on the same file system as / or mounted already. */
80758717 1300
871c44a7
LP		 1301 if (dir_is_empty("/usr") <= 0)
1302 return;
1303
8b173b5e 1304 log_warning("/usr appears to be on its own filesystem and is not already mounted. This is not a supported setup. "
871c44a7
LP		 1305 "Some things will probably break (sometimes even silently) in mysterious ways. "
1306 "Consult http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken for more information.");
1307}
1308
d3b1c508 1309static int enforce_syscall_archs(Set *archs) {
349cc4a5 1310#if HAVE_SECCOMP
d3b1c508
LP		 1311 int r;
1312
83f12b27
FS		 1313 if (!is_seccomp_available())
1314 return 0;
1315
469830d1 1316 r = seccomp_restrict_archs(arg_syscall_archs);
d3b1c508 1317 if (r < 0)
469830d1 1318 return log_error_errno(r, "Failed to enforce system call architecture restrication: %m");
d3b1c508 1319#endif
469830d1 1320 return 0;
d3b1c508
LP		 1321}
1322
b6e2f329
LP		 1323static int status_welcome(void) {
1324 _cleanup_free_ char *pretty_name = NULL, *ansi_color = NULL;
1325 int r;
1326
5ca02bfc 1327 if (!show_status_on(arg_show_status))
fd8c85c6
LP		 1328 return 0;
1329
d58ad743
LP		 1330 r = parse_os_release(NULL,
1331 "PRETTY_NAME", &pretty_name,
1332 "ANSI_COLOR", &ansi_color,
1333 NULL);
1334 if (r < 0)
1335 log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_WARNING, r,
1336 "Failed to read os-release file, ignoring: %m");
b6e2f329 1337
dc9b5816 1338 if (log_get_show_color())
a885727a 1339 return status_printf(NULL, 0,
dc9b5816
ZJS		 1340 "\nWelcome to \x1B[%sm%s\x1B[0m!\n",
1341 isempty(ansi_color) ? "1" : ansi_color,
1342 isempty(pretty_name) ? "Linux" : pretty_name);
1343 else
a885727a 1344 return status_printf(NULL, 0,
dc9b5816
ZJS		 1345 "\nWelcome to %s!\n",
1346 isempty(pretty_name) ? "Linux" : pretty_name);
b6e2f329
LP		 1347}
1348
fdd25311
LP		 1349static int write_container_id(void) {
1350 const char *c;
19854865 1351 int r;
fdd25311
LP		 1352
1353 c = getenv("container");
1354 if (isempty(c))
1355 return 0;
1356
8612da97
LP		 1357 RUN_WITH_UMASK(0022)
1358 r = write_string_file("/run/systemd/container", c, WRITE_STRING_FILE_CREATE);
19854865 1359 if (r < 0)
f1f849b0 1360 return log_warning_errno(r, "Failed to write /run/systemd/container, ignoring: %m");
19854865
LP		 1361
1362 return 1;
1363}
1364
1365static int bump_unix_max_dgram_qlen(void) {
1366 _cleanup_free_ char *qlen = NULL;
1367 unsigned long v;
1368 int r;
1369
3130fca5
LP		 1370 /* Let's bump the net.unix.max_dgram_qlen sysctl. The kernel default of 16 is simply too low. We set the value
1371 * really really early during boot, so that it is actually applied to all our sockets, including the
1372 * $NOTIFY_SOCKET one. */
19854865
LP		 1373
1374 r = read_one_line_file("/proc/sys/net/unix/max_dgram_qlen", &qlen);
1375 if (r < 0)
875622c3 1376 return log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_WARNING, r, "Failed to read AF_UNIX datagram queue length, ignoring: %m");
19854865
LP		 1377
1378 r = safe_atolu(qlen, &v);
1379 if (r < 0)
3130fca5 1380 return log_warning_errno(r, "Failed to parse AF_UNIX datagram queue length '%s', ignoring: %m", qlen);
19854865
LP		 1381
1382 if (v >= DEFAULT_UNIX_MAX_DGRAM_QLEN)
1383 return 0;
1384
57512c89 1385 r = write_string_filef("/proc/sys/net/unix/max_dgram_qlen", WRITE_STRING_FILE_DISABLE_BUFFER, "%lu", DEFAULT_UNIX_MAX_DGRAM_QLEN);
19854865
LP		 1386 if (r < 0)
1387 return log_full_errno(IN_SET(r, -EROFS, -EPERM, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
1388 "Failed to bump AF_UNIX datagram queue length, ignoring: %m");
1389
1390 return 1;
fdd25311
LP		 1391}
1392
32391275
FB		 1393static int fixup_environment(void) {
1394 _cleanup_free_ char *term = NULL;
4dc63c4b 1395 const char *t;
32391275
FB		 1396 int r;
1397
43db615b
LP		 1398 /* Only fix up the environment when we are started as PID 1 */
1399 if (getpid_cached() != 1)
1400 return 0;
1401
1402 /* We expect the environment to be set correctly if run inside a container. */
84af7821
LP		 1403 if (detect_container() > 0)
1404 return 0;
1405
43db615b
LP		 1406 /* When started as PID1, the kernel uses /dev/console for our stdios and uses TERM=linux whatever the backend
1407 * device used by the console. We try to make a better guess here since some consoles might not have support
1408 * for color mode for example.
32391275 1409 *
43db615b 1410 * However if TERM was configured through the kernel command line then leave it alone. */
1d84ad94 1411 r = proc_cmdline_get_key("TERM", 0, &term);
32391275
FB		 1412 if (r < 0)
1413 return r;
32391275 1414
4dc63c4b
LP		 1415 t = term ?: default_term_for_tty("/dev/console");
1416
1417 if (setenv("TERM", t, 1) < 0)
32391275
FB		 1418 return -errno;
1419
9d48671c
ZJS		 1420 /* The kernels sets HOME=/ for init. Let's undo this. */
1421 if (path_equal_ptr(getenv("HOME"), "/") &&
1422 unsetenv("HOME") < 0)
1423 log_warning_errno(errno, "Failed to unset $HOME: %m");
1424
32391275
FB		 1425 return 0;
1426}
1427
6808a0bc
LP		 1428static void redirect_telinit(int argc, char *argv[]) {
1429
1430 /* This is compatibility support for SysV, where calling init as a user is identical to telinit. */
1431
1432#if HAVE_SYSV_COMPAT
1433 if (getpid_cached() == 1)
1434 return;
1435
1436 if (!strstr(program_invocation_short_name, "init"))
1437 return;
1438
1439 execv(SYSTEMCTL_BINARY_PATH, argv);
1440 log_error_errno(errno, "Failed to exec " SYSTEMCTL_BINARY_PATH ": %m");
a45d7127 1441 exit(EXIT_FAILURE);
6808a0bc
LP		 1442#endif
1443}
1444
4a36297c
LP		 1445static int become_shutdown(
1446 const char *shutdown_verb,
7eb35049 1447 int retval) {
4a36297c
LP		 1448
1449 char log_level[DECIMAL_STR_MAX(int) + 1],
e73c54b8
JK		 1450 exit_code[DECIMAL_STR_MAX(uint8_t) + 1],
1451 timeout[DECIMAL_STR_MAX(usec_t) + 1];
4a36297c 1452
e73c54b8 1453 const char* command_line[13] = {
4a36297c
LP		 1454 SYSTEMD_SHUTDOWN_BINARY_PATH,
1455 shutdown_verb,
e73c54b8 1456 "--timeout", timeout,
4a36297c
LP		 1457 "--log-level", log_level,
1458 "--log-target",
1459 };
1460
1461 _cleanup_strv_free_ char **env_block = NULL;
e73c54b8 1462 size_t pos = 7;
4a36297c 1463 int r;
acafd7d8 1464 usec_t watchdog_timer = 0;
4a36297c 1465
7eb35049 1466 assert(shutdown_verb);
234519ae 1467 assert(!command_line[pos]);
4a36297c
LP		 1468 env_block = strv_copy(environ);
1469
1470 xsprintf(log_level, "%d", log_get_max_level());
e73c54b8 1471 xsprintf(timeout, "%" PRI_USEC "us", arg_default_timeout_stop_usec);
4a36297c
LP		 1472
1473 switch (log_get_target()) {
1474
1475 case LOG_TARGET_KMSG:
1476 case LOG_TARGET_JOURNAL_OR_KMSG:
1477 case LOG_TARGET_SYSLOG_OR_KMSG:
1478 command_line[pos++] = "kmsg";
1479 break;
1480
1481 case LOG_TARGET_NULL:
1482 command_line[pos++] = "null";
1483 break;
1484
1485 case LOG_TARGET_CONSOLE:
1486 default:
1487 command_line[pos++] = "console";
1488 break;
1489 };
1490
1491 if (log_get_show_color())
1492 command_line[pos++] = "--log-color";
1493
1494 if (log_get_show_location())
1495 command_line[pos++] = "--log-location";
1496
c5673ed0
DS		 1497 if (log_get_show_time())
1498 command_line[pos++] = "--log-time";
1499
4a36297c
LP		 1500 if (streq(shutdown_verb, "exit")) {
1501 command_line[pos++] = "--exit-code";
1502 command_line[pos++] = exit_code;
1503 xsprintf(exit_code, "%d", retval);
1504 }
1505
1506 assert(pos < ELEMENTSOF(command_line));
1507
acafd7d8 1508 if (streq(shutdown_verb, "reboot"))
65224c1d 1509 watchdog_timer = arg_reboot_watchdog;
acafd7d8
LB		 1510 else if (streq(shutdown_verb, "kexec"))
1511 watchdog_timer = arg_kexec_watchdog;
1512
1513 if (watchdog_timer > 0 && watchdog_timer != USEC_INFINITY) {
7eb35049 1514
4a36297c
LP		 1515 char *e;
1516
acafd7d8 1517 /* If we reboot or kexec let's set the shutdown
4a36297c
LP		 1518 * watchdog and tell the shutdown binary to
1519 * repeatedly ping it */
acafd7d8 1520 r = watchdog_set_timeout(&watchdog_timer);
4a36297c
LP		 1521 watchdog_close(r < 0);
1522
1523 /* Tell the binary how often to ping, ignore failure */
acafd7d8 1524 if (asprintf(&e, "WATCHDOG_USEC="USEC_FMT, watchdog_timer) > 0)
8a2c1fbf
EJ		 1525 (void) strv_consume(&env_block, e);
1526
1527 if (arg_watchdog_device &&
1528 asprintf(&e, "WATCHDOG_DEVICE=%s", arg_watchdog_device) > 0)
1529 (void) strv_consume(&env_block, e);
4a36297c
LP		 1530 } else
1531 watchdog_close(true);
1532
1533 /* Avoid the creation of new processes forked by the
1534 * kernel; at this point, we will not listen to the
1535 * signals anyway */
1536 if (detect_container() <= 0)
1537 (void) cg_uninstall_release_agent(SYSTEMD_CGROUP_CONTROLLER);
1538
1539 execve(SYSTEMD_SHUTDOWN_BINARY_PATH, (char **) command_line, env_block);
1540 return -errno;
1541}
1542
e839bafd
LP		 1543static void initialize_clock(void) {
1544 int r;
1545
3753325b
LP		 1546 /* This is called very early on, before we parse the kernel command line or otherwise figure out why
1547 * we are running, but only once. */
1548
e839bafd
LP		 1549 if (clock_is_localtime(NULL) > 0) {
1550 int min;
1551
1552 /*
1553 * The very first call of settimeofday() also does a time warp in the kernel.
1554 *
1555 * In the rtc-in-local time mode, we set the kernel's timezone, and rely on external tools to take care
1556 * of maintaining the RTC and do all adjustments. This matches the behavior of Windows, which leaves
1557 * the RTC alone if the registry tells that the RTC runs in UTC.
1558 */
1559 r = clock_set_timezone(&min);
1560 if (r < 0)
1561 log_error_errno(r, "Failed to apply local time delta, ignoring: %m");
1562 else
1563 log_info("RTC configured in localtime, applying delta of %i minutes to system time.", min);
1564
1565 } else if (!in_initrd()) {
1566 /*
1567 * Do a dummy very first call to seal the kernel's time warp magic.
1568 *
1569 * Do not call this from inside the initrd. The initrd might not carry /etc/adjtime with LOCAL, but the
1570 * real system could be set up that way. In such case, we need to delay the time-warp or the sealing
1571 * until we reach the real system.
1572 *
1573 * Do no set the kernel's timezone. The concept of local time cannot be supported reliably, the time
1574 * will jump or be incorrect at every daylight saving time change. All kernel local time concepts will
1575 * be treated as UTC that way.
1576 */
1577 (void) clock_reset_timewarp();
1578 }
1579
1580 r = clock_apply_epoch();
1581 if (r < 0)
1582 log_error_errno(r, "Current system time is before build time, but cannot correct: %m");
1583 else if (r > 0)
1584 log_info("System time before build time, advancing clock.");
1585}
1586
3753325b
LP		 1587static void apply_clock_update(void) {
1588 struct timespec ts;
1589
1590 /* This is called later than initialize_clock(), i.e. after we parsed configuration files/kernel
1591 * command line and such. */
1592
1593 if (arg_clock_usec == 0)
1594 return;
1595
45250e66
LP		 1596 if (getpid_cached() != 1)
1597 return;
1598
3753325b
LP		 1599 if (clock_settime(CLOCK_REALTIME, timespec_store(&ts, arg_clock_usec)) < 0)
1600 log_error_errno(errno, "Failed to set system clock to time specified on kernel command line: %m");
1601 else {
1602 char buf[FORMAT_TIMESTAMP_MAX];
1603
1604 log_info("Set system clock to %s, as specified on the kernel command line.",
1605 format_timestamp(buf, sizeof(buf), arg_clock_usec));
1606 }
1607}
1608
d247f232
LP		 1609static void cmdline_take_random_seed(void) {
1610 _cleanup_close_ int random_fd = -1;
1611 size_t suggested;
1612 int r;
1613
1614 if (arg_random_seed_size == 0)
1615 return;
1616
1617 if (getpid_cached() != 1)
1618 return;
1619
1620 assert(arg_random_seed);
1621 suggested = random_pool_size();
1622
1623 if (arg_random_seed_size < suggested)
1624 log_warning("Random seed specified on kernel command line has size %zu, but %zu bytes required to fill entropy pool.",
1625 arg_random_seed_size, suggested);
1626
1627 random_fd = open("/dev/urandom", O_WRONLY|O_CLOEXEC|O_NOCTTY);
1628 if (random_fd < 0) {
1629 log_warning_errno(errno, "Failed to open /dev/urandom for writing, ignoring: %m");
1630 return;
1631 }
1632
1633 r = random_write_entropy(random_fd, arg_random_seed, arg_random_seed_size, true);
1634 if (r < 0) {
1635 log_warning_errno(r, "Failed to credit entropy specified on kernel command line, ignoring: %m");
1636 return;
1637 }
1638
1639 log_notice("Successfully credited entropy passed on kernel command line.\n"
1640 "Note that the seed provided this way is accessible to unprivileged programs. This functionality should not be used outside of testing environments.");
1641}
1642
1e41242e 1643static void initialize_coredump(bool skip_setup) {
752bcb77 1644#if ENABLE_COREDUMP
1e41242e
LP		 1645 if (getpid_cached() != 1)
1646 return;
1647
1648 /* Don't limit the core dump size, so that coredump handlers such as systemd-coredump (which honour the limit)
1649 * will process core dumps for system services by default. */
1650 if (setrlimit(RLIMIT_CORE, &RLIMIT_MAKE_CONST(RLIM_INFINITY)) < 0)
1651 log_warning_errno(errno, "Failed to set RLIMIT_CORE: %m");
1652
c6885f5f
FB		 1653 /* But at the same time, turn off the core_pattern logic by default, so that no
1654 * coredumps are stored until the systemd-coredump tool is enabled via
1655 * sysctl. However it can be changed via the kernel command line later so core
1656 * dumps can still be generated during early startup and in initramfs. */
1e41242e 1657 if (!skip_setup)
e557b1a6 1658 disable_coredumps();
752bcb77 1659#endif
1e41242e
LP		 1660}
1661
c6885f5f
FB		 1662static void initialize_core_pattern(bool skip_setup) {
1663 int r;
1664
1665 if (skip_setup || !arg_early_core_pattern)
1666 return;
1667
1668 if (getpid_cached() != 1)
1669 return;
1670
57512c89 1671 r = write_string_file("/proc/sys/kernel/core_pattern", arg_early_core_pattern, WRITE_STRING_FILE_DISABLE_BUFFER);
c6885f5f
FB		 1672 if (r < 0)
1673 log_warning_errno(r, "Failed to write '%s' to /proc/sys/kernel/core_pattern, ignoring: %m", arg_early_core_pattern);
1674}
1675
61fbbac1
ZJS		 1676static void update_cpu_affinity(bool skip_setup) {
1677 _cleanup_free_ char *mask = NULL;
1678
1679 if (skip_setup || !arg_cpu_affinity.set)
1680 return;
1681
1682 assert(arg_cpu_affinity.allocated > 0);
1683
1684 mask = cpu_set_to_string(&arg_cpu_affinity);
1685 log_debug("Setting CPU affinity to %s.", strnull(mask));
1686
1687 if (sched_setaffinity(0, arg_cpu_affinity.allocated, arg_cpu_affinity.set) < 0)
1688 log_warning_errno(errno, "Failed to set CPU affinity: %m");
1689}
1690
b070c7c0
MS		 1691static void update_numa_policy(bool skip_setup) {
1692 int r;
1693 _cleanup_free_ char *nodes = NULL;
1694 const char * policy = NULL;
1695
1696 if (skip_setup || !mpol_is_valid(numa_policy_get_type(&arg_numa_policy)))
1697 return;
1698
1699 if (DEBUG_LOGGING) {
1700 policy = mpol_to_string(numa_policy_get_type(&arg_numa_policy));
1701 nodes = cpu_set_to_range_string(&arg_numa_policy.nodes);
1702 log_debug("Setting NUMA policy to %s, with nodes %s.", strnull(policy), strnull(nodes));
1703 }
1704
1705 r = apply_numa_policy(&arg_numa_policy);
1706 if (r == -EOPNOTSUPP)
1707 log_debug_errno(r, "NUMA support not available, ignoring.");
1708 else if (r < 0)
1709 log_warning_errno(r, "Failed to set NUMA memory policy: %m");
1710}
1711
3c7878f9
LP		 1712static void do_reexecute(
1713 int argc,
1714 char *argv[],
1715 const struct rlimit *saved_rlimit_nofile,
1716 const struct rlimit *saved_rlimit_memlock,
1717 FDSet *fds,
1718 const char *switch_root_dir,
1719 const char *switch_root_init,
1720 const char **ret_error_message) {
1721
1722 unsigned i, j, args_size;
1723 const char **args;
1724 int r;
1725
1726 assert(saved_rlimit_nofile);
1727 assert(saved_rlimit_memlock);
1728 assert(ret_error_message);
1729
1730 /* Close and disarm the watchdog, so that the new instance can reinitialize it, but doesn't get rebooted while
1731 * we do that */
1732 watchdog_close(true);
1733
ddfa8b0b
LP		 1734 /* Reset RLIMIT_NOFILE + RLIMIT_MEMLOCK back to the kernel defaults, so that the new systemd can pass
1735 * the kernel default to its child processes */
1736 if (saved_rlimit_nofile->rlim_cur != 0)
3c7878f9 1737 (void) setrlimit(RLIMIT_NOFILE, saved_rlimit_nofile);
ddfa8b0b 1738 if (saved_rlimit_memlock->rlim_cur != RLIM_INFINITY)
3c7878f9
LP		 1739 (void) setrlimit(RLIMIT_MEMLOCK, saved_rlimit_memlock);
1740
1741 if (switch_root_dir) {
1742 /* Kill all remaining processes from the initrd, but don't wait for them, so that we can handle the
1743 * SIGCHLD for them after deserializing. */
e73c54b8 1744 broadcast_signal(SIGTERM, false, true, arg_default_timeout_stop_usec);
3c7878f9
LP		 1745
1746 /* And switch root with MS_MOVE, because we remove the old directory afterwards and detach it. */
1747 r = switch_root(switch_root_dir, "/mnt", true, MS_MOVE);
1748 if (r < 0)
1749 log_error_errno(r, "Failed to switch root, trying to continue: %m");
1750 }
1751
1752 args_size = MAX(6, argc+1);
1753 args = newa(const char*, args_size);
1754
1755 if (!switch_root_init) {
1756 char sfd[DECIMAL_STR_MAX(int) + 1];
1757
1758 /* First try to spawn ourselves with the right path, and with full serialization. We do this only if
1759 * the user didn't specify an explicit init to spawn. */
1760
1761 assert(arg_serialization);
1762 assert(fds);
1763
1764 xsprintf(sfd, "%i", fileno(arg_serialization));
1765
1766 i = 0;
1767 args[i++] = SYSTEMD_BINARY_PATH;
1768 if (switch_root_dir)
1769 args[i++] = "--switched-root";
1770 args[i++] = arg_system ? "--system" : "--user";
1771 args[i++] = "--deserialize";
1772 args[i++] = sfd;
1773 args[i++] = NULL;
1774
1775 assert(i <= args_size);
1776
1777 /*
1778 * We want valgrind to print its memory usage summary before reexecution. Valgrind won't do this is on
1779 * its own on exec(), but it will do it on exit(). Hence, to ensure we get a summary here, fork() off
1780 * a child, let it exit() cleanly, so that it prints the summary, and wait() for it in the parent,
1781 * before proceeding into the exec().
1782 */
1783 valgrind_summary_hack();
1784
1785 (void) execv(args[0], (char* const*) args);
1786 log_debug_errno(errno, "Failed to execute our own binary, trying fallback: %m");
1787 }
1788
1789 /* Try the fallback, if there is any, without any serialization. We pass the original argv[] and envp[]. (Well,
1790 * modulo the ordering changes due to getopt() in argv[], and some cleanups in envp[], but let's hope that
1791 * doesn't matter.) */
1792
1793 arg_serialization = safe_fclose(arg_serialization);
1794 fds = fdset_free(fds);
1795
1796 /* Reopen the console */
1797 (void) make_console_stdio();
1798
1799 for (j = 1, i = 1; j < (unsigned) argc; j++)
1800 args[i++] = argv[j];
1801 args[i++] = NULL;
1802 assert(i <= args_size);
1803
5238e957 1804 /* Re-enable any blocked signals, especially important if we switch from initial ramdisk to init=... */
3c7878f9
LP		 1805 (void) reset_all_signal_handlers();
1806 (void) reset_signal_mask();
595225af 1807 (void) rlimit_nofile_safe();
3c7878f9
LP		 1808
1809 if (switch_root_init) {
1810 args[0] = switch_root_init;
a5cede8c 1811 (void) execve(args[0], (char* const*) args, saved_env);
3c7878f9
LP		 1812 log_warning_errno(errno, "Failed to execute configured init, trying fallback: %m");
1813 }
1814
1815 args[0] = "/sbin/init";
1816 (void) execv(args[0], (char* const*) args);
1817 r = -errno;
1818
1819 manager_status_printf(NULL, STATUS_TYPE_EMERGENCY,
1820 ANSI_HIGHLIGHT_RED " !! " ANSI_NORMAL,
1821 "Failed to execute /sbin/init");
1822
1823 if (r == -ENOENT) {
1824 log_warning("No /sbin/init, trying fallback");
1825
1826 args[0] = "/bin/sh";
1827 args[1] = NULL;
a5cede8c 1828 (void) execve(args[0], (char* const*) args, saved_env);
3c7878f9
LP		 1829 log_error_errno(errno, "Failed to execute /bin/sh, giving up: %m");
1830 } else
1831 log_warning_errno(r, "Failed to execute /sbin/init, giving up: %m");
1832
1833 *ret_error_message = "Failed to execute fallback shell";
1834}
1835
7eb35049
LP		 1836static int invoke_main_loop(
1837 Manager *m,
a9fd4cd1
FB		 1838 const struct rlimit *saved_rlimit_nofile,
1839 const struct rlimit *saved_rlimit_memlock,
7eb35049
LP		 1840 bool *ret_reexecute,
1841 int *ret_retval, /* Return parameters relevant for shutting down */
1842 const char **ret_shutdown_verb, /* … */
1843 FDSet **ret_fds, /* Return parameters for reexecuting */
1844 char **ret_switch_root_dir, /* … */
1845 char **ret_switch_root_init, /* … */
1846 const char **ret_error_message) {
1847
1848 int r;
1849
1850 assert(m);
a9fd4cd1
FB		 1851 assert(saved_rlimit_nofile);
1852 assert(saved_rlimit_memlock);
7eb35049
LP		 1853 assert(ret_reexecute);
1854 assert(ret_retval);
1855 assert(ret_shutdown_verb);
1856 assert(ret_fds);
1857 assert(ret_switch_root_dir);
1858 assert(ret_switch_root_init);
1859 assert(ret_error_message);
1860
1861 for (;;) {
1862 r = manager_loop(m);
1863 if (r < 0) {
1864 *ret_error_message = "Failed to run main loop";
1865 return log_emergency_errno(r, "Failed to run main loop: %m");
1866 }
1867
3ca4d0b3 1868 switch ((ManagerObjective) r) {
7eb35049 1869
a6ecbf83 1870 case MANAGER_RELOAD: {
bda7d78b 1871 LogTarget saved_log_target;
a6ecbf83
FB		 1872 int saved_log_level;
1873
7eb35049
LP		 1874 log_info("Reloading.");
1875
3fe91079 1876 /* First, save any overridden log level/target, then parse the configuration file, which might
bda7d78b
FB		 1877 * change the log level to new settings. */
1878
a6ecbf83 1879 saved_log_level = m->log_level_overridden ? log_get_max_level() : -1;
bda7d78b 1880 saved_log_target = m->log_target_overridden ? log_get_target() : _LOG_TARGET_INVALID;
a6ecbf83 1881
a9fd4cd1 1882 (void) parse_configuration(saved_rlimit_nofile, saved_rlimit_memlock);
7eb35049
LP		 1883
1884 set_manager_defaults(m);
986935cf 1885 set_manager_settings(m);
7eb35049 1886
61fbbac1 1887 update_cpu_affinity(false);
b070c7c0 1888 update_numa_policy(false);
61fbbac1 1889
a6ecbf83
FB		 1890 if (saved_log_level >= 0)
1891 manager_override_log_level(m, saved_log_level);
bda7d78b
FB		 1892 if (saved_log_target >= 0)
1893 manager_override_log_target(m, saved_log_target);
a6ecbf83 1894
7eb35049
LP		 1895 r = manager_reload(m);
1896 if (r < 0)
7a35fa24
LP		 1897 /* Reloading failed before the point of no return. Let's continue running as if nothing happened. */
1898 m->objective = MANAGER_OK;
7eb35049
LP		 1899
1900 break;
a6ecbf83 1901 }
7eb35049
LP		 1902
1903 case MANAGER_REEXECUTE:
1904
1905 r = prepare_reexecute(m, &arg_serialization, ret_fds, false);
1906 if (r < 0) {
1907 *ret_error_message = "Failed to prepare for reexecution";
1908 return r;
1909 }
1910
1911 log_notice("Reexecuting.");
1912
1913 *ret_reexecute = true;
1914 *ret_retval = EXIT_SUCCESS;
1915 *ret_shutdown_verb = NULL;
1916 *ret_switch_root_dir = *ret_switch_root_init = NULL;
1917
1918 return 0;
1919
1920 case MANAGER_SWITCH_ROOT:
1921 if (!m->switch_root_init) {
1922 r = prepare_reexecute(m, &arg_serialization, ret_fds, true);
1923 if (r < 0) {
1924 *ret_error_message = "Failed to prepare for reexecution";
1925 return r;
1926 }
1927 } else
1928 *ret_fds = NULL;
1929
1930 log_notice("Switching root.");
1931
1932 *ret_reexecute = true;
1933 *ret_retval = EXIT_SUCCESS;
1934 *ret_shutdown_verb = NULL;
1935
1936 /* Steal the switch root parameters */
49052946
YW		 1937 *ret_switch_root_dir = TAKE_PTR(m->switch_root);
1938 *ret_switch_root_init = TAKE_PTR(m->switch_root_init);
7eb35049
LP		 1939
1940 return 0;
1941
1942 case MANAGER_EXIT:
1943
1944 if (MANAGER_IS_USER(m)) {
1945 log_debug("Exit.");
1946
1947 *ret_reexecute = false;
1948 *ret_retval = m->return_value;
1949 *ret_shutdown_verb = NULL;
1950 *ret_fds = NULL;
1951 *ret_switch_root_dir = *ret_switch_root_init = NULL;
1952
1953 return 0;
1954 }
1955
1956 _fallthrough_;
1957 case MANAGER_REBOOT:
1958 case MANAGER_POWEROFF:
1959 case MANAGER_HALT:
1960 case MANAGER_KEXEC: {
af41e508
LP		 1961 static const char * const table[_MANAGER_OBJECTIVE_MAX] = {
1962 [MANAGER_EXIT] = "exit",
1963 [MANAGER_REBOOT] = "reboot",
7eb35049 1964 [MANAGER_POWEROFF] = "poweroff",
af41e508
LP		 1965 [MANAGER_HALT] = "halt",
1966 [MANAGER_KEXEC] = "kexec",
7eb35049
LP		 1967 };
1968
1969 log_notice("Shutting down.");
1970
1971 *ret_reexecute = false;
1972 *ret_retval = m->return_value;
af41e508 1973 assert_se(*ret_shutdown_verb = table[m->objective]);
7eb35049
LP		 1974 *ret_fds = NULL;
1975 *ret_switch_root_dir = *ret_switch_root_init = NULL;
1976
1977 return 0;
1978 }
1979
1980 default:
af41e508 1981 assert_not_reached("Unknown or unexpected manager objective.");
7eb35049
LP		 1982 }
1983 }
1984}
1985
31aef7ff
LP		 1986static void log_execution_mode(bool *ret_first_boot) {
1987 assert(ret_first_boot);
1988
1989 if (arg_system) {
1990 int v;
1991
681bd2c5 1992 log_info("systemd " GIT_VERSION " running in %ssystem mode. (" SYSTEMD_FEATURES ")",
31aef7ff
LP		 1993 arg_action == ACTION_TEST ? "test " : "" );
1994
1995 v = detect_virtualization();
1996 if (v > 0)
1997 log_info("Detected virtualization %s.", virtualization_to_string(v));
1998
1999 log_info("Detected architecture %s.", architecture_to_string(uname_architecture()));
2000
2001 if (in_initrd()) {
2002 *ret_first_boot = false;
2003 log_info("Running in initial RAM disk.");
2004 } else {
2005 /* Let's check whether we are in first boot, i.e. whether /etc is still unpopulated. We use
2006 * /etc/machine-id as flag file, for this: if it exists we assume /etc is populated, if it
2007 * doesn't it's unpopulated. This allows container managers and installers to provision a
2008 * couple of files already. If the container manager wants to provision the machine ID itself
2009 * it should pass $container_uuid to PID 1. */
2010
2011 *ret_first_boot = access("/etc/machine-id", F_OK) < 0;
2012 if (*ret_first_boot)
2013 log_info("Running with unpopulated /etc.");
2014 }
2015 } else {
b9e90f3a
LP		 2016 if (DEBUG_LOGGING) {
2017 _cleanup_free_ char *t;
31aef7ff 2018
b9e90f3a 2019 t = uid_to_name(getuid());
681bd2c5 2020 log_debug("systemd " GIT_VERSION " running in %suser mode for user " UID_FMT "/%s. (" SYSTEMD_FEATURES ")",
b9e90f3a
LP		 2021 arg_action == ACTION_TEST ? " test" : "", getuid(), strna(t));
2022 }
31aef7ff
LP		 2023
2024 *ret_first_boot = false;
2025 }
2026}
2027
5afbaa36
LP		 2028static int initialize_runtime(
2029 bool skip_setup,
2030 struct rlimit *saved_rlimit_nofile,
2031 struct rlimit *saved_rlimit_memlock,
2032 const char **ret_error_message) {
5afbaa36
LP		 2033 int r;
2034
2035 assert(ret_error_message);
2036
2037 /* Sets up various runtime parameters. Many of these initializations are conditionalized:
2038 *
2039 * - Some only apply to --system instances
2040 * - Some only apply to --user instances
2041 * - Some only apply when we first start up, but not when we reexecute
2042 */
2043
2d776038
LP		 2044 if (arg_action != ACTION_RUN)
2045 return 0;
2046
61fbbac1 2047 update_cpu_affinity(skip_setup);
b070c7c0 2048 update_numa_policy(skip_setup);
61fbbac1 2049
3c3c6cb9 2050 if (arg_system) {
5238e957 2051 /* Make sure we leave a core dump without panicking the kernel. */
3c3c6cb9 2052 install_crash_handler();
5afbaa36 2053
3c3c6cb9 2054 if (!skip_setup) {
143fadf3 2055 r = mount_cgroup_controllers();
3c3c6cb9
LP		 2056 if (r < 0) {
2057 *ret_error_message = "Failed to mount cgroup hierarchies";
2058 return r;
2059 }
2060
2061 status_welcome();
2062 hostname_setup();
2063 machine_id_setup(NULL, arg_machine_id, NULL);
df883de9 2064 (void) loopback_setup();
3c3c6cb9 2065 bump_unix_max_dgram_qlen();
a8b627aa 2066 bump_file_max_and_nr_open();
3c3c6cb9
LP		 2067 test_usr();
2068 write_container_id();
2069 }
8a2c1fbf 2070
3c3c6cb9
LP		 2071 if (arg_watchdog_device) {
2072 r = watchdog_set_device(arg_watchdog_device);
2073 if (r < 0)
2074 log_warning_errno(r, "Failed to set watchdog device to %s, ignoring: %m", arg_watchdog_device);
2075 }
3c3c6cb9 2076 }
5afbaa36
LP		 2077
2078 if (arg_timer_slack_nsec != NSEC_INFINITY)
2079 if (prctl(PR_SET_TIMERSLACK, arg_timer_slack_nsec) < 0)
3a671cd1 2080 log_warning_errno(errno, "Failed to adjust timer slack, ignoring: %m");
5afbaa36
LP		 2081
2082 if (arg_system && !cap_test_all(arg_capability_bounding_set)) {
2083 r = capability_bounding_set_drop_usermode(arg_capability_bounding_set);
2084 if (r < 0) {
2085 *ret_error_message = "Failed to drop capability bounding set of usermode helpers";
2086 return log_emergency_errno(r, "Failed to drop capability bounding set of usermode helpers: %m");
2087 }
2088
2089 r = capability_bounding_set_drop(arg_capability_bounding_set, true);
2090 if (r < 0) {
2091 *ret_error_message = "Failed to drop capability bounding set";
2092 return log_emergency_errno(r, "Failed to drop capability bounding set: %m");
2093 }
2094 }
2095
39362f6f
JB		 2096 if (arg_system && arg_no_new_privs) {
2097 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
2098 *ret_error_message = "Failed to disable new privileges";
2099 return log_emergency_errno(errno, "Failed to disable new privileges: %m");
2100 }
2101 }
2102
5afbaa36
LP		 2103 if (arg_syscall_archs) {
2104 r = enforce_syscall_archs(arg_syscall_archs);
2105 if (r < 0) {
2106 *ret_error_message = "Failed to set syscall architectures";
2107 return r;
2108 }
2109 }
2110
2111 if (!arg_system)
2112 /* Become reaper of our children */
2113 if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0)
2114 log_warning_errno(errno, "Failed to make us a subreaper: %m");
2115
a17c1712
LP		 2116 /* Bump up RLIMIT_NOFILE for systemd itself */
2117 (void) bump_rlimit_nofile(saved_rlimit_nofile);
2118 (void) bump_rlimit_memlock(saved_rlimit_memlock);
5afbaa36
LP		 2119
2120 return 0;
2121}
2122
6acca5fc
LP		 2123static int do_queue_default_job(
2124 Manager *m,
2125 const char **ret_error_message) {
2126
2127 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
f1d075dc
ZJS		 2128 const char *unit;
2129 Job *job;
2130 Unit *target;
6acca5fc
LP		 2131 int r;
2132
8755dbad 2133 if (arg_default_unit)
f1d075dc 2134 unit = arg_default_unit;
8755dbad 2135 else if (in_initrd())
f1d075dc 2136 unit = SPECIAL_INITRD_TARGET;
8755dbad 2137 else
f1d075dc 2138 unit = SPECIAL_DEFAULT_TARGET;
8755dbad 2139
f1d075dc 2140 log_debug("Activating default unit: %s", unit);
8755dbad 2141
f1d075dc 2142 r = manager_load_startable_unit_or_warn(m, unit, NULL, &target);
8755dbad
ZJS		 2143 if (r < 0 && in_initrd() && !arg_default_unit) {
2144 /* Fall back to default.target, which we used to always use by default. Only do this if no
2145 * explicit configuration was given. */
2146
2147 log_info("Falling back to " SPECIAL_DEFAULT_TARGET ".");
6acca5fc 2148
8755dbad
ZJS		 2149 r = manager_load_startable_unit_or_warn(m, SPECIAL_DEFAULT_TARGET, NULL, &target);
2150 }
4109ede7 2151 if (r < 0) {
8755dbad 2152 log_info("Falling back to " SPECIAL_RESCUE_TARGET ".");
6acca5fc 2153
4109ede7 2154 r = manager_load_startable_unit_or_warn(m, SPECIAL_RESCUE_TARGET, NULL, &target);
6acca5fc 2155 if (r < 0) {
8755dbad
ZJS		 2156 *ret_error_message = r == -ERFKILL ? SPECIAL_RESCUE_TARGET " masked"
2157 : "Failed to load " SPECIAL_RESCUE_TARGET;
4109ede7 2158 return r;
6acca5fc
LP		 2159 }
2160 }
2161
2162 assert(target->load_state == UNIT_LOADED);
2163
f1d075dc 2164 r = manager_add_job(m, JOB_START, target, JOB_ISOLATE, NULL, &error, &job);
6acca5fc
LP		 2165 if (r == -EPERM) {
2166 log_debug_errno(r, "Default target could not be isolated, starting instead: %s", bus_error_message(&error, r));
2167
2168 sd_bus_error_free(&error);
2169
f1d075dc 2170 r = manager_add_job(m, JOB_START, target, JOB_REPLACE, NULL, &error, &job);
6acca5fc
LP		 2171 if (r < 0) {
2172 *ret_error_message = "Failed to start default target";
2173 return log_emergency_errno(r, "Failed to start default target: %s", bus_error_message(&error, r));
2174 }
2175
2176 } else if (r < 0) {
2177 *ret_error_message = "Failed to isolate default target";
2178 return log_emergency_errno(r, "Failed to isolate default target: %s", bus_error_message(&error, r));
c86c31d9
ZJS		 2179 } else
2180 log_info("Queued %s job for default target %s.",
2181 job_type_to_string(job->type),
2182 unit_status_string(job->unit));
6acca5fc 2183
f1d075dc 2184 m->default_unit_job_id = job->id;
6acca5fc
LP		 2185
2186 return 0;
2187}
2188
a9fd4cd1
FB		 2189static void save_rlimits(struct rlimit *saved_rlimit_nofile,
2190 struct rlimit *saved_rlimit_memlock) {
2191
2192 assert(saved_rlimit_nofile);
2193 assert(saved_rlimit_memlock);
2194
2195 if (getrlimit(RLIMIT_NOFILE, saved_rlimit_nofile) < 0)
2196 log_warning_errno(errno, "Reading RLIMIT_NOFILE failed, ignoring: %m");
2197
2198 if (getrlimit(RLIMIT_MEMLOCK, saved_rlimit_memlock) < 0)
2199 log_warning_errno(errno, "Reading RLIMIT_MEMLOCK failed, ignoring: %m");
2200}
2201
2202static void fallback_rlimit_nofile(const struct rlimit *saved_rlimit_nofile) {
2203 struct rlimit *rl;
2204
2205 if (arg_default_rlimit[RLIMIT_NOFILE])
2206 return;
2207
2208 /* Make sure forked processes get limits based on the original kernel setting */
2209
2210 rl = newdup(struct rlimit, saved_rlimit_nofile, 1);
2211 if (!rl) {
2212 log_oom();
2213 return;
2214 }
2215
2216 /* Bump the hard limit for system services to a substantially higher value. The default
2217 * hard limit current kernels set is pretty low (4K), mostly for historical
2218 * reasons. According to kernel developers, the fd handling in recent kernels has been
2219 * optimized substantially enough, so that we can bump the limit now, without paying too
2220 * high a price in memory or performance. Note however that we only bump the hard limit,
2221 * not the soft limit. That's because select() works the way it works, and chokes on fds
2222 * >= 1024. If we'd bump the soft limit globally, it might accidentally happen to
2223 * unexpecting programs that they get fds higher than what they can process using
2224 * select(). By only bumping the hard limit but leaving the low limit as it is we avoid
2225 * this pitfall: programs that are written by folks aware of the select() problem in mind
2226 * (and thus use poll()/epoll instead of select(), the way everybody should) can
2227 * explicitly opt into high fds by bumping their soft limit beyond 1024, to the hard limit
2228 * we pass. */
2229 if (arg_system) {
2230 int nr;
2231
2232 /* Get the underlying absolute limit the kernel enforces */
2233 nr = read_nr_open();
2234
2235 rl->rlim_max = MIN((rlim_t) nr, MAX(rl->rlim_max, (rlim_t) HIGH_RLIMIT_NOFILE));
2236 }
2237
2238 /* If for some reason we were invoked with a soft limit above 1024 (which should never
2239 * happen!, but who knows what we get passed in from pam_limit when invoked as --user
2240 * instance), then lower what we pass on to not confuse our children */
2241 rl->rlim_cur = MIN(rl->rlim_cur, (rlim_t) FD_SETSIZE);
2242
2243 arg_default_rlimit[RLIMIT_NOFILE] = rl;
2244}
2245
2246static void fallback_rlimit_memlock(const struct rlimit *saved_rlimit_memlock) {
2247 struct rlimit *rl;
2248
2249 /* Pass the original value down to invoked processes */
2250
2251 if (arg_default_rlimit[RLIMIT_MEMLOCK])
2252 return;
2253
2254 rl = newdup(struct rlimit, saved_rlimit_memlock, 1);
2255 if (!rl) {
2256 log_oom();
2257 return;
2258 }
2259
2260 arg_default_rlimit[RLIMIT_MEMLOCK] = rl;
2261}
2262
fb39af4c
ZJS		 2263static void reset_arguments(void) {
2264 /* Frees/resets arg_* variables, with a few exceptions commented below. */
970777b5
LP		 2265
2266 arg_default_unit = mfree(arg_default_unit);
fb39af4c
ZJS		 2267
2268 /* arg_system — ignore */
2269
2270 arg_dump_core = true;
2271 arg_crash_chvt = -1;
2272 arg_crash_shell = false;
2273 arg_crash_reboot = false;
970777b5 2274 arg_confirm_spawn = mfree(arg_confirm_spawn);
fb39af4c 2275 arg_show_status = _SHOW_STATUS_INVALID;
36cf4507 2276 arg_status_unit_format = STATUS_UNIT_FORMAT_DEFAULT;
fb39af4c
ZJS		 2277 arg_switched_root = false;
2278 arg_pager_flags = 0;
2279 arg_service_watchdogs = true;
2280 arg_default_std_output = EXEC_OUTPUT_JOURNAL;
2281 arg_default_std_error = EXEC_OUTPUT_INHERIT;
2282 arg_default_restart_usec = DEFAULT_RESTART_USEC;
2283 arg_default_timeout_start_usec = DEFAULT_TIMEOUT_USEC;
2284 arg_default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC;
2285 arg_default_timeout_abort_usec = DEFAULT_TIMEOUT_USEC;
2286 arg_default_timeout_abort_set = false;
2287 arg_default_start_limit_interval = DEFAULT_START_LIMIT_INTERVAL;
2288 arg_default_start_limit_burst = DEFAULT_START_LIMIT_BURST;
2289 arg_runtime_watchdog = 0;
65224c1d 2290 arg_reboot_watchdog = 10 * USEC_PER_MINUTE;
acafd7d8 2291 arg_kexec_watchdog = 0;
fb39af4c
ZJS		 2292 arg_early_core_pattern = NULL;
2293 arg_watchdog_device = NULL;
2294
970777b5 2295 arg_default_environment = strv_free(arg_default_environment);
fb39af4c
ZJS		 2296 rlimit_free_all(arg_default_rlimit);
2297
2298 arg_capability_bounding_set = CAP_ALL;
2299 arg_no_new_privs = false;
2300 arg_timer_slack_nsec = NSEC_INFINITY;
2301 arg_default_timer_accuracy_usec = 1 * USEC_PER_MINUTE;
2302
970777b5 2303 arg_syscall_archs = set_free(arg_syscall_archs);
61fbbac1 2304
fb39af4c
ZJS		 2305 /* arg_serialization — ignore */
2306
2307 arg_default_cpu_accounting = -1;
2308 arg_default_io_accounting = false;
2309 arg_default_ip_accounting = false;
2310 arg_default_blockio_accounting = false;
2311 arg_default_memory_accounting = MEMORY_ACCOUNTING_DEFAULT;
2312 arg_default_tasks_accounting = true;
3a0f06c4 2313 arg_default_tasks_max = DEFAULT_TASKS_MAX;
fb39af4c
ZJS		 2314 arg_machine_id = (sd_id128_t) {};
2315 arg_cad_burst_action = EMERGENCY_ACTION_REBOOT_FORCE;
2316 arg_default_oom_policy = OOM_STOP;
2317
61fbbac1 2318 cpu_set_reset(&arg_cpu_affinity);
b070c7c0 2319 numa_policy_reset(&arg_numa_policy);
d247f232
LP		 2320
2321 arg_random_seed = mfree(arg_random_seed);
2322 arg_random_seed_size = 0;
33d943d1 2323 arg_clock_usec = 0;
970777b5
LP		 2324}
2325
a9fd4cd1
FB		 2326static int parse_configuration(const struct rlimit *saved_rlimit_nofile,
2327 const struct rlimit *saved_rlimit_memlock) {
97d1fb94
LP		 2328 int r;
2329
a9fd4cd1
FB		 2330 assert(saved_rlimit_nofile);
2331 assert(saved_rlimit_memlock);
2332
fb39af4c
ZJS		 2333 /* Assign configuration defaults */
2334 reset_arguments();
2335
97d1fb94 2336 r = parse_config_file();
470a5e6d
ZJS		 2337 if (r < 0)
2338 log_warning_errno(r, "Failed to parse config file, ignoring: %m");
97d1fb94
LP		 2339
2340 if (arg_system) {
2341 r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, 0);
2342 if (r < 0)
2343 log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
2344 }
2345
a9fd4cd1
FB		 2346 /* Initialize some default rlimits for services if they haven't been configured */
2347 fallback_rlimit_nofile(saved_rlimit_nofile);
2348 fallback_rlimit_memlock(saved_rlimit_memlock);
2349
97d1fb94
LP		 2350 /* Note that this also parses bits from the kernel command line, including "debug". */
2351 log_parse_environment();
2352
db33214b 2353 /* Initialize the show status setting if it hasn't been set explicitly yet */
7a293242 2354 if (arg_show_status == _SHOW_STATUS_INVALID)
db33214b
LP		 2355 arg_show_status = SHOW_STATUS_YES;
2356
97d1fb94
LP		 2357 return 0;
2358}
2359
b0d7c989
LP		 2360static int safety_checks(void) {
2361
febf46a4 2362 if (getpid_cached() == 1 &&
baaa35ad
ZJS		 2363 arg_action != ACTION_RUN)
2364 return log_error_errno(SYNTHETIC_ERRNO(EPERM),
2365 "Unsupported execution mode while PID 1.");
febf46a4
LP		 2366
2367 if (getpid_cached() == 1 &&
baaa35ad
ZJS		 2368 !arg_system)
2369 return log_error_errno(SYNTHETIC_ERRNO(EPERM),
2370 "Can't run --user mode as PID 1.");
febf46a4
LP		 2371
2372 if (arg_action == ACTION_RUN &&
2373 arg_system &&
baaa35ad
ZJS		 2374 getpid_cached() != 1)
2375 return log_error_errno(SYNTHETIC_ERRNO(EPERM),
2376 "Can't run system mode unless PID 1.");
febf46a4 2377
b0d7c989 2378 if (arg_action == ACTION_TEST &&
baaa35ad
ZJS		 2379 geteuid() == 0)
2380 return log_error_errno(SYNTHETIC_ERRNO(EPERM),
2381 "Don't run test mode as root.");
b0d7c989
LP		 2382
2383 if (!arg_system &&
2384 arg_action == ACTION_RUN &&
baaa35ad
ZJS		 2385 sd_booted() <= 0)
2386 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
2387 "Trying to run as user instance, but the system has not been booted with systemd.");
b0d7c989
LP		 2388
2389 if (!arg_system &&
2390 arg_action == ACTION_RUN &&
baaa35ad
ZJS		 2391 !getenv("XDG_RUNTIME_DIR"))
2392 return log_error_errno(SYNTHETIC_ERRNO(EUNATCH),
2393 "Trying to run as user instance, but $XDG_RUNTIME_DIR is not set.");
b0d7c989
LP		 2394
2395 if (arg_system &&
2396 arg_action == ACTION_RUN &&
baaa35ad
ZJS		 2397 running_in_chroot() > 0)
2398 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
2399 "Cannot be run in a chroot() environment.");
b0d7c989
LP		 2400
2401 return 0;
2402}
2403
74da609f
LP		 2404static int initialize_security(
2405 bool *loaded_policy,
2406 dual_timestamp *security_start_timestamp,
2407 dual_timestamp *security_finish_timestamp,
2408 const char **ret_error_message) {
2409
2410 int r;
2411
2412 assert(loaded_policy);
2413 assert(security_start_timestamp);
2414 assert(security_finish_timestamp);
2415 assert(ret_error_message);
2416
2417 dual_timestamp_get(security_start_timestamp);
2418
97149f40 2419 r = mac_selinux_setup(loaded_policy);
74da609f
LP		 2420 if (r < 0) {
2421 *ret_error_message = "Failed to load SELinux policy";
2422 return r;
2423 }
2424
2425 r = mac_smack_setup(loaded_policy);
2426 if (r < 0) {
2427 *ret_error_message = "Failed to load SMACK policy";
2428 return r;
2429 }
2430
2ffadd3c
Y		 2431 r = mac_apparmor_setup();
2432 if (r < 0) {
2433 *ret_error_message = "Failed to load AppArmor policy";
2434 return r;
2435 }
2436
74da609f
LP		 2437 r = ima_setup();
2438 if (r < 0) {
2439 *ret_error_message = "Failed to load IMA policy";
2440 return r;
2441 }
2442
2443 dual_timestamp_get(security_finish_timestamp);
2444 return 0;
2445}
2446
263162da
LP		 2447static void test_summary(Manager *m) {
2448 assert(m);
2449
2450 printf("-> By units:\n");
2451 manager_dump_units(m, stdout, "\t");
2452
2453 printf("-> By jobs:\n");
2454 manager_dump_jobs(m, stdout, "\t");
2455}
2456
efeb853f
LP		 2457static int collect_fds(FDSet **ret_fds, const char **ret_error_message) {
2458 int r;
2459
2460 assert(ret_fds);
2461 assert(ret_error_message);
2462
2463 r = fdset_new_fill(ret_fds);
2464 if (r < 0) {
2465 *ret_error_message = "Failed to allocate fd set";
2466 return log_emergency_errno(r, "Failed to allocate fd set: %m");
2467 }
2468
2469 fdset_cloexec(*ret_fds, true);
2470
2471 if (arg_serialization)
2472 assert_se(fdset_remove(*ret_fds, fileno(arg_serialization)) >= 0);
2473
2474 return 0;
2475}
2476
2e51b31c
LP		 2477static void setup_console_terminal(bool skip_setup) {
2478
2479 if (!arg_system)
2480 return;
2481
2482 /* Become a session leader if we aren't one yet. */
2483 (void) setsid();
2484
2485 /* If we are init, we connect stdin/stdout/stderr to /dev/null and make sure we don't have a controlling
2486 * tty. */
2487 (void) release_terminal();
2488
2489 /* Reset the console, but only if this is really init and we are freshly booted */
2490 if (getpid_cached() == 1 && !skip_setup)
2491 (void) console_setup();
2492}
2493
aa40ff07
LP		 2494static bool early_skip_setup_check(int argc, char *argv[]) {
2495 bool found_deserialize = false;
2496 int i;
2497
2498 /* Determine if this is a reexecution or normal bootup. We do the full command line parsing much later, so
2499 * let's just have a quick peek here. Note that if we have switched root, do all the special setup things
2500 * anyway, even if in that case we also do deserialization. */
2501
2502 for (i = 1; i < argc; i++) {
aa40ff07
LP		 2503 if (streq(argv[i], "--switched-root"))
2504 return false; /* If we switched root, don't skip the setup. */
2505 else if (streq(argv[i], "--deserialize"))
2506 found_deserialize = true;
2507 }
2508
2509 return found_deserialize; /* When we are deserializing, then we are reexecuting, hence avoid the extensive setup */
2510}
2511
0e06a031
LP		 2512static int save_env(void) {
2513 char **l;
2514
2515 l = strv_copy(environ);
2516 if (!l)
2517 return -ENOMEM;
2518
2519 strv_free_and_replace(saved_env, l);
2520 return 0;
2521}
2522
60918275 2523int main(int argc, char *argv[]) {
625e8690
LP		 2524
2525 dual_timestamp initrd_timestamp = DUAL_TIMESTAMP_NULL, userspace_timestamp = DUAL_TIMESTAMP_NULL, kernel_timestamp = DUAL_TIMESTAMP_NULL,
2526 security_start_timestamp = DUAL_TIMESTAMP_NULL, security_finish_timestamp = DUAL_TIMESTAMP_NULL;
ddfa8b0b
LP		 2527 struct rlimit saved_rlimit_nofile = RLIMIT_MAKE_CONST(0),
2528 saved_rlimit_memlock = RLIMIT_MAKE_CONST(RLIM_INFINITY); /* The original rlimits we passed
2529 * in. Note we use different values
2530 * for the two that indicate whether
2531 * these fields are initialized! */
625e8690
LP		 2532 bool skip_setup, loaded_policy = false, queue_default_job = false, first_boot = false, reexecute = false;
2533 char *switch_root_dir = NULL, *switch_root_init = NULL;
9d76d730 2534 usec_t before_startup, after_startup;
625e8690 2535 static char systemd[] = "systemd";
9d76d730 2536 char timespan[FORMAT_TIMESPAN_MAX];
625e8690
LP		 2537 const char *shutdown_verb = NULL, *error_message = NULL;
2538 int r, retval = EXIT_FAILURE;
2539 Manager *m = NULL;
a16e1123 2540 FDSet *fds = NULL;
27b14a22 2541
d72a8f10 2542 /* SysV compatibility: redirect init → telinit */
6808a0bc 2543 redirect_telinit(argc, argv);
2cb1a60d 2544
d72a8f10 2545 /* Take timestamps early on */
c3a170f3
HH		 2546 dual_timestamp_from_monotonic(&kernel_timestamp, 0);
2547 dual_timestamp_get(&userspace_timestamp);
2548
d72a8f10
LP		 2549 /* Figure out whether we need to do initialize the system, or if we already did that because we are
2550 * reexecuting */
aa40ff07 2551 skip_setup = early_skip_setup_check(argc, argv);
d03bc1b8 2552
d72a8f10
LP		 2553 /* If we get started via the /sbin/init symlink then we are called 'init'. After a subsequent reexecution we
2554 * are then called 'systemd'. That is confusing, hence let's call us systemd right-away. */
f3b6a3ed 2555 program_invocation_short_name = systemd;
eee8b7ab 2556 (void) prctl(PR_SET_NAME, systemd);
5d6b1584 2557
d72a8f10 2558 /* Save the original command line */
36fea155 2559 save_argc_argv(argc, argv);
f3b6a3ed 2560
0e06a031
LP		 2561 /* Save the original environment as we might need to restore it if we're requested to execute another
2562 * system manager later. */
2563 r = save_env();
2564 if (r < 0) {
2565 error_message = "Failed to copy environment block";
2566 goto finish;
2567 }
a5cede8c 2568
6fdb8de4 2569 /* Make sure that if the user says "syslog" we actually log to the journal. */
c1dc6153 2570 log_set_upgrade_syslog_to_journal(true);
bbe63281 2571
df0ff127 2572 if (getpid_cached() == 1) {
b5752d23
LP		 2573 /* When we run as PID 1 force system mode */
2574 arg_system = true;
2575
48a601fe 2576 /* Disable the umask logic */
90dc8c2e
MG		 2577 umask(0);
2578
92890452
LP		 2579 /* Make sure that at least initially we do not ever log to journald/syslogd, because it might not be
2580 * activated yet (even though the log socket for it exists). */
d075092f
LP		 2581 log_set_prohibit_ipc(true);
2582
48a601fe
LP		 2583 /* Always reopen /dev/console when running as PID 1 or one of its pre-execve() children. This is
2584 * important so that we never end up logging to any foreign stderr, for example if we have to log in a
2585 * child process right before execve()'ing the actual binary, at a point in time where socket
2586 * activation stderr/stdout area already set up. */
2587 log_set_always_reopen_console(true);
48a601fe 2588
92890452 2589 if (detect_container() <= 0) {
4f8d551f 2590
92890452 2591 /* Running outside of a container as PID 1 */
92890452
LP		 2592 log_set_target(LOG_TARGET_KMSG);
2593 log_open();
a866073d 2594
92890452
LP		 2595 if (in_initrd())
2596 initrd_timestamp = userspace_timestamp;
c3ba6250 2597
92890452
LP		 2598 if (!skip_setup) {
2599 r = mount_setup_early();
2600 if (r < 0) {
2601 error_message = "Failed to mount early API filesystems";
2602 goto finish;
2603 }
2604
0a2eef1e
LP		 2605 /* Let's open the log backend a second time, in case the first time didn't
2606 * work. Quite possibly we have mounted /dev just now, so /dev/kmsg became
2607 * available, and it previously wasn't. */
2608 log_open();
2609
6123dfaa
ZJS		 2610 disable_printk_ratelimit();
2611
92890452
LP		 2612 r = initialize_security(
2613 &loaded_policy,
2614 &security_start_timestamp,
2615 &security_finish_timestamp,
2616 &error_message);
2617 if (r < 0)
2618 goto finish;
d723cd65 2619 }
eee8b7ab 2620
92890452 2621 if (mac_selinux_init() < 0) {
a9ba0e32 2622 error_message = "Failed to initialize SELinux support";
96694e99 2623 goto finish;
92890452 2624 }
0b3325e7 2625
92890452
LP		 2626 if (!skip_setup)
2627 initialize_clock();
2628
2629 /* Set the default for later on, but don't actually open the logs like this for now. Note that
2630 * if we are transitioning from the initrd there might still be journal fd open, and we
2631 * shouldn't attempt opening that before we parsed /proc/cmdline which might redirect output
2632 * elsewhere. */
2633 log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
2634
2635 } else {
2636 /* Running inside a container, as PID 1 */
92890452
LP		 2637 log_set_target(LOG_TARGET_CONSOLE);
2638 log_open();
2639
2640 /* For later on, see above... */
2641 log_set_target(LOG_TARGET_JOURNAL);
2642
45250e66 2643 /* clear the kernel timestamp, because we are in a container */
92890452 2644 kernel_timestamp = DUAL_TIMESTAMP_NULL;
cb6531be 2645 }
7948c4df 2646
92890452 2647 initialize_coredump(skip_setup);
a866073d 2648
92890452
LP		 2649 r = fixup_environment();
2650 if (r < 0) {
2651 log_emergency_errno(r, "Failed to fix up PID 1 environment: %m");
2652 error_message = "Failed to fix up PID1 environment";
2653 goto finish;
2654 }
a866073d 2655
c3a170f3 2656 } else {
a866073d 2657 /* Running as user instance */
463d0d15 2658 arg_system = false;
eeecf6e6 2659 log_set_target(LOG_TARGET_AUTO);
871e5809 2660 log_open();
c3a170f3 2661
45250e66 2662 /* clear the kernel timestamp, because we are not PID 1 */
6513d561 2663 kernel_timestamp = DUAL_TIMESTAMP_NULL;
a11bfc17
CG		 2664
2665 if (mac_selinux_init() < 0) {
2666 error_message = "Failed to initialize SELinux support";
2667 goto finish;
2668 }
bbe63281 2669 }
a5dab5ce 2670
6edefe0b 2671 if (arg_system) {
92890452
LP		 2672 /* Try to figure out if we can use colors with the console. No need to do that for user instances since
2673 * they never log into the console. */
3a18b604 2674 log_show_color(colors_enabled());
92890452 2675
c76cf844
AK		 2676 r = make_null_stdio();
2677 if (r < 0)
92890452 2678 log_warning_errno(r, "Failed to redirect standard streams to /dev/null, ignoring: %m");
3a18b604
FB		 2679 }
2680
45250e66 2681 /* Mount /proc, /sys and friends, so that /proc/cmdline and /proc/$PID/fd is available. */
df0ff127 2682 if (getpid_cached() == 1) {
f84f9974 2683
a132bef0 2684 /* Load the kernel modules early. */
2e75e2a8
DM		 2685 if (!skip_setup)
2686 kmod_setup();
2e75e2a8 2687
f74349d8 2688 r = mount_setup(loaded_policy, skip_setup);
cb6531be
ZJS		 2689 if (r < 0) {
2690 error_message = "Failed to mount API filesystems";
8efe3c01 2691 goto finish;
cb6531be 2692 }
c18ecf03
LP		 2693
2694 /* The efivarfs is now mounted, let's read the random seed off it */
2695 (void) efi_take_random_seed();
209b2592
FB		 2696
2697 /* Cache command-line options passed from EFI variables */
2698 if (!skip_setup)
2699 (void) cache_efi_options_variable();
0c85a4f3 2700 }
4ade7963 2701
a9fd4cd1
FB		 2702 /* Save the original RLIMIT_NOFILE/RLIMIT_MEMLOCK so that we can reset it later when
2703 * transitioning from the initrd to the main systemd or suchlike. */
2704 save_rlimits(&saved_rlimit_nofile, &saved_rlimit_memlock);
2705
4ade7963 2706 /* Reset all signal handlers. */
ce30c8dc
LP		 2707 (void) reset_all_signal_handlers();
2708 (void) ignore_signals(SIGNALS_IGNORE, -1);
078e4539 2709
ffe5c01e
FB		 2710 (void) parse_configuration(&saved_rlimit_nofile, &saved_rlimit_memlock);
2711
2712 r = parse_argv(argc, argv);
2713 if (r < 0) {
2714 error_message = "Failed to parse commandline arguments";
f170852a 2715 goto finish;
ffe5c01e 2716 }
10c961b9 2717
b0d7c989
LP		 2718 r = safety_checks();
2719 if (r < 0)
fe783b03 2720 goto finish;
fe783b03 2721
5c08257b 2722 if (IN_SET(arg_action, ACTION_TEST, ACTION_HELP, ACTION_DUMP_CONFIGURATION_ITEMS, ACTION_DUMP_BUS_PROPERTIES, ACTION_BUS_INTROSPECT))
0221d68a 2723 (void) pager_open(arg_pager_flags);
b0d7c989
LP		 2724
2725 if (arg_action != ACTION_RUN)
74e7579c 2726 skip_setup = true;
b87c2aa6 2727
fa0f4d8a 2728 if (arg_action == ACTION_HELP) {
37ec0fdd 2729 retval = help() < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
f170852a 2730 goto finish;
9ba0bc4e
ZJS		 2731 } else if (arg_action == ACTION_VERSION) {
2732 retval = version();
2733 goto finish;
fa0f4d8a 2734 } else if (arg_action == ACTION_DUMP_CONFIGURATION_ITEMS) {
e537352b 2735 unit_dump_config_items(stdout);
22f4096c 2736 retval = EXIT_SUCCESS;
e537352b 2737 goto finish;
bbc1acab
YW		 2738 } else if (arg_action == ACTION_DUMP_BUS_PROPERTIES) {
2739 dump_bus_properties(stdout);
2740 retval = EXIT_SUCCESS;
2741 goto finish;
5c08257b
ZJS		 2742 } else if (arg_action == ACTION_BUS_INTROSPECT) {
2743 r = bus_manager_introspect_implementations(stdout, arg_bus_introspect);
2744 retval = r >= 0 ? EXIT_SUCCESS : EXIT_FAILURE;
2745 goto finish;
f170852a
LP		 2746 }
2747
4c701096 2748 assert_se(IN_SET(arg_action, ACTION_RUN, ACTION_TEST));
f170852a 2749
5a2e0c62
LP		 2750 /* Move out of the way, so that we won't block unmounts */
2751 assert_se(chdir("/") == 0);
2752
dea374e8 2753 if (arg_action == ACTION_RUN) {
d247f232
LP		 2754 if (!skip_setup) {
2755 /* Apply the systemd.clock_usec= kernel command line switch */
45250e66 2756 apply_clock_update();
a70c72a0 2757
d247f232
LP		 2758 /* Apply random seed from kernel command line */
2759 cmdline_take_random_seed();
2760 }
2761
c6885f5f
FB		 2762 /* A core pattern might have been specified via the cmdline. */
2763 initialize_core_pattern(skip_setup);
2764
efeb853f 2765 /* Close logging fds, in order not to confuse collecting passed fds and terminal logic below */
a70c72a0
LP		 2766 log_close();
2767
2768 /* Remember open file descriptors for later deserialization */
efeb853f
LP		 2769 r = collect_fds(&fds, &error_message);
2770 if (r < 0)
dea374e8 2771 goto finish;
a16e1123 2772
2e51b31c
LP		 2773 /* Give up any control of the console, but make sure its initialized. */
2774 setup_console_terminal(skip_setup);
56d96fc0 2775
a70c72a0
LP		 2776 /* Open the logging devices, if possible and necessary */
2777 log_open();
56d96fc0 2778 }
4ade7963 2779
31aef7ff 2780 log_execution_mode(&first_boot);
a5dab5ce 2781
2d776038
LP		 2782 r = initialize_runtime(skip_setup,
2783 &saved_rlimit_nofile,
2784 &saved_rlimit_memlock,
2785 &error_message);
2786 if (r < 0)
2787 goto finish;
4096d6f5 2788
e0a3da1f
ZJS		 2789 r = manager_new(arg_system ? UNIT_FILE_SYSTEM : UNIT_FILE_USER,
2790 arg_action == ACTION_TEST ? MANAGER_TEST_FULL : 0,
2791 &m);
e96d6be7 2792 if (r < 0) {
da927ba9 2793 log_emergency_errno(r, "Failed to allocate manager object: %m");
cb6531be 2794 error_message = "Failed to allocate manager object";
60918275
LP		 2795 goto finish;
2796 }
2797
9f9f0342
LP		 2798 m->timestamps[MANAGER_TIMESTAMP_KERNEL] = kernel_timestamp;
2799 m->timestamps[MANAGER_TIMESTAMP_INITRD] = initrd_timestamp;
2800 m->timestamps[MANAGER_TIMESTAMP_USERSPACE] = userspace_timestamp;
d4ee7bd8
YW		 2801 m->timestamps[manager_timestamp_initrd_mangle(MANAGER_TIMESTAMP_SECURITY_START)] = security_start_timestamp;
2802 m->timestamps[manager_timestamp_initrd_mangle(MANAGER_TIMESTAMP_SECURITY_FINISH)] = security_finish_timestamp;
9e58ff9c 2803
85cb4151 2804 set_manager_defaults(m);
7b46fc6a 2805 set_manager_settings(m);
fd130612 2806 manager_set_first_boot(m, first_boot);
27d340c7 2807
bf4df7c3 2808 /* Remember whether we should queue the default job */
d3b1c508 2809 queue_default_job = !arg_serialization || arg_switched_root;
bf4df7c3 2810
9d76d730
LP		 2811 before_startup = now(CLOCK_MONOTONIC);
2812
d3b1c508 2813 r = manager_startup(m, arg_serialization, fds);
58f88d92 2814 if (r < 0) {
cefb3eda 2815 error_message = "Failed to start up manager";
58f88d92
ZJS		 2816 goto finish;
2817 }
a16e1123 2818
6acca5fc 2819 /* This will close all file descriptors that were opened, but not claimed by any unit. */
2feceb5e 2820 fds = fdset_free(fds);
74ca738f 2821 arg_serialization = safe_fclose(arg_serialization);
bf4df7c3
LP		 2822
2823 if (queue_default_job) {
6acca5fc 2824 r = do_queue_default_job(m, &error_message);
718db961 2825 if (r < 0)
37d88da7 2826 goto finish;
6acca5fc 2827 }
ab17a050 2828
6acca5fc 2829 after_startup = now(CLOCK_MONOTONIC);
60918275 2830
6acca5fc
LP		 2831 log_full(arg_action == ACTION_TEST ? LOG_INFO : LOG_DEBUG,
2832 "Loaded units and determined initial transaction in %s.",
2833 format_timespan(timespan, sizeof(timespan), after_startup - before_startup, 100 * USEC_PER_MSEC));
07672f49 2834
6acca5fc 2835 if (arg_action == ACTION_TEST) {
263162da 2836 test_summary(m);
6acca5fc
LP		 2837 retval = EXIT_SUCCESS;
2838 goto finish;
e965d56d 2839 }
d46de8a1 2840
3046b6db 2841 (void) invoke_main_loop(m,
a9fd4cd1
FB		 2842 &saved_rlimit_nofile,
2843 &saved_rlimit_memlock,
3046b6db
LP		 2844 &reexecute,
2845 &retval,
2846 &shutdown_verb,
2847 &fds,
2848 &switch_root_dir,
2849 &switch_root_init,
2850 &error_message);
f170852a 2851
60918275 2852finish:
b87c2aa6
ZJS		 2853 pager_close();
2854
92890452 2855 if (m) {
986935cf
FB		 2856 arg_reboot_watchdog = manager_get_watchdog(m, WATCHDOG_REBOOT);
2857 arg_kexec_watchdog = manager_get_watchdog(m, WATCHDOG_KEXEC);
92890452
LP		 2858 m = manager_free(m);
2859 }
60918275 2860
fb39af4c 2861 reset_arguments();
cc56fafe 2862 mac_selinux_finish();
b2bb3dbe 2863
3c7878f9
LP		 2864 if (reexecute)
2865 do_reexecute(argc, argv,
2866 &saved_rlimit_nofile,
2867 &saved_rlimit_memlock,
2868 fds,
2869 switch_root_dir,
2870 switch_root_init,
2871 &error_message); /* This only returns if reexecution failed */
a16e1123 2872
74ca738f 2873 arg_serialization = safe_fclose(arg_serialization);
2feceb5e 2874 fds = fdset_free(fds);
a16e1123 2875
0e06a031
LP		 2876 saved_env = strv_free(saved_env);
2877
349cc4a5 2878#if HAVE_VALGRIND_VALGRIND_H
54b434b1
LP		 2879 /* If we are PID 1 and running under valgrind, then let's exit
2880 * here explicitly. valgrind will only generate nice output on
2881 * exit(), not on exec(), hence let's do the former not the
2882 * latter here. */
8a2c1fbf
EJ		 2883 if (getpid_cached() == 1 && RUNNING_ON_VALGRIND) {
2884 /* Cleanup watchdog_device strings for valgrind. We need them
2885 * in become_shutdown() so normally we cannot free them yet. */
2886 watchdog_free_device();
2887 arg_watchdog_device = mfree(arg_watchdog_device);
27fe58b7 2888 return retval;
8a2c1fbf 2889 }
54b434b1
LP		 2890#endif
2891
7e11a95e
EV		 2892#if HAS_FEATURE_ADDRESS_SANITIZER
2893 __lsan_do_leak_check();
2894#endif
2895
b9080b03 2896 if (shutdown_verb) {
7eb35049 2897 r = become_shutdown(shutdown_verb, retval);
4a36297c 2898 log_error_errno(r, "Failed to execute shutdown binary, %s: %m", getpid_cached() == 1 ? "freezing" : "quitting");
9b9881d7 2899 error_message = "Failed to execute shutdown binary";
b9080b03
FF		 2900 }
2901
8a2c1fbf
EJ		 2902 watchdog_free_device();
2903 arg_watchdog_device = mfree(arg_watchdog_device);
2904
df0ff127 2905 if (getpid_cached() == 1) {
cb6531be
ZJS		 2906 if (error_message)
2907 manager_status_printf(NULL, STATUS_TYPE_EMERGENCY,
1fc464f6 2908 ANSI_HIGHLIGHT_RED "!!!!!!" ANSI_NORMAL,
bb259772
LP		 2909 "%s.", error_message);
2910 freeze_or_exit_or_reboot();
cb6531be 2911 }
c3b3c274 2912
60918275
LP		 2913 return retval;
2914}
Unnamed repository; edit this file 'description' to name the repository.