]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
a7334b09 LP |
2 | /*** |
3 | This file is part of systemd. | |
4 | ||
5 | Copyright 2010 Lennart Poettering | |
6 | ||
7 | systemd is free software; you can redistribute it and/or modify it | |
5430f7f2 LP |
8 | under the terms of the GNU Lesser General Public License as published by |
9 | the Free Software Foundation; either version 2.1 of the License, or | |
a7334b09 LP |
10 | (at your option) any later version. |
11 | ||
12 | systemd is distributed in the hope that it will be useful, but | |
13 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
5430f7f2 | 15 | Lesser General Public License for more details. |
a7334b09 | 16 | |
5430f7f2 | 17 | You should have received a copy of the GNU Lesser General Public License |
a7334b09 LP |
18 | along with systemd; If not, see <http://www.gnu.org/licenses/>. |
19 | ***/ | |
20 | ||
60918275 | 21 | #include <errno.h> |
3dfc9763 | 22 | #include <fcntl.h> |
f170852a | 23 | #include <getopt.h> |
97c4f35c | 24 | #include <signal.h> |
3dfc9763 LP |
25 | #include <stdio.h> |
26 | #include <string.h> | |
664f88a7 | 27 | #include <sys/mount.h> |
3dfc9763 | 28 | #include <sys/prctl.h> |
b9e74c39 | 29 | #include <sys/reboot.h> |
3dfc9763 LP |
30 | #include <sys/stat.h> |
31 | #include <unistd.h> | |
349cc4a5 | 32 | #if HAVE_SECCOMP |
b64a3d86 LP |
33 | #include <seccomp.h> |
34 | #endif | |
349cc4a5 | 35 | #if HAVE_VALGRIND_VALGRIND_H |
3dfc9763 LP |
36 | #include <valgrind/valgrind.h> |
37 | #endif | |
54b434b1 | 38 | |
718db961 | 39 | #include "sd-bus.h" |
cf0fbc49 | 40 | #include "sd-daemon.h" |
b2e7486c | 41 | #include "sd-messages.h" |
3dfc9763 | 42 | |
b5efdb8a | 43 | #include "alloc-util.h" |
d9d93745 | 44 | #include "architecture.h" |
3dfc9763 LP |
45 | #include "build.h" |
46 | #include "bus-error.h" | |
47 | #include "bus-util.h" | |
430f0182 | 48 | #include "capability-util.h" |
24efb112 | 49 | #include "clock-util.h" |
3dfc9763 | 50 | #include "conf-parser.h" |
618234a5 | 51 | #include "cpu-set-util.h" |
3dfc9763 LP |
52 | #include "dbus-manager.h" |
53 | #include "def.h" | |
eee8b7ab | 54 | #include "emergency-action.h" |
3dfc9763 | 55 | #include "env-util.h" |
3ffd4af2 | 56 | #include "fd-util.h" |
3dfc9763 | 57 | #include "fdset.h" |
718db961 | 58 | #include "fileio.h" |
f97b34a6 | 59 | #include "format-util.h" |
f4f15635 | 60 | #include "fs-util.h" |
3dfc9763 LP |
61 | #include "hostname-setup.h" |
62 | #include "ima-setup.h" | |
63 | #include "killall.h" | |
64 | #include "kmod-setup.h" | |
d7b8eec7 | 65 | #include "load-fragment.h" |
3dfc9763 | 66 | #include "log.h" |
b6e66135 | 67 | #include "loopback-setup.h" |
b6e66135 | 68 | #include "machine-id-setup.h" |
3dfc9763 LP |
69 | #include "manager.h" |
70 | #include "missing.h" | |
71 | #include "mount-setup.h" | |
72 | #include "pager.h" | |
6bedfcbb | 73 | #include "parse-util.h" |
7d5ceb64 | 74 | #include "path-util.h" |
4e731273 | 75 | #include "proc-cmdline.h" |
3dfc9763 | 76 | #include "process-util.h" |
8869a0b4 | 77 | #include "raw-clone.h" |
78f22b97 | 78 | #include "rlimit-util.h" |
349cc4a5 | 79 | #if HAVE_SECCOMP |
83f12b27 FS |
80 | #include "seccomp-util.h" |
81 | #endif | |
b6e66135 | 82 | #include "selinux-setup.h" |
3dfc9763 LP |
83 | #include "selinux-util.h" |
84 | #include "signal-util.h" | |
ffbd2c4d | 85 | #include "smack-setup.h" |
3dfc9763 | 86 | #include "special.h" |
8fcde012 | 87 | #include "stat-util.h" |
15a5e950 | 88 | #include "stdio-util.h" |
3dfc9763 LP |
89 | #include "strv.h" |
90 | #include "switch-root.h" | |
91 | #include "terminal-util.h" | |
8612da97 | 92 | #include "umask-util.h" |
b1d4f8e1 | 93 | #include "user-util.h" |
9ce17593 | 94 | #include "util.h" |
3dfc9763 LP |
95 | #include "virt.h" |
96 | #include "watchdog.h" | |
b6e66135 | 97 | |
f170852a LP |
98 | static enum { |
99 | ACTION_RUN, | |
e965d56d | 100 | ACTION_HELP, |
9ba0bc4e | 101 | ACTION_VERSION, |
e537352b | 102 | ACTION_TEST, |
494294d6 | 103 | ACTION_DUMP_CONFIGURATION_ITEMS |
fa0f4d8a | 104 | } arg_action = ACTION_RUN; |
fa0f4d8a | 105 | static char *arg_default_unit = NULL; |
463d0d15 | 106 | static bool arg_system = false; |
fa0f4d8a | 107 | static bool arg_dump_core = true; |
fa0f4d8a | 108 | static int arg_crash_chvt = -1; |
b9e74c39 LP |
109 | static bool arg_crash_shell = false; |
110 | static bool arg_crash_reboot = false; | |
7d5ceb64 | 111 | static char *arg_confirm_spawn = NULL; |
b6e2f329 | 112 | static ShowStatus arg_show_status = _SHOW_STATUS_UNSET; |
bf4df7c3 | 113 | static bool arg_switched_root = false; |
ea4b98e6 | 114 | static bool arg_no_pager = false; |
0c85a4f3 | 115 | static char ***arg_join_controllers = NULL; |
706343f4 | 116 | static ExecOutput arg_default_std_output = EXEC_OUTPUT_JOURNAL; |
0a494f1f | 117 | static ExecOutput arg_default_std_error = EXEC_OUTPUT_INHERIT; |
1f19a534 OS |
118 | static usec_t arg_default_restart_usec = DEFAULT_RESTART_USEC; |
119 | static usec_t arg_default_timeout_start_usec = DEFAULT_TIMEOUT_USEC; | |
120 | static usec_t arg_default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC; | |
3f41e1e5 LN |
121 | static usec_t arg_default_start_limit_interval = DEFAULT_START_LIMIT_INTERVAL; |
122 | static unsigned arg_default_start_limit_burst = DEFAULT_START_LIMIT_BURST; | |
e96d6be7 LP |
123 | static usec_t arg_runtime_watchdog = 0; |
124 | static usec_t arg_shutdown_watchdog = 10 * USEC_PER_MINUTE; | |
8a2c1fbf | 125 | static char *arg_watchdog_device = NULL; |
97d0e5f8 | 126 | static char **arg_default_environment = NULL; |
517d56b1 | 127 | static struct rlimit *arg_default_rlimit[_RLIMIT_MAX] = {}; |
a103496c | 128 | static uint64_t arg_capability_bounding_set = CAP_ALL; |
3a43da28 | 129 | static nsec_t arg_timer_slack_nsec = NSEC_INFINITY; |
bd8f585b | 130 | static usec_t arg_default_timer_accuracy_usec = 1 * USEC_PER_MINUTE; |
d3b1c508 LP |
131 | static Set* arg_syscall_archs = NULL; |
132 | static FILE* arg_serialization = NULL; | |
085afe36 | 133 | static bool arg_default_cpu_accounting = false; |
13c31542 | 134 | static bool arg_default_io_accounting = false; |
377bfd2d | 135 | static bool arg_default_ip_accounting = false; |
085afe36 LP |
136 | static bool arg_default_blockio_accounting = false; |
137 | static bool arg_default_memory_accounting = false; | |
9ded9cd1 | 138 | static bool arg_default_tasks_accounting = true; |
79baeeb9 | 139 | static uint64_t arg_default_tasks_max = UINT64_MAX; |
ee48dbd5 | 140 | static sd_id128_t arg_machine_id = {}; |
ae8c7939 | 141 | static EmergencyAction arg_cad_burst_action = EMERGENCY_ACTION_REBOOT_FORCE; |
4fc935ca | 142 | |
b9e74c39 LP |
143 | noreturn static void freeze_or_reboot(void) { |
144 | ||
145 | if (arg_crash_reboot) { | |
146 | log_notice("Rebooting in 10s..."); | |
147 | (void) sleep(10); | |
148 | ||
149 | log_notice("Rebooting now..."); | |
150 | (void) reboot(RB_AUTOBOOT); | |
151 | log_emergency_errno(errno, "Failed to reboot: %m"); | |
152 | } | |
153 | ||
154 | log_emergency("Freezing execution."); | |
155 | freeze(); | |
156 | } | |
157 | ||
919ce0b7 | 158 | noreturn static void crash(int sig) { |
7d06dad9 MS |
159 | struct sigaction sa; |
160 | pid_t pid; | |
97c4f35c | 161 | |
df0ff127 | 162 | if (getpid_cached() != 1) |
abb26902 | 163 | /* Pass this on immediately, if this is not PID 1 */ |
92ca4cac | 164 | (void) raise(sig); |
abb26902 | 165 | else if (!arg_dump_core) |
4104970e | 166 | log_emergency("Caught <%s>, not dumping core.", signal_to_string(sig)); |
97c4f35c | 167 | else { |
7d06dad9 | 168 | sa = (struct sigaction) { |
189d5bac | 169 | .sa_handler = nop_signal_handler, |
b92bea5d ZJS |
170 | .sa_flags = SA_NOCLDSTOP|SA_RESTART, |
171 | }; | |
97c4f35c | 172 | |
6f5e3f35 | 173 | /* We want to wait for the core process, hence let's enable SIGCHLD */ |
92ca4cac | 174 | (void) sigaction(SIGCHLD, &sa, NULL); |
6f5e3f35 | 175 | |
8869a0b4 | 176 | pid = raw_clone(SIGCHLD); |
e62d8c39 | 177 | if (pid < 0) |
56f64d95 | 178 | log_emergency_errno(errno, "Caught <%s>, cannot fork for core dump: %m", signal_to_string(sig)); |
97c4f35c | 179 | else if (pid == 0) { |
97c4f35c | 180 | /* Enable default signal handler for core dump */ |
15a90032 | 181 | |
92ca4cac LP |
182 | sa = (struct sigaction) { |
183 | .sa_handler = SIG_DFL, | |
184 | }; | |
185 | (void) sigaction(sig, &sa, NULL); | |
97c4f35c | 186 | |
15a90032 LP |
187 | /* Don't limit the coredump size */ |
188 | (void) setrlimit(RLIMIT_CORE, &RLIMIT_MAKE_CONST(RLIM_INFINITY)); | |
97c4f35c LP |
189 | |
190 | /* Just to be sure... */ | |
e62d9b81 | 191 | (void) chdir("/"); |
97c4f35c LP |
192 | |
193 | /* Raise the signal again */ | |
ee05e779 | 194 | pid = raw_getpid(); |
92ca4cac | 195 | (void) kill(pid, sig); /* raise() would kill the parent */ |
97c4f35c LP |
196 | |
197 | assert_not_reached("We shouldn't be here..."); | |
92ca4cac | 198 | _exit(EXIT_FAILURE); |
4fc935ca | 199 | } else { |
8e12a6ae LP |
200 | siginfo_t status; |
201 | int r; | |
4fc935ca LP |
202 | |
203 | /* Order things nicely. */ | |
e62d8c39 ZJS |
204 | r = wait_for_terminate(pid, &status); |
205 | if (r < 0) | |
da927ba9 | 206 | log_emergency_errno(r, "Caught <%s>, waitpid() failed: %m", signal_to_string(sig)); |
8e12a6ae | 207 | else if (status.si_code != CLD_DUMPED) |
ee05e779 ZJS |
208 | log_emergency("Caught <%s>, core dump failed (child "PID_FMT", code=%s, status=%i/%s).", |
209 | signal_to_string(sig), | |
210 | pid, sigchld_code_to_string(status.si_code), | |
211 | status.si_status, | |
212 | strna(status.si_code == CLD_EXITED | |
38107f5a | 213 | ? exit_status_to_string(status.si_status, EXIT_STATUS_MINIMAL) |
ee05e779 | 214 | : signal_to_string(status.si_status))); |
4fc935ca | 215 | else |
4104970e | 216 | log_emergency("Caught <%s>, dumped core as pid "PID_FMT".", signal_to_string(sig), pid); |
97c4f35c LP |
217 | } |
218 | } | |
219 | ||
b9e74c39 | 220 | if (arg_crash_chvt >= 0) |
92ca4cac | 221 | (void) chvt(arg_crash_chvt); |
601f6a1e | 222 | |
7d06dad9 MS |
223 | sa = (struct sigaction) { |
224 | .sa_handler = SIG_IGN, | |
225 | .sa_flags = SA_NOCLDSTOP|SA_NOCLDWAIT|SA_RESTART, | |
226 | }; | |
227 | ||
228 | /* Let the kernel reap children for us */ | |
229 | (void) sigaction(SIGCHLD, &sa, NULL); | |
8c43883a | 230 | |
7d06dad9 | 231 | if (arg_crash_shell) { |
b9e74c39 | 232 | log_notice("Executing crash shell in 10s..."); |
92ca4cac | 233 | (void) sleep(10); |
4fc935ca | 234 | |
8869a0b4 | 235 | pid = raw_clone(SIGCHLD); |
cd3bd60a | 236 | if (pid < 0) |
56f64d95 | 237 | log_emergency_errno(errno, "Failed to fork off crash shell: %m"); |
6f5e3f35 | 238 | else if (pid == 0) { |
b9e74c39 | 239 | (void) setsid(); |
92ca4cac LP |
240 | (void) make_console_stdio(); |
241 | (void) execle("/bin/sh", "/bin/sh", NULL, environ); | |
6f5e3f35 | 242 | |
ee05e779 | 243 | log_emergency_errno(errno, "execle() failed: %m"); |
92ca4cac | 244 | _exit(EXIT_FAILURE); |
b9e74c39 LP |
245 | } else { |
246 | log_info("Spawned crash shell as PID "PID_FMT".", pid); | |
4cf0b03b | 247 | (void) wait_for_terminate(pid, NULL); |
b9e74c39 | 248 | } |
4fc935ca LP |
249 | } |
250 | ||
b9e74c39 | 251 | freeze_or_reboot(); |
97c4f35c LP |
252 | } |
253 | ||
254 | static void install_crash_handler(void) { | |
297d563d | 255 | static const struct sigaction sa = { |
b92bea5d | 256 | .sa_handler = crash, |
297d563d | 257 | .sa_flags = SA_NODEFER, /* So that we can raise the signal again from the signal handler */ |
b92bea5d | 258 | }; |
297d563d | 259 | int r; |
97c4f35c | 260 | |
297d563d LP |
261 | /* We ignore the return value here, since, we don't mind if we |
262 | * cannot set up a crash handler */ | |
263 | r = sigaction_many(&sa, SIGNALS_CRASH_HANDLER, -1); | |
264 | if (r < 0) | |
265 | log_debug_errno(r, "I had trouble setting up the crash handler, ignoring: %m"); | |
97c4f35c | 266 | } |
f170852a | 267 | |
56d96fc0 LP |
268 | static int console_setup(void) { |
269 | _cleanup_close_ int tty_fd = -1; | |
270 | int r; | |
80876c20 | 271 | |
512947d4 | 272 | tty_fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC); |
23bbb0de MS |
273 | if (tty_fd < 0) |
274 | return log_error_errno(tty_fd, "Failed to open /dev/console: %m"); | |
80876c20 | 275 | |
56d96fc0 LP |
276 | /* We don't want to force text mode. plymouth may be showing |
277 | * pictures already from initrd. */ | |
512947d4 | 278 | r = reset_terminal_fd(tty_fd, false); |
23bbb0de MS |
279 | if (r < 0) |
280 | return log_error_errno(r, "Failed to reset /dev/console: %m"); | |
843d2643 | 281 | |
56d96fc0 | 282 | return 0; |
80876c20 LP |
283 | } |
284 | ||
b9e74c39 LP |
285 | static int parse_crash_chvt(const char *value) { |
286 | int b; | |
287 | ||
288 | if (safe_atoi(value, &arg_crash_chvt) >= 0) | |
289 | return 0; | |
290 | ||
291 | b = parse_boolean(value); | |
292 | if (b < 0) | |
293 | return b; | |
294 | ||
295 | if (b > 0) | |
296 | arg_crash_chvt = 0; /* switch to where kmsg goes */ | |
297 | else | |
298 | arg_crash_chvt = -1; /* turn off switching */ | |
299 | ||
300 | return 0; | |
301 | } | |
302 | ||
7d5ceb64 FB |
303 | static int parse_confirm_spawn(const char *value, char **console) { |
304 | char *s; | |
305 | int r; | |
306 | ||
307 | r = value ? parse_boolean(value) : 1; | |
308 | if (r == 0) { | |
309 | *console = NULL; | |
310 | return 0; | |
311 | } | |
312 | ||
313 | if (r > 0) /* on with default tty */ | |
314 | s = strdup("/dev/console"); | |
315 | else if (is_path(value)) /* on with fully qualified path */ | |
316 | s = strdup(value); | |
317 | else /* on with only a tty file name, not a fully qualified path */ | |
318 | s = strjoin("/dev/", value); | |
319 | if (!s) | |
320 | return -ENOMEM; | |
321 | *console = s; | |
322 | return 0; | |
323 | } | |
324 | ||
ee48dbd5 | 325 | static int set_machine_id(const char *m) { |
e042eab7 | 326 | sd_id128_t t; |
8b26cdbd | 327 | assert(m); |
ee48dbd5 | 328 | |
e042eab7 | 329 | if (sd_id128_from_string(m, &t) < 0) |
ee48dbd5 NC |
330 | return -EINVAL; |
331 | ||
e042eab7 | 332 | if (sd_id128_is_null(t)) |
ee48dbd5 NC |
333 | return -EINVAL; |
334 | ||
e042eab7 | 335 | arg_machine_id = t; |
ee48dbd5 NC |
336 | return 0; |
337 | } | |
338 | ||
96287a49 | 339 | static int parse_proc_cmdline_item(const char *key, const char *value, void *data) { |
f170852a | 340 | |
059cb385 | 341 | int r; |
f170852a | 342 | |
059cb385 | 343 | assert(key); |
5192bd19 | 344 | |
1d84ad94 | 345 | if (STR_IN_SET(key, "systemd.unit", "rd.systemd.unit")) { |
bf4df7c3 | 346 | |
1d84ad94 LP |
347 | if (proc_cmdline_value_missing(key, value)) |
348 | return 0; | |
bf4df7c3 | 349 | |
1d84ad94 LP |
350 | if (!unit_name_is_valid(value, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE)) |
351 | log_warning("Unit name specified on %s= is not valid, ignoring: %s", key, value); | |
352 | else if (in_initrd() == !!startswith(key, "rd.")) { | |
353 | if (free_and_strdup(&arg_default_unit, value) < 0) | |
354 | return log_oom(); | |
355 | } | |
f170852a | 356 | |
1d84ad94 | 357 | } else if (proc_cmdline_key_streq(key, "systemd.dump_core")) { |
4fc935ca | 358 | |
1d84ad94 | 359 | r = value ? parse_boolean(value) : true; |
fb472900 | 360 | if (r < 0) |
059cb385 | 361 | log_warning("Failed to parse dump core switch %s. Ignoring.", value); |
4fc935ca | 362 | else |
fa0f4d8a | 363 | arg_dump_core = r; |
4fc935ca | 364 | |
1d84ad94 | 365 | } else if (proc_cmdline_key_streq(key, "systemd.crash_chvt")) { |
b9e74c39 | 366 | |
1d84ad94 LP |
367 | if (!value) |
368 | arg_crash_chvt = 0; /* turn on */ | |
369 | else if (parse_crash_chvt(value) < 0) | |
b9e74c39 LP |
370 | log_warning("Failed to parse crash chvt switch %s. Ignoring.", value); |
371 | ||
1d84ad94 | 372 | } else if (proc_cmdline_key_streq(key, "systemd.crash_shell")) { |
4fc935ca | 373 | |
1d84ad94 | 374 | r = value ? parse_boolean(value) : true; |
fb472900 | 375 | if (r < 0) |
059cb385 | 376 | log_warning("Failed to parse crash shell switch %s. Ignoring.", value); |
4fc935ca | 377 | else |
fa0f4d8a | 378 | arg_crash_shell = r; |
5e7ee61c | 379 | |
1d84ad94 | 380 | } else if (proc_cmdline_key_streq(key, "systemd.crash_reboot")) { |
5e7ee61c | 381 | |
1d84ad94 | 382 | r = value ? parse_boolean(value) : true; |
b9e74c39 LP |
383 | if (r < 0) |
384 | log_warning("Failed to parse crash reboot switch %s. Ignoring.", value); | |
5e7ee61c | 385 | else |
b9e74c39 | 386 | arg_crash_reboot = r; |
5e7ee61c | 387 | |
1d84ad94 LP |
388 | } else if (proc_cmdline_key_streq(key, "systemd.confirm_spawn")) { |
389 | char *s; | |
7d5ceb64 | 390 | |
1d84ad94 | 391 | r = parse_confirm_spawn(value, &s); |
059cb385 | 392 | if (r < 0) |
7d5ceb64 | 393 | log_warning_errno(r, "Failed to parse confirm_spawn switch %s. Ignoring.", value); |
1d84ad94 LP |
394 | else { |
395 | free(arg_confirm_spawn); | |
396 | arg_confirm_spawn = s; | |
397 | } | |
601f6a1e | 398 | |
1d84ad94 | 399 | } else if (proc_cmdline_key_streq(key, "systemd.show_status")) { |
9e58ff9c | 400 | |
1d84ad94 LP |
401 | if (value) { |
402 | r = parse_show_status(value, &arg_show_status); | |
403 | if (r < 0) | |
404 | log_warning("Failed to parse show status switch %s. Ignoring.", value); | |
405 | } else | |
406 | arg_show_status = SHOW_STATUS_YES; | |
059cb385 | 407 | |
1d84ad94 LP |
408 | } else if (proc_cmdline_key_streq(key, "systemd.default_standard_output")) { |
409 | ||
410 | if (proc_cmdline_value_missing(key, value)) | |
411 | return 0; | |
0a494f1f | 412 | |
059cb385 | 413 | r = exec_output_from_string(value); |
fb472900 | 414 | if (r < 0) |
059cb385 | 415 | log_warning("Failed to parse default standard output switch %s. Ignoring.", value); |
0a494f1f LP |
416 | else |
417 | arg_default_std_output = r; | |
0a494f1f | 418 | |
1d84ad94 LP |
419 | } else if (proc_cmdline_key_streq(key, "systemd.default_standard_error")) { |
420 | ||
421 | if (proc_cmdline_value_missing(key, value)) | |
422 | return 0; | |
059cb385 LP |
423 | |
424 | r = exec_output_from_string(value); | |
fb472900 | 425 | if (r < 0) |
059cb385 | 426 | log_warning("Failed to parse default standard error switch %s. Ignoring.", value); |
0a494f1f LP |
427 | else |
428 | arg_default_std_error = r; | |
9e7c5357 | 429 | |
1d84ad94 LP |
430 | } else if (streq(key, "systemd.setenv")) { |
431 | ||
432 | if (proc_cmdline_value_missing(key, value)) | |
433 | return 0; | |
059cb385 LP |
434 | |
435 | if (env_assignment_is_valid(value)) { | |
e21fea24 KS |
436 | char **env; |
437 | ||
059cb385 | 438 | env = strv_env_set(arg_default_environment, value); |
1d84ad94 LP |
439 | if (!env) |
440 | return log_oom(); | |
441 | ||
442 | arg_default_environment = env; | |
e21fea24 | 443 | } else |
059cb385 | 444 | log_warning("Environment variable name '%s' is not valid. Ignoring.", value); |
9e58ff9c | 445 | |
1d84ad94 LP |
446 | } else if (proc_cmdline_key_streq(key, "systemd.machine_id")) { |
447 | ||
448 | if (proc_cmdline_value_missing(key, value)) | |
449 | return 0; | |
450 | ||
451 | r = set_machine_id(value); | |
452 | if (r < 0) | |
453 | log_warning("MachineID '%s' is not valid. Ignoring.", value); | |
ee48dbd5 | 454 | |
1d84ad94 LP |
455 | } else if (proc_cmdline_key_streq(key, "systemd.default_timeout_start_sec")) { |
456 | ||
457 | if (proc_cmdline_value_missing(key, value)) | |
458 | return 0; | |
459 | ||
460 | r = parse_sec(value, &arg_default_timeout_start_usec); | |
461 | if (r < 0) | |
462 | log_warning_errno(r, "Failed to parse default start timeout: %s, ignoring.", value); | |
463 | ||
464 | if (arg_default_timeout_start_usec <= 0) | |
465 | arg_default_timeout_start_usec = USEC_INFINITY; | |
ee48dbd5 | 466 | |
8a2c1fbf EJ |
467 | } else if (proc_cmdline_key_streq(key, "systemd.watchdog_device")) { |
468 | ||
469 | if (proc_cmdline_value_missing(key, value)) | |
470 | return 0; | |
471 | ||
472 | parse_path_argument_and_warn(value, false, &arg_watchdog_device); | |
473 | ||
059cb385 | 474 | } else if (streq(key, "quiet") && !value) { |
d7b15e0a | 475 | |
b6e2f329 | 476 | if (arg_show_status == _SHOW_STATUS_UNSET) |
d450b6f2 | 477 | arg_show_status = SHOW_STATUS_AUTO; |
059cb385 LP |
478 | |
479 | } else if (streq(key, "debug") && !value) { | |
d7b15e0a | 480 | |
1de1c9c3 LP |
481 | /* Note that log_parse_environment() handles 'debug' |
482 | * too, and sets the log level to LOG_DEBUG. */ | |
d7b15e0a | 483 | |
75f86906 | 484 | if (detect_container() > 0) |
b2103dcc | 485 | log_set_target(LOG_TARGET_CONSOLE); |
059cb385 | 486 | |
dcd61450 | 487 | } else if (!value) { |
e2c9a131 | 488 | const char *target; |
f170852a LP |
489 | |
490 | /* SysV compatibility */ | |
e2c9a131 EV |
491 | target = runlevel_to_target(key); |
492 | if (target) | |
493 | return free_and_strdup(&arg_default_unit, target); | |
f170852a LP |
494 | } |
495 | ||
496 | return 0; | |
497 | } | |
498 | ||
e8e581bf ZJS |
499 | #define DEFINE_SETTER(name, func, descr) \ |
500 | static int name(const char *unit, \ | |
501 | const char *filename, \ | |
502 | unsigned line, \ | |
503 | const char *section, \ | |
71a61510 | 504 | unsigned section_line, \ |
e8e581bf ZJS |
505 | const char *lvalue, \ |
506 | int ltype, \ | |
507 | const char *rvalue, \ | |
508 | void *data, \ | |
509 | void *userdata) { \ | |
510 | \ | |
511 | int r; \ | |
512 | \ | |
513 | assert(filename); \ | |
514 | assert(lvalue); \ | |
515 | assert(rvalue); \ | |
516 | \ | |
517 | r = func(rvalue); \ | |
518 | if (r < 0) \ | |
d1cefe0a LP |
519 | log_syntax(unit, LOG_ERR, filename, line, r, \ |
520 | "Invalid " descr "'%s': %m", \ | |
521 | rvalue); \ | |
e8e581bf ZJS |
522 | \ |
523 | return 0; \ | |
524 | } | |
487393e9 | 525 | |
e8e581bf ZJS |
526 | DEFINE_SETTER(config_parse_level2, log_set_max_level_from_string, "log level") |
527 | DEFINE_SETTER(config_parse_target, log_set_target_from_string, "target") | |
528 | DEFINE_SETTER(config_parse_color, log_show_color_from_string, "color" ) | |
529 | DEFINE_SETTER(config_parse_location, log_show_location_from_string, "location") | |
487393e9 | 530 | |
4d7213b2 LP |
531 | static int config_parse_cpu_affinity2( |
532 | const char *unit, | |
533 | const char *filename, | |
534 | unsigned line, | |
535 | const char *section, | |
536 | unsigned section_line, | |
537 | const char *lvalue, | |
538 | int ltype, | |
539 | const char *rvalue, | |
540 | void *data, | |
541 | void *userdata) { | |
487393e9 | 542 | |
4b40bc38 | 543 | _cleanup_cpu_free_ cpu_set_t *c = NULL; |
f5c72b73 | 544 | int ncpus; |
487393e9 | 545 | |
765d143b | 546 | ncpus = parse_cpu_set_and_warn(rvalue, &c, unit, filename, line, lvalue); |
f5c72b73 FB |
547 | if (ncpus < 0) |
548 | return ncpus; | |
487393e9 | 549 | |
f5c72b73 | 550 | if (sched_setaffinity(0, CPU_ALLOC_SIZE(ncpus), c) < 0) |
25f027c5 | 551 | log_warning_errno(errno, "Failed to set CPU affinity: %m"); |
487393e9 | 552 | |
487393e9 LP |
553 | return 0; |
554 | } | |
555 | ||
4d7213b2 LP |
556 | static int config_parse_show_status( |
557 | const char* unit, | |
558 | const char *filename, | |
559 | unsigned line, | |
560 | const char *section, | |
561 | unsigned section_line, | |
562 | const char *lvalue, | |
563 | int ltype, | |
564 | const char *rvalue, | |
565 | void *data, | |
566 | void *userdata) { | |
567 | ||
568 | int k; | |
569 | ShowStatus *b = data; | |
570 | ||
571 | assert(filename); | |
572 | assert(lvalue); | |
573 | assert(rvalue); | |
574 | assert(data); | |
575 | ||
576 | k = parse_show_status(rvalue, b); | |
577 | if (k < 0) { | |
12ca818f | 578 | log_syntax(unit, LOG_ERR, filename, line, k, "Failed to parse show status setting, ignoring: %s", rvalue); |
4d7213b2 LP |
579 | return 0; |
580 | } | |
581 | ||
582 | return 0; | |
583 | } | |
584 | ||
5db98187 LP |
585 | static int config_parse_output_restricted( |
586 | const char* unit, | |
587 | const char *filename, | |
588 | unsigned line, | |
589 | const char *section, | |
590 | unsigned section_line, | |
591 | const char *lvalue, | |
592 | int ltype, | |
593 | const char *rvalue, | |
594 | void *data, | |
595 | void *userdata) { | |
596 | ||
597 | ExecOutput t, *eo = data; | |
598 | ||
599 | assert(filename); | |
600 | assert(lvalue); | |
601 | assert(rvalue); | |
602 | assert(data); | |
603 | ||
604 | t = exec_output_from_string(rvalue); | |
605 | if (t < 0) { | |
606 | log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse output type, ignoring: %s", rvalue); | |
607 | return 0; | |
608 | } | |
609 | ||
610 | if (IN_SET(t, EXEC_OUTPUT_SOCKET, EXEC_OUTPUT_NAMED_FD, EXEC_OUTPUT_FILE)) { | |
611 | log_syntax(unit, LOG_ERR, filename, line, 0, "Standard output types socket, fd:, file: are not supported as defaults, ignoring: %s", rvalue); | |
612 | return 0; | |
613 | } | |
614 | ||
615 | *eo = t; | |
616 | return 0; | |
617 | } | |
618 | ||
b9e74c39 LP |
619 | static int config_parse_crash_chvt( |
620 | const char* unit, | |
621 | const char *filename, | |
622 | unsigned line, | |
623 | const char *section, | |
624 | unsigned section_line, | |
625 | const char *lvalue, | |
626 | int ltype, | |
627 | const char *rvalue, | |
628 | void *data, | |
629 | void *userdata) { | |
630 | ||
631 | int r; | |
632 | ||
633 | assert(filename); | |
634 | assert(lvalue); | |
635 | assert(rvalue); | |
b9e74c39 LP |
636 | |
637 | r = parse_crash_chvt(rvalue); | |
638 | if (r < 0) { | |
639 | log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse CrashChangeVT= setting, ignoring: %s", rvalue); | |
640 | return 0; | |
641 | } | |
642 | ||
643 | return 0; | |
644 | } | |
645 | ||
e8e581bf ZJS |
646 | static int config_parse_join_controllers(const char *unit, |
647 | const char *filename, | |
648 | unsigned line, | |
649 | const char *section, | |
71a61510 | 650 | unsigned section_line, |
e8e581bf ZJS |
651 | const char *lvalue, |
652 | int ltype, | |
653 | const char *rvalue, | |
654 | void *data, | |
655 | void *userdata) { | |
0c85a4f3 | 656 | |
3875c85b | 657 | const char *whole_rvalue = rvalue; |
0c85a4f3 | 658 | unsigned n = 0; |
0c85a4f3 LP |
659 | |
660 | assert(filename); | |
661 | assert(lvalue); | |
662 | assert(rvalue); | |
663 | ||
fe382237 | 664 | arg_join_controllers = strv_free_free(arg_join_controllers); |
0c85a4f3 | 665 | |
d4ebeb4f FB |
666 | for (;;) { |
667 | _cleanup_free_ char *word = NULL; | |
668 | char **l; | |
669 | int r; | |
0c85a4f3 | 670 | |
9a82ab95 | 671 | r = extract_first_word(&rvalue, &word, NULL, EXTRACT_QUOTES); |
3875c85b FB |
672 | if (r < 0) { |
673 | log_syntax(unit, LOG_ERR, filename, line, r, "Invalid value for %s: %s", lvalue, whole_rvalue); | |
d4ebeb4f | 674 | return r; |
3875c85b | 675 | } |
d4ebeb4f FB |
676 | if (r == 0) |
677 | break; | |
0c85a4f3 | 678 | |
d4ebeb4f | 679 | l = strv_split(word, ","); |
1592ec21 | 680 | if (!l) |
aa8aeac0 | 681 | return log_oom(); |
0c85a4f3 LP |
682 | strv_uniq(l); |
683 | ||
684 | if (strv_length(l) <= 1) { | |
685 | strv_free(l); | |
686 | continue; | |
687 | } | |
688 | ||
689 | if (!arg_join_controllers) { | |
690 | arg_join_controllers = new(char**, 2); | |
691 | if (!arg_join_controllers) { | |
692 | strv_free(l); | |
14212119 | 693 | return log_oom(); |
0c85a4f3 LP |
694 | } |
695 | ||
696 | arg_join_controllers[0] = l; | |
697 | arg_join_controllers[1] = NULL; | |
698 | ||
699 | n = 1; | |
700 | } else { | |
701 | char ***a; | |
702 | char ***t; | |
703 | ||
704 | t = new0(char**, n+2); | |
705 | if (!t) { | |
706 | strv_free(l); | |
14212119 | 707 | return log_oom(); |
0c85a4f3 LP |
708 | } |
709 | ||
710 | n = 0; | |
711 | ||
712 | for (a = arg_join_controllers; *a; a++) { | |
713 | ||
714 | if (strv_overlap(*a, l)) { | |
e287086b | 715 | if (strv_extend_strv(&l, *a, false) < 0) { |
0c85a4f3 LP |
716 | strv_free(l); |
717 | strv_free_free(t); | |
14212119 | 718 | return log_oom(); |
0c85a4f3 LP |
719 | } |
720 | ||
0c85a4f3 LP |
721 | } else { |
722 | char **c; | |
723 | ||
724 | c = strv_copy(*a); | |
725 | if (!c) { | |
726 | strv_free(l); | |
727 | strv_free_free(t); | |
14212119 | 728 | return log_oom(); |
0c85a4f3 LP |
729 | } |
730 | ||
731 | t[n++] = c; | |
732 | } | |
733 | } | |
734 | ||
735 | t[n++] = strv_uniq(l); | |
736 | ||
737 | strv_free_free(arg_join_controllers); | |
738 | arg_join_controllers = t; | |
739 | } | |
740 | } | |
d4ebeb4f | 741 | if (!isempty(rvalue)) |
12ca818f | 742 | log_syntax(unit, LOG_ERR, filename, line, 0, "Trailing garbage, ignoring."); |
0c85a4f3 LP |
743 | |
744 | return 0; | |
745 | } | |
746 | ||
487393e9 LP |
747 | static int parse_config_file(void) { |
748 | ||
f975e971 | 749 | const ConfigTableItem items[] = { |
d3b1c508 LP |
750 | { "Manager", "LogLevel", config_parse_level2, 0, NULL }, |
751 | { "Manager", "LogTarget", config_parse_target, 0, NULL }, | |
752 | { "Manager", "LogColor", config_parse_color, 0, NULL }, | |
753 | { "Manager", "LogLocation", config_parse_location, 0, NULL }, | |
754 | { "Manager", "DumpCore", config_parse_bool, 0, &arg_dump_core }, | |
b9e74c39 LP |
755 | { "Manager", "CrashChVT", /* legacy */ config_parse_crash_chvt, 0, NULL }, |
756 | { "Manager", "CrashChangeVT", config_parse_crash_chvt, 0, NULL }, | |
d3b1c508 | 757 | { "Manager", "CrashShell", config_parse_bool, 0, &arg_crash_shell }, |
b9e74c39 | 758 | { "Manager", "CrashReboot", config_parse_bool, 0, &arg_crash_reboot }, |
d3b1c508 | 759 | { "Manager", "ShowStatus", config_parse_show_status, 0, &arg_show_status }, |
d3b1c508 LP |
760 | { "Manager", "CPUAffinity", config_parse_cpu_affinity2, 0, NULL }, |
761 | { "Manager", "JoinControllers", config_parse_join_controllers, 0, &arg_join_controllers }, | |
762 | { "Manager", "RuntimeWatchdogSec", config_parse_sec, 0, &arg_runtime_watchdog }, | |
763 | { "Manager", "ShutdownWatchdogSec", config_parse_sec, 0, &arg_shutdown_watchdog }, | |
8a2c1fbf | 764 | { "Manager", "WatchdogDevice", config_parse_path, 0, &arg_watchdog_device }, |
a103496c | 765 | { "Manager", "CapabilityBoundingSet", config_parse_capability_set, 0, &arg_capability_bounding_set }, |
349cc4a5 | 766 | #if HAVE_SECCOMP |
d3b1c508 | 767 | { "Manager", "SystemCallArchitectures", config_parse_syscall_archs, 0, &arg_syscall_archs }, |
89fffa27 | 768 | #endif |
d3b1c508 | 769 | { "Manager", "TimerSlackNSec", config_parse_nsec, 0, &arg_timer_slack_nsec }, |
bd8f585b | 770 | { "Manager", "DefaultTimerAccuracySec", config_parse_sec, 0, &arg_default_timer_accuracy_usec }, |
5db98187 LP |
771 | { "Manager", "DefaultStandardOutput", config_parse_output_restricted,0, &arg_default_std_output }, |
772 | { "Manager", "DefaultStandardError", config_parse_output_restricted,0, &arg_default_std_error }, | |
d3b1c508 LP |
773 | { "Manager", "DefaultTimeoutStartSec", config_parse_sec, 0, &arg_default_timeout_start_usec }, |
774 | { "Manager", "DefaultTimeoutStopSec", config_parse_sec, 0, &arg_default_timeout_stop_usec }, | |
775 | { "Manager", "DefaultRestartSec", config_parse_sec, 0, &arg_default_restart_usec }, | |
f0367da7 LP |
776 | { "Manager", "DefaultStartLimitInterval", config_parse_sec, 0, &arg_default_start_limit_interval }, /* obsolete alias */ |
777 | { "Manager", "DefaultStartLimitIntervalSec",config_parse_sec, 0, &arg_default_start_limit_interval }, | |
d3b1c508 LP |
778 | { "Manager", "DefaultStartLimitBurst", config_parse_unsigned, 0, &arg_default_start_limit_burst }, |
779 | { "Manager", "DefaultEnvironment", config_parse_environ, 0, &arg_default_environment }, | |
d0a7c5f6 LP |
780 | { "Manager", "DefaultLimitCPU", config_parse_limit, RLIMIT_CPU, arg_default_rlimit }, |
781 | { "Manager", "DefaultLimitFSIZE", config_parse_limit, RLIMIT_FSIZE, arg_default_rlimit }, | |
782 | { "Manager", "DefaultLimitDATA", config_parse_limit, RLIMIT_DATA, arg_default_rlimit }, | |
783 | { "Manager", "DefaultLimitSTACK", config_parse_limit, RLIMIT_STACK, arg_default_rlimit }, | |
784 | { "Manager", "DefaultLimitCORE", config_parse_limit, RLIMIT_CORE, arg_default_rlimit }, | |
785 | { "Manager", "DefaultLimitRSS", config_parse_limit, RLIMIT_RSS, arg_default_rlimit }, | |
786 | { "Manager", "DefaultLimitNOFILE", config_parse_limit, RLIMIT_NOFILE, arg_default_rlimit }, | |
787 | { "Manager", "DefaultLimitAS", config_parse_limit, RLIMIT_AS, arg_default_rlimit }, | |
788 | { "Manager", "DefaultLimitNPROC", config_parse_limit, RLIMIT_NPROC, arg_default_rlimit }, | |
789 | { "Manager", "DefaultLimitMEMLOCK", config_parse_limit, RLIMIT_MEMLOCK, arg_default_rlimit }, | |
790 | { "Manager", "DefaultLimitLOCKS", config_parse_limit, RLIMIT_LOCKS, arg_default_rlimit }, | |
791 | { "Manager", "DefaultLimitSIGPENDING", config_parse_limit, RLIMIT_SIGPENDING, arg_default_rlimit }, | |
792 | { "Manager", "DefaultLimitMSGQUEUE", config_parse_limit, RLIMIT_MSGQUEUE, arg_default_rlimit }, | |
793 | { "Manager", "DefaultLimitNICE", config_parse_limit, RLIMIT_NICE, arg_default_rlimit }, | |
794 | { "Manager", "DefaultLimitRTPRIO", config_parse_limit, RLIMIT_RTPRIO, arg_default_rlimit }, | |
795 | { "Manager", "DefaultLimitRTTIME", config_parse_limit, RLIMIT_RTTIME, arg_default_rlimit }, | |
085afe36 | 796 | { "Manager", "DefaultCPUAccounting", config_parse_bool, 0, &arg_default_cpu_accounting }, |
13c31542 | 797 | { "Manager", "DefaultIOAccounting", config_parse_bool, 0, &arg_default_io_accounting }, |
377bfd2d | 798 | { "Manager", "DefaultIPAccounting", config_parse_bool, 0, &arg_default_ip_accounting }, |
085afe36 LP |
799 | { "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_default_blockio_accounting }, |
800 | { "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_default_memory_accounting }, | |
03a7b521 | 801 | { "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_default_tasks_accounting }, |
0af20ea2 | 802 | { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max }, |
ae8c7939 | 803 | { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, 0, &arg_cad_burst_action }, |
d3b1c508 | 804 | {} |
487393e9 LP |
805 | }; |
806 | ||
1b907b5c | 807 | const char *fn, *conf_dirs_nulstr; |
487393e9 | 808 | |
463d0d15 | 809 | fn = arg_system ? |
75eb6154 LP |
810 | PKGSYSCONFDIR "/system.conf" : |
811 | PKGSYSCONFDIR "/user.conf"; | |
812 | ||
463d0d15 | 813 | conf_dirs_nulstr = arg_system ? |
75eb6154 LP |
814 | CONF_PATHS_NULSTR("systemd/system.conf.d") : |
815 | CONF_PATHS_NULSTR("systemd/user.conf.d"); | |
816 | ||
bcde742e | 817 | (void) config_parse_many_nulstr(fn, conf_dirs_nulstr, "Manager\0", config_item_table_lookup, items, CONFIG_PARSE_WARN, NULL); |
36c16a7c LP |
818 | |
819 | /* Traditionally "0" was used to turn off the default unit timeouts. Fix this up so that we used USEC_INFINITY | |
820 | * like everywhere else. */ | |
821 | if (arg_default_timeout_start_usec <= 0) | |
822 | arg_default_timeout_start_usec = USEC_INFINITY; | |
823 | if (arg_default_timeout_stop_usec <= 0) | |
824 | arg_default_timeout_stop_usec = USEC_INFINITY; | |
487393e9 | 825 | |
487393e9 LP |
826 | return 0; |
827 | } | |
828 | ||
85cb4151 | 829 | static void set_manager_defaults(Manager *m) { |
06af2a04 TB |
830 | |
831 | assert(m); | |
832 | ||
833 | m->default_timer_accuracy_usec = arg_default_timer_accuracy_usec; | |
834 | m->default_std_output = arg_default_std_output; | |
835 | m->default_std_error = arg_default_std_error; | |
836 | m->default_timeout_start_usec = arg_default_timeout_start_usec; | |
837 | m->default_timeout_stop_usec = arg_default_timeout_stop_usec; | |
838 | m->default_restart_usec = arg_default_restart_usec; | |
839 | m->default_start_limit_interval = arg_default_start_limit_interval; | |
840 | m->default_start_limit_burst = arg_default_start_limit_burst; | |
841 | m->default_cpu_accounting = arg_default_cpu_accounting; | |
13c31542 | 842 | m->default_io_accounting = arg_default_io_accounting; |
377bfd2d | 843 | m->default_ip_accounting = arg_default_ip_accounting; |
06af2a04 TB |
844 | m->default_blockio_accounting = arg_default_blockio_accounting; |
845 | m->default_memory_accounting = arg_default_memory_accounting; | |
03a7b521 | 846 | m->default_tasks_accounting = arg_default_tasks_accounting; |
0af20ea2 | 847 | m->default_tasks_max = arg_default_tasks_max; |
06af2a04 TB |
848 | |
849 | manager_set_default_rlimits(m, arg_default_rlimit); | |
850 | manager_environment_add(m, NULL, arg_default_environment); | |
851 | } | |
852 | ||
7b46fc6a LP |
853 | static void set_manager_settings(Manager *m) { |
854 | ||
855 | assert(m); | |
856 | ||
857 | m->confirm_spawn = arg_confirm_spawn; | |
858 | m->runtime_watchdog = arg_runtime_watchdog; | |
859 | m->shutdown_watchdog = arg_shutdown_watchdog; | |
860 | m->cad_burst_action = arg_cad_burst_action; | |
861 | ||
862 | manager_set_show_status(m, arg_show_status); | |
863 | } | |
864 | ||
f170852a LP |
865 | static int parse_argv(int argc, char *argv[]) { |
866 | ||
867 | enum { | |
868 | ARG_LOG_LEVEL = 0x100, | |
869 | ARG_LOG_TARGET, | |
bbe63281 LP |
870 | ARG_LOG_COLOR, |
871 | ARG_LOG_LOCATION, | |
2f198e2f | 872 | ARG_UNIT, |
edb9aaa8 | 873 | ARG_SYSTEM, |
af2d49f7 | 874 | ARG_USER, |
e537352b | 875 | ARG_TEST, |
b87c2aa6 | 876 | ARG_NO_PAGER, |
9ba0bc4e | 877 | ARG_VERSION, |
80876c20 | 878 | ARG_DUMP_CONFIGURATION_ITEMS, |
9e58ff9c | 879 | ARG_DUMP_CORE, |
b9e74c39 | 880 | ARG_CRASH_CHVT, |
9e58ff9c | 881 | ARG_CRASH_SHELL, |
b9e74c39 | 882 | ARG_CRASH_REBOOT, |
a16e1123 | 883 | ARG_CONFIRM_SPAWN, |
9e58ff9c | 884 | ARG_SHOW_STATUS, |
4288f619 | 885 | ARG_DESERIALIZE, |
2660882b | 886 | ARG_SWITCHED_ROOT, |
0a494f1f | 887 | ARG_DEFAULT_STD_OUTPUT, |
ee48dbd5 NC |
888 | ARG_DEFAULT_STD_ERROR, |
889 | ARG_MACHINE_ID | |
f170852a LP |
890 | }; |
891 | ||
892 | static const struct option options[] = { | |
a16e1123 LP |
893 | { "log-level", required_argument, NULL, ARG_LOG_LEVEL }, |
894 | { "log-target", required_argument, NULL, ARG_LOG_TARGET }, | |
bbe63281 LP |
895 | { "log-color", optional_argument, NULL, ARG_LOG_COLOR }, |
896 | { "log-location", optional_argument, NULL, ARG_LOG_LOCATION }, | |
2f198e2f | 897 | { "unit", required_argument, NULL, ARG_UNIT }, |
edb9aaa8 | 898 | { "system", no_argument, NULL, ARG_SYSTEM }, |
af2d49f7 | 899 | { "user", no_argument, NULL, ARG_USER }, |
a16e1123 | 900 | { "test", no_argument, NULL, ARG_TEST }, |
b87c2aa6 | 901 | { "no-pager", no_argument, NULL, ARG_NO_PAGER }, |
a16e1123 | 902 | { "help", no_argument, NULL, 'h' }, |
9ba0bc4e | 903 | { "version", no_argument, NULL, ARG_VERSION }, |
a16e1123 | 904 | { "dump-configuration-items", no_argument, NULL, ARG_DUMP_CONFIGURATION_ITEMS }, |
a5d87bf0 | 905 | { "dump-core", optional_argument, NULL, ARG_DUMP_CORE }, |
b9e74c39 | 906 | { "crash-chvt", required_argument, NULL, ARG_CRASH_CHVT }, |
a5d87bf0 | 907 | { "crash-shell", optional_argument, NULL, ARG_CRASH_SHELL }, |
b9e74c39 | 908 | { "crash-reboot", optional_argument, NULL, ARG_CRASH_REBOOT }, |
a5d87bf0 | 909 | { "confirm-spawn", optional_argument, NULL, ARG_CONFIRM_SPAWN }, |
6e98720f | 910 | { "show-status", optional_argument, NULL, ARG_SHOW_STATUS }, |
a16e1123 | 911 | { "deserialize", required_argument, NULL, ARG_DESERIALIZE }, |
2660882b | 912 | { "switched-root", no_argument, NULL, ARG_SWITCHED_ROOT }, |
0a494f1f LP |
913 | { "default-standard-output", required_argument, NULL, ARG_DEFAULT_STD_OUTPUT, }, |
914 | { "default-standard-error", required_argument, NULL, ARG_DEFAULT_STD_ERROR, }, | |
ee48dbd5 | 915 | { "machine-id", required_argument, NULL, ARG_MACHINE_ID }, |
fb472900 | 916 | {} |
f170852a LP |
917 | }; |
918 | ||
919 | int c, r; | |
920 | ||
921 | assert(argc >= 1); | |
922 | assert(argv); | |
923 | ||
df0ff127 | 924 | if (getpid_cached() == 1) |
b770165a LP |
925 | opterr = 0; |
926 | ||
099663ff | 927 | while ((c = getopt_long(argc, argv, "hDbsz:", options, NULL)) >= 0) |
f170852a LP |
928 | |
929 | switch (c) { | |
930 | ||
931 | case ARG_LOG_LEVEL: | |
fb472900 ZJS |
932 | r = log_set_max_level_from_string(optarg); |
933 | if (r < 0) { | |
f170852a LP |
934 | log_error("Failed to parse log level %s.", optarg); |
935 | return r; | |
936 | } | |
937 | ||
938 | break; | |
939 | ||
940 | case ARG_LOG_TARGET: | |
fb472900 ZJS |
941 | r = log_set_target_from_string(optarg); |
942 | if (r < 0) { | |
f170852a LP |
943 | log_error("Failed to parse log target %s.", optarg); |
944 | return r; | |
945 | } | |
946 | ||
947 | break; | |
948 | ||
bbe63281 LP |
949 | case ARG_LOG_COLOR: |
950 | ||
d0b170c8 | 951 | if (optarg) { |
fb472900 ZJS |
952 | r = log_show_color_from_string(optarg); |
953 | if (r < 0) { | |
d0b170c8 LP |
954 | log_error("Failed to parse log color setting %s.", optarg); |
955 | return r; | |
956 | } | |
957 | } else | |
958 | log_show_color(true); | |
bbe63281 LP |
959 | |
960 | break; | |
961 | ||
962 | case ARG_LOG_LOCATION: | |
d0b170c8 | 963 | if (optarg) { |
fb472900 ZJS |
964 | r = log_show_location_from_string(optarg); |
965 | if (r < 0) { | |
d0b170c8 LP |
966 | log_error("Failed to parse log location setting %s.", optarg); |
967 | return r; | |
968 | } | |
969 | } else | |
970 | log_show_location(true); | |
bbe63281 LP |
971 | |
972 | break; | |
973 | ||
0a494f1f | 974 | case ARG_DEFAULT_STD_OUTPUT: |
fb472900 ZJS |
975 | r = exec_output_from_string(optarg); |
976 | if (r < 0) { | |
0a494f1f LP |
977 | log_error("Failed to parse default standard output setting %s.", optarg); |
978 | return r; | |
979 | } else | |
980 | arg_default_std_output = r; | |
981 | break; | |
982 | ||
983 | case ARG_DEFAULT_STD_ERROR: | |
fb472900 ZJS |
984 | r = exec_output_from_string(optarg); |
985 | if (r < 0) { | |
0a494f1f LP |
986 | log_error("Failed to parse default standard error output setting %s.", optarg); |
987 | return r; | |
988 | } else | |
989 | arg_default_std_error = r; | |
990 | break; | |
991 | ||
2f198e2f | 992 | case ARG_UNIT: |
e6e242ad | 993 | r = free_and_strdup(&arg_default_unit, optarg); |
23bbb0de MS |
994 | if (r < 0) |
995 | return log_error_errno(r, "Failed to set default unit %s: %m", optarg); | |
f170852a LP |
996 | |
997 | break; | |
998 | ||
edb9aaa8 | 999 | case ARG_SYSTEM: |
463d0d15 | 1000 | arg_system = true; |
edb9aaa8 | 1001 | break; |
a5dab5ce | 1002 | |
af2d49f7 | 1003 | case ARG_USER: |
463d0d15 | 1004 | arg_system = false; |
a5dab5ce | 1005 | break; |
a5dab5ce | 1006 | |
e965d56d | 1007 | case ARG_TEST: |
fa0f4d8a | 1008 | arg_action = ACTION_TEST; |
b87c2aa6 ZJS |
1009 | break; |
1010 | ||
1011 | case ARG_NO_PAGER: | |
1012 | arg_no_pager = true; | |
e965d56d LP |
1013 | break; |
1014 | ||
9ba0bc4e ZJS |
1015 | case ARG_VERSION: |
1016 | arg_action = ACTION_VERSION; | |
1017 | break; | |
1018 | ||
e537352b | 1019 | case ARG_DUMP_CONFIGURATION_ITEMS: |
fa0f4d8a | 1020 | arg_action = ACTION_DUMP_CONFIGURATION_ITEMS; |
e537352b LP |
1021 | break; |
1022 | ||
9e58ff9c | 1023 | case ARG_DUMP_CORE: |
b9e74c39 LP |
1024 | if (!optarg) |
1025 | arg_dump_core = true; | |
1026 | else { | |
1027 | r = parse_boolean(optarg); | |
1028 | if (r < 0) | |
1029 | return log_error_errno(r, "Failed to parse dump core boolean: %s", optarg); | |
1030 | arg_dump_core = r; | |
a5d87bf0 | 1031 | } |
b9e74c39 LP |
1032 | break; |
1033 | ||
1034 | case ARG_CRASH_CHVT: | |
1035 | r = parse_crash_chvt(optarg); | |
1036 | if (r < 0) | |
1037 | return log_error_errno(r, "Failed to parse crash virtual terminal index: %s", optarg); | |
9e58ff9c LP |
1038 | break; |
1039 | ||
1040 | case ARG_CRASH_SHELL: | |
b9e74c39 LP |
1041 | if (!optarg) |
1042 | arg_crash_shell = true; | |
1043 | else { | |
1044 | r = parse_boolean(optarg); | |
1045 | if (r < 0) | |
1046 | return log_error_errno(r, "Failed to parse crash shell boolean: %s", optarg); | |
1047 | arg_crash_shell = r; | |
1048 | } | |
1049 | break; | |
1050 | ||
1051 | case ARG_CRASH_REBOOT: | |
1052 | if (!optarg) | |
1053 | arg_crash_reboot = true; | |
1054 | else { | |
1055 | r = parse_boolean(optarg); | |
1056 | if (r < 0) | |
1057 | return log_error_errno(r, "Failed to parse crash shell boolean: %s", optarg); | |
1058 | arg_crash_reboot = r; | |
a5d87bf0 | 1059 | } |
9e58ff9c LP |
1060 | break; |
1061 | ||
80876c20 | 1062 | case ARG_CONFIRM_SPAWN: |
7d5ceb64 FB |
1063 | arg_confirm_spawn = mfree(arg_confirm_spawn); |
1064 | ||
1065 | r = parse_confirm_spawn(optarg, &arg_confirm_spawn); | |
1066 | if (r < 0) | |
1067 | return log_error_errno(r, "Failed to parse confirm spawn option: %m"); | |
80876c20 LP |
1068 | break; |
1069 | ||
9e58ff9c | 1070 | case ARG_SHOW_STATUS: |
d450b6f2 ZJS |
1071 | if (optarg) { |
1072 | r = parse_show_status(optarg, &arg_show_status); | |
1073 | if (r < 0) { | |
1074 | log_error("Failed to parse show status boolean %s.", optarg); | |
1075 | return r; | |
1076 | } | |
1077 | } else | |
1078 | arg_show_status = SHOW_STATUS_YES; | |
6e98720f | 1079 | break; |
a5d87bf0 | 1080 | |
a16e1123 LP |
1081 | case ARG_DESERIALIZE: { |
1082 | int fd; | |
1083 | FILE *f; | |
1084 | ||
01e10de3 LP |
1085 | r = safe_atoi(optarg, &fd); |
1086 | if (r < 0 || fd < 0) { | |
a16e1123 | 1087 | log_error("Failed to parse deserialize option %s.", optarg); |
b9e74c39 | 1088 | return -EINVAL; |
a16e1123 LP |
1089 | } |
1090 | ||
b9e74c39 | 1091 | (void) fd_cloexec(fd, true); |
01e10de3 LP |
1092 | |
1093 | f = fdopen(fd, "r"); | |
4a62c710 MS |
1094 | if (!f) |
1095 | return log_error_errno(errno, "Failed to open serialization fd: %m"); | |
a16e1123 | 1096 | |
74ca738f | 1097 | safe_fclose(arg_serialization); |
d3b1c508 | 1098 | arg_serialization = f; |
a16e1123 LP |
1099 | |
1100 | break; | |
1101 | } | |
1102 | ||
2660882b | 1103 | case ARG_SWITCHED_ROOT: |
bf4df7c3 | 1104 | arg_switched_root = true; |
d03bc1b8 HH |
1105 | break; |
1106 | ||
ee48dbd5 NC |
1107 | case ARG_MACHINE_ID: |
1108 | r = set_machine_id(optarg); | |
54500613 LP |
1109 | if (r < 0) |
1110 | return log_error_errno(r, "MachineID '%s' is not valid.", optarg); | |
ee48dbd5 NC |
1111 | break; |
1112 | ||
f170852a | 1113 | case 'h': |
fa0f4d8a | 1114 | arg_action = ACTION_HELP; |
f170852a LP |
1115 | break; |
1116 | ||
1d2e23ab LP |
1117 | case 'D': |
1118 | log_set_max_level(LOG_DEBUG); | |
1119 | break; | |
1120 | ||
099663ff LP |
1121 | case 'b': |
1122 | case 's': | |
1123 | case 'z': | |
1124 | /* Just to eat away the sysvinit kernel | |
1125 | * cmdline args without getopt() error | |
1126 | * messages that we'll parse in | |
1127 | * parse_proc_cmdline_word() or ignore. */ | |
f170852a | 1128 | |
099663ff | 1129 | case '?': |
df0ff127 | 1130 | if (getpid_cached() != 1) |
099663ff | 1131 | return -EINVAL; |
601185b4 ZJS |
1132 | else |
1133 | return 0; | |
099663ff | 1134 | |
601185b4 ZJS |
1135 | default: |
1136 | assert_not_reached("Unhandled option code."); | |
f170852a LP |
1137 | } |
1138 | ||
df0ff127 | 1139 | if (optind < argc && getpid_cached() != 1) { |
d821e6d6 LP |
1140 | /* Hmm, when we aren't run as init system |
1141 | * let's complain about excess arguments */ | |
1142 | ||
1143 | log_error("Excess arguments."); | |
1144 | return -EINVAL; | |
1145 | } | |
1146 | ||
f170852a LP |
1147 | return 0; |
1148 | } | |
1149 | ||
1150 | static int help(void) { | |
1151 | ||
2e33c433 | 1152 | printf("%s [OPTIONS...]\n\n" |
af2d49f7 | 1153 | "Starts up and maintains the system or user services.\n\n" |
e537352b | 1154 | " -h --help Show this help\n" |
cb4069d9 | 1155 | " --version Show version\n" |
e537352b | 1156 | " --test Determine startup sequence, dump it and exit\n" |
b87c2aa6 | 1157 | " --no-pager Do not pipe output into a pager\n" |
80876c20 | 1158 | " --dump-configuration-items Dump understood unit configuration items\n" |
9e58ff9c | 1159 | " --unit=UNIT Set default unit\n" |
edb9aaa8 | 1160 | " --system Run a system instance, even if PID != 1\n" |
af2d49f7 | 1161 | " --user Run a user instance\n" |
b9e74c39 LP |
1162 | " --dump-core[=BOOL] Dump core on crash\n" |
1163 | " --crash-vt=NR Change to specified VT on crash\n" | |
1164 | " --crash-reboot[=BOOL] Reboot on crash\n" | |
1165 | " --crash-shell[=BOOL] Run shell on crash\n" | |
1166 | " --confirm-spawn[=BOOL] Ask for confirmation when spawning processes\n" | |
1167 | " --show-status[=BOOL] Show status updates on the console during bootup\n" | |
c1dc6153 | 1168 | " --log-target=TARGET Set log target (console, journal, kmsg, journal-or-kmsg, null)\n" |
9e58ff9c | 1169 | " --log-level=LEVEL Set log level (debug, info, notice, warning, err, crit, alert, emerg)\n" |
b9e74c39 LP |
1170 | " --log-color[=BOOL] Highlight important log messages\n" |
1171 | " --log-location[=BOOL] Include code location in log messages\n" | |
0a494f1f LP |
1172 | " --default-standard-output= Set default standard output for services\n" |
1173 | " --default-standard-error= Set default standard error output for services\n", | |
5b6319dc | 1174 | program_invocation_short_name); |
f170852a LP |
1175 | |
1176 | return 0; | |
1177 | } | |
1178 | ||
b3680f49 | 1179 | static int prepare_reexecute(Manager *m, FILE **_f, FDSet **_fds, bool switching_root) { |
48b90859 LP |
1180 | _cleanup_fdset_free_ FDSet *fds = NULL; |
1181 | _cleanup_fclose_ FILE *f = NULL; | |
a16e1123 LP |
1182 | int r; |
1183 | ||
1184 | assert(m); | |
1185 | assert(_f); | |
1186 | assert(_fds); | |
1187 | ||
6b78f9b4 | 1188 | r = manager_open_serialization(m, &f); |
48b90859 LP |
1189 | if (r < 0) |
1190 | return log_error_errno(r, "Failed to create serialization file: %m"); | |
a16e1123 | 1191 | |
71445ae7 | 1192 | /* Make sure nothing is really destructed when we shut down */ |
313cefa1 | 1193 | m->n_reloading++; |
718db961 | 1194 | bus_manager_send_reloading(m, true); |
71445ae7 | 1195 | |
6b78f9b4 | 1196 | fds = fdset_new(); |
48b90859 LP |
1197 | if (!fds) |
1198 | return log_oom(); | |
a16e1123 | 1199 | |
b3680f49 | 1200 | r = manager_serialize(m, f, fds, switching_root); |
48b90859 LP |
1201 | if (r < 0) |
1202 | return log_error_errno(r, "Failed to serialize state: %m"); | |
a16e1123 | 1203 | |
48b90859 LP |
1204 | if (fseeko(f, 0, SEEK_SET) == (off_t) -1) |
1205 | return log_error_errno(errno, "Failed to rewind serialization fd: %m"); | |
a16e1123 | 1206 | |
6b78f9b4 | 1207 | r = fd_cloexec(fileno(f), false); |
48b90859 LP |
1208 | if (r < 0) |
1209 | return log_error_errno(r, "Failed to disable O_CLOEXEC for serialization: %m"); | |
a16e1123 | 1210 | |
6b78f9b4 | 1211 | r = fdset_cloexec(fds, false); |
48b90859 LP |
1212 | if (r < 0) |
1213 | return log_error_errno(r, "Failed to disable O_CLOEXEC for serialization fds: %m"); | |
a16e1123 LP |
1214 | |
1215 | *_f = f; | |
1216 | *_fds = fds; | |
1217 | ||
48b90859 LP |
1218 | f = NULL; |
1219 | fds = NULL; | |
a16e1123 | 1220 | |
48b90859 | 1221 | return 0; |
a16e1123 LP |
1222 | } |
1223 | ||
4096d6f5 LP |
1224 | static int bump_rlimit_nofile(struct rlimit *saved_rlimit) { |
1225 | struct rlimit nl; | |
1226 | int r; | |
6385cb31 CB |
1227 | int min_max; |
1228 | _cleanup_free_ char *nr_open = NULL; | |
4096d6f5 LP |
1229 | |
1230 | assert(saved_rlimit); | |
1231 | ||
1232 | /* Save the original RLIMIT_NOFILE so that we can reset it | |
1233 | * later when transitioning from the initrd to the main | |
1234 | * systemd or suchlike. */ | |
4a62c710 | 1235 | if (getrlimit(RLIMIT_NOFILE, saved_rlimit) < 0) |
3ce40911 | 1236 | return log_warning_errno(errno, "Reading RLIMIT_NOFILE failed, ignoring: %m"); |
4096d6f5 LP |
1237 | |
1238 | /* Make sure forked processes get the default kernel setting */ | |
1239 | if (!arg_default_rlimit[RLIMIT_NOFILE]) { | |
1240 | struct rlimit *rl; | |
1241 | ||
1242 | rl = newdup(struct rlimit, saved_rlimit, 1); | |
1243 | if (!rl) | |
1244 | return log_oom(); | |
1245 | ||
1246 | arg_default_rlimit[RLIMIT_NOFILE] = rl; | |
1247 | } | |
1248 | ||
6385cb31 CB |
1249 | /* Get current RLIMIT_NOFILE maximum compiled into the kernel. */ |
1250 | r = read_one_line_file("/proc/sys/fs/nr_open", &nr_open); | |
d387cfdd | 1251 | if (r >= 0) |
6385cb31 CB |
1252 | r = safe_atoi(nr_open, &min_max); |
1253 | /* If we fail, fallback to the hard-coded kernel limit of 1024 * 1024. */ | |
1254 | if (r < 0) | |
1255 | min_max = 1024 * 1024; | |
1256 | ||
4096d6f5 | 1257 | /* Bump up the resource limit for ourselves substantially */ |
6385cb31 | 1258 | nl.rlim_cur = nl.rlim_max = min_max; |
4096d6f5 | 1259 | r = setrlimit_closest(RLIMIT_NOFILE, &nl); |
23bbb0de | 1260 | if (r < 0) |
3ce40911 | 1261 | return log_warning_errno(r, "Setting RLIMIT_NOFILE failed, ignoring: %m"); |
4096d6f5 LP |
1262 | |
1263 | return 0; | |
1264 | } | |
1265 | ||
fb3ae275 LP |
1266 | static int bump_rlimit_memlock(struct rlimit *saved_rlimit) { |
1267 | int r; | |
1268 | ||
1269 | assert(saved_rlimit); | |
1270 | assert(getuid() == 0); | |
1271 | ||
1272 | /* BPF_MAP_TYPE_LPM_TRIE bpf maps are charged against RLIMIT_MEMLOCK, even though we have CAP_IPC_LOCK which | |
1273 | * should normally disable such checks. We need them to implement IPAccessAllow= and IPAccessDeny=, hence let's | |
1274 | * bump the value high enough for the root user. */ | |
1275 | ||
1276 | if (getrlimit(RLIMIT_MEMLOCK, saved_rlimit) < 0) | |
1277 | return log_warning_errno(errno, "Reading RLIMIT_MEMLOCK failed, ignoring: %m"); | |
1278 | ||
1279 | r = setrlimit_closest(RLIMIT_MEMLOCK, &RLIMIT_MAKE_CONST(1024ULL*1024ULL*16ULL)); | |
1280 | if (r < 0) | |
1281 | return log_warning_errno(r, "Setting RLIMIT_MEMLOCK failed, ignoring: %m"); | |
1282 | ||
1283 | return 0; | |
1284 | } | |
1285 | ||
80758717 | 1286 | static void test_usr(void) { |
80758717 | 1287 | |
ed1c99fc | 1288 | /* Check that /usr is not a separate fs */ |
80758717 | 1289 | |
871c44a7 LP |
1290 | if (dir_is_empty("/usr") <= 0) |
1291 | return; | |
1292 | ||
8b173b5e | 1293 | log_warning("/usr appears to be on its own filesystem and is not already mounted. This is not a supported setup. " |
871c44a7 LP |
1294 | "Some things will probably break (sometimes even silently) in mysterious ways. " |
1295 | "Consult http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken for more information."); | |
1296 | } | |
1297 | ||
a07fdfa3 LP |
1298 | static int initialize_join_controllers(void) { |
1299 | /* By default, mount "cpu" + "cpuacct" together, and "net_cls" | |
1300 | * + "net_prio". We'd like to add "cpuset" to the mix, but | |
f131770b | 1301 | * "cpuset" doesn't really work for groups with no initialized |
a07fdfa3 LP |
1302 | * attributes. */ |
1303 | ||
1304 | arg_join_controllers = new(char**, 3); | |
1305 | if (!arg_join_controllers) | |
1306 | return -ENOMEM; | |
1307 | ||
1308 | arg_join_controllers[0] = strv_new("cpu", "cpuacct", NULL); | |
fe382237 LP |
1309 | if (!arg_join_controllers[0]) |
1310 | goto oom; | |
a6b26d90 | 1311 | |
fe382237 LP |
1312 | arg_join_controllers[1] = strv_new("net_cls", "net_prio", NULL); |
1313 | if (!arg_join_controllers[1]) | |
1314 | goto oom; | |
a07fdfa3 | 1315 | |
fe382237 | 1316 | arg_join_controllers[2] = NULL; |
a07fdfa3 | 1317 | return 0; |
fe382237 LP |
1318 | |
1319 | oom: | |
1320 | arg_join_controllers = strv_free_free(arg_join_controllers); | |
1321 | return -ENOMEM; | |
a07fdfa3 LP |
1322 | } |
1323 | ||
d3b1c508 | 1324 | static int enforce_syscall_archs(Set *archs) { |
349cc4a5 | 1325 | #if HAVE_SECCOMP |
d3b1c508 LP |
1326 | int r; |
1327 | ||
83f12b27 FS |
1328 | if (!is_seccomp_available()) |
1329 | return 0; | |
1330 | ||
469830d1 | 1331 | r = seccomp_restrict_archs(arg_syscall_archs); |
d3b1c508 | 1332 | if (r < 0) |
469830d1 | 1333 | return log_error_errno(r, "Failed to enforce system call architecture restrication: %m"); |
d3b1c508 | 1334 | #endif |
469830d1 | 1335 | return 0; |
d3b1c508 LP |
1336 | } |
1337 | ||
b6e2f329 LP |
1338 | static int status_welcome(void) { |
1339 | _cleanup_free_ char *pretty_name = NULL, *ansi_color = NULL; | |
72c7329b | 1340 | const char *fn; |
b6e2f329 LP |
1341 | int r; |
1342 | ||
fd8c85c6 LP |
1343 | if (arg_show_status <= 0) |
1344 | return 0; | |
1345 | ||
72c7329b LP |
1346 | FOREACH_STRING(fn, "/etc/os-release", "/usr/lib/os-release") { |
1347 | r = parse_env_file(fn, NEWLINE, | |
5ae4d543 LP |
1348 | "PRETTY_NAME", &pretty_name, |
1349 | "ANSI_COLOR", &ansi_color, | |
1350 | NULL); | |
b6e2f329 | 1351 | |
72c7329b LP |
1352 | if (r != -ENOENT) |
1353 | break; | |
1354 | } | |
b6e2f329 | 1355 | if (r < 0 && r != -ENOENT) |
72c7329b | 1356 | log_warning_errno(r, "Failed to read os-release file, ignoring: %m"); |
b6e2f329 | 1357 | |
dc9b5816 ZJS |
1358 | if (log_get_show_color()) |
1359 | return status_printf(NULL, false, false, | |
1360 | "\nWelcome to \x1B[%sm%s\x1B[0m!\n", | |
1361 | isempty(ansi_color) ? "1" : ansi_color, | |
1362 | isempty(pretty_name) ? "Linux" : pretty_name); | |
1363 | else | |
1364 | return status_printf(NULL, false, false, | |
1365 | "\nWelcome to %s!\n", | |
1366 | isempty(pretty_name) ? "Linux" : pretty_name); | |
b6e2f329 LP |
1367 | } |
1368 | ||
fdd25311 LP |
1369 | static int write_container_id(void) { |
1370 | const char *c; | |
19854865 | 1371 | int r; |
fdd25311 LP |
1372 | |
1373 | c = getenv("container"); | |
1374 | if (isempty(c)) | |
1375 | return 0; | |
1376 | ||
8612da97 LP |
1377 | RUN_WITH_UMASK(0022) |
1378 | r = write_string_file("/run/systemd/container", c, WRITE_STRING_FILE_CREATE); | |
19854865 | 1379 | if (r < 0) |
f1f849b0 | 1380 | return log_warning_errno(r, "Failed to write /run/systemd/container, ignoring: %m"); |
19854865 LP |
1381 | |
1382 | return 1; | |
1383 | } | |
1384 | ||
1385 | static int bump_unix_max_dgram_qlen(void) { | |
1386 | _cleanup_free_ char *qlen = NULL; | |
1387 | unsigned long v; | |
1388 | int r; | |
1389 | ||
1390 | /* Let's bump the net.unix.max_dgram_qlen sysctl. The kernel | |
1391 | * default of 16 is simply too low. We set the value really | |
1392 | * really early during boot, so that it is actually applied to | |
1393 | * all our sockets, including the $NOTIFY_SOCKET one. */ | |
1394 | ||
1395 | r = read_one_line_file("/proc/sys/net/unix/max_dgram_qlen", &qlen); | |
1396 | if (r < 0) | |
1397 | return log_warning_errno(r, "Failed to read AF_UNIX datagram queue length, ignoring: %m"); | |
1398 | ||
1399 | r = safe_atolu(qlen, &v); | |
1400 | if (r < 0) | |
1401 | return log_warning_errno(r, "Failed to parse AF_UNIX datagram queue length, ignoring: %m"); | |
1402 | ||
1403 | if (v >= DEFAULT_UNIX_MAX_DGRAM_QLEN) | |
1404 | return 0; | |
1405 | ||
1406 | qlen = mfree(qlen); | |
1407 | if (asprintf(&qlen, "%lu\n", DEFAULT_UNIX_MAX_DGRAM_QLEN) < 0) | |
1408 | return log_oom(); | |
1409 | ||
1410 | r = write_string_file("/proc/sys/net/unix/max_dgram_qlen", qlen, 0); | |
1411 | if (r < 0) | |
1412 | return log_full_errno(IN_SET(r, -EROFS, -EPERM, -EACCES) ? LOG_DEBUG : LOG_WARNING, r, | |
1413 | "Failed to bump AF_UNIX datagram queue length, ignoring: %m"); | |
1414 | ||
1415 | return 1; | |
fdd25311 LP |
1416 | } |
1417 | ||
32391275 FB |
1418 | static int fixup_environment(void) { |
1419 | _cleanup_free_ char *term = NULL; | |
4dc63c4b | 1420 | const char *t; |
32391275 FB |
1421 | int r; |
1422 | ||
43db615b LP |
1423 | /* Only fix up the environment when we are started as PID 1 */ |
1424 | if (getpid_cached() != 1) | |
1425 | return 0; | |
1426 | ||
1427 | /* We expect the environment to be set correctly if run inside a container. */ | |
84af7821 LP |
1428 | if (detect_container() > 0) |
1429 | return 0; | |
1430 | ||
43db615b LP |
1431 | /* When started as PID1, the kernel uses /dev/console for our stdios and uses TERM=linux whatever the backend |
1432 | * device used by the console. We try to make a better guess here since some consoles might not have support | |
1433 | * for color mode for example. | |
32391275 | 1434 | * |
43db615b | 1435 | * However if TERM was configured through the kernel command line then leave it alone. */ |
1d84ad94 | 1436 | r = proc_cmdline_get_key("TERM", 0, &term); |
32391275 FB |
1437 | if (r < 0) |
1438 | return r; | |
32391275 | 1439 | |
4dc63c4b LP |
1440 | t = term ?: default_term_for_tty("/dev/console"); |
1441 | ||
1442 | if (setenv("TERM", t, 1) < 0) | |
32391275 FB |
1443 | return -errno; |
1444 | ||
1445 | return 0; | |
1446 | } | |
1447 | ||
6808a0bc LP |
1448 | static void redirect_telinit(int argc, char *argv[]) { |
1449 | ||
1450 | /* This is compatibility support for SysV, where calling init as a user is identical to telinit. */ | |
1451 | ||
1452 | #if HAVE_SYSV_COMPAT | |
1453 | if (getpid_cached() == 1) | |
1454 | return; | |
1455 | ||
1456 | if (!strstr(program_invocation_short_name, "init")) | |
1457 | return; | |
1458 | ||
1459 | execv(SYSTEMCTL_BINARY_PATH, argv); | |
1460 | log_error_errno(errno, "Failed to exec " SYSTEMCTL_BINARY_PATH ": %m"); | |
a45d7127 | 1461 | exit(EXIT_FAILURE); |
6808a0bc LP |
1462 | #endif |
1463 | } | |
1464 | ||
4a36297c LP |
1465 | static int become_shutdown( |
1466 | const char *shutdown_verb, | |
7eb35049 | 1467 | int retval) { |
4a36297c LP |
1468 | |
1469 | char log_level[DECIMAL_STR_MAX(int) + 1], | |
1470 | exit_code[DECIMAL_STR_MAX(uint8_t) + 1]; | |
1471 | ||
1472 | const char* command_line[11] = { | |
1473 | SYSTEMD_SHUTDOWN_BINARY_PATH, | |
1474 | shutdown_verb, | |
1475 | "--log-level", log_level, | |
1476 | "--log-target", | |
1477 | }; | |
1478 | ||
1479 | _cleanup_strv_free_ char **env_block = NULL; | |
1480 | size_t pos = 5; | |
1481 | int r; | |
1482 | ||
7eb35049 | 1483 | assert(shutdown_verb); |
234519ae | 1484 | assert(!command_line[pos]); |
4a36297c LP |
1485 | env_block = strv_copy(environ); |
1486 | ||
1487 | xsprintf(log_level, "%d", log_get_max_level()); | |
1488 | ||
1489 | switch (log_get_target()) { | |
1490 | ||
1491 | case LOG_TARGET_KMSG: | |
1492 | case LOG_TARGET_JOURNAL_OR_KMSG: | |
1493 | case LOG_TARGET_SYSLOG_OR_KMSG: | |
1494 | command_line[pos++] = "kmsg"; | |
1495 | break; | |
1496 | ||
1497 | case LOG_TARGET_NULL: | |
1498 | command_line[pos++] = "null"; | |
1499 | break; | |
1500 | ||
1501 | case LOG_TARGET_CONSOLE: | |
1502 | default: | |
1503 | command_line[pos++] = "console"; | |
1504 | break; | |
1505 | }; | |
1506 | ||
1507 | if (log_get_show_color()) | |
1508 | command_line[pos++] = "--log-color"; | |
1509 | ||
1510 | if (log_get_show_location()) | |
1511 | command_line[pos++] = "--log-location"; | |
1512 | ||
1513 | if (streq(shutdown_verb, "exit")) { | |
1514 | command_line[pos++] = "--exit-code"; | |
1515 | command_line[pos++] = exit_code; | |
1516 | xsprintf(exit_code, "%d", retval); | |
1517 | } | |
1518 | ||
1519 | assert(pos < ELEMENTSOF(command_line)); | |
1520 | ||
7eb35049 LP |
1521 | if (streq(shutdown_verb, "reboot") && |
1522 | arg_shutdown_watchdog > 0 && | |
1523 | arg_shutdown_watchdog != USEC_INFINITY) { | |
1524 | ||
4a36297c LP |
1525 | char *e; |
1526 | ||
1527 | /* If we reboot let's set the shutdown | |
1528 | * watchdog and tell the shutdown binary to | |
1529 | * repeatedly ping it */ | |
1530 | r = watchdog_set_timeout(&arg_shutdown_watchdog); | |
1531 | watchdog_close(r < 0); | |
1532 | ||
1533 | /* Tell the binary how often to ping, ignore failure */ | |
1534 | if (asprintf(&e, "WATCHDOG_USEC="USEC_FMT, arg_shutdown_watchdog) > 0) | |
8a2c1fbf EJ |
1535 | (void) strv_consume(&env_block, e); |
1536 | ||
1537 | if (arg_watchdog_device && | |
1538 | asprintf(&e, "WATCHDOG_DEVICE=%s", arg_watchdog_device) > 0) | |
1539 | (void) strv_consume(&env_block, e); | |
4a36297c LP |
1540 | } else |
1541 | watchdog_close(true); | |
1542 | ||
1543 | /* Avoid the creation of new processes forked by the | |
1544 | * kernel; at this point, we will not listen to the | |
1545 | * signals anyway */ | |
1546 | if (detect_container() <= 0) | |
1547 | (void) cg_uninstall_release_agent(SYSTEMD_CGROUP_CONTROLLER); | |
1548 | ||
1549 | execve(SYSTEMD_SHUTDOWN_BINARY_PATH, (char **) command_line, env_block); | |
1550 | return -errno; | |
1551 | } | |
1552 | ||
e839bafd LP |
1553 | static void initialize_clock(void) { |
1554 | int r; | |
1555 | ||
1556 | if (clock_is_localtime(NULL) > 0) { | |
1557 | int min; | |
1558 | ||
1559 | /* | |
1560 | * The very first call of settimeofday() also does a time warp in the kernel. | |
1561 | * | |
1562 | * In the rtc-in-local time mode, we set the kernel's timezone, and rely on external tools to take care | |
1563 | * of maintaining the RTC and do all adjustments. This matches the behavior of Windows, which leaves | |
1564 | * the RTC alone if the registry tells that the RTC runs in UTC. | |
1565 | */ | |
1566 | r = clock_set_timezone(&min); | |
1567 | if (r < 0) | |
1568 | log_error_errno(r, "Failed to apply local time delta, ignoring: %m"); | |
1569 | else | |
1570 | log_info("RTC configured in localtime, applying delta of %i minutes to system time.", min); | |
1571 | ||
1572 | } else if (!in_initrd()) { | |
1573 | /* | |
1574 | * Do a dummy very first call to seal the kernel's time warp magic. | |
1575 | * | |
1576 | * Do not call this from inside the initrd. The initrd might not carry /etc/adjtime with LOCAL, but the | |
1577 | * real system could be set up that way. In such case, we need to delay the time-warp or the sealing | |
1578 | * until we reach the real system. | |
1579 | * | |
1580 | * Do no set the kernel's timezone. The concept of local time cannot be supported reliably, the time | |
1581 | * will jump or be incorrect at every daylight saving time change. All kernel local time concepts will | |
1582 | * be treated as UTC that way. | |
1583 | */ | |
1584 | (void) clock_reset_timewarp(); | |
1585 | } | |
1586 | ||
1587 | r = clock_apply_epoch(); | |
1588 | if (r < 0) | |
1589 | log_error_errno(r, "Current system time is before build time, but cannot correct: %m"); | |
1590 | else if (r > 0) | |
1591 | log_info("System time before build time, advancing clock."); | |
1592 | } | |
1593 | ||
1e41242e LP |
1594 | static void initialize_coredump(bool skip_setup) { |
1595 | ||
1596 | if (getpid_cached() != 1) | |
1597 | return; | |
1598 | ||
1599 | /* Don't limit the core dump size, so that coredump handlers such as systemd-coredump (which honour the limit) | |
1600 | * will process core dumps for system services by default. */ | |
1601 | if (setrlimit(RLIMIT_CORE, &RLIMIT_MAKE_CONST(RLIM_INFINITY)) < 0) | |
1602 | log_warning_errno(errno, "Failed to set RLIMIT_CORE: %m"); | |
1603 | ||
1604 | /* But at the same time, turn off the core_pattern logic by default, so that no coredumps are stored | |
1605 | * until the systemd-coredump tool is enabled via sysctl. */ | |
1606 | if (!skip_setup) | |
9ce17593 | 1607 | disable_core_dumps(); |
1e41242e LP |
1608 | } |
1609 | ||
3c7878f9 LP |
1610 | static void do_reexecute( |
1611 | int argc, | |
1612 | char *argv[], | |
1613 | const struct rlimit *saved_rlimit_nofile, | |
1614 | const struct rlimit *saved_rlimit_memlock, | |
1615 | FDSet *fds, | |
1616 | const char *switch_root_dir, | |
1617 | const char *switch_root_init, | |
1618 | const char **ret_error_message) { | |
1619 | ||
1620 | unsigned i, j, args_size; | |
1621 | const char **args; | |
1622 | int r; | |
1623 | ||
1624 | assert(saved_rlimit_nofile); | |
1625 | assert(saved_rlimit_memlock); | |
1626 | assert(ret_error_message); | |
1627 | ||
1628 | /* Close and disarm the watchdog, so that the new instance can reinitialize it, but doesn't get rebooted while | |
1629 | * we do that */ | |
1630 | watchdog_close(true); | |
1631 | ||
1632 | /* Reset the RLIMIT_NOFILE to the kernel default, so that the new systemd can pass the kernel default to its | |
1633 | * child processes */ | |
1634 | ||
1635 | if (saved_rlimit_nofile->rlim_cur > 0) | |
1636 | (void) setrlimit(RLIMIT_NOFILE, saved_rlimit_nofile); | |
1637 | if (saved_rlimit_memlock->rlim_cur != (rlim_t) -1) | |
1638 | (void) setrlimit(RLIMIT_MEMLOCK, saved_rlimit_memlock); | |
1639 | ||
1640 | if (switch_root_dir) { | |
1641 | /* Kill all remaining processes from the initrd, but don't wait for them, so that we can handle the | |
1642 | * SIGCHLD for them after deserializing. */ | |
1643 | broadcast_signal(SIGTERM, false, true); | |
1644 | ||
1645 | /* And switch root with MS_MOVE, because we remove the old directory afterwards and detach it. */ | |
1646 | r = switch_root(switch_root_dir, "/mnt", true, MS_MOVE); | |
1647 | if (r < 0) | |
1648 | log_error_errno(r, "Failed to switch root, trying to continue: %m"); | |
1649 | } | |
1650 | ||
1651 | args_size = MAX(6, argc+1); | |
1652 | args = newa(const char*, args_size); | |
1653 | ||
1654 | if (!switch_root_init) { | |
1655 | char sfd[DECIMAL_STR_MAX(int) + 1]; | |
1656 | ||
1657 | /* First try to spawn ourselves with the right path, and with full serialization. We do this only if | |
1658 | * the user didn't specify an explicit init to spawn. */ | |
1659 | ||
1660 | assert(arg_serialization); | |
1661 | assert(fds); | |
1662 | ||
1663 | xsprintf(sfd, "%i", fileno(arg_serialization)); | |
1664 | ||
1665 | i = 0; | |
1666 | args[i++] = SYSTEMD_BINARY_PATH; | |
1667 | if (switch_root_dir) | |
1668 | args[i++] = "--switched-root"; | |
1669 | args[i++] = arg_system ? "--system" : "--user"; | |
1670 | args[i++] = "--deserialize"; | |
1671 | args[i++] = sfd; | |
1672 | args[i++] = NULL; | |
1673 | ||
1674 | assert(i <= args_size); | |
1675 | ||
1676 | /* | |
1677 | * We want valgrind to print its memory usage summary before reexecution. Valgrind won't do this is on | |
1678 | * its own on exec(), but it will do it on exit(). Hence, to ensure we get a summary here, fork() off | |
1679 | * a child, let it exit() cleanly, so that it prints the summary, and wait() for it in the parent, | |
1680 | * before proceeding into the exec(). | |
1681 | */ | |
1682 | valgrind_summary_hack(); | |
1683 | ||
1684 | (void) execv(args[0], (char* const*) args); | |
1685 | log_debug_errno(errno, "Failed to execute our own binary, trying fallback: %m"); | |
1686 | } | |
1687 | ||
1688 | /* Try the fallback, if there is any, without any serialization. We pass the original argv[] and envp[]. (Well, | |
1689 | * modulo the ordering changes due to getopt() in argv[], and some cleanups in envp[], but let's hope that | |
1690 | * doesn't matter.) */ | |
1691 | ||
1692 | arg_serialization = safe_fclose(arg_serialization); | |
1693 | fds = fdset_free(fds); | |
1694 | ||
1695 | /* Reopen the console */ | |
1696 | (void) make_console_stdio(); | |
1697 | ||
1698 | for (j = 1, i = 1; j < (unsigned) argc; j++) | |
1699 | args[i++] = argv[j]; | |
1700 | args[i++] = NULL; | |
1701 | assert(i <= args_size); | |
1702 | ||
1703 | /* Reenable any blocked signals, especially important if we switch from initial ramdisk to init=... */ | |
1704 | (void) reset_all_signal_handlers(); | |
1705 | (void) reset_signal_mask(); | |
1706 | ||
1707 | if (switch_root_init) { | |
1708 | args[0] = switch_root_init; | |
1709 | (void) execv(args[0], (char* const*) args); | |
1710 | log_warning_errno(errno, "Failed to execute configured init, trying fallback: %m"); | |
1711 | } | |
1712 | ||
1713 | args[0] = "/sbin/init"; | |
1714 | (void) execv(args[0], (char* const*) args); | |
1715 | r = -errno; | |
1716 | ||
1717 | manager_status_printf(NULL, STATUS_TYPE_EMERGENCY, | |
1718 | ANSI_HIGHLIGHT_RED " !! " ANSI_NORMAL, | |
1719 | "Failed to execute /sbin/init"); | |
1720 | ||
1721 | if (r == -ENOENT) { | |
1722 | log_warning("No /sbin/init, trying fallback"); | |
1723 | ||
1724 | args[0] = "/bin/sh"; | |
1725 | args[1] = NULL; | |
1726 | (void) execv(args[0], (char* const*) args); | |
1727 | log_error_errno(errno, "Failed to execute /bin/sh, giving up: %m"); | |
1728 | } else | |
1729 | log_warning_errno(r, "Failed to execute /sbin/init, giving up: %m"); | |
1730 | ||
1731 | *ret_error_message = "Failed to execute fallback shell"; | |
1732 | } | |
1733 | ||
7eb35049 LP |
1734 | static int invoke_main_loop( |
1735 | Manager *m, | |
1736 | bool *ret_reexecute, | |
1737 | int *ret_retval, /* Return parameters relevant for shutting down */ | |
1738 | const char **ret_shutdown_verb, /* … */ | |
1739 | FDSet **ret_fds, /* Return parameters for reexecuting */ | |
1740 | char **ret_switch_root_dir, /* … */ | |
1741 | char **ret_switch_root_init, /* … */ | |
1742 | const char **ret_error_message) { | |
1743 | ||
1744 | int r; | |
1745 | ||
1746 | assert(m); | |
1747 | assert(ret_reexecute); | |
1748 | assert(ret_retval); | |
1749 | assert(ret_shutdown_verb); | |
1750 | assert(ret_fds); | |
1751 | assert(ret_switch_root_dir); | |
1752 | assert(ret_switch_root_init); | |
1753 | assert(ret_error_message); | |
1754 | ||
1755 | for (;;) { | |
1756 | r = manager_loop(m); | |
1757 | if (r < 0) { | |
1758 | *ret_error_message = "Failed to run main loop"; | |
1759 | return log_emergency_errno(r, "Failed to run main loop: %m"); | |
1760 | } | |
1761 | ||
1762 | switch (m->exit_code) { | |
1763 | ||
1764 | case MANAGER_RELOAD: | |
1765 | log_info("Reloading."); | |
1766 | ||
1767 | r = parse_config_file(); | |
1768 | if (r < 0) | |
1769 | log_warning_errno(r, "Failed to parse config file, ignoring: %m"); | |
1770 | ||
1771 | set_manager_defaults(m); | |
1772 | ||
1773 | r = manager_reload(m); | |
1774 | if (r < 0) | |
1775 | log_warning_errno(r, "Failed to reload, ignoring: %m"); | |
1776 | ||
1777 | break; | |
1778 | ||
1779 | case MANAGER_REEXECUTE: | |
1780 | ||
1781 | r = prepare_reexecute(m, &arg_serialization, ret_fds, false); | |
1782 | if (r < 0) { | |
1783 | *ret_error_message = "Failed to prepare for reexecution"; | |
1784 | return r; | |
1785 | } | |
1786 | ||
1787 | log_notice("Reexecuting."); | |
1788 | ||
1789 | *ret_reexecute = true; | |
1790 | *ret_retval = EXIT_SUCCESS; | |
1791 | *ret_shutdown_verb = NULL; | |
1792 | *ret_switch_root_dir = *ret_switch_root_init = NULL; | |
1793 | ||
1794 | return 0; | |
1795 | ||
1796 | case MANAGER_SWITCH_ROOT: | |
1797 | if (!m->switch_root_init) { | |
1798 | r = prepare_reexecute(m, &arg_serialization, ret_fds, true); | |
1799 | if (r < 0) { | |
1800 | *ret_error_message = "Failed to prepare for reexecution"; | |
1801 | return r; | |
1802 | } | |
1803 | } else | |
1804 | *ret_fds = NULL; | |
1805 | ||
1806 | log_notice("Switching root."); | |
1807 | ||
1808 | *ret_reexecute = true; | |
1809 | *ret_retval = EXIT_SUCCESS; | |
1810 | *ret_shutdown_verb = NULL; | |
1811 | ||
1812 | /* Steal the switch root parameters */ | |
1813 | *ret_switch_root_dir = m->switch_root; | |
1814 | *ret_switch_root_init = m->switch_root_init; | |
1815 | m->switch_root = m->switch_root_init = NULL; | |
1816 | ||
1817 | return 0; | |
1818 | ||
1819 | case MANAGER_EXIT: | |
1820 | ||
1821 | if (MANAGER_IS_USER(m)) { | |
1822 | log_debug("Exit."); | |
1823 | ||
1824 | *ret_reexecute = false; | |
1825 | *ret_retval = m->return_value; | |
1826 | *ret_shutdown_verb = NULL; | |
1827 | *ret_fds = NULL; | |
1828 | *ret_switch_root_dir = *ret_switch_root_init = NULL; | |
1829 | ||
1830 | return 0; | |
1831 | } | |
1832 | ||
1833 | _fallthrough_; | |
1834 | case MANAGER_REBOOT: | |
1835 | case MANAGER_POWEROFF: | |
1836 | case MANAGER_HALT: | |
1837 | case MANAGER_KEXEC: { | |
1838 | static const char * const table[_MANAGER_EXIT_CODE_MAX] = { | |
1839 | [MANAGER_EXIT] = "exit", | |
1840 | [MANAGER_REBOOT] = "reboot", | |
1841 | [MANAGER_POWEROFF] = "poweroff", | |
1842 | [MANAGER_HALT] = "halt", | |
1843 | [MANAGER_KEXEC] = "kexec" | |
1844 | }; | |
1845 | ||
1846 | log_notice("Shutting down."); | |
1847 | ||
1848 | *ret_reexecute = false; | |
1849 | *ret_retval = m->return_value; | |
1850 | assert_se(*ret_shutdown_verb = table[m->exit_code]); | |
1851 | *ret_fds = NULL; | |
1852 | *ret_switch_root_dir = *ret_switch_root_init = NULL; | |
1853 | ||
1854 | return 0; | |
1855 | } | |
1856 | ||
1857 | default: | |
1858 | assert_not_reached("Unknown exit code."); | |
1859 | } | |
1860 | } | |
1861 | } | |
1862 | ||
31aef7ff LP |
1863 | static void log_execution_mode(bool *ret_first_boot) { |
1864 | assert(ret_first_boot); | |
1865 | ||
1866 | if (arg_system) { | |
1867 | int v; | |
1868 | ||
1869 | log_info(PACKAGE_STRING " running in %ssystem mode. (" SYSTEMD_FEATURES ")", | |
1870 | arg_action == ACTION_TEST ? "test " : "" ); | |
1871 | ||
1872 | v = detect_virtualization(); | |
1873 | if (v > 0) | |
1874 | log_info("Detected virtualization %s.", virtualization_to_string(v)); | |
1875 | ||
1876 | log_info("Detected architecture %s.", architecture_to_string(uname_architecture())); | |
1877 | ||
1878 | if (in_initrd()) { | |
1879 | *ret_first_boot = false; | |
1880 | log_info("Running in initial RAM disk."); | |
1881 | } else { | |
1882 | /* Let's check whether we are in first boot, i.e. whether /etc is still unpopulated. We use | |
1883 | * /etc/machine-id as flag file, for this: if it exists we assume /etc is populated, if it | |
1884 | * doesn't it's unpopulated. This allows container managers and installers to provision a | |
1885 | * couple of files already. If the container manager wants to provision the machine ID itself | |
1886 | * it should pass $container_uuid to PID 1. */ | |
1887 | ||
1888 | *ret_first_boot = access("/etc/machine-id", F_OK) < 0; | |
1889 | if (*ret_first_boot) | |
1890 | log_info("Running with unpopulated /etc."); | |
1891 | } | |
1892 | } else { | |
b9e90f3a LP |
1893 | if (DEBUG_LOGGING) { |
1894 | _cleanup_free_ char *t; | |
31aef7ff | 1895 | |
b9e90f3a LP |
1896 | t = uid_to_name(getuid()); |
1897 | log_debug(PACKAGE_STRING " running in %suser mode for user " UID_FMT "/%s. (" SYSTEMD_FEATURES ")", | |
1898 | arg_action == ACTION_TEST ? " test" : "", getuid(), strna(t)); | |
1899 | } | |
31aef7ff LP |
1900 | |
1901 | *ret_first_boot = false; | |
1902 | } | |
1903 | } | |
1904 | ||
5afbaa36 LP |
1905 | static int initialize_runtime( |
1906 | bool skip_setup, | |
1907 | struct rlimit *saved_rlimit_nofile, | |
1908 | struct rlimit *saved_rlimit_memlock, | |
1909 | const char **ret_error_message) { | |
1910 | ||
1911 | int r; | |
1912 | ||
1913 | assert(ret_error_message); | |
1914 | ||
1915 | /* Sets up various runtime parameters. Many of these initializations are conditionalized: | |
1916 | * | |
1917 | * - Some only apply to --system instances | |
1918 | * - Some only apply to --user instances | |
1919 | * - Some only apply when we first start up, but not when we reexecute | |
1920 | */ | |
1921 | ||
2d776038 LP |
1922 | if (arg_action != ACTION_RUN) |
1923 | return 0; | |
1924 | ||
3c3c6cb9 LP |
1925 | if (arg_system) { |
1926 | /* Make sure we leave a core dump without panicing the kernel. */ | |
1927 | install_crash_handler(); | |
5afbaa36 | 1928 | |
3c3c6cb9 LP |
1929 | if (!skip_setup) { |
1930 | r = mount_cgroup_controllers(arg_join_controllers); | |
1931 | if (r < 0) { | |
1932 | *ret_error_message = "Failed to mount cgroup hierarchies"; | |
1933 | return r; | |
1934 | } | |
1935 | ||
1936 | status_welcome(); | |
1937 | hostname_setup(); | |
1938 | machine_id_setup(NULL, arg_machine_id, NULL); | |
1939 | loopback_setup(); | |
1940 | bump_unix_max_dgram_qlen(); | |
1941 | test_usr(); | |
1942 | write_container_id(); | |
1943 | } | |
8a2c1fbf | 1944 | |
3c3c6cb9 LP |
1945 | if (arg_watchdog_device) { |
1946 | r = watchdog_set_device(arg_watchdog_device); | |
1947 | if (r < 0) | |
1948 | log_warning_errno(r, "Failed to set watchdog device to %s, ignoring: %m", arg_watchdog_device); | |
1949 | } | |
1950 | ||
1951 | if (arg_runtime_watchdog > 0 && arg_runtime_watchdog != USEC_INFINITY) | |
1952 | watchdog_set_timeout(&arg_runtime_watchdog); | |
1953 | } | |
5afbaa36 LP |
1954 | |
1955 | if (arg_timer_slack_nsec != NSEC_INFINITY) | |
1956 | if (prctl(PR_SET_TIMERSLACK, arg_timer_slack_nsec) < 0) | |
3a671cd1 | 1957 | log_warning_errno(errno, "Failed to adjust timer slack, ignoring: %m"); |
5afbaa36 LP |
1958 | |
1959 | if (arg_system && !cap_test_all(arg_capability_bounding_set)) { | |
1960 | r = capability_bounding_set_drop_usermode(arg_capability_bounding_set); | |
1961 | if (r < 0) { | |
1962 | *ret_error_message = "Failed to drop capability bounding set of usermode helpers"; | |
1963 | return log_emergency_errno(r, "Failed to drop capability bounding set of usermode helpers: %m"); | |
1964 | } | |
1965 | ||
1966 | r = capability_bounding_set_drop(arg_capability_bounding_set, true); | |
1967 | if (r < 0) { | |
1968 | *ret_error_message = "Failed to drop capability bounding set"; | |
1969 | return log_emergency_errno(r, "Failed to drop capability bounding set: %m"); | |
1970 | } | |
1971 | } | |
1972 | ||
1973 | if (arg_syscall_archs) { | |
1974 | r = enforce_syscall_archs(arg_syscall_archs); | |
1975 | if (r < 0) { | |
1976 | *ret_error_message = "Failed to set syscall architectures"; | |
1977 | return r; | |
1978 | } | |
1979 | } | |
1980 | ||
1981 | if (!arg_system) | |
1982 | /* Become reaper of our children */ | |
1983 | if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0) | |
1984 | log_warning_errno(errno, "Failed to make us a subreaper: %m"); | |
1985 | ||
1986 | if (arg_system) { | |
1987 | /* Bump up RLIMIT_NOFILE for systemd itself */ | |
1988 | (void) bump_rlimit_nofile(saved_rlimit_nofile); | |
1989 | (void) bump_rlimit_memlock(saved_rlimit_memlock); | |
1990 | } | |
1991 | ||
1992 | return 0; | |
1993 | } | |
1994 | ||
6acca5fc LP |
1995 | static int do_queue_default_job( |
1996 | Manager *m, | |
1997 | const char **ret_error_message) { | |
1998 | ||
1999 | _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; | |
2000 | Job *default_unit_job; | |
2001 | Unit *target = NULL; | |
2002 | int r; | |
2003 | ||
2004 | log_debug("Activating default unit: %s", arg_default_unit); | |
2005 | ||
2006 | r = manager_load_unit(m, arg_default_unit, NULL, &error, &target); | |
2007 | if (r < 0) | |
2008 | log_error("Failed to load default target: %s", bus_error_message(&error, r)); | |
2009 | else if (IN_SET(target->load_state, UNIT_ERROR, UNIT_NOT_FOUND)) | |
2010 | log_error_errno(target->load_error, "Failed to load default target: %m"); | |
2011 | else if (target->load_state == UNIT_MASKED) | |
2012 | log_error("Default target masked."); | |
2013 | ||
2014 | if (!target || target->load_state != UNIT_LOADED) { | |
2015 | log_info("Trying to load rescue target..."); | |
2016 | ||
2017 | r = manager_load_unit(m, SPECIAL_RESCUE_TARGET, NULL, &error, &target); | |
2018 | if (r < 0) { | |
2019 | *ret_error_message = "Failed to load rescue target"; | |
2020 | return log_emergency_errno(r, "Failed to load rescue target: %s", bus_error_message(&error, r)); | |
2021 | } else if (IN_SET(target->load_state, UNIT_ERROR, UNIT_NOT_FOUND)) { | |
2022 | *ret_error_message = "Failed to load rescue target"; | |
2023 | return log_emergency_errno(target->load_error, "Failed to load rescue target: %m"); | |
2024 | } else if (target->load_state == UNIT_MASKED) { | |
2025 | *ret_error_message = "Rescue target masked"; | |
2026 | log_emergency("Rescue target masked."); | |
2027 | return -ERFKILL; | |
2028 | } | |
2029 | } | |
2030 | ||
2031 | assert(target->load_state == UNIT_LOADED); | |
2032 | ||
2033 | r = manager_add_job(m, JOB_START, target, JOB_ISOLATE, &error, &default_unit_job); | |
2034 | if (r == -EPERM) { | |
2035 | log_debug_errno(r, "Default target could not be isolated, starting instead: %s", bus_error_message(&error, r)); | |
2036 | ||
2037 | sd_bus_error_free(&error); | |
2038 | ||
2039 | r = manager_add_job(m, JOB_START, target, JOB_REPLACE, &error, &default_unit_job); | |
2040 | if (r < 0) { | |
2041 | *ret_error_message = "Failed to start default target"; | |
2042 | return log_emergency_errno(r, "Failed to start default target: %s", bus_error_message(&error, r)); | |
2043 | } | |
2044 | ||
2045 | } else if (r < 0) { | |
2046 | *ret_error_message = "Failed to isolate default target"; | |
2047 | return log_emergency_errno(r, "Failed to isolate default target: %s", bus_error_message(&error, r)); | |
2048 | } | |
2049 | ||
2050 | m->default_unit_job_id = default_unit_job->id; | |
2051 | ||
2052 | return 0; | |
2053 | } | |
2054 | ||
970777b5 LP |
2055 | static void free_arguments(void) { |
2056 | size_t j; | |
2057 | ||
2058 | /* Frees all arg_* variables, with the exception of arg_serialization */ | |
2059 | ||
2060 | for (j = 0; j < ELEMENTSOF(arg_default_rlimit); j++) | |
2061 | arg_default_rlimit[j] = mfree(arg_default_rlimit[j]); | |
2062 | ||
2063 | arg_default_unit = mfree(arg_default_unit); | |
2064 | arg_confirm_spawn = mfree(arg_confirm_spawn); | |
2065 | arg_join_controllers = strv_free_free(arg_join_controllers); | |
2066 | arg_default_environment = strv_free(arg_default_environment); | |
2067 | arg_syscall_archs = set_free(arg_syscall_archs); | |
2068 | } | |
2069 | ||
97d1fb94 LP |
2070 | static int load_configuration(int argc, char **argv, const char **ret_error_message) { |
2071 | int r; | |
2072 | ||
2073 | assert(ret_error_message); | |
2074 | ||
6f101b56 LP |
2075 | r = initialize_join_controllers(); |
2076 | if (r < 0) { | |
2077 | *ret_error_message = "Failed to initialize cgroup controller joining table"; | |
2078 | return r; | |
2079 | } | |
2080 | ||
97d1fb94 LP |
2081 | arg_default_tasks_max = system_tasks_max_scale(DEFAULT_TASKS_MAX_PERCENTAGE, 100U); |
2082 | ||
2083 | r = parse_config_file(); | |
2084 | if (r < 0) { | |
2085 | *ret_error_message = "Failed to parse config file"; | |
2086 | return r; | |
2087 | } | |
2088 | ||
2089 | if (arg_system) { | |
2090 | r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, 0); | |
2091 | if (r < 0) | |
2092 | log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m"); | |
2093 | } | |
2094 | ||
2095 | /* Note that this also parses bits from the kernel command line, including "debug". */ | |
2096 | log_parse_environment(); | |
2097 | ||
2098 | r = parse_argv(argc, argv); | |
2099 | if (r < 0) { | |
2100 | *ret_error_message = "Failed to parse commandline arguments"; | |
2101 | return r; | |
2102 | } | |
2103 | ||
2104 | /* Initialize default unit */ | |
2105 | if (!arg_default_unit) { | |
2106 | arg_default_unit = strdup(SPECIAL_DEFAULT_TARGET); | |
2107 | if (!arg_default_unit) { | |
2108 | *ret_error_message = "Failed to set default unit"; | |
2109 | return log_oom(); | |
2110 | } | |
2111 | } | |
2112 | ||
db33214b LP |
2113 | /* Initialize the show status setting if it hasn't been set explicitly yet */ |
2114 | if (arg_show_status == _SHOW_STATUS_UNSET) | |
2115 | arg_show_status = SHOW_STATUS_YES; | |
2116 | ||
97d1fb94 LP |
2117 | return 0; |
2118 | } | |
2119 | ||
b0d7c989 LP |
2120 | static int safety_checks(void) { |
2121 | ||
febf46a4 LP |
2122 | if (getpid_cached() == 1 && |
2123 | arg_action != ACTION_RUN) { | |
2124 | log_error("Unsupported execution mode while PID 1."); | |
2125 | return -EPERM; | |
2126 | } | |
2127 | ||
2128 | if (getpid_cached() == 1 && | |
2129 | !arg_system) { | |
2130 | log_error("Can't run --user mode as PID 1."); | |
2131 | return -EPERM; | |
2132 | } | |
2133 | ||
2134 | if (arg_action == ACTION_RUN && | |
2135 | arg_system && | |
2136 | getpid_cached() != 1) { | |
2137 | log_error("Can't run system mode unless PID 1."); | |
2138 | return -EPERM; | |
2139 | } | |
2140 | ||
b0d7c989 LP |
2141 | if (arg_action == ACTION_TEST && |
2142 | geteuid() == 0) { | |
2143 | log_error("Don't run test mode as root."); | |
2144 | return -EPERM; | |
2145 | } | |
2146 | ||
2147 | if (!arg_system && | |
2148 | arg_action == ACTION_RUN && | |
2149 | sd_booted() <= 0) { | |
2150 | log_error("Trying to run as user instance, but the system has not been booted with systemd."); | |
2151 | return -EOPNOTSUPP; | |
2152 | } | |
2153 | ||
2154 | if (!arg_system && | |
2155 | arg_action == ACTION_RUN && | |
2156 | !getenv("XDG_RUNTIME_DIR")) { | |
2157 | log_error("Trying to run as user instance, but $XDG_RUNTIME_DIR is not set."); | |
2158 | return -EUNATCH; | |
2159 | } | |
2160 | ||
2161 | if (arg_system && | |
2162 | arg_action == ACTION_RUN && | |
2163 | running_in_chroot() > 0) { | |
2164 | log_error("Cannot be run in a chroot() environment."); | |
2165 | return -EOPNOTSUPP; | |
2166 | } | |
2167 | ||
2168 | return 0; | |
2169 | } | |
2170 | ||
74da609f LP |
2171 | static int initialize_security( |
2172 | bool *loaded_policy, | |
2173 | dual_timestamp *security_start_timestamp, | |
2174 | dual_timestamp *security_finish_timestamp, | |
2175 | const char **ret_error_message) { | |
2176 | ||
2177 | int r; | |
2178 | ||
2179 | assert(loaded_policy); | |
2180 | assert(security_start_timestamp); | |
2181 | assert(security_finish_timestamp); | |
2182 | assert(ret_error_message); | |
2183 | ||
2184 | dual_timestamp_get(security_start_timestamp); | |
2185 | ||
97149f40 | 2186 | r = mac_selinux_setup(loaded_policy); |
74da609f LP |
2187 | if (r < 0) { |
2188 | *ret_error_message = "Failed to load SELinux policy"; | |
2189 | return r; | |
2190 | } | |
2191 | ||
2192 | r = mac_smack_setup(loaded_policy); | |
2193 | if (r < 0) { | |
2194 | *ret_error_message = "Failed to load SMACK policy"; | |
2195 | return r; | |
2196 | } | |
2197 | ||
2198 | r = ima_setup(); | |
2199 | if (r < 0) { | |
2200 | *ret_error_message = "Failed to load IMA policy"; | |
2201 | return r; | |
2202 | } | |
2203 | ||
2204 | dual_timestamp_get(security_finish_timestamp); | |
2205 | return 0; | |
2206 | } | |
2207 | ||
263162da LP |
2208 | static void test_summary(Manager *m) { |
2209 | assert(m); | |
2210 | ||
2211 | printf("-> By units:\n"); | |
2212 | manager_dump_units(m, stdout, "\t"); | |
2213 | ||
2214 | printf("-> By jobs:\n"); | |
2215 | manager_dump_jobs(m, stdout, "\t"); | |
2216 | } | |
2217 | ||
51e5ff02 LP |
2218 | static void log_taint_string(Manager *m) { |
2219 | _cleanup_free_ char *taint = NULL; | |
2220 | ||
2221 | assert(m); | |
2222 | ||
2223 | if (!arg_system) | |
2224 | return; | |
2225 | ||
2226 | taint = manager_taint_string(m); | |
2227 | if (isempty(taint)) | |
2228 | return; | |
2229 | ||
2230 | log_struct(LOG_NOTICE, | |
2231 | LOG_MESSAGE("System is tainted: %s", taint), | |
2232 | "TAINT=%s", taint, | |
2233 | "MESSAGE_ID=" SD_MESSAGE_TAINTED_STR, | |
2234 | NULL); | |
2235 | } | |
2236 | ||
efeb853f LP |
2237 | static int collect_fds(FDSet **ret_fds, const char **ret_error_message) { |
2238 | int r; | |
2239 | ||
2240 | assert(ret_fds); | |
2241 | assert(ret_error_message); | |
2242 | ||
2243 | r = fdset_new_fill(ret_fds); | |
2244 | if (r < 0) { | |
2245 | *ret_error_message = "Failed to allocate fd set"; | |
2246 | return log_emergency_errno(r, "Failed to allocate fd set: %m"); | |
2247 | } | |
2248 | ||
2249 | fdset_cloexec(*ret_fds, true); | |
2250 | ||
2251 | if (arg_serialization) | |
2252 | assert_se(fdset_remove(*ret_fds, fileno(arg_serialization)) >= 0); | |
2253 | ||
2254 | return 0; | |
2255 | } | |
2256 | ||
2e51b31c LP |
2257 | static void setup_console_terminal(bool skip_setup) { |
2258 | ||
2259 | if (!arg_system) | |
2260 | return; | |
2261 | ||
2262 | /* Become a session leader if we aren't one yet. */ | |
2263 | (void) setsid(); | |
2264 | ||
2265 | /* If we are init, we connect stdin/stdout/stderr to /dev/null and make sure we don't have a controlling | |
2266 | * tty. */ | |
2267 | (void) release_terminal(); | |
2268 | ||
2269 | /* Reset the console, but only if this is really init and we are freshly booted */ | |
2270 | if (getpid_cached() == 1 && !skip_setup) | |
2271 | (void) console_setup(); | |
2272 | } | |
2273 | ||
aa40ff07 LP |
2274 | static bool early_skip_setup_check(int argc, char *argv[]) { |
2275 | bool found_deserialize = false; | |
2276 | int i; | |
2277 | ||
2278 | /* Determine if this is a reexecution or normal bootup. We do the full command line parsing much later, so | |
2279 | * let's just have a quick peek here. Note that if we have switched root, do all the special setup things | |
2280 | * anyway, even if in that case we also do deserialization. */ | |
2281 | ||
2282 | for (i = 1; i < argc; i++) { | |
2283 | ||
2284 | if (streq(argv[i], "--switched-root")) | |
2285 | return false; /* If we switched root, don't skip the setup. */ | |
2286 | else if (streq(argv[i], "--deserialize")) | |
2287 | found_deserialize = true; | |
2288 | } | |
2289 | ||
2290 | return found_deserialize; /* When we are deserializing, then we are reexecuting, hence avoid the extensive setup */ | |
2291 | } | |
2292 | ||
60918275 | 2293 | int main(int argc, char *argv[]) { |
625e8690 LP |
2294 | |
2295 | dual_timestamp initrd_timestamp = DUAL_TIMESTAMP_NULL, userspace_timestamp = DUAL_TIMESTAMP_NULL, kernel_timestamp = DUAL_TIMESTAMP_NULL, | |
2296 | security_start_timestamp = DUAL_TIMESTAMP_NULL, security_finish_timestamp = DUAL_TIMESTAMP_NULL; | |
2297 | struct rlimit saved_rlimit_nofile = RLIMIT_MAKE_CONST(0), saved_rlimit_memlock = RLIMIT_MAKE_CONST((rlim_t) -1); | |
2298 | bool skip_setup, loaded_policy = false, queue_default_job = false, first_boot = false, reexecute = false; | |
2299 | char *switch_root_dir = NULL, *switch_root_init = NULL; | |
9d76d730 | 2300 | usec_t before_startup, after_startup; |
625e8690 | 2301 | static char systemd[] = "systemd"; |
9d76d730 | 2302 | char timespan[FORMAT_TIMESPAN_MAX]; |
625e8690 LP |
2303 | const char *shutdown_verb = NULL, *error_message = NULL; |
2304 | int r, retval = EXIT_FAILURE; | |
2305 | Manager *m = NULL; | |
a16e1123 | 2306 | FDSet *fds = NULL; |
27b14a22 | 2307 | |
d72a8f10 | 2308 | /* SysV compatibility: redirect init → telinit */ |
6808a0bc | 2309 | redirect_telinit(argc, argv); |
2cb1a60d | 2310 | |
d72a8f10 | 2311 | /* Take timestamps early on */ |
c3a170f3 HH |
2312 | dual_timestamp_from_monotonic(&kernel_timestamp, 0); |
2313 | dual_timestamp_get(&userspace_timestamp); | |
2314 | ||
d72a8f10 LP |
2315 | /* Figure out whether we need to do initialize the system, or if we already did that because we are |
2316 | * reexecuting */ | |
aa40ff07 | 2317 | skip_setup = early_skip_setup_check(argc, argv); |
d03bc1b8 | 2318 | |
d72a8f10 LP |
2319 | /* If we get started via the /sbin/init symlink then we are called 'init'. After a subsequent reexecution we |
2320 | * are then called 'systemd'. That is confusing, hence let's call us systemd right-away. */ | |
f3b6a3ed | 2321 | program_invocation_short_name = systemd; |
eee8b7ab | 2322 | (void) prctl(PR_SET_NAME, systemd); |
5d6b1584 | 2323 | |
d72a8f10 | 2324 | /* Save the original command line */ |
9a0e6896 LP |
2325 | saved_argv = argv; |
2326 | saved_argc = argc; | |
f3b6a3ed | 2327 | |
c1dc6153 | 2328 | log_set_upgrade_syslog_to_journal(true); |
bbe63281 | 2329 | |
df0ff127 | 2330 | if (getpid_cached() == 1) { |
48a601fe | 2331 | /* Disable the umask logic */ |
90dc8c2e MG |
2332 | umask(0); |
2333 | ||
48a601fe LP |
2334 | /* Always reopen /dev/console when running as PID 1 or one of its pre-execve() children. This is |
2335 | * important so that we never end up logging to any foreign stderr, for example if we have to log in a | |
2336 | * child process right before execve()'ing the actual binary, at a point in time where socket | |
2337 | * activation stderr/stdout area already set up. */ | |
2338 | log_set_always_reopen_console(true); | |
2339 | } | |
2340 | ||
df0ff127 | 2341 | if (getpid_cached() == 1 && detect_container() <= 0) { |
4f8d551f | 2342 | |
a866073d | 2343 | /* Running outside of a container as PID 1 */ |
463d0d15 | 2344 | arg_system = true; |
a866073d LP |
2345 | log_set_target(LOG_TARGET_KMSG); |
2346 | log_open(); | |
2347 | ||
21bf2ab0 | 2348 | if (in_initrd()) |
c3a170f3 | 2349 | initrd_timestamp = userspace_timestamp; |
c3ba6250 | 2350 | |
2660882b | 2351 | if (!skip_setup) { |
d723cd65 AK |
2352 | r = mount_setup_early(); |
2353 | if (r < 0) { | |
eee8b7ab | 2354 | error_message = "Failed to mount early API filesystems"; |
d723cd65 AK |
2355 | goto finish; |
2356 | } | |
eee8b7ab | 2357 | |
74da609f LP |
2358 | r = initialize_security( |
2359 | &loaded_policy, | |
2360 | &security_start_timestamp, | |
2361 | &security_finish_timestamp, | |
2362 | &error_message); | |
2363 | if (r < 0) | |
96694e99 | 2364 | goto finish; |
81611586 | 2365 | } |
0b3325e7 | 2366 | |
c3dacc8b | 2367 | if (mac_selinux_init() < 0) { |
cb6531be | 2368 | error_message = "Failed to initialize SELinux policy"; |
0ff4cdd9 | 2369 | goto finish; |
cb6531be | 2370 | } |
7948c4df | 2371 | |
e839bafd LP |
2372 | if (!skip_setup) |
2373 | initialize_clock(); | |
a866073d LP |
2374 | |
2375 | /* Set the default for later on, but don't actually | |
2376 | * open the logs like this for now. Note that if we | |
2377 | * are transitioning from the initrd there might still | |
2378 | * be journal fd open, and we shouldn't attempt | |
2379 | * opening that before we parsed /proc/cmdline which | |
2380 | * might redirect output elsewhere. */ | |
2381 | log_set_target(LOG_TARGET_JOURNAL_OR_KMSG); | |
2382 | ||
df0ff127 | 2383 | } else if (getpid_cached() == 1) { |
a866073d | 2384 | /* Running inside a container, as PID 1 */ |
463d0d15 | 2385 | arg_system = true; |
a866073d | 2386 | log_set_target(LOG_TARGET_CONSOLE); |
99f09825 | 2387 | log_close_console(); /* force reopen of /dev/console */ |
a866073d LP |
2388 | log_open(); |
2389 | ||
eee8b7ab | 2390 | /* For later on, see above... */ |
a866073d LP |
2391 | log_set_target(LOG_TARGET_JOURNAL); |
2392 | ||
c3a170f3 HH |
2393 | /* clear the kernel timestamp, |
2394 | * because we are in a container */ | |
0f5f63c3 | 2395 | kernel_timestamp = DUAL_TIMESTAMP_NULL; |
c3a170f3 | 2396 | } else { |
a866073d | 2397 | /* Running as user instance */ |
463d0d15 | 2398 | arg_system = false; |
eeecf6e6 | 2399 | log_set_target(LOG_TARGET_AUTO); |
871e5809 | 2400 | log_open(); |
c3a170f3 HH |
2401 | |
2402 | /* clear the kernel timestamp, | |
2403 | * because we are not PID 1 */ | |
6513d561 | 2404 | kernel_timestamp = DUAL_TIMESTAMP_NULL; |
bbe63281 | 2405 | } |
a5dab5ce | 2406 | |
1e41242e | 2407 | initialize_coredump(skip_setup); |
15a90032 | 2408 | |
43db615b LP |
2409 | r = fixup_environment(); |
2410 | if (r < 0) { | |
2411 | log_emergency_errno(r, "Failed to fix up PID 1 environment: %m"); | |
2412 | error_message = "Failed to fix up PID1 environment"; | |
2413 | goto finish; | |
2414 | } | |
2415 | ||
6edefe0b | 2416 | if (arg_system) { |
32391275 | 2417 | |
3a18b604 FB |
2418 | /* Try to figure out if we can use colors with the console. No |
2419 | * need to do that for user instances since they never log | |
2420 | * into the console. */ | |
2421 | log_show_color(colors_enabled()); | |
c76cf844 AK |
2422 | r = make_null_stdio(); |
2423 | if (r < 0) | |
2424 | log_warning_errno(r, "Failed to redirect standard streams to /dev/null: %m"); | |
3a18b604 FB |
2425 | } |
2426 | ||
f170852a LP |
2427 | /* Mount /proc, /sys and friends, so that /proc/cmdline and |
2428 | * /proc/$PID/fd is available. */ | |
df0ff127 | 2429 | if (getpid_cached() == 1) { |
f84f9974 | 2430 | |
a132bef0 | 2431 | /* Load the kernel modules early. */ |
2e75e2a8 DM |
2432 | if (!skip_setup) |
2433 | kmod_setup(); | |
2e75e2a8 | 2434 | |
0c85a4f3 | 2435 | r = mount_setup(loaded_policy); |
cb6531be ZJS |
2436 | if (r < 0) { |
2437 | error_message = "Failed to mount API filesystems"; | |
8efe3c01 | 2438 | goto finish; |
cb6531be | 2439 | } |
0c85a4f3 | 2440 | } |
4ade7963 LP |
2441 | |
2442 | /* Reset all signal handlers. */ | |
ce30c8dc LP |
2443 | (void) reset_all_signal_handlers(); |
2444 | (void) ignore_signals(SIGNALS_IGNORE, -1); | |
078e4539 | 2445 | |
97d1fb94 LP |
2446 | r = load_configuration(argc, argv, &error_message); |
2447 | if (r < 0) | |
f170852a | 2448 | goto finish; |
10c961b9 | 2449 | |
b0d7c989 LP |
2450 | r = safety_checks(); |
2451 | if (r < 0) | |
fe783b03 | 2452 | goto finish; |
fe783b03 | 2453 | |
5625c18a | 2454 | if (IN_SET(arg_action, ACTION_TEST, ACTION_HELP, ACTION_DUMP_CONFIGURATION_ITEMS)) |
ea4b98e6 | 2455 | pager_open(arg_no_pager, false); |
b0d7c989 LP |
2456 | |
2457 | if (arg_action != ACTION_RUN) | |
74e7579c | 2458 | skip_setup = true; |
b87c2aa6 | 2459 | |
fa0f4d8a | 2460 | if (arg_action == ACTION_HELP) { |
f170852a LP |
2461 | retval = help(); |
2462 | goto finish; | |
9ba0bc4e ZJS |
2463 | } else if (arg_action == ACTION_VERSION) { |
2464 | retval = version(); | |
2465 | goto finish; | |
fa0f4d8a | 2466 | } else if (arg_action == ACTION_DUMP_CONFIGURATION_ITEMS) { |
e537352b | 2467 | unit_dump_config_items(stdout); |
22f4096c | 2468 | retval = EXIT_SUCCESS; |
e537352b | 2469 | goto finish; |
f170852a LP |
2470 | } |
2471 | ||
4c701096 | 2472 | assert_se(IN_SET(arg_action, ACTION_RUN, ACTION_TEST)); |
f170852a | 2473 | |
5a2e0c62 LP |
2474 | /* Move out of the way, so that we won't block unmounts */ |
2475 | assert_se(chdir("/") == 0); | |
2476 | ||
dea374e8 | 2477 | if (arg_action == ACTION_RUN) { |
a70c72a0 | 2478 | |
efeb853f | 2479 | /* Close logging fds, in order not to confuse collecting passed fds and terminal logic below */ |
a70c72a0 LP |
2480 | log_close(); |
2481 | ||
2482 | /* Remember open file descriptors for later deserialization */ | |
efeb853f LP |
2483 | r = collect_fds(&fds, &error_message); |
2484 | if (r < 0) | |
dea374e8 | 2485 | goto finish; |
a16e1123 | 2486 | |
2e51b31c LP |
2487 | /* Give up any control of the console, but make sure its initialized. */ |
2488 | setup_console_terminal(skip_setup); | |
56d96fc0 | 2489 | |
a70c72a0 LP |
2490 | /* Open the logging devices, if possible and necessary */ |
2491 | log_open(); | |
56d96fc0 | 2492 | } |
4ade7963 | 2493 | |
31aef7ff | 2494 | log_execution_mode(&first_boot); |
a5dab5ce | 2495 | |
2d776038 LP |
2496 | r = initialize_runtime(skip_setup, |
2497 | &saved_rlimit_nofile, | |
2498 | &saved_rlimit_memlock, | |
2499 | &error_message); | |
2500 | if (r < 0) | |
2501 | goto finish; | |
4096d6f5 | 2502 | |
e0a3da1f ZJS |
2503 | r = manager_new(arg_system ? UNIT_FILE_SYSTEM : UNIT_FILE_USER, |
2504 | arg_action == ACTION_TEST ? MANAGER_TEST_FULL : 0, | |
2505 | &m); | |
e96d6be7 | 2506 | if (r < 0) { |
da927ba9 | 2507 | log_emergency_errno(r, "Failed to allocate manager object: %m"); |
cb6531be | 2508 | error_message = "Failed to allocate manager object"; |
60918275 LP |
2509 | goto finish; |
2510 | } | |
2511 | ||
9f9f0342 LP |
2512 | m->timestamps[MANAGER_TIMESTAMP_KERNEL] = kernel_timestamp; |
2513 | m->timestamps[MANAGER_TIMESTAMP_INITRD] = initrd_timestamp; | |
2514 | m->timestamps[MANAGER_TIMESTAMP_USERSPACE] = userspace_timestamp; | |
2515 | m->timestamps[MANAGER_TIMESTAMP_SECURITY_START] = security_start_timestamp; | |
2516 | m->timestamps[MANAGER_TIMESTAMP_SECURITY_FINISH] = security_finish_timestamp; | |
9e58ff9c | 2517 | |
85cb4151 | 2518 | set_manager_defaults(m); |
7b46fc6a | 2519 | set_manager_settings(m); |
fd130612 | 2520 | manager_set_first_boot(m, first_boot); |
27d340c7 | 2521 | |
bf4df7c3 | 2522 | /* Remember whether we should queue the default job */ |
d3b1c508 | 2523 | queue_default_job = !arg_serialization || arg_switched_root; |
bf4df7c3 | 2524 | |
9d76d730 LP |
2525 | before_startup = now(CLOCK_MONOTONIC); |
2526 | ||
d3b1c508 | 2527 | r = manager_startup(m, arg_serialization, fds); |
58f88d92 | 2528 | if (r < 0) { |
da927ba9 | 2529 | log_error_errno(r, "Failed to fully start up daemon: %m"); |
cefb3eda | 2530 | error_message = "Failed to start up manager"; |
58f88d92 ZJS |
2531 | goto finish; |
2532 | } | |
a16e1123 | 2533 | |
6acca5fc | 2534 | /* This will close all file descriptors that were opened, but not claimed by any unit. */ |
2feceb5e | 2535 | fds = fdset_free(fds); |
74ca738f | 2536 | arg_serialization = safe_fclose(arg_serialization); |
bf4df7c3 LP |
2537 | |
2538 | if (queue_default_job) { | |
6acca5fc | 2539 | r = do_queue_default_job(m, &error_message); |
718db961 | 2540 | if (r < 0) |
37d88da7 | 2541 | goto finish; |
6acca5fc | 2542 | } |
ab17a050 | 2543 | |
6acca5fc | 2544 | after_startup = now(CLOCK_MONOTONIC); |
60918275 | 2545 | |
6acca5fc LP |
2546 | log_full(arg_action == ACTION_TEST ? LOG_INFO : LOG_DEBUG, |
2547 | "Loaded units and determined initial transaction in %s.", | |
2548 | format_timespan(timespan, sizeof(timespan), after_startup - before_startup, 100 * USEC_PER_MSEC)); | |
07672f49 | 2549 | |
51e5ff02 | 2550 | log_taint_string(m); |
af6b0ecc | 2551 | |
6acca5fc | 2552 | if (arg_action == ACTION_TEST) { |
263162da | 2553 | test_summary(m); |
6acca5fc LP |
2554 | retval = EXIT_SUCCESS; |
2555 | goto finish; | |
e965d56d | 2556 | } |
d46de8a1 | 2557 | |
3046b6db LP |
2558 | (void) invoke_main_loop(m, |
2559 | &reexecute, | |
2560 | &retval, | |
2561 | &shutdown_verb, | |
2562 | &fds, | |
2563 | &switch_root_dir, | |
2564 | &switch_root_init, | |
2565 | &error_message); | |
f170852a | 2566 | |
60918275 | 2567 | finish: |
b87c2aa6 ZJS |
2568 | pager_close(); |
2569 | ||
97792515 | 2570 | if (m) |
81f5fc2d | 2571 | arg_shutdown_watchdog = m->shutdown_watchdog; |
fe382237 | 2572 | |
06d8d842 | 2573 | m = manager_free(m); |
60918275 | 2574 | |
970777b5 | 2575 | free_arguments(); |
cc56fafe | 2576 | mac_selinux_finish(); |
b2bb3dbe | 2577 | |
3c7878f9 LP |
2578 | if (reexecute) |
2579 | do_reexecute(argc, argv, | |
2580 | &saved_rlimit_nofile, | |
2581 | &saved_rlimit_memlock, | |
2582 | fds, | |
2583 | switch_root_dir, | |
2584 | switch_root_init, | |
2585 | &error_message); /* This only returns if reexecution failed */ | |
a16e1123 | 2586 | |
74ca738f | 2587 | arg_serialization = safe_fclose(arg_serialization); |
2feceb5e | 2588 | fds = fdset_free(fds); |
a16e1123 | 2589 | |
349cc4a5 | 2590 | #if HAVE_VALGRIND_VALGRIND_H |
54b434b1 LP |
2591 | /* If we are PID 1 and running under valgrind, then let's exit |
2592 | * here explicitly. valgrind will only generate nice output on | |
2593 | * exit(), not on exec(), hence let's do the former not the | |
2594 | * latter here. */ | |
8a2c1fbf EJ |
2595 | if (getpid_cached() == 1 && RUNNING_ON_VALGRIND) { |
2596 | /* Cleanup watchdog_device strings for valgrind. We need them | |
2597 | * in become_shutdown() so normally we cannot free them yet. */ | |
2598 | watchdog_free_device(); | |
2599 | arg_watchdog_device = mfree(arg_watchdog_device); | |
54b434b1 | 2600 | return 0; |
8a2c1fbf | 2601 | } |
54b434b1 LP |
2602 | #endif |
2603 | ||
b9080b03 | 2604 | if (shutdown_verb) { |
7eb35049 | 2605 | r = become_shutdown(shutdown_verb, retval); |
ad929bcc | 2606 | |
4a36297c | 2607 | log_error_errno(r, "Failed to execute shutdown binary, %s: %m", getpid_cached() == 1 ? "freezing" : "quitting"); |
9b9881d7 | 2608 | error_message = "Failed to execute shutdown binary"; |
b9080b03 FF |
2609 | } |
2610 | ||
8a2c1fbf EJ |
2611 | watchdog_free_device(); |
2612 | arg_watchdog_device = mfree(arg_watchdog_device); | |
2613 | ||
df0ff127 | 2614 | if (getpid_cached() == 1) { |
cb6531be ZJS |
2615 | if (error_message) |
2616 | manager_status_printf(NULL, STATUS_TYPE_EMERGENCY, | |
1fc464f6 | 2617 | ANSI_HIGHLIGHT_RED "!!!!!!" ANSI_NORMAL, |
cb6531be | 2618 | "%s, freezing.", error_message); |
b9e74c39 | 2619 | freeze_or_reboot(); |
cb6531be | 2620 | } |
c3b3c274 | 2621 | |
60918275 LP |
2622 | return retval; |
2623 | } |