]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/main.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
manager: rework manager_clean_environment()
[thirdparty/systemd.git] / src / core / main.c
CommitLineData
53e1b683 1/* SPDX-License-Identifier: LGPL-2.1+ */
a7334b09
LP		 2/***
3 This file is part of systemd.
4
5 Copyright 2010 Lennart Poettering
6
7 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 10 (at your option) any later version.
11
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 15 Lesser General Public License for more details.
a7334b09 16
5430f7f2 17 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
19***/
20
60918275 21#include <errno.h>
3dfc9763 22#include <fcntl.h>
f170852a 23#include <getopt.h>
97c4f35c 24#include <signal.h>
3dfc9763
LP		 25#include <stdio.h>
26#include <string.h>
664f88a7 27#include <sys/mount.h>
3dfc9763 28#include <sys/prctl.h>
b9e74c39 29#include <sys/reboot.h>
3dfc9763
LP		 30#include <sys/stat.h>
31#include <unistd.h>
349cc4a5 32#if HAVE_SECCOMP
b64a3d86
LP		 33#include <seccomp.h>
34#endif
349cc4a5 35#if HAVE_VALGRIND_VALGRIND_H
3dfc9763
LP		 36#include <valgrind/valgrind.h>
37#endif
54b434b1 38
718db961 39#include "sd-bus.h"
cf0fbc49 40#include "sd-daemon.h"
b2e7486c 41#include "sd-messages.h"
3dfc9763 42
b5efdb8a 43#include "alloc-util.h"
d9d93745 44#include "architecture.h"
3dfc9763
LP		 45#include "build.h"
46#include "bus-error.h"
47#include "bus-util.h"
430f0182 48#include "capability-util.h"
24efb112 49#include "clock-util.h"
3dfc9763 50#include "conf-parser.h"
618234a5 51#include "cpu-set-util.h"
3dfc9763
LP		 52#include "dbus-manager.h"
53#include "def.h"
eee8b7ab 54#include "emergency-action.h"
3dfc9763 55#include "env-util.h"
3ffd4af2 56#include "fd-util.h"
3dfc9763 57#include "fdset.h"
718db961 58#include "fileio.h"
f97b34a6 59#include "format-util.h"
f4f15635 60#include "fs-util.h"
3dfc9763
LP		 61#include "hostname-setup.h"
62#include "ima-setup.h"
63#include "killall.h"
64#include "kmod-setup.h"
d7b8eec7 65#include "load-fragment.h"
3dfc9763 66#include "log.h"
b6e66135 67#include "loopback-setup.h"
b6e66135 68#include "machine-id-setup.h"
3dfc9763
LP		 69#include "manager.h"
70#include "missing.h"
71#include "mount-setup.h"
72#include "pager.h"
6bedfcbb 73#include "parse-util.h"
7d5ceb64 74#include "path-util.h"
4e731273 75#include "proc-cmdline.h"
3dfc9763 76#include "process-util.h"
8869a0b4 77#include "raw-clone.h"
78f22b97 78#include "rlimit-util.h"
349cc4a5 79#if HAVE_SECCOMP
83f12b27
FS		 80#include "seccomp-util.h"
81#endif
b6e66135 82#include "selinux-setup.h"
3dfc9763
LP		 83#include "selinux-util.h"
84#include "signal-util.h"
ffbd2c4d 85#include "smack-setup.h"
3dfc9763 86#include "special.h"
8fcde012 87#include "stat-util.h"
15a5e950 88#include "stdio-util.h"
3dfc9763
LP		 89#include "strv.h"
90#include "switch-root.h"
91#include "terminal-util.h"
8612da97 92#include "umask-util.h"
b1d4f8e1 93#include "user-util.h"
9ce17593 94#include "util.h"
3dfc9763
LP		 95#include "virt.h"
96#include "watchdog.h"
b6e66135 97
f170852a
LP		 98static enum {
99 ACTION_RUN,
e965d56d 100 ACTION_HELP,
9ba0bc4e 101 ACTION_VERSION,
e537352b 102 ACTION_TEST,
494294d6 103 ACTION_DUMP_CONFIGURATION_ITEMS
fa0f4d8a 104} arg_action = ACTION_RUN;
fa0f4d8a 105static char *arg_default_unit = NULL;
463d0d15 106static bool arg_system = false;
fa0f4d8a 107static bool arg_dump_core = true;
fa0f4d8a 108static int arg_crash_chvt = -1;
b9e74c39
LP		 109static bool arg_crash_shell = false;
110static bool arg_crash_reboot = false;
7d5ceb64 111static char *arg_confirm_spawn = NULL;
b6e2f329 112static ShowStatus arg_show_status = _SHOW_STATUS_UNSET;
bf4df7c3 113static bool arg_switched_root = false;
ea4b98e6 114static bool arg_no_pager = false;
0c85a4f3 115static char ***arg_join_controllers = NULL;
706343f4 116static ExecOutput arg_default_std_output = EXEC_OUTPUT_JOURNAL;
0a494f1f 117static ExecOutput arg_default_std_error = EXEC_OUTPUT_INHERIT;
1f19a534
OS		 118static usec_t arg_default_restart_usec = DEFAULT_RESTART_USEC;
119static usec_t arg_default_timeout_start_usec = DEFAULT_TIMEOUT_USEC;
120static usec_t arg_default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC;
3f41e1e5
LN		 121static usec_t arg_default_start_limit_interval = DEFAULT_START_LIMIT_INTERVAL;
122static unsigned arg_default_start_limit_burst = DEFAULT_START_LIMIT_BURST;
e96d6be7
LP		 123static usec_t arg_runtime_watchdog = 0;
124static usec_t arg_shutdown_watchdog = 10 * USEC_PER_MINUTE;
8a2c1fbf 125static char *arg_watchdog_device = NULL;
97d0e5f8 126static char **arg_default_environment = NULL;
517d56b1 127static struct rlimit *arg_default_rlimit[_RLIMIT_MAX] = {};
a103496c 128static uint64_t arg_capability_bounding_set = CAP_ALL;
3a43da28 129static nsec_t arg_timer_slack_nsec = NSEC_INFINITY;
bd8f585b 130static usec_t arg_default_timer_accuracy_usec = 1 * USEC_PER_MINUTE;
d3b1c508
LP		 131static Set* arg_syscall_archs = NULL;
132static FILE* arg_serialization = NULL;
085afe36 133static bool arg_default_cpu_accounting = false;
13c31542 134static bool arg_default_io_accounting = false;
377bfd2d 135static bool arg_default_ip_accounting = false;
085afe36
LP		 136static bool arg_default_blockio_accounting = false;
137static bool arg_default_memory_accounting = false;
9ded9cd1 138static bool arg_default_tasks_accounting = true;
79baeeb9 139static uint64_t arg_default_tasks_max = UINT64_MAX;
ee48dbd5 140static sd_id128_t arg_machine_id = {};
ae8c7939 141static EmergencyAction arg_cad_burst_action = EMERGENCY_ACTION_REBOOT_FORCE;
4fc935ca 142
b9e74c39
LP		 143noreturn static void freeze_or_reboot(void) {
144
145 if (arg_crash_reboot) {
146 log_notice("Rebooting in 10s...");
147 (void) sleep(10);
148
149 log_notice("Rebooting now...");
150 (void) reboot(RB_AUTOBOOT);
151 log_emergency_errno(errno, "Failed to reboot: %m");
152 }
153
154 log_emergency("Freezing execution.");
155 freeze();
156}
157
919ce0b7 158noreturn static void crash(int sig) {
7d06dad9
MS		 159 struct sigaction sa;
160 pid_t pid;
97c4f35c 161
df0ff127 162 if (getpid_cached() != 1)
abb26902 163 /* Pass this on immediately, if this is not PID 1 */
92ca4cac 164 (void) raise(sig);
abb26902 165 else if (!arg_dump_core)
4104970e 166 log_emergency("Caught <%s>, not dumping core.", signal_to_string(sig));
97c4f35c 167 else {
7d06dad9 168 sa = (struct sigaction) {
189d5bac 169 .sa_handler = nop_signal_handler,
b92bea5d
ZJS		 170 .sa_flags = SA_NOCLDSTOP|SA_RESTART,
171 };
97c4f35c 172
6f5e3f35 173 /* We want to wait for the core process, hence let's enable SIGCHLD */
92ca4cac 174 (void) sigaction(SIGCHLD, &sa, NULL);
6f5e3f35 175
8869a0b4 176 pid = raw_clone(SIGCHLD);
e62d8c39 177 if (pid < 0)
56f64d95 178 log_emergency_errno(errno, "Caught <%s>, cannot fork for core dump: %m", signal_to_string(sig));
97c4f35c 179 else if (pid == 0) {
97c4f35c 180 /* Enable default signal handler for core dump */
15a90032 181
92ca4cac
LP		 182 sa = (struct sigaction) {
183 .sa_handler = SIG_DFL,
184 };
185 (void) sigaction(sig, &sa, NULL);
97c4f35c 186
15a90032
LP		 187 /* Don't limit the coredump size */
188 (void) setrlimit(RLIMIT_CORE, &RLIMIT_MAKE_CONST(RLIM_INFINITY));
97c4f35c
LP		 189
190 /* Just to be sure... */
e62d9b81 191 (void) chdir("/");
97c4f35c
LP		 192
193 /* Raise the signal again */
ee05e779 194 pid = raw_getpid();
92ca4cac 195 (void) kill(pid, sig); /* raise() would kill the parent */
97c4f35c
LP		 196
197 assert_not_reached("We shouldn't be here...");
92ca4cac 198 _exit(EXIT_FAILURE);
4fc935ca 199 } else {
8e12a6ae
LP		 200 siginfo_t status;
201 int r;
4fc935ca
LP		 202
203 /* Order things nicely. */
e62d8c39
ZJS		 204 r = wait_for_terminate(pid, &status);
205 if (r < 0)
da927ba9 206 log_emergency_errno(r, "Caught <%s>, waitpid() failed: %m", signal_to_string(sig));
8e12a6ae 207 else if (status.si_code != CLD_DUMPED)
ee05e779
ZJS		 208 log_emergency("Caught <%s>, core dump failed (child "PID_FMT", code=%s, status=%i/%s).",
209 signal_to_string(sig),
210 pid, sigchld_code_to_string(status.si_code),
211 status.si_status,
212 strna(status.si_code == CLD_EXITED
38107f5a 213 ? exit_status_to_string(status.si_status, EXIT_STATUS_MINIMAL)
ee05e779 214 : signal_to_string(status.si_status)));
4fc935ca 215 else
4104970e 216 log_emergency("Caught <%s>, dumped core as pid "PID_FMT".", signal_to_string(sig), pid);
97c4f35c
LP		 217 }
218 }
219
b9e74c39 220 if (arg_crash_chvt >= 0)
92ca4cac 221 (void) chvt(arg_crash_chvt);
601f6a1e 222
7d06dad9
MS		 223 sa = (struct sigaction) {
224 .sa_handler = SIG_IGN,
225 .sa_flags = SA_NOCLDSTOP|SA_NOCLDWAIT|SA_RESTART,
226 };
227
228 /* Let the kernel reap children for us */
229 (void) sigaction(SIGCHLD, &sa, NULL);
8c43883a 230
7d06dad9 231 if (arg_crash_shell) {
b9e74c39 232 log_notice("Executing crash shell in 10s...");
92ca4cac 233 (void) sleep(10);
4fc935ca 234
8869a0b4 235 pid = raw_clone(SIGCHLD);
cd3bd60a 236 if (pid < 0)
56f64d95 237 log_emergency_errno(errno, "Failed to fork off crash shell: %m");
6f5e3f35 238 else if (pid == 0) {
b9e74c39 239 (void) setsid();
92ca4cac
LP		 240 (void) make_console_stdio();
241 (void) execle("/bin/sh", "/bin/sh", NULL, environ);
6f5e3f35 242
ee05e779 243 log_emergency_errno(errno, "execle() failed: %m");
92ca4cac 244 _exit(EXIT_FAILURE);
b9e74c39
LP		 245 } else {
246 log_info("Spawned crash shell as PID "PID_FMT".", pid);
4cf0b03b 247 (void) wait_for_terminate(pid, NULL);
b9e74c39 248 }
4fc935ca
LP		 249 }
250
b9e74c39 251 freeze_or_reboot();
97c4f35c
LP		 252}
253
254static void install_crash_handler(void) {
297d563d 255 static const struct sigaction sa = {
b92bea5d 256 .sa_handler = crash,
297d563d 257 .sa_flags = SA_NODEFER, /* So that we can raise the signal again from the signal handler */
b92bea5d 258 };
297d563d 259 int r;
97c4f35c 260
297d563d
LP		 261 /* We ignore the return value here, since, we don't mind if we
262 * cannot set up a crash handler */
263 r = sigaction_many(&sa, SIGNALS_CRASH_HANDLER, -1);
264 if (r < 0)
265 log_debug_errno(r, "I had trouble setting up the crash handler, ignoring: %m");
97c4f35c 266}
f170852a 267
56d96fc0
LP		 268static int console_setup(void) {
269 _cleanup_close_ int tty_fd = -1;
270 int r;
80876c20 271
512947d4 272 tty_fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
23bbb0de
MS		 273 if (tty_fd < 0)
274 return log_error_errno(tty_fd, "Failed to open /dev/console: %m");
80876c20 275
56d96fc0
LP		 276 /* We don't want to force text mode. plymouth may be showing
277 * pictures already from initrd. */
512947d4 278 r = reset_terminal_fd(tty_fd, false);
23bbb0de
MS		 279 if (r < 0)
280 return log_error_errno(r, "Failed to reset /dev/console: %m");
843d2643 281
56d96fc0 282 return 0;
80876c20
LP		 283}
284
b9e74c39
LP		 285static int parse_crash_chvt(const char *value) {
286 int b;
287
288 if (safe_atoi(value, &arg_crash_chvt) >= 0)
289 return 0;
290
291 b = parse_boolean(value);
292 if (b < 0)
293 return b;
294
295 if (b > 0)
296 arg_crash_chvt = 0; /* switch to where kmsg goes */
297 else
298 arg_crash_chvt = -1; /* turn off switching */
299
300 return 0;
301}
302
7d5ceb64
FB		 303static int parse_confirm_spawn(const char *value, char **console) {
304 char *s;
305 int r;
306
307 r = value ? parse_boolean(value) : 1;
308 if (r == 0) {
309 *console = NULL;
310 return 0;
311 }
312
313 if (r > 0) /* on with default tty */
314 s = strdup("/dev/console");
315 else if (is_path(value)) /* on with fully qualified path */
316 s = strdup(value);
317 else /* on with only a tty file name, not a fully qualified path */
318 s = strjoin("/dev/", value);
319 if (!s)
320 return -ENOMEM;
321 *console = s;
322 return 0;
323}
324
ee48dbd5 325static int set_machine_id(const char *m) {
e042eab7 326 sd_id128_t t;
8b26cdbd 327 assert(m);
ee48dbd5 328
e042eab7 329 if (sd_id128_from_string(m, &t) < 0)
ee48dbd5
NC		 330 return -EINVAL;
331
e042eab7 332 if (sd_id128_is_null(t))
ee48dbd5
NC		 333 return -EINVAL;
334
e042eab7 335 arg_machine_id = t;
ee48dbd5
NC		 336 return 0;
337}
338
96287a49 339static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
f170852a 340
059cb385 341 int r;
f170852a 342
059cb385 343 assert(key);
5192bd19 344
1d84ad94 345 if (STR_IN_SET(key, "systemd.unit", "rd.systemd.unit")) {
bf4df7c3 346
1d84ad94
LP		 347 if (proc_cmdline_value_missing(key, value))
348 return 0;
bf4df7c3 349
1d84ad94
LP		 350 if (!unit_name_is_valid(value, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE))
351 log_warning("Unit name specified on %s= is not valid, ignoring: %s", key, value);
352 else if (in_initrd() == !!startswith(key, "rd.")) {
353 if (free_and_strdup(&arg_default_unit, value) < 0)
354 return log_oom();
355 }
f170852a 356
1d84ad94 357 } else if (proc_cmdline_key_streq(key, "systemd.dump_core")) {
4fc935ca 358
1d84ad94 359 r = value ? parse_boolean(value) : true;
fb472900 360 if (r < 0)
059cb385 361 log_warning("Failed to parse dump core switch %s. Ignoring.", value);
4fc935ca 362 else
fa0f4d8a 363 arg_dump_core = r;
4fc935ca 364
1d84ad94 365 } else if (proc_cmdline_key_streq(key, "systemd.crash_chvt")) {
b9e74c39 366
1d84ad94
LP		 367 if (!value)
368 arg_crash_chvt = 0; /* turn on */
369 else if (parse_crash_chvt(value) < 0)
b9e74c39
LP		 370 log_warning("Failed to parse crash chvt switch %s. Ignoring.", value);
371
1d84ad94 372 } else if (proc_cmdline_key_streq(key, "systemd.crash_shell")) {
4fc935ca 373
1d84ad94 374 r = value ? parse_boolean(value) : true;
fb472900 375 if (r < 0)
059cb385 376 log_warning("Failed to parse crash shell switch %s. Ignoring.", value);
4fc935ca 377 else
fa0f4d8a 378 arg_crash_shell = r;
5e7ee61c 379
1d84ad94 380 } else if (proc_cmdline_key_streq(key, "systemd.crash_reboot")) {
5e7ee61c 381
1d84ad94 382 r = value ? parse_boolean(value) : true;
b9e74c39
LP		 383 if (r < 0)
384 log_warning("Failed to parse crash reboot switch %s. Ignoring.", value);
5e7ee61c 385 else
b9e74c39 386 arg_crash_reboot = r;
5e7ee61c 387
1d84ad94
LP		 388 } else if (proc_cmdline_key_streq(key, "systemd.confirm_spawn")) {
389 char *s;
7d5ceb64 390
1d84ad94 391 r = parse_confirm_spawn(value, &s);
059cb385 392 if (r < 0)
7d5ceb64 393 log_warning_errno(r, "Failed to parse confirm_spawn switch %s. Ignoring.", value);
1d84ad94
LP		 394 else {
395 free(arg_confirm_spawn);
396 arg_confirm_spawn = s;
397 }
601f6a1e 398
1d84ad94 399 } else if (proc_cmdline_key_streq(key, "systemd.show_status")) {
9e58ff9c 400
1d84ad94
LP		 401 if (value) {
402 r = parse_show_status(value, &arg_show_status);
403 if (r < 0)
404 log_warning("Failed to parse show status switch %s. Ignoring.", value);
405 } else
406 arg_show_status = SHOW_STATUS_YES;
059cb385 407
1d84ad94
LP		 408 } else if (proc_cmdline_key_streq(key, "systemd.default_standard_output")) {
409
410 if (proc_cmdline_value_missing(key, value))
411 return 0;
0a494f1f 412
059cb385 413 r = exec_output_from_string(value);
fb472900 414 if (r < 0)
059cb385 415 log_warning("Failed to parse default standard output switch %s. Ignoring.", value);
0a494f1f
LP		 416 else
417 arg_default_std_output = r;
0a494f1f 418
1d84ad94
LP		 419 } else if (proc_cmdline_key_streq(key, "systemd.default_standard_error")) {
420
421 if (proc_cmdline_value_missing(key, value))
422 return 0;
059cb385
LP		 423
424 r = exec_output_from_string(value);
fb472900 425 if (r < 0)
059cb385 426 log_warning("Failed to parse default standard error switch %s. Ignoring.", value);
0a494f1f
LP		 427 else
428 arg_default_std_error = r;
9e7c5357 429
1d84ad94
LP		 430 } else if (streq(key, "systemd.setenv")) {
431
432 if (proc_cmdline_value_missing(key, value))
433 return 0;
059cb385
LP		 434
435 if (env_assignment_is_valid(value)) {
e21fea24
KS		 436 char **env;
437
059cb385 438 env = strv_env_set(arg_default_environment, value);
1d84ad94
LP		 439 if (!env)
440 return log_oom();
441
442 arg_default_environment = env;
e21fea24 443 } else
059cb385 444 log_warning("Environment variable name '%s' is not valid. Ignoring.", value);
9e58ff9c 445
1d84ad94
LP		 446 } else if (proc_cmdline_key_streq(key, "systemd.machine_id")) {
447
448 if (proc_cmdline_value_missing(key, value))
449 return 0;
450
451 r = set_machine_id(value);
452 if (r < 0)
453 log_warning("MachineID '%s' is not valid. Ignoring.", value);
ee48dbd5 454
1d84ad94
LP		 455 } else if (proc_cmdline_key_streq(key, "systemd.default_timeout_start_sec")) {
456
457 if (proc_cmdline_value_missing(key, value))
458 return 0;
459
460 r = parse_sec(value, &arg_default_timeout_start_usec);
461 if (r < 0)
462 log_warning_errno(r, "Failed to parse default start timeout: %s, ignoring.", value);
463
464 if (arg_default_timeout_start_usec <= 0)
465 arg_default_timeout_start_usec = USEC_INFINITY;
ee48dbd5 466
8a2c1fbf
EJ		 467 } else if (proc_cmdline_key_streq(key, "systemd.watchdog_device")) {
468
469 if (proc_cmdline_value_missing(key, value))
470 return 0;
471
472 parse_path_argument_and_warn(value, false, &arg_watchdog_device);
473
059cb385 474 } else if (streq(key, "quiet") && !value) {
d7b15e0a 475
b6e2f329 476 if (arg_show_status == _SHOW_STATUS_UNSET)
d450b6f2 477 arg_show_status = SHOW_STATUS_AUTO;
059cb385
LP		 478
479 } else if (streq(key, "debug") && !value) {
d7b15e0a 480
1de1c9c3
LP		 481 /* Note that log_parse_environment() handles 'debug'
482 * too, and sets the log level to LOG_DEBUG. */
d7b15e0a 483
75f86906 484 if (detect_container() > 0)
b2103dcc 485 log_set_target(LOG_TARGET_CONSOLE);
059cb385 486
dcd61450 487 } else if (!value) {
e2c9a131 488 const char *target;
f170852a
LP		 489
490 /* SysV compatibility */
e2c9a131
EV		 491 target = runlevel_to_target(key);
492 if (target)
493 return free_and_strdup(&arg_default_unit, target);
f170852a
LP		 494 }
495
496 return 0;
497}
498
e8e581bf
ZJS		 499#define DEFINE_SETTER(name, func, descr) \
500 static int name(const char *unit, \
501 const char *filename, \
502 unsigned line, \
503 const char *section, \
71a61510 504 unsigned section_line, \
e8e581bf
ZJS		 505 const char *lvalue, \
506 int ltype, \
507 const char *rvalue, \
508 void *data, \
509 void *userdata) { \
510 \
511 int r; \
512 \
513 assert(filename); \
514 assert(lvalue); \
515 assert(rvalue); \
516 \
517 r = func(rvalue); \
518 if (r < 0) \
d1cefe0a
LP		 519 log_syntax(unit, LOG_ERR, filename, line, r, \
520 "Invalid " descr "'%s': %m", \
521 rvalue); \
e8e581bf
ZJS		 522 \
523 return 0; \
524 }
487393e9 525
e8e581bf
ZJS		 526DEFINE_SETTER(config_parse_level2, log_set_max_level_from_string, "log level")
527DEFINE_SETTER(config_parse_target, log_set_target_from_string, "target")
528DEFINE_SETTER(config_parse_color, log_show_color_from_string, "color" )
529DEFINE_SETTER(config_parse_location, log_show_location_from_string, "location")
487393e9 530
4d7213b2
LP		 531static int config_parse_cpu_affinity2(
532 const char *unit,
533 const char *filename,
534 unsigned line,
535 const char *section,
536 unsigned section_line,
537 const char *lvalue,
538 int ltype,
539 const char *rvalue,
540 void *data,
541 void *userdata) {
487393e9 542
4b40bc38 543 _cleanup_cpu_free_ cpu_set_t *c = NULL;
f5c72b73 544 int ncpus;
487393e9 545
765d143b 546 ncpus = parse_cpu_set_and_warn(rvalue, &c, unit, filename, line, lvalue);
f5c72b73
FB		 547 if (ncpus < 0)
548 return ncpus;
487393e9 549
f5c72b73 550 if (sched_setaffinity(0, CPU_ALLOC_SIZE(ncpus), c) < 0)
25f027c5 551 log_warning_errno(errno, "Failed to set CPU affinity: %m");
487393e9 552
487393e9
LP		 553 return 0;
554}
555
4d7213b2
LP		 556static int config_parse_show_status(
557 const char* unit,
558 const char *filename,
559 unsigned line,
560 const char *section,
561 unsigned section_line,
562 const char *lvalue,
563 int ltype,
564 const char *rvalue,
565 void *data,
566 void *userdata) {
567
568 int k;
569 ShowStatus *b = data;
570
571 assert(filename);
572 assert(lvalue);
573 assert(rvalue);
574 assert(data);
575
576 k = parse_show_status(rvalue, b);
577 if (k < 0) {
12ca818f 578 log_syntax(unit, LOG_ERR, filename, line, k, "Failed to parse show status setting, ignoring: %s", rvalue);
4d7213b2
LP		 579 return 0;
580 }
581
582 return 0;
583}
584
5db98187
LP		 585static int config_parse_output_restricted(
586 const char* unit,
587 const char *filename,
588 unsigned line,
589 const char *section,
590 unsigned section_line,
591 const char *lvalue,
592 int ltype,
593 const char *rvalue,
594 void *data,
595 void *userdata) {
596
597 ExecOutput t, *eo = data;
598
599 assert(filename);
600 assert(lvalue);
601 assert(rvalue);
602 assert(data);
603
604 t = exec_output_from_string(rvalue);
605 if (t < 0) {
606 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse output type, ignoring: %s", rvalue);
607 return 0;
608 }
609
610 if (IN_SET(t, EXEC_OUTPUT_SOCKET, EXEC_OUTPUT_NAMED_FD, EXEC_OUTPUT_FILE)) {
611 log_syntax(unit, LOG_ERR, filename, line, 0, "Standard output types socket, fd:, file: are not supported as defaults, ignoring: %s", rvalue);
612 return 0;
613 }
614
615 *eo = t;
616 return 0;
617}
618
b9e74c39
LP		 619static int config_parse_crash_chvt(
620 const char* unit,
621 const char *filename,
622 unsigned line,
623 const char *section,
624 unsigned section_line,
625 const char *lvalue,
626 int ltype,
627 const char *rvalue,
628 void *data,
629 void *userdata) {
630
631 int r;
632
633 assert(filename);
634 assert(lvalue);
635 assert(rvalue);
b9e74c39
LP		 636
637 r = parse_crash_chvt(rvalue);
638 if (r < 0) {
639 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse CrashChangeVT= setting, ignoring: %s", rvalue);
640 return 0;
641 }
642
643 return 0;
644}
645
e8e581bf
ZJS		 646static int config_parse_join_controllers(const char *unit,
647 const char *filename,
648 unsigned line,
649 const char *section,
71a61510 650 unsigned section_line,
e8e581bf
ZJS		 651 const char *lvalue,
652 int ltype,
653 const char *rvalue,
654 void *data,
655 void *userdata) {
0c85a4f3 656
3875c85b 657 const char *whole_rvalue = rvalue;
0c85a4f3 658 unsigned n = 0;
0c85a4f3
LP		 659
660 assert(filename);
661 assert(lvalue);
662 assert(rvalue);
663
fe382237 664 arg_join_controllers = strv_free_free(arg_join_controllers);
0c85a4f3 665
d4ebeb4f
FB		 666 for (;;) {
667 _cleanup_free_ char *word = NULL;
668 char **l;
669 int r;
0c85a4f3 670
9a82ab95 671 r = extract_first_word(&rvalue, &word, NULL, EXTRACT_QUOTES);
3875c85b
FB		 672 if (r < 0) {
673 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid value for %s: %s", lvalue, whole_rvalue);
d4ebeb4f 674 return r;
3875c85b 675 }
d4ebeb4f
FB		 676 if (r == 0)
677 break;
0c85a4f3 678
d4ebeb4f 679 l = strv_split(word, ",");
1592ec21 680 if (!l)
aa8aeac0 681 return log_oom();
0c85a4f3
LP		 682 strv_uniq(l);
683
684 if (strv_length(l) <= 1) {
685 strv_free(l);
686 continue;
687 }
688
689 if (!arg_join_controllers) {
690 arg_join_controllers = new(char**, 2);
691 if (!arg_join_controllers) {
692 strv_free(l);
14212119 693 return log_oom();
0c85a4f3
LP		 694 }
695
696 arg_join_controllers[0] = l;
697 arg_join_controllers[1] = NULL;
698
699 n = 1;
700 } else {
701 char ***a;
702 char ***t;
703
704 t = new0(char**, n+2);
705 if (!t) {
706 strv_free(l);
14212119 707 return log_oom();
0c85a4f3
LP		 708 }
709
710 n = 0;
711
712 for (a = arg_join_controllers; *a; a++) {
713
714 if (strv_overlap(*a, l)) {
e287086b 715 if (strv_extend_strv(&l, *a, false) < 0) {
0c85a4f3
LP		 716 strv_free(l);
717 strv_free_free(t);
14212119 718 return log_oom();
0c85a4f3
LP		 719 }
720
0c85a4f3
LP		 721 } else {
722 char **c;
723
724 c = strv_copy(*a);
725 if (!c) {
726 strv_free(l);
727 strv_free_free(t);
14212119 728 return log_oom();
0c85a4f3
LP		 729 }
730
731 t[n++] = c;
732 }
733 }
734
735 t[n++] = strv_uniq(l);
736
737 strv_free_free(arg_join_controllers);
738 arg_join_controllers = t;
739 }
740 }
d4ebeb4f 741 if (!isempty(rvalue))
12ca818f 742 log_syntax(unit, LOG_ERR, filename, line, 0, "Trailing garbage, ignoring.");
0c85a4f3
LP		 743
744 return 0;
745}
746
487393e9
LP		 747static int parse_config_file(void) {
748
f975e971 749 const ConfigTableItem items[] = {
d3b1c508
LP		 750 { "Manager", "LogLevel", config_parse_level2, 0, NULL },
751 { "Manager", "LogTarget", config_parse_target, 0, NULL },
752 { "Manager", "LogColor", config_parse_color, 0, NULL },
753 { "Manager", "LogLocation", config_parse_location, 0, NULL },
754 { "Manager", "DumpCore", config_parse_bool, 0, &arg_dump_core },
b9e74c39
LP		 755 { "Manager", "CrashChVT", /* legacy */ config_parse_crash_chvt, 0, NULL },
756 { "Manager", "CrashChangeVT", config_parse_crash_chvt, 0, NULL },
d3b1c508 757 { "Manager", "CrashShell", config_parse_bool, 0, &arg_crash_shell },
b9e74c39 758 { "Manager", "CrashReboot", config_parse_bool, 0, &arg_crash_reboot },
d3b1c508 759 { "Manager", "ShowStatus", config_parse_show_status, 0, &arg_show_status },
d3b1c508
LP		 760 { "Manager", "CPUAffinity", config_parse_cpu_affinity2, 0, NULL },
761 { "Manager", "JoinControllers", config_parse_join_controllers, 0, &arg_join_controllers },
762 { "Manager", "RuntimeWatchdogSec", config_parse_sec, 0, &arg_runtime_watchdog },
763 { "Manager", "ShutdownWatchdogSec", config_parse_sec, 0, &arg_shutdown_watchdog },
8a2c1fbf 764 { "Manager", "WatchdogDevice", config_parse_path, 0, &arg_watchdog_device },
a103496c 765 { "Manager", "CapabilityBoundingSet", config_parse_capability_set, 0, &arg_capability_bounding_set },
349cc4a5 766#if HAVE_SECCOMP
d3b1c508 767 { "Manager", "SystemCallArchitectures", config_parse_syscall_archs, 0, &arg_syscall_archs },
89fffa27 768#endif
d3b1c508 769 { "Manager", "TimerSlackNSec", config_parse_nsec, 0, &arg_timer_slack_nsec },
bd8f585b 770 { "Manager", "DefaultTimerAccuracySec", config_parse_sec, 0, &arg_default_timer_accuracy_usec },
5db98187
LP		 771 { "Manager", "DefaultStandardOutput", config_parse_output_restricted,0, &arg_default_std_output },
772 { "Manager", "DefaultStandardError", config_parse_output_restricted,0, &arg_default_std_error },
d3b1c508
LP		 773 { "Manager", "DefaultTimeoutStartSec", config_parse_sec, 0, &arg_default_timeout_start_usec },
774 { "Manager", "DefaultTimeoutStopSec", config_parse_sec, 0, &arg_default_timeout_stop_usec },
775 { "Manager", "DefaultRestartSec", config_parse_sec, 0, &arg_default_restart_usec },
f0367da7
LP		 776 { "Manager", "DefaultStartLimitInterval", config_parse_sec, 0, &arg_default_start_limit_interval }, /* obsolete alias */
777 { "Manager", "DefaultStartLimitIntervalSec",config_parse_sec, 0, &arg_default_start_limit_interval },
d3b1c508
LP		 778 { "Manager", "DefaultStartLimitBurst", config_parse_unsigned, 0, &arg_default_start_limit_burst },
779 { "Manager", "DefaultEnvironment", config_parse_environ, 0, &arg_default_environment },
d0a7c5f6
LP		 780 { "Manager", "DefaultLimitCPU", config_parse_limit, RLIMIT_CPU, arg_default_rlimit },
781 { "Manager", "DefaultLimitFSIZE", config_parse_limit, RLIMIT_FSIZE, arg_default_rlimit },
782 { "Manager", "DefaultLimitDATA", config_parse_limit, RLIMIT_DATA, arg_default_rlimit },
783 { "Manager", "DefaultLimitSTACK", config_parse_limit, RLIMIT_STACK, arg_default_rlimit },
784 { "Manager", "DefaultLimitCORE", config_parse_limit, RLIMIT_CORE, arg_default_rlimit },
785 { "Manager", "DefaultLimitRSS", config_parse_limit, RLIMIT_RSS, arg_default_rlimit },
786 { "Manager", "DefaultLimitNOFILE", config_parse_limit, RLIMIT_NOFILE, arg_default_rlimit },
787 { "Manager", "DefaultLimitAS", config_parse_limit, RLIMIT_AS, arg_default_rlimit },
788 { "Manager", "DefaultLimitNPROC", config_parse_limit, RLIMIT_NPROC, arg_default_rlimit },
789 { "Manager", "DefaultLimitMEMLOCK", config_parse_limit, RLIMIT_MEMLOCK, arg_default_rlimit },
790 { "Manager", "DefaultLimitLOCKS", config_parse_limit, RLIMIT_LOCKS, arg_default_rlimit },
791 { "Manager", "DefaultLimitSIGPENDING", config_parse_limit, RLIMIT_SIGPENDING, arg_default_rlimit },
792 { "Manager", "DefaultLimitMSGQUEUE", config_parse_limit, RLIMIT_MSGQUEUE, arg_default_rlimit },
793 { "Manager", "DefaultLimitNICE", config_parse_limit, RLIMIT_NICE, arg_default_rlimit },
794 { "Manager", "DefaultLimitRTPRIO", config_parse_limit, RLIMIT_RTPRIO, arg_default_rlimit },
795 { "Manager", "DefaultLimitRTTIME", config_parse_limit, RLIMIT_RTTIME, arg_default_rlimit },
085afe36 796 { "Manager", "DefaultCPUAccounting", config_parse_bool, 0, &arg_default_cpu_accounting },
13c31542 797 { "Manager", "DefaultIOAccounting", config_parse_bool, 0, &arg_default_io_accounting },
377bfd2d 798 { "Manager", "DefaultIPAccounting", config_parse_bool, 0, &arg_default_ip_accounting },
085afe36
LP		 799 { "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_default_blockio_accounting },
800 { "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_default_memory_accounting },
03a7b521 801 { "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_default_tasks_accounting },
0af20ea2 802 { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max },
ae8c7939 803 { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, 0, &arg_cad_burst_action },
d3b1c508 804 {}
487393e9
LP		 805 };
806
1b907b5c 807 const char *fn, *conf_dirs_nulstr;
487393e9 808
463d0d15 809 fn = arg_system ?
75eb6154
LP		 810 PKGSYSCONFDIR "/system.conf" :
811 PKGSYSCONFDIR "/user.conf";
812
463d0d15 813 conf_dirs_nulstr = arg_system ?
75eb6154
LP		 814 CONF_PATHS_NULSTR("systemd/system.conf.d") :
815 CONF_PATHS_NULSTR("systemd/user.conf.d");
816
bcde742e 817 (void) config_parse_many_nulstr(fn, conf_dirs_nulstr, "Manager\0", config_item_table_lookup, items, CONFIG_PARSE_WARN, NULL);
36c16a7c
LP		 818
819 /* Traditionally "0" was used to turn off the default unit timeouts. Fix this up so that we used USEC_INFINITY
820 * like everywhere else. */
821 if (arg_default_timeout_start_usec <= 0)
822 arg_default_timeout_start_usec = USEC_INFINITY;
823 if (arg_default_timeout_stop_usec <= 0)
824 arg_default_timeout_stop_usec = USEC_INFINITY;
487393e9 825
487393e9
LP		 826 return 0;
827}
828
85cb4151 829static void set_manager_defaults(Manager *m) {
06af2a04
TB		 830
831 assert(m);
832
833 m->default_timer_accuracy_usec = arg_default_timer_accuracy_usec;
834 m->default_std_output = arg_default_std_output;
835 m->default_std_error = arg_default_std_error;
836 m->default_timeout_start_usec = arg_default_timeout_start_usec;
837 m->default_timeout_stop_usec = arg_default_timeout_stop_usec;
838 m->default_restart_usec = arg_default_restart_usec;
839 m->default_start_limit_interval = arg_default_start_limit_interval;
840 m->default_start_limit_burst = arg_default_start_limit_burst;
841 m->default_cpu_accounting = arg_default_cpu_accounting;
13c31542 842 m->default_io_accounting = arg_default_io_accounting;
377bfd2d 843 m->default_ip_accounting = arg_default_ip_accounting;
06af2a04
TB		 844 m->default_blockio_accounting = arg_default_blockio_accounting;
845 m->default_memory_accounting = arg_default_memory_accounting;
03a7b521 846 m->default_tasks_accounting = arg_default_tasks_accounting;
0af20ea2 847 m->default_tasks_max = arg_default_tasks_max;
06af2a04
TB		 848
849 manager_set_default_rlimits(m, arg_default_rlimit);
850 manager_environment_add(m, NULL, arg_default_environment);
851}
852
7b46fc6a
LP		 853static void set_manager_settings(Manager *m) {
854
855 assert(m);
856
857 m->confirm_spawn = arg_confirm_spawn;
858 m->runtime_watchdog = arg_runtime_watchdog;
859 m->shutdown_watchdog = arg_shutdown_watchdog;
860 m->cad_burst_action = arg_cad_burst_action;
861
862 manager_set_show_status(m, arg_show_status);
863}
864
f170852a
LP		 865static int parse_argv(int argc, char *argv[]) {
866
867 enum {
868 ARG_LOG_LEVEL = 0x100,
869 ARG_LOG_TARGET,
bbe63281
LP		 870 ARG_LOG_COLOR,
871 ARG_LOG_LOCATION,
2f198e2f 872 ARG_UNIT,
edb9aaa8 873 ARG_SYSTEM,
af2d49f7 874 ARG_USER,
e537352b 875 ARG_TEST,
b87c2aa6 876 ARG_NO_PAGER,
9ba0bc4e 877 ARG_VERSION,
80876c20 878 ARG_DUMP_CONFIGURATION_ITEMS,
9e58ff9c 879 ARG_DUMP_CORE,
b9e74c39 880 ARG_CRASH_CHVT,
9e58ff9c 881 ARG_CRASH_SHELL,
b9e74c39 882 ARG_CRASH_REBOOT,
a16e1123 883 ARG_CONFIRM_SPAWN,
9e58ff9c 884 ARG_SHOW_STATUS,
4288f619 885 ARG_DESERIALIZE,
2660882b 886 ARG_SWITCHED_ROOT,
0a494f1f 887 ARG_DEFAULT_STD_OUTPUT,
ee48dbd5
NC		 888 ARG_DEFAULT_STD_ERROR,
889 ARG_MACHINE_ID
f170852a
LP		 890 };
891
892 static const struct option options[] = {
a16e1123
LP		 893 { "log-level", required_argument, NULL, ARG_LOG_LEVEL },
894 { "log-target", required_argument, NULL, ARG_LOG_TARGET },
bbe63281
LP		 895 { "log-color", optional_argument, NULL, ARG_LOG_COLOR },
896 { "log-location", optional_argument, NULL, ARG_LOG_LOCATION },
2f198e2f 897 { "unit", required_argument, NULL, ARG_UNIT },
edb9aaa8 898 { "system", no_argument, NULL, ARG_SYSTEM },
af2d49f7 899 { "user", no_argument, NULL, ARG_USER },
a16e1123 900 { "test", no_argument, NULL, ARG_TEST },
b87c2aa6 901 { "no-pager", no_argument, NULL, ARG_NO_PAGER },
a16e1123 902 { "help", no_argument, NULL, 'h' },
9ba0bc4e 903 { "version", no_argument, NULL, ARG_VERSION },
a16e1123 904 { "dump-configuration-items", no_argument, NULL, ARG_DUMP_CONFIGURATION_ITEMS },
a5d87bf0 905 { "dump-core", optional_argument, NULL, ARG_DUMP_CORE },
b9e74c39 906 { "crash-chvt", required_argument, NULL, ARG_CRASH_CHVT },
a5d87bf0 907 { "crash-shell", optional_argument, NULL, ARG_CRASH_SHELL },
b9e74c39 908 { "crash-reboot", optional_argument, NULL, ARG_CRASH_REBOOT },
a5d87bf0 909 { "confirm-spawn", optional_argument, NULL, ARG_CONFIRM_SPAWN },
6e98720f 910 { "show-status", optional_argument, NULL, ARG_SHOW_STATUS },
a16e1123 911 { "deserialize", required_argument, NULL, ARG_DESERIALIZE },
2660882b 912 { "switched-root", no_argument, NULL, ARG_SWITCHED_ROOT },
0a494f1f
LP		 913 { "default-standard-output", required_argument, NULL, ARG_DEFAULT_STD_OUTPUT, },
914 { "default-standard-error", required_argument, NULL, ARG_DEFAULT_STD_ERROR, },
ee48dbd5 915 { "machine-id", required_argument, NULL, ARG_MACHINE_ID },
fb472900 916 {}
f170852a
LP		 917 };
918
919 int c, r;
920
921 assert(argc >= 1);
922 assert(argv);
923
df0ff127 924 if (getpid_cached() == 1)
b770165a
LP		 925 opterr = 0;
926
099663ff 927 while ((c = getopt_long(argc, argv, "hDbsz:", options, NULL)) >= 0)
f170852a
LP		 928
929 switch (c) {
930
931 case ARG_LOG_LEVEL:
fb472900
ZJS		 932 r = log_set_max_level_from_string(optarg);
933 if (r < 0) {
f170852a
LP		 934 log_error("Failed to parse log level %s.", optarg);
935 return r;
936 }
937
938 break;
939
940 case ARG_LOG_TARGET:
fb472900
ZJS		 941 r = log_set_target_from_string(optarg);
942 if (r < 0) {
f170852a
LP		 943 log_error("Failed to parse log target %s.", optarg);
944 return r;
945 }
946
947 break;
948
bbe63281
LP		 949 case ARG_LOG_COLOR:
950
d0b170c8 951 if (optarg) {
fb472900
ZJS		 952 r = log_show_color_from_string(optarg);
953 if (r < 0) {
d0b170c8
LP		 954 log_error("Failed to parse log color setting %s.", optarg);
955 return r;
956 }
957 } else
958 log_show_color(true);
bbe63281
LP		 959
960 break;
961
962 case ARG_LOG_LOCATION:
d0b170c8 963 if (optarg) {
fb472900
ZJS		 964 r = log_show_location_from_string(optarg);
965 if (r < 0) {
d0b170c8
LP		 966 log_error("Failed to parse log location setting %s.", optarg);
967 return r;
968 }
969 } else
970 log_show_location(true);
bbe63281
LP		 971
972 break;
973
0a494f1f 974 case ARG_DEFAULT_STD_OUTPUT:
fb472900
ZJS		 975 r = exec_output_from_string(optarg);
976 if (r < 0) {
0a494f1f
LP		 977 log_error("Failed to parse default standard output setting %s.", optarg);
978 return r;
979 } else
980 arg_default_std_output = r;
981 break;
982
983 case ARG_DEFAULT_STD_ERROR:
fb472900
ZJS		 984 r = exec_output_from_string(optarg);
985 if (r < 0) {
0a494f1f
LP		 986 log_error("Failed to parse default standard error output setting %s.", optarg);
987 return r;
988 } else
989 arg_default_std_error = r;
990 break;
991
2f198e2f 992 case ARG_UNIT:
e6e242ad 993 r = free_and_strdup(&arg_default_unit, optarg);
23bbb0de
MS		 994 if (r < 0)
995 return log_error_errno(r, "Failed to set default unit %s: %m", optarg);
f170852a
LP		 996
997 break;
998
edb9aaa8 999 case ARG_SYSTEM:
463d0d15 1000 arg_system = true;
edb9aaa8 1001 break;
a5dab5ce 1002
af2d49f7 1003 case ARG_USER:
463d0d15 1004 arg_system = false;
a5dab5ce 1005 break;
a5dab5ce 1006
e965d56d 1007 case ARG_TEST:
fa0f4d8a 1008 arg_action = ACTION_TEST;
b87c2aa6
ZJS		 1009 break;
1010
1011 case ARG_NO_PAGER:
1012 arg_no_pager = true;
e965d56d
LP		 1013 break;
1014
9ba0bc4e
ZJS		 1015 case ARG_VERSION:
1016 arg_action = ACTION_VERSION;
1017 break;
1018
e537352b 1019 case ARG_DUMP_CONFIGURATION_ITEMS:
fa0f4d8a 1020 arg_action = ACTION_DUMP_CONFIGURATION_ITEMS;
e537352b
LP		 1021 break;
1022
9e58ff9c 1023 case ARG_DUMP_CORE:
b9e74c39
LP		 1024 if (!optarg)
1025 arg_dump_core = true;
1026 else {
1027 r = parse_boolean(optarg);
1028 if (r < 0)
1029 return log_error_errno(r, "Failed to parse dump core boolean: %s", optarg);
1030 arg_dump_core = r;
a5d87bf0 1031 }
b9e74c39
LP		 1032 break;
1033
1034 case ARG_CRASH_CHVT:
1035 r = parse_crash_chvt(optarg);
1036 if (r < 0)
1037 return log_error_errno(r, "Failed to parse crash virtual terminal index: %s", optarg);
9e58ff9c
LP		 1038 break;
1039
1040 case ARG_CRASH_SHELL:
b9e74c39
LP		 1041 if (!optarg)
1042 arg_crash_shell = true;
1043 else {
1044 r = parse_boolean(optarg);
1045 if (r < 0)
1046 return log_error_errno(r, "Failed to parse crash shell boolean: %s", optarg);
1047 arg_crash_shell = r;
1048 }
1049 break;
1050
1051 case ARG_CRASH_REBOOT:
1052 if (!optarg)
1053 arg_crash_reboot = true;
1054 else {
1055 r = parse_boolean(optarg);
1056 if (r < 0)
1057 return log_error_errno(r, "Failed to parse crash shell boolean: %s", optarg);
1058 arg_crash_reboot = r;
a5d87bf0 1059 }
9e58ff9c
LP		 1060 break;
1061
80876c20 1062 case ARG_CONFIRM_SPAWN:
7d5ceb64
FB		 1063 arg_confirm_spawn = mfree(arg_confirm_spawn);
1064
1065 r = parse_confirm_spawn(optarg, &arg_confirm_spawn);
1066 if (r < 0)
1067 return log_error_errno(r, "Failed to parse confirm spawn option: %m");
80876c20
LP		 1068 break;
1069
9e58ff9c 1070 case ARG_SHOW_STATUS:
d450b6f2
ZJS		 1071 if (optarg) {
1072 r = parse_show_status(optarg, &arg_show_status);
1073 if (r < 0) {
1074 log_error("Failed to parse show status boolean %s.", optarg);
1075 return r;
1076 }
1077 } else
1078 arg_show_status = SHOW_STATUS_YES;
6e98720f 1079 break;
a5d87bf0 1080
a16e1123
LP		 1081 case ARG_DESERIALIZE: {
1082 int fd;
1083 FILE *f;
1084
01e10de3
LP		 1085 r = safe_atoi(optarg, &fd);
1086 if (r < 0 || fd < 0) {
a16e1123 1087 log_error("Failed to parse deserialize option %s.", optarg);
b9e74c39 1088 return -EINVAL;
a16e1123
LP		 1089 }
1090
b9e74c39 1091 (void) fd_cloexec(fd, true);
01e10de3
LP		 1092
1093 f = fdopen(fd, "r");
4a62c710
MS		 1094 if (!f)
1095 return log_error_errno(errno, "Failed to open serialization fd: %m");
a16e1123 1096
74ca738f 1097 safe_fclose(arg_serialization);
d3b1c508 1098 arg_serialization = f;
a16e1123
LP		 1099
1100 break;
1101 }
1102
2660882b 1103 case ARG_SWITCHED_ROOT:
bf4df7c3 1104 arg_switched_root = true;
d03bc1b8
HH		 1105 break;
1106
ee48dbd5
NC		 1107 case ARG_MACHINE_ID:
1108 r = set_machine_id(optarg);
54500613
LP		 1109 if (r < 0)
1110 return log_error_errno(r, "MachineID '%s' is not valid.", optarg);
ee48dbd5
NC		 1111 break;
1112
f170852a 1113 case 'h':
fa0f4d8a 1114 arg_action = ACTION_HELP;
f170852a
LP		 1115 break;
1116
1d2e23ab
LP		 1117 case 'D':
1118 log_set_max_level(LOG_DEBUG);
1119 break;
1120
099663ff
LP		 1121 case 'b':
1122 case 's':
1123 case 'z':
1124 /* Just to eat away the sysvinit kernel
1125 * cmdline args without getopt() error
1126 * messages that we'll parse in
1127 * parse_proc_cmdline_word() or ignore. */
f170852a 1128
099663ff 1129 case '?':
df0ff127 1130 if (getpid_cached() != 1)
099663ff 1131 return -EINVAL;
601185b4
ZJS		 1132 else
1133 return 0;
099663ff 1134
601185b4
ZJS		 1135 default:
1136 assert_not_reached("Unhandled option code.");
f170852a
LP		 1137 }
1138
df0ff127 1139 if (optind < argc && getpid_cached() != 1) {
d821e6d6
LP		 1140 /* Hmm, when we aren't run as init system
1141 * let's complain about excess arguments */
1142
1143 log_error("Excess arguments.");
1144 return -EINVAL;
1145 }
1146
f170852a
LP		 1147 return 0;
1148}
1149
1150static int help(void) {
1151
2e33c433 1152 printf("%s [OPTIONS...]\n\n"
af2d49f7 1153 "Starts up and maintains the system or user services.\n\n"
e537352b 1154 " -h --help Show this help\n"
cb4069d9 1155 " --version Show version\n"
e537352b 1156 " --test Determine startup sequence, dump it and exit\n"
b87c2aa6 1157 " --no-pager Do not pipe output into a pager\n"
80876c20 1158 " --dump-configuration-items Dump understood unit configuration items\n"
9e58ff9c 1159 " --unit=UNIT Set default unit\n"
edb9aaa8 1160 " --system Run a system instance, even if PID != 1\n"
af2d49f7 1161 " --user Run a user instance\n"
b9e74c39
LP		 1162 " --dump-core[=BOOL] Dump core on crash\n"
1163 " --crash-vt=NR Change to specified VT on crash\n"
1164 " --crash-reboot[=BOOL] Reboot on crash\n"
1165 " --crash-shell[=BOOL] Run shell on crash\n"
1166 " --confirm-spawn[=BOOL] Ask for confirmation when spawning processes\n"
1167 " --show-status[=BOOL] Show status updates on the console during bootup\n"
c1dc6153 1168 " --log-target=TARGET Set log target (console, journal, kmsg, journal-or-kmsg, null)\n"
9e58ff9c 1169 " --log-level=LEVEL Set log level (debug, info, notice, warning, err, crit, alert, emerg)\n"
b9e74c39
LP		 1170 " --log-color[=BOOL] Highlight important log messages\n"
1171 " --log-location[=BOOL] Include code location in log messages\n"
0a494f1f
LP		 1172 " --default-standard-output= Set default standard output for services\n"
1173 " --default-standard-error= Set default standard error output for services\n",
5b6319dc 1174 program_invocation_short_name);
f170852a
LP		 1175
1176 return 0;
1177}
1178
b3680f49 1179static int prepare_reexecute(Manager *m, FILE **_f, FDSet **_fds, bool switching_root) {
48b90859
LP		 1180 _cleanup_fdset_free_ FDSet *fds = NULL;
1181 _cleanup_fclose_ FILE *f = NULL;
a16e1123
LP		 1182 int r;
1183
1184 assert(m);
1185 assert(_f);
1186 assert(_fds);
1187
6b78f9b4 1188 r = manager_open_serialization(m, &f);
48b90859
LP		 1189 if (r < 0)
1190 return log_error_errno(r, "Failed to create serialization file: %m");
a16e1123 1191
71445ae7 1192 /* Make sure nothing is really destructed when we shut down */
313cefa1 1193 m->n_reloading++;
718db961 1194 bus_manager_send_reloading(m, true);
71445ae7 1195
6b78f9b4 1196 fds = fdset_new();
48b90859
LP		 1197 if (!fds)
1198 return log_oom();
a16e1123 1199
b3680f49 1200 r = manager_serialize(m, f, fds, switching_root);
48b90859
LP		 1201 if (r < 0)
1202 return log_error_errno(r, "Failed to serialize state: %m");
a16e1123 1203
48b90859
LP		 1204 if (fseeko(f, 0, SEEK_SET) == (off_t) -1)
1205 return log_error_errno(errno, "Failed to rewind serialization fd: %m");
a16e1123 1206
6b78f9b4 1207 r = fd_cloexec(fileno(f), false);
48b90859
LP		 1208 if (r < 0)
1209 return log_error_errno(r, "Failed to disable O_CLOEXEC for serialization: %m");
a16e1123 1210
6b78f9b4 1211 r = fdset_cloexec(fds, false);
48b90859
LP		 1212 if (r < 0)
1213 return log_error_errno(r, "Failed to disable O_CLOEXEC for serialization fds: %m");
a16e1123
LP		 1214
1215 *_f = f;
1216 *_fds = fds;
1217
48b90859
LP		 1218 f = NULL;
1219 fds = NULL;
a16e1123 1220
48b90859 1221 return 0;
a16e1123
LP		 1222}
1223
4096d6f5
LP		 1224static int bump_rlimit_nofile(struct rlimit *saved_rlimit) {
1225 struct rlimit nl;
1226 int r;
6385cb31
CB		 1227 int min_max;
1228 _cleanup_free_ char *nr_open = NULL;
4096d6f5
LP		 1229
1230 assert(saved_rlimit);
1231
1232 /* Save the original RLIMIT_NOFILE so that we can reset it
1233 * later when transitioning from the initrd to the main
1234 * systemd or suchlike. */
4a62c710 1235 if (getrlimit(RLIMIT_NOFILE, saved_rlimit) < 0)
3ce40911 1236 return log_warning_errno(errno, "Reading RLIMIT_NOFILE failed, ignoring: %m");
4096d6f5
LP		 1237
1238 /* Make sure forked processes get the default kernel setting */
1239 if (!arg_default_rlimit[RLIMIT_NOFILE]) {
1240 struct rlimit *rl;
1241
1242 rl = newdup(struct rlimit, saved_rlimit, 1);
1243 if (!rl)
1244 return log_oom();
1245
1246 arg_default_rlimit[RLIMIT_NOFILE] = rl;
1247 }
1248
6385cb31
CB		 1249 /* Get current RLIMIT_NOFILE maximum compiled into the kernel. */
1250 r = read_one_line_file("/proc/sys/fs/nr_open", &nr_open);
d387cfdd 1251 if (r >= 0)
6385cb31
CB		 1252 r = safe_atoi(nr_open, &min_max);
1253 /* If we fail, fallback to the hard-coded kernel limit of 1024 * 1024. */
1254 if (r < 0)
1255 min_max = 1024 * 1024;
1256
4096d6f5 1257 /* Bump up the resource limit for ourselves substantially */
6385cb31 1258 nl.rlim_cur = nl.rlim_max = min_max;
4096d6f5 1259 r = setrlimit_closest(RLIMIT_NOFILE, &nl);
23bbb0de 1260 if (r < 0)
3ce40911 1261 return log_warning_errno(r, "Setting RLIMIT_NOFILE failed, ignoring: %m");
4096d6f5
LP		 1262
1263 return 0;
1264}
1265
fb3ae275
LP		 1266static int bump_rlimit_memlock(struct rlimit *saved_rlimit) {
1267 int r;
1268
1269 assert(saved_rlimit);
1270 assert(getuid() == 0);
1271
1272 /* BPF_MAP_TYPE_LPM_TRIE bpf maps are charged against RLIMIT_MEMLOCK, even though we have CAP_IPC_LOCK which
1273 * should normally disable such checks. We need them to implement IPAccessAllow= and IPAccessDeny=, hence let's
1274 * bump the value high enough for the root user. */
1275
1276 if (getrlimit(RLIMIT_MEMLOCK, saved_rlimit) < 0)
1277 return log_warning_errno(errno, "Reading RLIMIT_MEMLOCK failed, ignoring: %m");
1278
1279 r = setrlimit_closest(RLIMIT_MEMLOCK, &RLIMIT_MAKE_CONST(1024ULL*1024ULL*16ULL));
1280 if (r < 0)
1281 return log_warning_errno(r, "Setting RLIMIT_MEMLOCK failed, ignoring: %m");
1282
1283 return 0;
1284}
1285
80758717 1286static void test_usr(void) {
80758717 1287
ed1c99fc 1288 /* Check that /usr is not a separate fs */
80758717 1289
871c44a7
LP		 1290 if (dir_is_empty("/usr") <= 0)
1291 return;
1292
8b173b5e 1293 log_warning("/usr appears to be on its own filesystem and is not already mounted. This is not a supported setup. "
871c44a7
LP		 1294 "Some things will probably break (sometimes even silently) in mysterious ways. "
1295 "Consult http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken for more information.");
1296}
1297
a07fdfa3
LP		 1298static int initialize_join_controllers(void) {
1299 /* By default, mount "cpu" + "cpuacct" together, and "net_cls"
1300 * + "net_prio". We'd like to add "cpuset" to the mix, but
f131770b 1301 * "cpuset" doesn't really work for groups with no initialized
a07fdfa3
LP		 1302 * attributes. */
1303
1304 arg_join_controllers = new(char**, 3);
1305 if (!arg_join_controllers)
1306 return -ENOMEM;
1307
1308 arg_join_controllers[0] = strv_new("cpu", "cpuacct", NULL);
fe382237
LP		 1309 if (!arg_join_controllers[0])
1310 goto oom;
a6b26d90 1311
fe382237
LP		 1312 arg_join_controllers[1] = strv_new("net_cls", "net_prio", NULL);
1313 if (!arg_join_controllers[1])
1314 goto oom;
a07fdfa3 1315
fe382237 1316 arg_join_controllers[2] = NULL;
a07fdfa3 1317 return 0;
fe382237
LP		 1318
1319oom:
1320 arg_join_controllers = strv_free_free(arg_join_controllers);
1321 return -ENOMEM;
a07fdfa3
LP		 1322}
1323
d3b1c508 1324static int enforce_syscall_archs(Set *archs) {
349cc4a5 1325#if HAVE_SECCOMP
d3b1c508
LP		 1326 int r;
1327
83f12b27
FS		 1328 if (!is_seccomp_available())
1329 return 0;
1330
469830d1 1331 r = seccomp_restrict_archs(arg_syscall_archs);
d3b1c508 1332 if (r < 0)
469830d1 1333 return log_error_errno(r, "Failed to enforce system call architecture restrication: %m");
d3b1c508 1334#endif
469830d1 1335 return 0;
d3b1c508
LP		 1336}
1337
b6e2f329
LP		 1338static int status_welcome(void) {
1339 _cleanup_free_ char *pretty_name = NULL, *ansi_color = NULL;
72c7329b 1340 const char *fn;
b6e2f329
LP		 1341 int r;
1342
fd8c85c6
LP		 1343 if (arg_show_status <= 0)
1344 return 0;
1345
72c7329b
LP		 1346 FOREACH_STRING(fn, "/etc/os-release", "/usr/lib/os-release") {
1347 r = parse_env_file(fn, NEWLINE,
5ae4d543
LP		 1348 "PRETTY_NAME", &pretty_name,
1349 "ANSI_COLOR", &ansi_color,
1350 NULL);
b6e2f329 1351
72c7329b
LP		 1352 if (r != -ENOENT)
1353 break;
1354 }
b6e2f329 1355 if (r < 0 && r != -ENOENT)
72c7329b 1356 log_warning_errno(r, "Failed to read os-release file, ignoring: %m");
b6e2f329 1357
dc9b5816
ZJS		 1358 if (log_get_show_color())
1359 return status_printf(NULL, false, false,
1360 "\nWelcome to \x1B[%sm%s\x1B[0m!\n",
1361 isempty(ansi_color) ? "1" : ansi_color,
1362 isempty(pretty_name) ? "Linux" : pretty_name);
1363 else
1364 return status_printf(NULL, false, false,
1365 "\nWelcome to %s!\n",
1366 isempty(pretty_name) ? "Linux" : pretty_name);
b6e2f329
LP		 1367}
1368
fdd25311
LP		 1369static int write_container_id(void) {
1370 const char *c;
19854865 1371 int r;
fdd25311
LP		 1372
1373 c = getenv("container");
1374 if (isempty(c))
1375 return 0;
1376
8612da97
LP		 1377 RUN_WITH_UMASK(0022)
1378 r = write_string_file("/run/systemd/container", c, WRITE_STRING_FILE_CREATE);
19854865 1379 if (r < 0)
f1f849b0 1380 return log_warning_errno(r, "Failed to write /run/systemd/container, ignoring: %m");
19854865
LP		 1381
1382 return 1;
1383}
1384
1385static int bump_unix_max_dgram_qlen(void) {
1386 _cleanup_free_ char *qlen = NULL;
1387 unsigned long v;
1388 int r;
1389
1390 /* Let's bump the net.unix.max_dgram_qlen sysctl. The kernel
1391 * default of 16 is simply too low. We set the value really
1392 * really early during boot, so that it is actually applied to
1393 * all our sockets, including the $NOTIFY_SOCKET one. */
1394
1395 r = read_one_line_file("/proc/sys/net/unix/max_dgram_qlen", &qlen);
1396 if (r < 0)
1397 return log_warning_errno(r, "Failed to read AF_UNIX datagram queue length, ignoring: %m");
1398
1399 r = safe_atolu(qlen, &v);
1400 if (r < 0)
1401 return log_warning_errno(r, "Failed to parse AF_UNIX datagram queue length, ignoring: %m");
1402
1403 if (v >= DEFAULT_UNIX_MAX_DGRAM_QLEN)
1404 return 0;
1405
1406 qlen = mfree(qlen);
1407 if (asprintf(&qlen, "%lu\n", DEFAULT_UNIX_MAX_DGRAM_QLEN) < 0)
1408 return log_oom();
1409
1410 r = write_string_file("/proc/sys/net/unix/max_dgram_qlen", qlen, 0);
1411 if (r < 0)
1412 return log_full_errno(IN_SET(r, -EROFS, -EPERM, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
1413 "Failed to bump AF_UNIX datagram queue length, ignoring: %m");
1414
1415 return 1;
fdd25311
LP		 1416}
1417
32391275
FB		 1418static int fixup_environment(void) {
1419 _cleanup_free_ char *term = NULL;
4dc63c4b 1420 const char *t;
32391275
FB		 1421 int r;
1422
43db615b
LP		 1423 /* Only fix up the environment when we are started as PID 1 */
1424 if (getpid_cached() != 1)
1425 return 0;
1426
1427 /* We expect the environment to be set correctly if run inside a container. */
84af7821
LP		 1428 if (detect_container() > 0)
1429 return 0;
1430
43db615b
LP		 1431 /* When started as PID1, the kernel uses /dev/console for our stdios and uses TERM=linux whatever the backend
1432 * device used by the console. We try to make a better guess here since some consoles might not have support
1433 * for color mode for example.
32391275 1434 *
43db615b 1435 * However if TERM was configured through the kernel command line then leave it alone. */
1d84ad94 1436 r = proc_cmdline_get_key("TERM", 0, &term);
32391275
FB		 1437 if (r < 0)
1438 return r;
32391275 1439
4dc63c4b
LP		 1440 t = term ?: default_term_for_tty("/dev/console");
1441
1442 if (setenv("TERM", t, 1) < 0)
32391275
FB		 1443 return -errno;
1444
1445 return 0;
1446}
1447
6808a0bc
LP		 1448static void redirect_telinit(int argc, char *argv[]) {
1449
1450 /* This is compatibility support for SysV, where calling init as a user is identical to telinit. */
1451
1452#if HAVE_SYSV_COMPAT
1453 if (getpid_cached() == 1)
1454 return;
1455
1456 if (!strstr(program_invocation_short_name, "init"))
1457 return;
1458
1459 execv(SYSTEMCTL_BINARY_PATH, argv);
1460 log_error_errno(errno, "Failed to exec " SYSTEMCTL_BINARY_PATH ": %m");
a45d7127 1461 exit(EXIT_FAILURE);
6808a0bc
LP		 1462#endif
1463}
1464
4a36297c
LP		 1465static int become_shutdown(
1466 const char *shutdown_verb,
7eb35049 1467 int retval) {
4a36297c
LP		 1468
1469 char log_level[DECIMAL_STR_MAX(int) + 1],
1470 exit_code[DECIMAL_STR_MAX(uint8_t) + 1];
1471
1472 const char* command_line[11] = {
1473 SYSTEMD_SHUTDOWN_BINARY_PATH,
1474 shutdown_verb,
1475 "--log-level", log_level,
1476 "--log-target",
1477 };
1478
1479 _cleanup_strv_free_ char **env_block = NULL;
1480 size_t pos = 5;
1481 int r;
1482
7eb35049 1483 assert(shutdown_verb);
234519ae 1484 assert(!command_line[pos]);
4a36297c
LP		 1485 env_block = strv_copy(environ);
1486
1487 xsprintf(log_level, "%d", log_get_max_level());
1488
1489 switch (log_get_target()) {
1490
1491 case LOG_TARGET_KMSG:
1492 case LOG_TARGET_JOURNAL_OR_KMSG:
1493 case LOG_TARGET_SYSLOG_OR_KMSG:
1494 command_line[pos++] = "kmsg";
1495 break;
1496
1497 case LOG_TARGET_NULL:
1498 command_line[pos++] = "null";
1499 break;
1500
1501 case LOG_TARGET_CONSOLE:
1502 default:
1503 command_line[pos++] = "console";
1504 break;
1505 };
1506
1507 if (log_get_show_color())
1508 command_line[pos++] = "--log-color";
1509
1510 if (log_get_show_location())
1511 command_line[pos++] = "--log-location";
1512
1513 if (streq(shutdown_verb, "exit")) {
1514 command_line[pos++] = "--exit-code";
1515 command_line[pos++] = exit_code;
1516 xsprintf(exit_code, "%d", retval);
1517 }
1518
1519 assert(pos < ELEMENTSOF(command_line));
1520
7eb35049
LP		 1521 if (streq(shutdown_verb, "reboot") &&
1522 arg_shutdown_watchdog > 0 &&
1523 arg_shutdown_watchdog != USEC_INFINITY) {
1524
4a36297c
LP		 1525 char *e;
1526
1527 /* If we reboot let's set the shutdown
1528 * watchdog and tell the shutdown binary to
1529 * repeatedly ping it */
1530 r = watchdog_set_timeout(&arg_shutdown_watchdog);
1531 watchdog_close(r < 0);
1532
1533 /* Tell the binary how often to ping, ignore failure */
1534 if (asprintf(&e, "WATCHDOG_USEC="USEC_FMT, arg_shutdown_watchdog) > 0)
8a2c1fbf
EJ		 1535 (void) strv_consume(&env_block, e);
1536
1537 if (arg_watchdog_device &&
1538 asprintf(&e, "WATCHDOG_DEVICE=%s", arg_watchdog_device) > 0)
1539 (void) strv_consume(&env_block, e);
4a36297c
LP		 1540 } else
1541 watchdog_close(true);
1542
1543 /* Avoid the creation of new processes forked by the
1544 * kernel; at this point, we will not listen to the
1545 * signals anyway */
1546 if (detect_container() <= 0)
1547 (void) cg_uninstall_release_agent(SYSTEMD_CGROUP_CONTROLLER);
1548
1549 execve(SYSTEMD_SHUTDOWN_BINARY_PATH, (char **) command_line, env_block);
1550 return -errno;
1551}
1552
e839bafd
LP		 1553static void initialize_clock(void) {
1554 int r;
1555
1556 if (clock_is_localtime(NULL) > 0) {
1557 int min;
1558
1559 /*
1560 * The very first call of settimeofday() also does a time warp in the kernel.
1561 *
1562 * In the rtc-in-local time mode, we set the kernel's timezone, and rely on external tools to take care
1563 * of maintaining the RTC and do all adjustments. This matches the behavior of Windows, which leaves
1564 * the RTC alone if the registry tells that the RTC runs in UTC.
1565 */
1566 r = clock_set_timezone(&min);
1567 if (r < 0)
1568 log_error_errno(r, "Failed to apply local time delta, ignoring: %m");
1569 else
1570 log_info("RTC configured in localtime, applying delta of %i minutes to system time.", min);
1571
1572 } else if (!in_initrd()) {
1573 /*
1574 * Do a dummy very first call to seal the kernel's time warp magic.
1575 *
1576 * Do not call this from inside the initrd. The initrd might not carry /etc/adjtime with LOCAL, but the
1577 * real system could be set up that way. In such case, we need to delay the time-warp or the sealing
1578 * until we reach the real system.
1579 *
1580 * Do no set the kernel's timezone. The concept of local time cannot be supported reliably, the time
1581 * will jump or be incorrect at every daylight saving time change. All kernel local time concepts will
1582 * be treated as UTC that way.
1583 */
1584 (void) clock_reset_timewarp();
1585 }
1586
1587 r = clock_apply_epoch();
1588 if (r < 0)
1589 log_error_errno(r, "Current system time is before build time, but cannot correct: %m");
1590 else if (r > 0)
1591 log_info("System time before build time, advancing clock.");
1592}
1593
1e41242e
LP		 1594static void initialize_coredump(bool skip_setup) {
1595
1596 if (getpid_cached() != 1)
1597 return;
1598
1599 /* Don't limit the core dump size, so that coredump handlers such as systemd-coredump (which honour the limit)
1600 * will process core dumps for system services by default. */
1601 if (setrlimit(RLIMIT_CORE, &RLIMIT_MAKE_CONST(RLIM_INFINITY)) < 0)
1602 log_warning_errno(errno, "Failed to set RLIMIT_CORE: %m");
1603
1604 /* But at the same time, turn off the core_pattern logic by default, so that no coredumps are stored
1605 * until the systemd-coredump tool is enabled via sysctl. */
1606 if (!skip_setup)
9ce17593 1607 disable_core_dumps();
1e41242e
LP		 1608}
1609
3c7878f9
LP		 1610static void do_reexecute(
1611 int argc,
1612 char *argv[],
1613 const struct rlimit *saved_rlimit_nofile,
1614 const struct rlimit *saved_rlimit_memlock,
1615 FDSet *fds,
1616 const char *switch_root_dir,
1617 const char *switch_root_init,
1618 const char **ret_error_message) {
1619
1620 unsigned i, j, args_size;
1621 const char **args;
1622 int r;
1623
1624 assert(saved_rlimit_nofile);
1625 assert(saved_rlimit_memlock);
1626 assert(ret_error_message);
1627
1628 /* Close and disarm the watchdog, so that the new instance can reinitialize it, but doesn't get rebooted while
1629 * we do that */
1630 watchdog_close(true);
1631
1632 /* Reset the RLIMIT_NOFILE to the kernel default, so that the new systemd can pass the kernel default to its
1633 * child processes */
1634
1635 if (saved_rlimit_nofile->rlim_cur > 0)
1636 (void) setrlimit(RLIMIT_NOFILE, saved_rlimit_nofile);
1637 if (saved_rlimit_memlock->rlim_cur != (rlim_t) -1)
1638 (void) setrlimit(RLIMIT_MEMLOCK, saved_rlimit_memlock);
1639
1640 if (switch_root_dir) {
1641 /* Kill all remaining processes from the initrd, but don't wait for them, so that we can handle the
1642 * SIGCHLD for them after deserializing. */
1643 broadcast_signal(SIGTERM, false, true);
1644
1645 /* And switch root with MS_MOVE, because we remove the old directory afterwards and detach it. */
1646 r = switch_root(switch_root_dir, "/mnt", true, MS_MOVE);
1647 if (r < 0)
1648 log_error_errno(r, "Failed to switch root, trying to continue: %m");
1649 }
1650
1651 args_size = MAX(6, argc+1);
1652 args = newa(const char*, args_size);
1653
1654 if (!switch_root_init) {
1655 char sfd[DECIMAL_STR_MAX(int) + 1];
1656
1657 /* First try to spawn ourselves with the right path, and with full serialization. We do this only if
1658 * the user didn't specify an explicit init to spawn. */
1659
1660 assert(arg_serialization);
1661 assert(fds);
1662
1663 xsprintf(sfd, "%i", fileno(arg_serialization));
1664
1665 i = 0;
1666 args[i++] = SYSTEMD_BINARY_PATH;
1667 if (switch_root_dir)
1668 args[i++] = "--switched-root";
1669 args[i++] = arg_system ? "--system" : "--user";
1670 args[i++] = "--deserialize";
1671 args[i++] = sfd;
1672 args[i++] = NULL;
1673
1674 assert(i <= args_size);
1675
1676 /*
1677 * We want valgrind to print its memory usage summary before reexecution. Valgrind won't do this is on
1678 * its own on exec(), but it will do it on exit(). Hence, to ensure we get a summary here, fork() off
1679 * a child, let it exit() cleanly, so that it prints the summary, and wait() for it in the parent,
1680 * before proceeding into the exec().
1681 */
1682 valgrind_summary_hack();
1683
1684 (void) execv(args[0], (char* const*) args);
1685 log_debug_errno(errno, "Failed to execute our own binary, trying fallback: %m");
1686 }
1687
1688 /* Try the fallback, if there is any, without any serialization. We pass the original argv[] and envp[]. (Well,
1689 * modulo the ordering changes due to getopt() in argv[], and some cleanups in envp[], but let's hope that
1690 * doesn't matter.) */
1691
1692 arg_serialization = safe_fclose(arg_serialization);
1693 fds = fdset_free(fds);
1694
1695 /* Reopen the console */
1696 (void) make_console_stdio();
1697
1698 for (j = 1, i = 1; j < (unsigned) argc; j++)
1699 args[i++] = argv[j];
1700 args[i++] = NULL;
1701 assert(i <= args_size);
1702
1703 /* Reenable any blocked signals, especially important if we switch from initial ramdisk to init=... */
1704 (void) reset_all_signal_handlers();
1705 (void) reset_signal_mask();
1706
1707 if (switch_root_init) {
1708 args[0] = switch_root_init;
1709 (void) execv(args[0], (char* const*) args);
1710 log_warning_errno(errno, "Failed to execute configured init, trying fallback: %m");
1711 }
1712
1713 args[0] = "/sbin/init";
1714 (void) execv(args[0], (char* const*) args);
1715 r = -errno;
1716
1717 manager_status_printf(NULL, STATUS_TYPE_EMERGENCY,
1718 ANSI_HIGHLIGHT_RED " !! " ANSI_NORMAL,
1719 "Failed to execute /sbin/init");
1720
1721 if (r == -ENOENT) {
1722 log_warning("No /sbin/init, trying fallback");
1723
1724 args[0] = "/bin/sh";
1725 args[1] = NULL;
1726 (void) execv(args[0], (char* const*) args);
1727 log_error_errno(errno, "Failed to execute /bin/sh, giving up: %m");
1728 } else
1729 log_warning_errno(r, "Failed to execute /sbin/init, giving up: %m");
1730
1731 *ret_error_message = "Failed to execute fallback shell";
1732}
1733
7eb35049
LP		 1734static int invoke_main_loop(
1735 Manager *m,
1736 bool *ret_reexecute,
1737 int *ret_retval, /* Return parameters relevant for shutting down */
1738 const char **ret_shutdown_verb, /* … */
1739 FDSet **ret_fds, /* Return parameters for reexecuting */
1740 char **ret_switch_root_dir, /* … */
1741 char **ret_switch_root_init, /* … */
1742 const char **ret_error_message) {
1743
1744 int r;
1745
1746 assert(m);
1747 assert(ret_reexecute);
1748 assert(ret_retval);
1749 assert(ret_shutdown_verb);
1750 assert(ret_fds);
1751 assert(ret_switch_root_dir);
1752 assert(ret_switch_root_init);
1753 assert(ret_error_message);
1754
1755 for (;;) {
1756 r = manager_loop(m);
1757 if (r < 0) {
1758 *ret_error_message = "Failed to run main loop";
1759 return log_emergency_errno(r, "Failed to run main loop: %m");
1760 }
1761
1762 switch (m->exit_code) {
1763
1764 case MANAGER_RELOAD:
1765 log_info("Reloading.");
1766
1767 r = parse_config_file();
1768 if (r < 0)
1769 log_warning_errno(r, "Failed to parse config file, ignoring: %m");
1770
1771 set_manager_defaults(m);
1772
1773 r = manager_reload(m);
1774 if (r < 0)
1775 log_warning_errno(r, "Failed to reload, ignoring: %m");
1776
1777 break;
1778
1779 case MANAGER_REEXECUTE:
1780
1781 r = prepare_reexecute(m, &arg_serialization, ret_fds, false);
1782 if (r < 0) {
1783 *ret_error_message = "Failed to prepare for reexecution";
1784 return r;
1785 }
1786
1787 log_notice("Reexecuting.");
1788
1789 *ret_reexecute = true;
1790 *ret_retval = EXIT_SUCCESS;
1791 *ret_shutdown_verb = NULL;
1792 *ret_switch_root_dir = *ret_switch_root_init = NULL;
1793
1794 return 0;
1795
1796 case MANAGER_SWITCH_ROOT:
1797 if (!m->switch_root_init) {
1798 r = prepare_reexecute(m, &arg_serialization, ret_fds, true);
1799 if (r < 0) {
1800 *ret_error_message = "Failed to prepare for reexecution";
1801 return r;
1802 }
1803 } else
1804 *ret_fds = NULL;
1805
1806 log_notice("Switching root.");
1807
1808 *ret_reexecute = true;
1809 *ret_retval = EXIT_SUCCESS;
1810 *ret_shutdown_verb = NULL;
1811
1812 /* Steal the switch root parameters */
1813 *ret_switch_root_dir = m->switch_root;
1814 *ret_switch_root_init = m->switch_root_init;
1815 m->switch_root = m->switch_root_init = NULL;
1816
1817 return 0;
1818
1819 case MANAGER_EXIT:
1820
1821 if (MANAGER_IS_USER(m)) {
1822 log_debug("Exit.");
1823
1824 *ret_reexecute = false;
1825 *ret_retval = m->return_value;
1826 *ret_shutdown_verb = NULL;
1827 *ret_fds = NULL;
1828 *ret_switch_root_dir = *ret_switch_root_init = NULL;
1829
1830 return 0;
1831 }
1832
1833 _fallthrough_;
1834 case MANAGER_REBOOT:
1835 case MANAGER_POWEROFF:
1836 case MANAGER_HALT:
1837 case MANAGER_KEXEC: {
1838 static const char * const table[_MANAGER_EXIT_CODE_MAX] = {
1839 [MANAGER_EXIT] = "exit",
1840 [MANAGER_REBOOT] = "reboot",
1841 [MANAGER_POWEROFF] = "poweroff",
1842 [MANAGER_HALT] = "halt",
1843 [MANAGER_KEXEC] = "kexec"
1844 };
1845
1846 log_notice("Shutting down.");
1847
1848 *ret_reexecute = false;
1849 *ret_retval = m->return_value;
1850 assert_se(*ret_shutdown_verb = table[m->exit_code]);
1851 *ret_fds = NULL;
1852 *ret_switch_root_dir = *ret_switch_root_init = NULL;
1853
1854 return 0;
1855 }
1856
1857 default:
1858 assert_not_reached("Unknown exit code.");
1859 }
1860 }
1861}
1862
31aef7ff
LP		 1863static void log_execution_mode(bool *ret_first_boot) {
1864 assert(ret_first_boot);
1865
1866 if (arg_system) {
1867 int v;
1868
1869 log_info(PACKAGE_STRING " running in %ssystem mode. (" SYSTEMD_FEATURES ")",
1870 arg_action == ACTION_TEST ? "test " : "" );
1871
1872 v = detect_virtualization();
1873 if (v > 0)
1874 log_info("Detected virtualization %s.", virtualization_to_string(v));
1875
1876 log_info("Detected architecture %s.", architecture_to_string(uname_architecture()));
1877
1878 if (in_initrd()) {
1879 *ret_first_boot = false;
1880 log_info("Running in initial RAM disk.");
1881 } else {
1882 /* Let's check whether we are in first boot, i.e. whether /etc is still unpopulated. We use
1883 * /etc/machine-id as flag file, for this: if it exists we assume /etc is populated, if it
1884 * doesn't it's unpopulated. This allows container managers and installers to provision a
1885 * couple of files already. If the container manager wants to provision the machine ID itself
1886 * it should pass $container_uuid to PID 1. */
1887
1888 *ret_first_boot = access("/etc/machine-id", F_OK) < 0;
1889 if (*ret_first_boot)
1890 log_info("Running with unpopulated /etc.");
1891 }
1892 } else {
b9e90f3a
LP		 1893 if (DEBUG_LOGGING) {
1894 _cleanup_free_ char *t;
31aef7ff 1895
b9e90f3a
LP		 1896 t = uid_to_name(getuid());
1897 log_debug(PACKAGE_STRING " running in %suser mode for user " UID_FMT "/%s. (" SYSTEMD_FEATURES ")",
1898 arg_action == ACTION_TEST ? " test" : "", getuid(), strna(t));
1899 }
31aef7ff
LP		 1900
1901 *ret_first_boot = false;
1902 }
1903}
1904
5afbaa36
LP		 1905static int initialize_runtime(
1906 bool skip_setup,
1907 struct rlimit *saved_rlimit_nofile,
1908 struct rlimit *saved_rlimit_memlock,
1909 const char **ret_error_message) {
1910
1911 int r;
1912
1913 assert(ret_error_message);
1914
1915 /* Sets up various runtime parameters. Many of these initializations are conditionalized:
1916 *
1917 * - Some only apply to --system instances
1918 * - Some only apply to --user instances
1919 * - Some only apply when we first start up, but not when we reexecute
1920 */
1921
2d776038
LP		 1922 if (arg_action != ACTION_RUN)
1923 return 0;
1924
3c3c6cb9
LP		 1925 if (arg_system) {
1926 /* Make sure we leave a core dump without panicing the kernel. */
1927 install_crash_handler();
5afbaa36 1928
3c3c6cb9
LP		 1929 if (!skip_setup) {
1930 r = mount_cgroup_controllers(arg_join_controllers);
1931 if (r < 0) {
1932 *ret_error_message = "Failed to mount cgroup hierarchies";
1933 return r;
1934 }
1935
1936 status_welcome();
1937 hostname_setup();
1938 machine_id_setup(NULL, arg_machine_id, NULL);
1939 loopback_setup();
1940 bump_unix_max_dgram_qlen();
1941 test_usr();
1942 write_container_id();
1943 }
8a2c1fbf 1944
3c3c6cb9
LP		 1945 if (arg_watchdog_device) {
1946 r = watchdog_set_device(arg_watchdog_device);
1947 if (r < 0)
1948 log_warning_errno(r, "Failed to set watchdog device to %s, ignoring: %m", arg_watchdog_device);
1949 }
1950
1951 if (arg_runtime_watchdog > 0 && arg_runtime_watchdog != USEC_INFINITY)
1952 watchdog_set_timeout(&arg_runtime_watchdog);
1953 }
5afbaa36
LP		 1954
1955 if (arg_timer_slack_nsec != NSEC_INFINITY)
1956 if (prctl(PR_SET_TIMERSLACK, arg_timer_slack_nsec) < 0)
3a671cd1 1957 log_warning_errno(errno, "Failed to adjust timer slack, ignoring: %m");
5afbaa36
LP		 1958
1959 if (arg_system && !cap_test_all(arg_capability_bounding_set)) {
1960 r = capability_bounding_set_drop_usermode(arg_capability_bounding_set);
1961 if (r < 0) {
1962 *ret_error_message = "Failed to drop capability bounding set of usermode helpers";
1963 return log_emergency_errno(r, "Failed to drop capability bounding set of usermode helpers: %m");
1964 }
1965
1966 r = capability_bounding_set_drop(arg_capability_bounding_set, true);
1967 if (r < 0) {
1968 *ret_error_message = "Failed to drop capability bounding set";
1969 return log_emergency_errno(r, "Failed to drop capability bounding set: %m");
1970 }
1971 }
1972
1973 if (arg_syscall_archs) {
1974 r = enforce_syscall_archs(arg_syscall_archs);
1975 if (r < 0) {
1976 *ret_error_message = "Failed to set syscall architectures";
1977 return r;
1978 }
1979 }
1980
1981 if (!arg_system)
1982 /* Become reaper of our children */
1983 if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0)
1984 log_warning_errno(errno, "Failed to make us a subreaper: %m");
1985
1986 if (arg_system) {
1987 /* Bump up RLIMIT_NOFILE for systemd itself */
1988 (void) bump_rlimit_nofile(saved_rlimit_nofile);
1989 (void) bump_rlimit_memlock(saved_rlimit_memlock);
1990 }
1991
1992 return 0;
1993}
1994
6acca5fc
LP		 1995static int do_queue_default_job(
1996 Manager *m,
1997 const char **ret_error_message) {
1998
1999 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2000 Job *default_unit_job;
2001 Unit *target = NULL;
2002 int r;
2003
2004 log_debug("Activating default unit: %s", arg_default_unit);
2005
2006 r = manager_load_unit(m, arg_default_unit, NULL, &error, &target);
2007 if (r < 0)
2008 log_error("Failed to load default target: %s", bus_error_message(&error, r));
2009 else if (IN_SET(target->load_state, UNIT_ERROR, UNIT_NOT_FOUND))
2010 log_error_errno(target->load_error, "Failed to load default target: %m");
2011 else if (target->load_state == UNIT_MASKED)
2012 log_error("Default target masked.");
2013
2014 if (!target || target->load_state != UNIT_LOADED) {
2015 log_info("Trying to load rescue target...");
2016
2017 r = manager_load_unit(m, SPECIAL_RESCUE_TARGET, NULL, &error, &target);
2018 if (r < 0) {
2019 *ret_error_message = "Failed to load rescue target";
2020 return log_emergency_errno(r, "Failed to load rescue target: %s", bus_error_message(&error, r));
2021 } else if (IN_SET(target->load_state, UNIT_ERROR, UNIT_NOT_FOUND)) {
2022 *ret_error_message = "Failed to load rescue target";
2023 return log_emergency_errno(target->load_error, "Failed to load rescue target: %m");
2024 } else if (target->load_state == UNIT_MASKED) {
2025 *ret_error_message = "Rescue target masked";
2026 log_emergency("Rescue target masked.");
2027 return -ERFKILL;
2028 }
2029 }
2030
2031 assert(target->load_state == UNIT_LOADED);
2032
2033 r = manager_add_job(m, JOB_START, target, JOB_ISOLATE, &error, &default_unit_job);
2034 if (r == -EPERM) {
2035 log_debug_errno(r, "Default target could not be isolated, starting instead: %s", bus_error_message(&error, r));
2036
2037 sd_bus_error_free(&error);
2038
2039 r = manager_add_job(m, JOB_START, target, JOB_REPLACE, &error, &default_unit_job);
2040 if (r < 0) {
2041 *ret_error_message = "Failed to start default target";
2042 return log_emergency_errno(r, "Failed to start default target: %s", bus_error_message(&error, r));
2043 }
2044
2045 } else if (r < 0) {
2046 *ret_error_message = "Failed to isolate default target";
2047 return log_emergency_errno(r, "Failed to isolate default target: %s", bus_error_message(&error, r));
2048 }
2049
2050 m->default_unit_job_id = default_unit_job->id;
2051
2052 return 0;
2053}
2054
970777b5
LP		 2055static void free_arguments(void) {
2056 size_t j;
2057
2058 /* Frees all arg_* variables, with the exception of arg_serialization */
2059
2060 for (j = 0; j < ELEMENTSOF(arg_default_rlimit); j++)
2061 arg_default_rlimit[j] = mfree(arg_default_rlimit[j]);
2062
2063 arg_default_unit = mfree(arg_default_unit);
2064 arg_confirm_spawn = mfree(arg_confirm_spawn);
2065 arg_join_controllers = strv_free_free(arg_join_controllers);
2066 arg_default_environment = strv_free(arg_default_environment);
2067 arg_syscall_archs = set_free(arg_syscall_archs);
2068}
2069
97d1fb94
LP		 2070static int load_configuration(int argc, char **argv, const char **ret_error_message) {
2071 int r;
2072
2073 assert(ret_error_message);
2074
6f101b56
LP		 2075 r = initialize_join_controllers();
2076 if (r < 0) {
2077 *ret_error_message = "Failed to initialize cgroup controller joining table";
2078 return r;
2079 }
2080
97d1fb94
LP		 2081 arg_default_tasks_max = system_tasks_max_scale(DEFAULT_TASKS_MAX_PERCENTAGE, 100U);
2082
2083 r = parse_config_file();
2084 if (r < 0) {
2085 *ret_error_message = "Failed to parse config file";
2086 return r;
2087 }
2088
2089 if (arg_system) {
2090 r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, 0);
2091 if (r < 0)
2092 log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
2093 }
2094
2095 /* Note that this also parses bits from the kernel command line, including "debug". */
2096 log_parse_environment();
2097
2098 r = parse_argv(argc, argv);
2099 if (r < 0) {
2100 *ret_error_message = "Failed to parse commandline arguments";
2101 return r;
2102 }
2103
2104 /* Initialize default unit */
2105 if (!arg_default_unit) {
2106 arg_default_unit = strdup(SPECIAL_DEFAULT_TARGET);
2107 if (!arg_default_unit) {
2108 *ret_error_message = "Failed to set default unit";
2109 return log_oom();
2110 }
2111 }
2112
db33214b
LP		 2113 /* Initialize the show status setting if it hasn't been set explicitly yet */
2114 if (arg_show_status == _SHOW_STATUS_UNSET)
2115 arg_show_status = SHOW_STATUS_YES;
2116
97d1fb94
LP		 2117 return 0;
2118}
2119
b0d7c989
LP		 2120static int safety_checks(void) {
2121
febf46a4
LP		 2122 if (getpid_cached() == 1 &&
2123 arg_action != ACTION_RUN) {
2124 log_error("Unsupported execution mode while PID 1.");
2125 return -EPERM;
2126 }
2127
2128 if (getpid_cached() == 1 &&
2129 !arg_system) {
2130 log_error("Can't run --user mode as PID 1.");
2131 return -EPERM;
2132 }
2133
2134 if (arg_action == ACTION_RUN &&
2135 arg_system &&
2136 getpid_cached() != 1) {
2137 log_error("Can't run system mode unless PID 1.");
2138 return -EPERM;
2139 }
2140
b0d7c989
LP		 2141 if (arg_action == ACTION_TEST &&
2142 geteuid() == 0) {
2143 log_error("Don't run test mode as root.");
2144 return -EPERM;
2145 }
2146
2147 if (!arg_system &&
2148 arg_action == ACTION_RUN &&
2149 sd_booted() <= 0) {
2150 log_error("Trying to run as user instance, but the system has not been booted with systemd.");
2151 return -EOPNOTSUPP;
2152 }
2153
2154 if (!arg_system &&
2155 arg_action == ACTION_RUN &&
2156 !getenv("XDG_RUNTIME_DIR")) {
2157 log_error("Trying to run as user instance, but $XDG_RUNTIME_DIR is not set.");
2158 return -EUNATCH;
2159 }
2160
2161 if (arg_system &&
2162 arg_action == ACTION_RUN &&
2163 running_in_chroot() > 0) {
2164 log_error("Cannot be run in a chroot() environment.");
2165 return -EOPNOTSUPP;
2166 }
2167
2168 return 0;
2169}
2170
74da609f
LP		 2171static int initialize_security(
2172 bool *loaded_policy,
2173 dual_timestamp *security_start_timestamp,
2174 dual_timestamp *security_finish_timestamp,
2175 const char **ret_error_message) {
2176
2177 int r;
2178
2179 assert(loaded_policy);
2180 assert(security_start_timestamp);
2181 assert(security_finish_timestamp);
2182 assert(ret_error_message);
2183
2184 dual_timestamp_get(security_start_timestamp);
2185
97149f40 2186 r = mac_selinux_setup(loaded_policy);
74da609f
LP		 2187 if (r < 0) {
2188 *ret_error_message = "Failed to load SELinux policy";
2189 return r;
2190 }
2191
2192 r = mac_smack_setup(loaded_policy);
2193 if (r < 0) {
2194 *ret_error_message = "Failed to load SMACK policy";
2195 return r;
2196 }
2197
2198 r = ima_setup();
2199 if (r < 0) {
2200 *ret_error_message = "Failed to load IMA policy";
2201 return r;
2202 }
2203
2204 dual_timestamp_get(security_finish_timestamp);
2205 return 0;
2206}
2207
263162da
LP		 2208static void test_summary(Manager *m) {
2209 assert(m);
2210
2211 printf("-> By units:\n");
2212 manager_dump_units(m, stdout, "\t");
2213
2214 printf("-> By jobs:\n");
2215 manager_dump_jobs(m, stdout, "\t");
2216}
2217
51e5ff02
LP		 2218static void log_taint_string(Manager *m) {
2219 _cleanup_free_ char *taint = NULL;
2220
2221 assert(m);
2222
2223 if (!arg_system)
2224 return;
2225
2226 taint = manager_taint_string(m);
2227 if (isempty(taint))
2228 return;
2229
2230 log_struct(LOG_NOTICE,
2231 LOG_MESSAGE("System is tainted: %s", taint),
2232 "TAINT=%s", taint,
2233 "MESSAGE_ID=" SD_MESSAGE_TAINTED_STR,
2234 NULL);
2235}
2236
efeb853f
LP		 2237static int collect_fds(FDSet **ret_fds, const char **ret_error_message) {
2238 int r;
2239
2240 assert(ret_fds);
2241 assert(ret_error_message);
2242
2243 r = fdset_new_fill(ret_fds);
2244 if (r < 0) {
2245 *ret_error_message = "Failed to allocate fd set";
2246 return log_emergency_errno(r, "Failed to allocate fd set: %m");
2247 }
2248
2249 fdset_cloexec(*ret_fds, true);
2250
2251 if (arg_serialization)
2252 assert_se(fdset_remove(*ret_fds, fileno(arg_serialization)) >= 0);
2253
2254 return 0;
2255}
2256
2e51b31c
LP		 2257static void setup_console_terminal(bool skip_setup) {
2258
2259 if (!arg_system)
2260 return;
2261
2262 /* Become a session leader if we aren't one yet. */
2263 (void) setsid();
2264
2265 /* If we are init, we connect stdin/stdout/stderr to /dev/null and make sure we don't have a controlling
2266 * tty. */
2267 (void) release_terminal();
2268
2269 /* Reset the console, but only if this is really init and we are freshly booted */
2270 if (getpid_cached() == 1 && !skip_setup)
2271 (void) console_setup();
2272}
2273
aa40ff07
LP		 2274static bool early_skip_setup_check(int argc, char *argv[]) {
2275 bool found_deserialize = false;
2276 int i;
2277
2278 /* Determine if this is a reexecution or normal bootup. We do the full command line parsing much later, so
2279 * let's just have a quick peek here. Note that if we have switched root, do all the special setup things
2280 * anyway, even if in that case we also do deserialization. */
2281
2282 for (i = 1; i < argc; i++) {
2283
2284 if (streq(argv[i], "--switched-root"))
2285 return false; /* If we switched root, don't skip the setup. */
2286 else if (streq(argv[i], "--deserialize"))
2287 found_deserialize = true;
2288 }
2289
2290 return found_deserialize; /* When we are deserializing, then we are reexecuting, hence avoid the extensive setup */
2291}
2292
60918275 2293int main(int argc, char *argv[]) {
625e8690
LP		 2294
2295 dual_timestamp initrd_timestamp = DUAL_TIMESTAMP_NULL, userspace_timestamp = DUAL_TIMESTAMP_NULL, kernel_timestamp = DUAL_TIMESTAMP_NULL,
2296 security_start_timestamp = DUAL_TIMESTAMP_NULL, security_finish_timestamp = DUAL_TIMESTAMP_NULL;
2297 struct rlimit saved_rlimit_nofile = RLIMIT_MAKE_CONST(0), saved_rlimit_memlock = RLIMIT_MAKE_CONST((rlim_t) -1);
2298 bool skip_setup, loaded_policy = false, queue_default_job = false, first_boot = false, reexecute = false;
2299 char *switch_root_dir = NULL, *switch_root_init = NULL;
9d76d730 2300 usec_t before_startup, after_startup;
625e8690 2301 static char systemd[] = "systemd";
9d76d730 2302 char timespan[FORMAT_TIMESPAN_MAX];
625e8690
LP		 2303 const char *shutdown_verb = NULL, *error_message = NULL;
2304 int r, retval = EXIT_FAILURE;
2305 Manager *m = NULL;
a16e1123 2306 FDSet *fds = NULL;
27b14a22 2307
d72a8f10 2308 /* SysV compatibility: redirect init → telinit */
6808a0bc 2309 redirect_telinit(argc, argv);
2cb1a60d 2310
d72a8f10 2311 /* Take timestamps early on */
c3a170f3
HH		 2312 dual_timestamp_from_monotonic(&kernel_timestamp, 0);
2313 dual_timestamp_get(&userspace_timestamp);
2314
d72a8f10
LP		 2315 /* Figure out whether we need to do initialize the system, or if we already did that because we are
2316 * reexecuting */
aa40ff07 2317 skip_setup = early_skip_setup_check(argc, argv);
d03bc1b8 2318
d72a8f10
LP		 2319 /* If we get started via the /sbin/init symlink then we are called 'init'. After a subsequent reexecution we
2320 * are then called 'systemd'. That is confusing, hence let's call us systemd right-away. */
f3b6a3ed 2321 program_invocation_short_name = systemd;
eee8b7ab 2322 (void) prctl(PR_SET_NAME, systemd);
5d6b1584 2323
d72a8f10 2324 /* Save the original command line */
9a0e6896
LP		 2325 saved_argv = argv;
2326 saved_argc = argc;
f3b6a3ed 2327
c1dc6153 2328 log_set_upgrade_syslog_to_journal(true);
bbe63281 2329
df0ff127 2330 if (getpid_cached() == 1) {
48a601fe 2331 /* Disable the umask logic */
90dc8c2e
MG		 2332 umask(0);
2333
48a601fe
LP		 2334 /* Always reopen /dev/console when running as PID 1 or one of its pre-execve() children. This is
2335 * important so that we never end up logging to any foreign stderr, for example if we have to log in a
2336 * child process right before execve()'ing the actual binary, at a point in time where socket
2337 * activation stderr/stdout area already set up. */
2338 log_set_always_reopen_console(true);
2339 }
2340
df0ff127 2341 if (getpid_cached() == 1 && detect_container() <= 0) {
4f8d551f 2342
a866073d 2343 /* Running outside of a container as PID 1 */
463d0d15 2344 arg_system = true;
a866073d
LP		 2345 log_set_target(LOG_TARGET_KMSG);
2346 log_open();
2347
21bf2ab0 2348 if (in_initrd())
c3a170f3 2349 initrd_timestamp = userspace_timestamp;
c3ba6250 2350
2660882b 2351 if (!skip_setup) {
d723cd65
AK		 2352 r = mount_setup_early();
2353 if (r < 0) {
eee8b7ab 2354 error_message = "Failed to mount early API filesystems";
d723cd65
AK		 2355 goto finish;
2356 }
eee8b7ab 2357
74da609f
LP		 2358 r = initialize_security(
2359 &loaded_policy,
2360 &security_start_timestamp,
2361 &security_finish_timestamp,
2362 &error_message);
2363 if (r < 0)
96694e99 2364 goto finish;
81611586 2365 }
0b3325e7 2366
c3dacc8b 2367 if (mac_selinux_init() < 0) {
cb6531be 2368 error_message = "Failed to initialize SELinux policy";
0ff4cdd9 2369 goto finish;
cb6531be 2370 }
7948c4df 2371
e839bafd
LP		 2372 if (!skip_setup)
2373 initialize_clock();
a866073d
LP		 2374
2375 /* Set the default for later on, but don't actually
2376 * open the logs like this for now. Note that if we
2377 * are transitioning from the initrd there might still
2378 * be journal fd open, and we shouldn't attempt
2379 * opening that before we parsed /proc/cmdline which
2380 * might redirect output elsewhere. */
2381 log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
2382
df0ff127 2383 } else if (getpid_cached() == 1) {
a866073d 2384 /* Running inside a container, as PID 1 */
463d0d15 2385 arg_system = true;
a866073d 2386 log_set_target(LOG_TARGET_CONSOLE);
99f09825 2387 log_close_console(); /* force reopen of /dev/console */
a866073d
LP		 2388 log_open();
2389
eee8b7ab 2390 /* For later on, see above... */
a866073d
LP		 2391 log_set_target(LOG_TARGET_JOURNAL);
2392
c3a170f3
HH		 2393 /* clear the kernel timestamp,
2394 * because we are in a container */
0f5f63c3 2395 kernel_timestamp = DUAL_TIMESTAMP_NULL;
c3a170f3 2396 } else {
a866073d 2397 /* Running as user instance */
463d0d15 2398 arg_system = false;
eeecf6e6 2399 log_set_target(LOG_TARGET_AUTO);
871e5809 2400 log_open();
c3a170f3
HH		 2401
2402 /* clear the kernel timestamp,
2403 * because we are not PID 1 */
6513d561 2404 kernel_timestamp = DUAL_TIMESTAMP_NULL;
bbe63281 2405 }
a5dab5ce 2406
1e41242e 2407 initialize_coredump(skip_setup);
15a90032 2408
43db615b
LP		 2409 r = fixup_environment();
2410 if (r < 0) {
2411 log_emergency_errno(r, "Failed to fix up PID 1 environment: %m");
2412 error_message = "Failed to fix up PID1 environment";
2413 goto finish;
2414 }
2415
6edefe0b 2416 if (arg_system) {
32391275 2417
3a18b604
FB		 2418 /* Try to figure out if we can use colors with the console. No
2419 * need to do that for user instances since they never log
2420 * into the console. */
2421 log_show_color(colors_enabled());
c76cf844
AK		 2422 r = make_null_stdio();
2423 if (r < 0)
2424 log_warning_errno(r, "Failed to redirect standard streams to /dev/null: %m");
3a18b604
FB		 2425 }
2426
f170852a
LP		 2427 /* Mount /proc, /sys and friends, so that /proc/cmdline and
2428 * /proc/$PID/fd is available. */
df0ff127 2429 if (getpid_cached() == 1) {
f84f9974 2430
a132bef0 2431 /* Load the kernel modules early. */
2e75e2a8
DM		 2432 if (!skip_setup)
2433 kmod_setup();
2e75e2a8 2434
0c85a4f3 2435 r = mount_setup(loaded_policy);
cb6531be
ZJS		 2436 if (r < 0) {
2437 error_message = "Failed to mount API filesystems";
8efe3c01 2438 goto finish;
cb6531be 2439 }
0c85a4f3 2440 }
4ade7963
LP		 2441
2442 /* Reset all signal handlers. */
ce30c8dc
LP		 2443 (void) reset_all_signal_handlers();
2444 (void) ignore_signals(SIGNALS_IGNORE, -1);
078e4539 2445
97d1fb94
LP		 2446 r = load_configuration(argc, argv, &error_message);
2447 if (r < 0)
f170852a 2448 goto finish;
10c961b9 2449
b0d7c989
LP		 2450 r = safety_checks();
2451 if (r < 0)
fe783b03 2452 goto finish;
fe783b03 2453
5625c18a 2454 if (IN_SET(arg_action, ACTION_TEST, ACTION_HELP, ACTION_DUMP_CONFIGURATION_ITEMS))
ea4b98e6 2455 pager_open(arg_no_pager, false);
b0d7c989
LP		 2456
2457 if (arg_action != ACTION_RUN)
74e7579c 2458 skip_setup = true;
b87c2aa6 2459
fa0f4d8a 2460 if (arg_action == ACTION_HELP) {
f170852a
LP		 2461 retval = help();
2462 goto finish;
9ba0bc4e
ZJS		 2463 } else if (arg_action == ACTION_VERSION) {
2464 retval = version();
2465 goto finish;
fa0f4d8a 2466 } else if (arg_action == ACTION_DUMP_CONFIGURATION_ITEMS) {
e537352b 2467 unit_dump_config_items(stdout);
22f4096c 2468 retval = EXIT_SUCCESS;
e537352b 2469 goto finish;
f170852a
LP		 2470 }
2471
4c701096 2472 assert_se(IN_SET(arg_action, ACTION_RUN, ACTION_TEST));
f170852a 2473
5a2e0c62
LP		 2474 /* Move out of the way, so that we won't block unmounts */
2475 assert_se(chdir("/") == 0);
2476
dea374e8 2477 if (arg_action == ACTION_RUN) {
a70c72a0 2478
efeb853f 2479 /* Close logging fds, in order not to confuse collecting passed fds and terminal logic below */
a70c72a0
LP		 2480 log_close();
2481
2482 /* Remember open file descriptors for later deserialization */
efeb853f
LP		 2483 r = collect_fds(&fds, &error_message);
2484 if (r < 0)
dea374e8 2485 goto finish;
a16e1123 2486
2e51b31c
LP		 2487 /* Give up any control of the console, but make sure its initialized. */
2488 setup_console_terminal(skip_setup);
56d96fc0 2489
a70c72a0
LP		 2490 /* Open the logging devices, if possible and necessary */
2491 log_open();
56d96fc0 2492 }
4ade7963 2493
31aef7ff 2494 log_execution_mode(&first_boot);
a5dab5ce 2495
2d776038
LP		 2496 r = initialize_runtime(skip_setup,
2497 &saved_rlimit_nofile,
2498 &saved_rlimit_memlock,
2499 &error_message);
2500 if (r < 0)
2501 goto finish;
4096d6f5 2502
e0a3da1f
ZJS		 2503 r = manager_new(arg_system ? UNIT_FILE_SYSTEM : UNIT_FILE_USER,
2504 arg_action == ACTION_TEST ? MANAGER_TEST_FULL : 0,
2505 &m);
e96d6be7 2506 if (r < 0) {
da927ba9 2507 log_emergency_errno(r, "Failed to allocate manager object: %m");
cb6531be 2508 error_message = "Failed to allocate manager object";
60918275
LP		 2509 goto finish;
2510 }
2511
9f9f0342
LP		 2512 m->timestamps[MANAGER_TIMESTAMP_KERNEL] = kernel_timestamp;
2513 m->timestamps[MANAGER_TIMESTAMP_INITRD] = initrd_timestamp;
2514 m->timestamps[MANAGER_TIMESTAMP_USERSPACE] = userspace_timestamp;
2515 m->timestamps[MANAGER_TIMESTAMP_SECURITY_START] = security_start_timestamp;
2516 m->timestamps[MANAGER_TIMESTAMP_SECURITY_FINISH] = security_finish_timestamp;
9e58ff9c 2517
85cb4151 2518 set_manager_defaults(m);
7b46fc6a 2519 set_manager_settings(m);
fd130612 2520 manager_set_first_boot(m, first_boot);
27d340c7 2521
bf4df7c3 2522 /* Remember whether we should queue the default job */
d3b1c508 2523 queue_default_job = !arg_serialization || arg_switched_root;
bf4df7c3 2524
9d76d730
LP		 2525 before_startup = now(CLOCK_MONOTONIC);
2526
d3b1c508 2527 r = manager_startup(m, arg_serialization, fds);
58f88d92 2528 if (r < 0) {
da927ba9 2529 log_error_errno(r, "Failed to fully start up daemon: %m");
cefb3eda 2530 error_message = "Failed to start up manager";
58f88d92
ZJS		 2531 goto finish;
2532 }
a16e1123 2533
6acca5fc 2534 /* This will close all file descriptors that were opened, but not claimed by any unit. */
2feceb5e 2535 fds = fdset_free(fds);
74ca738f 2536 arg_serialization = safe_fclose(arg_serialization);
bf4df7c3
LP		 2537
2538 if (queue_default_job) {
6acca5fc 2539 r = do_queue_default_job(m, &error_message);
718db961 2540 if (r < 0)
37d88da7 2541 goto finish;
6acca5fc 2542 }
ab17a050 2543
6acca5fc 2544 after_startup = now(CLOCK_MONOTONIC);
60918275 2545
6acca5fc
LP		 2546 log_full(arg_action == ACTION_TEST ? LOG_INFO : LOG_DEBUG,
2547 "Loaded units and determined initial transaction in %s.",
2548 format_timespan(timespan, sizeof(timespan), after_startup - before_startup, 100 * USEC_PER_MSEC));
07672f49 2549
51e5ff02 2550 log_taint_string(m);
af6b0ecc 2551
6acca5fc 2552 if (arg_action == ACTION_TEST) {
263162da 2553 test_summary(m);
6acca5fc
LP		 2554 retval = EXIT_SUCCESS;
2555 goto finish;
e965d56d 2556 }
d46de8a1 2557
3046b6db
LP		 2558 (void) invoke_main_loop(m,
2559 &reexecute,
2560 &retval,
2561 &shutdown_verb,
2562 &fds,
2563 &switch_root_dir,
2564 &switch_root_init,
2565 &error_message);
f170852a 2566
60918275 2567finish:
b87c2aa6
ZJS		 2568 pager_close();
2569
97792515 2570 if (m)
81f5fc2d 2571 arg_shutdown_watchdog = m->shutdown_watchdog;
fe382237 2572
06d8d842 2573 m = manager_free(m);
60918275 2574
970777b5 2575 free_arguments();
cc56fafe 2576 mac_selinux_finish();
b2bb3dbe 2577
3c7878f9
LP		 2578 if (reexecute)
2579 do_reexecute(argc, argv,
2580 &saved_rlimit_nofile,
2581 &saved_rlimit_memlock,
2582 fds,
2583 switch_root_dir,
2584 switch_root_init,
2585 &error_message); /* This only returns if reexecution failed */
a16e1123 2586
74ca738f 2587 arg_serialization = safe_fclose(arg_serialization);
2feceb5e 2588 fds = fdset_free(fds);
a16e1123 2589
349cc4a5 2590#if HAVE_VALGRIND_VALGRIND_H
54b434b1
LP		 2591 /* If we are PID 1 and running under valgrind, then let's exit
2592 * here explicitly. valgrind will only generate nice output on
2593 * exit(), not on exec(), hence let's do the former not the
2594 * latter here. */
8a2c1fbf
EJ		 2595 if (getpid_cached() == 1 && RUNNING_ON_VALGRIND) {
2596 /* Cleanup watchdog_device strings for valgrind. We need them
2597 * in become_shutdown() so normally we cannot free them yet. */
2598 watchdog_free_device();
2599 arg_watchdog_device = mfree(arg_watchdog_device);
54b434b1 2600 return 0;
8a2c1fbf 2601 }
54b434b1
LP		 2602#endif
2603
b9080b03 2604 if (shutdown_verb) {
7eb35049 2605 r = become_shutdown(shutdown_verb, retval);
ad929bcc 2606
4a36297c 2607 log_error_errno(r, "Failed to execute shutdown binary, %s: %m", getpid_cached() == 1 ? "freezing" : "quitting");
9b9881d7 2608 error_message = "Failed to execute shutdown binary";
b9080b03
FF		 2609 }
2610
8a2c1fbf
EJ		 2611 watchdog_free_device();
2612 arg_watchdog_device = mfree(arg_watchdog_device);
2613
df0ff127 2614 if (getpid_cached() == 1) {
cb6531be
ZJS		 2615 if (error_message)
2616 manager_status_printf(NULL, STATUS_TYPE_EMERGENCY,
1fc464f6 2617 ANSI_HIGHLIGHT_RED "!!!!!!" ANSI_NORMAL,
cb6531be 2618 "%s, freezing.", error_message);
b9e74c39 2619 freeze_or_reboot();
cb6531be 2620 }
c3b3c274 2621
60918275
LP		 2622 return retval;
2623}
Unnamed repository; edit this file 'description' to name the repository.