]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/main.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add fd close support to sd_event_source
[thirdparty/systemd.git] / src / core / main.c
CommitLineData
53e1b683 1/* SPDX-License-Identifier: LGPL-2.1+ */
a7334b09
LP		 2/***
3 This file is part of systemd.
4
5 Copyright 2010 Lennart Poettering
6
7 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 10 (at your option) any later version.
11
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 15 Lesser General Public License for more details.
a7334b09 16
5430f7f2 17 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
19***/
20
60918275 21#include <errno.h>
3dfc9763 22#include <fcntl.h>
f170852a 23#include <getopt.h>
97c4f35c 24#include <signal.h>
3dfc9763
LP		 25#include <stdio.h>
26#include <string.h>
664f88a7 27#include <sys/mount.h>
3dfc9763 28#include <sys/prctl.h>
b9e74c39 29#include <sys/reboot.h>
3dfc9763
LP		 30#include <sys/stat.h>
31#include <unistd.h>
349cc4a5 32#if HAVE_SECCOMP
b64a3d86
LP		 33#include <seccomp.h>
34#endif
349cc4a5 35#if HAVE_VALGRIND_VALGRIND_H
3dfc9763
LP		 36#include <valgrind/valgrind.h>
37#endif
54b434b1 38
718db961 39#include "sd-bus.h"
cf0fbc49 40#include "sd-daemon.h"
b2e7486c 41#include "sd-messages.h"
3dfc9763 42
b5efdb8a 43#include "alloc-util.h"
d9d93745 44#include "architecture.h"
3dfc9763
LP		 45#include "build.h"
46#include "bus-error.h"
47#include "bus-util.h"
430f0182 48#include "capability-util.h"
24efb112 49#include "clock-util.h"
3dfc9763 50#include "conf-parser.h"
618234a5 51#include "cpu-set-util.h"
3dfc9763
LP		 52#include "dbus-manager.h"
53#include "def.h"
eee8b7ab 54#include "emergency-action.h"
3dfc9763 55#include "env-util.h"
3ffd4af2 56#include "fd-util.h"
3dfc9763 57#include "fdset.h"
718db961 58#include "fileio.h"
f97b34a6 59#include "format-util.h"
f4f15635 60#include "fs-util.h"
3dfc9763
LP		 61#include "hostname-setup.h"
62#include "ima-setup.h"
63#include "killall.h"
64#include "kmod-setup.h"
d7b8eec7 65#include "load-fragment.h"
3dfc9763 66#include "log.h"
b6e66135 67#include "loopback-setup.h"
b6e66135 68#include "machine-id-setup.h"
3dfc9763
LP		 69#include "manager.h"
70#include "missing.h"
71#include "mount-setup.h"
72#include "pager.h"
6bedfcbb 73#include "parse-util.h"
7d5ceb64 74#include "path-util.h"
4e731273 75#include "proc-cmdline.h"
3dfc9763 76#include "process-util.h"
8869a0b4 77#include "raw-clone.h"
78f22b97 78#include "rlimit-util.h"
349cc4a5 79#if HAVE_SECCOMP
83f12b27
FS		 80#include "seccomp-util.h"
81#endif
b6e66135 82#include "selinux-setup.h"
3dfc9763
LP		 83#include "selinux-util.h"
84#include "signal-util.h"
ffbd2c4d 85#include "smack-setup.h"
3dfc9763 86#include "special.h"
8fcde012 87#include "stat-util.h"
15a5e950 88#include "stdio-util.h"
3dfc9763
LP		 89#include "strv.h"
90#include "switch-root.h"
91#include "terminal-util.h"
8612da97 92#include "umask-util.h"
b1d4f8e1 93#include "user-util.h"
9ce17593 94#include "util.h"
3dfc9763
LP		 95#include "virt.h"
96#include "watchdog.h"
b6e66135 97
f170852a
LP		 98static enum {
99 ACTION_RUN,
e965d56d 100 ACTION_HELP,
9ba0bc4e 101 ACTION_VERSION,
e537352b 102 ACTION_TEST,
494294d6 103 ACTION_DUMP_CONFIGURATION_ITEMS
fa0f4d8a 104} arg_action = ACTION_RUN;
fa0f4d8a 105static char *arg_default_unit = NULL;
463d0d15 106static bool arg_system = false;
fa0f4d8a 107static bool arg_dump_core = true;
fa0f4d8a 108static int arg_crash_chvt = -1;
b9e74c39
LP		 109static bool arg_crash_shell = false;
110static bool arg_crash_reboot = false;
7d5ceb64 111static char *arg_confirm_spawn = NULL;
b6e2f329 112static ShowStatus arg_show_status = _SHOW_STATUS_UNSET;
bf4df7c3 113static bool arg_switched_root = false;
ea4b98e6 114static bool arg_no_pager = false;
2a12e32e 115static bool arg_service_watchdogs = true;
0c85a4f3 116static char ***arg_join_controllers = NULL;
706343f4 117static ExecOutput arg_default_std_output = EXEC_OUTPUT_JOURNAL;
0a494f1f 118static ExecOutput arg_default_std_error = EXEC_OUTPUT_INHERIT;
1f19a534
OS		 119static usec_t arg_default_restart_usec = DEFAULT_RESTART_USEC;
120static usec_t arg_default_timeout_start_usec = DEFAULT_TIMEOUT_USEC;
121static usec_t arg_default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC;
3f41e1e5
LN		 122static usec_t arg_default_start_limit_interval = DEFAULT_START_LIMIT_INTERVAL;
123static unsigned arg_default_start_limit_burst = DEFAULT_START_LIMIT_BURST;
e96d6be7
LP		 124static usec_t arg_runtime_watchdog = 0;
125static usec_t arg_shutdown_watchdog = 10 * USEC_PER_MINUTE;
8a2c1fbf 126static char *arg_watchdog_device = NULL;
97d0e5f8 127static char **arg_default_environment = NULL;
517d56b1 128static struct rlimit *arg_default_rlimit[_RLIMIT_MAX] = {};
a103496c 129static uint64_t arg_capability_bounding_set = CAP_ALL;
3a43da28 130static nsec_t arg_timer_slack_nsec = NSEC_INFINITY;
bd8f585b 131static usec_t arg_default_timer_accuracy_usec = 1 * USEC_PER_MINUTE;
d3b1c508
LP		 132static Set* arg_syscall_archs = NULL;
133static FILE* arg_serialization = NULL;
085afe36 134static bool arg_default_cpu_accounting = false;
13c31542 135static bool arg_default_io_accounting = false;
377bfd2d 136static bool arg_default_ip_accounting = false;
085afe36
LP		 137static bool arg_default_blockio_accounting = false;
138static bool arg_default_memory_accounting = false;
9ded9cd1 139static bool arg_default_tasks_accounting = true;
79baeeb9 140static uint64_t arg_default_tasks_max = UINT64_MAX;
ee48dbd5 141static sd_id128_t arg_machine_id = {};
ae8c7939 142static EmergencyAction arg_cad_burst_action = EMERGENCY_ACTION_REBOOT_FORCE;
4fc935ca 143
b9e74c39
LP		 144noreturn static void freeze_or_reboot(void) {
145
146 if (arg_crash_reboot) {
147 log_notice("Rebooting in 10s...");
148 (void) sleep(10);
149
150 log_notice("Rebooting now...");
151 (void) reboot(RB_AUTOBOOT);
152 log_emergency_errno(errno, "Failed to reboot: %m");
153 }
154
155 log_emergency("Freezing execution.");
156 freeze();
157}
158
919ce0b7 159noreturn static void crash(int sig) {
7d06dad9
MS		 160 struct sigaction sa;
161 pid_t pid;
97c4f35c 162
df0ff127 163 if (getpid_cached() != 1)
abb26902 164 /* Pass this on immediately, if this is not PID 1 */
92ca4cac 165 (void) raise(sig);
abb26902 166 else if (!arg_dump_core)
4104970e 167 log_emergency("Caught <%s>, not dumping core.", signal_to_string(sig));
97c4f35c 168 else {
7d06dad9 169 sa = (struct sigaction) {
189d5bac 170 .sa_handler = nop_signal_handler,
b92bea5d
ZJS		 171 .sa_flags = SA_NOCLDSTOP|SA_RESTART,
172 };
97c4f35c 173
6f5e3f35 174 /* We want to wait for the core process, hence let's enable SIGCHLD */
92ca4cac 175 (void) sigaction(SIGCHLD, &sa, NULL);
6f5e3f35 176
8869a0b4 177 pid = raw_clone(SIGCHLD);
e62d8c39 178 if (pid < 0)
56f64d95 179 log_emergency_errno(errno, "Caught <%s>, cannot fork for core dump: %m", signal_to_string(sig));
97c4f35c 180 else if (pid == 0) {
97c4f35c 181 /* Enable default signal handler for core dump */
15a90032 182
92ca4cac
LP		 183 sa = (struct sigaction) {
184 .sa_handler = SIG_DFL,
185 };
186 (void) sigaction(sig, &sa, NULL);
97c4f35c 187
15a90032
LP		 188 /* Don't limit the coredump size */
189 (void) setrlimit(RLIMIT_CORE, &RLIMIT_MAKE_CONST(RLIM_INFINITY));
97c4f35c
LP		 190
191 /* Just to be sure... */
e62d9b81 192 (void) chdir("/");
97c4f35c
LP		 193
194 /* Raise the signal again */
ee05e779 195 pid = raw_getpid();
92ca4cac 196 (void) kill(pid, sig); /* raise() would kill the parent */
97c4f35c
LP		 197
198 assert_not_reached("We shouldn't be here...");
92ca4cac 199 _exit(EXIT_FAILURE);
4fc935ca 200 } else {
8e12a6ae
LP		 201 siginfo_t status;
202 int r;
4fc935ca
LP		 203
204 /* Order things nicely. */
e62d8c39
ZJS		 205 r = wait_for_terminate(pid, &status);
206 if (r < 0)
da927ba9 207 log_emergency_errno(r, "Caught <%s>, waitpid() failed: %m", signal_to_string(sig));
8e12a6ae 208 else if (status.si_code != CLD_DUMPED)
ee05e779
ZJS		 209 log_emergency("Caught <%s>, core dump failed (child "PID_FMT", code=%s, status=%i/%s).",
210 signal_to_string(sig),
211 pid, sigchld_code_to_string(status.si_code),
212 status.si_status,
213 strna(status.si_code == CLD_EXITED
38107f5a 214 ? exit_status_to_string(status.si_status, EXIT_STATUS_MINIMAL)
ee05e779 215 : signal_to_string(status.si_status)));
4fc935ca 216 else
4104970e 217 log_emergency("Caught <%s>, dumped core as pid "PID_FMT".", signal_to_string(sig), pid);
97c4f35c
LP		 218 }
219 }
220
b9e74c39 221 if (arg_crash_chvt >= 0)
92ca4cac 222 (void) chvt(arg_crash_chvt);
601f6a1e 223
7d06dad9
MS		 224 sa = (struct sigaction) {
225 .sa_handler = SIG_IGN,
226 .sa_flags = SA_NOCLDSTOP|SA_NOCLDWAIT|SA_RESTART,
227 };
228
229 /* Let the kernel reap children for us */
230 (void) sigaction(SIGCHLD, &sa, NULL);
8c43883a 231
7d06dad9 232 if (arg_crash_shell) {
b9e74c39 233 log_notice("Executing crash shell in 10s...");
92ca4cac 234 (void) sleep(10);
4fc935ca 235
8869a0b4 236 pid = raw_clone(SIGCHLD);
cd3bd60a 237 if (pid < 0)
56f64d95 238 log_emergency_errno(errno, "Failed to fork off crash shell: %m");
6f5e3f35 239 else if (pid == 0) {
b9e74c39 240 (void) setsid();
92ca4cac
LP		 241 (void) make_console_stdio();
242 (void) execle("/bin/sh", "/bin/sh", NULL, environ);
6f5e3f35 243
ee05e779 244 log_emergency_errno(errno, "execle() failed: %m");
92ca4cac 245 _exit(EXIT_FAILURE);
b9e74c39
LP		 246 } else {
247 log_info("Spawned crash shell as PID "PID_FMT".", pid);
4cf0b03b 248 (void) wait_for_terminate(pid, NULL);
b9e74c39 249 }
4fc935ca
LP		 250 }
251
b9e74c39 252 freeze_or_reboot();
97c4f35c
LP		 253}
254
255static void install_crash_handler(void) {
297d563d 256 static const struct sigaction sa = {
b92bea5d 257 .sa_handler = crash,
297d563d 258 .sa_flags = SA_NODEFER, /* So that we can raise the signal again from the signal handler */
b92bea5d 259 };
297d563d 260 int r;
97c4f35c 261
297d563d
LP		 262 /* We ignore the return value here, since, we don't mind if we
263 * cannot set up a crash handler */
264 r = sigaction_many(&sa, SIGNALS_CRASH_HANDLER, -1);
265 if (r < 0)
266 log_debug_errno(r, "I had trouble setting up the crash handler, ignoring: %m");
97c4f35c 267}
f170852a 268
56d96fc0
LP		 269static int console_setup(void) {
270 _cleanup_close_ int tty_fd = -1;
271 int r;
80876c20 272
512947d4 273 tty_fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
23bbb0de
MS		 274 if (tty_fd < 0)
275 return log_error_errno(tty_fd, "Failed to open /dev/console: %m");
80876c20 276
56d96fc0
LP		 277 /* We don't want to force text mode. plymouth may be showing
278 * pictures already from initrd. */
512947d4 279 r = reset_terminal_fd(tty_fd, false);
23bbb0de
MS		 280 if (r < 0)
281 return log_error_errno(r, "Failed to reset /dev/console: %m");
843d2643 282
56d96fc0 283 return 0;
80876c20
LP		 284}
285
b9e74c39
LP		 286static int parse_crash_chvt(const char *value) {
287 int b;
288
289 if (safe_atoi(value, &arg_crash_chvt) >= 0)
290 return 0;
291
292 b = parse_boolean(value);
293 if (b < 0)
294 return b;
295
296 if (b > 0)
297 arg_crash_chvt = 0; /* switch to where kmsg goes */
298 else
299 arg_crash_chvt = -1; /* turn off switching */
300
301 return 0;
302}
303
7d5ceb64
FB		 304static int parse_confirm_spawn(const char *value, char **console) {
305 char *s;
306 int r;
307
308 r = value ? parse_boolean(value) : 1;
309 if (r == 0) {
310 *console = NULL;
311 return 0;
312 }
313
314 if (r > 0) /* on with default tty */
315 s = strdup("/dev/console");
316 else if (is_path(value)) /* on with fully qualified path */
317 s = strdup(value);
318 else /* on with only a tty file name, not a fully qualified path */
319 s = strjoin("/dev/", value);
320 if (!s)
321 return -ENOMEM;
322 *console = s;
323 return 0;
324}
325
ee48dbd5 326static int set_machine_id(const char *m) {
e042eab7 327 sd_id128_t t;
8b26cdbd 328 assert(m);
ee48dbd5 329
e042eab7 330 if (sd_id128_from_string(m, &t) < 0)
ee48dbd5
NC		 331 return -EINVAL;
332
e042eab7 333 if (sd_id128_is_null(t))
ee48dbd5
NC		 334 return -EINVAL;
335
e042eab7 336 arg_machine_id = t;
ee48dbd5
NC		 337 return 0;
338}
339
96287a49 340static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
f170852a 341
059cb385 342 int r;
f170852a 343
059cb385 344 assert(key);
5192bd19 345
1d84ad94 346 if (STR_IN_SET(key, "systemd.unit", "rd.systemd.unit")) {
bf4df7c3 347
1d84ad94
LP		 348 if (proc_cmdline_value_missing(key, value))
349 return 0;
bf4df7c3 350
1d84ad94
LP		 351 if (!unit_name_is_valid(value, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE))
352 log_warning("Unit name specified on %s= is not valid, ignoring: %s", key, value);
353 else if (in_initrd() == !!startswith(key, "rd.")) {
354 if (free_and_strdup(&arg_default_unit, value) < 0)
355 return log_oom();
356 }
f170852a 357
1d84ad94 358 } else if (proc_cmdline_key_streq(key, "systemd.dump_core")) {
4fc935ca 359
1d84ad94 360 r = value ? parse_boolean(value) : true;
fb472900 361 if (r < 0)
059cb385 362 log_warning("Failed to parse dump core switch %s. Ignoring.", value);
4fc935ca 363 else
fa0f4d8a 364 arg_dump_core = r;
4fc935ca 365
1d84ad94 366 } else if (proc_cmdline_key_streq(key, "systemd.crash_chvt")) {
b9e74c39 367
1d84ad94
LP		 368 if (!value)
369 arg_crash_chvt = 0; /* turn on */
370 else if (parse_crash_chvt(value) < 0)
b9e74c39
LP		 371 log_warning("Failed to parse crash chvt switch %s. Ignoring.", value);
372
1d84ad94 373 } else if (proc_cmdline_key_streq(key, "systemd.crash_shell")) {
4fc935ca 374
1d84ad94 375 r = value ? parse_boolean(value) : true;
fb472900 376 if (r < 0)
059cb385 377 log_warning("Failed to parse crash shell switch %s. Ignoring.", value);
4fc935ca 378 else
fa0f4d8a 379 arg_crash_shell = r;
5e7ee61c 380
1d84ad94 381 } else if (proc_cmdline_key_streq(key, "systemd.crash_reboot")) {
5e7ee61c 382
1d84ad94 383 r = value ? parse_boolean(value) : true;
b9e74c39
LP		 384 if (r < 0)
385 log_warning("Failed to parse crash reboot switch %s. Ignoring.", value);
5e7ee61c 386 else
b9e74c39 387 arg_crash_reboot = r;
5e7ee61c 388
1d84ad94
LP		 389 } else if (proc_cmdline_key_streq(key, "systemd.confirm_spawn")) {
390 char *s;
7d5ceb64 391
1d84ad94 392 r = parse_confirm_spawn(value, &s);
059cb385 393 if (r < 0)
7d5ceb64 394 log_warning_errno(r, "Failed to parse confirm_spawn switch %s. Ignoring.", value);
1d84ad94
LP		 395 else {
396 free(arg_confirm_spawn);
397 arg_confirm_spawn = s;
398 }
601f6a1e 399
2a12e32e
JK		 400 } else if (proc_cmdline_key_streq(key, "systemd.service_watchdogs")) {
401
402 r = value ? parse_boolean(value) : true;
403 if (r < 0)
404 log_warning("Failed to parse service watchdog switch %s. Ignoring.", value);
405 else
406 arg_service_watchdogs = r;
407
1d84ad94 408 } else if (proc_cmdline_key_streq(key, "systemd.show_status")) {
9e58ff9c 409
1d84ad94
LP		 410 if (value) {
411 r = parse_show_status(value, &arg_show_status);
412 if (r < 0)
413 log_warning("Failed to parse show status switch %s. Ignoring.", value);
414 } else
415 arg_show_status = SHOW_STATUS_YES;
059cb385 416
1d84ad94
LP		 417 } else if (proc_cmdline_key_streq(key, "systemd.default_standard_output")) {
418
419 if (proc_cmdline_value_missing(key, value))
420 return 0;
0a494f1f 421
059cb385 422 r = exec_output_from_string(value);
fb472900 423 if (r < 0)
059cb385 424 log_warning("Failed to parse default standard output switch %s. Ignoring.", value);
0a494f1f
LP		 425 else
426 arg_default_std_output = r;
0a494f1f 427
1d84ad94
LP		 428 } else if (proc_cmdline_key_streq(key, "systemd.default_standard_error")) {
429
430 if (proc_cmdline_value_missing(key, value))
431 return 0;
059cb385
LP		 432
433 r = exec_output_from_string(value);
fb472900 434 if (r < 0)
059cb385 435 log_warning("Failed to parse default standard error switch %s. Ignoring.", value);
0a494f1f
LP		 436 else
437 arg_default_std_error = r;
9e7c5357 438
1d84ad94
LP		 439 } else if (streq(key, "systemd.setenv")) {
440
441 if (proc_cmdline_value_missing(key, value))
442 return 0;
059cb385
LP		 443
444 if (env_assignment_is_valid(value)) {
e21fea24
KS		 445 char **env;
446
059cb385 447 env = strv_env_set(arg_default_environment, value);
1d84ad94
LP		 448 if (!env)
449 return log_oom();
450
451 arg_default_environment = env;
e21fea24 452 } else
059cb385 453 log_warning("Environment variable name '%s' is not valid. Ignoring.", value);
9e58ff9c 454
1d84ad94
LP		 455 } else if (proc_cmdline_key_streq(key, "systemd.machine_id")) {
456
457 if (proc_cmdline_value_missing(key, value))
458 return 0;
459
460 r = set_machine_id(value);
461 if (r < 0)
462 log_warning("MachineID '%s' is not valid. Ignoring.", value);
ee48dbd5 463
1d84ad94
LP		 464 } else if (proc_cmdline_key_streq(key, "systemd.default_timeout_start_sec")) {
465
466 if (proc_cmdline_value_missing(key, value))
467 return 0;
468
469 r = parse_sec(value, &arg_default_timeout_start_usec);
470 if (r < 0)
471 log_warning_errno(r, "Failed to parse default start timeout: %s, ignoring.", value);
472
473 if (arg_default_timeout_start_usec <= 0)
474 arg_default_timeout_start_usec = USEC_INFINITY;
ee48dbd5 475
8a2c1fbf
EJ		 476 } else if (proc_cmdline_key_streq(key, "systemd.watchdog_device")) {
477
478 if (proc_cmdline_value_missing(key, value))
479 return 0;
480
481 parse_path_argument_and_warn(value, false, &arg_watchdog_device);
482
059cb385 483 } else if (streq(key, "quiet") && !value) {
d7b15e0a 484
b6e2f329 485 if (arg_show_status == _SHOW_STATUS_UNSET)
d450b6f2 486 arg_show_status = SHOW_STATUS_AUTO;
059cb385
LP		 487
488 } else if (streq(key, "debug") && !value) {
d7b15e0a 489
1de1c9c3
LP		 490 /* Note that log_parse_environment() handles 'debug'
491 * too, and sets the log level to LOG_DEBUG. */
d7b15e0a 492
75f86906 493 if (detect_container() > 0)
b2103dcc 494 log_set_target(LOG_TARGET_CONSOLE);
059cb385 495
dcd61450 496 } else if (!value) {
e2c9a131 497 const char *target;
f170852a
LP		 498
499 /* SysV compatibility */
e2c9a131
EV		 500 target = runlevel_to_target(key);
501 if (target)
502 return free_and_strdup(&arg_default_unit, target);
f170852a
LP		 503 }
504
505 return 0;
506}
507
e8e581bf
ZJS		 508#define DEFINE_SETTER(name, func, descr) \
509 static int name(const char *unit, \
510 const char *filename, \
511 unsigned line, \
512 const char *section, \
71a61510 513 unsigned section_line, \
e8e581bf
ZJS		 514 const char *lvalue, \
515 int ltype, \
516 const char *rvalue, \
517 void *data, \
518 void *userdata) { \
519 \
520 int r; \
521 \
522 assert(filename); \
523 assert(lvalue); \
524 assert(rvalue); \
525 \
526 r = func(rvalue); \
527 if (r < 0) \
d1cefe0a
LP		 528 log_syntax(unit, LOG_ERR, filename, line, r, \
529 "Invalid " descr "'%s': %m", \
530 rvalue); \
e8e581bf
ZJS		 531 \
532 return 0; \
533 }
487393e9 534
e8e581bf
ZJS		 535DEFINE_SETTER(config_parse_level2, log_set_max_level_from_string, "log level")
536DEFINE_SETTER(config_parse_target, log_set_target_from_string, "target")
537DEFINE_SETTER(config_parse_color, log_show_color_from_string, "color" )
538DEFINE_SETTER(config_parse_location, log_show_location_from_string, "location")
487393e9 539
4d7213b2
LP		 540static int config_parse_cpu_affinity2(
541 const char *unit,
542 const char *filename,
543 unsigned line,
544 const char *section,
545 unsigned section_line,
546 const char *lvalue,
547 int ltype,
548 const char *rvalue,
549 void *data,
550 void *userdata) {
487393e9 551
4b40bc38 552 _cleanup_cpu_free_ cpu_set_t *c = NULL;
f5c72b73 553 int ncpus;
487393e9 554
765d143b 555 ncpus = parse_cpu_set_and_warn(rvalue, &c, unit, filename, line, lvalue);
f5c72b73
FB		 556 if (ncpus < 0)
557 return ncpus;
487393e9 558
f5c72b73 559 if (sched_setaffinity(0, CPU_ALLOC_SIZE(ncpus), c) < 0)
25f027c5 560 log_warning_errno(errno, "Failed to set CPU affinity: %m");
487393e9 561
487393e9
LP		 562 return 0;
563}
564
4d7213b2
LP		 565static int config_parse_show_status(
566 const char* unit,
567 const char *filename,
568 unsigned line,
569 const char *section,
570 unsigned section_line,
571 const char *lvalue,
572 int ltype,
573 const char *rvalue,
574 void *data,
575 void *userdata) {
576
577 int k;
578 ShowStatus *b = data;
579
580 assert(filename);
581 assert(lvalue);
582 assert(rvalue);
583 assert(data);
584
585 k = parse_show_status(rvalue, b);
586 if (k < 0) {
12ca818f 587 log_syntax(unit, LOG_ERR, filename, line, k, "Failed to parse show status setting, ignoring: %s", rvalue);
4d7213b2
LP		 588 return 0;
589 }
590
591 return 0;
592}
593
5db98187
LP		 594static int config_parse_output_restricted(
595 const char* unit,
596 const char *filename,
597 unsigned line,
598 const char *section,
599 unsigned section_line,
600 const char *lvalue,
601 int ltype,
602 const char *rvalue,
603 void *data,
604 void *userdata) {
605
606 ExecOutput t, *eo = data;
607
608 assert(filename);
609 assert(lvalue);
610 assert(rvalue);
611 assert(data);
612
613 t = exec_output_from_string(rvalue);
614 if (t < 0) {
615 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse output type, ignoring: %s", rvalue);
616 return 0;
617 }
618
619 if (IN_SET(t, EXEC_OUTPUT_SOCKET, EXEC_OUTPUT_NAMED_FD, EXEC_OUTPUT_FILE)) {
620 log_syntax(unit, LOG_ERR, filename, line, 0, "Standard output types socket, fd:, file: are not supported as defaults, ignoring: %s", rvalue);
621 return 0;
622 }
623
624 *eo = t;
625 return 0;
626}
627
b9e74c39
LP		 628static int config_parse_crash_chvt(
629 const char* unit,
630 const char *filename,
631 unsigned line,
632 const char *section,
633 unsigned section_line,
634 const char *lvalue,
635 int ltype,
636 const char *rvalue,
637 void *data,
638 void *userdata) {
639
640 int r;
641
642 assert(filename);
643 assert(lvalue);
644 assert(rvalue);
b9e74c39
LP		 645
646 r = parse_crash_chvt(rvalue);
647 if (r < 0) {
648 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse CrashChangeVT= setting, ignoring: %s", rvalue);
649 return 0;
650 }
651
652 return 0;
653}
654
e8e581bf
ZJS		 655static int config_parse_join_controllers(const char *unit,
656 const char *filename,
657 unsigned line,
658 const char *section,
71a61510 659 unsigned section_line,
e8e581bf
ZJS		 660 const char *lvalue,
661 int ltype,
662 const char *rvalue,
663 void *data,
664 void *userdata) {
0c85a4f3 665
3875c85b 666 const char *whole_rvalue = rvalue;
0c85a4f3 667 unsigned n = 0;
0c85a4f3
LP		 668
669 assert(filename);
670 assert(lvalue);
671 assert(rvalue);
672
fe382237 673 arg_join_controllers = strv_free_free(arg_join_controllers);
0c85a4f3 674
d4ebeb4f
FB		 675 for (;;) {
676 _cleanup_free_ char *word = NULL;
677 char **l;
678 int r;
0c85a4f3 679
9a82ab95 680 r = extract_first_word(&rvalue, &word, NULL, EXTRACT_QUOTES);
3875c85b
FB		 681 if (r < 0) {
682 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid value for %s: %s", lvalue, whole_rvalue);
d4ebeb4f 683 return r;
3875c85b 684 }
d4ebeb4f
FB		 685 if (r == 0)
686 break;
0c85a4f3 687
d4ebeb4f 688 l = strv_split(word, ",");
1592ec21 689 if (!l)
aa8aeac0 690 return log_oom();
0c85a4f3
LP		 691 strv_uniq(l);
692
693 if (strv_length(l) <= 1) {
694 strv_free(l);
695 continue;
696 }
697
698 if (!arg_join_controllers) {
699 arg_join_controllers = new(char**, 2);
700 if (!arg_join_controllers) {
701 strv_free(l);
14212119 702 return log_oom();
0c85a4f3
LP		 703 }
704
705 arg_join_controllers[0] = l;
706 arg_join_controllers[1] = NULL;
707
708 n = 1;
709 } else {
710 char ***a;
711 char ***t;
712
713 t = new0(char**, n+2);
714 if (!t) {
715 strv_free(l);
14212119 716 return log_oom();
0c85a4f3
LP		 717 }
718
719 n = 0;
720
721 for (a = arg_join_controllers; *a; a++) {
722
723 if (strv_overlap(*a, l)) {
e287086b 724 if (strv_extend_strv(&l, *a, false) < 0) {
0c85a4f3
LP		 725 strv_free(l);
726 strv_free_free(t);
14212119 727 return log_oom();
0c85a4f3
LP		 728 }
729
0c85a4f3
LP		 730 } else {
731 char **c;
732
733 c = strv_copy(*a);
734 if (!c) {
735 strv_free(l);
736 strv_free_free(t);
14212119 737 return log_oom();
0c85a4f3
LP		 738 }
739
740 t[n++] = c;
741 }
742 }
743
744 t[n++] = strv_uniq(l);
745
746 strv_free_free(arg_join_controllers);
747 arg_join_controllers = t;
748 }
749 }
d4ebeb4f 750 if (!isempty(rvalue))
12ca818f 751 log_syntax(unit, LOG_ERR, filename, line, 0, "Trailing garbage, ignoring.");
0c85a4f3
LP		 752
753 return 0;
754}
755
487393e9
LP		 756static int parse_config_file(void) {
757
f975e971 758 const ConfigTableItem items[] = {
d3b1c508
LP		 759 { "Manager", "LogLevel", config_parse_level2, 0, NULL },
760 { "Manager", "LogTarget", config_parse_target, 0, NULL },
761 { "Manager", "LogColor", config_parse_color, 0, NULL },
762 { "Manager", "LogLocation", config_parse_location, 0, NULL },
763 { "Manager", "DumpCore", config_parse_bool, 0, &arg_dump_core },
b9e74c39
LP		 764 { "Manager", "CrashChVT", /* legacy */ config_parse_crash_chvt, 0, NULL },
765 { "Manager", "CrashChangeVT", config_parse_crash_chvt, 0, NULL },
d3b1c508 766 { "Manager", "CrashShell", config_parse_bool, 0, &arg_crash_shell },
b9e74c39 767 { "Manager", "CrashReboot", config_parse_bool, 0, &arg_crash_reboot },
d3b1c508 768 { "Manager", "ShowStatus", config_parse_show_status, 0, &arg_show_status },
d3b1c508
LP		 769 { "Manager", "CPUAffinity", config_parse_cpu_affinity2, 0, NULL },
770 { "Manager", "JoinControllers", config_parse_join_controllers, 0, &arg_join_controllers },
771 { "Manager", "RuntimeWatchdogSec", config_parse_sec, 0, &arg_runtime_watchdog },
772 { "Manager", "ShutdownWatchdogSec", config_parse_sec, 0, &arg_shutdown_watchdog },
8a2c1fbf 773 { "Manager", "WatchdogDevice", config_parse_path, 0, &arg_watchdog_device },
a103496c 774 { "Manager", "CapabilityBoundingSet", config_parse_capability_set, 0, &arg_capability_bounding_set },
349cc4a5 775#if HAVE_SECCOMP
d3b1c508 776 { "Manager", "SystemCallArchitectures", config_parse_syscall_archs, 0, &arg_syscall_archs },
89fffa27 777#endif
d3b1c508 778 { "Manager", "TimerSlackNSec", config_parse_nsec, 0, &arg_timer_slack_nsec },
bd8f585b 779 { "Manager", "DefaultTimerAccuracySec", config_parse_sec, 0, &arg_default_timer_accuracy_usec },
5db98187
LP		 780 { "Manager", "DefaultStandardOutput", config_parse_output_restricted,0, &arg_default_std_output },
781 { "Manager", "DefaultStandardError", config_parse_output_restricted,0, &arg_default_std_error },
d3b1c508
LP		 782 { "Manager", "DefaultTimeoutStartSec", config_parse_sec, 0, &arg_default_timeout_start_usec },
783 { "Manager", "DefaultTimeoutStopSec", config_parse_sec, 0, &arg_default_timeout_stop_usec },
784 { "Manager", "DefaultRestartSec", config_parse_sec, 0, &arg_default_restart_usec },
f0367da7
LP		 785 { "Manager", "DefaultStartLimitInterval", config_parse_sec, 0, &arg_default_start_limit_interval }, /* obsolete alias */
786 { "Manager", "DefaultStartLimitIntervalSec",config_parse_sec, 0, &arg_default_start_limit_interval },
d3b1c508
LP		 787 { "Manager", "DefaultStartLimitBurst", config_parse_unsigned, 0, &arg_default_start_limit_burst },
788 { "Manager", "DefaultEnvironment", config_parse_environ, 0, &arg_default_environment },
d0a7c5f6
LP		 789 { "Manager", "DefaultLimitCPU", config_parse_limit, RLIMIT_CPU, arg_default_rlimit },
790 { "Manager", "DefaultLimitFSIZE", config_parse_limit, RLIMIT_FSIZE, arg_default_rlimit },
791 { "Manager", "DefaultLimitDATA", config_parse_limit, RLIMIT_DATA, arg_default_rlimit },
792 { "Manager", "DefaultLimitSTACK", config_parse_limit, RLIMIT_STACK, arg_default_rlimit },
793 { "Manager", "DefaultLimitCORE", config_parse_limit, RLIMIT_CORE, arg_default_rlimit },
794 { "Manager", "DefaultLimitRSS", config_parse_limit, RLIMIT_RSS, arg_default_rlimit },
795 { "Manager", "DefaultLimitNOFILE", config_parse_limit, RLIMIT_NOFILE, arg_default_rlimit },
796 { "Manager", "DefaultLimitAS", config_parse_limit, RLIMIT_AS, arg_default_rlimit },
797 { "Manager", "DefaultLimitNPROC", config_parse_limit, RLIMIT_NPROC, arg_default_rlimit },
798 { "Manager", "DefaultLimitMEMLOCK", config_parse_limit, RLIMIT_MEMLOCK, arg_default_rlimit },
799 { "Manager", "DefaultLimitLOCKS", config_parse_limit, RLIMIT_LOCKS, arg_default_rlimit },
800 { "Manager", "DefaultLimitSIGPENDING", config_parse_limit, RLIMIT_SIGPENDING, arg_default_rlimit },
801 { "Manager", "DefaultLimitMSGQUEUE", config_parse_limit, RLIMIT_MSGQUEUE, arg_default_rlimit },
802 { "Manager", "DefaultLimitNICE", config_parse_limit, RLIMIT_NICE, arg_default_rlimit },
803 { "Manager", "DefaultLimitRTPRIO", config_parse_limit, RLIMIT_RTPRIO, arg_default_rlimit },
804 { "Manager", "DefaultLimitRTTIME", config_parse_limit, RLIMIT_RTTIME, arg_default_rlimit },
085afe36 805 { "Manager", "DefaultCPUAccounting", config_parse_bool, 0, &arg_default_cpu_accounting },
13c31542 806 { "Manager", "DefaultIOAccounting", config_parse_bool, 0, &arg_default_io_accounting },
377bfd2d 807 { "Manager", "DefaultIPAccounting", config_parse_bool, 0, &arg_default_ip_accounting },
085afe36
LP		 808 { "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_default_blockio_accounting },
809 { "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_default_memory_accounting },
03a7b521 810 { "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_default_tasks_accounting },
0af20ea2 811 { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max },
ae8c7939 812 { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, 0, &arg_cad_burst_action },
d3b1c508 813 {}
487393e9
LP		 814 };
815
1b907b5c 816 const char *fn, *conf_dirs_nulstr;
487393e9 817
463d0d15 818 fn = arg_system ?
75eb6154
LP		 819 PKGSYSCONFDIR "/system.conf" :
820 PKGSYSCONFDIR "/user.conf";
821
463d0d15 822 conf_dirs_nulstr = arg_system ?
75eb6154
LP		 823 CONF_PATHS_NULSTR("systemd/system.conf.d") :
824 CONF_PATHS_NULSTR("systemd/user.conf.d");
825
bcde742e 826 (void) config_parse_many_nulstr(fn, conf_dirs_nulstr, "Manager\0", config_item_table_lookup, items, CONFIG_PARSE_WARN, NULL);
36c16a7c
LP		 827
828 /* Traditionally "0" was used to turn off the default unit timeouts. Fix this up so that we used USEC_INFINITY
829 * like everywhere else. */
830 if (arg_default_timeout_start_usec <= 0)
831 arg_default_timeout_start_usec = USEC_INFINITY;
832 if (arg_default_timeout_stop_usec <= 0)
833 arg_default_timeout_stop_usec = USEC_INFINITY;
487393e9 834
487393e9
LP		 835 return 0;
836}
837
85cb4151 838static void set_manager_defaults(Manager *m) {
06af2a04
TB		 839
840 assert(m);
841
842 m->default_timer_accuracy_usec = arg_default_timer_accuracy_usec;
843 m->default_std_output = arg_default_std_output;
844 m->default_std_error = arg_default_std_error;
845 m->default_timeout_start_usec = arg_default_timeout_start_usec;
846 m->default_timeout_stop_usec = arg_default_timeout_stop_usec;
847 m->default_restart_usec = arg_default_restart_usec;
848 m->default_start_limit_interval = arg_default_start_limit_interval;
849 m->default_start_limit_burst = arg_default_start_limit_burst;
850 m->default_cpu_accounting = arg_default_cpu_accounting;
13c31542 851 m->default_io_accounting = arg_default_io_accounting;
377bfd2d 852 m->default_ip_accounting = arg_default_ip_accounting;
06af2a04
TB		 853 m->default_blockio_accounting = arg_default_blockio_accounting;
854 m->default_memory_accounting = arg_default_memory_accounting;
03a7b521 855 m->default_tasks_accounting = arg_default_tasks_accounting;
0af20ea2 856 m->default_tasks_max = arg_default_tasks_max;
06af2a04
TB		 857
858 manager_set_default_rlimits(m, arg_default_rlimit);
859 manager_environment_add(m, NULL, arg_default_environment);
860}
861
7b46fc6a
LP		 862static void set_manager_settings(Manager *m) {
863
864 assert(m);
865
866 m->confirm_spawn = arg_confirm_spawn;
2a12e32e 867 m->service_watchdogs = arg_service_watchdogs;
7b46fc6a
LP		 868 m->runtime_watchdog = arg_runtime_watchdog;
869 m->shutdown_watchdog = arg_shutdown_watchdog;
870 m->cad_burst_action = arg_cad_burst_action;
871
872 manager_set_show_status(m, arg_show_status);
873}
874
f170852a
LP		 875static int parse_argv(int argc, char *argv[]) {
876
877 enum {
878 ARG_LOG_LEVEL = 0x100,
879 ARG_LOG_TARGET,
bbe63281
LP		 880 ARG_LOG_COLOR,
881 ARG_LOG_LOCATION,
2f198e2f 882 ARG_UNIT,
edb9aaa8 883 ARG_SYSTEM,
af2d49f7 884 ARG_USER,
e537352b 885 ARG_TEST,
b87c2aa6 886 ARG_NO_PAGER,
9ba0bc4e 887 ARG_VERSION,
80876c20 888 ARG_DUMP_CONFIGURATION_ITEMS,
9e58ff9c 889 ARG_DUMP_CORE,
b9e74c39 890 ARG_CRASH_CHVT,
9e58ff9c 891 ARG_CRASH_SHELL,
b9e74c39 892 ARG_CRASH_REBOOT,
a16e1123 893 ARG_CONFIRM_SPAWN,
9e58ff9c 894 ARG_SHOW_STATUS,
4288f619 895 ARG_DESERIALIZE,
2660882b 896 ARG_SWITCHED_ROOT,
0a494f1f 897 ARG_DEFAULT_STD_OUTPUT,
ee48dbd5 898 ARG_DEFAULT_STD_ERROR,
2a12e32e
JK		 899 ARG_MACHINE_ID,
900 ARG_SERVICE_WATCHDOGS,
f170852a
LP		 901 };
902
903 static const struct option options[] = {
a16e1123
LP		 904 { "log-level", required_argument, NULL, ARG_LOG_LEVEL },
905 { "log-target", required_argument, NULL, ARG_LOG_TARGET },
bbe63281
LP		 906 { "log-color", optional_argument, NULL, ARG_LOG_COLOR },
907 { "log-location", optional_argument, NULL, ARG_LOG_LOCATION },
2f198e2f 908 { "unit", required_argument, NULL, ARG_UNIT },
edb9aaa8 909 { "system", no_argument, NULL, ARG_SYSTEM },
af2d49f7 910 { "user", no_argument, NULL, ARG_USER },
a16e1123 911 { "test", no_argument, NULL, ARG_TEST },
b87c2aa6 912 { "no-pager", no_argument, NULL, ARG_NO_PAGER },
a16e1123 913 { "help", no_argument, NULL, 'h' },
9ba0bc4e 914 { "version", no_argument, NULL, ARG_VERSION },
a16e1123 915 { "dump-configuration-items", no_argument, NULL, ARG_DUMP_CONFIGURATION_ITEMS },
a5d87bf0 916 { "dump-core", optional_argument, NULL, ARG_DUMP_CORE },
b9e74c39 917 { "crash-chvt", required_argument, NULL, ARG_CRASH_CHVT },
a5d87bf0 918 { "crash-shell", optional_argument, NULL, ARG_CRASH_SHELL },
b9e74c39 919 { "crash-reboot", optional_argument, NULL, ARG_CRASH_REBOOT },
a5d87bf0 920 { "confirm-spawn", optional_argument, NULL, ARG_CONFIRM_SPAWN },
6e98720f 921 { "show-status", optional_argument, NULL, ARG_SHOW_STATUS },
a16e1123 922 { "deserialize", required_argument, NULL, ARG_DESERIALIZE },
2660882b 923 { "switched-root", no_argument, NULL, ARG_SWITCHED_ROOT },
0a494f1f
LP		 924 { "default-standard-output", required_argument, NULL, ARG_DEFAULT_STD_OUTPUT, },
925 { "default-standard-error", required_argument, NULL, ARG_DEFAULT_STD_ERROR, },
ee48dbd5 926 { "machine-id", required_argument, NULL, ARG_MACHINE_ID },
2a12e32e 927 { "service-watchdogs", required_argument, NULL, ARG_SERVICE_WATCHDOGS },
fb472900 928 {}
f170852a
LP		 929 };
930
931 int c, r;
932
933 assert(argc >= 1);
934 assert(argv);
935
df0ff127 936 if (getpid_cached() == 1)
b770165a
LP		 937 opterr = 0;
938
099663ff 939 while ((c = getopt_long(argc, argv, "hDbsz:", options, NULL)) >= 0)
f170852a
LP		 940
941 switch (c) {
942
943 case ARG_LOG_LEVEL:
fb472900
ZJS		 944 r = log_set_max_level_from_string(optarg);
945 if (r < 0) {
f170852a
LP		 946 log_error("Failed to parse log level %s.", optarg);
947 return r;
948 }
949
950 break;
951
952 case ARG_LOG_TARGET:
fb472900
ZJS		 953 r = log_set_target_from_string(optarg);
954 if (r < 0) {
f170852a
LP		 955 log_error("Failed to parse log target %s.", optarg);
956 return r;
957 }
958
959 break;
960
bbe63281
LP		 961 case ARG_LOG_COLOR:
962
d0b170c8 963 if (optarg) {
fb472900
ZJS		 964 r = log_show_color_from_string(optarg);
965 if (r < 0) {
d0b170c8
LP		 966 log_error("Failed to parse log color setting %s.", optarg);
967 return r;
968 }
969 } else
970 log_show_color(true);
bbe63281
LP		 971
972 break;
973
974 case ARG_LOG_LOCATION:
d0b170c8 975 if (optarg) {
fb472900
ZJS		 976 r = log_show_location_from_string(optarg);
977 if (r < 0) {
d0b170c8
LP		 978 log_error("Failed to parse log location setting %s.", optarg);
979 return r;
980 }
981 } else
982 log_show_location(true);
bbe63281
LP		 983
984 break;
985
0a494f1f 986 case ARG_DEFAULT_STD_OUTPUT:
fb472900
ZJS		 987 r = exec_output_from_string(optarg);
988 if (r < 0) {
0a494f1f
LP		 989 log_error("Failed to parse default standard output setting %s.", optarg);
990 return r;
991 } else
992 arg_default_std_output = r;
993 break;
994
995 case ARG_DEFAULT_STD_ERROR:
fb472900
ZJS		 996 r = exec_output_from_string(optarg);
997 if (r < 0) {
0a494f1f
LP		 998 log_error("Failed to parse default standard error output setting %s.", optarg);
999 return r;
1000 } else
1001 arg_default_std_error = r;
1002 break;
1003
2f198e2f 1004 case ARG_UNIT:
e6e242ad 1005 r = free_and_strdup(&arg_default_unit, optarg);
23bbb0de
MS		 1006 if (r < 0)
1007 return log_error_errno(r, "Failed to set default unit %s: %m", optarg);
f170852a
LP		 1008
1009 break;
1010
edb9aaa8 1011 case ARG_SYSTEM:
463d0d15 1012 arg_system = true;
edb9aaa8 1013 break;
a5dab5ce 1014
af2d49f7 1015 case ARG_USER:
463d0d15 1016 arg_system = false;
a5dab5ce 1017 break;
a5dab5ce 1018
e965d56d 1019 case ARG_TEST:
fa0f4d8a 1020 arg_action = ACTION_TEST;
b87c2aa6
ZJS		 1021 break;
1022
1023 case ARG_NO_PAGER:
1024 arg_no_pager = true;
e965d56d
LP		 1025 break;
1026
9ba0bc4e
ZJS		 1027 case ARG_VERSION:
1028 arg_action = ACTION_VERSION;
1029 break;
1030
e537352b 1031 case ARG_DUMP_CONFIGURATION_ITEMS:
fa0f4d8a 1032 arg_action = ACTION_DUMP_CONFIGURATION_ITEMS;
e537352b
LP		 1033 break;
1034
9e58ff9c 1035 case ARG_DUMP_CORE:
b9e74c39
LP		 1036 if (!optarg)
1037 arg_dump_core = true;
1038 else {
1039 r = parse_boolean(optarg);
1040 if (r < 0)
1041 return log_error_errno(r, "Failed to parse dump core boolean: %s", optarg);
1042 arg_dump_core = r;
a5d87bf0 1043 }
b9e74c39
LP		 1044 break;
1045
1046 case ARG_CRASH_CHVT:
1047 r = parse_crash_chvt(optarg);
1048 if (r < 0)
1049 return log_error_errno(r, "Failed to parse crash virtual terminal index: %s", optarg);
9e58ff9c
LP		 1050 break;
1051
1052 case ARG_CRASH_SHELL:
b9e74c39
LP		 1053 if (!optarg)
1054 arg_crash_shell = true;
1055 else {
1056 r = parse_boolean(optarg);
1057 if (r < 0)
1058 return log_error_errno(r, "Failed to parse crash shell boolean: %s", optarg);
1059 arg_crash_shell = r;
1060 }
1061 break;
1062
1063 case ARG_CRASH_REBOOT:
1064 if (!optarg)
1065 arg_crash_reboot = true;
1066 else {
1067 r = parse_boolean(optarg);
1068 if (r < 0)
1069 return log_error_errno(r, "Failed to parse crash shell boolean: %s", optarg);
1070 arg_crash_reboot = r;
a5d87bf0 1071 }
9e58ff9c
LP		 1072 break;
1073
80876c20 1074 case ARG_CONFIRM_SPAWN:
7d5ceb64
FB		 1075 arg_confirm_spawn = mfree(arg_confirm_spawn);
1076
1077 r = parse_confirm_spawn(optarg, &arg_confirm_spawn);
1078 if (r < 0)
1079 return log_error_errno(r, "Failed to parse confirm spawn option: %m");
80876c20
LP		 1080 break;
1081
2a12e32e
JK		 1082 case ARG_SERVICE_WATCHDOGS:
1083 r = parse_boolean(optarg);
1084 if (r < 0)
1085 return log_error_errno(r, "Failed to parse service watchdogs boolean: %s", optarg);
1086 arg_service_watchdogs = r;
1087 break;
1088
9e58ff9c 1089 case ARG_SHOW_STATUS:
d450b6f2
ZJS		 1090 if (optarg) {
1091 r = parse_show_status(optarg, &arg_show_status);
1092 if (r < 0) {
1093 log_error("Failed to parse show status boolean %s.", optarg);
1094 return r;
1095 }
1096 } else
1097 arg_show_status = SHOW_STATUS_YES;
6e98720f 1098 break;
a5d87bf0 1099
a16e1123
LP		 1100 case ARG_DESERIALIZE: {
1101 int fd;
1102 FILE *f;
1103
01e10de3
LP		 1104 r = safe_atoi(optarg, &fd);
1105 if (r < 0 || fd < 0) {
a16e1123 1106 log_error("Failed to parse deserialize option %s.", optarg);
b9e74c39 1107 return -EINVAL;
a16e1123
LP		 1108 }
1109
b9e74c39 1110 (void) fd_cloexec(fd, true);
01e10de3
LP		 1111
1112 f = fdopen(fd, "r");
4a62c710
MS		 1113 if (!f)
1114 return log_error_errno(errno, "Failed to open serialization fd: %m");
a16e1123 1115
74ca738f 1116 safe_fclose(arg_serialization);
d3b1c508 1117 arg_serialization = f;
a16e1123
LP		 1118
1119 break;
1120 }
1121
2660882b 1122 case ARG_SWITCHED_ROOT:
bf4df7c3 1123 arg_switched_root = true;
d03bc1b8
HH		 1124 break;
1125
ee48dbd5
NC		 1126 case ARG_MACHINE_ID:
1127 r = set_machine_id(optarg);
54500613
LP		 1128 if (r < 0)
1129 return log_error_errno(r, "MachineID '%s' is not valid.", optarg);
ee48dbd5
NC		 1130 break;
1131
f170852a 1132 case 'h':
fa0f4d8a 1133 arg_action = ACTION_HELP;
f170852a
LP		 1134 break;
1135
1d2e23ab
LP		 1136 case 'D':
1137 log_set_max_level(LOG_DEBUG);
1138 break;
1139
099663ff
LP		 1140 case 'b':
1141 case 's':
1142 case 'z':
1143 /* Just to eat away the sysvinit kernel
1144 * cmdline args without getopt() error
1145 * messages that we'll parse in
1146 * parse_proc_cmdline_word() or ignore. */
f170852a 1147
099663ff 1148 case '?':
df0ff127 1149 if (getpid_cached() != 1)
099663ff 1150 return -EINVAL;
601185b4
ZJS		 1151 else
1152 return 0;
099663ff 1153
601185b4
ZJS		 1154 default:
1155 assert_not_reached("Unhandled option code.");
f170852a
LP		 1156 }
1157
df0ff127 1158 if (optind < argc && getpid_cached() != 1) {
d821e6d6
LP		 1159 /* Hmm, when we aren't run as init system
1160 * let's complain about excess arguments */
1161
1162 log_error("Excess arguments.");
1163 return -EINVAL;
1164 }
1165
f170852a
LP		 1166 return 0;
1167}
1168
1169static int help(void) {
1170
2e33c433 1171 printf("%s [OPTIONS...]\n\n"
af2d49f7 1172 "Starts up and maintains the system or user services.\n\n"
e537352b 1173 " -h --help Show this help\n"
cb4069d9 1174 " --version Show version\n"
e537352b 1175 " --test Determine startup sequence, dump it and exit\n"
b87c2aa6 1176 " --no-pager Do not pipe output into a pager\n"
80876c20 1177 " --dump-configuration-items Dump understood unit configuration items\n"
9e58ff9c 1178 " --unit=UNIT Set default unit\n"
edb9aaa8 1179 " --system Run a system instance, even if PID != 1\n"
af2d49f7 1180 " --user Run a user instance\n"
b9e74c39
LP		 1181 " --dump-core[=BOOL] Dump core on crash\n"
1182 " --crash-vt=NR Change to specified VT on crash\n"
1183 " --crash-reboot[=BOOL] Reboot on crash\n"
1184 " --crash-shell[=BOOL] Run shell on crash\n"
1185 " --confirm-spawn[=BOOL] Ask for confirmation when spawning processes\n"
1186 " --show-status[=BOOL] Show status updates on the console during bootup\n"
c1dc6153 1187 " --log-target=TARGET Set log target (console, journal, kmsg, journal-or-kmsg, null)\n"
9e58ff9c 1188 " --log-level=LEVEL Set log level (debug, info, notice, warning, err, crit, alert, emerg)\n"
b9e74c39
LP		 1189 " --log-color[=BOOL] Highlight important log messages\n"
1190 " --log-location[=BOOL] Include code location in log messages\n"
0a494f1f
LP		 1191 " --default-standard-output= Set default standard output for services\n"
1192 " --default-standard-error= Set default standard error output for services\n",
5b6319dc 1193 program_invocation_short_name);
f170852a
LP		 1194
1195 return 0;
1196}
1197
b3680f49 1198static int prepare_reexecute(Manager *m, FILE **_f, FDSet **_fds, bool switching_root) {
48b90859
LP		 1199 _cleanup_fdset_free_ FDSet *fds = NULL;
1200 _cleanup_fclose_ FILE *f = NULL;
a16e1123
LP		 1201 int r;
1202
1203 assert(m);
1204 assert(_f);
1205 assert(_fds);
1206
6b78f9b4 1207 r = manager_open_serialization(m, &f);
48b90859
LP		 1208 if (r < 0)
1209 return log_error_errno(r, "Failed to create serialization file: %m");
a16e1123 1210
71445ae7 1211 /* Make sure nothing is really destructed when we shut down */
313cefa1 1212 m->n_reloading++;
718db961 1213 bus_manager_send_reloading(m, true);
71445ae7 1214
6b78f9b4 1215 fds = fdset_new();
48b90859
LP		 1216 if (!fds)
1217 return log_oom();
a16e1123 1218
b3680f49 1219 r = manager_serialize(m, f, fds, switching_root);
48b90859
LP		 1220 if (r < 0)
1221 return log_error_errno(r, "Failed to serialize state: %m");
a16e1123 1222
48b90859
LP		 1223 if (fseeko(f, 0, SEEK_SET) == (off_t) -1)
1224 return log_error_errno(errno, "Failed to rewind serialization fd: %m");
a16e1123 1225
6b78f9b4 1226 r = fd_cloexec(fileno(f), false);
48b90859
LP		 1227 if (r < 0)
1228 return log_error_errno(r, "Failed to disable O_CLOEXEC for serialization: %m");
a16e1123 1229
6b78f9b4 1230 r = fdset_cloexec(fds, false);
48b90859
LP		 1231 if (r < 0)
1232 return log_error_errno(r, "Failed to disable O_CLOEXEC for serialization fds: %m");
a16e1123
LP		 1233
1234 *_f = f;
1235 *_fds = fds;
1236
48b90859
LP		 1237 f = NULL;
1238 fds = NULL;
a16e1123 1239
48b90859 1240 return 0;
a16e1123
LP		 1241}
1242
4096d6f5
LP		 1243static int bump_rlimit_nofile(struct rlimit *saved_rlimit) {
1244 struct rlimit nl;
1245 int r;
6385cb31
CB		 1246 int min_max;
1247 _cleanup_free_ char *nr_open = NULL;
4096d6f5
LP		 1248
1249 assert(saved_rlimit);
1250
1251 /* Save the original RLIMIT_NOFILE so that we can reset it
1252 * later when transitioning from the initrd to the main
1253 * systemd or suchlike. */
4a62c710 1254 if (getrlimit(RLIMIT_NOFILE, saved_rlimit) < 0)
3ce40911 1255 return log_warning_errno(errno, "Reading RLIMIT_NOFILE failed, ignoring: %m");
4096d6f5
LP		 1256
1257 /* Make sure forked processes get the default kernel setting */
1258 if (!arg_default_rlimit[RLIMIT_NOFILE]) {
1259 struct rlimit *rl;
1260
1261 rl = newdup(struct rlimit, saved_rlimit, 1);
1262 if (!rl)
1263 return log_oom();
1264
1265 arg_default_rlimit[RLIMIT_NOFILE] = rl;
1266 }
1267
6385cb31
CB		 1268 /* Get current RLIMIT_NOFILE maximum compiled into the kernel. */
1269 r = read_one_line_file("/proc/sys/fs/nr_open", &nr_open);
d387cfdd 1270 if (r >= 0)
6385cb31
CB		 1271 r = safe_atoi(nr_open, &min_max);
1272 /* If we fail, fallback to the hard-coded kernel limit of 1024 * 1024. */
1273 if (r < 0)
1274 min_max = 1024 * 1024;
1275
4096d6f5 1276 /* Bump up the resource limit for ourselves substantially */
6385cb31 1277 nl.rlim_cur = nl.rlim_max = min_max;
4096d6f5 1278 r = setrlimit_closest(RLIMIT_NOFILE, &nl);
23bbb0de 1279 if (r < 0)
3ce40911 1280 return log_warning_errno(r, "Setting RLIMIT_NOFILE failed, ignoring: %m");
4096d6f5
LP		 1281
1282 return 0;
1283}
1284
fb3ae275
LP		 1285static int bump_rlimit_memlock(struct rlimit *saved_rlimit) {
1286 int r;
1287
1288 assert(saved_rlimit);
1289 assert(getuid() == 0);
1290
1291 /* BPF_MAP_TYPE_LPM_TRIE bpf maps are charged against RLIMIT_MEMLOCK, even though we have CAP_IPC_LOCK which
1292 * should normally disable such checks. We need them to implement IPAccessAllow= and IPAccessDeny=, hence let's
1293 * bump the value high enough for the root user. */
1294
1295 if (getrlimit(RLIMIT_MEMLOCK, saved_rlimit) < 0)
1296 return log_warning_errno(errno, "Reading RLIMIT_MEMLOCK failed, ignoring: %m");
1297
1298 r = setrlimit_closest(RLIMIT_MEMLOCK, &RLIMIT_MAKE_CONST(1024ULL*1024ULL*16ULL));
1299 if (r < 0)
1300 return log_warning_errno(r, "Setting RLIMIT_MEMLOCK failed, ignoring: %m");
1301
1302 return 0;
1303}
1304
80758717 1305static void test_usr(void) {
80758717 1306
ed1c99fc 1307 /* Check that /usr is not a separate fs */
80758717 1308
871c44a7
LP		 1309 if (dir_is_empty("/usr") <= 0)
1310 return;
1311
8b173b5e 1312 log_warning("/usr appears to be on its own filesystem and is not already mounted. This is not a supported setup. "
871c44a7
LP		 1313 "Some things will probably break (sometimes even silently) in mysterious ways. "
1314 "Consult http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken for more information.");
1315}
1316
a07fdfa3
LP		 1317static int initialize_join_controllers(void) {
1318 /* By default, mount "cpu" + "cpuacct" together, and "net_cls"
1319 * + "net_prio". We'd like to add "cpuset" to the mix, but
f131770b 1320 * "cpuset" doesn't really work for groups with no initialized
a07fdfa3
LP		 1321 * attributes. */
1322
1323 arg_join_controllers = new(char**, 3);
1324 if (!arg_join_controllers)
1325 return -ENOMEM;
1326
1327 arg_join_controllers[0] = strv_new("cpu", "cpuacct", NULL);
fe382237
LP		 1328 if (!arg_join_controllers[0])
1329 goto oom;
a6b26d90 1330
fe382237
LP		 1331 arg_join_controllers[1] = strv_new("net_cls", "net_prio", NULL);
1332 if (!arg_join_controllers[1])
1333 goto oom;
a07fdfa3 1334
fe382237 1335 arg_join_controllers[2] = NULL;
a07fdfa3 1336 return 0;
fe382237
LP		 1337
1338oom:
1339 arg_join_controllers = strv_free_free(arg_join_controllers);
1340 return -ENOMEM;
a07fdfa3
LP		 1341}
1342
d3b1c508 1343static int enforce_syscall_archs(Set *archs) {
349cc4a5 1344#if HAVE_SECCOMP
d3b1c508
LP		 1345 int r;
1346
83f12b27
FS		 1347 if (!is_seccomp_available())
1348 return 0;
1349
469830d1 1350 r = seccomp_restrict_archs(arg_syscall_archs);
d3b1c508 1351 if (r < 0)
469830d1 1352 return log_error_errno(r, "Failed to enforce system call architecture restrication: %m");
d3b1c508 1353#endif
469830d1 1354 return 0;
d3b1c508
LP		 1355}
1356
b6e2f329
LP		 1357static int status_welcome(void) {
1358 _cleanup_free_ char *pretty_name = NULL, *ansi_color = NULL;
72c7329b 1359 const char *fn;
b6e2f329
LP		 1360 int r;
1361
fd8c85c6
LP		 1362 if (arg_show_status <= 0)
1363 return 0;
1364
72c7329b
LP		 1365 FOREACH_STRING(fn, "/etc/os-release", "/usr/lib/os-release") {
1366 r = parse_env_file(fn, NEWLINE,
5ae4d543
LP		 1367 "PRETTY_NAME", &pretty_name,
1368 "ANSI_COLOR", &ansi_color,
1369 NULL);
b6e2f329 1370
72c7329b
LP		 1371 if (r != -ENOENT)
1372 break;
1373 }
b6e2f329 1374 if (r < 0 && r != -ENOENT)
72c7329b 1375 log_warning_errno(r, "Failed to read os-release file, ignoring: %m");
b6e2f329 1376
dc9b5816
ZJS		 1377 if (log_get_show_color())
1378 return status_printf(NULL, false, false,
1379 "\nWelcome to \x1B[%sm%s\x1B[0m!\n",
1380 isempty(ansi_color) ? "1" : ansi_color,
1381 isempty(pretty_name) ? "Linux" : pretty_name);
1382 else
1383 return status_printf(NULL, false, false,
1384 "\nWelcome to %s!\n",
1385 isempty(pretty_name) ? "Linux" : pretty_name);
b6e2f329
LP		 1386}
1387
fdd25311
LP		 1388static int write_container_id(void) {
1389 const char *c;
19854865 1390 int r;
fdd25311
LP		 1391
1392 c = getenv("container");
1393 if (isempty(c))
1394 return 0;
1395
8612da97
LP		 1396 RUN_WITH_UMASK(0022)
1397 r = write_string_file("/run/systemd/container", c, WRITE_STRING_FILE_CREATE);
19854865 1398 if (r < 0)
f1f849b0 1399 return log_warning_errno(r, "Failed to write /run/systemd/container, ignoring: %m");
19854865
LP		 1400
1401 return 1;
1402}
1403
1404static int bump_unix_max_dgram_qlen(void) {
1405 _cleanup_free_ char *qlen = NULL;
1406 unsigned long v;
1407 int r;
1408
1409 /* Let's bump the net.unix.max_dgram_qlen sysctl. The kernel
1410 * default of 16 is simply too low. We set the value really
1411 * really early during boot, so that it is actually applied to
1412 * all our sockets, including the $NOTIFY_SOCKET one. */
1413
1414 r = read_one_line_file("/proc/sys/net/unix/max_dgram_qlen", &qlen);
1415 if (r < 0)
1416 return log_warning_errno(r, "Failed to read AF_UNIX datagram queue length, ignoring: %m");
1417
1418 r = safe_atolu(qlen, &v);
1419 if (r < 0)
1420 return log_warning_errno(r, "Failed to parse AF_UNIX datagram queue length, ignoring: %m");
1421
1422 if (v >= DEFAULT_UNIX_MAX_DGRAM_QLEN)
1423 return 0;
1424
1425 qlen = mfree(qlen);
1426 if (asprintf(&qlen, "%lu\n", DEFAULT_UNIX_MAX_DGRAM_QLEN) < 0)
1427 return log_oom();
1428
1429 r = write_string_file("/proc/sys/net/unix/max_dgram_qlen", qlen, 0);
1430 if (r < 0)
1431 return log_full_errno(IN_SET(r, -EROFS, -EPERM, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
1432 "Failed to bump AF_UNIX datagram queue length, ignoring: %m");
1433
1434 return 1;
fdd25311
LP		 1435}
1436
32391275
FB		 1437static int fixup_environment(void) {
1438 _cleanup_free_ char *term = NULL;
4dc63c4b 1439 const char *t;
32391275
FB		 1440 int r;
1441
43db615b
LP		 1442 /* Only fix up the environment when we are started as PID 1 */
1443 if (getpid_cached() != 1)
1444 return 0;
1445
1446 /* We expect the environment to be set correctly if run inside a container. */
84af7821
LP		 1447 if (detect_container() > 0)
1448 return 0;
1449
43db615b
LP		 1450 /* When started as PID1, the kernel uses /dev/console for our stdios and uses TERM=linux whatever the backend
1451 * device used by the console. We try to make a better guess here since some consoles might not have support
1452 * for color mode for example.
32391275 1453 *
43db615b 1454 * However if TERM was configured through the kernel command line then leave it alone. */
1d84ad94 1455 r = proc_cmdline_get_key("TERM", 0, &term);
32391275
FB		 1456 if (r < 0)
1457 return r;
32391275 1458
4dc63c4b
LP		 1459 t = term ?: default_term_for_tty("/dev/console");
1460
1461 if (setenv("TERM", t, 1) < 0)
32391275
FB		 1462 return -errno;
1463
1464 return 0;
1465}
1466
6808a0bc
LP		 1467static void redirect_telinit(int argc, char *argv[]) {
1468
1469 /* This is compatibility support for SysV, where calling init as a user is identical to telinit. */
1470
1471#if HAVE_SYSV_COMPAT
1472 if (getpid_cached() == 1)
1473 return;
1474
1475 if (!strstr(program_invocation_short_name, "init"))
1476 return;
1477
1478 execv(SYSTEMCTL_BINARY_PATH, argv);
1479 log_error_errno(errno, "Failed to exec " SYSTEMCTL_BINARY_PATH ": %m");
a45d7127 1480 exit(EXIT_FAILURE);
6808a0bc
LP		 1481#endif
1482}
1483
4a36297c
LP		 1484static int become_shutdown(
1485 const char *shutdown_verb,
7eb35049 1486 int retval) {
4a36297c
LP		 1487
1488 char log_level[DECIMAL_STR_MAX(int) + 1],
e73c54b8
JK		 1489 exit_code[DECIMAL_STR_MAX(uint8_t) + 1],
1490 timeout[DECIMAL_STR_MAX(usec_t) + 1];
4a36297c 1491
e73c54b8 1492 const char* command_line[13] = {
4a36297c
LP		 1493 SYSTEMD_SHUTDOWN_BINARY_PATH,
1494 shutdown_verb,
e73c54b8 1495 "--timeout", timeout,
4a36297c
LP		 1496 "--log-level", log_level,
1497 "--log-target",
1498 };
1499
1500 _cleanup_strv_free_ char **env_block = NULL;
e73c54b8 1501 size_t pos = 7;
4a36297c
LP		 1502 int r;
1503
7eb35049 1504 assert(shutdown_verb);
234519ae 1505 assert(!command_line[pos]);
4a36297c
LP		 1506 env_block = strv_copy(environ);
1507
1508 xsprintf(log_level, "%d", log_get_max_level());
e73c54b8 1509 xsprintf(timeout, "%" PRI_USEC "us", arg_default_timeout_stop_usec);
4a36297c
LP		 1510
1511 switch (log_get_target()) {
1512
1513 case LOG_TARGET_KMSG:
1514 case LOG_TARGET_JOURNAL_OR_KMSG:
1515 case LOG_TARGET_SYSLOG_OR_KMSG:
1516 command_line[pos++] = "kmsg";
1517 break;
1518
1519 case LOG_TARGET_NULL:
1520 command_line[pos++] = "null";
1521 break;
1522
1523 case LOG_TARGET_CONSOLE:
1524 default:
1525 command_line[pos++] = "console";
1526 break;
1527 };
1528
1529 if (log_get_show_color())
1530 command_line[pos++] = "--log-color";
1531
1532 if (log_get_show_location())
1533 command_line[pos++] = "--log-location";
1534
1535 if (streq(shutdown_verb, "exit")) {
1536 command_line[pos++] = "--exit-code";
1537 command_line[pos++] = exit_code;
1538 xsprintf(exit_code, "%d", retval);
1539 }
1540
1541 assert(pos < ELEMENTSOF(command_line));
1542
7eb35049
LP		 1543 if (streq(shutdown_verb, "reboot") &&
1544 arg_shutdown_watchdog > 0 &&
1545 arg_shutdown_watchdog != USEC_INFINITY) {
1546
4a36297c
LP		 1547 char *e;
1548
1549 /* If we reboot let's set the shutdown
1550 * watchdog and tell the shutdown binary to
1551 * repeatedly ping it */
1552 r = watchdog_set_timeout(&arg_shutdown_watchdog);
1553 watchdog_close(r < 0);
1554
1555 /* Tell the binary how often to ping, ignore failure */
1556 if (asprintf(&e, "WATCHDOG_USEC="USEC_FMT, arg_shutdown_watchdog) > 0)
8a2c1fbf
EJ		 1557 (void) strv_consume(&env_block, e);
1558
1559 if (arg_watchdog_device &&
1560 asprintf(&e, "WATCHDOG_DEVICE=%s", arg_watchdog_device) > 0)
1561 (void) strv_consume(&env_block, e);
4a36297c
LP		 1562 } else
1563 watchdog_close(true);
1564
1565 /* Avoid the creation of new processes forked by the
1566 * kernel; at this point, we will not listen to the
1567 * signals anyway */
1568 if (detect_container() <= 0)
1569 (void) cg_uninstall_release_agent(SYSTEMD_CGROUP_CONTROLLER);
1570
1571 execve(SYSTEMD_SHUTDOWN_BINARY_PATH, (char **) command_line, env_block);
1572 return -errno;
1573}
1574
e839bafd
LP		 1575static void initialize_clock(void) {
1576 int r;
1577
1578 if (clock_is_localtime(NULL) > 0) {
1579 int min;
1580
1581 /*
1582 * The very first call of settimeofday() also does a time warp in the kernel.
1583 *
1584 * In the rtc-in-local time mode, we set the kernel's timezone, and rely on external tools to take care
1585 * of maintaining the RTC and do all adjustments. This matches the behavior of Windows, which leaves
1586 * the RTC alone if the registry tells that the RTC runs in UTC.
1587 */
1588 r = clock_set_timezone(&min);
1589 if (r < 0)
1590 log_error_errno(r, "Failed to apply local time delta, ignoring: %m");
1591 else
1592 log_info("RTC configured in localtime, applying delta of %i minutes to system time.", min);
1593
1594 } else if (!in_initrd()) {
1595 /*
1596 * Do a dummy very first call to seal the kernel's time warp magic.
1597 *
1598 * Do not call this from inside the initrd. The initrd might not carry /etc/adjtime with LOCAL, but the
1599 * real system could be set up that way. In such case, we need to delay the time-warp or the sealing
1600 * until we reach the real system.
1601 *
1602 * Do no set the kernel's timezone. The concept of local time cannot be supported reliably, the time
1603 * will jump or be incorrect at every daylight saving time change. All kernel local time concepts will
1604 * be treated as UTC that way.
1605 */
1606 (void) clock_reset_timewarp();
1607 }
1608
1609 r = clock_apply_epoch();
1610 if (r < 0)
1611 log_error_errno(r, "Current system time is before build time, but cannot correct: %m");
1612 else if (r > 0)
1613 log_info("System time before build time, advancing clock.");
1614}
1615
1e41242e
LP		 1616static void initialize_coredump(bool skip_setup) {
1617
1618 if (getpid_cached() != 1)
1619 return;
1620
1621 /* Don't limit the core dump size, so that coredump handlers such as systemd-coredump (which honour the limit)
1622 * will process core dumps for system services by default. */
1623 if (setrlimit(RLIMIT_CORE, &RLIMIT_MAKE_CONST(RLIM_INFINITY)) < 0)
1624 log_warning_errno(errno, "Failed to set RLIMIT_CORE: %m");
1625
1626 /* But at the same time, turn off the core_pattern logic by default, so that no coredumps are stored
1627 * until the systemd-coredump tool is enabled via sysctl. */
1628 if (!skip_setup)
e557b1a6 1629 disable_coredumps();
1e41242e
LP		 1630}
1631
3c7878f9
LP		 1632static void do_reexecute(
1633 int argc,
1634 char *argv[],
1635 const struct rlimit *saved_rlimit_nofile,
1636 const struct rlimit *saved_rlimit_memlock,
1637 FDSet *fds,
1638 const char *switch_root_dir,
1639 const char *switch_root_init,
1640 const char **ret_error_message) {
1641
1642 unsigned i, j, args_size;
1643 const char **args;
1644 int r;
1645
1646 assert(saved_rlimit_nofile);
1647 assert(saved_rlimit_memlock);
1648 assert(ret_error_message);
1649
1650 /* Close and disarm the watchdog, so that the new instance can reinitialize it, but doesn't get rebooted while
1651 * we do that */
1652 watchdog_close(true);
1653
1654 /* Reset the RLIMIT_NOFILE to the kernel default, so that the new systemd can pass the kernel default to its
1655 * child processes */
1656
1657 if (saved_rlimit_nofile->rlim_cur > 0)
1658 (void) setrlimit(RLIMIT_NOFILE, saved_rlimit_nofile);
1659 if (saved_rlimit_memlock->rlim_cur != (rlim_t) -1)
1660 (void) setrlimit(RLIMIT_MEMLOCK, saved_rlimit_memlock);
1661
1662 if (switch_root_dir) {
1663 /* Kill all remaining processes from the initrd, but don't wait for them, so that we can handle the
1664 * SIGCHLD for them after deserializing. */
e73c54b8 1665 broadcast_signal(SIGTERM, false, true, arg_default_timeout_stop_usec);
3c7878f9
LP		 1666
1667 /* And switch root with MS_MOVE, because we remove the old directory afterwards and detach it. */
1668 r = switch_root(switch_root_dir, "/mnt", true, MS_MOVE);
1669 if (r < 0)
1670 log_error_errno(r, "Failed to switch root, trying to continue: %m");
1671 }
1672
1673 args_size = MAX(6, argc+1);
1674 args = newa(const char*, args_size);
1675
1676 if (!switch_root_init) {
1677 char sfd[DECIMAL_STR_MAX(int) + 1];
1678
1679 /* First try to spawn ourselves with the right path, and with full serialization. We do this only if
1680 * the user didn't specify an explicit init to spawn. */
1681
1682 assert(arg_serialization);
1683 assert(fds);
1684
1685 xsprintf(sfd, "%i", fileno(arg_serialization));
1686
1687 i = 0;
1688 args[i++] = SYSTEMD_BINARY_PATH;
1689 if (switch_root_dir)
1690 args[i++] = "--switched-root";
1691 args[i++] = arg_system ? "--system" : "--user";
1692 args[i++] = "--deserialize";
1693 args[i++] = sfd;
1694 args[i++] = NULL;
1695
1696 assert(i <= args_size);
1697
1698 /*
1699 * We want valgrind to print its memory usage summary before reexecution. Valgrind won't do this is on
1700 * its own on exec(), but it will do it on exit(). Hence, to ensure we get a summary here, fork() off
1701 * a child, let it exit() cleanly, so that it prints the summary, and wait() for it in the parent,
1702 * before proceeding into the exec().
1703 */
1704 valgrind_summary_hack();
1705
1706 (void) execv(args[0], (char* const*) args);
1707 log_debug_errno(errno, "Failed to execute our own binary, trying fallback: %m");
1708 }
1709
1710 /* Try the fallback, if there is any, without any serialization. We pass the original argv[] and envp[]. (Well,
1711 * modulo the ordering changes due to getopt() in argv[], and some cleanups in envp[], but let's hope that
1712 * doesn't matter.) */
1713
1714 arg_serialization = safe_fclose(arg_serialization);
1715 fds = fdset_free(fds);
1716
1717 /* Reopen the console */
1718 (void) make_console_stdio();
1719
1720 for (j = 1, i = 1; j < (unsigned) argc; j++)
1721 args[i++] = argv[j];
1722 args[i++] = NULL;
1723 assert(i <= args_size);
1724
1725 /* Reenable any blocked signals, especially important if we switch from initial ramdisk to init=... */
1726 (void) reset_all_signal_handlers();
1727 (void) reset_signal_mask();
1728
1729 if (switch_root_init) {
1730 args[0] = switch_root_init;
1731 (void) execv(args[0], (char* const*) args);
1732 log_warning_errno(errno, "Failed to execute configured init, trying fallback: %m");
1733 }
1734
1735 args[0] = "/sbin/init";
1736 (void) execv(args[0], (char* const*) args);
1737 r = -errno;
1738
1739 manager_status_printf(NULL, STATUS_TYPE_EMERGENCY,
1740 ANSI_HIGHLIGHT_RED " !! " ANSI_NORMAL,
1741 "Failed to execute /sbin/init");
1742
1743 if (r == -ENOENT) {
1744 log_warning("No /sbin/init, trying fallback");
1745
1746 args[0] = "/bin/sh";
1747 args[1] = NULL;
1748 (void) execv(args[0], (char* const*) args);
1749 log_error_errno(errno, "Failed to execute /bin/sh, giving up: %m");
1750 } else
1751 log_warning_errno(r, "Failed to execute /sbin/init, giving up: %m");
1752
1753 *ret_error_message = "Failed to execute fallback shell";
1754}
1755
7eb35049
LP		 1756static int invoke_main_loop(
1757 Manager *m,
1758 bool *ret_reexecute,
1759 int *ret_retval, /* Return parameters relevant for shutting down */
1760 const char **ret_shutdown_verb, /* … */
1761 FDSet **ret_fds, /* Return parameters for reexecuting */
1762 char **ret_switch_root_dir, /* … */
1763 char **ret_switch_root_init, /* … */
1764 const char **ret_error_message) {
1765
1766 int r;
1767
1768 assert(m);
1769 assert(ret_reexecute);
1770 assert(ret_retval);
1771 assert(ret_shutdown_verb);
1772 assert(ret_fds);
1773 assert(ret_switch_root_dir);
1774 assert(ret_switch_root_init);
1775 assert(ret_error_message);
1776
1777 for (;;) {
1778 r = manager_loop(m);
1779 if (r < 0) {
1780 *ret_error_message = "Failed to run main loop";
1781 return log_emergency_errno(r, "Failed to run main loop: %m");
1782 }
1783
1784 switch (m->exit_code) {
1785
1786 case MANAGER_RELOAD:
1787 log_info("Reloading.");
1788
1789 r = parse_config_file();
1790 if (r < 0)
1791 log_warning_errno(r, "Failed to parse config file, ignoring: %m");
1792
1793 set_manager_defaults(m);
1794
1795 r = manager_reload(m);
1796 if (r < 0)
1797 log_warning_errno(r, "Failed to reload, ignoring: %m");
1798
1799 break;
1800
1801 case MANAGER_REEXECUTE:
1802
1803 r = prepare_reexecute(m, &arg_serialization, ret_fds, false);
1804 if (r < 0) {
1805 *ret_error_message = "Failed to prepare for reexecution";
1806 return r;
1807 }
1808
1809 log_notice("Reexecuting.");
1810
1811 *ret_reexecute = true;
1812 *ret_retval = EXIT_SUCCESS;
1813 *ret_shutdown_verb = NULL;
1814 *ret_switch_root_dir = *ret_switch_root_init = NULL;
1815
1816 return 0;
1817
1818 case MANAGER_SWITCH_ROOT:
1819 if (!m->switch_root_init) {
1820 r = prepare_reexecute(m, &arg_serialization, ret_fds, true);
1821 if (r < 0) {
1822 *ret_error_message = "Failed to prepare for reexecution";
1823 return r;
1824 }
1825 } else
1826 *ret_fds = NULL;
1827
1828 log_notice("Switching root.");
1829
1830 *ret_reexecute = true;
1831 *ret_retval = EXIT_SUCCESS;
1832 *ret_shutdown_verb = NULL;
1833
1834 /* Steal the switch root parameters */
1835 *ret_switch_root_dir = m->switch_root;
1836 *ret_switch_root_init = m->switch_root_init;
1837 m->switch_root = m->switch_root_init = NULL;
1838
1839 return 0;
1840
1841 case MANAGER_EXIT:
1842
1843 if (MANAGER_IS_USER(m)) {
1844 log_debug("Exit.");
1845
1846 *ret_reexecute = false;
1847 *ret_retval = m->return_value;
1848 *ret_shutdown_verb = NULL;
1849 *ret_fds = NULL;
1850 *ret_switch_root_dir = *ret_switch_root_init = NULL;
1851
1852 return 0;
1853 }
1854
1855 _fallthrough_;
1856 case MANAGER_REBOOT:
1857 case MANAGER_POWEROFF:
1858 case MANAGER_HALT:
1859 case MANAGER_KEXEC: {
1860 static const char * const table[_MANAGER_EXIT_CODE_MAX] = {
1861 [MANAGER_EXIT] = "exit",
1862 [MANAGER_REBOOT] = "reboot",
1863 [MANAGER_POWEROFF] = "poweroff",
1864 [MANAGER_HALT] = "halt",
1865 [MANAGER_KEXEC] = "kexec"
1866 };
1867
1868 log_notice("Shutting down.");
1869
1870 *ret_reexecute = false;
1871 *ret_retval = m->return_value;
1872 assert_se(*ret_shutdown_verb = table[m->exit_code]);
1873 *ret_fds = NULL;
1874 *ret_switch_root_dir = *ret_switch_root_init = NULL;
1875
1876 return 0;
1877 }
1878
1879 default:
1880 assert_not_reached("Unknown exit code.");
1881 }
1882 }
1883}
1884
31aef7ff
LP		 1885static void log_execution_mode(bool *ret_first_boot) {
1886 assert(ret_first_boot);
1887
1888 if (arg_system) {
1889 int v;
1890
1891 log_info(PACKAGE_STRING " running in %ssystem mode. (" SYSTEMD_FEATURES ")",
1892 arg_action == ACTION_TEST ? "test " : "" );
1893
1894 v = detect_virtualization();
1895 if (v > 0)
1896 log_info("Detected virtualization %s.", virtualization_to_string(v));
1897
1898 log_info("Detected architecture %s.", architecture_to_string(uname_architecture()));
1899
1900 if (in_initrd()) {
1901 *ret_first_boot = false;
1902 log_info("Running in initial RAM disk.");
1903 } else {
1904 /* Let's check whether we are in first boot, i.e. whether /etc is still unpopulated. We use
1905 * /etc/machine-id as flag file, for this: if it exists we assume /etc is populated, if it
1906 * doesn't it's unpopulated. This allows container managers and installers to provision a
1907 * couple of files already. If the container manager wants to provision the machine ID itself
1908 * it should pass $container_uuid to PID 1. */
1909
1910 *ret_first_boot = access("/etc/machine-id", F_OK) < 0;
1911 if (*ret_first_boot)
1912 log_info("Running with unpopulated /etc.");
1913 }
1914 } else {
b9e90f3a
LP		 1915 if (DEBUG_LOGGING) {
1916 _cleanup_free_ char *t;
31aef7ff 1917
b9e90f3a
LP		 1918 t = uid_to_name(getuid());
1919 log_debug(PACKAGE_STRING " running in %suser mode for user " UID_FMT "/%s. (" SYSTEMD_FEATURES ")",
1920 arg_action == ACTION_TEST ? " test" : "", getuid(), strna(t));
1921 }
31aef7ff
LP		 1922
1923 *ret_first_boot = false;
1924 }
1925}
1926
5afbaa36
LP		 1927static int initialize_runtime(
1928 bool skip_setup,
1929 struct rlimit *saved_rlimit_nofile,
1930 struct rlimit *saved_rlimit_memlock,
1931 const char **ret_error_message) {
1932
1933 int r;
1934
1935 assert(ret_error_message);
1936
1937 /* Sets up various runtime parameters. Many of these initializations are conditionalized:
1938 *
1939 * - Some only apply to --system instances
1940 * - Some only apply to --user instances
1941 * - Some only apply when we first start up, but not when we reexecute
1942 */
1943
2d776038
LP		 1944 if (arg_action != ACTION_RUN)
1945 return 0;
1946
3c3c6cb9
LP		 1947 if (arg_system) {
1948 /* Make sure we leave a core dump without panicing the kernel. */
1949 install_crash_handler();
5afbaa36 1950
3c3c6cb9
LP		 1951 if (!skip_setup) {
1952 r = mount_cgroup_controllers(arg_join_controllers);
1953 if (r < 0) {
1954 *ret_error_message = "Failed to mount cgroup hierarchies";
1955 return r;
1956 }
1957
1958 status_welcome();
1959 hostname_setup();
1960 machine_id_setup(NULL, arg_machine_id, NULL);
1961 loopback_setup();
1962 bump_unix_max_dgram_qlen();
1963 test_usr();
1964 write_container_id();
1965 }
8a2c1fbf 1966
3c3c6cb9
LP		 1967 if (arg_watchdog_device) {
1968 r = watchdog_set_device(arg_watchdog_device);
1969 if (r < 0)
1970 log_warning_errno(r, "Failed to set watchdog device to %s, ignoring: %m", arg_watchdog_device);
1971 }
1972
1973 if (arg_runtime_watchdog > 0 && arg_runtime_watchdog != USEC_INFINITY)
1974 watchdog_set_timeout(&arg_runtime_watchdog);
1975 }
5afbaa36
LP		 1976
1977 if (arg_timer_slack_nsec != NSEC_INFINITY)
1978 if (prctl(PR_SET_TIMERSLACK, arg_timer_slack_nsec) < 0)
3a671cd1 1979 log_warning_errno(errno, "Failed to adjust timer slack, ignoring: %m");
5afbaa36
LP		 1980
1981 if (arg_system && !cap_test_all(arg_capability_bounding_set)) {
1982 r = capability_bounding_set_drop_usermode(arg_capability_bounding_set);
1983 if (r < 0) {
1984 *ret_error_message = "Failed to drop capability bounding set of usermode helpers";
1985 return log_emergency_errno(r, "Failed to drop capability bounding set of usermode helpers: %m");
1986 }
1987
1988 r = capability_bounding_set_drop(arg_capability_bounding_set, true);
1989 if (r < 0) {
1990 *ret_error_message = "Failed to drop capability bounding set";
1991 return log_emergency_errno(r, "Failed to drop capability bounding set: %m");
1992 }
1993 }
1994
1995 if (arg_syscall_archs) {
1996 r = enforce_syscall_archs(arg_syscall_archs);
1997 if (r < 0) {
1998 *ret_error_message = "Failed to set syscall architectures";
1999 return r;
2000 }
2001 }
2002
2003 if (!arg_system)
2004 /* Become reaper of our children */
2005 if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0)
2006 log_warning_errno(errno, "Failed to make us a subreaper: %m");
2007
2008 if (arg_system) {
2009 /* Bump up RLIMIT_NOFILE for systemd itself */
2010 (void) bump_rlimit_nofile(saved_rlimit_nofile);
2011 (void) bump_rlimit_memlock(saved_rlimit_memlock);
2012 }
2013
2014 return 0;
2015}
2016
6acca5fc
LP		 2017static int do_queue_default_job(
2018 Manager *m,
2019 const char **ret_error_message) {
2020
2021 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2022 Job *default_unit_job;
2023 Unit *target = NULL;
2024 int r;
2025
2026 log_debug("Activating default unit: %s", arg_default_unit);
2027
2028 r = manager_load_unit(m, arg_default_unit, NULL, &error, &target);
2029 if (r < 0)
2030 log_error("Failed to load default target: %s", bus_error_message(&error, r));
2031 else if (IN_SET(target->load_state, UNIT_ERROR, UNIT_NOT_FOUND))
2032 log_error_errno(target->load_error, "Failed to load default target: %m");
2033 else if (target->load_state == UNIT_MASKED)
2034 log_error("Default target masked.");
2035
2036 if (!target || target->load_state != UNIT_LOADED) {
2037 log_info("Trying to load rescue target...");
2038
2039 r = manager_load_unit(m, SPECIAL_RESCUE_TARGET, NULL, &error, &target);
2040 if (r < 0) {
2041 *ret_error_message = "Failed to load rescue target";
2042 return log_emergency_errno(r, "Failed to load rescue target: %s", bus_error_message(&error, r));
2043 } else if (IN_SET(target->load_state, UNIT_ERROR, UNIT_NOT_FOUND)) {
2044 *ret_error_message = "Failed to load rescue target";
2045 return log_emergency_errno(target->load_error, "Failed to load rescue target: %m");
2046 } else if (target->load_state == UNIT_MASKED) {
2047 *ret_error_message = "Rescue target masked";
2048 log_emergency("Rescue target masked.");
2049 return -ERFKILL;
2050 }
2051 }
2052
2053 assert(target->load_state == UNIT_LOADED);
2054
2055 r = manager_add_job(m, JOB_START, target, JOB_ISOLATE, &error, &default_unit_job);
2056 if (r == -EPERM) {
2057 log_debug_errno(r, "Default target could not be isolated, starting instead: %s", bus_error_message(&error, r));
2058
2059 sd_bus_error_free(&error);
2060
2061 r = manager_add_job(m, JOB_START, target, JOB_REPLACE, &error, &default_unit_job);
2062 if (r < 0) {
2063 *ret_error_message = "Failed to start default target";
2064 return log_emergency_errno(r, "Failed to start default target: %s", bus_error_message(&error, r));
2065 }
2066
2067 } else if (r < 0) {
2068 *ret_error_message = "Failed to isolate default target";
2069 return log_emergency_errno(r, "Failed to isolate default target: %s", bus_error_message(&error, r));
2070 }
2071
2072 m->default_unit_job_id = default_unit_job->id;
2073
2074 return 0;
2075}
2076
970777b5
LP		 2077static void free_arguments(void) {
2078 size_t j;
2079
2080 /* Frees all arg_* variables, with the exception of arg_serialization */
2081
2082 for (j = 0; j < ELEMENTSOF(arg_default_rlimit); j++)
2083 arg_default_rlimit[j] = mfree(arg_default_rlimit[j]);
2084
2085 arg_default_unit = mfree(arg_default_unit);
2086 arg_confirm_spawn = mfree(arg_confirm_spawn);
2087 arg_join_controllers = strv_free_free(arg_join_controllers);
2088 arg_default_environment = strv_free(arg_default_environment);
2089 arg_syscall_archs = set_free(arg_syscall_archs);
2090}
2091
97d1fb94
LP		 2092static int load_configuration(int argc, char **argv, const char **ret_error_message) {
2093 int r;
2094
2095 assert(ret_error_message);
2096
6f101b56
LP		 2097 r = initialize_join_controllers();
2098 if (r < 0) {
2099 *ret_error_message = "Failed to initialize cgroup controller joining table";
2100 return r;
2101 }
2102
97d1fb94
LP		 2103 arg_default_tasks_max = system_tasks_max_scale(DEFAULT_TASKS_MAX_PERCENTAGE, 100U);
2104
2105 r = parse_config_file();
2106 if (r < 0) {
2107 *ret_error_message = "Failed to parse config file";
2108 return r;
2109 }
2110
2111 if (arg_system) {
2112 r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, 0);
2113 if (r < 0)
2114 log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
2115 }
2116
2117 /* Note that this also parses bits from the kernel command line, including "debug". */
2118 log_parse_environment();
2119
2120 r = parse_argv(argc, argv);
2121 if (r < 0) {
2122 *ret_error_message = "Failed to parse commandline arguments";
2123 return r;
2124 }
2125
2126 /* Initialize default unit */
2127 if (!arg_default_unit) {
2128 arg_default_unit = strdup(SPECIAL_DEFAULT_TARGET);
2129 if (!arg_default_unit) {
2130 *ret_error_message = "Failed to set default unit";
2131 return log_oom();
2132 }
2133 }
2134
db33214b
LP		 2135 /* Initialize the show status setting if it hasn't been set explicitly yet */
2136 if (arg_show_status == _SHOW_STATUS_UNSET)
2137 arg_show_status = SHOW_STATUS_YES;
2138
97d1fb94
LP		 2139 return 0;
2140}
2141
b0d7c989
LP		 2142static int safety_checks(void) {
2143
febf46a4
LP		 2144 if (getpid_cached() == 1 &&
2145 arg_action != ACTION_RUN) {
2146 log_error("Unsupported execution mode while PID 1.");
2147 return -EPERM;
2148 }
2149
2150 if (getpid_cached() == 1 &&
2151 !arg_system) {
2152 log_error("Can't run --user mode as PID 1.");
2153 return -EPERM;
2154 }
2155
2156 if (arg_action == ACTION_RUN &&
2157 arg_system &&
2158 getpid_cached() != 1) {
2159 log_error("Can't run system mode unless PID 1.");
2160 return -EPERM;
2161 }
2162
b0d7c989
LP		 2163 if (arg_action == ACTION_TEST &&
2164 geteuid() == 0) {
2165 log_error("Don't run test mode as root.");
2166 return -EPERM;
2167 }
2168
2169 if (!arg_system &&
2170 arg_action == ACTION_RUN &&
2171 sd_booted() <= 0) {
2172 log_error("Trying to run as user instance, but the system has not been booted with systemd.");
2173 return -EOPNOTSUPP;
2174 }
2175
2176 if (!arg_system &&
2177 arg_action == ACTION_RUN &&
2178 !getenv("XDG_RUNTIME_DIR")) {
2179 log_error("Trying to run as user instance, but $XDG_RUNTIME_DIR is not set.");
2180 return -EUNATCH;
2181 }
2182
2183 if (arg_system &&
2184 arg_action == ACTION_RUN &&
2185 running_in_chroot() > 0) {
2186 log_error("Cannot be run in a chroot() environment.");
2187 return -EOPNOTSUPP;
2188 }
2189
2190 return 0;
2191}
2192
74da609f
LP		 2193static int initialize_security(
2194 bool *loaded_policy,
2195 dual_timestamp *security_start_timestamp,
2196 dual_timestamp *security_finish_timestamp,
2197 const char **ret_error_message) {
2198
2199 int r;
2200
2201 assert(loaded_policy);
2202 assert(security_start_timestamp);
2203 assert(security_finish_timestamp);
2204 assert(ret_error_message);
2205
2206 dual_timestamp_get(security_start_timestamp);
2207
97149f40 2208 r = mac_selinux_setup(loaded_policy);
74da609f
LP		 2209 if (r < 0) {
2210 *ret_error_message = "Failed to load SELinux policy";
2211 return r;
2212 }
2213
2214 r = mac_smack_setup(loaded_policy);
2215 if (r < 0) {
2216 *ret_error_message = "Failed to load SMACK policy";
2217 return r;
2218 }
2219
2220 r = ima_setup();
2221 if (r < 0) {
2222 *ret_error_message = "Failed to load IMA policy";
2223 return r;
2224 }
2225
2226 dual_timestamp_get(security_finish_timestamp);
2227 return 0;
2228}
2229
263162da
LP		 2230static void test_summary(Manager *m) {
2231 assert(m);
2232
2233 printf("-> By units:\n");
2234 manager_dump_units(m, stdout, "\t");
2235
2236 printf("-> By jobs:\n");
2237 manager_dump_jobs(m, stdout, "\t");
2238}
2239
efeb853f
LP		 2240static int collect_fds(FDSet **ret_fds, const char **ret_error_message) {
2241 int r;
2242
2243 assert(ret_fds);
2244 assert(ret_error_message);
2245
2246 r = fdset_new_fill(ret_fds);
2247 if (r < 0) {
2248 *ret_error_message = "Failed to allocate fd set";
2249 return log_emergency_errno(r, "Failed to allocate fd set: %m");
2250 }
2251
2252 fdset_cloexec(*ret_fds, true);
2253
2254 if (arg_serialization)
2255 assert_se(fdset_remove(*ret_fds, fileno(arg_serialization)) >= 0);
2256
2257 return 0;
2258}
2259
2e51b31c
LP		 2260static void setup_console_terminal(bool skip_setup) {
2261
2262 if (!arg_system)
2263 return;
2264
2265 /* Become a session leader if we aren't one yet. */
2266 (void) setsid();
2267
2268 /* If we are init, we connect stdin/stdout/stderr to /dev/null and make sure we don't have a controlling
2269 * tty. */
2270 (void) release_terminal();
2271
2272 /* Reset the console, but only if this is really init and we are freshly booted */
2273 if (getpid_cached() == 1 && !skip_setup)
2274 (void) console_setup();
2275}
2276
aa40ff07
LP		 2277static bool early_skip_setup_check(int argc, char *argv[]) {
2278 bool found_deserialize = false;
2279 int i;
2280
2281 /* Determine if this is a reexecution or normal bootup. We do the full command line parsing much later, so
2282 * let's just have a quick peek here. Note that if we have switched root, do all the special setup things
2283 * anyway, even if in that case we also do deserialization. */
2284
2285 for (i = 1; i < argc; i++) {
2286
2287 if (streq(argv[i], "--switched-root"))
2288 return false; /* If we switched root, don't skip the setup. */
2289 else if (streq(argv[i], "--deserialize"))
2290 found_deserialize = true;
2291 }
2292
2293 return found_deserialize; /* When we are deserializing, then we are reexecuting, hence avoid the extensive setup */
2294}
2295
60918275 2296int main(int argc, char *argv[]) {
625e8690
LP		 2297
2298 dual_timestamp initrd_timestamp = DUAL_TIMESTAMP_NULL, userspace_timestamp = DUAL_TIMESTAMP_NULL, kernel_timestamp = DUAL_TIMESTAMP_NULL,
2299 security_start_timestamp = DUAL_TIMESTAMP_NULL, security_finish_timestamp = DUAL_TIMESTAMP_NULL;
2300 struct rlimit saved_rlimit_nofile = RLIMIT_MAKE_CONST(0), saved_rlimit_memlock = RLIMIT_MAKE_CONST((rlim_t) -1);
2301 bool skip_setup, loaded_policy = false, queue_default_job = false, first_boot = false, reexecute = false;
2302 char *switch_root_dir = NULL, *switch_root_init = NULL;
9d76d730 2303 usec_t before_startup, after_startup;
625e8690 2304 static char systemd[] = "systemd";
9d76d730 2305 char timespan[FORMAT_TIMESPAN_MAX];
625e8690
LP		 2306 const char *shutdown_verb = NULL, *error_message = NULL;
2307 int r, retval = EXIT_FAILURE;
2308 Manager *m = NULL;
a16e1123 2309 FDSet *fds = NULL;
27b14a22 2310
d72a8f10 2311 /* SysV compatibility: redirect init → telinit */
6808a0bc 2312 redirect_telinit(argc, argv);
2cb1a60d 2313
d72a8f10 2314 /* Take timestamps early on */
c3a170f3
HH		 2315 dual_timestamp_from_monotonic(&kernel_timestamp, 0);
2316 dual_timestamp_get(&userspace_timestamp);
2317
d72a8f10
LP		 2318 /* Figure out whether we need to do initialize the system, or if we already did that because we are
2319 * reexecuting */
aa40ff07 2320 skip_setup = early_skip_setup_check(argc, argv);
d03bc1b8 2321
d72a8f10
LP		 2322 /* If we get started via the /sbin/init symlink then we are called 'init'. After a subsequent reexecution we
2323 * are then called 'systemd'. That is confusing, hence let's call us systemd right-away. */
f3b6a3ed 2324 program_invocation_short_name = systemd;
eee8b7ab 2325 (void) prctl(PR_SET_NAME, systemd);
5d6b1584 2326
d72a8f10 2327 /* Save the original command line */
9a0e6896
LP		 2328 saved_argv = argv;
2329 saved_argc = argc;
f3b6a3ed 2330
c1dc6153 2331 log_set_upgrade_syslog_to_journal(true);
bbe63281 2332
df0ff127 2333 if (getpid_cached() == 1) {
48a601fe 2334 /* Disable the umask logic */
90dc8c2e
MG		 2335 umask(0);
2336
48a601fe
LP		 2337 /* Always reopen /dev/console when running as PID 1 or one of its pre-execve() children. This is
2338 * important so that we never end up logging to any foreign stderr, for example if we have to log in a
2339 * child process right before execve()'ing the actual binary, at a point in time where socket
2340 * activation stderr/stdout area already set up. */
2341 log_set_always_reopen_console(true);
2342 }
2343
df0ff127 2344 if (getpid_cached() == 1 && detect_container() <= 0) {
4f8d551f 2345
a866073d 2346 /* Running outside of a container as PID 1 */
463d0d15 2347 arg_system = true;
a866073d
LP		 2348 log_set_target(LOG_TARGET_KMSG);
2349 log_open();
2350
21bf2ab0 2351 if (in_initrd())
c3a170f3 2352 initrd_timestamp = userspace_timestamp;
c3ba6250 2353
2660882b 2354 if (!skip_setup) {
d723cd65
AK		 2355 r = mount_setup_early();
2356 if (r < 0) {
eee8b7ab 2357 error_message = "Failed to mount early API filesystems";
d723cd65
AK		 2358 goto finish;
2359 }
eee8b7ab 2360
74da609f
LP		 2361 r = initialize_security(
2362 &loaded_policy,
2363 &security_start_timestamp,
2364 &security_finish_timestamp,
2365 &error_message);
2366 if (r < 0)
96694e99 2367 goto finish;
81611586 2368 }
0b3325e7 2369
c3dacc8b 2370 if (mac_selinux_init() < 0) {
cb6531be 2371 error_message = "Failed to initialize SELinux policy";
0ff4cdd9 2372 goto finish;
cb6531be 2373 }
7948c4df 2374
e839bafd
LP		 2375 if (!skip_setup)
2376 initialize_clock();
a866073d
LP		 2377
2378 /* Set the default for later on, but don't actually
2379 * open the logs like this for now. Note that if we
2380 * are transitioning from the initrd there might still
2381 * be journal fd open, and we shouldn't attempt
2382 * opening that before we parsed /proc/cmdline which
2383 * might redirect output elsewhere. */
2384 log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
2385
df0ff127 2386 } else if (getpid_cached() == 1) {
a866073d 2387 /* Running inside a container, as PID 1 */
463d0d15 2388 arg_system = true;
a866073d 2389 log_set_target(LOG_TARGET_CONSOLE);
99f09825 2390 log_close_console(); /* force reopen of /dev/console */
a866073d
LP		 2391 log_open();
2392
eee8b7ab 2393 /* For later on, see above... */
a866073d
LP		 2394 log_set_target(LOG_TARGET_JOURNAL);
2395
c3a170f3
HH		 2396 /* clear the kernel timestamp,
2397 * because we are in a container */
0f5f63c3 2398 kernel_timestamp = DUAL_TIMESTAMP_NULL;
c3a170f3 2399 } else {
a866073d 2400 /* Running as user instance */
463d0d15 2401 arg_system = false;
eeecf6e6 2402 log_set_target(LOG_TARGET_AUTO);
871e5809 2403 log_open();
c3a170f3
HH		 2404
2405 /* clear the kernel timestamp,
2406 * because we are not PID 1 */
6513d561 2407 kernel_timestamp = DUAL_TIMESTAMP_NULL;
bbe63281 2408 }
a5dab5ce 2409
1e41242e 2410 initialize_coredump(skip_setup);
15a90032 2411
43db615b
LP		 2412 r = fixup_environment();
2413 if (r < 0) {
2414 log_emergency_errno(r, "Failed to fix up PID 1 environment: %m");
2415 error_message = "Failed to fix up PID1 environment";
2416 goto finish;
2417 }
2418
6edefe0b 2419 if (arg_system) {
32391275 2420
3a18b604
FB		 2421 /* Try to figure out if we can use colors with the console. No
2422 * need to do that for user instances since they never log
2423 * into the console. */
2424 log_show_color(colors_enabled());
c76cf844
AK		 2425 r = make_null_stdio();
2426 if (r < 0)
2427 log_warning_errno(r, "Failed to redirect standard streams to /dev/null: %m");
3a18b604
FB		 2428 }
2429
f170852a
LP		 2430 /* Mount /proc, /sys and friends, so that /proc/cmdline and
2431 * /proc/$PID/fd is available. */
df0ff127 2432 if (getpid_cached() == 1) {
f84f9974 2433
a132bef0 2434 /* Load the kernel modules early. */
2e75e2a8
DM		 2435 if (!skip_setup)
2436 kmod_setup();
2e75e2a8 2437
0c85a4f3 2438 r = mount_setup(loaded_policy);
cb6531be
ZJS		 2439 if (r < 0) {
2440 error_message = "Failed to mount API filesystems";
8efe3c01 2441 goto finish;
cb6531be 2442 }
0c85a4f3 2443 }
4ade7963
LP		 2444
2445 /* Reset all signal handlers. */
ce30c8dc
LP		 2446 (void) reset_all_signal_handlers();
2447 (void) ignore_signals(SIGNALS_IGNORE, -1);
078e4539 2448
97d1fb94
LP		 2449 r = load_configuration(argc, argv, &error_message);
2450 if (r < 0)
f170852a 2451 goto finish;
10c961b9 2452
b0d7c989
LP		 2453 r = safety_checks();
2454 if (r < 0)
fe783b03 2455 goto finish;
fe783b03 2456
5625c18a 2457 if (IN_SET(arg_action, ACTION_TEST, ACTION_HELP, ACTION_DUMP_CONFIGURATION_ITEMS))
ea4b98e6 2458 pager_open(arg_no_pager, false);
b0d7c989
LP		 2459
2460 if (arg_action != ACTION_RUN)
74e7579c 2461 skip_setup = true;
b87c2aa6 2462
fa0f4d8a 2463 if (arg_action == ACTION_HELP) {
f170852a
LP		 2464 retval = help();
2465 goto finish;
9ba0bc4e
ZJS		 2466 } else if (arg_action == ACTION_VERSION) {
2467 retval = version();
2468 goto finish;
fa0f4d8a 2469 } else if (arg_action == ACTION_DUMP_CONFIGURATION_ITEMS) {
e537352b 2470 unit_dump_config_items(stdout);
22f4096c 2471 retval = EXIT_SUCCESS;
e537352b 2472 goto finish;
f170852a
LP		 2473 }
2474
4c701096 2475 assert_se(IN_SET(arg_action, ACTION_RUN, ACTION_TEST));
f170852a 2476
5a2e0c62
LP		 2477 /* Move out of the way, so that we won't block unmounts */
2478 assert_se(chdir("/") == 0);
2479
dea374e8 2480 if (arg_action == ACTION_RUN) {
a70c72a0 2481
efeb853f 2482 /* Close logging fds, in order not to confuse collecting passed fds and terminal logic below */
a70c72a0
LP		 2483 log_close();
2484
2485 /* Remember open file descriptors for later deserialization */
efeb853f
LP		 2486 r = collect_fds(&fds, &error_message);
2487 if (r < 0)
dea374e8 2488 goto finish;
a16e1123 2489
2e51b31c
LP		 2490 /* Give up any control of the console, but make sure its initialized. */
2491 setup_console_terminal(skip_setup);
56d96fc0 2492
a70c72a0
LP		 2493 /* Open the logging devices, if possible and necessary */
2494 log_open();
56d96fc0 2495 }
4ade7963 2496
31aef7ff 2497 log_execution_mode(&first_boot);
a5dab5ce 2498
2d776038
LP		 2499 r = initialize_runtime(skip_setup,
2500 &saved_rlimit_nofile,
2501 &saved_rlimit_memlock,
2502 &error_message);
2503 if (r < 0)
2504 goto finish;
4096d6f5 2505
e0a3da1f
ZJS		 2506 r = manager_new(arg_system ? UNIT_FILE_SYSTEM : UNIT_FILE_USER,
2507 arg_action == ACTION_TEST ? MANAGER_TEST_FULL : 0,
2508 &m);
e96d6be7 2509 if (r < 0) {
da927ba9 2510 log_emergency_errno(r, "Failed to allocate manager object: %m");
cb6531be 2511 error_message = "Failed to allocate manager object";
60918275
LP		 2512 goto finish;
2513 }
2514
9f9f0342
LP		 2515 m->timestamps[MANAGER_TIMESTAMP_KERNEL] = kernel_timestamp;
2516 m->timestamps[MANAGER_TIMESTAMP_INITRD] = initrd_timestamp;
2517 m->timestamps[MANAGER_TIMESTAMP_USERSPACE] = userspace_timestamp;
2518 m->timestamps[MANAGER_TIMESTAMP_SECURITY_START] = security_start_timestamp;
2519 m->timestamps[MANAGER_TIMESTAMP_SECURITY_FINISH] = security_finish_timestamp;
9e58ff9c 2520
85cb4151 2521 set_manager_defaults(m);
7b46fc6a 2522 set_manager_settings(m);
fd130612 2523 manager_set_first_boot(m, first_boot);
27d340c7 2524
bf4df7c3 2525 /* Remember whether we should queue the default job */
d3b1c508 2526 queue_default_job = !arg_serialization || arg_switched_root;
bf4df7c3 2527
9d76d730
LP		 2528 before_startup = now(CLOCK_MONOTONIC);
2529
d3b1c508 2530 r = manager_startup(m, arg_serialization, fds);
58f88d92 2531 if (r < 0) {
da927ba9 2532 log_error_errno(r, "Failed to fully start up daemon: %m");
cefb3eda 2533 error_message = "Failed to start up manager";
58f88d92
ZJS		 2534 goto finish;
2535 }
a16e1123 2536
6acca5fc 2537 /* This will close all file descriptors that were opened, but not claimed by any unit. */
2feceb5e 2538 fds = fdset_free(fds);
74ca738f 2539 arg_serialization = safe_fclose(arg_serialization);
bf4df7c3
LP		 2540
2541 if (queue_default_job) {
6acca5fc 2542 r = do_queue_default_job(m, &error_message);
718db961 2543 if (r < 0)
37d88da7 2544 goto finish;
6acca5fc 2545 }
ab17a050 2546
6acca5fc 2547 after_startup = now(CLOCK_MONOTONIC);
60918275 2548
6acca5fc
LP		 2549 log_full(arg_action == ACTION_TEST ? LOG_INFO : LOG_DEBUG,
2550 "Loaded units and determined initial transaction in %s.",
2551 format_timespan(timespan, sizeof(timespan), after_startup - before_startup, 100 * USEC_PER_MSEC));
07672f49 2552
6acca5fc 2553 if (arg_action == ACTION_TEST) {
263162da 2554 test_summary(m);
6acca5fc
LP		 2555 retval = EXIT_SUCCESS;
2556 goto finish;
e965d56d 2557 }
d46de8a1 2558
3046b6db
LP		 2559 (void) invoke_main_loop(m,
2560 &reexecute,
2561 &retval,
2562 &shutdown_verb,
2563 &fds,
2564 &switch_root_dir,
2565 &switch_root_init,
2566 &error_message);
f170852a 2567
60918275 2568finish:
b87c2aa6
ZJS		 2569 pager_close();
2570
97792515 2571 if (m)
81f5fc2d 2572 arg_shutdown_watchdog = m->shutdown_watchdog;
fe382237 2573
06d8d842 2574 m = manager_free(m);
60918275 2575
970777b5 2576 free_arguments();
cc56fafe 2577 mac_selinux_finish();
b2bb3dbe 2578
3c7878f9
LP		 2579 if (reexecute)
2580 do_reexecute(argc, argv,
2581 &saved_rlimit_nofile,
2582 &saved_rlimit_memlock,
2583 fds,
2584 switch_root_dir,
2585 switch_root_init,
2586 &error_message); /* This only returns if reexecution failed */
a16e1123 2587
74ca738f 2588 arg_serialization = safe_fclose(arg_serialization);
2feceb5e 2589 fds = fdset_free(fds);
a16e1123 2590
349cc4a5 2591#if HAVE_VALGRIND_VALGRIND_H
54b434b1
LP		 2592 /* If we are PID 1 and running under valgrind, then let's exit
2593 * here explicitly. valgrind will only generate nice output on
2594 * exit(), not on exec(), hence let's do the former not the
2595 * latter here. */
8a2c1fbf
EJ		 2596 if (getpid_cached() == 1 && RUNNING_ON_VALGRIND) {
2597 /* Cleanup watchdog_device strings for valgrind. We need them
2598 * in become_shutdown() so normally we cannot free them yet. */
2599 watchdog_free_device();
2600 arg_watchdog_device = mfree(arg_watchdog_device);
54b434b1 2601 return 0;
8a2c1fbf 2602 }
54b434b1
LP		 2603#endif
2604
b9080b03 2605 if (shutdown_verb) {
7eb35049 2606 r = become_shutdown(shutdown_verb, retval);
ad929bcc 2607
4a36297c 2608 log_error_errno(r, "Failed to execute shutdown binary, %s: %m", getpid_cached() == 1 ? "freezing" : "quitting");
9b9881d7 2609 error_message = "Failed to execute shutdown binary";
b9080b03
FF		 2610 }
2611
8a2c1fbf
EJ		 2612 watchdog_free_device();
2613 arg_watchdog_device = mfree(arg_watchdog_device);
2614
df0ff127 2615 if (getpid_cached() == 1) {
cb6531be
ZJS		 2616 if (error_message)
2617 manager_status_printf(NULL, STATUS_TYPE_EMERGENCY,
1fc464f6 2618 ANSI_HIGHLIGHT_RED "!!!!!!" ANSI_NORMAL,
cb6531be 2619 "%s, freezing.", error_message);
b9e74c39 2620 freeze_or_reboot();
cb6531be 2621 }
c3b3c274 2622
60918275
LP		 2623 return retval;
2624}
Unnamed repository; edit this file 'description' to name the repository.