1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2010 Lennart Poettering
10 #include <stdio_ext.h>
17 #include "alloc-util.h"
20 #include "capability-util.h"
21 #include "cpu-set-util.h"
22 #include "dbus-execute.h"
23 #include "dbus-util.h"
25 #include "errno-list.h"
30 #include "hexdecoct.h"
33 #include "journal-util.h"
35 #include "mount-util.h"
36 #include "namespace.h"
37 #include "parse-util.h"
38 #include "path-util.h"
39 #include "process-util.h"
40 #include "rlimit-util.h"
42 #include "seccomp-util.h"
44 #include "securebits-util.h"
45 #include "specifier.h"
47 #include "syslog-util.h"
48 #include "unit-printf.h"
49 #include "user-util.h"
52 BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_exec_output
, exec_output
, ExecOutput
);
53 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_input
, exec_input
, ExecInput
);
55 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_utmp_mode
, exec_utmp_mode
, ExecUtmpMode
);
56 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_preserve_mode
, exec_preserve_mode
, ExecPreserveMode
);
57 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_keyring_mode
, exec_keyring_mode
, ExecKeyringMode
);
59 static BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_protect_home
, protect_home
, ProtectHome
);
60 static BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_protect_system
, protect_system
, ProtectSystem
);
62 static int property_get_environment_files(
65 const char *interface
,
67 sd_bus_message
*reply
,
69 sd_bus_error
*error
) {
71 ExecContext
*c
= userdata
;
79 r
= sd_bus_message_open_container(reply
, 'a', "(sb)");
83 STRV_FOREACH(j
, c
->environment_files
) {
86 r
= sd_bus_message_append(reply
, "(sb)", fn
[0] == '-' ? fn
+ 1 : fn
, fn
[0] == '-');
91 return sd_bus_message_close_container(reply
);
94 static int property_get_oom_score_adjust(
97 const char *interface
,
99 sd_bus_message
*reply
,
101 sd_bus_error
*error
) {
104 ExecContext
*c
= userdata
;
111 if (c
->oom_score_adjust_set
)
112 n
= c
->oom_score_adjust
;
114 _cleanup_free_
char *t
= NULL
;
117 if (read_one_line_file("/proc/self/oom_score_adj", &t
) >= 0)
121 return sd_bus_message_append(reply
, "i", n
);
124 static int property_get_nice(
127 const char *interface
,
128 const char *property
,
129 sd_bus_message
*reply
,
131 sd_bus_error
*error
) {
134 ExecContext
*c
= userdata
;
145 n
= getpriority(PRIO_PROCESS
, 0);
150 return sd_bus_message_append(reply
, "i", n
);
153 static int property_get_ioprio(
156 const char *interface
,
157 const char *property
,
158 sd_bus_message
*reply
,
160 sd_bus_error
*error
) {
163 ExecContext
*c
= userdata
;
169 return sd_bus_message_append(reply
, "i", exec_context_get_effective_ioprio(c
));
172 static int property_get_ioprio_class(
175 const char *interface
,
176 const char *property
,
177 sd_bus_message
*reply
,
179 sd_bus_error
*error
) {
182 ExecContext
*c
= userdata
;
188 return sd_bus_message_append(reply
, "i", IOPRIO_PRIO_CLASS(exec_context_get_effective_ioprio(c
)));
191 static int property_get_ioprio_priority(
194 const char *interface
,
195 const char *property
,
196 sd_bus_message
*reply
,
198 sd_bus_error
*error
) {
201 ExecContext
*c
= userdata
;
207 return sd_bus_message_append(reply
, "i", IOPRIO_PRIO_DATA(exec_context_get_effective_ioprio(c
)));
210 static int property_get_cpu_sched_policy(
213 const char *interface
,
214 const char *property
,
215 sd_bus_message
*reply
,
217 sd_bus_error
*error
) {
219 ExecContext
*c
= userdata
;
226 if (c
->cpu_sched_set
)
227 n
= c
->cpu_sched_policy
;
229 n
= sched_getscheduler(0);
234 return sd_bus_message_append(reply
, "i", n
);
237 static int property_get_cpu_sched_priority(
240 const char *interface
,
241 const char *property
,
242 sd_bus_message
*reply
,
244 sd_bus_error
*error
) {
246 ExecContext
*c
= userdata
;
253 if (c
->cpu_sched_set
)
254 n
= c
->cpu_sched_priority
;
256 struct sched_param p
= {};
258 if (sched_getparam(0, &p
) >= 0)
259 n
= p
.sched_priority
;
264 return sd_bus_message_append(reply
, "i", n
);
267 static int property_get_cpu_affinity(
270 const char *interface
,
271 const char *property
,
272 sd_bus_message
*reply
,
274 sd_bus_error
*error
) {
276 ExecContext
*c
= userdata
;
283 return sd_bus_message_append_array(reply
, 'y', c
->cpuset
, CPU_ALLOC_SIZE(c
->cpuset_ncpus
));
285 return sd_bus_message_append_array(reply
, 'y', NULL
, 0);
288 static int property_get_timer_slack_nsec(
291 const char *interface
,
292 const char *property
,
293 sd_bus_message
*reply
,
295 sd_bus_error
*error
) {
297 ExecContext
*c
= userdata
;
304 if (c
->timer_slack_nsec
!= NSEC_INFINITY
)
305 u
= (uint64_t) c
->timer_slack_nsec
;
307 u
= (uint64_t) prctl(PR_GET_TIMERSLACK
);
309 return sd_bus_message_append(reply
, "t", u
);
312 static int property_get_capability_bounding_set(
315 const char *interface
,
316 const char *property
,
317 sd_bus_message
*reply
,
319 sd_bus_error
*error
) {
321 ExecContext
*c
= userdata
;
327 return sd_bus_message_append(reply
, "t", c
->capability_bounding_set
);
330 static int property_get_ambient_capabilities(
333 const char *interface
,
334 const char *property
,
335 sd_bus_message
*reply
,
337 sd_bus_error
*error
) {
339 ExecContext
*c
= userdata
;
345 return sd_bus_message_append(reply
, "t", c
->capability_ambient_set
);
348 static int property_get_empty_string(
351 const char *interface
,
352 const char *property
,
353 sd_bus_message
*reply
,
355 sd_bus_error
*error
) {
360 return sd_bus_message_append(reply
, "s", "");
363 static int property_get_syscall_filter(
366 const char *interface
,
367 const char *property
,
368 sd_bus_message
*reply
,
370 sd_bus_error
*error
) {
372 ExecContext
*c
= userdata
;
373 _cleanup_strv_free_
char **l
= NULL
;
385 r
= sd_bus_message_open_container(reply
, 'r', "bas");
389 r
= sd_bus_message_append(reply
, "b", c
->syscall_whitelist
);
394 HASHMAP_FOREACH_KEY(val
, id
, c
->syscall_filter
, i
) {
395 _cleanup_free_
char *name
= NULL
;
396 const char *e
= NULL
;
398 int num
= PTR_TO_INT(val
);
400 name
= seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE
, PTR_TO_INT(id
) - 1);
405 e
= errno_to_name(num
);
407 s
= strjoin(name
, ":", e
);
411 r
= asprintf(&s
, "%s:%d", name
, num
);
418 r
= strv_consume(&l
, s
);
426 r
= sd_bus_message_append_strv(reply
, l
);
430 return sd_bus_message_close_container(reply
);
433 static int property_get_syscall_archs(
436 const char *interface
,
437 const char *property
,
438 sd_bus_message
*reply
,
440 sd_bus_error
*error
) {
442 ExecContext
*c
= userdata
;
443 _cleanup_strv_free_
char **l
= NULL
;
456 SET_FOREACH(id
, c
->syscall_archs
, i
) {
459 name
= seccomp_arch_to_string(PTR_TO_UINT32(id
) - 1);
463 r
= strv_extend(&l
, name
);
471 r
= sd_bus_message_append_strv(reply
, l
);
478 static int property_get_syscall_errno(
481 const char *interface
,
482 const char *property
,
483 sd_bus_message
*reply
,
485 sd_bus_error
*error
) {
487 ExecContext
*c
= userdata
;
493 return sd_bus_message_append(reply
, "i", (int32_t) c
->syscall_errno
);
496 static int property_get_selinux_context(
499 const char *interface
,
500 const char *property
,
501 sd_bus_message
*reply
,
503 sd_bus_error
*error
) {
505 ExecContext
*c
= userdata
;
511 return sd_bus_message_append(reply
, "(bs)", c
->selinux_context_ignore
, c
->selinux_context
);
514 static int property_get_apparmor_profile(
517 const char *interface
,
518 const char *property
,
519 sd_bus_message
*reply
,
521 sd_bus_error
*error
) {
523 ExecContext
*c
= userdata
;
529 return sd_bus_message_append(reply
, "(bs)", c
->apparmor_profile_ignore
, c
->apparmor_profile
);
532 static int property_get_smack_process_label(
535 const char *interface
,
536 const char *property
,
537 sd_bus_message
*reply
,
539 sd_bus_error
*error
) {
541 ExecContext
*c
= userdata
;
547 return sd_bus_message_append(reply
, "(bs)", c
->smack_process_label_ignore
, c
->smack_process_label
);
550 static int property_get_personality(
553 const char *interface
,
554 const char *property
,
555 sd_bus_message
*reply
,
557 sd_bus_error
*error
) {
559 ExecContext
*c
= userdata
;
565 return sd_bus_message_append(reply
, "s", personality_to_string(c
->personality
));
568 static int property_get_address_families(
571 const char *interface
,
572 const char *property
,
573 sd_bus_message
*reply
,
575 sd_bus_error
*error
) {
577 ExecContext
*c
= userdata
;
578 _cleanup_strv_free_
char **l
= NULL
;
587 r
= sd_bus_message_open_container(reply
, 'r', "bas");
591 r
= sd_bus_message_append(reply
, "b", c
->address_families_whitelist
);
595 SET_FOREACH(af
, c
->address_families
, i
) {
598 name
= af_to_name(PTR_TO_INT(af
));
602 r
= strv_extend(&l
, name
);
609 r
= sd_bus_message_append_strv(reply
, l
);
613 return sd_bus_message_close_container(reply
);
616 static int property_get_working_directory(
619 const char *interface
,
620 const char *property
,
621 sd_bus_message
*reply
,
623 sd_bus_error
*error
) {
625 ExecContext
*c
= userdata
;
632 if (c
->working_directory_home
)
635 wd
= c
->working_directory
;
637 if (c
->working_directory_missing_ok
)
638 wd
= strjoina("!", wd
);
640 return sd_bus_message_append(reply
, "s", wd
);
643 static int property_get_syslog_level(
646 const char *interface
,
647 const char *property
,
648 sd_bus_message
*reply
,
650 sd_bus_error
*error
) {
652 ExecContext
*c
= userdata
;
658 return sd_bus_message_append(reply
, "i", LOG_PRI(c
->syslog_priority
));
661 static int property_get_syslog_facility(
664 const char *interface
,
665 const char *property
,
666 sd_bus_message
*reply
,
668 sd_bus_error
*error
) {
670 ExecContext
*c
= userdata
;
676 return sd_bus_message_append(reply
, "i", LOG_FAC(c
->syslog_priority
));
679 static int property_get_stdio_fdname(
682 const char *interface
,
683 const char *property
,
684 sd_bus_message
*reply
,
686 sd_bus_error
*error
) {
688 ExecContext
*c
= userdata
;
696 if (streq(property
, "StandardInputFileDescriptorName"))
697 fileno
= STDIN_FILENO
;
698 else if (streq(property
, "StandardOutputFileDescriptorName"))
699 fileno
= STDOUT_FILENO
;
701 assert(streq(property
, "StandardErrorFileDescriptorName"));
702 fileno
= STDERR_FILENO
;
705 return sd_bus_message_append(reply
, "s", exec_context_fdname(c
, fileno
));
708 static int property_get_input_data(
711 const char *interface
,
712 const char *property
,
713 sd_bus_message
*reply
,
715 sd_bus_error
*error
) {
717 ExecContext
*c
= userdata
;
724 return sd_bus_message_append_array(reply
, 'y', c
->stdin_data
, c
->stdin_data_size
);
727 static int property_get_bind_paths(
730 const char *interface
,
731 const char *property
,
732 sd_bus_message
*reply
,
734 sd_bus_error
*error
) {
736 ExecContext
*c
= userdata
;
746 ro
= !!strstr(property
, "ReadOnly");
748 r
= sd_bus_message_open_container(reply
, 'a', "(ssbt)");
752 for (i
= 0; i
< c
->n_bind_mounts
; i
++) {
754 if (ro
!= c
->bind_mounts
[i
].read_only
)
757 r
= sd_bus_message_append(
759 c
->bind_mounts
[i
].source
,
760 c
->bind_mounts
[i
].destination
,
761 c
->bind_mounts
[i
].ignore_enoent
,
762 c
->bind_mounts
[i
].recursive
? (uint64_t) MS_REC
: (uint64_t) 0);
767 return sd_bus_message_close_container(reply
);
770 static int property_get_temporary_filesystems(
773 const char *interface
,
774 const char *property
,
775 sd_bus_message
*reply
,
777 sd_bus_error
*error
) {
779 ExecContext
*c
= userdata
;
788 r
= sd_bus_message_open_container(reply
, 'a', "(ss)");
792 for (i
= 0; i
< c
->n_temporary_filesystems
; i
++) {
793 TemporaryFileSystem
*t
= c
->temporary_filesystems
+ i
;
795 r
= sd_bus_message_append(
803 return sd_bus_message_close_container(reply
);
806 static int property_get_log_extra_fields(
809 const char *interface
,
810 const char *property
,
811 sd_bus_message
*reply
,
813 sd_bus_error
*error
) {
815 ExecContext
*c
= userdata
;
824 r
= sd_bus_message_open_container(reply
, 'a', "ay");
828 for (i
= 0; i
< c
->n_log_extra_fields
; i
++) {
829 r
= sd_bus_message_append_array(reply
, 'y', c
->log_extra_fields
[i
].iov_base
, c
->log_extra_fields
[i
].iov_len
);
834 return sd_bus_message_close_container(reply
);
837 const sd_bus_vtable bus_exec_vtable
[] = {
838 SD_BUS_VTABLE_START(0),
839 SD_BUS_PROPERTY("Environment", "as", NULL
, offsetof(ExecContext
, environment
), SD_BUS_VTABLE_PROPERTY_CONST
),
840 SD_BUS_PROPERTY("EnvironmentFiles", "a(sb)", property_get_environment_files
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
841 SD_BUS_PROPERTY("PassEnvironment", "as", NULL
, offsetof(ExecContext
, pass_environment
), SD_BUS_VTABLE_PROPERTY_CONST
),
842 SD_BUS_PROPERTY("UnsetEnvironment", "as", NULL
, offsetof(ExecContext
, unset_environment
), SD_BUS_VTABLE_PROPERTY_CONST
),
843 SD_BUS_PROPERTY("UMask", "u", bus_property_get_mode
, offsetof(ExecContext
, umask
), SD_BUS_VTABLE_PROPERTY_CONST
),
844 SD_BUS_PROPERTY("LimitCPU", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_CPU
]), SD_BUS_VTABLE_PROPERTY_CONST
),
845 SD_BUS_PROPERTY("LimitCPUSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_CPU
]), SD_BUS_VTABLE_PROPERTY_CONST
),
846 SD_BUS_PROPERTY("LimitFSIZE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_FSIZE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
847 SD_BUS_PROPERTY("LimitFSIZESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_FSIZE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
848 SD_BUS_PROPERTY("LimitDATA", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_DATA
]), SD_BUS_VTABLE_PROPERTY_CONST
),
849 SD_BUS_PROPERTY("LimitDATASoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_DATA
]), SD_BUS_VTABLE_PROPERTY_CONST
),
850 SD_BUS_PROPERTY("LimitSTACK", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_STACK
]), SD_BUS_VTABLE_PROPERTY_CONST
),
851 SD_BUS_PROPERTY("LimitSTACKSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_STACK
]), SD_BUS_VTABLE_PROPERTY_CONST
),
852 SD_BUS_PROPERTY("LimitCORE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_CORE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
853 SD_BUS_PROPERTY("LimitCORESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_CORE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
854 SD_BUS_PROPERTY("LimitRSS", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RSS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
855 SD_BUS_PROPERTY("LimitRSSSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RSS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
856 SD_BUS_PROPERTY("LimitNOFILE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NOFILE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
857 SD_BUS_PROPERTY("LimitNOFILESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NOFILE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
858 SD_BUS_PROPERTY("LimitAS", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_AS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
859 SD_BUS_PROPERTY("LimitASSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_AS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
860 SD_BUS_PROPERTY("LimitNPROC", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NPROC
]), SD_BUS_VTABLE_PROPERTY_CONST
),
861 SD_BUS_PROPERTY("LimitNPROCSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NPROC
]), SD_BUS_VTABLE_PROPERTY_CONST
),
862 SD_BUS_PROPERTY("LimitMEMLOCK", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_MEMLOCK
]), SD_BUS_VTABLE_PROPERTY_CONST
),
863 SD_BUS_PROPERTY("LimitMEMLOCKSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_MEMLOCK
]), SD_BUS_VTABLE_PROPERTY_CONST
),
864 SD_BUS_PROPERTY("LimitLOCKS", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_LOCKS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
865 SD_BUS_PROPERTY("LimitLOCKSSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_LOCKS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
866 SD_BUS_PROPERTY("LimitSIGPENDING", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_SIGPENDING
]), SD_BUS_VTABLE_PROPERTY_CONST
),
867 SD_BUS_PROPERTY("LimitSIGPENDINGSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_SIGPENDING
]), SD_BUS_VTABLE_PROPERTY_CONST
),
868 SD_BUS_PROPERTY("LimitMSGQUEUE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_MSGQUEUE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
869 SD_BUS_PROPERTY("LimitMSGQUEUESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_MSGQUEUE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
870 SD_BUS_PROPERTY("LimitNICE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NICE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
871 SD_BUS_PROPERTY("LimitNICESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NICE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
872 SD_BUS_PROPERTY("LimitRTPRIO", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RTPRIO
]), SD_BUS_VTABLE_PROPERTY_CONST
),
873 SD_BUS_PROPERTY("LimitRTPRIOSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RTPRIO
]), SD_BUS_VTABLE_PROPERTY_CONST
),
874 SD_BUS_PROPERTY("LimitRTTIME", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RTTIME
]), SD_BUS_VTABLE_PROPERTY_CONST
),
875 SD_BUS_PROPERTY("LimitRTTIMESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RTTIME
]), SD_BUS_VTABLE_PROPERTY_CONST
),
876 SD_BUS_PROPERTY("WorkingDirectory", "s", property_get_working_directory
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
877 SD_BUS_PROPERTY("RootDirectory", "s", NULL
, offsetof(ExecContext
, root_directory
), SD_BUS_VTABLE_PROPERTY_CONST
),
878 SD_BUS_PROPERTY("RootImage", "s", NULL
, offsetof(ExecContext
, root_image
), SD_BUS_VTABLE_PROPERTY_CONST
),
879 SD_BUS_PROPERTY("OOMScoreAdjust", "i", property_get_oom_score_adjust
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
880 SD_BUS_PROPERTY("Nice", "i", property_get_nice
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
881 SD_BUS_PROPERTY("IOSchedulingClass", "i", property_get_ioprio_class
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
882 SD_BUS_PROPERTY("IOSchedulingPriority", "i", property_get_ioprio_priority
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
883 SD_BUS_PROPERTY("CPUSchedulingPolicy", "i", property_get_cpu_sched_policy
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
884 SD_BUS_PROPERTY("CPUSchedulingPriority", "i", property_get_cpu_sched_priority
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
885 SD_BUS_PROPERTY("CPUAffinity", "ay", property_get_cpu_affinity
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
886 SD_BUS_PROPERTY("TimerSlackNSec", "t", property_get_timer_slack_nsec
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
887 SD_BUS_PROPERTY("CPUSchedulingResetOnFork", "b", bus_property_get_bool
, offsetof(ExecContext
, cpu_sched_reset_on_fork
), SD_BUS_VTABLE_PROPERTY_CONST
),
888 SD_BUS_PROPERTY("NonBlocking", "b", bus_property_get_bool
, offsetof(ExecContext
, non_blocking
), SD_BUS_VTABLE_PROPERTY_CONST
),
889 SD_BUS_PROPERTY("StandardInput", "s", property_get_exec_input
, offsetof(ExecContext
, std_input
), SD_BUS_VTABLE_PROPERTY_CONST
),
890 SD_BUS_PROPERTY("StandardInputFileDescriptorName", "s", property_get_stdio_fdname
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
891 SD_BUS_PROPERTY("StandardInputData", "ay", property_get_input_data
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
892 SD_BUS_PROPERTY("StandardOutput", "s", bus_property_get_exec_output
, offsetof(ExecContext
, std_output
), SD_BUS_VTABLE_PROPERTY_CONST
),
893 SD_BUS_PROPERTY("StandardOutputFileDescriptorName", "s", property_get_stdio_fdname
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
894 SD_BUS_PROPERTY("StandardError", "s", bus_property_get_exec_output
, offsetof(ExecContext
, std_error
), SD_BUS_VTABLE_PROPERTY_CONST
),
895 SD_BUS_PROPERTY("StandardErrorFileDescriptorName", "s", property_get_stdio_fdname
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
896 SD_BUS_PROPERTY("TTYPath", "s", NULL
, offsetof(ExecContext
, tty_path
), SD_BUS_VTABLE_PROPERTY_CONST
),
897 SD_BUS_PROPERTY("TTYReset", "b", bus_property_get_bool
, offsetof(ExecContext
, tty_reset
), SD_BUS_VTABLE_PROPERTY_CONST
),
898 SD_BUS_PROPERTY("TTYVHangup", "b", bus_property_get_bool
, offsetof(ExecContext
, tty_vhangup
), SD_BUS_VTABLE_PROPERTY_CONST
),
899 SD_BUS_PROPERTY("TTYVTDisallocate", "b", bus_property_get_bool
, offsetof(ExecContext
, tty_vt_disallocate
), SD_BUS_VTABLE_PROPERTY_CONST
),
900 SD_BUS_PROPERTY("SyslogPriority", "i", bus_property_get_int
, offsetof(ExecContext
, syslog_priority
), SD_BUS_VTABLE_PROPERTY_CONST
),
901 SD_BUS_PROPERTY("SyslogIdentifier", "s", NULL
, offsetof(ExecContext
, syslog_identifier
), SD_BUS_VTABLE_PROPERTY_CONST
),
902 SD_BUS_PROPERTY("SyslogLevelPrefix", "b", bus_property_get_bool
, offsetof(ExecContext
, syslog_level_prefix
), SD_BUS_VTABLE_PROPERTY_CONST
),
903 SD_BUS_PROPERTY("SyslogLevel", "i", property_get_syslog_level
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
904 SD_BUS_PROPERTY("SyslogFacility", "i", property_get_syslog_facility
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
905 SD_BUS_PROPERTY("LogLevelMax", "i", bus_property_get_int
, offsetof(ExecContext
, log_level_max
), SD_BUS_VTABLE_PROPERTY_CONST
),
906 SD_BUS_PROPERTY("LogExtraFields", "aay", property_get_log_extra_fields
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
907 SD_BUS_PROPERTY("SecureBits", "i", bus_property_get_int
, offsetof(ExecContext
, secure_bits
), SD_BUS_VTABLE_PROPERTY_CONST
),
908 SD_BUS_PROPERTY("CapabilityBoundingSet", "t", property_get_capability_bounding_set
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
909 SD_BUS_PROPERTY("AmbientCapabilities", "t", property_get_ambient_capabilities
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
910 SD_BUS_PROPERTY("User", "s", NULL
, offsetof(ExecContext
, user
), SD_BUS_VTABLE_PROPERTY_CONST
),
911 SD_BUS_PROPERTY("Group", "s", NULL
, offsetof(ExecContext
, group
), SD_BUS_VTABLE_PROPERTY_CONST
),
912 SD_BUS_PROPERTY("DynamicUser", "b", bus_property_get_bool
, offsetof(ExecContext
, dynamic_user
), SD_BUS_VTABLE_PROPERTY_CONST
),
913 SD_BUS_PROPERTY("RemoveIPC", "b", bus_property_get_bool
, offsetof(ExecContext
, remove_ipc
), SD_BUS_VTABLE_PROPERTY_CONST
),
914 SD_BUS_PROPERTY("SupplementaryGroups", "as", NULL
, offsetof(ExecContext
, supplementary_groups
), SD_BUS_VTABLE_PROPERTY_CONST
),
915 SD_BUS_PROPERTY("PAMName", "s", NULL
, offsetof(ExecContext
, pam_name
), SD_BUS_VTABLE_PROPERTY_CONST
),
916 SD_BUS_PROPERTY("ReadWritePaths", "as", NULL
, offsetof(ExecContext
, read_write_paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
917 SD_BUS_PROPERTY("ReadOnlyPaths", "as", NULL
, offsetof(ExecContext
, read_only_paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
918 SD_BUS_PROPERTY("InaccessiblePaths", "as", NULL
, offsetof(ExecContext
, inaccessible_paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
919 SD_BUS_PROPERTY("MountFlags", "t", bus_property_get_ulong
, offsetof(ExecContext
, mount_flags
), SD_BUS_VTABLE_PROPERTY_CONST
),
920 SD_BUS_PROPERTY("PrivateTmp", "b", bus_property_get_bool
, offsetof(ExecContext
, private_tmp
), SD_BUS_VTABLE_PROPERTY_CONST
),
921 SD_BUS_PROPERTY("PrivateDevices", "b", bus_property_get_bool
, offsetof(ExecContext
, private_devices
), SD_BUS_VTABLE_PROPERTY_CONST
),
922 SD_BUS_PROPERTY("ProtectKernelTunables", "b", bus_property_get_bool
, offsetof(ExecContext
, protect_kernel_tunables
), SD_BUS_VTABLE_PROPERTY_CONST
),
923 SD_BUS_PROPERTY("ProtectKernelModules", "b", bus_property_get_bool
, offsetof(ExecContext
, protect_kernel_modules
), SD_BUS_VTABLE_PROPERTY_CONST
),
924 SD_BUS_PROPERTY("ProtectControlGroups", "b", bus_property_get_bool
, offsetof(ExecContext
, protect_control_groups
), SD_BUS_VTABLE_PROPERTY_CONST
),
925 SD_BUS_PROPERTY("PrivateNetwork", "b", bus_property_get_bool
, offsetof(ExecContext
, private_network
), SD_BUS_VTABLE_PROPERTY_CONST
),
926 SD_BUS_PROPERTY("PrivateUsers", "b", bus_property_get_bool
, offsetof(ExecContext
, private_users
), SD_BUS_VTABLE_PROPERTY_CONST
),
927 SD_BUS_PROPERTY("ProtectHome", "s", bus_property_get_protect_home
, offsetof(ExecContext
, protect_home
), SD_BUS_VTABLE_PROPERTY_CONST
),
928 SD_BUS_PROPERTY("ProtectSystem", "s", bus_property_get_protect_system
, offsetof(ExecContext
, protect_system
), SD_BUS_VTABLE_PROPERTY_CONST
),
929 SD_BUS_PROPERTY("SameProcessGroup", "b", bus_property_get_bool
, offsetof(ExecContext
, same_pgrp
), SD_BUS_VTABLE_PROPERTY_CONST
),
930 SD_BUS_PROPERTY("UtmpIdentifier", "s", NULL
, offsetof(ExecContext
, utmp_id
), SD_BUS_VTABLE_PROPERTY_CONST
),
931 SD_BUS_PROPERTY("UtmpMode", "s", property_get_exec_utmp_mode
, offsetof(ExecContext
, utmp_mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
932 SD_BUS_PROPERTY("SELinuxContext", "(bs)", property_get_selinux_context
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
933 SD_BUS_PROPERTY("AppArmorProfile", "(bs)", property_get_apparmor_profile
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
934 SD_BUS_PROPERTY("SmackProcessLabel", "(bs)", property_get_smack_process_label
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
935 SD_BUS_PROPERTY("IgnoreSIGPIPE", "b", bus_property_get_bool
, offsetof(ExecContext
, ignore_sigpipe
), SD_BUS_VTABLE_PROPERTY_CONST
),
936 SD_BUS_PROPERTY("NoNewPrivileges", "b", bus_property_get_bool
, offsetof(ExecContext
, no_new_privileges
), SD_BUS_VTABLE_PROPERTY_CONST
),
937 SD_BUS_PROPERTY("SystemCallFilter", "(bas)", property_get_syscall_filter
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
938 SD_BUS_PROPERTY("SystemCallArchitectures", "as", property_get_syscall_archs
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
939 SD_BUS_PROPERTY("SystemCallErrorNumber", "i", property_get_syscall_errno
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
940 SD_BUS_PROPERTY("Personality", "s", property_get_personality
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
941 SD_BUS_PROPERTY("LockPersonality", "b", bus_property_get_bool
, offsetof(ExecContext
, lock_personality
), SD_BUS_VTABLE_PROPERTY_CONST
),
942 SD_BUS_PROPERTY("RestrictAddressFamilies", "(bas)", property_get_address_families
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
943 SD_BUS_PROPERTY("RuntimeDirectoryPreserve", "s", property_get_exec_preserve_mode
, offsetof(ExecContext
, runtime_directory_preserve_mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
944 SD_BUS_PROPERTY("RuntimeDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_RUNTIME
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
945 SD_BUS_PROPERTY("RuntimeDirectory", "as", NULL
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_RUNTIME
].paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
946 SD_BUS_PROPERTY("StateDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_STATE
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
947 SD_BUS_PROPERTY("StateDirectory", "as", NULL
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_STATE
].paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
948 SD_BUS_PROPERTY("CacheDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_CACHE
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
949 SD_BUS_PROPERTY("CacheDirectory", "as", NULL
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_CACHE
].paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
950 SD_BUS_PROPERTY("LogsDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_LOGS
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
951 SD_BUS_PROPERTY("LogsDirectory", "as", NULL
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_LOGS
].paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
952 SD_BUS_PROPERTY("ConfigurationDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_CONFIGURATION
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
953 SD_BUS_PROPERTY("ConfigurationDirectory", "as", NULL
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_CONFIGURATION
].paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
954 SD_BUS_PROPERTY("MemoryDenyWriteExecute", "b", bus_property_get_bool
, offsetof(ExecContext
, memory_deny_write_execute
), SD_BUS_VTABLE_PROPERTY_CONST
),
955 SD_BUS_PROPERTY("RestrictRealtime", "b", bus_property_get_bool
, offsetof(ExecContext
, restrict_realtime
), SD_BUS_VTABLE_PROPERTY_CONST
),
956 SD_BUS_PROPERTY("RestrictNamespaces", "t", bus_property_get_ulong
, offsetof(ExecContext
, restrict_namespaces
), SD_BUS_VTABLE_PROPERTY_CONST
),
957 SD_BUS_PROPERTY("BindPaths", "a(ssbt)", property_get_bind_paths
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
958 SD_BUS_PROPERTY("BindReadOnlyPaths", "a(ssbt)", property_get_bind_paths
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
959 SD_BUS_PROPERTY("TemporaryFileSystem", "a(ss)", property_get_temporary_filesystems
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
960 SD_BUS_PROPERTY("MountAPIVFS", "b", bus_property_get_bool
, offsetof(ExecContext
, mount_apivfs
), SD_BUS_VTABLE_PROPERTY_CONST
),
961 SD_BUS_PROPERTY("KeyringMode", "s", property_get_exec_keyring_mode
, offsetof(ExecContext
, keyring_mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
963 /* Obsolete/redundant properties: */
964 SD_BUS_PROPERTY("Capabilities", "s", property_get_empty_string
, 0, SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
965 SD_BUS_PROPERTY("ReadWriteDirectories", "as", NULL
, offsetof(ExecContext
, read_write_paths
), SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
966 SD_BUS_PROPERTY("ReadOnlyDirectories", "as", NULL
, offsetof(ExecContext
, read_only_paths
), SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
967 SD_BUS_PROPERTY("InaccessibleDirectories", "as", NULL
, offsetof(ExecContext
, inaccessible_paths
), SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
968 SD_BUS_PROPERTY("IOScheduling", "i", property_get_ioprio
, 0, SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
973 static int append_exec_command(sd_bus_message
*reply
, ExecCommand
*c
) {
982 r
= sd_bus_message_open_container(reply
, 'r', "sasbttttuii");
986 r
= sd_bus_message_append(reply
, "s", c
->path
);
990 r
= sd_bus_message_append_strv(reply
, c
->argv
);
994 r
= sd_bus_message_append(reply
, "bttttuii",
995 !!(c
->flags
& EXEC_COMMAND_IGNORE_FAILURE
),
996 c
->exec_status
.start_timestamp
.realtime
,
997 c
->exec_status
.start_timestamp
.monotonic
,
998 c
->exec_status
.exit_timestamp
.realtime
,
999 c
->exec_status
.exit_timestamp
.monotonic
,
1000 (uint32_t) c
->exec_status
.pid
,
1001 (int32_t) c
->exec_status
.code
,
1002 (int32_t) c
->exec_status
.status
);
1006 return sd_bus_message_close_container(reply
);
1009 int bus_property_get_exec_command(
1012 const char *interface
,
1013 const char *property
,
1014 sd_bus_message
*reply
,
1016 sd_bus_error
*ret_error
) {
1018 ExecCommand
*c
= (ExecCommand
*) userdata
;
1024 r
= sd_bus_message_open_container(reply
, 'a', "(sasbttttuii)");
1028 r
= append_exec_command(reply
, c
);
1032 return sd_bus_message_close_container(reply
);
1035 int bus_property_get_exec_command_list(
1038 const char *interface
,
1039 const char *property
,
1040 sd_bus_message
*reply
,
1042 sd_bus_error
*ret_error
) {
1044 ExecCommand
*c
= *(ExecCommand
**) userdata
;
1050 r
= sd_bus_message_open_container(reply
, 'a', "(sasbttttuii)");
1054 LIST_FOREACH(command
, c
, c
) {
1055 r
= append_exec_command(reply
, c
);
1060 return sd_bus_message_close_container(reply
);
1063 int bus_set_transient_exec_command(
1066 ExecCommand
**exec_command
,
1067 sd_bus_message
*message
,
1068 UnitWriteFlags flags
,
1069 sd_bus_error
*error
) {
1073 r
= sd_bus_message_enter_container(message
, 'a', "(sasb)");
1077 while ((r
= sd_bus_message_enter_container(message
, 'r', "sasb")) > 0) {
1078 _cleanup_strv_free_
char **argv
= NULL
;
1082 r
= sd_bus_message_read(message
, "s", &path
);
1086 if (!path_is_absolute(path
))
1087 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Path %s is not absolute.", path
);
1089 r
= sd_bus_message_read_strv(message
, &argv
);
1093 r
= sd_bus_message_read(message
, "b", &b
);
1097 r
= sd_bus_message_exit_container(message
);
1101 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1104 c
= new0(ExecCommand
, 1);
1108 c
->path
= strdup(path
);
1114 c
->argv
= TAKE_PTR(argv
);
1116 c
->flags
= b
? EXEC_COMMAND_IGNORE_FAILURE
: 0;
1118 path_kill_slashes(c
->path
);
1119 exec_command_append_list(exec_command
, c
);
1127 r
= sd_bus_message_exit_container(message
);
1131 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1132 _cleanup_free_
char *buf
= NULL
;
1133 _cleanup_fclose_
FILE *f
= NULL
;
1138 *exec_command
= exec_command_free_list(*exec_command
);
1140 f
= open_memstream(&buf
, &size
);
1144 (void) __fsetlocking(f
, FSETLOCKING_BYCALLER
);
1146 fputs("ExecStart=\n", f
);
1148 LIST_FOREACH(command
, c
, *exec_command
) {
1149 _cleanup_free_
char *a
= NULL
, *t
= NULL
;
1152 p
= unit_escape_setting(c
->path
, UNIT_ESCAPE_C
|UNIT_ESCAPE_SPECIFIERS
, &t
);
1156 a
= unit_concat_strv(c
->argv
, UNIT_ESCAPE_C
|UNIT_ESCAPE_SPECIFIERS
);
1160 fprintf(f
, "%s=%s@%s %s\n",
1162 c
->flags
& EXEC_COMMAND_IGNORE_FAILURE
? "-" : "",
1167 r
= fflush_and_check(f
);
1171 unit_write_setting(u
, flags
, name
, buf
);
1177 static int parse_personality(const char *s
, unsigned long *p
) {
1182 v
= personality_from_string(s
);
1183 if (v
== PERSONALITY_INVALID
)
1190 static const char* mount_propagation_flags_to_string_with_check(unsigned long n
) {
1191 if (!IN_SET(n
, 0, MS_SHARED
, MS_PRIVATE
, MS_SLAVE
))
1194 return mount_propagation_flags_to_string(n
);
1197 static BUS_DEFINE_SET_TRANSIENT(nsec
, "t", uint64_t, nsec_t
, NSEC_FMT
);
1198 static BUS_DEFINE_SET_TRANSIENT_IS_VALID(log_level
, "i", int32_t, int, "%" PRIi32
, log_level_is_valid
);
1200 static BUS_DEFINE_SET_TRANSIENT_IS_VALID(errno
, "i", int32_t, int, "%" PRIi32
, errno_is_valid
);
1202 static BUS_DEFINE_SET_TRANSIENT_IS_VALID(sched_priority
, "i", int32_t, int, "%" PRIi32
, sched_priority_is_valid
);
1203 static BUS_DEFINE_SET_TRANSIENT_IS_VALID(nice
, "i", int32_t, int, "%" PRIi32
, nice_is_valid
);
1204 static BUS_DEFINE_SET_TRANSIENT_PARSE(std_input
, ExecInput
, exec_input_from_string
);
1205 static BUS_DEFINE_SET_TRANSIENT_PARSE(std_output
, ExecOutput
, exec_output_from_string
);
1206 static BUS_DEFINE_SET_TRANSIENT_PARSE(utmp_mode
, ExecUtmpMode
, exec_utmp_mode_from_string
);
1207 static BUS_DEFINE_SET_TRANSIENT_PARSE(protect_system
, ProtectSystem
, parse_protect_system_or_bool
);
1208 static BUS_DEFINE_SET_TRANSIENT_PARSE(protect_home
, ProtectHome
, parse_protect_home_or_bool
);
1209 static BUS_DEFINE_SET_TRANSIENT_PARSE(keyring_mode
, ExecKeyringMode
, exec_keyring_mode_from_string
);
1210 static BUS_DEFINE_SET_TRANSIENT_PARSE(preserve_mode
, ExecPreserveMode
, exec_preserve_mode_from_string
);
1211 static BUS_DEFINE_SET_TRANSIENT_PARSE_PTR(personality
, unsigned long, parse_personality
);
1212 static BUS_DEFINE_SET_TRANSIENT_TO_STRING_ALLOC(secure_bits
, "i", int32_t, int, "%" PRIi32
, secure_bits_to_string_alloc_with_check
);
1213 static BUS_DEFINE_SET_TRANSIENT_TO_STRING_ALLOC(capability
, "t", uint64_t, uint64_t, "%" PRIu64
, capability_set_to_string_alloc
);
1214 static BUS_DEFINE_SET_TRANSIENT_TO_STRING_ALLOC(sched_policy
, "i", int32_t, int, "%" PRIi32
, sched_policy_to_string_alloc_with_check
);
1215 static BUS_DEFINE_SET_TRANSIENT_TO_STRING_ALLOC(namespace_flag
, "t", uint64_t, unsigned long, "%" PRIu64
, namespace_flag_to_string_many_with_check
);
1216 static BUS_DEFINE_SET_TRANSIENT_TO_STRING(mount_flags
, "t", uint64_t, unsigned long, "%" PRIu64
, mount_propagation_flags_to_string_with_check
);
1218 int bus_exec_context_set_transient_property(
1222 sd_bus_message
*message
,
1223 UnitWriteFlags flags
,
1224 sd_bus_error
*error
) {
1226 const char *soft
= NULL
;
1234 flags
|= UNIT_PRIVATE
;
1236 if (streq(name
, "User"))
1237 return bus_set_transient_user(u
, name
, &c
->user
, message
, flags
, error
);
1239 if (streq(name
, "Group"))
1240 return bus_set_transient_user(u
, name
, &c
->group
, message
, flags
, error
);
1242 if (streq(name
, "TTYPath"))
1243 return bus_set_transient_path(u
, name
, &c
->tty_path
, message
, flags
, error
);
1245 if (streq(name
, "RootImage"))
1246 return bus_set_transient_path(u
, name
, &c
->root_image
, message
, flags
, error
);
1248 if (streq(name
, "RootDirectory"))
1249 return bus_set_transient_path(u
, name
, &c
->root_directory
, message
, flags
, error
);
1251 if (streq(name
, "SyslogIdentifier"))
1252 return bus_set_transient_string(u
, name
, &c
->syslog_identifier
, message
, flags
, error
);
1254 if (streq(name
, "LogLevelMax"))
1255 return bus_set_transient_log_level(u
, name
, &c
->log_level_max
, message
, flags
, error
);
1257 if (streq(name
, "CPUSchedulingPriority"))
1258 return bus_set_transient_sched_priority(u
, name
, &c
->cpu_sched_priority
, message
, flags
, error
);
1260 if (streq(name
, "Personality"))
1261 return bus_set_transient_personality(u
, name
, &c
->personality
, message
, flags
, error
);
1263 if (streq(name
, "Nice"))
1264 return bus_set_transient_nice(u
, name
, &c
->nice
, message
, flags
, error
);
1266 if (streq(name
, "StandardInput"))
1267 return bus_set_transient_std_input(u
, name
, &c
->std_input
, message
, flags
, error
);
1269 if (streq(name
, "StandardOutput"))
1270 return bus_set_transient_std_output(u
, name
, &c
->std_output
, message
, flags
, error
);
1272 if (streq(name
, "StandardError"))
1273 return bus_set_transient_std_output(u
, name
, &c
->std_error
, message
, flags
, error
);
1275 if (streq(name
, "IgnoreSIGPIPE"))
1276 return bus_set_transient_bool(u
, name
, &c
->ignore_sigpipe
, message
, flags
, error
);
1278 if (streq(name
, "TTYVHangup"))
1279 return bus_set_transient_bool(u
, name
, &c
->tty_vhangup
, message
, flags
, error
);
1281 if (streq(name
, "TTYReset"))
1282 return bus_set_transient_bool(u
, name
, &c
->tty_reset
, message
, flags
, error
);
1284 if (streq(name
, "TTYVTDisallocate"))
1285 return bus_set_transient_bool(u
, name
, &c
->tty_vt_disallocate
, message
, flags
, error
);
1287 if (streq(name
, "PrivateTmp"))
1288 return bus_set_transient_bool(u
, name
, &c
->private_tmp
, message
, flags
, error
);
1290 if (streq(name
, "PrivateDevices"))
1291 return bus_set_transient_bool(u
, name
, &c
->private_devices
, message
, flags
, error
);
1293 if (streq(name
, "PrivateNetwork"))
1294 return bus_set_transient_bool(u
, name
, &c
->private_network
, message
, flags
, error
);
1296 if (streq(name
, "PrivateUsers"))
1297 return bus_set_transient_bool(u
, name
, &c
->private_users
, message
, flags
, error
);
1299 if (streq(name
, "NoNewPrivileges"))
1300 return bus_set_transient_bool(u
, name
, &c
->no_new_privileges
, message
, flags
, error
);
1302 if (streq(name
, "SyslogLevelPrefix"))
1303 return bus_set_transient_bool(u
, name
, &c
->syslog_level_prefix
, message
, flags
, error
);
1305 if (streq(name
, "MemoryDenyWriteExecute"))
1306 return bus_set_transient_bool(u
, name
, &c
->memory_deny_write_execute
, message
, flags
, error
);
1308 if (streq(name
, "RestrictRealtime"))
1309 return bus_set_transient_bool(u
, name
, &c
->restrict_realtime
, message
, flags
, error
);
1311 if (streq(name
, "DynamicUser"))
1312 return bus_set_transient_bool(u
, name
, &c
->dynamic_user
, message
, flags
, error
);
1314 if (streq(name
, "RemoveIPC"))
1315 return bus_set_transient_bool(u
, name
, &c
->remove_ipc
, message
, flags
, error
);
1317 if (streq(name
, "ProtectKernelTunables"))
1318 return bus_set_transient_bool(u
, name
, &c
->protect_kernel_tunables
, message
, flags
, error
);
1320 if (streq(name
, "ProtectKernelModules"))
1321 return bus_set_transient_bool(u
, name
, &c
->protect_kernel_modules
, message
, flags
, error
);
1323 if (streq(name
, "ProtectControlGroups"))
1324 return bus_set_transient_bool(u
, name
, &c
->protect_control_groups
, message
, flags
, error
);
1326 if (streq(name
, "MountAPIVFS"))
1327 return bus_set_transient_bool(u
, name
, &c
->mount_apivfs
, message
, flags
, error
);
1329 if (streq(name
, "CPUSchedulingResetOnFork"))
1330 return bus_set_transient_bool(u
, name
, &c
->cpu_sched_reset_on_fork
, message
, flags
, error
);
1332 if (streq(name
, "NonBlocking"))
1333 return bus_set_transient_bool(u
, name
, &c
->non_blocking
, message
, flags
, error
);
1335 if (streq(name
, "LockPersonality"))
1336 return bus_set_transient_bool(u
, name
, &c
->lock_personality
, message
, flags
, error
);
1338 if (streq(name
, "UtmpIdentifier"))
1339 return bus_set_transient_string(u
, name
, &c
->utmp_id
, message
, flags
, error
);
1341 if (streq(name
, "UtmpMode"))
1342 return bus_set_transient_utmp_mode(u
, name
, &c
->utmp_mode
, message
, flags
, error
);
1344 if (streq(name
, "PAMName"))
1345 return bus_set_transient_string(u
, name
, &c
->pam_name
, message
, flags
, error
);
1347 if (streq(name
, "TimerSlackNSec"))
1348 return bus_set_transient_nsec(u
, name
, &c
->timer_slack_nsec
, message
, flags
, error
);
1350 if (streq(name
, "ProtectSystem"))
1351 return bus_set_transient_protect_system(u
, name
, &c
->protect_system
, message
, flags
, error
);
1353 if (streq(name
, "ProtectHome"))
1354 return bus_set_transient_protect_home(u
, name
, &c
->protect_home
, message
, flags
, error
);
1356 if (streq(name
, "KeyringMode"))
1357 return bus_set_transient_keyring_mode(u
, name
, &c
->keyring_mode
, message
, flags
, error
);
1359 if (streq(name
, "RuntimeDirectoryPreserve"))
1360 return bus_set_transient_preserve_mode(u
, name
, &c
->runtime_directory_preserve_mode
, message
, flags
, error
);
1362 if (streq(name
, "UMask"))
1363 return bus_set_transient_mode_t(u
, name
, &c
->umask
, message
, flags
, error
);
1365 if (streq(name
, "RuntimeDirectoryMode"))
1366 return bus_set_transient_mode_t(u
, name
, &c
->directories
[EXEC_DIRECTORY_RUNTIME
].mode
, message
, flags
, error
);
1368 if (streq(name
, "StateDirectoryMode"))
1369 return bus_set_transient_mode_t(u
, name
, &c
->directories
[EXEC_DIRECTORY_STATE
].mode
, message
, flags
, error
);
1371 if (streq(name
, "CacheDirectoryMode"))
1372 return bus_set_transient_mode_t(u
, name
, &c
->directories
[EXEC_DIRECTORY_CACHE
].mode
, message
, flags
, error
);
1374 if (streq(name
, "LogsDirectoryMode"))
1375 return bus_set_transient_mode_t(u
, name
, &c
->directories
[EXEC_DIRECTORY_LOGS
].mode
, message
, flags
, error
);
1377 if (streq(name
, "ConfigurationDirectoryMode"))
1378 return bus_set_transient_mode_t(u
, name
, &c
->directories
[EXEC_DIRECTORY_CONFIGURATION
].mode
, message
, flags
, error
);
1380 if (streq(name
, "SELinuxContext"))
1381 return bus_set_transient_string(u
, name
, &c
->selinux_context
, message
, flags
, error
);
1383 if (streq(name
, "SecureBits"))
1384 return bus_set_transient_secure_bits(u
, name
, &c
->secure_bits
, message
, flags
, error
);
1386 if (streq(name
, "CapabilityBoundingSet"))
1387 return bus_set_transient_capability(u
, name
, &c
->capability_bounding_set
, message
, flags
, error
);
1389 if (streq(name
, "AmbientCapabilities"))
1390 return bus_set_transient_capability(u
, name
, &c
->capability_ambient_set
, message
, flags
, error
);
1392 if (streq(name
, "CPUSchedulingPolicy"))
1393 return bus_set_transient_sched_policy(u
, name
, &c
->cpu_sched_policy
, message
, flags
, error
);
1395 if (streq(name
, "RestrictNamespaces"))
1396 return bus_set_transient_namespace_flag(u
, name
, &c
->restrict_namespaces
, message
, flags
, error
);
1398 if (streq(name
, "MountFlags"))
1399 return bus_set_transient_mount_flags(u
, name
, &c
->mount_flags
, message
, flags
, error
);
1401 if (streq(name
, "SupplementaryGroups")) {
1402 _cleanup_strv_free_
char **l
= NULL
;
1405 r
= sd_bus_message_read_strv(message
, &l
);
1409 STRV_FOREACH(p
, l
) {
1410 if (!isempty(*p
) && !valid_user_group_name_or_id(*p
))
1411 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid supplementary group names");
1414 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1415 if (strv_isempty(l
)) {
1416 c
->supplementary_groups
= strv_free(c
->supplementary_groups
);
1417 unit_write_settingf(u
, flags
, name
, "%s=", name
);
1419 _cleanup_free_
char *joined
= NULL
;
1421 r
= strv_extend_strv(&c
->supplementary_groups
, l
, true);
1425 joined
= strv_join(c
->supplementary_groups
, " ");
1429 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "%s=%s", name
, joined
);
1435 } else if (streq(name
, "SyslogLevel")) {
1438 r
= sd_bus_message_read(message
, "i", &level
);
1442 if (!log_level_is_valid(level
))
1443 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Log level value out of range");
1445 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1446 c
->syslog_priority
= (c
->syslog_priority
& LOG_FACMASK
) | level
;
1447 unit_write_settingf(u
, flags
, name
, "SyslogLevel=%i", level
);
1452 } else if (streq(name
, "SyslogFacility")) {
1455 r
= sd_bus_message_read(message
, "i", &facility
);
1459 if (!log_facility_unshifted_is_valid(facility
))
1460 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Log facility value out of range");
1462 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1463 c
->syslog_priority
= (facility
<< 3) | LOG_PRI(c
->syslog_priority
);
1464 unit_write_settingf(u
, flags
, name
, "SyslogFacility=%i", facility
);
1469 } else if (streq(name
, "LogExtraFields")) {
1472 r
= sd_bus_message_enter_container(message
, 'a', "ay");
1477 _cleanup_free_
void *copy
= NULL
;
1483 /* Note that we expect a byte array for each field, instead of a string. That's because on the
1484 * lower-level journal fields can actually contain binary data and are not restricted to text,
1485 * and we should not "lose precision" in our types on the way. That said, I am pretty sure
1486 * actually encoding binary data as unit metadata is not a good idea. Hence we actually refuse
1487 * any actual binary data, and only accept UTF-8. This allows us to eventually lift this
1488 * limitation, should a good, valid usecase arise. */
1490 r
= sd_bus_message_read_array(message
, 'y', &p
, &sz
);
1496 if (memchr(p
, 0, sz
))
1497 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Journal field contains zero byte");
1499 eq
= memchr(p
, '=', sz
);
1501 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Journal field contains no '=' character");
1502 if (!journal_field_valid(p
, eq
- (const char*) p
, false))
1503 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Journal field invalid");
1505 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1506 t
= reallocarray(c
->log_extra_fields
, c
->n_log_extra_fields
+1, sizeof(struct iovec
));
1509 c
->log_extra_fields
= t
;
1512 copy
= malloc(sz
+ 1);
1516 memcpy(copy
, p
, sz
);
1517 ((uint8_t*) copy
)[sz
] = 0;
1519 if (!utf8_is_valid(copy
))
1520 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Journal field is not valid UTF-8");
1522 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1523 c
->log_extra_fields
[c
->n_log_extra_fields
++] = IOVEC_MAKE(copy
, sz
);
1524 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
|UNIT_ESCAPE_C
, name
, "LogExtraFields=%s", (char*) copy
);
1532 r
= sd_bus_message_exit_container(message
);
1536 if (!UNIT_WRITE_FLAGS_NOOP(flags
) && n
== 0) {
1537 exec_context_free_log_extra_fields(c
);
1538 unit_write_setting(u
, flags
, name
, "LogExtraFields=");
1546 if (streq(name
, "SystemCallErrorNumber"))
1547 return bus_set_transient_errno(u
, name
, &c
->syscall_errno
, message
, flags
, error
);
1549 if (streq(name
, "SystemCallFilter")) {
1551 _cleanup_strv_free_
char **l
= NULL
;
1553 r
= sd_bus_message_enter_container(message
, 'r', "bas");
1557 r
= sd_bus_message_read(message
, "b", &whitelist
);
1561 r
= sd_bus_message_read_strv(message
, &l
);
1565 r
= sd_bus_message_exit_container(message
);
1569 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1570 _cleanup_free_
char *joined
= NULL
;
1571 bool invert
= !whitelist
;
1574 if (strv_isempty(l
)) {
1575 c
->syscall_whitelist
= false;
1576 c
->syscall_filter
= hashmap_free(c
->syscall_filter
);
1578 unit_write_settingf(u
, flags
, name
, "SystemCallFilter=");
1582 if (!c
->syscall_filter
) {
1583 c
->syscall_filter
= hashmap_new(NULL
);
1584 if (!c
->syscall_filter
)
1587 c
->syscall_whitelist
= whitelist
;
1589 if (c
->syscall_whitelist
) {
1590 r
= seccomp_parse_syscall_filter("@default", -1, c
->syscall_filter
, SECCOMP_PARSE_WHITELIST
| (invert
? SECCOMP_PARSE_INVERT
: 0));
1596 STRV_FOREACH(s
, l
) {
1597 _cleanup_free_
char *n
= NULL
;
1600 r
= parse_syscall_and_errno(*s
, &n
, &e
);
1604 r
= seccomp_parse_syscall_filter(n
, e
, c
->syscall_filter
, (invert
? SECCOMP_PARSE_INVERT
: 0) | (c
->syscall_whitelist
? SECCOMP_PARSE_WHITELIST
: 0));
1609 joined
= strv_join(l
, " ");
1613 unit_write_settingf(u
, flags
, name
, "SystemCallFilter=%s%s", whitelist
? "" : "~", joined
);
1618 } else if (streq(name
, "SystemCallArchitectures")) {
1619 _cleanup_strv_free_
char **l
= NULL
;
1621 r
= sd_bus_message_read_strv(message
, &l
);
1625 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1626 _cleanup_free_
char *joined
= NULL
;
1628 if (strv_isempty(l
))
1629 c
->syscall_archs
= set_free(c
->syscall_archs
);
1633 r
= set_ensure_allocated(&c
->syscall_archs
, NULL
);
1637 STRV_FOREACH(s
, l
) {
1640 r
= seccomp_arch_from_string(*s
, &a
);
1644 r
= set_put(c
->syscall_archs
, UINT32_TO_PTR(a
+ 1));
1651 joined
= strv_join(l
, " ");
1655 unit_write_settingf(u
, flags
, name
, "%s=%s", name
, joined
);
1660 } else if (streq(name
, "RestrictAddressFamilies")) {
1662 _cleanup_strv_free_
char **l
= NULL
;
1664 r
= sd_bus_message_enter_container(message
, 'r', "bas");
1668 r
= sd_bus_message_read(message
, "b", &whitelist
);
1672 r
= sd_bus_message_read_strv(message
, &l
);
1676 r
= sd_bus_message_exit_container(message
);
1680 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1681 _cleanup_free_
char *joined
= NULL
;
1682 bool invert
= !whitelist
;
1685 if (strv_isempty(l
)) {
1686 c
->address_families_whitelist
= false;
1687 c
->address_families
= set_free(c
->address_families
);
1689 unit_write_settingf(u
, flags
, name
, "RestrictAddressFamilies=");
1693 if (!c
->address_families
) {
1694 c
->address_families
= set_new(NULL
);
1695 if (!c
->address_families
)
1698 c
->address_families_whitelist
= whitelist
;
1701 STRV_FOREACH(s
, l
) {
1704 af
= af_from_name(*s
);
1708 if (!invert
== c
->address_families_whitelist
) {
1709 r
= set_put(c
->address_families
, INT_TO_PTR(af
));
1713 (void) set_remove(c
->address_families
, INT_TO_PTR(af
));
1716 joined
= strv_join(l
, " ");
1720 unit_write_settingf(u
, flags
, name
, "RestrictAddressFamilies=%s%s", whitelist
? "" : "~", joined
);
1726 if (streq(name
, "CPUAffinity")) {
1730 r
= sd_bus_message_read_array(message
, 'y', &a
, &n
);
1734 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1736 c
->cpuset
= cpu_set_mfree(c
->cpuset
);
1737 c
->cpuset_ncpus
= 0;
1738 unit_write_settingf(u
, flags
, name
, "%s=", name
);
1740 _cleanup_free_
char *str
= NULL
;
1741 size_t allocated
= 0, len
= 0, i
, ncpus
;
1743 ncpus
= CPU_SIZE_TO_NUM(n
);
1745 for (i
= 0; i
< ncpus
; i
++) {
1746 _cleanup_free_
char *p
= NULL
;
1749 if (!CPU_ISSET_S(i
, n
, (cpu_set_t
*) a
))
1752 r
= asprintf(&p
, "%zu", i
);
1758 if (!GREEDY_REALLOC(str
, allocated
, len
+ add
+ 2))
1761 strcpy(mempcpy(str
+ len
, p
, add
), " ");
1766 str
[len
- 1] = '\0';
1768 if (!c
->cpuset
|| c
->cpuset_ncpus
< ncpus
) {
1771 cpuset
= CPU_ALLOC(ncpus
);
1775 CPU_ZERO_S(n
, cpuset
);
1777 CPU_OR_S(CPU_ALLOC_SIZE(c
->cpuset_ncpus
), cpuset
, c
->cpuset
, (cpu_set_t
*) a
);
1778 CPU_FREE(c
->cpuset
);
1780 CPU_OR_S(n
, cpuset
, cpuset
, (cpu_set_t
*) a
);
1783 c
->cpuset_ncpus
= ncpus
;
1785 CPU_OR_S(n
, c
->cpuset
, c
->cpuset
, (cpu_set_t
*) a
);
1787 unit_write_settingf(u
, flags
, name
, "%s=%s", name
, str
);
1793 } else if (streq(name
, "IOSchedulingClass")) {
1796 r
= sd_bus_message_read(message
, "i", &q
);
1800 if (!ioprio_class_is_valid(q
))
1801 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid IO scheduling class: %i", q
);
1803 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1804 _cleanup_free_
char *s
= NULL
;
1806 r
= ioprio_class_to_string_alloc(q
, &s
);
1810 c
->ioprio
= IOPRIO_PRIO_VALUE(q
, IOPRIO_PRIO_DATA(c
->ioprio
));
1811 c
->ioprio_set
= true;
1813 unit_write_settingf(u
, flags
, name
, "IOSchedulingClass=%s", s
);
1818 } else if (streq(name
, "IOSchedulingPriority")) {
1821 r
= sd_bus_message_read(message
, "i", &p
);
1825 if (!ioprio_priority_is_valid(p
))
1826 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid IO scheduling priority: %i", p
);
1828 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1829 c
->ioprio
= IOPRIO_PRIO_VALUE(IOPRIO_PRIO_CLASS(c
->ioprio
), p
);
1830 c
->ioprio_set
= true;
1832 unit_write_settingf(u
, flags
, name
, "IOSchedulingPriority=%i", p
);
1837 } else if (streq(name
, "WorkingDirectory")) {
1841 r
= sd_bus_message_read(message
, "s", &s
);
1851 if (!isempty(s
) && !streq(s
, "~") && !path_is_absolute(s
))
1852 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "WorkingDirectory= expects an absolute path or '~'");
1854 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1855 if (streq(s
, "~")) {
1856 c
->working_directory
= mfree(c
->working_directory
);
1857 c
->working_directory_home
= true;
1859 r
= free_and_strdup(&c
->working_directory
, empty_to_null(s
));
1863 c
->working_directory_home
= false;
1866 c
->working_directory_missing_ok
= missing_ok
;
1867 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "WorkingDirectory=%s%s", missing_ok
? "-" : "", s
);
1872 } else if (STR_IN_SET(name
,
1873 "StandardInputFileDescriptorName", "StandardOutputFileDescriptorName", "StandardErrorFileDescriptorName")) {
1876 r
= sd_bus_message_read(message
, "s", &s
);
1880 if (!isempty(s
) && !fdname_is_valid(s
))
1881 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid file descriptor name");
1883 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1885 if (streq(name
, "StandardInputFileDescriptorName")) {
1886 r
= free_and_strdup(c
->stdio_fdname
+ STDIN_FILENO
, empty_to_null(s
));
1890 c
->std_input
= EXEC_INPUT_NAMED_FD
;
1891 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardInput=fd:%s", exec_context_fdname(c
, STDIN_FILENO
));
1893 } else if (streq(name
, "StandardOutputFileDescriptorName")) {
1894 r
= free_and_strdup(c
->stdio_fdname
+ STDOUT_FILENO
, empty_to_null(s
));
1898 c
->std_output
= EXEC_OUTPUT_NAMED_FD
;
1899 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardOutput=fd:%s", exec_context_fdname(c
, STDOUT_FILENO
));
1902 assert(streq(name
, "StandardErrorFileDescriptorName"));
1904 r
= free_and_strdup(&c
->stdio_fdname
[STDERR_FILENO
], empty_to_null(s
));
1908 c
->std_error
= EXEC_OUTPUT_NAMED_FD
;
1909 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardError=fd:%s", exec_context_fdname(c
, STDERR_FILENO
));
1915 } else if (STR_IN_SET(name
, "StandardInputFile", "StandardOutputFile", "StandardErrorFile")) {
1918 r
= sd_bus_message_read(message
, "s", &s
);
1923 if (!path_is_absolute(s
))
1924 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Path %s is not absolute", s
);
1925 if (!path_is_normalized(s
))
1926 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Path %s is not normalized", s
);
1929 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1931 if (streq(name
, "StandardInputFile")) {
1932 r
= free_and_strdup(&c
->stdio_file
[STDIN_FILENO
], empty_to_null(s
));
1936 c
->std_input
= EXEC_INPUT_FILE
;
1937 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardInput=file:%s", s
);
1939 } else if (streq(name
, "StandardOutputFile")) {
1940 r
= free_and_strdup(&c
->stdio_file
[STDOUT_FILENO
], empty_to_null(s
));
1944 c
->std_output
= EXEC_OUTPUT_FILE
;
1945 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardOutput=file:%s", s
);
1948 assert(streq(name
, "StandardErrorFile"));
1950 r
= free_and_strdup(&c
->stdio_file
[STDERR_FILENO
], empty_to_null(s
));
1954 c
->std_error
= EXEC_OUTPUT_FILE
;
1955 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardError=file:%s", s
);
1961 } else if (streq(name
, "StandardInputData")) {
1965 r
= sd_bus_message_read_array(message
, 'y', &p
, &sz
);
1969 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1970 _cleanup_free_
char *encoded
= NULL
;
1973 c
->stdin_data
= mfree(c
->stdin_data
);
1974 c
->stdin_data_size
= 0;
1976 unit_write_settingf(u
, flags
, name
, "StandardInputData=");
1981 if (c
->stdin_data_size
+ sz
< c
->stdin_data_size
|| /* check for overflow */
1982 c
->stdin_data_size
+ sz
> EXEC_STDIN_DATA_MAX
)
1985 n
= base64mem(p
, sz
, &encoded
);
1989 q
= realloc(c
->stdin_data
, c
->stdin_data_size
+ sz
);
1993 memcpy((uint8_t*) q
+ c
->stdin_data_size
, p
, sz
);
1996 c
->stdin_data_size
+= sz
;
1998 unit_write_settingf(u
, flags
, name
, "StandardInputData=%s", encoded
);
2004 } else if (streq(name
, "Environment")) {
2006 _cleanup_strv_free_
char **l
= NULL
;
2008 r
= sd_bus_message_read_strv(message
, &l
);
2012 if (!strv_env_is_valid(l
))
2013 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid environment block.");
2015 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2016 if (strv_isempty(l
)) {
2017 c
->environment
= strv_free(c
->environment
);
2018 unit_write_setting(u
, flags
, name
, "Environment=");
2020 _cleanup_free_
char *joined
= NULL
;
2023 joined
= unit_concat_strv(l
, UNIT_ESCAPE_SPECIFIERS
|UNIT_ESCAPE_C
);
2027 e
= strv_env_merge(2, c
->environment
, l
);
2031 strv_free(c
->environment
);
2034 unit_write_settingf(u
, flags
, name
, "Environment=%s", joined
);
2040 } else if (streq(name
, "UnsetEnvironment")) {
2042 _cleanup_strv_free_
char **l
= NULL
;
2044 r
= sd_bus_message_read_strv(message
, &l
);
2048 if (!strv_env_name_or_assignment_is_valid(l
))
2049 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid UnsetEnvironment= list.");
2051 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2052 if (strv_isempty(l
)) {
2053 c
->unset_environment
= strv_free(c
->unset_environment
);
2054 unit_write_setting(u
, flags
, name
, "UnsetEnvironment=");
2056 _cleanup_free_
char *joined
= NULL
;
2059 joined
= unit_concat_strv(l
, UNIT_ESCAPE_SPECIFIERS
|UNIT_ESCAPE_C
);
2063 e
= strv_env_merge(2, c
->unset_environment
, l
);
2067 strv_free(c
->unset_environment
);
2068 c
->unset_environment
= e
;
2070 unit_write_settingf(u
, flags
, name
, "UnsetEnvironment=%s", joined
);
2076 } else if (streq(name
, "OOMScoreAdjust")) {
2079 r
= sd_bus_message_read(message
, "i", &oa
);
2083 if (!oom_score_adjust_is_valid(oa
))
2084 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "OOM score adjust value out of range");
2086 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2087 c
->oom_score_adjust
= oa
;
2088 c
->oom_score_adjust_set
= true;
2089 unit_write_settingf(u
, flags
, name
, "OOMScoreAdjust=%i", oa
);
2094 } else if (streq(name
, "EnvironmentFiles")) {
2096 _cleanup_free_
char *joined
= NULL
;
2097 _cleanup_fclose_
FILE *f
= NULL
;
2098 _cleanup_strv_free_
char **l
= NULL
;
2102 r
= sd_bus_message_enter_container(message
, 'a', "(sb)");
2106 f
= open_memstream(&joined
, &size
);
2110 (void) __fsetlocking(f
, FSETLOCKING_BYCALLER
);
2112 fputs("EnvironmentFile=\n", f
);
2114 STRV_FOREACH(i
, c
->environment_files
) {
2115 _cleanup_free_
char *q
= NULL
;
2117 q
= specifier_escape(*i
);
2121 fprintf(f
, "EnvironmentFile=%s\n", q
);
2124 while ((r
= sd_bus_message_enter_container(message
, 'r', "sb")) > 0) {
2128 r
= sd_bus_message_read(message
, "sb", &path
, &b
);
2132 r
= sd_bus_message_exit_container(message
);
2136 if (!path_is_absolute(path
))
2137 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Path %s is not absolute.", path
);
2139 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2140 _cleanup_free_
char *q
= NULL
;
2143 buf
= strjoin(b
? "-" : "", path
);
2147 q
= specifier_escape(buf
);
2153 fprintf(f
, "EnvironmentFile=%s\n", q
);
2155 r
= strv_consume(&l
, buf
);
2163 r
= sd_bus_message_exit_container(message
);
2167 r
= fflush_and_check(f
);
2171 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2172 if (strv_isempty(l
)) {
2173 c
->environment_files
= strv_free(c
->environment_files
);
2174 unit_write_setting(u
, flags
, name
, "EnvironmentFile=");
2176 r
= strv_extend_strv(&c
->environment_files
, l
, true);
2180 unit_write_setting(u
, flags
, name
, joined
);
2186 } else if (streq(name
, "PassEnvironment")) {
2188 _cleanup_strv_free_
char **l
= NULL
;
2190 r
= sd_bus_message_read_strv(message
, &l
);
2194 if (!strv_env_name_is_valid(l
))
2195 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid PassEnvironment= block.");
2197 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2198 if (strv_isempty(l
)) {
2199 c
->pass_environment
= strv_free(c
->pass_environment
);
2200 unit_write_setting(u
, flags
, name
, "PassEnvironment=");
2202 _cleanup_free_
char *joined
= NULL
;
2204 r
= strv_extend_strv(&c
->pass_environment
, l
, true);
2208 /* We write just the new settings out to file, with unresolved specifiers. */
2209 joined
= unit_concat_strv(l
, UNIT_ESCAPE_SPECIFIERS
);
2213 unit_write_settingf(u
, flags
, name
, "PassEnvironment=%s", joined
);
2219 } else if (STR_IN_SET(name
, "ReadWriteDirectories", "ReadOnlyDirectories", "InaccessibleDirectories",
2220 "ReadWritePaths", "ReadOnlyPaths", "InaccessiblePaths")) {
2221 _cleanup_strv_free_
char **l
= NULL
;
2225 r
= sd_bus_message_read_strv(message
, &l
);
2229 STRV_FOREACH(p
, l
) {
2233 offset
= i
[0] == '-';
2234 offset
+= i
[offset
] == '+';
2235 if (!path_is_absolute(i
+ offset
))
2236 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid %s", name
);
2238 path_kill_slashes(i
+ offset
);
2241 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2242 if (STR_IN_SET(name
, "ReadWriteDirectories", "ReadWritePaths"))
2243 dirs
= &c
->read_write_paths
;
2244 else if (STR_IN_SET(name
, "ReadOnlyDirectories", "ReadOnlyPaths"))
2245 dirs
= &c
->read_only_paths
;
2246 else /* "InaccessiblePaths" */
2247 dirs
= &c
->inaccessible_paths
;
2249 if (strv_isempty(l
)) {
2250 *dirs
= strv_free(*dirs
);
2251 unit_write_settingf(u
, flags
, name
, "%s=", name
);
2253 _cleanup_free_
char *joined
= NULL
;
2255 joined
= unit_concat_strv(l
, UNIT_ESCAPE_SPECIFIERS
);
2259 r
= strv_extend_strv(dirs
, l
, true);
2263 unit_write_settingf(u
, flags
, name
, "%s=%s", name
, joined
);
2269 } else if (STR_IN_SET(name
, "RuntimeDirectory", "StateDirectory", "CacheDirectory", "LogsDirectory", "ConfigurationDirectory")) {
2270 _cleanup_strv_free_
char **l
= NULL
;
2273 r
= sd_bus_message_read_strv(message
, &l
);
2277 STRV_FOREACH(p
, l
) {
2278 if (!path_is_normalized(*p
) || path_is_absolute(*p
))
2279 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "%s= path is not valid: %s", name
, *p
);
2282 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2283 char ***dirs
= NULL
;
2284 ExecDirectoryType i
;
2286 for (i
= 0; i
< _EXEC_DIRECTORY_TYPE_MAX
; i
++)
2287 if (streq(name
, exec_directory_type_to_string(i
))) {
2288 dirs
= &c
->directories
[i
].paths
;
2294 if (strv_isempty(l
)) {
2295 *dirs
= strv_free(*dirs
);
2296 unit_write_settingf(u
, flags
, name
, "%s=", name
);
2298 _cleanup_free_
char *joined
= NULL
;
2300 r
= strv_extend_strv(dirs
, l
, true);
2304 joined
= unit_concat_strv(l
, UNIT_ESCAPE_SPECIFIERS
);
2308 unit_write_settingf(u
, flags
, name
, "%s=%s", name
, joined
);
2314 } else if (STR_IN_SET(name
, "AppArmorProfile", "SmackProcessLabel")) {
2318 r
= sd_bus_message_read(message
, "(bs)", &ignore
, &s
);
2322 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2326 if (streq(name
, "AppArmorProfile")) {
2327 p
= &c
->apparmor_profile
;
2328 b
= &c
->apparmor_profile_ignore
;
2329 } else { /* "SmackProcessLabel" */
2330 p
= &c
->smack_process_label
;
2331 b
= &c
->smack_process_label_ignore
;
2338 if (free_and_strdup(p
, s
) < 0)
2343 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "%s=%s%s", name
, ignore
? "-" : "", strempty(s
));
2348 } else if (STR_IN_SET(name
, "BindPaths", "BindReadOnlyPaths")) {
2349 const char *source
, *destination
;
2351 uint64_t mount_flags
;
2354 r
= sd_bus_message_enter_container(message
, 'a', "(ssbt)");
2358 while ((r
= sd_bus_message_read(message
, "(ssbt)", &source
, &destination
, &ignore_enoent
, &mount_flags
)) > 0) {
2360 if (!path_is_absolute(source
))
2361 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Source path %s is not absolute.", source
);
2362 if (!path_is_absolute(destination
))
2363 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Destination path %s is not absolute.", destination
);
2364 if (!IN_SET(mount_flags
, 0, MS_REC
))
2365 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Unknown mount flags.");
2367 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2368 r
= bind_mount_add(&c
->bind_mounts
, &c
->n_bind_mounts
,
2370 .source
= strdup(source
),
2371 .destination
= strdup(destination
),
2372 .read_only
= !!strstr(name
, "ReadOnly"),
2373 .recursive
= !!(mount_flags
& MS_REC
),
2374 .ignore_enoent
= ignore_enoent
,
2379 unit_write_settingf(
2380 u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
,
2383 ignore_enoent
? "-" : "",
2386 (mount_flags
& MS_REC
) ? "rbind" : "norbind");
2394 r
= sd_bus_message_exit_container(message
);
2399 bind_mount_free_many(c
->bind_mounts
, c
->n_bind_mounts
);
2400 c
->bind_mounts
= NULL
;
2401 c
->n_bind_mounts
= 0;
2403 unit_write_settingf(u
, flags
, name
, "%s=", name
);
2408 } else if (streq(name
, "TemporaryFileSystem")) {
2409 const char *path
, *options
;
2412 r
= sd_bus_message_enter_container(message
, 'a', "(ss)");
2416 while ((r
= sd_bus_message_read(message
, "(ss)", &path
, &options
)) > 0) {
2418 if (!path_is_absolute(path
))
2419 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Mount point %s is not absolute.", path
);
2421 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2422 r
= temporary_filesystem_add(&c
->temporary_filesystems
, &c
->n_temporary_filesystems
, path
, options
);
2426 unit_write_settingf(
2427 u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
,
2439 r
= sd_bus_message_exit_container(message
);
2444 temporary_filesystem_free_many(c
->temporary_filesystems
, c
->n_temporary_filesystems
);
2445 c
->temporary_filesystems
= NULL
;
2446 c
->n_temporary_filesystems
= 0;
2448 unit_write_settingf(u
, flags
, name
, "%s=", name
);
2454 ri
= rlimit_from_string(name
);
2456 soft
= endswith(name
, "Soft");
2460 n
= strndupa(name
, soft
- name
);
2461 ri
= rlimit_from_string(n
);
2472 r
= sd_bus_message_read(message
, "t", &rl
);
2476 if (rl
== (uint64_t) -1)
2481 if ((uint64_t) x
!= rl
)
2485 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2486 _cleanup_free_
char *f
= NULL
;
2489 if (c
->rlimit
[ri
]) {
2490 nl
= *c
->rlimit
[ri
];
2497 /* When the resource limit is not initialized yet, then assign the value to both fields */
2498 nl
= (struct rlimit
) {
2503 r
= rlimit_format(&nl
, &f
);
2508 *c
->rlimit
[ri
] = nl
;
2510 c
->rlimit
[ri
] = newdup(struct rlimit
, &nl
, 1);
2515 unit_write_settingf(u
, flags
, name
, "%s=%s", name
, f
);