]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/execute.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
journalctl(1): s/adm/systemd-journal/
[thirdparty/systemd.git] / src / core / execute.c
CommitLineData
d6c9574f 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
5cb5a6ff 2
a7334b09
LP		 3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
a7334b09 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
5cb5a6ff 22#include <assert.h>
034c6ed7
LP		 23#include <dirent.h>
24#include <errno.h>
25#include <fcntl.h>
26#include <unistd.h>
44d8db9e 27#include <string.h>
309bff19 28#include <signal.h>
071830ff
LP		 29#include <sys/socket.h>
30#include <sys/un.h>
94f04347 31#include <sys/prctl.h>
66ee3769 32#include <linux/sched.h>
451a074f
LP		 33#include <sys/types.h>
34#include <sys/stat.h>
81a2b7ce
LP		 35#include <grp.h>
36#include <pwd.h>
15ae422b 37#include <sys/mount.h>
25e870b5 38#include <linux/fs.h>
dd6c17b1 39#include <linux/oom.h>
f2b68789 40#include <sys/poll.h>
8351ceae 41#include <linux/seccomp-bpf.h>
2bef10ab 42#include <glob.h>
d34cd374 43#include <libgen.h>
5cb5a6ff 44
5b6319dc
LP		 45#ifdef HAVE_PAM
46#include <security/pam_appl.h>
47#endif
48
5cb5a6ff
LP		 49#include "execute.h"
50#include "strv.h"
51#include "macro.h"
d7832d2c 52#include "capability.h"
5cb5a6ff 53#include "util.h"
acbb0225 54#include "log.h"
20ad4cfd 55#include "sd-messages.h"
9eba9da4 56#include "ioprio.h"
94f04347 57#include "securebits.h"
15ae422b 58#include "namespace.h"
df1f0afe 59#include "tcpwrap.h"
d06dacd0 60#include "exit-status.h"
dd6c17b1 61#include "missing.h"
169c1bda 62#include "utmp-wtmp.h"
f6a6225e 63#include "def.h"
ff01d048 64#include "loopback-setup.h"
9eb977db 65#include "path-util.h"
8351ceae 66#include "syscall-list.h"
4d1a6904 67#include "env-util.h"
a5c32cff 68#include "fileio.h"
4ad49000 69#include "unit.h"
f485606b 70#include "async.h"
5cb5a6ff 71
e056b01d 72#define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)
31a7eb86 73#define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC)
e6a26745 74
02a51aba
LP		 75/* This assumes there is a 'tty' group */
76#define TTY_MODE 0620
77
034c6ed7
LP		 78static int shift_fds(int fds[], unsigned n_fds) {
79 int start, restart_from;
80
81 if (n_fds <= 0)
82 return 0;
83
a0d40ac5
LP		 84 /* Modifies the fds array! (sorts it) */
85
034c6ed7
LP		 86 assert(fds);
87
88 start = 0;
89 for (;;) {
90 int i;
91
92 restart_from = -1;
93
94 for (i = start; i < (int) n_fds; i++) {
95 int nfd;
96
97 /* Already at right index? */
98 if (fds[i] == i+3)
99 continue;
100
101 if ((nfd = fcntl(fds[i], F_DUPFD, i+3)) < 0)
102 return -errno;
103
e1f5e051 104 close_nointr_nofail(fds[i]);
034c6ed7
LP		 105 fds[i] = nfd;
106
107 /* Hmm, the fd we wanted isn't free? Then
108 * let's remember that and try again from here*/
109 if (nfd != i+3 && restart_from < 0)
110 restart_from = i;
111 }
112
113 if (restart_from < 0)
114 break;
115
116 start = restart_from;
117 }
118
119 return 0;
120}
121
c2748801 122static int flags_fds(const int fds[], unsigned n_fds, bool nonblock) {
47a71eed 123 unsigned i;
e2c76839 124 int r;
47a71eed
LP		 125
126 if (n_fds <= 0)
127 return 0;
128
129 assert(fds);
130
451a074f 131 /* Drops/Sets O_NONBLOCK and FD_CLOEXEC from the file flags */
47a71eed
LP		 132
133 for (i = 0; i < n_fds; i++) {
47a71eed 134
e2c76839
LP		 135 if ((r = fd_nonblock(fds[i], nonblock)) < 0)
136 return r;
47a71eed 137
451a074f
LP		 138 /* We unconditionally drop FD_CLOEXEC from the fds,
139 * since after all we want to pass these fds to our
140 * children */
47a71eed 141
e2c76839
LP		 142 if ((r = fd_cloexec(fds[i], false)) < 0)
143 return r;
47a71eed
LP		 144 }
145
146 return 0;
147}
148
44a6b1b6 149_pure_ static const char *tty_path(const ExecContext *context) {
80876c20
LP		 150 assert(context);
151
152 if (context->tty_path)
153 return context->tty_path;
154
155 return "/dev/console";
156}
157
6ea832a2
LP		 158void exec_context_tty_reset(const ExecContext *context) {
159 assert(context);
160
161 if (context->tty_vhangup)
162 terminal_vhangup(tty_path(context));
163
164 if (context->tty_reset)
165 reset_terminal(tty_path(context));
166
167 if (context->tty_vt_disallocate && context->tty_path)
168 vt_disallocate(context->tty_path);
169}
170
3a1286b6
MS		 171static bool is_terminal_output(ExecOutput o) {
172 return
173 o == EXEC_OUTPUT_TTY ||
174 o == EXEC_OUTPUT_SYSLOG_AND_CONSOLE ||
175 o == EXEC_OUTPUT_KMSG_AND_CONSOLE ||
176 o == EXEC_OUTPUT_JOURNAL_AND_CONSOLE;
177}
178
c17ec25e
MS		 179void exec_context_serialize(const ExecContext *context, Unit *u, FILE *f) {
180 assert(context);
181 assert(u);
182 assert(f);
183
184 if (context->tmp_dir)
185 unit_serialize_item(u, f, "tmp-dir", context->tmp_dir);
186
187 if (context->var_tmp_dir)
188 unit_serialize_item(u, f, "var-tmp-dir", context->var_tmp_dir);
189}
190
80876c20
LP		 191static int open_null_as(int flags, int nfd) {
192 int fd, r;
071830ff 193
80876c20 194 assert(nfd >= 0);
071830ff 195
80876c20 196 if ((fd = open("/dev/null", flags|O_NOCTTY)) < 0)
071830ff
LP		 197 return -errno;
198
80876c20
LP		 199 if (fd != nfd) {
200 r = dup2(fd, nfd) < 0 ? -errno : nfd;
e1f5e051 201 close_nointr_nofail(fd);
80876c20
LP		 202 } else
203 r = nfd;
071830ff 204
80876c20 205 return r;
071830ff
LP		 206}
207
62bca2c6 208static int connect_logger_as(const ExecContext *context, ExecOutput output, const char *ident, const char *unit_id, int nfd) {
80876c20 209 int fd, r;
b92bea5d
ZJS		 210 union sockaddr_union sa = {
211 .un.sun_family = AF_UNIX,
212 .un.sun_path = "/run/systemd/journal/stdout",
213 };
071830ff
LP		 214
215 assert(context);
80876c20
LP		 216 assert(output < _EXEC_OUTPUT_MAX);
217 assert(ident);
218 assert(nfd >= 0);
071830ff 219
54fe0cdb
LP		 220 fd = socket(AF_UNIX, SOCK_STREAM, 0);
221 if (fd < 0)
80876c20 222 return -errno;
071830ff 223
54fe0cdb
LP		 224 r = connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path));
225 if (r < 0) {
80876c20
LP		 226 close_nointr_nofail(fd);
227 return -errno;
228 }
071830ff 229
80876c20
LP		 230 if (shutdown(fd, SHUT_RD) < 0) {
231 close_nointr_nofail(fd);
232 return -errno;
233 }
071830ff 234
80876c20 235 dprintf(fd,
62bca2c6 236 "%s\n"
80876c20
LP		 237 "%s\n"
238 "%i\n"
54fe0cdb
LP		 239 "%i\n"
240 "%i\n"
241 "%i\n"
4f4a1dbf 242 "%i\n",
4f4a1dbf 243 context->syslog_identifier ? context->syslog_identifier : ident,
62bca2c6 244 unit_id,
54fe0cdb
LP		 245 context->syslog_priority,
246 !!context->syslog_level_prefix,
247 output == EXEC_OUTPUT_SYSLOG || output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
248 output == EXEC_OUTPUT_KMSG || output == EXEC_OUTPUT_KMSG_AND_CONSOLE,
3a1286b6 249 is_terminal_output(output));
80876c20
LP		 250
251 if (fd != nfd) {
252 r = dup2(fd, nfd) < 0 ? -errno : nfd;
e1f5e051 253 close_nointr_nofail(fd);
80876c20
LP		 254 } else
255 r = nfd;
071830ff 256
80876c20
LP		 257 return r;
258}
259static int open_terminal_as(const char *path, mode_t mode, int nfd) {
260 int fd, r;
071830ff 261
80876c20
LP		 262 assert(path);
263 assert(nfd >= 0);
071830ff 264
80876c20
LP		 265 if ((fd = open_terminal(path, mode | O_NOCTTY)) < 0)
266 return fd;
071830ff 267
80876c20
LP		 268 if (fd != nfd) {
269 r = dup2(fd, nfd) < 0 ? -errno : nfd;
270 close_nointr_nofail(fd);
271 } else
272 r = nfd;
071830ff 273
80876c20
LP		 274 return r;
275}
071830ff 276
80876c20
LP		 277static bool is_terminal_input(ExecInput i) {
278 return
279 i == EXEC_INPUT_TTY ||
280 i == EXEC_INPUT_TTY_FORCE ||
281 i == EXEC_INPUT_TTY_FAIL;
282}
071830ff 283
1e3ad081
LP		 284static int fixup_input(ExecInput std_input, int socket_fd, bool apply_tty_stdin) {
285
286 if (is_terminal_input(std_input) && !apply_tty_stdin)
287 return EXEC_INPUT_NULL;
071830ff 288
03fd9c49 289 if (std_input == EXEC_INPUT_SOCKET && socket_fd < 0)
4f2d528d
LP		 290 return EXEC_INPUT_NULL;
291
03fd9c49 292 return std_input;
4f2d528d
LP		 293}
294
03fd9c49 295static int fixup_output(ExecOutput std_output, int socket_fd) {
4f2d528d 296
03fd9c49 297 if (std_output == EXEC_OUTPUT_SOCKET && socket_fd < 0)
4f2d528d
LP		 298 return EXEC_OUTPUT_INHERIT;
299
03fd9c49 300 return std_output;
4f2d528d
LP		 301}
302
1e3ad081 303static int setup_input(const ExecContext *context, int socket_fd, bool apply_tty_stdin) {
4f2d528d
LP		 304 ExecInput i;
305
306 assert(context);
307
1e3ad081 308 i = fixup_input(context->std_input, socket_fd, apply_tty_stdin);
4f2d528d
LP		 309
310 switch (i) {
071830ff 311
80876c20
LP		 312 case EXEC_INPUT_NULL:
313 return open_null_as(O_RDONLY, STDIN_FILENO);
314
315 case EXEC_INPUT_TTY:
316 case EXEC_INPUT_TTY_FORCE:
317 case EXEC_INPUT_TTY_FAIL: {
318 int fd, r;
071830ff 319
80876c20
LP		 320 if ((fd = acquire_terminal(
321 tty_path(context),
4f2d528d 322 i == EXEC_INPUT_TTY_FAIL,
21de3988 323 i == EXEC_INPUT_TTY_FORCE,
af6da548
LP		 324 false,
325 (usec_t) -1)) < 0)
80876c20
LP		 326 return fd;
327
328 if (fd != STDIN_FILENO) {
329 r = dup2(fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;
071830ff 330 close_nointr_nofail(fd);
80876c20
LP		 331 } else
332 r = STDIN_FILENO;
333
334 return r;
335 }
336
4f2d528d
LP		 337 case EXEC_INPUT_SOCKET:
338 return dup2(socket_fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;
339
80876c20
LP		 340 default:
341 assert_not_reached("Unknown input type");
342 }
343}
344
eb17e935 345static int setup_output(const ExecContext *context, int fileno, int socket_fd, const char *ident, const char *unit_id, bool apply_tty_stdin) {
4f2d528d
LP		 346 ExecOutput o;
347 ExecInput i;
47c1d80d 348 int r;
4f2d528d 349
80876c20
LP		 350 assert(context);
351 assert(ident);
352
1e3ad081 353 i = fixup_input(context->std_input, socket_fd, apply_tty_stdin);
03fd9c49 354 o = fixup_output(context->std_output, socket_fd);
4f2d528d 355
eb17e935
MS		 356 if (fileno == STDERR_FILENO) {
357 ExecOutput e;
358 e = fixup_output(context->std_error, socket_fd);
80876c20 359
eb17e935
MS		 360 /* This expects the input and output are already set up */
361
362 /* Don't change the stderr file descriptor if we inherit all
363 * the way and are not on a tty */
364 if (e == EXEC_OUTPUT_INHERIT &&
365 o == EXEC_OUTPUT_INHERIT &&
366 i == EXEC_INPUT_NULL &&
367 !is_terminal_input(context->std_input) &&
368 getppid () != 1)
369 return fileno;
370
371 /* Duplicate from stdout if possible */
372 if (e == o || e == EXEC_OUTPUT_INHERIT)
373 return dup2(STDOUT_FILENO, fileno) < 0 ? -errno : fileno;
071830ff 374
eb17e935 375 o = e;
80876c20 376
eb17e935 377 } else if (o == EXEC_OUTPUT_INHERIT) {
21d21ea4
LP		 378 /* If input got downgraded, inherit the original value */
379 if (i == EXEC_INPUT_NULL && is_terminal_input(context->std_input))
eb17e935 380 return open_terminal_as(tty_path(context), O_WRONLY, fileno);
21d21ea4 381
acb591e4 382 /* If the input is connected to anything that's not a /dev/null, inherit that... */
ff876e28 383 if (i != EXEC_INPUT_NULL)
eb17e935 384 return dup2(STDIN_FILENO, fileno) < 0 ? -errno : fileno;
071830ff 385
acb591e4
LP		 386 /* If we are not started from PID 1 we just inherit STDOUT from our parent process. */
387 if (getppid() != 1)
eb17e935 388 return fileno;
94f04347 389
eb17e935
MS		 390 /* We need to open /dev/null here anew, to get the right access mode. */
391 return open_null_as(O_WRONLY, fileno);
071830ff 392 }
94f04347 393
eb17e935 394 switch (o) {
80876c20
LP		 395
396 case EXEC_OUTPUT_NULL:
eb17e935 397 return open_null_as(O_WRONLY, fileno);
80876c20
LP		 398
399 case EXEC_OUTPUT_TTY:
4f2d528d 400 if (is_terminal_input(i))
eb17e935 401 return dup2(STDIN_FILENO, fileno) < 0 ? -errno : fileno;
80876c20
LP		 402
403 /* We don't reset the terminal if this is just about output */
eb17e935 404 return open_terminal_as(tty_path(context), O_WRONLY, fileno);
80876c20
LP		 405
406 case EXEC_OUTPUT_SYSLOG:
28dbc1e8 407 case EXEC_OUTPUT_SYSLOG_AND_CONSOLE:
9a6bca7a 408 case EXEC_OUTPUT_KMSG:
28dbc1e8 409 case EXEC_OUTPUT_KMSG_AND_CONSOLE:
706343f4
LP		 410 case EXEC_OUTPUT_JOURNAL:
411 case EXEC_OUTPUT_JOURNAL_AND_CONSOLE:
eb17e935 412 r = connect_logger_as(context, o, ident, unit_id, fileno);
47c1d80d 413 if (r < 0) {
80cbda35
MS		 414 log_struct_unit(LOG_CRIT, unit_id,
415 "MESSAGE=Failed to connect std%s of %s to the journal socket: %s",
eb17e935 416 fileno == STDOUT_FILENO ? "out" : "err",
80cbda35
MS		 417 unit_id, strerror(-r),
418 "ERRNO=%d", -r,
419 NULL);
eb17e935 420 r = open_null_as(O_WRONLY, fileno);
47c1d80d
MS		 421 }
422 return r;
4f2d528d
LP		 423
424 case EXEC_OUTPUT_SOCKET:
425 assert(socket_fd >= 0);
eb17e935 426 return dup2(socket_fd, fileno) < 0 ? -errno : fileno;
94f04347
LP		 427
428 default:
80876c20 429 assert_not_reached("Unknown error type");
94f04347 430 }
071830ff
LP		 431}
432
02a51aba
LP		 433static int chown_terminal(int fd, uid_t uid) {
434 struct stat st;
435
436 assert(fd >= 0);
02a51aba
LP		 437
438 /* This might fail. What matters are the results. */
bab45044
LP		 439 (void) fchown(fd, uid, -1);
440 (void) fchmod(fd, TTY_MODE);
02a51aba
LP		 441
442 if (fstat(fd, &st) < 0)
443 return -errno;
444
d8b4e2e9 445 if (st.st_uid != uid || (st.st_mode & 0777) != TTY_MODE)
02a51aba
LP		 446 return -EPERM;
447
448 return 0;
449}
450
af6da548 451static int setup_confirm_stdio(int *_saved_stdin,
80876c20
LP		 452 int *_saved_stdout) {
453 int fd = -1, saved_stdin, saved_stdout = -1, r;
454
80876c20
LP		 455 assert(_saved_stdin);
456 assert(_saved_stdout);
457
af6da548
LP		 458 saved_stdin = fcntl(STDIN_FILENO, F_DUPFD, 3);
459 if (saved_stdin < 0)
460 return -errno;
80876c20 461
af6da548
LP		 462 saved_stdout = fcntl(STDOUT_FILENO, F_DUPFD, 3);
463 if (saved_stdout < 0) {
464 r = errno;
80876c20
LP		 465 goto fail;
466 }
467
af6da548
LP		 468 fd = acquire_terminal(
469 "/dev/console",
470 false,
471 false,
472 false,
473 DEFAULT_CONFIRM_USEC);
474 if (fd < 0) {
475 r = fd;
80876c20
LP		 476 goto fail;
477 }
478
af6da548
LP		 479 r = chown_terminal(fd, getuid());
480 if (r < 0)
02a51aba 481 goto fail;
02a51aba 482
80876c20 483 if (dup2(fd, STDIN_FILENO) < 0) {
af6da548 484 r = -errno;
80876c20
LP		 485 goto fail;
486 }
487
488 if (dup2(fd, STDOUT_FILENO) < 0) {
af6da548 489 r = -errno;
80876c20
LP		 490 goto fail;
491 }
492
493 if (fd >= 2)
494 close_nointr_nofail(fd);
495
496 *_saved_stdin = saved_stdin;
497 *_saved_stdout = saved_stdout;
498
499 return 0;
500
501fail:
502 if (saved_stdout >= 0)
503 close_nointr_nofail(saved_stdout);
504
505 if (saved_stdin >= 0)
506 close_nointr_nofail(saved_stdin);
507
508 if (fd >= 0)
509 close_nointr_nofail(fd);
510
511 return r;
512}
513
44a6b1b6 514_printf_attr_(1, 2) static int write_confirm_message(const char *format, ...) {
af6da548
LP		 515 int fd;
516 va_list ap;
80876c20 517
af6da548 518 assert(format);
80876c20 519
af6da548
LP		 520 fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
521 if (fd < 0)
522 return fd;
80876c20 523
af6da548
LP		 524 va_start(ap, format);
525 vdprintf(fd, format, ap);
526 va_end(ap);
80876c20 527
af6da548 528 close_nointr_nofail(fd);
80876c20 529
af6da548
LP		 530 return 0;
531}
80876c20 532
af6da548
LP		 533static int restore_confirm_stdio(int *saved_stdin,
534 int *saved_stdout) {
80876c20 535
af6da548 536 int r = 0;
80876c20 537
af6da548
LP		 538 assert(saved_stdin);
539 assert(saved_stdout);
540
541 release_terminal();
542
543 if (*saved_stdin >= 0)
80876c20 544 if (dup2(*saved_stdin, STDIN_FILENO) < 0)
af6da548 545 r = -errno;
80876c20 546
af6da548 547 if (*saved_stdout >= 0)
80876c20 548 if (dup2(*saved_stdout, STDOUT_FILENO) < 0)
af6da548 549 r = -errno;
80876c20 550
af6da548
LP		 551 if (*saved_stdin >= 0)
552 close_nointr_nofail(*saved_stdin);
80876c20 553
af6da548
LP		 554 if (*saved_stdout >= 0)
555 close_nointr_nofail(*saved_stdout);
556
557 return r;
558}
559
560static int ask_for_confirmation(char *response, char **argv) {
561 int saved_stdout = -1, saved_stdin = -1, r;
562 char *line;
563
564 r = setup_confirm_stdio(&saved_stdin, &saved_stdout);
565 if (r < 0)
566 return r;
567
568 line = exec_command_line(argv);
569 if (!line)
570 return -ENOMEM;
571
572 r = ask(response, "yns", "Execute %s? [Yes, No, Skip] ", line);
573 free(line);
574
575 restore_confirm_stdio(&saved_stdin, &saved_stdout);
576
577 return r;
80876c20
LP		 578}
579
81a2b7ce
LP		 580static int enforce_groups(const ExecContext *context, const char *username, gid_t gid) {
581 bool keep_groups = false;
582 int r;
583
584 assert(context);
585
35b8ca3a 586 /* Lookup and set GID and supplementary group list. Here too
81a2b7ce
LP		 587 * we avoid NSS lookups for gid=0. */
588
589 if (context->group || username) {
590
4b67834e
LP		 591 if (context->group) {
592 const char *g = context->group;
593
594 if ((r = get_group_creds(&g, &gid)) < 0)
81a2b7ce 595 return r;
4b67834e 596 }
81a2b7ce
LP		 597
598 /* First step, initialize groups from /etc/groups */
599 if (username && gid != 0) {
600 if (initgroups(username, gid) < 0)
601 return -errno;
602
603 keep_groups = true;
604 }
605
606 /* Second step, set our gids */
607 if (setresgid(gid, gid, gid) < 0)
608 return -errno;
609 }
610
611 if (context->supplementary_groups) {
612 int ngroups_max, k;
613 gid_t *gids;
614 char **i;
615
616 /* Final step, initialize any manually set supplementary groups */
da19d5c1 617 assert_se((ngroups_max = (int) sysconf(_SC_NGROUPS_MAX)) > 0);
81a2b7ce
LP		 618
619 if (!(gids = new(gid_t, ngroups_max)))
620 return -ENOMEM;
621
622 if (keep_groups) {
623 if ((k = getgroups(ngroups_max, gids)) < 0) {
624 free(gids);
625 return -errno;
626 }
627 } else
628 k = 0;
629
630 STRV_FOREACH(i, context->supplementary_groups) {
4b67834e 631 const char *g;
81a2b7ce
LP		 632
633 if (k >= ngroups_max) {
634 free(gids);
635 return -E2BIG;
636 }
637
4b67834e
LP		 638 g = *i;
639 r = get_group_creds(&g, gids+k);
640 if (r < 0) {
81a2b7ce
LP		 641 free(gids);
642 return r;
643 }
644
645 k++;
646 }
647
648 if (setgroups(k, gids) < 0) {
649 free(gids);
650 return -errno;
651 }
652
653 free(gids);
654 }
655
656 return 0;
657}
658
659static int enforce_user(const ExecContext *context, uid_t uid) {
660 int r;
661 assert(context);
662
663 /* Sets (but doesn't lookup) the uid and make sure we keep the
664 * capabilities while doing so. */
665
666 if (context->capabilities) {
667 cap_t d;
668 static const cap_value_t bits[] = {
669 CAP_SETUID, /* Necessary so that we can run setresuid() below */
670 CAP_SETPCAP /* Necessary so that we can set PR_SET_SECUREBITS later on */
671 };
672
673 /* First step: If we need to keep capabilities but
674 * drop privileges we need to make sure we keep our
cbb21cca 675 * caps, while we drop privileges. */
693ced48 676 if (uid != 0) {
cbb21cca 677 int sb = context->secure_bits | 1<<SECURE_KEEP_CAPS;
693ced48
LP		 678
679 if (prctl(PR_GET_SECUREBITS) != sb)
680 if (prctl(PR_SET_SECUREBITS, sb) < 0)
681 return -errno;
682 }
81a2b7ce 683
35b8ca3a 684 /* Second step: set the capabilities. This will reduce
81a2b7ce
LP		 685 * the capabilities to the minimum we need. */
686
687 if (!(d = cap_dup(context->capabilities)))
688 return -errno;
689
690 if (cap_set_flag(d, CAP_EFFECTIVE, ELEMENTSOF(bits), bits, CAP_SET) < 0 ||
691 cap_set_flag(d, CAP_PERMITTED, ELEMENTSOF(bits), bits, CAP_SET) < 0) {
692 r = -errno;
693 cap_free(d);
694 return r;
695 }
696
697 if (cap_set_proc(d) < 0) {
698 r = -errno;
699 cap_free(d);
700 return r;
701 }
702
703 cap_free(d);
704 }
705
706 /* Third step: actually set the uids */
707 if (setresuid(uid, uid, uid) < 0)
708 return -errno;
709
710 /* At this point we should have all necessary capabilities but
711 are otherwise a normal user. However, the caps might got
712 corrupted due to the setresuid() so we need clean them up
713 later. This is done outside of this call. */
714
715 return 0;
716}
717
5b6319dc
LP		 718#ifdef HAVE_PAM
719
720static int null_conv(
721 int num_msg,
722 const struct pam_message **msg,
723 struct pam_response **resp,
724 void *appdata_ptr) {
725
726 /* We don't support conversations */
727
728 return PAM_CONV_ERR;
729}
730
731static int setup_pam(
732 const char *name,
733 const char *user,
940c5210 734 uid_t uid,
5b6319dc
LP		 735 const char *tty,
736 char ***pam_env,
737 int fds[], unsigned n_fds) {
738
739 static const struct pam_conv conv = {
740 .conv = null_conv,
741 .appdata_ptr = NULL
742 };
743
744 pam_handle_t *handle = NULL;
745 sigset_t ss, old_ss;
746 int pam_code = PAM_SUCCESS;
9ba35398 747 int err;
5b6319dc
LP		 748 char **e = NULL;
749 bool close_session = false;
750 pid_t pam_pid = 0, parent_pid;
751
752 assert(name);
753 assert(user);
754 assert(pam_env);
755
756 /* We set up PAM in the parent process, then fork. The child
35b8ca3a 757 * will then stay around until killed via PR_GET_PDEATHSIG or
5b6319dc
LP		 758 * systemd via the cgroup logic. It will then remove the PAM
759 * session again. The parent process will exec() the actual
760 * daemon. We do things this way to ensure that the main PID
761 * of the daemon is the one we initially fork()ed. */
762
763 if ((pam_code = pam_start(name, user, &conv, &handle)) != PAM_SUCCESS) {
764 handle = NULL;
765 goto fail;
766 }
767
768 if (tty)
769 if ((pam_code = pam_set_item(handle, PAM_TTY, tty)) != PAM_SUCCESS)
770 goto fail;
771
772 if ((pam_code = pam_acct_mgmt(handle, PAM_SILENT)) != PAM_SUCCESS)
773 goto fail;
774
775 if ((pam_code = pam_open_session(handle, PAM_SILENT)) != PAM_SUCCESS)
776 goto fail;
777
778 close_session = true;
779
5b6319dc
LP		 780 if ((!(e = pam_getenvlist(handle)))) {
781 pam_code = PAM_BUF_ERR;
782 goto fail;
783 }
784
785 /* Block SIGTERM, so that we know that it won't get lost in
786 * the child */
787 if (sigemptyset(&ss) < 0 ||
788 sigaddset(&ss, SIGTERM) < 0 ||
789 sigprocmask(SIG_BLOCK, &ss, &old_ss) < 0)
790 goto fail;
791
792 parent_pid = getpid();
793
794 if ((pam_pid = fork()) < 0)
795 goto fail;
796
797 if (pam_pid == 0) {
798 int sig;
799 int r = EXIT_PAM;
800
801 /* The child's job is to reset the PAM session on
802 * termination */
803
804 /* This string must fit in 10 chars (i.e. the length
5d6b1584
LP		 805 * of "/sbin/init"), to look pretty in /bin/ps */
806 rename_process("(sd-pam)");
5b6319dc
LP		 807
808 /* Make sure we don't keep open the passed fds in this
809 child. We assume that otherwise only those fds are
810 open here that have been opened by PAM. */
811 close_many(fds, n_fds);
812
940c5210
AK		 813 /* Drop privileges - we don't need any to pam_close_session
814 * and this will make PR_SET_PDEATHSIG work in most cases.
815 * If this fails, ignore the error - but expect sd-pam threads
816 * to fail to exit normally */
817 if (setresuid(uid, uid, uid) < 0)
818 log_error("Error: Failed to setresuid() in sd-pam: %s", strerror(-r));
819
820 /* Wait until our parent died. This will only work if
821 * the above setresuid() succeeds, otherwise the kernel
822 * will not allow unprivileged parents kill their privileged
823 * children this way. We rely on the control groups kill logic
5b6319dc
LP		 824 * to do the rest for us. */
825 if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
826 goto child_finish;
827
828 /* Check if our parent process might already have
829 * died? */
830 if (getppid() == parent_pid) {
3dead8d9
LP		 831 for (;;) {
832 if (sigwait(&ss, &sig) < 0) {
833 if (errno == EINTR)
834 continue;
835
836 goto child_finish;
837 }
5b6319dc 838
3dead8d9
LP		 839 assert(sig == SIGTERM);
840 break;
841 }
5b6319dc
LP		 842 }
843
3dead8d9 844 /* If our parent died we'll end the session */
5b6319dc
LP		 845 if (getppid() != parent_pid)
846 if ((pam_code = pam_close_session(handle, PAM_DATA_SILENT)) != PAM_SUCCESS)
847 goto child_finish;
848
849 r = 0;
850
851 child_finish:
852 pam_end(handle, pam_code | PAM_DATA_SILENT);
853 _exit(r);
854 }
855
856 /* If the child was forked off successfully it will do all the
857 * cleanups, so forget about the handle here. */
858 handle = NULL;
859
3b8bddde 860 /* Unblock SIGTERM again in the parent */
5b6319dc
LP		 861 if (sigprocmask(SIG_SETMASK, &old_ss, NULL) < 0)
862 goto fail;
863
864 /* We close the log explicitly here, since the PAM modules
865 * might have opened it, but we don't want this fd around. */
866 closelog();
867
aa87e624
LP		 868 *pam_env = e;
869 e = NULL;
870
5b6319dc
LP		 871 return 0;
872
873fail:
9ba35398
MS		 874 if (pam_code != PAM_SUCCESS)
875 err = -EPERM; /* PAM errors do not map to errno */
876 else
877 err = -errno;
878
5b6319dc
LP		 879 if (handle) {
880 if (close_session)
881 pam_code = pam_close_session(handle, PAM_DATA_SILENT);
882
883 pam_end(handle, pam_code | PAM_DATA_SILENT);
884 }
885
886 strv_free(e);
887
888 closelog();
889
430c18ed 890 if (pam_pid > 1) {
5b6319dc 891 kill(pam_pid, SIGTERM);
430c18ed
LP		 892 kill(pam_pid, SIGCONT);
893 }
5b6319dc 894
9ba35398 895 return err;
5b6319dc
LP		 896}
897#endif
898
5d6b1584
LP		 899static void rename_process_from_path(const char *path) {
900 char process_name[11];
901 const char *p;
902 size_t l;
903
904 /* This resulting string must fit in 10 chars (i.e. the length
905 * of "/sbin/init") to look pretty in /bin/ps */
906
9eb977db 907 p = path_get_file_name(path);
5d6b1584
LP		 908 if (isempty(p)) {
909 rename_process("(...)");
910 return;
911 }
912
913 l = strlen(p);
914 if (l > 8) {
915 /* The end of the process name is usually more
916 * interesting, since the first bit might just be
917 * "systemd-" */
918 p = p + l - 8;
919 l = 8;
920 }
921
922 process_name[0] = '(';
923 memcpy(process_name+1, p, l);
924 process_name[1+l] = ')';
925 process_name[1+l+1] = 0;
926
927 rename_process(process_name);
928}
929
8351ceae
LP		 930static int apply_seccomp(uint32_t *syscall_filter) {
931 static const struct sock_filter header[] = {
932 VALIDATE_ARCHITECTURE,
933 EXAMINE_SYSCALL
934 };
935 static const struct sock_filter footer[] = {
936 _KILL_PROCESS
937 };
938
939 int i;
940 unsigned n;
941 struct sock_filter *f;
b92bea5d 942 struct sock_fprog prog = {};
8351ceae
LP		 943
944 assert(syscall_filter);
945
946 /* First: count the syscalls to check for */
947 for (i = 0, n = 0; i < syscall_max(); i++)
948 if (syscall_filter[i >> 4] & (1 << (i & 31)))
949 n++;
950
951 /* Second: build the filter program from a header the syscall
952 * matches and the footer */
953 f = alloca(sizeof(struct sock_filter) * (ELEMENTSOF(header) + 2*n + ELEMENTSOF(footer)));
954 memcpy(f, header, sizeof(header));
955
956 for (i = 0, n = 0; i < syscall_max(); i++)
957 if (syscall_filter[i >> 4] & (1 << (i & 31))) {
958 struct sock_filter item[] = {
843fc7f7 959 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, INDEX_TO_SYSCALL(i), 0, 1),
8351ceae
LP		 960 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
961 };
962
963 assert_cc(ELEMENTSOF(item) == 2);
964
965 f[ELEMENTSOF(header) + 2*n] = item[0];
966 f[ELEMENTSOF(header) + 2*n+1] = item[1];
967
968 n++;
969 }
970
971 memcpy(f + (ELEMENTSOF(header) + 2*n), footer, sizeof(footer));
972
973 /* Third: install the filter */
8351ceae
LP		 974 prog.len = ELEMENTSOF(header) + ELEMENTSOF(footer) + 2*n;
975 prog.filter = f;
976 if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog) < 0)
977 return -errno;
978
979 return 0;
980}
981
31a7eb86
ZJS		 982static void do_idle_pipe_dance(int idle_pipe[4]) {
983 assert(idle_pipe);
984
985 if (idle_pipe[1] >= 0)
986 close_nointr_nofail(idle_pipe[1]);
987 if (idle_pipe[2] >= 0)
988 close_nointr_nofail(idle_pipe[2]);
989
990 if (idle_pipe[0] >= 0) {
991 int r;
992
993 r = fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT_USEC);
994
995 if (idle_pipe[3] >= 0 && r == 0 /* timeout */) {
996 /* Signal systemd that we are bored and want to continue. */
997 write(idle_pipe[3], "x", 1);
998
999 /* Wait for systemd to react to the signal above. */
1000 fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT2_USEC);
1001 }
1002
1003 close_nointr_nofail(idle_pipe[0]);
1004
1005 }
1006
1007 if (idle_pipe[3] >= 0)
1008 close_nointr_nofail(idle_pipe[3]);
1009}
1010
9fb86720 1011int exec_spawn(ExecCommand *command,
9e2f7c11 1012 char **argv,
c17ec25e 1013 ExecContext *context,
c2748801 1014 int fds[], unsigned n_fds,
1137a57c 1015 char **environment,
81a2b7ce
LP		 1016 bool apply_permissions,
1017 bool apply_chroot,
1e3ad081 1018 bool apply_tty_stdin,
80876c20 1019 bool confirm_spawn,
4ad49000
LP		 1020 CGroupControllerMask cgroup_mask,
1021 const char *cgroup_path,
62bca2c6 1022 const char *unit_id,
31a7eb86 1023 int idle_pipe[4],
81a2b7ce
LP		 1024 pid_t *ret) {
1025
4ad49000
LP		 1026 _cleanup_strv_free_ char **files_env = NULL;
1027 int socket_fd;
1028 char *line;
034c6ed7 1029 pid_t pid;
8e274523 1030 int r;
034c6ed7 1031
5cb5a6ff
LP		 1032 assert(command);
1033 assert(context);
1034 assert(ret);
034c6ed7
LP		 1035 assert(fds || n_fds <= 0);
1036
4f2d528d
LP		 1037 if (context->std_input == EXEC_INPUT_SOCKET ||
1038 context->std_output == EXEC_OUTPUT_SOCKET ||
1039 context->std_error == EXEC_OUTPUT_SOCKET) {
1040
1041 if (n_fds != 1)
1042 return -EINVAL;
1043
1044 socket_fd = fds[0];
1045
1046 fds = NULL;
1047 n_fds = 0;
1048 } else
1049 socket_fd = -1;
1050
b66871da
ZJS		 1051 r = exec_context_load_environment(context, &files_env);
1052 if (r < 0) {
bbc9006e
MT		 1053 log_struct_unit(LOG_ERR,
1054 unit_id,
23635a85
ZJS		 1055 "MESSAGE=Failed to load environment files: %s", strerror(-r),
1056 "ERRNO=%d", -r,
1057 NULL);
8c7be95e
LP		 1058 return r;
1059 }
1060
9e2f7c11
LP		 1061 if (!argv)
1062 argv = command->argv;
1063
af6da548 1064 line = exec_command_line(argv);
b66871da
ZJS		 1065 if (!line)
1066 return log_oom();
1a63a750 1067
bbc9006e 1068 log_struct_unit(LOG_DEBUG,
099a804b
LP		 1069 unit_id,
1070 "EXECUTABLE=%s", command->path,
1071 "MESSAGE=About to execute: %s", line,
1072 NULL);
1a63a750 1073 free(line);
acbb0225 1074
c17ec25e
MS		 1075 if (context->private_tmp && !context->tmp_dir && !context->var_tmp_dir) {
1076 r = setup_tmpdirs(&context->tmp_dir, &context->var_tmp_dir);
1077 if (r < 0)
1078 return r;
1079 }
1080
b66871da
ZJS		 1081 pid = fork();
1082 if (pid < 0)
1083 return -errno;
034c6ed7
LP		 1084
1085 if (pid == 0) {
4c2630eb 1086 int i, err;
309bff19 1087 sigset_t ss;
81a2b7ce
LP		 1088 const char *username = NULL, *home = NULL;
1089 uid_t uid = (uid_t) -1;
1090 gid_t gid = (gid_t) -1;
7fd1b19b 1091 _cleanup_strv_free_ char **our_env = NULL, **pam_env = NULL,
b66871da 1092 **final_env = NULL, **final_argv = NULL;
81a2b7ce 1093 unsigned n_env = 0;
309bff19 1094
034c6ed7 1095 /* child */
5cb5a6ff 1096
5d6b1584 1097 rename_process_from_path(command->path);
5b6319dc 1098
1b91d3e8
LP		 1099 /* We reset exactly these signals, since they are the
1100 * only ones we set to SIG_IGN in the main daemon. All
1101 * others we leave untouched because we set them to
1102 * SIG_DFL or a valid handler initially, both of which
1103 * will be demoted to SIG_DFL. */
1104 default_signals(SIGNALS_CRASH_HANDLER,
9a34ec5f 1105 SIGNALS_IGNORE, -1);
7b683879 1106
353e12c2
LP		 1107 if (context->ignore_sigpipe)
1108 ignore_signals(SIGPIPE, -1);
1109
1110 assert_se(sigemptyset(&ss) == 0);
1111 if (sigprocmask(SIG_SETMASK, &ss, NULL) < 0) {
4c2630eb 1112 err = -errno;
309bff19 1113 r = EXIT_SIGNAL_MASK;
8c7be95e 1114 goto fail_child;
309bff19
LP		 1115 }
1116
31a7eb86
ZJS		 1117 if (idle_pipe)
1118 do_idle_pipe_dance(idle_pipe);
f2b68789 1119
85d73053
LP		 1120 /* Close sockets very early to make sure we don't
1121 * block init reexecution because it cannot bind its
1122 * sockets */
4d8a7798 1123 log_forget_fds();
4c2630eb
MS		 1124 err = close_all_fds(socket_fd >= 0 ? &socket_fd : fds,
1125 socket_fd >= 0 ? 1 : n_fds);
1126 if (err < 0) {
fc9b2a84 1127 r = EXIT_FDS;
8c7be95e 1128 goto fail_child;
fc9b2a84
LP		 1129 }
1130
74922904 1131 if (!context->same_pgrp)
8d567588 1132 if (setsid() < 0) {
4c2630eb 1133 err = -errno;
8d567588 1134 r = EXIT_SETSID;
8c7be95e 1135 goto fail_child;
8d567588 1136 }
80876c20 1137
c5da34ef
LP		 1138 if (context->tcpwrap_name) {
1139 if (socket_fd >= 0)
1140 if (!socket_tcpwrap(socket_fd, context->tcpwrap_name)) {
4c2630eb 1141 err = -EACCES;
c5da34ef 1142 r = EXIT_TCPWRAP;
8c7be95e 1143 goto fail_child;
c5da34ef
LP		 1144 }
1145
1146 for (i = 0; i < (int) n_fds; i++) {
1147 if (!socket_tcpwrap(fds[i], context->tcpwrap_name)) {
4c2630eb 1148 err = -EACCES;
c5da34ef 1149 r = EXIT_TCPWRAP;
8c7be95e 1150 goto fail_child;
c5da34ef 1151 }
df1f0afe 1152 }
c5da34ef 1153 }
df1f0afe 1154
6ea832a2
LP		 1155 exec_context_tty_reset(context);
1156
af6da548 1157 if (confirm_spawn) {
80876c20
LP		 1158 char response;
1159
af6da548
LP		 1160 err = ask_for_confirmation(&response, argv);
1161 if (err == -ETIMEDOUT)
1162 write_confirm_message("Confirmation question timed out, assuming positive response.\n");
1163 else if (err < 0)
1164 write_confirm_message("Couldn't ask confirmation question, assuming positive response: %s\n", strerror(-err));
1165 else if (response == 's') {
1166 write_confirm_message("Skipping execution.\n");
4c2630eb 1167 err = -ECANCELED;
80876c20 1168 r = EXIT_CONFIRM;
8c7be95e 1169 goto fail_child;
af6da548
LP		 1170 } else if (response == 'n') {
1171 write_confirm_message("Failing execution.\n");
4c2630eb 1172 err = r = 0;
8c7be95e 1173 goto fail_child;
ee2b4894 1174 }
034c6ed7
LP		 1175 }
1176
da726a4d
LP		 1177 /* If a socket is connected to STDIN/STDOUT/STDERR, we
1178 * must sure to drop O_NONBLOCK */
1179 if (socket_fd >= 0)
1180 fd_nonblock(socket_fd, false);
1181
af6da548
LP		 1182 err = setup_input(context, socket_fd, apply_tty_stdin);
1183 if (err < 0) {
1184 r = EXIT_STDIN;
1185 goto fail_child;
4c2630eb 1186 }
9eba9da4 1187
eb17e935 1188 err = setup_output(context, STDOUT_FILENO, socket_fd, path_get_file_name(command->path), unit_id, apply_tty_stdin);
af6da548
LP		 1189 if (err < 0) {
1190 r = EXIT_STDOUT;
1191 goto fail_child;
4c2630eb 1192 }
94f04347 1193
eb17e935 1194 err = setup_output(context, STDERR_FILENO, socket_fd, path_get_file_name(command->path), unit_id, apply_tty_stdin);
4c2630eb 1195 if (err < 0) {
80876c20 1196 r = EXIT_STDERR;
8c7be95e 1197 goto fail_child;
071830ff
LP		 1198 }
1199
4ad49000
LP		 1200 if (cgroup_path) {
1201 err = cg_attach_with_mask(cgroup_mask, cgroup_path, 0);
4c2630eb 1202 if (err < 0) {
8e274523 1203 r = EXIT_CGROUP;
8c7be95e 1204 goto fail_child;
8e274523 1205 }
4c2630eb 1206 }
8e274523 1207
dd6c17b1 1208 if (context->oom_score_adjust_set) {
fb33a393 1209 char t[16];
034c6ed7 1210
dd6c17b1 1211 snprintf(t, sizeof(t), "%i", context->oom_score_adjust);
fb33a393 1212 char_array_0(t);
034c6ed7 1213
574d5f2d 1214 if (write_string_file("/proc/self/oom_score_adj", t) < 0) {
8600c525
KS		 1215 err = -errno;
1216 r = EXIT_OOM_ADJUST;
1217 goto fail_child;
fb33a393 1218 }
034c6ed7
LP		 1219 }
1220
fb33a393
LP		 1221 if (context->nice_set)
1222 if (setpriority(PRIO_PROCESS, 0, context->nice) < 0) {
4c2630eb 1223 err = -errno;
fb33a393 1224 r = EXIT_NICE;
8c7be95e 1225 goto fail_child;
fb33a393
LP		 1226 }
1227
94f04347 1228 if (context->cpu_sched_set) {
b92bea5d
ZJS		 1229 struct sched_param param = {
1230 .sched_priority = context->cpu_sched_priority,
1231 };
94f04347 1232
e62d8c39
ZJS		 1233 r = sched_setscheduler(0,
1234 context->cpu_sched_policy |
1235 (context->cpu_sched_reset_on_fork ?
1236 SCHED_RESET_ON_FORK : 0),
1237 &param);
1238 if (r < 0) {
4c2630eb 1239 err = -errno;
94f04347 1240 r = EXIT_SETSCHEDULER;
8c7be95e 1241 goto fail_child;
94f04347
LP		 1242 }
1243 }
1244
82c121a4
LP		 1245 if (context->cpuset)
1246 if (sched_setaffinity(0, CPU_ALLOC_SIZE(context->cpuset_ncpus), context->cpuset) < 0) {
4c2630eb 1247 err = -errno;
94f04347 1248 r = EXIT_CPUAFFINITY;
8c7be95e 1249 goto fail_child;
94f04347
LP		 1250 }
1251
9eba9da4
LP		 1252 if (context->ioprio_set)
1253 if (ioprio_set(IOPRIO_WHO_PROCESS, 0, context->ioprio) < 0) {
4c2630eb 1254 err = -errno;
9eba9da4 1255 r = EXIT_IOPRIO;
8c7be95e 1256 goto fail_child;
9eba9da4
LP		 1257 }
1258
d88a251b 1259 if (context->timer_slack_nsec != (nsec_t) -1)
03fae018 1260 if (prctl(PR_SET_TIMERSLACK, context->timer_slack_nsec) < 0) {
4c2630eb 1261 err = -errno;
94f04347 1262 r = EXIT_TIMERSLACK;
8c7be95e 1263 goto fail_child;
94f04347
LP		 1264 }
1265
169c1bda 1266 if (context->utmp_id)
0ad26e09 1267 utmp_put_init_process(context->utmp_id, getpid(), getsid(0), context->tty_path);
169c1bda 1268
81a2b7ce
LP		 1269 if (context->user) {
1270 username = context->user;
d05c5031 1271 err = get_user_creds(&username, &uid, &gid, &home, NULL);
4c2630eb 1272 if (err < 0) {
81a2b7ce 1273 r = EXIT_USER;
8c7be95e 1274 goto fail_child;
81a2b7ce 1275 }
d8b4e2e9 1276
4c2630eb
MS		 1277 if (is_terminal_input(context->std_input)) {
1278 err = chown_terminal(STDIN_FILENO, uid);
1279 if (err < 0) {
d8b4e2e9 1280 r = EXIT_STDIN;
8c7be95e 1281 goto fail_child;
d8b4e2e9 1282 }
4c2630eb 1283 }
81a2b7ce
LP		 1284 }
1285
8aa75193
LP		 1286#ifdef HAVE_PAM
1287 if (cgroup_path && context->user && context->pam_name) {
1288 err = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0644, uid, gid);
1289 if (err < 0) {
1290 r = EXIT_CGROUP;
1291 goto fail_child;
1292 }
1293
1294
1295 err = cg_set_group_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0755, uid, gid);
1296 if (err < 0) {
1297 r = EXIT_CGROUP;
1298 goto fail_child;
1299 }
1300 }
1301#endif
1302
4c2630eb
MS		 1303 if (apply_permissions) {
1304 err = enforce_groups(context, username, gid);
1305 if (err < 0) {
3b8bddde
LP		 1306 r = EXIT_GROUP;
1307 goto fail_child;
1308 }
4c2630eb 1309 }
3b8bddde
LP		 1310
1311 umask(context->umask);
1312
5b6319dc 1313#ifdef HAVE_PAM
b7848021 1314 if (apply_permissions && context->pam_name && username) {
940c5210 1315 err = setup_pam(context->pam_name, username, uid, context->tty_path, &pam_env, fds, n_fds);
4c2630eb 1316 if (err < 0) {
5b6319dc 1317 r = EXIT_PAM;
8c7be95e 1318 goto fail_child;
5b6319dc
LP		 1319 }
1320 }
1321#endif
ff01d048
LP		 1322 if (context->private_network) {
1323 if (unshare(CLONE_NEWNET) < 0) {
4c2630eb 1324 err = -errno;
ff01d048
LP		 1325 r = EXIT_NETWORK;
1326 goto fail_child;
1327 }
1328
1329 loopback_setup();
1330 }
5b6319dc 1331
04aa0cb9
LP		 1332 if (strv_length(context->read_write_dirs) > 0 ||
1333 strv_length(context->read_only_dirs) > 0 ||
1334 strv_length(context->inaccessible_dirs) > 0 ||
ac0930c8 1335 context->mount_flags != 0 ||
4c2630eb
MS		 1336 context->private_tmp) {
1337 err = setup_namespace(context->read_write_dirs,
1338 context->read_only_dirs,
1339 context->inaccessible_dirs,
c17ec25e
MS		 1340 context->tmp_dir,
1341 context->var_tmp_dir,
4c2630eb
MS		 1342 context->private_tmp,
1343 context->mount_flags);
1344 if (err < 0) {
1345 r = EXIT_NAMESPACE;
8c7be95e 1346 goto fail_child;
4c2630eb
MS		 1347 }
1348 }
04aa0cb9 1349
81a2b7ce
LP		 1350 if (apply_chroot) {
1351 if (context->root_directory)
1352 if (chroot(context->root_directory) < 0) {
4c2630eb 1353 err = -errno;
81a2b7ce 1354 r = EXIT_CHROOT;
8c7be95e 1355 goto fail_child;
81a2b7ce
LP		 1356 }
1357
1358 if (chdir(context->working_directory ? context->working_directory : "/") < 0) {
4c2630eb 1359 err = -errno;
81a2b7ce 1360 r = EXIT_CHDIR;
8c7be95e 1361 goto fail_child;
81a2b7ce
LP		 1362 }
1363 } else {
7fd1b19b 1364 _cleanup_free_ char *d = NULL;
81a2b7ce
LP		 1365
1366 if (asprintf(&d, "%s/%s",
1367 context->root_directory ? context->root_directory : "",
1368 context->working_directory ? context->working_directory : "") < 0) {
4c2630eb 1369 err = -ENOMEM;
81a2b7ce 1370 r = EXIT_MEMORY;
8c7be95e 1371 goto fail_child;
81a2b7ce
LP		 1372 }
1373
1374 if (chdir(d) < 0) {
4c2630eb 1375 err = -errno;
81a2b7ce 1376 r = EXIT_CHDIR;
8c7be95e 1377 goto fail_child;
81a2b7ce 1378 }
81a2b7ce
LP		 1379 }
1380
fc9b2a84
LP		 1381 /* We repeat the fd closing here, to make sure that
1382 * nothing is leaked from the PAM modules */
4c2630eb
MS		 1383 err = close_all_fds(fds, n_fds);
1384 if (err >= 0)
1385 err = shift_fds(fds, n_fds);
1386 if (err >= 0)
1387 err = flags_fds(fds, n_fds, context->non_blocking);
1388 if (err < 0) {
034c6ed7 1389 r = EXIT_FDS;
8c7be95e 1390 goto fail_child;
034c6ed7
LP		 1391 }
1392
81a2b7ce 1393 if (apply_permissions) {
034c6ed7 1394
81a2b7ce
LP		 1395 for (i = 0; i < RLIMIT_NLIMITS; i++) {
1396 if (!context->rlimit[i])
1397 continue;
1398
68faf98c 1399 if (setrlimit_closest(i, context->rlimit[i]) < 0) {
4c2630eb 1400 err = -errno;
81a2b7ce 1401 r = EXIT_LIMITS;
8c7be95e 1402 goto fail_child;
81a2b7ce 1403 }
034c6ed7 1404 }
034c6ed7 1405
4c2630eb 1406 if (context->capability_bounding_set_drop) {
ec8927ca 1407 err = capability_bounding_set_drop(context->capability_bounding_set_drop, false);
4c2630eb 1408 if (err < 0) {
73090dc8
LP		 1409 r = EXIT_CAPABILITIES;
1410 goto fail_child;
1411 }
4c2630eb 1412 }
260abb78 1413
4c2630eb
MS		 1414 if (context->user) {
1415 err = enforce_user(context, uid);
1416 if (err < 0) {
81a2b7ce 1417 r = EXIT_USER;
8c7be95e 1418 goto fail_child;
81a2b7ce 1419 }
4c2630eb 1420 }
81a2b7ce 1421
35b8ca3a 1422 /* PR_GET_SECUREBITS is not privileged, while
693ced48
LP		 1423 * PR_SET_SECUREBITS is. So to suppress
1424 * potential EPERMs we'll try not to call
1425 * PR_SET_SECUREBITS unless necessary. */
1426 if (prctl(PR_GET_SECUREBITS) != context->secure_bits)
1427 if (prctl(PR_SET_SECUREBITS, context->secure_bits) < 0) {
4c2630eb 1428 err = -errno;
693ced48 1429 r = EXIT_SECUREBITS;
8c7be95e 1430 goto fail_child;
693ced48 1431 }
81a2b7ce
LP		 1432
1433 if (context->capabilities)
1434 if (cap_set_proc(context->capabilities) < 0) {
4c2630eb 1435 err = -errno;
81a2b7ce 1436 r = EXIT_CAPABILITIES;
8c7be95e 1437 goto fail_child;
81a2b7ce 1438 }
8351ceae
LP		 1439
1440 if (context->no_new_privileges)
1441 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
1442 err = -errno;
1443 r = EXIT_NO_NEW_PRIVILEGES;
1444 goto fail_child;
1445 }
1446
1447 if (context->syscall_filter) {
1448 err = apply_seccomp(context->syscall_filter);
1449 if (err < 0) {
1450 r = EXIT_SECCOMP;
1451 goto fail_child;
1452 }
1453 }
94f04347
LP		 1454 }
1455
e62d8c39
ZJS		 1456 our_env = new0(char*, 7);
1457 if (!our_env) {
4c2630eb 1458 err = -ENOMEM;
81a2b7ce 1459 r = EXIT_MEMORY;
8c7be95e 1460 goto fail_child;
81a2b7ce 1461 }
034c6ed7 1462
81a2b7ce 1463 if (n_fds > 0)
bb00e604 1464 if (asprintf(our_env + n_env++, "LISTEN_PID=%lu", (unsigned long) getpid()) < 0 ||
81a2b7ce 1465 asprintf(our_env + n_env++, "LISTEN_FDS=%u", n_fds) < 0) {
4c2630eb 1466 err = -ENOMEM;
81a2b7ce 1467 r = EXIT_MEMORY;
8c7be95e 1468 goto fail_child;
81a2b7ce 1469 }
034c6ed7 1470
81a2b7ce
LP		 1471 if (home)
1472 if (asprintf(our_env + n_env++, "HOME=%s", home) < 0) {
4c2630eb 1473 err = -ENOMEM;
81a2b7ce 1474 r = EXIT_MEMORY;
8c7be95e 1475 goto fail_child;
81a2b7ce 1476 }
034c6ed7 1477
81a2b7ce
LP		 1478 if (username)
1479 if (asprintf(our_env + n_env++, "LOGNAME=%s", username) < 0 ||
1480 asprintf(our_env + n_env++, "USER=%s", username) < 0) {
4c2630eb 1481 err = -ENOMEM;
81a2b7ce 1482 r = EXIT_MEMORY;
8c7be95e 1483 goto fail_child;
81a2b7ce 1484 }
034c6ed7 1485
e3aa71c3
LP		 1486 if (is_terminal_input(context->std_input) ||
1487 context->std_output == EXEC_OUTPUT_TTY ||
1488 context->std_error == EXEC_OUTPUT_TTY)
1489 if (!(our_env[n_env++] = strdup(default_term_for_tty(tty_path(context))))) {
4c2630eb 1490 err = -ENOMEM;
e3aa71c3 1491 r = EXIT_MEMORY;
8c7be95e 1492 goto fail_child;
e3aa71c3
LP		 1493 }
1494
1495 assert(n_env <= 7);
4e85aff4 1496
e62d8c39
ZJS		 1497 final_env = strv_env_merge(5,
1498 environment,
1499 our_env,
1500 context->environment,
1501 files_env,
1502 pam_env,
1503 NULL);
1504 if (!final_env) {
4c2630eb 1505 err = -ENOMEM;
81a2b7ce 1506 r = EXIT_MEMORY;
8c7be95e 1507 goto fail_child;
81a2b7ce 1508 }
034c6ed7 1509
e62d8c39
ZJS		 1510 final_argv = replace_env_argv(argv, final_env);
1511 if (!final_argv) {
4c2630eb 1512 err = -ENOMEM;
fab56fc5 1513 r = EXIT_MEMORY;
8c7be95e 1514 goto fail_child;
fab56fc5
LP		 1515 }
1516
a6ff950e
LP		 1517 final_env = strv_env_clean(final_env);
1518
03bb799e
HH		 1519 if (_unlikely_(log_get_max_level() >= LOG_PRI(LOG_DEBUG))) {
1520 line = exec_command_line(final_argv);
1521 if (line) {
1522 log_open();
1523 log_struct_unit(LOG_DEBUG,
1524 unit_id,
1525 "EXECUTABLE=%s", command->path,
099a804b
LP		 1526 "MESSAGE=Executing: %s", line,
1527 NULL);
03bb799e
HH		 1528 log_close();
1529 free(line);
1530 line = NULL;
1531 }
1532 }
fab56fc5 1533 execve(command->path, final_argv, final_env);
4c2630eb 1534 err = -errno;
034c6ed7
LP		 1535 r = EXIT_EXEC;
1536
8c7be95e 1537 fail_child:
4c2630eb
MS		 1538 if (r != 0) {
1539 log_open();
23635a85
ZJS		 1540 log_struct(LOG_ERR, MESSAGE_ID(SD_MESSAGE_SPAWN_FAILED),
1541 "EXECUTABLE=%s", command->path,
1542 "MESSAGE=Failed at step %s spawning %s: %s",
1543 exit_status_to_string(r, EXIT_STATUS_SYSTEMD),
1544 command->path, strerror(-err),
1545 "ERRNO=%d", -err,
1546 NULL);
1547 log_close();
4c2630eb
MS		 1548 }
1549
034c6ed7
LP		 1550 _exit(r);
1551 }
1552
bbc9006e 1553 log_struct_unit(LOG_DEBUG,
e62d8c39
ZJS		 1554 unit_id,
1555 "MESSAGE=Forked %s as %lu",
1556 command->path, (unsigned long) pid,
1557 NULL);
23635a85 1558
80876c20
LP		 1559 /* We add the new process to the cgroup both in the child (so
1560 * that we can be sure that no user code is ever executed
1561 * outside of the cgroup) and in the parent (so that we can be
1562 * sure that when we kill the cgroup the process will be
1563 * killed too). */
4ad49000
LP		 1564 if (cgroup_path)
1565 cg_attach(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, pid);
2da3263a 1566
b58b4116 1567 exec_status_start(&command->exec_status, pid);
9fb86720 1568
034c6ed7 1569 *ret = pid;
5cb5a6ff
LP		 1570 return 0;
1571}
1572
034c6ed7
LP		 1573void exec_context_init(ExecContext *c) {
1574 assert(c);
1575
4c12626c 1576 c->umask = 0022;
9eba9da4 1577 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
94f04347 1578 c->cpu_sched_policy = SCHED_OTHER;
071830ff 1579 c->syslog_priority = LOG_DAEMON|LOG_INFO;
74922904 1580 c->syslog_level_prefix = true;
353e12c2 1581 c->ignore_sigpipe = true;
d88a251b 1582 c->timer_slack_nsec = (nsec_t) -1;
034c6ed7
LP		 1583}
1584
f485606b
ZJS		 1585static void *remove_tmpdir_thread(void *p) {
1586 int r;
1587 _cleanup_free_ char *dirp = p;
1588 char *dir;
1589
1590 assert(dirp);
1591
1592 r = rm_rf_dangerous(dirp, false, true, false);
1593 dir = dirname(dirp);
1594 if (r < 0)
1595 log_warning("Failed to remove content of temporary directory %s: %s",
1596 dir, strerror(-r));
1597 else {
1598 r = rmdir(dir);
1599 if (r < 0)
1600 log_warning("Failed to remove temporary directory %s: %s",
1601 dir, strerror(-r));
1602 }
1603
1604 return NULL;
1605}
1606
c17ec25e 1607void exec_context_tmp_dirs_done(ExecContext *c) {
d34cd374
ZJS		 1608 char* dirs[] = {c->tmp_dir ? c->tmp_dir : c->var_tmp_dir,
1609 c->tmp_dir ? c->var_tmp_dir : NULL,
1610 NULL};
1611 char **dirp;
c17ec25e 1612
d34cd374 1613 for(dirp = dirs; *dirp; dirp++) {
f485606b
ZJS		 1614 log_debug("Spawning thread to nuke %s", *dirp);
1615 asynchronous_job(remove_tmpdir_thread, *dirp);
c17ec25e 1616 }
d34cd374
ZJS		 1617
1618 c->tmp_dir = c->var_tmp_dir = NULL;
c17ec25e
MS		 1619}
1620
1621void exec_context_done(ExecContext *c, bool reloading_or_reexecuting) {
5cb5a6ff
LP		 1622 unsigned l;
1623
1624 assert(c);
1625
1626 strv_free(c->environment);
034c6ed7 1627 c->environment = NULL;
5cb5a6ff 1628
8c7be95e
LP		 1629 strv_free(c->environment_files);
1630 c->environment_files = NULL;
1631
034c6ed7 1632 for (l = 0; l < ELEMENTSOF(c->rlimit); l++) {
5cb5a6ff 1633 free(c->rlimit[l]);
034c6ed7
LP		 1634 c->rlimit[l] = NULL;
1635 }
1636
9eba9da4
LP		 1637 free(c->working_directory);
1638 c->working_directory = NULL;
1639 free(c->root_directory);
1640 c->root_directory = NULL;
5cb5a6ff 1641
80876c20
LP		 1642 free(c->tty_path);
1643 c->tty_path = NULL;
1644
df1f0afe
LP		 1645 free(c->tcpwrap_name);
1646 c->tcpwrap_name = NULL;
1647
071830ff
LP		 1648 free(c->syslog_identifier);
1649 c->syslog_identifier = NULL;
1650
5cb5a6ff 1651 free(c->user);
034c6ed7
LP		 1652 c->user = NULL;
1653
5cb5a6ff 1654 free(c->group);
034c6ed7
LP		 1655 c->group = NULL;
1656
1657 strv_free(c->supplementary_groups);
1658 c->supplementary_groups = NULL;
94f04347 1659
5b6319dc
LP		 1660 free(c->pam_name);
1661 c->pam_name = NULL;
1662
94f04347
LP		 1663 if (c->capabilities) {
1664 cap_free(c->capabilities);
1665 c->capabilities = NULL;
1666 }
15ae422b
LP		 1667
1668 strv_free(c->read_only_dirs);
1669 c->read_only_dirs = NULL;
1670
1671 strv_free(c->read_write_dirs);
1672 c->read_write_dirs = NULL;
1673
1674 strv_free(c->inaccessible_dirs);
1675 c->inaccessible_dirs = NULL;
82c121a4
LP		 1676
1677 if (c->cpuset)
1678 CPU_FREE(c->cpuset);
86a3475b
LP		 1679
1680 free(c->utmp_id);
1681 c->utmp_id = NULL;
b9a0e010
LP		 1682
1683 free(c->syscall_filter);
1684 c->syscall_filter = NULL;
c17ec25e
MS		 1685
1686 if (!reloading_or_reexecuting)
1687 exec_context_tmp_dirs_done(c);
5cb5a6ff
LP		 1688}
1689
43d0fcbd
LP		 1690void exec_command_done(ExecCommand *c) {
1691 assert(c);
1692
1693 free(c->path);
1694 c->path = NULL;
1695
1696 strv_free(c->argv);
1697 c->argv = NULL;
1698}
1699
1700void exec_command_done_array(ExecCommand *c, unsigned n) {
1701 unsigned i;
1702
1703 for (i = 0; i < n; i++)
1704 exec_command_done(c+i);
1705}
1706
5cb5a6ff
LP		 1707void exec_command_free_list(ExecCommand *c) {
1708 ExecCommand *i;
1709
1710 while ((i = c)) {
034c6ed7 1711 LIST_REMOVE(ExecCommand, command, c, i);
43d0fcbd 1712 exec_command_done(i);
5cb5a6ff
LP		 1713 free(i);
1714 }
1715}
1716
034c6ed7
LP		 1717void exec_command_free_array(ExecCommand **c, unsigned n) {
1718 unsigned i;
1719
1720 for (i = 0; i < n; i++) {
1721 exec_command_free_list(c[i]);
1722 c[i] = NULL;
1723 }
1724}
1725
8c7be95e
LP		 1726int exec_context_load_environment(const ExecContext *c, char ***l) {
1727 char **i, **r = NULL;
1728
1729 assert(c);
1730 assert(l);
1731
1732 STRV_FOREACH(i, c->environment_files) {
1733 char *fn;
1734 int k;
1735 bool ignore = false;
1736 char **p;
7fd1b19b 1737 _cleanup_globfree_ glob_t pglob = {};
2bef10ab 1738 int count, n;
8c7be95e
LP		 1739
1740 fn = *i;
1741
1742 if (fn[0] == '-') {
1743 ignore = true;
1744 fn ++;
1745 }
1746
1747 if (!path_is_absolute(fn)) {
8c7be95e
LP		 1748 if (ignore)
1749 continue;
1750
1751 strv_free(r);
1752 return -EINVAL;
1753 }
1754
2bef10ab 1755 /* Filename supports globbing, take all matching files */
2bef10ab
PL		 1756 errno = 0;
1757 if (glob(fn, 0, NULL, &pglob) != 0) {
2bef10ab
PL		 1758 if (ignore)
1759 continue;
8c7be95e 1760
2bef10ab
PL		 1761 strv_free(r);
1762 return errno ? -errno : -EINVAL;
1763 }
1764 count = pglob.gl_pathc;
1765 if (count == 0) {
8c7be95e
LP		 1766 if (ignore)
1767 continue;
1768
1769 strv_free(r);
2bef10ab 1770 return -EINVAL;
8c7be95e 1771 }
2bef10ab 1772 for (n = 0; n < count; n++) {
f73141d7 1773 k = load_env_file(pglob.gl_pathv[n], NULL, &p);
2bef10ab
PL		 1774 if (k < 0) {
1775 if (ignore)
1776 continue;
8c7be95e 1777
2bef10ab 1778 strv_free(r);
2bef10ab 1779 return k;
e9c1ea9d 1780 }
ebc05a09 1781 /* Log invalid environment variables with filename */
e9c1ea9d
JSJ		 1782 if (p)
1783 p = strv_env_clean_log(p, pglob.gl_pathv[n]);
8c7be95e 1784
2bef10ab
PL		 1785 if (r == NULL)
1786 r = p;
1787 else {
1788 char **m;
8c7be95e 1789
2bef10ab
PL		 1790 m = strv_env_merge(2, r, p);
1791 strv_free(r);
1792 strv_free(p);
c84a9488 1793 if (!m)
2bef10ab 1794 return -ENOMEM;
2bef10ab
PL		 1795
1796 r = m;
1797 }
8c7be95e
LP		 1798 }
1799 }
1800
1801 *l = r;
1802
1803 return 0;
1804}
1805
6ac8fdc9
MS		 1806static bool tty_may_match_dev_console(const char *tty) {
1807 char *active = NULL, *console;
1808 bool b;
1809
1810 if (startswith(tty, "/dev/"))
1811 tty += 5;
1812
1813 /* trivial identity? */
1814 if (streq(tty, "console"))
1815 return true;
1816
1817 console = resolve_dev_console(&active);
1818 /* if we could not resolve, assume it may */
1819 if (!console)
1820 return true;
1821
1822 /* "tty0" means the active VC, so it may be the same sometimes */
1823 b = streq(console, tty) || (streq(console, "tty0") && tty_is_vc(tty));
1824 free(active);
1825
1826 return b;
1827}
1828
1829bool exec_context_may_touch_console(ExecContext *ec) {
1830 return (ec->tty_reset || ec->tty_vhangup || ec->tty_vt_disallocate ||
1831 is_terminal_input(ec->std_input) ||
1832 is_terminal_output(ec->std_output) ||
1833 is_terminal_output(ec->std_error)) &&
1834 tty_may_match_dev_console(tty_path(ec));
1835}
1836
15ae422b
LP		 1837static void strv_fprintf(FILE *f, char **l) {
1838 char **g;
1839
1840 assert(f);
1841
1842 STRV_FOREACH(g, l)
1843 fprintf(f, " %s", *g);
1844}
1845
5cb5a6ff 1846void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
507f22bd 1847 char **e;
94f04347 1848 unsigned i;
9eba9da4 1849
5cb5a6ff
LP		 1850 assert(c);
1851 assert(f);
1852
4ad49000 1853 prefix = strempty(prefix);
5cb5a6ff
LP		 1854
1855 fprintf(f,
94f04347
LP		 1856 "%sUMask: %04o\n"
1857 "%sWorkingDirectory: %s\n"
451a074f 1858 "%sRootDirectory: %s\n"
15ae422b 1859 "%sNonBlocking: %s\n"
64747e2d 1860 "%sPrivateTmp: %s\n"
4819ff03
LP		 1861 "%sPrivateNetwork: %s\n"
1862 "%sIgnoreSIGPIPE: %s\n",
5cb5a6ff 1863 prefix, c->umask,
9eba9da4 1864 prefix, c->working_directory ? c->working_directory : "/",
451a074f 1865 prefix, c->root_directory ? c->root_directory : "/",
15ae422b 1866 prefix, yes_no(c->non_blocking),
64747e2d 1867 prefix, yes_no(c->private_tmp),
4819ff03
LP		 1868 prefix, yes_no(c->private_network),
1869 prefix, yes_no(c->ignore_sigpipe));
fb33a393 1870
8c7be95e
LP		 1871 STRV_FOREACH(e, c->environment)
1872 fprintf(f, "%sEnvironment: %s\n", prefix, *e);
1873
1874 STRV_FOREACH(e, c->environment_files)
1875 fprintf(f, "%sEnvironmentFile: %s\n", prefix, *e);
94f04347 1876
df1f0afe
LP		 1877 if (c->tcpwrap_name)
1878 fprintf(f,
1879 "%sTCPWrapName: %s\n",
1880 prefix, c->tcpwrap_name);
1881
fb33a393
LP		 1882 if (c->nice_set)
1883 fprintf(f,
1884 "%sNice: %i\n",
1885 prefix, c->nice);
1886
dd6c17b1 1887 if (c->oom_score_adjust_set)
fb33a393 1888 fprintf(f,
dd6c17b1
LP		 1889 "%sOOMScoreAdjust: %i\n",
1890 prefix, c->oom_score_adjust);
9eba9da4 1891
94f04347
LP		 1892 for (i = 0; i < RLIM_NLIMITS; i++)
1893 if (c->rlimit[i])
ea430986 1894 fprintf(f, "%s%s: %llu\n", prefix, rlimit_to_string(i), (unsigned long long) c->rlimit[i]->rlim_max);
94f04347 1895
f8b69d1d
MS		 1896 if (c->ioprio_set) {
1897 char *class_str;
1898 int r;
1899
1900 r = ioprio_class_to_string_alloc(IOPRIO_PRIO_CLASS(c->ioprio), &class_str);
1901 if (r < 0)
1902 class_str = NULL;
9eba9da4
LP		 1903 fprintf(f,
1904 "%sIOSchedulingClass: %s\n"
1905 "%sIOPriority: %i\n",
f8b69d1d 1906 prefix, strna(class_str),
9eba9da4 1907 prefix, (int) IOPRIO_PRIO_DATA(c->ioprio));
f8b69d1d
MS		 1908 free(class_str);
1909 }
94f04347 1910
f8b69d1d
MS		 1911 if (c->cpu_sched_set) {
1912 char *policy_str;
1913 int r;
1914
1915 r = sched_policy_to_string_alloc(c->cpu_sched_policy, &policy_str);
1916 if (r < 0)
1917 policy_str = NULL;
94f04347
LP		 1918 fprintf(f,
1919 "%sCPUSchedulingPolicy: %s\n"
38b48754
LP		 1920 "%sCPUSchedulingPriority: %i\n"
1921 "%sCPUSchedulingResetOnFork: %s\n",
f8b69d1d 1922 prefix, strna(policy_str),
38b48754
LP		 1923 prefix, c->cpu_sched_priority,
1924 prefix, yes_no(c->cpu_sched_reset_on_fork));
f8b69d1d 1925 free(policy_str);
b929bf04 1926 }
94f04347 1927
82c121a4 1928 if (c->cpuset) {
94f04347 1929 fprintf(f, "%sCPUAffinity:", prefix);
82c121a4
LP		 1930 for (i = 0; i < c->cpuset_ncpus; i++)
1931 if (CPU_ISSET_S(i, CPU_ALLOC_SIZE(c->cpuset_ncpus), c->cpuset))
94f04347
LP		 1932 fprintf(f, " %i", i);
1933 fputs("\n", f);
1934 }
1935
d88a251b 1936 if (c->timer_slack_nsec != (nsec_t) -1)
f96096db 1937 fprintf(f, "%sTimerSlackNSec: %lu\n", prefix, (unsigned long)c->timer_slack_nsec);
94f04347
LP		 1938
1939 fprintf(f,
80876c20
LP		 1940 "%sStandardInput: %s\n"
1941 "%sStandardOutput: %s\n"
1942 "%sStandardError: %s\n",
1943 prefix, exec_input_to_string(c->std_input),
1944 prefix, exec_output_to_string(c->std_output),
1945 prefix, exec_output_to_string(c->std_error));
1946
1947 if (c->tty_path)
1948 fprintf(f,
6ea832a2
LP		 1949 "%sTTYPath: %s\n"
1950 "%sTTYReset: %s\n"
1951 "%sTTYVHangup: %s\n"
1952 "%sTTYVTDisallocate: %s\n",
1953 prefix, c->tty_path,
1954 prefix, yes_no(c->tty_reset),
1955 prefix, yes_no(c->tty_vhangup),
1956 prefix, yes_no(c->tty_vt_disallocate));
94f04347 1957
706343f4
LP		 1958 if (c->std_output == EXEC_OUTPUT_SYSLOG || c->std_output == EXEC_OUTPUT_KMSG || c->std_output == EXEC_OUTPUT_JOURNAL ||
1959 c->std_output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE || c->std_output == EXEC_OUTPUT_KMSG_AND_CONSOLE || c->std_output == EXEC_OUTPUT_JOURNAL_AND_CONSOLE ||
1960 c->std_error == EXEC_OUTPUT_SYSLOG || c->std_error == EXEC_OUTPUT_KMSG || c->std_error == EXEC_OUTPUT_JOURNAL ||
f8b69d1d
MS		 1961 c->std_error == EXEC_OUTPUT_SYSLOG_AND_CONSOLE || c->std_error == EXEC_OUTPUT_KMSG_AND_CONSOLE || c->std_error == EXEC_OUTPUT_JOURNAL_AND_CONSOLE) {
1962 char *fac_str, *lvl_str;
1963 int r;
1964
1965 r = log_facility_unshifted_to_string_alloc(c->syslog_priority >> 3, &fac_str);
1966 if (r < 0)
1967 fac_str = NULL;
1968
1969 r = log_level_to_string_alloc(LOG_PRI(c->syslog_priority), &lvl_str);
1970 if (r < 0)
1971 lvl_str = NULL;
1972
94f04347
LP		 1973 fprintf(f,
1974 "%sSyslogFacility: %s\n"
1975 "%sSyslogLevel: %s\n",
f8b69d1d
MS		 1976 prefix, strna(fac_str),
1977 prefix, strna(lvl_str));
1978 free(lvl_str);
1979 free(fac_str);
1980 }
94f04347
LP		 1981
1982 if (c->capabilities) {
1983 char *t;
1984 if ((t = cap_to_text(c->capabilities, NULL))) {
1985 fprintf(f, "%sCapabilities: %s\n",
1986 prefix, t);
1987 cap_free(t);
1988 }
1989 }
1990
1991 if (c->secure_bits)
1992 fprintf(f, "%sSecure Bits:%s%s%s%s%s%s\n",
1993 prefix,
cbb21cca
ZJS		 1994 (c->secure_bits & 1<<SECURE_KEEP_CAPS) ? " keep-caps" : "",
1995 (c->secure_bits & 1<<SECURE_KEEP_CAPS_LOCKED) ? " keep-caps-locked" : "",
1996 (c->secure_bits & 1<<SECURE_NO_SETUID_FIXUP) ? " no-setuid-fixup" : "",
1997 (c->secure_bits & 1<<SECURE_NO_SETUID_FIXUP_LOCKED) ? " no-setuid-fixup-locked" : "",
1998 (c->secure_bits & 1<<SECURE_NOROOT) ? " noroot" : "",
1999 (c->secure_bits & 1<<SECURE_NOROOT_LOCKED) ? "noroot-locked" : "");
94f04347
LP		 2000
2001 if (c->capability_bounding_set_drop) {
ae556c21 2002 unsigned long l;
260abb78 2003 fprintf(f, "%sCapabilityBoundingSet:", prefix);
94f04347 2004
64685e0c 2005 for (l = 0; l <= cap_last_cap(); l++)
ae556c21 2006 if (!(c->capability_bounding_set_drop & ((uint64_t) 1ULL << (uint64_t) l))) {
94f04347
LP		 2007 char *t;
2008
ae556c21 2009 if ((t = cap_to_name(l))) {
94f04347 2010 fprintf(f, " %s", t);
260abb78 2011 cap_free(t);
94f04347
LP		 2012 }
2013 }
2014
2015 fputs("\n", f);
2016 }
2017
2018 if (c->user)
f2d3769a 2019 fprintf(f, "%sUser: %s\n", prefix, c->user);
94f04347 2020 if (c->group)
f2d3769a 2021 fprintf(f, "%sGroup: %s\n", prefix, c->group);
94f04347 2022
15ae422b 2023 if (strv_length(c->supplementary_groups) > 0) {
94f04347 2024 fprintf(f, "%sSupplementaryGroups:", prefix);
15ae422b
LP		 2025 strv_fprintf(f, c->supplementary_groups);
2026 fputs("\n", f);
2027 }
94f04347 2028
5b6319dc 2029 if (c->pam_name)
f2d3769a 2030 fprintf(f, "%sPAMName: %s\n", prefix, c->pam_name);
5b6319dc 2031
15ae422b
LP		 2032 if (strv_length(c->read_write_dirs) > 0) {
2033 fprintf(f, "%sReadWriteDirs:", prefix);
2034 strv_fprintf(f, c->read_write_dirs);
2035 fputs("\n", f);
2036 }
2037
2038 if (strv_length(c->read_only_dirs) > 0) {
2039 fprintf(f, "%sReadOnlyDirs:", prefix);
2040 strv_fprintf(f, c->read_only_dirs);
2041 fputs("\n", f);
2042 }
94f04347 2043
15ae422b
LP		 2044 if (strv_length(c->inaccessible_dirs) > 0) {
2045 fprintf(f, "%sInaccessibleDirs:", prefix);
2046 strv_fprintf(f, c->inaccessible_dirs);
94f04347
LP		 2047 fputs("\n", f);
2048 }
2e22afe9 2049
169c1bda
LP		 2050 if (c->utmp_id)
2051 fprintf(f,
2052 "%sUtmpIdentifier: %s\n",
2053 prefix, c->utmp_id);
5cb5a6ff
LP		 2054}
2055
b58b4116 2056void exec_status_start(ExecStatus *s, pid_t pid) {
034c6ed7 2057 assert(s);
5cb5a6ff 2058
b58b4116
LP		 2059 zero(*s);
2060 s->pid = pid;
2061 dual_timestamp_get(&s->start_timestamp);
2062}
2063
6ea832a2 2064void exec_status_exit(ExecStatus *s, ExecContext *context, pid_t pid, int code, int status) {
b58b4116
LP		 2065 assert(s);
2066
0b1f4ae6 2067 if (s->pid && s->pid != pid)
b58b4116
LP		 2068 zero(*s);
2069
034c6ed7 2070 s->pid = pid;
63983207 2071 dual_timestamp_get(&s->exit_timestamp);
9fb86720 2072
034c6ed7
LP		 2073 s->code = code;
2074 s->status = status;
169c1bda 2075
6ea832a2
LP		 2076 if (context) {
2077 if (context->utmp_id)
2078 utmp_put_dead_process(context->utmp_id, pid, code, status);
2079
2080 exec_context_tty_reset(context);
2081 }
9fb86720
LP		 2082}
2083
2084void exec_status_dump(ExecStatus *s, FILE *f, const char *prefix) {
2085 char buf[FORMAT_TIMESTAMP_MAX];
2086
2087 assert(s);
2088 assert(f);
2089
2090 if (!prefix)
2091 prefix = "";
2092
2093 if (s->pid <= 0)
2094 return;
2095
2096 fprintf(f,
bb00e604
LP		 2097 "%sPID: %lu\n",
2098 prefix, (unsigned long) s->pid);
9fb86720 2099
63983207 2100 if (s->start_timestamp.realtime > 0)
9fb86720
LP		 2101 fprintf(f,
2102 "%sStart Timestamp: %s\n",
63983207 2103 prefix, format_timestamp(buf, sizeof(buf), s->start_timestamp.realtime));
9fb86720 2104
63983207 2105 if (s->exit_timestamp.realtime > 0)
9fb86720
LP		 2106 fprintf(f,
2107 "%sExit Timestamp: %s\n"
2108 "%sExit Code: %s\n"
2109 "%sExit Status: %i\n",
63983207 2110 prefix, format_timestamp(buf, sizeof(buf), s->exit_timestamp.realtime),
9fb86720
LP		 2111 prefix, sigchld_code_to_string(s->code),
2112 prefix, s->status);
5cb5a6ff 2113}
44d8db9e 2114
9e2f7c11 2115char *exec_command_line(char **argv) {
44d8db9e
LP		 2116 size_t k;
2117 char *n, *p, **a;
2118 bool first = true;
2119
9e2f7c11 2120 assert(argv);
44d8db9e 2121
9164977d 2122 k = 1;
9e2f7c11 2123 STRV_FOREACH(a, argv)
44d8db9e
LP		 2124 k += strlen(*a)+3;
2125
2126 if (!(n = new(char, k)))
2127 return NULL;
2128
2129 p = n;
9e2f7c11 2130 STRV_FOREACH(a, argv) {
44d8db9e
LP		 2131
2132 if (!first)
2133 *(p++) = ' ';
2134 else
2135 first = false;
2136
2137 if (strpbrk(*a, WHITESPACE)) {
2138 *(p++) = '\'';
2139 p = stpcpy(p, *a);
2140 *(p++) = '\'';
2141 } else
2142 p = stpcpy(p, *a);
2143
2144 }
2145
9164977d
LP		 2146 *p = 0;
2147
44d8db9e
LP		 2148 /* FIXME: this doesn't really handle arguments that have
2149 * spaces and ticks in them */
2150
2151 return n;
2152}
2153
2154void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix) {
9fb86720
LP		 2155 char *p2;
2156 const char *prefix2;
2157
44d8db9e
LP		 2158 char *cmd;
2159
2160 assert(c);
2161 assert(f);
2162
2163 if (!prefix)
2164 prefix = "";
9fb86720
LP		 2165 p2 = strappend(prefix, "\t");
2166 prefix2 = p2 ? p2 : prefix;
44d8db9e 2167
9e2f7c11 2168 cmd = exec_command_line(c->argv);
44d8db9e
LP		 2169
2170 fprintf(f,
2171 "%sCommand Line: %s\n",
2172 prefix, cmd ? cmd : strerror(ENOMEM));
2173
2174 free(cmd);
9fb86720
LP		 2175
2176 exec_status_dump(&c->exec_status, f, prefix2);
2177
2178 free(p2);
44d8db9e
LP		 2179}
2180
2181void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix) {
2182 assert(f);
2183
2184 if (!prefix)
2185 prefix = "";
2186
2187 LIST_FOREACH(command, c, c)
2188 exec_command_dump(c, f, prefix);
2189}
94f04347 2190
a6a80b4f
LP		 2191void exec_command_append_list(ExecCommand **l, ExecCommand *e) {
2192 ExecCommand *end;
2193
2194 assert(l);
2195 assert(e);
2196
2197 if (*l) {
35b8ca3a 2198 /* It's kind of important, that we keep the order here */
a6a80b4f
LP		 2199 LIST_FIND_TAIL(ExecCommand, command, *l, end);
2200 LIST_INSERT_AFTER(ExecCommand, command, *l, end, e);
2201 } else
2202 *l = e;
2203}
2204
26fd040d
LP		 2205int exec_command_set(ExecCommand *c, const char *path, ...) {
2206 va_list ap;
2207 char **l, *p;
2208
2209 assert(c);
2210 assert(path);
2211
2212 va_start(ap, path);
2213 l = strv_new_ap(path, ap);
2214 va_end(ap);
2215
2216 if (!l)
2217 return -ENOMEM;
2218
2219 if (!(p = strdup(path))) {
2220 strv_free(l);
2221 return -ENOMEM;
2222 }
2223
2224 free(c->path);
2225 c->path = p;
2226
2227 strv_free(c->argv);
2228 c->argv = l;
2229
2230 return 0;
2231}
2232
80876c20
LP		 2233static const char* const exec_input_table[_EXEC_INPUT_MAX] = {
2234 [EXEC_INPUT_NULL] = "null",
2235 [EXEC_INPUT_TTY] = "tty",
2236 [EXEC_INPUT_TTY_FORCE] = "tty-force",
4f2d528d
LP		 2237 [EXEC_INPUT_TTY_FAIL] = "tty-fail",
2238 [EXEC_INPUT_SOCKET] = "socket"
80876c20
LP		 2239};
2240
8a0867d6
LP		 2241DEFINE_STRING_TABLE_LOOKUP(exec_input, ExecInput);
2242
94f04347 2243static const char* const exec_output_table[_EXEC_OUTPUT_MAX] = {
80876c20 2244 [EXEC_OUTPUT_INHERIT] = "inherit",
94f04347 2245 [EXEC_OUTPUT_NULL] = "null",
80876c20 2246 [EXEC_OUTPUT_TTY] = "tty",
94f04347 2247 [EXEC_OUTPUT_SYSLOG] = "syslog",
28dbc1e8 2248 [EXEC_OUTPUT_SYSLOG_AND_CONSOLE] = "syslog+console",
9a6bca7a 2249 [EXEC_OUTPUT_KMSG] = "kmsg",
28dbc1e8 2250 [EXEC_OUTPUT_KMSG_AND_CONSOLE] = "kmsg+console",
706343f4
LP		 2251 [EXEC_OUTPUT_JOURNAL] = "journal",
2252 [EXEC_OUTPUT_JOURNAL_AND_CONSOLE] = "journal+console",
4f2d528d 2253 [EXEC_OUTPUT_SOCKET] = "socket"
94f04347
LP		 2254};
2255
2256DEFINE_STRING_TABLE_LOOKUP(exec_output, ExecOutput);
Unnamed repository; edit this file 'description' to name the repository.