]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/execute.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
rules: don't limit some of the rules to the "add" action
[thirdparty/systemd.git] / src / core / execute.c
CommitLineData
d6c9574f 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
5cb5a6ff 2
a7334b09
LP		 3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
a7334b09 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
5cb5a6ff 22#include <assert.h>
034c6ed7
LP		 23#include <dirent.h>
24#include <errno.h>
25#include <fcntl.h>
26#include <unistd.h>
44d8db9e 27#include <string.h>
309bff19 28#include <signal.h>
071830ff
LP		 29#include <sys/socket.h>
30#include <sys/un.h>
94f04347 31#include <sys/prctl.h>
66ee3769 32#include <linux/sched.h>
451a074f
LP		 33#include <sys/types.h>
34#include <sys/stat.h>
81a2b7ce
LP		 35#include <grp.h>
36#include <pwd.h>
15ae422b 37#include <sys/mount.h>
25e870b5 38#include <linux/fs.h>
dd6c17b1 39#include <linux/oom.h>
f2b68789 40#include <sys/poll.h>
8351ceae 41#include <linux/seccomp-bpf.h>
2bef10ab 42#include <glob.h>
d34cd374 43#include <libgen.h>
5cb5a6ff 44
5b6319dc
LP		 45#ifdef HAVE_PAM
46#include <security/pam_appl.h>
47#endif
48
5cb5a6ff
LP		 49#include "execute.h"
50#include "strv.h"
51#include "macro.h"
d7832d2c 52#include "capability.h"
5cb5a6ff 53#include "util.h"
acbb0225 54#include "log.h"
20ad4cfd 55#include "sd-messages.h"
9eba9da4 56#include "ioprio.h"
94f04347 57#include "securebits.h"
15ae422b 58#include "namespace.h"
df1f0afe 59#include "tcpwrap.h"
d06dacd0 60#include "exit-status.h"
dd6c17b1 61#include "missing.h"
169c1bda 62#include "utmp-wtmp.h"
f6a6225e 63#include "def.h"
ff01d048 64#include "loopback-setup.h"
9eb977db 65#include "path-util.h"
8351ceae 66#include "syscall-list.h"
4d1a6904 67#include "env-util.h"
a5c32cff 68#include "fileio.h"
4ad49000 69#include "unit.h"
f485606b 70#include "async.h"
5cb5a6ff 71
e056b01d 72#define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)
31a7eb86 73#define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC)
e6a26745 74
02a51aba
LP		 75/* This assumes there is a 'tty' group */
76#define TTY_MODE 0620
77
034c6ed7
LP		 78static int shift_fds(int fds[], unsigned n_fds) {
79 int start, restart_from;
80
81 if (n_fds <= 0)
82 return 0;
83
a0d40ac5
LP		 84 /* Modifies the fds array! (sorts it) */
85
034c6ed7
LP		 86 assert(fds);
87
88 start = 0;
89 for (;;) {
90 int i;
91
92 restart_from = -1;
93
94 for (i = start; i < (int) n_fds; i++) {
95 int nfd;
96
97 /* Already at right index? */
98 if (fds[i] == i+3)
99 continue;
100
101 if ((nfd = fcntl(fds[i], F_DUPFD, i+3)) < 0)
102 return -errno;
103
e1f5e051 104 close_nointr_nofail(fds[i]);
034c6ed7
LP		 105 fds[i] = nfd;
106
107 /* Hmm, the fd we wanted isn't free? Then
108 * let's remember that and try again from here*/
109 if (nfd != i+3 && restart_from < 0)
110 restart_from = i;
111 }
112
113 if (restart_from < 0)
114 break;
115
116 start = restart_from;
117 }
118
119 return 0;
120}
121
c2748801 122static int flags_fds(const int fds[], unsigned n_fds, bool nonblock) {
47a71eed 123 unsigned i;
e2c76839 124 int r;
47a71eed
LP		 125
126 if (n_fds <= 0)
127 return 0;
128
129 assert(fds);
130
451a074f 131 /* Drops/Sets O_NONBLOCK and FD_CLOEXEC from the file flags */
47a71eed
LP		 132
133 for (i = 0; i < n_fds; i++) {
47a71eed 134
e2c76839
LP		 135 if ((r = fd_nonblock(fds[i], nonblock)) < 0)
136 return r;
47a71eed 137
451a074f
LP		 138 /* We unconditionally drop FD_CLOEXEC from the fds,
139 * since after all we want to pass these fds to our
140 * children */
47a71eed 141
e2c76839
LP		 142 if ((r = fd_cloexec(fds[i], false)) < 0)
143 return r;
47a71eed
LP		 144 }
145
146 return 0;
147}
148
44a6b1b6 149_pure_ static const char *tty_path(const ExecContext *context) {
80876c20
LP		 150 assert(context);
151
152 if (context->tty_path)
153 return context->tty_path;
154
155 return "/dev/console";
156}
157
6ea832a2
LP		 158void exec_context_tty_reset(const ExecContext *context) {
159 assert(context);
160
161 if (context->tty_vhangup)
162 terminal_vhangup(tty_path(context));
163
164 if (context->tty_reset)
165 reset_terminal(tty_path(context));
166
167 if (context->tty_vt_disallocate && context->tty_path)
168 vt_disallocate(context->tty_path);
169}
170
3a1286b6
MS		 171static bool is_terminal_output(ExecOutput o) {
172 return
173 o == EXEC_OUTPUT_TTY ||
174 o == EXEC_OUTPUT_SYSLOG_AND_CONSOLE ||
175 o == EXEC_OUTPUT_KMSG_AND_CONSOLE ||
176 o == EXEC_OUTPUT_JOURNAL_AND_CONSOLE;
177}
178
c17ec25e
MS		 179void exec_context_serialize(const ExecContext *context, Unit *u, FILE *f) {
180 assert(context);
181 assert(u);
182 assert(f);
183
184 if (context->tmp_dir)
185 unit_serialize_item(u, f, "tmp-dir", context->tmp_dir);
186
187 if (context->var_tmp_dir)
188 unit_serialize_item(u, f, "var-tmp-dir", context->var_tmp_dir);
189}
190
80876c20
LP		 191static int open_null_as(int flags, int nfd) {
192 int fd, r;
071830ff 193
80876c20 194 assert(nfd >= 0);
071830ff 195
80876c20 196 if ((fd = open("/dev/null", flags|O_NOCTTY)) < 0)
071830ff
LP		 197 return -errno;
198
80876c20
LP		 199 if (fd != nfd) {
200 r = dup2(fd, nfd) < 0 ? -errno : nfd;
e1f5e051 201 close_nointr_nofail(fd);
80876c20
LP		 202 } else
203 r = nfd;
071830ff 204
80876c20 205 return r;
071830ff
LP		 206}
207
62bca2c6 208static int connect_logger_as(const ExecContext *context, ExecOutput output, const char *ident, const char *unit_id, int nfd) {
80876c20 209 int fd, r;
b92bea5d
ZJS		 210 union sockaddr_union sa = {
211 .un.sun_family = AF_UNIX,
212 .un.sun_path = "/run/systemd/journal/stdout",
213 };
071830ff
LP		 214
215 assert(context);
80876c20
LP		 216 assert(output < _EXEC_OUTPUT_MAX);
217 assert(ident);
218 assert(nfd >= 0);
071830ff 219
54fe0cdb
LP		 220 fd = socket(AF_UNIX, SOCK_STREAM, 0);
221 if (fd < 0)
80876c20 222 return -errno;
071830ff 223
54fe0cdb
LP		 224 r = connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path));
225 if (r < 0) {
80876c20
LP		 226 close_nointr_nofail(fd);
227 return -errno;
228 }
071830ff 229
80876c20
LP		 230 if (shutdown(fd, SHUT_RD) < 0) {
231 close_nointr_nofail(fd);
232 return -errno;
233 }
071830ff 234
80876c20 235 dprintf(fd,
62bca2c6 236 "%s\n"
80876c20
LP		 237 "%s\n"
238 "%i\n"
54fe0cdb
LP		 239 "%i\n"
240 "%i\n"
241 "%i\n"
4f4a1dbf 242 "%i\n",
4f4a1dbf 243 context->syslog_identifier ? context->syslog_identifier : ident,
62bca2c6 244 unit_id,
54fe0cdb
LP		 245 context->syslog_priority,
246 !!context->syslog_level_prefix,
247 output == EXEC_OUTPUT_SYSLOG || output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
248 output == EXEC_OUTPUT_KMSG || output == EXEC_OUTPUT_KMSG_AND_CONSOLE,
3a1286b6 249 is_terminal_output(output));
80876c20
LP		 250
251 if (fd != nfd) {
252 r = dup2(fd, nfd) < 0 ? -errno : nfd;
e1f5e051 253 close_nointr_nofail(fd);
80876c20
LP		 254 } else
255 r = nfd;
071830ff 256
80876c20
LP		 257 return r;
258}
259static int open_terminal_as(const char *path, mode_t mode, int nfd) {
260 int fd, r;
071830ff 261
80876c20
LP		 262 assert(path);
263 assert(nfd >= 0);
071830ff 264
80876c20
LP		 265 if ((fd = open_terminal(path, mode | O_NOCTTY)) < 0)
266 return fd;
071830ff 267
80876c20
LP		 268 if (fd != nfd) {
269 r = dup2(fd, nfd) < 0 ? -errno : nfd;
270 close_nointr_nofail(fd);
271 } else
272 r = nfd;
071830ff 273
80876c20
LP		 274 return r;
275}
071830ff 276
80876c20
LP		 277static bool is_terminal_input(ExecInput i) {
278 return
279 i == EXEC_INPUT_TTY ||
280 i == EXEC_INPUT_TTY_FORCE ||
281 i == EXEC_INPUT_TTY_FAIL;
282}
071830ff 283
1e3ad081
LP		 284static int fixup_input(ExecInput std_input, int socket_fd, bool apply_tty_stdin) {
285
286 if (is_terminal_input(std_input) && !apply_tty_stdin)
287 return EXEC_INPUT_NULL;
071830ff 288
03fd9c49 289 if (std_input == EXEC_INPUT_SOCKET && socket_fd < 0)
4f2d528d
LP		 290 return EXEC_INPUT_NULL;
291
03fd9c49 292 return std_input;
4f2d528d
LP		 293}
294
03fd9c49 295static int fixup_output(ExecOutput std_output, int socket_fd) {
4f2d528d 296
03fd9c49 297 if (std_output == EXEC_OUTPUT_SOCKET && socket_fd < 0)
4f2d528d
LP		 298 return EXEC_OUTPUT_INHERIT;
299
03fd9c49 300 return std_output;
4f2d528d
LP		 301}
302
1e3ad081 303static int setup_input(const ExecContext *context, int socket_fd, bool apply_tty_stdin) {
4f2d528d
LP		 304 ExecInput i;
305
306 assert(context);
307
1e3ad081 308 i = fixup_input(context->std_input, socket_fd, apply_tty_stdin);
4f2d528d
LP		 309
310 switch (i) {
071830ff 311
80876c20
LP		 312 case EXEC_INPUT_NULL:
313 return open_null_as(O_RDONLY, STDIN_FILENO);
314
315 case EXEC_INPUT_TTY:
316 case EXEC_INPUT_TTY_FORCE:
317 case EXEC_INPUT_TTY_FAIL: {
318 int fd, r;
071830ff 319
970edce6
ZJS		 320 fd = acquire_terminal(tty_path(context),
321 i == EXEC_INPUT_TTY_FAIL,
322 i == EXEC_INPUT_TTY_FORCE,
323 false,
324 (usec_t) -1);
325 if (fd < 0)
80876c20
LP		 326 return fd;
327
328 if (fd != STDIN_FILENO) {
329 r = dup2(fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;
071830ff 330 close_nointr_nofail(fd);
80876c20
LP		 331 } else
332 r = STDIN_FILENO;
333
334 return r;
335 }
336
4f2d528d
LP		 337 case EXEC_INPUT_SOCKET:
338 return dup2(socket_fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;
339
80876c20
LP		 340 default:
341 assert_not_reached("Unknown input type");
342 }
343}
344
eb17e935 345static int setup_output(const ExecContext *context, int fileno, int socket_fd, const char *ident, const char *unit_id, bool apply_tty_stdin) {
4f2d528d
LP		 346 ExecOutput o;
347 ExecInput i;
47c1d80d 348 int r;
4f2d528d 349
80876c20
LP		 350 assert(context);
351 assert(ident);
352
1e3ad081 353 i = fixup_input(context->std_input, socket_fd, apply_tty_stdin);
03fd9c49 354 o = fixup_output(context->std_output, socket_fd);
4f2d528d 355
eb17e935
MS		 356 if (fileno == STDERR_FILENO) {
357 ExecOutput e;
358 e = fixup_output(context->std_error, socket_fd);
80876c20 359
eb17e935
MS		 360 /* This expects the input and output are already set up */
361
362 /* Don't change the stderr file descriptor if we inherit all
363 * the way and are not on a tty */
364 if (e == EXEC_OUTPUT_INHERIT &&
365 o == EXEC_OUTPUT_INHERIT &&
366 i == EXEC_INPUT_NULL &&
367 !is_terminal_input(context->std_input) &&
368 getppid () != 1)
369 return fileno;
370
371 /* Duplicate from stdout if possible */
372 if (e == o || e == EXEC_OUTPUT_INHERIT)
373 return dup2(STDOUT_FILENO, fileno) < 0 ? -errno : fileno;
071830ff 374
eb17e935 375 o = e;
80876c20 376
eb17e935 377 } else if (o == EXEC_OUTPUT_INHERIT) {
21d21ea4
LP		 378 /* If input got downgraded, inherit the original value */
379 if (i == EXEC_INPUT_NULL && is_terminal_input(context->std_input))
eb17e935 380 return open_terminal_as(tty_path(context), O_WRONLY, fileno);
21d21ea4 381
acb591e4 382 /* If the input is connected to anything that's not a /dev/null, inherit that... */
ff876e28 383 if (i != EXEC_INPUT_NULL)
eb17e935 384 return dup2(STDIN_FILENO, fileno) < 0 ? -errno : fileno;
071830ff 385
acb591e4
LP		 386 /* If we are not started from PID 1 we just inherit STDOUT from our parent process. */
387 if (getppid() != 1)
eb17e935 388 return fileno;
94f04347 389
eb17e935
MS		 390 /* We need to open /dev/null here anew, to get the right access mode. */
391 return open_null_as(O_WRONLY, fileno);
071830ff 392 }
94f04347 393
eb17e935 394 switch (o) {
80876c20
LP		 395
396 case EXEC_OUTPUT_NULL:
eb17e935 397 return open_null_as(O_WRONLY, fileno);
80876c20
LP		 398
399 case EXEC_OUTPUT_TTY:
4f2d528d 400 if (is_terminal_input(i))
eb17e935 401 return dup2(STDIN_FILENO, fileno) < 0 ? -errno : fileno;
80876c20
LP		 402
403 /* We don't reset the terminal if this is just about output */
eb17e935 404 return open_terminal_as(tty_path(context), O_WRONLY, fileno);
80876c20
LP		 405
406 case EXEC_OUTPUT_SYSLOG:
28dbc1e8 407 case EXEC_OUTPUT_SYSLOG_AND_CONSOLE:
9a6bca7a 408 case EXEC_OUTPUT_KMSG:
28dbc1e8 409 case EXEC_OUTPUT_KMSG_AND_CONSOLE:
706343f4
LP		 410 case EXEC_OUTPUT_JOURNAL:
411 case EXEC_OUTPUT_JOURNAL_AND_CONSOLE:
eb17e935 412 r = connect_logger_as(context, o, ident, unit_id, fileno);
47c1d80d 413 if (r < 0) {
80cbda35
MS		 414 log_struct_unit(LOG_CRIT, unit_id,
415 "MESSAGE=Failed to connect std%s of %s to the journal socket: %s",
eb17e935 416 fileno == STDOUT_FILENO ? "out" : "err",
80cbda35
MS		 417 unit_id, strerror(-r),
418 "ERRNO=%d", -r,
419 NULL);
eb17e935 420 r = open_null_as(O_WRONLY, fileno);
47c1d80d
MS		 421 }
422 return r;
4f2d528d
LP		 423
424 case EXEC_OUTPUT_SOCKET:
425 assert(socket_fd >= 0);
eb17e935 426 return dup2(socket_fd, fileno) < 0 ? -errno : fileno;
94f04347
LP		 427
428 default:
80876c20 429 assert_not_reached("Unknown error type");
94f04347 430 }
071830ff
LP		 431}
432
02a51aba
LP		 433static int chown_terminal(int fd, uid_t uid) {
434 struct stat st;
435
436 assert(fd >= 0);
02a51aba
LP		 437
438 /* This might fail. What matters are the results. */
bab45044
LP		 439 (void) fchown(fd, uid, -1);
440 (void) fchmod(fd, TTY_MODE);
02a51aba
LP		 441
442 if (fstat(fd, &st) < 0)
443 return -errno;
444
d8b4e2e9 445 if (st.st_uid != uid || (st.st_mode & 0777) != TTY_MODE)
02a51aba
LP		 446 return -EPERM;
447
448 return 0;
449}
450
af6da548 451static int setup_confirm_stdio(int *_saved_stdin,
80876c20
LP		 452 int *_saved_stdout) {
453 int fd = -1, saved_stdin, saved_stdout = -1, r;
454
80876c20
LP		 455 assert(_saved_stdin);
456 assert(_saved_stdout);
457
af6da548
LP		 458 saved_stdin = fcntl(STDIN_FILENO, F_DUPFD, 3);
459 if (saved_stdin < 0)
460 return -errno;
80876c20 461
af6da548
LP		 462 saved_stdout = fcntl(STDOUT_FILENO, F_DUPFD, 3);
463 if (saved_stdout < 0) {
464 r = errno;
80876c20
LP		 465 goto fail;
466 }
467
af6da548
LP		 468 fd = acquire_terminal(
469 "/dev/console",
470 false,
471 false,
472 false,
473 DEFAULT_CONFIRM_USEC);
474 if (fd < 0) {
475 r = fd;
80876c20
LP		 476 goto fail;
477 }
478
af6da548
LP		 479 r = chown_terminal(fd, getuid());
480 if (r < 0)
02a51aba 481 goto fail;
02a51aba 482
80876c20 483 if (dup2(fd, STDIN_FILENO) < 0) {
af6da548 484 r = -errno;
80876c20
LP		 485 goto fail;
486 }
487
488 if (dup2(fd, STDOUT_FILENO) < 0) {
af6da548 489 r = -errno;
80876c20
LP		 490 goto fail;
491 }
492
493 if (fd >= 2)
494 close_nointr_nofail(fd);
495
496 *_saved_stdin = saved_stdin;
497 *_saved_stdout = saved_stdout;
498
499 return 0;
500
501fail:
502 if (saved_stdout >= 0)
503 close_nointr_nofail(saved_stdout);
504
505 if (saved_stdin >= 0)
506 close_nointr_nofail(saved_stdin);
507
508 if (fd >= 0)
509 close_nointr_nofail(fd);
510
511 return r;
512}
513
44a6b1b6 514_printf_attr_(1, 2) static int write_confirm_message(const char *format, ...) {
af6da548
LP		 515 int fd;
516 va_list ap;
80876c20 517
af6da548 518 assert(format);
80876c20 519
af6da548
LP		 520 fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
521 if (fd < 0)
522 return fd;
80876c20 523
af6da548
LP		 524 va_start(ap, format);
525 vdprintf(fd, format, ap);
526 va_end(ap);
80876c20 527
af6da548 528 close_nointr_nofail(fd);
80876c20 529
af6da548
LP		 530 return 0;
531}
80876c20 532
af6da548
LP		 533static int restore_confirm_stdio(int *saved_stdin,
534 int *saved_stdout) {
80876c20 535
af6da548 536 int r = 0;
80876c20 537
af6da548
LP		 538 assert(saved_stdin);
539 assert(saved_stdout);
540
541 release_terminal();
542
543 if (*saved_stdin >= 0)
80876c20 544 if (dup2(*saved_stdin, STDIN_FILENO) < 0)
af6da548 545 r = -errno;
80876c20 546
af6da548 547 if (*saved_stdout >= 0)
80876c20 548 if (dup2(*saved_stdout, STDOUT_FILENO) < 0)
af6da548 549 r = -errno;
80876c20 550
af6da548
LP		 551 if (*saved_stdin >= 0)
552 close_nointr_nofail(*saved_stdin);
80876c20 553
af6da548
LP		 554 if (*saved_stdout >= 0)
555 close_nointr_nofail(*saved_stdout);
556
557 return r;
558}
559
560static int ask_for_confirmation(char *response, char **argv) {
561 int saved_stdout = -1, saved_stdin = -1, r;
562 char *line;
563
564 r = setup_confirm_stdio(&saved_stdin, &saved_stdout);
565 if (r < 0)
566 return r;
567
568 line = exec_command_line(argv);
569 if (!line)
570 return -ENOMEM;
571
572 r = ask(response, "yns", "Execute %s? [Yes, No, Skip] ", line);
573 free(line);
574
575 restore_confirm_stdio(&saved_stdin, &saved_stdout);
576
577 return r;
80876c20
LP		 578}
579
81a2b7ce
LP		 580static int enforce_groups(const ExecContext *context, const char *username, gid_t gid) {
581 bool keep_groups = false;
582 int r;
583
584 assert(context);
585
35b8ca3a 586 /* Lookup and set GID and supplementary group list. Here too
81a2b7ce
LP		 587 * we avoid NSS lookups for gid=0. */
588
589 if (context->group || username) {
590
4b67834e
LP		 591 if (context->group) {
592 const char *g = context->group;
593
594 if ((r = get_group_creds(&g, &gid)) < 0)
81a2b7ce 595 return r;
4b67834e 596 }
81a2b7ce
LP		 597
598 /* First step, initialize groups from /etc/groups */
599 if (username && gid != 0) {
600 if (initgroups(username, gid) < 0)
601 return -errno;
602
603 keep_groups = true;
604 }
605
606 /* Second step, set our gids */
607 if (setresgid(gid, gid, gid) < 0)
608 return -errno;
609 }
610
611 if (context->supplementary_groups) {
612 int ngroups_max, k;
613 gid_t *gids;
614 char **i;
615
616 /* Final step, initialize any manually set supplementary groups */
da19d5c1 617 assert_se((ngroups_max = (int) sysconf(_SC_NGROUPS_MAX)) > 0);
81a2b7ce
LP		 618
619 if (!(gids = new(gid_t, ngroups_max)))
620 return -ENOMEM;
621
622 if (keep_groups) {
623 if ((k = getgroups(ngroups_max, gids)) < 0) {
624 free(gids);
625 return -errno;
626 }
627 } else
628 k = 0;
629
630 STRV_FOREACH(i, context->supplementary_groups) {
4b67834e 631 const char *g;
81a2b7ce
LP		 632
633 if (k >= ngroups_max) {
634 free(gids);
635 return -E2BIG;
636 }
637
4b67834e
LP		 638 g = *i;
639 r = get_group_creds(&g, gids+k);
640 if (r < 0) {
81a2b7ce
LP		 641 free(gids);
642 return r;
643 }
644
645 k++;
646 }
647
648 if (setgroups(k, gids) < 0) {
649 free(gids);
650 return -errno;
651 }
652
653 free(gids);
654 }
655
656 return 0;
657}
658
659static int enforce_user(const ExecContext *context, uid_t uid) {
660 int r;
661 assert(context);
662
663 /* Sets (but doesn't lookup) the uid and make sure we keep the
664 * capabilities while doing so. */
665
666 if (context->capabilities) {
667 cap_t d;
668 static const cap_value_t bits[] = {
669 CAP_SETUID, /* Necessary so that we can run setresuid() below */
670 CAP_SETPCAP /* Necessary so that we can set PR_SET_SECUREBITS later on */
671 };
672
673 /* First step: If we need to keep capabilities but
674 * drop privileges we need to make sure we keep our
cbb21cca 675 * caps, while we drop privileges. */
693ced48 676 if (uid != 0) {
cbb21cca 677 int sb = context->secure_bits | 1<<SECURE_KEEP_CAPS;
693ced48
LP		 678
679 if (prctl(PR_GET_SECUREBITS) != sb)
680 if (prctl(PR_SET_SECUREBITS, sb) < 0)
681 return -errno;
682 }
81a2b7ce 683
35b8ca3a 684 /* Second step: set the capabilities. This will reduce
81a2b7ce
LP		 685 * the capabilities to the minimum we need. */
686
687 if (!(d = cap_dup(context->capabilities)))
688 return -errno;
689
690 if (cap_set_flag(d, CAP_EFFECTIVE, ELEMENTSOF(bits), bits, CAP_SET) < 0 ||
691 cap_set_flag(d, CAP_PERMITTED, ELEMENTSOF(bits), bits, CAP_SET) < 0) {
692 r = -errno;
693 cap_free(d);
694 return r;
695 }
696
697 if (cap_set_proc(d) < 0) {
698 r = -errno;
699 cap_free(d);
700 return r;
701 }
702
703 cap_free(d);
704 }
705
706 /* Third step: actually set the uids */
707 if (setresuid(uid, uid, uid) < 0)
708 return -errno;
709
710 /* At this point we should have all necessary capabilities but
711 are otherwise a normal user. However, the caps might got
712 corrupted due to the setresuid() so we need clean them up
713 later. This is done outside of this call. */
714
715 return 0;
716}
717
5b6319dc
LP		 718#ifdef HAVE_PAM
719
720static int null_conv(
721 int num_msg,
722 const struct pam_message **msg,
723 struct pam_response **resp,
724 void *appdata_ptr) {
725
726 /* We don't support conversations */
727
728 return PAM_CONV_ERR;
729}
730
731static int setup_pam(
732 const char *name,
733 const char *user,
940c5210 734 uid_t uid,
5b6319dc
LP		 735 const char *tty,
736 char ***pam_env,
737 int fds[], unsigned n_fds) {
738
739 static const struct pam_conv conv = {
740 .conv = null_conv,
741 .appdata_ptr = NULL
742 };
743
744 pam_handle_t *handle = NULL;
745 sigset_t ss, old_ss;
746 int pam_code = PAM_SUCCESS;
9ba35398 747 int err;
5b6319dc
LP		 748 char **e = NULL;
749 bool close_session = false;
750 pid_t pam_pid = 0, parent_pid;
970edce6 751 int flags = 0;
5b6319dc
LP		 752
753 assert(name);
754 assert(user);
755 assert(pam_env);
756
757 /* We set up PAM in the parent process, then fork. The child
35b8ca3a 758 * will then stay around until killed via PR_GET_PDEATHSIG or
5b6319dc
LP		 759 * systemd via the cgroup logic. It will then remove the PAM
760 * session again. The parent process will exec() the actual
761 * daemon. We do things this way to ensure that the main PID
762 * of the daemon is the one we initially fork()ed. */
763
970edce6
ZJS		 764 if (log_get_max_level() < LOG_PRI(LOG_DEBUG))
765 flags |= PAM_SILENT;
766
f546241b
ZJS		 767 pam_code = pam_start(name, user, &conv, &handle);
768 if (pam_code != PAM_SUCCESS) {
5b6319dc
LP		 769 handle = NULL;
770 goto fail;
771 }
772
f546241b
ZJS		 773 if (tty) {
774 pam_code = pam_set_item(handle, PAM_TTY, tty);
775 if (pam_code != PAM_SUCCESS)
5b6319dc 776 goto fail;
f546241b 777 }
5b6319dc 778
970edce6 779 pam_code = pam_acct_mgmt(handle, flags);
f546241b 780 if (pam_code != PAM_SUCCESS)
5b6319dc
LP		 781 goto fail;
782
970edce6 783 pam_code = pam_open_session(handle, flags);
f546241b 784 if (pam_code != PAM_SUCCESS)
5b6319dc
LP		 785 goto fail;
786
787 close_session = true;
788
f546241b
ZJS		 789 e = pam_getenvlist(handle);
790 if (!e) {
5b6319dc
LP		 791 pam_code = PAM_BUF_ERR;
792 goto fail;
793 }
794
795 /* Block SIGTERM, so that we know that it won't get lost in
796 * the child */
797 if (sigemptyset(&ss) < 0 ||
798 sigaddset(&ss, SIGTERM) < 0 ||
799 sigprocmask(SIG_BLOCK, &ss, &old_ss) < 0)
800 goto fail;
801
802 parent_pid = getpid();
803
f546241b
ZJS		 804 pam_pid = fork();
805 if (pam_pid < 0)
5b6319dc
LP		 806 goto fail;
807
808 if (pam_pid == 0) {
809 int sig;
810 int r = EXIT_PAM;
811
812 /* The child's job is to reset the PAM session on
813 * termination */
814
815 /* This string must fit in 10 chars (i.e. the length
5d6b1584
LP		 816 * of "/sbin/init"), to look pretty in /bin/ps */
817 rename_process("(sd-pam)");
5b6319dc
LP		 818
819 /* Make sure we don't keep open the passed fds in this
820 child. We assume that otherwise only those fds are
821 open here that have been opened by PAM. */
822 close_many(fds, n_fds);
823
940c5210
AK		 824 /* Drop privileges - we don't need any to pam_close_session
825 * and this will make PR_SET_PDEATHSIG work in most cases.
826 * If this fails, ignore the error - but expect sd-pam threads
827 * to fail to exit normally */
828 if (setresuid(uid, uid, uid) < 0)
829 log_error("Error: Failed to setresuid() in sd-pam: %s", strerror(-r));
830
831 /* Wait until our parent died. This will only work if
832 * the above setresuid() succeeds, otherwise the kernel
833 * will not allow unprivileged parents kill their privileged
834 * children this way. We rely on the control groups kill logic
5b6319dc
LP		 835 * to do the rest for us. */
836 if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
837 goto child_finish;
838
839 /* Check if our parent process might already have
840 * died? */
841 if (getppid() == parent_pid) {
3dead8d9
LP		 842 for (;;) {
843 if (sigwait(&ss, &sig) < 0) {
844 if (errno == EINTR)
845 continue;
846
847 goto child_finish;
848 }
5b6319dc 849
3dead8d9
LP		 850 assert(sig == SIGTERM);
851 break;
852 }
5b6319dc
LP		 853 }
854
3dead8d9 855 /* If our parent died we'll end the session */
f546241b 856 if (getppid() != parent_pid) {
970edce6 857 pam_code = pam_close_session(handle, flags);
f546241b 858 if (pam_code != PAM_SUCCESS)
5b6319dc 859 goto child_finish;
f546241b 860 }
5b6319dc
LP		 861
862 r = 0;
863
864 child_finish:
970edce6 865 pam_end(handle, pam_code | flags);
5b6319dc
LP		 866 _exit(r);
867 }
868
869 /* If the child was forked off successfully it will do all the
870 * cleanups, so forget about the handle here. */
871 handle = NULL;
872
3b8bddde 873 /* Unblock SIGTERM again in the parent */
5b6319dc
LP		 874 if (sigprocmask(SIG_SETMASK, &old_ss, NULL) < 0)
875 goto fail;
876
877 /* We close the log explicitly here, since the PAM modules
878 * might have opened it, but we don't want this fd around. */
879 closelog();
880
aa87e624
LP		 881 *pam_env = e;
882 e = NULL;
883
5b6319dc
LP		 884 return 0;
885
886fail:
970edce6
ZJS		 887 if (pam_code != PAM_SUCCESS) {
888 log_error("PAM failed: %s", pam_strerror(handle, pam_code));
9ba35398 889 err = -EPERM; /* PAM errors do not map to errno */
970edce6
ZJS		 890 } else {
891 log_error("PAM failed: %m");
9ba35398 892 err = -errno;
970edce6 893 }
9ba35398 894
5b6319dc
LP		 895 if (handle) {
896 if (close_session)
970edce6 897 pam_code = pam_close_session(handle, flags);
5b6319dc 898
970edce6 899 pam_end(handle, pam_code | flags);
5b6319dc
LP		 900 }
901
902 strv_free(e);
903
904 closelog();
905
430c18ed 906 if (pam_pid > 1) {
5b6319dc 907 kill(pam_pid, SIGTERM);
430c18ed
LP		 908 kill(pam_pid, SIGCONT);
909 }
5b6319dc 910
9ba35398 911 return err;
5b6319dc
LP		 912}
913#endif
914
5d6b1584
LP		 915static void rename_process_from_path(const char *path) {
916 char process_name[11];
917 const char *p;
918 size_t l;
919
920 /* This resulting string must fit in 10 chars (i.e. the length
921 * of "/sbin/init") to look pretty in /bin/ps */
922
9eb977db 923 p = path_get_file_name(path);
5d6b1584
LP		 924 if (isempty(p)) {
925 rename_process("(...)");
926 return;
927 }
928
929 l = strlen(p);
930 if (l > 8) {
931 /* The end of the process name is usually more
932 * interesting, since the first bit might just be
933 * "systemd-" */
934 p = p + l - 8;
935 l = 8;
936 }
937
938 process_name[0] = '(';
939 memcpy(process_name+1, p, l);
940 process_name[1+l] = ')';
941 process_name[1+l+1] = 0;
942
943 rename_process(process_name);
944}
945
8351ceae
LP		 946static int apply_seccomp(uint32_t *syscall_filter) {
947 static const struct sock_filter header[] = {
948 VALIDATE_ARCHITECTURE,
949 EXAMINE_SYSCALL
950 };
951 static const struct sock_filter footer[] = {
952 _KILL_PROCESS
953 };
954
955 int i;
956 unsigned n;
957 struct sock_filter *f;
b92bea5d 958 struct sock_fprog prog = {};
8351ceae
LP		 959
960 assert(syscall_filter);
961
962 /* First: count the syscalls to check for */
963 for (i = 0, n = 0; i < syscall_max(); i++)
964 if (syscall_filter[i >> 4] & (1 << (i & 31)))
965 n++;
966
967 /* Second: build the filter program from a header the syscall
968 * matches and the footer */
969 f = alloca(sizeof(struct sock_filter) * (ELEMENTSOF(header) + 2*n + ELEMENTSOF(footer)));
970 memcpy(f, header, sizeof(header));
971
972 for (i = 0, n = 0; i < syscall_max(); i++)
973 if (syscall_filter[i >> 4] & (1 << (i & 31))) {
974 struct sock_filter item[] = {
843fc7f7 975 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, INDEX_TO_SYSCALL(i), 0, 1),
8351ceae
LP		 976 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
977 };
978
979 assert_cc(ELEMENTSOF(item) == 2);
980
981 f[ELEMENTSOF(header) + 2*n] = item[0];
982 f[ELEMENTSOF(header) + 2*n+1] = item[1];
983
984 n++;
985 }
986
987 memcpy(f + (ELEMENTSOF(header) + 2*n), footer, sizeof(footer));
988
989 /* Third: install the filter */
8351ceae
LP		 990 prog.len = ELEMENTSOF(header) + ELEMENTSOF(footer) + 2*n;
991 prog.filter = f;
992 if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog) < 0)
993 return -errno;
994
995 return 0;
996}
997
31a7eb86
ZJS		 998static void do_idle_pipe_dance(int idle_pipe[4]) {
999 assert(idle_pipe);
1000
1001 if (idle_pipe[1] >= 0)
1002 close_nointr_nofail(idle_pipe[1]);
1003 if (idle_pipe[2] >= 0)
1004 close_nointr_nofail(idle_pipe[2]);
1005
1006 if (idle_pipe[0] >= 0) {
1007 int r;
1008
1009 r = fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT_USEC);
1010
1011 if (idle_pipe[3] >= 0 && r == 0 /* timeout */) {
1012 /* Signal systemd that we are bored and want to continue. */
1013 write(idle_pipe[3], "x", 1);
1014
1015 /* Wait for systemd to react to the signal above. */
1016 fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT2_USEC);
1017 }
1018
1019 close_nointr_nofail(idle_pipe[0]);
1020
1021 }
1022
1023 if (idle_pipe[3] >= 0)
1024 close_nointr_nofail(idle_pipe[3]);
1025}
1026
9fb86720 1027int exec_spawn(ExecCommand *command,
9e2f7c11 1028 char **argv,
c17ec25e 1029 ExecContext *context,
c2748801 1030 int fds[], unsigned n_fds,
1137a57c 1031 char **environment,
81a2b7ce
LP		 1032 bool apply_permissions,
1033 bool apply_chroot,
1e3ad081 1034 bool apply_tty_stdin,
80876c20 1035 bool confirm_spawn,
13b84ec7 1036 CGroupControllerMask cgroup_supported,
4ad49000 1037 const char *cgroup_path,
62bca2c6 1038 const char *unit_id,
31a7eb86 1039 int idle_pipe[4],
81a2b7ce
LP		 1040 pid_t *ret) {
1041
4ad49000
LP		 1042 _cleanup_strv_free_ char **files_env = NULL;
1043 int socket_fd;
1044 char *line;
034c6ed7 1045 pid_t pid;
8e274523 1046 int r;
034c6ed7 1047
5cb5a6ff
LP		 1048 assert(command);
1049 assert(context);
1050 assert(ret);
034c6ed7
LP		 1051 assert(fds || n_fds <= 0);
1052
4f2d528d
LP		 1053 if (context->std_input == EXEC_INPUT_SOCKET ||
1054 context->std_output == EXEC_OUTPUT_SOCKET ||
1055 context->std_error == EXEC_OUTPUT_SOCKET) {
1056
1057 if (n_fds != 1)
1058 return -EINVAL;
1059
1060 socket_fd = fds[0];
1061
1062 fds = NULL;
1063 n_fds = 0;
1064 } else
1065 socket_fd = -1;
1066
b66871da
ZJS		 1067 r = exec_context_load_environment(context, &files_env);
1068 if (r < 0) {
bbc9006e
MT		 1069 log_struct_unit(LOG_ERR,
1070 unit_id,
23635a85
ZJS		 1071 "MESSAGE=Failed to load environment files: %s", strerror(-r),
1072 "ERRNO=%d", -r,
1073 NULL);
8c7be95e
LP		 1074 return r;
1075 }
1076
9e2f7c11
LP		 1077 if (!argv)
1078 argv = command->argv;
1079
af6da548 1080 line = exec_command_line(argv);
b66871da
ZJS		 1081 if (!line)
1082 return log_oom();
1a63a750 1083
bbc9006e 1084 log_struct_unit(LOG_DEBUG,
099a804b
LP		 1085 unit_id,
1086 "EXECUTABLE=%s", command->path,
1087 "MESSAGE=About to execute: %s", line,
1088 NULL);
1a63a750 1089 free(line);
acbb0225 1090
c17ec25e
MS		 1091 if (context->private_tmp && !context->tmp_dir && !context->var_tmp_dir) {
1092 r = setup_tmpdirs(&context->tmp_dir, &context->var_tmp_dir);
1093 if (r < 0)
1094 return r;
1095 }
1096
b66871da
ZJS		 1097 pid = fork();
1098 if (pid < 0)
1099 return -errno;
034c6ed7
LP		 1100
1101 if (pid == 0) {
4c2630eb 1102 int i, err;
309bff19 1103 sigset_t ss;
59fccd82 1104 const char *username = NULL, *home = NULL, *shell = NULL;
81a2b7ce
LP		 1105 uid_t uid = (uid_t) -1;
1106 gid_t gid = (gid_t) -1;
7fd1b19b 1107 _cleanup_strv_free_ char **our_env = NULL, **pam_env = NULL,
b66871da 1108 **final_env = NULL, **final_argv = NULL;
81a2b7ce 1109 unsigned n_env = 0;
309bff19 1110
034c6ed7 1111 /* child */
5cb5a6ff 1112
5d6b1584 1113 rename_process_from_path(command->path);
5b6319dc 1114
1b91d3e8
LP		 1115 /* We reset exactly these signals, since they are the
1116 * only ones we set to SIG_IGN in the main daemon. All
1117 * others we leave untouched because we set them to
1118 * SIG_DFL or a valid handler initially, both of which
1119 * will be demoted to SIG_DFL. */
1120 default_signals(SIGNALS_CRASH_HANDLER,
9a34ec5f 1121 SIGNALS_IGNORE, -1);
7b683879 1122
353e12c2
LP		 1123 if (context->ignore_sigpipe)
1124 ignore_signals(SIGPIPE, -1);
1125
1126 assert_se(sigemptyset(&ss) == 0);
1127 if (sigprocmask(SIG_SETMASK, &ss, NULL) < 0) {
4c2630eb 1128 err = -errno;
309bff19 1129 r = EXIT_SIGNAL_MASK;
8c7be95e 1130 goto fail_child;
309bff19
LP		 1131 }
1132
31a7eb86
ZJS		 1133 if (idle_pipe)
1134 do_idle_pipe_dance(idle_pipe);
f2b68789 1135
85d73053
LP		 1136 /* Close sockets very early to make sure we don't
1137 * block init reexecution because it cannot bind its
1138 * sockets */
4d8a7798 1139 log_forget_fds();
4c2630eb
MS		 1140 err = close_all_fds(socket_fd >= 0 ? &socket_fd : fds,
1141 socket_fd >= 0 ? 1 : n_fds);
1142 if (err < 0) {
fc9b2a84 1143 r = EXIT_FDS;
8c7be95e 1144 goto fail_child;
fc9b2a84
LP		 1145 }
1146
74922904 1147 if (!context->same_pgrp)
8d567588 1148 if (setsid() < 0) {
4c2630eb 1149 err = -errno;
8d567588 1150 r = EXIT_SETSID;
8c7be95e 1151 goto fail_child;
8d567588 1152 }
80876c20 1153
c5da34ef
LP		 1154 if (context->tcpwrap_name) {
1155 if (socket_fd >= 0)
1156 if (!socket_tcpwrap(socket_fd, context->tcpwrap_name)) {
4c2630eb 1157 err = -EACCES;
c5da34ef 1158 r = EXIT_TCPWRAP;
8c7be95e 1159 goto fail_child;
c5da34ef
LP		 1160 }
1161
1162 for (i = 0; i < (int) n_fds; i++) {
1163 if (!socket_tcpwrap(fds[i], context->tcpwrap_name)) {
4c2630eb 1164 err = -EACCES;
c5da34ef 1165 r = EXIT_TCPWRAP;
8c7be95e 1166 goto fail_child;
c5da34ef 1167 }
df1f0afe 1168 }
c5da34ef 1169 }
df1f0afe 1170
6ea832a2
LP		 1171 exec_context_tty_reset(context);
1172
af6da548 1173 if (confirm_spawn) {
80876c20
LP		 1174 char response;
1175
af6da548
LP		 1176 err = ask_for_confirmation(&response, argv);
1177 if (err == -ETIMEDOUT)
1178 write_confirm_message("Confirmation question timed out, assuming positive response.\n");
1179 else if (err < 0)
1180 write_confirm_message("Couldn't ask confirmation question, assuming positive response: %s\n", strerror(-err));
1181 else if (response == 's') {
1182 write_confirm_message("Skipping execution.\n");
4c2630eb 1183 err = -ECANCELED;
80876c20 1184 r = EXIT_CONFIRM;
8c7be95e 1185 goto fail_child;
af6da548
LP		 1186 } else if (response == 'n') {
1187 write_confirm_message("Failing execution.\n");
4c2630eb 1188 err = r = 0;
8c7be95e 1189 goto fail_child;
ee2b4894 1190 }
034c6ed7
LP		 1191 }
1192
da726a4d
LP		 1193 /* If a socket is connected to STDIN/STDOUT/STDERR, we
1194 * must sure to drop O_NONBLOCK */
1195 if (socket_fd >= 0)
1196 fd_nonblock(socket_fd, false);
1197
af6da548
LP		 1198 err = setup_input(context, socket_fd, apply_tty_stdin);
1199 if (err < 0) {
1200 r = EXIT_STDIN;
1201 goto fail_child;
4c2630eb 1202 }
9eba9da4 1203
eb17e935 1204 err = setup_output(context, STDOUT_FILENO, socket_fd, path_get_file_name(command->path), unit_id, apply_tty_stdin);
af6da548
LP		 1205 if (err < 0) {
1206 r = EXIT_STDOUT;
1207 goto fail_child;
4c2630eb 1208 }
94f04347 1209
eb17e935 1210 err = setup_output(context, STDERR_FILENO, socket_fd, path_get_file_name(command->path), unit_id, apply_tty_stdin);
4c2630eb 1211 if (err < 0) {
80876c20 1212 r = EXIT_STDERR;
8c7be95e 1213 goto fail_child;
071830ff
LP		 1214 }
1215
4ad49000 1216 if (cgroup_path) {
13b84ec7 1217 err = cg_attach_everywhere(cgroup_supported, cgroup_path, 0);
4c2630eb 1218 if (err < 0) {
8e274523 1219 r = EXIT_CGROUP;
8c7be95e 1220 goto fail_child;
8e274523 1221 }
4c2630eb 1222 }
8e274523 1223
dd6c17b1 1224 if (context->oom_score_adjust_set) {
fb33a393 1225 char t[16];
034c6ed7 1226
dd6c17b1 1227 snprintf(t, sizeof(t), "%i", context->oom_score_adjust);
fb33a393 1228 char_array_0(t);
034c6ed7 1229
574d5f2d 1230 if (write_string_file("/proc/self/oom_score_adj", t) < 0) {
8600c525
KS		 1231 err = -errno;
1232 r = EXIT_OOM_ADJUST;
1233 goto fail_child;
fb33a393 1234 }
034c6ed7
LP		 1235 }
1236
fb33a393
LP		 1237 if (context->nice_set)
1238 if (setpriority(PRIO_PROCESS, 0, context->nice) < 0) {
4c2630eb 1239 err = -errno;
fb33a393 1240 r = EXIT_NICE;
8c7be95e 1241 goto fail_child;
fb33a393
LP		 1242 }
1243
94f04347 1244 if (context->cpu_sched_set) {
b92bea5d
ZJS		 1245 struct sched_param param = {
1246 .sched_priority = context->cpu_sched_priority,
1247 };
94f04347 1248
e62d8c39
ZJS		 1249 r = sched_setscheduler(0,
1250 context->cpu_sched_policy |
1251 (context->cpu_sched_reset_on_fork ?
1252 SCHED_RESET_ON_FORK : 0),
1253 &param);
1254 if (r < 0) {
4c2630eb 1255 err = -errno;
94f04347 1256 r = EXIT_SETSCHEDULER;
8c7be95e 1257 goto fail_child;
94f04347
LP		 1258 }
1259 }
1260
82c121a4
LP		 1261 if (context->cpuset)
1262 if (sched_setaffinity(0, CPU_ALLOC_SIZE(context->cpuset_ncpus), context->cpuset) < 0) {
4c2630eb 1263 err = -errno;
94f04347 1264 r = EXIT_CPUAFFINITY;
8c7be95e 1265 goto fail_child;
94f04347
LP		 1266 }
1267
9eba9da4
LP		 1268 if (context->ioprio_set)
1269 if (ioprio_set(IOPRIO_WHO_PROCESS, 0, context->ioprio) < 0) {
4c2630eb 1270 err = -errno;
9eba9da4 1271 r = EXIT_IOPRIO;
8c7be95e 1272 goto fail_child;
9eba9da4
LP		 1273 }
1274
d88a251b 1275 if (context->timer_slack_nsec != (nsec_t) -1)
03fae018 1276 if (prctl(PR_SET_TIMERSLACK, context->timer_slack_nsec) < 0) {
4c2630eb 1277 err = -errno;
94f04347 1278 r = EXIT_TIMERSLACK;
8c7be95e 1279 goto fail_child;
94f04347
LP		 1280 }
1281
169c1bda 1282 if (context->utmp_id)
0ad26e09 1283 utmp_put_init_process(context->utmp_id, getpid(), getsid(0), context->tty_path);
169c1bda 1284
81a2b7ce
LP		 1285 if (context->user) {
1286 username = context->user;
59fccd82 1287 err = get_user_creds(&username, &uid, &gid, &home, &shell);
4c2630eb 1288 if (err < 0) {
81a2b7ce 1289 r = EXIT_USER;
8c7be95e 1290 goto fail_child;
81a2b7ce 1291 }
d8b4e2e9 1292
4c2630eb
MS		 1293 if (is_terminal_input(context->std_input)) {
1294 err = chown_terminal(STDIN_FILENO, uid);
1295 if (err < 0) {
d8b4e2e9 1296 r = EXIT_STDIN;
8c7be95e 1297 goto fail_child;
d8b4e2e9 1298 }
4c2630eb 1299 }
81a2b7ce
LP		 1300 }
1301
8aa75193
LP		 1302#ifdef HAVE_PAM
1303 if (cgroup_path && context->user && context->pam_name) {
1304 err = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0644, uid, gid);
1305 if (err < 0) {
1306 r = EXIT_CGROUP;
1307 goto fail_child;
1308 }
1309
1310
1311 err = cg_set_group_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0755, uid, gid);
1312 if (err < 0) {
1313 r = EXIT_CGROUP;
1314 goto fail_child;
1315 }
1316 }
1317#endif
1318
4c2630eb
MS		 1319 if (apply_permissions) {
1320 err = enforce_groups(context, username, gid);
1321 if (err < 0) {
3b8bddde
LP		 1322 r = EXIT_GROUP;
1323 goto fail_child;
1324 }
4c2630eb 1325 }
3b8bddde
LP		 1326
1327 umask(context->umask);
1328
5b6319dc 1329#ifdef HAVE_PAM
b7848021 1330 if (apply_permissions && context->pam_name && username) {
940c5210 1331 err = setup_pam(context->pam_name, username, uid, context->tty_path, &pam_env, fds, n_fds);
4c2630eb 1332 if (err < 0) {
5b6319dc 1333 r = EXIT_PAM;
8c7be95e 1334 goto fail_child;
5b6319dc
LP		 1335 }
1336 }
1337#endif
ff01d048
LP		 1338 if (context->private_network) {
1339 if (unshare(CLONE_NEWNET) < 0) {
4c2630eb 1340 err = -errno;
ff01d048
LP		 1341 r = EXIT_NETWORK;
1342 goto fail_child;
1343 }
1344
1345 loopback_setup();
1346 }
5b6319dc 1347
04aa0cb9
LP		 1348 if (strv_length(context->read_write_dirs) > 0 ||
1349 strv_length(context->read_only_dirs) > 0 ||
1350 strv_length(context->inaccessible_dirs) > 0 ||
ac0930c8 1351 context->mount_flags != 0 ||
4c2630eb
MS		 1352 context->private_tmp) {
1353 err = setup_namespace(context->read_write_dirs,
1354 context->read_only_dirs,
1355 context->inaccessible_dirs,
c17ec25e
MS		 1356 context->tmp_dir,
1357 context->var_tmp_dir,
4c2630eb
MS		 1358 context->private_tmp,
1359 context->mount_flags);
1360 if (err < 0) {
1361 r = EXIT_NAMESPACE;
8c7be95e 1362 goto fail_child;
4c2630eb
MS		 1363 }
1364 }
04aa0cb9 1365
81a2b7ce
LP		 1366 if (apply_chroot) {
1367 if (context->root_directory)
1368 if (chroot(context->root_directory) < 0) {
4c2630eb 1369 err = -errno;
81a2b7ce 1370 r = EXIT_CHROOT;
8c7be95e 1371 goto fail_child;
81a2b7ce
LP		 1372 }
1373
1374 if (chdir(context->working_directory ? context->working_directory : "/") < 0) {
4c2630eb 1375 err = -errno;
81a2b7ce 1376 r = EXIT_CHDIR;
8c7be95e 1377 goto fail_child;
81a2b7ce
LP		 1378 }
1379 } else {
7fd1b19b 1380 _cleanup_free_ char *d = NULL;
81a2b7ce
LP		 1381
1382 if (asprintf(&d, "%s/%s",
1383 context->root_directory ? context->root_directory : "",
1384 context->working_directory ? context->working_directory : "") < 0) {
4c2630eb 1385 err = -ENOMEM;
81a2b7ce 1386 r = EXIT_MEMORY;
8c7be95e 1387 goto fail_child;
81a2b7ce
LP		 1388 }
1389
1390 if (chdir(d) < 0) {
4c2630eb 1391 err = -errno;
81a2b7ce 1392 r = EXIT_CHDIR;
8c7be95e 1393 goto fail_child;
81a2b7ce 1394 }
81a2b7ce
LP		 1395 }
1396
fc9b2a84
LP		 1397 /* We repeat the fd closing here, to make sure that
1398 * nothing is leaked from the PAM modules */
4c2630eb
MS		 1399 err = close_all_fds(fds, n_fds);
1400 if (err >= 0)
1401 err = shift_fds(fds, n_fds);
1402 if (err >= 0)
1403 err = flags_fds(fds, n_fds, context->non_blocking);
1404 if (err < 0) {
034c6ed7 1405 r = EXIT_FDS;
8c7be95e 1406 goto fail_child;
034c6ed7
LP		 1407 }
1408
81a2b7ce 1409 if (apply_permissions) {
034c6ed7 1410
81a2b7ce
LP		 1411 for (i = 0; i < RLIMIT_NLIMITS; i++) {
1412 if (!context->rlimit[i])
1413 continue;
1414
68faf98c 1415 if (setrlimit_closest(i, context->rlimit[i]) < 0) {
4c2630eb 1416 err = -errno;
81a2b7ce 1417 r = EXIT_LIMITS;
8c7be95e 1418 goto fail_child;
81a2b7ce 1419 }
034c6ed7 1420 }
034c6ed7 1421
4c2630eb 1422 if (context->capability_bounding_set_drop) {
ec8927ca 1423 err = capability_bounding_set_drop(context->capability_bounding_set_drop, false);
4c2630eb 1424 if (err < 0) {
73090dc8
LP		 1425 r = EXIT_CAPABILITIES;
1426 goto fail_child;
1427 }
4c2630eb 1428 }
260abb78 1429
4c2630eb
MS		 1430 if (context->user) {
1431 err = enforce_user(context, uid);
1432 if (err < 0) {
81a2b7ce 1433 r = EXIT_USER;
8c7be95e 1434 goto fail_child;
81a2b7ce 1435 }
4c2630eb 1436 }
81a2b7ce 1437
35b8ca3a 1438 /* PR_GET_SECUREBITS is not privileged, while
693ced48
LP		 1439 * PR_SET_SECUREBITS is. So to suppress
1440 * potential EPERMs we'll try not to call
1441 * PR_SET_SECUREBITS unless necessary. */
1442 if (prctl(PR_GET_SECUREBITS) != context->secure_bits)
1443 if (prctl(PR_SET_SECUREBITS, context->secure_bits) < 0) {
4c2630eb 1444 err = -errno;
693ced48 1445 r = EXIT_SECUREBITS;
8c7be95e 1446 goto fail_child;
693ced48 1447 }
81a2b7ce
LP		 1448
1449 if (context->capabilities)
1450 if (cap_set_proc(context->capabilities) < 0) {
4c2630eb 1451 err = -errno;
81a2b7ce 1452 r = EXIT_CAPABILITIES;
8c7be95e 1453 goto fail_child;
81a2b7ce 1454 }
8351ceae
LP		 1455
1456 if (context->no_new_privileges)
1457 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
1458 err = -errno;
1459 r = EXIT_NO_NEW_PRIVILEGES;
1460 goto fail_child;
1461 }
1462
1463 if (context->syscall_filter) {
1464 err = apply_seccomp(context->syscall_filter);
1465 if (err < 0) {
1466 r = EXIT_SECCOMP;
1467 goto fail_child;
1468 }
1469 }
94f04347
LP		 1470 }
1471
59fccd82
ZJS		 1472 our_env = new(char*, 8);
1473 if (!our_env ||
1474 (n_fds > 0 && (
1475 asprintf(our_env + n_env++, "LISTEN_PID=%lu", (unsigned long) getpid()) < 0 ||
1476 asprintf(our_env + n_env++, "LISTEN_FDS=%u", n_fds) < 0)) ||
1477 (home && asprintf(our_env + n_env++, "HOME=%s", home) < 0) ||
1478 (username && (
1479 asprintf(our_env + n_env++, "LOGNAME=%s", username) < 0 ||
1480 asprintf(our_env + n_env++, "USER=%s", username) < 0)) ||
1481 (shell && asprintf(our_env + n_env++, "SHELL=%s", shell) < 0) ||
1482 ((is_terminal_input(context->std_input) ||
1483 context->std_output == EXEC_OUTPUT_TTY ||
1484 context->std_error == EXEC_OUTPUT_TTY) && (
1485 !(our_env[n_env++] = strdup(default_term_for_tty(tty_path(context))))))) {
1486
4c2630eb 1487 err = -ENOMEM;
81a2b7ce 1488 r = EXIT_MEMORY;
8c7be95e 1489 goto fail_child;
81a2b7ce 1490 }
034c6ed7 1491
59fccd82
ZJS		 1492 our_env[n_env++] = NULL;
1493 assert(n_env <= 8);
4e85aff4 1494
e62d8c39
ZJS		 1495 final_env = strv_env_merge(5,
1496 environment,
1497 our_env,
1498 context->environment,
1499 files_env,
1500 pam_env,
1501 NULL);
1502 if (!final_env) {
4c2630eb 1503 err = -ENOMEM;
81a2b7ce 1504 r = EXIT_MEMORY;
8c7be95e 1505 goto fail_child;
81a2b7ce 1506 }
034c6ed7 1507
e62d8c39
ZJS		 1508 final_argv = replace_env_argv(argv, final_env);
1509 if (!final_argv) {
4c2630eb 1510 err = -ENOMEM;
fab56fc5 1511 r = EXIT_MEMORY;
8c7be95e 1512 goto fail_child;
fab56fc5
LP		 1513 }
1514
a6ff950e
LP		 1515 final_env = strv_env_clean(final_env);
1516
03bb799e
HH		 1517 if (_unlikely_(log_get_max_level() >= LOG_PRI(LOG_DEBUG))) {
1518 line = exec_command_line(final_argv);
1519 if (line) {
1520 log_open();
1521 log_struct_unit(LOG_DEBUG,
1522 unit_id,
1523 "EXECUTABLE=%s", command->path,
099a804b
LP		 1524 "MESSAGE=Executing: %s", line,
1525 NULL);
03bb799e
HH		 1526 log_close();
1527 free(line);
1528 line = NULL;
1529 }
1530 }
fab56fc5 1531 execve(command->path, final_argv, final_env);
4c2630eb 1532 err = -errno;
034c6ed7
LP		 1533 r = EXIT_EXEC;
1534
8c7be95e 1535 fail_child:
4c2630eb
MS		 1536 if (r != 0) {
1537 log_open();
23635a85
ZJS		 1538 log_struct(LOG_ERR, MESSAGE_ID(SD_MESSAGE_SPAWN_FAILED),
1539 "EXECUTABLE=%s", command->path,
1540 "MESSAGE=Failed at step %s spawning %s: %s",
1541 exit_status_to_string(r, EXIT_STATUS_SYSTEMD),
1542 command->path, strerror(-err),
1543 "ERRNO=%d", -err,
1544 NULL);
1545 log_close();
4c2630eb
MS		 1546 }
1547
034c6ed7
LP		 1548 _exit(r);
1549 }
1550
bbc9006e 1551 log_struct_unit(LOG_DEBUG,
e62d8c39
ZJS		 1552 unit_id,
1553 "MESSAGE=Forked %s as %lu",
1554 command->path, (unsigned long) pid,
1555 NULL);
23635a85 1556
80876c20
LP		 1557 /* We add the new process to the cgroup both in the child (so
1558 * that we can be sure that no user code is ever executed
1559 * outside of the cgroup) and in the parent (so that we can be
1560 * sure that when we kill the cgroup the process will be
1561 * killed too). */
4ad49000
LP		 1562 if (cgroup_path)
1563 cg_attach(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, pid);
2da3263a 1564
b58b4116 1565 exec_status_start(&command->exec_status, pid);
9fb86720 1566
034c6ed7 1567 *ret = pid;
5cb5a6ff
LP		 1568 return 0;
1569}
1570
034c6ed7
LP		 1571void exec_context_init(ExecContext *c) {
1572 assert(c);
1573
4c12626c 1574 c->umask = 0022;
9eba9da4 1575 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
94f04347 1576 c->cpu_sched_policy = SCHED_OTHER;
071830ff 1577 c->syslog_priority = LOG_DAEMON|LOG_INFO;
74922904 1578 c->syslog_level_prefix = true;
353e12c2 1579 c->ignore_sigpipe = true;
d88a251b 1580 c->timer_slack_nsec = (nsec_t) -1;
034c6ed7
LP		 1581}
1582
f485606b
ZJS		 1583static void *remove_tmpdir_thread(void *p) {
1584 int r;
1585 _cleanup_free_ char *dirp = p;
1586 char *dir;
1587
1588 assert(dirp);
1589
1590 r = rm_rf_dangerous(dirp, false, true, false);
1591 dir = dirname(dirp);
1592 if (r < 0)
1593 log_warning("Failed to remove content of temporary directory %s: %s",
1594 dir, strerror(-r));
1595 else {
1596 r = rmdir(dir);
1597 if (r < 0)
1598 log_warning("Failed to remove temporary directory %s: %s",
1599 dir, strerror(-r));
1600 }
1601
1602 return NULL;
1603}
1604
c17ec25e 1605void exec_context_tmp_dirs_done(ExecContext *c) {
d34cd374
ZJS		 1606 char* dirs[] = {c->tmp_dir ? c->tmp_dir : c->var_tmp_dir,
1607 c->tmp_dir ? c->var_tmp_dir : NULL,
1608 NULL};
1609 char **dirp;
c17ec25e 1610
d34cd374 1611 for(dirp = dirs; *dirp; dirp++) {
f485606b
ZJS		 1612 log_debug("Spawning thread to nuke %s", *dirp);
1613 asynchronous_job(remove_tmpdir_thread, *dirp);
c17ec25e 1614 }
d34cd374
ZJS		 1615
1616 c->tmp_dir = c->var_tmp_dir = NULL;
c17ec25e
MS		 1617}
1618
1619void exec_context_done(ExecContext *c, bool reloading_or_reexecuting) {
5cb5a6ff
LP		 1620 unsigned l;
1621
1622 assert(c);
1623
1624 strv_free(c->environment);
034c6ed7 1625 c->environment = NULL;
5cb5a6ff 1626
8c7be95e
LP		 1627 strv_free(c->environment_files);
1628 c->environment_files = NULL;
1629
034c6ed7 1630 for (l = 0; l < ELEMENTSOF(c->rlimit); l++) {
5cb5a6ff 1631 free(c->rlimit[l]);
034c6ed7
LP		 1632 c->rlimit[l] = NULL;
1633 }
1634
9eba9da4
LP		 1635 free(c->working_directory);
1636 c->working_directory = NULL;
1637 free(c->root_directory);
1638 c->root_directory = NULL;
5cb5a6ff 1639
80876c20
LP		 1640 free(c->tty_path);
1641 c->tty_path = NULL;
1642
df1f0afe
LP		 1643 free(c->tcpwrap_name);
1644 c->tcpwrap_name = NULL;
1645
071830ff
LP		 1646 free(c->syslog_identifier);
1647 c->syslog_identifier = NULL;
1648
5cb5a6ff 1649 free(c->user);
034c6ed7
LP		 1650 c->user = NULL;
1651
5cb5a6ff 1652 free(c->group);
034c6ed7
LP		 1653 c->group = NULL;
1654
1655 strv_free(c->supplementary_groups);
1656 c->supplementary_groups = NULL;
94f04347 1657
5b6319dc
LP		 1658 free(c->pam_name);
1659 c->pam_name = NULL;
1660
94f04347
LP		 1661 if (c->capabilities) {
1662 cap_free(c->capabilities);
1663 c->capabilities = NULL;
1664 }
15ae422b
LP		 1665
1666 strv_free(c->read_only_dirs);
1667 c->read_only_dirs = NULL;
1668
1669 strv_free(c->read_write_dirs);
1670 c->read_write_dirs = NULL;
1671
1672 strv_free(c->inaccessible_dirs);
1673 c->inaccessible_dirs = NULL;
82c121a4
LP		 1674
1675 if (c->cpuset)
1676 CPU_FREE(c->cpuset);
86a3475b
LP		 1677
1678 free(c->utmp_id);
1679 c->utmp_id = NULL;
b9a0e010
LP		 1680
1681 free(c->syscall_filter);
1682 c->syscall_filter = NULL;
c17ec25e
MS		 1683
1684 if (!reloading_or_reexecuting)
1685 exec_context_tmp_dirs_done(c);
5cb5a6ff
LP		 1686}
1687
43d0fcbd
LP		 1688void exec_command_done(ExecCommand *c) {
1689 assert(c);
1690
1691 free(c->path);
1692 c->path = NULL;
1693
1694 strv_free(c->argv);
1695 c->argv = NULL;
1696}
1697
1698void exec_command_done_array(ExecCommand *c, unsigned n) {
1699 unsigned i;
1700
1701 for (i = 0; i < n; i++)
1702 exec_command_done(c+i);
1703}
1704
5cb5a6ff
LP		 1705void exec_command_free_list(ExecCommand *c) {
1706 ExecCommand *i;
1707
1708 while ((i = c)) {
71fda00f 1709 LIST_REMOVE(command, c, i);
43d0fcbd 1710 exec_command_done(i);
5cb5a6ff
LP		 1711 free(i);
1712 }
1713}
1714
034c6ed7
LP		 1715void exec_command_free_array(ExecCommand **c, unsigned n) {
1716 unsigned i;
1717
1718 for (i = 0; i < n; i++) {
1719 exec_command_free_list(c[i]);
1720 c[i] = NULL;
1721 }
1722}
1723
8c7be95e
LP		 1724int exec_context_load_environment(const ExecContext *c, char ***l) {
1725 char **i, **r = NULL;
1726
1727 assert(c);
1728 assert(l);
1729
1730 STRV_FOREACH(i, c->environment_files) {
1731 char *fn;
1732 int k;
1733 bool ignore = false;
1734 char **p;
7fd1b19b 1735 _cleanup_globfree_ glob_t pglob = {};
2bef10ab 1736 int count, n;
8c7be95e
LP		 1737
1738 fn = *i;
1739
1740 if (fn[0] == '-') {
1741 ignore = true;
1742 fn ++;
1743 }
1744
1745 if (!path_is_absolute(fn)) {
8c7be95e
LP		 1746 if (ignore)
1747 continue;
1748
1749 strv_free(r);
1750 return -EINVAL;
1751 }
1752
2bef10ab 1753 /* Filename supports globbing, take all matching files */
2bef10ab
PL		 1754 errno = 0;
1755 if (glob(fn, 0, NULL, &pglob) != 0) {
2bef10ab
PL		 1756 if (ignore)
1757 continue;
8c7be95e 1758
2bef10ab
PL		 1759 strv_free(r);
1760 return errno ? -errno : -EINVAL;
1761 }
1762 count = pglob.gl_pathc;
1763 if (count == 0) {
8c7be95e
LP		 1764 if (ignore)
1765 continue;
1766
1767 strv_free(r);
2bef10ab 1768 return -EINVAL;
8c7be95e 1769 }
2bef10ab 1770 for (n = 0; n < count; n++) {
f73141d7 1771 k = load_env_file(pglob.gl_pathv[n], NULL, &p);
2bef10ab
PL		 1772 if (k < 0) {
1773 if (ignore)
1774 continue;
8c7be95e 1775
2bef10ab 1776 strv_free(r);
2bef10ab 1777 return k;
e9c1ea9d 1778 }
ebc05a09 1779 /* Log invalid environment variables with filename */
e9c1ea9d
JSJ		 1780 if (p)
1781 p = strv_env_clean_log(p, pglob.gl_pathv[n]);
8c7be95e 1782
2bef10ab
PL		 1783 if (r == NULL)
1784 r = p;
1785 else {
1786 char **m;
8c7be95e 1787
2bef10ab
PL		 1788 m = strv_env_merge(2, r, p);
1789 strv_free(r);
1790 strv_free(p);
c84a9488 1791 if (!m)
2bef10ab 1792 return -ENOMEM;
2bef10ab
PL		 1793
1794 r = m;
1795 }
8c7be95e
LP		 1796 }
1797 }
1798
1799 *l = r;
1800
1801 return 0;
1802}
1803
6ac8fdc9
MS		 1804static bool tty_may_match_dev_console(const char *tty) {
1805 char *active = NULL, *console;
1806 bool b;
1807
1808 if (startswith(tty, "/dev/"))
1809 tty += 5;
1810
1811 /* trivial identity? */
1812 if (streq(tty, "console"))
1813 return true;
1814
1815 console = resolve_dev_console(&active);
1816 /* if we could not resolve, assume it may */
1817 if (!console)
1818 return true;
1819
1820 /* "tty0" means the active VC, so it may be the same sometimes */
1821 b = streq(console, tty) || (streq(console, "tty0") && tty_is_vc(tty));
1822 free(active);
1823
1824 return b;
1825}
1826
1827bool exec_context_may_touch_console(ExecContext *ec) {
1828 return (ec->tty_reset || ec->tty_vhangup || ec->tty_vt_disallocate ||
1829 is_terminal_input(ec->std_input) ||
1830 is_terminal_output(ec->std_output) ||
1831 is_terminal_output(ec->std_error)) &&
1832 tty_may_match_dev_console(tty_path(ec));
1833}
1834
15ae422b
LP		 1835static void strv_fprintf(FILE *f, char **l) {
1836 char **g;
1837
1838 assert(f);
1839
1840 STRV_FOREACH(g, l)
1841 fprintf(f, " %s", *g);
1842}
1843
5cb5a6ff 1844void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
507f22bd 1845 char **e;
94f04347 1846 unsigned i;
9eba9da4 1847
5cb5a6ff
LP		 1848 assert(c);
1849 assert(f);
1850
4ad49000 1851 prefix = strempty(prefix);
5cb5a6ff
LP		 1852
1853 fprintf(f,
94f04347
LP		 1854 "%sUMask: %04o\n"
1855 "%sWorkingDirectory: %s\n"
451a074f 1856 "%sRootDirectory: %s\n"
15ae422b 1857 "%sNonBlocking: %s\n"
64747e2d 1858 "%sPrivateTmp: %s\n"
4819ff03
LP		 1859 "%sPrivateNetwork: %s\n"
1860 "%sIgnoreSIGPIPE: %s\n",
5cb5a6ff 1861 prefix, c->umask,
9eba9da4 1862 prefix, c->working_directory ? c->working_directory : "/",
451a074f 1863 prefix, c->root_directory ? c->root_directory : "/",
15ae422b 1864 prefix, yes_no(c->non_blocking),
64747e2d 1865 prefix, yes_no(c->private_tmp),
4819ff03
LP		 1866 prefix, yes_no(c->private_network),
1867 prefix, yes_no(c->ignore_sigpipe));
fb33a393 1868
8c7be95e
LP		 1869 STRV_FOREACH(e, c->environment)
1870 fprintf(f, "%sEnvironment: %s\n", prefix, *e);
1871
1872 STRV_FOREACH(e, c->environment_files)
1873 fprintf(f, "%sEnvironmentFile: %s\n", prefix, *e);
94f04347 1874
df1f0afe
LP		 1875 if (c->tcpwrap_name)
1876 fprintf(f,
1877 "%sTCPWrapName: %s\n",
1878 prefix, c->tcpwrap_name);
1879
fb33a393
LP		 1880 if (c->nice_set)
1881 fprintf(f,
1882 "%sNice: %i\n",
1883 prefix, c->nice);
1884
dd6c17b1 1885 if (c->oom_score_adjust_set)
fb33a393 1886 fprintf(f,
dd6c17b1
LP		 1887 "%sOOMScoreAdjust: %i\n",
1888 prefix, c->oom_score_adjust);
9eba9da4 1889
94f04347
LP		 1890 for (i = 0; i < RLIM_NLIMITS; i++)
1891 if (c->rlimit[i])
ea430986 1892 fprintf(f, "%s%s: %llu\n", prefix, rlimit_to_string(i), (unsigned long long) c->rlimit[i]->rlim_max);
94f04347 1893
f8b69d1d
MS		 1894 if (c->ioprio_set) {
1895 char *class_str;
1896 int r;
1897
1898 r = ioprio_class_to_string_alloc(IOPRIO_PRIO_CLASS(c->ioprio), &class_str);
1899 if (r < 0)
1900 class_str = NULL;
9eba9da4
LP		 1901 fprintf(f,
1902 "%sIOSchedulingClass: %s\n"
1903 "%sIOPriority: %i\n",
f8b69d1d 1904 prefix, strna(class_str),
9eba9da4 1905 prefix, (int) IOPRIO_PRIO_DATA(c->ioprio));
f8b69d1d
MS		 1906 free(class_str);
1907 }
94f04347 1908
f8b69d1d
MS		 1909 if (c->cpu_sched_set) {
1910 char *policy_str;
1911 int r;
1912
1913 r = sched_policy_to_string_alloc(c->cpu_sched_policy, &policy_str);
1914 if (r < 0)
1915 policy_str = NULL;
94f04347
LP		 1916 fprintf(f,
1917 "%sCPUSchedulingPolicy: %s\n"
38b48754
LP		 1918 "%sCPUSchedulingPriority: %i\n"
1919 "%sCPUSchedulingResetOnFork: %s\n",
f8b69d1d 1920 prefix, strna(policy_str),
38b48754
LP		 1921 prefix, c->cpu_sched_priority,
1922 prefix, yes_no(c->cpu_sched_reset_on_fork));
f8b69d1d 1923 free(policy_str);
b929bf04 1924 }
94f04347 1925
82c121a4 1926 if (c->cpuset) {
94f04347 1927 fprintf(f, "%sCPUAffinity:", prefix);
82c121a4
LP		 1928 for (i = 0; i < c->cpuset_ncpus; i++)
1929 if (CPU_ISSET_S(i, CPU_ALLOC_SIZE(c->cpuset_ncpus), c->cpuset))
94f04347
LP		 1930 fprintf(f, " %i", i);
1931 fputs("\n", f);
1932 }
1933
d88a251b 1934 if (c->timer_slack_nsec != (nsec_t) -1)
f96096db 1935 fprintf(f, "%sTimerSlackNSec: %lu\n", prefix, (unsigned long)c->timer_slack_nsec);
94f04347
LP		 1936
1937 fprintf(f,
80876c20
LP		 1938 "%sStandardInput: %s\n"
1939 "%sStandardOutput: %s\n"
1940 "%sStandardError: %s\n",
1941 prefix, exec_input_to_string(c->std_input),
1942 prefix, exec_output_to_string(c->std_output),
1943 prefix, exec_output_to_string(c->std_error));
1944
1945 if (c->tty_path)
1946 fprintf(f,
6ea832a2
LP		 1947 "%sTTYPath: %s\n"
1948 "%sTTYReset: %s\n"
1949 "%sTTYVHangup: %s\n"
1950 "%sTTYVTDisallocate: %s\n",
1951 prefix, c->tty_path,
1952 prefix, yes_no(c->tty_reset),
1953 prefix, yes_no(c->tty_vhangup),
1954 prefix, yes_no(c->tty_vt_disallocate));
94f04347 1955
706343f4
LP		 1956 if (c->std_output == EXEC_OUTPUT_SYSLOG || c->std_output == EXEC_OUTPUT_KMSG || c->std_output == EXEC_OUTPUT_JOURNAL ||
1957 c->std_output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE || c->std_output == EXEC_OUTPUT_KMSG_AND_CONSOLE || c->std_output == EXEC_OUTPUT_JOURNAL_AND_CONSOLE ||
1958 c->std_error == EXEC_OUTPUT_SYSLOG || c->std_error == EXEC_OUTPUT_KMSG || c->std_error == EXEC_OUTPUT_JOURNAL ||
f8b69d1d
MS		 1959 c->std_error == EXEC_OUTPUT_SYSLOG_AND_CONSOLE || c->std_error == EXEC_OUTPUT_KMSG_AND_CONSOLE || c->std_error == EXEC_OUTPUT_JOURNAL_AND_CONSOLE) {
1960 char *fac_str, *lvl_str;
1961 int r;
1962
1963 r = log_facility_unshifted_to_string_alloc(c->syslog_priority >> 3, &fac_str);
1964 if (r < 0)
1965 fac_str = NULL;
1966
1967 r = log_level_to_string_alloc(LOG_PRI(c->syslog_priority), &lvl_str);
1968 if (r < 0)
1969 lvl_str = NULL;
1970
94f04347
LP		 1971 fprintf(f,
1972 "%sSyslogFacility: %s\n"
1973 "%sSyslogLevel: %s\n",
f8b69d1d
MS		 1974 prefix, strna(fac_str),
1975 prefix, strna(lvl_str));
1976 free(lvl_str);
1977 free(fac_str);
1978 }
94f04347
LP		 1979
1980 if (c->capabilities) {
1981 char *t;
1982 if ((t = cap_to_text(c->capabilities, NULL))) {
1983 fprintf(f, "%sCapabilities: %s\n",
1984 prefix, t);
1985 cap_free(t);
1986 }
1987 }
1988
1989 if (c->secure_bits)
1990 fprintf(f, "%sSecure Bits:%s%s%s%s%s%s\n",
1991 prefix,
cbb21cca
ZJS		 1992 (c->secure_bits & 1<<SECURE_KEEP_CAPS) ? " keep-caps" : "",
1993 (c->secure_bits & 1<<SECURE_KEEP_CAPS_LOCKED) ? " keep-caps-locked" : "",
1994 (c->secure_bits & 1<<SECURE_NO_SETUID_FIXUP) ? " no-setuid-fixup" : "",
1995 (c->secure_bits & 1<<SECURE_NO_SETUID_FIXUP_LOCKED) ? " no-setuid-fixup-locked" : "",
1996 (c->secure_bits & 1<<SECURE_NOROOT) ? " noroot" : "",
1997 (c->secure_bits & 1<<SECURE_NOROOT_LOCKED) ? "noroot-locked" : "");
94f04347
LP		 1998
1999 if (c->capability_bounding_set_drop) {
ae556c21 2000 unsigned long l;
260abb78 2001 fprintf(f, "%sCapabilityBoundingSet:", prefix);
94f04347 2002
64685e0c 2003 for (l = 0; l <= cap_last_cap(); l++)
ae556c21 2004 if (!(c->capability_bounding_set_drop & ((uint64_t) 1ULL << (uint64_t) l))) {
94f04347
LP		 2005 char *t;
2006
ae556c21 2007 if ((t = cap_to_name(l))) {
94f04347 2008 fprintf(f, " %s", t);
260abb78 2009 cap_free(t);
94f04347
LP		 2010 }
2011 }
2012
2013 fputs("\n", f);
2014 }
2015
2016 if (c->user)
f2d3769a 2017 fprintf(f, "%sUser: %s\n", prefix, c->user);
94f04347 2018 if (c->group)
f2d3769a 2019 fprintf(f, "%sGroup: %s\n", prefix, c->group);
94f04347 2020
15ae422b 2021 if (strv_length(c->supplementary_groups) > 0) {
94f04347 2022 fprintf(f, "%sSupplementaryGroups:", prefix);
15ae422b
LP		 2023 strv_fprintf(f, c->supplementary_groups);
2024 fputs("\n", f);
2025 }
94f04347 2026
5b6319dc 2027 if (c->pam_name)
f2d3769a 2028 fprintf(f, "%sPAMName: %s\n", prefix, c->pam_name);
5b6319dc 2029
15ae422b
LP		 2030 if (strv_length(c->read_write_dirs) > 0) {
2031 fprintf(f, "%sReadWriteDirs:", prefix);
2032 strv_fprintf(f, c->read_write_dirs);
2033 fputs("\n", f);
2034 }
2035
2036 if (strv_length(c->read_only_dirs) > 0) {
2037 fprintf(f, "%sReadOnlyDirs:", prefix);
2038 strv_fprintf(f, c->read_only_dirs);
2039 fputs("\n", f);
2040 }
94f04347 2041
15ae422b
LP		 2042 if (strv_length(c->inaccessible_dirs) > 0) {
2043 fprintf(f, "%sInaccessibleDirs:", prefix);
2044 strv_fprintf(f, c->inaccessible_dirs);
94f04347
LP		 2045 fputs("\n", f);
2046 }
2e22afe9 2047
169c1bda
LP		 2048 if (c->utmp_id)
2049 fprintf(f,
2050 "%sUtmpIdentifier: %s\n",
2051 prefix, c->utmp_id);
5cb5a6ff
LP		 2052}
2053
b58b4116 2054void exec_status_start(ExecStatus *s, pid_t pid) {
034c6ed7 2055 assert(s);
5cb5a6ff 2056
b58b4116
LP		 2057 zero(*s);
2058 s->pid = pid;
2059 dual_timestamp_get(&s->start_timestamp);
2060}
2061
6ea832a2 2062void exec_status_exit(ExecStatus *s, ExecContext *context, pid_t pid, int code, int status) {
b58b4116
LP		 2063 assert(s);
2064
0b1f4ae6 2065 if (s->pid && s->pid != pid)
b58b4116
LP		 2066 zero(*s);
2067
034c6ed7 2068 s->pid = pid;
63983207 2069 dual_timestamp_get(&s->exit_timestamp);
9fb86720 2070
034c6ed7
LP		 2071 s->code = code;
2072 s->status = status;
169c1bda 2073
6ea832a2
LP		 2074 if (context) {
2075 if (context->utmp_id)
2076 utmp_put_dead_process(context->utmp_id, pid, code, status);
2077
2078 exec_context_tty_reset(context);
2079 }
9fb86720
LP		 2080}
2081
2082void exec_status_dump(ExecStatus *s, FILE *f, const char *prefix) {
2083 char buf[FORMAT_TIMESTAMP_MAX];
2084
2085 assert(s);
2086 assert(f);
2087
2088 if (!prefix)
2089 prefix = "";
2090
2091 if (s->pid <= 0)
2092 return;
2093
2094 fprintf(f,
bb00e604
LP		 2095 "%sPID: %lu\n",
2096 prefix, (unsigned long) s->pid);
9fb86720 2097
63983207 2098 if (s->start_timestamp.realtime > 0)
9fb86720
LP		 2099 fprintf(f,
2100 "%sStart Timestamp: %s\n",
63983207 2101 prefix, format_timestamp(buf, sizeof(buf), s->start_timestamp.realtime));
9fb86720 2102
63983207 2103 if (s->exit_timestamp.realtime > 0)
9fb86720
LP		 2104 fprintf(f,
2105 "%sExit Timestamp: %s\n"
2106 "%sExit Code: %s\n"
2107 "%sExit Status: %i\n",
63983207 2108 prefix, format_timestamp(buf, sizeof(buf), s->exit_timestamp.realtime),
9fb86720
LP		 2109 prefix, sigchld_code_to_string(s->code),
2110 prefix, s->status);
5cb5a6ff 2111}
44d8db9e 2112
9e2f7c11 2113char *exec_command_line(char **argv) {
44d8db9e
LP		 2114 size_t k;
2115 char *n, *p, **a;
2116 bool first = true;
2117
9e2f7c11 2118 assert(argv);
44d8db9e 2119
9164977d 2120 k = 1;
9e2f7c11 2121 STRV_FOREACH(a, argv)
44d8db9e
LP		 2122 k += strlen(*a)+3;
2123
2124 if (!(n = new(char, k)))
2125 return NULL;
2126
2127 p = n;
9e2f7c11 2128 STRV_FOREACH(a, argv) {
44d8db9e
LP		 2129
2130 if (!first)
2131 *(p++) = ' ';
2132 else
2133 first = false;
2134
2135 if (strpbrk(*a, WHITESPACE)) {
2136 *(p++) = '\'';
2137 p = stpcpy(p, *a);
2138 *(p++) = '\'';
2139 } else
2140 p = stpcpy(p, *a);
2141
2142 }
2143
9164977d
LP		 2144 *p = 0;
2145
44d8db9e
LP		 2146 /* FIXME: this doesn't really handle arguments that have
2147 * spaces and ticks in them */
2148
2149 return n;
2150}
2151
2152void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix) {
9fb86720
LP		 2153 char *p2;
2154 const char *prefix2;
2155
44d8db9e
LP		 2156 char *cmd;
2157
2158 assert(c);
2159 assert(f);
2160
2161 if (!prefix)
2162 prefix = "";
9fb86720
LP		 2163 p2 = strappend(prefix, "\t");
2164 prefix2 = p2 ? p2 : prefix;
44d8db9e 2165
9e2f7c11 2166 cmd = exec_command_line(c->argv);
44d8db9e
LP		 2167
2168 fprintf(f,
2169 "%sCommand Line: %s\n",
2170 prefix, cmd ? cmd : strerror(ENOMEM));
2171
2172 free(cmd);
9fb86720
LP		 2173
2174 exec_status_dump(&c->exec_status, f, prefix2);
2175
2176 free(p2);
44d8db9e
LP		 2177}
2178
2179void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix) {
2180 assert(f);
2181
2182 if (!prefix)
2183 prefix = "";
2184
2185 LIST_FOREACH(command, c, c)
2186 exec_command_dump(c, f, prefix);
2187}
94f04347 2188
a6a80b4f
LP		 2189void exec_command_append_list(ExecCommand **l, ExecCommand *e) {
2190 ExecCommand *end;
2191
2192 assert(l);
2193 assert(e);
2194
2195 if (*l) {
35b8ca3a 2196 /* It's kind of important, that we keep the order here */
71fda00f
LP		 2197 LIST_FIND_TAIL(command, *l, end);
2198 LIST_INSERT_AFTER(command, *l, end, e);
a6a80b4f
LP		 2199 } else
2200 *l = e;
2201}
2202
26fd040d
LP		 2203int exec_command_set(ExecCommand *c, const char *path, ...) {
2204 va_list ap;
2205 char **l, *p;
2206
2207 assert(c);
2208 assert(path);
2209
2210 va_start(ap, path);
2211 l = strv_new_ap(path, ap);
2212 va_end(ap);
2213
2214 if (!l)
2215 return -ENOMEM;
2216
2217 if (!(p = strdup(path))) {
2218 strv_free(l);
2219 return -ENOMEM;
2220 }
2221
2222 free(c->path);
2223 c->path = p;
2224
2225 strv_free(c->argv);
2226 c->argv = l;
2227
2228 return 0;
2229}
2230
80876c20
LP		 2231static const char* const exec_input_table[_EXEC_INPUT_MAX] = {
2232 [EXEC_INPUT_NULL] = "null",
2233 [EXEC_INPUT_TTY] = "tty",
2234 [EXEC_INPUT_TTY_FORCE] = "tty-force",
4f2d528d
LP		 2235 [EXEC_INPUT_TTY_FAIL] = "tty-fail",
2236 [EXEC_INPUT_SOCKET] = "socket"
80876c20
LP		 2237};
2238
8a0867d6
LP		 2239DEFINE_STRING_TABLE_LOOKUP(exec_input, ExecInput);
2240
94f04347 2241static const char* const exec_output_table[_EXEC_OUTPUT_MAX] = {
80876c20 2242 [EXEC_OUTPUT_INHERIT] = "inherit",
94f04347 2243 [EXEC_OUTPUT_NULL] = "null",
80876c20 2244 [EXEC_OUTPUT_TTY] = "tty",
94f04347 2245 [EXEC_OUTPUT_SYSLOG] = "syslog",
28dbc1e8 2246 [EXEC_OUTPUT_SYSLOG_AND_CONSOLE] = "syslog+console",
9a6bca7a 2247 [EXEC_OUTPUT_KMSG] = "kmsg",
28dbc1e8 2248 [EXEC_OUTPUT_KMSG_AND_CONSOLE] = "kmsg+console",
706343f4
LP		 2249 [EXEC_OUTPUT_JOURNAL] = "journal",
2250 [EXEC_OUTPUT_JOURNAL_AND_CONSOLE] = "journal+console",
4f2d528d 2251 [EXEC_OUTPUT_SOCKET] = "socket"
94f04347
LP		 2252};
2253
2254DEFINE_STRING_TABLE_LOOKUP(exec_output, ExecOutput);
Unnamed repository; edit this file 'description' to name the repository.