[thirdparty/systemd.git] / src / core / execute.h

#pragma once

/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

typedef struct ExecStatus ExecStatus;
typedef struct ExecCommand ExecCommand;
typedef struct ExecContext ExecContext;
typedef struct ExecRuntime ExecRuntime;
typedef struct ExecParameters ExecParameters;

#include <sched.h>
#include <stdbool.h>
#include <stdio.h>
#include <sys/capability.h>

#include "cgroup-util.h"
#include "fdset.h"
#include "list.h"
#include "missing.h"
#include "namespace.h"
#include "nsflags.h"

typedef enum ExecUtmpMode {
        EXEC_UTMP_INIT,
        EXEC_UTMP_LOGIN,
        EXEC_UTMP_USER,
        _EXEC_UTMP_MODE_MAX,
        _EXEC_UTMP_MODE_INVALID = -1
} ExecUtmpMode;

typedef enum ExecInput {
        EXEC_INPUT_NULL,
        EXEC_INPUT_TTY,
        EXEC_INPUT_TTY_FORCE,
        EXEC_INPUT_TTY_FAIL,
        EXEC_INPUT_SOCKET,
        EXEC_INPUT_NAMED_FD,
        _EXEC_INPUT_MAX,
        _EXEC_INPUT_INVALID = -1
} ExecInput;

typedef enum ExecOutput {
        EXEC_OUTPUT_INHERIT,
        EXEC_OUTPUT_NULL,
        EXEC_OUTPUT_TTY,
        EXEC_OUTPUT_SYSLOG,
        EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
        EXEC_OUTPUT_KMSG,
        EXEC_OUTPUT_KMSG_AND_CONSOLE,
        EXEC_OUTPUT_JOURNAL,
        EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
        EXEC_OUTPUT_SOCKET,
        EXEC_OUTPUT_NAMED_FD,
        _EXEC_OUTPUT_MAX,
        _EXEC_OUTPUT_INVALID = -1
} ExecOutput;

typedef enum ExecPreserveMode {
        EXEC_PRESERVE_NO,
        EXEC_PRESERVE_YES,
        EXEC_PRESERVE_RESTART,
        _EXEC_PRESERVE_MODE_MAX,
        _EXEC_PRESERVE_MODE_INVALID = -1
} ExecPreserveMode;

struct ExecStatus {
        dual_timestamp start_timestamp;
        dual_timestamp exit_timestamp;
        pid_t pid;
        int code;     /* as in siginfo_t::si_code */
        int status;   /* as in sigingo_t::si_status */
};

typedef enum ExecCommandFlags {
        EXEC_COMMAND_IGNORE_FAILURE = 1,
        EXEC_COMMAND_FULLY_PRIVILEGED = 2,
        EXEC_COMMAND_NO_SETUID = 4,
        EXEC_COMMAND_AMBIENT_MAGIC = 8,
} ExecCommandFlags;

struct ExecCommand {
        char *path;
        char **argv;
        ExecStatus exec_status;
        ExecCommandFlags flags;
        LIST_FIELDS(ExecCommand, command); /* useful for chaining commands */
};

struct ExecRuntime {
        int n_ref;

        char *tmp_dir;
        char *var_tmp_dir;

        /* An AF_UNIX socket pair, that contains a datagram containing a file descriptor referring to the network
         * namespace. */
        int netns_storage_socket[2];
};

typedef enum ExecDirectoryType {
        EXEC_DIRECTORY_RUNTIME = 0,
        EXEC_DIRECTORY_STATE,
        EXEC_DIRECTORY_CACHE,
        EXEC_DIRECTORY_LOGS,
        EXEC_DIRECTORY_CONFIGURATION,
        _EXEC_DIRECTORY_MAX,
        _EXEC_DIRECTORY_INVALID = -1,
} ExecDirectoryType;

typedef struct ExecDirectory {
        char **paths;
        mode_t mode;
} ExecDirectory;

struct ExecContext {
        char **environment;
        char **environment_files;
        char **pass_environment;
        char **unset_environment;

        struct rlimit *rlimit[_RLIMIT_MAX];
        char *working_directory, *root_directory, *root_image;
        bool working_directory_missing_ok;
        bool working_directory_home;

        mode_t umask;
        int oom_score_adjust;
        int nice;
        int ioprio;
        int cpu_sched_policy;
        int cpu_sched_priority;

        cpu_set_t *cpuset;
        unsigned cpuset_ncpus;

        ExecInput std_input;
        ExecOutput std_output;
        ExecOutput std_error;
        char *stdio_fdname[3];

        nsec_t timer_slack_nsec;

        bool stdio_as_fds;

        char *tty_path;

        bool tty_reset;
        bool tty_vhangup;
        bool tty_vt_disallocate;

        bool ignore_sigpipe;

        /* Since resolving these names might involve socket
         * connections and we don't want to deadlock ourselves these
         * names are resolved on execution only and in the child
         * process. */
        char *user;
        char *group;
        char **supplementary_groups;

        char *pam_name;

        char *utmp_id;
        ExecUtmpMode utmp_mode;

        bool selinux_context_ignore;
        char *selinux_context;

        bool apparmor_profile_ignore;
        char *apparmor_profile;

        bool smack_process_label_ignore;
        char *smack_process_label;

        char **read_write_paths, **read_only_paths, **inaccessible_paths;
        unsigned long mount_flags;
        BindMount *bind_mounts;
        unsigned n_bind_mounts;

        uint64_t capability_bounding_set;
        uint64_t capability_ambient_set;
        int secure_bits;

        int syslog_priority;
        char *syslog_identifier;
        bool syslog_level_prefix;

        bool cpu_sched_reset_on_fork;
        bool non_blocking;
        bool private_tmp;
        bool private_network;
        bool private_devices;
        bool private_users;
        ProtectSystem protect_system;
        ProtectHome protect_home;
        bool protect_kernel_tunables;
        bool protect_kernel_modules;
        bool protect_control_groups;
        bool mount_apivfs;

        bool no_new_privileges;

        bool dynamic_user;
        bool remove_ipc;

        /* This is not exposed to the user but available
         * internally. We need it to make sure that whenever we spawn
         * /usr/bin/mount it is run in the same process group as us so
         * that the autofs logic detects that it belongs to us and we
         * don't enter a trigger loop. */
        bool same_pgrp;

        unsigned long personality;
        bool lock_personality;

        unsigned long restrict_namespaces; /* The CLONE_NEWxyz flags permitted to the unit's processes */

        Set *syscall_filter;
        Set *syscall_archs;
        int syscall_errno;
        bool syscall_whitelist:1;

        Set *address_families;
        bool address_families_whitelist:1;

        ExecPreserveMode runtime_directory_preserve_mode;
        ExecDirectory directories[_EXEC_DIRECTORY_MAX];

        bool memory_deny_write_execute;
        bool restrict_realtime;

        bool oom_score_adjust_set:1;
        bool nice_set:1;
        bool ioprio_set:1;
        bool cpu_sched_set:1;
};

static inline bool exec_context_restrict_namespaces_set(const ExecContext *c) {
        assert(c);

        return (c->restrict_namespaces & NAMESPACE_FLAGS_ALL) != NAMESPACE_FLAGS_ALL;
}

typedef enum ExecFlags {
        EXEC_APPLY_SANDBOXING  = 1U << 0,
        EXEC_APPLY_CHROOT      = 1U << 1,
        EXEC_APPLY_TTY_STDIN   = 1U << 2,
        EXEC_NEW_KEYRING       = 1U << 3,
        EXEC_PASS_LOG_UNIT     = 1U << 4, /* Whether to pass the unit name to the service's journal stream connection */
        EXEC_CHOWN_DIRECTORIES = 1U << 5, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */
        EXEC_NSS_BYPASS_BUS    = 1U << 6, /* Set the SYSTEMD_NSS_BYPASS_BUS environment variable, to disable nss-systemd for dbus */
        EXEC_CGROUP_DELEGATE   = 1U << 7,

        /* The following are not used by execute.c, but by consumers internally */
        EXEC_PASS_FDS          = 1U << 8,
        EXEC_IS_CONTROL        = 1U << 9,
        EXEC_SETENV_RESULT     = 1U << 10,
        EXEC_SET_WATCHDOG      = 1U << 11,
} ExecFlags;

struct ExecParameters {
        char **argv;
        char **environment;

        int *fds;
        char **fd_names;
        unsigned n_storage_fds;
        unsigned n_socket_fds;

        ExecFlags flags;
        bool selinux_context_net:1;

        CGroupMask cgroup_supported;
        const char *cgroup_path;

        char **prefix;

        const char *confirm_spawn;

        usec_t watchdog_usec;

        int *idle_pipe;

        int stdin_fd;
        int stdout_fd;
        int stderr_fd;
};

#include "unit.h"
#include "dynamic-user.h"

int exec_spawn(Unit *unit,
               ExecCommand *command,
               const ExecContext *context,
               const ExecParameters *exec_params,
               ExecRuntime *runtime,
               DynamicCreds *dynamic_creds,
               pid_t *ret);

void exec_command_done(ExecCommand *c);
void exec_command_done_array(ExecCommand *c, unsigned n);

ExecCommand* exec_command_free_list(ExecCommand *c);
void exec_command_free_array(ExecCommand **c, unsigned n);

char *exec_command_line(char **argv);

void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix);
void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix);
void exec_command_append_list(ExecCommand **l, ExecCommand *e);
int exec_command_set(ExecCommand *c, const char *path, ...);
int exec_command_append(ExecCommand *c, const char *path, ...);

void exec_context_init(ExecContext *c);
void exec_context_done(ExecContext *c);
void exec_context_dump(ExecContext *c, FILE* f, const char *prefix);

int exec_context_destroy_runtime_directory(ExecContext *c, const char *runtime_root);

int exec_context_load_environment(Unit *unit, const ExecContext *c, char ***l);
int exec_context_named_iofds(Unit *unit, const ExecContext *c, const ExecParameters *p, int named_iofds[3]);
const char* exec_context_fdname(const ExecContext *c, int fd_index);

bool exec_context_may_touch_console(ExecContext *c);
bool exec_context_maintains_privileges(ExecContext *c);

int exec_context_get_effective_ioprio(ExecContext *c);

void exec_status_start(ExecStatus *s, pid_t pid);
void exec_status_exit(ExecStatus *s, ExecContext *context, pid_t pid, int code, int status);
void exec_status_dump(ExecStatus *s, FILE *f, const char *prefix);

int exec_runtime_make(ExecRuntime **rt, ExecContext *c, const char *id);
ExecRuntime *exec_runtime_ref(ExecRuntime *r);
ExecRuntime *exec_runtime_unref(ExecRuntime *r);

int exec_runtime_serialize(Unit *unit, ExecRuntime *rt, FILE *f, FDSet *fds);
int exec_runtime_deserialize_item(Unit *unit, ExecRuntime **rt, const char *key, const char *value, FDSet *fds);

void exec_runtime_destroy(ExecRuntime *rt);

const char* exec_output_to_string(ExecOutput i) _const_;
ExecOutput exec_output_from_string(const char *s) _pure_;

const char* exec_input_to_string(ExecInput i) _const_;
ExecInput exec_input_from_string(const char *s) _pure_;

const char* exec_utmp_mode_to_string(ExecUtmpMode i) _const_;
ExecUtmpMode exec_utmp_mode_from_string(const char *s) _pure_;

const char* exec_preserve_mode_to_string(ExecPreserveMode i) _const_;
ExecPreserveMode exec_preserve_mode_from_string(const char *s) _pure_;

const char* exec_directory_type_to_string(ExecDirectoryType i) _const_;
ExecDirectoryType exec_directory_type_from_string(const char *s) _pure_;
Commit	Line	Data
c2f1db8f	1	#pragma once
5cb5a6ff	2
a7334b09 LP	3	/***
	4	This file is part of systemd.
	5
	6	Copyright 2010 Lennart Poettering
	7
	8	systemd is free software; you can redistribute it and/or modify it
5430f7f2 LP	9	under the terms of the GNU Lesser General Public License as published by
5430f7f2 LP	10	the Free Software Foundation; either version 2.1 of the License, or
a7334b09 LP	11	(at your option) any later version.
	12
	13	systemd is distributed in the hope that it will be useful, but
	14	WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2	16	Lesser General Public License for more details.
a7334b09	17
5430f7f2	18	You should have received a copy of the GNU Lesser General Public License
a7334b09 LP	19	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	20	***/
	21
5cb5a6ff LP	22	typedef struct ExecStatus ExecStatus;
	23	typedef struct ExecCommand ExecCommand;
	24	typedef struct ExecContext ExecContext;
613b411c	25	typedef struct ExecRuntime ExecRuntime;
9fa95f85	26	typedef struct ExecParameters ExecParameters;
5cb5a6ff	27
71d35b6b	28	#include <sched.h>
5cb5a6ff LP	29	#include <stdbool.h>
5cb5a6ff LP	30	#include <stdio.h>
71d35b6b	31	#include <sys/capability.h>
5cb5a6ff	32
9ce93478	33	#include "cgroup-util.h"
613b411c	34	#include "fdset.h"
71d35b6b	35	#include "list.h"
517d56b1	36	#include "missing.h"
417116f2	37	#include "namespace.h"
add00535	38	#include "nsflags.h"
5cb5a6ff	39
023a4f67 LP	40	typedef enum ExecUtmpMode {
	41	EXEC_UTMP_INIT,
	42	EXEC_UTMP_LOGIN,
	43	EXEC_UTMP_USER,
	44	_EXEC_UTMP_MODE_MAX,
2307f37e	45	_EXEC_UTMP_MODE_INVALID = -1
023a4f67 LP	46	} ExecUtmpMode;
023a4f67 LP	47
80876c20 LP	48	typedef enum ExecInput {
	49	EXEC_INPUT_NULL,
	50	EXEC_INPUT_TTY,
	51	EXEC_INPUT_TTY_FORCE,
	52	EXEC_INPUT_TTY_FAIL,
4f2d528d	53	EXEC_INPUT_SOCKET,
52c239d7	54	EXEC_INPUT_NAMED_FD,
80876c20 LP	55	_EXEC_INPUT_MAX,
	56	_EXEC_INPUT_INVALID = -1
	57	} ExecInput;
	58
071830ff	59	typedef enum ExecOutput {
80876c20	60	EXEC_OUTPUT_INHERIT,
94f04347	61	EXEC_OUTPUT_NULL,
80876c20	62	EXEC_OUTPUT_TTY,
94f04347	63	EXEC_OUTPUT_SYSLOG,
28dbc1e8	64	EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
9a6bca7a	65	EXEC_OUTPUT_KMSG,
28dbc1e8	66	EXEC_OUTPUT_KMSG_AND_CONSOLE,
706343f4 LP	67	EXEC_OUTPUT_JOURNAL,
706343f4 LP	68	EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
4f2d528d	69	EXEC_OUTPUT_SOCKET,
52c239d7	70	EXEC_OUTPUT_NAMED_FD,
94f04347 LP	71	_EXEC_OUTPUT_MAX,
94f04347 LP	72	_EXEC_OUTPUT_INVALID = -1
071830ff LP	73	} ExecOutput;
071830ff LP	74
53f47dfc YW	75	typedef enum ExecPreserveMode {
	76	EXEC_PRESERVE_NO,
	77	EXEC_PRESERVE_YES,
	78	EXEC_PRESERVE_RESTART,
	79	_EXEC_PRESERVE_MODE_MAX,
	80	_EXEC_PRESERVE_MODE_INVALID = -1
	81	} ExecPreserveMode;
	82
5cb5a6ff	83	struct ExecStatus {
63983207 LP	84	dual_timestamp start_timestamp;
63983207 LP	85	dual_timestamp exit_timestamp;
9d58f1db	86	pid_t pid;
9152c765 LP	87	int code; /* as in siginfo_t::si_code */
9152c765 LP	88	int status; /* as in sigingo_t::si_status */
5cb5a6ff LP	89	};
5cb5a6ff LP	90
3ed0cd26 LP	91	typedef enum ExecCommandFlags {
	92	EXEC_COMMAND_IGNORE_FAILURE = 1,
	93	EXEC_COMMAND_FULLY_PRIVILEGED = 2,
165a31c0 LP	94	EXEC_COMMAND_NO_SETUID = 4,
165a31c0 LP	95	EXEC_COMMAND_AMBIENT_MAGIC = 8,
3ed0cd26 LP	96	} ExecCommandFlags;
3ed0cd26 LP	97
5cb5a6ff LP	98	struct ExecCommand {
	99	char *path;
	100	char **argv;
034c6ed7	101	ExecStatus exec_status;
3ed0cd26	102	ExecCommandFlags flags;
034c6ed7	103	LIST_FIELDS(ExecCommand, command); /* useful for chaining commands */
5cb5a6ff LP	104	};
5cb5a6ff LP	105
613b411c LP	106	struct ExecRuntime {
	107	int n_ref;
	108
	109	char *tmp_dir;
	110	char *var_tmp_dir;
	111
29206d46 LP	112	/* An AF_UNIX socket pair, that contains a datagram containing a file descriptor referring to the network
29206d46 LP	113	* namespace. */
613b411c LP	114	int netns_storage_socket[2];
	115	};
	116
3536f49e YW	117	typedef enum ExecDirectoryType {
	118	EXEC_DIRECTORY_RUNTIME = 0,
	119	EXEC_DIRECTORY_STATE,
	120	EXEC_DIRECTORY_CACHE,
	121	EXEC_DIRECTORY_LOGS,
	122	EXEC_DIRECTORY_CONFIGURATION,
	123	_EXEC_DIRECTORY_MAX,
	124	_EXEC_DIRECTORY_INVALID = -1,
	125	} ExecDirectoryType;
	126
	127	typedef struct ExecDirectory {
	128	char **paths;
	129	mode_t mode;
	130	} ExecDirectory;
	131
5cb5a6ff LP	132	struct ExecContext {
5cb5a6ff LP	133	char **environment;
8c7be95e	134	char **environment_files;
b4c14404	135	char **pass_environment;
00819cc1	136	char **unset_environment;
8c7be95e	137
517d56b1	138	struct rlimit *rlimit[_RLIMIT_MAX];
915e6d16	139	char working_directory, root_directory, *root_image;
4c08c824	140	bool working_directory_missing_ok;
5f5d8eab	141	bool working_directory_home;
9d58f1db LP	142
9d58f1db LP	143	mode_t umask;
dd6c17b1	144	int oom_score_adjust;
5cb5a6ff	145	int nice;
9eba9da4	146	int ioprio;
94f04347 LP	147	int cpu_sched_policy;
94f04347 LP	148	int cpu_sched_priority;
9d58f1db	149
82c121a4 LP	150	cpu_set_t *cpuset;
82c121a4 LP	151	unsigned cpuset_ncpus;
fb33a393	152
80876c20 LP	153	ExecInput std_input;
	154	ExecOutput std_output;
	155	ExecOutput std_error;
52c239d7	156	char *stdio_fdname[3];
80876c20	157
d88a251b	158	nsec_t timer_slack_nsec;
071830ff	159
1e22b5cd LP	160	bool stdio_as_fds;
1e22b5cd LP	161
9d58f1db	162	char *tty_path;
5cb5a6ff	163
6ea832a2 LP	164	bool tty_reset;
	165	bool tty_vhangup;
	166	bool tty_vt_disallocate;
	167
353e12c2 LP	168	bool ignore_sigpipe;
353e12c2 LP	169
61233823	170	/* Since resolving these names might involve socket
5cb5a6ff	171	* connections and we don't want to deadlock ourselves these
94f04347 LP	172	* names are resolved on execution only and in the child
94f04347 LP	173	* process. */
5cb5a6ff LP	174	char *user;
	175	char *group;
	176	char **supplementary_groups;
9d58f1db	177
5b6319dc LP	178	char *pam_name;
5b6319dc LP	179
169c1bda	180	char *utmp_id;
023a4f67	181	ExecUtmpMode utmp_mode;
169c1bda	182
5f8640fb	183	bool selinux_context_ignore;
7b52a628 MS	184	char *selinux_context;
7b52a628 MS	185
eef65bf3 MS	186	bool apparmor_profile_ignore;
	187	char *apparmor_profile;
	188
2ca620c4 WC	189	bool smack_process_label_ignore;
	190	char *smack_process_label;
	191
2a624c36	192	char read_write_paths, read_only_paths, **inaccessible_paths;
15ae422b	193	unsigned long mount_flags;
d2d6c096 LP	194	BindMount *bind_mounts;
d2d6c096 LP	195	unsigned n_bind_mounts;
15ae422b	196
a103496c	197	uint64_t capability_bounding_set;
755d4b67	198	uint64_t capability_ambient_set;
9d58f1db LP	199	int secure_bits;
9d58f1db LP	200
7fab9d01 LP	201	int syslog_priority;
	202	char *syslog_identifier;
	203	bool syslog_level_prefix;
	204
9d58f1db LP	205	bool cpu_sched_reset_on_fork;
9d58f1db LP	206	bool non_blocking;
15ae422b	207	bool private_tmp;
ff01d048	208	bool private_network;
7f112f50	209	bool private_devices;
d251207d	210	bool private_users;
1b8689f9 LP	211	ProtectSystem protect_system;
1b8689f9 LP	212	ProtectHome protect_home;
59eeb84b	213	bool protect_kernel_tunables;
502d704e	214	bool protect_kernel_modules;
59eeb84b	215	bool protect_control_groups;
5d997827	216	bool mount_apivfs;
9d58f1db	217
8351ceae LP	218	bool no_new_privileges;
8351ceae LP	219
29206d46	220	bool dynamic_user;
00d9ef85	221	bool remove_ipc;
29206d46	222
9d58f1db LP	223	/* This is not exposed to the user but available
9d58f1db LP	224	* internally. We need it to make sure that whenever we spawn
f00929ad	225	* /usr/bin/mount it is run in the same process group as us so
9d58f1db LP	226	* that the autofs logic detects that it belongs to us and we
9d58f1db LP	227	* don't enter a trigger loop. */
74922904	228	bool same_pgrp;
2e22afe9	229
ac45f971	230	unsigned long personality;
78e864e5	231	bool lock_personality;
ac45f971	232
add00535 LP	233	unsigned long restrict_namespaces; /* The CLONE_NEWxyz flags permitted to the unit's processes */
add00535 LP	234
17df7223	235	Set *syscall_filter;
57183d11	236	Set *syscall_archs;
17df7223 LP	237	int syscall_errno;
17df7223 LP	238	bool syscall_whitelist:1;
8351ceae	239
4298d0b5 LP	240	Set *address_families;
	241	bool address_families_whitelist:1;
	242
53f47dfc	243	ExecPreserveMode runtime_directory_preserve_mode;
3536f49e	244	ExecDirectory directories[_EXEC_DIRECTORY_MAX];
e66cf1a3	245
f4170c67 LP	246	bool memory_deny_write_execute;
	247	bool restrict_realtime;
	248
dd6c17b1	249	bool oom_score_adjust_set:1;
7fab9d01 LP	250	bool nice_set:1;
	251	bool ioprio_set:1;
	252	bool cpu_sched_set:1;
5cb5a6ff LP	253	};
5cb5a6ff LP	254
add00535 LP	255	static inline bool exec_context_restrict_namespaces_set(const ExecContext *c) {
	256	assert(c);
	257
	258	return (c->restrict_namespaces & NAMESPACE_FLAGS_ALL) != NAMESPACE_FLAGS_ALL;
	259	}
	260
c39f1ce2	261	typedef enum ExecFlags {
1703fa41	262	EXEC_APPLY_SANDBOXING = 1U << 0,
7d5ceb64 FB	263	EXEC_APPLY_CHROOT = 1U << 1,
7d5ceb64 FB	264	EXEC_APPLY_TTY_STDIN = 1U << 2,
74dd6b51	265	EXEC_NEW_KEYRING = 1U << 3,
af635cf3	266	EXEC_PASS_LOG_UNIT = 1U << 4, /* Whether to pass the unit name to the service's journal stream connection */
8679efde	267	EXEC_CHOWN_DIRECTORIES = 1U << 5, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */
ac647978	268	EXEC_NSS_BYPASS_BUS = 1U << 6, /* Set the SYSTEMD_NSS_BYPASS_BUS environment variable, to disable nss-systemd for dbus */
584b8688	269	EXEC_CGROUP_DELEGATE = 1U << 7,
c39f1ce2	270
9c1a61ad	271	/* The following are not used by execute.c, but by consumers internally */
584b8688 LP	272	EXEC_PASS_FDS = 1U << 8,
	273	EXEC_IS_CONTROL = 1U << 9,
	274	EXEC_SETENV_RESULT = 1U << 10,
	275	EXEC_SET_WATCHDOG = 1U << 11,
c39f1ce2 LP	276	} ExecFlags;
c39f1ce2 LP	277
9fa95f85 DM	278	struct ExecParameters {
9fa95f85 DM	279	char **argv;
a34ceba6	280	char **environment;
8dd4c05b LP	281
	282	int *fds;
	283	char **fd_names;
4c47affc	284	unsigned n_storage_fds;
9b141911	285	unsigned n_socket_fds;
8dd4c05b	286
c39f1ce2	287	ExecFlags flags;
a34ceba6	288	bool selinux_context_net:1;
8dd4c05b	289
efdb0237	290	CGroupMask cgroup_supported;
9fa95f85	291	const char *cgroup_path;
8dd4c05b	292
3536f49e	293	char **prefix;
8dd4c05b	294
7d5ceb64 FB	295	const char *confirm_spawn;
7d5ceb64 FB	296
9fa95f85	297	usec_t watchdog_usec;
8dd4c05b	298
9fa95f85	299	int *idle_pipe;
8dd4c05b	300
a34ceba6 LP	301	int stdin_fd;
	302	int stdout_fd;
	303	int stderr_fd;
9fa95f85 DM	304	};
9fa95f85 DM	305
9ce93478	306	#include "unit.h"
29206d46	307	#include "dynamic-user.h"
9ce93478	308
f2341e0a LP	309	int exec_spawn(Unit *unit,
f2341e0a LP	310	ExecCommand *command,
9fa95f85 DM	311	const ExecContext *context,
9fa95f85 DM	312	const ExecParameters *exec_params,
613b411c	313	ExecRuntime *runtime,
29206d46	314	DynamicCreds *dynamic_creds,
81a2b7ce	315	pid_t *ret);
5cb5a6ff	316
43d0fcbd LP	317	void exec_command_done(ExecCommand *c);
	318	void exec_command_done_array(ExecCommand *c, unsigned n);
	319
f1acf85a	320	ExecCommand* exec_command_free_list(ExecCommand *c);
034c6ed7	321	void exec_command_free_array(ExecCommand **c, unsigned n);
5cb5a6ff	322
9e2f7c11 LP	323	char exec_command_line(char *argv);
9e2f7c11 LP	324
44d8db9e LP	325	void exec_command_dump(ExecCommand c, FILE f, const char *prefix);
44d8db9e LP	326	void exec_command_dump_list(ExecCommand c, FILE f, const char *prefix);
a6a80b4f	327	void exec_command_append_list(ExecCommand *l, ExecCommand e);
26fd040d	328	int exec_command_set(ExecCommand c, const char path, ...);
86b23b07	329	int exec_command_append(ExecCommand c, const char path, ...);
44d8db9e	330
034c6ed7	331	void exec_context_init(ExecContext *c);
613b411c	332	void exec_context_done(ExecContext *c);
5cb5a6ff LP	333	void exec_context_dump(ExecContext c, FILE f, const char *prefix);
5cb5a6ff LP	334
e66cf1a3 LP	335	int exec_context_destroy_runtime_directory(ExecContext c, const char runtime_root);
e66cf1a3 LP	336
f2341e0a	337	int exec_context_load_environment(Unit unit, const ExecContext c, char ***l);
52c239d7 LB	338	int exec_context_named_iofds(Unit unit, const ExecContext c, const ExecParameters *p, int named_iofds[3]);
52c239d7 LB	339	const char* exec_context_fdname(const ExecContext *c, int fd_index);
8c7be95e	340
6ac8fdc9	341	bool exec_context_may_touch_console(ExecContext *c);
a931ad47	342	bool exec_context_maintains_privileges(ExecContext *c);
6ac8fdc9	343
7f452159 LP	344	int exec_context_get_effective_ioprio(ExecContext *c);
7f452159 LP	345
b58b4116	346	void exec_status_start(ExecStatus *s, pid_t pid);
6ea832a2	347	void exec_status_exit(ExecStatus s, ExecContext context, pid_t pid, int code, int status);
9fb86720	348	void exec_status_dump(ExecStatus s, FILE f, const char *prefix);
5cb5a6ff	349
613b411c LP	350	int exec_runtime_make(ExecRuntime *rt, ExecContext c, const char *id);
	351	ExecRuntime exec_runtime_ref(ExecRuntime r);
	352	ExecRuntime exec_runtime_unref(ExecRuntime r);
	353
f2341e0a LP	354	int exec_runtime_serialize(Unit unit, ExecRuntime rt, FILE f, FDSet fds);
f2341e0a LP	355	int exec_runtime_deserialize_item(Unit unit, ExecRuntime rt, const char key, const char value, FDSet fds);
613b411c LP	356
	357	void exec_runtime_destroy(ExecRuntime *rt);
	358
44a6b1b6 ZJS	359	const char* exec_output_to_string(ExecOutput i) _const_;
44a6b1b6 ZJS	360	ExecOutput exec_output_from_string(const char *s) _pure_;
94f04347	361
44a6b1b6 ZJS	362	const char* exec_input_to_string(ExecInput i) _const_;
44a6b1b6 ZJS	363	ExecInput exec_input_from_string(const char *s) _pure_;
023a4f67 LP	364
	365	const char* exec_utmp_mode_to_string(ExecUtmpMode i) _const_;
	366	ExecUtmpMode exec_utmp_mode_from_string(const char *s) _pure_;
53f47dfc YW	367
	368	const char* exec_preserve_mode_to_string(ExecPreserveMode i) _const_;
	369	ExecPreserveMode exec_preserve_mode_from_string(const char *s) _pure_;
3536f49e YW	370
	371	const char* exec_directory_type_to_string(ExecDirectoryType i) _const_;
	372	ExecDirectoryType exec_directory_type_from_string(const char *s) _pure_;