[thirdparty/systemd.git] / src / core / execute.h

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

#pragma once

/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

typedef struct ExecStatus ExecStatus;
typedef struct ExecCommand ExecCommand;
typedef struct ExecContext ExecContext;
typedef struct ExecRuntime ExecRuntime;
typedef struct ExecParameters ExecParameters;

#include <sys/capability.h>
#include <stdbool.h>
#include <stdio.h>
#include <sched.h>

#include "list.h"
#include "fdset.h"
#include "missing.h"
#include "namespace.h"
#include "bus-endpoint.h"

typedef enum ExecInput {
        EXEC_INPUT_NULL,
        EXEC_INPUT_TTY,
        EXEC_INPUT_TTY_FORCE,
        EXEC_INPUT_TTY_FAIL,
        EXEC_INPUT_SOCKET,
        _EXEC_INPUT_MAX,
        _EXEC_INPUT_INVALID = -1
} ExecInput;

typedef enum ExecOutput {
        EXEC_OUTPUT_INHERIT,
        EXEC_OUTPUT_NULL,
        EXEC_OUTPUT_TTY,
        EXEC_OUTPUT_SYSLOG,
        EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
        EXEC_OUTPUT_KMSG,
        EXEC_OUTPUT_KMSG_AND_CONSOLE,
        EXEC_OUTPUT_JOURNAL,
        EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
        EXEC_OUTPUT_SOCKET,
        _EXEC_OUTPUT_MAX,
        _EXEC_OUTPUT_INVALID = -1
} ExecOutput;

struct ExecStatus {
        dual_timestamp start_timestamp;
        dual_timestamp exit_timestamp;
        pid_t pid;
        int code;     /* as in siginfo_t::si_code */
        int status;   /* as in sigingo_t::si_status */
};

struct ExecCommand {
        char *path;
        char **argv;
        ExecStatus exec_status;
        LIST_FIELDS(ExecCommand, command); /* useful for chaining commands */
        bool ignore;
};

struct ExecRuntime {
        int n_ref;

        char *tmp_dir;
        char *var_tmp_dir;

        int netns_storage_socket[2];
};

struct ExecContext {
        char **environment;
        char **environment_files;

        struct rlimit *rlimit[_RLIMIT_MAX];
        char *working_directory, *root_directory;
        bool working_directory_missing_ok;

        mode_t umask;
        int oom_score_adjust;
        int nice;
        int ioprio;
        int cpu_sched_policy;
        int cpu_sched_priority;

        cpu_set_t *cpuset;
        unsigned cpuset_ncpus;

        ExecInput std_input;
        ExecOutput std_output;
        ExecOutput std_error;

        nsec_t timer_slack_nsec;

        char *tty_path;

        bool tty_reset;
        bool tty_vhangup;
        bool tty_vt_disallocate;

        bool ignore_sigpipe;

        /* Since resolving these names might might involve socket
         * connections and we don't want to deadlock ourselves these
         * names are resolved on execution only and in the child
         * process. */
        char *user;
        char *group;
        char **supplementary_groups;

        char *pam_name;

        char *utmp_id;

        bool selinux_context_ignore;
        char *selinux_context;

        bool apparmor_profile_ignore;
        char *apparmor_profile;

        bool smack_process_label_ignore;
        char *smack_process_label;

        char **read_write_dirs, **read_only_dirs, **inaccessible_dirs;
        unsigned long mount_flags;

        uint64_t capability_bounding_set_drop;

        cap_t capabilities;
        int secure_bits;

        int syslog_priority;
        char *syslog_identifier;
        bool syslog_level_prefix;

        bool cpu_sched_reset_on_fork;
        bool non_blocking;
        bool private_tmp;
        bool private_network;
        bool private_devices;
        ProtectSystem protect_system;
        ProtectHome protect_home;

        bool no_new_privileges;

        /* This is not exposed to the user but available
         * internally. We need it to make sure that whenever we spawn
         * /bin/mount it is run in the same process group as us so
         * that the autofs logic detects that it belongs to us and we
         * don't enter a trigger loop. */
        bool same_pgrp;

        unsigned long personality;

        Set *syscall_filter;
        Set *syscall_archs;
        int syscall_errno;
        bool syscall_whitelist:1;

        Set *address_families;
        bool address_families_whitelist:1;

        char **runtime_directory;
        mode_t runtime_directory_mode;

        bool oom_score_adjust_set:1;
        bool nice_set:1;
        bool ioprio_set:1;
        bool cpu_sched_set:1;
        bool no_new_privileges_set:1;

        /* custom dbus enpoint */
        BusEndpoint *bus_endpoint;
};

#include "cgroup.h"
#include "cgroup-util.h"

struct ExecParameters {
        char **argv;
        int *fds; unsigned n_fds;
        char **environment;
        bool apply_permissions;
        bool apply_chroot;
        bool apply_tty_stdin;
        bool confirm_spawn;
        bool selinux_context_net;
        CGroupControllerMask cgroup_supported;
        const char *cgroup_path;
        bool cgroup_delegate;
        const char *runtime_prefix;
        const char *unit_id;
        usec_t watchdog_usec;
        int *idle_pipe;
        char *bus_endpoint_path;
        int bus_endpoint_fd;
};

int exec_spawn(ExecCommand *command,
               const ExecContext *context,
               const ExecParameters *exec_params,
               ExecRuntime *runtime,
               pid_t *ret);

void exec_command_done(ExecCommand *c);
void exec_command_done_array(ExecCommand *c, unsigned n);

ExecCommand* exec_command_free_list(ExecCommand *c);
void exec_command_free_array(ExecCommand **c, unsigned n);

char *exec_command_line(char **argv);

void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix);
void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix);
void exec_command_append_list(ExecCommand **l, ExecCommand *e);
int exec_command_set(ExecCommand *c, const char *path, ...);
int exec_command_append(ExecCommand *c, const char *path, ...);

void exec_context_init(ExecContext *c);
void exec_context_done(ExecContext *c);
void exec_context_dump(ExecContext *c, FILE* f, const char *prefix);

int exec_context_destroy_runtime_directory(ExecContext *c, const char *runtime_root);

int exec_context_load_environment(const ExecContext *c, const char *unit_id, char ***l);

bool exec_context_may_touch_console(ExecContext *c);
bool exec_context_maintains_privileges(ExecContext *c);

void exec_status_start(ExecStatus *s, pid_t pid);
void exec_status_exit(ExecStatus *s, ExecContext *context, pid_t pid, int code, int status);
void exec_status_dump(ExecStatus *s, FILE *f, const char *prefix);

int exec_runtime_make(ExecRuntime **rt, ExecContext *c, const char *id);
ExecRuntime *exec_runtime_ref(ExecRuntime *r);
ExecRuntime *exec_runtime_unref(ExecRuntime *r);

int exec_runtime_serialize(ExecRuntime *rt, Unit *u, FILE *f, FDSet *fds);
int exec_runtime_deserialize_item(ExecRuntime **rt, Unit *u, const char *key, const char *value, FDSet *fds);

void exec_runtime_destroy(ExecRuntime *rt);

const char* exec_output_to_string(ExecOutput i) _const_;
ExecOutput exec_output_from_string(const char *s) _pure_;

const char* exec_input_to_string(ExecInput i) _const_;
ExecInput exec_input_from_string(const char *s) _pure_;
Commit	Line	Data
03467c88	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
5cb5a6ff	2
c2f1db8f	3	#pragma once
5cb5a6ff	4
a7334b09 LP	5	/***
	6	This file is part of systemd.
	7
	8	Copyright 2010 Lennart Poettering
	9
	10	systemd is free software; you can redistribute it and/or modify it
5430f7f2 LP	11	under the terms of the GNU Lesser General Public License as published by
5430f7f2 LP	12	the Free Software Foundation; either version 2.1 of the License, or
a7334b09 LP	13	(at your option) any later version.
	14
	15	systemd is distributed in the hope that it will be useful, but
	16	WITHOUT ANY WARRANTY; without even the implied warranty of
	17	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2	18	Lesser General Public License for more details.
a7334b09	19
5430f7f2	20	You should have received a copy of the GNU Lesser General Public License
a7334b09 LP	21	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	22	***/
	23
5cb5a6ff LP	24	typedef struct ExecStatus ExecStatus;
	25	typedef struct ExecCommand ExecCommand;
	26	typedef struct ExecContext ExecContext;
613b411c	27	typedef struct ExecRuntime ExecRuntime;
9fa95f85	28	typedef struct ExecParameters ExecParameters;
5cb5a6ff	29
5cb5a6ff LP	30	#include <sys/capability.h>
	31	#include <stdbool.h>
	32	#include <stdio.h>
94f04347	33	#include <sched.h>
5cb5a6ff LP	34
5cb5a6ff LP	35	#include "list.h"
613b411c	36	#include "fdset.h"
517d56b1	37	#include "missing.h"
417116f2	38	#include "namespace.h"
bb7dd0b0	39	#include "bus-endpoint.h"
5cb5a6ff	40
80876c20 LP	41	typedef enum ExecInput {
	42	EXEC_INPUT_NULL,
	43	EXEC_INPUT_TTY,
	44	EXEC_INPUT_TTY_FORCE,
	45	EXEC_INPUT_TTY_FAIL,
4f2d528d	46	EXEC_INPUT_SOCKET,
80876c20 LP	47	_EXEC_INPUT_MAX,
	48	_EXEC_INPUT_INVALID = -1
	49	} ExecInput;
	50
071830ff	51	typedef enum ExecOutput {
80876c20	52	EXEC_OUTPUT_INHERIT,
94f04347	53	EXEC_OUTPUT_NULL,
80876c20	54	EXEC_OUTPUT_TTY,
94f04347	55	EXEC_OUTPUT_SYSLOG,
28dbc1e8	56	EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
9a6bca7a	57	EXEC_OUTPUT_KMSG,
28dbc1e8	58	EXEC_OUTPUT_KMSG_AND_CONSOLE,
706343f4 LP	59	EXEC_OUTPUT_JOURNAL,
706343f4 LP	60	EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
4f2d528d	61	EXEC_OUTPUT_SOCKET,
94f04347 LP	62	_EXEC_OUTPUT_MAX,
94f04347 LP	63	_EXEC_OUTPUT_INVALID = -1
071830ff LP	64	} ExecOutput;
071830ff LP	65
5cb5a6ff	66	struct ExecStatus {
63983207 LP	67	dual_timestamp start_timestamp;
63983207 LP	68	dual_timestamp exit_timestamp;
9d58f1db	69	pid_t pid;
9152c765 LP	70	int code; /* as in siginfo_t::si_code */
9152c765 LP	71	int status; /* as in sigingo_t::si_status */
5cb5a6ff LP	72	};
	73
	74	struct ExecCommand {
	75	char *path;
	76	char **argv;
034c6ed7 LP	77	ExecStatus exec_status;
034c6ed7 LP	78	LIST_FIELDS(ExecCommand, command); /* useful for chaining commands */
7fab9d01	79	bool ignore;
5cb5a6ff LP	80	};
5cb5a6ff LP	81
613b411c LP	82	struct ExecRuntime {
	83	int n_ref;
	84
	85	char *tmp_dir;
	86	char *var_tmp_dir;
	87
	88	int netns_storage_socket[2];
	89	};
	90
5cb5a6ff LP	91	struct ExecContext {
5cb5a6ff LP	92	char **environment;
8c7be95e LP	93	char **environment_files;
8c7be95e LP	94
517d56b1	95	struct rlimit *rlimit[_RLIMIT_MAX];
9eba9da4	96	char working_directory, root_directory;
4c08c824	97	bool working_directory_missing_ok;
9d58f1db LP	98
9d58f1db LP	99	mode_t umask;
dd6c17b1	100	int oom_score_adjust;
5cb5a6ff	101	int nice;
9eba9da4	102	int ioprio;
94f04347 LP	103	int cpu_sched_policy;
94f04347 LP	104	int cpu_sched_priority;
9d58f1db	105
82c121a4 LP	106	cpu_set_t *cpuset;
82c121a4 LP	107	unsigned cpuset_ncpus;
fb33a393	108
80876c20 LP	109	ExecInput std_input;
	110	ExecOutput std_output;
	111	ExecOutput std_error;
	112
d88a251b	113	nsec_t timer_slack_nsec;
071830ff	114
9d58f1db	115	char *tty_path;
5cb5a6ff	116
6ea832a2 LP	117	bool tty_reset;
	118	bool tty_vhangup;
	119	bool tty_vt_disallocate;
	120
353e12c2 LP	121	bool ignore_sigpipe;
353e12c2 LP	122
94f04347	123	/* Since resolving these names might might involve socket
5cb5a6ff	124	* connections and we don't want to deadlock ourselves these
94f04347 LP	125	* names are resolved on execution only and in the child
94f04347 LP	126	* process. */
5cb5a6ff LP	127	char *user;
	128	char *group;
	129	char **supplementary_groups;
9d58f1db	130
5b6319dc LP	131	char *pam_name;
5b6319dc LP	132
169c1bda LP	133	char *utmp_id;
169c1bda LP	134
5f8640fb	135	bool selinux_context_ignore;
7b52a628 MS	136	char *selinux_context;
7b52a628 MS	137
eef65bf3 MS	138	bool apparmor_profile_ignore;
	139	char *apparmor_profile;
	140
2ca620c4 WC	141	bool smack_process_label_ignore;
	142	char *smack_process_label;
	143
15ae422b LP	144	char read_write_dirs, read_only_dirs, **inaccessible_dirs;
	145	unsigned long mount_flags;
	146
9d58f1db LP	147	uint64_t capability_bounding_set_drop;
	148
	149	cap_t capabilities;
	150	int secure_bits;
	151
7fab9d01 LP	152	int syslog_priority;
	153	char *syslog_identifier;
	154	bool syslog_level_prefix;
	155
9d58f1db LP	156	bool cpu_sched_reset_on_fork;
9d58f1db LP	157	bool non_blocking;
15ae422b	158	bool private_tmp;
ff01d048	159	bool private_network;
7f112f50	160	bool private_devices;
1b8689f9 LP	161	ProtectSystem protect_system;
1b8689f9 LP	162	ProtectHome protect_home;
9d58f1db	163
8351ceae LP	164	bool no_new_privileges;
8351ceae LP	165
9d58f1db LP	166	/* This is not exposed to the user but available
	167	* internally. We need it to make sure that whenever we spawn
	168	* /bin/mount it is run in the same process group as us so
	169	* that the autofs logic detects that it belongs to us and we
	170	* don't enter a trigger loop. */
74922904	171	bool same_pgrp;
2e22afe9	172
ac45f971 LP	173	unsigned long personality;
ac45f971 LP	174
17df7223	175	Set *syscall_filter;
57183d11	176	Set *syscall_archs;
17df7223 LP	177	int syscall_errno;
17df7223 LP	178	bool syscall_whitelist:1;
8351ceae	179
4298d0b5 LP	180	Set *address_families;
	181	bool address_families_whitelist:1;
	182
e66cf1a3 LP	183	char **runtime_directory;
	184	mode_t runtime_directory_mode;
	185
dd6c17b1	186	bool oom_score_adjust_set:1;
7fab9d01 LP	187	bool nice_set:1;
	188	bool ioprio_set:1;
	189	bool cpu_sched_set:1;
760b9d7c	190	bool no_new_privileges_set:1;
bb7dd0b0 DM	191
	192	/* custom dbus enpoint */
	193	BusEndpoint *bus_endpoint;
5cb5a6ff LP	194	};
5cb5a6ff LP	195
4ad49000	196	#include "cgroup.h"
c1ff5570	197	#include "cgroup-util.h"
4ad49000	198
9fa95f85 DM	199	struct ExecParameters {
	200	char **argv;
	201	int *fds; unsigned n_fds;
	202	char **environment;
	203	bool apply_permissions;
	204	bool apply_chroot;
	205	bool apply_tty_stdin;
	206	bool confirm_spawn;
16115b0a	207	bool selinux_context_net;
9fa95f85 DM	208	CGroupControllerMask cgroup_supported;
9fa95f85 DM	209	const char *cgroup_path;
a931ad47	210	bool cgroup_delegate;
9fa95f85 DM	211	const char *runtime_prefix;
	212	const char *unit_id;
	213	usec_t watchdog_usec;
	214	int *idle_pipe;
e44da745 DM	215	char *bus_endpoint_path;
e44da745 DM	216	int bus_endpoint_fd;
9fa95f85 DM	217	};
9fa95f85 DM	218
9fb86720	219	int exec_spawn(ExecCommand *command,
9fa95f85 DM	220	const ExecContext *context,
9fa95f85 DM	221	const ExecParameters *exec_params,
613b411c	222	ExecRuntime *runtime,
81a2b7ce	223	pid_t *ret);
5cb5a6ff	224
43d0fcbd LP	225	void exec_command_done(ExecCommand *c);
	226	void exec_command_done_array(ExecCommand *c, unsigned n);
	227
f1acf85a	228	ExecCommand* exec_command_free_list(ExecCommand *c);
034c6ed7	229	void exec_command_free_array(ExecCommand **c, unsigned n);
5cb5a6ff	230
9e2f7c11 LP	231	char exec_command_line(char *argv);
9e2f7c11 LP	232
44d8db9e LP	233	void exec_command_dump(ExecCommand c, FILE f, const char *prefix);
44d8db9e LP	234	void exec_command_dump_list(ExecCommand c, FILE f, const char *prefix);
a6a80b4f	235	void exec_command_append_list(ExecCommand *l, ExecCommand e);
26fd040d	236	int exec_command_set(ExecCommand c, const char path, ...);
86b23b07	237	int exec_command_append(ExecCommand c, const char path, ...);
44d8db9e	238
034c6ed7	239	void exec_context_init(ExecContext *c);
613b411c	240	void exec_context_done(ExecContext *c);
5cb5a6ff LP	241	void exec_context_dump(ExecContext c, FILE f, const char *prefix);
5cb5a6ff LP	242
e66cf1a3 LP	243	int exec_context_destroy_runtime_directory(ExecContext c, const char runtime_root);
e66cf1a3 LP	244
7491ccf2	245	int exec_context_load_environment(const ExecContext c, const char unit_id, char ***l);
8c7be95e	246
6ac8fdc9	247	bool exec_context_may_touch_console(ExecContext *c);
a931ad47	248	bool exec_context_maintains_privileges(ExecContext *c);
6ac8fdc9	249
b58b4116	250	void exec_status_start(ExecStatus *s, pid_t pid);
6ea832a2	251	void exec_status_exit(ExecStatus s, ExecContext context, pid_t pid, int code, int status);
9fb86720	252	void exec_status_dump(ExecStatus s, FILE f, const char *prefix);
5cb5a6ff	253
613b411c LP	254	int exec_runtime_make(ExecRuntime *rt, ExecContext c, const char *id);
	255	ExecRuntime exec_runtime_ref(ExecRuntime r);
	256	ExecRuntime exec_runtime_unref(ExecRuntime r);
	257
	258	int exec_runtime_serialize(ExecRuntime rt, Unit u, FILE f, FDSet fds);
	259	int exec_runtime_deserialize_item(ExecRuntime *rt, Unit u, const char key, const char value, FDSet *fds);
	260
	261	void exec_runtime_destroy(ExecRuntime *rt);
	262
44a6b1b6 ZJS	263	const char* exec_output_to_string(ExecOutput i) _const_;
44a6b1b6 ZJS	264	ExecOutput exec_output_from_string(const char *s) _pure_;
94f04347	265
44a6b1b6 ZJS	266	const char* exec_input_to_string(ExecInput i) _const_;
44a6b1b6 ZJS	267	ExecInput exec_input_from_string(const char *s) _pure_;