]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/load-fragment.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tree-wide: "a" -> "an"
[thirdparty/systemd.git] / src / core / load-fragment.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
a7334b09 2/***
96b2fb93 3 Copyright © 2012 Holger Hans Peter Freyther
a7334b09
LP		 4***/
5
3efd4195 6#include <errno.h>
87f0e418 7#include <fcntl.h>
25e870b5 8#include <linux/fs.h>
5f5d8eab 9#include <linux/oom.h>
349cc4a5 10#if HAVE_SECCOMP
618234a5
LP		 11#include <seccomp.h>
12#endif
5f5d8eab 13#include <sched.h>
3d57c6ab 14#include <sys/resource.h>
3efd4195 15
bed0b7df
LP		 16#include "sd-messages.h"
17
5f5d8eab 18#include "af-list.h"
57b7a260 19#include "all-units.h"
786d19fd 20#include "alloc-util.h"
fab34748 21#include "bpf-firewall.h"
0879da98 22#include "bpf-program.h"
cd09a5f3 23#include "bpf-socket-bind.h"
5f5d8eab
LP		 24#include "bus-error.h"
25#include "bus-internal.h"
26#include "bus-util.h"
27#include "cap-list.h"
a103496c 28#include "capability-util.h"
fdb3deca 29#include "cgroup-setup.h"
3efd4195 30#include "conf-parser.h"
e30bbc90 31#include "core-varlink.h"
618234a5 32#include "cpu-set-util.h"
786d19fd 33#include "creds-util.h"
5f5d8eab
LP		 34#include "env-util.h"
35#include "errno-list.h"
4f5dd394 36#include "escape.h"
3ffd4af2 37#include "fd-util.h"
0389f4fa 38#include "fileio.h"
f4f15635 39#include "fs-util.h"
08f3be7a 40#include "hexdecoct.h"
d3070fbd 41#include "io-util.h"
9eba9da4 42#include "ioprio.h"
da96ad5a 43#include "ip-protocol-list.h"
adce225a 44#include "journal-file.h"
eefc66aa 45#include "limits-util.h"
3ffd4af2 46#include "load-fragment.h"
5f5d8eab 47#include "log.h"
049af8ad 48#include "mountpoint-util.h"
d8b4d14d 49#include "nulstr-util.h"
6bedfcbb 50#include "parse-util.h"
9eb977db 51#include "path-util.h"
ed5033fd 52#include "percent-util.h"
7b3e062c 53#include "process-util.h"
349cc4a5 54#if HAVE_SECCOMP
57183d11
LP		 55#include "seccomp-util.h"
56#endif
07d46372 57#include "securebits-util.h"
5f5d8eab 58#include "signal-util.h"
5c3fa98d 59#include "socket-netlink.h"
46a9ee5d 60#include "specifier.h"
8fcde012 61#include "stat-util.h"
07630cea 62#include "string-util.h"
5f5d8eab 63#include "strv.h"
91dd5f7c
LP		 64#include "syslog-util.h"
65#include "time-util.h"
5f5d8eab
LP		 66#include "unit-name.h"
67#include "unit-printf.h"
66dccd8d 68#include "user-util.h"
bb0c0d6f 69#include "utf8.h"
49cf4170 70#include "web-util.h"
57183d11 71
d2b42d63 72static int parse_socket_protocol(const char *s) {
53577580
YW		 73 int r;
74
d2b42d63 75 r = parse_ip_protocol(s);
53577580 76 if (r < 0)
acf4d158 77 return r;
53577580
YW		 78 if (!IN_SET(r, IPPROTO_UDPLITE, IPPROTO_SCTP))
79 return -EPROTONOSUPPORT;
80
81 return r;
82}
83
a07a7324
FS		 84int parse_crash_chvt(const char *value, int *data) {
85 int b;
86
87 if (safe_atoi(value, data) >= 0)
88 return 0;
89
90 b = parse_boolean(value);
91 if (b < 0)
92 return b;
93
94 if (b > 0)
95 *data = 0; /* switch to where kmsg goes */
96 else
97 *data = -1; /* turn off switching */
98
99 return 0;
100}
101
102int parse_confirm_spawn(const char *value, char **console) {
103 char *s;
104 int r;
105
106 r = value ? parse_boolean(value) : 1;
107 if (r == 0) {
108 *console = NULL;
109 return 0;
4a8daee7 110 } else if (r > 0) /* on with default tty */
a07a7324
FS		 111 s = strdup("/dev/console");
112 else if (is_path(value)) /* on with fully qualified path */
113 s = strdup(value);
114 else /* on with only a tty file name, not a fully qualified path */
4a8daee7 115 s = path_join("/dev/", value);
a07a7324
FS		 116 if (!s)
117 return -ENOMEM;
118
119 *console = s;
120 return 0;
121}
122
d2b42d63 123DEFINE_CONFIG_PARSE(config_parse_socket_protocol, parse_socket_protocol, "Failed to parse socket protocol");
53577580 124DEFINE_CONFIG_PARSE(config_parse_exec_secure_bits, secure_bits_from_string, "Failed to parse secure bits");
5afe510c 125DEFINE_CONFIG_PARSE_ENUM(config_parse_collect_mode, collect_mode, CollectMode, "Failed to parse garbage collection mode");
53577580 126DEFINE_CONFIG_PARSE_ENUM(config_parse_device_policy, cgroup_device_policy, CGroupDevicePolicy, "Failed to parse device policy");
53577580 127DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_keyring_mode, exec_keyring_mode, ExecKeyringMode, "Failed to parse keyring mode");
4e399953
LP		 128DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_proc, protect_proc, ProtectProc, "Failed to parse /proc/ protection mode");
129DEFINE_CONFIG_PARSE_ENUM(config_parse_proc_subset, proc_subset, ProcSubset, "Failed to parse /proc/ subset mode");
53577580
YW		 130DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_utmp_mode, exec_utmp_mode, ExecUtmpMode, "Failed to parse utmp mode");
131DEFINE_CONFIG_PARSE_ENUM(config_parse_job_mode, job_mode, JobMode, "Failed to parse job mode");
53577580 132DEFINE_CONFIG_PARSE_ENUM(config_parse_notify_access, notify_access, NotifyAccess, "Failed to parse notify access specifier");
1e8c7bd5
YW		 133DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_home, protect_home, ProtectHome, "Failed to parse protect home value");
134DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_system, protect_system, ProtectSystem, "Failed to parse protect system value");
53577580
YW		 135DEFINE_CONFIG_PARSE_ENUM(config_parse_runtime_preserve_mode, exec_preserve_mode, ExecPreserveMode, "Failed to parse runtime directory preserve mode");
136DEFINE_CONFIG_PARSE_ENUM(config_parse_service_type, service_type, ServiceType, "Failed to parse service type");
cb0e818f 137DEFINE_CONFIG_PARSE_ENUM(config_parse_service_exit_type, service_exit_type, ServiceExitType, "Failed to parse service exit type");
53577580 138DEFINE_CONFIG_PARSE_ENUM(config_parse_service_restart, service_restart, ServiceRestart, "Failed to parse service restart specifier");
bf760801 139DEFINE_CONFIG_PARSE_ENUM(config_parse_service_timeout_failure_mode, service_timeout_failure_mode, ServiceTimeoutFailureMode, "Failed to parse timeout failure mode");
53577580 140DEFINE_CONFIG_PARSE_ENUM(config_parse_socket_bind, socket_address_bind_ipv6_only_or_bool, SocketAddressBindIPv6Only, "Failed to parse bind IPv6 only value");
afcfaa69 141DEFINE_CONFIG_PARSE_ENUM(config_parse_oom_policy, oom_policy, OOMPolicy, "Failed to parse OOM policy");
4e806bfa 142DEFINE_CONFIG_PARSE_ENUM(config_parse_managed_oom_preference, managed_oom_preference, ManagedOOMPreference, "Failed to parse ManagedOOMPreference=");
53577580
YW		 143DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_ip_tos, ip_tos, int, -1, "Failed to parse IP TOS value");
144DEFINE_CONFIG_PARSE_PTR(config_parse_blockio_weight, cg_blkio_weight_parse, uint64_t, "Invalid block IO weight");
145DEFINE_CONFIG_PARSE_PTR(config_parse_cg_weight, cg_weight_parse, uint64_t, "Invalid weight");
146DEFINE_CONFIG_PARSE_PTR(config_parse_cpu_shares, cg_cpu_shares_parse, uint64_t, "Invalid CPU shares");
147DEFINE_CONFIG_PARSE_PTR(config_parse_exec_mount_flags, mount_propagation_flags_from_string, unsigned long, "Failed to parse mount flag");
b070c7c0 148DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_numa_policy, mpol, int, -1, "Invalid NUMA policy type");
6327aa9f 149DEFINE_CONFIG_PARSE_ENUM(config_parse_status_unit_format, status_unit_format, StatusUnitFormat, "Failed to parse status unit format");
9b191525 150DEFINE_CONFIG_PARSE_ENUM_FULL(config_parse_socket_timestamping, socket_timestamping_from_string_harder, SocketTimestamping, "Failed to parse timestamping precision");
5afe510c 151
f32b43bd
LP		 152int config_parse_unit_deps(
153 const char *unit,
154 const char *filename,
155 unsigned line,
156 const char *section,
157 unsigned section_line,
158 const char *lvalue,
159 int ltype,
160 const char *rvalue,
161 void *data,
162 void *userdata) {
3efd4195 163
f975e971 164 UnitDependency d = ltype;
87f0e418 165 Unit *u = userdata;
3efd4195
LP		 166
167 assert(filename);
168 assert(lvalue);
169 assert(rvalue);
3efd4195 170
323dda78 171 for (const char *p = rvalue;;) {
3d793d29 172 _cleanup_free_ char *word = NULL, *k = NULL;
3efd4195 173 int r;
3efd4195 174
c89f52ac 175 r = extract_first_word(&p, &word, NULL, EXTRACT_RETAIN_ESCAPE);
3d793d29 176 if (r == 0)
323dda78 177 return 0;
3d793d29 178 if (r == -ENOMEM)
74051b9b 179 return log_oom();
3d793d29 180 if (r < 0) {
323dda78
YW		 181 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
182 return 0;
3d793d29 183 }
3efd4195 184
3d793d29 185 r = unit_name_printf(u, word, &k);
19f6d710 186 if (r < 0) {
323dda78 187 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
19f6d710
LP		 188 continue;
189 }
9e2f7c11 190
35d8c19a 191 r = unit_add_dependency_by_name(u, d, k, true, UNIT_DEPENDENCY_FILE);
57020a3a 192 if (r < 0)
323dda78 193 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
3efd4195 194 }
3efd4195
LP		 195}
196
f32b43bd
LP		 197int config_parse_obsolete_unit_deps(
198 const char *unit,
199 const char *filename,
200 unsigned line,
201 const char *section,
202 unsigned section_line,
203 const char *lvalue,
204 int ltype,
205 const char *rvalue,
206 void *data,
207 void *userdata) {
208
209 log_syntax(unit, LOG_WARNING, filename, line, 0,
210 "Unit dependency type %s= is obsolete, replacing by %s=, please update your unit file", lvalue, unit_dependency_to_string(ltype));
211
212 return config_parse_unit_deps(unit, filename, line, section, section_line, lvalue, ltype, rvalue, data, userdata);
213}
214
b02cb41c
LP		 215int config_parse_unit_string_printf(
216 const char *unit,
217 const char *filename,
218 unsigned line,
219 const char *section,
220 unsigned section_line,
221 const char *lvalue,
222 int ltype,
223 const char *rvalue,
224 void *data,
225 void *userdata) {
932921b5 226
74051b9b 227 _cleanup_free_ char *k = NULL;
47538b76 228 const Unit *u = userdata;
19f6d710 229 int r;
932921b5
LP		 230
231 assert(filename);
232 assert(lvalue);
233 assert(rvalue);
f2d3769a 234 assert(u);
932921b5 235
19f6d710 236 r = unit_full_printf(u, rvalue, &k);
b02cb41c 237 if (r < 0) {
323dda78 238 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
b02cb41c
LP		 239 return 0;
240 }
932921b5 241
b02cb41c 242 return config_parse_string(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
932921b5
LP		 243}
244
12ca818f
LP		 245int config_parse_unit_strv_printf(
246 const char *unit,
247 const char *filename,
248 unsigned line,
249 const char *section,
250 unsigned section_line,
251 const char *lvalue,
252 int ltype,
253 const char *rvalue,
254 void *data,
255 void *userdata) {
8fef7659 256
47538b76 257 const Unit *u = userdata;
74051b9b 258 _cleanup_free_ char *k = NULL;
19f6d710 259 int r;
8fef7659
LP		 260
261 assert(filename);
262 assert(lvalue);
263 assert(rvalue);
264 assert(u);
265
19f6d710 266 r = unit_full_printf(u, rvalue, &k);
12ca818f 267 if (r < 0) {
323dda78 268 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
12ca818f
LP		 269 return 0;
270 }
8fef7659 271
12ca818f 272 return config_parse_strv(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
8fef7659
LP		 273}
274
5f5d8eab
LP		 275int config_parse_unit_path_printf(
276 const char *unit,
277 const char *filename,
278 unsigned line,
279 const char *section,
280 unsigned section_line,
281 const char *lvalue,
282 int ltype,
283 const char *rvalue,
284 void *data,
285 void *userdata) {
6ea832a2 286
74051b9b 287 _cleanup_free_ char *k = NULL;
47538b76 288 const Unit *u = userdata;
19f6d710 289 int r;
2c75fb73 290 bool fatal = ltype;
6ea832a2
LP		 291
292 assert(filename);
293 assert(lvalue);
294 assert(rvalue);
6ea832a2
LP		 295 assert(u);
296
06536492 297 r = unit_path_printf(u, rvalue, &k);
811ba7a0 298 if (r < 0) {
323dda78 299 log_syntax(unit, fatal ? LOG_ERR : LOG_WARNING, filename, line, r,
063c4b1a 300 "Failed to resolve unit specifiers in '%s'%s: %m",
e3c3d676 301 rvalue, fatal ? "" : ", ignoring");
2c75fb73 302 return fatal ? -ENOEXEC : 0;
811ba7a0 303 }
6ea832a2 304
811ba7a0
LP		 305 return config_parse_path(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
306}
307
308int config_parse_unit_path_strv_printf(
309 const char *unit,
310 const char *filename,
311 unsigned line,
312 const char *section,
313 unsigned section_line,
314 const char *lvalue,
315 int ltype,
316 const char *rvalue,
317 void *data,
318 void *userdata) {
319
a2a5291b 320 char ***x = data;
47538b76 321 const Unit *u = userdata;
811ba7a0
LP		 322 int r;
323
324 assert(filename);
325 assert(lvalue);
326 assert(rvalue);
327 assert(u);
328
499295fb 329 if (isempty(rvalue)) {
9f2d41a6 330 *x = strv_free(*x);
499295fb
YW		 331 return 0;
332 }
333
323dda78 334 for (const char *p = rvalue;;) {
035fe294 335 _cleanup_free_ char *word = NULL, *k = NULL;
811ba7a0 336
4ec85141 337 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
035fe294
ZJS		 338 if (r == 0)
339 return 0;
340 if (r == -ENOMEM)
341 return log_oom();
342 if (r < 0) {
343 log_syntax(unit, LOG_WARNING, filename, line, r,
344 "Invalid syntax, ignoring: %s", rvalue);
345 return 0;
346 }
811ba7a0 347
06536492 348 r = unit_path_printf(u, word, &k);
811ba7a0 349 if (r < 0) {
323dda78 350 log_syntax(unit, LOG_WARNING, filename, line, r,
063c4b1a 351 "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
811ba7a0
LP		 352 return 0;
353 }
354
2f4d31c1
YW		 355 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
356 if (r < 0)
811ba7a0 357 return 0;
811ba7a0 358
7d2c9c6b 359 r = strv_consume(x, TAKE_PTR(k));
811ba7a0
LP		 360 if (r < 0)
361 return log_oom();
811ba7a0 362 }
6ea832a2
LP		 363}
364
4a66b5c9
LP		 365static int patch_var_run(
366 const char *unit,
367 const char *filename,
368 unsigned line,
369 const char *lvalue,
370 char **path) {
371
372 const char *e;
373 char *z;
374
375 e = path_startswith(*path, "/var/run/");
376 if (!e)
377 return 0;
378
379 z = path_join("/run/", e);
380 if (!z)
381 return log_oom();
382
383 log_syntax(unit, LOG_NOTICE, filename, line, 0,
384 "%s= references a path below legacy directory /var/run/, updating %s → %s; "
385 "please update the unit file accordingly.", lvalue, *path, z);
386
387 free_and_replace(*path, z);
388
389 return 1;
390}
391
392int config_parse_socket_listen(
393 const char *unit,
394 const char *filename,
395 unsigned line,
396 const char *section,
397 unsigned section_line,
398 const char *lvalue,
399 int ltype,
400 const char *rvalue,
401 void *data,
402 void *userdata) {
42f4e3c4 403
b1389b0d
ZJS		 404 _cleanup_free_ SocketPort *p = NULL;
405 SocketPort *tail;
542563ba 406 Socket *s;
19f6d710 407 int r;
16354eff 408
42f4e3c4
LP		 409 assert(filename);
410 assert(lvalue);
411 assert(rvalue);
412 assert(data);
413
595ed347 414 s = SOCKET(data);
542563ba 415
74051b9b
LP		 416 if (isempty(rvalue)) {
417 /* An empty assignment removes all ports */
418 socket_free_ports(s);
419 return 0;
420 }
421
7f110ff9
LP		 422 p = new0(SocketPort, 1);
423 if (!p)
74051b9b 424 return log_oom();
916abb21 425
74051b9b 426 if (ltype != SOCKET_SOCKET) {
2f4d31c1 427 _cleanup_free_ char *k = NULL;
916abb21 428
06536492 429 r = unit_path_printf(UNIT(s), rvalue, &k);
19f6d710 430 if (r < 0) {
323dda78 431 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
12ca818f 432 return 0;
916abb21
LP		 433 }
434
2f4d31c1
YW		 435 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
436 if (r < 0)
437 return 0;
438
4a66b5c9
LP		 439 if (ltype == SOCKET_FIFO) {
440 r = patch_var_run(unit, filename, line, lvalue, &k);
441 if (r < 0)
442 return r;
443 }
444
2f4d31c1
YW		 445 free_and_replace(p->path, k);
446 p->type = ltype;
916abb21 447
7a22745a 448 } else if (streq(lvalue, "ListenNetlink")) {
74051b9b 449 _cleanup_free_ char *k = NULL;
1fd45a90 450
06536492 451 r = unit_path_printf(UNIT(s), rvalue, &k);
12ca818f 452 if (r < 0) {
323dda78 453 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
12ca818f
LP		 454 return 0;
455 }
7a22745a 456
12ca818f 457 r = socket_address_parse_netlink(&p->address, k);
1fd45a90 458 if (r < 0) {
323dda78 459 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse address value in '%s', ignoring: %m", k);
7a22745a
LP		 460 return 0;
461 }
462
2f4d31c1
YW		 463 p->type = SOCKET_SOCKET;
464
542563ba 465 } else {
74051b9b 466 _cleanup_free_ char *k = NULL;
1fd45a90 467
06536492 468 r = unit_path_printf(UNIT(s), rvalue, &k);
12ca818f 469 if (r < 0) {
323dda78 470 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
12ca818f
LP		 471 return 0;
472 }
542563ba 473
4a66b5c9
LP		 474 if (k[0] == '/') { /* Only for AF_UNIX file system sockets… */
475 r = patch_var_run(unit, filename, line, lvalue, &k);
476 if (r < 0)
477 return r;
478 }
479
12ca818f 480 r = socket_address_parse_and_warn(&p->address, k);
1fd45a90 481 if (r < 0) {
f847b8b7 482 if (r != -EAFNOSUPPORT)
323dda78 483 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse address value in '%s', ignoring: %m", k);
c0b34696 484 return 0;
542563ba
LP		 485 }
486
487 if (streq(lvalue, "ListenStream"))
488 p->address.type = SOCK_STREAM;
489 else if (streq(lvalue, "ListenDatagram"))
490 p->address.type = SOCK_DGRAM;
491 else {
492 assert(streq(lvalue, "ListenSequentialPacket"));
493 p->address.type = SOCK_SEQPACKET;
494 }
495
496 if (socket_address_family(&p->address) != AF_LOCAL && p->address.type == SOCK_SEQPACKET) {
323dda78 497 log_syntax(unit, LOG_WARNING, filename, line, 0, "Address family not supported, ignoring: %s", rvalue);
c0b34696 498 return 0;
542563ba 499 }
2f4d31c1
YW		 500
501 p->type = SOCKET_SOCKET;
16354eff
LP		 502 }
503
542563ba 504 p->fd = -1;
15087cdb
PS		 505 p->auxiliary_fds = NULL;
506 p->n_auxiliary_fds = 0;
2e41a51e 507 p->socket = s;
49f91047 508
533f8a67
YW		 509 LIST_FIND_TAIL(port, s->ports, tail);
510 LIST_INSERT_AFTER(port, s->ports, tail, p);
511
b1389b0d 512 p = NULL;
542563ba 513
16354eff 514 return 0;
42f4e3c4
LP		 515}
516
41bf0590
LP		 517int config_parse_exec_nice(
518 const char *unit,
519 const char *filename,
520 unsigned line,
521 const char *section,
522 unsigned section_line,
523 const char *lvalue,
524 int ltype,
525 const char *rvalue,
526 void *data,
527 void *userdata) {
034c6ed7 528
fb33a393 529 ExecContext *c = data;
e8e581bf 530 int priority, r;
034c6ed7
LP		 531
532 assert(filename);
533 assert(lvalue);
534 assert(rvalue);
535 assert(data);
536
de5e6038
YW		 537 if (isempty(rvalue)) {
538 c->nice_set = false;
539 return 0;
540 }
541
41bf0590 542 r = parse_nice(rvalue, &priority);
e8e581bf 543 if (r < 0) {
41bf0590 544 if (r == -ERANGE)
323dda78 545 log_syntax(unit, LOG_WARNING, filename, line, r, "Nice priority out of range, ignoring: %s", rvalue);
41bf0590 546 else
323dda78 547 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse nice priority '%s', ignoring: %m", rvalue);
c0b34696 548 return 0;
034c6ed7
LP		 549 }
550
fb33a393 551 c->nice = priority;
71155933 552 c->nice_set = true;
fb33a393 553
034c6ed7
LP		 554 return 0;
555}
556
e9eb2c02
LP		 557int config_parse_exec_oom_score_adjust(
558 const char* unit,
559 const char *filename,
560 unsigned line,
561 const char *section,
562 unsigned section_line,
563 const char *lvalue,
564 int ltype,
565 const char *rvalue,
566 void *data,
567 void *userdata) {
034c6ed7 568
fb33a393 569 ExecContext *c = data;
e8e581bf 570 int oa, r;
034c6ed7
LP		 571
572 assert(filename);
573 assert(lvalue);
574 assert(rvalue);
575 assert(data);
576
e9eb2c02
LP		 577 if (isempty(rvalue)) {
578 c->oom_score_adjust_set = false;
c0b34696 579 return 0;
034c6ed7
LP		 580 }
581
e9eb2c02 582 r = parse_oom_score_adjust(rvalue, &oa);
e9eb2c02 583 if (r < 0) {
063c4b1a 584 if (r == -ERANGE)
323dda78 585 log_syntax(unit, LOG_WARNING, filename, line, r, "OOM score adjust value out of range, ignoring: %s", rvalue);
063c4b1a 586 else
323dda78 587 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse the OOM score adjust value '%s', ignoring: %m", rvalue);
c0b34696 588 return 0;
034c6ed7
LP		 589 }
590
dd6c17b1
LP		 591 c->oom_score_adjust = oa;
592 c->oom_score_adjust_set = true;
fb33a393 593
034c6ed7
LP		 594 return 0;
595}
596
ad21e542
ZJS		 597int config_parse_exec_coredump_filter(
598 const char* unit,
599 const char *filename,
600 unsigned line,
601 const char *section,
602 unsigned section_line,
603 const char *lvalue,
604 int ltype,
605 const char *rvalue,
606 void *data,
607 void *userdata) {
608
609 ExecContext *c = data;
610 int r;
611
612 assert(filename);
613 assert(lvalue);
614 assert(rvalue);
615 assert(data);
616
617 if (isempty(rvalue)) {
618 c->coredump_filter = 0;
619 c->coredump_filter_set = false;
620 return 0;
621 }
622
623 uint64_t f;
624 r = coredump_filter_mask_from_string(rvalue, &f);
625 if (r < 0) {
626 log_syntax(unit, LOG_WARNING, filename, line, r,
627 "Failed to parse the CoredumpFilter=%s, ignoring: %m", rvalue);
628 return 0;
629 }
630
631 c->coredump_filter |= f;
632 c->oom_score_adjust_set = true;
633 return 0;
634}
635
d068765b
LP		 636int config_parse_kill_mode(
637 const char* unit,
638 const char *filename,
639 unsigned line,
640 const char *section,
641 unsigned section_line,
642 const char *lvalue,
643 int ltype,
644 const char *rvalue,
645 void *data,
646 void *userdata) {
647
648 KillMode *k = data, m;
649
650 assert(filename);
651 assert(lvalue);
652 assert(rvalue);
653 assert(data);
654
655 if (isempty(rvalue)) {
656 *k = KILL_CONTROL_GROUP;
657 return 0;
658 }
659
660 m = kill_mode_from_string(rvalue);
661 if (m < 0) {
b98680b2 662 log_syntax(unit, LOG_WARNING, filename, line, m,
d068765b
LP		 663 "Failed to parse kill mode specification, ignoring: %s", rvalue);
664 return 0;
665 }
666
667 if (m == KILL_NONE)
668 log_syntax(unit, LOG_WARNING, filename, line, 0,
669 "Unit configured to use KillMode=none. "
15e6a6e8 670 "This is unsafe, as it disables systemd's process lifecycle management for the service. "
d068765b
LP		 671 "Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. "
672 "Support for KillMode=none is deprecated and will eventually be removed.");
673
674 *k = m;
675 return 0;
676}
677
527b7a42
LP		 678int config_parse_exec(
679 const char *unit,
680 const char *filename,
681 unsigned line,
682 const char *section,
683 unsigned section_line,
684 const char *lvalue,
685 int ltype,
686 const char *rvalue,
687 void *data,
688 void *userdata) {
034c6ed7 689
46a0d98a 690 ExecCommand **e = data;
47538b76 691 const Unit *u = userdata;
46a0d98a
FB		 692 const char *p;
693 bool semicolon;
7f110ff9 694 int r;
034c6ed7
LP		 695
696 assert(filename);
697 assert(lvalue);
698 assert(rvalue);
61e5d8ed 699 assert(e);
034c6ed7 700
74051b9b 701 e += ltype;
c83f1f30 702
74051b9b
LP		 703 if (isempty(rvalue)) {
704 /* An empty assignment resets the list */
f1acf85a 705 *e = exec_command_free_list(*e);
74051b9b
LP		 706 return 0;
707 }
708
bd1b973f 709 p = rvalue;
46a0d98a 710 do {
dea7b6b0 711 _cleanup_free_ char *path = NULL, *firstword = NULL;
165a31c0
LP		 712 ExecCommandFlags flags = 0;
713 bool ignore = false, separate_argv0 = false;
dea7b6b0 714 _cleanup_free_ ExecCommand *nce = NULL;
46a0d98a 715 _cleanup_strv_free_ char **n = NULL;
319a4f4b 716 size_t nlen = 0;
5125e762 717 const char *f;
6c666e26 718
46a0d98a
FB		 719 semicolon = false;
720
4ec85141 721 r = extract_first_word_and_warn(&p, &firstword, NULL, EXTRACT_UNQUOTE|EXTRACT_CUNESCAPE, unit, filename, line, rvalue);
46a0d98a
FB		 722 if (r <= 0)
723 return 0;
6c666e26 724
598c47c8
ZJS		 725 /* A lone ";" is a separator. Let's make sure we don't treat it as an executable name. */
726 if (streq(firstword, ";")) {
727 semicolon = true;
728 continue;
729 }
730
46a0d98a 731 f = firstword;
007f48bb 732 for (;;) {
165a31c0
LP		 733 /* We accept an absolute path as first argument. If it's prefixed with - and the path doesn't
734 * exist, we ignore it instead of erroring out; if it's prefixed with @, we allow overriding of
7ca69792
AZ		 735 * argv[0]; if it's prefixed with :, we will not do environment variable substitution;
736 * if it's prefixed with +, it will be run with full privileges and no sandboxing; if
165a31c0
LP		 737 * it's prefixed with '!' we apply sandboxing, but do not change user/group credentials; if
738 * it's prefixed with '!!', then we apply user/group credentials if the kernel supports ambient
739 * capabilities -- if it doesn't we don't apply the credentials themselves, but do apply most
740 * other sandboxing, with some special exceptions for changing UID.
741 *
742 * The idea is that '!!' may be used to write services that can take benefit of systemd's
743 * UID/GID dropping if the kernel supports ambient creds, but provide an automatic fallback to
744 * privilege dropping within the daemon if the kernel does not offer that. */
745
746 if (*f == '-' && !(flags & EXEC_COMMAND_IGNORE_FAILURE)) {
747 flags |= EXEC_COMMAND_IGNORE_FAILURE;
46a0d98a 748 ignore = true;
165a31c0 749 } else if (*f == '@' && !separate_argv0)
46a0d98a 750 separate_argv0 = true;
7ca69792
AZ		 751 else if (*f == ':' && !(flags & EXEC_COMMAND_NO_ENV_EXPAND))
752 flags |= EXEC_COMMAND_NO_ENV_EXPAND;
165a31c0
LP		 753 else if (*f == '+' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_NO_SETUID|EXEC_COMMAND_AMBIENT_MAGIC)))
754 flags |= EXEC_COMMAND_FULLY_PRIVILEGED;
755 else if (*f == '!' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_NO_SETUID|EXEC_COMMAND_AMBIENT_MAGIC)))
756 flags |= EXEC_COMMAND_NO_SETUID;
757 else if (*f == '!' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_AMBIENT_MAGIC))) {
758 flags &= ~EXEC_COMMAND_NO_SETUID;
759 flags |= EXEC_COMMAND_AMBIENT_MAGIC;
760 } else
46a0d98a 761 break;
313cefa1 762 f++;
61e5d8ed 763 }
46a0d98a 764
06536492 765 r = unit_path_printf(u, f, &path);
5125e762 766 if (r < 0) {
323dda78 767 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
063c4b1a 768 "Failed to resolve unit specifiers in '%s'%s: %m",
bb28e684
ZJS		 769 f, ignore ? ", ignoring" : "");
770 return ignore ? 0 : -ENOEXEC;
5125e762
LP		 771 }
772
773 if (isempty(path)) {
46a0d98a 774 /* First word is either "-" or "@" with no command. */
323dda78 775 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
063c4b1a 776 "Empty path in command line%s: '%s'",
bb28e684
ZJS		 777 ignore ? ", ignoring" : "", rvalue);
778 return ignore ? 0 : -ENOEXEC;
b2fadec6 779 }
5125e762 780 if (!string_is_safe(path)) {
323dda78 781 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
5008da1e
ZJS		 782 "Executable name contains special characters%s: %s",
783 ignore ? ", ignoring" : "", path);
bb28e684 784 return ignore ? 0 : -ENOEXEC;
46a0d98a 785 }
5125e762 786 if (endswith(path, "/")) {
323dda78 787 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
bb28e684 788 "Executable path specifies a directory%s: %s",
5008da1e 789 ignore ? ", ignoring" : "", path);
bb28e684 790 return ignore ? 0 : -ENOEXEC;
46a0d98a 791 }
61e5d8ed 792
108144ad 793 if (!(path_is_absolute(path) ? path_is_valid(path) : filename_is_valid(path))) {
9f71ba8d
ZJS		 794 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
795 "Neither a valid executable name nor an absolute path%s: %s",
796 ignore ? ", ignoring" : "", path);
797 return ignore ? 0 : -ENOEXEC;
5008da1e
ZJS		 798 }
799
46a0d98a 800 if (!separate_argv0) {
5125e762
LP		 801 char *w = NULL;
802
319a4f4b 803 if (!GREEDY_REALLOC(n, nlen + 2))
46a0d98a 804 return log_oom();
5125e762
LP		 805
806 w = strdup(path);
807 if (!w)
46a0d98a 808 return log_oom();
5125e762 809 n[nlen++] = w;
46a0d98a
FB		 810 n[nlen] = NULL;
811 }
7f110ff9 812
4ff361cc 813 path_simplify(path);
46a0d98a 814
4b1c1753 815 while (!isempty(p)) {
5125e762 816 _cleanup_free_ char *word = NULL, *resolved = NULL;
46a0d98a
FB		 817
818 /* Check explicitly for an unquoted semicolon as
819 * command separator token. */
820 if (p[0] == ';' && (!p[1] || strchr(WHITESPACE, p[1]))) {
313cefa1 821 p++;
46a0d98a
FB		 822 p += strspn(p, WHITESPACE);
823 semicolon = true;
824 break;
c8539536 825 }
7f110ff9 826
5125e762
LP		 827 /* Check for \; explicitly, to not confuse it with \\; or "\;" or "\\;" etc.
828 * extract_first_word() would return the same for all of those. */
46a0d98a 829 if (p[0] == '\\' && p[1] == ';' && (!p[2] || strchr(WHITESPACE, p[2]))) {
5125e762
LP		 830 char *w;
831
46a0d98a
FB		 832 p += 2;
833 p += strspn(p, WHITESPACE);
5125e762 834
319a4f4b 835 if (!GREEDY_REALLOC(n, nlen + 2))
46a0d98a 836 return log_oom();
5125e762
LP		 837
838 w = strdup(";");
839 if (!w)
46a0d98a 840 return log_oom();
5125e762 841 n[nlen++] = w;
46a0d98a
FB		 842 n[nlen] = NULL;
843 continue;
61e5d8ed 844 }
c8539536 845
4ec85141 846 r = extract_first_word_and_warn(&p, &word, NULL, EXTRACT_UNQUOTE|EXTRACT_CUNESCAPE, unit, filename, line, rvalue);
46a0d98a
FB		 847 if (r == 0)
848 break;
5125e762 849 if (r < 0)
bb28e684 850 return ignore ? 0 : -ENOEXEC;
5125e762 851
06536492 852 r = unit_path_printf(u, word, &resolved);
5125e762 853 if (r < 0) {
323dda78 854 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
063c4b1a 855 "Failed to resolve unit specifiers in %s%s: %m",
bb28e684
ZJS		 856 word, ignore ? ", ignoring" : "");
857 return ignore ? 0 : -ENOEXEC;
5125e762 858 }
46a0d98a 859
319a4f4b 860 if (!GREEDY_REALLOC(n, nlen + 2))
46a0d98a 861 return log_oom();
1cc6c93a
YW		 862
863 n[nlen++] = TAKE_PTR(resolved);
46a0d98a 864 n[nlen] = NULL;
61e5d8ed
LP		 865 }
866
46a0d98a 867 if (!n || !n[0]) {
323dda78 868 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, 0,
bb28e684
ZJS		 869 "Empty executable name or zeroeth argument%s: %s",
870 ignore ? ", ignoring" : "", rvalue);
871 return ignore ? 0 : -ENOEXEC;
7f110ff9 872 }
6c666e26 873
7f110ff9 874 nce = new0(ExecCommand, 1);
46a0d98a
FB		 875 if (!nce)
876 return log_oom();
61e5d8ed 877
1cc6c93a
YW		 878 nce->argv = TAKE_PTR(n);
879 nce->path = TAKE_PTR(path);
165a31c0 880 nce->flags = flags;
034c6ed7 881
61e5d8ed 882 exec_command_append_list(e, nce);
01f78473 883
46a0d98a 884 /* Do not _cleanup_free_ these. */
46a0d98a 885 nce = NULL;
034c6ed7 886
46a0d98a
FB		 887 rvalue = p;
888 } while (semicolon);
034c6ed7 889
46a0d98a 890 return 0;
034c6ed7
LP		 891}
892
d31645ad
LP		 893int config_parse_socket_bindtodevice(
894 const char* unit,
895 const char *filename,
896 unsigned line,
897 const char *section,
898 unsigned section_line,
899 const char *lvalue,
900 int ltype,
901 const char *rvalue,
902 void *data,
903 void *userdata) {
acbb0225
LP		 904
905 Socket *s = data;
acbb0225
LP		 906
907 assert(filename);
908 assert(lvalue);
909 assert(rvalue);
910 assert(data);
911
063c4b1a
YW		 912 if (isempty(rvalue) || streq(rvalue, "*")) {
913 s->bind_to_device = mfree(s->bind_to_device);
914 return 0;
915 }
d31645ad 916
063c4b1a 917 if (!ifname_valid(rvalue)) {
323dda78 918 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid interface name, ignoring: %s", rvalue);
063c4b1a
YW		 919 return 0;
920 }
acbb0225 921
b3f9c17a 922 return free_and_strdup_warn(&s->bind_to_device, rvalue);
acbb0225
LP		 923}
924
9bd6a50e
LP		 925int config_parse_exec_input(
926 const char *unit,
927 const char *filename,
928 unsigned line,
929 const char *section,
930 unsigned section_line,
931 const char *lvalue,
932 int ltype,
933 const char *rvalue,
934 void *data,
935 void *userdata) {
52c239d7 936
52c239d7 937 ExecContext *c = data;
47538b76 938 const Unit *u = userdata;
2038c3f5
LP		 939 const char *n;
940 ExecInput ei;
52c239d7
LB		 941 int r;
942
943 assert(data);
944 assert(filename);
945 assert(line);
946 assert(rvalue);
947
2038c3f5
LP		 948 n = startswith(rvalue, "fd:");
949 if (n) {
950 _cleanup_free_ char *resolved = NULL;
951
06536492 952 r = unit_fd_printf(u, n, &resolved);
323dda78
YW		 953 if (r < 0) {
954 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", n);
955 return 0;
956 }
2038c3f5
LP		 957
958 if (isempty(resolved))
959 resolved = mfree(resolved);
960 else if (!fdname_is_valid(resolved)) {
323dda78
YW		 961 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid file descriptor name, ignoring: %s", resolved);
962 return 0;
52c239d7 963 }
9bd6a50e 964
2038c3f5
LP		 965 free_and_replace(c->stdio_fdname[STDIN_FILENO], resolved);
966
967 ei = EXEC_INPUT_NAMED_FD;
968
969 } else if ((n = startswith(rvalue, "file:"))) {
970 _cleanup_free_ char *resolved = NULL;
971
06536492 972 r = unit_path_printf(u, n, &resolved);
323dda78
YW		 973 if (r < 0) {
974 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", n);
975 return 0;
976 }
9bd6a50e 977
2f4d31c1
YW		 978 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
979 if (r < 0)
323dda78 980 return 0;
2038c3f5
LP		 981
982 free_and_replace(c->stdio_file[STDIN_FILENO], resolved);
983
984 ei = EXEC_INPUT_FILE;
9bd6a50e 985
52c239d7 986 } else {
9bd6a50e
LP		 987 ei = exec_input_from_string(rvalue);
988 if (ei < 0) {
b98680b2 989 log_syntax(unit, LOG_WARNING, filename, line, ei, "Failed to parse input specifier, ignoring: %s", rvalue);
9bd6a50e
LP		 990 return 0;
991 }
52c239d7 992 }
9bd6a50e 993
2038c3f5 994 c->std_input = ei;
9bd6a50e 995 return 0;
52c239d7
LB		 996}
997
08f3be7a
LP		 998int config_parse_exec_input_text(
999 const char *unit,
1000 const char *filename,
1001 unsigned line,
1002 const char *section,
1003 unsigned section_line,
1004 const char *lvalue,
1005 int ltype,
1006 const char *rvalue,
1007 void *data,
1008 void *userdata) {
1009
1010 _cleanup_free_ char *unescaped = NULL, *resolved = NULL;
1011 ExecContext *c = data;
47538b76 1012 const Unit *u = userdata;
08f3be7a
LP		 1013 size_t sz;
1014 void *p;
1015 int r;
1016
1017 assert(data);
1018 assert(filename);
1019 assert(line);
1020 assert(rvalue);
1021
1022 if (isempty(rvalue)) {
1023 /* Reset if the empty string is assigned */
1024 c->stdin_data = mfree(c->stdin_data);
1025 c->stdin_data_size = 0;
52c239d7
LB		 1026 return 0;
1027 }
08f3be7a
LP		 1028
1029 r = cunescape(rvalue, 0, &unescaped);
323dda78
YW		 1030 if (r < 0) {
1031 log_syntax(unit, LOG_WARNING, filename, line, r,
1032 "Failed to decode C escaped text '%s', ignoring: %m", rvalue);
1033 return 0;
1034 }
08f3be7a 1035
06536492 1036 r = unit_full_printf_full(u, unescaped, EXEC_STDIN_DATA_MAX, &resolved);
323dda78
YW		 1037 if (r < 0) {
1038 log_syntax(unit, LOG_WARNING, filename, line, r,
1039 "Failed to resolve unit specifiers in '%s', ignoring: %m", unescaped);
1040 return 0;
1041 }
08f3be7a
LP		 1042
1043 sz = strlen(resolved);
1044 if (c->stdin_data_size + sz + 1 < c->stdin_data_size || /* check for overflow */
1045 c->stdin_data_size + sz + 1 > EXEC_STDIN_DATA_MAX) {
323dda78
YW		 1046 log_syntax(unit, LOG_WARNING, filename, line, 0,
1047 "Standard input data too large (%zu), maximum of %zu permitted, ignoring.",
1048 c->stdin_data_size + sz, (size_t) EXEC_STDIN_DATA_MAX);
1049 return 0;
08f3be7a
LP		 1050 }
1051
1052 p = realloc(c->stdin_data, c->stdin_data_size + sz + 1);
1053 if (!p)
1054 return log_oom();
1055
1056 *((char*) mempcpy((char*) p + c->stdin_data_size, resolved, sz)) = '\n';
1057
1058 c->stdin_data = p;
1059 c->stdin_data_size += sz + 1;
1060
1061 return 0;
52c239d7
LB		 1062}
1063
08f3be7a
LP		 1064int config_parse_exec_input_data(
1065 const char *unit,
1066 const char *filename,
1067 unsigned line,
1068 const char *section,
1069 unsigned section_line,
1070 const char *lvalue,
1071 int ltype,
1072 const char *rvalue,
1073 void *data,
1074 void *userdata) {
1075
08f3be7a
LP		 1076 _cleanup_free_ void *p = NULL;
1077 ExecContext *c = data;
1078 size_t sz;
1079 void *q;
1080 int r;
1081
1082 assert(data);
1083 assert(filename);
1084 assert(line);
1085 assert(rvalue);
1086
1087 if (isempty(rvalue)) {
1088 /* Reset if the empty string is assigned */
1089 c->stdin_data = mfree(c->stdin_data);
1090 c->stdin_data_size = 0;
1091 return 0;
1092 }
1093
f5fbe71d 1094 r = unbase64mem(rvalue, SIZE_MAX, &p, &sz);
323dda78
YW		 1095 if (r < 0) {
1096 log_syntax(unit, LOG_WARNING, filename, line, r,
1097 "Failed to decode base64 data, ignoring: %s", rvalue);
1098 return 0;
1099 }
08f3be7a
LP		 1100
1101 assert(sz > 0);
1102
1103 if (c->stdin_data_size + sz < c->stdin_data_size || /* check for overflow */
1104 c->stdin_data_size + sz > EXEC_STDIN_DATA_MAX) {
323dda78
YW		 1105 log_syntax(unit, LOG_WARNING, filename, line, 0,
1106 "Standard input data too large (%zu), maximum of %zu permitted, ignoring.",
1107 c->stdin_data_size + sz, (size_t) EXEC_STDIN_DATA_MAX);
1108 return 0;
08f3be7a
LP		 1109 }
1110
1111 q = realloc(c->stdin_data, c->stdin_data_size + sz);
1112 if (!q)
1113 return log_oom();
1114
1115 memcpy((uint8_t*) q + c->stdin_data_size, p, sz);
1116
1117 c->stdin_data = q;
1118 c->stdin_data_size += sz;
1119
1120 return 0;
1121}
1122
2038c3f5
LP		 1123int config_parse_exec_output(
1124 const char *unit,
1125 const char *filename,
1126 unsigned line,
1127 const char *section,
1128 unsigned section_line,
1129 const char *lvalue,
1130 int ltype,
1131 const char *rvalue,
1132 void *data,
1133 void *userdata) {
1134
1135 _cleanup_free_ char *resolved = NULL;
1136 const char *n;
52c239d7 1137 ExecContext *c = data;
47538b76 1138 const Unit *u = userdata;
f3dc6af2 1139 bool obsolete = false;
52c239d7 1140 ExecOutput eo;
52c239d7
LB		 1141 int r;
1142
1143 assert(data);
1144 assert(filename);
1145 assert(line);
1146 assert(lvalue);
1147 assert(rvalue);
1148
2038c3f5
LP		 1149 n = startswith(rvalue, "fd:");
1150 if (n) {
06536492 1151 r = unit_fd_printf(u, n, &resolved);
323dda78
YW		 1152 if (r < 0) {
1153 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s: %m", n);
1154 return 0;
1155 }
2038c3f5
LP		 1156
1157 if (isempty(resolved))
1158 resolved = mfree(resolved);
1159 else if (!fdname_is_valid(resolved)) {
323dda78
YW		 1160 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid file descriptor name, ignoring: %s", resolved);
1161 return 0;
52c239d7 1162 }
2038c3f5 1163
52c239d7 1164 eo = EXEC_OUTPUT_NAMED_FD;
2038c3f5 1165
f3dc6af2
LP		 1166 } else if (streq(rvalue, "syslog")) {
1167 eo = EXEC_OUTPUT_JOURNAL;
1168 obsolete = true;
1169
1170 } else if (streq(rvalue, "syslog+console")) {
1171 eo = EXEC_OUTPUT_JOURNAL_AND_CONSOLE;
1172 obsolete = true;
1173
2038c3f5
LP		 1174 } else if ((n = startswith(rvalue, "file:"))) {
1175
06536492 1176 r = unit_path_printf(u, n, &resolved);
323dda78
YW		 1177 if (r < 0) {
1178 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", n);
1179 return 0;
1180 }
2038c3f5 1181
2f4d31c1
YW		 1182 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
1183 if (r < 0)
323dda78 1184 return 0;
2038c3f5
LP		 1185
1186 eo = EXEC_OUTPUT_FILE;
1187
566b7d23
ZD		 1188 } else if ((n = startswith(rvalue, "append:"))) {
1189
06536492 1190 r = unit_path_printf(u, n, &resolved);
323dda78
YW		 1191 if (r < 0) {
1192 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", n);
1193 return 0;
1194 }
566b7d23
ZD		 1195
1196 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
1197 if (r < 0)
323dda78 1198 return 0;
566b7d23
ZD		 1199
1200 eo = EXEC_OUTPUT_FILE_APPEND;
8d7dab1f
LW		 1201
1202 } else if ((n = startswith(rvalue, "truncate:"))) {
1203
06536492 1204 r = unit_path_printf(u, n, &resolved);
8d7dab1f
LW		 1205 if (r < 0) {
1206 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", n);
1207 return 0;
1208 }
1209
1210 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
1211 if (r < 0)
1212 return 0;
1213
1214 eo = EXEC_OUTPUT_FILE_TRUNCATE;
52c239d7
LB		 1215 } else {
1216 eo = exec_output_from_string(rvalue);
2038c3f5 1217 if (eo < 0) {
b98680b2 1218 log_syntax(unit, LOG_WARNING, filename, line, eo, "Failed to parse output specifier, ignoring: %s", rvalue);
52c239d7
LB		 1219 return 0;
1220 }
1221 }
1222
f3dc6af2
LP		 1223 if (obsolete)
1224 log_syntax(unit, LOG_NOTICE, filename, line, 0,
1225 "Standard output type %s is obsolete, automatically updating to %s. Please update your unit file, and consider removing the setting altogether.",
1226 rvalue, exec_output_to_string(eo));
1227
52c239d7 1228 if (streq(lvalue, "StandardOutput")) {
2038c3f5
LP		 1229 if (eo == EXEC_OUTPUT_NAMED_FD)
1230 free_and_replace(c->stdio_fdname[STDOUT_FILENO], resolved);
1231 else
1232 free_and_replace(c->stdio_file[STDOUT_FILENO], resolved);
1233
52c239d7 1234 c->std_output = eo;
2038c3f5 1235
52c239d7 1236 } else {
2038c3f5
LP		 1237 assert(streq(lvalue, "StandardError"));
1238
1239 if (eo == EXEC_OUTPUT_NAMED_FD)
1240 free_and_replace(c->stdio_fdname[STDERR_FILENO], resolved);
1241 else
1242 free_and_replace(c->stdio_file[STDERR_FILENO], resolved);
1243
1244 c->std_error = eo;
52c239d7 1245 }
2038c3f5
LP		 1246
1247 return 0;
52c239d7 1248}
87f0e418 1249
e8e581bf
ZJS		 1250int config_parse_exec_io_class(const char *unit,
1251 const char *filename,
1252 unsigned line,
1253 const char *section,
71a61510 1254 unsigned section_line,
e8e581bf
ZJS		 1255 const char *lvalue,
1256 int ltype,
1257 const char *rvalue,
1258 void *data,
1259 void *userdata) {
94f04347
LP		 1260
1261 ExecContext *c = data;
1262 int x;
1263
1264 assert(filename);
1265 assert(lvalue);
1266 assert(rvalue);
1267 assert(data);
1268
617d253a
YW		 1269 if (isempty(rvalue)) {
1270 c->ioprio_set = false;
1271 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
1272 return 0;
1273 }
1274
f8b69d1d
MS		 1275 x = ioprio_class_from_string(rvalue);
1276 if (x < 0) {
b98680b2 1277 log_syntax(unit, LOG_WARNING, filename, line, x, "Failed to parse IO scheduling class, ignoring: %s", rvalue);
c0b34696 1278 return 0;
0d87eb42 1279 }
94f04347
LP		 1280
1281 c->ioprio = IOPRIO_PRIO_VALUE(x, IOPRIO_PRIO_DATA(c->ioprio));
1282 c->ioprio_set = true;
1283
1284 return 0;
1285}
1286
e8e581bf
ZJS		 1287int config_parse_exec_io_priority(const char *unit,
1288 const char *filename,
1289 unsigned line,
1290 const char *section,
71a61510 1291 unsigned section_line,
e8e581bf
ZJS		 1292 const char *lvalue,
1293 int ltype,
1294 const char *rvalue,
1295 void *data,
1296 void *userdata) {
94f04347
LP		 1297
1298 ExecContext *c = data;
e8e581bf 1299 int i, r;
94f04347
LP		 1300
1301 assert(filename);
1302 assert(lvalue);
1303 assert(rvalue);
1304 assert(data);
1305
617d253a
YW		 1306 if (isempty(rvalue)) {
1307 c->ioprio_set = false;
1308 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
1309 return 0;
1310 }
1311
7f452159
LP		 1312 r = ioprio_parse_priority(rvalue, &i);
1313 if (r < 0) {
323dda78 1314 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse IO priority, ignoring: %s", rvalue);
c0b34696 1315 return 0;
071830ff
LP		 1316 }
1317
94f04347
LP		 1318 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_PRIO_CLASS(c->ioprio), i);
1319 c->ioprio_set = true;
1320
071830ff
LP		 1321 return 0;
1322}
1323
e8e581bf
ZJS		 1324int config_parse_exec_cpu_sched_policy(const char *unit,
1325 const char *filename,
1326 unsigned line,
1327 const char *section,
71a61510 1328 unsigned section_line,
e8e581bf
ZJS		 1329 const char *lvalue,
1330 int ltype,
1331 const char *rvalue,
1332 void *data,
1333 void *userdata) {
9eba9da4 1334
94f04347
LP		 1335 ExecContext *c = data;
1336 int x;
1337
1338 assert(filename);
1339 assert(lvalue);
1340 assert(rvalue);
1341 assert(data);
1342
b00e1a9e
YW		 1343 if (isempty(rvalue)) {
1344 c->cpu_sched_set = false;
1345 c->cpu_sched_policy = SCHED_OTHER;
1346 c->cpu_sched_priority = 0;
1347 return 0;
1348 }
1349
f8b69d1d
MS		 1350 x = sched_policy_from_string(rvalue);
1351 if (x < 0) {
b98680b2 1352 log_syntax(unit, LOG_WARNING, filename, line, x, "Failed to parse CPU scheduling policy, ignoring: %s", rvalue);
c0b34696 1353 return 0;
0d87eb42 1354 }
94f04347
LP		 1355
1356 c->cpu_sched_policy = x;
bb112710
HHPF		 1357 /* Moving to or from real-time policy? We need to adjust the priority */
1358 c->cpu_sched_priority = CLAMP(c->cpu_sched_priority, sched_get_priority_min(x), sched_get_priority_max(x));
94f04347
LP		 1359 c->cpu_sched_set = true;
1360
1361 return 0;
1362}
1363
5e98086d
ZJS		 1364int config_parse_exec_mount_apivfs(const char *unit,
1365 const char *filename,
1366 unsigned line,
1367 const char *section,
1368 unsigned section_line,
1369 const char *lvalue,
1370 int ltype,
1371 const char *rvalue,
1372 void *data,
1373 void *userdata) {
1374
1375 ExecContext *c = data;
1376 int k;
1377
1378 assert(filename);
1379 assert(lvalue);
1380 assert(rvalue);
1381 assert(data);
1382
1383 if (isempty(rvalue)) {
1384 c->mount_apivfs_set = false;
1385 c->mount_apivfs = false;
1386 return 0;
1387 }
1388
1389 k = parse_boolean(rvalue);
1390 if (k < 0) {
1391 log_syntax(unit, LOG_WARNING, filename, line, k,
1392 "Failed to parse boolean value, ignoring: %s",
1393 rvalue);
1394 return 0;
1395 }
1396
1397 c->mount_apivfs_set = true;
1398 c->mount_apivfs = k;
1399 return 0;
1400}
1401
b070c7c0
MS		 1402int config_parse_numa_mask(const char *unit,
1403 const char *filename,
1404 unsigned line,
1405 const char *section,
1406 unsigned section_line,
1407 const char *lvalue,
1408 int ltype,
1409 const char *rvalue,
1410 void *data,
1411 void *userdata) {
1412 int r;
1413 NUMAPolicy *p = data;
1414
1415 assert(filename);
1416 assert(lvalue);
1417 assert(rvalue);
1418 assert(data);
1419
332d387f
MS		 1420 if (streq(rvalue, "all")) {
1421 r = numa_mask_add_all(&p->nodes);
323dda78
YW		 1422 if (r < 0)
1423 log_syntax(unit, LOG_WARNING, filename, line, r,
1424 "Failed to create NUMA mask representing \"all\" NUMA nodes, ignoring: %m");
332d387f
MS		 1425 } else {
1426 r = parse_cpu_set_extend(rvalue, &p->nodes, true, unit, filename, line, lvalue);
323dda78
YW		 1427 if (r < 0)
1428 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse NUMA node mask, ignoring: %s", rvalue);
b070c7c0
MS		 1429 }
1430
323dda78 1431 return 0;
b070c7c0
MS		 1432}
1433
e8e581bf
ZJS		 1434int config_parse_exec_cpu_sched_prio(const char *unit,
1435 const char *filename,
1436 unsigned line,
1437 const char *section,
71a61510 1438 unsigned section_line,
e8e581bf
ZJS		 1439 const char *lvalue,
1440 int ltype,
1441 const char *rvalue,
1442 void *data,
1443 void *userdata) {
9eba9da4
LP		 1444
1445 ExecContext *c = data;
e8e581bf 1446 int i, min, max, r;
9eba9da4
LP		 1447
1448 assert(filename);
1449 assert(lvalue);
1450 assert(rvalue);
1451 assert(data);
1452
e8e581bf
ZJS		 1453 r = safe_atoi(rvalue, &i);
1454 if (r < 0) {
323dda78 1455 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse CPU scheduling priority, ignoring: %s", rvalue);
c0b34696 1456 return 0;
94f04347 1457 }
9eba9da4 1458
bb112710
HHPF		 1459 /* On Linux RR/FIFO range from 1 to 99 and OTHER/BATCH may only be 0 */
1460 min = sched_get_priority_min(c->cpu_sched_policy);
1461 max = sched_get_priority_max(c->cpu_sched_policy);
1462
1463 if (i < min || i > max) {
323dda78 1464 log_syntax(unit, LOG_WARNING, filename, line, 0, "CPU scheduling priority is out of range, ignoring: %s", rvalue);
bb112710
HHPF		 1465 return 0;
1466 }
1467
94f04347
LP		 1468 c->cpu_sched_priority = i;
1469 c->cpu_sched_set = true;
1470
1471 return 0;
1472}
1473
18d73705
LB		 1474int config_parse_root_image_options(
1475 const char *unit,
1476 const char *filename,
1477 unsigned line,
1478 const char *section,
1479 unsigned section_line,
1480 const char *lvalue,
1481 int ltype,
1482 const char *rvalue,
1483 void *data,
1484 void *userdata) {
1485
1486 _cleanup_(mount_options_free_allp) MountOptions *options = NULL;
bc8d56d3
LB		 1487 _cleanup_strv_free_ char **l = NULL;
1488 char **first = NULL, **second = NULL;
18d73705
LB		 1489 ExecContext *c = data;
1490 const Unit *u = userdata;
18d73705
LB		 1491 int r;
1492
1493 assert(filename);
1494 assert(lvalue);
1495 assert(rvalue);
1496 assert(data);
1497
1498 if (isempty(rvalue)) {
1499 c->root_image_options = mount_options_free_all(c->root_image_options);
1500 return 0;
1501 }
1502
bc8d56d3
LB		 1503 r = strv_split_colon_pairs(&l, rvalue);
1504 if (r == -ENOMEM)
1505 return log_oom();
1506 if (r < 0) {
323dda78 1507 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s, ignoring: %s", lvalue, rvalue);
bc8d56d3
LB		 1508 return 0;
1509 }
18d73705 1510
bc8d56d3 1511 STRV_FOREACH_PAIR(first, second, l) {
18d73705 1512 MountOptions *o = NULL;
9ece6444
LB		 1513 _cleanup_free_ char *mount_options_resolved = NULL;
1514 const char *mount_options = NULL, *partition = "root";
569a0e42 1515 PartitionDesignator partition_designator;
18d73705 1516
9ece6444 1517 /* Format is either 'root:foo' or 'foo' (root is implied) */
bc8d56d3 1518 if (!isempty(*second)) {
9ece6444 1519 partition = *first;
bc8d56d3 1520 mount_options = *second;
18d73705 1521 } else
bc8d56d3 1522 mount_options = *first;
18d73705 1523
9ece6444
LB		 1524 partition_designator = partition_designator_from_string(partition);
1525 if (partition_designator < 0) {
b98680b2
YW		 1526 log_syntax(unit, LOG_WARNING, filename, line, partition_designator,
1527 "Invalid partition name %s, ignoring", partition);
18d73705
LB		 1528 continue;
1529 }
18d73705
LB		 1530 r = unit_full_printf(u, mount_options, &mount_options_resolved);
1531 if (r < 0) {
323dda78 1532 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options);
18d73705
LB		 1533 continue;
1534 }
1535
1536 o = new(MountOptions, 1);
1537 if (!o)
1538 return log_oom();
1539 *o = (MountOptions) {
9ece6444 1540 .partition_designator = partition_designator,
18d73705
LB		 1541 .options = TAKE_PTR(mount_options_resolved),
1542 };
9ece6444 1543 LIST_APPEND(mount_options, options, TAKE_PTR(o));
18d73705
LB		 1544 }
1545
1546 /* empty spaces/separators only */
1547 if (LIST_IS_EMPTY(options))
1548 c->root_image_options = mount_options_free_all(c->root_image_options);
1549 else
1550 LIST_JOIN(mount_options, c->root_image_options, options);
1551
1552 return 0;
1553}
1554
0389f4fa
LB		 1555int config_parse_exec_root_hash(
1556 const char *unit,
1557 const char *filename,
1558 unsigned line,
1559 const char *section,
1560 unsigned section_line,
1561 const char *lvalue,
1562 int ltype,
1563 const char *rvalue,
1564 void *data,
1565 void *userdata) {
1566
1567 _cleanup_free_ void *roothash_decoded = NULL;
1568 ExecContext *c = data;
1569 size_t roothash_decoded_size = 0;
1570 int r;
1571
1572 assert(data);
1573 assert(filename);
1574 assert(line);
1575 assert(rvalue);
1576
1577 if (isempty(rvalue)) {
1578 /* Reset if the empty string is assigned */
1579 c->root_hash_path = mfree(c->root_hash_path);
1580 c->root_hash = mfree(c->root_hash);
1581 c->root_hash_size = 0;
1582 return 0;
1583 }
1584
1585 if (path_is_absolute(rvalue)) {
1586 /* We have the path to a roothash to load and decode, eg: RootHash=/foo/bar.roothash */
1587 _cleanup_free_ char *p = NULL;
1588
1589 p = strdup(rvalue);
1590 if (!p)
1591 return -ENOMEM;
1592
1593 free_and_replace(c->root_hash_path, p);
1594 c->root_hash = mfree(c->root_hash);
1595 c->root_hash_size = 0;
1596 return 0;
1597 }
1598
1599 /* We have a roothash to decode, eg: RootHash=012345789abcdef */
1600 r = unhexmem(rvalue, strlen(rvalue), &roothash_decoded, &roothash_decoded_size);
323dda78
YW		 1601 if (r < 0) {
1602 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to decode RootHash=, ignoring: %s", rvalue);
1603 return 0;
1604 }
1605 if (roothash_decoded_size < sizeof(sd_id128_t)) {
1606 log_syntax(unit, LOG_WARNING, filename, line, 0, "RootHash= is too short, ignoring: %s", rvalue);
1607 return 0;
1608 }
0389f4fa
LB		 1609
1610 free_and_replace(c->root_hash, roothash_decoded);
1611 c->root_hash_size = roothash_decoded_size;
1612 c->root_hash_path = mfree(c->root_hash_path);
1613
1614 return 0;
1615}
1616
d4d55b0d
LB		 1617int config_parse_exec_root_hash_sig(
1618 const char *unit,
1619 const char *filename,
1620 unsigned line,
1621 const char *section,
1622 unsigned section_line,
1623 const char *lvalue,
1624 int ltype,
1625 const char *rvalue,
1626 void *data,
1627 void *userdata) {
1628
1629 _cleanup_free_ void *roothash_sig_decoded = NULL;
1630 char *value;
1631 ExecContext *c = data;
1632 size_t roothash_sig_decoded_size = 0;
1633 int r;
1634
1635 assert(data);
1636 assert(filename);
1637 assert(line);
1638 assert(rvalue);
1639
1640 if (isempty(rvalue)) {
1641 /* Reset if the empty string is assigned */
1642 c->root_hash_sig_path = mfree(c->root_hash_sig_path);
1643 c->root_hash_sig = mfree(c->root_hash_sig);
1644 c->root_hash_sig_size = 0;
1645 return 0;
1646 }
1647
1648 if (path_is_absolute(rvalue)) {
1649 /* We have the path to a roothash signature to load and decode, eg: RootHashSignature=/foo/bar.roothash.p7s */
1650 _cleanup_free_ char *p = NULL;
1651
1652 p = strdup(rvalue);
1653 if (!p)
323dda78 1654 return log_oom();
d4d55b0d
LB		 1655
1656 free_and_replace(c->root_hash_sig_path, p);
1657 c->root_hash_sig = mfree(c->root_hash_sig);
1658 c->root_hash_sig_size = 0;
1659 return 0;
1660 }
1661
323dda78
YW		 1662 if (!(value = startswith(rvalue, "base64:"))) {
1663 log_syntax(unit, LOG_WARNING, filename, line, 0,
1664 "Failed to decode RootHashSignature=, not a path but doesn't start with 'base64:', ignoring: %s", rvalue);
1665 return 0;
1666 }
d4d55b0d
LB		 1667
1668 /* We have a roothash signature to decode, eg: RootHashSignature=base64:012345789abcdef */
1669 r = unbase64mem(value, strlen(value), &roothash_sig_decoded, &roothash_sig_decoded_size);
323dda78
YW		 1670 if (r < 0) {
1671 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to decode RootHashSignature=, ignoring: %s", rvalue);
1672 return 0;
1673 }
d4d55b0d
LB		 1674
1675 free_and_replace(c->root_hash_sig, roothash_sig_decoded);
1676 c->root_hash_sig_size = roothash_sig_decoded_size;
1677 c->root_hash_sig_path = mfree(c->root_hash_sig_path);
1678
1679 return 0;
1680}
1681
ca9169f4
YW		 1682int config_parse_exec_cpu_affinity(
1683 const char *unit,
1684 const char *filename,
1685 unsigned line,
1686 const char *section,
1687 unsigned section_line,
1688 const char *lvalue,
1689 int ltype,
1690 const char *rvalue,
1691 void *data,
1692 void *userdata) {
94f04347
LP		 1693
1694 ExecContext *c = data;
54cfe9a7
FG		 1695 const Unit *u = userdata;
1696 _cleanup_free_ char *k = NULL;
e2b2fb7f 1697 int r;
94f04347
LP		 1698
1699 assert(filename);
1700 assert(lvalue);
1701 assert(rvalue);
1702 assert(data);
1703
e2b2fb7f
MS		 1704 if (streq(rvalue, "numa")) {
1705 c->cpu_affinity_from_numa = true;
1706 cpu_set_reset(&c->cpu_set);
1707
1708 return 0;
1709 }
1710
54cfe9a7
FG		 1711 r = unit_full_printf(u, rvalue, &k);
1712 if (r < 0) {
1713 log_syntax(unit, LOG_WARNING, filename, line, r,
1714 "Failed to resolve unit specifiers in '%s', ignoring: %m",
1715 rvalue);
1716 return 0;
1717 }
1718
1719 r = parse_cpu_set_extend(k, &c->cpu_set, true, unit, filename, line, lvalue);
e2b2fb7f
MS		 1720 if (r >= 0)
1721 c->cpu_affinity_from_numa = false;
1722
ca9169f4 1723 return 0;
94f04347
LP		 1724}
1725
a103496c 1726int config_parse_capability_set(
65dce264
LP		 1727 const char *unit,
1728 const char *filename,
1729 unsigned line,
1730 const char *section,
1731 unsigned section_line,
1732 const char *lvalue,
1733 int ltype,
1734 const char *rvalue,
1735 void *data,
1736 void *userdata) {
94f04347 1737
a103496c
IP		 1738 uint64_t *capability_set = data;
1739 uint64_t sum = 0, initial = 0;
260abb78 1740 bool invert = false;
dd1f5bd0 1741 int r;
94f04347
LP		 1742
1743 assert(filename);
1744 assert(lvalue);
1745 assert(rvalue);
1746 assert(data);
1747
260abb78
LP		 1748 if (rvalue[0] == '~') {
1749 invert = true;
1750 rvalue++;
1751 }
1752
70d54d90 1753 if (streq(lvalue, "CapabilityBoundingSet"))
a103496c 1754 initial = CAP_ALL; /* initialized to all bits on */
755d4b67 1755 /* else "AmbientCapabilities" initialized to all bits off */
260abb78 1756
dd1f5bd0 1757 r = capability_set_from_string(rvalue, &sum);
dd1f5bd0 1758 if (r < 0) {
323dda78 1759 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s= specifier '%s', ignoring: %m", lvalue, rvalue);
dd1f5bd0 1760 return 0;
94f04347 1761 }
9eba9da4 1762
a103496c 1763 if (sum == 0 || *capability_set == initial)
c792ec2e
IP		 1764 /* "", "~" or uninitialized data -> replace */
1765 *capability_set = invert ? ~sum : sum;
1766 else {
a103496c 1767 /* previous data -> merge */
c792ec2e
IP		 1768 if (invert)
1769 *capability_set &= ~sum;
1770 else
1771 *capability_set |= sum;
1772 }
260abb78 1773
9eba9da4
LP		 1774 return 0;
1775}
1776
5f8640fb
LP		 1777int config_parse_exec_selinux_context(
1778 const char *unit,
1779 const char *filename,
1780 unsigned line,
1781 const char *section,
1782 unsigned section_line,
1783 const char *lvalue,
1784 int ltype,
1785 const char *rvalue,
1786 void *data,
1787 void *userdata) {
1788
1789 ExecContext *c = data;
47538b76 1790 const Unit *u = userdata;
5f8640fb
LP		 1791 bool ignore;
1792 char *k;
1793 int r;
1794
1795 assert(filename);
1796 assert(lvalue);
1797 assert(rvalue);
1798 assert(data);
1799
1800 if (isempty(rvalue)) {
a1e58e8e 1801 c->selinux_context = mfree(c->selinux_context);
5f8640fb
LP		 1802 c->selinux_context_ignore = false;
1803 return 0;
1804 }
1805
1806 if (rvalue[0] == '-') {
1807 ignore = true;
1808 rvalue++;
1809 } else
1810 ignore = false;
1811
18913df9 1812 r = unit_full_printf(u, rvalue, &k);
5f8640fb 1813 if (r < 0) {
323dda78 1814 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
063c4b1a
YW		 1815 "Failed to resolve unit specifiers in '%s'%s: %m",
1816 rvalue, ignore ? ", ignoring" : "");
bb28e684 1817 return ignore ? 0 : -ENOEXEC;
5f8640fb
LP		 1818 }
1819
063c4b1a 1820 free_and_replace(c->selinux_context, k);
5f8640fb
LP		 1821 c->selinux_context_ignore = ignore;
1822
1823 return 0;
1824}
1825
eef65bf3
MS		 1826int config_parse_exec_apparmor_profile(
1827 const char *unit,
1828 const char *filename,
1829 unsigned line,
1830 const char *section,
1831 unsigned section_line,
1832 const char *lvalue,
1833 int ltype,
1834 const char *rvalue,
1835 void *data,
1836 void *userdata) {
1837
1838 ExecContext *c = data;
47538b76 1839 const Unit *u = userdata;
eef65bf3
MS		 1840 bool ignore;
1841 char *k;
1842 int r;
1843
1844 assert(filename);
1845 assert(lvalue);
1846 assert(rvalue);
1847 assert(data);
1848
1849 if (isempty(rvalue)) {
a1e58e8e 1850 c->apparmor_profile = mfree(c->apparmor_profile);
eef65bf3
MS		 1851 c->apparmor_profile_ignore = false;
1852 return 0;
1853 }
1854
1855 if (rvalue[0] == '-') {
1856 ignore = true;
1857 rvalue++;
1858 } else
1859 ignore = false;
1860
18913df9 1861 r = unit_full_printf(u, rvalue, &k);
eef65bf3 1862 if (r < 0) {
323dda78 1863 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
063c4b1a
YW		 1864 "Failed to resolve unit specifiers in '%s'%s: %m",
1865 rvalue, ignore ? ", ignoring" : "");
bb28e684 1866 return ignore ? 0 : -ENOEXEC;
eef65bf3
MS		 1867 }
1868
063c4b1a 1869 free_and_replace(c->apparmor_profile, k);
eef65bf3
MS		 1870 c->apparmor_profile_ignore = ignore;
1871
1872 return 0;
1873}
1874
2ca620c4
WC		 1875int config_parse_exec_smack_process_label(
1876 const char *unit,
1877 const char *filename,
1878 unsigned line,
1879 const char *section,
1880 unsigned section_line,
1881 const char *lvalue,
1882 int ltype,
1883 const char *rvalue,
1884 void *data,
1885 void *userdata) {
1886
1887 ExecContext *c = data;
47538b76 1888 const Unit *u = userdata;
2ca620c4
WC		 1889 bool ignore;
1890 char *k;
1891 int r;
1892
1893 assert(filename);
1894 assert(lvalue);
1895 assert(rvalue);
1896 assert(data);
1897
1898 if (isempty(rvalue)) {
a1e58e8e 1899 c->smack_process_label = mfree(c->smack_process_label);
2ca620c4
WC		 1900 c->smack_process_label_ignore = false;
1901 return 0;
1902 }
1903
1904 if (rvalue[0] == '-') {
1905 ignore = true;
1906 rvalue++;
1907 } else
1908 ignore = false;
1909
18913df9 1910 r = unit_full_printf(u, rvalue, &k);
2ca620c4 1911 if (r < 0) {
323dda78 1912 log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
063c4b1a
YW		 1913 "Failed to resolve unit specifiers in '%s'%s: %m",
1914 rvalue, ignore ? ", ignoring" : "");
bb28e684 1915 return ignore ? 0 : -ENOEXEC;
2ca620c4
WC		 1916 }
1917
063c4b1a 1918 free_and_replace(c->smack_process_label, k);
2ca620c4
WC		 1919 c->smack_process_label_ignore = ignore;
1920
1921 return 0;
1922}
1923
25a04ae5
LP		 1924int config_parse_timer(
1925 const char *unit,
1926 const char *filename,
1927 unsigned line,
1928 const char *section,
1929 unsigned section_line,
1930 const char *lvalue,
1931 int ltype,
1932 const char *rvalue,
1933 void *data,
1934 void *userdata) {
871d7de4 1935
25a04ae5
LP		 1936 _cleanup_(calendar_spec_freep) CalendarSpec *c = NULL;
1937 _cleanup_free_ char *k = NULL;
47538b76 1938 const Unit *u = userdata;
871d7de4 1939 Timer *t = data;
2507992f 1940 usec_t usec = 0;
871d7de4 1941 TimerValue *v;
2507992f 1942 int r;
871d7de4
LP		 1943
1944 assert(filename);
1945 assert(lvalue);
1946 assert(rvalue);
1947 assert(data);
1948
74051b9b
LP		 1949 if (isempty(rvalue)) {
1950 /* Empty assignment resets list */
1951 timer_free_values(t);
1952 return 0;
1953 }
1954
2507992f
DC		 1955 r = unit_full_printf(u, rvalue, &k);
1956 if (r < 0) {
323dda78 1957 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
2507992f
DC		 1958 return 0;
1959 }
1960
25a04ae5 1961 if (ltype == TIMER_CALENDAR) {
dc44c96d
LP		 1962 r = calendar_spec_from_string(k, &c);
1963 if (r < 0) {
323dda78 1964 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse calendar specification, ignoring: %s", k);
36697dc0
LP		 1965 return 0;
1966 }
dc44c96d
LP		 1967 } else {
1968 r = parse_sec(k, &usec);
1969 if (r < 0) {
323dda78 1970 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse timer value, ignoring: %s", k);
36697dc0
LP		 1971 return 0;
1972 }
dc44c96d 1973 }
871d7de4 1974
25a04ae5 1975 v = new(TimerValue, 1);
921b5987 1976 if (!v)
74051b9b 1977 return log_oom();
871d7de4 1978
25a04ae5
LP		 1979 *v = (TimerValue) {
1980 .base = ltype,
1981 .value = usec,
1982 .calendar_spec = TAKE_PTR(c),
1983 };
871d7de4 1984
71fda00f 1985 LIST_PREPEND(value, t->values, v);
871d7de4
LP		 1986
1987 return 0;
1988}
1989
3ecaa09b
LP		 1990int config_parse_trigger_unit(
1991 const char *unit,
1992 const char *filename,
1993 unsigned line,
1994 const char *section,
71a61510 1995 unsigned section_line,
3ecaa09b
LP		 1996 const char *lvalue,
1997 int ltype,
1998 const char *rvalue,
1999 void *data,
2000 void *userdata) {
871d7de4 2001
74051b9b 2002 _cleanup_free_ char *p = NULL;
3ecaa09b
LP		 2003 Unit *u = data;
2004 UnitType type;
2005 int r;
398ef8ba
LP		 2006
2007 assert(filename);
2008 assert(lvalue);
2009 assert(rvalue);
2010 assert(data);
2011
bc32241e 2012 if (UNIT_TRIGGER(u)) {
323dda78 2013 log_syntax(unit, LOG_WARNING, filename, line, 0, "Multiple units to trigger specified, ignoring: %s", rvalue);
3ecaa09b
LP		 2014 return 0;
2015 }
871d7de4 2016
19f6d710 2017 r = unit_name_printf(u, rvalue, &p);
12ca818f 2018 if (r < 0) {
323dda78 2019 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
12ca818f
LP		 2020 return 0;
2021 }
74051b9b 2022
12ca818f 2023 type = unit_name_to_type(p);
3ecaa09b 2024 if (type < 0) {
b98680b2 2025 log_syntax(unit, LOG_WARNING, filename, line, type, "Unit type not valid, ignoring: %s", rvalue);
c0b34696 2026 return 0;
871d7de4 2027 }
49219a1c 2028 if (unit_has_name(u, p)) {
323dda78 2029 log_syntax(unit, LOG_WARNING, filename, line, 0, "Units cannot trigger themselves, ignoring: %s", rvalue);
3ecaa09b
LP		 2030 return 0;
2031 }
2032
5a724170 2033 r = unit_add_two_dependencies_by_name(u, UNIT_BEFORE, UNIT_TRIGGERS, p, true, UNIT_DEPENDENCY_FILE);
57020a3a 2034 if (r < 0) {
323dda78 2035 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to add trigger on %s, ignoring: %m", p);
c0b34696 2036 return 0;
871d7de4
LP		 2037 }
2038
2039 return 0;
2040}
2041
e8e581bf
ZJS		 2042int config_parse_path_spec(const char *unit,
2043 const char *filename,
2044 unsigned line,
2045 const char *section,
71a61510 2046 unsigned section_line,
e8e581bf
ZJS		 2047 const char *lvalue,
2048 int ltype,
2049 const char *rvalue,
2050 void *data,
2051 void *userdata) {
01f78473
LP		 2052
2053 Path *p = data;
2054 PathSpec *s;
2055 PathType b;
7fd1b19b 2056 _cleanup_free_ char *k = NULL;
19f6d710 2057 int r;
01f78473
LP		 2058
2059 assert(filename);
2060 assert(lvalue);
2061 assert(rvalue);
2062 assert(data);
2063
74051b9b
LP		 2064 if (isempty(rvalue)) {
2065 /* Empty assignment clears list */
2066 path_free_specs(p);
2067 return 0;
2068 }
2069
93e4c84b
LP		 2070 b = path_type_from_string(lvalue);
2071 if (b < 0) {
b98680b2 2072 log_syntax(unit, LOG_WARNING, filename, line, b, "Failed to parse path type, ignoring: %s", lvalue);
c0b34696 2073 return 0;
01f78473
LP		 2074 }
2075
06536492 2076 r = unit_path_printf(UNIT(p), rvalue, &k);
19f6d710 2077 if (r < 0) {
323dda78 2078 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
12ca818f 2079 return 0;
487060c2 2080 }
93e4c84b 2081
2f4d31c1
YW		 2082 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2083 if (r < 0)
c0b34696 2084 return 0;
01f78473 2085
93e4c84b 2086 s = new0(PathSpec, 1);
543295ad 2087 if (!s)
93e4c84b 2088 return log_oom();
01f78473 2089
718db961 2090 s->unit = UNIT(p);
063c4b1a 2091 s->path = TAKE_PTR(k);
01f78473
LP		 2092 s->type = b;
2093 s->inotify_fd = -1;
2094
71fda00f 2095 LIST_PREPEND(spec, p->specs, s);
01f78473
LP		 2096
2097 return 0;
2098}
2099
b02cb41c
LP		 2100int config_parse_socket_service(
2101 const char *unit,
2102 const char *filename,
2103 unsigned line,
2104 const char *section,
2105 unsigned section_line,
2106 const char *lvalue,
2107 int ltype,
2108 const char *rvalue,
2109 void *data,
2110 void *userdata) {
d9ff321a 2111
4afd3348 2112 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
8dd4c05b 2113 _cleanup_free_ char *p = NULL;
d9ff321a 2114 Socket *s = data;
4ff77f66 2115 Unit *x;
8dd4c05b 2116 int r;
d9ff321a
LP		 2117
2118 assert(filename);
2119 assert(lvalue);
2120 assert(rvalue);
2121 assert(data);
2122
19f6d710 2123 r = unit_name_printf(UNIT(s), rvalue, &p);
613b411c 2124 if (r < 0) {
323dda78
YW		 2125 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2126 return 0;
613b411c 2127 }
74051b9b 2128
613b411c 2129 if (!endswith(p, ".service")) {
323dda78
YW		 2130 log_syntax(unit, LOG_WARNING, filename, line, 0, "Unit must be of type service, ignoring: %s", rvalue);
2131 return 0;
d9ff321a
LP		 2132 }
2133
613b411c 2134 r = manager_load_unit(UNIT(s)->manager, p, NULL, &error, &x);
4ff77f66 2135 if (r < 0) {
323dda78
YW		 2136 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to load unit %s, ignoring: %s", rvalue, bus_error_message(&error, r));
2137 return 0;
d9ff321a
LP		 2138 }
2139
7f7d01ed 2140 unit_ref_set(&s->service, UNIT(s), x);
4ff77f66 2141
d9ff321a
LP		 2142 return 0;
2143}
2144
8dd4c05b
LP		 2145int config_parse_fdname(
2146 const char *unit,
2147 const char *filename,
2148 unsigned line,
2149 const char *section,
2150 unsigned section_line,
2151 const char *lvalue,
2152 int ltype,
2153 const char *rvalue,
2154 void *data,
2155 void *userdata) {
2156
2157 _cleanup_free_ char *p = NULL;
2158 Socket *s = data;
2159 int r;
2160
2161 assert(filename);
2162 assert(lvalue);
2163 assert(rvalue);
2164 assert(data);
2165
2166 if (isempty(rvalue)) {
2167 s->fdname = mfree(s->fdname);
2168 return 0;
2169 }
2170
06536492 2171 r = unit_fd_printf(UNIT(s), rvalue, &p);
8dd4c05b 2172 if (r < 0) {
323dda78 2173 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
8dd4c05b
LP		 2174 return 0;
2175 }
2176
2177 if (!fdname_is_valid(p)) {
323dda78 2178 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid file descriptor name, ignoring: %s", p);
8dd4c05b
LP		 2179 return 0;
2180 }
2181
3b319885 2182 return free_and_replace(s->fdname, p);
8dd4c05b
LP		 2183}
2184
b02cb41c
LP		 2185int config_parse_service_sockets(
2186 const char *unit,
2187 const char *filename,
2188 unsigned line,
2189 const char *section,
2190 unsigned section_line,
2191 const char *lvalue,
2192 int ltype,
2193 const char *rvalue,
2194 void *data,
2195 void *userdata) {
f976f3f6
LP		 2196
2197 Service *s = data;
b02cb41c 2198 int r;
f976f3f6
LP		 2199
2200 assert(filename);
2201 assert(lvalue);
2202 assert(rvalue);
2203 assert(data);
2204
323dda78 2205 for (const char *p = rvalue;;) {
6a0f3175 2206 _cleanup_free_ char *word = NULL, *k = NULL;
f976f3f6 2207
7b2313f5 2208 r = extract_first_word(&p, &word, NULL, 0);
7b2313f5 2209 if (r == -ENOMEM)
74051b9b 2210 return log_oom();
7b2313f5 2211 if (r < 0) {
323dda78
YW		 2212 log_syntax(unit, LOG_WARNING, filename, line, r, "Trailing garbage in sockets, ignoring: %s", rvalue);
2213 return 0;
7b2313f5 2214 }
a687f500
ZJS		 2215 if (r == 0)
2216 return 0;
f976f3f6 2217
7b2313f5 2218 r = unit_name_printf(UNIT(s), word, &k);
b02cb41c 2219 if (r < 0) {
323dda78 2220 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
b02cb41c
LP		 2221 continue;
2222 }
57020a3a 2223
b02cb41c 2224 if (!endswith(k, ".socket")) {
323dda78 2225 log_syntax(unit, LOG_WARNING, filename, line, 0, "Unit must be of type socket, ignoring: %s", k);
f976f3f6
LP		 2226 continue;
2227 }
2228
5a724170 2229 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_WANTS, UNIT_AFTER, k, true, UNIT_DEPENDENCY_FILE);
57020a3a 2230 if (r < 0)
323dda78 2231 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
f976f3f6 2232
35d8c19a 2233 r = unit_add_dependency_by_name(UNIT(s), UNIT_TRIGGERED_BY, k, true, UNIT_DEPENDENCY_FILE);
57020a3a 2234 if (r < 0)
323dda78 2235 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
f976f3f6 2236 }
f976f3f6
LP		 2237}
2238
b02cb41c
LP		 2239int config_parse_bus_name(
2240 const char *unit,
2241 const char *filename,
2242 unsigned line,
2243 const char *section,
2244 unsigned section_line,
2245 const char *lvalue,
2246 int ltype,
2247 const char *rvalue,
2248 void *data,
2249 void *userdata) {
2250
2251 _cleanup_free_ char *k = NULL;
47538b76 2252 const Unit *u = userdata;
b02cb41c
LP		 2253 int r;
2254
2255 assert(filename);
2256 assert(lvalue);
2257 assert(rvalue);
2258 assert(u);
2259
06536492 2260 r = unit_full_printf_full(u, rvalue, SD_BUS_MAXIMUM_NAME_LENGTH, &k);
b02cb41c 2261 if (r < 0) {
323dda78 2262 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
b02cb41c
LP		 2263 return 0;
2264 }
2265
5453a4b1 2266 if (!sd_bus_service_name_is_valid(k)) {
323dda78 2267 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid bus name, ignoring: %s", k);
b02cb41c
LP		 2268 return 0;
2269 }
2270
2271 return config_parse_string(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
2272}
2273
aad41f08
LP		 2274int config_parse_service_timeout(
2275 const char *unit,
2276 const char *filename,
2277 unsigned line,
2278 const char *section,
2279 unsigned section_line,
2280 const char *lvalue,
2281 int ltype,
2282 const char *rvalue,
2283 void *data,
2284 void *userdata) {
98709151
LN		 2285
2286 Service *s = userdata;
aad41f08 2287 usec_t usec;
98709151
LN		 2288 int r;
2289
2290 assert(filename);
2291 assert(lvalue);
2292 assert(rvalue);
2293 assert(s);
2294
6c58305a 2295 /* This is called for two cases: TimeoutSec= and TimeoutStartSec=. */
98709151 2296
fb27be3f
YW		 2297 /* Traditionally, these options accepted 0 to disable the timeouts. However, a timeout of 0 suggests it happens
2298 * immediately, hence fix this to become USEC_INFINITY instead. This is in-line with how we internally handle
2299 * all other timeouts. */
2300 r = parse_sec_fix_0(rvalue, &usec);
aad41f08 2301 if (r < 0) {
323dda78 2302 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s= parameter, ignoring: %s", lvalue, rvalue);
aad41f08
LP		 2303 return 0;
2304 }
d568a335 2305
6c58305a
YW		 2306 s->start_timeout_defined = true;
2307 s->timeout_start_usec = usec;
36c16a7c 2308
6c58305a 2309 if (streq(lvalue, "TimeoutSec"))
aad41f08 2310 s->timeout_stop_usec = usec;
36c16a7c 2311
d568a335 2312 return 0;
98709151
LN		 2313}
2314
a61d6874 2315int config_parse_timeout_abort(
dc653bf4
JK		 2316 const char *unit,
2317 const char *filename,
2318 unsigned line,
2319 const char *section,
2320 unsigned section_line,
2321 const char *lvalue,
2322 int ltype,
2323 const char *rvalue,
2324 void *data,
2325 void *userdata) {
2326
a61d6874 2327 usec_t *ret = data;
dc653bf4
JK		 2328 int r;
2329
2330 assert(filename);
2331 assert(lvalue);
2332 assert(rvalue);
a61d6874
ZJS		 2333 assert(ret);
2334
2335 /* Note: apart from setting the arg, this returns an extra bit of information in the return value. */
dc653bf4 2336
dc653bf4 2337 if (isempty(rvalue)) {
a61d6874
ZJS		 2338 *ret = 0;
2339 return 0; /* "not set" */
dc653bf4
JK		 2340 }
2341
a61d6874
ZJS		 2342 r = parse_sec(rvalue, ret);
2343 if (r < 0)
323dda78 2344 return log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s= setting, ignoring: %s", lvalue, rvalue);
a61d6874
ZJS		 2345
2346 return 1; /* "set" */
2347}
2348
2349int config_parse_service_timeout_abort(
2350 const char *unit,
2351 const char *filename,
2352 unsigned line,
2353 const char *section,
2354 unsigned section_line,
2355 const char *lvalue,
2356 int ltype,
2357 const char *rvalue,
2358 void *data,
2359 void *userdata) {
2360
2361 Service *s = userdata;
2362 int r;
dc653bf4 2363
a61d6874
ZJS		 2364 assert(s);
2365
2366 r = config_parse_timeout_abort(unit, filename, line, section, section_line, lvalue, ltype, rvalue,
2367 &s->timeout_abort_usec, s);
2368 if (r >= 0)
2369 s->timeout_abort_set = r;
dc653bf4
JK		 2370 return 0;
2371}
2372
89beff89
LP		 2373int config_parse_sec_fix_0(
2374 const char *unit,
2375 const char *filename,
2376 unsigned line,
2377 const char *section,
2378 unsigned section_line,
2379 const char *lvalue,
2380 int ltype,
2381 const char *rvalue,
2382 void *data,
2383 void *userdata) {
2384
2385 usec_t *usec = data;
2386 int r;
2387
2388 assert(filename);
2389 assert(lvalue);
2390 assert(rvalue);
2391 assert(usec);
2392
2393 /* This is pretty much like config_parse_sec(), except that this treats a time of 0 as infinity, for
2394 * compatibility with older versions of systemd where 0 instead of infinity was used as indicator to turn off a
2395 * timeout. */
2396
0004f698 2397 r = parse_sec_fix_0(rvalue, usec);
323dda78
YW		 2398 if (r < 0)
2399 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s= parameter, ignoring: %s", lvalue, rvalue);
89beff89 2400
89beff89
LP		 2401 return 0;
2402}
2403
ae480f0b 2404int config_parse_user_group_compat(
66dccd8d
LP		 2405 const char *unit,
2406 const char *filename,
2407 unsigned line,
2408 const char *section,
2409 unsigned section_line,
2410 const char *lvalue,
2411 int ltype,
2412 const char *rvalue,
2413 void *data,
2414 void *userdata) {
2415
063c4b1a
YW		 2416 _cleanup_free_ char *k = NULL;
2417 char **user = data;
47538b76 2418 const Unit *u = userdata;
66dccd8d
LP		 2419 int r;
2420
2421 assert(filename);
2422 assert(lvalue);
2423 assert(rvalue);
2424 assert(u);
2425
063c4b1a
YW		 2426 if (isempty(rvalue)) {
2427 *user = mfree(*user);
2428 return 0;
2429 }
66dccd8d 2430
063c4b1a
YW		 2431 r = unit_full_printf(u, rvalue, &k);
2432 if (r < 0) {
2433 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", rvalue);
2434 return -ENOEXEC;
66dccd8d
LP		 2435 }
2436
7a8867ab 2437 if (!valid_user_group_name(k, VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX|VALID_USER_WARN)) {
063c4b1a
YW		 2438 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
2439 return -ENOEXEC;
2440 }
66dccd8d 2441
bed0b7df
LP		 2442 if (strstr(lvalue, "User") && streq(k, NOBODY_USER_NAME))
2443 log_struct(LOG_NOTICE,
2444 "MESSAGE=%s:%u: Special user %s configured, this is not safe!", filename, line, k,
2445 "UNIT=%s", unit,
2446 "MESSAGE_ID=" SD_MESSAGE_NOBODY_USER_UNSUITABLE_STR,
2447 "OFFENDING_USER=%s", k,
2448 "CONFIG_FILE=%s", filename,
2449 "CONFIG_LINE=%u", line);
2450
063c4b1a 2451 return free_and_replace(*user, k);
66dccd8d
LP		 2452}
2453
ae480f0b 2454int config_parse_user_group_strv_compat(
66dccd8d
LP		 2455 const char *unit,
2456 const char *filename,
2457 unsigned line,
2458 const char *section,
2459 unsigned section_line,
2460 const char *lvalue,
2461 int ltype,
2462 const char *rvalue,
2463 void *data,
2464 void *userdata) {
2465
2466 char ***users = data;
47538b76 2467 const Unit *u = userdata;
66dccd8d
LP		 2468 int r;
2469
2470 assert(filename);
2471 assert(lvalue);
2472 assert(rvalue);
2473 assert(u);
2474
2475 if (isempty(rvalue)) {
9f2d41a6 2476 *users = strv_free(*users);
66dccd8d
LP		 2477 return 0;
2478 }
2479
323dda78 2480 for (const char *p = rvalue;;) {
66dccd8d
LP		 2481 _cleanup_free_ char *word = NULL, *k = NULL;
2482
9a82ab95 2483 r = extract_first_word(&p, &word, NULL, 0);
66dccd8d
LP		 2484 if (r == -ENOMEM)
2485 return log_oom();
2486 if (r < 0) {
bb28e684
ZJS		 2487 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax: %s", rvalue);
2488 return -ENOEXEC;
66dccd8d 2489 }
a687f500
ZJS		 2490 if (r == 0)
2491 return 0;
66dccd8d
LP		 2492
2493 r = unit_full_printf(u, word, &k);
2494 if (r < 0) {
bb28e684
ZJS		 2495 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", word);
2496 return -ENOEXEC;
66dccd8d
LP		 2497 }
2498
7a8867ab 2499 if (!valid_user_group_name(k, VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX|VALID_USER_WARN)) {
bb28e684
ZJS		 2500 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
2501 return -ENOEXEC;
66dccd8d
LP		 2502 }
2503
2504 r = strv_push(users, k);
2505 if (r < 0)
2506 return log_oom();
2507
2508 k = NULL;
2509 }
66dccd8d
LP		 2510}
2511
5f5d8eab
LP		 2512int config_parse_working_directory(
2513 const char *unit,
2514 const char *filename,
2515 unsigned line,
2516 const char *section,
2517 unsigned section_line,
2518 const char *lvalue,
2519 int ltype,
2520 const char *rvalue,
2521 void *data,
2522 void *userdata) {
2523
2524 ExecContext *c = data;
47538b76 2525 const Unit *u = userdata;
5f5d8eab
LP		 2526 bool missing_ok;
2527 int r;
2528
2529 assert(filename);
2530 assert(lvalue);
2531 assert(rvalue);
2532 assert(c);
2533 assert(u);
2534
862fcffd
YW		 2535 if (isempty(rvalue)) {
2536 c->working_directory_home = false;
2537 c->working_directory = mfree(c->working_directory);
2538 return 0;
2539 }
2540
5f5d8eab
LP		 2541 if (rvalue[0] == '-') {
2542 missing_ok = true;
2543 rvalue++;
2544 } else
2545 missing_ok = false;
2546
2547 if (streq(rvalue, "~")) {
2548 c->working_directory_home = true;
2549 c->working_directory = mfree(c->working_directory);
2550 } else {
2551 _cleanup_free_ char *k = NULL;
2552
06536492 2553 r = unit_path_printf(u, rvalue, &k);
5f5d8eab 2554 if (r < 0) {
323dda78 2555 log_syntax(unit, missing_ok ? LOG_WARNING : LOG_ERR, filename, line, r,
bb28e684
ZJS		 2556 "Failed to resolve unit specifiers in working directory path '%s'%s: %m",
2557 rvalue, missing_ok ? ", ignoring" : "");
2558 return missing_ok ? 0 : -ENOEXEC;
5f5d8eab
LP		 2559 }
2560
2f4d31c1
YW		 2561 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE | (missing_ok ? 0 : PATH_CHECK_FATAL), unit, filename, line, lvalue);
2562 if (r < 0)
bb28e684 2563 return missing_ok ? 0 : -ENOEXEC;
5f5d8eab 2564
5f5d8eab 2565 c->working_directory_home = false;
bb28e684 2566 free_and_replace(c->working_directory, k);
5f5d8eab
LP		 2567 }
2568
2569 c->working_directory_missing_ok = missing_ok;
2570 return 0;
2571}
2572
e8e581bf
ZJS		 2573int config_parse_unit_env_file(const char *unit,
2574 const char *filename,
2575 unsigned line,
2576 const char *section,
71a61510 2577 unsigned section_line,
e8e581bf
ZJS		 2578 const char *lvalue,
2579 int ltype,
2580 const char *rvalue,
2581 void *data,
2582 void *userdata) {
ddb26e18 2583
853b8397 2584 char ***env = data;
47538b76 2585 const Unit *u = userdata;
19f6d710 2586 _cleanup_free_ char *n = NULL;
853b8397 2587 int r;
ddb26e18
LP		 2588
2589 assert(filename);
2590 assert(lvalue);
2591 assert(rvalue);
2592 assert(data);
2593
74051b9b
LP		 2594 if (isempty(rvalue)) {
2595 /* Empty assignment frees the list */
6796073e 2596 *env = strv_free(*env);
74051b9b
LP		 2597 return 0;
2598 }
2599
06536492 2600 r = unit_full_printf_full(u, rvalue, PATH_MAX, &n);
12ca818f 2601 if (r < 0) {
323dda78 2602 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
12ca818f
LP		 2603 return 0;
2604 }
8fef7659 2605
2f4d31c1
YW		 2606 r = path_simplify_and_warn(n[0] == '-' ? n + 1 : n, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2607 if (r < 0)
afe4bfe2 2608 return 0;
afe4bfe2 2609
2f4d31c1 2610 r = strv_push(env, n);
853b8397
LP		 2611 if (r < 0)
2612 return log_oom();
2613
2f4d31c1
YW		 2614 n = NULL;
2615
853b8397
LP		 2616 return 0;
2617}
2618
f7f3f5c3
LP		 2619int config_parse_environ(
2620 const char *unit,
2621 const char *filename,
2622 unsigned line,
2623 const char *section,
2624 unsigned section_line,
2625 const char *lvalue,
2626 int ltype,
2627 const char *rvalue,
2628 void *data,
2629 void *userdata) {
853b8397 2630
47538b76 2631 const Unit *u = userdata;
035fe294 2632 char ***env = data;
19f6d710 2633 int r;
853b8397
LP		 2634
2635 assert(filename);
2636 assert(lvalue);
2637 assert(rvalue);
97d0e5f8 2638 assert(data);
853b8397
LP		 2639
2640 if (isempty(rvalue)) {
2641 /* Empty assignment resets the list */
6796073e 2642 *env = strv_free(*env);
853b8397
LP		 2643 return 0;
2644 }
2645
323dda78 2646 for (const char *p = rvalue;; ) {
13734c75 2647 _cleanup_free_ char *word = NULL, *resolved = NULL;
035fe294 2648
4ec85141 2649 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
035fe294
ZJS		 2650 if (r == -ENOMEM)
2651 return log_oom();
12ca818f 2652 if (r < 0) {
035fe294
ZJS		 2653 log_syntax(unit, LOG_WARNING, filename, line, r,
2654 "Invalid syntax, ignoring: %s", rvalue);
12ca818f
LP		 2655 return 0;
2656 }
a687f500
ZJS		 2657 if (r == 0)
2658 return 0;
97d0e5f8 2659
46a9ee5d 2660 if (u)
06536492 2661 r = unit_env_printf(u, word, &resolved);
46a9ee5d 2662 else
de61a04b 2663 r = specifier_printf(word, sc_arg_max(), system_and_tmp_specifier_table, NULL, NULL, &resolved);
46a9ee5d
LP		 2664 if (r < 0) {
2665 log_syntax(unit, LOG_WARNING, filename, line, r,
2666 "Failed to resolve specifiers in %s, ignoring: %m", word);
2667 continue;
2668 }
853b8397 2669
13734c75 2670 if (!env_assignment_is_valid(resolved)) {
323dda78 2671 log_syntax(unit, LOG_WARNING, filename, line, 0,
13734c75 2672 "Invalid environment assignment, ignoring: %s", resolved);
853b8397
LP		 2673 continue;
2674 }
2675
13734c75 2676 r = strv_env_replace_consume(env, TAKE_PTR(resolved));
54ac3494 2677 if (r < 0)
13734c75 2678 return log_error_errno(r, "Failed to update environment: %m");
853b8397 2679 }
ddb26e18
LP		 2680}
2681
00819cc1
LP		 2682int config_parse_pass_environ(
2683 const char *unit,
2684 const char *filename,
2685 unsigned line,
2686 const char *section,
2687 unsigned section_line,
2688 const char *lvalue,
2689 int ltype,
2690 const char *rvalue,
2691 void *data,
2692 void *userdata) {
b4c14404 2693
b4c14404 2694 _cleanup_strv_free_ char **n = NULL;
47538b76 2695 const Unit *u = userdata;
319a4f4b
LP		 2696 char*** passenv = data;
2697 size_t nlen = 0;
b4c14404
FB		 2698 int r;
2699
2700 assert(filename);
2701 assert(lvalue);
2702 assert(rvalue);
2703 assert(data);
2704
2705 if (isempty(rvalue)) {
2706 /* Empty assignment resets the list */
2707 *passenv = strv_free(*passenv);
2708 return 0;
2709 }
2710
323dda78 2711 for (const char *p = rvalue;;) {
41de9cc2 2712 _cleanup_free_ char *word = NULL, *k = NULL;
b4c14404 2713
4ec85141 2714 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
b4c14404
FB		 2715 if (r == -ENOMEM)
2716 return log_oom();
2717 if (r < 0) {
323dda78 2718 log_syntax(unit, LOG_WARNING, filename, line, r,
063c4b1a 2719 "Trailing garbage in %s, ignoring: %s", lvalue, rvalue);
b4c14404
FB		 2720 break;
2721 }
a687f500
ZJS		 2722 if (r == 0)
2723 break;
b4c14404 2724
41de9cc2 2725 if (u) {
06536492 2726 r = unit_env_printf(u, word, &k);
41de9cc2 2727 if (r < 0) {
323dda78 2728 log_syntax(unit, LOG_WARNING, filename, line, r,
063c4b1a 2729 "Failed to resolve specifiers in %s, ignoring: %m", word);
41de9cc2
LP		 2730 continue;
2731 }
ae2a15bc
LP		 2732 } else
2733 k = TAKE_PTR(word);
41de9cc2
LP		 2734
2735 if (!env_name_is_valid(k)) {
323dda78 2736 log_syntax(unit, LOG_WARNING, filename, line, 0,
41de9cc2 2737 "Invalid environment name for %s, ignoring: %s", lvalue, k);
b4c14404
FB		 2738 continue;
2739 }
2740
319a4f4b 2741 if (!GREEDY_REALLOC(n, nlen + 2))
b4c14404 2742 return log_oom();
41de9cc2 2743
1cc6c93a 2744 n[nlen++] = TAKE_PTR(k);
b4c14404 2745 n[nlen] = NULL;
b4c14404
FB		 2746 }
2747
2748 if (n) {
2749 r = strv_extend_strv(passenv, n, true);
2750 if (r < 0)
16eb0c4a 2751 return log_oom();
b4c14404
FB		 2752 }
2753
2754 return 0;
2755}
2756
00819cc1
LP		 2757int config_parse_unset_environ(
2758 const char *unit,
2759 const char *filename,
2760 unsigned line,
2761 const char *section,
2762 unsigned section_line,
2763 const char *lvalue,
2764 int ltype,
2765 const char *rvalue,
2766 void *data,
2767 void *userdata) {
2768
2769 _cleanup_strv_free_ char **n = NULL;
00819cc1 2770 char*** unsetenv = data;
47538b76 2771 const Unit *u = userdata;
319a4f4b 2772 size_t nlen = 0;
00819cc1
LP		 2773 int r;
2774
2775 assert(filename);
2776 assert(lvalue);
2777 assert(rvalue);
2778 assert(data);
2779
2780 if (isempty(rvalue)) {
2781 /* Empty assignment resets the list */
2782 *unsetenv = strv_free(*unsetenv);
2783 return 0;
2784 }
2785
323dda78 2786 for (const char *p = rvalue;;) {
00819cc1
LP		 2787 _cleanup_free_ char *word = NULL, *k = NULL;
2788
4ec85141 2789 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
00819cc1
LP		 2790 if (r == -ENOMEM)
2791 return log_oom();
2792 if (r < 0) {
323dda78 2793 log_syntax(unit, LOG_WARNING, filename, line, r,
063c4b1a 2794 "Trailing garbage in %s, ignoring: %s", lvalue, rvalue);
00819cc1
LP		 2795 break;
2796 }
a687f500
ZJS		 2797 if (r == 0)
2798 break;
00819cc1
LP		 2799
2800 if (u) {
06536492 2801 r = unit_env_printf(u, word, &k);
00819cc1 2802 if (r < 0) {
323dda78 2803 log_syntax(unit, LOG_WARNING, filename, line, r,
063c4b1a 2804 "Failed to resolve unit specifiers in %s, ignoring: %m", word);
00819cc1
LP		 2805 continue;
2806 }
ae2a15bc
LP		 2807 } else
2808 k = TAKE_PTR(word);
00819cc1
LP		 2809
2810 if (!env_assignment_is_valid(k) && !env_name_is_valid(k)) {
323dda78 2811 log_syntax(unit, LOG_WARNING, filename, line, 0,
00819cc1
LP		 2812 "Invalid environment name or assignment %s, ignoring: %s", lvalue, k);
2813 continue;
2814 }
2815
319a4f4b 2816 if (!GREEDY_REALLOC(n, nlen + 2))
00819cc1
LP		 2817 return log_oom();
2818
1cc6c93a 2819 n[nlen++] = TAKE_PTR(k);
00819cc1 2820 n[nlen] = NULL;
00819cc1
LP		 2821 }
2822
2823 if (n) {
2824 r = strv_extend_strv(unsetenv, n, true);
2825 if (r < 0)
16eb0c4a 2826 return log_oom();
00819cc1
LP		 2827 }
2828
2829 return 0;
2830}
2831
d3070fbd
LP		 2832int config_parse_log_extra_fields(
2833 const char *unit,
2834 const char *filename,
2835 unsigned line,
2836 const char *section,
2837 unsigned section_line,
2838 const char *lvalue,
2839 int ltype,
2840 const char *rvalue,
2841 void *data,
2842 void *userdata) {
2843
2844 ExecContext *c = data;
47538b76 2845 const Unit *u = userdata;
d3070fbd
LP		 2846 int r;
2847
2848 assert(filename);
2849 assert(lvalue);
2850 assert(rvalue);
2851 assert(c);
2852
2853 if (isempty(rvalue)) {
2854 exec_context_free_log_extra_fields(c);
2855 return 0;
2856 }
2857
323dda78 2858 for (const char *p = rvalue;;) {
d3070fbd
LP		 2859 _cleanup_free_ char *word = NULL, *k = NULL;
2860 struct iovec *t;
2861 const char *eq;
2862
4ec85141 2863 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
d3070fbd
LP		 2864 if (r == -ENOMEM)
2865 return log_oom();
2866 if (r < 0) {
2867 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
2868 return 0;
2869 }
a687f500
ZJS		 2870 if (r == 0)
2871 return 0;
d3070fbd
LP		 2872
2873 r = unit_full_printf(u, word, &k);
2874 if (r < 0) {
323dda78 2875 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", word);
d3070fbd
LP		 2876 continue;
2877 }
2878
2879 eq = strchr(k, '=');
2880 if (!eq) {
323dda78 2881 log_syntax(unit, LOG_WARNING, filename, line, 0, "Log field lacks '=' character, ignoring: %s", k);
d3070fbd
LP		 2882 continue;
2883 }
2884
2885 if (!journal_field_valid(k, eq-k, false)) {
323dda78 2886 log_syntax(unit, LOG_WARNING, filename, line, 0, "Log field name is invalid, ignoring: %s", k);
d3070fbd
LP		 2887 continue;
2888 }
2889
aa484f35 2890 t = reallocarray(c->log_extra_fields, c->n_log_extra_fields+1, sizeof(struct iovec));
d3070fbd
LP		 2891 if (!t)
2892 return log_oom();
2893
2894 c->log_extra_fields = t;
2895 c->log_extra_fields[c->n_log_extra_fields++] = IOVEC_MAKE_STRING(k);
2896
2897 k = NULL;
2898 }
d3070fbd
LP		 2899}
2900
91dd5f7c
LP		 2901int config_parse_log_namespace(
2902 const char *unit,
2903 const char *filename,
2904 unsigned line,
2905 const char *section,
2906 unsigned section_line,
2907 const char *lvalue,
2908 int ltype,
2909 const char *rvalue,
2910 void *data,
2911 void *userdata) {
2912
2913 _cleanup_free_ char *k = NULL;
2914 ExecContext *c = data;
2915 const Unit *u = userdata;
2916 int r;
2917
2918 assert(filename);
2919 assert(lvalue);
2920 assert(rvalue);
2921 assert(c);
2922
2923 if (isempty(rvalue)) {
2924 c->log_namespace = mfree(c->log_namespace);
2925 return 0;
2926 }
2927
06536492 2928 r = unit_full_printf_full(u, rvalue, NAME_MAX, &k);
91dd5f7c 2929 if (r < 0) {
323dda78 2930 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
91dd5f7c
LP		 2931 return 0;
2932 }
2933
2934 if (!log_namespace_name_valid(k)) {
323dda78 2935 log_syntax(unit, LOG_WARNING, filename, line, 0, "Specified log namespace name is not valid, ignoring: %s", k);
91dd5f7c
LP		 2936 return 0;
2937 }
2938
2939 free_and_replace(c->log_namespace, k);
2940 return 0;
2941}
2942
59fccdc5
LP		 2943int config_parse_unit_condition_path(
2944 const char *unit,
2945 const char *filename,
2946 unsigned line,
2947 const char *section,
2948 unsigned section_line,
2949 const char *lvalue,
2950 int ltype,
2951 const char *rvalue,
2952 void *data,
2953 void *userdata) {
52661efd 2954
2fbe635a 2955 _cleanup_free_ char *p = NULL;
59fccdc5
LP		 2956 Condition **list = data, *c;
2957 ConditionType t = ltype;
2958 bool trigger, negate;
47538b76 2959 const Unit *u = userdata;
19f6d710 2960 int r;
52661efd
LP		 2961
2962 assert(filename);
2963 assert(lvalue);
2964 assert(rvalue);
2965 assert(data);
2966
74051b9b
LP		 2967 if (isempty(rvalue)) {
2968 /* Empty assignment resets the list */
447021aa 2969 *list = condition_free_list(*list);
74051b9b
LP		 2970 return 0;
2971 }
2972
ab7f148f
LP		 2973 trigger = rvalue[0] == '|';
2974 if (trigger)
267632f0
LP		 2975 rvalue++;
2976
ab7f148f
LP		 2977 negate = rvalue[0] == '!';
2978 if (negate)
52661efd
LP		 2979 rvalue++;
2980
06536492 2981 r = unit_path_printf(u, rvalue, &p);
59fccdc5 2982 if (r < 0) {
323dda78 2983 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
59fccdc5 2984 return 0;
19f6d710 2985 }
095b2d7a 2986
2f4d31c1
YW		 2987 r = path_simplify_and_warn(p, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2988 if (r < 0)
52661efd 2989 return 0;
52661efd 2990
59fccdc5 2991 c = condition_new(t, p, trigger, negate);
ab7f148f 2992 if (!c)
74051b9b 2993 return log_oom();
52661efd 2994
59fccdc5 2995 LIST_PREPEND(conditions, *list, c);
52661efd
LP		 2996 return 0;
2997}
2998
59fccdc5
LP		 2999int config_parse_unit_condition_string(
3000 const char *unit,
3001 const char *filename,
3002 unsigned line,
3003 const char *section,
3004 unsigned section_line,
3005 const char *lvalue,
3006 int ltype,
3007 const char *rvalue,
3008 void *data,
3009 void *userdata) {
039655a4 3010
2fbe635a 3011 _cleanup_free_ char *s = NULL;
59fccdc5
LP		 3012 Condition **list = data, *c;
3013 ConditionType t = ltype;
3014 bool trigger, negate;
47538b76 3015 const Unit *u = userdata;
19f6d710 3016 int r;
039655a4
LP		 3017
3018 assert(filename);
3019 assert(lvalue);
3020 assert(rvalue);
3021 assert(data);
3022
74051b9b
LP		 3023 if (isempty(rvalue)) {
3024 /* Empty assignment resets the list */
447021aa 3025 *list = condition_free_list(*list);
74051b9b
LP		 3026 return 0;
3027 }
3028
9266f31e 3029 trigger = *rvalue == '|';
c0d6e764 3030 if (trigger)
9266f31e 3031 rvalue += 1 + strspn(rvalue + 1, WHITESPACE);
267632f0 3032
9266f31e 3033 negate = *rvalue == '!';
c0d6e764 3034 if (negate)
9266f31e 3035 rvalue += 1 + strspn(rvalue + 1, WHITESPACE);
039655a4 3036
19f6d710 3037 r = unit_full_printf(u, rvalue, &s);
59fccdc5 3038 if (r < 0) {
323dda78 3039 log_syntax(unit, LOG_WARNING, filename, line, r,
cae90de3 3040 "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
59fccdc5 3041 return 0;
19f6d710 3042 }
095b2d7a 3043
59fccdc5 3044 c = condition_new(t, s, trigger, negate);
c0d6e764
LP		 3045 if (!c)
3046 return log_oom();
039655a4 3047
59fccdc5 3048 LIST_PREPEND(conditions, *list, c);
039655a4
LP		 3049 return 0;
3050}
3051
a57f7e2c
LP		 3052int config_parse_unit_requires_mounts_for(
3053 const char *unit,
3054 const char *filename,
3055 unsigned line,
3056 const char *section,
71a61510 3057 unsigned section_line,
a57f7e2c
LP		 3058 const char *lvalue,
3059 int ltype,
3060 const char *rvalue,
3061 void *data,
3062 void *userdata) {
7c8fa05c
LP		 3063
3064 Unit *u = userdata;
035fe294 3065 int r;
7c8fa05c
LP		 3066
3067 assert(filename);
3068 assert(lvalue);
3069 assert(rvalue);
3070 assert(data);
3071
323dda78 3072 for (const char *p = rvalue;;) {
744bb5b1 3073 _cleanup_free_ char *word = NULL, *resolved = NULL;
a57f7e2c 3074
4ec85141 3075 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
035fe294 3076 if (r == -ENOMEM)
a57f7e2c 3077 return log_oom();
035fe294
ZJS		 3078 if (r < 0) {
3079 log_syntax(unit, LOG_WARNING, filename, line, r,
3080 "Invalid syntax, ignoring: %s", rvalue);
3081 return 0;
3082 }
a687f500
ZJS		 3083 if (r == 0)
3084 return 0;
7c8fa05c 3085
06536492 3086 r = unit_path_printf(u, word, &resolved);
744bb5b1 3087 if (r < 0) {
323dda78 3088 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
744bb5b1
LP		 3089 continue;
3090 }
3091
2f4d31c1
YW		 3092 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
3093 if (r < 0)
3094 continue;
3095
eef85c4a 3096 r = unit_require_mounts_for(u, resolved, UNIT_DEPENDENCY_FILE);
a57f7e2c 3097 if (r < 0) {
323dda78 3098 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to add required mount '%s', ignoring: %m", resolved);
a57f7e2c
LP		 3099 continue;
3100 }
3101 }
7c8fa05c 3102}
9e372868 3103
8c6493e5
YW		 3104int config_parse_documentation(
3105 const char *unit,
3106 const char *filename,
3107 unsigned line,
3108 const char *section,
3109 unsigned section_line,
3110 const char *lvalue,
3111 int ltype,
3112 const char *rvalue,
3113 void *data,
3114 void *userdata) {
49dbfa7b
LP		 3115
3116 Unit *u = userdata;
3117 int r;
3118 char **a, **b;
3119
3120 assert(filename);
3121 assert(lvalue);
3122 assert(rvalue);
3123 assert(u);
3124
74051b9b
LP		 3125 if (isempty(rvalue)) {
3126 /* Empty assignment resets the list */
6796073e 3127 u->documentation = strv_free(u->documentation);
74051b9b
LP		 3128 return 0;
3129 }
3130
71a61510 3131 r = config_parse_unit_strv_printf(unit, filename, line, section, section_line, lvalue, ltype,
e8e581bf 3132 rvalue, data, userdata);
49dbfa7b
LP		 3133 if (r < 0)
3134 return r;
3135
3136 for (a = b = u->documentation; a && *a; a++) {
3137
a2e03378 3138 if (documentation_url_is_valid(*a))
49dbfa7b
LP		 3139 *(b++) = *a;
3140 else {
323dda78 3141 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid URL, ignoring: %s", *a);
49dbfa7b
LP		 3142 free(*a);
3143 }
3144 }
f6d2d421
ZJS		 3145 if (b)
3146 *b = NULL;
49dbfa7b 3147
8c6493e5 3148 return 0;
49dbfa7b
LP		 3149}
3150
349cc4a5 3151#if HAVE_SECCOMP
17df7223
LP		 3152int config_parse_syscall_filter(
3153 const char *unit,
3154 const char *filename,
3155 unsigned line,
3156 const char *section,
3157 unsigned section_line,
3158 const char *lvalue,
3159 int ltype,
3160 const char *rvalue,
3161 void *data,
3162 void *userdata) {
3163
8351ceae 3164 ExecContext *c = data;
0a0e594a 3165 _unused_ const Unit *u = userdata;
b5fb3789 3166 bool invert = false;
17df7223 3167 int r;
8351ceae
LP		 3168
3169 assert(filename);
3170 assert(lvalue);
3171 assert(rvalue);
3172 assert(u);
3173
74051b9b
LP		 3174 if (isempty(rvalue)) {
3175 /* Empty assignment resets the list */
8cfa775f 3176 c->syscall_filter = hashmap_free(c->syscall_filter);
6b000af4 3177 c->syscall_allow_list = false;
74051b9b
LP		 3178 return 0;
3179 }
3180
8351ceae
LP		 3181 if (rvalue[0] == '~') {
3182 invert = true;
3183 rvalue++;
3184 }
3185
17df7223 3186 if (!c->syscall_filter) {
8cfa775f 3187 c->syscall_filter = hashmap_new(NULL);
17df7223
LP		 3188 if (!c->syscall_filter)
3189 return log_oom();
3190
c0467cf3 3191 if (invert)
17df7223 3192 /* Allow everything but the ones listed */
6b000af4 3193 c->syscall_allow_list = false;
c0467cf3 3194 else {
17df7223 3195 /* Allow nothing but the ones listed */
6b000af4 3196 c->syscall_allow_list = true;
8351ceae 3197
387f6955 3198 /* Accept default syscalls if we are on an allow_list */
2f6b9110
LP		 3199 r = seccomp_parse_syscall_filter(
3200 "@default", -1, c->syscall_filter,
6b000af4 3201 SECCOMP_PARSE_PERMISSIVE|SECCOMP_PARSE_ALLOW_LIST,
58f6ab44
ZJS		 3202 unit,
3203 NULL, 0);
201c1cc2
TM		 3204 if (r < 0)
3205 return r;
c0467cf3 3206 }
8351ceae
LP		 3207 }
3208
323dda78 3209 for (const char *p = rvalue;;) {
8cfa775f
YW		 3210 _cleanup_free_ char *word = NULL, *name = NULL;
3211 int num;
8351ceae 3212
8130926d 3213 r = extract_first_word(&p, &word, NULL, 0);
8130926d 3214 if (r == -ENOMEM)
74051b9b 3215 return log_oom();
8130926d 3216 if (r < 0) {
084a46d7
YW		 3217 log_syntax(unit, LOG_WARNING, filename, line, r,
3218 "Invalid syntax, ignoring: %s", rvalue);
063c4b1a 3219 return 0;
8130926d 3220 }
a687f500
ZJS		 3221 if (r == 0)
3222 return 0;
8351ceae 3223
8cfa775f
YW		 3224 r = parse_syscall_and_errno(word, &name, &num);
3225 if (r < 0) {
084a46d7
YW		 3226 log_syntax(unit, LOG_WARNING, filename, line, r,
3227 "Failed to parse syscall:errno, ignoring: %s", word);
3228 continue;
3229 }
3230 if (!invert && num >= 0) {
3231 log_syntax(unit, LOG_WARNING, filename, line, 0,
3232 "Allow-listed system calls cannot take error number, ignoring: %s", word);
8cfa775f
YW		 3233 continue;
3234 }
3235
58f6ab44 3236 r = seccomp_parse_syscall_filter(
acd142af
LP		 3237 name, num, c->syscall_filter,
3238 SECCOMP_PARSE_LOG|SECCOMP_PARSE_PERMISSIVE|
3239 (invert ? SECCOMP_PARSE_INVERT : 0)|
6b000af4 3240 (c->syscall_allow_list ? SECCOMP_PARSE_ALLOW_LIST : 0),
acd142af 3241 unit, filename, line);
201c1cc2
TM		 3242 if (r < 0)
3243 return r;
c0467cf3 3244 }
17df7223
LP		 3245}
3246
9df2cdd8
TM		 3247int config_parse_syscall_log(
3248 const char *unit,
3249 const char *filename,
3250 unsigned line,
3251 const char *section,
3252 unsigned section_line,
3253 const char *lvalue,
3254 int ltype,
3255 const char *rvalue,
3256 void *data,
3257 void *userdata) {
3258
3259 ExecContext *c = data;
3260 _unused_ const Unit *u = userdata;
3261 bool invert = false;
3262 const char *p;
3263 int r;
3264
3265 assert(filename);
3266 assert(lvalue);
3267 assert(rvalue);
3268 assert(u);
3269
3270 if (isempty(rvalue)) {
3271 /* Empty assignment resets the list */
3272 c->syscall_log = hashmap_free(c->syscall_log);
3273 c->syscall_log_allow_list = false;
3274 return 0;
3275 }
3276
3277 if (rvalue[0] == '~') {
3278 invert = true;
3279 rvalue++;
3280 }
3281
3282 if (!c->syscall_log) {
3283 c->syscall_log = hashmap_new(NULL);
3284 if (!c->syscall_log)
3285 return log_oom();
3286
3287 if (invert)
3288 /* Log everything but the ones listed */
3289 c->syscall_log_allow_list = false;
3290 else
3291 /* Log nothing but the ones listed */
3292 c->syscall_log_allow_list = true;
3293 }
3294
3295 p = rvalue;
3296 for (;;) {
696a13ba 3297 _cleanup_free_ char *word = NULL;
9df2cdd8
TM		 3298
3299 r = extract_first_word(&p, &word, NULL, 0);
9df2cdd8
TM		 3300 if (r == -ENOMEM)
3301 return log_oom();
3302 if (r < 0) {
3303 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
3304 return 0;
3305 }
a687f500
ZJS		 3306 if (r == 0)
3307 return 0;
9df2cdd8 3308
9df2cdd8 3309 r = seccomp_parse_syscall_filter(
696a13ba 3310 word, -1, c->syscall_log,
9df2cdd8
TM		 3311 SECCOMP_PARSE_LOG|SECCOMP_PARSE_PERMISSIVE|
3312 (invert ? SECCOMP_PARSE_INVERT : 0)|
3313 (c->syscall_log_allow_list ? SECCOMP_PARSE_ALLOW_LIST : 0),
3314 unit, filename, line);
3315 if (r < 0)
3316 return r;
3317 }
3318}
3319
57183d11
LP		 3320int config_parse_syscall_archs(
3321 const char *unit,
3322 const char *filename,
3323 unsigned line,
3324 const char *section,
3325 unsigned section_line,
3326 const char *lvalue,
3327 int ltype,
3328 const char *rvalue,
3329 void *data,
3330 void *userdata) {
3331
d3b1c508 3332 Set **archs = data;
57183d11
LP		 3333 int r;
3334
3335 if (isempty(rvalue)) {
525d3cc7 3336 *archs = set_free(*archs);
57183d11
LP		 3337 return 0;
3338 }
3339
323dda78 3340 for (const char *p = rvalue;;) {
035fe294 3341 _cleanup_free_ char *word = NULL;
57183d11
LP		 3342 uint32_t a;
3343
4ec85141 3344 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
035fe294 3345 if (r == -ENOMEM)
57183d11 3346 return log_oom();
035fe294
ZJS		 3347 if (r < 0) {
3348 log_syntax(unit, LOG_WARNING, filename, line, r,
3349 "Invalid syntax, ignoring: %s", rvalue);
3350 return 0;
3351 }
a687f500
ZJS		 3352 if (r == 0)
3353 return 0;
57183d11 3354
035fe294 3355 r = seccomp_arch_from_string(word, &a);
57183d11 3356 if (r < 0) {
323dda78 3357 log_syntax(unit, LOG_WARNING, filename, line, r,
035fe294 3358 "Failed to parse system call architecture \"%s\", ignoring: %m", word);
57183d11
LP		 3359 continue;
3360 }
3361
de7fef4b 3362 r = set_ensure_put(archs, NULL, UINT32_TO_PTR(a + 1));
57183d11
LP		 3363 if (r < 0)
3364 return log_oom();
3365 }
57183d11
LP		 3366}
3367
17df7223
LP		 3368int config_parse_syscall_errno(
3369 const char *unit,
3370 const char *filename,
3371 unsigned line,
3372 const char *section,
3373 unsigned section_line,
3374 const char *lvalue,
3375 int ltype,
3376 const char *rvalue,
3377 void *data,
3378 void *userdata) {
3379
3380 ExecContext *c = data;
3381 int e;
3382
3383 assert(filename);
3384 assert(lvalue);
3385 assert(rvalue);
3386
005bfaf1 3387 if (isempty(rvalue) || streq(rvalue, "kill")) {
17df7223 3388 /* Empty assignment resets to KILL */
005bfaf1 3389 c->syscall_errno = SECCOMP_ERROR_NUMBER_KILL;
17df7223 3390 return 0;
8351ceae
LP		 3391 }
3392
3df90f24 3393 e = parse_errno(rvalue);
b98680b2
YW		 3394 if (e < 0) {
3395 log_syntax(unit, LOG_WARNING, filename, line, e, "Failed to parse error number, ignoring: %s", rvalue);
3396 return 0;
3397 }
3398 if (e == 0) {
3399 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid error number, ignoring: %s", rvalue);
17df7223
LP		 3400 return 0;
3401 }
8351ceae 3402
17df7223 3403 c->syscall_errno = e;
8351ceae
LP		 3404 return 0;
3405}
4298d0b5
LP		 3406
3407int config_parse_address_families(
3408 const char *unit,
3409 const char *filename,
3410 unsigned line,
3411 const char *section,
3412 unsigned section_line,
3413 const char *lvalue,
3414 int ltype,
3415 const char *rvalue,
3416 void *data,
3417 void *userdata) {
3418
3419 ExecContext *c = data;
4298d0b5 3420 bool invert = false;
4298d0b5
LP		 3421 int r;
3422
3423 assert(filename);
3424 assert(lvalue);
3425 assert(rvalue);
4298d0b5
LP		 3426
3427 if (isempty(rvalue)) {
3428 /* Empty assignment resets the list */
525d3cc7 3429 c->address_families = set_free(c->address_families);
6b000af4 3430 c->address_families_allow_list = false;
4298d0b5
LP		 3431 return 0;
3432 }
3433
4e6c50a5
YW		 3434 if (streq(rvalue, "none")) {
3435 /* Forbid all address families. */
3436 c->address_families = set_free(c->address_families);
3437 c->address_families_allow_list = true;
3438 return 0;
3439 }
3440
4298d0b5
LP		 3441 if (rvalue[0] == '~') {
3442 invert = true;
3443 rvalue++;
3444 }
3445
3446 if (!c->address_families) {
d5099efc 3447 c->address_families = set_new(NULL);
4298d0b5
LP		 3448 if (!c->address_families)
3449 return log_oom();
3450
6b000af4 3451 c->address_families_allow_list = !invert;
4298d0b5
LP		 3452 }
3453
323dda78 3454 for (const char *p = rvalue;;) {
035fe294 3455 _cleanup_free_ char *word = NULL;
4298d0b5
LP		 3456 int af;
3457
4ec85141 3458 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
035fe294 3459 if (r == -ENOMEM)
4298d0b5 3460 return log_oom();
035fe294
ZJS		 3461 if (r < 0) {
3462 log_syntax(unit, LOG_WARNING, filename, line, r,
3463 "Invalid syntax, ignoring: %s", rvalue);
3464 return 0;
3465 }
a687f500
ZJS		 3466 if (r == 0)
3467 return 0;
4298d0b5 3468
035fe294 3469 af = af_from_name(word);
acf4d158 3470 if (af < 0) {
323dda78 3471 log_syntax(unit, LOG_WARNING, filename, line, af,
063c4b1a 3472 "Failed to parse address family, ignoring: %s", word);
4298d0b5
LP		 3473 continue;
3474 }
3475
3476 /* If we previously wanted to forbid an address family and now
035fe294 3477 * we want to allow it, then just remove it from the list.
4298d0b5 3478 */
6b000af4 3479 if (!invert == c->address_families_allow_list) {
4298d0b5 3480 r = set_put(c->address_families, INT_TO_PTR(af));
4298d0b5
LP		 3481 if (r < 0)
3482 return log_oom();
3483 } else
3484 set_remove(c->address_families, INT_TO_PTR(af));
3485 }
4298d0b5 3486}
add00535
LP		 3487
3488int config_parse_restrict_namespaces(
3489 const char *unit,
3490 const char *filename,
3491 unsigned line,
3492 const char *section,
3493 unsigned section_line,
3494 const char *lvalue,
3495 int ltype,
3496 const char *rvalue,
3497 void *data,
3498 void *userdata) {
3499
3500 ExecContext *c = data;
aa9d574d 3501 unsigned long flags;
add00535
LP		 3502 bool invert = false;
3503 int r;
3504
3505 if (isempty(rvalue)) {
3506 /* Reset to the default. */
aa9d574d
YW		 3507 c->restrict_namespaces = NAMESPACE_FLAGS_INITIAL;
3508 return 0;
3509 }
3510
3511 /* Boolean parameter ignores the previous settings */
3512 r = parse_boolean(rvalue);
3513 if (r > 0) {
3514 c->restrict_namespaces = 0;
3515 return 0;
3516 } else if (r == 0) {
add00535
LP		 3517 c->restrict_namespaces = NAMESPACE_FLAGS_ALL;
3518 return 0;
3519 }
3520
3521 if (rvalue[0] == '~') {
3522 invert = true;
3523 rvalue++;
3524 }
3525
aa9d574d
YW		 3526 /* Not a boolean argument, in this case it's a list of namespace types. */
3527 r = namespace_flags_from_string(rvalue, &flags);
3528 if (r < 0) {
323dda78 3529 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse namespace type string, ignoring: %s", rvalue);
aa9d574d 3530 return 0;
add00535
LP		 3531 }
3532
aa9d574d
YW		 3533 if (c->restrict_namespaces == NAMESPACE_FLAGS_INITIAL)
3534 /* Initial assignment. Just set the value. */
3535 c->restrict_namespaces = invert ? (~flags) & NAMESPACE_FLAGS_ALL : flags;
3536 else
3537 /* Merge the value with the previous one. */
3538 SET_FLAG(c->restrict_namespaces, flags, !invert);
add00535
LP		 3539
3540 return 0;
3541}
c0467cf3 3542#endif
8351ceae 3543
a016b922
LP		 3544int config_parse_unit_slice(
3545 const char *unit,
3546 const char *filename,
3547 unsigned line,
3548 const char *section,
71a61510 3549 unsigned section_line,
a016b922
LP		 3550 const char *lvalue,
3551 int ltype,
3552 const char *rvalue,
3553 void *data,
3554 void *userdata) {
3555
063c4b1a 3556 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
a016b922 3557 _cleanup_free_ char *k = NULL;
abc9fa1c 3558 Unit *u = userdata, *slice;
a016b922
LP		 3559 int r;
3560
3561 assert(filename);
3562 assert(lvalue);
3563 assert(rvalue);
3564 assert(u);
3565
19f6d710 3566 r = unit_name_printf(u, rvalue, &k);
d79200e2 3567 if (r < 0) {
323dda78 3568 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
d79200e2 3569 return 0;
19f6d710 3570 }
a016b922 3571
063c4b1a 3572 r = manager_load_unit(u->manager, k, NULL, &error, &slice);
a016b922 3573 if (r < 0) {
323dda78 3574 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to load slice unit %s, ignoring: %s", k, bus_error_message(&error, r));
a016b922
LP		 3575 return 0;
3576 }
3577
d219a2b0 3578 r = unit_set_slice(u, slice, UNIT_DEPENDENCY_FILE);
d79200e2 3579 if (r < 0) {
323dda78 3580 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to assign slice %s to unit %s, ignoring: %m", slice->id, u->id);
a016b922
LP		 3581 return 0;
3582 }
3583
a016b922
LP		 3584 return 0;
3585}
3586
b2f8b02e
LP		 3587int config_parse_cpu_quota(
3588 const char *unit,
3589 const char *filename,
3590 unsigned line,
3591 const char *section,
3592 unsigned section_line,
3593 const char *lvalue,
3594 int ltype,
3595 const char *rvalue,
3596 void *data,
3597 void *userdata) {
3598
3599 CGroupContext *c = data;
9184ca48 3600 int r;
b2f8b02e
LP		 3601
3602 assert(filename);
3603 assert(lvalue);
3604 assert(rvalue);
3605
3606 if (isempty(rvalue)) {
3a43da28 3607 c->cpu_quota_per_sec_usec = USEC_INFINITY;
b2f8b02e
LP		 3608 return 0;
3609 }
3610
fe845b5e 3611 r = parse_permyriad_unbounded(rvalue);
9184ca48 3612 if (r <= 0) {
323dda78 3613 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid CPU quota '%s', ignoring.", rvalue);
9a054909 3614 return 0;
b2f8b02e
LP		 3615 }
3616
fe845b5e 3617 c->cpu_quota_per_sec_usec = ((usec_t) r * USEC_PER_SEC) / 10000U;
b2f8b02e
LP		 3618 return 0;
3619}
3620
0b8d3075 3621int config_parse_allowed_cpus(
047f5d63
PH		 3622 const char *unit,
3623 const char *filename,
3624 unsigned line,
3625 const char *section,
3626 unsigned section_line,
3627 const char *lvalue,
3628 int ltype,
3629 const char *rvalue,
3630 void *data,
3631 void *userdata) {
3632
3633 CGroupContext *c = data;
3634
3635 (void) parse_cpu_set_extend(rvalue, &c->cpuset_cpus, true, unit, filename, line, lvalue);
3636
3637 return 0;
3638}
3639
0b8d3075 3640int config_parse_allowed_mems(
047f5d63
PH		 3641 const char *unit,
3642 const char *filename,
3643 unsigned line,
3644 const char *section,
3645 unsigned section_line,
3646 const char *lvalue,
3647 int ltype,
3648 const char *rvalue,
3649 void *data,
3650 void *userdata) {
3651
3652 CGroupContext *c = data;
3653
3654 (void) parse_cpu_set_extend(rvalue, &c->cpuset_mems, true, unit, filename, line, lvalue);
3655
3656 return 0;
3657}
3658
4ad49000
LP		 3659int config_parse_memory_limit(
3660 const char *unit,
3661 const char *filename,
3662 unsigned line,
3663 const char *section,
71a61510 3664 unsigned section_line,
4ad49000
LP		 3665 const char *lvalue,
3666 int ltype,
3667 const char *rvalue,
3668 void *data,
3669 void *userdata) {
3670
3671 CGroupContext *c = data;
da4d897e 3672 uint64_t bytes = CGROUP_LIMIT_MAX;
4ad49000
LP		 3673 int r;
3674
67e2baff
MK		 3675 if (isempty(rvalue) && STR_IN_SET(lvalue, "DefaultMemoryLow",
3676 "DefaultMemoryMin",
3677 "MemoryLow",
3678 "MemoryMin"))
db2b8d2e 3679 bytes = CGROUP_LIMIT_MIN;
67e2baff 3680 else if (!isempty(rvalue) && !streq(rvalue, "infinity")) {
875ae566 3681
fe845b5e 3682 r = parse_permyriad(rvalue);
875ae566
LP		 3683 if (r < 0) {
3684 r = parse_size(rvalue, 1024, &bytes);
3685 if (r < 0) {
323dda78 3686 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid memory limit '%s', ignoring: %m", rvalue);
875ae566
LP		 3687 return 0;
3688 }
3689 } else
fe845b5e 3690 bytes = physical_memory_scale(r, 10000U);
875ae566 3691
906bdbf5 3692 if (bytes >= UINT64_MAX ||
22bf131b 3693 (bytes <= 0 && !STR_IN_SET(lvalue, "MemorySwapMax", "MemoryLow", "MemoryMin", "DefaultMemoryLow", "DefaultMemoryMin"))) {
323dda78 3694 log_syntax(unit, LOG_WARNING, filename, line, 0, "Memory limit '%s' out of range, ignoring.", rvalue);
da4d897e
TH		 3695 return 0;
3696 }
4ad49000
LP		 3697 }
3698
c52db42b 3699 if (streq(lvalue, "DefaultMemoryLow")) {
db2b8d2e 3700 c->default_memory_low = bytes;
c52db42b 3701 c->default_memory_low_set = true;
7ad5439e 3702 } else if (streq(lvalue, "DefaultMemoryMin")) {
db2b8d2e 3703 c->default_memory_min = bytes;
7ad5439e 3704 c->default_memory_min_set = true;
7ad5439e 3705 } else if (streq(lvalue, "MemoryMin")) {
48422635 3706 c->memory_min = bytes;
311a0e2e 3707 c->memory_min_set = true;
7ad5439e 3708 } else if (streq(lvalue, "MemoryLow")) {
da4d897e 3709 c->memory_low = bytes;
311a0e2e 3710 c->memory_low_set = true;
c52db42b 3711 } else if (streq(lvalue, "MemoryHigh"))
da4d897e
TH		 3712 c->memory_high = bytes;
3713 else if (streq(lvalue, "MemoryMax"))
3714 c->memory_max = bytes;
96e131ea
WC		 3715 else if (streq(lvalue, "MemorySwapMax"))
3716 c->memory_swap_max = bytes;
3717 else if (streq(lvalue, "MemoryLimit"))
da4d897e 3718 c->memory_limit = bytes;
96e131ea
WC		 3719 else
3720 return -EINVAL;
4ad49000 3721
4ad49000
LP		 3722 return 0;
3723}
3724
03a7b521
LP		 3725int config_parse_tasks_max(
3726 const char *unit,
3727 const char *filename,
3728 unsigned line,
3729 const char *section,
3730 unsigned section_line,
3731 const char *lvalue,
3732 int ltype,
3733 const char *rvalue,
3734 void *data,
3735 void *userdata) {
3736
47538b76 3737 const Unit *u = userdata;
3a0f06c4
ZJS		 3738 TasksMax *tasks_max = data;
3739 uint64_t v;
03a7b521
LP		 3740 int r;
3741
f5058264 3742 if (isempty(rvalue)) {
3a0f06c4 3743 *tasks_max = u ? u->manager->default_tasks_max : TASKS_MAX_UNSET;
f5058264
TH		 3744 return 0;
3745 }
3746
3747 if (streq(rvalue, "infinity")) {
3a0f06c4 3748 *tasks_max = TASKS_MAX_UNSET;
03a7b521
LP		 3749 return 0;
3750 }
3751
fe845b5e 3752 r = parse_permyriad(rvalue);
3a0f06c4 3753 if (r >= 0)
fe845b5e 3754 *tasks_max = (TasksMax) { r, 10000U }; /* r‱ */
3a0f06c4 3755 else {
f5058264 3756 r = safe_atou64(rvalue, &v);
83f8e808 3757 if (r < 0) {
323dda78 3758 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid maximum tasks value '%s', ignoring: %m", rvalue);
83f8e808
LP		 3759 return 0;
3760 }
83f8e808 3761
3a0f06c4 3762 if (v <= 0 || v >= UINT64_MAX) {
323dda78 3763 log_syntax(unit, LOG_WARNING, filename, line, 0, "Maximum tasks value '%s' out of range, ignoring.", rvalue);
3a0f06c4
ZJS		 3764 return 0;
3765 }
3766
3767 *tasks_max = (TasksMax) { v };
03a7b521
LP		 3768 }
3769
3770 return 0;
3771}
3772
02638280
LP		 3773int config_parse_delegate(
3774 const char *unit,
3775 const char *filename,
3776 unsigned line,
3777 const char *section,
3778 unsigned section_line,
3779 const char *lvalue,
3780 int ltype,
3781 const char *rvalue,
3782 void *data,
3783 void *userdata) {
3784
3785 CGroupContext *c = data;
ecae73d7 3786 UnitType t;
02638280
LP		 3787 int r;
3788
ecae73d7
ZJS		 3789 t = unit_name_to_type(unit);
3790 assert(t != _UNIT_TYPE_INVALID);
3791
3792 if (!unit_vtable[t]->can_delegate) {
323dda78 3793 log_syntax(unit, LOG_WARNING, filename, line, 0, "Delegate= setting not supported for this unit type, ignoring.");
ecae73d7
ZJS		 3794 return 0;
3795 }
3796
02638280
LP		 3797 /* We either accept a boolean value, which may be used to turn on delegation for all controllers, or turn it
3798 * off for all. Or it takes a list of controller names, in which case we add the specified controllers to the
3799 * mask to delegate. */
3800
1bdfc7b9 3801 if (isempty(rvalue)) {
d48013f8
YW		 3802 /* An empty string resets controllers and set Delegate=yes. */
3803 c->delegate = true;
1bdfc7b9
YW		 3804 c->delegate_controllers = 0;
3805 return 0;
3806 }
3807
02638280
LP		 3808 r = parse_boolean(rvalue);
3809 if (r < 0) {
02638280
LP		 3810 CGroupMask mask = 0;
3811
323dda78 3812 for (const char *p = rvalue;;) {
02638280
LP		 3813 _cleanup_free_ char *word = NULL;
3814 CGroupController cc;
3815
4ec85141 3816 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
02638280
LP		 3817 if (r == -ENOMEM)
3818 return log_oom();
3819 if (r < 0) {
323dda78 3820 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
ff1b8455 3821 return 0;
02638280 3822 }
a687f500
ZJS		 3823 if (r == 0)
3824 break;
02638280
LP		 3825
3826 cc = cgroup_controller_from_string(word);
3827 if (cc < 0) {
323dda78 3828 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid controller name '%s', ignoring", word);
02638280
LP		 3829 continue;
3830 }
3831
3832 mask |= CGROUP_CONTROLLER_TO_MASK(cc);
3833 }
3834
3835 c->delegate = true;
3836 c->delegate_controllers |= mask;
3837
3838 } else if (r > 0) {
3839 c->delegate = true;
3840 c->delegate_controllers = _CGROUP_MASK_ALL;
3841 } else {
3842 c->delegate = false;
3843 c->delegate_controllers = 0;
3844 }
3845
3846 return 0;
3847}
3848
4d824a4e
AZ		 3849int config_parse_managed_oom_mode(
3850 const char *unit,
3851 const char *filename,
3852 unsigned line,
3853 const char *section,
3854 unsigned section_line,
3855 const char *lvalue,
3856 int ltype,
3857 const char *rvalue,
3858 void *data,
3859 void *userdata) {
ed5033fd 3860
4d824a4e
AZ		 3861 ManagedOOMMode *mode = data, m;
3862 UnitType t;
3863
3864 t = unit_name_to_type(unit);
3865 assert(t != _UNIT_TYPE_INVALID);
3866
3867 if (!unit_vtable[t]->can_set_managed_oom)
3868 return log_syntax(unit, LOG_WARNING, filename, line, 0, "%s= is not supported for this unit type, ignoring.", lvalue);
3869
3870 if (isempty(rvalue)) {
3871 *mode = MANAGED_OOM_AUTO;
f561e8c6 3872 return 0;
4d824a4e
AZ		 3873 }
3874
3875 m = managed_oom_mode_from_string(rvalue);
3876 if (m < 0) {
b98680b2 3877 log_syntax(unit, LOG_WARNING, filename, line, m, "Invalid syntax, ignoring: %s", rvalue);
4d824a4e
AZ		 3878 return 0;
3879 }
ed5033fd 3880
4d824a4e
AZ		 3881 *mode = m;
3882 return 0;
3883}
3884
3885int config_parse_managed_oom_mem_pressure_limit(
3886 const char *unit,
3887 const char *filename,
3888 unsigned line,
3889 const char *section,
3890 unsigned section_line,
3891 const char *lvalue,
3892 int ltype,
3893 const char *rvalue,
3894 void *data,
3895 void *userdata) {
ed5033fd 3896
0a9f9344 3897 uint32_t *limit = data;
4d824a4e
AZ		 3898 UnitType t;
3899 int r;
3900
3901 t = unit_name_to_type(unit);
3902 assert(t != _UNIT_TYPE_INVALID);
3903
3904 if (!unit_vtable[t]->can_set_managed_oom)
3905 return log_syntax(unit, LOG_WARNING, filename, line, 0, "%s= is not supported for this unit type, ignoring.", lvalue);
3906
3907 if (isempty(rvalue)) {
f561e8c6
AZ		 3908 *limit = 0;
3909 return 0;
4d824a4e
AZ		 3910 }
3911
0a9f9344 3912 r = parse_permyriad(rvalue);
4d824a4e 3913 if (r < 0) {
0a9f9344 3914 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse memory pressure limit value, ignoring: %s", rvalue);
4d824a4e
AZ		 3915 return 0;
3916 }
3917
d9d3f05d
LP		 3918 /* Normalize to 2^32-1 == 100% */
3919 *limit = UINT32_SCALE_FROM_PERMYRIAD(r);
4d824a4e
AZ		 3920 return 0;
3921}
3922
4ad49000
LP		 3923int config_parse_device_allow(
3924 const char *unit,
3925 const char *filename,
3926 unsigned line,
3927 const char *section,
71a61510 3928 unsigned section_line,
4ad49000
LP		 3929 const char *lvalue,
3930 int ltype,
3931 const char *rvalue,
3932 void *data,
3933 void *userdata) {
3934
c9f620bf 3935 _cleanup_free_ char *path = NULL, *resolved = NULL;
4ad49000 3936 CGroupContext *c = data;
c9f620bf 3937 const char *p = rvalue;
1116e14c 3938 int r;
4ad49000
LP		 3939
3940 if (isempty(rvalue)) {
3941 while (c->device_allow)
3942 cgroup_context_free_device_allow(c, c->device_allow);
3943
3944 return 0;
3945 }
3946
4ec85141 3947 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
c9f620bf
YW		 3948 if (r == -ENOMEM)
3949 return log_oom();
a687f500 3950 if (r <= 0) {
1116e14c 3951 log_syntax(unit, LOG_WARNING, filename, line, r,
c9f620bf 3952 "Failed to extract device path and rights from '%s', ignoring.", rvalue);
20d52ab6 3953 return 0;
1116e14c
NBS		 3954 }
3955
06536492 3956 r = unit_path_printf(userdata, path, &resolved);
c9f620bf
YW		 3957 if (r < 0) {
3958 log_syntax(unit, LOG_WARNING, filename, line, r,
3959 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4ad49000
LP		 3960 return 0;
3961 }
3962
49fe5c09 3963 if (!STARTSWITH_SET(resolved, "block-", "char-")) {
2f4d31c1 3964
57e84e75
LP		 3965 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3966 if (r < 0)
3967 return 0;
3968
3969 if (!valid_device_node_path(resolved)) {
323dda78 3970 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid device node path '%s', ignoring.", resolved);
57e84e75
LP		 3971 return 0;
3972 }
c9f620bf 3973 }
4ad49000 3974
c9f620bf 3975 if (!isempty(p) && !in_charset(p, "rwm")) {
323dda78 3976 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid device rights '%s', ignoring.", p);
4ad49000
LP		 3977 return 0;
3978 }
3979
fd870bac 3980 return cgroup_add_device_allow(c, resolved, p);
4ad49000
LP		 3981}
3982
13c31542
TH		 3983int config_parse_io_device_weight(
3984 const char *unit,
3985 const char *filename,
3986 unsigned line,
3987 const char *section,
3988 unsigned section_line,
3989 const char *lvalue,
3990 int ltype,
3991 const char *rvalue,
3992 void *data,
3993 void *userdata) {
3994
c9f620bf 3995 _cleanup_free_ char *path = NULL, *resolved = NULL;
13c31542
TH		 3996 CGroupIODeviceWeight *w;
3997 CGroupContext *c = data;
c9f620bf 3998 const char *p = rvalue;
13c31542 3999 uint64_t u;
13c31542
TH		 4000 int r;
4001
4002 assert(filename);
4003 assert(lvalue);
4004 assert(rvalue);
4005
4006 if (isempty(rvalue)) {
4007 while (c->io_device_weights)
4008 cgroup_context_free_io_device_weight(c, c->io_device_weights);
4009
4010 return 0;
4011 }
4012
4ec85141 4013 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
c9f620bf
YW		 4014 if (r == -ENOMEM)
4015 return log_oom();
a687f500 4016 if (r <= 0 || isempty(p)) {
c9f620bf 4017 log_syntax(unit, LOG_WARNING, filename, line, r,
c9f620bf 4018 "Failed to extract device path and weight from '%s', ignoring.", rvalue);
13c31542
TH		 4019 return 0;
4020 }
4021
06536492 4022 r = unit_path_printf(userdata, path, &resolved);
c9f620bf
YW		 4023 if (r < 0) {
4024 log_syntax(unit, LOG_WARNING, filename, line, r,
4025 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4026 return 0;
4027 }
13c31542 4028
2f4d31c1
YW		 4029 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4030 if (r < 0)
4031 return 0;
4032
c9f620bf 4033 r = cg_weight_parse(p, &u);
13c31542 4034 if (r < 0) {
323dda78 4035 log_syntax(unit, LOG_WARNING, filename, line, r, "IO weight '%s' invalid, ignoring: %m", p);
13c31542
TH		 4036 return 0;
4037 }
4038
4039 assert(u != CGROUP_WEIGHT_INVALID);
4040
4041 w = new0(CGroupIODeviceWeight, 1);
4042 if (!w)
4043 return log_oom();
4044
c9f620bf 4045 w->path = TAKE_PTR(resolved);
13c31542
TH		 4046 w->weight = u;
4047
4048 LIST_PREPEND(device_weights, c->io_device_weights, w);
4049 return 0;
4050}
4051
6ae4283c
TH		 4052int config_parse_io_device_latency(
4053 const char *unit,
4054 const char *filename,
4055 unsigned line,
4056 const char *section,
4057 unsigned section_line,
4058 const char *lvalue,
4059 int ltype,
4060 const char *rvalue,
4061 void *data,
4062 void *userdata) {
4063
4064 _cleanup_free_ char *path = NULL, *resolved = NULL;
4065 CGroupIODeviceLatency *l;
4066 CGroupContext *c = data;
4067 const char *p = rvalue;
4068 usec_t usec;
4069 int r;
4070
4071 assert(filename);
4072 assert(lvalue);
4073 assert(rvalue);
4074
4075 if (isempty(rvalue)) {
4076 while (c->io_device_latencies)
4077 cgroup_context_free_io_device_latency(c, c->io_device_latencies);
4078
4079 return 0;
4080 }
4081
4ec85141 4082 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
6ae4283c
TH		 4083 if (r == -ENOMEM)
4084 return log_oom();
a687f500 4085 if (r <= 0 || isempty(p)) {
6ae4283c 4086 log_syntax(unit, LOG_WARNING, filename, line, r,
6ae4283c
TH		 4087 "Failed to extract device path and latency from '%s', ignoring.", rvalue);
4088 return 0;
4089 }
4090
06536492 4091 r = unit_path_printf(userdata, path, &resolved);
6ae4283c
TH		 4092 if (r < 0) {
4093 log_syntax(unit, LOG_WARNING, filename, line, r,
4094 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4095 return 0;
4096 }
4097
4098 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4099 if (r < 0)
4100 return 0;
4101
323dda78
YW		 4102 r = parse_sec(p, &usec);
4103 if (r < 0) {
4104 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse timer value, ignoring: %s", p);
6ae4283c
TH		 4105 return 0;
4106 }
4107
4108 l = new0(CGroupIODeviceLatency, 1);
4109 if (!l)
4110 return log_oom();
4111
4112 l->path = TAKE_PTR(resolved);
4113 l->target_usec = usec;
4114
4115 LIST_PREPEND(device_latencies, c->io_device_latencies, l);
4116 return 0;
4117}
4118
13c31542
TH		 4119int config_parse_io_limit(
4120 const char *unit,
4121 const char *filename,
4122 unsigned line,
4123 const char *section,
4124 unsigned section_line,
4125 const char *lvalue,
4126 int ltype,
4127 const char *rvalue,
4128 void *data,
4129 void *userdata) {
4130
c9f620bf 4131 _cleanup_free_ char *path = NULL, *resolved = NULL;
13c31542
TH		 4132 CGroupIODeviceLimit *l = NULL, *t;
4133 CGroupContext *c = data;
9be57249 4134 CGroupIOLimitType type;
c9f620bf 4135 const char *p = rvalue;
13c31542 4136 uint64_t num;
13c31542
TH		 4137 int r;
4138
4139 assert(filename);
4140 assert(lvalue);
4141 assert(rvalue);
4142
9be57249
TH		 4143 type = cgroup_io_limit_type_from_string(lvalue);
4144 assert(type >= 0);
13c31542
TH		 4145
4146 if (isempty(rvalue)) {
4147 LIST_FOREACH(device_limits, l, c->io_device_limits)
9be57249 4148 l->limits[type] = cgroup_io_limit_defaults[type];
13c31542
TH		 4149 return 0;
4150 }
4151
4ec85141 4152 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
c9f620bf
YW		 4153 if (r == -ENOMEM)
4154 return log_oom();
a687f500 4155 if (r <= 0 || isempty(p)) {
c9f620bf 4156 log_syntax(unit, LOG_WARNING, filename, line, r,
c9f620bf 4157 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue);
13c31542
TH		 4158 return 0;
4159 }
4160
06536492 4161 r = unit_path_printf(userdata, path, &resolved);
c9f620bf
YW		 4162 if (r < 0) {
4163 log_syntax(unit, LOG_WARNING, filename, line, r,
4164 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4165 return 0;
4166 }
13c31542 4167
2f4d31c1
YW		 4168 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4169 if (r < 0)
4170 return 0;
4171
9d5e9b4a 4172 if (streq("infinity", p))
13c31542 4173 num = CGROUP_LIMIT_MAX;
9d5e9b4a 4174 else {
c9f620bf 4175 r = parse_size(p, 1000, &num);
13c31542 4176 if (r < 0 || num <= 0) {
323dda78 4177 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid IO limit '%s', ignoring.", p);
13c31542
TH		 4178 return 0;
4179 }
4180 }
4181
4182 LIST_FOREACH(device_limits, t, c->io_device_limits) {
c9f620bf 4183 if (path_equal(resolved, t->path)) {
13c31542
TH		 4184 l = t;
4185 break;
4186 }
4187 }
4188
4189 if (!l) {
9be57249
TH		 4190 CGroupIOLimitType ttype;
4191
13c31542
TH		 4192 l = new0(CGroupIODeviceLimit, 1);
4193 if (!l)
4194 return log_oom();
4195
c9f620bf 4196 l->path = TAKE_PTR(resolved);
9be57249
TH		 4197 for (ttype = 0; ttype < _CGROUP_IO_LIMIT_TYPE_MAX; ttype++)
4198 l->limits[ttype] = cgroup_io_limit_defaults[ttype];
13c31542
TH		 4199
4200 LIST_PREPEND(device_limits, c->io_device_limits, l);
4201 }
4202
9be57249 4203 l->limits[type] = num;
13c31542
TH		 4204
4205 return 0;
4206}
4207
8e7076ca
LP		 4208int config_parse_blockio_device_weight(
4209 const char *unit,
4210 const char *filename,
4211 unsigned line,
4212 const char *section,
71a61510 4213 unsigned section_line,
8e7076ca
LP		 4214 const char *lvalue,
4215 int ltype,
4216 const char *rvalue,
4217 void *data,
4218 void *userdata) {
4219
c9f620bf 4220 _cleanup_free_ char *path = NULL, *resolved = NULL;
8e7076ca 4221 CGroupBlockIODeviceWeight *w;
4ad49000 4222 CGroupContext *c = data;
c9f620bf 4223 const char *p = rvalue;
d53d9474 4224 uint64_t u;
4ad49000
LP		 4225 int r;
4226
4227 assert(filename);
4228 assert(lvalue);
4229 assert(rvalue);
4230
4231 if (isempty(rvalue)) {
4ad49000
LP		 4232 while (c->blockio_device_weights)
4233 cgroup_context_free_blockio_device_weight(c, c->blockio_device_weights);
4234
4235 return 0;
4236 }
4237
4ec85141 4238 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
c9f620bf
YW		 4239 if (r == -ENOMEM)
4240 return log_oom();
a687f500 4241 if (r <= 0 || isempty(p)) {
c9f620bf 4242 log_syntax(unit, LOG_WARNING, filename, line, r,
c9f620bf 4243 "Failed to extract device node and weight from '%s', ignoring.", rvalue);
8e7076ca
LP		 4244 return 0;
4245 }
4ad49000 4246
06536492 4247 r = unit_path_printf(userdata, path, &resolved);
c9f620bf
YW		 4248 if (r < 0) {
4249 log_syntax(unit, LOG_WARNING, filename, line, r,
4250 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4251 return 0;
4252 }
4ad49000 4253
2f4d31c1
YW		 4254 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4255 if (r < 0)
4256 return 0;
4257
c9f620bf 4258 r = cg_blkio_weight_parse(p, &u);
d53d9474 4259 if (r < 0) {
323dda78 4260 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid block IO weight '%s', ignoring: %m", p);
4ad49000
LP		 4261 return 0;
4262 }
4263
d53d9474
LP		 4264 assert(u != CGROUP_BLKIO_WEIGHT_INVALID);
4265
8e7076ca
LP		 4266 w = new0(CGroupBlockIODeviceWeight, 1);
4267 if (!w)
4268 return log_oom();
4ad49000 4269
c9f620bf 4270 w->path = TAKE_PTR(resolved);
d53d9474 4271 w->weight = u;
4ad49000 4272
71fda00f 4273 LIST_PREPEND(device_weights, c->blockio_device_weights, w);
4ad49000
LP		 4274 return 0;
4275}
4276
4277int config_parse_blockio_bandwidth(
4278 const char *unit,
4279 const char *filename,
4280 unsigned line,
4281 const char *section,
71a61510 4282 unsigned section_line,
4ad49000
LP		 4283 const char *lvalue,
4284 int ltype,
4285 const char *rvalue,
4286 void *data,
4287 void *userdata) {
4288
c9f620bf 4289 _cleanup_free_ char *path = NULL, *resolved = NULL;
979d0311 4290 CGroupBlockIODeviceBandwidth *b = NULL, *t;
4ad49000 4291 CGroupContext *c = data;
c9f620bf 4292 const char *p = rvalue;
59f448cf 4293 uint64_t bytes;
47c0980d 4294 bool read;
4ad49000
LP		 4295 int r;
4296
4297 assert(filename);
4298 assert(lvalue);
4299 assert(rvalue);
4300
47c0980d
G		 4301 read = streq("BlockIOReadBandwidth", lvalue);
4302
4ad49000 4303 if (isempty(rvalue)) {
979d0311
TH		 4304 LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths) {
4305 b->rbps = CGROUP_LIMIT_MAX;
4306 b->wbps = CGROUP_LIMIT_MAX;
4307 }
4ad49000
LP		 4308 return 0;
4309 }
4310
4ec85141 4311 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
c9f620bf
YW		 4312 if (r == -ENOMEM)
4313 return log_oom();
a687f500 4314 if (r <= 0 || isempty(p)) {
c9f620bf 4315 log_syntax(unit, LOG_WARNING, filename, line, r,
c9f620bf 4316 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue);
4ad49000
LP		 4317 return 0;
4318 }
4319
06536492 4320 r = unit_path_printf(userdata, path, &resolved);
c9f620bf
YW		 4321 if (r < 0) {
4322 log_syntax(unit, LOG_WARNING, filename, line, r,
4323 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4324 return 0;
4325 }
4ad49000 4326
2f4d31c1
YW		 4327 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4328 if (r < 0)
4329 return 0;
4330
c9f620bf 4331 r = parse_size(p, 1000, &bytes);
4ad49000 4332 if (r < 0 || bytes <= 0) {
323dda78 4333 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid Block IO Bandwidth '%s', ignoring.", p);
4ad49000
LP		 4334 return 0;
4335 }
4336
979d0311 4337 LIST_FOREACH(device_bandwidths, t, c->blockio_device_bandwidths) {
c9f620bf 4338 if (path_equal(resolved, t->path)) {
979d0311
TH		 4339 b = t;
4340 break;
4341 }
4342 }
4ad49000 4343
979d0311
TH		 4344 if (!t) {
4345 b = new0(CGroupBlockIODeviceBandwidth, 1);
4346 if (!b)
4347 return log_oom();
4348
c9f620bf 4349 b->path = TAKE_PTR(resolved);
979d0311
TH		 4350 b->rbps = CGROUP_LIMIT_MAX;
4351 b->wbps = CGROUP_LIMIT_MAX;
4352
4353 LIST_PREPEND(device_bandwidths, c->blockio_device_bandwidths, b);
4354 }
4ad49000 4355
979d0311
TH		 4356 if (read)
4357 b->rbps = bytes;
4358 else
4359 b->wbps = bytes;
4ad49000
LP		 4360
4361 return 0;
4362}
4363
d420282b
LP		 4364int config_parse_job_mode_isolate(
4365 const char *unit,
4366 const char *filename,
4367 unsigned line,
4368 const char *section,
4369 unsigned section_line,
4370 const char *lvalue,
4371 int ltype,
4372 const char *rvalue,
4373 void *data,
4374 void *userdata) {
4375
4376 JobMode *m = data;
4377 int r;
4378
4379 assert(filename);
4380 assert(lvalue);
4381 assert(rvalue);
4382
4383 r = parse_boolean(rvalue);
4384 if (r < 0) {
323dda78 4385 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse boolean, ignoring: %s", rvalue);
d420282b
LP		 4386 return 0;
4387 }
4388
8ab39347
YW		 4389 log_notice("%s is deprecated. Please use OnFailureJobMode= instead", lvalue);
4390
d420282b
LP		 4391 *m = r ? JOB_ISOLATE : JOB_REPLACE;
4392 return 0;
4393}
4394
3536f49e 4395int config_parse_exec_directories(
e66cf1a3
LP		 4396 const char *unit,
4397 const char *filename,
4398 unsigned line,
4399 const char *section,
4400 unsigned section_line,
4401 const char *lvalue,
4402 int ltype,
4403 const char *rvalue,
4404 void *data,
4405 void *userdata) {
4406
a2a5291b 4407 char***rt = data;
47538b76 4408 const Unit *u = userdata;
e66cf1a3
LP		 4409 int r;
4410
4411 assert(filename);
4412 assert(lvalue);
4413 assert(rvalue);
4414 assert(data);
4415
4416 if (isempty(rvalue)) {
4417 /* Empty assignment resets the list */
6796073e 4418 *rt = strv_free(*rt);
e66cf1a3
LP		 4419 return 0;
4420 }
4421
323dda78 4422 for (const char *p = rvalue;;) {
035fe294 4423 _cleanup_free_ char *word = NULL, *k = NULL;
e66cf1a3 4424
4ec85141 4425 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
035fe294 4426 if (r == -ENOMEM)
e66cf1a3 4427 return log_oom();
035fe294
ZJS		 4428 if (r < 0) {
4429 log_syntax(unit, LOG_WARNING, filename, line, r,
4430 "Invalid syntax, ignoring: %s", rvalue);
4431 return 0;
4432 }
091e9efe
LP		 4433 if (r == 0)
4434 return 0;
e66cf1a3 4435
06536492 4436 r = unit_path_printf(u, word, &k);
9b5864d9 4437 if (r < 0) {
330f8990 4438 log_syntax(unit, LOG_WARNING, filename, line, r,
063c4b1a 4439 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word);
9b5864d9
MG		 4440 continue;
4441 }
4442
2f4d31c1
YW		 4443 r = path_simplify_and_warn(k, PATH_CHECK_RELATIVE, unit, filename, line, lvalue);
4444 if (r < 0)
e8865688 4445 continue;
e8865688
LP		 4446
4447 if (path_startswith(k, "private")) {
330f8990 4448 log_syntax(unit, LOG_WARNING, filename, line, 0,
4605de11 4449 "%s= path can't be 'private', ignoring assignment: %s", lvalue, word);
e66cf1a3
LP		 4450 continue;
4451 }
4452
035fe294 4453 r = strv_push(rt, k);
e66cf1a3
LP		 4454 if (r < 0)
4455 return log_oom();
035fe294 4456 k = NULL;
e66cf1a3 4457 }
e66cf1a3
LP		 4458}
4459
bb0c0d6f
LP		 4460int config_parse_set_credential(
4461 const char *unit,
4462 const char *filename,
4463 unsigned line,
4464 const char *section,
4465 unsigned section_line,
4466 const char *lvalue,
4467 int ltype,
4468 const char *rvalue,
4469 void *data,
4470 void *userdata) {
4471
4472 _cleanup_free_ char *word = NULL, *k = NULL, *unescaped = NULL;
4473 ExecContext *context = data;
4474 ExecSetCredential *old;
4475 Unit *u = userdata;
4476 const char *p;
4477 int r, l;
4478
4479 assert(filename);
4480 assert(lvalue);
4481 assert(rvalue);
4482 assert(context);
4483
4484 if (isempty(rvalue)) {
4485 /* Empty assignment resets the list */
4486 context->set_credentials = hashmap_free(context->set_credentials);
4487 return 0;
4488 }
4489
4490 p = rvalue;
4491 r = extract_first_word(&p, &word, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
4492 if (r == -ENOMEM)
4493 return log_oom();
4494 if (r <= 0 || !p) {
4495 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
4496 return 0;
4497 }
4498
06536492 4499 r = unit_cred_printf(u, word, &k);
bb0c0d6f
LP		 4500 if (r < 0) {
4501 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word);
4502 return 0;
4503 }
4504 if (!credential_name_valid(k)) {
4505 log_syntax(unit, LOG_WARNING, filename, line, 0, "Credential name \"%s\" not valid, ignoring.", k);
4506 return 0;
4507 }
4508
4509 /* We support escape codes here, so that users can insert trailing \n if they like */
4510 l = cunescape(p, UNESCAPE_ACCEPT_NUL, &unescaped);
4511 if (l < 0) {
4512 log_syntax(unit, LOG_WARNING, filename, line, l, "Can't unescape \"%s\", ignoring: %m", p);
4513 return 0;
4514 }
4515
4516 old = hashmap_get(context->set_credentials, k);
4517 if (old) {
4518 free_and_replace(old->data, unescaped);
4519 old->size = l;
4520 } else {
4521 _cleanup_(exec_set_credential_freep) ExecSetCredential *sc = NULL;
4522
4523 sc = new0(ExecSetCredential, 1);
4524 if (!sc)
4525 return log_oom();
4526
4527 sc->id = TAKE_PTR(k);
4528 sc->data = TAKE_PTR(unescaped);
4529 sc->size = l;
4530
f85f5f0d
SS		 4531 r = hashmap_ensure_put(&context->set_credentials, &exec_set_credential_hash_ops, sc->id, sc);
4532 if (r == -ENOMEM)
4533 return log_oom();
2400743e
YW		 4534 if (r < 0) {
4535 log_syntax(unit, LOG_WARNING, filename, line, l,
4536 "Duplicated credential value '%s', ignoring assignment: %s", sc->id, rvalue);
4537 return 0;
4538 }
bb0c0d6f 4539
bb0c0d6f
LP		 4540 TAKE_PTR(sc);
4541 }
4542
4543 return 0;
4544}
4545
4546int config_parse_load_credential(
4547 const char *unit,
4548 const char *filename,
4549 unsigned line,
4550 const char *section,
4551 unsigned section_line,
4552 const char *lvalue,
4553 int ltype,
4554 const char *rvalue,
4555 void *data,
4556 void *userdata) {
4557
4558 _cleanup_free_ char *word = NULL, *k = NULL, *q = NULL;
4559 ExecContext *context = data;
4560 Unit *u = userdata;
4561 const char *p;
4562 int r;
4563
4564 assert(filename);
4565 assert(lvalue);
4566 assert(rvalue);
4567 assert(context);
4568
4569 if (isempty(rvalue)) {
4570 /* Empty assignment resets the list */
4571 context->load_credentials = strv_free(context->load_credentials);
4572 return 0;
4573 }
4574
4575 p = rvalue;
4576 r = extract_first_word(&p, &word, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
4577 if (r == -ENOMEM)
4578 return log_oom();
4579 if (r <= 0) {
4580 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
4581 return 0;
4582 }
4583
06536492 4584 r = unit_cred_printf(u, word, &k);
bb0c0d6f
LP		 4585 if (r < 0) {
4586 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word);
4587 return 0;
4588 }
4589 if (!credential_name_valid(k)) {
4590 log_syntax(unit, LOG_WARNING, filename, line, 0, "Credential name \"%s\" not valid, ignoring.", k);
4591 return 0;
4592 }
8a29862e
LP		 4593
4594 if (isempty(p)) {
4595 /* If only one field field is specified take it as shortcut for inheriting a credential named
4596 * the same way from our parent */
4597 q = strdup(k);
4598 if (!q)
4599 return log_oom();
4600 } else {
06536492 4601 r = unit_path_printf(u, p, &q);
8a29862e
LP		 4602 if (r < 0) {
4603 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", p);
4604 return 0;
4605 }
4606 if (path_is_absolute(q) ? !path_is_normalized(q) : !credential_name_valid(q)) {
4607 log_syntax(unit, LOG_WARNING, filename, line, r, "Credential source \"%s\" not valid, ignoring.", q);
4608 return 0;
4609 }
bb0c0d6f
LP		 4610 }
4611
4612 r = strv_consume_pair(&context->load_credentials, TAKE_PTR(k), TAKE_PTR(q));
4613 if (r < 0)
4614 return log_oom();
4615
4616 return 0;
4617}
4618
3af00fb8
LP		 4619int config_parse_set_status(
4620 const char *unit,
4621 const char *filename,
4622 unsigned line,
4623 const char *section,
4624 unsigned section_line,
4625 const char *lvalue,
4626 int ltype,
4627 const char *rvalue,
4628 void *data,
4629 void *userdata) {
4630
3af00fb8 4631 ExitStatusSet *status_set = data;
7896ad8f 4632 int r;
3af00fb8
LP		 4633
4634 assert(filename);
4635 assert(lvalue);
4636 assert(rvalue);
7896ad8f 4637 assert(status_set);
3af00fb8 4638
3e2d435b 4639 /* Empty assignment resets the list */
3af00fb8 4640 if (isempty(rvalue)) {
3e2d435b 4641 exit_status_set_free(status_set);
3af00fb8
LP		 4642 return 0;
4643 }
4644
7896ad8f
ZJS		 4645 for (const char *p = rvalue;;) {
4646 _cleanup_free_ char *word = NULL;
23d5dd16 4647 Bitmap *bitmap;
3af00fb8 4648
7896ad8f 4649 r = extract_first_word(&p, &word, NULL, 0);
323dda78
YW		 4650 if (r == -ENOMEM)
4651 return log_oom();
4652 if (r < 0) {
4653 log_syntax(unit, LOG_WARNING, filename, line, r,
4654 "Failed to parse %s=%s, ignoring: %m", lvalue, rvalue);
4655 return 0;
4656 }
7896ad8f
ZJS		 4657 if (r == 0)
4658 return 0;
3af00fb8 4659
2e2ed880
ZJS		 4660 /* We need to call exit_status_from_string() first, because we want
4661 * to parse numbers as exit statuses, not signals. */
3af00fb8 4662
7896ad8f 4663 r = exit_status_from_string(word);
2e2ed880
ZJS		 4664 if (r >= 0) {
4665 assert(r >= 0 && r < 256);
4666 bitmap = &status_set->status;
3af00fb8 4667 } else {
7896ad8f
ZJS		 4668 r = signal_from_string(word);
4669 if (r < 0) {
b98680b2 4670 log_syntax(unit, LOG_WARNING, filename, line, r,
2e2ed880 4671 "Failed to parse value, ignoring: %s", word);
1e2fd62d 4672 continue;
3af00fb8 4673 }
2e2ed880 4674 bitmap = &status_set->signal;
3af00fb8 4675 }
1e2fd62d 4676
2e2ed880 4677 r = bitmap_set(bitmap, r);
063c4b1a 4678 if (r < 0)
323dda78
YW		 4679 log_syntax(unit, LOG_WARNING, filename, line, r,
4680 "Failed to set signal or status %s, ignoring: %m", word);
3af00fb8 4681 }
3af00fb8
LP		 4682}
4683
94828d2d
LP		 4684int config_parse_namespace_path_strv(
4685 const char *unit,
4686 const char *filename,
4687 unsigned line,
4688 const char *section,
4689 unsigned section_line,
4690 const char *lvalue,
4691 int ltype,
4692 const char *rvalue,
4693 void *data,
4694 void *userdata) {
4695
47538b76 4696 const Unit *u = userdata;
a2a5291b 4697 char*** sv = data;
94828d2d
LP		 4698 int r;
4699
4700 assert(filename);
4701 assert(lvalue);
4702 assert(rvalue);
4703 assert(data);
4704
4705 if (isempty(rvalue)) {
4706 /* Empty assignment resets the list */
6796073e 4707 *sv = strv_free(*sv);
94828d2d
LP		 4708 return 0;
4709 }
4710
323dda78 4711 for (const char *p = rvalue;;) {
7b07e993 4712 _cleanup_free_ char *word = NULL, *resolved = NULL, *joined = NULL;
20b7a007
LP		 4713 const char *w;
4714 bool ignore_enoent = false, shall_prefix = false;
94828d2d 4715
4ec85141 4716 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
0293a7a8
EV		 4717 if (r == -ENOMEM)
4718 return log_oom();
727f76d7 4719 if (r < 0) {
323dda78 4720 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract first word, ignoring: %s", rvalue);
727f76d7
EV		 4721 return 0;
4722 }
a687f500
ZJS		 4723 if (r == 0)
4724 break;
94828d2d 4725
20b7a007
LP		 4726 w = word;
4727 if (startswith(w, "-")) {
4728 ignore_enoent = true;
4729 w++;
4730 }
4731 if (startswith(w, "+")) {
4732 shall_prefix = true;
4733 w++;
4734 }
7b07e993 4735
06536492 4736 r = unit_path_printf(u, w, &resolved);
7b07e993 4737 if (r < 0) {
323dda78 4738 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s: %m", w);
94828d2d
LP		 4739 continue;
4740 }
4741
2f4d31c1
YW		 4742 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4743 if (r < 0)
7b07e993 4744 continue;
94828d2d 4745
20b7a007
LP		 4746 joined = strjoin(ignore_enoent ? "-" : "",
4747 shall_prefix ? "+" : "",
4748 resolved);
7b07e993
LP		 4749
4750 r = strv_push(sv, joined);
94828d2d
LP		 4751 if (r < 0)
4752 return log_oom();
4753
7b07e993 4754 joined = NULL;
94828d2d
LP		 4755 }
4756
4757 return 0;
4758}
4759
2abd4e38
YW		 4760int config_parse_temporary_filesystems(
4761 const char *unit,
4762 const char *filename,
4763 unsigned line,
4764 const char *section,
4765 unsigned section_line,
4766 const char *lvalue,
4767 int ltype,
4768 const char *rvalue,
4769 void *data,
4770 void *userdata) {
4771
47538b76 4772 const Unit *u = userdata;
2abd4e38 4773 ExecContext *c = data;
2abd4e38
YW		 4774 int r;
4775
4776 assert(filename);
4777 assert(lvalue);
4778 assert(rvalue);
4779 assert(data);
4780
4781 if (isempty(rvalue)) {
4782 /* Empty assignment resets the list */
4783 temporary_filesystem_free_many(c->temporary_filesystems, c->n_temporary_filesystems);
4784 c->temporary_filesystems = NULL;
4785 c->n_temporary_filesystems = 0;
4786 return 0;
4787 }
4788
323dda78 4789 for (const char *p = rvalue;;) {
2abd4e38
YW		 4790 _cleanup_free_ char *word = NULL, *path = NULL, *resolved = NULL;
4791 const char *w;
4792
4ec85141 4793 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
2abd4e38
YW		 4794 if (r == -ENOMEM)
4795 return log_oom();
4796 if (r < 0) {
323dda78 4797 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract first word, ignoring: %s", rvalue);
2abd4e38
YW		 4798 return 0;
4799 }
a687f500
ZJS		 4800 if (r == 0)
4801 return 0;
2abd4e38
YW		 4802
4803 w = word;
4804 r = extract_first_word(&w, &path, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
063c4b1a
YW		 4805 if (r == -ENOMEM)
4806 return log_oom();
4807 if (r < 0) {
323dda78 4808 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract first word, ignoring: %s", word);
063c4b1a
YW		 4809 continue;
4810 }
4811 if (r == 0) {
323dda78 4812 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid syntax, ignoring: %s", word);
063c4b1a
YW		 4813 continue;
4814 }
2abd4e38 4815
06536492 4816 r = unit_path_printf(u, path, &resolved);
2abd4e38 4817 if (r < 0) {
323dda78 4818 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", path);
2abd4e38
YW		 4819 continue;
4820 }
4821
2f4d31c1
YW		 4822 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4823 if (r < 0)
2abd4e38 4824 continue;
2abd4e38 4825
a26fec24 4826 r = temporary_filesystem_add(&c->temporary_filesystems, &c->n_temporary_filesystems, resolved, w);
6302d1ea 4827 if (r < 0)
2abd4e38 4828 return log_oom();
2abd4e38 4829 }
2abd4e38
YW		 4830}
4831
d2d6c096
LP		 4832int config_parse_bind_paths(
4833 const char *unit,
4834 const char *filename,
4835 unsigned line,
4836 const char *section,
4837 unsigned section_line,
4838 const char *lvalue,
4839 int ltype,
4840 const char *rvalue,
4841 void *data,
4842 void *userdata) {
4843
4844 ExecContext *c = data;
47538b76 4845 const Unit *u = userdata;
d2d6c096
LP		 4846 int r;
4847
4848 assert(filename);
4849 assert(lvalue);
4850 assert(rvalue);
4851 assert(data);
4852
4853 if (isempty(rvalue)) {
4854 /* Empty assignment resets the list */
4855 bind_mount_free_many(c->bind_mounts, c->n_bind_mounts);
4856 c->bind_mounts = NULL;
4857 c->n_bind_mounts = 0;
4858 return 0;
4859 }
4860
323dda78 4861 for (const char *p = rvalue;;) {
d2d6c096 4862 _cleanup_free_ char *source = NULL, *destination = NULL;
42d43f21 4863 _cleanup_free_ char *sresolved = NULL, *dresolved = NULL;
d2d6c096
LP		 4864 char *s = NULL, *d = NULL;
4865 bool rbind = true, ignore_enoent = false;
4866
4ec85141 4867 r = extract_first_word(&p, &source, ":" WHITESPACE, EXTRACT_UNQUOTE|EXTRACT_DONT_COALESCE_SEPARATORS);
d2d6c096
LP		 4868 if (r == -ENOMEM)
4869 return log_oom();
4870 if (r < 0) {
323dda78 4871 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s, ignoring: %s", lvalue, rvalue);
d2d6c096
LP		 4872 return 0;
4873 }
a687f500
ZJS		 4874 if (r == 0)
4875 break;
d2d6c096 4876
06536492 4877 r = unit_full_printf_full(u, source, PATH_MAX, &sresolved);
42d43f21 4878 if (r < 0) {
323dda78 4879 log_syntax(unit, LOG_WARNING, filename, line, r,
556a7bbe 4880 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", source);
2f4d31c1 4881 continue;
42d43f21
DC		 4882 }
4883
4884 s = sresolved;
d2d6c096
LP		 4885 if (s[0] == '-') {
4886 ignore_enoent = true;
4887 s++;
4888 }
4889
2f4d31c1
YW		 4890 r = path_simplify_and_warn(s, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4891 if (r < 0)
4892 continue;
d2d6c096
LP		 4893
4894 /* Optionally, the destination is specified. */
4895 if (p && p[-1] == ':') {
4ec85141 4896 r = extract_first_word(&p, &destination, ":" WHITESPACE, EXTRACT_UNQUOTE|EXTRACT_DONT_COALESCE_SEPARATORS);
d2d6c096
LP		 4897 if (r == -ENOMEM)
4898 return log_oom();
4899 if (r < 0) {
323dda78 4900 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s, ignoring: %s", lvalue, rvalue);
d2d6c096
LP		 4901 return 0;
4902 }
4903 if (r == 0) {
323dda78 4904 log_syntax(unit, LOG_WARNING, filename, line, 0, "Missing argument after ':', ignoring: %s", s);
2f4d31c1 4905 continue;
d2d6c096
LP		 4906 }
4907
06536492 4908 r = unit_path_printf(u, destination, &dresolved);
42d43f21 4909 if (r < 0) {
323dda78 4910 log_syntax(unit, LOG_WARNING, filename, line, r,
556a7bbe 4911 "Failed to resolve specifiers in \"%s\", ignoring: %m", destination);
2f4d31c1 4912 continue;
42d43f21
DC		 4913 }
4914
2f4d31c1
YW		 4915 r = path_simplify_and_warn(dresolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4916 if (r < 0)
4917 continue;
d2d6c096 4918
2f4d31c1 4919 d = dresolved;
d2d6c096
LP		 4920
4921 /* Optionally, there's also a short option string specified */
4922 if (p && p[-1] == ':') {
4923 _cleanup_free_ char *options = NULL;
4924
4ec85141 4925 r = extract_first_word(&p, &options, NULL, EXTRACT_UNQUOTE);
d2d6c096
LP		 4926 if (r == -ENOMEM)
4927 return log_oom();
4928 if (r < 0) {
323dda78 4929 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s: %s", lvalue, rvalue);
d2d6c096
LP		 4930 return 0;
4931 }
4932
4933 if (isempty(options) || streq(options, "rbind"))
4934 rbind = true;
4935 else if (streq(options, "norbind"))
4936 rbind = false;
4937 else {
323dda78 4938 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid option string, ignoring setting: %s", options);
2f4d31c1 4939 continue;
d2d6c096
LP		 4940 }
4941 }
4942 } else
4943 d = s;
4944
4945 r = bind_mount_add(&c->bind_mounts, &c->n_bind_mounts,
4946 &(BindMount) {
4947 .source = s,
4948 .destination = d,
4949 .read_only = !!strstr(lvalue, "ReadOnly"),
4950 .recursive = rbind,
4951 .ignore_enoent = ignore_enoent,
4952 });
4953 if (r < 0)
4954 return log_oom();
4955 }
4956
4957 return 0;
4958}
4959
b3d13314
LB		 4960int config_parse_mount_images(
4961 const char *unit,
4962 const char *filename,
4963 unsigned line,
4964 const char *section,
4965 unsigned section_line,
4966 const char *lvalue,
4967 int ltype,
4968 const char *rvalue,
4969 void *data,
4970 void *userdata) {
4971
b3d13314
LB		 4972 ExecContext *c = data;
4973 const Unit *u = userdata;
b3d13314
LB		 4974 int r;
4975
4976 assert(filename);
4977 assert(lvalue);
4978 assert(rvalue);
4979 assert(data);
4980
4981 if (isempty(rvalue)) {
4982 /* Empty assignment resets the list */
4983 c->mount_images = mount_image_free_many(c->mount_images, &c->n_mount_images);
4984 return 0;
4985 }
4986
323dda78 4987 for (const char *p = rvalue;;) {
427353f6
LB		 4988 _cleanup_(mount_options_free_allp) MountOptions *options = NULL;
4989 _cleanup_free_ char *first = NULL, *second = NULL, *tuple = NULL;
b3d13314 4990 _cleanup_free_ char *sresolved = NULL, *dresolved = NULL;
427353f6 4991 const char *q = NULL;
b3d13314
LB		 4992 char *s = NULL;
4993 bool permissive = false;
4994
427353f6 4995 r = extract_first_word(&p, &tuple, NULL, EXTRACT_UNQUOTE|EXTRACT_RETAIN_ESCAPE);
323dda78
YW		 4996 if (r == -ENOMEM)
4997 return log_oom();
4998 if (r < 0) {
4999 log_syntax(unit, LOG_WARNING, filename, line, r,
5000 "Invalid syntax %s=%s, ignoring: %m", lvalue, rvalue);
5001 return 0;
5002 }
427353f6 5003 if (r == 0)
323dda78 5004 return 0;
427353f6
LB		 5005
5006 q = tuple;
5007 r = extract_many_words(&q, ":", EXTRACT_CUNESCAPE|EXTRACT_UNESCAPE_SEPARATORS, &first, &second, NULL);
323dda78
YW		 5008 if (r == -ENOMEM)
5009 return log_oom();
5010 if (r < 0) {
5011 log_syntax(unit, LOG_WARNING, filename, line, r,
5012 "Invalid syntax in %s=, ignoring: %s", lvalue, tuple);
5013 return 0;
5014 }
427353f6
LB		 5015 if (r == 0)
5016 continue;
5017
6c3f7ca0 5018 s = first;
b3d13314
LB		 5019 if (s[0] == '-') {
5020 permissive = true;
5021 s++;
5022 }
5023
06536492 5024 r = unit_path_printf(u, s, &sresolved);
6c3f7ca0
LB		 5025 if (r < 0) {
5026 log_syntax(unit, LOG_WARNING, filename, line, r,
5027 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", s);
5028 continue;
5029 }
5030
5031 r = path_simplify_and_warn(sresolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
b3d13314
LB		 5032 if (r < 0)
5033 continue;
5034
427353f6 5035 if (isempty(second)) {
323dda78 5036 log_syntax(unit, LOG_WARNING, filename, line, 0, "Missing destination in %s, ignoring: %s", lvalue, rvalue);
b3d13314
LB		 5037 continue;
5038 }
5039
06536492 5040 r = unit_path_printf(u, second, &dresolved);
b3d13314 5041 if (r < 0) {
323dda78 5042 log_syntax(unit, LOG_WARNING, filename, line, r,
427353f6 5043 "Failed to resolve specifiers in \"%s\", ignoring: %m", second);
b3d13314
LB		 5044 continue;
5045 }
5046
5047 r = path_simplify_and_warn(dresolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5048 if (r < 0)
5049 continue;
5050
427353f6
LB		 5051 for (;;) {
5052 _cleanup_free_ char *partition = NULL, *mount_options = NULL, *mount_options_resolved = NULL;
5053 MountOptions *o = NULL;
569a0e42 5054 PartitionDesignator partition_designator;
427353f6
LB		 5055
5056 r = extract_many_words(&q, ":", EXTRACT_CUNESCAPE|EXTRACT_UNESCAPE_SEPARATORS, &partition, &mount_options, NULL);
323dda78
YW		 5057 if (r == -ENOMEM)
5058 return log_oom();
5059 if (r < 0) {
5060 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", q);
5061 return 0;
5062 }
427353f6
LB		 5063 if (r == 0)
5064 break;
5065 /* Single set of options, applying to the root partition/single filesystem */
5066 if (r == 1) {
5067 r = unit_full_printf(u, partition, &mount_options_resolved);
5068 if (r < 0) {
323dda78 5069 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", first);
427353f6
LB		 5070 continue;
5071 }
5072
5073 o = new(MountOptions, 1);
5074 if (!o)
5075 return log_oom();
5076 *o = (MountOptions) {
5077 .partition_designator = PARTITION_ROOT,
5078 .options = TAKE_PTR(mount_options_resolved),
5079 };
5080 LIST_APPEND(mount_options, options, o);
5081
5082 break;
5083 }
5084
5085 partition_designator = partition_designator_from_string(partition);
5086 if (partition_designator < 0) {
b98680b2
YW		 5087 log_syntax(unit, LOG_WARNING, filename, line, partition_designator,
5088 "Invalid partition name %s, ignoring", partition);
427353f6
LB		 5089 continue;
5090 }
5091 r = unit_full_printf(u, mount_options, &mount_options_resolved);
5092 if (r < 0) {
323dda78 5093 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options);
427353f6
LB		 5094 continue;
5095 }
5096
5097 o = new(MountOptions, 1);
5098 if (!o)
5099 return log_oom();
5100 *o = (MountOptions) {
5101 .partition_designator = partition_designator,
5102 .options = TAKE_PTR(mount_options_resolved),
5103 };
5104 LIST_APPEND(mount_options, options, o);
5105 }
5106
b3d13314
LB		 5107 r = mount_image_add(&c->mount_images, &c->n_mount_images,
5108 &(MountImage) {
6c3f7ca0 5109 .source = sresolved,
b3d13314 5110 .destination = dresolved,
427353f6 5111 .mount_options = options,
b3d13314 5112 .ignore_enoent = permissive,
93f59701
LB		 5113 .type = MOUNT_IMAGE_DISCRETE,
5114 });
5115 if (r < 0)
5116 return log_oom();
5117 }
5118}
5119
5120int config_parse_extension_images(
5121 const char *unit,
5122 const char *filename,
5123 unsigned line,
5124 const char *section,
5125 unsigned section_line,
5126 const char *lvalue,
5127 int ltype,
5128 const char *rvalue,
5129 void *data,
5130 void *userdata) {
5131
5132 ExecContext *c = data;
5133 const Unit *u = userdata;
5134 int r;
5135
5136 assert(filename);
5137 assert(lvalue);
5138 assert(rvalue);
5139 assert(data);
5140
5141 if (isempty(rvalue)) {
5142 /* Empty assignment resets the list */
5143 c->extension_images = mount_image_free_many(c->extension_images, &c->n_extension_images);
5144 return 0;
5145 }
5146
5147 for (const char *p = rvalue;;) {
5148 _cleanup_free_ char *source = NULL, *tuple = NULL, *sresolved = NULL;
5149 _cleanup_(mount_options_free_allp) MountOptions *options = NULL;
5150 bool permissive = false;
5151 const char *q = NULL;
5152 char *s = NULL;
5153
5154 r = extract_first_word(&p, &tuple, NULL, EXTRACT_UNQUOTE|EXTRACT_RETAIN_ESCAPE);
5155 if (r == -ENOMEM)
5156 return log_oom();
5157 if (r < 0) {
5158 log_syntax(unit, LOG_WARNING, filename, line, r,
5159 "Invalid syntax %s=%s, ignoring: %m", lvalue, rvalue);
5160 return 0;
5161 }
5162 if (r == 0)
5163 return 0;
5164
5165 q = tuple;
5166 r = extract_first_word(&q, &source, ":", EXTRACT_CUNESCAPE|EXTRACT_UNESCAPE_SEPARATORS);
5167 if (r == -ENOMEM)
5168 return log_oom();
5169 if (r < 0) {
5170 log_syntax(unit, LOG_WARNING, filename, line, r,
5171 "Invalid syntax in %s=, ignoring: %s", lvalue, tuple);
5172 return 0;
5173 }
5174 if (r == 0)
5175 continue;
5176
5177 s = source;
5178 if (s[0] == '-') {
5179 permissive = true;
5180 s++;
5181 }
5182
06536492 5183 r = unit_path_printf(u, s, &sresolved);
93f59701
LB		 5184 if (r < 0) {
5185 log_syntax(unit, LOG_WARNING, filename, line, r,
5186 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", s);
5187 continue;
5188 }
5189
5190 r = path_simplify_and_warn(sresolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5191 if (r < 0)
5192 continue;
5193
5194 for (;;) {
5195 _cleanup_free_ char *partition = NULL, *mount_options = NULL, *mount_options_resolved = NULL;
5196 MountOptions *o = NULL;
5197 PartitionDesignator partition_designator;
5198
5199 r = extract_many_words(&q, ":", EXTRACT_CUNESCAPE|EXTRACT_UNESCAPE_SEPARATORS, &partition, &mount_options, NULL);
5200 if (r == -ENOMEM)
5201 return log_oom();
5202 if (r < 0) {
5203 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", q);
5204 return 0;
5205 }
5206 if (r == 0)
5207 break;
5208 /* Single set of options, applying to the root partition/single filesystem */
5209 if (r == 1) {
5210 r = unit_full_printf(u, partition, &mount_options_resolved);
5211 if (r < 0) {
5212 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", partition);
5213 continue;
5214 }
5215
5216 o = new(MountOptions, 1);
5217 if (!o)
5218 return log_oom();
5219 *o = (MountOptions) {
5220 .partition_designator = PARTITION_ROOT,
5221 .options = TAKE_PTR(mount_options_resolved),
5222 };
5223 LIST_APPEND(mount_options, options, o);
5224
5225 break;
5226 }
5227
5228 partition_designator = partition_designator_from_string(partition);
5229 if (partition_designator < 0) {
5230 log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid partition name %s, ignoring", partition);
5231 continue;
5232 }
5233 r = unit_full_printf(u, mount_options, &mount_options_resolved);
5234 if (r < 0) {
5235 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options);
5236 continue;
5237 }
5238
5239 o = new(MountOptions, 1);
5240 if (!o)
5241 return log_oom();
5242 *o = (MountOptions) {
5243 .partition_designator = partition_designator,
5244 .options = TAKE_PTR(mount_options_resolved),
5245 };
5246 LIST_APPEND(mount_options, options, o);
5247 }
5248
5249 r = mount_image_add(&c->extension_images, &c->n_extension_images,
5250 &(MountImage) {
5251 .source = sresolved,
5252 .mount_options = options,
5253 .ignore_enoent = permissive,
5254 .type = MOUNT_IMAGE_EXTENSION,
b3d13314
LB		 5255 });
5256 if (r < 0)
5257 return log_oom();
5258 }
b3d13314
LB		 5259}
5260
eae51da3
LP		 5261int config_parse_job_timeout_sec(
5262 const char* unit,
5263 const char *filename,
5264 unsigned line,
5265 const char *section,
5266 unsigned section_line,
5267 const char *lvalue,
5268 int ltype,
5269 const char *rvalue,
5270 void *data,
5271 void *userdata) {
5272
5273 Unit *u = data;
5274 usec_t usec;
5275 int r;
5276
5277 assert(filename);
5278 assert(lvalue);
5279 assert(rvalue);
5280 assert(u);
5281
5282 r = parse_sec_fix_0(rvalue, &usec);
5283 if (r < 0) {
323dda78 5284 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse JobTimeoutSec= parameter, ignoring: %s", rvalue);
eae51da3
LP		 5285 return 0;
5286 }
5287
5288 /* If the user explicitly changed JobTimeoutSec= also change JobRunningTimeoutSec=, for compatibility with old
c05f3c8f 5289 * versions. If JobRunningTimeoutSec= was explicitly set, avoid this however as whatever the user picked should
eae51da3
LP		 5290 * count. */
5291
5292 if (!u->job_running_timeout_set)
5293 u->job_running_timeout = usec;
5294
5295 u->job_timeout = usec;
5296
5297 return 0;
5298}
5299
5300int config_parse_job_running_timeout_sec(
5301 const char* unit,
5302 const char *filename,
5303 unsigned line,
5304 const char *section,
5305 unsigned section_line,
5306 const char *lvalue,
5307 int ltype,
5308 const char *rvalue,
5309 void *data,
5310 void *userdata) {
5311
5312 Unit *u = data;
5313 usec_t usec;
5314 int r;
5315
5316 assert(filename);
5317 assert(lvalue);
5318 assert(rvalue);
5319 assert(u);
5320
5321 r = parse_sec_fix_0(rvalue, &usec);
5322 if (r < 0) {
323dda78 5323 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse JobRunningTimeoutSec= parameter, ignoring: %s", rvalue);
eae51da3
LP		 5324 return 0;
5325 }
5326
5327 u->job_running_timeout = usec;
5328 u->job_running_timeout_set = true;
5329
5330 return 0;
5331}
5332
54fcb619
ZJS		 5333int config_parse_emergency_action(
5334 const char* unit,
5335 const char *filename,
5336 unsigned line,
5337 const char *section,
5338 unsigned section_line,
5339 const char *lvalue,
5340 int ltype,
5341 const char *rvalue,
5342 void *data,
5343 void *userdata) {
5344
5345 Manager *m = NULL;
5346 EmergencyAction *x = data;
5347 int r;
5348
5349 assert(filename);
5350 assert(lvalue);
5351 assert(rvalue);
5352 assert(data);
5353
5354 if (unit)
5355 m = ((Unit*) userdata)->manager;
5356 else
5357 m = data;
5358
5359 r = parse_emergency_action(rvalue, MANAGER_IS_SYSTEM(m), x);
5360 if (r < 0) {
469f76f1
ZJS		 5361 if (r == -EOPNOTSUPP && MANAGER_IS_USER(m)) {
5362 /* Compat mode: remove for systemd 241. */
5363
5364 log_syntax(unit, LOG_INFO, filename, line, r,
5365 "%s= in user mode specified as \"%s\", using \"exit-force\" instead.",
5366 lvalue, rvalue);
5367 *x = EMERGENCY_ACTION_EXIT_FORCE;
5368 return 0;
5369 }
5370
54fcb619 5371 if (r == -EOPNOTSUPP)
323dda78 5372 log_syntax(unit, LOG_WARNING, filename, line, r,
54fcb619
ZJS		 5373 "%s= specified as %s mode action, ignoring: %s",
5374 lvalue, MANAGER_IS_SYSTEM(m) ? "user" : "system", rvalue);
5375 else
323dda78 5376 log_syntax(unit, LOG_WARNING, filename, line, r,
54fcb619
ZJS		 5377 "Failed to parse %s=, ignoring: %s", lvalue, rvalue);
5378 return 0;
5379 }
5380
5381 return 0;
5382}
5383
a9353a5c
LP		 5384int config_parse_pid_file(
5385 const char *unit,
5386 const char *filename,
5387 unsigned line,
5388 const char *section,
5389 unsigned section_line,
5390 const char *lvalue,
5391 int ltype,
5392 const char *rvalue,
5393 void *data,
5394 void *userdata) {
5395
5396 _cleanup_free_ char *k = NULL, *n = NULL;
47538b76 5397 const Unit *u = userdata;
a9353a5c 5398 char **s = data;
a9353a5c
LP		 5399 int r;
5400
5401 assert(filename);
5402 assert(lvalue);
5403 assert(rvalue);
5404 assert(u);
5405
b8055c05
YW		 5406 if (isempty(rvalue)) {
5407 /* An empty assignment removes already set value. */
5408 *s = mfree(*s);
5409 return 0;
5410 }
5411
06536492 5412 r = unit_path_printf(u, rvalue, &k);
a9353a5c 5413 if (r < 0) {
323dda78 5414 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
a9353a5c
LP		 5415 return 0;
5416 }
5417
5418 /* If this is a relative path make it absolute by prefixing the /run */
5419 n = path_make_absolute(k, u->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
5420 if (!n)
5421 return log_oom();
5422
5423 /* Check that the result is a sensible path */
5424 r = path_simplify_and_warn(n, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5425 if (r < 0)
5426 return r;
5427
4a66b5c9
LP		 5428 r = patch_var_run(unit, filename, line, lvalue, &n);
5429 if (r < 0)
5430 return r;
a9353a5c 5431
4a66b5c9 5432 free_and_replace(*s, n);
a9353a5c
LP		 5433 return 0;
5434}
5435
7af67e9a
LP		 5436int config_parse_exit_status(
5437 const char *unit,
5438 const char *filename,
5439 unsigned line,
5440 const char *section,
5441 unsigned section_line,
5442 const char *lvalue,
5443 int ltype,
5444 const char *rvalue,
5445 void *data,
5446 void *userdata) {
5447
5448 int *exit_status = data, r;
5449 uint8_t u;
5450
5451 assert(filename);
5452 assert(lvalue);
5453 assert(rvalue);
5454 assert(exit_status);
5455
5456 if (isempty(rvalue)) {
5457 *exit_status = -1;
5458 return 0;
5459 }
5460
5461 r = safe_atou8(rvalue, &u);
5462 if (r < 0) {
323dda78 5463 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse exit status '%s', ignoring: %m", rvalue);
7af67e9a
LP		 5464 return 0;
5465 }
5466
5467 *exit_status = u;
5468 return 0;
5469}
5470
c72703e2
CD		 5471int config_parse_disable_controllers(
5472 const char *unit,
5473 const char *filename,
5474 unsigned line,
5475 const char *section,
5476 unsigned section_line,
5477 const char *lvalue,
5478 int ltype,
5479 const char *rvalue,
5480 void *data,
5481 void *userdata) {
5482
5483 int r;
5484 CGroupContext *c = data;
5485 CGroupMask disabled_mask;
5486
5487 /* 1. If empty, make all controllers eligible for use again.
5488 * 2. If non-empty, merge all listed controllers, space separated. */
5489
5490 if (isempty(rvalue)) {
5491 c->disable_controllers = 0;
5492 return 0;
5493 }
5494
5495 r = cg_mask_from_string(rvalue, &disabled_mask);
5496 if (r < 0 || disabled_mask <= 0) {
323dda78 5497 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid cgroup string: %s, ignoring", rvalue);
c72703e2
CD		 5498 return 0;
5499 }
5500
5501 c->disable_controllers |= disabled_mask;
5502
5503 return 0;
5504}
5505
fab34748
KL		 5506int config_parse_ip_filter_bpf_progs(
5507 const char *unit,
5508 const char *filename,
5509 unsigned line,
5510 const char *section,
5511 unsigned section_line,
5512 const char *lvalue,
5513 int ltype,
5514 const char *rvalue,
5515 void *data,
5516 void *userdata) {
5517
5518 _cleanup_free_ char *resolved = NULL;
47538b76 5519 const Unit *u = userdata;
fab34748
KL		 5520 char ***paths = data;
5521 int r;
5522
5523 assert(filename);
5524 assert(lvalue);
5525 assert(rvalue);
5526 assert(paths);
5527
5528 if (isempty(rvalue)) {
5529 *paths = strv_free(*paths);
5530 return 0;
5531 }
5532
06536492 5533 r = unit_path_printf(u, rvalue, &resolved);
fab34748 5534 if (r < 0) {
323dda78 5535 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
fab34748
KL		 5536 return 0;
5537 }
5538
5539 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5540 if (r < 0)
5541 return 0;
5542
5543 if (strv_contains(*paths, resolved))
5544 return 0;
5545
5546 r = strv_extend(paths, resolved);
5547 if (r < 0)
5548 return log_oom();
5549
5550 r = bpf_firewall_supported();
5551 if (r < 0)
5552 return r;
5553 if (r != BPF_FIREWALL_SUPPORTED_WITH_MULTI) {
5554 static bool warned = false;
5555
5556 log_full(warned ? LOG_DEBUG : LOG_WARNING,
5557 "File %s:%u configures an IP firewall with BPF programs (%s=%s), but the local system does not support BPF/cgroup based firewalling with multiple filters.\n"
5558 "Starting this unit will fail! (This warning is only shown for the first loaded unit using IP firewalling.)", filename, line, lvalue, rvalue);
5559
5560 warned = true;
5561 }
5562
5563 return 0;
5564}
5565
0879da98
JK		 5566int config_parse_bpf_foreign_program(
5567 const char *unit,
5568 const char *filename,
5569 unsigned line,
5570 const char *section,
5571 unsigned section_line,
5572 const char *lvalue,
5573 int ltype,
5574 const char *rvalue,
5575 void *data,
5576 void *userdata) {
5577 _cleanup_free_ char *resolved = NULL, *word = NULL;
5578 CGroupContext *c = data;
5579 Unit *u = userdata;
5580 int attach_type, r;
5581
5582 assert(filename);
5583 assert(lvalue);
5584 assert(rvalue);
5585
5586 if (isempty(rvalue)) {
5587 while (c->bpf_foreign_programs)
5588 cgroup_context_remove_bpf_foreign_program(c, c->bpf_foreign_programs);
5589
5590 return 0;
5591 }
5592
5593 r = extract_first_word(&rvalue, &word, ":", 0);
5594 if (r == -ENOMEM)
5595 return log_oom();
3968ccd0 5596 if (r <= 0 || isempty(rvalue)) {
0879da98
JK		 5597 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse foreign BPF program, ignoring: %s", rvalue);
5598 return 0;
5599 }
5600
5601 attach_type = bpf_cgroup_attach_type_from_string(word);
5602 if (attach_type < 0) {
5603 log_syntax(unit, LOG_WARNING, filename, line, 0, "Unknown BPF attach type=%s, ignoring: %s", word, rvalue);
5604 return 0;
5605 }
5606
06536492 5607 r = unit_path_printf(u, rvalue, &resolved);
0879da98
JK		 5608 if (r < 0) {
5609 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
5610 return 0;
5611 }
5612
5613 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
5614 if (r < 0)
5615 return 0;
5616
5617 r = cgroup_add_bpf_foreign_program(c, attach_type, resolved);
5618 if (r < 0)
5619 return log_error_errno(r, "Failed to add foreign BPF program to cgroup context: %m");
5620
5621 return 0;
5622}
5623
8dd210ab
JK		 5624int config_parse_cgroup_socket_bind(
5625 const char *unit,
5626 const char *filename,
5627 unsigned line,
5628 const char *section,
5629 unsigned section_line,
5630 const char *lvalue,
5631 int ltype,
5632 const char *rvalue,
5633 void *data,
5634 void *userdata) {
5635 _cleanup_free_ CGroupSocketBindItem *item = NULL;
cc87b3f6 5636 const char *user_port;
8dd210ab
JK		 5637 uint16_t nr_ports = 0, port_min = 0;
5638 CGroupSocketBindItem **head = data;
5639 _cleanup_free_ char *word = NULL;
cc87b3f6 5640 int af, r;
8dd210ab
JK		 5641
5642 if (isempty(rvalue)) {
5643 cgroup_context_remove_socket_bind(head);
5644 return 0;
5645 }
5646
5647 r = extract_first_word(&rvalue, &word, ":", 0);
5648 if (r == -ENOMEM)
5649 return log_oom();
cc87b3f6
ZJS		 5650 if (r <= 0) {
5651 log_syntax(unit, LOG_WARNING, filename, line, r,
5652 "Unable to parse %s= assignment, ignoring: %s", lvalue, rvalue);
5653 return 0;
5654 }
8dd210ab 5655
cc87b3f6 5656 if (rvalue) {
a4817536
LP		 5657 af = af_from_ipv4_ipv6(word);
5658 if (af == AF_UNSPEC) {
cc87b3f6 5659 log_syntax(unit, LOG_WARNING, filename, line, 0,
f80a206a 5660 "Only \"ipv4\" and \"ipv6\" protocols are supported, ignoring.");
cc87b3f6
ZJS		 5661 return 0;
5662 }
5663
5664 user_port = rvalue;
5665 } else {
5666 af = AF_UNSPEC;
5667 user_port = word;
8dd210ab
JK		 5668 }
5669
8dd210ab
JK		 5670 if (!streq(user_port, "any")) {
5671 uint16_t port_max;
5672
5673 r = parse_ip_port_range(user_port, &port_min, &port_max);
5674 if (r == -ENOMEM)
5675 return log_oom();
cc87b3f6
ZJS		 5676 if (r < 0) {
5677 log_syntax(unit, LOG_WARNING, filename, line, r,
5678 "Invalid port or port range, ignoring: %m");
5679 return 0;
5680 }
8dd210ab
JK		 5681
5682 nr_ports = 1 + port_max - port_min;
5683 }
5684
5685 item = new(CGroupSocketBindItem, 1);
5686 if (!item)
5687 return log_oom();
5688 *item = (CGroupSocketBindItem) {
5689 .address_family = af,
4883a04f
JK		 5690 /* No ip protocol specified for now. */
5691 .ip_protocol = 0,
8dd210ab
JK		 5692 .nr_ports = nr_ports,
5693 .port_min = port_min,
5694 };
5695
5696 LIST_PREPEND(socket_bind_items, *head, TAKE_PTR(item));
5697
5698 return 0;
5699}
5700
23a177ef
LP		 5701static int merge_by_names(Unit **u, Set *names, const char *id) {
5702 char *k;
5703 int r;
5704
5705 assert(u);
5706 assert(*u);
23a177ef 5707
e8630e69 5708 /* Let's try to add in all names that are aliases of this unit */
23a177ef 5709 while ((k = set_steal_first(names))) {
e8630e69 5710 _cleanup_free_ _unused_ char *free_k = k;
23a177ef 5711
e8630e69 5712 /* First try to merge in the other name into our unit */
9946996c
LP		 5713 r = unit_merge_by_name(*u, k);
5714 if (r < 0) {
23a177ef
LP		 5715 Unit *other;
5716
e8630e69
ZJS		 5717 /* Hmm, we couldn't merge the other unit into ours? Then let's try it the other way
5718 * round. */
036643a2 5719
e8630e69
ZJS		 5720 other = manager_get_unit((*u)->manager, k);
5721 if (!other)
5722 return r; /* return previous failure */
036643a2 5723
e8630e69
ZJS		 5724 r = unit_merge(other, *u);
5725 if (r < 0)
a837f088 5726 return r;
fe51822e 5727
e8630e69
ZJS		 5728 *u = other;
5729 return merge_by_names(u, names, NULL);
036643a2 5730 }
034c6ed7 5731
e8630e69
ZJS		 5732 if (streq_ptr(id, k))
5733 unit_choose_id(*u, id);
1b64d026
LP		 5734 }
5735
e48614c4 5736 return 0;
0301abf4
LP		 5737}
5738
e537352b 5739int unit_load_fragment(Unit *u) {
e8630e69
ZJS		 5740 const char *fragment;
5741 _cleanup_set_free_free_ Set *names = NULL;
23a177ef 5742 int r;
0301abf4
LP		 5743
5744 assert(u);
ac155bb8
MS		 5745 assert(u->load_state == UNIT_STUB);
5746 assert(u->id);
23a177ef 5747
3f5e8115
LP		 5748 if (u->transient) {
5749 u->load_state = UNIT_LOADED;
5750 return 0;
5751 }
5752
91e0ee5f
ZJS		 5753 /* Possibly rebuild the fragment map to catch new units */
5754 r = unit_file_build_name_map(&u->manager->lookup_paths,
c2911d48 5755 &u->manager->unit_cache_timestamp_hash,
91e0ee5f
ZJS		 5756 &u->manager->unit_id_map,
5757 &u->manager->unit_name_map,
5758 &u->manager->unit_path_cache);
9946996c 5759 if (r < 0)
14140908 5760 return log_error_errno(r, "Failed to rebuild name map: %m");
91e0ee5f 5761
e8630e69
ZJS		 5762 r = unit_file_find_fragment(u->manager->unit_id_map,
5763 u->manager->unit_name_map,
5764 u->id,
5765 &fragment,
5766 &names);
5767 if (r < 0 && r != -ENOENT)
294d81f1
LP		 5768 return r;
5769
e8630e69
ZJS		 5770 if (fragment) {
5771 /* Open the file, check if this is a mask, otherwise read. */
5772 _cleanup_fclose_ FILE *f = NULL;
c9e06956 5773 struct stat st;
0301abf4 5774
e8630e69
ZJS		 5775 /* Try to open the file name. A symlink is OK, for example for linked files or masks. We
5776 * expect that all symlinks within the lookup paths have been already resolved, but we don't
5777 * verify this here. */
5778 f = fopen(fragment, "re");
5779 if (!f)
5780 return log_unit_notice_errno(u, errno, "Failed to open %s: %m", fragment);
6ccb1b44 5781
e8630e69
ZJS		 5782 if (fstat(fileno(f), &st) < 0)
5783 return -errno;
294d81f1 5784
e8630e69 5785 r = free_and_strdup(&u->fragment_path, fragment);
7410616c
LP		 5786 if (r < 0)
5787 return r;
294d81f1 5788
e8630e69 5789 if (null_or_empty(&st)) {
88414eed
LP		 5790 /* Unit file is masked */
5791
5792 u->load_state = u->perpetual ? UNIT_LOADED : UNIT_MASKED; /* don't allow perpetual units to ever be masked */
e8630e69
ZJS		 5793 u->fragment_mtime = 0;
5794 } else {
5795 u->load_state = UNIT_LOADED;
5796 u->fragment_mtime = timespec_load(&st.st_mtim);
5797
5798 /* Now, parse the file contents */
5799 r = config_parse(u->id, fragment, f,
5800 UNIT_VTABLE(u)->sections,
5801 config_item_perf_lookup, load_fragment_gperf_lookup,
7ade8982 5802 0,
4f9ff96a
LP		 5803 u,
5804 NULL);
bb28e684 5805 if (r == -ENOEXEC)
e8630e69
ZJS		 5806 log_unit_notice_errno(u, r, "Unit configuration has fatal error, unit will not be started.");
5807 if (r < 0)
5808 return r;
bb28e684 5809 }
e8630e69 5810 }
890f434c 5811
3aa57658
ZJS		 5812 /* Call merge_by_names with the name derived from the fragment path as the preferred name.
5813 *
5814 * We do the merge dance here because for some unit types, the unit might have aliases which are not
e8630e69
ZJS		 5815 * declared in the file system. In particular, this is true (and frequent) for device and swap units.
5816 */
e8630e69
ZJS		 5817 const char *id = u->id;
5818 _cleanup_free_ char *free_id = NULL;
294d81f1 5819
e8630e69
ZJS		 5820 if (fragment) {
5821 id = basename(fragment);
5822 if (unit_name_is_valid(id, UNIT_NAME_TEMPLATE)) {
5823 assert(u->instance); /* If we're not trying to use a template for non-instanced unit,
5824 * this must be set. */
890f434c 5825
e8630e69
ZJS		 5826 r = unit_name_replace_instance(id, u->instance, &free_id);
5827 if (r < 0)
5828 return log_debug_errno(r, "Failed to build id (%s + %s): %m", id, u->instance);
5829 id = free_id;
abc08d4d 5830 }
071830ff
LP		 5831 }
5832
3aa57658 5833 Unit *merged = u;
e8630e69
ZJS		 5834 r = merge_by_names(&merged, names, id);
5835 if (r < 0)
5836 return r;
5837
5838 if (merged != u)
5839 u->load_state = UNIT_MERGED;
5840
23a177ef 5841 return 0;
3efd4195 5842}
e537352b
LP		 5843
5844void unit_dump_config_items(FILE *f) {
f975e971
LP		 5845 static const struct {
5846 const ConfigParserCallback callback;
5847 const char *rvalue;
5848 } table[] = {
17df7223 5849 { config_parse_warn_compat, "NOTSUPPORTED" },
f975e971
LP		 5850 { config_parse_int, "INTEGER" },
5851 { config_parse_unsigned, "UNSIGNED" },
5556b5fe 5852 { config_parse_iec_size, "SIZE" },
59f448cf 5853 { config_parse_iec_uint64, "SIZE" },
50299121 5854 { config_parse_si_uint64, "SIZE" },
f975e971
LP		 5855 { config_parse_bool, "BOOLEAN" },
5856 { config_parse_string, "STRING" },
5857 { config_parse_path, "PATH" },
5858 { config_parse_unit_path_printf, "PATH" },
5859 { config_parse_strv, "STRING [...]" },
5860 { config_parse_exec_nice, "NICE" },
5861 { config_parse_exec_oom_score_adjust, "OOMSCOREADJUST" },
5862 { config_parse_exec_io_class, "IOCLASS" },
5863 { config_parse_exec_io_priority, "IOPRIORITY" },
5864 { config_parse_exec_cpu_sched_policy, "CPUSCHEDPOLICY" },
5865 { config_parse_exec_cpu_sched_prio, "CPUSCHEDPRIO" },
5866 { config_parse_exec_cpu_affinity, "CPUAFFINITY" },
5867 { config_parse_mode, "MODE" },
5868 { config_parse_unit_env_file, "FILE" },
52c239d7
LB		 5869 { config_parse_exec_output, "OUTPUT" },
5870 { config_parse_exec_input, "INPUT" },
ca37242e
LP		 5871 { config_parse_log_facility, "FACILITY" },
5872 { config_parse_log_level, "LEVEL" },
f975e971 5873 { config_parse_exec_secure_bits, "SECUREBITS" },
a103496c 5874 { config_parse_capability_set, "BOUNDINGSET" },
4f424df7 5875 { config_parse_rlimit, "LIMIT" },
f975e971 5876 { config_parse_unit_deps, "UNIT [...]" },
f975e971
LP		 5877 { config_parse_exec, "PATH [ARGUMENT [...]]" },
5878 { config_parse_service_type, "SERVICETYPE" },
cb0e818f 5879 { config_parse_service_exit_type, "SERVICEEXITTYPE" },
f975e971 5880 { config_parse_service_restart, "SERVICERESTART" },
bf760801 5881 { config_parse_service_timeout_failure_mode, "TIMEOUTMODE" },
f975e971 5882 { config_parse_kill_mode, "KILLMODE" },
f757855e 5883 { config_parse_signal, "SIGNAL" },
f975e971
LP		 5884 { config_parse_socket_listen, "SOCKET [...]" },
5885 { config_parse_socket_bind, "SOCKETBIND" },
5886 { config_parse_socket_bindtodevice, "NETWORKINTERFACE" },
7f602784 5887 { config_parse_sec, "SECONDS" },
d88a251b 5888 { config_parse_nsec, "NANOSECONDS" },
94828d2d 5889 { config_parse_namespace_path_strv, "PATH [...]" },
d2d6c096 5890 { config_parse_bind_paths, "PATH[:PATH[:OPTIONS]] [...]" },
7c8fa05c 5891 { config_parse_unit_requires_mounts_for, "PATH [...]" },
f975e971
LP		 5892 { config_parse_exec_mount_flags, "MOUNTFLAG [...]" },
5893 { config_parse_unit_string_printf, "STRING" },
3ecaa09b 5894 { config_parse_trigger_unit, "UNIT" },
f975e971 5895 { config_parse_timer, "TIMER" },
f975e971 5896 { config_parse_path_spec, "PATH" },
f975e971
LP		 5897 { config_parse_notify_access, "ACCESS" },
5898 { config_parse_ip_tos, "TOS" },
5899 { config_parse_unit_condition_path, "CONDITION" },
5900 { config_parse_unit_condition_string, "CONDITION" },
a016b922 5901 { config_parse_unit_slice, "SLICE" },
7f0386f6
LP		 5902 { config_parse_documentation, "URL" },
5903 { config_parse_service_timeout, "SECONDS" },
87a47f99 5904 { config_parse_emergency_action, "ACTION" },
7f0386f6
LP		 5905 { config_parse_set_status, "STATUS" },
5906 { config_parse_service_sockets, "SOCKETS" },
7f0386f6 5907 { config_parse_environ, "ENVIRON" },
349cc4a5 5908#if HAVE_SECCOMP
17df7223 5909 { config_parse_syscall_filter, "SYSCALLS" },
6a6751fe 5910 { config_parse_syscall_archs, "ARCHS" },
17df7223 5911 { config_parse_syscall_errno, "ERRNO" },
9df2cdd8 5912 { config_parse_syscall_log, "SYSCALLS" },
4298d0b5 5913 { config_parse_address_families, "FAMILIES" },
add00535 5914 { config_parse_restrict_namespaces, "NAMESPACES" },
c0467cf3 5915#endif
7f0386f6 5916 { config_parse_cpu_shares, "SHARES" },
984faf29 5917 { config_parse_cg_weight, "WEIGHT" },
7f0386f6
LP		 5918 { config_parse_memory_limit, "LIMIT" },
5919 { config_parse_device_allow, "DEVICE" },
5920 { config_parse_device_policy, "POLICY" },
13c31542 5921 { config_parse_io_limit, "LIMIT" },
13c31542 5922 { config_parse_io_device_weight, "DEVICEWEIGHT" },
6ae4283c 5923 { config_parse_io_device_latency, "DEVICELATENCY" },
7f0386f6
LP		 5924 { config_parse_blockio_bandwidth, "BANDWIDTH" },
5925 { config_parse_blockio_weight, "WEIGHT" },
5926 { config_parse_blockio_device_weight, "DEVICEWEIGHT" },
5927 { config_parse_long, "LONG" },
5928 { config_parse_socket_service, "SERVICE" },
349cc4a5 5929#if HAVE_SELINUX
6a6751fe
LP		 5930 { config_parse_exec_selinux_context, "LABEL" },
5931#endif
5932 { config_parse_job_mode, "MODE" },
5933 { config_parse_job_mode_isolate, "BOOLEAN" },
4298d0b5 5934 { config_parse_personality, "PERSONALITY" },
f975e971
LP		 5935 };
5936
5937 const char *prev = NULL;
5938 const char *i;
5939
5940 assert(f);
e537352b 5941
f975e971
LP		 5942 NULSTR_FOREACH(i, load_fragment_gperf_nulstr) {
5943 const char *rvalue = "OTHER", *lvalue;
313b7856 5944 const ConfigPerfItem *p;
f975e971 5945 const char *dot;
f975e971
LP		 5946
5947 assert_se(p = load_fragment_gperf_lookup(i, strlen(i)));
5948
313b7856
LP		 5949 /* Hide legacy settings */
5950 if (p->parse == config_parse_warn_compat &&
5951 p->ltype == DISABLED_LEGACY)
5952 continue;
5953
601844b7 5954 for (size_t j = 0; j < ELEMENTSOF(table); j++)
313b7856
LP		 5955 if (p->parse == table[j].callback) {
5956 rvalue = table[j].rvalue;
5957 break;
5958 }
5959
f975e971
LP		 5960 dot = strchr(i, '.');
5961 lvalue = dot ? dot + 1 : i;
f975e971 5962
601844b7
YW		 5963 if (dot) {
5964 size_t prefix_len = dot - i;
5965
641906e9 5966 if (!prev || !strneq(prev, i, prefix_len+1)) {
f975e971
LP		 5967 if (prev)
5968 fputc('\n', f);
5969
5970 fprintf(f, "[%.*s]\n", (int) prefix_len, i);
5971 }
601844b7 5972 }
f975e971 5973
f975e971
LP		 5974 fprintf(f, "%s=%s\n", lvalue, rvalue);
5975 prev = i;
5976 }
e537352b 5977}
a07a7324
FS		 5978
5979int config_parse_cpu_affinity2(
5980 const char *unit,
5981 const char *filename,
5982 unsigned line,
5983 const char *section,
5984 unsigned section_line,
5985 const char *lvalue,
5986 int ltype,
5987 const char *rvalue,
5988 void *data,
5989 void *userdata) {
5990
5991 CPUSet *affinity = data;
5992
5993 assert(affinity);
5994
5995 (void) parse_cpu_set_extend(rvalue, affinity, true, unit, filename, line, lvalue);
5996
5997 return 0;
5998}
5999
6000int config_parse_show_status(
6001 const char* unit,
6002 const char *filename,
6003 unsigned line,
6004 const char *section,
6005 unsigned section_line,
6006 const char *lvalue,
6007 int ltype,
6008 const char *rvalue,
6009 void *data,
6010 void *userdata) {
6011
6012 int k;
6013 ShowStatus *b = data;
6014
6015 assert(filename);
6016 assert(lvalue);
6017 assert(rvalue);
6018 assert(data);
6019
6020 k = parse_show_status(rvalue, b);
323dda78
YW		 6021 if (k < 0)
6022 log_syntax(unit, LOG_WARNING, filename, line, k, "Failed to parse show status setting, ignoring: %s", rvalue);
a07a7324
FS		 6023
6024 return 0;
6025}
6026
6027int config_parse_output_restricted(
6028 const char* unit,
6029 const char *filename,
6030 unsigned line,
6031 const char *section,
6032 unsigned section_line,
6033 const char *lvalue,
6034 int ltype,
6035 const char *rvalue,
6036 void *data,
6037 void *userdata) {
6038
6039 ExecOutput t, *eo = data;
f3dc6af2 6040 bool obsolete = false;
a07a7324
FS		 6041
6042 assert(filename);
6043 assert(lvalue);
6044 assert(rvalue);
6045 assert(data);
6046
f3dc6af2
LP		 6047 if (streq(rvalue, "syslog")) {
6048 t = EXEC_OUTPUT_JOURNAL;
6049 obsolete = true;
6050 } else if (streq(rvalue, "syslog+console")) {
6051 t = EXEC_OUTPUT_JOURNAL_AND_CONSOLE;
6052 obsolete = true;
6053 } else {
6054 t = exec_output_from_string(rvalue);
6055 if (t < 0) {
b98680b2 6056 log_syntax(unit, LOG_WARNING, filename, line, t, "Failed to parse output type, ignoring: %s", rvalue);
f3dc6af2
LP		 6057 return 0;
6058 }
a07a7324 6059
8d7dab1f
LW		 6060 if (IN_SET(t, EXEC_OUTPUT_SOCKET, EXEC_OUTPUT_NAMED_FD, EXEC_OUTPUT_FILE, EXEC_OUTPUT_FILE_APPEND, EXEC_OUTPUT_FILE_TRUNCATE)) {
6061 log_syntax(unit, LOG_WARNING, filename, line, 0, "Standard output types socket, fd:, file:, append:, truncate: are not supported as defaults, ignoring: %s", rvalue);
f3dc6af2
LP		 6062 return 0;
6063 }
a07a7324
FS		 6064 }
6065
f3dc6af2
LP		 6066 if (obsolete)
6067 log_syntax(unit, LOG_NOTICE, filename, line, 0,
6068 "Standard output type %s is obsolete, automatically updating to %s. Please update your configuration.",
6069 rvalue, exec_output_to_string(t));
6070
a07a7324
FS		 6071 *eo = t;
6072 return 0;
6073}
6074
6075int config_parse_crash_chvt(
6076 const char* unit,
6077 const char *filename,
6078 unsigned line,
6079 const char *section,
6080 unsigned section_line,
6081 const char *lvalue,
6082 int ltype,
6083 const char *rvalue,
6084 void *data,
6085 void *userdata) {
6086
6087 int r;
6088
6089 assert(filename);
6090 assert(lvalue);
6091 assert(rvalue);
6092 assert(data);
6093
6094 r = parse_crash_chvt(rvalue, data);
323dda78
YW		 6095 if (r < 0)
6096 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse CrashChangeVT= setting, ignoring: %s", rvalue);
a07a7324
FS		 6097
6098 return 0;
6099}
eb34a981
LP		 6100
6101int config_parse_swap_priority(
6102 const char *unit,
6103 const char *filename,
6104 unsigned line,
6105 const char *section,
6106 unsigned section_line,
6107 const char *lvalue,
6108 int ltype,
6109 const char *rvalue,
6110 void *data,
6111 void *userdata) {
6112
6113 Swap *s = userdata;
6114 int r, priority;
6115
6116 assert(s);
6117 assert(filename);
6118 assert(lvalue);
6119 assert(rvalue);
6120 assert(data);
6121
6122 if (isempty(rvalue)) {
6123 s->parameters_fragment.priority = -1;
6124 s->parameters_fragment.priority_set = false;
6125 return 0;
6126 }
6127
6128 r = safe_atoi(rvalue, &priority);
6129 if (r < 0) {
323dda78 6130 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid swap priority '%s', ignoring.", rvalue);
eb34a981
LP		 6131 return 0;
6132 }
6133
6134 if (priority < -1) {
323dda78 6135 log_syntax(unit, LOG_WARNING, filename, line, 0, "Sorry, swap priorities smaller than -1 may only be assigned by the kernel itself, ignoring: %s", rvalue);
eb34a981
LP		 6136 return 0;
6137 }
6138
6139 if (priority > 32767) {
323dda78 6140 log_syntax(unit, LOG_WARNING, filename, line, 0, "Swap priority out of range, ignoring: %s", rvalue);
eb34a981
LP		 6141 return 0;
6142 }
6143
6144 s->parameters_fragment.priority = priority;
6145 s->parameters_fragment.priority_set = true;
6146 return 0;
6147}
Unnamed repository; edit this file 'description' to name the repository.