]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/main.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tree-wide: use TAKE_PTR() and TAKE_FD() macros
[thirdparty/systemd.git] / src / core / main.c
CommitLineData
53e1b683 1/* SPDX-License-Identifier: LGPL-2.1+ */
a7334b09
LP		 2/***
3 This file is part of systemd.
4
5 Copyright 2010 Lennart Poettering
6
7 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 10 (at your option) any later version.
11
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 15 Lesser General Public License for more details.
a7334b09 16
5430f7f2 17 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
19***/
20
60918275 21#include <errno.h>
3dfc9763 22#include <fcntl.h>
f170852a 23#include <getopt.h>
97c4f35c 24#include <signal.h>
3dfc9763
LP		 25#include <stdio.h>
26#include <string.h>
664f88a7 27#include <sys/mount.h>
3dfc9763 28#include <sys/prctl.h>
b9e74c39 29#include <sys/reboot.h>
3dfc9763
LP		 30#include <sys/stat.h>
31#include <unistd.h>
349cc4a5 32#if HAVE_SECCOMP
b64a3d86
LP		 33#include <seccomp.h>
34#endif
349cc4a5 35#if HAVE_VALGRIND_VALGRIND_H
3dfc9763
LP		 36#include <valgrind/valgrind.h>
37#endif
54b434b1 38
718db961 39#include "sd-bus.h"
cf0fbc49 40#include "sd-daemon.h"
b2e7486c 41#include "sd-messages.h"
3dfc9763 42
b5efdb8a 43#include "alloc-util.h"
d9d93745 44#include "architecture.h"
3dfc9763
LP		 45#include "build.h"
46#include "bus-error.h"
47#include "bus-util.h"
430f0182 48#include "capability-util.h"
24efb112 49#include "clock-util.h"
3dfc9763 50#include "conf-parser.h"
618234a5 51#include "cpu-set-util.h"
3dfc9763
LP		 52#include "dbus-manager.h"
53#include "def.h"
eee8b7ab 54#include "emergency-action.h"
3dfc9763 55#include "env-util.h"
3ffd4af2 56#include "fd-util.h"
3dfc9763 57#include "fdset.h"
718db961 58#include "fileio.h"
f97b34a6 59#include "format-util.h"
f4f15635 60#include "fs-util.h"
3dfc9763
LP		 61#include "hostname-setup.h"
62#include "ima-setup.h"
63#include "killall.h"
64#include "kmod-setup.h"
d7b8eec7 65#include "load-fragment.h"
3dfc9763 66#include "log.h"
b6e66135 67#include "loopback-setup.h"
b6e66135 68#include "machine-id-setup.h"
3dfc9763
LP		 69#include "manager.h"
70#include "missing.h"
71#include "mount-setup.h"
72#include "pager.h"
6bedfcbb 73#include "parse-util.h"
7d5ceb64 74#include "path-util.h"
4e731273 75#include "proc-cmdline.h"
3dfc9763 76#include "process-util.h"
8869a0b4 77#include "raw-clone.h"
78f22b97 78#include "rlimit-util.h"
349cc4a5 79#if HAVE_SECCOMP
83f12b27
FS		 80#include "seccomp-util.h"
81#endif
b6e66135 82#include "selinux-setup.h"
3dfc9763
LP		 83#include "selinux-util.h"
84#include "signal-util.h"
ffbd2c4d 85#include "smack-setup.h"
3dfc9763 86#include "special.h"
8fcde012 87#include "stat-util.h"
15a5e950 88#include "stdio-util.h"
3dfc9763
LP		 89#include "strv.h"
90#include "switch-root.h"
91#include "terminal-util.h"
8612da97 92#include "umask-util.h"
b1d4f8e1 93#include "user-util.h"
9ce17593 94#include "util.h"
3dfc9763
LP		 95#include "virt.h"
96#include "watchdog.h"
b6e66135 97
f170852a
LP		 98static enum {
99 ACTION_RUN,
e965d56d 100 ACTION_HELP,
9ba0bc4e 101 ACTION_VERSION,
e537352b 102 ACTION_TEST,
494294d6 103 ACTION_DUMP_CONFIGURATION_ITEMS
fa0f4d8a 104} arg_action = ACTION_RUN;
fa0f4d8a 105static char *arg_default_unit = NULL;
463d0d15 106static bool arg_system = false;
fa0f4d8a 107static bool arg_dump_core = true;
fa0f4d8a 108static int arg_crash_chvt = -1;
b9e74c39
LP		 109static bool arg_crash_shell = false;
110static bool arg_crash_reboot = false;
7d5ceb64 111static char *arg_confirm_spawn = NULL;
b6e2f329 112static ShowStatus arg_show_status = _SHOW_STATUS_UNSET;
bf4df7c3 113static bool arg_switched_root = false;
ea4b98e6 114static bool arg_no_pager = false;
2a12e32e 115static bool arg_service_watchdogs = true;
0c85a4f3 116static char ***arg_join_controllers = NULL;
706343f4 117static ExecOutput arg_default_std_output = EXEC_OUTPUT_JOURNAL;
0a494f1f 118static ExecOutput arg_default_std_error = EXEC_OUTPUT_INHERIT;
1f19a534
OS		 119static usec_t arg_default_restart_usec = DEFAULT_RESTART_USEC;
120static usec_t arg_default_timeout_start_usec = DEFAULT_TIMEOUT_USEC;
121static usec_t arg_default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC;
3f41e1e5
LN		 122static usec_t arg_default_start_limit_interval = DEFAULT_START_LIMIT_INTERVAL;
123static unsigned arg_default_start_limit_burst = DEFAULT_START_LIMIT_BURST;
e96d6be7
LP		 124static usec_t arg_runtime_watchdog = 0;
125static usec_t arg_shutdown_watchdog = 10 * USEC_PER_MINUTE;
8a2c1fbf 126static char *arg_watchdog_device = NULL;
97d0e5f8 127static char **arg_default_environment = NULL;
517d56b1 128static struct rlimit *arg_default_rlimit[_RLIMIT_MAX] = {};
a103496c 129static uint64_t arg_capability_bounding_set = CAP_ALL;
39362f6f 130static bool arg_no_new_privs = false;
3a43da28 131static nsec_t arg_timer_slack_nsec = NSEC_INFINITY;
bd8f585b 132static usec_t arg_default_timer_accuracy_usec = 1 * USEC_PER_MINUTE;
d3b1c508
LP		 133static Set* arg_syscall_archs = NULL;
134static FILE* arg_serialization = NULL;
085afe36 135static bool arg_default_cpu_accounting = false;
13c31542 136static bool arg_default_io_accounting = false;
377bfd2d 137static bool arg_default_ip_accounting = false;
085afe36 138static bool arg_default_blockio_accounting = false;
444d5863 139static bool arg_default_memory_accounting = MEMORY_ACCOUNTING_DEFAULT;
9ded9cd1 140static bool arg_default_tasks_accounting = true;
79baeeb9 141static uint64_t arg_default_tasks_max = UINT64_MAX;
ee48dbd5 142static sd_id128_t arg_machine_id = {};
ae8c7939 143static EmergencyAction arg_cad_burst_action = EMERGENCY_ACTION_REBOOT_FORCE;
4fc935ca 144
848e863a 145_noreturn_ static void freeze_or_reboot(void) {
b9e74c39
LP		 146
147 if (arg_crash_reboot) {
148 log_notice("Rebooting in 10s...");
149 (void) sleep(10);
150
151 log_notice("Rebooting now...");
152 (void) reboot(RB_AUTOBOOT);
153 log_emergency_errno(errno, "Failed to reboot: %m");
154 }
155
156 log_emergency("Freezing execution.");
157 freeze();
158}
159
848e863a 160_noreturn_ static void crash(int sig) {
7d06dad9
MS		 161 struct sigaction sa;
162 pid_t pid;
97c4f35c 163
df0ff127 164 if (getpid_cached() != 1)
abb26902 165 /* Pass this on immediately, if this is not PID 1 */
92ca4cac 166 (void) raise(sig);
abb26902 167 else if (!arg_dump_core)
4104970e 168 log_emergency("Caught <%s>, not dumping core.", signal_to_string(sig));
97c4f35c 169 else {
7d06dad9 170 sa = (struct sigaction) {
189d5bac 171 .sa_handler = nop_signal_handler,
b92bea5d
ZJS		 172 .sa_flags = SA_NOCLDSTOP|SA_RESTART,
173 };
97c4f35c 174
6f5e3f35 175 /* We want to wait for the core process, hence let's enable SIGCHLD */
92ca4cac 176 (void) sigaction(SIGCHLD, &sa, NULL);
6f5e3f35 177
8869a0b4 178 pid = raw_clone(SIGCHLD);
e62d8c39 179 if (pid < 0)
56f64d95 180 log_emergency_errno(errno, "Caught <%s>, cannot fork for core dump: %m", signal_to_string(sig));
97c4f35c 181 else if (pid == 0) {
97c4f35c 182 /* Enable default signal handler for core dump */
15a90032 183
92ca4cac
LP		 184 sa = (struct sigaction) {
185 .sa_handler = SIG_DFL,
186 };
187 (void) sigaction(sig, &sa, NULL);
97c4f35c 188
15a90032
LP		 189 /* Don't limit the coredump size */
190 (void) setrlimit(RLIMIT_CORE, &RLIMIT_MAKE_CONST(RLIM_INFINITY));
97c4f35c
LP		 191
192 /* Just to be sure... */
e62d9b81 193 (void) chdir("/");
97c4f35c
LP		 194
195 /* Raise the signal again */
ee05e779 196 pid = raw_getpid();
92ca4cac 197 (void) kill(pid, sig); /* raise() would kill the parent */
97c4f35c
LP		 198
199 assert_not_reached("We shouldn't be here...");
92ca4cac 200 _exit(EXIT_FAILURE);
4fc935ca 201 } else {
8e12a6ae
LP		 202 siginfo_t status;
203 int r;
4fc935ca
LP		 204
205 /* Order things nicely. */
e62d8c39
ZJS		 206 r = wait_for_terminate(pid, &status);
207 if (r < 0)
da927ba9 208 log_emergency_errno(r, "Caught <%s>, waitpid() failed: %m", signal_to_string(sig));
8e12a6ae 209 else if (status.si_code != CLD_DUMPED)
ee05e779
ZJS		 210 log_emergency("Caught <%s>, core dump failed (child "PID_FMT", code=%s, status=%i/%s).",
211 signal_to_string(sig),
212 pid, sigchld_code_to_string(status.si_code),
213 status.si_status,
214 strna(status.si_code == CLD_EXITED
38107f5a 215 ? exit_status_to_string(status.si_status, EXIT_STATUS_MINIMAL)
ee05e779 216 : signal_to_string(status.si_status)));
4fc935ca 217 else
4104970e 218 log_emergency("Caught <%s>, dumped core as pid "PID_FMT".", signal_to_string(sig), pid);
97c4f35c
LP		 219 }
220 }
221
b9e74c39 222 if (arg_crash_chvt >= 0)
92ca4cac 223 (void) chvt(arg_crash_chvt);
601f6a1e 224
7d06dad9
MS		 225 sa = (struct sigaction) {
226 .sa_handler = SIG_IGN,
227 .sa_flags = SA_NOCLDSTOP|SA_NOCLDWAIT|SA_RESTART,
228 };
229
230 /* Let the kernel reap children for us */
231 (void) sigaction(SIGCHLD, &sa, NULL);
8c43883a 232
7d06dad9 233 if (arg_crash_shell) {
b9e74c39 234 log_notice("Executing crash shell in 10s...");
92ca4cac 235 (void) sleep(10);
4fc935ca 236
8869a0b4 237 pid = raw_clone(SIGCHLD);
cd3bd60a 238 if (pid < 0)
56f64d95 239 log_emergency_errno(errno, "Failed to fork off crash shell: %m");
6f5e3f35 240 else if (pid == 0) {
b9e74c39 241 (void) setsid();
92ca4cac
LP		 242 (void) make_console_stdio();
243 (void) execle("/bin/sh", "/bin/sh", NULL, environ);
6f5e3f35 244
ee05e779 245 log_emergency_errno(errno, "execle() failed: %m");
92ca4cac 246 _exit(EXIT_FAILURE);
b9e74c39
LP		 247 } else {
248 log_info("Spawned crash shell as PID "PID_FMT".", pid);
4cf0b03b 249 (void) wait_for_terminate(pid, NULL);
b9e74c39 250 }
4fc935ca
LP		 251 }
252
b9e74c39 253 freeze_or_reboot();
97c4f35c
LP		 254}
255
256static void install_crash_handler(void) {
297d563d 257 static const struct sigaction sa = {
b92bea5d 258 .sa_handler = crash,
297d563d 259 .sa_flags = SA_NODEFER, /* So that we can raise the signal again from the signal handler */
b92bea5d 260 };
297d563d 261 int r;
97c4f35c 262
297d563d
LP		 263 /* We ignore the return value here, since, we don't mind if we
264 * cannot set up a crash handler */
265 r = sigaction_many(&sa, SIGNALS_CRASH_HANDLER, -1);
266 if (r < 0)
267 log_debug_errno(r, "I had trouble setting up the crash handler, ignoring: %m");
97c4f35c 268}
f170852a 269
56d96fc0
LP		 270static int console_setup(void) {
271 _cleanup_close_ int tty_fd = -1;
272 int r;
80876c20 273
512947d4 274 tty_fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
23bbb0de
MS		 275 if (tty_fd < 0)
276 return log_error_errno(tty_fd, "Failed to open /dev/console: %m");
80876c20 277
56d96fc0
LP		 278 /* We don't want to force text mode. plymouth may be showing
279 * pictures already from initrd. */
512947d4 280 r = reset_terminal_fd(tty_fd, false);
23bbb0de
MS		 281 if (r < 0)
282 return log_error_errno(r, "Failed to reset /dev/console: %m");
843d2643 283
56d96fc0 284 return 0;
80876c20
LP		 285}
286
b9e74c39
LP		 287static int parse_crash_chvt(const char *value) {
288 int b;
289
290 if (safe_atoi(value, &arg_crash_chvt) >= 0)
291 return 0;
292
293 b = parse_boolean(value);
294 if (b < 0)
295 return b;
296
297 if (b > 0)
298 arg_crash_chvt = 0; /* switch to where kmsg goes */
299 else
300 arg_crash_chvt = -1; /* turn off switching */
301
302 return 0;
303}
304
7d5ceb64
FB		 305static int parse_confirm_spawn(const char *value, char **console) {
306 char *s;
307 int r;
308
309 r = value ? parse_boolean(value) : 1;
310 if (r == 0) {
311 *console = NULL;
312 return 0;
313 }
314
315 if (r > 0) /* on with default tty */
316 s = strdup("/dev/console");
317 else if (is_path(value)) /* on with fully qualified path */
318 s = strdup(value);
319 else /* on with only a tty file name, not a fully qualified path */
320 s = strjoin("/dev/", value);
321 if (!s)
322 return -ENOMEM;
323 *console = s;
324 return 0;
325}
326
ee48dbd5 327static int set_machine_id(const char *m) {
e042eab7 328 sd_id128_t t;
8b26cdbd 329 assert(m);
ee48dbd5 330
e042eab7 331 if (sd_id128_from_string(m, &t) < 0)
ee48dbd5
NC		 332 return -EINVAL;
333
e042eab7 334 if (sd_id128_is_null(t))
ee48dbd5
NC		 335 return -EINVAL;
336
e042eab7 337 arg_machine_id = t;
ee48dbd5
NC		 338 return 0;
339}
340
96287a49 341static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
f170852a 342
059cb385 343 int r;
f170852a 344
059cb385 345 assert(key);
5192bd19 346
1d84ad94 347 if (STR_IN_SET(key, "systemd.unit", "rd.systemd.unit")) {
bf4df7c3 348
1d84ad94
LP		 349 if (proc_cmdline_value_missing(key, value))
350 return 0;
bf4df7c3 351
1d84ad94
LP		 352 if (!unit_name_is_valid(value, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE))
353 log_warning("Unit name specified on %s= is not valid, ignoring: %s", key, value);
354 else if (in_initrd() == !!startswith(key, "rd.")) {
355 if (free_and_strdup(&arg_default_unit, value) < 0)
356 return log_oom();
357 }
f170852a 358
1d84ad94 359 } else if (proc_cmdline_key_streq(key, "systemd.dump_core")) {
4fc935ca 360
1d84ad94 361 r = value ? parse_boolean(value) : true;
fb472900 362 if (r < 0)
059cb385 363 log_warning("Failed to parse dump core switch %s. Ignoring.", value);
4fc935ca 364 else
fa0f4d8a 365 arg_dump_core = r;
4fc935ca 366
1d84ad94 367 } else if (proc_cmdline_key_streq(key, "systemd.crash_chvt")) {
b9e74c39 368
1d84ad94
LP		 369 if (!value)
370 arg_crash_chvt = 0; /* turn on */
371 else if (parse_crash_chvt(value) < 0)
b9e74c39
LP		 372 log_warning("Failed to parse crash chvt switch %s. Ignoring.", value);
373
1d84ad94 374 } else if (proc_cmdline_key_streq(key, "systemd.crash_shell")) {
4fc935ca 375
1d84ad94 376 r = value ? parse_boolean(value) : true;
fb472900 377 if (r < 0)
059cb385 378 log_warning("Failed to parse crash shell switch %s. Ignoring.", value);
4fc935ca 379 else
fa0f4d8a 380 arg_crash_shell = r;
5e7ee61c 381
1d84ad94 382 } else if (proc_cmdline_key_streq(key, "systemd.crash_reboot")) {
5e7ee61c 383
1d84ad94 384 r = value ? parse_boolean(value) : true;
b9e74c39
LP		 385 if (r < 0)
386 log_warning("Failed to parse crash reboot switch %s. Ignoring.", value);
5e7ee61c 387 else
b9e74c39 388 arg_crash_reboot = r;
5e7ee61c 389
1d84ad94
LP		 390 } else if (proc_cmdline_key_streq(key, "systemd.confirm_spawn")) {
391 char *s;
7d5ceb64 392
1d84ad94 393 r = parse_confirm_spawn(value, &s);
059cb385 394 if (r < 0)
7d5ceb64 395 log_warning_errno(r, "Failed to parse confirm_spawn switch %s. Ignoring.", value);
1d84ad94
LP		 396 else {
397 free(arg_confirm_spawn);
398 arg_confirm_spawn = s;
399 }
601f6a1e 400
2a12e32e
JK		 401 } else if (proc_cmdline_key_streq(key, "systemd.service_watchdogs")) {
402
403 r = value ? parse_boolean(value) : true;
404 if (r < 0)
405 log_warning("Failed to parse service watchdog switch %s. Ignoring.", value);
406 else
407 arg_service_watchdogs = r;
408
1d84ad94 409 } else if (proc_cmdline_key_streq(key, "systemd.show_status")) {
9e58ff9c 410
1d84ad94
LP		 411 if (value) {
412 r = parse_show_status(value, &arg_show_status);
413 if (r < 0)
414 log_warning("Failed to parse show status switch %s. Ignoring.", value);
415 } else
416 arg_show_status = SHOW_STATUS_YES;
059cb385 417
1d84ad94
LP		 418 } else if (proc_cmdline_key_streq(key, "systemd.default_standard_output")) {
419
420 if (proc_cmdline_value_missing(key, value))
421 return 0;
0a494f1f 422
059cb385 423 r = exec_output_from_string(value);
fb472900 424 if (r < 0)
059cb385 425 log_warning("Failed to parse default standard output switch %s. Ignoring.", value);
0a494f1f
LP		 426 else
427 arg_default_std_output = r;
0a494f1f 428
1d84ad94
LP		 429 } else if (proc_cmdline_key_streq(key, "systemd.default_standard_error")) {
430
431 if (proc_cmdline_value_missing(key, value))
432 return 0;
059cb385
LP		 433
434 r = exec_output_from_string(value);
fb472900 435 if (r < 0)
059cb385 436 log_warning("Failed to parse default standard error switch %s. Ignoring.", value);
0a494f1f
LP		 437 else
438 arg_default_std_error = r;
9e7c5357 439
1d84ad94
LP		 440 } else if (streq(key, "systemd.setenv")) {
441
442 if (proc_cmdline_value_missing(key, value))
443 return 0;
059cb385
LP		 444
445 if (env_assignment_is_valid(value)) {
e21fea24
KS		 446 char **env;
447
059cb385 448 env = strv_env_set(arg_default_environment, value);
1d84ad94
LP		 449 if (!env)
450 return log_oom();
451
452 arg_default_environment = env;
e21fea24 453 } else
059cb385 454 log_warning("Environment variable name '%s' is not valid. Ignoring.", value);
9e58ff9c 455
1d84ad94
LP		 456 } else if (proc_cmdline_key_streq(key, "systemd.machine_id")) {
457
458 if (proc_cmdline_value_missing(key, value))
459 return 0;
460
461 r = set_machine_id(value);
462 if (r < 0)
463 log_warning("MachineID '%s' is not valid. Ignoring.", value);
ee48dbd5 464
1d84ad94
LP		 465 } else if (proc_cmdline_key_streq(key, "systemd.default_timeout_start_sec")) {
466
467 if (proc_cmdline_value_missing(key, value))
468 return 0;
469
470 r = parse_sec(value, &arg_default_timeout_start_usec);
471 if (r < 0)
472 log_warning_errno(r, "Failed to parse default start timeout: %s, ignoring.", value);
473
474 if (arg_default_timeout_start_usec <= 0)
475 arg_default_timeout_start_usec = USEC_INFINITY;
ee48dbd5 476
8a2c1fbf
EJ		 477 } else if (proc_cmdline_key_streq(key, "systemd.watchdog_device")) {
478
479 if (proc_cmdline_value_missing(key, value))
480 return 0;
481
482 parse_path_argument_and_warn(value, false, &arg_watchdog_device);
483
059cb385 484 } else if (streq(key, "quiet") && !value) {
d7b15e0a 485
b6e2f329 486 if (arg_show_status == _SHOW_STATUS_UNSET)
d450b6f2 487 arg_show_status = SHOW_STATUS_AUTO;
059cb385
LP		 488
489 } else if (streq(key, "debug") && !value) {
d7b15e0a 490
1de1c9c3
LP		 491 /* Note that log_parse_environment() handles 'debug'
492 * too, and sets the log level to LOG_DEBUG. */
d7b15e0a 493
75f86906 494 if (detect_container() > 0)
b2103dcc 495 log_set_target(LOG_TARGET_CONSOLE);
059cb385 496
dcd61450 497 } else if (!value) {
e2c9a131 498 const char *target;
f170852a
LP		 499
500 /* SysV compatibility */
e2c9a131
EV		 501 target = runlevel_to_target(key);
502 if (target)
503 return free_and_strdup(&arg_default_unit, target);
f170852a
LP		 504 }
505
506 return 0;
507}
508
e8e581bf
ZJS		 509#define DEFINE_SETTER(name, func, descr) \
510 static int name(const char *unit, \
511 const char *filename, \
512 unsigned line, \
513 const char *section, \
71a61510 514 unsigned section_line, \
e8e581bf
ZJS		 515 const char *lvalue, \
516 int ltype, \
517 const char *rvalue, \
518 void *data, \
519 void *userdata) { \
520 \
521 int r; \
522 \
523 assert(filename); \
524 assert(lvalue); \
525 assert(rvalue); \
526 \
527 r = func(rvalue); \
528 if (r < 0) \
d1cefe0a
LP		 529 log_syntax(unit, LOG_ERR, filename, line, r, \
530 "Invalid " descr "'%s': %m", \
531 rvalue); \
e8e581bf
ZJS		 532 \
533 return 0; \
534 }
487393e9 535
e8e581bf
ZJS		 536DEFINE_SETTER(config_parse_level2, log_set_max_level_from_string, "log level")
537DEFINE_SETTER(config_parse_target, log_set_target_from_string, "target")
538DEFINE_SETTER(config_parse_color, log_show_color_from_string, "color" )
539DEFINE_SETTER(config_parse_location, log_show_location_from_string, "location")
487393e9 540
4d7213b2
LP		 541static int config_parse_cpu_affinity2(
542 const char *unit,
543 const char *filename,
544 unsigned line,
545 const char *section,
546 unsigned section_line,
547 const char *lvalue,
548 int ltype,
549 const char *rvalue,
550 void *data,
551 void *userdata) {
487393e9 552
4b40bc38 553 _cleanup_cpu_free_ cpu_set_t *c = NULL;
f5c72b73 554 int ncpus;
487393e9 555
765d143b 556 ncpus = parse_cpu_set_and_warn(rvalue, &c, unit, filename, line, lvalue);
f5c72b73
FB		 557 if (ncpus < 0)
558 return ncpus;
487393e9 559
f5c72b73 560 if (sched_setaffinity(0, CPU_ALLOC_SIZE(ncpus), c) < 0)
25f027c5 561 log_warning_errno(errno, "Failed to set CPU affinity: %m");
487393e9 562
487393e9
LP		 563 return 0;
564}
565
4d7213b2
LP		 566static int config_parse_show_status(
567 const char* unit,
568 const char *filename,
569 unsigned line,
570 const char *section,
571 unsigned section_line,
572 const char *lvalue,
573 int ltype,
574 const char *rvalue,
575 void *data,
576 void *userdata) {
577
578 int k;
579 ShowStatus *b = data;
580
581 assert(filename);
582 assert(lvalue);
583 assert(rvalue);
584 assert(data);
585
586 k = parse_show_status(rvalue, b);
587 if (k < 0) {
12ca818f 588 log_syntax(unit, LOG_ERR, filename, line, k, "Failed to parse show status setting, ignoring: %s", rvalue);
4d7213b2
LP		 589 return 0;
590 }
591
592 return 0;
593}
594
5db98187
LP		 595static int config_parse_output_restricted(
596 const char* unit,
597 const char *filename,
598 unsigned line,
599 const char *section,
600 unsigned section_line,
601 const char *lvalue,
602 int ltype,
603 const char *rvalue,
604 void *data,
605 void *userdata) {
606
607 ExecOutput t, *eo = data;
608
609 assert(filename);
610 assert(lvalue);
611 assert(rvalue);
612 assert(data);
613
614 t = exec_output_from_string(rvalue);
615 if (t < 0) {
616 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse output type, ignoring: %s", rvalue);
617 return 0;
618 }
619
620 if (IN_SET(t, EXEC_OUTPUT_SOCKET, EXEC_OUTPUT_NAMED_FD, EXEC_OUTPUT_FILE)) {
621 log_syntax(unit, LOG_ERR, filename, line, 0, "Standard output types socket, fd:, file: are not supported as defaults, ignoring: %s", rvalue);
622 return 0;
623 }
624
625 *eo = t;
626 return 0;
627}
628
b9e74c39
LP		 629static int config_parse_crash_chvt(
630 const char* unit,
631 const char *filename,
632 unsigned line,
633 const char *section,
634 unsigned section_line,
635 const char *lvalue,
636 int ltype,
637 const char *rvalue,
638 void *data,
639 void *userdata) {
640
641 int r;
642
643 assert(filename);
644 assert(lvalue);
645 assert(rvalue);
b9e74c39
LP		 646
647 r = parse_crash_chvt(rvalue);
648 if (r < 0) {
649 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse CrashChangeVT= setting, ignoring: %s", rvalue);
650 return 0;
651 }
652
653 return 0;
654}
655
487393e9
LP		 656static int parse_config_file(void) {
657
f975e971 658 const ConfigTableItem items[] = {
d3b1c508
LP		 659 { "Manager", "LogLevel", config_parse_level2, 0, NULL },
660 { "Manager", "LogTarget", config_parse_target, 0, NULL },
661 { "Manager", "LogColor", config_parse_color, 0, NULL },
662 { "Manager", "LogLocation", config_parse_location, 0, NULL },
663 { "Manager", "DumpCore", config_parse_bool, 0, &arg_dump_core },
b9e74c39
LP		 664 { "Manager", "CrashChVT", /* legacy */ config_parse_crash_chvt, 0, NULL },
665 { "Manager", "CrashChangeVT", config_parse_crash_chvt, 0, NULL },
d3b1c508 666 { "Manager", "CrashShell", config_parse_bool, 0, &arg_crash_shell },
b9e74c39 667 { "Manager", "CrashReboot", config_parse_bool, 0, &arg_crash_reboot },
d3b1c508 668 { "Manager", "ShowStatus", config_parse_show_status, 0, &arg_show_status },
d3b1c508
LP		 669 { "Manager", "CPUAffinity", config_parse_cpu_affinity2, 0, NULL },
670 { "Manager", "JoinControllers", config_parse_join_controllers, 0, &arg_join_controllers },
671 { "Manager", "RuntimeWatchdogSec", config_parse_sec, 0, &arg_runtime_watchdog },
672 { "Manager", "ShutdownWatchdogSec", config_parse_sec, 0, &arg_shutdown_watchdog },
8a2c1fbf 673 { "Manager", "WatchdogDevice", config_parse_path, 0, &arg_watchdog_device },
a103496c 674 { "Manager", "CapabilityBoundingSet", config_parse_capability_set, 0, &arg_capability_bounding_set },
39362f6f 675 { "Manager", "NoNewPrivileges", config_parse_bool, 0, &arg_no_new_privs },
349cc4a5 676#if HAVE_SECCOMP
d3b1c508 677 { "Manager", "SystemCallArchitectures", config_parse_syscall_archs, 0, &arg_syscall_archs },
89fffa27 678#endif
d3b1c508 679 { "Manager", "TimerSlackNSec", config_parse_nsec, 0, &arg_timer_slack_nsec },
bd8f585b 680 { "Manager", "DefaultTimerAccuracySec", config_parse_sec, 0, &arg_default_timer_accuracy_usec },
5db98187
LP		 681 { "Manager", "DefaultStandardOutput", config_parse_output_restricted,0, &arg_default_std_output },
682 { "Manager", "DefaultStandardError", config_parse_output_restricted,0, &arg_default_std_error },
d3b1c508
LP		 683 { "Manager", "DefaultTimeoutStartSec", config_parse_sec, 0, &arg_default_timeout_start_usec },
684 { "Manager", "DefaultTimeoutStopSec", config_parse_sec, 0, &arg_default_timeout_stop_usec },
685 { "Manager", "DefaultRestartSec", config_parse_sec, 0, &arg_default_restart_usec },
f0367da7
LP		 686 { "Manager", "DefaultStartLimitInterval", config_parse_sec, 0, &arg_default_start_limit_interval }, /* obsolete alias */
687 { "Manager", "DefaultStartLimitIntervalSec",config_parse_sec, 0, &arg_default_start_limit_interval },
d3b1c508
LP		 688 { "Manager", "DefaultStartLimitBurst", config_parse_unsigned, 0, &arg_default_start_limit_burst },
689 { "Manager", "DefaultEnvironment", config_parse_environ, 0, &arg_default_environment },
d0a7c5f6
LP		 690 { "Manager", "DefaultLimitCPU", config_parse_limit, RLIMIT_CPU, arg_default_rlimit },
691 { "Manager", "DefaultLimitFSIZE", config_parse_limit, RLIMIT_FSIZE, arg_default_rlimit },
692 { "Manager", "DefaultLimitDATA", config_parse_limit, RLIMIT_DATA, arg_default_rlimit },
693 { "Manager", "DefaultLimitSTACK", config_parse_limit, RLIMIT_STACK, arg_default_rlimit },
694 { "Manager", "DefaultLimitCORE", config_parse_limit, RLIMIT_CORE, arg_default_rlimit },
695 { "Manager", "DefaultLimitRSS", config_parse_limit, RLIMIT_RSS, arg_default_rlimit },
696 { "Manager", "DefaultLimitNOFILE", config_parse_limit, RLIMIT_NOFILE, arg_default_rlimit },
697 { "Manager", "DefaultLimitAS", config_parse_limit, RLIMIT_AS, arg_default_rlimit },
698 { "Manager", "DefaultLimitNPROC", config_parse_limit, RLIMIT_NPROC, arg_default_rlimit },
699 { "Manager", "DefaultLimitMEMLOCK", config_parse_limit, RLIMIT_MEMLOCK, arg_default_rlimit },
700 { "Manager", "DefaultLimitLOCKS", config_parse_limit, RLIMIT_LOCKS, arg_default_rlimit },
701 { "Manager", "DefaultLimitSIGPENDING", config_parse_limit, RLIMIT_SIGPENDING, arg_default_rlimit },
702 { "Manager", "DefaultLimitMSGQUEUE", config_parse_limit, RLIMIT_MSGQUEUE, arg_default_rlimit },
703 { "Manager", "DefaultLimitNICE", config_parse_limit, RLIMIT_NICE, arg_default_rlimit },
704 { "Manager", "DefaultLimitRTPRIO", config_parse_limit, RLIMIT_RTPRIO, arg_default_rlimit },
705 { "Manager", "DefaultLimitRTTIME", config_parse_limit, RLIMIT_RTTIME, arg_default_rlimit },
085afe36 706 { "Manager", "DefaultCPUAccounting", config_parse_bool, 0, &arg_default_cpu_accounting },
13c31542 707 { "Manager", "DefaultIOAccounting", config_parse_bool, 0, &arg_default_io_accounting },
377bfd2d 708 { "Manager", "DefaultIPAccounting", config_parse_bool, 0, &arg_default_ip_accounting },
085afe36
LP		 709 { "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_default_blockio_accounting },
710 { "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_default_memory_accounting },
03a7b521 711 { "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_default_tasks_accounting },
0af20ea2 712 { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max },
ae8c7939 713 { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, 0, &arg_cad_burst_action },
d3b1c508 714 {}
487393e9
LP		 715 };
716
1b907b5c 717 const char *fn, *conf_dirs_nulstr;
487393e9 718
463d0d15 719 fn = arg_system ?
75eb6154
LP		 720 PKGSYSCONFDIR "/system.conf" :
721 PKGSYSCONFDIR "/user.conf";
722
463d0d15 723 conf_dirs_nulstr = arg_system ?
75eb6154
LP		 724 CONF_PATHS_NULSTR("systemd/system.conf.d") :
725 CONF_PATHS_NULSTR("systemd/user.conf.d");
726
bcde742e 727 (void) config_parse_many_nulstr(fn, conf_dirs_nulstr, "Manager\0", config_item_table_lookup, items, CONFIG_PARSE_WARN, NULL);
36c16a7c
LP		 728
729 /* Traditionally "0" was used to turn off the default unit timeouts. Fix this up so that we used USEC_INFINITY
730 * like everywhere else. */
731 if (arg_default_timeout_start_usec <= 0)
732 arg_default_timeout_start_usec = USEC_INFINITY;
733 if (arg_default_timeout_stop_usec <= 0)
734 arg_default_timeout_stop_usec = USEC_INFINITY;
487393e9 735
487393e9
LP		 736 return 0;
737}
738
85cb4151 739static void set_manager_defaults(Manager *m) {
06af2a04
TB		 740
741 assert(m);
742
743 m->default_timer_accuracy_usec = arg_default_timer_accuracy_usec;
744 m->default_std_output = arg_default_std_output;
745 m->default_std_error = arg_default_std_error;
746 m->default_timeout_start_usec = arg_default_timeout_start_usec;
747 m->default_timeout_stop_usec = arg_default_timeout_stop_usec;
748 m->default_restart_usec = arg_default_restart_usec;
749 m->default_start_limit_interval = arg_default_start_limit_interval;
750 m->default_start_limit_burst = arg_default_start_limit_burst;
751 m->default_cpu_accounting = arg_default_cpu_accounting;
13c31542 752 m->default_io_accounting = arg_default_io_accounting;
377bfd2d 753 m->default_ip_accounting = arg_default_ip_accounting;
06af2a04
TB		 754 m->default_blockio_accounting = arg_default_blockio_accounting;
755 m->default_memory_accounting = arg_default_memory_accounting;
03a7b521 756 m->default_tasks_accounting = arg_default_tasks_accounting;
0af20ea2 757 m->default_tasks_max = arg_default_tasks_max;
06af2a04
TB		 758
759 manager_set_default_rlimits(m, arg_default_rlimit);
760 manager_environment_add(m, NULL, arg_default_environment);
761}
762
7b46fc6a
LP		 763static void set_manager_settings(Manager *m) {
764
765 assert(m);
766
767 m->confirm_spawn = arg_confirm_spawn;
2a12e32e 768 m->service_watchdogs = arg_service_watchdogs;
7b46fc6a
LP		 769 m->runtime_watchdog = arg_runtime_watchdog;
770 m->shutdown_watchdog = arg_shutdown_watchdog;
771 m->cad_burst_action = arg_cad_burst_action;
772
773 manager_set_show_status(m, arg_show_status);
774}
775
f170852a 776static int parse_argv(int argc, char *argv[]) {
f170852a
LP		 777 enum {
778 ARG_LOG_LEVEL = 0x100,
779 ARG_LOG_TARGET,
bbe63281
LP		 780 ARG_LOG_COLOR,
781 ARG_LOG_LOCATION,
2f198e2f 782 ARG_UNIT,
edb9aaa8 783 ARG_SYSTEM,
af2d49f7 784 ARG_USER,
e537352b 785 ARG_TEST,
b87c2aa6 786 ARG_NO_PAGER,
9ba0bc4e 787 ARG_VERSION,
80876c20 788 ARG_DUMP_CONFIGURATION_ITEMS,
9e58ff9c 789 ARG_DUMP_CORE,
b9e74c39 790 ARG_CRASH_CHVT,
9e58ff9c 791 ARG_CRASH_SHELL,
b9e74c39 792 ARG_CRASH_REBOOT,
a16e1123 793 ARG_CONFIRM_SPAWN,
9e58ff9c 794 ARG_SHOW_STATUS,
4288f619 795 ARG_DESERIALIZE,
2660882b 796 ARG_SWITCHED_ROOT,
0a494f1f 797 ARG_DEFAULT_STD_OUTPUT,
ee48dbd5 798 ARG_DEFAULT_STD_ERROR,
2a12e32e
JK		 799 ARG_MACHINE_ID,
800 ARG_SERVICE_WATCHDOGS,
f170852a
LP		 801 };
802
803 static const struct option options[] = {
a16e1123
LP		 804 { "log-level", required_argument, NULL, ARG_LOG_LEVEL },
805 { "log-target", required_argument, NULL, ARG_LOG_TARGET },
bbe63281
LP		 806 { "log-color", optional_argument, NULL, ARG_LOG_COLOR },
807 { "log-location", optional_argument, NULL, ARG_LOG_LOCATION },
2f198e2f 808 { "unit", required_argument, NULL, ARG_UNIT },
edb9aaa8 809 { "system", no_argument, NULL, ARG_SYSTEM },
af2d49f7 810 { "user", no_argument, NULL, ARG_USER },
a16e1123 811 { "test", no_argument, NULL, ARG_TEST },
b87c2aa6 812 { "no-pager", no_argument, NULL, ARG_NO_PAGER },
a16e1123 813 { "help", no_argument, NULL, 'h' },
9ba0bc4e 814 { "version", no_argument, NULL, ARG_VERSION },
a16e1123 815 { "dump-configuration-items", no_argument, NULL, ARG_DUMP_CONFIGURATION_ITEMS },
a5d87bf0 816 { "dump-core", optional_argument, NULL, ARG_DUMP_CORE },
b9e74c39 817 { "crash-chvt", required_argument, NULL, ARG_CRASH_CHVT },
a5d87bf0 818 { "crash-shell", optional_argument, NULL, ARG_CRASH_SHELL },
b9e74c39 819 { "crash-reboot", optional_argument, NULL, ARG_CRASH_REBOOT },
a5d87bf0 820 { "confirm-spawn", optional_argument, NULL, ARG_CONFIRM_SPAWN },
6e98720f 821 { "show-status", optional_argument, NULL, ARG_SHOW_STATUS },
a16e1123 822 { "deserialize", required_argument, NULL, ARG_DESERIALIZE },
2660882b 823 { "switched-root", no_argument, NULL, ARG_SWITCHED_ROOT },
0a494f1f
LP		 824 { "default-standard-output", required_argument, NULL, ARG_DEFAULT_STD_OUTPUT, },
825 { "default-standard-error", required_argument, NULL, ARG_DEFAULT_STD_ERROR, },
ee48dbd5 826 { "machine-id", required_argument, NULL, ARG_MACHINE_ID },
2a12e32e 827 { "service-watchdogs", required_argument, NULL, ARG_SERVICE_WATCHDOGS },
fb472900 828 {}
f170852a
LP		 829 };
830
831 int c, r;
832
833 assert(argc >= 1);
834 assert(argv);
835
df0ff127 836 if (getpid_cached() == 1)
b770165a
LP		 837 opterr = 0;
838
099663ff 839 while ((c = getopt_long(argc, argv, "hDbsz:", options, NULL)) >= 0)
f170852a
LP		 840
841 switch (c) {
842
843 case ARG_LOG_LEVEL:
fb472900
ZJS		 844 r = log_set_max_level_from_string(optarg);
845 if (r < 0) {
f170852a
LP		 846 log_error("Failed to parse log level %s.", optarg);
847 return r;
848 }
849
850 break;
851
852 case ARG_LOG_TARGET:
fb472900
ZJS		 853 r = log_set_target_from_string(optarg);
854 if (r < 0) {
f170852a
LP		 855 log_error("Failed to parse log target %s.", optarg);
856 return r;
857 }
858
859 break;
860
bbe63281
LP		 861 case ARG_LOG_COLOR:
862
d0b170c8 863 if (optarg) {
fb472900
ZJS		 864 r = log_show_color_from_string(optarg);
865 if (r < 0) {
d0b170c8
LP		 866 log_error("Failed to parse log color setting %s.", optarg);
867 return r;
868 }
869 } else
870 log_show_color(true);
bbe63281
LP		 871
872 break;
873
874 case ARG_LOG_LOCATION:
d0b170c8 875 if (optarg) {
fb472900
ZJS		 876 r = log_show_location_from_string(optarg);
877 if (r < 0) {
d0b170c8
LP		 878 log_error("Failed to parse log location setting %s.", optarg);
879 return r;
880 }
881 } else
882 log_show_location(true);
bbe63281
LP		 883
884 break;
885
0a494f1f 886 case ARG_DEFAULT_STD_OUTPUT:
fb472900
ZJS		 887 r = exec_output_from_string(optarg);
888 if (r < 0) {
0a494f1f
LP		 889 log_error("Failed to parse default standard output setting %s.", optarg);
890 return r;
891 } else
892 arg_default_std_output = r;
893 break;
894
895 case ARG_DEFAULT_STD_ERROR:
fb472900
ZJS		 896 r = exec_output_from_string(optarg);
897 if (r < 0) {
0a494f1f
LP		 898 log_error("Failed to parse default standard error output setting %s.", optarg);
899 return r;
900 } else
901 arg_default_std_error = r;
902 break;
903
2f198e2f 904 case ARG_UNIT:
e6e242ad 905 r = free_and_strdup(&arg_default_unit, optarg);
23bbb0de
MS		 906 if (r < 0)
907 return log_error_errno(r, "Failed to set default unit %s: %m", optarg);
f170852a
LP		 908
909 break;
910
edb9aaa8 911 case ARG_SYSTEM:
463d0d15 912 arg_system = true;
edb9aaa8 913 break;
a5dab5ce 914
af2d49f7 915 case ARG_USER:
463d0d15 916 arg_system = false;
a5dab5ce 917 break;
a5dab5ce 918
e965d56d 919 case ARG_TEST:
fa0f4d8a 920 arg_action = ACTION_TEST;
b87c2aa6
ZJS		 921 break;
922
923 case ARG_NO_PAGER:
924 arg_no_pager = true;
e965d56d
LP		 925 break;
926
9ba0bc4e
ZJS		 927 case ARG_VERSION:
928 arg_action = ACTION_VERSION;
929 break;
930
e537352b 931 case ARG_DUMP_CONFIGURATION_ITEMS:
fa0f4d8a 932 arg_action = ACTION_DUMP_CONFIGURATION_ITEMS;
e537352b
LP		 933 break;
934
9e58ff9c 935 case ARG_DUMP_CORE:
b9e74c39
LP		 936 if (!optarg)
937 arg_dump_core = true;
938 else {
939 r = parse_boolean(optarg);
940 if (r < 0)
941 return log_error_errno(r, "Failed to parse dump core boolean: %s", optarg);
942 arg_dump_core = r;
a5d87bf0 943 }
b9e74c39
LP		 944 break;
945
946 case ARG_CRASH_CHVT:
947 r = parse_crash_chvt(optarg);
948 if (r < 0)
949 return log_error_errno(r, "Failed to parse crash virtual terminal index: %s", optarg);
9e58ff9c
LP		 950 break;
951
952 case ARG_CRASH_SHELL:
b9e74c39
LP		 953 if (!optarg)
954 arg_crash_shell = true;
955 else {
956 r = parse_boolean(optarg);
957 if (r < 0)
958 return log_error_errno(r, "Failed to parse crash shell boolean: %s", optarg);
959 arg_crash_shell = r;
960 }
961 break;
962
963 case ARG_CRASH_REBOOT:
964 if (!optarg)
965 arg_crash_reboot = true;
966 else {
967 r = parse_boolean(optarg);
968 if (r < 0)
969 return log_error_errno(r, "Failed to parse crash shell boolean: %s", optarg);
970 arg_crash_reboot = r;
a5d87bf0 971 }
9e58ff9c
LP		 972 break;
973
80876c20 974 case ARG_CONFIRM_SPAWN:
7d5ceb64
FB		 975 arg_confirm_spawn = mfree(arg_confirm_spawn);
976
977 r = parse_confirm_spawn(optarg, &arg_confirm_spawn);
978 if (r < 0)
979 return log_error_errno(r, "Failed to parse confirm spawn option: %m");
80876c20
LP		 980 break;
981
2a12e32e
JK		 982 case ARG_SERVICE_WATCHDOGS:
983 r = parse_boolean(optarg);
984 if (r < 0)
985 return log_error_errno(r, "Failed to parse service watchdogs boolean: %s", optarg);
986 arg_service_watchdogs = r;
987 break;
988
9e58ff9c 989 case ARG_SHOW_STATUS:
d450b6f2
ZJS		 990 if (optarg) {
991 r = parse_show_status(optarg, &arg_show_status);
992 if (r < 0) {
993 log_error("Failed to parse show status boolean %s.", optarg);
994 return r;
995 }
996 } else
997 arg_show_status = SHOW_STATUS_YES;
6e98720f 998 break;
a5d87bf0 999
a16e1123
LP		 1000 case ARG_DESERIALIZE: {
1001 int fd;
1002 FILE *f;
1003
01e10de3
LP		 1004 r = safe_atoi(optarg, &fd);
1005 if (r < 0 || fd < 0) {
a16e1123 1006 log_error("Failed to parse deserialize option %s.", optarg);
b9e74c39 1007 return -EINVAL;
a16e1123
LP		 1008 }
1009
b9e74c39 1010 (void) fd_cloexec(fd, true);
01e10de3
LP		 1011
1012 f = fdopen(fd, "r");
4a62c710
MS		 1013 if (!f)
1014 return log_error_errno(errno, "Failed to open serialization fd: %m");
a16e1123 1015
74ca738f 1016 safe_fclose(arg_serialization);
d3b1c508 1017 arg_serialization = f;
a16e1123
LP		 1018
1019 break;
1020 }
1021
2660882b 1022 case ARG_SWITCHED_ROOT:
bf4df7c3 1023 arg_switched_root = true;
d03bc1b8
HH		 1024 break;
1025
ee48dbd5
NC		 1026 case ARG_MACHINE_ID:
1027 r = set_machine_id(optarg);
54500613
LP		 1028 if (r < 0)
1029 return log_error_errno(r, "MachineID '%s' is not valid.", optarg);
ee48dbd5
NC		 1030 break;
1031
f170852a 1032 case 'h':
fa0f4d8a 1033 arg_action = ACTION_HELP;
f170852a
LP		 1034 break;
1035
1d2e23ab
LP		 1036 case 'D':
1037 log_set_max_level(LOG_DEBUG);
1038 break;
1039
099663ff
LP		 1040 case 'b':
1041 case 's':
1042 case 'z':
1043 /* Just to eat away the sysvinit kernel
1044 * cmdline args without getopt() error
1045 * messages that we'll parse in
1046 * parse_proc_cmdline_word() or ignore. */
f170852a 1047
099663ff 1048 case '?':
df0ff127 1049 if (getpid_cached() != 1)
099663ff 1050 return -EINVAL;
601185b4
ZJS		 1051 else
1052 return 0;
099663ff 1053
601185b4
ZJS		 1054 default:
1055 assert_not_reached("Unhandled option code.");
f170852a
LP		 1056 }
1057
df0ff127 1058 if (optind < argc && getpid_cached() != 1) {
d821e6d6
LP		 1059 /* Hmm, when we aren't run as init system
1060 * let's complain about excess arguments */
1061
1062 log_error("Excess arguments.");
1063 return -EINVAL;
1064 }
1065
f170852a
LP		 1066 return 0;
1067}
1068
1069static int help(void) {
1070
2e33c433 1071 printf("%s [OPTIONS...]\n\n"
af2d49f7 1072 "Starts up and maintains the system or user services.\n\n"
e537352b 1073 " -h --help Show this help\n"
cb4069d9 1074 " --version Show version\n"
e537352b 1075 " --test Determine startup sequence, dump it and exit\n"
b87c2aa6 1076 " --no-pager Do not pipe output into a pager\n"
80876c20 1077 " --dump-configuration-items Dump understood unit configuration items\n"
9e58ff9c 1078 " --unit=UNIT Set default unit\n"
edb9aaa8 1079 " --system Run a system instance, even if PID != 1\n"
af2d49f7 1080 " --user Run a user instance\n"
b9e74c39
LP		 1081 " --dump-core[=BOOL] Dump core on crash\n"
1082 " --crash-vt=NR Change to specified VT on crash\n"
1083 " --crash-reboot[=BOOL] Reboot on crash\n"
1084 " --crash-shell[=BOOL] Run shell on crash\n"
1085 " --confirm-spawn[=BOOL] Ask for confirmation when spawning processes\n"
1086 " --show-status[=BOOL] Show status updates on the console during bootup\n"
c1dc6153 1087 " --log-target=TARGET Set log target (console, journal, kmsg, journal-or-kmsg, null)\n"
9e58ff9c 1088 " --log-level=LEVEL Set log level (debug, info, notice, warning, err, crit, alert, emerg)\n"
b9e74c39
LP		 1089 " --log-color[=BOOL] Highlight important log messages\n"
1090 " --log-location[=BOOL] Include code location in log messages\n"
0a494f1f
LP		 1091 " --default-standard-output= Set default standard output for services\n"
1092 " --default-standard-error= Set default standard error output for services\n",
5b6319dc 1093 program_invocation_short_name);
f170852a
LP		 1094
1095 return 0;
1096}
1097
b3680f49 1098static int prepare_reexecute(Manager *m, FILE **_f, FDSet **_fds, bool switching_root) {
48b90859
LP		 1099 _cleanup_fdset_free_ FDSet *fds = NULL;
1100 _cleanup_fclose_ FILE *f = NULL;
a16e1123
LP		 1101 int r;
1102
1103 assert(m);
1104 assert(_f);
1105 assert(_fds);
1106
6b78f9b4 1107 r = manager_open_serialization(m, &f);
48b90859
LP		 1108 if (r < 0)
1109 return log_error_errno(r, "Failed to create serialization file: %m");
a16e1123 1110
71445ae7 1111 /* Make sure nothing is really destructed when we shut down */
313cefa1 1112 m->n_reloading++;
718db961 1113 bus_manager_send_reloading(m, true);
71445ae7 1114
6b78f9b4 1115 fds = fdset_new();
48b90859
LP		 1116 if (!fds)
1117 return log_oom();
a16e1123 1118
b3680f49 1119 r = manager_serialize(m, f, fds, switching_root);
48b90859
LP		 1120 if (r < 0)
1121 return log_error_errno(r, "Failed to serialize state: %m");
a16e1123 1122
48b90859
LP		 1123 if (fseeko(f, 0, SEEK_SET) == (off_t) -1)
1124 return log_error_errno(errno, "Failed to rewind serialization fd: %m");
a16e1123 1125
6b78f9b4 1126 r = fd_cloexec(fileno(f), false);
48b90859
LP		 1127 if (r < 0)
1128 return log_error_errno(r, "Failed to disable O_CLOEXEC for serialization: %m");
a16e1123 1129
6b78f9b4 1130 r = fdset_cloexec(fds, false);
48b90859
LP		 1131 if (r < 0)
1132 return log_error_errno(r, "Failed to disable O_CLOEXEC for serialization fds: %m");
a16e1123 1133
1cc6c93a
YW		 1134 *_f = TAKE_PTR(f);
1135 *_fds = TAKE_PTR(fds);
a16e1123 1136
48b90859 1137 return 0;
a16e1123
LP		 1138}
1139
4096d6f5
LP		 1140static int bump_rlimit_nofile(struct rlimit *saved_rlimit) {
1141 struct rlimit nl;
1142 int r;
6385cb31
CB		 1143 int min_max;
1144 _cleanup_free_ char *nr_open = NULL;
4096d6f5
LP		 1145
1146 assert(saved_rlimit);
1147
1148 /* Save the original RLIMIT_NOFILE so that we can reset it
1149 * later when transitioning from the initrd to the main
1150 * systemd or suchlike. */
4a62c710 1151 if (getrlimit(RLIMIT_NOFILE, saved_rlimit) < 0)
3ce40911 1152 return log_warning_errno(errno, "Reading RLIMIT_NOFILE failed, ignoring: %m");
4096d6f5
LP		 1153
1154 /* Make sure forked processes get the default kernel setting */
1155 if (!arg_default_rlimit[RLIMIT_NOFILE]) {
1156 struct rlimit *rl;
1157
1158 rl = newdup(struct rlimit, saved_rlimit, 1);
1159 if (!rl)
1160 return log_oom();
1161
1162 arg_default_rlimit[RLIMIT_NOFILE] = rl;
1163 }
1164
6385cb31
CB		 1165 /* Get current RLIMIT_NOFILE maximum compiled into the kernel. */
1166 r = read_one_line_file("/proc/sys/fs/nr_open", &nr_open);
d387cfdd 1167 if (r >= 0)
6385cb31
CB		 1168 r = safe_atoi(nr_open, &min_max);
1169 /* If we fail, fallback to the hard-coded kernel limit of 1024 * 1024. */
1170 if (r < 0)
1171 min_max = 1024 * 1024;
1172
4096d6f5 1173 /* Bump up the resource limit for ourselves substantially */
6385cb31 1174 nl.rlim_cur = nl.rlim_max = min_max;
4096d6f5 1175 r = setrlimit_closest(RLIMIT_NOFILE, &nl);
23bbb0de 1176 if (r < 0)
3ce40911 1177 return log_warning_errno(r, "Setting RLIMIT_NOFILE failed, ignoring: %m");
4096d6f5
LP		 1178
1179 return 0;
1180}
1181
fb3ae275
LP		 1182static int bump_rlimit_memlock(struct rlimit *saved_rlimit) {
1183 int r;
1184
1185 assert(saved_rlimit);
1186 assert(getuid() == 0);
1187
1188 /* BPF_MAP_TYPE_LPM_TRIE bpf maps are charged against RLIMIT_MEMLOCK, even though we have CAP_IPC_LOCK which
1189 * should normally disable such checks. We need them to implement IPAccessAllow= and IPAccessDeny=, hence let's
1190 * bump the value high enough for the root user. */
1191
1192 if (getrlimit(RLIMIT_MEMLOCK, saved_rlimit) < 0)
1193 return log_warning_errno(errno, "Reading RLIMIT_MEMLOCK failed, ignoring: %m");
1194
1195 r = setrlimit_closest(RLIMIT_MEMLOCK, &RLIMIT_MAKE_CONST(1024ULL*1024ULL*16ULL));
1196 if (r < 0)
1197 return log_warning_errno(r, "Setting RLIMIT_MEMLOCK failed, ignoring: %m");
1198
1199 return 0;
1200}
1201
80758717 1202static void test_usr(void) {
80758717 1203
ed1c99fc 1204 /* Check that /usr is not a separate fs */
80758717 1205
871c44a7
LP		 1206 if (dir_is_empty("/usr") <= 0)
1207 return;
1208
8b173b5e 1209 log_warning("/usr appears to be on its own filesystem and is not already mounted. This is not a supported setup. "
871c44a7
LP		 1210 "Some things will probably break (sometimes even silently) in mysterious ways. "
1211 "Consult http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken for more information.");
1212}
1213
d3b1c508 1214static int enforce_syscall_archs(Set *archs) {
349cc4a5 1215#if HAVE_SECCOMP
d3b1c508
LP		 1216 int r;
1217
83f12b27
FS		 1218 if (!is_seccomp_available())
1219 return 0;
1220
469830d1 1221 r = seccomp_restrict_archs(arg_syscall_archs);
d3b1c508 1222 if (r < 0)
469830d1 1223 return log_error_errno(r, "Failed to enforce system call architecture restrication: %m");
d3b1c508 1224#endif
469830d1 1225 return 0;
d3b1c508
LP		 1226}
1227
b6e2f329
LP		 1228static int status_welcome(void) {
1229 _cleanup_free_ char *pretty_name = NULL, *ansi_color = NULL;
72c7329b 1230 const char *fn;
b6e2f329
LP		 1231 int r;
1232
fd8c85c6
LP		 1233 if (arg_show_status <= 0)
1234 return 0;
1235
72c7329b
LP		 1236 FOREACH_STRING(fn, "/etc/os-release", "/usr/lib/os-release") {
1237 r = parse_env_file(fn, NEWLINE,
5ae4d543
LP		 1238 "PRETTY_NAME", &pretty_name,
1239 "ANSI_COLOR", &ansi_color,
1240 NULL);
b6e2f329 1241
72c7329b
LP		 1242 if (r != -ENOENT)
1243 break;
1244 }
b6e2f329 1245 if (r < 0 && r != -ENOENT)
72c7329b 1246 log_warning_errno(r, "Failed to read os-release file, ignoring: %m");
b6e2f329 1247
dc9b5816
ZJS		 1248 if (log_get_show_color())
1249 return status_printf(NULL, false, false,
1250 "\nWelcome to \x1B[%sm%s\x1B[0m!\n",
1251 isempty(ansi_color) ? "1" : ansi_color,
1252 isempty(pretty_name) ? "Linux" : pretty_name);
1253 else
1254 return status_printf(NULL, false, false,
1255 "\nWelcome to %s!\n",
1256 isempty(pretty_name) ? "Linux" : pretty_name);
b6e2f329
LP		 1257}
1258
fdd25311
LP		 1259static int write_container_id(void) {
1260 const char *c;
19854865 1261 int r;
fdd25311
LP		 1262
1263 c = getenv("container");
1264 if (isempty(c))
1265 return 0;
1266
8612da97
LP		 1267 RUN_WITH_UMASK(0022)
1268 r = write_string_file("/run/systemd/container", c, WRITE_STRING_FILE_CREATE);
19854865 1269 if (r < 0)
f1f849b0 1270 return log_warning_errno(r, "Failed to write /run/systemd/container, ignoring: %m");
19854865
LP		 1271
1272 return 1;
1273}
1274
1275static int bump_unix_max_dgram_qlen(void) {
1276 _cleanup_free_ char *qlen = NULL;
1277 unsigned long v;
1278 int r;
1279
1280 /* Let's bump the net.unix.max_dgram_qlen sysctl. The kernel
1281 * default of 16 is simply too low. We set the value really
1282 * really early during boot, so that it is actually applied to
1283 * all our sockets, including the $NOTIFY_SOCKET one. */
1284
1285 r = read_one_line_file("/proc/sys/net/unix/max_dgram_qlen", &qlen);
1286 if (r < 0)
1287 return log_warning_errno(r, "Failed to read AF_UNIX datagram queue length, ignoring: %m");
1288
1289 r = safe_atolu(qlen, &v);
1290 if (r < 0)
1291 return log_warning_errno(r, "Failed to parse AF_UNIX datagram queue length, ignoring: %m");
1292
1293 if (v >= DEFAULT_UNIX_MAX_DGRAM_QLEN)
1294 return 0;
1295
1296 qlen = mfree(qlen);
1297 if (asprintf(&qlen, "%lu\n", DEFAULT_UNIX_MAX_DGRAM_QLEN) < 0)
1298 return log_oom();
1299
1300 r = write_string_file("/proc/sys/net/unix/max_dgram_qlen", qlen, 0);
1301 if (r < 0)
1302 return log_full_errno(IN_SET(r, -EROFS, -EPERM, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
1303 "Failed to bump AF_UNIX datagram queue length, ignoring: %m");
1304
1305 return 1;
fdd25311
LP		 1306}
1307
32391275
FB		 1308static int fixup_environment(void) {
1309 _cleanup_free_ char *term = NULL;
4dc63c4b 1310 const char *t;
32391275
FB		 1311 int r;
1312
43db615b
LP		 1313 /* Only fix up the environment when we are started as PID 1 */
1314 if (getpid_cached() != 1)
1315 return 0;
1316
1317 /* We expect the environment to be set correctly if run inside a container. */
84af7821
LP		 1318 if (detect_container() > 0)
1319 return 0;
1320
43db615b
LP		 1321 /* When started as PID1, the kernel uses /dev/console for our stdios and uses TERM=linux whatever the backend
1322 * device used by the console. We try to make a better guess here since some consoles might not have support
1323 * for color mode for example.
32391275 1324 *
43db615b 1325 * However if TERM was configured through the kernel command line then leave it alone. */
1d84ad94 1326 r = proc_cmdline_get_key("TERM", 0, &term);
32391275
FB		 1327 if (r < 0)
1328 return r;
32391275 1329
4dc63c4b
LP		 1330 t = term ?: default_term_for_tty("/dev/console");
1331
1332 if (setenv("TERM", t, 1) < 0)
32391275
FB		 1333 return -errno;
1334
1335 return 0;
1336}
1337
6808a0bc
LP		 1338static void redirect_telinit(int argc, char *argv[]) {
1339
1340 /* This is compatibility support for SysV, where calling init as a user is identical to telinit. */
1341
1342#if HAVE_SYSV_COMPAT
1343 if (getpid_cached() == 1)
1344 return;
1345
1346 if (!strstr(program_invocation_short_name, "init"))
1347 return;
1348
1349 execv(SYSTEMCTL_BINARY_PATH, argv);
1350 log_error_errno(errno, "Failed to exec " SYSTEMCTL_BINARY_PATH ": %m");
a45d7127 1351 exit(EXIT_FAILURE);
6808a0bc
LP		 1352#endif
1353}
1354
4a36297c
LP		 1355static int become_shutdown(
1356 const char *shutdown_verb,
7eb35049 1357 int retval) {
4a36297c
LP		 1358
1359 char log_level[DECIMAL_STR_MAX(int) + 1],
e73c54b8
JK		 1360 exit_code[DECIMAL_STR_MAX(uint8_t) + 1],
1361 timeout[DECIMAL_STR_MAX(usec_t) + 1];
4a36297c 1362
e73c54b8 1363 const char* command_line[13] = {
4a36297c
LP		 1364 SYSTEMD_SHUTDOWN_BINARY_PATH,
1365 shutdown_verb,
e73c54b8 1366 "--timeout", timeout,
4a36297c
LP		 1367 "--log-level", log_level,
1368 "--log-target",
1369 };
1370
1371 _cleanup_strv_free_ char **env_block = NULL;
e73c54b8 1372 size_t pos = 7;
4a36297c
LP		 1373 int r;
1374
7eb35049 1375 assert(shutdown_verb);
234519ae 1376 assert(!command_line[pos]);
4a36297c
LP		 1377 env_block = strv_copy(environ);
1378
1379 xsprintf(log_level, "%d", log_get_max_level());
e73c54b8 1380 xsprintf(timeout, "%" PRI_USEC "us", arg_default_timeout_stop_usec);
4a36297c
LP		 1381
1382 switch (log_get_target()) {
1383
1384 case LOG_TARGET_KMSG:
1385 case LOG_TARGET_JOURNAL_OR_KMSG:
1386 case LOG_TARGET_SYSLOG_OR_KMSG:
1387 command_line[pos++] = "kmsg";
1388 break;
1389
1390 case LOG_TARGET_NULL:
1391 command_line[pos++] = "null";
1392 break;
1393
1394 case LOG_TARGET_CONSOLE:
1395 default:
1396 command_line[pos++] = "console";
1397 break;
1398 };
1399
1400 if (log_get_show_color())
1401 command_line[pos++] = "--log-color";
1402
1403 if (log_get_show_location())
1404 command_line[pos++] = "--log-location";
1405
1406 if (streq(shutdown_verb, "exit")) {
1407 command_line[pos++] = "--exit-code";
1408 command_line[pos++] = exit_code;
1409 xsprintf(exit_code, "%d", retval);
1410 }
1411
1412 assert(pos < ELEMENTSOF(command_line));
1413
7eb35049
LP		 1414 if (streq(shutdown_verb, "reboot") &&
1415 arg_shutdown_watchdog > 0 &&
1416 arg_shutdown_watchdog != USEC_INFINITY) {
1417
4a36297c
LP		 1418 char *e;
1419
1420 /* If we reboot let's set the shutdown
1421 * watchdog and tell the shutdown binary to
1422 * repeatedly ping it */
1423 r = watchdog_set_timeout(&arg_shutdown_watchdog);
1424 watchdog_close(r < 0);
1425
1426 /* Tell the binary how often to ping, ignore failure */
1427 if (asprintf(&e, "WATCHDOG_USEC="USEC_FMT, arg_shutdown_watchdog) > 0)
8a2c1fbf
EJ		 1428 (void) strv_consume(&env_block, e);
1429
1430 if (arg_watchdog_device &&
1431 asprintf(&e, "WATCHDOG_DEVICE=%s", arg_watchdog_device) > 0)
1432 (void) strv_consume(&env_block, e);
4a36297c
LP		 1433 } else
1434 watchdog_close(true);
1435
1436 /* Avoid the creation of new processes forked by the
1437 * kernel; at this point, we will not listen to the
1438 * signals anyway */
1439 if (detect_container() <= 0)
1440 (void) cg_uninstall_release_agent(SYSTEMD_CGROUP_CONTROLLER);
1441
1442 execve(SYSTEMD_SHUTDOWN_BINARY_PATH, (char **) command_line, env_block);
1443 return -errno;
1444}
1445
e839bafd
LP		 1446static void initialize_clock(void) {
1447 int r;
1448
1449 if (clock_is_localtime(NULL) > 0) {
1450 int min;
1451
1452 /*
1453 * The very first call of settimeofday() also does a time warp in the kernel.
1454 *
1455 * In the rtc-in-local time mode, we set the kernel's timezone, and rely on external tools to take care
1456 * of maintaining the RTC and do all adjustments. This matches the behavior of Windows, which leaves
1457 * the RTC alone if the registry tells that the RTC runs in UTC.
1458 */
1459 r = clock_set_timezone(&min);
1460 if (r < 0)
1461 log_error_errno(r, "Failed to apply local time delta, ignoring: %m");
1462 else
1463 log_info("RTC configured in localtime, applying delta of %i minutes to system time.", min);
1464
1465 } else if (!in_initrd()) {
1466 /*
1467 * Do a dummy very first call to seal the kernel's time warp magic.
1468 *
1469 * Do not call this from inside the initrd. The initrd might not carry /etc/adjtime with LOCAL, but the
1470 * real system could be set up that way. In such case, we need to delay the time-warp or the sealing
1471 * until we reach the real system.
1472 *
1473 * Do no set the kernel's timezone. The concept of local time cannot be supported reliably, the time
1474 * will jump or be incorrect at every daylight saving time change. All kernel local time concepts will
1475 * be treated as UTC that way.
1476 */
1477 (void) clock_reset_timewarp();
1478 }
1479
1480 r = clock_apply_epoch();
1481 if (r < 0)
1482 log_error_errno(r, "Current system time is before build time, but cannot correct: %m");
1483 else if (r > 0)
1484 log_info("System time before build time, advancing clock.");
1485}
1486
1e41242e
LP		 1487static void initialize_coredump(bool skip_setup) {
1488
1489 if (getpid_cached() != 1)
1490 return;
1491
1492 /* Don't limit the core dump size, so that coredump handlers such as systemd-coredump (which honour the limit)
1493 * will process core dumps for system services by default. */
1494 if (setrlimit(RLIMIT_CORE, &RLIMIT_MAKE_CONST(RLIM_INFINITY)) < 0)
1495 log_warning_errno(errno, "Failed to set RLIMIT_CORE: %m");
1496
1497 /* But at the same time, turn off the core_pattern logic by default, so that no coredumps are stored
1498 * until the systemd-coredump tool is enabled via sysctl. */
1499 if (!skip_setup)
e557b1a6 1500 disable_coredumps();
1e41242e
LP		 1501}
1502
3c7878f9
LP		 1503static void do_reexecute(
1504 int argc,
1505 char *argv[],
1506 const struct rlimit *saved_rlimit_nofile,
1507 const struct rlimit *saved_rlimit_memlock,
1508 FDSet *fds,
1509 const char *switch_root_dir,
1510 const char *switch_root_init,
1511 const char **ret_error_message) {
1512
1513 unsigned i, j, args_size;
1514 const char **args;
1515 int r;
1516
1517 assert(saved_rlimit_nofile);
1518 assert(saved_rlimit_memlock);
1519 assert(ret_error_message);
1520
1521 /* Close and disarm the watchdog, so that the new instance can reinitialize it, but doesn't get rebooted while
1522 * we do that */
1523 watchdog_close(true);
1524
1525 /* Reset the RLIMIT_NOFILE to the kernel default, so that the new systemd can pass the kernel default to its
1526 * child processes */
1527
1528 if (saved_rlimit_nofile->rlim_cur > 0)
1529 (void) setrlimit(RLIMIT_NOFILE, saved_rlimit_nofile);
1530 if (saved_rlimit_memlock->rlim_cur != (rlim_t) -1)
1531 (void) setrlimit(RLIMIT_MEMLOCK, saved_rlimit_memlock);
1532
1533 if (switch_root_dir) {
1534 /* Kill all remaining processes from the initrd, but don't wait for them, so that we can handle the
1535 * SIGCHLD for them after deserializing. */
e73c54b8 1536 broadcast_signal(SIGTERM, false, true, arg_default_timeout_stop_usec);
3c7878f9
LP		 1537
1538 /* And switch root with MS_MOVE, because we remove the old directory afterwards and detach it. */
1539 r = switch_root(switch_root_dir, "/mnt", true, MS_MOVE);
1540 if (r < 0)
1541 log_error_errno(r, "Failed to switch root, trying to continue: %m");
1542 }
1543
1544 args_size = MAX(6, argc+1);
1545 args = newa(const char*, args_size);
1546
1547 if (!switch_root_init) {
1548 char sfd[DECIMAL_STR_MAX(int) + 1];
1549
1550 /* First try to spawn ourselves with the right path, and with full serialization. We do this only if
1551 * the user didn't specify an explicit init to spawn. */
1552
1553 assert(arg_serialization);
1554 assert(fds);
1555
1556 xsprintf(sfd, "%i", fileno(arg_serialization));
1557
1558 i = 0;
1559 args[i++] = SYSTEMD_BINARY_PATH;
1560 if (switch_root_dir)
1561 args[i++] = "--switched-root";
1562 args[i++] = arg_system ? "--system" : "--user";
1563 args[i++] = "--deserialize";
1564 args[i++] = sfd;
1565 args[i++] = NULL;
1566
1567 assert(i <= args_size);
1568
1569 /*
1570 * We want valgrind to print its memory usage summary before reexecution. Valgrind won't do this is on
1571 * its own on exec(), but it will do it on exit(). Hence, to ensure we get a summary here, fork() off
1572 * a child, let it exit() cleanly, so that it prints the summary, and wait() for it in the parent,
1573 * before proceeding into the exec().
1574 */
1575 valgrind_summary_hack();
1576
1577 (void) execv(args[0], (char* const*) args);
1578 log_debug_errno(errno, "Failed to execute our own binary, trying fallback: %m");
1579 }
1580
1581 /* Try the fallback, if there is any, without any serialization. We pass the original argv[] and envp[]. (Well,
1582 * modulo the ordering changes due to getopt() in argv[], and some cleanups in envp[], but let's hope that
1583 * doesn't matter.) */
1584
1585 arg_serialization = safe_fclose(arg_serialization);
1586 fds = fdset_free(fds);
1587
1588 /* Reopen the console */
1589 (void) make_console_stdio();
1590
1591 for (j = 1, i = 1; j < (unsigned) argc; j++)
1592 args[i++] = argv[j];
1593 args[i++] = NULL;
1594 assert(i <= args_size);
1595
1596 /* Reenable any blocked signals, especially important if we switch from initial ramdisk to init=... */
1597 (void) reset_all_signal_handlers();
1598 (void) reset_signal_mask();
1599
1600 if (switch_root_init) {
1601 args[0] = switch_root_init;
1602 (void) execv(args[0], (char* const*) args);
1603 log_warning_errno(errno, "Failed to execute configured init, trying fallback: %m");
1604 }
1605
1606 args[0] = "/sbin/init";
1607 (void) execv(args[0], (char* const*) args);
1608 r = -errno;
1609
1610 manager_status_printf(NULL, STATUS_TYPE_EMERGENCY,
1611 ANSI_HIGHLIGHT_RED " !! " ANSI_NORMAL,
1612 "Failed to execute /sbin/init");
1613
1614 if (r == -ENOENT) {
1615 log_warning("No /sbin/init, trying fallback");
1616
1617 args[0] = "/bin/sh";
1618 args[1] = NULL;
1619 (void) execv(args[0], (char* const*) args);
1620 log_error_errno(errno, "Failed to execute /bin/sh, giving up: %m");
1621 } else
1622 log_warning_errno(r, "Failed to execute /sbin/init, giving up: %m");
1623
1624 *ret_error_message = "Failed to execute fallback shell";
1625}
1626
7eb35049
LP		 1627static int invoke_main_loop(
1628 Manager *m,
1629 bool *ret_reexecute,
1630 int *ret_retval, /* Return parameters relevant for shutting down */
1631 const char **ret_shutdown_verb, /* … */
1632 FDSet **ret_fds, /* Return parameters for reexecuting */
1633 char **ret_switch_root_dir, /* … */
1634 char **ret_switch_root_init, /* … */
1635 const char **ret_error_message) {
1636
1637 int r;
1638
1639 assert(m);
1640 assert(ret_reexecute);
1641 assert(ret_retval);
1642 assert(ret_shutdown_verb);
1643 assert(ret_fds);
1644 assert(ret_switch_root_dir);
1645 assert(ret_switch_root_init);
1646 assert(ret_error_message);
1647
1648 for (;;) {
1649 r = manager_loop(m);
1650 if (r < 0) {
1651 *ret_error_message = "Failed to run main loop";
1652 return log_emergency_errno(r, "Failed to run main loop: %m");
1653 }
1654
1655 switch (m->exit_code) {
1656
1657 case MANAGER_RELOAD:
1658 log_info("Reloading.");
1659
1660 r = parse_config_file();
1661 if (r < 0)
1662 log_warning_errno(r, "Failed to parse config file, ignoring: %m");
1663
1664 set_manager_defaults(m);
1665
1666 r = manager_reload(m);
1667 if (r < 0)
1668 log_warning_errno(r, "Failed to reload, ignoring: %m");
1669
1670 break;
1671
1672 case MANAGER_REEXECUTE:
1673
1674 r = prepare_reexecute(m, &arg_serialization, ret_fds, false);
1675 if (r < 0) {
1676 *ret_error_message = "Failed to prepare for reexecution";
1677 return r;
1678 }
1679
1680 log_notice("Reexecuting.");
1681
1682 *ret_reexecute = true;
1683 *ret_retval = EXIT_SUCCESS;
1684 *ret_shutdown_verb = NULL;
1685 *ret_switch_root_dir = *ret_switch_root_init = NULL;
1686
1687 return 0;
1688
1689 case MANAGER_SWITCH_ROOT:
1690 if (!m->switch_root_init) {
1691 r = prepare_reexecute(m, &arg_serialization, ret_fds, true);
1692 if (r < 0) {
1693 *ret_error_message = "Failed to prepare for reexecution";
1694 return r;
1695 }
1696 } else
1697 *ret_fds = NULL;
1698
1699 log_notice("Switching root.");
1700
1701 *ret_reexecute = true;
1702 *ret_retval = EXIT_SUCCESS;
1703 *ret_shutdown_verb = NULL;
1704
1705 /* Steal the switch root parameters */
1706 *ret_switch_root_dir = m->switch_root;
1707 *ret_switch_root_init = m->switch_root_init;
1708 m->switch_root = m->switch_root_init = NULL;
1709
1710 return 0;
1711
1712 case MANAGER_EXIT:
1713
1714 if (MANAGER_IS_USER(m)) {
1715 log_debug("Exit.");
1716
1717 *ret_reexecute = false;
1718 *ret_retval = m->return_value;
1719 *ret_shutdown_verb = NULL;
1720 *ret_fds = NULL;
1721 *ret_switch_root_dir = *ret_switch_root_init = NULL;
1722
1723 return 0;
1724 }
1725
1726 _fallthrough_;
1727 case MANAGER_REBOOT:
1728 case MANAGER_POWEROFF:
1729 case MANAGER_HALT:
1730 case MANAGER_KEXEC: {
1731 static const char * const table[_MANAGER_EXIT_CODE_MAX] = {
1732 [MANAGER_EXIT] = "exit",
1733 [MANAGER_REBOOT] = "reboot",
1734 [MANAGER_POWEROFF] = "poweroff",
1735 [MANAGER_HALT] = "halt",
1736 [MANAGER_KEXEC] = "kexec"
1737 };
1738
1739 log_notice("Shutting down.");
1740
1741 *ret_reexecute = false;
1742 *ret_retval = m->return_value;
1743 assert_se(*ret_shutdown_verb = table[m->exit_code]);
1744 *ret_fds = NULL;
1745 *ret_switch_root_dir = *ret_switch_root_init = NULL;
1746
1747 return 0;
1748 }
1749
1750 default:
1751 assert_not_reached("Unknown exit code.");
1752 }
1753 }
1754}
1755
31aef7ff
LP		 1756static void log_execution_mode(bool *ret_first_boot) {
1757 assert(ret_first_boot);
1758
1759 if (arg_system) {
1760 int v;
1761
1762 log_info(PACKAGE_STRING " running in %ssystem mode. (" SYSTEMD_FEATURES ")",
1763 arg_action == ACTION_TEST ? "test " : "" );
1764
1765 v = detect_virtualization();
1766 if (v > 0)
1767 log_info("Detected virtualization %s.", virtualization_to_string(v));
1768
1769 log_info("Detected architecture %s.", architecture_to_string(uname_architecture()));
1770
1771 if (in_initrd()) {
1772 *ret_first_boot = false;
1773 log_info("Running in initial RAM disk.");
1774 } else {
1775 /* Let's check whether we are in first boot, i.e. whether /etc is still unpopulated. We use
1776 * /etc/machine-id as flag file, for this: if it exists we assume /etc is populated, if it
1777 * doesn't it's unpopulated. This allows container managers and installers to provision a
1778 * couple of files already. If the container manager wants to provision the machine ID itself
1779 * it should pass $container_uuid to PID 1. */
1780
1781 *ret_first_boot = access("/etc/machine-id", F_OK) < 0;
1782 if (*ret_first_boot)
1783 log_info("Running with unpopulated /etc.");
1784 }
1785 } else {
b9e90f3a
LP		 1786 if (DEBUG_LOGGING) {
1787 _cleanup_free_ char *t;
31aef7ff 1788
b9e90f3a
LP		 1789 t = uid_to_name(getuid());
1790 log_debug(PACKAGE_STRING " running in %suser mode for user " UID_FMT "/%s. (" SYSTEMD_FEATURES ")",
1791 arg_action == ACTION_TEST ? " test" : "", getuid(), strna(t));
1792 }
31aef7ff
LP		 1793
1794 *ret_first_boot = false;
1795 }
1796}
1797
5afbaa36
LP		 1798static int initialize_runtime(
1799 bool skip_setup,
1800 struct rlimit *saved_rlimit_nofile,
1801 struct rlimit *saved_rlimit_memlock,
1802 const char **ret_error_message) {
1803
1804 int r;
1805
1806 assert(ret_error_message);
1807
1808 /* Sets up various runtime parameters. Many of these initializations are conditionalized:
1809 *
1810 * - Some only apply to --system instances
1811 * - Some only apply to --user instances
1812 * - Some only apply when we first start up, but not when we reexecute
1813 */
1814
2d776038
LP		 1815 if (arg_action != ACTION_RUN)
1816 return 0;
1817
3c3c6cb9
LP		 1818 if (arg_system) {
1819 /* Make sure we leave a core dump without panicing the kernel. */
1820 install_crash_handler();
5afbaa36 1821
3c3c6cb9
LP		 1822 if (!skip_setup) {
1823 r = mount_cgroup_controllers(arg_join_controllers);
1824 if (r < 0) {
1825 *ret_error_message = "Failed to mount cgroup hierarchies";
1826 return r;
1827 }
1828
1829 status_welcome();
1830 hostname_setup();
1831 machine_id_setup(NULL, arg_machine_id, NULL);
1832 loopback_setup();
1833 bump_unix_max_dgram_qlen();
1834 test_usr();
1835 write_container_id();
1836 }
8a2c1fbf 1837
3c3c6cb9
LP		 1838 if (arg_watchdog_device) {
1839 r = watchdog_set_device(arg_watchdog_device);
1840 if (r < 0)
1841 log_warning_errno(r, "Failed to set watchdog device to %s, ignoring: %m", arg_watchdog_device);
1842 }
1843
1844 if (arg_runtime_watchdog > 0 && arg_runtime_watchdog != USEC_INFINITY)
1845 watchdog_set_timeout(&arg_runtime_watchdog);
1846 }
5afbaa36
LP		 1847
1848 if (arg_timer_slack_nsec != NSEC_INFINITY)
1849 if (prctl(PR_SET_TIMERSLACK, arg_timer_slack_nsec) < 0)
3a671cd1 1850 log_warning_errno(errno, "Failed to adjust timer slack, ignoring: %m");
5afbaa36
LP		 1851
1852 if (arg_system && !cap_test_all(arg_capability_bounding_set)) {
1853 r = capability_bounding_set_drop_usermode(arg_capability_bounding_set);
1854 if (r < 0) {
1855 *ret_error_message = "Failed to drop capability bounding set of usermode helpers";
1856 return log_emergency_errno(r, "Failed to drop capability bounding set of usermode helpers: %m");
1857 }
1858
1859 r = capability_bounding_set_drop(arg_capability_bounding_set, true);
1860 if (r < 0) {
1861 *ret_error_message = "Failed to drop capability bounding set";
1862 return log_emergency_errno(r, "Failed to drop capability bounding set: %m");
1863 }
1864 }
1865
39362f6f
JB		 1866 if (arg_system && arg_no_new_privs) {
1867 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
1868 *ret_error_message = "Failed to disable new privileges";
1869 return log_emergency_errno(errno, "Failed to disable new privileges: %m");
1870 }
1871 }
1872
5afbaa36
LP		 1873 if (arg_syscall_archs) {
1874 r = enforce_syscall_archs(arg_syscall_archs);
1875 if (r < 0) {
1876 *ret_error_message = "Failed to set syscall architectures";
1877 return r;
1878 }
1879 }
1880
1881 if (!arg_system)
1882 /* Become reaper of our children */
1883 if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0)
1884 log_warning_errno(errno, "Failed to make us a subreaper: %m");
1885
1886 if (arg_system) {
1887 /* Bump up RLIMIT_NOFILE for systemd itself */
1888 (void) bump_rlimit_nofile(saved_rlimit_nofile);
1889 (void) bump_rlimit_memlock(saved_rlimit_memlock);
1890 }
1891
1892 return 0;
1893}
1894
6acca5fc
LP		 1895static int do_queue_default_job(
1896 Manager *m,
1897 const char **ret_error_message) {
1898
1899 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
1900 Job *default_unit_job;
1901 Unit *target = NULL;
1902 int r;
1903
1904 log_debug("Activating default unit: %s", arg_default_unit);
1905
1906 r = manager_load_unit(m, arg_default_unit, NULL, &error, &target);
1907 if (r < 0)
1908 log_error("Failed to load default target: %s", bus_error_message(&error, r));
1909 else if (IN_SET(target->load_state, UNIT_ERROR, UNIT_NOT_FOUND))
1910 log_error_errno(target->load_error, "Failed to load default target: %m");
1911 else if (target->load_state == UNIT_MASKED)
1912 log_error("Default target masked.");
1913
1914 if (!target || target->load_state != UNIT_LOADED) {
1915 log_info("Trying to load rescue target...");
1916
1917 r = manager_load_unit(m, SPECIAL_RESCUE_TARGET, NULL, &error, &target);
1918 if (r < 0) {
1919 *ret_error_message = "Failed to load rescue target";
1920 return log_emergency_errno(r, "Failed to load rescue target: %s", bus_error_message(&error, r));
1921 } else if (IN_SET(target->load_state, UNIT_ERROR, UNIT_NOT_FOUND)) {
1922 *ret_error_message = "Failed to load rescue target";
1923 return log_emergency_errno(target->load_error, "Failed to load rescue target: %m");
1924 } else if (target->load_state == UNIT_MASKED) {
1925 *ret_error_message = "Rescue target masked";
1926 log_emergency("Rescue target masked.");
1927 return -ERFKILL;
1928 }
1929 }
1930
1931 assert(target->load_state == UNIT_LOADED);
1932
1933 r = manager_add_job(m, JOB_START, target, JOB_ISOLATE, &error, &default_unit_job);
1934 if (r == -EPERM) {
1935 log_debug_errno(r, "Default target could not be isolated, starting instead: %s", bus_error_message(&error, r));
1936
1937 sd_bus_error_free(&error);
1938
1939 r = manager_add_job(m, JOB_START, target, JOB_REPLACE, &error, &default_unit_job);
1940 if (r < 0) {
1941 *ret_error_message = "Failed to start default target";
1942 return log_emergency_errno(r, "Failed to start default target: %s", bus_error_message(&error, r));
1943 }
1944
1945 } else if (r < 0) {
1946 *ret_error_message = "Failed to isolate default target";
1947 return log_emergency_errno(r, "Failed to isolate default target: %s", bus_error_message(&error, r));
1948 }
1949
1950 m->default_unit_job_id = default_unit_job->id;
1951
1952 return 0;
1953}
1954
970777b5
LP		 1955static void free_arguments(void) {
1956 size_t j;
1957
1958 /* Frees all arg_* variables, with the exception of arg_serialization */
1959
1960 for (j = 0; j < ELEMENTSOF(arg_default_rlimit); j++)
1961 arg_default_rlimit[j] = mfree(arg_default_rlimit[j]);
1962
1963 arg_default_unit = mfree(arg_default_unit);
1964 arg_confirm_spawn = mfree(arg_confirm_spawn);
1965 arg_join_controllers = strv_free_free(arg_join_controllers);
1966 arg_default_environment = strv_free(arg_default_environment);
1967 arg_syscall_archs = set_free(arg_syscall_archs);
1968}
1969
97d1fb94
LP		 1970static int load_configuration(int argc, char **argv, const char **ret_error_message) {
1971 int r;
1972
1973 assert(ret_error_message);
1974
1975 arg_default_tasks_max = system_tasks_max_scale(DEFAULT_TASKS_MAX_PERCENTAGE, 100U);
1976
1977 r = parse_config_file();
1978 if (r < 0) {
1979 *ret_error_message = "Failed to parse config file";
1980 return r;
1981 }
1982
1983 if (arg_system) {
1984 r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, 0);
1985 if (r < 0)
1986 log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
1987 }
1988
1989 /* Note that this also parses bits from the kernel command line, including "debug". */
1990 log_parse_environment();
1991
1992 r = parse_argv(argc, argv);
1993 if (r < 0) {
1994 *ret_error_message = "Failed to parse commandline arguments";
1995 return r;
1996 }
1997
1998 /* Initialize default unit */
1999 if (!arg_default_unit) {
2000 arg_default_unit = strdup(SPECIAL_DEFAULT_TARGET);
2001 if (!arg_default_unit) {
2002 *ret_error_message = "Failed to set default unit";
2003 return log_oom();
2004 }
2005 }
2006
db33214b
LP		 2007 /* Initialize the show status setting if it hasn't been set explicitly yet */
2008 if (arg_show_status == _SHOW_STATUS_UNSET)
2009 arg_show_status = SHOW_STATUS_YES;
2010
97d1fb94
LP		 2011 return 0;
2012}
2013
b0d7c989
LP		 2014static int safety_checks(void) {
2015
febf46a4
LP		 2016 if (getpid_cached() == 1 &&
2017 arg_action != ACTION_RUN) {
2018 log_error("Unsupported execution mode while PID 1.");
2019 return -EPERM;
2020 }
2021
2022 if (getpid_cached() == 1 &&
2023 !arg_system) {
2024 log_error("Can't run --user mode as PID 1.");
2025 return -EPERM;
2026 }
2027
2028 if (arg_action == ACTION_RUN &&
2029 arg_system &&
2030 getpid_cached() != 1) {
2031 log_error("Can't run system mode unless PID 1.");
2032 return -EPERM;
2033 }
2034
b0d7c989
LP		 2035 if (arg_action == ACTION_TEST &&
2036 geteuid() == 0) {
2037 log_error("Don't run test mode as root.");
2038 return -EPERM;
2039 }
2040
2041 if (!arg_system &&
2042 arg_action == ACTION_RUN &&
2043 sd_booted() <= 0) {
2044 log_error("Trying to run as user instance, but the system has not been booted with systemd.");
2045 return -EOPNOTSUPP;
2046 }
2047
2048 if (!arg_system &&
2049 arg_action == ACTION_RUN &&
2050 !getenv("XDG_RUNTIME_DIR")) {
2051 log_error("Trying to run as user instance, but $XDG_RUNTIME_DIR is not set.");
2052 return -EUNATCH;
2053 }
2054
2055 if (arg_system &&
2056 arg_action == ACTION_RUN &&
2057 running_in_chroot() > 0) {
2058 log_error("Cannot be run in a chroot() environment.");
2059 return -EOPNOTSUPP;
2060 }
2061
2062 return 0;
2063}
2064
74da609f
LP		 2065static int initialize_security(
2066 bool *loaded_policy,
2067 dual_timestamp *security_start_timestamp,
2068 dual_timestamp *security_finish_timestamp,
2069 const char **ret_error_message) {
2070
2071 int r;
2072
2073 assert(loaded_policy);
2074 assert(security_start_timestamp);
2075 assert(security_finish_timestamp);
2076 assert(ret_error_message);
2077
2078 dual_timestamp_get(security_start_timestamp);
2079
97149f40 2080 r = mac_selinux_setup(loaded_policy);
74da609f
LP		 2081 if (r < 0) {
2082 *ret_error_message = "Failed to load SELinux policy";
2083 return r;
2084 }
2085
2086 r = mac_smack_setup(loaded_policy);
2087 if (r < 0) {
2088 *ret_error_message = "Failed to load SMACK policy";
2089 return r;
2090 }
2091
2092 r = ima_setup();
2093 if (r < 0) {
2094 *ret_error_message = "Failed to load IMA policy";
2095 return r;
2096 }
2097
2098 dual_timestamp_get(security_finish_timestamp);
2099 return 0;
2100}
2101
263162da
LP		 2102static void test_summary(Manager *m) {
2103 assert(m);
2104
2105 printf("-> By units:\n");
2106 manager_dump_units(m, stdout, "\t");
2107
2108 printf("-> By jobs:\n");
2109 manager_dump_jobs(m, stdout, "\t");
2110}
2111
efeb853f
LP		 2112static int collect_fds(FDSet **ret_fds, const char **ret_error_message) {
2113 int r;
2114
2115 assert(ret_fds);
2116 assert(ret_error_message);
2117
2118 r = fdset_new_fill(ret_fds);
2119 if (r < 0) {
2120 *ret_error_message = "Failed to allocate fd set";
2121 return log_emergency_errno(r, "Failed to allocate fd set: %m");
2122 }
2123
2124 fdset_cloexec(*ret_fds, true);
2125
2126 if (arg_serialization)
2127 assert_se(fdset_remove(*ret_fds, fileno(arg_serialization)) >= 0);
2128
2129 return 0;
2130}
2131
2e51b31c
LP		 2132static void setup_console_terminal(bool skip_setup) {
2133
2134 if (!arg_system)
2135 return;
2136
2137 /* Become a session leader if we aren't one yet. */
2138 (void) setsid();
2139
2140 /* If we are init, we connect stdin/stdout/stderr to /dev/null and make sure we don't have a controlling
2141 * tty. */
2142 (void) release_terminal();
2143
2144 /* Reset the console, but only if this is really init and we are freshly booted */
2145 if (getpid_cached() == 1 && !skip_setup)
2146 (void) console_setup();
2147}
2148
aa40ff07
LP		 2149static bool early_skip_setup_check(int argc, char *argv[]) {
2150 bool found_deserialize = false;
2151 int i;
2152
2153 /* Determine if this is a reexecution or normal bootup. We do the full command line parsing much later, so
2154 * let's just have a quick peek here. Note that if we have switched root, do all the special setup things
2155 * anyway, even if in that case we also do deserialization. */
2156
2157 for (i = 1; i < argc; i++) {
2158
2159 if (streq(argv[i], "--switched-root"))
2160 return false; /* If we switched root, don't skip the setup. */
2161 else if (streq(argv[i], "--deserialize"))
2162 found_deserialize = true;
2163 }
2164
2165 return found_deserialize; /* When we are deserializing, then we are reexecuting, hence avoid the extensive setup */
2166}
2167
60918275 2168int main(int argc, char *argv[]) {
625e8690
LP		 2169
2170 dual_timestamp initrd_timestamp = DUAL_TIMESTAMP_NULL, userspace_timestamp = DUAL_TIMESTAMP_NULL, kernel_timestamp = DUAL_TIMESTAMP_NULL,
2171 security_start_timestamp = DUAL_TIMESTAMP_NULL, security_finish_timestamp = DUAL_TIMESTAMP_NULL;
2172 struct rlimit saved_rlimit_nofile = RLIMIT_MAKE_CONST(0), saved_rlimit_memlock = RLIMIT_MAKE_CONST((rlim_t) -1);
2173 bool skip_setup, loaded_policy = false, queue_default_job = false, first_boot = false, reexecute = false;
2174 char *switch_root_dir = NULL, *switch_root_init = NULL;
9d76d730 2175 usec_t before_startup, after_startup;
625e8690 2176 static char systemd[] = "systemd";
9d76d730 2177 char timespan[FORMAT_TIMESPAN_MAX];
625e8690
LP		 2178 const char *shutdown_verb = NULL, *error_message = NULL;
2179 int r, retval = EXIT_FAILURE;
2180 Manager *m = NULL;
a16e1123 2181 FDSet *fds = NULL;
27b14a22 2182
d72a8f10 2183 /* SysV compatibility: redirect init → telinit */
6808a0bc 2184 redirect_telinit(argc, argv);
2cb1a60d 2185
d72a8f10 2186 /* Take timestamps early on */
c3a170f3
HH		 2187 dual_timestamp_from_monotonic(&kernel_timestamp, 0);
2188 dual_timestamp_get(&userspace_timestamp);
2189
d72a8f10
LP		 2190 /* Figure out whether we need to do initialize the system, or if we already did that because we are
2191 * reexecuting */
aa40ff07 2192 skip_setup = early_skip_setup_check(argc, argv);
d03bc1b8 2193
d72a8f10
LP		 2194 /* If we get started via the /sbin/init symlink then we are called 'init'. After a subsequent reexecution we
2195 * are then called 'systemd'. That is confusing, hence let's call us systemd right-away. */
f3b6a3ed 2196 program_invocation_short_name = systemd;
eee8b7ab 2197 (void) prctl(PR_SET_NAME, systemd);
5d6b1584 2198
d72a8f10 2199 /* Save the original command line */
9a0e6896
LP		 2200 saved_argv = argv;
2201 saved_argc = argc;
f3b6a3ed 2202
6fdb8de4 2203 /* Make sure that if the user says "syslog" we actually log to the journal. */
c1dc6153 2204 log_set_upgrade_syslog_to_journal(true);
bbe63281 2205
df0ff127 2206 if (getpid_cached() == 1) {
48a601fe 2207 /* Disable the umask logic */
90dc8c2e
MG		 2208 umask(0);
2209
d075092f
LP		 2210 /* Make sure that at least initially we do not ever log to journald/syslogd, because it might not be activated
2211 * yet (even though the log socket for it exists). */
2212 log_set_prohibit_ipc(true);
2213
48a601fe
LP		 2214 /* Always reopen /dev/console when running as PID 1 or one of its pre-execve() children. This is
2215 * important so that we never end up logging to any foreign stderr, for example if we have to log in a
2216 * child process right before execve()'ing the actual binary, at a point in time where socket
2217 * activation stderr/stdout area already set up. */
2218 log_set_always_reopen_console(true);
2219 }
2220
df0ff127 2221 if (getpid_cached() == 1 && detect_container() <= 0) {
4f8d551f 2222
a866073d 2223 /* Running outside of a container as PID 1 */
463d0d15 2224 arg_system = true;
a866073d
LP		 2225 log_set_target(LOG_TARGET_KMSG);
2226 log_open();
2227
21bf2ab0 2228 if (in_initrd())
c3a170f3 2229 initrd_timestamp = userspace_timestamp;
c3ba6250 2230
2660882b 2231 if (!skip_setup) {
d723cd65
AK		 2232 r = mount_setup_early();
2233 if (r < 0) {
eee8b7ab 2234 error_message = "Failed to mount early API filesystems";
d723cd65
AK		 2235 goto finish;
2236 }
eee8b7ab 2237
74da609f
LP		 2238 r = initialize_security(
2239 &loaded_policy,
2240 &security_start_timestamp,
2241 &security_finish_timestamp,
2242 &error_message);
2243 if (r < 0)
96694e99 2244 goto finish;
81611586 2245 }
0b3325e7 2246
c3dacc8b 2247 if (mac_selinux_init() < 0) {
cb6531be 2248 error_message = "Failed to initialize SELinux policy";
0ff4cdd9 2249 goto finish;
cb6531be 2250 }
7948c4df 2251
e839bafd
LP		 2252 if (!skip_setup)
2253 initialize_clock();
a866073d
LP		 2254
2255 /* Set the default for later on, but don't actually
2256 * open the logs like this for now. Note that if we
2257 * are transitioning from the initrd there might still
2258 * be journal fd open, and we shouldn't attempt
2259 * opening that before we parsed /proc/cmdline which
2260 * might redirect output elsewhere. */
2261 log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
2262
df0ff127 2263 } else if (getpid_cached() == 1) {
a866073d 2264 /* Running inside a container, as PID 1 */
463d0d15 2265 arg_system = true;
a866073d
LP		 2266 log_set_target(LOG_TARGET_CONSOLE);
2267 log_open();
2268
eee8b7ab 2269 /* For later on, see above... */
a866073d
LP		 2270 log_set_target(LOG_TARGET_JOURNAL);
2271
c3a170f3
HH		 2272 /* clear the kernel timestamp,
2273 * because we are in a container */
0f5f63c3 2274 kernel_timestamp = DUAL_TIMESTAMP_NULL;
c3a170f3 2275 } else {
a866073d 2276 /* Running as user instance */
463d0d15 2277 arg_system = false;
eeecf6e6 2278 log_set_target(LOG_TARGET_AUTO);
871e5809 2279 log_open();
c3a170f3
HH		 2280
2281 /* clear the kernel timestamp,
2282 * because we are not PID 1 */
6513d561 2283 kernel_timestamp = DUAL_TIMESTAMP_NULL;
bbe63281 2284 }
a5dab5ce 2285
1e41242e 2286 initialize_coredump(skip_setup);
15a90032 2287
43db615b
LP		 2288 r = fixup_environment();
2289 if (r < 0) {
2290 log_emergency_errno(r, "Failed to fix up PID 1 environment: %m");
2291 error_message = "Failed to fix up PID1 environment";
2292 goto finish;
2293 }
2294
6edefe0b 2295 if (arg_system) {
32391275 2296
3a18b604
FB		 2297 /* Try to figure out if we can use colors with the console. No
2298 * need to do that for user instances since they never log
2299 * into the console. */
2300 log_show_color(colors_enabled());
c76cf844
AK		 2301 r = make_null_stdio();
2302 if (r < 0)
2303 log_warning_errno(r, "Failed to redirect standard streams to /dev/null: %m");
3a18b604
FB		 2304 }
2305
f170852a
LP		 2306 /* Mount /proc, /sys and friends, so that /proc/cmdline and
2307 * /proc/$PID/fd is available. */
df0ff127 2308 if (getpid_cached() == 1) {
f84f9974 2309
a132bef0 2310 /* Load the kernel modules early. */
2e75e2a8
DM		 2311 if (!skip_setup)
2312 kmod_setup();
2e75e2a8 2313
0c85a4f3 2314 r = mount_setup(loaded_policy);
cb6531be
ZJS		 2315 if (r < 0) {
2316 error_message = "Failed to mount API filesystems";
8efe3c01 2317 goto finish;
cb6531be 2318 }
0c85a4f3 2319 }
4ade7963
LP		 2320
2321 /* Reset all signal handlers. */
ce30c8dc
LP		 2322 (void) reset_all_signal_handlers();
2323 (void) ignore_signals(SIGNALS_IGNORE, -1);
078e4539 2324
97d1fb94
LP		 2325 r = load_configuration(argc, argv, &error_message);
2326 if (r < 0)
f170852a 2327 goto finish;
10c961b9 2328
b0d7c989
LP		 2329 r = safety_checks();
2330 if (r < 0)
fe783b03 2331 goto finish;
fe783b03 2332
5625c18a 2333 if (IN_SET(arg_action, ACTION_TEST, ACTION_HELP, ACTION_DUMP_CONFIGURATION_ITEMS))
ee5324aa 2334 (void) pager_open(arg_no_pager, false);
b0d7c989
LP		 2335
2336 if (arg_action != ACTION_RUN)
74e7579c 2337 skip_setup = true;
b87c2aa6 2338
fa0f4d8a 2339 if (arg_action == ACTION_HELP) {
f170852a
LP		 2340 retval = help();
2341 goto finish;
9ba0bc4e
ZJS		 2342 } else if (arg_action == ACTION_VERSION) {
2343 retval = version();
2344 goto finish;
fa0f4d8a 2345 } else if (arg_action == ACTION_DUMP_CONFIGURATION_ITEMS) {
e537352b 2346 unit_dump_config_items(stdout);
22f4096c 2347 retval = EXIT_SUCCESS;
e537352b 2348 goto finish;
f170852a
LP		 2349 }
2350
4c701096 2351 assert_se(IN_SET(arg_action, ACTION_RUN, ACTION_TEST));
f170852a 2352
5a2e0c62
LP		 2353 /* Move out of the way, so that we won't block unmounts */
2354 assert_se(chdir("/") == 0);
2355
dea374e8 2356 if (arg_action == ACTION_RUN) {
a70c72a0 2357
efeb853f 2358 /* Close logging fds, in order not to confuse collecting passed fds and terminal logic below */
a70c72a0
LP		 2359 log_close();
2360
2361 /* Remember open file descriptors for later deserialization */
efeb853f
LP		 2362 r = collect_fds(&fds, &error_message);
2363 if (r < 0)
dea374e8 2364 goto finish;
a16e1123 2365
2e51b31c
LP		 2366 /* Give up any control of the console, but make sure its initialized. */
2367 setup_console_terminal(skip_setup);
56d96fc0 2368
a70c72a0
LP		 2369 /* Open the logging devices, if possible and necessary */
2370 log_open();
56d96fc0 2371 }
4ade7963 2372
31aef7ff 2373 log_execution_mode(&first_boot);
a5dab5ce 2374
2d776038
LP		 2375 r = initialize_runtime(skip_setup,
2376 &saved_rlimit_nofile,
2377 &saved_rlimit_memlock,
2378 &error_message);
2379 if (r < 0)
2380 goto finish;
4096d6f5 2381
e0a3da1f
ZJS		 2382 r = manager_new(arg_system ? UNIT_FILE_SYSTEM : UNIT_FILE_USER,
2383 arg_action == ACTION_TEST ? MANAGER_TEST_FULL : 0,
2384 &m);
e96d6be7 2385 if (r < 0) {
da927ba9 2386 log_emergency_errno(r, "Failed to allocate manager object: %m");
cb6531be 2387 error_message = "Failed to allocate manager object";
60918275
LP		 2388 goto finish;
2389 }
2390
9f9f0342
LP		 2391 m->timestamps[MANAGER_TIMESTAMP_KERNEL] = kernel_timestamp;
2392 m->timestamps[MANAGER_TIMESTAMP_INITRD] = initrd_timestamp;
2393 m->timestamps[MANAGER_TIMESTAMP_USERSPACE] = userspace_timestamp;
2394 m->timestamps[MANAGER_TIMESTAMP_SECURITY_START] = security_start_timestamp;
2395 m->timestamps[MANAGER_TIMESTAMP_SECURITY_FINISH] = security_finish_timestamp;
9e58ff9c 2396
85cb4151 2397 set_manager_defaults(m);
7b46fc6a 2398 set_manager_settings(m);
fd130612 2399 manager_set_first_boot(m, first_boot);
27d340c7 2400
bf4df7c3 2401 /* Remember whether we should queue the default job */
d3b1c508 2402 queue_default_job = !arg_serialization || arg_switched_root;
bf4df7c3 2403
9d76d730
LP		 2404 before_startup = now(CLOCK_MONOTONIC);
2405
d3b1c508 2406 r = manager_startup(m, arg_serialization, fds);
58f88d92 2407 if (r < 0) {
da927ba9 2408 log_error_errno(r, "Failed to fully start up daemon: %m");
cefb3eda 2409 error_message = "Failed to start up manager";
58f88d92
ZJS		 2410 goto finish;
2411 }
a16e1123 2412
6acca5fc 2413 /* This will close all file descriptors that were opened, but not claimed by any unit. */
2feceb5e 2414 fds = fdset_free(fds);
74ca738f 2415 arg_serialization = safe_fclose(arg_serialization);
bf4df7c3
LP		 2416
2417 if (queue_default_job) {
6acca5fc 2418 r = do_queue_default_job(m, &error_message);
718db961 2419 if (r < 0)
37d88da7 2420 goto finish;
6acca5fc 2421 }
ab17a050 2422
6acca5fc 2423 after_startup = now(CLOCK_MONOTONIC);
60918275 2424
6acca5fc
LP		 2425 log_full(arg_action == ACTION_TEST ? LOG_INFO : LOG_DEBUG,
2426 "Loaded units and determined initial transaction in %s.",
2427 format_timespan(timespan, sizeof(timespan), after_startup - before_startup, 100 * USEC_PER_MSEC));
07672f49 2428
6acca5fc 2429 if (arg_action == ACTION_TEST) {
263162da 2430 test_summary(m);
6acca5fc
LP		 2431 retval = EXIT_SUCCESS;
2432 goto finish;
e965d56d 2433 }
d46de8a1 2434
3046b6db
LP		 2435 (void) invoke_main_loop(m,
2436 &reexecute,
2437 &retval,
2438 &shutdown_verb,
2439 &fds,
2440 &switch_root_dir,
2441 &switch_root_init,
2442 &error_message);
f170852a 2443
60918275 2444finish:
b87c2aa6
ZJS		 2445 pager_close();
2446
97792515 2447 if (m)
81f5fc2d 2448 arg_shutdown_watchdog = m->shutdown_watchdog;
fe382237 2449
06d8d842 2450 m = manager_free(m);
60918275 2451
970777b5 2452 free_arguments();
cc56fafe 2453 mac_selinux_finish();
b2bb3dbe 2454
3c7878f9
LP		 2455 if (reexecute)
2456 do_reexecute(argc, argv,
2457 &saved_rlimit_nofile,
2458 &saved_rlimit_memlock,
2459 fds,
2460 switch_root_dir,
2461 switch_root_init,
2462 &error_message); /* This only returns if reexecution failed */
a16e1123 2463
74ca738f 2464 arg_serialization = safe_fclose(arg_serialization);
2feceb5e 2465 fds = fdset_free(fds);
a16e1123 2466
349cc4a5 2467#if HAVE_VALGRIND_VALGRIND_H
54b434b1
LP		 2468 /* If we are PID 1 and running under valgrind, then let's exit
2469 * here explicitly. valgrind will only generate nice output on
2470 * exit(), not on exec(), hence let's do the former not the
2471 * latter here. */
8a2c1fbf
EJ		 2472 if (getpid_cached() == 1 && RUNNING_ON_VALGRIND) {
2473 /* Cleanup watchdog_device strings for valgrind. We need them
2474 * in become_shutdown() so normally we cannot free them yet. */
2475 watchdog_free_device();
2476 arg_watchdog_device = mfree(arg_watchdog_device);
27fe58b7 2477 return retval;
8a2c1fbf 2478 }
54b434b1
LP		 2479#endif
2480
b9080b03 2481 if (shutdown_verb) {
7eb35049 2482 r = become_shutdown(shutdown_verb, retval);
ad929bcc 2483
4a36297c 2484 log_error_errno(r, "Failed to execute shutdown binary, %s: %m", getpid_cached() == 1 ? "freezing" : "quitting");
9b9881d7 2485 error_message = "Failed to execute shutdown binary";
b9080b03
FF		 2486 }
2487
8a2c1fbf
EJ		 2488 watchdog_free_device();
2489 arg_watchdog_device = mfree(arg_watchdog_device);
2490
df0ff127 2491 if (getpid_cached() == 1) {
cb6531be
ZJS		 2492 if (error_message)
2493 manager_status_printf(NULL, STATUS_TYPE_EMERGENCY,
1fc464f6 2494 ANSI_HIGHLIGHT_RED "!!!!!!" ANSI_NORMAL,
cb6531be 2495 "%s, freezing.", error_message);
b9e74c39 2496 freeze_or_reboot();
cb6531be 2497 }
c3b3c274 2498
60918275
LP		 2499 return retval;
2500}
Unnamed repository; edit this file 'description' to name the repository.