]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
f757855e | 2 | |
b5efdb8a | 3 | #include "alloc-util.h" |
f757855e | 4 | #include "cap-list.h" |
7b3e062c | 5 | #include "conf-parser.h" |
d107bb7d | 6 | #include "cpu-set-util.h" |
3a9530e5 | 7 | #include "hostname-util.h" |
f6d6bad1 | 8 | #include "nspawn-network.h" |
f757855e | 9 | #include "nspawn-settings.h" |
7732f92b | 10 | #include "parse-util.h" |
7b3e062c | 11 | #include "process-util.h" |
bf428efb | 12 | #include "rlimit-util.h" |
22b28dfd | 13 | #include "socket-util.h" |
09d423e9 | 14 | #include "string-table.h" |
22b28dfd | 15 | #include "string-util.h" |
7b3e062c | 16 | #include "strv.h" |
0de7acce | 17 | #include "user-util.h" |
7b3e062c | 18 | #include "util.h" |
f757855e | 19 | |
de40a303 LP |
20 | Settings *settings_new(void) { |
21 | Settings *s; | |
22 | ||
23 | s = new(Settings, 1); | |
24 | if (!s) | |
25 | return NULL; | |
26 | ||
27 | *s = (Settings) { | |
28 | .start_mode = _START_MODE_INVALID, | |
29 | .personality = PERSONALITY_INVALID, | |
30 | ||
31 | .resolv_conf = _RESOLV_CONF_MODE_INVALID, | |
32 | .link_journal = _LINK_JOURNAL_INVALID, | |
33 | .timezone = _TIMEZONE_MODE_INVALID, | |
34 | ||
35 | .userns_mode = _USER_NAMESPACE_MODE_INVALID, | |
36 | .userns_chown = -1, | |
37 | .uid_shift = UID_INVALID, | |
38 | .uid_range = UID_INVALID, | |
39 | ||
40 | .no_new_privileges = -1, | |
41 | ||
42 | .read_only = -1, | |
43 | .volatile_mode = _VOLATILE_MODE_INVALID, | |
44 | ||
45 | .private_network = -1, | |
46 | .network_veth = -1, | |
47 | ||
48 | .full_capabilities = CAPABILITY_QUINTET_NULL, | |
49 | ||
50 | .uid = UID_INVALID, | |
51 | .gid = GID_INVALID, | |
52 | ||
53 | .console_mode = _CONSOLE_MODE_INVALID, | |
54 | .console_width = (unsigned) -1, | |
55 | .console_height = (unsigned) -1, | |
56 | ||
57 | .clone_ns_flags = (unsigned long) -1, | |
58 | .use_cgns = -1, | |
59 | }; | |
60 | ||
61 | return s; | |
62 | } | |
63 | ||
f757855e LP |
64 | int settings_load(FILE *f, const char *path, Settings **ret) { |
65 | _cleanup_(settings_freep) Settings *s = NULL; | |
66 | int r; | |
67 | ||
68 | assert(path); | |
69 | assert(ret); | |
70 | ||
de40a303 | 71 | s = settings_new(); |
f757855e LP |
72 | if (!s) |
73 | return -ENOMEM; | |
74 | ||
f757855e LP |
75 | r = config_parse(NULL, path, f, |
76 | "Exec\0" | |
77 | "Network\0" | |
78 | "Files\0", | |
79 | config_item_perf_lookup, nspawn_gperf_lookup, | |
bcde742e | 80 | CONFIG_PARSE_WARN, |
4f9ff96a | 81 | s, NULL); |
f757855e LP |
82 | if (r < 0) |
83 | return r; | |
84 | ||
0de7acce LP |
85 | /* Make sure that if userns_mode is set, userns_chown is set to something appropriate, and vice versa. Either |
86 | * both fields shall be initialized or neither. */ | |
87 | if (s->userns_mode == USER_NAMESPACE_PICK) | |
88 | s->userns_chown = true; | |
89 | else if (s->userns_mode != _USER_NAMESPACE_MODE_INVALID && s->userns_chown < 0) | |
90 | s->userns_chown = false; | |
91 | ||
92 | if (s->userns_chown >= 0 && s->userns_mode == _USER_NAMESPACE_MODE_INVALID) | |
93 | s->userns_mode = USER_NAMESPACE_NO; | |
94 | ||
1cc6c93a | 95 | *ret = TAKE_PTR(s); |
f757855e LP |
96 | return 0; |
97 | } | |
98 | ||
de40a303 LP |
99 | static void free_oci_hooks(OciHook *h, size_t n) { |
100 | size_t i; | |
101 | ||
102 | assert(h || n == 0); | |
103 | ||
104 | for (i = 0; i < n; i++) { | |
105 | free(h[i].path); | |
106 | strv_free(h[i].args); | |
107 | strv_free(h[i].env); | |
108 | } | |
109 | ||
110 | free(h); | |
111 | } | |
112 | ||
b2645747 | 113 | void device_node_array_free(DeviceNode *node, size_t n) { |
de40a303 LP |
114 | size_t i; |
115 | ||
116 | for (i = 0; i < n; i++) | |
117 | free(node[i].path); | |
118 | ||
119 | free(node); | |
120 | } | |
f757855e | 121 | |
de40a303 | 122 | Settings* settings_free(Settings *s) { |
f757855e LP |
123 | if (!s) |
124 | return NULL; | |
125 | ||
126 | strv_free(s->parameters); | |
127 | strv_free(s->environment); | |
128 | free(s->user); | |
b53ede69 PW |
129 | free(s->pivot_root_new); |
130 | free(s->pivot_root_old); | |
5f932eb9 | 131 | free(s->working_directory); |
6b000af4 LP |
132 | strv_free(s->syscall_allow_list); |
133 | strv_free(s->syscall_deny_list); | |
bf428efb | 134 | rlimit_free_all(s->rlimit); |
3a9530e5 | 135 | free(s->hostname); |
0985c7c4 | 136 | cpu_set_reset(&s->cpu_set); |
f757855e LP |
137 | |
138 | strv_free(s->network_interfaces); | |
139 | strv_free(s->network_macvlan); | |
140 | strv_free(s->network_ipvlan); | |
f6d6bad1 | 141 | strv_free(s->network_veth_extra); |
f757855e | 142 | free(s->network_bridge); |
22b28dfd | 143 | free(s->network_zone); |
f757855e LP |
144 | expose_port_free_all(s->expose_ports); |
145 | ||
146 | custom_mount_free_all(s->custom_mounts, s->n_custom_mounts); | |
de40a303 LP |
147 | |
148 | free(s->bundle); | |
149 | free(s->root); | |
150 | ||
151 | free_oci_hooks(s->oci_hooks_prestart, s->n_oci_hooks_prestart); | |
152 | free_oci_hooks(s->oci_hooks_poststart, s->n_oci_hooks_poststart); | |
153 | free_oci_hooks(s->oci_hooks_poststop, s->n_oci_hooks_poststop); | |
154 | ||
155 | free(s->slice); | |
156 | sd_bus_message_unref(s->properties); | |
157 | ||
158 | free(s->supplementary_gids); | |
b2645747 | 159 | device_node_array_free(s->extra_nodes, s->n_extra_nodes); |
de40a303 LP |
160 | free(s->network_namespace_path); |
161 | ||
162 | strv_free(s->sysctl); | |
163 | ||
164 | #if HAVE_SECCOMP | |
165 | seccomp_release(s->seccomp); | |
166 | #endif | |
167 | ||
6b430fdb | 168 | return mfree(s); |
f757855e LP |
169 | } |
170 | ||
0e265674 LP |
171 | bool settings_private_network(Settings *s) { |
172 | assert(s); | |
173 | ||
174 | return | |
175 | s->private_network > 0 || | |
176 | s->network_veth > 0 || | |
177 | s->network_bridge || | |
22b28dfd | 178 | s->network_zone || |
0e265674 LP |
179 | s->network_interfaces || |
180 | s->network_macvlan || | |
f6d6bad1 LP |
181 | s->network_ipvlan || |
182 | s->network_veth_extra; | |
0e265674 LP |
183 | } |
184 | ||
185 | bool settings_network_veth(Settings *s) { | |
186 | assert(s); | |
187 | ||
188 | return | |
189 | s->network_veth > 0 || | |
22b28dfd LP |
190 | s->network_bridge || |
191 | s->network_zone; | |
0e265674 LP |
192 | } |
193 | ||
de40a303 LP |
194 | int settings_allocate_properties(Settings *s) { |
195 | _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL; | |
196 | int r; | |
197 | ||
198 | assert(s); | |
199 | ||
200 | if (s->properties) | |
201 | return 0; | |
202 | ||
203 | r = sd_bus_default_system(&bus); | |
204 | if (r < 0) | |
205 | return r; | |
206 | ||
207 | r = sd_bus_message_new(bus, &s->properties, SD_BUS_MESSAGE_METHOD_CALL); | |
208 | if (r < 0) | |
209 | return r; | |
210 | ||
211 | return 0; | |
212 | } | |
213 | ||
f757855e LP |
214 | DEFINE_CONFIG_PARSE_ENUM(config_parse_volatile_mode, volatile_mode, VolatileMode, "Failed to parse volatile mode"); |
215 | ||
216 | int config_parse_expose_port( | |
217 | const char *unit, | |
218 | const char *filename, | |
219 | unsigned line, | |
220 | const char *section, | |
221 | unsigned section_line, | |
222 | const char *lvalue, | |
223 | int ltype, | |
224 | const char *rvalue, | |
225 | void *data, | |
226 | void *userdata) { | |
227 | ||
228 | Settings *s = data; | |
229 | int r; | |
230 | ||
231 | assert(filename); | |
232 | assert(lvalue); | |
233 | assert(rvalue); | |
234 | ||
235 | r = expose_port_parse(&s->expose_ports, rvalue); | |
a8641707 YW |
236 | if (r == -EEXIST) |
237 | log_syntax(unit, LOG_WARNING, filename, line, r, "Duplicate port specification, ignoring: %s", rvalue); | |
238 | else if (r < 0) | |
239 | log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse host port %s: %m", rvalue); | |
f757855e LP |
240 | |
241 | return 0; | |
242 | } | |
243 | ||
244 | int config_parse_capability( | |
245 | const char *unit, | |
246 | const char *filename, | |
247 | unsigned line, | |
248 | const char *section, | |
249 | unsigned section_line, | |
250 | const char *lvalue, | |
251 | int ltype, | |
252 | const char *rvalue, | |
253 | void *data, | |
254 | void *userdata) { | |
255 | ||
256 | uint64_t u = 0, *result = data; | |
257 | int r; | |
258 | ||
259 | assert(filename); | |
260 | assert(lvalue); | |
261 | assert(rvalue); | |
262 | ||
263 | for (;;) { | |
264 | _cleanup_free_ char *word = NULL; | |
f757855e LP |
265 | |
266 | r = extract_first_word(&rvalue, &word, NULL, 0); | |
a8641707 YW |
267 | if (r == -ENOMEM) |
268 | return log_oom(); | |
f757855e | 269 | if (r < 0) { |
a8641707 | 270 | log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract capability string, ignoring: %s", rvalue); |
f757855e LP |
271 | return 0; |
272 | } | |
273 | if (r == 0) | |
274 | break; | |
275 | ||
c152a2ba | 276 | if (streq(word, "all")) |
277 | u = (uint64_t) -1; | |
278 | else { | |
279 | r = capability_from_name(word); | |
280 | if (r < 0) { | |
a8641707 | 281 | log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse capability, ignoring: %s", word); |
c152a2ba | 282 | continue; |
283 | } | |
284 | ||
285 | u |= UINT64_C(1) << r; | |
f757855e | 286 | } |
f757855e LP |
287 | } |
288 | ||
289 | if (u == 0) | |
290 | return 0; | |
291 | ||
292 | *result |= u; | |
293 | return 0; | |
294 | } | |
295 | ||
b53ede69 PW |
296 | int config_parse_pivot_root( |
297 | const char *unit, | |
298 | const char *filename, | |
299 | unsigned line, | |
300 | const char *section, | |
301 | unsigned section_line, | |
302 | const char *lvalue, | |
303 | int ltype, | |
304 | const char *rvalue, | |
305 | void *data, | |
306 | void *userdata) { | |
307 | ||
308 | Settings *settings = data; | |
309 | int r; | |
310 | ||
311 | assert(filename); | |
312 | assert(lvalue); | |
313 | assert(rvalue); | |
314 | ||
315 | r = pivot_root_parse(&settings->pivot_root_new, &settings->pivot_root_old, rvalue); | |
a8641707 YW |
316 | if (r < 0) |
317 | log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid pivot root mount specification %s: %m", rvalue); | |
b53ede69 PW |
318 | |
319 | return 0; | |
320 | } | |
321 | ||
f757855e LP |
322 | int config_parse_bind( |
323 | const char *unit, | |
324 | const char *filename, | |
325 | unsigned line, | |
326 | const char *section, | |
327 | unsigned section_line, | |
328 | const char *lvalue, | |
329 | int ltype, | |
330 | const char *rvalue, | |
331 | void *data, | |
332 | void *userdata) { | |
333 | ||
334 | Settings *settings = data; | |
335 | int r; | |
336 | ||
337 | assert(filename); | |
338 | assert(lvalue); | |
339 | assert(rvalue); | |
340 | ||
341 | r = bind_mount_parse(&settings->custom_mounts, &settings->n_custom_mounts, rvalue, ltype); | |
a8641707 YW |
342 | if (r < 0) |
343 | log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid bind mount specification %s: %m", rvalue); | |
f757855e LP |
344 | |
345 | return 0; | |
346 | } | |
347 | ||
348 | int config_parse_tmpfs( | |
349 | const char *unit, | |
350 | const char *filename, | |
351 | unsigned line, | |
352 | const char *section, | |
353 | unsigned section_line, | |
354 | const char *lvalue, | |
355 | int ltype, | |
356 | const char *rvalue, | |
357 | void *data, | |
358 | void *userdata) { | |
359 | ||
360 | Settings *settings = data; | |
361 | int r; | |
362 | ||
363 | assert(filename); | |
364 | assert(lvalue); | |
365 | assert(rvalue); | |
366 | ||
367 | r = tmpfs_mount_parse(&settings->custom_mounts, &settings->n_custom_mounts, rvalue); | |
a8641707 YW |
368 | if (r < 0) |
369 | log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid temporary file system specification %s: %m", rvalue); | |
f757855e | 370 | |
f6d6bad1 LP |
371 | return 0; |
372 | } | |
f757855e | 373 | |
de40a303 LP |
374 | int config_parse_inaccessible( |
375 | const char *unit, | |
376 | const char *filename, | |
377 | unsigned line, | |
378 | const char *section, | |
379 | unsigned section_line, | |
380 | const char *lvalue, | |
381 | int ltype, | |
382 | const char *rvalue, | |
383 | void *data, | |
384 | void *userdata) { | |
385 | ||
386 | Settings *settings = data; | |
387 | int r; | |
388 | ||
389 | assert(filename); | |
390 | assert(lvalue); | |
391 | assert(rvalue); | |
392 | ||
393 | r = inaccessible_mount_parse(&settings->custom_mounts, &settings->n_custom_mounts, rvalue); | |
a8641707 YW |
394 | if (r < 0) |
395 | log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid inaccessible file system specification %s: %m", rvalue); | |
de40a303 LP |
396 | |
397 | return 0; | |
398 | } | |
399 | ||
7b4318b6 LP |
400 | int config_parse_overlay( |
401 | const char *unit, | |
402 | const char *filename, | |
403 | unsigned line, | |
404 | const char *section, | |
405 | unsigned section_line, | |
406 | const char *lvalue, | |
407 | int ltype, | |
408 | const char *rvalue, | |
409 | void *data, | |
410 | void *userdata) { | |
411 | ||
412 | Settings *settings = data; | |
413 | int r; | |
414 | ||
415 | assert(filename); | |
416 | assert(lvalue); | |
417 | assert(rvalue); | |
418 | ||
419 | r = overlay_mount_parse(&settings->custom_mounts, &settings->n_custom_mounts, rvalue, ltype); | |
420 | if (r < 0) | |
a8641707 | 421 | log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid overlay file system specification %s, ignoring: %m", rvalue); |
7b4318b6 LP |
422 | |
423 | return 0; | |
424 | } | |
425 | ||
f6d6bad1 LP |
426 | int config_parse_veth_extra( |
427 | const char *unit, | |
428 | const char *filename, | |
429 | unsigned line, | |
430 | const char *section, | |
431 | unsigned section_line, | |
432 | const char *lvalue, | |
433 | int ltype, | |
434 | const char *rvalue, | |
435 | void *data, | |
436 | void *userdata) { | |
437 | ||
438 | Settings *settings = data; | |
439 | int r; | |
440 | ||
441 | assert(filename); | |
442 | assert(lvalue); | |
443 | assert(rvalue); | |
444 | ||
445 | r = veth_extra_parse(&settings->network_veth_extra, rvalue); | |
a8641707 YW |
446 | if (r < 0) |
447 | log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid extra virtual Ethernet link specification %s: %m", rvalue); | |
f757855e LP |
448 | |
449 | return 0; | |
450 | } | |
7732f92b | 451 | |
22b28dfd LP |
452 | int config_parse_network_zone( |
453 | const char *unit, | |
454 | const char *filename, | |
455 | unsigned line, | |
456 | const char *section, | |
457 | unsigned section_line, | |
458 | const char *lvalue, | |
459 | int ltype, | |
460 | const char *rvalue, | |
461 | void *data, | |
462 | void *userdata) { | |
463 | ||
464 | Settings *settings = data; | |
465 | _cleanup_free_ char *j = NULL; | |
466 | ||
467 | assert(filename); | |
468 | assert(lvalue); | |
469 | assert(rvalue); | |
470 | ||
b910cc72 | 471 | j = strjoin("vz-", rvalue); |
22b28dfd | 472 | if (!ifname_valid(j)) { |
a8641707 | 473 | log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid network zone name, ignoring: %s", rvalue); |
22b28dfd LP |
474 | return 0; |
475 | } | |
476 | ||
a8641707 | 477 | return free_and_replace(settings->network_zone, j); |
22b28dfd LP |
478 | } |
479 | ||
7732f92b LP |
480 | int config_parse_boot( |
481 | const char *unit, | |
482 | const char *filename, | |
483 | unsigned line, | |
484 | const char *section, | |
485 | unsigned section_line, | |
486 | const char *lvalue, | |
487 | int ltype, | |
488 | const char *rvalue, | |
489 | void *data, | |
490 | void *userdata) { | |
491 | ||
492 | Settings *settings = data; | |
493 | int r; | |
494 | ||
495 | assert(filename); | |
496 | assert(lvalue); | |
497 | assert(rvalue); | |
498 | ||
499 | r = parse_boolean(rvalue); | |
500 | if (r < 0) { | |
a8641707 | 501 | log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse Boot= parameter %s, ignoring: %m", rvalue); |
7732f92b LP |
502 | return 0; |
503 | } | |
504 | ||
a8641707 | 505 | if (r) { |
7732f92b LP |
506 | if (settings->start_mode == START_PID2) |
507 | goto conflict; | |
508 | ||
509 | settings->start_mode = START_BOOT; | |
510 | } else { | |
511 | if (settings->start_mode == START_BOOT) | |
512 | goto conflict; | |
513 | ||
514 | if (settings->start_mode < 0) | |
515 | settings->start_mode = START_PID1; | |
516 | } | |
517 | ||
518 | return 0; | |
519 | ||
520 | conflict: | |
a8641707 | 521 | log_syntax(unit, LOG_WARNING, filename, line, 0, "Conflicting Boot= or ProcessTwo= setting found. Ignoring."); |
7732f92b LP |
522 | return 0; |
523 | } | |
524 | ||
525 | int config_parse_pid2( | |
526 | const char *unit, | |
527 | const char *filename, | |
528 | unsigned line, | |
529 | const char *section, | |
530 | unsigned section_line, | |
531 | const char *lvalue, | |
532 | int ltype, | |
533 | const char *rvalue, | |
534 | void *data, | |
535 | void *userdata) { | |
536 | ||
537 | Settings *settings = data; | |
538 | int r; | |
539 | ||
540 | assert(filename); | |
541 | assert(lvalue); | |
542 | assert(rvalue); | |
543 | ||
544 | r = parse_boolean(rvalue); | |
545 | if (r < 0) { | |
a8641707 | 546 | log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse ProcessTwo= parameter %s, ignoring: %m", rvalue); |
7732f92b LP |
547 | return 0; |
548 | } | |
549 | ||
a8641707 | 550 | if (r) { |
7732f92b LP |
551 | if (settings->start_mode == START_BOOT) |
552 | goto conflict; | |
553 | ||
554 | settings->start_mode = START_PID2; | |
555 | } else { | |
556 | if (settings->start_mode == START_PID2) | |
557 | goto conflict; | |
558 | ||
559 | if (settings->start_mode < 0) | |
560 | settings->start_mode = START_PID1; | |
561 | } | |
562 | ||
563 | return 0; | |
564 | ||
565 | conflict: | |
a8641707 | 566 | log_syntax(unit, LOG_WARNING, filename, line, 0, "Conflicting Boot= or ProcessTwo= setting found. Ignoring."); |
7732f92b LP |
567 | return 0; |
568 | } | |
0de7acce LP |
569 | |
570 | int config_parse_private_users( | |
571 | const char *unit, | |
572 | const char *filename, | |
573 | unsigned line, | |
574 | const char *section, | |
575 | unsigned section_line, | |
576 | const char *lvalue, | |
577 | int ltype, | |
578 | const char *rvalue, | |
579 | void *data, | |
580 | void *userdata) { | |
581 | ||
582 | Settings *settings = data; | |
583 | int r; | |
584 | ||
585 | assert(filename); | |
586 | assert(lvalue); | |
587 | assert(rvalue); | |
588 | ||
589 | r = parse_boolean(rvalue); | |
590 | if (r == 0) { | |
591 | /* no: User namespacing off */ | |
592 | settings->userns_mode = USER_NAMESPACE_NO; | |
593 | settings->uid_shift = UID_INVALID; | |
594 | settings->uid_range = UINT32_C(0x10000); | |
595 | } else if (r > 0) { | |
596 | /* yes: User namespacing on, UID range is read from root dir */ | |
597 | settings->userns_mode = USER_NAMESPACE_FIXED; | |
598 | settings->uid_shift = UID_INVALID; | |
599 | settings->uid_range = UINT32_C(0x10000); | |
600 | } else if (streq(rvalue, "pick")) { | |
601 | /* pick: User namespacing on, UID range is picked randomly */ | |
602 | settings->userns_mode = USER_NAMESPACE_PICK; | |
603 | settings->uid_shift = UID_INVALID; | |
604 | settings->uid_range = UINT32_C(0x10000); | |
605 | } else { | |
606 | const char *range, *shift; | |
607 | uid_t sh, rn; | |
608 | ||
609 | /* anything else: User namespacing on, UID range is explicitly configured */ | |
610 | ||
611 | range = strchr(rvalue, ':'); | |
612 | if (range) { | |
613 | shift = strndupa(rvalue, range - rvalue); | |
614 | range++; | |
615 | ||
616 | r = safe_atou32(range, &rn); | |
617 | if (r < 0 || rn <= 0) { | |
a8641707 | 618 | log_syntax(unit, LOG_WARNING, filename, line, r, "UID/GID range invalid, ignoring: %s", range); |
0de7acce LP |
619 | return 0; |
620 | } | |
621 | } else { | |
622 | shift = rvalue; | |
623 | rn = UINT32_C(0x10000); | |
624 | } | |
625 | ||
626 | r = parse_uid(shift, &sh); | |
627 | if (r < 0) { | |
a8641707 | 628 | log_syntax(unit, LOG_WARNING, filename, line, r, "UID/GID shift invalid, ignoring: %s", range); |
0de7acce LP |
629 | return 0; |
630 | } | |
631 | ||
632 | settings->userns_mode = USER_NAMESPACE_FIXED; | |
633 | settings->uid_shift = sh; | |
634 | settings->uid_range = rn; | |
635 | } | |
636 | ||
637 | return 0; | |
638 | } | |
960e4569 LP |
639 | |
640 | int config_parse_syscall_filter( | |
641 | const char *unit, | |
642 | const char *filename, | |
643 | unsigned line, | |
644 | const char *section, | |
645 | unsigned section_line, | |
646 | const char *lvalue, | |
647 | int ltype, | |
648 | const char *rvalue, | |
649 | void *data, | |
650 | void *userdata) { | |
651 | ||
652 | Settings *settings = data; | |
653 | bool negative; | |
654 | const char *items; | |
655 | int r; | |
656 | ||
657 | assert(filename); | |
658 | assert(lvalue); | |
659 | assert(rvalue); | |
660 | ||
661 | negative = rvalue[0] == '~'; | |
662 | items = negative ? rvalue + 1 : rvalue; | |
663 | ||
664 | for (;;) { | |
665 | _cleanup_free_ char *word = NULL; | |
666 | ||
667 | r = extract_first_word(&items, &word, NULL, 0); | |
668 | if (r == 0) | |
a8641707 | 669 | return 0; |
960e4569 LP |
670 | if (r == -ENOMEM) |
671 | return log_oom(); | |
672 | if (r < 0) { | |
a8641707 YW |
673 | log_syntax(unit, LOG_WARNING, filename, line, r, |
674 | "Failed to parse SystemCallFilter= parameter %s, ignoring: %m", rvalue); | |
960e4569 LP |
675 | return 0; |
676 | } | |
677 | ||
678 | if (negative) | |
6b000af4 | 679 | r = strv_extend(&settings->syscall_deny_list, word); |
960e4569 | 680 | else |
6b000af4 | 681 | r = strv_extend(&settings->syscall_allow_list, word); |
960e4569 LP |
682 | if (r < 0) |
683 | return log_oom(); | |
684 | } | |
960e4569 | 685 | } |
3a9530e5 LP |
686 | |
687 | int config_parse_hostname( | |
688 | const char *unit, | |
689 | const char *filename, | |
690 | unsigned line, | |
691 | const char *section, | |
692 | unsigned section_line, | |
693 | const char *lvalue, | |
694 | int ltype, | |
695 | const char *rvalue, | |
696 | void *data, | |
697 | void *userdata) { | |
698 | ||
699 | char **s = data; | |
700 | ||
701 | assert(rvalue); | |
702 | assert(s); | |
703 | ||
704 | if (!hostname_is_valid(rvalue, false)) { | |
a8641707 | 705 | log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid hostname, ignoring: %s", rvalue); |
3a9530e5 LP |
706 | return 0; |
707 | } | |
708 | ||
709 | if (free_and_strdup(s, empty_to_null(rvalue)) < 0) | |
710 | return log_oom(); | |
711 | ||
712 | return 0; | |
713 | } | |
81f345df LP |
714 | |
715 | int config_parse_oom_score_adjust( | |
716 | const char *unit, | |
717 | const char *filename, | |
718 | unsigned line, | |
719 | const char *section, | |
720 | unsigned section_line, | |
721 | const char *lvalue, | |
722 | int ltype, | |
723 | const char *rvalue, | |
724 | void *data, | |
725 | void *userdata) { | |
726 | ||
727 | Settings *settings = data; | |
728 | int oa, r; | |
729 | ||
730 | assert(rvalue); | |
731 | assert(settings); | |
732 | ||
733 | if (isempty(rvalue)) { | |
734 | settings->oom_score_adjust_set = false; | |
735 | return 0; | |
736 | } | |
737 | ||
738 | r = parse_oom_score_adjust(rvalue, &oa); | |
739 | if (r == -ERANGE) { | |
a8641707 | 740 | log_syntax(unit, LOG_WARNING, filename, line, r, "OOM score adjust value out of range, ignoring: %s", rvalue); |
81f345df LP |
741 | return 0; |
742 | } | |
743 | if (r < 0) { | |
a8641707 | 744 | log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse the OOM score adjust value, ignoring: %s", rvalue); |
81f345df LP |
745 | return 0; |
746 | } | |
747 | ||
748 | settings->oom_score_adjust = oa; | |
749 | settings->oom_score_adjust_set = true; | |
750 | ||
751 | return 0; | |
752 | } | |
d107bb7d LP |
753 | |
754 | int config_parse_cpu_affinity( | |
755 | const char *unit, | |
756 | const char *filename, | |
757 | unsigned line, | |
758 | const char *section, | |
759 | unsigned section_line, | |
760 | const char *lvalue, | |
761 | int ltype, | |
762 | const char *rvalue, | |
763 | void *data, | |
764 | void *userdata) { | |
765 | ||
d107bb7d | 766 | Settings *settings = data; |
d107bb7d LP |
767 | |
768 | assert(rvalue); | |
769 | assert(settings); | |
770 | ||
0985c7c4 | 771 | return parse_cpu_set_extend(rvalue, &settings->cpu_set, true, unit, filename, line, lvalue); |
d107bb7d | 772 | } |
09d423e9 LP |
773 | |
774 | DEFINE_CONFIG_PARSE_ENUM(config_parse_resolv_conf, resolv_conf_mode, ResolvConfMode, "Failed to parse resolv.conf mode"); | |
775 | ||
776 | static const char *const resolv_conf_mode_table[_RESOLV_CONF_MODE_MAX] = { | |
777 | [RESOLV_CONF_OFF] = "off", | |
778 | [RESOLV_CONF_COPY_HOST] = "copy-host", | |
779 | [RESOLV_CONF_COPY_STATIC] = "copy-static", | |
86775e35 LP |
780 | [RESOLV_CONF_COPY_UPLINK] = "copy-uplink", |
781 | [RESOLV_CONF_COPY_STUB] = "copy-stub", | |
782 | [RESOLV_CONF_REPLACE_HOST] = "replace-host", | |
783 | [RESOLV_CONF_REPLACE_STATIC] = "replace-static", | |
784 | [RESOLV_CONF_REPLACE_UPLINK] = "replace-uplink", | |
785 | [RESOLV_CONF_REPLACE_STUB] = "replace-stub", | |
09d423e9 LP |
786 | [RESOLV_CONF_BIND_HOST] = "bind-host", |
787 | [RESOLV_CONF_BIND_STATIC] = "bind-static", | |
86775e35 LP |
788 | [RESOLV_CONF_BIND_UPLINK] = "bind-uplink", |
789 | [RESOLV_CONF_BIND_STUB] = "bind-stub", | |
09d423e9 LP |
790 | [RESOLV_CONF_DELETE] = "delete", |
791 | [RESOLV_CONF_AUTO] = "auto", | |
792 | }; | |
793 | ||
794 | DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(resolv_conf_mode, ResolvConfMode, RESOLV_CONF_AUTO); | |
4e1d6aa9 LP |
795 | |
796 | int parse_link_journal(const char *s, LinkJournal *ret_mode, bool *ret_try) { | |
58cf2047 LP |
797 | int r; |
798 | ||
4e1d6aa9 LP |
799 | assert(s); |
800 | assert(ret_mode); | |
801 | assert(ret_try); | |
802 | ||
803 | if (streq(s, "auto")) { | |
804 | *ret_mode = LINK_AUTO; | |
805 | *ret_try = false; | |
4e1d6aa9 LP |
806 | } else if (streq(s, "guest")) { |
807 | *ret_mode = LINK_GUEST; | |
808 | *ret_try = false; | |
809 | } else if (streq(s, "host")) { | |
810 | *ret_mode = LINK_HOST; | |
811 | *ret_try = false; | |
812 | } else if (streq(s, "try-guest")) { | |
813 | *ret_mode = LINK_GUEST; | |
814 | *ret_try = true; | |
815 | } else if (streq(s, "try-host")) { | |
816 | *ret_mode = LINK_HOST; | |
817 | *ret_try = true; | |
58cf2047 LP |
818 | } else { |
819 | /* Also support boolean values, to make things less confusing. */ | |
820 | r = parse_boolean(s); | |
821 | if (r < 0) | |
822 | return r; | |
823 | ||
824 | /* Let's consider "true" to be equivalent to "auto". */ | |
825 | *ret_mode = r ? LINK_AUTO : LINK_NO; | |
826 | *ret_try = false; | |
827 | } | |
4e1d6aa9 LP |
828 | |
829 | return 0; | |
830 | } | |
831 | ||
832 | int config_parse_link_journal( | |
833 | const char *unit, | |
834 | const char *filename, | |
835 | unsigned line, | |
836 | const char *section, | |
837 | unsigned section_line, | |
838 | const char *lvalue, | |
839 | int ltype, | |
840 | const char *rvalue, | |
841 | void *data, | |
842 | void *userdata) { | |
843 | ||
844 | Settings *settings = data; | |
845 | int r; | |
846 | ||
847 | assert(rvalue); | |
848 | assert(settings); | |
849 | ||
850 | r = parse_link_journal(rvalue, &settings->link_journal, &settings->link_journal_try); | |
a8641707 YW |
851 | if (r < 0) |
852 | log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse link journal mode, ignoring: %s", rvalue); | |
4e1d6aa9 LP |
853 | |
854 | return 0; | |
855 | } | |
1688841f LP |
856 | |
857 | DEFINE_CONFIG_PARSE_ENUM(config_parse_timezone, timezone_mode, TimezoneMode, "Failed to parse timezone mode"); | |
858 | ||
859 | static const char *const timezone_mode_table[_TIMEZONE_MODE_MAX] = { | |
860 | [TIMEZONE_OFF] = "off", | |
861 | [TIMEZONE_COPY] = "copy", | |
862 | [TIMEZONE_BIND] = "bind", | |
863 | [TIMEZONE_SYMLINK] = "symlink", | |
864 | [TIMEZONE_DELETE] = "delete", | |
865 | [TIMEZONE_AUTO] = "auto", | |
866 | }; | |
867 | ||
868 | DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(timezone_mode, TimezoneMode, TIMEZONE_AUTO); |