[thirdparty/systemd.git] / src / shared / pager.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

#include "sd-login.h"

#include "copy.h"
#include "env-util.h"
#include "fd-util.h"
#include "fileio.h"
#include "io-util.h"
#include "locale-util.h"
#include "log.h"
#include "pager.h"
#include "process-util.h"
#include "signal-util.h"
#include "string-util.h"
#include "strv.h"
#include "terminal-util.h"

static pid_t pager_pid = 0;

static int stored_stdout = -1;
static int stored_stderr = -1;
static bool stdout_redirected = false;
static bool stderr_redirected = false;

_noreturn_ static void pager_fallback(void) {
        int r;

        r = copy_bytes(STDIN_FILENO, STDOUT_FILENO, UINT64_MAX, 0);
        if (r < 0) {
                log_error_errno(r, "Internal pager failed: %m");
                _exit(EXIT_FAILURE);
        }

        _exit(EXIT_SUCCESS);
}

static int no_quit_on_interrupt(int exe_name_fd, const char *less_opts) {
        _cleanup_fclose_ FILE *file = NULL;
        _cleanup_free_ char *line = NULL;
        int r;

        assert(exe_name_fd >= 0);
        assert(less_opts);

        /* This takes ownership of exe_name_fd */
        file = fdopen(exe_name_fd, "r");
        if (!file) {
                safe_close(exe_name_fd);
                return log_error_errno(errno, "Failed to create FILE object: %m");
        }

        /* Find the last line */
        for (;;) {
                _cleanup_free_ char *t = NULL;

                r = read_line(file, LONG_LINE_MAX, &t);
                if (r < 0)
                        return log_error_errno(r, "Failed to read from socket: %m");
                if (r == 0)
                        break;

                free_and_replace(line, t);
        }

        /* We only treat "less" specially.
         * Return true whenever option K is *not* set. */
        r = streq_ptr(line, "less") && !strchr(less_opts, 'K');

        log_debug("Pager executable is \"%s\", options \"%s\", quit_on_interrupt: %s",
                  strnull(line), less_opts, yes_no(!r));
        return r;
}

static bool running_with_escalated_privileges(void) {
        int r;

        if (getenv("SUDO_UID"))
                return true;

        uid_t uid;
        r = sd_pid_get_owner_uid(0, &uid);
        if (r < 0) {
                log_debug_errno(r, "sd_pid_get_owner_uid() failed, enabling pager secure mode: %m");
                return true;
        }

        return uid != geteuid();
}

void pager_open(PagerFlags flags) {
        _cleanup_close_pair_ int fd[2] = EBADF_PAIR, exe_name_pipe[2] = EBADF_PAIR;
        _cleanup_strv_free_ char **pager_args = NULL;
        _cleanup_free_ char *l = NULL;
        const char *pager, *less_opts;
        int r;

        if (flags & PAGER_DISABLE)
                return;

        if (pager_pid > 0)
                return;

        if (terminal_is_dumb())
                return;

        if (!is_main_thread())
                return (void) log_error_errno(SYNTHETIC_ERRNO(EPERM), "Pager invoked from wrong thread.");

        pager = getenv("SYSTEMD_PAGER");
        if (!pager)
                pager = getenv("PAGER");

        if (pager) {
                pager_args = strv_split(pager, WHITESPACE);
                if (!pager_args)
                        return (void) log_oom();

                /* If the pager is explicitly turned off, honour it */
                if (strv_isempty(pager_args) || strv_equal(pager_args, STRV_MAKE("cat")))
                        return;
        }

        /* Determine and cache number of columns/lines before we spawn the pager so that we get the value from the
         * actual tty */
        (void) columns();
        (void) lines();

        if (pipe2(fd, O_CLOEXEC) < 0)
                return (void) log_error_errno(errno, "Failed to create pager pipe: %m");

        /* This is a pipe to feed the name of the executed pager binary into the parent */
        if (pipe2(exe_name_pipe, O_CLOEXEC) < 0)
                return (void) log_error_errno(errno, "Failed to create exe_name pipe: %m");

        /* Initialize a good set of less options */
        less_opts = getenv("SYSTEMD_LESS");
        if (!less_opts)
                less_opts = "FRSXMK";
        if (flags & PAGER_JUMP_TO_END) {
                l = strjoin(less_opts, " +G");
                if (!l)
                        return (void) log_oom();
                less_opts = l;
        }

        /* We set SIGINT as PR_DEATHSIG signal here, to match the "K" parameter we set in $LESS, which enables SIGINT behaviour. */
        r = safe_fork("(pager)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGINT|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pager_pid);
        if (r < 0)
                return;
        if (r == 0) {
                const char *less_charset;

                /* In the child start the pager */

                if (dup2(fd[0], STDIN_FILENO) < 0) {
                        log_error_errno(errno, "Failed to duplicate file descriptor to STDIN: %m");
                        _exit(EXIT_FAILURE);
                }

                safe_close_pair(fd);

                if (setenv("LESS", less_opts, 1) < 0) {
                        log_error_errno(errno, "Failed to set environment variable LESS: %m");
                        _exit(EXIT_FAILURE);
                }

                /* Initialize a good charset for less. This is particularly important if we output UTF-8
                 * characters. */
                less_charset = getenv("SYSTEMD_LESSCHARSET");
                if (!less_charset && is_locale_utf8())
                        less_charset = "utf-8";
                if (less_charset &&
                    setenv("LESSCHARSET", less_charset, 1) < 0) {
                        log_error_errno(errno, "Failed to set environment variable LESSCHARSET: %m");
                        _exit(EXIT_FAILURE);
                }

                /* People might invoke us from sudo, don't needlessly allow less to be a way to shell out
                 * privileged stuff. If the user set $SYSTEMD_PAGERSECURE, trust their configuration of the
                 * pager. If they didn't, use secure mode when under euid is changed. If $SYSTEMD_PAGERSECURE
                 * wasn't explicitly set, and we autodetect the need for secure mode, only use the pager we
                 * know to be good. */
                int use_secure_mode = secure_getenv_bool("SYSTEMD_PAGERSECURE");
                bool trust_pager = use_secure_mode >= 0;
                if (use_secure_mode == -ENXIO)
                        use_secure_mode = running_with_escalated_privileges();
                else if (use_secure_mode < 0) {
                        log_warning_errno(use_secure_mode, "Unable to parse $SYSTEMD_PAGERSECURE, assuming true: %m");
                        use_secure_mode = true;
                }

                /* We generally always set variables used by less, even if we end up using a different pager.
                 * They shouldn't hurt in any case, and ideally other pagers would look at them too. */
                r = set_unset_env("LESSSECURE", use_secure_mode ? "1" : NULL, true);
                if (r < 0) {
                        log_error_errno(r, "Failed to adjust environment variable LESSSECURE: %m");
                        _exit(EXIT_FAILURE);
                }

                if (trust_pager && pager_args) { /* The pager config might be set globally, and we cannot
                                                  * know if the user adjusted it to be appropriate for the
                                                  * secure mode. Thus, start the pager specified through
                                                  * envvars only when $SYSTEMD_PAGERSECURE was explicitly set
                                                  * as well. */
                        r = loop_write(exe_name_pipe[1], pager_args[0], strlen(pager_args[0]) + 1);
                        if (r < 0) {
                                log_error_errno(r, "Failed to write pager name to socket: %m");
                                _exit(EXIT_FAILURE);
                        }

                        execvp(pager_args[0], pager_args);
                        log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_WARNING, errno,
                                       "Failed to execute '%s', using fallback pagers: %m", pager_args[0]);
                }

                /* Debian's alternatives command for pagers is called 'pager'. Note that we do not call
                 * sensible-pagers here, since that is just a shell script that implements a logic that is
                 * similar to this one anyway, but is Debian-specific. */
                static const char* pagers[] = { "pager", "less", "more", "(built-in)" };

                for (unsigned i = 0; i < ELEMENTSOF(pagers); i++) {
                        /* Only less (and our trivial fallback) implement secure mode right now. */
                        if (use_secure_mode && !STR_IN_SET(pagers[i], "less", "(built-in)"))
                                continue;

                        r = loop_write(exe_name_pipe[1], pagers[i], strlen(pagers[i]) + 1);
                        if (r < 0) {
                                log_error_errno(r, "Failed to write pager name to socket: %m");
                                _exit(EXIT_FAILURE);
                        }

                        if (i < ELEMENTSOF(pagers) - 1) {
                                execlp(pagers[i], pagers[i], NULL);
                                log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_WARNING, errno,
                                               "Failed to execute '%s', will try '%s' next: %m", pagers[i], pagers[i+1]);
                        } else {
                                /* Close pipe to signal the parent to start sending data */
                                safe_close_pair(exe_name_pipe);
                                pager_fallback();
                                assert_not_reached();
                        }
                }
        }

        /* Return in the parent */
        stored_stdout = fcntl(STDOUT_FILENO, F_DUPFD_CLOEXEC, 3);
        if (dup2(fd[1], STDOUT_FILENO) < 0) {
                stored_stdout = safe_close(stored_stdout);
                return (void) log_error_errno(errno, "Failed to duplicate pager pipe: %m");
        }
        stdout_redirected = true;

        stored_stderr = fcntl(STDERR_FILENO, F_DUPFD_CLOEXEC, 3);
        if (dup2(fd[1], STDERR_FILENO) < 0) {
                stored_stderr = safe_close(stored_stderr);
                return (void) log_error_errno(errno, "Failed to duplicate pager pipe: %m");
        }
        stderr_redirected = true;

        exe_name_pipe[1] = safe_close(exe_name_pipe[1]);

        r = no_quit_on_interrupt(TAKE_FD(exe_name_pipe[0]), less_opts);
        if (r > 0)
                (void) ignore_signals(SIGINT);
}

void pager_close(void) {

        if (pager_pid <= 0)
                return;

        /* Inform pager that we are done */
        (void) fflush(stdout);
        if (stdout_redirected)
                if (stored_stdout < 0 || dup2(stored_stdout, STDOUT_FILENO) < 0)
                        (void) close(STDOUT_FILENO);
        stored_stdout = safe_close(stored_stdout);
        (void) fflush(stderr);
        if (stderr_redirected)
                if (stored_stderr < 0 || dup2(stored_stderr, STDERR_FILENO) < 0)
                        (void) close(STDERR_FILENO);
        stored_stderr = safe_close(stored_stderr);
        stdout_redirected = stderr_redirected = false;

        (void) kill(pager_pid, SIGCONT);
        (void) wait_for_terminate(TAKE_PID(pager_pid), NULL);
        pager_pid = 0;
}

bool pager_have(void) {
        return pager_pid > 0;
}

int show_man_page(const char *desc, bool null_stdio) {
        const char *args[4] = { "man", NULL, NULL, NULL };
        char *e = NULL;
        pid_t pid;
        size_t k;
        int r;

        k = strlen(desc);

        if (desc[k-1] == ')')
                e = strrchr(desc, '(');

        if (e) {
                char *page = NULL, *section = NULL;

                page = strndupa_safe(desc, e - desc);
                section = strndupa_safe(e + 1, desc + k - e - 2);

                args[1] = section;
                args[2] = page;
        } else
                args[1] = desc;

        r = safe_fork("(man)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|(null_stdio ? FORK_REARRANGE_STDIO : 0)|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
        if (r < 0)
                return r;
        if (r == 0) {
                /* Child */
                execvp(args[0], (char**) args);
                log_error_errno(errno, "Failed to execute man: %m");
                _exit(EXIT_FAILURE);
        }

        return wait_for_terminate_and_check(NULL, pid, 0);
}
Commit	Line	Data
	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
	2
	3	#include <stdio.h>
	4	#include <stdlib.h>
	5	#include <unistd.h>
	6
	7	#include "sd-login.h"
	8
	9	#include "copy.h"
	10	#include "env-util.h"
	11	#include "fd-util.h"
	12	#include "fileio.h"
	13	#include "io-util.h"
	14	#include "locale-util.h"
	15	#include "log.h"
	16	#include "pager.h"
	17	#include "process-util.h"
	18	#include "signal-util.h"
	19	#include "string-util.h"
	20	#include "strv.h"
	21	#include "terminal-util.h"
	22
	23	static pid_t pager_pid = 0;
	24
	25	static int stored_stdout = -1;
	26	static int stored_stderr = -1;
	27	static bool stdout_redirected = false;
	28	static bool stderr_redirected = false;
	29
	30	_noreturn_ static void pager_fallback(void) {
	31	int r;
	32
	33	r = copy_bytes(STDIN_FILENO, STDOUT_FILENO, UINT64_MAX, 0);
	34	if (r < 0) {
	35	log_error_errno(r, "Internal pager failed: %m");
	36	_exit(EXIT_FAILURE);
	37	}
	38
	39	_exit(EXIT_SUCCESS);
	40	}
	41
	42	static int no_quit_on_interrupt(int exe_name_fd, const char *less_opts) {
	43	_cleanup_fclose_ FILE *file = NULL;
	44	_cleanup_free_ char *line = NULL;
	45	int r;
	46
	47	assert(exe_name_fd >= 0);
	48	assert(less_opts);
	49
	50	/* This takes ownership of exe_name_fd */
	51	file = fdopen(exe_name_fd, "r");
	52	if (!file) {
	53	safe_close(exe_name_fd);
	54	return log_error_errno(errno, "Failed to create FILE object: %m");
	55	}
	56
	57	/* Find the last line */
	58	for (;;) {
	59	_cleanup_free_ char *t = NULL;
	60
	61	r = read_line(file, LONG_LINE_MAX, &t);
	62	if (r < 0)
	63	return log_error_errno(r, "Failed to read from socket: %m");
	64	if (r == 0)
	65	break;
	66
	67	free_and_replace(line, t);
	68	}
	69
	70	/* We only treat "less" specially.
	71	* Return true whenever option K is not set. */
	72	r = streq_ptr(line, "less") && !strchr(less_opts, 'K');
	73
	74	log_debug("Pager executable is \"%s\", options \"%s\", quit_on_interrupt: %s",
	75	strnull(line), less_opts, yes_no(!r));
	76	return r;
	77	}
	78
	79	static bool running_with_escalated_privileges(void) {
	80	int r;
	81
	82	if (getenv("SUDO_UID"))
	83	return true;
	84
	85	uid_t uid;
	86	r = sd_pid_get_owner_uid(0, &uid);
	87	if (r < 0) {
	88	log_debug_errno(r, "sd_pid_get_owner_uid() failed, enabling pager secure mode: %m");
	89	return true;
	90	}
	91
	92	return uid != geteuid();
	93	}
	94
	95	void pager_open(PagerFlags flags) {
	96	_cleanup_close_pair_ int fd[2] = EBADF_PAIR, exe_name_pipe[2] = EBADF_PAIR;
	97	_cleanup_strv_free_ char **pager_args = NULL;
	98	_cleanup_free_ char *l = NULL;
	99	const char pager, less_opts;
	100	int r;
	101
	102	if (flags & PAGER_DISABLE)
	103	return;
	104
	105	if (pager_pid > 0)
	106	return;
	107
	108	if (terminal_is_dumb())
	109	return;
	110
	111	if (!is_main_thread())
	112	return (void) log_error_errno(SYNTHETIC_ERRNO(EPERM), "Pager invoked from wrong thread.");
	113
	114	pager = getenv("SYSTEMD_PAGER");
	115	if (!pager)
	116	pager = getenv("PAGER");
	117
	118	if (pager) {
	119	pager_args = strv_split(pager, WHITESPACE);
	120	if (!pager_args)
	121	return (void) log_oom();
	122
	123	/* If the pager is explicitly turned off, honour it */
	124	if (strv_isempty(pager_args) \|\| strv_equal(pager_args, STRV_MAKE("cat")))
	125	return;
	126	}
	127
	128	/* Determine and cache number of columns/lines before we spawn the pager so that we get the value from the
	129	* actual tty */
	130	(void) columns();
	131	(void) lines();
	132
	133	if (pipe2(fd, O_CLOEXEC) < 0)
	134	return (void) log_error_errno(errno, "Failed to create pager pipe: %m");
	135
	136	/* This is a pipe to feed the name of the executed pager binary into the parent */
	137	if (pipe2(exe_name_pipe, O_CLOEXEC) < 0)
	138	return (void) log_error_errno(errno, "Failed to create exe_name pipe: %m");
	139
	140	/* Initialize a good set of less options */
	141	less_opts = getenv("SYSTEMD_LESS");
	142	if (!less_opts)
	143	less_opts = "FRSXMK";
	144	if (flags & PAGER_JUMP_TO_END) {
	145	l = strjoin(less_opts, " +G");
	146	if (!l)
	147	return (void) log_oom();
	148	less_opts = l;
	149	}
	150
	151	/* We set SIGINT as PR_DEATHSIG signal here, to match the "K" parameter we set in $LESS, which enables SIGINT behaviour. */
	152	r = safe_fork("(pager)", FORK_RESET_SIGNALS\|FORK_DEATHSIG_SIGINT\|FORK_RLIMIT_NOFILE_SAFE\|FORK_LOG, &pager_pid);
	153	if (r < 0)
	154	return;
	155	if (r == 0) {
	156	const char *less_charset;
	157
	158	/* In the child start the pager */
	159
	160	if (dup2(fd[0], STDIN_FILENO) < 0) {
	161	log_error_errno(errno, "Failed to duplicate file descriptor to STDIN: %m");
	162	_exit(EXIT_FAILURE);
	163	}
	164
	165	safe_close_pair(fd);
	166
	167	if (setenv("LESS", less_opts, 1) < 0) {
	168	log_error_errno(errno, "Failed to set environment variable LESS: %m");
	169	_exit(EXIT_FAILURE);
	170	}
	171
	172	/* Initialize a good charset for less. This is particularly important if we output UTF-8
	173	* characters. */
	174	less_charset = getenv("SYSTEMD_LESSCHARSET");
	175	if (!less_charset && is_locale_utf8())
	176	less_charset = "utf-8";
	177	if (less_charset &&
	178	setenv("LESSCHARSET", less_charset, 1) < 0) {
	179	log_error_errno(errno, "Failed to set environment variable LESSCHARSET: %m");
	180	_exit(EXIT_FAILURE);
	181	}
	182
	183	/* People might invoke us from sudo, don't needlessly allow less to be a way to shell out
	184	* privileged stuff. If the user set $SYSTEMD_PAGERSECURE, trust their configuration of the
	185	* pager. If they didn't, use secure mode when under euid is changed. If $SYSTEMD_PAGERSECURE
	186	* wasn't explicitly set, and we autodetect the need for secure mode, only use the pager we
	187	* know to be good. */
	188	int use_secure_mode = secure_getenv_bool("SYSTEMD_PAGERSECURE");
	189	bool trust_pager = use_secure_mode >= 0;
	190	if (use_secure_mode == -ENXIO)
	191	use_secure_mode = running_with_escalated_privileges();
	192	else if (use_secure_mode < 0) {
	193	log_warning_errno(use_secure_mode, "Unable to parse $SYSTEMD_PAGERSECURE, assuming true: %m");
	194	use_secure_mode = true;
	195	}
	196
	197	/* We generally always set variables used by less, even if we end up using a different pager.
	198	* They shouldn't hurt in any case, and ideally other pagers would look at them too. */
	199	r = set_unset_env("LESSSECURE", use_secure_mode ? "1" : NULL, true);
	200	if (r < 0) {
	201	log_error_errno(r, "Failed to adjust environment variable LESSSECURE: %m");
	202	_exit(EXIT_FAILURE);
	203	}
	204
	205	if (trust_pager && pager_args) { /* The pager config might be set globally, and we cannot
	206	* know if the user adjusted it to be appropriate for the
	207	* secure mode. Thus, start the pager specified through
	208	* envvars only when $SYSTEMD_PAGERSECURE was explicitly set
	209	* as well. */
	210	r = loop_write(exe_name_pipe[1], pager_args[0], strlen(pager_args[0]) + 1);
	211	if (r < 0) {
	212	log_error_errno(r, "Failed to write pager name to socket: %m");
	213	_exit(EXIT_FAILURE);
	214	}
	215
	216	execvp(pager_args[0], pager_args);
	217	log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_WARNING, errno,
	218	"Failed to execute '%s', using fallback pagers: %m", pager_args[0]);
	219	}
	220
	221	/* Debian's alternatives command for pagers is called 'pager'. Note that we do not call
	222	* sensible-pagers here, since that is just a shell script that implements a logic that is
	223	* similar to this one anyway, but is Debian-specific. */
	224	static const char* pagers[] = { "pager", "less", "more", "(built-in)" };
	225
	226	for (unsigned i = 0; i < ELEMENTSOF(pagers); i++) {
	227	/* Only less (and our trivial fallback) implement secure mode right now. */
	228	if (use_secure_mode && !STR_IN_SET(pagers[i], "less", "(built-in)"))
	229	continue;
	230
	231	r = loop_write(exe_name_pipe[1], pagers[i], strlen(pagers[i]) + 1);
	232	if (r < 0) {
	233	log_error_errno(r, "Failed to write pager name to socket: %m");
	234	_exit(EXIT_FAILURE);
	235	}
	236
	237	if (i < ELEMENTSOF(pagers) - 1) {
	238	execlp(pagers[i], pagers[i], NULL);
	239	log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_WARNING, errno,
	240	"Failed to execute '%s', will try '%s' next: %m", pagers[i], pagers[i+1]);
	241	} else {
	242	/* Close pipe to signal the parent to start sending data */
	243	safe_close_pair(exe_name_pipe);
	244	pager_fallback();
	245	assert_not_reached();
	246	}
	247	}
	248	}
	249
	250	/* Return in the parent */
	251	stored_stdout = fcntl(STDOUT_FILENO, F_DUPFD_CLOEXEC, 3);
	252	if (dup2(fd[1], STDOUT_FILENO) < 0) {
	253	stored_stdout = safe_close(stored_stdout);
	254	return (void) log_error_errno(errno, "Failed to duplicate pager pipe: %m");
	255	}
	256	stdout_redirected = true;
	257
	258	stored_stderr = fcntl(STDERR_FILENO, F_DUPFD_CLOEXEC, 3);
	259	if (dup2(fd[1], STDERR_FILENO) < 0) {
	260	stored_stderr = safe_close(stored_stderr);
	261	return (void) log_error_errno(errno, "Failed to duplicate pager pipe: %m");
	262	}
	263	stderr_redirected = true;
	264
	265	exe_name_pipe[1] = safe_close(exe_name_pipe[1]);
	266
	267	r = no_quit_on_interrupt(TAKE_FD(exe_name_pipe[0]), less_opts);
	268	if (r > 0)
	269	(void) ignore_signals(SIGINT);
	270	}
	271
	272	void pager_close(void) {
	273
	274	if (pager_pid <= 0)
	275	return;
	276
	277	/* Inform pager that we are done */
	278	(void) fflush(stdout);
	279	if (stdout_redirected)
	280	if (stored_stdout < 0 \|\| dup2(stored_stdout, STDOUT_FILENO) < 0)
	281	(void) close(STDOUT_FILENO);
	282	stored_stdout = safe_close(stored_stdout);
	283	(void) fflush(stderr);
	284	if (stderr_redirected)
	285	if (stored_stderr < 0 \|\| dup2(stored_stderr, STDERR_FILENO) < 0)
	286	(void) close(STDERR_FILENO);
	287	stored_stderr = safe_close(stored_stderr);
	288	stdout_redirected = stderr_redirected = false;
	289
	290	(void) kill(pager_pid, SIGCONT);
	291	(void) wait_for_terminate(TAKE_PID(pager_pid), NULL);
	292	pager_pid = 0;
	293	}
	294
	295	bool pager_have(void) {
	296	return pager_pid > 0;
	297	}
	298
	299	int show_man_page(const char *desc, bool null_stdio) {
	300	const char *args[4] = { "man", NULL, NULL, NULL };
	301	char *e = NULL;
	302	pid_t pid;
	303	size_t k;
	304	int r;
	305
	306	k = strlen(desc);
	307
	308	if (desc[k-1] == ')')
	309	e = strrchr(desc, '(');
	310
	311	if (e) {
	312	char page = NULL, section = NULL;
	313
	314	page = strndupa_safe(desc, e - desc);
	315	section = strndupa_safe(e + 1, desc + k - e - 2);
	316
	317	args[1] = section;
	318	args[2] = page;
	319	} else
	320	args[1] = desc;
	321
	322	r = safe_fork("(man)", FORK_RESET_SIGNALS\|FORK_DEATHSIG_SIGTERM\|(null_stdio ? FORK_REARRANGE_STDIO : 0)\|FORK_RLIMIT_NOFILE_SAFE\|FORK_LOG, &pid);
	323	if (r < 0)
	324	return r;
	325	if (r == 0) {
	326	/* Child */
	327	execvp(args[0], (char**) args);
	328	log_error_errno(errno, "Failed to execute man: %m");
	329	_exit(EXIT_FAILURE);
	330	}
	331
	332	return wait_for_terminate_and_check(NULL, pid, 0);
	333	}