1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
11 #include "alloc-util.h"
12 #include "bus-get-properties.h"
14 #include "capability-util.h"
15 #include "cpu-set-util.h"
16 #include "creds-util.h"
17 #include "dbus-execute.h"
18 #include "dbus-util.h"
20 #include "errno-list.h"
25 #include "hexdecoct.h"
27 #include "ioprio-util.h"
28 #include "journal-file.h"
29 #include "missing_ioprio.h"
30 #include "mountpoint-util.h"
31 #include "namespace.h"
32 #include "parse-util.h"
33 #include "path-util.h"
34 #include "pcre2-util.h"
35 #include "process-util.h"
36 #include "rlimit-util.h"
38 #include "seccomp-util.h"
40 #include "securebits-util.h"
41 #include "specifier.h"
42 #include "stat-util.h"
44 #include "syslog-util.h"
45 #include "unit-printf.h"
46 #include "user-util.h"
49 BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_exec_output
, exec_output
, ExecOutput
);
50 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_input
, exec_input
, ExecInput
);
51 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_utmp_mode
, exec_utmp_mode
, ExecUtmpMode
);
52 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_preserve_mode
, exec_preserve_mode
, ExecPreserveMode
);
53 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_keyring_mode
, exec_keyring_mode
, ExecKeyringMode
);
54 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_protect_proc
, protect_proc
, ProtectProc
);
55 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_proc_subset
, proc_subset
, ProcSubset
);
56 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_protect_home
, protect_home
, ProtectHome
);
57 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_protect_system
, protect_system
, ProtectSystem
);
58 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_personality
, personality
, unsigned long);
59 static BUS_DEFINE_PROPERTY_GET(property_get_ioprio
, "i", ExecContext
, exec_context_get_effective_ioprio
);
60 static BUS_DEFINE_PROPERTY_GET(property_get_mount_apivfs
, "b", ExecContext
, exec_context_get_effective_mount_apivfs
);
61 static BUS_DEFINE_PROPERTY_GET2(property_get_ioprio_class
, "i", ExecContext
, exec_context_get_effective_ioprio
, ioprio_prio_class
);
62 static BUS_DEFINE_PROPERTY_GET2(property_get_ioprio_priority
, "i", ExecContext
, exec_context_get_effective_ioprio
, ioprio_prio_data
);
63 static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_empty_string
, "s", NULL
);
64 static BUS_DEFINE_PROPERTY_GET_REF(property_get_syslog_level
, "i", int, LOG_PRI
);
65 static BUS_DEFINE_PROPERTY_GET_REF(property_get_syslog_facility
, "i", int, LOG_FAC
);
66 static BUS_DEFINE_PROPERTY_GET(property_get_cpu_affinity_from_numa
, "b", ExecContext
, exec_context_get_cpu_affinity_from_numa
);
68 static int property_get_environment_files(
71 const char *interface
,
73 sd_bus_message
*reply
,
75 sd_bus_error
*error
) {
77 ExecContext
*c
= ASSERT_PTR(userdata
);
83 r
= sd_bus_message_open_container(reply
, 'a', "(sb)");
87 STRV_FOREACH(j
, c
->environment_files
) {
90 r
= sd_bus_message_append(reply
, "(sb)", fn
[0] == '-' ? fn
+ 1 : fn
, fn
[0] == '-');
95 return sd_bus_message_close_container(reply
);
98 static int property_get_oom_score_adjust(
101 const char *interface
,
102 const char *property
,
103 sd_bus_message
*reply
,
105 sd_bus_error
*error
) {
107 ExecContext
*c
= ASSERT_PTR(userdata
);
113 if (c
->oom_score_adjust_set
)
114 n
= c
->oom_score_adjust
;
117 r
= get_oom_score_adjust(&n
);
119 log_debug_errno(r
, "Failed to read /proc/self/oom_score_adj, ignoring: %m");
122 return sd_bus_message_append(reply
, "i", n
);
125 static int property_get_coredump_filter(
128 const char *interface
,
129 const char *property
,
130 sd_bus_message
*reply
,
132 sd_bus_error
*error
) {
134 ExecContext
*c
= ASSERT_PTR(userdata
);
141 if (c
->coredump_filter_set
)
142 n
= c
->coredump_filter
;
144 _cleanup_free_
char *t
= NULL
;
146 n
= COREDUMP_FILTER_MASK_DEFAULT
;
147 r
= read_one_line_file("/proc/self/coredump_filter", &t
);
149 log_debug_errno(r
, "Failed to read /proc/self/coredump_filter, ignoring: %m");
151 r
= safe_atoux64(t
, &n
);
153 log_debug_errno(r
, "Failed to parse \"%s\" from /proc/self/coredump_filter, ignoring: %m", t
);
157 return sd_bus_message_append(reply
, "t", n
);
160 static int property_get_nice(
163 const char *interface
,
164 const char *property
,
165 sd_bus_message
*reply
,
167 sd_bus_error
*error
) {
169 ExecContext
*c
= ASSERT_PTR(userdata
);
179 n
= getpriority(PRIO_PROCESS
, 0);
184 return sd_bus_message_append(reply
, "i", n
);
187 static int property_get_cpu_sched_policy(
190 const char *interface
,
191 const char *property
,
192 sd_bus_message
*reply
,
194 sd_bus_error
*error
) {
196 ExecContext
*c
= ASSERT_PTR(userdata
);
202 if (c
->cpu_sched_set
)
203 n
= c
->cpu_sched_policy
;
205 n
= sched_getscheduler(0);
210 return sd_bus_message_append(reply
, "i", n
);
213 static int property_get_cpu_sched_priority(
216 const char *interface
,
217 const char *property
,
218 sd_bus_message
*reply
,
220 sd_bus_error
*error
) {
222 ExecContext
*c
= ASSERT_PTR(userdata
);
228 if (c
->cpu_sched_set
)
229 n
= c
->cpu_sched_priority
;
231 struct sched_param p
= {};
233 if (sched_getparam(0, &p
) >= 0)
234 n
= p
.sched_priority
;
239 return sd_bus_message_append(reply
, "i", n
);
242 static int property_get_cpu_affinity(
245 const char *interface
,
246 const char *property
,
247 sd_bus_message
*reply
,
249 sd_bus_error
*error
) {
251 ExecContext
*c
= ASSERT_PTR(userdata
);
252 _cleanup_(cpu_set_reset
) CPUSet s
= {};
253 _cleanup_free_
uint8_t *array
= NULL
;
259 if (c
->cpu_affinity_from_numa
) {
262 r
= numa_to_cpu_set(&c
->numa_policy
, &s
);
267 (void) cpu_set_to_dbus(c
->cpu_affinity_from_numa
? &s
: &c
->cpu_set
, &array
, &allocated
);
269 return sd_bus_message_append_array(reply
, 'y', array
, allocated
);
272 static int property_get_numa_mask(
275 const char *interface
,
276 const char *property
,
277 sd_bus_message
*reply
,
279 sd_bus_error
*error
) {
281 ExecContext
*c
= ASSERT_PTR(userdata
);
282 _cleanup_free_
uint8_t *array
= NULL
;
288 (void) cpu_set_to_dbus(&c
->numa_policy
.nodes
, &array
, &allocated
);
290 return sd_bus_message_append_array(reply
, 'y', array
, allocated
);
293 static int property_get_numa_policy(
296 const char *interface
,
297 const char *property
,
298 sd_bus_message
*reply
,
300 sd_bus_error
*error
) {
301 ExecContext
*c
= ASSERT_PTR(userdata
);
307 policy
= numa_policy_get_type(&c
->numa_policy
);
309 return sd_bus_message_append_basic(reply
, 'i', &policy
);
312 static int property_get_timer_slack_nsec(
315 const char *interface
,
316 const char *property
,
317 sd_bus_message
*reply
,
319 sd_bus_error
*error
) {
321 ExecContext
*c
= ASSERT_PTR(userdata
);
327 if (c
->timer_slack_nsec
!= NSEC_INFINITY
)
328 u
= (uint64_t) c
->timer_slack_nsec
;
330 u
= (uint64_t) prctl(PR_GET_TIMERSLACK
);
332 return sd_bus_message_append(reply
, "t", u
);
335 static int property_get_syscall_filter(
338 const char *interface
,
339 const char *property
,
340 sd_bus_message
*reply
,
342 sd_bus_error
*error
) {
344 ExecContext
*c
= ASSERT_PTR(userdata
);
345 _cleanup_strv_free_
char **l
= NULL
;
351 r
= sd_bus_message_open_container(reply
, 'r', "bas");
355 r
= sd_bus_message_append(reply
, "b", c
->syscall_allow_list
);
361 HASHMAP_FOREACH_KEY(val
, id
, c
->syscall_filter
) {
362 _cleanup_free_
char *name
= NULL
;
363 const char *e
= NULL
;
365 int num
= PTR_TO_INT(val
);
367 if (c
->syscall_allow_list
&& num
>= 0)
368 /* syscall with num >= 0 in allow-list is denied. */
371 name
= seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE
, PTR_TO_INT(id
) - 1);
376 e
= seccomp_errno_or_action_to_string(num
);
378 s
= strjoin(name
, ":", e
);
382 r
= asprintf(&s
, "%s:%d", name
, num
);
389 r
= strv_consume(&l
, s
);
397 r
= sd_bus_message_append_strv(reply
, l
);
401 return sd_bus_message_close_container(reply
);
404 static int property_get_syscall_log(
407 const char *interface
,
408 const char *property
,
409 sd_bus_message
*reply
,
411 sd_bus_error
*error
) {
413 ExecContext
*c
= ASSERT_PTR(userdata
);
414 _cleanup_strv_free_
char **l
= NULL
;
420 r
= sd_bus_message_open_container(reply
, 'r', "bas");
424 r
= sd_bus_message_append(reply
, "b", c
->syscall_log_allow_list
);
430 HASHMAP_FOREACH_KEY(val
, id
, c
->syscall_log
) {
433 name
= seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE
, PTR_TO_INT(id
) - 1);
437 r
= strv_consume(&l
, name
);
445 r
= sd_bus_message_append_strv(reply
, l
);
449 return sd_bus_message_close_container(reply
);
452 static int property_get_syscall_archs(
455 const char *interface
,
456 const char *property
,
457 sd_bus_message
*reply
,
459 sd_bus_error
*error
) {
461 _cleanup_strv_free_
char **l
= NULL
;
469 SET_FOREACH(id
, ASSERT_PTR((ExecContext
*) userdata
)->syscall_archs
) {
472 name
= seccomp_arch_to_string(PTR_TO_UINT32(id
) - 1);
476 r
= strv_extend(&l
, name
);
484 r
= sd_bus_message_append_strv(reply
, l
);
491 static int property_get_selinux_context(
494 const char *interface
,
495 const char *property
,
496 sd_bus_message
*reply
,
498 sd_bus_error
*error
) {
500 ExecContext
*c
= ASSERT_PTR(userdata
);
505 return sd_bus_message_append(reply
, "(bs)", c
->selinux_context_ignore
, c
->selinux_context
);
508 static int property_get_apparmor_profile(
511 const char *interface
,
512 const char *property
,
513 sd_bus_message
*reply
,
515 sd_bus_error
*error
) {
517 ExecContext
*c
= ASSERT_PTR(userdata
);
522 return sd_bus_message_append(reply
, "(bs)", c
->apparmor_profile_ignore
, c
->apparmor_profile
);
525 static int property_get_smack_process_label(
528 const char *interface
,
529 const char *property
,
530 sd_bus_message
*reply
,
532 sd_bus_error
*error
) {
534 ExecContext
*c
= ASSERT_PTR(userdata
);
539 return sd_bus_message_append(reply
, "(bs)", c
->smack_process_label_ignore
, c
->smack_process_label
);
542 static int property_get_address_families(
545 const char *interface
,
546 const char *property
,
547 sd_bus_message
*reply
,
549 sd_bus_error
*error
) {
551 ExecContext
*c
= ASSERT_PTR(userdata
);
552 _cleanup_strv_free_
char **l
= NULL
;
559 r
= sd_bus_message_open_container(reply
, 'r', "bas");
563 r
= sd_bus_message_append(reply
, "b", c
->address_families_allow_list
);
567 SET_FOREACH(af
, c
->address_families
) {
570 name
= af_to_name(PTR_TO_INT(af
));
574 r
= strv_extend(&l
, name
);
581 r
= sd_bus_message_append_strv(reply
, l
);
585 return sd_bus_message_close_container(reply
);
588 static int property_get_working_directory(
591 const char *interface
,
592 const char *property
,
593 sd_bus_message
*reply
,
595 sd_bus_error
*error
) {
597 ExecContext
*c
= ASSERT_PTR(userdata
);
603 if (c
->working_directory_home
)
606 wd
= c
->working_directory
;
608 if (c
->working_directory_missing_ok
)
609 wd
= strjoina("!", wd
);
611 return sd_bus_message_append(reply
, "s", wd
);
614 static int property_get_stdio_fdname(
617 const char *interface
,
618 const char *property
,
619 sd_bus_message
*reply
,
621 sd_bus_error
*error
) {
623 ExecContext
*c
= ASSERT_PTR(userdata
);
630 if (streq(property
, "StandardInputFileDescriptorName"))
631 fileno
= STDIN_FILENO
;
632 else if (streq(property
, "StandardOutputFileDescriptorName"))
633 fileno
= STDOUT_FILENO
;
635 assert(streq(property
, "StandardErrorFileDescriptorName"));
636 fileno
= STDERR_FILENO
;
639 return sd_bus_message_append(reply
, "s", exec_context_fdname(c
, fileno
));
642 static int property_get_input_data(
645 const char *interface
,
646 const char *property
,
647 sd_bus_message
*reply
,
649 sd_bus_error
*error
) {
651 ExecContext
*c
= ASSERT_PTR(userdata
);
657 return sd_bus_message_append_array(reply
, 'y', c
->stdin_data
, c
->stdin_data_size
);
660 static int property_get_restrict_filesystems(
663 const char *interface
,
664 const char *property
,
665 sd_bus_message
*reply
,
667 sd_bus_error
*error
) {
669 ExecContext
*c
= ASSERT_PTR(userdata
);
670 _cleanup_free_
char **l
= NULL
;
676 r
= sd_bus_message_open_container(reply
, 'r', "bas");
680 r
= sd_bus_message_append(reply
, "b", c
->restrict_filesystems_allow_list
);
685 l
= set_get_strv(c
->restrict_filesystems
);
692 r
= sd_bus_message_append_strv(reply
, l
);
696 return sd_bus_message_close_container(reply
);
699 static int property_get_bind_paths(
702 const char *interface
,
703 const char *property
,
704 sd_bus_message
*reply
,
706 sd_bus_error
*error
) {
708 ExecContext
*c
= ASSERT_PTR(userdata
);
716 ro
= strstr(property
, "ReadOnly");
718 r
= sd_bus_message_open_container(reply
, 'a', "(ssbt)");
722 for (size_t i
= 0; i
< c
->n_bind_mounts
; i
++) {
724 if (ro
!= c
->bind_mounts
[i
].read_only
)
727 r
= sd_bus_message_append(
729 c
->bind_mounts
[i
].source
,
730 c
->bind_mounts
[i
].destination
,
731 c
->bind_mounts
[i
].ignore_enoent
,
732 c
->bind_mounts
[i
].recursive
? (uint64_t) MS_REC
: (uint64_t) 0);
737 return sd_bus_message_close_container(reply
);
740 static int property_get_temporary_filesystems(
743 const char *interface
,
744 const char *property
,
745 sd_bus_message
*reply
,
747 sd_bus_error
*error
) {
749 ExecContext
*c
= ASSERT_PTR(userdata
);
756 r
= sd_bus_message_open_container(reply
, 'a', "(ss)");
760 for (unsigned i
= 0; i
< c
->n_temporary_filesystems
; i
++) {
761 TemporaryFileSystem
*t
= c
->temporary_filesystems
+ i
;
763 r
= sd_bus_message_append(
771 return sd_bus_message_close_container(reply
);
774 static int property_get_log_extra_fields(
777 const char *interface
,
778 const char *property
,
779 sd_bus_message
*reply
,
781 sd_bus_error
*error
) {
783 ExecContext
*c
= ASSERT_PTR(userdata
);
790 r
= sd_bus_message_open_container(reply
, 'a', "ay");
794 for (size_t i
= 0; i
< c
->n_log_extra_fields
; i
++) {
795 r
= sd_bus_message_append_array(reply
, 'y', c
->log_extra_fields
[i
].iov_base
, c
->log_extra_fields
[i
].iov_len
);
800 return sd_bus_message_close_container(reply
);
803 static int sd_bus_message_append_log_filter_patterns(sd_bus_message
*reply
, Set
*patterns
, bool is_allowlist
) {
809 SET_FOREACH(pattern
, patterns
) {
810 r
= sd_bus_message_append(reply
, "(bs)", is_allowlist
, pattern
);
818 static int property_get_log_filter_patterns(
821 const char *interface
,
822 const char *property
,
823 sd_bus_message
*reply
,
825 sd_bus_error
*error
) {
827 ExecContext
*c
= userdata
;
833 r
= sd_bus_message_open_container(reply
, 'a', "(bs)");
837 r
= sd_bus_message_append_log_filter_patterns(reply
, c
->log_filter_allowed_patterns
,
838 /* is_allowlist = */ true);
842 r
= sd_bus_message_append_log_filter_patterns(reply
, c
->log_filter_denied_patterns
,
843 /* is_allowlist = */ false);
847 return sd_bus_message_close_container(reply
);
850 static int property_get_set_credential(
853 const char *interface
,
854 const char *property
,
855 sd_bus_message
*reply
,
857 sd_bus_error
*error
) {
859 ExecContext
*c
= ASSERT_PTR(userdata
);
860 ExecSetCredential
*sc
;
867 r
= sd_bus_message_open_container(reply
, 'a', "(say)");
871 HASHMAP_FOREACH(sc
, c
->set_credentials
) {
873 if (sc
->encrypted
!= streq(property
, "SetCredentialEncrypted"))
876 r
= sd_bus_message_open_container(reply
, 'r', "say");
880 r
= sd_bus_message_append(reply
, "s", sc
->id
);
884 r
= sd_bus_message_append_array(reply
, 'y', sc
->data
, sc
->size
);
888 r
= sd_bus_message_close_container(reply
);
893 return sd_bus_message_close_container(reply
);
896 static int property_get_load_credential(
899 const char *interface
,
900 const char *property
,
901 sd_bus_message
*reply
,
903 sd_bus_error
*error
) {
905 ExecContext
*c
= ASSERT_PTR(userdata
);
906 ExecLoadCredential
*lc
;
913 r
= sd_bus_message_open_container(reply
, 'a', "(ss)");
917 HASHMAP_FOREACH(lc
, c
->load_credentials
) {
919 if (lc
->encrypted
!= streq(property
, "LoadCredentialEncrypted"))
922 r
= sd_bus_message_append(reply
, "(ss)", lc
->id
, lc
->path
);
927 return sd_bus_message_close_container(reply
);
930 static int property_get_root_hash(
933 const char *interface
,
934 const char *property
,
935 sd_bus_message
*reply
,
937 sd_bus_error
*error
) {
939 ExecContext
*c
= ASSERT_PTR(userdata
);
945 return sd_bus_message_append_array(reply
, 'y', c
->root_hash
, c
->root_hash_size
);
948 static int property_get_root_hash_sig(
951 const char *interface
,
952 const char *property
,
953 sd_bus_message
*reply
,
955 sd_bus_error
*error
) {
957 ExecContext
*c
= ASSERT_PTR(userdata
);
963 return sd_bus_message_append_array(reply
, 'y', c
->root_hash_sig
, c
->root_hash_sig_size
);
966 static int property_get_root_image_options(
969 const char *interface
,
970 const char *property
,
971 sd_bus_message
*reply
,
973 sd_bus_error
*error
) {
975 ExecContext
*c
= ASSERT_PTR(userdata
);
982 r
= sd_bus_message_open_container(reply
, 'a', "(ss)");
986 LIST_FOREACH(mount_options
, m
, c
->root_image_options
) {
987 r
= sd_bus_message_append(reply
, "(ss)",
988 partition_designator_to_string(m
->partition_designator
),
994 return sd_bus_message_close_container(reply
);
997 static int property_get_mount_images(
1000 const char *interface
,
1001 const char *property
,
1002 sd_bus_message
*reply
,
1004 sd_bus_error
*error
) {
1006 ExecContext
*c
= ASSERT_PTR(userdata
);
1013 r
= sd_bus_message_open_container(reply
, 'a', "(ssba(ss))");
1017 for (size_t i
= 0; i
< c
->n_mount_images
; i
++) {
1018 r
= sd_bus_message_open_container(reply
, SD_BUS_TYPE_STRUCT
, "ssba(ss)");
1021 r
= sd_bus_message_append(
1023 c
->mount_images
[i
].source
,
1024 c
->mount_images
[i
].destination
,
1025 c
->mount_images
[i
].ignore_enoent
);
1028 r
= sd_bus_message_open_container(reply
, 'a', "(ss)");
1031 LIST_FOREACH(mount_options
, m
, c
->mount_images
[i
].mount_options
) {
1032 r
= sd_bus_message_append(reply
, "(ss)",
1033 partition_designator_to_string(m
->partition_designator
),
1038 r
= sd_bus_message_close_container(reply
);
1041 r
= sd_bus_message_close_container(reply
);
1046 return sd_bus_message_close_container(reply
);
1049 static int property_get_extension_images(
1052 const char *interface
,
1053 const char *property
,
1054 sd_bus_message
*reply
,
1056 sd_bus_error
*error
) {
1058 ExecContext
*c
= ASSERT_PTR(userdata
);
1065 r
= sd_bus_message_open_container(reply
, 'a', "(sba(ss))");
1069 for (size_t i
= 0; i
< c
->n_extension_images
; i
++) {
1070 r
= sd_bus_message_open_container(reply
, SD_BUS_TYPE_STRUCT
, "sba(ss)");
1073 r
= sd_bus_message_append(
1075 c
->extension_images
[i
].source
,
1076 c
->extension_images
[i
].ignore_enoent
);
1079 r
= sd_bus_message_open_container(reply
, 'a', "(ss)");
1082 LIST_FOREACH(mount_options
, m
, c
->extension_images
[i
].mount_options
) {
1083 r
= sd_bus_message_append(reply
, "(ss)",
1084 partition_designator_to_string(m
->partition_designator
),
1089 r
= sd_bus_message_close_container(reply
);
1092 r
= sd_bus_message_close_container(reply
);
1097 return sd_bus_message_close_container(reply
);
1100 static int bus_property_get_exec_dir(
1103 const char *interface
,
1104 const char *property
,
1105 sd_bus_message
*reply
,
1107 sd_bus_error
*error
) {
1109 ExecDirectory
*d
= ASSERT_PTR(userdata
);
1116 r
= sd_bus_message_open_container(reply
, 'a', "s");
1120 for (size_t i
= 0; i
< d
->n_items
; i
++) {
1121 r
= sd_bus_message_append_basic(reply
, 's', d
->items
[i
].path
);
1126 return sd_bus_message_close_container(reply
);
1129 static int bus_property_get_exec_dir_symlink(
1132 const char *interface
,
1133 const char *property
,
1134 sd_bus_message
*reply
,
1136 sd_bus_error
*error
) {
1138 ExecDirectory
*d
= ASSERT_PTR(userdata
);
1145 r
= sd_bus_message_open_container(reply
, 'a', "(sst)");
1149 for (size_t i
= 0; i
< d
->n_items
; i
++)
1150 STRV_FOREACH(dst
, d
->items
[i
].symlinks
) {
1151 r
= sd_bus_message_append(reply
, "(sst)", d
->items
[i
].path
, *dst
, 0 /* flags, unused for now */);
1156 return sd_bus_message_close_container(reply
);
1159 const sd_bus_vtable bus_exec_vtable
[] = {
1160 SD_BUS_VTABLE_START(0),
1161 SD_BUS_PROPERTY("Environment", "as", NULL
, offsetof(ExecContext
, environment
), SD_BUS_VTABLE_PROPERTY_CONST
),
1162 SD_BUS_PROPERTY("EnvironmentFiles", "a(sb)", property_get_environment_files
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1163 SD_BUS_PROPERTY("PassEnvironment", "as", NULL
, offsetof(ExecContext
, pass_environment
), SD_BUS_VTABLE_PROPERTY_CONST
),
1164 SD_BUS_PROPERTY("UnsetEnvironment", "as", NULL
, offsetof(ExecContext
, unset_environment
), SD_BUS_VTABLE_PROPERTY_CONST
),
1165 SD_BUS_PROPERTY("UMask", "u", bus_property_get_mode
, offsetof(ExecContext
, umask
), SD_BUS_VTABLE_PROPERTY_CONST
),
1166 SD_BUS_PROPERTY("LimitCPU", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_CPU
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1167 SD_BUS_PROPERTY("LimitCPUSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_CPU
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1168 SD_BUS_PROPERTY("LimitFSIZE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_FSIZE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1169 SD_BUS_PROPERTY("LimitFSIZESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_FSIZE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1170 SD_BUS_PROPERTY("LimitDATA", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_DATA
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1171 SD_BUS_PROPERTY("LimitDATASoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_DATA
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1172 SD_BUS_PROPERTY("LimitSTACK", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_STACK
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1173 SD_BUS_PROPERTY("LimitSTACKSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_STACK
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1174 SD_BUS_PROPERTY("LimitCORE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_CORE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1175 SD_BUS_PROPERTY("LimitCORESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_CORE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1176 SD_BUS_PROPERTY("LimitRSS", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RSS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1177 SD_BUS_PROPERTY("LimitRSSSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RSS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1178 SD_BUS_PROPERTY("LimitNOFILE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NOFILE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1179 SD_BUS_PROPERTY("LimitNOFILESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NOFILE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1180 SD_BUS_PROPERTY("LimitAS", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_AS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1181 SD_BUS_PROPERTY("LimitASSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_AS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1182 SD_BUS_PROPERTY("LimitNPROC", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NPROC
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1183 SD_BUS_PROPERTY("LimitNPROCSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NPROC
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1184 SD_BUS_PROPERTY("LimitMEMLOCK", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_MEMLOCK
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1185 SD_BUS_PROPERTY("LimitMEMLOCKSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_MEMLOCK
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1186 SD_BUS_PROPERTY("LimitLOCKS", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_LOCKS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1187 SD_BUS_PROPERTY("LimitLOCKSSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_LOCKS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1188 SD_BUS_PROPERTY("LimitSIGPENDING", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_SIGPENDING
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1189 SD_BUS_PROPERTY("LimitSIGPENDINGSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_SIGPENDING
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1190 SD_BUS_PROPERTY("LimitMSGQUEUE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_MSGQUEUE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1191 SD_BUS_PROPERTY("LimitMSGQUEUESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_MSGQUEUE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1192 SD_BUS_PROPERTY("LimitNICE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NICE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1193 SD_BUS_PROPERTY("LimitNICESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NICE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1194 SD_BUS_PROPERTY("LimitRTPRIO", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RTPRIO
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1195 SD_BUS_PROPERTY("LimitRTPRIOSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RTPRIO
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1196 SD_BUS_PROPERTY("LimitRTTIME", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RTTIME
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1197 SD_BUS_PROPERTY("LimitRTTIMESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RTTIME
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1198 SD_BUS_PROPERTY("WorkingDirectory", "s", property_get_working_directory
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1199 SD_BUS_PROPERTY("RootDirectory", "s", NULL
, offsetof(ExecContext
, root_directory
), SD_BUS_VTABLE_PROPERTY_CONST
),
1200 SD_BUS_PROPERTY("RootImage", "s", NULL
, offsetof(ExecContext
, root_image
), SD_BUS_VTABLE_PROPERTY_CONST
),
1201 SD_BUS_PROPERTY("RootImageOptions", "a(ss)", property_get_root_image_options
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1202 SD_BUS_PROPERTY("RootHash", "ay", property_get_root_hash
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1203 SD_BUS_PROPERTY("RootHashPath", "s", NULL
, offsetof(ExecContext
, root_hash_path
), SD_BUS_VTABLE_PROPERTY_CONST
),
1204 SD_BUS_PROPERTY("RootHashSignature", "ay", property_get_root_hash_sig
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1205 SD_BUS_PROPERTY("RootHashSignaturePath", "s", NULL
, offsetof(ExecContext
, root_hash_sig_path
), SD_BUS_VTABLE_PROPERTY_CONST
),
1206 SD_BUS_PROPERTY("RootVerity", "s", NULL
, offsetof(ExecContext
, root_verity
), SD_BUS_VTABLE_PROPERTY_CONST
),
1207 SD_BUS_PROPERTY("ExtensionDirectories", "as", NULL
, offsetof(ExecContext
, extension_directories
), SD_BUS_VTABLE_PROPERTY_CONST
),
1208 SD_BUS_PROPERTY("ExtensionImages", "a(sba(ss))", property_get_extension_images
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1209 SD_BUS_PROPERTY("MountImages", "a(ssba(ss))", property_get_mount_images
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1210 SD_BUS_PROPERTY("OOMScoreAdjust", "i", property_get_oom_score_adjust
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1211 SD_BUS_PROPERTY("CoredumpFilter", "t", property_get_coredump_filter
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1212 SD_BUS_PROPERTY("Nice", "i", property_get_nice
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1213 SD_BUS_PROPERTY("IOSchedulingClass", "i", property_get_ioprio_class
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1214 SD_BUS_PROPERTY("IOSchedulingPriority", "i", property_get_ioprio_priority
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1215 SD_BUS_PROPERTY("CPUSchedulingPolicy", "i", property_get_cpu_sched_policy
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1216 SD_BUS_PROPERTY("CPUSchedulingPriority", "i", property_get_cpu_sched_priority
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1217 SD_BUS_PROPERTY("CPUAffinity", "ay", property_get_cpu_affinity
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1218 SD_BUS_PROPERTY("CPUAffinityFromNUMA", "b", property_get_cpu_affinity_from_numa
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1219 SD_BUS_PROPERTY("NUMAPolicy", "i", property_get_numa_policy
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1220 SD_BUS_PROPERTY("NUMAMask", "ay", property_get_numa_mask
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1221 SD_BUS_PROPERTY("TimerSlackNSec", "t", property_get_timer_slack_nsec
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1222 SD_BUS_PROPERTY("CPUSchedulingResetOnFork", "b", bus_property_get_bool
, offsetof(ExecContext
, cpu_sched_reset_on_fork
), SD_BUS_VTABLE_PROPERTY_CONST
),
1223 SD_BUS_PROPERTY("NonBlocking", "b", bus_property_get_bool
, offsetof(ExecContext
, non_blocking
), SD_BUS_VTABLE_PROPERTY_CONST
),
1224 SD_BUS_PROPERTY("StandardInput", "s", property_get_exec_input
, offsetof(ExecContext
, std_input
), SD_BUS_VTABLE_PROPERTY_CONST
),
1225 SD_BUS_PROPERTY("StandardInputFileDescriptorName", "s", property_get_stdio_fdname
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1226 SD_BUS_PROPERTY("StandardInputData", "ay", property_get_input_data
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1227 SD_BUS_PROPERTY("StandardOutput", "s", bus_property_get_exec_output
, offsetof(ExecContext
, std_output
), SD_BUS_VTABLE_PROPERTY_CONST
),
1228 SD_BUS_PROPERTY("StandardOutputFileDescriptorName", "s", property_get_stdio_fdname
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1229 SD_BUS_PROPERTY("StandardError", "s", bus_property_get_exec_output
, offsetof(ExecContext
, std_error
), SD_BUS_VTABLE_PROPERTY_CONST
),
1230 SD_BUS_PROPERTY("StandardErrorFileDescriptorName", "s", property_get_stdio_fdname
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1231 SD_BUS_PROPERTY("TTYPath", "s", NULL
, offsetof(ExecContext
, tty_path
), SD_BUS_VTABLE_PROPERTY_CONST
),
1232 SD_BUS_PROPERTY("TTYReset", "b", bus_property_get_bool
, offsetof(ExecContext
, tty_reset
), SD_BUS_VTABLE_PROPERTY_CONST
),
1233 SD_BUS_PROPERTY("TTYVHangup", "b", bus_property_get_bool
, offsetof(ExecContext
, tty_vhangup
), SD_BUS_VTABLE_PROPERTY_CONST
),
1234 SD_BUS_PROPERTY("TTYVTDisallocate", "b", bus_property_get_bool
, offsetof(ExecContext
, tty_vt_disallocate
), SD_BUS_VTABLE_PROPERTY_CONST
),
1235 SD_BUS_PROPERTY("TTYRows", "q", bus_property_get_unsigned
, offsetof(ExecContext
, tty_rows
), SD_BUS_VTABLE_PROPERTY_CONST
),
1236 SD_BUS_PROPERTY("TTYColumns", "q", bus_property_get_unsigned
, offsetof(ExecContext
, tty_cols
), SD_BUS_VTABLE_PROPERTY_CONST
),
1237 SD_BUS_PROPERTY("SyslogPriority", "i", bus_property_get_int
, offsetof(ExecContext
, syslog_priority
), SD_BUS_VTABLE_PROPERTY_CONST
),
1238 SD_BUS_PROPERTY("SyslogIdentifier", "s", NULL
, offsetof(ExecContext
, syslog_identifier
), SD_BUS_VTABLE_PROPERTY_CONST
),
1239 SD_BUS_PROPERTY("SyslogLevelPrefix", "b", bus_property_get_bool
, offsetof(ExecContext
, syslog_level_prefix
), SD_BUS_VTABLE_PROPERTY_CONST
),
1240 SD_BUS_PROPERTY("SyslogLevel", "i", property_get_syslog_level
, offsetof(ExecContext
, syslog_priority
), SD_BUS_VTABLE_PROPERTY_CONST
),
1241 SD_BUS_PROPERTY("SyslogFacility", "i", property_get_syslog_facility
, offsetof(ExecContext
, syslog_priority
), SD_BUS_VTABLE_PROPERTY_CONST
),
1242 SD_BUS_PROPERTY("LogLevelMax", "i", bus_property_get_int
, offsetof(ExecContext
, log_level_max
), SD_BUS_VTABLE_PROPERTY_CONST
),
1243 SD_BUS_PROPERTY("LogRateLimitIntervalUSec", "t", bus_property_get_usec
, offsetof(ExecContext
, log_ratelimit_interval_usec
), SD_BUS_VTABLE_PROPERTY_CONST
),
1244 SD_BUS_PROPERTY("LogRateLimitBurst", "u", bus_property_get_unsigned
, offsetof(ExecContext
, log_ratelimit_burst
), SD_BUS_VTABLE_PROPERTY_CONST
),
1245 SD_BUS_PROPERTY("LogExtraFields", "aay", property_get_log_extra_fields
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1246 SD_BUS_PROPERTY("LogFilterPatterns", "a(bs)", property_get_log_filter_patterns
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1247 SD_BUS_PROPERTY("LogNamespace", "s", NULL
, offsetof(ExecContext
, log_namespace
), SD_BUS_VTABLE_PROPERTY_CONST
),
1248 SD_BUS_PROPERTY("SecureBits", "i", bus_property_get_int
, offsetof(ExecContext
, secure_bits
), SD_BUS_VTABLE_PROPERTY_CONST
),
1249 SD_BUS_PROPERTY("CapabilityBoundingSet", "t", NULL
, offsetof(ExecContext
, capability_bounding_set
), SD_BUS_VTABLE_PROPERTY_CONST
),
1250 SD_BUS_PROPERTY("AmbientCapabilities", "t", NULL
, offsetof(ExecContext
, capability_ambient_set
), SD_BUS_VTABLE_PROPERTY_CONST
),
1251 SD_BUS_PROPERTY("User", "s", NULL
, offsetof(ExecContext
, user
), SD_BUS_VTABLE_PROPERTY_CONST
),
1252 SD_BUS_PROPERTY("Group", "s", NULL
, offsetof(ExecContext
, group
), SD_BUS_VTABLE_PROPERTY_CONST
),
1253 SD_BUS_PROPERTY("DynamicUser", "b", bus_property_get_bool
, offsetof(ExecContext
, dynamic_user
), SD_BUS_VTABLE_PROPERTY_CONST
),
1254 SD_BUS_PROPERTY("RemoveIPC", "b", bus_property_get_bool
, offsetof(ExecContext
, remove_ipc
), SD_BUS_VTABLE_PROPERTY_CONST
),
1255 SD_BUS_PROPERTY("SetCredential", "a(say)", property_get_set_credential
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1256 SD_BUS_PROPERTY("SetCredentialEncrypted", "a(say)", property_get_set_credential
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1257 SD_BUS_PROPERTY("LoadCredential", "a(ss)", property_get_load_credential
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1258 SD_BUS_PROPERTY("LoadCredentialEncrypted", "a(ss)", property_get_load_credential
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1259 SD_BUS_PROPERTY("SupplementaryGroups", "as", NULL
, offsetof(ExecContext
, supplementary_groups
), SD_BUS_VTABLE_PROPERTY_CONST
),
1260 SD_BUS_PROPERTY("PAMName", "s", NULL
, offsetof(ExecContext
, pam_name
), SD_BUS_VTABLE_PROPERTY_CONST
),
1261 SD_BUS_PROPERTY("ReadWritePaths", "as", NULL
, offsetof(ExecContext
, read_write_paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
1262 SD_BUS_PROPERTY("ReadOnlyPaths", "as", NULL
, offsetof(ExecContext
, read_only_paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
1263 SD_BUS_PROPERTY("InaccessiblePaths", "as", NULL
, offsetof(ExecContext
, inaccessible_paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
1264 SD_BUS_PROPERTY("ExecPaths", "as", NULL
, offsetof(ExecContext
, exec_paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
1265 SD_BUS_PROPERTY("NoExecPaths", "as", NULL
, offsetof(ExecContext
, no_exec_paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
1266 SD_BUS_PROPERTY("ExecSearchPath", "as", NULL
, offsetof(ExecContext
, exec_search_path
), SD_BUS_VTABLE_PROPERTY_CONST
),
1267 SD_BUS_PROPERTY("MountFlags", "t", bus_property_get_ulong
, offsetof(ExecContext
, mount_flags
), SD_BUS_VTABLE_PROPERTY_CONST
),
1268 SD_BUS_PROPERTY("PrivateTmp", "b", bus_property_get_bool
, offsetof(ExecContext
, private_tmp
), SD_BUS_VTABLE_PROPERTY_CONST
),
1269 SD_BUS_PROPERTY("PrivateDevices", "b", bus_property_get_bool
, offsetof(ExecContext
, private_devices
), SD_BUS_VTABLE_PROPERTY_CONST
),
1270 SD_BUS_PROPERTY("ProtectClock", "b", bus_property_get_bool
, offsetof(ExecContext
, protect_clock
), SD_BUS_VTABLE_PROPERTY_CONST
),
1271 SD_BUS_PROPERTY("ProtectKernelTunables", "b", bus_property_get_bool
, offsetof(ExecContext
, protect_kernel_tunables
), SD_BUS_VTABLE_PROPERTY_CONST
),
1272 SD_BUS_PROPERTY("ProtectKernelModules", "b", bus_property_get_bool
, offsetof(ExecContext
, protect_kernel_modules
), SD_BUS_VTABLE_PROPERTY_CONST
),
1273 SD_BUS_PROPERTY("ProtectKernelLogs", "b", bus_property_get_bool
, offsetof(ExecContext
, protect_kernel_logs
), SD_BUS_VTABLE_PROPERTY_CONST
),
1274 SD_BUS_PROPERTY("ProtectControlGroups", "b", bus_property_get_bool
, offsetof(ExecContext
, protect_control_groups
), SD_BUS_VTABLE_PROPERTY_CONST
),
1275 SD_BUS_PROPERTY("PrivateNetwork", "b", bus_property_get_bool
, offsetof(ExecContext
, private_network
), SD_BUS_VTABLE_PROPERTY_CONST
),
1276 SD_BUS_PROPERTY("PrivateUsers", "b", bus_property_get_bool
, offsetof(ExecContext
, private_users
), SD_BUS_VTABLE_PROPERTY_CONST
),
1277 SD_BUS_PROPERTY("PrivateMounts", "b", bus_property_get_bool
, offsetof(ExecContext
, private_mounts
), SD_BUS_VTABLE_PROPERTY_CONST
),
1278 SD_BUS_PROPERTY("PrivateIPC", "b", bus_property_get_bool
, offsetof(ExecContext
, private_ipc
), SD_BUS_VTABLE_PROPERTY_CONST
),
1279 SD_BUS_PROPERTY("ProtectHome", "s", property_get_protect_home
, offsetof(ExecContext
, protect_home
), SD_BUS_VTABLE_PROPERTY_CONST
),
1280 SD_BUS_PROPERTY("ProtectSystem", "s", property_get_protect_system
, offsetof(ExecContext
, protect_system
), SD_BUS_VTABLE_PROPERTY_CONST
),
1281 SD_BUS_PROPERTY("SameProcessGroup", "b", bus_property_get_bool
, offsetof(ExecContext
, same_pgrp
), SD_BUS_VTABLE_PROPERTY_CONST
),
1282 SD_BUS_PROPERTY("UtmpIdentifier", "s", NULL
, offsetof(ExecContext
, utmp_id
), SD_BUS_VTABLE_PROPERTY_CONST
),
1283 SD_BUS_PROPERTY("UtmpMode", "s", property_get_exec_utmp_mode
, offsetof(ExecContext
, utmp_mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
1284 SD_BUS_PROPERTY("SELinuxContext", "(bs)", property_get_selinux_context
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1285 SD_BUS_PROPERTY("AppArmorProfile", "(bs)", property_get_apparmor_profile
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1286 SD_BUS_PROPERTY("SmackProcessLabel", "(bs)", property_get_smack_process_label
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1287 SD_BUS_PROPERTY("IgnoreSIGPIPE", "b", bus_property_get_bool
, offsetof(ExecContext
, ignore_sigpipe
), SD_BUS_VTABLE_PROPERTY_CONST
),
1288 SD_BUS_PROPERTY("NoNewPrivileges", "b", bus_property_get_bool
, offsetof(ExecContext
, no_new_privileges
), SD_BUS_VTABLE_PROPERTY_CONST
),
1289 SD_BUS_PROPERTY("SystemCallFilter", "(bas)", property_get_syscall_filter
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1290 SD_BUS_PROPERTY("SystemCallArchitectures", "as", property_get_syscall_archs
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1291 SD_BUS_PROPERTY("SystemCallErrorNumber", "i", bus_property_get_int
, offsetof(ExecContext
, syscall_errno
), SD_BUS_VTABLE_PROPERTY_CONST
),
1292 SD_BUS_PROPERTY("SystemCallLog", "(bas)", property_get_syscall_log
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1293 SD_BUS_PROPERTY("Personality", "s", property_get_personality
, offsetof(ExecContext
, personality
), SD_BUS_VTABLE_PROPERTY_CONST
),
1294 SD_BUS_PROPERTY("LockPersonality", "b", bus_property_get_bool
, offsetof(ExecContext
, lock_personality
), SD_BUS_VTABLE_PROPERTY_CONST
),
1295 SD_BUS_PROPERTY("RestrictAddressFamilies", "(bas)", property_get_address_families
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1296 SD_BUS_PROPERTY("RuntimeDirectorySymlink", "a(sst)", bus_property_get_exec_dir_symlink
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_RUNTIME
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1297 SD_BUS_PROPERTY("RuntimeDirectoryPreserve", "s", property_get_exec_preserve_mode
, offsetof(ExecContext
, runtime_directory_preserve_mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
1298 SD_BUS_PROPERTY("RuntimeDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_RUNTIME
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
1299 SD_BUS_PROPERTY("RuntimeDirectory", "as", bus_property_get_exec_dir
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_RUNTIME
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1300 SD_BUS_PROPERTY("StateDirectorySymlink", "a(sst)", bus_property_get_exec_dir_symlink
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_STATE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1301 SD_BUS_PROPERTY("StateDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_STATE
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
1302 SD_BUS_PROPERTY("StateDirectory", "as", bus_property_get_exec_dir
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_STATE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1303 SD_BUS_PROPERTY("CacheDirectorySymlink", "a(sst)", bus_property_get_exec_dir_symlink
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_CACHE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1304 SD_BUS_PROPERTY("CacheDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_CACHE
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
1305 SD_BUS_PROPERTY("CacheDirectory", "as", bus_property_get_exec_dir
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_CACHE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1306 SD_BUS_PROPERTY("LogsDirectorySymlink", "a(sst)", bus_property_get_exec_dir_symlink
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_LOGS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1307 SD_BUS_PROPERTY("LogsDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_LOGS
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
1308 SD_BUS_PROPERTY("LogsDirectory", "as", bus_property_get_exec_dir
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_LOGS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1309 SD_BUS_PROPERTY("ConfigurationDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_CONFIGURATION
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
1310 SD_BUS_PROPERTY("ConfigurationDirectory", "as", bus_property_get_exec_dir
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_CONFIGURATION
]), SD_BUS_VTABLE_PROPERTY_CONST
),
1311 SD_BUS_PROPERTY("TimeoutCleanUSec", "t", bus_property_get_usec
, offsetof(ExecContext
, timeout_clean_usec
), SD_BUS_VTABLE_PROPERTY_CONST
),
1312 SD_BUS_PROPERTY("MemoryDenyWriteExecute", "b", bus_property_get_bool
, offsetof(ExecContext
, memory_deny_write_execute
), SD_BUS_VTABLE_PROPERTY_CONST
),
1313 SD_BUS_PROPERTY("RestrictRealtime", "b", bus_property_get_bool
, offsetof(ExecContext
, restrict_realtime
), SD_BUS_VTABLE_PROPERTY_CONST
),
1314 SD_BUS_PROPERTY("RestrictSUIDSGID", "b", bus_property_get_bool
, offsetof(ExecContext
, restrict_suid_sgid
), SD_BUS_VTABLE_PROPERTY_CONST
),
1315 SD_BUS_PROPERTY("RestrictNamespaces", "t", bus_property_get_ulong
, offsetof(ExecContext
, restrict_namespaces
), SD_BUS_VTABLE_PROPERTY_CONST
),
1316 SD_BUS_PROPERTY("RestrictFileSystems", "(bas)", property_get_restrict_filesystems
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1317 SD_BUS_PROPERTY("BindPaths", "a(ssbt)", property_get_bind_paths
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1318 SD_BUS_PROPERTY("BindReadOnlyPaths", "a(ssbt)", property_get_bind_paths
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1319 SD_BUS_PROPERTY("TemporaryFileSystem", "a(ss)", property_get_temporary_filesystems
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1320 SD_BUS_PROPERTY("MountAPIVFS", "b", property_get_mount_apivfs
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
1321 SD_BUS_PROPERTY("KeyringMode", "s", property_get_exec_keyring_mode
, offsetof(ExecContext
, keyring_mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
1322 SD_BUS_PROPERTY("ProtectProc", "s", property_get_protect_proc
, offsetof(ExecContext
, protect_proc
), SD_BUS_VTABLE_PROPERTY_CONST
),
1323 SD_BUS_PROPERTY("ProcSubset", "s", property_get_proc_subset
, offsetof(ExecContext
, proc_subset
), SD_BUS_VTABLE_PROPERTY_CONST
),
1324 SD_BUS_PROPERTY("ProtectHostname", "b", bus_property_get_bool
, offsetof(ExecContext
, protect_hostname
), SD_BUS_VTABLE_PROPERTY_CONST
),
1325 SD_BUS_PROPERTY("NetworkNamespacePath", "s", NULL
, offsetof(ExecContext
, network_namespace_path
), SD_BUS_VTABLE_PROPERTY_CONST
),
1326 SD_BUS_PROPERTY("IPCNamespacePath", "s", NULL
, offsetof(ExecContext
, ipc_namespace_path
), SD_BUS_VTABLE_PROPERTY_CONST
),
1328 /* Obsolete/redundant properties: */
1329 SD_BUS_PROPERTY("Capabilities", "s", property_get_empty_string
, 0, SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
1330 SD_BUS_PROPERTY("ReadWriteDirectories", "as", NULL
, offsetof(ExecContext
, read_write_paths
), SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
1331 SD_BUS_PROPERTY("ReadOnlyDirectories", "as", NULL
, offsetof(ExecContext
, read_only_paths
), SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
1332 SD_BUS_PROPERTY("InaccessibleDirectories", "as", NULL
, offsetof(ExecContext
, inaccessible_paths
), SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
1333 SD_BUS_PROPERTY("IOScheduling", "i", property_get_ioprio
, 0, SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
1338 static int append_exec_command(sd_bus_message
*reply
, ExecCommand
*c
) {
1347 r
= sd_bus_message_open_container(reply
, 'r', "sasbttttuii");
1351 r
= sd_bus_message_append(reply
, "s", c
->path
);
1355 r
= sd_bus_message_append_strv(reply
, c
->argv
);
1359 r
= sd_bus_message_append(reply
, "bttttuii",
1360 !!(c
->flags
& EXEC_COMMAND_IGNORE_FAILURE
),
1361 c
->exec_status
.start_timestamp
.realtime
,
1362 c
->exec_status
.start_timestamp
.monotonic
,
1363 c
->exec_status
.exit_timestamp
.realtime
,
1364 c
->exec_status
.exit_timestamp
.monotonic
,
1365 (uint32_t) c
->exec_status
.pid
,
1366 (int32_t) c
->exec_status
.code
,
1367 (int32_t) c
->exec_status
.status
);
1371 return sd_bus_message_close_container(reply
);
1374 static int append_exec_ex_command(sd_bus_message
*reply
, ExecCommand
*c
) {
1375 _cleanup_strv_free_
char **ex_opts
= NULL
;
1384 r
= sd_bus_message_open_container(reply
, 'r', "sasasttttuii");
1388 r
= sd_bus_message_append(reply
, "s", c
->path
);
1392 r
= sd_bus_message_append_strv(reply
, c
->argv
);
1396 r
= exec_command_flags_to_strv(c
->flags
, &ex_opts
);
1400 r
= sd_bus_message_append_strv(reply
, ex_opts
);
1404 r
= sd_bus_message_append(reply
, "ttttuii",
1405 c
->exec_status
.start_timestamp
.realtime
,
1406 c
->exec_status
.start_timestamp
.monotonic
,
1407 c
->exec_status
.exit_timestamp
.realtime
,
1408 c
->exec_status
.exit_timestamp
.monotonic
,
1409 (uint32_t) c
->exec_status
.pid
,
1410 (int32_t) c
->exec_status
.code
,
1411 (int32_t) c
->exec_status
.status
);
1415 return sd_bus_message_close_container(reply
);
1418 int bus_property_get_exec_command(
1421 const char *interface
,
1422 const char *property
,
1423 sd_bus_message
*reply
,
1425 sd_bus_error
*ret_error
) {
1427 ExecCommand
*c
= (ExecCommand
*) userdata
;
1433 r
= sd_bus_message_open_container(reply
, 'a', "(sasbttttuii)");
1437 r
= append_exec_command(reply
, c
);
1441 return sd_bus_message_close_container(reply
);
1444 int bus_property_get_exec_command_list(
1447 const char *interface
,
1448 const char *property
,
1449 sd_bus_message
*reply
,
1451 sd_bus_error
*ret_error
) {
1453 ExecCommand
*exec_command
= *(ExecCommand
**) userdata
;
1459 r
= sd_bus_message_open_container(reply
, 'a', "(sasbttttuii)");
1463 LIST_FOREACH(command
, c
, exec_command
) {
1464 r
= append_exec_command(reply
, c
);
1469 return sd_bus_message_close_container(reply
);
1472 int bus_property_get_exec_ex_command_list(
1475 const char *interface
,
1476 const char *property
,
1477 sd_bus_message
*reply
,
1479 sd_bus_error
*ret_error
) {
1481 ExecCommand
*exec_command
= *(ExecCommand
**) userdata
;
1487 r
= sd_bus_message_open_container(reply
, 'a', "(sasasttttuii)");
1491 LIST_FOREACH(command
, c
, exec_command
) {
1492 r
= append_exec_ex_command(reply
, c
);
1497 return sd_bus_message_close_container(reply
);
1500 static char *exec_command_flags_to_exec_chars(ExecCommandFlags flags
) {
1501 return strjoin(FLAGS_SET(flags
, EXEC_COMMAND_IGNORE_FAILURE
) ? "-" : "",
1502 FLAGS_SET(flags
, EXEC_COMMAND_NO_ENV_EXPAND
) ? ":" : "",
1503 FLAGS_SET(flags
, EXEC_COMMAND_FULLY_PRIVILEGED
) ? "+" : "",
1504 FLAGS_SET(flags
, EXEC_COMMAND_NO_SETUID
) ? "!" : "",
1505 FLAGS_SET(flags
, EXEC_COMMAND_AMBIENT_MAGIC
) ? "!!" : "");
1508 int bus_set_transient_exec_command(
1511 ExecCommand
**exec_command
,
1512 sd_bus_message
*message
,
1513 UnitWriteFlags flags
,
1514 sd_bus_error
*error
) {
1515 bool is_ex_prop
= endswith(name
, "Ex");
1519 r
= sd_bus_message_enter_container(message
, 'a', is_ex_prop
? "(sasas)" : "(sasb)");
1523 while ((r
= sd_bus_message_enter_container(message
, 'r', is_ex_prop
? "sasas" : "sasb")) > 0) {
1524 _cleanup_strv_free_
char **argv
= NULL
, **ex_opts
= NULL
;
1528 r
= sd_bus_message_read(message
, "s", &path
);
1532 if (!path_is_absolute(path
) && !filename_is_valid(path
))
1533 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
,
1534 "\"%s\" is neither a valid executable name nor an absolute path",
1537 r
= sd_bus_message_read_strv(message
, &argv
);
1541 if (strv_isempty(argv
))
1542 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
,
1543 "\"%s\" argv cannot be empty", name
);
1545 r
= is_ex_prop
? sd_bus_message_read_strv(message
, &ex_opts
) : sd_bus_message_read(message
, "b", &b
);
1549 r
= sd_bus_message_exit_container(message
);
1553 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1556 c
= new0(ExecCommand
, 1);
1560 c
->path
= strdup(path
);
1566 c
->argv
= TAKE_PTR(argv
);
1569 r
= exec_command_flags_from_strv(ex_opts
, &c
->flags
);
1573 c
->flags
= b
? EXEC_COMMAND_IGNORE_FAILURE
: 0;
1575 path_simplify(c
->path
);
1576 exec_command_append_list(exec_command
, c
);
1584 r
= sd_bus_message_exit_container(message
);
1588 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1589 _cleanup_free_
char *buf
= NULL
;
1590 _cleanup_fclose_
FILE *f
= NULL
;
1594 *exec_command
= exec_command_free_list(*exec_command
);
1596 f
= open_memstream_unlocked(&buf
, &size
);
1600 fprintf(f
, "%s=\n", name
);
1602 LIST_FOREACH(command
, c
, *exec_command
) {
1603 _cleanup_free_
char *a
= NULL
, *exec_chars
= NULL
;
1605 exec_chars
= exec_command_flags_to_exec_chars(c
->flags
);
1609 a
= unit_concat_strv(c
->argv
, UNIT_ESCAPE_SPECIFIERS
|UNIT_ESCAPE_EXEC_SYNTAX
);
1613 if (streq_ptr(c
->path
, c
->argv
? c
->argv
[0] : NULL
))
1614 fprintf(f
, "%s=%s%s\n", name
, exec_chars
, a
);
1616 _cleanup_free_
char *t
= NULL
;
1619 p
= unit_escape_setting(c
->path
,
1620 UNIT_ESCAPE_SPECIFIERS
|UNIT_ESCAPE_EXEC_SYNTAX
, &t
);
1624 fprintf(f
, "%s=%s@%s %s\n", name
, exec_chars
, p
, a
);
1628 r
= fflush_and_check(f
);
1632 unit_write_setting(u
, flags
, name
, buf
);
1638 static int parse_personality(const char *s
, unsigned long *p
) {
1643 v
= personality_from_string(s
);
1644 if (v
== PERSONALITY_INVALID
)
1651 static const char* mount_propagation_flag_to_string_with_check(unsigned long n
) {
1652 if (!mount_propagation_flag_is_valid(n
))
1655 return mount_propagation_flag_to_string(n
);
1658 static BUS_DEFINE_SET_TRANSIENT(nsec
, "t", uint64_t, nsec_t
, NSEC_FMT
);
1659 static BUS_DEFINE_SET_TRANSIENT_IS_VALID(log_level
, "i", int32_t, int, "%" PRIi32
, log_level_is_valid
);
1661 static BUS_DEFINE_SET_TRANSIENT_IS_VALID(errno
, "i", int32_t, int, "%" PRIi32
, seccomp_errno_or_action_is_valid
);
1663 static BUS_DEFINE_SET_TRANSIENT_PARSE(std_input
, ExecInput
, exec_input_from_string
);
1664 static BUS_DEFINE_SET_TRANSIENT_PARSE(std_output
, ExecOutput
, exec_output_from_string
);
1665 static BUS_DEFINE_SET_TRANSIENT_PARSE(utmp_mode
, ExecUtmpMode
, exec_utmp_mode_from_string
);
1666 static BUS_DEFINE_SET_TRANSIENT_PARSE(protect_system
, ProtectSystem
, protect_system_from_string
);
1667 static BUS_DEFINE_SET_TRANSIENT_PARSE(protect_home
, ProtectHome
, protect_home_from_string
);
1668 static BUS_DEFINE_SET_TRANSIENT_PARSE(keyring_mode
, ExecKeyringMode
, exec_keyring_mode_from_string
);
1669 static BUS_DEFINE_SET_TRANSIENT_PARSE(protect_proc
, ProtectProc
, protect_proc_from_string
);
1670 static BUS_DEFINE_SET_TRANSIENT_PARSE(proc_subset
, ProcSubset
, proc_subset_from_string
);
1671 static BUS_DEFINE_SET_TRANSIENT_PARSE(preserve_mode
, ExecPreserveMode
, exec_preserve_mode_from_string
);
1672 static BUS_DEFINE_SET_TRANSIENT_PARSE_PTR(personality
, unsigned long, parse_personality
);
1673 static BUS_DEFINE_SET_TRANSIENT_TO_STRING_ALLOC(secure_bits
, "i", int32_t, int, "%" PRIi32
, secure_bits_to_string_alloc_with_check
);
1674 static BUS_DEFINE_SET_TRANSIENT_TO_STRING_ALLOC(capability
, "t", uint64_t, uint64_t, "%" PRIu64
, capability_set_to_string
);
1675 static BUS_DEFINE_SET_TRANSIENT_TO_STRING_ALLOC(namespace_flag
, "t", uint64_t, unsigned long, "%" PRIu64
, namespace_flags_to_string
);
1676 static BUS_DEFINE_SET_TRANSIENT_TO_STRING(mount_flags
, "t", uint64_t, unsigned long, "%" PRIu64
, mount_propagation_flag_to_string_with_check
);
1678 int bus_exec_context_set_transient_property(
1682 sd_bus_message
*message
,
1683 UnitWriteFlags flags
,
1684 sd_bus_error
*error
) {
1694 flags
|= UNIT_PRIVATE
;
1696 if (streq(name
, "User"))
1697 return bus_set_transient_user_relaxed(u
, name
, &c
->user
, message
, flags
, error
);
1699 if (streq(name
, "Group"))
1700 return bus_set_transient_user_relaxed(u
, name
, &c
->group
, message
, flags
, error
);
1702 if (streq(name
, "TTYPath"))
1703 return bus_set_transient_path(u
, name
, &c
->tty_path
, message
, flags
, error
);
1705 if (streq(name
, "RootImage"))
1706 return bus_set_transient_path(u
, name
, &c
->root_image
, message
, flags
, error
);
1708 if (streq(name
, "RootImageOptions")) {
1709 _cleanup_(mount_options_free_allp
) MountOptions
*options
= NULL
;
1710 _cleanup_free_
char *format_str
= NULL
;
1712 r
= bus_read_mount_options(message
, error
, &options
, &format_str
, " ");
1716 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1718 LIST_JOIN(mount_options
, c
->root_image_options
, options
);
1719 unit_write_settingf(
1720 u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
,
1725 c
->root_image_options
= mount_options_free_all(c
->root_image_options
);
1726 unit_write_settingf(u
, flags
, name
, "%s=", name
);
1733 if (streq(name
, "RootHash")) {
1734 const void *roothash_decoded
;
1735 size_t roothash_decoded_size
;
1737 r
= sd_bus_message_read_array(message
, 'y', &roothash_decoded
, &roothash_decoded_size
);
1741 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1742 _cleanup_free_
char *encoded
= NULL
;
1744 if (roothash_decoded_size
== 0) {
1745 c
->root_hash_path
= mfree(c
->root_hash_path
);
1746 c
->root_hash
= mfree(c
->root_hash
);
1747 c
->root_hash_size
= 0;
1749 unit_write_settingf(u
, flags
, name
, "RootHash=");
1751 _cleanup_free_
void *p
= NULL
;
1753 encoded
= hexmem(roothash_decoded
, roothash_decoded_size
);
1757 p
= memdup(roothash_decoded
, roothash_decoded_size
);
1761 free_and_replace(c
->root_hash
, p
);
1762 c
->root_hash_size
= roothash_decoded_size
;
1763 c
->root_hash_path
= mfree(c
->root_hash_path
);
1765 unit_write_settingf(u
, flags
, name
, "RootHash=%s", encoded
);
1772 if (streq(name
, "RootHashPath")) {
1773 c
->root_hash_size
= 0;
1774 c
->root_hash
= mfree(c
->root_hash
);
1776 return bus_set_transient_path(u
, "RootHash", &c
->root_hash_path
, message
, flags
, error
);
1779 if (streq(name
, "RootHashSignature")) {
1780 const void *roothash_sig_decoded
;
1781 size_t roothash_sig_decoded_size
;
1783 r
= sd_bus_message_read_array(message
, 'y', &roothash_sig_decoded
, &roothash_sig_decoded_size
);
1787 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1788 _cleanup_free_
char *encoded
= NULL
;
1790 if (roothash_sig_decoded_size
== 0) {
1791 c
->root_hash_sig_path
= mfree(c
->root_hash_sig_path
);
1792 c
->root_hash_sig
= mfree(c
->root_hash_sig
);
1793 c
->root_hash_sig_size
= 0;
1795 unit_write_settingf(u
, flags
, name
, "RootHashSignature=");
1797 _cleanup_free_
void *p
= NULL
;
1800 len
= base64mem(roothash_sig_decoded
, roothash_sig_decoded_size
, &encoded
);
1804 p
= memdup(roothash_sig_decoded
, roothash_sig_decoded_size
);
1808 free_and_replace(c
->root_hash_sig
, p
);
1809 c
->root_hash_sig_size
= roothash_sig_decoded_size
;
1810 c
->root_hash_sig_path
= mfree(c
->root_hash_sig_path
);
1812 unit_write_settingf(u
, flags
, name
, "RootHashSignature=base64:%s", encoded
);
1819 if (streq(name
, "RootHashSignaturePath")) {
1820 c
->root_hash_sig_size
= 0;
1821 c
->root_hash_sig
= mfree(c
->root_hash_sig
);
1823 return bus_set_transient_path(u
, "RootHashSignature", &c
->root_hash_sig_path
, message
, flags
, error
);
1826 if (streq(name
, "RootVerity"))
1827 return bus_set_transient_path(u
, name
, &c
->root_verity
, message
, flags
, error
);
1829 if (streq(name
, "RootDirectory"))
1830 return bus_set_transient_path(u
, name
, &c
->root_directory
, message
, flags
, error
);
1832 if (streq(name
, "SyslogIdentifier"))
1833 return bus_set_transient_string(u
, name
, &c
->syslog_identifier
, message
, flags
, error
);
1835 if (streq(name
, "LogLevelMax"))
1836 return bus_set_transient_log_level(u
, name
, &c
->log_level_max
, message
, flags
, error
);
1838 if (streq(name
, "LogRateLimitIntervalUSec"))
1839 return bus_set_transient_usec(u
, name
, &c
->log_ratelimit_interval_usec
, message
, flags
, error
);
1841 if (streq(name
, "LogRateLimitBurst"))
1842 return bus_set_transient_unsigned(u
, name
, &c
->log_ratelimit_burst
, message
, flags
, error
);
1844 if (streq(name
, "LogFilterPatterns")) {
1845 /* Use _cleanup_free_, not _cleanup_strv_free_, as we don't want the content of the strv
1847 _cleanup_free_
char **allow_list
= NULL
, **deny_list
= NULL
;
1848 const char *pattern
;
1851 r
= sd_bus_message_enter_container(message
, 'a', "(bs)");
1855 while ((r
= sd_bus_message_read(message
, "(bs)", &is_allowlist
, &pattern
)) > 0) {
1856 _cleanup_(pattern_freep
) pcre2_code
*compiled_pattern
= NULL
;
1858 if (isempty(pattern
))
1861 r
= pattern_compile_and_log(pattern
, 0, &compiled_pattern
);
1865 r
= strv_push(is_allowlist
? &allow_list
: &deny_list
, (char *)pattern
);
1872 r
= sd_bus_message_exit_container(message
);
1876 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1877 if (strv_isempty(allow_list
) && strv_isempty(deny_list
)) {
1878 c
->log_filter_allowed_patterns
= set_free(c
->log_filter_allowed_patterns
);
1879 c
->log_filter_denied_patterns
= set_free(c
->log_filter_denied_patterns
);
1880 unit_write_settingf(u
, flags
, name
, "%s=", name
);
1882 r
= set_put_strdupv(&c
->log_filter_allowed_patterns
, allow_list
);
1885 r
= set_put_strdupv(&c
->log_filter_denied_patterns
, deny_list
);
1889 STRV_FOREACH(unit_pattern
, allow_list
)
1890 unit_write_settingf(u
, flags
, name
, "%s=%s", name
, *unit_pattern
);
1891 STRV_FOREACH(unit_pattern
, deny_list
)
1892 unit_write_settingf(u
, flags
, name
, "%s=~%s", name
, *unit_pattern
);
1899 if (streq(name
, "Personality"))
1900 return bus_set_transient_personality(u
, name
, &c
->personality
, message
, flags
, error
);
1902 if (streq(name
, "StandardInput"))
1903 return bus_set_transient_std_input(u
, name
, &c
->std_input
, message
, flags
, error
);
1905 if (streq(name
, "StandardOutput"))
1906 return bus_set_transient_std_output(u
, name
, &c
->std_output
, message
, flags
, error
);
1908 if (streq(name
, "StandardError"))
1909 return bus_set_transient_std_output(u
, name
, &c
->std_error
, message
, flags
, error
);
1911 if (streq(name
, "IgnoreSIGPIPE"))
1912 return bus_set_transient_bool(u
, name
, &c
->ignore_sigpipe
, message
, flags
, error
);
1914 if (streq(name
, "TTYVHangup"))
1915 return bus_set_transient_bool(u
, name
, &c
->tty_vhangup
, message
, flags
, error
);
1917 if (streq(name
, "TTYReset"))
1918 return bus_set_transient_bool(u
, name
, &c
->tty_reset
, message
, flags
, error
);
1920 if (streq(name
, "TTYVTDisallocate"))
1921 return bus_set_transient_bool(u
, name
, &c
->tty_vt_disallocate
, message
, flags
, error
);
1923 if (streq(name
, "TTYRows"))
1924 return bus_set_transient_unsigned(u
, name
, &c
->tty_rows
, message
, flags
, error
);
1926 if (streq(name
, "TTYColumns"))
1927 return bus_set_transient_unsigned(u
, name
, &c
->tty_cols
, message
, flags
, error
);
1929 if (streq(name
, "PrivateTmp"))
1930 return bus_set_transient_bool(u
, name
, &c
->private_tmp
, message
, flags
, error
);
1932 if (streq(name
, "PrivateDevices"))
1933 return bus_set_transient_bool(u
, name
, &c
->private_devices
, message
, flags
, error
);
1935 if (streq(name
, "PrivateMounts"))
1936 return bus_set_transient_bool(u
, name
, &c
->private_mounts
, message
, flags
, error
);
1938 if (streq(name
, "PrivateNetwork"))
1939 return bus_set_transient_bool(u
, name
, &c
->private_network
, message
, flags
, error
);
1941 if (streq(name
, "PrivateIPC"))
1942 return bus_set_transient_bool(u
, name
, &c
->private_ipc
, message
, flags
, error
);
1944 if (streq(name
, "PrivateUsers"))
1945 return bus_set_transient_bool(u
, name
, &c
->private_users
, message
, flags
, error
);
1947 if (streq(name
, "NoNewPrivileges"))
1948 return bus_set_transient_bool(u
, name
, &c
->no_new_privileges
, message
, flags
, error
);
1950 if (streq(name
, "SyslogLevelPrefix"))
1951 return bus_set_transient_bool(u
, name
, &c
->syslog_level_prefix
, message
, flags
, error
);
1953 if (streq(name
, "MemoryDenyWriteExecute"))
1954 return bus_set_transient_bool(u
, name
, &c
->memory_deny_write_execute
, message
, flags
, error
);
1956 if (streq(name
, "RestrictRealtime"))
1957 return bus_set_transient_bool(u
, name
, &c
->restrict_realtime
, message
, flags
, error
);
1959 if (streq(name
, "RestrictSUIDSGID"))
1960 return bus_set_transient_bool(u
, name
, &c
->restrict_suid_sgid
, message
, flags
, error
);
1962 if (streq(name
, "DynamicUser"))
1963 return bus_set_transient_bool(u
, name
, &c
->dynamic_user
, message
, flags
, error
);
1965 if (streq(name
, "RemoveIPC"))
1966 return bus_set_transient_bool(u
, name
, &c
->remove_ipc
, message
, flags
, error
);
1968 if (streq(name
, "ProtectKernelTunables"))
1969 return bus_set_transient_bool(u
, name
, &c
->protect_kernel_tunables
, message
, flags
, error
);
1971 if (streq(name
, "ProtectKernelModules"))
1972 return bus_set_transient_bool(u
, name
, &c
->protect_kernel_modules
, message
, flags
, error
);
1974 if (streq(name
, "ProtectKernelLogs"))
1975 return bus_set_transient_bool(u
, name
, &c
->protect_kernel_logs
, message
, flags
, error
);
1977 if (streq(name
, "ProtectClock"))
1978 return bus_set_transient_bool(u
, name
, &c
->protect_clock
, message
, flags
, error
);
1980 if (streq(name
, "ProtectControlGroups"))
1981 return bus_set_transient_bool(u
, name
, &c
->protect_control_groups
, message
, flags
, error
);
1983 if (streq(name
, "CPUSchedulingResetOnFork"))
1984 return bus_set_transient_bool(u
, name
, &c
->cpu_sched_reset_on_fork
, message
, flags
, error
);
1986 if (streq(name
, "NonBlocking"))
1987 return bus_set_transient_bool(u
, name
, &c
->non_blocking
, message
, flags
, error
);
1989 if (streq(name
, "LockPersonality"))
1990 return bus_set_transient_bool(u
, name
, &c
->lock_personality
, message
, flags
, error
);
1992 if (streq(name
, "ProtectHostname"))
1993 return bus_set_transient_bool(u
, name
, &c
->protect_hostname
, message
, flags
, error
);
1995 if (streq(name
, "UtmpIdentifier"))
1996 return bus_set_transient_string(u
, name
, &c
->utmp_id
, message
, flags
, error
);
1998 if (streq(name
, "UtmpMode"))
1999 return bus_set_transient_utmp_mode(u
, name
, &c
->utmp_mode
, message
, flags
, error
);
2001 if (streq(name
, "PAMName"))
2002 return bus_set_transient_string(u
, name
, &c
->pam_name
, message
, flags
, error
);
2004 if (streq(name
, "TimerSlackNSec"))
2005 return bus_set_transient_nsec(u
, name
, &c
->timer_slack_nsec
, message
, flags
, error
);
2007 if (streq(name
, "ProtectSystem"))
2008 return bus_set_transient_protect_system(u
, name
, &c
->protect_system
, message
, flags
, error
);
2010 if (streq(name
, "ProtectHome"))
2011 return bus_set_transient_protect_home(u
, name
, &c
->protect_home
, message
, flags
, error
);
2013 if (streq(name
, "KeyringMode"))
2014 return bus_set_transient_keyring_mode(u
, name
, &c
->keyring_mode
, message
, flags
, error
);
2016 if (streq(name
, "ProtectProc"))
2017 return bus_set_transient_protect_proc(u
, name
, &c
->protect_proc
, message
, flags
, error
);
2019 if (streq(name
, "ProcSubset"))
2020 return bus_set_transient_proc_subset(u
, name
, &c
->proc_subset
, message
, flags
, error
);
2022 if (streq(name
, "RuntimeDirectoryPreserve"))
2023 return bus_set_transient_preserve_mode(u
, name
, &c
->runtime_directory_preserve_mode
, message
, flags
, error
);
2025 if (streq(name
, "UMask"))
2026 return bus_set_transient_mode_t(u
, name
, &c
->umask
, message
, flags
, error
);
2028 if (streq(name
, "RuntimeDirectoryMode"))
2029 return bus_set_transient_mode_t(u
, name
, &c
->directories
[EXEC_DIRECTORY_RUNTIME
].mode
, message
, flags
, error
);
2031 if (streq(name
, "StateDirectoryMode"))
2032 return bus_set_transient_mode_t(u
, name
, &c
->directories
[EXEC_DIRECTORY_STATE
].mode
, message
, flags
, error
);
2034 if (streq(name
, "CacheDirectoryMode"))
2035 return bus_set_transient_mode_t(u
, name
, &c
->directories
[EXEC_DIRECTORY_CACHE
].mode
, message
, flags
, error
);
2037 if (streq(name
, "LogsDirectoryMode"))
2038 return bus_set_transient_mode_t(u
, name
, &c
->directories
[EXEC_DIRECTORY_LOGS
].mode
, message
, flags
, error
);
2040 if (streq(name
, "ConfigurationDirectoryMode"))
2041 return bus_set_transient_mode_t(u
, name
, &c
->directories
[EXEC_DIRECTORY_CONFIGURATION
].mode
, message
, flags
, error
);
2043 if (streq(name
, "SELinuxContext"))
2044 return bus_set_transient_string(u
, name
, &c
->selinux_context
, message
, flags
, error
);
2046 if (streq(name
, "SecureBits"))
2047 return bus_set_transient_secure_bits(u
, name
, &c
->secure_bits
, message
, flags
, error
);
2049 if (streq(name
, "CapabilityBoundingSet"))
2050 return bus_set_transient_capability(u
, name
, &c
->capability_bounding_set
, message
, flags
, error
);
2052 if (streq(name
, "AmbientCapabilities"))
2053 return bus_set_transient_capability(u
, name
, &c
->capability_ambient_set
, message
, flags
, error
);
2055 if (streq(name
, "RestrictNamespaces"))
2056 return bus_set_transient_namespace_flag(u
, name
, &c
->restrict_namespaces
, message
, flags
, error
);
2058 if (streq(name
, "RestrictFileSystems")) {
2060 _cleanup_strv_free_
char **l
= NULL
;
2062 r
= sd_bus_message_enter_container(message
, 'r', "bas");
2066 r
= sd_bus_message_read(message
, "b", &allow_list
);
2070 r
= sd_bus_message_read_strv(message
, &l
);
2074 r
= sd_bus_message_exit_container(message
);
2078 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2079 _cleanup_free_
char *joined
= NULL
;
2080 FilesystemParseFlags invert_flag
= allow_list
? 0 : FILESYSTEM_PARSE_INVERT
;
2082 if (strv_isempty(l
)) {
2083 c
->restrict_filesystems_allow_list
= false;
2084 c
->restrict_filesystems
= set_free(c
->restrict_filesystems
);
2086 unit_write_setting(u
, flags
, name
, "RestrictFileSystems=");
2090 if (!c
->restrict_filesystems
)
2091 c
->restrict_filesystems_allow_list
= allow_list
;
2093 STRV_FOREACH(s
, l
) {
2094 r
= lsm_bpf_parse_filesystem(
2096 &c
->restrict_filesystems
,
2097 FILESYSTEM_PARSE_LOG
|
2098 (invert_flag
? FILESYSTEM_PARSE_INVERT
: 0)|
2099 (c
->restrict_filesystems_allow_list
? FILESYSTEM_PARSE_ALLOW_LIST
: 0),
2105 joined
= strv_join(l
, " ");
2109 unit_write_settingf(u
, flags
, name
, "%s=%s%s", name
, allow_list
? "" : "~", joined
);
2115 if (streq(name
, "MountFlags"))
2116 return bus_set_transient_mount_flags(u
, name
, &c
->mount_flags
, message
, flags
, error
);
2118 if (streq(name
, "NetworkNamespacePath"))
2119 return bus_set_transient_path(u
, name
, &c
->network_namespace_path
, message
, flags
, error
);
2121 if (streq(name
, "IPCNamespacePath"))
2122 return bus_set_transient_path(u
, name
, &c
->ipc_namespace_path
, message
, flags
, error
);
2124 if (streq(name
, "SupplementaryGroups")) {
2125 _cleanup_strv_free_
char **l
= NULL
;
2127 r
= sd_bus_message_read_strv(message
, &l
);
2132 if (!isempty(*p
) && !valid_user_group_name(*p
, VALID_USER_ALLOW_NUMERIC
|VALID_USER_RELAX
|VALID_USER_WARN
))
2133 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
,
2134 "Invalid supplementary group names");
2136 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2137 if (strv_isempty(l
)) {
2138 c
->supplementary_groups
= strv_free(c
->supplementary_groups
);
2139 unit_write_settingf(u
, flags
, name
, "%s=", name
);
2141 _cleanup_free_
char *joined
= NULL
;
2143 r
= strv_extend_strv(&c
->supplementary_groups
, l
, true);
2147 joined
= strv_join(c
->supplementary_groups
, " ");
2151 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "%s=%s", name
, joined
);
2157 } else if (STR_IN_SET(name
, "SetCredential", "SetCredentialEncrypted")) {
2158 bool isempty
= true;
2160 r
= sd_bus_message_enter_container(message
, 'a', "(say)");
2169 r
= sd_bus_message_enter_container(message
, 'r', "say");
2175 r
= sd_bus_message_read(message
, "s", &id
);
2179 r
= sd_bus_message_read_array(message
, 'y', &p
, &sz
);
2183 r
= sd_bus_message_exit_container(message
);
2187 if (!credential_name_valid(id
))
2188 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Credential ID is invalid: %s", id
);
2192 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2193 _cleanup_free_
char *a
= NULL
, *b
= NULL
;
2194 _cleanup_free_
void *copy
= NULL
;
2195 ExecSetCredential
*old
;
2197 copy
= memdup(p
, sz
);
2201 old
= hashmap_get(c
->set_credentials
, id
);
2203 free_and_replace(old
->data
, copy
);
2205 old
->encrypted
= streq(name
, "SetCredentialEncrypted");
2207 _cleanup_(exec_set_credential_freep
) ExecSetCredential
*sc
= NULL
;
2209 sc
= new(ExecSetCredential
, 1);
2213 *sc
= (ExecSetCredential
) {
2215 .data
= TAKE_PTR(copy
),
2217 .encrypted
= streq(name
, "SetCredentialEncrypted"),
2223 r
= hashmap_ensure_put(&c
->set_credentials
, &exec_set_credential_hash_ops
, sc
->id
, sc
);
2230 a
= specifier_escape(id
);
2234 b
= cescape_length(p
, sz
);
2238 (void) unit_write_settingf(u
, flags
, name
, "%s=%s:%s", name
, a
, b
);
2242 r
= sd_bus_message_exit_container(message
);
2246 if (!UNIT_WRITE_FLAGS_NOOP(flags
) && isempty
) {
2247 c
->set_credentials
= hashmap_free(c
->set_credentials
);
2248 (void) unit_write_settingf(u
, flags
, name
, "%s=", name
);
2253 } else if (STR_IN_SET(name
, "LoadCredential", "LoadCredentialEncrypted")) {
2254 bool isempty
= true;
2256 r
= sd_bus_message_enter_container(message
, 'a', "(ss)");
2261 const char *id
, *source
;
2263 r
= sd_bus_message_read(message
, "(ss)", &id
, &source
);
2269 if (!credential_name_valid(id
))
2270 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Credential ID is invalid: %s", id
);
2272 if (!(path_is_absolute(source
) ? path_is_normalized(source
) : credential_name_valid(source
)))
2273 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Credential source is invalid: %s", source
);
2277 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2278 _cleanup_free_
char *copy
= NULL
;
2279 ExecLoadCredential
*old
;
2281 copy
= strdup(source
);
2285 old
= hashmap_get(c
->load_credentials
, id
);
2287 free_and_replace(old
->path
, copy
);
2288 old
->encrypted
= streq(name
, "LoadCredentialEncrypted");
2290 _cleanup_(exec_load_credential_freep
) ExecLoadCredential
*lc
= NULL
;
2292 lc
= new(ExecLoadCredential
, 1);
2296 *lc
= (ExecLoadCredential
) {
2298 .path
= TAKE_PTR(copy
),
2299 .encrypted
= streq(name
, "LoadCredentialEncrypted"),
2305 r
= hashmap_ensure_put(&c
->load_credentials
, &exec_load_credential_hash_ops
, lc
->id
, lc
);
2312 (void) unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "%s=%s:%s", name
, id
, source
);
2316 r
= sd_bus_message_exit_container(message
);
2320 if (!UNIT_WRITE_FLAGS_NOOP(flags
) && isempty
) {
2321 c
->load_credentials
= hashmap_free(c
->load_credentials
);
2322 (void) unit_write_settingf(u
, flags
, name
, "%s=", name
);
2327 } else if (streq(name
, "SyslogLevel")) {
2330 r
= sd_bus_message_read(message
, "i", &level
);
2334 if (!log_level_is_valid(level
))
2335 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "Log level value out of range");
2337 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2338 c
->syslog_priority
= (c
->syslog_priority
& LOG_FACMASK
) | level
;
2339 unit_write_settingf(u
, flags
, name
, "SyslogLevel=%i", level
);
2344 } else if (streq(name
, "SyslogFacility")) {
2347 r
= sd_bus_message_read(message
, "i", &facility
);
2351 if (!log_facility_unshifted_is_valid(facility
))
2352 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "Log facility value out of range");
2354 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2355 c
->syslog_priority
= (facility
<< 3) | LOG_PRI(c
->syslog_priority
);
2356 unit_write_settingf(u
, flags
, name
, "SyslogFacility=%i", facility
);
2361 } else if (streq(name
, "LogNamespace")) {
2364 r
= sd_bus_message_read(message
, "s", &n
);
2368 if (!isempty(n
) && !log_namespace_name_valid(n
))
2369 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "Log namespace name not valid");
2371 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2374 c
->log_namespace
= mfree(c
->log_namespace
);
2375 unit_write_settingf(u
, flags
, name
, "%s=", name
);
2377 r
= free_and_strdup(&c
->log_namespace
, n
);
2381 unit_write_settingf(u
, flags
, name
, "%s=%s", name
, n
);
2387 } else if (streq(name
, "LogExtraFields")) {
2390 r
= sd_bus_message_enter_container(message
, 'a', "ay");
2395 _cleanup_free_
void *copy
= NULL
;
2401 /* Note that we expect a byte array for each field, instead of a string. That's because on the
2402 * lower-level journal fields can actually contain binary data and are not restricted to text,
2403 * and we should not "lose precision" in our types on the way. That said, I am pretty sure
2404 * actually encoding binary data as unit metadata is not a good idea. Hence we actually refuse
2405 * any actual binary data, and only accept UTF-8. This allows us to eventually lift this
2406 * limitation, should a good, valid usecase arise. */
2408 r
= sd_bus_message_read_array(message
, 'y', &p
, &sz
);
2414 if (memchr(p
, 0, sz
))
2415 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "Journal field contains zero byte");
2417 eq
= memchr(p
, '=', sz
);
2419 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "Journal field contains no '=' character");
2420 if (!journal_field_valid(p
, eq
- (const char*) p
, false))
2421 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "Journal field invalid");
2423 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2424 t
= reallocarray(c
->log_extra_fields
, c
->n_log_extra_fields
+1, sizeof(struct iovec
));
2427 c
->log_extra_fields
= t
;
2430 copy
= malloc(sz
+ 1);
2434 memcpy(copy
, p
, sz
);
2435 ((uint8_t*) copy
)[sz
] = 0;
2437 if (!utf8_is_valid(copy
))
2438 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "Journal field is not valid UTF-8");
2440 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2441 c
->log_extra_fields
[c
->n_log_extra_fields
++] = IOVEC_MAKE(copy
, sz
);
2442 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
|UNIT_ESCAPE_C
, name
, "LogExtraFields=%s", (char*) copy
);
2450 r
= sd_bus_message_exit_container(message
);
2454 if (!UNIT_WRITE_FLAGS_NOOP(flags
) && n
== 0) {
2455 exec_context_free_log_extra_fields(c
);
2456 unit_write_setting(u
, flags
, name
, "LogExtraFields=");
2464 if (streq(name
, "SystemCallErrorNumber"))
2465 return bus_set_transient_errno(u
, name
, &c
->syscall_errno
, message
, flags
, error
);
2467 if (streq(name
, "SystemCallFilter")) {
2469 _cleanup_strv_free_
char **l
= NULL
;
2471 r
= sd_bus_message_enter_container(message
, 'r', "bas");
2475 r
= sd_bus_message_read(message
, "b", &allow_list
);
2479 r
= sd_bus_message_read_strv(message
, &l
);
2483 r
= sd_bus_message_exit_container(message
);
2487 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2488 _cleanup_free_
char *joined
= NULL
;
2489 SeccompParseFlags invert_flag
= allow_list
? 0 : SECCOMP_PARSE_INVERT
;
2491 if (strv_isempty(l
)) {
2492 c
->syscall_allow_list
= false;
2493 c
->syscall_filter
= hashmap_free(c
->syscall_filter
);
2495 unit_write_settingf(u
, flags
, name
, "SystemCallFilter=");
2499 if (!c
->syscall_filter
) {
2500 c
->syscall_filter
= hashmap_new(NULL
);
2501 if (!c
->syscall_filter
)
2504 c
->syscall_allow_list
= allow_list
;
2506 if (c
->syscall_allow_list
) {
2507 r
= seccomp_parse_syscall_filter("@default",
2510 SECCOMP_PARSE_PERMISSIVE
|
2511 SECCOMP_PARSE_ALLOW_LIST
,
2519 STRV_FOREACH(s
, l
) {
2520 _cleanup_free_
char *n
= NULL
;
2523 r
= parse_syscall_and_errno(*s
, &n
, &e
);
2527 if (allow_list
&& e
>= 0)
2530 r
= seccomp_parse_syscall_filter(n
,
2533 SECCOMP_PARSE_LOG
| SECCOMP_PARSE_PERMISSIVE
|
2535 (c
->syscall_allow_list
? SECCOMP_PARSE_ALLOW_LIST
: 0),
2542 joined
= strv_join(l
, " ");
2546 unit_write_settingf(u
, flags
, name
, "SystemCallFilter=%s%s", allow_list
? "" : "~", joined
);
2551 } else if (streq(name
, "SystemCallLog")) {
2553 _cleanup_strv_free_
char **l
= NULL
;
2555 r
= sd_bus_message_enter_container(message
, 'r', "bas");
2559 r
= sd_bus_message_read(message
, "b", &allow_list
);
2563 r
= sd_bus_message_read_strv(message
, &l
);
2567 r
= sd_bus_message_exit_container(message
);
2571 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2572 _cleanup_free_
char *joined
= NULL
;
2573 SeccompParseFlags invert_flag
= allow_list
? 0 : SECCOMP_PARSE_INVERT
;
2575 if (strv_isempty(l
)) {
2576 c
->syscall_log_allow_list
= false;
2577 c
->syscall_log
= hashmap_free(c
->syscall_log
);
2579 unit_write_settingf(u
, flags
, name
, "SystemCallLog=");
2583 if (!c
->syscall_log
) {
2584 c
->syscall_log
= hashmap_new(NULL
);
2585 if (!c
->syscall_log
)
2588 c
->syscall_log_allow_list
= allow_list
;
2591 STRV_FOREACH(s
, l
) {
2592 r
= seccomp_parse_syscall_filter(*s
,
2593 -1, /* errno not used */
2595 SECCOMP_PARSE_LOG
| SECCOMP_PARSE_PERMISSIVE
|
2597 (c
->syscall_log_allow_list
? SECCOMP_PARSE_ALLOW_LIST
: 0),
2604 joined
= strv_join(l
, " ");
2608 unit_write_settingf(u
, flags
, name
, "SystemCallLog=%s%s", allow_list
? "" : "~", joined
);
2613 } else if (streq(name
, "SystemCallArchitectures")) {
2614 _cleanup_strv_free_
char **l
= NULL
;
2616 r
= sd_bus_message_read_strv(message
, &l
);
2620 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2621 _cleanup_free_
char *joined
= NULL
;
2623 if (strv_isempty(l
))
2624 c
->syscall_archs
= set_free(c
->syscall_archs
);
2626 STRV_FOREACH(s
, l
) {
2629 r
= seccomp_arch_from_string(*s
, &a
);
2633 r
= set_ensure_put(&c
->syscall_archs
, NULL
, UINT32_TO_PTR(a
+ 1));
2638 joined
= strv_join(l
, " ");
2642 unit_write_settingf(u
, flags
, name
, "%s=%s", name
, joined
);
2647 } else if (streq(name
, "RestrictAddressFamilies")) {
2648 _cleanup_strv_free_
char **l
= NULL
;
2651 r
= sd_bus_message_enter_container(message
, 'r', "bas");
2655 r
= sd_bus_message_read(message
, "b", &allow_list
);
2659 r
= sd_bus_message_read_strv(message
, &l
);
2663 r
= sd_bus_message_exit_container(message
);
2667 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2668 _cleanup_free_
char *joined
= NULL
;
2670 if (strv_isempty(l
)) {
2671 c
->address_families_allow_list
= allow_list
;
2672 c
->address_families
= set_free(c
->address_families
);
2674 unit_write_settingf(u
, flags
, name
, "RestrictAddressFamilies=%s",
2675 allow_list
? "none" : "");
2679 if (!c
->address_families
) {
2680 c
->address_families
= set_new(NULL
);
2681 if (!c
->address_families
)
2684 c
->address_families_allow_list
= allow_list
;
2687 STRV_FOREACH(s
, l
) {
2690 af
= af_from_name(*s
);
2694 if (allow_list
== c
->address_families_allow_list
) {
2695 r
= set_put(c
->address_families
, INT_TO_PTR(af
));
2699 set_remove(c
->address_families
, INT_TO_PTR(af
));
2702 joined
= strv_join(l
, " ");
2706 unit_write_settingf(u
, flags
, name
, "RestrictAddressFamilies=%s%s", allow_list
? "" : "~", joined
);
2712 if (STR_IN_SET(name
, "CPUAffinity", "NUMAMask")) {
2715 bool affinity
= streq(name
, "CPUAffinity");
2716 _cleanup_(cpu_set_reset
) CPUSet set
= {};
2718 r
= sd_bus_message_read_array(message
, 'y', &a
, &n
);
2722 r
= cpu_set_from_dbus(a
, n
, &set
);
2726 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2728 cpu_set_reset(affinity
? &c
->cpu_set
: &c
->numa_policy
.nodes
);
2729 unit_write_settingf(u
, flags
, name
, "%s=", name
);
2731 _cleanup_free_
char *str
= NULL
;
2733 str
= cpu_set_to_string(&set
);
2737 /* We forego any optimizations here, and always create the structure using
2738 * cpu_set_add_all(), because we don't want to care if the existing size we
2739 * got over dbus is appropriate. */
2740 r
= cpu_set_add_all(affinity
? &c
->cpu_set
: &c
->numa_policy
.nodes
, &set
);
2744 unit_write_settingf(u
, flags
, name
, "%s=%s", name
, str
);
2750 } else if (streq(name
, "CPUAffinityFromNUMA")) {
2753 r
= sd_bus_message_read_basic(message
, 'b', &q
);
2757 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2758 c
->cpu_affinity_from_numa
= q
;
2759 unit_write_settingf(u
, flags
, name
, "%s=%s", "CPUAffinity", "numa");
2764 } else if (streq(name
, "NUMAPolicy")) {
2767 r
= sd_bus_message_read(message
, "i", &type
);
2771 if (!mpol_is_valid(type
))
2772 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid NUMAPolicy value: %i", type
);
2774 if (!UNIT_WRITE_FLAGS_NOOP(flags
))
2775 c
->numa_policy
.type
= type
;
2779 } else if (streq(name
, "Nice")) {
2782 r
= sd_bus_message_read(message
, "i", &q
);
2786 if (!nice_is_valid(q
))
2787 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid Nice value: %i", q
);
2789 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2793 unit_write_settingf(u
, flags
, name
, "Nice=%i", q
);
2798 } else if (streq(name
, "CPUSchedulingPolicy")) {
2801 r
= sd_bus_message_read(message
, "i", &q
);
2805 if (!sched_policy_is_valid(q
))
2806 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid CPU scheduling policy: %i", q
);
2808 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2809 _cleanup_free_
char *s
= NULL
;
2811 r
= sched_policy_to_string_alloc(q
, &s
);
2815 c
->cpu_sched_policy
= q
;
2816 c
->cpu_sched_priority
= CLAMP(c
->cpu_sched_priority
, sched_get_priority_min(q
), sched_get_priority_max(q
));
2817 c
->cpu_sched_set
= true;
2819 unit_write_settingf(u
, flags
, name
, "CPUSchedulingPolicy=%s", s
);
2824 } else if (streq(name
, "CPUSchedulingPriority")) {
2827 r
= sd_bus_message_read(message
, "i", &p
);
2831 /* On Linux RR/FIFO range from 1 to 99 and OTHER/BATCH may only be 0. Policy might be set
2832 * later so we do not check the precise range, but only the generic outer bounds. */
2833 if (p
< 0 || p
> 99)
2834 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid CPU scheduling priority: %i", p
);
2836 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2837 c
->cpu_sched_priority
= p
;
2838 c
->cpu_sched_set
= true;
2840 unit_write_settingf(u
, flags
, name
, "CPUSchedulingPriority=%i", p
);
2845 } else if (streq(name
, "IOSchedulingClass")) {
2848 r
= sd_bus_message_read(message
, "i", &q
);
2852 if (!ioprio_class_is_valid(q
))
2853 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid IO scheduling class: %i", q
);
2855 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2856 _cleanup_free_
char *s
= NULL
;
2858 r
= ioprio_class_to_string_alloc(q
, &s
);
2862 c
->ioprio
= ioprio_normalize(ioprio_prio_value(q
, ioprio_prio_data(c
->ioprio
)));
2863 c
->ioprio_set
= true;
2865 unit_write_settingf(u
, flags
, name
, "IOSchedulingClass=%s", s
);
2870 } else if (streq(name
, "IOSchedulingPriority")) {
2873 r
= sd_bus_message_read(message
, "i", &p
);
2877 if (!ioprio_priority_is_valid(p
))
2878 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid IO scheduling priority: %i", p
);
2880 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2881 c
->ioprio
= ioprio_normalize(ioprio_prio_value(ioprio_prio_class(c
->ioprio
), p
));
2882 c
->ioprio_set
= true;
2884 unit_write_settingf(u
, flags
, name
, "IOSchedulingPriority=%i", p
);
2889 } else if (streq(name
, "MountAPIVFS")) {
2892 r
= bus_set_transient_bool(u
, name
, &b
, message
, flags
, error
);
2896 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2897 c
->mount_apivfs
= b
;
2898 c
->mount_apivfs_set
= true;
2903 } else if (streq(name
, "WorkingDirectory")) {
2907 r
= sd_bus_message_read(message
, "s", &s
);
2917 if (!isempty(s
) && !streq(s
, "~") && !path_is_absolute(s
))
2918 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "WorkingDirectory= expects an absolute path or '~'");
2920 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2921 if (streq(s
, "~")) {
2922 c
->working_directory
= mfree(c
->working_directory
);
2923 c
->working_directory_home
= true;
2925 r
= free_and_strdup(&c
->working_directory
, empty_to_null(s
));
2929 c
->working_directory_home
= false;
2932 c
->working_directory_missing_ok
= missing_ok
;
2933 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "WorkingDirectory=%s%s", missing_ok
? "-" : "", s
);
2938 } else if (STR_IN_SET(name
,
2939 "StandardInputFileDescriptorName", "StandardOutputFileDescriptorName", "StandardErrorFileDescriptorName")) {
2942 r
= sd_bus_message_read(message
, "s", &s
);
2946 if (!isempty(s
) && !fdname_is_valid(s
))
2947 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid file descriptor name");
2949 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2951 if (streq(name
, "StandardInputFileDescriptorName")) {
2952 r
= free_and_strdup(c
->stdio_fdname
+ STDIN_FILENO
, empty_to_null(s
));
2956 c
->std_input
= EXEC_INPUT_NAMED_FD
;
2957 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardInput=fd:%s", exec_context_fdname(c
, STDIN_FILENO
));
2959 } else if (streq(name
, "StandardOutputFileDescriptorName")) {
2960 r
= free_and_strdup(c
->stdio_fdname
+ STDOUT_FILENO
, empty_to_null(s
));
2964 c
->std_output
= EXEC_OUTPUT_NAMED_FD
;
2965 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardOutput=fd:%s", exec_context_fdname(c
, STDOUT_FILENO
));
2968 assert(streq(name
, "StandardErrorFileDescriptorName"));
2970 r
= free_and_strdup(&c
->stdio_fdname
[STDERR_FILENO
], empty_to_null(s
));
2974 c
->std_error
= EXEC_OUTPUT_NAMED_FD
;
2975 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardError=fd:%s", exec_context_fdname(c
, STDERR_FILENO
));
2981 } else if (STR_IN_SET(name
,
2982 "StandardInputFile",
2983 "StandardOutputFile", "StandardOutputFileToAppend", "StandardOutputFileToTruncate",
2984 "StandardErrorFile", "StandardErrorFileToAppend", "StandardErrorFileToTruncate")) {
2987 r
= sd_bus_message_read(message
, "s", &s
);
2992 if (!path_is_absolute(s
))
2993 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Path %s is not absolute", s
);
2994 if (!path_is_normalized(s
))
2995 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Path %s is not normalized", s
);
2998 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3000 if (streq(name
, "StandardInputFile")) {
3001 r
= free_and_strdup(&c
->stdio_file
[STDIN_FILENO
], empty_to_null(s
));
3005 c
->std_input
= EXEC_INPUT_FILE
;
3006 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardInput=file:%s", s
);
3008 } else if (STR_IN_SET(name
, "StandardOutputFile", "StandardOutputFileToAppend", "StandardOutputFileToTruncate")) {
3009 r
= free_and_strdup(&c
->stdio_file
[STDOUT_FILENO
], empty_to_null(s
));
3013 if (streq(name
, "StandardOutputFile")) {
3014 c
->std_output
= EXEC_OUTPUT_FILE
;
3015 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardOutput=file:%s", s
);
3016 } else if (streq(name
, "StandardOutputFileToAppend")) {
3017 c
->std_output
= EXEC_OUTPUT_FILE_APPEND
;
3018 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardOutput=append:%s", s
);
3020 assert(streq(name
, "StandardOutputFileToTruncate"));
3021 c
->std_output
= EXEC_OUTPUT_FILE_TRUNCATE
;
3022 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardOutput=truncate:%s", s
);
3025 assert(STR_IN_SET(name
, "StandardErrorFile", "StandardErrorFileToAppend", "StandardErrorFileToTruncate"));
3027 r
= free_and_strdup(&c
->stdio_file
[STDERR_FILENO
], empty_to_null(s
));
3031 if (streq(name
, "StandardErrorFile")) {
3032 c
->std_error
= EXEC_OUTPUT_FILE
;
3033 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardError=file:%s", s
);
3034 } else if (streq(name
, "StandardErrorFileToAppend")) {
3035 c
->std_error
= EXEC_OUTPUT_FILE_APPEND
;
3036 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardError=append:%s", s
);
3038 assert(streq(name
, "StandardErrorFileToTruncate"));
3039 c
->std_error
= EXEC_OUTPUT_FILE_TRUNCATE
;
3040 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardError=truncate:%s", s
);
3047 } else if (streq(name
, "StandardInputData")) {
3051 r
= sd_bus_message_read_array(message
, 'y', &p
, &sz
);
3055 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3056 _cleanup_free_
char *encoded
= NULL
;
3059 c
->stdin_data
= mfree(c
->stdin_data
);
3060 c
->stdin_data_size
= 0;
3062 unit_write_settingf(u
, flags
, name
, "StandardInputData=");
3067 if (c
->stdin_data_size
+ sz
< c
->stdin_data_size
|| /* check for overflow */
3068 c
->stdin_data_size
+ sz
> EXEC_STDIN_DATA_MAX
)
3071 n
= base64mem(p
, sz
, &encoded
);
3075 q
= realloc(c
->stdin_data
, c
->stdin_data_size
+ sz
);
3079 memcpy((uint8_t*) q
+ c
->stdin_data_size
, p
, sz
);
3082 c
->stdin_data_size
+= sz
;
3084 unit_write_settingf(u
, flags
, name
, "StandardInputData=%s", encoded
);
3090 } else if (streq(name
, "Environment")) {
3092 _cleanup_strv_free_
char **l
= NULL
;
3094 r
= sd_bus_message_read_strv(message
, &l
);
3098 if (!strv_env_is_valid(l
))
3099 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid environment block.");
3101 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3102 if (strv_isempty(l
)) {
3103 c
->environment
= strv_free(c
->environment
);
3104 unit_write_setting(u
, flags
, name
, "Environment=");
3106 _cleanup_free_
char *joined
= NULL
;
3109 joined
= unit_concat_strv(l
, UNIT_ESCAPE_SPECIFIERS
|UNIT_ESCAPE_C
);
3113 e
= strv_env_merge(c
->environment
, l
);
3117 strv_free_and_replace(c
->environment
, e
);
3118 unit_write_settingf(u
, flags
, name
, "Environment=%s", joined
);
3124 } else if (streq(name
, "UnsetEnvironment")) {
3126 _cleanup_strv_free_
char **l
= NULL
;
3128 r
= sd_bus_message_read_strv(message
, &l
);
3132 if (!strv_env_name_or_assignment_is_valid(l
))
3133 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid UnsetEnvironment= list.");
3135 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3136 if (strv_isempty(l
)) {
3137 c
->unset_environment
= strv_free(c
->unset_environment
);
3138 unit_write_setting(u
, flags
, name
, "UnsetEnvironment=");
3140 _cleanup_free_
char *joined
= NULL
;
3143 joined
= unit_concat_strv(l
, UNIT_ESCAPE_SPECIFIERS
|UNIT_ESCAPE_C
);
3147 e
= strv_env_merge(c
->unset_environment
, l
);
3151 strv_free_and_replace(c
->unset_environment
, e
);
3152 unit_write_settingf(u
, flags
, name
, "UnsetEnvironment=%s", joined
);
3158 } else if (streq(name
, "OOMScoreAdjust")) {
3161 r
= sd_bus_message_read(message
, "i", &oa
);
3165 if (!oom_score_adjust_is_valid(oa
))
3166 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "OOM score adjust value out of range");
3168 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3169 c
->oom_score_adjust
= oa
;
3170 c
->oom_score_adjust_set
= true;
3171 unit_write_settingf(u
, flags
, name
, "OOMScoreAdjust=%i", oa
);
3176 } else if (streq(name
, "CoredumpFilter")) {
3179 r
= sd_bus_message_read(message
, "t", &f
);
3183 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3184 c
->coredump_filter
= f
;
3185 c
->coredump_filter_set
= true;
3186 unit_write_settingf(u
, flags
, name
, "CoredumpFilter=0x%"PRIx64
, f
);
3191 } else if (streq(name
, "EnvironmentFiles")) {
3193 _cleanup_free_
char *joined
= NULL
;
3194 _cleanup_fclose_
FILE *f
= NULL
;
3195 _cleanup_strv_free_
char **l
= NULL
;
3198 r
= sd_bus_message_enter_container(message
, 'a', "(sb)");
3202 f
= open_memstream_unlocked(&joined
, &size
);
3206 fputs("EnvironmentFile=\n", f
);
3208 STRV_FOREACH(i
, c
->environment_files
) {
3209 _cleanup_free_
char *q
= NULL
;
3211 q
= specifier_escape(*i
);
3215 fprintf(f
, "EnvironmentFile=%s\n", q
);
3218 while ((r
= sd_bus_message_enter_container(message
, 'r', "sb")) > 0) {
3222 r
= sd_bus_message_read(message
, "sb", &path
, &b
);
3226 r
= sd_bus_message_exit_container(message
);
3230 if (!path_is_absolute(path
))
3231 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Path %s is not absolute.", path
);
3233 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3234 _cleanup_free_
char *q
= NULL
, *buf
= NULL
;
3236 buf
= strjoin(b
? "-" : "", path
);
3240 q
= specifier_escape(buf
);
3244 fprintf(f
, "EnvironmentFile=%s\n", q
);
3246 r
= strv_consume(&l
, TAKE_PTR(buf
));
3254 r
= sd_bus_message_exit_container(message
);
3258 r
= fflush_and_check(f
);
3262 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3263 if (strv_isempty(l
)) {
3264 c
->environment_files
= strv_free(c
->environment_files
);
3265 unit_write_setting(u
, flags
, name
, "EnvironmentFile=");
3267 r
= strv_extend_strv(&c
->environment_files
, l
, true);
3271 unit_write_setting(u
, flags
, name
, joined
);
3277 } else if (streq(name
, "PassEnvironment")) {
3279 _cleanup_strv_free_
char **l
= NULL
;
3281 r
= sd_bus_message_read_strv(message
, &l
);
3285 if (!strv_env_name_is_valid(l
))
3286 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid PassEnvironment= block.");
3288 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3289 if (strv_isempty(l
)) {
3290 c
->pass_environment
= strv_free(c
->pass_environment
);
3291 unit_write_setting(u
, flags
, name
, "PassEnvironment=");
3293 _cleanup_free_
char *joined
= NULL
;
3295 r
= strv_extend_strv(&c
->pass_environment
, l
, true);
3299 /* We write just the new settings out to file, with unresolved specifiers. */
3300 joined
= unit_concat_strv(l
, UNIT_ESCAPE_SPECIFIERS
);
3304 unit_write_settingf(u
, flags
, name
, "PassEnvironment=%s", joined
);
3310 } else if (STR_IN_SET(name
, "ReadWriteDirectories", "ReadOnlyDirectories", "InaccessibleDirectories",
3311 "ReadWritePaths", "ReadOnlyPaths", "InaccessiblePaths", "ExecPaths", "NoExecPaths",
3312 "ExtensionDirectories")) {
3313 _cleanup_strv_free_
char **l
= NULL
;
3316 r
= sd_bus_message_read_strv(message
, &l
);
3320 STRV_FOREACH(p
, l
) {
3324 offset
= i
[0] == '-';
3325 offset
+= i
[offset
] == '+';
3326 if (!path_is_absolute(i
+ offset
))
3327 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid %s", name
);
3329 path_simplify(i
+ offset
);
3332 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3333 if (STR_IN_SET(name
, "ReadWriteDirectories", "ReadWritePaths"))
3334 dirs
= &c
->read_write_paths
;
3335 else if (STR_IN_SET(name
, "ReadOnlyDirectories", "ReadOnlyPaths"))
3336 dirs
= &c
->read_only_paths
;
3337 else if (streq(name
, "ExecPaths"))
3338 dirs
= &c
->exec_paths
;
3339 else if (streq(name
, "NoExecPaths"))
3340 dirs
= &c
->no_exec_paths
;
3341 else if (streq(name
, "ExtensionDirectories"))
3342 dirs
= &c
->extension_directories
;
3343 else /* "InaccessiblePaths" */
3344 dirs
= &c
->inaccessible_paths
;
3346 if (strv_isempty(l
)) {
3347 *dirs
= strv_free(*dirs
);
3348 unit_write_settingf(u
, flags
, name
, "%s=", name
);
3350 _cleanup_free_
char *joined
= NULL
;
3352 joined
= unit_concat_strv(l
, UNIT_ESCAPE_SPECIFIERS
);
3356 r
= strv_extend_strv(dirs
, l
, true);
3360 unit_write_settingf(u
, flags
, name
, "%s=%s", name
, joined
);
3366 } else if (streq(name
, "ExecSearchPath")) {
3367 _cleanup_strv_free_
char **l
= NULL
;
3369 r
= sd_bus_message_read_strv(message
, &l
);
3374 if (!path_is_absolute(*p
) || !path_is_normalized(*p
) || strchr(*p
, ':'))
3375 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid %s", name
);
3377 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3378 if (strv_isempty(l
)) {
3379 c
->exec_search_path
= strv_free(c
->exec_search_path
);
3380 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "ExecSearchPath=");
3382 _cleanup_free_
char *joined
= NULL
;
3383 r
= strv_extend_strv(&c
->exec_search_path
, l
, true);
3386 joined
= strv_join(c
->exec_search_path
, ":");
3389 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "ExecSearchPath=%s", joined
);
3395 } else if (STR_IN_SET(name
, "RuntimeDirectory", "StateDirectory", "CacheDirectory", "LogsDirectory", "ConfigurationDirectory")) {
3396 _cleanup_strv_free_
char **l
= NULL
;
3398 r
= sd_bus_message_read_strv(message
, &l
);
3402 STRV_FOREACH(p
, l
) {
3403 if (!path_is_normalized(*p
))
3404 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "%s= path is not normalized: %s", name
, *p
);
3406 if (path_is_absolute(*p
))
3407 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "%s= path is absolute: %s", name
, *p
);
3409 if (path_startswith(*p
, "private"))
3410 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "%s= path can't be 'private': %s", name
, *p
);
3413 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3414 ExecDirectoryType i
;
3417 assert_se((i
= exec_directory_type_from_string(name
)) >= 0);
3418 d
= c
->directories
+ i
;
3420 if (strv_isempty(l
)) {
3421 exec_directory_done(d
);
3422 unit_write_settingf(u
, flags
, name
, "%s=", name
);
3424 _cleanup_free_
char *joined
= NULL
;
3426 STRV_FOREACH(source
, l
) {
3427 r
= exec_directory_add(d
, *source
, NULL
);
3431 exec_directory_sort(d
);
3433 joined
= unit_concat_strv(l
, UNIT_ESCAPE_SPECIFIERS
);
3437 unit_write_settingf(u
, flags
, name
, "%s=%s", name
, joined
);
3443 } else if (STR_IN_SET(name
, "AppArmorProfile", "SmackProcessLabel")) {
3447 r
= sd_bus_message_read(message
, "(bs)", &ignore
, &s
);
3451 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3455 if (streq(name
, "AppArmorProfile")) {
3456 p
= &c
->apparmor_profile
;
3457 b
= &c
->apparmor_profile_ignore
;
3458 } else { /* "SmackProcessLabel" */
3459 p
= &c
->smack_process_label
;
3460 b
= &c
->smack_process_label_ignore
;
3467 if (free_and_strdup(p
, s
) < 0)
3472 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "%s=%s%s", name
, ignore
? "-" : "", strempty(s
));
3477 } else if (STR_IN_SET(name
, "BindPaths", "BindReadOnlyPaths")) {
3478 char *source
, *destination
;
3480 uint64_t mount_flags
;
3483 r
= sd_bus_message_enter_container(message
, 'a', "(ssbt)");
3487 while ((r
= sd_bus_message_read(message
, "(ssbt)", &source
, &destination
, &ignore_enoent
, &mount_flags
)) > 0) {
3489 if (!path_is_absolute(source
))
3490 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Source path %s is not absolute.", source
);
3491 if (!path_is_absolute(destination
))
3492 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Destination path %s is not absolute.", destination
);
3493 if (!IN_SET(mount_flags
, 0, MS_REC
))
3494 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "Unknown mount flags.");
3496 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3497 r
= bind_mount_add(&c
->bind_mounts
, &c
->n_bind_mounts
,
3500 .destination
= destination
,
3501 .read_only
= !!strstr(name
, "ReadOnly"),
3502 .recursive
= !!(mount_flags
& MS_REC
),
3503 .ignore_enoent
= ignore_enoent
,
3508 unit_write_settingf(
3509 u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
,
3512 ignore_enoent
? "-" : "",
3515 (mount_flags
& MS_REC
) ? "rbind" : "norbind");
3523 r
= sd_bus_message_exit_container(message
);
3528 bind_mount_free_many(c
->bind_mounts
, c
->n_bind_mounts
);
3529 c
->bind_mounts
= NULL
;
3530 c
->n_bind_mounts
= 0;
3532 unit_write_settingf(u
, flags
, name
, "%s=", name
);
3537 } else if (streq(name
, "TemporaryFileSystem")) {
3538 const char *path
, *options
;
3541 r
= sd_bus_message_enter_container(message
, 'a', "(ss)");
3545 while ((r
= sd_bus_message_read(message
, "(ss)", &path
, &options
)) > 0) {
3547 if (!path_is_absolute(path
))
3548 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Mount point %s is not absolute.", path
);
3550 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3551 r
= temporary_filesystem_add(&c
->temporary_filesystems
, &c
->n_temporary_filesystems
, path
, options
);
3555 unit_write_settingf(
3556 u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
,
3568 r
= sd_bus_message_exit_container(message
);
3573 temporary_filesystem_free_many(c
->temporary_filesystems
, c
->n_temporary_filesystems
);
3574 c
->temporary_filesystems
= NULL
;
3575 c
->n_temporary_filesystems
= 0;
3577 unit_write_settingf(u
, flags
, name
, "%s=", name
);
3582 } else if ((suffix
= startswith(name
, "Limit"))) {
3583 const char *soft
= NULL
;
3586 ri
= rlimit_from_string(suffix
);
3588 soft
= endswith(suffix
, "Soft");
3592 n
= strndupa_safe(suffix
, soft
- suffix
);
3593 ri
= rlimit_from_string(n
);
3595 name
= strjoina("Limit", n
);
3603 r
= sd_bus_message_read(message
, "t", &rl
);
3607 if (rl
== UINT64_MAX
)
3612 if ((uint64_t) x
!= rl
)
3616 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3617 _cleanup_free_
char *f
= NULL
;
3620 if (c
->rlimit
[ri
]) {
3621 nl
= *c
->rlimit
[ri
];
3628 /* When the resource limit is not initialized yet, then assign the value to both fields */
3629 nl
= (struct rlimit
) {
3634 r
= rlimit_format(&nl
, &f
);
3639 *c
->rlimit
[ri
] = nl
;
3641 c
->rlimit
[ri
] = newdup(struct rlimit
, &nl
, 1);
3646 unit_write_settingf(u
, flags
, name
, "%s=%s", name
, f
);
3652 } else if (streq(name
, "MountImages")) {
3653 _cleanup_free_
char *format_str
= NULL
;
3654 MountImage
*mount_images
= NULL
;
3655 size_t n_mount_images
= 0;
3656 char *source
, *destination
;
3659 r
= sd_bus_message_enter_container(message
, 'a', "(ssba(ss))");
3664 _cleanup_(mount_options_free_allp
) MountOptions
*options
= NULL
;
3665 _cleanup_free_
char *source_escaped
= NULL
, *destination_escaped
= NULL
;
3668 r
= sd_bus_message_enter_container(message
, 'r', "ssba(ss)");
3672 r
= sd_bus_message_read(message
, "ssb", &source
, &destination
, &permissive
);
3676 if (!path_is_absolute(source
))
3677 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Source path %s is not absolute.", source
);
3678 if (!path_is_normalized(source
))
3679 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Source path %s is not normalized.", source
);
3680 if (!path_is_absolute(destination
))
3681 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Destination path %s is not absolute.", destination
);
3682 if (!path_is_normalized(destination
))
3683 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Destination path %s is not normalized.", destination
);
3685 /* Need to store them in the unit with the escapes, so that they can be parsed again */
3686 source_escaped
= shell_escape(source
, ":");
3687 if (!source_escaped
)
3689 destination_escaped
= shell_escape(destination
, ":");
3690 if (!destination_escaped
)
3693 tuple
= strjoin(format_str
,
3694 format_str
? " " : "",
3695 permissive
? "-" : "",
3698 destination_escaped
);
3701 free_and_replace(format_str
, tuple
);
3703 r
= bus_read_mount_options(message
, error
, &options
, &format_str
, ":");
3707 r
= sd_bus_message_exit_container(message
);
3711 r
= mount_image_add(&mount_images
, &n_mount_images
,
3714 .destination
= destination
,
3715 .mount_options
= options
,
3716 .ignore_enoent
= permissive
,
3717 .type
= MOUNT_IMAGE_DISCRETE
,
3725 r
= sd_bus_message_exit_container(message
);
3729 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3730 if (n_mount_images
== 0) {
3731 c
->mount_images
= mount_image_free_many(c
->mount_images
, &c
->n_mount_images
);
3733 unit_write_settingf(u
, flags
, name
, "%s=", name
);
3735 for (size_t i
= 0; i
< n_mount_images
; ++i
) {
3736 r
= mount_image_add(&c
->mount_images
, &c
->n_mount_images
, &mount_images
[i
]);
3741 unit_write_settingf(u
, flags
|UNIT_ESCAPE_C
|UNIT_ESCAPE_SPECIFIERS
,
3749 mount_images
= mount_image_free_many(mount_images
, &n_mount_images
);
3752 } else if (streq(name
, "ExtensionImages")) {
3753 _cleanup_free_
char *format_str
= NULL
;
3754 MountImage
*extension_images
= NULL
;
3755 size_t n_extension_images
= 0;
3757 r
= sd_bus_message_enter_container(message
, 'a', "(sba(ss))");
3762 _cleanup_(mount_options_free_allp
) MountOptions
*options
= NULL
;
3763 _cleanup_free_
char *source_escaped
= NULL
;
3764 char *source
, *tuple
;
3767 r
= sd_bus_message_enter_container(message
, 'r', "sba(ss)");
3771 r
= sd_bus_message_read(message
, "sb", &source
, &permissive
);
3775 if (!path_is_absolute(source
))
3776 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Source path %s is not absolute.", source
);
3777 if (!path_is_normalized(source
))
3778 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Source path %s is not normalized.", source
);
3780 /* Need to store them in the unit with the escapes, so that they can be parsed again */
3781 source_escaped
= shell_escape(source
, ":");
3782 if (!source_escaped
)
3785 tuple
= strjoin(format_str
,
3786 format_str
? " " : "",
3787 permissive
? "-" : "",
3791 free_and_replace(format_str
, tuple
);
3793 r
= bus_read_mount_options(message
, error
, &options
, &format_str
, ":");
3797 r
= sd_bus_message_exit_container(message
);
3801 r
= mount_image_add(&extension_images
, &n_extension_images
,
3804 .mount_options
= options
,
3805 .ignore_enoent
= permissive
,
3806 .type
= MOUNT_IMAGE_EXTENSION
,
3814 r
= sd_bus_message_exit_container(message
);
3818 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3819 if (n_extension_images
== 0) {
3820 c
->extension_images
= mount_image_free_many(c
->extension_images
, &c
->n_extension_images
);
3822 unit_write_settingf(u
, flags
, name
, "%s=", name
);
3824 for (size_t i
= 0; i
< n_extension_images
; ++i
) {
3825 r
= mount_image_add(&c
->extension_images
, &c
->n_extension_images
, &extension_images
[i
]);
3830 unit_write_settingf(u
, flags
|UNIT_ESCAPE_C
|UNIT_ESCAPE_SPECIFIERS
,
3838 extension_images
= mount_image_free_many(extension_images
, &n_extension_images
);
3842 } else if (STR_IN_SET(name
, "StateDirectorySymlink", "RuntimeDirectorySymlink", "CacheDirectorySymlink", "LogsDirectorySymlink")) {
3843 char *source
, *destination
;
3844 ExecDirectory
*directory
;
3845 uint64_t symlink_flags
; /* No flags for now, reserved for future uses. */
3846 ExecDirectoryType i
;
3848 assert_se((i
= exec_directory_type_symlink_from_string(name
)) >= 0);
3849 directory
= c
->directories
+ i
;
3851 r
= sd_bus_message_enter_container(message
, 'a', "(sst)");
3855 while ((r
= sd_bus_message_read(message
, "(sst)", &source
, &destination
, &symlink_flags
)) > 0) {
3856 if (!path_is_valid(source
))
3857 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Source path %s is not valid.", source
);
3858 if (path_is_absolute(source
))
3859 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Source path %s is absolute.", source
);
3860 if (!path_is_normalized(source
))
3861 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Source path %s is not normalized.", source
);
3862 if (!path_is_valid(destination
))
3863 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Destination path %s is not valid.", destination
);
3864 if (path_is_absolute(destination
))
3865 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Destination path %s is absolute.", destination
);
3866 if (!path_is_normalized(destination
))
3867 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Destination path %s is not normalized.", destination
);
3868 if (symlink_flags
!= 0)
3869 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Flags must be zero.");
3871 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
3872 _cleanup_free_
char *destination_escaped
= NULL
, *source_escaped
= NULL
;
3874 r
= exec_directory_add(directory
, source
, destination
);
3878 /* Need to store them in the unit with the escapes, so that they can be parsed again */
3879 source_escaped
= xescape(source
, ":");
3880 destination_escaped
= xescape(destination
, ":");
3881 if (!source_escaped
|| !destination_escaped
)
3884 unit_write_settingf(
3885 u
, flags
|UNIT_ESCAPE_SPECIFIERS
, exec_directory_type_to_string(i
),
3887 exec_directory_type_to_string(i
),
3889 destination_escaped
);
3895 exec_directory_sort(directory
);
3897 r
= sd_bus_message_exit_container(message
);