1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2010 Lennart Poettering
10 #include <stdio_ext.h>
17 #include "alloc-util.h"
20 #include "capability-util.h"
21 #include "cpu-set-util.h"
22 #include "dbus-execute.h"
23 #include "dbus-util.h"
25 #include "errno-list.h"
30 #include "hexdecoct.h"
33 #include "journal-util.h"
35 #include "mount-util.h"
36 #include "namespace.h"
37 #include "parse-util.h"
38 #include "path-util.h"
39 #include "process-util.h"
40 #include "rlimit-util.h"
42 #include "seccomp-util.h"
44 #include "securebits-util.h"
45 #include "specifier.h"
47 #include "syslog-util.h"
48 #include "unit-printf.h"
49 #include "user-util.h"
52 BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_exec_output
, exec_output
, ExecOutput
);
53 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_input
, exec_input
, ExecInput
);
55 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_utmp_mode
, exec_utmp_mode
, ExecUtmpMode
);
56 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_preserve_mode
, exec_preserve_mode
, ExecPreserveMode
);
57 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_keyring_mode
, exec_keyring_mode
, ExecKeyringMode
);
59 static BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_protect_home
, protect_home
, ProtectHome
);
60 static BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_protect_system
, protect_system
, ProtectSystem
);
62 static int property_get_environment_files(
65 const char *interface
,
67 sd_bus_message
*reply
,
69 sd_bus_error
*error
) {
71 ExecContext
*c
= userdata
;
79 r
= sd_bus_message_open_container(reply
, 'a', "(sb)");
83 STRV_FOREACH(j
, c
->environment_files
) {
86 r
= sd_bus_message_append(reply
, "(sb)", fn
[0] == '-' ? fn
+ 1 : fn
, fn
[0] == '-');
91 return sd_bus_message_close_container(reply
);
94 static int property_get_oom_score_adjust(
97 const char *interface
,
99 sd_bus_message
*reply
,
101 sd_bus_error
*error
) {
103 ExecContext
*c
= userdata
;
110 if (c
->oom_score_adjust_set
)
111 n
= c
->oom_score_adjust
;
113 _cleanup_free_
char *t
= NULL
;
116 if (read_one_line_file("/proc/self/oom_score_adj", &t
) >= 0)
120 return sd_bus_message_append(reply
, "i", n
);
123 static int property_get_nice(
126 const char *interface
,
127 const char *property
,
128 sd_bus_message
*reply
,
130 sd_bus_error
*error
) {
132 ExecContext
*c
= userdata
;
143 n
= getpriority(PRIO_PROCESS
, 0);
148 return sd_bus_message_append(reply
, "i", n
);
151 static int property_get_ioprio(
154 const char *interface
,
155 const char *property
,
156 sd_bus_message
*reply
,
158 sd_bus_error
*error
) {
160 ExecContext
*c
= userdata
;
166 return sd_bus_message_append(reply
, "i", exec_context_get_effective_ioprio(c
));
169 static int property_get_ioprio_class(
172 const char *interface
,
173 const char *property
,
174 sd_bus_message
*reply
,
176 sd_bus_error
*error
) {
178 ExecContext
*c
= userdata
;
184 return sd_bus_message_append(reply
, "i", IOPRIO_PRIO_CLASS(exec_context_get_effective_ioprio(c
)));
187 static int property_get_ioprio_priority(
190 const char *interface
,
191 const char *property
,
192 sd_bus_message
*reply
,
194 sd_bus_error
*error
) {
196 ExecContext
*c
= userdata
;
202 return sd_bus_message_append(reply
, "i", IOPRIO_PRIO_DATA(exec_context_get_effective_ioprio(c
)));
205 static int property_get_cpu_sched_policy(
208 const char *interface
,
209 const char *property
,
210 sd_bus_message
*reply
,
212 sd_bus_error
*error
) {
214 ExecContext
*c
= userdata
;
221 if (c
->cpu_sched_set
)
222 n
= c
->cpu_sched_policy
;
224 n
= sched_getscheduler(0);
229 return sd_bus_message_append(reply
, "i", n
);
232 static int property_get_cpu_sched_priority(
235 const char *interface
,
236 const char *property
,
237 sd_bus_message
*reply
,
239 sd_bus_error
*error
) {
241 ExecContext
*c
= userdata
;
248 if (c
->cpu_sched_set
)
249 n
= c
->cpu_sched_priority
;
251 struct sched_param p
= {};
253 if (sched_getparam(0, &p
) >= 0)
254 n
= p
.sched_priority
;
259 return sd_bus_message_append(reply
, "i", n
);
262 static int property_get_cpu_affinity(
265 const char *interface
,
266 const char *property
,
267 sd_bus_message
*reply
,
269 sd_bus_error
*error
) {
271 ExecContext
*c
= userdata
;
278 return sd_bus_message_append_array(reply
, 'y', c
->cpuset
, CPU_ALLOC_SIZE(c
->cpuset_ncpus
));
280 return sd_bus_message_append_array(reply
, 'y', NULL
, 0);
283 static int property_get_timer_slack_nsec(
286 const char *interface
,
287 const char *property
,
288 sd_bus_message
*reply
,
290 sd_bus_error
*error
) {
292 ExecContext
*c
= userdata
;
299 if (c
->timer_slack_nsec
!= NSEC_INFINITY
)
300 u
= (uint64_t) c
->timer_slack_nsec
;
302 u
= (uint64_t) prctl(PR_GET_TIMERSLACK
);
304 return sd_bus_message_append(reply
, "t", u
);
307 static int property_get_capability_bounding_set(
310 const char *interface
,
311 const char *property
,
312 sd_bus_message
*reply
,
314 sd_bus_error
*error
) {
316 ExecContext
*c
= userdata
;
322 return sd_bus_message_append(reply
, "t", c
->capability_bounding_set
);
325 static int property_get_ambient_capabilities(
328 const char *interface
,
329 const char *property
,
330 sd_bus_message
*reply
,
332 sd_bus_error
*error
) {
334 ExecContext
*c
= userdata
;
340 return sd_bus_message_append(reply
, "t", c
->capability_ambient_set
);
343 static int property_get_empty_string(
346 const char *interface
,
347 const char *property
,
348 sd_bus_message
*reply
,
350 sd_bus_error
*error
) {
355 return sd_bus_message_append(reply
, "s", "");
358 static int property_get_syscall_filter(
361 const char *interface
,
362 const char *property
,
363 sd_bus_message
*reply
,
365 sd_bus_error
*error
) {
367 ExecContext
*c
= userdata
;
368 _cleanup_strv_free_
char **l
= NULL
;
380 r
= sd_bus_message_open_container(reply
, 'r', "bas");
384 r
= sd_bus_message_append(reply
, "b", c
->syscall_whitelist
);
389 HASHMAP_FOREACH_KEY(val
, id
, c
->syscall_filter
, i
) {
390 _cleanup_free_
char *name
= NULL
;
391 const char *e
= NULL
;
393 int num
= PTR_TO_INT(val
);
395 name
= seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE
, PTR_TO_INT(id
) - 1);
400 e
= errno_to_name(num
);
402 s
= strjoin(name
, ":", e
);
406 r
= asprintf(&s
, "%s:%d", name
, num
);
413 r
= strv_consume(&l
, s
);
421 r
= sd_bus_message_append_strv(reply
, l
);
425 return sd_bus_message_close_container(reply
);
428 static int property_get_syscall_archs(
431 const char *interface
,
432 const char *property
,
433 sd_bus_message
*reply
,
435 sd_bus_error
*error
) {
437 ExecContext
*c
= userdata
;
438 _cleanup_strv_free_
char **l
= NULL
;
451 SET_FOREACH(id
, c
->syscall_archs
, i
) {
454 name
= seccomp_arch_to_string(PTR_TO_UINT32(id
) - 1);
458 r
= strv_extend(&l
, name
);
466 r
= sd_bus_message_append_strv(reply
, l
);
473 static int property_get_syscall_errno(
476 const char *interface
,
477 const char *property
,
478 sd_bus_message
*reply
,
480 sd_bus_error
*error
) {
482 ExecContext
*c
= userdata
;
488 return sd_bus_message_append(reply
, "i", (int32_t) c
->syscall_errno
);
491 static int property_get_selinux_context(
494 const char *interface
,
495 const char *property
,
496 sd_bus_message
*reply
,
498 sd_bus_error
*error
) {
500 ExecContext
*c
= userdata
;
506 return sd_bus_message_append(reply
, "(bs)", c
->selinux_context_ignore
, c
->selinux_context
);
509 static int property_get_apparmor_profile(
512 const char *interface
,
513 const char *property
,
514 sd_bus_message
*reply
,
516 sd_bus_error
*error
) {
518 ExecContext
*c
= userdata
;
524 return sd_bus_message_append(reply
, "(bs)", c
->apparmor_profile_ignore
, c
->apparmor_profile
);
527 static int property_get_smack_process_label(
530 const char *interface
,
531 const char *property
,
532 sd_bus_message
*reply
,
534 sd_bus_error
*error
) {
536 ExecContext
*c
= userdata
;
542 return sd_bus_message_append(reply
, "(bs)", c
->smack_process_label_ignore
, c
->smack_process_label
);
545 static int property_get_personality(
548 const char *interface
,
549 const char *property
,
550 sd_bus_message
*reply
,
552 sd_bus_error
*error
) {
554 ExecContext
*c
= userdata
;
560 return sd_bus_message_append(reply
, "s", personality_to_string(c
->personality
));
563 static int property_get_address_families(
566 const char *interface
,
567 const char *property
,
568 sd_bus_message
*reply
,
570 sd_bus_error
*error
) {
572 ExecContext
*c
= userdata
;
573 _cleanup_strv_free_
char **l
= NULL
;
582 r
= sd_bus_message_open_container(reply
, 'r', "bas");
586 r
= sd_bus_message_append(reply
, "b", c
->address_families_whitelist
);
590 SET_FOREACH(af
, c
->address_families
, i
) {
593 name
= af_to_name(PTR_TO_INT(af
));
597 r
= strv_extend(&l
, name
);
604 r
= sd_bus_message_append_strv(reply
, l
);
608 return sd_bus_message_close_container(reply
);
611 static int property_get_working_directory(
614 const char *interface
,
615 const char *property
,
616 sd_bus_message
*reply
,
618 sd_bus_error
*error
) {
620 ExecContext
*c
= userdata
;
627 if (c
->working_directory_home
)
630 wd
= c
->working_directory
;
632 if (c
->working_directory_missing_ok
)
633 wd
= strjoina("!", wd
);
635 return sd_bus_message_append(reply
, "s", wd
);
638 static int property_get_syslog_level(
641 const char *interface
,
642 const char *property
,
643 sd_bus_message
*reply
,
645 sd_bus_error
*error
) {
647 ExecContext
*c
= userdata
;
653 return sd_bus_message_append(reply
, "i", LOG_PRI(c
->syslog_priority
));
656 static int property_get_syslog_facility(
659 const char *interface
,
660 const char *property
,
661 sd_bus_message
*reply
,
663 sd_bus_error
*error
) {
665 ExecContext
*c
= userdata
;
671 return sd_bus_message_append(reply
, "i", LOG_FAC(c
->syslog_priority
));
674 static int property_get_stdio_fdname(
677 const char *interface
,
678 const char *property
,
679 sd_bus_message
*reply
,
681 sd_bus_error
*error
) {
683 ExecContext
*c
= userdata
;
691 if (streq(property
, "StandardInputFileDescriptorName"))
692 fileno
= STDIN_FILENO
;
693 else if (streq(property
, "StandardOutputFileDescriptorName"))
694 fileno
= STDOUT_FILENO
;
696 assert(streq(property
, "StandardErrorFileDescriptorName"));
697 fileno
= STDERR_FILENO
;
700 return sd_bus_message_append(reply
, "s", exec_context_fdname(c
, fileno
));
703 static int property_get_input_data(
706 const char *interface
,
707 const char *property
,
708 sd_bus_message
*reply
,
710 sd_bus_error
*error
) {
712 ExecContext
*c
= userdata
;
719 return sd_bus_message_append_array(reply
, 'y', c
->stdin_data
, c
->stdin_data_size
);
722 static int property_get_bind_paths(
725 const char *interface
,
726 const char *property
,
727 sd_bus_message
*reply
,
729 sd_bus_error
*error
) {
731 ExecContext
*c
= userdata
;
741 ro
= !!strstr(property
, "ReadOnly");
743 r
= sd_bus_message_open_container(reply
, 'a', "(ssbt)");
747 for (i
= 0; i
< c
->n_bind_mounts
; i
++) {
749 if (ro
!= c
->bind_mounts
[i
].read_only
)
752 r
= sd_bus_message_append(
754 c
->bind_mounts
[i
].source
,
755 c
->bind_mounts
[i
].destination
,
756 c
->bind_mounts
[i
].ignore_enoent
,
757 c
->bind_mounts
[i
].recursive
? (uint64_t) MS_REC
: (uint64_t) 0);
762 return sd_bus_message_close_container(reply
);
765 static int property_get_temporary_filesystems(
768 const char *interface
,
769 const char *property
,
770 sd_bus_message
*reply
,
772 sd_bus_error
*error
) {
774 ExecContext
*c
= userdata
;
783 r
= sd_bus_message_open_container(reply
, 'a', "(ss)");
787 for (i
= 0; i
< c
->n_temporary_filesystems
; i
++) {
788 TemporaryFileSystem
*t
= c
->temporary_filesystems
+ i
;
790 r
= sd_bus_message_append(
798 return sd_bus_message_close_container(reply
);
801 static int property_get_log_extra_fields(
804 const char *interface
,
805 const char *property
,
806 sd_bus_message
*reply
,
808 sd_bus_error
*error
) {
810 ExecContext
*c
= userdata
;
819 r
= sd_bus_message_open_container(reply
, 'a', "ay");
823 for (i
= 0; i
< c
->n_log_extra_fields
; i
++) {
824 r
= sd_bus_message_append_array(reply
, 'y', c
->log_extra_fields
[i
].iov_base
, c
->log_extra_fields
[i
].iov_len
);
829 return sd_bus_message_close_container(reply
);
832 const sd_bus_vtable bus_exec_vtable
[] = {
833 SD_BUS_VTABLE_START(0),
834 SD_BUS_PROPERTY("Environment", "as", NULL
, offsetof(ExecContext
, environment
), SD_BUS_VTABLE_PROPERTY_CONST
),
835 SD_BUS_PROPERTY("EnvironmentFiles", "a(sb)", property_get_environment_files
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
836 SD_BUS_PROPERTY("PassEnvironment", "as", NULL
, offsetof(ExecContext
, pass_environment
), SD_BUS_VTABLE_PROPERTY_CONST
),
837 SD_BUS_PROPERTY("UnsetEnvironment", "as", NULL
, offsetof(ExecContext
, unset_environment
), SD_BUS_VTABLE_PROPERTY_CONST
),
838 SD_BUS_PROPERTY("UMask", "u", bus_property_get_mode
, offsetof(ExecContext
, umask
), SD_BUS_VTABLE_PROPERTY_CONST
),
839 SD_BUS_PROPERTY("LimitCPU", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_CPU
]), SD_BUS_VTABLE_PROPERTY_CONST
),
840 SD_BUS_PROPERTY("LimitCPUSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_CPU
]), SD_BUS_VTABLE_PROPERTY_CONST
),
841 SD_BUS_PROPERTY("LimitFSIZE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_FSIZE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
842 SD_BUS_PROPERTY("LimitFSIZESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_FSIZE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
843 SD_BUS_PROPERTY("LimitDATA", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_DATA
]), SD_BUS_VTABLE_PROPERTY_CONST
),
844 SD_BUS_PROPERTY("LimitDATASoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_DATA
]), SD_BUS_VTABLE_PROPERTY_CONST
),
845 SD_BUS_PROPERTY("LimitSTACK", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_STACK
]), SD_BUS_VTABLE_PROPERTY_CONST
),
846 SD_BUS_PROPERTY("LimitSTACKSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_STACK
]), SD_BUS_VTABLE_PROPERTY_CONST
),
847 SD_BUS_PROPERTY("LimitCORE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_CORE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
848 SD_BUS_PROPERTY("LimitCORESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_CORE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
849 SD_BUS_PROPERTY("LimitRSS", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RSS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
850 SD_BUS_PROPERTY("LimitRSSSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RSS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
851 SD_BUS_PROPERTY("LimitNOFILE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NOFILE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
852 SD_BUS_PROPERTY("LimitNOFILESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NOFILE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
853 SD_BUS_PROPERTY("LimitAS", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_AS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
854 SD_BUS_PROPERTY("LimitASSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_AS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
855 SD_BUS_PROPERTY("LimitNPROC", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NPROC
]), SD_BUS_VTABLE_PROPERTY_CONST
),
856 SD_BUS_PROPERTY("LimitNPROCSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NPROC
]), SD_BUS_VTABLE_PROPERTY_CONST
),
857 SD_BUS_PROPERTY("LimitMEMLOCK", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_MEMLOCK
]), SD_BUS_VTABLE_PROPERTY_CONST
),
858 SD_BUS_PROPERTY("LimitMEMLOCKSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_MEMLOCK
]), SD_BUS_VTABLE_PROPERTY_CONST
),
859 SD_BUS_PROPERTY("LimitLOCKS", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_LOCKS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
860 SD_BUS_PROPERTY("LimitLOCKSSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_LOCKS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
861 SD_BUS_PROPERTY("LimitSIGPENDING", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_SIGPENDING
]), SD_BUS_VTABLE_PROPERTY_CONST
),
862 SD_BUS_PROPERTY("LimitSIGPENDINGSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_SIGPENDING
]), SD_BUS_VTABLE_PROPERTY_CONST
),
863 SD_BUS_PROPERTY("LimitMSGQUEUE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_MSGQUEUE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
864 SD_BUS_PROPERTY("LimitMSGQUEUESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_MSGQUEUE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
865 SD_BUS_PROPERTY("LimitNICE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NICE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
866 SD_BUS_PROPERTY("LimitNICESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NICE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
867 SD_BUS_PROPERTY("LimitRTPRIO", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RTPRIO
]), SD_BUS_VTABLE_PROPERTY_CONST
),
868 SD_BUS_PROPERTY("LimitRTPRIOSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RTPRIO
]), SD_BUS_VTABLE_PROPERTY_CONST
),
869 SD_BUS_PROPERTY("LimitRTTIME", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RTTIME
]), SD_BUS_VTABLE_PROPERTY_CONST
),
870 SD_BUS_PROPERTY("LimitRTTIMESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RTTIME
]), SD_BUS_VTABLE_PROPERTY_CONST
),
871 SD_BUS_PROPERTY("WorkingDirectory", "s", property_get_working_directory
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
872 SD_BUS_PROPERTY("RootDirectory", "s", NULL
, offsetof(ExecContext
, root_directory
), SD_BUS_VTABLE_PROPERTY_CONST
),
873 SD_BUS_PROPERTY("RootImage", "s", NULL
, offsetof(ExecContext
, root_image
), SD_BUS_VTABLE_PROPERTY_CONST
),
874 SD_BUS_PROPERTY("OOMScoreAdjust", "i", property_get_oom_score_adjust
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
875 SD_BUS_PROPERTY("Nice", "i", property_get_nice
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
876 SD_BUS_PROPERTY("IOSchedulingClass", "i", property_get_ioprio_class
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
877 SD_BUS_PROPERTY("IOSchedulingPriority", "i", property_get_ioprio_priority
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
878 SD_BUS_PROPERTY("CPUSchedulingPolicy", "i", property_get_cpu_sched_policy
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
879 SD_BUS_PROPERTY("CPUSchedulingPriority", "i", property_get_cpu_sched_priority
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
880 SD_BUS_PROPERTY("CPUAffinity", "ay", property_get_cpu_affinity
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
881 SD_BUS_PROPERTY("TimerSlackNSec", "t", property_get_timer_slack_nsec
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
882 SD_BUS_PROPERTY("CPUSchedulingResetOnFork", "b", bus_property_get_bool
, offsetof(ExecContext
, cpu_sched_reset_on_fork
), SD_BUS_VTABLE_PROPERTY_CONST
),
883 SD_BUS_PROPERTY("NonBlocking", "b", bus_property_get_bool
, offsetof(ExecContext
, non_blocking
), SD_BUS_VTABLE_PROPERTY_CONST
),
884 SD_BUS_PROPERTY("StandardInput", "s", property_get_exec_input
, offsetof(ExecContext
, std_input
), SD_BUS_VTABLE_PROPERTY_CONST
),
885 SD_BUS_PROPERTY("StandardInputFileDescriptorName", "s", property_get_stdio_fdname
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
886 SD_BUS_PROPERTY("StandardInputData", "ay", property_get_input_data
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
887 SD_BUS_PROPERTY("StandardOutput", "s", bus_property_get_exec_output
, offsetof(ExecContext
, std_output
), SD_BUS_VTABLE_PROPERTY_CONST
),
888 SD_BUS_PROPERTY("StandardOutputFileDescriptorName", "s", property_get_stdio_fdname
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
889 SD_BUS_PROPERTY("StandardError", "s", bus_property_get_exec_output
, offsetof(ExecContext
, std_error
), SD_BUS_VTABLE_PROPERTY_CONST
),
890 SD_BUS_PROPERTY("StandardErrorFileDescriptorName", "s", property_get_stdio_fdname
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
891 SD_BUS_PROPERTY("TTYPath", "s", NULL
, offsetof(ExecContext
, tty_path
), SD_BUS_VTABLE_PROPERTY_CONST
),
892 SD_BUS_PROPERTY("TTYReset", "b", bus_property_get_bool
, offsetof(ExecContext
, tty_reset
), SD_BUS_VTABLE_PROPERTY_CONST
),
893 SD_BUS_PROPERTY("TTYVHangup", "b", bus_property_get_bool
, offsetof(ExecContext
, tty_vhangup
), SD_BUS_VTABLE_PROPERTY_CONST
),
894 SD_BUS_PROPERTY("TTYVTDisallocate", "b", bus_property_get_bool
, offsetof(ExecContext
, tty_vt_disallocate
), SD_BUS_VTABLE_PROPERTY_CONST
),
895 SD_BUS_PROPERTY("SyslogPriority", "i", bus_property_get_int
, offsetof(ExecContext
, syslog_priority
), SD_BUS_VTABLE_PROPERTY_CONST
),
896 SD_BUS_PROPERTY("SyslogIdentifier", "s", NULL
, offsetof(ExecContext
, syslog_identifier
), SD_BUS_VTABLE_PROPERTY_CONST
),
897 SD_BUS_PROPERTY("SyslogLevelPrefix", "b", bus_property_get_bool
, offsetof(ExecContext
, syslog_level_prefix
), SD_BUS_VTABLE_PROPERTY_CONST
),
898 SD_BUS_PROPERTY("SyslogLevel", "i", property_get_syslog_level
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
899 SD_BUS_PROPERTY("SyslogFacility", "i", property_get_syslog_facility
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
900 SD_BUS_PROPERTY("LogLevelMax", "i", bus_property_get_int
, offsetof(ExecContext
, log_level_max
), SD_BUS_VTABLE_PROPERTY_CONST
),
901 SD_BUS_PROPERTY("LogExtraFields", "aay", property_get_log_extra_fields
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
902 SD_BUS_PROPERTY("SecureBits", "i", bus_property_get_int
, offsetof(ExecContext
, secure_bits
), SD_BUS_VTABLE_PROPERTY_CONST
),
903 SD_BUS_PROPERTY("CapabilityBoundingSet", "t", property_get_capability_bounding_set
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
904 SD_BUS_PROPERTY("AmbientCapabilities", "t", property_get_ambient_capabilities
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
905 SD_BUS_PROPERTY("User", "s", NULL
, offsetof(ExecContext
, user
), SD_BUS_VTABLE_PROPERTY_CONST
),
906 SD_BUS_PROPERTY("Group", "s", NULL
, offsetof(ExecContext
, group
), SD_BUS_VTABLE_PROPERTY_CONST
),
907 SD_BUS_PROPERTY("DynamicUser", "b", bus_property_get_bool
, offsetof(ExecContext
, dynamic_user
), SD_BUS_VTABLE_PROPERTY_CONST
),
908 SD_BUS_PROPERTY("RemoveIPC", "b", bus_property_get_bool
, offsetof(ExecContext
, remove_ipc
), SD_BUS_VTABLE_PROPERTY_CONST
),
909 SD_BUS_PROPERTY("SupplementaryGroups", "as", NULL
, offsetof(ExecContext
, supplementary_groups
), SD_BUS_VTABLE_PROPERTY_CONST
),
910 SD_BUS_PROPERTY("PAMName", "s", NULL
, offsetof(ExecContext
, pam_name
), SD_BUS_VTABLE_PROPERTY_CONST
),
911 SD_BUS_PROPERTY("ReadWritePaths", "as", NULL
, offsetof(ExecContext
, read_write_paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
912 SD_BUS_PROPERTY("ReadOnlyPaths", "as", NULL
, offsetof(ExecContext
, read_only_paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
913 SD_BUS_PROPERTY("InaccessiblePaths", "as", NULL
, offsetof(ExecContext
, inaccessible_paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
914 SD_BUS_PROPERTY("MountFlags", "t", bus_property_get_ulong
, offsetof(ExecContext
, mount_flags
), SD_BUS_VTABLE_PROPERTY_CONST
),
915 SD_BUS_PROPERTY("PrivateTmp", "b", bus_property_get_bool
, offsetof(ExecContext
, private_tmp
), SD_BUS_VTABLE_PROPERTY_CONST
),
916 SD_BUS_PROPERTY("PrivateDevices", "b", bus_property_get_bool
, offsetof(ExecContext
, private_devices
), SD_BUS_VTABLE_PROPERTY_CONST
),
917 SD_BUS_PROPERTY("ProtectKernelTunables", "b", bus_property_get_bool
, offsetof(ExecContext
, protect_kernel_tunables
), SD_BUS_VTABLE_PROPERTY_CONST
),
918 SD_BUS_PROPERTY("ProtectKernelModules", "b", bus_property_get_bool
, offsetof(ExecContext
, protect_kernel_modules
), SD_BUS_VTABLE_PROPERTY_CONST
),
919 SD_BUS_PROPERTY("ProtectControlGroups", "b", bus_property_get_bool
, offsetof(ExecContext
, protect_control_groups
), SD_BUS_VTABLE_PROPERTY_CONST
),
920 SD_BUS_PROPERTY("PrivateNetwork", "b", bus_property_get_bool
, offsetof(ExecContext
, private_network
), SD_BUS_VTABLE_PROPERTY_CONST
),
921 SD_BUS_PROPERTY("PrivateUsers", "b", bus_property_get_bool
, offsetof(ExecContext
, private_users
), SD_BUS_VTABLE_PROPERTY_CONST
),
922 SD_BUS_PROPERTY("ProtectHome", "s", bus_property_get_protect_home
, offsetof(ExecContext
, protect_home
), SD_BUS_VTABLE_PROPERTY_CONST
),
923 SD_BUS_PROPERTY("ProtectSystem", "s", bus_property_get_protect_system
, offsetof(ExecContext
, protect_system
), SD_BUS_VTABLE_PROPERTY_CONST
),
924 SD_BUS_PROPERTY("SameProcessGroup", "b", bus_property_get_bool
, offsetof(ExecContext
, same_pgrp
), SD_BUS_VTABLE_PROPERTY_CONST
),
925 SD_BUS_PROPERTY("UtmpIdentifier", "s", NULL
, offsetof(ExecContext
, utmp_id
), SD_BUS_VTABLE_PROPERTY_CONST
),
926 SD_BUS_PROPERTY("UtmpMode", "s", property_get_exec_utmp_mode
, offsetof(ExecContext
, utmp_mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
927 SD_BUS_PROPERTY("SELinuxContext", "(bs)", property_get_selinux_context
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
928 SD_BUS_PROPERTY("AppArmorProfile", "(bs)", property_get_apparmor_profile
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
929 SD_BUS_PROPERTY("SmackProcessLabel", "(bs)", property_get_smack_process_label
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
930 SD_BUS_PROPERTY("IgnoreSIGPIPE", "b", bus_property_get_bool
, offsetof(ExecContext
, ignore_sigpipe
), SD_BUS_VTABLE_PROPERTY_CONST
),
931 SD_BUS_PROPERTY("NoNewPrivileges", "b", bus_property_get_bool
, offsetof(ExecContext
, no_new_privileges
), SD_BUS_VTABLE_PROPERTY_CONST
),
932 SD_BUS_PROPERTY("SystemCallFilter", "(bas)", property_get_syscall_filter
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
933 SD_BUS_PROPERTY("SystemCallArchitectures", "as", property_get_syscall_archs
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
934 SD_BUS_PROPERTY("SystemCallErrorNumber", "i", property_get_syscall_errno
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
935 SD_BUS_PROPERTY("Personality", "s", property_get_personality
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
936 SD_BUS_PROPERTY("LockPersonality", "b", bus_property_get_bool
, offsetof(ExecContext
, lock_personality
), SD_BUS_VTABLE_PROPERTY_CONST
),
937 SD_BUS_PROPERTY("RestrictAddressFamilies", "(bas)", property_get_address_families
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
938 SD_BUS_PROPERTY("RuntimeDirectoryPreserve", "s", property_get_exec_preserve_mode
, offsetof(ExecContext
, runtime_directory_preserve_mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
939 SD_BUS_PROPERTY("RuntimeDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_RUNTIME
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
940 SD_BUS_PROPERTY("RuntimeDirectory", "as", NULL
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_RUNTIME
].paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
941 SD_BUS_PROPERTY("StateDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_STATE
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
942 SD_BUS_PROPERTY("StateDirectory", "as", NULL
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_STATE
].paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
943 SD_BUS_PROPERTY("CacheDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_CACHE
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
944 SD_BUS_PROPERTY("CacheDirectory", "as", NULL
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_CACHE
].paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
945 SD_BUS_PROPERTY("LogsDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_LOGS
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
946 SD_BUS_PROPERTY("LogsDirectory", "as", NULL
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_LOGS
].paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
947 SD_BUS_PROPERTY("ConfigurationDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_CONFIGURATION
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
948 SD_BUS_PROPERTY("ConfigurationDirectory", "as", NULL
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_CONFIGURATION
].paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
949 SD_BUS_PROPERTY("MemoryDenyWriteExecute", "b", bus_property_get_bool
, offsetof(ExecContext
, memory_deny_write_execute
), SD_BUS_VTABLE_PROPERTY_CONST
),
950 SD_BUS_PROPERTY("RestrictRealtime", "b", bus_property_get_bool
, offsetof(ExecContext
, restrict_realtime
), SD_BUS_VTABLE_PROPERTY_CONST
),
951 SD_BUS_PROPERTY("RestrictNamespaces", "t", bus_property_get_ulong
, offsetof(ExecContext
, restrict_namespaces
), SD_BUS_VTABLE_PROPERTY_CONST
),
952 SD_BUS_PROPERTY("BindPaths", "a(ssbt)", property_get_bind_paths
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
953 SD_BUS_PROPERTY("BindReadOnlyPaths", "a(ssbt)", property_get_bind_paths
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
954 SD_BUS_PROPERTY("TemporaryFileSystem", "a(ss)", property_get_temporary_filesystems
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
955 SD_BUS_PROPERTY("MountAPIVFS", "b", bus_property_get_bool
, offsetof(ExecContext
, mount_apivfs
), SD_BUS_VTABLE_PROPERTY_CONST
),
956 SD_BUS_PROPERTY("KeyringMode", "s", property_get_exec_keyring_mode
, offsetof(ExecContext
, keyring_mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
958 /* Obsolete/redundant properties: */
959 SD_BUS_PROPERTY("Capabilities", "s", property_get_empty_string
, 0, SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
960 SD_BUS_PROPERTY("ReadWriteDirectories", "as", NULL
, offsetof(ExecContext
, read_write_paths
), SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
961 SD_BUS_PROPERTY("ReadOnlyDirectories", "as", NULL
, offsetof(ExecContext
, read_only_paths
), SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
962 SD_BUS_PROPERTY("InaccessibleDirectories", "as", NULL
, offsetof(ExecContext
, inaccessible_paths
), SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
963 SD_BUS_PROPERTY("IOScheduling", "i", property_get_ioprio
, 0, SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
968 static int append_exec_command(sd_bus_message
*reply
, ExecCommand
*c
) {
977 r
= sd_bus_message_open_container(reply
, 'r', "sasbttttuii");
981 r
= sd_bus_message_append(reply
, "s", c
->path
);
985 r
= sd_bus_message_append_strv(reply
, c
->argv
);
989 r
= sd_bus_message_append(reply
, "bttttuii",
990 !!(c
->flags
& EXEC_COMMAND_IGNORE_FAILURE
),
991 c
->exec_status
.start_timestamp
.realtime
,
992 c
->exec_status
.start_timestamp
.monotonic
,
993 c
->exec_status
.exit_timestamp
.realtime
,
994 c
->exec_status
.exit_timestamp
.monotonic
,
995 (uint32_t) c
->exec_status
.pid
,
996 (int32_t) c
->exec_status
.code
,
997 (int32_t) c
->exec_status
.status
);
1001 return sd_bus_message_close_container(reply
);
1004 int bus_property_get_exec_command(
1007 const char *interface
,
1008 const char *property
,
1009 sd_bus_message
*reply
,
1011 sd_bus_error
*ret_error
) {
1013 ExecCommand
*c
= (ExecCommand
*) userdata
;
1019 r
= sd_bus_message_open_container(reply
, 'a', "(sasbttttuii)");
1023 r
= append_exec_command(reply
, c
);
1027 return sd_bus_message_close_container(reply
);
1030 int bus_property_get_exec_command_list(
1033 const char *interface
,
1034 const char *property
,
1035 sd_bus_message
*reply
,
1037 sd_bus_error
*ret_error
) {
1039 ExecCommand
*c
= *(ExecCommand
**) userdata
;
1045 r
= sd_bus_message_open_container(reply
, 'a', "(sasbttttuii)");
1049 LIST_FOREACH(command
, c
, c
) {
1050 r
= append_exec_command(reply
, c
);
1055 return sd_bus_message_close_container(reply
);
1058 int bus_set_transient_exec_command(
1061 ExecCommand
**exec_command
,
1062 sd_bus_message
*message
,
1063 UnitWriteFlags flags
,
1064 sd_bus_error
*error
) {
1068 r
= sd_bus_message_enter_container(message
, 'a', "(sasb)");
1072 while ((r
= sd_bus_message_enter_container(message
, 'r', "sasb")) > 0) {
1073 _cleanup_strv_free_
char **argv
= NULL
;
1077 r
= sd_bus_message_read(message
, "s", &path
);
1081 if (!path_is_absolute(path
))
1082 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Path %s is not absolute.", path
);
1084 r
= sd_bus_message_read_strv(message
, &argv
);
1088 r
= sd_bus_message_read(message
, "b", &b
);
1092 r
= sd_bus_message_exit_container(message
);
1096 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1099 c
= new0(ExecCommand
, 1);
1103 c
->path
= strdup(path
);
1109 c
->argv
= TAKE_PTR(argv
);
1111 c
->flags
= b
? EXEC_COMMAND_IGNORE_FAILURE
: 0;
1113 path_kill_slashes(c
->path
);
1114 exec_command_append_list(exec_command
, c
);
1122 r
= sd_bus_message_exit_container(message
);
1126 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1127 _cleanup_free_
char *buf
= NULL
;
1128 _cleanup_fclose_
FILE *f
= NULL
;
1133 *exec_command
= exec_command_free_list(*exec_command
);
1135 f
= open_memstream(&buf
, &size
);
1139 (void) __fsetlocking(f
, FSETLOCKING_BYCALLER
);
1141 fputs("ExecStart=\n", f
);
1143 LIST_FOREACH(command
, c
, *exec_command
) {
1144 _cleanup_free_
char *a
= NULL
, *t
= NULL
;
1147 p
= unit_escape_setting(c
->path
, UNIT_ESCAPE_C
|UNIT_ESCAPE_SPECIFIERS
, &t
);
1151 a
= unit_concat_strv(c
->argv
, UNIT_ESCAPE_C
|UNIT_ESCAPE_SPECIFIERS
);
1155 fprintf(f
, "%s=%s@%s %s\n",
1157 c
->flags
& EXEC_COMMAND_IGNORE_FAILURE
? "-" : "",
1162 r
= fflush_and_check(f
);
1166 unit_write_setting(u
, flags
, name
, buf
);
1172 static int parse_personality(const char *s
, unsigned long *p
) {
1177 v
= personality_from_string(s
);
1178 if (v
== PERSONALITY_INVALID
)
1185 static const char* mount_propagation_flags_to_string_with_check(unsigned long n
) {
1186 if (!IN_SET(n
, 0, MS_SHARED
, MS_PRIVATE
, MS_SLAVE
))
1189 return mount_propagation_flags_to_string(n
);
1192 static BUS_DEFINE_SET_TRANSIENT(nsec
, "t", uint64_t, nsec_t
, NSEC_FMT
);
1193 static BUS_DEFINE_SET_TRANSIENT_IS_VALID(log_level
, "i", int32_t, int, "%" PRIi32
, log_level_is_valid
);
1195 static BUS_DEFINE_SET_TRANSIENT_IS_VALID(errno
, "i", int32_t, int, "%" PRIi32
, errno_is_valid
);
1197 static BUS_DEFINE_SET_TRANSIENT_IS_VALID(sched_priority
, "i", int32_t, int, "%" PRIi32
, sched_priority_is_valid
);
1198 static BUS_DEFINE_SET_TRANSIENT_IS_VALID(nice
, "i", int32_t, int, "%" PRIi32
, nice_is_valid
);
1199 static BUS_DEFINE_SET_TRANSIENT_PARSE(std_input
, ExecInput
, exec_input_from_string
);
1200 static BUS_DEFINE_SET_TRANSIENT_PARSE(std_output
, ExecOutput
, exec_output_from_string
);
1201 static BUS_DEFINE_SET_TRANSIENT_PARSE(utmp_mode
, ExecUtmpMode
, exec_utmp_mode_from_string
);
1202 static BUS_DEFINE_SET_TRANSIENT_PARSE(protect_system
, ProtectSystem
, parse_protect_system_or_bool
);
1203 static BUS_DEFINE_SET_TRANSIENT_PARSE(protect_home
, ProtectHome
, parse_protect_home_or_bool
);
1204 static BUS_DEFINE_SET_TRANSIENT_PARSE(keyring_mode
, ExecKeyringMode
, exec_keyring_mode_from_string
);
1205 static BUS_DEFINE_SET_TRANSIENT_PARSE(preserve_mode
, ExecPreserveMode
, exec_preserve_mode_from_string
);
1206 static BUS_DEFINE_SET_TRANSIENT_PARSE_PTR(personality
, unsigned long, parse_personality
);
1207 static BUS_DEFINE_SET_TRANSIENT_TO_STRING_ALLOC(secure_bits
, "i", int32_t, int, "%" PRIi32
, secure_bits_to_string_alloc_with_check
);
1208 static BUS_DEFINE_SET_TRANSIENT_TO_STRING_ALLOC(capability
, "t", uint64_t, uint64_t, "%" PRIu64
, capability_set_to_string_alloc
);
1209 static BUS_DEFINE_SET_TRANSIENT_TO_STRING_ALLOC(sched_policy
, "i", int32_t, int, "%" PRIi32
, sched_policy_to_string_alloc_with_check
);
1210 static BUS_DEFINE_SET_TRANSIENT_TO_STRING_ALLOC(namespace_flag
, "t", uint64_t, unsigned long, "%" PRIu64
, namespace_flags_to_string
);
1211 static BUS_DEFINE_SET_TRANSIENT_TO_STRING(mount_flags
, "t", uint64_t, unsigned long, "%" PRIu64
, mount_propagation_flags_to_string_with_check
);
1213 int bus_exec_context_set_transient_property(
1217 sd_bus_message
*message
,
1218 UnitWriteFlags flags
,
1219 sd_bus_error
*error
) {
1221 const char *soft
= NULL
;
1229 flags
|= UNIT_PRIVATE
;
1231 if (streq(name
, "User"))
1232 return bus_set_transient_user(u
, name
, &c
->user
, message
, flags
, error
);
1234 if (streq(name
, "Group"))
1235 return bus_set_transient_user(u
, name
, &c
->group
, message
, flags
, error
);
1237 if (streq(name
, "TTYPath"))
1238 return bus_set_transient_path(u
, name
, &c
->tty_path
, message
, flags
, error
);
1240 if (streq(name
, "RootImage"))
1241 return bus_set_transient_path(u
, name
, &c
->root_image
, message
, flags
, error
);
1243 if (streq(name
, "RootDirectory"))
1244 return bus_set_transient_path(u
, name
, &c
->root_directory
, message
, flags
, error
);
1246 if (streq(name
, "SyslogIdentifier"))
1247 return bus_set_transient_string(u
, name
, &c
->syslog_identifier
, message
, flags
, error
);
1249 if (streq(name
, "LogLevelMax"))
1250 return bus_set_transient_log_level(u
, name
, &c
->log_level_max
, message
, flags
, error
);
1252 if (streq(name
, "CPUSchedulingPriority"))
1253 return bus_set_transient_sched_priority(u
, name
, &c
->cpu_sched_priority
, message
, flags
, error
);
1255 if (streq(name
, "Personality"))
1256 return bus_set_transient_personality(u
, name
, &c
->personality
, message
, flags
, error
);
1258 if (streq(name
, "Nice"))
1259 return bus_set_transient_nice(u
, name
, &c
->nice
, message
, flags
, error
);
1261 if (streq(name
, "StandardInput"))
1262 return bus_set_transient_std_input(u
, name
, &c
->std_input
, message
, flags
, error
);
1264 if (streq(name
, "StandardOutput"))
1265 return bus_set_transient_std_output(u
, name
, &c
->std_output
, message
, flags
, error
);
1267 if (streq(name
, "StandardError"))
1268 return bus_set_transient_std_output(u
, name
, &c
->std_error
, message
, flags
, error
);
1270 if (streq(name
, "IgnoreSIGPIPE"))
1271 return bus_set_transient_bool(u
, name
, &c
->ignore_sigpipe
, message
, flags
, error
);
1273 if (streq(name
, "TTYVHangup"))
1274 return bus_set_transient_bool(u
, name
, &c
->tty_vhangup
, message
, flags
, error
);
1276 if (streq(name
, "TTYReset"))
1277 return bus_set_transient_bool(u
, name
, &c
->tty_reset
, message
, flags
, error
);
1279 if (streq(name
, "TTYVTDisallocate"))
1280 return bus_set_transient_bool(u
, name
, &c
->tty_vt_disallocate
, message
, flags
, error
);
1282 if (streq(name
, "PrivateTmp"))
1283 return bus_set_transient_bool(u
, name
, &c
->private_tmp
, message
, flags
, error
);
1285 if (streq(name
, "PrivateDevices"))
1286 return bus_set_transient_bool(u
, name
, &c
->private_devices
, message
, flags
, error
);
1288 if (streq(name
, "PrivateNetwork"))
1289 return bus_set_transient_bool(u
, name
, &c
->private_network
, message
, flags
, error
);
1291 if (streq(name
, "PrivateUsers"))
1292 return bus_set_transient_bool(u
, name
, &c
->private_users
, message
, flags
, error
);
1294 if (streq(name
, "NoNewPrivileges"))
1295 return bus_set_transient_bool(u
, name
, &c
->no_new_privileges
, message
, flags
, error
);
1297 if (streq(name
, "SyslogLevelPrefix"))
1298 return bus_set_transient_bool(u
, name
, &c
->syslog_level_prefix
, message
, flags
, error
);
1300 if (streq(name
, "MemoryDenyWriteExecute"))
1301 return bus_set_transient_bool(u
, name
, &c
->memory_deny_write_execute
, message
, flags
, error
);
1303 if (streq(name
, "RestrictRealtime"))
1304 return bus_set_transient_bool(u
, name
, &c
->restrict_realtime
, message
, flags
, error
);
1306 if (streq(name
, "DynamicUser"))
1307 return bus_set_transient_bool(u
, name
, &c
->dynamic_user
, message
, flags
, error
);
1309 if (streq(name
, "RemoveIPC"))
1310 return bus_set_transient_bool(u
, name
, &c
->remove_ipc
, message
, flags
, error
);
1312 if (streq(name
, "ProtectKernelTunables"))
1313 return bus_set_transient_bool(u
, name
, &c
->protect_kernel_tunables
, message
, flags
, error
);
1315 if (streq(name
, "ProtectKernelModules"))
1316 return bus_set_transient_bool(u
, name
, &c
->protect_kernel_modules
, message
, flags
, error
);
1318 if (streq(name
, "ProtectControlGroups"))
1319 return bus_set_transient_bool(u
, name
, &c
->protect_control_groups
, message
, flags
, error
);
1321 if (streq(name
, "MountAPIVFS"))
1322 return bus_set_transient_bool(u
, name
, &c
->mount_apivfs
, message
, flags
, error
);
1324 if (streq(name
, "CPUSchedulingResetOnFork"))
1325 return bus_set_transient_bool(u
, name
, &c
->cpu_sched_reset_on_fork
, message
, flags
, error
);
1327 if (streq(name
, "NonBlocking"))
1328 return bus_set_transient_bool(u
, name
, &c
->non_blocking
, message
, flags
, error
);
1330 if (streq(name
, "LockPersonality"))
1331 return bus_set_transient_bool(u
, name
, &c
->lock_personality
, message
, flags
, error
);
1333 if (streq(name
, "UtmpIdentifier"))
1334 return bus_set_transient_string(u
, name
, &c
->utmp_id
, message
, flags
, error
);
1336 if (streq(name
, "UtmpMode"))
1337 return bus_set_transient_utmp_mode(u
, name
, &c
->utmp_mode
, message
, flags
, error
);
1339 if (streq(name
, "PAMName"))
1340 return bus_set_transient_string(u
, name
, &c
->pam_name
, message
, flags
, error
);
1342 if (streq(name
, "TimerSlackNSec"))
1343 return bus_set_transient_nsec(u
, name
, &c
->timer_slack_nsec
, message
, flags
, error
);
1345 if (streq(name
, "ProtectSystem"))
1346 return bus_set_transient_protect_system(u
, name
, &c
->protect_system
, message
, flags
, error
);
1348 if (streq(name
, "ProtectHome"))
1349 return bus_set_transient_protect_home(u
, name
, &c
->protect_home
, message
, flags
, error
);
1351 if (streq(name
, "KeyringMode"))
1352 return bus_set_transient_keyring_mode(u
, name
, &c
->keyring_mode
, message
, flags
, error
);
1354 if (streq(name
, "RuntimeDirectoryPreserve"))
1355 return bus_set_transient_preserve_mode(u
, name
, &c
->runtime_directory_preserve_mode
, message
, flags
, error
);
1357 if (streq(name
, "UMask"))
1358 return bus_set_transient_mode_t(u
, name
, &c
->umask
, message
, flags
, error
);
1360 if (streq(name
, "RuntimeDirectoryMode"))
1361 return bus_set_transient_mode_t(u
, name
, &c
->directories
[EXEC_DIRECTORY_RUNTIME
].mode
, message
, flags
, error
);
1363 if (streq(name
, "StateDirectoryMode"))
1364 return bus_set_transient_mode_t(u
, name
, &c
->directories
[EXEC_DIRECTORY_STATE
].mode
, message
, flags
, error
);
1366 if (streq(name
, "CacheDirectoryMode"))
1367 return bus_set_transient_mode_t(u
, name
, &c
->directories
[EXEC_DIRECTORY_CACHE
].mode
, message
, flags
, error
);
1369 if (streq(name
, "LogsDirectoryMode"))
1370 return bus_set_transient_mode_t(u
, name
, &c
->directories
[EXEC_DIRECTORY_LOGS
].mode
, message
, flags
, error
);
1372 if (streq(name
, "ConfigurationDirectoryMode"))
1373 return bus_set_transient_mode_t(u
, name
, &c
->directories
[EXEC_DIRECTORY_CONFIGURATION
].mode
, message
, flags
, error
);
1375 if (streq(name
, "SELinuxContext"))
1376 return bus_set_transient_string(u
, name
, &c
->selinux_context
, message
, flags
, error
);
1378 if (streq(name
, "SecureBits"))
1379 return bus_set_transient_secure_bits(u
, name
, &c
->secure_bits
, message
, flags
, error
);
1381 if (streq(name
, "CapabilityBoundingSet"))
1382 return bus_set_transient_capability(u
, name
, &c
->capability_bounding_set
, message
, flags
, error
);
1384 if (streq(name
, "AmbientCapabilities"))
1385 return bus_set_transient_capability(u
, name
, &c
->capability_ambient_set
, message
, flags
, error
);
1387 if (streq(name
, "CPUSchedulingPolicy"))
1388 return bus_set_transient_sched_policy(u
, name
, &c
->cpu_sched_policy
, message
, flags
, error
);
1390 if (streq(name
, "RestrictNamespaces"))
1391 return bus_set_transient_namespace_flag(u
, name
, &c
->restrict_namespaces
, message
, flags
, error
);
1393 if (streq(name
, "MountFlags"))
1394 return bus_set_transient_mount_flags(u
, name
, &c
->mount_flags
, message
, flags
, error
);
1396 if (streq(name
, "SupplementaryGroups")) {
1397 _cleanup_strv_free_
char **l
= NULL
;
1400 r
= sd_bus_message_read_strv(message
, &l
);
1404 STRV_FOREACH(p
, l
) {
1405 if (!isempty(*p
) && !valid_user_group_name_or_id(*p
))
1406 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid supplementary group names");
1409 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1410 if (strv_isempty(l
)) {
1411 c
->supplementary_groups
= strv_free(c
->supplementary_groups
);
1412 unit_write_settingf(u
, flags
, name
, "%s=", name
);
1414 _cleanup_free_
char *joined
= NULL
;
1416 r
= strv_extend_strv(&c
->supplementary_groups
, l
, true);
1420 joined
= strv_join(c
->supplementary_groups
, " ");
1424 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "%s=%s", name
, joined
);
1430 } else if (streq(name
, "SyslogLevel")) {
1433 r
= sd_bus_message_read(message
, "i", &level
);
1437 if (!log_level_is_valid(level
))
1438 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Log level value out of range");
1440 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1441 c
->syslog_priority
= (c
->syslog_priority
& LOG_FACMASK
) | level
;
1442 unit_write_settingf(u
, flags
, name
, "SyslogLevel=%i", level
);
1447 } else if (streq(name
, "SyslogFacility")) {
1450 r
= sd_bus_message_read(message
, "i", &facility
);
1454 if (!log_facility_unshifted_is_valid(facility
))
1455 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Log facility value out of range");
1457 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1458 c
->syslog_priority
= (facility
<< 3) | LOG_PRI(c
->syslog_priority
);
1459 unit_write_settingf(u
, flags
, name
, "SyslogFacility=%i", facility
);
1464 } else if (streq(name
, "LogExtraFields")) {
1467 r
= sd_bus_message_enter_container(message
, 'a', "ay");
1472 _cleanup_free_
void *copy
= NULL
;
1478 /* Note that we expect a byte array for each field, instead of a string. That's because on the
1479 * lower-level journal fields can actually contain binary data and are not restricted to text,
1480 * and we should not "lose precision" in our types on the way. That said, I am pretty sure
1481 * actually encoding binary data as unit metadata is not a good idea. Hence we actually refuse
1482 * any actual binary data, and only accept UTF-8. This allows us to eventually lift this
1483 * limitation, should a good, valid usecase arise. */
1485 r
= sd_bus_message_read_array(message
, 'y', &p
, &sz
);
1491 if (memchr(p
, 0, sz
))
1492 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Journal field contains zero byte");
1494 eq
= memchr(p
, '=', sz
);
1496 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Journal field contains no '=' character");
1497 if (!journal_field_valid(p
, eq
- (const char*) p
, false))
1498 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Journal field invalid");
1500 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1501 t
= reallocarray(c
->log_extra_fields
, c
->n_log_extra_fields
+1, sizeof(struct iovec
));
1504 c
->log_extra_fields
= t
;
1507 copy
= malloc(sz
+ 1);
1511 memcpy(copy
, p
, sz
);
1512 ((uint8_t*) copy
)[sz
] = 0;
1514 if (!utf8_is_valid(copy
))
1515 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Journal field is not valid UTF-8");
1517 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1518 c
->log_extra_fields
[c
->n_log_extra_fields
++] = IOVEC_MAKE(copy
, sz
);
1519 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
|UNIT_ESCAPE_C
, name
, "LogExtraFields=%s", (char*) copy
);
1527 r
= sd_bus_message_exit_container(message
);
1531 if (!UNIT_WRITE_FLAGS_NOOP(flags
) && n
== 0) {
1532 exec_context_free_log_extra_fields(c
);
1533 unit_write_setting(u
, flags
, name
, "LogExtraFields=");
1541 if (streq(name
, "SystemCallErrorNumber"))
1542 return bus_set_transient_errno(u
, name
, &c
->syscall_errno
, message
, flags
, error
);
1544 if (streq(name
, "SystemCallFilter")) {
1546 _cleanup_strv_free_
char **l
= NULL
;
1548 r
= sd_bus_message_enter_container(message
, 'r', "bas");
1552 r
= sd_bus_message_read(message
, "b", &whitelist
);
1556 r
= sd_bus_message_read_strv(message
, &l
);
1560 r
= sd_bus_message_exit_container(message
);
1564 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1565 _cleanup_free_
char *joined
= NULL
;
1566 bool invert
= !whitelist
;
1569 if (strv_isempty(l
)) {
1570 c
->syscall_whitelist
= false;
1571 c
->syscall_filter
= hashmap_free(c
->syscall_filter
);
1573 unit_write_settingf(u
, flags
, name
, "SystemCallFilter=");
1577 if (!c
->syscall_filter
) {
1578 c
->syscall_filter
= hashmap_new(NULL
);
1579 if (!c
->syscall_filter
)
1582 c
->syscall_whitelist
= whitelist
;
1584 if (c
->syscall_whitelist
) {
1585 r
= seccomp_parse_syscall_filter("@default", -1, c
->syscall_filter
, SECCOMP_PARSE_WHITELIST
| (invert
? SECCOMP_PARSE_INVERT
: 0));
1591 STRV_FOREACH(s
, l
) {
1592 _cleanup_free_
char *n
= NULL
;
1595 r
= parse_syscall_and_errno(*s
, &n
, &e
);
1599 r
= seccomp_parse_syscall_filter(n
, e
, c
->syscall_filter
, (invert
? SECCOMP_PARSE_INVERT
: 0) | (c
->syscall_whitelist
? SECCOMP_PARSE_WHITELIST
: 0));
1604 joined
= strv_join(l
, " ");
1608 unit_write_settingf(u
, flags
, name
, "SystemCallFilter=%s%s", whitelist
? "" : "~", joined
);
1613 } else if (streq(name
, "SystemCallArchitectures")) {
1614 _cleanup_strv_free_
char **l
= NULL
;
1616 r
= sd_bus_message_read_strv(message
, &l
);
1620 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1621 _cleanup_free_
char *joined
= NULL
;
1623 if (strv_isempty(l
))
1624 c
->syscall_archs
= set_free(c
->syscall_archs
);
1628 r
= set_ensure_allocated(&c
->syscall_archs
, NULL
);
1632 STRV_FOREACH(s
, l
) {
1635 r
= seccomp_arch_from_string(*s
, &a
);
1639 r
= set_put(c
->syscall_archs
, UINT32_TO_PTR(a
+ 1));
1646 joined
= strv_join(l
, " ");
1650 unit_write_settingf(u
, flags
, name
, "%s=%s", name
, joined
);
1655 } else if (streq(name
, "RestrictAddressFamilies")) {
1657 _cleanup_strv_free_
char **l
= NULL
;
1659 r
= sd_bus_message_enter_container(message
, 'r', "bas");
1663 r
= sd_bus_message_read(message
, "b", &whitelist
);
1667 r
= sd_bus_message_read_strv(message
, &l
);
1671 r
= sd_bus_message_exit_container(message
);
1675 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1676 _cleanup_free_
char *joined
= NULL
;
1677 bool invert
= !whitelist
;
1680 if (strv_isempty(l
)) {
1681 c
->address_families_whitelist
= false;
1682 c
->address_families
= set_free(c
->address_families
);
1684 unit_write_settingf(u
, flags
, name
, "RestrictAddressFamilies=");
1688 if (!c
->address_families
) {
1689 c
->address_families
= set_new(NULL
);
1690 if (!c
->address_families
)
1693 c
->address_families_whitelist
= whitelist
;
1696 STRV_FOREACH(s
, l
) {
1699 af
= af_from_name(*s
);
1703 if (!invert
== c
->address_families_whitelist
) {
1704 r
= set_put(c
->address_families
, INT_TO_PTR(af
));
1708 (void) set_remove(c
->address_families
, INT_TO_PTR(af
));
1711 joined
= strv_join(l
, " ");
1715 unit_write_settingf(u
, flags
, name
, "RestrictAddressFamilies=%s%s", whitelist
? "" : "~", joined
);
1721 if (streq(name
, "CPUAffinity")) {
1725 r
= sd_bus_message_read_array(message
, 'y', &a
, &n
);
1729 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1731 c
->cpuset
= cpu_set_mfree(c
->cpuset
);
1732 c
->cpuset_ncpus
= 0;
1733 unit_write_settingf(u
, flags
, name
, "%s=", name
);
1735 _cleanup_free_
char *str
= NULL
;
1736 size_t allocated
= 0, len
= 0, i
, ncpus
;
1738 ncpus
= CPU_SIZE_TO_NUM(n
);
1740 for (i
= 0; i
< ncpus
; i
++) {
1741 _cleanup_free_
char *p
= NULL
;
1744 if (!CPU_ISSET_S(i
, n
, (cpu_set_t
*) a
))
1747 r
= asprintf(&p
, "%zu", i
);
1753 if (!GREEDY_REALLOC(str
, allocated
, len
+ add
+ 2))
1756 strcpy(mempcpy(str
+ len
, p
, add
), " ");
1761 str
[len
- 1] = '\0';
1763 if (!c
->cpuset
|| c
->cpuset_ncpus
< ncpus
) {
1766 cpuset
= CPU_ALLOC(ncpus
);
1770 CPU_ZERO_S(n
, cpuset
);
1772 CPU_OR_S(CPU_ALLOC_SIZE(c
->cpuset_ncpus
), cpuset
, c
->cpuset
, (cpu_set_t
*) a
);
1773 CPU_FREE(c
->cpuset
);
1775 CPU_OR_S(n
, cpuset
, cpuset
, (cpu_set_t
*) a
);
1778 c
->cpuset_ncpus
= ncpus
;
1780 CPU_OR_S(n
, c
->cpuset
, c
->cpuset
, (cpu_set_t
*) a
);
1782 unit_write_settingf(u
, flags
, name
, "%s=%s", name
, str
);
1788 } else if (streq(name
, "IOSchedulingClass")) {
1791 r
= sd_bus_message_read(message
, "i", &q
);
1795 if (!ioprio_class_is_valid(q
))
1796 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid IO scheduling class: %i", q
);
1798 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1799 _cleanup_free_
char *s
= NULL
;
1801 r
= ioprio_class_to_string_alloc(q
, &s
);
1805 c
->ioprio
= IOPRIO_PRIO_VALUE(q
, IOPRIO_PRIO_DATA(c
->ioprio
));
1806 c
->ioprio_set
= true;
1808 unit_write_settingf(u
, flags
, name
, "IOSchedulingClass=%s", s
);
1813 } else if (streq(name
, "IOSchedulingPriority")) {
1816 r
= sd_bus_message_read(message
, "i", &p
);
1820 if (!ioprio_priority_is_valid(p
))
1821 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid IO scheduling priority: %i", p
);
1823 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1824 c
->ioprio
= IOPRIO_PRIO_VALUE(IOPRIO_PRIO_CLASS(c
->ioprio
), p
);
1825 c
->ioprio_set
= true;
1827 unit_write_settingf(u
, flags
, name
, "IOSchedulingPriority=%i", p
);
1832 } else if (streq(name
, "WorkingDirectory")) {
1836 r
= sd_bus_message_read(message
, "s", &s
);
1846 if (!isempty(s
) && !streq(s
, "~") && !path_is_absolute(s
))
1847 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "WorkingDirectory= expects an absolute path or '~'");
1849 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1850 if (streq(s
, "~")) {
1851 c
->working_directory
= mfree(c
->working_directory
);
1852 c
->working_directory_home
= true;
1854 r
= free_and_strdup(&c
->working_directory
, empty_to_null(s
));
1858 c
->working_directory_home
= false;
1861 c
->working_directory_missing_ok
= missing_ok
;
1862 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "WorkingDirectory=%s%s", missing_ok
? "-" : "", s
);
1867 } else if (STR_IN_SET(name
,
1868 "StandardInputFileDescriptorName", "StandardOutputFileDescriptorName", "StandardErrorFileDescriptorName")) {
1871 r
= sd_bus_message_read(message
, "s", &s
);
1875 if (!isempty(s
) && !fdname_is_valid(s
))
1876 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid file descriptor name");
1878 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1880 if (streq(name
, "StandardInputFileDescriptorName")) {
1881 r
= free_and_strdup(c
->stdio_fdname
+ STDIN_FILENO
, empty_to_null(s
));
1885 c
->std_input
= EXEC_INPUT_NAMED_FD
;
1886 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardInput=fd:%s", exec_context_fdname(c
, STDIN_FILENO
));
1888 } else if (streq(name
, "StandardOutputFileDescriptorName")) {
1889 r
= free_and_strdup(c
->stdio_fdname
+ STDOUT_FILENO
, empty_to_null(s
));
1893 c
->std_output
= EXEC_OUTPUT_NAMED_FD
;
1894 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardOutput=fd:%s", exec_context_fdname(c
, STDOUT_FILENO
));
1897 assert(streq(name
, "StandardErrorFileDescriptorName"));
1899 r
= free_and_strdup(&c
->stdio_fdname
[STDERR_FILENO
], empty_to_null(s
));
1903 c
->std_error
= EXEC_OUTPUT_NAMED_FD
;
1904 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardError=fd:%s", exec_context_fdname(c
, STDERR_FILENO
));
1910 } else if (STR_IN_SET(name
, "StandardInputFile", "StandardOutputFile", "StandardErrorFile")) {
1913 r
= sd_bus_message_read(message
, "s", &s
);
1918 if (!path_is_absolute(s
))
1919 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Path %s is not absolute", s
);
1920 if (!path_is_normalized(s
))
1921 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Path %s is not normalized", s
);
1924 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1926 if (streq(name
, "StandardInputFile")) {
1927 r
= free_and_strdup(&c
->stdio_file
[STDIN_FILENO
], empty_to_null(s
));
1931 c
->std_input
= EXEC_INPUT_FILE
;
1932 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardInput=file:%s", s
);
1934 } else if (streq(name
, "StandardOutputFile")) {
1935 r
= free_and_strdup(&c
->stdio_file
[STDOUT_FILENO
], empty_to_null(s
));
1939 c
->std_output
= EXEC_OUTPUT_FILE
;
1940 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardOutput=file:%s", s
);
1943 assert(streq(name
, "StandardErrorFile"));
1945 r
= free_and_strdup(&c
->stdio_file
[STDERR_FILENO
], empty_to_null(s
));
1949 c
->std_error
= EXEC_OUTPUT_FILE
;
1950 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "StandardError=file:%s", s
);
1956 } else if (streq(name
, "StandardInputData")) {
1960 r
= sd_bus_message_read_array(message
, 'y', &p
, &sz
);
1964 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
1965 _cleanup_free_
char *encoded
= NULL
;
1968 c
->stdin_data
= mfree(c
->stdin_data
);
1969 c
->stdin_data_size
= 0;
1971 unit_write_settingf(u
, flags
, name
, "StandardInputData=");
1976 if (c
->stdin_data_size
+ sz
< c
->stdin_data_size
|| /* check for overflow */
1977 c
->stdin_data_size
+ sz
> EXEC_STDIN_DATA_MAX
)
1980 n
= base64mem(p
, sz
, &encoded
);
1984 q
= realloc(c
->stdin_data
, c
->stdin_data_size
+ sz
);
1988 memcpy((uint8_t*) q
+ c
->stdin_data_size
, p
, sz
);
1991 c
->stdin_data_size
+= sz
;
1993 unit_write_settingf(u
, flags
, name
, "StandardInputData=%s", encoded
);
1999 } else if (streq(name
, "Environment")) {
2001 _cleanup_strv_free_
char **l
= NULL
;
2003 r
= sd_bus_message_read_strv(message
, &l
);
2007 if (!strv_env_is_valid(l
))
2008 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid environment block.");
2010 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2011 if (strv_isempty(l
)) {
2012 c
->environment
= strv_free(c
->environment
);
2013 unit_write_setting(u
, flags
, name
, "Environment=");
2015 _cleanup_free_
char *joined
= NULL
;
2018 joined
= unit_concat_strv(l
, UNIT_ESCAPE_SPECIFIERS
|UNIT_ESCAPE_C
);
2022 e
= strv_env_merge(2, c
->environment
, l
);
2026 strv_free(c
->environment
);
2029 unit_write_settingf(u
, flags
, name
, "Environment=%s", joined
);
2035 } else if (streq(name
, "UnsetEnvironment")) {
2037 _cleanup_strv_free_
char **l
= NULL
;
2039 r
= sd_bus_message_read_strv(message
, &l
);
2043 if (!strv_env_name_or_assignment_is_valid(l
))
2044 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid UnsetEnvironment= list.");
2046 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2047 if (strv_isempty(l
)) {
2048 c
->unset_environment
= strv_free(c
->unset_environment
);
2049 unit_write_setting(u
, flags
, name
, "UnsetEnvironment=");
2051 _cleanup_free_
char *joined
= NULL
;
2054 joined
= unit_concat_strv(l
, UNIT_ESCAPE_SPECIFIERS
|UNIT_ESCAPE_C
);
2058 e
= strv_env_merge(2, c
->unset_environment
, l
);
2062 strv_free(c
->unset_environment
);
2063 c
->unset_environment
= e
;
2065 unit_write_settingf(u
, flags
, name
, "UnsetEnvironment=%s", joined
);
2071 } else if (streq(name
, "OOMScoreAdjust")) {
2074 r
= sd_bus_message_read(message
, "i", &oa
);
2078 if (!oom_score_adjust_is_valid(oa
))
2079 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "OOM score adjust value out of range");
2081 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2082 c
->oom_score_adjust
= oa
;
2083 c
->oom_score_adjust_set
= true;
2084 unit_write_settingf(u
, flags
, name
, "OOMScoreAdjust=%i", oa
);
2089 } else if (streq(name
, "EnvironmentFiles")) {
2091 _cleanup_free_
char *joined
= NULL
;
2092 _cleanup_fclose_
FILE *f
= NULL
;
2093 _cleanup_strv_free_
char **l
= NULL
;
2097 r
= sd_bus_message_enter_container(message
, 'a', "(sb)");
2101 f
= open_memstream(&joined
, &size
);
2105 (void) __fsetlocking(f
, FSETLOCKING_BYCALLER
);
2107 fputs("EnvironmentFile=\n", f
);
2109 STRV_FOREACH(i
, c
->environment_files
) {
2110 _cleanup_free_
char *q
= NULL
;
2112 q
= specifier_escape(*i
);
2116 fprintf(f
, "EnvironmentFile=%s\n", q
);
2119 while ((r
= sd_bus_message_enter_container(message
, 'r', "sb")) > 0) {
2123 r
= sd_bus_message_read(message
, "sb", &path
, &b
);
2127 r
= sd_bus_message_exit_container(message
);
2131 if (!path_is_absolute(path
))
2132 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Path %s is not absolute.", path
);
2134 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2135 _cleanup_free_
char *q
= NULL
;
2138 buf
= strjoin(b
? "-" : "", path
);
2142 q
= specifier_escape(buf
);
2148 fprintf(f
, "EnvironmentFile=%s\n", q
);
2150 r
= strv_consume(&l
, buf
);
2158 r
= sd_bus_message_exit_container(message
);
2162 r
= fflush_and_check(f
);
2166 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2167 if (strv_isempty(l
)) {
2168 c
->environment_files
= strv_free(c
->environment_files
);
2169 unit_write_setting(u
, flags
, name
, "EnvironmentFile=");
2171 r
= strv_extend_strv(&c
->environment_files
, l
, true);
2175 unit_write_setting(u
, flags
, name
, joined
);
2181 } else if (streq(name
, "PassEnvironment")) {
2183 _cleanup_strv_free_
char **l
= NULL
;
2185 r
= sd_bus_message_read_strv(message
, &l
);
2189 if (!strv_env_name_is_valid(l
))
2190 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid PassEnvironment= block.");
2192 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2193 if (strv_isempty(l
)) {
2194 c
->pass_environment
= strv_free(c
->pass_environment
);
2195 unit_write_setting(u
, flags
, name
, "PassEnvironment=");
2197 _cleanup_free_
char *joined
= NULL
;
2199 r
= strv_extend_strv(&c
->pass_environment
, l
, true);
2203 /* We write just the new settings out to file, with unresolved specifiers. */
2204 joined
= unit_concat_strv(l
, UNIT_ESCAPE_SPECIFIERS
);
2208 unit_write_settingf(u
, flags
, name
, "PassEnvironment=%s", joined
);
2214 } else if (STR_IN_SET(name
, "ReadWriteDirectories", "ReadOnlyDirectories", "InaccessibleDirectories",
2215 "ReadWritePaths", "ReadOnlyPaths", "InaccessiblePaths")) {
2216 _cleanup_strv_free_
char **l
= NULL
;
2220 r
= sd_bus_message_read_strv(message
, &l
);
2224 STRV_FOREACH(p
, l
) {
2228 offset
= i
[0] == '-';
2229 offset
+= i
[offset
] == '+';
2230 if (!path_is_absolute(i
+ offset
))
2231 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid %s", name
);
2233 path_kill_slashes(i
+ offset
);
2236 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2237 if (STR_IN_SET(name
, "ReadWriteDirectories", "ReadWritePaths"))
2238 dirs
= &c
->read_write_paths
;
2239 else if (STR_IN_SET(name
, "ReadOnlyDirectories", "ReadOnlyPaths"))
2240 dirs
= &c
->read_only_paths
;
2241 else /* "InaccessiblePaths" */
2242 dirs
= &c
->inaccessible_paths
;
2244 if (strv_isempty(l
)) {
2245 *dirs
= strv_free(*dirs
);
2246 unit_write_settingf(u
, flags
, name
, "%s=", name
);
2248 _cleanup_free_
char *joined
= NULL
;
2250 joined
= unit_concat_strv(l
, UNIT_ESCAPE_SPECIFIERS
);
2254 r
= strv_extend_strv(dirs
, l
, true);
2258 unit_write_settingf(u
, flags
, name
, "%s=%s", name
, joined
);
2264 } else if (STR_IN_SET(name
, "RuntimeDirectory", "StateDirectory", "CacheDirectory", "LogsDirectory", "ConfigurationDirectory")) {
2265 _cleanup_strv_free_
char **l
= NULL
;
2268 r
= sd_bus_message_read_strv(message
, &l
);
2272 STRV_FOREACH(p
, l
) {
2273 if (!path_is_normalized(*p
) || path_is_absolute(*p
))
2274 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "%s= path is not valid: %s", name
, *p
);
2277 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2278 char ***dirs
= NULL
;
2279 ExecDirectoryType i
;
2281 for (i
= 0; i
< _EXEC_DIRECTORY_TYPE_MAX
; i
++)
2282 if (streq(name
, exec_directory_type_to_string(i
))) {
2283 dirs
= &c
->directories
[i
].paths
;
2289 if (strv_isempty(l
)) {
2290 *dirs
= strv_free(*dirs
);
2291 unit_write_settingf(u
, flags
, name
, "%s=", name
);
2293 _cleanup_free_
char *joined
= NULL
;
2295 r
= strv_extend_strv(dirs
, l
, true);
2299 joined
= unit_concat_strv(l
, UNIT_ESCAPE_SPECIFIERS
);
2303 unit_write_settingf(u
, flags
, name
, "%s=%s", name
, joined
);
2309 } else if (STR_IN_SET(name
, "AppArmorProfile", "SmackProcessLabel")) {
2313 r
= sd_bus_message_read(message
, "(bs)", &ignore
, &s
);
2317 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2321 if (streq(name
, "AppArmorProfile")) {
2322 p
= &c
->apparmor_profile
;
2323 b
= &c
->apparmor_profile_ignore
;
2324 } else { /* "SmackProcessLabel" */
2325 p
= &c
->smack_process_label
;
2326 b
= &c
->smack_process_label_ignore
;
2333 if (free_and_strdup(p
, s
) < 0)
2338 unit_write_settingf(u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
, "%s=%s%s", name
, ignore
? "-" : "", strempty(s
));
2343 } else if (STR_IN_SET(name
, "BindPaths", "BindReadOnlyPaths")) {
2344 const char *source
, *destination
;
2346 uint64_t mount_flags
;
2349 r
= sd_bus_message_enter_container(message
, 'a', "(ssbt)");
2353 while ((r
= sd_bus_message_read(message
, "(ssbt)", &source
, &destination
, &ignore_enoent
, &mount_flags
)) > 0) {
2355 if (!path_is_absolute(source
))
2356 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Source path %s is not absolute.", source
);
2357 if (!path_is_absolute(destination
))
2358 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Destination path %s is not absolute.", destination
);
2359 if (!IN_SET(mount_flags
, 0, MS_REC
))
2360 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Unknown mount flags.");
2362 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2363 r
= bind_mount_add(&c
->bind_mounts
, &c
->n_bind_mounts
,
2365 .source
= strdup(source
),
2366 .destination
= strdup(destination
),
2367 .read_only
= !!strstr(name
, "ReadOnly"),
2368 .recursive
= !!(mount_flags
& MS_REC
),
2369 .ignore_enoent
= ignore_enoent
,
2374 unit_write_settingf(
2375 u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
,
2378 ignore_enoent
? "-" : "",
2381 (mount_flags
& MS_REC
) ? "rbind" : "norbind");
2389 r
= sd_bus_message_exit_container(message
);
2394 bind_mount_free_many(c
->bind_mounts
, c
->n_bind_mounts
);
2395 c
->bind_mounts
= NULL
;
2396 c
->n_bind_mounts
= 0;
2398 unit_write_settingf(u
, flags
, name
, "%s=", name
);
2403 } else if (streq(name
, "TemporaryFileSystem")) {
2404 const char *path
, *options
;
2407 r
= sd_bus_message_enter_container(message
, 'a', "(ss)");
2411 while ((r
= sd_bus_message_read(message
, "(ss)", &path
, &options
)) > 0) {
2413 if (!path_is_absolute(path
))
2414 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Mount point %s is not absolute.", path
);
2416 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2417 r
= temporary_filesystem_add(&c
->temporary_filesystems
, &c
->n_temporary_filesystems
, path
, options
);
2421 unit_write_settingf(
2422 u
, flags
|UNIT_ESCAPE_SPECIFIERS
, name
,
2434 r
= sd_bus_message_exit_container(message
);
2439 temporary_filesystem_free_many(c
->temporary_filesystems
, c
->n_temporary_filesystems
);
2440 c
->temporary_filesystems
= NULL
;
2441 c
->n_temporary_filesystems
= 0;
2443 unit_write_settingf(u
, flags
, name
, "%s=", name
);
2449 ri
= rlimit_from_string(name
);
2451 soft
= endswith(name
, "Soft");
2455 n
= strndupa(name
, soft
- name
);
2456 ri
= rlimit_from_string(n
);
2467 r
= sd_bus_message_read(message
, "t", &rl
);
2471 if (rl
== (uint64_t) -1)
2476 if ((uint64_t) x
!= rl
)
2480 if (!UNIT_WRITE_FLAGS_NOOP(flags
)) {
2481 _cleanup_free_
char *f
= NULL
;
2484 if (c
->rlimit
[ri
]) {
2485 nl
= *c
->rlimit
[ri
];
2492 /* When the resource limit is not initialized yet, then assign the value to both fields */
2493 nl
= (struct rlimit
) {
2498 r
= rlimit_format(&nl
, &f
);
2503 *c
->rlimit
[ri
] = nl
;
2505 c
->rlimit
[ri
] = newdup(struct rlimit
, &nl
, 1);
2510 unit_write_settingf(u
, flags
, name
, "%s=%s", name
, f
);