]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/execute.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
core: make systemd.confirm_spawn=1 actually work
[thirdparty/systemd.git] / src / core / execute.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <assert.h>
23 #include <dirent.h>
24 #include <errno.h>
25 #include <fcntl.h>
26 #include <unistd.h>
27 #include <string.h>
28 #include <signal.h>
29 #include <sys/socket.h>
30 #include <sys/un.h>
31 #include <sys/prctl.h>
32 #include <linux/sched.h>
33 #include <sys/types.h>
34 #include <sys/stat.h>
35 #include <grp.h>
36 #include <pwd.h>
37 #include <sys/mount.h>
38 #include <linux/fs.h>
39 #include <linux/oom.h>
40 #include <sys/poll.h>
41
42 #ifdef HAVE_PAM
43 #include <security/pam_appl.h>
44 #endif
45
46 #include "execute.h"
47 #include "strv.h"
48 #include "macro.h"
49 #include "capability.h"
50 #include "util.h"
51 #include "log.h"
52 #include "ioprio.h"
53 #include "securebits.h"
54 #include "cgroup.h"
55 #include "namespace.h"
56 #include "tcpwrap.h"
57 #include "exit-status.h"
58 #include "missing.h"
59 #include "utmp-wtmp.h"
60 #include "def.h"
61 #include "loopback-setup.h"
62 #include "path-util.h"
63
64 #define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)
65
66 /* This assumes there is a 'tty' group */
67 #define TTY_MODE 0620
68
69 static int shift_fds(int fds[], unsigned n_fds) {
70 int start, restart_from;
71
72 if (n_fds <= 0)
73 return 0;
74
75 /* Modifies the fds array! (sorts it) */
76
77 assert(fds);
78
79 start = 0;
80 for (;;) {
81 int i;
82
83 restart_from = -1;
84
85 for (i = start; i < (int) n_fds; i++) {
86 int nfd;
87
88 /* Already at right index? */
89 if (fds[i] == i+3)
90 continue;
91
92 if ((nfd = fcntl(fds[i], F_DUPFD, i+3)) < 0)
93 return -errno;
94
95 close_nointr_nofail(fds[i]);
96 fds[i] = nfd;
97
98 /* Hmm, the fd we wanted isn't free? Then
99 * let's remember that and try again from here*/
100 if (nfd != i+3 && restart_from < 0)
101 restart_from = i;
102 }
103
104 if (restart_from < 0)
105 break;
106
107 start = restart_from;
108 }
109
110 return 0;
111 }
112
113 static int flags_fds(const int fds[], unsigned n_fds, bool nonblock) {
114 unsigned i;
115 int r;
116
117 if (n_fds <= 0)
118 return 0;
119
120 assert(fds);
121
122 /* Drops/Sets O_NONBLOCK and FD_CLOEXEC from the file flags */
123
124 for (i = 0; i < n_fds; i++) {
125
126 if ((r = fd_nonblock(fds[i], nonblock)) < 0)
127 return r;
128
129 /* We unconditionally drop FD_CLOEXEC from the fds,
130 * since after all we want to pass these fds to our
131 * children */
132
133 if ((r = fd_cloexec(fds[i], false)) < 0)
134 return r;
135 }
136
137 return 0;
138 }
139
140 static const char *tty_path(const ExecContext *context) {
141 assert(context);
142
143 if (context->tty_path)
144 return context->tty_path;
145
146 return "/dev/console";
147 }
148
149 void exec_context_tty_reset(const ExecContext *context) {
150 assert(context);
151
152 if (context->tty_vhangup)
153 terminal_vhangup(tty_path(context));
154
155 if (context->tty_reset)
156 reset_terminal(tty_path(context));
157
158 if (context->tty_vt_disallocate && context->tty_path)
159 vt_disallocate(context->tty_path);
160 }
161
162 static int open_null_as(int flags, int nfd) {
163 int fd, r;
164
165 assert(nfd >= 0);
166
167 if ((fd = open("/dev/null", flags|O_NOCTTY)) < 0)
168 return -errno;
169
170 if (fd != nfd) {
171 r = dup2(fd, nfd) < 0 ? -errno : nfd;
172 close_nointr_nofail(fd);
173 } else
174 r = nfd;
175
176 return r;
177 }
178
179 static int connect_logger_as(const ExecContext *context, ExecOutput output, const char *ident, const char *unit_id, int nfd) {
180 int fd, r;
181 union sockaddr_union sa;
182
183 assert(context);
184 assert(output < _EXEC_OUTPUT_MAX);
185 assert(ident);
186 assert(nfd >= 0);
187
188 fd = socket(AF_UNIX, SOCK_STREAM, 0);
189 if (fd < 0)
190 return -errno;
191
192 zero(sa);
193 sa.un.sun_family = AF_UNIX;
194 strncpy(sa.un.sun_path, "/run/systemd/journal/stdout", sizeof(sa.un.sun_path));
195
196 r = connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path));
197 if (r < 0) {
198 close_nointr_nofail(fd);
199 return -errno;
200 }
201
202 if (shutdown(fd, SHUT_RD) < 0) {
203 close_nointr_nofail(fd);
204 return -errno;
205 }
206
207 dprintf(fd,
208 "%s\n"
209 "%s\n"
210 "%i\n"
211 "%i\n"
212 "%i\n"
213 "%i\n"
214 "%i\n",
215 context->syslog_identifier ? context->syslog_identifier : ident,
216 unit_id,
217 context->syslog_priority,
218 !!context->syslog_level_prefix,
219 output == EXEC_OUTPUT_SYSLOG || output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
220 output == EXEC_OUTPUT_KMSG || output == EXEC_OUTPUT_KMSG_AND_CONSOLE,
221 output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE || output == EXEC_OUTPUT_KMSG_AND_CONSOLE || output == EXEC_OUTPUT_JOURNAL_AND_CONSOLE);
222
223 if (fd != nfd) {
224 r = dup2(fd, nfd) < 0 ? -errno : nfd;
225 close_nointr_nofail(fd);
226 } else
227 r = nfd;
228
229 return r;
230 }
231 static int open_terminal_as(const char *path, mode_t mode, int nfd) {
232 int fd, r;
233
234 assert(path);
235 assert(nfd >= 0);
236
237 if ((fd = open_terminal(path, mode | O_NOCTTY)) < 0)
238 return fd;
239
240 if (fd != nfd) {
241 r = dup2(fd, nfd) < 0 ? -errno : nfd;
242 close_nointr_nofail(fd);
243 } else
244 r = nfd;
245
246 return r;
247 }
248
249 static bool is_terminal_input(ExecInput i) {
250 return
251 i == EXEC_INPUT_TTY ||
252 i == EXEC_INPUT_TTY_FORCE ||
253 i == EXEC_INPUT_TTY_FAIL;
254 }
255
256 static int fixup_input(ExecInput std_input, int socket_fd, bool apply_tty_stdin) {
257
258 if (is_terminal_input(std_input) && !apply_tty_stdin)
259 return EXEC_INPUT_NULL;
260
261 if (std_input == EXEC_INPUT_SOCKET && socket_fd < 0)
262 return EXEC_INPUT_NULL;
263
264 return std_input;
265 }
266
267 static int fixup_output(ExecOutput std_output, int socket_fd) {
268
269 if (std_output == EXEC_OUTPUT_SOCKET && socket_fd < 0)
270 return EXEC_OUTPUT_INHERIT;
271
272 return std_output;
273 }
274
275 static int setup_input(const ExecContext *context, int socket_fd, bool apply_tty_stdin) {
276 ExecInput i;
277
278 assert(context);
279
280 i = fixup_input(context->std_input, socket_fd, apply_tty_stdin);
281
282 switch (i) {
283
284 case EXEC_INPUT_NULL:
285 return open_null_as(O_RDONLY, STDIN_FILENO);
286
287 case EXEC_INPUT_TTY:
288 case EXEC_INPUT_TTY_FORCE:
289 case EXEC_INPUT_TTY_FAIL: {
290 int fd, r;
291
292 if ((fd = acquire_terminal(
293 tty_path(context),
294 i == EXEC_INPUT_TTY_FAIL,
295 i == EXEC_INPUT_TTY_FORCE,
296 false,
297 (usec_t) -1)) < 0)
298 return fd;
299
300 if (fd != STDIN_FILENO) {
301 r = dup2(fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;
302 close_nointr_nofail(fd);
303 } else
304 r = STDIN_FILENO;
305
306 return r;
307 }
308
309 case EXEC_INPUT_SOCKET:
310 return dup2(socket_fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;
311
312 default:
313 assert_not_reached("Unknown input type");
314 }
315 }
316
317 static int setup_output(const ExecContext *context, int socket_fd, const char *ident, const char *unit_id, bool apply_tty_stdin) {
318 ExecOutput o;
319 ExecInput i;
320
321 assert(context);
322 assert(ident);
323
324 i = fixup_input(context->std_input, socket_fd, apply_tty_stdin);
325 o = fixup_output(context->std_output, socket_fd);
326
327 /* This expects the input is already set up */
328
329 switch (o) {
330
331 case EXEC_OUTPUT_INHERIT:
332
333 /* If input got downgraded, inherit the original value */
334 if (i == EXEC_INPUT_NULL && is_terminal_input(context->std_input))
335 return open_terminal_as(tty_path(context), O_WRONLY, STDOUT_FILENO);
336
337 /* If the input is connected to anything that's not a /dev/null, inherit that... */
338 if (i != EXEC_INPUT_NULL)
339 return dup2(STDIN_FILENO, STDOUT_FILENO) < 0 ? -errno : STDOUT_FILENO;
340
341 /* If we are not started from PID 1 we just inherit STDOUT from our parent process. */
342 if (getppid() != 1)
343 return STDOUT_FILENO;
344
345 /* We need to open /dev/null here anew, to get the
346 * right access mode. So we fall through */
347
348 case EXEC_OUTPUT_NULL:
349 return open_null_as(O_WRONLY, STDOUT_FILENO);
350
351 case EXEC_OUTPUT_TTY:
352 if (is_terminal_input(i))
353 return dup2(STDIN_FILENO, STDOUT_FILENO) < 0 ? -errno : STDOUT_FILENO;
354
355 /* We don't reset the terminal if this is just about output */
356 return open_terminal_as(tty_path(context), O_WRONLY, STDOUT_FILENO);
357
358 case EXEC_OUTPUT_SYSLOG:
359 case EXEC_OUTPUT_SYSLOG_AND_CONSOLE:
360 case EXEC_OUTPUT_KMSG:
361 case EXEC_OUTPUT_KMSG_AND_CONSOLE:
362 case EXEC_OUTPUT_JOURNAL:
363 case EXEC_OUTPUT_JOURNAL_AND_CONSOLE:
364 return connect_logger_as(context, o, ident, unit_id, STDOUT_FILENO);
365
366 case EXEC_OUTPUT_SOCKET:
367 assert(socket_fd >= 0);
368 return dup2(socket_fd, STDOUT_FILENO) < 0 ? -errno : STDOUT_FILENO;
369
370 default:
371 assert_not_reached("Unknown output type");
372 }
373 }
374
375 static int setup_error(const ExecContext *context, int socket_fd, const char *ident, const char *unit_id, bool apply_tty_stdin) {
376 ExecOutput o, e;
377 ExecInput i;
378
379 assert(context);
380 assert(ident);
381
382 i = fixup_input(context->std_input, socket_fd, apply_tty_stdin);
383 o = fixup_output(context->std_output, socket_fd);
384 e = fixup_output(context->std_error, socket_fd);
385
386 /* This expects the input and output are already set up */
387
388 /* Don't change the stderr file descriptor if we inherit all
389 * the way and are not on a tty */
390 if (e == EXEC_OUTPUT_INHERIT &&
391 o == EXEC_OUTPUT_INHERIT &&
392 i == EXEC_INPUT_NULL &&
393 !is_terminal_input(context->std_input) &&
394 getppid () != 1)
395 return STDERR_FILENO;
396
397 /* Duplicate from stdout if possible */
398 if (e == o || e == EXEC_OUTPUT_INHERIT)
399 return dup2(STDOUT_FILENO, STDERR_FILENO) < 0 ? -errno : STDERR_FILENO;
400
401 switch (e) {
402
403 case EXEC_OUTPUT_NULL:
404 return open_null_as(O_WRONLY, STDERR_FILENO);
405
406 case EXEC_OUTPUT_TTY:
407 if (is_terminal_input(i))
408 return dup2(STDIN_FILENO, STDERR_FILENO) < 0 ? -errno : STDERR_FILENO;
409
410 /* We don't reset the terminal if this is just about output */
411 return open_terminal_as(tty_path(context), O_WRONLY, STDERR_FILENO);
412
413 case EXEC_OUTPUT_SYSLOG:
414 case EXEC_OUTPUT_SYSLOG_AND_CONSOLE:
415 case EXEC_OUTPUT_KMSG:
416 case EXEC_OUTPUT_KMSG_AND_CONSOLE:
417 case EXEC_OUTPUT_JOURNAL:
418 case EXEC_OUTPUT_JOURNAL_AND_CONSOLE:
419 return connect_logger_as(context, e, ident, unit_id, STDERR_FILENO);
420
421 case EXEC_OUTPUT_SOCKET:
422 assert(socket_fd >= 0);
423 return dup2(socket_fd, STDERR_FILENO) < 0 ? -errno : STDERR_FILENO;
424
425 default:
426 assert_not_reached("Unknown error type");
427 }
428 }
429
430 static int chown_terminal(int fd, uid_t uid) {
431 struct stat st;
432
433 assert(fd >= 0);
434
435 /* This might fail. What matters are the results. */
436 (void) fchown(fd, uid, -1);
437 (void) fchmod(fd, TTY_MODE);
438
439 if (fstat(fd, &st) < 0)
440 return -errno;
441
442 if (st.st_uid != uid || (st.st_mode & 0777) != TTY_MODE)
443 return -EPERM;
444
445 return 0;
446 }
447
448 static int setup_confirm_stdio(int *_saved_stdin,
449 int *_saved_stdout) {
450 int fd = -1, saved_stdin, saved_stdout = -1, r;
451
452 assert(_saved_stdin);
453 assert(_saved_stdout);
454
455 saved_stdin = fcntl(STDIN_FILENO, F_DUPFD, 3);
456 if (saved_stdin < 0)
457 return -errno;
458
459 saved_stdout = fcntl(STDOUT_FILENO, F_DUPFD, 3);
460 if (saved_stdout < 0) {
461 r = errno;
462 goto fail;
463 }
464
465 fd = acquire_terminal(
466 "/dev/console",
467 false,
468 false,
469 false,
470 DEFAULT_CONFIRM_USEC);
471 if (fd < 0) {
472 r = fd;
473 goto fail;
474 }
475
476 r = chown_terminal(fd, getuid());
477 if (r < 0)
478 goto fail;
479
480 if (dup2(fd, STDIN_FILENO) < 0) {
481 r = -errno;
482 goto fail;
483 }
484
485 if (dup2(fd, STDOUT_FILENO) < 0) {
486 r = -errno;
487 goto fail;
488 }
489
490 if (fd >= 2)
491 close_nointr_nofail(fd);
492
493 *_saved_stdin = saved_stdin;
494 *_saved_stdout = saved_stdout;
495
496 return 0;
497
498 fail:
499 if (saved_stdout >= 0)
500 close_nointr_nofail(saved_stdout);
501
502 if (saved_stdin >= 0)
503 close_nointr_nofail(saved_stdin);
504
505 if (fd >= 0)
506 close_nointr_nofail(fd);
507
508 return r;
509 }
510
511 static int write_confirm_message(const char *format, ...) {
512 int fd;
513 va_list ap;
514
515 assert(format);
516
517 fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
518 if (fd < 0)
519 return fd;
520
521 va_start(ap, format);
522 vdprintf(fd, format, ap);
523 va_end(ap);
524
525 close_nointr_nofail(fd);
526
527 return 0;
528 }
529
530 static int restore_confirm_stdio(int *saved_stdin,
531 int *saved_stdout) {
532
533 int r = 0;
534
535 assert(saved_stdin);
536 assert(saved_stdout);
537
538 release_terminal();
539
540 if (*saved_stdin >= 0)
541 if (dup2(*saved_stdin, STDIN_FILENO) < 0)
542 r = -errno;
543
544 if (*saved_stdout >= 0)
545 if (dup2(*saved_stdout, STDOUT_FILENO) < 0)
546 r = -errno;
547
548 if (*saved_stdin >= 0)
549 close_nointr_nofail(*saved_stdin);
550
551 if (*saved_stdout >= 0)
552 close_nointr_nofail(*saved_stdout);
553
554 return r;
555 }
556
557 static int ask_for_confirmation(char *response, char **argv) {
558 int saved_stdout = -1, saved_stdin = -1, r;
559 char *line;
560
561 r = setup_confirm_stdio(&saved_stdin, &saved_stdout);
562 if (r < 0)
563 return r;
564
565 line = exec_command_line(argv);
566 if (!line)
567 return -ENOMEM;
568
569 r = ask(response, "yns", "Execute %s? [Yes, No, Skip] ", line);
570 free(line);
571
572 restore_confirm_stdio(&saved_stdin, &saved_stdout);
573
574 return r;
575 }
576
577 static int enforce_groups(const ExecContext *context, const char *username, gid_t gid) {
578 bool keep_groups = false;
579 int r;
580
581 assert(context);
582
583 /* Lookup and set GID and supplementary group list. Here too
584 * we avoid NSS lookups for gid=0. */
585
586 if (context->group || username) {
587
588 if (context->group) {
589 const char *g = context->group;
590
591 if ((r = get_group_creds(&g, &gid)) < 0)
592 return r;
593 }
594
595 /* First step, initialize groups from /etc/groups */
596 if (username && gid != 0) {
597 if (initgroups(username, gid) < 0)
598 return -errno;
599
600 keep_groups = true;
601 }
602
603 /* Second step, set our gids */
604 if (setresgid(gid, gid, gid) < 0)
605 return -errno;
606 }
607
608 if (context->supplementary_groups) {
609 int ngroups_max, k;
610 gid_t *gids;
611 char **i;
612
613 /* Final step, initialize any manually set supplementary groups */
614 assert_se((ngroups_max = (int) sysconf(_SC_NGROUPS_MAX)) > 0);
615
616 if (!(gids = new(gid_t, ngroups_max)))
617 return -ENOMEM;
618
619 if (keep_groups) {
620 if ((k = getgroups(ngroups_max, gids)) < 0) {
621 free(gids);
622 return -errno;
623 }
624 } else
625 k = 0;
626
627 STRV_FOREACH(i, context->supplementary_groups) {
628 const char *g;
629
630 if (k >= ngroups_max) {
631 free(gids);
632 return -E2BIG;
633 }
634
635 g = *i;
636 r = get_group_creds(&g, gids+k);
637 if (r < 0) {
638 free(gids);
639 return r;
640 }
641
642 k++;
643 }
644
645 if (setgroups(k, gids) < 0) {
646 free(gids);
647 return -errno;
648 }
649
650 free(gids);
651 }
652
653 return 0;
654 }
655
656 static int enforce_user(const ExecContext *context, uid_t uid) {
657 int r;
658 assert(context);
659
660 /* Sets (but doesn't lookup) the uid and make sure we keep the
661 * capabilities while doing so. */
662
663 if (context->capabilities) {
664 cap_t d;
665 static const cap_value_t bits[] = {
666 CAP_SETUID, /* Necessary so that we can run setresuid() below */
667 CAP_SETPCAP /* Necessary so that we can set PR_SET_SECUREBITS later on */
668 };
669
670 /* First step: If we need to keep capabilities but
671 * drop privileges we need to make sure we keep our
672 * caps, whiel we drop privileges. */
673 if (uid != 0) {
674 int sb = context->secure_bits|SECURE_KEEP_CAPS;
675
676 if (prctl(PR_GET_SECUREBITS) != sb)
677 if (prctl(PR_SET_SECUREBITS, sb) < 0)
678 return -errno;
679 }
680
681 /* Second step: set the capabilities. This will reduce
682 * the capabilities to the minimum we need. */
683
684 if (!(d = cap_dup(context->capabilities)))
685 return -errno;
686
687 if (cap_set_flag(d, CAP_EFFECTIVE, ELEMENTSOF(bits), bits, CAP_SET) < 0 ||
688 cap_set_flag(d, CAP_PERMITTED, ELEMENTSOF(bits), bits, CAP_SET) < 0) {
689 r = -errno;
690 cap_free(d);
691 return r;
692 }
693
694 if (cap_set_proc(d) < 0) {
695 r = -errno;
696 cap_free(d);
697 return r;
698 }
699
700 cap_free(d);
701 }
702
703 /* Third step: actually set the uids */
704 if (setresuid(uid, uid, uid) < 0)
705 return -errno;
706
707 /* At this point we should have all necessary capabilities but
708 are otherwise a normal user. However, the caps might got
709 corrupted due to the setresuid() so we need clean them up
710 later. This is done outside of this call. */
711
712 return 0;
713 }
714
715 #ifdef HAVE_PAM
716
717 static int null_conv(
718 int num_msg,
719 const struct pam_message **msg,
720 struct pam_response **resp,
721 void *appdata_ptr) {
722
723 /* We don't support conversations */
724
725 return PAM_CONV_ERR;
726 }
727
728 static int setup_pam(
729 const char *name,
730 const char *user,
731 uid_t uid,
732 const char *tty,
733 char ***pam_env,
734 int fds[], unsigned n_fds) {
735
736 static const struct pam_conv conv = {
737 .conv = null_conv,
738 .appdata_ptr = NULL
739 };
740
741 pam_handle_t *handle = NULL;
742 sigset_t ss, old_ss;
743 int pam_code = PAM_SUCCESS;
744 int err;
745 char **e = NULL;
746 bool close_session = false;
747 pid_t pam_pid = 0, parent_pid;
748
749 assert(name);
750 assert(user);
751 assert(pam_env);
752
753 /* We set up PAM in the parent process, then fork. The child
754 * will then stay around until killed via PR_GET_PDEATHSIG or
755 * systemd via the cgroup logic. It will then remove the PAM
756 * session again. The parent process will exec() the actual
757 * daemon. We do things this way to ensure that the main PID
758 * of the daemon is the one we initially fork()ed. */
759
760 if ((pam_code = pam_start(name, user, &conv, &handle)) != PAM_SUCCESS) {
761 handle = NULL;
762 goto fail;
763 }
764
765 if (tty)
766 if ((pam_code = pam_set_item(handle, PAM_TTY, tty)) != PAM_SUCCESS)
767 goto fail;
768
769 if ((pam_code = pam_acct_mgmt(handle, PAM_SILENT)) != PAM_SUCCESS)
770 goto fail;
771
772 if ((pam_code = pam_open_session(handle, PAM_SILENT)) != PAM_SUCCESS)
773 goto fail;
774
775 close_session = true;
776
777 if ((!(e = pam_getenvlist(handle)))) {
778 pam_code = PAM_BUF_ERR;
779 goto fail;
780 }
781
782 /* Block SIGTERM, so that we know that it won't get lost in
783 * the child */
784 if (sigemptyset(&ss) < 0 ||
785 sigaddset(&ss, SIGTERM) < 0 ||
786 sigprocmask(SIG_BLOCK, &ss, &old_ss) < 0)
787 goto fail;
788
789 parent_pid = getpid();
790
791 if ((pam_pid = fork()) < 0)
792 goto fail;
793
794 if (pam_pid == 0) {
795 int sig;
796 int r = EXIT_PAM;
797
798 /* The child's job is to reset the PAM session on
799 * termination */
800
801 /* This string must fit in 10 chars (i.e. the length
802 * of "/sbin/init"), to look pretty in /bin/ps */
803 rename_process("(sd-pam)");
804
805 /* Make sure we don't keep open the passed fds in this
806 child. We assume that otherwise only those fds are
807 open here that have been opened by PAM. */
808 close_many(fds, n_fds);
809
810 /* Drop privileges - we don't need any to pam_close_session
811 * and this will make PR_SET_PDEATHSIG work in most cases.
812 * If this fails, ignore the error - but expect sd-pam threads
813 * to fail to exit normally */
814 if (setresuid(uid, uid, uid) < 0)
815 log_error("Error: Failed to setresuid() in sd-pam: %s", strerror(-r));
816
817 /* Wait until our parent died. This will only work if
818 * the above setresuid() succeeds, otherwise the kernel
819 * will not allow unprivileged parents kill their privileged
820 * children this way. We rely on the control groups kill logic
821 * to do the rest for us. */
822 if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
823 goto child_finish;
824
825 /* Check if our parent process might already have
826 * died? */
827 if (getppid() == parent_pid) {
828 for (;;) {
829 if (sigwait(&ss, &sig) < 0) {
830 if (errno == EINTR)
831 continue;
832
833 goto child_finish;
834 }
835
836 assert(sig == SIGTERM);
837 break;
838 }
839 }
840
841 /* If our parent died we'll end the session */
842 if (getppid() != parent_pid)
843 if ((pam_code = pam_close_session(handle, PAM_DATA_SILENT)) != PAM_SUCCESS)
844 goto child_finish;
845
846 r = 0;
847
848 child_finish:
849 pam_end(handle, pam_code | PAM_DATA_SILENT);
850 _exit(r);
851 }
852
853 /* If the child was forked off successfully it will do all the
854 * cleanups, so forget about the handle here. */
855 handle = NULL;
856
857 /* Unblock SIGTERM again in the parent */
858 if (sigprocmask(SIG_SETMASK, &old_ss, NULL) < 0)
859 goto fail;
860
861 /* We close the log explicitly here, since the PAM modules
862 * might have opened it, but we don't want this fd around. */
863 closelog();
864
865 *pam_env = e;
866 e = NULL;
867
868 return 0;
869
870 fail:
871 if (pam_code != PAM_SUCCESS)
872 err = -EPERM; /* PAM errors do not map to errno */
873 else
874 err = -errno;
875
876 if (handle) {
877 if (close_session)
878 pam_code = pam_close_session(handle, PAM_DATA_SILENT);
879
880 pam_end(handle, pam_code | PAM_DATA_SILENT);
881 }
882
883 strv_free(e);
884
885 closelog();
886
887 if (pam_pid > 1) {
888 kill(pam_pid, SIGTERM);
889 kill(pam_pid, SIGCONT);
890 }
891
892 return err;
893 }
894 #endif
895
896 static void rename_process_from_path(const char *path) {
897 char process_name[11];
898 const char *p;
899 size_t l;
900
901 /* This resulting string must fit in 10 chars (i.e. the length
902 * of "/sbin/init") to look pretty in /bin/ps */
903
904 p = path_get_file_name(path);
905 if (isempty(p)) {
906 rename_process("(...)");
907 return;
908 }
909
910 l = strlen(p);
911 if (l > 8) {
912 /* The end of the process name is usually more
913 * interesting, since the first bit might just be
914 * "systemd-" */
915 p = p + l - 8;
916 l = 8;
917 }
918
919 process_name[0] = '(';
920 memcpy(process_name+1, p, l);
921 process_name[1+l] = ')';
922 process_name[1+l+1] = 0;
923
924 rename_process(process_name);
925 }
926
927 int exec_spawn(ExecCommand *command,
928 char **argv,
929 const ExecContext *context,
930 int fds[], unsigned n_fds,
931 char **environment,
932 bool apply_permissions,
933 bool apply_chroot,
934 bool apply_tty_stdin,
935 bool confirm_spawn,
936 CGroupBonding *cgroup_bondings,
937 CGroupAttribute *cgroup_attributes,
938 const char *cgroup_suffix,
939 const char *unit_id,
940 int idle_pipe[2],
941 pid_t *ret) {
942
943 pid_t pid;
944 int r;
945 char *line;
946 int socket_fd;
947 char **files_env = NULL;
948
949 assert(command);
950 assert(context);
951 assert(ret);
952 assert(fds || n_fds <= 0);
953
954 if (context->std_input == EXEC_INPUT_SOCKET ||
955 context->std_output == EXEC_OUTPUT_SOCKET ||
956 context->std_error == EXEC_OUTPUT_SOCKET) {
957
958 if (n_fds != 1)
959 return -EINVAL;
960
961 socket_fd = fds[0];
962
963 fds = NULL;
964 n_fds = 0;
965 } else
966 socket_fd = -1;
967
968 if ((r = exec_context_load_environment(context, &files_env)) < 0) {
969 log_error("Failed to load environment files: %s", strerror(-r));
970 return r;
971 }
972
973 if (!argv)
974 argv = command->argv;
975
976 line = exec_command_line(argv);
977 if (!line) {
978 r = -ENOMEM;
979 goto fail_parent;
980 }
981
982 log_debug("About to execute: %s", line);
983 free(line);
984
985 r = cgroup_bonding_realize_list(cgroup_bondings);
986 if (r < 0)
987 goto fail_parent;
988
989 cgroup_attribute_apply_list(cgroup_attributes, cgroup_bondings);
990
991 if ((pid = fork()) < 0) {
992 r = -errno;
993 goto fail_parent;
994 }
995
996 if (pid == 0) {
997 int i, err;
998 sigset_t ss;
999 const char *username = NULL, *home = NULL;
1000 uid_t uid = (uid_t) -1;
1001 gid_t gid = (gid_t) -1;
1002 char **our_env = NULL, **pam_env = NULL, **final_env = NULL, **final_argv = NULL;
1003 unsigned n_env = 0;
1004 bool set_access = false;
1005
1006 /* child */
1007
1008 rename_process_from_path(command->path);
1009
1010 /* We reset exactly these signals, since they are the
1011 * only ones we set to SIG_IGN in the main daemon. All
1012 * others we leave untouched because we set them to
1013 * SIG_DFL or a valid handler initially, both of which
1014 * will be demoted to SIG_DFL. */
1015 default_signals(SIGNALS_CRASH_HANDLER,
1016 SIGNALS_IGNORE, -1);
1017
1018 if (context->ignore_sigpipe)
1019 ignore_signals(SIGPIPE, -1);
1020
1021 assert_se(sigemptyset(&ss) == 0);
1022 if (sigprocmask(SIG_SETMASK, &ss, NULL) < 0) {
1023 err = -errno;
1024 r = EXIT_SIGNAL_MASK;
1025 goto fail_child;
1026 }
1027
1028 if (idle_pipe) {
1029 if (idle_pipe[1] >= 0)
1030 close_nointr_nofail(idle_pipe[1]);
1031 if (idle_pipe[0] >= 0) {
1032 fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT_USEC);
1033 close_nointr_nofail(idle_pipe[0]);
1034 }
1035 }
1036
1037 /* Close sockets very early to make sure we don't
1038 * block init reexecution because it cannot bind its
1039 * sockets */
1040 log_forget_fds();
1041 err = close_all_fds(socket_fd >= 0 ? &socket_fd : fds,
1042 socket_fd >= 0 ? 1 : n_fds);
1043 if (err < 0) {
1044 r = EXIT_FDS;
1045 goto fail_child;
1046 }
1047
1048 if (!context->same_pgrp)
1049 if (setsid() < 0) {
1050 err = -errno;
1051 r = EXIT_SETSID;
1052 goto fail_child;
1053 }
1054
1055 if (context->tcpwrap_name) {
1056 if (socket_fd >= 0)
1057 if (!socket_tcpwrap(socket_fd, context->tcpwrap_name)) {
1058 err = -EACCES;
1059 r = EXIT_TCPWRAP;
1060 goto fail_child;
1061 }
1062
1063 for (i = 0; i < (int) n_fds; i++) {
1064 if (!socket_tcpwrap(fds[i], context->tcpwrap_name)) {
1065 err = -EACCES;
1066 r = EXIT_TCPWRAP;
1067 goto fail_child;
1068 }
1069 }
1070 }
1071
1072 exec_context_tty_reset(context);
1073
1074 if (confirm_spawn) {
1075 char response;
1076
1077 err = ask_for_confirmation(&response, argv);
1078 if (err == -ETIMEDOUT)
1079 write_confirm_message("Confirmation question timed out, assuming positive response.\n");
1080 else if (err < 0)
1081 write_confirm_message("Couldn't ask confirmation question, assuming positive response: %s\n", strerror(-err));
1082 else if (response == 's') {
1083 write_confirm_message("Skipping execution.\n");
1084 err = -ECANCELED;
1085 r = EXIT_CONFIRM;
1086 goto fail_child;
1087 } else if (response == 'n') {
1088 write_confirm_message("Failing execution.\n");
1089 err = r = 0;
1090 goto fail_child;
1091 }
1092 }
1093
1094 /* If a socket is connected to STDIN/STDOUT/STDERR, we
1095 * must sure to drop O_NONBLOCK */
1096 if (socket_fd >= 0)
1097 fd_nonblock(socket_fd, false);
1098
1099 err = setup_input(context, socket_fd, apply_tty_stdin);
1100 if (err < 0) {
1101 r = EXIT_STDIN;
1102 goto fail_child;
1103 }
1104
1105 err = setup_output(context, socket_fd, path_get_file_name(command->path), unit_id, apply_tty_stdin);
1106 if (err < 0) {
1107 r = EXIT_STDOUT;
1108 goto fail_child;
1109 }
1110
1111 err = setup_error(context, socket_fd, path_get_file_name(command->path), unit_id, apply_tty_stdin);
1112 if (err < 0) {
1113 r = EXIT_STDERR;
1114 goto fail_child;
1115 }
1116
1117 if (cgroup_bondings) {
1118 err = cgroup_bonding_install_list(cgroup_bondings, 0, cgroup_suffix);
1119 if (err < 0) {
1120 r = EXIT_CGROUP;
1121 goto fail_child;
1122 }
1123 }
1124
1125 if (context->oom_score_adjust_set) {
1126 char t[16];
1127
1128 snprintf(t, sizeof(t), "%i", context->oom_score_adjust);
1129 char_array_0(t);
1130
1131 if (write_one_line_file("/proc/self/oom_score_adj", t) < 0) {
1132 err = -errno;
1133 r = EXIT_OOM_ADJUST;
1134 goto fail_child;
1135 }
1136 }
1137
1138 if (context->nice_set)
1139 if (setpriority(PRIO_PROCESS, 0, context->nice) < 0) {
1140 err = -errno;
1141 r = EXIT_NICE;
1142 goto fail_child;
1143 }
1144
1145 if (context->cpu_sched_set) {
1146 struct sched_param param;
1147
1148 zero(param);
1149 param.sched_priority = context->cpu_sched_priority;
1150
1151 if (sched_setscheduler(0, context->cpu_sched_policy |
1152 (context->cpu_sched_reset_on_fork ? SCHED_RESET_ON_FORK : 0), &param) < 0) {
1153 err = -errno;
1154 r = EXIT_SETSCHEDULER;
1155 goto fail_child;
1156 }
1157 }
1158
1159 if (context->cpuset)
1160 if (sched_setaffinity(0, CPU_ALLOC_SIZE(context->cpuset_ncpus), context->cpuset) < 0) {
1161 err = -errno;
1162 r = EXIT_CPUAFFINITY;
1163 goto fail_child;
1164 }
1165
1166 if (context->ioprio_set)
1167 if (ioprio_set(IOPRIO_WHO_PROCESS, 0, context->ioprio) < 0) {
1168 err = -errno;
1169 r = EXIT_IOPRIO;
1170 goto fail_child;
1171 }
1172
1173 if (context->timer_slack_nsec != (nsec_t) -1)
1174 if (prctl(PR_SET_TIMERSLACK, context->timer_slack_nsec) < 0) {
1175 err = -errno;
1176 r = EXIT_TIMERSLACK;
1177 goto fail_child;
1178 }
1179
1180 if (context->utmp_id)
1181 utmp_put_init_process(context->utmp_id, getpid(), getsid(0), context->tty_path);
1182
1183 if (context->user) {
1184 username = context->user;
1185 err = get_user_creds(&username, &uid, &gid, &home);
1186 if (err < 0) {
1187 r = EXIT_USER;
1188 goto fail_child;
1189 }
1190
1191 if (is_terminal_input(context->std_input)) {
1192 err = chown_terminal(STDIN_FILENO, uid);
1193 if (err < 0) {
1194 r = EXIT_STDIN;
1195 goto fail_child;
1196 }
1197 }
1198
1199 if (cgroup_bondings && context->control_group_modify) {
1200 err = cgroup_bonding_set_group_access_list(cgroup_bondings, 0755, uid, gid);
1201 if (err >= 0)
1202 err = cgroup_bonding_set_task_access_list(cgroup_bondings, 0644, uid, gid, context->control_group_persistent);
1203 if (err < 0) {
1204 r = EXIT_CGROUP;
1205 goto fail_child;
1206 }
1207
1208 set_access = true;
1209 }
1210 }
1211
1212 if (cgroup_bondings && !set_access && context->control_group_persistent >= 0) {
1213 err = cgroup_bonding_set_task_access_list(cgroup_bondings, (mode_t) -1, (uid_t) -1, (uid_t) -1, context->control_group_persistent);
1214 if (err < 0) {
1215 r = EXIT_CGROUP;
1216 goto fail_child;
1217 }
1218 }
1219
1220 if (apply_permissions) {
1221 err = enforce_groups(context, username, gid);
1222 if (err < 0) {
1223 r = EXIT_GROUP;
1224 goto fail_child;
1225 }
1226 }
1227
1228 umask(context->umask);
1229
1230 #ifdef HAVE_PAM
1231 if (context->pam_name && username) {
1232 err = setup_pam(context->pam_name, username, uid, context->tty_path, &pam_env, fds, n_fds);
1233 if (err < 0) {
1234 r = EXIT_PAM;
1235 goto fail_child;
1236 }
1237 }
1238 #endif
1239 if (context->private_network) {
1240 if (unshare(CLONE_NEWNET) < 0) {
1241 err = -errno;
1242 r = EXIT_NETWORK;
1243 goto fail_child;
1244 }
1245
1246 loopback_setup();
1247 }
1248
1249 if (strv_length(context->read_write_dirs) > 0 ||
1250 strv_length(context->read_only_dirs) > 0 ||
1251 strv_length(context->inaccessible_dirs) > 0 ||
1252 context->mount_flags != MS_SHARED ||
1253 context->private_tmp) {
1254 err = setup_namespace(context->read_write_dirs,
1255 context->read_only_dirs,
1256 context->inaccessible_dirs,
1257 context->private_tmp,
1258 context->mount_flags);
1259 if (err < 0) {
1260 r = EXIT_NAMESPACE;
1261 goto fail_child;
1262 }
1263 }
1264
1265 if (apply_chroot) {
1266 if (context->root_directory)
1267 if (chroot(context->root_directory) < 0) {
1268 err = -errno;
1269 r = EXIT_CHROOT;
1270 goto fail_child;
1271 }
1272
1273 if (chdir(context->working_directory ? context->working_directory : "/") < 0) {
1274 err = -errno;
1275 r = EXIT_CHDIR;
1276 goto fail_child;
1277 }
1278 } else {
1279
1280 char *d;
1281
1282 if (asprintf(&d, "%s/%s",
1283 context->root_directory ? context->root_directory : "",
1284 context->working_directory ? context->working_directory : "") < 0) {
1285 err = -ENOMEM;
1286 r = EXIT_MEMORY;
1287 goto fail_child;
1288 }
1289
1290 if (chdir(d) < 0) {
1291 err = -errno;
1292 free(d);
1293 r = EXIT_CHDIR;
1294 goto fail_child;
1295 }
1296
1297 free(d);
1298 }
1299
1300 /* We repeat the fd closing here, to make sure that
1301 * nothing is leaked from the PAM modules */
1302 err = close_all_fds(fds, n_fds);
1303 if (err >= 0)
1304 err = shift_fds(fds, n_fds);
1305 if (err >= 0)
1306 err = flags_fds(fds, n_fds, context->non_blocking);
1307 if (err < 0) {
1308 r = EXIT_FDS;
1309 goto fail_child;
1310 }
1311
1312 if (apply_permissions) {
1313
1314 for (i = 0; i < RLIMIT_NLIMITS; i++) {
1315 if (!context->rlimit[i])
1316 continue;
1317
1318 if (setrlimit_closest(i, context->rlimit[i]) < 0) {
1319 err = -errno;
1320 r = EXIT_LIMITS;
1321 goto fail_child;
1322 }
1323 }
1324
1325 if (context->capability_bounding_set_drop) {
1326 err = capability_bounding_set_drop(context->capability_bounding_set_drop, false);
1327 if (err < 0) {
1328 r = EXIT_CAPABILITIES;
1329 goto fail_child;
1330 }
1331 }
1332
1333 if (context->user) {
1334 err = enforce_user(context, uid);
1335 if (err < 0) {
1336 r = EXIT_USER;
1337 goto fail_child;
1338 }
1339 }
1340
1341 /* PR_GET_SECUREBITS is not privileged, while
1342 * PR_SET_SECUREBITS is. So to suppress
1343 * potential EPERMs we'll try not to call
1344 * PR_SET_SECUREBITS unless necessary. */
1345 if (prctl(PR_GET_SECUREBITS) != context->secure_bits)
1346 if (prctl(PR_SET_SECUREBITS, context->secure_bits) < 0) {
1347 err = -errno;
1348 r = EXIT_SECUREBITS;
1349 goto fail_child;
1350 }
1351
1352 if (context->capabilities)
1353 if (cap_set_proc(context->capabilities) < 0) {
1354 err = -errno;
1355 r = EXIT_CAPABILITIES;
1356 goto fail_child;
1357 }
1358 }
1359
1360 if (!(our_env = new0(char*, 7))) {
1361 err = -ENOMEM;
1362 r = EXIT_MEMORY;
1363 goto fail_child;
1364 }
1365
1366 if (n_fds > 0)
1367 if (asprintf(our_env + n_env++, "LISTEN_PID=%lu", (unsigned long) getpid()) < 0 ||
1368 asprintf(our_env + n_env++, "LISTEN_FDS=%u", n_fds) < 0) {
1369 err = -ENOMEM;
1370 r = EXIT_MEMORY;
1371 goto fail_child;
1372 }
1373
1374 if (home)
1375 if (asprintf(our_env + n_env++, "HOME=%s", home) < 0) {
1376 err = -ENOMEM;
1377 r = EXIT_MEMORY;
1378 goto fail_child;
1379 }
1380
1381 if (username)
1382 if (asprintf(our_env + n_env++, "LOGNAME=%s", username) < 0 ||
1383 asprintf(our_env + n_env++, "USER=%s", username) < 0) {
1384 err = -ENOMEM;
1385 r = EXIT_MEMORY;
1386 goto fail_child;
1387 }
1388
1389 if (is_terminal_input(context->std_input) ||
1390 context->std_output == EXEC_OUTPUT_TTY ||
1391 context->std_error == EXEC_OUTPUT_TTY)
1392 if (!(our_env[n_env++] = strdup(default_term_for_tty(tty_path(context))))) {
1393 err = -ENOMEM;
1394 r = EXIT_MEMORY;
1395 goto fail_child;
1396 }
1397
1398 assert(n_env <= 7);
1399
1400 if (!(final_env = strv_env_merge(
1401 5,
1402 environment,
1403 our_env,
1404 context->environment,
1405 files_env,
1406 pam_env,
1407 NULL))) {
1408 err = -ENOMEM;
1409 r = EXIT_MEMORY;
1410 goto fail_child;
1411 }
1412
1413 if (!(final_argv = replace_env_argv(argv, final_env))) {
1414 err = -ENOMEM;
1415 r = EXIT_MEMORY;
1416 goto fail_child;
1417 }
1418
1419 final_env = strv_env_clean(final_env);
1420
1421 execve(command->path, final_argv, final_env);
1422 err = -errno;
1423 r = EXIT_EXEC;
1424
1425 fail_child:
1426 if (r != 0) {
1427 log_open();
1428 log_warning("Failed at step %s spawning %s: %s",
1429 exit_status_to_string(r, EXIT_STATUS_SYSTEMD),
1430 command->path, strerror(-err));
1431 }
1432
1433 strv_free(our_env);
1434 strv_free(final_env);
1435 strv_free(pam_env);
1436 strv_free(files_env);
1437 strv_free(final_argv);
1438
1439 _exit(r);
1440 }
1441
1442 strv_free(files_env);
1443
1444 /* We add the new process to the cgroup both in the child (so
1445 * that we can be sure that no user code is ever executed
1446 * outside of the cgroup) and in the parent (so that we can be
1447 * sure that when we kill the cgroup the process will be
1448 * killed too). */
1449 if (cgroup_bondings)
1450 cgroup_bonding_install_list(cgroup_bondings, pid, cgroup_suffix);
1451
1452 log_debug("Forked %s as %lu", command->path, (unsigned long) pid);
1453
1454 exec_status_start(&command->exec_status, pid);
1455
1456 *ret = pid;
1457 return 0;
1458
1459 fail_parent:
1460 strv_free(files_env);
1461
1462 return r;
1463 }
1464
1465 void exec_context_init(ExecContext *c) {
1466 assert(c);
1467
1468 c->umask = 0022;
1469 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
1470 c->cpu_sched_policy = SCHED_OTHER;
1471 c->syslog_priority = LOG_DAEMON|LOG_INFO;
1472 c->syslog_level_prefix = true;
1473 c->mount_flags = MS_SHARED;
1474 c->kill_signal = SIGTERM;
1475 c->send_sigkill = true;
1476 c->control_group_persistent = -1;
1477 c->ignore_sigpipe = true;
1478 c->timer_slack_nsec = (nsec_t) -1;
1479 }
1480
1481 void exec_context_done(ExecContext *c) {
1482 unsigned l;
1483
1484 assert(c);
1485
1486 strv_free(c->environment);
1487 c->environment = NULL;
1488
1489 strv_free(c->environment_files);
1490 c->environment_files = NULL;
1491
1492 for (l = 0; l < ELEMENTSOF(c->rlimit); l++) {
1493 free(c->rlimit[l]);
1494 c->rlimit[l] = NULL;
1495 }
1496
1497 free(c->working_directory);
1498 c->working_directory = NULL;
1499 free(c->root_directory);
1500 c->root_directory = NULL;
1501
1502 free(c->tty_path);
1503 c->tty_path = NULL;
1504
1505 free(c->tcpwrap_name);
1506 c->tcpwrap_name = NULL;
1507
1508 free(c->syslog_identifier);
1509 c->syslog_identifier = NULL;
1510
1511 free(c->user);
1512 c->user = NULL;
1513
1514 free(c->group);
1515 c->group = NULL;
1516
1517 strv_free(c->supplementary_groups);
1518 c->supplementary_groups = NULL;
1519
1520 free(c->pam_name);
1521 c->pam_name = NULL;
1522
1523 if (c->capabilities) {
1524 cap_free(c->capabilities);
1525 c->capabilities = NULL;
1526 }
1527
1528 strv_free(c->read_only_dirs);
1529 c->read_only_dirs = NULL;
1530
1531 strv_free(c->read_write_dirs);
1532 c->read_write_dirs = NULL;
1533
1534 strv_free(c->inaccessible_dirs);
1535 c->inaccessible_dirs = NULL;
1536
1537 if (c->cpuset)
1538 CPU_FREE(c->cpuset);
1539
1540 free(c->utmp_id);
1541 c->utmp_id = NULL;
1542 }
1543
1544 void exec_command_done(ExecCommand *c) {
1545 assert(c);
1546
1547 free(c->path);
1548 c->path = NULL;
1549
1550 strv_free(c->argv);
1551 c->argv = NULL;
1552 }
1553
1554 void exec_command_done_array(ExecCommand *c, unsigned n) {
1555 unsigned i;
1556
1557 for (i = 0; i < n; i++)
1558 exec_command_done(c+i);
1559 }
1560
1561 void exec_command_free_list(ExecCommand *c) {
1562 ExecCommand *i;
1563
1564 while ((i = c)) {
1565 LIST_REMOVE(ExecCommand, command, c, i);
1566 exec_command_done(i);
1567 free(i);
1568 }
1569 }
1570
1571 void exec_command_free_array(ExecCommand **c, unsigned n) {
1572 unsigned i;
1573
1574 for (i = 0; i < n; i++) {
1575 exec_command_free_list(c[i]);
1576 c[i] = NULL;
1577 }
1578 }
1579
1580 int exec_context_load_environment(const ExecContext *c, char ***l) {
1581 char **i, **r = NULL;
1582
1583 assert(c);
1584 assert(l);
1585
1586 STRV_FOREACH(i, c->environment_files) {
1587 char *fn;
1588 int k;
1589 bool ignore = false;
1590 char **p;
1591
1592 fn = *i;
1593
1594 if (fn[0] == '-') {
1595 ignore = true;
1596 fn ++;
1597 }
1598
1599 if (!path_is_absolute(fn)) {
1600
1601 if (ignore)
1602 continue;
1603
1604 strv_free(r);
1605 return -EINVAL;
1606 }
1607
1608 if ((k = load_env_file(fn, &p)) < 0) {
1609
1610 if (ignore)
1611 continue;
1612
1613 strv_free(r);
1614 return k;
1615 }
1616
1617 if (r == NULL)
1618 r = p;
1619 else {
1620 char **m;
1621
1622 m = strv_env_merge(2, r, p);
1623 strv_free(r);
1624 strv_free(p);
1625
1626 if (!m)
1627 return -ENOMEM;
1628
1629 r = m;
1630 }
1631 }
1632
1633 *l = r;
1634
1635 return 0;
1636 }
1637
1638 static void strv_fprintf(FILE *f, char **l) {
1639 char **g;
1640
1641 assert(f);
1642
1643 STRV_FOREACH(g, l)
1644 fprintf(f, " %s", *g);
1645 }
1646
1647 void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
1648 char ** e;
1649 unsigned i;
1650
1651 assert(c);
1652 assert(f);
1653
1654 if (!prefix)
1655 prefix = "";
1656
1657 fprintf(f,
1658 "%sUMask: %04o\n"
1659 "%sWorkingDirectory: %s\n"
1660 "%sRootDirectory: %s\n"
1661 "%sNonBlocking: %s\n"
1662 "%sPrivateTmp: %s\n"
1663 "%sControlGroupModify: %s\n"
1664 "%sControlGroupPersistent: %s\n"
1665 "%sPrivateNetwork: %s\n",
1666 prefix, c->umask,
1667 prefix, c->working_directory ? c->working_directory : "/",
1668 prefix, c->root_directory ? c->root_directory : "/",
1669 prefix, yes_no(c->non_blocking),
1670 prefix, yes_no(c->private_tmp),
1671 prefix, yes_no(c->control_group_modify),
1672 prefix, yes_no(c->control_group_persistent),
1673 prefix, yes_no(c->private_network));
1674
1675 STRV_FOREACH(e, c->environment)
1676 fprintf(f, "%sEnvironment: %s\n", prefix, *e);
1677
1678 STRV_FOREACH(e, c->environment_files)
1679 fprintf(f, "%sEnvironmentFile: %s\n", prefix, *e);
1680
1681 if (c->tcpwrap_name)
1682 fprintf(f,
1683 "%sTCPWrapName: %s\n",
1684 prefix, c->tcpwrap_name);
1685
1686 if (c->nice_set)
1687 fprintf(f,
1688 "%sNice: %i\n",
1689 prefix, c->nice);
1690
1691 if (c->oom_score_adjust_set)
1692 fprintf(f,
1693 "%sOOMScoreAdjust: %i\n",
1694 prefix, c->oom_score_adjust);
1695
1696 for (i = 0; i < RLIM_NLIMITS; i++)
1697 if (c->rlimit[i])
1698 fprintf(f, "%s%s: %llu\n", prefix, rlimit_to_string(i), (unsigned long long) c->rlimit[i]->rlim_max);
1699
1700 if (c->ioprio_set)
1701 fprintf(f,
1702 "%sIOSchedulingClass: %s\n"
1703 "%sIOPriority: %i\n",
1704 prefix, ioprio_class_to_string(IOPRIO_PRIO_CLASS(c->ioprio)),
1705 prefix, (int) IOPRIO_PRIO_DATA(c->ioprio));
1706
1707 if (c->cpu_sched_set)
1708 fprintf(f,
1709 "%sCPUSchedulingPolicy: %s\n"
1710 "%sCPUSchedulingPriority: %i\n"
1711 "%sCPUSchedulingResetOnFork: %s\n",
1712 prefix, sched_policy_to_string(c->cpu_sched_policy),
1713 prefix, c->cpu_sched_priority,
1714 prefix, yes_no(c->cpu_sched_reset_on_fork));
1715
1716 if (c->cpuset) {
1717 fprintf(f, "%sCPUAffinity:", prefix);
1718 for (i = 0; i < c->cpuset_ncpus; i++)
1719 if (CPU_ISSET_S(i, CPU_ALLOC_SIZE(c->cpuset_ncpus), c->cpuset))
1720 fprintf(f, " %i", i);
1721 fputs("\n", f);
1722 }
1723
1724 if (c->timer_slack_nsec != (nsec_t) -1)
1725 fprintf(f, "%sTimerSlackNSec: %lu\n", prefix, (unsigned long)c->timer_slack_nsec);
1726
1727 fprintf(f,
1728 "%sStandardInput: %s\n"
1729 "%sStandardOutput: %s\n"
1730 "%sStandardError: %s\n",
1731 prefix, exec_input_to_string(c->std_input),
1732 prefix, exec_output_to_string(c->std_output),
1733 prefix, exec_output_to_string(c->std_error));
1734
1735 if (c->tty_path)
1736 fprintf(f,
1737 "%sTTYPath: %s\n"
1738 "%sTTYReset: %s\n"
1739 "%sTTYVHangup: %s\n"
1740 "%sTTYVTDisallocate: %s\n",
1741 prefix, c->tty_path,
1742 prefix, yes_no(c->tty_reset),
1743 prefix, yes_no(c->tty_vhangup),
1744 prefix, yes_no(c->tty_vt_disallocate));
1745
1746 if (c->std_output == EXEC_OUTPUT_SYSLOG || c->std_output == EXEC_OUTPUT_KMSG || c->std_output == EXEC_OUTPUT_JOURNAL ||
1747 c->std_output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE || c->std_output == EXEC_OUTPUT_KMSG_AND_CONSOLE || c->std_output == EXEC_OUTPUT_JOURNAL_AND_CONSOLE ||
1748 c->std_error == EXEC_OUTPUT_SYSLOG || c->std_error == EXEC_OUTPUT_KMSG || c->std_error == EXEC_OUTPUT_JOURNAL ||
1749 c->std_error == EXEC_OUTPUT_SYSLOG_AND_CONSOLE || c->std_error == EXEC_OUTPUT_KMSG_AND_CONSOLE || c->std_error == EXEC_OUTPUT_JOURNAL_AND_CONSOLE)
1750 fprintf(f,
1751 "%sSyslogFacility: %s\n"
1752 "%sSyslogLevel: %s\n",
1753 prefix, log_facility_unshifted_to_string(c->syslog_priority >> 3),
1754 prefix, log_level_to_string(LOG_PRI(c->syslog_priority)));
1755
1756 if (c->capabilities) {
1757 char *t;
1758 if ((t = cap_to_text(c->capabilities, NULL))) {
1759 fprintf(f, "%sCapabilities: %s\n",
1760 prefix, t);
1761 cap_free(t);
1762 }
1763 }
1764
1765 if (c->secure_bits)
1766 fprintf(f, "%sSecure Bits:%s%s%s%s%s%s\n",
1767 prefix,
1768 (c->secure_bits & SECURE_KEEP_CAPS) ? " keep-caps" : "",
1769 (c->secure_bits & SECURE_KEEP_CAPS_LOCKED) ? " keep-caps-locked" : "",
1770 (c->secure_bits & SECURE_NO_SETUID_FIXUP) ? " no-setuid-fixup" : "",
1771 (c->secure_bits & SECURE_NO_SETUID_FIXUP_LOCKED) ? " no-setuid-fixup-locked" : "",
1772 (c->secure_bits & SECURE_NOROOT) ? " noroot" : "",
1773 (c->secure_bits & SECURE_NOROOT_LOCKED) ? "noroot-locked" : "");
1774
1775 if (c->capability_bounding_set_drop) {
1776 unsigned long l;
1777 fprintf(f, "%sCapabilityBoundingSet:", prefix);
1778
1779 for (l = 0; l <= cap_last_cap(); l++)
1780 if (!(c->capability_bounding_set_drop & ((uint64_t) 1ULL << (uint64_t) l))) {
1781 char *t;
1782
1783 if ((t = cap_to_name(l))) {
1784 fprintf(f, " %s", t);
1785 cap_free(t);
1786 }
1787 }
1788
1789 fputs("\n", f);
1790 }
1791
1792 if (c->user)
1793 fprintf(f, "%sUser: %s\n", prefix, c->user);
1794 if (c->group)
1795 fprintf(f, "%sGroup: %s\n", prefix, c->group);
1796
1797 if (strv_length(c->supplementary_groups) > 0) {
1798 fprintf(f, "%sSupplementaryGroups:", prefix);
1799 strv_fprintf(f, c->supplementary_groups);
1800 fputs("\n", f);
1801 }
1802
1803 if (c->pam_name)
1804 fprintf(f, "%sPAMName: %s\n", prefix, c->pam_name);
1805
1806 if (strv_length(c->read_write_dirs) > 0) {
1807 fprintf(f, "%sReadWriteDirs:", prefix);
1808 strv_fprintf(f, c->read_write_dirs);
1809 fputs("\n", f);
1810 }
1811
1812 if (strv_length(c->read_only_dirs) > 0) {
1813 fprintf(f, "%sReadOnlyDirs:", prefix);
1814 strv_fprintf(f, c->read_only_dirs);
1815 fputs("\n", f);
1816 }
1817
1818 if (strv_length(c->inaccessible_dirs) > 0) {
1819 fprintf(f, "%sInaccessibleDirs:", prefix);
1820 strv_fprintf(f, c->inaccessible_dirs);
1821 fputs("\n", f);
1822 }
1823
1824 fprintf(f,
1825 "%sKillMode: %s\n"
1826 "%sKillSignal: SIG%s\n"
1827 "%sSendSIGKILL: %s\n"
1828 "%sIgnoreSIGPIPE: %s\n",
1829 prefix, kill_mode_to_string(c->kill_mode),
1830 prefix, signal_to_string(c->kill_signal),
1831 prefix, yes_no(c->send_sigkill),
1832 prefix, yes_no(c->ignore_sigpipe));
1833
1834 if (c->utmp_id)
1835 fprintf(f,
1836 "%sUtmpIdentifier: %s\n",
1837 prefix, c->utmp_id);
1838 }
1839
1840 void exec_status_start(ExecStatus *s, pid_t pid) {
1841 assert(s);
1842
1843 zero(*s);
1844 s->pid = pid;
1845 dual_timestamp_get(&s->start_timestamp);
1846 }
1847
1848 void exec_status_exit(ExecStatus *s, ExecContext *context, pid_t pid, int code, int status) {
1849 assert(s);
1850
1851 if (s->pid && s->pid != pid)
1852 zero(*s);
1853
1854 s->pid = pid;
1855 dual_timestamp_get(&s->exit_timestamp);
1856
1857 s->code = code;
1858 s->status = status;
1859
1860 if (context) {
1861 if (context->utmp_id)
1862 utmp_put_dead_process(context->utmp_id, pid, code, status);
1863
1864 exec_context_tty_reset(context);
1865 }
1866 }
1867
1868 void exec_status_dump(ExecStatus *s, FILE *f, const char *prefix) {
1869 char buf[FORMAT_TIMESTAMP_MAX];
1870
1871 assert(s);
1872 assert(f);
1873
1874 if (!prefix)
1875 prefix = "";
1876
1877 if (s->pid <= 0)
1878 return;
1879
1880 fprintf(f,
1881 "%sPID: %lu\n",
1882 prefix, (unsigned long) s->pid);
1883
1884 if (s->start_timestamp.realtime > 0)
1885 fprintf(f,
1886 "%sStart Timestamp: %s\n",
1887 prefix, format_timestamp(buf, sizeof(buf), s->start_timestamp.realtime));
1888
1889 if (s->exit_timestamp.realtime > 0)
1890 fprintf(f,
1891 "%sExit Timestamp: %s\n"
1892 "%sExit Code: %s\n"
1893 "%sExit Status: %i\n",
1894 prefix, format_timestamp(buf, sizeof(buf), s->exit_timestamp.realtime),
1895 prefix, sigchld_code_to_string(s->code),
1896 prefix, s->status);
1897 }
1898
1899 char *exec_command_line(char **argv) {
1900 size_t k;
1901 char *n, *p, **a;
1902 bool first = true;
1903
1904 assert(argv);
1905
1906 k = 1;
1907 STRV_FOREACH(a, argv)
1908 k += strlen(*a)+3;
1909
1910 if (!(n = new(char, k)))
1911 return NULL;
1912
1913 p = n;
1914 STRV_FOREACH(a, argv) {
1915
1916 if (!first)
1917 *(p++) = ' ';
1918 else
1919 first = false;
1920
1921 if (strpbrk(*a, WHITESPACE)) {
1922 *(p++) = '\'';
1923 p = stpcpy(p, *a);
1924 *(p++) = '\'';
1925 } else
1926 p = stpcpy(p, *a);
1927
1928 }
1929
1930 *p = 0;
1931
1932 /* FIXME: this doesn't really handle arguments that have
1933 * spaces and ticks in them */
1934
1935 return n;
1936 }
1937
1938 void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix) {
1939 char *p2;
1940 const char *prefix2;
1941
1942 char *cmd;
1943
1944 assert(c);
1945 assert(f);
1946
1947 if (!prefix)
1948 prefix = "";
1949 p2 = strappend(prefix, "\t");
1950 prefix2 = p2 ? p2 : prefix;
1951
1952 cmd = exec_command_line(c->argv);
1953
1954 fprintf(f,
1955 "%sCommand Line: %s\n",
1956 prefix, cmd ? cmd : strerror(ENOMEM));
1957
1958 free(cmd);
1959
1960 exec_status_dump(&c->exec_status, f, prefix2);
1961
1962 free(p2);
1963 }
1964
1965 void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix) {
1966 assert(f);
1967
1968 if (!prefix)
1969 prefix = "";
1970
1971 LIST_FOREACH(command, c, c)
1972 exec_command_dump(c, f, prefix);
1973 }
1974
1975 void exec_command_append_list(ExecCommand **l, ExecCommand *e) {
1976 ExecCommand *end;
1977
1978 assert(l);
1979 assert(e);
1980
1981 if (*l) {
1982 /* It's kind of important, that we keep the order here */
1983 LIST_FIND_TAIL(ExecCommand, command, *l, end);
1984 LIST_INSERT_AFTER(ExecCommand, command, *l, end, e);
1985 } else
1986 *l = e;
1987 }
1988
1989 int exec_command_set(ExecCommand *c, const char *path, ...) {
1990 va_list ap;
1991 char **l, *p;
1992
1993 assert(c);
1994 assert(path);
1995
1996 va_start(ap, path);
1997 l = strv_new_ap(path, ap);
1998 va_end(ap);
1999
2000 if (!l)
2001 return -ENOMEM;
2002
2003 if (!(p = strdup(path))) {
2004 strv_free(l);
2005 return -ENOMEM;
2006 }
2007
2008 free(c->path);
2009 c->path = p;
2010
2011 strv_free(c->argv);
2012 c->argv = l;
2013
2014 return 0;
2015 }
2016
2017 static const char* const exec_input_table[_EXEC_INPUT_MAX] = {
2018 [EXEC_INPUT_NULL] = "null",
2019 [EXEC_INPUT_TTY] = "tty",
2020 [EXEC_INPUT_TTY_FORCE] = "tty-force",
2021 [EXEC_INPUT_TTY_FAIL] = "tty-fail",
2022 [EXEC_INPUT_SOCKET] = "socket"
2023 };
2024
2025 DEFINE_STRING_TABLE_LOOKUP(exec_input, ExecInput);
2026
2027 static const char* const exec_output_table[_EXEC_OUTPUT_MAX] = {
2028 [EXEC_OUTPUT_INHERIT] = "inherit",
2029 [EXEC_OUTPUT_NULL] = "null",
2030 [EXEC_OUTPUT_TTY] = "tty",
2031 [EXEC_OUTPUT_SYSLOG] = "syslog",
2032 [EXEC_OUTPUT_SYSLOG_AND_CONSOLE] = "syslog+console",
2033 [EXEC_OUTPUT_KMSG] = "kmsg",
2034 [EXEC_OUTPUT_KMSG_AND_CONSOLE] = "kmsg+console",
2035 [EXEC_OUTPUT_JOURNAL] = "journal",
2036 [EXEC_OUTPUT_JOURNAL_AND_CONSOLE] = "journal+console",
2037 [EXEC_OUTPUT_SOCKET] = "socket"
2038 };
2039
2040 DEFINE_STRING_TABLE_LOOKUP(exec_output, ExecOutput);
2041
2042 static const char* const kill_mode_table[_KILL_MODE_MAX] = {
2043 [KILL_CONTROL_GROUP] = "control-group",
2044 [KILL_PROCESS] = "process",
2045 [KILL_NONE] = "none"
2046 };
2047
2048 DEFINE_STRING_TABLE_LOOKUP(kill_mode, KillMode);
2049
2050 static const char* const kill_who_table[_KILL_WHO_MAX] = {
2051 [KILL_MAIN] = "main",
2052 [KILL_CONTROL] = "control",
2053 [KILL_ALL] = "all"
2054 };
2055
2056 DEFINE_STRING_TABLE_LOOKUP(kill_who, KillWho);
Unnamed repository; edit this file 'description' to name the repository.