]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/execute.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #3202 from poettering/socket-fixes
[thirdparty/systemd.git] / src / core / execute.c
1 /***
2 This file is part of systemd.
3
4 Copyright 2010 Lennart Poettering
5
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
10
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
18 ***/
19
20 #include <errno.h>
21 #include <fcntl.h>
22 #include <glob.h>
23 #include <grp.h>
24 #include <poll.h>
25 #include <signal.h>
26 #include <string.h>
27 #include <sys/capability.h>
28 #include <sys/personality.h>
29 #include <sys/prctl.h>
30 #include <sys/socket.h>
31 #include <sys/stat.h>
32 #include <sys/un.h>
33 #include <unistd.h>
34 #include <utmpx.h>
35
36 #ifdef HAVE_PAM
37 #include <security/pam_appl.h>
38 #endif
39
40 #ifdef HAVE_SELINUX
41 #include <selinux/selinux.h>
42 #endif
43
44 #ifdef HAVE_SECCOMP
45 #include <seccomp.h>
46 #endif
47
48 #ifdef HAVE_APPARMOR
49 #include <sys/apparmor.h>
50 #endif
51
52 #include "sd-messages.h"
53
54 #include "af-list.h"
55 #include "alloc-util.h"
56 #ifdef HAVE_APPARMOR
57 #include "apparmor-util.h"
58 #endif
59 #include "async.h"
60 #include "barrier.h"
61 #include "cap-list.h"
62 #include "capability-util.h"
63 #include "def.h"
64 #include "env-util.h"
65 #include "errno-list.h"
66 #include "execute.h"
67 #include "exit-status.h"
68 #include "fd-util.h"
69 #include "fileio.h"
70 #include "formats-util.h"
71 #include "fs-util.h"
72 #include "glob-util.h"
73 #include "io-util.h"
74 #include "ioprio.h"
75 #include "log.h"
76 #include "macro.h"
77 #include "missing.h"
78 #include "mkdir.h"
79 #include "namespace.h"
80 #include "parse-util.h"
81 #include "path-util.h"
82 #include "process-util.h"
83 #include "rlimit-util.h"
84 #include "rm-rf.h"
85 #ifdef HAVE_SECCOMP
86 #include "seccomp-util.h"
87 #endif
88 #include "securebits.h"
89 #include "selinux-util.h"
90 #include "signal-util.h"
91 #include "smack-util.h"
92 #include "string-table.h"
93 #include "string-util.h"
94 #include "strv.h"
95 #include "syslog-util.h"
96 #include "terminal-util.h"
97 #include "unit.h"
98 #include "user-util.h"
99 #include "util.h"
100 #include "utmp-wtmp.h"
101
102 #define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)
103 #define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC)
104
105 /* This assumes there is a 'tty' group */
106 #define TTY_MODE 0620
107
108 #define SNDBUF_SIZE (8*1024*1024)
109
110 static int shift_fds(int fds[], unsigned n_fds) {
111 int start, restart_from;
112
113 if (n_fds <= 0)
114 return 0;
115
116 /* Modifies the fds array! (sorts it) */
117
118 assert(fds);
119
120 start = 0;
121 for (;;) {
122 int i;
123
124 restart_from = -1;
125
126 for (i = start; i < (int) n_fds; i++) {
127 int nfd;
128
129 /* Already at right index? */
130 if (fds[i] == i+3)
131 continue;
132
133 nfd = fcntl(fds[i], F_DUPFD, i + 3);
134 if (nfd < 0)
135 return -errno;
136
137 safe_close(fds[i]);
138 fds[i] = nfd;
139
140 /* Hmm, the fd we wanted isn't free? Then
141 * let's remember that and try again from here */
142 if (nfd != i+3 && restart_from < 0)
143 restart_from = i;
144 }
145
146 if (restart_from < 0)
147 break;
148
149 start = restart_from;
150 }
151
152 return 0;
153 }
154
155 static int flags_fds(const int fds[], unsigned n_fds, bool nonblock) {
156 unsigned i;
157 int r;
158
159 if (n_fds <= 0)
160 return 0;
161
162 assert(fds);
163
164 /* Drops/Sets O_NONBLOCK and FD_CLOEXEC from the file flags */
165
166 for (i = 0; i < n_fds; i++) {
167
168 r = fd_nonblock(fds[i], nonblock);
169 if (r < 0)
170 return r;
171
172 /* We unconditionally drop FD_CLOEXEC from the fds,
173 * since after all we want to pass these fds to our
174 * children */
175
176 r = fd_cloexec(fds[i], false);
177 if (r < 0)
178 return r;
179 }
180
181 return 0;
182 }
183
184 static const char *exec_context_tty_path(const ExecContext *context) {
185 assert(context);
186
187 if (context->stdio_as_fds)
188 return NULL;
189
190 if (context->tty_path)
191 return context->tty_path;
192
193 return "/dev/console";
194 }
195
196 static void exec_context_tty_reset(const ExecContext *context, const ExecParameters *p) {
197 const char *path;
198
199 assert(context);
200
201 path = exec_context_tty_path(context);
202
203 if (context->tty_vhangup) {
204 if (p && p->stdin_fd >= 0)
205 (void) terminal_vhangup_fd(p->stdin_fd);
206 else if (path)
207 (void) terminal_vhangup(path);
208 }
209
210 if (context->tty_reset) {
211 if (p && p->stdin_fd >= 0)
212 (void) reset_terminal_fd(p->stdin_fd, true);
213 else if (path)
214 (void) reset_terminal(path);
215 }
216
217 if (context->tty_vt_disallocate && path)
218 (void) vt_disallocate(path);
219 }
220
221 static bool is_terminal_output(ExecOutput o) {
222 return
223 o == EXEC_OUTPUT_TTY ||
224 o == EXEC_OUTPUT_SYSLOG_AND_CONSOLE ||
225 o == EXEC_OUTPUT_KMSG_AND_CONSOLE ||
226 o == EXEC_OUTPUT_JOURNAL_AND_CONSOLE;
227 }
228
229 static int open_null_as(int flags, int nfd) {
230 int fd, r;
231
232 assert(nfd >= 0);
233
234 fd = open("/dev/null", flags|O_NOCTTY);
235 if (fd < 0)
236 return -errno;
237
238 if (fd != nfd) {
239 r = dup2(fd, nfd) < 0 ? -errno : nfd;
240 safe_close(fd);
241 } else
242 r = nfd;
243
244 return r;
245 }
246
247 static int connect_journal_socket(int fd, uid_t uid, gid_t gid) {
248 union sockaddr_union sa = {
249 .un.sun_family = AF_UNIX,
250 .un.sun_path = "/run/systemd/journal/stdout",
251 };
252 uid_t olduid = UID_INVALID;
253 gid_t oldgid = GID_INVALID;
254 int r;
255
256 if (gid != GID_INVALID) {
257 oldgid = getgid();
258
259 r = setegid(gid);
260 if (r < 0)
261 return -errno;
262 }
263
264 if (uid != UID_INVALID) {
265 olduid = getuid();
266
267 r = seteuid(uid);
268 if (r < 0) {
269 r = -errno;
270 goto restore_gid;
271 }
272 }
273
274 r = connect(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
275 if (r < 0)
276 r = -errno;
277
278 /* If we fail to restore the uid or gid, things will likely
279 fail later on. This should only happen if an LSM interferes. */
280
281 if (uid != UID_INVALID)
282 (void) seteuid(olduid);
283
284 restore_gid:
285 if (gid != GID_INVALID)
286 (void) setegid(oldgid);
287
288 return r;
289 }
290
291 static int connect_logger_as(const ExecContext *context, ExecOutput output, const char *ident, const char *unit_id, int nfd, uid_t uid, gid_t gid) {
292 int fd, r;
293
294 assert(context);
295 assert(output < _EXEC_OUTPUT_MAX);
296 assert(ident);
297 assert(nfd >= 0);
298
299 fd = socket(AF_UNIX, SOCK_STREAM, 0);
300 if (fd < 0)
301 return -errno;
302
303 r = connect_journal_socket(fd, uid, gid);
304 if (r < 0)
305 return r;
306
307 if (shutdown(fd, SHUT_RD) < 0) {
308 safe_close(fd);
309 return -errno;
310 }
311
312 fd_inc_sndbuf(fd, SNDBUF_SIZE);
313
314 dprintf(fd,
315 "%s\n"
316 "%s\n"
317 "%i\n"
318 "%i\n"
319 "%i\n"
320 "%i\n"
321 "%i\n",
322 context->syslog_identifier ? context->syslog_identifier : ident,
323 unit_id,
324 context->syslog_priority,
325 !!context->syslog_level_prefix,
326 output == EXEC_OUTPUT_SYSLOG || output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
327 output == EXEC_OUTPUT_KMSG || output == EXEC_OUTPUT_KMSG_AND_CONSOLE,
328 is_terminal_output(output));
329
330 if (fd != nfd) {
331 r = dup2(fd, nfd) < 0 ? -errno : nfd;
332 safe_close(fd);
333 } else
334 r = nfd;
335
336 return r;
337 }
338 static int open_terminal_as(const char *path, mode_t mode, int nfd) {
339 int fd, r;
340
341 assert(path);
342 assert(nfd >= 0);
343
344 fd = open_terminal(path, mode | O_NOCTTY);
345 if (fd < 0)
346 return fd;
347
348 if (fd != nfd) {
349 r = dup2(fd, nfd) < 0 ? -errno : nfd;
350 safe_close(fd);
351 } else
352 r = nfd;
353
354 return r;
355 }
356
357 static bool is_terminal_input(ExecInput i) {
358 return
359 i == EXEC_INPUT_TTY ||
360 i == EXEC_INPUT_TTY_FORCE ||
361 i == EXEC_INPUT_TTY_FAIL;
362 }
363
364 static int fixup_input(ExecInput std_input, int socket_fd, bool apply_tty_stdin) {
365
366 if (is_terminal_input(std_input) && !apply_tty_stdin)
367 return EXEC_INPUT_NULL;
368
369 if (std_input == EXEC_INPUT_SOCKET && socket_fd < 0)
370 return EXEC_INPUT_NULL;
371
372 return std_input;
373 }
374
375 static int fixup_output(ExecOutput std_output, int socket_fd) {
376
377 if (std_output == EXEC_OUTPUT_SOCKET && socket_fd < 0)
378 return EXEC_OUTPUT_INHERIT;
379
380 return std_output;
381 }
382
383 static int setup_input(
384 const ExecContext *context,
385 const ExecParameters *params,
386 int socket_fd) {
387
388 ExecInput i;
389
390 assert(context);
391 assert(params);
392
393 if (params->stdin_fd >= 0) {
394 if (dup2(params->stdin_fd, STDIN_FILENO) < 0)
395 return -errno;
396
397 /* Try to make this the controlling tty, if it is a tty, and reset it */
398 (void) ioctl(STDIN_FILENO, TIOCSCTTY, context->std_input == EXEC_INPUT_TTY_FORCE);
399 (void) reset_terminal_fd(STDIN_FILENO, true);
400
401 return STDIN_FILENO;
402 }
403
404 i = fixup_input(context->std_input, socket_fd, params->apply_tty_stdin);
405
406 switch (i) {
407
408 case EXEC_INPUT_NULL:
409 return open_null_as(O_RDONLY, STDIN_FILENO);
410
411 case EXEC_INPUT_TTY:
412 case EXEC_INPUT_TTY_FORCE:
413 case EXEC_INPUT_TTY_FAIL: {
414 int fd, r;
415
416 fd = acquire_terminal(exec_context_tty_path(context),
417 i == EXEC_INPUT_TTY_FAIL,
418 i == EXEC_INPUT_TTY_FORCE,
419 false,
420 USEC_INFINITY);
421 if (fd < 0)
422 return fd;
423
424 if (fd != STDIN_FILENO) {
425 r = dup2(fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;
426 safe_close(fd);
427 } else
428 r = STDIN_FILENO;
429
430 return r;
431 }
432
433 case EXEC_INPUT_SOCKET:
434 return dup2(socket_fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;
435
436 default:
437 assert_not_reached("Unknown input type");
438 }
439 }
440
441 static int setup_output(
442 Unit *unit,
443 const ExecContext *context,
444 const ExecParameters *params,
445 int fileno,
446 int socket_fd,
447 const char *ident,
448 uid_t uid, gid_t gid) {
449
450 ExecOutput o;
451 ExecInput i;
452 int r;
453
454 assert(unit);
455 assert(context);
456 assert(params);
457 assert(ident);
458
459 if (fileno == STDOUT_FILENO && params->stdout_fd >= 0) {
460
461 if (dup2(params->stdout_fd, STDOUT_FILENO) < 0)
462 return -errno;
463
464 return STDOUT_FILENO;
465 }
466
467 if (fileno == STDERR_FILENO && params->stderr_fd >= 0) {
468 if (dup2(params->stderr_fd, STDERR_FILENO) < 0)
469 return -errno;
470
471 return STDERR_FILENO;
472 }
473
474 i = fixup_input(context->std_input, socket_fd, params->apply_tty_stdin);
475 o = fixup_output(context->std_output, socket_fd);
476
477 if (fileno == STDERR_FILENO) {
478 ExecOutput e;
479 e = fixup_output(context->std_error, socket_fd);
480
481 /* This expects the input and output are already set up */
482
483 /* Don't change the stderr file descriptor if we inherit all
484 * the way and are not on a tty */
485 if (e == EXEC_OUTPUT_INHERIT &&
486 o == EXEC_OUTPUT_INHERIT &&
487 i == EXEC_INPUT_NULL &&
488 !is_terminal_input(context->std_input) &&
489 getppid () != 1)
490 return fileno;
491
492 /* Duplicate from stdout if possible */
493 if (e == o || e == EXEC_OUTPUT_INHERIT)
494 return dup2(STDOUT_FILENO, fileno) < 0 ? -errno : fileno;
495
496 o = e;
497
498 } else if (o == EXEC_OUTPUT_INHERIT) {
499 /* If input got downgraded, inherit the original value */
500 if (i == EXEC_INPUT_NULL && is_terminal_input(context->std_input))
501 return open_terminal_as(exec_context_tty_path(context), O_WRONLY, fileno);
502
503 /* If the input is connected to anything that's not a /dev/null, inherit that... */
504 if (i != EXEC_INPUT_NULL)
505 return dup2(STDIN_FILENO, fileno) < 0 ? -errno : fileno;
506
507 /* If we are not started from PID 1 we just inherit STDOUT from our parent process. */
508 if (getppid() != 1)
509 return fileno;
510
511 /* We need to open /dev/null here anew, to get the right access mode. */
512 return open_null_as(O_WRONLY, fileno);
513 }
514
515 switch (o) {
516
517 case EXEC_OUTPUT_NULL:
518 return open_null_as(O_WRONLY, fileno);
519
520 case EXEC_OUTPUT_TTY:
521 if (is_terminal_input(i))
522 return dup2(STDIN_FILENO, fileno) < 0 ? -errno : fileno;
523
524 /* We don't reset the terminal if this is just about output */
525 return open_terminal_as(exec_context_tty_path(context), O_WRONLY, fileno);
526
527 case EXEC_OUTPUT_SYSLOG:
528 case EXEC_OUTPUT_SYSLOG_AND_CONSOLE:
529 case EXEC_OUTPUT_KMSG:
530 case EXEC_OUTPUT_KMSG_AND_CONSOLE:
531 case EXEC_OUTPUT_JOURNAL:
532 case EXEC_OUTPUT_JOURNAL_AND_CONSOLE:
533 r = connect_logger_as(context, o, ident, unit->id, fileno, uid, gid);
534 if (r < 0) {
535 log_unit_error_errno(unit, r, "Failed to connect %s to the journal socket, ignoring: %m", fileno == STDOUT_FILENO ? "stdout" : "stderr");
536 r = open_null_as(O_WRONLY, fileno);
537 }
538 return r;
539
540 case EXEC_OUTPUT_SOCKET:
541 assert(socket_fd >= 0);
542 return dup2(socket_fd, fileno) < 0 ? -errno : fileno;
543
544 default:
545 assert_not_reached("Unknown error type");
546 }
547 }
548
549 static int chown_terminal(int fd, uid_t uid) {
550 struct stat st;
551
552 assert(fd >= 0);
553
554 /* This might fail. What matters are the results. */
555 (void) fchown(fd, uid, -1);
556 (void) fchmod(fd, TTY_MODE);
557
558 if (fstat(fd, &st) < 0)
559 return -errno;
560
561 if (st.st_uid != uid || (st.st_mode & 0777) != TTY_MODE)
562 return -EPERM;
563
564 return 0;
565 }
566
567 static int setup_confirm_stdio(int *_saved_stdin, int *_saved_stdout) {
568 _cleanup_close_ int fd = -1, saved_stdin = -1, saved_stdout = -1;
569 int r;
570
571 assert(_saved_stdin);
572 assert(_saved_stdout);
573
574 saved_stdin = fcntl(STDIN_FILENO, F_DUPFD, 3);
575 if (saved_stdin < 0)
576 return -errno;
577
578 saved_stdout = fcntl(STDOUT_FILENO, F_DUPFD, 3);
579 if (saved_stdout < 0)
580 return -errno;
581
582 fd = acquire_terminal(
583 "/dev/console",
584 false,
585 false,
586 false,
587 DEFAULT_CONFIRM_USEC);
588 if (fd < 0)
589 return fd;
590
591 r = chown_terminal(fd, getuid());
592 if (r < 0)
593 return r;
594
595 r = reset_terminal_fd(fd, true);
596 if (r < 0)
597 return r;
598
599 if (dup2(fd, STDIN_FILENO) < 0)
600 return -errno;
601
602 if (dup2(fd, STDOUT_FILENO) < 0)
603 return -errno;
604
605 if (fd >= 2)
606 safe_close(fd);
607 fd = -1;
608
609 *_saved_stdin = saved_stdin;
610 *_saved_stdout = saved_stdout;
611
612 saved_stdin = saved_stdout = -1;
613
614 return 0;
615 }
616
617 _printf_(1, 2) static int write_confirm_message(const char *format, ...) {
618 _cleanup_close_ int fd = -1;
619 va_list ap;
620
621 assert(format);
622
623 fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
624 if (fd < 0)
625 return fd;
626
627 va_start(ap, format);
628 vdprintf(fd, format, ap);
629 va_end(ap);
630
631 return 0;
632 }
633
634 static int restore_confirm_stdio(int *saved_stdin, int *saved_stdout) {
635 int r = 0;
636
637 assert(saved_stdin);
638 assert(saved_stdout);
639
640 release_terminal();
641
642 if (*saved_stdin >= 0)
643 if (dup2(*saved_stdin, STDIN_FILENO) < 0)
644 r = -errno;
645
646 if (*saved_stdout >= 0)
647 if (dup2(*saved_stdout, STDOUT_FILENO) < 0)
648 r = -errno;
649
650 *saved_stdin = safe_close(*saved_stdin);
651 *saved_stdout = safe_close(*saved_stdout);
652
653 return r;
654 }
655
656 static int ask_for_confirmation(char *response, char **argv) {
657 int saved_stdout = -1, saved_stdin = -1, r;
658 _cleanup_free_ char *line = NULL;
659
660 r = setup_confirm_stdio(&saved_stdin, &saved_stdout);
661 if (r < 0)
662 return r;
663
664 line = exec_command_line(argv);
665 if (!line)
666 return -ENOMEM;
667
668 r = ask_char(response, "yns", "Execute %s? [Yes, No, Skip] ", line);
669
670 restore_confirm_stdio(&saved_stdin, &saved_stdout);
671
672 return r;
673 }
674
675 static int enforce_groups(const ExecContext *context, const char *username, gid_t gid) {
676 bool keep_groups = false;
677 int r;
678
679 assert(context);
680
681 /* Lookup and set GID and supplementary group list. Here too
682 * we avoid NSS lookups for gid=0. */
683
684 if (context->group || username) {
685 /* First step, initialize groups from /etc/groups */
686 if (username && gid != 0) {
687 if (initgroups(username, gid) < 0)
688 return -errno;
689
690 keep_groups = true;
691 }
692
693 /* Second step, set our gids */
694 if (setresgid(gid, gid, gid) < 0)
695 return -errno;
696 }
697
698 if (context->supplementary_groups) {
699 int ngroups_max, k;
700 gid_t *gids;
701 char **i;
702
703 /* Final step, initialize any manually set supplementary groups */
704 assert_se((ngroups_max = (int) sysconf(_SC_NGROUPS_MAX)) > 0);
705
706 if (!(gids = new(gid_t, ngroups_max)))
707 return -ENOMEM;
708
709 if (keep_groups) {
710 k = getgroups(ngroups_max, gids);
711 if (k < 0) {
712 free(gids);
713 return -errno;
714 }
715 } else
716 k = 0;
717
718 STRV_FOREACH(i, context->supplementary_groups) {
719 const char *g;
720
721 if (k >= ngroups_max) {
722 free(gids);
723 return -E2BIG;
724 }
725
726 g = *i;
727 r = get_group_creds(&g, gids+k);
728 if (r < 0) {
729 free(gids);
730 return r;
731 }
732
733 k++;
734 }
735
736 if (setgroups(k, gids) < 0) {
737 free(gids);
738 return -errno;
739 }
740
741 free(gids);
742 }
743
744 return 0;
745 }
746
747 static int enforce_user(const ExecContext *context, uid_t uid) {
748 assert(context);
749
750 /* Sets (but doesn't look up) the uid and make sure we keep the
751 * capabilities while doing so. */
752
753 if (context->capability_ambient_set != 0) {
754
755 /* First step: If we need to keep capabilities but
756 * drop privileges we need to make sure we keep our
757 * caps, while we drop privileges. */
758 if (uid != 0) {
759 int sb = context->secure_bits | 1<<SECURE_KEEP_CAPS;
760
761 if (prctl(PR_GET_SECUREBITS) != sb)
762 if (prctl(PR_SET_SECUREBITS, sb) < 0)
763 return -errno;
764 }
765 }
766
767 /* Second step: actually set the uids */
768 if (setresuid(uid, uid, uid) < 0)
769 return -errno;
770
771 /* At this point we should have all necessary capabilities but
772 are otherwise a normal user. However, the caps might got
773 corrupted due to the setresuid() so we need clean them up
774 later. This is done outside of this call. */
775
776 return 0;
777 }
778
779 #ifdef HAVE_PAM
780
781 static int null_conv(
782 int num_msg,
783 const struct pam_message **msg,
784 struct pam_response **resp,
785 void *appdata_ptr) {
786
787 /* We don't support conversations */
788
789 return PAM_CONV_ERR;
790 }
791
792 static int setup_pam(
793 const char *name,
794 const char *user,
795 uid_t uid,
796 const char *tty,
797 char ***pam_env,
798 int fds[], unsigned n_fds) {
799
800 static const struct pam_conv conv = {
801 .conv = null_conv,
802 .appdata_ptr = NULL
803 };
804
805 _cleanup_(barrier_destroy) Barrier barrier = BARRIER_NULL;
806 pam_handle_t *handle = NULL;
807 sigset_t old_ss;
808 int pam_code = PAM_SUCCESS, r;
809 char **e = NULL;
810 bool close_session = false;
811 pid_t pam_pid = 0, parent_pid;
812 int flags = 0;
813
814 assert(name);
815 assert(user);
816 assert(pam_env);
817
818 /* We set up PAM in the parent process, then fork. The child
819 * will then stay around until killed via PR_GET_PDEATHSIG or
820 * systemd via the cgroup logic. It will then remove the PAM
821 * session again. The parent process will exec() the actual
822 * daemon. We do things this way to ensure that the main PID
823 * of the daemon is the one we initially fork()ed. */
824
825 r = barrier_create(&barrier);
826 if (r < 0)
827 goto fail;
828
829 if (log_get_max_level() < LOG_DEBUG)
830 flags |= PAM_SILENT;
831
832 pam_code = pam_start(name, user, &conv, &handle);
833 if (pam_code != PAM_SUCCESS) {
834 handle = NULL;
835 goto fail;
836 }
837
838 if (tty) {
839 pam_code = pam_set_item(handle, PAM_TTY, tty);
840 if (pam_code != PAM_SUCCESS)
841 goto fail;
842 }
843
844 pam_code = pam_acct_mgmt(handle, flags);
845 if (pam_code != PAM_SUCCESS)
846 goto fail;
847
848 pam_code = pam_open_session(handle, flags);
849 if (pam_code != PAM_SUCCESS)
850 goto fail;
851
852 close_session = true;
853
854 e = pam_getenvlist(handle);
855 if (!e) {
856 pam_code = PAM_BUF_ERR;
857 goto fail;
858 }
859
860 /* Block SIGTERM, so that we know that it won't get lost in
861 * the child */
862
863 assert_se(sigprocmask_many(SIG_BLOCK, &old_ss, SIGTERM, -1) >= 0);
864
865 parent_pid = getpid();
866
867 pam_pid = fork();
868 if (pam_pid < 0) {
869 r = -errno;
870 goto fail;
871 }
872
873 if (pam_pid == 0) {
874 int sig, ret = EXIT_PAM;
875
876 /* The child's job is to reset the PAM session on
877 * termination */
878 barrier_set_role(&barrier, BARRIER_CHILD);
879
880 /* This string must fit in 10 chars (i.e. the length
881 * of "/sbin/init"), to look pretty in /bin/ps */
882 rename_process("(sd-pam)");
883
884 /* Make sure we don't keep open the passed fds in this
885 child. We assume that otherwise only those fds are
886 open here that have been opened by PAM. */
887 close_many(fds, n_fds);
888
889 /* Drop privileges - we don't need any to pam_close_session
890 * and this will make PR_SET_PDEATHSIG work in most cases.
891 * If this fails, ignore the error - but expect sd-pam threads
892 * to fail to exit normally */
893 if (setresuid(uid, uid, uid) < 0)
894 log_error_errno(r, "Error: Failed to setresuid() in sd-pam: %m");
895
896 (void) ignore_signals(SIGPIPE, -1);
897
898 /* Wait until our parent died. This will only work if
899 * the above setresuid() succeeds, otherwise the kernel
900 * will not allow unprivileged parents kill their privileged
901 * children this way. We rely on the control groups kill logic
902 * to do the rest for us. */
903 if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
904 goto child_finish;
905
906 /* Tell the parent that our setup is done. This is especially
907 * important regarding dropping privileges. Otherwise, unit
908 * setup might race against our setresuid(2) call. */
909 barrier_place(&barrier);
910
911 /* Check if our parent process might already have
912 * died? */
913 if (getppid() == parent_pid) {
914 sigset_t ss;
915
916 assert_se(sigemptyset(&ss) >= 0);
917 assert_se(sigaddset(&ss, SIGTERM) >= 0);
918
919 for (;;) {
920 if (sigwait(&ss, &sig) < 0) {
921 if (errno == EINTR)
922 continue;
923
924 goto child_finish;
925 }
926
927 assert(sig == SIGTERM);
928 break;
929 }
930 }
931
932 /* If our parent died we'll end the session */
933 if (getppid() != parent_pid) {
934 pam_code = pam_close_session(handle, flags);
935 if (pam_code != PAM_SUCCESS)
936 goto child_finish;
937 }
938
939 ret = 0;
940
941 child_finish:
942 pam_end(handle, pam_code | flags);
943 _exit(ret);
944 }
945
946 barrier_set_role(&barrier, BARRIER_PARENT);
947
948 /* If the child was forked off successfully it will do all the
949 * cleanups, so forget about the handle here. */
950 handle = NULL;
951
952 /* Unblock SIGTERM again in the parent */
953 assert_se(sigprocmask(SIG_SETMASK, &old_ss, NULL) >= 0);
954
955 /* We close the log explicitly here, since the PAM modules
956 * might have opened it, but we don't want this fd around. */
957 closelog();
958
959 /* Synchronously wait for the child to initialize. We don't care for
960 * errors as we cannot recover. However, warn loudly if it happens. */
961 if (!barrier_place_and_sync(&barrier))
962 log_error("PAM initialization failed");
963
964 *pam_env = e;
965 e = NULL;
966
967 return 0;
968
969 fail:
970 if (pam_code != PAM_SUCCESS) {
971 log_error("PAM failed: %s", pam_strerror(handle, pam_code));
972 r = -EPERM; /* PAM errors do not map to errno */
973 } else
974 log_error_errno(r, "PAM failed: %m");
975
976 if (handle) {
977 if (close_session)
978 pam_code = pam_close_session(handle, flags);
979
980 pam_end(handle, pam_code | flags);
981 }
982
983 strv_free(e);
984 closelog();
985
986 return r;
987 }
988 #endif
989
990 static void rename_process_from_path(const char *path) {
991 char process_name[11];
992 const char *p;
993 size_t l;
994
995 /* This resulting string must fit in 10 chars (i.e. the length
996 * of "/sbin/init") to look pretty in /bin/ps */
997
998 p = basename(path);
999 if (isempty(p)) {
1000 rename_process("(...)");
1001 return;
1002 }
1003
1004 l = strlen(p);
1005 if (l > 8) {
1006 /* The end of the process name is usually more
1007 * interesting, since the first bit might just be
1008 * "systemd-" */
1009 p = p + l - 8;
1010 l = 8;
1011 }
1012
1013 process_name[0] = '(';
1014 memcpy(process_name+1, p, l);
1015 process_name[1+l] = ')';
1016 process_name[1+l+1] = 0;
1017
1018 rename_process(process_name);
1019 }
1020
1021 #ifdef HAVE_SECCOMP
1022
1023 static int apply_seccomp(const ExecContext *c) {
1024 uint32_t negative_action, action;
1025 scmp_filter_ctx *seccomp;
1026 Iterator i;
1027 void *id;
1028 int r;
1029
1030 assert(c);
1031
1032 negative_action = c->syscall_errno == 0 ? SCMP_ACT_KILL : SCMP_ACT_ERRNO(c->syscall_errno);
1033
1034 seccomp = seccomp_init(c->syscall_whitelist ? negative_action : SCMP_ACT_ALLOW);
1035 if (!seccomp)
1036 return -ENOMEM;
1037
1038 if (c->syscall_archs) {
1039
1040 SET_FOREACH(id, c->syscall_archs, i) {
1041 r = seccomp_arch_add(seccomp, PTR_TO_UINT32(id) - 1);
1042 if (r == -EEXIST)
1043 continue;
1044 if (r < 0)
1045 goto finish;
1046 }
1047
1048 } else {
1049 r = seccomp_add_secondary_archs(seccomp);
1050 if (r < 0)
1051 goto finish;
1052 }
1053
1054 action = c->syscall_whitelist ? SCMP_ACT_ALLOW : negative_action;
1055 SET_FOREACH(id, c->syscall_filter, i) {
1056 r = seccomp_rule_add(seccomp, action, PTR_TO_INT(id) - 1, 0);
1057 if (r < 0)
1058 goto finish;
1059 }
1060
1061 r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);
1062 if (r < 0)
1063 goto finish;
1064
1065 r = seccomp_load(seccomp);
1066
1067 finish:
1068 seccomp_release(seccomp);
1069 return r;
1070 }
1071
1072 static int apply_address_families(const ExecContext *c) {
1073 scmp_filter_ctx *seccomp;
1074 Iterator i;
1075 int r;
1076
1077 assert(c);
1078
1079 seccomp = seccomp_init(SCMP_ACT_ALLOW);
1080 if (!seccomp)
1081 return -ENOMEM;
1082
1083 r = seccomp_add_secondary_archs(seccomp);
1084 if (r < 0)
1085 goto finish;
1086
1087 if (c->address_families_whitelist) {
1088 int af, first = 0, last = 0;
1089 void *afp;
1090
1091 /* If this is a whitelist, we first block the address
1092 * families that are out of range and then everything
1093 * that is not in the set. First, we find the lowest
1094 * and highest address family in the set. */
1095
1096 SET_FOREACH(afp, c->address_families, i) {
1097 af = PTR_TO_INT(afp);
1098
1099 if (af <= 0 || af >= af_max())
1100 continue;
1101
1102 if (first == 0 || af < first)
1103 first = af;
1104
1105 if (last == 0 || af > last)
1106 last = af;
1107 }
1108
1109 assert((first == 0) == (last == 0));
1110
1111 if (first == 0) {
1112
1113 /* No entries in the valid range, block everything */
1114 r = seccomp_rule_add(
1115 seccomp,
1116 SCMP_ACT_ERRNO(EPROTONOSUPPORT),
1117 SCMP_SYS(socket),
1118 0);
1119 if (r < 0)
1120 goto finish;
1121
1122 } else {
1123
1124 /* Block everything below the first entry */
1125 r = seccomp_rule_add(
1126 seccomp,
1127 SCMP_ACT_ERRNO(EPROTONOSUPPORT),
1128 SCMP_SYS(socket),
1129 1,
1130 SCMP_A0(SCMP_CMP_LT, first));
1131 if (r < 0)
1132 goto finish;
1133
1134 /* Block everything above the last entry */
1135 r = seccomp_rule_add(
1136 seccomp,
1137 SCMP_ACT_ERRNO(EPROTONOSUPPORT),
1138 SCMP_SYS(socket),
1139 1,
1140 SCMP_A0(SCMP_CMP_GT, last));
1141 if (r < 0)
1142 goto finish;
1143
1144 /* Block everything between the first and last
1145 * entry */
1146 for (af = 1; af < af_max(); af++) {
1147
1148 if (set_contains(c->address_families, INT_TO_PTR(af)))
1149 continue;
1150
1151 r = seccomp_rule_add(
1152 seccomp,
1153 SCMP_ACT_ERRNO(EPROTONOSUPPORT),
1154 SCMP_SYS(socket),
1155 1,
1156 SCMP_A0(SCMP_CMP_EQ, af));
1157 if (r < 0)
1158 goto finish;
1159 }
1160 }
1161
1162 } else {
1163 void *af;
1164
1165 /* If this is a blacklist, then generate one rule for
1166 * each address family that are then combined in OR
1167 * checks. */
1168
1169 SET_FOREACH(af, c->address_families, i) {
1170
1171 r = seccomp_rule_add(
1172 seccomp,
1173 SCMP_ACT_ERRNO(EPROTONOSUPPORT),
1174 SCMP_SYS(socket),
1175 1,
1176 SCMP_A0(SCMP_CMP_EQ, PTR_TO_INT(af)));
1177 if (r < 0)
1178 goto finish;
1179 }
1180 }
1181
1182 r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);
1183 if (r < 0)
1184 goto finish;
1185
1186 r = seccomp_load(seccomp);
1187
1188 finish:
1189 seccomp_release(seccomp);
1190 return r;
1191 }
1192
1193 #endif
1194
1195 static void do_idle_pipe_dance(int idle_pipe[4]) {
1196 assert(idle_pipe);
1197
1198
1199 idle_pipe[1] = safe_close(idle_pipe[1]);
1200 idle_pipe[2] = safe_close(idle_pipe[2]);
1201
1202 if (idle_pipe[0] >= 0) {
1203 int r;
1204
1205 r = fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT_USEC);
1206
1207 if (idle_pipe[3] >= 0 && r == 0 /* timeout */) {
1208 ssize_t n;
1209
1210 /* Signal systemd that we are bored and want to continue. */
1211 n = write(idle_pipe[3], "x", 1);
1212 if (n > 0)
1213 /* Wait for systemd to react to the signal above. */
1214 fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT2_USEC);
1215 }
1216
1217 idle_pipe[0] = safe_close(idle_pipe[0]);
1218
1219 }
1220
1221 idle_pipe[3] = safe_close(idle_pipe[3]);
1222 }
1223
1224 static int build_environment(
1225 const ExecContext *c,
1226 const ExecParameters *p,
1227 unsigned n_fds,
1228 const char *home,
1229 const char *username,
1230 const char *shell,
1231 char ***ret) {
1232
1233 _cleanup_strv_free_ char **our_env = NULL;
1234 unsigned n_env = 0;
1235 char *x;
1236
1237 assert(c);
1238 assert(ret);
1239
1240 our_env = new0(char*, 11);
1241 if (!our_env)
1242 return -ENOMEM;
1243
1244 if (n_fds > 0) {
1245 _cleanup_free_ char *joined = NULL;
1246
1247 if (asprintf(&x, "LISTEN_PID="PID_FMT, getpid()) < 0)
1248 return -ENOMEM;
1249 our_env[n_env++] = x;
1250
1251 if (asprintf(&x, "LISTEN_FDS=%u", n_fds) < 0)
1252 return -ENOMEM;
1253 our_env[n_env++] = x;
1254
1255 joined = strv_join(p->fd_names, ":");
1256 if (!joined)
1257 return -ENOMEM;
1258
1259 x = strjoin("LISTEN_FDNAMES=", joined, NULL);
1260 if (!x)
1261 return -ENOMEM;
1262 our_env[n_env++] = x;
1263 }
1264
1265 if (p->watchdog_usec > 0) {
1266 if (asprintf(&x, "WATCHDOG_PID="PID_FMT, getpid()) < 0)
1267 return -ENOMEM;
1268 our_env[n_env++] = x;
1269
1270 if (asprintf(&x, "WATCHDOG_USEC="USEC_FMT, p->watchdog_usec) < 0)
1271 return -ENOMEM;
1272 our_env[n_env++] = x;
1273 }
1274
1275 if (home) {
1276 x = strappend("HOME=", home);
1277 if (!x)
1278 return -ENOMEM;
1279 our_env[n_env++] = x;
1280 }
1281
1282 if (username) {
1283 x = strappend("LOGNAME=", username);
1284 if (!x)
1285 return -ENOMEM;
1286 our_env[n_env++] = x;
1287
1288 x = strappend("USER=", username);
1289 if (!x)
1290 return -ENOMEM;
1291 our_env[n_env++] = x;
1292 }
1293
1294 if (shell) {
1295 x = strappend("SHELL=", shell);
1296 if (!x)
1297 return -ENOMEM;
1298 our_env[n_env++] = x;
1299 }
1300
1301 if (is_terminal_input(c->std_input) ||
1302 c->std_output == EXEC_OUTPUT_TTY ||
1303 c->std_error == EXEC_OUTPUT_TTY ||
1304 c->tty_path) {
1305
1306 x = strdup(default_term_for_tty(exec_context_tty_path(c)));
1307 if (!x)
1308 return -ENOMEM;
1309 our_env[n_env++] = x;
1310 }
1311
1312 our_env[n_env++] = NULL;
1313 assert(n_env <= 11);
1314
1315 *ret = our_env;
1316 our_env = NULL;
1317
1318 return 0;
1319 }
1320
1321 static int build_pass_environment(const ExecContext *c, char ***ret) {
1322 _cleanup_strv_free_ char **pass_env = NULL;
1323 size_t n_env = 0, n_bufsize = 0;
1324 char **i;
1325
1326 STRV_FOREACH(i, c->pass_environment) {
1327 _cleanup_free_ char *x = NULL;
1328 char *v;
1329
1330 v = getenv(*i);
1331 if (!v)
1332 continue;
1333 x = strjoin(*i, "=", v, NULL);
1334 if (!x)
1335 return -ENOMEM;
1336 if (!GREEDY_REALLOC(pass_env, n_bufsize, n_env + 2))
1337 return -ENOMEM;
1338 pass_env[n_env++] = x;
1339 pass_env[n_env] = NULL;
1340 x = NULL;
1341 }
1342
1343 *ret = pass_env;
1344 pass_env = NULL;
1345
1346 return 0;
1347 }
1348
1349 static bool exec_needs_mount_namespace(
1350 const ExecContext *context,
1351 const ExecParameters *params,
1352 ExecRuntime *runtime) {
1353
1354 assert(context);
1355 assert(params);
1356
1357 if (!strv_isempty(context->read_write_dirs) ||
1358 !strv_isempty(context->read_only_dirs) ||
1359 !strv_isempty(context->inaccessible_dirs))
1360 return true;
1361
1362 if (context->mount_flags != 0)
1363 return true;
1364
1365 if (context->private_tmp && runtime && (runtime->tmp_dir || runtime->var_tmp_dir))
1366 return true;
1367
1368 if (context->private_devices ||
1369 context->protect_system != PROTECT_SYSTEM_NO ||
1370 context->protect_home != PROTECT_HOME_NO)
1371 return true;
1372
1373 return false;
1374 }
1375
1376 static int close_remaining_fds(
1377 const ExecParameters *params,
1378 ExecRuntime *runtime,
1379 int socket_fd,
1380 int *fds, unsigned n_fds) {
1381
1382 unsigned n_dont_close = 0;
1383 int dont_close[n_fds + 7];
1384
1385 assert(params);
1386
1387 if (params->stdin_fd >= 0)
1388 dont_close[n_dont_close++] = params->stdin_fd;
1389 if (params->stdout_fd >= 0)
1390 dont_close[n_dont_close++] = params->stdout_fd;
1391 if (params->stderr_fd >= 0)
1392 dont_close[n_dont_close++] = params->stderr_fd;
1393
1394 if (socket_fd >= 0)
1395 dont_close[n_dont_close++] = socket_fd;
1396 if (n_fds > 0) {
1397 memcpy(dont_close + n_dont_close, fds, sizeof(int) * n_fds);
1398 n_dont_close += n_fds;
1399 }
1400
1401 if (runtime) {
1402 if (runtime->netns_storage_socket[0] >= 0)
1403 dont_close[n_dont_close++] = runtime->netns_storage_socket[0];
1404 if (runtime->netns_storage_socket[1] >= 0)
1405 dont_close[n_dont_close++] = runtime->netns_storage_socket[1];
1406 }
1407
1408 return close_all_fds(dont_close, n_dont_close);
1409 }
1410
1411 static int exec_child(
1412 Unit *unit,
1413 ExecCommand *command,
1414 const ExecContext *context,
1415 const ExecParameters *params,
1416 ExecRuntime *runtime,
1417 char **argv,
1418 int socket_fd,
1419 int *fds, unsigned n_fds,
1420 char **files_env,
1421 int *exit_status) {
1422
1423 _cleanup_strv_free_ char **our_env = NULL, **pass_env = NULL, **pam_env = NULL, **final_env = NULL, **final_argv = NULL;
1424 _cleanup_free_ char *mac_selinux_context_net = NULL;
1425 const char *username = NULL, *home = NULL, *shell = NULL, *wd;
1426 uid_t uid = UID_INVALID;
1427 gid_t gid = GID_INVALID;
1428 int i, r;
1429 bool needs_mount_namespace;
1430
1431 assert(unit);
1432 assert(command);
1433 assert(context);
1434 assert(params);
1435 assert(exit_status);
1436
1437 rename_process_from_path(command->path);
1438
1439 /* We reset exactly these signals, since they are the
1440 * only ones we set to SIG_IGN in the main daemon. All
1441 * others we leave untouched because we set them to
1442 * SIG_DFL or a valid handler initially, both of which
1443 * will be demoted to SIG_DFL. */
1444 (void) default_signals(SIGNALS_CRASH_HANDLER,
1445 SIGNALS_IGNORE, -1);
1446
1447 if (context->ignore_sigpipe)
1448 (void) ignore_signals(SIGPIPE, -1);
1449
1450 r = reset_signal_mask();
1451 if (r < 0) {
1452 *exit_status = EXIT_SIGNAL_MASK;
1453 return r;
1454 }
1455
1456 if (params->idle_pipe)
1457 do_idle_pipe_dance(params->idle_pipe);
1458
1459 /* Close sockets very early to make sure we don't
1460 * block init reexecution because it cannot bind its
1461 * sockets */
1462
1463 log_forget_fds();
1464
1465 r = close_remaining_fds(params, runtime, socket_fd, fds, n_fds);
1466 if (r < 0) {
1467 *exit_status = EXIT_FDS;
1468 return r;
1469 }
1470
1471 if (!context->same_pgrp)
1472 if (setsid() < 0) {
1473 *exit_status = EXIT_SETSID;
1474 return -errno;
1475 }
1476
1477 exec_context_tty_reset(context, params);
1478
1479 if (params->confirm_spawn) {
1480 char response;
1481
1482 r = ask_for_confirmation(&response, argv);
1483 if (r == -ETIMEDOUT)
1484 write_confirm_message("Confirmation question timed out, assuming positive response.\n");
1485 else if (r < 0)
1486 write_confirm_message("Couldn't ask confirmation question, assuming positive response: %s\n", strerror(-r));
1487 else if (response == 's') {
1488 write_confirm_message("Skipping execution.\n");
1489 *exit_status = EXIT_CONFIRM;
1490 return -ECANCELED;
1491 } else if (response == 'n') {
1492 write_confirm_message("Failing execution.\n");
1493 *exit_status = 0;
1494 return 0;
1495 }
1496 }
1497
1498 if (context->user) {
1499 username = context->user;
1500 r = get_user_creds(&username, &uid, &gid, &home, &shell);
1501 if (r < 0) {
1502 *exit_status = EXIT_USER;
1503 return r;
1504 }
1505 }
1506
1507 if (context->group) {
1508 const char *g = context->group;
1509
1510 r = get_group_creds(&g, &gid);
1511 if (r < 0) {
1512 *exit_status = EXIT_GROUP;
1513 return r;
1514 }
1515 }
1516
1517
1518 /* If a socket is connected to STDIN/STDOUT/STDERR, we
1519 * must sure to drop O_NONBLOCK */
1520 if (socket_fd >= 0)
1521 (void) fd_nonblock(socket_fd, false);
1522
1523 r = setup_input(context, params, socket_fd);
1524 if (r < 0) {
1525 *exit_status = EXIT_STDIN;
1526 return r;
1527 }
1528
1529 r = setup_output(unit, context, params, STDOUT_FILENO, socket_fd, basename(command->path), uid, gid);
1530 if (r < 0) {
1531 *exit_status = EXIT_STDOUT;
1532 return r;
1533 }
1534
1535 r = setup_output(unit, context, params, STDERR_FILENO, socket_fd, basename(command->path), uid, gid);
1536 if (r < 0) {
1537 *exit_status = EXIT_STDERR;
1538 return r;
1539 }
1540
1541 if (params->cgroup_path) {
1542 r = cg_attach_everywhere(params->cgroup_supported, params->cgroup_path, 0, NULL, NULL);
1543 if (r < 0) {
1544 *exit_status = EXIT_CGROUP;
1545 return r;
1546 }
1547 }
1548
1549 if (context->oom_score_adjust_set) {
1550 char t[DECIMAL_STR_MAX(context->oom_score_adjust)];
1551
1552 /* When we can't make this change due to EPERM, then
1553 * let's silently skip over it. User namespaces
1554 * prohibit write access to this file, and we
1555 * shouldn't trip up over that. */
1556
1557 sprintf(t, "%i", context->oom_score_adjust);
1558 r = write_string_file("/proc/self/oom_score_adj", t, 0);
1559 if (r == -EPERM || r == -EACCES) {
1560 log_open();
1561 log_unit_debug_errno(unit, r, "Failed to adjust OOM setting, assuming containerized execution, ignoring: %m");
1562 log_close();
1563 } else if (r < 0) {
1564 *exit_status = EXIT_OOM_ADJUST;
1565 return -errno;
1566 }
1567 }
1568
1569 if (context->nice_set)
1570 if (setpriority(PRIO_PROCESS, 0, context->nice) < 0) {
1571 *exit_status = EXIT_NICE;
1572 return -errno;
1573 }
1574
1575 if (context->cpu_sched_set) {
1576 struct sched_param param = {
1577 .sched_priority = context->cpu_sched_priority,
1578 };
1579
1580 r = sched_setscheduler(0,
1581 context->cpu_sched_policy |
1582 (context->cpu_sched_reset_on_fork ?
1583 SCHED_RESET_ON_FORK : 0),
1584 &param);
1585 if (r < 0) {
1586 *exit_status = EXIT_SETSCHEDULER;
1587 return -errno;
1588 }
1589 }
1590
1591 if (context->cpuset)
1592 if (sched_setaffinity(0, CPU_ALLOC_SIZE(context->cpuset_ncpus), context->cpuset) < 0) {
1593 *exit_status = EXIT_CPUAFFINITY;
1594 return -errno;
1595 }
1596
1597 if (context->ioprio_set)
1598 if (ioprio_set(IOPRIO_WHO_PROCESS, 0, context->ioprio) < 0) {
1599 *exit_status = EXIT_IOPRIO;
1600 return -errno;
1601 }
1602
1603 if (context->timer_slack_nsec != NSEC_INFINITY)
1604 if (prctl(PR_SET_TIMERSLACK, context->timer_slack_nsec) < 0) {
1605 *exit_status = EXIT_TIMERSLACK;
1606 return -errno;
1607 }
1608
1609 if (context->personality != PERSONALITY_INVALID)
1610 if (personality(context->personality) < 0) {
1611 *exit_status = EXIT_PERSONALITY;
1612 return -errno;
1613 }
1614
1615 if (context->utmp_id)
1616 utmp_put_init_process(context->utmp_id, getpid(), getsid(0), context->tty_path,
1617 context->utmp_mode == EXEC_UTMP_INIT ? INIT_PROCESS :
1618 context->utmp_mode == EXEC_UTMP_LOGIN ? LOGIN_PROCESS :
1619 USER_PROCESS,
1620 username ? "root" : context->user);
1621
1622 if (context->user && is_terminal_input(context->std_input)) {
1623 r = chown_terminal(STDIN_FILENO, uid);
1624 if (r < 0) {
1625 *exit_status = EXIT_STDIN;
1626 return r;
1627 }
1628 }
1629
1630 /* If delegation is enabled we'll pass ownership of the cgroup
1631 * (but only in systemd's own controller hierarchy!) to the
1632 * user of the new process. */
1633 if (params->cgroup_path && context->user && params->cgroup_delegate) {
1634 r = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER, params->cgroup_path, 0644, uid, gid);
1635 if (r < 0) {
1636 *exit_status = EXIT_CGROUP;
1637 return r;
1638 }
1639
1640
1641 r = cg_set_group_access(SYSTEMD_CGROUP_CONTROLLER, params->cgroup_path, 0755, uid, gid);
1642 if (r < 0) {
1643 *exit_status = EXIT_CGROUP;
1644 return r;
1645 }
1646 }
1647
1648 if (!strv_isempty(context->runtime_directory) && params->runtime_prefix) {
1649 char **rt;
1650
1651 STRV_FOREACH(rt, context->runtime_directory) {
1652 _cleanup_free_ char *p;
1653
1654 p = strjoin(params->runtime_prefix, "/", *rt, NULL);
1655 if (!p) {
1656 *exit_status = EXIT_RUNTIME_DIRECTORY;
1657 return -ENOMEM;
1658 }
1659
1660 r = mkdir_p_label(p, context->runtime_directory_mode);
1661 if (r < 0) {
1662 *exit_status = EXIT_RUNTIME_DIRECTORY;
1663 return r;
1664 }
1665
1666 r = chmod_and_chown(p, context->runtime_directory_mode, uid, gid);
1667 if (r < 0) {
1668 *exit_status = EXIT_RUNTIME_DIRECTORY;
1669 return r;
1670 }
1671 }
1672 }
1673
1674 umask(context->umask);
1675
1676 if (params->apply_permissions) {
1677 r = enforce_groups(context, username, gid);
1678 if (r < 0) {
1679 *exit_status = EXIT_GROUP;
1680 return r;
1681 }
1682 #ifdef HAVE_SMACK
1683 if (context->smack_process_label) {
1684 r = mac_smack_apply_pid(0, context->smack_process_label);
1685 if (r < 0) {
1686 *exit_status = EXIT_SMACK_PROCESS_LABEL;
1687 return r;
1688 }
1689 }
1690 #ifdef SMACK_DEFAULT_PROCESS_LABEL
1691 else {
1692 _cleanup_free_ char *exec_label = NULL;
1693
1694 r = mac_smack_read(command->path, SMACK_ATTR_EXEC, &exec_label);
1695 if (r < 0 && r != -ENODATA && r != -EOPNOTSUPP) {
1696 *exit_status = EXIT_SMACK_PROCESS_LABEL;
1697 return r;
1698 }
1699
1700 r = mac_smack_apply_pid(0, exec_label ? : SMACK_DEFAULT_PROCESS_LABEL);
1701 if (r < 0) {
1702 *exit_status = EXIT_SMACK_PROCESS_LABEL;
1703 return r;
1704 }
1705 }
1706 #endif
1707 #endif
1708 #ifdef HAVE_PAM
1709 if (context->pam_name && username) {
1710 r = setup_pam(context->pam_name, username, uid, context->tty_path, &pam_env, fds, n_fds);
1711 if (r < 0) {
1712 *exit_status = EXIT_PAM;
1713 return r;
1714 }
1715 }
1716 #endif
1717 }
1718
1719 if (context->private_network && runtime && runtime->netns_storage_socket[0] >= 0) {
1720 r = setup_netns(runtime->netns_storage_socket);
1721 if (r < 0) {
1722 *exit_status = EXIT_NETWORK;
1723 return r;
1724 }
1725 }
1726
1727 needs_mount_namespace = exec_needs_mount_namespace(context, params, runtime);
1728
1729 if (needs_mount_namespace) {
1730 char *tmp = NULL, *var = NULL;
1731
1732 /* The runtime struct only contains the parent
1733 * of the private /tmp, which is
1734 * non-accessible to world users. Inside of it
1735 * there's a /tmp that is sticky, and that's
1736 * the one we want to use here. */
1737
1738 if (context->private_tmp && runtime) {
1739 if (runtime->tmp_dir)
1740 tmp = strjoina(runtime->tmp_dir, "/tmp");
1741 if (runtime->var_tmp_dir)
1742 var = strjoina(runtime->var_tmp_dir, "/tmp");
1743 }
1744
1745 r = setup_namespace(
1746 params->apply_chroot ? context->root_directory : NULL,
1747 context->read_write_dirs,
1748 context->read_only_dirs,
1749 context->inaccessible_dirs,
1750 tmp,
1751 var,
1752 context->private_devices,
1753 context->protect_home,
1754 context->protect_system,
1755 context->mount_flags);
1756
1757 /* If we couldn't set up the namespace this is
1758 * probably due to a missing capability. In this case,
1759 * silently proceeed. */
1760 if (r == -EPERM || r == -EACCES) {
1761 log_open();
1762 log_unit_debug_errno(unit, r, "Failed to set up namespace, assuming containerized execution, ignoring: %m");
1763 log_close();
1764 } else if (r < 0) {
1765 *exit_status = EXIT_NAMESPACE;
1766 return r;
1767 }
1768 }
1769
1770 if (context->working_directory_home)
1771 wd = home;
1772 else if (context->working_directory)
1773 wd = context->working_directory;
1774 else
1775 wd = "/";
1776
1777 if (params->apply_chroot) {
1778 if (!needs_mount_namespace && context->root_directory)
1779 if (chroot(context->root_directory) < 0) {
1780 *exit_status = EXIT_CHROOT;
1781 return -errno;
1782 }
1783
1784 if (chdir(wd) < 0 &&
1785 !context->working_directory_missing_ok) {
1786 *exit_status = EXIT_CHDIR;
1787 return -errno;
1788 }
1789 } else {
1790 const char *d;
1791
1792 d = strjoina(strempty(context->root_directory), "/", strempty(wd));
1793 if (chdir(d) < 0 &&
1794 !context->working_directory_missing_ok) {
1795 *exit_status = EXIT_CHDIR;
1796 return -errno;
1797 }
1798 }
1799
1800 #ifdef HAVE_SELINUX
1801 if (params->apply_permissions && mac_selinux_use() && params->selinux_context_net && socket_fd >= 0) {
1802 r = mac_selinux_get_child_mls_label(socket_fd, command->path, context->selinux_context, &mac_selinux_context_net);
1803 if (r < 0) {
1804 *exit_status = EXIT_SELINUX_CONTEXT;
1805 return r;
1806 }
1807 }
1808 #endif
1809
1810 /* We repeat the fd closing here, to make sure that
1811 * nothing is leaked from the PAM modules. Note that
1812 * we are more aggressive this time since socket_fd
1813 * and the netns fds we don't need anymore. The custom
1814 * endpoint fd was needed to upload the policy and can
1815 * now be closed as well. */
1816 r = close_all_fds(fds, n_fds);
1817 if (r >= 0)
1818 r = shift_fds(fds, n_fds);
1819 if (r >= 0)
1820 r = flags_fds(fds, n_fds, context->non_blocking);
1821 if (r < 0) {
1822 *exit_status = EXIT_FDS;
1823 return r;
1824 }
1825
1826 if (params->apply_permissions) {
1827
1828 bool use_address_families = context->address_families_whitelist ||
1829 !set_isempty(context->address_families);
1830 bool use_syscall_filter = context->syscall_whitelist ||
1831 !set_isempty(context->syscall_filter) ||
1832 !set_isempty(context->syscall_archs);
1833 int secure_bits = context->secure_bits;
1834
1835 for (i = 0; i < _RLIMIT_MAX; i++) {
1836 if (!context->rlimit[i])
1837 continue;
1838
1839 if (setrlimit_closest(i, context->rlimit[i]) < 0) {
1840 *exit_status = EXIT_LIMITS;
1841 return -errno;
1842 }
1843 }
1844
1845 if (!cap_test_all(context->capability_bounding_set)) {
1846 r = capability_bounding_set_drop(context->capability_bounding_set, false);
1847 if (r < 0) {
1848 *exit_status = EXIT_CAPABILITIES;
1849 return r;
1850 }
1851 }
1852
1853 /* This is done before enforce_user, but ambient set
1854 * does not survive over setresuid() if keep_caps is not set. */
1855 if (context->capability_ambient_set != 0) {
1856 r = capability_ambient_set_apply(context->capability_ambient_set, true);
1857 if (r < 0) {
1858 *exit_status = EXIT_CAPABILITIES;
1859 return r;
1860 }
1861 }
1862
1863 if (context->user) {
1864 r = enforce_user(context, uid);
1865 if (r < 0) {
1866 *exit_status = EXIT_USER;
1867 return r;
1868 }
1869 if (context->capability_ambient_set != 0) {
1870
1871 /* Fix the ambient capabilities after user change. */
1872 r = capability_ambient_set_apply(context->capability_ambient_set, false);
1873 if (r < 0) {
1874 *exit_status = EXIT_CAPABILITIES;
1875 return r;
1876 }
1877
1878 /* If we were asked to change user and ambient capabilities
1879 * were requested, we had to add keep-caps to the securebits
1880 * so that we would maintain the inherited capability set
1881 * through the setresuid(). Make sure that the bit is added
1882 * also to the context secure_bits so that we don't try to
1883 * drop the bit away next. */
1884
1885 secure_bits |= 1<<SECURE_KEEP_CAPS;
1886 }
1887 }
1888
1889 /* PR_GET_SECUREBITS is not privileged, while
1890 * PR_SET_SECUREBITS is. So to suppress
1891 * potential EPERMs we'll try not to call
1892 * PR_SET_SECUREBITS unless necessary. */
1893 if (prctl(PR_GET_SECUREBITS) != secure_bits)
1894 if (prctl(PR_SET_SECUREBITS, secure_bits) < 0) {
1895 *exit_status = EXIT_SECUREBITS;
1896 return -errno;
1897 }
1898
1899 if (context->no_new_privileges ||
1900 (!have_effective_cap(CAP_SYS_ADMIN) && (use_address_families || use_syscall_filter)))
1901 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
1902 *exit_status = EXIT_NO_NEW_PRIVILEGES;
1903 return -errno;
1904 }
1905
1906 #ifdef HAVE_SECCOMP
1907 if (use_address_families) {
1908 r = apply_address_families(context);
1909 if (r < 0) {
1910 *exit_status = EXIT_ADDRESS_FAMILIES;
1911 return r;
1912 }
1913 }
1914
1915 if (use_syscall_filter) {
1916 r = apply_seccomp(context);
1917 if (r < 0) {
1918 *exit_status = EXIT_SECCOMP;
1919 return r;
1920 }
1921 }
1922 #endif
1923
1924 #ifdef HAVE_SELINUX
1925 if (mac_selinux_use()) {
1926 char *exec_context = mac_selinux_context_net ?: context->selinux_context;
1927
1928 if (exec_context) {
1929 r = setexeccon(exec_context);
1930 if (r < 0) {
1931 *exit_status = EXIT_SELINUX_CONTEXT;
1932 return r;
1933 }
1934 }
1935 }
1936 #endif
1937
1938 #ifdef HAVE_APPARMOR
1939 if (context->apparmor_profile && mac_apparmor_use()) {
1940 r = aa_change_onexec(context->apparmor_profile);
1941 if (r < 0 && !context->apparmor_profile_ignore) {
1942 *exit_status = EXIT_APPARMOR_PROFILE;
1943 return -errno;
1944 }
1945 }
1946 #endif
1947 }
1948
1949 r = build_environment(context, params, n_fds, home, username, shell, &our_env);
1950 if (r < 0) {
1951 *exit_status = EXIT_MEMORY;
1952 return r;
1953 }
1954
1955 r = build_pass_environment(context, &pass_env);
1956 if (r < 0) {
1957 *exit_status = EXIT_MEMORY;
1958 return r;
1959 }
1960
1961 final_env = strv_env_merge(6,
1962 params->environment,
1963 our_env,
1964 pass_env,
1965 context->environment,
1966 files_env,
1967 pam_env,
1968 NULL);
1969 if (!final_env) {
1970 *exit_status = EXIT_MEMORY;
1971 return -ENOMEM;
1972 }
1973
1974 final_argv = replace_env_argv(argv, final_env);
1975 if (!final_argv) {
1976 *exit_status = EXIT_MEMORY;
1977 return -ENOMEM;
1978 }
1979
1980 final_env = strv_env_clean(final_env);
1981
1982 if (_unlikely_(log_get_max_level() >= LOG_DEBUG)) {
1983 _cleanup_free_ char *line;
1984
1985 line = exec_command_line(final_argv);
1986 if (line) {
1987 log_open();
1988 log_struct(LOG_DEBUG,
1989 LOG_UNIT_ID(unit),
1990 "EXECUTABLE=%s", command->path,
1991 LOG_UNIT_MESSAGE(unit, "Executing: %s", line),
1992 NULL);
1993 log_close();
1994 }
1995 }
1996
1997 execve(command->path, final_argv, final_env);
1998 *exit_status = EXIT_EXEC;
1999 return -errno;
2000 }
2001
2002 int exec_spawn(Unit *unit,
2003 ExecCommand *command,
2004 const ExecContext *context,
2005 const ExecParameters *params,
2006 ExecRuntime *runtime,
2007 pid_t *ret) {
2008
2009 _cleanup_strv_free_ char **files_env = NULL;
2010 int *fds = NULL; unsigned n_fds = 0;
2011 _cleanup_free_ char *line = NULL;
2012 int socket_fd, r;
2013 char **argv;
2014 pid_t pid;
2015
2016 assert(unit);
2017 assert(command);
2018 assert(context);
2019 assert(ret);
2020 assert(params);
2021 assert(params->fds || params->n_fds <= 0);
2022
2023 if (context->std_input == EXEC_INPUT_SOCKET ||
2024 context->std_output == EXEC_OUTPUT_SOCKET ||
2025 context->std_error == EXEC_OUTPUT_SOCKET) {
2026
2027 if (params->n_fds != 1) {
2028 log_unit_error(unit, "Got more than one socket.");
2029 return -EINVAL;
2030 }
2031
2032 socket_fd = params->fds[0];
2033 } else {
2034 socket_fd = -1;
2035 fds = params->fds;
2036 n_fds = params->n_fds;
2037 }
2038
2039 r = exec_context_load_environment(unit, context, &files_env);
2040 if (r < 0)
2041 return log_unit_error_errno(unit, r, "Failed to load environment files: %m");
2042
2043 argv = params->argv ?: command->argv;
2044 line = exec_command_line(argv);
2045 if (!line)
2046 return log_oom();
2047
2048 log_struct(LOG_DEBUG,
2049 LOG_UNIT_ID(unit),
2050 LOG_UNIT_MESSAGE(unit, "About to execute: %s", line),
2051 "EXECUTABLE=%s", command->path,
2052 NULL);
2053 pid = fork();
2054 if (pid < 0)
2055 return log_unit_error_errno(unit, errno, "Failed to fork: %m");
2056
2057 if (pid == 0) {
2058 int exit_status;
2059
2060 r = exec_child(unit,
2061 command,
2062 context,
2063 params,
2064 runtime,
2065 argv,
2066 socket_fd,
2067 fds, n_fds,
2068 files_env,
2069 &exit_status);
2070 if (r < 0) {
2071 log_open();
2072 log_struct_errno(LOG_ERR, r,
2073 LOG_MESSAGE_ID(SD_MESSAGE_SPAWN_FAILED),
2074 LOG_UNIT_ID(unit),
2075 LOG_UNIT_MESSAGE(unit, "Failed at step %s spawning %s: %m",
2076 exit_status_to_string(exit_status, EXIT_STATUS_SYSTEMD),
2077 command->path),
2078 "EXECUTABLE=%s", command->path,
2079 NULL);
2080 }
2081
2082 _exit(exit_status);
2083 }
2084
2085 log_unit_debug(unit, "Forked %s as "PID_FMT, command->path, pid);
2086
2087 /* We add the new process to the cgroup both in the child (so
2088 * that we can be sure that no user code is ever executed
2089 * outside of the cgroup) and in the parent (so that we can be
2090 * sure that when we kill the cgroup the process will be
2091 * killed too). */
2092 if (params->cgroup_path)
2093 (void) cg_attach(SYSTEMD_CGROUP_CONTROLLER, params->cgroup_path, pid);
2094
2095 exec_status_start(&command->exec_status, pid);
2096
2097 *ret = pid;
2098 return 0;
2099 }
2100
2101 void exec_context_init(ExecContext *c) {
2102 assert(c);
2103
2104 c->umask = 0022;
2105 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
2106 c->cpu_sched_policy = SCHED_OTHER;
2107 c->syslog_priority = LOG_DAEMON|LOG_INFO;
2108 c->syslog_level_prefix = true;
2109 c->ignore_sigpipe = true;
2110 c->timer_slack_nsec = NSEC_INFINITY;
2111 c->personality = PERSONALITY_INVALID;
2112 c->runtime_directory_mode = 0755;
2113 c->capability_bounding_set = CAP_ALL;
2114 }
2115
2116 void exec_context_done(ExecContext *c) {
2117 unsigned l;
2118
2119 assert(c);
2120
2121 c->environment = strv_free(c->environment);
2122 c->environment_files = strv_free(c->environment_files);
2123 c->pass_environment = strv_free(c->pass_environment);
2124
2125 for (l = 0; l < ELEMENTSOF(c->rlimit); l++)
2126 c->rlimit[l] = mfree(c->rlimit[l]);
2127
2128 c->working_directory = mfree(c->working_directory);
2129 c->root_directory = mfree(c->root_directory);
2130 c->tty_path = mfree(c->tty_path);
2131 c->syslog_identifier = mfree(c->syslog_identifier);
2132 c->user = mfree(c->user);
2133 c->group = mfree(c->group);
2134
2135 c->supplementary_groups = strv_free(c->supplementary_groups);
2136
2137 c->pam_name = mfree(c->pam_name);
2138
2139 c->read_only_dirs = strv_free(c->read_only_dirs);
2140 c->read_write_dirs = strv_free(c->read_write_dirs);
2141 c->inaccessible_dirs = strv_free(c->inaccessible_dirs);
2142
2143 if (c->cpuset)
2144 CPU_FREE(c->cpuset);
2145
2146 c->utmp_id = mfree(c->utmp_id);
2147 c->selinux_context = mfree(c->selinux_context);
2148 c->apparmor_profile = mfree(c->apparmor_profile);
2149
2150 c->syscall_filter = set_free(c->syscall_filter);
2151 c->syscall_archs = set_free(c->syscall_archs);
2152 c->address_families = set_free(c->address_families);
2153
2154 c->runtime_directory = strv_free(c->runtime_directory);
2155 }
2156
2157 int exec_context_destroy_runtime_directory(ExecContext *c, const char *runtime_prefix) {
2158 char **i;
2159
2160 assert(c);
2161
2162 if (!runtime_prefix)
2163 return 0;
2164
2165 STRV_FOREACH(i, c->runtime_directory) {
2166 _cleanup_free_ char *p;
2167
2168 p = strjoin(runtime_prefix, "/", *i, NULL);
2169 if (!p)
2170 return -ENOMEM;
2171
2172 /* We execute this synchronously, since we need to be
2173 * sure this is gone when we start the service
2174 * next. */
2175 (void) rm_rf(p, REMOVE_ROOT);
2176 }
2177
2178 return 0;
2179 }
2180
2181 void exec_command_done(ExecCommand *c) {
2182 assert(c);
2183
2184 c->path = mfree(c->path);
2185
2186 c->argv = strv_free(c->argv);
2187 }
2188
2189 void exec_command_done_array(ExecCommand *c, unsigned n) {
2190 unsigned i;
2191
2192 for (i = 0; i < n; i++)
2193 exec_command_done(c+i);
2194 }
2195
2196 ExecCommand* exec_command_free_list(ExecCommand *c) {
2197 ExecCommand *i;
2198
2199 while ((i = c)) {
2200 LIST_REMOVE(command, c, i);
2201 exec_command_done(i);
2202 free(i);
2203 }
2204
2205 return NULL;
2206 }
2207
2208 void exec_command_free_array(ExecCommand **c, unsigned n) {
2209 unsigned i;
2210
2211 for (i = 0; i < n; i++)
2212 c[i] = exec_command_free_list(c[i]);
2213 }
2214
2215 typedef struct InvalidEnvInfo {
2216 Unit *unit;
2217 const char *path;
2218 } InvalidEnvInfo;
2219
2220 static void invalid_env(const char *p, void *userdata) {
2221 InvalidEnvInfo *info = userdata;
2222
2223 log_unit_error(info->unit, "Ignoring invalid environment assignment '%s': %s", p, info->path);
2224 }
2225
2226 int exec_context_load_environment(Unit *unit, const ExecContext *c, char ***l) {
2227 char **i, **r = NULL;
2228
2229 assert(c);
2230 assert(l);
2231
2232 STRV_FOREACH(i, c->environment_files) {
2233 char *fn;
2234 int k;
2235 bool ignore = false;
2236 char **p;
2237 _cleanup_globfree_ glob_t pglob = {};
2238 int count, n;
2239
2240 fn = *i;
2241
2242 if (fn[0] == '-') {
2243 ignore = true;
2244 fn++;
2245 }
2246
2247 if (!path_is_absolute(fn)) {
2248 if (ignore)
2249 continue;
2250
2251 strv_free(r);
2252 return -EINVAL;
2253 }
2254
2255 /* Filename supports globbing, take all matching files */
2256 errno = 0;
2257 if (glob(fn, 0, NULL, &pglob) != 0) {
2258 if (ignore)
2259 continue;
2260
2261 strv_free(r);
2262 return errno > 0 ? -errno : -EINVAL;
2263 }
2264 count = pglob.gl_pathc;
2265 if (count == 0) {
2266 if (ignore)
2267 continue;
2268
2269 strv_free(r);
2270 return -EINVAL;
2271 }
2272 for (n = 0; n < count; n++) {
2273 k = load_env_file(NULL, pglob.gl_pathv[n], NULL, &p);
2274 if (k < 0) {
2275 if (ignore)
2276 continue;
2277
2278 strv_free(r);
2279 return k;
2280 }
2281 /* Log invalid environment variables with filename */
2282 if (p) {
2283 InvalidEnvInfo info = {
2284 .unit = unit,
2285 .path = pglob.gl_pathv[n]
2286 };
2287
2288 p = strv_env_clean_with_callback(p, invalid_env, &info);
2289 }
2290
2291 if (r == NULL)
2292 r = p;
2293 else {
2294 char **m;
2295
2296 m = strv_env_merge(2, r, p);
2297 strv_free(r);
2298 strv_free(p);
2299 if (!m)
2300 return -ENOMEM;
2301
2302 r = m;
2303 }
2304 }
2305 }
2306
2307 *l = r;
2308
2309 return 0;
2310 }
2311
2312 static bool tty_may_match_dev_console(const char *tty) {
2313 _cleanup_free_ char *active = NULL;
2314 char *console;
2315
2316 if (!tty)
2317 return true;
2318
2319 if (startswith(tty, "/dev/"))
2320 tty += 5;
2321
2322 /* trivial identity? */
2323 if (streq(tty, "console"))
2324 return true;
2325
2326 console = resolve_dev_console(&active);
2327 /* if we could not resolve, assume it may */
2328 if (!console)
2329 return true;
2330
2331 /* "tty0" means the active VC, so it may be the same sometimes */
2332 return streq(console, tty) || (streq(console, "tty0") && tty_is_vc(tty));
2333 }
2334
2335 bool exec_context_may_touch_console(ExecContext *ec) {
2336
2337 return (ec->tty_reset ||
2338 ec->tty_vhangup ||
2339 ec->tty_vt_disallocate ||
2340 is_terminal_input(ec->std_input) ||
2341 is_terminal_output(ec->std_output) ||
2342 is_terminal_output(ec->std_error)) &&
2343 tty_may_match_dev_console(exec_context_tty_path(ec));
2344 }
2345
2346 static void strv_fprintf(FILE *f, char **l) {
2347 char **g;
2348
2349 assert(f);
2350
2351 STRV_FOREACH(g, l)
2352 fprintf(f, " %s", *g);
2353 }
2354
2355 void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
2356 char **e, **d;
2357 unsigned i;
2358
2359 assert(c);
2360 assert(f);
2361
2362 prefix = strempty(prefix);
2363
2364 fprintf(f,
2365 "%sUMask: %04o\n"
2366 "%sWorkingDirectory: %s\n"
2367 "%sRootDirectory: %s\n"
2368 "%sNonBlocking: %s\n"
2369 "%sPrivateTmp: %s\n"
2370 "%sPrivateNetwork: %s\n"
2371 "%sPrivateDevices: %s\n"
2372 "%sProtectHome: %s\n"
2373 "%sProtectSystem: %s\n"
2374 "%sIgnoreSIGPIPE: %s\n",
2375 prefix, c->umask,
2376 prefix, c->working_directory ? c->working_directory : "/",
2377 prefix, c->root_directory ? c->root_directory : "/",
2378 prefix, yes_no(c->non_blocking),
2379 prefix, yes_no(c->private_tmp),
2380 prefix, yes_no(c->private_network),
2381 prefix, yes_no(c->private_devices),
2382 prefix, protect_home_to_string(c->protect_home),
2383 prefix, protect_system_to_string(c->protect_system),
2384 prefix, yes_no(c->ignore_sigpipe));
2385
2386 STRV_FOREACH(e, c->environment)
2387 fprintf(f, "%sEnvironment: %s\n", prefix, *e);
2388
2389 STRV_FOREACH(e, c->environment_files)
2390 fprintf(f, "%sEnvironmentFile: %s\n", prefix, *e);
2391
2392 STRV_FOREACH(e, c->pass_environment)
2393 fprintf(f, "%sPassEnvironment: %s\n", prefix, *e);
2394
2395 fprintf(f, "%sRuntimeDirectoryMode: %04o\n", prefix, c->runtime_directory_mode);
2396
2397 STRV_FOREACH(d, c->runtime_directory)
2398 fprintf(f, "%sRuntimeDirectory: %s\n", prefix, *d);
2399
2400 if (c->nice_set)
2401 fprintf(f,
2402 "%sNice: %i\n",
2403 prefix, c->nice);
2404
2405 if (c->oom_score_adjust_set)
2406 fprintf(f,
2407 "%sOOMScoreAdjust: %i\n",
2408 prefix, c->oom_score_adjust);
2409
2410 for (i = 0; i < RLIM_NLIMITS; i++)
2411 if (c->rlimit[i]) {
2412 fprintf(f, "%s%s: " RLIM_FMT "\n",
2413 prefix, rlimit_to_string(i), c->rlimit[i]->rlim_max);
2414 fprintf(f, "%s%sSoft: " RLIM_FMT "\n",
2415 prefix, rlimit_to_string(i), c->rlimit[i]->rlim_cur);
2416 }
2417
2418 if (c->ioprio_set) {
2419 _cleanup_free_ char *class_str = NULL;
2420
2421 ioprio_class_to_string_alloc(IOPRIO_PRIO_CLASS(c->ioprio), &class_str);
2422 fprintf(f,
2423 "%sIOSchedulingClass: %s\n"
2424 "%sIOPriority: %i\n",
2425 prefix, strna(class_str),
2426 prefix, (int) IOPRIO_PRIO_DATA(c->ioprio));
2427 }
2428
2429 if (c->cpu_sched_set) {
2430 _cleanup_free_ char *policy_str = NULL;
2431
2432 sched_policy_to_string_alloc(c->cpu_sched_policy, &policy_str);
2433 fprintf(f,
2434 "%sCPUSchedulingPolicy: %s\n"
2435 "%sCPUSchedulingPriority: %i\n"
2436 "%sCPUSchedulingResetOnFork: %s\n",
2437 prefix, strna(policy_str),
2438 prefix, c->cpu_sched_priority,
2439 prefix, yes_no(c->cpu_sched_reset_on_fork));
2440 }
2441
2442 if (c->cpuset) {
2443 fprintf(f, "%sCPUAffinity:", prefix);
2444 for (i = 0; i < c->cpuset_ncpus; i++)
2445 if (CPU_ISSET_S(i, CPU_ALLOC_SIZE(c->cpuset_ncpus), c->cpuset))
2446 fprintf(f, " %u", i);
2447 fputs("\n", f);
2448 }
2449
2450 if (c->timer_slack_nsec != NSEC_INFINITY)
2451 fprintf(f, "%sTimerSlackNSec: "NSEC_FMT "\n", prefix, c->timer_slack_nsec);
2452
2453 fprintf(f,
2454 "%sStandardInput: %s\n"
2455 "%sStandardOutput: %s\n"
2456 "%sStandardError: %s\n",
2457 prefix, exec_input_to_string(c->std_input),
2458 prefix, exec_output_to_string(c->std_output),
2459 prefix, exec_output_to_string(c->std_error));
2460
2461 if (c->tty_path)
2462 fprintf(f,
2463 "%sTTYPath: %s\n"
2464 "%sTTYReset: %s\n"
2465 "%sTTYVHangup: %s\n"
2466 "%sTTYVTDisallocate: %s\n",
2467 prefix, c->tty_path,
2468 prefix, yes_no(c->tty_reset),
2469 prefix, yes_no(c->tty_vhangup),
2470 prefix, yes_no(c->tty_vt_disallocate));
2471
2472 if (c->std_output == EXEC_OUTPUT_SYSLOG ||
2473 c->std_output == EXEC_OUTPUT_KMSG ||
2474 c->std_output == EXEC_OUTPUT_JOURNAL ||
2475 c->std_output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE ||
2476 c->std_output == EXEC_OUTPUT_KMSG_AND_CONSOLE ||
2477 c->std_output == EXEC_OUTPUT_JOURNAL_AND_CONSOLE ||
2478 c->std_error == EXEC_OUTPUT_SYSLOG ||
2479 c->std_error == EXEC_OUTPUT_KMSG ||
2480 c->std_error == EXEC_OUTPUT_JOURNAL ||
2481 c->std_error == EXEC_OUTPUT_SYSLOG_AND_CONSOLE ||
2482 c->std_error == EXEC_OUTPUT_KMSG_AND_CONSOLE ||
2483 c->std_error == EXEC_OUTPUT_JOURNAL_AND_CONSOLE) {
2484
2485 _cleanup_free_ char *fac_str = NULL, *lvl_str = NULL;
2486
2487 log_facility_unshifted_to_string_alloc(c->syslog_priority >> 3, &fac_str);
2488 log_level_to_string_alloc(LOG_PRI(c->syslog_priority), &lvl_str);
2489
2490 fprintf(f,
2491 "%sSyslogFacility: %s\n"
2492 "%sSyslogLevel: %s\n",
2493 prefix, strna(fac_str),
2494 prefix, strna(lvl_str));
2495 }
2496
2497 if (c->secure_bits)
2498 fprintf(f, "%sSecure Bits:%s%s%s%s%s%s\n",
2499 prefix,
2500 (c->secure_bits & 1<<SECURE_KEEP_CAPS) ? " keep-caps" : "",
2501 (c->secure_bits & 1<<SECURE_KEEP_CAPS_LOCKED) ? " keep-caps-locked" : "",
2502 (c->secure_bits & 1<<SECURE_NO_SETUID_FIXUP) ? " no-setuid-fixup" : "",
2503 (c->secure_bits & 1<<SECURE_NO_SETUID_FIXUP_LOCKED) ? " no-setuid-fixup-locked" : "",
2504 (c->secure_bits & 1<<SECURE_NOROOT) ? " noroot" : "",
2505 (c->secure_bits & 1<<SECURE_NOROOT_LOCKED) ? "noroot-locked" : "");
2506
2507 if (c->capability_bounding_set != CAP_ALL) {
2508 unsigned long l;
2509 fprintf(f, "%sCapabilityBoundingSet:", prefix);
2510
2511 for (l = 0; l <= cap_last_cap(); l++)
2512 if (c->capability_bounding_set & (UINT64_C(1) << l))
2513 fprintf(f, " %s", strna(capability_to_name(l)));
2514
2515 fputs("\n", f);
2516 }
2517
2518 if (c->capability_ambient_set != 0) {
2519 unsigned long l;
2520 fprintf(f, "%sAmbientCapabilities:", prefix);
2521
2522 for (l = 0; l <= cap_last_cap(); l++)
2523 if (c->capability_ambient_set & (UINT64_C(1) << l))
2524 fprintf(f, " %s", strna(capability_to_name(l)));
2525
2526 fputs("\n", f);
2527 }
2528
2529 if (c->user)
2530 fprintf(f, "%sUser: %s\n", prefix, c->user);
2531 if (c->group)
2532 fprintf(f, "%sGroup: %s\n", prefix, c->group);
2533
2534 if (strv_length(c->supplementary_groups) > 0) {
2535 fprintf(f, "%sSupplementaryGroups:", prefix);
2536 strv_fprintf(f, c->supplementary_groups);
2537 fputs("\n", f);
2538 }
2539
2540 if (c->pam_name)
2541 fprintf(f, "%sPAMName: %s\n", prefix, c->pam_name);
2542
2543 if (strv_length(c->read_write_dirs) > 0) {
2544 fprintf(f, "%sReadWriteDirs:", prefix);
2545 strv_fprintf(f, c->read_write_dirs);
2546 fputs("\n", f);
2547 }
2548
2549 if (strv_length(c->read_only_dirs) > 0) {
2550 fprintf(f, "%sReadOnlyDirs:", prefix);
2551 strv_fprintf(f, c->read_only_dirs);
2552 fputs("\n", f);
2553 }
2554
2555 if (strv_length(c->inaccessible_dirs) > 0) {
2556 fprintf(f, "%sInaccessibleDirs:", prefix);
2557 strv_fprintf(f, c->inaccessible_dirs);
2558 fputs("\n", f);
2559 }
2560
2561 if (c->utmp_id)
2562 fprintf(f,
2563 "%sUtmpIdentifier: %s\n",
2564 prefix, c->utmp_id);
2565
2566 if (c->selinux_context)
2567 fprintf(f,
2568 "%sSELinuxContext: %s%s\n",
2569 prefix, c->selinux_context_ignore ? "-" : "", c->selinux_context);
2570
2571 if (c->personality != PERSONALITY_INVALID)
2572 fprintf(f,
2573 "%sPersonality: %s\n",
2574 prefix, strna(personality_to_string(c->personality)));
2575
2576 if (c->syscall_filter) {
2577 #ifdef HAVE_SECCOMP
2578 Iterator j;
2579 void *id;
2580 bool first = true;
2581 #endif
2582
2583 fprintf(f,
2584 "%sSystemCallFilter: ",
2585 prefix);
2586
2587 if (!c->syscall_whitelist)
2588 fputc('~', f);
2589
2590 #ifdef HAVE_SECCOMP
2591 SET_FOREACH(id, c->syscall_filter, j) {
2592 _cleanup_free_ char *name = NULL;
2593
2594 if (first)
2595 first = false;
2596 else
2597 fputc(' ', f);
2598
2599 name = seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE, PTR_TO_INT(id) - 1);
2600 fputs(strna(name), f);
2601 }
2602 #endif
2603
2604 fputc('\n', f);
2605 }
2606
2607 if (c->syscall_archs) {
2608 #ifdef HAVE_SECCOMP
2609 Iterator j;
2610 void *id;
2611 #endif
2612
2613 fprintf(f,
2614 "%sSystemCallArchitectures:",
2615 prefix);
2616
2617 #ifdef HAVE_SECCOMP
2618 SET_FOREACH(id, c->syscall_archs, j)
2619 fprintf(f, " %s", strna(seccomp_arch_to_string(PTR_TO_UINT32(id) - 1)));
2620 #endif
2621 fputc('\n', f);
2622 }
2623
2624 if (c->syscall_errno > 0)
2625 fprintf(f,
2626 "%sSystemCallErrorNumber: %s\n",
2627 prefix, strna(errno_to_name(c->syscall_errno)));
2628
2629 if (c->apparmor_profile)
2630 fprintf(f,
2631 "%sAppArmorProfile: %s%s\n",
2632 prefix, c->apparmor_profile_ignore ? "-" : "", c->apparmor_profile);
2633 }
2634
2635 bool exec_context_maintains_privileges(ExecContext *c) {
2636 assert(c);
2637
2638 /* Returns true if the process forked off would run run under
2639 * an unchanged UID or as root. */
2640
2641 if (!c->user)
2642 return true;
2643
2644 if (streq(c->user, "root") || streq(c->user, "0"))
2645 return true;
2646
2647 return false;
2648 }
2649
2650 void exec_status_start(ExecStatus *s, pid_t pid) {
2651 assert(s);
2652
2653 zero(*s);
2654 s->pid = pid;
2655 dual_timestamp_get(&s->start_timestamp);
2656 }
2657
2658 void exec_status_exit(ExecStatus *s, ExecContext *context, pid_t pid, int code, int status) {
2659 assert(s);
2660
2661 if (s->pid && s->pid != pid)
2662 zero(*s);
2663
2664 s->pid = pid;
2665 dual_timestamp_get(&s->exit_timestamp);
2666
2667 s->code = code;
2668 s->status = status;
2669
2670 if (context) {
2671 if (context->utmp_id)
2672 utmp_put_dead_process(context->utmp_id, pid, code, status);
2673
2674 exec_context_tty_reset(context, NULL);
2675 }
2676 }
2677
2678 void exec_status_dump(ExecStatus *s, FILE *f, const char *prefix) {
2679 char buf[FORMAT_TIMESTAMP_MAX];
2680
2681 assert(s);
2682 assert(f);
2683
2684 if (s->pid <= 0)
2685 return;
2686
2687 prefix = strempty(prefix);
2688
2689 fprintf(f,
2690 "%sPID: "PID_FMT"\n",
2691 prefix, s->pid);
2692
2693 if (s->start_timestamp.realtime > 0)
2694 fprintf(f,
2695 "%sStart Timestamp: %s\n",
2696 prefix, format_timestamp(buf, sizeof(buf), s->start_timestamp.realtime));
2697
2698 if (s->exit_timestamp.realtime > 0)
2699 fprintf(f,
2700 "%sExit Timestamp: %s\n"
2701 "%sExit Code: %s\n"
2702 "%sExit Status: %i\n",
2703 prefix, format_timestamp(buf, sizeof(buf), s->exit_timestamp.realtime),
2704 prefix, sigchld_code_to_string(s->code),
2705 prefix, s->status);
2706 }
2707
2708 char *exec_command_line(char **argv) {
2709 size_t k;
2710 char *n, *p, **a;
2711 bool first = true;
2712
2713 assert(argv);
2714
2715 k = 1;
2716 STRV_FOREACH(a, argv)
2717 k += strlen(*a)+3;
2718
2719 if (!(n = new(char, k)))
2720 return NULL;
2721
2722 p = n;
2723 STRV_FOREACH(a, argv) {
2724
2725 if (!first)
2726 *(p++) = ' ';
2727 else
2728 first = false;
2729
2730 if (strpbrk(*a, WHITESPACE)) {
2731 *(p++) = '\'';
2732 p = stpcpy(p, *a);
2733 *(p++) = '\'';
2734 } else
2735 p = stpcpy(p, *a);
2736
2737 }
2738
2739 *p = 0;
2740
2741 /* FIXME: this doesn't really handle arguments that have
2742 * spaces and ticks in them */
2743
2744 return n;
2745 }
2746
2747 void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix) {
2748 _cleanup_free_ char *cmd = NULL;
2749 const char *prefix2;
2750
2751 assert(c);
2752 assert(f);
2753
2754 prefix = strempty(prefix);
2755 prefix2 = strjoina(prefix, "\t");
2756
2757 cmd = exec_command_line(c->argv);
2758 fprintf(f,
2759 "%sCommand Line: %s\n",
2760 prefix, cmd ? cmd : strerror(ENOMEM));
2761
2762 exec_status_dump(&c->exec_status, f, prefix2);
2763 }
2764
2765 void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix) {
2766 assert(f);
2767
2768 prefix = strempty(prefix);
2769
2770 LIST_FOREACH(command, c, c)
2771 exec_command_dump(c, f, prefix);
2772 }
2773
2774 void exec_command_append_list(ExecCommand **l, ExecCommand *e) {
2775 ExecCommand *end;
2776
2777 assert(l);
2778 assert(e);
2779
2780 if (*l) {
2781 /* It's kind of important, that we keep the order here */
2782 LIST_FIND_TAIL(command, *l, end);
2783 LIST_INSERT_AFTER(command, *l, end, e);
2784 } else
2785 *l = e;
2786 }
2787
2788 int exec_command_set(ExecCommand *c, const char *path, ...) {
2789 va_list ap;
2790 char **l, *p;
2791
2792 assert(c);
2793 assert(path);
2794
2795 va_start(ap, path);
2796 l = strv_new_ap(path, ap);
2797 va_end(ap);
2798
2799 if (!l)
2800 return -ENOMEM;
2801
2802 p = strdup(path);
2803 if (!p) {
2804 strv_free(l);
2805 return -ENOMEM;
2806 }
2807
2808 free(c->path);
2809 c->path = p;
2810
2811 strv_free(c->argv);
2812 c->argv = l;
2813
2814 return 0;
2815 }
2816
2817 int exec_command_append(ExecCommand *c, const char *path, ...) {
2818 _cleanup_strv_free_ char **l = NULL;
2819 va_list ap;
2820 int r;
2821
2822 assert(c);
2823 assert(path);
2824
2825 va_start(ap, path);
2826 l = strv_new_ap(path, ap);
2827 va_end(ap);
2828
2829 if (!l)
2830 return -ENOMEM;
2831
2832 r = strv_extend_strv(&c->argv, l, false);
2833 if (r < 0)
2834 return r;
2835
2836 return 0;
2837 }
2838
2839
2840 static int exec_runtime_allocate(ExecRuntime **rt) {
2841
2842 if (*rt)
2843 return 0;
2844
2845 *rt = new0(ExecRuntime, 1);
2846 if (!*rt)
2847 return -ENOMEM;
2848
2849 (*rt)->n_ref = 1;
2850 (*rt)->netns_storage_socket[0] = (*rt)->netns_storage_socket[1] = -1;
2851
2852 return 0;
2853 }
2854
2855 int exec_runtime_make(ExecRuntime **rt, ExecContext *c, const char *id) {
2856 int r;
2857
2858 assert(rt);
2859 assert(c);
2860 assert(id);
2861
2862 if (*rt)
2863 return 1;
2864
2865 if (!c->private_network && !c->private_tmp)
2866 return 0;
2867
2868 r = exec_runtime_allocate(rt);
2869 if (r < 0)
2870 return r;
2871
2872 if (c->private_network && (*rt)->netns_storage_socket[0] < 0) {
2873 if (socketpair(AF_UNIX, SOCK_DGRAM, 0, (*rt)->netns_storage_socket) < 0)
2874 return -errno;
2875 }
2876
2877 if (c->private_tmp && !(*rt)->tmp_dir) {
2878 r = setup_tmp_dirs(id, &(*rt)->tmp_dir, &(*rt)->var_tmp_dir);
2879 if (r < 0)
2880 return r;
2881 }
2882
2883 return 1;
2884 }
2885
2886 ExecRuntime *exec_runtime_ref(ExecRuntime *r) {
2887 assert(r);
2888 assert(r->n_ref > 0);
2889
2890 r->n_ref++;
2891 return r;
2892 }
2893
2894 ExecRuntime *exec_runtime_unref(ExecRuntime *r) {
2895
2896 if (!r)
2897 return NULL;
2898
2899 assert(r->n_ref > 0);
2900
2901 r->n_ref--;
2902 if (r->n_ref > 0)
2903 return NULL;
2904
2905 free(r->tmp_dir);
2906 free(r->var_tmp_dir);
2907 safe_close_pair(r->netns_storage_socket);
2908 free(r);
2909
2910 return NULL;
2911 }
2912
2913 int exec_runtime_serialize(Unit *u, ExecRuntime *rt, FILE *f, FDSet *fds) {
2914 assert(u);
2915 assert(f);
2916 assert(fds);
2917
2918 if (!rt)
2919 return 0;
2920
2921 if (rt->tmp_dir)
2922 unit_serialize_item(u, f, "tmp-dir", rt->tmp_dir);
2923
2924 if (rt->var_tmp_dir)
2925 unit_serialize_item(u, f, "var-tmp-dir", rt->var_tmp_dir);
2926
2927 if (rt->netns_storage_socket[0] >= 0) {
2928 int copy;
2929
2930 copy = fdset_put_dup(fds, rt->netns_storage_socket[0]);
2931 if (copy < 0)
2932 return copy;
2933
2934 unit_serialize_item_format(u, f, "netns-socket-0", "%i", copy);
2935 }
2936
2937 if (rt->netns_storage_socket[1] >= 0) {
2938 int copy;
2939
2940 copy = fdset_put_dup(fds, rt->netns_storage_socket[1]);
2941 if (copy < 0)
2942 return copy;
2943
2944 unit_serialize_item_format(u, f, "netns-socket-1", "%i", copy);
2945 }
2946
2947 return 0;
2948 }
2949
2950 int exec_runtime_deserialize_item(Unit *u, ExecRuntime **rt, const char *key, const char *value, FDSet *fds) {
2951 int r;
2952
2953 assert(rt);
2954 assert(key);
2955 assert(value);
2956
2957 if (streq(key, "tmp-dir")) {
2958 char *copy;
2959
2960 r = exec_runtime_allocate(rt);
2961 if (r < 0)
2962 return log_oom();
2963
2964 copy = strdup(value);
2965 if (!copy)
2966 return log_oom();
2967
2968 free((*rt)->tmp_dir);
2969 (*rt)->tmp_dir = copy;
2970
2971 } else if (streq(key, "var-tmp-dir")) {
2972 char *copy;
2973
2974 r = exec_runtime_allocate(rt);
2975 if (r < 0)
2976 return log_oom();
2977
2978 copy = strdup(value);
2979 if (!copy)
2980 return log_oom();
2981
2982 free((*rt)->var_tmp_dir);
2983 (*rt)->var_tmp_dir = copy;
2984
2985 } else if (streq(key, "netns-socket-0")) {
2986 int fd;
2987
2988 r = exec_runtime_allocate(rt);
2989 if (r < 0)
2990 return log_oom();
2991
2992 if (safe_atoi(value, &fd) < 0 || !fdset_contains(fds, fd))
2993 log_unit_debug(u, "Failed to parse netns socket value: %s", value);
2994 else {
2995 safe_close((*rt)->netns_storage_socket[0]);
2996 (*rt)->netns_storage_socket[0] = fdset_remove(fds, fd);
2997 }
2998 } else if (streq(key, "netns-socket-1")) {
2999 int fd;
3000
3001 r = exec_runtime_allocate(rt);
3002 if (r < 0)
3003 return log_oom();
3004
3005 if (safe_atoi(value, &fd) < 0 || !fdset_contains(fds, fd))
3006 log_unit_debug(u, "Failed to parse netns socket value: %s", value);
3007 else {
3008 safe_close((*rt)->netns_storage_socket[1]);
3009 (*rt)->netns_storage_socket[1] = fdset_remove(fds, fd);
3010 }
3011 } else
3012 return 0;
3013
3014 return 1;
3015 }
3016
3017 static void *remove_tmpdir_thread(void *p) {
3018 _cleanup_free_ char *path = p;
3019
3020 (void) rm_rf(path, REMOVE_ROOT|REMOVE_PHYSICAL);
3021 return NULL;
3022 }
3023
3024 void exec_runtime_destroy(ExecRuntime *rt) {
3025 int r;
3026
3027 if (!rt)
3028 return;
3029
3030 /* If there are multiple users of this, let's leave the stuff around */
3031 if (rt->n_ref > 1)
3032 return;
3033
3034 if (rt->tmp_dir) {
3035 log_debug("Spawning thread to nuke %s", rt->tmp_dir);
3036
3037 r = asynchronous_job(remove_tmpdir_thread, rt->tmp_dir);
3038 if (r < 0) {
3039 log_warning_errno(r, "Failed to nuke %s: %m", rt->tmp_dir);
3040 free(rt->tmp_dir);
3041 }
3042
3043 rt->tmp_dir = NULL;
3044 }
3045
3046 if (rt->var_tmp_dir) {
3047 log_debug("Spawning thread to nuke %s", rt->var_tmp_dir);
3048
3049 r = asynchronous_job(remove_tmpdir_thread, rt->var_tmp_dir);
3050 if (r < 0) {
3051 log_warning_errno(r, "Failed to nuke %s: %m", rt->var_tmp_dir);
3052 free(rt->var_tmp_dir);
3053 }
3054
3055 rt->var_tmp_dir = NULL;
3056 }
3057
3058 safe_close_pair(rt->netns_storage_socket);
3059 }
3060
3061 static const char* const exec_input_table[_EXEC_INPUT_MAX] = {
3062 [EXEC_INPUT_NULL] = "null",
3063 [EXEC_INPUT_TTY] = "tty",
3064 [EXEC_INPUT_TTY_FORCE] = "tty-force",
3065 [EXEC_INPUT_TTY_FAIL] = "tty-fail",
3066 [EXEC_INPUT_SOCKET] = "socket"
3067 };
3068
3069 DEFINE_STRING_TABLE_LOOKUP(exec_input, ExecInput);
3070
3071 static const char* const exec_output_table[_EXEC_OUTPUT_MAX] = {
3072 [EXEC_OUTPUT_INHERIT] = "inherit",
3073 [EXEC_OUTPUT_NULL] = "null",
3074 [EXEC_OUTPUT_TTY] = "tty",
3075 [EXEC_OUTPUT_SYSLOG] = "syslog",
3076 [EXEC_OUTPUT_SYSLOG_AND_CONSOLE] = "syslog+console",
3077 [EXEC_OUTPUT_KMSG] = "kmsg",
3078 [EXEC_OUTPUT_KMSG_AND_CONSOLE] = "kmsg+console",
3079 [EXEC_OUTPUT_JOURNAL] = "journal",
3080 [EXEC_OUTPUT_JOURNAL_AND_CONSOLE] = "journal+console",
3081 [EXEC_OUTPUT_SOCKET] = "socket"
3082 };
3083
3084 DEFINE_STRING_TABLE_LOOKUP(exec_output, ExecOutput);
3085
3086 static const char* const exec_utmp_mode_table[_EXEC_UTMP_MODE_MAX] = {
3087 [EXEC_UTMP_INIT] = "init",
3088 [EXEC_UTMP_LOGIN] = "login",
3089 [EXEC_UTMP_USER] = "user",
3090 };
3091
3092 DEFINE_STRING_TABLE_LOOKUP(exec_utmp_mode, ExecUtmpMode);
Unnamed repository; edit this file 'description' to name the repository.