1 /* SPDX-License-Identifier: LGPL-2.1+ */
5 This file is part of systemd.
7 Copyright 2010 Lennart Poettering
9 systemd is free software; you can redistribute it and/or modify it
10 under the terms of the GNU Lesser General Public License as published by
11 the Free Software Foundation; either version 2.1 of the License, or
12 (at your option) any later version.
14 systemd is distributed in the hope that it will be useful, but
15 WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Lesser General Public License for more details.
19 You should have received a copy of the GNU Lesser General Public License
20 along with systemd; If not, see <http://www.gnu.org/licenses/>.
23 typedef struct ExecStatus ExecStatus
;
24 typedef struct ExecCommand ExecCommand
;
25 typedef struct ExecContext ExecContext
;
26 typedef struct ExecRuntime ExecRuntime
;
27 typedef struct ExecParameters ExecParameters
;
32 #include <sys/capability.h>
34 #include "cgroup-util.h"
38 #include "namespace.h"
41 #define EXEC_STDIN_DATA_MAX (64U*1024U*1024U)
43 typedef enum ExecUtmpMode
{
48 _EXEC_UTMP_MODE_INVALID
= -1
51 typedef enum ExecInput
{
61 _EXEC_INPUT_INVALID
= -1
64 typedef enum ExecOutput
{
69 EXEC_OUTPUT_SYSLOG_AND_CONSOLE
,
71 EXEC_OUTPUT_KMSG_AND_CONSOLE
,
73 EXEC_OUTPUT_JOURNAL_AND_CONSOLE
,
78 _EXEC_OUTPUT_INVALID
= -1
81 typedef enum ExecPreserveMode
{
84 EXEC_PRESERVE_RESTART
,
85 _EXEC_PRESERVE_MODE_MAX
,
86 _EXEC_PRESERVE_MODE_INVALID
= -1
89 typedef enum ExecKeyringMode
{
93 _EXEC_KEYRING_MODE_MAX
,
94 _EXEC_KEYRING_MODE_INVALID
= -1,
98 dual_timestamp start_timestamp
;
99 dual_timestamp exit_timestamp
;
101 int code
; /* as in siginfo_t::si_code */
102 int status
; /* as in sigingo_t::si_status */
105 typedef enum ExecCommandFlags
{
106 EXEC_COMMAND_IGNORE_FAILURE
= 1,
107 EXEC_COMMAND_FULLY_PRIVILEGED
= 2,
108 EXEC_COMMAND_NO_SETUID
= 4,
109 EXEC_COMMAND_AMBIENT_MAGIC
= 8,
115 ExecStatus exec_status
;
116 ExecCommandFlags flags
;
117 LIST_FIELDS(ExecCommand
, command
); /* useful for chaining commands */
126 /* An AF_UNIX socket pair, that contains a datagram containing a file descriptor referring to the network
128 int netns_storage_socket
[2];
131 typedef enum ExecDirectoryType
{
132 EXEC_DIRECTORY_RUNTIME
= 0,
133 EXEC_DIRECTORY_STATE
,
134 EXEC_DIRECTORY_CACHE
,
136 EXEC_DIRECTORY_CONFIGURATION
,
137 _EXEC_DIRECTORY_TYPE_MAX
,
138 _EXEC_DIRECTORY_TYPE_INVALID
= -1,
141 typedef struct ExecDirectory
{
148 char **environment_files
;
149 char **pass_environment
;
150 char **unset_environment
;
152 struct rlimit
*rlimit
[_RLIMIT_MAX
];
153 char *working_directory
, *root_directory
, *root_image
;
154 bool working_directory_missing_ok
;
155 bool working_directory_home
;
158 int oom_score_adjust
;
161 int cpu_sched_policy
;
162 int cpu_sched_priority
;
165 unsigned cpuset_ncpus
;
168 ExecOutput std_output
;
169 ExecOutput std_error
;
170 char *stdio_fdname
[3];
174 size_t stdin_data_size
;
176 nsec_t timer_slack_nsec
;
184 bool tty_vt_disallocate
;
188 /* Since resolving these names might involve socket
189 * connections and we don't want to deadlock ourselves these
190 * names are resolved on execution only and in the child
194 char **supplementary_groups
;
199 ExecUtmpMode utmp_mode
;
201 bool selinux_context_ignore
;
202 char *selinux_context
;
204 bool apparmor_profile_ignore
;
205 char *apparmor_profile
;
207 bool smack_process_label_ignore
;
208 char *smack_process_label
;
210 ExecKeyringMode keyring_mode
;
212 char **read_write_paths
, **read_only_paths
, **inaccessible_paths
;
213 unsigned long mount_flags
;
214 BindMount
*bind_mounts
;
215 unsigned n_bind_mounts
;
217 uint64_t capability_bounding_set
;
218 uint64_t capability_ambient_set
;
222 char *syslog_identifier
;
223 bool syslog_level_prefix
;
227 struct iovec
* log_extra_fields
;
228 size_t n_log_extra_fields
;
230 bool cpu_sched_reset_on_fork
;
233 bool private_network
;
234 bool private_devices
;
236 ProtectSystem protect_system
;
237 ProtectHome protect_home
;
238 bool protect_kernel_tunables
;
239 bool protect_kernel_modules
;
240 bool protect_control_groups
;
243 bool no_new_privileges
;
248 /* This is not exposed to the user but available
249 * internally. We need it to make sure that whenever we spawn
250 * /usr/bin/mount it is run in the same process group as us so
251 * that the autofs logic detects that it belongs to us and we
252 * don't enter a trigger loop. */
255 unsigned long personality
;
256 bool lock_personality
;
258 unsigned long restrict_namespaces
; /* The CLONE_NEWxyz flags permitted to the unit's processes */
260 Hashmap
*syscall_filter
;
263 bool syscall_whitelist
:1;
265 Set
*address_families
;
266 bool address_families_whitelist
:1;
268 ExecPreserveMode runtime_directory_preserve_mode
;
269 ExecDirectory directories
[_EXEC_DIRECTORY_TYPE_MAX
];
271 bool memory_deny_write_execute
;
272 bool restrict_realtime
;
274 bool oom_score_adjust_set
:1;
277 bool cpu_sched_set
:1;
280 static inline bool exec_context_restrict_namespaces_set(const ExecContext
*c
) {
283 return (c
->restrict_namespaces
& NAMESPACE_FLAGS_ALL
) != NAMESPACE_FLAGS_ALL
;
286 typedef enum ExecFlags
{
287 EXEC_APPLY_SANDBOXING
= 1U << 0,
288 EXEC_APPLY_CHROOT
= 1U << 1,
289 EXEC_APPLY_TTY_STDIN
= 1U << 2,
290 EXEC_NEW_KEYRING
= 1U << 3,
291 EXEC_PASS_LOG_UNIT
= 1U << 4, /* Whether to pass the unit name to the service's journal stream connection */
292 EXEC_CHOWN_DIRECTORIES
= 1U << 5, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */
293 EXEC_NSS_BYPASS_BUS
= 1U << 6, /* Set the SYSTEMD_NSS_BYPASS_BUS environment variable, to disable nss-systemd for dbus */
294 EXEC_CGROUP_DELEGATE
= 1U << 7,
296 /* The following are not used by execute.c, but by consumers internally */
297 EXEC_PASS_FDS
= 1U << 8,
298 EXEC_IS_CONTROL
= 1U << 9,
299 EXEC_SETENV_RESULT
= 1U << 10,
300 EXEC_SET_WATCHDOG
= 1U << 11,
303 struct ExecParameters
{
309 unsigned n_storage_fds
;
310 unsigned n_socket_fds
;
313 bool selinux_context_net
:1;
315 CGroupMask cgroup_supported
;
316 const char *cgroup_path
;
320 const char *confirm_spawn
;
322 usec_t watchdog_usec
;
332 #include "dynamic-user.h"
334 int exec_spawn(Unit
*unit
,
335 ExecCommand
*command
,
336 const ExecContext
*context
,
337 const ExecParameters
*exec_params
,
338 ExecRuntime
*runtime
,
339 DynamicCreds
*dynamic_creds
,
342 void exec_command_done(ExecCommand
*c
);
343 void exec_command_done_array(ExecCommand
*c
, unsigned n
);
345 ExecCommand
* exec_command_free_list(ExecCommand
*c
);
346 void exec_command_free_array(ExecCommand
**c
, unsigned n
);
348 char *exec_command_line(char **argv
);
350 void exec_command_dump(ExecCommand
*c
, FILE *f
, const char *prefix
);
351 void exec_command_dump_list(ExecCommand
*c
, FILE *f
, const char *prefix
);
352 void exec_command_append_list(ExecCommand
**l
, ExecCommand
*e
);
353 int exec_command_set(ExecCommand
*c
, const char *path
, ...);
354 int exec_command_append(ExecCommand
*c
, const char *path
, ...);
356 void exec_context_init(ExecContext
*c
);
357 void exec_context_done(ExecContext
*c
);
358 void exec_context_dump(ExecContext
*c
, FILE* f
, const char *prefix
);
360 int exec_context_destroy_runtime_directory(ExecContext
*c
, const char *runtime_root
);
362 int exec_context_load_environment(Unit
*unit
, const ExecContext
*c
, char ***l
);
363 int exec_context_named_iofds(Unit
*unit
, const ExecContext
*c
, const ExecParameters
*p
, int named_iofds
[3]);
364 const char* exec_context_fdname(const ExecContext
*c
, int fd_index
);
366 bool exec_context_may_touch_console(ExecContext
*c
);
367 bool exec_context_maintains_privileges(ExecContext
*c
);
369 int exec_context_get_effective_ioprio(ExecContext
*c
);
371 void exec_context_free_log_extra_fields(ExecContext
*c
);
373 void exec_status_start(ExecStatus
*s
, pid_t pid
);
374 void exec_status_exit(ExecStatus
*s
, ExecContext
*context
, pid_t pid
, int code
, int status
);
375 void exec_status_dump(ExecStatus
*s
, FILE *f
, const char *prefix
);
377 int exec_runtime_make(ExecRuntime
**rt
, ExecContext
*c
, const char *id
);
378 ExecRuntime
*exec_runtime_ref(ExecRuntime
*r
);
379 ExecRuntime
*exec_runtime_unref(ExecRuntime
*r
);
381 int exec_runtime_serialize(Unit
*unit
, ExecRuntime
*rt
, FILE *f
, FDSet
*fds
);
382 int exec_runtime_deserialize_item(Unit
*unit
, ExecRuntime
**rt
, const char *key
, const char *value
, FDSet
*fds
);
384 void exec_runtime_destroy(ExecRuntime
*rt
);
386 const char* exec_output_to_string(ExecOutput i
) _const_
;
387 ExecOutput
exec_output_from_string(const char *s
) _pure_
;
389 const char* exec_input_to_string(ExecInput i
) _const_
;
390 ExecInput
exec_input_from_string(const char *s
) _pure_
;
392 const char* exec_utmp_mode_to_string(ExecUtmpMode i
) _const_
;
393 ExecUtmpMode
exec_utmp_mode_from_string(const char *s
) _pure_
;
395 const char* exec_preserve_mode_to_string(ExecPreserveMode i
) _const_
;
396 ExecPreserveMode
exec_preserve_mode_from_string(const char *s
) _pure_
;
398 const char* exec_keyring_mode_to_string(ExecKeyringMode i
) _const_
;
399 ExecKeyringMode
exec_keyring_mode_from_string(const char *s
) _pure_
;
401 const char* exec_directory_type_to_string(ExecDirectoryType i
) _const_
;
402 ExecDirectoryType
exec_directory_type_from_string(const char *s
) _pure_
;