1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 Copyright © 2012 Holger Hans Peter Freyther
14 #include <sys/resource.h>
16 #include "sd-messages.h"
19 #include "alloc-util.h"
20 #include "all-units.h"
21 #include "bpf-firewall.h"
22 #include "bus-error.h"
23 #include "bus-internal.h"
26 #include "capability-util.h"
27 #include "cgroup-setup.h"
28 #include "conf-parser.h"
29 #include "cpu-set-util.h"
31 #include "errno-list.h"
36 #include "hexdecoct.h"
39 #include "ip-protocol-list.h"
40 #include "journal-util.h"
41 #include "limits-util.h"
42 #include "load-fragment.h"
44 #include "mountpoint-util.h"
45 #include "nulstr-util.h"
46 #include "parse-util.h"
47 #include "path-util.h"
48 #include "process-util.h"
50 #include "seccomp-util.h"
52 #include "securebits-util.h"
53 #include "signal-util.h"
54 #include "socket-netlink.h"
55 #include "stat-util.h"
56 #include "string-util.h"
58 #include "syslog-util.h"
59 #include "time-util.h"
60 #include "unit-name.h"
61 #include "unit-printf.h"
62 #include "user-util.h"
66 static int parse_socket_protocol(const char *s
) {
69 r
= parse_ip_protocol(s
);
72 if (!IN_SET(r
, IPPROTO_UDPLITE
, IPPROTO_SCTP
))
73 return -EPROTONOSUPPORT
;
78 int parse_crash_chvt(const char *value
, int *data
) {
81 if (safe_atoi(value
, data
) >= 0)
84 b
= parse_boolean(value
);
89 *data
= 0; /* switch to where kmsg goes */
91 *data
= -1; /* turn off switching */
96 int parse_confirm_spawn(const char *value
, char **console
) {
100 r
= value
? parse_boolean(value
) : 1;
104 } else if (r
> 0) /* on with default tty */
105 s
= strdup("/dev/console");
106 else if (is_path(value
)) /* on with fully qualified path */
108 else /* on with only a tty file name, not a fully qualified path */
109 s
= path_join("/dev/", value
);
117 DEFINE_CONFIG_PARSE(config_parse_socket_protocol
, parse_socket_protocol
, "Failed to parse socket protocol");
118 DEFINE_CONFIG_PARSE(config_parse_exec_secure_bits
, secure_bits_from_string
, "Failed to parse secure bits");
119 DEFINE_CONFIG_PARSE_ENUM(config_parse_collect_mode
, collect_mode
, CollectMode
, "Failed to parse garbage collection mode");
120 DEFINE_CONFIG_PARSE_ENUM(config_parse_device_policy
, cgroup_device_policy
, CGroupDevicePolicy
, "Failed to parse device policy");
121 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_keyring_mode
, exec_keyring_mode
, ExecKeyringMode
, "Failed to parse keyring mode");
122 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_proc
, protect_proc
, ProtectProc
, "Failed to parse /proc/ protection mode");
123 DEFINE_CONFIG_PARSE_ENUM(config_parse_proc_subset
, proc_subset
, ProcSubset
, "Failed to parse /proc/ subset mode");
124 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_utmp_mode
, exec_utmp_mode
, ExecUtmpMode
, "Failed to parse utmp mode");
125 DEFINE_CONFIG_PARSE_ENUM(config_parse_job_mode
, job_mode
, JobMode
, "Failed to parse job mode");
126 DEFINE_CONFIG_PARSE_ENUM(config_parse_notify_access
, notify_access
, NotifyAccess
, "Failed to parse notify access specifier");
127 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_home
, protect_home
, ProtectHome
, "Failed to parse protect home value");
128 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_system
, protect_system
, ProtectSystem
, "Failed to parse protect system value");
129 DEFINE_CONFIG_PARSE_ENUM(config_parse_runtime_preserve_mode
, exec_preserve_mode
, ExecPreserveMode
, "Failed to parse runtime directory preserve mode");
130 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_type
, service_type
, ServiceType
, "Failed to parse service type");
131 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_restart
, service_restart
, ServiceRestart
, "Failed to parse service restart specifier");
132 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_timeout_failure_mode
, service_timeout_failure_mode
, ServiceTimeoutFailureMode
, "Failed to parse timeout failure mode");
133 DEFINE_CONFIG_PARSE_ENUM(config_parse_socket_bind
, socket_address_bind_ipv6_only_or_bool
, SocketAddressBindIPv6Only
, "Failed to parse bind IPv6 only value");
134 DEFINE_CONFIG_PARSE_ENUM(config_parse_oom_policy
, oom_policy
, OOMPolicy
, "Failed to parse OOM policy");
135 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_ip_tos
, ip_tos
, int, -1, "Failed to parse IP TOS value");
136 DEFINE_CONFIG_PARSE_PTR(config_parse_blockio_weight
, cg_blkio_weight_parse
, uint64_t, "Invalid block IO weight");
137 DEFINE_CONFIG_PARSE_PTR(config_parse_cg_weight
, cg_weight_parse
, uint64_t, "Invalid weight");
138 DEFINE_CONFIG_PARSE_PTR(config_parse_cpu_shares
, cg_cpu_shares_parse
, uint64_t, "Invalid CPU shares");
139 DEFINE_CONFIG_PARSE_PTR(config_parse_exec_mount_flags
, mount_propagation_flags_from_string
, unsigned long, "Failed to parse mount flag");
140 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_numa_policy
, mpol
, int, -1, "Invalid NUMA policy type");
141 DEFINE_CONFIG_PARSE_ENUM(config_parse_status_unit_format
, status_unit_format
, StatusUnitFormat
, "Failed to parse status unit format");
143 int config_parse_unit_deps(
145 const char *filename
,
148 unsigned section_line
,
155 UnitDependency d
= ltype
;
162 for (const char *p
= rvalue
;;) {
163 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
166 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_RETAIN_ESCAPE
);
172 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
176 r
= unit_name_printf(u
, word
, &k
);
178 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
182 r
= unit_add_dependency_by_name(u
, d
, k
, true, UNIT_DEPENDENCY_FILE
);
184 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add dependency on %s, ignoring: %m", k
);
188 int config_parse_obsolete_unit_deps(
190 const char *filename
,
193 unsigned section_line
,
200 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
201 "Unit dependency type %s= is obsolete, replacing by %s=, please update your unit file", lvalue
, unit_dependency_to_string(ltype
));
203 return config_parse_unit_deps(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, data
, userdata
);
206 int config_parse_unit_string_printf(
208 const char *filename
,
211 unsigned section_line
,
218 _cleanup_free_
char *k
= NULL
;
219 const Unit
*u
= userdata
;
227 r
= unit_full_printf(u
, rvalue
, &k
);
229 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
233 return config_parse_string(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
236 int config_parse_unit_strv_printf(
238 const char *filename
,
241 unsigned section_line
,
248 const Unit
*u
= userdata
;
249 _cleanup_free_
char *k
= NULL
;
257 r
= unit_full_printf(u
, rvalue
, &k
);
259 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
263 return config_parse_strv(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
266 int config_parse_unit_path_printf(
268 const char *filename
,
271 unsigned section_line
,
278 _cleanup_free_
char *k
= NULL
;
279 const Unit
*u
= userdata
;
288 /* Let's not bother with anything that is too long */
289 if (strlen(rvalue
) >= PATH_MAX
) {
290 log_syntax(unit
, fatal
? LOG_ERR
: LOG_WARNING
, filename
, line
, 0,
291 "%s value too long%s.",
292 lvalue
, fatal
? "" : ", ignoring");
293 return fatal
? -ENAMETOOLONG
: 0;
296 r
= unit_full_printf(u
, rvalue
, &k
);
298 log_syntax(unit
, fatal
? LOG_ERR
: LOG_WARNING
, filename
, line
, r
,
299 "Failed to resolve unit specifiers in '%s'%s: %m",
300 rvalue
, fatal
? "" : ", ignoring");
301 return fatal
? -ENOEXEC
: 0;
304 return config_parse_path(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
307 int config_parse_unit_path_strv_printf(
309 const char *filename
,
312 unsigned section_line
,
320 const Unit
*u
= userdata
;
328 if (isempty(rvalue
)) {
333 for (const char *p
= rvalue
;;) {
334 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
336 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
342 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
343 "Invalid syntax, ignoring: %s", rvalue
);
347 r
= unit_full_printf(u
, word
, &k
);
349 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
350 "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
354 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
358 r
= strv_consume(x
, TAKE_PTR(k
));
364 static int patch_var_run(
366 const char *filename
,
374 e
= path_startswith(*path
, "/var/run/");
378 z
= path_join("/run/", e
);
382 log_syntax(unit
, LOG_NOTICE
, filename
, line
, 0,
383 "%s= references a path below legacy directory /var/run/, updating %s → %s; "
384 "please update the unit file accordingly.", lvalue
, *path
, z
);
386 free_and_replace(*path
, z
);
391 int config_parse_socket_listen(
393 const char *filename
,
396 unsigned section_line
,
403 _cleanup_free_ SocketPort
*p
= NULL
;
415 if (isempty(rvalue
)) {
416 /* An empty assignment removes all ports */
417 socket_free_ports(s
);
421 p
= new0(SocketPort
, 1);
425 if (ltype
!= SOCKET_SOCKET
) {
426 _cleanup_free_
char *k
= NULL
;
428 r
= unit_full_printf(UNIT(s
), rvalue
, &k
);
430 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
434 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
438 if (ltype
== SOCKET_FIFO
) {
439 r
= patch_var_run(unit
, filename
, line
, lvalue
, &k
);
444 free_and_replace(p
->path
, k
);
447 } else if (streq(lvalue
, "ListenNetlink")) {
448 _cleanup_free_
char *k
= NULL
;
450 r
= unit_full_printf(UNIT(s
), rvalue
, &k
);
452 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
456 r
= socket_address_parse_netlink(&p
->address
, k
);
458 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse address value in '%s', ignoring: %m", k
);
462 p
->type
= SOCKET_SOCKET
;
465 _cleanup_free_
char *k
= NULL
;
467 r
= unit_full_printf(UNIT(s
), rvalue
, &k
);
469 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
473 if (k
[0] == '/') { /* Only for AF_UNIX file system sockets… */
474 r
= patch_var_run(unit
, filename
, line
, lvalue
, &k
);
479 r
= socket_address_parse_and_warn(&p
->address
, k
);
481 if (r
!= -EAFNOSUPPORT
)
482 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse address value in '%s', ignoring: %m", k
);
486 if (streq(lvalue
, "ListenStream"))
487 p
->address
.type
= SOCK_STREAM
;
488 else if (streq(lvalue
, "ListenDatagram"))
489 p
->address
.type
= SOCK_DGRAM
;
491 assert(streq(lvalue
, "ListenSequentialPacket"));
492 p
->address
.type
= SOCK_SEQPACKET
;
495 if (socket_address_family(&p
->address
) != AF_LOCAL
&& p
->address
.type
== SOCK_SEQPACKET
) {
496 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Address family not supported, ignoring: %s", rvalue
);
500 p
->type
= SOCKET_SOCKET
;
504 p
->auxiliary_fds
= NULL
;
505 p
->n_auxiliary_fds
= 0;
508 LIST_FIND_TAIL(port
, s
->ports
, tail
);
509 LIST_INSERT_AFTER(port
, s
->ports
, tail
, p
);
516 int config_parse_exec_nice(
518 const char *filename
,
521 unsigned section_line
,
528 ExecContext
*c
= data
;
536 if (isempty(rvalue
)) {
541 r
= parse_nice(rvalue
, &priority
);
544 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Nice priority out of range, ignoring: %s", rvalue
);
546 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse nice priority '%s', ignoring: %m", rvalue
);
556 int config_parse_exec_oom_score_adjust(
558 const char *filename
,
561 unsigned section_line
,
568 ExecContext
*c
= data
;
576 if (isempty(rvalue
)) {
577 c
->oom_score_adjust_set
= false;
581 r
= parse_oom_score_adjust(rvalue
, &oa
);
584 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "OOM score adjust value out of range, ignoring: %s", rvalue
);
586 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse the OOM score adjust value '%s', ignoring: %m", rvalue
);
590 c
->oom_score_adjust
= oa
;
591 c
->oom_score_adjust_set
= true;
596 int config_parse_exec_coredump_filter(
598 const char *filename
,
601 unsigned section_line
,
608 ExecContext
*c
= data
;
616 if (isempty(rvalue
)) {
617 c
->coredump_filter
= 0;
618 c
->coredump_filter_set
= false;
623 r
= coredump_filter_mask_from_string(rvalue
, &f
);
625 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
626 "Failed to parse the CoredumpFilter=%s, ignoring: %m", rvalue
);
630 c
->coredump_filter
|= f
;
631 c
->oom_score_adjust_set
= true;
635 int config_parse_kill_mode(
637 const char *filename
,
640 unsigned section_line
,
647 KillMode
*k
= data
, m
;
654 if (isempty(rvalue
)) {
655 *k
= KILL_CONTROL_GROUP
;
659 m
= kill_mode_from_string(rvalue
);
661 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
662 "Failed to parse kill mode specification, ignoring: %s", rvalue
);
667 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
668 "Unit configured to use KillMode=none. "
669 "This is unsafe, as it disables systemd's process lifecycle management for the service. "
670 "Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. "
671 "Support for KillMode=none is deprecated and will eventually be removed.");
677 int config_parse_exec(
679 const char *filename
,
682 unsigned section_line
,
689 ExecCommand
**e
= data
;
690 const Unit
*u
= userdata
;
702 if (isempty(rvalue
)) {
703 /* An empty assignment resets the list */
704 *e
= exec_command_free_list(*e
);
710 _cleanup_free_
char *path
= NULL
, *firstword
= NULL
;
711 ExecCommandFlags flags
= 0;
712 bool ignore
= false, separate_argv0
= false;
713 _cleanup_free_ ExecCommand
*nce
= NULL
;
714 _cleanup_strv_free_
char **n
= NULL
;
715 size_t nlen
= 0, nbufsize
= 0;
720 r
= extract_first_word_and_warn(&p
, &firstword
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_CUNESCAPE
, unit
, filename
, line
, rvalue
);
726 /* We accept an absolute path as first argument. If it's prefixed with - and the path doesn't
727 * exist, we ignore it instead of erroring out; if it's prefixed with @, we allow overriding of
728 * argv[0]; if it's prefixed with :, we will not do environment variable substitution;
729 * if it's prefixed with +, it will be run with full privileges and no sandboxing; if
730 * it's prefixed with '!' we apply sandboxing, but do not change user/group credentials; if
731 * it's prefixed with '!!', then we apply user/group credentials if the kernel supports ambient
732 * capabilities -- if it doesn't we don't apply the credentials themselves, but do apply most
733 * other sandboxing, with some special exceptions for changing UID.
735 * The idea is that '!!' may be used to write services that can take benefit of systemd's
736 * UID/GID dropping if the kernel supports ambient creds, but provide an automatic fallback to
737 * privilege dropping within the daemon if the kernel does not offer that. */
739 if (*f
== '-' && !(flags
& EXEC_COMMAND_IGNORE_FAILURE
)) {
740 flags
|= EXEC_COMMAND_IGNORE_FAILURE
;
742 } else if (*f
== '@' && !separate_argv0
)
743 separate_argv0
= true;
744 else if (*f
== ':' && !(flags
& EXEC_COMMAND_NO_ENV_EXPAND
))
745 flags
|= EXEC_COMMAND_NO_ENV_EXPAND
;
746 else if (*f
== '+' && !(flags
& (EXEC_COMMAND_FULLY_PRIVILEGED
|EXEC_COMMAND_NO_SETUID
|EXEC_COMMAND_AMBIENT_MAGIC
)))
747 flags
|= EXEC_COMMAND_FULLY_PRIVILEGED
;
748 else if (*f
== '!' && !(flags
& (EXEC_COMMAND_FULLY_PRIVILEGED
|EXEC_COMMAND_NO_SETUID
|EXEC_COMMAND_AMBIENT_MAGIC
)))
749 flags
|= EXEC_COMMAND_NO_SETUID
;
750 else if (*f
== '!' && !(flags
& (EXEC_COMMAND_FULLY_PRIVILEGED
|EXEC_COMMAND_AMBIENT_MAGIC
))) {
751 flags
&= ~EXEC_COMMAND_NO_SETUID
;
752 flags
|= EXEC_COMMAND_AMBIENT_MAGIC
;
758 r
= unit_full_printf(u
, f
, &path
);
760 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
761 "Failed to resolve unit specifiers in '%s'%s: %m",
762 f
, ignore
? ", ignoring" : "");
763 return ignore
? 0 : -ENOEXEC
;
767 /* First word is either "-" or "@" with no command. */
768 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
769 "Empty path in command line%s: '%s'",
770 ignore
? ", ignoring" : "", rvalue
);
771 return ignore
? 0 : -ENOEXEC
;
773 if (!string_is_safe(path
)) {
774 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
775 "Executable name contains special characters%s: %s",
776 ignore
? ", ignoring" : "", path
);
777 return ignore
? 0 : -ENOEXEC
;
779 if (endswith(path
, "/")) {
780 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
781 "Executable path specifies a directory%s: %s",
782 ignore
? ", ignoring" : "", path
);
783 return ignore
? 0 : -ENOEXEC
;
786 if (!path_is_absolute(path
)) {
790 if (!filename_is_valid(path
)) {
791 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
792 "Neither a valid executable name nor an absolute path%s: %s",
793 ignore
? ", ignoring" : "", path
);
794 return ignore
? 0 : -ENOEXEC
;
797 /* Resolve a single-component name to a full path */
798 NULSTR_FOREACH(prefix
, DEFAULT_PATH_NULSTR
) {
799 _cleanup_free_
char *fullpath
= NULL
;
801 fullpath
= path_join(prefix
, path
);
805 if (access(fullpath
, F_OK
) >= 0) {
806 free_and_replace(path
, fullpath
);
813 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
814 "Executable \"%s\" not found in path \"%s\"%s",
815 path
, DEFAULT_PATH
, ignore
? ", ignoring" : "");
816 return ignore
? 0 : -ENOEXEC
;
820 if (!separate_argv0
) {
823 if (!GREEDY_REALLOC(n
, nbufsize
, nlen
+ 2))
833 path_simplify(path
, false);
835 while (!isempty(p
)) {
836 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
;
838 /* Check explicitly for an unquoted semicolon as
839 * command separator token. */
840 if (p
[0] == ';' && (!p
[1] || strchr(WHITESPACE
, p
[1]))) {
842 p
+= strspn(p
, WHITESPACE
);
847 /* Check for \; explicitly, to not confuse it with \\; or "\;" or "\\;" etc.
848 * extract_first_word() would return the same for all of those. */
849 if (p
[0] == '\\' && p
[1] == ';' && (!p
[2] || strchr(WHITESPACE
, p
[2]))) {
853 p
+= strspn(p
, WHITESPACE
);
855 if (!GREEDY_REALLOC(n
, nbufsize
, nlen
+ 2))
866 r
= extract_first_word_and_warn(&p
, &word
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_CUNESCAPE
, unit
, filename
, line
, rvalue
);
870 return ignore
? 0 : -ENOEXEC
;
872 r
= unit_full_printf(u
, word
, &resolved
);
874 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
875 "Failed to resolve unit specifiers in %s%s: %m",
876 word
, ignore
? ", ignoring" : "");
877 return ignore
? 0 : -ENOEXEC
;
880 if (!GREEDY_REALLOC(n
, nbufsize
, nlen
+ 2))
883 n
[nlen
++] = TAKE_PTR(resolved
);
888 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
889 "Empty executable name or zeroeth argument%s: %s",
890 ignore
? ", ignoring" : "", rvalue
);
891 return ignore
? 0 : -ENOEXEC
;
894 nce
= new0(ExecCommand
, 1);
898 nce
->argv
= TAKE_PTR(n
);
899 nce
->path
= TAKE_PTR(path
);
902 exec_command_append_list(e
, nce
);
904 /* Do not _cleanup_free_ these. */
913 int config_parse_socket_bindtodevice(
915 const char *filename
,
918 unsigned section_line
,
932 if (isempty(rvalue
) || streq(rvalue
, "*")) {
933 s
->bind_to_device
= mfree(s
->bind_to_device
);
937 if (!ifname_valid(rvalue
)) {
938 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid interface name, ignoring: %s", rvalue
);
942 if (free_and_strdup(&s
->bind_to_device
, rvalue
) < 0)
948 int config_parse_exec_input(
950 const char *filename
,
953 unsigned section_line
,
960 ExecContext
*c
= data
;
961 const Unit
*u
= userdata
;
971 n
= startswith(rvalue
, "fd:");
973 _cleanup_free_
char *resolved
= NULL
;
975 r
= unit_full_printf(u
, n
, &resolved
);
977 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", n
);
981 if (isempty(resolved
))
982 resolved
= mfree(resolved
);
983 else if (!fdname_is_valid(resolved
)) {
984 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid file descriptor name, ignoring: %s", resolved
);
988 free_and_replace(c
->stdio_fdname
[STDIN_FILENO
], resolved
);
990 ei
= EXEC_INPUT_NAMED_FD
;
992 } else if ((n
= startswith(rvalue
, "file:"))) {
993 _cleanup_free_
char *resolved
= NULL
;
995 r
= unit_full_printf(u
, n
, &resolved
);
997 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", n
);
1001 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
1005 free_and_replace(c
->stdio_file
[STDIN_FILENO
], resolved
);
1007 ei
= EXEC_INPUT_FILE
;
1010 ei
= exec_input_from_string(rvalue
);
1012 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Failed to parse input specifier, ignoring: %s", rvalue
);
1021 int config_parse_exec_input_text(
1023 const char *filename
,
1025 const char *section
,
1026 unsigned section_line
,
1033 _cleanup_free_
char *unescaped
= NULL
, *resolved
= NULL
;
1034 ExecContext
*c
= data
;
1035 const Unit
*u
= userdata
;
1045 if (isempty(rvalue
)) {
1046 /* Reset if the empty string is assigned */
1047 c
->stdin_data
= mfree(c
->stdin_data
);
1048 c
->stdin_data_size
= 0;
1052 r
= cunescape(rvalue
, 0, &unescaped
);
1054 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1055 "Failed to decode C escaped text '%s', ignoring: %m", rvalue
);
1059 r
= unit_full_printf(u
, unescaped
, &resolved
);
1061 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1062 "Failed to resolve unit specifiers in '%s', ignoring: %m", unescaped
);
1066 sz
= strlen(resolved
);
1067 if (c
->stdin_data_size
+ sz
+ 1 < c
->stdin_data_size
|| /* check for overflow */
1068 c
->stdin_data_size
+ sz
+ 1 > EXEC_STDIN_DATA_MAX
) {
1069 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1070 "Standard input data too large (%zu), maximum of %zu permitted, ignoring.",
1071 c
->stdin_data_size
+ sz
, (size_t) EXEC_STDIN_DATA_MAX
);
1075 p
= realloc(c
->stdin_data
, c
->stdin_data_size
+ sz
+ 1);
1079 *((char*) mempcpy((char*) p
+ c
->stdin_data_size
, resolved
, sz
)) = '\n';
1082 c
->stdin_data_size
+= sz
+ 1;
1087 int config_parse_exec_input_data(
1089 const char *filename
,
1091 const char *section
,
1092 unsigned section_line
,
1099 _cleanup_free_
void *p
= NULL
;
1100 ExecContext
*c
= data
;
1110 if (isempty(rvalue
)) {
1111 /* Reset if the empty string is assigned */
1112 c
->stdin_data
= mfree(c
->stdin_data
);
1113 c
->stdin_data_size
= 0;
1117 r
= unbase64mem(rvalue
, (size_t) -1, &p
, &sz
);
1119 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1120 "Failed to decode base64 data, ignoring: %s", rvalue
);
1126 if (c
->stdin_data_size
+ sz
< c
->stdin_data_size
|| /* check for overflow */
1127 c
->stdin_data_size
+ sz
> EXEC_STDIN_DATA_MAX
) {
1128 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1129 "Standard input data too large (%zu), maximum of %zu permitted, ignoring.",
1130 c
->stdin_data_size
+ sz
, (size_t) EXEC_STDIN_DATA_MAX
);
1134 q
= realloc(c
->stdin_data
, c
->stdin_data_size
+ sz
);
1138 memcpy((uint8_t*) q
+ c
->stdin_data_size
, p
, sz
);
1141 c
->stdin_data_size
+= sz
;
1146 int config_parse_exec_output(
1148 const char *filename
,
1150 const char *section
,
1151 unsigned section_line
,
1158 _cleanup_free_
char *resolved
= NULL
;
1160 ExecContext
*c
= data
;
1161 const Unit
*u
= userdata
;
1162 bool obsolete
= false;
1172 n
= startswith(rvalue
, "fd:");
1174 r
= unit_full_printf(u
, n
, &resolved
);
1176 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", n
);
1180 if (isempty(resolved
))
1181 resolved
= mfree(resolved
);
1182 else if (!fdname_is_valid(resolved
)) {
1183 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid file descriptor name, ignoring: %s", resolved
);
1187 eo
= EXEC_OUTPUT_NAMED_FD
;
1189 } else if (streq(rvalue
, "syslog")) {
1190 eo
= EXEC_OUTPUT_JOURNAL
;
1193 } else if (streq(rvalue
, "syslog+console")) {
1194 eo
= EXEC_OUTPUT_JOURNAL_AND_CONSOLE
;
1197 } else if ((n
= startswith(rvalue
, "file:"))) {
1199 r
= unit_full_printf(u
, n
, &resolved
);
1201 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", n
);
1205 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
1209 eo
= EXEC_OUTPUT_FILE
;
1211 } else if ((n
= startswith(rvalue
, "append:"))) {
1213 r
= unit_full_printf(u
, n
, &resolved
);
1215 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", n
);
1219 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
1223 eo
= EXEC_OUTPUT_FILE_APPEND
;
1225 eo
= exec_output_from_string(rvalue
);
1227 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Failed to parse output specifier, ignoring: %s", rvalue
);
1233 log_syntax(unit
, LOG_NOTICE
, filename
, line
, 0,
1234 "Standard output type %s is obsolete, automatically updating to %s. Please update your unit file, and consider removing the setting altogether.",
1235 rvalue
, exec_output_to_string(eo
));
1237 if (streq(lvalue
, "StandardOutput")) {
1238 if (eo
== EXEC_OUTPUT_NAMED_FD
)
1239 free_and_replace(c
->stdio_fdname
[STDOUT_FILENO
], resolved
);
1241 free_and_replace(c
->stdio_file
[STDOUT_FILENO
], resolved
);
1246 assert(streq(lvalue
, "StandardError"));
1248 if (eo
== EXEC_OUTPUT_NAMED_FD
)
1249 free_and_replace(c
->stdio_fdname
[STDERR_FILENO
], resolved
);
1251 free_and_replace(c
->stdio_file
[STDERR_FILENO
], resolved
);
1259 int config_parse_exec_io_class(const char *unit
,
1260 const char *filename
,
1262 const char *section
,
1263 unsigned section_line
,
1270 ExecContext
*c
= data
;
1278 if (isempty(rvalue
)) {
1279 c
->ioprio_set
= false;
1280 c
->ioprio
= IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE
, 0);
1284 x
= ioprio_class_from_string(rvalue
);
1286 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Failed to parse IO scheduling class, ignoring: %s", rvalue
);
1290 c
->ioprio
= IOPRIO_PRIO_VALUE(x
, IOPRIO_PRIO_DATA(c
->ioprio
));
1291 c
->ioprio_set
= true;
1296 int config_parse_exec_io_priority(const char *unit
,
1297 const char *filename
,
1299 const char *section
,
1300 unsigned section_line
,
1307 ExecContext
*c
= data
;
1315 if (isempty(rvalue
)) {
1316 c
->ioprio_set
= false;
1317 c
->ioprio
= IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE
, 0);
1321 r
= ioprio_parse_priority(rvalue
, &i
);
1323 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse IO priority, ignoring: %s", rvalue
);
1327 c
->ioprio
= IOPRIO_PRIO_VALUE(IOPRIO_PRIO_CLASS(c
->ioprio
), i
);
1328 c
->ioprio_set
= true;
1333 int config_parse_exec_cpu_sched_policy(const char *unit
,
1334 const char *filename
,
1336 const char *section
,
1337 unsigned section_line
,
1344 ExecContext
*c
= data
;
1352 if (isempty(rvalue
)) {
1353 c
->cpu_sched_set
= false;
1354 c
->cpu_sched_policy
= SCHED_OTHER
;
1355 c
->cpu_sched_priority
= 0;
1359 x
= sched_policy_from_string(rvalue
);
1361 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Failed to parse CPU scheduling policy, ignoring: %s", rvalue
);
1365 c
->cpu_sched_policy
= x
;
1366 /* Moving to or from real-time policy? We need to adjust the priority */
1367 c
->cpu_sched_priority
= CLAMP(c
->cpu_sched_priority
, sched_get_priority_min(x
), sched_get_priority_max(x
));
1368 c
->cpu_sched_set
= true;
1373 int config_parse_numa_mask(const char *unit
,
1374 const char *filename
,
1376 const char *section
,
1377 unsigned section_line
,
1384 NUMAPolicy
*p
= data
;
1391 if (streq(rvalue
, "all")) {
1392 r
= numa_mask_add_all(&p
->nodes
);
1394 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1395 "Failed to create NUMA mask representing \"all\" NUMA nodes, ignoring: %m");
1397 r
= parse_cpu_set_extend(rvalue
, &p
->nodes
, true, unit
, filename
, line
, lvalue
);
1399 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse NUMA node mask, ignoring: %s", rvalue
);
1405 int config_parse_exec_cpu_sched_prio(const char *unit
,
1406 const char *filename
,
1408 const char *section
,
1409 unsigned section_line
,
1416 ExecContext
*c
= data
;
1424 r
= safe_atoi(rvalue
, &i
);
1426 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse CPU scheduling priority, ignoring: %s", rvalue
);
1430 /* On Linux RR/FIFO range from 1 to 99 and OTHER/BATCH may only be 0 */
1431 min
= sched_get_priority_min(c
->cpu_sched_policy
);
1432 max
= sched_get_priority_max(c
->cpu_sched_policy
);
1434 if (i
< min
|| i
> max
) {
1435 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "CPU scheduling priority is out of range, ignoring: %s", rvalue
);
1439 c
->cpu_sched_priority
= i
;
1440 c
->cpu_sched_set
= true;
1445 int config_parse_root_image_options(
1447 const char *filename
,
1449 const char *section
,
1450 unsigned section_line
,
1457 _cleanup_(mount_options_free_allp
) MountOptions
*options
= NULL
;
1458 _cleanup_strv_free_
char **l
= NULL
;
1459 char **first
= NULL
, **second
= NULL
;
1460 ExecContext
*c
= data
;
1461 const Unit
*u
= userdata
;
1469 if (isempty(rvalue
)) {
1470 c
->root_image_options
= mount_options_free_all(c
->root_image_options
);
1474 r
= strv_split_colon_pairs(&l
, rvalue
);
1478 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s, ignoring: %s", lvalue
, rvalue
);
1482 STRV_FOREACH_PAIR(first
, second
, l
) {
1483 MountOptions
*o
= NULL
;
1484 _cleanup_free_
char *mount_options_resolved
= NULL
;
1485 const char *mount_options
= NULL
, *partition
= "root";
1486 PartitionDesignator partition_designator
;
1488 /* Format is either 'root:foo' or 'foo' (root is implied) */
1489 if (!isempty(*second
)) {
1491 mount_options
= *second
;
1493 mount_options
= *first
;
1495 partition_designator
= partition_designator_from_string(partition
);
1496 if (partition_designator
< 0) {
1497 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid partition name %s, ignoring", partition
);
1500 r
= unit_full_printf(u
, mount_options
, &mount_options_resolved
);
1502 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options
);
1506 o
= new(MountOptions
, 1);
1509 *o
= (MountOptions
) {
1510 .partition_designator
= partition_designator
,
1511 .options
= TAKE_PTR(mount_options_resolved
),
1513 LIST_APPEND(mount_options
, options
, TAKE_PTR(o
));
1516 /* empty spaces/separators only */
1517 if (LIST_IS_EMPTY(options
))
1518 c
->root_image_options
= mount_options_free_all(c
->root_image_options
);
1520 LIST_JOIN(mount_options
, c
->root_image_options
, options
);
1525 int config_parse_exec_root_hash(
1527 const char *filename
,
1529 const char *section
,
1530 unsigned section_line
,
1537 _cleanup_free_
void *roothash_decoded
= NULL
;
1538 ExecContext
*c
= data
;
1539 size_t roothash_decoded_size
= 0;
1547 if (isempty(rvalue
)) {
1548 /* Reset if the empty string is assigned */
1549 c
->root_hash_path
= mfree(c
->root_hash_path
);
1550 c
->root_hash
= mfree(c
->root_hash
);
1551 c
->root_hash_size
= 0;
1555 if (path_is_absolute(rvalue
)) {
1556 /* We have the path to a roothash to load and decode, eg: RootHash=/foo/bar.roothash */
1557 _cleanup_free_
char *p
= NULL
;
1563 free_and_replace(c
->root_hash_path
, p
);
1564 c
->root_hash
= mfree(c
->root_hash
);
1565 c
->root_hash_size
= 0;
1569 /* We have a roothash to decode, eg: RootHash=012345789abcdef */
1570 r
= unhexmem(rvalue
, strlen(rvalue
), &roothash_decoded
, &roothash_decoded_size
);
1572 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to decode RootHash=, ignoring: %s", rvalue
);
1575 if (roothash_decoded_size
< sizeof(sd_id128_t
)) {
1576 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "RootHash= is too short, ignoring: %s", rvalue
);
1580 free_and_replace(c
->root_hash
, roothash_decoded
);
1581 c
->root_hash_size
= roothash_decoded_size
;
1582 c
->root_hash_path
= mfree(c
->root_hash_path
);
1587 int config_parse_exec_root_hash_sig(
1589 const char *filename
,
1591 const char *section
,
1592 unsigned section_line
,
1599 _cleanup_free_
void *roothash_sig_decoded
= NULL
;
1601 ExecContext
*c
= data
;
1602 size_t roothash_sig_decoded_size
= 0;
1610 if (isempty(rvalue
)) {
1611 /* Reset if the empty string is assigned */
1612 c
->root_hash_sig_path
= mfree(c
->root_hash_sig_path
);
1613 c
->root_hash_sig
= mfree(c
->root_hash_sig
);
1614 c
->root_hash_sig_size
= 0;
1618 if (path_is_absolute(rvalue
)) {
1619 /* We have the path to a roothash signature to load and decode, eg: RootHashSignature=/foo/bar.roothash.p7s */
1620 _cleanup_free_
char *p
= NULL
;
1626 free_and_replace(c
->root_hash_sig_path
, p
);
1627 c
->root_hash_sig
= mfree(c
->root_hash_sig
);
1628 c
->root_hash_sig_size
= 0;
1632 if (!(value
= startswith(rvalue
, "base64:"))) {
1633 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1634 "Failed to decode RootHashSignature=, not a path but doesn't start with 'base64:', ignoring: %s", rvalue
);
1638 /* We have a roothash signature to decode, eg: RootHashSignature=base64:012345789abcdef */
1639 r
= unbase64mem(value
, strlen(value
), &roothash_sig_decoded
, &roothash_sig_decoded_size
);
1641 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to decode RootHashSignature=, ignoring: %s", rvalue
);
1645 free_and_replace(c
->root_hash_sig
, roothash_sig_decoded
);
1646 c
->root_hash_sig_size
= roothash_sig_decoded_size
;
1647 c
->root_hash_sig_path
= mfree(c
->root_hash_sig_path
);
1652 int config_parse_exec_cpu_affinity(const char *unit
,
1653 const char *filename
,
1655 const char *section
,
1656 unsigned section_line
,
1663 ExecContext
*c
= data
;
1671 if (streq(rvalue
, "numa")) {
1672 c
->cpu_affinity_from_numa
= true;
1673 cpu_set_reset(&c
->cpu_set
);
1678 r
= parse_cpu_set_extend(rvalue
, &c
->cpu_set
, true, unit
, filename
, line
, lvalue
);
1680 c
->cpu_affinity_from_numa
= false;
1685 int config_parse_capability_set(
1687 const char *filename
,
1689 const char *section
,
1690 unsigned section_line
,
1697 uint64_t *capability_set
= data
;
1698 uint64_t sum
= 0, initial
= 0;
1699 bool invert
= false;
1707 if (rvalue
[0] == '~') {
1712 if (streq(lvalue
, "CapabilityBoundingSet"))
1713 initial
= CAP_ALL
; /* initialized to all bits on */
1714 /* else "AmbientCapabilities" initialized to all bits off */
1716 r
= capability_set_from_string(rvalue
, &sum
);
1718 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s= specifier '%s', ignoring: %m", lvalue
, rvalue
);
1722 if (sum
== 0 || *capability_set
== initial
)
1723 /* "", "~" or uninitialized data -> replace */
1724 *capability_set
= invert
? ~sum
: sum
;
1726 /* previous data -> merge */
1728 *capability_set
&= ~sum
;
1730 *capability_set
|= sum
;
1736 int config_parse_exec_selinux_context(
1738 const char *filename
,
1740 const char *section
,
1741 unsigned section_line
,
1748 ExecContext
*c
= data
;
1749 const Unit
*u
= userdata
;
1759 if (isempty(rvalue
)) {
1760 c
->selinux_context
= mfree(c
->selinux_context
);
1761 c
->selinux_context_ignore
= false;
1765 if (rvalue
[0] == '-') {
1771 r
= unit_full_printf(u
, rvalue
, &k
);
1773 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
1774 "Failed to resolve unit specifiers in '%s'%s: %m",
1775 rvalue
, ignore
? ", ignoring" : "");
1776 return ignore
? 0 : -ENOEXEC
;
1779 free_and_replace(c
->selinux_context
, k
);
1780 c
->selinux_context_ignore
= ignore
;
1785 int config_parse_exec_apparmor_profile(
1787 const char *filename
,
1789 const char *section
,
1790 unsigned section_line
,
1797 ExecContext
*c
= data
;
1798 const Unit
*u
= userdata
;
1808 if (isempty(rvalue
)) {
1809 c
->apparmor_profile
= mfree(c
->apparmor_profile
);
1810 c
->apparmor_profile_ignore
= false;
1814 if (rvalue
[0] == '-') {
1820 r
= unit_full_printf(u
, rvalue
, &k
);
1822 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
1823 "Failed to resolve unit specifiers in '%s'%s: %m",
1824 rvalue
, ignore
? ", ignoring" : "");
1825 return ignore
? 0 : -ENOEXEC
;
1828 free_and_replace(c
->apparmor_profile
, k
);
1829 c
->apparmor_profile_ignore
= ignore
;
1834 int config_parse_exec_smack_process_label(
1836 const char *filename
,
1838 const char *section
,
1839 unsigned section_line
,
1846 ExecContext
*c
= data
;
1847 const Unit
*u
= userdata
;
1857 if (isempty(rvalue
)) {
1858 c
->smack_process_label
= mfree(c
->smack_process_label
);
1859 c
->smack_process_label_ignore
= false;
1863 if (rvalue
[0] == '-') {
1869 r
= unit_full_printf(u
, rvalue
, &k
);
1871 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
1872 "Failed to resolve unit specifiers in '%s'%s: %m",
1873 rvalue
, ignore
? ", ignoring" : "");
1874 return ignore
? 0 : -ENOEXEC
;
1877 free_and_replace(c
->smack_process_label
, k
);
1878 c
->smack_process_label_ignore
= ignore
;
1883 int config_parse_timer(
1885 const char *filename
,
1887 const char *section
,
1888 unsigned section_line
,
1895 _cleanup_(calendar_spec_freep
) CalendarSpec
*c
= NULL
;
1896 _cleanup_free_
char *k
= NULL
;
1897 const Unit
*u
= userdata
;
1908 if (isempty(rvalue
)) {
1909 /* Empty assignment resets list */
1910 timer_free_values(t
);
1914 r
= unit_full_printf(u
, rvalue
, &k
);
1916 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
1920 if (ltype
== TIMER_CALENDAR
) {
1921 r
= calendar_spec_from_string(k
, &c
);
1923 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse calendar specification, ignoring: %s", k
);
1927 r
= parse_sec(k
, &usec
);
1929 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse timer value, ignoring: %s", k
);
1934 v
= new(TimerValue
, 1);
1941 .calendar_spec
= TAKE_PTR(c
),
1944 LIST_PREPEND(value
, t
->values
, v
);
1949 int config_parse_trigger_unit(
1951 const char *filename
,
1953 const char *section
,
1954 unsigned section_line
,
1961 _cleanup_free_
char *p
= NULL
;
1971 if (!hashmap_isempty(u
->dependencies
[UNIT_TRIGGERS
])) {
1972 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Multiple units to trigger specified, ignoring: %s", rvalue
);
1976 r
= unit_name_printf(u
, rvalue
, &p
);
1978 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
1982 type
= unit_name_to_type(p
);
1984 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Unit type not valid, ignoring: %s", rvalue
);
1987 if (unit_has_name(u
, p
)) {
1988 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Units cannot trigger themselves, ignoring: %s", rvalue
);
1992 r
= unit_add_two_dependencies_by_name(u
, UNIT_BEFORE
, UNIT_TRIGGERS
, p
, true, UNIT_DEPENDENCY_FILE
);
1994 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add trigger on %s, ignoring: %m", p
);
2001 int config_parse_path_spec(const char *unit
,
2002 const char *filename
,
2004 const char *section
,
2005 unsigned section_line
,
2015 _cleanup_free_
char *k
= NULL
;
2023 if (isempty(rvalue
)) {
2024 /* Empty assignment clears list */
2029 b
= path_type_from_string(lvalue
);
2031 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Failed to parse path type, ignoring: %s", lvalue
);
2035 r
= unit_full_printf(UNIT(p
), rvalue
, &k
);
2037 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2041 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
2045 s
= new0(PathSpec
, 1);
2050 s
->path
= TAKE_PTR(k
);
2054 LIST_PREPEND(spec
, p
->specs
, s
);
2059 int config_parse_socket_service(
2061 const char *filename
,
2063 const char *section
,
2064 unsigned section_line
,
2071 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2072 _cleanup_free_
char *p
= NULL
;
2082 r
= unit_name_printf(UNIT(s
), rvalue
, &p
);
2084 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2088 if (!endswith(p
, ".service")) {
2089 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Unit must be of type service, ignoring: %s", rvalue
);
2093 r
= manager_load_unit(UNIT(s
)->manager
, p
, NULL
, &error
, &x
);
2095 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to load unit %s, ignoring: %s", rvalue
, bus_error_message(&error
, r
));
2099 unit_ref_set(&s
->service
, UNIT(s
), x
);
2104 int config_parse_fdname(
2106 const char *filename
,
2108 const char *section
,
2109 unsigned section_line
,
2116 _cleanup_free_
char *p
= NULL
;
2125 if (isempty(rvalue
)) {
2126 s
->fdname
= mfree(s
->fdname
);
2130 r
= unit_full_printf(UNIT(s
), rvalue
, &p
);
2132 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
2136 if (!fdname_is_valid(p
)) {
2137 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid file descriptor name, ignoring: %s", p
);
2141 return free_and_replace(s
->fdname
, p
);
2144 int config_parse_service_sockets(
2146 const char *filename
,
2148 const char *section
,
2149 unsigned section_line
,
2164 for (const char *p
= rvalue
;;) {
2165 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2167 r
= extract_first_word(&p
, &word
, NULL
, 0);
2173 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Trailing garbage in sockets, ignoring: %s", rvalue
);
2177 r
= unit_name_printf(UNIT(s
), word
, &k
);
2179 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
2183 if (!endswith(k
, ".socket")) {
2184 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Unit must be of type socket, ignoring: %s", k
);
2188 r
= unit_add_two_dependencies_by_name(UNIT(s
), UNIT_WANTS
, UNIT_AFTER
, k
, true, UNIT_DEPENDENCY_FILE
);
2190 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add dependency on %s, ignoring: %m", k
);
2192 r
= unit_add_dependency_by_name(UNIT(s
), UNIT_TRIGGERED_BY
, k
, true, UNIT_DEPENDENCY_FILE
);
2194 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add dependency on %s, ignoring: %m", k
);
2198 int config_parse_bus_name(
2200 const char *filename
,
2202 const char *section
,
2203 unsigned section_line
,
2210 _cleanup_free_
char *k
= NULL
;
2211 const Unit
*u
= userdata
;
2219 r
= unit_full_printf(u
, rvalue
, &k
);
2221 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2225 if (!sd_bus_service_name_is_valid(k
)) {
2226 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid bus name, ignoring: %s", k
);
2230 return config_parse_string(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
2233 int config_parse_service_timeout(
2235 const char *filename
,
2237 const char *section
,
2238 unsigned section_line
,
2245 Service
*s
= userdata
;
2254 /* This is called for two cases: TimeoutSec= and TimeoutStartSec=. */
2256 /* Traditionally, these options accepted 0 to disable the timeouts. However, a timeout of 0 suggests it happens
2257 * immediately, hence fix this to become USEC_INFINITY instead. This is in-line with how we internally handle
2258 * all other timeouts. */
2259 r
= parse_sec_fix_0(rvalue
, &usec
);
2261 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s= parameter, ignoring: %s", lvalue
, rvalue
);
2265 s
->start_timeout_defined
= true;
2266 s
->timeout_start_usec
= usec
;
2268 if (streq(lvalue
, "TimeoutSec"))
2269 s
->timeout_stop_usec
= usec
;
2274 int config_parse_timeout_abort(
2276 const char *filename
,
2278 const char *section
,
2279 unsigned section_line
,
2294 /* Note: apart from setting the arg, this returns an extra bit of information in the return value. */
2296 if (isempty(rvalue
)) {
2298 return 0; /* "not set" */
2301 r
= parse_sec(rvalue
, ret
);
2303 return log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s= setting, ignoring: %s", lvalue
, rvalue
);
2305 return 1; /* "set" */
2308 int config_parse_service_timeout_abort(
2310 const char *filename
,
2312 const char *section
,
2313 unsigned section_line
,
2320 Service
*s
= userdata
;
2325 r
= config_parse_timeout_abort(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
,
2326 &s
->timeout_abort_usec
, s
);
2328 s
->timeout_abort_set
= r
;
2332 int config_parse_sec_fix_0(
2334 const char *filename
,
2336 const char *section
,
2337 unsigned section_line
,
2344 usec_t
*usec
= data
;
2352 /* This is pretty much like config_parse_sec(), except that this treats a time of 0 as infinity, for
2353 * compatibility with older versions of systemd where 0 instead of infinity was used as indicator to turn off a
2356 r
= parse_sec_fix_0(rvalue
, usec
);
2358 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s= parameter, ignoring: %s", lvalue
, rvalue
);
2363 int config_parse_user_group_compat(
2365 const char *filename
,
2367 const char *section
,
2368 unsigned section_line
,
2375 _cleanup_free_
char *k
= NULL
;
2377 const Unit
*u
= userdata
;
2385 if (isempty(rvalue
)) {
2386 *user
= mfree(*user
);
2390 r
= unit_full_printf(u
, rvalue
, &k
);
2392 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", rvalue
);
2396 if (!valid_user_group_name(k
, VALID_USER_ALLOW_NUMERIC
|VALID_USER_RELAX
|VALID_USER_WARN
)) {
2397 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Invalid user/group name or numeric ID: %s", k
);
2401 if (strstr(lvalue
, "User") && streq(k
, NOBODY_USER_NAME
))
2402 log_struct(LOG_NOTICE
,
2403 "MESSAGE=%s:%u: Special user %s configured, this is not safe!", filename
, line
, k
,
2405 "MESSAGE_ID=" SD_MESSAGE_NOBODY_USER_UNSUITABLE_STR
,
2406 "OFFENDING_USER=%s", k
,
2407 "CONFIG_FILE=%s", filename
,
2408 "CONFIG_LINE=%u", line
);
2410 return free_and_replace(*user
, k
);
2413 int config_parse_user_group_strv_compat(
2415 const char *filename
,
2417 const char *section
,
2418 unsigned section_line
,
2425 char ***users
= data
;
2426 const Unit
*u
= userdata
;
2434 if (isempty(rvalue
)) {
2435 *users
= strv_free(*users
);
2439 for (const char *p
= rvalue
;;) {
2440 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2442 r
= extract_first_word(&p
, &word
, NULL
, 0);
2448 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Invalid syntax: %s", rvalue
);
2452 r
= unit_full_printf(u
, word
, &k
);
2454 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", word
);
2458 if (!valid_user_group_name(k
, VALID_USER_ALLOW_NUMERIC
|VALID_USER_RELAX
|VALID_USER_WARN
)) {
2459 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Invalid user/group name or numeric ID: %s", k
);
2463 r
= strv_push(users
, k
);
2471 int config_parse_working_directory(
2473 const char *filename
,
2475 const char *section
,
2476 unsigned section_line
,
2483 ExecContext
*c
= data
;
2484 const Unit
*u
= userdata
;
2494 if (isempty(rvalue
)) {
2495 c
->working_directory_home
= false;
2496 c
->working_directory
= mfree(c
->working_directory
);
2500 if (rvalue
[0] == '-') {
2506 if (streq(rvalue
, "~")) {
2507 c
->working_directory_home
= true;
2508 c
->working_directory
= mfree(c
->working_directory
);
2510 _cleanup_free_
char *k
= NULL
;
2512 r
= unit_full_printf(u
, rvalue
, &k
);
2514 log_syntax(unit
, missing_ok
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
2515 "Failed to resolve unit specifiers in working directory path '%s'%s: %m",
2516 rvalue
, missing_ok
? ", ignoring" : "");
2517 return missing_ok
? 0 : -ENOEXEC
;
2520 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
| (missing_ok
? 0 : PATH_CHECK_FATAL
), unit
, filename
, line
, lvalue
);
2522 return missing_ok
? 0 : -ENOEXEC
;
2524 c
->working_directory_home
= false;
2525 free_and_replace(c
->working_directory
, k
);
2528 c
->working_directory_missing_ok
= missing_ok
;
2532 int config_parse_unit_env_file(const char *unit
,
2533 const char *filename
,
2535 const char *section
,
2536 unsigned section_line
,
2544 const Unit
*u
= userdata
;
2545 _cleanup_free_
char *n
= NULL
;
2553 if (isempty(rvalue
)) {
2554 /* Empty assignment frees the list */
2555 *env
= strv_free(*env
);
2559 r
= unit_full_printf(u
, rvalue
, &n
);
2561 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
2565 r
= path_simplify_and_warn(n
[0] == '-' ? n
+ 1 : n
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
2569 r
= strv_push(env
, n
);
2578 int config_parse_environ(
2580 const char *filename
,
2582 const char *section
,
2583 unsigned section_line
,
2590 const Unit
*u
= userdata
;
2599 if (isempty(rvalue
)) {
2600 /* Empty assignment resets the list */
2601 *env
= strv_free(*env
);
2605 for (const char *p
= rvalue
;; ) {
2606 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2608 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_CUNESCAPE
|EXTRACT_UNQUOTE
);
2614 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2615 "Invalid syntax, ignoring: %s", rvalue
);
2620 r
= unit_full_printf(u
, word
, &k
);
2622 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2623 "Failed to resolve unit specifiers in %s, ignoring: %m", word
);
2629 if (!env_assignment_is_valid(k
)) {
2630 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2631 "Invalid environment assignment, ignoring: %s", k
);
2635 r
= strv_env_replace(env
, k
);
2643 int config_parse_pass_environ(
2645 const char *filename
,
2647 const char *section
,
2648 unsigned section_line
,
2655 _cleanup_strv_free_
char **n
= NULL
;
2656 size_t nlen
= 0, nbufsize
= 0;
2657 char*** passenv
= data
;
2658 const Unit
*u
= userdata
;
2666 if (isempty(rvalue
)) {
2667 /* Empty assignment resets the list */
2668 *passenv
= strv_free(*passenv
);
2672 for (const char *p
= rvalue
;;) {
2673 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2675 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
2681 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2682 "Trailing garbage in %s, ignoring: %s", lvalue
, rvalue
);
2687 r
= unit_full_printf(u
, word
, &k
);
2689 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2690 "Failed to resolve specifiers in %s, ignoring: %m", word
);
2696 if (!env_name_is_valid(k
)) {
2697 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2698 "Invalid environment name for %s, ignoring: %s", lvalue
, k
);
2702 if (!GREEDY_REALLOC(n
, nbufsize
, nlen
+ 2))
2705 n
[nlen
++] = TAKE_PTR(k
);
2710 r
= strv_extend_strv(passenv
, n
, true);
2718 int config_parse_unset_environ(
2720 const char *filename
,
2722 const char *section
,
2723 unsigned section_line
,
2730 _cleanup_strv_free_
char **n
= NULL
;
2731 size_t nlen
= 0, nbufsize
= 0;
2732 char*** unsetenv
= data
;
2733 const Unit
*u
= userdata
;
2741 if (isempty(rvalue
)) {
2742 /* Empty assignment resets the list */
2743 *unsetenv
= strv_free(*unsetenv
);
2747 for (const char *p
= rvalue
;;) {
2748 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2750 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_CUNESCAPE
|EXTRACT_UNQUOTE
);
2756 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2757 "Trailing garbage in %s, ignoring: %s", lvalue
, rvalue
);
2762 r
= unit_full_printf(u
, word
, &k
);
2764 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2765 "Failed to resolve unit specifiers in %s, ignoring: %m", word
);
2771 if (!env_assignment_is_valid(k
) && !env_name_is_valid(k
)) {
2772 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2773 "Invalid environment name or assignment %s, ignoring: %s", lvalue
, k
);
2777 if (!GREEDY_REALLOC(n
, nbufsize
, nlen
+ 2))
2780 n
[nlen
++] = TAKE_PTR(k
);
2785 r
= strv_extend_strv(unsetenv
, n
, true);
2793 int config_parse_log_extra_fields(
2795 const char *filename
,
2797 const char *section
,
2798 unsigned section_line
,
2805 ExecContext
*c
= data
;
2806 const Unit
*u
= userdata
;
2814 if (isempty(rvalue
)) {
2815 exec_context_free_log_extra_fields(c
);
2819 for (const char *p
= rvalue
;;) {
2820 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2824 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_CUNESCAPE
|EXTRACT_UNQUOTE
);
2830 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
2834 r
= unit_full_printf(u
, word
, &k
);
2836 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", word
);
2840 eq
= strchr(k
, '=');
2842 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Log field lacks '=' character, ignoring: %s", k
);
2846 if (!journal_field_valid(k
, eq
-k
, false)) {
2847 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Log field name is invalid, ignoring: %s", k
);
2851 t
= reallocarray(c
->log_extra_fields
, c
->n_log_extra_fields
+1, sizeof(struct iovec
));
2855 c
->log_extra_fields
= t
;
2856 c
->log_extra_fields
[c
->n_log_extra_fields
++] = IOVEC_MAKE_STRING(k
);
2862 int config_parse_log_namespace(
2864 const char *filename
,
2866 const char *section
,
2867 unsigned section_line
,
2874 _cleanup_free_
char *k
= NULL
;
2875 ExecContext
*c
= data
;
2876 const Unit
*u
= userdata
;
2884 if (isempty(rvalue
)) {
2885 c
->log_namespace
= mfree(c
->log_namespace
);
2889 r
= unit_full_printf(u
, rvalue
, &k
);
2891 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2895 if (!log_namespace_name_valid(k
)) {
2896 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Specified log namespace name is not valid, ignoring: %s", k
);
2900 free_and_replace(c
->log_namespace
, k
);
2904 int config_parse_unit_condition_path(
2906 const char *filename
,
2908 const char *section
,
2909 unsigned section_line
,
2916 _cleanup_free_
char *p
= NULL
;
2917 Condition
**list
= data
, *c
;
2918 ConditionType t
= ltype
;
2919 bool trigger
, negate
;
2920 const Unit
*u
= userdata
;
2928 if (isempty(rvalue
)) {
2929 /* Empty assignment resets the list */
2930 *list
= condition_free_list(*list
);
2934 trigger
= rvalue
[0] == '|';
2938 negate
= rvalue
[0] == '!';
2942 r
= unit_full_printf(u
, rvalue
, &p
);
2944 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2948 r
= path_simplify_and_warn(p
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
2952 c
= condition_new(t
, p
, trigger
, negate
);
2956 LIST_PREPEND(conditions
, *list
, c
);
2960 int config_parse_unit_condition_string(
2962 const char *filename
,
2964 const char *section
,
2965 unsigned section_line
,
2972 _cleanup_free_
char *s
= NULL
;
2973 Condition
**list
= data
, *c
;
2974 ConditionType t
= ltype
;
2975 bool trigger
, negate
;
2976 const Unit
*u
= userdata
;
2984 if (isempty(rvalue
)) {
2985 /* Empty assignment resets the list */
2986 *list
= condition_free_list(*list
);
2990 trigger
= *rvalue
== '|';
2992 rvalue
+= 1 + strspn(rvalue
+ 1, WHITESPACE
);
2994 negate
= *rvalue
== '!';
2996 rvalue
+= 1 + strspn(rvalue
+ 1, WHITESPACE
);
2998 r
= unit_full_printf(u
, rvalue
, &s
);
3000 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3001 "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
3005 c
= condition_new(t
, s
, trigger
, negate
);
3009 LIST_PREPEND(conditions
, *list
, c
);
3013 int config_parse_unit_requires_mounts_for(
3015 const char *filename
,
3017 const char *section
,
3018 unsigned section_line
,
3033 for (const char *p
= rvalue
;;) {
3034 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
;
3036 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3042 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3043 "Invalid syntax, ignoring: %s", rvalue
);
3047 r
= unit_full_printf(u
, word
, &resolved
);
3049 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
3053 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
3057 r
= unit_require_mounts_for(u
, resolved
, UNIT_DEPENDENCY_FILE
);
3059 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add required mount '%s', ignoring: %m", resolved
);
3065 int config_parse_documentation(const char *unit
,
3066 const char *filename
,
3068 const char *section
,
3069 unsigned section_line
,
3085 if (isempty(rvalue
)) {
3086 /* Empty assignment resets the list */
3087 u
->documentation
= strv_free(u
->documentation
);
3091 r
= config_parse_unit_strv_printf(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
,
3092 rvalue
, data
, userdata
);
3096 for (a
= b
= u
->documentation
; a
&& *a
; a
++) {
3098 if (documentation_url_is_valid(*a
))
3101 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid URL, ignoring: %s", *a
);
3112 int config_parse_syscall_filter(
3114 const char *filename
,
3116 const char *section
,
3117 unsigned section_line
,
3124 ExecContext
*c
= data
;
3125 _unused_
const Unit
*u
= userdata
;
3126 bool invert
= false;
3134 if (isempty(rvalue
)) {
3135 /* Empty assignment resets the list */
3136 c
->syscall_filter
= hashmap_free(c
->syscall_filter
);
3137 c
->syscall_allow_list
= false;
3141 if (rvalue
[0] == '~') {
3146 if (!c
->syscall_filter
) {
3147 c
->syscall_filter
= hashmap_new(NULL
);
3148 if (!c
->syscall_filter
)
3152 /* Allow everything but the ones listed */
3153 c
->syscall_allow_list
= false;
3155 /* Allow nothing but the ones listed */
3156 c
->syscall_allow_list
= true;
3158 /* Accept default syscalls if we are on a allow_list */
3159 r
= seccomp_parse_syscall_filter(
3160 "@default", -1, c
->syscall_filter
,
3161 SECCOMP_PARSE_PERMISSIVE
|SECCOMP_PARSE_ALLOW_LIST
,
3169 for (const char *p
= rvalue
;;) {
3170 _cleanup_free_
char *word
= NULL
, *name
= NULL
;
3173 r
= extract_first_word(&p
, &word
, NULL
, 0);
3179 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
3183 r
= parse_syscall_and_errno(word
, &name
, &num
);
3185 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse syscall:errno, ignoring: %s", word
);
3189 r
= seccomp_parse_syscall_filter(
3190 name
, num
, c
->syscall_filter
,
3191 SECCOMP_PARSE_LOG
|SECCOMP_PARSE_PERMISSIVE
|
3192 (invert
? SECCOMP_PARSE_INVERT
: 0)|
3193 (c
->syscall_allow_list
? SECCOMP_PARSE_ALLOW_LIST
: 0),
3194 unit
, filename
, line
);
3200 int config_parse_syscall_log(
3202 const char *filename
,
3204 const char *section
,
3205 unsigned section_line
,
3212 ExecContext
*c
= data
;
3213 _unused_
const Unit
*u
= userdata
;
3214 bool invert
= false;
3223 if (isempty(rvalue
)) {
3224 /* Empty assignment resets the list */
3225 c
->syscall_log
= hashmap_free(c
->syscall_log
);
3226 c
->syscall_log_allow_list
= false;
3230 if (rvalue
[0] == '~') {
3235 if (!c
->syscall_log
) {
3236 c
->syscall_log
= hashmap_new(NULL
);
3237 if (!c
->syscall_log
)
3241 /* Log everything but the ones listed */
3242 c
->syscall_log_allow_list
= false;
3244 /* Log nothing but the ones listed */
3245 c
->syscall_log_allow_list
= true;
3250 _cleanup_free_
char *word
= NULL
, *name
= NULL
;
3253 r
= extract_first_word(&p
, &word
, NULL
, 0);
3259 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
3263 r
= parse_syscall_and_errno(word
, &name
, &num
);
3264 if (r
< 0 || num
>= 0) { /* errno code not allowed */
3265 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse syscall, ignoring: %s", word
);
3269 r
= seccomp_parse_syscall_filter(
3270 name
, 0, c
->syscall_log
,
3271 SECCOMP_PARSE_LOG
|SECCOMP_PARSE_PERMISSIVE
|
3272 (invert
? SECCOMP_PARSE_INVERT
: 0)|
3273 (c
->syscall_log_allow_list
? SECCOMP_PARSE_ALLOW_LIST
: 0),
3274 unit
, filename
, line
);
3280 int config_parse_syscall_archs(
3282 const char *filename
,
3284 const char *section
,
3285 unsigned section_line
,
3295 if (isempty(rvalue
)) {
3296 *archs
= set_free(*archs
);
3300 for (const char *p
= rvalue
;;) {
3301 _cleanup_free_
char *word
= NULL
;
3304 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3310 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3311 "Invalid syntax, ignoring: %s", rvalue
);
3315 r
= seccomp_arch_from_string(word
, &a
);
3317 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3318 "Failed to parse system call architecture \"%s\", ignoring: %m", word
);
3322 r
= set_ensure_put(archs
, NULL
, UINT32_TO_PTR(a
+ 1));
3328 int config_parse_syscall_errno(
3330 const char *filename
,
3332 const char *section
,
3333 unsigned section_line
,
3340 ExecContext
*c
= data
;
3347 if (isempty(rvalue
) || streq(rvalue
, "kill")) {
3348 /* Empty assignment resets to KILL */
3349 c
->syscall_errno
= SECCOMP_ERROR_NUMBER_KILL
;
3353 e
= parse_errno(rvalue
);
3355 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Failed to parse error number, ignoring: %s", rvalue
);
3359 c
->syscall_errno
= e
;
3363 int config_parse_address_families(
3365 const char *filename
,
3367 const char *section
,
3368 unsigned section_line
,
3375 ExecContext
*c
= data
;
3376 bool invert
= false;
3383 if (isempty(rvalue
)) {
3384 /* Empty assignment resets the list */
3385 c
->address_families
= set_free(c
->address_families
);
3386 c
->address_families_allow_list
= false;
3390 if (rvalue
[0] == '~') {
3395 if (!c
->address_families
) {
3396 c
->address_families
= set_new(NULL
);
3397 if (!c
->address_families
)
3400 c
->address_families_allow_list
= !invert
;
3403 for (const char *p
= rvalue
;;) {
3404 _cleanup_free_
char *word
= NULL
;
3407 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3413 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3414 "Invalid syntax, ignoring: %s", rvalue
);
3418 af
= af_from_name(word
);
3420 log_syntax(unit
, LOG_WARNING
, filename
, line
, af
,
3421 "Failed to parse address family, ignoring: %s", word
);
3425 /* If we previously wanted to forbid an address family and now
3426 * we want to allow it, then just remove it from the list.
3428 if (!invert
== c
->address_families_allow_list
) {
3429 r
= set_put(c
->address_families
, INT_TO_PTR(af
));
3433 set_remove(c
->address_families
, INT_TO_PTR(af
));
3437 int config_parse_restrict_namespaces(
3439 const char *filename
,
3441 const char *section
,
3442 unsigned section_line
,
3449 ExecContext
*c
= data
;
3450 unsigned long flags
;
3451 bool invert
= false;
3454 if (isempty(rvalue
)) {
3455 /* Reset to the default. */
3456 c
->restrict_namespaces
= NAMESPACE_FLAGS_INITIAL
;
3460 /* Boolean parameter ignores the previous settings */
3461 r
= parse_boolean(rvalue
);
3463 c
->restrict_namespaces
= 0;
3465 } else if (r
== 0) {
3466 c
->restrict_namespaces
= NAMESPACE_FLAGS_ALL
;
3470 if (rvalue
[0] == '~') {
3475 /* Not a boolean argument, in this case it's a list of namespace types. */
3476 r
= namespace_flags_from_string(rvalue
, &flags
);
3478 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse namespace type string, ignoring: %s", rvalue
);
3482 if (c
->restrict_namespaces
== NAMESPACE_FLAGS_INITIAL
)
3483 /* Initial assignment. Just set the value. */
3484 c
->restrict_namespaces
= invert
? (~flags
) & NAMESPACE_FLAGS_ALL
: flags
;
3486 /* Merge the value with the previous one. */
3487 SET_FLAG(c
->restrict_namespaces
, flags
, !invert
);
3493 int config_parse_unit_slice(
3495 const char *filename
,
3497 const char *section
,
3498 unsigned section_line
,
3505 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
3506 _cleanup_free_
char *k
= NULL
;
3507 Unit
*u
= userdata
, *slice
;
3515 r
= unit_name_printf(u
, rvalue
, &k
);
3517 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
3521 r
= manager_load_unit(u
->manager
, k
, NULL
, &error
, &slice
);
3523 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to load slice unit %s, ignoring: %s", k
, bus_error_message(&error
, r
));
3527 r
= unit_set_slice(u
, slice
);
3529 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to assign slice %s to unit %s, ignoring: %m", slice
->id
, u
->id
);
3536 int config_parse_cpu_quota(
3538 const char *filename
,
3540 const char *section
,
3541 unsigned section_line
,
3548 CGroupContext
*c
= data
;
3555 if (isempty(rvalue
)) {
3556 c
->cpu_quota_per_sec_usec
= USEC_INFINITY
;
3560 r
= parse_permille_unbounded(rvalue
);
3562 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid CPU quota '%s', ignoring.", rvalue
);
3566 c
->cpu_quota_per_sec_usec
= ((usec_t
) r
* USEC_PER_SEC
) / 1000U;
3570 int config_parse_allowed_cpus(
3572 const char *filename
,
3574 const char *section
,
3575 unsigned section_line
,
3582 CGroupContext
*c
= data
;
3584 (void) parse_cpu_set_extend(rvalue
, &c
->cpuset_cpus
, true, unit
, filename
, line
, lvalue
);
3589 int config_parse_allowed_mems(
3591 const char *filename
,
3593 const char *section
,
3594 unsigned section_line
,
3601 CGroupContext
*c
= data
;
3603 (void) parse_cpu_set_extend(rvalue
, &c
->cpuset_mems
, true, unit
, filename
, line
, lvalue
);
3608 int config_parse_memory_limit(
3610 const char *filename
,
3612 const char *section
,
3613 unsigned section_line
,
3620 CGroupContext
*c
= data
;
3621 uint64_t bytes
= CGROUP_LIMIT_MAX
;
3624 if (isempty(rvalue
) && STR_IN_SET(lvalue
, "DefaultMemoryLow",
3628 bytes
= CGROUP_LIMIT_MIN
;
3629 else if (!isempty(rvalue
) && !streq(rvalue
, "infinity")) {
3631 r
= parse_permille(rvalue
);
3633 r
= parse_size(rvalue
, 1024, &bytes
);
3635 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid memory limit '%s', ignoring: %m", rvalue
);
3639 bytes
= physical_memory_scale(r
, 1000U);
3641 if (bytes
>= UINT64_MAX
||
3642 (bytes
<= 0 && !STR_IN_SET(lvalue
, "MemorySwapMax", "MemoryLow", "MemoryMin", "DefaultMemoryLow", "DefaultMemoryMin"))) {
3643 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Memory limit '%s' out of range, ignoring.", rvalue
);
3648 if (streq(lvalue
, "DefaultMemoryLow")) {
3649 c
->default_memory_low
= bytes
;
3650 c
->default_memory_low_set
= true;
3651 } else if (streq(lvalue
, "DefaultMemoryMin")) {
3652 c
->default_memory_min
= bytes
;
3653 c
->default_memory_min_set
= true;
3654 } else if (streq(lvalue
, "MemoryMin")) {
3655 c
->memory_min
= bytes
;
3656 c
->memory_min_set
= true;
3657 } else if (streq(lvalue
, "MemoryLow")) {
3658 c
->memory_low
= bytes
;
3659 c
->memory_low_set
= true;
3660 } else if (streq(lvalue
, "MemoryHigh"))
3661 c
->memory_high
= bytes
;
3662 else if (streq(lvalue
, "MemoryMax"))
3663 c
->memory_max
= bytes
;
3664 else if (streq(lvalue
, "MemorySwapMax"))
3665 c
->memory_swap_max
= bytes
;
3666 else if (streq(lvalue
, "MemoryLimit"))
3667 c
->memory_limit
= bytes
;
3674 int config_parse_tasks_max(
3676 const char *filename
,
3678 const char *section
,
3679 unsigned section_line
,
3686 const Unit
*u
= userdata
;
3687 TasksMax
*tasks_max
= data
;
3691 if (isempty(rvalue
)) {
3692 *tasks_max
= u
? u
->manager
->default_tasks_max
: TASKS_MAX_UNSET
;
3696 if (streq(rvalue
, "infinity")) {
3697 *tasks_max
= TASKS_MAX_UNSET
;
3701 r
= parse_permille(rvalue
);
3703 *tasks_max
= (TasksMax
) { r
, 1000U }; /* r‰ */
3705 r
= safe_atou64(rvalue
, &v
);
3707 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid maximum tasks value '%s', ignoring: %m", rvalue
);
3711 if (v
<= 0 || v
>= UINT64_MAX
) {
3712 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Maximum tasks value '%s' out of range, ignoring.", rvalue
);
3716 *tasks_max
= (TasksMax
) { v
};
3722 int config_parse_delegate(
3724 const char *filename
,
3726 const char *section
,
3727 unsigned section_line
,
3734 CGroupContext
*c
= data
;
3738 t
= unit_name_to_type(unit
);
3739 assert(t
!= _UNIT_TYPE_INVALID
);
3741 if (!unit_vtable
[t
]->can_delegate
) {
3742 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Delegate= setting not supported for this unit type, ignoring.");
3746 /* We either accept a boolean value, which may be used to turn on delegation for all controllers, or turn it
3747 * off for all. Or it takes a list of controller names, in which case we add the specified controllers to the
3748 * mask to delegate. */
3750 if (isempty(rvalue
)) {
3751 /* An empty string resets controllers and set Delegate=yes. */
3753 c
->delegate_controllers
= 0;
3757 r
= parse_boolean(rvalue
);
3759 CGroupMask mask
= 0;
3761 for (const char *p
= rvalue
;;) {
3762 _cleanup_free_
char *word
= NULL
;
3763 CGroupController cc
;
3765 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3771 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
3775 cc
= cgroup_controller_from_string(word
);
3777 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid controller name '%s', ignoring", word
);
3781 mask
|= CGROUP_CONTROLLER_TO_MASK(cc
);
3785 c
->delegate_controllers
|= mask
;
3789 c
->delegate_controllers
= _CGROUP_MASK_ALL
;
3791 c
->delegate
= false;
3792 c
->delegate_controllers
= 0;
3798 int config_parse_device_allow(
3800 const char *filename
,
3802 const char *section
,
3803 unsigned section_line
,
3810 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
3811 CGroupContext
*c
= data
;
3812 const char *p
= rvalue
;
3815 if (isempty(rvalue
)) {
3816 while (c
->device_allow
)
3817 cgroup_context_free_device_allow(c
, c
->device_allow
);
3822 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
3826 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3827 "Invalid syntax, ignoring: %s", rvalue
);
3831 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
3832 "Failed to extract device path and rights from '%s', ignoring.", rvalue
);
3836 r
= unit_full_printf(userdata
, path
, &resolved
);
3838 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3839 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
3843 if (!STARTSWITH_SET(resolved
, "block-", "char-")) {
3845 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
3849 if (!valid_device_node_path(resolved
)) {
3850 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid device node path '%s', ignoring.", resolved
);
3855 if (!isempty(p
) && !in_charset(p
, "rwm")) {
3856 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid device rights '%s', ignoring.", p
);
3860 return cgroup_add_device_allow(c
, resolved
, p
);
3863 int config_parse_io_device_weight(
3865 const char *filename
,
3867 const char *section
,
3868 unsigned section_line
,
3875 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
3876 CGroupIODeviceWeight
*w
;
3877 CGroupContext
*c
= data
;
3878 const char *p
= rvalue
;
3886 if (isempty(rvalue
)) {
3887 while (c
->io_device_weights
)
3888 cgroup_context_free_io_device_weight(c
, c
->io_device_weights
);
3893 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
3897 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3898 "Invalid syntax, ignoring: %s", rvalue
);
3901 if (r
== 0 || isempty(p
)) {
3902 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
3903 "Failed to extract device path and weight from '%s', ignoring.", rvalue
);
3907 r
= unit_full_printf(userdata
, path
, &resolved
);
3909 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3910 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
3914 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
3918 r
= cg_weight_parse(p
, &u
);
3920 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "IO weight '%s' invalid, ignoring: %m", p
);
3924 assert(u
!= CGROUP_WEIGHT_INVALID
);
3926 w
= new0(CGroupIODeviceWeight
, 1);
3930 w
->path
= TAKE_PTR(resolved
);
3933 LIST_PREPEND(device_weights
, c
->io_device_weights
, w
);
3937 int config_parse_io_device_latency(
3939 const char *filename
,
3941 const char *section
,
3942 unsigned section_line
,
3949 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
3950 CGroupIODeviceLatency
*l
;
3951 CGroupContext
*c
= data
;
3952 const char *p
= rvalue
;
3960 if (isempty(rvalue
)) {
3961 while (c
->io_device_latencies
)
3962 cgroup_context_free_io_device_latency(c
, c
->io_device_latencies
);
3967 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
3971 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3972 "Invalid syntax, ignoring: %s", rvalue
);
3975 if (r
== 0 || isempty(p
)) {
3976 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
3977 "Failed to extract device path and latency from '%s', ignoring.", rvalue
);
3981 r
= unit_full_printf(userdata
, path
, &resolved
);
3983 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3984 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
3988 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
3992 r
= parse_sec(p
, &usec
);
3994 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse timer value, ignoring: %s", p
);
3998 l
= new0(CGroupIODeviceLatency
, 1);
4002 l
->path
= TAKE_PTR(resolved
);
4003 l
->target_usec
= usec
;
4005 LIST_PREPEND(device_latencies
, c
->io_device_latencies
, l
);
4009 int config_parse_io_limit(
4011 const char *filename
,
4013 const char *section
,
4014 unsigned section_line
,
4021 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4022 CGroupIODeviceLimit
*l
= NULL
, *t
;
4023 CGroupContext
*c
= data
;
4024 CGroupIOLimitType type
;
4025 const char *p
= rvalue
;
4033 type
= cgroup_io_limit_type_from_string(lvalue
);
4036 if (isempty(rvalue
)) {
4037 LIST_FOREACH(device_limits
, l
, c
->io_device_limits
)
4038 l
->limits
[type
] = cgroup_io_limit_defaults
[type
];
4042 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4046 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4047 "Invalid syntax, ignoring: %s", rvalue
);
4050 if (r
== 0 || isempty(p
)) {
4051 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4052 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue
);
4056 r
= unit_full_printf(userdata
, path
, &resolved
);
4058 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4059 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4063 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4067 if (streq("infinity", p
))
4068 num
= CGROUP_LIMIT_MAX
;
4070 r
= parse_size(p
, 1000, &num
);
4071 if (r
< 0 || num
<= 0) {
4072 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid IO limit '%s', ignoring.", p
);
4077 LIST_FOREACH(device_limits
, t
, c
->io_device_limits
) {
4078 if (path_equal(resolved
, t
->path
)) {
4085 CGroupIOLimitType ttype
;
4087 l
= new0(CGroupIODeviceLimit
, 1);
4091 l
->path
= TAKE_PTR(resolved
);
4092 for (ttype
= 0; ttype
< _CGROUP_IO_LIMIT_TYPE_MAX
; ttype
++)
4093 l
->limits
[ttype
] = cgroup_io_limit_defaults
[ttype
];
4095 LIST_PREPEND(device_limits
, c
->io_device_limits
, l
);
4098 l
->limits
[type
] = num
;
4103 int config_parse_blockio_device_weight(
4105 const char *filename
,
4107 const char *section
,
4108 unsigned section_line
,
4115 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4116 CGroupBlockIODeviceWeight
*w
;
4117 CGroupContext
*c
= data
;
4118 const char *p
= rvalue
;
4126 if (isempty(rvalue
)) {
4127 while (c
->blockio_device_weights
)
4128 cgroup_context_free_blockio_device_weight(c
, c
->blockio_device_weights
);
4133 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4137 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4138 "Invalid syntax, ignoring: %s", rvalue
);
4141 if (r
== 0 || isempty(p
)) {
4142 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4143 "Failed to extract device node and weight from '%s', ignoring.", rvalue
);
4147 r
= unit_full_printf(userdata
, path
, &resolved
);
4149 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4150 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4154 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4158 r
= cg_blkio_weight_parse(p
, &u
);
4160 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid block IO weight '%s', ignoring: %m", p
);
4164 assert(u
!= CGROUP_BLKIO_WEIGHT_INVALID
);
4166 w
= new0(CGroupBlockIODeviceWeight
, 1);
4170 w
->path
= TAKE_PTR(resolved
);
4173 LIST_PREPEND(device_weights
, c
->blockio_device_weights
, w
);
4177 int config_parse_blockio_bandwidth(
4179 const char *filename
,
4181 const char *section
,
4182 unsigned section_line
,
4189 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4190 CGroupBlockIODeviceBandwidth
*b
= NULL
, *t
;
4191 CGroupContext
*c
= data
;
4192 const char *p
= rvalue
;
4201 read
= streq("BlockIOReadBandwidth", lvalue
);
4203 if (isempty(rvalue
)) {
4204 LIST_FOREACH(device_bandwidths
, b
, c
->blockio_device_bandwidths
) {
4205 b
->rbps
= CGROUP_LIMIT_MAX
;
4206 b
->wbps
= CGROUP_LIMIT_MAX
;
4211 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4215 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4216 "Invalid syntax, ignoring: %s", rvalue
);
4219 if (r
== 0 || isempty(p
)) {
4220 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4221 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue
);
4225 r
= unit_full_printf(userdata
, path
, &resolved
);
4227 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4228 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4232 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4236 r
= parse_size(p
, 1000, &bytes
);
4237 if (r
< 0 || bytes
<= 0) {
4238 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid Block IO Bandwidth '%s', ignoring.", p
);
4242 LIST_FOREACH(device_bandwidths
, t
, c
->blockio_device_bandwidths
) {
4243 if (path_equal(resolved
, t
->path
)) {
4250 b
= new0(CGroupBlockIODeviceBandwidth
, 1);
4254 b
->path
= TAKE_PTR(resolved
);
4255 b
->rbps
= CGROUP_LIMIT_MAX
;
4256 b
->wbps
= CGROUP_LIMIT_MAX
;
4258 LIST_PREPEND(device_bandwidths
, c
->blockio_device_bandwidths
, b
);
4269 int config_parse_job_mode_isolate(
4271 const char *filename
,
4273 const char *section
,
4274 unsigned section_line
,
4288 r
= parse_boolean(rvalue
);
4290 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse boolean, ignoring: %s", rvalue
);
4294 log_notice("%s is deprecated. Please use OnFailureJobMode= instead", lvalue
);
4296 *m
= r
? JOB_ISOLATE
: JOB_REPLACE
;
4300 int config_parse_exec_directories(
4302 const char *filename
,
4304 const char *section
,
4305 unsigned section_line
,
4313 const Unit
*u
= userdata
;
4321 if (isempty(rvalue
)) {
4322 /* Empty assignment resets the list */
4323 *rt
= strv_free(*rt
);
4327 for (const char *p
= rvalue
;;) {
4328 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
4330 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
4334 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4335 "Invalid syntax, ignoring: %s", rvalue
);
4341 r
= unit_full_printf(u
, word
, &k
);
4343 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4344 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word
);
4348 r
= path_simplify_and_warn(k
, PATH_CHECK_RELATIVE
, unit
, filename
, line
, lvalue
);
4352 if (path_startswith(k
, "private")) {
4353 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4354 "%s= path can't be 'private', ignoring assignment: %s", lvalue
, word
);
4358 r
= strv_push(rt
, k
);
4365 int config_parse_set_credential(
4367 const char *filename
,
4369 const char *section
,
4370 unsigned section_line
,
4377 _cleanup_free_
char *word
= NULL
, *k
= NULL
, *unescaped
= NULL
;
4378 ExecContext
*context
= data
;
4379 ExecSetCredential
*old
;
4389 if (isempty(rvalue
)) {
4390 /* Empty assignment resets the list */
4391 context
->set_credentials
= hashmap_free(context
->set_credentials
);
4396 r
= extract_first_word(&p
, &word
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
4400 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
4404 r
= unit_full_printf(u
, word
, &k
);
4406 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word
);
4409 if (!credential_name_valid(k
)) {
4410 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Credential name \"%s\" not valid, ignoring.", k
);
4414 /* We support escape codes here, so that users can insert trailing \n if they like */
4415 l
= cunescape(p
, UNESCAPE_ACCEPT_NUL
, &unescaped
);
4417 log_syntax(unit
, LOG_WARNING
, filename
, line
, l
, "Can't unescape \"%s\", ignoring: %m", p
);
4421 old
= hashmap_get(context
->set_credentials
, k
);
4423 free_and_replace(old
->data
, unescaped
);
4426 _cleanup_(exec_set_credential_freep
) ExecSetCredential
*sc
= NULL
;
4428 sc
= new0(ExecSetCredential
, 1);
4432 sc
->id
= TAKE_PTR(k
);
4433 sc
->data
= TAKE_PTR(unescaped
);
4436 r
= hashmap_ensure_allocated(&context
->set_credentials
, &exec_set_credential_hash_ops
);
4440 r
= hashmap_put(context
->set_credentials
, sc
->id
, sc
);
4450 int config_parse_load_credential(
4452 const char *filename
,
4454 const char *section
,
4455 unsigned section_line
,
4462 _cleanup_free_
char *word
= NULL
, *k
= NULL
, *q
= NULL
;
4463 ExecContext
*context
= data
;
4473 if (isempty(rvalue
)) {
4474 /* Empty assignment resets the list */
4475 context
->load_credentials
= strv_free(context
->load_credentials
);
4480 r
= extract_first_word(&p
, &word
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
4484 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
4488 r
= unit_full_printf(u
, word
, &k
);
4490 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word
);
4493 if (!credential_name_valid(k
)) {
4494 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Credential name \"%s\" not valid, ignoring.", k
);
4497 r
= unit_full_printf(u
, p
, &q
);
4499 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", p
);
4502 if (path_is_absolute(q
) ? !path_is_normalized(q
) : !credential_name_valid(q
)) {
4503 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Credential source \"%s\" not valid, ignoring.", q
);
4507 r
= strv_consume_pair(&context
->load_credentials
, TAKE_PTR(k
), TAKE_PTR(q
));
4514 int config_parse_set_status(
4516 const char *filename
,
4518 const char *section
,
4519 unsigned section_line
,
4526 ExitStatusSet
*status_set
= data
;
4534 /* Empty assignment resets the list */
4535 if (isempty(rvalue
)) {
4536 exit_status_set_free(status_set
);
4540 for (const char *p
= rvalue
;;) {
4541 _cleanup_free_
char *word
= NULL
;
4544 r
= extract_first_word(&p
, &word
, NULL
, 0);
4548 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4549 "Failed to parse %s=%s, ignoring: %m", lvalue
, rvalue
);
4555 /* We need to call exit_status_from_string() first, because we want
4556 * to parse numbers as exit statuses, not signals. */
4558 r
= exit_status_from_string(word
);
4560 assert(r
>= 0 && r
< 256);
4561 bitmap
= &status_set
->status
;
4563 r
= signal_from_string(word
);
4565 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4566 "Failed to parse value, ignoring: %s", word
);
4569 bitmap
= &status_set
->signal
;
4572 r
= bitmap_set(bitmap
, r
);
4574 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4575 "Failed to set signal or status %s, ignoring: %m", word
);
4579 int config_parse_namespace_path_strv(
4581 const char *filename
,
4583 const char *section
,
4584 unsigned section_line
,
4591 const Unit
*u
= userdata
;
4600 if (isempty(rvalue
)) {
4601 /* Empty assignment resets the list */
4602 *sv
= strv_free(*sv
);
4606 for (const char *p
= rvalue
;;) {
4607 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
, *joined
= NULL
;
4609 bool ignore_enoent
= false, shall_prefix
= false;
4611 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
4617 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract first word, ignoring: %s", rvalue
);
4622 if (startswith(w
, "-")) {
4623 ignore_enoent
= true;
4626 if (startswith(w
, "+")) {
4627 shall_prefix
= true;
4631 r
= unit_full_printf(u
, w
, &resolved
);
4633 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", w
);
4637 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
4641 joined
= strjoin(ignore_enoent
? "-" : "",
4642 shall_prefix
? "+" : "",
4645 r
= strv_push(sv
, joined
);
4655 int config_parse_temporary_filesystems(
4657 const char *filename
,
4659 const char *section
,
4660 unsigned section_line
,
4667 const Unit
*u
= userdata
;
4668 ExecContext
*c
= data
;
4676 if (isempty(rvalue
)) {
4677 /* Empty assignment resets the list */
4678 temporary_filesystem_free_many(c
->temporary_filesystems
, c
->n_temporary_filesystems
);
4679 c
->temporary_filesystems
= NULL
;
4680 c
->n_temporary_filesystems
= 0;
4684 for (const char *p
= rvalue
;;) {
4685 _cleanup_free_
char *word
= NULL
, *path
= NULL
, *resolved
= NULL
;
4688 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
4694 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract first word, ignoring: %s", rvalue
);
4699 r
= extract_first_word(&w
, &path
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
4703 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract first word, ignoring: %s", word
);
4707 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid syntax, ignoring: %s", word
);
4711 r
= unit_full_printf(u
, path
, &resolved
);
4713 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", path
);
4717 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
4721 r
= temporary_filesystem_add(&c
->temporary_filesystems
, &c
->n_temporary_filesystems
, resolved
, w
);
4727 int config_parse_bind_paths(
4729 const char *filename
,
4731 const char *section
,
4732 unsigned section_line
,
4739 ExecContext
*c
= data
;
4740 const Unit
*u
= userdata
;
4748 if (isempty(rvalue
)) {
4749 /* Empty assignment resets the list */
4750 bind_mount_free_many(c
->bind_mounts
, c
->n_bind_mounts
);
4751 c
->bind_mounts
= NULL
;
4752 c
->n_bind_mounts
= 0;
4756 for (const char *p
= rvalue
;;) {
4757 _cleanup_free_
char *source
= NULL
, *destination
= NULL
;
4758 _cleanup_free_
char *sresolved
= NULL
, *dresolved
= NULL
;
4759 char *s
= NULL
, *d
= NULL
;
4760 bool rbind
= true, ignore_enoent
= false;
4762 r
= extract_first_word(&p
, &source
, ":" WHITESPACE
, EXTRACT_UNQUOTE
|EXTRACT_DONT_COALESCE_SEPARATORS
);
4768 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s, ignoring: %s", lvalue
, rvalue
);
4772 r
= unit_full_printf(u
, source
, &sresolved
);
4774 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4775 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", source
);
4781 ignore_enoent
= true;
4785 r
= path_simplify_and_warn(s
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
4789 /* Optionally, the destination is specified. */
4790 if (p
&& p
[-1] == ':') {
4791 r
= extract_first_word(&p
, &destination
, ":" WHITESPACE
, EXTRACT_UNQUOTE
|EXTRACT_DONT_COALESCE_SEPARATORS
);
4795 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s, ignoring: %s", lvalue
, rvalue
);
4799 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Missing argument after ':', ignoring: %s", s
);
4803 r
= unit_full_printf(u
, destination
, &dresolved
);
4805 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4806 "Failed to resolve specifiers in \"%s\", ignoring: %m", destination
);
4810 r
= path_simplify_and_warn(dresolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
4816 /* Optionally, there's also a short option string specified */
4817 if (p
&& p
[-1] == ':') {
4818 _cleanup_free_
char *options
= NULL
;
4820 r
= extract_first_word(&p
, &options
, NULL
, EXTRACT_UNQUOTE
);
4824 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s: %s", lvalue
, rvalue
);
4828 if (isempty(options
) || streq(options
, "rbind"))
4830 else if (streq(options
, "norbind"))
4833 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid option string, ignoring setting: %s", options
);
4840 r
= bind_mount_add(&c
->bind_mounts
, &c
->n_bind_mounts
,
4844 .read_only
= !!strstr(lvalue
, "ReadOnly"),
4846 .ignore_enoent
= ignore_enoent
,
4855 int config_parse_mount_images(
4857 const char *filename
,
4859 const char *section
,
4860 unsigned section_line
,
4867 ExecContext
*c
= data
;
4868 const Unit
*u
= userdata
;
4876 if (isempty(rvalue
)) {
4877 /* Empty assignment resets the list */
4878 c
->mount_images
= mount_image_free_many(c
->mount_images
, &c
->n_mount_images
);
4882 for (const char *p
= rvalue
;;) {
4883 _cleanup_(mount_options_free_allp
) MountOptions
*options
= NULL
;
4884 _cleanup_free_
char *first
= NULL
, *second
= NULL
, *tuple
= NULL
;
4885 _cleanup_free_
char *sresolved
= NULL
, *dresolved
= NULL
;
4886 const char *q
= NULL
;
4888 bool permissive
= false;
4890 r
= extract_first_word(&p
, &tuple
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_RETAIN_ESCAPE
);
4894 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4895 "Invalid syntax %s=%s, ignoring: %m", lvalue
, rvalue
);
4902 r
= extract_many_words(&q
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
, &first
, &second
, NULL
);
4906 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4907 "Invalid syntax in %s=, ignoring: %s", lvalue
, tuple
);
4913 r
= unit_full_printf(u
, first
, &sresolved
);
4915 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4916 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", first
);
4926 r
= path_simplify_and_warn(s
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
4930 if (isempty(second
)) {
4931 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Missing destination in %s, ignoring: %s", lvalue
, rvalue
);
4935 r
= unit_full_printf(u
, second
, &dresolved
);
4937 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4938 "Failed to resolve specifiers in \"%s\", ignoring: %m", second
);
4942 r
= path_simplify_and_warn(dresolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
4947 _cleanup_free_
char *partition
= NULL
, *mount_options
= NULL
, *mount_options_resolved
= NULL
;
4948 MountOptions
*o
= NULL
;
4949 PartitionDesignator partition_designator
;
4951 r
= extract_many_words(&q
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
, &partition
, &mount_options
, NULL
);
4955 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", q
);
4960 /* Single set of options, applying to the root partition/single filesystem */
4962 r
= unit_full_printf(u
, partition
, &mount_options_resolved
);
4964 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", first
);
4968 o
= new(MountOptions
, 1);
4971 *o
= (MountOptions
) {
4972 .partition_designator
= PARTITION_ROOT
,
4973 .options
= TAKE_PTR(mount_options_resolved
),
4975 LIST_APPEND(mount_options
, options
, o
);
4980 partition_designator
= partition_designator_from_string(partition
);
4981 if (partition_designator
< 0) {
4982 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid partition name %s, ignoring", partition
);
4985 r
= unit_full_printf(u
, mount_options
, &mount_options_resolved
);
4987 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options
);
4991 o
= new(MountOptions
, 1);
4994 *o
= (MountOptions
) {
4995 .partition_designator
= partition_designator
,
4996 .options
= TAKE_PTR(mount_options_resolved
),
4998 LIST_APPEND(mount_options
, options
, o
);
5001 r
= mount_image_add(&c
->mount_images
, &c
->n_mount_images
,
5004 .destination
= dresolved
,
5005 .mount_options
= options
,
5006 .ignore_enoent
= permissive
,
5013 int config_parse_job_timeout_sec(
5015 const char *filename
,
5017 const char *section
,
5018 unsigned section_line
,
5034 r
= parse_sec_fix_0(rvalue
, &usec
);
5036 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse JobTimeoutSec= parameter, ignoring: %s", rvalue
);
5040 /* If the user explicitly changed JobTimeoutSec= also change JobRunningTimeoutSec=, for compatibility with old
5041 * versions. If JobRunningTimeoutSec= was explicitly set, avoid this however as whatever the user picked should
5044 if (!u
->job_running_timeout_set
)
5045 u
->job_running_timeout
= usec
;
5047 u
->job_timeout
= usec
;
5052 int config_parse_job_running_timeout_sec(
5054 const char *filename
,
5056 const char *section
,
5057 unsigned section_line
,
5073 r
= parse_sec_fix_0(rvalue
, &usec
);
5075 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse JobRunningTimeoutSec= parameter, ignoring: %s", rvalue
);
5079 u
->job_running_timeout
= usec
;
5080 u
->job_running_timeout_set
= true;
5085 int config_parse_emergency_action(
5087 const char *filename
,
5089 const char *section
,
5090 unsigned section_line
,
5098 EmergencyAction
*x
= data
;
5107 m
= ((Unit
*) userdata
)->manager
;
5111 r
= parse_emergency_action(rvalue
, MANAGER_IS_SYSTEM(m
), x
);
5113 if (r
== -EOPNOTSUPP
&& MANAGER_IS_USER(m
)) {
5114 /* Compat mode: remove for systemd 241. */
5116 log_syntax(unit
, LOG_INFO
, filename
, line
, r
,
5117 "%s= in user mode specified as \"%s\", using \"exit-force\" instead.",
5119 *x
= EMERGENCY_ACTION_EXIT_FORCE
;
5123 if (r
== -EOPNOTSUPP
)
5124 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5125 "%s= specified as %s mode action, ignoring: %s",
5126 lvalue
, MANAGER_IS_SYSTEM(m
) ? "user" : "system", rvalue
);
5128 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5129 "Failed to parse %s=, ignoring: %s", lvalue
, rvalue
);
5136 int config_parse_pid_file(
5138 const char *filename
,
5140 const char *section
,
5141 unsigned section_line
,
5148 _cleanup_free_
char *k
= NULL
, *n
= NULL
;
5149 const Unit
*u
= userdata
;
5158 if (isempty(rvalue
)) {
5159 /* An empty assignment removes already set value. */
5164 r
= unit_full_printf(u
, rvalue
, &k
);
5166 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
5170 /* If this is a relative path make it absolute by prefixing the /run */
5171 n
= path_make_absolute(k
, u
->manager
->prefix
[EXEC_DIRECTORY_RUNTIME
]);
5175 /* Check that the result is a sensible path */
5176 r
= path_simplify_and_warn(n
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5180 r
= patch_var_run(unit
, filename
, line
, lvalue
, &n
);
5184 free_and_replace(*s
, n
);
5188 int config_parse_exit_status(
5190 const char *filename
,
5192 const char *section
,
5193 unsigned section_line
,
5200 int *exit_status
= data
, r
;
5206 assert(exit_status
);
5208 if (isempty(rvalue
)) {
5213 r
= safe_atou8(rvalue
, &u
);
5215 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse exit status '%s', ignoring: %m", rvalue
);
5223 int config_parse_disable_controllers(
5225 const char *filename
,
5227 const char *section
,
5228 unsigned section_line
,
5236 CGroupContext
*c
= data
;
5237 CGroupMask disabled_mask
;
5239 /* 1. If empty, make all controllers eligible for use again.
5240 * 2. If non-empty, merge all listed controllers, space separated. */
5242 if (isempty(rvalue
)) {
5243 c
->disable_controllers
= 0;
5247 r
= cg_mask_from_string(rvalue
, &disabled_mask
);
5248 if (r
< 0 || disabled_mask
<= 0) {
5249 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid cgroup string: %s, ignoring", rvalue
);
5253 c
->disable_controllers
|= disabled_mask
;
5258 int config_parse_ip_filter_bpf_progs(
5260 const char *filename
,
5262 const char *section
,
5263 unsigned section_line
,
5270 _cleanup_free_
char *resolved
= NULL
;
5271 const Unit
*u
= userdata
;
5272 char ***paths
= data
;
5280 if (isempty(rvalue
)) {
5281 *paths
= strv_free(*paths
);
5285 r
= unit_full_printf(u
, rvalue
, &resolved
);
5287 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
5291 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5295 if (strv_contains(*paths
, resolved
))
5298 r
= strv_extend(paths
, resolved
);
5302 r
= bpf_firewall_supported();
5305 if (r
!= BPF_FIREWALL_SUPPORTED_WITH_MULTI
) {
5306 static bool warned
= false;
5308 log_full(warned
? LOG_DEBUG
: LOG_WARNING
,
5309 "File %s:%u configures an IP firewall with BPF programs (%s=%s), but the local system does not support BPF/cgroup based firewalling with multiple filters.\n"
5310 "Starting this unit will fail! (This warning is only shown for the first loaded unit using IP firewalling.)", filename
, line
, lvalue
, rvalue
);
5318 static int merge_by_names(Unit
**u
, Set
*names
, const char *id
) {
5325 /* Let's try to add in all names that are aliases of this unit */
5326 while ((k
= set_steal_first(names
))) {
5327 _cleanup_free_ _unused_
char *free_k
= k
;
5329 /* First try to merge in the other name into our unit */
5330 r
= unit_merge_by_name(*u
, k
);
5334 /* Hmm, we couldn't merge the other unit into ours? Then let's try it the other way
5337 other
= manager_get_unit((*u
)->manager
, k
);
5339 return r
; /* return previous failure */
5341 r
= unit_merge(other
, *u
);
5346 return merge_by_names(u
, names
, NULL
);
5349 if (streq_ptr(id
, k
))
5350 unit_choose_id(*u
, id
);
5356 int unit_load_fragment(Unit
*u
) {
5357 const char *fragment
;
5358 _cleanup_set_free_free_ Set
*names
= NULL
;
5362 assert(u
->load_state
== UNIT_STUB
);
5366 u
->load_state
= UNIT_LOADED
;
5370 /* Possibly rebuild the fragment map to catch new units */
5371 r
= unit_file_build_name_map(&u
->manager
->lookup_paths
,
5372 &u
->manager
->unit_cache_timestamp_hash
,
5373 &u
->manager
->unit_id_map
,
5374 &u
->manager
->unit_name_map
,
5375 &u
->manager
->unit_path_cache
);
5377 return log_error_errno(r
, "Failed to rebuild name map: %m");
5379 r
= unit_file_find_fragment(u
->manager
->unit_id_map
,
5380 u
->manager
->unit_name_map
,
5384 if (r
< 0 && r
!= -ENOENT
)
5388 /* Open the file, check if this is a mask, otherwise read. */
5389 _cleanup_fclose_
FILE *f
= NULL
;
5392 /* Try to open the file name. A symlink is OK, for example for linked files or masks. We
5393 * expect that all symlinks within the lookup paths have been already resolved, but we don't
5394 * verify this here. */
5395 f
= fopen(fragment
, "re");
5397 return log_unit_notice_errno(u
, errno
, "Failed to open %s: %m", fragment
);
5399 if (fstat(fileno(f
), &st
) < 0)
5402 r
= free_and_strdup(&u
->fragment_path
, fragment
);
5406 if (null_or_empty(&st
)) {
5407 /* Unit file is masked */
5409 u
->load_state
= u
->perpetual
? UNIT_LOADED
: UNIT_MASKED
; /* don't allow perpetual units to ever be masked */
5410 u
->fragment_mtime
= 0;
5412 u
->load_state
= UNIT_LOADED
;
5413 u
->fragment_mtime
= timespec_load(&st
.st_mtim
);
5415 /* Now, parse the file contents */
5416 r
= config_parse(u
->id
, fragment
, f
,
5417 UNIT_VTABLE(u
)->sections
,
5418 config_item_perf_lookup
, load_fragment_gperf_lookup
,
5423 log_unit_notice_errno(u
, r
, "Unit configuration has fatal error, unit will not be started.");
5429 /* We do the merge dance here because for some unit types, the unit might have aliases which are not
5430 * declared in the file system. In particular, this is true (and frequent) for device and swap units.
5433 const char *id
= u
->id
;
5434 _cleanup_free_
char *free_id
= NULL
;
5437 id
= basename(fragment
);
5438 if (unit_name_is_valid(id
, UNIT_NAME_TEMPLATE
)) {
5439 assert(u
->instance
); /* If we're not trying to use a template for non-instanced unit,
5440 * this must be set. */
5442 r
= unit_name_replace_instance(id
, u
->instance
, &free_id
);
5444 return log_debug_errno(r
, "Failed to build id (%s + %s): %m", id
, u
->instance
);
5450 r
= merge_by_names(&merged
, names
, id
);
5455 u
->load_state
= UNIT_MERGED
;
5460 void unit_dump_config_items(FILE *f
) {
5461 static const struct {
5462 const ConfigParserCallback callback
;
5465 { config_parse_warn_compat
, "NOTSUPPORTED" },
5466 { config_parse_int
, "INTEGER" },
5467 { config_parse_unsigned
, "UNSIGNED" },
5468 { config_parse_iec_size
, "SIZE" },
5469 { config_parse_iec_uint64
, "SIZE" },
5470 { config_parse_si_uint64
, "SIZE" },
5471 { config_parse_bool
, "BOOLEAN" },
5472 { config_parse_string
, "STRING" },
5473 { config_parse_path
, "PATH" },
5474 { config_parse_unit_path_printf
, "PATH" },
5475 { config_parse_strv
, "STRING [...]" },
5476 { config_parse_exec_nice
, "NICE" },
5477 { config_parse_exec_oom_score_adjust
, "OOMSCOREADJUST" },
5478 { config_parse_exec_io_class
, "IOCLASS" },
5479 { config_parse_exec_io_priority
, "IOPRIORITY" },
5480 { config_parse_exec_cpu_sched_policy
, "CPUSCHEDPOLICY" },
5481 { config_parse_exec_cpu_sched_prio
, "CPUSCHEDPRIO" },
5482 { config_parse_exec_cpu_affinity
, "CPUAFFINITY" },
5483 { config_parse_mode
, "MODE" },
5484 { config_parse_unit_env_file
, "FILE" },
5485 { config_parse_exec_output
, "OUTPUT" },
5486 { config_parse_exec_input
, "INPUT" },
5487 { config_parse_log_facility
, "FACILITY" },
5488 { config_parse_log_level
, "LEVEL" },
5489 { config_parse_exec_secure_bits
, "SECUREBITS" },
5490 { config_parse_capability_set
, "BOUNDINGSET" },
5491 { config_parse_rlimit
, "LIMIT" },
5492 { config_parse_unit_deps
, "UNIT [...]" },
5493 { config_parse_exec
, "PATH [ARGUMENT [...]]" },
5494 { config_parse_service_type
, "SERVICETYPE" },
5495 { config_parse_service_restart
, "SERVICERESTART" },
5496 { config_parse_service_timeout_failure_mode
, "TIMEOUTMODE" },
5497 { config_parse_kill_mode
, "KILLMODE" },
5498 { config_parse_signal
, "SIGNAL" },
5499 { config_parse_socket_listen
, "SOCKET [...]" },
5500 { config_parse_socket_bind
, "SOCKETBIND" },
5501 { config_parse_socket_bindtodevice
, "NETWORKINTERFACE" },
5502 { config_parse_sec
, "SECONDS" },
5503 { config_parse_nsec
, "NANOSECONDS" },
5504 { config_parse_namespace_path_strv
, "PATH [...]" },
5505 { config_parse_bind_paths
, "PATH[:PATH[:OPTIONS]] [...]" },
5506 { config_parse_unit_requires_mounts_for
, "PATH [...]" },
5507 { config_parse_exec_mount_flags
, "MOUNTFLAG [...]" },
5508 { config_parse_unit_string_printf
, "STRING" },
5509 { config_parse_trigger_unit
, "UNIT" },
5510 { config_parse_timer
, "TIMER" },
5511 { config_parse_path_spec
, "PATH" },
5512 { config_parse_notify_access
, "ACCESS" },
5513 { config_parse_ip_tos
, "TOS" },
5514 { config_parse_unit_condition_path
, "CONDITION" },
5515 { config_parse_unit_condition_string
, "CONDITION" },
5516 { config_parse_unit_slice
, "SLICE" },
5517 { config_parse_documentation
, "URL" },
5518 { config_parse_service_timeout
, "SECONDS" },
5519 { config_parse_emergency_action
, "ACTION" },
5520 { config_parse_set_status
, "STATUS" },
5521 { config_parse_service_sockets
, "SOCKETS" },
5522 { config_parse_environ
, "ENVIRON" },
5524 { config_parse_syscall_filter
, "SYSCALLS" },
5525 { config_parse_syscall_archs
, "ARCHS" },
5526 { config_parse_syscall_errno
, "ERRNO" },
5527 { config_parse_syscall_log
, "SYSCALLS" },
5528 { config_parse_address_families
, "FAMILIES" },
5529 { config_parse_restrict_namespaces
, "NAMESPACES" },
5531 { config_parse_cpu_shares
, "SHARES" },
5532 { config_parse_cg_weight
, "WEIGHT" },
5533 { config_parse_memory_limit
, "LIMIT" },
5534 { config_parse_device_allow
, "DEVICE" },
5535 { config_parse_device_policy
, "POLICY" },
5536 { config_parse_io_limit
, "LIMIT" },
5537 { config_parse_io_device_weight
, "DEVICEWEIGHT" },
5538 { config_parse_io_device_latency
, "DEVICELATENCY" },
5539 { config_parse_blockio_bandwidth
, "BANDWIDTH" },
5540 { config_parse_blockio_weight
, "WEIGHT" },
5541 { config_parse_blockio_device_weight
, "DEVICEWEIGHT" },
5542 { config_parse_long
, "LONG" },
5543 { config_parse_socket_service
, "SERVICE" },
5545 { config_parse_exec_selinux_context
, "LABEL" },
5547 { config_parse_job_mode
, "MODE" },
5548 { config_parse_job_mode_isolate
, "BOOLEAN" },
5549 { config_parse_personality
, "PERSONALITY" },
5552 const char *prev
= NULL
;
5557 NULSTR_FOREACH(i
, load_fragment_gperf_nulstr
) {
5558 const char *rvalue
= "OTHER", *lvalue
;
5559 const ConfigPerfItem
*p
;
5564 assert_se(p
= load_fragment_gperf_lookup(i
, strlen(i
)));
5566 /* Hide legacy settings */
5567 if (p
->parse
== config_parse_warn_compat
&&
5568 p
->ltype
== DISABLED_LEGACY
)
5571 for (j
= 0; j
< ELEMENTSOF(table
); j
++)
5572 if (p
->parse
== table
[j
].callback
) {
5573 rvalue
= table
[j
].rvalue
;
5577 dot
= strchr(i
, '.');
5578 lvalue
= dot
? dot
+ 1 : i
;
5582 if (!prev
|| !strneq(prev
, i
, prefix_len
+1)) {
5586 fprintf(f
, "[%.*s]\n", (int) prefix_len
, i
);
5589 fprintf(f
, "%s=%s\n", lvalue
, rvalue
);
5594 int config_parse_cpu_affinity2(
5596 const char *filename
,
5598 const char *section
,
5599 unsigned section_line
,
5606 CPUSet
*affinity
= data
;
5610 (void) parse_cpu_set_extend(rvalue
, affinity
, true, unit
, filename
, line
, lvalue
);
5615 int config_parse_show_status(
5617 const char *filename
,
5619 const char *section
,
5620 unsigned section_line
,
5628 ShowStatus
*b
= data
;
5635 k
= parse_show_status(rvalue
, b
);
5637 log_syntax(unit
, LOG_WARNING
, filename
, line
, k
, "Failed to parse show status setting, ignoring: %s", rvalue
);
5642 int config_parse_output_restricted(
5644 const char *filename
,
5646 const char *section
,
5647 unsigned section_line
,
5654 ExecOutput t
, *eo
= data
;
5655 bool obsolete
= false;
5662 if (streq(rvalue
, "syslog")) {
5663 t
= EXEC_OUTPUT_JOURNAL
;
5665 } else if (streq(rvalue
, "syslog+console")) {
5666 t
= EXEC_OUTPUT_JOURNAL_AND_CONSOLE
;
5669 t
= exec_output_from_string(rvalue
);
5671 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Failed to parse output type, ignoring: %s", rvalue
);
5675 if (IN_SET(t
, EXEC_OUTPUT_SOCKET
, EXEC_OUTPUT_NAMED_FD
, EXEC_OUTPUT_FILE
, EXEC_OUTPUT_FILE_APPEND
)) {
5676 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Standard output types socket, fd:, file:, append: are not supported as defaults, ignoring: %s", rvalue
);
5682 log_syntax(unit
, LOG_NOTICE
, filename
, line
, 0,
5683 "Standard output type %s is obsolete, automatically updating to %s. Please update your configuration.",
5684 rvalue
, exec_output_to_string(t
));
5690 int config_parse_crash_chvt(
5692 const char *filename
,
5694 const char *section
,
5695 unsigned section_line
,
5709 r
= parse_crash_chvt(rvalue
, data
);
5711 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse CrashChangeVT= setting, ignoring: %s", rvalue
);
5716 int config_parse_swap_priority(
5718 const char *filename
,
5720 const char *section
,
5721 unsigned section_line
,
5737 if (isempty(rvalue
)) {
5738 s
->parameters_fragment
.priority
= -1;
5739 s
->parameters_fragment
.priority_set
= false;
5743 r
= safe_atoi(rvalue
, &priority
);
5745 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid swap priority '%s', ignoring.", rvalue
);
5749 if (priority
< -1) {
5750 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Sorry, swap priorities smaller than -1 may only be assigned by the kernel itself, ignoring: %s", rvalue
);
5754 if (priority
> 32767) {
5755 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Swap priority out of range, ignoring: %s", rvalue
);
5759 s
->parameters_fragment
.priority
= priority
;
5760 s
->parameters_fragment
.priority_set
= true;