1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 Copyright © 2012 Holger Hans Peter Freyther
11 #include "sd-messages.h"
14 #include "all-units.h"
15 #include "alloc-util.h"
16 #include "bpf-program.h"
17 #include "bpf-restrict-fs.h"
18 #include "bus-error.h"
19 #include "calendarspec.h"
20 #include "capability-list.h"
21 #include "capability-util.h"
22 #include "cgroup-setup.h"
23 #include "condition.h"
24 #include "conf-parser.h"
25 #include "coredump-util.h"
26 #include "cpu-set-util.h"
27 #include "creds-util.h"
28 #include "dissect-image.h"
31 #include "exec-credential.h"
33 #include "extract-word.h"
35 #include "firewall-util.h"
36 #include "fstab-util.h"
38 #include "hexdecoct.h"
39 #include "hostname-util.h"
40 #include "ioprio-util.h"
41 #include "iovec-util.h"
42 #include "ip-protocol-list.h"
43 #include "journal-file.h"
44 #include "limits-util.h"
45 #include "load-fragment.h"
48 #include "mountpoint-util.h"
50 #include "nulstr-util.h"
51 #include "open-file.h"
52 #include "ordered-set.h"
53 #include "parse-helpers.h"
54 #include "parse-util.h"
55 #include "path-util.h"
56 #include "pcre2-util.h"
57 #include "percent-util.h"
58 #include "process-util.h"
59 #include "reboot-util.h"
60 #include "seccomp-util.h"
61 #include "securebits-util.h"
62 #include "selinux-util.h"
64 #include "show-status.h"
65 #include "signal-util.h"
66 #include "socket-netlink.h"
67 #include "specifier.h"
68 #include "stat-util.h"
69 #include "string-util.h"
71 #include "syslog-util.h"
72 #include "time-util.h"
73 #include "unit-name.h"
74 #include "unit-printf.h"
75 #include "user-util.h"
78 static int parse_socket_protocol(const char *s
) {
81 r
= parse_ip_protocol(s
);
84 if (!IN_SET(r
, IPPROTO_UDPLITE
, IPPROTO_SCTP
, IPPROTO_MPTCP
))
85 return -EPROTONOSUPPORT
;
90 int parse_crash_chvt(const char *value
, int *data
) {
93 if (safe_atoi(value
, data
) >= 0)
96 b
= parse_boolean(value
);
101 *data
= 0; /* switch to where kmsg goes */
103 *data
= -1; /* turn off switching */
108 int parse_confirm_spawn(const char *value
, char **console
) {
112 r
= value
? parse_boolean(value
) : 1;
116 } else if (r
> 0) /* on with default tty */
117 s
= strdup("/dev/console");
118 else if (is_path(value
)) /* on with fully qualified path */
120 else /* on with only a tty file name, not a fully qualified path */
121 s
= path_join("/dev/", value
);
129 DEFINE_CONFIG_PARSE(config_parse_socket_protocol
, parse_socket_protocol
);
130 DEFINE_CONFIG_PARSE(config_parse_exec_secure_bits
, secure_bits_from_string
);
131 DEFINE_CONFIG_PARSE_ENUM(config_parse_collect_mode
, collect_mode
, CollectMode
);
132 DEFINE_CONFIG_PARSE_ENUM(config_parse_device_policy
, cgroup_device_policy
, CGroupDevicePolicy
);
133 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_keyring_mode
, exec_keyring_mode
, ExecKeyringMode
);
134 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_proc
, protect_proc
, ProtectProc
);
135 DEFINE_CONFIG_PARSE_ENUM(config_parse_proc_subset
, proc_subset
, ProcSubset
);
136 DEFINE_CONFIG_PARSE_ENUM(config_parse_private_bpf
, private_bpf
, PrivateBPF
);
137 DEFINE_CONFIG_PARSE_ENUM(config_parse_private_tmp
, private_tmp
, PrivateTmp
);
138 DEFINE_CONFIG_PARSE_ENUM(config_parse_private_users
, private_users
, PrivateUsers
);
139 DEFINE_CONFIG_PARSE_ENUM(config_parse_private_pids
, private_pids
, PrivatePIDs
);
140 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_control_groups
, protect_control_groups
, ProtectControlGroups
);
141 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_utmp_mode
, exec_utmp_mode
, ExecUtmpMode
);
142 DEFINE_CONFIG_PARSE_ENUM(config_parse_job_mode
, job_mode
, JobMode
);
143 DEFINE_CONFIG_PARSE_ENUM(config_parse_notify_access
, notify_access
, NotifyAccess
);
144 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_home
, protect_home
, ProtectHome
);
145 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_system
, protect_system
, ProtectSystem
);
146 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_preserve_mode
, exec_preserve_mode
, ExecPreserveMode
);
147 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_type
, service_type
, ServiceType
);
148 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_exit_type
, service_exit_type
, ServiceExitType
);
149 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_restart
, service_restart
, ServiceRestart
);
150 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_restart_mode
, service_restart_mode
, ServiceRestartMode
);
151 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_timeout_failure_mode
, service_timeout_failure_mode
, ServiceTimeoutFailureMode
);
152 DEFINE_CONFIG_PARSE_ENUM(config_parse_socket_bind
, socket_address_bind_ipv6_only_or_bool
, SocketAddressBindIPv6Only
);
153 DEFINE_CONFIG_PARSE_ENUM(config_parse_oom_policy
, oom_policy
, OOMPolicy
);
154 DEFINE_CONFIG_PARSE_ENUM(config_parse_managed_oom_preference
, managed_oom_preference
, ManagedOOMPreference
);
155 DEFINE_CONFIG_PARSE_ENUM(config_parse_memory_pressure_watch
, cgroup_pressure_watch
, CGroupPressureWatch
);
156 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_ip_tos
, ip_tos
, int, -1);
157 DEFINE_CONFIG_PARSE_PTR(config_parse_cg_weight
, cg_weight_parse
, uint64_t);
158 DEFINE_CONFIG_PARSE_PTR(config_parse_cg_cpu_weight
, cg_cpu_weight_parse
, uint64_t);
159 DEFINE_CONFIG_PARSE_PTR(config_parse_exec_mount_propagation_flag
, mount_propagation_flag_from_string
, unsigned long);
160 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_numa_policy
, mpol
, int, -1);
161 DEFINE_CONFIG_PARSE_ENUM(config_parse_status_unit_format
, status_unit_format
, StatusUnitFormat
);
162 DEFINE_CONFIG_PARSE_ENUM_FULL(config_parse_socket_timestamping
, socket_timestamping_from_string_harder
, SocketTimestamping
);
163 DEFINE_CONFIG_PARSE_ENUM(config_parse_socket_defer_trigger
, socket_defer_trigger
, SocketDeferTrigger
);
164 DEFINE_CONFIG_PARSE_PTR(config_parse_bpf_delegate_commands
, bpf_delegate_commands_from_string
, uint64_t);
165 DEFINE_CONFIG_PARSE_PTR(config_parse_bpf_delegate_maps
, bpf_delegate_maps_from_string
, uint64_t);
166 DEFINE_CONFIG_PARSE_PTR(config_parse_bpf_delegate_programs
, bpf_delegate_programs_from_string
, uint64_t);
167 DEFINE_CONFIG_PARSE_PTR(config_parse_bpf_delegate_attachments
, bpf_delegate_attachments_from_string
, uint64_t);
169 bool contains_instance_specifier_superset(const char *s
) {
171 bool percent
= false;
185 /* If the string is just the instance specifier, it's not a superset of the instance. */
186 if (memcmp_nn(p
, q
- p
, "%i", strlen("%i")) == 0)
189 /* %i, %n and %N all expand to the instance or a superset of it. */
194 if (IN_SET(*p
, 'n', 'N', 'i'))
202 /* `name` is the rendered version of `format` via `unit_printf` or similar functions. */
203 int unit_is_likely_recursive_template_dependency(Unit
*u
, const char *name
, const char *format
) {
204 const char *fragment_path
;
210 /* If a template unit has a direct dependency on itself that includes the unit instance as part of
211 * the template instance via a unit specifier (%i, %n or %N), this will almost certainly lead to
212 * infinite recursion as systemd will keep instantiating new instances of the template unit.
213 * https://github.com/systemd/systemd/issues/17602 shows a good example of how this can happen in
214 * practice. To guard against this, we check for templates that depend on themselves and have the
215 * instantiated unit instance included as part of the template instance of the dependency via a
218 * For example, if systemd-notify@.service depends on systemd-notify@%n.service, this will result in
219 * infinite recursion.
222 if (!unit_name_is_valid(name
, UNIT_NAME_INSTANCE
))
225 if (!unit_name_prefix_equal(u
->id
, name
))
228 if (u
->type
!= unit_name_to_type(name
))
231 r
= unit_file_find_fragment(u
->manager
->unit_id_map
, u
->manager
->unit_name_map
, name
, &fragment_path
, NULL
);
235 /* Fragment paths should also be equal as a custom fragment for a specific template instance
236 * wouldn't necessarily lead to infinite recursion. */
237 if (!path_equal(u
->fragment_path
, fragment_path
))
240 if (!contains_instance_specifier_superset(format
))
246 int config_parse_unit_deps(
248 const char *filename
,
251 unsigned section_line
,
258 UnitDependency d
= ltype
;
265 for (const char *p
= rvalue
;;) {
266 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
269 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_RETAIN_ESCAPE
);
275 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
279 r
= unit_name_printf(u
, word
, &k
);
281 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
285 r
= unit_is_likely_recursive_template_dependency(u
, k
, word
);
287 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to determine if '%s' is a recursive dependency, ignoring: %m", k
);
291 log_syntax(unit
, LOG_DEBUG
, filename
, line
, 0,
292 "Dropping dependency %s=%s that likely leads to infinite recursion.",
293 unit_dependency_to_string(d
), word
);
297 r
= unit_add_dependency_by_name(u
, d
, k
, true, UNIT_DEPENDENCY_FILE
);
299 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add dependency on %s, ignoring: %m", k
);
303 int config_parse_obsolete_unit_deps(
305 const char *filename
,
308 unsigned section_line
,
315 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
316 "Unit dependency type %s= is obsolete, replacing by %s=, please update your unit file", lvalue
, unit_dependency_to_string(ltype
));
318 return config_parse_unit_deps(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, data
, userdata
);
321 int config_parse_unit_string_printf(
323 const char *filename
,
326 unsigned section_line
,
333 _cleanup_free_
char *k
= NULL
;
334 const Unit
*u
= ASSERT_PTR(userdata
);
341 r
= unit_full_printf(u
, rvalue
, &k
);
343 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
347 return config_parse_string(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
350 int config_parse_reboot_parameter(
352 const char *filename
,
355 unsigned section_line
,
362 _cleanup_free_
char *k
= NULL
;
363 const Unit
*u
= ASSERT_PTR(userdata
);
370 r
= unit_full_printf(u
, rvalue
, &k
);
372 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
376 if (!reboot_parameter_is_valid(k
)) {
377 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid reboot parameter '%s', ignoring.", k
);
381 return config_parse_string(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
384 int config_parse_unit_strv_printf(
386 const char *filename
,
389 unsigned section_line
,
396 const Unit
*u
= ASSERT_PTR(userdata
);
397 _cleanup_free_
char *k
= NULL
;
404 r
= unit_full_printf(u
, rvalue
, &k
);
406 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
410 return config_parse_strv(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
413 int config_parse_unit_path_printf(
415 const char *filename
,
418 unsigned section_line
,
425 _cleanup_free_
char *k
= NULL
;
426 const Unit
*u
= ASSERT_PTR(userdata
);
434 r
= unit_path_printf(u
, rvalue
, &k
);
436 log_syntax(unit
, fatal
? LOG_ERR
: LOG_WARNING
, filename
, line
, r
,
437 "Failed to resolve unit specifiers in '%s'%s: %m",
438 rvalue
, fatal
? "" : ", ignoring");
439 return fatal
? -ENOEXEC
: 0;
442 return config_parse_path(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
445 int config_parse_colon_separated_paths(
447 const char *filename
,
450 unsigned section_line
,
457 char ***sv
= ASSERT_PTR(data
);
458 const Unit
*u
= ASSERT_PTR(userdata
);
465 if (isempty(rvalue
)) {
466 /* Empty assignment resets the list */
467 *sv
= strv_free(*sv
);
471 for (const char *p
= rvalue
;;) {
472 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
474 r
= extract_first_word(&p
, &word
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
478 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract first word, ignoring: %s", rvalue
);
484 r
= unit_path_printf(u
, word
, &k
);
486 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
487 "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
491 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
495 r
= strv_consume(sv
, TAKE_PTR(k
));
503 int config_parse_unit_path_strv_printf(
505 const char *filename
,
508 unsigned section_line
,
516 const Unit
*u
= ASSERT_PTR(userdata
);
523 if (isempty(rvalue
)) {
528 for (const char *p
= rvalue
;;) {
529 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
531 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
537 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
538 "Invalid syntax, ignoring: %s", rvalue
);
542 r
= unit_path_printf(u
, word
, &k
);
544 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
545 "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
549 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
553 r
= strv_consume(x
, TAKE_PTR(k
));
559 static int patch_var_run(
561 const char *filename
,
569 e
= path_startswith(*path
, "/var/run/");
573 z
= path_join("/run/", e
);
577 log_syntax(unit
, LOG_NOTICE
, filename
, line
, 0,
578 "%s= references a path below legacy directory /var/run/, updating %s → %s; "
579 "please update the unit file accordingly.", lvalue
, *path
, z
);
581 free_and_replace(*path
, z
);
586 int config_parse_socket_listen(
588 const char *filename
,
591 unsigned section_line
,
598 Socket
*s
= ASSERT_PTR(SOCKET(data
));
599 _cleanup_free_ SocketPort
*p
= NULL
;
606 if (isempty(rvalue
)) {
607 /* An empty assignment removes all ports */
608 socket_free_ports(s
);
612 p
= new(SocketPort
, 1);
621 if (ltype
!= SOCKET_SOCKET
) {
622 _cleanup_free_
char *k
= NULL
;
624 r
= unit_path_printf(UNIT(s
), rvalue
, &k
);
626 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
630 PathSimplifyWarnFlags flags
= PATH_CHECK_ABSOLUTE
;
631 if (ltype
!= SOCKET_SPECIAL
)
632 flags
|= PATH_CHECK_NON_API_VFS
;
634 r
= path_simplify_and_warn(k
, flags
, unit
, filename
, line
, lvalue
);
638 if (ltype
== SOCKET_FIFO
) {
639 r
= patch_var_run(unit
, filename
, line
, lvalue
, &k
);
644 free_and_replace(p
->path
, k
);
647 } else if (streq(lvalue
, "ListenNetlink")) {
648 _cleanup_free_
char *k
= NULL
;
650 r
= unit_path_printf(UNIT(s
), rvalue
, &k
);
652 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
656 r
= socket_address_parse_netlink(&p
->address
, k
);
658 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse address value in '%s', ignoring: %m", k
);
662 p
->type
= SOCKET_SOCKET
;
665 _cleanup_free_
char *k
= NULL
;
667 r
= unit_path_printf(UNIT(s
), rvalue
, &k
);
669 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
673 if (path_is_absolute(k
)) { /* Only for AF_UNIX file system sockets… */
674 r
= patch_var_run(unit
, filename
, line
, lvalue
, &k
);
679 r
= socket_address_parse_and_warn(&p
->address
, k
);
681 if (r
!= -EAFNOSUPPORT
)
682 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse address value in '%s', ignoring: %m", k
);
686 if (streq(lvalue
, "ListenStream"))
687 p
->address
.type
= SOCK_STREAM
;
688 else if (streq(lvalue
, "ListenDatagram"))
689 p
->address
.type
= SOCK_DGRAM
;
691 assert(streq(lvalue
, "ListenSequentialPacket"));
692 p
->address
.type
= SOCK_SEQPACKET
;
695 if (socket_address_family(&p
->address
) != AF_UNIX
&& p
->address
.type
== SOCK_SEQPACKET
) {
696 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Address family not supported, ignoring: %s", rvalue
);
700 p
->type
= SOCKET_SOCKET
;
703 LIST_APPEND(port
, s
->ports
, TAKE_PTR(p
));
707 int config_parse_exec_nice(
709 const char *filename
,
712 unsigned section_line
,
719 ExecContext
*c
= ASSERT_PTR(data
);
726 if (isempty(rvalue
)) {
731 r
= parse_nice(rvalue
, &priority
);
734 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Nice priority out of range, ignoring: %s", rvalue
);
736 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse nice priority '%s', ignoring: %m", rvalue
);
746 int config_parse_exec_oom_score_adjust(
748 const char *filename
,
751 unsigned section_line
,
758 ExecContext
*c
= ASSERT_PTR(data
);
765 if (isempty(rvalue
)) {
766 c
->oom_score_adjust_set
= false;
770 r
= parse_oom_score_adjust(rvalue
, &oa
);
773 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "OOM score adjust value out of range, ignoring: %s", rvalue
);
775 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse the OOM score adjust value '%s', ignoring: %m", rvalue
);
779 c
->oom_score_adjust
= oa
;
780 c
->oom_score_adjust_set
= true;
785 int config_parse_exec_coredump_filter(
787 const char *filename
,
790 unsigned section_line
,
797 ExecContext
*c
= ASSERT_PTR(data
);
804 if (isempty(rvalue
)) {
805 c
->coredump_filter
= 0;
806 c
->coredump_filter_set
= false;
811 r
= coredump_filter_mask_from_string(rvalue
, &f
);
813 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
814 "Failed to parse the CoredumpFilter=%s, ignoring: %m", rvalue
);
818 c
->coredump_filter
|= f
;
819 c
->coredump_filter_set
= true;
823 int config_parse_kill_mode(
825 const char *filename
,
828 unsigned section_line
,
835 KillMode
*k
= data
, m
;
842 if (isempty(rvalue
)) {
843 *k
= KILL_CONTROL_GROUP
;
847 m
= kill_mode_from_string(rvalue
);
849 log_syntax(unit
, LOG_WARNING
, filename
, line
, m
,
850 "Failed to parse kill mode specification, ignoring: %s", rvalue
);
855 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
856 "Unit uses KillMode=none. "
857 "This is unsafe, as it disables systemd's process lifecycle management for the service. "
858 "Please update the service to use a safer KillMode=, such as 'mixed' or 'control-group'. "
859 "Support for KillMode=none is deprecated and will eventually be removed.");
865 int config_parse_exec(
867 const char *filename
,
870 unsigned section_line
,
877 ExecCommand
**e
= ASSERT_PTR(data
);
878 const Unit
*u
= ASSERT_PTR(userdata
);
887 if (isempty(rvalue
)) {
888 /* An empty assignment resets the list */
889 *e
= exec_command_free_list(*e
);
893 const char *p
= rvalue
;
897 _cleanup_free_
char *firstword
= NULL
;
901 r
= extract_first_word_and_warn(&p
, &firstword
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_CUNESCAPE
, unit
, filename
, line
, rvalue
);
905 /* A lone ";" is a separator. Let's make sure we don't treat it as an executable name.
907 * SOFT DEPRECATION: We support multiple command lines in one ExecStart= line for
908 * compatibility with older versions, but we no longer document this exists, it's deprecated
909 * in a soft way. New unit files, should not use this feature. */
910 if (streq(firstword
, ";")) {
915 const char *f
= firstword
;
916 bool ignore
, separate_argv0
= false, ambient_hack
= false;
917 ExecCommandFlags flags
= 0;
920 /* We accept an absolute path as first argument. Valid prefixes and their effect:
922 * "-": Ignore if the path doesn't exist
923 * "@": Allow overriding argv[0] (supplied as a separate argument)
924 * "|": Prefix the cmdline with target user's shell (when combined with "@" invoke
925 * login shell semantics)
926 * ":": Disable environment variable substitution
927 * "+": Run with full privileges and no sandboxing
928 * "!": Apply sandboxing except for user/group credentials
931 if (*f
== '-' && !FLAGS_SET(flags
, EXEC_COMMAND_IGNORE_FAILURE
))
932 flags
|= EXEC_COMMAND_IGNORE_FAILURE
;
933 else if (*f
== '@' && !separate_argv0
)
934 separate_argv0
= true;
935 else if (*f
== ':' && !FLAGS_SET(flags
, EXEC_COMMAND_NO_ENV_EXPAND
))
936 flags
|= EXEC_COMMAND_NO_ENV_EXPAND
;
937 else if (*f
== '|' && !FLAGS_SET(flags
, EXEC_COMMAND_VIA_SHELL
))
938 flags
|= EXEC_COMMAND_VIA_SHELL
;
939 else if (*f
== '+' && !(flags
& (EXEC_COMMAND_FULLY_PRIVILEGED
|EXEC_COMMAND_NO_SETUID
)) && !ambient_hack
)
940 flags
|= EXEC_COMMAND_FULLY_PRIVILEGED
;
941 else if (*f
== '!' && !(flags
& (EXEC_COMMAND_FULLY_PRIVILEGED
|EXEC_COMMAND_NO_SETUID
)) && !ambient_hack
)
942 flags
|= EXEC_COMMAND_NO_SETUID
;
943 else if (*f
== '!' && !FLAGS_SET(flags
, EXEC_COMMAND_FULLY_PRIVILEGED
) && !ambient_hack
) {
944 /* Compatibility with the old !! ambient caps hack (removed in v258). Since
945 * we don't support that anymore and !! was a noop on non-supporting systems,
946 * we'll just turn off the EXEC_COMMAND_NO_SETUID flag again and be done with
948 flags
&= ~EXEC_COMMAND_NO_SETUID
;
951 log_syntax(unit
, LOG_NOTICE
, filename
, line
, 0,
952 "The !! modifier for %s= lines is no longer supported and is now ignored. "
953 "Please update your unit files and remove the modifier.", lvalue
);
958 ignore
= FLAGS_SET(flags
, EXEC_COMMAND_IGNORE_FAILURE
);
960 _cleanup_strv_free_
char **args
= NULL
;
961 _cleanup_free_
char *path
= NULL
;
963 if (FLAGS_SET(flags
, EXEC_COMMAND_VIA_SHELL
)) {
964 /* Use _PATH_BSHELL as placeholder since we can't do NSS lookups in pid1. This would
965 * be exported to various dbus properties and is used to determine SELinux label -
966 * which isn't accurate, but is a best-effort thing to assume all shells have more
967 * or less the same label. */
968 path
= strdup(_PATH_BSHELL
);
972 if (strv_extend_many(&args
, separate_argv0
? "-sh" : "sh", empty_to_null(f
)) < 0)
975 r
= unit_path_printf(u
, f
, &path
);
977 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
978 "Failed to resolve unit specifiers in '%s'%s: %m",
979 f
, ignore
? ", ignoring" : "");
980 return ignore
? 0 : -ENOEXEC
;
984 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
985 "Empty path in command line%s: %s",
986 ignore
? ", ignoring" : "", rvalue
);
987 return ignore
? 0 : -ENOEXEC
;
989 if (!string_is_safe(path
)) {
990 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
991 "Executable path contains special characters%s: %s",
992 ignore
? ", ignoring" : "", path
);
993 return ignore
? 0 : -ENOEXEC
;
995 if (path_implies_directory(path
)) {
996 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
997 "Executable path specifies a directory%s: %s",
998 ignore
? ", ignoring" : "", path
);
999 return ignore
? 0 : -ENOEXEC
;
1002 if (!filename_or_absolute_path_is_valid(path
)) {
1003 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
1004 "Neither a valid executable name nor an absolute path%s: %s",
1005 ignore
? ", ignoring" : "", path
);
1006 return ignore
? 0 : -ENOEXEC
;
1009 if (!separate_argv0
)
1010 if (strv_extend(&args
, path
) < 0)
1014 while (!isempty(p
)) {
1015 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
;
1017 /* Check explicitly for an unquoted semicolon as command separator token. */
1018 if (p
[0] == ';' && (!p
[1] || strchr(WHITESPACE
, p
[1]))) {
1020 p
= skip_leading_chars(p
, /* bad = */ NULL
);
1025 /* Check for \; explicitly, to not confuse it with \\; or "\;" or "\\;" etc.
1026 * extract_first_word() would return the same for all of those. */
1027 if (p
[0] == '\\' && p
[1] == ';' && (!p
[2] || strchr(WHITESPACE
, p
[2]))) {
1029 p
= skip_leading_chars(p
, /* bad = */ NULL
);
1031 if (strv_extend(&args
, ";") < 0)
1037 r
= extract_first_word_and_warn(&p
, &word
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_CUNESCAPE
, unit
, filename
, line
, rvalue
);
1039 return ignore
? 0 : -ENOEXEC
;
1043 r
= unit_full_printf(u
, word
, &resolved
);
1045 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
1046 "Failed to resolve unit specifiers in '%s'%s: %m",
1047 word
, ignore
? ", ignoring" : "");
1048 return ignore
? 0 : -ENOEXEC
;
1051 if (strv_consume(&args
, TAKE_PTR(resolved
)) < 0)
1055 if (strv_isempty(args
)) {
1056 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
1057 "Empty executable name or zeroeth argument%s: %s",
1058 ignore
? ", ignoring" : "", rvalue
);
1059 return ignore
? 0 : -ENOEXEC
;
1062 ExecCommand
*nec
= new(ExecCommand
, 1);
1066 *nec
= (ExecCommand
) {
1067 .path
= path_simplify(TAKE_PTR(path
)),
1068 .argv
= TAKE_PTR(args
),
1072 exec_command_append_list(e
, nec
);
1075 } while (semicolon
);
1080 int config_parse_socket_bindtodevice(
1082 const char *filename
,
1084 const char *section
,
1085 unsigned section_line
,
1092 _cleanup_free_
char *p
= NULL
;
1093 Socket
*s
= ASSERT_PTR(data
);
1100 if (isempty(rvalue
) || streq(rvalue
, "*")) {
1101 s
->bind_to_device
= mfree(s
->bind_to_device
);
1105 r
= unit_full_printf(UNIT(s
), rvalue
, &p
);
1107 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
1111 if (!ifname_valid(p
)) {
1112 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid interface name, ignoring: %s", p
);
1116 return free_and_replace(s
->bind_to_device
, p
);
1119 int config_parse_exec_input(
1121 const char *filename
,
1123 const char *section
,
1124 unsigned section_line
,
1131 ExecContext
*c
= ASSERT_PTR(data
);
1132 const Unit
*u
= userdata
;
1141 n
= startswith(rvalue
, "fd:");
1143 _cleanup_free_
char *resolved
= NULL
;
1145 r
= unit_fd_printf(u
, n
, &resolved
);
1147 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", n
);
1151 if (isempty(resolved
))
1152 resolved
= mfree(resolved
);
1153 else if (!fdname_is_valid(resolved
)) {
1154 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid file descriptor name, ignoring: %s", resolved
);
1158 free_and_replace(c
->stdio_fdname
[STDIN_FILENO
], resolved
);
1160 ei
= EXEC_INPUT_NAMED_FD
;
1162 } else if ((n
= startswith(rvalue
, "file:"))) {
1163 _cleanup_free_
char *resolved
= NULL
;
1165 r
= unit_path_printf(u
, n
, &resolved
);
1167 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", n
);
1171 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
1175 free_and_replace(c
->stdio_file
[STDIN_FILENO
], resolved
);
1177 ei
= EXEC_INPUT_FILE
;
1180 ei
= exec_input_from_string(rvalue
);
1182 log_syntax(unit
, LOG_WARNING
, filename
, line
, ei
, "Failed to parse input specifier, ignoring: %s", rvalue
);
1191 int config_parse_exec_input_text(
1193 const char *filename
,
1195 const char *section
,
1196 unsigned section_line
,
1203 _cleanup_free_
char *unescaped
= NULL
, *resolved
= NULL
;
1204 ExecContext
*c
= ASSERT_PTR(data
);
1205 const Unit
*u
= userdata
;
1212 if (isempty(rvalue
)) {
1213 /* Reset if the empty string is assigned */
1214 c
->stdin_data
= mfree(c
->stdin_data
);
1215 c
->stdin_data_size
= 0;
1219 ssize_t l
= cunescape(rvalue
, 0, &unescaped
);
1221 log_syntax(unit
, LOG_WARNING
, filename
, line
, l
,
1222 "Failed to decode C escaped text '%s', ignoring: %m", rvalue
);
1226 r
= unit_full_printf_full(u
, unescaped
, EXEC_STDIN_DATA_MAX
, &resolved
);
1228 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1229 "Failed to resolve unit specifiers in '%s', ignoring: %m", unescaped
);
1233 size_t sz
= strlen(resolved
);
1234 if (c
->stdin_data_size
+ sz
+ 1 < c
->stdin_data_size
|| /* check for overflow */
1235 c
->stdin_data_size
+ sz
+ 1 > EXEC_STDIN_DATA_MAX
) {
1236 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1237 "Standard input data too large (%zu), maximum of %zu permitted, ignoring.",
1238 c
->stdin_data_size
+ sz
, (size_t) EXEC_STDIN_DATA_MAX
);
1242 void *p
= realloc(c
->stdin_data
, c
->stdin_data_size
+ sz
+ 1);
1246 *((char*) mempcpy((char*) p
+ c
->stdin_data_size
, resolved
, sz
)) = '\n';
1249 c
->stdin_data_size
+= sz
+ 1;
1254 int config_parse_exec_input_data(
1256 const char *filename
,
1258 const char *section
,
1259 unsigned section_line
,
1266 _cleanup_free_
void *p
= NULL
;
1267 ExecContext
*c
= ASSERT_PTR(data
);
1276 if (isempty(rvalue
)) {
1277 /* Reset if the empty string is assigned */
1278 c
->stdin_data
= mfree(c
->stdin_data
);
1279 c
->stdin_data_size
= 0;
1283 r
= unbase64mem(rvalue
, &p
, &sz
);
1285 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1286 "Failed to decode base64 data, ignoring: %s", rvalue
);
1292 if (c
->stdin_data_size
+ sz
< c
->stdin_data_size
|| /* check for overflow */
1293 c
->stdin_data_size
+ sz
> EXEC_STDIN_DATA_MAX
) {
1294 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1295 "Standard input data too large (%zu), maximum of %zu permitted, ignoring.",
1296 c
->stdin_data_size
+ sz
, (size_t) EXEC_STDIN_DATA_MAX
);
1300 q
= realloc(c
->stdin_data
, c
->stdin_data_size
+ sz
);
1304 memcpy((uint8_t*) q
+ c
->stdin_data_size
, p
, sz
);
1307 c
->stdin_data_size
+= sz
;
1312 int config_parse_exec_output(
1314 const char *filename
,
1316 const char *section
,
1317 unsigned section_line
,
1324 _cleanup_free_
char *resolved
= NULL
;
1326 ExecContext
*c
= ASSERT_PTR(data
);
1327 const Unit
*u
= userdata
;
1328 bool obsolete
= false;
1337 n
= startswith(rvalue
, "fd:");
1339 r
= unit_fd_printf(u
, n
, &resolved
);
1341 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", n
);
1345 if (isempty(resolved
))
1346 resolved
= mfree(resolved
);
1347 else if (!fdname_is_valid(resolved
)) {
1348 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid file descriptor name, ignoring: %s", resolved
);
1352 eo
= EXEC_OUTPUT_NAMED_FD
;
1354 } else if (streq(rvalue
, "syslog")) {
1355 eo
= EXEC_OUTPUT_JOURNAL
;
1358 } else if (streq(rvalue
, "syslog+console")) {
1359 eo
= EXEC_OUTPUT_JOURNAL_AND_CONSOLE
;
1362 } else if ((n
= startswith(rvalue
, "file:"))) {
1364 r
= unit_path_printf(u
, n
, &resolved
);
1366 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", n
);
1370 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
1374 eo
= EXEC_OUTPUT_FILE
;
1376 } else if ((n
= startswith(rvalue
, "append:"))) {
1378 r
= unit_path_printf(u
, n
, &resolved
);
1380 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", n
);
1384 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
1388 eo
= EXEC_OUTPUT_FILE_APPEND
;
1390 } else if ((n
= startswith(rvalue
, "truncate:"))) {
1392 r
= unit_path_printf(u
, n
, &resolved
);
1394 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", n
);
1398 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
1402 eo
= EXEC_OUTPUT_FILE_TRUNCATE
;
1404 eo
= exec_output_from_string(rvalue
);
1406 log_syntax(unit
, LOG_WARNING
, filename
, line
, eo
, "Failed to parse output specifier, ignoring: %s", rvalue
);
1412 log_syntax(unit
, LOG_NOTICE
, filename
, line
, 0,
1413 "Standard output type %s is obsolete, automatically updating to %s. Please update your unit file, and consider removing the setting altogether.",
1414 rvalue
, exec_output_to_string(eo
));
1416 if (streq(lvalue
, "StandardOutput")) {
1417 if (eo
== EXEC_OUTPUT_NAMED_FD
)
1418 free_and_replace(c
->stdio_fdname
[STDOUT_FILENO
], resolved
);
1420 free_and_replace(c
->stdio_file
[STDOUT_FILENO
], resolved
);
1425 assert(streq(lvalue
, "StandardError"));
1427 if (eo
== EXEC_OUTPUT_NAMED_FD
)
1428 free_and_replace(c
->stdio_fdname
[STDERR_FILENO
], resolved
);
1430 free_and_replace(c
->stdio_file
[STDERR_FILENO
], resolved
);
1438 int config_parse_exec_io_class(
1440 const char *filename
,
1442 const char *section
,
1443 unsigned section_line
,
1450 ExecContext
*c
= ASSERT_PTR(data
);
1457 if (isempty(rvalue
)) {
1458 c
->ioprio_is_set
= false;
1459 c
->ioprio
= IOPRIO_DEFAULT_CLASS_AND_PRIO
;
1463 x
= ioprio_class_from_string(rvalue
);
1465 log_syntax(unit
, LOG_WARNING
, filename
, line
, x
, "Failed to parse IO scheduling class, ignoring: %s", rvalue
);
1469 c
->ioprio
= ioprio_normalize(ioprio_prio_value(x
, ioprio_prio_data(c
->ioprio
)));
1470 c
->ioprio_is_set
= true;
1475 int config_parse_exec_io_priority(
1477 const char *filename
,
1479 const char *section
,
1480 unsigned section_line
,
1487 ExecContext
*c
= ASSERT_PTR(data
);
1494 if (isempty(rvalue
)) {
1495 c
->ioprio_is_set
= false;
1496 c
->ioprio
= IOPRIO_DEFAULT_CLASS_AND_PRIO
;
1500 r
= ioprio_parse_priority(rvalue
, &i
);
1502 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse IO priority, ignoring: %s", rvalue
);
1506 c
->ioprio
= ioprio_normalize(ioprio_prio_value(ioprio_prio_class(c
->ioprio
), i
));
1507 c
->ioprio_is_set
= true;
1512 int config_parse_exec_cpu_sched_policy(
1514 const char *filename
,
1516 const char *section
,
1517 unsigned section_line
,
1524 ExecContext
*c
= ASSERT_PTR(data
);
1531 if (isempty(rvalue
)) {
1532 c
->cpu_sched_set
= false;
1533 c
->cpu_sched_policy
= SCHED_OTHER
;
1534 c
->cpu_sched_priority
= 0;
1538 x
= sched_policy_from_string(rvalue
);
1540 log_syntax(unit
, LOG_WARNING
, filename
, line
, x
, "Failed to parse CPU scheduling policy, ignoring: %s", rvalue
);
1544 c
->cpu_sched_policy
= x
;
1545 /* Moving to or from real-time policy? We need to adjust the priority */
1546 c
->cpu_sched_priority
= CLAMP(c
->cpu_sched_priority
, sched_get_priority_min(x
), sched_get_priority_max(x
));
1547 c
->cpu_sched_set
= true;
1552 int config_parse_numa_mask(
1554 const char *filename
,
1556 const char *section
,
1557 unsigned section_line
,
1564 CPUSet
*cpu_set
= ASSERT_PTR(data
);
1571 if (streq(rvalue
, "all")) {
1572 _cleanup_(cpu_set_done
) CPUSet c
= {};
1574 r
= numa_mask_add_all(&c
);
1576 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1577 "Failed to create NUMA mask representing \"all\" NUMA nodes, ignoring: %m");
1579 cpu_set_done(cpu_set
);
1580 *cpu_set
= TAKE_STRUCT(c
);
1584 /* When parsing system.conf or user.conf, rather than unit files, userdata is NULL. */
1586 config_parse_unit_cpu_set(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, data
, userdata
) :
1587 config_parse_cpu_set(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, data
, userdata
);
1590 int config_parse_exec_cpu_sched_prio(
1592 const char *filename
,
1594 const char *section
,
1595 unsigned section_line
,
1602 ExecContext
*c
= ASSERT_PTR(data
);
1609 r
= safe_atoi(rvalue
, &i
);
1611 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse CPU scheduling priority, ignoring: %s", rvalue
);
1615 /* On Linux RR/FIFO range from 1 to 99 and OTHER/BATCH may only be 0. Policy might be set later so
1616 * we do not check the precise range, but only the generic outer bounds. */
1617 if (i
< 0 || i
> 99) {
1618 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "CPU scheduling priority is out of range, ignoring: %s", rvalue
);
1622 c
->cpu_sched_priority
= i
;
1623 c
->cpu_sched_set
= true;
1628 int config_parse_root_image_options(
1630 const char *filename
,
1632 const char *section
,
1633 unsigned section_line
,
1640 _cleanup_(mount_options_free_allp
) MountOptions
*options
= NULL
;
1641 _cleanup_strv_free_
char **l
= NULL
;
1642 ExecContext
*c
= ASSERT_PTR(data
);
1643 const Unit
*u
= userdata
;
1650 if (isempty(rvalue
)) {
1651 c
->root_image_options
= mount_options_free_all(c
->root_image_options
);
1655 r
= strv_split_colon_pairs(&l
, rvalue
);
1659 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s, ignoring: %s", lvalue
, rvalue
);
1663 STRV_FOREACH_PAIR(first
, second
, l
) {
1664 MountOptions
*o
= NULL
;
1665 _cleanup_free_
char *mount_options_resolved
= NULL
;
1666 const char *mount_options
= NULL
, *partition
= "root";
1667 PartitionDesignator partition_designator
;
1669 /* Format is either 'root:foo' or 'foo' (root is implied) */
1670 if (!isempty(*second
)) {
1672 mount_options
= *second
;
1674 mount_options
= *first
;
1676 partition_designator
= partition_designator_from_string(partition
);
1677 if (partition_designator
< 0) {
1678 log_syntax(unit
, LOG_WARNING
, filename
, line
, partition_designator
,
1679 "Invalid partition name %s, ignoring", partition
);
1682 r
= unit_full_printf(u
, mount_options
, &mount_options_resolved
);
1684 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options
);
1688 o
= new(MountOptions
, 1);
1691 *o
= (MountOptions
) {
1692 .partition_designator
= partition_designator
,
1693 .options
= TAKE_PTR(mount_options_resolved
),
1695 LIST_APPEND(mount_options
, options
, TAKE_PTR(o
));
1699 LIST_JOIN(mount_options
, c
->root_image_options
, options
);
1701 /* empty spaces/separators only */
1702 c
->root_image_options
= mount_options_free_all(c
->root_image_options
);
1707 int config_parse_exec_root_hash(
1709 const char *filename
,
1711 const char *section
,
1712 unsigned section_line
,
1719 _cleanup_free_
void *roothash_decoded
= NULL
;
1720 ExecContext
*c
= ASSERT_PTR(data
);
1721 size_t roothash_decoded_size
= 0;
1728 if (isempty(rvalue
)) {
1729 /* Reset if the empty string is assigned */
1730 c
->root_hash_path
= mfree(c
->root_hash_path
);
1731 c
->root_hash
= mfree(c
->root_hash
);
1732 c
->root_hash_size
= 0;
1736 if (path_is_absolute(rvalue
)) {
1737 /* We have the path to a roothash to load and decode, eg: RootHash=/foo/bar.roothash */
1738 _cleanup_free_
char *p
= NULL
;
1744 free_and_replace(c
->root_hash_path
, p
);
1745 c
->root_hash
= mfree(c
->root_hash
);
1746 c
->root_hash_size
= 0;
1750 /* We have a roothash to decode, eg: RootHash=012345789abcdef */
1751 r
= unhexmem(rvalue
, &roothash_decoded
, &roothash_decoded_size
);
1753 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to decode RootHash=, ignoring: %s", rvalue
);
1756 if (roothash_decoded_size
< sizeof(sd_id128_t
)) {
1757 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "RootHash= is too short, ignoring: %s", rvalue
);
1761 free_and_replace(c
->root_hash
, roothash_decoded
);
1762 c
->root_hash_size
= roothash_decoded_size
;
1763 c
->root_hash_path
= mfree(c
->root_hash_path
);
1768 int config_parse_exec_root_hash_sig(
1770 const char *filename
,
1772 const char *section
,
1773 unsigned section_line
,
1780 _cleanup_free_
void *roothash_sig_decoded
= NULL
;
1782 ExecContext
*c
= ASSERT_PTR(data
);
1783 size_t roothash_sig_decoded_size
= 0;
1790 if (isempty(rvalue
)) {
1791 /* Reset if the empty string is assigned */
1792 c
->root_hash_sig_path
= mfree(c
->root_hash_sig_path
);
1793 c
->root_hash_sig
= mfree(c
->root_hash_sig
);
1794 c
->root_hash_sig_size
= 0;
1798 if (path_is_absolute(rvalue
)) {
1799 /* We have the path to a roothash signature to load and decode, eg: RootHashSignature=/foo/bar.roothash.p7s */
1800 _cleanup_free_
char *p
= NULL
;
1806 free_and_replace(c
->root_hash_sig_path
, p
);
1807 c
->root_hash_sig
= mfree(c
->root_hash_sig
);
1808 c
->root_hash_sig_size
= 0;
1812 if (!(value
= startswith(rvalue
, "base64:"))) {
1813 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1814 "Failed to decode RootHashSignature=, not a path but doesn't start with 'base64:', ignoring: %s", rvalue
);
1818 /* We have a roothash signature to decode, eg: RootHashSignature=base64:012345789abcdef */
1819 r
= unbase64mem(value
, &roothash_sig_decoded
, &roothash_sig_decoded_size
);
1821 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to decode RootHashSignature=, ignoring: %s", rvalue
);
1825 free_and_replace(c
->root_hash_sig
, roothash_sig_decoded
);
1826 c
->root_hash_sig_size
= roothash_sig_decoded_size
;
1827 c
->root_hash_sig_path
= mfree(c
->root_hash_sig_path
);
1832 int config_parse_exec_cpu_affinity(
1834 const char *filename
,
1836 const char *section
,
1837 unsigned section_line
,
1844 ExecContext
*c
= ASSERT_PTR(data
);
1851 if (streq(rvalue
, "numa")) {
1852 c
->cpu_affinity_from_numa
= true;
1853 cpu_set_done(&c
->cpu_set
);
1857 r
= config_parse_unit_cpu_set(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, &c
->cpu_set
, userdata
);
1859 c
->cpu_affinity_from_numa
= false;
1864 int config_parse_capability_set(
1866 const char *filename
,
1868 const char *section
,
1869 unsigned section_line
,
1876 uint64_t *capability_set
= ASSERT_PTR(data
);
1877 uint64_t sum
= 0, initial
, def
;
1878 bool invert
= false;
1885 if (rvalue
[0] == '~') {
1890 if (streq(lvalue
, "CapabilityBoundingSet")) {
1891 initial
= CAP_MASK_ALL
; /* initialized to all bits on */
1892 def
= CAP_MASK_UNSET
; /* not set */
1894 def
= initial
= 0; /* All bits off */
1896 r
= capability_set_from_string(rvalue
, &sum
);
1898 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s= specifier '%s', ignoring: %m", lvalue
, rvalue
);
1902 if (sum
== 0 || *capability_set
== def
)
1903 /* "", "~" or uninitialized data -> replace */
1904 *capability_set
= invert
? ~sum
: sum
;
1906 /* previous data -> merge */
1908 *capability_set
&= ~sum
;
1910 *capability_set
|= sum
;
1916 int config_parse_exec_selinux_context(
1918 const char *filename
,
1920 const char *section
,
1921 unsigned section_line
,
1928 ExecContext
*c
= ASSERT_PTR(data
);
1929 const Unit
*u
= userdata
;
1938 if (isempty(rvalue
)) {
1939 c
->selinux_context
= mfree(c
->selinux_context
);
1940 c
->selinux_context_ignore
= false;
1944 if (rvalue
[0] == '-') {
1950 r
= unit_full_printf(u
, rvalue
, &k
);
1952 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
1953 "Failed to resolve unit specifiers in '%s'%s: %m",
1954 rvalue
, ignore
? ", ignoring" : "");
1955 return ignore
? 0 : -ENOEXEC
;
1958 free_and_replace(c
->selinux_context
, k
);
1959 c
->selinux_context_ignore
= ignore
;
1964 int config_parse_exec_apparmor_profile(
1966 const char *filename
,
1968 const char *section
,
1969 unsigned section_line
,
1976 ExecContext
*c
= ASSERT_PTR(data
);
1977 const Unit
*u
= userdata
;
1986 if (isempty(rvalue
)) {
1987 c
->apparmor_profile
= mfree(c
->apparmor_profile
);
1988 c
->apparmor_profile_ignore
= false;
1992 if (rvalue
[0] == '-') {
1998 r
= unit_full_printf(u
, rvalue
, &k
);
2000 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
2001 "Failed to resolve unit specifiers in '%s'%s: %m",
2002 rvalue
, ignore
? ", ignoring" : "");
2003 return ignore
? 0 : -ENOEXEC
;
2006 free_and_replace(c
->apparmor_profile
, k
);
2007 c
->apparmor_profile_ignore
= ignore
;
2012 int config_parse_exec_smack_process_label(
2014 const char *filename
,
2016 const char *section
,
2017 unsigned section_line
,
2024 ExecContext
*c
= ASSERT_PTR(data
);
2025 const Unit
*u
= userdata
;
2034 if (isempty(rvalue
)) {
2035 c
->smack_process_label
= mfree(c
->smack_process_label
);
2036 c
->smack_process_label_ignore
= false;
2040 if (rvalue
[0] == '-') {
2046 r
= unit_full_printf(u
, rvalue
, &k
);
2048 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
2049 "Failed to resolve unit specifiers in '%s'%s: %m",
2050 rvalue
, ignore
? ", ignoring" : "");
2051 return ignore
? 0 : -ENOEXEC
;
2054 free_and_replace(c
->smack_process_label
, k
);
2055 c
->smack_process_label_ignore
= ignore
;
2060 int config_parse_timer(
2062 const char *filename
,
2064 const char *section
,
2065 unsigned section_line
,
2072 _cleanup_(calendar_spec_freep
) CalendarSpec
*c
= NULL
;
2073 _cleanup_free_
char *k
= NULL
;
2074 const Unit
*u
= userdata
;
2075 Timer
*t
= ASSERT_PTR(data
);
2084 if (isempty(rvalue
)) {
2085 /* Empty assignment resets list */
2086 timer_free_values(t
);
2090 r
= unit_full_printf(u
, rvalue
, &k
);
2092 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
2096 if (ltype
== TIMER_CALENDAR
) {
2097 r
= calendar_spec_from_string(k
, &c
);
2099 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse calendar specification, ignoring: %s", k
);
2103 r
= parse_sec(k
, &usec
);
2105 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse timer value, ignoring: %s", k
);
2110 v
= new(TimerValue
, 1);
2117 .calendar_spec
= TAKE_PTR(c
),
2120 LIST_PREPEND(value
, t
->values
, v
);
2125 int config_parse_trigger_unit(
2127 const char *filename
,
2129 const char *section
,
2130 unsigned section_line
,
2137 _cleanup_free_
char *p
= NULL
;
2138 Unit
*u
= ASSERT_PTR(data
);
2146 if (UNIT_TRIGGER(u
)) {
2147 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Multiple units to trigger specified, ignoring: %s", rvalue
);
2151 r
= unit_name_printf(u
, rvalue
, &p
);
2153 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2157 type
= unit_name_to_type(p
);
2159 log_syntax(unit
, LOG_WARNING
, filename
, line
, type
, "Unit type not valid, ignoring: %s", rvalue
);
2162 if (unit_has_name(u
, p
)) {
2163 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Units cannot trigger themselves, ignoring: %s", rvalue
);
2167 r
= unit_add_two_dependencies_by_name(u
, UNIT_BEFORE
, UNIT_TRIGGERS
, p
, true, UNIT_DEPENDENCY_FILE
);
2169 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add trigger on %s, ignoring: %m", p
);
2176 int config_parse_path_spec(
2178 const char *filename
,
2180 const char *section
,
2181 unsigned section_line
,
2188 Path
*p
= ASSERT_PTR(data
);
2191 _cleanup_free_
char *k
= NULL
;
2198 if (isempty(rvalue
)) {
2199 /* Empty assignment clears list */
2204 b
= path_type_from_string(lvalue
);
2206 log_syntax(unit
, LOG_WARNING
, filename
, line
, b
, "Failed to parse path type, ignoring: %s", lvalue
);
2210 r
= unit_path_printf(UNIT(p
), rvalue
, &k
);
2212 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2216 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
2220 s
= new0(PathSpec
, 1);
2225 s
->path
= TAKE_PTR(k
);
2227 s
->inotify_fd
= -EBADF
;
2229 LIST_PREPEND(spec
, p
->specs
, s
);
2234 int config_parse_socket_service(
2236 const char *filename
,
2238 const char *section
,
2239 unsigned section_line
,
2246 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2247 _cleanup_free_
char *p
= NULL
;
2248 Socket
*s
= ASSERT_PTR(data
);
2256 r
= unit_name_printf(UNIT(s
), rvalue
, &p
);
2258 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2262 if (!endswith(p
, ".service")) {
2263 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Unit must be of type service, ignoring: %s", rvalue
);
2267 r
= manager_load_unit(UNIT(s
)->manager
, p
, NULL
, &error
, &x
);
2269 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to load unit %s, ignoring: %s", rvalue
, bus_error_message(&error
, r
));
2273 unit_ref_set(&s
->service
, UNIT(s
), x
);
2278 int config_parse_fdname(
2280 const char *filename
,
2282 const char *section
,
2283 unsigned section_line
,
2290 _cleanup_free_
char *p
= NULL
;
2291 Socket
*s
= ASSERT_PTR(data
);
2298 if (isempty(rvalue
)) {
2299 s
->fdname
= mfree(s
->fdname
);
2303 r
= unit_fd_printf(UNIT(s
), rvalue
, &p
);
2305 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
2309 if (!fdname_is_valid(p
)) {
2310 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid file descriptor name, ignoring: %s", p
);
2314 return free_and_replace(s
->fdname
, p
);
2317 int config_parse_service_sockets(
2319 const char *filename
,
2321 const char *section
,
2322 unsigned section_line
,
2329 Service
*s
= ASSERT_PTR(data
);
2336 for (const char *p
= rvalue
;;) {
2337 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2339 r
= extract_first_word(&p
, &word
, NULL
, 0);
2343 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Trailing garbage in sockets, ignoring: %s", rvalue
);
2349 r
= unit_name_printf(UNIT(s
), word
, &k
);
2351 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
2355 if (!endswith(k
, ".socket")) {
2356 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Unit must be of type socket, ignoring: %s", k
);
2360 r
= unit_add_two_dependencies_by_name(UNIT(s
), UNIT_WANTS
, UNIT_AFTER
, k
, true, UNIT_DEPENDENCY_FILE
);
2362 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add dependency on %s, ignoring: %m", k
);
2364 r
= unit_add_dependency_by_name(UNIT(s
), UNIT_TRIGGERED_BY
, k
, true, UNIT_DEPENDENCY_FILE
);
2366 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add dependency on %s, ignoring: %m", k
);
2370 int config_parse_bus_name(
2372 const char *filename
,
2374 const char *section
,
2375 unsigned section_line
,
2382 _cleanup_free_
char *k
= NULL
;
2383 const Unit
*u
= ASSERT_PTR(userdata
);
2390 r
= unit_full_printf_full(u
, rvalue
, SD_BUS_MAXIMUM_NAME_LENGTH
, &k
);
2392 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2396 if (!sd_bus_service_name_is_valid(k
)) {
2397 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid bus name, ignoring: %s", k
);
2401 return config_parse_string(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
2404 int config_parse_service_timeout(
2406 const char *filename
,
2408 const char *section
,
2409 unsigned section_line
,
2416 Service
*s
= ASSERT_PTR(userdata
);
2424 /* This is called for two cases: TimeoutSec= and TimeoutStartSec=. */
2426 /* Traditionally, these options accepted 0 to disable the timeouts. However, a timeout of 0 suggests it happens
2427 * immediately, hence fix this to become USEC_INFINITY instead. This is in-line with how we internally handle
2428 * all other timeouts. */
2429 r
= parse_sec_fix_0(rvalue
, &usec
);
2431 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s= parameter, ignoring: %s", lvalue
, rvalue
);
2435 s
->start_timeout_defined
= true;
2436 s
->timeout_start_usec
= usec
;
2438 if (streq(lvalue
, "TimeoutSec"))
2439 s
->timeout_stop_usec
= usec
;
2444 int config_parse_timeout_abort(
2446 const char *filename
,
2448 const char *section
,
2449 unsigned section_line
,
2456 usec_t
*ret
= ASSERT_PTR(data
);
2463 /* Note: apart from setting the arg, this returns an extra bit of information in the return value. */
2465 if (isempty(rvalue
)) {
2467 return 0; /* "not set" */
2470 r
= parse_sec(rvalue
, ret
);
2472 return log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s= setting, ignoring: %s", lvalue
, rvalue
);
2474 return 1; /* "set" */
2477 int config_parse_service_timeout_abort(
2479 const char *filename
,
2481 const char *section
,
2482 unsigned section_line
,
2489 Service
*s
= ASSERT_PTR(userdata
);
2492 r
= config_parse_timeout_abort(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
,
2493 &s
->timeout_abort_usec
, s
);
2495 s
->timeout_abort_set
= r
;
2499 int config_parse_user_group_compat(
2501 const char *filename
,
2503 const char *section
,
2504 unsigned section_line
,
2511 _cleanup_free_
char *k
= NULL
;
2513 const Unit
*u
= ASSERT_PTR(userdata
);
2520 if (isempty(rvalue
)) {
2521 *user
= mfree(*user
);
2525 r
= unit_full_printf(u
, rvalue
, &k
);
2527 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", rvalue
);
2531 if (!valid_user_group_name(k
, VALID_USER_ALLOW_NUMERIC
|VALID_USER_RELAX
|VALID_USER_WARN
)) {
2532 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Invalid user/group name or numeric ID: %s", k
);
2536 if (strstr(lvalue
, "User") && streq(k
, NOBODY_USER_NAME
))
2537 log_struct(LOG_NOTICE
,
2538 LOG_MESSAGE("%s:%u: Special user %s configured, this is not safe!", filename
, line
, k
),
2539 LOG_MESSAGE_ID(SD_MESSAGE_NOBODY_USER_UNSUITABLE_STR
),
2540 LOG_ITEM("UNIT=%s", unit
),
2541 LOG_ITEM("OFFENDING_USER=%s", k
),
2542 LOG_ITEM("CONFIG_FILE=%s", filename
),
2543 LOG_ITEM("CONFIG_LINE=%u", line
));
2545 return free_and_replace(*user
, k
);
2548 int config_parse_user_group_strv_compat(
2550 const char *filename
,
2552 const char *section
,
2553 unsigned section_line
,
2560 char ***users
= data
;
2561 const Unit
*u
= ASSERT_PTR(userdata
);
2568 if (isempty(rvalue
)) {
2569 *users
= strv_free(*users
);
2573 for (const char *p
= rvalue
;;) {
2574 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2576 r
= extract_first_word(&p
, &word
, NULL
, 0);
2580 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Invalid syntax: %s", rvalue
);
2586 r
= unit_full_printf(u
, word
, &k
);
2588 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", word
);
2592 if (!valid_user_group_name(k
, VALID_USER_ALLOW_NUMERIC
|VALID_USER_RELAX
|VALID_USER_WARN
)) {
2593 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Invalid user/group name or numeric ID: %s", k
);
2597 r
= strv_push(users
, k
);
2605 int config_parse_working_directory(
2607 const char *filename
,
2609 const char *section
,
2610 unsigned section_line
,
2617 ExecContext
*c
= ASSERT_PTR(data
);
2618 const Unit
*u
= ASSERT_PTR(userdata
);
2626 if (isempty(rvalue
)) {
2627 c
->working_directory_missing_ok
= false;
2628 c
->working_directory_home
= false;
2629 c
->working_directory
= mfree(c
->working_directory
);
2633 if (rvalue
[0] == '-') {
2639 if (streq(rvalue
, "~")) {
2640 c
->working_directory_home
= true;
2641 c
->working_directory
= mfree(c
->working_directory
);
2643 _cleanup_free_
char *k
= NULL
;
2645 r
= unit_path_printf(u
, rvalue
, &k
);
2647 log_syntax(unit
, missing_ok
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
2648 "Failed to resolve unit specifiers in working directory path '%s'%s: %m",
2649 rvalue
, missing_ok
? ", ignoring" : "");
2650 return missing_ok
? 0 : -ENOEXEC
;
2653 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
|(missing_ok
? 0 : PATH_CHECK_FATAL
),
2654 unit
, filename
, line
, lvalue
);
2656 return missing_ok
? 0 : -ENOEXEC
;
2658 c
->working_directory_home
= false;
2659 free_and_replace(c
->working_directory
, k
);
2662 c
->working_directory_missing_ok
= missing_ok
;
2666 int config_parse_unit_env_file(
2668 const char *filename
,
2670 const char *section
,
2671 unsigned section_line
,
2678 char ***env
= ASSERT_PTR(data
);
2679 const Unit
*u
= userdata
;
2680 _cleanup_free_
char *n
= NULL
;
2687 if (isempty(rvalue
)) {
2688 /* Empty assignment frees the list */
2689 *env
= strv_free(*env
);
2693 r
= unit_path_printf(u
, rvalue
, &n
);
2695 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
2699 r
= path_simplify_and_warn(n
[0] == '-' ? n
+ 1 : n
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
2703 r
= strv_push(env
, n
);
2712 int config_parse_environ(
2714 const char *filename
,
2716 const char *section
,
2717 unsigned section_line
,
2724 const Unit
*u
= userdata
;
2725 char ***env
= ASSERT_PTR(data
);
2732 if (isempty(rvalue
)) {
2733 /* Empty assignment resets the list */
2734 *env
= strv_free(*env
);
2738 /* If 'u' is set, we operate on the regular unit specifier table. Otherwise we use a manager-specific
2739 * specifier table (in which case ltype must contain the runtime scope). */
2740 const Specifier
*table
= u
? NULL
: (const Specifier
[]) {
2741 COMMON_SYSTEM_SPECIFIERS
,
2742 COMMON_TMP_SPECIFIERS
,
2743 COMMON_CREDS_SPECIFIERS(ltype
),
2744 { 'h', specifier_user_home
, NULL
},
2745 { 's', specifier_user_shell
, NULL
},
2749 for (const char *p
= rvalue
;; ) {
2750 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
;
2752 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_CUNESCAPE
|EXTRACT_UNQUOTE
);
2756 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2757 "Invalid syntax, ignoring: %s", rvalue
);
2764 r
= specifier_printf(word
, sc_arg_max(), table
, NULL
, NULL
, &resolved
);
2766 r
= unit_env_printf(u
, word
, &resolved
);
2768 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2769 "Failed to resolve specifiers in %s, ignoring: %m", word
);
2773 if (!env_assignment_is_valid(resolved
)) {
2774 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2775 "Invalid environment assignment, ignoring: %s", resolved
);
2779 r
= strv_env_replace_consume(env
, TAKE_PTR(resolved
));
2781 return log_error_errno(r
, "Failed to update environment: %m");
2785 int config_parse_pass_environ(
2787 const char *filename
,
2789 const char *section
,
2790 unsigned section_line
,
2797 char ***passenv
= ASSERT_PTR(data
);
2798 const Unit
*u
= userdata
;
2805 if (isempty(rvalue
)) {
2806 /* Empty assignment resets the list */
2807 *passenv
= strv_free(*passenv
);
2811 _cleanup_strv_free_
char **n
= NULL
;
2813 for (const char *p
= rvalue
;;) {
2814 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2816 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
2820 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2821 "Trailing garbage in %s, ignoring: %s", lvalue
, rvalue
);
2828 r
= unit_env_printf(u
, word
, &k
);
2830 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2831 "Failed to resolve specifiers in %s, ignoring: %m", word
);
2837 if (!env_name_is_valid(k
)) {
2838 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2839 "Invalid environment name for %s, ignoring: %s", lvalue
, k
);
2843 if (strv_consume(&n
, TAKE_PTR(k
)) < 0)
2847 r
= strv_extend_strv_consume(passenv
, TAKE_PTR(n
), /* filter_duplicates = */ true);
2854 int config_parse_unset_environ(
2856 const char *filename
,
2858 const char *section
,
2859 unsigned section_line
,
2866 char ***unsetenv
= ASSERT_PTR(data
);
2867 const Unit
*u
= userdata
;
2874 if (isempty(rvalue
)) {
2875 /* Empty assignment resets the list */
2876 *unsetenv
= strv_free(*unsetenv
);
2880 _cleanup_strv_free_
char **n
= NULL
;
2882 for (const char *p
= rvalue
;;) {
2883 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2885 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_CUNESCAPE
|EXTRACT_UNQUOTE
);
2889 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2890 "Trailing garbage in %s, ignoring: %s", lvalue
, rvalue
);
2897 r
= unit_env_printf(u
, word
, &k
);
2899 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2900 "Failed to resolve unit specifiers in %s, ignoring: %m", word
);
2906 if (!env_assignment_is_valid(k
) && !env_name_is_valid(k
)) {
2907 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2908 "Invalid environment name or assignment %s, ignoring: %s", lvalue
, k
);
2912 if (strv_consume(&n
, TAKE_PTR(k
)) < 0)
2916 r
= strv_extend_strv_consume(unsetenv
, TAKE_PTR(n
), /* filter_duplicates = */ true);
2923 int config_parse_log_extra_fields(
2925 const char *filename
,
2927 const char *section
,
2928 unsigned section_line
,
2935 ExecContext
*c
= ASSERT_PTR(data
);
2936 const Unit
*u
= userdata
;
2943 if (isempty(rvalue
)) {
2944 exec_context_free_log_extra_fields(c
);
2948 for (const char *p
= rvalue
;;) {
2949 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2952 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_CUNESCAPE
|EXTRACT_UNQUOTE
);
2956 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
2962 r
= unit_full_printf(u
, word
, &k
);
2964 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", word
);
2968 eq
= strchr(k
, '=');
2970 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Log field lacks '=' character, ignoring: %s", k
);
2974 if (!journal_field_valid(k
, eq
-k
, false)) {
2975 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Log field name is invalid, ignoring: %s", k
);
2979 if (!GREEDY_REALLOC(c
->log_extra_fields
, c
->n_log_extra_fields
+ 1))
2982 c
->log_extra_fields
[c
->n_log_extra_fields
++] = IOVEC_MAKE_STRING(k
);
2987 int config_parse_log_namespace(
2989 const char *filename
,
2991 const char *section
,
2992 unsigned section_line
,
2999 _cleanup_free_
char *k
= NULL
;
3000 ExecContext
*c
= ASSERT_PTR(data
);
3001 const Unit
*u
= userdata
;
3008 if (isempty(rvalue
)) {
3009 c
->log_namespace
= mfree(c
->log_namespace
);
3013 r
= unit_full_printf_full(u
, rvalue
, NAME_MAX
, &k
);
3015 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
3019 if (!log_namespace_name_valid(k
)) {
3020 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Specified log namespace name is not valid, ignoring: %s", k
);
3024 free_and_replace(c
->log_namespace
, k
);
3028 int config_parse_unit_condition_path(
3030 const char *filename
,
3032 const char *section
,
3033 unsigned section_line
,
3040 _cleanup_free_
char *p
= NULL
;
3041 Condition
**list
= ASSERT_PTR(data
), *c
;
3042 ConditionType t
= ltype
;
3043 bool trigger
, negate
;
3044 const Unit
*u
= userdata
;
3051 if (isempty(rvalue
)) {
3052 /* Empty assignment resets the list */
3053 *list
= condition_free_list(*list
);
3057 trigger
= rvalue
[0] == '|';
3061 negate
= rvalue
[0] == '!';
3065 r
= unit_path_printf(u
, rvalue
, &p
);
3067 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
3071 r
= path_simplify_and_warn(p
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
3075 c
= condition_new(t
, p
, trigger
, negate
);
3079 LIST_PREPEND(conditions
, *list
, c
);
3083 int config_parse_unit_condition_string(
3085 const char *filename
,
3087 const char *section
,
3088 unsigned section_line
,
3095 _cleanup_free_
char *s
= NULL
;
3096 Condition
**list
= ASSERT_PTR(data
), *c
;
3097 ConditionType t
= ltype
;
3098 bool trigger
, negate
;
3099 const Unit
*u
= userdata
;
3106 if (isempty(rvalue
)) {
3107 /* Empty assignment resets the list */
3108 *list
= condition_free_list(*list
);
3112 trigger
= *rvalue
== '|';
3114 rvalue
+= 1 + strspn(rvalue
+ 1, WHITESPACE
);
3116 negate
= *rvalue
== '!';
3118 rvalue
+= 1 + strspn(rvalue
+ 1, WHITESPACE
);
3120 r
= unit_full_printf(u
, rvalue
, &s
);
3122 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3123 "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
3127 c
= condition_new(t
, s
, trigger
, negate
);
3131 LIST_PREPEND(conditions
, *list
, c
);
3135 int config_parse_unit_mounts_for(
3137 const char *filename
,
3139 const char *section
,
3140 unsigned section_line
,
3154 assert(STR_IN_SET(lvalue
, "RequiresMountsFor", "WantsMountsFor"));
3156 for (const char *p
= rvalue
;;) {
3157 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
;
3159 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3163 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3164 "Invalid syntax, ignoring: %s", rvalue
);
3170 r
= unit_path_printf(u
, word
, &resolved
);
3172 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
3176 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
3180 r
= unit_add_mounts_for(u
, resolved
, UNIT_DEPENDENCY_FILE
, unit_mount_dependency_type_from_string(lvalue
));
3182 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add requested mount '%s', ignoring: %m", resolved
);
3188 int config_parse_documentation(
3190 const char *filename
,
3192 const char *section
,
3193 unsigned section_line
,
3200 Unit
*u
= ASSERT_PTR(userdata
);
3208 if (isempty(rvalue
)) {
3209 /* Empty assignment resets the list */
3210 u
->documentation
= strv_free(u
->documentation
);
3214 r
= config_parse_unit_strv_printf(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
,
3215 rvalue
, data
, userdata
);
3219 for (a
= b
= u
->documentation
; a
&& *a
; a
++) {
3221 if (documentation_url_is_valid(*a
))
3224 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid URL, ignoring: %s", *a
);
3235 int config_parse_syscall_filter(
3237 const char *filename
,
3239 const char *section
,
3240 unsigned section_line
,
3247 ExecContext
*c
= data
;
3248 _unused_
const Unit
*u
= ASSERT_PTR(userdata
);
3249 bool invert
= false;
3256 if (isempty(rvalue
)) {
3257 /* Empty assignment resets the list */
3258 c
->syscall_filter
= hashmap_free(c
->syscall_filter
);
3259 c
->syscall_allow_list
= false;
3263 if (rvalue
[0] == '~') {
3268 if (!c
->syscall_filter
) {
3269 c
->syscall_filter
= hashmap_new(NULL
);
3270 if (!c
->syscall_filter
)
3274 /* Allow everything but the ones listed */
3275 c
->syscall_allow_list
= false;
3277 /* Allow nothing but the ones listed */
3278 c
->syscall_allow_list
= true;
3280 /* Accept default syscalls if we are on an allow_list */
3281 r
= seccomp_parse_syscall_filter(
3282 "@default", -1, c
->syscall_filter
,
3283 SECCOMP_PARSE_PERMISSIVE
|SECCOMP_PARSE_ALLOW_LIST
,
3291 for (const char *p
= rvalue
;;) {
3292 _cleanup_free_
char *word
= NULL
, *name
= NULL
;
3295 r
= extract_first_word(&p
, &word
, NULL
, 0);
3299 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3300 "Invalid syntax, ignoring: %s", rvalue
);
3306 r
= parse_syscall_and_errno(word
, &name
, &num
);
3308 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3309 "Failed to parse syscall:errno, ignoring: %s", word
);
3312 if (!invert
&& num
>= 0) {
3313 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
3314 "Allow-listed system calls cannot take error number, ignoring: %s", word
);
3318 r
= seccomp_parse_syscall_filter(
3319 name
, num
, c
->syscall_filter
,
3320 SECCOMP_PARSE_LOG
|SECCOMP_PARSE_PERMISSIVE
|
3321 (invert
? SECCOMP_PARSE_INVERT
: 0)|
3322 (c
->syscall_allow_list
? SECCOMP_PARSE_ALLOW_LIST
: 0),
3323 unit
, filename
, line
);
3329 int config_parse_syscall_log(
3331 const char *filename
,
3333 const char *section
,
3334 unsigned section_line
,
3341 ExecContext
*c
= data
;
3342 _unused_
const Unit
*u
= ASSERT_PTR(userdata
);
3343 bool invert
= false;
3351 if (isempty(rvalue
)) {
3352 /* Empty assignment resets the list */
3353 c
->syscall_log
= hashmap_free(c
->syscall_log
);
3354 c
->syscall_log_allow_list
= false;
3358 if (rvalue
[0] == '~') {
3363 if (!c
->syscall_log
) {
3364 c
->syscall_log
= hashmap_new(NULL
);
3365 if (!c
->syscall_log
)
3369 /* Log everything but the ones listed */
3370 c
->syscall_log_allow_list
= false;
3372 /* Log nothing but the ones listed */
3373 c
->syscall_log_allow_list
= true;
3378 _cleanup_free_
char *word
= NULL
;
3380 r
= extract_first_word(&p
, &word
, NULL
, 0);
3384 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
3390 r
= seccomp_parse_syscall_filter(
3391 word
, -1, c
->syscall_log
,
3392 SECCOMP_PARSE_LOG
|SECCOMP_PARSE_PERMISSIVE
|
3393 (invert
? SECCOMP_PARSE_INVERT
: 0)|
3394 (c
->syscall_log_allow_list
? SECCOMP_PARSE_ALLOW_LIST
: 0),
3395 unit
, filename
, line
);
3401 int config_parse_syscall_archs(
3403 const char *filename
,
3405 const char *section
,
3406 unsigned section_line
,
3416 if (isempty(rvalue
)) {
3417 *archs
= set_free(*archs
);
3421 for (const char *p
= rvalue
;;) {
3422 _cleanup_free_
char *word
= NULL
;
3425 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3429 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3430 "Invalid syntax, ignoring: %s", rvalue
);
3436 r
= seccomp_arch_from_string(word
, &a
);
3438 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3439 "Failed to parse system call architecture \"%s\", ignoring: %m", word
);
3443 r
= set_ensure_put(archs
, NULL
, UINT32_TO_PTR(a
+ 1));
3449 int config_parse_syscall_errno(
3451 const char *filename
,
3453 const char *section
,
3454 unsigned section_line
,
3461 ExecContext
*c
= data
;
3468 if (isempty(rvalue
) || streq(rvalue
, "kill")) {
3469 /* Empty assignment resets to KILL */
3470 c
->syscall_errno
= SECCOMP_ERROR_NUMBER_KILL
;
3474 e
= parse_errno(rvalue
);
3476 log_syntax(unit
, LOG_WARNING
, filename
, line
, e
, "Failed to parse error number, ignoring: %s", rvalue
);
3480 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid error number, ignoring: %s", rvalue
);
3484 c
->syscall_errno
= e
;
3488 int config_parse_address_families(
3490 const char *filename
,
3492 const char *section
,
3493 unsigned section_line
,
3500 ExecContext
*c
= data
;
3501 bool invert
= false;
3508 if (isempty(rvalue
)) {
3509 /* Empty assignment resets the list */
3510 c
->address_families
= set_free(c
->address_families
);
3511 c
->address_families_allow_list
= false;
3515 if (streq(rvalue
, "none")) {
3516 /* Forbid all address families. */
3517 c
->address_families
= set_free(c
->address_families
);
3518 c
->address_families_allow_list
= true;
3522 if (rvalue
[0] == '~') {
3527 if (!c
->address_families
) {
3528 c
->address_families
= set_new(NULL
);
3529 if (!c
->address_families
)
3532 c
->address_families_allow_list
= !invert
;
3535 for (const char *p
= rvalue
;;) {
3536 _cleanup_free_
char *word
= NULL
;
3539 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3543 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3544 "Invalid syntax, ignoring: %s", rvalue
);
3550 af
= af_from_name(word
);
3552 log_syntax(unit
, LOG_WARNING
, filename
, line
, af
,
3553 "Failed to parse address family, ignoring: %s", word
);
3557 /* If we previously wanted to forbid an address family and now
3558 * we want to allow it, then just remove it from the list.
3560 if (!invert
== c
->address_families_allow_list
) {
3561 r
= set_put(c
->address_families
, INT_TO_PTR(af
));
3565 set_remove(c
->address_families
, INT_TO_PTR(af
));
3570 int config_parse_namespace_flags(
3572 const char *filename
,
3574 const char *section
,
3575 unsigned section_line
,
3582 unsigned long *flags
= data
;
3583 unsigned long all
= UPDATE_FLAG(NAMESPACE_FLAGS_ALL
, CLONE_NEWUSER
, !streq(lvalue
, "DelegateNamespaces"));
3585 bool invert
= false;
3588 if (isempty(rvalue
)) {
3589 /* Reset to the default. */
3590 *flags
= NAMESPACE_FLAGS_INITIAL
;
3594 /* Boolean parameter ignores the previous settings */
3595 r
= parse_boolean(rvalue
);
3597 /* RestrictNamespaces= value gets stored into a field with reverse semantics (the namespaces
3598 * which are retained), so RestrictNamespaces=true means we retain no access to any
3599 * namespaces and vice-versa. */
3600 *flags
= streq(lvalue
, "RestrictNamespaces") ? 0 : all
;
3602 } else if (r
== 0) {
3603 *flags
= streq(lvalue
, "RestrictNamespaces") ? all
: 0;
3607 if (rvalue
[0] == '~') {
3612 /* Not a boolean argument, in this case it's a list of namespace types. */
3613 r
= namespace_flags_from_string(rvalue
, &f
);
3615 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse namespace type string, ignoring: %s", rvalue
);
3619 if (*flags
== NAMESPACE_FLAGS_INITIAL
)
3620 /* Initial assignment. Just set the value. */
3621 f
= invert
? (~f
) & all
: f
;
3623 /* Merge the value with the previous one. */
3624 f
= UPDATE_FLAG(*flags
, f
, !invert
);
3626 if (FLAGS_SET(f
, CLONE_NEWUSER
) && streq(lvalue
, "DelegateNamespaces")) {
3627 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "The user namespace cannot be delegated with DelegateNamespaces=, ignoring: %s", rvalue
);
3636 int config_parse_restrict_filesystems(
3638 const char *filename
,
3640 const char *section
,
3641 unsigned section_line
,
3647 ExecContext
*c
= ASSERT_PTR(data
);
3648 bool invert
= false;
3655 if (isempty(rvalue
)) {
3656 /* Empty assignment resets the list */
3657 c
->restrict_filesystems
= set_free(c
->restrict_filesystems
);
3658 c
->restrict_filesystems_allow_list
= false;
3662 if (rvalue
[0] == '~') {
3667 if (!c
->restrict_filesystems
) {
3669 /* Allow everything but the ones listed */
3670 c
->restrict_filesystems_allow_list
= false;
3672 /* Allow nothing but the ones listed */
3673 c
->restrict_filesystems_allow_list
= true;
3676 for (const char *p
= rvalue
;;) {
3677 _cleanup_free_
char *word
= NULL
;
3679 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3685 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3686 "Trailing garbage in %s, ignoring: %s", lvalue
, rvalue
);
3690 r
= bpf_restrict_fs_parse_filesystem(
3692 &c
->restrict_filesystems
,
3693 FILESYSTEM_PARSE_LOG
|
3694 (invert
? FILESYSTEM_PARSE_INVERT
: 0)|
3695 (c
->restrict_filesystems_allow_list
? FILESYSTEM_PARSE_ALLOW_LIST
: 0),
3696 unit
, filename
, line
);
3705 int config_parse_unit_slice(
3707 const char *filename
,
3709 const char *section
,
3710 unsigned section_line
,
3717 Unit
*u
= ASSERT_PTR(userdata
), *slice
;
3718 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
3719 _cleanup_free_
char *k
= NULL
;
3726 r
= unit_name_printf(u
, rvalue
, &k
);
3728 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
3732 r
= manager_load_unit(u
->manager
, k
, NULL
, &error
, &slice
);
3734 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to load slice unit %s, ignoring: %s", k
, bus_error_message(&error
, r
));
3738 r
= unit_set_slice(u
, slice
);
3740 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to assign slice %s to unit %s, ignoring: %m", slice
->id
, u
->id
);
3747 int config_parse_cpu_quota(
3749 const char *filename
,
3751 const char *section
,
3752 unsigned section_line
,
3759 CGroupContext
*c
= data
;
3766 if (isempty(rvalue
)) {
3767 c
->cpu_quota_per_sec_usec
= USEC_INFINITY
;
3771 r
= parse_permyriad_unbounded(rvalue
);
3773 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid CPU quota '%s', ignoring.", rvalue
);
3777 c
->cpu_quota_per_sec_usec
= ((usec_t
) r
* USEC_PER_SEC
) / 10000U;
3781 int config_parse_unit_cpu_set(
3783 const char *filename
,
3785 const char *section
,
3786 unsigned section_line
,
3793 const Unit
*u
= ASSERT_PTR(userdata
);
3794 _cleanup_free_
char *k
= NULL
;
3801 r
= unit_full_printf(u
, rvalue
, &k
);
3803 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3804 "Failed to resolve unit specifiers in '%s', ignoring: %m",
3809 return config_parse_cpu_set(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
3812 int config_parse_memory_limit(
3814 const char *filename
,
3816 const char *section
,
3817 unsigned section_line
,
3824 CGroupContext
*c
= data
;
3825 uint64_t bytes
= CGROUP_LIMIT_MAX
;
3828 if (isempty(rvalue
) && STR_IN_SET(lvalue
, "DefaultMemoryLow",
3833 bytes
= CGROUP_LIMIT_MIN
;
3834 else if (!isempty(rvalue
) && !streq(rvalue
, "infinity")) {
3836 r
= parse_permyriad(rvalue
);
3838 r
= parse_size(rvalue
, 1024, &bytes
);
3840 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid memory limit '%s', ignoring: %m", rvalue
);
3844 bytes
= physical_memory_scale(r
, 10000U);
3846 if (bytes
>= UINT64_MAX
||
3847 (bytes
<= 0 && !STR_IN_SET(lvalue
,
3849 "StartupMemorySwapMax",
3851 "StartupMemoryZSwapMax",
3856 "DefaultstartupMemoryLow",
3857 "DefaultMemoryMin"))) {
3858 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Memory limit '%s' out of range, ignoring.", rvalue
);
3863 if (streq(lvalue
, "DefaultMemoryLow")) {
3864 c
->default_memory_low
= bytes
;
3865 c
->default_memory_low_set
= true;
3866 } else if (streq(lvalue
, "DefaultStartupMemoryLow")) {
3867 c
->default_startup_memory_low
= bytes
;
3868 c
->default_startup_memory_low_set
= true;
3869 } else if (streq(lvalue
, "DefaultMemoryMin")) {
3870 c
->default_memory_min
= bytes
;
3871 c
->default_memory_min_set
= true;
3872 } else if (streq(lvalue
, "MemoryMin")) {
3873 c
->memory_min
= bytes
;
3874 c
->memory_min_set
= true;
3875 } else if (streq(lvalue
, "MemoryLow")) {
3876 c
->memory_low
= bytes
;
3877 c
->memory_low_set
= true;
3878 } else if (streq(lvalue
, "StartupMemoryLow")) {
3879 c
->startup_memory_low
= bytes
;
3880 c
->startup_memory_low_set
= true;
3881 } else if (streq(lvalue
, "MemoryHigh"))
3882 c
->memory_high
= bytes
;
3883 else if (streq(lvalue
, "StartupMemoryHigh")) {
3884 c
->startup_memory_high
= bytes
;
3885 c
->startup_memory_high_set
= true;
3886 } else if (streq(lvalue
, "MemoryMax"))
3887 c
->memory_max
= bytes
;
3888 else if (streq(lvalue
, "StartupMemoryMax")) {
3889 c
->startup_memory_max
= bytes
;
3890 c
->startup_memory_max_set
= true;
3891 } else if (streq(lvalue
, "MemorySwapMax"))
3892 c
->memory_swap_max
= bytes
;
3893 else if (streq(lvalue
, "StartupMemorySwapMax")) {
3894 c
->startup_memory_swap_max
= bytes
;
3895 c
->startup_memory_swap_max_set
= true;
3896 } else if (streq(lvalue
, "MemoryZSwapMax"))
3897 c
->memory_zswap_max
= bytes
;
3898 else if (streq(lvalue
, "StartupMemoryZSwapMax")) {
3899 c
->startup_memory_zswap_max
= bytes
;
3900 c
->startup_memory_zswap_max_set
= true;
3907 int config_parse_tasks_max(
3909 const char *filename
,
3911 const char *section
,
3912 unsigned section_line
,
3919 CGroupTasksMax
*tasks_max
= ASSERT_PTR(data
);
3920 const Unit
*u
= userdata
;
3924 if (isempty(rvalue
)) {
3925 *tasks_max
= u
? u
->manager
->defaults
.tasks_max
: CGROUP_TASKS_MAX_UNSET
;
3929 if (streq(rvalue
, "infinity")) {
3930 *tasks_max
= CGROUP_TASKS_MAX_UNSET
;
3934 r
= parse_permyriad(rvalue
);
3936 *tasks_max
= (CGroupTasksMax
) { r
, 10000U }; /* r‱ */
3938 r
= safe_atou64(rvalue
, &v
);
3940 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid maximum tasks value '%s', ignoring: %m", rvalue
);
3944 if (v
<= 0 || v
>= UINT64_MAX
) {
3945 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Maximum tasks value '%s' out of range, ignoring.", rvalue
);
3949 *tasks_max
= (CGroupTasksMax
) { v
};
3955 int config_parse_delegate(
3957 const char *filename
,
3959 const char *section
,
3960 unsigned section_line
,
3967 CGroupContext
*c
= data
;
3971 t
= unit_name_to_type(unit
);
3972 assert(t
!= _UNIT_TYPE_INVALID
);
3974 if (!unit_vtable
[t
]->can_delegate
) {
3975 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Delegate= setting not supported for this unit type, ignoring.");
3979 /* We either accept a boolean value, which may be used to turn on delegation for all controllers, or
3980 * turn it off for all. Or it takes a list of controller names, in which case we add the specified
3981 * controllers to the mask to delegate. Delegate= enables delegation without any controllers. */
3983 if (isempty(rvalue
)) {
3984 /* An empty string resets controllers and sets Delegate=yes. */
3986 c
->delegate_controllers
= 0;
3990 r
= parse_boolean(rvalue
);
3992 CGroupMask mask
= 0;
3994 for (const char *p
= rvalue
;;) {
3995 _cleanup_free_
char *word
= NULL
;
3996 CGroupController cc
;
3998 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
4002 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
4008 cc
= cgroup_controller_from_string(word
);
4010 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid controller name '%s', ignoring", word
);
4014 mask
|= CGROUP_CONTROLLER_TO_MASK(cc
);
4018 c
->delegate_controllers
|= mask
;
4022 c
->delegate_controllers
= CGROUP_MASK_DELEGATE
;
4024 c
->delegate
= false;
4025 c
->delegate_controllers
= 0;
4031 int config_parse_delegate_subgroup(
4033 const char *filename
,
4035 const char *section
,
4036 unsigned section_line
,
4043 CGroupContext
*c
= ASSERT_PTR(data
);
4046 t
= unit_name_to_type(unit
);
4049 if (!unit_vtable
[t
]->can_delegate
) {
4050 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "DelegateSubgroup= setting not supported for this unit type, ignoring.");
4054 if (isempty(rvalue
)) {
4055 c
->delegate_subgroup
= mfree(c
->delegate_subgroup
);
4059 if (cg_needs_escape(rvalue
)) { /* Insist that specified names don't need escaping */
4060 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid control group name, ignoring: %s", rvalue
);
4064 return free_and_strdup_warn(&c
->delegate_subgroup
, rvalue
);
4067 int config_parse_managed_oom_mode(
4069 const char *filename
,
4071 const char *section
,
4072 unsigned section_line
,
4079 ManagedOOMMode
*mode
= data
, m
;
4082 t
= unit_name_to_type(unit
);
4083 assert(t
!= _UNIT_TYPE_INVALID
);
4085 if (!unit_vtable
[t
]->can_set_managed_oom
)
4086 return log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "%s= is not supported for this unit type, ignoring.", lvalue
);
4088 if (isempty(rvalue
)) {
4089 *mode
= MANAGED_OOM_AUTO
;
4093 m
= managed_oom_mode_from_string(rvalue
);
4095 log_syntax(unit
, LOG_WARNING
, filename
, line
, m
, "Invalid syntax, ignoring: %s", rvalue
);
4103 int config_parse_managed_oom_mem_pressure_limit(
4105 const char *filename
,
4107 const char *section
,
4108 unsigned section_line
,
4115 uint32_t *limit
= data
;
4119 t
= unit_name_to_type(unit
);
4120 assert(t
!= _UNIT_TYPE_INVALID
);
4122 if (!unit_vtable
[t
]->can_set_managed_oom
)
4123 return log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "%s= is not supported for this unit type, ignoring.", lvalue
);
4125 if (isempty(rvalue
)) {
4130 r
= parse_permyriad(rvalue
);
4132 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse memory pressure limit value, ignoring: %s", rvalue
);
4136 /* Normalize to 2^32-1 == 100% */
4137 *limit
= UINT32_SCALE_FROM_PERMYRIAD(r
);
4141 int config_parse_managed_oom_mem_pressure_duration_sec(
4143 const char *filename
,
4145 const char *section
,
4146 unsigned section_line
,
4153 usec_t usec
, *duration
= ASSERT_PTR(data
);
4157 t
= unit_name_to_type(unit
);
4158 assert(t
!= _UNIT_TYPE_INVALID
);
4160 if (!unit_vtable
[t
]->can_set_managed_oom
)
4161 return log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "%s= is not supported for this unit type, ignoring.", lvalue
);
4163 if (isempty(rvalue
)) {
4164 *duration
= USEC_INFINITY
;
4168 r
= parse_sec(rvalue
, &usec
);
4170 return log_syntax_parse_error(unit
, filename
, line
, r
, lvalue
, rvalue
);
4172 if (usec
< 1 * USEC_PER_SEC
|| usec
== USEC_INFINITY
)
4173 return log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "%s= must be at least 1s and less than infinity, ignoring: %s", lvalue
, rvalue
);
4179 int config_parse_device_allow(
4181 const char *filename
,
4183 const char *section
,
4184 unsigned section_line
,
4191 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4192 CGroupDevicePermissions permissions
;
4193 CGroupContext
*c
= data
;
4194 const char *p
= rvalue
;
4197 if (isempty(rvalue
)) {
4198 while (c
->device_allow
)
4199 cgroup_context_free_device_allow(c
, c
->device_allow
);
4204 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4208 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4209 "Failed to extract device path and rights from '%s', ignoring.", rvalue
);
4213 r
= unit_path_printf(userdata
, path
, &resolved
);
4215 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4216 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4220 if (!STARTSWITH_SET(resolved
, "block-", "char-")) {
4222 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4226 if (!valid_device_node_path(resolved
)) {
4227 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid device node path '%s', ignoring.", resolved
);
4232 permissions
= isempty(p
) ? 0 : cgroup_device_permissions_from_string(p
);
4233 if (permissions
< 0) {
4234 log_syntax(unit
, LOG_WARNING
, filename
, line
, permissions
, "Invalid device rights '%s', ignoring.", p
);
4238 return cgroup_context_add_device_allow(c
, resolved
, permissions
);
4241 int config_parse_io_device_weight(
4243 const char *filename
,
4245 const char *section
,
4246 unsigned section_line
,
4253 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4254 CGroupIODeviceWeight
*w
;
4255 CGroupContext
*c
= data
;
4256 const char *p
= ASSERT_PTR(rvalue
);
4263 if (isempty(rvalue
)) {
4264 while (c
->io_device_weights
)
4265 cgroup_context_free_io_device_weight(c
, c
->io_device_weights
);
4270 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4274 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4275 "Failed to extract device path and weight from '%s', ignoring.", rvalue
);
4278 if (r
== 0 || isempty(p
)) {
4279 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4280 "Invalid device path or weight specified in '%s', ignoring.", rvalue
);
4284 r
= unit_path_printf(userdata
, path
, &resolved
);
4286 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4287 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4291 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4295 r
= cg_weight_parse(p
, &u
);
4297 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "IO weight '%s' invalid, ignoring: %m", p
);
4301 assert(u
!= CGROUP_WEIGHT_INVALID
);
4303 w
= new0(CGroupIODeviceWeight
, 1);
4307 w
->path
= TAKE_PTR(resolved
);
4310 LIST_APPEND(device_weights
, c
->io_device_weights
, w
);
4314 int config_parse_io_device_latency(
4316 const char *filename
,
4318 const char *section
,
4319 unsigned section_line
,
4326 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4327 CGroupIODeviceLatency
*l
;
4328 CGroupContext
*c
= data
;
4329 const char *p
= ASSERT_PTR(rvalue
);
4336 if (isempty(rvalue
)) {
4337 while (c
->io_device_latencies
)
4338 cgroup_context_free_io_device_latency(c
, c
->io_device_latencies
);
4343 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4347 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4348 "Failed to extract device path and latency from '%s', ignoring.", rvalue
);
4351 if (r
== 0 || isempty(p
)) {
4352 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4353 "Invalid device path or latency specified in '%s', ignoring.", rvalue
);
4357 r
= unit_path_printf(userdata
, path
, &resolved
);
4359 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4360 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4364 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4368 r
= parse_sec(p
, &usec
);
4370 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse timer value, ignoring: %s", p
);
4374 l
= new0(CGroupIODeviceLatency
, 1);
4378 l
->path
= TAKE_PTR(resolved
);
4379 l
->target_usec
= usec
;
4381 LIST_APPEND(device_latencies
, c
->io_device_latencies
, l
);
4385 int config_parse_io_limit(
4387 const char *filename
,
4389 const char *section
,
4390 unsigned section_line
,
4397 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4398 CGroupIODeviceLimit
*l
= NULL
;
4399 CGroupContext
*c
= data
;
4400 CGroupIOLimitType type
;
4401 const char *p
= ASSERT_PTR(rvalue
);
4408 type
= cgroup_io_limit_type_from_string(lvalue
);
4411 if (isempty(rvalue
)) {
4412 LIST_FOREACH(device_limits
, t
, c
->io_device_limits
)
4413 t
->limits
[type
] = cgroup_io_limit_defaults
[type
];
4417 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4421 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4422 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue
);
4425 if (r
== 0 || isempty(p
)) {
4426 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4427 "Invalid device node or bandwidth specified in '%s', ignoring.", rvalue
);
4431 r
= unit_path_printf(userdata
, path
, &resolved
);
4433 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4434 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4438 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4442 if (streq("infinity", p
))
4443 num
= CGROUP_LIMIT_MAX
;
4445 r
= parse_size(p
, 1000, &num
);
4446 if (r
< 0 || num
<= 0) {
4447 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid IO limit '%s', ignoring.", p
);
4452 LIST_FOREACH(device_limits
, t
, c
->io_device_limits
)
4453 if (path_equal(resolved
, t
->path
)) {
4459 l
= new0(CGroupIODeviceLimit
, 1);
4463 l
->path
= TAKE_PTR(resolved
);
4464 for (CGroupIOLimitType i
= 0; i
< _CGROUP_IO_LIMIT_TYPE_MAX
; i
++)
4465 l
->limits
[i
] = cgroup_io_limit_defaults
[i
];
4467 LIST_APPEND(device_limits
, c
->io_device_limits
, l
);
4470 l
->limits
[type
] = num
;
4475 int config_parse_job_mode_isolate(
4477 const char *filename
,
4479 const char *section
,
4480 unsigned section_line
,
4494 r
= parse_boolean(rvalue
);
4496 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse boolean, ignoring: %s", rvalue
);
4500 log_notice("%s is deprecated. Please use OnFailureJobMode= instead", lvalue
);
4502 *m
= r
? JOB_ISOLATE
: JOB_REPLACE
;
4506 int config_parse_exec_directories(
4508 const char *filename
,
4510 const char *section
,
4511 unsigned section_line
,
4518 ExecDirectory
*ed
= ASSERT_PTR(data
);
4519 const Unit
*u
= userdata
;
4526 if (isempty(rvalue
)) {
4527 /* Empty assignment resets the list */
4528 exec_directory_done(ed
);
4532 for (const char *p
= rvalue
;;) {
4533 _cleanup_free_
char *tuple
= NULL
;
4535 r
= extract_first_word(&p
, &tuple
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_RETAIN_ESCAPE
);
4539 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4540 "Invalid syntax %s=%s, ignoring: %m", lvalue
, rvalue
);
4546 _cleanup_free_
char *src
= NULL
, *dest
= NULL
, *flags
= NULL
;
4547 const char *q
= tuple
;
4548 r
= extract_many_words(&q
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
|EXTRACT_DONT_COALESCE_SEPARATORS
, &src
, &dest
, &flags
);
4552 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4553 "Invalid syntax in %s=, ignoring: %s", lvalue
, tuple
);
4557 _cleanup_free_
char *sresolved
= NULL
;
4558 r
= unit_path_printf(u
, src
, &sresolved
);
4560 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4561 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", src
);
4565 r
= path_simplify_and_warn(sresolved
, PATH_CHECK_RELATIVE
, unit
, filename
, line
, lvalue
);
4569 if (path_startswith(sresolved
, "private")) {
4570 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4571 "%s= path can't be 'private', ignoring assignment: %s", lvalue
, tuple
);
4575 if (!isempty(dest
) && streq(lvalue
, "ConfigurationDirectory")) {
4576 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4577 "Additional parameter is not supported for ConfigurationDirectory, ignoring: %s", tuple
);
4581 /* For State and Runtime directories we support an optional destination parameter, which
4582 * will be used to create a symlink to the source. */
4583 _cleanup_free_
char *dresolved
= NULL
;
4584 if (!isempty(dest
)) {
4585 r
= unit_path_printf(u
, dest
, &dresolved
);
4587 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4588 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", dest
);
4592 r
= path_simplify_and_warn(dresolved
, PATH_CHECK_RELATIVE
, unit
, filename
, line
, lvalue
);
4597 ExecDirectoryFlags exec_directory_flags
= exec_directory_flags_from_string(flags
);
4598 if (exec_directory_flags
< 0 || (exec_directory_flags
& ~_EXEC_DIRECTORY_FLAGS_PUBLIC
) != 0) {
4599 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4600 "Invalid flags for %s=, ignoring: %s", lvalue
, flags
);
4604 r
= exec_directory_add(ed
, sresolved
, dresolved
, exec_directory_flags
);
4610 int config_parse_exec_quota(
4612 const char *filename
,
4614 const char *section
,
4615 unsigned section_line
,
4622 QuotaLimit
*quota_limit
= ASSERT_PTR(data
);
4623 uint64_t quota_absolute
= UINT64_MAX
;
4624 uint32_t quota_scale
= UINT32_MAX
;
4627 if (isempty(rvalue
) || streq(rvalue
, "off")) {
4628 quota_limit
->quota_enforce
= false;
4629 quota_limit
->quota_absolute
= UINT64_MAX
;
4630 quota_limit
->quota_scale
= UINT32_MAX
;
4634 r
= parse_permyriad(rvalue
);
4636 r
= parse_size(rvalue
, 1024, "a_absolute
);
4638 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse disk quota value, ignoring: %s", rvalue
);
4642 /* Normalize to 2^32-1 == 100% */
4643 quota_scale
= UINT32_SCALE_FROM_PERMYRIAD(r
);
4645 quota_limit
->quota_absolute
= quota_absolute
;
4646 quota_limit
->quota_scale
= quota_scale
;
4647 quota_limit
->quota_enforce
= true;
4652 int config_parse_set_credential(
4654 const char *filename
,
4656 const char *section
,
4657 unsigned section_line
,
4664 ExecContext
*context
= ASSERT_PTR(data
);
4665 const Unit
*u
= ASSERT_PTR(userdata
);
4672 if (isempty(rvalue
)) {
4673 /* Empty assignment resets the list */
4674 context
->set_credentials
= hashmap_free(context
->set_credentials
);
4678 _cleanup_free_
char *word
= NULL
, *id
= NULL
;
4679 const char *p
= rvalue
;
4680 bool encrypted
= ltype
;
4682 r
= extract_first_word(&p
, &word
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
4686 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract credential name, ignoring: %s", rvalue
);
4689 if (r
== 0 || isempty(p
)) {
4690 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid syntax, ignoring: %s", rvalue
);
4694 r
= unit_cred_printf(u
, word
, &id
);
4696 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word
);
4699 if (!credential_name_valid(id
)) {
4700 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Credential name \"%s\" not valid, ignoring.", id
);
4704 _cleanup_free_
void *d
= NULL
;
4708 r
= unbase64mem_full(p
, SIZE_MAX
, /* secure = */ true, &d
, &size
);
4712 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Encrypted credential data not valid Base64 data, ignoring: %m");
4718 /* We support escape codes here, so that users can insert trailing \n if they like */
4719 l
= cunescape(p
, UNESCAPE_ACCEPT_NUL
, (char**) &d
);
4723 log_syntax(unit
, LOG_WARNING
, filename
, line
, l
, "Can't unescape \"%s\", ignoring: %m", p
);
4730 r
= exec_context_put_set_credential(context
, id
, TAKE_PTR(d
), size
, encrypted
);
4732 return log_error_errno(r
, "Failed to store set credential '%s': %m", rvalue
);
4737 int config_parse_load_credential(
4739 const char *filename
,
4741 const char *section
,
4742 unsigned section_line
,
4749 ExecContext
*context
= ASSERT_PTR(data
);
4750 const Unit
*u
= ASSERT_PTR(userdata
);
4757 if (isempty(rvalue
)) {
4758 /* Empty assignment resets the list */
4759 context
->load_credentials
= hashmap_free(context
->load_credentials
);
4763 _cleanup_free_
char *word
= NULL
, *id
= NULL
, *path
= NULL
;
4764 const char *p
= rvalue
;
4765 bool encrypted
= ltype
;
4767 r
= extract_first_word(&p
, &word
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
4771 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
4775 r
= unit_cred_printf(u
, word
, &id
);
4777 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word
);
4780 if (!credential_name_valid(id
)) {
4781 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Credential name \"%s\" not valid, ignoring.", id
);
4786 /* If only one field is specified take it as shortcut for inheriting a credential named
4787 * the same way from our parent */
4792 r
= unit_path_printf(u
, p
, &path
);
4794 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", p
);
4797 if (path_is_absolute(path
) ? !path_is_normalized(path
) : !credential_name_valid(path
)) {
4798 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Credential source \"%s\" not valid, ignoring.", path
);
4803 r
= exec_context_put_load_credential(context
, id
, path
, encrypted
);
4805 return log_error_errno(r
, "Failed to store load credential '%s': %m", rvalue
);
4810 int config_parse_import_credential(
4812 const char *filename
,
4814 const char *section
,
4815 unsigned section_line
,
4822 ExecContext
*context
= ASSERT_PTR(data
);
4830 if (isempty(rvalue
)) {
4831 /* Empty assignment resets the list */
4832 context
->import_credentials
= ordered_set_free(context
->import_credentials
);
4836 const char *p
= rvalue
;
4837 _cleanup_free_
char *word
= NULL
, *glob
= NULL
;
4839 r
= extract_first_word(&p
, &word
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
4843 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
4847 r
= unit_cred_printf(u
, word
, &glob
);
4849 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word
);
4853 if (!credential_glob_valid(glob
)) {
4854 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Credential name or glob \"%s\" not valid, ignoring.", glob
);
4858 if (!isempty(p
) && !credential_name_valid(p
)) {
4859 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Credential name \"%s\" not valid, ignoring.", p
);
4863 r
= exec_context_put_import_credential(context
, glob
, p
);
4865 return log_error_errno(r
, "Failed to store import credential '%s': %m", rvalue
);
4870 int config_parse_set_status(
4872 const char *filename
,
4874 const char *section
,
4875 unsigned section_line
,
4882 ExitStatusSet
*status_set
= ASSERT_PTR(data
);
4889 /* Empty assignment resets the list */
4890 if (isempty(rvalue
)) {
4891 exit_status_set_free(status_set
);
4895 for (const char *p
= rvalue
;;) {
4896 _cleanup_free_
char *word
= NULL
;
4899 r
= extract_first_word(&p
, &word
, NULL
, 0);
4903 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4904 "Failed to parse %s=%s, ignoring: %m", lvalue
, rvalue
);
4910 /* We need to call exit_status_from_string() first, because we want
4911 * to parse numbers as exit statuses, not signals. */
4913 r
= exit_status_from_string(word
);
4915 assert(r
>= 0 && r
< 256);
4916 bitmap
= &status_set
->status
;
4918 r
= signal_from_string(word
);
4920 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4921 "Failed to parse value, ignoring: %s", word
);
4924 bitmap
= &status_set
->signal
;
4927 r
= bitmap_set(bitmap
, r
);
4929 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4930 "Failed to set signal or status %s, ignoring: %m", word
);
4934 int config_parse_namespace_path_strv(
4936 const char *filename
,
4938 const char *section
,
4939 unsigned section_line
,
4946 const Unit
*u
= userdata
;
4947 char*** sv
= ASSERT_PTR(data
);
4954 if (isempty(rvalue
)) {
4955 /* Empty assignment resets the list */
4956 *sv
= strv_free(*sv
);
4960 for (const char *p
= rvalue
;;) {
4961 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
, *joined
= NULL
;
4963 bool ignore_enoent
= false, shall_prefix
= false;
4965 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
4969 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract first word, ignoring: %s", rvalue
);
4976 if (startswith(w
, "-")) {
4977 ignore_enoent
= true;
4980 if (startswith(w
, "+")) {
4981 shall_prefix
= true;
4985 r
= unit_path_printf(u
, w
, &resolved
);
4987 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", w
);
4991 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
4995 joined
= strjoin(ignore_enoent
? "-" : "",
4996 shall_prefix
? "+" : "",
4999 r
= strv_push(sv
, joined
);
5009 int config_parse_temporary_filesystems(
5011 const char *filename
,
5013 const char *section
,
5014 unsigned section_line
,
5021 const Unit
*u
= userdata
;
5022 ExecContext
*c
= ASSERT_PTR(data
);
5029 if (isempty(rvalue
)) {
5030 /* Empty assignment resets the list */
5031 temporary_filesystem_free_many(c
->temporary_filesystems
, c
->n_temporary_filesystems
);
5032 c
->temporary_filesystems
= NULL
;
5033 c
->n_temporary_filesystems
= 0;
5037 for (const char *p
= rvalue
;;) {
5038 _cleanup_free_
char *word
= NULL
, *path
= NULL
, *resolved
= NULL
;
5041 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
5045 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract first word, ignoring: %s", rvalue
);
5052 r
= extract_first_word(&w
, &path
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
5056 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract first word, ignoring: %s", word
);
5060 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid syntax, ignoring: %s", word
);
5064 r
= unit_path_printf(u
, path
, &resolved
);
5066 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", path
);
5070 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5074 r
= temporary_filesystem_add(&c
->temporary_filesystems
, &c
->n_temporary_filesystems
, resolved
, w
);
5080 int config_parse_bind_paths(
5082 const char *filename
,
5084 const char *section
,
5085 unsigned section_line
,
5092 ExecContext
*c
= ASSERT_PTR(data
);
5093 const Unit
*u
= ASSERT_PTR(userdata
);
5100 if (isempty(rvalue
)) {
5101 /* Empty assignment resets the list */
5102 bind_mount_free_many(c
->bind_mounts
, c
->n_bind_mounts
);
5103 c
->bind_mounts
= NULL
;
5104 c
->n_bind_mounts
= 0;
5108 for (const char *p
= rvalue
;;) {
5109 _cleanup_free_
char *source
= NULL
, *destination
= NULL
;
5110 _cleanup_free_
char *sresolved
= NULL
, *dresolved
= NULL
;
5111 char *s
= NULL
, *d
= NULL
;
5112 bool rbind
= true, ignore_enoent
= false;
5114 r
= extract_first_word(&p
, &source
, ":" WHITESPACE
, EXTRACT_UNQUOTE
|EXTRACT_DONT_COALESCE_SEPARATORS
);
5118 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s, ignoring: %s", lvalue
, rvalue
);
5124 r
= unit_path_printf(u
, source
, &sresolved
);
5126 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5127 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", source
);
5133 ignore_enoent
= true;
5137 r
= path_simplify_and_warn(s
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5141 /* Optionally, the destination is specified. */
5142 if (p
&& p
[-1] == ':') {
5143 r
= extract_first_word(&p
, &destination
, ":" WHITESPACE
, EXTRACT_UNQUOTE
|EXTRACT_DONT_COALESCE_SEPARATORS
);
5147 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s, ignoring: %s", lvalue
, rvalue
);
5151 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Missing argument after ':', ignoring: %s", s
);
5155 r
= unit_path_printf(u
, destination
, &dresolved
);
5157 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5158 "Failed to resolve specifiers in \"%s\", ignoring: %m", destination
);
5162 r
= path_simplify_and_warn(dresolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5168 /* Optionally, there's also a short option string specified */
5169 if (p
&& p
[-1] == ':') {
5170 _cleanup_free_
char *options
= NULL
;
5172 r
= extract_first_word(&p
, &options
, NULL
, EXTRACT_UNQUOTE
);
5176 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s=, ignoring: %s", lvalue
, rvalue
);
5180 if (isempty(options
) || streq(options
, "rbind"))
5182 else if (streq(options
, "norbind"))
5185 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid option string, ignoring setting: %s", options
);
5192 r
= bind_mount_add(&c
->bind_mounts
, &c
->n_bind_mounts
,
5196 .read_only
= !!strstr(lvalue
, "ReadOnly"),
5198 .ignore_enoent
= ignore_enoent
,
5207 int config_parse_mount_images(
5209 const char *filename
,
5211 const char *section
,
5212 unsigned section_line
,
5219 ExecContext
*c
= ASSERT_PTR(data
);
5220 const Unit
*u
= userdata
;
5227 if (isempty(rvalue
)) {
5228 /* Empty assignment resets the list */
5229 c
->mount_images
= mount_image_free_many(c
->mount_images
, &c
->n_mount_images
);
5233 for (const char *p
= rvalue
;;) {
5234 _cleanup_(mount_options_free_allp
) MountOptions
*options
= NULL
;
5235 _cleanup_free_
char *first
= NULL
, *second
= NULL
, *tuple
= NULL
;
5236 _cleanup_free_
char *sresolved
= NULL
, *dresolved
= NULL
;
5237 const char *q
= NULL
;
5239 bool permissive
= false;
5241 r
= extract_first_word(&p
, &tuple
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_RETAIN_ESCAPE
);
5245 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5246 "Invalid syntax %s=%s, ignoring: %m", lvalue
, rvalue
);
5253 r
= extract_many_words(&q
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
, &first
, &second
);
5257 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5258 "Invalid syntax in %s=, ignoring: %s", lvalue
, tuple
);
5270 r
= unit_path_printf(u
, s
, &sresolved
);
5272 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5273 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", s
);
5277 r
= path_simplify_and_warn(sresolved
, PATH_CHECK_ABSOLUTE
|PATH_CHECK_NON_API_VFS_DEV_OK
, unit
, filename
, line
, lvalue
);
5281 if (isempty(second
)) {
5282 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Missing destination in %s, ignoring: %s", lvalue
, rvalue
);
5286 r
= unit_path_printf(u
, second
, &dresolved
);
5288 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5289 "Failed to resolve specifiers in \"%s\", ignoring: %m", second
);
5293 r
= path_simplify_and_warn(dresolved
, PATH_CHECK_ABSOLUTE
|PATH_CHECK_NON_API_VFS_DEV_OK
, unit
, filename
, line
, lvalue
);
5298 _cleanup_free_
char *partition
= NULL
, *mount_options
= NULL
, *mount_options_resolved
= NULL
;
5299 MountOptions
*o
= NULL
;
5300 PartitionDesignator partition_designator
;
5302 r
= extract_many_words(&q
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
, &partition
, &mount_options
);
5306 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", q
);
5311 /* Single set of options, applying to the root partition/single filesystem */
5313 r
= unit_full_printf(u
, partition
, &mount_options_resolved
);
5315 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", first
);
5319 o
= new(MountOptions
, 1);
5322 *o
= (MountOptions
) {
5323 .partition_designator
= PARTITION_ROOT
,
5324 .options
= TAKE_PTR(mount_options_resolved
),
5326 LIST_APPEND(mount_options
, options
, o
);
5331 partition_designator
= partition_designator_from_string(partition
);
5332 if (partition_designator
< 0) {
5333 log_syntax(unit
, LOG_WARNING
, filename
, line
, partition_designator
,
5334 "Invalid partition name %s, ignoring", partition
);
5337 r
= unit_full_printf(u
, mount_options
, &mount_options_resolved
);
5339 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options
);
5343 o
= new(MountOptions
, 1);
5346 *o
= (MountOptions
) {
5347 .partition_designator
= partition_designator
,
5348 .options
= TAKE_PTR(mount_options_resolved
),
5350 LIST_APPEND(mount_options
, options
, o
);
5353 r
= mount_image_add(&c
->mount_images
, &c
->n_mount_images
,
5355 .source
= sresolved
,
5356 .destination
= dresolved
,
5357 .mount_options
= options
,
5358 .ignore_enoent
= permissive
,
5359 .type
= MOUNT_IMAGE_DISCRETE
,
5366 int config_parse_extension_images(
5368 const char *filename
,
5370 const char *section
,
5371 unsigned section_line
,
5378 ExecContext
*c
= ASSERT_PTR(data
);
5379 const Unit
*u
= userdata
;
5386 if (isempty(rvalue
)) {
5387 /* Empty assignment resets the list */
5388 c
->extension_images
= mount_image_free_many(c
->extension_images
, &c
->n_extension_images
);
5392 for (const char *p
= rvalue
;;) {
5393 _cleanup_free_
char *source
= NULL
, *tuple
= NULL
, *sresolved
= NULL
;
5394 _cleanup_(mount_options_free_allp
) MountOptions
*options
= NULL
;
5395 bool permissive
= false;
5396 const char *q
= NULL
;
5399 r
= extract_first_word(&p
, &tuple
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_RETAIN_ESCAPE
);
5403 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5404 "Invalid syntax %s=%s, ignoring: %m", lvalue
, rvalue
);
5411 r
= extract_first_word(&q
, &source
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
);
5415 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5416 "Invalid syntax in %s=, ignoring: %s", lvalue
, tuple
);
5428 r
= unit_path_printf(u
, s
, &sresolved
);
5430 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5431 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", s
);
5435 r
= path_simplify_and_warn(sresolved
, PATH_CHECK_ABSOLUTE
|PATH_CHECK_NON_API_VFS
, unit
, filename
, line
, lvalue
);
5440 _cleanup_free_
char *partition
= NULL
, *mount_options
= NULL
, *mount_options_resolved
= NULL
;
5441 MountOptions
*o
= NULL
;
5442 PartitionDesignator partition_designator
;
5444 r
= extract_many_words(&q
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
, &partition
, &mount_options
);
5448 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", q
);
5453 /* Single set of options, applying to the root partition/single filesystem */
5455 r
= unit_full_printf(u
, partition
, &mount_options_resolved
);
5457 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", partition
);
5461 o
= new(MountOptions
, 1);
5464 *o
= (MountOptions
) {
5465 .partition_designator
= PARTITION_ROOT
,
5466 .options
= TAKE_PTR(mount_options_resolved
),
5468 LIST_APPEND(mount_options
, options
, o
);
5473 partition_designator
= partition_designator_from_string(partition
);
5474 if (partition_designator
< 0) {
5475 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid partition name %s, ignoring", partition
);
5478 r
= unit_full_printf(u
, mount_options
, &mount_options_resolved
);
5480 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options
);
5484 o
= new(MountOptions
, 1);
5487 *o
= (MountOptions
) {
5488 .partition_designator
= partition_designator
,
5489 .options
= TAKE_PTR(mount_options_resolved
),
5491 LIST_APPEND(mount_options
, options
, o
);
5494 r
= mount_image_add(&c
->extension_images
, &c
->n_extension_images
,
5496 .source
= sresolved
,
5497 .mount_options
= options
,
5498 .ignore_enoent
= permissive
,
5499 .type
= MOUNT_IMAGE_EXTENSION
,
5506 int config_parse_job_timeout_sec(
5508 const char *filename
,
5510 const char *section
,
5511 unsigned section_line
,
5518 Unit
*u
= ASSERT_PTR(data
);
5526 r
= parse_sec_fix_0(rvalue
, &usec
);
5528 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse JobTimeoutSec= parameter, ignoring: %s", rvalue
);
5532 /* If the user explicitly changed JobTimeoutSec= also change JobRunningTimeoutSec=, for compatibility with old
5533 * versions. If JobRunningTimeoutSec= was explicitly set, avoid this however as whatever the user picked should
5536 if (!u
->job_running_timeout_set
)
5537 u
->job_running_timeout
= usec
;
5539 u
->job_timeout
= usec
;
5544 int config_parse_job_running_timeout_sec(
5546 const char *filename
,
5548 const char *section
,
5549 unsigned section_line
,
5556 Unit
*u
= ASSERT_PTR(data
);
5564 r
= parse_sec_fix_0(rvalue
, &usec
);
5566 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse JobRunningTimeoutSec= parameter, ignoring: %s", rvalue
);
5570 u
->job_running_timeout
= usec
;
5571 u
->job_running_timeout_set
= true;
5576 int config_parse_emergency_action(
5578 const char *filename
,
5580 const char *section
,
5581 unsigned section_line
,
5588 EmergencyAction
*x
= ASSERT_PTR(data
);
5589 RuntimeScope runtime_scope
;
5596 /* If we have a unit determine the scope based on it */
5598 runtime_scope
= ((Unit
*) ASSERT_PTR(userdata
))->manager
->runtime_scope
;
5600 runtime_scope
= ltype
; /* otherwise, assume the scope is passed in via ltype */
5602 r
= parse_emergency_action(rvalue
, runtime_scope
, x
);
5604 if (r
== -EOPNOTSUPP
)
5605 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5606 "%s= specified as %s mode action, ignoring: %s",
5607 lvalue
, runtime_scope_to_string(runtime_scope
), rvalue
);
5609 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5610 "Failed to parse %s=, ignoring: %s", lvalue
, rvalue
);
5617 int config_parse_pid_file(
5619 const char *filename
,
5621 const char *section
,
5622 unsigned section_line
,
5629 _cleanup_free_
char *k
= NULL
, *n
= NULL
;
5630 const Unit
*u
= ASSERT_PTR(userdata
);
5638 if (isempty(rvalue
)) {
5639 /* An empty assignment removes already set value. */
5644 r
= unit_path_printf(u
, rvalue
, &k
);
5646 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
5650 /* If this is a relative path make it absolute by prefixing the /run */
5651 n
= path_make_absolute(k
, u
->manager
->prefix
[EXEC_DIRECTORY_RUNTIME
]);
5655 /* Check that the result is a sensible path */
5656 r
= path_simplify_and_warn(n
, PATH_CHECK_ABSOLUTE
|PATH_CHECK_NON_API_VFS
, unit
, filename
, line
, lvalue
);
5660 r
= patch_var_run(unit
, filename
, line
, lvalue
, &n
);
5664 free_and_replace(*s
, n
);
5668 int config_parse_exit_status(
5670 const char *filename
,
5672 const char *section
,
5673 unsigned section_line
,
5680 int *exit_status
= data
, r
;
5686 assert(exit_status
);
5688 if (isempty(rvalue
)) {
5693 r
= safe_atou8(rvalue
, &u
);
5695 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse exit status '%s', ignoring: %m", rvalue
);
5703 int config_parse_disable_controllers(
5705 const char *filename
,
5707 const char *section
,
5708 unsigned section_line
,
5716 CGroupContext
*c
= data
;
5717 CGroupMask disabled_mask
;
5719 /* 1. If empty, make all controllers eligible for use again.
5720 * 2. If non-empty, merge all listed controllers, space separated. */
5722 if (isempty(rvalue
)) {
5723 c
->disable_controllers
= 0;
5727 r
= cg_mask_from_string(rvalue
, &disabled_mask
);
5728 if (r
< 0 || disabled_mask
<= 0) {
5729 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid cgroup string: %s, ignoring", rvalue
);
5733 c
->disable_controllers
|= disabled_mask
;
5738 int config_parse_ip_filter_bpf_progs(
5740 const char *filename
,
5742 const char *section
,
5743 unsigned section_line
,
5750 _cleanup_free_
char *resolved
= NULL
;
5751 const Unit
*u
= userdata
;
5752 char ***paths
= ASSERT_PTR(data
);
5759 if (isempty(rvalue
)) {
5760 *paths
= strv_free(*paths
);
5764 r
= unit_path_printf(u
, rvalue
, &resolved
);
5766 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
5770 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5774 if (strv_contains(*paths
, resolved
))
5777 r
= strv_extend(paths
, resolved
);
5781 if (bpf_program_supported() <= 0) {
5782 static bool warned
= false;
5784 log_syntax(unit
, warned
? LOG_DEBUG
: LOG_WARNING
, filename
, line
, 0,
5785 "Configures an IP firewall with BPF programs (%s=%s), but the local system does not support BPF/cgroup based firewalling with multiple filters. "
5786 "Starting this unit will fail! (This warning is only shown for the first loaded unit using IP firewalling.)", lvalue
, rvalue
);
5794 int config_parse_bpf_foreign_program(
5796 const char *filename
,
5798 const char *section
,
5799 unsigned section_line
,
5805 _cleanup_free_
char *resolved
= NULL
, *word
= NULL
;
5806 CGroupContext
*c
= data
;
5807 const char *p
= ASSERT_PTR(rvalue
);
5814 if (isempty(rvalue
)) {
5815 while (c
->bpf_foreign_programs
)
5816 cgroup_context_remove_bpf_foreign_program(c
, c
->bpf_foreign_programs
);
5821 r
= extract_first_word(&p
, &word
, ":", 0);
5825 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse foreign BPF program, ignoring: %s", rvalue
);
5828 if (r
== 0 || isempty(p
)) {
5829 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid syntax in %s=, ignoring: %s", lvalue
, rvalue
);
5833 attach_type
= bpf_cgroup_attach_type_from_string(word
);
5834 if (attach_type
< 0) {
5835 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Unknown BPF attach type=%s, ignoring: %s", word
, rvalue
);
5839 r
= unit_path_printf(u
, p
, &resolved
);
5841 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %s", p
, rvalue
);
5845 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5849 r
= cgroup_context_add_bpf_foreign_program(c
, attach_type
, resolved
);
5851 return log_error_errno(r
, "Failed to add foreign BPF program to cgroup context: %m");
5856 int config_parse_cgroup_socket_bind(
5858 const char *filename
,
5860 const char *section
,
5861 unsigned section_line
,
5867 _cleanup_free_ CGroupSocketBindItem
*item
= NULL
;
5868 CGroupSocketBindItem
**head
= data
;
5869 uint16_t nr_ports
, port_min
;
5870 int af
, ip_protocol
, r
;
5872 if (isempty(rvalue
)) {
5873 cgroup_context_remove_socket_bind(head
);
5877 r
= parse_socket_bind_item(rvalue
, &af
, &ip_protocol
, &nr_ports
, &port_min
);
5881 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5882 "Unable to parse %s= assignment, ignoring: %s", lvalue
, rvalue
);
5886 item
= new(CGroupSocketBindItem
, 1);
5889 *item
= (CGroupSocketBindItem
) {
5890 .address_family
= af
,
5891 .ip_protocol
= ip_protocol
,
5892 .nr_ports
= nr_ports
,
5893 .port_min
= port_min
,
5896 LIST_PREPEND(socket_bind_items
, *head
, TAKE_PTR(item
));
5901 int config_parse_restrict_network_interfaces(
5903 const char *filename
,
5905 const char *section
,
5906 unsigned section_line
,
5912 CGroupContext
*c
= ASSERT_PTR(data
);
5913 bool is_allow_rule
= true;
5920 if (isempty(rvalue
)) {
5921 /* Empty assignment resets the list */
5922 c
->restrict_network_interfaces
= set_free(c
->restrict_network_interfaces
);
5926 if (rvalue
[0] == '~') {
5927 is_allow_rule
= false;
5931 if (set_isempty(c
->restrict_network_interfaces
))
5932 /* Only initialize this when creating the set */
5933 c
->restrict_network_interfaces_is_allow_list
= is_allow_rule
;
5935 for (const char *p
= rvalue
;;) {
5936 _cleanup_free_
char *word
= NULL
;
5938 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
5944 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5945 "Trailing garbage in %s, ignoring: %s", lvalue
, rvalue
);
5949 if (!ifname_valid_full(word
, IFNAME_VALID_ALTERNATIVE
)) {
5950 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid interface name, ignoring: %s", word
);
5954 if (c
->restrict_network_interfaces_is_allow_list
!= is_allow_rule
)
5955 free(set_remove(c
->restrict_network_interfaces
, word
));
5957 r
= set_put_strdup(&c
->restrict_network_interfaces
, word
);
5966 int config_parse_mount_node(
5968 const char *filename
,
5970 const char *section
,
5971 unsigned section_line
,
5978 const Unit
*u
= ASSERT_PTR(userdata
);
5979 _cleanup_free_
char *resolved
= NULL
, *path
= NULL
;
5986 r
= unit_full_printf(u
, rvalue
, &resolved
);
5988 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
5992 path
= fstab_node_to_udev_node(resolved
);
5996 /* The source passed is not necessarily something we understand, and we pass it as-is to mount/swapon,
5997 * so path_is_valid is not used. But let's check for basic sanity, i.e. if the source is longer than
5998 * PATH_MAX, you're likely doing something wrong. */
5999 if (strlen(path
) >= PATH_MAX
) {
6000 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Resolved mount path '%s' too long, ignoring.", path
);
6004 return config_parse_string(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, path
, data
, userdata
);
6007 int config_parse_concurrency_max(
6009 const char *filename
,
6011 const char *section
,
6012 unsigned section_line
,
6019 unsigned *concurrency_max
= ASSERT_PTR(data
);
6021 if (isempty(rvalue
) || streq(rvalue
, "infinity")) {
6022 *concurrency_max
= UINT_MAX
;
6026 return config_parse_unsigned(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, data
, userdata
);
6029 static int merge_by_names(Unit
*u
, Set
*names
, const char *id
) {
6035 /* Let's try to add in all names that are aliases of this unit */
6036 while ((k
= set_steal_first(names
))) {
6037 _cleanup_free_ _unused_
char *free_k
= k
;
6039 /* First try to merge in the other name into our unit */
6040 r
= unit_merge_by_name(u
, k
);
6044 /* Hmm, we couldn't merge the other unit into ours? Then let's try it the other way
6047 other
= manager_get_unit(u
->manager
, k
);
6049 return r
; /* return previous failure */
6051 r
= unit_merge(other
, u
);
6055 return merge_by_names(other
, names
, NULL
);
6058 if (streq_ptr(id
, k
))
6059 unit_choose_id(u
, id
);
6065 int unit_load_fragment(Unit
*u
) {
6069 assert(u
->load_state
== UNIT_STUB
);
6073 u
->access_selinux_context
= mfree(u
->access_selinux_context
);
6074 u
->load_state
= UNIT_LOADED
;
6078 /* Possibly rebuild the fragment map to catch new units */
6079 r
= unit_file_build_name_map(&u
->manager
->lookup_paths
,
6080 &u
->manager
->unit_cache_timestamp_hash
,
6081 &u
->manager
->unit_id_map
,
6082 &u
->manager
->unit_name_map
,
6083 &u
->manager
->unit_path_cache
);
6085 return log_error_errno(r
, "Failed to rebuild name map: %m");
6087 const char *fragment
;
6088 _cleanup_set_free_ Set
*names
= NULL
;
6089 r
= unit_file_find_fragment(u
->manager
->unit_id_map
,
6090 u
->manager
->unit_name_map
,
6094 if (r
< 0 && r
!= -ENOENT
)
6098 /* Open the file, check if this is a mask, otherwise read. */
6099 _cleanup_fclose_
FILE *f
= NULL
;
6102 /* Try to open the file name. A symlink is OK, for example for linked files or masks. We
6103 * expect that all symlinks within the lookup paths have been already resolved, but we don't
6104 * verify this here. */
6105 f
= fopen(fragment
, "re");
6107 return log_unit_notice_errno(u
, errno
, "Failed to open %s: %m", fragment
);
6109 if (fstat(fileno(f
), &st
) < 0)
6112 r
= free_and_strdup(&u
->fragment_path
, fragment
);
6116 if (null_or_empty(&st
)) {
6117 /* Unit file is masked */
6119 u
->load_state
= u
->perpetual
? UNIT_LOADED
: UNIT_MASKED
; /* don't allow perpetual units to ever be masked */
6120 u
->fragment_mtime
= 0;
6121 u
->access_selinux_context
= mfree(u
->access_selinux_context
);
6124 if (mac_selinux_use()) {
6125 _cleanup_freecon_
char *selcon
= NULL
;
6127 /* Cache the SELinux context of the unit file here. We'll make use of when checking access permissions to loaded units */
6128 r
= fgetfilecon_raw(fileno(f
), &selcon
);
6130 log_unit_warning_errno(u
, r
, "Failed to read SELinux context of '%s', ignoring: %m", fragment
);
6132 r
= free_and_strdup(&u
->access_selinux_context
, selcon
);
6137 u
->access_selinux_context
= mfree(u
->access_selinux_context
);
6139 u
->load_state
= UNIT_LOADED
;
6140 u
->fragment_mtime
= timespec_load(&st
.st_mtim
);
6142 /* Now, parse the file contents */
6143 r
= config_parse(u
->id
, fragment
, f
,
6144 UNIT_VTABLE(u
)->sections
,
6145 config_item_perf_lookup
, load_fragment_gperf_lookup
,
6150 log_unit_notice_errno(u
, r
, "Unit configuration has fatal error, unit will not be started.");
6156 /* Call merge_by_names with the name derived from the fragment path as the preferred name.
6158 * We do the merge dance here because for some unit types, the unit might have aliases which are not
6159 * declared in the file system. In particular, this is true (and frequent) for device and swap units.
6161 const char *id
= u
->id
;
6162 _cleanup_free_
char *filename
= NULL
, *free_id
= NULL
;
6165 r
= path_extract_filename(fragment
, &filename
);
6167 return log_debug_errno(r
, "Failed to extract filename from fragment '%s': %m", fragment
);
6170 if (unit_name_is_valid(id
, UNIT_NAME_TEMPLATE
)) {
6171 assert(u
->instance
); /* If we're not trying to use a template for non-instanced unit,
6172 * this must be set. */
6174 r
= unit_name_replace_instance(id
, u
->instance
, &free_id
);
6176 return log_debug_errno(r
, "Failed to build id (%s + %s): %m", id
, u
->instance
);
6181 return merge_by_names(u
, names
, id
);
6184 void unit_dump_config_items(FILE *f
) {
6185 static const struct {
6186 const ConfigParserCallback callback
;
6189 { config_parse_warn_compat
, "NOTSUPPORTED" },
6190 { config_parse_int
, "INTEGER" },
6191 { config_parse_unsigned
, "UNSIGNED" },
6192 { config_parse_iec_size
, "SIZE" },
6193 { config_parse_iec_uint64
, "SIZE" },
6194 { config_parse_si_uint64
, "SIZE" },
6195 { config_parse_bool
, "BOOLEAN" },
6196 { config_parse_string
, "STRING" },
6197 { config_parse_path
, "PATH" },
6198 { config_parse_unit_path_printf
, "PATH" },
6199 { config_parse_colon_separated_paths
, "PATH" },
6200 { config_parse_strv
, "STRING [...]" },
6201 { config_parse_exec_nice
, "NICE" },
6202 { config_parse_exec_oom_score_adjust
, "OOMSCOREADJUST" },
6203 { config_parse_exec_io_class
, "IOCLASS" },
6204 { config_parse_exec_io_priority
, "IOPRIORITY" },
6205 { config_parse_exec_cpu_sched_policy
, "CPUSCHEDPOLICY" },
6206 { config_parse_exec_cpu_sched_prio
, "CPUSCHEDPRIO" },
6207 { config_parse_exec_cpu_affinity
, "CPUAFFINITY" },
6208 { config_parse_mode
, "MODE" },
6209 { config_parse_unit_env_file
, "FILE" },
6210 { config_parse_exec_output
, "OUTPUT" },
6211 { config_parse_exec_input
, "INPUT" },
6212 { config_parse_log_facility
, "FACILITY" },
6213 { config_parse_log_level
, "LEVEL" },
6214 { config_parse_exec_secure_bits
, "SECUREBITS" },
6215 { config_parse_capability_set
, "BOUNDINGSET" },
6216 { config_parse_rlimit
, "LIMIT" },
6217 { config_parse_unit_deps
, "UNIT [...]" },
6218 { config_parse_exec
, "PATH [ARGUMENT [...]]" },
6219 { config_parse_service_type
, "SERVICETYPE" },
6220 { config_parse_service_exit_type
, "SERVICEEXITTYPE" },
6221 { config_parse_service_restart
, "SERVICERESTART" },
6222 { config_parse_service_restart_mode
, "SERVICERESTARTMODE" },
6223 { config_parse_service_timeout_failure_mode
, "TIMEOUTMODE" },
6224 { config_parse_kill_mode
, "KILLMODE" },
6225 { config_parse_signal
, "SIGNAL" },
6226 { config_parse_socket_listen
, "SOCKET [...]" },
6227 { config_parse_socket_bind
, "SOCKETBIND" },
6228 { config_parse_socket_bindtodevice
, "NETWORKINTERFACE" },
6229 { config_parse_sec
, "SECONDS" },
6230 { config_parse_nsec
, "NANOSECONDS" },
6231 { config_parse_namespace_path_strv
, "PATH [...]" },
6232 { config_parse_bind_paths
, "PATH[:PATH[:OPTIONS]] [...]" },
6233 { config_parse_unit_mounts_for
, "PATH [...]" },
6234 { config_parse_exec_mount_propagation_flag
,
6236 { config_parse_unit_string_printf
, "STRING" },
6237 { config_parse_trigger_unit
, "UNIT" },
6238 { config_parse_timer
, "TIMER" },
6239 { config_parse_path_spec
, "PATH" },
6240 { config_parse_notify_access
, "ACCESS" },
6241 { config_parse_ip_tos
, "TOS" },
6242 { config_parse_unit_condition_path
, "CONDITION" },
6243 { config_parse_unit_condition_string
, "CONDITION" },
6244 { config_parse_unit_slice
, "SLICE" },
6245 { config_parse_documentation
, "URL" },
6246 { config_parse_service_timeout
, "SECONDS" },
6247 { config_parse_emergency_action
, "ACTION" },
6248 { config_parse_set_status
, "STATUS" },
6249 { config_parse_service_sockets
, "SOCKETS" },
6250 { config_parse_environ
, "ENVIRON" },
6252 { config_parse_syscall_filter
, "SYSCALLS" },
6253 { config_parse_syscall_archs
, "ARCHS" },
6254 { config_parse_syscall_errno
, "ERRNO" },
6255 { config_parse_syscall_log
, "SYSCALLS" },
6256 { config_parse_address_families
, "FAMILIES" },
6258 { config_parse_namespace_flags
, "NAMESPACES" },
6259 { config_parse_restrict_filesystems
, "FILESYSTEMS" },
6260 { config_parse_cg_weight
, "WEIGHT" },
6261 { config_parse_cg_cpu_weight
, "CPUWEIGHT" },
6262 { config_parse_memory_limit
, "LIMIT" },
6263 { config_parse_device_allow
, "DEVICE" },
6264 { config_parse_device_policy
, "POLICY" },
6265 { config_parse_io_limit
, "LIMIT" },
6266 { config_parse_io_device_weight
, "DEVICEWEIGHT" },
6267 { config_parse_io_device_latency
, "DEVICELATENCY" },
6268 { config_parse_long
, "LONG" },
6269 { config_parse_socket_service
, "SERVICE" },
6271 { config_parse_exec_selinux_context
, "LABEL" },
6273 { config_parse_job_mode
, "MODE" },
6274 { config_parse_job_mode_isolate
, "BOOLEAN" },
6275 { config_parse_personality
, "PERSONALITY" },
6276 { config_parse_log_filter_patterns
, "REGEX" },
6277 { config_parse_mount_node
, "NODE" },
6278 { config_parse_bpf_delegate_commands
, "BPF_DELEGATE_COMMANDS" },
6279 { config_parse_bpf_delegate_maps
, "BPF_DELEGATE_MAPS" },
6280 { config_parse_bpf_delegate_programs
, "BPF_DELEGATE_PROGRAMS" },
6281 { config_parse_bpf_delegate_attachments
, "BPF_DELEGATE_ATTACHMENTS" },
6284 const char *prev
= NULL
;
6288 NULSTR_FOREACH(i
, load_fragment_gperf_nulstr
) {
6289 const char *rvalue
= "OTHER", *lvalue
;
6290 const ConfigPerfItem
*p
;
6293 assert_se(p
= load_fragment_gperf_lookup(i
, strlen(i
)));
6295 /* Hide legacy settings */
6296 if (p
->parse
== config_parse_warn_compat
&&
6297 p
->ltype
== DISABLED_LEGACY
)
6300 FOREACH_ELEMENT(j
, table
)
6301 if (p
->parse
== j
->callback
) {
6306 dot
= strchr(i
, '.');
6307 lvalue
= dot
? dot
+ 1 : i
;
6310 size_t prefix_len
= dot
- i
;
6312 if (!prev
|| !strneq(prev
, i
, prefix_len
+1)) {
6316 fprintf(f
, "[%.*s]\n", (int) prefix_len
, i
);
6320 fprintf(f
, "%s=%s\n", lvalue
, rvalue
);
6325 int config_parse_show_status(
6327 const char *filename
,
6329 const char *section
,
6330 unsigned section_line
,
6338 ShowStatus
*b
= ASSERT_PTR(data
);
6344 k
= parse_show_status(rvalue
, b
);
6346 log_syntax(unit
, LOG_WARNING
, filename
, line
, k
, "Failed to parse show status setting, ignoring: %s", rvalue
);
6351 int config_parse_output_restricted(
6353 const char *filename
,
6355 const char *section
,
6356 unsigned section_line
,
6363 ExecOutput t
, *eo
= ASSERT_PTR(data
);
6364 bool obsolete
= false;
6370 if (streq(rvalue
, "syslog")) {
6371 t
= EXEC_OUTPUT_JOURNAL
;
6373 } else if (streq(rvalue
, "syslog+console")) {
6374 t
= EXEC_OUTPUT_JOURNAL_AND_CONSOLE
;
6377 t
= exec_output_from_string(rvalue
);
6379 log_syntax(unit
, LOG_WARNING
, filename
, line
, t
, "Failed to parse output type, ignoring: %s", rvalue
);
6383 if (IN_SET(t
, EXEC_OUTPUT_SOCKET
, EXEC_OUTPUT_NAMED_FD
, EXEC_OUTPUT_FILE
, EXEC_OUTPUT_FILE_APPEND
, EXEC_OUTPUT_FILE_TRUNCATE
)) {
6384 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Standard output types socket, fd:, file:, append:, truncate: are not supported as defaults, ignoring: %s", rvalue
);
6390 log_syntax(unit
, LOG_NOTICE
, filename
, line
, 0,
6391 "Standard output type %s is obsolete, automatically updating to %s. Please update your configuration.",
6392 rvalue
, exec_output_to_string(t
));
6398 int config_parse_crash_chvt(
6400 const char *filename
,
6402 const char *section
,
6403 unsigned section_line
,
6417 r
= parse_crash_chvt(rvalue
, data
);
6419 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse CrashChangeVT= setting, ignoring: %s", rvalue
);
6424 int config_parse_swap_priority(
6426 const char *filename
,
6428 const char *section
,
6429 unsigned section_line
,
6436 Swap
*s
= ASSERT_PTR(userdata
);
6444 if (isempty(rvalue
)) {
6445 s
->parameters_fragment
.priority
= -1;
6446 s
->parameters_fragment
.priority_set
= false;
6450 r
= safe_atoi(rvalue
, &priority
);
6452 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid swap priority '%s', ignoring.", rvalue
);
6456 if (priority
< -1) {
6457 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Sorry, swap priorities smaller than -1 may only be assigned by the kernel itself, ignoring: %s", rvalue
);
6461 if (priority
> 32767) {
6462 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Swap priority out of range, ignoring: %s", rvalue
);
6466 s
->parameters_fragment
.priority
= priority
;
6467 s
->parameters_fragment
.priority_set
= true;
6471 int config_parse_watchdog_sec(
6473 const char *filename
,
6475 const char *section
,
6476 unsigned section_line
,
6483 usec_t
*usec
= data
;
6489 /* This is called for {Runtime,Reboot,KExec}WatchdogSec= where "default" maps to
6490 * USEC_INFINITY internally. */
6492 if (streq(rvalue
, "default"))
6493 *usec
= USEC_INFINITY
;
6494 else if (streq(rvalue
, "off"))
6497 return config_parse_sec(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, data
, userdata
);
6502 int config_parse_tty_size(
6504 const char *filename
,
6506 const char *section
,
6507 unsigned section_line
,
6514 unsigned *sz
= data
;
6520 if (isempty(rvalue
)) {
6525 return config_parse_unsigned(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, data
, userdata
);
6528 int config_parse_log_filter_patterns(
6530 const char *filename
,
6532 const char *section
,
6533 unsigned section_line
,
6540 ExecContext
*c
= ASSERT_PTR(data
);
6541 const char *pattern
= ASSERT_PTR(rvalue
);
6542 bool is_allowlist
= true;
6548 if (isempty(pattern
)) {
6549 /* Empty assignment resets the lists. */
6550 c
->log_filter_allowed_patterns
= set_free(c
->log_filter_allowed_patterns
);
6551 c
->log_filter_denied_patterns
= set_free(c
->log_filter_denied_patterns
);
6555 if (pattern
[0] == '~') {
6556 is_allowlist
= false;
6558 if (isempty(pattern
))
6559 /* LogFilterPatterns=~ is not considered a valid pattern. */
6560 return log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
6561 "Regex pattern invalid, ignoring: %s=%s", lvalue
, rvalue
);
6564 if (pattern_compile_and_log(pattern
, 0, NULL
) < 0)
6567 r
= set_put_strdup(is_allowlist
? &c
->log_filter_allowed_patterns
: &c
->log_filter_denied_patterns
,
6570 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
6571 "Failed to store log filtering pattern, ignoring: %s=%s", lvalue
, rvalue
);
6578 int config_parse_open_file(
6580 const char *filename
,
6582 const char *section
,
6583 unsigned section_line
,
6590 _cleanup_(open_file_freep
) OpenFile
*of
= NULL
;
6591 OpenFile
**head
= ASSERT_PTR(data
);
6598 if (isempty(rvalue
)) {
6599 open_file_free_many(head
);
6603 r
= open_file_parse(rvalue
, &of
);
6605 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse OpenFile= setting, ignoring: %s", rvalue
);
6609 LIST_APPEND(open_files
, *head
, TAKE_PTR(of
));
6614 int config_parse_cgroup_nft_set(
6616 const char *filename
,
6618 const char *section
,
6619 unsigned section_line
,
6626 CGroupContext
*c
= ASSERT_PTR(data
);
6627 Unit
*u
= ASSERT_PTR(userdata
);
6629 return config_parse_nft_set(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, &c
->nft_set_context
, u
);
6632 int config_parse_protect_hostname(
6634 const char *filename
,
6636 const char *section
,
6637 unsigned section_line
,
6644 ExecContext
*c
= ASSERT_PTR(data
);
6645 Unit
*u
= ASSERT_PTR(userdata
);
6646 _cleanup_free_
char *h
= NULL
, *p
= NULL
;
6649 if (isempty(rvalue
)) {
6650 c
->protect_hostname
= PROTECT_HOSTNAME_NO
;
6651 c
->private_hostname
= mfree(c
->private_hostname
);
6655 const char *colon
= strchr(rvalue
, ':');
6657 r
= unit_full_printf_full(u
, colon
+ 1, HOST_NAME_MAX
, &h
);
6659 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
6660 "Failed to resolve unit specifiers in '%s', ignoring: %m", colon
+ 1);
6664 if (!hostname_is_valid(h
, /* flags = */ 0))
6665 return log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
6666 "Invalid hostname is specified to %s=, ignoring: %s", lvalue
, h
);
6668 p
= strndup(rvalue
, colon
- rvalue
);
6673 ProtectHostname t
= protect_hostname_from_string(p
?: rvalue
);
6674 if (t
< 0 || (t
== PROTECT_HOSTNAME_NO
&& h
))
6675 return log_syntax_parse_error(unit
, filename
, line
, 0, lvalue
, rvalue
);
6677 c
->protect_hostname
= t
;
6678 free_and_replace(c
->private_hostname
, h
);