1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 Copyright © 2012 Holger Hans Peter Freyther
11 #include <sys/resource.h>
13 #include "sd-messages.h"
16 #include "all-units.h"
17 #include "alloc-util.h"
18 #include "bpf-firewall.h"
19 #include "bpf-program.h"
20 #include "bpf-restrict-fs.h"
21 #include "bpf-socket-bind.h"
22 #include "bus-error.h"
23 #include "bus-internal.h"
26 #include "capability-util.h"
27 #include "cgroup-setup.h"
28 #include "conf-parser.h"
29 #include "core-varlink.h"
30 #include "cpu-set-util.h"
31 #include "creds-util.h"
33 #include "errno-list.h"
35 #include "exec-credential.h"
39 #include "firewall-util.h"
41 #include "fstab-util.h"
42 #include "hexdecoct.h"
43 #include "iovec-util.h"
44 #include "ioprio-util.h"
45 #include "ip-protocol-list.h"
46 #include "journal-file.h"
47 #include "limits-util.h"
48 #include "load-fragment.h"
50 #include "missing_ioprio.h"
51 #include "mountpoint-util.h"
52 #include "nulstr-util.h"
53 #include "open-file.h"
54 #include "parse-helpers.h"
55 #include "parse-util.h"
56 #include "path-util.h"
57 #include "pcre2-util.h"
58 #include "percent-util.h"
59 #include "process-util.h"
60 #include "reboot-util.h"
61 #include "seccomp-util.h"
62 #include "securebits-util.h"
63 #include "selinux-util.h"
64 #include "signal-util.h"
65 #include "socket-netlink.h"
66 #include "specifier.h"
67 #include "stat-util.h"
68 #include "string-util.h"
70 #include "syslog-util.h"
71 #include "time-util.h"
72 #include "unit-name.h"
73 #include "unit-printf.h"
74 #include "user-util.h"
78 static int parse_socket_protocol(const char *s
) {
81 r
= parse_ip_protocol(s
);
84 if (!IN_SET(r
, IPPROTO_UDPLITE
, IPPROTO_SCTP
))
85 return -EPROTONOSUPPORT
;
90 int parse_crash_chvt(const char *value
, int *data
) {
93 if (safe_atoi(value
, data
) >= 0)
96 b
= parse_boolean(value
);
101 *data
= 0; /* switch to where kmsg goes */
103 *data
= -1; /* turn off switching */
108 int parse_confirm_spawn(const char *value
, char **console
) {
112 r
= value
? parse_boolean(value
) : 1;
116 } else if (r
> 0) /* on with default tty */
117 s
= strdup("/dev/console");
118 else if (is_path(value
)) /* on with fully qualified path */
120 else /* on with only a tty file name, not a fully qualified path */
121 s
= path_join("/dev/", value
);
129 DEFINE_CONFIG_PARSE(config_parse_socket_protocol
, parse_socket_protocol
, "Failed to parse socket protocol");
130 DEFINE_CONFIG_PARSE(config_parse_exec_secure_bits
, secure_bits_from_string
, "Failed to parse secure bits");
131 DEFINE_CONFIG_PARSE_ENUM(config_parse_collect_mode
, collect_mode
, CollectMode
, "Failed to parse garbage collection mode");
132 DEFINE_CONFIG_PARSE_ENUM(config_parse_device_policy
, cgroup_device_policy
, CGroupDevicePolicy
, "Failed to parse device policy");
133 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_keyring_mode
, exec_keyring_mode
, ExecKeyringMode
, "Failed to parse keyring mode");
134 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_proc
, protect_proc
, ProtectProc
, "Failed to parse /proc/ protection mode");
135 DEFINE_CONFIG_PARSE_ENUM(config_parse_proc_subset
, proc_subset
, ProcSubset
, "Failed to parse /proc/ subset mode");
136 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_utmp_mode
, exec_utmp_mode
, ExecUtmpMode
, "Failed to parse utmp mode");
137 DEFINE_CONFIG_PARSE_ENUM(config_parse_job_mode
, job_mode
, JobMode
, "Failed to parse job mode");
138 DEFINE_CONFIG_PARSE_ENUM(config_parse_notify_access
, notify_access
, NotifyAccess
, "Failed to parse notify access specifier");
139 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_home
, protect_home
, ProtectHome
, "Failed to parse protect home value");
140 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_system
, protect_system
, ProtectSystem
, "Failed to parse protect system value");
141 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_preserve_mode
, exec_preserve_mode
, ExecPreserveMode
, "Failed to parse resource preserve mode");
142 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_type
, service_type
, ServiceType
, "Failed to parse service type");
143 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_exit_type
, service_exit_type
, ServiceExitType
, "Failed to parse service exit type");
144 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_restart
, service_restart
, ServiceRestart
, "Failed to parse service restart specifier");
145 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_restart_mode
, service_restart_mode
, ServiceRestartMode
, "Failed to parse service restart mode");
146 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_timeout_failure_mode
, service_timeout_failure_mode
, ServiceTimeoutFailureMode
, "Failed to parse timeout failure mode");
147 DEFINE_CONFIG_PARSE_ENUM(config_parse_socket_bind
, socket_address_bind_ipv6_only_or_bool
, SocketAddressBindIPv6Only
, "Failed to parse bind IPv6 only value");
148 DEFINE_CONFIG_PARSE_ENUM(config_parse_oom_policy
, oom_policy
, OOMPolicy
, "Failed to parse OOM policy");
149 DEFINE_CONFIG_PARSE_ENUM(config_parse_managed_oom_preference
, managed_oom_preference
, ManagedOOMPreference
, "Failed to parse ManagedOOMPreference=");
150 DEFINE_CONFIG_PARSE_ENUM(config_parse_memory_pressure_watch
, cgroup_pressure_watch
, CGroupPressureWatch
, "Failed to parse memory pressure watch setting");
151 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_ip_tos
, ip_tos
, int, -1, "Failed to parse IP TOS value");
152 DEFINE_CONFIG_PARSE_PTR(config_parse_blockio_weight
, cg_blkio_weight_parse
, uint64_t, "Invalid block IO weight");
153 DEFINE_CONFIG_PARSE_PTR(config_parse_cg_weight
, cg_weight_parse
, uint64_t, "Invalid weight");
154 DEFINE_CONFIG_PARSE_PTR(config_parse_cg_cpu_weight
, cg_cpu_weight_parse
, uint64_t, "Invalid CPU weight");
155 static DEFINE_CONFIG_PARSE_PTR(config_parse_cpu_shares_internal
, cg_cpu_shares_parse
, uint64_t, "Invalid CPU shares");
156 DEFINE_CONFIG_PARSE_PTR(config_parse_exec_mount_propagation_flag
, mount_propagation_flag_from_string
, unsigned long, "Failed to parse mount propagation flag");
157 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_numa_policy
, mpol
, int, -1, "Invalid NUMA policy type");
158 DEFINE_CONFIG_PARSE_ENUM(config_parse_status_unit_format
, status_unit_format
, StatusUnitFormat
, "Failed to parse status unit format");
159 DEFINE_CONFIG_PARSE_ENUM_FULL(config_parse_socket_timestamping
, socket_timestamping_from_string_harder
, SocketTimestamping
, "Failed to parse timestamping precision");
161 int config_parse_cpu_shares(
163 const char *filename
,
166 unsigned section_line
,
178 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
179 "Unit uses %s=; please use CPUWeight= instead. Support for %s= will be removed soon.",
182 return config_parse_cpu_shares_internal(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, data
, userdata
);
185 bool contains_instance_specifier_superset(const char *s
) {
187 bool percent
= false;
201 /* If the string is just the instance specifier, it's not a superset of the instance. */
202 if (memcmp_nn(p
, q
- p
, "%i", strlen("%i")) == 0)
205 /* %i, %n and %N all expand to the instance or a superset of it. */
210 if (IN_SET(*p
, 'n', 'N', 'i'))
218 /* `name` is the rendered version of `format` via `unit_printf` or similar functions. */
219 int unit_is_likely_recursive_template_dependency(Unit
*u
, const char *name
, const char *format
) {
220 const char *fragment_path
;
226 /* If a template unit has a direct dependency on itself that includes the unit instance as part of
227 * the template instance via a unit specifier (%i, %n or %N), this will almost certainly lead to
228 * infinite recursion as systemd will keep instantiating new instances of the template unit.
229 * https://github.com/systemd/systemd/issues/17602 shows a good example of how this can happen in
230 * practice. To guard against this, we check for templates that depend on themselves and have the
231 * instantiated unit instance included as part of the template instance of the dependency via a
234 * For example, if systemd-notify@.service depends on systemd-notify@%n.service, this will result in
235 * infinite recursion.
238 if (!unit_name_is_valid(name
, UNIT_NAME_INSTANCE
))
241 if (!unit_name_prefix_equal(u
->id
, name
))
244 if (u
->type
!= unit_name_to_type(name
))
247 r
= unit_file_find_fragment(u
->manager
->unit_id_map
, u
->manager
->unit_name_map
, name
, &fragment_path
, NULL
);
251 /* Fragment paths should also be equal as a custom fragment for a specific template instance
252 * wouldn't necessarily lead to infinite recursion. */
253 if (!path_equal(u
->fragment_path
, fragment_path
))
256 if (!contains_instance_specifier_superset(format
))
262 int config_parse_unit_deps(
264 const char *filename
,
267 unsigned section_line
,
274 UnitDependency d
= ltype
;
281 for (const char *p
= rvalue
;;) {
282 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
285 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_RETAIN_ESCAPE
);
291 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
295 r
= unit_name_printf(u
, word
, &k
);
297 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
301 r
= unit_is_likely_recursive_template_dependency(u
, k
, word
);
303 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to determine if '%s' is a recursive dependency, ignoring: %m", k
);
307 log_syntax(unit
, LOG_DEBUG
, filename
, line
, 0,
308 "Dropping dependency %s=%s that likely leads to infinite recursion.",
309 unit_dependency_to_string(d
), word
);
313 r
= unit_add_dependency_by_name(u
, d
, k
, true, UNIT_DEPENDENCY_FILE
);
315 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add dependency on %s, ignoring: %m", k
);
319 int config_parse_obsolete_unit_deps(
321 const char *filename
,
324 unsigned section_line
,
331 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
332 "Unit dependency type %s= is obsolete, replacing by %s=, please update your unit file", lvalue
, unit_dependency_to_string(ltype
));
334 return config_parse_unit_deps(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, data
, userdata
);
337 int config_parse_unit_string_printf(
339 const char *filename
,
342 unsigned section_line
,
349 _cleanup_free_
char *k
= NULL
;
350 const Unit
*u
= ASSERT_PTR(userdata
);
357 r
= unit_full_printf(u
, rvalue
, &k
);
359 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
363 return config_parse_string(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
366 int config_parse_reboot_parameter(
368 const char *filename
,
371 unsigned section_line
,
378 _cleanup_free_
char *k
= NULL
;
379 const Unit
*u
= ASSERT_PTR(userdata
);
386 r
= unit_full_printf(u
, rvalue
, &k
);
388 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
392 if (!reboot_parameter_is_valid(k
)) {
393 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid reboot parameter '%s', ignoring.", k
);
397 return config_parse_string(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
400 int config_parse_unit_strv_printf(
402 const char *filename
,
405 unsigned section_line
,
412 const Unit
*u
= ASSERT_PTR(userdata
);
413 _cleanup_free_
char *k
= NULL
;
420 r
= unit_full_printf(u
, rvalue
, &k
);
422 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
426 return config_parse_strv(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
429 int config_parse_unit_path_printf(
431 const char *filename
,
434 unsigned section_line
,
441 _cleanup_free_
char *k
= NULL
;
442 const Unit
*u
= ASSERT_PTR(userdata
);
450 r
= unit_path_printf(u
, rvalue
, &k
);
452 log_syntax(unit
, fatal
? LOG_ERR
: LOG_WARNING
, filename
, line
, r
,
453 "Failed to resolve unit specifiers in '%s'%s: %m",
454 rvalue
, fatal
? "" : ", ignoring");
455 return fatal
? -ENOEXEC
: 0;
458 return config_parse_path(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
461 int config_parse_colon_separated_paths(
463 const char *filename
,
466 unsigned section_line
,
473 char ***sv
= ASSERT_PTR(data
);
474 const Unit
*u
= ASSERT_PTR(userdata
);
481 if (isempty(rvalue
)) {
482 /* Empty assignment resets the list */
483 *sv
= strv_free(*sv
);
487 for (const char *p
= rvalue
;;) {
488 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
490 r
= extract_first_word(&p
, &word
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
494 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract first word, ignoring: %s", rvalue
);
500 r
= unit_path_printf(u
, word
, &k
);
502 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
503 "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
507 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
511 r
= strv_consume(sv
, TAKE_PTR(k
));
519 int config_parse_unit_path_strv_printf(
521 const char *filename
,
524 unsigned section_line
,
532 const Unit
*u
= ASSERT_PTR(userdata
);
539 if (isempty(rvalue
)) {
544 for (const char *p
= rvalue
;;) {
545 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
547 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
553 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
554 "Invalid syntax, ignoring: %s", rvalue
);
558 r
= unit_path_printf(u
, word
, &k
);
560 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
561 "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
565 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
569 r
= strv_consume(x
, TAKE_PTR(k
));
575 static int patch_var_run(
577 const char *filename
,
585 e
= path_startswith(*path
, "/var/run/");
589 z
= path_join("/run/", e
);
593 log_syntax(unit
, LOG_NOTICE
, filename
, line
, 0,
594 "%s= references a path below legacy directory /var/run/, updating %s → %s; "
595 "please update the unit file accordingly.", lvalue
, *path
, z
);
597 free_and_replace(*path
, z
);
602 int config_parse_socket_listen(
604 const char *filename
,
607 unsigned section_line
,
614 Socket
*s
= ASSERT_PTR(SOCKET(data
));
615 _cleanup_free_ SocketPort
*p
= NULL
;
622 if (isempty(rvalue
)) {
623 /* An empty assignment removes all ports */
624 socket_free_ports(s
);
628 p
= new(SocketPort
, 1);
637 if (ltype
!= SOCKET_SOCKET
) {
638 _cleanup_free_
char *k
= NULL
;
640 r
= unit_path_printf(UNIT(s
), rvalue
, &k
);
642 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
646 PathSimplifyWarnFlags flags
= PATH_CHECK_ABSOLUTE
;
647 if (ltype
!= SOCKET_SPECIAL
)
648 flags
|= PATH_CHECK_NON_API_VFS
;
650 r
= path_simplify_and_warn(k
, flags
, unit
, filename
, line
, lvalue
);
654 if (ltype
== SOCKET_FIFO
) {
655 r
= patch_var_run(unit
, filename
, line
, lvalue
, &k
);
660 free_and_replace(p
->path
, k
);
663 } else if (streq(lvalue
, "ListenNetlink")) {
664 _cleanup_free_
char *k
= NULL
;
666 r
= unit_path_printf(UNIT(s
), rvalue
, &k
);
668 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
672 r
= socket_address_parse_netlink(&p
->address
, k
);
674 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse address value in '%s', ignoring: %m", k
);
678 p
->type
= SOCKET_SOCKET
;
681 _cleanup_free_
char *k
= NULL
;
683 r
= unit_path_printf(UNIT(s
), rvalue
, &k
);
685 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
689 if (path_is_absolute(k
)) { /* Only for AF_UNIX file system sockets… */
690 r
= patch_var_run(unit
, filename
, line
, lvalue
, &k
);
695 r
= socket_address_parse_and_warn(&p
->address
, k
);
697 if (r
!= -EAFNOSUPPORT
)
698 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse address value in '%s', ignoring: %m", k
);
702 if (streq(lvalue
, "ListenStream"))
703 p
->address
.type
= SOCK_STREAM
;
704 else if (streq(lvalue
, "ListenDatagram"))
705 p
->address
.type
= SOCK_DGRAM
;
707 assert(streq(lvalue
, "ListenSequentialPacket"));
708 p
->address
.type
= SOCK_SEQPACKET
;
711 if (socket_address_family(&p
->address
) != AF_UNIX
&& p
->address
.type
== SOCK_SEQPACKET
) {
712 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Address family not supported, ignoring: %s", rvalue
);
716 p
->type
= SOCKET_SOCKET
;
719 LIST_APPEND(port
, s
->ports
, TAKE_PTR(p
));
723 int config_parse_exec_nice(
725 const char *filename
,
728 unsigned section_line
,
735 ExecContext
*c
= ASSERT_PTR(data
);
742 if (isempty(rvalue
)) {
747 r
= parse_nice(rvalue
, &priority
);
750 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Nice priority out of range, ignoring: %s", rvalue
);
752 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse nice priority '%s', ignoring: %m", rvalue
);
762 int config_parse_exec_oom_score_adjust(
764 const char *filename
,
767 unsigned section_line
,
774 ExecContext
*c
= ASSERT_PTR(data
);
781 if (isempty(rvalue
)) {
782 c
->oom_score_adjust_set
= false;
786 r
= parse_oom_score_adjust(rvalue
, &oa
);
789 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "OOM score adjust value out of range, ignoring: %s", rvalue
);
791 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse the OOM score adjust value '%s', ignoring: %m", rvalue
);
795 c
->oom_score_adjust
= oa
;
796 c
->oom_score_adjust_set
= true;
801 int config_parse_exec_coredump_filter(
803 const char *filename
,
806 unsigned section_line
,
813 ExecContext
*c
= ASSERT_PTR(data
);
820 if (isempty(rvalue
)) {
821 c
->coredump_filter
= 0;
822 c
->coredump_filter_set
= false;
827 r
= coredump_filter_mask_from_string(rvalue
, &f
);
829 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
830 "Failed to parse the CoredumpFilter=%s, ignoring: %m", rvalue
);
834 c
->coredump_filter
|= f
;
835 c
->coredump_filter_set
= true;
839 int config_parse_kill_mode(
841 const char *filename
,
844 unsigned section_line
,
851 KillMode
*k
= data
, m
;
858 if (isempty(rvalue
)) {
859 *k
= KILL_CONTROL_GROUP
;
863 m
= kill_mode_from_string(rvalue
);
865 log_syntax(unit
, LOG_WARNING
, filename
, line
, m
,
866 "Failed to parse kill mode specification, ignoring: %s", rvalue
);
871 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
872 "Unit uses KillMode=none. "
873 "This is unsafe, as it disables systemd's process lifecycle management for the service. "
874 "Please update the service to use a safer KillMode=, such as 'mixed' or 'control-group'. "
875 "Support for KillMode=none is deprecated and will eventually be removed.");
881 int config_parse_exec(
883 const char *filename
,
886 unsigned section_line
,
893 ExecCommand
**e
= ASSERT_PTR(data
);
894 const Unit
*u
= ASSERT_PTR(userdata
);
903 if (isempty(rvalue
)) {
904 /* An empty assignment resets the list */
905 *e
= exec_command_free_list(*e
);
909 const char *p
= rvalue
;
913 _cleanup_free_
char *path
= NULL
, *firstword
= NULL
;
917 r
= extract_first_word_and_warn(&p
, &firstword
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_CUNESCAPE
, unit
, filename
, line
, rvalue
);
921 /* A lone ";" is a separator. Let's make sure we don't treat it as an executable name. */
922 if (streq(firstword
, ";")) {
927 const char *f
= firstword
;
928 bool ignore
, separate_argv0
= false;
929 ExecCommandFlags flags
= 0;
932 /* We accept an absolute path as first argument. Valid prefixes and their effect:
934 * "-": Ignore if the path doesn't exist
935 * "@": Allow overriding argv[0] (supplied as a separate argument)
936 * ":": Disable environment variable substitution
937 * "+": Run with full privileges and no sandboxing
938 * "!": Apply sandboxing except for user/group credentials
939 * "!!": Apply user/group credentials if the kernel supports ambient capabilities -
940 * if it doesn't we don't apply the credentials themselves, but do apply
941 * most other sandboxing, with some special exceptions for changing UID.
943 * The idea is that '!!' may be used to write services that can take benefit of
944 * systemd's UID/GID dropping if the kernel supports ambient creds, but provide
945 * an automatic fallback to privilege dropping within the daemon if the kernel
946 * does not offer that. */
948 if (*f
== '-' && !(flags
& EXEC_COMMAND_IGNORE_FAILURE
))
949 flags
|= EXEC_COMMAND_IGNORE_FAILURE
;
950 else if (*f
== '@' && !separate_argv0
)
951 separate_argv0
= true;
952 else if (*f
== ':' && !(flags
& EXEC_COMMAND_NO_ENV_EXPAND
))
953 flags
|= EXEC_COMMAND_NO_ENV_EXPAND
;
954 else if (*f
== '+' && !(flags
& (EXEC_COMMAND_FULLY_PRIVILEGED
|EXEC_COMMAND_NO_SETUID
|EXEC_COMMAND_AMBIENT_MAGIC
)))
955 flags
|= EXEC_COMMAND_FULLY_PRIVILEGED
;
956 else if (*f
== '!' && !(flags
& (EXEC_COMMAND_FULLY_PRIVILEGED
|EXEC_COMMAND_NO_SETUID
|EXEC_COMMAND_AMBIENT_MAGIC
)))
957 flags
|= EXEC_COMMAND_NO_SETUID
;
958 else if (*f
== '!' && !(flags
& (EXEC_COMMAND_FULLY_PRIVILEGED
|EXEC_COMMAND_AMBIENT_MAGIC
))) {
959 flags
&= ~EXEC_COMMAND_NO_SETUID
;
960 flags
|= EXEC_COMMAND_AMBIENT_MAGIC
;
965 ignore
= FLAGS_SET(flags
, EXEC_COMMAND_IGNORE_FAILURE
);
967 r
= unit_path_printf(u
, f
, &path
);
969 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
970 "Failed to resolve unit specifiers in '%s'%s: %m",
971 f
, ignore
? ", ignoring" : "");
972 return ignore
? 0 : -ENOEXEC
;
976 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
977 "Empty path in command line%s: %s",
978 ignore
? ", ignoring" : "", rvalue
);
979 return ignore
? 0 : -ENOEXEC
;
981 if (!string_is_safe(path
)) {
982 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
983 "Executable path contains special characters%s: %s",
984 ignore
? ", ignoring" : "", path
);
985 return ignore
? 0 : -ENOEXEC
;
987 if (path_implies_directory(path
)) {
988 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
989 "Executable path specifies a directory%s: %s",
990 ignore
? ", ignoring" : "", path
);
991 return ignore
? 0 : -ENOEXEC
;
994 if (!(path_is_absolute(path
) ? path_is_valid(path
) : filename_is_valid(path
))) {
995 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
996 "Neither a valid executable name nor an absolute path%s: %s",
997 ignore
? ", ignoring" : "", path
);
998 return ignore
? 0 : -ENOEXEC
;
1001 _cleanup_strv_free_
char **args
= NULL
;
1003 if (!separate_argv0
)
1004 if (strv_extend(&args
, path
) < 0)
1007 while (!isempty(p
)) {
1008 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
;
1010 /* Check explicitly for an unquoted semicolon as command separator token. */
1011 if (p
[0] == ';' && (!p
[1] || strchr(WHITESPACE
, p
[1]))) {
1013 p
= skip_leading_chars(p
, /* bad = */ NULL
);
1018 /* Check for \; explicitly, to not confuse it with \\; or "\;" or "\\;" etc.
1019 * extract_first_word() would return the same for all of those. */
1020 if (p
[0] == '\\' && p
[1] == ';' && (!p
[2] || strchr(WHITESPACE
, p
[2]))) {
1022 p
= skip_leading_chars(p
, /* bad = */ NULL
);
1024 if (strv_extend(&args
, ";") < 0)
1030 r
= extract_first_word_and_warn(&p
, &word
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_CUNESCAPE
, unit
, filename
, line
, rvalue
);
1032 return ignore
? 0 : -ENOEXEC
;
1036 r
= unit_full_printf(u
, word
, &resolved
);
1038 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
1039 "Failed to resolve unit specifiers in '%s'%s: %m",
1040 word
, ignore
? ", ignoring" : "");
1041 return ignore
? 0 : -ENOEXEC
;
1044 if (strv_consume(&args
, TAKE_PTR(resolved
)) < 0)
1048 if (strv_isempty(args
)) {
1049 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, 0,
1050 "Empty executable name or zeroeth argument%s: %s",
1051 ignore
? ", ignoring" : "", rvalue
);
1052 return ignore
? 0 : -ENOEXEC
;
1055 ExecCommand
*nec
= new(ExecCommand
, 1);
1059 *nec
= (ExecCommand
) {
1060 .path
= path_simplify(TAKE_PTR(path
)),
1061 .argv
= TAKE_PTR(args
),
1065 exec_command_append_list(e
, nec
);
1068 } while (semicolon
);
1073 int config_parse_socket_bindtodevice(
1075 const char *filename
,
1077 const char *section
,
1078 unsigned section_line
,
1085 Socket
*s
= ASSERT_PTR(data
);
1091 if (isempty(rvalue
) || streq(rvalue
, "*")) {
1092 s
->bind_to_device
= mfree(s
->bind_to_device
);
1096 if (!ifname_valid(rvalue
)) {
1097 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid interface name, ignoring: %s", rvalue
);
1101 return free_and_strdup_warn(&s
->bind_to_device
, rvalue
);
1104 int config_parse_exec_input(
1106 const char *filename
,
1108 const char *section
,
1109 unsigned section_line
,
1116 ExecContext
*c
= ASSERT_PTR(data
);
1117 const Unit
*u
= userdata
;
1126 n
= startswith(rvalue
, "fd:");
1128 _cleanup_free_
char *resolved
= NULL
;
1130 r
= unit_fd_printf(u
, n
, &resolved
);
1132 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", n
);
1136 if (isempty(resolved
))
1137 resolved
= mfree(resolved
);
1138 else if (!fdname_is_valid(resolved
)) {
1139 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid file descriptor name, ignoring: %s", resolved
);
1143 free_and_replace(c
->stdio_fdname
[STDIN_FILENO
], resolved
);
1145 ei
= EXEC_INPUT_NAMED_FD
;
1147 } else if ((n
= startswith(rvalue
, "file:"))) {
1148 _cleanup_free_
char *resolved
= NULL
;
1150 r
= unit_path_printf(u
, n
, &resolved
);
1152 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", n
);
1156 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
1160 free_and_replace(c
->stdio_file
[STDIN_FILENO
], resolved
);
1162 ei
= EXEC_INPUT_FILE
;
1165 ei
= exec_input_from_string(rvalue
);
1167 log_syntax(unit
, LOG_WARNING
, filename
, line
, ei
, "Failed to parse input specifier, ignoring: %s", rvalue
);
1176 int config_parse_exec_input_text(
1178 const char *filename
,
1180 const char *section
,
1181 unsigned section_line
,
1188 _cleanup_free_
char *unescaped
= NULL
, *resolved
= NULL
;
1189 ExecContext
*c
= ASSERT_PTR(data
);
1190 const Unit
*u
= userdata
;
1197 if (isempty(rvalue
)) {
1198 /* Reset if the empty string is assigned */
1199 c
->stdin_data
= mfree(c
->stdin_data
);
1200 c
->stdin_data_size
= 0;
1204 ssize_t l
= cunescape(rvalue
, 0, &unescaped
);
1206 log_syntax(unit
, LOG_WARNING
, filename
, line
, l
,
1207 "Failed to decode C escaped text '%s', ignoring: %m", rvalue
);
1211 r
= unit_full_printf_full(u
, unescaped
, EXEC_STDIN_DATA_MAX
, &resolved
);
1213 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1214 "Failed to resolve unit specifiers in '%s', ignoring: %m", unescaped
);
1218 size_t sz
= strlen(resolved
);
1219 if (c
->stdin_data_size
+ sz
+ 1 < c
->stdin_data_size
|| /* check for overflow */
1220 c
->stdin_data_size
+ sz
+ 1 > EXEC_STDIN_DATA_MAX
) {
1221 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1222 "Standard input data too large (%zu), maximum of %zu permitted, ignoring.",
1223 c
->stdin_data_size
+ sz
, (size_t) EXEC_STDIN_DATA_MAX
);
1227 void *p
= realloc(c
->stdin_data
, c
->stdin_data_size
+ sz
+ 1);
1231 *((char*) mempcpy((char*) p
+ c
->stdin_data_size
, resolved
, sz
)) = '\n';
1234 c
->stdin_data_size
+= sz
+ 1;
1239 int config_parse_exec_input_data(
1241 const char *filename
,
1243 const char *section
,
1244 unsigned section_line
,
1251 _cleanup_free_
void *p
= NULL
;
1252 ExecContext
*c
= ASSERT_PTR(data
);
1261 if (isempty(rvalue
)) {
1262 /* Reset if the empty string is assigned */
1263 c
->stdin_data
= mfree(c
->stdin_data
);
1264 c
->stdin_data_size
= 0;
1268 r
= unbase64mem(rvalue
, &p
, &sz
);
1270 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1271 "Failed to decode base64 data, ignoring: %s", rvalue
);
1277 if (c
->stdin_data_size
+ sz
< c
->stdin_data_size
|| /* check for overflow */
1278 c
->stdin_data_size
+ sz
> EXEC_STDIN_DATA_MAX
) {
1279 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1280 "Standard input data too large (%zu), maximum of %zu permitted, ignoring.",
1281 c
->stdin_data_size
+ sz
, (size_t) EXEC_STDIN_DATA_MAX
);
1285 q
= realloc(c
->stdin_data
, c
->stdin_data_size
+ sz
);
1289 memcpy((uint8_t*) q
+ c
->stdin_data_size
, p
, sz
);
1292 c
->stdin_data_size
+= sz
;
1297 int config_parse_exec_output(
1299 const char *filename
,
1301 const char *section
,
1302 unsigned section_line
,
1309 _cleanup_free_
char *resolved
= NULL
;
1311 ExecContext
*c
= ASSERT_PTR(data
);
1312 const Unit
*u
= userdata
;
1313 bool obsolete
= false;
1322 n
= startswith(rvalue
, "fd:");
1324 r
= unit_fd_printf(u
, n
, &resolved
);
1326 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", n
);
1330 if (isempty(resolved
))
1331 resolved
= mfree(resolved
);
1332 else if (!fdname_is_valid(resolved
)) {
1333 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid file descriptor name, ignoring: %s", resolved
);
1337 eo
= EXEC_OUTPUT_NAMED_FD
;
1339 } else if (streq(rvalue
, "syslog")) {
1340 eo
= EXEC_OUTPUT_JOURNAL
;
1343 } else if (streq(rvalue
, "syslog+console")) {
1344 eo
= EXEC_OUTPUT_JOURNAL_AND_CONSOLE
;
1347 } else if ((n
= startswith(rvalue
, "file:"))) {
1349 r
= unit_path_printf(u
, n
, &resolved
);
1351 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", n
);
1355 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
1359 eo
= EXEC_OUTPUT_FILE
;
1361 } else if ((n
= startswith(rvalue
, "append:"))) {
1363 r
= unit_path_printf(u
, n
, &resolved
);
1365 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", n
);
1369 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
1373 eo
= EXEC_OUTPUT_FILE_APPEND
;
1375 } else if ((n
= startswith(rvalue
, "truncate:"))) {
1377 r
= unit_path_printf(u
, n
, &resolved
);
1379 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", n
);
1383 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
| PATH_CHECK_FATAL
, unit
, filename
, line
, lvalue
);
1387 eo
= EXEC_OUTPUT_FILE_TRUNCATE
;
1389 eo
= exec_output_from_string(rvalue
);
1391 log_syntax(unit
, LOG_WARNING
, filename
, line
, eo
, "Failed to parse output specifier, ignoring: %s", rvalue
);
1397 log_syntax(unit
, LOG_NOTICE
, filename
, line
, 0,
1398 "Standard output type %s is obsolete, automatically updating to %s. Please update your unit file, and consider removing the setting altogether.",
1399 rvalue
, exec_output_to_string(eo
));
1401 if (streq(lvalue
, "StandardOutput")) {
1402 if (eo
== EXEC_OUTPUT_NAMED_FD
)
1403 free_and_replace(c
->stdio_fdname
[STDOUT_FILENO
], resolved
);
1405 free_and_replace(c
->stdio_file
[STDOUT_FILENO
], resolved
);
1410 assert(streq(lvalue
, "StandardError"));
1412 if (eo
== EXEC_OUTPUT_NAMED_FD
)
1413 free_and_replace(c
->stdio_fdname
[STDERR_FILENO
], resolved
);
1415 free_and_replace(c
->stdio_file
[STDERR_FILENO
], resolved
);
1423 int config_parse_exec_io_class(const char *unit
,
1424 const char *filename
,
1426 const char *section
,
1427 unsigned section_line
,
1434 ExecContext
*c
= ASSERT_PTR(data
);
1441 if (isempty(rvalue
)) {
1442 c
->ioprio_set
= false;
1443 c
->ioprio
= IOPRIO_DEFAULT_CLASS_AND_PRIO
;
1447 x
= ioprio_class_from_string(rvalue
);
1449 log_syntax(unit
, LOG_WARNING
, filename
, line
, x
, "Failed to parse IO scheduling class, ignoring: %s", rvalue
);
1453 c
->ioprio
= ioprio_normalize(ioprio_prio_value(x
, ioprio_prio_data(c
->ioprio
)));
1454 c
->ioprio_set
= true;
1459 int config_parse_exec_io_priority(const char *unit
,
1460 const char *filename
,
1462 const char *section
,
1463 unsigned section_line
,
1470 ExecContext
*c
= ASSERT_PTR(data
);
1477 if (isempty(rvalue
)) {
1478 c
->ioprio_set
= false;
1479 c
->ioprio
= IOPRIO_DEFAULT_CLASS_AND_PRIO
;
1483 r
= ioprio_parse_priority(rvalue
, &i
);
1485 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse IO priority, ignoring: %s", rvalue
);
1489 c
->ioprio
= ioprio_normalize(ioprio_prio_value(ioprio_prio_class(c
->ioprio
), i
));
1490 c
->ioprio_set
= true;
1495 int config_parse_exec_cpu_sched_policy(const char *unit
,
1496 const char *filename
,
1498 const char *section
,
1499 unsigned section_line
,
1506 ExecContext
*c
= ASSERT_PTR(data
);
1513 if (isempty(rvalue
)) {
1514 c
->cpu_sched_set
= false;
1515 c
->cpu_sched_policy
= SCHED_OTHER
;
1516 c
->cpu_sched_priority
= 0;
1520 x
= sched_policy_from_string(rvalue
);
1522 log_syntax(unit
, LOG_WARNING
, filename
, line
, x
, "Failed to parse CPU scheduling policy, ignoring: %s", rvalue
);
1526 c
->cpu_sched_policy
= x
;
1527 /* Moving to or from real-time policy? We need to adjust the priority */
1528 c
->cpu_sched_priority
= CLAMP(c
->cpu_sched_priority
, sched_get_priority_min(x
), sched_get_priority_max(x
));
1529 c
->cpu_sched_set
= true;
1534 int config_parse_numa_mask(const char *unit
,
1535 const char *filename
,
1537 const char *section
,
1538 unsigned section_line
,
1545 NUMAPolicy
*p
= ASSERT_PTR(data
);
1551 if (streq(rvalue
, "all")) {
1552 r
= numa_mask_add_all(&p
->nodes
);
1554 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1555 "Failed to create NUMA mask representing \"all\" NUMA nodes, ignoring: %m");
1557 r
= parse_cpu_set_extend(rvalue
, &p
->nodes
, true, unit
, filename
, line
, lvalue
);
1559 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse NUMA node mask, ignoring: %s", rvalue
);
1565 int config_parse_exec_cpu_sched_prio(const char *unit
,
1566 const char *filename
,
1568 const char *section
,
1569 unsigned section_line
,
1576 ExecContext
*c
= ASSERT_PTR(data
);
1583 r
= safe_atoi(rvalue
, &i
);
1585 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse CPU scheduling priority, ignoring: %s", rvalue
);
1589 /* On Linux RR/FIFO range from 1 to 99 and OTHER/BATCH may only be 0. Policy might be set later so
1590 * we do not check the precise range, but only the generic outer bounds. */
1591 if (i
< 0 || i
> 99) {
1592 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "CPU scheduling priority is out of range, ignoring: %s", rvalue
);
1596 c
->cpu_sched_priority
= i
;
1597 c
->cpu_sched_set
= true;
1602 int config_parse_root_image_options(
1604 const char *filename
,
1606 const char *section
,
1607 unsigned section_line
,
1614 _cleanup_(mount_options_free_allp
) MountOptions
*options
= NULL
;
1615 _cleanup_strv_free_
char **l
= NULL
;
1616 ExecContext
*c
= ASSERT_PTR(data
);
1617 const Unit
*u
= userdata
;
1624 if (isempty(rvalue
)) {
1625 c
->root_image_options
= mount_options_free_all(c
->root_image_options
);
1629 r
= strv_split_colon_pairs(&l
, rvalue
);
1633 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s, ignoring: %s", lvalue
, rvalue
);
1637 STRV_FOREACH_PAIR(first
, second
, l
) {
1638 MountOptions
*o
= NULL
;
1639 _cleanup_free_
char *mount_options_resolved
= NULL
;
1640 const char *mount_options
= NULL
, *partition
= "root";
1641 PartitionDesignator partition_designator
;
1643 /* Format is either 'root:foo' or 'foo' (root is implied) */
1644 if (!isempty(*second
)) {
1646 mount_options
= *second
;
1648 mount_options
= *first
;
1650 partition_designator
= partition_designator_from_string(partition
);
1651 if (partition_designator
< 0) {
1652 log_syntax(unit
, LOG_WARNING
, filename
, line
, partition_designator
,
1653 "Invalid partition name %s, ignoring", partition
);
1656 r
= unit_full_printf(u
, mount_options
, &mount_options_resolved
);
1658 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options
);
1662 o
= new(MountOptions
, 1);
1665 *o
= (MountOptions
) {
1666 .partition_designator
= partition_designator
,
1667 .options
= TAKE_PTR(mount_options_resolved
),
1669 LIST_APPEND(mount_options
, options
, TAKE_PTR(o
));
1673 LIST_JOIN(mount_options
, c
->root_image_options
, options
);
1675 /* empty spaces/separators only */
1676 c
->root_image_options
= mount_options_free_all(c
->root_image_options
);
1681 int config_parse_exec_root_hash(
1683 const char *filename
,
1685 const char *section
,
1686 unsigned section_line
,
1693 _cleanup_free_
void *roothash_decoded
= NULL
;
1694 ExecContext
*c
= ASSERT_PTR(data
);
1695 size_t roothash_decoded_size
= 0;
1702 if (isempty(rvalue
)) {
1703 /* Reset if the empty string is assigned */
1704 c
->root_hash_path
= mfree(c
->root_hash_path
);
1705 c
->root_hash
= mfree(c
->root_hash
);
1706 c
->root_hash_size
= 0;
1710 if (path_is_absolute(rvalue
)) {
1711 /* We have the path to a roothash to load and decode, eg: RootHash=/foo/bar.roothash */
1712 _cleanup_free_
char *p
= NULL
;
1718 free_and_replace(c
->root_hash_path
, p
);
1719 c
->root_hash
= mfree(c
->root_hash
);
1720 c
->root_hash_size
= 0;
1724 /* We have a roothash to decode, eg: RootHash=012345789abcdef */
1725 r
= unhexmem(rvalue
, &roothash_decoded
, &roothash_decoded_size
);
1727 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to decode RootHash=, ignoring: %s", rvalue
);
1730 if (roothash_decoded_size
< sizeof(sd_id128_t
)) {
1731 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "RootHash= is too short, ignoring: %s", rvalue
);
1735 free_and_replace(c
->root_hash
, roothash_decoded
);
1736 c
->root_hash_size
= roothash_decoded_size
;
1737 c
->root_hash_path
= mfree(c
->root_hash_path
);
1742 int config_parse_exec_root_hash_sig(
1744 const char *filename
,
1746 const char *section
,
1747 unsigned section_line
,
1754 _cleanup_free_
void *roothash_sig_decoded
= NULL
;
1756 ExecContext
*c
= ASSERT_PTR(data
);
1757 size_t roothash_sig_decoded_size
= 0;
1764 if (isempty(rvalue
)) {
1765 /* Reset if the empty string is assigned */
1766 c
->root_hash_sig_path
= mfree(c
->root_hash_sig_path
);
1767 c
->root_hash_sig
= mfree(c
->root_hash_sig
);
1768 c
->root_hash_sig_size
= 0;
1772 if (path_is_absolute(rvalue
)) {
1773 /* We have the path to a roothash signature to load and decode, eg: RootHashSignature=/foo/bar.roothash.p7s */
1774 _cleanup_free_
char *p
= NULL
;
1780 free_and_replace(c
->root_hash_sig_path
, p
);
1781 c
->root_hash_sig
= mfree(c
->root_hash_sig
);
1782 c
->root_hash_sig_size
= 0;
1786 if (!(value
= startswith(rvalue
, "base64:"))) {
1787 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
1788 "Failed to decode RootHashSignature=, not a path but doesn't start with 'base64:', ignoring: %s", rvalue
);
1792 /* We have a roothash signature to decode, eg: RootHashSignature=base64:012345789abcdef */
1793 r
= unbase64mem(value
, &roothash_sig_decoded
, &roothash_sig_decoded_size
);
1795 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to decode RootHashSignature=, ignoring: %s", rvalue
);
1799 free_and_replace(c
->root_hash_sig
, roothash_sig_decoded
);
1800 c
->root_hash_sig_size
= roothash_sig_decoded_size
;
1801 c
->root_hash_sig_path
= mfree(c
->root_hash_sig_path
);
1806 int config_parse_exec_cpu_affinity(
1808 const char *filename
,
1810 const char *section
,
1811 unsigned section_line
,
1818 ExecContext
*c
= ASSERT_PTR(data
);
1819 const Unit
*u
= userdata
;
1820 _cleanup_free_
char *k
= NULL
;
1827 if (streq(rvalue
, "numa")) {
1828 c
->cpu_affinity_from_numa
= true;
1829 cpu_set_reset(&c
->cpu_set
);
1834 r
= unit_full_printf(u
, rvalue
, &k
);
1836 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
1837 "Failed to resolve unit specifiers in '%s', ignoring: %m",
1842 r
= parse_cpu_set_extend(k
, &c
->cpu_set
, true, unit
, filename
, line
, lvalue
);
1844 c
->cpu_affinity_from_numa
= false;
1849 int config_parse_capability_set(
1851 const char *filename
,
1853 const char *section
,
1854 unsigned section_line
,
1861 uint64_t *capability_set
= ASSERT_PTR(data
);
1862 uint64_t sum
= 0, initial
, def
;
1863 bool invert
= false;
1870 if (rvalue
[0] == '~') {
1875 if (streq(lvalue
, "CapabilityBoundingSet")) {
1876 initial
= CAP_MASK_ALL
; /* initialized to all bits on */
1877 def
= CAP_MASK_UNSET
; /* not set */
1879 def
= initial
= 0; /* All bits off */
1881 r
= capability_set_from_string(rvalue
, &sum
);
1883 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s= specifier '%s', ignoring: %m", lvalue
, rvalue
);
1887 if (sum
== 0 || *capability_set
== def
)
1888 /* "", "~" or uninitialized data -> replace */
1889 *capability_set
= invert
? ~sum
: sum
;
1891 /* previous data -> merge */
1893 *capability_set
&= ~sum
;
1895 *capability_set
|= sum
;
1901 int config_parse_exec_selinux_context(
1903 const char *filename
,
1905 const char *section
,
1906 unsigned section_line
,
1913 ExecContext
*c
= ASSERT_PTR(data
);
1914 const Unit
*u
= userdata
;
1923 if (isempty(rvalue
)) {
1924 c
->selinux_context
= mfree(c
->selinux_context
);
1925 c
->selinux_context_ignore
= false;
1929 if (rvalue
[0] == '-') {
1935 r
= unit_full_printf(u
, rvalue
, &k
);
1937 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
1938 "Failed to resolve unit specifiers in '%s'%s: %m",
1939 rvalue
, ignore
? ", ignoring" : "");
1940 return ignore
? 0 : -ENOEXEC
;
1943 free_and_replace(c
->selinux_context
, k
);
1944 c
->selinux_context_ignore
= ignore
;
1949 int config_parse_exec_apparmor_profile(
1951 const char *filename
,
1953 const char *section
,
1954 unsigned section_line
,
1961 ExecContext
*c
= ASSERT_PTR(data
);
1962 const Unit
*u
= userdata
;
1971 if (isempty(rvalue
)) {
1972 c
->apparmor_profile
= mfree(c
->apparmor_profile
);
1973 c
->apparmor_profile_ignore
= false;
1977 if (rvalue
[0] == '-') {
1983 r
= unit_full_printf(u
, rvalue
, &k
);
1985 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
1986 "Failed to resolve unit specifiers in '%s'%s: %m",
1987 rvalue
, ignore
? ", ignoring" : "");
1988 return ignore
? 0 : -ENOEXEC
;
1991 free_and_replace(c
->apparmor_profile
, k
);
1992 c
->apparmor_profile_ignore
= ignore
;
1997 int config_parse_exec_smack_process_label(
1999 const char *filename
,
2001 const char *section
,
2002 unsigned section_line
,
2009 ExecContext
*c
= ASSERT_PTR(data
);
2010 const Unit
*u
= userdata
;
2019 if (isempty(rvalue
)) {
2020 c
->smack_process_label
= mfree(c
->smack_process_label
);
2021 c
->smack_process_label_ignore
= false;
2025 if (rvalue
[0] == '-') {
2031 r
= unit_full_printf(u
, rvalue
, &k
);
2033 log_syntax(unit
, ignore
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
2034 "Failed to resolve unit specifiers in '%s'%s: %m",
2035 rvalue
, ignore
? ", ignoring" : "");
2036 return ignore
? 0 : -ENOEXEC
;
2039 free_and_replace(c
->smack_process_label
, k
);
2040 c
->smack_process_label_ignore
= ignore
;
2045 int config_parse_timer(
2047 const char *filename
,
2049 const char *section
,
2050 unsigned section_line
,
2057 _cleanup_(calendar_spec_freep
) CalendarSpec
*c
= NULL
;
2058 _cleanup_free_
char *k
= NULL
;
2059 const Unit
*u
= userdata
;
2060 Timer
*t
= ASSERT_PTR(data
);
2069 if (isempty(rvalue
)) {
2070 /* Empty assignment resets list */
2071 timer_free_values(t
);
2075 r
= unit_full_printf(u
, rvalue
, &k
);
2077 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
2081 if (ltype
== TIMER_CALENDAR
) {
2082 r
= calendar_spec_from_string(k
, &c
);
2084 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse calendar specification, ignoring: %s", k
);
2088 r
= parse_sec(k
, &usec
);
2090 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse timer value, ignoring: %s", k
);
2095 v
= new(TimerValue
, 1);
2102 .calendar_spec
= TAKE_PTR(c
),
2105 LIST_PREPEND(value
, t
->values
, v
);
2110 int config_parse_trigger_unit(
2112 const char *filename
,
2114 const char *section
,
2115 unsigned section_line
,
2122 _cleanup_free_
char *p
= NULL
;
2123 Unit
*u
= ASSERT_PTR(data
);
2131 if (UNIT_TRIGGER(u
)) {
2132 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Multiple units to trigger specified, ignoring: %s", rvalue
);
2136 r
= unit_name_printf(u
, rvalue
, &p
);
2138 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2142 type
= unit_name_to_type(p
);
2144 log_syntax(unit
, LOG_WARNING
, filename
, line
, type
, "Unit type not valid, ignoring: %s", rvalue
);
2147 if (unit_has_name(u
, p
)) {
2148 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Units cannot trigger themselves, ignoring: %s", rvalue
);
2152 r
= unit_add_two_dependencies_by_name(u
, UNIT_BEFORE
, UNIT_TRIGGERS
, p
, true, UNIT_DEPENDENCY_FILE
);
2154 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add trigger on %s, ignoring: %m", p
);
2161 int config_parse_path_spec(const char *unit
,
2162 const char *filename
,
2164 const char *section
,
2165 unsigned section_line
,
2172 Path
*p
= ASSERT_PTR(data
);
2175 _cleanup_free_
char *k
= NULL
;
2182 if (isempty(rvalue
)) {
2183 /* Empty assignment clears list */
2188 b
= path_type_from_string(lvalue
);
2190 log_syntax(unit
, LOG_WARNING
, filename
, line
, b
, "Failed to parse path type, ignoring: %s", lvalue
);
2194 r
= unit_path_printf(UNIT(p
), rvalue
, &k
);
2196 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2200 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
2204 s
= new0(PathSpec
, 1);
2209 s
->path
= TAKE_PTR(k
);
2211 s
->inotify_fd
= -EBADF
;
2213 LIST_PREPEND(spec
, p
->specs
, s
);
2218 int config_parse_socket_service(
2220 const char *filename
,
2222 const char *section
,
2223 unsigned section_line
,
2230 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2231 _cleanup_free_
char *p
= NULL
;
2232 Socket
*s
= ASSERT_PTR(data
);
2240 r
= unit_name_printf(UNIT(s
), rvalue
, &p
);
2242 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2246 if (!endswith(p
, ".service")) {
2247 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Unit must be of type service, ignoring: %s", rvalue
);
2251 r
= manager_load_unit(UNIT(s
)->manager
, p
, NULL
, &error
, &x
);
2253 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to load unit %s, ignoring: %s", rvalue
, bus_error_message(&error
, r
));
2257 unit_ref_set(&s
->service
, UNIT(s
), x
);
2262 int config_parse_fdname(
2264 const char *filename
,
2266 const char *section
,
2267 unsigned section_line
,
2274 _cleanup_free_
char *p
= NULL
;
2275 Socket
*s
= ASSERT_PTR(data
);
2282 if (isempty(rvalue
)) {
2283 s
->fdname
= mfree(s
->fdname
);
2287 r
= unit_fd_printf(UNIT(s
), rvalue
, &p
);
2289 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
2293 if (!fdname_is_valid(p
)) {
2294 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid file descriptor name, ignoring: %s", p
);
2298 return free_and_replace(s
->fdname
, p
);
2301 int config_parse_service_sockets(
2303 const char *filename
,
2305 const char *section
,
2306 unsigned section_line
,
2313 Service
*s
= ASSERT_PTR(data
);
2320 for (const char *p
= rvalue
;;) {
2321 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2323 r
= extract_first_word(&p
, &word
, NULL
, 0);
2327 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Trailing garbage in sockets, ignoring: %s", rvalue
);
2333 r
= unit_name_printf(UNIT(s
), word
, &k
);
2335 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
2339 if (!endswith(k
, ".socket")) {
2340 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Unit must be of type socket, ignoring: %s", k
);
2344 r
= unit_add_two_dependencies_by_name(UNIT(s
), UNIT_WANTS
, UNIT_AFTER
, k
, true, UNIT_DEPENDENCY_FILE
);
2346 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add dependency on %s, ignoring: %m", k
);
2348 r
= unit_add_dependency_by_name(UNIT(s
), UNIT_TRIGGERED_BY
, k
, true, UNIT_DEPENDENCY_FILE
);
2350 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add dependency on %s, ignoring: %m", k
);
2354 int config_parse_bus_name(
2356 const char *filename
,
2358 const char *section
,
2359 unsigned section_line
,
2366 _cleanup_free_
char *k
= NULL
;
2367 const Unit
*u
= ASSERT_PTR(userdata
);
2374 r
= unit_full_printf_full(u
, rvalue
, SD_BUS_MAXIMUM_NAME_LENGTH
, &k
);
2376 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
2380 if (!sd_bus_service_name_is_valid(k
)) {
2381 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid bus name, ignoring: %s", k
);
2385 return config_parse_string(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, k
, data
, userdata
);
2388 int config_parse_service_timeout(
2390 const char *filename
,
2392 const char *section
,
2393 unsigned section_line
,
2400 Service
*s
= ASSERT_PTR(userdata
);
2408 /* This is called for two cases: TimeoutSec= and TimeoutStartSec=. */
2410 /* Traditionally, these options accepted 0 to disable the timeouts. However, a timeout of 0 suggests it happens
2411 * immediately, hence fix this to become USEC_INFINITY instead. This is in-line with how we internally handle
2412 * all other timeouts. */
2413 r
= parse_sec_fix_0(rvalue
, &usec
);
2415 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s= parameter, ignoring: %s", lvalue
, rvalue
);
2419 s
->start_timeout_defined
= true;
2420 s
->timeout_start_usec
= usec
;
2422 if (streq(lvalue
, "TimeoutSec"))
2423 s
->timeout_stop_usec
= usec
;
2428 int config_parse_timeout_abort(
2430 const char *filename
,
2432 const char *section
,
2433 unsigned section_line
,
2440 usec_t
*ret
= ASSERT_PTR(data
);
2447 /* Note: apart from setting the arg, this returns an extra bit of information in the return value. */
2449 if (isempty(rvalue
)) {
2451 return 0; /* "not set" */
2454 r
= parse_sec(rvalue
, ret
);
2456 return log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s= setting, ignoring: %s", lvalue
, rvalue
);
2458 return 1; /* "set" */
2461 int config_parse_service_timeout_abort(
2463 const char *filename
,
2465 const char *section
,
2466 unsigned section_line
,
2473 Service
*s
= ASSERT_PTR(userdata
);
2476 r
= config_parse_timeout_abort(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
,
2477 &s
->timeout_abort_usec
, s
);
2479 s
->timeout_abort_set
= r
;
2483 int config_parse_user_group_compat(
2485 const char *filename
,
2487 const char *section
,
2488 unsigned section_line
,
2495 _cleanup_free_
char *k
= NULL
;
2497 const Unit
*u
= ASSERT_PTR(userdata
);
2504 if (isempty(rvalue
)) {
2505 *user
= mfree(*user
);
2509 r
= unit_full_printf(u
, rvalue
, &k
);
2511 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", rvalue
);
2515 if (!valid_user_group_name(k
, VALID_USER_ALLOW_NUMERIC
|VALID_USER_RELAX
|VALID_USER_WARN
)) {
2516 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Invalid user/group name or numeric ID: %s", k
);
2520 if (strstr(lvalue
, "User") && streq(k
, NOBODY_USER_NAME
))
2521 log_struct(LOG_NOTICE
,
2522 "MESSAGE=%s:%u: Special user %s configured, this is not safe!", filename
, line
, k
,
2524 "MESSAGE_ID=" SD_MESSAGE_NOBODY_USER_UNSUITABLE_STR
,
2525 "OFFENDING_USER=%s", k
,
2526 "CONFIG_FILE=%s", filename
,
2527 "CONFIG_LINE=%u", line
);
2529 return free_and_replace(*user
, k
);
2532 int config_parse_user_group_strv_compat(
2534 const char *filename
,
2536 const char *section
,
2537 unsigned section_line
,
2544 char ***users
= data
;
2545 const Unit
*u
= ASSERT_PTR(userdata
);
2552 if (isempty(rvalue
)) {
2553 *users
= strv_free(*users
);
2557 for (const char *p
= rvalue
;;) {
2558 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2560 r
= extract_first_word(&p
, &word
, NULL
, 0);
2564 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Invalid syntax: %s", rvalue
);
2570 r
= unit_full_printf(u
, word
, &k
);
2572 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", word
);
2576 if (!valid_user_group_name(k
, VALID_USER_ALLOW_NUMERIC
|VALID_USER_RELAX
|VALID_USER_WARN
)) {
2577 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Invalid user/group name or numeric ID: %s", k
);
2581 r
= strv_push(users
, k
);
2589 int config_parse_working_directory(
2591 const char *filename
,
2593 const char *section
,
2594 unsigned section_line
,
2601 ExecContext
*c
= ASSERT_PTR(data
);
2602 const Unit
*u
= ASSERT_PTR(userdata
);
2610 if (isempty(rvalue
)) {
2611 c
->working_directory_home
= false;
2612 c
->working_directory
= mfree(c
->working_directory
);
2616 if (rvalue
[0] == '-') {
2622 if (streq(rvalue
, "~")) {
2623 c
->working_directory_home
= true;
2624 c
->working_directory
= mfree(c
->working_directory
);
2626 _cleanup_free_
char *k
= NULL
;
2628 r
= unit_path_printf(u
, rvalue
, &k
);
2630 log_syntax(unit
, missing_ok
? LOG_WARNING
: LOG_ERR
, filename
, line
, r
,
2631 "Failed to resolve unit specifiers in working directory path '%s'%s: %m",
2632 rvalue
, missing_ok
? ", ignoring" : "");
2633 return missing_ok
? 0 : -ENOEXEC
;
2636 r
= path_simplify_and_warn(k
, PATH_CHECK_ABSOLUTE
|PATH_CHECK_NON_API_VFS
|(missing_ok
? 0 : PATH_CHECK_FATAL
), unit
, filename
, line
, lvalue
);
2638 return missing_ok
? 0 : -ENOEXEC
;
2640 c
->working_directory_home
= false;
2641 free_and_replace(c
->working_directory
, k
);
2644 c
->working_directory_missing_ok
= missing_ok
;
2648 int config_parse_unit_env_file(const char *unit
,
2649 const char *filename
,
2651 const char *section
,
2652 unsigned section_line
,
2659 char ***env
= ASSERT_PTR(data
);
2660 const Unit
*u
= userdata
;
2661 _cleanup_free_
char *n
= NULL
;
2668 if (isempty(rvalue
)) {
2669 /* Empty assignment frees the list */
2670 *env
= strv_free(*env
);
2674 r
= unit_path_printf(u
, rvalue
, &n
);
2676 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
2680 r
= path_simplify_and_warn(n
[0] == '-' ? n
+ 1 : n
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
2684 r
= strv_push(env
, n
);
2693 int config_parse_environ(
2695 const char *filename
,
2697 const char *section
,
2698 unsigned section_line
,
2705 const Unit
*u
= userdata
;
2706 char ***env
= ASSERT_PTR(data
);
2713 if (isempty(rvalue
)) {
2714 /* Empty assignment resets the list */
2715 *env
= strv_free(*env
);
2719 /* If 'u' is set, we operate on the regular unit specifier table. Otherwise we use a manager-specific
2720 * specifier table (in which case ltype must contain the runtime scope). */
2721 const Specifier
*table
= u
? NULL
: (const Specifier
[]) {
2722 COMMON_SYSTEM_SPECIFIERS
,
2723 COMMON_TMP_SPECIFIERS
,
2724 COMMON_CREDS_SPECIFIERS(ltype
),
2725 { 'h', specifier_user_home
, NULL
},
2726 { 's', specifier_user_shell
, NULL
},
2729 for (const char *p
= rvalue
;; ) {
2730 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
;
2732 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_CUNESCAPE
|EXTRACT_UNQUOTE
);
2736 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2737 "Invalid syntax, ignoring: %s", rvalue
);
2744 r
= specifier_printf(word
, sc_arg_max(), table
, NULL
, NULL
, &resolved
);
2746 r
= unit_env_printf(u
, word
, &resolved
);
2748 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2749 "Failed to resolve specifiers in %s, ignoring: %m", word
);
2753 if (!env_assignment_is_valid(resolved
)) {
2754 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2755 "Invalid environment assignment, ignoring: %s", resolved
);
2759 r
= strv_env_replace_consume(env
, TAKE_PTR(resolved
));
2761 return log_error_errno(r
, "Failed to update environment: %m");
2765 int config_parse_pass_environ(
2767 const char *filename
,
2769 const char *section
,
2770 unsigned section_line
,
2777 _cleanup_strv_free_
char **n
= NULL
;
2778 const Unit
*u
= userdata
;
2779 char*** passenv
= ASSERT_PTR(data
);
2787 if (isempty(rvalue
)) {
2788 /* Empty assignment resets the list */
2789 *passenv
= strv_free(*passenv
);
2793 for (const char *p
= rvalue
;;) {
2794 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2796 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
2800 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2801 "Trailing garbage in %s, ignoring: %s", lvalue
, rvalue
);
2808 r
= unit_env_printf(u
, word
, &k
);
2810 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2811 "Failed to resolve specifiers in %s, ignoring: %m", word
);
2817 if (!env_name_is_valid(k
)) {
2818 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2819 "Invalid environment name for %s, ignoring: %s", lvalue
, k
);
2823 if (!GREEDY_REALLOC(n
, nlen
+ 2))
2826 n
[nlen
++] = TAKE_PTR(k
);
2831 r
= strv_extend_strv(passenv
, n
, true);
2839 int config_parse_unset_environ(
2841 const char *filename
,
2843 const char *section
,
2844 unsigned section_line
,
2851 _cleanup_strv_free_
char **n
= NULL
;
2852 char*** unsetenv
= ASSERT_PTR(data
);
2853 const Unit
*u
= userdata
;
2861 if (isempty(rvalue
)) {
2862 /* Empty assignment resets the list */
2863 *unsetenv
= strv_free(*unsetenv
);
2867 for (const char *p
= rvalue
;;) {
2868 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2870 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_CUNESCAPE
|EXTRACT_UNQUOTE
);
2874 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2875 "Trailing garbage in %s, ignoring: %s", lvalue
, rvalue
);
2882 r
= unit_env_printf(u
, word
, &k
);
2884 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
2885 "Failed to resolve unit specifiers in %s, ignoring: %m", word
);
2891 if (!env_assignment_is_valid(k
) && !env_name_is_valid(k
)) {
2892 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
2893 "Invalid environment name or assignment %s, ignoring: %s", lvalue
, k
);
2897 if (!GREEDY_REALLOC(n
, nlen
+ 2))
2900 n
[nlen
++] = TAKE_PTR(k
);
2905 r
= strv_extend_strv(unsetenv
, n
, true);
2913 int config_parse_log_extra_fields(
2915 const char *filename
,
2917 const char *section
,
2918 unsigned section_line
,
2925 ExecContext
*c
= ASSERT_PTR(data
);
2926 const Unit
*u
= userdata
;
2933 if (isempty(rvalue
)) {
2934 exec_context_free_log_extra_fields(c
);
2938 for (const char *p
= rvalue
;;) {
2939 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
2943 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_CUNESCAPE
|EXTRACT_UNQUOTE
);
2947 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
2953 r
= unit_full_printf(u
, word
, &k
);
2955 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", word
);
2959 eq
= strchr(k
, '=');
2961 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Log field lacks '=' character, ignoring: %s", k
);
2965 if (!journal_field_valid(k
, eq
-k
, false)) {
2966 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Log field name is invalid, ignoring: %s", k
);
2970 t
= reallocarray(c
->log_extra_fields
, c
->n_log_extra_fields
+1, sizeof(struct iovec
));
2974 c
->log_extra_fields
= t
;
2975 c
->log_extra_fields
[c
->n_log_extra_fields
++] = IOVEC_MAKE_STRING(k
);
2981 int config_parse_log_namespace(
2983 const char *filename
,
2985 const char *section
,
2986 unsigned section_line
,
2993 _cleanup_free_
char *k
= NULL
;
2994 ExecContext
*c
= ASSERT_PTR(data
);
2995 const Unit
*u
= userdata
;
3002 if (isempty(rvalue
)) {
3003 c
->log_namespace
= mfree(c
->log_namespace
);
3007 r
= unit_full_printf_full(u
, rvalue
, NAME_MAX
, &k
);
3009 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
3013 if (!log_namespace_name_valid(k
)) {
3014 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Specified log namespace name is not valid, ignoring: %s", k
);
3018 free_and_replace(c
->log_namespace
, k
);
3022 int config_parse_unit_condition_path(
3024 const char *filename
,
3026 const char *section
,
3027 unsigned section_line
,
3034 _cleanup_free_
char *p
= NULL
;
3035 Condition
**list
= ASSERT_PTR(data
), *c
;
3036 ConditionType t
= ltype
;
3037 bool trigger
, negate
;
3038 const Unit
*u
= userdata
;
3045 if (isempty(rvalue
)) {
3046 /* Empty assignment resets the list */
3047 *list
= condition_free_list(*list
);
3051 trigger
= rvalue
[0] == '|';
3055 negate
= rvalue
[0] == '!';
3059 r
= unit_path_printf(u
, rvalue
, &p
);
3061 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
3065 r
= path_simplify_and_warn(p
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
3069 c
= condition_new(t
, p
, trigger
, negate
);
3073 LIST_PREPEND(conditions
, *list
, c
);
3077 int config_parse_unit_condition_string(
3079 const char *filename
,
3081 const char *section
,
3082 unsigned section_line
,
3089 _cleanup_free_
char *s
= NULL
;
3090 Condition
**list
= ASSERT_PTR(data
), *c
;
3091 ConditionType t
= ltype
;
3092 bool trigger
, negate
;
3093 const Unit
*u
= userdata
;
3100 if (isempty(rvalue
)) {
3101 /* Empty assignment resets the list */
3102 *list
= condition_free_list(*list
);
3106 trigger
= *rvalue
== '|';
3108 rvalue
+= 1 + strspn(rvalue
+ 1, WHITESPACE
);
3110 negate
= *rvalue
== '!';
3112 rvalue
+= 1 + strspn(rvalue
+ 1, WHITESPACE
);
3114 r
= unit_full_printf(u
, rvalue
, &s
);
3116 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3117 "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
3121 c
= condition_new(t
, s
, trigger
, negate
);
3125 LIST_PREPEND(conditions
, *list
, c
);
3129 int config_parse_unit_mounts_for(
3131 const char *filename
,
3133 const char *section
,
3134 unsigned section_line
,
3148 assert(STR_IN_SET(lvalue
, "RequiresMountsFor", "WantsMountsFor"));
3150 for (const char *p
= rvalue
;;) {
3151 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
;
3153 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3157 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3158 "Invalid syntax, ignoring: %s", rvalue
);
3164 r
= unit_path_printf(u
, word
, &resolved
);
3166 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", word
);
3170 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
3174 r
= unit_add_mounts_for(u
, resolved
, UNIT_DEPENDENCY_FILE
, unit_mount_dependency_type_from_string(lvalue
));
3176 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to add requested mount '%s', ignoring: %m", resolved
);
3182 int config_parse_documentation(
3184 const char *filename
,
3186 const char *section
,
3187 unsigned section_line
,
3194 Unit
*u
= ASSERT_PTR(userdata
);
3202 if (isempty(rvalue
)) {
3203 /* Empty assignment resets the list */
3204 u
->documentation
= strv_free(u
->documentation
);
3208 r
= config_parse_unit_strv_printf(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
,
3209 rvalue
, data
, userdata
);
3213 for (a
= b
= u
->documentation
; a
&& *a
; a
++) {
3215 if (documentation_url_is_valid(*a
))
3218 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid URL, ignoring: %s", *a
);
3229 int config_parse_syscall_filter(
3231 const char *filename
,
3233 const char *section
,
3234 unsigned section_line
,
3241 ExecContext
*c
= data
;
3242 _unused_
const Unit
*u
= ASSERT_PTR(userdata
);
3243 bool invert
= false;
3250 if (isempty(rvalue
)) {
3251 /* Empty assignment resets the list */
3252 c
->syscall_filter
= hashmap_free(c
->syscall_filter
);
3253 c
->syscall_allow_list
= false;
3257 if (rvalue
[0] == '~') {
3262 if (!c
->syscall_filter
) {
3263 c
->syscall_filter
= hashmap_new(NULL
);
3264 if (!c
->syscall_filter
)
3268 /* Allow everything but the ones listed */
3269 c
->syscall_allow_list
= false;
3271 /* Allow nothing but the ones listed */
3272 c
->syscall_allow_list
= true;
3274 /* Accept default syscalls if we are on an allow_list */
3275 r
= seccomp_parse_syscall_filter(
3276 "@default", -1, c
->syscall_filter
,
3277 SECCOMP_PARSE_PERMISSIVE
|SECCOMP_PARSE_ALLOW_LIST
,
3285 for (const char *p
= rvalue
;;) {
3286 _cleanup_free_
char *word
= NULL
, *name
= NULL
;
3289 r
= extract_first_word(&p
, &word
, NULL
, 0);
3293 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3294 "Invalid syntax, ignoring: %s", rvalue
);
3300 r
= parse_syscall_and_errno(word
, &name
, &num
);
3302 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3303 "Failed to parse syscall:errno, ignoring: %s", word
);
3306 if (!invert
&& num
>= 0) {
3307 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
3308 "Allow-listed system calls cannot take error number, ignoring: %s", word
);
3312 r
= seccomp_parse_syscall_filter(
3313 name
, num
, c
->syscall_filter
,
3314 SECCOMP_PARSE_LOG
|SECCOMP_PARSE_PERMISSIVE
|
3315 (invert
? SECCOMP_PARSE_INVERT
: 0)|
3316 (c
->syscall_allow_list
? SECCOMP_PARSE_ALLOW_LIST
: 0),
3317 unit
, filename
, line
);
3323 int config_parse_syscall_log(
3325 const char *filename
,
3327 const char *section
,
3328 unsigned section_line
,
3335 ExecContext
*c
= data
;
3336 _unused_
const Unit
*u
= ASSERT_PTR(userdata
);
3337 bool invert
= false;
3345 if (isempty(rvalue
)) {
3346 /* Empty assignment resets the list */
3347 c
->syscall_log
= hashmap_free(c
->syscall_log
);
3348 c
->syscall_log_allow_list
= false;
3352 if (rvalue
[0] == '~') {
3357 if (!c
->syscall_log
) {
3358 c
->syscall_log
= hashmap_new(NULL
);
3359 if (!c
->syscall_log
)
3363 /* Log everything but the ones listed */
3364 c
->syscall_log_allow_list
= false;
3366 /* Log nothing but the ones listed */
3367 c
->syscall_log_allow_list
= true;
3372 _cleanup_free_
char *word
= NULL
;
3374 r
= extract_first_word(&p
, &word
, NULL
, 0);
3378 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
3384 r
= seccomp_parse_syscall_filter(
3385 word
, -1, c
->syscall_log
,
3386 SECCOMP_PARSE_LOG
|SECCOMP_PARSE_PERMISSIVE
|
3387 (invert
? SECCOMP_PARSE_INVERT
: 0)|
3388 (c
->syscall_log_allow_list
? SECCOMP_PARSE_ALLOW_LIST
: 0),
3389 unit
, filename
, line
);
3395 int config_parse_syscall_archs(
3397 const char *filename
,
3399 const char *section
,
3400 unsigned section_line
,
3410 if (isempty(rvalue
)) {
3411 *archs
= set_free(*archs
);
3415 for (const char *p
= rvalue
;;) {
3416 _cleanup_free_
char *word
= NULL
;
3419 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3423 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3424 "Invalid syntax, ignoring: %s", rvalue
);
3430 r
= seccomp_arch_from_string(word
, &a
);
3432 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3433 "Failed to parse system call architecture \"%s\", ignoring: %m", word
);
3437 r
= set_ensure_put(archs
, NULL
, UINT32_TO_PTR(a
+ 1));
3443 int config_parse_syscall_errno(
3445 const char *filename
,
3447 const char *section
,
3448 unsigned section_line
,
3455 ExecContext
*c
= data
;
3462 if (isempty(rvalue
) || streq(rvalue
, "kill")) {
3463 /* Empty assignment resets to KILL */
3464 c
->syscall_errno
= SECCOMP_ERROR_NUMBER_KILL
;
3468 e
= parse_errno(rvalue
);
3470 log_syntax(unit
, LOG_WARNING
, filename
, line
, e
, "Failed to parse error number, ignoring: %s", rvalue
);
3474 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid error number, ignoring: %s", rvalue
);
3478 c
->syscall_errno
= e
;
3482 int config_parse_address_families(
3484 const char *filename
,
3486 const char *section
,
3487 unsigned section_line
,
3494 ExecContext
*c
= data
;
3495 bool invert
= false;
3502 if (isempty(rvalue
)) {
3503 /* Empty assignment resets the list */
3504 c
->address_families
= set_free(c
->address_families
);
3505 c
->address_families_allow_list
= false;
3509 if (streq(rvalue
, "none")) {
3510 /* Forbid all address families. */
3511 c
->address_families
= set_free(c
->address_families
);
3512 c
->address_families_allow_list
= true;
3516 if (rvalue
[0] == '~') {
3521 if (!c
->address_families
) {
3522 c
->address_families
= set_new(NULL
);
3523 if (!c
->address_families
)
3526 c
->address_families_allow_list
= !invert
;
3529 for (const char *p
= rvalue
;;) {
3530 _cleanup_free_
char *word
= NULL
;
3533 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3537 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3538 "Invalid syntax, ignoring: %s", rvalue
);
3544 af
= af_from_name(word
);
3546 log_syntax(unit
, LOG_WARNING
, filename
, line
, af
,
3547 "Failed to parse address family, ignoring: %s", word
);
3551 /* If we previously wanted to forbid an address family and now
3552 * we want to allow it, then just remove it from the list.
3554 if (!invert
== c
->address_families_allow_list
) {
3555 r
= set_put(c
->address_families
, INT_TO_PTR(af
));
3559 set_remove(c
->address_families
, INT_TO_PTR(af
));
3563 int config_parse_restrict_namespaces(
3565 const char *filename
,
3567 const char *section
,
3568 unsigned section_line
,
3575 ExecContext
*c
= data
;
3576 unsigned long flags
;
3577 bool invert
= false;
3580 if (isempty(rvalue
)) {
3581 /* Reset to the default. */
3582 c
->restrict_namespaces
= NAMESPACE_FLAGS_INITIAL
;
3586 /* Boolean parameter ignores the previous settings */
3587 r
= parse_boolean(rvalue
);
3589 c
->restrict_namespaces
= 0;
3591 } else if (r
== 0) {
3592 c
->restrict_namespaces
= NAMESPACE_FLAGS_ALL
;
3596 if (rvalue
[0] == '~') {
3601 /* Not a boolean argument, in this case it's a list of namespace types. */
3602 r
= namespace_flags_from_string(rvalue
, &flags
);
3604 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse namespace type string, ignoring: %s", rvalue
);
3608 if (c
->restrict_namespaces
== NAMESPACE_FLAGS_INITIAL
)
3609 /* Initial assignment. Just set the value. */
3610 c
->restrict_namespaces
= invert
? (~flags
) & NAMESPACE_FLAGS_ALL
: flags
;
3612 /* Merge the value with the previous one. */
3613 SET_FLAG(c
->restrict_namespaces
, flags
, !invert
);
3619 int config_parse_restrict_filesystems(
3621 const char *filename
,
3623 const char *section
,
3624 unsigned section_line
,
3630 ExecContext
*c
= ASSERT_PTR(data
);
3631 bool invert
= false;
3638 if (isempty(rvalue
)) {
3639 /* Empty assignment resets the list */
3640 c
->restrict_filesystems
= set_free_free(c
->restrict_filesystems
);
3641 c
->restrict_filesystems_allow_list
= false;
3645 if (rvalue
[0] == '~') {
3650 if (!c
->restrict_filesystems
) {
3652 /* Allow everything but the ones listed */
3653 c
->restrict_filesystems_allow_list
= false;
3655 /* Allow nothing but the ones listed */
3656 c
->restrict_filesystems_allow_list
= true;
3659 for (const char *p
= rvalue
;;) {
3660 _cleanup_free_
char *word
= NULL
;
3662 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3668 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3669 "Trailing garbage in %s, ignoring: %s", lvalue
, rvalue
);
3673 r
= bpf_restrict_fs_parse_filesystem(
3675 &c
->restrict_filesystems
,
3676 FILESYSTEM_PARSE_LOG
|
3677 (invert
? FILESYSTEM_PARSE_INVERT
: 0)|
3678 (c
->restrict_filesystems_allow_list
? FILESYSTEM_PARSE_ALLOW_LIST
: 0),
3679 unit
, filename
, line
);
3688 int config_parse_unit_slice(
3690 const char *filename
,
3692 const char *section
,
3693 unsigned section_line
,
3700 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
3701 _cleanup_free_
char *k
= NULL
;
3702 Unit
*u
= userdata
, *slice
;
3710 r
= unit_name_printf(u
, rvalue
, &k
);
3712 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue
);
3716 r
= manager_load_unit(u
->manager
, k
, NULL
, &error
, &slice
);
3718 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to load slice unit %s, ignoring: %s", k
, bus_error_message(&error
, r
));
3722 r
= unit_set_slice(u
, slice
);
3724 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to assign slice %s to unit %s, ignoring: %m", slice
->id
, u
->id
);
3731 int config_parse_cpu_quota(
3733 const char *filename
,
3735 const char *section
,
3736 unsigned section_line
,
3743 CGroupContext
*c
= data
;
3750 if (isempty(rvalue
)) {
3751 c
->cpu_quota_per_sec_usec
= USEC_INFINITY
;
3755 r
= parse_permyriad_unbounded(rvalue
);
3757 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid CPU quota '%s', ignoring.", rvalue
);
3761 c
->cpu_quota_per_sec_usec
= ((usec_t
) r
* USEC_PER_SEC
) / 10000U;
3765 int config_parse_allowed_cpuset(
3767 const char *filename
,
3769 const char *section
,
3770 unsigned section_line
,
3778 const Unit
*u
= userdata
;
3779 _cleanup_free_
char *k
= NULL
;
3786 r
= unit_full_printf(u
, rvalue
, &k
);
3788 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
3789 "Failed to resolve unit specifiers in '%s', ignoring: %m",
3794 (void) parse_cpu_set_extend(k
, c
, true, unit
, filename
, line
, lvalue
);
3798 int config_parse_memory_limit(
3800 const char *filename
,
3802 const char *section
,
3803 unsigned section_line
,
3810 CGroupContext
*c
= data
;
3811 uint64_t bytes
= CGROUP_LIMIT_MAX
;
3814 if (isempty(rvalue
) && STR_IN_SET(lvalue
, "DefaultMemoryLow",
3819 bytes
= CGROUP_LIMIT_MIN
;
3820 else if (!isempty(rvalue
) && !streq(rvalue
, "infinity")) {
3822 r
= parse_permyriad(rvalue
);
3824 r
= parse_size(rvalue
, 1024, &bytes
);
3826 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid memory limit '%s', ignoring: %m", rvalue
);
3830 bytes
= physical_memory_scale(r
, 10000U);
3832 if (bytes
>= UINT64_MAX
||
3833 (bytes
<= 0 && !STR_IN_SET(lvalue
,
3835 "StartupMemorySwapMax",
3837 "StartupMemoryZSwapMax",
3842 "DefaultstartupMemoryLow",
3843 "DefaultMemoryMin"))) {
3844 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Memory limit '%s' out of range, ignoring.", rvalue
);
3849 if (streq(lvalue
, "DefaultMemoryLow")) {
3850 c
->default_memory_low
= bytes
;
3851 c
->default_memory_low_set
= true;
3852 } else if (streq(lvalue
, "DefaultStartupMemoryLow")) {
3853 c
->default_startup_memory_low
= bytes
;
3854 c
->default_startup_memory_low_set
= true;
3855 } else if (streq(lvalue
, "DefaultMemoryMin")) {
3856 c
->default_memory_min
= bytes
;
3857 c
->default_memory_min_set
= true;
3858 } else if (streq(lvalue
, "MemoryMin")) {
3859 c
->memory_min
= bytes
;
3860 c
->memory_min_set
= true;
3861 } else if (streq(lvalue
, "MemoryLow")) {
3862 c
->memory_low
= bytes
;
3863 c
->memory_low_set
= true;
3864 } else if (streq(lvalue
, "StartupMemoryLow")) {
3865 c
->startup_memory_low
= bytes
;
3866 c
->startup_memory_low_set
= true;
3867 } else if (streq(lvalue
, "MemoryHigh"))
3868 c
->memory_high
= bytes
;
3869 else if (streq(lvalue
, "StartupMemoryHigh")) {
3870 c
->startup_memory_high
= bytes
;
3871 c
->startup_memory_high_set
= true;
3872 } else if (streq(lvalue
, "MemoryMax"))
3873 c
->memory_max
= bytes
;
3874 else if (streq(lvalue
, "StartupMemoryMax")) {
3875 c
->startup_memory_max
= bytes
;
3876 c
->startup_memory_max_set
= true;
3877 } else if (streq(lvalue
, "MemorySwapMax"))
3878 c
->memory_swap_max
= bytes
;
3879 else if (streq(lvalue
, "StartupMemorySwapMax")) {
3880 c
->startup_memory_swap_max
= bytes
;
3881 c
->startup_memory_swap_max_set
= true;
3882 } else if (streq(lvalue
, "MemoryZSwapMax"))
3883 c
->memory_zswap_max
= bytes
;
3884 else if (streq(lvalue
, "StartupMemoryZSwapMax")) {
3885 c
->startup_memory_zswap_max
= bytes
;
3886 c
->startup_memory_zswap_max_set
= true;
3887 } else if (streq(lvalue
, "MemoryLimit")) {
3888 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
3889 "Unit uses MemoryLimit=; please use MemoryMax= instead. Support for MemoryLimit= will be removed soon.");
3890 c
->memory_limit
= bytes
;
3897 int config_parse_tasks_max(
3899 const char *filename
,
3901 const char *section
,
3902 unsigned section_line
,
3909 const Unit
*u
= userdata
;
3910 CGroupTasksMax
*tasks_max
= data
;
3914 if (isempty(rvalue
)) {
3915 *tasks_max
= u
? u
->manager
->defaults
.tasks_max
: CGROUP_TASKS_MAX_UNSET
;
3919 if (streq(rvalue
, "infinity")) {
3920 *tasks_max
= CGROUP_TASKS_MAX_UNSET
;
3924 r
= parse_permyriad(rvalue
);
3926 *tasks_max
= (CGroupTasksMax
) { r
, 10000U }; /* r‱ */
3928 r
= safe_atou64(rvalue
, &v
);
3930 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid maximum tasks value '%s', ignoring: %m", rvalue
);
3934 if (v
<= 0 || v
>= UINT64_MAX
) {
3935 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Maximum tasks value '%s' out of range, ignoring.", rvalue
);
3939 *tasks_max
= (CGroupTasksMax
) { v
};
3945 int config_parse_delegate(
3947 const char *filename
,
3949 const char *section
,
3950 unsigned section_line
,
3957 CGroupContext
*c
= data
;
3961 t
= unit_name_to_type(unit
);
3962 assert(t
!= _UNIT_TYPE_INVALID
);
3964 if (!unit_vtable
[t
]->can_delegate
) {
3965 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Delegate= setting not supported for this unit type, ignoring.");
3969 /* We either accept a boolean value, which may be used to turn on delegation for all controllers, or
3970 * turn it off for all. Or it takes a list of controller names, in which case we add the specified
3971 * controllers to the mask to delegate. Delegate= enables delegation without any controllers. */
3973 if (isempty(rvalue
)) {
3974 /* An empty string resets controllers and sets Delegate=yes. */
3976 c
->delegate_controllers
= 0;
3980 r
= parse_boolean(rvalue
);
3982 CGroupMask mask
= 0;
3984 for (const char *p
= rvalue
;;) {
3985 _cleanup_free_
char *word
= NULL
;
3986 CGroupController cc
;
3988 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
3992 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
3998 cc
= cgroup_controller_from_string(word
);
4000 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid controller name '%s', ignoring", word
);
4004 mask
|= CGROUP_CONTROLLER_TO_MASK(cc
);
4008 c
->delegate_controllers
|= mask
;
4012 c
->delegate_controllers
= CGROUP_MASK_DELEGATE
;
4014 c
->delegate
= false;
4015 c
->delegate_controllers
= 0;
4021 int config_parse_delegate_subgroup(
4023 const char *filename
,
4025 const char *section
,
4026 unsigned section_line
,
4033 CGroupContext
*c
= ASSERT_PTR(data
);
4036 t
= unit_name_to_type(unit
);
4039 if (!unit_vtable
[t
]->can_delegate
) {
4040 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "DelegateSubgroup= setting not supported for this unit type, ignoring.");
4044 if (isempty(rvalue
)) {
4045 c
->delegate_subgroup
= mfree(c
->delegate_subgroup
);
4049 if (cg_needs_escape(rvalue
)) { /* Insist that specified names don't need escaping */
4050 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid control group name, ignoring: %s", rvalue
);
4054 return free_and_strdup_warn(&c
->delegate_subgroup
, rvalue
);
4057 int config_parse_managed_oom_mode(
4059 const char *filename
,
4061 const char *section
,
4062 unsigned section_line
,
4069 ManagedOOMMode
*mode
= data
, m
;
4072 t
= unit_name_to_type(unit
);
4073 assert(t
!= _UNIT_TYPE_INVALID
);
4075 if (!unit_vtable
[t
]->can_set_managed_oom
)
4076 return log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "%s= is not supported for this unit type, ignoring.", lvalue
);
4078 if (isempty(rvalue
)) {
4079 *mode
= MANAGED_OOM_AUTO
;
4083 m
= managed_oom_mode_from_string(rvalue
);
4085 log_syntax(unit
, LOG_WARNING
, filename
, line
, m
, "Invalid syntax, ignoring: %s", rvalue
);
4093 int config_parse_managed_oom_mem_pressure_limit(
4095 const char *filename
,
4097 const char *section
,
4098 unsigned section_line
,
4105 uint32_t *limit
= data
;
4109 t
= unit_name_to_type(unit
);
4110 assert(t
!= _UNIT_TYPE_INVALID
);
4112 if (!unit_vtable
[t
]->can_set_managed_oom
)
4113 return log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "%s= is not supported for this unit type, ignoring.", lvalue
);
4115 if (isempty(rvalue
)) {
4120 r
= parse_permyriad(rvalue
);
4122 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse memory pressure limit value, ignoring: %s", rvalue
);
4126 /* Normalize to 2^32-1 == 100% */
4127 *limit
= UINT32_SCALE_FROM_PERMYRIAD(r
);
4131 int config_parse_device_allow(
4133 const char *filename
,
4135 const char *section
,
4136 unsigned section_line
,
4143 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4144 CGroupDevicePermissions permissions
;
4145 CGroupContext
*c
= data
;
4146 const char *p
= rvalue
;
4149 if (isempty(rvalue
)) {
4150 while (c
->device_allow
)
4151 cgroup_context_free_device_allow(c
, c
->device_allow
);
4156 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4160 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4161 "Failed to extract device path and rights from '%s', ignoring.", rvalue
);
4165 r
= unit_path_printf(userdata
, path
, &resolved
);
4167 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4168 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4172 if (!STARTSWITH_SET(resolved
, "block-", "char-")) {
4174 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4178 if (!valid_device_node_path(resolved
)) {
4179 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid device node path '%s', ignoring.", resolved
);
4184 permissions
= isempty(p
) ? 0 : cgroup_device_permissions_from_string(p
);
4185 if (permissions
< 0) {
4186 log_syntax(unit
, LOG_WARNING
, filename
, line
, permissions
, "Invalid device rights '%s', ignoring.", p
);
4190 return cgroup_context_add_device_allow(c
, resolved
, permissions
);
4193 int config_parse_io_device_weight(
4195 const char *filename
,
4197 const char *section
,
4198 unsigned section_line
,
4205 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4206 CGroupIODeviceWeight
*w
;
4207 CGroupContext
*c
= data
;
4208 const char *p
= ASSERT_PTR(rvalue
);
4215 if (isempty(rvalue
)) {
4216 while (c
->io_device_weights
)
4217 cgroup_context_free_io_device_weight(c
, c
->io_device_weights
);
4222 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4226 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4227 "Failed to extract device path and weight from '%s', ignoring.", rvalue
);
4230 if (r
== 0 || isempty(p
)) {
4231 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4232 "Invalid device path or weight specified in '%s', ignoring.", rvalue
);
4236 r
= unit_path_printf(userdata
, path
, &resolved
);
4238 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4239 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4243 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4247 r
= cg_weight_parse(p
, &u
);
4249 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "IO weight '%s' invalid, ignoring: %m", p
);
4253 assert(u
!= CGROUP_WEIGHT_INVALID
);
4255 w
= new0(CGroupIODeviceWeight
, 1);
4259 w
->path
= TAKE_PTR(resolved
);
4262 LIST_PREPEND(device_weights
, c
->io_device_weights
, w
);
4266 int config_parse_io_device_latency(
4268 const char *filename
,
4270 const char *section
,
4271 unsigned section_line
,
4278 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4279 CGroupIODeviceLatency
*l
;
4280 CGroupContext
*c
= data
;
4281 const char *p
= ASSERT_PTR(rvalue
);
4288 if (isempty(rvalue
)) {
4289 while (c
->io_device_latencies
)
4290 cgroup_context_free_io_device_latency(c
, c
->io_device_latencies
);
4295 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4299 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4300 "Failed to extract device path and latency from '%s', ignoring.", rvalue
);
4303 if (r
== 0 || isempty(p
)) {
4304 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4305 "Invalid device path or latency specified in '%s', ignoring.", rvalue
);
4309 r
= unit_path_printf(userdata
, path
, &resolved
);
4311 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4312 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4316 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4320 r
= parse_sec(p
, &usec
);
4322 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse timer value, ignoring: %s", p
);
4326 l
= new0(CGroupIODeviceLatency
, 1);
4330 l
->path
= TAKE_PTR(resolved
);
4331 l
->target_usec
= usec
;
4333 LIST_PREPEND(device_latencies
, c
->io_device_latencies
, l
);
4337 int config_parse_io_limit(
4339 const char *filename
,
4341 const char *section
,
4342 unsigned section_line
,
4349 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4350 CGroupIODeviceLimit
*l
= NULL
;
4351 CGroupContext
*c
= data
;
4352 CGroupIOLimitType type
;
4353 const char *p
= ASSERT_PTR(rvalue
);
4360 type
= cgroup_io_limit_type_from_string(lvalue
);
4363 if (isempty(rvalue
)) {
4364 LIST_FOREACH(device_limits
, t
, c
->io_device_limits
)
4365 t
->limits
[type
] = cgroup_io_limit_defaults
[type
];
4369 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4373 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4374 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue
);
4377 if (r
== 0 || isempty(p
)) {
4378 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4379 "Invalid device node or bandwidth specified in '%s', ignoring.", rvalue
);
4383 r
= unit_path_printf(userdata
, path
, &resolved
);
4385 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4386 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4390 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4394 if (streq("infinity", p
))
4395 num
= CGROUP_LIMIT_MAX
;
4397 r
= parse_size(p
, 1000, &num
);
4398 if (r
< 0 || num
<= 0) {
4399 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid IO limit '%s', ignoring.", p
);
4404 LIST_FOREACH(device_limits
, t
, c
->io_device_limits
)
4405 if (path_equal(resolved
, t
->path
)) {
4411 l
= new0(CGroupIODeviceLimit
, 1);
4415 l
->path
= TAKE_PTR(resolved
);
4416 for (CGroupIOLimitType i
= 0; i
< _CGROUP_IO_LIMIT_TYPE_MAX
; i
++)
4417 l
->limits
[i
] = cgroup_io_limit_defaults
[i
];
4419 LIST_PREPEND(device_limits
, c
->io_device_limits
, l
);
4422 l
->limits
[type
] = num
;
4427 int config_parse_blockio_device_weight(
4429 const char *filename
,
4431 const char *section
,
4432 unsigned section_line
,
4439 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4440 CGroupBlockIODeviceWeight
*w
;
4441 CGroupContext
*c
= data
;
4442 const char *p
= ASSERT_PTR(rvalue
);
4449 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4450 "Unit uses %s=; please use IO*= settings instead. Support for %s= will be removed soon.",
4453 if (isempty(rvalue
)) {
4454 while (c
->blockio_device_weights
)
4455 cgroup_context_free_blockio_device_weight(c
, c
->blockio_device_weights
);
4460 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4464 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4465 "Failed to extract device node and weight from '%s', ignoring.", rvalue
);
4468 if (r
== 0 || isempty(p
)) {
4469 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4470 "Invalid device node or weight specified in '%s', ignoring.", rvalue
);
4474 r
= unit_path_printf(userdata
, path
, &resolved
);
4476 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4477 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4481 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4485 r
= cg_blkio_weight_parse(p
, &u
);
4487 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid block IO weight '%s', ignoring: %m", p
);
4491 assert(u
!= CGROUP_BLKIO_WEIGHT_INVALID
);
4493 w
= new0(CGroupBlockIODeviceWeight
, 1);
4497 w
->path
= TAKE_PTR(resolved
);
4500 LIST_PREPEND(device_weights
, c
->blockio_device_weights
, w
);
4504 int config_parse_blockio_bandwidth(
4506 const char *filename
,
4508 const char *section
,
4509 unsigned section_line
,
4516 _cleanup_free_
char *path
= NULL
, *resolved
= NULL
;
4517 CGroupBlockIODeviceBandwidth
*b
= NULL
;
4518 CGroupContext
*c
= data
;
4519 const char *p
= ASSERT_PTR(rvalue
);
4527 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4528 "Unit uses %s=; please use IO*= settings instead. Support for %s= will be removed soon.",
4531 read
= streq("BlockIOReadBandwidth", lvalue
);
4533 if (isempty(rvalue
)) {
4534 LIST_FOREACH(device_bandwidths
, t
, c
->blockio_device_bandwidths
) {
4535 t
->rbps
= CGROUP_LIMIT_MAX
;
4536 t
->wbps
= CGROUP_LIMIT_MAX
;
4541 r
= extract_first_word(&p
, &path
, NULL
, EXTRACT_UNQUOTE
);
4545 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4546 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue
);
4549 if (r
== 0 || isempty(p
)) {
4550 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4551 "Invalid device node or bandwidth specified in '%s', ignoring.", rvalue
);
4555 r
= unit_path_printf(userdata
, path
, &resolved
);
4557 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4558 "Failed to resolve unit specifiers in '%s', ignoring: %m", path
);
4562 r
= path_simplify_and_warn(resolved
, 0, unit
, filename
, line
, lvalue
);
4566 r
= parse_size(p
, 1000, &bytes
);
4567 if (r
< 0 || bytes
<= 0) {
4568 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid Block IO Bandwidth '%s', ignoring.", p
);
4572 LIST_FOREACH(device_bandwidths
, t
, c
->blockio_device_bandwidths
)
4573 if (path_equal(resolved
, t
->path
)) {
4579 b
= new0(CGroupBlockIODeviceBandwidth
, 1);
4583 b
->path
= TAKE_PTR(resolved
);
4584 b
->rbps
= CGROUP_LIMIT_MAX
;
4585 b
->wbps
= CGROUP_LIMIT_MAX
;
4587 LIST_PREPEND(device_bandwidths
, c
->blockio_device_bandwidths
, b
);
4598 int config_parse_job_mode_isolate(
4600 const char *filename
,
4602 const char *section
,
4603 unsigned section_line
,
4617 r
= parse_boolean(rvalue
);
4619 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse boolean, ignoring: %s", rvalue
);
4623 log_notice("%s is deprecated. Please use OnFailureJobMode= instead", lvalue
);
4625 *m
= r
? JOB_ISOLATE
: JOB_REPLACE
;
4629 int config_parse_exec_directories(
4631 const char *filename
,
4633 const char *section
,
4634 unsigned section_line
,
4641 ExecDirectory
*ed
= ASSERT_PTR(data
);
4642 const Unit
*u
= userdata
;
4649 if (isempty(rvalue
)) {
4650 /* Empty assignment resets the list */
4651 exec_directory_done(ed
);
4655 for (const char *p
= rvalue
;;) {
4656 _cleanup_free_
char *tuple
= NULL
;
4658 r
= extract_first_word(&p
, &tuple
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_RETAIN_ESCAPE
);
4662 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4663 "Invalid syntax %s=%s, ignoring: %m", lvalue
, rvalue
);
4669 _cleanup_free_
char *src
= NULL
, *dest
= NULL
;
4670 const char *q
= tuple
;
4671 r
= extract_many_words(&q
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
, &src
, &dest
);
4675 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4676 "Invalid syntax in %s=, ignoring: %s", lvalue
, tuple
);
4680 _cleanup_free_
char *sresolved
= NULL
;
4681 r
= unit_path_printf(u
, src
, &sresolved
);
4683 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4684 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", src
);
4688 r
= path_simplify_and_warn(sresolved
, PATH_CHECK_RELATIVE
, unit
, filename
, line
, lvalue
);
4692 if (path_startswith(sresolved
, "private")) {
4693 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4694 "%s= path can't be 'private', ignoring assignment: %s", lvalue
, tuple
);
4698 /* For State and Runtime directories we support an optional destination parameter, which
4699 * will be used to create a symlink to the source. */
4700 _cleanup_free_
char *dresolved
= NULL
;
4701 if (!isempty(dest
)) {
4702 if (streq(lvalue
, "ConfigurationDirectory")) {
4703 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
4704 "Destination parameter is not supported for ConfigurationDirectory, ignoring: %s", tuple
);
4708 r
= unit_path_printf(u
, dest
, &dresolved
);
4710 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4711 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", dest
);
4715 r
= path_simplify_and_warn(dresolved
, PATH_CHECK_RELATIVE
, unit
, filename
, line
, lvalue
);
4720 r
= exec_directory_add(ed
, sresolved
, dresolved
);
4726 int config_parse_set_credential(
4728 const char *filename
,
4730 const char *section
,
4731 unsigned section_line
,
4738 _cleanup_free_
char *word
= NULL
, *k
= NULL
;
4739 _cleanup_free_
void *d
= NULL
;
4740 ExecContext
*context
= ASSERT_PTR(data
);
4741 ExecSetCredential
*old
;
4743 bool encrypted
= ltype
;
4744 const char *p
= ASSERT_PTR(rvalue
);
4751 if (isempty(rvalue
)) {
4752 /* Empty assignment resets the list */
4753 context
->set_credentials
= hashmap_free(context
->set_credentials
);
4757 r
= extract_first_word(&p
, &word
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
4761 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract credential name, ignoring: %s", rvalue
);
4764 if (r
== 0 || isempty(p
)) {
4765 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid syntax, ignoring: %s", rvalue
);
4769 r
= unit_cred_printf(u
, word
, &k
);
4771 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word
);
4774 if (!credential_name_valid(k
)) {
4775 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Credential name \"%s\" not valid, ignoring.", k
);
4780 r
= unbase64mem_full(p
, SIZE_MAX
, true, &d
, &size
);
4782 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Encrypted credential data not valid Base64 data, ignoring.");
4789 /* We support escape codes here, so that users can insert trailing \n if they like */
4790 l
= cunescape(p
, UNESCAPE_ACCEPT_NUL
, &unescaped
);
4792 log_syntax(unit
, LOG_WARNING
, filename
, line
, l
, "Can't unescape \"%s\", ignoring: %m", p
);
4800 old
= hashmap_get(context
->set_credentials
, k
);
4802 free_and_replace(old
->data
, d
);
4804 old
->encrypted
= encrypted
;
4806 _cleanup_(exec_set_credential_freep
) ExecSetCredential
*sc
= NULL
;
4808 sc
= new(ExecSetCredential
, 1);
4812 *sc
= (ExecSetCredential
) {
4814 .data
= TAKE_PTR(d
),
4816 .encrypted
= encrypted
,
4819 r
= hashmap_ensure_put(&context
->set_credentials
, &exec_set_credential_hash_ops
, sc
->id
, sc
);
4823 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
4824 "Duplicated credential value '%s', ignoring assignment: %s", sc
->id
, rvalue
);
4834 int hashmap_put_credential(Hashmap
**h
, const char *id
, const char *path
, bool encrypted
) {
4835 ExecLoadCredential
*old
;
4842 old
= hashmap_get(*h
, id
);
4844 r
= free_and_strdup(&old
->path
, path
);
4848 old
->encrypted
= encrypted
;
4850 _cleanup_(exec_load_credential_freep
) ExecLoadCredential
*lc
= NULL
;
4852 lc
= new(ExecLoadCredential
, 1);
4856 *lc
= (ExecLoadCredential
) {
4858 .path
= strdup(path
),
4859 .encrypted
= encrypted
,
4861 if (!lc
->id
|| !lc
->path
)
4864 r
= hashmap_ensure_put(h
, &exec_load_credential_hash_ops
, lc
->id
, lc
);
4874 int config_parse_load_credential(
4876 const char *filename
,
4878 const char *section
,
4879 unsigned section_line
,
4886 ExecContext
*context
= ASSERT_PTR(data
);
4887 const Unit
*u
= ASSERT_PTR(userdata
);
4894 if (isempty(rvalue
)) {
4895 /* Empty assignment resets the list */
4896 context
->load_credentials
= hashmap_free(context
->load_credentials
);
4900 _cleanup_free_
char *word
= NULL
, *id
= NULL
, *path
= NULL
;
4901 const char *p
= rvalue
;
4902 bool encrypted
= ltype
;
4904 r
= extract_first_word(&p
, &word
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
4908 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
4912 r
= unit_cred_printf(u
, word
, &id
);
4914 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word
);
4917 if (!credential_name_valid(id
)) {
4918 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Credential name \"%s\" not valid, ignoring.", id
);
4923 /* If only one field is specified take it as shortcut for inheriting a credential named
4924 * the same way from our parent */
4929 r
= unit_path_printf(u
, p
, &path
);
4931 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", p
);
4934 if (path_is_absolute(path
) ? !path_is_normalized(path
) : !credential_name_valid(path
)) {
4935 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Credential source \"%s\" not valid, ignoring.", path
);
4940 r
= hashmap_put_credential(&context
->load_credentials
, id
, path
, encrypted
);
4942 return log_error_errno(r
, "Failed to store load credential '%s': %m", rvalue
);
4947 int config_parse_import_credential(
4949 const char *filename
,
4951 const char *section
,
4952 unsigned section_line
,
4959 _cleanup_free_
char *s
= NULL
;
4960 Set
** import_credentials
= ASSERT_PTR(data
);
4968 if (isempty(rvalue
)) {
4969 /* Empty assignment resets the list */
4970 *import_credentials
= set_free_free(*import_credentials
);
4974 r
= unit_cred_printf(u
, rvalue
, &s
);
4976 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in \"%s\", ignoring: %m", s
);
4979 if (!credential_glob_valid(s
)) {
4980 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Credential name or glob \"%s\" not valid, ignoring.", s
);
4984 r
= set_put_strdup(import_credentials
, s
);
4986 return log_error_errno(r
, "Failed to store credential name '%s': %m", rvalue
);
4991 int config_parse_set_status(
4993 const char *filename
,
4995 const char *section
,
4996 unsigned section_line
,
5003 ExitStatusSet
*status_set
= ASSERT_PTR(data
);
5010 /* Empty assignment resets the list */
5011 if (isempty(rvalue
)) {
5012 exit_status_set_free(status_set
);
5016 for (const char *p
= rvalue
;;) {
5017 _cleanup_free_
char *word
= NULL
;
5020 r
= extract_first_word(&p
, &word
, NULL
, 0);
5024 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5025 "Failed to parse %s=%s, ignoring: %m", lvalue
, rvalue
);
5031 /* We need to call exit_status_from_string() first, because we want
5032 * to parse numbers as exit statuses, not signals. */
5034 r
= exit_status_from_string(word
);
5036 assert(r
>= 0 && r
< 256);
5037 bitmap
= &status_set
->status
;
5039 r
= signal_from_string(word
);
5041 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5042 "Failed to parse value, ignoring: %s", word
);
5045 bitmap
= &status_set
->signal
;
5048 r
= bitmap_set(bitmap
, r
);
5050 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5051 "Failed to set signal or status %s, ignoring: %m", word
);
5055 int config_parse_namespace_path_strv(
5057 const char *filename
,
5059 const char *section
,
5060 unsigned section_line
,
5067 const Unit
*u
= userdata
;
5068 char*** sv
= ASSERT_PTR(data
);
5075 if (isempty(rvalue
)) {
5076 /* Empty assignment resets the list */
5077 *sv
= strv_free(*sv
);
5081 for (const char *p
= rvalue
;;) {
5082 _cleanup_free_
char *word
= NULL
, *resolved
= NULL
, *joined
= NULL
;
5084 bool ignore_enoent
= false, shall_prefix
= false;
5086 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
5090 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract first word, ignoring: %s", rvalue
);
5097 if (startswith(w
, "-")) {
5098 ignore_enoent
= true;
5101 if (startswith(w
, "+")) {
5102 shall_prefix
= true;
5106 r
= unit_path_printf(u
, w
, &resolved
);
5108 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s: %m", w
);
5112 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5116 joined
= strjoin(ignore_enoent
? "-" : "",
5117 shall_prefix
? "+" : "",
5120 r
= strv_push(sv
, joined
);
5130 int config_parse_temporary_filesystems(
5132 const char *filename
,
5134 const char *section
,
5135 unsigned section_line
,
5142 const Unit
*u
= userdata
;
5143 ExecContext
*c
= ASSERT_PTR(data
);
5150 if (isempty(rvalue
)) {
5151 /* Empty assignment resets the list */
5152 temporary_filesystem_free_many(c
->temporary_filesystems
, c
->n_temporary_filesystems
);
5153 c
->temporary_filesystems
= NULL
;
5154 c
->n_temporary_filesystems
= 0;
5158 for (const char *p
= rvalue
;;) {
5159 _cleanup_free_
char *word
= NULL
, *path
= NULL
, *resolved
= NULL
;
5162 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
5166 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract first word, ignoring: %s", rvalue
);
5173 r
= extract_first_word(&w
, &path
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
);
5177 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to extract first word, ignoring: %s", word
);
5181 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid syntax, ignoring: %s", word
);
5185 r
= unit_path_printf(u
, path
, &resolved
);
5187 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", path
);
5191 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5195 r
= temporary_filesystem_add(&c
->temporary_filesystems
, &c
->n_temporary_filesystems
, resolved
, w
);
5201 int config_parse_bind_paths(
5203 const char *filename
,
5205 const char *section
,
5206 unsigned section_line
,
5213 ExecContext
*c
= ASSERT_PTR(data
);
5214 const Unit
*u
= ASSERT_PTR(userdata
);
5221 if (isempty(rvalue
)) {
5222 /* Empty assignment resets the list */
5223 bind_mount_free_many(c
->bind_mounts
, c
->n_bind_mounts
);
5224 c
->bind_mounts
= NULL
;
5225 c
->n_bind_mounts
= 0;
5229 for (const char *p
= rvalue
;;) {
5230 _cleanup_free_
char *source
= NULL
, *destination
= NULL
;
5231 _cleanup_free_
char *sresolved
= NULL
, *dresolved
= NULL
;
5232 char *s
= NULL
, *d
= NULL
;
5233 bool rbind
= true, ignore_enoent
= false;
5235 r
= extract_first_word(&p
, &source
, ":" WHITESPACE
, EXTRACT_UNQUOTE
|EXTRACT_DONT_COALESCE_SEPARATORS
);
5239 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s, ignoring: %s", lvalue
, rvalue
);
5245 r
= unit_path_printf(u
, source
, &sresolved
);
5247 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5248 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", source
);
5254 ignore_enoent
= true;
5258 r
= path_simplify_and_warn(s
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5262 /* Optionally, the destination is specified. */
5263 if (p
&& p
[-1] == ':') {
5264 r
= extract_first_word(&p
, &destination
, ":" WHITESPACE
, EXTRACT_UNQUOTE
|EXTRACT_DONT_COALESCE_SEPARATORS
);
5268 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s, ignoring: %s", lvalue
, rvalue
);
5272 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Missing argument after ':', ignoring: %s", s
);
5276 r
= unit_path_printf(u
, destination
, &dresolved
);
5278 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5279 "Failed to resolve specifiers in \"%s\", ignoring: %m", destination
);
5283 r
= path_simplify_and_warn(dresolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5289 /* Optionally, there's also a short option string specified */
5290 if (p
&& p
[-1] == ':') {
5291 _cleanup_free_
char *options
= NULL
;
5293 r
= extract_first_word(&p
, &options
, NULL
, EXTRACT_UNQUOTE
);
5297 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse %s=, ignoring: %s", lvalue
, rvalue
);
5301 if (isempty(options
) || streq(options
, "rbind"))
5303 else if (streq(options
, "norbind"))
5306 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid option string, ignoring setting: %s", options
);
5313 r
= bind_mount_add(&c
->bind_mounts
, &c
->n_bind_mounts
,
5317 .read_only
= !!strstr(lvalue
, "ReadOnly"),
5319 .ignore_enoent
= ignore_enoent
,
5328 int config_parse_mount_images(
5330 const char *filename
,
5332 const char *section
,
5333 unsigned section_line
,
5340 ExecContext
*c
= ASSERT_PTR(data
);
5341 const Unit
*u
= userdata
;
5348 if (isempty(rvalue
)) {
5349 /* Empty assignment resets the list */
5350 c
->mount_images
= mount_image_free_many(c
->mount_images
, &c
->n_mount_images
);
5354 for (const char *p
= rvalue
;;) {
5355 _cleanup_(mount_options_free_allp
) MountOptions
*options
= NULL
;
5356 _cleanup_free_
char *first
= NULL
, *second
= NULL
, *tuple
= NULL
;
5357 _cleanup_free_
char *sresolved
= NULL
, *dresolved
= NULL
;
5358 const char *q
= NULL
;
5360 bool permissive
= false;
5362 r
= extract_first_word(&p
, &tuple
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_RETAIN_ESCAPE
);
5366 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5367 "Invalid syntax %s=%s, ignoring: %m", lvalue
, rvalue
);
5374 r
= extract_many_words(&q
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
, &first
, &second
);
5378 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5379 "Invalid syntax in %s=, ignoring: %s", lvalue
, tuple
);
5391 r
= unit_path_printf(u
, s
, &sresolved
);
5393 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5394 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", s
);
5398 r
= path_simplify_and_warn(sresolved
, PATH_CHECK_ABSOLUTE
|PATH_CHECK_NON_API_VFS
, unit
, filename
, line
, lvalue
);
5402 if (isempty(second
)) {
5403 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Missing destination in %s, ignoring: %s", lvalue
, rvalue
);
5407 r
= unit_path_printf(u
, second
, &dresolved
);
5409 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5410 "Failed to resolve specifiers in \"%s\", ignoring: %m", second
);
5414 r
= path_simplify_and_warn(dresolved
, PATH_CHECK_ABSOLUTE
|PATH_CHECK_NON_API_VFS
, unit
, filename
, line
, lvalue
);
5419 _cleanup_free_
char *partition
= NULL
, *mount_options
= NULL
, *mount_options_resolved
= NULL
;
5420 MountOptions
*o
= NULL
;
5421 PartitionDesignator partition_designator
;
5423 r
= extract_many_words(&q
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
, &partition
, &mount_options
);
5427 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", q
);
5432 /* Single set of options, applying to the root partition/single filesystem */
5434 r
= unit_full_printf(u
, partition
, &mount_options_resolved
);
5436 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", first
);
5440 o
= new(MountOptions
, 1);
5443 *o
= (MountOptions
) {
5444 .partition_designator
= PARTITION_ROOT
,
5445 .options
= TAKE_PTR(mount_options_resolved
),
5447 LIST_APPEND(mount_options
, options
, o
);
5452 partition_designator
= partition_designator_from_string(partition
);
5453 if (partition_designator
< 0) {
5454 log_syntax(unit
, LOG_WARNING
, filename
, line
, partition_designator
,
5455 "Invalid partition name %s, ignoring", partition
);
5458 r
= unit_full_printf(u
, mount_options
, &mount_options_resolved
);
5460 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options
);
5464 o
= new(MountOptions
, 1);
5467 *o
= (MountOptions
) {
5468 .partition_designator
= partition_designator
,
5469 .options
= TAKE_PTR(mount_options_resolved
),
5471 LIST_APPEND(mount_options
, options
, o
);
5474 r
= mount_image_add(&c
->mount_images
, &c
->n_mount_images
,
5476 .source
= sresolved
,
5477 .destination
= dresolved
,
5478 .mount_options
= options
,
5479 .ignore_enoent
= permissive
,
5480 .type
= MOUNT_IMAGE_DISCRETE
,
5487 int config_parse_extension_images(
5489 const char *filename
,
5491 const char *section
,
5492 unsigned section_line
,
5499 ExecContext
*c
= ASSERT_PTR(data
);
5500 const Unit
*u
= userdata
;
5507 if (isempty(rvalue
)) {
5508 /* Empty assignment resets the list */
5509 c
->extension_images
= mount_image_free_many(c
->extension_images
, &c
->n_extension_images
);
5513 for (const char *p
= rvalue
;;) {
5514 _cleanup_free_
char *source
= NULL
, *tuple
= NULL
, *sresolved
= NULL
;
5515 _cleanup_(mount_options_free_allp
) MountOptions
*options
= NULL
;
5516 bool permissive
= false;
5517 const char *q
= NULL
;
5520 r
= extract_first_word(&p
, &tuple
, NULL
, EXTRACT_UNQUOTE
|EXTRACT_RETAIN_ESCAPE
);
5524 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5525 "Invalid syntax %s=%s, ignoring: %m", lvalue
, rvalue
);
5532 r
= extract_first_word(&q
, &source
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
);
5536 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5537 "Invalid syntax in %s=, ignoring: %s", lvalue
, tuple
);
5549 r
= unit_path_printf(u
, s
, &sresolved
);
5551 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5552 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", s
);
5556 r
= path_simplify_and_warn(sresolved
, PATH_CHECK_ABSOLUTE
|PATH_CHECK_NON_API_VFS
, unit
, filename
, line
, lvalue
);
5561 _cleanup_free_
char *partition
= NULL
, *mount_options
= NULL
, *mount_options_resolved
= NULL
;
5562 MountOptions
*o
= NULL
;
5563 PartitionDesignator partition_designator
;
5565 r
= extract_many_words(&q
, ":", EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_SEPARATORS
, &partition
, &mount_options
);
5569 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", q
);
5574 /* Single set of options, applying to the root partition/single filesystem */
5576 r
= unit_full_printf(u
, partition
, &mount_options_resolved
);
5578 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", partition
);
5582 o
= new(MountOptions
, 1);
5585 *o
= (MountOptions
) {
5586 .partition_designator
= PARTITION_ROOT
,
5587 .options
= TAKE_PTR(mount_options_resolved
),
5589 LIST_APPEND(mount_options
, options
, o
);
5594 partition_designator
= partition_designator_from_string(partition
);
5595 if (partition_designator
< 0) {
5596 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid partition name %s, ignoring", partition
);
5599 r
= unit_full_printf(u
, mount_options
, &mount_options_resolved
);
5601 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in %s, ignoring: %m", mount_options
);
5605 o
= new(MountOptions
, 1);
5608 *o
= (MountOptions
) {
5609 .partition_designator
= partition_designator
,
5610 .options
= TAKE_PTR(mount_options_resolved
),
5612 LIST_APPEND(mount_options
, options
, o
);
5615 r
= mount_image_add(&c
->extension_images
, &c
->n_extension_images
,
5617 .source
= sresolved
,
5618 .mount_options
= options
,
5619 .ignore_enoent
= permissive
,
5620 .type
= MOUNT_IMAGE_EXTENSION
,
5627 int config_parse_job_timeout_sec(
5629 const char *filename
,
5631 const char *section
,
5632 unsigned section_line
,
5639 Unit
*u
= ASSERT_PTR(data
);
5647 r
= parse_sec_fix_0(rvalue
, &usec
);
5649 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse JobTimeoutSec= parameter, ignoring: %s", rvalue
);
5653 /* If the user explicitly changed JobTimeoutSec= also change JobRunningTimeoutSec=, for compatibility with old
5654 * versions. If JobRunningTimeoutSec= was explicitly set, avoid this however as whatever the user picked should
5657 if (!u
->job_running_timeout_set
)
5658 u
->job_running_timeout
= usec
;
5660 u
->job_timeout
= usec
;
5665 int config_parse_job_running_timeout_sec(
5667 const char *filename
,
5669 const char *section
,
5670 unsigned section_line
,
5677 Unit
*u
= ASSERT_PTR(data
);
5685 r
= parse_sec_fix_0(rvalue
, &usec
);
5687 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse JobRunningTimeoutSec= parameter, ignoring: %s", rvalue
);
5691 u
->job_running_timeout
= usec
;
5692 u
->job_running_timeout_set
= true;
5697 int config_parse_emergency_action(
5699 const char *filename
,
5701 const char *section
,
5702 unsigned section_line
,
5709 EmergencyAction
*x
= ASSERT_PTR(data
);
5710 RuntimeScope runtime_scope
;
5717 /* If we have a unit determine the scope based on it */
5719 runtime_scope
= ((Unit
*) ASSERT_PTR(userdata
))->manager
->runtime_scope
;
5721 runtime_scope
= ltype
; /* otherwise, assume the scope is passed in via ltype */
5723 r
= parse_emergency_action(rvalue
, runtime_scope
, x
);
5725 if (r
== -EOPNOTSUPP
)
5726 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5727 "%s= specified as %s mode action, ignoring: %s",
5728 lvalue
, runtime_scope_to_string(runtime_scope
), rvalue
);
5730 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
5731 "Failed to parse %s=, ignoring: %s", lvalue
, rvalue
);
5738 int config_parse_pid_file(
5740 const char *filename
,
5742 const char *section
,
5743 unsigned section_line
,
5750 _cleanup_free_
char *k
= NULL
, *n
= NULL
;
5751 const Unit
*u
= ASSERT_PTR(userdata
);
5759 if (isempty(rvalue
)) {
5760 /* An empty assignment removes already set value. */
5765 r
= unit_path_printf(u
, rvalue
, &k
);
5767 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
5771 /* If this is a relative path make it absolute by prefixing the /run */
5772 n
= path_make_absolute(k
, u
->manager
->prefix
[EXEC_DIRECTORY_RUNTIME
]);
5776 /* Check that the result is a sensible path */
5777 r
= path_simplify_and_warn(n
, PATH_CHECK_ABSOLUTE
|PATH_CHECK_NON_API_VFS
, unit
, filename
, line
, lvalue
);
5781 r
= patch_var_run(unit
, filename
, line
, lvalue
, &n
);
5785 free_and_replace(*s
, n
);
5789 int config_parse_exit_status(
5791 const char *filename
,
5793 const char *section
,
5794 unsigned section_line
,
5801 int *exit_status
= data
, r
;
5807 assert(exit_status
);
5809 if (isempty(rvalue
)) {
5814 r
= safe_atou8(rvalue
, &u
);
5816 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse exit status '%s', ignoring: %m", rvalue
);
5824 int config_parse_disable_controllers(
5826 const char *filename
,
5828 const char *section
,
5829 unsigned section_line
,
5837 CGroupContext
*c
= data
;
5838 CGroupMask disabled_mask
;
5840 /* 1. If empty, make all controllers eligible for use again.
5841 * 2. If non-empty, merge all listed controllers, space separated. */
5843 if (isempty(rvalue
)) {
5844 c
->disable_controllers
= 0;
5848 r
= cg_mask_from_string(rvalue
, &disabled_mask
);
5849 if (r
< 0 || disabled_mask
<= 0) {
5850 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid cgroup string: %s, ignoring", rvalue
);
5854 c
->disable_controllers
|= disabled_mask
;
5859 int config_parse_ip_filter_bpf_progs(
5861 const char *filename
,
5863 const char *section
,
5864 unsigned section_line
,
5871 _cleanup_free_
char *resolved
= NULL
;
5872 const Unit
*u
= userdata
;
5873 char ***paths
= ASSERT_PTR(data
);
5880 if (isempty(rvalue
)) {
5881 *paths
= strv_free(*paths
);
5885 r
= unit_path_printf(u
, rvalue
, &resolved
);
5887 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
5891 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5895 if (strv_contains(*paths
, resolved
))
5898 r
= strv_extend(paths
, resolved
);
5902 r
= bpf_firewall_supported();
5905 if (r
!= BPF_FIREWALL_SUPPORTED_WITH_MULTI
) {
5906 static bool warned
= false;
5908 log_full(warned
? LOG_DEBUG
: LOG_WARNING
,
5909 "File %s:%u configures an IP firewall with BPF programs (%s=%s), but the local system does not support BPF/cgroup based firewalling with multiple filters.\n"
5910 "Starting this unit will fail! (This warning is only shown for the first loaded unit using IP firewalling.)", filename
, line
, lvalue
, rvalue
);
5918 int config_parse_bpf_foreign_program(
5920 const char *filename
,
5922 const char *section
,
5923 unsigned section_line
,
5929 _cleanup_free_
char *resolved
= NULL
, *word
= NULL
;
5930 CGroupContext
*c
= data
;
5931 const char *p
= ASSERT_PTR(rvalue
);
5938 if (isempty(rvalue
)) {
5939 while (c
->bpf_foreign_programs
)
5940 cgroup_context_remove_bpf_foreign_program(c
, c
->bpf_foreign_programs
);
5945 r
= extract_first_word(&p
, &word
, ":", 0);
5949 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse foreign BPF program, ignoring: %s", rvalue
);
5952 if (r
== 0 || isempty(p
)) {
5953 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid syntax in %s=, ignoring: %s", lvalue
, rvalue
);
5957 attach_type
= bpf_cgroup_attach_type_from_string(word
);
5958 if (attach_type
< 0) {
5959 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Unknown BPF attach type=%s, ignoring: %s", word
, rvalue
);
5963 r
= unit_path_printf(u
, p
, &resolved
);
5965 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %s", p
, rvalue
);
5969 r
= path_simplify_and_warn(resolved
, PATH_CHECK_ABSOLUTE
, unit
, filename
, line
, lvalue
);
5973 r
= cgroup_context_add_bpf_foreign_program(c
, attach_type
, resolved
);
5975 return log_error_errno(r
, "Failed to add foreign BPF program to cgroup context: %m");
5980 int config_parse_cgroup_socket_bind(
5982 const char *filename
,
5984 const char *section
,
5985 unsigned section_line
,
5991 _cleanup_free_ CGroupSocketBindItem
*item
= NULL
;
5992 CGroupSocketBindItem
**head
= data
;
5993 uint16_t nr_ports
, port_min
;
5994 int af
, ip_protocol
, r
;
5996 if (isempty(rvalue
)) {
5997 cgroup_context_remove_socket_bind(head
);
6001 r
= parse_socket_bind_item(rvalue
, &af
, &ip_protocol
, &nr_ports
, &port_min
);
6005 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
6006 "Unable to parse %s= assignment, ignoring: %s", lvalue
, rvalue
);
6010 item
= new(CGroupSocketBindItem
, 1);
6013 *item
= (CGroupSocketBindItem
) {
6014 .address_family
= af
,
6015 .ip_protocol
= ip_protocol
,
6016 .nr_ports
= nr_ports
,
6017 .port_min
= port_min
,
6020 LIST_PREPEND(socket_bind_items
, *head
, TAKE_PTR(item
));
6025 int config_parse_restrict_network_interfaces(
6027 const char *filename
,
6029 const char *section
,
6030 unsigned section_line
,
6036 CGroupContext
*c
= ASSERT_PTR(data
);
6037 bool is_allow_rule
= true;
6044 if (isempty(rvalue
)) {
6045 /* Empty assignment resets the list */
6046 c
->restrict_network_interfaces
= set_free_free(c
->restrict_network_interfaces
);
6050 if (rvalue
[0] == '~') {
6051 is_allow_rule
= false;
6055 if (set_isempty(c
->restrict_network_interfaces
))
6056 /* Only initialize this when creating the set */
6057 c
->restrict_network_interfaces_is_allow_list
= is_allow_rule
;
6059 for (const char *p
= rvalue
;;) {
6060 _cleanup_free_
char *word
= NULL
;
6062 r
= extract_first_word(&p
, &word
, NULL
, EXTRACT_UNQUOTE
);
6068 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
6069 "Trailing garbage in %s, ignoring: %s", lvalue
, rvalue
);
6073 if (!ifname_valid_full(word
, IFNAME_VALID_ALTERNATIVE
)) {
6074 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid interface name, ignoring: %s", word
);
6078 if (c
->restrict_network_interfaces_is_allow_list
!= is_allow_rule
)
6079 free(set_remove(c
->restrict_network_interfaces
, word
));
6081 r
= set_put_strdup(&c
->restrict_network_interfaces
, word
);
6090 int config_parse_mount_node(
6092 const char *filename
,
6094 const char *section
,
6095 unsigned section_line
,
6102 const Unit
*u
= ASSERT_PTR(userdata
);
6103 _cleanup_free_
char *resolved
= NULL
, *path
= NULL
;
6110 r
= unit_full_printf(u
, rvalue
, &resolved
);
6112 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue
);
6116 path
= fstab_node_to_udev_node(resolved
);
6120 /* The source passed is not necessarily something we understand, and we pass it as-is to mount/swapon,
6121 * so path_is_valid is not used. But let's check for basic sanity, i.e. if the source is longer than
6122 * PATH_MAX, you're likely doing something wrong. */
6123 if (strlen(path
) >= PATH_MAX
) {
6124 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Resolved mount path '%s' too long, ignoring.", path
);
6128 return config_parse_string(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, path
, data
, userdata
);
6131 static int merge_by_names(Unit
*u
, Set
*names
, const char *id
) {
6137 /* Let's try to add in all names that are aliases of this unit */
6138 while ((k
= set_steal_first(names
))) {
6139 _cleanup_free_ _unused_
char *free_k
= k
;
6141 /* First try to merge in the other name into our unit */
6142 r
= unit_merge_by_name(u
, k
);
6146 /* Hmm, we couldn't merge the other unit into ours? Then let's try it the other way
6149 other
= manager_get_unit(u
->manager
, k
);
6151 return r
; /* return previous failure */
6153 r
= unit_merge(other
, u
);
6157 return merge_by_names(other
, names
, NULL
);
6160 if (streq_ptr(id
, k
))
6161 unit_choose_id(u
, id
);
6167 int unit_load_fragment(Unit
*u
) {
6168 const char *fragment
;
6169 _cleanup_set_free_free_ Set
*names
= NULL
;
6173 assert(u
->load_state
== UNIT_STUB
);
6177 u
->access_selinux_context
= mfree(u
->access_selinux_context
);
6178 u
->load_state
= UNIT_LOADED
;
6182 /* Possibly rebuild the fragment map to catch new units */
6183 r
= unit_file_build_name_map(&u
->manager
->lookup_paths
,
6184 &u
->manager
->unit_cache_timestamp_hash
,
6185 &u
->manager
->unit_id_map
,
6186 &u
->manager
->unit_name_map
,
6187 &u
->manager
->unit_path_cache
);
6189 return log_error_errno(r
, "Failed to rebuild name map: %m");
6191 r
= unit_file_find_fragment(u
->manager
->unit_id_map
,
6192 u
->manager
->unit_name_map
,
6196 if (r
< 0 && r
!= -ENOENT
)
6200 /* Open the file, check if this is a mask, otherwise read. */
6201 _cleanup_fclose_
FILE *f
= NULL
;
6204 /* Try to open the file name. A symlink is OK, for example for linked files or masks. We
6205 * expect that all symlinks within the lookup paths have been already resolved, but we don't
6206 * verify this here. */
6207 f
= fopen(fragment
, "re");
6209 return log_unit_notice_errno(u
, errno
, "Failed to open %s: %m", fragment
);
6211 if (fstat(fileno(f
), &st
) < 0)
6214 r
= free_and_strdup(&u
->fragment_path
, fragment
);
6218 if (null_or_empty(&st
)) {
6219 /* Unit file is masked */
6221 u
->load_state
= u
->perpetual
? UNIT_LOADED
: UNIT_MASKED
; /* don't allow perpetual units to ever be masked */
6222 u
->fragment_mtime
= 0;
6223 u
->access_selinux_context
= mfree(u
->access_selinux_context
);
6226 if (mac_selinux_use()) {
6227 _cleanup_freecon_
char *selcon
= NULL
;
6229 /* Cache the SELinux context of the unit file here. We'll make use of when checking access permissions to loaded units */
6230 r
= fgetfilecon_raw(fileno(f
), &selcon
);
6232 log_unit_warning_errno(u
, r
, "Failed to read SELinux context of '%s', ignoring: %m", fragment
);
6234 r
= free_and_strdup(&u
->access_selinux_context
, selcon
);
6239 u
->access_selinux_context
= mfree(u
->access_selinux_context
);
6241 u
->load_state
= UNIT_LOADED
;
6242 u
->fragment_mtime
= timespec_load(&st
.st_mtim
);
6244 /* Now, parse the file contents */
6245 r
= config_parse(u
->id
, fragment
, f
,
6246 UNIT_VTABLE(u
)->sections
,
6247 config_item_perf_lookup
, load_fragment_gperf_lookup
,
6252 log_unit_notice_errno(u
, r
, "Unit configuration has fatal error, unit will not be started.");
6258 /* Call merge_by_names with the name derived from the fragment path as the preferred name.
6260 * We do the merge dance here because for some unit types, the unit might have aliases which are not
6261 * declared in the file system. In particular, this is true (and frequent) for device and swap units.
6263 const char *id
= u
->id
;
6264 _cleanup_free_
char *filename
= NULL
, *free_id
= NULL
;
6267 r
= path_extract_filename(fragment
, &filename
);
6269 return log_debug_errno(r
, "Failed to extract filename from fragment '%s': %m", fragment
);
6272 if (unit_name_is_valid(id
, UNIT_NAME_TEMPLATE
)) {
6273 assert(u
->instance
); /* If we're not trying to use a template for non-instanced unit,
6274 * this must be set. */
6276 r
= unit_name_replace_instance(id
, u
->instance
, &free_id
);
6278 return log_debug_errno(r
, "Failed to build id (%s + %s): %m", id
, u
->instance
);
6283 return merge_by_names(u
, names
, id
);
6286 void unit_dump_config_items(FILE *f
) {
6287 static const struct {
6288 const ConfigParserCallback callback
;
6291 { config_parse_warn_compat
, "NOTSUPPORTED" },
6292 { config_parse_int
, "INTEGER" },
6293 { config_parse_unsigned
, "UNSIGNED" },
6294 { config_parse_iec_size
, "SIZE" },
6295 { config_parse_iec_uint64
, "SIZE" },
6296 { config_parse_si_uint64
, "SIZE" },
6297 { config_parse_bool
, "BOOLEAN" },
6298 { config_parse_string
, "STRING" },
6299 { config_parse_path
, "PATH" },
6300 { config_parse_unit_path_printf
, "PATH" },
6301 { config_parse_colon_separated_paths
, "PATH" },
6302 { config_parse_strv
, "STRING [...]" },
6303 { config_parse_exec_nice
, "NICE" },
6304 { config_parse_exec_oom_score_adjust
, "OOMSCOREADJUST" },
6305 { config_parse_exec_io_class
, "IOCLASS" },
6306 { config_parse_exec_io_priority
, "IOPRIORITY" },
6307 { config_parse_exec_cpu_sched_policy
, "CPUSCHEDPOLICY" },
6308 { config_parse_exec_cpu_sched_prio
, "CPUSCHEDPRIO" },
6309 { config_parse_exec_cpu_affinity
, "CPUAFFINITY" },
6310 { config_parse_mode
, "MODE" },
6311 { config_parse_unit_env_file
, "FILE" },
6312 { config_parse_exec_output
, "OUTPUT" },
6313 { config_parse_exec_input
, "INPUT" },
6314 { config_parse_log_facility
, "FACILITY" },
6315 { config_parse_log_level
, "LEVEL" },
6316 { config_parse_exec_secure_bits
, "SECUREBITS" },
6317 { config_parse_capability_set
, "BOUNDINGSET" },
6318 { config_parse_rlimit
, "LIMIT" },
6319 { config_parse_unit_deps
, "UNIT [...]" },
6320 { config_parse_exec
, "PATH [ARGUMENT [...]]" },
6321 { config_parse_service_type
, "SERVICETYPE" },
6322 { config_parse_service_exit_type
, "SERVICEEXITTYPE" },
6323 { config_parse_service_restart
, "SERVICERESTART" },
6324 { config_parse_service_restart_mode
, "SERVICERESTARTMODE" },
6325 { config_parse_service_timeout_failure_mode
, "TIMEOUTMODE" },
6326 { config_parse_kill_mode
, "KILLMODE" },
6327 { config_parse_signal
, "SIGNAL" },
6328 { config_parse_socket_listen
, "SOCKET [...]" },
6329 { config_parse_socket_bind
, "SOCKETBIND" },
6330 { config_parse_socket_bindtodevice
, "NETWORKINTERFACE" },
6331 { config_parse_sec
, "SECONDS" },
6332 { config_parse_nsec
, "NANOSECONDS" },
6333 { config_parse_namespace_path_strv
, "PATH [...]" },
6334 { config_parse_bind_paths
, "PATH[:PATH[:OPTIONS]] [...]" },
6335 { config_parse_unit_mounts_for
, "PATH [...]" },
6336 { config_parse_exec_mount_propagation_flag
,
6338 { config_parse_unit_string_printf
, "STRING" },
6339 { config_parse_trigger_unit
, "UNIT" },
6340 { config_parse_timer
, "TIMER" },
6341 { config_parse_path_spec
, "PATH" },
6342 { config_parse_notify_access
, "ACCESS" },
6343 { config_parse_ip_tos
, "TOS" },
6344 { config_parse_unit_condition_path
, "CONDITION" },
6345 { config_parse_unit_condition_string
, "CONDITION" },
6346 { config_parse_unit_slice
, "SLICE" },
6347 { config_parse_documentation
, "URL" },
6348 { config_parse_service_timeout
, "SECONDS" },
6349 { config_parse_emergency_action
, "ACTION" },
6350 { config_parse_set_status
, "STATUS" },
6351 { config_parse_service_sockets
, "SOCKETS" },
6352 { config_parse_environ
, "ENVIRON" },
6354 { config_parse_syscall_filter
, "SYSCALLS" },
6355 { config_parse_syscall_archs
, "ARCHS" },
6356 { config_parse_syscall_errno
, "ERRNO" },
6357 { config_parse_syscall_log
, "SYSCALLS" },
6358 { config_parse_address_families
, "FAMILIES" },
6359 { config_parse_restrict_namespaces
, "NAMESPACES" },
6361 { config_parse_restrict_filesystems
, "FILESYSTEMS" },
6362 { config_parse_cpu_shares
, "SHARES" },
6363 { config_parse_cg_weight
, "WEIGHT" },
6364 { config_parse_cg_cpu_weight
, "CPUWEIGHT" },
6365 { config_parse_memory_limit
, "LIMIT" },
6366 { config_parse_device_allow
, "DEVICE" },
6367 { config_parse_device_policy
, "POLICY" },
6368 { config_parse_io_limit
, "LIMIT" },
6369 { config_parse_io_device_weight
, "DEVICEWEIGHT" },
6370 { config_parse_io_device_latency
, "DEVICELATENCY" },
6371 { config_parse_blockio_bandwidth
, "BANDWIDTH" },
6372 { config_parse_blockio_weight
, "WEIGHT" },
6373 { config_parse_blockio_device_weight
, "DEVICEWEIGHT" },
6374 { config_parse_long
, "LONG" },
6375 { config_parse_socket_service
, "SERVICE" },
6377 { config_parse_exec_selinux_context
, "LABEL" },
6379 { config_parse_job_mode
, "MODE" },
6380 { config_parse_job_mode_isolate
, "BOOLEAN" },
6381 { config_parse_personality
, "PERSONALITY" },
6382 { config_parse_log_filter_patterns
, "REGEX" },
6383 { config_parse_mount_node
, "NODE" },
6386 const char *prev
= NULL
;
6390 NULSTR_FOREACH(i
, load_fragment_gperf_nulstr
) {
6391 const char *rvalue
= "OTHER", *lvalue
;
6392 const ConfigPerfItem
*p
;
6395 assert_se(p
= load_fragment_gperf_lookup(i
, strlen(i
)));
6397 /* Hide legacy settings */
6398 if (p
->parse
== config_parse_warn_compat
&&
6399 p
->ltype
== DISABLED_LEGACY
)
6402 for (size_t j
= 0; j
< ELEMENTSOF(table
); j
++)
6403 if (p
->parse
== table
[j
].callback
) {
6404 rvalue
= table
[j
].rvalue
;
6408 dot
= strchr(i
, '.');
6409 lvalue
= dot
? dot
+ 1 : i
;
6412 size_t prefix_len
= dot
- i
;
6414 if (!prev
|| !strneq(prev
, i
, prefix_len
+1)) {
6418 fprintf(f
, "[%.*s]\n", (int) prefix_len
, i
);
6422 fprintf(f
, "%s=%s\n", lvalue
, rvalue
);
6427 int config_parse_cpu_affinity2(
6429 const char *filename
,
6431 const char *section
,
6432 unsigned section_line
,
6439 CPUSet
*affinity
= ASSERT_PTR(data
);
6441 (void) parse_cpu_set_extend(rvalue
, affinity
, true, unit
, filename
, line
, lvalue
);
6446 int config_parse_show_status(
6448 const char *filename
,
6450 const char *section
,
6451 unsigned section_line
,
6459 ShowStatus
*b
= ASSERT_PTR(data
);
6465 k
= parse_show_status(rvalue
, b
);
6467 log_syntax(unit
, LOG_WARNING
, filename
, line
, k
, "Failed to parse show status setting, ignoring: %s", rvalue
);
6472 int config_parse_output_restricted(
6474 const char *filename
,
6476 const char *section
,
6477 unsigned section_line
,
6484 ExecOutput t
, *eo
= ASSERT_PTR(data
);
6485 bool obsolete
= false;
6491 if (streq(rvalue
, "syslog")) {
6492 t
= EXEC_OUTPUT_JOURNAL
;
6494 } else if (streq(rvalue
, "syslog+console")) {
6495 t
= EXEC_OUTPUT_JOURNAL_AND_CONSOLE
;
6498 t
= exec_output_from_string(rvalue
);
6500 log_syntax(unit
, LOG_WARNING
, filename
, line
, t
, "Failed to parse output type, ignoring: %s", rvalue
);
6504 if (IN_SET(t
, EXEC_OUTPUT_SOCKET
, EXEC_OUTPUT_NAMED_FD
, EXEC_OUTPUT_FILE
, EXEC_OUTPUT_FILE_APPEND
, EXEC_OUTPUT_FILE_TRUNCATE
)) {
6505 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Standard output types socket, fd:, file:, append:, truncate: are not supported as defaults, ignoring: %s", rvalue
);
6511 log_syntax(unit
, LOG_NOTICE
, filename
, line
, 0,
6512 "Standard output type %s is obsolete, automatically updating to %s. Please update your configuration.",
6513 rvalue
, exec_output_to_string(t
));
6519 int config_parse_crash_chvt(
6521 const char *filename
,
6523 const char *section
,
6524 unsigned section_line
,
6538 r
= parse_crash_chvt(rvalue
, data
);
6540 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse CrashChangeVT= setting, ignoring: %s", rvalue
);
6545 int config_parse_swap_priority(
6547 const char *filename
,
6549 const char *section
,
6550 unsigned section_line
,
6557 Swap
*s
= ASSERT_PTR(userdata
);
6565 if (isempty(rvalue
)) {
6566 s
->parameters_fragment
.priority
= -1;
6567 s
->parameters_fragment
.priority_set
= false;
6571 r
= safe_atoi(rvalue
, &priority
);
6573 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid swap priority '%s', ignoring.", rvalue
);
6577 if (priority
< -1) {
6578 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Sorry, swap priorities smaller than -1 may only be assigned by the kernel itself, ignoring: %s", rvalue
);
6582 if (priority
> 32767) {
6583 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Swap priority out of range, ignoring: %s", rvalue
);
6587 s
->parameters_fragment
.priority
= priority
;
6588 s
->parameters_fragment
.priority_set
= true;
6592 int config_parse_watchdog_sec(
6594 const char *filename
,
6596 const char *section
,
6597 unsigned section_line
,
6604 usec_t
*usec
= data
;
6610 /* This is called for {Runtime,Reboot,KExec}WatchdogSec= where "default" maps to
6611 * USEC_INFINITY internally. */
6613 if (streq(rvalue
, "default"))
6614 *usec
= USEC_INFINITY
;
6615 else if (streq(rvalue
, "off"))
6618 return config_parse_sec(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, data
, userdata
);
6623 int config_parse_tty_size(
6625 const char *filename
,
6627 const char *section
,
6628 unsigned section_line
,
6635 unsigned *sz
= data
;
6641 if (isempty(rvalue
)) {
6646 return config_parse_unsigned(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, data
, userdata
);
6649 int config_parse_log_filter_patterns(
6651 const char *filename
,
6653 const char *section
,
6654 unsigned section_line
,
6661 ExecContext
*c
= ASSERT_PTR(data
);
6662 const char *pattern
= ASSERT_PTR(rvalue
);
6663 bool is_allowlist
= true;
6669 if (isempty(pattern
)) {
6670 /* Empty assignment resets the lists. */
6671 c
->log_filter_allowed_patterns
= set_free_free(c
->log_filter_allowed_patterns
);
6672 c
->log_filter_denied_patterns
= set_free_free(c
->log_filter_denied_patterns
);
6676 if (pattern
[0] == '~') {
6677 is_allowlist
= false;
6679 if (isempty(pattern
))
6680 /* LogFilterPatterns=~ is not considered a valid pattern. */
6681 return log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
6682 "Regex pattern invalid, ignoring: %s=%s", lvalue
, rvalue
);
6685 if (pattern_compile_and_log(pattern
, 0, NULL
) < 0)
6688 r
= set_put_strdup(is_allowlist
? &c
->log_filter_allowed_patterns
: &c
->log_filter_denied_patterns
,
6691 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
6692 "Failed to store log filtering pattern, ignoring: %s=%s", lvalue
, rvalue
);
6699 int config_parse_open_file(
6701 const char *filename
,
6703 const char *section
,
6704 unsigned section_line
,
6711 _cleanup_(open_file_freep
) OpenFile
*of
= NULL
;
6712 OpenFile
**head
= ASSERT_PTR(data
);
6719 if (isempty(rvalue
)) {
6720 open_file_free_many(head
);
6724 r
= open_file_parse(rvalue
, &of
);
6726 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Failed to parse OpenFile= setting, ignoring: %s", rvalue
);
6730 LIST_APPEND(open_files
, *head
, TAKE_PTR(of
));
6735 int config_parse_cgroup_nft_set(
6737 const char *filename
,
6739 const char *section
,
6740 unsigned section_line
,
6747 CGroupContext
*c
= ASSERT_PTR(data
);
6748 Unit
*u
= ASSERT_PTR(userdata
);
6750 return config_parse_nft_set(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, &c
->nft_set_context
, u
);