1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2010 Lennart Poettering
7 systemd is free software; you can redistribute it and/or modify it
8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
10 (at your option) any later version.
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
17 You should have received a copy of the GNU Lesser General Public License
18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
27 #include <sys/mount.h>
28 #include <sys/prctl.h>
29 #include <sys/reboot.h>
35 #if HAVE_VALGRIND_VALGRIND_H
36 #include <valgrind/valgrind.h>
40 #include "sd-daemon.h"
41 #include "sd-messages.h"
43 #include "alloc-util.h"
44 #include "architecture.h"
46 #include "bus-error.h"
48 #include "capability-util.h"
49 #include "clock-util.h"
50 #include "conf-parser.h"
51 #include "cpu-set-util.h"
52 #include "dbus-manager.h"
54 #include "emergency-action.h"
59 #include "format-util.h"
61 #include "hostname-setup.h"
62 #include "ima-setup.h"
64 #include "kmod-setup.h"
65 #include "load-fragment.h"
67 #include "loopback-setup.h"
68 #include "machine-id-setup.h"
71 #include "mount-setup.h"
73 #include "parse-util.h"
74 #include "path-util.h"
75 #include "proc-cmdline.h"
76 #include "process-util.h"
77 #include "raw-clone.h"
78 #include "rlimit-util.h"
80 #include "seccomp-util.h"
82 #include "selinux-setup.h"
83 #include "selinux-util.h"
84 #include "signal-util.h"
85 #include "smack-setup.h"
87 #include "stat-util.h"
88 #include "stdio-util.h"
90 #include "switch-root.h"
91 #include "terminal-util.h"
92 #include "umask-util.h"
93 #include "user-util.h"
103 ACTION_DUMP_CONFIGURATION_ITEMS
104 } arg_action
= ACTION_RUN
;
105 static char *arg_default_unit
= NULL
;
106 static bool arg_system
= false;
107 static bool arg_dump_core
= true;
108 static int arg_crash_chvt
= -1;
109 static bool arg_crash_shell
= false;
110 static bool arg_crash_reboot
= false;
111 static char *arg_confirm_spawn
= NULL
;
112 static ShowStatus arg_show_status
= _SHOW_STATUS_UNSET
;
113 static bool arg_switched_root
= false;
114 static bool arg_no_pager
= false;
115 static bool arg_service_watchdogs
= true;
116 static char ***arg_join_controllers
= NULL
;
117 static ExecOutput arg_default_std_output
= EXEC_OUTPUT_JOURNAL
;
118 static ExecOutput arg_default_std_error
= EXEC_OUTPUT_INHERIT
;
119 static usec_t arg_default_restart_usec
= DEFAULT_RESTART_USEC
;
120 static usec_t arg_default_timeout_start_usec
= DEFAULT_TIMEOUT_USEC
;
121 static usec_t arg_default_timeout_stop_usec
= DEFAULT_TIMEOUT_USEC
;
122 static usec_t arg_default_start_limit_interval
= DEFAULT_START_LIMIT_INTERVAL
;
123 static unsigned arg_default_start_limit_burst
= DEFAULT_START_LIMIT_BURST
;
124 static usec_t arg_runtime_watchdog
= 0;
125 static usec_t arg_shutdown_watchdog
= 10 * USEC_PER_MINUTE
;
126 static char *arg_watchdog_device
= NULL
;
127 static char **arg_default_environment
= NULL
;
128 static struct rlimit
*arg_default_rlimit
[_RLIMIT_MAX
] = {};
129 static uint64_t arg_capability_bounding_set
= CAP_ALL
;
130 static nsec_t arg_timer_slack_nsec
= NSEC_INFINITY
;
131 static usec_t arg_default_timer_accuracy_usec
= 1 * USEC_PER_MINUTE
;
132 static Set
* arg_syscall_archs
= NULL
;
133 static FILE* arg_serialization
= NULL
;
134 static bool arg_default_cpu_accounting
= false;
135 static bool arg_default_io_accounting
= false;
136 static bool arg_default_ip_accounting
= false;
137 static bool arg_default_blockio_accounting
= false;
138 static bool arg_default_memory_accounting
= false;
139 static bool arg_default_tasks_accounting
= true;
140 static uint64_t arg_default_tasks_max
= UINT64_MAX
;
141 static sd_id128_t arg_machine_id
= {};
142 static EmergencyAction arg_cad_burst_action
= EMERGENCY_ACTION_REBOOT_FORCE
;
144 noreturn
static void freeze_or_reboot(void) {
146 if (arg_crash_reboot
) {
147 log_notice("Rebooting in 10s...");
150 log_notice("Rebooting now...");
151 (void) reboot(RB_AUTOBOOT
);
152 log_emergency_errno(errno
, "Failed to reboot: %m");
155 log_emergency("Freezing execution.");
159 noreturn
static void crash(int sig
) {
163 if (getpid_cached() != 1)
164 /* Pass this on immediately, if this is not PID 1 */
166 else if (!arg_dump_core
)
167 log_emergency("Caught <%s>, not dumping core.", signal_to_string(sig
));
169 sa
= (struct sigaction
) {
170 .sa_handler
= nop_signal_handler
,
171 .sa_flags
= SA_NOCLDSTOP
|SA_RESTART
,
174 /* We want to wait for the core process, hence let's enable SIGCHLD */
175 (void) sigaction(SIGCHLD
, &sa
, NULL
);
177 pid
= raw_clone(SIGCHLD
);
179 log_emergency_errno(errno
, "Caught <%s>, cannot fork for core dump: %m", signal_to_string(sig
));
181 /* Enable default signal handler for core dump */
183 sa
= (struct sigaction
) {
184 .sa_handler
= SIG_DFL
,
186 (void) sigaction(sig
, &sa
, NULL
);
188 /* Don't limit the coredump size */
189 (void) setrlimit(RLIMIT_CORE
, &RLIMIT_MAKE_CONST(RLIM_INFINITY
));
191 /* Just to be sure... */
194 /* Raise the signal again */
196 (void) kill(pid
, sig
); /* raise() would kill the parent */
198 assert_not_reached("We shouldn't be here...");
204 /* Order things nicely. */
205 r
= wait_for_terminate(pid
, &status
);
207 log_emergency_errno(r
, "Caught <%s>, waitpid() failed: %m", signal_to_string(sig
));
208 else if (status
.si_code
!= CLD_DUMPED
)
209 log_emergency("Caught <%s>, core dump failed (child "PID_FMT
", code=%s, status=%i/%s).",
210 signal_to_string(sig
),
211 pid
, sigchld_code_to_string(status
.si_code
),
213 strna(status
.si_code
== CLD_EXITED
214 ? exit_status_to_string(status
.si_status
, EXIT_STATUS_MINIMAL
)
215 : signal_to_string(status
.si_status
)));
217 log_emergency("Caught <%s>, dumped core as pid "PID_FMT
".", signal_to_string(sig
), pid
);
221 if (arg_crash_chvt
>= 0)
222 (void) chvt(arg_crash_chvt
);
224 sa
= (struct sigaction
) {
225 .sa_handler
= SIG_IGN
,
226 .sa_flags
= SA_NOCLDSTOP
|SA_NOCLDWAIT
|SA_RESTART
,
229 /* Let the kernel reap children for us */
230 (void) sigaction(SIGCHLD
, &sa
, NULL
);
232 if (arg_crash_shell
) {
233 log_notice("Executing crash shell in 10s...");
236 pid
= raw_clone(SIGCHLD
);
238 log_emergency_errno(errno
, "Failed to fork off crash shell: %m");
241 (void) make_console_stdio();
242 (void) execle("/bin/sh", "/bin/sh", NULL
, environ
);
244 log_emergency_errno(errno
, "execle() failed: %m");
247 log_info("Spawned crash shell as PID "PID_FMT
".", pid
);
248 (void) wait_for_terminate(pid
, NULL
);
255 static void install_crash_handler(void) {
256 static const struct sigaction sa
= {
258 .sa_flags
= SA_NODEFER
, /* So that we can raise the signal again from the signal handler */
262 /* We ignore the return value here, since, we don't mind if we
263 * cannot set up a crash handler */
264 r
= sigaction_many(&sa
, SIGNALS_CRASH_HANDLER
, -1);
266 log_debug_errno(r
, "I had trouble setting up the crash handler, ignoring: %m");
269 static int console_setup(void) {
270 _cleanup_close_
int tty_fd
= -1;
273 tty_fd
= open_terminal("/dev/console", O_WRONLY
|O_NOCTTY
|O_CLOEXEC
);
275 return log_error_errno(tty_fd
, "Failed to open /dev/console: %m");
277 /* We don't want to force text mode. plymouth may be showing
278 * pictures already from initrd. */
279 r
= reset_terminal_fd(tty_fd
, false);
281 return log_error_errno(r
, "Failed to reset /dev/console: %m");
286 static int parse_crash_chvt(const char *value
) {
289 if (safe_atoi(value
, &arg_crash_chvt
) >= 0)
292 b
= parse_boolean(value
);
297 arg_crash_chvt
= 0; /* switch to where kmsg goes */
299 arg_crash_chvt
= -1; /* turn off switching */
304 static int parse_confirm_spawn(const char *value
, char **console
) {
308 r
= value
? parse_boolean(value
) : 1;
314 if (r
> 0) /* on with default tty */
315 s
= strdup("/dev/console");
316 else if (is_path(value
)) /* on with fully qualified path */
318 else /* on with only a tty file name, not a fully qualified path */
319 s
= strjoin("/dev/", value
);
326 static int set_machine_id(const char *m
) {
330 if (sd_id128_from_string(m
, &t
) < 0)
333 if (sd_id128_is_null(t
))
340 static int parse_proc_cmdline_item(const char *key
, const char *value
, void *data
) {
346 if (STR_IN_SET(key
, "systemd.unit", "rd.systemd.unit")) {
348 if (proc_cmdline_value_missing(key
, value
))
351 if (!unit_name_is_valid(value
, UNIT_NAME_PLAIN
|UNIT_NAME_INSTANCE
))
352 log_warning("Unit name specified on %s= is not valid, ignoring: %s", key
, value
);
353 else if (in_initrd() == !!startswith(key
, "rd.")) {
354 if (free_and_strdup(&arg_default_unit
, value
) < 0)
358 } else if (proc_cmdline_key_streq(key
, "systemd.dump_core")) {
360 r
= value
? parse_boolean(value
) : true;
362 log_warning("Failed to parse dump core switch %s. Ignoring.", value
);
366 } else if (proc_cmdline_key_streq(key
, "systemd.crash_chvt")) {
369 arg_crash_chvt
= 0; /* turn on */
370 else if (parse_crash_chvt(value
) < 0)
371 log_warning("Failed to parse crash chvt switch %s. Ignoring.", value
);
373 } else if (proc_cmdline_key_streq(key
, "systemd.crash_shell")) {
375 r
= value
? parse_boolean(value
) : true;
377 log_warning("Failed to parse crash shell switch %s. Ignoring.", value
);
381 } else if (proc_cmdline_key_streq(key
, "systemd.crash_reboot")) {
383 r
= value
? parse_boolean(value
) : true;
385 log_warning("Failed to parse crash reboot switch %s. Ignoring.", value
);
387 arg_crash_reboot
= r
;
389 } else if (proc_cmdline_key_streq(key
, "systemd.confirm_spawn")) {
392 r
= parse_confirm_spawn(value
, &s
);
394 log_warning_errno(r
, "Failed to parse confirm_spawn switch %s. Ignoring.", value
);
396 free(arg_confirm_spawn
);
397 arg_confirm_spawn
= s
;
400 } else if (proc_cmdline_key_streq(key
, "systemd.service_watchdogs")) {
402 r
= value
? parse_boolean(value
) : true;
404 log_warning("Failed to parse service watchdog switch %s. Ignoring.", value
);
406 arg_service_watchdogs
= r
;
408 } else if (proc_cmdline_key_streq(key
, "systemd.show_status")) {
411 r
= parse_show_status(value
, &arg_show_status
);
413 log_warning("Failed to parse show status switch %s. Ignoring.", value
);
415 arg_show_status
= SHOW_STATUS_YES
;
417 } else if (proc_cmdline_key_streq(key
, "systemd.default_standard_output")) {
419 if (proc_cmdline_value_missing(key
, value
))
422 r
= exec_output_from_string(value
);
424 log_warning("Failed to parse default standard output switch %s. Ignoring.", value
);
426 arg_default_std_output
= r
;
428 } else if (proc_cmdline_key_streq(key
, "systemd.default_standard_error")) {
430 if (proc_cmdline_value_missing(key
, value
))
433 r
= exec_output_from_string(value
);
435 log_warning("Failed to parse default standard error switch %s. Ignoring.", value
);
437 arg_default_std_error
= r
;
439 } else if (streq(key
, "systemd.setenv")) {
441 if (proc_cmdline_value_missing(key
, value
))
444 if (env_assignment_is_valid(value
)) {
447 env
= strv_env_set(arg_default_environment
, value
);
451 arg_default_environment
= env
;
453 log_warning("Environment variable name '%s' is not valid. Ignoring.", value
);
455 } else if (proc_cmdline_key_streq(key
, "systemd.machine_id")) {
457 if (proc_cmdline_value_missing(key
, value
))
460 r
= set_machine_id(value
);
462 log_warning("MachineID '%s' is not valid. Ignoring.", value
);
464 } else if (proc_cmdline_key_streq(key
, "systemd.default_timeout_start_sec")) {
466 if (proc_cmdline_value_missing(key
, value
))
469 r
= parse_sec(value
, &arg_default_timeout_start_usec
);
471 log_warning_errno(r
, "Failed to parse default start timeout: %s, ignoring.", value
);
473 if (arg_default_timeout_start_usec
<= 0)
474 arg_default_timeout_start_usec
= USEC_INFINITY
;
476 } else if (proc_cmdline_key_streq(key
, "systemd.watchdog_device")) {
478 if (proc_cmdline_value_missing(key
, value
))
481 parse_path_argument_and_warn(value
, false, &arg_watchdog_device
);
483 } else if (streq(key
, "quiet") && !value
) {
485 if (arg_show_status
== _SHOW_STATUS_UNSET
)
486 arg_show_status
= SHOW_STATUS_AUTO
;
488 } else if (streq(key
, "debug") && !value
) {
490 /* Note that log_parse_environment() handles 'debug'
491 * too, and sets the log level to LOG_DEBUG. */
493 if (detect_container() > 0)
494 log_set_target(LOG_TARGET_CONSOLE
);
499 /* SysV compatibility */
500 target
= runlevel_to_target(key
);
502 return free_and_strdup(&arg_default_unit
, target
);
508 #define DEFINE_SETTER(name, func, descr) \
509 static int name(const char *unit, \
510 const char *filename, \
512 const char *section, \
513 unsigned section_line, \
514 const char *lvalue, \
516 const char *rvalue, \
528 log_syntax(unit, LOG_ERR, filename, line, r, \
529 "Invalid " descr "'%s': %m", \
535 DEFINE_SETTER(config_parse_level2
, log_set_max_level_from_string
, "log level")
536 DEFINE_SETTER(config_parse_target
, log_set_target_from_string
, "target")
537 DEFINE_SETTER(config_parse_color
, log_show_color_from_string
, "color" )
538 DEFINE_SETTER(config_parse_location
, log_show_location_from_string
, "location")
540 static int config_parse_cpu_affinity2(
542 const char *filename
,
545 unsigned section_line
,
552 _cleanup_cpu_free_ cpu_set_t
*c
= NULL
;
555 ncpus
= parse_cpu_set_and_warn(rvalue
, &c
, unit
, filename
, line
, lvalue
);
559 if (sched_setaffinity(0, CPU_ALLOC_SIZE(ncpus
), c
) < 0)
560 log_warning_errno(errno
, "Failed to set CPU affinity: %m");
565 static int config_parse_show_status(
567 const char *filename
,
570 unsigned section_line
,
578 ShowStatus
*b
= data
;
585 k
= parse_show_status(rvalue
, b
);
587 log_syntax(unit
, LOG_ERR
, filename
, line
, k
, "Failed to parse show status setting, ignoring: %s", rvalue
);
594 static int config_parse_output_restricted(
596 const char *filename
,
599 unsigned section_line
,
606 ExecOutput t
, *eo
= data
;
613 t
= exec_output_from_string(rvalue
);
615 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Failed to parse output type, ignoring: %s", rvalue
);
619 if (IN_SET(t
, EXEC_OUTPUT_SOCKET
, EXEC_OUTPUT_NAMED_FD
, EXEC_OUTPUT_FILE
)) {
620 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Standard output types socket, fd:, file: are not supported as defaults, ignoring: %s", rvalue
);
628 static int config_parse_crash_chvt(
630 const char *filename
,
633 unsigned section_line
,
646 r
= parse_crash_chvt(rvalue
);
648 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to parse CrashChangeVT= setting, ignoring: %s", rvalue
);
655 static int config_parse_join_controllers(const char *unit
,
656 const char *filename
,
659 unsigned section_line
,
666 const char *whole_rvalue
= rvalue
;
673 arg_join_controllers
= strv_free_free(arg_join_controllers
);
676 _cleanup_free_
char *word
= NULL
;
680 r
= extract_first_word(&rvalue
, &word
, NULL
, EXTRACT_QUOTES
);
682 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Invalid value for %s: %s", lvalue
, whole_rvalue
);
688 l
= strv_split(word
, ",");
693 if (strv_length(l
) <= 1) {
698 if (!arg_join_controllers
) {
699 arg_join_controllers
= new(char**, 2);
700 if (!arg_join_controllers
) {
705 arg_join_controllers
[0] = l
;
706 arg_join_controllers
[1] = NULL
;
713 t
= new0(char**, n
+2);
721 for (a
= arg_join_controllers
; *a
; a
++) {
723 if (strv_overlap(*a
, l
)) {
724 if (strv_extend_strv(&l
, *a
, false) < 0) {
744 t
[n
++] = strv_uniq(l
);
746 strv_free_free(arg_join_controllers
);
747 arg_join_controllers
= t
;
750 if (!isempty(rvalue
))
751 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Trailing garbage, ignoring.");
756 static int parse_config_file(void) {
758 const ConfigTableItem items
[] = {
759 { "Manager", "LogLevel", config_parse_level2
, 0, NULL
},
760 { "Manager", "LogTarget", config_parse_target
, 0, NULL
},
761 { "Manager", "LogColor", config_parse_color
, 0, NULL
},
762 { "Manager", "LogLocation", config_parse_location
, 0, NULL
},
763 { "Manager", "DumpCore", config_parse_bool
, 0, &arg_dump_core
},
764 { "Manager", "CrashChVT", /* legacy */ config_parse_crash_chvt
, 0, NULL
},
765 { "Manager", "CrashChangeVT", config_parse_crash_chvt
, 0, NULL
},
766 { "Manager", "CrashShell", config_parse_bool
, 0, &arg_crash_shell
},
767 { "Manager", "CrashReboot", config_parse_bool
, 0, &arg_crash_reboot
},
768 { "Manager", "ShowStatus", config_parse_show_status
, 0, &arg_show_status
},
769 { "Manager", "CPUAffinity", config_parse_cpu_affinity2
, 0, NULL
},
770 { "Manager", "JoinControllers", config_parse_join_controllers
, 0, &arg_join_controllers
},
771 { "Manager", "RuntimeWatchdogSec", config_parse_sec
, 0, &arg_runtime_watchdog
},
772 { "Manager", "ShutdownWatchdogSec", config_parse_sec
, 0, &arg_shutdown_watchdog
},
773 { "Manager", "WatchdogDevice", config_parse_path
, 0, &arg_watchdog_device
},
774 { "Manager", "CapabilityBoundingSet", config_parse_capability_set
, 0, &arg_capability_bounding_set
},
776 { "Manager", "SystemCallArchitectures", config_parse_syscall_archs
, 0, &arg_syscall_archs
},
778 { "Manager", "TimerSlackNSec", config_parse_nsec
, 0, &arg_timer_slack_nsec
},
779 { "Manager", "DefaultTimerAccuracySec", config_parse_sec
, 0, &arg_default_timer_accuracy_usec
},
780 { "Manager", "DefaultStandardOutput", config_parse_output_restricted
,0, &arg_default_std_output
},
781 { "Manager", "DefaultStandardError", config_parse_output_restricted
,0, &arg_default_std_error
},
782 { "Manager", "DefaultTimeoutStartSec", config_parse_sec
, 0, &arg_default_timeout_start_usec
},
783 { "Manager", "DefaultTimeoutStopSec", config_parse_sec
, 0, &arg_default_timeout_stop_usec
},
784 { "Manager", "DefaultRestartSec", config_parse_sec
, 0, &arg_default_restart_usec
},
785 { "Manager", "DefaultStartLimitInterval", config_parse_sec
, 0, &arg_default_start_limit_interval
}, /* obsolete alias */
786 { "Manager", "DefaultStartLimitIntervalSec",config_parse_sec
, 0, &arg_default_start_limit_interval
},
787 { "Manager", "DefaultStartLimitBurst", config_parse_unsigned
, 0, &arg_default_start_limit_burst
},
788 { "Manager", "DefaultEnvironment", config_parse_environ
, 0, &arg_default_environment
},
789 { "Manager", "DefaultLimitCPU", config_parse_limit
, RLIMIT_CPU
, arg_default_rlimit
},
790 { "Manager", "DefaultLimitFSIZE", config_parse_limit
, RLIMIT_FSIZE
, arg_default_rlimit
},
791 { "Manager", "DefaultLimitDATA", config_parse_limit
, RLIMIT_DATA
, arg_default_rlimit
},
792 { "Manager", "DefaultLimitSTACK", config_parse_limit
, RLIMIT_STACK
, arg_default_rlimit
},
793 { "Manager", "DefaultLimitCORE", config_parse_limit
, RLIMIT_CORE
, arg_default_rlimit
},
794 { "Manager", "DefaultLimitRSS", config_parse_limit
, RLIMIT_RSS
, arg_default_rlimit
},
795 { "Manager", "DefaultLimitNOFILE", config_parse_limit
, RLIMIT_NOFILE
, arg_default_rlimit
},
796 { "Manager", "DefaultLimitAS", config_parse_limit
, RLIMIT_AS
, arg_default_rlimit
},
797 { "Manager", "DefaultLimitNPROC", config_parse_limit
, RLIMIT_NPROC
, arg_default_rlimit
},
798 { "Manager", "DefaultLimitMEMLOCK", config_parse_limit
, RLIMIT_MEMLOCK
, arg_default_rlimit
},
799 { "Manager", "DefaultLimitLOCKS", config_parse_limit
, RLIMIT_LOCKS
, arg_default_rlimit
},
800 { "Manager", "DefaultLimitSIGPENDING", config_parse_limit
, RLIMIT_SIGPENDING
, arg_default_rlimit
},
801 { "Manager", "DefaultLimitMSGQUEUE", config_parse_limit
, RLIMIT_MSGQUEUE
, arg_default_rlimit
},
802 { "Manager", "DefaultLimitNICE", config_parse_limit
, RLIMIT_NICE
, arg_default_rlimit
},
803 { "Manager", "DefaultLimitRTPRIO", config_parse_limit
, RLIMIT_RTPRIO
, arg_default_rlimit
},
804 { "Manager", "DefaultLimitRTTIME", config_parse_limit
, RLIMIT_RTTIME
, arg_default_rlimit
},
805 { "Manager", "DefaultCPUAccounting", config_parse_bool
, 0, &arg_default_cpu_accounting
},
806 { "Manager", "DefaultIOAccounting", config_parse_bool
, 0, &arg_default_io_accounting
},
807 { "Manager", "DefaultIPAccounting", config_parse_bool
, 0, &arg_default_ip_accounting
},
808 { "Manager", "DefaultBlockIOAccounting", config_parse_bool
, 0, &arg_default_blockio_accounting
},
809 { "Manager", "DefaultMemoryAccounting", config_parse_bool
, 0, &arg_default_memory_accounting
},
810 { "Manager", "DefaultTasksAccounting", config_parse_bool
, 0, &arg_default_tasks_accounting
},
811 { "Manager", "DefaultTasksMax", config_parse_tasks_max
, 0, &arg_default_tasks_max
},
812 { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action
, 0, &arg_cad_burst_action
},
816 const char *fn
, *conf_dirs_nulstr
;
819 PKGSYSCONFDIR
"/system.conf" :
820 PKGSYSCONFDIR
"/user.conf";
822 conf_dirs_nulstr
= arg_system
?
823 CONF_PATHS_NULSTR("systemd/system.conf.d") :
824 CONF_PATHS_NULSTR("systemd/user.conf.d");
826 (void) config_parse_many_nulstr(fn
, conf_dirs_nulstr
, "Manager\0", config_item_table_lookup
, items
, CONFIG_PARSE_WARN
, NULL
);
828 /* Traditionally "0" was used to turn off the default unit timeouts. Fix this up so that we used USEC_INFINITY
829 * like everywhere else. */
830 if (arg_default_timeout_start_usec
<= 0)
831 arg_default_timeout_start_usec
= USEC_INFINITY
;
832 if (arg_default_timeout_stop_usec
<= 0)
833 arg_default_timeout_stop_usec
= USEC_INFINITY
;
838 static void set_manager_defaults(Manager
*m
) {
842 m
->default_timer_accuracy_usec
= arg_default_timer_accuracy_usec
;
843 m
->default_std_output
= arg_default_std_output
;
844 m
->default_std_error
= arg_default_std_error
;
845 m
->default_timeout_start_usec
= arg_default_timeout_start_usec
;
846 m
->default_timeout_stop_usec
= arg_default_timeout_stop_usec
;
847 m
->default_restart_usec
= arg_default_restart_usec
;
848 m
->default_start_limit_interval
= arg_default_start_limit_interval
;
849 m
->default_start_limit_burst
= arg_default_start_limit_burst
;
850 m
->default_cpu_accounting
= arg_default_cpu_accounting
;
851 m
->default_io_accounting
= arg_default_io_accounting
;
852 m
->default_ip_accounting
= arg_default_ip_accounting
;
853 m
->default_blockio_accounting
= arg_default_blockio_accounting
;
854 m
->default_memory_accounting
= arg_default_memory_accounting
;
855 m
->default_tasks_accounting
= arg_default_tasks_accounting
;
856 m
->default_tasks_max
= arg_default_tasks_max
;
858 manager_set_default_rlimits(m
, arg_default_rlimit
);
859 manager_environment_add(m
, NULL
, arg_default_environment
);
862 static void set_manager_settings(Manager
*m
) {
866 m
->confirm_spawn
= arg_confirm_spawn
;
867 m
->service_watchdogs
= arg_service_watchdogs
;
868 m
->runtime_watchdog
= arg_runtime_watchdog
;
869 m
->shutdown_watchdog
= arg_shutdown_watchdog
;
870 m
->cad_burst_action
= arg_cad_burst_action
;
872 manager_set_show_status(m
, arg_show_status
);
875 static int parse_argv(int argc
, char *argv
[]) {
878 ARG_LOG_LEVEL
= 0x100,
888 ARG_DUMP_CONFIGURATION_ITEMS
,
897 ARG_DEFAULT_STD_OUTPUT
,
898 ARG_DEFAULT_STD_ERROR
,
900 ARG_SERVICE_WATCHDOGS
,
903 static const struct option options
[] = {
904 { "log-level", required_argument
, NULL
, ARG_LOG_LEVEL
},
905 { "log-target", required_argument
, NULL
, ARG_LOG_TARGET
},
906 { "log-color", optional_argument
, NULL
, ARG_LOG_COLOR
},
907 { "log-location", optional_argument
, NULL
, ARG_LOG_LOCATION
},
908 { "unit", required_argument
, NULL
, ARG_UNIT
},
909 { "system", no_argument
, NULL
, ARG_SYSTEM
},
910 { "user", no_argument
, NULL
, ARG_USER
},
911 { "test", no_argument
, NULL
, ARG_TEST
},
912 { "no-pager", no_argument
, NULL
, ARG_NO_PAGER
},
913 { "help", no_argument
, NULL
, 'h' },
914 { "version", no_argument
, NULL
, ARG_VERSION
},
915 { "dump-configuration-items", no_argument
, NULL
, ARG_DUMP_CONFIGURATION_ITEMS
},
916 { "dump-core", optional_argument
, NULL
, ARG_DUMP_CORE
},
917 { "crash-chvt", required_argument
, NULL
, ARG_CRASH_CHVT
},
918 { "crash-shell", optional_argument
, NULL
, ARG_CRASH_SHELL
},
919 { "crash-reboot", optional_argument
, NULL
, ARG_CRASH_REBOOT
},
920 { "confirm-spawn", optional_argument
, NULL
, ARG_CONFIRM_SPAWN
},
921 { "show-status", optional_argument
, NULL
, ARG_SHOW_STATUS
},
922 { "deserialize", required_argument
, NULL
, ARG_DESERIALIZE
},
923 { "switched-root", no_argument
, NULL
, ARG_SWITCHED_ROOT
},
924 { "default-standard-output", required_argument
, NULL
, ARG_DEFAULT_STD_OUTPUT
, },
925 { "default-standard-error", required_argument
, NULL
, ARG_DEFAULT_STD_ERROR
, },
926 { "machine-id", required_argument
, NULL
, ARG_MACHINE_ID
},
927 { "service-watchdogs", required_argument
, NULL
, ARG_SERVICE_WATCHDOGS
},
936 if (getpid_cached() == 1)
939 while ((c
= getopt_long(argc
, argv
, "hDbsz:", options
, NULL
)) >= 0)
944 r
= log_set_max_level_from_string(optarg
);
946 log_error("Failed to parse log level %s.", optarg
);
953 r
= log_set_target_from_string(optarg
);
955 log_error("Failed to parse log target %s.", optarg
);
964 r
= log_show_color_from_string(optarg
);
966 log_error("Failed to parse log color setting %s.", optarg
);
970 log_show_color(true);
974 case ARG_LOG_LOCATION
:
976 r
= log_show_location_from_string(optarg
);
978 log_error("Failed to parse log location setting %s.", optarg
);
982 log_show_location(true);
986 case ARG_DEFAULT_STD_OUTPUT
:
987 r
= exec_output_from_string(optarg
);
989 log_error("Failed to parse default standard output setting %s.", optarg
);
992 arg_default_std_output
= r
;
995 case ARG_DEFAULT_STD_ERROR
:
996 r
= exec_output_from_string(optarg
);
998 log_error("Failed to parse default standard error output setting %s.", optarg
);
1001 arg_default_std_error
= r
;
1005 r
= free_and_strdup(&arg_default_unit
, optarg
);
1007 return log_error_errno(r
, "Failed to set default unit %s: %m", optarg
);
1020 arg_action
= ACTION_TEST
;
1024 arg_no_pager
= true;
1028 arg_action
= ACTION_VERSION
;
1031 case ARG_DUMP_CONFIGURATION_ITEMS
:
1032 arg_action
= ACTION_DUMP_CONFIGURATION_ITEMS
;
1037 arg_dump_core
= true;
1039 r
= parse_boolean(optarg
);
1041 return log_error_errno(r
, "Failed to parse dump core boolean: %s", optarg
);
1046 case ARG_CRASH_CHVT
:
1047 r
= parse_crash_chvt(optarg
);
1049 return log_error_errno(r
, "Failed to parse crash virtual terminal index: %s", optarg
);
1052 case ARG_CRASH_SHELL
:
1054 arg_crash_shell
= true;
1056 r
= parse_boolean(optarg
);
1058 return log_error_errno(r
, "Failed to parse crash shell boolean: %s", optarg
);
1059 arg_crash_shell
= r
;
1063 case ARG_CRASH_REBOOT
:
1065 arg_crash_reboot
= true;
1067 r
= parse_boolean(optarg
);
1069 return log_error_errno(r
, "Failed to parse crash shell boolean: %s", optarg
);
1070 arg_crash_reboot
= r
;
1074 case ARG_CONFIRM_SPAWN
:
1075 arg_confirm_spawn
= mfree(arg_confirm_spawn
);
1077 r
= parse_confirm_spawn(optarg
, &arg_confirm_spawn
);
1079 return log_error_errno(r
, "Failed to parse confirm spawn option: %m");
1082 case ARG_SERVICE_WATCHDOGS
:
1083 r
= parse_boolean(optarg
);
1085 return log_error_errno(r
, "Failed to parse service watchdogs boolean: %s", optarg
);
1086 arg_service_watchdogs
= r
;
1089 case ARG_SHOW_STATUS
:
1091 r
= parse_show_status(optarg
, &arg_show_status
);
1093 log_error("Failed to parse show status boolean %s.", optarg
);
1097 arg_show_status
= SHOW_STATUS_YES
;
1100 case ARG_DESERIALIZE
: {
1104 r
= safe_atoi(optarg
, &fd
);
1105 if (r
< 0 || fd
< 0) {
1106 log_error("Failed to parse deserialize option %s.", optarg
);
1110 (void) fd_cloexec(fd
, true);
1112 f
= fdopen(fd
, "r");
1114 return log_error_errno(errno
, "Failed to open serialization fd: %m");
1116 safe_fclose(arg_serialization
);
1117 arg_serialization
= f
;
1122 case ARG_SWITCHED_ROOT
:
1123 arg_switched_root
= true;
1126 case ARG_MACHINE_ID
:
1127 r
= set_machine_id(optarg
);
1129 return log_error_errno(r
, "MachineID '%s' is not valid.", optarg
);
1133 arg_action
= ACTION_HELP
;
1137 log_set_max_level(LOG_DEBUG
);
1143 /* Just to eat away the sysvinit kernel
1144 * cmdline args without getopt() error
1145 * messages that we'll parse in
1146 * parse_proc_cmdline_word() or ignore. */
1149 if (getpid_cached() != 1)
1155 assert_not_reached("Unhandled option code.");
1158 if (optind
< argc
&& getpid_cached() != 1) {
1159 /* Hmm, when we aren't run as init system
1160 * let's complain about excess arguments */
1162 log_error("Excess arguments.");
1169 static int help(void) {
1171 printf("%s [OPTIONS...]\n\n"
1172 "Starts up and maintains the system or user services.\n\n"
1173 " -h --help Show this help\n"
1174 " --version Show version\n"
1175 " --test Determine startup sequence, dump it and exit\n"
1176 " --no-pager Do not pipe output into a pager\n"
1177 " --dump-configuration-items Dump understood unit configuration items\n"
1178 " --unit=UNIT Set default unit\n"
1179 " --system Run a system instance, even if PID != 1\n"
1180 " --user Run a user instance\n"
1181 " --dump-core[=BOOL] Dump core on crash\n"
1182 " --crash-vt=NR Change to specified VT on crash\n"
1183 " --crash-reboot[=BOOL] Reboot on crash\n"
1184 " --crash-shell[=BOOL] Run shell on crash\n"
1185 " --confirm-spawn[=BOOL] Ask for confirmation when spawning processes\n"
1186 " --show-status[=BOOL] Show status updates on the console during bootup\n"
1187 " --log-target=TARGET Set log target (console, journal, kmsg, journal-or-kmsg, null)\n"
1188 " --log-level=LEVEL Set log level (debug, info, notice, warning, err, crit, alert, emerg)\n"
1189 " --log-color[=BOOL] Highlight important log messages\n"
1190 " --log-location[=BOOL] Include code location in log messages\n"
1191 " --default-standard-output= Set default standard output for services\n"
1192 " --default-standard-error= Set default standard error output for services\n",
1193 program_invocation_short_name
);
1198 static int prepare_reexecute(Manager
*m
, FILE **_f
, FDSet
**_fds
, bool switching_root
) {
1199 _cleanup_fdset_free_ FDSet
*fds
= NULL
;
1200 _cleanup_fclose_
FILE *f
= NULL
;
1207 r
= manager_open_serialization(m
, &f
);
1209 return log_error_errno(r
, "Failed to create serialization file: %m");
1211 /* Make sure nothing is really destructed when we shut down */
1213 bus_manager_send_reloading(m
, true);
1219 r
= manager_serialize(m
, f
, fds
, switching_root
);
1221 return log_error_errno(r
, "Failed to serialize state: %m");
1223 if (fseeko(f
, 0, SEEK_SET
) == (off_t
) -1)
1224 return log_error_errno(errno
, "Failed to rewind serialization fd: %m");
1226 r
= fd_cloexec(fileno(f
), false);
1228 return log_error_errno(r
, "Failed to disable O_CLOEXEC for serialization: %m");
1230 r
= fdset_cloexec(fds
, false);
1232 return log_error_errno(r
, "Failed to disable O_CLOEXEC for serialization fds: %m");
1243 static int bump_rlimit_nofile(struct rlimit
*saved_rlimit
) {
1247 _cleanup_free_
char *nr_open
= NULL
;
1249 assert(saved_rlimit
);
1251 /* Save the original RLIMIT_NOFILE so that we can reset it
1252 * later when transitioning from the initrd to the main
1253 * systemd or suchlike. */
1254 if (getrlimit(RLIMIT_NOFILE
, saved_rlimit
) < 0)
1255 return log_warning_errno(errno
, "Reading RLIMIT_NOFILE failed, ignoring: %m");
1257 /* Make sure forked processes get the default kernel setting */
1258 if (!arg_default_rlimit
[RLIMIT_NOFILE
]) {
1261 rl
= newdup(struct rlimit
, saved_rlimit
, 1);
1265 arg_default_rlimit
[RLIMIT_NOFILE
] = rl
;
1268 /* Get current RLIMIT_NOFILE maximum compiled into the kernel. */
1269 r
= read_one_line_file("/proc/sys/fs/nr_open", &nr_open
);
1271 r
= safe_atoi(nr_open
, &min_max
);
1272 /* If we fail, fallback to the hard-coded kernel limit of 1024 * 1024. */
1274 min_max
= 1024 * 1024;
1276 /* Bump up the resource limit for ourselves substantially */
1277 nl
.rlim_cur
= nl
.rlim_max
= min_max
;
1278 r
= setrlimit_closest(RLIMIT_NOFILE
, &nl
);
1280 return log_warning_errno(r
, "Setting RLIMIT_NOFILE failed, ignoring: %m");
1285 static int bump_rlimit_memlock(struct rlimit
*saved_rlimit
) {
1288 assert(saved_rlimit
);
1289 assert(getuid() == 0);
1291 /* BPF_MAP_TYPE_LPM_TRIE bpf maps are charged against RLIMIT_MEMLOCK, even though we have CAP_IPC_LOCK which
1292 * should normally disable such checks. We need them to implement IPAccessAllow= and IPAccessDeny=, hence let's
1293 * bump the value high enough for the root user. */
1295 if (getrlimit(RLIMIT_MEMLOCK
, saved_rlimit
) < 0)
1296 return log_warning_errno(errno
, "Reading RLIMIT_MEMLOCK failed, ignoring: %m");
1298 r
= setrlimit_closest(RLIMIT_MEMLOCK
, &RLIMIT_MAKE_CONST(1024ULL*1024ULL*16ULL));
1300 return log_warning_errno(r
, "Setting RLIMIT_MEMLOCK failed, ignoring: %m");
1305 static void test_usr(void) {
1307 /* Check that /usr is not a separate fs */
1309 if (dir_is_empty("/usr") <= 0)
1312 log_warning("/usr appears to be on its own filesystem and is not already mounted. This is not a supported setup. "
1313 "Some things will probably break (sometimes even silently) in mysterious ways. "
1314 "Consult http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken for more information.");
1317 static int initialize_join_controllers(void) {
1318 /* By default, mount "cpu" + "cpuacct" together, and "net_cls"
1319 * + "net_prio". We'd like to add "cpuset" to the mix, but
1320 * "cpuset" doesn't really work for groups with no initialized
1323 arg_join_controllers
= new(char**, 3);
1324 if (!arg_join_controllers
)
1327 arg_join_controllers
[0] = strv_new("cpu", "cpuacct", NULL
);
1328 if (!arg_join_controllers
[0])
1331 arg_join_controllers
[1] = strv_new("net_cls", "net_prio", NULL
);
1332 if (!arg_join_controllers
[1])
1335 arg_join_controllers
[2] = NULL
;
1339 arg_join_controllers
= strv_free_free(arg_join_controllers
);
1343 static int enforce_syscall_archs(Set
*archs
) {
1347 if (!is_seccomp_available())
1350 r
= seccomp_restrict_archs(arg_syscall_archs
);
1352 return log_error_errno(r
, "Failed to enforce system call architecture restrication: %m");
1357 static int status_welcome(void) {
1358 _cleanup_free_
char *pretty_name
= NULL
, *ansi_color
= NULL
;
1362 if (arg_show_status
<= 0)
1365 FOREACH_STRING(fn
, "/etc/os-release", "/usr/lib/os-release") {
1366 r
= parse_env_file(fn
, NEWLINE
,
1367 "PRETTY_NAME", &pretty_name
,
1368 "ANSI_COLOR", &ansi_color
,
1374 if (r
< 0 && r
!= -ENOENT
)
1375 log_warning_errno(r
, "Failed to read os-release file, ignoring: %m");
1377 if (log_get_show_color())
1378 return status_printf(NULL
, false, false,
1379 "\nWelcome to \x1B[%sm%s\x1B[0m!\n",
1380 isempty(ansi_color
) ? "1" : ansi_color
,
1381 isempty(pretty_name
) ? "Linux" : pretty_name
);
1383 return status_printf(NULL
, false, false,
1384 "\nWelcome to %s!\n",
1385 isempty(pretty_name
) ? "Linux" : pretty_name
);
1388 static int write_container_id(void) {
1392 c
= getenv("container");
1396 RUN_WITH_UMASK(0022)
1397 r
= write_string_file("/run/systemd/container", c
, WRITE_STRING_FILE_CREATE
);
1399 return log_warning_errno(r
, "Failed to write /run/systemd/container, ignoring: %m");
1404 static int bump_unix_max_dgram_qlen(void) {
1405 _cleanup_free_
char *qlen
= NULL
;
1409 /* Let's bump the net.unix.max_dgram_qlen sysctl. The kernel
1410 * default of 16 is simply too low. We set the value really
1411 * really early during boot, so that it is actually applied to
1412 * all our sockets, including the $NOTIFY_SOCKET one. */
1414 r
= read_one_line_file("/proc/sys/net/unix/max_dgram_qlen", &qlen
);
1416 return log_warning_errno(r
, "Failed to read AF_UNIX datagram queue length, ignoring: %m");
1418 r
= safe_atolu(qlen
, &v
);
1420 return log_warning_errno(r
, "Failed to parse AF_UNIX datagram queue length, ignoring: %m");
1422 if (v
>= DEFAULT_UNIX_MAX_DGRAM_QLEN
)
1426 if (asprintf(&qlen
, "%lu\n", DEFAULT_UNIX_MAX_DGRAM_QLEN
) < 0)
1429 r
= write_string_file("/proc/sys/net/unix/max_dgram_qlen", qlen
, 0);
1431 return log_full_errno(IN_SET(r
, -EROFS
, -EPERM
, -EACCES
) ? LOG_DEBUG
: LOG_WARNING
, r
,
1432 "Failed to bump AF_UNIX datagram queue length, ignoring: %m");
1437 static int fixup_environment(void) {
1438 _cleanup_free_
char *term
= NULL
;
1442 /* Only fix up the environment when we are started as PID 1 */
1443 if (getpid_cached() != 1)
1446 /* We expect the environment to be set correctly if run inside a container. */
1447 if (detect_container() > 0)
1450 /* When started as PID1, the kernel uses /dev/console for our stdios and uses TERM=linux whatever the backend
1451 * device used by the console. We try to make a better guess here since some consoles might not have support
1452 * for color mode for example.
1454 * However if TERM was configured through the kernel command line then leave it alone. */
1455 r
= proc_cmdline_get_key("TERM", 0, &term
);
1459 t
= term
?: default_term_for_tty("/dev/console");
1461 if (setenv("TERM", t
, 1) < 0)
1467 static void redirect_telinit(int argc
, char *argv
[]) {
1469 /* This is compatibility support for SysV, where calling init as a user is identical to telinit. */
1471 #if HAVE_SYSV_COMPAT
1472 if (getpid_cached() == 1)
1475 if (!strstr(program_invocation_short_name
, "init"))
1478 execv(SYSTEMCTL_BINARY_PATH
, argv
);
1479 log_error_errno(errno
, "Failed to exec " SYSTEMCTL_BINARY_PATH
": %m");
1484 static int become_shutdown(
1485 const char *shutdown_verb
,
1488 char log_level
[DECIMAL_STR_MAX(int) + 1],
1489 exit_code
[DECIMAL_STR_MAX(uint8_t) + 1],
1490 timeout
[DECIMAL_STR_MAX(usec_t
) + 1];
1492 const char* command_line
[13] = {
1493 SYSTEMD_SHUTDOWN_BINARY_PATH
,
1495 "--timeout", timeout
,
1496 "--log-level", log_level
,
1500 _cleanup_strv_free_
char **env_block
= NULL
;
1504 assert(shutdown_verb
);
1505 assert(!command_line
[pos
]);
1506 env_block
= strv_copy(environ
);
1508 xsprintf(log_level
, "%d", log_get_max_level());
1509 xsprintf(timeout
, "%" PRI_USEC
"us", arg_default_timeout_stop_usec
);
1511 switch (log_get_target()) {
1513 case LOG_TARGET_KMSG
:
1514 case LOG_TARGET_JOURNAL_OR_KMSG
:
1515 case LOG_TARGET_SYSLOG_OR_KMSG
:
1516 command_line
[pos
++] = "kmsg";
1519 case LOG_TARGET_NULL
:
1520 command_line
[pos
++] = "null";
1523 case LOG_TARGET_CONSOLE
:
1525 command_line
[pos
++] = "console";
1529 if (log_get_show_color())
1530 command_line
[pos
++] = "--log-color";
1532 if (log_get_show_location())
1533 command_line
[pos
++] = "--log-location";
1535 if (streq(shutdown_verb
, "exit")) {
1536 command_line
[pos
++] = "--exit-code";
1537 command_line
[pos
++] = exit_code
;
1538 xsprintf(exit_code
, "%d", retval
);
1541 assert(pos
< ELEMENTSOF(command_line
));
1543 if (streq(shutdown_verb
, "reboot") &&
1544 arg_shutdown_watchdog
> 0 &&
1545 arg_shutdown_watchdog
!= USEC_INFINITY
) {
1549 /* If we reboot let's set the shutdown
1550 * watchdog and tell the shutdown binary to
1551 * repeatedly ping it */
1552 r
= watchdog_set_timeout(&arg_shutdown_watchdog
);
1553 watchdog_close(r
< 0);
1555 /* Tell the binary how often to ping, ignore failure */
1556 if (asprintf(&e
, "WATCHDOG_USEC="USEC_FMT
, arg_shutdown_watchdog
) > 0)
1557 (void) strv_consume(&env_block
, e
);
1559 if (arg_watchdog_device
&&
1560 asprintf(&e
, "WATCHDOG_DEVICE=%s", arg_watchdog_device
) > 0)
1561 (void) strv_consume(&env_block
, e
);
1563 watchdog_close(true);
1565 /* Avoid the creation of new processes forked by the
1566 * kernel; at this point, we will not listen to the
1568 if (detect_container() <= 0)
1569 (void) cg_uninstall_release_agent(SYSTEMD_CGROUP_CONTROLLER
);
1571 execve(SYSTEMD_SHUTDOWN_BINARY_PATH
, (char **) command_line
, env_block
);
1575 static void initialize_clock(void) {
1578 if (clock_is_localtime(NULL
) > 0) {
1582 * The very first call of settimeofday() also does a time warp in the kernel.
1584 * In the rtc-in-local time mode, we set the kernel's timezone, and rely on external tools to take care
1585 * of maintaining the RTC and do all adjustments. This matches the behavior of Windows, which leaves
1586 * the RTC alone if the registry tells that the RTC runs in UTC.
1588 r
= clock_set_timezone(&min
);
1590 log_error_errno(r
, "Failed to apply local time delta, ignoring: %m");
1592 log_info("RTC configured in localtime, applying delta of %i minutes to system time.", min
);
1594 } else if (!in_initrd()) {
1596 * Do a dummy very first call to seal the kernel's time warp magic.
1598 * Do not call this from inside the initrd. The initrd might not carry /etc/adjtime with LOCAL, but the
1599 * real system could be set up that way. In such case, we need to delay the time-warp or the sealing
1600 * until we reach the real system.
1602 * Do no set the kernel's timezone. The concept of local time cannot be supported reliably, the time
1603 * will jump or be incorrect at every daylight saving time change. All kernel local time concepts will
1604 * be treated as UTC that way.
1606 (void) clock_reset_timewarp();
1609 r
= clock_apply_epoch();
1611 log_error_errno(r
, "Current system time is before build time, but cannot correct: %m");
1613 log_info("System time before build time, advancing clock.");
1616 static void initialize_coredump(bool skip_setup
) {
1618 if (getpid_cached() != 1)
1621 /* Don't limit the core dump size, so that coredump handlers such as systemd-coredump (which honour the limit)
1622 * will process core dumps for system services by default. */
1623 if (setrlimit(RLIMIT_CORE
, &RLIMIT_MAKE_CONST(RLIM_INFINITY
)) < 0)
1624 log_warning_errno(errno
, "Failed to set RLIMIT_CORE: %m");
1626 /* But at the same time, turn off the core_pattern logic by default, so that no coredumps are stored
1627 * until the systemd-coredump tool is enabled via sysctl. */
1629 disable_coredumps();
1632 static void do_reexecute(
1635 const struct rlimit
*saved_rlimit_nofile
,
1636 const struct rlimit
*saved_rlimit_memlock
,
1638 const char *switch_root_dir
,
1639 const char *switch_root_init
,
1640 const char **ret_error_message
) {
1642 unsigned i
, j
, args_size
;
1646 assert(saved_rlimit_nofile
);
1647 assert(saved_rlimit_memlock
);
1648 assert(ret_error_message
);
1650 /* Close and disarm the watchdog, so that the new instance can reinitialize it, but doesn't get rebooted while
1652 watchdog_close(true);
1654 /* Reset the RLIMIT_NOFILE to the kernel default, so that the new systemd can pass the kernel default to its
1655 * child processes */
1657 if (saved_rlimit_nofile
->rlim_cur
> 0)
1658 (void) setrlimit(RLIMIT_NOFILE
, saved_rlimit_nofile
);
1659 if (saved_rlimit_memlock
->rlim_cur
!= (rlim_t
) -1)
1660 (void) setrlimit(RLIMIT_MEMLOCK
, saved_rlimit_memlock
);
1662 if (switch_root_dir
) {
1663 /* Kill all remaining processes from the initrd, but don't wait for them, so that we can handle the
1664 * SIGCHLD for them after deserializing. */
1665 broadcast_signal(SIGTERM
, false, true, arg_default_timeout_stop_usec
);
1667 /* And switch root with MS_MOVE, because we remove the old directory afterwards and detach it. */
1668 r
= switch_root(switch_root_dir
, "/mnt", true, MS_MOVE
);
1670 log_error_errno(r
, "Failed to switch root, trying to continue: %m");
1673 args_size
= MAX(6, argc
+1);
1674 args
= newa(const char*, args_size
);
1676 if (!switch_root_init
) {
1677 char sfd
[DECIMAL_STR_MAX(int) + 1];
1679 /* First try to spawn ourselves with the right path, and with full serialization. We do this only if
1680 * the user didn't specify an explicit init to spawn. */
1682 assert(arg_serialization
);
1685 xsprintf(sfd
, "%i", fileno(arg_serialization
));
1688 args
[i
++] = SYSTEMD_BINARY_PATH
;
1689 if (switch_root_dir
)
1690 args
[i
++] = "--switched-root";
1691 args
[i
++] = arg_system
? "--system" : "--user";
1692 args
[i
++] = "--deserialize";
1696 assert(i
<= args_size
);
1699 * We want valgrind to print its memory usage summary before reexecution. Valgrind won't do this is on
1700 * its own on exec(), but it will do it on exit(). Hence, to ensure we get a summary here, fork() off
1701 * a child, let it exit() cleanly, so that it prints the summary, and wait() for it in the parent,
1702 * before proceeding into the exec().
1704 valgrind_summary_hack();
1706 (void) execv(args
[0], (char* const*) args
);
1707 log_debug_errno(errno
, "Failed to execute our own binary, trying fallback: %m");
1710 /* Try the fallback, if there is any, without any serialization. We pass the original argv[] and envp[]. (Well,
1711 * modulo the ordering changes due to getopt() in argv[], and some cleanups in envp[], but let's hope that
1712 * doesn't matter.) */
1714 arg_serialization
= safe_fclose(arg_serialization
);
1715 fds
= fdset_free(fds
);
1717 /* Reopen the console */
1718 (void) make_console_stdio();
1720 for (j
= 1, i
= 1; j
< (unsigned) argc
; j
++)
1721 args
[i
++] = argv
[j
];
1723 assert(i
<= args_size
);
1725 /* Reenable any blocked signals, especially important if we switch from initial ramdisk to init=... */
1726 (void) reset_all_signal_handlers();
1727 (void) reset_signal_mask();
1729 if (switch_root_init
) {
1730 args
[0] = switch_root_init
;
1731 (void) execv(args
[0], (char* const*) args
);
1732 log_warning_errno(errno
, "Failed to execute configured init, trying fallback: %m");
1735 args
[0] = "/sbin/init";
1736 (void) execv(args
[0], (char* const*) args
);
1739 manager_status_printf(NULL
, STATUS_TYPE_EMERGENCY
,
1740 ANSI_HIGHLIGHT_RED
" !! " ANSI_NORMAL
,
1741 "Failed to execute /sbin/init");
1744 log_warning("No /sbin/init, trying fallback");
1746 args
[0] = "/bin/sh";
1748 (void) execv(args
[0], (char* const*) args
);
1749 log_error_errno(errno
, "Failed to execute /bin/sh, giving up: %m");
1751 log_warning_errno(r
, "Failed to execute /sbin/init, giving up: %m");
1753 *ret_error_message
= "Failed to execute fallback shell";
1756 static int invoke_main_loop(
1758 bool *ret_reexecute
,
1759 int *ret_retval
, /* Return parameters relevant for shutting down */
1760 const char **ret_shutdown_verb
, /* … */
1761 FDSet
**ret_fds
, /* Return parameters for reexecuting */
1762 char **ret_switch_root_dir
, /* … */
1763 char **ret_switch_root_init
, /* … */
1764 const char **ret_error_message
) {
1769 assert(ret_reexecute
);
1771 assert(ret_shutdown_verb
);
1773 assert(ret_switch_root_dir
);
1774 assert(ret_switch_root_init
);
1775 assert(ret_error_message
);
1778 r
= manager_loop(m
);
1780 *ret_error_message
= "Failed to run main loop";
1781 return log_emergency_errno(r
, "Failed to run main loop: %m");
1784 switch (m
->exit_code
) {
1786 case MANAGER_RELOAD
:
1787 log_info("Reloading.");
1789 r
= parse_config_file();
1791 log_warning_errno(r
, "Failed to parse config file, ignoring: %m");
1793 set_manager_defaults(m
);
1795 r
= manager_reload(m
);
1797 log_warning_errno(r
, "Failed to reload, ignoring: %m");
1801 case MANAGER_REEXECUTE
:
1803 r
= prepare_reexecute(m
, &arg_serialization
, ret_fds
, false);
1805 *ret_error_message
= "Failed to prepare for reexecution";
1809 log_notice("Reexecuting.");
1811 *ret_reexecute
= true;
1812 *ret_retval
= EXIT_SUCCESS
;
1813 *ret_shutdown_verb
= NULL
;
1814 *ret_switch_root_dir
= *ret_switch_root_init
= NULL
;
1818 case MANAGER_SWITCH_ROOT
:
1819 if (!m
->switch_root_init
) {
1820 r
= prepare_reexecute(m
, &arg_serialization
, ret_fds
, true);
1822 *ret_error_message
= "Failed to prepare for reexecution";
1828 log_notice("Switching root.");
1830 *ret_reexecute
= true;
1831 *ret_retval
= EXIT_SUCCESS
;
1832 *ret_shutdown_verb
= NULL
;
1834 /* Steal the switch root parameters */
1835 *ret_switch_root_dir
= m
->switch_root
;
1836 *ret_switch_root_init
= m
->switch_root_init
;
1837 m
->switch_root
= m
->switch_root_init
= NULL
;
1843 if (MANAGER_IS_USER(m
)) {
1846 *ret_reexecute
= false;
1847 *ret_retval
= m
->return_value
;
1848 *ret_shutdown_verb
= NULL
;
1850 *ret_switch_root_dir
= *ret_switch_root_init
= NULL
;
1856 case MANAGER_REBOOT
:
1857 case MANAGER_POWEROFF
:
1859 case MANAGER_KEXEC
: {
1860 static const char * const table
[_MANAGER_EXIT_CODE_MAX
] = {
1861 [MANAGER_EXIT
] = "exit",
1862 [MANAGER_REBOOT
] = "reboot",
1863 [MANAGER_POWEROFF
] = "poweroff",
1864 [MANAGER_HALT
] = "halt",
1865 [MANAGER_KEXEC
] = "kexec"
1868 log_notice("Shutting down.");
1870 *ret_reexecute
= false;
1871 *ret_retval
= m
->return_value
;
1872 assert_se(*ret_shutdown_verb
= table
[m
->exit_code
]);
1874 *ret_switch_root_dir
= *ret_switch_root_init
= NULL
;
1880 assert_not_reached("Unknown exit code.");
1885 static void log_execution_mode(bool *ret_first_boot
) {
1886 assert(ret_first_boot
);
1891 log_info(PACKAGE_STRING
" running in %ssystem mode. (" SYSTEMD_FEATURES
")",
1892 arg_action
== ACTION_TEST
? "test " : "" );
1894 v
= detect_virtualization();
1896 log_info("Detected virtualization %s.", virtualization_to_string(v
));
1898 log_info("Detected architecture %s.", architecture_to_string(uname_architecture()));
1901 *ret_first_boot
= false;
1902 log_info("Running in initial RAM disk.");
1904 /* Let's check whether we are in first boot, i.e. whether /etc is still unpopulated. We use
1905 * /etc/machine-id as flag file, for this: if it exists we assume /etc is populated, if it
1906 * doesn't it's unpopulated. This allows container managers and installers to provision a
1907 * couple of files already. If the container manager wants to provision the machine ID itself
1908 * it should pass $container_uuid to PID 1. */
1910 *ret_first_boot
= access("/etc/machine-id", F_OK
) < 0;
1911 if (*ret_first_boot
)
1912 log_info("Running with unpopulated /etc.");
1915 if (DEBUG_LOGGING
) {
1916 _cleanup_free_
char *t
;
1918 t
= uid_to_name(getuid());
1919 log_debug(PACKAGE_STRING
" running in %suser mode for user " UID_FMT
"/%s. (" SYSTEMD_FEATURES
")",
1920 arg_action
== ACTION_TEST
? " test" : "", getuid(), strna(t
));
1923 *ret_first_boot
= false;
1927 static int initialize_runtime(
1929 struct rlimit
*saved_rlimit_nofile
,
1930 struct rlimit
*saved_rlimit_memlock
,
1931 const char **ret_error_message
) {
1935 assert(ret_error_message
);
1937 /* Sets up various runtime parameters. Many of these initializations are conditionalized:
1939 * - Some only apply to --system instances
1940 * - Some only apply to --user instances
1941 * - Some only apply when we first start up, but not when we reexecute
1944 if (arg_action
!= ACTION_RUN
)
1948 /* Make sure we leave a core dump without panicing the kernel. */
1949 install_crash_handler();
1952 r
= mount_cgroup_controllers(arg_join_controllers
);
1954 *ret_error_message
= "Failed to mount cgroup hierarchies";
1960 machine_id_setup(NULL
, arg_machine_id
, NULL
);
1962 bump_unix_max_dgram_qlen();
1964 write_container_id();
1967 if (arg_watchdog_device
) {
1968 r
= watchdog_set_device(arg_watchdog_device
);
1970 log_warning_errno(r
, "Failed to set watchdog device to %s, ignoring: %m", arg_watchdog_device
);
1973 if (arg_runtime_watchdog
> 0 && arg_runtime_watchdog
!= USEC_INFINITY
)
1974 watchdog_set_timeout(&arg_runtime_watchdog
);
1977 if (arg_timer_slack_nsec
!= NSEC_INFINITY
)
1978 if (prctl(PR_SET_TIMERSLACK
, arg_timer_slack_nsec
) < 0)
1979 log_warning_errno(errno
, "Failed to adjust timer slack, ignoring: %m");
1981 if (arg_system
&& !cap_test_all(arg_capability_bounding_set
)) {
1982 r
= capability_bounding_set_drop_usermode(arg_capability_bounding_set
);
1984 *ret_error_message
= "Failed to drop capability bounding set of usermode helpers";
1985 return log_emergency_errno(r
, "Failed to drop capability bounding set of usermode helpers: %m");
1988 r
= capability_bounding_set_drop(arg_capability_bounding_set
, true);
1990 *ret_error_message
= "Failed to drop capability bounding set";
1991 return log_emergency_errno(r
, "Failed to drop capability bounding set: %m");
1995 if (arg_syscall_archs
) {
1996 r
= enforce_syscall_archs(arg_syscall_archs
);
1998 *ret_error_message
= "Failed to set syscall architectures";
2004 /* Become reaper of our children */
2005 if (prctl(PR_SET_CHILD_SUBREAPER
, 1) < 0)
2006 log_warning_errno(errno
, "Failed to make us a subreaper: %m");
2009 /* Bump up RLIMIT_NOFILE for systemd itself */
2010 (void) bump_rlimit_nofile(saved_rlimit_nofile
);
2011 (void) bump_rlimit_memlock(saved_rlimit_memlock
);
2017 static int do_queue_default_job(
2019 const char **ret_error_message
) {
2021 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2022 Job
*default_unit_job
;
2023 Unit
*target
= NULL
;
2026 log_debug("Activating default unit: %s", arg_default_unit
);
2028 r
= manager_load_unit(m
, arg_default_unit
, NULL
, &error
, &target
);
2030 log_error("Failed to load default target: %s", bus_error_message(&error
, r
));
2031 else if (IN_SET(target
->load_state
, UNIT_ERROR
, UNIT_NOT_FOUND
))
2032 log_error_errno(target
->load_error
, "Failed to load default target: %m");
2033 else if (target
->load_state
== UNIT_MASKED
)
2034 log_error("Default target masked.");
2036 if (!target
|| target
->load_state
!= UNIT_LOADED
) {
2037 log_info("Trying to load rescue target...");
2039 r
= manager_load_unit(m
, SPECIAL_RESCUE_TARGET
, NULL
, &error
, &target
);
2041 *ret_error_message
= "Failed to load rescue target";
2042 return log_emergency_errno(r
, "Failed to load rescue target: %s", bus_error_message(&error
, r
));
2043 } else if (IN_SET(target
->load_state
, UNIT_ERROR
, UNIT_NOT_FOUND
)) {
2044 *ret_error_message
= "Failed to load rescue target";
2045 return log_emergency_errno(target
->load_error
, "Failed to load rescue target: %m");
2046 } else if (target
->load_state
== UNIT_MASKED
) {
2047 *ret_error_message
= "Rescue target masked";
2048 log_emergency("Rescue target masked.");
2053 assert(target
->load_state
== UNIT_LOADED
);
2055 r
= manager_add_job(m
, JOB_START
, target
, JOB_ISOLATE
, &error
, &default_unit_job
);
2057 log_debug_errno(r
, "Default target could not be isolated, starting instead: %s", bus_error_message(&error
, r
));
2059 sd_bus_error_free(&error
);
2061 r
= manager_add_job(m
, JOB_START
, target
, JOB_REPLACE
, &error
, &default_unit_job
);
2063 *ret_error_message
= "Failed to start default target";
2064 return log_emergency_errno(r
, "Failed to start default target: %s", bus_error_message(&error
, r
));
2068 *ret_error_message
= "Failed to isolate default target";
2069 return log_emergency_errno(r
, "Failed to isolate default target: %s", bus_error_message(&error
, r
));
2072 m
->default_unit_job_id
= default_unit_job
->id
;
2077 static void free_arguments(void) {
2080 /* Frees all arg_* variables, with the exception of arg_serialization */
2082 for (j
= 0; j
< ELEMENTSOF(arg_default_rlimit
); j
++)
2083 arg_default_rlimit
[j
] = mfree(arg_default_rlimit
[j
]);
2085 arg_default_unit
= mfree(arg_default_unit
);
2086 arg_confirm_spawn
= mfree(arg_confirm_spawn
);
2087 arg_join_controllers
= strv_free_free(arg_join_controllers
);
2088 arg_default_environment
= strv_free(arg_default_environment
);
2089 arg_syscall_archs
= set_free(arg_syscall_archs
);
2092 static int load_configuration(int argc
, char **argv
, const char **ret_error_message
) {
2095 assert(ret_error_message
);
2097 r
= initialize_join_controllers();
2099 *ret_error_message
= "Failed to initialize cgroup controller joining table";
2103 arg_default_tasks_max
= system_tasks_max_scale(DEFAULT_TASKS_MAX_PERCENTAGE
, 100U);
2105 r
= parse_config_file();
2107 *ret_error_message
= "Failed to parse config file";
2112 r
= proc_cmdline_parse(parse_proc_cmdline_item
, NULL
, 0);
2114 log_warning_errno(r
, "Failed to parse kernel command line, ignoring: %m");
2117 /* Note that this also parses bits from the kernel command line, including "debug". */
2118 log_parse_environment();
2120 r
= parse_argv(argc
, argv
);
2122 *ret_error_message
= "Failed to parse commandline arguments";
2126 /* Initialize default unit */
2127 if (!arg_default_unit
) {
2128 arg_default_unit
= strdup(SPECIAL_DEFAULT_TARGET
);
2129 if (!arg_default_unit
) {
2130 *ret_error_message
= "Failed to set default unit";
2135 /* Initialize the show status setting if it hasn't been set explicitly yet */
2136 if (arg_show_status
== _SHOW_STATUS_UNSET
)
2137 arg_show_status
= SHOW_STATUS_YES
;
2142 static int safety_checks(void) {
2144 if (getpid_cached() == 1 &&
2145 arg_action
!= ACTION_RUN
) {
2146 log_error("Unsupported execution mode while PID 1.");
2150 if (getpid_cached() == 1 &&
2152 log_error("Can't run --user mode as PID 1.");
2156 if (arg_action
== ACTION_RUN
&&
2158 getpid_cached() != 1) {
2159 log_error("Can't run system mode unless PID 1.");
2163 if (arg_action
== ACTION_TEST
&&
2165 log_error("Don't run test mode as root.");
2170 arg_action
== ACTION_RUN
&&
2172 log_error("Trying to run as user instance, but the system has not been booted with systemd.");
2177 arg_action
== ACTION_RUN
&&
2178 !getenv("XDG_RUNTIME_DIR")) {
2179 log_error("Trying to run as user instance, but $XDG_RUNTIME_DIR is not set.");
2184 arg_action
== ACTION_RUN
&&
2185 running_in_chroot() > 0) {
2186 log_error("Cannot be run in a chroot() environment.");
2193 static int initialize_security(
2194 bool *loaded_policy
,
2195 dual_timestamp
*security_start_timestamp
,
2196 dual_timestamp
*security_finish_timestamp
,
2197 const char **ret_error_message
) {
2201 assert(loaded_policy
);
2202 assert(security_start_timestamp
);
2203 assert(security_finish_timestamp
);
2204 assert(ret_error_message
);
2206 dual_timestamp_get(security_start_timestamp
);
2208 r
= mac_selinux_setup(loaded_policy
);
2210 *ret_error_message
= "Failed to load SELinux policy";
2214 r
= mac_smack_setup(loaded_policy
);
2216 *ret_error_message
= "Failed to load SMACK policy";
2222 *ret_error_message
= "Failed to load IMA policy";
2226 dual_timestamp_get(security_finish_timestamp
);
2230 static void test_summary(Manager
*m
) {
2233 printf("-> By units:\n");
2234 manager_dump_units(m
, stdout
, "\t");
2236 printf("-> By jobs:\n");
2237 manager_dump_jobs(m
, stdout
, "\t");
2240 static int collect_fds(FDSet
**ret_fds
, const char **ret_error_message
) {
2244 assert(ret_error_message
);
2246 r
= fdset_new_fill(ret_fds
);
2248 *ret_error_message
= "Failed to allocate fd set";
2249 return log_emergency_errno(r
, "Failed to allocate fd set: %m");
2252 fdset_cloexec(*ret_fds
, true);
2254 if (arg_serialization
)
2255 assert_se(fdset_remove(*ret_fds
, fileno(arg_serialization
)) >= 0);
2260 static void setup_console_terminal(bool skip_setup
) {
2265 /* Become a session leader if we aren't one yet. */
2268 /* If we are init, we connect stdin/stdout/stderr to /dev/null and make sure we don't have a controlling
2270 (void) release_terminal();
2272 /* Reset the console, but only if this is really init and we are freshly booted */
2273 if (getpid_cached() == 1 && !skip_setup
)
2274 (void) console_setup();
2277 static bool early_skip_setup_check(int argc
, char *argv
[]) {
2278 bool found_deserialize
= false;
2281 /* Determine if this is a reexecution or normal bootup. We do the full command line parsing much later, so
2282 * let's just have a quick peek here. Note that if we have switched root, do all the special setup things
2283 * anyway, even if in that case we also do deserialization. */
2285 for (i
= 1; i
< argc
; i
++) {
2287 if (streq(argv
[i
], "--switched-root"))
2288 return false; /* If we switched root, don't skip the setup. */
2289 else if (streq(argv
[i
], "--deserialize"))
2290 found_deserialize
= true;
2293 return found_deserialize
; /* When we are deserializing, then we are reexecuting, hence avoid the extensive setup */
2296 int main(int argc
, char *argv
[]) {
2298 dual_timestamp initrd_timestamp
= DUAL_TIMESTAMP_NULL
, userspace_timestamp
= DUAL_TIMESTAMP_NULL
, kernel_timestamp
= DUAL_TIMESTAMP_NULL
,
2299 security_start_timestamp
= DUAL_TIMESTAMP_NULL
, security_finish_timestamp
= DUAL_TIMESTAMP_NULL
;
2300 struct rlimit saved_rlimit_nofile
= RLIMIT_MAKE_CONST(0), saved_rlimit_memlock
= RLIMIT_MAKE_CONST((rlim_t
) -1);
2301 bool skip_setup
, loaded_policy
= false, queue_default_job
= false, first_boot
= false, reexecute
= false;
2302 char *switch_root_dir
= NULL
, *switch_root_init
= NULL
;
2303 usec_t before_startup
, after_startup
;
2304 static char systemd
[] = "systemd";
2305 char timespan
[FORMAT_TIMESPAN_MAX
];
2306 const char *shutdown_verb
= NULL
, *error_message
= NULL
;
2307 int r
, retval
= EXIT_FAILURE
;
2311 /* SysV compatibility: redirect init → telinit */
2312 redirect_telinit(argc
, argv
);
2314 /* Take timestamps early on */
2315 dual_timestamp_from_monotonic(&kernel_timestamp
, 0);
2316 dual_timestamp_get(&userspace_timestamp
);
2318 /* Figure out whether we need to do initialize the system, or if we already did that because we are
2320 skip_setup
= early_skip_setup_check(argc
, argv
);
2322 /* If we get started via the /sbin/init symlink then we are called 'init'. After a subsequent reexecution we
2323 * are then called 'systemd'. That is confusing, hence let's call us systemd right-away. */
2324 program_invocation_short_name
= systemd
;
2325 (void) prctl(PR_SET_NAME
, systemd
);
2327 /* Save the original command line */
2331 /* Make sure that if the user says "syslog" we actually log to the journal. */
2332 log_set_upgrade_syslog_to_journal(true);
2334 if (getpid_cached() == 1) {
2335 /* Disable the umask logic */
2338 /* Always reopen /dev/console when running as PID 1 or one of its pre-execve() children. This is
2339 * important so that we never end up logging to any foreign stderr, for example if we have to log in a
2340 * child process right before execve()'ing the actual binary, at a point in time where socket
2341 * activation stderr/stdout area already set up. */
2342 log_set_always_reopen_console(true);
2345 if (getpid_cached() == 1 && detect_container() <= 0) {
2347 /* Running outside of a container as PID 1 */
2349 log_set_target(LOG_TARGET_KMSG
);
2353 initrd_timestamp
= userspace_timestamp
;
2356 r
= mount_setup_early();
2358 error_message
= "Failed to mount early API filesystems";
2362 r
= initialize_security(
2364 &security_start_timestamp
,
2365 &security_finish_timestamp
,
2371 if (mac_selinux_init() < 0) {
2372 error_message
= "Failed to initialize SELinux policy";
2379 /* Set the default for later on, but don't actually
2380 * open the logs like this for now. Note that if we
2381 * are transitioning from the initrd there might still
2382 * be journal fd open, and we shouldn't attempt
2383 * opening that before we parsed /proc/cmdline which
2384 * might redirect output elsewhere. */
2385 log_set_target(LOG_TARGET_JOURNAL_OR_KMSG
);
2387 } else if (getpid_cached() == 1) {
2388 /* Running inside a container, as PID 1 */
2390 log_set_target(LOG_TARGET_CONSOLE
);
2391 log_close_console(); /* force reopen of /dev/console */
2394 /* For later on, see above... */
2395 log_set_target(LOG_TARGET_JOURNAL
);
2397 /* clear the kernel timestamp,
2398 * because we are in a container */
2399 kernel_timestamp
= DUAL_TIMESTAMP_NULL
;
2401 /* Running as user instance */
2403 log_set_target(LOG_TARGET_AUTO
);
2406 /* clear the kernel timestamp,
2407 * because we are not PID 1 */
2408 kernel_timestamp
= DUAL_TIMESTAMP_NULL
;
2411 initialize_coredump(skip_setup
);
2413 r
= fixup_environment();
2415 log_emergency_errno(r
, "Failed to fix up PID 1 environment: %m");
2416 error_message
= "Failed to fix up PID1 environment";
2422 /* Try to figure out if we can use colors with the console. No
2423 * need to do that for user instances since they never log
2424 * into the console. */
2425 log_show_color(colors_enabled());
2426 r
= make_null_stdio();
2428 log_warning_errno(r
, "Failed to redirect standard streams to /dev/null: %m");
2431 /* Mount /proc, /sys and friends, so that /proc/cmdline and
2432 * /proc/$PID/fd is available. */
2433 if (getpid_cached() == 1) {
2435 /* Load the kernel modules early. */
2439 r
= mount_setup(loaded_policy
);
2441 error_message
= "Failed to mount API filesystems";
2446 /* Reset all signal handlers. */
2447 (void) reset_all_signal_handlers();
2448 (void) ignore_signals(SIGNALS_IGNORE
, -1);
2450 r
= load_configuration(argc
, argv
, &error_message
);
2454 r
= safety_checks();
2458 if (IN_SET(arg_action
, ACTION_TEST
, ACTION_HELP
, ACTION_DUMP_CONFIGURATION_ITEMS
))
2459 pager_open(arg_no_pager
, false);
2461 if (arg_action
!= ACTION_RUN
)
2464 if (arg_action
== ACTION_HELP
) {
2467 } else if (arg_action
== ACTION_VERSION
) {
2470 } else if (arg_action
== ACTION_DUMP_CONFIGURATION_ITEMS
) {
2471 unit_dump_config_items(stdout
);
2472 retval
= EXIT_SUCCESS
;
2476 assert_se(IN_SET(arg_action
, ACTION_RUN
, ACTION_TEST
));
2478 /* Move out of the way, so that we won't block unmounts */
2479 assert_se(chdir("/") == 0);
2481 if (arg_action
== ACTION_RUN
) {
2483 /* Close logging fds, in order not to confuse collecting passed fds and terminal logic below */
2486 /* Remember open file descriptors for later deserialization */
2487 r
= collect_fds(&fds
, &error_message
);
2491 /* Give up any control of the console, but make sure its initialized. */
2492 setup_console_terminal(skip_setup
);
2494 /* Open the logging devices, if possible and necessary */
2498 log_execution_mode(&first_boot
);
2500 r
= initialize_runtime(skip_setup
,
2501 &saved_rlimit_nofile
,
2502 &saved_rlimit_memlock
,
2507 r
= manager_new(arg_system
? UNIT_FILE_SYSTEM
: UNIT_FILE_USER
,
2508 arg_action
== ACTION_TEST
? MANAGER_TEST_FULL
: 0,
2511 log_emergency_errno(r
, "Failed to allocate manager object: %m");
2512 error_message
= "Failed to allocate manager object";
2516 m
->timestamps
[MANAGER_TIMESTAMP_KERNEL
] = kernel_timestamp
;
2517 m
->timestamps
[MANAGER_TIMESTAMP_INITRD
] = initrd_timestamp
;
2518 m
->timestamps
[MANAGER_TIMESTAMP_USERSPACE
] = userspace_timestamp
;
2519 m
->timestamps
[MANAGER_TIMESTAMP_SECURITY_START
] = security_start_timestamp
;
2520 m
->timestamps
[MANAGER_TIMESTAMP_SECURITY_FINISH
] = security_finish_timestamp
;
2522 set_manager_defaults(m
);
2523 set_manager_settings(m
);
2524 manager_set_first_boot(m
, first_boot
);
2526 /* Remember whether we should queue the default job */
2527 queue_default_job
= !arg_serialization
|| arg_switched_root
;
2529 before_startup
= now(CLOCK_MONOTONIC
);
2531 r
= manager_startup(m
, arg_serialization
, fds
);
2533 log_error_errno(r
, "Failed to fully start up daemon: %m");
2534 error_message
= "Failed to start up manager";
2538 /* This will close all file descriptors that were opened, but not claimed by any unit. */
2539 fds
= fdset_free(fds
);
2540 arg_serialization
= safe_fclose(arg_serialization
);
2542 if (queue_default_job
) {
2543 r
= do_queue_default_job(m
, &error_message
);
2548 after_startup
= now(CLOCK_MONOTONIC
);
2550 log_full(arg_action
== ACTION_TEST
? LOG_INFO
: LOG_DEBUG
,
2551 "Loaded units and determined initial transaction in %s.",
2552 format_timespan(timespan
, sizeof(timespan
), after_startup
- before_startup
, 100 * USEC_PER_MSEC
));
2554 if (arg_action
== ACTION_TEST
) {
2556 retval
= EXIT_SUCCESS
;
2560 (void) invoke_main_loop(m
,
2573 arg_shutdown_watchdog
= m
->shutdown_watchdog
;
2575 m
= manager_free(m
);
2578 mac_selinux_finish();
2581 do_reexecute(argc
, argv
,
2582 &saved_rlimit_nofile
,
2583 &saved_rlimit_memlock
,
2587 &error_message
); /* This only returns if reexecution failed */
2589 arg_serialization
= safe_fclose(arg_serialization
);
2590 fds
= fdset_free(fds
);
2592 #if HAVE_VALGRIND_VALGRIND_H
2593 /* If we are PID 1 and running under valgrind, then let's exit
2594 * here explicitly. valgrind will only generate nice output on
2595 * exit(), not on exec(), hence let's do the former not the
2597 if (getpid_cached() == 1 && RUNNING_ON_VALGRIND
) {
2598 /* Cleanup watchdog_device strings for valgrind. We need them
2599 * in become_shutdown() so normally we cannot free them yet. */
2600 watchdog_free_device();
2601 arg_watchdog_device
= mfree(arg_watchdog_device
);
2606 if (shutdown_verb
) {
2607 r
= become_shutdown(shutdown_verb
, retval
);
2609 log_error_errno(r
, "Failed to execute shutdown binary, %s: %m", getpid_cached() == 1 ? "freezing" : "quitting");
2610 error_message
= "Failed to execute shutdown binary";
2613 watchdog_free_device();
2614 arg_watchdog_device
= mfree(arg_watchdog_device
);
2616 if (getpid_cached() == 1) {
2618 manager_status_printf(NULL
, STATUS_TYPE_EMERGENCY
,
2619 ANSI_HIGHLIGHT_RED
"!!!!!!" ANSI_NORMAL
,
2620 "%s, freezing.", error_message
);