1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2010 Lennart Poettering
7 systemd is free software; you can redistribute it and/or modify it
8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
10 (at your option) any later version.
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
17 You should have received a copy of the GNU Lesser General Public License
18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
27 #include <sys/mount.h>
28 #include <sys/prctl.h>
29 #include <sys/reboot.h>
35 #if HAVE_VALGRIND_VALGRIND_H
36 #include <valgrind/valgrind.h>
40 #include "sd-daemon.h"
41 #include "sd-messages.h"
43 #include "alloc-util.h"
44 #include "architecture.h"
46 #include "bus-error.h"
48 #include "capability-util.h"
49 #include "clock-util.h"
50 #include "conf-parser.h"
51 #include "cpu-set-util.h"
52 #include "dbus-manager.h"
54 #include "emergency-action.h"
59 #include "format-util.h"
61 #include "hostname-setup.h"
62 #include "ima-setup.h"
64 #include "kmod-setup.h"
65 #include "load-fragment.h"
67 #include "loopback-setup.h"
68 #include "machine-id-setup.h"
71 #include "mount-setup.h"
73 #include "parse-util.h"
74 #include "path-util.h"
75 #include "proc-cmdline.h"
76 #include "process-util.h"
77 #include "raw-clone.h"
78 #include "rlimit-util.h"
80 #include "seccomp-util.h"
82 #include "selinux-setup.h"
83 #include "selinux-util.h"
84 #include "signal-util.h"
85 #include "smack-setup.h"
87 #include "stat-util.h"
88 #include "stdio-util.h"
90 #include "switch-root.h"
91 #include "terminal-util.h"
92 #include "umask-util.h"
93 #include "user-util.h"
102 ACTION_DUMP_CONFIGURATION_ITEMS
103 } arg_action
= ACTION_RUN
;
104 static char *arg_default_unit
= NULL
;
105 static bool arg_system
= false;
106 static bool arg_dump_core
= true;
107 static int arg_crash_chvt
= -1;
108 static bool arg_crash_shell
= false;
109 static bool arg_crash_reboot
= false;
110 static char *arg_confirm_spawn
= NULL
;
111 static ShowStatus arg_show_status
= _SHOW_STATUS_UNSET
;
112 static bool arg_switched_root
= false;
113 static bool arg_no_pager
= false;
114 static char ***arg_join_controllers
= NULL
;
115 static ExecOutput arg_default_std_output
= EXEC_OUTPUT_JOURNAL
;
116 static ExecOutput arg_default_std_error
= EXEC_OUTPUT_INHERIT
;
117 static usec_t arg_default_restart_usec
= DEFAULT_RESTART_USEC
;
118 static usec_t arg_default_timeout_start_usec
= DEFAULT_TIMEOUT_USEC
;
119 static usec_t arg_default_timeout_stop_usec
= DEFAULT_TIMEOUT_USEC
;
120 static usec_t arg_default_start_limit_interval
= DEFAULT_START_LIMIT_INTERVAL
;
121 static unsigned arg_default_start_limit_burst
= DEFAULT_START_LIMIT_BURST
;
122 static usec_t arg_runtime_watchdog
= 0;
123 static usec_t arg_shutdown_watchdog
= 10 * USEC_PER_MINUTE
;
124 static char *arg_watchdog_device
= NULL
;
125 static char **arg_default_environment
= NULL
;
126 static struct rlimit
*arg_default_rlimit
[_RLIMIT_MAX
] = {};
127 static uint64_t arg_capability_bounding_set
= CAP_ALL
;
128 static nsec_t arg_timer_slack_nsec
= NSEC_INFINITY
;
129 static usec_t arg_default_timer_accuracy_usec
= 1 * USEC_PER_MINUTE
;
130 static Set
* arg_syscall_archs
= NULL
;
131 static FILE* arg_serialization
= NULL
;
132 static bool arg_default_cpu_accounting
= false;
133 static bool arg_default_io_accounting
= false;
134 static bool arg_default_ip_accounting
= false;
135 static bool arg_default_blockio_accounting
= false;
136 static bool arg_default_memory_accounting
= false;
137 static bool arg_default_tasks_accounting
= true;
138 static uint64_t arg_default_tasks_max
= UINT64_MAX
;
139 static sd_id128_t arg_machine_id
= {};
140 static EmergencyAction arg_cad_burst_action
= EMERGENCY_ACTION_REBOOT_FORCE
;
142 noreturn
static void freeze_or_reboot(void) {
144 if (arg_crash_reboot
) {
145 log_notice("Rebooting in 10s...");
148 log_notice("Rebooting now...");
149 (void) reboot(RB_AUTOBOOT
);
150 log_emergency_errno(errno
, "Failed to reboot: %m");
153 log_emergency("Freezing execution.");
157 noreturn
static void crash(int sig
) {
161 if (getpid_cached() != 1)
162 /* Pass this on immediately, if this is not PID 1 */
164 else if (!arg_dump_core
)
165 log_emergency("Caught <%s>, not dumping core.", signal_to_string(sig
));
167 sa
= (struct sigaction
) {
168 .sa_handler
= nop_signal_handler
,
169 .sa_flags
= SA_NOCLDSTOP
|SA_RESTART
,
172 /* We want to wait for the core process, hence let's enable SIGCHLD */
173 (void) sigaction(SIGCHLD
, &sa
, NULL
);
175 pid
= raw_clone(SIGCHLD
);
177 log_emergency_errno(errno
, "Caught <%s>, cannot fork for core dump: %m", signal_to_string(sig
));
179 /* Enable default signal handler for core dump */
181 sa
= (struct sigaction
) {
182 .sa_handler
= SIG_DFL
,
184 (void) sigaction(sig
, &sa
, NULL
);
186 /* Don't limit the coredump size */
187 (void) setrlimit(RLIMIT_CORE
, &RLIMIT_MAKE_CONST(RLIM_INFINITY
));
189 /* Just to be sure... */
192 /* Raise the signal again */
194 (void) kill(pid
, sig
); /* raise() would kill the parent */
196 assert_not_reached("We shouldn't be here...");
202 /* Order things nicely. */
203 r
= wait_for_terminate(pid
, &status
);
205 log_emergency_errno(r
, "Caught <%s>, waitpid() failed: %m", signal_to_string(sig
));
206 else if (status
.si_code
!= CLD_DUMPED
)
207 log_emergency("Caught <%s>, core dump failed (child "PID_FMT
", code=%s, status=%i/%s).",
208 signal_to_string(sig
),
209 pid
, sigchld_code_to_string(status
.si_code
),
211 strna(status
.si_code
== CLD_EXITED
212 ? exit_status_to_string(status
.si_status
, EXIT_STATUS_MINIMAL
)
213 : signal_to_string(status
.si_status
)));
215 log_emergency("Caught <%s>, dumped core as pid "PID_FMT
".", signal_to_string(sig
), pid
);
219 if (arg_crash_chvt
>= 0)
220 (void) chvt(arg_crash_chvt
);
222 sa
= (struct sigaction
) {
223 .sa_handler
= SIG_IGN
,
224 .sa_flags
= SA_NOCLDSTOP
|SA_NOCLDWAIT
|SA_RESTART
,
227 /* Let the kernel reap children for us */
228 (void) sigaction(SIGCHLD
, &sa
, NULL
);
230 if (arg_crash_shell
) {
231 log_notice("Executing crash shell in 10s...");
234 pid
= raw_clone(SIGCHLD
);
236 log_emergency_errno(errno
, "Failed to fork off crash shell: %m");
239 (void) make_console_stdio();
240 (void) execle("/bin/sh", "/bin/sh", NULL
, environ
);
242 log_emergency_errno(errno
, "execle() failed: %m");
245 log_info("Spawned crash shell as PID "PID_FMT
".", pid
);
246 (void) wait_for_terminate(pid
, NULL
);
253 static void install_crash_handler(void) {
254 static const struct sigaction sa
= {
256 .sa_flags
= SA_NODEFER
, /* So that we can raise the signal again from the signal handler */
260 /* We ignore the return value here, since, we don't mind if we
261 * cannot set up a crash handler */
262 r
= sigaction_many(&sa
, SIGNALS_CRASH_HANDLER
, -1);
264 log_debug_errno(r
, "I had trouble setting up the crash handler, ignoring: %m");
267 static int console_setup(void) {
268 _cleanup_close_
int tty_fd
= -1;
271 tty_fd
= open_terminal("/dev/console", O_WRONLY
|O_NOCTTY
|O_CLOEXEC
);
273 return log_error_errno(tty_fd
, "Failed to open /dev/console: %m");
275 /* We don't want to force text mode. plymouth may be showing
276 * pictures already from initrd. */
277 r
= reset_terminal_fd(tty_fd
, false);
279 return log_error_errno(r
, "Failed to reset /dev/console: %m");
284 static int parse_crash_chvt(const char *value
) {
287 if (safe_atoi(value
, &arg_crash_chvt
) >= 0)
290 b
= parse_boolean(value
);
295 arg_crash_chvt
= 0; /* switch to where kmsg goes */
297 arg_crash_chvt
= -1; /* turn off switching */
302 static int parse_confirm_spawn(const char *value
, char **console
) {
306 r
= value
? parse_boolean(value
) : 1;
312 if (r
> 0) /* on with default tty */
313 s
= strdup("/dev/console");
314 else if (is_path(value
)) /* on with fully qualified path */
316 else /* on with only a tty file name, not a fully qualified path */
317 s
= strjoin("/dev/", value
);
324 static int set_machine_id(const char *m
) {
328 if (sd_id128_from_string(m
, &t
) < 0)
331 if (sd_id128_is_null(t
))
338 static int parse_proc_cmdline_item(const char *key
, const char *value
, void *data
) {
344 if (STR_IN_SET(key
, "systemd.unit", "rd.systemd.unit")) {
346 if (proc_cmdline_value_missing(key
, value
))
349 if (!unit_name_is_valid(value
, UNIT_NAME_PLAIN
|UNIT_NAME_INSTANCE
))
350 log_warning("Unit name specified on %s= is not valid, ignoring: %s", key
, value
);
351 else if (in_initrd() == !!startswith(key
, "rd.")) {
352 if (free_and_strdup(&arg_default_unit
, value
) < 0)
356 } else if (proc_cmdline_key_streq(key
, "systemd.dump_core")) {
358 r
= value
? parse_boolean(value
) : true;
360 log_warning("Failed to parse dump core switch %s. Ignoring.", value
);
364 } else if (proc_cmdline_key_streq(key
, "systemd.crash_chvt")) {
367 arg_crash_chvt
= 0; /* turn on */
368 else if (parse_crash_chvt(value
) < 0)
369 log_warning("Failed to parse crash chvt switch %s. Ignoring.", value
);
371 } else if (proc_cmdline_key_streq(key
, "systemd.crash_shell")) {
373 r
= value
? parse_boolean(value
) : true;
375 log_warning("Failed to parse crash shell switch %s. Ignoring.", value
);
379 } else if (proc_cmdline_key_streq(key
, "systemd.crash_reboot")) {
381 r
= value
? parse_boolean(value
) : true;
383 log_warning("Failed to parse crash reboot switch %s. Ignoring.", value
);
385 arg_crash_reboot
= r
;
387 } else if (proc_cmdline_key_streq(key
, "systemd.confirm_spawn")) {
390 r
= parse_confirm_spawn(value
, &s
);
392 log_warning_errno(r
, "Failed to parse confirm_spawn switch %s. Ignoring.", value
);
394 free(arg_confirm_spawn
);
395 arg_confirm_spawn
= s
;
398 } else if (proc_cmdline_key_streq(key
, "systemd.show_status")) {
401 r
= parse_show_status(value
, &arg_show_status
);
403 log_warning("Failed to parse show status switch %s. Ignoring.", value
);
405 arg_show_status
= SHOW_STATUS_YES
;
407 } else if (proc_cmdline_key_streq(key
, "systemd.default_standard_output")) {
409 if (proc_cmdline_value_missing(key
, value
))
412 r
= exec_output_from_string(value
);
414 log_warning("Failed to parse default standard output switch %s. Ignoring.", value
);
416 arg_default_std_output
= r
;
418 } else if (proc_cmdline_key_streq(key
, "systemd.default_standard_error")) {
420 if (proc_cmdline_value_missing(key
, value
))
423 r
= exec_output_from_string(value
);
425 log_warning("Failed to parse default standard error switch %s. Ignoring.", value
);
427 arg_default_std_error
= r
;
429 } else if (streq(key
, "systemd.setenv")) {
431 if (proc_cmdline_value_missing(key
, value
))
434 if (env_assignment_is_valid(value
)) {
437 env
= strv_env_set(arg_default_environment
, value
);
441 arg_default_environment
= env
;
443 log_warning("Environment variable name '%s' is not valid. Ignoring.", value
);
445 } else if (proc_cmdline_key_streq(key
, "systemd.machine_id")) {
447 if (proc_cmdline_value_missing(key
, value
))
450 r
= set_machine_id(value
);
452 log_warning("MachineID '%s' is not valid. Ignoring.", value
);
454 } else if (proc_cmdline_key_streq(key
, "systemd.default_timeout_start_sec")) {
456 if (proc_cmdline_value_missing(key
, value
))
459 r
= parse_sec(value
, &arg_default_timeout_start_usec
);
461 log_warning_errno(r
, "Failed to parse default start timeout: %s, ignoring.", value
);
463 if (arg_default_timeout_start_usec
<= 0)
464 arg_default_timeout_start_usec
= USEC_INFINITY
;
466 } else if (proc_cmdline_key_streq(key
, "systemd.watchdog_device")) {
468 if (proc_cmdline_value_missing(key
, value
))
471 parse_path_argument_and_warn(value
, false, &arg_watchdog_device
);
473 } else if (streq(key
, "quiet") && !value
) {
475 if (arg_show_status
== _SHOW_STATUS_UNSET
)
476 arg_show_status
= SHOW_STATUS_AUTO
;
478 } else if (streq(key
, "debug") && !value
) {
480 /* Note that log_parse_environment() handles 'debug'
481 * too, and sets the log level to LOG_DEBUG. */
483 if (detect_container() > 0)
484 log_set_target(LOG_TARGET_CONSOLE
);
489 /* SysV compatibility */
490 target
= runlevel_to_target(key
);
492 return free_and_strdup(&arg_default_unit
, target
);
498 #define DEFINE_SETTER(name, func, descr) \
499 static int name(const char *unit, \
500 const char *filename, \
502 const char *section, \
503 unsigned section_line, \
504 const char *lvalue, \
506 const char *rvalue, \
518 log_syntax(unit, LOG_ERR, filename, line, r, \
519 "Invalid " descr "'%s': %m", \
525 DEFINE_SETTER(config_parse_level2
, log_set_max_level_from_string
, "log level")
526 DEFINE_SETTER(config_parse_target
, log_set_target_from_string
, "target")
527 DEFINE_SETTER(config_parse_color
, log_show_color_from_string
, "color" )
528 DEFINE_SETTER(config_parse_location
, log_show_location_from_string
, "location")
530 static int config_parse_cpu_affinity2(
532 const char *filename
,
535 unsigned section_line
,
542 _cleanup_cpu_free_ cpu_set_t
*c
= NULL
;
545 ncpus
= parse_cpu_set_and_warn(rvalue
, &c
, unit
, filename
, line
, lvalue
);
549 if (sched_setaffinity(0, CPU_ALLOC_SIZE(ncpus
), c
) < 0)
550 log_warning_errno(errno
, "Failed to set CPU affinity: %m");
555 static int config_parse_show_status(
557 const char *filename
,
560 unsigned section_line
,
568 ShowStatus
*b
= data
;
575 k
= parse_show_status(rvalue
, b
);
577 log_syntax(unit
, LOG_ERR
, filename
, line
, k
, "Failed to parse show status setting, ignoring: %s", rvalue
);
584 static int config_parse_output_restricted(
586 const char *filename
,
589 unsigned section_line
,
596 ExecOutput t
, *eo
= data
;
603 t
= exec_output_from_string(rvalue
);
605 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Failed to parse output type, ignoring: %s", rvalue
);
609 if (IN_SET(t
, EXEC_OUTPUT_SOCKET
, EXEC_OUTPUT_NAMED_FD
, EXEC_OUTPUT_FILE
)) {
610 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Standard output types socket, fd:, file: are not supported as defaults, ignoring: %s", rvalue
);
618 static int config_parse_crash_chvt(
620 const char *filename
,
623 unsigned section_line
,
636 r
= parse_crash_chvt(rvalue
);
638 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to parse CrashChangeVT= setting, ignoring: %s", rvalue
);
645 static int config_parse_join_controllers(const char *unit
,
646 const char *filename
,
649 unsigned section_line
,
656 const char *whole_rvalue
= rvalue
;
663 arg_join_controllers
= strv_free_free(arg_join_controllers
);
666 _cleanup_free_
char *word
= NULL
;
670 r
= extract_first_word(&rvalue
, &word
, NULL
, EXTRACT_QUOTES
);
672 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Invalid value for %s: %s", lvalue
, whole_rvalue
);
678 l
= strv_split(word
, ",");
683 if (strv_length(l
) <= 1) {
688 if (!arg_join_controllers
) {
689 arg_join_controllers
= new(char**, 2);
690 if (!arg_join_controllers
) {
695 arg_join_controllers
[0] = l
;
696 arg_join_controllers
[1] = NULL
;
703 t
= new0(char**, n
+2);
711 for (a
= arg_join_controllers
; *a
; a
++) {
713 if (strv_overlap(*a
, l
)) {
714 if (strv_extend_strv(&l
, *a
, false) < 0) {
734 t
[n
++] = strv_uniq(l
);
736 strv_free_free(arg_join_controllers
);
737 arg_join_controllers
= t
;
740 if (!isempty(rvalue
))
741 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Trailing garbage, ignoring.");
746 static int parse_config_file(void) {
748 const ConfigTableItem items
[] = {
749 { "Manager", "LogLevel", config_parse_level2
, 0, NULL
},
750 { "Manager", "LogTarget", config_parse_target
, 0, NULL
},
751 { "Manager", "LogColor", config_parse_color
, 0, NULL
},
752 { "Manager", "LogLocation", config_parse_location
, 0, NULL
},
753 { "Manager", "DumpCore", config_parse_bool
, 0, &arg_dump_core
},
754 { "Manager", "CrashChVT", /* legacy */ config_parse_crash_chvt
, 0, NULL
},
755 { "Manager", "CrashChangeVT", config_parse_crash_chvt
, 0, NULL
},
756 { "Manager", "CrashShell", config_parse_bool
, 0, &arg_crash_shell
},
757 { "Manager", "CrashReboot", config_parse_bool
, 0, &arg_crash_reboot
},
758 { "Manager", "ShowStatus", config_parse_show_status
, 0, &arg_show_status
},
759 { "Manager", "CPUAffinity", config_parse_cpu_affinity2
, 0, NULL
},
760 { "Manager", "JoinControllers", config_parse_join_controllers
, 0, &arg_join_controllers
},
761 { "Manager", "RuntimeWatchdogSec", config_parse_sec
, 0, &arg_runtime_watchdog
},
762 { "Manager", "ShutdownWatchdogSec", config_parse_sec
, 0, &arg_shutdown_watchdog
},
763 { "Manager", "WatchdogDevice", config_parse_path
, 0, &arg_watchdog_device
},
764 { "Manager", "CapabilityBoundingSet", config_parse_capability_set
, 0, &arg_capability_bounding_set
},
766 { "Manager", "SystemCallArchitectures", config_parse_syscall_archs
, 0, &arg_syscall_archs
},
768 { "Manager", "TimerSlackNSec", config_parse_nsec
, 0, &arg_timer_slack_nsec
},
769 { "Manager", "DefaultTimerAccuracySec", config_parse_sec
, 0, &arg_default_timer_accuracy_usec
},
770 { "Manager", "DefaultStandardOutput", config_parse_output_restricted
,0, &arg_default_std_output
},
771 { "Manager", "DefaultStandardError", config_parse_output_restricted
,0, &arg_default_std_error
},
772 { "Manager", "DefaultTimeoutStartSec", config_parse_sec
, 0, &arg_default_timeout_start_usec
},
773 { "Manager", "DefaultTimeoutStopSec", config_parse_sec
, 0, &arg_default_timeout_stop_usec
},
774 { "Manager", "DefaultRestartSec", config_parse_sec
, 0, &arg_default_restart_usec
},
775 { "Manager", "DefaultStartLimitInterval", config_parse_sec
, 0, &arg_default_start_limit_interval
}, /* obsolete alias */
776 { "Manager", "DefaultStartLimitIntervalSec",config_parse_sec
, 0, &arg_default_start_limit_interval
},
777 { "Manager", "DefaultStartLimitBurst", config_parse_unsigned
, 0, &arg_default_start_limit_burst
},
778 { "Manager", "DefaultEnvironment", config_parse_environ
, 0, &arg_default_environment
},
779 { "Manager", "DefaultLimitCPU", config_parse_limit
, RLIMIT_CPU
, arg_default_rlimit
},
780 { "Manager", "DefaultLimitFSIZE", config_parse_limit
, RLIMIT_FSIZE
, arg_default_rlimit
},
781 { "Manager", "DefaultLimitDATA", config_parse_limit
, RLIMIT_DATA
, arg_default_rlimit
},
782 { "Manager", "DefaultLimitSTACK", config_parse_limit
, RLIMIT_STACK
, arg_default_rlimit
},
783 { "Manager", "DefaultLimitCORE", config_parse_limit
, RLIMIT_CORE
, arg_default_rlimit
},
784 { "Manager", "DefaultLimitRSS", config_parse_limit
, RLIMIT_RSS
, arg_default_rlimit
},
785 { "Manager", "DefaultLimitNOFILE", config_parse_limit
, RLIMIT_NOFILE
, arg_default_rlimit
},
786 { "Manager", "DefaultLimitAS", config_parse_limit
, RLIMIT_AS
, arg_default_rlimit
},
787 { "Manager", "DefaultLimitNPROC", config_parse_limit
, RLIMIT_NPROC
, arg_default_rlimit
},
788 { "Manager", "DefaultLimitMEMLOCK", config_parse_limit
, RLIMIT_MEMLOCK
, arg_default_rlimit
},
789 { "Manager", "DefaultLimitLOCKS", config_parse_limit
, RLIMIT_LOCKS
, arg_default_rlimit
},
790 { "Manager", "DefaultLimitSIGPENDING", config_parse_limit
, RLIMIT_SIGPENDING
, arg_default_rlimit
},
791 { "Manager", "DefaultLimitMSGQUEUE", config_parse_limit
, RLIMIT_MSGQUEUE
, arg_default_rlimit
},
792 { "Manager", "DefaultLimitNICE", config_parse_limit
, RLIMIT_NICE
, arg_default_rlimit
},
793 { "Manager", "DefaultLimitRTPRIO", config_parse_limit
, RLIMIT_RTPRIO
, arg_default_rlimit
},
794 { "Manager", "DefaultLimitRTTIME", config_parse_limit
, RLIMIT_RTTIME
, arg_default_rlimit
},
795 { "Manager", "DefaultCPUAccounting", config_parse_bool
, 0, &arg_default_cpu_accounting
},
796 { "Manager", "DefaultIOAccounting", config_parse_bool
, 0, &arg_default_io_accounting
},
797 { "Manager", "DefaultIPAccounting", config_parse_bool
, 0, &arg_default_ip_accounting
},
798 { "Manager", "DefaultBlockIOAccounting", config_parse_bool
, 0, &arg_default_blockio_accounting
},
799 { "Manager", "DefaultMemoryAccounting", config_parse_bool
, 0, &arg_default_memory_accounting
},
800 { "Manager", "DefaultTasksAccounting", config_parse_bool
, 0, &arg_default_tasks_accounting
},
801 { "Manager", "DefaultTasksMax", config_parse_tasks_max
, 0, &arg_default_tasks_max
},
802 { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action
, 0, &arg_cad_burst_action
},
806 const char *fn
, *conf_dirs_nulstr
;
809 PKGSYSCONFDIR
"/system.conf" :
810 PKGSYSCONFDIR
"/user.conf";
812 conf_dirs_nulstr
= arg_system
?
813 CONF_PATHS_NULSTR("systemd/system.conf.d") :
814 CONF_PATHS_NULSTR("systemd/user.conf.d");
816 (void) config_parse_many_nulstr(fn
, conf_dirs_nulstr
, "Manager\0", config_item_table_lookup
, items
, CONFIG_PARSE_WARN
, NULL
);
818 /* Traditionally "0" was used to turn off the default unit timeouts. Fix this up so that we used USEC_INFINITY
819 * like everywhere else. */
820 if (arg_default_timeout_start_usec
<= 0)
821 arg_default_timeout_start_usec
= USEC_INFINITY
;
822 if (arg_default_timeout_stop_usec
<= 0)
823 arg_default_timeout_stop_usec
= USEC_INFINITY
;
828 static void set_manager_defaults(Manager
*m
) {
832 m
->default_timer_accuracy_usec
= arg_default_timer_accuracy_usec
;
833 m
->default_std_output
= arg_default_std_output
;
834 m
->default_std_error
= arg_default_std_error
;
835 m
->default_timeout_start_usec
= arg_default_timeout_start_usec
;
836 m
->default_timeout_stop_usec
= arg_default_timeout_stop_usec
;
837 m
->default_restart_usec
= arg_default_restart_usec
;
838 m
->default_start_limit_interval
= arg_default_start_limit_interval
;
839 m
->default_start_limit_burst
= arg_default_start_limit_burst
;
840 m
->default_cpu_accounting
= arg_default_cpu_accounting
;
841 m
->default_io_accounting
= arg_default_io_accounting
;
842 m
->default_ip_accounting
= arg_default_ip_accounting
;
843 m
->default_blockio_accounting
= arg_default_blockio_accounting
;
844 m
->default_memory_accounting
= arg_default_memory_accounting
;
845 m
->default_tasks_accounting
= arg_default_tasks_accounting
;
846 m
->default_tasks_max
= arg_default_tasks_max
;
848 manager_set_default_rlimits(m
, arg_default_rlimit
);
849 manager_environment_add(m
, NULL
, arg_default_environment
);
852 static void set_manager_settings(Manager
*m
) {
856 m
->confirm_spawn
= arg_confirm_spawn
;
857 m
->runtime_watchdog
= arg_runtime_watchdog
;
858 m
->shutdown_watchdog
= arg_shutdown_watchdog
;
859 m
->cad_burst_action
= arg_cad_burst_action
;
861 manager_set_show_status(m
, arg_show_status
);
864 static int parse_argv(int argc
, char *argv
[]) {
867 ARG_LOG_LEVEL
= 0x100,
877 ARG_DUMP_CONFIGURATION_ITEMS
,
886 ARG_DEFAULT_STD_OUTPUT
,
887 ARG_DEFAULT_STD_ERROR
,
891 static const struct option options
[] = {
892 { "log-level", required_argument
, NULL
, ARG_LOG_LEVEL
},
893 { "log-target", required_argument
, NULL
, ARG_LOG_TARGET
},
894 { "log-color", optional_argument
, NULL
, ARG_LOG_COLOR
},
895 { "log-location", optional_argument
, NULL
, ARG_LOG_LOCATION
},
896 { "unit", required_argument
, NULL
, ARG_UNIT
},
897 { "system", no_argument
, NULL
, ARG_SYSTEM
},
898 { "user", no_argument
, NULL
, ARG_USER
},
899 { "test", no_argument
, NULL
, ARG_TEST
},
900 { "no-pager", no_argument
, NULL
, ARG_NO_PAGER
},
901 { "help", no_argument
, NULL
, 'h' },
902 { "version", no_argument
, NULL
, ARG_VERSION
},
903 { "dump-configuration-items", no_argument
, NULL
, ARG_DUMP_CONFIGURATION_ITEMS
},
904 { "dump-core", optional_argument
, NULL
, ARG_DUMP_CORE
},
905 { "crash-chvt", required_argument
, NULL
, ARG_CRASH_CHVT
},
906 { "crash-shell", optional_argument
, NULL
, ARG_CRASH_SHELL
},
907 { "crash-reboot", optional_argument
, NULL
, ARG_CRASH_REBOOT
},
908 { "confirm-spawn", optional_argument
, NULL
, ARG_CONFIRM_SPAWN
},
909 { "show-status", optional_argument
, NULL
, ARG_SHOW_STATUS
},
910 { "deserialize", required_argument
, NULL
, ARG_DESERIALIZE
},
911 { "switched-root", no_argument
, NULL
, ARG_SWITCHED_ROOT
},
912 { "default-standard-output", required_argument
, NULL
, ARG_DEFAULT_STD_OUTPUT
, },
913 { "default-standard-error", required_argument
, NULL
, ARG_DEFAULT_STD_ERROR
, },
914 { "machine-id", required_argument
, NULL
, ARG_MACHINE_ID
},
923 if (getpid_cached() == 1)
926 while ((c
= getopt_long(argc
, argv
, "hDbsz:", options
, NULL
)) >= 0)
931 r
= log_set_max_level_from_string(optarg
);
933 log_error("Failed to parse log level %s.", optarg
);
940 r
= log_set_target_from_string(optarg
);
942 log_error("Failed to parse log target %s.", optarg
);
951 r
= log_show_color_from_string(optarg
);
953 log_error("Failed to parse log color setting %s.", optarg
);
957 log_show_color(true);
961 case ARG_LOG_LOCATION
:
963 r
= log_show_location_from_string(optarg
);
965 log_error("Failed to parse log location setting %s.", optarg
);
969 log_show_location(true);
973 case ARG_DEFAULT_STD_OUTPUT
:
974 r
= exec_output_from_string(optarg
);
976 log_error("Failed to parse default standard output setting %s.", optarg
);
979 arg_default_std_output
= r
;
982 case ARG_DEFAULT_STD_ERROR
:
983 r
= exec_output_from_string(optarg
);
985 log_error("Failed to parse default standard error output setting %s.", optarg
);
988 arg_default_std_error
= r
;
992 r
= free_and_strdup(&arg_default_unit
, optarg
);
994 return log_error_errno(r
, "Failed to set default unit %s: %m", optarg
);
1007 arg_action
= ACTION_TEST
;
1011 arg_no_pager
= true;
1015 arg_action
= ACTION_VERSION
;
1018 case ARG_DUMP_CONFIGURATION_ITEMS
:
1019 arg_action
= ACTION_DUMP_CONFIGURATION_ITEMS
;
1024 arg_dump_core
= true;
1026 r
= parse_boolean(optarg
);
1028 return log_error_errno(r
, "Failed to parse dump core boolean: %s", optarg
);
1033 case ARG_CRASH_CHVT
:
1034 r
= parse_crash_chvt(optarg
);
1036 return log_error_errno(r
, "Failed to parse crash virtual terminal index: %s", optarg
);
1039 case ARG_CRASH_SHELL
:
1041 arg_crash_shell
= true;
1043 r
= parse_boolean(optarg
);
1045 return log_error_errno(r
, "Failed to parse crash shell boolean: %s", optarg
);
1046 arg_crash_shell
= r
;
1050 case ARG_CRASH_REBOOT
:
1052 arg_crash_reboot
= true;
1054 r
= parse_boolean(optarg
);
1056 return log_error_errno(r
, "Failed to parse crash shell boolean: %s", optarg
);
1057 arg_crash_reboot
= r
;
1061 case ARG_CONFIRM_SPAWN
:
1062 arg_confirm_spawn
= mfree(arg_confirm_spawn
);
1064 r
= parse_confirm_spawn(optarg
, &arg_confirm_spawn
);
1066 return log_error_errno(r
, "Failed to parse confirm spawn option: %m");
1069 case ARG_SHOW_STATUS
:
1071 r
= parse_show_status(optarg
, &arg_show_status
);
1073 log_error("Failed to parse show status boolean %s.", optarg
);
1077 arg_show_status
= SHOW_STATUS_YES
;
1080 case ARG_DESERIALIZE
: {
1084 r
= safe_atoi(optarg
, &fd
);
1085 if (r
< 0 || fd
< 0) {
1086 log_error("Failed to parse deserialize option %s.", optarg
);
1090 (void) fd_cloexec(fd
, true);
1092 f
= fdopen(fd
, "r");
1094 return log_error_errno(errno
, "Failed to open serialization fd: %m");
1096 safe_fclose(arg_serialization
);
1097 arg_serialization
= f
;
1102 case ARG_SWITCHED_ROOT
:
1103 arg_switched_root
= true;
1106 case ARG_MACHINE_ID
:
1107 r
= set_machine_id(optarg
);
1109 return log_error_errno(r
, "MachineID '%s' is not valid.", optarg
);
1113 arg_action
= ACTION_HELP
;
1117 log_set_max_level(LOG_DEBUG
);
1123 /* Just to eat away the sysvinit kernel
1124 * cmdline args without getopt() error
1125 * messages that we'll parse in
1126 * parse_proc_cmdline_word() or ignore. */
1129 if (getpid_cached() != 1)
1135 assert_not_reached("Unhandled option code.");
1138 if (optind
< argc
&& getpid_cached() != 1) {
1139 /* Hmm, when we aren't run as init system
1140 * let's complain about excess arguments */
1142 log_error("Excess arguments.");
1149 static int help(void) {
1151 printf("%s [OPTIONS...]\n\n"
1152 "Starts up and maintains the system or user services.\n\n"
1153 " -h --help Show this help\n"
1154 " --version Show version\n"
1155 " --test Determine startup sequence, dump it and exit\n"
1156 " --no-pager Do not pipe output into a pager\n"
1157 " --dump-configuration-items Dump understood unit configuration items\n"
1158 " --unit=UNIT Set default unit\n"
1159 " --system Run a system instance, even if PID != 1\n"
1160 " --user Run a user instance\n"
1161 " --dump-core[=BOOL] Dump core on crash\n"
1162 " --crash-vt=NR Change to specified VT on crash\n"
1163 " --crash-reboot[=BOOL] Reboot on crash\n"
1164 " --crash-shell[=BOOL] Run shell on crash\n"
1165 " --confirm-spawn[=BOOL] Ask for confirmation when spawning processes\n"
1166 " --show-status[=BOOL] Show status updates on the console during bootup\n"
1167 " --log-target=TARGET Set log target (console, journal, kmsg, journal-or-kmsg, null)\n"
1168 " --log-level=LEVEL Set log level (debug, info, notice, warning, err, crit, alert, emerg)\n"
1169 " --log-color[=BOOL] Highlight important log messages\n"
1170 " --log-location[=BOOL] Include code location in log messages\n"
1171 " --default-standard-output= Set default standard output for services\n"
1172 " --default-standard-error= Set default standard error output for services\n",
1173 program_invocation_short_name
);
1178 static int prepare_reexecute(Manager
*m
, FILE **_f
, FDSet
**_fds
, bool switching_root
) {
1179 _cleanup_fdset_free_ FDSet
*fds
= NULL
;
1180 _cleanup_fclose_
FILE *f
= NULL
;
1187 r
= manager_open_serialization(m
, &f
);
1189 return log_error_errno(r
, "Failed to create serialization file: %m");
1191 /* Make sure nothing is really destructed when we shut down */
1193 bus_manager_send_reloading(m
, true);
1199 r
= manager_serialize(m
, f
, fds
, switching_root
);
1201 return log_error_errno(r
, "Failed to serialize state: %m");
1203 if (fseeko(f
, 0, SEEK_SET
) == (off_t
) -1)
1204 return log_error_errno(errno
, "Failed to rewind serialization fd: %m");
1206 r
= fd_cloexec(fileno(f
), false);
1208 return log_error_errno(r
, "Failed to disable O_CLOEXEC for serialization: %m");
1210 r
= fdset_cloexec(fds
, false);
1212 return log_error_errno(r
, "Failed to disable O_CLOEXEC for serialization fds: %m");
1223 static int bump_rlimit_nofile(struct rlimit
*saved_rlimit
) {
1227 _cleanup_free_
char *nr_open
= NULL
;
1229 assert(saved_rlimit
);
1231 /* Save the original RLIMIT_NOFILE so that we can reset it
1232 * later when transitioning from the initrd to the main
1233 * systemd or suchlike. */
1234 if (getrlimit(RLIMIT_NOFILE
, saved_rlimit
) < 0)
1235 return log_warning_errno(errno
, "Reading RLIMIT_NOFILE failed, ignoring: %m");
1237 /* Make sure forked processes get the default kernel setting */
1238 if (!arg_default_rlimit
[RLIMIT_NOFILE
]) {
1241 rl
= newdup(struct rlimit
, saved_rlimit
, 1);
1245 arg_default_rlimit
[RLIMIT_NOFILE
] = rl
;
1248 /* Get current RLIMIT_NOFILE maximum compiled into the kernel. */
1249 r
= read_one_line_file("/proc/sys/fs/nr_open", &nr_open
);
1251 r
= safe_atoi(nr_open
, &min_max
);
1252 /* If we fail, fallback to the hard-coded kernel limit of 1024 * 1024. */
1254 min_max
= 1024 * 1024;
1256 /* Bump up the resource limit for ourselves substantially */
1257 nl
.rlim_cur
= nl
.rlim_max
= min_max
;
1258 r
= setrlimit_closest(RLIMIT_NOFILE
, &nl
);
1260 return log_warning_errno(r
, "Setting RLIMIT_NOFILE failed, ignoring: %m");
1265 static int bump_rlimit_memlock(struct rlimit
*saved_rlimit
) {
1268 assert(saved_rlimit
);
1269 assert(getuid() == 0);
1271 /* BPF_MAP_TYPE_LPM_TRIE bpf maps are charged against RLIMIT_MEMLOCK, even though we have CAP_IPC_LOCK which
1272 * should normally disable such checks. We need them to implement IPAccessAllow= and IPAccessDeny=, hence let's
1273 * bump the value high enough for the root user. */
1275 if (getrlimit(RLIMIT_MEMLOCK
, saved_rlimit
) < 0)
1276 return log_warning_errno(errno
, "Reading RLIMIT_MEMLOCK failed, ignoring: %m");
1278 r
= setrlimit_closest(RLIMIT_MEMLOCK
, &RLIMIT_MAKE_CONST(1024ULL*1024ULL*16ULL));
1280 return log_warning_errno(r
, "Setting RLIMIT_MEMLOCK failed, ignoring: %m");
1285 static void test_usr(void) {
1287 /* Check that /usr is not a separate fs */
1289 if (dir_is_empty("/usr") <= 0)
1292 log_warning("/usr appears to be on its own filesystem and is not already mounted. This is not a supported setup. "
1293 "Some things will probably break (sometimes even silently) in mysterious ways. "
1294 "Consult http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken for more information.");
1297 static int initialize_join_controllers(void) {
1298 /* By default, mount "cpu" + "cpuacct" together, and "net_cls"
1299 * + "net_prio". We'd like to add "cpuset" to the mix, but
1300 * "cpuset" doesn't really work for groups with no initialized
1303 arg_join_controllers
= new(char**, 3);
1304 if (!arg_join_controllers
)
1307 arg_join_controllers
[0] = strv_new("cpu", "cpuacct", NULL
);
1308 if (!arg_join_controllers
[0])
1311 arg_join_controllers
[1] = strv_new("net_cls", "net_prio", NULL
);
1312 if (!arg_join_controllers
[1])
1315 arg_join_controllers
[2] = NULL
;
1319 arg_join_controllers
= strv_free_free(arg_join_controllers
);
1323 static int enforce_syscall_archs(Set
*archs
) {
1327 if (!is_seccomp_available())
1330 r
= seccomp_restrict_archs(arg_syscall_archs
);
1332 return log_error_errno(r
, "Failed to enforce system call architecture restrication: %m");
1337 static int status_welcome(void) {
1338 _cleanup_free_
char *pretty_name
= NULL
, *ansi_color
= NULL
;
1341 r
= parse_env_file("/etc/os-release", NEWLINE
,
1342 "PRETTY_NAME", &pretty_name
,
1343 "ANSI_COLOR", &ansi_color
,
1346 r
= parse_env_file("/usr/lib/os-release", NEWLINE
,
1347 "PRETTY_NAME", &pretty_name
,
1348 "ANSI_COLOR", &ansi_color
,
1351 if (r
< 0 && r
!= -ENOENT
)
1352 log_warning_errno(r
, "Failed to read os-release file: %m");
1354 if (log_get_show_color())
1355 return status_printf(NULL
, false, false,
1356 "\nWelcome to \x1B[%sm%s\x1B[0m!\n",
1357 isempty(ansi_color
) ? "1" : ansi_color
,
1358 isempty(pretty_name
) ? "Linux" : pretty_name
);
1360 return status_printf(NULL
, false, false,
1361 "\nWelcome to %s!\n",
1362 isempty(pretty_name
) ? "Linux" : pretty_name
);
1365 static int write_container_id(void) {
1369 c
= getenv("container");
1373 RUN_WITH_UMASK(0022)
1374 r
= write_string_file("/run/systemd/container", c
, WRITE_STRING_FILE_CREATE
);
1376 return log_warning_errno(r
, "Failed to write /run/systemd/container, ignoring: %m");
1381 static int bump_unix_max_dgram_qlen(void) {
1382 _cleanup_free_
char *qlen
= NULL
;
1386 /* Let's bump the net.unix.max_dgram_qlen sysctl. The kernel
1387 * default of 16 is simply too low. We set the value really
1388 * really early during boot, so that it is actually applied to
1389 * all our sockets, including the $NOTIFY_SOCKET one. */
1391 r
= read_one_line_file("/proc/sys/net/unix/max_dgram_qlen", &qlen
);
1393 return log_warning_errno(r
, "Failed to read AF_UNIX datagram queue length, ignoring: %m");
1395 r
= safe_atolu(qlen
, &v
);
1397 return log_warning_errno(r
, "Failed to parse AF_UNIX datagram queue length, ignoring: %m");
1399 if (v
>= DEFAULT_UNIX_MAX_DGRAM_QLEN
)
1403 if (asprintf(&qlen
, "%lu\n", DEFAULT_UNIX_MAX_DGRAM_QLEN
) < 0)
1406 r
= write_string_file("/proc/sys/net/unix/max_dgram_qlen", qlen
, 0);
1408 return log_full_errno(IN_SET(r
, -EROFS
, -EPERM
, -EACCES
) ? LOG_DEBUG
: LOG_WARNING
, r
,
1409 "Failed to bump AF_UNIX datagram queue length, ignoring: %m");
1414 static int fixup_environment(void) {
1415 _cleanup_free_
char *term
= NULL
;
1419 /* We expect the environment to be set correctly
1420 * if run inside a container. */
1421 if (detect_container() > 0)
1424 /* When started as PID1, the kernel uses /dev/console
1425 * for our stdios and uses TERM=linux whatever the
1426 * backend device used by the console. We try to make
1427 * a better guess here since some consoles might not
1428 * have support for color mode for example.
1430 * However if TERM was configured through the kernel
1431 * command line then leave it alone. */
1433 r
= proc_cmdline_get_key("TERM", 0, &term
);
1437 t
= term
?: default_term_for_tty("/dev/console");
1439 if (setenv("TERM", t
, 1) < 0)
1445 static void redirect_telinit(int argc
, char *argv
[]) {
1447 /* This is compatibility support for SysV, where calling init as a user is identical to telinit. */
1449 #if HAVE_SYSV_COMPAT
1450 if (getpid_cached() == 1)
1453 if (!strstr(program_invocation_short_name
, "init"))
1456 execv(SYSTEMCTL_BINARY_PATH
, argv
);
1457 log_error_errno(errno
, "Failed to exec " SYSTEMCTL_BINARY_PATH
": %m");
1462 static int become_shutdown(
1463 const char *shutdown_verb
,
1466 char log_level
[DECIMAL_STR_MAX(int) + 1],
1467 exit_code
[DECIMAL_STR_MAX(uint8_t) + 1];
1469 const char* command_line
[11] = {
1470 SYSTEMD_SHUTDOWN_BINARY_PATH
,
1472 "--log-level", log_level
,
1476 _cleanup_strv_free_
char **env_block
= NULL
;
1480 assert(shutdown_verb
);
1481 assert(!command_line
[pos
]);
1482 env_block
= strv_copy(environ
);
1484 xsprintf(log_level
, "%d", log_get_max_level());
1486 switch (log_get_target()) {
1488 case LOG_TARGET_KMSG
:
1489 case LOG_TARGET_JOURNAL_OR_KMSG
:
1490 case LOG_TARGET_SYSLOG_OR_KMSG
:
1491 command_line
[pos
++] = "kmsg";
1494 case LOG_TARGET_NULL
:
1495 command_line
[pos
++] = "null";
1498 case LOG_TARGET_CONSOLE
:
1500 command_line
[pos
++] = "console";
1504 if (log_get_show_color())
1505 command_line
[pos
++] = "--log-color";
1507 if (log_get_show_location())
1508 command_line
[pos
++] = "--log-location";
1510 if (streq(shutdown_verb
, "exit")) {
1511 command_line
[pos
++] = "--exit-code";
1512 command_line
[pos
++] = exit_code
;
1513 xsprintf(exit_code
, "%d", retval
);
1516 assert(pos
< ELEMENTSOF(command_line
));
1518 if (streq(shutdown_verb
, "reboot") &&
1519 arg_shutdown_watchdog
> 0 &&
1520 arg_shutdown_watchdog
!= USEC_INFINITY
) {
1524 /* If we reboot let's set the shutdown
1525 * watchdog and tell the shutdown binary to
1526 * repeatedly ping it */
1527 r
= watchdog_set_timeout(&arg_shutdown_watchdog
);
1528 watchdog_close(r
< 0);
1530 /* Tell the binary how often to ping, ignore failure */
1531 if (asprintf(&e
, "WATCHDOG_USEC="USEC_FMT
, arg_shutdown_watchdog
) > 0)
1532 (void) strv_consume(&env_block
, e
);
1534 if (arg_watchdog_device
&&
1535 asprintf(&e
, "WATCHDOG_DEVICE=%s", arg_watchdog_device
) > 0)
1536 (void) strv_consume(&env_block
, e
);
1538 watchdog_close(true);
1540 /* Avoid the creation of new processes forked by the
1541 * kernel; at this point, we will not listen to the
1543 if (detect_container() <= 0)
1544 (void) cg_uninstall_release_agent(SYSTEMD_CGROUP_CONTROLLER
);
1546 execve(SYSTEMD_SHUTDOWN_BINARY_PATH
, (char **) command_line
, env_block
);
1550 static void initialize_clock(void) {
1553 if (clock_is_localtime(NULL
) > 0) {
1557 * The very first call of settimeofday() also does a time warp in the kernel.
1559 * In the rtc-in-local time mode, we set the kernel's timezone, and rely on external tools to take care
1560 * of maintaining the RTC and do all adjustments. This matches the behavior of Windows, which leaves
1561 * the RTC alone if the registry tells that the RTC runs in UTC.
1563 r
= clock_set_timezone(&min
);
1565 log_error_errno(r
, "Failed to apply local time delta, ignoring: %m");
1567 log_info("RTC configured in localtime, applying delta of %i minutes to system time.", min
);
1569 } else if (!in_initrd()) {
1571 * Do a dummy very first call to seal the kernel's time warp magic.
1573 * Do not call this from inside the initrd. The initrd might not carry /etc/adjtime with LOCAL, but the
1574 * real system could be set up that way. In such case, we need to delay the time-warp or the sealing
1575 * until we reach the real system.
1577 * Do no set the kernel's timezone. The concept of local time cannot be supported reliably, the time
1578 * will jump or be incorrect at every daylight saving time change. All kernel local time concepts will
1579 * be treated as UTC that way.
1581 (void) clock_reset_timewarp();
1584 r
= clock_apply_epoch();
1586 log_error_errno(r
, "Current system time is before build time, but cannot correct: %m");
1588 log_info("System time before build time, advancing clock.");
1591 static void initialize_coredump(bool skip_setup
) {
1593 if (getpid_cached() != 1)
1596 /* Don't limit the core dump size, so that coredump handlers such as systemd-coredump (which honour the limit)
1597 * will process core dumps for system services by default. */
1598 if (setrlimit(RLIMIT_CORE
, &RLIMIT_MAKE_CONST(RLIM_INFINITY
)) < 0)
1599 log_warning_errno(errno
, "Failed to set RLIMIT_CORE: %m");
1601 /* But at the same time, turn off the core_pattern logic by default, so that no coredumps are stored
1602 * until the systemd-coredump tool is enabled via sysctl. */
1604 (void) write_string_file("/proc/sys/kernel/core_pattern", "|/bin/false", 0);
1607 static void do_reexecute(
1610 const struct rlimit
*saved_rlimit_nofile
,
1611 const struct rlimit
*saved_rlimit_memlock
,
1613 const char *switch_root_dir
,
1614 const char *switch_root_init
,
1615 const char **ret_error_message
) {
1617 unsigned i
, j
, args_size
;
1621 assert(saved_rlimit_nofile
);
1622 assert(saved_rlimit_memlock
);
1623 assert(ret_error_message
);
1625 /* Close and disarm the watchdog, so that the new instance can reinitialize it, but doesn't get rebooted while
1627 watchdog_close(true);
1629 /* Reset the RLIMIT_NOFILE to the kernel default, so that the new systemd can pass the kernel default to its
1630 * child processes */
1632 if (saved_rlimit_nofile
->rlim_cur
> 0)
1633 (void) setrlimit(RLIMIT_NOFILE
, saved_rlimit_nofile
);
1634 if (saved_rlimit_memlock
->rlim_cur
!= (rlim_t
) -1)
1635 (void) setrlimit(RLIMIT_MEMLOCK
, saved_rlimit_memlock
);
1637 if (switch_root_dir
) {
1638 /* Kill all remaining processes from the initrd, but don't wait for them, so that we can handle the
1639 * SIGCHLD for them after deserializing. */
1640 broadcast_signal(SIGTERM
, false, true);
1642 /* And switch root with MS_MOVE, because we remove the old directory afterwards and detach it. */
1643 r
= switch_root(switch_root_dir
, "/mnt", true, MS_MOVE
);
1645 log_error_errno(r
, "Failed to switch root, trying to continue: %m");
1648 args_size
= MAX(6, argc
+1);
1649 args
= newa(const char*, args_size
);
1651 if (!switch_root_init
) {
1652 char sfd
[DECIMAL_STR_MAX(int) + 1];
1654 /* First try to spawn ourselves with the right path, and with full serialization. We do this only if
1655 * the user didn't specify an explicit init to spawn. */
1657 assert(arg_serialization
);
1660 xsprintf(sfd
, "%i", fileno(arg_serialization
));
1663 args
[i
++] = SYSTEMD_BINARY_PATH
;
1664 if (switch_root_dir
)
1665 args
[i
++] = "--switched-root";
1666 args
[i
++] = arg_system
? "--system" : "--user";
1667 args
[i
++] = "--deserialize";
1671 assert(i
<= args_size
);
1674 * We want valgrind to print its memory usage summary before reexecution. Valgrind won't do this is on
1675 * its own on exec(), but it will do it on exit(). Hence, to ensure we get a summary here, fork() off
1676 * a child, let it exit() cleanly, so that it prints the summary, and wait() for it in the parent,
1677 * before proceeding into the exec().
1679 valgrind_summary_hack();
1681 (void) execv(args
[0], (char* const*) args
);
1682 log_debug_errno(errno
, "Failed to execute our own binary, trying fallback: %m");
1685 /* Try the fallback, if there is any, without any serialization. We pass the original argv[] and envp[]. (Well,
1686 * modulo the ordering changes due to getopt() in argv[], and some cleanups in envp[], but let's hope that
1687 * doesn't matter.) */
1689 arg_serialization
= safe_fclose(arg_serialization
);
1690 fds
= fdset_free(fds
);
1692 /* Reopen the console */
1693 (void) make_console_stdio();
1695 for (j
= 1, i
= 1; j
< (unsigned) argc
; j
++)
1696 args
[i
++] = argv
[j
];
1698 assert(i
<= args_size
);
1700 /* Reenable any blocked signals, especially important if we switch from initial ramdisk to init=... */
1701 (void) reset_all_signal_handlers();
1702 (void) reset_signal_mask();
1704 if (switch_root_init
) {
1705 args
[0] = switch_root_init
;
1706 (void) execv(args
[0], (char* const*) args
);
1707 log_warning_errno(errno
, "Failed to execute configured init, trying fallback: %m");
1710 args
[0] = "/sbin/init";
1711 (void) execv(args
[0], (char* const*) args
);
1714 manager_status_printf(NULL
, STATUS_TYPE_EMERGENCY
,
1715 ANSI_HIGHLIGHT_RED
" !! " ANSI_NORMAL
,
1716 "Failed to execute /sbin/init");
1719 log_warning("No /sbin/init, trying fallback");
1721 args
[0] = "/bin/sh";
1723 (void) execv(args
[0], (char* const*) args
);
1724 log_error_errno(errno
, "Failed to execute /bin/sh, giving up: %m");
1726 log_warning_errno(r
, "Failed to execute /sbin/init, giving up: %m");
1728 *ret_error_message
= "Failed to execute fallback shell";
1731 static int invoke_main_loop(
1733 bool *ret_reexecute
,
1734 int *ret_retval
, /* Return parameters relevant for shutting down */
1735 const char **ret_shutdown_verb
, /* … */
1736 FDSet
**ret_fds
, /* Return parameters for reexecuting */
1737 char **ret_switch_root_dir
, /* … */
1738 char **ret_switch_root_init
, /* … */
1739 const char **ret_error_message
) {
1744 assert(ret_reexecute
);
1746 assert(ret_shutdown_verb
);
1748 assert(ret_switch_root_dir
);
1749 assert(ret_switch_root_init
);
1750 assert(ret_error_message
);
1753 r
= manager_loop(m
);
1755 *ret_error_message
= "Failed to run main loop";
1756 return log_emergency_errno(r
, "Failed to run main loop: %m");
1759 switch (m
->exit_code
) {
1761 case MANAGER_RELOAD
:
1762 log_info("Reloading.");
1764 r
= parse_config_file();
1766 log_warning_errno(r
, "Failed to parse config file, ignoring: %m");
1768 set_manager_defaults(m
);
1770 r
= manager_reload(m
);
1772 log_warning_errno(r
, "Failed to reload, ignoring: %m");
1776 case MANAGER_REEXECUTE
:
1778 r
= prepare_reexecute(m
, &arg_serialization
, ret_fds
, false);
1780 *ret_error_message
= "Failed to prepare for reexecution";
1784 log_notice("Reexecuting.");
1786 *ret_reexecute
= true;
1787 *ret_retval
= EXIT_SUCCESS
;
1788 *ret_shutdown_verb
= NULL
;
1789 *ret_switch_root_dir
= *ret_switch_root_init
= NULL
;
1793 case MANAGER_SWITCH_ROOT
:
1794 if (!m
->switch_root_init
) {
1795 r
= prepare_reexecute(m
, &arg_serialization
, ret_fds
, true);
1797 *ret_error_message
= "Failed to prepare for reexecution";
1803 log_notice("Switching root.");
1805 *ret_reexecute
= true;
1806 *ret_retval
= EXIT_SUCCESS
;
1807 *ret_shutdown_verb
= NULL
;
1809 /* Steal the switch root parameters */
1810 *ret_switch_root_dir
= m
->switch_root
;
1811 *ret_switch_root_init
= m
->switch_root_init
;
1812 m
->switch_root
= m
->switch_root_init
= NULL
;
1818 if (MANAGER_IS_USER(m
)) {
1821 *ret_reexecute
= false;
1822 *ret_retval
= m
->return_value
;
1823 *ret_shutdown_verb
= NULL
;
1825 *ret_switch_root_dir
= *ret_switch_root_init
= NULL
;
1831 case MANAGER_REBOOT
:
1832 case MANAGER_POWEROFF
:
1834 case MANAGER_KEXEC
: {
1835 static const char * const table
[_MANAGER_EXIT_CODE_MAX
] = {
1836 [MANAGER_EXIT
] = "exit",
1837 [MANAGER_REBOOT
] = "reboot",
1838 [MANAGER_POWEROFF
] = "poweroff",
1839 [MANAGER_HALT
] = "halt",
1840 [MANAGER_KEXEC
] = "kexec"
1843 log_notice("Shutting down.");
1845 *ret_reexecute
= false;
1846 *ret_retval
= m
->return_value
;
1847 assert_se(*ret_shutdown_verb
= table
[m
->exit_code
]);
1849 *ret_switch_root_dir
= *ret_switch_root_init
= NULL
;
1855 assert_not_reached("Unknown exit code.");
1860 static void log_execution_mode(bool *ret_first_boot
) {
1861 assert(ret_first_boot
);
1866 log_info(PACKAGE_STRING
" running in %ssystem mode. (" SYSTEMD_FEATURES
")",
1867 arg_action
== ACTION_TEST
? "test " : "" );
1869 v
= detect_virtualization();
1871 log_info("Detected virtualization %s.", virtualization_to_string(v
));
1873 log_info("Detected architecture %s.", architecture_to_string(uname_architecture()));
1876 *ret_first_boot
= false;
1877 log_info("Running in initial RAM disk.");
1879 /* Let's check whether we are in first boot, i.e. whether /etc is still unpopulated. We use
1880 * /etc/machine-id as flag file, for this: if it exists we assume /etc is populated, if it
1881 * doesn't it's unpopulated. This allows container managers and installers to provision a
1882 * couple of files already. If the container manager wants to provision the machine ID itself
1883 * it should pass $container_uuid to PID 1. */
1885 *ret_first_boot
= access("/etc/machine-id", F_OK
) < 0;
1886 if (*ret_first_boot
)
1887 log_info("Running with unpopulated /etc.");
1890 _cleanup_free_
char *t
;
1892 t
= uid_to_name(getuid());
1893 log_debug(PACKAGE_STRING
" running in %suser mode for user " UID_FMT
"/%s. (" SYSTEMD_FEATURES
")",
1894 arg_action
== ACTION_TEST
? " test" : "", getuid(), strna(t
));
1896 *ret_first_boot
= false;
1900 static int initialize_runtime(
1902 struct rlimit
*saved_rlimit_nofile
,
1903 struct rlimit
*saved_rlimit_memlock
,
1904 const char **ret_error_message
) {
1908 assert(ret_error_message
);
1910 /* Sets up various runtime parameters. Many of these initializations are conditionalized:
1912 * - Some only apply to --system instances
1913 * - Some only apply to --user instances
1914 * - Some only apply when we first start up, but not when we reexecute
1917 if (arg_system
&& !skip_setup
) {
1918 if (arg_show_status
> 0)
1922 machine_id_setup(NULL
, arg_machine_id
, NULL
);
1924 bump_unix_max_dgram_qlen();
1926 write_container_id();
1929 if (arg_system
&& arg_watchdog_device
) {
1930 r
= watchdog_set_device(arg_watchdog_device
);
1932 log_warning_errno(r
, "Failed to set watchdog device to %s, ignoring: %m",
1933 arg_watchdog_device
);
1936 if (arg_system
&& arg_runtime_watchdog
> 0 && arg_runtime_watchdog
!= USEC_INFINITY
)
1937 watchdog_set_timeout(&arg_runtime_watchdog
);
1939 if (arg_timer_slack_nsec
!= NSEC_INFINITY
)
1940 if (prctl(PR_SET_TIMERSLACK
, arg_timer_slack_nsec
) < 0)
1941 log_error_errno(errno
, "Failed to adjust timer slack: %m");
1943 if (arg_system
&& !cap_test_all(arg_capability_bounding_set
)) {
1944 r
= capability_bounding_set_drop_usermode(arg_capability_bounding_set
);
1946 *ret_error_message
= "Failed to drop capability bounding set of usermode helpers";
1947 return log_emergency_errno(r
, "Failed to drop capability bounding set of usermode helpers: %m");
1950 r
= capability_bounding_set_drop(arg_capability_bounding_set
, true);
1952 *ret_error_message
= "Failed to drop capability bounding set";
1953 return log_emergency_errno(r
, "Failed to drop capability bounding set: %m");
1957 if (arg_syscall_archs
) {
1958 r
= enforce_syscall_archs(arg_syscall_archs
);
1960 *ret_error_message
= "Failed to set syscall architectures";
1966 /* Become reaper of our children */
1967 if (prctl(PR_SET_CHILD_SUBREAPER
, 1) < 0)
1968 log_warning_errno(errno
, "Failed to make us a subreaper: %m");
1971 /* Bump up RLIMIT_NOFILE for systemd itself */
1972 (void) bump_rlimit_nofile(saved_rlimit_nofile
);
1973 (void) bump_rlimit_memlock(saved_rlimit_memlock
);
1979 static int do_queue_default_job(
1981 const char **ret_error_message
) {
1983 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1984 Job
*default_unit_job
;
1985 Unit
*target
= NULL
;
1988 log_debug("Activating default unit: %s", arg_default_unit
);
1990 r
= manager_load_unit(m
, arg_default_unit
, NULL
, &error
, &target
);
1992 log_error("Failed to load default target: %s", bus_error_message(&error
, r
));
1993 else if (IN_SET(target
->load_state
, UNIT_ERROR
, UNIT_NOT_FOUND
))
1994 log_error_errno(target
->load_error
, "Failed to load default target: %m");
1995 else if (target
->load_state
== UNIT_MASKED
)
1996 log_error("Default target masked.");
1998 if (!target
|| target
->load_state
!= UNIT_LOADED
) {
1999 log_info("Trying to load rescue target...");
2001 r
= manager_load_unit(m
, SPECIAL_RESCUE_TARGET
, NULL
, &error
, &target
);
2003 *ret_error_message
= "Failed to load rescue target";
2004 return log_emergency_errno(r
, "Failed to load rescue target: %s", bus_error_message(&error
, r
));
2005 } else if (IN_SET(target
->load_state
, UNIT_ERROR
, UNIT_NOT_FOUND
)) {
2006 *ret_error_message
= "Failed to load rescue target";
2007 return log_emergency_errno(target
->load_error
, "Failed to load rescue target: %m");
2008 } else if (target
->load_state
== UNIT_MASKED
) {
2009 *ret_error_message
= "Rescue target masked";
2010 log_emergency("Rescue target masked.");
2015 assert(target
->load_state
== UNIT_LOADED
);
2017 r
= manager_add_job(m
, JOB_START
, target
, JOB_ISOLATE
, &error
, &default_unit_job
);
2019 log_debug_errno(r
, "Default target could not be isolated, starting instead: %s", bus_error_message(&error
, r
));
2021 sd_bus_error_free(&error
);
2023 r
= manager_add_job(m
, JOB_START
, target
, JOB_REPLACE
, &error
, &default_unit_job
);
2025 *ret_error_message
= "Failed to start default target";
2026 return log_emergency_errno(r
, "Failed to start default target: %s", bus_error_message(&error
, r
));
2030 *ret_error_message
= "Failed to isolate default target";
2031 return log_emergency_errno(r
, "Failed to isolate default target: %s", bus_error_message(&error
, r
));
2034 m
->default_unit_job_id
= default_unit_job
->id
;
2039 static void free_arguments(void) {
2042 /* Frees all arg_* variables, with the exception of arg_serialization */
2044 for (j
= 0; j
< ELEMENTSOF(arg_default_rlimit
); j
++)
2045 arg_default_rlimit
[j
] = mfree(arg_default_rlimit
[j
]);
2047 arg_default_unit
= mfree(arg_default_unit
);
2048 arg_confirm_spawn
= mfree(arg_confirm_spawn
);
2049 arg_join_controllers
= strv_free_free(arg_join_controllers
);
2050 arg_default_environment
= strv_free(arg_default_environment
);
2051 arg_syscall_archs
= set_free(arg_syscall_archs
);
2054 static int load_configuration(int argc
, char **argv
, const char **ret_error_message
) {
2057 assert(ret_error_message
);
2059 arg_default_tasks_max
= system_tasks_max_scale(DEFAULT_TASKS_MAX_PERCENTAGE
, 100U);
2061 r
= parse_config_file();
2063 *ret_error_message
= "Failed to parse config file";
2068 r
= proc_cmdline_parse(parse_proc_cmdline_item
, NULL
, 0);
2070 log_warning_errno(r
, "Failed to parse kernel command line, ignoring: %m");
2073 /* Note that this also parses bits from the kernel command line, including "debug". */
2074 log_parse_environment();
2076 r
= parse_argv(argc
, argv
);
2078 *ret_error_message
= "Failed to parse commandline arguments";
2082 /* Initialize default unit */
2083 if (!arg_default_unit
) {
2084 arg_default_unit
= strdup(SPECIAL_DEFAULT_TARGET
);
2085 if (!arg_default_unit
) {
2086 *ret_error_message
= "Failed to set default unit";
2094 static int safety_checks(void) {
2096 if (arg_action
== ACTION_TEST
&&
2098 log_error("Don't run test mode as root.");
2103 arg_action
== ACTION_RUN
&&
2105 log_error("Trying to run as user instance, but the system has not been booted with systemd.");
2110 arg_action
== ACTION_RUN
&&
2111 !getenv("XDG_RUNTIME_DIR")) {
2112 log_error("Trying to run as user instance, but $XDG_RUNTIME_DIR is not set.");
2117 arg_action
== ACTION_RUN
&&
2118 running_in_chroot() > 0) {
2119 log_error("Cannot be run in a chroot() environment.");
2126 static int initialize_security(
2127 bool *loaded_policy
,
2128 dual_timestamp
*security_start_timestamp
,
2129 dual_timestamp
*security_finish_timestamp
,
2130 const char **ret_error_message
) {
2134 assert(loaded_policy
);
2135 assert(security_start_timestamp
);
2136 assert(security_finish_timestamp
);
2137 assert(ret_error_message
);
2139 dual_timestamp_get(security_start_timestamp
);
2141 r
= mac_selinux_setup(loaded_policy
) < 0;
2143 *ret_error_message
= "Failed to load SELinux policy";
2147 r
= mac_smack_setup(loaded_policy
);
2149 *ret_error_message
= "Failed to load SMACK policy";
2155 *ret_error_message
= "Failed to load IMA policy";
2159 dual_timestamp_get(security_finish_timestamp
);
2163 int main(int argc
, char *argv
[]) {
2165 int r
, retval
= EXIT_FAILURE
;
2166 usec_t before_startup
, after_startup
;
2167 char timespan
[FORMAT_TIMESPAN_MAX
];
2169 bool reexecute
= false;
2170 const char *shutdown_verb
= NULL
;
2171 dual_timestamp initrd_timestamp
= DUAL_TIMESTAMP_NULL
;
2172 dual_timestamp userspace_timestamp
= DUAL_TIMESTAMP_NULL
;
2173 dual_timestamp kernel_timestamp
= DUAL_TIMESTAMP_NULL
;
2174 dual_timestamp security_start_timestamp
= DUAL_TIMESTAMP_NULL
;
2175 dual_timestamp security_finish_timestamp
= DUAL_TIMESTAMP_NULL
;
2176 static char systemd
[] = "systemd";
2177 bool skip_setup
= false;
2178 bool loaded_policy
= false;
2179 bool queue_default_job
= false;
2180 bool first_boot
= false;
2181 char *switch_root_dir
= NULL
, *switch_root_init
= NULL
;
2182 struct rlimit saved_rlimit_nofile
= RLIMIT_MAKE_CONST(0), saved_rlimit_memlock
= RLIMIT_MAKE_CONST((rlim_t
) -1);
2183 const char *error_message
= NULL
;
2185 redirect_telinit(argc
, argv
);
2187 dual_timestamp_from_monotonic(&kernel_timestamp
, 0);
2188 dual_timestamp_get(&userspace_timestamp
);
2190 /* Determine if this is a reexecution or normal bootup. We do
2191 * the full command line parsing much later, so let's just
2192 * have a quick peek here. */
2193 if (strv_find(argv
+1, "--deserialize"))
2196 /* If we have switched root, do all the special setup
2198 if (strv_find(argv
+1, "--switched-root"))
2201 /* If we get started via the /sbin/init symlink then we are
2202 called 'init'. After a subsequent reexecution we are then
2203 called 'systemd'. That is confusing, hence let's call us
2204 systemd right-away. */
2205 program_invocation_short_name
= systemd
;
2206 (void) prctl(PR_SET_NAME
, systemd
);
2211 log_set_upgrade_syslog_to_journal(true);
2213 if (getpid_cached() == 1) {
2214 /* Disable the umask logic */
2217 /* Always reopen /dev/console when running as PID 1 or one of its pre-execve() children. This is
2218 * important so that we never end up logging to any foreign stderr, for example if we have to log in a
2219 * child process right before execve()'ing the actual binary, at a point in time where socket
2220 * activation stderr/stdout area already set up. */
2221 log_set_always_reopen_console(true);
2224 if (getpid_cached() == 1 && detect_container() <= 0) {
2226 /* Running outside of a container as PID 1 */
2228 log_set_target(LOG_TARGET_KMSG
);
2232 initrd_timestamp
= userspace_timestamp
;
2235 r
= mount_setup_early();
2237 error_message
= "Failed to mount early API filesystems";
2241 r
= initialize_security(
2243 &security_start_timestamp
,
2244 &security_finish_timestamp
,
2250 if (mac_selinux_init() < 0) {
2251 error_message
= "Failed to initialize SELinux policy";
2258 /* Set the default for later on, but don't actually
2259 * open the logs like this for now. Note that if we
2260 * are transitioning from the initrd there might still
2261 * be journal fd open, and we shouldn't attempt
2262 * opening that before we parsed /proc/cmdline which
2263 * might redirect output elsewhere. */
2264 log_set_target(LOG_TARGET_JOURNAL_OR_KMSG
);
2266 } else if (getpid_cached() == 1) {
2267 /* Running inside a container, as PID 1 */
2269 log_set_target(LOG_TARGET_CONSOLE
);
2270 log_close_console(); /* force reopen of /dev/console */
2273 /* For later on, see above... */
2274 log_set_target(LOG_TARGET_JOURNAL
);
2276 /* clear the kernel timestamp,
2277 * because we are in a container */
2278 kernel_timestamp
= DUAL_TIMESTAMP_NULL
;
2280 /* Running as user instance */
2282 log_set_target(LOG_TARGET_AUTO
);
2285 /* clear the kernel timestamp,
2286 * because we are not PID 1 */
2287 kernel_timestamp
= DUAL_TIMESTAMP_NULL
;
2290 initialize_coredump(skip_setup
);
2293 if (fixup_environment() < 0) {
2294 error_message
= "Failed to fix up PID1 environment";
2298 /* Try to figure out if we can use colors with the console. No
2299 * need to do that for user instances since they never log
2300 * into the console. */
2301 log_show_color(colors_enabled());
2302 r
= make_null_stdio();
2304 log_warning_errno(r
, "Failed to redirect standard streams to /dev/null: %m");
2307 r
= initialize_join_controllers();
2309 error_message
= "Failed to initialize cgroup controllers";
2313 /* Mount /proc, /sys and friends, so that /proc/cmdline and
2314 * /proc/$PID/fd is available. */
2315 if (getpid_cached() == 1) {
2317 /* Load the kernel modules early. */
2321 r
= mount_setup(loaded_policy
);
2323 error_message
= "Failed to mount API filesystems";
2328 /* Reset all signal handlers. */
2329 (void) reset_all_signal_handlers();
2330 (void) ignore_signals(SIGNALS_IGNORE
, -1);
2332 r
= load_configuration(argc
, argv
, &error_message
);
2336 r
= safety_checks();
2340 if (IN_SET(arg_action
, ACTION_TEST
, ACTION_HELP
, ACTION_DUMP_CONFIGURATION_ITEMS
))
2341 pager_open(arg_no_pager
, false);
2343 if (arg_action
!= ACTION_RUN
)
2346 if (arg_action
== ACTION_HELP
) {
2349 } else if (arg_action
== ACTION_VERSION
) {
2352 } else if (arg_action
== ACTION_DUMP_CONFIGURATION_ITEMS
) {
2353 unit_dump_config_items(stdout
);
2354 retval
= EXIT_SUCCESS
;
2358 assert_se(IN_SET(arg_action
, ACTION_RUN
, ACTION_TEST
));
2360 /* Close logging fds, in order not to confuse fdset below */
2363 /* Remember open file descriptors for later deserialization */
2364 if (arg_action
== ACTION_RUN
) {
2365 r
= fdset_new_fill(&fds
);
2367 log_emergency_errno(r
, "Failed to allocate fd set: %m");
2368 error_message
= "Failed to allocate fd set";
2371 fdset_cloexec(fds
, true);
2373 if (arg_serialization
)
2374 assert_se(fdset_remove(fds
, fileno(arg_serialization
)) >= 0);
2377 /* Become a session leader if we aren't one yet. */
2381 /* Move out of the way, so that we won't block unmounts */
2382 assert_se(chdir("/") == 0);
2384 /* Reset the console, but only if this is really init and we
2385 * are freshly booted */
2386 if (arg_system
&& arg_action
== ACTION_RUN
) {
2388 /* If we are init, we connect stdin/stdout/stderr to
2389 * /dev/null and make sure we don't have a controlling
2393 if (getpid_cached() == 1 && !skip_setup
)
2397 /* Open the logging devices, if possible and necessary */
2400 if (arg_show_status
== _SHOW_STATUS_UNSET
)
2401 arg_show_status
= SHOW_STATUS_YES
;
2403 /* Make sure we leave a core dump without panicing the
2405 if (getpid_cached() == 1) {
2406 install_crash_handler();
2408 r
= mount_cgroup_controllers(arg_join_controllers
);
2413 log_execution_mode(&first_boot
);
2415 if (arg_action
== ACTION_RUN
) {
2416 r
= initialize_runtime(skip_setup
,
2417 &saved_rlimit_nofile
,
2418 &saved_rlimit_memlock
,
2424 r
= manager_new(arg_system
? UNIT_FILE_SYSTEM
: UNIT_FILE_USER
,
2425 arg_action
== ACTION_TEST
? MANAGER_TEST_FULL
: 0,
2428 log_emergency_errno(r
, "Failed to allocate manager object: %m");
2429 error_message
= "Failed to allocate manager object";
2433 m
->timestamps
[MANAGER_TIMESTAMP_KERNEL
] = kernel_timestamp
;
2434 m
->timestamps
[MANAGER_TIMESTAMP_INITRD
] = initrd_timestamp
;
2435 m
->timestamps
[MANAGER_TIMESTAMP_USERSPACE
] = userspace_timestamp
;
2436 m
->timestamps
[MANAGER_TIMESTAMP_SECURITY_START
] = security_start_timestamp
;
2437 m
->timestamps
[MANAGER_TIMESTAMP_SECURITY_FINISH
] = security_finish_timestamp
;
2439 set_manager_defaults(m
);
2440 set_manager_settings(m
);
2441 manager_set_first_boot(m
, first_boot
);
2443 /* Remember whether we should queue the default job */
2444 queue_default_job
= !arg_serialization
|| arg_switched_root
;
2446 before_startup
= now(CLOCK_MONOTONIC
);
2448 r
= manager_startup(m
, arg_serialization
, fds
);
2450 log_error_errno(r
, "Failed to fully start up daemon: %m");
2451 error_message
= "Failed to start up manager";
2455 /* This will close all file descriptors that were opened, but not claimed by any unit. */
2456 fds
= fdset_free(fds
);
2457 arg_serialization
= safe_fclose(arg_serialization
);
2459 if (queue_default_job
) {
2460 r
= do_queue_default_job(m
, &error_message
);
2465 after_startup
= now(CLOCK_MONOTONIC
);
2467 log_full(arg_action
== ACTION_TEST
? LOG_INFO
: LOG_DEBUG
,
2468 "Loaded units and determined initial transaction in %s.",
2469 format_timespan(timespan
, sizeof(timespan
), after_startup
- before_startup
, 100 * USEC_PER_MSEC
));
2472 _cleanup_free_
char *taint
;
2474 taint
= manager_taint_string(m
);
2475 if (!isempty(taint
))
2476 log_struct(LOG_NOTICE
,
2477 LOG_MESSAGE("System is tainted: %s", taint
),
2479 "MESSAGE_ID=" SD_MESSAGE_TAINTED_STR
,
2483 if (arg_action
== ACTION_TEST
) {
2484 printf("-> By units:\n");
2485 manager_dump_units(m
, stdout
, "\t");
2487 printf("-> By jobs:\n");
2488 manager_dump_jobs(m
, stdout
, "\t");
2489 retval
= EXIT_SUCCESS
;
2493 r
= invoke_main_loop(m
,
2506 arg_shutdown_watchdog
= m
->shutdown_watchdog
;
2508 m
= manager_free(m
);
2511 mac_selinux_finish();
2514 do_reexecute(argc
, argv
,
2515 &saved_rlimit_nofile
,
2516 &saved_rlimit_memlock
,
2520 &error_message
); /* This only returns if reexecution failed */
2522 arg_serialization
= safe_fclose(arg_serialization
);
2523 fds
= fdset_free(fds
);
2525 #if HAVE_VALGRIND_VALGRIND_H
2526 /* If we are PID 1 and running under valgrind, then let's exit
2527 * here explicitly. valgrind will only generate nice output on
2528 * exit(), not on exec(), hence let's do the former not the
2530 if (getpid_cached() == 1 && RUNNING_ON_VALGRIND
) {
2531 /* Cleanup watchdog_device strings for valgrind. We need them
2532 * in become_shutdown() so normally we cannot free them yet. */
2533 watchdog_free_device();
2534 arg_watchdog_device
= mfree(arg_watchdog_device
);
2539 if (shutdown_verb
) {
2540 r
= become_shutdown(shutdown_verb
, retval
);
2542 log_error_errno(r
, "Failed to execute shutdown binary, %s: %m", getpid_cached() == 1 ? "freezing" : "quitting");
2543 error_message
= "Failed to execute shutdown binary";
2546 watchdog_free_device();
2547 arg_watchdog_device
= mfree(arg_watchdog_device
);
2549 if (getpid_cached() == 1) {
2551 manager_status_printf(NULL
, STATUS_TYPE_EMERGENCY
,
2552 ANSI_HIGHLIGHT_RED
"!!!!!!" ANSI_NORMAL
,
2553 "%s, freezing.", error_message
);