]> git.ipfire.org Git - people/ms/systemd.git/blame - execute.c
projects / people / ms / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
sysv: add basic.target dependencies only for normal init scripts
[people/ms/systemd.git] / execute.c
CommitLineData
5cb5a6ff
LP		 1/*-*- Mode: C; c-basic-offset: 8 -*-*/
2
a7334b09
LP		 3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
5cb5a6ff 22#include <assert.h>
034c6ed7
LP		 23#include <dirent.h>
24#include <errno.h>
25#include <fcntl.h>
26#include <unistd.h>
44d8db9e 27#include <string.h>
309bff19 28#include <signal.h>
071830ff
LP		 29#include <sys/socket.h>
30#include <sys/un.h>
94f04347 31#include <sys/prctl.h>
66ee3769 32#include <linux/sched.h>
451a074f
LP		 33#include <sys/types.h>
34#include <sys/stat.h>
81a2b7ce
LP		 35#include <grp.h>
36#include <pwd.h>
5cb5a6ff
LP		 37
38#include "execute.h"
39#include "strv.h"
40#include "macro.h"
41#include "util.h"
acbb0225 42#include "log.h"
9eba9da4 43#include "ioprio.h"
94f04347 44#include "securebits.h"
8e274523 45#include "cgroup.h"
5cb5a6ff 46
034c6ed7
LP		 47static int shift_fds(int fds[], unsigned n_fds) {
48 int start, restart_from;
49
50 if (n_fds <= 0)
51 return 0;
52
a0d40ac5
LP		 53 /* Modifies the fds array! (sorts it) */
54
034c6ed7
LP		 55 assert(fds);
56
57 start = 0;
58 for (;;) {
59 int i;
60
61 restart_from = -1;
62
63 for (i = start; i < (int) n_fds; i++) {
64 int nfd;
65
66 /* Already at right index? */
67 if (fds[i] == i+3)
68 continue;
69
70 if ((nfd = fcntl(fds[i], F_DUPFD, i+3)) < 0)
71 return -errno;
72
2da3263a 73 assert_se(close_nointr(fds[i]) == 0);
034c6ed7
LP		 74 fds[i] = nfd;
75
76 /* Hmm, the fd we wanted isn't free? Then
77 * let's remember that and try again from here*/
78 if (nfd != i+3 && restart_from < 0)
79 restart_from = i;
80 }
81
82 if (restart_from < 0)
83 break;
84
85 start = restart_from;
86 }
87
88 return 0;
89}
90
451a074f 91static int flags_fds(int fds[], unsigned n_fds, bool nonblock) {
47a71eed 92 unsigned i;
e2c76839 93 int r;
47a71eed
LP		 94
95 if (n_fds <= 0)
96 return 0;
97
98 assert(fds);
99
451a074f 100 /* Drops/Sets O_NONBLOCK and FD_CLOEXEC from the file flags */
47a71eed
LP		 101
102 for (i = 0; i < n_fds; i++) {
47a71eed 103
e2c76839
LP		 104 if ((r = fd_nonblock(fds[i], nonblock)) < 0)
105 return r;
47a71eed 106
451a074f
LP		 107 /* We unconditionally drop FD_CLOEXEC from the fds,
108 * since after all we want to pass these fds to our
109 * children */
47a71eed 110
e2c76839
LP		 111 if ((r = fd_cloexec(fds[i], false)) < 0)
112 return r;
47a71eed
LP		 113 }
114
115 return 0;
116}
117
071830ff
LP		 118static int replace_null_fd(int fd, int flags) {
119 int nfd;
120 assert(fd >= 0);
121
122 close_nointr(fd);
123
124 if ((nfd = open("/dev/null", flags|O_NOCTTY)) < 0)
125 return -errno;
126
127 if (nfd != fd) {
128 close_nointr_nofail(nfd);
129 return -EIO;
130 }
131
132 return 0;
133}
134
135static int setup_output(const ExecContext *context, const char *ident) {
136 int r;
137
138 assert(context);
139
140 switch (context->output) {
141
94f04347 142 case EXEC_OUTPUT_CONSOLE:
071830ff
LP		 143 return 0;
144
94f04347 145 case EXEC_OUTPUT_NULL:
071830ff 146
94f04347 147 if ((r = replace_null_fd(STDOUT_FILENO, O_WRONLY)) < 0 ||
071830ff
LP		 148 (r = replace_null_fd(STDERR_FILENO, O_WRONLY)) < 0)
149 return r;
150
151 return 0;
152
94f04347
LP		 153 case EXEC_OUTPUT_KERNEL:
154 case EXEC_OUTPUT_SYSLOG: {
071830ff
LP		 155
156 int fd;
157 union {
158 struct sockaddr sa;
159 struct sockaddr_un un;
160 } sa;
161
071830ff
LP		 162 close_nointr(STDOUT_FILENO);
163 close_nointr(STDERR_FILENO);
164
165 if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
166 return -errno;
167
168 if (fd != STDOUT_FILENO) {
169 close_nointr_nofail(fd);
170 return -EIO;
171 }
172
173 zero(sa);
174 sa.sa.sa_family = AF_UNIX;
175 strncpy(sa.un.sun_path+1, LOGGER_SOCKET, sizeof(sa.un.sun_path)-1);
176
177 if (connect(fd, &sa.sa, sizeof(sa)) < 0) {
178 close_nointr_nofail(fd);
179 return -errno;
180 }
181
182 if (shutdown(fd, SHUT_RD) < 0) {
183 close_nointr_nofail(fd);
184 return -errno;
185 }
186
187 if ((fd = dup(fd)) < 0) {
188 close_nointr_nofail(fd);
189 return -errno;
190 }
191
192 if (fd != STDERR_FILENO) {
193 close_nointr_nofail(fd);
194 return -EIO;
195 }
196
197 /* We speak a very simple protocol between log server
198 * and client: one line for the log destination (kmsg
199 * or syslog), followed by the priority field,
200 * followed by the process name. Since we replaced
201 * stdin/stderr we simple use stdio to write to
202 * it. Note that we use stderr, to minimize buffer
203 * flushing issues. */
204
205 fprintf(stderr,
206 "%s\n"
207 "%i\n"
208 "%s\n",
94f04347 209 context->output == EXEC_OUTPUT_KERNEL ? "kmsg" : "syslog",
071830ff
LP		 210 context->syslog_priority,
211 context->syslog_identifier ? context->syslog_identifier : ident);
212
213 return 0;
214 }
94f04347
LP		 215
216 default:
217 assert_not_reached("Unknown output type");
071830ff 218 }
94f04347
LP		 219}
220
47be870b 221static int setup_input(const ExecContext *context) {
94f04347
LP		 222 int r;
223
224 assert(context);
071830ff 225
94f04347
LP		 226 switch (context->input) {
227
228 case EXEC_INPUT_CONSOLE:
229 return 0;
230
231 case EXEC_INPUT_NULL:
232 if ((r = replace_null_fd(STDIN_FILENO, O_RDONLY)) < 0)
233 return r;
234
235 return 0;
236
237 default:
238 assert_not_reached("Unknown input type");
239 }
071830ff
LP		 240}
241
81a2b7ce
LP		 242static int get_group_creds(const char *groupname, gid_t *gid) {
243 struct group *g;
244 unsigned long lu;
245
246 assert(groupname);
247 assert(gid);
248
249 /* We enforce some special rules for gid=0: in order to avoid
250 * NSS lookups for root we hardcode its data. */
251
252 if (streq(groupname, "root") || streq(groupname, "0")) {
253 *gid = 0;
254 return 0;
255 }
256
257 if (safe_atolu(groupname, &lu) >= 0) {
258 errno = 0;
259 g = getgrgid((gid_t) lu);
260 } else {
261 errno = 0;
262 g = getgrnam(groupname);
263 }
264
265 if (!g)
266 return errno != 0 ? -errno : -ESRCH;
267
268 *gid = g->gr_gid;
269 return 0;
270}
271
272static int get_user_creds(const char **username, uid_t *uid, gid_t *gid, const char **home) {
273 struct passwd *p;
274 unsigned long lu;
275
276 assert(username);
277 assert(*username);
278 assert(uid);
279 assert(gid);
280 assert(home);
281
282 /* We enforce some special rules for uid=0: in order to avoid
283 * NSS lookups for root we hardcode its data. */
284
285 if (streq(*username, "root") || streq(*username, "0")) {
286 *username = "root";
287 *uid = 0;
288 *gid = 0;
289 *home = "/root";
290 return 0;
291 }
292
293 if (safe_atolu(*username, &lu) >= 0) {
294 errno = 0;
295 p = getpwuid((uid_t) lu);
296
297 /* If there are multiple users with the same id, make
298 * sure to leave $USER to the configured value instead
299 * of the first occurence in the database. However if
300 * the uid was configured by a numeric uid, then let's
301 * pick the real username from /etc/passwd. */
302 if (*username && p)
303 *username = p->pw_name;
304 } else {
305 errno = 0;
306 p = getpwnam(*username);
307 }
308
309 if (!p)
310 return errno != 0 ? -errno : -ESRCH;
311
312 *uid = p->pw_uid;
313 *gid = p->pw_gid;
314 *home = p->pw_dir;
315 return 0;
316}
317
318static int enforce_groups(const ExecContext *context, const char *username, gid_t gid) {
319 bool keep_groups = false;
320 int r;
321
322 assert(context);
323
324 /* Lookup and ser GID and supplementary group list. Here too
325 * we avoid NSS lookups for gid=0. */
326
327 if (context->group || username) {
328
329 if (context->group)
330 if ((r = get_group_creds(context->group, &gid)) < 0)
331 return r;
332
333 /* First step, initialize groups from /etc/groups */
334 if (username && gid != 0) {
335 if (initgroups(username, gid) < 0)
336 return -errno;
337
338 keep_groups = true;
339 }
340
341 /* Second step, set our gids */
342 if (setresgid(gid, gid, gid) < 0)
343 return -errno;
344 }
345
346 if (context->supplementary_groups) {
347 int ngroups_max, k;
348 gid_t *gids;
349 char **i;
350
351 /* Final step, initialize any manually set supplementary groups */
352 ngroups_max = (int) sysconf(_SC_NGROUPS_MAX);
353
354 if (!(gids = new(gid_t, ngroups_max)))
355 return -ENOMEM;
356
357 if (keep_groups) {
358 if ((k = getgroups(ngroups_max, gids)) < 0) {
359 free(gids);
360 return -errno;
361 }
362 } else
363 k = 0;
364
365 STRV_FOREACH(i, context->supplementary_groups) {
366
367 if (k >= ngroups_max) {
368 free(gids);
369 return -E2BIG;
370 }
371
372 if ((r = get_group_creds(*i, gids+k)) < 0) {
373 free(gids);
374 return r;
375 }
376
377 k++;
378 }
379
380 if (setgroups(k, gids) < 0) {
381 free(gids);
382 return -errno;
383 }
384
385 free(gids);
386 }
387
388 return 0;
389}
390
391static int enforce_user(const ExecContext *context, uid_t uid) {
392 int r;
393 assert(context);
394
395 /* Sets (but doesn't lookup) the uid and make sure we keep the
396 * capabilities while doing so. */
397
398 if (context->capabilities) {
399 cap_t d;
400 static const cap_value_t bits[] = {
401 CAP_SETUID, /* Necessary so that we can run setresuid() below */
402 CAP_SETPCAP /* Necessary so that we can set PR_SET_SECUREBITS later on */
403 };
404
405 /* First step: If we need to keep capabilities but
406 * drop privileges we need to make sure we keep our
407 * caps, whiel we drop priviliges. */
693ced48
LP		 408 if (uid != 0) {
409 int sb = context->secure_bits|SECURE_KEEP_CAPS;
410
411 if (prctl(PR_GET_SECUREBITS) != sb)
412 if (prctl(PR_SET_SECUREBITS, sb) < 0)
413 return -errno;
414 }
81a2b7ce
LP		 415
416 /* Second step: set the capabilites. This will reduce
417 * the capabilities to the minimum we need. */
418
419 if (!(d = cap_dup(context->capabilities)))
420 return -errno;
421
422 if (cap_set_flag(d, CAP_EFFECTIVE, ELEMENTSOF(bits), bits, CAP_SET) < 0 ||
423 cap_set_flag(d, CAP_PERMITTED, ELEMENTSOF(bits), bits, CAP_SET) < 0) {
424 r = -errno;
425 cap_free(d);
426 return r;
427 }
428
429 if (cap_set_proc(d) < 0) {
430 r = -errno;
431 cap_free(d);
432 return r;
433 }
434
435 cap_free(d);
436 }
437
438 /* Third step: actually set the uids */
439 if (setresuid(uid, uid, uid) < 0)
440 return -errno;
441
442 /* At this point we should have all necessary capabilities but
443 are otherwise a normal user. However, the caps might got
444 corrupted due to the setresuid() so we need clean them up
445 later. This is done outside of this call. */
446
447 return 0;
448}
449
450int exec_spawn(const ExecCommand *command,
451 const ExecContext *context,
452 int *fds, unsigned n_fds,
453 bool apply_permissions,
454 bool apply_chroot,
8e274523 455 CGroupBonding *cgroup_bondings,
81a2b7ce
LP		 456 pid_t *ret) {
457
034c6ed7 458 pid_t pid;
8e274523 459 int r;
034c6ed7 460
5cb5a6ff
LP		 461 assert(command);
462 assert(context);
463 assert(ret);
034c6ed7
LP		 464 assert(fds || n_fds <= 0);
465
81a2b7ce 466 log_debug("About to execute %s", command->path);
acbb0225 467
8e274523
LP		 468 if (cgroup_bondings)
469 if ((r = cgroup_bonding_realize_list(cgroup_bondings)))
470 return r;
471
034c6ed7
LP		 472 if ((pid = fork()) < 0)
473 return -errno;
474
475 if (pid == 0) {
8e274523 476 int i;
309bff19 477 sigset_t ss;
81a2b7ce
LP		 478 const char *username = NULL, *home = NULL;
479 uid_t uid = (uid_t) -1;
480 gid_t gid = (gid_t) -1;
481 char **our_env = NULL, **final_env = NULL;
482 unsigned n_env = 0;
309bff19 483
034c6ed7 484 /* child */
5cb5a6ff 485
309bff19
LP		 486 if (sigemptyset(&ss) < 0 ||
487 sigprocmask(SIG_SETMASK, &ss, NULL) < 0) {
488 r = EXIT_SIGNAL_MASK;
489 goto fail;
490 }
491
9eba9da4
LP		 492 if (setpgid(0, 0) < 0) {
493 r = EXIT_PGID;
034c6ed7
LP		 494 goto fail;
495 }
496
9eba9da4
LP		 497 umask(context->umask);
498
94f04347
LP		 499 if (setup_input(context) < 0) {
500 r = EXIT_INPUT;
501 goto fail;
502 }
503
071830ff
LP		 504 if (setup_output(context, file_name_from_path(command->path)) < 0) {
505 r = EXIT_OUTPUT;
506 goto fail;
507 }
508
8e274523
LP		 509 if (cgroup_bondings)
510 if ((r = cgroup_bonding_install_list(cgroup_bondings, 0)) < 0) {
511 r = EXIT_CGROUP;
512 goto fail;
513 }
514
fb33a393
LP		 515 if (context->oom_adjust_set) {
516 char t[16];
034c6ed7 517
fb33a393
LP		 518 snprintf(t, sizeof(t), "%i", context->oom_adjust);
519 char_array_0(t);
034c6ed7 520
fb33a393
LP		 521 if (write_one_line_file("/proc/self/oom_adj", t) < 0) {
522 r = EXIT_OOM_ADJUST;
523 goto fail;
524 }
034c6ed7
LP		 525 }
526
fb33a393
LP		 527 if (context->nice_set)
528 if (setpriority(PRIO_PROCESS, 0, context->nice) < 0) {
529 r = EXIT_NICE;
530 goto fail;
531 }
532
94f04347
LP		 533 if (context->cpu_sched_set) {
534 struct sched_param param;
535
536 zero(param);
537 param.sched_priority = context->cpu_sched_priority;
538
38b48754
LP		 539 if (sched_setscheduler(0, context->cpu_sched_policy |
540 (context->cpu_sched_reset_on_fork ? SCHED_RESET_ON_FORK : 0), &param) < 0) {
94f04347
LP		 541 r = EXIT_SETSCHEDULER;
542 goto fail;
543 }
544 }
545
546 if (context->cpu_affinity_set)
547 if (sched_setaffinity(0, sizeof(context->cpu_affinity), &context->cpu_affinity) < 0) {
548 r = EXIT_CPUAFFINITY;
549 goto fail;
550 }
551
9eba9da4
LP		 552 if (context->ioprio_set)
553 if (ioprio_set(IOPRIO_WHO_PROCESS, 0, context->ioprio) < 0) {
554 r = EXIT_IOPRIO;
555 goto fail;
556 }
557
94f04347
LP		 558 if (context->timer_slack_ns_set)
559 if (prctl(PR_SET_TIMERSLACK, context->timer_slack_ns_set) < 0) {
560 r = EXIT_TIMERSLACK;
561 goto fail;
562 }
563
81a2b7ce
LP		 564 if (context->user) {
565 username = context->user;
566 if (get_user_creds(&username, &uid, &gid, &home) < 0) {
567 r = EXIT_USER;
568 goto fail;
569 }
570 }
571
572 if (apply_permissions)
573 if (enforce_groups(context, username, uid) < 0) {
574 r = EXIT_GROUP;
575 goto fail;
576 }
577
578 if (apply_chroot) {
579 if (context->root_directory)
580 if (chroot(context->root_directory) < 0) {
581 r = EXIT_CHROOT;
582 goto fail;
583 }
584
585 if (chdir(context->working_directory ? context->working_directory : "/") < 0) {
586 r = EXIT_CHDIR;
587 goto fail;
588 }
589 } else {
590
591 char *d;
592
593 if (asprintf(&d, "%s/%s",
594 context->root_directory ? context->root_directory : "",
595 context->working_directory ? context->working_directory : "") < 0) {
596 r = EXIT_MEMORY;
597 goto fail;
598 }
599
600 if (chdir(d) < 0) {
601 free(d);
602 r = EXIT_CHDIR;
603 goto fail;
604 }
605
606 free(d);
607 }
608
a0d40ac5 609 if (close_all_fds(fds, n_fds) < 0 ||
47a71eed 610 shift_fds(fds, n_fds) < 0 ||
451a074f 611 flags_fds(fds, n_fds, context->non_blocking) < 0) {
034c6ed7
LP		 612 r = EXIT_FDS;
613 goto fail;
614 }
615
81a2b7ce 616 if (apply_permissions) {
034c6ed7 617
81a2b7ce
LP		 618 for (i = 0; i < RLIMIT_NLIMITS; i++) {
619 if (!context->rlimit[i])
620 continue;
621
622 if (setrlimit(i, context->rlimit[i]) < 0) {
623 r = EXIT_LIMITS;
624 goto fail;
625 }
034c6ed7 626 }
034c6ed7 627
81a2b7ce
LP		 628 if (context->user)
629 if (enforce_user(context, uid) < 0) {
630 r = EXIT_USER;
631 goto fail;
632 }
633
693ced48
LP		 634 /* PR_GET_SECUREBITS is not priviliged, while
635 * PR_SET_SECUREBITS is. So to suppress
636 * potential EPERMs we'll try not to call
637 * PR_SET_SECUREBITS unless necessary. */
638 if (prctl(PR_GET_SECUREBITS) != context->secure_bits)
639 if (prctl(PR_SET_SECUREBITS, context->secure_bits) < 0) {
640 r = EXIT_SECUREBITS;
641 goto fail;
642 }
81a2b7ce
LP		 643
644 if (context->capabilities)
645 if (cap_set_proc(context->capabilities) < 0) {
646 r = EXIT_CAPABILITIES;
647 goto fail;
648 }
94f04347
LP		 649 }
650
81a2b7ce
LP		 651 if (!(our_env = new0(char*, 6))) {
652 r = EXIT_MEMORY;
653 goto fail;
654 }
034c6ed7 655
81a2b7ce
LP		 656 if (n_fds > 0)
657 if (asprintf(our_env + n_env++, "LISTEN_PID=%llu", (unsigned long long) getpid()) < 0 ||
658 asprintf(our_env + n_env++, "LISTEN_FDS=%u", n_fds) < 0) {
659 r = EXIT_MEMORY;
660 goto fail;
661 }
034c6ed7 662
81a2b7ce
LP		 663 if (home)
664 if (asprintf(our_env + n_env++, "HOME=%s", home) < 0) {
665 r = EXIT_MEMORY;
666 goto fail;
667 }
034c6ed7 668
81a2b7ce
LP		 669 if (username)
670 if (asprintf(our_env + n_env++, "LOGNAME=%s", username) < 0 ||
671 asprintf(our_env + n_env++, "USER=%s", username) < 0) {
672 r = EXIT_MEMORY;
673 goto fail;
674 }
034c6ed7 675
81a2b7ce
LP		 676 if (!(final_env = strv_env_merge(environ, our_env, context->environment, NULL))) {
677 r = EXIT_MEMORY;
678 goto fail;
679 }
034c6ed7 680
81a2b7ce 681 execve(command->path, command->argv, final_env);
034c6ed7
LP		 682 r = EXIT_EXEC;
683
684 fail:
81a2b7ce
LP		 685 strv_free(our_env);
686 strv_free(final_env);
687
034c6ed7
LP		 688 _exit(r);
689 }
690
2da3263a 691
81a2b7ce 692 log_debug("Forked %s as %llu", command->path, (unsigned long long) pid);
2da3263a 693
034c6ed7 694 *ret = pid;
5cb5a6ff
LP		 695 return 0;
696}
697
034c6ed7
LP		 698void exec_context_init(ExecContext *c) {
699 assert(c);
700
701 c->umask = 0002;
034c6ed7 702 c->oom_adjust = 0;
9eba9da4 703 c->oom_adjust_set = false;
034c6ed7 704 c->nice = 0;
9eba9da4
LP		 705 c->nice_set = false;
706 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
707 c->ioprio_set = false;
94f04347
LP		 708 c->cpu_sched_policy = SCHED_OTHER;
709 c->cpu_sched_priority = 0;
710 c->cpu_sched_set = false;
711 CPU_ZERO(&c->cpu_affinity);
712 c->cpu_affinity_set = false;
071830ff 713
94f04347 714 c->input = 0;
071830ff
LP		 715 c->output = 0;
716 c->syslog_priority = LOG_DAEMON|LOG_INFO;
94f04347
LP		 717
718 c->secure_bits = 0;
719 c->capability_bounding_set_drop = 0;
034c6ed7
LP		 720}
721
722void exec_context_done(ExecContext *c) {
5cb5a6ff
LP		 723 unsigned l;
724
725 assert(c);
726
727 strv_free(c->environment);
034c6ed7 728 c->environment = NULL;
5cb5a6ff 729
034c6ed7 730 for (l = 0; l < ELEMENTSOF(c->rlimit); l++) {
5cb5a6ff 731 free(c->rlimit[l]);
034c6ed7
LP		 732 c->rlimit[l] = NULL;
733 }
734
9eba9da4
LP		 735 free(c->working_directory);
736 c->working_directory = NULL;
737 free(c->root_directory);
738 c->root_directory = NULL;
5cb5a6ff 739
071830ff
LP		 740 free(c->syslog_identifier);
741 c->syslog_identifier = NULL;
742
5cb5a6ff 743 free(c->user);
034c6ed7
LP		 744 c->user = NULL;
745
5cb5a6ff 746 free(c->group);
034c6ed7
LP		 747 c->group = NULL;
748
749 strv_free(c->supplementary_groups);
750 c->supplementary_groups = NULL;
94f04347
LP		 751
752 if (c->capabilities) {
753 cap_free(c->capabilities);
754 c->capabilities = NULL;
755 }
5cb5a6ff
LP		 756}
757
758void exec_command_free_list(ExecCommand *c) {
759 ExecCommand *i;
760
761 while ((i = c)) {
034c6ed7 762 LIST_REMOVE(ExecCommand, command, c, i);
5cb5a6ff
LP		 763
764 free(i->path);
44d8db9e 765 strv_free(i->argv);
5cb5a6ff
LP		 766 free(i);
767 }
768}
769
034c6ed7
LP		 770void exec_command_free_array(ExecCommand **c, unsigned n) {
771 unsigned i;
772
773 for (i = 0; i < n; i++) {
774 exec_command_free_list(c[i]);
775 c[i] = NULL;
776 }
777}
778
5cb5a6ff 779void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
94f04347
LP		 780 char ** e;
781 unsigned i;
9eba9da4 782
5cb5a6ff
LP		 783 assert(c);
784 assert(f);
785
786 if (!prefix)
787 prefix = "";
788
789 fprintf(f,
94f04347
LP		 790 "%sUMask: %04o\n"
791 "%sWorkingDirectory: %s\n"
451a074f
LP		 792 "%sRootDirectory: %s\n"
793 "%sNonBlocking: %s\n",
5cb5a6ff 794 prefix, c->umask,
9eba9da4 795 prefix, c->working_directory ? c->working_directory : "/",
451a074f
LP		 796 prefix, c->root_directory ? c->root_directory : "/",
797 prefix, yes_no(c->non_blocking));
fb33a393 798
94f04347
LP		 799 if (c->environment)
800 for (e = c->environment; *e; e++)
801 fprintf(f, "%sEnvironment: %s\n", prefix, *e);
802
fb33a393
LP		 803 if (c->nice_set)
804 fprintf(f,
805 "%sNice: %i\n",
806 prefix, c->nice);
807
808 if (c->oom_adjust_set)
809 fprintf(f,
810 "%sOOMAdjust: %i\n",
811 prefix, c->oom_adjust);
9eba9da4 812
94f04347
LP		 813 for (i = 0; i < RLIM_NLIMITS; i++)
814 if (c->rlimit[i])
ea430986 815 fprintf(f, "%s%s: %llu\n", prefix, rlimit_to_string(i), (unsigned long long) c->rlimit[i]->rlim_max);
94f04347 816
9eba9da4
LP		 817 if (c->ioprio_set)
818 fprintf(f,
819 "%sIOSchedulingClass: %s\n"
820 "%sIOPriority: %i\n",
94f04347 821 prefix, ioprio_class_to_string(IOPRIO_PRIO_CLASS(c->ioprio)),
9eba9da4 822 prefix, (int) IOPRIO_PRIO_DATA(c->ioprio));
94f04347
LP		 823
824 if (c->cpu_sched_set)
825 fprintf(f,
826 "%sCPUSchedulingPolicy: %s\n"
38b48754
LP		 827 "%sCPUSchedulingPriority: %i\n"
828 "%sCPUSchedulingResetOnFork: %s\n",
94f04347 829 prefix, sched_policy_to_string(c->cpu_sched_policy),
38b48754
LP		 830 prefix, c->cpu_sched_priority,
831 prefix, yes_no(c->cpu_sched_reset_on_fork));
94f04347
LP		 832
833 if (c->cpu_affinity_set) {
834 fprintf(f, "%sCPUAffinity:", prefix);
835 for (i = 0; i < CPU_SETSIZE; i++)
836 if (CPU_ISSET(i, &c->cpu_affinity))
837 fprintf(f, " %i", i);
838 fputs("\n", f);
839 }
840
841 if (c->timer_slack_ns_set)
842 fprintf(f, "%sTimerSlackNS: %lu\n", prefix, c->timer_slack_ns);
843
844 fprintf(f,
845 "%sInput: %s\n"
846 "%sOutput: %s\n",
847 prefix, exec_input_to_string(c->input),
848 prefix, exec_output_to_string(c->output));
849
850 if (c->output == EXEC_OUTPUT_SYSLOG || c->output == EXEC_OUTPUT_KERNEL)
851 fprintf(f,
852 "%sSyslogFacility: %s\n"
853 "%sSyslogLevel: %s\n",
854 prefix, log_facility_to_string(LOG_FAC(c->syslog_priority)),
855 prefix, log_level_to_string(LOG_PRI(c->syslog_priority)));
856
857 if (c->capabilities) {
858 char *t;
859 if ((t = cap_to_text(c->capabilities, NULL))) {
860 fprintf(f, "%sCapabilities: %s\n",
861 prefix, t);
862 cap_free(t);
863 }
864 }
865
866 if (c->secure_bits)
867 fprintf(f, "%sSecure Bits:%s%s%s%s%s%s\n",
868 prefix,
869 (c->secure_bits & SECURE_KEEP_CAPS) ? " keep-caps" : "",
870 (c->secure_bits & SECURE_KEEP_CAPS_LOCKED) ? " keep-caps-locked" : "",
871 (c->secure_bits & SECURE_NO_SETUID_FIXUP) ? " no-setuid-fixup" : "",
872 (c->secure_bits & SECURE_NO_SETUID_FIXUP_LOCKED) ? " no-setuid-fixup-locked" : "",
873 (c->secure_bits & SECURE_NOROOT) ? " noroot" : "",
874 (c->secure_bits & SECURE_NOROOT_LOCKED) ? "noroot-locked" : "");
875
876 if (c->capability_bounding_set_drop) {
877 fprintf(f, "%sCapabilityBoundingSetDrop:", prefix);
878
879 for (i = 0; i <= CAP_LAST_CAP; i++)
880 if (c->capability_bounding_set_drop & (1 << i)) {
881 char *t;
882
883 if ((t = cap_to_name(i))) {
884 fprintf(f, " %s", t);
885 free(t);
886 }
887 }
888
889 fputs("\n", f);
890 }
891
892 if (c->user)
893 fprintf(f, "%sUser: %s", prefix, c->user);
894 if (c->group)
895 fprintf(f, "%sGroup: %s", prefix, c->group);
896
897 if (c->supplementary_groups) {
898 char **g;
899
900 fprintf(f, "%sSupplementaryGroups:", prefix);
901
902 STRV_FOREACH(g, c->supplementary_groups)
903 fprintf(f, " %s", *g);
904
905 fputs("\n", f);
906 }
5cb5a6ff
LP		 907}
908
034c6ed7
LP		 909void exec_status_fill(ExecStatus *s, pid_t pid, int code, int status) {
910 assert(s);
5cb5a6ff 911
034c6ed7
LP		 912 s->pid = pid;
913 s->code = code;
914 s->status = status;
915 s->timestamp = now(CLOCK_REALTIME);
5cb5a6ff 916}
44d8db9e
LP		 917
918char *exec_command_line(ExecCommand *c) {
919 size_t k;
920 char *n, *p, **a;
921 bool first = true;
922
923 assert(c);
924 assert(c->argv);
925
9164977d 926 k = 1;
44d8db9e
LP		 927 STRV_FOREACH(a, c->argv)
928 k += strlen(*a)+3;
929
930 if (!(n = new(char, k)))
931 return NULL;
932
933 p = n;
934 STRV_FOREACH(a, c->argv) {
935
936 if (!first)
937 *(p++) = ' ';
938 else
939 first = false;
940
941 if (strpbrk(*a, WHITESPACE)) {
942 *(p++) = '\'';
943 p = stpcpy(p, *a);
944 *(p++) = '\'';
945 } else
946 p = stpcpy(p, *a);
947
948 }
949
9164977d
LP		 950 *p = 0;
951
44d8db9e
LP		 952 /* FIXME: this doesn't really handle arguments that have
953 * spaces and ticks in them */
954
955 return n;
956}
957
958void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix) {
959 char *cmd;
960
961 assert(c);
962 assert(f);
963
964 if (!prefix)
965 prefix = "";
966
967 cmd = exec_command_line(c);
968
969 fprintf(f,
970 "%sCommand Line: %s\n",
971 prefix, cmd ? cmd : strerror(ENOMEM));
972
973 free(cmd);
974}
975
976void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix) {
977 assert(f);
978
979 if (!prefix)
980 prefix = "";
981
982 LIST_FOREACH(command, c, c)
983 exec_command_dump(c, f, prefix);
984}
94f04347 985
a6a80b4f
LP		 986void exec_command_append_list(ExecCommand **l, ExecCommand *e) {
987 ExecCommand *end;
988
989 assert(l);
990 assert(e);
991
992 if (*l) {
993 /* It's kinda important that we keep the order here */
994 LIST_FIND_TAIL(ExecCommand, command, *l, end);
995 LIST_INSERT_AFTER(ExecCommand, command, *l, end, e);
996 } else
997 *l = e;
998}
999
94f04347
LP		 1000static const char* const exec_output_table[_EXEC_OUTPUT_MAX] = {
1001 [EXEC_OUTPUT_CONSOLE] = "console",
1002 [EXEC_OUTPUT_NULL] = "null",
1003 [EXEC_OUTPUT_SYSLOG] = "syslog",
1004 [EXEC_OUTPUT_KERNEL] = "kernel"
1005};
1006
1007DEFINE_STRING_TABLE_LOOKUP(exec_output, ExecOutput);
1008
1009static const char* const exec_input_table[_EXEC_INPUT_MAX] = {
1010 [EXEC_INPUT_NULL] = "null",
1011 [EXEC_INPUT_CONSOLE] = "console"
1012};
1013
1014DEFINE_STRING_TABLE_LOOKUP(exec_input, ExecInput);
Michael's branch of systemd.