]>
Commit | Line | Data |
---|---|---|
5cb5a6ff LP |
1 | /*-*- Mode: C; c-basic-offset: 8 -*-*/ |
2 | ||
a7334b09 LP |
3 | /*** |
4 | This file is part of systemd. | |
5 | ||
6 | Copyright 2010 Lennart Poettering | |
7 | ||
8 | systemd is free software; you can redistribute it and/or modify it | |
9 | under the terms of the GNU General Public License as published by | |
10 | the Free Software Foundation; either version 2 of the License, or | |
11 | (at your option) any later version. | |
12 | ||
13 | systemd is distributed in the hope that it will be useful, but | |
14 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
16 | General Public License for more details. | |
17 | ||
18 | You should have received a copy of the GNU General Public License | |
19 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
20 | ***/ | |
21 | ||
5cb5a6ff | 22 | #include <assert.h> |
034c6ed7 LP |
23 | #include <dirent.h> |
24 | #include <errno.h> | |
25 | #include <fcntl.h> | |
26 | #include <unistd.h> | |
44d8db9e | 27 | #include <string.h> |
309bff19 | 28 | #include <signal.h> |
071830ff LP |
29 | #include <sys/socket.h> |
30 | #include <sys/un.h> | |
94f04347 | 31 | #include <sys/prctl.h> |
66ee3769 | 32 | #include <linux/sched.h> |
451a074f LP |
33 | #include <sys/types.h> |
34 | #include <sys/stat.h> | |
81a2b7ce LP |
35 | #include <grp.h> |
36 | #include <pwd.h> | |
5cb5a6ff LP |
37 | |
38 | #include "execute.h" | |
39 | #include "strv.h" | |
40 | #include "macro.h" | |
41 | #include "util.h" | |
acbb0225 | 42 | #include "log.h" |
9eba9da4 | 43 | #include "ioprio.h" |
94f04347 | 44 | #include "securebits.h" |
8e274523 | 45 | #include "cgroup.h" |
5cb5a6ff | 46 | |
034c6ed7 LP |
47 | static int shift_fds(int fds[], unsigned n_fds) { |
48 | int start, restart_from; | |
49 | ||
50 | if (n_fds <= 0) | |
51 | return 0; | |
52 | ||
a0d40ac5 LP |
53 | /* Modifies the fds array! (sorts it) */ |
54 | ||
034c6ed7 LP |
55 | assert(fds); |
56 | ||
57 | start = 0; | |
58 | for (;;) { | |
59 | int i; | |
60 | ||
61 | restart_from = -1; | |
62 | ||
63 | for (i = start; i < (int) n_fds; i++) { | |
64 | int nfd; | |
65 | ||
66 | /* Already at right index? */ | |
67 | if (fds[i] == i+3) | |
68 | continue; | |
69 | ||
70 | if ((nfd = fcntl(fds[i], F_DUPFD, i+3)) < 0) | |
71 | return -errno; | |
72 | ||
2da3263a | 73 | assert_se(close_nointr(fds[i]) == 0); |
034c6ed7 LP |
74 | fds[i] = nfd; |
75 | ||
76 | /* Hmm, the fd we wanted isn't free? Then | |
77 | * let's remember that and try again from here*/ | |
78 | if (nfd != i+3 && restart_from < 0) | |
79 | restart_from = i; | |
80 | } | |
81 | ||
82 | if (restart_from < 0) | |
83 | break; | |
84 | ||
85 | start = restart_from; | |
86 | } | |
87 | ||
88 | return 0; | |
89 | } | |
90 | ||
451a074f | 91 | static int flags_fds(int fds[], unsigned n_fds, bool nonblock) { |
47a71eed | 92 | unsigned i; |
e2c76839 | 93 | int r; |
47a71eed LP |
94 | |
95 | if (n_fds <= 0) | |
96 | return 0; | |
97 | ||
98 | assert(fds); | |
99 | ||
451a074f | 100 | /* Drops/Sets O_NONBLOCK and FD_CLOEXEC from the file flags */ |
47a71eed LP |
101 | |
102 | for (i = 0; i < n_fds; i++) { | |
47a71eed | 103 | |
e2c76839 LP |
104 | if ((r = fd_nonblock(fds[i], nonblock)) < 0) |
105 | return r; | |
47a71eed | 106 | |
451a074f LP |
107 | /* We unconditionally drop FD_CLOEXEC from the fds, |
108 | * since after all we want to pass these fds to our | |
109 | * children */ | |
47a71eed | 110 | |
e2c76839 LP |
111 | if ((r = fd_cloexec(fds[i], false)) < 0) |
112 | return r; | |
47a71eed LP |
113 | } |
114 | ||
115 | return 0; | |
116 | } | |
117 | ||
071830ff LP |
118 | static int replace_null_fd(int fd, int flags) { |
119 | int nfd; | |
120 | assert(fd >= 0); | |
121 | ||
122 | close_nointr(fd); | |
123 | ||
124 | if ((nfd = open("/dev/null", flags|O_NOCTTY)) < 0) | |
125 | return -errno; | |
126 | ||
127 | if (nfd != fd) { | |
128 | close_nointr_nofail(nfd); | |
129 | return -EIO; | |
130 | } | |
131 | ||
132 | return 0; | |
133 | } | |
134 | ||
135 | static int setup_output(const ExecContext *context, const char *ident) { | |
136 | int r; | |
137 | ||
138 | assert(context); | |
139 | ||
140 | switch (context->output) { | |
141 | ||
94f04347 | 142 | case EXEC_OUTPUT_CONSOLE: |
071830ff LP |
143 | return 0; |
144 | ||
94f04347 | 145 | case EXEC_OUTPUT_NULL: |
071830ff | 146 | |
94f04347 | 147 | if ((r = replace_null_fd(STDOUT_FILENO, O_WRONLY)) < 0 || |
071830ff LP |
148 | (r = replace_null_fd(STDERR_FILENO, O_WRONLY)) < 0) |
149 | return r; | |
150 | ||
151 | return 0; | |
152 | ||
94f04347 LP |
153 | case EXEC_OUTPUT_KERNEL: |
154 | case EXEC_OUTPUT_SYSLOG: { | |
071830ff LP |
155 | |
156 | int fd; | |
157 | union { | |
158 | struct sockaddr sa; | |
159 | struct sockaddr_un un; | |
160 | } sa; | |
161 | ||
071830ff LP |
162 | close_nointr(STDOUT_FILENO); |
163 | close_nointr(STDERR_FILENO); | |
164 | ||
165 | if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) | |
166 | return -errno; | |
167 | ||
168 | if (fd != STDOUT_FILENO) { | |
169 | close_nointr_nofail(fd); | |
170 | return -EIO; | |
171 | } | |
172 | ||
173 | zero(sa); | |
174 | sa.sa.sa_family = AF_UNIX; | |
175 | strncpy(sa.un.sun_path+1, LOGGER_SOCKET, sizeof(sa.un.sun_path)-1); | |
176 | ||
177 | if (connect(fd, &sa.sa, sizeof(sa)) < 0) { | |
178 | close_nointr_nofail(fd); | |
179 | return -errno; | |
180 | } | |
181 | ||
182 | if (shutdown(fd, SHUT_RD) < 0) { | |
183 | close_nointr_nofail(fd); | |
184 | return -errno; | |
185 | } | |
186 | ||
187 | if ((fd = dup(fd)) < 0) { | |
188 | close_nointr_nofail(fd); | |
189 | return -errno; | |
190 | } | |
191 | ||
192 | if (fd != STDERR_FILENO) { | |
193 | close_nointr_nofail(fd); | |
194 | return -EIO; | |
195 | } | |
196 | ||
197 | /* We speak a very simple protocol between log server | |
198 | * and client: one line for the log destination (kmsg | |
199 | * or syslog), followed by the priority field, | |
200 | * followed by the process name. Since we replaced | |
201 | * stdin/stderr we simple use stdio to write to | |
202 | * it. Note that we use stderr, to minimize buffer | |
203 | * flushing issues. */ | |
204 | ||
205 | fprintf(stderr, | |
206 | "%s\n" | |
207 | "%i\n" | |
208 | "%s\n", | |
94f04347 | 209 | context->output == EXEC_OUTPUT_KERNEL ? "kmsg" : "syslog", |
071830ff LP |
210 | context->syslog_priority, |
211 | context->syslog_identifier ? context->syslog_identifier : ident); | |
212 | ||
213 | return 0; | |
214 | } | |
94f04347 LP |
215 | |
216 | default: | |
217 | assert_not_reached("Unknown output type"); | |
071830ff | 218 | } |
94f04347 LP |
219 | } |
220 | ||
47be870b | 221 | static int setup_input(const ExecContext *context) { |
94f04347 LP |
222 | int r; |
223 | ||
224 | assert(context); | |
071830ff | 225 | |
94f04347 LP |
226 | switch (context->input) { |
227 | ||
228 | case EXEC_INPUT_CONSOLE: | |
229 | return 0; | |
230 | ||
231 | case EXEC_INPUT_NULL: | |
232 | if ((r = replace_null_fd(STDIN_FILENO, O_RDONLY)) < 0) | |
233 | return r; | |
234 | ||
235 | return 0; | |
236 | ||
237 | default: | |
238 | assert_not_reached("Unknown input type"); | |
239 | } | |
071830ff LP |
240 | } |
241 | ||
81a2b7ce LP |
242 | static int get_group_creds(const char *groupname, gid_t *gid) { |
243 | struct group *g; | |
244 | unsigned long lu; | |
245 | ||
246 | assert(groupname); | |
247 | assert(gid); | |
248 | ||
249 | /* We enforce some special rules for gid=0: in order to avoid | |
250 | * NSS lookups for root we hardcode its data. */ | |
251 | ||
252 | if (streq(groupname, "root") || streq(groupname, "0")) { | |
253 | *gid = 0; | |
254 | return 0; | |
255 | } | |
256 | ||
257 | if (safe_atolu(groupname, &lu) >= 0) { | |
258 | errno = 0; | |
259 | g = getgrgid((gid_t) lu); | |
260 | } else { | |
261 | errno = 0; | |
262 | g = getgrnam(groupname); | |
263 | } | |
264 | ||
265 | if (!g) | |
266 | return errno != 0 ? -errno : -ESRCH; | |
267 | ||
268 | *gid = g->gr_gid; | |
269 | return 0; | |
270 | } | |
271 | ||
272 | static int get_user_creds(const char **username, uid_t *uid, gid_t *gid, const char **home) { | |
273 | struct passwd *p; | |
274 | unsigned long lu; | |
275 | ||
276 | assert(username); | |
277 | assert(*username); | |
278 | assert(uid); | |
279 | assert(gid); | |
280 | assert(home); | |
281 | ||
282 | /* We enforce some special rules for uid=0: in order to avoid | |
283 | * NSS lookups for root we hardcode its data. */ | |
284 | ||
285 | if (streq(*username, "root") || streq(*username, "0")) { | |
286 | *username = "root"; | |
287 | *uid = 0; | |
288 | *gid = 0; | |
289 | *home = "/root"; | |
290 | return 0; | |
291 | } | |
292 | ||
293 | if (safe_atolu(*username, &lu) >= 0) { | |
294 | errno = 0; | |
295 | p = getpwuid((uid_t) lu); | |
296 | ||
297 | /* If there are multiple users with the same id, make | |
298 | * sure to leave $USER to the configured value instead | |
299 | * of the first occurence in the database. However if | |
300 | * the uid was configured by a numeric uid, then let's | |
301 | * pick the real username from /etc/passwd. */ | |
302 | if (*username && p) | |
303 | *username = p->pw_name; | |
304 | } else { | |
305 | errno = 0; | |
306 | p = getpwnam(*username); | |
307 | } | |
308 | ||
309 | if (!p) | |
310 | return errno != 0 ? -errno : -ESRCH; | |
311 | ||
312 | *uid = p->pw_uid; | |
313 | *gid = p->pw_gid; | |
314 | *home = p->pw_dir; | |
315 | return 0; | |
316 | } | |
317 | ||
318 | static int enforce_groups(const ExecContext *context, const char *username, gid_t gid) { | |
319 | bool keep_groups = false; | |
320 | int r; | |
321 | ||
322 | assert(context); | |
323 | ||
324 | /* Lookup and ser GID and supplementary group list. Here too | |
325 | * we avoid NSS lookups for gid=0. */ | |
326 | ||
327 | if (context->group || username) { | |
328 | ||
329 | if (context->group) | |
330 | if ((r = get_group_creds(context->group, &gid)) < 0) | |
331 | return r; | |
332 | ||
333 | /* First step, initialize groups from /etc/groups */ | |
334 | if (username && gid != 0) { | |
335 | if (initgroups(username, gid) < 0) | |
336 | return -errno; | |
337 | ||
338 | keep_groups = true; | |
339 | } | |
340 | ||
341 | /* Second step, set our gids */ | |
342 | if (setresgid(gid, gid, gid) < 0) | |
343 | return -errno; | |
344 | } | |
345 | ||
346 | if (context->supplementary_groups) { | |
347 | int ngroups_max, k; | |
348 | gid_t *gids; | |
349 | char **i; | |
350 | ||
351 | /* Final step, initialize any manually set supplementary groups */ | |
352 | ngroups_max = (int) sysconf(_SC_NGROUPS_MAX); | |
353 | ||
354 | if (!(gids = new(gid_t, ngroups_max))) | |
355 | return -ENOMEM; | |
356 | ||
357 | if (keep_groups) { | |
358 | if ((k = getgroups(ngroups_max, gids)) < 0) { | |
359 | free(gids); | |
360 | return -errno; | |
361 | } | |
362 | } else | |
363 | k = 0; | |
364 | ||
365 | STRV_FOREACH(i, context->supplementary_groups) { | |
366 | ||
367 | if (k >= ngroups_max) { | |
368 | free(gids); | |
369 | return -E2BIG; | |
370 | } | |
371 | ||
372 | if ((r = get_group_creds(*i, gids+k)) < 0) { | |
373 | free(gids); | |
374 | return r; | |
375 | } | |
376 | ||
377 | k++; | |
378 | } | |
379 | ||
380 | if (setgroups(k, gids) < 0) { | |
381 | free(gids); | |
382 | return -errno; | |
383 | } | |
384 | ||
385 | free(gids); | |
386 | } | |
387 | ||
388 | return 0; | |
389 | } | |
390 | ||
391 | static int enforce_user(const ExecContext *context, uid_t uid) { | |
392 | int r; | |
393 | assert(context); | |
394 | ||
395 | /* Sets (but doesn't lookup) the uid and make sure we keep the | |
396 | * capabilities while doing so. */ | |
397 | ||
398 | if (context->capabilities) { | |
399 | cap_t d; | |
400 | static const cap_value_t bits[] = { | |
401 | CAP_SETUID, /* Necessary so that we can run setresuid() below */ | |
402 | CAP_SETPCAP /* Necessary so that we can set PR_SET_SECUREBITS later on */ | |
403 | }; | |
404 | ||
405 | /* First step: If we need to keep capabilities but | |
406 | * drop privileges we need to make sure we keep our | |
407 | * caps, whiel we drop priviliges. */ | |
693ced48 LP |
408 | if (uid != 0) { |
409 | int sb = context->secure_bits|SECURE_KEEP_CAPS; | |
410 | ||
411 | if (prctl(PR_GET_SECUREBITS) != sb) | |
412 | if (prctl(PR_SET_SECUREBITS, sb) < 0) | |
413 | return -errno; | |
414 | } | |
81a2b7ce LP |
415 | |
416 | /* Second step: set the capabilites. This will reduce | |
417 | * the capabilities to the minimum we need. */ | |
418 | ||
419 | if (!(d = cap_dup(context->capabilities))) | |
420 | return -errno; | |
421 | ||
422 | if (cap_set_flag(d, CAP_EFFECTIVE, ELEMENTSOF(bits), bits, CAP_SET) < 0 || | |
423 | cap_set_flag(d, CAP_PERMITTED, ELEMENTSOF(bits), bits, CAP_SET) < 0) { | |
424 | r = -errno; | |
425 | cap_free(d); | |
426 | return r; | |
427 | } | |
428 | ||
429 | if (cap_set_proc(d) < 0) { | |
430 | r = -errno; | |
431 | cap_free(d); | |
432 | return r; | |
433 | } | |
434 | ||
435 | cap_free(d); | |
436 | } | |
437 | ||
438 | /* Third step: actually set the uids */ | |
439 | if (setresuid(uid, uid, uid) < 0) | |
440 | return -errno; | |
441 | ||
442 | /* At this point we should have all necessary capabilities but | |
443 | are otherwise a normal user. However, the caps might got | |
444 | corrupted due to the setresuid() so we need clean them up | |
445 | later. This is done outside of this call. */ | |
446 | ||
447 | return 0; | |
448 | } | |
449 | ||
450 | int exec_spawn(const ExecCommand *command, | |
451 | const ExecContext *context, | |
452 | int *fds, unsigned n_fds, | |
453 | bool apply_permissions, | |
454 | bool apply_chroot, | |
8e274523 | 455 | CGroupBonding *cgroup_bondings, |
81a2b7ce LP |
456 | pid_t *ret) { |
457 | ||
034c6ed7 | 458 | pid_t pid; |
8e274523 | 459 | int r; |
034c6ed7 | 460 | |
5cb5a6ff LP |
461 | assert(command); |
462 | assert(context); | |
463 | assert(ret); | |
034c6ed7 LP |
464 | assert(fds || n_fds <= 0); |
465 | ||
81a2b7ce | 466 | log_debug("About to execute %s", command->path); |
acbb0225 | 467 | |
8e274523 LP |
468 | if (cgroup_bondings) |
469 | if ((r = cgroup_bonding_realize_list(cgroup_bondings))) | |
470 | return r; | |
471 | ||
034c6ed7 LP |
472 | if ((pid = fork()) < 0) |
473 | return -errno; | |
474 | ||
475 | if (pid == 0) { | |
8e274523 | 476 | int i; |
309bff19 | 477 | sigset_t ss; |
81a2b7ce LP |
478 | const char *username = NULL, *home = NULL; |
479 | uid_t uid = (uid_t) -1; | |
480 | gid_t gid = (gid_t) -1; | |
481 | char **our_env = NULL, **final_env = NULL; | |
482 | unsigned n_env = 0; | |
309bff19 | 483 | |
034c6ed7 | 484 | /* child */ |
5cb5a6ff | 485 | |
309bff19 LP |
486 | if (sigemptyset(&ss) < 0 || |
487 | sigprocmask(SIG_SETMASK, &ss, NULL) < 0) { | |
488 | r = EXIT_SIGNAL_MASK; | |
489 | goto fail; | |
490 | } | |
491 | ||
9eba9da4 LP |
492 | if (setpgid(0, 0) < 0) { |
493 | r = EXIT_PGID; | |
034c6ed7 LP |
494 | goto fail; |
495 | } | |
496 | ||
9eba9da4 LP |
497 | umask(context->umask); |
498 | ||
94f04347 LP |
499 | if (setup_input(context) < 0) { |
500 | r = EXIT_INPUT; | |
501 | goto fail; | |
502 | } | |
503 | ||
071830ff LP |
504 | if (setup_output(context, file_name_from_path(command->path)) < 0) { |
505 | r = EXIT_OUTPUT; | |
506 | goto fail; | |
507 | } | |
508 | ||
8e274523 LP |
509 | if (cgroup_bondings) |
510 | if ((r = cgroup_bonding_install_list(cgroup_bondings, 0)) < 0) { | |
511 | r = EXIT_CGROUP; | |
512 | goto fail; | |
513 | } | |
514 | ||
fb33a393 LP |
515 | if (context->oom_adjust_set) { |
516 | char t[16]; | |
034c6ed7 | 517 | |
fb33a393 LP |
518 | snprintf(t, sizeof(t), "%i", context->oom_adjust); |
519 | char_array_0(t); | |
034c6ed7 | 520 | |
fb33a393 LP |
521 | if (write_one_line_file("/proc/self/oom_adj", t) < 0) { |
522 | r = EXIT_OOM_ADJUST; | |
523 | goto fail; | |
524 | } | |
034c6ed7 LP |
525 | } |
526 | ||
fb33a393 LP |
527 | if (context->nice_set) |
528 | if (setpriority(PRIO_PROCESS, 0, context->nice) < 0) { | |
529 | r = EXIT_NICE; | |
530 | goto fail; | |
531 | } | |
532 | ||
94f04347 LP |
533 | if (context->cpu_sched_set) { |
534 | struct sched_param param; | |
535 | ||
536 | zero(param); | |
537 | param.sched_priority = context->cpu_sched_priority; | |
538 | ||
38b48754 LP |
539 | if (sched_setscheduler(0, context->cpu_sched_policy | |
540 | (context->cpu_sched_reset_on_fork ? SCHED_RESET_ON_FORK : 0), ¶m) < 0) { | |
94f04347 LP |
541 | r = EXIT_SETSCHEDULER; |
542 | goto fail; | |
543 | } | |
544 | } | |
545 | ||
546 | if (context->cpu_affinity_set) | |
547 | if (sched_setaffinity(0, sizeof(context->cpu_affinity), &context->cpu_affinity) < 0) { | |
548 | r = EXIT_CPUAFFINITY; | |
549 | goto fail; | |
550 | } | |
551 | ||
9eba9da4 LP |
552 | if (context->ioprio_set) |
553 | if (ioprio_set(IOPRIO_WHO_PROCESS, 0, context->ioprio) < 0) { | |
554 | r = EXIT_IOPRIO; | |
555 | goto fail; | |
556 | } | |
557 | ||
94f04347 LP |
558 | if (context->timer_slack_ns_set) |
559 | if (prctl(PR_SET_TIMERSLACK, context->timer_slack_ns_set) < 0) { | |
560 | r = EXIT_TIMERSLACK; | |
561 | goto fail; | |
562 | } | |
563 | ||
81a2b7ce LP |
564 | if (context->user) { |
565 | username = context->user; | |
566 | if (get_user_creds(&username, &uid, &gid, &home) < 0) { | |
567 | r = EXIT_USER; | |
568 | goto fail; | |
569 | } | |
570 | } | |
571 | ||
572 | if (apply_permissions) | |
573 | if (enforce_groups(context, username, uid) < 0) { | |
574 | r = EXIT_GROUP; | |
575 | goto fail; | |
576 | } | |
577 | ||
578 | if (apply_chroot) { | |
579 | if (context->root_directory) | |
580 | if (chroot(context->root_directory) < 0) { | |
581 | r = EXIT_CHROOT; | |
582 | goto fail; | |
583 | } | |
584 | ||
585 | if (chdir(context->working_directory ? context->working_directory : "/") < 0) { | |
586 | r = EXIT_CHDIR; | |
587 | goto fail; | |
588 | } | |
589 | } else { | |
590 | ||
591 | char *d; | |
592 | ||
593 | if (asprintf(&d, "%s/%s", | |
594 | context->root_directory ? context->root_directory : "", | |
595 | context->working_directory ? context->working_directory : "") < 0) { | |
596 | r = EXIT_MEMORY; | |
597 | goto fail; | |
598 | } | |
599 | ||
600 | if (chdir(d) < 0) { | |
601 | free(d); | |
602 | r = EXIT_CHDIR; | |
603 | goto fail; | |
604 | } | |
605 | ||
606 | free(d); | |
607 | } | |
608 | ||
a0d40ac5 | 609 | if (close_all_fds(fds, n_fds) < 0 || |
47a71eed | 610 | shift_fds(fds, n_fds) < 0 || |
451a074f | 611 | flags_fds(fds, n_fds, context->non_blocking) < 0) { |
034c6ed7 LP |
612 | r = EXIT_FDS; |
613 | goto fail; | |
614 | } | |
615 | ||
81a2b7ce | 616 | if (apply_permissions) { |
034c6ed7 | 617 | |
81a2b7ce LP |
618 | for (i = 0; i < RLIMIT_NLIMITS; i++) { |
619 | if (!context->rlimit[i]) | |
620 | continue; | |
621 | ||
622 | if (setrlimit(i, context->rlimit[i]) < 0) { | |
623 | r = EXIT_LIMITS; | |
624 | goto fail; | |
625 | } | |
034c6ed7 | 626 | } |
034c6ed7 | 627 | |
81a2b7ce LP |
628 | if (context->user) |
629 | if (enforce_user(context, uid) < 0) { | |
630 | r = EXIT_USER; | |
631 | goto fail; | |
632 | } | |
633 | ||
693ced48 LP |
634 | /* PR_GET_SECUREBITS is not priviliged, while |
635 | * PR_SET_SECUREBITS is. So to suppress | |
636 | * potential EPERMs we'll try not to call | |
637 | * PR_SET_SECUREBITS unless necessary. */ | |
638 | if (prctl(PR_GET_SECUREBITS) != context->secure_bits) | |
639 | if (prctl(PR_SET_SECUREBITS, context->secure_bits) < 0) { | |
640 | r = EXIT_SECUREBITS; | |
641 | goto fail; | |
642 | } | |
81a2b7ce LP |
643 | |
644 | if (context->capabilities) | |
645 | if (cap_set_proc(context->capabilities) < 0) { | |
646 | r = EXIT_CAPABILITIES; | |
647 | goto fail; | |
648 | } | |
94f04347 LP |
649 | } |
650 | ||
81a2b7ce LP |
651 | if (!(our_env = new0(char*, 6))) { |
652 | r = EXIT_MEMORY; | |
653 | goto fail; | |
654 | } | |
034c6ed7 | 655 | |
81a2b7ce LP |
656 | if (n_fds > 0) |
657 | if (asprintf(our_env + n_env++, "LISTEN_PID=%llu", (unsigned long long) getpid()) < 0 || | |
658 | asprintf(our_env + n_env++, "LISTEN_FDS=%u", n_fds) < 0) { | |
659 | r = EXIT_MEMORY; | |
660 | goto fail; | |
661 | } | |
034c6ed7 | 662 | |
81a2b7ce LP |
663 | if (home) |
664 | if (asprintf(our_env + n_env++, "HOME=%s", home) < 0) { | |
665 | r = EXIT_MEMORY; | |
666 | goto fail; | |
667 | } | |
034c6ed7 | 668 | |
81a2b7ce LP |
669 | if (username) |
670 | if (asprintf(our_env + n_env++, "LOGNAME=%s", username) < 0 || | |
671 | asprintf(our_env + n_env++, "USER=%s", username) < 0) { | |
672 | r = EXIT_MEMORY; | |
673 | goto fail; | |
674 | } | |
034c6ed7 | 675 | |
81a2b7ce LP |
676 | if (!(final_env = strv_env_merge(environ, our_env, context->environment, NULL))) { |
677 | r = EXIT_MEMORY; | |
678 | goto fail; | |
679 | } | |
034c6ed7 | 680 | |
81a2b7ce | 681 | execve(command->path, command->argv, final_env); |
034c6ed7 LP |
682 | r = EXIT_EXEC; |
683 | ||
684 | fail: | |
81a2b7ce LP |
685 | strv_free(our_env); |
686 | strv_free(final_env); | |
687 | ||
034c6ed7 LP |
688 | _exit(r); |
689 | } | |
690 | ||
2da3263a | 691 | |
81a2b7ce | 692 | log_debug("Forked %s as %llu", command->path, (unsigned long long) pid); |
2da3263a | 693 | |
034c6ed7 | 694 | *ret = pid; |
5cb5a6ff LP |
695 | return 0; |
696 | } | |
697 | ||
034c6ed7 LP |
698 | void exec_context_init(ExecContext *c) { |
699 | assert(c); | |
700 | ||
701 | c->umask = 0002; | |
034c6ed7 | 702 | c->oom_adjust = 0; |
9eba9da4 | 703 | c->oom_adjust_set = false; |
034c6ed7 | 704 | c->nice = 0; |
9eba9da4 LP |
705 | c->nice_set = false; |
706 | c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0); | |
707 | c->ioprio_set = false; | |
94f04347 LP |
708 | c->cpu_sched_policy = SCHED_OTHER; |
709 | c->cpu_sched_priority = 0; | |
710 | c->cpu_sched_set = false; | |
711 | CPU_ZERO(&c->cpu_affinity); | |
712 | c->cpu_affinity_set = false; | |
071830ff | 713 | |
94f04347 | 714 | c->input = 0; |
071830ff LP |
715 | c->output = 0; |
716 | c->syslog_priority = LOG_DAEMON|LOG_INFO; | |
94f04347 LP |
717 | |
718 | c->secure_bits = 0; | |
719 | c->capability_bounding_set_drop = 0; | |
034c6ed7 LP |
720 | } |
721 | ||
722 | void exec_context_done(ExecContext *c) { | |
5cb5a6ff LP |
723 | unsigned l; |
724 | ||
725 | assert(c); | |
726 | ||
727 | strv_free(c->environment); | |
034c6ed7 | 728 | c->environment = NULL; |
5cb5a6ff | 729 | |
034c6ed7 | 730 | for (l = 0; l < ELEMENTSOF(c->rlimit); l++) { |
5cb5a6ff | 731 | free(c->rlimit[l]); |
034c6ed7 LP |
732 | c->rlimit[l] = NULL; |
733 | } | |
734 | ||
9eba9da4 LP |
735 | free(c->working_directory); |
736 | c->working_directory = NULL; | |
737 | free(c->root_directory); | |
738 | c->root_directory = NULL; | |
5cb5a6ff | 739 | |
071830ff LP |
740 | free(c->syslog_identifier); |
741 | c->syslog_identifier = NULL; | |
742 | ||
5cb5a6ff | 743 | free(c->user); |
034c6ed7 LP |
744 | c->user = NULL; |
745 | ||
5cb5a6ff | 746 | free(c->group); |
034c6ed7 LP |
747 | c->group = NULL; |
748 | ||
749 | strv_free(c->supplementary_groups); | |
750 | c->supplementary_groups = NULL; | |
94f04347 LP |
751 | |
752 | if (c->capabilities) { | |
753 | cap_free(c->capabilities); | |
754 | c->capabilities = NULL; | |
755 | } | |
5cb5a6ff LP |
756 | } |
757 | ||
758 | void exec_command_free_list(ExecCommand *c) { | |
759 | ExecCommand *i; | |
760 | ||
761 | while ((i = c)) { | |
034c6ed7 | 762 | LIST_REMOVE(ExecCommand, command, c, i); |
5cb5a6ff LP |
763 | |
764 | free(i->path); | |
44d8db9e | 765 | strv_free(i->argv); |
5cb5a6ff LP |
766 | free(i); |
767 | } | |
768 | } | |
769 | ||
034c6ed7 LP |
770 | void exec_command_free_array(ExecCommand **c, unsigned n) { |
771 | unsigned i; | |
772 | ||
773 | for (i = 0; i < n; i++) { | |
774 | exec_command_free_list(c[i]); | |
775 | c[i] = NULL; | |
776 | } | |
777 | } | |
778 | ||
5cb5a6ff | 779 | void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) { |
94f04347 LP |
780 | char ** e; |
781 | unsigned i; | |
9eba9da4 | 782 | |
5cb5a6ff LP |
783 | assert(c); |
784 | assert(f); | |
785 | ||
786 | if (!prefix) | |
787 | prefix = ""; | |
788 | ||
789 | fprintf(f, | |
94f04347 LP |
790 | "%sUMask: %04o\n" |
791 | "%sWorkingDirectory: %s\n" | |
451a074f LP |
792 | "%sRootDirectory: %s\n" |
793 | "%sNonBlocking: %s\n", | |
5cb5a6ff | 794 | prefix, c->umask, |
9eba9da4 | 795 | prefix, c->working_directory ? c->working_directory : "/", |
451a074f LP |
796 | prefix, c->root_directory ? c->root_directory : "/", |
797 | prefix, yes_no(c->non_blocking)); | |
fb33a393 | 798 | |
94f04347 LP |
799 | if (c->environment) |
800 | for (e = c->environment; *e; e++) | |
801 | fprintf(f, "%sEnvironment: %s\n", prefix, *e); | |
802 | ||
fb33a393 LP |
803 | if (c->nice_set) |
804 | fprintf(f, | |
805 | "%sNice: %i\n", | |
806 | prefix, c->nice); | |
807 | ||
808 | if (c->oom_adjust_set) | |
809 | fprintf(f, | |
810 | "%sOOMAdjust: %i\n", | |
811 | prefix, c->oom_adjust); | |
9eba9da4 | 812 | |
94f04347 LP |
813 | for (i = 0; i < RLIM_NLIMITS; i++) |
814 | if (c->rlimit[i]) | |
ea430986 | 815 | fprintf(f, "%s%s: %llu\n", prefix, rlimit_to_string(i), (unsigned long long) c->rlimit[i]->rlim_max); |
94f04347 | 816 | |
9eba9da4 LP |
817 | if (c->ioprio_set) |
818 | fprintf(f, | |
819 | "%sIOSchedulingClass: %s\n" | |
820 | "%sIOPriority: %i\n", | |
94f04347 | 821 | prefix, ioprio_class_to_string(IOPRIO_PRIO_CLASS(c->ioprio)), |
9eba9da4 | 822 | prefix, (int) IOPRIO_PRIO_DATA(c->ioprio)); |
94f04347 LP |
823 | |
824 | if (c->cpu_sched_set) | |
825 | fprintf(f, | |
826 | "%sCPUSchedulingPolicy: %s\n" | |
38b48754 LP |
827 | "%sCPUSchedulingPriority: %i\n" |
828 | "%sCPUSchedulingResetOnFork: %s\n", | |
94f04347 | 829 | prefix, sched_policy_to_string(c->cpu_sched_policy), |
38b48754 LP |
830 | prefix, c->cpu_sched_priority, |
831 | prefix, yes_no(c->cpu_sched_reset_on_fork)); | |
94f04347 LP |
832 | |
833 | if (c->cpu_affinity_set) { | |
834 | fprintf(f, "%sCPUAffinity:", prefix); | |
835 | for (i = 0; i < CPU_SETSIZE; i++) | |
836 | if (CPU_ISSET(i, &c->cpu_affinity)) | |
837 | fprintf(f, " %i", i); | |
838 | fputs("\n", f); | |
839 | } | |
840 | ||
841 | if (c->timer_slack_ns_set) | |
842 | fprintf(f, "%sTimerSlackNS: %lu\n", prefix, c->timer_slack_ns); | |
843 | ||
844 | fprintf(f, | |
845 | "%sInput: %s\n" | |
846 | "%sOutput: %s\n", | |
847 | prefix, exec_input_to_string(c->input), | |
848 | prefix, exec_output_to_string(c->output)); | |
849 | ||
850 | if (c->output == EXEC_OUTPUT_SYSLOG || c->output == EXEC_OUTPUT_KERNEL) | |
851 | fprintf(f, | |
852 | "%sSyslogFacility: %s\n" | |
853 | "%sSyslogLevel: %s\n", | |
854 | prefix, log_facility_to_string(LOG_FAC(c->syslog_priority)), | |
855 | prefix, log_level_to_string(LOG_PRI(c->syslog_priority))); | |
856 | ||
857 | if (c->capabilities) { | |
858 | char *t; | |
859 | if ((t = cap_to_text(c->capabilities, NULL))) { | |
860 | fprintf(f, "%sCapabilities: %s\n", | |
861 | prefix, t); | |
862 | cap_free(t); | |
863 | } | |
864 | } | |
865 | ||
866 | if (c->secure_bits) | |
867 | fprintf(f, "%sSecure Bits:%s%s%s%s%s%s\n", | |
868 | prefix, | |
869 | (c->secure_bits & SECURE_KEEP_CAPS) ? " keep-caps" : "", | |
870 | (c->secure_bits & SECURE_KEEP_CAPS_LOCKED) ? " keep-caps-locked" : "", | |
871 | (c->secure_bits & SECURE_NO_SETUID_FIXUP) ? " no-setuid-fixup" : "", | |
872 | (c->secure_bits & SECURE_NO_SETUID_FIXUP_LOCKED) ? " no-setuid-fixup-locked" : "", | |
873 | (c->secure_bits & SECURE_NOROOT) ? " noroot" : "", | |
874 | (c->secure_bits & SECURE_NOROOT_LOCKED) ? "noroot-locked" : ""); | |
875 | ||
876 | if (c->capability_bounding_set_drop) { | |
877 | fprintf(f, "%sCapabilityBoundingSetDrop:", prefix); | |
878 | ||
879 | for (i = 0; i <= CAP_LAST_CAP; i++) | |
880 | if (c->capability_bounding_set_drop & (1 << i)) { | |
881 | char *t; | |
882 | ||
883 | if ((t = cap_to_name(i))) { | |
884 | fprintf(f, " %s", t); | |
885 | free(t); | |
886 | } | |
887 | } | |
888 | ||
889 | fputs("\n", f); | |
890 | } | |
891 | ||
892 | if (c->user) | |
893 | fprintf(f, "%sUser: %s", prefix, c->user); | |
894 | if (c->group) | |
895 | fprintf(f, "%sGroup: %s", prefix, c->group); | |
896 | ||
897 | if (c->supplementary_groups) { | |
898 | char **g; | |
899 | ||
900 | fprintf(f, "%sSupplementaryGroups:", prefix); | |
901 | ||
902 | STRV_FOREACH(g, c->supplementary_groups) | |
903 | fprintf(f, " %s", *g); | |
904 | ||
905 | fputs("\n", f); | |
906 | } | |
5cb5a6ff LP |
907 | } |
908 | ||
034c6ed7 LP |
909 | void exec_status_fill(ExecStatus *s, pid_t pid, int code, int status) { |
910 | assert(s); | |
5cb5a6ff | 911 | |
034c6ed7 LP |
912 | s->pid = pid; |
913 | s->code = code; | |
914 | s->status = status; | |
915 | s->timestamp = now(CLOCK_REALTIME); | |
5cb5a6ff | 916 | } |
44d8db9e LP |
917 | |
918 | char *exec_command_line(ExecCommand *c) { | |
919 | size_t k; | |
920 | char *n, *p, **a; | |
921 | bool first = true; | |
922 | ||
923 | assert(c); | |
924 | assert(c->argv); | |
925 | ||
9164977d | 926 | k = 1; |
44d8db9e LP |
927 | STRV_FOREACH(a, c->argv) |
928 | k += strlen(*a)+3; | |
929 | ||
930 | if (!(n = new(char, k))) | |
931 | return NULL; | |
932 | ||
933 | p = n; | |
934 | STRV_FOREACH(a, c->argv) { | |
935 | ||
936 | if (!first) | |
937 | *(p++) = ' '; | |
938 | else | |
939 | first = false; | |
940 | ||
941 | if (strpbrk(*a, WHITESPACE)) { | |
942 | *(p++) = '\''; | |
943 | p = stpcpy(p, *a); | |
944 | *(p++) = '\''; | |
945 | } else | |
946 | p = stpcpy(p, *a); | |
947 | ||
948 | } | |
949 | ||
9164977d LP |
950 | *p = 0; |
951 | ||
44d8db9e LP |
952 | /* FIXME: this doesn't really handle arguments that have |
953 | * spaces and ticks in them */ | |
954 | ||
955 | return n; | |
956 | } | |
957 | ||
958 | void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix) { | |
959 | char *cmd; | |
960 | ||
961 | assert(c); | |
962 | assert(f); | |
963 | ||
964 | if (!prefix) | |
965 | prefix = ""; | |
966 | ||
967 | cmd = exec_command_line(c); | |
968 | ||
969 | fprintf(f, | |
970 | "%sCommand Line: %s\n", | |
971 | prefix, cmd ? cmd : strerror(ENOMEM)); | |
972 | ||
973 | free(cmd); | |
974 | } | |
975 | ||
976 | void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix) { | |
977 | assert(f); | |
978 | ||
979 | if (!prefix) | |
980 | prefix = ""; | |
981 | ||
982 | LIST_FOREACH(command, c, c) | |
983 | exec_command_dump(c, f, prefix); | |
984 | } | |
94f04347 | 985 | |
a6a80b4f LP |
986 | void exec_command_append_list(ExecCommand **l, ExecCommand *e) { |
987 | ExecCommand *end; | |
988 | ||
989 | assert(l); | |
990 | assert(e); | |
991 | ||
992 | if (*l) { | |
993 | /* It's kinda important that we keep the order here */ | |
994 | LIST_FIND_TAIL(ExecCommand, command, *l, end); | |
995 | LIST_INSERT_AFTER(ExecCommand, command, *l, end, e); | |
996 | } else | |
997 | *l = e; | |
998 | } | |
999 | ||
94f04347 LP |
1000 | static const char* const exec_output_table[_EXEC_OUTPUT_MAX] = { |
1001 | [EXEC_OUTPUT_CONSOLE] = "console", | |
1002 | [EXEC_OUTPUT_NULL] = "null", | |
1003 | [EXEC_OUTPUT_SYSLOG] = "syslog", | |
1004 | [EXEC_OUTPUT_KERNEL] = "kernel" | |
1005 | }; | |
1006 | ||
1007 | DEFINE_STRING_TABLE_LOOKUP(exec_output, ExecOutput); | |
1008 | ||
1009 | static const char* const exec_input_table[_EXEC_INPUT_MAX] = { | |
1010 | [EXEC_INPUT_NULL] = "null", | |
1011 | [EXEC_INPUT_CONSOLE] = "console" | |
1012 | }; | |
1013 | ||
1014 | DEFINE_STRING_TABLE_LOOKUP(exec_input, ExecInput); |