]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/execute.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
sd-daemon: introduce sd_watchdog_enabled() for parsing $WATCHDOG_USEC
[thirdparty/systemd.git] / src / core / execute.c
CommitLineData
d6c9574f 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
5cb5a6ff 2
a7334b09
LP		 3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
a7334b09 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
5cb5a6ff 22#include <assert.h>
034c6ed7
LP		 23#include <dirent.h>
24#include <errno.h>
25#include <fcntl.h>
26#include <unistd.h>
44d8db9e 27#include <string.h>
309bff19 28#include <signal.h>
071830ff
LP		 29#include <sys/socket.h>
30#include <sys/un.h>
94f04347 31#include <sys/prctl.h>
66ee3769 32#include <linux/sched.h>
451a074f
LP		 33#include <sys/types.h>
34#include <sys/stat.h>
81a2b7ce
LP		 35#include <grp.h>
36#include <pwd.h>
15ae422b 37#include <sys/mount.h>
25e870b5 38#include <linux/fs.h>
dd6c17b1 39#include <linux/oom.h>
f2b68789 40#include <sys/poll.h>
8351ceae 41#include <linux/seccomp-bpf.h>
2bef10ab 42#include <glob.h>
d34cd374 43#include <libgen.h>
2b6bf07d 44#undef basename
5cb5a6ff 45
5b6319dc
LP		 46#ifdef HAVE_PAM
47#include <security/pam_appl.h>
48#endif
49
5cb5a6ff
LP		 50#include "execute.h"
51#include "strv.h"
52#include "macro.h"
d7832d2c 53#include "capability.h"
5cb5a6ff 54#include "util.h"
acbb0225 55#include "log.h"
20ad4cfd 56#include "sd-messages.h"
9eba9da4 57#include "ioprio.h"
94f04347 58#include "securebits.h"
15ae422b 59#include "namespace.h"
df1f0afe 60#include "tcpwrap.h"
d06dacd0 61#include "exit-status.h"
dd6c17b1 62#include "missing.h"
169c1bda 63#include "utmp-wtmp.h"
f6a6225e 64#include "def.h"
9eb977db 65#include "path-util.h"
8351ceae 66#include "syscall-list.h"
4d1a6904 67#include "env-util.h"
a5c32cff 68#include "fileio.h"
4ad49000 69#include "unit.h"
f485606b 70#include "async.h"
5cb5a6ff 71
e056b01d 72#define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)
31a7eb86 73#define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC)
e6a26745 74
02a51aba
LP		 75/* This assumes there is a 'tty' group */
76#define TTY_MODE 0620
77
531dca78
LP		 78#define SNDBUF_SIZE (8*1024*1024)
79
034c6ed7
LP		 80static int shift_fds(int fds[], unsigned n_fds) {
81 int start, restart_from;
82
83 if (n_fds <= 0)
84 return 0;
85
a0d40ac5
LP		 86 /* Modifies the fds array! (sorts it) */
87
034c6ed7
LP		 88 assert(fds);
89
90 start = 0;
91 for (;;) {
92 int i;
93
94 restart_from = -1;
95
96 for (i = start; i < (int) n_fds; i++) {
97 int nfd;
98
99 /* Already at right index? */
100 if (fds[i] == i+3)
101 continue;
102
103 if ((nfd = fcntl(fds[i], F_DUPFD, i+3)) < 0)
104 return -errno;
105
e1f5e051 106 close_nointr_nofail(fds[i]);
034c6ed7
LP		 107 fds[i] = nfd;
108
109 /* Hmm, the fd we wanted isn't free? Then
110 * let's remember that and try again from here*/
111 if (nfd != i+3 && restart_from < 0)
112 restart_from = i;
113 }
114
115 if (restart_from < 0)
116 break;
117
118 start = restart_from;
119 }
120
121 return 0;
122}
123
c2748801 124static int flags_fds(const int fds[], unsigned n_fds, bool nonblock) {
47a71eed 125 unsigned i;
e2c76839 126 int r;
47a71eed
LP		 127
128 if (n_fds <= 0)
129 return 0;
130
131 assert(fds);
132
451a074f 133 /* Drops/Sets O_NONBLOCK and FD_CLOEXEC from the file flags */
47a71eed
LP		 134
135 for (i = 0; i < n_fds; i++) {
47a71eed 136
e2c76839
LP		 137 if ((r = fd_nonblock(fds[i], nonblock)) < 0)
138 return r;
47a71eed 139
451a074f
LP		 140 /* We unconditionally drop FD_CLOEXEC from the fds,
141 * since after all we want to pass these fds to our
142 * children */
47a71eed 143
e2c76839
LP		 144 if ((r = fd_cloexec(fds[i], false)) < 0)
145 return r;
47a71eed
LP		 146 }
147
148 return 0;
149}
150
44a6b1b6 151_pure_ static const char *tty_path(const ExecContext *context) {
80876c20
LP		 152 assert(context);
153
154 if (context->tty_path)
155 return context->tty_path;
156
157 return "/dev/console";
158}
159
9588bc32 160static void exec_context_tty_reset(const ExecContext *context) {
6ea832a2
LP		 161 assert(context);
162
163 if (context->tty_vhangup)
164 terminal_vhangup(tty_path(context));
165
166 if (context->tty_reset)
167 reset_terminal(tty_path(context));
168
169 if (context->tty_vt_disallocate && context->tty_path)
170 vt_disallocate(context->tty_path);
171}
172
3a1286b6
MS		 173static bool is_terminal_output(ExecOutput o) {
174 return
175 o == EXEC_OUTPUT_TTY ||
176 o == EXEC_OUTPUT_SYSLOG_AND_CONSOLE ||
177 o == EXEC_OUTPUT_KMSG_AND_CONSOLE ||
178 o == EXEC_OUTPUT_JOURNAL_AND_CONSOLE;
179}
180
80876c20
LP		 181static int open_null_as(int flags, int nfd) {
182 int fd, r;
071830ff 183
80876c20 184 assert(nfd >= 0);
071830ff 185
613b411c
LP		 186 fd = open("/dev/null", flags|O_NOCTTY);
187 if (fd < 0)
071830ff
LP		 188 return -errno;
189
80876c20
LP		 190 if (fd != nfd) {
191 r = dup2(fd, nfd) < 0 ? -errno : nfd;
e1f5e051 192 close_nointr_nofail(fd);
80876c20
LP		 193 } else
194 r = nfd;
071830ff 195
80876c20 196 return r;
071830ff
LP		 197}
198
62bca2c6 199static int connect_logger_as(const ExecContext *context, ExecOutput output, const char *ident, const char *unit_id, int nfd) {
80876c20 200 int fd, r;
b92bea5d
ZJS		 201 union sockaddr_union sa = {
202 .un.sun_family = AF_UNIX,
203 .un.sun_path = "/run/systemd/journal/stdout",
204 };
071830ff
LP		 205
206 assert(context);
80876c20
LP		 207 assert(output < _EXEC_OUTPUT_MAX);
208 assert(ident);
209 assert(nfd >= 0);
071830ff 210
54fe0cdb
LP		 211 fd = socket(AF_UNIX, SOCK_STREAM, 0);
212 if (fd < 0)
80876c20 213 return -errno;
071830ff 214
54fe0cdb
LP		 215 r = connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path));
216 if (r < 0) {
80876c20
LP		 217 close_nointr_nofail(fd);
218 return -errno;
219 }
071830ff 220
80876c20
LP		 221 if (shutdown(fd, SHUT_RD) < 0) {
222 close_nointr_nofail(fd);
223 return -errno;
224 }
071830ff 225
531dca78
LP		 226 fd_inc_sndbuf(fd, SNDBUF_SIZE);
227
80876c20 228 dprintf(fd,
62bca2c6 229 "%s\n"
80876c20
LP		 230 "%s\n"
231 "%i\n"
54fe0cdb
LP		 232 "%i\n"
233 "%i\n"
234 "%i\n"
4f4a1dbf 235 "%i\n",
4f4a1dbf 236 context->syslog_identifier ? context->syslog_identifier : ident,
62bca2c6 237 unit_id,
54fe0cdb
LP		 238 context->syslog_priority,
239 !!context->syslog_level_prefix,
240 output == EXEC_OUTPUT_SYSLOG || output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
241 output == EXEC_OUTPUT_KMSG || output == EXEC_OUTPUT_KMSG_AND_CONSOLE,
3a1286b6 242 is_terminal_output(output));
80876c20
LP		 243
244 if (fd != nfd) {
245 r = dup2(fd, nfd) < 0 ? -errno : nfd;
e1f5e051 246 close_nointr_nofail(fd);
80876c20
LP		 247 } else
248 r = nfd;
071830ff 249
80876c20
LP		 250 return r;
251}
252static int open_terminal_as(const char *path, mode_t mode, int nfd) {
253 int fd, r;
071830ff 254
80876c20
LP		 255 assert(path);
256 assert(nfd >= 0);
071830ff 257
80876c20
LP		 258 if ((fd = open_terminal(path, mode | O_NOCTTY)) < 0)
259 return fd;
071830ff 260
80876c20
LP		 261 if (fd != nfd) {
262 r = dup2(fd, nfd) < 0 ? -errno : nfd;
263 close_nointr_nofail(fd);
264 } else
265 r = nfd;
071830ff 266
80876c20
LP		 267 return r;
268}
071830ff 269
80876c20
LP		 270static bool is_terminal_input(ExecInput i) {
271 return
272 i == EXEC_INPUT_TTY ||
273 i == EXEC_INPUT_TTY_FORCE ||
274 i == EXEC_INPUT_TTY_FAIL;
275}
071830ff 276
1e3ad081
LP		 277static int fixup_input(ExecInput std_input, int socket_fd, bool apply_tty_stdin) {
278
279 if (is_terminal_input(std_input) && !apply_tty_stdin)
280 return EXEC_INPUT_NULL;
071830ff 281
03fd9c49 282 if (std_input == EXEC_INPUT_SOCKET && socket_fd < 0)
4f2d528d
LP		 283 return EXEC_INPUT_NULL;
284
03fd9c49 285 return std_input;
4f2d528d
LP		 286}
287
03fd9c49 288static int fixup_output(ExecOutput std_output, int socket_fd) {
4f2d528d 289
03fd9c49 290 if (std_output == EXEC_OUTPUT_SOCKET && socket_fd < 0)
4f2d528d
LP		 291 return EXEC_OUTPUT_INHERIT;
292
03fd9c49 293 return std_output;
4f2d528d
LP		 294}
295
1e3ad081 296static int setup_input(const ExecContext *context, int socket_fd, bool apply_tty_stdin) {
4f2d528d
LP		 297 ExecInput i;
298
299 assert(context);
300
1e3ad081 301 i = fixup_input(context->std_input, socket_fd, apply_tty_stdin);
4f2d528d
LP		 302
303 switch (i) {
071830ff 304
80876c20
LP		 305 case EXEC_INPUT_NULL:
306 return open_null_as(O_RDONLY, STDIN_FILENO);
307
308 case EXEC_INPUT_TTY:
309 case EXEC_INPUT_TTY_FORCE:
310 case EXEC_INPUT_TTY_FAIL: {
311 int fd, r;
071830ff 312
970edce6
ZJS		 313 fd = acquire_terminal(tty_path(context),
314 i == EXEC_INPUT_TTY_FAIL,
315 i == EXEC_INPUT_TTY_FORCE,
316 false,
317 (usec_t) -1);
318 if (fd < 0)
80876c20
LP		 319 return fd;
320
321 if (fd != STDIN_FILENO) {
322 r = dup2(fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;
071830ff 323 close_nointr_nofail(fd);
80876c20
LP		 324 } else
325 r = STDIN_FILENO;
326
327 return r;
328 }
329
4f2d528d
LP		 330 case EXEC_INPUT_SOCKET:
331 return dup2(socket_fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;
332
80876c20
LP		 333 default:
334 assert_not_reached("Unknown input type");
335 }
336}
337
eb17e935 338static int setup_output(const ExecContext *context, int fileno, int socket_fd, const char *ident, const char *unit_id, bool apply_tty_stdin) {
4f2d528d
LP		 339 ExecOutput o;
340 ExecInput i;
47c1d80d 341 int r;
4f2d528d 342
80876c20
LP		 343 assert(context);
344 assert(ident);
345
1e3ad081 346 i = fixup_input(context->std_input, socket_fd, apply_tty_stdin);
03fd9c49 347 o = fixup_output(context->std_output, socket_fd);
4f2d528d 348
eb17e935
MS		 349 if (fileno == STDERR_FILENO) {
350 ExecOutput e;
351 e = fixup_output(context->std_error, socket_fd);
80876c20 352
eb17e935
MS		 353 /* This expects the input and output are already set up */
354
355 /* Don't change the stderr file descriptor if we inherit all
356 * the way and are not on a tty */
357 if (e == EXEC_OUTPUT_INHERIT &&
358 o == EXEC_OUTPUT_INHERIT &&
359 i == EXEC_INPUT_NULL &&
360 !is_terminal_input(context->std_input) &&
361 getppid () != 1)
362 return fileno;
363
364 /* Duplicate from stdout if possible */
365 if (e == o || e == EXEC_OUTPUT_INHERIT)
366 return dup2(STDOUT_FILENO, fileno) < 0 ? -errno : fileno;
071830ff 367
eb17e935 368 o = e;
80876c20 369
eb17e935 370 } else if (o == EXEC_OUTPUT_INHERIT) {
21d21ea4
LP		 371 /* If input got downgraded, inherit the original value */
372 if (i == EXEC_INPUT_NULL && is_terminal_input(context->std_input))
eb17e935 373 return open_terminal_as(tty_path(context), O_WRONLY, fileno);
21d21ea4 374
acb591e4 375 /* If the input is connected to anything that's not a /dev/null, inherit that... */
ff876e28 376 if (i != EXEC_INPUT_NULL)
eb17e935 377 return dup2(STDIN_FILENO, fileno) < 0 ? -errno : fileno;
071830ff 378
acb591e4
LP		 379 /* If we are not started from PID 1 we just inherit STDOUT from our parent process. */
380 if (getppid() != 1)
eb17e935 381 return fileno;
94f04347 382
eb17e935
MS		 383 /* We need to open /dev/null here anew, to get the right access mode. */
384 return open_null_as(O_WRONLY, fileno);
071830ff 385 }
94f04347 386
eb17e935 387 switch (o) {
80876c20
LP		 388
389 case EXEC_OUTPUT_NULL:
eb17e935 390 return open_null_as(O_WRONLY, fileno);
80876c20
LP		 391
392 case EXEC_OUTPUT_TTY:
4f2d528d 393 if (is_terminal_input(i))
eb17e935 394 return dup2(STDIN_FILENO, fileno) < 0 ? -errno : fileno;
80876c20
LP		 395
396 /* We don't reset the terminal if this is just about output */
eb17e935 397 return open_terminal_as(tty_path(context), O_WRONLY, fileno);
80876c20
LP		 398
399 case EXEC_OUTPUT_SYSLOG:
28dbc1e8 400 case EXEC_OUTPUT_SYSLOG_AND_CONSOLE:
9a6bca7a 401 case EXEC_OUTPUT_KMSG:
28dbc1e8 402 case EXEC_OUTPUT_KMSG_AND_CONSOLE:
706343f4
LP		 403 case EXEC_OUTPUT_JOURNAL:
404 case EXEC_OUTPUT_JOURNAL_AND_CONSOLE:
eb17e935 405 r = connect_logger_as(context, o, ident, unit_id, fileno);
47c1d80d 406 if (r < 0) {
80cbda35
MS		 407 log_struct_unit(LOG_CRIT, unit_id,
408 "MESSAGE=Failed to connect std%s of %s to the journal socket: %s",
eb17e935 409 fileno == STDOUT_FILENO ? "out" : "err",
80cbda35
MS		 410 unit_id, strerror(-r),
411 "ERRNO=%d", -r,
412 NULL);
eb17e935 413 r = open_null_as(O_WRONLY, fileno);
47c1d80d
MS		 414 }
415 return r;
4f2d528d
LP		 416
417 case EXEC_OUTPUT_SOCKET:
418 assert(socket_fd >= 0);
eb17e935 419 return dup2(socket_fd, fileno) < 0 ? -errno : fileno;
94f04347
LP		 420
421 default:
80876c20 422 assert_not_reached("Unknown error type");
94f04347 423 }
071830ff
LP		 424}
425
02a51aba
LP		 426static int chown_terminal(int fd, uid_t uid) {
427 struct stat st;
428
429 assert(fd >= 0);
02a51aba
LP		 430
431 /* This might fail. What matters are the results. */
bab45044
LP		 432 (void) fchown(fd, uid, -1);
433 (void) fchmod(fd, TTY_MODE);
02a51aba
LP		 434
435 if (fstat(fd, &st) < 0)
436 return -errno;
437
d8b4e2e9 438 if (st.st_uid != uid || (st.st_mode & 0777) != TTY_MODE)
02a51aba
LP		 439 return -EPERM;
440
441 return 0;
442}
443
af6da548 444static int setup_confirm_stdio(int *_saved_stdin,
80876c20
LP		 445 int *_saved_stdout) {
446 int fd = -1, saved_stdin, saved_stdout = -1, r;
447
80876c20
LP		 448 assert(_saved_stdin);
449 assert(_saved_stdout);
450
af6da548
LP		 451 saved_stdin = fcntl(STDIN_FILENO, F_DUPFD, 3);
452 if (saved_stdin < 0)
453 return -errno;
80876c20 454
af6da548
LP		 455 saved_stdout = fcntl(STDOUT_FILENO, F_DUPFD, 3);
456 if (saved_stdout < 0) {
457 r = errno;
80876c20
LP		 458 goto fail;
459 }
460
af6da548
LP		 461 fd = acquire_terminal(
462 "/dev/console",
463 false,
464 false,
465 false,
466 DEFAULT_CONFIRM_USEC);
467 if (fd < 0) {
468 r = fd;
80876c20
LP		 469 goto fail;
470 }
471
af6da548
LP		 472 r = chown_terminal(fd, getuid());
473 if (r < 0)
02a51aba 474 goto fail;
02a51aba 475
80876c20 476 if (dup2(fd, STDIN_FILENO) < 0) {
af6da548 477 r = -errno;
80876c20
LP		 478 goto fail;
479 }
480
481 if (dup2(fd, STDOUT_FILENO) < 0) {
af6da548 482 r = -errno;
80876c20
LP		 483 goto fail;
484 }
485
486 if (fd >= 2)
487 close_nointr_nofail(fd);
488
489 *_saved_stdin = saved_stdin;
490 *_saved_stdout = saved_stdout;
491
492 return 0;
493
494fail:
495 if (saved_stdout >= 0)
496 close_nointr_nofail(saved_stdout);
497
498 if (saved_stdin >= 0)
499 close_nointr_nofail(saved_stdin);
500
501 if (fd >= 0)
502 close_nointr_nofail(fd);
503
504 return r;
505}
506
44b601bc 507_printf_(1, 2) static int write_confirm_message(const char *format, ...) {
af6da548
LP		 508 int fd;
509 va_list ap;
80876c20 510
af6da548 511 assert(format);
80876c20 512
af6da548
LP		 513 fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
514 if (fd < 0)
515 return fd;
80876c20 516
af6da548
LP		 517 va_start(ap, format);
518 vdprintf(fd, format, ap);
519 va_end(ap);
80876c20 520
af6da548 521 close_nointr_nofail(fd);
80876c20 522
af6da548
LP		 523 return 0;
524}
80876c20 525
af6da548
LP		 526static int restore_confirm_stdio(int *saved_stdin,
527 int *saved_stdout) {
80876c20 528
af6da548 529 int r = 0;
80876c20 530
af6da548
LP		 531 assert(saved_stdin);
532 assert(saved_stdout);
533
534 release_terminal();
535
536 if (*saved_stdin >= 0)
80876c20 537 if (dup2(*saved_stdin, STDIN_FILENO) < 0)
af6da548 538 r = -errno;
80876c20 539
af6da548 540 if (*saved_stdout >= 0)
80876c20 541 if (dup2(*saved_stdout, STDOUT_FILENO) < 0)
af6da548 542 r = -errno;
80876c20 543
af6da548
LP		 544 if (*saved_stdin >= 0)
545 close_nointr_nofail(*saved_stdin);
80876c20 546
af6da548
LP		 547 if (*saved_stdout >= 0)
548 close_nointr_nofail(*saved_stdout);
549
550 return r;
551}
552
553static int ask_for_confirmation(char *response, char **argv) {
554 int saved_stdout = -1, saved_stdin = -1, r;
555 char *line;
556
557 r = setup_confirm_stdio(&saved_stdin, &saved_stdout);
558 if (r < 0)
559 return r;
560
561 line = exec_command_line(argv);
562 if (!line)
563 return -ENOMEM;
564
565 r = ask(response, "yns", "Execute %s? [Yes, No, Skip] ", line);
566 free(line);
567
568 restore_confirm_stdio(&saved_stdin, &saved_stdout);
569
570 return r;
80876c20
LP		 571}
572
81a2b7ce
LP		 573static int enforce_groups(const ExecContext *context, const char *username, gid_t gid) {
574 bool keep_groups = false;
575 int r;
576
577 assert(context);
578
35b8ca3a 579 /* Lookup and set GID and supplementary group list. Here too
81a2b7ce
LP		 580 * we avoid NSS lookups for gid=0. */
581
582 if (context->group || username) {
583
4b67834e
LP		 584 if (context->group) {
585 const char *g = context->group;
586
587 if ((r = get_group_creds(&g, &gid)) < 0)
81a2b7ce 588 return r;
4b67834e 589 }
81a2b7ce
LP		 590
591 /* First step, initialize groups from /etc/groups */
592 if (username && gid != 0) {
593 if (initgroups(username, gid) < 0)
594 return -errno;
595
596 keep_groups = true;
597 }
598
599 /* Second step, set our gids */
600 if (setresgid(gid, gid, gid) < 0)
601 return -errno;
602 }
603
604 if (context->supplementary_groups) {
605 int ngroups_max, k;
606 gid_t *gids;
607 char **i;
608
609 /* Final step, initialize any manually set supplementary groups */
da19d5c1 610 assert_se((ngroups_max = (int) sysconf(_SC_NGROUPS_MAX)) > 0);
81a2b7ce
LP		 611
612 if (!(gids = new(gid_t, ngroups_max)))
613 return -ENOMEM;
614
615 if (keep_groups) {
616 if ((k = getgroups(ngroups_max, gids)) < 0) {
617 free(gids);
618 return -errno;
619 }
620 } else
621 k = 0;
622
623 STRV_FOREACH(i, context->supplementary_groups) {
4b67834e 624 const char *g;
81a2b7ce
LP		 625
626 if (k >= ngroups_max) {
627 free(gids);
628 return -E2BIG;
629 }
630
4b67834e
LP		 631 g = *i;
632 r = get_group_creds(&g, gids+k);
633 if (r < 0) {
81a2b7ce
LP		 634 free(gids);
635 return r;
636 }
637
638 k++;
639 }
640
641 if (setgroups(k, gids) < 0) {
642 free(gids);
643 return -errno;
644 }
645
646 free(gids);
647 }
648
649 return 0;
650}
651
652static int enforce_user(const ExecContext *context, uid_t uid) {
653 int r;
654 assert(context);
655
656 /* Sets (but doesn't lookup) the uid and make sure we keep the
657 * capabilities while doing so. */
658
659 if (context->capabilities) {
660 cap_t d;
661 static const cap_value_t bits[] = {
662 CAP_SETUID, /* Necessary so that we can run setresuid() below */
663 CAP_SETPCAP /* Necessary so that we can set PR_SET_SECUREBITS later on */
664 };
665
666 /* First step: If we need to keep capabilities but
667 * drop privileges we need to make sure we keep our
cbb21cca 668 * caps, while we drop privileges. */
693ced48 669 if (uid != 0) {
cbb21cca 670 int sb = context->secure_bits | 1<<SECURE_KEEP_CAPS;
693ced48
LP		 671
672 if (prctl(PR_GET_SECUREBITS) != sb)
673 if (prctl(PR_SET_SECUREBITS, sb) < 0)
674 return -errno;
675 }
81a2b7ce 676
35b8ca3a 677 /* Second step: set the capabilities. This will reduce
81a2b7ce
LP		 678 * the capabilities to the minimum we need. */
679
680 if (!(d = cap_dup(context->capabilities)))
681 return -errno;
682
683 if (cap_set_flag(d, CAP_EFFECTIVE, ELEMENTSOF(bits), bits, CAP_SET) < 0 ||
684 cap_set_flag(d, CAP_PERMITTED, ELEMENTSOF(bits), bits, CAP_SET) < 0) {
685 r = -errno;
686 cap_free(d);
687 return r;
688 }
689
690 if (cap_set_proc(d) < 0) {
691 r = -errno;
692 cap_free(d);
693 return r;
694 }
695
696 cap_free(d);
697 }
698
699 /* Third step: actually set the uids */
700 if (setresuid(uid, uid, uid) < 0)
701 return -errno;
702
703 /* At this point we should have all necessary capabilities but
704 are otherwise a normal user. However, the caps might got
705 corrupted due to the setresuid() so we need clean them up
706 later. This is done outside of this call. */
707
708 return 0;
709}
710
5b6319dc
LP		 711#ifdef HAVE_PAM
712
713static int null_conv(
714 int num_msg,
715 const struct pam_message **msg,
716 struct pam_response **resp,
717 void *appdata_ptr) {
718
719 /* We don't support conversations */
720
721 return PAM_CONV_ERR;
722}
723
724static int setup_pam(
725 const char *name,
726 const char *user,
940c5210 727 uid_t uid,
5b6319dc
LP		 728 const char *tty,
729 char ***pam_env,
730 int fds[], unsigned n_fds) {
731
732 static const struct pam_conv conv = {
733 .conv = null_conv,
734 .appdata_ptr = NULL
735 };
736
737 pam_handle_t *handle = NULL;
738 sigset_t ss, old_ss;
739 int pam_code = PAM_SUCCESS;
9ba35398 740 int err;
5b6319dc
LP		 741 char **e = NULL;
742 bool close_session = false;
743 pid_t pam_pid = 0, parent_pid;
970edce6 744 int flags = 0;
5b6319dc
LP		 745
746 assert(name);
747 assert(user);
748 assert(pam_env);
749
750 /* We set up PAM in the parent process, then fork. The child
35b8ca3a 751 * will then stay around until killed via PR_GET_PDEATHSIG or
5b6319dc
LP		 752 * systemd via the cgroup logic. It will then remove the PAM
753 * session again. The parent process will exec() the actual
754 * daemon. We do things this way to ensure that the main PID
755 * of the daemon is the one we initially fork()ed. */
756
970edce6
ZJS		 757 if (log_get_max_level() < LOG_PRI(LOG_DEBUG))
758 flags |= PAM_SILENT;
759
f546241b
ZJS		 760 pam_code = pam_start(name, user, &conv, &handle);
761 if (pam_code != PAM_SUCCESS) {
5b6319dc
LP		 762 handle = NULL;
763 goto fail;
764 }
765
f546241b
ZJS		 766 if (tty) {
767 pam_code = pam_set_item(handle, PAM_TTY, tty);
768 if (pam_code != PAM_SUCCESS)
5b6319dc 769 goto fail;
f546241b 770 }
5b6319dc 771
970edce6 772 pam_code = pam_acct_mgmt(handle, flags);
f546241b 773 if (pam_code != PAM_SUCCESS)
5b6319dc
LP		 774 goto fail;
775
970edce6 776 pam_code = pam_open_session(handle, flags);
f546241b 777 if (pam_code != PAM_SUCCESS)
5b6319dc
LP		 778 goto fail;
779
780 close_session = true;
781
f546241b
ZJS		 782 e = pam_getenvlist(handle);
783 if (!e) {
5b6319dc
LP		 784 pam_code = PAM_BUF_ERR;
785 goto fail;
786 }
787
788 /* Block SIGTERM, so that we know that it won't get lost in
789 * the child */
790 if (sigemptyset(&ss) < 0 ||
791 sigaddset(&ss, SIGTERM) < 0 ||
792 sigprocmask(SIG_BLOCK, &ss, &old_ss) < 0)
793 goto fail;
794
795 parent_pid = getpid();
796
f546241b
ZJS		 797 pam_pid = fork();
798 if (pam_pid < 0)
5b6319dc
LP		 799 goto fail;
800
801 if (pam_pid == 0) {
802 int sig;
803 int r = EXIT_PAM;
804
805 /* The child's job is to reset the PAM session on
806 * termination */
807
808 /* This string must fit in 10 chars (i.e. the length
5d6b1584
LP		 809 * of "/sbin/init"), to look pretty in /bin/ps */
810 rename_process("(sd-pam)");
5b6319dc
LP		 811
812 /* Make sure we don't keep open the passed fds in this
813 child. We assume that otherwise only those fds are
814 open here that have been opened by PAM. */
815 close_many(fds, n_fds);
816
940c5210
AK		 817 /* Drop privileges - we don't need any to pam_close_session
818 * and this will make PR_SET_PDEATHSIG work in most cases.
819 * If this fails, ignore the error - but expect sd-pam threads
820 * to fail to exit normally */
821 if (setresuid(uid, uid, uid) < 0)
822 log_error("Error: Failed to setresuid() in sd-pam: %s", strerror(-r));
823
824 /* Wait until our parent died. This will only work if
825 * the above setresuid() succeeds, otherwise the kernel
826 * will not allow unprivileged parents kill their privileged
827 * children this way. We rely on the control groups kill logic
5b6319dc
LP		 828 * to do the rest for us. */
829 if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
830 goto child_finish;
831
832 /* Check if our parent process might already have
833 * died? */
834 if (getppid() == parent_pid) {
3dead8d9
LP		 835 for (;;) {
836 if (sigwait(&ss, &sig) < 0) {
837 if (errno == EINTR)
838 continue;
839
840 goto child_finish;
841 }
5b6319dc 842
3dead8d9
LP		 843 assert(sig == SIGTERM);
844 break;
845 }
5b6319dc
LP		 846 }
847
3dead8d9 848 /* If our parent died we'll end the session */
f546241b 849 if (getppid() != parent_pid) {
970edce6 850 pam_code = pam_close_session(handle, flags);
f546241b 851 if (pam_code != PAM_SUCCESS)
5b6319dc 852 goto child_finish;
f546241b 853 }
5b6319dc
LP		 854
855 r = 0;
856
857 child_finish:
970edce6 858 pam_end(handle, pam_code | flags);
5b6319dc
LP		 859 _exit(r);
860 }
861
862 /* If the child was forked off successfully it will do all the
863 * cleanups, so forget about the handle here. */
864 handle = NULL;
865
3b8bddde 866 /* Unblock SIGTERM again in the parent */
5b6319dc
LP		 867 if (sigprocmask(SIG_SETMASK, &old_ss, NULL) < 0)
868 goto fail;
869
870 /* We close the log explicitly here, since the PAM modules
871 * might have opened it, but we don't want this fd around. */
872 closelog();
873
aa87e624
LP		 874 *pam_env = e;
875 e = NULL;
876
5b6319dc
LP		 877 return 0;
878
879fail:
970edce6
ZJS		 880 if (pam_code != PAM_SUCCESS) {
881 log_error("PAM failed: %s", pam_strerror(handle, pam_code));
9ba35398 882 err = -EPERM; /* PAM errors do not map to errno */
970edce6
ZJS		 883 } else {
884 log_error("PAM failed: %m");
9ba35398 885 err = -errno;
970edce6 886 }
9ba35398 887
5b6319dc
LP		 888 if (handle) {
889 if (close_session)
970edce6 890 pam_code = pam_close_session(handle, flags);
5b6319dc 891
970edce6 892 pam_end(handle, pam_code | flags);
5b6319dc
LP		 893 }
894
895 strv_free(e);
896
897 closelog();
898
430c18ed 899 if (pam_pid > 1) {
5b6319dc 900 kill(pam_pid, SIGTERM);
430c18ed
LP		 901 kill(pam_pid, SIGCONT);
902 }
5b6319dc 903
9ba35398 904 return err;
5b6319dc
LP		 905}
906#endif
907
5d6b1584
LP		 908static void rename_process_from_path(const char *path) {
909 char process_name[11];
910 const char *p;
911 size_t l;
912
913 /* This resulting string must fit in 10 chars (i.e. the length
914 * of "/sbin/init") to look pretty in /bin/ps */
915
2b6bf07d 916 p = basename(path);
5d6b1584
LP		 917 if (isempty(p)) {
918 rename_process("(...)");
919 return;
920 }
921
922 l = strlen(p);
923 if (l > 8) {
924 /* The end of the process name is usually more
925 * interesting, since the first bit might just be
926 * "systemd-" */
927 p = p + l - 8;
928 l = 8;
929 }
930
931 process_name[0] = '(';
932 memcpy(process_name+1, p, l);
933 process_name[1+l] = ')';
934 process_name[1+l+1] = 0;
935
936 rename_process(process_name);
937}
938
8351ceae
LP		 939static int apply_seccomp(uint32_t *syscall_filter) {
940 static const struct sock_filter header[] = {
941 VALIDATE_ARCHITECTURE,
942 EXAMINE_SYSCALL
943 };
944 static const struct sock_filter footer[] = {
945 _KILL_PROCESS
946 };
947
948 int i;
949 unsigned n;
950 struct sock_filter *f;
b92bea5d 951 struct sock_fprog prog = {};
8351ceae
LP		 952
953 assert(syscall_filter);
954
955 /* First: count the syscalls to check for */
956 for (i = 0, n = 0; i < syscall_max(); i++)
957 if (syscall_filter[i >> 4] & (1 << (i & 31)))
958 n++;
959
960 /* Second: build the filter program from a header the syscall
961 * matches and the footer */
962 f = alloca(sizeof(struct sock_filter) * (ELEMENTSOF(header) + 2*n + ELEMENTSOF(footer)));
963 memcpy(f, header, sizeof(header));
964
965 for (i = 0, n = 0; i < syscall_max(); i++)
966 if (syscall_filter[i >> 4] & (1 << (i & 31))) {
967 struct sock_filter item[] = {
843fc7f7 968 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, INDEX_TO_SYSCALL(i), 0, 1),
8351ceae
LP		 969 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
970 };
971
972 assert_cc(ELEMENTSOF(item) == 2);
973
974 f[ELEMENTSOF(header) + 2*n] = item[0];
975 f[ELEMENTSOF(header) + 2*n+1] = item[1];
976
977 n++;
978 }
979
980 memcpy(f + (ELEMENTSOF(header) + 2*n), footer, sizeof(footer));
981
982 /* Third: install the filter */
8351ceae
LP		 983 prog.len = ELEMENTSOF(header) + ELEMENTSOF(footer) + 2*n;
984 prog.filter = f;
985 if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog) < 0)
986 return -errno;
987
988 return 0;
989}
990
31a7eb86
ZJS		 991static void do_idle_pipe_dance(int idle_pipe[4]) {
992 assert(idle_pipe);
993
994 if (idle_pipe[1] >= 0)
995 close_nointr_nofail(idle_pipe[1]);
996 if (idle_pipe[2] >= 0)
997 close_nointr_nofail(idle_pipe[2]);
998
999 if (idle_pipe[0] >= 0) {
1000 int r;
1001
1002 r = fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT_USEC);
1003
1004 if (idle_pipe[3] >= 0 && r == 0 /* timeout */) {
1005 /* Signal systemd that we are bored and want to continue. */
1006 write(idle_pipe[3], "x", 1);
1007
1008 /* Wait for systemd to react to the signal above. */
1009 fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT2_USEC);
1010 }
1011
1012 close_nointr_nofail(idle_pipe[0]);
1013
1014 }
1015
1016 if (idle_pipe[3] >= 0)
1017 close_nointr_nofail(idle_pipe[3]);
1018}
1019
7cae38c4
LP		 1020static int build_environment(
1021 ExecContext *c,
1022 unsigned n_fds,
09812eb7 1023 usec_t watchdog_usec,
7cae38c4
LP		 1024 const char *home,
1025 const char *username,
1026 const char *shell,
1027 char ***ret) {
1028
1029 _cleanup_strv_free_ char **our_env = NULL;
1030 unsigned n_env = 0;
1031 char *x;
1032
1033 assert(c);
1034 assert(ret);
1035
09812eb7 1036 our_env = new0(char*, 10);
7cae38c4
LP		 1037 if (!our_env)
1038 return -ENOMEM;
1039
1040 if (n_fds > 0) {
1041 if (asprintf(&x, "LISTEN_PID=%lu", (unsigned long) getpid()) < 0)
1042 return -ENOMEM;
1043 our_env[n_env++] = x;
1044
1045 if (asprintf(&x, "LISTEN_FDS=%u", n_fds) < 0)
1046 return -ENOMEM;
1047 our_env[n_env++] = x;
1048 }
1049
09812eb7
LP		 1050 if (watchdog_usec > 0) {
1051 if (asprintf(&x, "WATCHDOG_PID=%lu", (unsigned long) getpid()) < 0)
1052 return -ENOMEM;
1053 our_env[n_env++] = x;
1054
1055 if (asprintf(&x, "WATCHDOG_USEC=%llu", (unsigned long long) watchdog_usec) < 0)
1056 return -ENOMEM;
1057 our_env[n_env++] = x;
1058 }
1059
7cae38c4
LP		 1060 if (home) {
1061 x = strappend("HOME=", home);
1062 if (!x)
1063 return -ENOMEM;
1064 our_env[n_env++] = x;
1065 }
1066
1067 if (username) {
1068 x = strappend("LOGNAME=", username);
1069 if (!x)
1070 return -ENOMEM;
1071 our_env[n_env++] = x;
1072
1073 x = strappend("USER=", username);
1074 if (!x)
1075 return -ENOMEM;
1076 our_env[n_env++] = x;
1077 }
1078
1079 if (shell) {
1080 x = strappend("SHELL=", shell);
1081 if (!x)
1082 return -ENOMEM;
1083 our_env[n_env++] = x;
1084 }
1085
1086 if (is_terminal_input(c->std_input) ||
1087 c->std_output == EXEC_OUTPUT_TTY ||
1088 c->std_error == EXEC_OUTPUT_TTY ||
1089 c->tty_path) {
1090
1091 x = strdup(default_term_for_tty(tty_path(c)));
1092 if (!x)
1093 return -ENOMEM;
1094 our_env[n_env++] = x;
1095 }
1096
1097 our_env[n_env++] = NULL;
09812eb7 1098 assert(n_env <= 10);
7cae38c4
LP		 1099
1100 *ret = our_env;
1101 our_env = NULL;
1102
1103 return 0;
1104}
1105
9fb86720 1106int exec_spawn(ExecCommand *command,
9e2f7c11 1107 char **argv,
c17ec25e 1108 ExecContext *context,
c2748801 1109 int fds[], unsigned n_fds,
1137a57c 1110 char **environment,
81a2b7ce
LP		 1111 bool apply_permissions,
1112 bool apply_chroot,
1e3ad081 1113 bool apply_tty_stdin,
80876c20 1114 bool confirm_spawn,
13b84ec7 1115 CGroupControllerMask cgroup_supported,
4ad49000 1116 const char *cgroup_path,
62bca2c6 1117 const char *unit_id,
09812eb7 1118 usec_t watchdog_usec,
31a7eb86 1119 int idle_pipe[4],
613b411c 1120 ExecRuntime *runtime,
81a2b7ce
LP		 1121 pid_t *ret) {
1122
4ad49000
LP		 1123 _cleanup_strv_free_ char **files_env = NULL;
1124 int socket_fd;
1125 char *line;
034c6ed7 1126 pid_t pid;
8e274523 1127 int r;
034c6ed7 1128
5cb5a6ff
LP		 1129 assert(command);
1130 assert(context);
1131 assert(ret);
034c6ed7
LP		 1132 assert(fds || n_fds <= 0);
1133
4f2d528d
LP		 1134 if (context->std_input == EXEC_INPUT_SOCKET ||
1135 context->std_output == EXEC_OUTPUT_SOCKET ||
1136 context->std_error == EXEC_OUTPUT_SOCKET) {
1137
1138 if (n_fds != 1)
1139 return -EINVAL;
1140
1141 socket_fd = fds[0];
1142
1143 fds = NULL;
1144 n_fds = 0;
1145 } else
1146 socket_fd = -1;
1147
b66871da
ZJS		 1148 r = exec_context_load_environment(context, &files_env);
1149 if (r < 0) {
bbc9006e
MT		 1150 log_struct_unit(LOG_ERR,
1151 unit_id,
23635a85
ZJS		 1152 "MESSAGE=Failed to load environment files: %s", strerror(-r),
1153 "ERRNO=%d", -r,
1154 NULL);
8c7be95e
LP		 1155 return r;
1156 }
1157
9e2f7c11
LP		 1158 if (!argv)
1159 argv = command->argv;
1160
af6da548 1161 line = exec_command_line(argv);
b66871da
ZJS		 1162 if (!line)
1163 return log_oom();
1a63a750 1164
bbc9006e 1165 log_struct_unit(LOG_DEBUG,
099a804b
LP		 1166 unit_id,
1167 "EXECUTABLE=%s", command->path,
1168 "MESSAGE=About to execute: %s", line,
1169 NULL);
1a63a750 1170 free(line);
acbb0225 1171
b66871da
ZJS		 1172 pid = fork();
1173 if (pid < 0)
1174 return -errno;
034c6ed7
LP		 1175
1176 if (pid == 0) {
613b411c 1177 _cleanup_strv_free_ char **our_env = NULL, **pam_env = NULL, **final_env = NULL, **final_argv = NULL;
59fccd82 1178 const char *username = NULL, *home = NULL, *shell = NULL;
7cae38c4 1179 unsigned n_dont_close = 0;
613b411c 1180 int dont_close[n_fds + 3];
81a2b7ce
LP		 1181 uid_t uid = (uid_t) -1;
1182 gid_t gid = (gid_t) -1;
613b411c
LP		 1183 sigset_t ss;
1184 int i, err;
309bff19 1185
034c6ed7 1186 /* child */
5cb5a6ff 1187
5d6b1584 1188 rename_process_from_path(command->path);
5b6319dc 1189
1b91d3e8
LP		 1190 /* We reset exactly these signals, since they are the
1191 * only ones we set to SIG_IGN in the main daemon. All
1192 * others we leave untouched because we set them to
1193 * SIG_DFL or a valid handler initially, both of which
1194 * will be demoted to SIG_DFL. */
1195 default_signals(SIGNALS_CRASH_HANDLER,
9a34ec5f 1196 SIGNALS_IGNORE, -1);
7b683879 1197
353e12c2
LP		 1198 if (context->ignore_sigpipe)
1199 ignore_signals(SIGPIPE, -1);
1200
1201 assert_se(sigemptyset(&ss) == 0);
1202 if (sigprocmask(SIG_SETMASK, &ss, NULL) < 0) {
4c2630eb 1203 err = -errno;
309bff19 1204 r = EXIT_SIGNAL_MASK;
8c7be95e 1205 goto fail_child;
309bff19
LP		 1206 }
1207
31a7eb86
ZJS		 1208 if (idle_pipe)
1209 do_idle_pipe_dance(idle_pipe);
f2b68789 1210
85d73053
LP		 1211 /* Close sockets very early to make sure we don't
1212 * block init reexecution because it cannot bind its
1213 * sockets */
4d8a7798 1214 log_forget_fds();
613b411c
LP		 1215
1216 if (socket_fd >= 0)
1217 dont_close[n_dont_close++] = socket_fd;
1218 if (n_fds > 0) {
1219 memcpy(dont_close + n_dont_close, fds, sizeof(int) * n_fds);
1220 n_dont_close += n_fds;
1221 }
1222 if (runtime) {
1223 if (runtime->netns_storage_socket[0] >= 0)
1224 dont_close[n_dont_close++] = runtime->netns_storage_socket[0];
1225 if (runtime->netns_storage_socket[1] >= 0)
1226 dont_close[n_dont_close++] = runtime->netns_storage_socket[1];
1227 }
1228
1229 err = close_all_fds(dont_close, n_dont_close);
4c2630eb 1230 if (err < 0) {
fc9b2a84 1231 r = EXIT_FDS;
8c7be95e 1232 goto fail_child;
fc9b2a84
LP		 1233 }
1234
74922904 1235 if (!context->same_pgrp)
8d567588 1236 if (setsid() < 0) {
4c2630eb 1237 err = -errno;
8d567588 1238 r = EXIT_SETSID;
8c7be95e 1239 goto fail_child;
8d567588 1240 }
80876c20 1241
c5da34ef
LP		 1242 if (context->tcpwrap_name) {
1243 if (socket_fd >= 0)
1244 if (!socket_tcpwrap(socket_fd, context->tcpwrap_name)) {
4c2630eb 1245 err = -EACCES;
c5da34ef 1246 r = EXIT_TCPWRAP;
8c7be95e 1247 goto fail_child;
c5da34ef
LP		 1248 }
1249
1250 for (i = 0; i < (int) n_fds; i++) {
1251 if (!socket_tcpwrap(fds[i], context->tcpwrap_name)) {
4c2630eb 1252 err = -EACCES;
c5da34ef 1253 r = EXIT_TCPWRAP;
8c7be95e 1254 goto fail_child;
c5da34ef 1255 }
df1f0afe 1256 }
c5da34ef 1257 }
df1f0afe 1258
6ea832a2
LP		 1259 exec_context_tty_reset(context);
1260
af6da548 1261 if (confirm_spawn) {
80876c20
LP		 1262 char response;
1263
af6da548
LP		 1264 err = ask_for_confirmation(&response, argv);
1265 if (err == -ETIMEDOUT)
1266 write_confirm_message("Confirmation question timed out, assuming positive response.\n");
1267 else if (err < 0)
1268 write_confirm_message("Couldn't ask confirmation question, assuming positive response: %s\n", strerror(-err));
1269 else if (response == 's') {
1270 write_confirm_message("Skipping execution.\n");
4c2630eb 1271 err = -ECANCELED;
80876c20 1272 r = EXIT_CONFIRM;
8c7be95e 1273 goto fail_child;
af6da548
LP		 1274 } else if (response == 'n') {
1275 write_confirm_message("Failing execution.\n");
4c2630eb 1276 err = r = 0;
8c7be95e 1277 goto fail_child;
ee2b4894 1278 }
034c6ed7
LP		 1279 }
1280
da726a4d
LP		 1281 /* If a socket is connected to STDIN/STDOUT/STDERR, we
1282 * must sure to drop O_NONBLOCK */
1283 if (socket_fd >= 0)
1284 fd_nonblock(socket_fd, false);
1285
af6da548
LP		 1286 err = setup_input(context, socket_fd, apply_tty_stdin);
1287 if (err < 0) {
1288 r = EXIT_STDIN;
1289 goto fail_child;
4c2630eb 1290 }
9eba9da4 1291
2b6bf07d 1292 err = setup_output(context, STDOUT_FILENO, socket_fd, basename(command->path), unit_id, apply_tty_stdin);
af6da548
LP		 1293 if (err < 0) {
1294 r = EXIT_STDOUT;
1295 goto fail_child;
4c2630eb 1296 }
94f04347 1297
2b6bf07d 1298 err = setup_output(context, STDERR_FILENO, socket_fd, basename(command->path), unit_id, apply_tty_stdin);
4c2630eb 1299 if (err < 0) {
80876c20 1300 r = EXIT_STDERR;
8c7be95e 1301 goto fail_child;
071830ff
LP		 1302 }
1303
4ad49000 1304 if (cgroup_path) {
13b84ec7 1305 err = cg_attach_everywhere(cgroup_supported, cgroup_path, 0);
4c2630eb 1306 if (err < 0) {
8e274523 1307 r = EXIT_CGROUP;
8c7be95e 1308 goto fail_child;
8e274523 1309 }
4c2630eb 1310 }
8e274523 1311
dd6c17b1 1312 if (context->oom_score_adjust_set) {
fb33a393 1313 char t[16];
034c6ed7 1314
dd6c17b1 1315 snprintf(t, sizeof(t), "%i", context->oom_score_adjust);
fb33a393 1316 char_array_0(t);
034c6ed7 1317
574d5f2d 1318 if (write_string_file("/proc/self/oom_score_adj", t) < 0) {
8600c525
KS		 1319 err = -errno;
1320 r = EXIT_OOM_ADJUST;
1321 goto fail_child;
fb33a393 1322 }
034c6ed7
LP		 1323 }
1324
fb33a393
LP		 1325 if (context->nice_set)
1326 if (setpriority(PRIO_PROCESS, 0, context->nice) < 0) {
4c2630eb 1327 err = -errno;
fb33a393 1328 r = EXIT_NICE;
8c7be95e 1329 goto fail_child;
fb33a393
LP		 1330 }
1331
94f04347 1332 if (context->cpu_sched_set) {
b92bea5d
ZJS		 1333 struct sched_param param = {
1334 .sched_priority = context->cpu_sched_priority,
1335 };
94f04347 1336
e62d8c39
ZJS		 1337 r = sched_setscheduler(0,
1338 context->cpu_sched_policy |
1339 (context->cpu_sched_reset_on_fork ?
1340 SCHED_RESET_ON_FORK : 0),
1341 &param);
1342 if (r < 0) {
4c2630eb 1343 err = -errno;
94f04347 1344 r = EXIT_SETSCHEDULER;
8c7be95e 1345 goto fail_child;
94f04347
LP		 1346 }
1347 }
1348
82c121a4
LP		 1349 if (context->cpuset)
1350 if (sched_setaffinity(0, CPU_ALLOC_SIZE(context->cpuset_ncpus), context->cpuset) < 0) {
4c2630eb 1351 err = -errno;
94f04347 1352 r = EXIT_CPUAFFINITY;
8c7be95e 1353 goto fail_child;
94f04347
LP		 1354 }
1355
9eba9da4
LP		 1356 if (context->ioprio_set)
1357 if (ioprio_set(IOPRIO_WHO_PROCESS, 0, context->ioprio) < 0) {
4c2630eb 1358 err = -errno;
9eba9da4 1359 r = EXIT_IOPRIO;
8c7be95e 1360 goto fail_child;
9eba9da4
LP		 1361 }
1362
d88a251b 1363 if (context->timer_slack_nsec != (nsec_t) -1)
03fae018 1364 if (prctl(PR_SET_TIMERSLACK, context->timer_slack_nsec) < 0) {
4c2630eb 1365 err = -errno;
94f04347 1366 r = EXIT_TIMERSLACK;
8c7be95e 1367 goto fail_child;
94f04347
LP		 1368 }
1369
169c1bda 1370 if (context->utmp_id)
0ad26e09 1371 utmp_put_init_process(context->utmp_id, getpid(), getsid(0), context->tty_path);
169c1bda 1372
81a2b7ce
LP		 1373 if (context->user) {
1374 username = context->user;
59fccd82 1375 err = get_user_creds(&username, &uid, &gid, &home, &shell);
4c2630eb 1376 if (err < 0) {
81a2b7ce 1377 r = EXIT_USER;
8c7be95e 1378 goto fail_child;
81a2b7ce 1379 }
d8b4e2e9 1380
4c2630eb
MS		 1381 if (is_terminal_input(context->std_input)) {
1382 err = chown_terminal(STDIN_FILENO, uid);
1383 if (err < 0) {
d8b4e2e9 1384 r = EXIT_STDIN;
8c7be95e 1385 goto fail_child;
d8b4e2e9 1386 }
4c2630eb 1387 }
81a2b7ce
LP		 1388 }
1389
8aa75193
LP		 1390#ifdef HAVE_PAM
1391 if (cgroup_path && context->user && context->pam_name) {
1392 err = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0644, uid, gid);
1393 if (err < 0) {
1394 r = EXIT_CGROUP;
1395 goto fail_child;
1396 }
1397
1398
1399 err = cg_set_group_access(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, 0755, uid, gid);
1400 if (err < 0) {
1401 r = EXIT_CGROUP;
1402 goto fail_child;
1403 }
1404 }
1405#endif
1406
4c2630eb
MS		 1407 if (apply_permissions) {
1408 err = enforce_groups(context, username, gid);
1409 if (err < 0) {
3b8bddde
LP		 1410 r = EXIT_GROUP;
1411 goto fail_child;
1412 }
4c2630eb 1413 }
3b8bddde
LP		 1414
1415 umask(context->umask);
1416
5b6319dc 1417#ifdef HAVE_PAM
b7848021 1418 if (apply_permissions && context->pam_name && username) {
940c5210 1419 err = setup_pam(context->pam_name, username, uid, context->tty_path, &pam_env, fds, n_fds);
4c2630eb 1420 if (err < 0) {
5b6319dc 1421 r = EXIT_PAM;
8c7be95e 1422 goto fail_child;
5b6319dc
LP		 1423 }
1424 }
1425#endif
613b411c
LP		 1426 if (context->private_network && runtime && runtime->netns_storage_socket[0] >= 0) {
1427 err = setup_netns(runtime->netns_storage_socket);
1428 if (err < 0) {
ff01d048
LP		 1429 r = EXIT_NETWORK;
1430 goto fail_child;
1431 }
ff01d048 1432 }
5b6319dc 1433
613b411c
LP		 1434 if (!strv_isempty(context->read_write_dirs) ||
1435 !strv_isempty(context->read_only_dirs) ||
1436 !strv_isempty(context->inaccessible_dirs) ||
ac0930c8 1437 context->mount_flags != 0 ||
613b411c
LP		 1438 (context->private_tmp && runtime && (runtime->tmp_dir || runtime->var_tmp_dir))) {
1439
1440 char *tmp = NULL, *var = NULL;
1441
1442 /* The runtime struct only contains the parent
1443 * of the private /tmp, which is
1444 * non-accessible to world users. Inside of it
1445 * there's a /tmp that is sticky, and that's
1446 * the one we want to use here. */
1447
1448 if (context->private_tmp && runtime) {
1449 if (runtime->tmp_dir)
1450 tmp = strappenda(runtime->tmp_dir, "/tmp");
1451 if (runtime->var_tmp_dir)
1452 var = strappenda(runtime->var_tmp_dir, "/tmp");
1453 }
1454
1455 err = setup_namespace(
1456 context->read_write_dirs,
1457 context->read_only_dirs,
1458 context->inaccessible_dirs,
1459 tmp,
1460 var,
1461 context->mount_flags);
1462
4c2630eb
MS		 1463 if (err < 0) {
1464 r = EXIT_NAMESPACE;
8c7be95e 1465 goto fail_child;
4c2630eb
MS		 1466 }
1467 }
04aa0cb9 1468
81a2b7ce
LP		 1469 if (apply_chroot) {
1470 if (context->root_directory)
1471 if (chroot(context->root_directory) < 0) {
4c2630eb 1472 err = -errno;
81a2b7ce 1473 r = EXIT_CHROOT;
8c7be95e 1474 goto fail_child;
81a2b7ce
LP		 1475 }
1476
1477 if (chdir(context->working_directory ? context->working_directory : "/") < 0) {
4c2630eb 1478 err = -errno;
81a2b7ce 1479 r = EXIT_CHDIR;
8c7be95e 1480 goto fail_child;
81a2b7ce
LP		 1481 }
1482 } else {
7fd1b19b 1483 _cleanup_free_ char *d = NULL;
81a2b7ce
LP		 1484
1485 if (asprintf(&d, "%s/%s",
1486 context->root_directory ? context->root_directory : "",
1487 context->working_directory ? context->working_directory : "") < 0) {
4c2630eb 1488 err = -ENOMEM;
81a2b7ce 1489 r = EXIT_MEMORY;
8c7be95e 1490 goto fail_child;
81a2b7ce
LP		 1491 }
1492
1493 if (chdir(d) < 0) {
4c2630eb 1494 err = -errno;
81a2b7ce 1495 r = EXIT_CHDIR;
8c7be95e 1496 goto fail_child;
81a2b7ce 1497 }
81a2b7ce
LP		 1498 }
1499
fc9b2a84
LP		 1500 /* We repeat the fd closing here, to make sure that
1501 * nothing is leaked from the PAM modules */
4c2630eb
MS		 1502 err = close_all_fds(fds, n_fds);
1503 if (err >= 0)
1504 err = shift_fds(fds, n_fds);
1505 if (err >= 0)
1506 err = flags_fds(fds, n_fds, context->non_blocking);
1507 if (err < 0) {
034c6ed7 1508 r = EXIT_FDS;
8c7be95e 1509 goto fail_child;
034c6ed7
LP		 1510 }
1511
81a2b7ce 1512 if (apply_permissions) {
034c6ed7 1513
81a2b7ce
LP		 1514 for (i = 0; i < RLIMIT_NLIMITS; i++) {
1515 if (!context->rlimit[i])
1516 continue;
1517
68faf98c 1518 if (setrlimit_closest(i, context->rlimit[i]) < 0) {
4c2630eb 1519 err = -errno;
81a2b7ce 1520 r = EXIT_LIMITS;
8c7be95e 1521 goto fail_child;
81a2b7ce 1522 }
034c6ed7 1523 }
034c6ed7 1524
4c2630eb 1525 if (context->capability_bounding_set_drop) {
ec8927ca 1526 err = capability_bounding_set_drop(context->capability_bounding_set_drop, false);
4c2630eb 1527 if (err < 0) {
73090dc8
LP		 1528 r = EXIT_CAPABILITIES;
1529 goto fail_child;
1530 }
4c2630eb 1531 }
260abb78 1532
4c2630eb
MS		 1533 if (context->user) {
1534 err = enforce_user(context, uid);
1535 if (err < 0) {
81a2b7ce 1536 r = EXIT_USER;
8c7be95e 1537 goto fail_child;
81a2b7ce 1538 }
4c2630eb 1539 }
81a2b7ce 1540
35b8ca3a 1541 /* PR_GET_SECUREBITS is not privileged, while
693ced48
LP		 1542 * PR_SET_SECUREBITS is. So to suppress
1543 * potential EPERMs we'll try not to call
1544 * PR_SET_SECUREBITS unless necessary. */
1545 if (prctl(PR_GET_SECUREBITS) != context->secure_bits)
1546 if (prctl(PR_SET_SECUREBITS, context->secure_bits) < 0) {
4c2630eb 1547 err = -errno;
693ced48 1548 r = EXIT_SECUREBITS;
8c7be95e 1549 goto fail_child;
693ced48 1550 }
81a2b7ce
LP		 1551
1552 if (context->capabilities)
1553 if (cap_set_proc(context->capabilities) < 0) {
4c2630eb 1554 err = -errno;
81a2b7ce 1555 r = EXIT_CAPABILITIES;
8c7be95e 1556 goto fail_child;
81a2b7ce 1557 }
8351ceae
LP		 1558
1559 if (context->no_new_privileges)
1560 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
1561 err = -errno;
1562 r = EXIT_NO_NEW_PRIVILEGES;
1563 goto fail_child;
1564 }
1565
1566 if (context->syscall_filter) {
1567 err = apply_seccomp(context->syscall_filter);
1568 if (err < 0) {
1569 r = EXIT_SECCOMP;
1570 goto fail_child;
1571 }
1572 }
94f04347
LP		 1573 }
1574
09812eb7 1575 err = build_environment(context, n_fds, watchdog_usec, home, username, shell, &our_env);
7cae38c4 1576 if (r < 0) {
81a2b7ce 1577 r = EXIT_MEMORY;
8c7be95e 1578 goto fail_child;
81a2b7ce 1579 }
034c6ed7 1580
e62d8c39
ZJS		 1581 final_env = strv_env_merge(5,
1582 environment,
1583 our_env,
1584 context->environment,
1585 files_env,
1586 pam_env,
1587 NULL);
1588 if (!final_env) {
4c2630eb 1589 err = -ENOMEM;
81a2b7ce 1590 r = EXIT_MEMORY;
8c7be95e 1591 goto fail_child;
81a2b7ce 1592 }
034c6ed7 1593
e62d8c39
ZJS		 1594 final_argv = replace_env_argv(argv, final_env);
1595 if (!final_argv) {
4c2630eb 1596 err = -ENOMEM;
fab56fc5 1597 r = EXIT_MEMORY;
8c7be95e 1598 goto fail_child;
fab56fc5
LP		 1599 }
1600
a6ff950e
LP		 1601 final_env = strv_env_clean(final_env);
1602
03bb799e
HH		 1603 if (_unlikely_(log_get_max_level() >= LOG_PRI(LOG_DEBUG))) {
1604 line = exec_command_line(final_argv);
1605 if (line) {
1606 log_open();
1607 log_struct_unit(LOG_DEBUG,
1608 unit_id,
1609 "EXECUTABLE=%s", command->path,
099a804b
LP		 1610 "MESSAGE=Executing: %s", line,
1611 NULL);
03bb799e
HH		 1612 log_close();
1613 free(line);
1614 line = NULL;
1615 }
1616 }
fab56fc5 1617 execve(command->path, final_argv, final_env);
4c2630eb 1618 err = -errno;
034c6ed7
LP		 1619 r = EXIT_EXEC;
1620
8c7be95e 1621 fail_child:
4c2630eb
MS		 1622 if (r != 0) {
1623 log_open();
23635a85
ZJS		 1624 log_struct(LOG_ERR, MESSAGE_ID(SD_MESSAGE_SPAWN_FAILED),
1625 "EXECUTABLE=%s", command->path,
1626 "MESSAGE=Failed at step %s spawning %s: %s",
1627 exit_status_to_string(r, EXIT_STATUS_SYSTEMD),
1628 command->path, strerror(-err),
1629 "ERRNO=%d", -err,
1630 NULL);
1631 log_close();
4c2630eb
MS		 1632 }
1633
034c6ed7
LP		 1634 _exit(r);
1635 }
1636
bbc9006e 1637 log_struct_unit(LOG_DEBUG,
e62d8c39
ZJS		 1638 unit_id,
1639 "MESSAGE=Forked %s as %lu",
1640 command->path, (unsigned long) pid,
1641 NULL);
23635a85 1642
80876c20
LP		 1643 /* We add the new process to the cgroup both in the child (so
1644 * that we can be sure that no user code is ever executed
1645 * outside of the cgroup) and in the parent (so that we can be
1646 * sure that when we kill the cgroup the process will be
1647 * killed too). */
4ad49000
LP		 1648 if (cgroup_path)
1649 cg_attach(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, pid);
2da3263a 1650
b58b4116 1651 exec_status_start(&command->exec_status, pid);
9fb86720 1652
034c6ed7 1653 *ret = pid;
5cb5a6ff
LP		 1654 return 0;
1655}
1656
034c6ed7
LP		 1657void exec_context_init(ExecContext *c) {
1658 assert(c);
1659
4c12626c 1660 c->umask = 0022;
9eba9da4 1661 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
94f04347 1662 c->cpu_sched_policy = SCHED_OTHER;
071830ff 1663 c->syslog_priority = LOG_DAEMON|LOG_INFO;
74922904 1664 c->syslog_level_prefix = true;
353e12c2 1665 c->ignore_sigpipe = true;
d88a251b 1666 c->timer_slack_nsec = (nsec_t) -1;
034c6ed7
LP		 1667}
1668
613b411c 1669void exec_context_done(ExecContext *c) {
5cb5a6ff
LP		 1670 unsigned l;
1671
1672 assert(c);
1673
1674 strv_free(c->environment);
034c6ed7 1675 c->environment = NULL;
5cb5a6ff 1676
8c7be95e
LP		 1677 strv_free(c->environment_files);
1678 c->environment_files = NULL;
1679
034c6ed7 1680 for (l = 0; l < ELEMENTSOF(c->rlimit); l++) {
5cb5a6ff 1681 free(c->rlimit[l]);
034c6ed7
LP		 1682 c->rlimit[l] = NULL;
1683 }
1684
9eba9da4
LP		 1685 free(c->working_directory);
1686 c->working_directory = NULL;
1687 free(c->root_directory);
1688 c->root_directory = NULL;
5cb5a6ff 1689
80876c20
LP		 1690 free(c->tty_path);
1691 c->tty_path = NULL;
1692
df1f0afe
LP		 1693 free(c->tcpwrap_name);
1694 c->tcpwrap_name = NULL;
1695
071830ff
LP		 1696 free(c->syslog_identifier);
1697 c->syslog_identifier = NULL;
1698
5cb5a6ff 1699 free(c->user);
034c6ed7
LP		 1700 c->user = NULL;
1701
5cb5a6ff 1702 free(c->group);
034c6ed7
LP		 1703 c->group = NULL;
1704
1705 strv_free(c->supplementary_groups);
1706 c->supplementary_groups = NULL;
94f04347 1707
5b6319dc
LP		 1708 free(c->pam_name);
1709 c->pam_name = NULL;
1710
94f04347
LP		 1711 if (c->capabilities) {
1712 cap_free(c->capabilities);
1713 c->capabilities = NULL;
1714 }
15ae422b
LP		 1715
1716 strv_free(c->read_only_dirs);
1717 c->read_only_dirs = NULL;
1718
1719 strv_free(c->read_write_dirs);
1720 c->read_write_dirs = NULL;
1721
1722 strv_free(c->inaccessible_dirs);
1723 c->inaccessible_dirs = NULL;
82c121a4
LP		 1724
1725 if (c->cpuset)
1726 CPU_FREE(c->cpuset);
86a3475b
LP		 1727
1728 free(c->utmp_id);
1729 c->utmp_id = NULL;
b9a0e010
LP		 1730
1731 free(c->syscall_filter);
1732 c->syscall_filter = NULL;
5cb5a6ff
LP		 1733}
1734
43d0fcbd
LP		 1735void exec_command_done(ExecCommand *c) {
1736 assert(c);
1737
1738 free(c->path);
1739 c->path = NULL;
1740
1741 strv_free(c->argv);
1742 c->argv = NULL;
1743}
1744
1745void exec_command_done_array(ExecCommand *c, unsigned n) {
1746 unsigned i;
1747
1748 for (i = 0; i < n; i++)
1749 exec_command_done(c+i);
1750}
1751
5cb5a6ff
LP		 1752void exec_command_free_list(ExecCommand *c) {
1753 ExecCommand *i;
1754
1755 while ((i = c)) {
71fda00f 1756 LIST_REMOVE(command, c, i);
43d0fcbd 1757 exec_command_done(i);
5cb5a6ff
LP		 1758 free(i);
1759 }
1760}
1761
034c6ed7
LP		 1762void exec_command_free_array(ExecCommand **c, unsigned n) {
1763 unsigned i;
1764
1765 for (i = 0; i < n; i++) {
1766 exec_command_free_list(c[i]);
1767 c[i] = NULL;
1768 }
1769}
1770
8c7be95e
LP		 1771int exec_context_load_environment(const ExecContext *c, char ***l) {
1772 char **i, **r = NULL;
1773
1774 assert(c);
1775 assert(l);
1776
1777 STRV_FOREACH(i, c->environment_files) {
1778 char *fn;
1779 int k;
1780 bool ignore = false;
1781 char **p;
7fd1b19b 1782 _cleanup_globfree_ glob_t pglob = {};
2bef10ab 1783 int count, n;
8c7be95e
LP		 1784
1785 fn = *i;
1786
1787 if (fn[0] == '-') {
1788 ignore = true;
1789 fn ++;
1790 }
1791
1792 if (!path_is_absolute(fn)) {
8c7be95e
LP		 1793 if (ignore)
1794 continue;
1795
1796 strv_free(r);
1797 return -EINVAL;
1798 }
1799
2bef10ab 1800 /* Filename supports globbing, take all matching files */
2bef10ab
PL		 1801 errno = 0;
1802 if (glob(fn, 0, NULL, &pglob) != 0) {
2bef10ab
PL		 1803 if (ignore)
1804 continue;
8c7be95e 1805
2bef10ab
PL		 1806 strv_free(r);
1807 return errno ? -errno : -EINVAL;
1808 }
1809 count = pglob.gl_pathc;
1810 if (count == 0) {
8c7be95e
LP		 1811 if (ignore)
1812 continue;
1813
1814 strv_free(r);
2bef10ab 1815 return -EINVAL;
8c7be95e 1816 }
2bef10ab 1817 for (n = 0; n < count; n++) {
f73141d7 1818 k = load_env_file(pglob.gl_pathv[n], NULL, &p);
2bef10ab
PL		 1819 if (k < 0) {
1820 if (ignore)
1821 continue;
8c7be95e 1822
2bef10ab 1823 strv_free(r);
2bef10ab 1824 return k;
e9c1ea9d 1825 }
ebc05a09 1826 /* Log invalid environment variables with filename */
e9c1ea9d
JSJ		 1827 if (p)
1828 p = strv_env_clean_log(p, pglob.gl_pathv[n]);
8c7be95e 1829
2bef10ab
PL		 1830 if (r == NULL)
1831 r = p;
1832 else {
1833 char **m;
8c7be95e 1834
2bef10ab
PL		 1835 m = strv_env_merge(2, r, p);
1836 strv_free(r);
1837 strv_free(p);
c84a9488 1838 if (!m)
2bef10ab 1839 return -ENOMEM;
2bef10ab
PL		 1840
1841 r = m;
1842 }
8c7be95e
LP		 1843 }
1844 }
1845
1846 *l = r;
1847
1848 return 0;
1849}
1850
6ac8fdc9
MS		 1851static bool tty_may_match_dev_console(const char *tty) {
1852 char *active = NULL, *console;
1853 bool b;
1854
1855 if (startswith(tty, "/dev/"))
1856 tty += 5;
1857
1858 /* trivial identity? */
1859 if (streq(tty, "console"))
1860 return true;
1861
1862 console = resolve_dev_console(&active);
1863 /* if we could not resolve, assume it may */
1864 if (!console)
1865 return true;
1866
1867 /* "tty0" means the active VC, so it may be the same sometimes */
1868 b = streq(console, tty) || (streq(console, "tty0") && tty_is_vc(tty));
1869 free(active);
1870
1871 return b;
1872}
1873
1874bool exec_context_may_touch_console(ExecContext *ec) {
1875 return (ec->tty_reset || ec->tty_vhangup || ec->tty_vt_disallocate ||
1876 is_terminal_input(ec->std_input) ||
1877 is_terminal_output(ec->std_output) ||
1878 is_terminal_output(ec->std_error)) &&
1879 tty_may_match_dev_console(tty_path(ec));
1880}
1881
15ae422b
LP		 1882static void strv_fprintf(FILE *f, char **l) {
1883 char **g;
1884
1885 assert(f);
1886
1887 STRV_FOREACH(g, l)
1888 fprintf(f, " %s", *g);
1889}
1890
5cb5a6ff 1891void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
507f22bd 1892 char **e;
94f04347 1893 unsigned i;
9eba9da4 1894
5cb5a6ff
LP		 1895 assert(c);
1896 assert(f);
1897
4ad49000 1898 prefix = strempty(prefix);
5cb5a6ff
LP		 1899
1900 fprintf(f,
94f04347
LP		 1901 "%sUMask: %04o\n"
1902 "%sWorkingDirectory: %s\n"
451a074f 1903 "%sRootDirectory: %s\n"
15ae422b 1904 "%sNonBlocking: %s\n"
64747e2d 1905 "%sPrivateTmp: %s\n"
4819ff03
LP		 1906 "%sPrivateNetwork: %s\n"
1907 "%sIgnoreSIGPIPE: %s\n",
5cb5a6ff 1908 prefix, c->umask,
9eba9da4 1909 prefix, c->working_directory ? c->working_directory : "/",
451a074f 1910 prefix, c->root_directory ? c->root_directory : "/",
15ae422b 1911 prefix, yes_no(c->non_blocking),
64747e2d 1912 prefix, yes_no(c->private_tmp),
4819ff03
LP		 1913 prefix, yes_no(c->private_network),
1914 prefix, yes_no(c->ignore_sigpipe));
fb33a393 1915
8c7be95e
LP		 1916 STRV_FOREACH(e, c->environment)
1917 fprintf(f, "%sEnvironment: %s\n", prefix, *e);
1918
1919 STRV_FOREACH(e, c->environment_files)
1920 fprintf(f, "%sEnvironmentFile: %s\n", prefix, *e);
94f04347 1921
df1f0afe
LP		 1922 if (c->tcpwrap_name)
1923 fprintf(f,
1924 "%sTCPWrapName: %s\n",
1925 prefix, c->tcpwrap_name);
1926
fb33a393
LP		 1927 if (c->nice_set)
1928 fprintf(f,
1929 "%sNice: %i\n",
1930 prefix, c->nice);
1931
dd6c17b1 1932 if (c->oom_score_adjust_set)
fb33a393 1933 fprintf(f,
dd6c17b1
LP		 1934 "%sOOMScoreAdjust: %i\n",
1935 prefix, c->oom_score_adjust);
9eba9da4 1936
94f04347
LP		 1937 for (i = 0; i < RLIM_NLIMITS; i++)
1938 if (c->rlimit[i])
ea430986 1939 fprintf(f, "%s%s: %llu\n", prefix, rlimit_to_string(i), (unsigned long long) c->rlimit[i]->rlim_max);
94f04347 1940
f8b69d1d
MS		 1941 if (c->ioprio_set) {
1942 char *class_str;
1943 int r;
1944
1945 r = ioprio_class_to_string_alloc(IOPRIO_PRIO_CLASS(c->ioprio), &class_str);
1946 if (r < 0)
1947 class_str = NULL;
9eba9da4
LP		 1948 fprintf(f,
1949 "%sIOSchedulingClass: %s\n"
1950 "%sIOPriority: %i\n",
f8b69d1d 1951 prefix, strna(class_str),
9eba9da4 1952 prefix, (int) IOPRIO_PRIO_DATA(c->ioprio));
f8b69d1d
MS		 1953 free(class_str);
1954 }
94f04347 1955
f8b69d1d
MS		 1956 if (c->cpu_sched_set) {
1957 char *policy_str;
1958 int r;
1959
1960 r = sched_policy_to_string_alloc(c->cpu_sched_policy, &policy_str);
1961 if (r < 0)
1962 policy_str = NULL;
94f04347
LP		 1963 fprintf(f,
1964 "%sCPUSchedulingPolicy: %s\n"
38b48754
LP		 1965 "%sCPUSchedulingPriority: %i\n"
1966 "%sCPUSchedulingResetOnFork: %s\n",
f8b69d1d 1967 prefix, strna(policy_str),
38b48754
LP		 1968 prefix, c->cpu_sched_priority,
1969 prefix, yes_no(c->cpu_sched_reset_on_fork));
f8b69d1d 1970 free(policy_str);
b929bf04 1971 }
94f04347 1972
82c121a4 1973 if (c->cpuset) {
94f04347 1974 fprintf(f, "%sCPUAffinity:", prefix);
82c121a4
LP		 1975 for (i = 0; i < c->cpuset_ncpus; i++)
1976 if (CPU_ISSET_S(i, CPU_ALLOC_SIZE(c->cpuset_ncpus), c->cpuset))
94f04347
LP		 1977 fprintf(f, " %i", i);
1978 fputs("\n", f);
1979 }
1980
d88a251b 1981 if (c->timer_slack_nsec != (nsec_t) -1)
f96096db 1982 fprintf(f, "%sTimerSlackNSec: %lu\n", prefix, (unsigned long)c->timer_slack_nsec);
94f04347
LP		 1983
1984 fprintf(f,
80876c20
LP		 1985 "%sStandardInput: %s\n"
1986 "%sStandardOutput: %s\n"
1987 "%sStandardError: %s\n",
1988 prefix, exec_input_to_string(c->std_input),
1989 prefix, exec_output_to_string(c->std_output),
1990 prefix, exec_output_to_string(c->std_error));
1991
1992 if (c->tty_path)
1993 fprintf(f,
6ea832a2
LP		 1994 "%sTTYPath: %s\n"
1995 "%sTTYReset: %s\n"
1996 "%sTTYVHangup: %s\n"
1997 "%sTTYVTDisallocate: %s\n",
1998 prefix, c->tty_path,
1999 prefix, yes_no(c->tty_reset),
2000 prefix, yes_no(c->tty_vhangup),
2001 prefix, yes_no(c->tty_vt_disallocate));
94f04347 2002
706343f4
LP		 2003 if (c->std_output == EXEC_OUTPUT_SYSLOG || c->std_output == EXEC_OUTPUT_KMSG || c->std_output == EXEC_OUTPUT_JOURNAL ||
2004 c->std_output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE || c->std_output == EXEC_OUTPUT_KMSG_AND_CONSOLE || c->std_output == EXEC_OUTPUT_JOURNAL_AND_CONSOLE ||
2005 c->std_error == EXEC_OUTPUT_SYSLOG || c->std_error == EXEC_OUTPUT_KMSG || c->std_error == EXEC_OUTPUT_JOURNAL ||
f8b69d1d
MS		 2006 c->std_error == EXEC_OUTPUT_SYSLOG_AND_CONSOLE || c->std_error == EXEC_OUTPUT_KMSG_AND_CONSOLE || c->std_error == EXEC_OUTPUT_JOURNAL_AND_CONSOLE) {
2007 char *fac_str, *lvl_str;
2008 int r;
2009
2010 r = log_facility_unshifted_to_string_alloc(c->syslog_priority >> 3, &fac_str);
2011 if (r < 0)
2012 fac_str = NULL;
2013
2014 r = log_level_to_string_alloc(LOG_PRI(c->syslog_priority), &lvl_str);
2015 if (r < 0)
2016 lvl_str = NULL;
2017
94f04347
LP		 2018 fprintf(f,
2019 "%sSyslogFacility: %s\n"
2020 "%sSyslogLevel: %s\n",
f8b69d1d
MS		 2021 prefix, strna(fac_str),
2022 prefix, strna(lvl_str));
2023 free(lvl_str);
2024 free(fac_str);
2025 }
94f04347
LP		 2026
2027 if (c->capabilities) {
2028 char *t;
2029 if ((t = cap_to_text(c->capabilities, NULL))) {
2030 fprintf(f, "%sCapabilities: %s\n",
2031 prefix, t);
2032 cap_free(t);
2033 }
2034 }
2035
2036 if (c->secure_bits)
2037 fprintf(f, "%sSecure Bits:%s%s%s%s%s%s\n",
2038 prefix,
cbb21cca
ZJS		 2039 (c->secure_bits & 1<<SECURE_KEEP_CAPS) ? " keep-caps" : "",
2040 (c->secure_bits & 1<<SECURE_KEEP_CAPS_LOCKED) ? " keep-caps-locked" : "",
2041 (c->secure_bits & 1<<SECURE_NO_SETUID_FIXUP) ? " no-setuid-fixup" : "",
2042 (c->secure_bits & 1<<SECURE_NO_SETUID_FIXUP_LOCKED) ? " no-setuid-fixup-locked" : "",
2043 (c->secure_bits & 1<<SECURE_NOROOT) ? " noroot" : "",
2044 (c->secure_bits & 1<<SECURE_NOROOT_LOCKED) ? "noroot-locked" : "");
94f04347
LP		 2045
2046 if (c->capability_bounding_set_drop) {
ae556c21 2047 unsigned long l;
260abb78 2048 fprintf(f, "%sCapabilityBoundingSet:", prefix);
94f04347 2049
64685e0c 2050 for (l = 0; l <= cap_last_cap(); l++)
ae556c21 2051 if (!(c->capability_bounding_set_drop & ((uint64_t) 1ULL << (uint64_t) l))) {
94f04347
LP		 2052 char *t;
2053
ae556c21 2054 if ((t = cap_to_name(l))) {
94f04347 2055 fprintf(f, " %s", t);
260abb78 2056 cap_free(t);
94f04347
LP		 2057 }
2058 }
2059
2060 fputs("\n", f);
2061 }
2062
2063 if (c->user)
f2d3769a 2064 fprintf(f, "%sUser: %s\n", prefix, c->user);
94f04347 2065 if (c->group)
f2d3769a 2066 fprintf(f, "%sGroup: %s\n", prefix, c->group);
94f04347 2067
15ae422b 2068 if (strv_length(c->supplementary_groups) > 0) {
94f04347 2069 fprintf(f, "%sSupplementaryGroups:", prefix);
15ae422b
LP		 2070 strv_fprintf(f, c->supplementary_groups);
2071 fputs("\n", f);
2072 }
94f04347 2073
5b6319dc 2074 if (c->pam_name)
f2d3769a 2075 fprintf(f, "%sPAMName: %s\n", prefix, c->pam_name);
5b6319dc 2076
15ae422b
LP		 2077 if (strv_length(c->read_write_dirs) > 0) {
2078 fprintf(f, "%sReadWriteDirs:", prefix);
2079 strv_fprintf(f, c->read_write_dirs);
2080 fputs("\n", f);
2081 }
2082
2083 if (strv_length(c->read_only_dirs) > 0) {
2084 fprintf(f, "%sReadOnlyDirs:", prefix);
2085 strv_fprintf(f, c->read_only_dirs);
2086 fputs("\n", f);
2087 }
94f04347 2088
15ae422b
LP		 2089 if (strv_length(c->inaccessible_dirs) > 0) {
2090 fprintf(f, "%sInaccessibleDirs:", prefix);
2091 strv_fprintf(f, c->inaccessible_dirs);
94f04347
LP		 2092 fputs("\n", f);
2093 }
2e22afe9 2094
169c1bda
LP		 2095 if (c->utmp_id)
2096 fprintf(f,
2097 "%sUtmpIdentifier: %s\n",
2098 prefix, c->utmp_id);
5cb5a6ff
LP		 2099}
2100
b58b4116 2101void exec_status_start(ExecStatus *s, pid_t pid) {
034c6ed7 2102 assert(s);
5cb5a6ff 2103
b58b4116
LP		 2104 zero(*s);
2105 s->pid = pid;
2106 dual_timestamp_get(&s->start_timestamp);
2107}
2108
6ea832a2 2109void exec_status_exit(ExecStatus *s, ExecContext *context, pid_t pid, int code, int status) {
b58b4116
LP		 2110 assert(s);
2111
0b1f4ae6 2112 if (s->pid && s->pid != pid)
b58b4116
LP		 2113 zero(*s);
2114
034c6ed7 2115 s->pid = pid;
63983207 2116 dual_timestamp_get(&s->exit_timestamp);
9fb86720 2117
034c6ed7
LP		 2118 s->code = code;
2119 s->status = status;
169c1bda 2120
6ea832a2
LP		 2121 if (context) {
2122 if (context->utmp_id)
2123 utmp_put_dead_process(context->utmp_id, pid, code, status);
2124
2125 exec_context_tty_reset(context);
2126 }
9fb86720
LP		 2127}
2128
2129void exec_status_dump(ExecStatus *s, FILE *f, const char *prefix) {
2130 char buf[FORMAT_TIMESTAMP_MAX];
2131
2132 assert(s);
2133 assert(f);
2134
2135 if (!prefix)
2136 prefix = "";
2137
2138 if (s->pid <= 0)
2139 return;
2140
2141 fprintf(f,
bb00e604
LP		 2142 "%sPID: %lu\n",
2143 prefix, (unsigned long) s->pid);
9fb86720 2144
63983207 2145 if (s->start_timestamp.realtime > 0)
9fb86720
LP		 2146 fprintf(f,
2147 "%sStart Timestamp: %s\n",
63983207 2148 prefix, format_timestamp(buf, sizeof(buf), s->start_timestamp.realtime));
9fb86720 2149
63983207 2150 if (s->exit_timestamp.realtime > 0)
9fb86720
LP		 2151 fprintf(f,
2152 "%sExit Timestamp: %s\n"
2153 "%sExit Code: %s\n"
2154 "%sExit Status: %i\n",
63983207 2155 prefix, format_timestamp(buf, sizeof(buf), s->exit_timestamp.realtime),
9fb86720
LP		 2156 prefix, sigchld_code_to_string(s->code),
2157 prefix, s->status);
5cb5a6ff 2158}
44d8db9e 2159
9e2f7c11 2160char *exec_command_line(char **argv) {
44d8db9e
LP		 2161 size_t k;
2162 char *n, *p, **a;
2163 bool first = true;
2164
9e2f7c11 2165 assert(argv);
44d8db9e 2166
9164977d 2167 k = 1;
9e2f7c11 2168 STRV_FOREACH(a, argv)
44d8db9e
LP		 2169 k += strlen(*a)+3;
2170
2171 if (!(n = new(char, k)))
2172 return NULL;
2173
2174 p = n;
9e2f7c11 2175 STRV_FOREACH(a, argv) {
44d8db9e
LP		 2176
2177 if (!first)
2178 *(p++) = ' ';
2179 else
2180 first = false;
2181
2182 if (strpbrk(*a, WHITESPACE)) {
2183 *(p++) = '\'';
2184 p = stpcpy(p, *a);
2185 *(p++) = '\'';
2186 } else
2187 p = stpcpy(p, *a);
2188
2189 }
2190
9164977d
LP		 2191 *p = 0;
2192
44d8db9e
LP		 2193 /* FIXME: this doesn't really handle arguments that have
2194 * spaces and ticks in them */
2195
2196 return n;
2197}
2198
2199void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix) {
9fb86720
LP		 2200 char *p2;
2201 const char *prefix2;
2202
44d8db9e
LP		 2203 char *cmd;
2204
2205 assert(c);
2206 assert(f);
2207
2208 if (!prefix)
2209 prefix = "";
9fb86720
LP		 2210 p2 = strappend(prefix, "\t");
2211 prefix2 = p2 ? p2 : prefix;
44d8db9e 2212
9e2f7c11 2213 cmd = exec_command_line(c->argv);
44d8db9e
LP		 2214
2215 fprintf(f,
2216 "%sCommand Line: %s\n",
2217 prefix, cmd ? cmd : strerror(ENOMEM));
2218
2219 free(cmd);
9fb86720
LP		 2220
2221 exec_status_dump(&c->exec_status, f, prefix2);
2222
2223 free(p2);
44d8db9e
LP		 2224}
2225
2226void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix) {
2227 assert(f);
2228
2229 if (!prefix)
2230 prefix = "";
2231
2232 LIST_FOREACH(command, c, c)
2233 exec_command_dump(c, f, prefix);
2234}
94f04347 2235
a6a80b4f
LP		 2236void exec_command_append_list(ExecCommand **l, ExecCommand *e) {
2237 ExecCommand *end;
2238
2239 assert(l);
2240 assert(e);
2241
2242 if (*l) {
35b8ca3a 2243 /* It's kind of important, that we keep the order here */
71fda00f
LP		 2244 LIST_FIND_TAIL(command, *l, end);
2245 LIST_INSERT_AFTER(command, *l, end, e);
a6a80b4f
LP		 2246 } else
2247 *l = e;
2248}
2249
26fd040d
LP		 2250int exec_command_set(ExecCommand *c, const char *path, ...) {
2251 va_list ap;
2252 char **l, *p;
2253
2254 assert(c);
2255 assert(path);
2256
2257 va_start(ap, path);
2258 l = strv_new_ap(path, ap);
2259 va_end(ap);
2260
2261 if (!l)
2262 return -ENOMEM;
2263
250a918d
LP		 2264 p = strdup(path);
2265 if (!p) {
26fd040d
LP		 2266 strv_free(l);
2267 return -ENOMEM;
2268 }
2269
2270 free(c->path);
2271 c->path = p;
2272
2273 strv_free(c->argv);
2274 c->argv = l;
2275
2276 return 0;
2277}
2278
613b411c
LP		 2279static int exec_runtime_allocate(ExecRuntime **rt) {
2280
2281 if (*rt)
2282 return 0;
2283
2284 *rt = new0(ExecRuntime, 1);
2285 if (!rt)
2286 return -ENOMEM;
2287
2288 (*rt)->n_ref = 1;
2289 (*rt)->netns_storage_socket[0] = (*rt)->netns_storage_socket[1] = -1;
2290
2291 return 0;
2292}
2293
2294int exec_runtime_make(ExecRuntime **rt, ExecContext *c, const char *id) {
2295 int r;
2296
2297 assert(rt);
2298 assert(c);
2299 assert(id);
2300
2301 if (*rt)
2302 return 1;
2303
2304 if (!c->private_network && !c->private_tmp)
2305 return 0;
2306
2307 r = exec_runtime_allocate(rt);
2308 if (r < 0)
2309 return r;
2310
2311 if (c->private_network && (*rt)->netns_storage_socket[0] < 0) {
2312 if (socketpair(AF_UNIX, SOCK_DGRAM, 0, (*rt)->netns_storage_socket) < 0)
2313 return -errno;
2314 }
2315
2316 if (c->private_tmp && !(*rt)->tmp_dir) {
2317 r = setup_tmp_dirs(id, &(*rt)->tmp_dir, &(*rt)->var_tmp_dir);
2318 if (r < 0)
2319 return r;
2320 }
2321
2322 return 1;
2323}
2324
2325ExecRuntime *exec_runtime_ref(ExecRuntime *r) {
2326 assert(r);
2327 assert(r->n_ref > 0);
2328
2329 r->n_ref++;
2330 return r;
2331}
2332
2333ExecRuntime *exec_runtime_unref(ExecRuntime *r) {
2334
2335 if (!r)
2336 return NULL;
2337
2338 assert(r->n_ref > 0);
2339
2340 r->n_ref--;
2341 if (r->n_ref <= 0) {
2342 free(r->tmp_dir);
2343 free(r->var_tmp_dir);
2344 close_pipe(r->netns_storage_socket);
2345 free(r);
2346 }
2347
2348 return NULL;
2349}
2350
2351int exec_runtime_serialize(ExecRuntime *rt, Unit *u, FILE *f, FDSet *fds) {
2352 assert(u);
2353 assert(f);
2354 assert(fds);
2355
2356 if (!rt)
2357 return 0;
2358
2359 if (rt->tmp_dir)
2360 unit_serialize_item(u, f, "tmp-dir", rt->tmp_dir);
2361
2362 if (rt->var_tmp_dir)
2363 unit_serialize_item(u, f, "var-tmp-dir", rt->var_tmp_dir);
2364
2365 if (rt->netns_storage_socket[0] >= 0) {
2366 int copy;
2367
2368 copy = fdset_put_dup(fds, rt->netns_storage_socket[0]);
2369 if (copy < 0)
2370 return copy;
2371
2372 unit_serialize_item_format(u, f, "netns-socket-0", "%i", copy);
2373 }
2374
2375 if (rt->netns_storage_socket[1] >= 0) {
2376 int copy;
2377
2378 copy = fdset_put_dup(fds, rt->netns_storage_socket[1]);
2379 if (copy < 0)
2380 return copy;
2381
2382 unit_serialize_item_format(u, f, "netns-socket-1", "%i", copy);
2383 }
2384
2385 return 0;
2386}
2387
2388int exec_runtime_deserialize_item(ExecRuntime **rt, Unit *u, const char *key, const char *value, FDSet *fds) {
2389 int r;
2390
2391 assert(rt);
2392 assert(key);
2393 assert(value);
2394
2395 if (streq(key, "tmp-dir")) {
2396 char *copy;
2397
2398 r = exec_runtime_allocate(rt);
2399 if (r < 0)
2400 return r;
2401
2402 copy = strdup(value);
2403 if (!copy)
2404 return log_oom();
2405
2406 free((*rt)->tmp_dir);
2407 (*rt)->tmp_dir = copy;
2408
2409 } else if (streq(key, "var-tmp-dir")) {
2410 char *copy;
2411
2412 r = exec_runtime_allocate(rt);
2413 if (r < 0)
2414 return r;
2415
2416 copy = strdup(value);
2417 if (!copy)
2418 return log_oom();
2419
2420 free((*rt)->var_tmp_dir);
2421 (*rt)->var_tmp_dir = copy;
2422
2423 } else if (streq(key, "netns-socket-0")) {
2424 int fd;
2425
2426 r = exec_runtime_allocate(rt);
2427 if (r < 0)
2428 return r;
2429
2430 if (safe_atoi(value, &fd) < 0 || !fdset_contains(fds, fd))
2431 log_debug_unit(u->id, "Failed to parse netns socket value %s", value);
2432 else {
2433 if ((*rt)->netns_storage_socket[0] >= 0)
2434 close_nointr_nofail((*rt)->netns_storage_socket[0]);
2435
2436 (*rt)->netns_storage_socket[0] = fdset_remove(fds, fd);
2437 }
2438 } else if (streq(key, "netns-socket-1")) {
2439 int fd;
2440
2441 r = exec_runtime_allocate(rt);
2442 if (r < 0)
2443 return r;
2444
2445 if (safe_atoi(value, &fd) < 0 || !fdset_contains(fds, fd))
2446 log_debug_unit(u->id, "Failed to parse netns socket value %s", value);
2447 else {
2448 if ((*rt)->netns_storage_socket[1] >= 0)
2449 close_nointr_nofail((*rt)->netns_storage_socket[1]);
2450
2451 (*rt)->netns_storage_socket[1] = fdset_remove(fds, fd);
2452 }
2453 } else
2454 return 0;
2455
2456 return 1;
2457}
2458
2459static void *remove_tmpdir_thread(void *p) {
2460 _cleanup_free_ char *path = p;
2461
2462 rm_rf_dangerous(path, false, true, false);
2463 return NULL;
2464}
2465
2466void exec_runtime_destroy(ExecRuntime *rt) {
2467 if (!rt)
2468 return;
2469
2470 /* If there are multiple users of this, let's leave the stuff around */
2471 if (rt->n_ref > 1)
2472 return;
2473
2474 if (rt->tmp_dir) {
2475 log_debug("Spawning thread to nuke %s", rt->tmp_dir);
2476 asynchronous_job(remove_tmpdir_thread, rt->tmp_dir);
2477 rt->tmp_dir = NULL;
2478 }
2479
2480 if (rt->var_tmp_dir) {
2481 log_debug("Spawning thread to nuke %s", rt->var_tmp_dir);
2482 asynchronous_job(remove_tmpdir_thread, rt->var_tmp_dir);
2483 rt->var_tmp_dir = NULL;
2484 }
2485
2486 close_pipe(rt->netns_storage_socket);
2487}
2488
80876c20
LP		 2489static const char* const exec_input_table[_EXEC_INPUT_MAX] = {
2490 [EXEC_INPUT_NULL] = "null",
2491 [EXEC_INPUT_TTY] = "tty",
2492 [EXEC_INPUT_TTY_FORCE] = "tty-force",
4f2d528d
LP		 2493 [EXEC_INPUT_TTY_FAIL] = "tty-fail",
2494 [EXEC_INPUT_SOCKET] = "socket"
80876c20
LP		 2495};
2496
8a0867d6
LP		 2497DEFINE_STRING_TABLE_LOOKUP(exec_input, ExecInput);
2498
94f04347 2499static const char* const exec_output_table[_EXEC_OUTPUT_MAX] = {
80876c20 2500 [EXEC_OUTPUT_INHERIT] = "inherit",
94f04347 2501 [EXEC_OUTPUT_NULL] = "null",
80876c20 2502 [EXEC_OUTPUT_TTY] = "tty",
94f04347 2503 [EXEC_OUTPUT_SYSLOG] = "syslog",
28dbc1e8 2504 [EXEC_OUTPUT_SYSLOG_AND_CONSOLE] = "syslog+console",
9a6bca7a 2505 [EXEC_OUTPUT_KMSG] = "kmsg",
28dbc1e8 2506 [EXEC_OUTPUT_KMSG_AND_CONSOLE] = "kmsg+console",
706343f4
LP		 2507 [EXEC_OUTPUT_JOURNAL] = "journal",
2508 [EXEC_OUTPUT_JOURNAL_AND_CONSOLE] = "journal+console",
4f2d528d 2509 [EXEC_OUTPUT_SOCKET] = "socket"
94f04347
LP		 2510};
2511
2512DEFINE_STRING_TABLE_LOOKUP(exec_output, ExecOutput);
Unnamed repository; edit this file 'description' to name the repository.