]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
c2f1db8f | 2 | #pragma once |
5cb5a6ff LP |
3 | |
4 | typedef struct ExecStatus ExecStatus; | |
5 | typedef struct ExecCommand ExecCommand; | |
6 | typedef struct ExecContext ExecContext; | |
613b411c | 7 | typedef struct ExecRuntime ExecRuntime; |
9fa95f85 | 8 | typedef struct ExecParameters ExecParameters; |
e8a565cb | 9 | typedef struct Manager Manager; |
5cb5a6ff | 10 | |
71d35b6b | 11 | #include <sched.h> |
5cb5a6ff LP |
12 | #include <stdbool.h> |
13 | #include <stdio.h> | |
71d35b6b | 14 | #include <sys/capability.h> |
5cb5a6ff | 15 | |
9ce93478 | 16 | #include "cgroup-util.h" |
0985c7c4 | 17 | #include "cpu-set-util.h" |
b3d59367 | 18 | #include "exec-util.h" |
613b411c | 19 | #include "fdset.h" |
71d35b6b | 20 | #include "list.h" |
e93672ee | 21 | #include "missing_resource.h" |
417116f2 | 22 | #include "namespace.h" |
add00535 | 23 | #include "nsflags.h" |
ca78ad1d | 24 | #include "time-util.h" |
5cb5a6ff | 25 | |
08f3be7a LP |
26 | #define EXEC_STDIN_DATA_MAX (64U*1024U*1024U) |
27 | ||
023a4f67 LP |
28 | typedef enum ExecUtmpMode { |
29 | EXEC_UTMP_INIT, | |
30 | EXEC_UTMP_LOGIN, | |
31 | EXEC_UTMP_USER, | |
32 | _EXEC_UTMP_MODE_MAX, | |
2307f37e | 33 | _EXEC_UTMP_MODE_INVALID = -1 |
023a4f67 LP |
34 | } ExecUtmpMode; |
35 | ||
80876c20 LP |
36 | typedef enum ExecInput { |
37 | EXEC_INPUT_NULL, | |
38 | EXEC_INPUT_TTY, | |
39 | EXEC_INPUT_TTY_FORCE, | |
40 | EXEC_INPUT_TTY_FAIL, | |
4f2d528d | 41 | EXEC_INPUT_SOCKET, |
52c239d7 | 42 | EXEC_INPUT_NAMED_FD, |
08f3be7a | 43 | EXEC_INPUT_DATA, |
2038c3f5 | 44 | EXEC_INPUT_FILE, |
80876c20 LP |
45 | _EXEC_INPUT_MAX, |
46 | _EXEC_INPUT_INVALID = -1 | |
47 | } ExecInput; | |
48 | ||
071830ff | 49 | typedef enum ExecOutput { |
80876c20 | 50 | EXEC_OUTPUT_INHERIT, |
94f04347 | 51 | EXEC_OUTPUT_NULL, |
80876c20 | 52 | EXEC_OUTPUT_TTY, |
94f04347 | 53 | EXEC_OUTPUT_SYSLOG, |
28dbc1e8 | 54 | EXEC_OUTPUT_SYSLOG_AND_CONSOLE, |
9a6bca7a | 55 | EXEC_OUTPUT_KMSG, |
28dbc1e8 | 56 | EXEC_OUTPUT_KMSG_AND_CONSOLE, |
706343f4 LP |
57 | EXEC_OUTPUT_JOURNAL, |
58 | EXEC_OUTPUT_JOURNAL_AND_CONSOLE, | |
4f2d528d | 59 | EXEC_OUTPUT_SOCKET, |
52c239d7 | 60 | EXEC_OUTPUT_NAMED_FD, |
2038c3f5 | 61 | EXEC_OUTPUT_FILE, |
566b7d23 | 62 | EXEC_OUTPUT_FILE_APPEND, |
94f04347 LP |
63 | _EXEC_OUTPUT_MAX, |
64 | _EXEC_OUTPUT_INVALID = -1 | |
071830ff LP |
65 | } ExecOutput; |
66 | ||
53f47dfc YW |
67 | typedef enum ExecPreserveMode { |
68 | EXEC_PRESERVE_NO, | |
69 | EXEC_PRESERVE_YES, | |
70 | EXEC_PRESERVE_RESTART, | |
71 | _EXEC_PRESERVE_MODE_MAX, | |
72 | _EXEC_PRESERVE_MODE_INVALID = -1 | |
73 | } ExecPreserveMode; | |
74 | ||
b1edf445 LP |
75 | typedef enum ExecKeyringMode { |
76 | EXEC_KEYRING_INHERIT, | |
77 | EXEC_KEYRING_PRIVATE, | |
78 | EXEC_KEYRING_SHARED, | |
79 | _EXEC_KEYRING_MODE_MAX, | |
80 | _EXEC_KEYRING_MODE_INVALID = -1, | |
81 | } ExecKeyringMode; | |
82 | ||
42cb05d5 | 83 | /* Contains start and exit information about an executed command. */ |
5cb5a6ff | 84 | struct ExecStatus { |
63983207 LP |
85 | dual_timestamp start_timestamp; |
86 | dual_timestamp exit_timestamp; | |
0a6991e0 | 87 | pid_t pid; |
9152c765 LP |
88 | int code; /* as in siginfo_t::si_code */ |
89 | int status; /* as in sigingo_t::si_status */ | |
5cb5a6ff LP |
90 | }; |
91 | ||
42cb05d5 | 92 | /* Stores information about commands we execute. Covers both configuration settings as well as runtime data. */ |
5cb5a6ff LP |
93 | struct ExecCommand { |
94 | char *path; | |
95 | char **argv; | |
034c6ed7 | 96 | ExecStatus exec_status; |
3ed0cd26 | 97 | ExecCommandFlags flags; |
034c6ed7 | 98 | LIST_FIELDS(ExecCommand, command); /* useful for chaining commands */ |
5cb5a6ff LP |
99 | }; |
100 | ||
42cb05d5 LP |
101 | /* Encapsulates certain aspects of the runtime environment that is to be shared between multiple otherwise separate |
102 | * invocations of commands. Specifically, this allows sharing of /tmp and /var/tmp data as well as network namespaces | |
103 | * between invocations of commands. This is a reference counted object, with one reference taken by each currently | |
104 | * active command invocation that wants to share this runtime. */ | |
613b411c | 105 | struct ExecRuntime { |
cf4b2f99 | 106 | unsigned n_ref; |
613b411c | 107 | |
e8a565cb YW |
108 | Manager *manager; |
109 | ||
42cb05d5 | 110 | char *id; /* Unit id of the owner */ |
e8a565cb | 111 | |
613b411c LP |
112 | char *tmp_dir; |
113 | char *var_tmp_dir; | |
114 | ||
29206d46 LP |
115 | /* An AF_UNIX socket pair, that contains a datagram containing a file descriptor referring to the network |
116 | * namespace. */ | |
613b411c LP |
117 | int netns_storage_socket[2]; |
118 | }; | |
119 | ||
3536f49e YW |
120 | typedef enum ExecDirectoryType { |
121 | EXEC_DIRECTORY_RUNTIME = 0, | |
122 | EXEC_DIRECTORY_STATE, | |
123 | EXEC_DIRECTORY_CACHE, | |
124 | EXEC_DIRECTORY_LOGS, | |
125 | EXEC_DIRECTORY_CONFIGURATION, | |
72fd1768 LP |
126 | _EXEC_DIRECTORY_TYPE_MAX, |
127 | _EXEC_DIRECTORY_TYPE_INVALID = -1, | |
3536f49e YW |
128 | } ExecDirectoryType; |
129 | ||
130 | typedef struct ExecDirectory { | |
131 | char **paths; | |
132 | mode_t mode; | |
133 | } ExecDirectory; | |
134 | ||
42cb05d5 LP |
135 | /* Encodes configuration parameters applied to invoked commands. Does not carry runtime data, but only configuration |
136 | * changes sourced from unit files and suchlike. ExecContext objects are usually embedded into Unit objects, and do not | |
137 | * change after being loaded. */ | |
5cb5a6ff LP |
138 | struct ExecContext { |
139 | char **environment; | |
8c7be95e | 140 | char **environment_files; |
b4c14404 | 141 | char **pass_environment; |
00819cc1 | 142 | char **unset_environment; |
8c7be95e | 143 | |
517d56b1 | 144 | struct rlimit *rlimit[_RLIMIT_MAX]; |
915e6d16 | 145 | char *working_directory, *root_directory, *root_image; |
0a6991e0 LP |
146 | bool working_directory_missing_ok:1; |
147 | bool working_directory_home:1; | |
148 | ||
149 | bool oom_score_adjust_set:1; | |
150 | bool nice_set:1; | |
151 | bool ioprio_set:1; | |
152 | bool cpu_sched_set:1; | |
153 | ||
154 | /* This is not exposed to the user but available internally. We need it to make sure that whenever we | |
155 | * spawn /usr/bin/mount it is run in the same process group as us so that the autofs logic detects | |
156 | * that it belongs to us and we don't enter a trigger loop. */ | |
157 | bool same_pgrp; | |
158 | ||
159 | bool cpu_sched_reset_on_fork; | |
160 | bool non_blocking; | |
9d58f1db LP |
161 | |
162 | mode_t umask; | |
dd6c17b1 | 163 | int oom_score_adjust; |
5cb5a6ff | 164 | int nice; |
9eba9da4 | 165 | int ioprio; |
94f04347 LP |
166 | int cpu_sched_policy; |
167 | int cpu_sched_priority; | |
9d58f1db | 168 | |
0985c7c4 | 169 | CPUSet cpu_set; |
fb33a393 | 170 | |
80876c20 LP |
171 | ExecInput std_input; |
172 | ExecOutput std_output; | |
173 | ExecOutput std_error; | |
0a6991e0 | 174 | bool stdio_as_fds; |
52c239d7 | 175 | char *stdio_fdname[3]; |
2038c3f5 | 176 | char *stdio_file[3]; |
80876c20 | 177 | |
08f3be7a LP |
178 | void *stdin_data; |
179 | size_t stdin_data_size; | |
80876c20 | 180 | |
d88a251b | 181 | nsec_t timer_slack_nsec; |
071830ff | 182 | |
9d58f1db | 183 | char *tty_path; |
5cb5a6ff | 184 | |
6ea832a2 LP |
185 | bool tty_reset; |
186 | bool tty_vhangup; | |
187 | bool tty_vt_disallocate; | |
188 | ||
353e12c2 LP |
189 | bool ignore_sigpipe; |
190 | ||
0a6991e0 LP |
191 | ExecKeyringMode keyring_mode; |
192 | ||
61233823 | 193 | /* Since resolving these names might involve socket |
5cb5a6ff | 194 | * connections and we don't want to deadlock ourselves these |
94f04347 LP |
195 | * names are resolved on execution only and in the child |
196 | * process. */ | |
5cb5a6ff LP |
197 | char *user; |
198 | char *group; | |
199 | char **supplementary_groups; | |
9d58f1db | 200 | |
5b6319dc LP |
201 | char *pam_name; |
202 | ||
169c1bda | 203 | char *utmp_id; |
023a4f67 | 204 | ExecUtmpMode utmp_mode; |
169c1bda | 205 | |
0a6991e0 | 206 | bool no_new_privileges; |
7b52a628 | 207 | |
0a6991e0 | 208 | bool selinux_context_ignore; |
eef65bf3 | 209 | bool apparmor_profile_ignore; |
2ca620c4 | 210 | bool smack_process_label_ignore; |
2ca620c4 | 211 | |
0a6991e0 LP |
212 | char *selinux_context; |
213 | char *apparmor_profile; | |
214 | char *smack_process_label; | |
b1edf445 | 215 | |
2a624c36 | 216 | char **read_write_paths, **read_only_paths, **inaccessible_paths; |
15ae422b | 217 | unsigned long mount_flags; |
d2d6c096 | 218 | BindMount *bind_mounts; |
da6053d0 | 219 | size_t n_bind_mounts; |
2abd4e38 | 220 | TemporaryFileSystem *temporary_filesystems; |
da6053d0 | 221 | size_t n_temporary_filesystems; |
15ae422b | 222 | |
a103496c | 223 | uint64_t capability_bounding_set; |
755d4b67 | 224 | uint64_t capability_ambient_set; |
9d58f1db LP |
225 | int secure_bits; |
226 | ||
7fab9d01 | 227 | int syslog_priority; |
7fab9d01 | 228 | bool syslog_level_prefix; |
0a6991e0 | 229 | char *syslog_identifier; |
d3070fbd LP |
230 | |
231 | struct iovec* log_extra_fields; | |
232 | size_t n_log_extra_fields; | |
233 | ||
90fc172e AZ |
234 | usec_t log_rate_limit_interval_usec; |
235 | unsigned log_rate_limit_burst; | |
236 | ||
0a6991e0 LP |
237 | int log_level_max; |
238 | ||
15ae422b | 239 | bool private_tmp; |
ff01d048 | 240 | bool private_network; |
7f112f50 | 241 | bool private_devices; |
d251207d | 242 | bool private_users; |
228af36f | 243 | bool private_mounts; |
59eeb84b | 244 | bool protect_kernel_tunables; |
502d704e | 245 | bool protect_kernel_modules; |
59eeb84b | 246 | bool protect_control_groups; |
0a6991e0 LP |
247 | ProtectSystem protect_system; |
248 | ProtectHome protect_home; | |
249 | bool protect_hostname; | |
5d997827 | 250 | bool mount_apivfs; |
9d58f1db | 251 | |
29206d46 | 252 | bool dynamic_user; |
00d9ef85 | 253 | bool remove_ipc; |
29206d46 | 254 | |
0a6991e0 LP |
255 | bool memory_deny_write_execute; |
256 | bool restrict_realtime; | |
f69567cb | 257 | bool restrict_suid_sgid; |
2e22afe9 | 258 | |
78e864e5 | 259 | bool lock_personality; |
0a6991e0 | 260 | unsigned long personality; |
ac45f971 | 261 | |
add00535 LP |
262 | unsigned long restrict_namespaces; /* The CLONE_NEWxyz flags permitted to the unit's processes */ |
263 | ||
8cfa775f | 264 | Hashmap *syscall_filter; |
57183d11 | 265 | Set *syscall_archs; |
17df7223 LP |
266 | int syscall_errno; |
267 | bool syscall_whitelist:1; | |
8351ceae | 268 | |
4298d0b5 | 269 | bool address_families_whitelist:1; |
0a6991e0 | 270 | Set *address_families; |
a8d08f39 LP |
271 | |
272 | char *network_namespace_path; | |
0a6991e0 LP |
273 | |
274 | ExecDirectory directories[_EXEC_DIRECTORY_TYPE_MAX]; | |
275 | ExecPreserveMode runtime_directory_preserve_mode; | |
5cb5a6ff LP |
276 | }; |
277 | ||
add00535 LP |
278 | static inline bool exec_context_restrict_namespaces_set(const ExecContext *c) { |
279 | assert(c); | |
280 | ||
281 | return (c->restrict_namespaces & NAMESPACE_FLAGS_ALL) != NAMESPACE_FLAGS_ALL; | |
282 | } | |
283 | ||
c39f1ce2 | 284 | typedef enum ExecFlags { |
ef31828d LP |
285 | EXEC_APPLY_SANDBOXING = 1 << 0, |
286 | EXEC_APPLY_CHROOT = 1 << 1, | |
287 | EXEC_APPLY_TTY_STDIN = 1 << 2, | |
8f9f3cb7 AB |
288 | EXEC_PASS_LOG_UNIT = 1 << 3, /* Whether to pass the unit name to the service's journal stream connection */ |
289 | EXEC_CHOWN_DIRECTORIES = 1 << 4, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */ | |
290 | EXEC_NSS_BYPASS_BUS = 1 << 5, /* Set the SYSTEMD_NSS_BYPASS_BUS environment variable, to disable nss-systemd for dbus */ | |
291 | EXEC_CGROUP_DELEGATE = 1 << 6, | |
292 | EXEC_IS_CONTROL = 1 << 7, | |
293 | EXEC_CONTROL_CGROUP = 1 << 8, /* Place the process not in the indicated cgroup but in a subcgroup '/.control', but only EXEC_CGROUP_DELEGATE and EXEC_IS_CONTROL is set, too */ | |
c39f1ce2 | 294 | |
9c1a61ad | 295 | /* The following are not used by execute.c, but by consumers internally */ |
8f9f3cb7 AB |
296 | EXEC_PASS_FDS = 1 << 9, |
297 | EXEC_SETENV_RESULT = 1 << 10, | |
298 | EXEC_SET_WATCHDOG = 1 << 11, | |
c39f1ce2 LP |
299 | } ExecFlags; |
300 | ||
42cb05d5 LP |
301 | /* Parameters for a specific invocation of a command. This structure is put together right before a command is |
302 | * executed. */ | |
9fa95f85 | 303 | struct ExecParameters { |
a34ceba6 | 304 | char **environment; |
8dd4c05b LP |
305 | |
306 | int *fds; | |
307 | char **fd_names; | |
da6053d0 | 308 | size_t n_socket_fds; |
25b583d7 | 309 | size_t n_storage_fds; |
8dd4c05b | 310 | |
c39f1ce2 | 311 | ExecFlags flags; |
a34ceba6 | 312 | bool selinux_context_net:1; |
8dd4c05b | 313 | |
efdb0237 | 314 | CGroupMask cgroup_supported; |
9fa95f85 | 315 | const char *cgroup_path; |
8dd4c05b | 316 | |
3536f49e | 317 | char **prefix; |
8dd4c05b | 318 | |
7d5ceb64 FB |
319 | const char *confirm_spawn; |
320 | ||
9fa95f85 | 321 | usec_t watchdog_usec; |
8dd4c05b | 322 | |
9fa95f85 | 323 | int *idle_pipe; |
8dd4c05b | 324 | |
a34ceba6 LP |
325 | int stdin_fd; |
326 | int stdout_fd; | |
327 | int stderr_fd; | |
5686391b LP |
328 | |
329 | /* An fd that is closed by the execve(), and thus will result in EOF when the execve() is done */ | |
330 | int exec_fd; | |
9fa95f85 DM |
331 | }; |
332 | ||
9ce93478 | 333 | #include "unit.h" |
29206d46 | 334 | #include "dynamic-user.h" |
9ce93478 | 335 | |
f2341e0a LP |
336 | int exec_spawn(Unit *unit, |
337 | ExecCommand *command, | |
9fa95f85 DM |
338 | const ExecContext *context, |
339 | const ExecParameters *exec_params, | |
613b411c | 340 | ExecRuntime *runtime, |
29206d46 | 341 | DynamicCreds *dynamic_creds, |
81a2b7ce | 342 | pid_t *ret); |
5cb5a6ff | 343 | |
da6053d0 | 344 | void exec_command_done_array(ExecCommand *c, size_t n); |
f1acf85a | 345 | ExecCommand* exec_command_free_list(ExecCommand *c); |
da6053d0 | 346 | void exec_command_free_array(ExecCommand **c, size_t n); |
6a1d4d9f LP |
347 | void exec_command_reset_status_array(ExecCommand *c, size_t n); |
348 | void exec_command_reset_status_list_array(ExecCommand **c, size_t n); | |
44d8db9e | 349 | void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix); |
a6a80b4f | 350 | void exec_command_append_list(ExecCommand **l, ExecCommand *e); |
7593c3ec LP |
351 | int exec_command_set(ExecCommand *c, const char *path, ...) _sentinel_; |
352 | int exec_command_append(ExecCommand *c, const char *path, ...) _sentinel_; | |
44d8db9e | 353 | |
034c6ed7 | 354 | void exec_context_init(ExecContext *c); |
613b411c | 355 | void exec_context_done(ExecContext *c); |
34cf6c43 | 356 | void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix); |
5cb5a6ff | 357 | |
34cf6c43 | 358 | int exec_context_destroy_runtime_directory(const ExecContext *c, const char *runtime_root); |
e66cf1a3 | 359 | |
52c239d7 | 360 | const char* exec_context_fdname(const ExecContext *c, int fd_index); |
8c7be95e | 361 | |
34cf6c43 YW |
362 | bool exec_context_may_touch_console(const ExecContext *c); |
363 | bool exec_context_maintains_privileges(const ExecContext *c); | |
6ac8fdc9 | 364 | |
34cf6c43 | 365 | int exec_context_get_effective_ioprio(const ExecContext *c); |
7f452159 | 366 | |
d3070fbd LP |
367 | void exec_context_free_log_extra_fields(ExecContext *c); |
368 | ||
6f765baf LP |
369 | void exec_context_revert_tty(ExecContext *c); |
370 | ||
b58b4116 | 371 | void exec_status_start(ExecStatus *s, pid_t pid); |
34cf6c43 YW |
372 | void exec_status_exit(ExecStatus *s, const ExecContext *context, pid_t pid, int code, int status); |
373 | void exec_status_dump(const ExecStatus *s, FILE *f, const char *prefix); | |
6a1d4d9f | 374 | void exec_status_reset(ExecStatus *s); |
5cb5a6ff | 375 | |
e8a565cb YW |
376 | int exec_runtime_acquire(Manager *m, const ExecContext *c, const char *name, bool create, ExecRuntime **ret); |
377 | ExecRuntime *exec_runtime_unref(ExecRuntime *r, bool destroy); | |
613b411c | 378 | |
e8a565cb YW |
379 | int exec_runtime_serialize(const Manager *m, FILE *f, FDSet *fds); |
380 | int exec_runtime_deserialize_compat(Unit *u, const char *key, const char *value, FDSet *fds); | |
381 | void exec_runtime_deserialize_one(Manager *m, const char *value, FDSet *fds); | |
382 | void exec_runtime_vacuum(Manager *m); | |
613b411c | 383 | |
b9c04eaf YW |
384 | void exec_params_clear(ExecParameters *p); |
385 | ||
44a6b1b6 ZJS |
386 | const char* exec_output_to_string(ExecOutput i) _const_; |
387 | ExecOutput exec_output_from_string(const char *s) _pure_; | |
94f04347 | 388 | |
44a6b1b6 ZJS |
389 | const char* exec_input_to_string(ExecInput i) _const_; |
390 | ExecInput exec_input_from_string(const char *s) _pure_; | |
023a4f67 LP |
391 | |
392 | const char* exec_utmp_mode_to_string(ExecUtmpMode i) _const_; | |
393 | ExecUtmpMode exec_utmp_mode_from_string(const char *s) _pure_; | |
53f47dfc YW |
394 | |
395 | const char* exec_preserve_mode_to_string(ExecPreserveMode i) _const_; | |
396 | ExecPreserveMode exec_preserve_mode_from_string(const char *s) _pure_; | |
3536f49e | 397 | |
b1edf445 LP |
398 | const char* exec_keyring_mode_to_string(ExecKeyringMode i) _const_; |
399 | ExecKeyringMode exec_keyring_mode_from_string(const char *s) _pure_; | |
400 | ||
3536f49e YW |
401 | const char* exec_directory_type_to_string(ExecDirectoryType i) _const_; |
402 | ExecDirectoryType exec_directory_type_from_string(const char *s) _pure_; |