[thirdparty/systemd.git] / src / core / execute.h

/* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once

typedef struct ExecStatus ExecStatus;
typedef struct ExecCommand ExecCommand;
typedef struct ExecContext ExecContext;
typedef struct ExecRuntime ExecRuntime;
typedef struct ExecParameters ExecParameters;
typedef struct Manager Manager;

#include <sched.h>
#include <stdbool.h>
#include <stdio.h>
#include <sys/capability.h>

#include "cgroup-util.h"
#include "cpu-set-util.h"
#include "exec-util.h"
#include "fdset.h"
#include "list.h"
#include "missing_resource.h"
#include "namespace.h"
#include "nsflags.h"
#include "time-util.h"

#define EXEC_STDIN_DATA_MAX (64U*1024U*1024U)

typedef enum ExecUtmpMode {
        EXEC_UTMP_INIT,
        EXEC_UTMP_LOGIN,
        EXEC_UTMP_USER,
        _EXEC_UTMP_MODE_MAX,
        _EXEC_UTMP_MODE_INVALID = -1
} ExecUtmpMode;

typedef enum ExecInput {
        EXEC_INPUT_NULL,
        EXEC_INPUT_TTY,
        EXEC_INPUT_TTY_FORCE,
        EXEC_INPUT_TTY_FAIL,
        EXEC_INPUT_SOCKET,
        EXEC_INPUT_NAMED_FD,
        EXEC_INPUT_DATA,
        EXEC_INPUT_FILE,
        _EXEC_INPUT_MAX,
        _EXEC_INPUT_INVALID = -1
} ExecInput;

typedef enum ExecOutput {
        EXEC_OUTPUT_INHERIT,
        EXEC_OUTPUT_NULL,
        EXEC_OUTPUT_TTY,
        EXEC_OUTPUT_SYSLOG,
        EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
        EXEC_OUTPUT_KMSG,
        EXEC_OUTPUT_KMSG_AND_CONSOLE,
        EXEC_OUTPUT_JOURNAL,
        EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
        EXEC_OUTPUT_SOCKET,
        EXEC_OUTPUT_NAMED_FD,
        EXEC_OUTPUT_FILE,
        EXEC_OUTPUT_FILE_APPEND,
        _EXEC_OUTPUT_MAX,
        _EXEC_OUTPUT_INVALID = -1
} ExecOutput;

typedef enum ExecPreserveMode {
        EXEC_PRESERVE_NO,
        EXEC_PRESERVE_YES,
        EXEC_PRESERVE_RESTART,
        _EXEC_PRESERVE_MODE_MAX,
        _EXEC_PRESERVE_MODE_INVALID = -1
} ExecPreserveMode;

typedef enum ExecKeyringMode {
        EXEC_KEYRING_INHERIT,
        EXEC_KEYRING_PRIVATE,
        EXEC_KEYRING_SHARED,
        _EXEC_KEYRING_MODE_MAX,
        _EXEC_KEYRING_MODE_INVALID = -1,
} ExecKeyringMode;

/* Contains start and exit information about an executed command.  */
struct ExecStatus {
        dual_timestamp start_timestamp;
        dual_timestamp exit_timestamp;
        pid_t pid;
        int code;     /* as in siginfo_t::si_code */
        int status;   /* as in sigingo_t::si_status */
};

/* Stores information about commands we execute. Covers both configuration settings as well as runtime data. */
struct ExecCommand {
        char *path;
        char **argv;
        ExecStatus exec_status;
        ExecCommandFlags flags;
        LIST_FIELDS(ExecCommand, command); /* useful for chaining commands */
};

/* Encapsulates certain aspects of the runtime environment that is to be shared between multiple otherwise separate
 * invocations of commands. Specifically, this allows sharing of /tmp and /var/tmp data as well as network namespaces
 * between invocations of commands. This is a reference counted object, with one reference taken by each currently
 * active command invocation that wants to share this runtime. */
struct ExecRuntime {
        unsigned n_ref;

        Manager *manager;

        char *id; /* Unit id of the owner */

        char *tmp_dir;
        char *var_tmp_dir;

        /* An AF_UNIX socket pair, that contains a datagram containing a file descriptor referring to the network
         * namespace. */
        int netns_storage_socket[2];
};

typedef enum ExecDirectoryType {
        EXEC_DIRECTORY_RUNTIME = 0,
        EXEC_DIRECTORY_STATE,
        EXEC_DIRECTORY_CACHE,
        EXEC_DIRECTORY_LOGS,
        EXEC_DIRECTORY_CONFIGURATION,
        _EXEC_DIRECTORY_TYPE_MAX,
        _EXEC_DIRECTORY_TYPE_INVALID = -1,
} ExecDirectoryType;

typedef struct ExecDirectory {
        char **paths;
        mode_t mode;
} ExecDirectory;

/* Encodes configuration parameters applied to invoked commands. Does not carry runtime data, but only configuration
 * changes sourced from unit files and suchlike. ExecContext objects are usually embedded into Unit objects, and do not
 * change after being loaded. */
struct ExecContext {
        char **environment;
        char **environment_files;
        char **pass_environment;
        char **unset_environment;

        struct rlimit *rlimit[_RLIMIT_MAX];
        char *working_directory, *root_directory, *root_image;
        bool working_directory_missing_ok:1;
        bool working_directory_home:1;

        bool oom_score_adjust_set:1;
        bool nice_set:1;
        bool ioprio_set:1;
        bool cpu_sched_set:1;

        /* This is not exposed to the user but available internally. We need it to make sure that whenever we
         * spawn /usr/bin/mount it is run in the same process group as us so that the autofs logic detects
         * that it belongs to us and we don't enter a trigger loop. */
        bool same_pgrp;

        bool cpu_sched_reset_on_fork;
        bool non_blocking;

        mode_t umask;
        int oom_score_adjust;
        int nice;
        int ioprio;
        int cpu_sched_policy;
        int cpu_sched_priority;

        CPUSet cpu_set;

        ExecInput std_input;
        ExecOutput std_output;
        ExecOutput std_error;
        bool stdio_as_fds;
        char *stdio_fdname[3];
        char *stdio_file[3];

        void *stdin_data;
        size_t stdin_data_size;

        nsec_t timer_slack_nsec;

        char *tty_path;

        bool tty_reset;
        bool tty_vhangup;
        bool tty_vt_disallocate;

        bool ignore_sigpipe;

        ExecKeyringMode keyring_mode;

        /* Since resolving these names might involve socket
         * connections and we don't want to deadlock ourselves these
         * names are resolved on execution only and in the child
         * process. */
        char *user;
        char *group;
        char **supplementary_groups;

        char *pam_name;

        char *utmp_id;
        ExecUtmpMode utmp_mode;

        bool no_new_privileges;

        bool selinux_context_ignore;
        bool apparmor_profile_ignore;
        bool smack_process_label_ignore;

        char *selinux_context;
        char *apparmor_profile;
        char *smack_process_label;

        char **read_write_paths, **read_only_paths, **inaccessible_paths;
        unsigned long mount_flags;
        BindMount *bind_mounts;
        size_t n_bind_mounts;
        TemporaryFileSystem *temporary_filesystems;
        size_t n_temporary_filesystems;

        uint64_t capability_bounding_set;
        uint64_t capability_ambient_set;
        int secure_bits;

        int syslog_priority;
        bool syslog_level_prefix;
        char *syslog_identifier;

        struct iovec* log_extra_fields;
        size_t n_log_extra_fields;

        usec_t log_rate_limit_interval_usec;
        unsigned log_rate_limit_burst;

        int log_level_max;

        bool private_tmp;
        bool private_network;
        bool private_devices;
        bool private_users;
        bool private_mounts;
        bool protect_kernel_tunables;
        bool protect_kernel_modules;
        bool protect_control_groups;
        ProtectSystem protect_system;
        ProtectHome protect_home;
        bool protect_hostname;
        bool mount_apivfs;

        bool dynamic_user;
        bool remove_ipc;

        bool memory_deny_write_execute;
        bool restrict_realtime;
        bool restrict_suid_sgid;

        bool lock_personality;
        unsigned long personality;

        unsigned long restrict_namespaces; /* The CLONE_NEWxyz flags permitted to the unit's processes */

        Hashmap *syscall_filter;
        Set *syscall_archs;
        int syscall_errno;
        bool syscall_whitelist:1;

        bool address_families_whitelist:1;
        Set *address_families;

        char *network_namespace_path;

        ExecDirectory directories[_EXEC_DIRECTORY_TYPE_MAX];
        ExecPreserveMode runtime_directory_preserve_mode;
};

static inline bool exec_context_restrict_namespaces_set(const ExecContext *c) {
        assert(c);

        return (c->restrict_namespaces & NAMESPACE_FLAGS_ALL) != NAMESPACE_FLAGS_ALL;
}

typedef enum ExecFlags {
        EXEC_APPLY_SANDBOXING  = 1 << 0,
        EXEC_APPLY_CHROOT      = 1 << 1,
        EXEC_APPLY_TTY_STDIN   = 1 << 2,
        EXEC_PASS_LOG_UNIT     = 1 << 3, /* Whether to pass the unit name to the service's journal stream connection */
        EXEC_CHOWN_DIRECTORIES = 1 << 4, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */
        EXEC_NSS_BYPASS_BUS    = 1 << 5, /* Set the SYSTEMD_NSS_BYPASS_BUS environment variable, to disable nss-systemd for dbus */
        EXEC_CGROUP_DELEGATE   = 1 << 6,
        EXEC_IS_CONTROL        = 1 << 7,
        EXEC_CONTROL_CGROUP    = 1 << 8, /* Place the process not in the indicated cgroup but in a subcgroup '/.control', but only EXEC_CGROUP_DELEGATE and EXEC_IS_CONTROL is set, too */

        /* The following are not used by execute.c, but by consumers internally */
        EXEC_PASS_FDS          = 1 << 9,
        EXEC_SETENV_RESULT     = 1 << 10,
        EXEC_SET_WATCHDOG      = 1 << 11,
} ExecFlags;

/* Parameters for a specific invocation of a command. This structure is put together right before a command is
 * executed. */
struct ExecParameters {
        char **environment;

        int *fds;
        char **fd_names;
        size_t n_socket_fds;
        size_t n_storage_fds;

        ExecFlags flags;
        bool selinux_context_net:1;

        CGroupMask cgroup_supported;
        const char *cgroup_path;

        char **prefix;

        const char *confirm_spawn;

        usec_t watchdog_usec;

        int *idle_pipe;

        int stdin_fd;
        int stdout_fd;
        int stderr_fd;

        /* An fd that is closed by the execve(), and thus will result in EOF when the execve() is done */
        int exec_fd;
};

#include "unit.h"
#include "dynamic-user.h"

int exec_spawn(Unit *unit,
               ExecCommand *command,
               const ExecContext *context,
               const ExecParameters *exec_params,
               ExecRuntime *runtime,
               DynamicCreds *dynamic_creds,
               pid_t *ret);

void exec_command_done_array(ExecCommand *c, size_t n);
ExecCommand* exec_command_free_list(ExecCommand *c);
void exec_command_free_array(ExecCommand **c, size_t n);
void exec_command_reset_status_array(ExecCommand *c, size_t n);
void exec_command_reset_status_list_array(ExecCommand **c, size_t n);
void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix);
void exec_command_append_list(ExecCommand **l, ExecCommand *e);
int exec_command_set(ExecCommand *c, const char *path, ...) _sentinel_;
int exec_command_append(ExecCommand *c, const char *path, ...) _sentinel_;

void exec_context_init(ExecContext *c);
void exec_context_done(ExecContext *c);
void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix);

int exec_context_destroy_runtime_directory(const ExecContext *c, const char *runtime_root);

const char* exec_context_fdname(const ExecContext *c, int fd_index);

bool exec_context_may_touch_console(const ExecContext *c);
bool exec_context_maintains_privileges(const ExecContext *c);

int exec_context_get_effective_ioprio(const ExecContext *c);

void exec_context_free_log_extra_fields(ExecContext *c);

void exec_context_revert_tty(ExecContext *c);

void exec_status_start(ExecStatus *s, pid_t pid);
void exec_status_exit(ExecStatus *s, const ExecContext *context, pid_t pid, int code, int status);
void exec_status_dump(const ExecStatus *s, FILE *f, const char *prefix);
void exec_status_reset(ExecStatus *s);

int exec_runtime_acquire(Manager *m, const ExecContext *c, const char *name, bool create, ExecRuntime **ret);
ExecRuntime *exec_runtime_unref(ExecRuntime *r, bool destroy);

int exec_runtime_serialize(const Manager *m, FILE *f, FDSet *fds);
int exec_runtime_deserialize_compat(Unit *u, const char *key, const char *value, FDSet *fds);
void exec_runtime_deserialize_one(Manager *m, const char *value, FDSet *fds);
void exec_runtime_vacuum(Manager *m);

void exec_params_clear(ExecParameters *p);

const char* exec_output_to_string(ExecOutput i) _const_;
ExecOutput exec_output_from_string(const char *s) _pure_;

const char* exec_input_to_string(ExecInput i) _const_;
ExecInput exec_input_from_string(const char *s) _pure_;

const char* exec_utmp_mode_to_string(ExecUtmpMode i) _const_;
ExecUtmpMode exec_utmp_mode_from_string(const char *s) _pure_;

const char* exec_preserve_mode_to_string(ExecPreserveMode i) _const_;
ExecPreserveMode exec_preserve_mode_from_string(const char *s) _pure_;

const char* exec_keyring_mode_to_string(ExecKeyringMode i) _const_;
ExecKeyringMode exec_keyring_mode_from_string(const char *s) _pure_;

const char* exec_directory_type_to_string(ExecDirectoryType i) _const_;
ExecDirectoryType exec_directory_type_from_string(const char *s) _pure_;
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
c2f1db8f	2	#pragma once
5cb5a6ff LP	3
	4	typedef struct ExecStatus ExecStatus;
	5	typedef struct ExecCommand ExecCommand;
	6	typedef struct ExecContext ExecContext;
613b411c	7	typedef struct ExecRuntime ExecRuntime;
9fa95f85	8	typedef struct ExecParameters ExecParameters;
e8a565cb	9	typedef struct Manager Manager;
5cb5a6ff	10
71d35b6b	11	#include <sched.h>
5cb5a6ff LP	12	#include <stdbool.h>
5cb5a6ff LP	13	#include <stdio.h>
71d35b6b	14	#include <sys/capability.h>
5cb5a6ff	15
9ce93478	16	#include "cgroup-util.h"
0985c7c4	17	#include "cpu-set-util.h"
b3d59367	18	#include "exec-util.h"
613b411c	19	#include "fdset.h"
71d35b6b	20	#include "list.h"
e93672ee	21	#include "missing_resource.h"
417116f2	22	#include "namespace.h"
add00535	23	#include "nsflags.h"
ca78ad1d	24	#include "time-util.h"
5cb5a6ff	25
08f3be7a LP	26	#define EXEC_STDIN_DATA_MAX (64U1024U1024U)
08f3be7a LP	27
023a4f67 LP	28	typedef enum ExecUtmpMode {
	29	EXEC_UTMP_INIT,
	30	EXEC_UTMP_LOGIN,
	31	EXEC_UTMP_USER,
	32	_EXEC_UTMP_MODE_MAX,
2307f37e	33	_EXEC_UTMP_MODE_INVALID = -1
023a4f67 LP	34	} ExecUtmpMode;
023a4f67 LP	35
80876c20 LP	36	typedef enum ExecInput {
	37	EXEC_INPUT_NULL,
	38	EXEC_INPUT_TTY,
	39	EXEC_INPUT_TTY_FORCE,
	40	EXEC_INPUT_TTY_FAIL,
4f2d528d	41	EXEC_INPUT_SOCKET,
52c239d7	42	EXEC_INPUT_NAMED_FD,
08f3be7a	43	EXEC_INPUT_DATA,
2038c3f5	44	EXEC_INPUT_FILE,
80876c20 LP	45	_EXEC_INPUT_MAX,
	46	_EXEC_INPUT_INVALID = -1
	47	} ExecInput;
	48
071830ff	49	typedef enum ExecOutput {
80876c20	50	EXEC_OUTPUT_INHERIT,
94f04347	51	EXEC_OUTPUT_NULL,
80876c20	52	EXEC_OUTPUT_TTY,
94f04347	53	EXEC_OUTPUT_SYSLOG,
28dbc1e8	54	EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
9a6bca7a	55	EXEC_OUTPUT_KMSG,
28dbc1e8	56	EXEC_OUTPUT_KMSG_AND_CONSOLE,
706343f4 LP	57	EXEC_OUTPUT_JOURNAL,
706343f4 LP	58	EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
4f2d528d	59	EXEC_OUTPUT_SOCKET,
52c239d7	60	EXEC_OUTPUT_NAMED_FD,
2038c3f5	61	EXEC_OUTPUT_FILE,
566b7d23	62	EXEC_OUTPUT_FILE_APPEND,
94f04347 LP	63	_EXEC_OUTPUT_MAX,
94f04347 LP	64	_EXEC_OUTPUT_INVALID = -1
071830ff LP	65	} ExecOutput;
071830ff LP	66
53f47dfc YW	67	typedef enum ExecPreserveMode {
	68	EXEC_PRESERVE_NO,
	69	EXEC_PRESERVE_YES,
	70	EXEC_PRESERVE_RESTART,
	71	_EXEC_PRESERVE_MODE_MAX,
	72	_EXEC_PRESERVE_MODE_INVALID = -1
	73	} ExecPreserveMode;
	74
b1edf445 LP	75	typedef enum ExecKeyringMode {
	76	EXEC_KEYRING_INHERIT,
	77	EXEC_KEYRING_PRIVATE,
	78	EXEC_KEYRING_SHARED,
	79	_EXEC_KEYRING_MODE_MAX,
	80	_EXEC_KEYRING_MODE_INVALID = -1,
	81	} ExecKeyringMode;
	82
42cb05d5	83	/* Contains start and exit information about an executed command. */
5cb5a6ff	84	struct ExecStatus {
63983207 LP	85	dual_timestamp start_timestamp;
63983207 LP	86	dual_timestamp exit_timestamp;
0a6991e0	87	pid_t pid;
9152c765 LP	88	int code; /* as in siginfo_t::si_code */
9152c765 LP	89	int status; /* as in sigingo_t::si_status */
5cb5a6ff LP	90	};
5cb5a6ff LP	91
42cb05d5	92	/* Stores information about commands we execute. Covers both configuration settings as well as runtime data. */
5cb5a6ff LP	93	struct ExecCommand {
	94	char *path;
	95	char **argv;
034c6ed7	96	ExecStatus exec_status;
3ed0cd26	97	ExecCommandFlags flags;
034c6ed7	98	LIST_FIELDS(ExecCommand, command); /* useful for chaining commands */
5cb5a6ff LP	99	};
5cb5a6ff LP	100
42cb05d5 LP	101	/* Encapsulates certain aspects of the runtime environment that is to be shared between multiple otherwise separate
	102	* invocations of commands. Specifically, this allows sharing of /tmp and /var/tmp data as well as network namespaces
	103	* between invocations of commands. This is a reference counted object, with one reference taken by each currently
	104	* active command invocation that wants to share this runtime. */
613b411c	105	struct ExecRuntime {
cf4b2f99	106	unsigned n_ref;
613b411c	107
e8a565cb YW	108	Manager *manager;
e8a565cb YW	109
42cb05d5	110	char id; / Unit id of the owner */
e8a565cb	111
613b411c LP	112	char *tmp_dir;
	113	char *var_tmp_dir;
	114
29206d46 LP	115	/* An AF_UNIX socket pair, that contains a datagram containing a file descriptor referring to the network
29206d46 LP	116	* namespace. */
613b411c LP	117	int netns_storage_socket[2];
	118	};
	119
3536f49e YW	120	typedef enum ExecDirectoryType {
	121	EXEC_DIRECTORY_RUNTIME = 0,
	122	EXEC_DIRECTORY_STATE,
	123	EXEC_DIRECTORY_CACHE,
	124	EXEC_DIRECTORY_LOGS,
	125	EXEC_DIRECTORY_CONFIGURATION,
72fd1768 LP	126	_EXEC_DIRECTORY_TYPE_MAX,
72fd1768 LP	127	_EXEC_DIRECTORY_TYPE_INVALID = -1,
3536f49e YW	128	} ExecDirectoryType;
	129
	130	typedef struct ExecDirectory {
	131	char **paths;
	132	mode_t mode;
	133	} ExecDirectory;
	134
42cb05d5 LP	135	/* Encodes configuration parameters applied to invoked commands. Does not carry runtime data, but only configuration
	136	* changes sourced from unit files and suchlike. ExecContext objects are usually embedded into Unit objects, and do not
	137	* change after being loaded. */
5cb5a6ff LP	138	struct ExecContext {
5cb5a6ff LP	139	char **environment;
8c7be95e	140	char **environment_files;
b4c14404	141	char **pass_environment;
00819cc1	142	char **unset_environment;
8c7be95e	143
517d56b1	144	struct rlimit *rlimit[_RLIMIT_MAX];
915e6d16	145	char working_directory, root_directory, *root_image;
0a6991e0 LP	146	bool working_directory_missing_ok:1;
	147	bool working_directory_home:1;
	148
	149	bool oom_score_adjust_set:1;
	150	bool nice_set:1;
	151	bool ioprio_set:1;
	152	bool cpu_sched_set:1;
	153
	154	/* This is not exposed to the user but available internally. We need it to make sure that whenever we
	155	* spawn /usr/bin/mount it is run in the same process group as us so that the autofs logic detects
	156	* that it belongs to us and we don't enter a trigger loop. */
	157	bool same_pgrp;
	158
	159	bool cpu_sched_reset_on_fork;
	160	bool non_blocking;
9d58f1db LP	161
9d58f1db LP	162	mode_t umask;
dd6c17b1	163	int oom_score_adjust;
5cb5a6ff	164	int nice;
9eba9da4	165	int ioprio;
94f04347 LP	166	int cpu_sched_policy;
94f04347 LP	167	int cpu_sched_priority;
9d58f1db	168
0985c7c4	169	CPUSet cpu_set;
fb33a393	170
80876c20 LP	171	ExecInput std_input;
	172	ExecOutput std_output;
	173	ExecOutput std_error;
0a6991e0	174	bool stdio_as_fds;
52c239d7	175	char *stdio_fdname[3];
2038c3f5	176	char *stdio_file[3];
80876c20	177
08f3be7a LP	178	void *stdin_data;
08f3be7a LP	179	size_t stdin_data_size;
80876c20	180
d88a251b	181	nsec_t timer_slack_nsec;
071830ff	182
9d58f1db	183	char *tty_path;
5cb5a6ff	184
6ea832a2 LP	185	bool tty_reset;
	186	bool tty_vhangup;
	187	bool tty_vt_disallocate;
	188
353e12c2 LP	189	bool ignore_sigpipe;
353e12c2 LP	190
0a6991e0 LP	191	ExecKeyringMode keyring_mode;
0a6991e0 LP	192
61233823	193	/* Since resolving these names might involve socket
5cb5a6ff	194	* connections and we don't want to deadlock ourselves these
94f04347 LP	195	* names are resolved on execution only and in the child
94f04347 LP	196	* process. */
5cb5a6ff LP	197	char *user;
	198	char *group;
	199	char **supplementary_groups;
9d58f1db	200
5b6319dc LP	201	char *pam_name;
5b6319dc LP	202
169c1bda	203	char *utmp_id;
023a4f67	204	ExecUtmpMode utmp_mode;
169c1bda	205
0a6991e0	206	bool no_new_privileges;
7b52a628	207
0a6991e0	208	bool selinux_context_ignore;
eef65bf3	209	bool apparmor_profile_ignore;
2ca620c4	210	bool smack_process_label_ignore;
2ca620c4	211
0a6991e0 LP	212	char *selinux_context;
	213	char *apparmor_profile;
	214	char *smack_process_label;
b1edf445	215
2a624c36	216	char read_write_paths, read_only_paths, **inaccessible_paths;
15ae422b	217	unsigned long mount_flags;
d2d6c096	218	BindMount *bind_mounts;
da6053d0	219	size_t n_bind_mounts;
2abd4e38	220	TemporaryFileSystem *temporary_filesystems;
da6053d0	221	size_t n_temporary_filesystems;
15ae422b	222
a103496c	223	uint64_t capability_bounding_set;
755d4b67	224	uint64_t capability_ambient_set;
9d58f1db LP	225	int secure_bits;
9d58f1db LP	226
7fab9d01	227	int syslog_priority;
7fab9d01	228	bool syslog_level_prefix;
0a6991e0	229	char *syslog_identifier;
d3070fbd LP	230
	231	struct iovec* log_extra_fields;
	232	size_t n_log_extra_fields;
	233
90fc172e AZ	234	usec_t log_rate_limit_interval_usec;
	235	unsigned log_rate_limit_burst;
	236
0a6991e0 LP	237	int log_level_max;
0a6991e0 LP	238
15ae422b	239	bool private_tmp;
ff01d048	240	bool private_network;
7f112f50	241	bool private_devices;
d251207d	242	bool private_users;
228af36f	243	bool private_mounts;
59eeb84b	244	bool protect_kernel_tunables;
502d704e	245	bool protect_kernel_modules;
59eeb84b	246	bool protect_control_groups;
0a6991e0 LP	247	ProtectSystem protect_system;
	248	ProtectHome protect_home;
	249	bool protect_hostname;
5d997827	250	bool mount_apivfs;
9d58f1db	251
29206d46	252	bool dynamic_user;
00d9ef85	253	bool remove_ipc;
29206d46	254
0a6991e0 LP	255	bool memory_deny_write_execute;
0a6991e0 LP	256	bool restrict_realtime;
f69567cb	257	bool restrict_suid_sgid;
2e22afe9	258
78e864e5	259	bool lock_personality;
0a6991e0	260	unsigned long personality;
ac45f971	261
add00535 LP	262	unsigned long restrict_namespaces; /* The CLONE_NEWxyz flags permitted to the unit's processes */
add00535 LP	263
8cfa775f	264	Hashmap *syscall_filter;
57183d11	265	Set *syscall_archs;
17df7223 LP	266	int syscall_errno;
17df7223 LP	267	bool syscall_whitelist:1;
8351ceae	268
4298d0b5	269	bool address_families_whitelist:1;
0a6991e0	270	Set *address_families;
a8d08f39 LP	271
a8d08f39 LP	272	char *network_namespace_path;
0a6991e0 LP	273
	274	ExecDirectory directories[_EXEC_DIRECTORY_TYPE_MAX];
	275	ExecPreserveMode runtime_directory_preserve_mode;
5cb5a6ff LP	276	};
5cb5a6ff LP	277
add00535 LP	278	static inline bool exec_context_restrict_namespaces_set(const ExecContext *c) {
	279	assert(c);
	280
	281	return (c->restrict_namespaces & NAMESPACE_FLAGS_ALL) != NAMESPACE_FLAGS_ALL;
	282	}
	283
c39f1ce2	284	typedef enum ExecFlags {
ef31828d LP	285	EXEC_APPLY_SANDBOXING = 1 << 0,
	286	EXEC_APPLY_CHROOT = 1 << 1,
	287	EXEC_APPLY_TTY_STDIN = 1 << 2,
8f9f3cb7 AB	288	EXEC_PASS_LOG_UNIT = 1 << 3, /* Whether to pass the unit name to the service's journal stream connection */
	289	EXEC_CHOWN_DIRECTORIES = 1 << 4, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */
	290	EXEC_NSS_BYPASS_BUS = 1 << 5, /* Set the SYSTEMD_NSS_BYPASS_BUS environment variable, to disable nss-systemd for dbus */
	291	EXEC_CGROUP_DELEGATE = 1 << 6,
	292	EXEC_IS_CONTROL = 1 << 7,
	293	EXEC_CONTROL_CGROUP = 1 << 8, /* Place the process not in the indicated cgroup but in a subcgroup '/.control', but only EXEC_CGROUP_DELEGATE and EXEC_IS_CONTROL is set, too */
c39f1ce2	294
9c1a61ad	295	/* The following are not used by execute.c, but by consumers internally */
8f9f3cb7 AB	296	EXEC_PASS_FDS = 1 << 9,
	297	EXEC_SETENV_RESULT = 1 << 10,
	298	EXEC_SET_WATCHDOG = 1 << 11,
c39f1ce2 LP	299	} ExecFlags;
c39f1ce2 LP	300
42cb05d5 LP	301	/* Parameters for a specific invocation of a command. This structure is put together right before a command is
42cb05d5 LP	302	* executed. */
9fa95f85	303	struct ExecParameters {
a34ceba6	304	char **environment;
8dd4c05b LP	305
	306	int *fds;
	307	char **fd_names;
da6053d0	308	size_t n_socket_fds;
25b583d7	309	size_t n_storage_fds;
8dd4c05b	310
c39f1ce2	311	ExecFlags flags;
a34ceba6	312	bool selinux_context_net:1;
8dd4c05b	313
efdb0237	314	CGroupMask cgroup_supported;
9fa95f85	315	const char *cgroup_path;
8dd4c05b	316
3536f49e	317	char **prefix;
8dd4c05b	318
7d5ceb64 FB	319	const char *confirm_spawn;
7d5ceb64 FB	320
9fa95f85	321	usec_t watchdog_usec;
8dd4c05b	322
9fa95f85	323	int *idle_pipe;
8dd4c05b	324
a34ceba6 LP	325	int stdin_fd;
	326	int stdout_fd;
	327	int stderr_fd;
5686391b LP	328
	329	/* An fd that is closed by the execve(), and thus will result in EOF when the execve() is done */
	330	int exec_fd;
9fa95f85 DM	331	};
9fa95f85 DM	332
9ce93478	333	#include "unit.h"
29206d46	334	#include "dynamic-user.h"
9ce93478	335
f2341e0a LP	336	int exec_spawn(Unit *unit,
f2341e0a LP	337	ExecCommand *command,
9fa95f85 DM	338	const ExecContext *context,
9fa95f85 DM	339	const ExecParameters *exec_params,
613b411c	340	ExecRuntime *runtime,
29206d46	341	DynamicCreds *dynamic_creds,
81a2b7ce	342	pid_t *ret);
5cb5a6ff	343
da6053d0	344	void exec_command_done_array(ExecCommand *c, size_t n);
f1acf85a	345	ExecCommand* exec_command_free_list(ExecCommand *c);
da6053d0	346	void exec_command_free_array(ExecCommand **c, size_t n);
6a1d4d9f LP	347	void exec_command_reset_status_array(ExecCommand *c, size_t n);
6a1d4d9f LP	348	void exec_command_reset_status_list_array(ExecCommand **c, size_t n);
44d8db9e	349	void exec_command_dump_list(ExecCommand c, FILE f, const char *prefix);
a6a80b4f	350	void exec_command_append_list(ExecCommand *l, ExecCommand e);
7593c3ec LP	351	int exec_command_set(ExecCommand c, const char path, ...) _sentinel_;
7593c3ec LP	352	int exec_command_append(ExecCommand c, const char path, ...) _sentinel_;
44d8db9e	353
034c6ed7	354	void exec_context_init(ExecContext *c);
613b411c	355	void exec_context_done(ExecContext *c);
34cf6c43	356	void exec_context_dump(const ExecContext c, FILE f, const char *prefix);
5cb5a6ff	357
34cf6c43	358	int exec_context_destroy_runtime_directory(const ExecContext c, const char runtime_root);
e66cf1a3	359
52c239d7	360	const char* exec_context_fdname(const ExecContext *c, int fd_index);
8c7be95e	361
34cf6c43 YW	362	bool exec_context_may_touch_console(const ExecContext *c);
34cf6c43 YW	363	bool exec_context_maintains_privileges(const ExecContext *c);
6ac8fdc9	364
34cf6c43	365	int exec_context_get_effective_ioprio(const ExecContext *c);
7f452159	366
d3070fbd LP	367	void exec_context_free_log_extra_fields(ExecContext *c);
d3070fbd LP	368
6f765baf LP	369	void exec_context_revert_tty(ExecContext *c);
6f765baf LP	370
b58b4116	371	void exec_status_start(ExecStatus *s, pid_t pid);
34cf6c43 YW	372	void exec_status_exit(ExecStatus s, const ExecContext context, pid_t pid, int code, int status);
34cf6c43 YW	373	void exec_status_dump(const ExecStatus s, FILE f, const char *prefix);
6a1d4d9f	374	void exec_status_reset(ExecStatus *s);
5cb5a6ff	375
e8a565cb YW	376	int exec_runtime_acquire(Manager m, const ExecContext c, const char name, bool create, ExecRuntime *ret);
e8a565cb YW	377	ExecRuntime exec_runtime_unref(ExecRuntime r, bool destroy);
613b411c	378
e8a565cb YW	379	int exec_runtime_serialize(const Manager m, FILE f, FDSet *fds);
	380	int exec_runtime_deserialize_compat(Unit u, const char key, const char value, FDSet fds);
	381	void exec_runtime_deserialize_one(Manager m, const char value, FDSet *fds);
	382	void exec_runtime_vacuum(Manager *m);
613b411c	383
b9c04eaf YW	384	void exec_params_clear(ExecParameters *p);
b9c04eaf YW	385
44a6b1b6 ZJS	386	const char* exec_output_to_string(ExecOutput i) _const_;
44a6b1b6 ZJS	387	ExecOutput exec_output_from_string(const char *s) _pure_;
94f04347	388
44a6b1b6 ZJS	389	const char* exec_input_to_string(ExecInput i) _const_;
44a6b1b6 ZJS	390	ExecInput exec_input_from_string(const char *s) _pure_;
023a4f67 LP	391
	392	const char* exec_utmp_mode_to_string(ExecUtmpMode i) _const_;
	393	ExecUtmpMode exec_utmp_mode_from_string(const char *s) _pure_;
53f47dfc YW	394
	395	const char* exec_preserve_mode_to_string(ExecPreserveMode i) _const_;
	396	ExecPreserveMode exec_preserve_mode_from_string(const char *s) _pure_;
3536f49e	397
b1edf445 LP	398	const char* exec_keyring_mode_to_string(ExecKeyringMode i) _const_;
	399	ExecKeyringMode exec_keyring_mode_from_string(const char *s) _pure_;
	400
3536f49e YW	401	const char* exec_directory_type_to_string(ExecDirectoryType i) _const_;
3536f49e YW	402	ExecDirectoryType exec_directory_type_from_string(const char *s) _pure_;