[thirdparty/systemd.git] / src / core / execute.h

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

#pragma once

/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

typedef struct ExecStatus ExecStatus;
typedef struct ExecCommand ExecCommand;
typedef struct ExecContext ExecContext;
typedef struct ExecRuntime ExecRuntime;

#include <linux/types.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/capability.h>
#include <stdbool.h>
#include <stdio.h>
#include <sched.h>
#ifdef HAVE_SECCOMP
#include <seccomp.h>

#include "set.h"
#endif

#include "list.h"
#include "util.h"
#include "fdset.h"

typedef enum ExecInput {
        EXEC_INPUT_NULL,
        EXEC_INPUT_TTY,
        EXEC_INPUT_TTY_FORCE,
        EXEC_INPUT_TTY_FAIL,
        EXEC_INPUT_SOCKET,
        _EXEC_INPUT_MAX,
        _EXEC_INPUT_INVALID = -1
} ExecInput;

typedef enum ExecOutput {
        EXEC_OUTPUT_INHERIT,
        EXEC_OUTPUT_NULL,
        EXEC_OUTPUT_TTY,
        EXEC_OUTPUT_SYSLOG,
        EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
        EXEC_OUTPUT_KMSG,
        EXEC_OUTPUT_KMSG_AND_CONSOLE,
        EXEC_OUTPUT_JOURNAL,
        EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
        EXEC_OUTPUT_SOCKET,
        _EXEC_OUTPUT_MAX,
        _EXEC_OUTPUT_INVALID = -1
} ExecOutput;

struct ExecStatus {
        dual_timestamp start_timestamp;
        dual_timestamp exit_timestamp;
        pid_t pid;
        int code;     /* as in siginfo_t::si_code */
        int status;   /* as in sigingo_t::si_status */
};

struct ExecCommand {
        char *path;
        char **argv;
        ExecStatus exec_status;
        LIST_FIELDS(ExecCommand, command); /* useful for chaining commands */
        bool ignore;
};

struct ExecRuntime {
        int n_ref;

        char *tmp_dir;
        char *var_tmp_dir;

        int netns_storage_socket[2];
};

struct ExecContext {
        char **environment;
        char **environment_files;

        struct rlimit *rlimit[RLIMIT_NLIMITS];
        char *working_directory, *root_directory;

        mode_t umask;
        int oom_score_adjust;
        int nice;
        int ioprio;
        int cpu_sched_policy;
        int cpu_sched_priority;

        cpu_set_t *cpuset;
        unsigned cpuset_ncpus;

        ExecInput std_input;
        ExecOutput std_output;
        ExecOutput std_error;

        nsec_t timer_slack_nsec;

        char *tcpwrap_name;

        char *tty_path;

        bool tty_reset;
        bool tty_vhangup;
        bool tty_vt_disallocate;

        bool ignore_sigpipe;

        /* Since resolving these names might might involve socket
         * connections and we don't want to deadlock ourselves these
         * names are resolved on execution only and in the child
         * process. */
        char *user;
        char *group;
        char **supplementary_groups;

        char *pam_name;

        char *utmp_id;

        bool selinux_context_ignore;
        char *selinux_context;

        char **read_write_dirs, **read_only_dirs, **inaccessible_dirs;
        unsigned long mount_flags;

        uint64_t capability_bounding_set_drop;

        cap_t capabilities;
        int secure_bits;

        int syslog_priority;
        char *syslog_identifier;
        bool syslog_level_prefix;

        bool cpu_sched_reset_on_fork;
        bool non_blocking;
        bool private_tmp;
        bool private_network;
        bool private_devices;

        bool no_new_privileges;

        /* This is not exposed to the user but available
         * internally. We need it to make sure that whenever we spawn
         * /bin/mount it is run in the same process group as us so
         * that the autofs logic detects that it belongs to us and we
         * don't enter a trigger loop. */
        bool same_pgrp;

        unsigned long personality;

        Set *syscall_filter;
        Set *syscall_archs;
        int syscall_errno;
        bool syscall_whitelist:1;

        bool oom_score_adjust_set:1;
        bool nice_set:1;
        bool ioprio_set:1;
        bool cpu_sched_set:1;
};

#include "cgroup.h"

int exec_spawn(ExecCommand *command,
               char **argv,
               ExecContext *context,
               int fds[], unsigned n_fds,
               char **environment,
               bool apply_permissions,
               bool apply_chroot,
               bool apply_tty_stdin,
               bool confirm_spawn,
               CGroupControllerMask cgroup_mask,
               const char *cgroup_path,
               const char *unit_id,
               usec_t watchdog_usec,
               int pipe_fd[2],
               ExecRuntime *runtime,
               pid_t *ret);

void exec_command_done(ExecCommand *c);
void exec_command_done_array(ExecCommand *c, unsigned n);

void exec_command_free_list(ExecCommand *c);
void exec_command_free_array(ExecCommand **c, unsigned n);

char *exec_command_line(char **argv);

void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix);
void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix);
void exec_command_append_list(ExecCommand **l, ExecCommand *e);
int exec_command_set(ExecCommand *c, const char *path, ...);

void exec_context_init(ExecContext *c);
void exec_context_done(ExecContext *c);
void exec_context_dump(ExecContext *c, FILE* f, const char *prefix);

int exec_context_load_environment(const ExecContext *c, char ***l);

bool exec_context_may_touch_console(ExecContext *c);

void exec_status_start(ExecStatus *s, pid_t pid);
void exec_status_exit(ExecStatus *s, ExecContext *context, pid_t pid, int code, int status);
void exec_status_dump(ExecStatus *s, FILE *f, const char *prefix);

int exec_runtime_make(ExecRuntime **rt, ExecContext *c, const char *id);
ExecRuntime *exec_runtime_ref(ExecRuntime *r);
ExecRuntime *exec_runtime_unref(ExecRuntime *r);

int exec_runtime_serialize(ExecRuntime *rt, Unit *u, FILE *f, FDSet *fds);
int exec_runtime_deserialize_item(ExecRuntime **rt, Unit *u, const char *key, const char *value, FDSet *fds);

void exec_runtime_destroy(ExecRuntime *rt);

const char* exec_output_to_string(ExecOutput i) _const_;
ExecOutput exec_output_from_string(const char *s) _pure_;

const char* exec_input_to_string(ExecInput i) _const_;
ExecInput exec_input_from_string(const char *s) _pure_;
Commit	Line	Data
03467c88	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
5cb5a6ff	2
c2f1db8f	3	#pragma once
5cb5a6ff	4
a7334b09 LP	5	/***
	6	This file is part of systemd.
	7
	8	Copyright 2010 Lennart Poettering
	9
	10	systemd is free software; you can redistribute it and/or modify it
5430f7f2 LP	11	under the terms of the GNU Lesser General Public License as published by
5430f7f2 LP	12	the Free Software Foundation; either version 2.1 of the License, or
a7334b09 LP	13	(at your option) any later version.
	14
	15	systemd is distributed in the hope that it will be useful, but
	16	WITHOUT ANY WARRANTY; without even the implied warranty of
	17	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2	18	Lesser General Public License for more details.
a7334b09	19
5430f7f2	20	You should have received a copy of the GNU Lesser General Public License
a7334b09 LP	21	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	22	***/
	23
5cb5a6ff LP	24	typedef struct ExecStatus ExecStatus;
	25	typedef struct ExecCommand ExecCommand;
	26	typedef struct ExecContext ExecContext;
613b411c	27	typedef struct ExecRuntime ExecRuntime;
5cb5a6ff	28
dacdf153	29	#include <linux/types.h>
5cb5a6ff LP	30	#include <sys/time.h>
	31	#include <sys/resource.h>
	32	#include <sys/capability.h>
	33	#include <stdbool.h>
	34	#include <stdio.h>
94f04347	35	#include <sched.h>
c0467cf3 RC	36	#ifdef HAVE_SECCOMP
	37	#include <seccomp.h>
	38
	39	#include "set.h"
	40	#endif
5cb5a6ff LP	41
5cb5a6ff LP	42	#include "list.h"
034c6ed7	43	#include "util.h"
613b411c	44	#include "fdset.h"
5cb5a6ff	45
80876c20 LP	46	typedef enum ExecInput {
	47	EXEC_INPUT_NULL,
	48	EXEC_INPUT_TTY,
	49	EXEC_INPUT_TTY_FORCE,
	50	EXEC_INPUT_TTY_FAIL,
4f2d528d	51	EXEC_INPUT_SOCKET,
80876c20 LP	52	_EXEC_INPUT_MAX,
	53	_EXEC_INPUT_INVALID = -1
	54	} ExecInput;
	55
071830ff	56	typedef enum ExecOutput {
80876c20	57	EXEC_OUTPUT_INHERIT,
94f04347	58	EXEC_OUTPUT_NULL,
80876c20	59	EXEC_OUTPUT_TTY,
94f04347	60	EXEC_OUTPUT_SYSLOG,
28dbc1e8	61	EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
9a6bca7a	62	EXEC_OUTPUT_KMSG,
28dbc1e8	63	EXEC_OUTPUT_KMSG_AND_CONSOLE,
706343f4 LP	64	EXEC_OUTPUT_JOURNAL,
706343f4 LP	65	EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
4f2d528d	66	EXEC_OUTPUT_SOCKET,
94f04347 LP	67	_EXEC_OUTPUT_MAX,
94f04347 LP	68	_EXEC_OUTPUT_INVALID = -1
071830ff LP	69	} ExecOutput;
071830ff LP	70
5cb5a6ff	71	struct ExecStatus {
63983207 LP	72	dual_timestamp start_timestamp;
63983207 LP	73	dual_timestamp exit_timestamp;
9d58f1db	74	pid_t pid;
9152c765 LP	75	int code; /* as in siginfo_t::si_code */
9152c765 LP	76	int status; /* as in sigingo_t::si_status */
5cb5a6ff LP	77	};
	78
	79	struct ExecCommand {
	80	char *path;
	81	char **argv;
034c6ed7 LP	82	ExecStatus exec_status;
034c6ed7 LP	83	LIST_FIELDS(ExecCommand, command); /* useful for chaining commands */
7fab9d01	84	bool ignore;
5cb5a6ff LP	85	};
5cb5a6ff LP	86
613b411c LP	87	struct ExecRuntime {
	88	int n_ref;
	89
	90	char *tmp_dir;
	91	char *var_tmp_dir;
	92
	93	int netns_storage_socket[2];
	94	};
	95
5cb5a6ff LP	96	struct ExecContext {
5cb5a6ff LP	97	char **environment;
8c7be95e LP	98	char **environment_files;
8c7be95e LP	99
94f04347	100	struct rlimit *rlimit[RLIMIT_NLIMITS];
9eba9da4	101	char working_directory, root_directory;
9d58f1db LP	102
9d58f1db LP	103	mode_t umask;
dd6c17b1	104	int oom_score_adjust;
5cb5a6ff	105	int nice;
9eba9da4	106	int ioprio;
94f04347 LP	107	int cpu_sched_policy;
94f04347 LP	108	int cpu_sched_priority;
9d58f1db	109
82c121a4 LP	110	cpu_set_t *cpuset;
82c121a4 LP	111	unsigned cpuset_ncpus;
fb33a393	112
80876c20 LP	113	ExecInput std_input;
	114	ExecOutput std_output;
	115	ExecOutput std_error;
	116
d88a251b	117	nsec_t timer_slack_nsec;
071830ff	118
df1f0afe LP	119	char *tcpwrap_name;
df1f0afe LP	120
9d58f1db	121	char *tty_path;
5cb5a6ff	122
6ea832a2 LP	123	bool tty_reset;
	124	bool tty_vhangup;
	125	bool tty_vt_disallocate;
	126
353e12c2 LP	127	bool ignore_sigpipe;
353e12c2 LP	128
94f04347	129	/* Since resolving these names might might involve socket
5cb5a6ff	130	* connections and we don't want to deadlock ourselves these
94f04347 LP	131	* names are resolved on execution only and in the child
94f04347 LP	132	* process. */
5cb5a6ff LP	133	char *user;
	134	char *group;
	135	char **supplementary_groups;
9d58f1db	136
5b6319dc LP	137	char *pam_name;
5b6319dc LP	138
169c1bda LP	139	char *utmp_id;
169c1bda LP	140
5f8640fb	141	bool selinux_context_ignore;
7b52a628 MS	142	char *selinux_context;
7b52a628 MS	143
15ae422b LP	144	char read_write_dirs, read_only_dirs, **inaccessible_dirs;
	145	unsigned long mount_flags;
	146
9d58f1db LP	147	uint64_t capability_bounding_set_drop;
	148
	149	cap_t capabilities;
	150	int secure_bits;
	151
7fab9d01 LP	152	int syslog_priority;
	153	char *syslog_identifier;
	154	bool syslog_level_prefix;
	155
9d58f1db LP	156	bool cpu_sched_reset_on_fork;
9d58f1db LP	157	bool non_blocking;
15ae422b	158	bool private_tmp;
ff01d048	159	bool private_network;
7f112f50	160	bool private_devices;
9d58f1db	161
8351ceae LP	162	bool no_new_privileges;
8351ceae LP	163
9d58f1db LP	164	/* This is not exposed to the user but available
	165	* internally. We need it to make sure that whenever we spawn
	166	* /bin/mount it is run in the same process group as us so
	167	* that the autofs logic detects that it belongs to us and we
	168	* don't enter a trigger loop. */
74922904	169	bool same_pgrp;
2e22afe9	170
ac45f971 LP	171	unsigned long personality;
ac45f971 LP	172
17df7223	173	Set *syscall_filter;
57183d11	174	Set *syscall_archs;
17df7223 LP	175	int syscall_errno;
17df7223 LP	176	bool syscall_whitelist:1;
8351ceae	177
dd6c17b1	178	bool oom_score_adjust_set:1;
7fab9d01 LP	179	bool nice_set:1;
	180	bool ioprio_set:1;
	181	bool cpu_sched_set:1;
5cb5a6ff LP	182	};
5cb5a6ff LP	183
4ad49000 LP	184	#include "cgroup.h"
4ad49000 LP	185
9fb86720	186	int exec_spawn(ExecCommand *command,
9e2f7c11	187	char **argv,
c17ec25e	188	ExecContext *context,
c2748801	189	int fds[], unsigned n_fds,
1137a57c	190	char **environment,
81a2b7ce LP	191	bool apply_permissions,
81a2b7ce LP	192	bool apply_chroot,
1e3ad081	193	bool apply_tty_stdin,
80876c20	194	bool confirm_spawn,
4ad49000 LP	195	CGroupControllerMask cgroup_mask,
4ad49000 LP	196	const char *cgroup_path,
62bca2c6	197	const char *unit_id,
09812eb7	198	usec_t watchdog_usec,
f2b68789	199	int pipe_fd[2],
613b411c	200	ExecRuntime *runtime,
81a2b7ce	201	pid_t *ret);
5cb5a6ff	202
43d0fcbd LP	203	void exec_command_done(ExecCommand *c);
	204	void exec_command_done_array(ExecCommand *c, unsigned n);
	205
5cb5a6ff	206	void exec_command_free_list(ExecCommand *c);
034c6ed7	207	void exec_command_free_array(ExecCommand **c, unsigned n);
5cb5a6ff	208
9e2f7c11 LP	209	char exec_command_line(char *argv);
9e2f7c11 LP	210
44d8db9e LP	211	void exec_command_dump(ExecCommand c, FILE f, const char *prefix);
44d8db9e LP	212	void exec_command_dump_list(ExecCommand c, FILE f, const char *prefix);
a6a80b4f	213	void exec_command_append_list(ExecCommand *l, ExecCommand e);
26fd040d	214	int exec_command_set(ExecCommand c, const char path, ...);
44d8db9e	215
034c6ed7	216	void exec_context_init(ExecContext *c);
613b411c	217	void exec_context_done(ExecContext *c);
5cb5a6ff LP	218	void exec_context_dump(ExecContext c, FILE f, const char *prefix);
5cb5a6ff LP	219
8c7be95e LP	220	int exec_context_load_environment(const ExecContext c, char **l);
8c7be95e LP	221
6ac8fdc9 MS	222	bool exec_context_may_touch_console(ExecContext *c);
6ac8fdc9 MS	223
b58b4116	224	void exec_status_start(ExecStatus *s, pid_t pid);
6ea832a2	225	void exec_status_exit(ExecStatus s, ExecContext context, pid_t pid, int code, int status);
9fb86720	226	void exec_status_dump(ExecStatus s, FILE f, const char *prefix);
5cb5a6ff	227
613b411c LP	228	int exec_runtime_make(ExecRuntime *rt, ExecContext c, const char *id);
	229	ExecRuntime exec_runtime_ref(ExecRuntime r);
	230	ExecRuntime exec_runtime_unref(ExecRuntime r);
	231
	232	int exec_runtime_serialize(ExecRuntime rt, Unit u, FILE f, FDSet fds);
	233	int exec_runtime_deserialize_item(ExecRuntime *rt, Unit u, const char key, const char value, FDSet *fds);
	234
	235	void exec_runtime_destroy(ExecRuntime *rt);
	236
44a6b1b6 ZJS	237	const char* exec_output_to_string(ExecOutput i) _const_;
44a6b1b6 ZJS	238	ExecOutput exec_output_from_string(const char *s) _pure_;
94f04347	239
44a6b1b6 ZJS	240	const char* exec_input_to_string(ExecInput i) _const_;
44a6b1b6 ZJS	241	ExecInput exec_input_from_string(const char *s) _pure_;