]>
Commit | Line | Data |
---|---|---|
03467c88 | 1 | /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ |
5cb5a6ff | 2 | |
c2f1db8f | 3 | #pragma once |
5cb5a6ff | 4 | |
a7334b09 LP |
5 | /*** |
6 | This file is part of systemd. | |
7 | ||
8 | Copyright 2010 Lennart Poettering | |
9 | ||
10 | systemd is free software; you can redistribute it and/or modify it | |
5430f7f2 LP |
11 | under the terms of the GNU Lesser General Public License as published by |
12 | the Free Software Foundation; either version 2.1 of the License, or | |
a7334b09 LP |
13 | (at your option) any later version. |
14 | ||
15 | systemd is distributed in the hope that it will be useful, but | |
16 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
5430f7f2 | 18 | Lesser General Public License for more details. |
a7334b09 | 19 | |
5430f7f2 | 20 | You should have received a copy of the GNU Lesser General Public License |
a7334b09 LP |
21 | along with systemd; If not, see <http://www.gnu.org/licenses/>. |
22 | ***/ | |
23 | ||
5cb5a6ff LP |
24 | typedef struct ExecStatus ExecStatus; |
25 | typedef struct ExecCommand ExecCommand; | |
26 | typedef struct ExecContext ExecContext; | |
613b411c | 27 | typedef struct ExecRuntime ExecRuntime; |
5cb5a6ff | 28 | |
dacdf153 | 29 | #include <linux/types.h> |
5cb5a6ff LP |
30 | #include <sys/time.h> |
31 | #include <sys/resource.h> | |
32 | #include <sys/capability.h> | |
33 | #include <stdbool.h> | |
34 | #include <stdio.h> | |
94f04347 | 35 | #include <sched.h> |
5cb5a6ff LP |
36 | |
37 | #include "list.h" | |
034c6ed7 | 38 | #include "util.h" |
b64a3d86 | 39 | #include "set.h" |
613b411c | 40 | #include "fdset.h" |
5cb5a6ff | 41 | |
80876c20 LP |
42 | typedef enum ExecInput { |
43 | EXEC_INPUT_NULL, | |
44 | EXEC_INPUT_TTY, | |
45 | EXEC_INPUT_TTY_FORCE, | |
46 | EXEC_INPUT_TTY_FAIL, | |
4f2d528d | 47 | EXEC_INPUT_SOCKET, |
80876c20 LP |
48 | _EXEC_INPUT_MAX, |
49 | _EXEC_INPUT_INVALID = -1 | |
50 | } ExecInput; | |
51 | ||
071830ff | 52 | typedef enum ExecOutput { |
80876c20 | 53 | EXEC_OUTPUT_INHERIT, |
94f04347 | 54 | EXEC_OUTPUT_NULL, |
80876c20 | 55 | EXEC_OUTPUT_TTY, |
94f04347 | 56 | EXEC_OUTPUT_SYSLOG, |
28dbc1e8 | 57 | EXEC_OUTPUT_SYSLOG_AND_CONSOLE, |
9a6bca7a | 58 | EXEC_OUTPUT_KMSG, |
28dbc1e8 | 59 | EXEC_OUTPUT_KMSG_AND_CONSOLE, |
706343f4 LP |
60 | EXEC_OUTPUT_JOURNAL, |
61 | EXEC_OUTPUT_JOURNAL_AND_CONSOLE, | |
4f2d528d | 62 | EXEC_OUTPUT_SOCKET, |
94f04347 LP |
63 | _EXEC_OUTPUT_MAX, |
64 | _EXEC_OUTPUT_INVALID = -1 | |
071830ff LP |
65 | } ExecOutput; |
66 | ||
5cb5a6ff | 67 | struct ExecStatus { |
63983207 LP |
68 | dual_timestamp start_timestamp; |
69 | dual_timestamp exit_timestamp; | |
9d58f1db | 70 | pid_t pid; |
9152c765 LP |
71 | int code; /* as in siginfo_t::si_code */ |
72 | int status; /* as in sigingo_t::si_status */ | |
5cb5a6ff LP |
73 | }; |
74 | ||
75 | struct ExecCommand { | |
76 | char *path; | |
77 | char **argv; | |
034c6ed7 LP |
78 | ExecStatus exec_status; |
79 | LIST_FIELDS(ExecCommand, command); /* useful for chaining commands */ | |
7fab9d01 | 80 | bool ignore; |
5cb5a6ff LP |
81 | }; |
82 | ||
613b411c LP |
83 | struct ExecRuntime { |
84 | int n_ref; | |
85 | ||
86 | char *tmp_dir; | |
87 | char *var_tmp_dir; | |
88 | ||
89 | int netns_storage_socket[2]; | |
90 | }; | |
91 | ||
5cb5a6ff LP |
92 | struct ExecContext { |
93 | char **environment; | |
8c7be95e LP |
94 | char **environment_files; |
95 | ||
94f04347 | 96 | struct rlimit *rlimit[RLIMIT_NLIMITS]; |
9eba9da4 | 97 | char *working_directory, *root_directory; |
9d58f1db LP |
98 | |
99 | mode_t umask; | |
dd6c17b1 | 100 | int oom_score_adjust; |
5cb5a6ff | 101 | int nice; |
9eba9da4 | 102 | int ioprio; |
94f04347 LP |
103 | int cpu_sched_policy; |
104 | int cpu_sched_priority; | |
9d58f1db | 105 | |
82c121a4 LP |
106 | cpu_set_t *cpuset; |
107 | unsigned cpuset_ncpus; | |
fb33a393 | 108 | |
80876c20 LP |
109 | ExecInput std_input; |
110 | ExecOutput std_output; | |
111 | ExecOutput std_error; | |
112 | ||
d88a251b | 113 | nsec_t timer_slack_nsec; |
071830ff | 114 | |
df1f0afe LP |
115 | char *tcpwrap_name; |
116 | ||
9d58f1db | 117 | char *tty_path; |
5cb5a6ff | 118 | |
6ea832a2 LP |
119 | bool tty_reset; |
120 | bool tty_vhangup; | |
121 | bool tty_vt_disallocate; | |
122 | ||
353e12c2 LP |
123 | bool ignore_sigpipe; |
124 | ||
94f04347 | 125 | /* Since resolving these names might might involve socket |
5cb5a6ff | 126 | * connections and we don't want to deadlock ourselves these |
94f04347 LP |
127 | * names are resolved on execution only and in the child |
128 | * process. */ | |
5cb5a6ff LP |
129 | char *user; |
130 | char *group; | |
131 | char **supplementary_groups; | |
9d58f1db | 132 | |
5b6319dc LP |
133 | char *pam_name; |
134 | ||
169c1bda LP |
135 | char *utmp_id; |
136 | ||
5f8640fb | 137 | bool selinux_context_ignore; |
7b52a628 MS |
138 | char *selinux_context; |
139 | ||
eef65bf3 MS |
140 | bool apparmor_profile_ignore; |
141 | char *apparmor_profile; | |
142 | ||
15ae422b LP |
143 | char **read_write_dirs, **read_only_dirs, **inaccessible_dirs; |
144 | unsigned long mount_flags; | |
145 | ||
9d58f1db LP |
146 | uint64_t capability_bounding_set_drop; |
147 | ||
148 | cap_t capabilities; | |
149 | int secure_bits; | |
150 | ||
7fab9d01 LP |
151 | int syslog_priority; |
152 | char *syslog_identifier; | |
153 | bool syslog_level_prefix; | |
154 | ||
9d58f1db LP |
155 | bool cpu_sched_reset_on_fork; |
156 | bool non_blocking; | |
15ae422b | 157 | bool private_tmp; |
ff01d048 | 158 | bool private_network; |
7f112f50 | 159 | bool private_devices; |
9d58f1db | 160 | |
8351ceae LP |
161 | bool no_new_privileges; |
162 | ||
9d58f1db LP |
163 | /* This is not exposed to the user but available |
164 | * internally. We need it to make sure that whenever we spawn | |
165 | * /bin/mount it is run in the same process group as us so | |
166 | * that the autofs logic detects that it belongs to us and we | |
167 | * don't enter a trigger loop. */ | |
74922904 | 168 | bool same_pgrp; |
2e22afe9 | 169 | |
ac45f971 LP |
170 | unsigned long personality; |
171 | ||
17df7223 | 172 | Set *syscall_filter; |
57183d11 | 173 | Set *syscall_archs; |
17df7223 LP |
174 | int syscall_errno; |
175 | bool syscall_whitelist:1; | |
8351ceae | 176 | |
4298d0b5 LP |
177 | Set *address_families; |
178 | bool address_families_whitelist:1; | |
179 | ||
e66cf1a3 LP |
180 | char **runtime_directory; |
181 | mode_t runtime_directory_mode; | |
182 | ||
dd6c17b1 | 183 | bool oom_score_adjust_set:1; |
7fab9d01 LP |
184 | bool nice_set:1; |
185 | bool ioprio_set:1; | |
186 | bool cpu_sched_set:1; | |
5cb5a6ff LP |
187 | }; |
188 | ||
4ad49000 LP |
189 | #include "cgroup.h" |
190 | ||
9fb86720 | 191 | int exec_spawn(ExecCommand *command, |
9e2f7c11 | 192 | char **argv, |
c17ec25e | 193 | ExecContext *context, |
c2748801 | 194 | int fds[], unsigned n_fds, |
1137a57c | 195 | char **environment, |
81a2b7ce LP |
196 | bool apply_permissions, |
197 | bool apply_chroot, | |
1e3ad081 | 198 | bool apply_tty_stdin, |
80876c20 | 199 | bool confirm_spawn, |
4ad49000 LP |
200 | CGroupControllerMask cgroup_mask, |
201 | const char *cgroup_path, | |
e66cf1a3 | 202 | const char *runtime_prefix, |
62bca2c6 | 203 | const char *unit_id, |
09812eb7 | 204 | usec_t watchdog_usec, |
f2b68789 | 205 | int pipe_fd[2], |
613b411c | 206 | ExecRuntime *runtime, |
81a2b7ce | 207 | pid_t *ret); |
5cb5a6ff | 208 | |
43d0fcbd LP |
209 | void exec_command_done(ExecCommand *c); |
210 | void exec_command_done_array(ExecCommand *c, unsigned n); | |
211 | ||
5cb5a6ff | 212 | void exec_command_free_list(ExecCommand *c); |
034c6ed7 | 213 | void exec_command_free_array(ExecCommand **c, unsigned n); |
5cb5a6ff | 214 | |
9e2f7c11 LP |
215 | char *exec_command_line(char **argv); |
216 | ||
44d8db9e LP |
217 | void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix); |
218 | void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix); | |
a6a80b4f | 219 | void exec_command_append_list(ExecCommand **l, ExecCommand *e); |
26fd040d | 220 | int exec_command_set(ExecCommand *c, const char *path, ...); |
44d8db9e | 221 | |
034c6ed7 | 222 | void exec_context_init(ExecContext *c); |
613b411c | 223 | void exec_context_done(ExecContext *c); |
5cb5a6ff LP |
224 | void exec_context_dump(ExecContext *c, FILE* f, const char *prefix); |
225 | ||
e66cf1a3 LP |
226 | int exec_context_destroy_runtime_directory(ExecContext *c, const char *runtime_root); |
227 | ||
8c7be95e LP |
228 | int exec_context_load_environment(const ExecContext *c, char ***l); |
229 | ||
6ac8fdc9 MS |
230 | bool exec_context_may_touch_console(ExecContext *c); |
231 | ||
b58b4116 | 232 | void exec_status_start(ExecStatus *s, pid_t pid); |
6ea832a2 | 233 | void exec_status_exit(ExecStatus *s, ExecContext *context, pid_t pid, int code, int status); |
9fb86720 | 234 | void exec_status_dump(ExecStatus *s, FILE *f, const char *prefix); |
5cb5a6ff | 235 | |
613b411c LP |
236 | int exec_runtime_make(ExecRuntime **rt, ExecContext *c, const char *id); |
237 | ExecRuntime *exec_runtime_ref(ExecRuntime *r); | |
238 | ExecRuntime *exec_runtime_unref(ExecRuntime *r); | |
239 | ||
240 | int exec_runtime_serialize(ExecRuntime *rt, Unit *u, FILE *f, FDSet *fds); | |
241 | int exec_runtime_deserialize_item(ExecRuntime **rt, Unit *u, const char *key, const char *value, FDSet *fds); | |
242 | ||
243 | void exec_runtime_destroy(ExecRuntime *rt); | |
244 | ||
44a6b1b6 ZJS |
245 | const char* exec_output_to_string(ExecOutput i) _const_; |
246 | ExecOutput exec_output_from_string(const char *s) _pure_; | |
94f04347 | 247 | |
44a6b1b6 ZJS |
248 | const char* exec_input_to_string(ExecInput i) _const_; |
249 | ExecInput exec_input_from_string(const char *s) _pure_; |