[thirdparty/systemd.git] / src / core / execute.h

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

#pragma once

/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

typedef struct ExecStatus ExecStatus;
typedef struct ExecCommand ExecCommand;
typedef struct ExecContext ExecContext;
typedef struct ExecRuntime ExecRuntime;
typedef struct ExecParameters ExecParameters;

#include <linux/types.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/capability.h>
#include <stdbool.h>
#include <stdio.h>
#include <sched.h>

#include "list.h"
#include "util.h"
#include "set.h"
#include "fdset.h"
#include "missing.h"
#include "namespace.h"
#include "bus-endpoint.h"

typedef enum ExecInput {
        EXEC_INPUT_NULL,
        EXEC_INPUT_TTY,
        EXEC_INPUT_TTY_FORCE,
        EXEC_INPUT_TTY_FAIL,
        EXEC_INPUT_SOCKET,
        _EXEC_INPUT_MAX,
        _EXEC_INPUT_INVALID = -1
} ExecInput;

typedef enum ExecOutput {
        EXEC_OUTPUT_INHERIT,
        EXEC_OUTPUT_NULL,
        EXEC_OUTPUT_TTY,
        EXEC_OUTPUT_SYSLOG,
        EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
        EXEC_OUTPUT_KMSG,
        EXEC_OUTPUT_KMSG_AND_CONSOLE,
        EXEC_OUTPUT_JOURNAL,
        EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
        EXEC_OUTPUT_SOCKET,
        _EXEC_OUTPUT_MAX,
        _EXEC_OUTPUT_INVALID = -1
} ExecOutput;

struct ExecStatus {
        dual_timestamp start_timestamp;
        dual_timestamp exit_timestamp;
        pid_t pid;
        int code;     /* as in siginfo_t::si_code */
        int status;   /* as in sigingo_t::si_status */
};

struct ExecCommand {
        char *path;
        char **argv;
        ExecStatus exec_status;
        LIST_FIELDS(ExecCommand, command); /* useful for chaining commands */
        bool ignore;
};

struct ExecRuntime {
        int n_ref;

        char *tmp_dir;
        char *var_tmp_dir;

        int netns_storage_socket[2];
};

struct ExecContext {
        char **environment;
        char **environment_files;

        struct rlimit *rlimit[_RLIMIT_MAX];
        char *working_directory, *root_directory;

        mode_t umask;
        int oom_score_adjust;
        int nice;
        int ioprio;
        int cpu_sched_policy;
        int cpu_sched_priority;

        cpu_set_t *cpuset;
        unsigned cpuset_ncpus;

        ExecInput std_input;
        ExecOutput std_output;
        ExecOutput std_error;

        nsec_t timer_slack_nsec;

        char *tty_path;

        bool tty_reset;
        bool tty_vhangup;
        bool tty_vt_disallocate;

        bool ignore_sigpipe;

        /* Since resolving these names might might involve socket
         * connections and we don't want to deadlock ourselves these
         * names are resolved on execution only and in the child
         * process. */
        char *user;
        char *group;
        char **supplementary_groups;

        char *pam_name;

        char *utmp_id;

        bool selinux_context_ignore;
        char *selinux_context;

        bool apparmor_profile_ignore;
        char *apparmor_profile;

        bool smack_process_label_ignore;
        char *smack_process_label;

        char **read_write_dirs, **read_only_dirs, **inaccessible_dirs;
        unsigned long mount_flags;

        uint64_t capability_bounding_set_drop;

        cap_t capabilities;
        int secure_bits;

        int syslog_priority;
        char *syslog_identifier;
        bool syslog_level_prefix;

        bool cpu_sched_reset_on_fork;
        bool non_blocking;
        bool private_tmp;
        bool private_network;
        bool private_devices;
        ProtectSystem protect_system;
        ProtectHome protect_home;

        bool no_new_privileges;

        /* This is not exposed to the user but available
         * internally. We need it to make sure that whenever we spawn
         * /bin/mount it is run in the same process group as us so
         * that the autofs logic detects that it belongs to us and we
         * don't enter a trigger loop. */
        bool same_pgrp;

        unsigned long personality;

        Set *syscall_filter;
        Set *syscall_archs;
        int syscall_errno;
        bool syscall_whitelist:1;

        Set *address_families;
        bool address_families_whitelist:1;

        char **runtime_directory;
        mode_t runtime_directory_mode;

        bool oom_score_adjust_set:1;
        bool nice_set:1;
        bool ioprio_set:1;
        bool cpu_sched_set:1;
        bool no_new_privileges_set:1;

        /* custom dbus enpoint */
        BusEndpoint *bus_endpoint;
};

#include "cgroup.h"

struct ExecParameters {
        char **argv;
        int *fds; unsigned n_fds;
        char **environment;
        bool apply_permissions;
        bool apply_chroot;
        bool apply_tty_stdin;
        bool confirm_spawn;
        bool selinux_context_net;
        CGroupControllerMask cgroup_supported;
        const char *cgroup_path;
        bool cgroup_delegate;
        const char *runtime_prefix;
        const char *unit_id;
        usec_t watchdog_usec;
        int *idle_pipe;
        char *bus_endpoint_path;
        int bus_endpoint_fd;
};

int exec_spawn(ExecCommand *command,
               const ExecContext *context,
               const ExecParameters *exec_params,
               ExecRuntime *runtime,
               pid_t *ret);

void exec_command_done(ExecCommand *c);
void exec_command_done_array(ExecCommand *c, unsigned n);

void exec_command_free_list(ExecCommand *c);
void exec_command_free_array(ExecCommand **c, unsigned n);

char *exec_command_line(char **argv);

void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix);
void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix);
void exec_command_append_list(ExecCommand **l, ExecCommand *e);
int exec_command_set(ExecCommand *c, const char *path, ...);
int exec_command_append(ExecCommand *c, const char *path, ...);

void exec_context_init(ExecContext *c);
void exec_context_done(ExecContext *c);
void exec_context_dump(ExecContext *c, FILE* f, const char *prefix);

int exec_context_destroy_runtime_directory(ExecContext *c, const char *runtime_root);

int exec_context_load_environment(const ExecContext *c, const char *unit_id, char ***l);

bool exec_context_may_touch_console(ExecContext *c);
bool exec_context_maintains_privileges(ExecContext *c);

void exec_status_start(ExecStatus *s, pid_t pid);
void exec_status_exit(ExecStatus *s, ExecContext *context, pid_t pid, int code, int status);
void exec_status_dump(ExecStatus *s, FILE *f, const char *prefix);

int exec_runtime_make(ExecRuntime **rt, ExecContext *c, const char *id);
ExecRuntime *exec_runtime_ref(ExecRuntime *r);
ExecRuntime *exec_runtime_unref(ExecRuntime *r);

int exec_runtime_serialize(ExecRuntime *rt, Unit *u, FILE *f, FDSet *fds);
int exec_runtime_deserialize_item(ExecRuntime **rt, Unit *u, const char *key, const char *value, FDSet *fds);

void exec_runtime_destroy(ExecRuntime *rt);

const char* exec_output_to_string(ExecOutput i) _const_;
ExecOutput exec_output_from_string(const char *s) _pure_;

const char* exec_input_to_string(ExecInput i) _const_;
ExecInput exec_input_from_string(const char *s) _pure_;
Commit	Line	Data
03467c88	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
5cb5a6ff	2
c2f1db8f	3	#pragma once
5cb5a6ff	4
a7334b09 LP	5	/***
	6	This file is part of systemd.
	7
	8	Copyright 2010 Lennart Poettering
	9
	10	systemd is free software; you can redistribute it and/or modify it
5430f7f2 LP	11	under the terms of the GNU Lesser General Public License as published by
5430f7f2 LP	12	the Free Software Foundation; either version 2.1 of the License, or
a7334b09 LP	13	(at your option) any later version.
	14
	15	systemd is distributed in the hope that it will be useful, but
	16	WITHOUT ANY WARRANTY; without even the implied warranty of
	17	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2	18	Lesser General Public License for more details.
a7334b09	19
5430f7f2	20	You should have received a copy of the GNU Lesser General Public License
a7334b09 LP	21	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	22	***/
	23
5cb5a6ff LP	24	typedef struct ExecStatus ExecStatus;
	25	typedef struct ExecCommand ExecCommand;
	26	typedef struct ExecContext ExecContext;
613b411c	27	typedef struct ExecRuntime ExecRuntime;
9fa95f85	28	typedef struct ExecParameters ExecParameters;
5cb5a6ff	29
dacdf153	30	#include <linux/types.h>
5cb5a6ff LP	31	#include <sys/time.h>
	32	#include <sys/resource.h>
	33	#include <sys/capability.h>
	34	#include <stdbool.h>
	35	#include <stdio.h>
94f04347	36	#include <sched.h>
5cb5a6ff LP	37
5cb5a6ff LP	38	#include "list.h"
034c6ed7	39	#include "util.h"
b64a3d86	40	#include "set.h"
613b411c	41	#include "fdset.h"
517d56b1	42	#include "missing.h"
417116f2	43	#include "namespace.h"
bb7dd0b0	44	#include "bus-endpoint.h"
5cb5a6ff	45
80876c20 LP	46	typedef enum ExecInput {
	47	EXEC_INPUT_NULL,
	48	EXEC_INPUT_TTY,
	49	EXEC_INPUT_TTY_FORCE,
	50	EXEC_INPUT_TTY_FAIL,
4f2d528d	51	EXEC_INPUT_SOCKET,
80876c20 LP	52	_EXEC_INPUT_MAX,
	53	_EXEC_INPUT_INVALID = -1
	54	} ExecInput;
	55
071830ff	56	typedef enum ExecOutput {
80876c20	57	EXEC_OUTPUT_INHERIT,
94f04347	58	EXEC_OUTPUT_NULL,
80876c20	59	EXEC_OUTPUT_TTY,
94f04347	60	EXEC_OUTPUT_SYSLOG,
28dbc1e8	61	EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
9a6bca7a	62	EXEC_OUTPUT_KMSG,
28dbc1e8	63	EXEC_OUTPUT_KMSG_AND_CONSOLE,
706343f4 LP	64	EXEC_OUTPUT_JOURNAL,
706343f4 LP	65	EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
4f2d528d	66	EXEC_OUTPUT_SOCKET,
94f04347 LP	67	_EXEC_OUTPUT_MAX,
94f04347 LP	68	_EXEC_OUTPUT_INVALID = -1
071830ff LP	69	} ExecOutput;
071830ff LP	70
5cb5a6ff	71	struct ExecStatus {
63983207 LP	72	dual_timestamp start_timestamp;
63983207 LP	73	dual_timestamp exit_timestamp;
9d58f1db	74	pid_t pid;
9152c765 LP	75	int code; /* as in siginfo_t::si_code */
9152c765 LP	76	int status; /* as in sigingo_t::si_status */
5cb5a6ff LP	77	};
	78
	79	struct ExecCommand {
	80	char *path;
	81	char **argv;
034c6ed7 LP	82	ExecStatus exec_status;
034c6ed7 LP	83	LIST_FIELDS(ExecCommand, command); /* useful for chaining commands */
7fab9d01	84	bool ignore;
5cb5a6ff LP	85	};
5cb5a6ff LP	86
613b411c LP	87	struct ExecRuntime {
	88	int n_ref;
	89
	90	char *tmp_dir;
	91	char *var_tmp_dir;
	92
	93	int netns_storage_socket[2];
	94	};
	95
5cb5a6ff LP	96	struct ExecContext {
5cb5a6ff LP	97	char **environment;
8c7be95e LP	98	char **environment_files;
8c7be95e LP	99
517d56b1	100	struct rlimit *rlimit[_RLIMIT_MAX];
9eba9da4	101	char working_directory, root_directory;
9d58f1db LP	102
9d58f1db LP	103	mode_t umask;
dd6c17b1	104	int oom_score_adjust;
5cb5a6ff	105	int nice;
9eba9da4	106	int ioprio;
94f04347 LP	107	int cpu_sched_policy;
94f04347 LP	108	int cpu_sched_priority;
9d58f1db	109
82c121a4 LP	110	cpu_set_t *cpuset;
82c121a4 LP	111	unsigned cpuset_ncpus;
fb33a393	112
80876c20 LP	113	ExecInput std_input;
	114	ExecOutput std_output;
	115	ExecOutput std_error;
	116
d88a251b	117	nsec_t timer_slack_nsec;
071830ff	118
9d58f1db	119	char *tty_path;
5cb5a6ff	120
6ea832a2 LP	121	bool tty_reset;
	122	bool tty_vhangup;
	123	bool tty_vt_disallocate;
	124
353e12c2 LP	125	bool ignore_sigpipe;
353e12c2 LP	126
94f04347	127	/* Since resolving these names might might involve socket
5cb5a6ff	128	* connections and we don't want to deadlock ourselves these
94f04347 LP	129	* names are resolved on execution only and in the child
94f04347 LP	130	* process. */
5cb5a6ff LP	131	char *user;
	132	char *group;
	133	char **supplementary_groups;
9d58f1db	134
5b6319dc LP	135	char *pam_name;
5b6319dc LP	136
169c1bda LP	137	char *utmp_id;
169c1bda LP	138
5f8640fb	139	bool selinux_context_ignore;
7b52a628 MS	140	char *selinux_context;
7b52a628 MS	141
eef65bf3 MS	142	bool apparmor_profile_ignore;
	143	char *apparmor_profile;
	144
2ca620c4 WC	145	bool smack_process_label_ignore;
	146	char *smack_process_label;
	147
15ae422b LP	148	char read_write_dirs, read_only_dirs, **inaccessible_dirs;
	149	unsigned long mount_flags;
	150
9d58f1db LP	151	uint64_t capability_bounding_set_drop;
	152
	153	cap_t capabilities;
	154	int secure_bits;
	155
7fab9d01 LP	156	int syslog_priority;
	157	char *syslog_identifier;
	158	bool syslog_level_prefix;
	159
9d58f1db LP	160	bool cpu_sched_reset_on_fork;
9d58f1db LP	161	bool non_blocking;
15ae422b	162	bool private_tmp;
ff01d048	163	bool private_network;
7f112f50	164	bool private_devices;
1b8689f9 LP	165	ProtectSystem protect_system;
1b8689f9 LP	166	ProtectHome protect_home;
9d58f1db	167
8351ceae LP	168	bool no_new_privileges;
8351ceae LP	169
9d58f1db LP	170	/* This is not exposed to the user but available
	171	* internally. We need it to make sure that whenever we spawn
	172	* /bin/mount it is run in the same process group as us so
	173	* that the autofs logic detects that it belongs to us and we
	174	* don't enter a trigger loop. */
74922904	175	bool same_pgrp;
2e22afe9	176
ac45f971 LP	177	unsigned long personality;
ac45f971 LP	178
17df7223	179	Set *syscall_filter;
57183d11	180	Set *syscall_archs;
17df7223 LP	181	int syscall_errno;
17df7223 LP	182	bool syscall_whitelist:1;
8351ceae	183
4298d0b5 LP	184	Set *address_families;
	185	bool address_families_whitelist:1;
	186
e66cf1a3 LP	187	char **runtime_directory;
	188	mode_t runtime_directory_mode;
	189
dd6c17b1	190	bool oom_score_adjust_set:1;
7fab9d01 LP	191	bool nice_set:1;
	192	bool ioprio_set:1;
	193	bool cpu_sched_set:1;
760b9d7c	194	bool no_new_privileges_set:1;
bb7dd0b0 DM	195
	196	/* custom dbus enpoint */
	197	BusEndpoint *bus_endpoint;
5cb5a6ff LP	198	};
5cb5a6ff LP	199
4ad49000 LP	200	#include "cgroup.h"
4ad49000 LP	201
9fa95f85 DM	202	struct ExecParameters {
	203	char **argv;
	204	int *fds; unsigned n_fds;
	205	char **environment;
	206	bool apply_permissions;
	207	bool apply_chroot;
	208	bool apply_tty_stdin;
	209	bool confirm_spawn;
16115b0a	210	bool selinux_context_net;
9fa95f85 DM	211	CGroupControllerMask cgroup_supported;
9fa95f85 DM	212	const char *cgroup_path;
a931ad47	213	bool cgroup_delegate;
9fa95f85 DM	214	const char *runtime_prefix;
	215	const char *unit_id;
	216	usec_t watchdog_usec;
	217	int *idle_pipe;
e44da745 DM	218	char *bus_endpoint_path;
e44da745 DM	219	int bus_endpoint_fd;
9fa95f85 DM	220	};
9fa95f85 DM	221
9fb86720	222	int exec_spawn(ExecCommand *command,
9fa95f85 DM	223	const ExecContext *context,
9fa95f85 DM	224	const ExecParameters *exec_params,
613b411c	225	ExecRuntime *runtime,
81a2b7ce	226	pid_t *ret);
5cb5a6ff	227
43d0fcbd LP	228	void exec_command_done(ExecCommand *c);
	229	void exec_command_done_array(ExecCommand *c, unsigned n);
	230
5cb5a6ff	231	void exec_command_free_list(ExecCommand *c);
034c6ed7	232	void exec_command_free_array(ExecCommand **c, unsigned n);
5cb5a6ff	233
9e2f7c11 LP	234	char exec_command_line(char *argv);
9e2f7c11 LP	235
44d8db9e LP	236	void exec_command_dump(ExecCommand c, FILE f, const char *prefix);
44d8db9e LP	237	void exec_command_dump_list(ExecCommand c, FILE f, const char *prefix);
a6a80b4f	238	void exec_command_append_list(ExecCommand *l, ExecCommand e);
26fd040d	239	int exec_command_set(ExecCommand c, const char path, ...);
86b23b07	240	int exec_command_append(ExecCommand c, const char path, ...);
44d8db9e	241
034c6ed7	242	void exec_context_init(ExecContext *c);
613b411c	243	void exec_context_done(ExecContext *c);
5cb5a6ff LP	244	void exec_context_dump(ExecContext c, FILE f, const char *prefix);
5cb5a6ff LP	245
e66cf1a3 LP	246	int exec_context_destroy_runtime_directory(ExecContext c, const char runtime_root);
e66cf1a3 LP	247
7491ccf2	248	int exec_context_load_environment(const ExecContext c, const char unit_id, char ***l);
8c7be95e	249
6ac8fdc9	250	bool exec_context_may_touch_console(ExecContext *c);
a931ad47	251	bool exec_context_maintains_privileges(ExecContext *c);
6ac8fdc9	252
b58b4116	253	void exec_status_start(ExecStatus *s, pid_t pid);
6ea832a2	254	void exec_status_exit(ExecStatus s, ExecContext context, pid_t pid, int code, int status);
9fb86720	255	void exec_status_dump(ExecStatus s, FILE f, const char *prefix);
5cb5a6ff	256
613b411c LP	257	int exec_runtime_make(ExecRuntime *rt, ExecContext c, const char *id);
	258	ExecRuntime exec_runtime_ref(ExecRuntime r);
	259	ExecRuntime exec_runtime_unref(ExecRuntime r);
	260
	261	int exec_runtime_serialize(ExecRuntime rt, Unit u, FILE f, FDSet fds);
	262	int exec_runtime_deserialize_item(ExecRuntime *rt, Unit u, const char key, const char value, FDSet *fds);
	263
	264	void exec_runtime_destroy(ExecRuntime *rt);
	265
44a6b1b6 ZJS	266	const char* exec_output_to_string(ExecOutput i) _const_;
44a6b1b6 ZJS	267	ExecOutput exec_output_from_string(const char *s) _pure_;
94f04347	268
44a6b1b6 ZJS	269	const char* exec_input_to_string(ExecInput i) _const_;
44a6b1b6 ZJS	270	ExecInput exec_input_from_string(const char *s) _pure_;