2 This file is part of systemd.
4 Copyright 2010 Lennart Poettering
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 #include <sys/prctl.h>
27 #include "alloc-util.h"
30 #include "capability-util.h"
31 #include "dbus-execute.h"
33 #include "errno-list.h"
39 #include "journal-util.h"
41 #include "mount-util.h"
42 #include "namespace.h"
43 #include "parse-util.h"
44 #include "path-util.h"
45 #include "process-util.h"
46 #include "rlimit-util.h"
48 #include "seccomp-util.h"
50 #include "securebits-util.h"
52 #include "syslog-util.h"
53 #include "unit-printf.h"
54 #include "user-util.h"
57 BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_exec_output
, exec_output
, ExecOutput
);
58 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_input
, exec_input
, ExecInput
);
60 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_utmp_mode
, exec_utmp_mode
, ExecUtmpMode
);
61 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_preserve_mode
, exec_preserve_mode
, ExecPreserveMode
);
62 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_keyring_mode
, exec_keyring_mode
, ExecKeyringMode
);
64 static BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_protect_home
, protect_home
, ProtectHome
);
65 static BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_protect_system
, protect_system
, ProtectSystem
);
67 static int property_get_environment_files(
70 const char *interface
,
72 sd_bus_message
*reply
,
74 sd_bus_error
*error
) {
76 ExecContext
*c
= userdata
;
84 r
= sd_bus_message_open_container(reply
, 'a', "(sb)");
88 STRV_FOREACH(j
, c
->environment_files
) {
91 r
= sd_bus_message_append(reply
, "(sb)", fn
[0] == '-' ? fn
+ 1 : fn
, fn
[0] == '-');
96 return sd_bus_message_close_container(reply
);
99 static int property_get_oom_score_adjust(
102 const char *interface
,
103 const char *property
,
104 sd_bus_message
*reply
,
106 sd_bus_error
*error
) {
109 ExecContext
*c
= userdata
;
116 if (c
->oom_score_adjust_set
)
117 n
= c
->oom_score_adjust
;
119 _cleanup_free_
char *t
= NULL
;
122 if (read_one_line_file("/proc/self/oom_score_adj", &t
) >= 0)
126 return sd_bus_message_append(reply
, "i", n
);
129 static int property_get_nice(
132 const char *interface
,
133 const char *property
,
134 sd_bus_message
*reply
,
136 sd_bus_error
*error
) {
139 ExecContext
*c
= userdata
;
150 n
= getpriority(PRIO_PROCESS
, 0);
155 return sd_bus_message_append(reply
, "i", n
);
158 static int property_get_ioprio(
161 const char *interface
,
162 const char *property
,
163 sd_bus_message
*reply
,
165 sd_bus_error
*error
) {
168 ExecContext
*c
= userdata
;
174 return sd_bus_message_append(reply
, "i", exec_context_get_effective_ioprio(c
));
177 static int property_get_ioprio_class(
180 const char *interface
,
181 const char *property
,
182 sd_bus_message
*reply
,
184 sd_bus_error
*error
) {
187 ExecContext
*c
= userdata
;
193 return sd_bus_message_append(reply
, "i", IOPRIO_PRIO_CLASS(exec_context_get_effective_ioprio(c
)));
196 static int property_get_ioprio_priority(
199 const char *interface
,
200 const char *property
,
201 sd_bus_message
*reply
,
203 sd_bus_error
*error
) {
206 ExecContext
*c
= userdata
;
212 return sd_bus_message_append(reply
, "i", IOPRIO_PRIO_DATA(exec_context_get_effective_ioprio(c
)));
215 static int property_get_cpu_sched_policy(
218 const char *interface
,
219 const char *property
,
220 sd_bus_message
*reply
,
222 sd_bus_error
*error
) {
224 ExecContext
*c
= userdata
;
231 if (c
->cpu_sched_set
)
232 n
= c
->cpu_sched_policy
;
234 n
= sched_getscheduler(0);
239 return sd_bus_message_append(reply
, "i", n
);
242 static int property_get_cpu_sched_priority(
245 const char *interface
,
246 const char *property
,
247 sd_bus_message
*reply
,
249 sd_bus_error
*error
) {
251 ExecContext
*c
= userdata
;
258 if (c
->cpu_sched_set
)
259 n
= c
->cpu_sched_priority
;
261 struct sched_param p
= {};
263 if (sched_getparam(0, &p
) >= 0)
264 n
= p
.sched_priority
;
269 return sd_bus_message_append(reply
, "i", n
);
272 static int property_get_cpu_affinity(
275 const char *interface
,
276 const char *property
,
277 sd_bus_message
*reply
,
279 sd_bus_error
*error
) {
281 ExecContext
*c
= userdata
;
288 return sd_bus_message_append_array(reply
, 'y', c
->cpuset
, CPU_ALLOC_SIZE(c
->cpuset_ncpus
));
290 return sd_bus_message_append_array(reply
, 'y', NULL
, 0);
293 static int property_get_timer_slack_nsec(
296 const char *interface
,
297 const char *property
,
298 sd_bus_message
*reply
,
300 sd_bus_error
*error
) {
302 ExecContext
*c
= userdata
;
309 if (c
->timer_slack_nsec
!= NSEC_INFINITY
)
310 u
= (uint64_t) c
->timer_slack_nsec
;
312 u
= (uint64_t) prctl(PR_GET_TIMERSLACK
);
314 return sd_bus_message_append(reply
, "t", u
);
317 static int property_get_capability_bounding_set(
320 const char *interface
,
321 const char *property
,
322 sd_bus_message
*reply
,
324 sd_bus_error
*error
) {
326 ExecContext
*c
= userdata
;
332 return sd_bus_message_append(reply
, "t", c
->capability_bounding_set
);
335 static int property_get_ambient_capabilities(
338 const char *interface
,
339 const char *property
,
340 sd_bus_message
*reply
,
342 sd_bus_error
*error
) {
344 ExecContext
*c
= userdata
;
350 return sd_bus_message_append(reply
, "t", c
->capability_ambient_set
);
353 static int property_get_empty_string(
356 const char *interface
,
357 const char *property
,
358 sd_bus_message
*reply
,
360 sd_bus_error
*error
) {
365 return sd_bus_message_append(reply
, "s", "");
368 static int property_get_syscall_filter(
371 const char *interface
,
372 const char *property
,
373 sd_bus_message
*reply
,
375 sd_bus_error
*error
) {
377 ExecContext
*c
= userdata
;
378 _cleanup_strv_free_
char **l
= NULL
;
390 r
= sd_bus_message_open_container(reply
, 'r', "bas");
394 r
= sd_bus_message_append(reply
, "b", c
->syscall_whitelist
);
399 HASHMAP_FOREACH_KEY(val
, id
, c
->syscall_filter
, i
) {
400 _cleanup_free_
char *name
= NULL
;
401 const char *e
= NULL
;
403 int num
= PTR_TO_INT(val
);
405 name
= seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE
, PTR_TO_INT(id
) - 1);
410 e
= errno_to_name(num
);
412 s
= strjoin(name
, ":", e
);
416 r
= asprintf(&s
, "%s:%d", name
, num
);
425 r
= strv_consume(&l
, s
);
433 r
= sd_bus_message_append_strv(reply
, l
);
437 return sd_bus_message_close_container(reply
);
440 static int property_get_syscall_archs(
443 const char *interface
,
444 const char *property
,
445 sd_bus_message
*reply
,
447 sd_bus_error
*error
) {
449 ExecContext
*c
= userdata
;
450 _cleanup_strv_free_
char **l
= NULL
;
463 SET_FOREACH(id
, c
->syscall_archs
, i
) {
466 name
= seccomp_arch_to_string(PTR_TO_UINT32(id
) - 1);
470 r
= strv_extend(&l
, name
);
478 r
= sd_bus_message_append_strv(reply
, l
);
485 static int property_get_syscall_errno(
488 const char *interface
,
489 const char *property
,
490 sd_bus_message
*reply
,
492 sd_bus_error
*error
) {
494 ExecContext
*c
= userdata
;
500 return sd_bus_message_append(reply
, "i", (int32_t) c
->syscall_errno
);
503 static int property_get_selinux_context(
506 const char *interface
,
507 const char *property
,
508 sd_bus_message
*reply
,
510 sd_bus_error
*error
) {
512 ExecContext
*c
= userdata
;
518 return sd_bus_message_append(reply
, "(bs)", c
->selinux_context_ignore
, c
->selinux_context
);
521 static int property_get_apparmor_profile(
524 const char *interface
,
525 const char *property
,
526 sd_bus_message
*reply
,
528 sd_bus_error
*error
) {
530 ExecContext
*c
= userdata
;
536 return sd_bus_message_append(reply
, "(bs)", c
->apparmor_profile_ignore
, c
->apparmor_profile
);
539 static int property_get_smack_process_label(
542 const char *interface
,
543 const char *property
,
544 sd_bus_message
*reply
,
546 sd_bus_error
*error
) {
548 ExecContext
*c
= userdata
;
554 return sd_bus_message_append(reply
, "(bs)", c
->smack_process_label_ignore
, c
->smack_process_label
);
557 static int property_get_personality(
560 const char *interface
,
561 const char *property
,
562 sd_bus_message
*reply
,
564 sd_bus_error
*error
) {
566 ExecContext
*c
= userdata
;
572 return sd_bus_message_append(reply
, "s", personality_to_string(c
->personality
));
575 static int property_get_address_families(
578 const char *interface
,
579 const char *property
,
580 sd_bus_message
*reply
,
582 sd_bus_error
*error
) {
584 ExecContext
*c
= userdata
;
585 _cleanup_strv_free_
char **l
= NULL
;
594 r
= sd_bus_message_open_container(reply
, 'r', "bas");
598 r
= sd_bus_message_append(reply
, "b", c
->address_families_whitelist
);
602 SET_FOREACH(af
, c
->address_families
, i
) {
605 name
= af_to_name(PTR_TO_INT(af
));
609 r
= strv_extend(&l
, name
);
616 r
= sd_bus_message_append_strv(reply
, l
);
620 return sd_bus_message_close_container(reply
);
623 static int property_get_working_directory(
626 const char *interface
,
627 const char *property
,
628 sd_bus_message
*reply
,
630 sd_bus_error
*error
) {
632 ExecContext
*c
= userdata
;
639 if (c
->working_directory_home
)
642 wd
= c
->working_directory
;
644 if (c
->working_directory_missing_ok
)
645 wd
= strjoina("!", wd
);
647 return sd_bus_message_append(reply
, "s", wd
);
650 static int property_get_syslog_level(
653 const char *interface
,
654 const char *property
,
655 sd_bus_message
*reply
,
657 sd_bus_error
*error
) {
659 ExecContext
*c
= userdata
;
665 return sd_bus_message_append(reply
, "i", LOG_PRI(c
->syslog_priority
));
668 static int property_get_syslog_facility(
671 const char *interface
,
672 const char *property
,
673 sd_bus_message
*reply
,
675 sd_bus_error
*error
) {
677 ExecContext
*c
= userdata
;
683 return sd_bus_message_append(reply
, "i", LOG_FAC(c
->syslog_priority
));
686 static int property_get_input_fdname(
689 const char *interface
,
690 const char *property
,
691 sd_bus_message
*reply
,
693 sd_bus_error
*error
) {
695 ExecContext
*c
= userdata
;
703 name
= exec_context_fdname(c
, STDIN_FILENO
);
705 return sd_bus_message_append(reply
, "s", name
);
708 static int property_get_output_fdname(
711 const char *interface
,
712 const char *property
,
713 sd_bus_message
*reply
,
715 sd_bus_error
*error
) {
717 ExecContext
*c
= userdata
;
718 const char *name
= NULL
;
725 if (c
->std_output
== EXEC_OUTPUT_NAMED_FD
&& streq(property
, "StandardOutputFileDescriptorName"))
726 name
= exec_context_fdname(c
, STDOUT_FILENO
);
727 else if (c
->std_error
== EXEC_OUTPUT_NAMED_FD
&& streq(property
, "StandardErrorFileDescriptorName"))
728 name
= exec_context_fdname(c
, STDERR_FILENO
);
730 return sd_bus_message_append(reply
, "s", name
);
733 static int property_get_bind_paths(
736 const char *interface
,
737 const char *property
,
738 sd_bus_message
*reply
,
740 sd_bus_error
*error
) {
742 ExecContext
*c
= userdata
;
752 ro
= !!strstr(property
, "ReadOnly");
754 r
= sd_bus_message_open_container(reply
, 'a', "(ssbt)");
758 for (i
= 0; i
< c
->n_bind_mounts
; i
++) {
760 if (ro
!= c
->bind_mounts
[i
].read_only
)
763 r
= sd_bus_message_append(
765 c
->bind_mounts
[i
].source
,
766 c
->bind_mounts
[i
].destination
,
767 c
->bind_mounts
[i
].ignore_enoent
,
768 c
->bind_mounts
[i
].recursive
? (uint64_t) MS_REC
: (uint64_t) 0);
773 return sd_bus_message_close_container(reply
);
776 static int property_get_log_extra_fields(
779 const char *interface
,
780 const char *property
,
781 sd_bus_message
*reply
,
783 sd_bus_error
*error
) {
785 ExecContext
*c
= userdata
;
794 r
= sd_bus_message_open_container(reply
, 'a', "ay");
798 for (i
= 0; i
< c
->n_log_extra_fields
; i
++) {
799 r
= sd_bus_message_append_array(reply
, 'y', c
->log_extra_fields
[i
].iov_base
, c
->log_extra_fields
[i
].iov_len
);
804 return sd_bus_message_close_container(reply
);
807 const sd_bus_vtable bus_exec_vtable
[] = {
808 SD_BUS_VTABLE_START(0),
809 SD_BUS_PROPERTY("Environment", "as", NULL
, offsetof(ExecContext
, environment
), SD_BUS_VTABLE_PROPERTY_CONST
),
810 SD_BUS_PROPERTY("EnvironmentFiles", "a(sb)", property_get_environment_files
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
811 SD_BUS_PROPERTY("PassEnvironment", "as", NULL
, offsetof(ExecContext
, pass_environment
), SD_BUS_VTABLE_PROPERTY_CONST
),
812 SD_BUS_PROPERTY("UnsetEnvironment", "as", NULL
, offsetof(ExecContext
, unset_environment
), SD_BUS_VTABLE_PROPERTY_CONST
),
813 SD_BUS_PROPERTY("UMask", "u", bus_property_get_mode
, offsetof(ExecContext
, umask
), SD_BUS_VTABLE_PROPERTY_CONST
),
814 SD_BUS_PROPERTY("LimitCPU", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_CPU
]), SD_BUS_VTABLE_PROPERTY_CONST
),
815 SD_BUS_PROPERTY("LimitCPUSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_CPU
]), SD_BUS_VTABLE_PROPERTY_CONST
),
816 SD_BUS_PROPERTY("LimitFSIZE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_FSIZE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
817 SD_BUS_PROPERTY("LimitFSIZESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_FSIZE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
818 SD_BUS_PROPERTY("LimitDATA", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_DATA
]), SD_BUS_VTABLE_PROPERTY_CONST
),
819 SD_BUS_PROPERTY("LimitDATASoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_DATA
]), SD_BUS_VTABLE_PROPERTY_CONST
),
820 SD_BUS_PROPERTY("LimitSTACK", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_STACK
]), SD_BUS_VTABLE_PROPERTY_CONST
),
821 SD_BUS_PROPERTY("LimitSTACKSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_STACK
]), SD_BUS_VTABLE_PROPERTY_CONST
),
822 SD_BUS_PROPERTY("LimitCORE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_CORE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
823 SD_BUS_PROPERTY("LimitCORESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_CORE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
824 SD_BUS_PROPERTY("LimitRSS", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RSS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
825 SD_BUS_PROPERTY("LimitRSSSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RSS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
826 SD_BUS_PROPERTY("LimitNOFILE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NOFILE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
827 SD_BUS_PROPERTY("LimitNOFILESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NOFILE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
828 SD_BUS_PROPERTY("LimitAS", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_AS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
829 SD_BUS_PROPERTY("LimitASSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_AS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
830 SD_BUS_PROPERTY("LimitNPROC", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NPROC
]), SD_BUS_VTABLE_PROPERTY_CONST
),
831 SD_BUS_PROPERTY("LimitNPROCSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NPROC
]), SD_BUS_VTABLE_PROPERTY_CONST
),
832 SD_BUS_PROPERTY("LimitMEMLOCK", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_MEMLOCK
]), SD_BUS_VTABLE_PROPERTY_CONST
),
833 SD_BUS_PROPERTY("LimitMEMLOCKSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_MEMLOCK
]), SD_BUS_VTABLE_PROPERTY_CONST
),
834 SD_BUS_PROPERTY("LimitLOCKS", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_LOCKS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
835 SD_BUS_PROPERTY("LimitLOCKSSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_LOCKS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
836 SD_BUS_PROPERTY("LimitSIGPENDING", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_SIGPENDING
]), SD_BUS_VTABLE_PROPERTY_CONST
),
837 SD_BUS_PROPERTY("LimitSIGPENDINGSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_SIGPENDING
]), SD_BUS_VTABLE_PROPERTY_CONST
),
838 SD_BUS_PROPERTY("LimitMSGQUEUE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_MSGQUEUE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
839 SD_BUS_PROPERTY("LimitMSGQUEUESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_MSGQUEUE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
840 SD_BUS_PROPERTY("LimitNICE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NICE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
841 SD_BUS_PROPERTY("LimitNICESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NICE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
842 SD_BUS_PROPERTY("LimitRTPRIO", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RTPRIO
]), SD_BUS_VTABLE_PROPERTY_CONST
),
843 SD_BUS_PROPERTY("LimitRTPRIOSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RTPRIO
]), SD_BUS_VTABLE_PROPERTY_CONST
),
844 SD_BUS_PROPERTY("LimitRTTIME", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RTTIME
]), SD_BUS_VTABLE_PROPERTY_CONST
),
845 SD_BUS_PROPERTY("LimitRTTIMESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RTTIME
]), SD_BUS_VTABLE_PROPERTY_CONST
),
846 SD_BUS_PROPERTY("WorkingDirectory", "s", property_get_working_directory
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
847 SD_BUS_PROPERTY("RootDirectory", "s", NULL
, offsetof(ExecContext
, root_directory
), SD_BUS_VTABLE_PROPERTY_CONST
),
848 SD_BUS_PROPERTY("RootImage", "s", NULL
, offsetof(ExecContext
, root_image
), SD_BUS_VTABLE_PROPERTY_CONST
),
849 SD_BUS_PROPERTY("OOMScoreAdjust", "i", property_get_oom_score_adjust
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
850 SD_BUS_PROPERTY("Nice", "i", property_get_nice
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
851 SD_BUS_PROPERTY("IOSchedulingClass", "i", property_get_ioprio_class
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
852 SD_BUS_PROPERTY("IOSchedulingPriority", "i", property_get_ioprio_priority
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
853 SD_BUS_PROPERTY("CPUSchedulingPolicy", "i", property_get_cpu_sched_policy
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
854 SD_BUS_PROPERTY("CPUSchedulingPriority", "i", property_get_cpu_sched_priority
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
855 SD_BUS_PROPERTY("CPUAffinity", "ay", property_get_cpu_affinity
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
856 SD_BUS_PROPERTY("TimerSlackNSec", "t", property_get_timer_slack_nsec
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
857 SD_BUS_PROPERTY("CPUSchedulingResetOnFork", "b", bus_property_get_bool
, offsetof(ExecContext
, cpu_sched_reset_on_fork
), SD_BUS_VTABLE_PROPERTY_CONST
),
858 SD_BUS_PROPERTY("NonBlocking", "b", bus_property_get_bool
, offsetof(ExecContext
, non_blocking
), SD_BUS_VTABLE_PROPERTY_CONST
),
859 SD_BUS_PROPERTY("StandardInput", "s", property_get_exec_input
, offsetof(ExecContext
, std_input
), SD_BUS_VTABLE_PROPERTY_CONST
),
860 SD_BUS_PROPERTY("StandardInputFileDescriptorName", "s", property_get_input_fdname
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
861 SD_BUS_PROPERTY("StandardOutput", "s", bus_property_get_exec_output
, offsetof(ExecContext
, std_output
), SD_BUS_VTABLE_PROPERTY_CONST
),
862 SD_BUS_PROPERTY("StandardOutputFileDescriptorName", "s", property_get_output_fdname
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
863 SD_BUS_PROPERTY("StandardError", "s", bus_property_get_exec_output
, offsetof(ExecContext
, std_error
), SD_BUS_VTABLE_PROPERTY_CONST
),
864 SD_BUS_PROPERTY("StandardErrorFileDescriptorName", "s", property_get_output_fdname
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
865 SD_BUS_PROPERTY("TTYPath", "s", NULL
, offsetof(ExecContext
, tty_path
), SD_BUS_VTABLE_PROPERTY_CONST
),
866 SD_BUS_PROPERTY("TTYReset", "b", bus_property_get_bool
, offsetof(ExecContext
, tty_reset
), SD_BUS_VTABLE_PROPERTY_CONST
),
867 SD_BUS_PROPERTY("TTYVHangup", "b", bus_property_get_bool
, offsetof(ExecContext
, tty_vhangup
), SD_BUS_VTABLE_PROPERTY_CONST
),
868 SD_BUS_PROPERTY("TTYVTDisallocate", "b", bus_property_get_bool
, offsetof(ExecContext
, tty_vt_disallocate
), SD_BUS_VTABLE_PROPERTY_CONST
),
869 SD_BUS_PROPERTY("SyslogPriority", "i", bus_property_get_int
, offsetof(ExecContext
, syslog_priority
), SD_BUS_VTABLE_PROPERTY_CONST
),
870 SD_BUS_PROPERTY("SyslogIdentifier", "s", NULL
, offsetof(ExecContext
, syslog_identifier
), SD_BUS_VTABLE_PROPERTY_CONST
),
871 SD_BUS_PROPERTY("SyslogLevelPrefix", "b", bus_property_get_bool
, offsetof(ExecContext
, syslog_level_prefix
), SD_BUS_VTABLE_PROPERTY_CONST
),
872 SD_BUS_PROPERTY("SyslogLevel", "i", property_get_syslog_level
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
873 SD_BUS_PROPERTY("SyslogFacility", "i", property_get_syslog_facility
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
874 SD_BUS_PROPERTY("LogLevelMax", "i", bus_property_get_int
, offsetof(ExecContext
, log_level_max
), SD_BUS_VTABLE_PROPERTY_CONST
),
875 SD_BUS_PROPERTY("LogExtraFields", "aay", property_get_log_extra_fields
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
876 SD_BUS_PROPERTY("SecureBits", "i", bus_property_get_int
, offsetof(ExecContext
, secure_bits
), SD_BUS_VTABLE_PROPERTY_CONST
),
877 SD_BUS_PROPERTY("CapabilityBoundingSet", "t", property_get_capability_bounding_set
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
878 SD_BUS_PROPERTY("AmbientCapabilities", "t", property_get_ambient_capabilities
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
879 SD_BUS_PROPERTY("User", "s", NULL
, offsetof(ExecContext
, user
), SD_BUS_VTABLE_PROPERTY_CONST
),
880 SD_BUS_PROPERTY("Group", "s", NULL
, offsetof(ExecContext
, group
), SD_BUS_VTABLE_PROPERTY_CONST
),
881 SD_BUS_PROPERTY("DynamicUser", "b", bus_property_get_bool
, offsetof(ExecContext
, dynamic_user
), SD_BUS_VTABLE_PROPERTY_CONST
),
882 SD_BUS_PROPERTY("RemoveIPC", "b", bus_property_get_bool
, offsetof(ExecContext
, remove_ipc
), SD_BUS_VTABLE_PROPERTY_CONST
),
883 SD_BUS_PROPERTY("SupplementaryGroups", "as", NULL
, offsetof(ExecContext
, supplementary_groups
), SD_BUS_VTABLE_PROPERTY_CONST
),
884 SD_BUS_PROPERTY("PAMName", "s", NULL
, offsetof(ExecContext
, pam_name
), SD_BUS_VTABLE_PROPERTY_CONST
),
885 SD_BUS_PROPERTY("ReadWritePaths", "as", NULL
, offsetof(ExecContext
, read_write_paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
886 SD_BUS_PROPERTY("ReadOnlyPaths", "as", NULL
, offsetof(ExecContext
, read_only_paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
887 SD_BUS_PROPERTY("InaccessiblePaths", "as", NULL
, offsetof(ExecContext
, inaccessible_paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
888 SD_BUS_PROPERTY("MountFlags", "t", bus_property_get_ulong
, offsetof(ExecContext
, mount_flags
), SD_BUS_VTABLE_PROPERTY_CONST
),
889 SD_BUS_PROPERTY("PrivateTmp", "b", bus_property_get_bool
, offsetof(ExecContext
, private_tmp
), SD_BUS_VTABLE_PROPERTY_CONST
),
890 SD_BUS_PROPERTY("PrivateDevices", "b", bus_property_get_bool
, offsetof(ExecContext
, private_devices
), SD_BUS_VTABLE_PROPERTY_CONST
),
891 SD_BUS_PROPERTY("ProtectKernelTunables", "b", bus_property_get_bool
, offsetof(ExecContext
, protect_kernel_tunables
), SD_BUS_VTABLE_PROPERTY_CONST
),
892 SD_BUS_PROPERTY("ProtectKernelModules", "b", bus_property_get_bool
, offsetof(ExecContext
, protect_kernel_modules
), SD_BUS_VTABLE_PROPERTY_CONST
),
893 SD_BUS_PROPERTY("ProtectControlGroups", "b", bus_property_get_bool
, offsetof(ExecContext
, protect_control_groups
), SD_BUS_VTABLE_PROPERTY_CONST
),
894 SD_BUS_PROPERTY("PrivateNetwork", "b", bus_property_get_bool
, offsetof(ExecContext
, private_network
), SD_BUS_VTABLE_PROPERTY_CONST
),
895 SD_BUS_PROPERTY("PrivateUsers", "b", bus_property_get_bool
, offsetof(ExecContext
, private_users
), SD_BUS_VTABLE_PROPERTY_CONST
),
896 SD_BUS_PROPERTY("ProtectHome", "s", bus_property_get_protect_home
, offsetof(ExecContext
, protect_home
), SD_BUS_VTABLE_PROPERTY_CONST
),
897 SD_BUS_PROPERTY("ProtectSystem", "s", bus_property_get_protect_system
, offsetof(ExecContext
, protect_system
), SD_BUS_VTABLE_PROPERTY_CONST
),
898 SD_BUS_PROPERTY("SameProcessGroup", "b", bus_property_get_bool
, offsetof(ExecContext
, same_pgrp
), SD_BUS_VTABLE_PROPERTY_CONST
),
899 SD_BUS_PROPERTY("UtmpIdentifier", "s", NULL
, offsetof(ExecContext
, utmp_id
), SD_BUS_VTABLE_PROPERTY_CONST
),
900 SD_BUS_PROPERTY("UtmpMode", "s", property_get_exec_utmp_mode
, offsetof(ExecContext
, utmp_mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
901 SD_BUS_PROPERTY("SELinuxContext", "(bs)", property_get_selinux_context
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
902 SD_BUS_PROPERTY("AppArmorProfile", "(bs)", property_get_apparmor_profile
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
903 SD_BUS_PROPERTY("SmackProcessLabel", "(bs)", property_get_smack_process_label
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
904 SD_BUS_PROPERTY("IgnoreSIGPIPE", "b", bus_property_get_bool
, offsetof(ExecContext
, ignore_sigpipe
), SD_BUS_VTABLE_PROPERTY_CONST
),
905 SD_BUS_PROPERTY("NoNewPrivileges", "b", bus_property_get_bool
, offsetof(ExecContext
, no_new_privileges
), SD_BUS_VTABLE_PROPERTY_CONST
),
906 SD_BUS_PROPERTY("SystemCallFilter", "(bas)", property_get_syscall_filter
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
907 SD_BUS_PROPERTY("SystemCallArchitectures", "as", property_get_syscall_archs
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
908 SD_BUS_PROPERTY("SystemCallErrorNumber", "i", property_get_syscall_errno
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
909 SD_BUS_PROPERTY("Personality", "s", property_get_personality
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
910 SD_BUS_PROPERTY("LockPersonality", "b", bus_property_get_bool
, offsetof(ExecContext
, lock_personality
), SD_BUS_VTABLE_PROPERTY_CONST
),
911 SD_BUS_PROPERTY("RestrictAddressFamilies", "(bas)", property_get_address_families
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
912 SD_BUS_PROPERTY("RuntimeDirectoryPreserve", "s", property_get_exec_preserve_mode
, offsetof(ExecContext
, runtime_directory_preserve_mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
913 SD_BUS_PROPERTY("RuntimeDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_RUNTIME
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
914 SD_BUS_PROPERTY("RuntimeDirectory", "as", NULL
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_RUNTIME
].paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
915 SD_BUS_PROPERTY("StateDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_STATE
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
916 SD_BUS_PROPERTY("StateDirectory", "as", NULL
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_STATE
].paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
917 SD_BUS_PROPERTY("CacheDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_CACHE
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
918 SD_BUS_PROPERTY("CacheDirectory", "as", NULL
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_CACHE
].paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
919 SD_BUS_PROPERTY("LogsDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_LOGS
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
920 SD_BUS_PROPERTY("LogsDirectory", "as", NULL
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_LOGS
].paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
921 SD_BUS_PROPERTY("ConfigurationDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_CONFIGURATION
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
922 SD_BUS_PROPERTY("ConfigurationDirectory", "as", NULL
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_CONFIGURATION
].paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
923 SD_BUS_PROPERTY("MemoryDenyWriteExecute", "b", bus_property_get_bool
, offsetof(ExecContext
, memory_deny_write_execute
), SD_BUS_VTABLE_PROPERTY_CONST
),
924 SD_BUS_PROPERTY("RestrictRealtime", "b", bus_property_get_bool
, offsetof(ExecContext
, restrict_realtime
), SD_BUS_VTABLE_PROPERTY_CONST
),
925 SD_BUS_PROPERTY("RestrictNamespaces", "t", bus_property_get_ulong
, offsetof(ExecContext
, restrict_namespaces
), SD_BUS_VTABLE_PROPERTY_CONST
),
926 SD_BUS_PROPERTY("BindPaths", "a(ssbt)", property_get_bind_paths
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
927 SD_BUS_PROPERTY("BindReadOnlyPaths", "a(ssbt)", property_get_bind_paths
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
928 SD_BUS_PROPERTY("MountAPIVFS", "b", bus_property_get_bool
, offsetof(ExecContext
, mount_apivfs
), SD_BUS_VTABLE_PROPERTY_CONST
),
929 SD_BUS_PROPERTY("KeyringMode", "s", property_get_exec_keyring_mode
, offsetof(ExecContext
, keyring_mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
931 /* Obsolete/redundant properties: */
932 SD_BUS_PROPERTY("Capabilities", "s", property_get_empty_string
, 0, SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
933 SD_BUS_PROPERTY("ReadWriteDirectories", "as", NULL
, offsetof(ExecContext
, read_write_paths
), SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
934 SD_BUS_PROPERTY("ReadOnlyDirectories", "as", NULL
, offsetof(ExecContext
, read_only_paths
), SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
935 SD_BUS_PROPERTY("InaccessibleDirectories", "as", NULL
, offsetof(ExecContext
, inaccessible_paths
), SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
936 SD_BUS_PROPERTY("IOScheduling", "i", property_get_ioprio
, 0, SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
941 static int append_exec_command(sd_bus_message
*reply
, ExecCommand
*c
) {
950 r
= sd_bus_message_open_container(reply
, 'r', "sasbttttuii");
954 r
= sd_bus_message_append(reply
, "s", c
->path
);
958 r
= sd_bus_message_append_strv(reply
, c
->argv
);
962 r
= sd_bus_message_append(reply
, "bttttuii",
963 !!(c
->flags
& EXEC_COMMAND_IGNORE_FAILURE
),
964 c
->exec_status
.start_timestamp
.realtime
,
965 c
->exec_status
.start_timestamp
.monotonic
,
966 c
->exec_status
.exit_timestamp
.realtime
,
967 c
->exec_status
.exit_timestamp
.monotonic
,
968 (uint32_t) c
->exec_status
.pid
,
969 (int32_t) c
->exec_status
.code
,
970 (int32_t) c
->exec_status
.status
);
974 return sd_bus_message_close_container(reply
);
977 int bus_property_get_exec_command(
980 const char *interface
,
981 const char *property
,
982 sd_bus_message
*reply
,
984 sd_bus_error
*ret_error
) {
986 ExecCommand
*c
= (ExecCommand
*) userdata
;
992 r
= sd_bus_message_open_container(reply
, 'a', "(sasbttttuii)");
996 r
= append_exec_command(reply
, c
);
1000 return sd_bus_message_close_container(reply
);
1003 int bus_property_get_exec_command_list(
1006 const char *interface
,
1007 const char *property
,
1008 sd_bus_message
*reply
,
1010 sd_bus_error
*ret_error
) {
1012 ExecCommand
*c
= *(ExecCommand
**) userdata
;
1018 r
= sd_bus_message_open_container(reply
, 'a', "(sasbttttuii)");
1022 LIST_FOREACH(command
, c
, c
) {
1023 r
= append_exec_command(reply
, c
);
1028 return sd_bus_message_close_container(reply
);
1031 int bus_exec_context_set_transient_property(
1035 sd_bus_message
*message
,
1036 UnitSetPropertiesMode mode
,
1037 sd_bus_error
*error
) {
1039 const char *soft
= NULL
;
1047 if (streq(name
, "User")) {
1050 r
= sd_bus_message_read(message
, "s", &uu
);
1054 if (!isempty(uu
) && !valid_user_group_name_or_id(uu
))
1055 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid user name: %s", uu
);
1057 if (mode
!= UNIT_CHECK
) {
1060 c
->user
= mfree(c
->user
);
1061 else if (free_and_strdup(&c
->user
, uu
) < 0)
1064 unit_write_drop_in_private_format(u
, mode
, name
, "User=%s", uu
);
1069 } else if (streq(name
, "Group")) {
1072 r
= sd_bus_message_read(message
, "s", &gg
);
1076 if (!isempty(gg
) && !valid_user_group_name_or_id(gg
))
1077 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid group name: %s", gg
);
1079 if (mode
!= UNIT_CHECK
) {
1082 c
->group
= mfree(c
->group
);
1083 else if (free_and_strdup(&c
->group
, gg
) < 0)
1086 unit_write_drop_in_private_format(u
, mode
, name
, "Group=%s", gg
);
1091 } else if (streq(name
, "SupplementaryGroups")) {
1092 _cleanup_strv_free_
char **l
= NULL
;
1095 r
= sd_bus_message_read_strv(message
, &l
);
1099 STRV_FOREACH(p
, l
) {
1100 if (!isempty(*p
) && !valid_user_group_name_or_id(*p
))
1101 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid supplementary group names");
1104 if (mode
!= UNIT_CHECK
) {
1105 if (strv_length(l
) == 0) {
1106 c
->supplementary_groups
= strv_free(c
->supplementary_groups
);
1107 unit_write_drop_in_private_format(u
, mode
, name
, "%s=", name
);
1109 _cleanup_free_
char *joined
= NULL
;
1111 r
= strv_extend_strv(&c
->supplementary_groups
, l
, true);
1115 joined
= strv_join(c
->supplementary_groups
, " ");
1119 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, joined
);
1125 } else if (streq(name
, "SyslogIdentifier")) {
1128 r
= sd_bus_message_read(message
, "s", &id
);
1132 if (mode
!= UNIT_CHECK
) {
1135 c
->syslog_identifier
= mfree(c
->syslog_identifier
);
1136 else if (free_and_strdup(&c
->syslog_identifier
, id
) < 0)
1139 unit_write_drop_in_private_format(u
, mode
, name
, "SyslogIdentifier=%s", id
);
1143 } else if (streq(name
, "SyslogLevel")) {
1146 r
= sd_bus_message_read(message
, "i", &level
);
1150 if (!log_level_is_valid(level
))
1151 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Log level value out of range");
1153 if (mode
!= UNIT_CHECK
) {
1154 c
->syslog_priority
= (c
->syslog_priority
& LOG_FACMASK
) | level
;
1155 unit_write_drop_in_private_format(u
, mode
, name
, "SyslogLevel=%i", level
);
1159 } else if (streq(name
, "SyslogFacility")) {
1162 r
= sd_bus_message_read(message
, "i", &facility
);
1166 if (!log_facility_unshifted_is_valid(facility
))
1167 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Log facility value out of range");
1169 if (mode
!= UNIT_CHECK
) {
1170 c
->syslog_priority
= (facility
<< 3) | LOG_PRI(c
->syslog_priority
);
1171 unit_write_drop_in_private_format(u
, mode
, name
, "SyslogFacility=%i", facility
);
1176 } else if (streq(name
, "LogLevelMax")) {
1179 r
= sd_bus_message_read(message
, "i", &level
);
1183 if (!log_level_is_valid(level
))
1184 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Maximum log level value out of range");
1186 if (mode
!= UNIT_CHECK
) {
1187 c
->log_level_max
= level
;
1188 unit_write_drop_in_private_format(u
, mode
, name
, "LogLevelMax=%i", level
);
1193 } else if (streq(name
, "LogExtraFields")) {
1196 r
= sd_bus_message_enter_container(message
, 'a', "ay");
1201 _cleanup_free_
void *copy
= NULL
;
1207 /* Note that we expect a byte array for each field, instead of a string. That's because on the
1208 * lower-level journal fields can actually contain binary data and are not restricted to text,
1209 * and we should not "lose precision" in our types on the way. That said, I am pretty sure
1210 * actually encoding binary data as unit metadata is not a good idea. Hence we actually refuse
1211 * any actual binary data, and only accept UTF-8. This allows us to eventually lift this
1212 * limitation, should a good, valid usecase arise. */
1214 r
= sd_bus_message_read_array(message
, 'y', &p
, &sz
);
1220 if (memchr(p
, 0, sz
))
1221 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Journal field contains zero byte");
1223 eq
= memchr(p
, '=', sz
);
1225 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Journal field contains no '=' character");
1226 if (!journal_field_valid(p
, eq
- (const char*) p
, false))
1227 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Journal field invalid");
1229 if (mode
!= UNIT_CHECK
) {
1230 t
= realloc_multiply(c
->log_extra_fields
, sizeof(struct iovec
), c
->n_log_extra_fields
+1);
1233 c
->log_extra_fields
= t
;
1236 copy
= malloc(sz
+ 1);
1240 memcpy(copy
, p
, sz
);
1241 ((uint8_t*) copy
)[sz
] = 0;
1243 if (!utf8_is_valid(copy
))
1244 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Journal field is not valid UTF-8");
1246 if (mode
!= UNIT_CHECK
) {
1247 c
->log_extra_fields
[c
->n_log_extra_fields
++] = IOVEC_MAKE(copy
, sz
);
1248 unit_write_drop_in_private_format(u
, mode
, name
, "LogExtraFields=%s", (char*) copy
);
1256 r
= sd_bus_message_exit_container(message
);
1260 if (mode
!= UNIT_CHECK
&& n
== 0) {
1261 exec_context_free_log_extra_fields(c
);
1262 unit_write_drop_in_private(u
, mode
, name
, "LogExtraFields=");
1267 } else if (streq(name
, "SecureBits")) {
1270 r
= sd_bus_message_read(message
, "i", &n
);
1274 if (!secure_bits_is_valid(n
))
1275 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid secure bits");
1277 if (mode
!= UNIT_CHECK
) {
1278 _cleanup_free_
char *str
= NULL
;
1281 r
= secure_bits_to_string_alloc(n
, &str
);
1285 unit_write_drop_in_private_format(u
, mode
, name
, "SecureBits=%s", str
);
1289 } else if (STR_IN_SET(name
, "CapabilityBoundingSet", "AmbientCapabilities")) {
1292 r
= sd_bus_message_read(message
, "t", &n
);
1296 if (mode
!= UNIT_CHECK
) {
1297 _cleanup_free_
char *str
= NULL
;
1299 if (streq(name
, "CapabilityBoundingSet"))
1300 c
->capability_bounding_set
= n
;
1301 else /* "AmbientCapabilities" */
1302 c
->capability_ambient_set
= n
;
1304 r
= capability_set_to_string_alloc(n
, &str
);
1308 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, str
);
1313 } else if (streq(name
, "Personality")) {
1317 r
= sd_bus_message_read(message
, "s", &s
);
1321 p
= personality_from_string(s
);
1322 if (p
== PERSONALITY_INVALID
)
1323 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid personality");
1325 if (mode
!= UNIT_CHECK
) {
1327 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, s
);
1334 } else if (streq(name
, "SystemCallFilter")) {
1336 _cleanup_strv_free_
char **l
= NULL
;
1338 r
= sd_bus_message_enter_container(message
, 'r', "bas");
1342 r
= sd_bus_message_read(message
, "b", &whitelist
);
1346 r
= sd_bus_message_read_strv(message
, &l
);
1350 r
= sd_bus_message_exit_container(message
);
1354 if (mode
!= UNIT_CHECK
) {
1355 _cleanup_free_
char *joined
= NULL
;
1357 if (strv_length(l
) == 0) {
1358 c
->syscall_whitelist
= false;
1359 c
->syscall_filter
= hashmap_free(c
->syscall_filter
);
1363 c
->syscall_whitelist
= whitelist
;
1365 r
= hashmap_ensure_allocated(&c
->syscall_filter
, NULL
);
1369 STRV_FOREACH(s
, l
) {
1370 _cleanup_free_
char *n
= NULL
;
1373 r
= parse_syscall_and_errno(*s
, &n
, &e
);
1378 const SyscallFilterSet
*set
;
1381 set
= syscall_filter_set_find(n
);
1385 NULSTR_FOREACH(i
, set
->value
) {
1388 id
= seccomp_syscall_resolve_name(i
);
1389 if (id
== __NR_SCMP_ERROR
)
1392 r
= hashmap_put(c
->syscall_filter
, INT_TO_PTR(id
+ 1), INT_TO_PTR(e
));
1400 id
= seccomp_syscall_resolve_name(n
);
1401 if (id
== __NR_SCMP_ERROR
)
1404 r
= hashmap_put(c
->syscall_filter
, INT_TO_PTR(id
+ 1), INT_TO_PTR(e
));
1411 joined
= strv_join(l
, " ");
1415 unit_write_drop_in_private_format(u
, mode
, name
, "SystemCallFilter=%s%s", whitelist
? "" : "~", joined
);
1420 } else if (streq(name
, "SystemCallArchitectures")) {
1421 _cleanup_strv_free_
char **l
= NULL
;
1423 r
= sd_bus_message_read_strv(message
, &l
);
1427 if (mode
!= UNIT_CHECK
) {
1428 _cleanup_free_
char *joined
= NULL
;
1430 if (strv_length(l
) == 0)
1431 c
->syscall_archs
= set_free(c
->syscall_archs
);
1435 r
= set_ensure_allocated(&c
->syscall_archs
, NULL
);
1439 STRV_FOREACH(s
, l
) {
1442 r
= seccomp_arch_from_string(*s
, &a
);
1446 r
= set_put(c
->syscall_archs
, UINT32_TO_PTR(a
+ 1));
1453 joined
= strv_join(l
, " ");
1457 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, joined
);
1462 } else if (streq(name
, "SystemCallErrorNumber")) {
1465 r
= sd_bus_message_read(message
, "i", &n
);
1469 if (n
<= 0 || n
> ERRNO_MAX
)
1470 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid SystemCallErrorNumber");
1472 if (mode
!= UNIT_CHECK
) {
1473 c
->syscall_errno
= n
;
1475 unit_write_drop_in_private_format(u
, mode
, name
, "SystemCallErrorNumber=%d", n
);
1480 } else if (streq(name
, "RestrictAddressFamilies")) {
1482 _cleanup_strv_free_
char **l
= NULL
;
1484 r
= sd_bus_message_enter_container(message
, 'r', "bas");
1488 r
= sd_bus_message_read(message
, "b", &whitelist
);
1492 r
= sd_bus_message_read_strv(message
, &l
);
1496 r
= sd_bus_message_exit_container(message
);
1500 if (mode
!= UNIT_CHECK
) {
1501 _cleanup_free_
char *joined
= NULL
;
1503 if (strv_length(l
) == 0) {
1504 c
->address_families_whitelist
= false;
1505 c
->address_families
= set_free(c
->address_families
);
1509 c
->address_families_whitelist
= whitelist
;
1511 r
= set_ensure_allocated(&c
->address_families
, NULL
);
1515 STRV_FOREACH(s
, l
) {
1518 af
= af_from_name(*s
);
1522 r
= set_put(c
->address_families
, INT_TO_PTR(af
));
1528 joined
= strv_join(l
, " ");
1532 unit_write_drop_in_private_format(u
, mode
, name
, "RestrictAddressFamilies=%s%s", whitelist
? "" : "~", joined
);
1538 } else if (streq(name
, "CPUSchedulingPolicy")) {
1541 r
= sd_bus_message_read(message
, "i", &n
);
1545 if (!sched_policy_is_valid(n
))
1546 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid CPU scheduling policy");
1548 if (mode
!= UNIT_CHECK
) {
1549 _cleanup_free_
char *str
= NULL
;
1551 c
->cpu_sched_policy
= n
;
1552 r
= sched_policy_to_string_alloc(n
, &str
);
1556 unit_write_drop_in_private_format(u
, mode
, name
, "CPUSchedulingPolicy=%s", str
);
1561 } else if (streq(name
, "CPUSchedulingPriority")) {
1564 r
= sd_bus_message_read(message
, "i", &n
);
1568 if (!ioprio_priority_is_valid(n
))
1569 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid CPU scheduling priority");
1571 if (mode
!= UNIT_CHECK
) {
1572 c
->cpu_sched_priority
= n
;
1573 unit_write_drop_in_private_format(u
, mode
, name
, "CPUSchedulingPriority=%i", n
);
1578 } else if (streq(name
, "CPUAffinity")) {
1582 r
= sd_bus_message_read_array(message
, 'y', &a
, &n
);
1586 if (mode
!= UNIT_CHECK
) {
1588 c
->cpuset
= mfree(c
->cpuset
);
1589 unit_write_drop_in_private_format(u
, mode
, name
, "%s=", name
);
1591 _cleanup_free_
char *str
= NULL
;
1593 size_t allocated
= 0, len
= 0, i
;
1595 c
->cpuset
= (cpu_set_t
*) memdup(a
, sizeof(cpu_set_t
) * n
);
1600 for (i
= 0; i
< n
; i
++) {
1601 _cleanup_free_
char *p
= NULL
;
1604 r
= asprintf(&p
, "%hhi", l
[i
]);
1610 if (GREEDY_REALLOC(str
, allocated
, len
+ add
+ 2))
1613 strcpy(mempcpy(str
+ len
, p
, add
), " ");
1618 str
[len
- 1] = '\0';
1620 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, str
);
1625 } else if (streq(name
, "Nice")) {
1628 r
= sd_bus_message_read(message
, "i", &n
);
1632 if (!nice_is_valid(n
))
1633 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Nice value out of range");
1635 if (mode
!= UNIT_CHECK
) {
1637 unit_write_drop_in_private_format(u
, mode
, name
, "Nice=%i", n
);
1642 } else if (streq(name
, "IOSchedulingClass")) {
1645 r
= sd_bus_message_read(message
, "i", &q
);
1649 if (!ioprio_class_is_valid(q
))
1650 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid IO scheduling class: %i", q
);
1652 if (mode
!= UNIT_CHECK
) {
1653 _cleanup_free_
char *s
= NULL
;
1655 r
= ioprio_class_to_string_alloc(q
, &s
);
1659 c
->ioprio
= IOPRIO_PRIO_VALUE(q
, IOPRIO_PRIO_DATA(c
->ioprio
));
1660 c
->ioprio_set
= true;
1662 unit_write_drop_in_private_format(u
, mode
, name
, "IOSchedulingClass=%s", s
);
1667 } else if (streq(name
, "IOSchedulingPriority")) {
1670 r
= sd_bus_message_read(message
, "i", &p
);
1674 if (!ioprio_priority_is_valid(p
))
1675 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid IO scheduling priority: %i", p
);
1677 if (mode
!= UNIT_CHECK
) {
1678 c
->ioprio
= IOPRIO_PRIO_VALUE(IOPRIO_PRIO_CLASS(c
->ioprio
), p
);
1679 c
->ioprio_set
= true;
1681 unit_write_drop_in_private_format(u
, mode
, name
, "IOSchedulingPriority=%i", p
);
1686 } else if (STR_IN_SET(name
, "TTYPath", "RootDirectory", "RootImage")) {
1689 r
= sd_bus_message_read(message
, "s", &s
);
1693 if (!path_is_absolute(s
))
1694 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "%s takes an absolute path", name
);
1696 if (mode
!= UNIT_CHECK
) {
1697 if (streq(name
, "TTYPath"))
1698 r
= free_and_strdup(&c
->tty_path
, s
);
1699 else if (streq(name
, "RootImage"))
1700 r
= free_and_strdup(&c
->root_image
, s
);
1702 assert(streq(name
, "RootDirectory"));
1703 r
= free_and_strdup(&c
->root_directory
, s
);
1708 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, s
);
1713 } else if (streq(name
, "WorkingDirectory")) {
1717 r
= sd_bus_message_read(message
, "s", &s
);
1727 if (!streq(s
, "~") && !path_is_absolute(s
))
1728 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "WorkingDirectory= expects an absolute path or '~'");
1730 if (mode
!= UNIT_CHECK
) {
1731 if (streq(s
, "~")) {
1732 c
->working_directory
= mfree(c
->working_directory
);
1733 c
->working_directory_home
= true;
1735 r
= free_and_strdup(&c
->working_directory
, s
);
1739 c
->working_directory_home
= false;
1742 c
->working_directory_missing_ok
= missing_ok
;
1743 unit_write_drop_in_private_format(u
, mode
, name
, "WorkingDirectory=%s%s", missing_ok
? "-" : "", s
);
1748 } else if (streq(name
, "StandardInput")) {
1752 r
= sd_bus_message_read(message
, "s", &s
);
1756 p
= exec_input_from_string(s
);
1758 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid standard input name");
1760 if (mode
!= UNIT_CHECK
) {
1763 unit_write_drop_in_private_format(u
, mode
, name
, "StandardInput=%s", exec_input_to_string(p
));
1768 } else if (streq(name
, "StandardOutput")) {
1772 r
= sd_bus_message_read(message
, "s", &s
);
1776 p
= exec_output_from_string(s
);
1778 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid standard output name");
1780 if (mode
!= UNIT_CHECK
) {
1783 unit_write_drop_in_private_format(u
, mode
, name
, "StandardOutput=%s", exec_output_to_string(p
));
1788 } else if (streq(name
, "StandardError")) {
1792 r
= sd_bus_message_read(message
, "s", &s
);
1796 p
= exec_output_from_string(s
);
1798 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid standard error name");
1800 if (mode
!= UNIT_CHECK
) {
1803 unit_write_drop_in_private_format(u
, mode
, name
, "StandardError=%s", exec_output_to_string(p
));
1808 } else if (STR_IN_SET(name
,
1809 "StandardInputFileDescriptorName", "StandardOutputFileDescriptorName", "StandardErrorFileDescriptorName")) {
1812 r
= sd_bus_message_read(message
, "s", &s
);
1816 if (!fdname_is_valid(s
))
1817 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid file descriptor name");
1819 if (mode
!= UNIT_CHECK
) {
1820 if (streq(name
, "StandardInputFileDescriptorName")) {
1821 c
->std_input
= EXEC_INPUT_NAMED_FD
;
1822 r
= free_and_strdup(&c
->stdio_fdname
[STDIN_FILENO
], s
);
1825 unit_write_drop_in_private_format(u
, mode
, name
, "StandardInput=fd:%s", s
);
1826 } else if (streq(name
, "StandardOutputFileDescriptorName")) {
1827 c
->std_output
= EXEC_OUTPUT_NAMED_FD
;
1828 r
= free_and_strdup(&c
->stdio_fdname
[STDOUT_FILENO
], s
);
1831 unit_write_drop_in_private_format(u
, mode
, name
, "StandardOutput=fd:%s", s
);
1832 } else if (streq(name
, "StandardErrorFileDescriptorName")) {
1833 c
->std_error
= EXEC_OUTPUT_NAMED_FD
;
1834 r
= free_and_strdup(&c
->stdio_fdname
[STDERR_FILENO
], s
);
1837 unit_write_drop_in_private_format(u
, mode
, name
, "StandardError=fd:%s", s
);
1843 } else if (STR_IN_SET(name
,
1844 "IgnoreSIGPIPE", "TTYVHangup", "TTYReset", "TTYVTDisallocate",
1845 "PrivateTmp", "PrivateDevices", "PrivateNetwork", "PrivateUsers",
1846 "NoNewPrivileges", "SyslogLevelPrefix", "MemoryDenyWriteExecute",
1847 "RestrictRealtime", "DynamicUser", "RemoveIPC", "ProtectKernelTunables",
1848 "ProtectKernelModules", "ProtectControlGroups", "MountAPIVFS",
1849 "CPUSchedulingResetOnFork", "NonBlocking", "LockPersonality")) {
1852 r
= sd_bus_message_read(message
, "b", &b
);
1856 if (mode
!= UNIT_CHECK
) {
1857 if (streq(name
, "IgnoreSIGPIPE"))
1858 c
->ignore_sigpipe
= b
;
1859 else if (streq(name
, "TTYVHangup"))
1861 else if (streq(name
, "TTYReset"))
1863 else if (streq(name
, "TTYVTDisallocate"))
1864 c
->tty_vt_disallocate
= b
;
1865 else if (streq(name
, "PrivateTmp"))
1867 else if (streq(name
, "PrivateDevices"))
1868 c
->private_devices
= b
;
1869 else if (streq(name
, "PrivateNetwork"))
1870 c
->private_network
= b
;
1871 else if (streq(name
, "PrivateUsers"))
1872 c
->private_users
= b
;
1873 else if (streq(name
, "NoNewPrivileges"))
1874 c
->no_new_privileges
= b
;
1875 else if (streq(name
, "SyslogLevelPrefix"))
1876 c
->syslog_level_prefix
= b
;
1877 else if (streq(name
, "MemoryDenyWriteExecute"))
1878 c
->memory_deny_write_execute
= b
;
1879 else if (streq(name
, "RestrictRealtime"))
1880 c
->restrict_realtime
= b
;
1881 else if (streq(name
, "DynamicUser"))
1882 c
->dynamic_user
= b
;
1883 else if (streq(name
, "RemoveIPC"))
1885 else if (streq(name
, "ProtectKernelTunables"))
1886 c
->protect_kernel_tunables
= b
;
1887 else if (streq(name
, "ProtectKernelModules"))
1888 c
->protect_kernel_modules
= b
;
1889 else if (streq(name
, "ProtectControlGroups"))
1890 c
->protect_control_groups
= b
;
1891 else if (streq(name
, "MountAPIVFS"))
1892 c
->mount_apivfs
= b
;
1893 else if (streq(name
, "CPUSchedulingResetOnFork"))
1894 c
->cpu_sched_reset_on_fork
= b
;
1895 else if (streq(name
, "NonBlocking"))
1896 c
->non_blocking
= b
;
1897 else if (streq(name
, "LockPersonality"))
1898 c
->lock_personality
= b
;
1900 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, yes_no(b
));
1905 } else if (streq(name
, "UtmpIdentifier")) {
1908 r
= sd_bus_message_read(message
, "s", &id
);
1912 if (mode
!= UNIT_CHECK
) {
1914 c
->utmp_id
= mfree(c
->utmp_id
);
1915 else if (free_and_strdup(&c
->utmp_id
, id
) < 0)
1918 unit_write_drop_in_private_format(u
, mode
, name
, "UtmpIdentifier=%s", strempty(id
));
1923 } else if (streq(name
, "UtmpMode")) {
1927 r
= sd_bus_message_read(message
, "s", &s
);
1931 m
= exec_utmp_mode_from_string(s
);
1933 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid utmp mode");
1935 if (mode
!= UNIT_CHECK
) {
1938 unit_write_drop_in_private_format(u
, mode
, name
, "UtmpMode=%s", exec_utmp_mode_to_string(m
));
1943 } else if (streq(name
, "PAMName")) {
1946 r
= sd_bus_message_read(message
, "s", &n
);
1950 if (mode
!= UNIT_CHECK
) {
1952 c
->pam_name
= mfree(c
->pam_name
);
1953 else if (free_and_strdup(&c
->pam_name
, n
) < 0)
1956 unit_write_drop_in_private_format(u
, mode
, name
, "PAMName=%s", strempty(n
));
1961 } else if (streq(name
, "Environment")) {
1963 _cleanup_strv_free_
char **l
= NULL
, **q
= NULL
;
1965 r
= sd_bus_message_read_strv(message
, &l
);
1969 r
= unit_full_printf_strv(u
, l
, &q
);
1973 if (!strv_env_is_valid(q
))
1974 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid environment block.");
1976 if (mode
!= UNIT_CHECK
) {
1977 if (strv_length(q
) == 0) {
1978 c
->environment
= strv_free(c
->environment
);
1979 unit_write_drop_in_private_format(u
, mode
, name
, "Environment=");
1981 _cleanup_free_
char *joined
= NULL
;
1984 e
= strv_env_merge(2, c
->environment
, q
);
1988 strv_free(c
->environment
);
1991 /* We write just the new settings out to file, with unresolved specifiers */
1992 joined
= strv_join_quoted(l
);
1996 unit_write_drop_in_private_format(u
, mode
, name
, "Environment=%s", joined
);
2002 } else if (streq(name
, "UnsetEnvironment")) {
2004 _cleanup_strv_free_
char **l
= NULL
, **q
= NULL
;
2006 r
= sd_bus_message_read_strv(message
, &l
);
2010 r
= unit_full_printf_strv(u
, l
, &q
);
2014 if (!strv_env_name_or_assignment_is_valid(q
))
2015 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid UnsetEnvironment= list.");
2017 if (mode
!= UNIT_CHECK
) {
2018 if (strv_length(q
) == 0) {
2019 c
->unset_environment
= strv_free(c
->unset_environment
);
2020 unit_write_drop_in_private_format(u
, mode
, name
, "UnsetEnvironment=");
2022 _cleanup_free_
char *joined
= NULL
;
2025 e
= strv_env_merge(2, c
->unset_environment
, q
);
2029 strv_free(c
->unset_environment
);
2030 c
->unset_environment
= e
;
2032 /* We write just the new settings out to file, with unresolved specifiers */
2033 joined
= strv_join_quoted(l
);
2037 unit_write_drop_in_private_format(u
, mode
, name
, "UnsetEnvironment=%s", joined
);
2043 } else if (streq(name
, "TimerSlackNSec")) {
2047 r
= sd_bus_message_read(message
, "t", &n
);
2051 if (mode
!= UNIT_CHECK
) {
2052 c
->timer_slack_nsec
= n
;
2053 unit_write_drop_in_private_format(u
, mode
, name
, "TimerSlackNSec=" NSEC_FMT
, n
);
2058 } else if (streq(name
, "OOMScoreAdjust")) {
2061 r
= sd_bus_message_read(message
, "i", &oa
);
2065 if (!oom_score_adjust_is_valid(oa
))
2066 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "OOM score adjust value out of range");
2068 if (mode
!= UNIT_CHECK
) {
2069 c
->oom_score_adjust
= oa
;
2070 c
->oom_score_adjust_set
= true;
2071 unit_write_drop_in_private_format(u
, mode
, name
, "OOMScoreAdjust=%i", oa
);
2076 } else if (streq(name
, "EnvironmentFiles")) {
2078 _cleanup_free_
char *joined
= NULL
;
2079 _cleanup_fclose_
FILE *f
= NULL
;
2080 _cleanup_strv_free_
char **l
= NULL
;
2084 r
= sd_bus_message_enter_container(message
, 'a', "(sb)");
2088 f
= open_memstream(&joined
, &size
);
2092 STRV_FOREACH(i
, c
->environment_files
)
2093 fprintf(f
, "EnvironmentFile=%s", *i
);
2095 while ((r
= sd_bus_message_enter_container(message
, 'r', "sb")) > 0) {
2099 r
= sd_bus_message_read(message
, "sb", &path
, &b
);
2103 r
= sd_bus_message_exit_container(message
);
2107 if (!path_is_absolute(path
))
2108 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Path %s is not absolute.", path
);
2110 if (mode
!= UNIT_CHECK
) {
2113 buf
= strjoin(b
? "-" : "", path
);
2117 fprintf(f
, "EnvironmentFile=%s", buf
);
2119 r
= strv_consume(&l
, buf
);
2127 r
= sd_bus_message_exit_container(message
);
2131 r
= fflush_and_check(f
);
2135 if (mode
!= UNIT_CHECK
) {
2136 if (strv_isempty(l
)) {
2137 c
->environment_files
= strv_free(c
->environment_files
);
2138 unit_write_drop_in_private(u
, mode
, name
, "EnvironmentFile=");
2140 r
= strv_extend_strv(&c
->environment_files
, l
, true);
2144 unit_write_drop_in_private(u
, mode
, name
, joined
);
2150 } else if (streq(name
, "PassEnvironment")) {
2152 _cleanup_strv_free_
char **l
= NULL
, **q
= NULL
;
2154 r
= sd_bus_message_read_strv(message
, &l
);
2158 r
= unit_full_printf_strv(u
, l
, &q
);
2162 if (!strv_env_name_is_valid(q
))
2163 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid PassEnvironment= block.");
2165 if (mode
!= UNIT_CHECK
) {
2166 if (strv_isempty(l
)) {
2167 c
->pass_environment
= strv_free(c
->pass_environment
);
2168 unit_write_drop_in_private_format(u
, mode
, name
, "PassEnvironment=");
2170 _cleanup_free_
char *joined
= NULL
;
2172 r
= strv_extend_strv(&c
->pass_environment
, q
, true);
2176 /* We write just the new settings out to file, with unresolved specifiers. */
2177 joined
= strv_join_quoted(l
);
2181 unit_write_drop_in_private_format(u
, mode
, name
, "PassEnvironment=%s", joined
);
2187 } else if (STR_IN_SET(name
, "ReadWriteDirectories", "ReadOnlyDirectories", "InaccessibleDirectories",
2188 "ReadWritePaths", "ReadOnlyPaths", "InaccessiblePaths")) {
2189 _cleanup_strv_free_
char **l
= NULL
;
2193 r
= sd_bus_message_read_strv(message
, &l
);
2197 STRV_FOREACH(p
, l
) {
2201 if (!utf8_is_valid(i
))
2202 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid %s", name
);
2204 offset
= i
[0] == '-';
2205 offset
+= i
[offset
] == '+';
2206 if (!path_is_absolute(i
+ offset
))
2207 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid %s", name
);
2210 if (mode
!= UNIT_CHECK
) {
2211 _cleanup_free_
char *joined
= NULL
;
2213 if (STR_IN_SET(name
, "ReadWriteDirectories", "ReadWritePaths"))
2214 dirs
= &c
->read_write_paths
;
2215 else if (STR_IN_SET(name
, "ReadOnlyDirectories", "ReadOnlyPaths"))
2216 dirs
= &c
->read_only_paths
;
2217 else /* "InaccessiblePaths" */
2218 dirs
= &c
->inaccessible_paths
;
2220 if (strv_length(l
) == 0) {
2221 *dirs
= strv_free(*dirs
);
2222 unit_write_drop_in_private_format(u
, mode
, name
, "%s=", name
);
2224 r
= strv_extend_strv(dirs
, l
, true);
2228 joined
= strv_join_quoted(*dirs
);
2232 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, joined
);
2239 } else if (streq(name
, "ProtectSystem")) {
2243 r
= sd_bus_message_read(message
, "s", &s
);
2247 r
= parse_boolean(s
);
2249 ps
= PROTECT_SYSTEM_YES
;
2251 ps
= PROTECT_SYSTEM_NO
;
2253 ps
= protect_system_from_string(s
);
2255 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Failed to parse protect system value");
2258 if (mode
!= UNIT_CHECK
) {
2259 c
->protect_system
= ps
;
2260 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, s
);
2265 } else if (streq(name
, "ProtectHome")) {
2269 r
= sd_bus_message_read(message
, "s", &s
);
2273 r
= parse_boolean(s
);
2275 ph
= PROTECT_HOME_YES
;
2277 ph
= PROTECT_HOME_NO
;
2279 ph
= protect_home_from_string(s
);
2281 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Failed to parse protect home value");
2284 if (mode
!= UNIT_CHECK
) {
2285 c
->protect_home
= ph
;
2286 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, s
);
2291 } else if (streq(name
, "KeyringMode")) {
2296 r
= sd_bus_message_read(message
, "s", &s
);
2300 m
= exec_keyring_mode_from_string(s
);
2302 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid keyring mode");
2304 if (mode
!= UNIT_CHECK
) {
2305 c
->keyring_mode
= m
;
2307 unit_write_drop_in_private_format(u
, mode
, name
, "KeyringMode=%s", exec_keyring_mode_to_string(m
));
2312 } else if (streq(name
, "RuntimeDirectoryPreserve")) {
2316 r
= sd_bus_message_read(message
, "s", &s
);
2320 m
= exec_preserve_mode_from_string(s
);
2322 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid preserve mode");
2324 if (mode
!= UNIT_CHECK
) {
2325 c
->runtime_directory_preserve_mode
= m
;
2327 unit_write_drop_in_private_format(u
, mode
, name
, "RuntimeDirectoryPreserve=%s", exec_preserve_mode_to_string(m
));
2332 } else if (STR_IN_SET(name
, "RuntimeDirectoryMode", "StateDirectoryMode", "CacheDirectoryMode", "LogsDirectoryMode", "ConfigurationDirectoryMode", "UMask")) {
2335 r
= sd_bus_message_read(message
, "u", &m
);
2339 if (mode
!= UNIT_CHECK
) {
2340 ExecDirectoryType i
;
2342 if (streq(name
, "UMask"))
2345 for (i
= 0; i
< _EXEC_DIRECTORY_TYPE_MAX
; i
++)
2346 if (startswith(name
, exec_directory_type_to_string(i
))) {
2347 c
->directories
[i
].mode
= m
;
2351 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%040o", name
, m
);
2356 } else if (STR_IN_SET(name
, "RuntimeDirectory", "StateDirectory", "CacheDirectory", "LogsDirectory", "ConfigurationDirectory")) {
2357 _cleanup_strv_free_
char **l
= NULL
;
2360 r
= sd_bus_message_read_strv(message
, &l
);
2364 STRV_FOREACH(p
, l
) {
2365 if (!path_is_safe(*p
) || path_is_absolute(*p
))
2366 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "%s= path is not valid: %s", name
, *p
);
2369 if (mode
!= UNIT_CHECK
) {
2370 _cleanup_free_
char *joined
= NULL
;
2371 char ***dirs
= NULL
;
2372 ExecDirectoryType i
;
2374 for (i
= 0; i
< _EXEC_DIRECTORY_TYPE_MAX
; i
++)
2375 if (streq(name
, exec_directory_type_to_string(i
))) {
2376 dirs
= &c
->directories
[i
].paths
;
2382 if (strv_isempty(l
)) {
2383 *dirs
= strv_free(*dirs
);
2384 unit_write_drop_in_private_format(u
, mode
, name
, "%s=", name
);
2386 r
= strv_extend_strv(dirs
, l
, true);
2390 joined
= strv_join_quoted(*dirs
);
2394 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, joined
);
2400 } else if (streq(name
, "SELinuxContext")) {
2402 r
= sd_bus_message_read(message
, "s", &s
);
2406 if (mode
!= UNIT_CHECK
) {
2408 c
->selinux_context
= mfree(c
->selinux_context
);
2409 else if (free_and_strdup(&c
->selinux_context
, s
) < 0)
2412 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, strempty(s
));
2417 } else if (STR_IN_SET(name
, "AppArmorProfile", "SmackProcessLabel")) {
2421 r
= sd_bus_message_enter_container(message
, 'r', "bs");
2425 r
= sd_bus_message_read(message
, "bs", &ignore
, &s
);
2429 if (mode
!= UNIT_CHECK
) {
2433 if (streq(name
, "AppArmorProfile")) {
2434 p
= &c
->apparmor_profile
;
2435 b
= &c
->apparmor_profile_ignore
;
2436 } else { /* "SmackProcessLabel" */
2437 p
= &c
->smack_process_label
;
2438 b
= &c
->smack_process_label_ignore
;
2445 if (free_and_strdup(p
, s
) < 0)
2450 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s%s", name
, ignore
? "-" : "", strempty(s
));
2455 } else if (streq(name
, "RestrictNamespaces")) {
2458 r
= sd_bus_message_read(message
, "t", &flags
);
2461 if ((flags
& NAMESPACE_FLAGS_ALL
) != flags
)
2462 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Unknown namespace types");
2464 if (mode
!= UNIT_CHECK
) {
2465 _cleanup_free_
char *s
= NULL
;
2467 r
= namespace_flag_to_string_many(flags
, &s
);
2471 c
->restrict_namespaces
= flags
;
2472 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, s
);
2476 } else if (streq(name
, "MountFlags")) {
2479 r
= sd_bus_message_read(message
, "t", &flags
);
2482 if (!IN_SET(flags
, 0, MS_SHARED
, MS_PRIVATE
, MS_SLAVE
))
2483 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Unknown mount propagation flags");
2485 if (mode
!= UNIT_CHECK
) {
2486 c
->mount_flags
= flags
;
2488 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, mount_propagation_flags_to_string(flags
));
2492 } else if (STR_IN_SET(name
, "BindPaths", "BindReadOnlyPaths")) {
2493 unsigned empty
= true;
2495 r
= sd_bus_message_enter_container(message
, 'a', "(ssbt)");
2499 while ((r
= sd_bus_message_enter_container(message
, 'r', "ssbt")) > 0) {
2500 const char *source
, *destination
;
2502 uint64_t mount_flags
;
2504 r
= sd_bus_message_read(message
, "ssbt", &source
, &destination
, &ignore_enoent
, &mount_flags
);
2508 r
= sd_bus_message_exit_container(message
);
2512 if (!path_is_absolute(source
))
2513 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Source path %s is not absolute.", source
);
2514 if (!path_is_absolute(destination
))
2515 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Destination path %s is not absolute.", destination
);
2516 if (!IN_SET(mount_flags
, 0, MS_REC
))
2517 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Unknown mount flags.");
2519 if (mode
!= UNIT_CHECK
) {
2520 r
= bind_mount_add(&c
->bind_mounts
, &c
->n_bind_mounts
,
2522 .source
= strdup(source
),
2523 .destination
= strdup(destination
),
2524 .read_only
= !!strstr(name
, "ReadOnly"),
2525 .recursive
= !!(mount_flags
& MS_REC
),
2526 .ignore_enoent
= ignore_enoent
,
2531 unit_write_drop_in_private_format(
2535 ignore_enoent
? "-" : "",
2538 (mount_flags
& MS_REC
) ? "rbind" : "norbind");
2546 r
= sd_bus_message_exit_container(message
);
2551 bind_mount_free_many(c
->bind_mounts
, c
->n_bind_mounts
);
2552 c
->bind_mounts
= NULL
;
2553 c
->n_bind_mounts
= 0;
2559 ri
= rlimit_from_string(name
);
2561 soft
= endswith(name
, "Soft");
2565 n
= strndupa(name
, soft
- name
);
2566 ri
= rlimit_from_string(n
);
2577 r
= sd_bus_message_read(message
, "t", &rl
);
2581 if (rl
== (uint64_t) -1)
2586 if ((uint64_t) x
!= rl
)
2590 if (mode
!= UNIT_CHECK
) {
2591 _cleanup_free_
char *f
= NULL
;
2594 if (c
->rlimit
[ri
]) {
2595 nl
= *c
->rlimit
[ri
];
2602 /* When the resource limit is not initialized yet, then assign the value to both fields */
2603 nl
= (struct rlimit
) {
2608 r
= rlimit_format(&nl
, &f
);
2613 *c
->rlimit
[ri
] = nl
;
2615 c
->rlimit
[ri
] = newdup(struct rlimit
, &nl
, 1);
2620 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, f
);