]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/dbus-execute.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
core: rename ReadOnlySystem= to ProtectSystem= and add a third value for also mountin...
[thirdparty/systemd.git] / src / core / dbus-execute.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/prctl.h>
23
24 #ifdef HAVE_SECCOMP
25 #include <seccomp.h>
26 #endif
27
28 #include "bus-util.h"
29 #include "missing.h"
30 #include "ioprio.h"
31 #include "strv.h"
32 #include "fileio.h"
33 #include "execute.h"
34 #include "dbus-execute.h"
35 #include "capability.h"
36 #include "env-util.h"
37 #include "af-list.h"
38 #include "namespace.h"
39
40 #ifdef HAVE_SECCOMP
41 #include "seccomp-util.h"
42 #endif
43
44 BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_exec_output, exec_output, ExecOutput);
45
46 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_input, exec_input, ExecInput);
47
48 static BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_protect_home, protect_home, ProtectHome);
49 static BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_protect_system, protect_system, ProtectSystem);
50
51 static int property_get_environment_files(
52 sd_bus *bus,
53 const char *path,
54 const char *interface,
55 const char *property,
56 sd_bus_message *reply,
57 void *userdata,
58 sd_bus_error *error) {
59
60 ExecContext *c = userdata;
61 char **j;
62 int r;
63
64 assert(bus);
65 assert(reply);
66 assert(c);
67
68 r = sd_bus_message_open_container(reply, 'a', "(sb)");
69 if (r < 0)
70 return r;
71
72 STRV_FOREACH(j, c->environment_files) {
73 const char *fn = *j;
74
75 r = sd_bus_message_append(reply, "(sb)", fn[0] == '-' ? fn + 1 : fn, fn[0] == '-');
76 if (r < 0)
77 return r;
78 }
79
80 return sd_bus_message_close_container(reply);
81 }
82
83 static int property_get_rlimit(
84 sd_bus *bus,
85 const char *path,
86 const char *interface,
87 const char *property,
88 sd_bus_message *reply,
89 void *userdata,
90 sd_bus_error *error) {
91
92 struct rlimit *rl;
93 uint64_t u;
94 rlim_t x;
95
96 assert(bus);
97 assert(reply);
98 assert(userdata);
99
100 rl = *(struct rlimit**) userdata;
101 if (rl)
102 x = rl->rlim_max;
103 else {
104 struct rlimit buf = {};
105 int z;
106
107 z = rlimit_from_string(property);
108 assert(z >= 0);
109
110 getrlimit(z, &buf);
111 x = buf.rlim_max;
112 }
113
114 /* rlim_t might have different sizes, let's map
115 * RLIMIT_INFINITY to (uint64_t) -1, so that it is the same on
116 * all archs */
117 u = x == RLIM_INFINITY ? (uint64_t) -1 : (uint64_t) x;
118
119 return sd_bus_message_append(reply, "t", u);
120 }
121
122 static int property_get_oom_score_adjust(
123 sd_bus *bus,
124 const char *path,
125 const char *interface,
126 const char *property,
127 sd_bus_message *reply,
128 void *userdata,
129 sd_bus_error *error) {
130
131
132 ExecContext *c = userdata;
133 int32_t n;
134
135 assert(bus);
136 assert(reply);
137 assert(c);
138
139 if (c->oom_score_adjust_set)
140 n = c->oom_score_adjust;
141 else {
142 _cleanup_free_ char *t = NULL;
143
144 n = 0;
145 if (read_one_line_file("/proc/self/oom_score_adj", &t) >= 0)
146 safe_atoi(t, &n);
147 }
148
149 return sd_bus_message_append(reply, "i", n);
150 }
151
152 static int property_get_nice(
153 sd_bus *bus,
154 const char *path,
155 const char *interface,
156 const char *property,
157 sd_bus_message *reply,
158 void *userdata,
159 sd_bus_error *error) {
160
161
162 ExecContext *c = userdata;
163 int32_t n;
164
165 assert(bus);
166 assert(reply);
167 assert(c);
168
169 if (c->nice_set)
170 n = c->nice;
171 else {
172 errno = 0;
173 n = getpriority(PRIO_PROCESS, 0);
174 if (errno != 0)
175 n = 0;
176 }
177
178 return sd_bus_message_append(reply, "i", n);
179 }
180
181 static int property_get_ioprio(
182 sd_bus *bus,
183 const char *path,
184 const char *interface,
185 const char *property,
186 sd_bus_message *reply,
187 void *userdata,
188 sd_bus_error *error) {
189
190
191 ExecContext *c = userdata;
192 int32_t n;
193
194 assert(bus);
195 assert(reply);
196 assert(c);
197
198 if (c->ioprio_set)
199 n = c->ioprio;
200 else {
201 n = ioprio_get(IOPRIO_WHO_PROCESS, 0);
202 if (n < 0)
203 n = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 4);
204 }
205
206 return sd_bus_message_append(reply, "i", n);
207 }
208
209 static int property_get_cpu_sched_policy(
210 sd_bus *bus,
211 const char *path,
212 const char *interface,
213 const char *property,
214 sd_bus_message *reply,
215 void *userdata,
216 sd_bus_error *error) {
217
218 ExecContext *c = userdata;
219 int32_t n;
220
221 assert(bus);
222 assert(reply);
223 assert(c);
224
225 if (c->cpu_sched_set)
226 n = c->cpu_sched_policy;
227 else {
228 n = sched_getscheduler(0);
229 if (n < 0)
230 n = SCHED_OTHER;
231 }
232
233 return sd_bus_message_append(reply, "i", n);
234 }
235
236 static int property_get_cpu_sched_priority(
237 sd_bus *bus,
238 const char *path,
239 const char *interface,
240 const char *property,
241 sd_bus_message *reply,
242 void *userdata,
243 sd_bus_error *error) {
244
245 ExecContext *c = userdata;
246 int32_t n;
247
248 assert(bus);
249 assert(reply);
250 assert(c);
251
252 if (c->cpu_sched_set)
253 n = c->cpu_sched_priority;
254 else {
255 struct sched_param p = {};
256
257 if (sched_getparam(0, &p) >= 0)
258 n = p.sched_priority;
259 else
260 n = 0;
261 }
262
263 return sd_bus_message_append(reply, "i", n);
264 }
265
266 static int property_get_cpu_affinity(
267 sd_bus *bus,
268 const char *path,
269 const char *interface,
270 const char *property,
271 sd_bus_message *reply,
272 void *userdata,
273 sd_bus_error *error) {
274
275 ExecContext *c = userdata;
276
277 assert(bus);
278 assert(reply);
279 assert(c);
280
281 if (c->cpuset)
282 return sd_bus_message_append_array(reply, 'y', c->cpuset, CPU_ALLOC_SIZE(c->cpuset_ncpus));
283 else
284 return sd_bus_message_append_array(reply, 'y', NULL, 0);
285 }
286
287 static int property_get_timer_slack_nsec(
288 sd_bus *bus,
289 const char *path,
290 const char *interface,
291 const char *property,
292 sd_bus_message *reply,
293 void *userdata,
294 sd_bus_error *error) {
295
296 ExecContext *c = userdata;
297 uint64_t u;
298
299 assert(bus);
300 assert(reply);
301 assert(c);
302
303 if (c->timer_slack_nsec != (nsec_t) -1)
304 u = (uint64_t) c->timer_slack_nsec;
305 else
306 u = (uint64_t) prctl(PR_GET_TIMERSLACK);
307
308 return sd_bus_message_append(reply, "t", u);
309 }
310
311 static int property_get_capability_bounding_set(
312 sd_bus *bus,
313 const char *path,
314 const char *interface,
315 const char *property,
316 sd_bus_message *reply,
317 void *userdata,
318 sd_bus_error *error) {
319
320 ExecContext *c = userdata;
321
322 assert(bus);
323 assert(reply);
324 assert(c);
325
326 /* We store this negated internally, to match the kernel, but
327 * we expose it normalized. */
328 return sd_bus_message_append(reply, "t", ~c->capability_bounding_set_drop);
329 }
330
331 static int property_get_capabilities(
332 sd_bus *bus,
333 const char *path,
334 const char *interface,
335 const char *property,
336 sd_bus_message *reply,
337 void *userdata,
338 sd_bus_error *error) {
339
340 ExecContext *c = userdata;
341 _cleanup_cap_free_charp_ char *t = NULL;
342 const char *s;
343
344 assert(bus);
345 assert(reply);
346 assert(c);
347
348 if (c->capabilities)
349 s = t = cap_to_text(c->capabilities, NULL);
350 else
351 s = "";
352
353 if (!s)
354 return -ENOMEM;
355
356 return sd_bus_message_append(reply, "s", s);
357 }
358
359 static int property_get_syscall_filter(
360 sd_bus *bus,
361 const char *path,
362 const char *interface,
363 const char *property,
364 sd_bus_message *reply,
365 void *userdata,
366 sd_bus_error *error) {
367
368 ExecContext *c = userdata;
369 _cleanup_strv_free_ char **l = NULL;
370 int r;
371
372 #ifdef HAVE_SECCOMP
373 Iterator i;
374 void *id;
375 #endif
376
377 assert(bus);
378 assert(reply);
379 assert(c);
380
381 r = sd_bus_message_open_container(reply, 'r', "bas");
382 if (r < 0)
383 return r;
384
385 r = sd_bus_message_append(reply, "b", c->syscall_whitelist);
386 if (r < 0)
387 return r;
388
389 #ifdef HAVE_SECCOMP
390 SET_FOREACH(id, c->syscall_filter, i) {
391 char *name;
392
393 name = seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE, PTR_TO_INT(id) - 1);
394 if (!name)
395 continue;
396
397 r = strv_consume(&l, name);
398 if (r < 0)
399 return r;
400 }
401 #endif
402
403 strv_sort(l);
404
405 r = sd_bus_message_append_strv(reply, l);
406 if (r < 0)
407 return r;
408
409 return sd_bus_message_close_container(reply);
410 }
411
412 static int property_get_syscall_archs(
413 sd_bus *bus,
414 const char *path,
415 const char *interface,
416 const char *property,
417 sd_bus_message *reply,
418 void *userdata,
419 sd_bus_error *error) {
420
421 ExecContext *c = userdata;
422 _cleanup_strv_free_ char **l = NULL;
423 int r;
424
425 #ifdef HAVE_SECCOMP
426 Iterator i;
427 void *id;
428 #endif
429
430 assert(bus);
431 assert(reply);
432 assert(c);
433
434 #ifdef HAVE_SECCOMP
435 SET_FOREACH(id, c->syscall_archs, i) {
436 const char *name;
437
438 name = seccomp_arch_to_string(PTR_TO_UINT32(id) - 1);
439 if (!name)
440 continue;
441
442 r = strv_extend(&l, name);
443 if (r < 0)
444 return -ENOMEM;
445 }
446 #endif
447
448 strv_sort(l);
449
450 r = sd_bus_message_append_strv(reply, l);
451 if (r < 0)
452 return r;
453
454 return 0;
455 }
456
457 static int property_get_syscall_errno(
458 sd_bus *bus,
459 const char *path,
460 const char *interface,
461 const char *property,
462 sd_bus_message *reply,
463 void *userdata,
464 sd_bus_error *error) {
465
466 ExecContext *c = userdata;
467
468 assert(bus);
469 assert(reply);
470 assert(c);
471
472 return sd_bus_message_append(reply, "i", (int32_t) c->syscall_errno);
473 }
474
475 static int property_get_selinux_context(
476 sd_bus *bus,
477 const char *path,
478 const char *interface,
479 const char *property,
480 sd_bus_message *reply,
481 void *userdata,
482 sd_bus_error *error) {
483
484 ExecContext *c = userdata;
485
486 assert(bus);
487 assert(reply);
488 assert(c);
489
490 return sd_bus_message_append(reply, "(bs)", c->selinux_context_ignore, c->selinux_context);
491 }
492
493 static int property_get_apparmor_profile(
494 sd_bus *bus,
495 const char *path,
496 const char *interface,
497 const char *property,
498 sd_bus_message *reply,
499 void *userdata,
500 sd_bus_error *error) {
501
502 ExecContext *c = userdata;
503
504 assert(bus);
505 assert(reply);
506 assert(c);
507
508 return sd_bus_message_append(reply, "(bs)", c->apparmor_profile_ignore, c->apparmor_profile);
509 }
510
511 static int property_get_personality(
512 sd_bus *bus,
513 const char *path,
514 const char *interface,
515 const char *property,
516 sd_bus_message *reply,
517 void *userdata,
518 sd_bus_error *error) {
519
520 ExecContext *c = userdata;
521
522 assert(bus);
523 assert(reply);
524 assert(c);
525
526 return sd_bus_message_append(reply, "s", personality_to_string(c->personality));
527 }
528
529 static int property_get_address_families(
530 sd_bus *bus,
531 const char *path,
532 const char *interface,
533 const char *property,
534 sd_bus_message *reply,
535 void *userdata,
536 sd_bus_error *error) {
537
538 ExecContext *c = userdata;
539 _cleanup_strv_free_ char **l = NULL;
540 Iterator i;
541 void *af;
542 int r;
543
544 assert(bus);
545 assert(reply);
546 assert(c);
547
548 r = sd_bus_message_open_container(reply, 'r', "bas");
549 if (r < 0)
550 return r;
551
552 r = sd_bus_message_append(reply, "b", c->address_families_whitelist);
553 if (r < 0)
554 return r;
555
556 SET_FOREACH(af, c->address_families, i) {
557 const char *name;
558
559 name = af_to_name(PTR_TO_INT(af));
560 if (!name)
561 continue;
562
563 r = strv_extend(&l, name);
564 if (r < 0)
565 return -ENOMEM;
566 }
567
568 strv_sort(l);
569
570 r = sd_bus_message_append_strv(reply, l);
571 if (r < 0)
572 return r;
573
574 return sd_bus_message_close_container(reply);
575 }
576
577 const sd_bus_vtable bus_exec_vtable[] = {
578 SD_BUS_VTABLE_START(0),
579 SD_BUS_PROPERTY("Environment", "as", NULL, offsetof(ExecContext, environment), SD_BUS_VTABLE_PROPERTY_CONST),
580 SD_BUS_PROPERTY("EnvironmentFiles", "a(sb)", property_get_environment_files, 0, SD_BUS_VTABLE_PROPERTY_CONST),
581 SD_BUS_PROPERTY("UMask", "u", bus_property_get_mode, offsetof(ExecContext, umask), SD_BUS_VTABLE_PROPERTY_CONST),
582 SD_BUS_PROPERTY("LimitCPU", "t", property_get_rlimit, offsetof(ExecContext, rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST),
583 SD_BUS_PROPERTY("LimitFSIZE", "t", property_get_rlimit, offsetof(ExecContext, rlimit[RLIMIT_FSIZE]), SD_BUS_VTABLE_PROPERTY_CONST),
584 SD_BUS_PROPERTY("LimitDATA", "t", property_get_rlimit, offsetof(ExecContext, rlimit[RLIMIT_DATA]), SD_BUS_VTABLE_PROPERTY_CONST),
585 SD_BUS_PROPERTY("LimitSTACK", "t", property_get_rlimit, offsetof(ExecContext, rlimit[RLIMIT_STACK]), SD_BUS_VTABLE_PROPERTY_CONST),
586 SD_BUS_PROPERTY("LimitCORE", "t", property_get_rlimit, offsetof(ExecContext, rlimit[RLIMIT_CORE]), SD_BUS_VTABLE_PROPERTY_CONST),
587 SD_BUS_PROPERTY("LimitRSS", "t", property_get_rlimit, offsetof(ExecContext, rlimit[RLIMIT_RSS]), SD_BUS_VTABLE_PROPERTY_CONST),
588 SD_BUS_PROPERTY("LimitNOFILE", "t", property_get_rlimit, offsetof(ExecContext, rlimit[RLIMIT_NOFILE]), SD_BUS_VTABLE_PROPERTY_CONST),
589 SD_BUS_PROPERTY("LimitAS", "t", property_get_rlimit, offsetof(ExecContext, rlimit[RLIMIT_AS]), SD_BUS_VTABLE_PROPERTY_CONST),
590 SD_BUS_PROPERTY("LimitNPROC", "t", property_get_rlimit, offsetof(ExecContext, rlimit[RLIMIT_NPROC]), SD_BUS_VTABLE_PROPERTY_CONST),
591 SD_BUS_PROPERTY("LimitMEMLOCK", "t", property_get_rlimit, offsetof(ExecContext, rlimit[RLIMIT_MEMLOCK]), SD_BUS_VTABLE_PROPERTY_CONST),
592 SD_BUS_PROPERTY("LimitLOCKS", "t", property_get_rlimit, offsetof(ExecContext, rlimit[RLIMIT_LOCKS]), SD_BUS_VTABLE_PROPERTY_CONST),
593 SD_BUS_PROPERTY("LimitSIGPENDING", "t", property_get_rlimit, offsetof(ExecContext, rlimit[RLIMIT_SIGPENDING]), SD_BUS_VTABLE_PROPERTY_CONST),
594 SD_BUS_PROPERTY("LimitMSGQUEUE", "t", property_get_rlimit, offsetof(ExecContext, rlimit[RLIMIT_MSGQUEUE]), SD_BUS_VTABLE_PROPERTY_CONST),
595 SD_BUS_PROPERTY("LimitNICE", "t", property_get_rlimit, offsetof(ExecContext, rlimit[RLIMIT_NICE]), SD_BUS_VTABLE_PROPERTY_CONST),
596 SD_BUS_PROPERTY("LimitRTPRIO", "t", property_get_rlimit, offsetof(ExecContext, rlimit[RLIMIT_RTPRIO]), SD_BUS_VTABLE_PROPERTY_CONST),
597 SD_BUS_PROPERTY("LimitRTTIME", "t", property_get_rlimit, offsetof(ExecContext, rlimit[RLIMIT_RTTIME]), SD_BUS_VTABLE_PROPERTY_CONST),
598 SD_BUS_PROPERTY("WorkingDirectory", "s", NULL, offsetof(ExecContext, working_directory), SD_BUS_VTABLE_PROPERTY_CONST),
599 SD_BUS_PROPERTY("RootDirectory", "s", NULL, offsetof(ExecContext, root_directory), SD_BUS_VTABLE_PROPERTY_CONST),
600 SD_BUS_PROPERTY("OOMScoreAdjust", "i", property_get_oom_score_adjust, 0, SD_BUS_VTABLE_PROPERTY_CONST),
601 SD_BUS_PROPERTY("Nice", "i", property_get_nice, 0, SD_BUS_VTABLE_PROPERTY_CONST),
602 SD_BUS_PROPERTY("IOScheduling", "i", property_get_ioprio, 0, SD_BUS_VTABLE_PROPERTY_CONST),
603 SD_BUS_PROPERTY("CPUSchedulingPolicy", "i", property_get_cpu_sched_policy, 0, SD_BUS_VTABLE_PROPERTY_CONST),
604 SD_BUS_PROPERTY("CPUSchedulingPriority", "i", property_get_cpu_sched_priority, 0, SD_BUS_VTABLE_PROPERTY_CONST),
605 SD_BUS_PROPERTY("CPUAffinity", "ay", property_get_cpu_affinity, 0, SD_BUS_VTABLE_PROPERTY_CONST),
606 SD_BUS_PROPERTY("TimerSlackNSec", "t", property_get_timer_slack_nsec, 0, SD_BUS_VTABLE_PROPERTY_CONST),
607 SD_BUS_PROPERTY("CPUSchedulingResetOnFork", "b", bus_property_get_bool, offsetof(ExecContext, cpu_sched_reset_on_fork), SD_BUS_VTABLE_PROPERTY_CONST),
608 SD_BUS_PROPERTY("NonBlocking", "b", bus_property_get_bool, offsetof(ExecContext, non_blocking), SD_BUS_VTABLE_PROPERTY_CONST),
609 SD_BUS_PROPERTY("StandardInput", "s", property_get_exec_input, offsetof(ExecContext, std_input), SD_BUS_VTABLE_PROPERTY_CONST),
610 SD_BUS_PROPERTY("StandardOutput", "s", bus_property_get_exec_output, offsetof(ExecContext, std_output), SD_BUS_VTABLE_PROPERTY_CONST),
611 SD_BUS_PROPERTY("StandardError", "s", bus_property_get_exec_output, offsetof(ExecContext, std_error), SD_BUS_VTABLE_PROPERTY_CONST),
612 SD_BUS_PROPERTY("TTYPath", "s", NULL, offsetof(ExecContext, tty_path), SD_BUS_VTABLE_PROPERTY_CONST),
613 SD_BUS_PROPERTY("TTYReset", "b", bus_property_get_bool, offsetof(ExecContext, tty_reset), SD_BUS_VTABLE_PROPERTY_CONST),
614 SD_BUS_PROPERTY("TTYVHangup", "b", bus_property_get_bool, offsetof(ExecContext, tty_vhangup), SD_BUS_VTABLE_PROPERTY_CONST),
615 SD_BUS_PROPERTY("TTYVTDisallocate", "b", bus_property_get_bool, offsetof(ExecContext, tty_vt_disallocate), SD_BUS_VTABLE_PROPERTY_CONST),
616 SD_BUS_PROPERTY("SyslogPriority", "i", bus_property_get_int, offsetof(ExecContext, syslog_priority), SD_BUS_VTABLE_PROPERTY_CONST),
617 SD_BUS_PROPERTY("SyslogIdentifier", "s", NULL, offsetof(ExecContext, syslog_identifier), SD_BUS_VTABLE_PROPERTY_CONST),
618 SD_BUS_PROPERTY("SyslogLevelPrefix", "b", bus_property_get_bool, offsetof(ExecContext, syslog_level_prefix), SD_BUS_VTABLE_PROPERTY_CONST),
619 SD_BUS_PROPERTY("Capabilities", "s", property_get_capabilities, 0, SD_BUS_VTABLE_PROPERTY_CONST),
620 SD_BUS_PROPERTY("SecureBits", "i", bus_property_get_int, offsetof(ExecContext, secure_bits), SD_BUS_VTABLE_PROPERTY_CONST),
621 SD_BUS_PROPERTY("CapabilityBoundingSet", "t", property_get_capability_bounding_set, 0, SD_BUS_VTABLE_PROPERTY_CONST),
622 SD_BUS_PROPERTY("User", "s", NULL, offsetof(ExecContext, user), SD_BUS_VTABLE_PROPERTY_CONST),
623 SD_BUS_PROPERTY("Group", "s", NULL, offsetof(ExecContext, group), SD_BUS_VTABLE_PROPERTY_CONST),
624 SD_BUS_PROPERTY("SupplementaryGroups", "as", NULL, offsetof(ExecContext, supplementary_groups), SD_BUS_VTABLE_PROPERTY_CONST),
625 SD_BUS_PROPERTY("PAMName", "s", NULL, offsetof(ExecContext, pam_name), SD_BUS_VTABLE_PROPERTY_CONST),
626 SD_BUS_PROPERTY("ReadWriteDirectories", "as", NULL, offsetof(ExecContext, read_write_dirs), SD_BUS_VTABLE_PROPERTY_CONST),
627 SD_BUS_PROPERTY("ReadOnlyDirectories", "as", NULL, offsetof(ExecContext, read_only_dirs), SD_BUS_VTABLE_PROPERTY_CONST),
628 SD_BUS_PROPERTY("InaccessibleDirectories", "as", NULL, offsetof(ExecContext, inaccessible_dirs), SD_BUS_VTABLE_PROPERTY_CONST),
629 SD_BUS_PROPERTY("MountFlags", "t", bus_property_get_ulong, offsetof(ExecContext, mount_flags), SD_BUS_VTABLE_PROPERTY_CONST),
630 SD_BUS_PROPERTY("PrivateTmp", "b", bus_property_get_bool, offsetof(ExecContext, private_tmp), SD_BUS_VTABLE_PROPERTY_CONST),
631 SD_BUS_PROPERTY("PrivateNetwork", "b", bus_property_get_bool, offsetof(ExecContext, private_network), SD_BUS_VTABLE_PROPERTY_CONST),
632 SD_BUS_PROPERTY("PrivateDevices", "b", bus_property_get_bool, offsetof(ExecContext, private_devices), SD_BUS_VTABLE_PROPERTY_CONST),
633 SD_BUS_PROPERTY("ProtectHome", "s", bus_property_get_protect_home, offsetof(ExecContext, protect_home), SD_BUS_VTABLE_PROPERTY_CONST),
634 SD_BUS_PROPERTY("ProtectSystem", "s", bus_property_get_protect_system, offsetof(ExecContext, protect_system), SD_BUS_VTABLE_PROPERTY_CONST),
635 SD_BUS_PROPERTY("SameProcessGroup", "b", bus_property_get_bool, offsetof(ExecContext, same_pgrp), SD_BUS_VTABLE_PROPERTY_CONST),
636 SD_BUS_PROPERTY("UtmpIdentifier", "s", NULL, offsetof(ExecContext, utmp_id), SD_BUS_VTABLE_PROPERTY_CONST),
637 SD_BUS_PROPERTY("SELinuxContext", "(bs)", property_get_selinux_context, 0, SD_BUS_VTABLE_PROPERTY_CONST),
638 SD_BUS_PROPERTY("AppArmorProfile", "(bs)", property_get_apparmor_profile, 0, SD_BUS_VTABLE_PROPERTY_CONST),
639 SD_BUS_PROPERTY("IgnoreSIGPIPE", "b", bus_property_get_bool, offsetof(ExecContext, ignore_sigpipe), SD_BUS_VTABLE_PROPERTY_CONST),
640 SD_BUS_PROPERTY("NoNewPrivileges", "b", bus_property_get_bool, offsetof(ExecContext, no_new_privileges), SD_BUS_VTABLE_PROPERTY_CONST),
641 SD_BUS_PROPERTY("SystemCallFilter", "(bas)", property_get_syscall_filter, 0, SD_BUS_VTABLE_PROPERTY_CONST),
642 SD_BUS_PROPERTY("SystemCallArchitectures", "as", property_get_syscall_archs, 0, SD_BUS_VTABLE_PROPERTY_CONST),
643 SD_BUS_PROPERTY("SystemCallErrorNumber", "i", property_get_syscall_errno, 0, SD_BUS_VTABLE_PROPERTY_CONST),
644 SD_BUS_PROPERTY("Personality", "s", property_get_personality, 0, SD_BUS_VTABLE_PROPERTY_CONST),
645 SD_BUS_PROPERTY("RestrictAddressFamilies", "(bas)", property_get_address_families, 0, SD_BUS_VTABLE_PROPERTY_CONST),
646 SD_BUS_PROPERTY("RuntimeDirectoryMode", "u", bus_property_get_mode, offsetof(ExecContext, runtime_directory_mode), SD_BUS_VTABLE_PROPERTY_CONST),
647 SD_BUS_PROPERTY("RuntimeDirectory", "as", NULL, offsetof(ExecContext, runtime_directory), SD_BUS_VTABLE_PROPERTY_CONST),
648 SD_BUS_VTABLE_END
649 };
650
651 static int append_exec_command(sd_bus_message *reply, ExecCommand *c) {
652 int r;
653
654 assert(reply);
655 assert(c);
656
657 if (!c->path)
658 return 0;
659
660 r = sd_bus_message_open_container(reply, 'r', "sasbttttuii");
661 if (r < 0)
662 return r;
663
664 r = sd_bus_message_append(reply, "s", c->path);
665 if (r < 0)
666 return r;
667
668 r = sd_bus_message_append_strv(reply, c->argv);
669 if (r < 0)
670 return r;
671
672 r = sd_bus_message_append(reply, "bttttuii",
673 c->ignore,
674 c->exec_status.start_timestamp.realtime,
675 c->exec_status.start_timestamp.monotonic,
676 c->exec_status.exit_timestamp.realtime,
677 c->exec_status.exit_timestamp.monotonic,
678 (uint32_t) c->exec_status.pid,
679 (int32_t) c->exec_status.code,
680 (int32_t) c->exec_status.status);
681 if (r < 0)
682 return r;
683
684 return sd_bus_message_close_container(reply);
685 }
686
687 int bus_property_get_exec_command(
688 sd_bus *bus,
689 const char *path,
690 const char *interface,
691 const char *property,
692 sd_bus_message *reply,
693 void *userdata,
694 sd_bus_error *ret_error) {
695
696 ExecCommand *c = (ExecCommand*) userdata;
697 int r;
698
699 assert(bus);
700 assert(reply);
701
702 r = sd_bus_message_open_container(reply, 'a', "(sasbttttuii)");
703 if (r < 0)
704 return r;
705
706 r = append_exec_command(reply, c);
707 if (r < 0)
708 return r;
709
710 return sd_bus_message_close_container(reply);
711 }
712
713 int bus_property_get_exec_command_list(
714 sd_bus *bus,
715 const char *path,
716 const char *interface,
717 const char *property,
718 sd_bus_message *reply,
719 void *userdata,
720 sd_bus_error *ret_error) {
721
722 ExecCommand *c = *(ExecCommand**) userdata;
723 int r;
724
725 assert(bus);
726 assert(reply);
727
728 r = sd_bus_message_open_container(reply, 'a', "(sasbttttuii)");
729 if (r < 0)
730 return r;
731
732 LIST_FOREACH(command, c, c) {
733 r = append_exec_command(reply, c);
734 if (r < 0)
735 return r;
736 }
737
738 return sd_bus_message_close_container(reply);
739 }
740
741 int bus_exec_context_set_transient_property(
742 Unit *u,
743 ExecContext *c,
744 const char *name,
745 sd_bus_message *message,
746 UnitSetPropertiesMode mode,
747 sd_bus_error *error) {
748
749 int r;
750
751 assert(u);
752 assert(c);
753 assert(name);
754 assert(message);
755
756 if (streq(name, "User")) {
757 const char *uu;
758
759 r = sd_bus_message_read(message, "s", &uu);
760 if (r < 0)
761 return r;
762
763 if (mode != UNIT_CHECK) {
764
765 if (isempty(uu)) {
766 free(c->user);
767 c->user = NULL;
768 } else {
769 char *t;
770
771 t = strdup(uu);
772 if (!t)
773 return -ENOMEM;
774
775 free(c->user);
776 c->user = t;
777 }
778
779 unit_write_drop_in_private_format(u, mode, name, "User=%s\n", uu);
780 }
781
782 return 1;
783
784 } else if (streq(name, "Group")) {
785 const char *gg;
786
787 r = sd_bus_message_read(message, "s", &gg);
788 if (r < 0)
789 return r;
790
791 if (mode != UNIT_CHECK) {
792
793 if (isempty(gg)) {
794 free(c->group);
795 c->group = NULL;
796 } else {
797 char *t;
798
799 t = strdup(gg);
800 if (!t)
801 return -ENOMEM;
802
803 free(c->group);
804 c->group = t;
805 }
806
807 unit_write_drop_in_private_format(u, mode, name, "Group=%s\n", gg);
808 }
809
810 return 1;
811
812 } else if (streq(name, "Nice")) {
813 int n;
814
815 r = sd_bus_message_read(message, "i", &n);
816 if (r < 0)
817 return r;
818
819 if (n < PRIO_MIN || n >= PRIO_MAX)
820 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Nice value out of range");
821
822 if (mode != UNIT_CHECK) {
823 c->nice = n;
824 unit_write_drop_in_private_format(u, mode, name, "Nice=%i\n", n);
825 }
826
827 return 1;
828
829 } else if (streq(name, "Environment")) {
830
831 _cleanup_strv_free_ char **l = NULL;
832
833 r = sd_bus_message_read_strv(message, &l);
834 if (r < 0)
835 return r;
836
837 if (!strv_env_is_valid(l))
838 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid environment block.");
839
840 if (mode != UNIT_CHECK) {
841 _cleanup_free_ char *joined = NULL;
842 char **e;
843
844 e = strv_env_merge(2, c->environment, l);
845 if (!e)
846 return -ENOMEM;
847
848 strv_free(c->environment);
849 c->environment = e;
850
851 joined = strv_join(c->environment, " ");
852 if (!joined)
853 return -ENOMEM;
854
855 unit_write_drop_in_private_format(u, mode, name, "Environment=%s\n", joined);
856 }
857
858 return 1;
859
860 } else if (rlimit_from_string(name) >= 0) {
861 uint64_t rl;
862 rlim_t x;
863
864 r = sd_bus_message_read(message, "t", &rl);
865 if (r < 0)
866 return r;
867
868 if (rl == (uint64_t) -1)
869 x = RLIM_INFINITY;
870 else {
871 x = (rlim_t) rl;
872
873 if ((uint64_t) x != rl)
874 return -ERANGE;
875 }
876
877 if (mode != UNIT_CHECK) {
878 int z;
879
880 z = rlimit_from_string(name);
881
882 if (!c->rlimit[z]) {
883 c->rlimit[z] = new(struct rlimit, 1);
884 if (!c->rlimit[z])
885 return -ENOMEM;
886 }
887
888 c->rlimit[z]->rlim_cur = c->rlimit[z]->rlim_max = x;
889
890 if (x == RLIM_INFINITY)
891 unit_write_drop_in_private_format(u, mode, name, "%s=infinity\n", name);
892 else
893 unit_write_drop_in_private_format(u, mode, name, "%s=%" PRIu64 "\n", name, rl);
894 }
895
896 return 1;
897 }
898
899 return 0;
900 }
Unnamed repository; edit this file 'description' to name the repository.