2 This file is part of systemd.
4 Copyright 2010 Lennart Poettering
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 #include <sys/prctl.h>
27 #include "alloc-util.h"
29 #include "capability-util.h"
31 #include "dbus-execute.h"
33 #include "errno-list.h"
39 #include "mount-util.h"
40 #include "namespace.h"
41 #include "parse-util.h"
42 #include "path-util.h"
43 #include "process-util.h"
44 #include "rlimit-util.h"
46 #include "seccomp-util.h"
48 #include "securebits-util.h"
50 #include "syslog-util.h"
51 #include "unit-printf.h"
52 #include "user-util.h"
55 BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_exec_output
, exec_output
, ExecOutput
);
57 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_input
, exec_input
, ExecInput
);
59 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_utmp_mode
, exec_utmp_mode
, ExecUtmpMode
);
61 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_exec_preserve_mode
, exec_preserve_mode
, ExecPreserveMode
);
63 static BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_protect_home
, protect_home
, ProtectHome
);
64 static BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_protect_system
, protect_system
, ProtectSystem
);
66 static int property_get_environment_files(
69 const char *interface
,
71 sd_bus_message
*reply
,
73 sd_bus_error
*error
) {
75 ExecContext
*c
= userdata
;
83 r
= sd_bus_message_open_container(reply
, 'a', "(sb)");
87 STRV_FOREACH(j
, c
->environment_files
) {
90 r
= sd_bus_message_append(reply
, "(sb)", fn
[0] == '-' ? fn
+ 1 : fn
, fn
[0] == '-');
95 return sd_bus_message_close_container(reply
);
98 static int property_get_oom_score_adjust(
101 const char *interface
,
102 const char *property
,
103 sd_bus_message
*reply
,
105 sd_bus_error
*error
) {
108 ExecContext
*c
= userdata
;
115 if (c
->oom_score_adjust_set
)
116 n
= c
->oom_score_adjust
;
118 _cleanup_free_
char *t
= NULL
;
121 if (read_one_line_file("/proc/self/oom_score_adj", &t
) >= 0)
125 return sd_bus_message_append(reply
, "i", n
);
128 static int property_get_nice(
131 const char *interface
,
132 const char *property
,
133 sd_bus_message
*reply
,
135 sd_bus_error
*error
) {
138 ExecContext
*c
= userdata
;
149 n
= getpriority(PRIO_PROCESS
, 0);
154 return sd_bus_message_append(reply
, "i", n
);
157 static int property_get_ioprio(
160 const char *interface
,
161 const char *property
,
162 sd_bus_message
*reply
,
164 sd_bus_error
*error
) {
167 ExecContext
*c
= userdata
;
173 return sd_bus_message_append(reply
, "i", exec_context_get_effective_ioprio(c
));
176 static int property_get_ioprio_class(
179 const char *interface
,
180 const char *property
,
181 sd_bus_message
*reply
,
183 sd_bus_error
*error
) {
186 ExecContext
*c
= userdata
;
192 return sd_bus_message_append(reply
, "i", IOPRIO_PRIO_CLASS(exec_context_get_effective_ioprio(c
)));
195 static int property_get_ioprio_priority(
198 const char *interface
,
199 const char *property
,
200 sd_bus_message
*reply
,
202 sd_bus_error
*error
) {
205 ExecContext
*c
= userdata
;
211 return sd_bus_message_append(reply
, "i", IOPRIO_PRIO_DATA(exec_context_get_effective_ioprio(c
)));
214 static int property_get_cpu_sched_policy(
217 const char *interface
,
218 const char *property
,
219 sd_bus_message
*reply
,
221 sd_bus_error
*error
) {
223 ExecContext
*c
= userdata
;
230 if (c
->cpu_sched_set
)
231 n
= c
->cpu_sched_policy
;
233 n
= sched_getscheduler(0);
238 return sd_bus_message_append(reply
, "i", n
);
241 static int property_get_cpu_sched_priority(
244 const char *interface
,
245 const char *property
,
246 sd_bus_message
*reply
,
248 sd_bus_error
*error
) {
250 ExecContext
*c
= userdata
;
257 if (c
->cpu_sched_set
)
258 n
= c
->cpu_sched_priority
;
260 struct sched_param p
= {};
262 if (sched_getparam(0, &p
) >= 0)
263 n
= p
.sched_priority
;
268 return sd_bus_message_append(reply
, "i", n
);
271 static int property_get_cpu_affinity(
274 const char *interface
,
275 const char *property
,
276 sd_bus_message
*reply
,
278 sd_bus_error
*error
) {
280 ExecContext
*c
= userdata
;
287 return sd_bus_message_append_array(reply
, 'y', c
->cpuset
, CPU_ALLOC_SIZE(c
->cpuset_ncpus
));
289 return sd_bus_message_append_array(reply
, 'y', NULL
, 0);
292 static int property_get_timer_slack_nsec(
295 const char *interface
,
296 const char *property
,
297 sd_bus_message
*reply
,
299 sd_bus_error
*error
) {
301 ExecContext
*c
= userdata
;
308 if (c
->timer_slack_nsec
!= NSEC_INFINITY
)
309 u
= (uint64_t) c
->timer_slack_nsec
;
311 u
= (uint64_t) prctl(PR_GET_TIMERSLACK
);
313 return sd_bus_message_append(reply
, "t", u
);
316 static int property_get_capability_bounding_set(
319 const char *interface
,
320 const char *property
,
321 sd_bus_message
*reply
,
323 sd_bus_error
*error
) {
325 ExecContext
*c
= userdata
;
331 return sd_bus_message_append(reply
, "t", c
->capability_bounding_set
);
334 static int property_get_ambient_capabilities(
337 const char *interface
,
338 const char *property
,
339 sd_bus_message
*reply
,
341 sd_bus_error
*error
) {
343 ExecContext
*c
= userdata
;
349 return sd_bus_message_append(reply
, "t", c
->capability_ambient_set
);
352 static int property_get_empty_string(
355 const char *interface
,
356 const char *property
,
357 sd_bus_message
*reply
,
359 sd_bus_error
*error
) {
364 return sd_bus_message_append(reply
, "s", "");
367 static int property_get_syscall_filter(
370 const char *interface
,
371 const char *property
,
372 sd_bus_message
*reply
,
374 sd_bus_error
*error
) {
376 ExecContext
*c
= userdata
;
377 _cleanup_strv_free_
char **l
= NULL
;
389 r
= sd_bus_message_open_container(reply
, 'r', "bas");
393 r
= sd_bus_message_append(reply
, "b", c
->syscall_whitelist
);
398 SET_FOREACH(id
, c
->syscall_filter
, i
) {
401 name
= seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE
, PTR_TO_INT(id
) - 1);
405 r
= strv_consume(&l
, name
);
413 r
= sd_bus_message_append_strv(reply
, l
);
417 return sd_bus_message_close_container(reply
);
420 static int property_get_syscall_archs(
423 const char *interface
,
424 const char *property
,
425 sd_bus_message
*reply
,
427 sd_bus_error
*error
) {
429 ExecContext
*c
= userdata
;
430 _cleanup_strv_free_
char **l
= NULL
;
443 SET_FOREACH(id
, c
->syscall_archs
, i
) {
446 name
= seccomp_arch_to_string(PTR_TO_UINT32(id
) - 1);
450 r
= strv_extend(&l
, name
);
458 r
= sd_bus_message_append_strv(reply
, l
);
465 static int property_get_syscall_errno(
468 const char *interface
,
469 const char *property
,
470 sd_bus_message
*reply
,
472 sd_bus_error
*error
) {
474 ExecContext
*c
= userdata
;
480 return sd_bus_message_append(reply
, "i", (int32_t) c
->syscall_errno
);
483 static int property_get_selinux_context(
486 const char *interface
,
487 const char *property
,
488 sd_bus_message
*reply
,
490 sd_bus_error
*error
) {
492 ExecContext
*c
= userdata
;
498 return sd_bus_message_append(reply
, "(bs)", c
->selinux_context_ignore
, c
->selinux_context
);
501 static int property_get_apparmor_profile(
504 const char *interface
,
505 const char *property
,
506 sd_bus_message
*reply
,
508 sd_bus_error
*error
) {
510 ExecContext
*c
= userdata
;
516 return sd_bus_message_append(reply
, "(bs)", c
->apparmor_profile_ignore
, c
->apparmor_profile
);
519 static int property_get_smack_process_label(
522 const char *interface
,
523 const char *property
,
524 sd_bus_message
*reply
,
526 sd_bus_error
*error
) {
528 ExecContext
*c
= userdata
;
534 return sd_bus_message_append(reply
, "(bs)", c
->smack_process_label_ignore
, c
->smack_process_label
);
537 static int property_get_personality(
540 const char *interface
,
541 const char *property
,
542 sd_bus_message
*reply
,
544 sd_bus_error
*error
) {
546 ExecContext
*c
= userdata
;
552 return sd_bus_message_append(reply
, "s", personality_to_string(c
->personality
));
555 static int property_get_address_families(
558 const char *interface
,
559 const char *property
,
560 sd_bus_message
*reply
,
562 sd_bus_error
*error
) {
564 ExecContext
*c
= userdata
;
565 _cleanup_strv_free_
char **l
= NULL
;
574 r
= sd_bus_message_open_container(reply
, 'r', "bas");
578 r
= sd_bus_message_append(reply
, "b", c
->address_families_whitelist
);
582 SET_FOREACH(af
, c
->address_families
, i
) {
585 name
= af_to_name(PTR_TO_INT(af
));
589 r
= strv_extend(&l
, name
);
596 r
= sd_bus_message_append_strv(reply
, l
);
600 return sd_bus_message_close_container(reply
);
603 static int property_get_working_directory(
606 const char *interface
,
607 const char *property
,
608 sd_bus_message
*reply
,
610 sd_bus_error
*error
) {
612 ExecContext
*c
= userdata
;
619 if (c
->working_directory_home
)
622 wd
= c
->working_directory
;
624 if (c
->working_directory_missing_ok
)
625 wd
= strjoina("!", wd
);
627 return sd_bus_message_append(reply
, "s", wd
);
630 static int property_get_syslog_level(
633 const char *interface
,
634 const char *property
,
635 sd_bus_message
*reply
,
637 sd_bus_error
*error
) {
639 ExecContext
*c
= userdata
;
645 return sd_bus_message_append(reply
, "i", LOG_PRI(c
->syslog_priority
));
648 static int property_get_syslog_facility(
651 const char *interface
,
652 const char *property
,
653 sd_bus_message
*reply
,
655 sd_bus_error
*error
) {
657 ExecContext
*c
= userdata
;
663 return sd_bus_message_append(reply
, "i", LOG_FAC(c
->syslog_priority
));
666 static int property_get_input_fdname(
669 const char *interface
,
670 const char *property
,
671 sd_bus_message
*reply
,
673 sd_bus_error
*error
) {
675 ExecContext
*c
= userdata
;
683 name
= exec_context_fdname(c
, STDIN_FILENO
);
685 return sd_bus_message_append(reply
, "s", name
);
688 static int property_get_output_fdname(
691 const char *interface
,
692 const char *property
,
693 sd_bus_message
*reply
,
695 sd_bus_error
*error
) {
697 ExecContext
*c
= userdata
;
698 const char *name
= NULL
;
705 if (c
->std_output
== EXEC_OUTPUT_NAMED_FD
&& streq(property
, "StandardOutputFileDescriptorName"))
706 name
= exec_context_fdname(c
, STDOUT_FILENO
);
707 else if (c
->std_error
== EXEC_OUTPUT_NAMED_FD
&& streq(property
, "StandardErrorFileDescriptorName"))
708 name
= exec_context_fdname(c
, STDERR_FILENO
);
710 return sd_bus_message_append(reply
, "s", name
);
713 static int property_get_bind_paths(
716 const char *interface
,
717 const char *property
,
718 sd_bus_message
*reply
,
720 sd_bus_error
*error
) {
722 ExecContext
*c
= userdata
;
732 ro
= !!strstr(property
, "ReadOnly");
734 r
= sd_bus_message_open_container(reply
, 'a', "(ssbt)");
738 for (i
= 0; i
< c
->n_bind_mounts
; i
++) {
740 if (ro
!= c
->bind_mounts
[i
].read_only
)
743 r
= sd_bus_message_append(
745 c
->bind_mounts
[i
].source
,
746 c
->bind_mounts
[i
].destination
,
747 c
->bind_mounts
[i
].ignore_enoent
,
748 c
->bind_mounts
[i
].recursive
? (uint64_t) MS_REC
: (uint64_t) 0);
753 return sd_bus_message_close_container(reply
);
756 const sd_bus_vtable bus_exec_vtable
[] = {
757 SD_BUS_VTABLE_START(0),
758 SD_BUS_PROPERTY("Environment", "as", NULL
, offsetof(ExecContext
, environment
), SD_BUS_VTABLE_PROPERTY_CONST
),
759 SD_BUS_PROPERTY("EnvironmentFiles", "a(sb)", property_get_environment_files
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
760 SD_BUS_PROPERTY("PassEnvironment", "as", NULL
, offsetof(ExecContext
, pass_environment
), SD_BUS_VTABLE_PROPERTY_CONST
),
761 SD_BUS_PROPERTY("UMask", "u", bus_property_get_mode
, offsetof(ExecContext
, umask
), SD_BUS_VTABLE_PROPERTY_CONST
),
762 SD_BUS_PROPERTY("LimitCPU", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_CPU
]), SD_BUS_VTABLE_PROPERTY_CONST
),
763 SD_BUS_PROPERTY("LimitCPUSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_CPU
]), SD_BUS_VTABLE_PROPERTY_CONST
),
764 SD_BUS_PROPERTY("LimitFSIZE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_FSIZE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
765 SD_BUS_PROPERTY("LimitFSIZESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_FSIZE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
766 SD_BUS_PROPERTY("LimitDATA", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_DATA
]), SD_BUS_VTABLE_PROPERTY_CONST
),
767 SD_BUS_PROPERTY("LimitDATASoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_DATA
]), SD_BUS_VTABLE_PROPERTY_CONST
),
768 SD_BUS_PROPERTY("LimitSTACK", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_STACK
]), SD_BUS_VTABLE_PROPERTY_CONST
),
769 SD_BUS_PROPERTY("LimitSTACKSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_STACK
]), SD_BUS_VTABLE_PROPERTY_CONST
),
770 SD_BUS_PROPERTY("LimitCORE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_CORE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
771 SD_BUS_PROPERTY("LimitCORESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_CORE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
772 SD_BUS_PROPERTY("LimitRSS", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RSS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
773 SD_BUS_PROPERTY("LimitRSSSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RSS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
774 SD_BUS_PROPERTY("LimitNOFILE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NOFILE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
775 SD_BUS_PROPERTY("LimitNOFILESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NOFILE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
776 SD_BUS_PROPERTY("LimitAS", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_AS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
777 SD_BUS_PROPERTY("LimitASSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_AS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
778 SD_BUS_PROPERTY("LimitNPROC", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NPROC
]), SD_BUS_VTABLE_PROPERTY_CONST
),
779 SD_BUS_PROPERTY("LimitNPROCSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NPROC
]), SD_BUS_VTABLE_PROPERTY_CONST
),
780 SD_BUS_PROPERTY("LimitMEMLOCK", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_MEMLOCK
]), SD_BUS_VTABLE_PROPERTY_CONST
),
781 SD_BUS_PROPERTY("LimitMEMLOCKSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_MEMLOCK
]), SD_BUS_VTABLE_PROPERTY_CONST
),
782 SD_BUS_PROPERTY("LimitLOCKS", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_LOCKS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
783 SD_BUS_PROPERTY("LimitLOCKSSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_LOCKS
]), SD_BUS_VTABLE_PROPERTY_CONST
),
784 SD_BUS_PROPERTY("LimitSIGPENDING", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_SIGPENDING
]), SD_BUS_VTABLE_PROPERTY_CONST
),
785 SD_BUS_PROPERTY("LimitSIGPENDINGSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_SIGPENDING
]), SD_BUS_VTABLE_PROPERTY_CONST
),
786 SD_BUS_PROPERTY("LimitMSGQUEUE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_MSGQUEUE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
787 SD_BUS_PROPERTY("LimitMSGQUEUESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_MSGQUEUE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
788 SD_BUS_PROPERTY("LimitNICE", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NICE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
789 SD_BUS_PROPERTY("LimitNICESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_NICE
]), SD_BUS_VTABLE_PROPERTY_CONST
),
790 SD_BUS_PROPERTY("LimitRTPRIO", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RTPRIO
]), SD_BUS_VTABLE_PROPERTY_CONST
),
791 SD_BUS_PROPERTY("LimitRTPRIOSoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RTPRIO
]), SD_BUS_VTABLE_PROPERTY_CONST
),
792 SD_BUS_PROPERTY("LimitRTTIME", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RTTIME
]), SD_BUS_VTABLE_PROPERTY_CONST
),
793 SD_BUS_PROPERTY("LimitRTTIMESoft", "t", bus_property_get_rlimit
, offsetof(ExecContext
, rlimit
[RLIMIT_RTTIME
]), SD_BUS_VTABLE_PROPERTY_CONST
),
794 SD_BUS_PROPERTY("WorkingDirectory", "s", property_get_working_directory
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
795 SD_BUS_PROPERTY("RootDirectory", "s", NULL
, offsetof(ExecContext
, root_directory
), SD_BUS_VTABLE_PROPERTY_CONST
),
796 SD_BUS_PROPERTY("RootImage", "s", NULL
, offsetof(ExecContext
, root_image
), SD_BUS_VTABLE_PROPERTY_CONST
),
797 SD_BUS_PROPERTY("OOMScoreAdjust", "i", property_get_oom_score_adjust
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
798 SD_BUS_PROPERTY("Nice", "i", property_get_nice
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
799 SD_BUS_PROPERTY("IOSchedulingClass", "i", property_get_ioprio_class
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
800 SD_BUS_PROPERTY("IOSchedulingPriority", "i", property_get_ioprio_priority
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
801 SD_BUS_PROPERTY("CPUSchedulingPolicy", "i", property_get_cpu_sched_policy
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
802 SD_BUS_PROPERTY("CPUSchedulingPriority", "i", property_get_cpu_sched_priority
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
803 SD_BUS_PROPERTY("CPUAffinity", "ay", property_get_cpu_affinity
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
804 SD_BUS_PROPERTY("TimerSlackNSec", "t", property_get_timer_slack_nsec
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
805 SD_BUS_PROPERTY("CPUSchedulingResetOnFork", "b", bus_property_get_bool
, offsetof(ExecContext
, cpu_sched_reset_on_fork
), SD_BUS_VTABLE_PROPERTY_CONST
),
806 SD_BUS_PROPERTY("NonBlocking", "b", bus_property_get_bool
, offsetof(ExecContext
, non_blocking
), SD_BUS_VTABLE_PROPERTY_CONST
),
807 SD_BUS_PROPERTY("StandardInput", "s", property_get_exec_input
, offsetof(ExecContext
, std_input
), SD_BUS_VTABLE_PROPERTY_CONST
),
808 SD_BUS_PROPERTY("StandardInputFileDescriptorName", "s", property_get_input_fdname
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
809 SD_BUS_PROPERTY("StandardOutput", "s", bus_property_get_exec_output
, offsetof(ExecContext
, std_output
), SD_BUS_VTABLE_PROPERTY_CONST
),
810 SD_BUS_PROPERTY("StandardOutputFileDescriptorName", "s", property_get_output_fdname
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
811 SD_BUS_PROPERTY("StandardError", "s", bus_property_get_exec_output
, offsetof(ExecContext
, std_error
), SD_BUS_VTABLE_PROPERTY_CONST
),
812 SD_BUS_PROPERTY("StandardErrorFileDescriptorName", "s", property_get_output_fdname
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
813 SD_BUS_PROPERTY("TTYPath", "s", NULL
, offsetof(ExecContext
, tty_path
), SD_BUS_VTABLE_PROPERTY_CONST
),
814 SD_BUS_PROPERTY("TTYReset", "b", bus_property_get_bool
, offsetof(ExecContext
, tty_reset
), SD_BUS_VTABLE_PROPERTY_CONST
),
815 SD_BUS_PROPERTY("TTYVHangup", "b", bus_property_get_bool
, offsetof(ExecContext
, tty_vhangup
), SD_BUS_VTABLE_PROPERTY_CONST
),
816 SD_BUS_PROPERTY("TTYVTDisallocate", "b", bus_property_get_bool
, offsetof(ExecContext
, tty_vt_disallocate
), SD_BUS_VTABLE_PROPERTY_CONST
),
817 SD_BUS_PROPERTY("SyslogPriority", "i", bus_property_get_int
, offsetof(ExecContext
, syslog_priority
), SD_BUS_VTABLE_PROPERTY_CONST
),
818 SD_BUS_PROPERTY("SyslogIdentifier", "s", NULL
, offsetof(ExecContext
, syslog_identifier
), SD_BUS_VTABLE_PROPERTY_CONST
),
819 SD_BUS_PROPERTY("SyslogLevelPrefix", "b", bus_property_get_bool
, offsetof(ExecContext
, syslog_level_prefix
), SD_BUS_VTABLE_PROPERTY_CONST
),
820 SD_BUS_PROPERTY("SyslogLevel", "i", property_get_syslog_level
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
821 SD_BUS_PROPERTY("SyslogFacility", "i", property_get_syslog_facility
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
822 SD_BUS_PROPERTY("SecureBits", "i", bus_property_get_int
, offsetof(ExecContext
, secure_bits
), SD_BUS_VTABLE_PROPERTY_CONST
),
823 SD_BUS_PROPERTY("CapabilityBoundingSet", "t", property_get_capability_bounding_set
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
824 SD_BUS_PROPERTY("AmbientCapabilities", "t", property_get_ambient_capabilities
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
825 SD_BUS_PROPERTY("User", "s", NULL
, offsetof(ExecContext
, user
), SD_BUS_VTABLE_PROPERTY_CONST
),
826 SD_BUS_PROPERTY("Group", "s", NULL
, offsetof(ExecContext
, group
), SD_BUS_VTABLE_PROPERTY_CONST
),
827 SD_BUS_PROPERTY("DynamicUser", "b", bus_property_get_bool
, offsetof(ExecContext
, dynamic_user
), SD_BUS_VTABLE_PROPERTY_CONST
),
828 SD_BUS_PROPERTY("RemoveIPC", "b", bus_property_get_bool
, offsetof(ExecContext
, remove_ipc
), SD_BUS_VTABLE_PROPERTY_CONST
),
829 SD_BUS_PROPERTY("SupplementaryGroups", "as", NULL
, offsetof(ExecContext
, supplementary_groups
), SD_BUS_VTABLE_PROPERTY_CONST
),
830 SD_BUS_PROPERTY("PAMName", "s", NULL
, offsetof(ExecContext
, pam_name
), SD_BUS_VTABLE_PROPERTY_CONST
),
831 SD_BUS_PROPERTY("ReadWritePaths", "as", NULL
, offsetof(ExecContext
, read_write_paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
832 SD_BUS_PROPERTY("ReadOnlyPaths", "as", NULL
, offsetof(ExecContext
, read_only_paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
833 SD_BUS_PROPERTY("InaccessiblePaths", "as", NULL
, offsetof(ExecContext
, inaccessible_paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
834 SD_BUS_PROPERTY("MountFlags", "t", bus_property_get_ulong
, offsetof(ExecContext
, mount_flags
), SD_BUS_VTABLE_PROPERTY_CONST
),
835 SD_BUS_PROPERTY("PrivateTmp", "b", bus_property_get_bool
, offsetof(ExecContext
, private_tmp
), SD_BUS_VTABLE_PROPERTY_CONST
),
836 SD_BUS_PROPERTY("PrivateDevices", "b", bus_property_get_bool
, offsetof(ExecContext
, private_devices
), SD_BUS_VTABLE_PROPERTY_CONST
),
837 SD_BUS_PROPERTY("ProtectKernelTunables", "b", bus_property_get_bool
, offsetof(ExecContext
, protect_kernel_tunables
), SD_BUS_VTABLE_PROPERTY_CONST
),
838 SD_BUS_PROPERTY("ProtectKernelModules", "b", bus_property_get_bool
, offsetof(ExecContext
, protect_kernel_modules
), SD_BUS_VTABLE_PROPERTY_CONST
),
839 SD_BUS_PROPERTY("ProtectControlGroups", "b", bus_property_get_bool
, offsetof(ExecContext
, protect_control_groups
), SD_BUS_VTABLE_PROPERTY_CONST
),
840 SD_BUS_PROPERTY("PrivateNetwork", "b", bus_property_get_bool
, offsetof(ExecContext
, private_network
), SD_BUS_VTABLE_PROPERTY_CONST
),
841 SD_BUS_PROPERTY("PrivateUsers", "b", bus_property_get_bool
, offsetof(ExecContext
, private_users
), SD_BUS_VTABLE_PROPERTY_CONST
),
842 SD_BUS_PROPERTY("ProtectHome", "s", bus_property_get_protect_home
, offsetof(ExecContext
, protect_home
), SD_BUS_VTABLE_PROPERTY_CONST
),
843 SD_BUS_PROPERTY("ProtectSystem", "s", bus_property_get_protect_system
, offsetof(ExecContext
, protect_system
), SD_BUS_VTABLE_PROPERTY_CONST
),
844 SD_BUS_PROPERTY("SameProcessGroup", "b", bus_property_get_bool
, offsetof(ExecContext
, same_pgrp
), SD_BUS_VTABLE_PROPERTY_CONST
),
845 SD_BUS_PROPERTY("UtmpIdentifier", "s", NULL
, offsetof(ExecContext
, utmp_id
), SD_BUS_VTABLE_PROPERTY_CONST
),
846 SD_BUS_PROPERTY("UtmpMode", "s", property_get_exec_utmp_mode
, offsetof(ExecContext
, utmp_mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
847 SD_BUS_PROPERTY("SELinuxContext", "(bs)", property_get_selinux_context
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
848 SD_BUS_PROPERTY("AppArmorProfile", "(bs)", property_get_apparmor_profile
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
849 SD_BUS_PROPERTY("SmackProcessLabel", "(bs)", property_get_smack_process_label
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
850 SD_BUS_PROPERTY("IgnoreSIGPIPE", "b", bus_property_get_bool
, offsetof(ExecContext
, ignore_sigpipe
), SD_BUS_VTABLE_PROPERTY_CONST
),
851 SD_BUS_PROPERTY("NoNewPrivileges", "b", bus_property_get_bool
, offsetof(ExecContext
, no_new_privileges
), SD_BUS_VTABLE_PROPERTY_CONST
),
852 SD_BUS_PROPERTY("SystemCallFilter", "(bas)", property_get_syscall_filter
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
853 SD_BUS_PROPERTY("SystemCallArchitectures", "as", property_get_syscall_archs
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
854 SD_BUS_PROPERTY("SystemCallErrorNumber", "i", property_get_syscall_errno
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
855 SD_BUS_PROPERTY("Personality", "s", property_get_personality
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
856 SD_BUS_PROPERTY("RestrictAddressFamilies", "(bas)", property_get_address_families
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
857 SD_BUS_PROPERTY("RuntimeDirectoryPreserve", "s", property_get_exec_preserve_mode
, offsetof(ExecContext
, runtime_directory_preserve_mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
858 SD_BUS_PROPERTY("RuntimeDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_RUNTIME
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
859 SD_BUS_PROPERTY("RuntimeDirectory", "as", NULL
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_RUNTIME
].paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
860 SD_BUS_PROPERTY("StateDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_STATE
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
861 SD_BUS_PROPERTY("StateDirectory", "as", NULL
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_STATE
].paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
862 SD_BUS_PROPERTY("CacheDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_CACHE
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
863 SD_BUS_PROPERTY("CacheDirectory", "as", NULL
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_CACHE
].paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
864 SD_BUS_PROPERTY("LogsDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_LOGS
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
865 SD_BUS_PROPERTY("LogsDirectory", "as", NULL
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_LOGS
].paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
866 SD_BUS_PROPERTY("ConfigurationDirectoryMode", "u", bus_property_get_mode
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_CONFIGURATION
].mode
), SD_BUS_VTABLE_PROPERTY_CONST
),
867 SD_BUS_PROPERTY("ConfigurationDirectory", "as", NULL
, offsetof(ExecContext
, directories
[EXEC_DIRECTORY_CONFIGURATION
].paths
), SD_BUS_VTABLE_PROPERTY_CONST
),
868 SD_BUS_PROPERTY("MemoryDenyWriteExecute", "b", bus_property_get_bool
, offsetof(ExecContext
, memory_deny_write_execute
), SD_BUS_VTABLE_PROPERTY_CONST
),
869 SD_BUS_PROPERTY("RestrictRealtime", "b", bus_property_get_bool
, offsetof(ExecContext
, restrict_realtime
), SD_BUS_VTABLE_PROPERTY_CONST
),
870 SD_BUS_PROPERTY("RestrictNamespaces", "t", bus_property_get_ulong
, offsetof(ExecContext
, restrict_namespaces
), SD_BUS_VTABLE_PROPERTY_CONST
),
871 SD_BUS_PROPERTY("BindPaths", "a(ssbt)", property_get_bind_paths
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
872 SD_BUS_PROPERTY("BindReadOnlyPaths", "a(ssbt)", property_get_bind_paths
, 0, SD_BUS_VTABLE_PROPERTY_CONST
),
873 SD_BUS_PROPERTY("MountAPIVFS", "b", bus_property_get_bool
, offsetof(ExecContext
, mount_apivfs
), SD_BUS_VTABLE_PROPERTY_CONST
),
875 /* Obsolete/redundant properties: */
876 SD_BUS_PROPERTY("Capabilities", "s", property_get_empty_string
, 0, SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
877 SD_BUS_PROPERTY("ReadWriteDirectories", "as", NULL
, offsetof(ExecContext
, read_write_paths
), SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
878 SD_BUS_PROPERTY("ReadOnlyDirectories", "as", NULL
, offsetof(ExecContext
, read_only_paths
), SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
879 SD_BUS_PROPERTY("InaccessibleDirectories", "as", NULL
, offsetof(ExecContext
, inaccessible_paths
), SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
880 SD_BUS_PROPERTY("IOScheduling", "i", property_get_ioprio
, 0, SD_BUS_VTABLE_PROPERTY_CONST
|SD_BUS_VTABLE_HIDDEN
),
885 static int append_exec_command(sd_bus_message
*reply
, ExecCommand
*c
) {
894 r
= sd_bus_message_open_container(reply
, 'r', "sasbttttuii");
898 r
= sd_bus_message_append(reply
, "s", c
->path
);
902 r
= sd_bus_message_append_strv(reply
, c
->argv
);
906 r
= sd_bus_message_append(reply
, "bttttuii",
907 !!(c
->flags
& EXEC_COMMAND_IGNORE_FAILURE
),
908 c
->exec_status
.start_timestamp
.realtime
,
909 c
->exec_status
.start_timestamp
.monotonic
,
910 c
->exec_status
.exit_timestamp
.realtime
,
911 c
->exec_status
.exit_timestamp
.monotonic
,
912 (uint32_t) c
->exec_status
.pid
,
913 (int32_t) c
->exec_status
.code
,
914 (int32_t) c
->exec_status
.status
);
918 return sd_bus_message_close_container(reply
);
921 int bus_property_get_exec_command(
924 const char *interface
,
925 const char *property
,
926 sd_bus_message
*reply
,
928 sd_bus_error
*ret_error
) {
930 ExecCommand
*c
= (ExecCommand
*) userdata
;
936 r
= sd_bus_message_open_container(reply
, 'a', "(sasbttttuii)");
940 r
= append_exec_command(reply
, c
);
944 return sd_bus_message_close_container(reply
);
947 int bus_property_get_exec_command_list(
950 const char *interface
,
951 const char *property
,
952 sd_bus_message
*reply
,
954 sd_bus_error
*ret_error
) {
956 ExecCommand
*c
= *(ExecCommand
**) userdata
;
962 r
= sd_bus_message_open_container(reply
, 'a', "(sasbttttuii)");
966 LIST_FOREACH(command
, c
, c
) {
967 r
= append_exec_command(reply
, c
);
972 return sd_bus_message_close_container(reply
);
975 int bus_exec_context_set_transient_property(
979 sd_bus_message
*message
,
980 UnitSetPropertiesMode mode
,
981 sd_bus_error
*error
) {
983 const char *soft
= NULL
;
991 if (streq(name
, "User")) {
994 r
= sd_bus_message_read(message
, "s", &uu
);
998 if (!isempty(uu
) && !valid_user_group_name_or_id(uu
))
999 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid user name: %s", uu
);
1001 if (mode
!= UNIT_CHECK
) {
1004 c
->user
= mfree(c
->user
);
1005 else if (free_and_strdup(&c
->user
, uu
) < 0)
1008 unit_write_drop_in_private_format(u
, mode
, name
, "User=%s", uu
);
1013 } else if (streq(name
, "Group")) {
1016 r
= sd_bus_message_read(message
, "s", &gg
);
1020 if (!isempty(gg
) && !valid_user_group_name_or_id(gg
))
1021 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid group name: %s", gg
);
1023 if (mode
!= UNIT_CHECK
) {
1026 c
->group
= mfree(c
->group
);
1027 else if (free_and_strdup(&c
->group
, gg
) < 0)
1030 unit_write_drop_in_private_format(u
, mode
, name
, "Group=%s", gg
);
1035 } else if (streq(name
, "SupplementaryGroups")) {
1036 _cleanup_strv_free_
char **l
= NULL
;
1039 r
= sd_bus_message_read_strv(message
, &l
);
1043 STRV_FOREACH(p
, l
) {
1044 if (!isempty(*p
) && !valid_user_group_name_or_id(*p
))
1045 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid supplementary group names");
1048 if (mode
!= UNIT_CHECK
) {
1049 if (strv_length(l
) == 0) {
1050 c
->supplementary_groups
= strv_free(c
->supplementary_groups
);
1051 unit_write_drop_in_private_format(u
, mode
, name
, "%s=", name
);
1053 _cleanup_free_
char *joined
= NULL
;
1055 r
= strv_extend_strv(&c
->supplementary_groups
, l
, true);
1059 joined
= strv_join(c
->supplementary_groups
, " ");
1063 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, joined
);
1069 } else if (streq(name
, "SyslogIdentifier")) {
1072 r
= sd_bus_message_read(message
, "s", &id
);
1076 if (mode
!= UNIT_CHECK
) {
1079 c
->syslog_identifier
= mfree(c
->syslog_identifier
);
1080 else if (free_and_strdup(&c
->syslog_identifier
, id
) < 0)
1083 unit_write_drop_in_private_format(u
, mode
, name
, "SyslogIdentifier=%s", id
);
1087 } else if (streq(name
, "SyslogLevel")) {
1090 r
= sd_bus_message_read(message
, "i", &level
);
1094 if (!log_level_is_valid(level
))
1095 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Log level value out of range");
1097 if (mode
!= UNIT_CHECK
) {
1098 c
->syslog_priority
= (c
->syslog_priority
& LOG_FACMASK
) | level
;
1099 unit_write_drop_in_private_format(u
, mode
, name
, "SyslogLevel=%i", level
);
1103 } else if (streq(name
, "SyslogFacility")) {
1106 r
= sd_bus_message_read(message
, "i", &facility
);
1110 if (!log_facility_unshifted_is_valid(facility
))
1111 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Log facility value out of range");
1113 if (mode
!= UNIT_CHECK
) {
1114 c
->syslog_priority
= (facility
<< 3) | LOG_PRI(c
->syslog_priority
);
1115 unit_write_drop_in_private_format(u
, mode
, name
, "SyslogFacility=%i", facility
);
1119 } else if (streq(name
, "SecureBits")) {
1122 r
= sd_bus_message_read(message
, "i", &n
);
1126 if (!secure_bits_is_valid(n
))
1127 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid secure bits");
1129 if (mode
!= UNIT_CHECK
) {
1130 _cleanup_free_
char *str
= NULL
;
1133 r
= secure_bits_to_string_alloc(n
, &str
);
1137 unit_write_drop_in_private_format(u
, mode
, name
, "SecureBits=%s", str
);
1141 } else if (STR_IN_SET(name
, "CapabilityBoundingSet", "AmbientCapabilities")) {
1144 r
= sd_bus_message_read(message
, "t", &n
);
1148 if (mode
!= UNIT_CHECK
) {
1149 _cleanup_free_
char *str
= NULL
;
1151 if (streq(name
, "CapabilityBoundingSet"))
1152 c
->capability_bounding_set
= n
;
1153 else /* "AmbientCapabilities" */
1154 c
->capability_ambient_set
= n
;
1156 r
= capability_set_to_string_alloc(n
, &str
);
1160 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, str
);
1165 } else if (streq(name
, "Personality")) {
1169 r
= sd_bus_message_read(message
, "s", &s
);
1173 p
= personality_from_string(s
);
1174 if (p
== PERSONALITY_INVALID
)
1175 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid personality");
1177 if (mode
!= UNIT_CHECK
) {
1178 _cleanup_free_
char *str
= NULL
;
1181 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, s
);
1188 } else if (streq(name
, "SystemCallFilter")) {
1190 _cleanup_strv_free_
char **l
;
1192 r
= sd_bus_message_enter_container(message
, 'r', "bas");
1196 r
= sd_bus_message_read(message
, "b", &whitelist
);
1200 r
= sd_bus_message_read_strv(message
, &l
);
1204 r
= sd_bus_message_exit_container(message
);
1208 if (mode
!= UNIT_CHECK
) {
1209 _cleanup_free_
char *joined
= NULL
;
1211 if (strv_length(l
) == 0) {
1212 c
->syscall_whitelist
= false;
1213 c
->syscall_filter
= set_free(c
->syscall_filter
);
1217 c
->syscall_whitelist
= whitelist
;
1219 r
= set_ensure_allocated(&c
->syscall_filter
, NULL
);
1223 STRV_FOREACH(s
, l
) {
1225 const SyscallFilterSet
*set
;
1228 set
= syscall_filter_set_find(*s
);
1232 NULSTR_FOREACH(i
, set
->value
) {
1235 id
= seccomp_syscall_resolve_name(i
);
1236 if (id
== __NR_SCMP_ERROR
)
1239 r
= set_put(c
->address_families
, INT_TO_PTR(id
+ 1));
1247 id
= seccomp_syscall_resolve_name(*s
);
1248 if (id
== __NR_SCMP_ERROR
)
1251 r
= set_put(c
->address_families
, INT_TO_PTR(id
+ 1));
1258 joined
= strv_join(l
, " ");
1262 unit_write_drop_in_private_format(u
, mode
, name
, "SystemCallFilter=%s%s", whitelist
? "" : "~", joined
);
1267 } else if (streq(name
, "SystemCallArchitectures")) {
1268 _cleanup_strv_free_
char **l
= NULL
;
1270 r
= sd_bus_message_read_strv(message
, &l
);
1274 if (mode
!= UNIT_CHECK
) {
1275 _cleanup_free_
char *joined
= NULL
;
1277 if (strv_length(l
) == 0)
1278 c
->syscall_archs
= set_free(c
->syscall_archs
);
1282 r
= set_ensure_allocated(&c
->syscall_archs
, NULL
);
1286 STRV_FOREACH(s
, l
) {
1289 r
= seccomp_arch_from_string(*s
, &a
);
1293 r
= set_put(c
->syscall_archs
, UINT32_TO_PTR(a
+ 1));
1300 joined
= strv_join(l
, " ");
1304 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, joined
);
1309 } else if (streq(name
, "SystemCallErrorNumber")) {
1313 r
= sd_bus_message_read(message
, "i", &n
);
1317 str
= errno_to_name(n
);
1319 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid SystemCallErrorNumber");
1321 if (mode
!= UNIT_CHECK
) {
1322 c
->syscall_errno
= n
;
1324 unit_write_drop_in_private_format(u
, mode
, name
, "SystemCallErrorNumber=%s", str
);
1329 } else if (streq(name
, "RestrictAddressFamilies")) {
1331 _cleanup_strv_free_
char **l
;
1333 r
= sd_bus_message_enter_container(message
, 'r', "bas");
1337 r
= sd_bus_message_read(message
, "b", &whitelist
);
1341 r
= sd_bus_message_read_strv(message
, &l
);
1345 r
= sd_bus_message_exit_container(message
);
1349 if (mode
!= UNIT_CHECK
) {
1350 _cleanup_free_
char *joined
= NULL
;
1352 if (strv_length(l
) == 0) {
1353 c
->address_families_whitelist
= false;
1354 c
->address_families
= set_free(c
->address_families
);
1358 c
->address_families_whitelist
= whitelist
;
1360 r
= set_ensure_allocated(&c
->address_families
, NULL
);
1364 STRV_FOREACH(s
, l
) {
1367 af
= af_from_name(*s
);
1371 r
= set_put(c
->address_families
, INT_TO_PTR(af
));
1377 joined
= strv_join(l
, " ");
1381 unit_write_drop_in_private_format(u
, mode
, name
, "RestrictAddressFamilies=%s%s", whitelist
? "" : "~", joined
);
1387 } else if (streq(name
, "CPUSchedulingPolicy")) {
1390 r
= sd_bus_message_read(message
, "i", &n
);
1394 if (!sched_policy_is_valid(n
))
1395 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid CPU scheduling policy");
1397 if (mode
!= UNIT_CHECK
) {
1398 _cleanup_free_
char *str
= NULL
;
1400 c
->cpu_sched_policy
= n
;
1401 r
= sched_policy_to_string_alloc(n
, &str
);
1405 unit_write_drop_in_private_format(u
, mode
, name
, "CPUSchedulingPolicy=%s", str
);
1410 } else if (streq(name
, "CPUSchedulingPriority")) {
1413 r
= sd_bus_message_read(message
, "i", &n
);
1417 if (!ioprio_priority_is_valid(n
))
1418 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid CPU scheduling priority");
1420 if (mode
!= UNIT_CHECK
) {
1421 c
->cpu_sched_priority
= n
;
1422 unit_write_drop_in_private_format(u
, mode
, name
, "CPUSchedulingPriority=%i", n
);
1427 } else if (streq(name
, "CPUAffinity")) {
1431 r
= sd_bus_message_read_array(message
, 'y', &a
, &n
);
1435 if (mode
!= UNIT_CHECK
) {
1437 c
->cpuset
= mfree(c
->cpuset
);
1438 unit_write_drop_in_private_format(u
, mode
, name
, "%s=", name
);
1440 _cleanup_free_
char *str
= NULL
;
1442 size_t allocated
= 0, len
= 0, i
;
1444 c
->cpuset
= (cpu_set_t
*) memdup(a
, sizeof(cpu_set_t
) * n
);
1449 for (i
= 0; i
< n
; i
++) {
1450 _cleanup_free_
char *p
= NULL
;
1453 r
= asprintf(&p
, "%hhi", l
[i
]);
1459 if (GREEDY_REALLOC(str
, allocated
, len
+ add
+ 2))
1462 strcpy(mempcpy(str
+ len
, p
, add
), " ");
1467 str
[len
- 1] = '\0';
1469 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, str
);
1474 } else if (streq(name
, "Nice")) {
1477 r
= sd_bus_message_read(message
, "i", &n
);
1481 if (!nice_is_valid(n
))
1482 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Nice value out of range");
1484 if (mode
!= UNIT_CHECK
) {
1486 unit_write_drop_in_private_format(u
, mode
, name
, "Nice=%i", n
);
1491 } else if (streq(name
, "IOSchedulingClass")) {
1494 r
= sd_bus_message_read(message
, "i", &q
);
1498 if (!ioprio_class_is_valid(q
))
1499 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid IO scheduling class: %i", q
);
1501 if (mode
!= UNIT_CHECK
) {
1502 _cleanup_free_
char *s
= NULL
;
1504 r
= ioprio_class_to_string_alloc(q
, &s
);
1508 c
->ioprio
= IOPRIO_PRIO_VALUE(q
, IOPRIO_PRIO_DATA(c
->ioprio
));
1509 c
->ioprio_set
= true;
1511 unit_write_drop_in_private_format(u
, mode
, name
, "IOSchedulingClass=%s", s
);
1516 } else if (streq(name
, "IOSchedulingPriority")) {
1519 r
= sd_bus_message_read(message
, "i", &p
);
1523 if (!ioprio_priority_is_valid(p
))
1524 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid IO scheduling priority: %i", p
);
1526 if (mode
!= UNIT_CHECK
) {
1527 c
->ioprio
= IOPRIO_PRIO_VALUE(IOPRIO_PRIO_CLASS(c
->ioprio
), p
);
1528 c
->ioprio_set
= true;
1530 unit_write_drop_in_private_format(u
, mode
, name
, "IOSchedulingPriority=%i", p
);
1535 } else if (STR_IN_SET(name
, "TTYPath", "RootDirectory", "RootImage")) {
1538 r
= sd_bus_message_read(message
, "s", &s
);
1542 if (!path_is_absolute(s
))
1543 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "%s takes an absolute path", name
);
1545 if (mode
!= UNIT_CHECK
) {
1546 if (streq(name
, "TTYPath"))
1547 r
= free_and_strdup(&c
->tty_path
, s
);
1548 else if (streq(name
, "RootImage"))
1549 r
= free_and_strdup(&c
->root_image
, s
);
1551 assert(streq(name
, "RootDirectory"));
1552 r
= free_and_strdup(&c
->root_directory
, s
);
1557 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, s
);
1562 } else if (streq(name
, "WorkingDirectory")) {
1566 r
= sd_bus_message_read(message
, "s", &s
);
1576 if (!streq(s
, "~") && !path_is_absolute(s
))
1577 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "WorkingDirectory= expects an absolute path or '~'");
1579 if (mode
!= UNIT_CHECK
) {
1580 if (streq(s
, "~")) {
1581 c
->working_directory
= mfree(c
->working_directory
);
1582 c
->working_directory_home
= true;
1584 r
= free_and_strdup(&c
->working_directory
, s
);
1588 c
->working_directory_home
= false;
1591 c
->working_directory_missing_ok
= missing_ok
;
1592 unit_write_drop_in_private_format(u
, mode
, name
, "WorkingDirectory=%s%s", missing_ok
? "-" : "", s
);
1597 } else if (streq(name
, "StandardInput")) {
1601 r
= sd_bus_message_read(message
, "s", &s
);
1605 p
= exec_input_from_string(s
);
1607 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid standard input name");
1609 if (mode
!= UNIT_CHECK
) {
1612 unit_write_drop_in_private_format(u
, mode
, name
, "StandardInput=%s", exec_input_to_string(p
));
1617 } else if (streq(name
, "StandardOutput")) {
1621 r
= sd_bus_message_read(message
, "s", &s
);
1625 p
= exec_output_from_string(s
);
1627 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid standard output name");
1629 if (mode
!= UNIT_CHECK
) {
1632 unit_write_drop_in_private_format(u
, mode
, name
, "StandardOutput=%s", exec_output_to_string(p
));
1637 } else if (streq(name
, "StandardError")) {
1641 r
= sd_bus_message_read(message
, "s", &s
);
1645 p
= exec_output_from_string(s
);
1647 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid standard error name");
1649 if (mode
!= UNIT_CHECK
) {
1652 unit_write_drop_in_private_format(u
, mode
, name
, "StandardError=%s", exec_output_to_string(p
));
1657 } else if (STR_IN_SET(name
,
1658 "StandardInputFileDescriptorName", "StandardOutputFileDescriptorName", "StandardErrorFileDescriptorName")) {
1661 r
= sd_bus_message_read(message
, "s", &s
);
1665 if (!fdname_is_valid(s
))
1666 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid file descriptor name");
1668 if (mode
!= UNIT_CHECK
) {
1669 if (streq(name
, "StandardInputFileDescriptorName")) {
1670 c
->std_input
= EXEC_INPUT_NAMED_FD
;
1671 r
= free_and_strdup(&c
->stdio_fdname
[STDIN_FILENO
], s
);
1674 unit_write_drop_in_private_format(u
, mode
, name
, "StandardInput=fd:%s", s
);
1675 } else if (streq(name
, "StandardOutputFileDescriptorName")) {
1676 c
->std_output
= EXEC_OUTPUT_NAMED_FD
;
1677 r
= free_and_strdup(&c
->stdio_fdname
[STDOUT_FILENO
], s
);
1680 unit_write_drop_in_private_format(u
, mode
, name
, "StandardOutput=fd:%s", s
);
1681 } else if (streq(name
, "StandardErrorFileDescriptorName")) {
1682 c
->std_error
= EXEC_OUTPUT_NAMED_FD
;
1683 r
= free_and_strdup(&c
->stdio_fdname
[STDERR_FILENO
], s
);
1686 unit_write_drop_in_private_format(u
, mode
, name
, "StandardError=fd:%s", s
);
1692 } else if (STR_IN_SET(name
,
1693 "IgnoreSIGPIPE", "TTYVHangup", "TTYReset", "TTYVTDisallocate",
1694 "PrivateTmp", "PrivateDevices", "PrivateNetwork", "PrivateUsers",
1695 "NoNewPrivileges", "SyslogLevelPrefix", "MemoryDenyWriteExecute",
1696 "RestrictRealtime", "DynamicUser", "RemoveIPC", "ProtectKernelTunables",
1697 "ProtectKernelModules", "ProtectControlGroups", "MountAPIVFS",
1698 "CPUSchedulingResetOnFork", "NonBlocking")) {
1701 r
= sd_bus_message_read(message
, "b", &b
);
1705 if (mode
!= UNIT_CHECK
) {
1706 if (streq(name
, "IgnoreSIGPIPE"))
1707 c
->ignore_sigpipe
= b
;
1708 else if (streq(name
, "TTYVHangup"))
1710 else if (streq(name
, "TTYReset"))
1712 else if (streq(name
, "TTYVTDisallocate"))
1713 c
->tty_vt_disallocate
= b
;
1714 else if (streq(name
, "PrivateTmp"))
1716 else if (streq(name
, "PrivateDevices"))
1717 c
->private_devices
= b
;
1718 else if (streq(name
, "PrivateNetwork"))
1719 c
->private_network
= b
;
1720 else if (streq(name
, "PrivateUsers"))
1721 c
->private_users
= b
;
1722 else if (streq(name
, "NoNewPrivileges"))
1723 c
->no_new_privileges
= b
;
1724 else if (streq(name
, "SyslogLevelPrefix"))
1725 c
->syslog_level_prefix
= b
;
1726 else if (streq(name
, "MemoryDenyWriteExecute"))
1727 c
->memory_deny_write_execute
= b
;
1728 else if (streq(name
, "RestrictRealtime"))
1729 c
->restrict_realtime
= b
;
1730 else if (streq(name
, "DynamicUser"))
1731 c
->dynamic_user
= b
;
1732 else if (streq(name
, "RemoveIPC"))
1734 else if (streq(name
, "ProtectKernelTunables"))
1735 c
->protect_kernel_tunables
= b
;
1736 else if (streq(name
, "ProtectKernelModules"))
1737 c
->protect_kernel_modules
= b
;
1738 else if (streq(name
, "ProtectControlGroups"))
1739 c
->protect_control_groups
= b
;
1740 else if (streq(name
, "MountAPIVFS"))
1741 c
->mount_apivfs
= b
;
1742 else if (streq(name
, "CPUSchedulingResetOnFork"))
1743 c
->cpu_sched_reset_on_fork
= b
;
1744 else if (streq(name
, "NonBlocking"))
1745 c
->non_blocking
= b
;
1747 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, yes_no(b
));
1752 } else if (streq(name
, "UtmpIdentifier")) {
1755 r
= sd_bus_message_read(message
, "s", &id
);
1759 if (mode
!= UNIT_CHECK
) {
1761 c
->utmp_id
= mfree(c
->utmp_id
);
1762 else if (free_and_strdup(&c
->utmp_id
, id
) < 0)
1765 unit_write_drop_in_private_format(u
, mode
, name
, "UtmpIdentifier=%s", strempty(id
));
1770 } else if (streq(name
, "UtmpMode")) {
1774 r
= sd_bus_message_read(message
, "s", &s
);
1778 m
= exec_utmp_mode_from_string(s
);
1780 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid utmp mode");
1782 if (mode
!= UNIT_CHECK
) {
1785 unit_write_drop_in_private_format(u
, mode
, name
, "UtmpMode=%s", exec_utmp_mode_to_string(m
));
1790 } else if (streq(name
, "PAMName")) {
1793 r
= sd_bus_message_read(message
, "s", &n
);
1797 if (mode
!= UNIT_CHECK
) {
1799 c
->pam_name
= mfree(c
->pam_name
);
1800 else if (free_and_strdup(&c
->pam_name
, n
) < 0)
1803 unit_write_drop_in_private_format(u
, mode
, name
, "PAMName=%s", strempty(n
));
1808 } else if (streq(name
, "Environment")) {
1810 _cleanup_strv_free_
char **l
= NULL
, **q
= NULL
;
1812 r
= sd_bus_message_read_strv(message
, &l
);
1816 if (!strv_env_is_valid(l
))
1817 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid environment block.");
1819 r
= unit_full_printf_strv(u
, l
, &q
);
1823 if (mode
!= UNIT_CHECK
) {
1824 if (strv_length(q
) == 0) {
1825 c
->environment
= strv_free(c
->environment
);
1826 unit_write_drop_in_private_format(u
, mode
, name
, "Environment=");
1828 _cleanup_free_
char *joined
= NULL
;
1831 e
= strv_env_merge(2, c
->environment
, q
);
1835 strv_free(c
->environment
);
1838 /* We write just the new settings out to file, with unresolved specifiers */
1839 joined
= strv_join_quoted(q
);
1843 unit_write_drop_in_private_format(u
, mode
, name
, "Environment=%s", joined
);
1849 } else if (streq(name
, "TimerSlackNSec")) {
1853 r
= sd_bus_message_read(message
, "t", &n
);
1857 if (mode
!= UNIT_CHECK
) {
1858 c
->timer_slack_nsec
= n
;
1859 unit_write_drop_in_private_format(u
, mode
, name
, "TimerSlackNSec=" NSEC_FMT
, n
);
1864 } else if (streq(name
, "OOMScoreAdjust")) {
1867 r
= sd_bus_message_read(message
, "i", &oa
);
1871 if (!oom_score_adjust_is_valid(oa
))
1872 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "OOM score adjust value out of range");
1874 if (mode
!= UNIT_CHECK
) {
1875 c
->oom_score_adjust
= oa
;
1876 c
->oom_score_adjust_set
= true;
1877 unit_write_drop_in_private_format(u
, mode
, name
, "OOMScoreAdjust=%i", oa
);
1882 } else if (streq(name
, "EnvironmentFiles")) {
1884 _cleanup_free_
char *joined
= NULL
;
1885 _cleanup_fclose_
FILE *f
= NULL
;
1886 _cleanup_strv_free_
char **l
= NULL
;
1890 r
= sd_bus_message_enter_container(message
, 'a', "(sb)");
1894 f
= open_memstream(&joined
, &size
);
1898 STRV_FOREACH(i
, c
->environment_files
)
1899 fprintf(f
, "EnvironmentFile=%s", *i
);
1901 while ((r
= sd_bus_message_enter_container(message
, 'r', "sb")) > 0) {
1905 r
= sd_bus_message_read(message
, "sb", &path
, &b
);
1909 r
= sd_bus_message_exit_container(message
);
1913 if (!path_is_absolute(path
))
1914 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Path %s is not absolute.", path
);
1916 if (mode
!= UNIT_CHECK
) {
1919 buf
= strjoin(b
? "-" : "", path
);
1923 fprintf(f
, "EnvironmentFile=%s", buf
);
1925 r
= strv_consume(&l
, buf
);
1933 r
= sd_bus_message_exit_container(message
);
1937 r
= fflush_and_check(f
);
1941 if (mode
!= UNIT_CHECK
) {
1942 if (strv_isempty(l
)) {
1943 c
->environment_files
= strv_free(c
->environment_files
);
1944 unit_write_drop_in_private(u
, mode
, name
, "EnvironmentFile=");
1946 r
= strv_extend_strv(&c
->environment_files
, l
, true);
1950 unit_write_drop_in_private(u
, mode
, name
, joined
);
1956 } else if (streq(name
, "PassEnvironment")) {
1958 _cleanup_strv_free_
char **l
= NULL
;
1960 r
= sd_bus_message_read_strv(message
, &l
);
1964 if (!strv_env_name_is_valid(l
))
1965 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid PassEnvironment block.");
1967 if (mode
!= UNIT_CHECK
) {
1968 if (strv_isempty(l
)) {
1969 c
->pass_environment
= strv_free(c
->pass_environment
);
1970 unit_write_drop_in_private_format(u
, mode
, name
, "PassEnvironment=");
1972 _cleanup_free_
char *joined
= NULL
;
1974 r
= strv_extend_strv(&c
->pass_environment
, l
, true);
1978 joined
= strv_join_quoted(c
->pass_environment
);
1982 unit_write_drop_in_private_format(u
, mode
, name
, "PassEnvironment=%s", joined
);
1988 } else if (STR_IN_SET(name
, "ReadWriteDirectories", "ReadOnlyDirectories", "InaccessibleDirectories",
1989 "ReadWritePaths", "ReadOnlyPaths", "InaccessiblePaths")) {
1990 _cleanup_strv_free_
char **l
= NULL
;
1994 r
= sd_bus_message_read_strv(message
, &l
);
1998 STRV_FOREACH(p
, l
) {
2002 if (!utf8_is_valid(i
))
2003 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid %s", name
);
2005 offset
= i
[0] == '-';
2006 offset
+= i
[offset
] == '+';
2007 if (!path_is_absolute(i
+ offset
))
2008 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid %s", name
);
2011 if (mode
!= UNIT_CHECK
) {
2012 _cleanup_free_
char *joined
= NULL
;
2014 if (STR_IN_SET(name
, "ReadWriteDirectories", "ReadWritePaths"))
2015 dirs
= &c
->read_write_paths
;
2016 else if (STR_IN_SET(name
, "ReadOnlyDirectories", "ReadOnlyPaths"))
2017 dirs
= &c
->read_only_paths
;
2018 else /* "InaccessiblePaths" */
2019 dirs
= &c
->inaccessible_paths
;
2021 if (strv_length(l
) == 0) {
2022 *dirs
= strv_free(*dirs
);
2023 unit_write_drop_in_private_format(u
, mode
, name
, "%s=", name
);
2025 r
= strv_extend_strv(dirs
, l
, true);
2029 joined
= strv_join_quoted(*dirs
);
2033 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, joined
);
2040 } else if (streq(name
, "ProtectSystem")) {
2044 r
= sd_bus_message_read(message
, "s", &s
);
2048 r
= parse_boolean(s
);
2050 ps
= PROTECT_SYSTEM_YES
;
2052 ps
= PROTECT_SYSTEM_NO
;
2054 ps
= protect_system_from_string(s
);
2056 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Failed to parse protect system value");
2059 if (mode
!= UNIT_CHECK
) {
2060 c
->protect_system
= ps
;
2061 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, s
);
2066 } else if (streq(name
, "ProtectHome")) {
2070 r
= sd_bus_message_read(message
, "s", &s
);
2074 r
= parse_boolean(s
);
2076 ph
= PROTECT_HOME_YES
;
2078 ph
= PROTECT_HOME_NO
;
2080 ph
= protect_home_from_string(s
);
2082 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Failed to parse protect home value");
2085 if (mode
!= UNIT_CHECK
) {
2086 c
->protect_home
= ph
;
2087 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, s
);
2092 } else if (streq(name
, "RuntimeDirectoryPreserve")) {
2096 r
= sd_bus_message_read(message
, "s", &s
);
2100 m
= exec_preserve_mode_from_string(s
);
2102 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid preserve mode");
2104 if (mode
!= UNIT_CHECK
) {
2105 c
->runtime_directory_preserve_mode
= m
;
2107 unit_write_drop_in_private_format(u
, mode
, name
, "RuntimeDirectoryPreserve=%s", exec_preserve_mode_to_string(m
));
2112 } else if (STR_IN_SET(name
, "RuntimeDirectoryMode", "StateDirectoryMode", "CacheDirectoryMode", "LogsDirectoryMode", "ConfigurationDirectoryMode", "UMask")) {
2115 r
= sd_bus_message_read(message
, "u", &m
);
2119 if (mode
!= UNIT_CHECK
) {
2120 ExecDirectoryType i
;
2122 if (streq(name
, "UMask"))
2125 for (i
= 0; i
< _EXEC_DIRECTORY_MAX
; i
++)
2126 if (startswith(name
, exec_directory_type_to_string(i
))) {
2127 c
->directories
[i
].mode
= m
;
2131 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%040o", name
, m
);
2136 } else if (STR_IN_SET(name
, "RuntimeDirectory", "StateDirectory", "CacheDirectory", "LogsDirectory", "ConfigurationDirectory")) {
2137 _cleanup_strv_free_
char **l
= NULL
;
2140 r
= sd_bus_message_read_strv(message
, &l
);
2144 STRV_FOREACH(p
, l
) {
2145 if (!filename_is_valid(*p
))
2146 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "%s is not valid %s", name
, *p
);
2149 if (mode
!= UNIT_CHECK
) {
2150 _cleanup_free_
char *joined
= NULL
;
2151 char ***dirs
= NULL
;
2152 ExecDirectoryType i
;
2154 for (i
= 0; i
< _EXEC_DIRECTORY_MAX
; i
++)
2155 if (streq(name
, exec_directory_type_to_string(i
))) {
2156 dirs
= &c
->directories
[i
].paths
;
2162 if (strv_isempty(l
)) {
2163 *dirs
= strv_free(*dirs
);
2164 unit_write_drop_in_private_format(u
, mode
, name
, "%s=", name
);
2166 r
= strv_extend_strv(dirs
, l
, true);
2171 joined
= strv_join_quoted(*dirs
);
2175 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, joined
);
2181 } else if (streq(name
, "SELinuxContext")) {
2183 r
= sd_bus_message_read(message
, "s", &s
);
2187 if (mode
!= UNIT_CHECK
) {
2189 c
->selinux_context
= mfree(c
->selinux_context
);
2190 else if (free_and_strdup(&c
->selinux_context
, s
) < 0)
2193 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, strempty(s
));
2198 } else if (STR_IN_SET(name
, "AppArmorProfile", "SmackProcessLabel")) {
2202 r
= sd_bus_message_enter_container(message
, 'r', "bs");
2206 r
= sd_bus_message_read(message
, "bs", &ignore
, &s
);
2210 if (mode
!= UNIT_CHECK
) {
2214 if (streq(name
, "AppArmorProfile")) {
2215 p
= &c
->apparmor_profile
;
2216 b
= &c
->apparmor_profile_ignore
;
2217 } else { /* "SmackProcessLabel" */
2218 p
= &c
->smack_process_label
;
2219 b
= &c
->smack_process_label_ignore
;
2226 if (free_and_strdup(p
, s
) < 0)
2231 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s%s", name
, ignore
? "-" : "", strempty(s
));
2236 } else if (streq(name
, "RestrictNamespaces")) {
2239 r
= sd_bus_message_read(message
, "t", &flags
);
2242 if ((flags
& NAMESPACE_FLAGS_ALL
) != flags
)
2243 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Unknown namespace types");
2245 if (mode
!= UNIT_CHECK
) {
2246 _cleanup_free_
char *s
= NULL
;
2248 r
= namespace_flag_to_string_many(flags
, &s
);
2252 c
->restrict_namespaces
= flags
;
2253 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, s
);
2257 } else if (streq(name
, "MountFlags")) {
2260 r
= sd_bus_message_read(message
, "t", &flags
);
2263 if (!IN_SET(flags
, 0, MS_SHARED
, MS_PRIVATE
, MS_SLAVE
))
2264 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Unknown mount propagation flags");
2266 if (mode
!= UNIT_CHECK
) {
2267 c
->mount_flags
= flags
;
2269 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, mount_propagation_flags_to_string(flags
));
2273 } else if (STR_IN_SET(name
, "BindPaths", "BindReadOnlyPaths")) {
2274 unsigned empty
= true;
2276 r
= sd_bus_message_enter_container(message
, 'a', "(ssbt)");
2280 while ((r
= sd_bus_message_enter_container(message
, 'r', "ssbt")) > 0) {
2281 const char *source
, *destination
;
2283 uint64_t mount_flags
;
2285 r
= sd_bus_message_read(message
, "ssbt", &source
, &destination
, &ignore_enoent
, &mount_flags
);
2289 r
= sd_bus_message_exit_container(message
);
2293 if (!path_is_absolute(source
))
2294 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Source path %s is not absolute.", source
);
2295 if (!path_is_absolute(destination
))
2296 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Destination path %s is not absolute.", destination
);
2297 if (!IN_SET(mount_flags
, 0, MS_REC
))
2298 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Unknown mount flags.");
2300 if (mode
!= UNIT_CHECK
) {
2301 r
= bind_mount_add(&c
->bind_mounts
, &c
->n_bind_mounts
,
2303 .source
= strdup(source
),
2304 .destination
= strdup(destination
),
2305 .read_only
= !!strstr(name
, "ReadOnly"),
2306 .recursive
= !!(mount_flags
& MS_REC
),
2307 .ignore_enoent
= ignore_enoent
,
2312 unit_write_drop_in_private_format(
2316 ignore_enoent
? "-" : "",
2319 (mount_flags
& MS_REC
) ? "rbind" : "norbind");
2327 r
= sd_bus_message_exit_container(message
);
2332 bind_mount_free_many(c
->bind_mounts
, c
->n_bind_mounts
);
2333 c
->bind_mounts
= NULL
;
2334 c
->n_bind_mounts
= 0;
2340 ri
= rlimit_from_string(name
);
2342 soft
= endswith(name
, "Soft");
2346 n
= strndupa(name
, soft
- name
);
2347 ri
= rlimit_from_string(n
);
2358 r
= sd_bus_message_read(message
, "t", &rl
);
2362 if (rl
== (uint64_t) -1)
2367 if ((uint64_t) x
!= rl
)
2371 if (mode
!= UNIT_CHECK
) {
2372 _cleanup_free_
char *f
= NULL
;
2375 if (c
->rlimit
[ri
]) {
2376 nl
= *c
->rlimit
[ri
];
2383 /* When the resource limit is not initialized yet, then assign the value to both fields */
2384 nl
= (struct rlimit
) {
2389 r
= rlimit_format(&nl
, &f
);
2394 *c
->rlimit
[ri
] = nl
;
2396 c
->rlimit
[ri
] = newdup(struct rlimit
, &nl
, 1);
2401 unit_write_drop_in_private_format(u
, mode
, name
, "%s=%s", name
, f
);