src/core/execute.h

   1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
   2
   3 #pragma once
   4
   5 /***
   6   This file is part of systemd.
   7
   8   Copyright 2010 Lennart Poettering
   9
  10   systemd is free software; you can redistribute it and/or modify it
  11   under the terms of the GNU Lesser General Public License as published by
  12   the Free Software Foundation; either version 2.1 of the License, or
  13   (at your option) any later version.
  14
  15   systemd is distributed in the hope that it will be useful, but
  16   WITHOUT ANY WARRANTY; without even the implied warranty of
  17   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  18   Lesser General Public License for more details.
  19
  20   You should have received a copy of the GNU Lesser General Public License
  21   along with systemd; If not, see <http://www.gnu.org/licenses/>.
  22 ***/
  23
  24 typedef struct ExecStatus ExecStatus;
  25 typedef struct ExecCommand ExecCommand;
  26 typedef struct ExecContext ExecContext;
  27 typedef struct ExecRuntime ExecRuntime;
  28 typedef struct ExecParameters ExecParameters;
  29
  30 #include <sched.h>
  31 #include <stdbool.h>
  32 #include <stdio.h>
  33 #include <sys/capability.h>
  34
  35 #include "bus-endpoint.h"
  36 #include "fdset.h"
  37 #include "list.h"
  38 #include "missing.h"
  39 #include "namespace.h"
  40
  41 typedef enum ExecUtmpMode {
  42         EXEC_UTMP_INIT,
  43         EXEC_UTMP_LOGIN,
  44         EXEC_UTMP_USER,
  45         _EXEC_UTMP_MODE_MAX,
  46         _EXEC_UTMP_MODE_INVALID = -1
  47 } ExecUtmpMode;
  48
  49 typedef enum ExecInput {
  50         EXEC_INPUT_NULL,
  51         EXEC_INPUT_TTY,
  52         EXEC_INPUT_TTY_FORCE,
  53         EXEC_INPUT_TTY_FAIL,
  54         EXEC_INPUT_SOCKET,
  55         _EXEC_INPUT_MAX,
  56         _EXEC_INPUT_INVALID = -1
  57 } ExecInput;
  58
  59 typedef enum ExecOutput {
  60         EXEC_OUTPUT_INHERIT,
  61         EXEC_OUTPUT_NULL,
  62         EXEC_OUTPUT_TTY,
  63         EXEC_OUTPUT_SYSLOG,
  64         EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
  65         EXEC_OUTPUT_KMSG,
  66         EXEC_OUTPUT_KMSG_AND_CONSOLE,
  67         EXEC_OUTPUT_JOURNAL,
  68         EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
  69         EXEC_OUTPUT_SOCKET,
  70         _EXEC_OUTPUT_MAX,
  71         _EXEC_OUTPUT_INVALID = -1
  72 } ExecOutput;
  73
  74 struct ExecStatus {
  75         dual_timestamp start_timestamp;
  76         dual_timestamp exit_timestamp;
  77         pid_t pid;
  78         int code;     /* as in siginfo_t::si_code */
  79         int status;   /* as in sigingo_t::si_status */
  80 };
  81
  82 struct ExecCommand {
  83         char *path;
  84         char **argv;
  85         ExecStatus exec_status;
  86         LIST_FIELDS(ExecCommand, command); /* useful for chaining commands */
  87         bool ignore;
  88 };
  89
  90 struct ExecRuntime {
  91         int n_ref;
  92
  93         char *tmp_dir;
  94         char *var_tmp_dir;
  95
  96         int netns_storage_socket[2];
  97 };
  98
  99 struct ExecContext {
 100         char **environment;
 101         char **environment_files;
 102         char **pass_environment;
 103
 104         struct rlimit *rlimit[_RLIMIT_MAX];
 105         char *working_directory, *root_directory;
 106         bool working_directory_missing_ok;
 107         bool working_directory_home;
 108
 109         mode_t umask;
 110         int oom_score_adjust;
 111         int nice;
 112         int ioprio;
 113         int cpu_sched_policy;
 114         int cpu_sched_priority;
 115
 116         cpu_set_t *cpuset;
 117         unsigned cpuset_ncpus;
 118
 119         ExecInput std_input;
 120         ExecOutput std_output;
 121         ExecOutput std_error;
 122
 123         nsec_t timer_slack_nsec;
 124
 125         bool stdio_as_fds;
 126
 127         char *tty_path;
 128
 129         bool tty_reset;
 130         bool tty_vhangup;
 131         bool tty_vt_disallocate;
 132
 133         bool ignore_sigpipe;
 134
 135         /* Since resolving these names might might involve socket
 136          * connections and we don't want to deadlock ourselves these
 137          * names are resolved on execution only and in the child
 138          * process. */
 139         char *user;
 140         char *group;
 141         char **supplementary_groups;
 142
 143         char *pam_name;
 144
 145         char *utmp_id;
 146         ExecUtmpMode utmp_mode;
 147
 148         bool selinux_context_ignore;
 149         char *selinux_context;
 150
 151         bool apparmor_profile_ignore;
 152         char *apparmor_profile;
 153
 154         bool smack_process_label_ignore;
 155         char *smack_process_label;
 156
 157         char **read_write_dirs, **read_only_dirs, **inaccessible_dirs;
 158         unsigned long mount_flags;
 159
 160         uint64_t capability_bounding_set;
 161
 162         uint64_t capability_ambient_set;
 163
 164         cap_t capabilities;
 165         int secure_bits;
 166
 167         int syslog_priority;
 168         char *syslog_identifier;
 169         bool syslog_level_prefix;
 170
 171         bool cpu_sched_reset_on_fork;
 172         bool non_blocking;
 173         bool private_tmp;
 174         bool private_network;
 175         bool private_devices;
 176         ProtectSystem protect_system;
 177         ProtectHome protect_home;
 178
 179         bool no_new_privileges;
 180
 181         /* This is not exposed to the user but available
 182          * internally. We need it to make sure that whenever we spawn
 183          * /usr/bin/mount it is run in the same process group as us so
 184          * that the autofs logic detects that it belongs to us and we
 185          * don't enter a trigger loop. */
 186         bool same_pgrp;
 187
 188         unsigned long personality;
 189
 190         Set *syscall_filter;
 191         Set *syscall_archs;
 192         int syscall_errno;
 193         bool syscall_whitelist:1;
 194
 195         Set *address_families;
 196         bool address_families_whitelist:1;
 197
 198         char **runtime_directory;
 199         mode_t runtime_directory_mode;
 200
 201         bool oom_score_adjust_set:1;
 202         bool nice_set:1;
 203         bool ioprio_set:1;
 204         bool cpu_sched_set:1;
 205         bool no_new_privileges_set:1;
 206
 207         /* custom dbus enpoint */
 208         BusEndpoint *bus_endpoint;
 209 };
 210
 211 #include "cgroup-util.h"
 212 #include "cgroup.h"
 213
 214 struct ExecParameters {
 215         char **argv;
 216         char **environment;
 217
 218         int *fds;
 219         char **fd_names;
 220         unsigned n_fds;
 221
 222         bool apply_permissions:1;
 223         bool apply_chroot:1;
 224         bool apply_tty_stdin:1;
 225
 226         bool confirm_spawn:1;
 227         bool selinux_context_net:1;
 228
 229         bool cgroup_delegate:1;
 230         CGroupMask cgroup_supported;
 231         const char *cgroup_path;
 232
 233         const char *runtime_prefix;
 234
 235         usec_t watchdog_usec;
 236
 237         int *idle_pipe;
 238
 239         char *bus_endpoint_path;
 240         int bus_endpoint_fd;
 241
 242         int stdin_fd;
 243         int stdout_fd;
 244         int stderr_fd;
 245 };
 246
 247 int exec_spawn(Unit *unit,
 248                ExecCommand *command,
 249                const ExecContext *context,
 250                const ExecParameters *exec_params,
 251                ExecRuntime *runtime,
 252                pid_t *ret);
 253
 254 void exec_command_done(ExecCommand *c);
 255 void exec_command_done_array(ExecCommand *c, unsigned n);
 256
 257 ExecCommand* exec_command_free_list(ExecCommand *c);
 258 void exec_command_free_array(ExecCommand **c, unsigned n);
 259
 260 char *exec_command_line(char **argv);
 261
 262 void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix);
 263 void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix);
 264 void exec_command_append_list(ExecCommand **l, ExecCommand *e);
 265 int exec_command_set(ExecCommand *c, const char *path, ...);
 266 int exec_command_append(ExecCommand *c, const char *path, ...);
 267
 268 void exec_context_init(ExecContext *c);
 269 void exec_context_done(ExecContext *c);
 270 void exec_context_dump(ExecContext *c, FILE* f, const char *prefix);
 271
 272 int exec_context_destroy_runtime_directory(ExecContext *c, const char *runtime_root);
 273
 274 int exec_context_load_environment(Unit *unit, const ExecContext *c, char ***l);
 275
 276 bool exec_context_may_touch_console(ExecContext *c);
 277 bool exec_context_maintains_privileges(ExecContext *c);
 278
 279 void exec_status_start(ExecStatus *s, pid_t pid);
 280 void exec_status_exit(ExecStatus *s, ExecContext *context, pid_t pid, int code, int status);
 281 void exec_status_dump(ExecStatus *s, FILE *f, const char *prefix);
 282
 283 int exec_runtime_make(ExecRuntime **rt, ExecContext *c, const char *id);
 284 ExecRuntime *exec_runtime_ref(ExecRuntime *r);
 285 ExecRuntime *exec_runtime_unref(ExecRuntime *r);
 286
 287 int exec_runtime_serialize(Unit *unit, ExecRuntime *rt, FILE *f, FDSet *fds);
 288 int exec_runtime_deserialize_item(Unit *unit, ExecRuntime **rt, const char *key, const char *value, FDSet *fds);
 289
 290 void exec_runtime_destroy(ExecRuntime *rt);
 291
 292 const char* exec_output_to_string(ExecOutput i) _const_;
 293 ExecOutput exec_output_from_string(const char *s) _pure_;
 294
 295 const char* exec_input_to_string(ExecInput i) _const_;
 296 ExecInput exec_input_from_string(const char *s) _pure_;
 297
 298 const char* exec_utmp_mode_to_string(ExecUtmpMode i) _const_;
 299 ExecUtmpMode exec_utmp_mode_from_string(const char *s) _pure_;