]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/load-fragment.c
projects / thirdparty / systemd.git / blob
? search:


c3186f38243897f478233f36643e0e22ebb60de8
[thirdparty/systemd.git] / src / core / load-fragment.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 Copyright © 2012 Holger Hans Peter Freyther
4 ***/
5
6 #include <errno.h>
7 #include <fcntl.h>
8 #include <linux/fs.h>
9 #include <linux/oom.h>
10 #if HAVE_SECCOMP
11 #include <seccomp.h>
12 #endif
13 #include <sched.h>
14 #include <sys/resource.h>
15
16 #include "af-list.h"
17 #include "alloc-util.h"
18 #include "all-units.h"
19 #include "bpf-firewall.h"
20 #include "bus-error.h"
21 #include "bus-internal.h"
22 #include "bus-util.h"
23 #include "cap-list.h"
24 #include "capability-util.h"
25 #include "cgroup-setup.h"
26 #include "conf-parser.h"
27 #include "cpu-set-util.h"
28 #include "env-util.h"
29 #include "errno-list.h"
30 #include "escape.h"
31 #include "fd-util.h"
32 #include "fileio.h"
33 #include "fs-util.h"
34 #include "hexdecoct.h"
35 #include "io-util.h"
36 #include "ioprio.h"
37 #include "ip-protocol-list.h"
38 #include "journal-util.h"
39 #include "limits-util.h"
40 #include "load-fragment.h"
41 #include "log.h"
42 #include "mountpoint-util.h"
43 #include "nulstr-util.h"
44 #include "parse-util.h"
45 #include "path-util.h"
46 #include "process-util.h"
47 #if HAVE_SECCOMP
48 #include "seccomp-util.h"
49 #endif
50 #include "securebits-util.h"
51 #include "signal-util.h"
52 #include "socket-netlink.h"
53 #include "stat-util.h"
54 #include "string-util.h"
55 #include "strv.h"
56 #include "syslog-util.h"
57 #include "time-util.h"
58 #include "unit-name.h"
59 #include "unit-printf.h"
60 #include "user-util.h"
61 #include "web-util.h"
62
63 static int parse_socket_protocol(const char *s) {
64 int r;
65
66 r = parse_ip_protocol(s);
67 if (r < 0)
68 return r;
69 if (!IN_SET(r, IPPROTO_UDPLITE, IPPROTO_SCTP))
70 return -EPROTONOSUPPORT;
71
72 return r;
73 }
74
75 int parse_crash_chvt(const char *value, int *data) {
76 int b;
77
78 if (safe_atoi(value, data) >= 0)
79 return 0;
80
81 b = parse_boolean(value);
82 if (b < 0)
83 return b;
84
85 if (b > 0)
86 *data = 0; /* switch to where kmsg goes */
87 else
88 *data = -1; /* turn off switching */
89
90 return 0;
91 }
92
93 int parse_confirm_spawn(const char *value, char **console) {
94 char *s;
95 int r;
96
97 r = value ? parse_boolean(value) : 1;
98 if (r == 0) {
99 *console = NULL;
100 return 0;
101 } else if (r > 0) /* on with default tty */
102 s = strdup("/dev/console");
103 else if (is_path(value)) /* on with fully qualified path */
104 s = strdup(value);
105 else /* on with only a tty file name, not a fully qualified path */
106 s = path_join("/dev/", value);
107 if (!s)
108 return -ENOMEM;
109
110 *console = s;
111 return 0;
112 }
113
114 DEFINE_CONFIG_PARSE(config_parse_socket_protocol, parse_socket_protocol, "Failed to parse socket protocol");
115 DEFINE_CONFIG_PARSE(config_parse_exec_secure_bits, secure_bits_from_string, "Failed to parse secure bits");
116 DEFINE_CONFIG_PARSE_ENUM(config_parse_collect_mode, collect_mode, CollectMode, "Failed to parse garbage collection mode");
117 DEFINE_CONFIG_PARSE_ENUM(config_parse_device_policy, cgroup_device_policy, CGroupDevicePolicy, "Failed to parse device policy");
118 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_keyring_mode, exec_keyring_mode, ExecKeyringMode, "Failed to parse keyring mode");
119 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_utmp_mode, exec_utmp_mode, ExecUtmpMode, "Failed to parse utmp mode");
120 DEFINE_CONFIG_PARSE_ENUM(config_parse_job_mode, job_mode, JobMode, "Failed to parse job mode");
121 DEFINE_CONFIG_PARSE_ENUM(config_parse_notify_access, notify_access, NotifyAccess, "Failed to parse notify access specifier");
122 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_home, protect_home, ProtectHome, "Failed to parse protect home value");
123 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_system, protect_system, ProtectSystem, "Failed to parse protect system value");
124 DEFINE_CONFIG_PARSE_ENUM(config_parse_runtime_preserve_mode, exec_preserve_mode, ExecPreserveMode, "Failed to parse runtime directory preserve mode");
125 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_type, service_type, ServiceType, "Failed to parse service type");
126 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_restart, service_restart, ServiceRestart, "Failed to parse service restart specifier");
127 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_timeout_failure_mode, service_timeout_failure_mode, ServiceTimeoutFailureMode, "Failed to parse timeout failure mode");
128 DEFINE_CONFIG_PARSE_ENUM(config_parse_socket_bind, socket_address_bind_ipv6_only_or_bool, SocketAddressBindIPv6Only, "Failed to parse bind IPv6 only value");
129 DEFINE_CONFIG_PARSE_ENUM(config_parse_oom_policy, oom_policy, OOMPolicy, "Failed to parse OOM policy");
130 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_ip_tos, ip_tos, int, -1, "Failed to parse IP TOS value");
131 DEFINE_CONFIG_PARSE_PTR(config_parse_blockio_weight, cg_blkio_weight_parse, uint64_t, "Invalid block IO weight");
132 DEFINE_CONFIG_PARSE_PTR(config_parse_cg_weight, cg_weight_parse, uint64_t, "Invalid weight");
133 DEFINE_CONFIG_PARSE_PTR(config_parse_cpu_shares, cg_cpu_shares_parse, uint64_t, "Invalid CPU shares");
134 DEFINE_CONFIG_PARSE_PTR(config_parse_exec_mount_flags, mount_propagation_flags_from_string, unsigned long, "Failed to parse mount flag");
135 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_numa_policy, mpol, int, -1, "Invalid NUMA policy type");
136 DEFINE_CONFIG_PARSE_ENUM(config_parse_status_unit_format, status_unit_format, StatusUnitFormat, "Failed to parse status unit format");
137
138 int config_parse_unit_deps(
139 const char *unit,
140 const char *filename,
141 unsigned line,
142 const char *section,
143 unsigned section_line,
144 const char *lvalue,
145 int ltype,
146 const char *rvalue,
147 void *data,
148 void *userdata) {
149
150 UnitDependency d = ltype;
151 Unit *u = userdata;
152 const char *p;
153
154 assert(filename);
155 assert(lvalue);
156 assert(rvalue);
157
158 p = rvalue;
159 for (;;) {
160 _cleanup_free_ char *word = NULL, *k = NULL;
161 int r;
162
163 r = extract_first_word(&p, &word, NULL, EXTRACT_RETAIN_ESCAPE);
164 if (r == 0)
165 break;
166 if (r == -ENOMEM)
167 return log_oom();
168 if (r < 0) {
169 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
170 break;
171 }
172
173 r = unit_name_printf(u, word, &k);
174 if (r < 0) {
175 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
176 continue;
177 }
178
179 r = unit_add_dependency_by_name(u, d, k, true, UNIT_DEPENDENCY_FILE);
180 if (r < 0)
181 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
182 }
183
184 return 0;
185 }
186
187 int config_parse_obsolete_unit_deps(
188 const char *unit,
189 const char *filename,
190 unsigned line,
191 const char *section,
192 unsigned section_line,
193 const char *lvalue,
194 int ltype,
195 const char *rvalue,
196 void *data,
197 void *userdata) {
198
199 log_syntax(unit, LOG_WARNING, filename, line, 0,
200 "Unit dependency type %s= is obsolete, replacing by %s=, please update your unit file", lvalue, unit_dependency_to_string(ltype));
201
202 return config_parse_unit_deps(unit, filename, line, section, section_line, lvalue, ltype, rvalue, data, userdata);
203 }
204
205 int config_parse_unit_string_printf(
206 const char *unit,
207 const char *filename,
208 unsigned line,
209 const char *section,
210 unsigned section_line,
211 const char *lvalue,
212 int ltype,
213 const char *rvalue,
214 void *data,
215 void *userdata) {
216
217 _cleanup_free_ char *k = NULL;
218 const Unit *u = userdata;
219 int r;
220
221 assert(filename);
222 assert(lvalue);
223 assert(rvalue);
224 assert(u);
225
226 r = unit_full_printf(u, rvalue, &k);
227 if (r < 0) {
228 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
229 return 0;
230 }
231
232 return config_parse_string(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
233 }
234
235 int config_parse_unit_strv_printf(
236 const char *unit,
237 const char *filename,
238 unsigned line,
239 const char *section,
240 unsigned section_line,
241 const char *lvalue,
242 int ltype,
243 const char *rvalue,
244 void *data,
245 void *userdata) {
246
247 const Unit *u = userdata;
248 _cleanup_free_ char *k = NULL;
249 int r;
250
251 assert(filename);
252 assert(lvalue);
253 assert(rvalue);
254 assert(u);
255
256 r = unit_full_printf(u, rvalue, &k);
257 if (r < 0) {
258 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
259 return 0;
260 }
261
262 return config_parse_strv(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
263 }
264
265 int config_parse_unit_path_printf(
266 const char *unit,
267 const char *filename,
268 unsigned line,
269 const char *section,
270 unsigned section_line,
271 const char *lvalue,
272 int ltype,
273 const char *rvalue,
274 void *data,
275 void *userdata) {
276
277 _cleanup_free_ char *k = NULL;
278 const Unit *u = userdata;
279 int r;
280 bool fatal = ltype;
281
282 assert(filename);
283 assert(lvalue);
284 assert(rvalue);
285 assert(u);
286
287 /* Let's not bother with anything that is too long */
288 if (strlen(rvalue) >= PATH_MAX) {
289 log_syntax(unit, LOG_ERR, filename, line, 0,
290 "%s value too long%s.",
291 lvalue, fatal ? "" : ", ignoring");
292 return fatal ? -ENAMETOOLONG : 0;
293 }
294
295 r = unit_full_printf(u, rvalue, &k);
296 if (r < 0) {
297 log_syntax(unit, LOG_ERR, filename, line, r,
298 "Failed to resolve unit specifiers in '%s'%s: %m",
299 rvalue, fatal ? "" : ", ignoring");
300 return fatal ? -ENOEXEC : 0;
301 }
302
303 return config_parse_path(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
304 }
305
306 int config_parse_unit_path_strv_printf(
307 const char *unit,
308 const char *filename,
309 unsigned line,
310 const char *section,
311 unsigned section_line,
312 const char *lvalue,
313 int ltype,
314 const char *rvalue,
315 void *data,
316 void *userdata) {
317
318 char ***x = data;
319 const Unit *u = userdata;
320 int r;
321 const char *p;
322
323 assert(filename);
324 assert(lvalue);
325 assert(rvalue);
326 assert(u);
327
328 if (isempty(rvalue)) {
329 *x = strv_free(*x);
330 return 0;
331 }
332
333 for (p = rvalue;;) {
334 _cleanup_free_ char *word = NULL, *k = NULL;
335
336 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
337 if (r == 0)
338 return 0;
339 if (r == -ENOMEM)
340 return log_oom();
341 if (r < 0) {
342 log_syntax(unit, LOG_WARNING, filename, line, r,
343 "Invalid syntax, ignoring: %s", rvalue);
344 return 0;
345 }
346
347 r = unit_full_printf(u, word, &k);
348 if (r < 0) {
349 log_syntax(unit, LOG_ERR, filename, line, r,
350 "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
351 return 0;
352 }
353
354 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
355 if (r < 0)
356 return 0;
357
358 r = strv_consume(x, TAKE_PTR(k));
359 if (r < 0)
360 return log_oom();
361 }
362 }
363
364 static int patch_var_run(
365 const char *unit,
366 const char *filename,
367 unsigned line,
368 const char *lvalue,
369 char **path) {
370
371 const char *e;
372 char *z;
373
374 e = path_startswith(*path, "/var/run/");
375 if (!e)
376 return 0;
377
378 z = path_join("/run/", e);
379 if (!z)
380 return log_oom();
381
382 log_syntax(unit, LOG_NOTICE, filename, line, 0,
383 "%s= references a path below legacy directory /var/run/, updating %s → %s; "
384 "please update the unit file accordingly.", lvalue, *path, z);
385
386 free_and_replace(*path, z);
387
388 return 1;
389 }
390
391 int config_parse_socket_listen(
392 const char *unit,
393 const char *filename,
394 unsigned line,
395 const char *section,
396 unsigned section_line,
397 const char *lvalue,
398 int ltype,
399 const char *rvalue,
400 void *data,
401 void *userdata) {
402
403 _cleanup_free_ SocketPort *p = NULL;
404 SocketPort *tail;
405 Socket *s;
406 int r;
407
408 assert(filename);
409 assert(lvalue);
410 assert(rvalue);
411 assert(data);
412
413 s = SOCKET(data);
414
415 if (isempty(rvalue)) {
416 /* An empty assignment removes all ports */
417 socket_free_ports(s);
418 return 0;
419 }
420
421 p = new0(SocketPort, 1);
422 if (!p)
423 return log_oom();
424
425 if (ltype != SOCKET_SOCKET) {
426 _cleanup_free_ char *k = NULL;
427
428 r = unit_full_printf(UNIT(s), rvalue, &k);
429 if (r < 0) {
430 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
431 return 0;
432 }
433
434 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
435 if (r < 0)
436 return 0;
437
438 if (ltype == SOCKET_FIFO) {
439 r = patch_var_run(unit, filename, line, lvalue, &k);
440 if (r < 0)
441 return r;
442 }
443
444 free_and_replace(p->path, k);
445 p->type = ltype;
446
447 } else if (streq(lvalue, "ListenNetlink")) {
448 _cleanup_free_ char *k = NULL;
449
450 r = unit_full_printf(UNIT(s), rvalue, &k);
451 if (r < 0) {
452 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
453 return 0;
454 }
455
456 r = socket_address_parse_netlink(&p->address, k);
457 if (r < 0) {
458 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse address value in '%s', ignoring: %m", k);
459 return 0;
460 }
461
462 p->type = SOCKET_SOCKET;
463
464 } else {
465 _cleanup_free_ char *k = NULL;
466
467 r = unit_full_printf(UNIT(s), rvalue, &k);
468 if (r < 0) {
469 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
470 return 0;
471 }
472
473 if (k[0] == '/') { /* Only for AF_UNIX file system sockets… */
474 r = patch_var_run(unit, filename, line, lvalue, &k);
475 if (r < 0)
476 return r;
477 }
478
479 r = socket_address_parse_and_warn(&p->address, k);
480 if (r < 0) {
481 if (r != -EAFNOSUPPORT)
482 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse address value in '%s', ignoring: %m", k);
483 return 0;
484 }
485
486 if (streq(lvalue, "ListenStream"))
487 p->address.type = SOCK_STREAM;
488 else if (streq(lvalue, "ListenDatagram"))
489 p->address.type = SOCK_DGRAM;
490 else {
491 assert(streq(lvalue, "ListenSequentialPacket"));
492 p->address.type = SOCK_SEQPACKET;
493 }
494
495 if (socket_address_family(&p->address) != AF_LOCAL && p->address.type == SOCK_SEQPACKET) {
496 log_syntax(unit, LOG_ERR, filename, line, 0, "Address family not supported, ignoring: %s", rvalue);
497 return 0;
498 }
499
500 p->type = SOCKET_SOCKET;
501 }
502
503 p->fd = -1;
504 p->auxiliary_fds = NULL;
505 p->n_auxiliary_fds = 0;
506 p->socket = s;
507
508 LIST_FIND_TAIL(port, s->ports, tail);
509 LIST_INSERT_AFTER(port, s->ports, tail, p);
510
511 p = NULL;
512
513 return 0;
514 }
515
516 int config_parse_exec_nice(
517 const char *unit,
518 const char *filename,
519 unsigned line,
520 const char *section,
521 unsigned section_line,
522 const char *lvalue,
523 int ltype,
524 const char *rvalue,
525 void *data,
526 void *userdata) {
527
528 ExecContext *c = data;
529 int priority, r;
530
531 assert(filename);
532 assert(lvalue);
533 assert(rvalue);
534 assert(data);
535
536 if (isempty(rvalue)) {
537 c->nice_set = false;
538 return 0;
539 }
540
541 r = parse_nice(rvalue, &priority);
542 if (r < 0) {
543 if (r == -ERANGE)
544 log_syntax(unit, LOG_ERR, filename, line, r, "Nice priority out of range, ignoring: %s", rvalue);
545 else
546 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse nice priority '%s', ignoring: %m", rvalue);
547 return 0;
548 }
549
550 c->nice = priority;
551 c->nice_set = true;
552
553 return 0;
554 }
555
556 int config_parse_exec_oom_score_adjust(
557 const char* unit,
558 const char *filename,
559 unsigned line,
560 const char *section,
561 unsigned section_line,
562 const char *lvalue,
563 int ltype,
564 const char *rvalue,
565 void *data,
566 void *userdata) {
567
568 ExecContext *c = data;
569 int oa, r;
570
571 assert(filename);
572 assert(lvalue);
573 assert(rvalue);
574 assert(data);
575
576 if (isempty(rvalue)) {
577 c->oom_score_adjust_set = false;
578 return 0;
579 }
580
581 r = parse_oom_score_adjust(rvalue, &oa);
582 if (r < 0) {
583 if (r == -ERANGE)
584 log_syntax(unit, LOG_ERR, filename, line, r, "OOM score adjust value out of range, ignoring: %s", rvalue);
585 else
586 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse the OOM score adjust value '%s', ignoring: %m", rvalue);
587 return 0;
588 }
589
590 c->oom_score_adjust = oa;
591 c->oom_score_adjust_set = true;
592
593 return 0;
594 }
595
596 int config_parse_exec_coredump_filter(
597 const char* unit,
598 const char *filename,
599 unsigned line,
600 const char *section,
601 unsigned section_line,
602 const char *lvalue,
603 int ltype,
604 const char *rvalue,
605 void *data,
606 void *userdata) {
607
608 ExecContext *c = data;
609 int r;
610
611 assert(filename);
612 assert(lvalue);
613 assert(rvalue);
614 assert(data);
615
616 if (isempty(rvalue)) {
617 c->coredump_filter = 0;
618 c->coredump_filter_set = false;
619 return 0;
620 }
621
622 uint64_t f;
623 r = coredump_filter_mask_from_string(rvalue, &f);
624 if (r < 0) {
625 log_syntax(unit, LOG_WARNING, filename, line, r,
626 "Failed to parse the CoredumpFilter=%s, ignoring: %m", rvalue);
627 return 0;
628 }
629
630 c->coredump_filter |= f;
631 c->oom_score_adjust_set = true;
632 return 0;
633 }
634
635 int config_parse_kill_mode(
636 const char* unit,
637 const char *filename,
638 unsigned line,
639 const char *section,
640 unsigned section_line,
641 const char *lvalue,
642 int ltype,
643 const char *rvalue,
644 void *data,
645 void *userdata) {
646
647 KillMode *k = data, m;
648
649 assert(filename);
650 assert(lvalue);
651 assert(rvalue);
652 assert(data);
653
654 if (isempty(rvalue)) {
655 *k = KILL_CONTROL_GROUP;
656 return 0;
657 }
658
659 m = kill_mode_from_string(rvalue);
660 if (m < 0) {
661 log_syntax(unit, LOG_WARNING, filename, line, 0,
662 "Failed to parse kill mode specification, ignoring: %s", rvalue);
663 return 0;
664 }
665
666 if (m == KILL_NONE)
667 log_syntax(unit, LOG_WARNING, filename, line, 0,
668 "Unit configured to use KillMode=none. "
669 "This is unsafe, as it disables systemd's process life-cycle management for the service. "
670 "Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. "
671 "Support for KillMode=none is deprecated and will eventually be removed.");
672
673 *k = m;
674 return 0;
675 }
676
677 int config_parse_exec(
678 const char *unit,
679 const char *filename,
680 unsigned line,
681 const char *section,
682 unsigned section_line,
683 const char *lvalue,
684 int ltype,
685 const char *rvalue,
686 void *data,
687 void *userdata) {
688
689 ExecCommand **e = data;
690 const Unit *u = userdata;
691 const char *p;
692 bool semicolon;
693 int r;
694
695 assert(filename);
696 assert(lvalue);
697 assert(rvalue);
698 assert(e);
699
700 e += ltype;
701
702 if (isempty(rvalue)) {
703 /* An empty assignment resets the list */
704 *e = exec_command_free_list(*e);
705 return 0;
706 }
707
708 p = rvalue;
709 do {
710 _cleanup_free_ char *path = NULL, *firstword = NULL;
711 ExecCommandFlags flags = 0;
712 bool ignore = false, separate_argv0 = false;
713 _cleanup_free_ ExecCommand *nce = NULL;
714 _cleanup_strv_free_ char **n = NULL;
715 size_t nlen = 0, nbufsize = 0;
716 const char *f;
717
718 semicolon = false;
719
720 r = extract_first_word_and_warn(&p, &firstword, NULL, EXTRACT_UNQUOTE|EXTRACT_CUNESCAPE, unit, filename, line, rvalue);
721 if (r <= 0)
722 return 0;
723
724 f = firstword;
725 for (;;) {
726 /* We accept an absolute path as first argument. If it's prefixed with - and the path doesn't
727 * exist, we ignore it instead of erroring out; if it's prefixed with @, we allow overriding of
728 * argv[0]; if it's prefixed with :, we will not do environment variable substitution;
729 * if it's prefixed with +, it will be run with full privileges and no sandboxing; if
730 * it's prefixed with '!' we apply sandboxing, but do not change user/group credentials; if
731 * it's prefixed with '!!', then we apply user/group credentials if the kernel supports ambient
732 * capabilities -- if it doesn't we don't apply the credentials themselves, but do apply most
733 * other sandboxing, with some special exceptions for changing UID.
734 *
735 * The idea is that '!!' may be used to write services that can take benefit of systemd's
736 * UID/GID dropping if the kernel supports ambient creds, but provide an automatic fallback to
737 * privilege dropping within the daemon if the kernel does not offer that. */
738
739 if (*f == '-' && !(flags & EXEC_COMMAND_IGNORE_FAILURE)) {
740 flags |= EXEC_COMMAND_IGNORE_FAILURE;
741 ignore = true;
742 } else if (*f == '@' && !separate_argv0)
743 separate_argv0 = true;
744 else if (*f == ':' && !(flags & EXEC_COMMAND_NO_ENV_EXPAND))
745 flags |= EXEC_COMMAND_NO_ENV_EXPAND;
746 else if (*f == '+' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_NO_SETUID|EXEC_COMMAND_AMBIENT_MAGIC)))
747 flags |= EXEC_COMMAND_FULLY_PRIVILEGED;
748 else if (*f == '!' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_NO_SETUID|EXEC_COMMAND_AMBIENT_MAGIC)))
749 flags |= EXEC_COMMAND_NO_SETUID;
750 else if (*f == '!' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_AMBIENT_MAGIC))) {
751 flags &= ~EXEC_COMMAND_NO_SETUID;
752 flags |= EXEC_COMMAND_AMBIENT_MAGIC;
753 } else
754 break;
755 f++;
756 }
757
758 r = unit_full_printf(u, f, &path);
759 if (r < 0) {
760 log_syntax(unit, LOG_ERR, filename, line, r,
761 "Failed to resolve unit specifiers in '%s'%s: %m",
762 f, ignore ? ", ignoring" : "");
763 return ignore ? 0 : -ENOEXEC;
764 }
765
766 if (isempty(path)) {
767 /* First word is either "-" or "@" with no command. */
768 log_syntax(unit, LOG_ERR, filename, line, 0,
769 "Empty path in command line%s: '%s'",
770 ignore ? ", ignoring" : "", rvalue);
771 return ignore ? 0 : -ENOEXEC;
772 }
773 if (!string_is_safe(path)) {
774 log_syntax(unit, LOG_ERR, filename, line, 0,
775 "Executable name contains special characters%s: %s",
776 ignore ? ", ignoring" : "", path);
777 return ignore ? 0 : -ENOEXEC;
778 }
779 if (endswith(path, "/")) {
780 log_syntax(unit, LOG_ERR, filename, line, 0,
781 "Executable path specifies a directory%s: %s",
782 ignore ? ", ignoring" : "", path);
783 return ignore ? 0 : -ENOEXEC;
784 }
785
786 if (!path_is_absolute(path)) {
787 const char *prefix;
788 bool found = false;
789
790 if (!filename_is_valid(path)) {
791 log_syntax(unit, LOG_ERR, filename, line, 0,
792 "Neither a valid executable name nor an absolute path%s: %s",
793 ignore ? ", ignoring" : "", path);
794 return ignore ? 0 : -ENOEXEC;
795 }
796
797 /* Resolve a single-component name to a full path */
798 NULSTR_FOREACH(prefix, DEFAULT_PATH_NULSTR) {
799 _cleanup_free_ char *fullpath = NULL;
800
801 fullpath = path_join(prefix, path);
802 if (!fullpath)
803 return log_oom();
804
805 if (access(fullpath, F_OK) >= 0) {
806 free_and_replace(path, fullpath);
807 found = true;
808 break;
809 }
810 }
811
812 if (!found) {
813 log_syntax(unit, LOG_ERR, filename, line, 0,
814 "Executable \"%s\" not found in path \"%s\"%s",
815 path, DEFAULT_PATH, ignore ? ", ignoring" : "");
816 return ignore ? 0 : -ENOEXEC;
817 }
818 }
819
820 if (!separate_argv0) {
821 char *w = NULL;
822
823 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
824 return log_oom();
825
826 w = strdup(path);
827 if (!w)
828 return log_oom();
829 n[nlen++] = w;
830 n[nlen] = NULL;
831 }
832
833 path_simplify(path, false);
834
835 while (!isempty(p)) {
836 _cleanup_free_ char *word = NULL, *resolved = NULL;
837
838 /* Check explicitly for an unquoted semicolon as
839 * command separator token. */
840 if (p[0] == ';' && (!p[1] || strchr(WHITESPACE, p[1]))) {
841 p++;
842 p += strspn(p, WHITESPACE);
843 semicolon = true;
844 break;
845 }
846
847 /* Check for \; explicitly, to not confuse it with \\; or "\;" or "\\;" etc.
848 * extract_first_word() would return the same for all of those. */
849 if (p[0] == '\\' && p[1] == ';' && (!p[2] || strchr(WHITESPACE, p[2]))) {
850 char *w;
851
852 p += 2;
853 p += strspn(p, WHITESPACE);
854
855 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
856 return log_oom();
857
858 w = strdup(";");
859 if (!w)
860 return log_oom();
861 n[nlen++] = w;
862 n[nlen] = NULL;
863 continue;
864 }
865
866 r = extract_first_word_and_warn(&p, &word, NULL, EXTRACT_UNQUOTE|EXTRACT_CUNESCAPE, unit, filename, line, rvalue);
867 if (r == 0)
868 break;
869 if (r < 0)
870 return ignore ? 0 : -ENOEXEC;
871
872 r = unit_full_printf(u, word, &resolved);
873 if (r < 0) {
874 log_syntax(unit, LOG_ERR, filename, line, r,
875 "Failed to resolve unit specifiers in %s%s: %m",
876 word, ignore ? ", ignoring" : "");
877 return ignore ? 0 : -ENOEXEC;
878 }
879
880 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
881 return log_oom();
882
883 n[nlen++] = TAKE_PTR(resolved);
884 n[nlen] = NULL;
885 }
886
887 if (!n || !n[0]) {
888 log_syntax(unit, LOG_ERR, filename, line, 0,
889 "Empty executable name or zeroeth argument%s: %s",
890 ignore ? ", ignoring" : "", rvalue);
891 return ignore ? 0 : -ENOEXEC;
892 }
893
894 nce = new0(ExecCommand, 1);
895 if (!nce)
896 return log_oom();
897
898 nce->argv = TAKE_PTR(n);
899 nce->path = TAKE_PTR(path);
900 nce->flags = flags;
901
902 exec_command_append_list(e, nce);
903
904 /* Do not _cleanup_free_ these. */
905 nce = NULL;
906
907 rvalue = p;
908 } while (semicolon);
909
910 return 0;
911 }
912
913 int config_parse_socket_bindtodevice(
914 const char* unit,
915 const char *filename,
916 unsigned line,
917 const char *section,
918 unsigned section_line,
919 const char *lvalue,
920 int ltype,
921 const char *rvalue,
922 void *data,
923 void *userdata) {
924
925 Socket *s = data;
926
927 assert(filename);
928 assert(lvalue);
929 assert(rvalue);
930 assert(data);
931
932 if (isempty(rvalue) || streq(rvalue, "*")) {
933 s->bind_to_device = mfree(s->bind_to_device);
934 return 0;
935 }
936
937 if (!ifname_valid(rvalue)) {
938 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid interface name, ignoring: %s", rvalue);
939 return 0;
940 }
941
942 if (free_and_strdup(&s->bind_to_device, rvalue) < 0)
943 return log_oom();
944
945 return 0;
946 }
947
948 int config_parse_exec_input(
949 const char *unit,
950 const char *filename,
951 unsigned line,
952 const char *section,
953 unsigned section_line,
954 const char *lvalue,
955 int ltype,
956 const char *rvalue,
957 void *data,
958 void *userdata) {
959
960 ExecContext *c = data;
961 const Unit *u = userdata;
962 const char *n;
963 ExecInput ei;
964 int r;
965
966 assert(data);
967 assert(filename);
968 assert(line);
969 assert(rvalue);
970
971 n = startswith(rvalue, "fd:");
972 if (n) {
973 _cleanup_free_ char *resolved = NULL;
974
975 r = unit_full_printf(u, n, &resolved);
976 if (r < 0)
977 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s': %m", n);
978
979 if (isempty(resolved))
980 resolved = mfree(resolved);
981 else if (!fdname_is_valid(resolved)) {
982 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid file descriptor name: %s", resolved);
983 return -ENOEXEC;
984 }
985
986 free_and_replace(c->stdio_fdname[STDIN_FILENO], resolved);
987
988 ei = EXEC_INPUT_NAMED_FD;
989
990 } else if ((n = startswith(rvalue, "file:"))) {
991 _cleanup_free_ char *resolved = NULL;
992
993 r = unit_full_printf(u, n, &resolved);
994 if (r < 0)
995 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s': %m", n);
996
997 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
998 if (r < 0)
999 return -ENOEXEC;
1000
1001 free_and_replace(c->stdio_file[STDIN_FILENO], resolved);
1002
1003 ei = EXEC_INPUT_FILE;
1004
1005 } else {
1006 ei = exec_input_from_string(rvalue);
1007 if (ei < 0) {
1008 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse input specifier, ignoring: %s", rvalue);
1009 return 0;
1010 }
1011 }
1012
1013 c->std_input = ei;
1014 return 0;
1015 }
1016
1017 int config_parse_exec_input_text(
1018 const char *unit,
1019 const char *filename,
1020 unsigned line,
1021 const char *section,
1022 unsigned section_line,
1023 const char *lvalue,
1024 int ltype,
1025 const char *rvalue,
1026 void *data,
1027 void *userdata) {
1028
1029 _cleanup_free_ char *unescaped = NULL, *resolved = NULL;
1030 ExecContext *c = data;
1031 const Unit *u = userdata;
1032 size_t sz;
1033 void *p;
1034 int r;
1035
1036 assert(data);
1037 assert(filename);
1038 assert(line);
1039 assert(rvalue);
1040
1041 if (isempty(rvalue)) {
1042 /* Reset if the empty string is assigned */
1043 c->stdin_data = mfree(c->stdin_data);
1044 c->stdin_data_size = 0;
1045 return 0;
1046 }
1047
1048 r = cunescape(rvalue, 0, &unescaped);
1049 if (r < 0)
1050 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to decode C escaped text '%s': %m", rvalue);
1051
1052 r = unit_full_printf(u, unescaped, &resolved);
1053 if (r < 0)
1054 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s': %m", unescaped);
1055
1056 sz = strlen(resolved);
1057 if (c->stdin_data_size + sz + 1 < c->stdin_data_size || /* check for overflow */
1058 c->stdin_data_size + sz + 1 > EXEC_STDIN_DATA_MAX) {
1059 log_syntax(unit, LOG_ERR, filename, line, 0, "Standard input data too large (%zu), maximum of %zu permitted, ignoring.", c->stdin_data_size + sz, (size_t) EXEC_STDIN_DATA_MAX);
1060 return -E2BIG;
1061 }
1062
1063 p = realloc(c->stdin_data, c->stdin_data_size + sz + 1);
1064 if (!p)
1065 return log_oom();
1066
1067 *((char*) mempcpy((char*) p + c->stdin_data_size, resolved, sz)) = '\n';
1068
1069 c->stdin_data = p;
1070 c->stdin_data_size += sz + 1;
1071
1072 return 0;
1073 }
1074
1075 int config_parse_exec_input_data(
1076 const char *unit,
1077 const char *filename,
1078 unsigned line,
1079 const char *section,
1080 unsigned section_line,
1081 const char *lvalue,
1082 int ltype,
1083 const char *rvalue,
1084 void *data,
1085 void *userdata) {
1086
1087 _cleanup_free_ void *p = NULL;
1088 ExecContext *c = data;
1089 size_t sz;
1090 void *q;
1091 int r;
1092
1093 assert(data);
1094 assert(filename);
1095 assert(line);
1096 assert(rvalue);
1097
1098 if (isempty(rvalue)) {
1099 /* Reset if the empty string is assigned */
1100 c->stdin_data = mfree(c->stdin_data);
1101 c->stdin_data_size = 0;
1102 return 0;
1103 }
1104
1105 r = unbase64mem(rvalue, (size_t) -1, &p, &sz);
1106 if (r < 0)
1107 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to decode base64 data, ignoring: %s", rvalue);
1108
1109 assert(sz > 0);
1110
1111 if (c->stdin_data_size + sz < c->stdin_data_size || /* check for overflow */
1112 c->stdin_data_size + sz > EXEC_STDIN_DATA_MAX) {
1113 log_syntax(unit, LOG_ERR, filename, line, 0, "Standard input data too large (%zu), maximum of %zu permitted, ignoring.", c->stdin_data_size + sz, (size_t) EXEC_STDIN_DATA_MAX);
1114 return -E2BIG;
1115 }
1116
1117 q = realloc(c->stdin_data, c->stdin_data_size + sz);
1118 if (!q)
1119 return log_oom();
1120
1121 memcpy((uint8_t*) q + c->stdin_data_size, p, sz);
1122
1123 c->stdin_data = q;
1124 c->stdin_data_size += sz;
1125
1126 return 0;
1127 }
1128
1129 int config_parse_exec_output(
1130 const char *unit,
1131 const char *filename,
1132 unsigned line,
1133 const char *section,
1134 unsigned section_line,
1135 const char *lvalue,
1136 int ltype,
1137 const char *rvalue,
1138 void *data,
1139 void *userdata) {
1140
1141 _cleanup_free_ char *resolved = NULL;
1142 const char *n;
1143 ExecContext *c = data;
1144 const Unit *u = userdata;
1145 bool obsolete = false;
1146 ExecOutput eo;
1147 int r;
1148
1149 assert(data);
1150 assert(filename);
1151 assert(line);
1152 assert(lvalue);
1153 assert(rvalue);
1154
1155 n = startswith(rvalue, "fd:");
1156 if (n) {
1157 r = unit_full_printf(u, n, &resolved);
1158 if (r < 0)
1159 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", n);
1160
1161 if (isempty(resolved))
1162 resolved = mfree(resolved);
1163 else if (!fdname_is_valid(resolved)) {
1164 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid file descriptor name: %s", resolved);
1165 return -ENOEXEC;
1166 }
1167
1168 eo = EXEC_OUTPUT_NAMED_FD;
1169
1170 } else if (streq(rvalue, "syslog")) {
1171 eo = EXEC_OUTPUT_JOURNAL;
1172 obsolete = true;
1173
1174 } else if (streq(rvalue, "syslog+console")) {
1175 eo = EXEC_OUTPUT_JOURNAL_AND_CONSOLE;
1176 obsolete = true;
1177
1178 } else if ((n = startswith(rvalue, "file:"))) {
1179
1180 r = unit_full_printf(u, n, &resolved);
1181 if (r < 0)
1182 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", n);
1183
1184 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
1185 if (r < 0)
1186 return -ENOEXEC;
1187
1188 eo = EXEC_OUTPUT_FILE;
1189
1190 } else if ((n = startswith(rvalue, "append:"))) {
1191
1192 r = unit_full_printf(u, n, &resolved);
1193 if (r < 0)
1194 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", n);
1195
1196 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
1197 if (r < 0)
1198 return -ENOEXEC;
1199
1200 eo = EXEC_OUTPUT_FILE_APPEND;
1201 } else {
1202 eo = exec_output_from_string(rvalue);
1203 if (eo < 0) {
1204 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse output specifier, ignoring: %s", rvalue);
1205 return 0;
1206 }
1207 }
1208
1209 if (obsolete)
1210 log_syntax(unit, LOG_NOTICE, filename, line, 0,
1211 "Standard output type %s is obsolete, automatically updating to %s. Please update your unit file, and consider removing the setting altogether.",
1212 rvalue, exec_output_to_string(eo));
1213
1214 if (streq(lvalue, "StandardOutput")) {
1215 if (eo == EXEC_OUTPUT_NAMED_FD)
1216 free_and_replace(c->stdio_fdname[STDOUT_FILENO], resolved);
1217 else
1218 free_and_replace(c->stdio_file[STDOUT_FILENO], resolved);
1219
1220 c->std_output = eo;
1221
1222 } else {
1223 assert(streq(lvalue, "StandardError"));
1224
1225 if (eo == EXEC_OUTPUT_NAMED_FD)
1226 free_and_replace(c->stdio_fdname[STDERR_FILENO], resolved);
1227 else
1228 free_and_replace(c->stdio_file[STDERR_FILENO], resolved);
1229
1230 c->std_error = eo;
1231 }
1232
1233 return 0;
1234 }
1235
1236 int config_parse_exec_io_class(const char *unit,
1237 const char *filename,
1238 unsigned line,
1239 const char *section,
1240 unsigned section_line,
1241 const char *lvalue,
1242 int ltype,
1243 const char *rvalue,
1244 void *data,
1245 void *userdata) {
1246
1247 ExecContext *c = data;
1248 int x;
1249
1250 assert(filename);
1251 assert(lvalue);
1252 assert(rvalue);
1253 assert(data);
1254
1255 if (isempty(rvalue)) {
1256 c->ioprio_set = false;
1257 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
1258 return 0;
1259 }
1260
1261 x = ioprio_class_from_string(rvalue);
1262 if (x < 0) {
1263 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse IO scheduling class, ignoring: %s", rvalue);
1264 return 0;
1265 }
1266
1267 c->ioprio = IOPRIO_PRIO_VALUE(x, IOPRIO_PRIO_DATA(c->ioprio));
1268 c->ioprio_set = true;
1269
1270 return 0;
1271 }
1272
1273 int config_parse_exec_io_priority(const char *unit,
1274 const char *filename,
1275 unsigned line,
1276 const char *section,
1277 unsigned section_line,
1278 const char *lvalue,
1279 int ltype,
1280 const char *rvalue,
1281 void *data,
1282 void *userdata) {
1283
1284 ExecContext *c = data;
1285 int i, r;
1286
1287 assert(filename);
1288 assert(lvalue);
1289 assert(rvalue);
1290 assert(data);
1291
1292 if (isempty(rvalue)) {
1293 c->ioprio_set = false;
1294 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
1295 return 0;
1296 }
1297
1298 r = ioprio_parse_priority(rvalue, &i);
1299 if (r < 0) {
1300 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse IO priority, ignoring: %s", rvalue);
1301 return 0;
1302 }
1303
1304 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_PRIO_CLASS(c->ioprio), i);
1305 c->ioprio_set = true;
1306
1307 return 0;
1308 }
1309
1310 int config_parse_exec_cpu_sched_policy(const char *unit,
1311 const char *filename,
1312 unsigned line,
1313 const char *section,
1314 unsigned section_line,
1315 const char *lvalue,
1316 int ltype,
1317 const char *rvalue,
1318 void *data,
1319 void *userdata) {
1320
1321 ExecContext *c = data;
1322 int x;
1323
1324 assert(filename);
1325 assert(lvalue);
1326 assert(rvalue);
1327 assert(data);
1328
1329 if (isempty(rvalue)) {
1330 c->cpu_sched_set = false;
1331 c->cpu_sched_policy = SCHED_OTHER;
1332 c->cpu_sched_priority = 0;
1333 return 0;
1334 }
1335
1336 x = sched_policy_from_string(rvalue);
1337 if (x < 0) {
1338 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse CPU scheduling policy, ignoring: %s", rvalue);
1339 return 0;
1340 }
1341
1342 c->cpu_sched_policy = x;
1343 /* Moving to or from real-time policy? We need to adjust the priority */
1344 c->cpu_sched_priority = CLAMP(c->cpu_sched_priority, sched_get_priority_min(x), sched_get_priority_max(x));
1345 c->cpu_sched_set = true;
1346
1347 return 0;
1348 }
1349
1350 int config_parse_numa_mask(const char *unit,
1351 const char *filename,
1352 unsigned line,
1353 const char *section,
1354 unsigned section_line,
1355 const char *lvalue,
1356 int ltype,
1357 const char *rvalue,
1358 void *data,
1359 void *userdata) {
1360 int r;
1361 NUMAPolicy *p = data;
1362
1363 assert(filename);
1364 assert(lvalue);
1365 assert(rvalue);
1366 assert(data);
1367
1368 r = parse_cpu_set_extend(rvalue, &p->nodes, true, unit, filename, line, lvalue);
1369 if (r < 0) {
1370 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse NUMA node mask, ignoring: %s", rvalue);
1371 return 0;
1372 }
1373
1374 return r;
1375 }
1376
1377 int config_parse_exec_cpu_sched_prio(const char *unit,
1378 const char *filename,
1379 unsigned line,
1380 const char *section,
1381 unsigned section_line,
1382 const char *lvalue,
1383 int ltype,
1384 const char *rvalue,
1385 void *data,
1386 void *userdata) {
1387
1388 ExecContext *c = data;
1389 int i, min, max, r;
1390
1391 assert(filename);
1392 assert(lvalue);
1393 assert(rvalue);
1394 assert(data);
1395
1396 r = safe_atoi(rvalue, &i);
1397 if (r < 0) {
1398 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse CPU scheduling priority, ignoring: %s", rvalue);
1399 return 0;
1400 }
1401
1402 /* On Linux RR/FIFO range from 1 to 99 and OTHER/BATCH may only be 0 */
1403 min = sched_get_priority_min(c->cpu_sched_policy);
1404 max = sched_get_priority_max(c->cpu_sched_policy);
1405
1406 if (i < min || i > max) {
1407 log_syntax(unit, LOG_ERR, filename, line, 0, "CPU scheduling priority is out of range, ignoring: %s", rvalue);
1408 return 0;
1409 }
1410
1411 c->cpu_sched_priority = i;
1412 c->cpu_sched_set = true;
1413
1414 return 0;
1415 }
1416
1417 int config_parse_exec_root_hash(
1418 const char *unit,
1419 const char *filename,
1420 unsigned line,
1421 const char *section,
1422 unsigned section_line,
1423 const char *lvalue,
1424 int ltype,
1425 const char *rvalue,
1426 void *data,
1427 void *userdata) {
1428
1429 _cleanup_free_ void *roothash_decoded = NULL;
1430 ExecContext *c = data;
1431 size_t roothash_decoded_size = 0;
1432 int r;
1433
1434 assert(data);
1435 assert(filename);
1436 assert(line);
1437 assert(rvalue);
1438
1439 if (isempty(rvalue)) {
1440 /* Reset if the empty string is assigned */
1441 c->root_hash_path = mfree(c->root_hash_path);
1442 c->root_hash = mfree(c->root_hash);
1443 c->root_hash_size = 0;
1444 return 0;
1445 }
1446
1447 if (path_is_absolute(rvalue)) {
1448 /* We have the path to a roothash to load and decode, eg: RootHash=/foo/bar.roothash */
1449 _cleanup_free_ char *p = NULL;
1450
1451 p = strdup(rvalue);
1452 if (!p)
1453 return -ENOMEM;
1454
1455 free_and_replace(c->root_hash_path, p);
1456 c->root_hash = mfree(c->root_hash);
1457 c->root_hash_size = 0;
1458 return 0;
1459 }
1460
1461 /* We have a roothash to decode, eg: RootHash=012345789abcdef */
1462 r = unhexmem(rvalue, strlen(rvalue), &roothash_decoded, &roothash_decoded_size);
1463 if (r < 0)
1464 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to decode RootHash=, ignoring: %s", rvalue);
1465 if (roothash_decoded_size < sizeof(sd_id128_t))
1466 return log_syntax(unit, LOG_ERR, filename, line, SYNTHETIC_ERRNO(EINVAL), "RootHash= is too short, ignoring: %s", rvalue);
1467
1468 free_and_replace(c->root_hash, roothash_decoded);
1469 c->root_hash_size = roothash_decoded_size;
1470 c->root_hash_path = mfree(c->root_hash_path);
1471
1472 return 0;
1473 }
1474
1475 int config_parse_exec_cpu_affinity(const char *unit,
1476 const char *filename,
1477 unsigned line,
1478 const char *section,
1479 unsigned section_line,
1480 const char *lvalue,
1481 int ltype,
1482 const char *rvalue,
1483 void *data,
1484 void *userdata) {
1485
1486 ExecContext *c = data;
1487 int r;
1488
1489 assert(filename);
1490 assert(lvalue);
1491 assert(rvalue);
1492 assert(data);
1493
1494 if (streq(rvalue, "numa")) {
1495 c->cpu_affinity_from_numa = true;
1496 cpu_set_reset(&c->cpu_set);
1497
1498 return 0;
1499 }
1500
1501 r = parse_cpu_set_extend(rvalue, &c->cpu_set, true, unit, filename, line, lvalue);
1502 if (r >= 0)
1503 c->cpu_affinity_from_numa = false;
1504
1505 return r;
1506 }
1507
1508 int config_parse_capability_set(
1509 const char *unit,
1510 const char *filename,
1511 unsigned line,
1512 const char *section,
1513 unsigned section_line,
1514 const char *lvalue,
1515 int ltype,
1516 const char *rvalue,
1517 void *data,
1518 void *userdata) {
1519
1520 uint64_t *capability_set = data;
1521 uint64_t sum = 0, initial = 0;
1522 bool invert = false;
1523 int r;
1524
1525 assert(filename);
1526 assert(lvalue);
1527 assert(rvalue);
1528 assert(data);
1529
1530 if (rvalue[0] == '~') {
1531 invert = true;
1532 rvalue++;
1533 }
1534
1535 if (streq(lvalue, "CapabilityBoundingSet"))
1536 initial = CAP_ALL; /* initialized to all bits on */
1537 /* else "AmbientCapabilities" initialized to all bits off */
1538
1539 r = capability_set_from_string(rvalue, &sum);
1540 if (r < 0) {
1541 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s= specifier '%s', ignoring: %m", lvalue, rvalue);
1542 return 0;
1543 }
1544
1545 if (sum == 0 || *capability_set == initial)
1546 /* "", "~" or uninitialized data -> replace */
1547 *capability_set = invert ? ~sum : sum;
1548 else {
1549 /* previous data -> merge */
1550 if (invert)
1551 *capability_set &= ~sum;
1552 else
1553 *capability_set |= sum;
1554 }
1555
1556 return 0;
1557 }
1558
1559 int config_parse_exec_selinux_context(
1560 const char *unit,
1561 const char *filename,
1562 unsigned line,
1563 const char *section,
1564 unsigned section_line,
1565 const char *lvalue,
1566 int ltype,
1567 const char *rvalue,
1568 void *data,
1569 void *userdata) {
1570
1571 ExecContext *c = data;
1572 const Unit *u = userdata;
1573 bool ignore;
1574 char *k;
1575 int r;
1576
1577 assert(filename);
1578 assert(lvalue);
1579 assert(rvalue);
1580 assert(data);
1581
1582 if (isempty(rvalue)) {
1583 c->selinux_context = mfree(c->selinux_context);
1584 c->selinux_context_ignore = false;
1585 return 0;
1586 }
1587
1588 if (rvalue[0] == '-') {
1589 ignore = true;
1590 rvalue++;
1591 } else
1592 ignore = false;
1593
1594 r = unit_full_printf(u, rvalue, &k);
1595 if (r < 0) {
1596 log_syntax(unit, LOG_ERR, filename, line, r,
1597 "Failed to resolve unit specifiers in '%s'%s: %m",
1598 rvalue, ignore ? ", ignoring" : "");
1599 return ignore ? 0 : -ENOEXEC;
1600 }
1601
1602 free_and_replace(c->selinux_context, k);
1603 c->selinux_context_ignore = ignore;
1604
1605 return 0;
1606 }
1607
1608 int config_parse_exec_apparmor_profile(
1609 const char *unit,
1610 const char *filename,
1611 unsigned line,
1612 const char *section,
1613 unsigned section_line,
1614 const char *lvalue,
1615 int ltype,
1616 const char *rvalue,
1617 void *data,
1618 void *userdata) {
1619
1620 ExecContext *c = data;
1621 const Unit *u = userdata;
1622 bool ignore;
1623 char *k;
1624 int r;
1625
1626 assert(filename);
1627 assert(lvalue);
1628 assert(rvalue);
1629 assert(data);
1630
1631 if (isempty(rvalue)) {
1632 c->apparmor_profile = mfree(c->apparmor_profile);
1633 c->apparmor_profile_ignore = false;
1634 return 0;
1635 }
1636
1637 if (rvalue[0] == '-') {
1638 ignore = true;
1639 rvalue++;
1640 } else
1641 ignore = false;
1642
1643 r = unit_full_printf(u, rvalue, &k);
1644 if (r < 0) {
1645 log_syntax(unit, LOG_ERR, filename, line, r,
1646 "Failed to resolve unit specifiers in '%s'%s: %m",
1647 rvalue, ignore ? ", ignoring" : "");
1648 return ignore ? 0 : -ENOEXEC;
1649 }
1650
1651 free_and_replace(c->apparmor_profile, k);
1652 c->apparmor_profile_ignore = ignore;
1653
1654 return 0;
1655 }
1656
1657 int config_parse_exec_smack_process_label(
1658 const char *unit,
1659 const char *filename,
1660 unsigned line,
1661 const char *section,
1662 unsigned section_line,
1663 const char *lvalue,
1664 int ltype,
1665 const char *rvalue,
1666 void *data,
1667 void *userdata) {
1668
1669 ExecContext *c = data;
1670 const Unit *u = userdata;
1671 bool ignore;
1672 char *k;
1673 int r;
1674
1675 assert(filename);
1676 assert(lvalue);
1677 assert(rvalue);
1678 assert(data);
1679
1680 if (isempty(rvalue)) {
1681 c->smack_process_label = mfree(c->smack_process_label);
1682 c->smack_process_label_ignore = false;
1683 return 0;
1684 }
1685
1686 if (rvalue[0] == '-') {
1687 ignore = true;
1688 rvalue++;
1689 } else
1690 ignore = false;
1691
1692 r = unit_full_printf(u, rvalue, &k);
1693 if (r < 0) {
1694 log_syntax(unit, LOG_ERR, filename, line, r,
1695 "Failed to resolve unit specifiers in '%s'%s: %m",
1696 rvalue, ignore ? ", ignoring" : "");
1697 return ignore ? 0 : -ENOEXEC;
1698 }
1699
1700 free_and_replace(c->smack_process_label, k);
1701 c->smack_process_label_ignore = ignore;
1702
1703 return 0;
1704 }
1705
1706 int config_parse_timer(
1707 const char *unit,
1708 const char *filename,
1709 unsigned line,
1710 const char *section,
1711 unsigned section_line,
1712 const char *lvalue,
1713 int ltype,
1714 const char *rvalue,
1715 void *data,
1716 void *userdata) {
1717
1718 _cleanup_(calendar_spec_freep) CalendarSpec *c = NULL;
1719 _cleanup_free_ char *k = NULL;
1720 const Unit *u = userdata;
1721 Timer *t = data;
1722 usec_t usec = 0;
1723 TimerValue *v;
1724 int r;
1725
1726 assert(filename);
1727 assert(lvalue);
1728 assert(rvalue);
1729 assert(data);
1730
1731 if (isempty(rvalue)) {
1732 /* Empty assignment resets list */
1733 timer_free_values(t);
1734 return 0;
1735 }
1736
1737 r = unit_full_printf(u, rvalue, &k);
1738 if (r < 0) {
1739 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
1740 return 0;
1741 }
1742
1743 if (ltype == TIMER_CALENDAR) {
1744 r = calendar_spec_from_string(k, &c);
1745 if (r < 0) {
1746 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse calendar specification, ignoring: %s", k);
1747 return 0;
1748 }
1749 } else {
1750 r = parse_sec(k, &usec);
1751 if (r < 0) {
1752 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse timer value, ignoring: %s", k);
1753 return 0;
1754 }
1755 }
1756
1757 v = new(TimerValue, 1);
1758 if (!v)
1759 return log_oom();
1760
1761 *v = (TimerValue) {
1762 .base = ltype,
1763 .value = usec,
1764 .calendar_spec = TAKE_PTR(c),
1765 };
1766
1767 LIST_PREPEND(value, t->values, v);
1768
1769 return 0;
1770 }
1771
1772 int config_parse_trigger_unit(
1773 const char *unit,
1774 const char *filename,
1775 unsigned line,
1776 const char *section,
1777 unsigned section_line,
1778 const char *lvalue,
1779 int ltype,
1780 const char *rvalue,
1781 void *data,
1782 void *userdata) {
1783
1784 _cleanup_free_ char *p = NULL;
1785 Unit *u = data;
1786 UnitType type;
1787 int r;
1788
1789 assert(filename);
1790 assert(lvalue);
1791 assert(rvalue);
1792 assert(data);
1793
1794 if (!hashmap_isempty(u->dependencies[UNIT_TRIGGERS])) {
1795 log_syntax(unit, LOG_ERR, filename, line, 0, "Multiple units to trigger specified, ignoring: %s", rvalue);
1796 return 0;
1797 }
1798
1799 r = unit_name_printf(u, rvalue, &p);
1800 if (r < 0) {
1801 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
1802 return 0;
1803 }
1804
1805 type = unit_name_to_type(p);
1806 if (type < 0) {
1807 log_syntax(unit, LOG_ERR, filename, line, 0, "Unit type not valid, ignoring: %s", rvalue);
1808 return 0;
1809 }
1810 if (unit_has_name(u, p)) {
1811 log_syntax(unit, LOG_ERR, filename, line, 0, "Units cannot trigger themselves, ignoring: %s", rvalue);
1812 return 0;
1813 }
1814
1815 r = unit_add_two_dependencies_by_name(u, UNIT_BEFORE, UNIT_TRIGGERS, p, true, UNIT_DEPENDENCY_FILE);
1816 if (r < 0) {
1817 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add trigger on %s, ignoring: %m", p);
1818 return 0;
1819 }
1820
1821 return 0;
1822 }
1823
1824 int config_parse_path_spec(const char *unit,
1825 const char *filename,
1826 unsigned line,
1827 const char *section,
1828 unsigned section_line,
1829 const char *lvalue,
1830 int ltype,
1831 const char *rvalue,
1832 void *data,
1833 void *userdata) {
1834
1835 Path *p = data;
1836 PathSpec *s;
1837 PathType b;
1838 _cleanup_free_ char *k = NULL;
1839 int r;
1840
1841 assert(filename);
1842 assert(lvalue);
1843 assert(rvalue);
1844 assert(data);
1845
1846 if (isempty(rvalue)) {
1847 /* Empty assignment clears list */
1848 path_free_specs(p);
1849 return 0;
1850 }
1851
1852 b = path_type_from_string(lvalue);
1853 if (b < 0) {
1854 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse path type, ignoring: %s", lvalue);
1855 return 0;
1856 }
1857
1858 r = unit_full_printf(UNIT(p), rvalue, &k);
1859 if (r < 0) {
1860 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
1861 return 0;
1862 }
1863
1864 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
1865 if (r < 0)
1866 return 0;
1867
1868 s = new0(PathSpec, 1);
1869 if (!s)
1870 return log_oom();
1871
1872 s->unit = UNIT(p);
1873 s->path = TAKE_PTR(k);
1874 s->type = b;
1875 s->inotify_fd = -1;
1876
1877 LIST_PREPEND(spec, p->specs, s);
1878
1879 return 0;
1880 }
1881
1882 int config_parse_socket_service(
1883 const char *unit,
1884 const char *filename,
1885 unsigned line,
1886 const char *section,
1887 unsigned section_line,
1888 const char *lvalue,
1889 int ltype,
1890 const char *rvalue,
1891 void *data,
1892 void *userdata) {
1893
1894 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
1895 _cleanup_free_ char *p = NULL;
1896 Socket *s = data;
1897 Unit *x;
1898 int r;
1899
1900 assert(filename);
1901 assert(lvalue);
1902 assert(rvalue);
1903 assert(data);
1904
1905 r = unit_name_printf(UNIT(s), rvalue, &p);
1906 if (r < 0) {
1907 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", rvalue);
1908 return -ENOEXEC;
1909 }
1910
1911 if (!endswith(p, ".service")) {
1912 log_syntax(unit, LOG_ERR, filename, line, 0, "Unit must be of type service: %s", rvalue);
1913 return -ENOEXEC;
1914 }
1915
1916 r = manager_load_unit(UNIT(s)->manager, p, NULL, &error, &x);
1917 if (r < 0) {
1918 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to load unit %s: %s", rvalue, bus_error_message(&error, r));
1919 return -ENOEXEC;
1920 }
1921
1922 unit_ref_set(&s->service, UNIT(s), x);
1923
1924 return 0;
1925 }
1926
1927 int config_parse_fdname(
1928 const char *unit,
1929 const char *filename,
1930 unsigned line,
1931 const char *section,
1932 unsigned section_line,
1933 const char *lvalue,
1934 int ltype,
1935 const char *rvalue,
1936 void *data,
1937 void *userdata) {
1938
1939 _cleanup_free_ char *p = NULL;
1940 Socket *s = data;
1941 int r;
1942
1943 assert(filename);
1944 assert(lvalue);
1945 assert(rvalue);
1946 assert(data);
1947
1948 if (isempty(rvalue)) {
1949 s->fdname = mfree(s->fdname);
1950 return 0;
1951 }
1952
1953 r = unit_full_printf(UNIT(s), rvalue, &p);
1954 if (r < 0) {
1955 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
1956 return 0;
1957 }
1958
1959 if (!fdname_is_valid(p)) {
1960 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid file descriptor name, ignoring: %s", p);
1961 return 0;
1962 }
1963
1964 return free_and_replace(s->fdname, p);
1965 }
1966
1967 int config_parse_service_sockets(
1968 const char *unit,
1969 const char *filename,
1970 unsigned line,
1971 const char *section,
1972 unsigned section_line,
1973 const char *lvalue,
1974 int ltype,
1975 const char *rvalue,
1976 void *data,
1977 void *userdata) {
1978
1979 Service *s = data;
1980 const char *p;
1981 int r;
1982
1983 assert(filename);
1984 assert(lvalue);
1985 assert(rvalue);
1986 assert(data);
1987
1988 p = rvalue;
1989 for (;;) {
1990 _cleanup_free_ char *word = NULL, *k = NULL;
1991
1992 r = extract_first_word(&p, &word, NULL, 0);
1993 if (r == 0)
1994 break;
1995 if (r == -ENOMEM)
1996 return log_oom();
1997 if (r < 0) {
1998 log_syntax(unit, LOG_ERR, filename, line, r, "Trailing garbage in sockets, ignoring: %s", rvalue);
1999 break;
2000 }
2001
2002 r = unit_name_printf(UNIT(s), word, &k);
2003 if (r < 0) {
2004 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
2005 continue;
2006 }
2007
2008 if (!endswith(k, ".socket")) {
2009 log_syntax(unit, LOG_ERR, filename, line, 0, "Unit must be of type socket, ignoring: %s", k);
2010 continue;
2011 }
2012
2013 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_WANTS, UNIT_AFTER, k, true, UNIT_DEPENDENCY_FILE);
2014 if (r < 0)
2015 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
2016
2017 r = unit_add_dependency_by_name(UNIT(s), UNIT_TRIGGERED_BY, k, true, UNIT_DEPENDENCY_FILE);
2018 if (r < 0)
2019 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
2020 }
2021
2022 return 0;
2023 }
2024
2025 int config_parse_bus_name(
2026 const char *unit,
2027 const char *filename,
2028 unsigned line,
2029 const char *section,
2030 unsigned section_line,
2031 const char *lvalue,
2032 int ltype,
2033 const char *rvalue,
2034 void *data,
2035 void *userdata) {
2036
2037 _cleanup_free_ char *k = NULL;
2038 const Unit *u = userdata;
2039 int r;
2040
2041 assert(filename);
2042 assert(lvalue);
2043 assert(rvalue);
2044 assert(u);
2045
2046 r = unit_full_printf(u, rvalue, &k);
2047 if (r < 0) {
2048 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2049 return 0;
2050 }
2051
2052 if (!sd_bus_service_name_is_valid(k)) {
2053 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid bus name, ignoring: %s", k);
2054 return 0;
2055 }
2056
2057 return config_parse_string(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
2058 }
2059
2060 int config_parse_service_timeout(
2061 const char *unit,
2062 const char *filename,
2063 unsigned line,
2064 const char *section,
2065 unsigned section_line,
2066 const char *lvalue,
2067 int ltype,
2068 const char *rvalue,
2069 void *data,
2070 void *userdata) {
2071
2072 Service *s = userdata;
2073 usec_t usec;
2074 int r;
2075
2076 assert(filename);
2077 assert(lvalue);
2078 assert(rvalue);
2079 assert(s);
2080
2081 /* This is called for two cases: TimeoutSec= and TimeoutStartSec=. */
2082
2083 /* Traditionally, these options accepted 0 to disable the timeouts. However, a timeout of 0 suggests it happens
2084 * immediately, hence fix this to become USEC_INFINITY instead. This is in-line with how we internally handle
2085 * all other timeouts. */
2086 r = parse_sec_fix_0(rvalue, &usec);
2087 if (r < 0) {
2088 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s= parameter, ignoring: %s", lvalue, rvalue);
2089 return 0;
2090 }
2091
2092 s->start_timeout_defined = true;
2093 s->timeout_start_usec = usec;
2094
2095 if (streq(lvalue, "TimeoutSec"))
2096 s->timeout_stop_usec = usec;
2097
2098 return 0;
2099 }
2100
2101 int config_parse_timeout_abort(
2102 const char *unit,
2103 const char *filename,
2104 unsigned line,
2105 const char *section,
2106 unsigned section_line,
2107 const char *lvalue,
2108 int ltype,
2109 const char *rvalue,
2110 void *data,
2111 void *userdata) {
2112
2113 usec_t *ret = data;
2114 int r;
2115
2116 assert(filename);
2117 assert(lvalue);
2118 assert(rvalue);
2119 assert(ret);
2120
2121 /* Note: apart from setting the arg, this returns an extra bit of information in the return value. */
2122
2123 if (isempty(rvalue)) {
2124 *ret = 0;
2125 return 0; /* "not set" */
2126 }
2127
2128 r = parse_sec(rvalue, ret);
2129 if (r < 0)
2130 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s= setting, ignoring: %s", lvalue, rvalue);
2131
2132 return 1; /* "set" */
2133 }
2134
2135 int config_parse_service_timeout_abort(
2136 const char *unit,
2137 const char *filename,
2138 unsigned line,
2139 const char *section,
2140 unsigned section_line,
2141 const char *lvalue,
2142 int ltype,
2143 const char *rvalue,
2144 void *data,
2145 void *userdata) {
2146
2147 Service *s = userdata;
2148 int r;
2149
2150 assert(s);
2151
2152 r = config_parse_timeout_abort(unit, filename, line, section, section_line, lvalue, ltype, rvalue,
2153 &s->timeout_abort_usec, s);
2154 if (r >= 0)
2155 s->timeout_abort_set = r;
2156 return 0;
2157 }
2158
2159 int config_parse_sec_fix_0(
2160 const char *unit,
2161 const char *filename,
2162 unsigned line,
2163 const char *section,
2164 unsigned section_line,
2165 const char *lvalue,
2166 int ltype,
2167 const char *rvalue,
2168 void *data,
2169 void *userdata) {
2170
2171 usec_t *usec = data;
2172 int r;
2173
2174 assert(filename);
2175 assert(lvalue);
2176 assert(rvalue);
2177 assert(usec);
2178
2179 /* This is pretty much like config_parse_sec(), except that this treats a time of 0 as infinity, for
2180 * compatibility with older versions of systemd where 0 instead of infinity was used as indicator to turn off a
2181 * timeout. */
2182
2183 r = parse_sec_fix_0(rvalue, usec);
2184 if (r < 0) {
2185 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s= parameter, ignoring: %s", lvalue, rvalue);
2186 return 0;
2187 }
2188
2189 return 0;
2190 }
2191
2192 int config_parse_user_group_compat(
2193 const char *unit,
2194 const char *filename,
2195 unsigned line,
2196 const char *section,
2197 unsigned section_line,
2198 const char *lvalue,
2199 int ltype,
2200 const char *rvalue,
2201 void *data,
2202 void *userdata) {
2203
2204 _cleanup_free_ char *k = NULL;
2205 char **user = data;
2206 const Unit *u = userdata;
2207 int r;
2208
2209 assert(filename);
2210 assert(lvalue);
2211 assert(rvalue);
2212 assert(u);
2213
2214 if (isempty(rvalue)) {
2215 *user = mfree(*user);
2216 return 0;
2217 }
2218
2219 r = unit_full_printf(u, rvalue, &k);
2220 if (r < 0) {
2221 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", rvalue);
2222 return -ENOEXEC;
2223 }
2224
2225 if (!valid_user_group_name(k, VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX|VALID_USER_WARN)) {
2226 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
2227 return -ENOEXEC;
2228 }
2229
2230 return free_and_replace(*user, k);
2231 }
2232
2233 int config_parse_user_group_strv_compat(
2234 const char *unit,
2235 const char *filename,
2236 unsigned line,
2237 const char *section,
2238 unsigned section_line,
2239 const char *lvalue,
2240 int ltype,
2241 const char *rvalue,
2242 void *data,
2243 void *userdata) {
2244
2245 char ***users = data;
2246 const Unit *u = userdata;
2247 const char *p = rvalue;
2248 int r;
2249
2250 assert(filename);
2251 assert(lvalue);
2252 assert(rvalue);
2253 assert(u);
2254
2255 if (isempty(rvalue)) {
2256 *users = strv_free(*users);
2257 return 0;
2258 }
2259
2260 for (;;) {
2261 _cleanup_free_ char *word = NULL, *k = NULL;
2262
2263 r = extract_first_word(&p, &word, NULL, 0);
2264 if (r == 0)
2265 break;
2266 if (r == -ENOMEM)
2267 return log_oom();
2268 if (r < 0) {
2269 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax: %s", rvalue);
2270 return -ENOEXEC;
2271 }
2272
2273 r = unit_full_printf(u, word, &k);
2274 if (r < 0) {
2275 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", word);
2276 return -ENOEXEC;
2277 }
2278
2279 if (!valid_user_group_name(k, VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX|VALID_USER_WARN)) {
2280 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
2281 return -ENOEXEC;
2282 }
2283
2284 r = strv_push(users, k);
2285 if (r < 0)
2286 return log_oom();
2287
2288 k = NULL;
2289 }
2290
2291 return 0;
2292 }
2293
2294 int config_parse_working_directory(
2295 const char *unit,
2296 const char *filename,
2297 unsigned line,
2298 const char *section,
2299 unsigned section_line,
2300 const char *lvalue,
2301 int ltype,
2302 const char *rvalue,
2303 void *data,
2304 void *userdata) {
2305
2306 ExecContext *c = data;
2307 const Unit *u = userdata;
2308 bool missing_ok;
2309 int r;
2310
2311 assert(filename);
2312 assert(lvalue);
2313 assert(rvalue);
2314 assert(c);
2315 assert(u);
2316
2317 if (isempty(rvalue)) {
2318 c->working_directory_home = false;
2319 c->working_directory = mfree(c->working_directory);
2320 return 0;
2321 }
2322
2323 if (rvalue[0] == '-') {
2324 missing_ok = true;
2325 rvalue++;
2326 } else
2327 missing_ok = false;
2328
2329 if (streq(rvalue, "~")) {
2330 c->working_directory_home = true;
2331 c->working_directory = mfree(c->working_directory);
2332 } else {
2333 _cleanup_free_ char *k = NULL;
2334
2335 r = unit_full_printf(u, rvalue, &k);
2336 if (r < 0) {
2337 log_syntax(unit, LOG_ERR, filename, line, r,
2338 "Failed to resolve unit specifiers in working directory path '%s'%s: %m",
2339 rvalue, missing_ok ? ", ignoring" : "");
2340 return missing_ok ? 0 : -ENOEXEC;
2341 }
2342
2343 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE | (missing_ok ? 0 : PATH_CHECK_FATAL), unit, filename, line, lvalue);
2344 if (r < 0)
2345 return missing_ok ? 0 : -ENOEXEC;
2346
2347 c->working_directory_home = false;
2348 free_and_replace(c->working_directory, k);
2349 }
2350
2351 c->working_directory_missing_ok = missing_ok;
2352 return 0;
2353 }
2354
2355 int config_parse_unit_env_file(const char *unit,
2356 const char *filename,
2357 unsigned line,
2358 const char *section,
2359 unsigned section_line,
2360 const char *lvalue,
2361 int ltype,
2362 const char *rvalue,
2363 void *data,
2364 void *userdata) {
2365
2366 char ***env = data;
2367 const Unit *u = userdata;
2368 _cleanup_free_ char *n = NULL;
2369 int r;
2370
2371 assert(filename);
2372 assert(lvalue);
2373 assert(rvalue);
2374 assert(data);
2375
2376 if (isempty(rvalue)) {
2377 /* Empty assignment frees the list */
2378 *env = strv_free(*env);
2379 return 0;
2380 }
2381
2382 r = unit_full_printf(u, rvalue, &n);
2383 if (r < 0) {
2384 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
2385 return 0;
2386 }
2387
2388 r = path_simplify_and_warn(n[0] == '-' ? n + 1 : n, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2389 if (r < 0)
2390 return 0;
2391
2392 r = strv_push(env, n);
2393 if (r < 0)
2394 return log_oom();
2395
2396 n = NULL;
2397
2398 return 0;
2399 }
2400
2401 int config_parse_environ(
2402 const char *unit,
2403 const char *filename,
2404 unsigned line,
2405 const char *section,
2406 unsigned section_line,
2407 const char *lvalue,
2408 int ltype,
2409 const char *rvalue,
2410 void *data,
2411 void *userdata) {
2412
2413 const Unit *u = userdata;
2414 char ***env = data;
2415 const char *p;
2416 int r;
2417
2418 assert(filename);
2419 assert(lvalue);
2420 assert(rvalue);
2421 assert(data);
2422
2423 if (isempty(rvalue)) {
2424 /* Empty assignment resets the list */
2425 *env = strv_free(*env);
2426 return 0;
2427 }
2428
2429 for (p = rvalue;; ) {
2430 _cleanup_free_ char *word = NULL, *k = NULL;
2431
2432 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
2433 if (r == 0)
2434 return 0;
2435 if (r == -ENOMEM)
2436 return log_oom();
2437 if (r < 0) {
2438 log_syntax(unit, LOG_WARNING, filename, line, r,
2439 "Invalid syntax, ignoring: %s", rvalue);
2440 return 0;
2441 }
2442
2443 if (u) {
2444 r = unit_full_printf(u, word, &k);
2445 if (r < 0) {
2446 log_syntax(unit, LOG_ERR, filename, line, r,
2447 "Failed to resolve unit specifiers in %s, ignoring: %m", word);
2448 continue;
2449 }
2450 } else
2451 k = TAKE_PTR(word);
2452
2453 if (!env_assignment_is_valid(k)) {
2454 log_syntax(unit, LOG_ERR, filename, line, 0,
2455 "Invalid environment assignment, ignoring: %s", k);
2456 continue;
2457 }
2458
2459 r = strv_env_replace(env, k);
2460 if (r < 0)
2461 return log_oom();
2462
2463 k = NULL;
2464 }
2465 }
2466
2467 int config_parse_pass_environ(
2468 const char *unit,
2469 const char *filename,
2470 unsigned line,
2471 const char *section,
2472 unsigned section_line,
2473 const char *lvalue,
2474 int ltype,
2475 const char *rvalue,
2476 void *data,
2477 void *userdata) {
2478
2479 _cleanup_strv_free_ char **n = NULL;
2480 size_t nlen = 0, nbufsize = 0;
2481 char*** passenv = data;
2482 const char *p = rvalue;
2483 const Unit *u = userdata;
2484 int r;
2485
2486 assert(filename);
2487 assert(lvalue);
2488 assert(rvalue);
2489 assert(data);
2490
2491 if (isempty(rvalue)) {
2492 /* Empty assignment resets the list */
2493 *passenv = strv_free(*passenv);
2494 return 0;
2495 }
2496
2497 for (;;) {
2498 _cleanup_free_ char *word = NULL, *k = NULL;
2499
2500 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
2501 if (r == 0)
2502 break;
2503 if (r == -ENOMEM)
2504 return log_oom();
2505 if (r < 0) {
2506 log_syntax(unit, LOG_ERR, filename, line, r,
2507 "Trailing garbage in %s, ignoring: %s", lvalue, rvalue);
2508 break;
2509 }
2510
2511 if (u) {
2512 r = unit_full_printf(u, word, &k);
2513 if (r < 0) {
2514 log_syntax(unit, LOG_ERR, filename, line, r,
2515 "Failed to resolve specifiers in %s, ignoring: %m", word);
2516 continue;
2517 }
2518 } else
2519 k = TAKE_PTR(word);
2520
2521 if (!env_name_is_valid(k)) {
2522 log_syntax(unit, LOG_ERR, filename, line, 0,
2523 "Invalid environment name for %s, ignoring: %s", lvalue, k);
2524 continue;
2525 }
2526
2527 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
2528 return log_oom();
2529
2530 n[nlen++] = TAKE_PTR(k);
2531 n[nlen] = NULL;
2532 }
2533
2534 if (n) {
2535 r = strv_extend_strv(passenv, n, true);
2536 if (r < 0)
2537 return r;
2538 }
2539
2540 return 0;
2541 }
2542
2543 int config_parse_unset_environ(
2544 const char *unit,
2545 const char *filename,
2546 unsigned line,
2547 const char *section,
2548 unsigned section_line,
2549 const char *lvalue,
2550 int ltype,
2551 const char *rvalue,
2552 void *data,
2553 void *userdata) {
2554
2555 _cleanup_strv_free_ char **n = NULL;
2556 size_t nlen = 0, nbufsize = 0;
2557 char*** unsetenv = data;
2558 const char *p = rvalue;
2559 const Unit *u = userdata;
2560 int r;
2561
2562 assert(filename);
2563 assert(lvalue);
2564 assert(rvalue);
2565 assert(data);
2566
2567 if (isempty(rvalue)) {
2568 /* Empty assignment resets the list */
2569 *unsetenv = strv_free(*unsetenv);
2570 return 0;
2571 }
2572
2573 for (;;) {
2574 _cleanup_free_ char *word = NULL, *k = NULL;
2575
2576 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
2577 if (r == 0)
2578 break;
2579 if (r == -ENOMEM)
2580 return log_oom();
2581 if (r < 0) {
2582 log_syntax(unit, LOG_ERR, filename, line, r,
2583 "Trailing garbage in %s, ignoring: %s", lvalue, rvalue);
2584 break;
2585 }
2586
2587 if (u) {
2588 r = unit_full_printf(u, word, &k);
2589 if (r < 0) {
2590 log_syntax(unit, LOG_ERR, filename, line, r,
2591 "Failed to resolve unit specifiers in %s, ignoring: %m", word);
2592 continue;
2593 }
2594 } else
2595 k = TAKE_PTR(word);
2596
2597 if (!env_assignment_is_valid(k) && !env_name_is_valid(k)) {
2598 log_syntax(unit, LOG_ERR, filename, line, 0,
2599 "Invalid environment name or assignment %s, ignoring: %s", lvalue, k);
2600 continue;
2601 }
2602
2603 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
2604 return log_oom();
2605
2606 n[nlen++] = TAKE_PTR(k);
2607 n[nlen] = NULL;
2608 }
2609
2610 if (n) {
2611 r = strv_extend_strv(unsetenv, n, true);
2612 if (r < 0)
2613 return r;
2614 }
2615
2616 return 0;
2617 }
2618
2619 int config_parse_log_extra_fields(
2620 const char *unit,
2621 const char *filename,
2622 unsigned line,
2623 const char *section,
2624 unsigned section_line,
2625 const char *lvalue,
2626 int ltype,
2627 const char *rvalue,
2628 void *data,
2629 void *userdata) {
2630
2631 ExecContext *c = data;
2632 const Unit *u = userdata;
2633 const char *p = rvalue;
2634 int r;
2635
2636 assert(filename);
2637 assert(lvalue);
2638 assert(rvalue);
2639 assert(c);
2640
2641 if (isempty(rvalue)) {
2642 exec_context_free_log_extra_fields(c);
2643 return 0;
2644 }
2645
2646 for (;;) {
2647 _cleanup_free_ char *word = NULL, *k = NULL;
2648 struct iovec *t;
2649 const char *eq;
2650
2651 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
2652 if (r == 0)
2653 return 0;
2654 if (r == -ENOMEM)
2655 return log_oom();
2656 if (r < 0) {
2657 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
2658 return 0;
2659 }
2660
2661 r = unit_full_printf(u, word, &k);
2662 if (r < 0) {
2663 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", word);
2664 continue;
2665 }
2666
2667 eq = strchr(k, '=');
2668 if (!eq) {
2669 log_syntax(unit, LOG_ERR, filename, line, 0, "Log field lacks '=' character, ignoring: %s", k);
2670 continue;
2671 }
2672
2673 if (!journal_field_valid(k, eq-k, false)) {
2674 log_syntax(unit, LOG_ERR, filename, line, 0, "Log field name is invalid, ignoring: %s", k);
2675 continue;
2676 }
2677
2678 t = reallocarray(c->log_extra_fields, c->n_log_extra_fields+1, sizeof(struct iovec));
2679 if (!t)
2680 return log_oom();
2681
2682 c->log_extra_fields = t;
2683 c->log_extra_fields[c->n_log_extra_fields++] = IOVEC_MAKE_STRING(k);
2684
2685 k = NULL;
2686 }
2687 }
2688
2689 int config_parse_log_namespace(
2690 const char *unit,
2691 const char *filename,
2692 unsigned line,
2693 const char *section,
2694 unsigned section_line,
2695 const char *lvalue,
2696 int ltype,
2697 const char *rvalue,
2698 void *data,
2699 void *userdata) {
2700
2701 _cleanup_free_ char *k = NULL;
2702 ExecContext *c = data;
2703 const Unit *u = userdata;
2704 int r;
2705
2706 assert(filename);
2707 assert(lvalue);
2708 assert(rvalue);
2709 assert(c);
2710
2711 if (isempty(rvalue)) {
2712 c->log_namespace = mfree(c->log_namespace);
2713 return 0;
2714 }
2715
2716 r = unit_full_printf(u, rvalue, &k);
2717 if (r < 0) {
2718 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2719 return 0;
2720 }
2721
2722 if (!log_namespace_name_valid(k)) {
2723 log_syntax(unit, LOG_ERR, filename, line, SYNTHETIC_ERRNO(EINVAL), "Specified log namespace name is not valid: %s", k);
2724 return 0;
2725 }
2726
2727 free_and_replace(c->log_namespace, k);
2728 return 0;
2729 }
2730
2731 int config_parse_unit_condition_path(
2732 const char *unit,
2733 const char *filename,
2734 unsigned line,
2735 const char *section,
2736 unsigned section_line,
2737 const char *lvalue,
2738 int ltype,
2739 const char *rvalue,
2740 void *data,
2741 void *userdata) {
2742
2743 _cleanup_free_ char *p = NULL;
2744 Condition **list = data, *c;
2745 ConditionType t = ltype;
2746 bool trigger, negate;
2747 const Unit *u = userdata;
2748 int r;
2749
2750 assert(filename);
2751 assert(lvalue);
2752 assert(rvalue);
2753 assert(data);
2754
2755 if (isempty(rvalue)) {
2756 /* Empty assignment resets the list */
2757 *list = condition_free_list(*list);
2758 return 0;
2759 }
2760
2761 trigger = rvalue[0] == '|';
2762 if (trigger)
2763 rvalue++;
2764
2765 negate = rvalue[0] == '!';
2766 if (negate)
2767 rvalue++;
2768
2769 r = unit_full_printf(u, rvalue, &p);
2770 if (r < 0) {
2771 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2772 return 0;
2773 }
2774
2775 r = path_simplify_and_warn(p, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2776 if (r < 0)
2777 return 0;
2778
2779 c = condition_new(t, p, trigger, negate);
2780 if (!c)
2781 return log_oom();
2782
2783 LIST_PREPEND(conditions, *list, c);
2784 return 0;
2785 }
2786
2787 int config_parse_unit_condition_string(
2788 const char *unit,
2789 const char *filename,
2790 unsigned line,
2791 const char *section,
2792 unsigned section_line,
2793 const char *lvalue,
2794 int ltype,
2795 const char *rvalue,
2796 void *data,
2797 void *userdata) {
2798
2799 _cleanup_free_ char *s = NULL;
2800 Condition **list = data, *c;
2801 ConditionType t = ltype;
2802 bool trigger, negate;
2803 const Unit *u = userdata;
2804 int r;
2805
2806 assert(filename);
2807 assert(lvalue);
2808 assert(rvalue);
2809 assert(data);
2810
2811 if (isempty(rvalue)) {
2812 /* Empty assignment resets the list */
2813 *list = condition_free_list(*list);
2814 return 0;
2815 }
2816
2817 trigger = *rvalue == '|';
2818 if (trigger)
2819 rvalue += 1 + strspn(rvalue + 1, WHITESPACE);
2820
2821 negate = *rvalue == '!';
2822 if (negate)
2823 rvalue += 1 + strspn(rvalue + 1, WHITESPACE);
2824
2825 r = unit_full_printf(u, rvalue, &s);
2826 if (r < 0) {
2827 log_syntax(unit, LOG_ERR, filename, line, r,
2828 "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
2829 return 0;
2830 }
2831
2832 c = condition_new(t, s, trigger, negate);
2833 if (!c)
2834 return log_oom();
2835
2836 LIST_PREPEND(conditions, *list, c);
2837 return 0;
2838 }
2839
2840 int config_parse_unit_condition_null(
2841 const char *unit,
2842 const char *filename,
2843 unsigned line,
2844 const char *section,
2845 unsigned section_line,
2846 const char *lvalue,
2847 int ltype,
2848 const char *rvalue,
2849 void *data,
2850 void *userdata) {
2851
2852 Condition **list = data, *c;
2853 bool trigger, negate;
2854 int b;
2855
2856 assert(filename);
2857 assert(lvalue);
2858 assert(rvalue);
2859 assert(data);
2860
2861 log_syntax(unit, LOG_WARNING, filename, line, 0, "%s= is deprecated, please do not use.", lvalue);
2862
2863 if (isempty(rvalue)) {
2864 /* Empty assignment resets the list */
2865 *list = condition_free_list(*list);
2866 return 0;
2867 }
2868
2869 trigger = rvalue[0] == '|';
2870 if (trigger)
2871 rvalue++;
2872
2873 negate = rvalue[0] == '!';
2874 if (negate)
2875 rvalue++;
2876
2877 b = parse_boolean(rvalue);
2878 if (b < 0) {
2879 log_syntax(unit, LOG_ERR, filename, line, b, "Failed to parse boolean value in condition, ignoring: %s", rvalue);
2880 return 0;
2881 }
2882
2883 if (!b)
2884 negate = !negate;
2885
2886 c = condition_new(CONDITION_NULL, NULL, trigger, negate);
2887 if (!c)
2888 return log_oom();
2889
2890 LIST_PREPEND(conditions, *list, c);
2891 return 0;
2892 }
2893
2894 int config_parse_unit_requires_mounts_for(
2895 const char *unit,
2896 const char *filename,
2897 unsigned line,
2898 const char *section,
2899 unsigned section_line,
2900 const char *lvalue,
2901 int ltype,
2902 const char *rvalue,
2903 void *data,
2904 void *userdata) {
2905
2906 const char *p = rvalue;
2907 Unit *u = userdata;
2908 int r;
2909
2910 assert(filename);
2911 assert(lvalue);
2912 assert(rvalue);
2913 assert(data);
2914
2915 for (;;) {
2916 _cleanup_free_ char *word = NULL, *resolved = NULL;
2917
2918 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
2919 if (r == 0)
2920 return 0;
2921 if (r == -ENOMEM)
2922 return log_oom();
2923 if (r < 0) {
2924 log_syntax(unit, LOG_WARNING, filename, line, r,
2925 "Invalid syntax, ignoring: %s", rvalue);
2926 return 0;
2927 }
2928
2929 r = unit_full_printf(u, word, &resolved);
2930 if (r < 0) {
2931 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
2932 continue;
2933 }
2934
2935 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2936 if (r < 0)
2937 continue;
2938
2939 r = unit_require_mounts_for(u, resolved, UNIT_DEPENDENCY_FILE);
2940 if (r < 0) {
2941 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add required mount '%s', ignoring: %m", resolved);
2942 continue;
2943 }
2944 }
2945 }
2946
2947 int config_parse_documentation(const char *unit,
2948 const char *filename,
2949 unsigned line,
2950 const char *section,
2951 unsigned section_line,
2952 const char *lvalue,
2953 int ltype,
2954 const char *rvalue,
2955 void *data,
2956 void *userdata) {
2957
2958 Unit *u = userdata;
2959 int r;
2960 char **a, **b;
2961
2962 assert(filename);
2963 assert(lvalue);
2964 assert(rvalue);
2965 assert(u);
2966
2967 if (isempty(rvalue)) {
2968 /* Empty assignment resets the list */
2969 u->documentation = strv_free(u->documentation);
2970 return 0;
2971 }
2972
2973 r = config_parse_unit_strv_printf(unit, filename, line, section, section_line, lvalue, ltype,
2974 rvalue, data, userdata);
2975 if (r < 0)
2976 return r;
2977
2978 for (a = b = u->documentation; a && *a; a++) {
2979
2980 if (documentation_url_is_valid(*a))
2981 *(b++) = *a;
2982 else {
2983 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid URL, ignoring: %s", *a);
2984 free(*a);
2985 }
2986 }
2987 if (b)
2988 *b = NULL;
2989
2990 return r;
2991 }
2992
2993 #if HAVE_SECCOMP
2994 int config_parse_syscall_filter(
2995 const char *unit,
2996 const char *filename,
2997 unsigned line,
2998 const char *section,
2999 unsigned section_line,
3000 const char *lvalue,
3001 int ltype,
3002 const char *rvalue,
3003 void *data,
3004 void *userdata) {
3005
3006 ExecContext *c = data;
3007 _unused_ const Unit *u = userdata;
3008 bool invert = false;
3009 const char *p;
3010 int r;
3011
3012 assert(filename);
3013 assert(lvalue);
3014 assert(rvalue);
3015 assert(u);
3016
3017 if (isempty(rvalue)) {
3018 /* Empty assignment resets the list */
3019 c->syscall_filter = hashmap_free(c->syscall_filter);
3020 c->syscall_whitelist = false;
3021 return 0;
3022 }
3023
3024 if (rvalue[0] == '~') {
3025 invert = true;
3026 rvalue++;
3027 }
3028
3029 if (!c->syscall_filter) {
3030 c->syscall_filter = hashmap_new(NULL);
3031 if (!c->syscall_filter)
3032 return log_oom();
3033
3034 if (invert)
3035 /* Allow everything but the ones listed */
3036 c->syscall_whitelist = false;
3037 else {
3038 /* Allow nothing but the ones listed */
3039 c->syscall_whitelist = true;
3040
3041 /* Accept default syscalls if we are on a whitelist */
3042 r = seccomp_parse_syscall_filter(
3043 "@default", -1, c->syscall_filter,
3044 SECCOMP_PARSE_PERMISSIVE|SECCOMP_PARSE_WHITELIST,
3045 unit,
3046 NULL, 0);
3047 if (r < 0)
3048 return r;
3049 }
3050 }
3051
3052 p = rvalue;
3053 for (;;) {
3054 _cleanup_free_ char *word = NULL, *name = NULL;
3055 int num;
3056
3057 r = extract_first_word(&p, &word, NULL, 0);
3058 if (r == 0)
3059 return 0;
3060 if (r == -ENOMEM)
3061 return log_oom();
3062 if (r < 0) {
3063 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
3064 return 0;
3065 }
3066
3067 r = parse_syscall_and_errno(word, &name, &num);
3068 if (r < 0) {
3069 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse syscall:errno, ignoring: %s", word);
3070 continue;
3071 }
3072
3073 r = seccomp_parse_syscall_filter(
3074 name, num, c->syscall_filter,
3075 SECCOMP_PARSE_LOG|SECCOMP_PARSE_PERMISSIVE|
3076 (invert ? SECCOMP_PARSE_INVERT : 0)|
3077 (c->syscall_whitelist ? SECCOMP_PARSE_WHITELIST : 0),
3078 unit, filename, line);
3079 if (r < 0)
3080 return r;
3081 }
3082 }
3083
3084 int config_parse_syscall_archs(
3085 const char *unit,
3086 const char *filename,
3087 unsigned line,
3088 const char *section,
3089 unsigned section_line,
3090 const char *lvalue,
3091 int ltype,
3092 const char *rvalue,
3093 void *data,
3094 void *userdata) {
3095
3096 const char *p = rvalue;
3097 Set **archs = data;
3098 int r;
3099
3100 if (isempty(rvalue)) {
3101 *archs = set_free(*archs);
3102 return 0;
3103 }
3104
3105 for (;;) {
3106 _cleanup_free_ char *word = NULL;
3107 uint32_t a;
3108
3109 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
3110 if (r == 0)
3111 return 0;
3112 if (r == -ENOMEM)
3113 return log_oom();
3114 if (r < 0) {
3115 log_syntax(unit, LOG_WARNING, filename, line, r,
3116 "Invalid syntax, ignoring: %s", rvalue);
3117 return 0;
3118 }
3119
3120 r = seccomp_arch_from_string(word, &a);
3121 if (r < 0) {
3122 log_syntax(unit, LOG_ERR, filename, line, r,
3123 "Failed to parse system call architecture \"%s\", ignoring: %m", word);
3124 continue;
3125 }
3126
3127 r = set_ensure_put(archs, NULL, UINT32_TO_PTR(a + 1));
3128 if (r < 0)
3129 return log_oom();
3130 }
3131 }
3132
3133 int config_parse_syscall_errno(
3134 const char *unit,
3135 const char *filename,
3136 unsigned line,
3137 const char *section,
3138 unsigned section_line,
3139 const char *lvalue,
3140 int ltype,
3141 const char *rvalue,
3142 void *data,
3143 void *userdata) {
3144
3145 ExecContext *c = data;
3146 int e;
3147
3148 assert(filename);
3149 assert(lvalue);
3150 assert(rvalue);
3151
3152 if (isempty(rvalue)) {
3153 /* Empty assignment resets to KILL */
3154 c->syscall_errno = 0;
3155 return 0;
3156 }
3157
3158 e = parse_errno(rvalue);
3159 if (e <= 0) {
3160 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse error number, ignoring: %s", rvalue);
3161 return 0;
3162 }
3163
3164 c->syscall_errno = e;
3165 return 0;
3166 }
3167
3168 int config_parse_address_families(
3169 const char *unit,
3170 const char *filename,
3171 unsigned line,
3172 const char *section,
3173 unsigned section_line,
3174 const char *lvalue,
3175 int ltype,
3176 const char *rvalue,
3177 void *data,
3178 void *userdata) {
3179
3180 ExecContext *c = data;
3181 bool invert = false;
3182 const char *p;
3183 int r;
3184
3185 assert(filename);
3186 assert(lvalue);
3187 assert(rvalue);
3188
3189 if (isempty(rvalue)) {
3190 /* Empty assignment resets the list */
3191 c->address_families = set_free(c->address_families);
3192 c->address_families_whitelist = false;
3193 return 0;
3194 }
3195
3196 if (rvalue[0] == '~') {
3197 invert = true;
3198 rvalue++;
3199 }
3200
3201 if (!c->address_families) {
3202 c->address_families = set_new(NULL);
3203 if (!c->address_families)
3204 return log_oom();
3205
3206 c->address_families_whitelist = !invert;
3207 }
3208
3209 for (p = rvalue;;) {
3210 _cleanup_free_ char *word = NULL;
3211 int af;
3212
3213 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
3214 if (r == 0)
3215 return 0;
3216 if (r == -ENOMEM)
3217 return log_oom();
3218 if (r < 0) {
3219 log_syntax(unit, LOG_WARNING, filename, line, r,
3220 "Invalid syntax, ignoring: %s", rvalue);
3221 return 0;
3222 }
3223
3224 af = af_from_name(word);
3225 if (af < 0) {
3226 log_syntax(unit, LOG_ERR, filename, line, af,
3227 "Failed to parse address family, ignoring: %s", word);
3228 continue;
3229 }
3230
3231 /* If we previously wanted to forbid an address family and now
3232 * we want to allow it, then just remove it from the list.
3233 */
3234 if (!invert == c->address_families_whitelist) {
3235 r = set_put(c->address_families, INT_TO_PTR(af));
3236 if (r < 0)
3237 return log_oom();
3238 } else
3239 set_remove(c->address_families, INT_TO_PTR(af));
3240 }
3241 }
3242
3243 int config_parse_restrict_namespaces(
3244 const char *unit,
3245 const char *filename,
3246 unsigned line,
3247 const char *section,
3248 unsigned section_line,
3249 const char *lvalue,
3250 int ltype,
3251 const char *rvalue,
3252 void *data,
3253 void *userdata) {
3254
3255 ExecContext *c = data;
3256 unsigned long flags;
3257 bool invert = false;
3258 int r;
3259
3260 if (isempty(rvalue)) {
3261 /* Reset to the default. */
3262 c->restrict_namespaces = NAMESPACE_FLAGS_INITIAL;
3263 return 0;
3264 }
3265
3266 /* Boolean parameter ignores the previous settings */
3267 r = parse_boolean(rvalue);
3268 if (r > 0) {
3269 c->restrict_namespaces = 0;
3270 return 0;
3271 } else if (r == 0) {
3272 c->restrict_namespaces = NAMESPACE_FLAGS_ALL;
3273 return 0;
3274 }
3275
3276 if (rvalue[0] == '~') {
3277 invert = true;
3278 rvalue++;
3279 }
3280
3281 /* Not a boolean argument, in this case it's a list of namespace types. */
3282 r = namespace_flags_from_string(rvalue, &flags);
3283 if (r < 0) {
3284 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse namespace type string, ignoring: %s", rvalue);
3285 return 0;
3286 }
3287
3288 if (c->restrict_namespaces == NAMESPACE_FLAGS_INITIAL)
3289 /* Initial assignment. Just set the value. */
3290 c->restrict_namespaces = invert ? (~flags) & NAMESPACE_FLAGS_ALL : flags;
3291 else
3292 /* Merge the value with the previous one. */
3293 SET_FLAG(c->restrict_namespaces, flags, !invert);
3294
3295 return 0;
3296 }
3297 #endif
3298
3299 int config_parse_unit_slice(
3300 const char *unit,
3301 const char *filename,
3302 unsigned line,
3303 const char *section,
3304 unsigned section_line,
3305 const char *lvalue,
3306 int ltype,
3307 const char *rvalue,
3308 void *data,
3309 void *userdata) {
3310
3311 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
3312 _cleanup_free_ char *k = NULL;
3313 Unit *u = userdata, *slice;
3314 int r;
3315
3316 assert(filename);
3317 assert(lvalue);
3318 assert(rvalue);
3319 assert(u);
3320
3321 r = unit_name_printf(u, rvalue, &k);
3322 if (r < 0) {
3323 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
3324 return 0;
3325 }
3326
3327 r = manager_load_unit(u->manager, k, NULL, &error, &slice);
3328 if (r < 0) {
3329 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to load slice unit %s, ignoring: %s", k, bus_error_message(&error, r));
3330 return 0;
3331 }
3332
3333 r = unit_set_slice(u, slice);
3334 if (r < 0) {
3335 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to assign slice %s to unit %s, ignoring: %m", slice->id, u->id);
3336 return 0;
3337 }
3338
3339 return 0;
3340 }
3341
3342 int config_parse_cpu_quota(
3343 const char *unit,
3344 const char *filename,
3345 unsigned line,
3346 const char *section,
3347 unsigned section_line,
3348 const char *lvalue,
3349 int ltype,
3350 const char *rvalue,
3351 void *data,
3352 void *userdata) {
3353
3354 CGroupContext *c = data;
3355 int r;
3356
3357 assert(filename);
3358 assert(lvalue);
3359 assert(rvalue);
3360
3361 if (isempty(rvalue)) {
3362 c->cpu_quota_per_sec_usec = USEC_INFINITY;
3363 return 0;
3364 }
3365
3366 r = parse_permille_unbounded(rvalue);
3367 if (r <= 0) {
3368 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid CPU quota '%s', ignoring.", rvalue);
3369 return 0;
3370 }
3371
3372 c->cpu_quota_per_sec_usec = ((usec_t) r * USEC_PER_SEC) / 1000U;
3373 return 0;
3374 }
3375
3376 int config_parse_allowed_cpus(
3377 const char *unit,
3378 const char *filename,
3379 unsigned line,
3380 const char *section,
3381 unsigned section_line,
3382 const char *lvalue,
3383 int ltype,
3384 const char *rvalue,
3385 void *data,
3386 void *userdata) {
3387
3388 CGroupContext *c = data;
3389
3390 (void) parse_cpu_set_extend(rvalue, &c->cpuset_cpus, true, unit, filename, line, lvalue);
3391
3392 return 0;
3393 }
3394
3395 int config_parse_allowed_mems(
3396 const char *unit,
3397 const char *filename,
3398 unsigned line,
3399 const char *section,
3400 unsigned section_line,
3401 const char *lvalue,
3402 int ltype,
3403 const char *rvalue,
3404 void *data,
3405 void *userdata) {
3406
3407 CGroupContext *c = data;
3408
3409 (void) parse_cpu_set_extend(rvalue, &c->cpuset_mems, true, unit, filename, line, lvalue);
3410
3411 return 0;
3412 }
3413
3414 int config_parse_memory_limit(
3415 const char *unit,
3416 const char *filename,
3417 unsigned line,
3418 const char *section,
3419 unsigned section_line,
3420 const char *lvalue,
3421 int ltype,
3422 const char *rvalue,
3423 void *data,
3424 void *userdata) {
3425
3426 CGroupContext *c = data;
3427 uint64_t bytes = CGROUP_LIMIT_MAX;
3428 int r;
3429
3430 if (STR_IN_SET(lvalue, "DefaultMemoryLow",
3431 "DefaultMemoryMin",
3432 "MemoryLow",
3433 "MemoryMin"))
3434 bytes = CGROUP_LIMIT_MIN;
3435
3436 if (!isempty(rvalue) && !streq(rvalue, "infinity")) {
3437
3438 r = parse_permille(rvalue);
3439 if (r < 0) {
3440 r = parse_size(rvalue, 1024, &bytes);
3441 if (r < 0) {
3442 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid memory limit '%s', ignoring: %m", rvalue);
3443 return 0;
3444 }
3445 } else
3446 bytes = physical_memory_scale(r, 1000U);
3447
3448 if (bytes >= UINT64_MAX ||
3449 (bytes <= 0 && !STR_IN_SET(lvalue, "MemorySwapMax", "MemoryLow", "MemoryMin", "DefaultMemoryLow", "DefaultMemoryMin"))) {
3450 log_syntax(unit, LOG_ERR, filename, line, 0, "Memory limit '%s' out of range, ignoring.", rvalue);
3451 return 0;
3452 }
3453 }
3454
3455 if (streq(lvalue, "DefaultMemoryLow")) {
3456 c->default_memory_low = bytes;
3457 c->default_memory_low_set = true;
3458 } else if (streq(lvalue, "DefaultMemoryMin")) {
3459 c->default_memory_min = bytes;
3460 c->default_memory_min_set = true;
3461 } else if (streq(lvalue, "MemoryMin")) {
3462 c->memory_min = bytes;
3463 c->memory_min_set = true;
3464 } else if (streq(lvalue, "MemoryLow")) {
3465 c->memory_low = bytes;
3466 c->memory_low_set = true;
3467 } else if (streq(lvalue, "MemoryHigh"))
3468 c->memory_high = bytes;
3469 else if (streq(lvalue, "MemoryMax"))
3470 c->memory_max = bytes;
3471 else if (streq(lvalue, "MemorySwapMax"))
3472 c->memory_swap_max = bytes;
3473 else if (streq(lvalue, "MemoryLimit"))
3474 c->memory_limit = bytes;
3475 else
3476 return -EINVAL;
3477
3478 return 0;
3479 }
3480
3481 int config_parse_tasks_max(
3482 const char *unit,
3483 const char *filename,
3484 unsigned line,
3485 const char *section,
3486 unsigned section_line,
3487 const char *lvalue,
3488 int ltype,
3489 const char *rvalue,
3490 void *data,
3491 void *userdata) {
3492
3493 const Unit *u = userdata;
3494 TasksMax *tasks_max = data;
3495 uint64_t v;
3496 int r;
3497
3498 if (isempty(rvalue)) {
3499 *tasks_max = u ? u->manager->default_tasks_max : TASKS_MAX_UNSET;
3500 return 0;
3501 }
3502
3503 if (streq(rvalue, "infinity")) {
3504 *tasks_max = TASKS_MAX_UNSET;
3505 return 0;
3506 }
3507
3508 r = parse_permille(rvalue);
3509 if (r >= 0)
3510 *tasks_max = (TasksMax) { r, 1000U }; /* r‰ */
3511 else {
3512 r = safe_atou64(rvalue, &v);
3513 if (r < 0) {
3514 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid maximum tasks value '%s', ignoring: %m", rvalue);
3515 return 0;
3516 }
3517
3518 if (v <= 0 || v >= UINT64_MAX) {
3519 log_syntax(unit, LOG_ERR, filename, line, 0, "Maximum tasks value '%s' out of range, ignoring.", rvalue);
3520 return 0;
3521 }
3522
3523 *tasks_max = (TasksMax) { v };
3524 }
3525
3526 return 0;
3527 }
3528
3529 int config_parse_delegate(
3530 const char *unit,
3531 const char *filename,
3532 unsigned line,
3533 const char *section,
3534 unsigned section_line,
3535 const char *lvalue,
3536 int ltype,
3537 const char *rvalue,
3538 void *data,
3539 void *userdata) {
3540
3541 CGroupContext *c = data;
3542 UnitType t;
3543 int r;
3544
3545 t = unit_name_to_type(unit);
3546 assert(t != _UNIT_TYPE_INVALID);
3547
3548 if (!unit_vtable[t]->can_delegate) {
3549 log_syntax(unit, LOG_ERR, filename, line, 0, "Delegate= setting not supported for this unit type, ignoring.");
3550 return 0;
3551 }
3552
3553 /* We either accept a boolean value, which may be used to turn on delegation for all controllers, or turn it
3554 * off for all. Or it takes a list of controller names, in which case we add the specified controllers to the
3555 * mask to delegate. */
3556
3557 if (isempty(rvalue)) {
3558 /* An empty string resets controllers and set Delegate=yes. */
3559 c->delegate = true;
3560 c->delegate_controllers = 0;
3561 return 0;
3562 }
3563
3564 r = parse_boolean(rvalue);
3565 if (r < 0) {
3566 const char *p = rvalue;
3567 CGroupMask mask = 0;
3568
3569 for (;;) {
3570 _cleanup_free_ char *word = NULL;
3571 CGroupController cc;
3572
3573 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
3574 if (r == 0)
3575 break;
3576 if (r == -ENOMEM)
3577 return log_oom();
3578 if (r < 0) {
3579 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
3580 return 0;
3581 }
3582
3583 cc = cgroup_controller_from_string(word);
3584 if (cc < 0) {
3585 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid controller name '%s', ignoring", word);
3586 continue;
3587 }
3588
3589 mask |= CGROUP_CONTROLLER_TO_MASK(cc);
3590 }
3591
3592 c->delegate = true;
3593 c->delegate_controllers |= mask;
3594
3595 } else if (r > 0) {
3596 c->delegate = true;
3597 c->delegate_controllers = _CGROUP_MASK_ALL;
3598 } else {
3599 c->delegate = false;
3600 c->delegate_controllers = 0;
3601 }
3602
3603 return 0;
3604 }
3605
3606 int config_parse_device_allow(
3607 const char *unit,
3608 const char *filename,
3609 unsigned line,
3610 const char *section,
3611 unsigned section_line,
3612 const char *lvalue,
3613 int ltype,
3614 const char *rvalue,
3615 void *data,
3616 void *userdata) {
3617
3618 _cleanup_free_ char *path = NULL, *resolved = NULL;
3619 CGroupContext *c = data;
3620 const char *p = rvalue;
3621 int r;
3622
3623 if (isempty(rvalue)) {
3624 while (c->device_allow)
3625 cgroup_context_free_device_allow(c, c->device_allow);
3626
3627 return 0;
3628 }
3629
3630 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3631 if (r == -ENOMEM)
3632 return log_oom();
3633 if (r < 0) {
3634 log_syntax(unit, LOG_WARNING, filename, line, r,
3635 "Invalid syntax, ignoring: %s", rvalue);
3636 return 0;
3637 }
3638 if (r == 0) {
3639 log_syntax(unit, LOG_WARNING, filename, line, 0,
3640 "Failed to extract device path and rights from '%s', ignoring.", rvalue);
3641 return 0;
3642 }
3643
3644 r = unit_full_printf(userdata, path, &resolved);
3645 if (r < 0) {
3646 log_syntax(unit, LOG_WARNING, filename, line, r,
3647 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
3648 return 0;
3649 }
3650
3651 if (!STARTSWITH_SET(resolved, "block-", "char-")) {
3652
3653 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3654 if (r < 0)
3655 return 0;
3656
3657 if (!valid_device_node_path(resolved)) {
3658 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid device node path '%s', ignoring.", resolved);
3659 return 0;
3660 }
3661 }
3662
3663 if (!isempty(p) && !in_charset(p, "rwm")) {
3664 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid device rights '%s', ignoring.", p);
3665 return 0;
3666 }
3667
3668 return cgroup_add_device_allow(c, resolved, p);
3669 }
3670
3671 int config_parse_io_device_weight(
3672 const char *unit,
3673 const char *filename,
3674 unsigned line,
3675 const char *section,
3676 unsigned section_line,
3677 const char *lvalue,
3678 int ltype,
3679 const char *rvalue,
3680 void *data,
3681 void *userdata) {
3682
3683 _cleanup_free_ char *path = NULL, *resolved = NULL;
3684 CGroupIODeviceWeight *w;
3685 CGroupContext *c = data;
3686 const char *p = rvalue;
3687 uint64_t u;
3688 int r;
3689
3690 assert(filename);
3691 assert(lvalue);
3692 assert(rvalue);
3693
3694 if (isempty(rvalue)) {
3695 while (c->io_device_weights)
3696 cgroup_context_free_io_device_weight(c, c->io_device_weights);
3697
3698 return 0;
3699 }
3700
3701 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3702 if (r == -ENOMEM)
3703 return log_oom();
3704 if (r < 0) {
3705 log_syntax(unit, LOG_WARNING, filename, line, r,
3706 "Invalid syntax, ignoring: %s", rvalue);
3707 return 0;
3708 }
3709 if (r == 0 || isempty(p)) {
3710 log_syntax(unit, LOG_WARNING, filename, line, 0,
3711 "Failed to extract device path and weight from '%s', ignoring.", rvalue);
3712 return 0;
3713 }
3714
3715 r = unit_full_printf(userdata, path, &resolved);
3716 if (r < 0) {
3717 log_syntax(unit, LOG_WARNING, filename, line, r,
3718 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
3719 return 0;
3720 }
3721
3722 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3723 if (r < 0)
3724 return 0;
3725
3726 r = cg_weight_parse(p, &u);
3727 if (r < 0) {
3728 log_syntax(unit, LOG_ERR, filename, line, r, "IO weight '%s' invalid, ignoring: %m", p);
3729 return 0;
3730 }
3731
3732 assert(u != CGROUP_WEIGHT_INVALID);
3733
3734 w = new0(CGroupIODeviceWeight, 1);
3735 if (!w)
3736 return log_oom();
3737
3738 w->path = TAKE_PTR(resolved);
3739 w->weight = u;
3740
3741 LIST_PREPEND(device_weights, c->io_device_weights, w);
3742 return 0;
3743 }
3744
3745 int config_parse_io_device_latency(
3746 const char *unit,
3747 const char *filename,
3748 unsigned line,
3749 const char *section,
3750 unsigned section_line,
3751 const char *lvalue,
3752 int ltype,
3753 const char *rvalue,
3754 void *data,
3755 void *userdata) {
3756
3757 _cleanup_free_ char *path = NULL, *resolved = NULL;
3758 CGroupIODeviceLatency *l;
3759 CGroupContext *c = data;
3760 const char *p = rvalue;
3761 usec_t usec;
3762 int r;
3763
3764 assert(filename);
3765 assert(lvalue);
3766 assert(rvalue);
3767
3768 if (isempty(rvalue)) {
3769 while (c->io_device_latencies)
3770 cgroup_context_free_io_device_latency(c, c->io_device_latencies);
3771
3772 return 0;
3773 }
3774
3775 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3776 if (r == -ENOMEM)
3777 return log_oom();
3778 if (r < 0) {
3779 log_syntax(unit, LOG_WARNING, filename, line, r,
3780 "Invalid syntax, ignoring: %s", rvalue);
3781 return 0;
3782 }
3783 if (r == 0 || isempty(p)) {
3784 log_syntax(unit, LOG_WARNING, filename, line, 0,
3785 "Failed to extract device path and latency from '%s', ignoring.", rvalue);
3786 return 0;
3787 }
3788
3789 r = unit_full_printf(userdata, path, &resolved);
3790 if (r < 0) {
3791 log_syntax(unit, LOG_WARNING, filename, line, r,
3792 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
3793 return 0;
3794 }
3795
3796 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3797 if (r < 0)
3798 return 0;
3799
3800 if (parse_sec(p, &usec) < 0) {
3801 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse timer value, ignoring: %s", p);
3802 return 0;
3803 }
3804
3805 l = new0(CGroupIODeviceLatency, 1);
3806 if (!l)
3807 return log_oom();
3808
3809 l->path = TAKE_PTR(resolved);
3810 l->target_usec = usec;
3811
3812 LIST_PREPEND(device_latencies, c->io_device_latencies, l);
3813 return 0;
3814 }
3815
3816 int config_parse_io_limit(
3817 const char *unit,
3818 const char *filename,
3819 unsigned line,
3820 const char *section,
3821 unsigned section_line,
3822 const char *lvalue,
3823 int ltype,
3824 const char *rvalue,
3825 void *data,
3826 void *userdata) {
3827
3828 _cleanup_free_ char *path = NULL, *resolved = NULL;
3829 CGroupIODeviceLimit *l = NULL, *t;
3830 CGroupContext *c = data;
3831 CGroupIOLimitType type;
3832 const char *p = rvalue;
3833 uint64_t num;
3834 int r;
3835
3836 assert(filename);
3837 assert(lvalue);
3838 assert(rvalue);
3839
3840 type = cgroup_io_limit_type_from_string(lvalue);
3841 assert(type >= 0);
3842
3843 if (isempty(rvalue)) {
3844 LIST_FOREACH(device_limits, l, c->io_device_limits)
3845 l->limits[type] = cgroup_io_limit_defaults[type];
3846 return 0;
3847 }
3848
3849 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3850 if (r == -ENOMEM)
3851 return log_oom();
3852 if (r < 0) {
3853 log_syntax(unit, LOG_WARNING, filename, line, r,
3854 "Invalid syntax, ignoring: %s", rvalue);
3855 return 0;
3856 }
3857 if (r == 0 || isempty(p)) {
3858 log_syntax(unit, LOG_WARNING, filename, line, 0,
3859 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue);
3860 return 0;
3861 }
3862
3863 r = unit_full_printf(userdata, path, &resolved);
3864 if (r < 0) {
3865 log_syntax(unit, LOG_WARNING, filename, line, r,
3866 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
3867 return 0;
3868 }
3869
3870 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3871 if (r < 0)
3872 return 0;
3873
3874 if (streq("infinity", p))
3875 num = CGROUP_LIMIT_MAX;
3876 else {
3877 r = parse_size(p, 1000, &num);
3878 if (r < 0 || num <= 0) {
3879 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid IO limit '%s', ignoring.", p);
3880 return 0;
3881 }
3882 }
3883
3884 LIST_FOREACH(device_limits, t, c->io_device_limits) {
3885 if (path_equal(resolved, t->path)) {
3886 l = t;
3887 break;
3888 }
3889 }
3890
3891 if (!l) {
3892 CGroupIOLimitType ttype;
3893
3894 l = new0(CGroupIODeviceLimit, 1);
3895 if (!l)
3896 return log_oom();
3897
3898 l->path = TAKE_PTR(resolved);
3899 for (ttype = 0; ttype < _CGROUP_IO_LIMIT_TYPE_MAX; ttype++)
3900 l->limits[ttype] = cgroup_io_limit_defaults[ttype];
3901
3902 LIST_PREPEND(device_limits, c->io_device_limits, l);
3903 }
3904
3905 l->limits[type] = num;
3906
3907 return 0;
3908 }
3909
3910 int config_parse_blockio_device_weight(
3911 const char *unit,
3912 const char *filename,
3913 unsigned line,
3914 const char *section,
3915 unsigned section_line,
3916 const char *lvalue,
3917 int ltype,
3918 const char *rvalue,
3919 void *data,
3920 void *userdata) {
3921
3922 _cleanup_free_ char *path = NULL, *resolved = NULL;
3923 CGroupBlockIODeviceWeight *w;
3924 CGroupContext *c = data;
3925 const char *p = rvalue;
3926 uint64_t u;
3927 int r;
3928
3929 assert(filename);
3930 assert(lvalue);
3931 assert(rvalue);
3932
3933 if (isempty(rvalue)) {
3934 while (c->blockio_device_weights)
3935 cgroup_context_free_blockio_device_weight(c, c->blockio_device_weights);
3936
3937 return 0;
3938 }
3939
3940 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3941 if (r == -ENOMEM)
3942 return log_oom();
3943 if (r < 0) {
3944 log_syntax(unit, LOG_WARNING, filename, line, r,
3945 "Invalid syntax, ignoring: %s", rvalue);
3946 return 0;
3947 }
3948 if (r == 0 || isempty(p)) {
3949 log_syntax(unit, LOG_WARNING, filename, line, 0,
3950 "Failed to extract device node and weight from '%s', ignoring.", rvalue);
3951 return 0;
3952 }
3953
3954 r = unit_full_printf(userdata, path, &resolved);
3955 if (r < 0) {
3956 log_syntax(unit, LOG_WARNING, filename, line, r,
3957 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
3958 return 0;
3959 }
3960
3961 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3962 if (r < 0)
3963 return 0;
3964
3965 r = cg_blkio_weight_parse(p, &u);
3966 if (r < 0) {
3967 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid block IO weight '%s', ignoring: %m", p);
3968 return 0;
3969 }
3970
3971 assert(u != CGROUP_BLKIO_WEIGHT_INVALID);
3972
3973 w = new0(CGroupBlockIODeviceWeight, 1);
3974 if (!w)
3975 return log_oom();
3976
3977 w->path = TAKE_PTR(resolved);
3978 w->weight = u;
3979
3980 LIST_PREPEND(device_weights, c->blockio_device_weights, w);
3981 return 0;
3982 }
3983
3984 int config_parse_blockio_bandwidth(
3985 const char *unit,
3986 const char *filename,
3987 unsigned line,
3988 const char *section,
3989 unsigned section_line,
3990 const char *lvalue,
3991 int ltype,
3992 const char *rvalue,
3993 void *data,
3994 void *userdata) {
3995
3996 _cleanup_free_ char *path = NULL, *resolved = NULL;
3997 CGroupBlockIODeviceBandwidth *b = NULL, *t;
3998 CGroupContext *c = data;
3999 const char *p = rvalue;
4000 uint64_t bytes;
4001 bool read;
4002 int r;
4003
4004 assert(filename);
4005 assert(lvalue);
4006 assert(rvalue);
4007
4008 read = streq("BlockIOReadBandwidth", lvalue);
4009
4010 if (isempty(rvalue)) {
4011 LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths) {
4012 b->rbps = CGROUP_LIMIT_MAX;
4013 b->wbps = CGROUP_LIMIT_MAX;
4014 }
4015 return 0;
4016 }
4017
4018 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
4019 if (r == -ENOMEM)
4020 return log_oom();
4021 if (r < 0) {
4022 log_syntax(unit, LOG_WARNING, filename, line, r,
4023 "Invalid syntax, ignoring: %s", rvalue);
4024 return 0;
4025 }
4026 if (r == 0 || isempty(p)) {
4027 log_syntax(unit, LOG_WARNING, filename, line, 0,
4028 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue);
4029 return 0;
4030 }
4031
4032 r = unit_full_printf(userdata, path, &resolved);
4033 if (r < 0) {
4034 log_syntax(unit, LOG_WARNING, filename, line, r,
4035 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4036 return 0;
4037 }
4038
4039 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4040 if (r < 0)
4041 return 0;
4042
4043 r = parse_size(p, 1000, &bytes);
4044 if (r < 0 || bytes <= 0) {
4045 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid Block IO Bandwidth '%s', ignoring.", p);
4046 return 0;
4047 }
4048
4049 LIST_FOREACH(device_bandwidths, t, c->blockio_device_bandwidths) {
4050 if (path_equal(resolved, t->path)) {
4051 b = t;
4052 break;
4053 }
4054 }
4055
4056 if (!t) {
4057 b = new0(CGroupBlockIODeviceBandwidth, 1);
4058 if (!b)
4059 return log_oom();
4060
4061 b->path = TAKE_PTR(resolved);
4062 b->rbps = CGROUP_LIMIT_MAX;
4063 b->wbps = CGROUP_LIMIT_MAX;
4064
4065 LIST_PREPEND(device_bandwidths, c->blockio_device_bandwidths, b);
4066 }
4067
4068 if (read)
4069 b->rbps = bytes;
4070 else
4071 b->wbps = bytes;
4072
4073 return 0;
4074 }
4075
4076 int config_parse_job_mode_isolate(
4077 const char *unit,
4078 const char *filename,
4079 unsigned line,
4080 const char *section,
4081 unsigned section_line,
4082 const char *lvalue,
4083 int ltype,
4084 const char *rvalue,
4085 void *data,
4086 void *userdata) {
4087
4088 JobMode *m = data;
4089 int r;
4090
4091 assert(filename);
4092 assert(lvalue);
4093 assert(rvalue);
4094
4095 r = parse_boolean(rvalue);
4096 if (r < 0) {
4097 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse boolean, ignoring: %s", rvalue);
4098 return 0;
4099 }
4100
4101 log_notice("%s is deprecated. Please use OnFailureJobMode= instead", lvalue);
4102
4103 *m = r ? JOB_ISOLATE : JOB_REPLACE;
4104 return 0;
4105 }
4106
4107 int config_parse_exec_directories(
4108 const char *unit,
4109 const char *filename,
4110 unsigned line,
4111 const char *section,
4112 unsigned section_line,
4113 const char *lvalue,
4114 int ltype,
4115 const char *rvalue,
4116 void *data,
4117 void *userdata) {
4118
4119 char***rt = data;
4120 const Unit *u = userdata;
4121 const char *p;
4122 int r;
4123
4124 assert(filename);
4125 assert(lvalue);
4126 assert(rvalue);
4127 assert(data);
4128
4129 if (isempty(rvalue)) {
4130 /* Empty assignment resets the list */
4131 *rt = strv_free(*rt);
4132 return 0;
4133 }
4134
4135 for (p = rvalue;;) {
4136 _cleanup_free_ char *word = NULL, *k = NULL;
4137
4138 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
4139 if (r == -ENOMEM)
4140 return log_oom();
4141 if (r < 0) {
4142 log_syntax(unit, LOG_WARNING, filename, line, r,
4143 "Invalid syntax, ignoring: %s", rvalue);
4144 return 0;
4145 }
4146 if (r == 0)
4147 return 0;
4148
4149 r = unit_full_printf(u, word, &k);
4150 if (r < 0) {
4151 log_syntax(unit, LOG_ERR, filename, line, r,
4152 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word);
4153 continue;
4154 }
4155
4156 r = path_simplify_and_warn(k, PATH_CHECK_RELATIVE, unit, filename, line, lvalue);
4157 if (r < 0)
4158 continue;
4159
4160 if (path_startswith(k, "private")) {
4161 log_syntax(unit, LOG_ERR, filename, line, 0,
4162 "%s= path can't be 'private', ignoring assignment: %s", lvalue, word);
4163 continue;
4164 }
4165
4166 r = strv_push(rt, k);
4167 if (r < 0)
4168 return log_oom();
4169 k = NULL;
4170 }
4171 }
4172
4173 int config_parse_set_status(
4174 const char *unit,
4175 const char *filename,
4176 unsigned line,
4177 const char *section,
4178 unsigned section_line,
4179 const char *lvalue,
4180 int ltype,
4181 const char *rvalue,
4182 void *data,
4183 void *userdata) {
4184
4185 size_t l;
4186 const char *word, *state;
4187 int r;
4188 ExitStatusSet *status_set = data;
4189
4190 assert(filename);
4191 assert(lvalue);
4192 assert(rvalue);
4193 assert(data);
4194
4195 /* Empty assignment resets the list */
4196 if (isempty(rvalue)) {
4197 exit_status_set_free(status_set);
4198 return 0;
4199 }
4200
4201 FOREACH_WORD(word, l, rvalue, state) {
4202 _cleanup_free_ char *temp;
4203 Bitmap *bitmap;
4204
4205 temp = strndup(word, l);
4206 if (!temp)
4207 return log_oom();
4208
4209 /* We need to call exit_status_from_string() first, because we want
4210 * to parse numbers as exit statuses, not signals. */
4211
4212 r = exit_status_from_string(temp);
4213 if (r >= 0) {
4214 assert(r >= 0 && r < 256);
4215 bitmap = &status_set->status;
4216 } else {
4217 r = signal_from_string(temp);
4218
4219 if (r <= 0) {
4220 log_syntax(unit, LOG_ERR, filename, line, 0,
4221 "Failed to parse value, ignoring: %s", word);
4222 continue;
4223 }
4224 bitmap = &status_set->signal;
4225 }
4226
4227 r = bitmap_set(bitmap, r);
4228 if (r < 0)
4229 return log_error_errno(r, "Failed to set signal or status %s: %m", word);
4230 }
4231 if (!isempty(state))
4232 log_syntax(unit, LOG_ERR, filename, line, 0, "Trailing garbage, ignoring.");
4233
4234 return 0;
4235 }
4236
4237 int config_parse_namespace_path_strv(
4238 const char *unit,
4239 const char *filename,
4240 unsigned line,
4241 const char *section,
4242 unsigned section_line,
4243 const char *lvalue,
4244 int ltype,
4245 const char *rvalue,
4246 void *data,
4247 void *userdata) {
4248
4249 const Unit *u = userdata;
4250 char*** sv = data;
4251 const char *p = rvalue;
4252 int r;
4253
4254 assert(filename);
4255 assert(lvalue);
4256 assert(rvalue);
4257 assert(data);
4258
4259 if (isempty(rvalue)) {
4260 /* Empty assignment resets the list */
4261 *sv = strv_free(*sv);
4262 return 0;
4263 }
4264
4265 for (;;) {
4266 _cleanup_free_ char *word = NULL, *resolved = NULL, *joined = NULL;
4267 const char *w;
4268 bool ignore_enoent = false, shall_prefix = false;
4269
4270 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
4271 if (r == 0)
4272 break;
4273 if (r == -ENOMEM)
4274 return log_oom();
4275 if (r < 0) {
4276 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to extract first word, ignoring: %s", rvalue);
4277 return 0;
4278 }
4279
4280 w = word;
4281 if (startswith(w, "-")) {
4282 ignore_enoent = true;
4283 w++;
4284 }
4285 if (startswith(w, "+")) {
4286 shall_prefix = true;
4287 w++;
4288 }
4289
4290 r = unit_full_printf(u, w, &resolved);
4291 if (r < 0) {
4292 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", w);
4293 continue;
4294 }
4295
4296 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4297 if (r < 0)
4298 continue;
4299
4300 joined = strjoin(ignore_enoent ? "-" : "",
4301 shall_prefix ? "+" : "",
4302 resolved);
4303
4304 r = strv_push(sv, joined);
4305 if (r < 0)
4306 return log_oom();
4307
4308 joined = NULL;
4309 }
4310
4311 return 0;
4312 }
4313
4314 int config_parse_temporary_filesystems(
4315 const char *unit,
4316 const char *filename,
4317 unsigned line,
4318 const char *section,
4319 unsigned section_line,
4320 const char *lvalue,
4321 int ltype,
4322 const char *rvalue,
4323 void *data,
4324 void *userdata) {
4325
4326 const Unit *u = userdata;
4327 ExecContext *c = data;
4328 const char *p = rvalue;
4329 int r;
4330
4331 assert(filename);
4332 assert(lvalue);
4333 assert(rvalue);
4334 assert(data);
4335
4336 if (isempty(rvalue)) {
4337 /* Empty assignment resets the list */
4338 temporary_filesystem_free_many(c->temporary_filesystems, c->n_temporary_filesystems);
4339 c->temporary_filesystems = NULL;
4340 c->n_temporary_filesystems = 0;
4341 return 0;
4342 }
4343
4344 for (;;) {
4345 _cleanup_free_ char *word = NULL, *path = NULL, *resolved = NULL;
4346 const char *w;
4347
4348 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
4349 if (r == 0)
4350 return 0;
4351 if (r == -ENOMEM)
4352 return log_oom();
4353 if (r < 0) {
4354 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to extract first word, ignoring: %s", rvalue);
4355 return 0;
4356 }
4357
4358 w = word;
4359 r = extract_first_word(&w, &path, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
4360 if (r == -ENOMEM)
4361 return log_oom();
4362 if (r < 0) {
4363 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to extract first word, ignoring: %s", word);
4364 continue;
4365 }
4366 if (r == 0) {
4367 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid syntax, ignoring: %s", word);
4368 continue;
4369 }
4370
4371 r = unit_full_printf(u, path, &resolved);
4372 if (r < 0) {
4373 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", path);
4374 continue;
4375 }
4376
4377 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4378 if (r < 0)
4379 continue;
4380
4381 r = temporary_filesystem_add(&c->temporary_filesystems, &c->n_temporary_filesystems, resolved, w);
4382 if (r < 0)
4383 return log_oom();
4384 }
4385 }
4386
4387 int config_parse_bind_paths(
4388 const char *unit,
4389 const char *filename,
4390 unsigned line,
4391 const char *section,
4392 unsigned section_line,
4393 const char *lvalue,
4394 int ltype,
4395 const char *rvalue,
4396 void *data,
4397 void *userdata) {
4398
4399 ExecContext *c = data;
4400 const Unit *u = userdata;
4401 const char *p;
4402 int r;
4403
4404 assert(filename);
4405 assert(lvalue);
4406 assert(rvalue);
4407 assert(data);
4408
4409 if (isempty(rvalue)) {
4410 /* Empty assignment resets the list */
4411 bind_mount_free_many(c->bind_mounts, c->n_bind_mounts);
4412 c->bind_mounts = NULL;
4413 c->n_bind_mounts = 0;
4414 return 0;
4415 }
4416
4417 p = rvalue;
4418 for (;;) {
4419 _cleanup_free_ char *source = NULL, *destination = NULL;
4420 _cleanup_free_ char *sresolved = NULL, *dresolved = NULL;
4421 char *s = NULL, *d = NULL;
4422 bool rbind = true, ignore_enoent = false;
4423
4424 r = extract_first_word(&p, &source, ":" WHITESPACE, EXTRACT_UNQUOTE|EXTRACT_DONT_COALESCE_SEPARATORS);
4425 if (r == 0)
4426 break;
4427 if (r == -ENOMEM)
4428 return log_oom();
4429 if (r < 0) {
4430 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s, ignoring: %s", lvalue, rvalue);
4431 return 0;
4432 }
4433
4434 r = unit_full_printf(u, source, &sresolved);
4435 if (r < 0) {
4436 log_syntax(unit, LOG_ERR, filename, line, r,
4437 "Failed to resolved unit specifiers in \"%s\", ignoring: %m", source);
4438 continue;
4439 }
4440
4441 s = sresolved;
4442 if (s[0] == '-') {
4443 ignore_enoent = true;
4444 s++;
4445 }
4446
4447 r = path_simplify_and_warn(s, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4448 if (r < 0)
4449 continue;
4450
4451 /* Optionally, the destination is specified. */
4452 if (p && p[-1] == ':') {
4453 r = extract_first_word(&p, &destination, ":" WHITESPACE, EXTRACT_UNQUOTE|EXTRACT_DONT_COALESCE_SEPARATORS);
4454 if (r == -ENOMEM)
4455 return log_oom();
4456 if (r < 0) {
4457 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s, ignoring: %s", lvalue, rvalue);
4458 return 0;
4459 }
4460 if (r == 0) {
4461 log_syntax(unit, LOG_ERR, filename, line, 0, "Missing argument after ':', ignoring: %s", s);
4462 continue;
4463 }
4464
4465 r = unit_full_printf(u, destination, &dresolved);
4466 if (r < 0) {
4467 log_syntax(unit, LOG_ERR, filename, line, r,
4468 "Failed to resolved specifiers in \"%s\", ignoring: %m", destination);
4469 continue;
4470 }
4471
4472 r = path_simplify_and_warn(dresolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4473 if (r < 0)
4474 continue;
4475
4476 d = dresolved;
4477
4478 /* Optionally, there's also a short option string specified */
4479 if (p && p[-1] == ':') {
4480 _cleanup_free_ char *options = NULL;
4481
4482 r = extract_first_word(&p, &options, NULL, EXTRACT_UNQUOTE);
4483 if (r == -ENOMEM)
4484 return log_oom();
4485 if (r < 0) {
4486 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s: %s", lvalue, rvalue);
4487 return 0;
4488 }
4489
4490 if (isempty(options) || streq(options, "rbind"))
4491 rbind = true;
4492 else if (streq(options, "norbind"))
4493 rbind = false;
4494 else {
4495 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid option string, ignoring setting: %s", options);
4496 continue;
4497 }
4498 }
4499 } else
4500 d = s;
4501
4502 r = bind_mount_add(&c->bind_mounts, &c->n_bind_mounts,
4503 &(BindMount) {
4504 .source = s,
4505 .destination = d,
4506 .read_only = !!strstr(lvalue, "ReadOnly"),
4507 .recursive = rbind,
4508 .ignore_enoent = ignore_enoent,
4509 });
4510 if (r < 0)
4511 return log_oom();
4512 }
4513
4514 return 0;
4515 }
4516
4517 int config_parse_job_timeout_sec(
4518 const char* unit,
4519 const char *filename,
4520 unsigned line,
4521 const char *section,
4522 unsigned section_line,
4523 const char *lvalue,
4524 int ltype,
4525 const char *rvalue,
4526 void *data,
4527 void *userdata) {
4528
4529 Unit *u = data;
4530 usec_t usec;
4531 int r;
4532
4533 assert(filename);
4534 assert(lvalue);
4535 assert(rvalue);
4536 assert(u);
4537
4538 r = parse_sec_fix_0(rvalue, &usec);
4539 if (r < 0) {
4540 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse JobTimeoutSec= parameter, ignoring: %s", rvalue);
4541 return 0;
4542 }
4543
4544 /* If the user explicitly changed JobTimeoutSec= also change JobRunningTimeoutSec=, for compatibility with old
4545 * versions. If JobRunningTimeoutSec= was explicitly set, avoid this however as whatever the user picked should
4546 * count. */
4547
4548 if (!u->job_running_timeout_set)
4549 u->job_running_timeout = usec;
4550
4551 u->job_timeout = usec;
4552
4553 return 0;
4554 }
4555
4556 int config_parse_job_running_timeout_sec(
4557 const char* unit,
4558 const char *filename,
4559 unsigned line,
4560 const char *section,
4561 unsigned section_line,
4562 const char *lvalue,
4563 int ltype,
4564 const char *rvalue,
4565 void *data,
4566 void *userdata) {
4567
4568 Unit *u = data;
4569 usec_t usec;
4570 int r;
4571
4572 assert(filename);
4573 assert(lvalue);
4574 assert(rvalue);
4575 assert(u);
4576
4577 r = parse_sec_fix_0(rvalue, &usec);
4578 if (r < 0) {
4579 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse JobRunningTimeoutSec= parameter, ignoring: %s", rvalue);
4580 return 0;
4581 }
4582
4583 u->job_running_timeout = usec;
4584 u->job_running_timeout_set = true;
4585
4586 return 0;
4587 }
4588
4589 int config_parse_emergency_action(
4590 const char* unit,
4591 const char *filename,
4592 unsigned line,
4593 const char *section,
4594 unsigned section_line,
4595 const char *lvalue,
4596 int ltype,
4597 const char *rvalue,
4598 void *data,
4599 void *userdata) {
4600
4601 Manager *m = NULL;
4602 EmergencyAction *x = data;
4603 int r;
4604
4605 assert(filename);
4606 assert(lvalue);
4607 assert(rvalue);
4608 assert(data);
4609
4610 if (unit)
4611 m = ((Unit*) userdata)->manager;
4612 else
4613 m = data;
4614
4615 r = parse_emergency_action(rvalue, MANAGER_IS_SYSTEM(m), x);
4616 if (r < 0) {
4617 if (r == -EOPNOTSUPP && MANAGER_IS_USER(m)) {
4618 /* Compat mode: remove for systemd 241. */
4619
4620 log_syntax(unit, LOG_INFO, filename, line, r,
4621 "%s= in user mode specified as \"%s\", using \"exit-force\" instead.",
4622 lvalue, rvalue);
4623 *x = EMERGENCY_ACTION_EXIT_FORCE;
4624 return 0;
4625 }
4626
4627 if (r == -EOPNOTSUPP)
4628 log_syntax(unit, LOG_ERR, filename, line, r,
4629 "%s= specified as %s mode action, ignoring: %s",
4630 lvalue, MANAGER_IS_SYSTEM(m) ? "user" : "system", rvalue);
4631 else
4632 log_syntax(unit, LOG_ERR, filename, line, r,
4633 "Failed to parse %s=, ignoring: %s", lvalue, rvalue);
4634 return 0;
4635 }
4636
4637 return 0;
4638 }
4639
4640 int config_parse_pid_file(
4641 const char *unit,
4642 const char *filename,
4643 unsigned line,
4644 const char *section,
4645 unsigned section_line,
4646 const char *lvalue,
4647 int ltype,
4648 const char *rvalue,
4649 void *data,
4650 void *userdata) {
4651
4652 _cleanup_free_ char *k = NULL, *n = NULL;
4653 const Unit *u = userdata;
4654 char **s = data;
4655 int r;
4656
4657 assert(filename);
4658 assert(lvalue);
4659 assert(rvalue);
4660 assert(u);
4661
4662 if (isempty(rvalue)) {
4663 /* An empty assignment removes already set value. */
4664 *s = mfree(*s);
4665 return 0;
4666 }
4667
4668 r = unit_full_printf(u, rvalue, &k);
4669 if (r < 0) {
4670 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
4671 return 0;
4672 }
4673
4674 /* If this is a relative path make it absolute by prefixing the /run */
4675 n = path_make_absolute(k, u->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
4676 if (!n)
4677 return log_oom();
4678
4679 /* Check that the result is a sensible path */
4680 r = path_simplify_and_warn(n, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4681 if (r < 0)
4682 return r;
4683
4684 r = patch_var_run(unit, filename, line, lvalue, &n);
4685 if (r < 0)
4686 return r;
4687
4688 free_and_replace(*s, n);
4689 return 0;
4690 }
4691
4692 int config_parse_exit_status(
4693 const char *unit,
4694 const char *filename,
4695 unsigned line,
4696 const char *section,
4697 unsigned section_line,
4698 const char *lvalue,
4699 int ltype,
4700 const char *rvalue,
4701 void *data,
4702 void *userdata) {
4703
4704 int *exit_status = data, r;
4705 uint8_t u;
4706
4707 assert(filename);
4708 assert(lvalue);
4709 assert(rvalue);
4710 assert(exit_status);
4711
4712 if (isempty(rvalue)) {
4713 *exit_status = -1;
4714 return 0;
4715 }
4716
4717 r = safe_atou8(rvalue, &u);
4718 if (r < 0) {
4719 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse exit status '%s', ignoring: %m", rvalue);
4720 return 0;
4721 }
4722
4723 *exit_status = u;
4724 return 0;
4725 }
4726
4727 int config_parse_disable_controllers(
4728 const char *unit,
4729 const char *filename,
4730 unsigned line,
4731 const char *section,
4732 unsigned section_line,
4733 const char *lvalue,
4734 int ltype,
4735 const char *rvalue,
4736 void *data,
4737 void *userdata) {
4738
4739 int r;
4740 CGroupContext *c = data;
4741 CGroupMask disabled_mask;
4742
4743 /* 1. If empty, make all controllers eligible for use again.
4744 * 2. If non-empty, merge all listed controllers, space separated. */
4745
4746 if (isempty(rvalue)) {
4747 c->disable_controllers = 0;
4748 return 0;
4749 }
4750
4751 r = cg_mask_from_string(rvalue, &disabled_mask);
4752 if (r < 0 || disabled_mask <= 0) {
4753 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid cgroup string: %s, ignoring", rvalue);
4754 return 0;
4755 }
4756
4757 c->disable_controllers |= disabled_mask;
4758
4759 return 0;
4760 }
4761
4762 int config_parse_ip_filter_bpf_progs(
4763 const char *unit,
4764 const char *filename,
4765 unsigned line,
4766 const char *section,
4767 unsigned section_line,
4768 const char *lvalue,
4769 int ltype,
4770 const char *rvalue,
4771 void *data,
4772 void *userdata) {
4773
4774 _cleanup_free_ char *resolved = NULL;
4775 const Unit *u = userdata;
4776 char ***paths = data;
4777 int r;
4778
4779 assert(filename);
4780 assert(lvalue);
4781 assert(rvalue);
4782 assert(paths);
4783
4784 if (isempty(rvalue)) {
4785 *paths = strv_free(*paths);
4786 return 0;
4787 }
4788
4789 r = unit_full_printf(u, rvalue, &resolved);
4790 if (r < 0) {
4791 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
4792 return 0;
4793 }
4794
4795 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4796 if (r < 0)
4797 return 0;
4798
4799 if (strv_contains(*paths, resolved))
4800 return 0;
4801
4802 r = strv_extend(paths, resolved);
4803 if (r < 0)
4804 return log_oom();
4805
4806 r = bpf_firewall_supported();
4807 if (r < 0)
4808 return r;
4809 if (r != BPF_FIREWALL_SUPPORTED_WITH_MULTI) {
4810 static bool warned = false;
4811
4812 log_full(warned ? LOG_DEBUG : LOG_WARNING,
4813 "File %s:%u configures an IP firewall with BPF programs (%s=%s), but the local system does not support BPF/cgroup based firewalling with multiple filters.\n"
4814 "Starting this unit will fail! (This warning is only shown for the first loaded unit using IP firewalling.)", filename, line, lvalue, rvalue);
4815
4816 warned = true;
4817 }
4818
4819 return 0;
4820 }
4821
4822 static int merge_by_names(Unit **u, Set *names, const char *id) {
4823 char *k;
4824 int r;
4825
4826 assert(u);
4827 assert(*u);
4828
4829 /* Let's try to add in all names that are aliases of this unit */
4830 while ((k = set_steal_first(names))) {
4831 _cleanup_free_ _unused_ char *free_k = k;
4832
4833 /* First try to merge in the other name into our unit */
4834 r = unit_merge_by_name(*u, k);
4835 if (r < 0) {
4836 Unit *other;
4837
4838 /* Hmm, we couldn't merge the other unit into ours? Then let's try it the other way
4839 * round. */
4840
4841 other = manager_get_unit((*u)->manager, k);
4842 if (!other)
4843 return r; /* return previous failure */
4844
4845 r = unit_merge(other, *u);
4846 if (r < 0)
4847 return r;
4848
4849 *u = other;
4850 return merge_by_names(u, names, NULL);
4851 }
4852
4853 if (streq_ptr(id, k))
4854 unit_choose_id(*u, id);
4855 }
4856
4857 return 0;
4858 }
4859
4860 int unit_load_fragment(Unit *u) {
4861 const char *fragment;
4862 _cleanup_set_free_free_ Set *names = NULL;
4863 int r;
4864
4865 assert(u);
4866 assert(u->load_state == UNIT_STUB);
4867 assert(u->id);
4868
4869 if (u->transient) {
4870 u->load_state = UNIT_LOADED;
4871 return 0;
4872 }
4873
4874 /* Possibly rebuild the fragment map to catch new units */
4875 r = unit_file_build_name_map(&u->manager->lookup_paths,
4876 &u->manager->unit_cache_mtime,
4877 &u->manager->unit_id_map,
4878 &u->manager->unit_name_map,
4879 &u->manager->unit_path_cache);
4880 if (r < 0)
4881 return log_error_errno(r, "Failed to rebuild name map: %m");
4882
4883 r = unit_file_find_fragment(u->manager->unit_id_map,
4884 u->manager->unit_name_map,
4885 u->id,
4886 &fragment,
4887 &names);
4888 if (r < 0 && r != -ENOENT)
4889 return r;
4890
4891 if (fragment) {
4892 /* Open the file, check if this is a mask, otherwise read. */
4893 _cleanup_fclose_ FILE *f = NULL;
4894 struct stat st;
4895
4896 /* Try to open the file name. A symlink is OK, for example for linked files or masks. We
4897 * expect that all symlinks within the lookup paths have been already resolved, but we don't
4898 * verify this here. */
4899 f = fopen(fragment, "re");
4900 if (!f)
4901 return log_unit_notice_errno(u, errno, "Failed to open %s: %m", fragment);
4902
4903 if (fstat(fileno(f), &st) < 0)
4904 return -errno;
4905
4906 r = free_and_strdup(&u->fragment_path, fragment);
4907 if (r < 0)
4908 return r;
4909
4910 if (null_or_empty(&st)) {
4911 /* Unit file is masked */
4912
4913 u->load_state = u->perpetual ? UNIT_LOADED : UNIT_MASKED; /* don't allow perpetual units to ever be masked */
4914 u->fragment_mtime = 0;
4915 } else {
4916 u->load_state = UNIT_LOADED;
4917 u->fragment_mtime = timespec_load(&st.st_mtim);
4918
4919 /* Now, parse the file contents */
4920 r = config_parse(u->id, fragment, f,
4921 UNIT_VTABLE(u)->sections,
4922 config_item_perf_lookup, load_fragment_gperf_lookup,
4923 0,
4924 u,
4925 NULL);
4926 if (r == -ENOEXEC)
4927 log_unit_notice_errno(u, r, "Unit configuration has fatal error, unit will not be started.");
4928 if (r < 0)
4929 return r;
4930 }
4931 }
4932
4933 /* We do the merge dance here because for some unit types, the unit might have aliases which are not
4934 * declared in the file system. In particular, this is true (and frequent) for device and swap units.
4935 */
4936 Unit *merged;
4937 const char *id = u->id;
4938 _cleanup_free_ char *free_id = NULL;
4939
4940 if (fragment) {
4941 id = basename(fragment);
4942 if (unit_name_is_valid(id, UNIT_NAME_TEMPLATE)) {
4943 assert(u->instance); /* If we're not trying to use a template for non-instanced unit,
4944 * this must be set. */
4945
4946 r = unit_name_replace_instance(id, u->instance, &free_id);
4947 if (r < 0)
4948 return log_debug_errno(r, "Failed to build id (%s + %s): %m", id, u->instance);
4949 id = free_id;
4950 }
4951 }
4952
4953 merged = u;
4954 r = merge_by_names(&merged, names, id);
4955 if (r < 0)
4956 return r;
4957
4958 if (merged != u)
4959 u->load_state = UNIT_MERGED;
4960
4961 return 0;
4962 }
4963
4964 void unit_dump_config_items(FILE *f) {
4965 static const struct {
4966 const ConfigParserCallback callback;
4967 const char *rvalue;
4968 } table[] = {
4969 { config_parse_warn_compat, "NOTSUPPORTED" },
4970 { config_parse_int, "INTEGER" },
4971 { config_parse_unsigned, "UNSIGNED" },
4972 { config_parse_iec_size, "SIZE" },
4973 { config_parse_iec_uint64, "SIZE" },
4974 { config_parse_si_uint64, "SIZE" },
4975 { config_parse_bool, "BOOLEAN" },
4976 { config_parse_string, "STRING" },
4977 { config_parse_path, "PATH" },
4978 { config_parse_unit_path_printf, "PATH" },
4979 { config_parse_strv, "STRING [...]" },
4980 { config_parse_exec_nice, "NICE" },
4981 { config_parse_exec_oom_score_adjust, "OOMSCOREADJUST" },
4982 { config_parse_exec_io_class, "IOCLASS" },
4983 { config_parse_exec_io_priority, "IOPRIORITY" },
4984 { config_parse_exec_cpu_sched_policy, "CPUSCHEDPOLICY" },
4985 { config_parse_exec_cpu_sched_prio, "CPUSCHEDPRIO" },
4986 { config_parse_exec_cpu_affinity, "CPUAFFINITY" },
4987 { config_parse_mode, "MODE" },
4988 { config_parse_unit_env_file, "FILE" },
4989 { config_parse_exec_output, "OUTPUT" },
4990 { config_parse_exec_input, "INPUT" },
4991 { config_parse_log_facility, "FACILITY" },
4992 { config_parse_log_level, "LEVEL" },
4993 { config_parse_exec_secure_bits, "SECUREBITS" },
4994 { config_parse_capability_set, "BOUNDINGSET" },
4995 { config_parse_rlimit, "LIMIT" },
4996 { config_parse_unit_deps, "UNIT [...]" },
4997 { config_parse_exec, "PATH [ARGUMENT [...]]" },
4998 { config_parse_service_type, "SERVICETYPE" },
4999 { config_parse_service_restart, "SERVICERESTART" },
5000 { config_parse_service_timeout_failure_mode, "TIMEOUTMODE" },
5001 { config_parse_kill_mode, "KILLMODE" },
5002 { config_parse_signal, "SIGNAL" },
5003 { config_parse_socket_listen, "SOCKET [...]" },
5004 { config_parse_socket_bind, "SOCKETBIND" },
5005 { config_parse_socket_bindtodevice, "NETWORKINTERFACE" },
5006 { config_parse_sec, "SECONDS" },
5007 { config_parse_nsec, "NANOSECONDS" },
5008 { config_parse_namespace_path_strv, "PATH [...]" },
5009 { config_parse_bind_paths, "PATH[:PATH[:OPTIONS]] [...]" },
5010 { config_parse_unit_requires_mounts_for, "PATH [...]" },
5011 { config_parse_exec_mount_flags, "MOUNTFLAG [...]" },
5012 { config_parse_unit_string_printf, "STRING" },
5013 { config_parse_trigger_unit, "UNIT" },
5014 { config_parse_timer, "TIMER" },
5015 { config_parse_path_spec, "PATH" },
5016 { config_parse_notify_access, "ACCESS" },
5017 { config_parse_ip_tos, "TOS" },
5018 { config_parse_unit_condition_path, "CONDITION" },
5019 { config_parse_unit_condition_string, "CONDITION" },
5020 { config_parse_unit_condition_null, "CONDITION" },
5021 { config_parse_unit_slice, "SLICE" },
5022 { config_parse_documentation, "URL" },
5023 { config_parse_service_timeout, "SECONDS" },
5024 { config_parse_emergency_action, "ACTION" },
5025 { config_parse_set_status, "STATUS" },
5026 { config_parse_service_sockets, "SOCKETS" },
5027 { config_parse_environ, "ENVIRON" },
5028 #if HAVE_SECCOMP
5029 { config_parse_syscall_filter, "SYSCALLS" },
5030 { config_parse_syscall_archs, "ARCHS" },
5031 { config_parse_syscall_errno, "ERRNO" },
5032 { config_parse_address_families, "FAMILIES" },
5033 { config_parse_restrict_namespaces, "NAMESPACES" },
5034 #endif
5035 { config_parse_cpu_shares, "SHARES" },
5036 { config_parse_cg_weight, "WEIGHT" },
5037 { config_parse_memory_limit, "LIMIT" },
5038 { config_parse_device_allow, "DEVICE" },
5039 { config_parse_device_policy, "POLICY" },
5040 { config_parse_io_limit, "LIMIT" },
5041 { config_parse_io_device_weight, "DEVICEWEIGHT" },
5042 { config_parse_io_device_latency, "DEVICELATENCY" },
5043 { config_parse_blockio_bandwidth, "BANDWIDTH" },
5044 { config_parse_blockio_weight, "WEIGHT" },
5045 { config_parse_blockio_device_weight, "DEVICEWEIGHT" },
5046 { config_parse_long, "LONG" },
5047 { config_parse_socket_service, "SERVICE" },
5048 #if HAVE_SELINUX
5049 { config_parse_exec_selinux_context, "LABEL" },
5050 #endif
5051 { config_parse_job_mode, "MODE" },
5052 { config_parse_job_mode_isolate, "BOOLEAN" },
5053 { config_parse_personality, "PERSONALITY" },
5054 };
5055
5056 const char *prev = NULL;
5057 const char *i;
5058
5059 assert(f);
5060
5061 NULSTR_FOREACH(i, load_fragment_gperf_nulstr) {
5062 const char *rvalue = "OTHER", *lvalue;
5063 const ConfigPerfItem *p;
5064 size_t prefix_len;
5065 const char *dot;
5066 unsigned j;
5067
5068 assert_se(p = load_fragment_gperf_lookup(i, strlen(i)));
5069
5070 /* Hide legacy settings */
5071 if (p->parse == config_parse_warn_compat &&
5072 p->ltype == DISABLED_LEGACY)
5073 continue;
5074
5075 for (j = 0; j < ELEMENTSOF(table); j++)
5076 if (p->parse == table[j].callback) {
5077 rvalue = table[j].rvalue;
5078 break;
5079 }
5080
5081 dot = strchr(i, '.');
5082 lvalue = dot ? dot + 1 : i;
5083 prefix_len = dot-i;
5084
5085 if (dot)
5086 if (!prev || !strneq(prev, i, prefix_len+1)) {
5087 if (prev)
5088 fputc('\n', f);
5089
5090 fprintf(f, "[%.*s]\n", (int) prefix_len, i);
5091 }
5092
5093 fprintf(f, "%s=%s\n", lvalue, rvalue);
5094 prev = i;
5095 }
5096 }
5097
5098 int config_parse_cpu_affinity2(
5099 const char *unit,
5100 const char *filename,
5101 unsigned line,
5102 const char *section,
5103 unsigned section_line,
5104 const char *lvalue,
5105 int ltype,
5106 const char *rvalue,
5107 void *data,
5108 void *userdata) {
5109
5110 CPUSet *affinity = data;
5111
5112 assert(affinity);
5113
5114 (void) parse_cpu_set_extend(rvalue, affinity, true, unit, filename, line, lvalue);
5115
5116 return 0;
5117 }
5118
5119 int config_parse_show_status(
5120 const char* unit,
5121 const char *filename,
5122 unsigned line,
5123 const char *section,
5124 unsigned section_line,
5125 const char *lvalue,
5126 int ltype,
5127 const char *rvalue,
5128 void *data,
5129 void *userdata) {
5130
5131 int k;
5132 ShowStatus *b = data;
5133
5134 assert(filename);
5135 assert(lvalue);
5136 assert(rvalue);
5137 assert(data);
5138
5139 k = parse_show_status(rvalue, b);
5140 if (k < 0) {
5141 log_syntax(unit, LOG_ERR, filename, line, k, "Failed to parse show status setting, ignoring: %s", rvalue);
5142 return 0;
5143 }
5144
5145 return 0;
5146 }
5147
5148 int config_parse_output_restricted(
5149 const char* unit,
5150 const char *filename,
5151 unsigned line,
5152 const char *section,
5153 unsigned section_line,
5154 const char *lvalue,
5155 int ltype,
5156 const char *rvalue,
5157 void *data,
5158 void *userdata) {
5159
5160 ExecOutput t, *eo = data;
5161 bool obsolete = false;
5162
5163 assert(filename);
5164 assert(lvalue);
5165 assert(rvalue);
5166 assert(data);
5167
5168 if (streq(rvalue, "syslog")) {
5169 t = EXEC_OUTPUT_JOURNAL;
5170 obsolete = true;
5171 } else if (streq(rvalue, "syslog+console")) {
5172 t = EXEC_OUTPUT_JOURNAL_AND_CONSOLE;
5173 obsolete = true;
5174 } else {
5175 t = exec_output_from_string(rvalue);
5176 if (t < 0) {
5177 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse output type, ignoring: %s", rvalue);
5178 return 0;
5179 }
5180
5181 if (IN_SET(t, EXEC_OUTPUT_SOCKET, EXEC_OUTPUT_NAMED_FD, EXEC_OUTPUT_FILE, EXEC_OUTPUT_FILE_APPEND)) {
5182 log_syntax(unit, LOG_ERR, filename, line, 0, "Standard output types socket, fd:, file:, append: are not supported as defaults, ignoring: %s", rvalue);
5183 return 0;
5184 }
5185 }
5186
5187 if (obsolete)
5188 log_syntax(unit, LOG_NOTICE, filename, line, 0,
5189 "Standard output type %s is obsolete, automatically updating to %s. Please update your configuration.",
5190 rvalue, exec_output_to_string(t));
5191
5192 *eo = t;
5193 return 0;
5194 }
5195
5196 int config_parse_crash_chvt(
5197 const char* unit,
5198 const char *filename,
5199 unsigned line,
5200 const char *section,
5201 unsigned section_line,
5202 const char *lvalue,
5203 int ltype,
5204 const char *rvalue,
5205 void *data,
5206 void *userdata) {
5207
5208 int r;
5209
5210 assert(filename);
5211 assert(lvalue);
5212 assert(rvalue);
5213 assert(data);
5214
5215 r = parse_crash_chvt(rvalue, data);
5216 if (r < 0) {
5217 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse CrashChangeVT= setting, ignoring: %s", rvalue);
5218 return 0;
5219 }
5220
5221 return 0;
5222 }
5223
5224 int config_parse_swap_priority(
5225 const char *unit,
5226 const char *filename,
5227 unsigned line,
5228 const char *section,
5229 unsigned section_line,
5230 const char *lvalue,
5231 int ltype,
5232 const char *rvalue,
5233 void *data,
5234 void *userdata) {
5235
5236 Swap *s = userdata;
5237 int r, priority;
5238
5239 assert(s);
5240 assert(filename);
5241 assert(lvalue);
5242 assert(rvalue);
5243 assert(data);
5244
5245 if (isempty(rvalue)) {
5246 s->parameters_fragment.priority = -1;
5247 s->parameters_fragment.priority_set = false;
5248 return 0;
5249 }
5250
5251 r = safe_atoi(rvalue, &priority);
5252 if (r < 0) {
5253 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid swap priority '%s', ignoring.", rvalue);
5254 return 0;
5255 }
5256
5257 if (priority < -1) {
5258 log_syntax(unit, LOG_ERR, filename, line, 0, "Sorry, swap priorities smaller than -1 may only be assigned by the kernel itself, ignoring: %s", rvalue);
5259 return 0;
5260 }
5261
5262 if (priority > 32767) {
5263 log_syntax(unit, LOG_ERR, filename, line, 0, "Swap priority out of range, ignoring: %s", rvalue);
5264 return 0;
5265 }
5266
5267 s->parameters_fragment.priority = priority;
5268 s->parameters_fragment.priority_set = true;
5269 return 0;
5270 }
Unnamed repository; edit this file 'description' to name the repository.