]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/load-fragment.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #16213 from yuwata/network-cleanup-link-state-file
[thirdparty/systemd.git] / src / core / load-fragment.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 Copyright © 2012 Holger Hans Peter Freyther
4 ***/
5
6 #include <errno.h>
7 #include <fcntl.h>
8 #include <linux/fs.h>
9 #include <linux/oom.h>
10 #if HAVE_SECCOMP
11 #include <seccomp.h>
12 #endif
13 #include <sched.h>
14 #include <sys/resource.h>
15
16 #include "af-list.h"
17 #include "alloc-util.h"
18 #include "all-units.h"
19 #include "bpf-firewall.h"
20 #include "bus-error.h"
21 #include "bus-internal.h"
22 #include "bus-util.h"
23 #include "cap-list.h"
24 #include "capability-util.h"
25 #include "cgroup-setup.h"
26 #include "conf-parser.h"
27 #include "cpu-set-util.h"
28 #include "env-util.h"
29 #include "errno-list.h"
30 #include "escape.h"
31 #include "fd-util.h"
32 #include "fileio.h"
33 #include "fs-util.h"
34 #include "hexdecoct.h"
35 #include "io-util.h"
36 #include "ioprio.h"
37 #include "ip-protocol-list.h"
38 #include "journal-util.h"
39 #include "limits-util.h"
40 #include "load-fragment.h"
41 #include "log.h"
42 #include "mountpoint-util.h"
43 #include "nulstr-util.h"
44 #include "parse-util.h"
45 #include "path-util.h"
46 #include "process-util.h"
47 #if HAVE_SECCOMP
48 #include "seccomp-util.h"
49 #endif
50 #include "securebits-util.h"
51 #include "signal-util.h"
52 #include "socket-netlink.h"
53 #include "stat-util.h"
54 #include "string-util.h"
55 #include "strv.h"
56 #include "syslog-util.h"
57 #include "time-util.h"
58 #include "unit-name.h"
59 #include "unit-printf.h"
60 #include "user-util.h"
61 #include "web-util.h"
62
63 static int parse_socket_protocol(const char *s) {
64 int r;
65
66 r = parse_ip_protocol(s);
67 if (r < 0)
68 return r;
69 if (!IN_SET(r, IPPROTO_UDPLITE, IPPROTO_SCTP))
70 return -EPROTONOSUPPORT;
71
72 return r;
73 }
74
75 int parse_crash_chvt(const char *value, int *data) {
76 int b;
77
78 if (safe_atoi(value, data) >= 0)
79 return 0;
80
81 b = parse_boolean(value);
82 if (b < 0)
83 return b;
84
85 if (b > 0)
86 *data = 0; /* switch to where kmsg goes */
87 else
88 *data = -1; /* turn off switching */
89
90 return 0;
91 }
92
93 int parse_confirm_spawn(const char *value, char **console) {
94 char *s;
95 int r;
96
97 r = value ? parse_boolean(value) : 1;
98 if (r == 0) {
99 *console = NULL;
100 return 0;
101 } else if (r > 0) /* on with default tty */
102 s = strdup("/dev/console");
103 else if (is_path(value)) /* on with fully qualified path */
104 s = strdup(value);
105 else /* on with only a tty file name, not a fully qualified path */
106 s = path_join("/dev/", value);
107 if (!s)
108 return -ENOMEM;
109
110 *console = s;
111 return 0;
112 }
113
114 DEFINE_CONFIG_PARSE(config_parse_socket_protocol, parse_socket_protocol, "Failed to parse socket protocol");
115 DEFINE_CONFIG_PARSE(config_parse_exec_secure_bits, secure_bits_from_string, "Failed to parse secure bits");
116 DEFINE_CONFIG_PARSE_ENUM(config_parse_collect_mode, collect_mode, CollectMode, "Failed to parse garbage collection mode");
117 DEFINE_CONFIG_PARSE_ENUM(config_parse_device_policy, cgroup_device_policy, CGroupDevicePolicy, "Failed to parse device policy");
118 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_keyring_mode, exec_keyring_mode, ExecKeyringMode, "Failed to parse keyring mode");
119 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_utmp_mode, exec_utmp_mode, ExecUtmpMode, "Failed to parse utmp mode");
120 DEFINE_CONFIG_PARSE_ENUM(config_parse_job_mode, job_mode, JobMode, "Failed to parse job mode");
121 DEFINE_CONFIG_PARSE_ENUM(config_parse_notify_access, notify_access, NotifyAccess, "Failed to parse notify access specifier");
122 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_home, protect_home, ProtectHome, "Failed to parse protect home value");
123 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_system, protect_system, ProtectSystem, "Failed to parse protect system value");
124 DEFINE_CONFIG_PARSE_ENUM(config_parse_runtime_preserve_mode, exec_preserve_mode, ExecPreserveMode, "Failed to parse runtime directory preserve mode");
125 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_type, service_type, ServiceType, "Failed to parse service type");
126 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_restart, service_restart, ServiceRestart, "Failed to parse service restart specifier");
127 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_timeout_failure_mode, service_timeout_failure_mode, ServiceTimeoutFailureMode, "Failed to parse timeout failure mode");
128 DEFINE_CONFIG_PARSE_ENUM(config_parse_socket_bind, socket_address_bind_ipv6_only_or_bool, SocketAddressBindIPv6Only, "Failed to parse bind IPv6 only value");
129 DEFINE_CONFIG_PARSE_ENUM(config_parse_oom_policy, oom_policy, OOMPolicy, "Failed to parse OOM policy");
130 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_ip_tos, ip_tos, int, -1, "Failed to parse IP TOS value");
131 DEFINE_CONFIG_PARSE_PTR(config_parse_blockio_weight, cg_blkio_weight_parse, uint64_t, "Invalid block IO weight");
132 DEFINE_CONFIG_PARSE_PTR(config_parse_cg_weight, cg_weight_parse, uint64_t, "Invalid weight");
133 DEFINE_CONFIG_PARSE_PTR(config_parse_cpu_shares, cg_cpu_shares_parse, uint64_t, "Invalid CPU shares");
134 DEFINE_CONFIG_PARSE_PTR(config_parse_exec_mount_flags, mount_propagation_flags_from_string, unsigned long, "Failed to parse mount flag");
135 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_numa_policy, mpol, int, -1, "Invalid NUMA policy type");
136 DEFINE_CONFIG_PARSE_ENUM(config_parse_status_unit_format, status_unit_format, StatusUnitFormat, "Failed to parse status unit format");
137
138 int config_parse_unit_deps(
139 const char *unit,
140 const char *filename,
141 unsigned line,
142 const char *section,
143 unsigned section_line,
144 const char *lvalue,
145 int ltype,
146 const char *rvalue,
147 void *data,
148 void *userdata) {
149
150 UnitDependency d = ltype;
151 Unit *u = userdata;
152 const char *p;
153
154 assert(filename);
155 assert(lvalue);
156 assert(rvalue);
157
158 p = rvalue;
159 for (;;) {
160 _cleanup_free_ char *word = NULL, *k = NULL;
161 int r;
162
163 r = extract_first_word(&p, &word, NULL, EXTRACT_RETAIN_ESCAPE);
164 if (r == 0)
165 break;
166 if (r == -ENOMEM)
167 return log_oom();
168 if (r < 0) {
169 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
170 break;
171 }
172
173 r = unit_name_printf(u, word, &k);
174 if (r < 0) {
175 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
176 continue;
177 }
178
179 r = unit_add_dependency_by_name(u, d, k, true, UNIT_DEPENDENCY_FILE);
180 if (r < 0)
181 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
182 }
183
184 return 0;
185 }
186
187 int config_parse_obsolete_unit_deps(
188 const char *unit,
189 const char *filename,
190 unsigned line,
191 const char *section,
192 unsigned section_line,
193 const char *lvalue,
194 int ltype,
195 const char *rvalue,
196 void *data,
197 void *userdata) {
198
199 log_syntax(unit, LOG_WARNING, filename, line, 0,
200 "Unit dependency type %s= is obsolete, replacing by %s=, please update your unit file", lvalue, unit_dependency_to_string(ltype));
201
202 return config_parse_unit_deps(unit, filename, line, section, section_line, lvalue, ltype, rvalue, data, userdata);
203 }
204
205 int config_parse_unit_string_printf(
206 const char *unit,
207 const char *filename,
208 unsigned line,
209 const char *section,
210 unsigned section_line,
211 const char *lvalue,
212 int ltype,
213 const char *rvalue,
214 void *data,
215 void *userdata) {
216
217 _cleanup_free_ char *k = NULL;
218 const Unit *u = userdata;
219 int r;
220
221 assert(filename);
222 assert(lvalue);
223 assert(rvalue);
224 assert(u);
225
226 r = unit_full_printf(u, rvalue, &k);
227 if (r < 0) {
228 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
229 return 0;
230 }
231
232 return config_parse_string(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
233 }
234
235 int config_parse_unit_strv_printf(
236 const char *unit,
237 const char *filename,
238 unsigned line,
239 const char *section,
240 unsigned section_line,
241 const char *lvalue,
242 int ltype,
243 const char *rvalue,
244 void *data,
245 void *userdata) {
246
247 const Unit *u = userdata;
248 _cleanup_free_ char *k = NULL;
249 int r;
250
251 assert(filename);
252 assert(lvalue);
253 assert(rvalue);
254 assert(u);
255
256 r = unit_full_printf(u, rvalue, &k);
257 if (r < 0) {
258 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
259 return 0;
260 }
261
262 return config_parse_strv(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
263 }
264
265 int config_parse_unit_path_printf(
266 const char *unit,
267 const char *filename,
268 unsigned line,
269 const char *section,
270 unsigned section_line,
271 const char *lvalue,
272 int ltype,
273 const char *rvalue,
274 void *data,
275 void *userdata) {
276
277 _cleanup_free_ char *k = NULL;
278 const Unit *u = userdata;
279 int r;
280 bool fatal = ltype;
281
282 assert(filename);
283 assert(lvalue);
284 assert(rvalue);
285 assert(u);
286
287 /* Let's not bother with anything that is too long */
288 if (strlen(rvalue) >= PATH_MAX) {
289 log_syntax(unit, LOG_ERR, filename, line, 0,
290 "%s value too long%s.",
291 lvalue, fatal ? "" : ", ignoring");
292 return fatal ? -ENAMETOOLONG : 0;
293 }
294
295 r = unit_full_printf(u, rvalue, &k);
296 if (r < 0) {
297 log_syntax(unit, LOG_ERR, filename, line, r,
298 "Failed to resolve unit specifiers in '%s'%s: %m",
299 rvalue, fatal ? "" : ", ignoring");
300 return fatal ? -ENOEXEC : 0;
301 }
302
303 return config_parse_path(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
304 }
305
306 int config_parse_unit_path_strv_printf(
307 const char *unit,
308 const char *filename,
309 unsigned line,
310 const char *section,
311 unsigned section_line,
312 const char *lvalue,
313 int ltype,
314 const char *rvalue,
315 void *data,
316 void *userdata) {
317
318 char ***x = data;
319 const Unit *u = userdata;
320 int r;
321 const char *p;
322
323 assert(filename);
324 assert(lvalue);
325 assert(rvalue);
326 assert(u);
327
328 if (isempty(rvalue)) {
329 *x = strv_free(*x);
330 return 0;
331 }
332
333 for (p = rvalue;;) {
334 _cleanup_free_ char *word = NULL, *k = NULL;
335
336 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
337 if (r == 0)
338 return 0;
339 if (r == -ENOMEM)
340 return log_oom();
341 if (r < 0) {
342 log_syntax(unit, LOG_WARNING, filename, line, r,
343 "Invalid syntax, ignoring: %s", rvalue);
344 return 0;
345 }
346
347 r = unit_full_printf(u, word, &k);
348 if (r < 0) {
349 log_syntax(unit, LOG_ERR, filename, line, r,
350 "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
351 return 0;
352 }
353
354 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
355 if (r < 0)
356 return 0;
357
358 r = strv_consume(x, TAKE_PTR(k));
359 if (r < 0)
360 return log_oom();
361 }
362 }
363
364 static int patch_var_run(
365 const char *unit,
366 const char *filename,
367 unsigned line,
368 const char *lvalue,
369 char **path) {
370
371 const char *e;
372 char *z;
373
374 e = path_startswith(*path, "/var/run/");
375 if (!e)
376 return 0;
377
378 z = path_join("/run/", e);
379 if (!z)
380 return log_oom();
381
382 log_syntax(unit, LOG_NOTICE, filename, line, 0,
383 "%s= references a path below legacy directory /var/run/, updating %s → %s; "
384 "please update the unit file accordingly.", lvalue, *path, z);
385
386 free_and_replace(*path, z);
387
388 return 1;
389 }
390
391 int config_parse_socket_listen(
392 const char *unit,
393 const char *filename,
394 unsigned line,
395 const char *section,
396 unsigned section_line,
397 const char *lvalue,
398 int ltype,
399 const char *rvalue,
400 void *data,
401 void *userdata) {
402
403 _cleanup_free_ SocketPort *p = NULL;
404 SocketPort *tail;
405 Socket *s;
406 int r;
407
408 assert(filename);
409 assert(lvalue);
410 assert(rvalue);
411 assert(data);
412
413 s = SOCKET(data);
414
415 if (isempty(rvalue)) {
416 /* An empty assignment removes all ports */
417 socket_free_ports(s);
418 return 0;
419 }
420
421 p = new0(SocketPort, 1);
422 if (!p)
423 return log_oom();
424
425 if (ltype != SOCKET_SOCKET) {
426 _cleanup_free_ char *k = NULL;
427
428 r = unit_full_printf(UNIT(s), rvalue, &k);
429 if (r < 0) {
430 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
431 return 0;
432 }
433
434 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
435 if (r < 0)
436 return 0;
437
438 if (ltype == SOCKET_FIFO) {
439 r = patch_var_run(unit, filename, line, lvalue, &k);
440 if (r < 0)
441 return r;
442 }
443
444 free_and_replace(p->path, k);
445 p->type = ltype;
446
447 } else if (streq(lvalue, "ListenNetlink")) {
448 _cleanup_free_ char *k = NULL;
449
450 r = unit_full_printf(UNIT(s), rvalue, &k);
451 if (r < 0) {
452 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
453 return 0;
454 }
455
456 r = socket_address_parse_netlink(&p->address, k);
457 if (r < 0) {
458 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse address value in '%s', ignoring: %m", k);
459 return 0;
460 }
461
462 p->type = SOCKET_SOCKET;
463
464 } else {
465 _cleanup_free_ char *k = NULL;
466
467 r = unit_full_printf(UNIT(s), rvalue, &k);
468 if (r < 0) {
469 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
470 return 0;
471 }
472
473 if (k[0] == '/') { /* Only for AF_UNIX file system sockets… */
474 r = patch_var_run(unit, filename, line, lvalue, &k);
475 if (r < 0)
476 return r;
477 }
478
479 r = socket_address_parse_and_warn(&p->address, k);
480 if (r < 0) {
481 if (r != -EAFNOSUPPORT)
482 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse address value in '%s', ignoring: %m", k);
483 return 0;
484 }
485
486 if (streq(lvalue, "ListenStream"))
487 p->address.type = SOCK_STREAM;
488 else if (streq(lvalue, "ListenDatagram"))
489 p->address.type = SOCK_DGRAM;
490 else {
491 assert(streq(lvalue, "ListenSequentialPacket"));
492 p->address.type = SOCK_SEQPACKET;
493 }
494
495 if (socket_address_family(&p->address) != AF_LOCAL && p->address.type == SOCK_SEQPACKET) {
496 log_syntax(unit, LOG_ERR, filename, line, 0, "Address family not supported, ignoring: %s", rvalue);
497 return 0;
498 }
499
500 p->type = SOCKET_SOCKET;
501 }
502
503 p->fd = -1;
504 p->auxiliary_fds = NULL;
505 p->n_auxiliary_fds = 0;
506 p->socket = s;
507
508 LIST_FIND_TAIL(port, s->ports, tail);
509 LIST_INSERT_AFTER(port, s->ports, tail, p);
510
511 p = NULL;
512
513 return 0;
514 }
515
516 int config_parse_exec_nice(
517 const char *unit,
518 const char *filename,
519 unsigned line,
520 const char *section,
521 unsigned section_line,
522 const char *lvalue,
523 int ltype,
524 const char *rvalue,
525 void *data,
526 void *userdata) {
527
528 ExecContext *c = data;
529 int priority, r;
530
531 assert(filename);
532 assert(lvalue);
533 assert(rvalue);
534 assert(data);
535
536 if (isempty(rvalue)) {
537 c->nice_set = false;
538 return 0;
539 }
540
541 r = parse_nice(rvalue, &priority);
542 if (r < 0) {
543 if (r == -ERANGE)
544 log_syntax(unit, LOG_ERR, filename, line, r, "Nice priority out of range, ignoring: %s", rvalue);
545 else
546 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse nice priority '%s', ignoring: %m", rvalue);
547 return 0;
548 }
549
550 c->nice = priority;
551 c->nice_set = true;
552
553 return 0;
554 }
555
556 int config_parse_exec_oom_score_adjust(
557 const char* unit,
558 const char *filename,
559 unsigned line,
560 const char *section,
561 unsigned section_line,
562 const char *lvalue,
563 int ltype,
564 const char *rvalue,
565 void *data,
566 void *userdata) {
567
568 ExecContext *c = data;
569 int oa, r;
570
571 assert(filename);
572 assert(lvalue);
573 assert(rvalue);
574 assert(data);
575
576 if (isempty(rvalue)) {
577 c->oom_score_adjust_set = false;
578 return 0;
579 }
580
581 r = parse_oom_score_adjust(rvalue, &oa);
582 if (r < 0) {
583 if (r == -ERANGE)
584 log_syntax(unit, LOG_ERR, filename, line, r, "OOM score adjust value out of range, ignoring: %s", rvalue);
585 else
586 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse the OOM score adjust value '%s', ignoring: %m", rvalue);
587 return 0;
588 }
589
590 c->oom_score_adjust = oa;
591 c->oom_score_adjust_set = true;
592
593 return 0;
594 }
595
596 int config_parse_exec_coredump_filter(
597 const char* unit,
598 const char *filename,
599 unsigned line,
600 const char *section,
601 unsigned section_line,
602 const char *lvalue,
603 int ltype,
604 const char *rvalue,
605 void *data,
606 void *userdata) {
607
608 ExecContext *c = data;
609 int r;
610
611 assert(filename);
612 assert(lvalue);
613 assert(rvalue);
614 assert(data);
615
616 if (isempty(rvalue)) {
617 c->coredump_filter = 0;
618 c->coredump_filter_set = false;
619 return 0;
620 }
621
622 uint64_t f;
623 r = coredump_filter_mask_from_string(rvalue, &f);
624 if (r < 0) {
625 log_syntax(unit, LOG_WARNING, filename, line, r,
626 "Failed to parse the CoredumpFilter=%s, ignoring: %m", rvalue);
627 return 0;
628 }
629
630 c->coredump_filter |= f;
631 c->oom_score_adjust_set = true;
632 return 0;
633 }
634
635 int config_parse_kill_mode(
636 const char* unit,
637 const char *filename,
638 unsigned line,
639 const char *section,
640 unsigned section_line,
641 const char *lvalue,
642 int ltype,
643 const char *rvalue,
644 void *data,
645 void *userdata) {
646
647 KillMode *k = data, m;
648
649 assert(filename);
650 assert(lvalue);
651 assert(rvalue);
652 assert(data);
653
654 if (isempty(rvalue)) {
655 *k = KILL_CONTROL_GROUP;
656 return 0;
657 }
658
659 m = kill_mode_from_string(rvalue);
660 if (m < 0) {
661 log_syntax(unit, LOG_WARNING, filename, line, 0,
662 "Failed to parse kill mode specification, ignoring: %s", rvalue);
663 return 0;
664 }
665
666 if (m == KILL_NONE)
667 log_syntax(unit, LOG_WARNING, filename, line, 0,
668 "Unit configured to use KillMode=none. "
669 "This is unsafe, as it disables systemd's process life-cycle management for the service. "
670 "Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. "
671 "Support for KillMode=none is deprecated and will eventually be removed.");
672
673 *k = m;
674 return 0;
675 }
676
677 int config_parse_exec(
678 const char *unit,
679 const char *filename,
680 unsigned line,
681 const char *section,
682 unsigned section_line,
683 const char *lvalue,
684 int ltype,
685 const char *rvalue,
686 void *data,
687 void *userdata) {
688
689 ExecCommand **e = data;
690 const Unit *u = userdata;
691 const char *p;
692 bool semicolon;
693 int r;
694
695 assert(filename);
696 assert(lvalue);
697 assert(rvalue);
698 assert(e);
699
700 e += ltype;
701
702 if (isempty(rvalue)) {
703 /* An empty assignment resets the list */
704 *e = exec_command_free_list(*e);
705 return 0;
706 }
707
708 p = rvalue;
709 do {
710 _cleanup_free_ char *path = NULL, *firstword = NULL;
711 ExecCommandFlags flags = 0;
712 bool ignore = false, separate_argv0 = false;
713 _cleanup_free_ ExecCommand *nce = NULL;
714 _cleanup_strv_free_ char **n = NULL;
715 size_t nlen = 0, nbufsize = 0;
716 const char *f;
717
718 semicolon = false;
719
720 r = extract_first_word_and_warn(&p, &firstword, NULL, EXTRACT_UNQUOTE|EXTRACT_CUNESCAPE, unit, filename, line, rvalue);
721 if (r <= 0)
722 return 0;
723
724 f = firstword;
725 for (;;) {
726 /* We accept an absolute path as first argument. If it's prefixed with - and the path doesn't
727 * exist, we ignore it instead of erroring out; if it's prefixed with @, we allow overriding of
728 * argv[0]; if it's prefixed with :, we will not do environment variable substitution;
729 * if it's prefixed with +, it will be run with full privileges and no sandboxing; if
730 * it's prefixed with '!' we apply sandboxing, but do not change user/group credentials; if
731 * it's prefixed with '!!', then we apply user/group credentials if the kernel supports ambient
732 * capabilities -- if it doesn't we don't apply the credentials themselves, but do apply most
733 * other sandboxing, with some special exceptions for changing UID.
734 *
735 * The idea is that '!!' may be used to write services that can take benefit of systemd's
736 * UID/GID dropping if the kernel supports ambient creds, but provide an automatic fallback to
737 * privilege dropping within the daemon if the kernel does not offer that. */
738
739 if (*f == '-' && !(flags & EXEC_COMMAND_IGNORE_FAILURE)) {
740 flags |= EXEC_COMMAND_IGNORE_FAILURE;
741 ignore = true;
742 } else if (*f == '@' && !separate_argv0)
743 separate_argv0 = true;
744 else if (*f == ':' && !(flags & EXEC_COMMAND_NO_ENV_EXPAND))
745 flags |= EXEC_COMMAND_NO_ENV_EXPAND;
746 else if (*f == '+' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_NO_SETUID|EXEC_COMMAND_AMBIENT_MAGIC)))
747 flags |= EXEC_COMMAND_FULLY_PRIVILEGED;
748 else if (*f == '!' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_NO_SETUID|EXEC_COMMAND_AMBIENT_MAGIC)))
749 flags |= EXEC_COMMAND_NO_SETUID;
750 else if (*f == '!' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_AMBIENT_MAGIC))) {
751 flags &= ~EXEC_COMMAND_NO_SETUID;
752 flags |= EXEC_COMMAND_AMBIENT_MAGIC;
753 } else
754 break;
755 f++;
756 }
757
758 r = unit_full_printf(u, f, &path);
759 if (r < 0) {
760 log_syntax(unit, LOG_ERR, filename, line, r,
761 "Failed to resolve unit specifiers in '%s'%s: %m",
762 f, ignore ? ", ignoring" : "");
763 return ignore ? 0 : -ENOEXEC;
764 }
765
766 if (isempty(path)) {
767 /* First word is either "-" or "@" with no command. */
768 log_syntax(unit, LOG_ERR, filename, line, 0,
769 "Empty path in command line%s: '%s'",
770 ignore ? ", ignoring" : "", rvalue);
771 return ignore ? 0 : -ENOEXEC;
772 }
773 if (!string_is_safe(path)) {
774 log_syntax(unit, LOG_ERR, filename, line, 0,
775 "Executable name contains special characters%s: %s",
776 ignore ? ", ignoring" : "", path);
777 return ignore ? 0 : -ENOEXEC;
778 }
779 if (endswith(path, "/")) {
780 log_syntax(unit, LOG_ERR, filename, line, 0,
781 "Executable path specifies a directory%s: %s",
782 ignore ? ", ignoring" : "", path);
783 return ignore ? 0 : -ENOEXEC;
784 }
785
786 if (!path_is_absolute(path)) {
787 const char *prefix;
788 bool found = false;
789
790 if (!filename_is_valid(path)) {
791 log_syntax(unit, LOG_ERR, filename, line, 0,
792 "Neither a valid executable name nor an absolute path%s: %s",
793 ignore ? ", ignoring" : "", path);
794 return ignore ? 0 : -ENOEXEC;
795 }
796
797 /* Resolve a single-component name to a full path */
798 NULSTR_FOREACH(prefix, DEFAULT_PATH_NULSTR) {
799 _cleanup_free_ char *fullpath = NULL;
800
801 fullpath = path_join(prefix, path);
802 if (!fullpath)
803 return log_oom();
804
805 if (access(fullpath, F_OK) >= 0) {
806 free_and_replace(path, fullpath);
807 found = true;
808 break;
809 }
810 }
811
812 if (!found) {
813 log_syntax(unit, LOG_ERR, filename, line, 0,
814 "Executable \"%s\" not found in path \"%s\"%s",
815 path, DEFAULT_PATH, ignore ? ", ignoring" : "");
816 return ignore ? 0 : -ENOEXEC;
817 }
818 }
819
820 if (!separate_argv0) {
821 char *w = NULL;
822
823 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
824 return log_oom();
825
826 w = strdup(path);
827 if (!w)
828 return log_oom();
829 n[nlen++] = w;
830 n[nlen] = NULL;
831 }
832
833 path_simplify(path, false);
834
835 while (!isempty(p)) {
836 _cleanup_free_ char *word = NULL, *resolved = NULL;
837
838 /* Check explicitly for an unquoted semicolon as
839 * command separator token. */
840 if (p[0] == ';' && (!p[1] || strchr(WHITESPACE, p[1]))) {
841 p++;
842 p += strspn(p, WHITESPACE);
843 semicolon = true;
844 break;
845 }
846
847 /* Check for \; explicitly, to not confuse it with \\; or "\;" or "\\;" etc.
848 * extract_first_word() would return the same for all of those. */
849 if (p[0] == '\\' && p[1] == ';' && (!p[2] || strchr(WHITESPACE, p[2]))) {
850 char *w;
851
852 p += 2;
853 p += strspn(p, WHITESPACE);
854
855 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
856 return log_oom();
857
858 w = strdup(";");
859 if (!w)
860 return log_oom();
861 n[nlen++] = w;
862 n[nlen] = NULL;
863 continue;
864 }
865
866 r = extract_first_word_and_warn(&p, &word, NULL, EXTRACT_UNQUOTE|EXTRACT_CUNESCAPE, unit, filename, line, rvalue);
867 if (r == 0)
868 break;
869 if (r < 0)
870 return ignore ? 0 : -ENOEXEC;
871
872 r = unit_full_printf(u, word, &resolved);
873 if (r < 0) {
874 log_syntax(unit, LOG_ERR, filename, line, r,
875 "Failed to resolve unit specifiers in %s%s: %m",
876 word, ignore ? ", ignoring" : "");
877 return ignore ? 0 : -ENOEXEC;
878 }
879
880 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
881 return log_oom();
882
883 n[nlen++] = TAKE_PTR(resolved);
884 n[nlen] = NULL;
885 }
886
887 if (!n || !n[0]) {
888 log_syntax(unit, LOG_ERR, filename, line, 0,
889 "Empty executable name or zeroeth argument%s: %s",
890 ignore ? ", ignoring" : "", rvalue);
891 return ignore ? 0 : -ENOEXEC;
892 }
893
894 nce = new0(ExecCommand, 1);
895 if (!nce)
896 return log_oom();
897
898 nce->argv = TAKE_PTR(n);
899 nce->path = TAKE_PTR(path);
900 nce->flags = flags;
901
902 exec_command_append_list(e, nce);
903
904 /* Do not _cleanup_free_ these. */
905 nce = NULL;
906
907 rvalue = p;
908 } while (semicolon);
909
910 return 0;
911 }
912
913 int config_parse_socket_bindtodevice(
914 const char* unit,
915 const char *filename,
916 unsigned line,
917 const char *section,
918 unsigned section_line,
919 const char *lvalue,
920 int ltype,
921 const char *rvalue,
922 void *data,
923 void *userdata) {
924
925 Socket *s = data;
926
927 assert(filename);
928 assert(lvalue);
929 assert(rvalue);
930 assert(data);
931
932 if (isempty(rvalue) || streq(rvalue, "*")) {
933 s->bind_to_device = mfree(s->bind_to_device);
934 return 0;
935 }
936
937 if (!ifname_valid(rvalue)) {
938 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid interface name, ignoring: %s", rvalue);
939 return 0;
940 }
941
942 if (free_and_strdup(&s->bind_to_device, rvalue) < 0)
943 return log_oom();
944
945 return 0;
946 }
947
948 int config_parse_exec_input(
949 const char *unit,
950 const char *filename,
951 unsigned line,
952 const char *section,
953 unsigned section_line,
954 const char *lvalue,
955 int ltype,
956 const char *rvalue,
957 void *data,
958 void *userdata) {
959
960 ExecContext *c = data;
961 const Unit *u = userdata;
962 const char *n;
963 ExecInput ei;
964 int r;
965
966 assert(data);
967 assert(filename);
968 assert(line);
969 assert(rvalue);
970
971 n = startswith(rvalue, "fd:");
972 if (n) {
973 _cleanup_free_ char *resolved = NULL;
974
975 r = unit_full_printf(u, n, &resolved);
976 if (r < 0)
977 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s': %m", n);
978
979 if (isempty(resolved))
980 resolved = mfree(resolved);
981 else if (!fdname_is_valid(resolved)) {
982 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid file descriptor name: %s", resolved);
983 return -ENOEXEC;
984 }
985
986 free_and_replace(c->stdio_fdname[STDIN_FILENO], resolved);
987
988 ei = EXEC_INPUT_NAMED_FD;
989
990 } else if ((n = startswith(rvalue, "file:"))) {
991 _cleanup_free_ char *resolved = NULL;
992
993 r = unit_full_printf(u, n, &resolved);
994 if (r < 0)
995 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s': %m", n);
996
997 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
998 if (r < 0)
999 return -ENOEXEC;
1000
1001 free_and_replace(c->stdio_file[STDIN_FILENO], resolved);
1002
1003 ei = EXEC_INPUT_FILE;
1004
1005 } else {
1006 ei = exec_input_from_string(rvalue);
1007 if (ei < 0) {
1008 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse input specifier, ignoring: %s", rvalue);
1009 return 0;
1010 }
1011 }
1012
1013 c->std_input = ei;
1014 return 0;
1015 }
1016
1017 int config_parse_exec_input_text(
1018 const char *unit,
1019 const char *filename,
1020 unsigned line,
1021 const char *section,
1022 unsigned section_line,
1023 const char *lvalue,
1024 int ltype,
1025 const char *rvalue,
1026 void *data,
1027 void *userdata) {
1028
1029 _cleanup_free_ char *unescaped = NULL, *resolved = NULL;
1030 ExecContext *c = data;
1031 const Unit *u = userdata;
1032 size_t sz;
1033 void *p;
1034 int r;
1035
1036 assert(data);
1037 assert(filename);
1038 assert(line);
1039 assert(rvalue);
1040
1041 if (isempty(rvalue)) {
1042 /* Reset if the empty string is assigned */
1043 c->stdin_data = mfree(c->stdin_data);
1044 c->stdin_data_size = 0;
1045 return 0;
1046 }
1047
1048 r = cunescape(rvalue, 0, &unescaped);
1049 if (r < 0)
1050 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to decode C escaped text '%s': %m", rvalue);
1051
1052 r = unit_full_printf(u, unescaped, &resolved);
1053 if (r < 0)
1054 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s': %m", unescaped);
1055
1056 sz = strlen(resolved);
1057 if (c->stdin_data_size + sz + 1 < c->stdin_data_size || /* check for overflow */
1058 c->stdin_data_size + sz + 1 > EXEC_STDIN_DATA_MAX) {
1059 log_syntax(unit, LOG_ERR, filename, line, 0, "Standard input data too large (%zu), maximum of %zu permitted, ignoring.", c->stdin_data_size + sz, (size_t) EXEC_STDIN_DATA_MAX);
1060 return -E2BIG;
1061 }
1062
1063 p = realloc(c->stdin_data, c->stdin_data_size + sz + 1);
1064 if (!p)
1065 return log_oom();
1066
1067 *((char*) mempcpy((char*) p + c->stdin_data_size, resolved, sz)) = '\n';
1068
1069 c->stdin_data = p;
1070 c->stdin_data_size += sz + 1;
1071
1072 return 0;
1073 }
1074
1075 int config_parse_exec_input_data(
1076 const char *unit,
1077 const char *filename,
1078 unsigned line,
1079 const char *section,
1080 unsigned section_line,
1081 const char *lvalue,
1082 int ltype,
1083 const char *rvalue,
1084 void *data,
1085 void *userdata) {
1086
1087 _cleanup_free_ void *p = NULL;
1088 ExecContext *c = data;
1089 size_t sz;
1090 void *q;
1091 int r;
1092
1093 assert(data);
1094 assert(filename);
1095 assert(line);
1096 assert(rvalue);
1097
1098 if (isempty(rvalue)) {
1099 /* Reset if the empty string is assigned */
1100 c->stdin_data = mfree(c->stdin_data);
1101 c->stdin_data_size = 0;
1102 return 0;
1103 }
1104
1105 r = unbase64mem(rvalue, (size_t) -1, &p, &sz);
1106 if (r < 0)
1107 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to decode base64 data, ignoring: %s", rvalue);
1108
1109 assert(sz > 0);
1110
1111 if (c->stdin_data_size + sz < c->stdin_data_size || /* check for overflow */
1112 c->stdin_data_size + sz > EXEC_STDIN_DATA_MAX) {
1113 log_syntax(unit, LOG_ERR, filename, line, 0, "Standard input data too large (%zu), maximum of %zu permitted, ignoring.", c->stdin_data_size + sz, (size_t) EXEC_STDIN_DATA_MAX);
1114 return -E2BIG;
1115 }
1116
1117 q = realloc(c->stdin_data, c->stdin_data_size + sz);
1118 if (!q)
1119 return log_oom();
1120
1121 memcpy((uint8_t*) q + c->stdin_data_size, p, sz);
1122
1123 c->stdin_data = q;
1124 c->stdin_data_size += sz;
1125
1126 return 0;
1127 }
1128
1129 int config_parse_exec_output(
1130 const char *unit,
1131 const char *filename,
1132 unsigned line,
1133 const char *section,
1134 unsigned section_line,
1135 const char *lvalue,
1136 int ltype,
1137 const char *rvalue,
1138 void *data,
1139 void *userdata) {
1140
1141 _cleanup_free_ char *resolved = NULL;
1142 const char *n;
1143 ExecContext *c = data;
1144 const Unit *u = userdata;
1145 bool obsolete = false;
1146 ExecOutput eo;
1147 int r;
1148
1149 assert(data);
1150 assert(filename);
1151 assert(line);
1152 assert(lvalue);
1153 assert(rvalue);
1154
1155 n = startswith(rvalue, "fd:");
1156 if (n) {
1157 r = unit_full_printf(u, n, &resolved);
1158 if (r < 0)
1159 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", n);
1160
1161 if (isempty(resolved))
1162 resolved = mfree(resolved);
1163 else if (!fdname_is_valid(resolved)) {
1164 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid file descriptor name: %s", resolved);
1165 return -ENOEXEC;
1166 }
1167
1168 eo = EXEC_OUTPUT_NAMED_FD;
1169
1170 } else if (streq(rvalue, "syslog")) {
1171 eo = EXEC_OUTPUT_JOURNAL;
1172 obsolete = true;
1173
1174 } else if (streq(rvalue, "syslog+console")) {
1175 eo = EXEC_OUTPUT_JOURNAL_AND_CONSOLE;
1176 obsolete = true;
1177
1178 } else if ((n = startswith(rvalue, "file:"))) {
1179
1180 r = unit_full_printf(u, n, &resolved);
1181 if (r < 0)
1182 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", n);
1183
1184 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
1185 if (r < 0)
1186 return -ENOEXEC;
1187
1188 eo = EXEC_OUTPUT_FILE;
1189
1190 } else if ((n = startswith(rvalue, "append:"))) {
1191
1192 r = unit_full_printf(u, n, &resolved);
1193 if (r < 0)
1194 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", n);
1195
1196 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
1197 if (r < 0)
1198 return -ENOEXEC;
1199
1200 eo = EXEC_OUTPUT_FILE_APPEND;
1201 } else {
1202 eo = exec_output_from_string(rvalue);
1203 if (eo < 0) {
1204 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse output specifier, ignoring: %s", rvalue);
1205 return 0;
1206 }
1207 }
1208
1209 if (obsolete)
1210 log_syntax(unit, LOG_NOTICE, filename, line, 0,
1211 "Standard output type %s is obsolete, automatically updating to %s. Please update your unit file, and consider removing the setting altogether.",
1212 rvalue, exec_output_to_string(eo));
1213
1214 if (streq(lvalue, "StandardOutput")) {
1215 if (eo == EXEC_OUTPUT_NAMED_FD)
1216 free_and_replace(c->stdio_fdname[STDOUT_FILENO], resolved);
1217 else
1218 free_and_replace(c->stdio_file[STDOUT_FILENO], resolved);
1219
1220 c->std_output = eo;
1221
1222 } else {
1223 assert(streq(lvalue, "StandardError"));
1224
1225 if (eo == EXEC_OUTPUT_NAMED_FD)
1226 free_and_replace(c->stdio_fdname[STDERR_FILENO], resolved);
1227 else
1228 free_and_replace(c->stdio_file[STDERR_FILENO], resolved);
1229
1230 c->std_error = eo;
1231 }
1232
1233 return 0;
1234 }
1235
1236 int config_parse_exec_io_class(const char *unit,
1237 const char *filename,
1238 unsigned line,
1239 const char *section,
1240 unsigned section_line,
1241 const char *lvalue,
1242 int ltype,
1243 const char *rvalue,
1244 void *data,
1245 void *userdata) {
1246
1247 ExecContext *c = data;
1248 int x;
1249
1250 assert(filename);
1251 assert(lvalue);
1252 assert(rvalue);
1253 assert(data);
1254
1255 if (isempty(rvalue)) {
1256 c->ioprio_set = false;
1257 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
1258 return 0;
1259 }
1260
1261 x = ioprio_class_from_string(rvalue);
1262 if (x < 0) {
1263 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse IO scheduling class, ignoring: %s", rvalue);
1264 return 0;
1265 }
1266
1267 c->ioprio = IOPRIO_PRIO_VALUE(x, IOPRIO_PRIO_DATA(c->ioprio));
1268 c->ioprio_set = true;
1269
1270 return 0;
1271 }
1272
1273 int config_parse_exec_io_priority(const char *unit,
1274 const char *filename,
1275 unsigned line,
1276 const char *section,
1277 unsigned section_line,
1278 const char *lvalue,
1279 int ltype,
1280 const char *rvalue,
1281 void *data,
1282 void *userdata) {
1283
1284 ExecContext *c = data;
1285 int i, r;
1286
1287 assert(filename);
1288 assert(lvalue);
1289 assert(rvalue);
1290 assert(data);
1291
1292 if (isempty(rvalue)) {
1293 c->ioprio_set = false;
1294 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
1295 return 0;
1296 }
1297
1298 r = ioprio_parse_priority(rvalue, &i);
1299 if (r < 0) {
1300 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse IO priority, ignoring: %s", rvalue);
1301 return 0;
1302 }
1303
1304 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_PRIO_CLASS(c->ioprio), i);
1305 c->ioprio_set = true;
1306
1307 return 0;
1308 }
1309
1310 int config_parse_exec_cpu_sched_policy(const char *unit,
1311 const char *filename,
1312 unsigned line,
1313 const char *section,
1314 unsigned section_line,
1315 const char *lvalue,
1316 int ltype,
1317 const char *rvalue,
1318 void *data,
1319 void *userdata) {
1320
1321 ExecContext *c = data;
1322 int x;
1323
1324 assert(filename);
1325 assert(lvalue);
1326 assert(rvalue);
1327 assert(data);
1328
1329 if (isempty(rvalue)) {
1330 c->cpu_sched_set = false;
1331 c->cpu_sched_policy = SCHED_OTHER;
1332 c->cpu_sched_priority = 0;
1333 return 0;
1334 }
1335
1336 x = sched_policy_from_string(rvalue);
1337 if (x < 0) {
1338 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse CPU scheduling policy, ignoring: %s", rvalue);
1339 return 0;
1340 }
1341
1342 c->cpu_sched_policy = x;
1343 /* Moving to or from real-time policy? We need to adjust the priority */
1344 c->cpu_sched_priority = CLAMP(c->cpu_sched_priority, sched_get_priority_min(x), sched_get_priority_max(x));
1345 c->cpu_sched_set = true;
1346
1347 return 0;
1348 }
1349
1350 int config_parse_numa_mask(const char *unit,
1351 const char *filename,
1352 unsigned line,
1353 const char *section,
1354 unsigned section_line,
1355 const char *lvalue,
1356 int ltype,
1357 const char *rvalue,
1358 void *data,
1359 void *userdata) {
1360 int r;
1361 NUMAPolicy *p = data;
1362
1363 assert(filename);
1364 assert(lvalue);
1365 assert(rvalue);
1366 assert(data);
1367
1368 r = parse_cpu_set_extend(rvalue, &p->nodes, true, unit, filename, line, lvalue);
1369 if (r < 0) {
1370 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse NUMA node mask, ignoring: %s", rvalue);
1371 return 0;
1372 }
1373
1374 return r;
1375 }
1376
1377 int config_parse_exec_cpu_sched_prio(const char *unit,
1378 const char *filename,
1379 unsigned line,
1380 const char *section,
1381 unsigned section_line,
1382 const char *lvalue,
1383 int ltype,
1384 const char *rvalue,
1385 void *data,
1386 void *userdata) {
1387
1388 ExecContext *c = data;
1389 int i, min, max, r;
1390
1391 assert(filename);
1392 assert(lvalue);
1393 assert(rvalue);
1394 assert(data);
1395
1396 r = safe_atoi(rvalue, &i);
1397 if (r < 0) {
1398 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse CPU scheduling priority, ignoring: %s", rvalue);
1399 return 0;
1400 }
1401
1402 /* On Linux RR/FIFO range from 1 to 99 and OTHER/BATCH may only be 0 */
1403 min = sched_get_priority_min(c->cpu_sched_policy);
1404 max = sched_get_priority_max(c->cpu_sched_policy);
1405
1406 if (i < min || i > max) {
1407 log_syntax(unit, LOG_ERR, filename, line, 0, "CPU scheduling priority is out of range, ignoring: %s", rvalue);
1408 return 0;
1409 }
1410
1411 c->cpu_sched_priority = i;
1412 c->cpu_sched_set = true;
1413
1414 return 0;
1415 }
1416
1417 int config_parse_exec_root_hash(
1418 const char *unit,
1419 const char *filename,
1420 unsigned line,
1421 const char *section,
1422 unsigned section_line,
1423 const char *lvalue,
1424 int ltype,
1425 const char *rvalue,
1426 void *data,
1427 void *userdata) {
1428
1429 _cleanup_free_ void *roothash_decoded = NULL;
1430 ExecContext *c = data;
1431 size_t roothash_decoded_size = 0;
1432 int r;
1433
1434 assert(data);
1435 assert(filename);
1436 assert(line);
1437 assert(rvalue);
1438
1439 if (isempty(rvalue)) {
1440 /* Reset if the empty string is assigned */
1441 c->root_hash_path = mfree(c->root_hash_path);
1442 c->root_hash = mfree(c->root_hash);
1443 c->root_hash_size = 0;
1444 return 0;
1445 }
1446
1447 if (path_is_absolute(rvalue)) {
1448 /* We have the path to a roothash to load and decode, eg: RootHash=/foo/bar.roothash */
1449 _cleanup_free_ char *p = NULL;
1450
1451 p = strdup(rvalue);
1452 if (!p)
1453 return -ENOMEM;
1454
1455 free_and_replace(c->root_hash_path, p);
1456 c->root_hash = mfree(c->root_hash);
1457 c->root_hash_size = 0;
1458 return 0;
1459 }
1460
1461 /* We have a roothash to decode, eg: RootHash=012345789abcdef */
1462 r = unhexmem(rvalue, strlen(rvalue), &roothash_decoded, &roothash_decoded_size);
1463 if (r < 0)
1464 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to decode RootHash=, ignoring: %s", rvalue);
1465 if (roothash_decoded_size < sizeof(sd_id128_t))
1466 return log_syntax(unit, LOG_ERR, filename, line, SYNTHETIC_ERRNO(EINVAL), "RootHash= is too short, ignoring: %s", rvalue);
1467
1468 free_and_replace(c->root_hash, roothash_decoded);
1469 c->root_hash_size = roothash_decoded_size;
1470 c->root_hash_path = mfree(c->root_hash_path);
1471
1472 return 0;
1473 }
1474
1475 int config_parse_exec_cpu_affinity(const char *unit,
1476 const char *filename,
1477 unsigned line,
1478 const char *section,
1479 unsigned section_line,
1480 const char *lvalue,
1481 int ltype,
1482 const char *rvalue,
1483 void *data,
1484 void *userdata) {
1485
1486 ExecContext *c = data;
1487 int r;
1488
1489 assert(filename);
1490 assert(lvalue);
1491 assert(rvalue);
1492 assert(data);
1493
1494 if (streq(rvalue, "numa")) {
1495 c->cpu_affinity_from_numa = true;
1496 cpu_set_reset(&c->cpu_set);
1497
1498 return 0;
1499 }
1500
1501 r = parse_cpu_set_extend(rvalue, &c->cpu_set, true, unit, filename, line, lvalue);
1502 if (r >= 0)
1503 c->cpu_affinity_from_numa = false;
1504
1505 return r;
1506 }
1507
1508 int config_parse_capability_set(
1509 const char *unit,
1510 const char *filename,
1511 unsigned line,
1512 const char *section,
1513 unsigned section_line,
1514 const char *lvalue,
1515 int ltype,
1516 const char *rvalue,
1517 void *data,
1518 void *userdata) {
1519
1520 uint64_t *capability_set = data;
1521 uint64_t sum = 0, initial = 0;
1522 bool invert = false;
1523 int r;
1524
1525 assert(filename);
1526 assert(lvalue);
1527 assert(rvalue);
1528 assert(data);
1529
1530 if (rvalue[0] == '~') {
1531 invert = true;
1532 rvalue++;
1533 }
1534
1535 if (streq(lvalue, "CapabilityBoundingSet"))
1536 initial = CAP_ALL; /* initialized to all bits on */
1537 /* else "AmbientCapabilities" initialized to all bits off */
1538
1539 r = capability_set_from_string(rvalue, &sum);
1540 if (r < 0) {
1541 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s= specifier '%s', ignoring: %m", lvalue, rvalue);
1542 return 0;
1543 }
1544
1545 if (sum == 0 || *capability_set == initial)
1546 /* "", "~" or uninitialized data -> replace */
1547 *capability_set = invert ? ~sum : sum;
1548 else {
1549 /* previous data -> merge */
1550 if (invert)
1551 *capability_set &= ~sum;
1552 else
1553 *capability_set |= sum;
1554 }
1555
1556 return 0;
1557 }
1558
1559 int config_parse_exec_selinux_context(
1560 const char *unit,
1561 const char *filename,
1562 unsigned line,
1563 const char *section,
1564 unsigned section_line,
1565 const char *lvalue,
1566 int ltype,
1567 const char *rvalue,
1568 void *data,
1569 void *userdata) {
1570
1571 ExecContext *c = data;
1572 const Unit *u = userdata;
1573 bool ignore;
1574 char *k;
1575 int r;
1576
1577 assert(filename);
1578 assert(lvalue);
1579 assert(rvalue);
1580 assert(data);
1581
1582 if (isempty(rvalue)) {
1583 c->selinux_context = mfree(c->selinux_context);
1584 c->selinux_context_ignore = false;
1585 return 0;
1586 }
1587
1588 if (rvalue[0] == '-') {
1589 ignore = true;
1590 rvalue++;
1591 } else
1592 ignore = false;
1593
1594 r = unit_full_printf(u, rvalue, &k);
1595 if (r < 0) {
1596 log_syntax(unit, LOG_ERR, filename, line, r,
1597 "Failed to resolve unit specifiers in '%s'%s: %m",
1598 rvalue, ignore ? ", ignoring" : "");
1599 return ignore ? 0 : -ENOEXEC;
1600 }
1601
1602 free_and_replace(c->selinux_context, k);
1603 c->selinux_context_ignore = ignore;
1604
1605 return 0;
1606 }
1607
1608 int config_parse_exec_apparmor_profile(
1609 const char *unit,
1610 const char *filename,
1611 unsigned line,
1612 const char *section,
1613 unsigned section_line,
1614 const char *lvalue,
1615 int ltype,
1616 const char *rvalue,
1617 void *data,
1618 void *userdata) {
1619
1620 ExecContext *c = data;
1621 const Unit *u = userdata;
1622 bool ignore;
1623 char *k;
1624 int r;
1625
1626 assert(filename);
1627 assert(lvalue);
1628 assert(rvalue);
1629 assert(data);
1630
1631 if (isempty(rvalue)) {
1632 c->apparmor_profile = mfree(c->apparmor_profile);
1633 c->apparmor_profile_ignore = false;
1634 return 0;
1635 }
1636
1637 if (rvalue[0] == '-') {
1638 ignore = true;
1639 rvalue++;
1640 } else
1641 ignore = false;
1642
1643 r = unit_full_printf(u, rvalue, &k);
1644 if (r < 0) {
1645 log_syntax(unit, LOG_ERR, filename, line, r,
1646 "Failed to resolve unit specifiers in '%s'%s: %m",
1647 rvalue, ignore ? ", ignoring" : "");
1648 return ignore ? 0 : -ENOEXEC;
1649 }
1650
1651 free_and_replace(c->apparmor_profile, k);
1652 c->apparmor_profile_ignore = ignore;
1653
1654 return 0;
1655 }
1656
1657 int config_parse_exec_smack_process_label(
1658 const char *unit,
1659 const char *filename,
1660 unsigned line,
1661 const char *section,
1662 unsigned section_line,
1663 const char *lvalue,
1664 int ltype,
1665 const char *rvalue,
1666 void *data,
1667 void *userdata) {
1668
1669 ExecContext *c = data;
1670 const Unit *u = userdata;
1671 bool ignore;
1672 char *k;
1673 int r;
1674
1675 assert(filename);
1676 assert(lvalue);
1677 assert(rvalue);
1678 assert(data);
1679
1680 if (isempty(rvalue)) {
1681 c->smack_process_label = mfree(c->smack_process_label);
1682 c->smack_process_label_ignore = false;
1683 return 0;
1684 }
1685
1686 if (rvalue[0] == '-') {
1687 ignore = true;
1688 rvalue++;
1689 } else
1690 ignore = false;
1691
1692 r = unit_full_printf(u, rvalue, &k);
1693 if (r < 0) {
1694 log_syntax(unit, LOG_ERR, filename, line, r,
1695 "Failed to resolve unit specifiers in '%s'%s: %m",
1696 rvalue, ignore ? ", ignoring" : "");
1697 return ignore ? 0 : -ENOEXEC;
1698 }
1699
1700 free_and_replace(c->smack_process_label, k);
1701 c->smack_process_label_ignore = ignore;
1702
1703 return 0;
1704 }
1705
1706 int config_parse_timer(
1707 const char *unit,
1708 const char *filename,
1709 unsigned line,
1710 const char *section,
1711 unsigned section_line,
1712 const char *lvalue,
1713 int ltype,
1714 const char *rvalue,
1715 void *data,
1716 void *userdata) {
1717
1718 _cleanup_(calendar_spec_freep) CalendarSpec *c = NULL;
1719 _cleanup_free_ char *k = NULL;
1720 const Unit *u = userdata;
1721 Timer *t = data;
1722 usec_t usec = 0;
1723 TimerValue *v;
1724 int r;
1725
1726 assert(filename);
1727 assert(lvalue);
1728 assert(rvalue);
1729 assert(data);
1730
1731 if (isempty(rvalue)) {
1732 /* Empty assignment resets list */
1733 timer_free_values(t);
1734 return 0;
1735 }
1736
1737 r = unit_full_printf(u, rvalue, &k);
1738 if (r < 0) {
1739 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
1740 return 0;
1741 }
1742
1743 if (ltype == TIMER_CALENDAR) {
1744 r = calendar_spec_from_string(k, &c);
1745 if (r < 0) {
1746 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse calendar specification, ignoring: %s", k);
1747 return 0;
1748 }
1749 } else {
1750 r = parse_sec(k, &usec);
1751 if (r < 0) {
1752 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse timer value, ignoring: %s", k);
1753 return 0;
1754 }
1755 }
1756
1757 v = new(TimerValue, 1);
1758 if (!v)
1759 return log_oom();
1760
1761 *v = (TimerValue) {
1762 .base = ltype,
1763 .value = usec,
1764 .calendar_spec = TAKE_PTR(c),
1765 };
1766
1767 LIST_PREPEND(value, t->values, v);
1768
1769 return 0;
1770 }
1771
1772 int config_parse_trigger_unit(
1773 const char *unit,
1774 const char *filename,
1775 unsigned line,
1776 const char *section,
1777 unsigned section_line,
1778 const char *lvalue,
1779 int ltype,
1780 const char *rvalue,
1781 void *data,
1782 void *userdata) {
1783
1784 _cleanup_free_ char *p = NULL;
1785 Unit *u = data;
1786 UnitType type;
1787 int r;
1788
1789 assert(filename);
1790 assert(lvalue);
1791 assert(rvalue);
1792 assert(data);
1793
1794 if (!hashmap_isempty(u->dependencies[UNIT_TRIGGERS])) {
1795 log_syntax(unit, LOG_ERR, filename, line, 0, "Multiple units to trigger specified, ignoring: %s", rvalue);
1796 return 0;
1797 }
1798
1799 r = unit_name_printf(u, rvalue, &p);
1800 if (r < 0) {
1801 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
1802 return 0;
1803 }
1804
1805 type = unit_name_to_type(p);
1806 if (type < 0) {
1807 log_syntax(unit, LOG_ERR, filename, line, 0, "Unit type not valid, ignoring: %s", rvalue);
1808 return 0;
1809 }
1810 if (unit_has_name(u, p)) {
1811 log_syntax(unit, LOG_ERR, filename, line, 0, "Units cannot trigger themselves, ignoring: %s", rvalue);
1812 return 0;
1813 }
1814
1815 r = unit_add_two_dependencies_by_name(u, UNIT_BEFORE, UNIT_TRIGGERS, p, true, UNIT_DEPENDENCY_FILE);
1816 if (r < 0) {
1817 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add trigger on %s, ignoring: %m", p);
1818 return 0;
1819 }
1820
1821 return 0;
1822 }
1823
1824 int config_parse_path_spec(const char *unit,
1825 const char *filename,
1826 unsigned line,
1827 const char *section,
1828 unsigned section_line,
1829 const char *lvalue,
1830 int ltype,
1831 const char *rvalue,
1832 void *data,
1833 void *userdata) {
1834
1835 Path *p = data;
1836 PathSpec *s;
1837 PathType b;
1838 _cleanup_free_ char *k = NULL;
1839 int r;
1840
1841 assert(filename);
1842 assert(lvalue);
1843 assert(rvalue);
1844 assert(data);
1845
1846 if (isempty(rvalue)) {
1847 /* Empty assignment clears list */
1848 path_free_specs(p);
1849 return 0;
1850 }
1851
1852 b = path_type_from_string(lvalue);
1853 if (b < 0) {
1854 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse path type, ignoring: %s", lvalue);
1855 return 0;
1856 }
1857
1858 r = unit_full_printf(UNIT(p), rvalue, &k);
1859 if (r < 0) {
1860 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
1861 return 0;
1862 }
1863
1864 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
1865 if (r < 0)
1866 return 0;
1867
1868 s = new0(PathSpec, 1);
1869 if (!s)
1870 return log_oom();
1871
1872 s->unit = UNIT(p);
1873 s->path = TAKE_PTR(k);
1874 s->type = b;
1875 s->inotify_fd = -1;
1876
1877 LIST_PREPEND(spec, p->specs, s);
1878
1879 return 0;
1880 }
1881
1882 int config_parse_socket_service(
1883 const char *unit,
1884 const char *filename,
1885 unsigned line,
1886 const char *section,
1887 unsigned section_line,
1888 const char *lvalue,
1889 int ltype,
1890 const char *rvalue,
1891 void *data,
1892 void *userdata) {
1893
1894 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
1895 _cleanup_free_ char *p = NULL;
1896 Socket *s = data;
1897 Unit *x;
1898 int r;
1899
1900 assert(filename);
1901 assert(lvalue);
1902 assert(rvalue);
1903 assert(data);
1904
1905 r = unit_name_printf(UNIT(s), rvalue, &p);
1906 if (r < 0) {
1907 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", rvalue);
1908 return -ENOEXEC;
1909 }
1910
1911 if (!endswith(p, ".service")) {
1912 log_syntax(unit, LOG_ERR, filename, line, 0, "Unit must be of type service: %s", rvalue);
1913 return -ENOEXEC;
1914 }
1915
1916 r = manager_load_unit(UNIT(s)->manager, p, NULL, &error, &x);
1917 if (r < 0) {
1918 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to load unit %s: %s", rvalue, bus_error_message(&error, r));
1919 return -ENOEXEC;
1920 }
1921
1922 unit_ref_set(&s->service, UNIT(s), x);
1923
1924 return 0;
1925 }
1926
1927 int config_parse_fdname(
1928 const char *unit,
1929 const char *filename,
1930 unsigned line,
1931 const char *section,
1932 unsigned section_line,
1933 const char *lvalue,
1934 int ltype,
1935 const char *rvalue,
1936 void *data,
1937 void *userdata) {
1938
1939 _cleanup_free_ char *p = NULL;
1940 Socket *s = data;
1941 int r;
1942
1943 assert(filename);
1944 assert(lvalue);
1945 assert(rvalue);
1946 assert(data);
1947
1948 if (isempty(rvalue)) {
1949 s->fdname = mfree(s->fdname);
1950 return 0;
1951 }
1952
1953 r = unit_full_printf(UNIT(s), rvalue, &p);
1954 if (r < 0) {
1955 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
1956 return 0;
1957 }
1958
1959 if (!fdname_is_valid(p)) {
1960 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid file descriptor name, ignoring: %s", p);
1961 return 0;
1962 }
1963
1964 return free_and_replace(s->fdname, p);
1965 }
1966
1967 int config_parse_service_sockets(
1968 const char *unit,
1969 const char *filename,
1970 unsigned line,
1971 const char *section,
1972 unsigned section_line,
1973 const char *lvalue,
1974 int ltype,
1975 const char *rvalue,
1976 void *data,
1977 void *userdata) {
1978
1979 Service *s = data;
1980 const char *p;
1981 int r;
1982
1983 assert(filename);
1984 assert(lvalue);
1985 assert(rvalue);
1986 assert(data);
1987
1988 p = rvalue;
1989 for (;;) {
1990 _cleanup_free_ char *word = NULL, *k = NULL;
1991
1992 r = extract_first_word(&p, &word, NULL, 0);
1993 if (r == 0)
1994 break;
1995 if (r == -ENOMEM)
1996 return log_oom();
1997 if (r < 0) {
1998 log_syntax(unit, LOG_ERR, filename, line, r, "Trailing garbage in sockets, ignoring: %s", rvalue);
1999 break;
2000 }
2001
2002 r = unit_name_printf(UNIT(s), word, &k);
2003 if (r < 0) {
2004 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
2005 continue;
2006 }
2007
2008 if (!endswith(k, ".socket")) {
2009 log_syntax(unit, LOG_ERR, filename, line, 0, "Unit must be of type socket, ignoring: %s", k);
2010 continue;
2011 }
2012
2013 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_WANTS, UNIT_AFTER, k, true, UNIT_DEPENDENCY_FILE);
2014 if (r < 0)
2015 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
2016
2017 r = unit_add_dependency_by_name(UNIT(s), UNIT_TRIGGERED_BY, k, true, UNIT_DEPENDENCY_FILE);
2018 if (r < 0)
2019 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
2020 }
2021
2022 return 0;
2023 }
2024
2025 int config_parse_bus_name(
2026 const char *unit,
2027 const char *filename,
2028 unsigned line,
2029 const char *section,
2030 unsigned section_line,
2031 const char *lvalue,
2032 int ltype,
2033 const char *rvalue,
2034 void *data,
2035 void *userdata) {
2036
2037 _cleanup_free_ char *k = NULL;
2038 const Unit *u = userdata;
2039 int r;
2040
2041 assert(filename);
2042 assert(lvalue);
2043 assert(rvalue);
2044 assert(u);
2045
2046 r = unit_full_printf(u, rvalue, &k);
2047 if (r < 0) {
2048 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2049 return 0;
2050 }
2051
2052 if (!sd_bus_service_name_is_valid(k)) {
2053 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid bus name, ignoring: %s", k);
2054 return 0;
2055 }
2056
2057 return config_parse_string(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
2058 }
2059
2060 int config_parse_service_timeout(
2061 const char *unit,
2062 const char *filename,
2063 unsigned line,
2064 const char *section,
2065 unsigned section_line,
2066 const char *lvalue,
2067 int ltype,
2068 const char *rvalue,
2069 void *data,
2070 void *userdata) {
2071
2072 Service *s = userdata;
2073 usec_t usec;
2074 int r;
2075
2076 assert(filename);
2077 assert(lvalue);
2078 assert(rvalue);
2079 assert(s);
2080
2081 /* This is called for two cases: TimeoutSec= and TimeoutStartSec=. */
2082
2083 /* Traditionally, these options accepted 0 to disable the timeouts. However, a timeout of 0 suggests it happens
2084 * immediately, hence fix this to become USEC_INFINITY instead. This is in-line with how we internally handle
2085 * all other timeouts. */
2086 r = parse_sec_fix_0(rvalue, &usec);
2087 if (r < 0) {
2088 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s= parameter, ignoring: %s", lvalue, rvalue);
2089 return 0;
2090 }
2091
2092 s->start_timeout_defined = true;
2093 s->timeout_start_usec = usec;
2094
2095 if (streq(lvalue, "TimeoutSec"))
2096 s->timeout_stop_usec = usec;
2097
2098 return 0;
2099 }
2100
2101 int config_parse_timeout_abort(
2102 const char *unit,
2103 const char *filename,
2104 unsigned line,
2105 const char *section,
2106 unsigned section_line,
2107 const char *lvalue,
2108 int ltype,
2109 const char *rvalue,
2110 void *data,
2111 void *userdata) {
2112
2113 usec_t *ret = data;
2114 int r;
2115
2116 assert(filename);
2117 assert(lvalue);
2118 assert(rvalue);
2119 assert(ret);
2120
2121 /* Note: apart from setting the arg, this returns an extra bit of information in the return value. */
2122
2123 if (isempty(rvalue)) {
2124 *ret = 0;
2125 return 0; /* "not set" */
2126 }
2127
2128 r = parse_sec(rvalue, ret);
2129 if (r < 0)
2130 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s= setting, ignoring: %s", lvalue, rvalue);
2131
2132 return 1; /* "set" */
2133 }
2134
2135 int config_parse_service_timeout_abort(
2136 const char *unit,
2137 const char *filename,
2138 unsigned line,
2139 const char *section,
2140 unsigned section_line,
2141 const char *lvalue,
2142 int ltype,
2143 const char *rvalue,
2144 void *data,
2145 void *userdata) {
2146
2147 Service *s = userdata;
2148 int r;
2149
2150 assert(s);
2151
2152 r = config_parse_timeout_abort(unit, filename, line, section, section_line, lvalue, ltype, rvalue,
2153 &s->timeout_abort_usec, s);
2154 if (r >= 0)
2155 s->timeout_abort_set = r;
2156 return 0;
2157 }
2158
2159 int config_parse_sec_fix_0(
2160 const char *unit,
2161 const char *filename,
2162 unsigned line,
2163 const char *section,
2164 unsigned section_line,
2165 const char *lvalue,
2166 int ltype,
2167 const char *rvalue,
2168 void *data,
2169 void *userdata) {
2170
2171 usec_t *usec = data;
2172 int r;
2173
2174 assert(filename);
2175 assert(lvalue);
2176 assert(rvalue);
2177 assert(usec);
2178
2179 /* This is pretty much like config_parse_sec(), except that this treats a time of 0 as infinity, for
2180 * compatibility with older versions of systemd where 0 instead of infinity was used as indicator to turn off a
2181 * timeout. */
2182
2183 r = parse_sec_fix_0(rvalue, usec);
2184 if (r < 0) {
2185 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s= parameter, ignoring: %s", lvalue, rvalue);
2186 return 0;
2187 }
2188
2189 return 0;
2190 }
2191
2192 int config_parse_user_group_compat(
2193 const char *unit,
2194 const char *filename,
2195 unsigned line,
2196 const char *section,
2197 unsigned section_line,
2198 const char *lvalue,
2199 int ltype,
2200 const char *rvalue,
2201 void *data,
2202 void *userdata) {
2203
2204 _cleanup_free_ char *k = NULL;
2205 char **user = data;
2206 const Unit *u = userdata;
2207 int r;
2208
2209 assert(filename);
2210 assert(lvalue);
2211 assert(rvalue);
2212 assert(u);
2213
2214 if (isempty(rvalue)) {
2215 *user = mfree(*user);
2216 return 0;
2217 }
2218
2219 r = unit_full_printf(u, rvalue, &k);
2220 if (r < 0) {
2221 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", rvalue);
2222 return -ENOEXEC;
2223 }
2224
2225 if (!valid_user_group_name(k, VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX|VALID_USER_WARN)) {
2226 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
2227 return -ENOEXEC;
2228 }
2229
2230 return free_and_replace(*user, k);
2231 }
2232
2233 int config_parse_user_group_strv_compat(
2234 const char *unit,
2235 const char *filename,
2236 unsigned line,
2237 const char *section,
2238 unsigned section_line,
2239 const char *lvalue,
2240 int ltype,
2241 const char *rvalue,
2242 void *data,
2243 void *userdata) {
2244
2245 char ***users = data;
2246 const Unit *u = userdata;
2247 const char *p = rvalue;
2248 int r;
2249
2250 assert(filename);
2251 assert(lvalue);
2252 assert(rvalue);
2253 assert(u);
2254
2255 if (isempty(rvalue)) {
2256 *users = strv_free(*users);
2257 return 0;
2258 }
2259
2260 for (;;) {
2261 _cleanup_free_ char *word = NULL, *k = NULL;
2262
2263 r = extract_first_word(&p, &word, NULL, 0);
2264 if (r == 0)
2265 break;
2266 if (r == -ENOMEM)
2267 return log_oom();
2268 if (r < 0) {
2269 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax: %s", rvalue);
2270 return -ENOEXEC;
2271 }
2272
2273 r = unit_full_printf(u, word, &k);
2274 if (r < 0) {
2275 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", word);
2276 return -ENOEXEC;
2277 }
2278
2279 if (!valid_user_group_name(k, VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX|VALID_USER_WARN)) {
2280 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
2281 return -ENOEXEC;
2282 }
2283
2284 r = strv_push(users, k);
2285 if (r < 0)
2286 return log_oom();
2287
2288 k = NULL;
2289 }
2290
2291 return 0;
2292 }
2293
2294 int config_parse_working_directory(
2295 const char *unit,
2296 const char *filename,
2297 unsigned line,
2298 const char *section,
2299 unsigned section_line,
2300 const char *lvalue,
2301 int ltype,
2302 const char *rvalue,
2303 void *data,
2304 void *userdata) {
2305
2306 ExecContext *c = data;
2307 const Unit *u = userdata;
2308 bool missing_ok;
2309 int r;
2310
2311 assert(filename);
2312 assert(lvalue);
2313 assert(rvalue);
2314 assert(c);
2315 assert(u);
2316
2317 if (isempty(rvalue)) {
2318 c->working_directory_home = false;
2319 c->working_directory = mfree(c->working_directory);
2320 return 0;
2321 }
2322
2323 if (rvalue[0] == '-') {
2324 missing_ok = true;
2325 rvalue++;
2326 } else
2327 missing_ok = false;
2328
2329 if (streq(rvalue, "~")) {
2330 c->working_directory_home = true;
2331 c->working_directory = mfree(c->working_directory);
2332 } else {
2333 _cleanup_free_ char *k = NULL;
2334
2335 r = unit_full_printf(u, rvalue, &k);
2336 if (r < 0) {
2337 log_syntax(unit, LOG_ERR, filename, line, r,
2338 "Failed to resolve unit specifiers in working directory path '%s'%s: %m",
2339 rvalue, missing_ok ? ", ignoring" : "");
2340 return missing_ok ? 0 : -ENOEXEC;
2341 }
2342
2343 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE | (missing_ok ? 0 : PATH_CHECK_FATAL), unit, filename, line, lvalue);
2344 if (r < 0)
2345 return missing_ok ? 0 : -ENOEXEC;
2346
2347 c->working_directory_home = false;
2348 free_and_replace(c->working_directory, k);
2349 }
2350
2351 c->working_directory_missing_ok = missing_ok;
2352 return 0;
2353 }
2354
2355 int config_parse_unit_env_file(const char *unit,
2356 const char *filename,
2357 unsigned line,
2358 const char *section,
2359 unsigned section_line,
2360 const char *lvalue,
2361 int ltype,
2362 const char *rvalue,
2363 void *data,
2364 void *userdata) {
2365
2366 char ***env = data;
2367 const Unit *u = userdata;
2368 _cleanup_free_ char *n = NULL;
2369 int r;
2370
2371 assert(filename);
2372 assert(lvalue);
2373 assert(rvalue);
2374 assert(data);
2375
2376 if (isempty(rvalue)) {
2377 /* Empty assignment frees the list */
2378 *env = strv_free(*env);
2379 return 0;
2380 }
2381
2382 r = unit_full_printf(u, rvalue, &n);
2383 if (r < 0) {
2384 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
2385 return 0;
2386 }
2387
2388 r = path_simplify_and_warn(n[0] == '-' ? n + 1 : n, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2389 if (r < 0)
2390 return 0;
2391
2392 r = strv_push(env, n);
2393 if (r < 0)
2394 return log_oom();
2395
2396 n = NULL;
2397
2398 return 0;
2399 }
2400
2401 int config_parse_environ(
2402 const char *unit,
2403 const char *filename,
2404 unsigned line,
2405 const char *section,
2406 unsigned section_line,
2407 const char *lvalue,
2408 int ltype,
2409 const char *rvalue,
2410 void *data,
2411 void *userdata) {
2412
2413 const Unit *u = userdata;
2414 char ***env = data;
2415 const char *p;
2416 int r;
2417
2418 assert(filename);
2419 assert(lvalue);
2420 assert(rvalue);
2421 assert(data);
2422
2423 if (isempty(rvalue)) {
2424 /* Empty assignment resets the list */
2425 *env = strv_free(*env);
2426 return 0;
2427 }
2428
2429 for (p = rvalue;; ) {
2430 _cleanup_free_ char *word = NULL, *k = NULL;
2431
2432 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
2433 if (r == 0)
2434 return 0;
2435 if (r == -ENOMEM)
2436 return log_oom();
2437 if (r < 0) {
2438 log_syntax(unit, LOG_WARNING, filename, line, r,
2439 "Invalid syntax, ignoring: %s", rvalue);
2440 return 0;
2441 }
2442
2443 if (u) {
2444 r = unit_full_printf(u, word, &k);
2445 if (r < 0) {
2446 log_syntax(unit, LOG_ERR, filename, line, r,
2447 "Failed to resolve unit specifiers in %s, ignoring: %m", word);
2448 continue;
2449 }
2450 } else
2451 k = TAKE_PTR(word);
2452
2453 if (!env_assignment_is_valid(k)) {
2454 log_syntax(unit, LOG_ERR, filename, line, 0,
2455 "Invalid environment assignment, ignoring: %s", k);
2456 continue;
2457 }
2458
2459 r = strv_env_replace(env, k);
2460 if (r < 0)
2461 return log_oom();
2462
2463 k = NULL;
2464 }
2465 }
2466
2467 int config_parse_pass_environ(
2468 const char *unit,
2469 const char *filename,
2470 unsigned line,
2471 const char *section,
2472 unsigned section_line,
2473 const char *lvalue,
2474 int ltype,
2475 const char *rvalue,
2476 void *data,
2477 void *userdata) {
2478
2479 _cleanup_strv_free_ char **n = NULL;
2480 size_t nlen = 0, nbufsize = 0;
2481 char*** passenv = data;
2482 const char *p = rvalue;
2483 const Unit *u = userdata;
2484 int r;
2485
2486 assert(filename);
2487 assert(lvalue);
2488 assert(rvalue);
2489 assert(data);
2490
2491 if (isempty(rvalue)) {
2492 /* Empty assignment resets the list */
2493 *passenv = strv_free(*passenv);
2494 return 0;
2495 }
2496
2497 for (;;) {
2498 _cleanup_free_ char *word = NULL, *k = NULL;
2499
2500 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
2501 if (r == 0)
2502 break;
2503 if (r == -ENOMEM)
2504 return log_oom();
2505 if (r < 0) {
2506 log_syntax(unit, LOG_ERR, filename, line, r,
2507 "Trailing garbage in %s, ignoring: %s", lvalue, rvalue);
2508 break;
2509 }
2510
2511 if (u) {
2512 r = unit_full_printf(u, word, &k);
2513 if (r < 0) {
2514 log_syntax(unit, LOG_ERR, filename, line, r,
2515 "Failed to resolve specifiers in %s, ignoring: %m", word);
2516 continue;
2517 }
2518 } else
2519 k = TAKE_PTR(word);
2520
2521 if (!env_name_is_valid(k)) {
2522 log_syntax(unit, LOG_ERR, filename, line, 0,
2523 "Invalid environment name for %s, ignoring: %s", lvalue, k);
2524 continue;
2525 }
2526
2527 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
2528 return log_oom();
2529
2530 n[nlen++] = TAKE_PTR(k);
2531 n[nlen] = NULL;
2532 }
2533
2534 if (n) {
2535 r = strv_extend_strv(passenv, n, true);
2536 if (r < 0)
2537 return r;
2538 }
2539
2540 return 0;
2541 }
2542
2543 int config_parse_unset_environ(
2544 const char *unit,
2545 const char *filename,
2546 unsigned line,
2547 const char *section,
2548 unsigned section_line,
2549 const char *lvalue,
2550 int ltype,
2551 const char *rvalue,
2552 void *data,
2553 void *userdata) {
2554
2555 _cleanup_strv_free_ char **n = NULL;
2556 size_t nlen = 0, nbufsize = 0;
2557 char*** unsetenv = data;
2558 const char *p = rvalue;
2559 const Unit *u = userdata;
2560 int r;
2561
2562 assert(filename);
2563 assert(lvalue);
2564 assert(rvalue);
2565 assert(data);
2566
2567 if (isempty(rvalue)) {
2568 /* Empty assignment resets the list */
2569 *unsetenv = strv_free(*unsetenv);
2570 return 0;
2571 }
2572
2573 for (;;) {
2574 _cleanup_free_ char *word = NULL, *k = NULL;
2575
2576 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
2577 if (r == 0)
2578 break;
2579 if (r == -ENOMEM)
2580 return log_oom();
2581 if (r < 0) {
2582 log_syntax(unit, LOG_ERR, filename, line, r,
2583 "Trailing garbage in %s, ignoring: %s", lvalue, rvalue);
2584 break;
2585 }
2586
2587 if (u) {
2588 r = unit_full_printf(u, word, &k);
2589 if (r < 0) {
2590 log_syntax(unit, LOG_ERR, filename, line, r,
2591 "Failed to resolve unit specifiers in %s, ignoring: %m", word);
2592 continue;
2593 }
2594 } else
2595 k = TAKE_PTR(word);
2596
2597 if (!env_assignment_is_valid(k) && !env_name_is_valid(k)) {
2598 log_syntax(unit, LOG_ERR, filename, line, 0,
2599 "Invalid environment name or assignment %s, ignoring: %s", lvalue, k);
2600 continue;
2601 }
2602
2603 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
2604 return log_oom();
2605
2606 n[nlen++] = TAKE_PTR(k);
2607 n[nlen] = NULL;
2608 }
2609
2610 if (n) {
2611 r = strv_extend_strv(unsetenv, n, true);
2612 if (r < 0)
2613 return r;
2614 }
2615
2616 return 0;
2617 }
2618
2619 int config_parse_log_extra_fields(
2620 const char *unit,
2621 const char *filename,
2622 unsigned line,
2623 const char *section,
2624 unsigned section_line,
2625 const char *lvalue,
2626 int ltype,
2627 const char *rvalue,
2628 void *data,
2629 void *userdata) {
2630
2631 ExecContext *c = data;
2632 const Unit *u = userdata;
2633 const char *p = rvalue;
2634 int r;
2635
2636 assert(filename);
2637 assert(lvalue);
2638 assert(rvalue);
2639 assert(c);
2640
2641 if (isempty(rvalue)) {
2642 exec_context_free_log_extra_fields(c);
2643 return 0;
2644 }
2645
2646 for (;;) {
2647 _cleanup_free_ char *word = NULL, *k = NULL;
2648 struct iovec *t;
2649 const char *eq;
2650
2651 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
2652 if (r == 0)
2653 return 0;
2654 if (r == -ENOMEM)
2655 return log_oom();
2656 if (r < 0) {
2657 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
2658 return 0;
2659 }
2660
2661 r = unit_full_printf(u, word, &k);
2662 if (r < 0) {
2663 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", word);
2664 continue;
2665 }
2666
2667 eq = strchr(k, '=');
2668 if (!eq) {
2669 log_syntax(unit, LOG_ERR, filename, line, 0, "Log field lacks '=' character, ignoring: %s", k);
2670 continue;
2671 }
2672
2673 if (!journal_field_valid(k, eq-k, false)) {
2674 log_syntax(unit, LOG_ERR, filename, line, 0, "Log field name is invalid, ignoring: %s", k);
2675 continue;
2676 }
2677
2678 t = reallocarray(c->log_extra_fields, c->n_log_extra_fields+1, sizeof(struct iovec));
2679 if (!t)
2680 return log_oom();
2681
2682 c->log_extra_fields = t;
2683 c->log_extra_fields[c->n_log_extra_fields++] = IOVEC_MAKE_STRING(k);
2684
2685 k = NULL;
2686 }
2687 }
2688
2689 int config_parse_log_namespace(
2690 const char *unit,
2691 const char *filename,
2692 unsigned line,
2693 const char *section,
2694 unsigned section_line,
2695 const char *lvalue,
2696 int ltype,
2697 const char *rvalue,
2698 void *data,
2699 void *userdata) {
2700
2701 _cleanup_free_ char *k = NULL;
2702 ExecContext *c = data;
2703 const Unit *u = userdata;
2704 int r;
2705
2706 assert(filename);
2707 assert(lvalue);
2708 assert(rvalue);
2709 assert(c);
2710
2711 if (isempty(rvalue)) {
2712 c->log_namespace = mfree(c->log_namespace);
2713 return 0;
2714 }
2715
2716 r = unit_full_printf(u, rvalue, &k);
2717 if (r < 0) {
2718 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2719 return 0;
2720 }
2721
2722 if (!log_namespace_name_valid(k)) {
2723 log_syntax(unit, LOG_ERR, filename, line, SYNTHETIC_ERRNO(EINVAL), "Specified log namespace name is not valid: %s", k);
2724 return 0;
2725 }
2726
2727 free_and_replace(c->log_namespace, k);
2728 return 0;
2729 }
2730
2731 int config_parse_unit_condition_path(
2732 const char *unit,
2733 const char *filename,
2734 unsigned line,
2735 const char *section,
2736 unsigned section_line,
2737 const char *lvalue,
2738 int ltype,
2739 const char *rvalue,
2740 void *data,
2741 void *userdata) {
2742
2743 _cleanup_free_ char *p = NULL;
2744 Condition **list = data, *c;
2745 ConditionType t = ltype;
2746 bool trigger, negate;
2747 const Unit *u = userdata;
2748 int r;
2749
2750 assert(filename);
2751 assert(lvalue);
2752 assert(rvalue);
2753 assert(data);
2754
2755 if (isempty(rvalue)) {
2756 /* Empty assignment resets the list */
2757 *list = condition_free_list(*list);
2758 return 0;
2759 }
2760
2761 trigger = rvalue[0] == '|';
2762 if (trigger)
2763 rvalue++;
2764
2765 negate = rvalue[0] == '!';
2766 if (negate)
2767 rvalue++;
2768
2769 r = unit_full_printf(u, rvalue, &p);
2770 if (r < 0) {
2771 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2772 return 0;
2773 }
2774
2775 r = path_simplify_and_warn(p, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2776 if (r < 0)
2777 return 0;
2778
2779 c = condition_new(t, p, trigger, negate);
2780 if (!c)
2781 return log_oom();
2782
2783 LIST_PREPEND(conditions, *list, c);
2784 return 0;
2785 }
2786
2787 int config_parse_unit_condition_string(
2788 const char *unit,
2789 const char *filename,
2790 unsigned line,
2791 const char *section,
2792 unsigned section_line,
2793 const char *lvalue,
2794 int ltype,
2795 const char *rvalue,
2796 void *data,
2797 void *userdata) {
2798
2799 _cleanup_free_ char *s = NULL;
2800 Condition **list = data, *c;
2801 ConditionType t = ltype;
2802 bool trigger, negate;
2803 const Unit *u = userdata;
2804 int r;
2805
2806 assert(filename);
2807 assert(lvalue);
2808 assert(rvalue);
2809 assert(data);
2810
2811 if (isempty(rvalue)) {
2812 /* Empty assignment resets the list */
2813 *list = condition_free_list(*list);
2814 return 0;
2815 }
2816
2817 trigger = *rvalue == '|';
2818 if (trigger)
2819 rvalue += 1 + strspn(rvalue + 1, WHITESPACE);
2820
2821 negate = *rvalue == '!';
2822 if (negate)
2823 rvalue += 1 + strspn(rvalue + 1, WHITESPACE);
2824
2825 r = unit_full_printf(u, rvalue, &s);
2826 if (r < 0) {
2827 log_syntax(unit, LOG_ERR, filename, line, r,
2828 "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
2829 return 0;
2830 }
2831
2832 c = condition_new(t, s, trigger, negate);
2833 if (!c)
2834 return log_oom();
2835
2836 LIST_PREPEND(conditions, *list, c);
2837 return 0;
2838 }
2839
2840 int config_parse_unit_condition_null(
2841 const char *unit,
2842 const char *filename,
2843 unsigned line,
2844 const char *section,
2845 unsigned section_line,
2846 const char *lvalue,
2847 int ltype,
2848 const char *rvalue,
2849 void *data,
2850 void *userdata) {
2851
2852 Condition **list = data, *c;
2853 bool trigger, negate;
2854 int b;
2855
2856 assert(filename);
2857 assert(lvalue);
2858 assert(rvalue);
2859 assert(data);
2860
2861 log_syntax(unit, LOG_WARNING, filename, line, 0, "%s= is deprecated, please do not use.", lvalue);
2862
2863 if (isempty(rvalue)) {
2864 /* Empty assignment resets the list */
2865 *list = condition_free_list(*list);
2866 return 0;
2867 }
2868
2869 trigger = rvalue[0] == '|';
2870 if (trigger)
2871 rvalue++;
2872
2873 negate = rvalue[0] == '!';
2874 if (negate)
2875 rvalue++;
2876
2877 b = parse_boolean(rvalue);
2878 if (b < 0) {
2879 log_syntax(unit, LOG_ERR, filename, line, b, "Failed to parse boolean value in condition, ignoring: %s", rvalue);
2880 return 0;
2881 }
2882
2883 if (!b)
2884 negate = !negate;
2885
2886 c = condition_new(CONDITION_NULL, NULL, trigger, negate);
2887 if (!c)
2888 return log_oom();
2889
2890 LIST_PREPEND(conditions, *list, c);
2891 return 0;
2892 }
2893
2894 int config_parse_unit_requires_mounts_for(
2895 const char *unit,
2896 const char *filename,
2897 unsigned line,
2898 const char *section,
2899 unsigned section_line,
2900 const char *lvalue,
2901 int ltype,
2902 const char *rvalue,
2903 void *data,
2904 void *userdata) {
2905
2906 const char *p = rvalue;
2907 Unit *u = userdata;
2908 int r;
2909
2910 assert(filename);
2911 assert(lvalue);
2912 assert(rvalue);
2913 assert(data);
2914
2915 for (;;) {
2916 _cleanup_free_ char *word = NULL, *resolved = NULL;
2917
2918 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
2919 if (r == 0)
2920 return 0;
2921 if (r == -ENOMEM)
2922 return log_oom();
2923 if (r < 0) {
2924 log_syntax(unit, LOG_WARNING, filename, line, r,
2925 "Invalid syntax, ignoring: %s", rvalue);
2926 return 0;
2927 }
2928
2929 r = unit_full_printf(u, word, &resolved);
2930 if (r < 0) {
2931 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
2932 continue;
2933 }
2934
2935 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2936 if (r < 0)
2937 continue;
2938
2939 r = unit_require_mounts_for(u, resolved, UNIT_DEPENDENCY_FILE);
2940 if (r < 0) {
2941 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add required mount '%s', ignoring: %m", resolved);
2942 continue;
2943 }
2944 }
2945 }
2946
2947 int config_parse_documentation(const char *unit,
2948 const char *filename,
2949 unsigned line,
2950 const char *section,
2951 unsigned section_line,
2952 const char *lvalue,
2953 int ltype,
2954 const char *rvalue,
2955 void *data,
2956 void *userdata) {
2957
2958 Unit *u = userdata;
2959 int r;
2960 char **a, **b;
2961
2962 assert(filename);
2963 assert(lvalue);
2964 assert(rvalue);
2965 assert(u);
2966
2967 if (isempty(rvalue)) {
2968 /* Empty assignment resets the list */
2969 u->documentation = strv_free(u->documentation);
2970 return 0;
2971 }
2972
2973 r = config_parse_unit_strv_printf(unit, filename, line, section, section_line, lvalue, ltype,
2974 rvalue, data, userdata);
2975 if (r < 0)
2976 return r;
2977
2978 for (a = b = u->documentation; a && *a; a++) {
2979
2980 if (documentation_url_is_valid(*a))
2981 *(b++) = *a;
2982 else {
2983 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid URL, ignoring: %s", *a);
2984 free(*a);
2985 }
2986 }
2987 if (b)
2988 *b = NULL;
2989
2990 return r;
2991 }
2992
2993 #if HAVE_SECCOMP
2994 int config_parse_syscall_filter(
2995 const char *unit,
2996 const char *filename,
2997 unsigned line,
2998 const char *section,
2999 unsigned section_line,
3000 const char *lvalue,
3001 int ltype,
3002 const char *rvalue,
3003 void *data,
3004 void *userdata) {
3005
3006 ExecContext *c = data;
3007 _unused_ const Unit *u = userdata;
3008 bool invert = false;
3009 const char *p;
3010 int r;
3011
3012 assert(filename);
3013 assert(lvalue);
3014 assert(rvalue);
3015 assert(u);
3016
3017 if (isempty(rvalue)) {
3018 /* Empty assignment resets the list */
3019 c->syscall_filter = hashmap_free(c->syscall_filter);
3020 c->syscall_whitelist = false;
3021 return 0;
3022 }
3023
3024 if (rvalue[0] == '~') {
3025 invert = true;
3026 rvalue++;
3027 }
3028
3029 if (!c->syscall_filter) {
3030 c->syscall_filter = hashmap_new(NULL);
3031 if (!c->syscall_filter)
3032 return log_oom();
3033
3034 if (invert)
3035 /* Allow everything but the ones listed */
3036 c->syscall_whitelist = false;
3037 else {
3038 /* Allow nothing but the ones listed */
3039 c->syscall_whitelist = true;
3040
3041 /* Accept default syscalls if we are on a whitelist */
3042 r = seccomp_parse_syscall_filter(
3043 "@default", -1, c->syscall_filter,
3044 SECCOMP_PARSE_PERMISSIVE|SECCOMP_PARSE_WHITELIST,
3045 unit,
3046 NULL, 0);
3047 if (r < 0)
3048 return r;
3049 }
3050 }
3051
3052 p = rvalue;
3053 for (;;) {
3054 _cleanup_free_ char *word = NULL, *name = NULL;
3055 int num;
3056
3057 r = extract_first_word(&p, &word, NULL, 0);
3058 if (r == 0)
3059 return 0;
3060 if (r == -ENOMEM)
3061 return log_oom();
3062 if (r < 0) {
3063 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
3064 return 0;
3065 }
3066
3067 r = parse_syscall_and_errno(word, &name, &num);
3068 if (r < 0) {
3069 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse syscall:errno, ignoring: %s", word);
3070 continue;
3071 }
3072
3073 r = seccomp_parse_syscall_filter(
3074 name, num, c->syscall_filter,
3075 SECCOMP_PARSE_LOG|SECCOMP_PARSE_PERMISSIVE|
3076 (invert ? SECCOMP_PARSE_INVERT : 0)|
3077 (c->syscall_whitelist ? SECCOMP_PARSE_WHITELIST : 0),
3078 unit, filename, line);
3079 if (r < 0)
3080 return r;
3081 }
3082 }
3083
3084 int config_parse_syscall_archs(
3085 const char *unit,
3086 const char *filename,
3087 unsigned line,
3088 const char *section,
3089 unsigned section_line,
3090 const char *lvalue,
3091 int ltype,
3092 const char *rvalue,
3093 void *data,
3094 void *userdata) {
3095
3096 const char *p = rvalue;
3097 Set **archs = data;
3098 int r;
3099
3100 if (isempty(rvalue)) {
3101 *archs = set_free(*archs);
3102 return 0;
3103 }
3104
3105 r = set_ensure_allocated(archs, NULL);
3106 if (r < 0)
3107 return log_oom();
3108
3109 for (;;) {
3110 _cleanup_free_ char *word = NULL;
3111 uint32_t a;
3112
3113 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
3114 if (r == 0)
3115 return 0;
3116 if (r == -ENOMEM)
3117 return log_oom();
3118 if (r < 0) {
3119 log_syntax(unit, LOG_WARNING, filename, line, r,
3120 "Invalid syntax, ignoring: %s", rvalue);
3121 return 0;
3122 }
3123
3124 r = seccomp_arch_from_string(word, &a);
3125 if (r < 0) {
3126 log_syntax(unit, LOG_ERR, filename, line, r,
3127 "Failed to parse system call architecture \"%s\", ignoring: %m", word);
3128 continue;
3129 }
3130
3131 r = set_put(*archs, UINT32_TO_PTR(a + 1));
3132 if (r < 0)
3133 return log_oom();
3134 }
3135 }
3136
3137 int config_parse_syscall_errno(
3138 const char *unit,
3139 const char *filename,
3140 unsigned line,
3141 const char *section,
3142 unsigned section_line,
3143 const char *lvalue,
3144 int ltype,
3145 const char *rvalue,
3146 void *data,
3147 void *userdata) {
3148
3149 ExecContext *c = data;
3150 int e;
3151
3152 assert(filename);
3153 assert(lvalue);
3154 assert(rvalue);
3155
3156 if (isempty(rvalue)) {
3157 /* Empty assignment resets to KILL */
3158 c->syscall_errno = 0;
3159 return 0;
3160 }
3161
3162 e = parse_errno(rvalue);
3163 if (e <= 0) {
3164 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse error number, ignoring: %s", rvalue);
3165 return 0;
3166 }
3167
3168 c->syscall_errno = e;
3169 return 0;
3170 }
3171
3172 int config_parse_address_families(
3173 const char *unit,
3174 const char *filename,
3175 unsigned line,
3176 const char *section,
3177 unsigned section_line,
3178 const char *lvalue,
3179 int ltype,
3180 const char *rvalue,
3181 void *data,
3182 void *userdata) {
3183
3184 ExecContext *c = data;
3185 bool invert = false;
3186 const char *p;
3187 int r;
3188
3189 assert(filename);
3190 assert(lvalue);
3191 assert(rvalue);
3192
3193 if (isempty(rvalue)) {
3194 /* Empty assignment resets the list */
3195 c->address_families = set_free(c->address_families);
3196 c->address_families_whitelist = false;
3197 return 0;
3198 }
3199
3200 if (rvalue[0] == '~') {
3201 invert = true;
3202 rvalue++;
3203 }
3204
3205 if (!c->address_families) {
3206 c->address_families = set_new(NULL);
3207 if (!c->address_families)
3208 return log_oom();
3209
3210 c->address_families_whitelist = !invert;
3211 }
3212
3213 for (p = rvalue;;) {
3214 _cleanup_free_ char *word = NULL;
3215 int af;
3216
3217 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
3218 if (r == 0)
3219 return 0;
3220 if (r == -ENOMEM)
3221 return log_oom();
3222 if (r < 0) {
3223 log_syntax(unit, LOG_WARNING, filename, line, r,
3224 "Invalid syntax, ignoring: %s", rvalue);
3225 return 0;
3226 }
3227
3228 af = af_from_name(word);
3229 if (af < 0) {
3230 log_syntax(unit, LOG_ERR, filename, line, af,
3231 "Failed to parse address family, ignoring: %s", word);
3232 continue;
3233 }
3234
3235 /* If we previously wanted to forbid an address family and now
3236 * we want to allow it, then just remove it from the list.
3237 */
3238 if (!invert == c->address_families_whitelist) {
3239 r = set_put(c->address_families, INT_TO_PTR(af));
3240 if (r < 0)
3241 return log_oom();
3242 } else
3243 set_remove(c->address_families, INT_TO_PTR(af));
3244 }
3245 }
3246
3247 int config_parse_restrict_namespaces(
3248 const char *unit,
3249 const char *filename,
3250 unsigned line,
3251 const char *section,
3252 unsigned section_line,
3253 const char *lvalue,
3254 int ltype,
3255 const char *rvalue,
3256 void *data,
3257 void *userdata) {
3258
3259 ExecContext *c = data;
3260 unsigned long flags;
3261 bool invert = false;
3262 int r;
3263
3264 if (isempty(rvalue)) {
3265 /* Reset to the default. */
3266 c->restrict_namespaces = NAMESPACE_FLAGS_INITIAL;
3267 return 0;
3268 }
3269
3270 /* Boolean parameter ignores the previous settings */
3271 r = parse_boolean(rvalue);
3272 if (r > 0) {
3273 c->restrict_namespaces = 0;
3274 return 0;
3275 } else if (r == 0) {
3276 c->restrict_namespaces = NAMESPACE_FLAGS_ALL;
3277 return 0;
3278 }
3279
3280 if (rvalue[0] == '~') {
3281 invert = true;
3282 rvalue++;
3283 }
3284
3285 /* Not a boolean argument, in this case it's a list of namespace types. */
3286 r = namespace_flags_from_string(rvalue, &flags);
3287 if (r < 0) {
3288 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse namespace type string, ignoring: %s", rvalue);
3289 return 0;
3290 }
3291
3292 if (c->restrict_namespaces == NAMESPACE_FLAGS_INITIAL)
3293 /* Initial assignment. Just set the value. */
3294 c->restrict_namespaces = invert ? (~flags) & NAMESPACE_FLAGS_ALL : flags;
3295 else
3296 /* Merge the value with the previous one. */
3297 SET_FLAG(c->restrict_namespaces, flags, !invert);
3298
3299 return 0;
3300 }
3301 #endif
3302
3303 int config_parse_unit_slice(
3304 const char *unit,
3305 const char *filename,
3306 unsigned line,
3307 const char *section,
3308 unsigned section_line,
3309 const char *lvalue,
3310 int ltype,
3311 const char *rvalue,
3312 void *data,
3313 void *userdata) {
3314
3315 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
3316 _cleanup_free_ char *k = NULL;
3317 Unit *u = userdata, *slice;
3318 int r;
3319
3320 assert(filename);
3321 assert(lvalue);
3322 assert(rvalue);
3323 assert(u);
3324
3325 r = unit_name_printf(u, rvalue, &k);
3326 if (r < 0) {
3327 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
3328 return 0;
3329 }
3330
3331 r = manager_load_unit(u->manager, k, NULL, &error, &slice);
3332 if (r < 0) {
3333 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to load slice unit %s, ignoring: %s", k, bus_error_message(&error, r));
3334 return 0;
3335 }
3336
3337 r = unit_set_slice(u, slice);
3338 if (r < 0) {
3339 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to assign slice %s to unit %s, ignoring: %m", slice->id, u->id);
3340 return 0;
3341 }
3342
3343 return 0;
3344 }
3345
3346 int config_parse_cpu_quota(
3347 const char *unit,
3348 const char *filename,
3349 unsigned line,
3350 const char *section,
3351 unsigned section_line,
3352 const char *lvalue,
3353 int ltype,
3354 const char *rvalue,
3355 void *data,
3356 void *userdata) {
3357
3358 CGroupContext *c = data;
3359 int r;
3360
3361 assert(filename);
3362 assert(lvalue);
3363 assert(rvalue);
3364
3365 if (isempty(rvalue)) {
3366 c->cpu_quota_per_sec_usec = USEC_INFINITY;
3367 return 0;
3368 }
3369
3370 r = parse_permille_unbounded(rvalue);
3371 if (r <= 0) {
3372 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid CPU quota '%s', ignoring.", rvalue);
3373 return 0;
3374 }
3375
3376 c->cpu_quota_per_sec_usec = ((usec_t) r * USEC_PER_SEC) / 1000U;
3377 return 0;
3378 }
3379
3380 int config_parse_allowed_cpus(
3381 const char *unit,
3382 const char *filename,
3383 unsigned line,
3384 const char *section,
3385 unsigned section_line,
3386 const char *lvalue,
3387 int ltype,
3388 const char *rvalue,
3389 void *data,
3390 void *userdata) {
3391
3392 CGroupContext *c = data;
3393
3394 (void) parse_cpu_set_extend(rvalue, &c->cpuset_cpus, true, unit, filename, line, lvalue);
3395
3396 return 0;
3397 }
3398
3399 int config_parse_allowed_mems(
3400 const char *unit,
3401 const char *filename,
3402 unsigned line,
3403 const char *section,
3404 unsigned section_line,
3405 const char *lvalue,
3406 int ltype,
3407 const char *rvalue,
3408 void *data,
3409 void *userdata) {
3410
3411 CGroupContext *c = data;
3412
3413 (void) parse_cpu_set_extend(rvalue, &c->cpuset_mems, true, unit, filename, line, lvalue);
3414
3415 return 0;
3416 }
3417
3418 int config_parse_memory_limit(
3419 const char *unit,
3420 const char *filename,
3421 unsigned line,
3422 const char *section,
3423 unsigned section_line,
3424 const char *lvalue,
3425 int ltype,
3426 const char *rvalue,
3427 void *data,
3428 void *userdata) {
3429
3430 CGroupContext *c = data;
3431 uint64_t bytes = CGROUP_LIMIT_MAX;
3432 int r;
3433
3434 if (STR_IN_SET(lvalue, "DefaultMemoryLow",
3435 "DefaultMemoryMin",
3436 "MemoryLow",
3437 "MemoryMin"))
3438 bytes = CGROUP_LIMIT_MIN;
3439
3440 if (!isempty(rvalue) && !streq(rvalue, "infinity")) {
3441
3442 r = parse_permille(rvalue);
3443 if (r < 0) {
3444 r = parse_size(rvalue, 1024, &bytes);
3445 if (r < 0) {
3446 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid memory limit '%s', ignoring: %m", rvalue);
3447 return 0;
3448 }
3449 } else
3450 bytes = physical_memory_scale(r, 1000U);
3451
3452 if (bytes >= UINT64_MAX ||
3453 (bytes <= 0 && !STR_IN_SET(lvalue, "MemorySwapMax", "MemoryLow", "MemoryMin", "DefaultMemoryLow", "DefaultMemoryMin"))) {
3454 log_syntax(unit, LOG_ERR, filename, line, 0, "Memory limit '%s' out of range, ignoring.", rvalue);
3455 return 0;
3456 }
3457 }
3458
3459 if (streq(lvalue, "DefaultMemoryLow")) {
3460 c->default_memory_low = bytes;
3461 c->default_memory_low_set = true;
3462 } else if (streq(lvalue, "DefaultMemoryMin")) {
3463 c->default_memory_min = bytes;
3464 c->default_memory_min_set = true;
3465 } else if (streq(lvalue, "MemoryMin")) {
3466 c->memory_min = bytes;
3467 c->memory_min_set = true;
3468 } else if (streq(lvalue, "MemoryLow")) {
3469 c->memory_low = bytes;
3470 c->memory_low_set = true;
3471 } else if (streq(lvalue, "MemoryHigh"))
3472 c->memory_high = bytes;
3473 else if (streq(lvalue, "MemoryMax"))
3474 c->memory_max = bytes;
3475 else if (streq(lvalue, "MemorySwapMax"))
3476 c->memory_swap_max = bytes;
3477 else if (streq(lvalue, "MemoryLimit"))
3478 c->memory_limit = bytes;
3479 else
3480 return -EINVAL;
3481
3482 return 0;
3483 }
3484
3485 int config_parse_tasks_max(
3486 const char *unit,
3487 const char *filename,
3488 unsigned line,
3489 const char *section,
3490 unsigned section_line,
3491 const char *lvalue,
3492 int ltype,
3493 const char *rvalue,
3494 void *data,
3495 void *userdata) {
3496
3497 const Unit *u = userdata;
3498 TasksMax *tasks_max = data;
3499 uint64_t v;
3500 int r;
3501
3502 if (isempty(rvalue)) {
3503 *tasks_max = u ? u->manager->default_tasks_max : TASKS_MAX_UNSET;
3504 return 0;
3505 }
3506
3507 if (streq(rvalue, "infinity")) {
3508 *tasks_max = TASKS_MAX_UNSET;
3509 return 0;
3510 }
3511
3512 r = parse_permille(rvalue);
3513 if (r >= 0)
3514 *tasks_max = (TasksMax) { r, 1000U }; /* r‰ */
3515 else {
3516 r = safe_atou64(rvalue, &v);
3517 if (r < 0) {
3518 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid maximum tasks value '%s', ignoring: %m", rvalue);
3519 return 0;
3520 }
3521
3522 if (v <= 0 || v >= UINT64_MAX) {
3523 log_syntax(unit, LOG_ERR, filename, line, 0, "Maximum tasks value '%s' out of range, ignoring.", rvalue);
3524 return 0;
3525 }
3526
3527 *tasks_max = (TasksMax) { v };
3528 }
3529
3530 return 0;
3531 }
3532
3533 int config_parse_delegate(
3534 const char *unit,
3535 const char *filename,
3536 unsigned line,
3537 const char *section,
3538 unsigned section_line,
3539 const char *lvalue,
3540 int ltype,
3541 const char *rvalue,
3542 void *data,
3543 void *userdata) {
3544
3545 CGroupContext *c = data;
3546 UnitType t;
3547 int r;
3548
3549 t = unit_name_to_type(unit);
3550 assert(t != _UNIT_TYPE_INVALID);
3551
3552 if (!unit_vtable[t]->can_delegate) {
3553 log_syntax(unit, LOG_ERR, filename, line, 0, "Delegate= setting not supported for this unit type, ignoring.");
3554 return 0;
3555 }
3556
3557 /* We either accept a boolean value, which may be used to turn on delegation for all controllers, or turn it
3558 * off for all. Or it takes a list of controller names, in which case we add the specified controllers to the
3559 * mask to delegate. */
3560
3561 if (isempty(rvalue)) {
3562 /* An empty string resets controllers and set Delegate=yes. */
3563 c->delegate = true;
3564 c->delegate_controllers = 0;
3565 return 0;
3566 }
3567
3568 r = parse_boolean(rvalue);
3569 if (r < 0) {
3570 const char *p = rvalue;
3571 CGroupMask mask = 0;
3572
3573 for (;;) {
3574 _cleanup_free_ char *word = NULL;
3575 CGroupController cc;
3576
3577 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
3578 if (r == 0)
3579 break;
3580 if (r == -ENOMEM)
3581 return log_oom();
3582 if (r < 0) {
3583 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
3584 return 0;
3585 }
3586
3587 cc = cgroup_controller_from_string(word);
3588 if (cc < 0) {
3589 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid controller name '%s', ignoring", word);
3590 continue;
3591 }
3592
3593 mask |= CGROUP_CONTROLLER_TO_MASK(cc);
3594 }
3595
3596 c->delegate = true;
3597 c->delegate_controllers |= mask;
3598
3599 } else if (r > 0) {
3600 c->delegate = true;
3601 c->delegate_controllers = _CGROUP_MASK_ALL;
3602 } else {
3603 c->delegate = false;
3604 c->delegate_controllers = 0;
3605 }
3606
3607 return 0;
3608 }
3609
3610 int config_parse_device_allow(
3611 const char *unit,
3612 const char *filename,
3613 unsigned line,
3614 const char *section,
3615 unsigned section_line,
3616 const char *lvalue,
3617 int ltype,
3618 const char *rvalue,
3619 void *data,
3620 void *userdata) {
3621
3622 _cleanup_free_ char *path = NULL, *resolved = NULL;
3623 CGroupContext *c = data;
3624 const char *p = rvalue;
3625 int r;
3626
3627 if (isempty(rvalue)) {
3628 while (c->device_allow)
3629 cgroup_context_free_device_allow(c, c->device_allow);
3630
3631 return 0;
3632 }
3633
3634 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3635 if (r == -ENOMEM)
3636 return log_oom();
3637 if (r < 0) {
3638 log_syntax(unit, LOG_WARNING, filename, line, r,
3639 "Invalid syntax, ignoring: %s", rvalue);
3640 return 0;
3641 }
3642 if (r == 0) {
3643 log_syntax(unit, LOG_WARNING, filename, line, 0,
3644 "Failed to extract device path and rights from '%s', ignoring.", rvalue);
3645 return 0;
3646 }
3647
3648 r = unit_full_printf(userdata, path, &resolved);
3649 if (r < 0) {
3650 log_syntax(unit, LOG_WARNING, filename, line, r,
3651 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
3652 return 0;
3653 }
3654
3655 if (!STARTSWITH_SET(resolved, "block-", "char-")) {
3656
3657 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3658 if (r < 0)
3659 return 0;
3660
3661 if (!valid_device_node_path(resolved)) {
3662 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid device node path '%s', ignoring.", resolved);
3663 return 0;
3664 }
3665 }
3666
3667 if (!isempty(p) && !in_charset(p, "rwm")) {
3668 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid device rights '%s', ignoring.", p);
3669 return 0;
3670 }
3671
3672 return cgroup_add_device_allow(c, resolved, p);
3673 }
3674
3675 int config_parse_io_device_weight(
3676 const char *unit,
3677 const char *filename,
3678 unsigned line,
3679 const char *section,
3680 unsigned section_line,
3681 const char *lvalue,
3682 int ltype,
3683 const char *rvalue,
3684 void *data,
3685 void *userdata) {
3686
3687 _cleanup_free_ char *path = NULL, *resolved = NULL;
3688 CGroupIODeviceWeight *w;
3689 CGroupContext *c = data;
3690 const char *p = rvalue;
3691 uint64_t u;
3692 int r;
3693
3694 assert(filename);
3695 assert(lvalue);
3696 assert(rvalue);
3697
3698 if (isempty(rvalue)) {
3699 while (c->io_device_weights)
3700 cgroup_context_free_io_device_weight(c, c->io_device_weights);
3701
3702 return 0;
3703 }
3704
3705 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3706 if (r == -ENOMEM)
3707 return log_oom();
3708 if (r < 0) {
3709 log_syntax(unit, LOG_WARNING, filename, line, r,
3710 "Invalid syntax, ignoring: %s", rvalue);
3711 return 0;
3712 }
3713 if (r == 0 || isempty(p)) {
3714 log_syntax(unit, LOG_WARNING, filename, line, 0,
3715 "Failed to extract device path and weight from '%s', ignoring.", rvalue);
3716 return 0;
3717 }
3718
3719 r = unit_full_printf(userdata, path, &resolved);
3720 if (r < 0) {
3721 log_syntax(unit, LOG_WARNING, filename, line, r,
3722 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
3723 return 0;
3724 }
3725
3726 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3727 if (r < 0)
3728 return 0;
3729
3730 r = cg_weight_parse(p, &u);
3731 if (r < 0) {
3732 log_syntax(unit, LOG_ERR, filename, line, r, "IO weight '%s' invalid, ignoring: %m", p);
3733 return 0;
3734 }
3735
3736 assert(u != CGROUP_WEIGHT_INVALID);
3737
3738 w = new0(CGroupIODeviceWeight, 1);
3739 if (!w)
3740 return log_oom();
3741
3742 w->path = TAKE_PTR(resolved);
3743 w->weight = u;
3744
3745 LIST_PREPEND(device_weights, c->io_device_weights, w);
3746 return 0;
3747 }
3748
3749 int config_parse_io_device_latency(
3750 const char *unit,
3751 const char *filename,
3752 unsigned line,
3753 const char *section,
3754 unsigned section_line,
3755 const char *lvalue,
3756 int ltype,
3757 const char *rvalue,
3758 void *data,
3759 void *userdata) {
3760
3761 _cleanup_free_ char *path = NULL, *resolved = NULL;
3762 CGroupIODeviceLatency *l;
3763 CGroupContext *c = data;
3764 const char *p = rvalue;
3765 usec_t usec;
3766 int r;
3767
3768 assert(filename);
3769 assert(lvalue);
3770 assert(rvalue);
3771
3772 if (isempty(rvalue)) {
3773 while (c->io_device_latencies)
3774 cgroup_context_free_io_device_latency(c, c->io_device_latencies);
3775
3776 return 0;
3777 }
3778
3779 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3780 if (r == -ENOMEM)
3781 return log_oom();
3782 if (r < 0) {
3783 log_syntax(unit, LOG_WARNING, filename, line, r,
3784 "Invalid syntax, ignoring: %s", rvalue);
3785 return 0;
3786 }
3787 if (r == 0 || isempty(p)) {
3788 log_syntax(unit, LOG_WARNING, filename, line, 0,
3789 "Failed to extract device path and latency from '%s', ignoring.", rvalue);
3790 return 0;
3791 }
3792
3793 r = unit_full_printf(userdata, path, &resolved);
3794 if (r < 0) {
3795 log_syntax(unit, LOG_WARNING, filename, line, r,
3796 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
3797 return 0;
3798 }
3799
3800 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3801 if (r < 0)
3802 return 0;
3803
3804 if (parse_sec(p, &usec) < 0) {
3805 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse timer value, ignoring: %s", p);
3806 return 0;
3807 }
3808
3809 l = new0(CGroupIODeviceLatency, 1);
3810 if (!l)
3811 return log_oom();
3812
3813 l->path = TAKE_PTR(resolved);
3814 l->target_usec = usec;
3815
3816 LIST_PREPEND(device_latencies, c->io_device_latencies, l);
3817 return 0;
3818 }
3819
3820 int config_parse_io_limit(
3821 const char *unit,
3822 const char *filename,
3823 unsigned line,
3824 const char *section,
3825 unsigned section_line,
3826 const char *lvalue,
3827 int ltype,
3828 const char *rvalue,
3829 void *data,
3830 void *userdata) {
3831
3832 _cleanup_free_ char *path = NULL, *resolved = NULL;
3833 CGroupIODeviceLimit *l = NULL, *t;
3834 CGroupContext *c = data;
3835 CGroupIOLimitType type;
3836 const char *p = rvalue;
3837 uint64_t num;
3838 int r;
3839
3840 assert(filename);
3841 assert(lvalue);
3842 assert(rvalue);
3843
3844 type = cgroup_io_limit_type_from_string(lvalue);
3845 assert(type >= 0);
3846
3847 if (isempty(rvalue)) {
3848 LIST_FOREACH(device_limits, l, c->io_device_limits)
3849 l->limits[type] = cgroup_io_limit_defaults[type];
3850 return 0;
3851 }
3852
3853 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3854 if (r == -ENOMEM)
3855 return log_oom();
3856 if (r < 0) {
3857 log_syntax(unit, LOG_WARNING, filename, line, r,
3858 "Invalid syntax, ignoring: %s", rvalue);
3859 return 0;
3860 }
3861 if (r == 0 || isempty(p)) {
3862 log_syntax(unit, LOG_WARNING, filename, line, 0,
3863 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue);
3864 return 0;
3865 }
3866
3867 r = unit_full_printf(userdata, path, &resolved);
3868 if (r < 0) {
3869 log_syntax(unit, LOG_WARNING, filename, line, r,
3870 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
3871 return 0;
3872 }
3873
3874 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3875 if (r < 0)
3876 return 0;
3877
3878 if (streq("infinity", p))
3879 num = CGROUP_LIMIT_MAX;
3880 else {
3881 r = parse_size(p, 1000, &num);
3882 if (r < 0 || num <= 0) {
3883 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid IO limit '%s', ignoring.", p);
3884 return 0;
3885 }
3886 }
3887
3888 LIST_FOREACH(device_limits, t, c->io_device_limits) {
3889 if (path_equal(resolved, t->path)) {
3890 l = t;
3891 break;
3892 }
3893 }
3894
3895 if (!l) {
3896 CGroupIOLimitType ttype;
3897
3898 l = new0(CGroupIODeviceLimit, 1);
3899 if (!l)
3900 return log_oom();
3901
3902 l->path = TAKE_PTR(resolved);
3903 for (ttype = 0; ttype < _CGROUP_IO_LIMIT_TYPE_MAX; ttype++)
3904 l->limits[ttype] = cgroup_io_limit_defaults[ttype];
3905
3906 LIST_PREPEND(device_limits, c->io_device_limits, l);
3907 }
3908
3909 l->limits[type] = num;
3910
3911 return 0;
3912 }
3913
3914 int config_parse_blockio_device_weight(
3915 const char *unit,
3916 const char *filename,
3917 unsigned line,
3918 const char *section,
3919 unsigned section_line,
3920 const char *lvalue,
3921 int ltype,
3922 const char *rvalue,
3923 void *data,
3924 void *userdata) {
3925
3926 _cleanup_free_ char *path = NULL, *resolved = NULL;
3927 CGroupBlockIODeviceWeight *w;
3928 CGroupContext *c = data;
3929 const char *p = rvalue;
3930 uint64_t u;
3931 int r;
3932
3933 assert(filename);
3934 assert(lvalue);
3935 assert(rvalue);
3936
3937 if (isempty(rvalue)) {
3938 while (c->blockio_device_weights)
3939 cgroup_context_free_blockio_device_weight(c, c->blockio_device_weights);
3940
3941 return 0;
3942 }
3943
3944 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3945 if (r == -ENOMEM)
3946 return log_oom();
3947 if (r < 0) {
3948 log_syntax(unit, LOG_WARNING, filename, line, r,
3949 "Invalid syntax, ignoring: %s", rvalue);
3950 return 0;
3951 }
3952 if (r == 0 || isempty(p)) {
3953 log_syntax(unit, LOG_WARNING, filename, line, 0,
3954 "Failed to extract device node and weight from '%s', ignoring.", rvalue);
3955 return 0;
3956 }
3957
3958 r = unit_full_printf(userdata, path, &resolved);
3959 if (r < 0) {
3960 log_syntax(unit, LOG_WARNING, filename, line, r,
3961 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
3962 return 0;
3963 }
3964
3965 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3966 if (r < 0)
3967 return 0;
3968
3969 r = cg_blkio_weight_parse(p, &u);
3970 if (r < 0) {
3971 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid block IO weight '%s', ignoring: %m", p);
3972 return 0;
3973 }
3974
3975 assert(u != CGROUP_BLKIO_WEIGHT_INVALID);
3976
3977 w = new0(CGroupBlockIODeviceWeight, 1);
3978 if (!w)
3979 return log_oom();
3980
3981 w->path = TAKE_PTR(resolved);
3982 w->weight = u;
3983
3984 LIST_PREPEND(device_weights, c->blockio_device_weights, w);
3985 return 0;
3986 }
3987
3988 int config_parse_blockio_bandwidth(
3989 const char *unit,
3990 const char *filename,
3991 unsigned line,
3992 const char *section,
3993 unsigned section_line,
3994 const char *lvalue,
3995 int ltype,
3996 const char *rvalue,
3997 void *data,
3998 void *userdata) {
3999
4000 _cleanup_free_ char *path = NULL, *resolved = NULL;
4001 CGroupBlockIODeviceBandwidth *b = NULL, *t;
4002 CGroupContext *c = data;
4003 const char *p = rvalue;
4004 uint64_t bytes;
4005 bool read;
4006 int r;
4007
4008 assert(filename);
4009 assert(lvalue);
4010 assert(rvalue);
4011
4012 read = streq("BlockIOReadBandwidth", lvalue);
4013
4014 if (isempty(rvalue)) {
4015 LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths) {
4016 b->rbps = CGROUP_LIMIT_MAX;
4017 b->wbps = CGROUP_LIMIT_MAX;
4018 }
4019 return 0;
4020 }
4021
4022 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
4023 if (r == -ENOMEM)
4024 return log_oom();
4025 if (r < 0) {
4026 log_syntax(unit, LOG_WARNING, filename, line, r,
4027 "Invalid syntax, ignoring: %s", rvalue);
4028 return 0;
4029 }
4030 if (r == 0 || isempty(p)) {
4031 log_syntax(unit, LOG_WARNING, filename, line, 0,
4032 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue);
4033 return 0;
4034 }
4035
4036 r = unit_full_printf(userdata, path, &resolved);
4037 if (r < 0) {
4038 log_syntax(unit, LOG_WARNING, filename, line, r,
4039 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
4040 return 0;
4041 }
4042
4043 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
4044 if (r < 0)
4045 return 0;
4046
4047 r = parse_size(p, 1000, &bytes);
4048 if (r < 0 || bytes <= 0) {
4049 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid Block IO Bandwidth '%s', ignoring.", p);
4050 return 0;
4051 }
4052
4053 LIST_FOREACH(device_bandwidths, t, c->blockio_device_bandwidths) {
4054 if (path_equal(resolved, t->path)) {
4055 b = t;
4056 break;
4057 }
4058 }
4059
4060 if (!t) {
4061 b = new0(CGroupBlockIODeviceBandwidth, 1);
4062 if (!b)
4063 return log_oom();
4064
4065 b->path = TAKE_PTR(resolved);
4066 b->rbps = CGROUP_LIMIT_MAX;
4067 b->wbps = CGROUP_LIMIT_MAX;
4068
4069 LIST_PREPEND(device_bandwidths, c->blockio_device_bandwidths, b);
4070 }
4071
4072 if (read)
4073 b->rbps = bytes;
4074 else
4075 b->wbps = bytes;
4076
4077 return 0;
4078 }
4079
4080 int config_parse_job_mode_isolate(
4081 const char *unit,
4082 const char *filename,
4083 unsigned line,
4084 const char *section,
4085 unsigned section_line,
4086 const char *lvalue,
4087 int ltype,
4088 const char *rvalue,
4089 void *data,
4090 void *userdata) {
4091
4092 JobMode *m = data;
4093 int r;
4094
4095 assert(filename);
4096 assert(lvalue);
4097 assert(rvalue);
4098
4099 r = parse_boolean(rvalue);
4100 if (r < 0) {
4101 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse boolean, ignoring: %s", rvalue);
4102 return 0;
4103 }
4104
4105 log_notice("%s is deprecated. Please use OnFailureJobMode= instead", lvalue);
4106
4107 *m = r ? JOB_ISOLATE : JOB_REPLACE;
4108 return 0;
4109 }
4110
4111 int config_parse_exec_directories(
4112 const char *unit,
4113 const char *filename,
4114 unsigned line,
4115 const char *section,
4116 unsigned section_line,
4117 const char *lvalue,
4118 int ltype,
4119 const char *rvalue,
4120 void *data,
4121 void *userdata) {
4122
4123 char***rt = data;
4124 const Unit *u = userdata;
4125 const char *p;
4126 int r;
4127
4128 assert(filename);
4129 assert(lvalue);
4130 assert(rvalue);
4131 assert(data);
4132
4133 if (isempty(rvalue)) {
4134 /* Empty assignment resets the list */
4135 *rt = strv_free(*rt);
4136 return 0;
4137 }
4138
4139 for (p = rvalue;;) {
4140 _cleanup_free_ char *word = NULL, *k = NULL;
4141
4142 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
4143 if (r == -ENOMEM)
4144 return log_oom();
4145 if (r < 0) {
4146 log_syntax(unit, LOG_WARNING, filename, line, r,
4147 "Invalid syntax, ignoring: %s", rvalue);
4148 return 0;
4149 }
4150 if (r == 0)
4151 return 0;
4152
4153 r = unit_full_printf(u, word, &k);
4154 if (r < 0) {
4155 log_syntax(unit, LOG_ERR, filename, line, r,
4156 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word);
4157 continue;
4158 }
4159
4160 r = path_simplify_and_warn(k, PATH_CHECK_RELATIVE, unit, filename, line, lvalue);
4161 if (r < 0)
4162 continue;
4163
4164 if (path_startswith(k, "private")) {
4165 log_syntax(unit, LOG_ERR, filename, line, 0,
4166 "%s= path can't be 'private', ignoring assignment: %s", lvalue, word);
4167 continue;
4168 }
4169
4170 r = strv_push(rt, k);
4171 if (r < 0)
4172 return log_oom();
4173 k = NULL;
4174 }
4175 }
4176
4177 int config_parse_set_status(
4178 const char *unit,
4179 const char *filename,
4180 unsigned line,
4181 const char *section,
4182 unsigned section_line,
4183 const char *lvalue,
4184 int ltype,
4185 const char *rvalue,
4186 void *data,
4187 void *userdata) {
4188
4189 size_t l;
4190 const char *word, *state;
4191 int r;
4192 ExitStatusSet *status_set = data;
4193
4194 assert(filename);
4195 assert(lvalue);
4196 assert(rvalue);
4197 assert(data);
4198
4199 /* Empty assignment resets the list */
4200 if (isempty(rvalue)) {
4201 exit_status_set_free(status_set);
4202 return 0;
4203 }
4204
4205 FOREACH_WORD(word, l, rvalue, state) {
4206 _cleanup_free_ char *temp;
4207 Bitmap *bitmap;
4208
4209 temp = strndup(word, l);
4210 if (!temp)
4211 return log_oom();
4212
4213 /* We need to call exit_status_from_string() first, because we want
4214 * to parse numbers as exit statuses, not signals. */
4215
4216 r = exit_status_from_string(temp);
4217 if (r >= 0) {
4218 assert(r >= 0 && r < 256);
4219 bitmap = &status_set->status;
4220 } else {
4221 r = signal_from_string(temp);
4222
4223 if (r <= 0) {
4224 log_syntax(unit, LOG_ERR, filename, line, 0,
4225 "Failed to parse value, ignoring: %s", word);
4226 continue;
4227 }
4228 bitmap = &status_set->signal;
4229 }
4230
4231 r = bitmap_set(bitmap, r);
4232 if (r < 0)
4233 return log_error_errno(r, "Failed to set signal or status %s: %m", word);
4234 }
4235 if (!isempty(state))
4236 log_syntax(unit, LOG_ERR, filename, line, 0, "Trailing garbage, ignoring.");
4237
4238 return 0;
4239 }
4240
4241 int config_parse_namespace_path_strv(
4242 const char *unit,
4243 const char *filename,
4244 unsigned line,
4245 const char *section,
4246 unsigned section_line,
4247 const char *lvalue,
4248 int ltype,
4249 const char *rvalue,
4250 void *data,
4251 void *userdata) {
4252
4253 const Unit *u = userdata;
4254 char*** sv = data;
4255 const char *p = rvalue;
4256 int r;
4257
4258 assert(filename);
4259 assert(lvalue);
4260 assert(rvalue);
4261 assert(data);
4262
4263 if (isempty(rvalue)) {
4264 /* Empty assignment resets the list */
4265 *sv = strv_free(*sv);
4266 return 0;
4267 }
4268
4269 for (;;) {
4270 _cleanup_free_ char *word = NULL, *resolved = NULL, *joined = NULL;
4271 const char *w;
4272 bool ignore_enoent = false, shall_prefix = false;
4273
4274 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
4275 if (r == 0)
4276 break;
4277 if (r == -ENOMEM)
4278 return log_oom();
4279 if (r < 0) {
4280 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to extract first word, ignoring: %s", rvalue);
4281 return 0;
4282 }
4283
4284 w = word;
4285 if (startswith(w, "-")) {
4286 ignore_enoent = true;
4287 w++;
4288 }
4289 if (startswith(w, "+")) {
4290 shall_prefix = true;
4291 w++;
4292 }
4293
4294 r = unit_full_printf(u, w, &resolved);
4295 if (r < 0) {
4296 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", w);
4297 continue;
4298 }
4299
4300 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4301 if (r < 0)
4302 continue;
4303
4304 joined = strjoin(ignore_enoent ? "-" : "",
4305 shall_prefix ? "+" : "",
4306 resolved);
4307
4308 r = strv_push(sv, joined);
4309 if (r < 0)
4310 return log_oom();
4311
4312 joined = NULL;
4313 }
4314
4315 return 0;
4316 }
4317
4318 int config_parse_temporary_filesystems(
4319 const char *unit,
4320 const char *filename,
4321 unsigned line,
4322 const char *section,
4323 unsigned section_line,
4324 const char *lvalue,
4325 int ltype,
4326 const char *rvalue,
4327 void *data,
4328 void *userdata) {
4329
4330 const Unit *u = userdata;
4331 ExecContext *c = data;
4332 const char *p = rvalue;
4333 int r;
4334
4335 assert(filename);
4336 assert(lvalue);
4337 assert(rvalue);
4338 assert(data);
4339
4340 if (isempty(rvalue)) {
4341 /* Empty assignment resets the list */
4342 temporary_filesystem_free_many(c->temporary_filesystems, c->n_temporary_filesystems);
4343 c->temporary_filesystems = NULL;
4344 c->n_temporary_filesystems = 0;
4345 return 0;
4346 }
4347
4348 for (;;) {
4349 _cleanup_free_ char *word = NULL, *path = NULL, *resolved = NULL;
4350 const char *w;
4351
4352 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
4353 if (r == 0)
4354 return 0;
4355 if (r == -ENOMEM)
4356 return log_oom();
4357 if (r < 0) {
4358 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to extract first word, ignoring: %s", rvalue);
4359 return 0;
4360 }
4361
4362 w = word;
4363 r = extract_first_word(&w, &path, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
4364 if (r == -ENOMEM)
4365 return log_oom();
4366 if (r < 0) {
4367 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to extract first word, ignoring: %s", word);
4368 continue;
4369 }
4370 if (r == 0) {
4371 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid syntax, ignoring: %s", word);
4372 continue;
4373 }
4374
4375 r = unit_full_printf(u, path, &resolved);
4376 if (r < 0) {
4377 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", path);
4378 continue;
4379 }
4380
4381 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4382 if (r < 0)
4383 continue;
4384
4385 r = temporary_filesystem_add(&c->temporary_filesystems, &c->n_temporary_filesystems, resolved, w);
4386 if (r < 0)
4387 return log_oom();
4388 }
4389 }
4390
4391 int config_parse_bind_paths(
4392 const char *unit,
4393 const char *filename,
4394 unsigned line,
4395 const char *section,
4396 unsigned section_line,
4397 const char *lvalue,
4398 int ltype,
4399 const char *rvalue,
4400 void *data,
4401 void *userdata) {
4402
4403 ExecContext *c = data;
4404 const Unit *u = userdata;
4405 const char *p;
4406 int r;
4407
4408 assert(filename);
4409 assert(lvalue);
4410 assert(rvalue);
4411 assert(data);
4412
4413 if (isempty(rvalue)) {
4414 /* Empty assignment resets the list */
4415 bind_mount_free_many(c->bind_mounts, c->n_bind_mounts);
4416 c->bind_mounts = NULL;
4417 c->n_bind_mounts = 0;
4418 return 0;
4419 }
4420
4421 p = rvalue;
4422 for (;;) {
4423 _cleanup_free_ char *source = NULL, *destination = NULL;
4424 _cleanup_free_ char *sresolved = NULL, *dresolved = NULL;
4425 char *s = NULL, *d = NULL;
4426 bool rbind = true, ignore_enoent = false;
4427
4428 r = extract_first_word(&p, &source, ":" WHITESPACE, EXTRACT_UNQUOTE|EXTRACT_DONT_COALESCE_SEPARATORS);
4429 if (r == 0)
4430 break;
4431 if (r == -ENOMEM)
4432 return log_oom();
4433 if (r < 0) {
4434 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s, ignoring: %s", lvalue, rvalue);
4435 return 0;
4436 }
4437
4438 r = unit_full_printf(u, source, &sresolved);
4439 if (r < 0) {
4440 log_syntax(unit, LOG_ERR, filename, line, r,
4441 "Failed to resolved unit specifiers in \"%s\", ignoring: %m", source);
4442 continue;
4443 }
4444
4445 s = sresolved;
4446 if (s[0] == '-') {
4447 ignore_enoent = true;
4448 s++;
4449 }
4450
4451 r = path_simplify_and_warn(s, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4452 if (r < 0)
4453 continue;
4454
4455 /* Optionally, the destination is specified. */
4456 if (p && p[-1] == ':') {
4457 r = extract_first_word(&p, &destination, ":" WHITESPACE, EXTRACT_UNQUOTE|EXTRACT_DONT_COALESCE_SEPARATORS);
4458 if (r == -ENOMEM)
4459 return log_oom();
4460 if (r < 0) {
4461 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s, ignoring: %s", lvalue, rvalue);
4462 return 0;
4463 }
4464 if (r == 0) {
4465 log_syntax(unit, LOG_ERR, filename, line, 0, "Missing argument after ':', ignoring: %s", s);
4466 continue;
4467 }
4468
4469 r = unit_full_printf(u, destination, &dresolved);
4470 if (r < 0) {
4471 log_syntax(unit, LOG_ERR, filename, line, r,
4472 "Failed to resolved specifiers in \"%s\", ignoring: %m", destination);
4473 continue;
4474 }
4475
4476 r = path_simplify_and_warn(dresolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4477 if (r < 0)
4478 continue;
4479
4480 d = dresolved;
4481
4482 /* Optionally, there's also a short option string specified */
4483 if (p && p[-1] == ':') {
4484 _cleanup_free_ char *options = NULL;
4485
4486 r = extract_first_word(&p, &options, NULL, EXTRACT_UNQUOTE);
4487 if (r == -ENOMEM)
4488 return log_oom();
4489 if (r < 0) {
4490 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s: %s", lvalue, rvalue);
4491 return 0;
4492 }
4493
4494 if (isempty(options) || streq(options, "rbind"))
4495 rbind = true;
4496 else if (streq(options, "norbind"))
4497 rbind = false;
4498 else {
4499 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid option string, ignoring setting: %s", options);
4500 continue;
4501 }
4502 }
4503 } else
4504 d = s;
4505
4506 r = bind_mount_add(&c->bind_mounts, &c->n_bind_mounts,
4507 &(BindMount) {
4508 .source = s,
4509 .destination = d,
4510 .read_only = !!strstr(lvalue, "ReadOnly"),
4511 .recursive = rbind,
4512 .ignore_enoent = ignore_enoent,
4513 });
4514 if (r < 0)
4515 return log_oom();
4516 }
4517
4518 return 0;
4519 }
4520
4521 int config_parse_job_timeout_sec(
4522 const char* unit,
4523 const char *filename,
4524 unsigned line,
4525 const char *section,
4526 unsigned section_line,
4527 const char *lvalue,
4528 int ltype,
4529 const char *rvalue,
4530 void *data,
4531 void *userdata) {
4532
4533 Unit *u = data;
4534 usec_t usec;
4535 int r;
4536
4537 assert(filename);
4538 assert(lvalue);
4539 assert(rvalue);
4540 assert(u);
4541
4542 r = parse_sec_fix_0(rvalue, &usec);
4543 if (r < 0) {
4544 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse JobTimeoutSec= parameter, ignoring: %s", rvalue);
4545 return 0;
4546 }
4547
4548 /* If the user explicitly changed JobTimeoutSec= also change JobRunningTimeoutSec=, for compatibility with old
4549 * versions. If JobRunningTimeoutSec= was explicitly set, avoid this however as whatever the user picked should
4550 * count. */
4551
4552 if (!u->job_running_timeout_set)
4553 u->job_running_timeout = usec;
4554
4555 u->job_timeout = usec;
4556
4557 return 0;
4558 }
4559
4560 int config_parse_job_running_timeout_sec(
4561 const char* unit,
4562 const char *filename,
4563 unsigned line,
4564 const char *section,
4565 unsigned section_line,
4566 const char *lvalue,
4567 int ltype,
4568 const char *rvalue,
4569 void *data,
4570 void *userdata) {
4571
4572 Unit *u = data;
4573 usec_t usec;
4574 int r;
4575
4576 assert(filename);
4577 assert(lvalue);
4578 assert(rvalue);
4579 assert(u);
4580
4581 r = parse_sec_fix_0(rvalue, &usec);
4582 if (r < 0) {
4583 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse JobRunningTimeoutSec= parameter, ignoring: %s", rvalue);
4584 return 0;
4585 }
4586
4587 u->job_running_timeout = usec;
4588 u->job_running_timeout_set = true;
4589
4590 return 0;
4591 }
4592
4593 int config_parse_emergency_action(
4594 const char* unit,
4595 const char *filename,
4596 unsigned line,
4597 const char *section,
4598 unsigned section_line,
4599 const char *lvalue,
4600 int ltype,
4601 const char *rvalue,
4602 void *data,
4603 void *userdata) {
4604
4605 Manager *m = NULL;
4606 EmergencyAction *x = data;
4607 int r;
4608
4609 assert(filename);
4610 assert(lvalue);
4611 assert(rvalue);
4612 assert(data);
4613
4614 if (unit)
4615 m = ((Unit*) userdata)->manager;
4616 else
4617 m = data;
4618
4619 r = parse_emergency_action(rvalue, MANAGER_IS_SYSTEM(m), x);
4620 if (r < 0) {
4621 if (r == -EOPNOTSUPP && MANAGER_IS_USER(m)) {
4622 /* Compat mode: remove for systemd 241. */
4623
4624 log_syntax(unit, LOG_INFO, filename, line, r,
4625 "%s= in user mode specified as \"%s\", using \"exit-force\" instead.",
4626 lvalue, rvalue);
4627 *x = EMERGENCY_ACTION_EXIT_FORCE;
4628 return 0;
4629 }
4630
4631 if (r == -EOPNOTSUPP)
4632 log_syntax(unit, LOG_ERR, filename, line, r,
4633 "%s= specified as %s mode action, ignoring: %s",
4634 lvalue, MANAGER_IS_SYSTEM(m) ? "user" : "system", rvalue);
4635 else
4636 log_syntax(unit, LOG_ERR, filename, line, r,
4637 "Failed to parse %s=, ignoring: %s", lvalue, rvalue);
4638 return 0;
4639 }
4640
4641 return 0;
4642 }
4643
4644 int config_parse_pid_file(
4645 const char *unit,
4646 const char *filename,
4647 unsigned line,
4648 const char *section,
4649 unsigned section_line,
4650 const char *lvalue,
4651 int ltype,
4652 const char *rvalue,
4653 void *data,
4654 void *userdata) {
4655
4656 _cleanup_free_ char *k = NULL, *n = NULL;
4657 const Unit *u = userdata;
4658 char **s = data;
4659 int r;
4660
4661 assert(filename);
4662 assert(lvalue);
4663 assert(rvalue);
4664 assert(u);
4665
4666 if (isempty(rvalue)) {
4667 /* An empty assignment removes already set value. */
4668 *s = mfree(*s);
4669 return 0;
4670 }
4671
4672 r = unit_full_printf(u, rvalue, &k);
4673 if (r < 0) {
4674 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
4675 return 0;
4676 }
4677
4678 /* If this is a relative path make it absolute by prefixing the /run */
4679 n = path_make_absolute(k, u->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
4680 if (!n)
4681 return log_oom();
4682
4683 /* Check that the result is a sensible path */
4684 r = path_simplify_and_warn(n, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4685 if (r < 0)
4686 return r;
4687
4688 r = patch_var_run(unit, filename, line, lvalue, &n);
4689 if (r < 0)
4690 return r;
4691
4692 free_and_replace(*s, n);
4693 return 0;
4694 }
4695
4696 int config_parse_exit_status(
4697 const char *unit,
4698 const char *filename,
4699 unsigned line,
4700 const char *section,
4701 unsigned section_line,
4702 const char *lvalue,
4703 int ltype,
4704 const char *rvalue,
4705 void *data,
4706 void *userdata) {
4707
4708 int *exit_status = data, r;
4709 uint8_t u;
4710
4711 assert(filename);
4712 assert(lvalue);
4713 assert(rvalue);
4714 assert(exit_status);
4715
4716 if (isempty(rvalue)) {
4717 *exit_status = -1;
4718 return 0;
4719 }
4720
4721 r = safe_atou8(rvalue, &u);
4722 if (r < 0) {
4723 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse exit status '%s', ignoring: %m", rvalue);
4724 return 0;
4725 }
4726
4727 *exit_status = u;
4728 return 0;
4729 }
4730
4731 int config_parse_disable_controllers(
4732 const char *unit,
4733 const char *filename,
4734 unsigned line,
4735 const char *section,
4736 unsigned section_line,
4737 const char *lvalue,
4738 int ltype,
4739 const char *rvalue,
4740 void *data,
4741 void *userdata) {
4742
4743 int r;
4744 CGroupContext *c = data;
4745 CGroupMask disabled_mask;
4746
4747 /* 1. If empty, make all controllers eligible for use again.
4748 * 2. If non-empty, merge all listed controllers, space separated. */
4749
4750 if (isempty(rvalue)) {
4751 c->disable_controllers = 0;
4752 return 0;
4753 }
4754
4755 r = cg_mask_from_string(rvalue, &disabled_mask);
4756 if (r < 0 || disabled_mask <= 0) {
4757 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid cgroup string: %s, ignoring", rvalue);
4758 return 0;
4759 }
4760
4761 c->disable_controllers |= disabled_mask;
4762
4763 return 0;
4764 }
4765
4766 int config_parse_ip_filter_bpf_progs(
4767 const char *unit,
4768 const char *filename,
4769 unsigned line,
4770 const char *section,
4771 unsigned section_line,
4772 const char *lvalue,
4773 int ltype,
4774 const char *rvalue,
4775 void *data,
4776 void *userdata) {
4777
4778 _cleanup_free_ char *resolved = NULL;
4779 const Unit *u = userdata;
4780 char ***paths = data;
4781 int r;
4782
4783 assert(filename);
4784 assert(lvalue);
4785 assert(rvalue);
4786 assert(paths);
4787
4788 if (isempty(rvalue)) {
4789 *paths = strv_free(*paths);
4790 return 0;
4791 }
4792
4793 r = unit_full_printf(u, rvalue, &resolved);
4794 if (r < 0) {
4795 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
4796 return 0;
4797 }
4798
4799 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4800 if (r < 0)
4801 return 0;
4802
4803 if (strv_contains(*paths, resolved))
4804 return 0;
4805
4806 r = strv_extend(paths, resolved);
4807 if (r < 0)
4808 return log_oom();
4809
4810 r = bpf_firewall_supported();
4811 if (r < 0)
4812 return r;
4813 if (r != BPF_FIREWALL_SUPPORTED_WITH_MULTI) {
4814 static bool warned = false;
4815
4816 log_full(warned ? LOG_DEBUG : LOG_WARNING,
4817 "File %s:%u configures an IP firewall with BPF programs (%s=%s), but the local system does not support BPF/cgroup based firewalling with multiple filters.\n"
4818 "Starting this unit will fail! (This warning is only shown for the first loaded unit using IP firewalling.)", filename, line, lvalue, rvalue);
4819
4820 warned = true;
4821 }
4822
4823 return 0;
4824 }
4825
4826 static int merge_by_names(Unit **u, Set *names, const char *id) {
4827 char *k;
4828 int r;
4829
4830 assert(u);
4831 assert(*u);
4832
4833 /* Let's try to add in all names that are aliases of this unit */
4834 while ((k = set_steal_first(names))) {
4835 _cleanup_free_ _unused_ char *free_k = k;
4836
4837 /* First try to merge in the other name into our unit */
4838 r = unit_merge_by_name(*u, k);
4839 if (r < 0) {
4840 Unit *other;
4841
4842 /* Hmm, we couldn't merge the other unit into ours? Then let's try it the other way
4843 * round. */
4844
4845 other = manager_get_unit((*u)->manager, k);
4846 if (!other)
4847 return r; /* return previous failure */
4848
4849 r = unit_merge(other, *u);
4850 if (r < 0)
4851 return r;
4852
4853 *u = other;
4854 return merge_by_names(u, names, NULL);
4855 }
4856
4857 if (streq_ptr(id, k))
4858 unit_choose_id(*u, id);
4859 }
4860
4861 return 0;
4862 }
4863
4864 int unit_load_fragment(Unit *u) {
4865 const char *fragment;
4866 _cleanup_set_free_free_ Set *names = NULL;
4867 int r;
4868
4869 assert(u);
4870 assert(u->load_state == UNIT_STUB);
4871 assert(u->id);
4872
4873 if (u->transient) {
4874 u->load_state = UNIT_LOADED;
4875 return 0;
4876 }
4877
4878 /* Possibly rebuild the fragment map to catch new units */
4879 r = unit_file_build_name_map(&u->manager->lookup_paths,
4880 &u->manager->unit_cache_mtime,
4881 &u->manager->unit_id_map,
4882 &u->manager->unit_name_map,
4883 &u->manager->unit_path_cache);
4884 if (r < 0)
4885 return log_error_errno(r, "Failed to rebuild name map: %m");
4886
4887 r = unit_file_find_fragment(u->manager->unit_id_map,
4888 u->manager->unit_name_map,
4889 u->id,
4890 &fragment,
4891 &names);
4892 if (r < 0 && r != -ENOENT)
4893 return r;
4894
4895 if (fragment) {
4896 /* Open the file, check if this is a mask, otherwise read. */
4897 _cleanup_fclose_ FILE *f = NULL;
4898 struct stat st;
4899
4900 /* Try to open the file name. A symlink is OK, for example for linked files or masks. We
4901 * expect that all symlinks within the lookup paths have been already resolved, but we don't
4902 * verify this here. */
4903 f = fopen(fragment, "re");
4904 if (!f)
4905 return log_unit_notice_errno(u, errno, "Failed to open %s: %m", fragment);
4906
4907 if (fstat(fileno(f), &st) < 0)
4908 return -errno;
4909
4910 r = free_and_strdup(&u->fragment_path, fragment);
4911 if (r < 0)
4912 return r;
4913
4914 if (null_or_empty(&st)) {
4915 /* Unit file is masked */
4916
4917 u->load_state = u->perpetual ? UNIT_LOADED : UNIT_MASKED; /* don't allow perpetual units to ever be masked */
4918 u->fragment_mtime = 0;
4919 } else {
4920 u->load_state = UNIT_LOADED;
4921 u->fragment_mtime = timespec_load(&st.st_mtim);
4922
4923 /* Now, parse the file contents */
4924 r = config_parse(u->id, fragment, f,
4925 UNIT_VTABLE(u)->sections,
4926 config_item_perf_lookup, load_fragment_gperf_lookup,
4927 0,
4928 u,
4929 NULL);
4930 if (r == -ENOEXEC)
4931 log_unit_notice_errno(u, r, "Unit configuration has fatal error, unit will not be started.");
4932 if (r < 0)
4933 return r;
4934 }
4935 }
4936
4937 /* We do the merge dance here because for some unit types, the unit might have aliases which are not
4938 * declared in the file system. In particular, this is true (and frequent) for device and swap units.
4939 */
4940 Unit *merged;
4941 const char *id = u->id;
4942 _cleanup_free_ char *free_id = NULL;
4943
4944 if (fragment) {
4945 id = basename(fragment);
4946 if (unit_name_is_valid(id, UNIT_NAME_TEMPLATE)) {
4947 assert(u->instance); /* If we're not trying to use a template for non-instanced unit,
4948 * this must be set. */
4949
4950 r = unit_name_replace_instance(id, u->instance, &free_id);
4951 if (r < 0)
4952 return log_debug_errno(r, "Failed to build id (%s + %s): %m", id, u->instance);
4953 id = free_id;
4954 }
4955 }
4956
4957 merged = u;
4958 r = merge_by_names(&merged, names, id);
4959 if (r < 0)
4960 return r;
4961
4962 if (merged != u)
4963 u->load_state = UNIT_MERGED;
4964
4965 return 0;
4966 }
4967
4968 void unit_dump_config_items(FILE *f) {
4969 static const struct {
4970 const ConfigParserCallback callback;
4971 const char *rvalue;
4972 } table[] = {
4973 { config_parse_warn_compat, "NOTSUPPORTED" },
4974 { config_parse_int, "INTEGER" },
4975 { config_parse_unsigned, "UNSIGNED" },
4976 { config_parse_iec_size, "SIZE" },
4977 { config_parse_iec_uint64, "SIZE" },
4978 { config_parse_si_uint64, "SIZE" },
4979 { config_parse_bool, "BOOLEAN" },
4980 { config_parse_string, "STRING" },
4981 { config_parse_path, "PATH" },
4982 { config_parse_unit_path_printf, "PATH" },
4983 { config_parse_strv, "STRING [...]" },
4984 { config_parse_exec_nice, "NICE" },
4985 { config_parse_exec_oom_score_adjust, "OOMSCOREADJUST" },
4986 { config_parse_exec_io_class, "IOCLASS" },
4987 { config_parse_exec_io_priority, "IOPRIORITY" },
4988 { config_parse_exec_cpu_sched_policy, "CPUSCHEDPOLICY" },
4989 { config_parse_exec_cpu_sched_prio, "CPUSCHEDPRIO" },
4990 { config_parse_exec_cpu_affinity, "CPUAFFINITY" },
4991 { config_parse_mode, "MODE" },
4992 { config_parse_unit_env_file, "FILE" },
4993 { config_parse_exec_output, "OUTPUT" },
4994 { config_parse_exec_input, "INPUT" },
4995 { config_parse_log_facility, "FACILITY" },
4996 { config_parse_log_level, "LEVEL" },
4997 { config_parse_exec_secure_bits, "SECUREBITS" },
4998 { config_parse_capability_set, "BOUNDINGSET" },
4999 { config_parse_rlimit, "LIMIT" },
5000 { config_parse_unit_deps, "UNIT [...]" },
5001 { config_parse_exec, "PATH [ARGUMENT [...]]" },
5002 { config_parse_service_type, "SERVICETYPE" },
5003 { config_parse_service_restart, "SERVICERESTART" },
5004 { config_parse_service_timeout_failure_mode, "TIMEOUTMODE" },
5005 { config_parse_kill_mode, "KILLMODE" },
5006 { config_parse_signal, "SIGNAL" },
5007 { config_parse_socket_listen, "SOCKET [...]" },
5008 { config_parse_socket_bind, "SOCKETBIND" },
5009 { config_parse_socket_bindtodevice, "NETWORKINTERFACE" },
5010 { config_parse_sec, "SECONDS" },
5011 { config_parse_nsec, "NANOSECONDS" },
5012 { config_parse_namespace_path_strv, "PATH [...]" },
5013 { config_parse_bind_paths, "PATH[:PATH[:OPTIONS]] [...]" },
5014 { config_parse_unit_requires_mounts_for, "PATH [...]" },
5015 { config_parse_exec_mount_flags, "MOUNTFLAG [...]" },
5016 { config_parse_unit_string_printf, "STRING" },
5017 { config_parse_trigger_unit, "UNIT" },
5018 { config_parse_timer, "TIMER" },
5019 { config_parse_path_spec, "PATH" },
5020 { config_parse_notify_access, "ACCESS" },
5021 { config_parse_ip_tos, "TOS" },
5022 { config_parse_unit_condition_path, "CONDITION" },
5023 { config_parse_unit_condition_string, "CONDITION" },
5024 { config_parse_unit_condition_null, "CONDITION" },
5025 { config_parse_unit_slice, "SLICE" },
5026 { config_parse_documentation, "URL" },
5027 { config_parse_service_timeout, "SECONDS" },
5028 { config_parse_emergency_action, "ACTION" },
5029 { config_parse_set_status, "STATUS" },
5030 { config_parse_service_sockets, "SOCKETS" },
5031 { config_parse_environ, "ENVIRON" },
5032 #if HAVE_SECCOMP
5033 { config_parse_syscall_filter, "SYSCALLS" },
5034 { config_parse_syscall_archs, "ARCHS" },
5035 { config_parse_syscall_errno, "ERRNO" },
5036 { config_parse_address_families, "FAMILIES" },
5037 { config_parse_restrict_namespaces, "NAMESPACES" },
5038 #endif
5039 { config_parse_cpu_shares, "SHARES" },
5040 { config_parse_cg_weight, "WEIGHT" },
5041 { config_parse_memory_limit, "LIMIT" },
5042 { config_parse_device_allow, "DEVICE" },
5043 { config_parse_device_policy, "POLICY" },
5044 { config_parse_io_limit, "LIMIT" },
5045 { config_parse_io_device_weight, "DEVICEWEIGHT" },
5046 { config_parse_io_device_latency, "DEVICELATENCY" },
5047 { config_parse_blockio_bandwidth, "BANDWIDTH" },
5048 { config_parse_blockio_weight, "WEIGHT" },
5049 { config_parse_blockio_device_weight, "DEVICEWEIGHT" },
5050 { config_parse_long, "LONG" },
5051 { config_parse_socket_service, "SERVICE" },
5052 #if HAVE_SELINUX
5053 { config_parse_exec_selinux_context, "LABEL" },
5054 #endif
5055 { config_parse_job_mode, "MODE" },
5056 { config_parse_job_mode_isolate, "BOOLEAN" },
5057 { config_parse_personality, "PERSONALITY" },
5058 };
5059
5060 const char *prev = NULL;
5061 const char *i;
5062
5063 assert(f);
5064
5065 NULSTR_FOREACH(i, load_fragment_gperf_nulstr) {
5066 const char *rvalue = "OTHER", *lvalue;
5067 const ConfigPerfItem *p;
5068 size_t prefix_len;
5069 const char *dot;
5070 unsigned j;
5071
5072 assert_se(p = load_fragment_gperf_lookup(i, strlen(i)));
5073
5074 /* Hide legacy settings */
5075 if (p->parse == config_parse_warn_compat &&
5076 p->ltype == DISABLED_LEGACY)
5077 continue;
5078
5079 for (j = 0; j < ELEMENTSOF(table); j++)
5080 if (p->parse == table[j].callback) {
5081 rvalue = table[j].rvalue;
5082 break;
5083 }
5084
5085 dot = strchr(i, '.');
5086 lvalue = dot ? dot + 1 : i;
5087 prefix_len = dot-i;
5088
5089 if (dot)
5090 if (!prev || !strneq(prev, i, prefix_len+1)) {
5091 if (prev)
5092 fputc('\n', f);
5093
5094 fprintf(f, "[%.*s]\n", (int) prefix_len, i);
5095 }
5096
5097 fprintf(f, "%s=%s\n", lvalue, rvalue);
5098 prev = i;
5099 }
5100 }
5101
5102 int config_parse_cpu_affinity2(
5103 const char *unit,
5104 const char *filename,
5105 unsigned line,
5106 const char *section,
5107 unsigned section_line,
5108 const char *lvalue,
5109 int ltype,
5110 const char *rvalue,
5111 void *data,
5112 void *userdata) {
5113
5114 CPUSet *affinity = data;
5115
5116 assert(affinity);
5117
5118 (void) parse_cpu_set_extend(rvalue, affinity, true, unit, filename, line, lvalue);
5119
5120 return 0;
5121 }
5122
5123 int config_parse_show_status(
5124 const char* unit,
5125 const char *filename,
5126 unsigned line,
5127 const char *section,
5128 unsigned section_line,
5129 const char *lvalue,
5130 int ltype,
5131 const char *rvalue,
5132 void *data,
5133 void *userdata) {
5134
5135 int k;
5136 ShowStatus *b = data;
5137
5138 assert(filename);
5139 assert(lvalue);
5140 assert(rvalue);
5141 assert(data);
5142
5143 k = parse_show_status(rvalue, b);
5144 if (k < 0) {
5145 log_syntax(unit, LOG_ERR, filename, line, k, "Failed to parse show status setting, ignoring: %s", rvalue);
5146 return 0;
5147 }
5148
5149 return 0;
5150 }
5151
5152 int config_parse_output_restricted(
5153 const char* unit,
5154 const char *filename,
5155 unsigned line,
5156 const char *section,
5157 unsigned section_line,
5158 const char *lvalue,
5159 int ltype,
5160 const char *rvalue,
5161 void *data,
5162 void *userdata) {
5163
5164 ExecOutput t, *eo = data;
5165 bool obsolete = false;
5166
5167 assert(filename);
5168 assert(lvalue);
5169 assert(rvalue);
5170 assert(data);
5171
5172 if (streq(rvalue, "syslog")) {
5173 t = EXEC_OUTPUT_JOURNAL;
5174 obsolete = true;
5175 } else if (streq(rvalue, "syslog+console")) {
5176 t = EXEC_OUTPUT_JOURNAL_AND_CONSOLE;
5177 obsolete = true;
5178 } else {
5179 t = exec_output_from_string(rvalue);
5180 if (t < 0) {
5181 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse output type, ignoring: %s", rvalue);
5182 return 0;
5183 }
5184
5185 if (IN_SET(t, EXEC_OUTPUT_SOCKET, EXEC_OUTPUT_NAMED_FD, EXEC_OUTPUT_FILE, EXEC_OUTPUT_FILE_APPEND)) {
5186 log_syntax(unit, LOG_ERR, filename, line, 0, "Standard output types socket, fd:, file:, append: are not supported as defaults, ignoring: %s", rvalue);
5187 return 0;
5188 }
5189 }
5190
5191 if (obsolete)
5192 log_syntax(unit, LOG_NOTICE, filename, line, 0,
5193 "Standard output type %s is obsolete, automatically updating to %s. Please update your configuration.",
5194 rvalue, exec_output_to_string(t));
5195
5196 *eo = t;
5197 return 0;
5198 }
5199
5200 int config_parse_crash_chvt(
5201 const char* unit,
5202 const char *filename,
5203 unsigned line,
5204 const char *section,
5205 unsigned section_line,
5206 const char *lvalue,
5207 int ltype,
5208 const char *rvalue,
5209 void *data,
5210 void *userdata) {
5211
5212 int r;
5213
5214 assert(filename);
5215 assert(lvalue);
5216 assert(rvalue);
5217 assert(data);
5218
5219 r = parse_crash_chvt(rvalue, data);
5220 if (r < 0) {
5221 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse CrashChangeVT= setting, ignoring: %s", rvalue);
5222 return 0;
5223 }
5224
5225 return 0;
5226 }
5227
5228 int config_parse_swap_priority(
5229 const char *unit,
5230 const char *filename,
5231 unsigned line,
5232 const char *section,
5233 unsigned section_line,
5234 const char *lvalue,
5235 int ltype,
5236 const char *rvalue,
5237 void *data,
5238 void *userdata) {
5239
5240 Swap *s = userdata;
5241 int r, priority;
5242
5243 assert(s);
5244 assert(filename);
5245 assert(lvalue);
5246 assert(rvalue);
5247 assert(data);
5248
5249 if (isempty(rvalue)) {
5250 s->parameters_fragment.priority = -1;
5251 s->parameters_fragment.priority_set = false;
5252 return 0;
5253 }
5254
5255 r = safe_atoi(rvalue, &priority);
5256 if (r < 0) {
5257 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid swap priority '%s', ignoring.", rvalue);
5258 return 0;
5259 }
5260
5261 if (priority < -1) {
5262 log_syntax(unit, LOG_ERR, filename, line, 0, "Sorry, swap priorities smaller than -1 may only be assigned by the kernel itself, ignoring: %s", rvalue);
5263 return 0;
5264 }
5265
5266 if (priority > 32767) {
5267 log_syntax(unit, LOG_ERR, filename, line, 0, "Swap priority out of range, ignoring: %s", rvalue);
5268 return 0;
5269 }
5270
5271 s->parameters_fragment.priority = priority;
5272 s->parameters_fragment.priority_set = true;
5273 return 0;
5274 }
Unnamed repository; edit this file 'description' to name the repository.