]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/load-fragment.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
core: add new LogNamespace= execution setting
[thirdparty/systemd.git] / src / core / load-fragment.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 Copyright © 2012 Holger Hans Peter Freyther
4 ***/
5
6 #include <errno.h>
7 #include <fcntl.h>
8 #include <linux/fs.h>
9 #include <linux/oom.h>
10 #if HAVE_SECCOMP
11 #include <seccomp.h>
12 #endif
13 #include <sched.h>
14 #include <sys/resource.h>
15
16 #include "af-list.h"
17 #include "alloc-util.h"
18 #include "all-units.h"
19 #include "bpf-firewall.h"
20 #include "bus-error.h"
21 #include "bus-internal.h"
22 #include "bus-util.h"
23 #include "cap-list.h"
24 #include "capability-util.h"
25 #include "cgroup-setup.h"
26 #include "conf-parser.h"
27 #include "cpu-set-util.h"
28 #include "env-util.h"
29 #include "errno-list.h"
30 #include "escape.h"
31 #include "fd-util.h"
32 #include "fs-util.h"
33 #include "hexdecoct.h"
34 #include "io-util.h"
35 #include "ioprio.h"
36 #include "ip-protocol-list.h"
37 #include "journal-util.h"
38 #include "limits-util.h"
39 #include "load-fragment.h"
40 #include "log.h"
41 #include "mountpoint-util.h"
42 #include "nulstr-util.h"
43 #include "parse-util.h"
44 #include "path-util.h"
45 #include "process-util.h"
46 #if HAVE_SECCOMP
47 #include "seccomp-util.h"
48 #endif
49 #include "securebits-util.h"
50 #include "signal-util.h"
51 #include "socket-netlink.h"
52 #include "stat-util.h"
53 #include "string-util.h"
54 #include "strv.h"
55 #include "syslog-util.h"
56 #include "time-util.h"
57 #include "unit-name.h"
58 #include "unit-printf.h"
59 #include "user-util.h"
60 #include "web-util.h"
61
62 static int parse_socket_protocol(const char *s) {
63 int r;
64
65 r = parse_ip_protocol(s);
66 if (r < 0)
67 return r;
68 if (!IN_SET(r, IPPROTO_UDPLITE, IPPROTO_SCTP))
69 return -EPROTONOSUPPORT;
70
71 return r;
72 }
73
74 int parse_crash_chvt(const char *value, int *data) {
75 int b;
76
77 if (safe_atoi(value, data) >= 0)
78 return 0;
79
80 b = parse_boolean(value);
81 if (b < 0)
82 return b;
83
84 if (b > 0)
85 *data = 0; /* switch to where kmsg goes */
86 else
87 *data = -1; /* turn off switching */
88
89 return 0;
90 }
91
92 int parse_confirm_spawn(const char *value, char **console) {
93 char *s;
94 int r;
95
96 r = value ? parse_boolean(value) : 1;
97 if (r == 0) {
98 *console = NULL;
99 return 0;
100 } else if (r > 0) /* on with default tty */
101 s = strdup("/dev/console");
102 else if (is_path(value)) /* on with fully qualified path */
103 s = strdup(value);
104 else /* on with only a tty file name, not a fully qualified path */
105 s = path_join("/dev/", value);
106 if (!s)
107 return -ENOMEM;
108
109 *console = s;
110 return 0;
111 }
112
113 DEFINE_CONFIG_PARSE(config_parse_socket_protocol, parse_socket_protocol, "Failed to parse socket protocol");
114 DEFINE_CONFIG_PARSE(config_parse_exec_secure_bits, secure_bits_from_string, "Failed to parse secure bits");
115 DEFINE_CONFIG_PARSE_ENUM(config_parse_collect_mode, collect_mode, CollectMode, "Failed to parse garbage collection mode");
116 DEFINE_CONFIG_PARSE_ENUM(config_parse_device_policy, cgroup_device_policy, CGroupDevicePolicy, "Failed to parse device policy");
117 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_keyring_mode, exec_keyring_mode, ExecKeyringMode, "Failed to parse keyring mode");
118 DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_utmp_mode, exec_utmp_mode, ExecUtmpMode, "Failed to parse utmp mode");
119 DEFINE_CONFIG_PARSE_ENUM(config_parse_job_mode, job_mode, JobMode, "Failed to parse job mode");
120 DEFINE_CONFIG_PARSE_ENUM(config_parse_kill_mode, kill_mode, KillMode, "Failed to parse kill mode");
121 DEFINE_CONFIG_PARSE_ENUM(config_parse_notify_access, notify_access, NotifyAccess, "Failed to parse notify access specifier");
122 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_home, protect_home, ProtectHome, "Failed to parse protect home value");
123 DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_system, protect_system, ProtectSystem, "Failed to parse protect system value");
124 DEFINE_CONFIG_PARSE_ENUM(config_parse_runtime_preserve_mode, exec_preserve_mode, ExecPreserveMode, "Failed to parse runtime directory preserve mode");
125 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_type, service_type, ServiceType, "Failed to parse service type");
126 DEFINE_CONFIG_PARSE_ENUM(config_parse_service_restart, service_restart, ServiceRestart, "Failed to parse service restart specifier");
127 DEFINE_CONFIG_PARSE_ENUM(config_parse_socket_bind, socket_address_bind_ipv6_only_or_bool, SocketAddressBindIPv6Only, "Failed to parse bind IPv6 only value");
128 DEFINE_CONFIG_PARSE_ENUM(config_parse_oom_policy, oom_policy, OOMPolicy, "Failed to parse OOM policy");
129 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_ip_tos, ip_tos, int, -1, "Failed to parse IP TOS value");
130 DEFINE_CONFIG_PARSE_PTR(config_parse_blockio_weight, cg_blkio_weight_parse, uint64_t, "Invalid block IO weight");
131 DEFINE_CONFIG_PARSE_PTR(config_parse_cg_weight, cg_weight_parse, uint64_t, "Invalid weight");
132 DEFINE_CONFIG_PARSE_PTR(config_parse_cpu_shares, cg_cpu_shares_parse, uint64_t, "Invalid CPU shares");
133 DEFINE_CONFIG_PARSE_PTR(config_parse_exec_mount_flags, mount_propagation_flags_from_string, unsigned long, "Failed to parse mount flag");
134 DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_numa_policy, mpol, int, -1, "Invalid NUMA policy type");
135 DEFINE_CONFIG_PARSE_ENUM(config_parse_status_unit_format, status_unit_format, StatusUnitFormat, "Failed to parse status unit format");
136
137 int config_parse_unit_deps(
138 const char *unit,
139 const char *filename,
140 unsigned line,
141 const char *section,
142 unsigned section_line,
143 const char *lvalue,
144 int ltype,
145 const char *rvalue,
146 void *data,
147 void *userdata) {
148
149 UnitDependency d = ltype;
150 Unit *u = userdata;
151 const char *p;
152
153 assert(filename);
154 assert(lvalue);
155 assert(rvalue);
156
157 p = rvalue;
158 for (;;) {
159 _cleanup_free_ char *word = NULL, *k = NULL;
160 int r;
161
162 r = extract_first_word(&p, &word, NULL, EXTRACT_RETAIN_ESCAPE);
163 if (r == 0)
164 break;
165 if (r == -ENOMEM)
166 return log_oom();
167 if (r < 0) {
168 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
169 break;
170 }
171
172 r = unit_name_printf(u, word, &k);
173 if (r < 0) {
174 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
175 continue;
176 }
177
178 r = unit_add_dependency_by_name(u, d, k, true, UNIT_DEPENDENCY_FILE);
179 if (r < 0)
180 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
181 }
182
183 return 0;
184 }
185
186 int config_parse_obsolete_unit_deps(
187 const char *unit,
188 const char *filename,
189 unsigned line,
190 const char *section,
191 unsigned section_line,
192 const char *lvalue,
193 int ltype,
194 const char *rvalue,
195 void *data,
196 void *userdata) {
197
198 log_syntax(unit, LOG_WARNING, filename, line, 0,
199 "Unit dependency type %s= is obsolete, replacing by %s=, please update your unit file", lvalue, unit_dependency_to_string(ltype));
200
201 return config_parse_unit_deps(unit, filename, line, section, section_line, lvalue, ltype, rvalue, data, userdata);
202 }
203
204 int config_parse_unit_string_printf(
205 const char *unit,
206 const char *filename,
207 unsigned line,
208 const char *section,
209 unsigned section_line,
210 const char *lvalue,
211 int ltype,
212 const char *rvalue,
213 void *data,
214 void *userdata) {
215
216 _cleanup_free_ char *k = NULL;
217 const Unit *u = userdata;
218 int r;
219
220 assert(filename);
221 assert(lvalue);
222 assert(rvalue);
223 assert(u);
224
225 r = unit_full_printf(u, rvalue, &k);
226 if (r < 0) {
227 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
228 return 0;
229 }
230
231 return config_parse_string(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
232 }
233
234 int config_parse_unit_strv_printf(
235 const char *unit,
236 const char *filename,
237 unsigned line,
238 const char *section,
239 unsigned section_line,
240 const char *lvalue,
241 int ltype,
242 const char *rvalue,
243 void *data,
244 void *userdata) {
245
246 const Unit *u = userdata;
247 _cleanup_free_ char *k = NULL;
248 int r;
249
250 assert(filename);
251 assert(lvalue);
252 assert(rvalue);
253 assert(u);
254
255 r = unit_full_printf(u, rvalue, &k);
256 if (r < 0) {
257 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
258 return 0;
259 }
260
261 return config_parse_strv(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
262 }
263
264 int config_parse_unit_path_printf(
265 const char *unit,
266 const char *filename,
267 unsigned line,
268 const char *section,
269 unsigned section_line,
270 const char *lvalue,
271 int ltype,
272 const char *rvalue,
273 void *data,
274 void *userdata) {
275
276 _cleanup_free_ char *k = NULL;
277 const Unit *u = userdata;
278 int r;
279 bool fatal = ltype;
280
281 assert(filename);
282 assert(lvalue);
283 assert(rvalue);
284 assert(u);
285
286 /* Let's not bother with anything that is too long */
287 if (strlen(rvalue) >= PATH_MAX) {
288 log_syntax(unit, LOG_ERR, filename, line, 0,
289 "%s value too long%s.",
290 lvalue, fatal ? "" : ", ignoring");
291 return fatal ? -ENAMETOOLONG : 0;
292 }
293
294 r = unit_full_printf(u, rvalue, &k);
295 if (r < 0) {
296 log_syntax(unit, LOG_ERR, filename, line, r,
297 "Failed to resolve unit specifiers in '%s'%s: %m",
298 rvalue, fatal ? "" : ", ignoring");
299 return fatal ? -ENOEXEC : 0;
300 }
301
302 return config_parse_path(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
303 }
304
305 int config_parse_unit_path_strv_printf(
306 const char *unit,
307 const char *filename,
308 unsigned line,
309 const char *section,
310 unsigned section_line,
311 const char *lvalue,
312 int ltype,
313 const char *rvalue,
314 void *data,
315 void *userdata) {
316
317 char ***x = data;
318 const Unit *u = userdata;
319 int r;
320 const char *p;
321
322 assert(filename);
323 assert(lvalue);
324 assert(rvalue);
325 assert(u);
326
327 if (isempty(rvalue)) {
328 *x = strv_free(*x);
329 return 0;
330 }
331
332 for (p = rvalue;;) {
333 _cleanup_free_ char *word = NULL, *k = NULL;
334
335 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
336 if (r == 0)
337 return 0;
338 if (r == -ENOMEM)
339 return log_oom();
340 if (r < 0) {
341 log_syntax(unit, LOG_WARNING, filename, line, r,
342 "Invalid syntax, ignoring: %s", rvalue);
343 return 0;
344 }
345
346 r = unit_full_printf(u, word, &k);
347 if (r < 0) {
348 log_syntax(unit, LOG_ERR, filename, line, r,
349 "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
350 return 0;
351 }
352
353 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
354 if (r < 0)
355 return 0;
356
357 r = strv_consume(x, TAKE_PTR(k));
358 if (r < 0)
359 return log_oom();
360 }
361 }
362
363 static int patch_var_run(
364 const char *unit,
365 const char *filename,
366 unsigned line,
367 const char *lvalue,
368 char **path) {
369
370 const char *e;
371 char *z;
372
373 e = path_startswith(*path, "/var/run/");
374 if (!e)
375 return 0;
376
377 z = path_join("/run/", e);
378 if (!z)
379 return log_oom();
380
381 log_syntax(unit, LOG_NOTICE, filename, line, 0,
382 "%s= references a path below legacy directory /var/run/, updating %s → %s; "
383 "please update the unit file accordingly.", lvalue, *path, z);
384
385 free_and_replace(*path, z);
386
387 return 1;
388 }
389
390 int config_parse_socket_listen(
391 const char *unit,
392 const char *filename,
393 unsigned line,
394 const char *section,
395 unsigned section_line,
396 const char *lvalue,
397 int ltype,
398 const char *rvalue,
399 void *data,
400 void *userdata) {
401
402 _cleanup_free_ SocketPort *p = NULL;
403 SocketPort *tail;
404 Socket *s;
405 int r;
406
407 assert(filename);
408 assert(lvalue);
409 assert(rvalue);
410 assert(data);
411
412 s = SOCKET(data);
413
414 if (isempty(rvalue)) {
415 /* An empty assignment removes all ports */
416 socket_free_ports(s);
417 return 0;
418 }
419
420 p = new0(SocketPort, 1);
421 if (!p)
422 return log_oom();
423
424 if (ltype != SOCKET_SOCKET) {
425 _cleanup_free_ char *k = NULL;
426
427 r = unit_full_printf(UNIT(s), rvalue, &k);
428 if (r < 0) {
429 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
430 return 0;
431 }
432
433 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
434 if (r < 0)
435 return 0;
436
437 if (ltype == SOCKET_FIFO) {
438 r = patch_var_run(unit, filename, line, lvalue, &k);
439 if (r < 0)
440 return r;
441 }
442
443 free_and_replace(p->path, k);
444 p->type = ltype;
445
446 } else if (streq(lvalue, "ListenNetlink")) {
447 _cleanup_free_ char *k = NULL;
448
449 r = unit_full_printf(UNIT(s), rvalue, &k);
450 if (r < 0) {
451 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
452 return 0;
453 }
454
455 r = socket_address_parse_netlink(&p->address, k);
456 if (r < 0) {
457 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse address value in '%s', ignoring: %m", k);
458 return 0;
459 }
460
461 p->type = SOCKET_SOCKET;
462
463 } else {
464 _cleanup_free_ char *k = NULL;
465
466 r = unit_full_printf(UNIT(s), rvalue, &k);
467 if (r < 0) {
468 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
469 return 0;
470 }
471
472 if (k[0] == '/') { /* Only for AF_UNIX file system sockets… */
473 r = patch_var_run(unit, filename, line, lvalue, &k);
474 if (r < 0)
475 return r;
476 }
477
478 r = socket_address_parse_and_warn(&p->address, k);
479 if (r < 0) {
480 if (r != -EAFNOSUPPORT)
481 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse address value in '%s', ignoring: %m", k);
482 return 0;
483 }
484
485 if (streq(lvalue, "ListenStream"))
486 p->address.type = SOCK_STREAM;
487 else if (streq(lvalue, "ListenDatagram"))
488 p->address.type = SOCK_DGRAM;
489 else {
490 assert(streq(lvalue, "ListenSequentialPacket"));
491 p->address.type = SOCK_SEQPACKET;
492 }
493
494 if (socket_address_family(&p->address) != AF_LOCAL && p->address.type == SOCK_SEQPACKET) {
495 log_syntax(unit, LOG_ERR, filename, line, 0, "Address family not supported, ignoring: %s", rvalue);
496 return 0;
497 }
498
499 p->type = SOCKET_SOCKET;
500 }
501
502 p->fd = -1;
503 p->auxiliary_fds = NULL;
504 p->n_auxiliary_fds = 0;
505 p->socket = s;
506
507 LIST_FIND_TAIL(port, s->ports, tail);
508 LIST_INSERT_AFTER(port, s->ports, tail, p);
509
510 p = NULL;
511
512 return 0;
513 }
514
515 int config_parse_exec_nice(
516 const char *unit,
517 const char *filename,
518 unsigned line,
519 const char *section,
520 unsigned section_line,
521 const char *lvalue,
522 int ltype,
523 const char *rvalue,
524 void *data,
525 void *userdata) {
526
527 ExecContext *c = data;
528 int priority, r;
529
530 assert(filename);
531 assert(lvalue);
532 assert(rvalue);
533 assert(data);
534
535 if (isempty(rvalue)) {
536 c->nice_set = false;
537 return 0;
538 }
539
540 r = parse_nice(rvalue, &priority);
541 if (r < 0) {
542 if (r == -ERANGE)
543 log_syntax(unit, LOG_ERR, filename, line, r, "Nice priority out of range, ignoring: %s", rvalue);
544 else
545 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse nice priority '%s', ignoring: %m", rvalue);
546 return 0;
547 }
548
549 c->nice = priority;
550 c->nice_set = true;
551
552 return 0;
553 }
554
555 int config_parse_exec_oom_score_adjust(
556 const char* unit,
557 const char *filename,
558 unsigned line,
559 const char *section,
560 unsigned section_line,
561 const char *lvalue,
562 int ltype,
563 const char *rvalue,
564 void *data,
565 void *userdata) {
566
567 ExecContext *c = data;
568 int oa, r;
569
570 assert(filename);
571 assert(lvalue);
572 assert(rvalue);
573 assert(data);
574
575 if (isempty(rvalue)) {
576 c->oom_score_adjust_set = false;
577 return 0;
578 }
579
580 r = parse_oom_score_adjust(rvalue, &oa);
581 if (r < 0) {
582 if (r == -ERANGE)
583 log_syntax(unit, LOG_ERR, filename, line, r, "OOM score adjust value out of range, ignoring: %s", rvalue);
584 else
585 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse the OOM score adjust value '%s', ignoring: %m", rvalue);
586 return 0;
587 }
588
589 c->oom_score_adjust = oa;
590 c->oom_score_adjust_set = true;
591
592 return 0;
593 }
594
595 int config_parse_exec(
596 const char *unit,
597 const char *filename,
598 unsigned line,
599 const char *section,
600 unsigned section_line,
601 const char *lvalue,
602 int ltype,
603 const char *rvalue,
604 void *data,
605 void *userdata) {
606
607 ExecCommand **e = data;
608 const Unit *u = userdata;
609 const char *p;
610 bool semicolon;
611 int r;
612
613 assert(filename);
614 assert(lvalue);
615 assert(rvalue);
616 assert(e);
617
618 e += ltype;
619
620 if (isempty(rvalue)) {
621 /* An empty assignment resets the list */
622 *e = exec_command_free_list(*e);
623 return 0;
624 }
625
626 p = rvalue;
627 do {
628 _cleanup_free_ char *path = NULL, *firstword = NULL;
629 ExecCommandFlags flags = 0;
630 bool ignore = false, separate_argv0 = false;
631 _cleanup_free_ ExecCommand *nce = NULL;
632 _cleanup_strv_free_ char **n = NULL;
633 size_t nlen = 0, nbufsize = 0;
634 const char *f;
635
636 semicolon = false;
637
638 r = extract_first_word_and_warn(&p, &firstword, NULL, EXTRACT_UNQUOTE|EXTRACT_CUNESCAPE, unit, filename, line, rvalue);
639 if (r <= 0)
640 return 0;
641
642 f = firstword;
643 for (;;) {
644 /* We accept an absolute path as first argument. If it's prefixed with - and the path doesn't
645 * exist, we ignore it instead of erroring out; if it's prefixed with @, we allow overriding of
646 * argv[0]; if it's prefixed with :, we will not do environment variable substitution;
647 * if it's prefixed with +, it will be run with full privileges and no sandboxing; if
648 * it's prefixed with '!' we apply sandboxing, but do not change user/group credentials; if
649 * it's prefixed with '!!', then we apply user/group credentials if the kernel supports ambient
650 * capabilities -- if it doesn't we don't apply the credentials themselves, but do apply most
651 * other sandboxing, with some special exceptions for changing UID.
652 *
653 * The idea is that '!!' may be used to write services that can take benefit of systemd's
654 * UID/GID dropping if the kernel supports ambient creds, but provide an automatic fallback to
655 * privilege dropping within the daemon if the kernel does not offer that. */
656
657 if (*f == '-' && !(flags & EXEC_COMMAND_IGNORE_FAILURE)) {
658 flags |= EXEC_COMMAND_IGNORE_FAILURE;
659 ignore = true;
660 } else if (*f == '@' && !separate_argv0)
661 separate_argv0 = true;
662 else if (*f == ':' && !(flags & EXEC_COMMAND_NO_ENV_EXPAND))
663 flags |= EXEC_COMMAND_NO_ENV_EXPAND;
664 else if (*f == '+' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_NO_SETUID|EXEC_COMMAND_AMBIENT_MAGIC)))
665 flags |= EXEC_COMMAND_FULLY_PRIVILEGED;
666 else if (*f == '!' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_NO_SETUID|EXEC_COMMAND_AMBIENT_MAGIC)))
667 flags |= EXEC_COMMAND_NO_SETUID;
668 else if (*f == '!' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_AMBIENT_MAGIC))) {
669 flags &= ~EXEC_COMMAND_NO_SETUID;
670 flags |= EXEC_COMMAND_AMBIENT_MAGIC;
671 } else
672 break;
673 f++;
674 }
675
676 r = unit_full_printf(u, f, &path);
677 if (r < 0) {
678 log_syntax(unit, LOG_ERR, filename, line, r,
679 "Failed to resolve unit specifiers in '%s'%s: %m",
680 f, ignore ? ", ignoring" : "");
681 return ignore ? 0 : -ENOEXEC;
682 }
683
684 if (isempty(path)) {
685 /* First word is either "-" or "@" with no command. */
686 log_syntax(unit, LOG_ERR, filename, line, 0,
687 "Empty path in command line%s: '%s'",
688 ignore ? ", ignoring" : "", rvalue);
689 return ignore ? 0 : -ENOEXEC;
690 }
691 if (!string_is_safe(path)) {
692 log_syntax(unit, LOG_ERR, filename, line, 0,
693 "Executable name contains special characters%s: %s",
694 ignore ? ", ignoring" : "", path);
695 return ignore ? 0 : -ENOEXEC;
696 }
697 if (endswith(path, "/")) {
698 log_syntax(unit, LOG_ERR, filename, line, 0,
699 "Executable path specifies a directory%s: %s",
700 ignore ? ", ignoring" : "", path);
701 return ignore ? 0 : -ENOEXEC;
702 }
703
704 if (!path_is_absolute(path)) {
705 const char *prefix;
706 bool found = false;
707
708 if (!filename_is_valid(path)) {
709 log_syntax(unit, LOG_ERR, filename, line, 0,
710 "Neither a valid executable name nor an absolute path%s: %s",
711 ignore ? ", ignoring" : "", path);
712 return ignore ? 0 : -ENOEXEC;
713 }
714
715 /* Resolve a single-component name to a full path */
716 NULSTR_FOREACH(prefix, DEFAULT_PATH_NULSTR) {
717 _cleanup_free_ char *fullpath = NULL;
718
719 fullpath = path_join(prefix, path);
720 if (!fullpath)
721 return log_oom();
722
723 if (access(fullpath, F_OK) >= 0) {
724 free_and_replace(path, fullpath);
725 found = true;
726 break;
727 }
728 }
729
730 if (!found) {
731 log_syntax(unit, LOG_ERR, filename, line, 0,
732 "Executable \"%s\" not found in path \"%s\"%s",
733 path, DEFAULT_PATH, ignore ? ", ignoring" : "");
734 return ignore ? 0 : -ENOEXEC;
735 }
736 }
737
738 if (!separate_argv0) {
739 char *w = NULL;
740
741 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
742 return log_oom();
743
744 w = strdup(path);
745 if (!w)
746 return log_oom();
747 n[nlen++] = w;
748 n[nlen] = NULL;
749 }
750
751 path_simplify(path, false);
752
753 while (!isempty(p)) {
754 _cleanup_free_ char *word = NULL, *resolved = NULL;
755
756 /* Check explicitly for an unquoted semicolon as
757 * command separator token. */
758 if (p[0] == ';' && (!p[1] || strchr(WHITESPACE, p[1]))) {
759 p++;
760 p += strspn(p, WHITESPACE);
761 semicolon = true;
762 break;
763 }
764
765 /* Check for \; explicitly, to not confuse it with \\; or "\;" or "\\;" etc.
766 * extract_first_word() would return the same for all of those. */
767 if (p[0] == '\\' && p[1] == ';' && (!p[2] || strchr(WHITESPACE, p[2]))) {
768 char *w;
769
770 p += 2;
771 p += strspn(p, WHITESPACE);
772
773 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
774 return log_oom();
775
776 w = strdup(";");
777 if (!w)
778 return log_oom();
779 n[nlen++] = w;
780 n[nlen] = NULL;
781 continue;
782 }
783
784 r = extract_first_word_and_warn(&p, &word, NULL, EXTRACT_UNQUOTE|EXTRACT_CUNESCAPE, unit, filename, line, rvalue);
785 if (r == 0)
786 break;
787 if (r < 0)
788 return ignore ? 0 : -ENOEXEC;
789
790 r = unit_full_printf(u, word, &resolved);
791 if (r < 0) {
792 log_syntax(unit, LOG_ERR, filename, line, r,
793 "Failed to resolve unit specifiers in %s%s: %m",
794 word, ignore ? ", ignoring" : "");
795 return ignore ? 0 : -ENOEXEC;
796 }
797
798 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
799 return log_oom();
800
801 n[nlen++] = TAKE_PTR(resolved);
802 n[nlen] = NULL;
803 }
804
805 if (!n || !n[0]) {
806 log_syntax(unit, LOG_ERR, filename, line, 0,
807 "Empty executable name or zeroeth argument%s: %s",
808 ignore ? ", ignoring" : "", rvalue);
809 return ignore ? 0 : -ENOEXEC;
810 }
811
812 nce = new0(ExecCommand, 1);
813 if (!nce)
814 return log_oom();
815
816 nce->argv = TAKE_PTR(n);
817 nce->path = TAKE_PTR(path);
818 nce->flags = flags;
819
820 exec_command_append_list(e, nce);
821
822 /* Do not _cleanup_free_ these. */
823 nce = NULL;
824
825 rvalue = p;
826 } while (semicolon);
827
828 return 0;
829 }
830
831 int config_parse_socket_bindtodevice(
832 const char* unit,
833 const char *filename,
834 unsigned line,
835 const char *section,
836 unsigned section_line,
837 const char *lvalue,
838 int ltype,
839 const char *rvalue,
840 void *data,
841 void *userdata) {
842
843 Socket *s = data;
844
845 assert(filename);
846 assert(lvalue);
847 assert(rvalue);
848 assert(data);
849
850 if (isempty(rvalue) || streq(rvalue, "*")) {
851 s->bind_to_device = mfree(s->bind_to_device);
852 return 0;
853 }
854
855 if (!ifname_valid(rvalue)) {
856 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid interface name, ignoring: %s", rvalue);
857 return 0;
858 }
859
860 if (free_and_strdup(&s->bind_to_device, rvalue) < 0)
861 return log_oom();
862
863 return 0;
864 }
865
866 int config_parse_exec_input(
867 const char *unit,
868 const char *filename,
869 unsigned line,
870 const char *section,
871 unsigned section_line,
872 const char *lvalue,
873 int ltype,
874 const char *rvalue,
875 void *data,
876 void *userdata) {
877
878 ExecContext *c = data;
879 const Unit *u = userdata;
880 const char *n;
881 ExecInput ei;
882 int r;
883
884 assert(data);
885 assert(filename);
886 assert(line);
887 assert(rvalue);
888
889 n = startswith(rvalue, "fd:");
890 if (n) {
891 _cleanup_free_ char *resolved = NULL;
892
893 r = unit_full_printf(u, n, &resolved);
894 if (r < 0)
895 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s': %m", n);
896
897 if (isempty(resolved))
898 resolved = mfree(resolved);
899 else if (!fdname_is_valid(resolved)) {
900 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid file descriptor name: %s", resolved);
901 return -ENOEXEC;
902 }
903
904 free_and_replace(c->stdio_fdname[STDIN_FILENO], resolved);
905
906 ei = EXEC_INPUT_NAMED_FD;
907
908 } else if ((n = startswith(rvalue, "file:"))) {
909 _cleanup_free_ char *resolved = NULL;
910
911 r = unit_full_printf(u, n, &resolved);
912 if (r < 0)
913 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s': %m", n);
914
915 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
916 if (r < 0)
917 return -ENOEXEC;
918
919 free_and_replace(c->stdio_file[STDIN_FILENO], resolved);
920
921 ei = EXEC_INPUT_FILE;
922
923 } else {
924 ei = exec_input_from_string(rvalue);
925 if (ei < 0) {
926 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse input specifier, ignoring: %s", rvalue);
927 return 0;
928 }
929 }
930
931 c->std_input = ei;
932 return 0;
933 }
934
935 int config_parse_exec_input_text(
936 const char *unit,
937 const char *filename,
938 unsigned line,
939 const char *section,
940 unsigned section_line,
941 const char *lvalue,
942 int ltype,
943 const char *rvalue,
944 void *data,
945 void *userdata) {
946
947 _cleanup_free_ char *unescaped = NULL, *resolved = NULL;
948 ExecContext *c = data;
949 const Unit *u = userdata;
950 size_t sz;
951 void *p;
952 int r;
953
954 assert(data);
955 assert(filename);
956 assert(line);
957 assert(rvalue);
958
959 if (isempty(rvalue)) {
960 /* Reset if the empty string is assigned */
961 c->stdin_data = mfree(c->stdin_data);
962 c->stdin_data_size = 0;
963 return 0;
964 }
965
966 r = cunescape(rvalue, 0, &unescaped);
967 if (r < 0)
968 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to decode C escaped text '%s': %m", rvalue);
969
970 r = unit_full_printf(u, unescaped, &resolved);
971 if (r < 0)
972 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s': %m", unescaped);
973
974 sz = strlen(resolved);
975 if (c->stdin_data_size + sz + 1 < c->stdin_data_size || /* check for overflow */
976 c->stdin_data_size + sz + 1 > EXEC_STDIN_DATA_MAX) {
977 log_syntax(unit, LOG_ERR, filename, line, 0, "Standard input data too large (%zu), maximum of %zu permitted, ignoring.", c->stdin_data_size + sz, (size_t) EXEC_STDIN_DATA_MAX);
978 return -E2BIG;
979 }
980
981 p = realloc(c->stdin_data, c->stdin_data_size + sz + 1);
982 if (!p)
983 return log_oom();
984
985 *((char*) mempcpy((char*) p + c->stdin_data_size, resolved, sz)) = '\n';
986
987 c->stdin_data = p;
988 c->stdin_data_size += sz + 1;
989
990 return 0;
991 }
992
993 int config_parse_exec_input_data(
994 const char *unit,
995 const char *filename,
996 unsigned line,
997 const char *section,
998 unsigned section_line,
999 const char *lvalue,
1000 int ltype,
1001 const char *rvalue,
1002 void *data,
1003 void *userdata) {
1004
1005 _cleanup_free_ void *p = NULL;
1006 ExecContext *c = data;
1007 size_t sz;
1008 void *q;
1009 int r;
1010
1011 assert(data);
1012 assert(filename);
1013 assert(line);
1014 assert(rvalue);
1015
1016 if (isempty(rvalue)) {
1017 /* Reset if the empty string is assigned */
1018 c->stdin_data = mfree(c->stdin_data);
1019 c->stdin_data_size = 0;
1020 return 0;
1021 }
1022
1023 r = unbase64mem(rvalue, (size_t) -1, &p, &sz);
1024 if (r < 0)
1025 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to decode base64 data, ignoring: %s", rvalue);
1026
1027 assert(sz > 0);
1028
1029 if (c->stdin_data_size + sz < c->stdin_data_size || /* check for overflow */
1030 c->stdin_data_size + sz > EXEC_STDIN_DATA_MAX) {
1031 log_syntax(unit, LOG_ERR, filename, line, 0, "Standard input data too large (%zu), maximum of %zu permitted, ignoring.", c->stdin_data_size + sz, (size_t) EXEC_STDIN_DATA_MAX);
1032 return -E2BIG;
1033 }
1034
1035 q = realloc(c->stdin_data, c->stdin_data_size + sz);
1036 if (!q)
1037 return log_oom();
1038
1039 memcpy((uint8_t*) q + c->stdin_data_size, p, sz);
1040
1041 c->stdin_data = q;
1042 c->stdin_data_size += sz;
1043
1044 return 0;
1045 }
1046
1047 int config_parse_exec_output(
1048 const char *unit,
1049 const char *filename,
1050 unsigned line,
1051 const char *section,
1052 unsigned section_line,
1053 const char *lvalue,
1054 int ltype,
1055 const char *rvalue,
1056 void *data,
1057 void *userdata) {
1058
1059 _cleanup_free_ char *resolved = NULL;
1060 const char *n;
1061 ExecContext *c = data;
1062 const Unit *u = userdata;
1063 ExecOutput eo;
1064 int r;
1065
1066 assert(data);
1067 assert(filename);
1068 assert(line);
1069 assert(lvalue);
1070 assert(rvalue);
1071
1072 n = startswith(rvalue, "fd:");
1073 if (n) {
1074 r = unit_full_printf(u, n, &resolved);
1075 if (r < 0)
1076 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", n);
1077
1078 if (isempty(resolved))
1079 resolved = mfree(resolved);
1080 else if (!fdname_is_valid(resolved)) {
1081 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid file descriptor name: %s", resolved);
1082 return -ENOEXEC;
1083 }
1084
1085 eo = EXEC_OUTPUT_NAMED_FD;
1086
1087 } else if ((n = startswith(rvalue, "file:"))) {
1088
1089 r = unit_full_printf(u, n, &resolved);
1090 if (r < 0)
1091 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", n);
1092
1093 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
1094 if (r < 0)
1095 return -ENOEXEC;
1096
1097 eo = EXEC_OUTPUT_FILE;
1098
1099 } else if ((n = startswith(rvalue, "append:"))) {
1100
1101 r = unit_full_printf(u, n, &resolved);
1102 if (r < 0)
1103 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", n);
1104
1105 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
1106 if (r < 0)
1107 return -ENOEXEC;
1108
1109 eo = EXEC_OUTPUT_FILE_APPEND;
1110 } else {
1111 eo = exec_output_from_string(rvalue);
1112 if (eo < 0) {
1113 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse output specifier, ignoring: %s", rvalue);
1114 return 0;
1115 }
1116 }
1117
1118 if (streq(lvalue, "StandardOutput")) {
1119 if (eo == EXEC_OUTPUT_NAMED_FD)
1120 free_and_replace(c->stdio_fdname[STDOUT_FILENO], resolved);
1121 else
1122 free_and_replace(c->stdio_file[STDOUT_FILENO], resolved);
1123
1124 c->std_output = eo;
1125
1126 } else {
1127 assert(streq(lvalue, "StandardError"));
1128
1129 if (eo == EXEC_OUTPUT_NAMED_FD)
1130 free_and_replace(c->stdio_fdname[STDERR_FILENO], resolved);
1131 else
1132 free_and_replace(c->stdio_file[STDERR_FILENO], resolved);
1133
1134 c->std_error = eo;
1135 }
1136
1137 return 0;
1138 }
1139
1140 int config_parse_exec_io_class(const char *unit,
1141 const char *filename,
1142 unsigned line,
1143 const char *section,
1144 unsigned section_line,
1145 const char *lvalue,
1146 int ltype,
1147 const char *rvalue,
1148 void *data,
1149 void *userdata) {
1150
1151 ExecContext *c = data;
1152 int x;
1153
1154 assert(filename);
1155 assert(lvalue);
1156 assert(rvalue);
1157 assert(data);
1158
1159 if (isempty(rvalue)) {
1160 c->ioprio_set = false;
1161 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
1162 return 0;
1163 }
1164
1165 x = ioprio_class_from_string(rvalue);
1166 if (x < 0) {
1167 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse IO scheduling class, ignoring: %s", rvalue);
1168 return 0;
1169 }
1170
1171 c->ioprio = IOPRIO_PRIO_VALUE(x, IOPRIO_PRIO_DATA(c->ioprio));
1172 c->ioprio_set = true;
1173
1174 return 0;
1175 }
1176
1177 int config_parse_exec_io_priority(const char *unit,
1178 const char *filename,
1179 unsigned line,
1180 const char *section,
1181 unsigned section_line,
1182 const char *lvalue,
1183 int ltype,
1184 const char *rvalue,
1185 void *data,
1186 void *userdata) {
1187
1188 ExecContext *c = data;
1189 int i, r;
1190
1191 assert(filename);
1192 assert(lvalue);
1193 assert(rvalue);
1194 assert(data);
1195
1196 if (isempty(rvalue)) {
1197 c->ioprio_set = false;
1198 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
1199 return 0;
1200 }
1201
1202 r = ioprio_parse_priority(rvalue, &i);
1203 if (r < 0) {
1204 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse IO priority, ignoring: %s", rvalue);
1205 return 0;
1206 }
1207
1208 c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_PRIO_CLASS(c->ioprio), i);
1209 c->ioprio_set = true;
1210
1211 return 0;
1212 }
1213
1214 int config_parse_exec_cpu_sched_policy(const char *unit,
1215 const char *filename,
1216 unsigned line,
1217 const char *section,
1218 unsigned section_line,
1219 const char *lvalue,
1220 int ltype,
1221 const char *rvalue,
1222 void *data,
1223 void *userdata) {
1224
1225 ExecContext *c = data;
1226 int x;
1227
1228 assert(filename);
1229 assert(lvalue);
1230 assert(rvalue);
1231 assert(data);
1232
1233 if (isempty(rvalue)) {
1234 c->cpu_sched_set = false;
1235 c->cpu_sched_policy = SCHED_OTHER;
1236 c->cpu_sched_priority = 0;
1237 return 0;
1238 }
1239
1240 x = sched_policy_from_string(rvalue);
1241 if (x < 0) {
1242 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse CPU scheduling policy, ignoring: %s", rvalue);
1243 return 0;
1244 }
1245
1246 c->cpu_sched_policy = x;
1247 /* Moving to or from real-time policy? We need to adjust the priority */
1248 c->cpu_sched_priority = CLAMP(c->cpu_sched_priority, sched_get_priority_min(x), sched_get_priority_max(x));
1249 c->cpu_sched_set = true;
1250
1251 return 0;
1252 }
1253
1254 int config_parse_numa_mask(const char *unit,
1255 const char *filename,
1256 unsigned line,
1257 const char *section,
1258 unsigned section_line,
1259 const char *lvalue,
1260 int ltype,
1261 const char *rvalue,
1262 void *data,
1263 void *userdata) {
1264 int r;
1265 NUMAPolicy *p = data;
1266
1267 assert(filename);
1268 assert(lvalue);
1269 assert(rvalue);
1270 assert(data);
1271
1272 r = parse_cpu_set_extend(rvalue, &p->nodes, true, unit, filename, line, lvalue);
1273 if (r < 0) {
1274 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse NUMA node mask, ignoring: %s", rvalue);
1275 return 0;
1276 }
1277
1278 return r;
1279 }
1280
1281 int config_parse_exec_cpu_sched_prio(const char *unit,
1282 const char *filename,
1283 unsigned line,
1284 const char *section,
1285 unsigned section_line,
1286 const char *lvalue,
1287 int ltype,
1288 const char *rvalue,
1289 void *data,
1290 void *userdata) {
1291
1292 ExecContext *c = data;
1293 int i, min, max, r;
1294
1295 assert(filename);
1296 assert(lvalue);
1297 assert(rvalue);
1298 assert(data);
1299
1300 r = safe_atoi(rvalue, &i);
1301 if (r < 0) {
1302 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse CPU scheduling priority, ignoring: %s", rvalue);
1303 return 0;
1304 }
1305
1306 /* On Linux RR/FIFO range from 1 to 99 and OTHER/BATCH may only be 0 */
1307 min = sched_get_priority_min(c->cpu_sched_policy);
1308 max = sched_get_priority_max(c->cpu_sched_policy);
1309
1310 if (i < min || i > max) {
1311 log_syntax(unit, LOG_ERR, filename, line, 0, "CPU scheduling priority is out of range, ignoring: %s", rvalue);
1312 return 0;
1313 }
1314
1315 c->cpu_sched_priority = i;
1316 c->cpu_sched_set = true;
1317
1318 return 0;
1319 }
1320
1321 int config_parse_exec_cpu_affinity(const char *unit,
1322 const char *filename,
1323 unsigned line,
1324 const char *section,
1325 unsigned section_line,
1326 const char *lvalue,
1327 int ltype,
1328 const char *rvalue,
1329 void *data,
1330 void *userdata) {
1331
1332 ExecContext *c = data;
1333
1334 assert(filename);
1335 assert(lvalue);
1336 assert(rvalue);
1337 assert(data);
1338
1339 return parse_cpu_set_extend(rvalue, &c->cpu_set, true, unit, filename, line, lvalue);
1340 }
1341
1342 int config_parse_capability_set(
1343 const char *unit,
1344 const char *filename,
1345 unsigned line,
1346 const char *section,
1347 unsigned section_line,
1348 const char *lvalue,
1349 int ltype,
1350 const char *rvalue,
1351 void *data,
1352 void *userdata) {
1353
1354 uint64_t *capability_set = data;
1355 uint64_t sum = 0, initial = 0;
1356 bool invert = false;
1357 int r;
1358
1359 assert(filename);
1360 assert(lvalue);
1361 assert(rvalue);
1362 assert(data);
1363
1364 if (rvalue[0] == '~') {
1365 invert = true;
1366 rvalue++;
1367 }
1368
1369 if (streq(lvalue, "CapabilityBoundingSet"))
1370 initial = CAP_ALL; /* initialized to all bits on */
1371 /* else "AmbientCapabilities" initialized to all bits off */
1372
1373 r = capability_set_from_string(rvalue, &sum);
1374 if (r < 0) {
1375 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s= specifier '%s', ignoring: %m", lvalue, rvalue);
1376 return 0;
1377 }
1378
1379 if (sum == 0 || *capability_set == initial)
1380 /* "", "~" or uninitialized data -> replace */
1381 *capability_set = invert ? ~sum : sum;
1382 else {
1383 /* previous data -> merge */
1384 if (invert)
1385 *capability_set &= ~sum;
1386 else
1387 *capability_set |= sum;
1388 }
1389
1390 return 0;
1391 }
1392
1393 int config_parse_exec_selinux_context(
1394 const char *unit,
1395 const char *filename,
1396 unsigned line,
1397 const char *section,
1398 unsigned section_line,
1399 const char *lvalue,
1400 int ltype,
1401 const char *rvalue,
1402 void *data,
1403 void *userdata) {
1404
1405 ExecContext *c = data;
1406 const Unit *u = userdata;
1407 bool ignore;
1408 char *k;
1409 int r;
1410
1411 assert(filename);
1412 assert(lvalue);
1413 assert(rvalue);
1414 assert(data);
1415
1416 if (isempty(rvalue)) {
1417 c->selinux_context = mfree(c->selinux_context);
1418 c->selinux_context_ignore = false;
1419 return 0;
1420 }
1421
1422 if (rvalue[0] == '-') {
1423 ignore = true;
1424 rvalue++;
1425 } else
1426 ignore = false;
1427
1428 r = unit_full_printf(u, rvalue, &k);
1429 if (r < 0) {
1430 log_syntax(unit, LOG_ERR, filename, line, r,
1431 "Failed to resolve unit specifiers in '%s'%s: %m",
1432 rvalue, ignore ? ", ignoring" : "");
1433 return ignore ? 0 : -ENOEXEC;
1434 }
1435
1436 free_and_replace(c->selinux_context, k);
1437 c->selinux_context_ignore = ignore;
1438
1439 return 0;
1440 }
1441
1442 int config_parse_exec_apparmor_profile(
1443 const char *unit,
1444 const char *filename,
1445 unsigned line,
1446 const char *section,
1447 unsigned section_line,
1448 const char *lvalue,
1449 int ltype,
1450 const char *rvalue,
1451 void *data,
1452 void *userdata) {
1453
1454 ExecContext *c = data;
1455 const Unit *u = userdata;
1456 bool ignore;
1457 char *k;
1458 int r;
1459
1460 assert(filename);
1461 assert(lvalue);
1462 assert(rvalue);
1463 assert(data);
1464
1465 if (isempty(rvalue)) {
1466 c->apparmor_profile = mfree(c->apparmor_profile);
1467 c->apparmor_profile_ignore = false;
1468 return 0;
1469 }
1470
1471 if (rvalue[0] == '-') {
1472 ignore = true;
1473 rvalue++;
1474 } else
1475 ignore = false;
1476
1477 r = unit_full_printf(u, rvalue, &k);
1478 if (r < 0) {
1479 log_syntax(unit, LOG_ERR, filename, line, r,
1480 "Failed to resolve unit specifiers in '%s'%s: %m",
1481 rvalue, ignore ? ", ignoring" : "");
1482 return ignore ? 0 : -ENOEXEC;
1483 }
1484
1485 free_and_replace(c->apparmor_profile, k);
1486 c->apparmor_profile_ignore = ignore;
1487
1488 return 0;
1489 }
1490
1491 int config_parse_exec_smack_process_label(
1492 const char *unit,
1493 const char *filename,
1494 unsigned line,
1495 const char *section,
1496 unsigned section_line,
1497 const char *lvalue,
1498 int ltype,
1499 const char *rvalue,
1500 void *data,
1501 void *userdata) {
1502
1503 ExecContext *c = data;
1504 const Unit *u = userdata;
1505 bool ignore;
1506 char *k;
1507 int r;
1508
1509 assert(filename);
1510 assert(lvalue);
1511 assert(rvalue);
1512 assert(data);
1513
1514 if (isempty(rvalue)) {
1515 c->smack_process_label = mfree(c->smack_process_label);
1516 c->smack_process_label_ignore = false;
1517 return 0;
1518 }
1519
1520 if (rvalue[0] == '-') {
1521 ignore = true;
1522 rvalue++;
1523 } else
1524 ignore = false;
1525
1526 r = unit_full_printf(u, rvalue, &k);
1527 if (r < 0) {
1528 log_syntax(unit, LOG_ERR, filename, line, r,
1529 "Failed to resolve unit specifiers in '%s'%s: %m",
1530 rvalue, ignore ? ", ignoring" : "");
1531 return ignore ? 0 : -ENOEXEC;
1532 }
1533
1534 free_and_replace(c->smack_process_label, k);
1535 c->smack_process_label_ignore = ignore;
1536
1537 return 0;
1538 }
1539
1540 int config_parse_timer(
1541 const char *unit,
1542 const char *filename,
1543 unsigned line,
1544 const char *section,
1545 unsigned section_line,
1546 const char *lvalue,
1547 int ltype,
1548 const char *rvalue,
1549 void *data,
1550 void *userdata) {
1551
1552 _cleanup_(calendar_spec_freep) CalendarSpec *c = NULL;
1553 _cleanup_free_ char *k = NULL;
1554 const Unit *u = userdata;
1555 Timer *t = data;
1556 usec_t usec = 0;
1557 TimerValue *v;
1558 int r;
1559
1560 assert(filename);
1561 assert(lvalue);
1562 assert(rvalue);
1563 assert(data);
1564
1565 if (isempty(rvalue)) {
1566 /* Empty assignment resets list */
1567 timer_free_values(t);
1568 return 0;
1569 }
1570
1571 r = unit_full_printf(u, rvalue, &k);
1572 if (r < 0) {
1573 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
1574 return 0;
1575 }
1576
1577 if (ltype == TIMER_CALENDAR) {
1578 r = calendar_spec_from_string(k, &c);
1579 if (r < 0) {
1580 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse calendar specification, ignoring: %s", k);
1581 return 0;
1582 }
1583 } else {
1584 r = parse_sec(k, &usec);
1585 if (r < 0) {
1586 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse timer value, ignoring: %s", k);
1587 return 0;
1588 }
1589 }
1590
1591 v = new(TimerValue, 1);
1592 if (!v)
1593 return log_oom();
1594
1595 *v = (TimerValue) {
1596 .base = ltype,
1597 .value = usec,
1598 .calendar_spec = TAKE_PTR(c),
1599 };
1600
1601 LIST_PREPEND(value, t->values, v);
1602
1603 return 0;
1604 }
1605
1606 int config_parse_trigger_unit(
1607 const char *unit,
1608 const char *filename,
1609 unsigned line,
1610 const char *section,
1611 unsigned section_line,
1612 const char *lvalue,
1613 int ltype,
1614 const char *rvalue,
1615 void *data,
1616 void *userdata) {
1617
1618 _cleanup_free_ char *p = NULL;
1619 Unit *u = data;
1620 UnitType type;
1621 int r;
1622
1623 assert(filename);
1624 assert(lvalue);
1625 assert(rvalue);
1626 assert(data);
1627
1628 if (!hashmap_isempty(u->dependencies[UNIT_TRIGGERS])) {
1629 log_syntax(unit, LOG_ERR, filename, line, 0, "Multiple units to trigger specified, ignoring: %s", rvalue);
1630 return 0;
1631 }
1632
1633 r = unit_name_printf(u, rvalue, &p);
1634 if (r < 0) {
1635 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
1636 return 0;
1637 }
1638
1639 type = unit_name_to_type(p);
1640 if (type < 0) {
1641 log_syntax(unit, LOG_ERR, filename, line, 0, "Unit type not valid, ignoring: %s", rvalue);
1642 return 0;
1643 }
1644 if (unit_has_name(u, p)) {
1645 log_syntax(unit, LOG_ERR, filename, line, 0, "Units cannot trigger themselves, ignoring: %s", rvalue);
1646 return 0;
1647 }
1648
1649 r = unit_add_two_dependencies_by_name(u, UNIT_BEFORE, UNIT_TRIGGERS, p, true, UNIT_DEPENDENCY_FILE);
1650 if (r < 0) {
1651 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add trigger on %s, ignoring: %m", p);
1652 return 0;
1653 }
1654
1655 return 0;
1656 }
1657
1658 int config_parse_path_spec(const char *unit,
1659 const char *filename,
1660 unsigned line,
1661 const char *section,
1662 unsigned section_line,
1663 const char *lvalue,
1664 int ltype,
1665 const char *rvalue,
1666 void *data,
1667 void *userdata) {
1668
1669 Path *p = data;
1670 PathSpec *s;
1671 PathType b;
1672 _cleanup_free_ char *k = NULL;
1673 int r;
1674
1675 assert(filename);
1676 assert(lvalue);
1677 assert(rvalue);
1678 assert(data);
1679
1680 if (isempty(rvalue)) {
1681 /* Empty assignment clears list */
1682 path_free_specs(p);
1683 return 0;
1684 }
1685
1686 b = path_type_from_string(lvalue);
1687 if (b < 0) {
1688 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse path type, ignoring: %s", lvalue);
1689 return 0;
1690 }
1691
1692 r = unit_full_printf(UNIT(p), rvalue, &k);
1693 if (r < 0) {
1694 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
1695 return 0;
1696 }
1697
1698 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
1699 if (r < 0)
1700 return 0;
1701
1702 s = new0(PathSpec, 1);
1703 if (!s)
1704 return log_oom();
1705
1706 s->unit = UNIT(p);
1707 s->path = TAKE_PTR(k);
1708 s->type = b;
1709 s->inotify_fd = -1;
1710
1711 LIST_PREPEND(spec, p->specs, s);
1712
1713 return 0;
1714 }
1715
1716 int config_parse_socket_service(
1717 const char *unit,
1718 const char *filename,
1719 unsigned line,
1720 const char *section,
1721 unsigned section_line,
1722 const char *lvalue,
1723 int ltype,
1724 const char *rvalue,
1725 void *data,
1726 void *userdata) {
1727
1728 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
1729 _cleanup_free_ char *p = NULL;
1730 Socket *s = data;
1731 Unit *x;
1732 int r;
1733
1734 assert(filename);
1735 assert(lvalue);
1736 assert(rvalue);
1737 assert(data);
1738
1739 r = unit_name_printf(UNIT(s), rvalue, &p);
1740 if (r < 0) {
1741 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", rvalue);
1742 return -ENOEXEC;
1743 }
1744
1745 if (!endswith(p, ".service")) {
1746 log_syntax(unit, LOG_ERR, filename, line, 0, "Unit must be of type service: %s", rvalue);
1747 return -ENOEXEC;
1748 }
1749
1750 r = manager_load_unit(UNIT(s)->manager, p, NULL, &error, &x);
1751 if (r < 0) {
1752 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to load unit %s: %s", rvalue, bus_error_message(&error, r));
1753 return -ENOEXEC;
1754 }
1755
1756 unit_ref_set(&s->service, UNIT(s), x);
1757
1758 return 0;
1759 }
1760
1761 int config_parse_fdname(
1762 const char *unit,
1763 const char *filename,
1764 unsigned line,
1765 const char *section,
1766 unsigned section_line,
1767 const char *lvalue,
1768 int ltype,
1769 const char *rvalue,
1770 void *data,
1771 void *userdata) {
1772
1773 _cleanup_free_ char *p = NULL;
1774 Socket *s = data;
1775 int r;
1776
1777 assert(filename);
1778 assert(lvalue);
1779 assert(rvalue);
1780 assert(data);
1781
1782 if (isempty(rvalue)) {
1783 s->fdname = mfree(s->fdname);
1784 return 0;
1785 }
1786
1787 r = unit_full_printf(UNIT(s), rvalue, &p);
1788 if (r < 0) {
1789 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
1790 return 0;
1791 }
1792
1793 if (!fdname_is_valid(p)) {
1794 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid file descriptor name, ignoring: %s", p);
1795 return 0;
1796 }
1797
1798 return free_and_replace(s->fdname, p);
1799 }
1800
1801 int config_parse_service_sockets(
1802 const char *unit,
1803 const char *filename,
1804 unsigned line,
1805 const char *section,
1806 unsigned section_line,
1807 const char *lvalue,
1808 int ltype,
1809 const char *rvalue,
1810 void *data,
1811 void *userdata) {
1812
1813 Service *s = data;
1814 const char *p;
1815 int r;
1816
1817 assert(filename);
1818 assert(lvalue);
1819 assert(rvalue);
1820 assert(data);
1821
1822 p = rvalue;
1823 for (;;) {
1824 _cleanup_free_ char *word = NULL, *k = NULL;
1825
1826 r = extract_first_word(&p, &word, NULL, 0);
1827 if (r == 0)
1828 break;
1829 if (r == -ENOMEM)
1830 return log_oom();
1831 if (r < 0) {
1832 log_syntax(unit, LOG_ERR, filename, line, r, "Trailing garbage in sockets, ignoring: %s", rvalue);
1833 break;
1834 }
1835
1836 r = unit_name_printf(UNIT(s), word, &k);
1837 if (r < 0) {
1838 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
1839 continue;
1840 }
1841
1842 if (!endswith(k, ".socket")) {
1843 log_syntax(unit, LOG_ERR, filename, line, 0, "Unit must be of type socket, ignoring: %s", k);
1844 continue;
1845 }
1846
1847 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_WANTS, UNIT_AFTER, k, true, UNIT_DEPENDENCY_FILE);
1848 if (r < 0)
1849 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
1850
1851 r = unit_add_dependency_by_name(UNIT(s), UNIT_TRIGGERED_BY, k, true, UNIT_DEPENDENCY_FILE);
1852 if (r < 0)
1853 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
1854 }
1855
1856 return 0;
1857 }
1858
1859 int config_parse_bus_name(
1860 const char *unit,
1861 const char *filename,
1862 unsigned line,
1863 const char *section,
1864 unsigned section_line,
1865 const char *lvalue,
1866 int ltype,
1867 const char *rvalue,
1868 void *data,
1869 void *userdata) {
1870
1871 _cleanup_free_ char *k = NULL;
1872 const Unit *u = userdata;
1873 int r;
1874
1875 assert(filename);
1876 assert(lvalue);
1877 assert(rvalue);
1878 assert(u);
1879
1880 r = unit_full_printf(u, rvalue, &k);
1881 if (r < 0) {
1882 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
1883 return 0;
1884 }
1885
1886 if (!service_name_is_valid(k)) {
1887 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid bus name, ignoring: %s", k);
1888 return 0;
1889 }
1890
1891 return config_parse_string(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
1892 }
1893
1894 int config_parse_service_timeout(
1895 const char *unit,
1896 const char *filename,
1897 unsigned line,
1898 const char *section,
1899 unsigned section_line,
1900 const char *lvalue,
1901 int ltype,
1902 const char *rvalue,
1903 void *data,
1904 void *userdata) {
1905
1906 Service *s = userdata;
1907 usec_t usec;
1908 int r;
1909
1910 assert(filename);
1911 assert(lvalue);
1912 assert(rvalue);
1913 assert(s);
1914
1915 /* This is called for two cases: TimeoutSec= and TimeoutStartSec=. */
1916
1917 /* Traditionally, these options accepted 0 to disable the timeouts. However, a timeout of 0 suggests it happens
1918 * immediately, hence fix this to become USEC_INFINITY instead. This is in-line with how we internally handle
1919 * all other timeouts. */
1920 r = parse_sec_fix_0(rvalue, &usec);
1921 if (r < 0) {
1922 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s= parameter, ignoring: %s", lvalue, rvalue);
1923 return 0;
1924 }
1925
1926 s->start_timeout_defined = true;
1927 s->timeout_start_usec = usec;
1928
1929 if (streq(lvalue, "TimeoutSec"))
1930 s->timeout_stop_usec = usec;
1931
1932 return 0;
1933 }
1934
1935 int config_parse_timeout_abort(
1936 const char *unit,
1937 const char *filename,
1938 unsigned line,
1939 const char *section,
1940 unsigned section_line,
1941 const char *lvalue,
1942 int ltype,
1943 const char *rvalue,
1944 void *data,
1945 void *userdata) {
1946
1947 usec_t *ret = data;
1948 int r;
1949
1950 assert(filename);
1951 assert(lvalue);
1952 assert(rvalue);
1953 assert(ret);
1954
1955 /* Note: apart from setting the arg, this returns an extra bit of information in the return value. */
1956
1957 if (isempty(rvalue)) {
1958 *ret = 0;
1959 return 0; /* "not set" */
1960 }
1961
1962 r = parse_sec(rvalue, ret);
1963 if (r < 0)
1964 return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s= setting, ignoring: %s", lvalue, rvalue);
1965
1966 return 1; /* "set" */
1967 }
1968
1969 int config_parse_service_timeout_abort(
1970 const char *unit,
1971 const char *filename,
1972 unsigned line,
1973 const char *section,
1974 unsigned section_line,
1975 const char *lvalue,
1976 int ltype,
1977 const char *rvalue,
1978 void *data,
1979 void *userdata) {
1980
1981 Service *s = userdata;
1982 int r;
1983
1984 assert(s);
1985
1986 r = config_parse_timeout_abort(unit, filename, line, section, section_line, lvalue, ltype, rvalue,
1987 &s->timeout_abort_usec, s);
1988 if (r >= 0)
1989 s->timeout_abort_set = r;
1990 return 0;
1991 }
1992
1993 int config_parse_sec_fix_0(
1994 const char *unit,
1995 const char *filename,
1996 unsigned line,
1997 const char *section,
1998 unsigned section_line,
1999 const char *lvalue,
2000 int ltype,
2001 const char *rvalue,
2002 void *data,
2003 void *userdata) {
2004
2005 usec_t *usec = data;
2006 int r;
2007
2008 assert(filename);
2009 assert(lvalue);
2010 assert(rvalue);
2011 assert(usec);
2012
2013 /* This is pretty much like config_parse_sec(), except that this treats a time of 0 as infinity, for
2014 * compatibility with older versions of systemd where 0 instead of infinity was used as indicator to turn off a
2015 * timeout. */
2016
2017 r = parse_sec_fix_0(rvalue, usec);
2018 if (r < 0) {
2019 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s= parameter, ignoring: %s", lvalue, rvalue);
2020 return 0;
2021 }
2022
2023 return 0;
2024 }
2025
2026 int config_parse_user_group_compat(
2027 const char *unit,
2028 const char *filename,
2029 unsigned line,
2030 const char *section,
2031 unsigned section_line,
2032 const char *lvalue,
2033 int ltype,
2034 const char *rvalue,
2035 void *data,
2036 void *userdata) {
2037
2038 _cleanup_free_ char *k = NULL;
2039 char **user = data;
2040 const Unit *u = userdata;
2041 int r;
2042
2043 assert(filename);
2044 assert(lvalue);
2045 assert(rvalue);
2046 assert(u);
2047
2048 if (isempty(rvalue)) {
2049 *user = mfree(*user);
2050 return 0;
2051 }
2052
2053 r = unit_full_printf(u, rvalue, &k);
2054 if (r < 0) {
2055 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", rvalue);
2056 return -ENOEXEC;
2057 }
2058
2059 if (!valid_user_group_name_or_id_compat(k)) {
2060 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
2061 return -ENOEXEC;
2062 }
2063
2064 return free_and_replace(*user, k);
2065 }
2066
2067 int config_parse_user_group_strv_compat(
2068 const char *unit,
2069 const char *filename,
2070 unsigned line,
2071 const char *section,
2072 unsigned section_line,
2073 const char *lvalue,
2074 int ltype,
2075 const char *rvalue,
2076 void *data,
2077 void *userdata) {
2078
2079 char ***users = data;
2080 const Unit *u = userdata;
2081 const char *p = rvalue;
2082 int r;
2083
2084 assert(filename);
2085 assert(lvalue);
2086 assert(rvalue);
2087 assert(u);
2088
2089 if (isempty(rvalue)) {
2090 *users = strv_free(*users);
2091 return 0;
2092 }
2093
2094 for (;;) {
2095 _cleanup_free_ char *word = NULL, *k = NULL;
2096
2097 r = extract_first_word(&p, &word, NULL, 0);
2098 if (r == 0)
2099 break;
2100 if (r == -ENOMEM)
2101 return log_oom();
2102 if (r < 0) {
2103 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax: %s", rvalue);
2104 return -ENOEXEC;
2105 }
2106
2107 r = unit_full_printf(u, word, &k);
2108 if (r < 0) {
2109 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", word);
2110 return -ENOEXEC;
2111 }
2112
2113 if (!valid_user_group_name_or_id_compat(k)) {
2114 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
2115 return -ENOEXEC;
2116 }
2117
2118 r = strv_push(users, k);
2119 if (r < 0)
2120 return log_oom();
2121
2122 k = NULL;
2123 }
2124
2125 return 0;
2126 }
2127
2128 int config_parse_working_directory(
2129 const char *unit,
2130 const char *filename,
2131 unsigned line,
2132 const char *section,
2133 unsigned section_line,
2134 const char *lvalue,
2135 int ltype,
2136 const char *rvalue,
2137 void *data,
2138 void *userdata) {
2139
2140 ExecContext *c = data;
2141 const Unit *u = userdata;
2142 bool missing_ok;
2143 int r;
2144
2145 assert(filename);
2146 assert(lvalue);
2147 assert(rvalue);
2148 assert(c);
2149 assert(u);
2150
2151 if (isempty(rvalue)) {
2152 c->working_directory_home = false;
2153 c->working_directory = mfree(c->working_directory);
2154 return 0;
2155 }
2156
2157 if (rvalue[0] == '-') {
2158 missing_ok = true;
2159 rvalue++;
2160 } else
2161 missing_ok = false;
2162
2163 if (streq(rvalue, "~")) {
2164 c->working_directory_home = true;
2165 c->working_directory = mfree(c->working_directory);
2166 } else {
2167 _cleanup_free_ char *k = NULL;
2168
2169 r = unit_full_printf(u, rvalue, &k);
2170 if (r < 0) {
2171 log_syntax(unit, LOG_ERR, filename, line, r,
2172 "Failed to resolve unit specifiers in working directory path '%s'%s: %m",
2173 rvalue, missing_ok ? ", ignoring" : "");
2174 return missing_ok ? 0 : -ENOEXEC;
2175 }
2176
2177 r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE | (missing_ok ? 0 : PATH_CHECK_FATAL), unit, filename, line, lvalue);
2178 if (r < 0)
2179 return missing_ok ? 0 : -ENOEXEC;
2180
2181 c->working_directory_home = false;
2182 free_and_replace(c->working_directory, k);
2183 }
2184
2185 c->working_directory_missing_ok = missing_ok;
2186 return 0;
2187 }
2188
2189 int config_parse_unit_env_file(const char *unit,
2190 const char *filename,
2191 unsigned line,
2192 const char *section,
2193 unsigned section_line,
2194 const char *lvalue,
2195 int ltype,
2196 const char *rvalue,
2197 void *data,
2198 void *userdata) {
2199
2200 char ***env = data;
2201 const Unit *u = userdata;
2202 _cleanup_free_ char *n = NULL;
2203 int r;
2204
2205 assert(filename);
2206 assert(lvalue);
2207 assert(rvalue);
2208 assert(data);
2209
2210 if (isempty(rvalue)) {
2211 /* Empty assignment frees the list */
2212 *env = strv_free(*env);
2213 return 0;
2214 }
2215
2216 r = unit_full_printf(u, rvalue, &n);
2217 if (r < 0) {
2218 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
2219 return 0;
2220 }
2221
2222 r = path_simplify_and_warn(n[0] == '-' ? n + 1 : n, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2223 if (r < 0)
2224 return 0;
2225
2226 r = strv_push(env, n);
2227 if (r < 0)
2228 return log_oom();
2229
2230 n = NULL;
2231
2232 return 0;
2233 }
2234
2235 int config_parse_environ(
2236 const char *unit,
2237 const char *filename,
2238 unsigned line,
2239 const char *section,
2240 unsigned section_line,
2241 const char *lvalue,
2242 int ltype,
2243 const char *rvalue,
2244 void *data,
2245 void *userdata) {
2246
2247 const Unit *u = userdata;
2248 char ***env = data;
2249 const char *p;
2250 int r;
2251
2252 assert(filename);
2253 assert(lvalue);
2254 assert(rvalue);
2255 assert(data);
2256
2257 if (isempty(rvalue)) {
2258 /* Empty assignment resets the list */
2259 *env = strv_free(*env);
2260 return 0;
2261 }
2262
2263 for (p = rvalue;; ) {
2264 _cleanup_free_ char *word = NULL, *k = NULL;
2265
2266 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
2267 if (r == 0)
2268 return 0;
2269 if (r == -ENOMEM)
2270 return log_oom();
2271 if (r < 0) {
2272 log_syntax(unit, LOG_WARNING, filename, line, r,
2273 "Invalid syntax, ignoring: %s", rvalue);
2274 return 0;
2275 }
2276
2277 if (u) {
2278 r = unit_full_printf(u, word, &k);
2279 if (r < 0) {
2280 log_syntax(unit, LOG_ERR, filename, line, r,
2281 "Failed to resolve unit specifiers in %s, ignoring: %m", word);
2282 continue;
2283 }
2284 } else
2285 k = TAKE_PTR(word);
2286
2287 if (!env_assignment_is_valid(k)) {
2288 log_syntax(unit, LOG_ERR, filename, line, 0,
2289 "Invalid environment assignment, ignoring: %s", k);
2290 continue;
2291 }
2292
2293 r = strv_env_replace(env, k);
2294 if (r < 0)
2295 return log_oom();
2296
2297 k = NULL;
2298 }
2299 }
2300
2301 int config_parse_pass_environ(
2302 const char *unit,
2303 const char *filename,
2304 unsigned line,
2305 const char *section,
2306 unsigned section_line,
2307 const char *lvalue,
2308 int ltype,
2309 const char *rvalue,
2310 void *data,
2311 void *userdata) {
2312
2313 _cleanup_strv_free_ char **n = NULL;
2314 size_t nlen = 0, nbufsize = 0;
2315 char*** passenv = data;
2316 const char *p = rvalue;
2317 const Unit *u = userdata;
2318 int r;
2319
2320 assert(filename);
2321 assert(lvalue);
2322 assert(rvalue);
2323 assert(data);
2324
2325 if (isempty(rvalue)) {
2326 /* Empty assignment resets the list */
2327 *passenv = strv_free(*passenv);
2328 return 0;
2329 }
2330
2331 for (;;) {
2332 _cleanup_free_ char *word = NULL, *k = NULL;
2333
2334 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
2335 if (r == 0)
2336 break;
2337 if (r == -ENOMEM)
2338 return log_oom();
2339 if (r < 0) {
2340 log_syntax(unit, LOG_ERR, filename, line, r,
2341 "Trailing garbage in %s, ignoring: %s", lvalue, rvalue);
2342 break;
2343 }
2344
2345 if (u) {
2346 r = unit_full_printf(u, word, &k);
2347 if (r < 0) {
2348 log_syntax(unit, LOG_ERR, filename, line, r,
2349 "Failed to resolve specifiers in %s, ignoring: %m", word);
2350 continue;
2351 }
2352 } else
2353 k = TAKE_PTR(word);
2354
2355 if (!env_name_is_valid(k)) {
2356 log_syntax(unit, LOG_ERR, filename, line, 0,
2357 "Invalid environment name for %s, ignoring: %s", lvalue, k);
2358 continue;
2359 }
2360
2361 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
2362 return log_oom();
2363
2364 n[nlen++] = TAKE_PTR(k);
2365 n[nlen] = NULL;
2366 }
2367
2368 if (n) {
2369 r = strv_extend_strv(passenv, n, true);
2370 if (r < 0)
2371 return r;
2372 }
2373
2374 return 0;
2375 }
2376
2377 int config_parse_unset_environ(
2378 const char *unit,
2379 const char *filename,
2380 unsigned line,
2381 const char *section,
2382 unsigned section_line,
2383 const char *lvalue,
2384 int ltype,
2385 const char *rvalue,
2386 void *data,
2387 void *userdata) {
2388
2389 _cleanup_strv_free_ char **n = NULL;
2390 size_t nlen = 0, nbufsize = 0;
2391 char*** unsetenv = data;
2392 const char *p = rvalue;
2393 const Unit *u = userdata;
2394 int r;
2395
2396 assert(filename);
2397 assert(lvalue);
2398 assert(rvalue);
2399 assert(data);
2400
2401 if (isempty(rvalue)) {
2402 /* Empty assignment resets the list */
2403 *unsetenv = strv_free(*unsetenv);
2404 return 0;
2405 }
2406
2407 for (;;) {
2408 _cleanup_free_ char *word = NULL, *k = NULL;
2409
2410 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
2411 if (r == 0)
2412 break;
2413 if (r == -ENOMEM)
2414 return log_oom();
2415 if (r < 0) {
2416 log_syntax(unit, LOG_ERR, filename, line, r,
2417 "Trailing garbage in %s, ignoring: %s", lvalue, rvalue);
2418 break;
2419 }
2420
2421 if (u) {
2422 r = unit_full_printf(u, word, &k);
2423 if (r < 0) {
2424 log_syntax(unit, LOG_ERR, filename, line, r,
2425 "Failed to resolve unit specifiers in %s, ignoring: %m", word);
2426 continue;
2427 }
2428 } else
2429 k = TAKE_PTR(word);
2430
2431 if (!env_assignment_is_valid(k) && !env_name_is_valid(k)) {
2432 log_syntax(unit, LOG_ERR, filename, line, 0,
2433 "Invalid environment name or assignment %s, ignoring: %s", lvalue, k);
2434 continue;
2435 }
2436
2437 if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
2438 return log_oom();
2439
2440 n[nlen++] = TAKE_PTR(k);
2441 n[nlen] = NULL;
2442 }
2443
2444 if (n) {
2445 r = strv_extend_strv(unsetenv, n, true);
2446 if (r < 0)
2447 return r;
2448 }
2449
2450 return 0;
2451 }
2452
2453 int config_parse_log_extra_fields(
2454 const char *unit,
2455 const char *filename,
2456 unsigned line,
2457 const char *section,
2458 unsigned section_line,
2459 const char *lvalue,
2460 int ltype,
2461 const char *rvalue,
2462 void *data,
2463 void *userdata) {
2464
2465 ExecContext *c = data;
2466 const Unit *u = userdata;
2467 const char *p = rvalue;
2468 int r;
2469
2470 assert(filename);
2471 assert(lvalue);
2472 assert(rvalue);
2473 assert(c);
2474
2475 if (isempty(rvalue)) {
2476 exec_context_free_log_extra_fields(c);
2477 return 0;
2478 }
2479
2480 for (;;) {
2481 _cleanup_free_ char *word = NULL, *k = NULL;
2482 struct iovec *t;
2483 const char *eq;
2484
2485 r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE);
2486 if (r == 0)
2487 return 0;
2488 if (r == -ENOMEM)
2489 return log_oom();
2490 if (r < 0) {
2491 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
2492 return 0;
2493 }
2494
2495 r = unit_full_printf(u, word, &k);
2496 if (r < 0) {
2497 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", word);
2498 continue;
2499 }
2500
2501 eq = strchr(k, '=');
2502 if (!eq) {
2503 log_syntax(unit, LOG_ERR, filename, line, 0, "Log field lacks '=' character, ignoring: %s", k);
2504 continue;
2505 }
2506
2507 if (!journal_field_valid(k, eq-k, false)) {
2508 log_syntax(unit, LOG_ERR, filename, line, 0, "Log field name is invalid, ignoring: %s", k);
2509 continue;
2510 }
2511
2512 t = reallocarray(c->log_extra_fields, c->n_log_extra_fields+1, sizeof(struct iovec));
2513 if (!t)
2514 return log_oom();
2515
2516 c->log_extra_fields = t;
2517 c->log_extra_fields[c->n_log_extra_fields++] = IOVEC_MAKE_STRING(k);
2518
2519 k = NULL;
2520 }
2521 }
2522
2523 int config_parse_log_namespace(
2524 const char *unit,
2525 const char *filename,
2526 unsigned line,
2527 const char *section,
2528 unsigned section_line,
2529 const char *lvalue,
2530 int ltype,
2531 const char *rvalue,
2532 void *data,
2533 void *userdata) {
2534
2535 _cleanup_free_ char *k = NULL;
2536 ExecContext *c = data;
2537 const Unit *u = userdata;
2538 int r;
2539
2540 assert(filename);
2541 assert(lvalue);
2542 assert(rvalue);
2543 assert(c);
2544
2545 if (isempty(rvalue)) {
2546 c->log_namespace = mfree(c->log_namespace);
2547 return 0;
2548 }
2549
2550 r = unit_full_printf(u, rvalue, &k);
2551 if (r < 0) {
2552 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2553 return 0;
2554 }
2555
2556 if (!log_namespace_name_valid(k)) {
2557 log_syntax(unit, LOG_ERR, filename, line, SYNTHETIC_ERRNO(EINVAL), "Specified log namespace name is not valid: %s", k);
2558 return 0;
2559 }
2560
2561 free_and_replace(c->log_namespace, k);
2562 return 0;
2563 }
2564
2565 int config_parse_unit_condition_path(
2566 const char *unit,
2567 const char *filename,
2568 unsigned line,
2569 const char *section,
2570 unsigned section_line,
2571 const char *lvalue,
2572 int ltype,
2573 const char *rvalue,
2574 void *data,
2575 void *userdata) {
2576
2577 _cleanup_free_ char *p = NULL;
2578 Condition **list = data, *c;
2579 ConditionType t = ltype;
2580 bool trigger, negate;
2581 const Unit *u = userdata;
2582 int r;
2583
2584 assert(filename);
2585 assert(lvalue);
2586 assert(rvalue);
2587 assert(data);
2588
2589 if (isempty(rvalue)) {
2590 /* Empty assignment resets the list */
2591 *list = condition_free_list(*list);
2592 return 0;
2593 }
2594
2595 trigger = rvalue[0] == '|';
2596 if (trigger)
2597 rvalue++;
2598
2599 negate = rvalue[0] == '!';
2600 if (negate)
2601 rvalue++;
2602
2603 r = unit_full_printf(u, rvalue, &p);
2604 if (r < 0) {
2605 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
2606 return 0;
2607 }
2608
2609 r = path_simplify_and_warn(p, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2610 if (r < 0)
2611 return 0;
2612
2613 c = condition_new(t, p, trigger, negate);
2614 if (!c)
2615 return log_oom();
2616
2617 LIST_PREPEND(conditions, *list, c);
2618 return 0;
2619 }
2620
2621 int config_parse_unit_condition_string(
2622 const char *unit,
2623 const char *filename,
2624 unsigned line,
2625 const char *section,
2626 unsigned section_line,
2627 const char *lvalue,
2628 int ltype,
2629 const char *rvalue,
2630 void *data,
2631 void *userdata) {
2632
2633 _cleanup_free_ char *s = NULL;
2634 Condition **list = data, *c;
2635 ConditionType t = ltype;
2636 bool trigger, negate;
2637 const Unit *u = userdata;
2638 int r;
2639
2640 assert(filename);
2641 assert(lvalue);
2642 assert(rvalue);
2643 assert(data);
2644
2645 if (isempty(rvalue)) {
2646 /* Empty assignment resets the list */
2647 *list = condition_free_list(*list);
2648 return 0;
2649 }
2650
2651 trigger = *rvalue == '|';
2652 if (trigger)
2653 rvalue += 1 + strspn(rvalue + 1, WHITESPACE);
2654
2655 negate = *rvalue == '!';
2656 if (negate)
2657 rvalue += 1 + strspn(rvalue + 1, WHITESPACE);
2658
2659 r = unit_full_printf(u, rvalue, &s);
2660 if (r < 0) {
2661 log_syntax(unit, LOG_ERR, filename, line, r,
2662 "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
2663 return 0;
2664 }
2665
2666 c = condition_new(t, s, trigger, negate);
2667 if (!c)
2668 return log_oom();
2669
2670 LIST_PREPEND(conditions, *list, c);
2671 return 0;
2672 }
2673
2674 int config_parse_unit_condition_null(
2675 const char *unit,
2676 const char *filename,
2677 unsigned line,
2678 const char *section,
2679 unsigned section_line,
2680 const char *lvalue,
2681 int ltype,
2682 const char *rvalue,
2683 void *data,
2684 void *userdata) {
2685
2686 Condition **list = data, *c;
2687 bool trigger, negate;
2688 int b;
2689
2690 assert(filename);
2691 assert(lvalue);
2692 assert(rvalue);
2693 assert(data);
2694
2695 log_syntax(unit, LOG_WARNING, filename, line, 0, "%s= is deprecated, please do not use.", lvalue);
2696
2697 if (isempty(rvalue)) {
2698 /* Empty assignment resets the list */
2699 *list = condition_free_list(*list);
2700 return 0;
2701 }
2702
2703 trigger = rvalue[0] == '|';
2704 if (trigger)
2705 rvalue++;
2706
2707 negate = rvalue[0] == '!';
2708 if (negate)
2709 rvalue++;
2710
2711 b = parse_boolean(rvalue);
2712 if (b < 0) {
2713 log_syntax(unit, LOG_ERR, filename, line, b, "Failed to parse boolean value in condition, ignoring: %s", rvalue);
2714 return 0;
2715 }
2716
2717 if (!b)
2718 negate = !negate;
2719
2720 c = condition_new(CONDITION_NULL, NULL, trigger, negate);
2721 if (!c)
2722 return log_oom();
2723
2724 LIST_PREPEND(conditions, *list, c);
2725 return 0;
2726 }
2727
2728 int config_parse_unit_requires_mounts_for(
2729 const char *unit,
2730 const char *filename,
2731 unsigned line,
2732 const char *section,
2733 unsigned section_line,
2734 const char *lvalue,
2735 int ltype,
2736 const char *rvalue,
2737 void *data,
2738 void *userdata) {
2739
2740 const char *p = rvalue;
2741 Unit *u = userdata;
2742 int r;
2743
2744 assert(filename);
2745 assert(lvalue);
2746 assert(rvalue);
2747 assert(data);
2748
2749 for (;;) {
2750 _cleanup_free_ char *word = NULL, *resolved = NULL;
2751
2752 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
2753 if (r == 0)
2754 return 0;
2755 if (r == -ENOMEM)
2756 return log_oom();
2757 if (r < 0) {
2758 log_syntax(unit, LOG_WARNING, filename, line, r,
2759 "Invalid syntax, ignoring: %s", rvalue);
2760 return 0;
2761 }
2762
2763 r = unit_full_printf(u, word, &resolved);
2764 if (r < 0) {
2765 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
2766 continue;
2767 }
2768
2769 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
2770 if (r < 0)
2771 continue;
2772
2773 r = unit_require_mounts_for(u, resolved, UNIT_DEPENDENCY_FILE);
2774 if (r < 0) {
2775 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add required mount '%s', ignoring: %m", resolved);
2776 continue;
2777 }
2778 }
2779 }
2780
2781 int config_parse_documentation(const char *unit,
2782 const char *filename,
2783 unsigned line,
2784 const char *section,
2785 unsigned section_line,
2786 const char *lvalue,
2787 int ltype,
2788 const char *rvalue,
2789 void *data,
2790 void *userdata) {
2791
2792 Unit *u = userdata;
2793 int r;
2794 char **a, **b;
2795
2796 assert(filename);
2797 assert(lvalue);
2798 assert(rvalue);
2799 assert(u);
2800
2801 if (isempty(rvalue)) {
2802 /* Empty assignment resets the list */
2803 u->documentation = strv_free(u->documentation);
2804 return 0;
2805 }
2806
2807 r = config_parse_unit_strv_printf(unit, filename, line, section, section_line, lvalue, ltype,
2808 rvalue, data, userdata);
2809 if (r < 0)
2810 return r;
2811
2812 for (a = b = u->documentation; a && *a; a++) {
2813
2814 if (documentation_url_is_valid(*a))
2815 *(b++) = *a;
2816 else {
2817 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid URL, ignoring: %s", *a);
2818 free(*a);
2819 }
2820 }
2821 if (b)
2822 *b = NULL;
2823
2824 return r;
2825 }
2826
2827 #if HAVE_SECCOMP
2828 int config_parse_syscall_filter(
2829 const char *unit,
2830 const char *filename,
2831 unsigned line,
2832 const char *section,
2833 unsigned section_line,
2834 const char *lvalue,
2835 int ltype,
2836 const char *rvalue,
2837 void *data,
2838 void *userdata) {
2839
2840 ExecContext *c = data;
2841 const Unit *u = userdata;
2842 bool invert = false;
2843 const char *p;
2844 int r;
2845
2846 assert(filename);
2847 assert(lvalue);
2848 assert(rvalue);
2849 assert(u);
2850
2851 if (isempty(rvalue)) {
2852 /* Empty assignment resets the list */
2853 c->syscall_filter = hashmap_free(c->syscall_filter);
2854 c->syscall_whitelist = false;
2855 return 0;
2856 }
2857
2858 if (rvalue[0] == '~') {
2859 invert = true;
2860 rvalue++;
2861 }
2862
2863 if (!c->syscall_filter) {
2864 c->syscall_filter = hashmap_new(NULL);
2865 if (!c->syscall_filter)
2866 return log_oom();
2867
2868 if (invert)
2869 /* Allow everything but the ones listed */
2870 c->syscall_whitelist = false;
2871 else {
2872 /* Allow nothing but the ones listed */
2873 c->syscall_whitelist = true;
2874
2875 /* Accept default syscalls if we are on a whitelist */
2876 r = seccomp_parse_syscall_filter(
2877 "@default", -1, c->syscall_filter,
2878 SECCOMP_PARSE_PERMISSIVE|SECCOMP_PARSE_WHITELIST,
2879 unit,
2880 NULL, 0);
2881 if (r < 0)
2882 return r;
2883 }
2884 }
2885
2886 p = rvalue;
2887 for (;;) {
2888 _cleanup_free_ char *word = NULL, *name = NULL;
2889 int num;
2890
2891 r = extract_first_word(&p, &word, NULL, 0);
2892 if (r == 0)
2893 return 0;
2894 if (r == -ENOMEM)
2895 return log_oom();
2896 if (r < 0) {
2897 log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
2898 return 0;
2899 }
2900
2901 r = parse_syscall_and_errno(word, &name, &num);
2902 if (r < 0) {
2903 log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse syscall:errno, ignoring: %s", word);
2904 continue;
2905 }
2906
2907 r = seccomp_parse_syscall_filter(
2908 name, num, c->syscall_filter,
2909 SECCOMP_PARSE_LOG|SECCOMP_PARSE_PERMISSIVE|
2910 (invert ? SECCOMP_PARSE_INVERT : 0)|
2911 (c->syscall_whitelist ? SECCOMP_PARSE_WHITELIST : 0),
2912 unit, filename, line);
2913 if (r < 0)
2914 return r;
2915 }
2916 }
2917
2918 int config_parse_syscall_archs(
2919 const char *unit,
2920 const char *filename,
2921 unsigned line,
2922 const char *section,
2923 unsigned section_line,
2924 const char *lvalue,
2925 int ltype,
2926 const char *rvalue,
2927 void *data,
2928 void *userdata) {
2929
2930 const char *p = rvalue;
2931 Set **archs = data;
2932 int r;
2933
2934 if (isempty(rvalue)) {
2935 *archs = set_free(*archs);
2936 return 0;
2937 }
2938
2939 r = set_ensure_allocated(archs, NULL);
2940 if (r < 0)
2941 return log_oom();
2942
2943 for (;;) {
2944 _cleanup_free_ char *word = NULL;
2945 uint32_t a;
2946
2947 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
2948 if (r == 0)
2949 return 0;
2950 if (r == -ENOMEM)
2951 return log_oom();
2952 if (r < 0) {
2953 log_syntax(unit, LOG_WARNING, filename, line, r,
2954 "Invalid syntax, ignoring: %s", rvalue);
2955 return 0;
2956 }
2957
2958 r = seccomp_arch_from_string(word, &a);
2959 if (r < 0) {
2960 log_syntax(unit, LOG_ERR, filename, line, r,
2961 "Failed to parse system call architecture \"%s\", ignoring: %m", word);
2962 continue;
2963 }
2964
2965 r = set_put(*archs, UINT32_TO_PTR(a + 1));
2966 if (r < 0)
2967 return log_oom();
2968 }
2969 }
2970
2971 int config_parse_syscall_errno(
2972 const char *unit,
2973 const char *filename,
2974 unsigned line,
2975 const char *section,
2976 unsigned section_line,
2977 const char *lvalue,
2978 int ltype,
2979 const char *rvalue,
2980 void *data,
2981 void *userdata) {
2982
2983 ExecContext *c = data;
2984 int e;
2985
2986 assert(filename);
2987 assert(lvalue);
2988 assert(rvalue);
2989
2990 if (isempty(rvalue)) {
2991 /* Empty assignment resets to KILL */
2992 c->syscall_errno = 0;
2993 return 0;
2994 }
2995
2996 e = parse_errno(rvalue);
2997 if (e <= 0) {
2998 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse error number, ignoring: %s", rvalue);
2999 return 0;
3000 }
3001
3002 c->syscall_errno = e;
3003 return 0;
3004 }
3005
3006 int config_parse_address_families(
3007 const char *unit,
3008 const char *filename,
3009 unsigned line,
3010 const char *section,
3011 unsigned section_line,
3012 const char *lvalue,
3013 int ltype,
3014 const char *rvalue,
3015 void *data,
3016 void *userdata) {
3017
3018 ExecContext *c = data;
3019 bool invert = false;
3020 const char *p;
3021 int r;
3022
3023 assert(filename);
3024 assert(lvalue);
3025 assert(rvalue);
3026
3027 if (isempty(rvalue)) {
3028 /* Empty assignment resets the list */
3029 c->address_families = set_free(c->address_families);
3030 c->address_families_whitelist = false;
3031 return 0;
3032 }
3033
3034 if (rvalue[0] == '~') {
3035 invert = true;
3036 rvalue++;
3037 }
3038
3039 if (!c->address_families) {
3040 c->address_families = set_new(NULL);
3041 if (!c->address_families)
3042 return log_oom();
3043
3044 c->address_families_whitelist = !invert;
3045 }
3046
3047 for (p = rvalue;;) {
3048 _cleanup_free_ char *word = NULL;
3049 int af;
3050
3051 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
3052 if (r == 0)
3053 return 0;
3054 if (r == -ENOMEM)
3055 return log_oom();
3056 if (r < 0) {
3057 log_syntax(unit, LOG_WARNING, filename, line, r,
3058 "Invalid syntax, ignoring: %s", rvalue);
3059 return 0;
3060 }
3061
3062 af = af_from_name(word);
3063 if (af < 0) {
3064 log_syntax(unit, LOG_ERR, filename, line, af,
3065 "Failed to parse address family, ignoring: %s", word);
3066 continue;
3067 }
3068
3069 /* If we previously wanted to forbid an address family and now
3070 * we want to allow it, then just remove it from the list.
3071 */
3072 if (!invert == c->address_families_whitelist) {
3073 r = set_put(c->address_families, INT_TO_PTR(af));
3074 if (r < 0)
3075 return log_oom();
3076 } else
3077 set_remove(c->address_families, INT_TO_PTR(af));
3078 }
3079 }
3080
3081 int config_parse_restrict_namespaces(
3082 const char *unit,
3083 const char *filename,
3084 unsigned line,
3085 const char *section,
3086 unsigned section_line,
3087 const char *lvalue,
3088 int ltype,
3089 const char *rvalue,
3090 void *data,
3091 void *userdata) {
3092
3093 ExecContext *c = data;
3094 unsigned long flags;
3095 bool invert = false;
3096 int r;
3097
3098 if (isempty(rvalue)) {
3099 /* Reset to the default. */
3100 c->restrict_namespaces = NAMESPACE_FLAGS_INITIAL;
3101 return 0;
3102 }
3103
3104 /* Boolean parameter ignores the previous settings */
3105 r = parse_boolean(rvalue);
3106 if (r > 0) {
3107 c->restrict_namespaces = 0;
3108 return 0;
3109 } else if (r == 0) {
3110 c->restrict_namespaces = NAMESPACE_FLAGS_ALL;
3111 return 0;
3112 }
3113
3114 if (rvalue[0] == '~') {
3115 invert = true;
3116 rvalue++;
3117 }
3118
3119 /* Not a boolean argument, in this case it's a list of namespace types. */
3120 r = namespace_flags_from_string(rvalue, &flags);
3121 if (r < 0) {
3122 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse namespace type string, ignoring: %s", rvalue);
3123 return 0;
3124 }
3125
3126 if (c->restrict_namespaces == NAMESPACE_FLAGS_INITIAL)
3127 /* Initial assignment. Just set the value. */
3128 c->restrict_namespaces = invert ? (~flags) & NAMESPACE_FLAGS_ALL : flags;
3129 else
3130 /* Merge the value with the previous one. */
3131 SET_FLAG(c->restrict_namespaces, flags, !invert);
3132
3133 return 0;
3134 }
3135 #endif
3136
3137 int config_parse_unit_slice(
3138 const char *unit,
3139 const char *filename,
3140 unsigned line,
3141 const char *section,
3142 unsigned section_line,
3143 const char *lvalue,
3144 int ltype,
3145 const char *rvalue,
3146 void *data,
3147 void *userdata) {
3148
3149 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
3150 _cleanup_free_ char *k = NULL;
3151 Unit *u = userdata, *slice;
3152 int r;
3153
3154 assert(filename);
3155 assert(lvalue);
3156 assert(rvalue);
3157 assert(u);
3158
3159 r = unit_name_printf(u, rvalue, &k);
3160 if (r < 0) {
3161 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
3162 return 0;
3163 }
3164
3165 r = manager_load_unit(u->manager, k, NULL, &error, &slice);
3166 if (r < 0) {
3167 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to load slice unit %s, ignoring: %s", k, bus_error_message(&error, r));
3168 return 0;
3169 }
3170
3171 r = unit_set_slice(u, slice);
3172 if (r < 0) {
3173 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to assign slice %s to unit %s, ignoring: %m", slice->id, u->id);
3174 return 0;
3175 }
3176
3177 return 0;
3178 }
3179
3180 int config_parse_cpu_quota(
3181 const char *unit,
3182 const char *filename,
3183 unsigned line,
3184 const char *section,
3185 unsigned section_line,
3186 const char *lvalue,
3187 int ltype,
3188 const char *rvalue,
3189 void *data,
3190 void *userdata) {
3191
3192 CGroupContext *c = data;
3193 int r;
3194
3195 assert(filename);
3196 assert(lvalue);
3197 assert(rvalue);
3198
3199 if (isempty(rvalue)) {
3200 c->cpu_quota_per_sec_usec = USEC_INFINITY;
3201 return 0;
3202 }
3203
3204 r = parse_permille_unbounded(rvalue);
3205 if (r <= 0) {
3206 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid CPU quota '%s', ignoring.", rvalue);
3207 return 0;
3208 }
3209
3210 c->cpu_quota_per_sec_usec = ((usec_t) r * USEC_PER_SEC) / 1000U;
3211 return 0;
3212 }
3213
3214 int config_parse_allowed_cpus(
3215 const char *unit,
3216 const char *filename,
3217 unsigned line,
3218 const char *section,
3219 unsigned section_line,
3220 const char *lvalue,
3221 int ltype,
3222 const char *rvalue,
3223 void *data,
3224 void *userdata) {
3225
3226 CGroupContext *c = data;
3227
3228 (void) parse_cpu_set_extend(rvalue, &c->cpuset_cpus, true, unit, filename, line, lvalue);
3229
3230 return 0;
3231 }
3232
3233 int config_parse_allowed_mems(
3234 const char *unit,
3235 const char *filename,
3236 unsigned line,
3237 const char *section,
3238 unsigned section_line,
3239 const char *lvalue,
3240 int ltype,
3241 const char *rvalue,
3242 void *data,
3243 void *userdata) {
3244
3245 CGroupContext *c = data;
3246
3247 (void) parse_cpu_set_extend(rvalue, &c->cpuset_mems, true, unit, filename, line, lvalue);
3248
3249 return 0;
3250 }
3251
3252 int config_parse_memory_limit(
3253 const char *unit,
3254 const char *filename,
3255 unsigned line,
3256 const char *section,
3257 unsigned section_line,
3258 const char *lvalue,
3259 int ltype,
3260 const char *rvalue,
3261 void *data,
3262 void *userdata) {
3263
3264 CGroupContext *c = data;
3265 uint64_t bytes = CGROUP_LIMIT_MAX;
3266 int r;
3267
3268 if (!isempty(rvalue) && !streq(rvalue, "infinity")) {
3269
3270 r = parse_permille(rvalue);
3271 if (r < 0) {
3272 r = parse_size(rvalue, 1024, &bytes);
3273 if (r < 0) {
3274 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid memory limit '%s', ignoring: %m", rvalue);
3275 return 0;
3276 }
3277 } else
3278 bytes = physical_memory_scale(r, 1000U);
3279
3280 if (bytes >= UINT64_MAX ||
3281 (bytes <= 0 && !STR_IN_SET(lvalue, "MemorySwapMax", "MemoryLow", "MemoryMin", "DefaultMemoryLow", "DefaultMemoryMin"))) {
3282 log_syntax(unit, LOG_ERR, filename, line, 0, "Memory limit '%s' out of range, ignoring.", rvalue);
3283 return 0;
3284 }
3285 }
3286
3287 if (streq(lvalue, "DefaultMemoryLow")) {
3288 c->default_memory_low_set = true;
3289 if (isempty(rvalue))
3290 c->default_memory_low = CGROUP_LIMIT_MIN;
3291 else
3292 c->default_memory_low = bytes;
3293 } else if (streq(lvalue, "DefaultMemoryMin")) {
3294 c->default_memory_min_set = true;
3295 if (isempty(rvalue))
3296 c->default_memory_min = CGROUP_LIMIT_MIN;
3297 else
3298 c->default_memory_min = bytes;
3299 } else if (streq(lvalue, "MemoryMin")) {
3300 c->memory_min = bytes;
3301 c->memory_min_set = true;
3302 } else if (streq(lvalue, "MemoryLow")) {
3303 c->memory_low = bytes;
3304 c->memory_low_set = true;
3305 } else if (streq(lvalue, "MemoryHigh"))
3306 c->memory_high = bytes;
3307 else if (streq(lvalue, "MemoryMax"))
3308 c->memory_max = bytes;
3309 else if (streq(lvalue, "MemorySwapMax"))
3310 c->memory_swap_max = bytes;
3311 else if (streq(lvalue, "MemoryLimit"))
3312 c->memory_limit = bytes;
3313 else
3314 return -EINVAL;
3315
3316 return 0;
3317 }
3318
3319 int config_parse_tasks_max(
3320 const char *unit,
3321 const char *filename,
3322 unsigned line,
3323 const char *section,
3324 unsigned section_line,
3325 const char *lvalue,
3326 int ltype,
3327 const char *rvalue,
3328 void *data,
3329 void *userdata) {
3330
3331 const Unit *u = userdata;
3332 TasksMax *tasks_max = data;
3333 uint64_t v;
3334 int r;
3335
3336 if (isempty(rvalue)) {
3337 *tasks_max = u ? u->manager->default_tasks_max : TASKS_MAX_UNSET;
3338 return 0;
3339 }
3340
3341 if (streq(rvalue, "infinity")) {
3342 *tasks_max = TASKS_MAX_UNSET;
3343 return 0;
3344 }
3345
3346 r = parse_permille(rvalue);
3347 if (r >= 0)
3348 *tasks_max = (TasksMax) { r, 1000U }; /* r‰ */
3349 else {
3350 r = safe_atou64(rvalue, &v);
3351 if (r < 0) {
3352 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid maximum tasks value '%s', ignoring: %m", rvalue);
3353 return 0;
3354 }
3355
3356 if (v <= 0 || v >= UINT64_MAX) {
3357 log_syntax(unit, LOG_ERR, filename, line, 0, "Maximum tasks value '%s' out of range, ignoring.", rvalue);
3358 return 0;
3359 }
3360
3361 *tasks_max = (TasksMax) { v };
3362 }
3363
3364 return 0;
3365 }
3366
3367 int config_parse_delegate(
3368 const char *unit,
3369 const char *filename,
3370 unsigned line,
3371 const char *section,
3372 unsigned section_line,
3373 const char *lvalue,
3374 int ltype,
3375 const char *rvalue,
3376 void *data,
3377 void *userdata) {
3378
3379 CGroupContext *c = data;
3380 UnitType t;
3381 int r;
3382
3383 t = unit_name_to_type(unit);
3384 assert(t != _UNIT_TYPE_INVALID);
3385
3386 if (!unit_vtable[t]->can_delegate) {
3387 log_syntax(unit, LOG_ERR, filename, line, 0, "Delegate= setting not supported for this unit type, ignoring.");
3388 return 0;
3389 }
3390
3391 /* We either accept a boolean value, which may be used to turn on delegation for all controllers, or turn it
3392 * off for all. Or it takes a list of controller names, in which case we add the specified controllers to the
3393 * mask to delegate. */
3394
3395 if (isempty(rvalue)) {
3396 /* An empty string resets controllers and set Delegate=yes. */
3397 c->delegate = true;
3398 c->delegate_controllers = 0;
3399 return 0;
3400 }
3401
3402 r = parse_boolean(rvalue);
3403 if (r < 0) {
3404 const char *p = rvalue;
3405 CGroupMask mask = 0;
3406
3407 for (;;) {
3408 _cleanup_free_ char *word = NULL;
3409 CGroupController cc;
3410
3411 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
3412 if (r == 0)
3413 break;
3414 if (r == -ENOMEM)
3415 return log_oom();
3416 if (r < 0) {
3417 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
3418 return 0;
3419 }
3420
3421 cc = cgroup_controller_from_string(word);
3422 if (cc < 0) {
3423 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid controller name '%s', ignoring", word);
3424 continue;
3425 }
3426
3427 mask |= CGROUP_CONTROLLER_TO_MASK(cc);
3428 }
3429
3430 c->delegate = true;
3431 c->delegate_controllers |= mask;
3432
3433 } else if (r > 0) {
3434 c->delegate = true;
3435 c->delegate_controllers = _CGROUP_MASK_ALL;
3436 } else {
3437 c->delegate = false;
3438 c->delegate_controllers = 0;
3439 }
3440
3441 return 0;
3442 }
3443
3444 int config_parse_device_allow(
3445 const char *unit,
3446 const char *filename,
3447 unsigned line,
3448 const char *section,
3449 unsigned section_line,
3450 const char *lvalue,
3451 int ltype,
3452 const char *rvalue,
3453 void *data,
3454 void *userdata) {
3455
3456 _cleanup_free_ char *path = NULL, *resolved = NULL;
3457 CGroupContext *c = data;
3458 const char *p = rvalue;
3459 int r;
3460
3461 if (isempty(rvalue)) {
3462 while (c->device_allow)
3463 cgroup_context_free_device_allow(c, c->device_allow);
3464
3465 return 0;
3466 }
3467
3468 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3469 if (r == -ENOMEM)
3470 return log_oom();
3471 if (r < 0) {
3472 log_syntax(unit, LOG_WARNING, filename, line, r,
3473 "Invalid syntax, ignoring: %s", rvalue);
3474 return 0;
3475 }
3476 if (r == 0) {
3477 log_syntax(unit, LOG_WARNING, filename, line, 0,
3478 "Failed to extract device path and rights from '%s', ignoring.", rvalue);
3479 return 0;
3480 }
3481
3482 r = unit_full_printf(userdata, path, &resolved);
3483 if (r < 0) {
3484 log_syntax(unit, LOG_WARNING, filename, line, r,
3485 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
3486 return 0;
3487 }
3488
3489 if (!STARTSWITH_SET(resolved, "block-", "char-")) {
3490
3491 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3492 if (r < 0)
3493 return 0;
3494
3495 if (!valid_device_node_path(resolved)) {
3496 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid device node path '%s', ignoring.", resolved);
3497 return 0;
3498 }
3499 }
3500
3501 if (!isempty(p) && !in_charset(p, "rwm")) {
3502 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid device rights '%s', ignoring.", p);
3503 return 0;
3504 }
3505
3506 return cgroup_add_device_allow(c, resolved, p);
3507 }
3508
3509 int config_parse_io_device_weight(
3510 const char *unit,
3511 const char *filename,
3512 unsigned line,
3513 const char *section,
3514 unsigned section_line,
3515 const char *lvalue,
3516 int ltype,
3517 const char *rvalue,
3518 void *data,
3519 void *userdata) {
3520
3521 _cleanup_free_ char *path = NULL, *resolved = NULL;
3522 CGroupIODeviceWeight *w;
3523 CGroupContext *c = data;
3524 const char *p = rvalue;
3525 uint64_t u;
3526 int r;
3527
3528 assert(filename);
3529 assert(lvalue);
3530 assert(rvalue);
3531
3532 if (isempty(rvalue)) {
3533 while (c->io_device_weights)
3534 cgroup_context_free_io_device_weight(c, c->io_device_weights);
3535
3536 return 0;
3537 }
3538
3539 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3540 if (r == -ENOMEM)
3541 return log_oom();
3542 if (r < 0) {
3543 log_syntax(unit, LOG_WARNING, filename, line, r,
3544 "Invalid syntax, ignoring: %s", rvalue);
3545 return 0;
3546 }
3547 if (r == 0 || isempty(p)) {
3548 log_syntax(unit, LOG_WARNING, filename, line, 0,
3549 "Failed to extract device path and weight from '%s', ignoring.", rvalue);
3550 return 0;
3551 }
3552
3553 r = unit_full_printf(userdata, path, &resolved);
3554 if (r < 0) {
3555 log_syntax(unit, LOG_WARNING, filename, line, r,
3556 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
3557 return 0;
3558 }
3559
3560 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3561 if (r < 0)
3562 return 0;
3563
3564 r = cg_weight_parse(p, &u);
3565 if (r < 0) {
3566 log_syntax(unit, LOG_ERR, filename, line, r, "IO weight '%s' invalid, ignoring: %m", p);
3567 return 0;
3568 }
3569
3570 assert(u != CGROUP_WEIGHT_INVALID);
3571
3572 w = new0(CGroupIODeviceWeight, 1);
3573 if (!w)
3574 return log_oom();
3575
3576 w->path = TAKE_PTR(resolved);
3577 w->weight = u;
3578
3579 LIST_PREPEND(device_weights, c->io_device_weights, w);
3580 return 0;
3581 }
3582
3583 int config_parse_io_device_latency(
3584 const char *unit,
3585 const char *filename,
3586 unsigned line,
3587 const char *section,
3588 unsigned section_line,
3589 const char *lvalue,
3590 int ltype,
3591 const char *rvalue,
3592 void *data,
3593 void *userdata) {
3594
3595 _cleanup_free_ char *path = NULL, *resolved = NULL;
3596 CGroupIODeviceLatency *l;
3597 CGroupContext *c = data;
3598 const char *p = rvalue;
3599 usec_t usec;
3600 int r;
3601
3602 assert(filename);
3603 assert(lvalue);
3604 assert(rvalue);
3605
3606 if (isempty(rvalue)) {
3607 while (c->io_device_latencies)
3608 cgroup_context_free_io_device_latency(c, c->io_device_latencies);
3609
3610 return 0;
3611 }
3612
3613 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3614 if (r == -ENOMEM)
3615 return log_oom();
3616 if (r < 0) {
3617 log_syntax(unit, LOG_WARNING, filename, line, r,
3618 "Invalid syntax, ignoring: %s", rvalue);
3619 return 0;
3620 }
3621 if (r == 0 || isempty(p)) {
3622 log_syntax(unit, LOG_WARNING, filename, line, 0,
3623 "Failed to extract device path and latency from '%s', ignoring.", rvalue);
3624 return 0;
3625 }
3626
3627 r = unit_full_printf(userdata, path, &resolved);
3628 if (r < 0) {
3629 log_syntax(unit, LOG_WARNING, filename, line, r,
3630 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
3631 return 0;
3632 }
3633
3634 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3635 if (r < 0)
3636 return 0;
3637
3638 if (parse_sec(p, &usec) < 0) {
3639 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse timer value, ignoring: %s", p);
3640 return 0;
3641 }
3642
3643 l = new0(CGroupIODeviceLatency, 1);
3644 if (!l)
3645 return log_oom();
3646
3647 l->path = TAKE_PTR(resolved);
3648 l->target_usec = usec;
3649
3650 LIST_PREPEND(device_latencies, c->io_device_latencies, l);
3651 return 0;
3652 }
3653
3654 int config_parse_io_limit(
3655 const char *unit,
3656 const char *filename,
3657 unsigned line,
3658 const char *section,
3659 unsigned section_line,
3660 const char *lvalue,
3661 int ltype,
3662 const char *rvalue,
3663 void *data,
3664 void *userdata) {
3665
3666 _cleanup_free_ char *path = NULL, *resolved = NULL;
3667 CGroupIODeviceLimit *l = NULL, *t;
3668 CGroupContext *c = data;
3669 CGroupIOLimitType type;
3670 const char *p = rvalue;
3671 uint64_t num;
3672 int r;
3673
3674 assert(filename);
3675 assert(lvalue);
3676 assert(rvalue);
3677
3678 type = cgroup_io_limit_type_from_string(lvalue);
3679 assert(type >= 0);
3680
3681 if (isempty(rvalue)) {
3682 LIST_FOREACH(device_limits, l, c->io_device_limits)
3683 l->limits[type] = cgroup_io_limit_defaults[type];
3684 return 0;
3685 }
3686
3687 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3688 if (r == -ENOMEM)
3689 return log_oom();
3690 if (r < 0) {
3691 log_syntax(unit, LOG_WARNING, filename, line, r,
3692 "Invalid syntax, ignoring: %s", rvalue);
3693 return 0;
3694 }
3695 if (r == 0 || isempty(p)) {
3696 log_syntax(unit, LOG_WARNING, filename, line, 0,
3697 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue);
3698 return 0;
3699 }
3700
3701 r = unit_full_printf(userdata, path, &resolved);
3702 if (r < 0) {
3703 log_syntax(unit, LOG_WARNING, filename, line, r,
3704 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
3705 return 0;
3706 }
3707
3708 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3709 if (r < 0)
3710 return 0;
3711
3712 if (streq("infinity", p))
3713 num = CGROUP_LIMIT_MAX;
3714 else {
3715 r = parse_size(p, 1000, &num);
3716 if (r < 0 || num <= 0) {
3717 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid IO limit '%s', ignoring.", p);
3718 return 0;
3719 }
3720 }
3721
3722 LIST_FOREACH(device_limits, t, c->io_device_limits) {
3723 if (path_equal(resolved, t->path)) {
3724 l = t;
3725 break;
3726 }
3727 }
3728
3729 if (!l) {
3730 CGroupIOLimitType ttype;
3731
3732 l = new0(CGroupIODeviceLimit, 1);
3733 if (!l)
3734 return log_oom();
3735
3736 l->path = TAKE_PTR(resolved);
3737 for (ttype = 0; ttype < _CGROUP_IO_LIMIT_TYPE_MAX; ttype++)
3738 l->limits[ttype] = cgroup_io_limit_defaults[ttype];
3739
3740 LIST_PREPEND(device_limits, c->io_device_limits, l);
3741 }
3742
3743 l->limits[type] = num;
3744
3745 return 0;
3746 }
3747
3748 int config_parse_blockio_device_weight(
3749 const char *unit,
3750 const char *filename,
3751 unsigned line,
3752 const char *section,
3753 unsigned section_line,
3754 const char *lvalue,
3755 int ltype,
3756 const char *rvalue,
3757 void *data,
3758 void *userdata) {
3759
3760 _cleanup_free_ char *path = NULL, *resolved = NULL;
3761 CGroupBlockIODeviceWeight *w;
3762 CGroupContext *c = data;
3763 const char *p = rvalue;
3764 uint64_t u;
3765 int r;
3766
3767 assert(filename);
3768 assert(lvalue);
3769 assert(rvalue);
3770
3771 if (isempty(rvalue)) {
3772 while (c->blockio_device_weights)
3773 cgroup_context_free_blockio_device_weight(c, c->blockio_device_weights);
3774
3775 return 0;
3776 }
3777
3778 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3779 if (r == -ENOMEM)
3780 return log_oom();
3781 if (r < 0) {
3782 log_syntax(unit, LOG_WARNING, filename, line, r,
3783 "Invalid syntax, ignoring: %s", rvalue);
3784 return 0;
3785 }
3786 if (r == 0 || isempty(p)) {
3787 log_syntax(unit, LOG_WARNING, filename, line, 0,
3788 "Failed to extract device node and weight from '%s', ignoring.", rvalue);
3789 return 0;
3790 }
3791
3792 r = unit_full_printf(userdata, path, &resolved);
3793 if (r < 0) {
3794 log_syntax(unit, LOG_WARNING, filename, line, r,
3795 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
3796 return 0;
3797 }
3798
3799 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3800 if (r < 0)
3801 return 0;
3802
3803 r = cg_blkio_weight_parse(p, &u);
3804 if (r < 0) {
3805 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid block IO weight '%s', ignoring: %m", p);
3806 return 0;
3807 }
3808
3809 assert(u != CGROUP_BLKIO_WEIGHT_INVALID);
3810
3811 w = new0(CGroupBlockIODeviceWeight, 1);
3812 if (!w)
3813 return log_oom();
3814
3815 w->path = TAKE_PTR(resolved);
3816 w->weight = u;
3817
3818 LIST_PREPEND(device_weights, c->blockio_device_weights, w);
3819 return 0;
3820 }
3821
3822 int config_parse_blockio_bandwidth(
3823 const char *unit,
3824 const char *filename,
3825 unsigned line,
3826 const char *section,
3827 unsigned section_line,
3828 const char *lvalue,
3829 int ltype,
3830 const char *rvalue,
3831 void *data,
3832 void *userdata) {
3833
3834 _cleanup_free_ char *path = NULL, *resolved = NULL;
3835 CGroupBlockIODeviceBandwidth *b = NULL, *t;
3836 CGroupContext *c = data;
3837 const char *p = rvalue;
3838 uint64_t bytes;
3839 bool read;
3840 int r;
3841
3842 assert(filename);
3843 assert(lvalue);
3844 assert(rvalue);
3845
3846 read = streq("BlockIOReadBandwidth", lvalue);
3847
3848 if (isempty(rvalue)) {
3849 LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths) {
3850 b->rbps = CGROUP_LIMIT_MAX;
3851 b->wbps = CGROUP_LIMIT_MAX;
3852 }
3853 return 0;
3854 }
3855
3856 r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE);
3857 if (r == -ENOMEM)
3858 return log_oom();
3859 if (r < 0) {
3860 log_syntax(unit, LOG_WARNING, filename, line, r,
3861 "Invalid syntax, ignoring: %s", rvalue);
3862 return 0;
3863 }
3864 if (r == 0 || isempty(p)) {
3865 log_syntax(unit, LOG_WARNING, filename, line, 0,
3866 "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue);
3867 return 0;
3868 }
3869
3870 r = unit_full_printf(userdata, path, &resolved);
3871 if (r < 0) {
3872 log_syntax(unit, LOG_WARNING, filename, line, r,
3873 "Failed to resolve unit specifiers in '%s', ignoring: %m", path);
3874 return 0;
3875 }
3876
3877 r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
3878 if (r < 0)
3879 return 0;
3880
3881 r = parse_size(p, 1000, &bytes);
3882 if (r < 0 || bytes <= 0) {
3883 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid Block IO Bandwidth '%s', ignoring.", p);
3884 return 0;
3885 }
3886
3887 LIST_FOREACH(device_bandwidths, t, c->blockio_device_bandwidths) {
3888 if (path_equal(resolved, t->path)) {
3889 b = t;
3890 break;
3891 }
3892 }
3893
3894 if (!t) {
3895 b = new0(CGroupBlockIODeviceBandwidth, 1);
3896 if (!b)
3897 return log_oom();
3898
3899 b->path = TAKE_PTR(resolved);
3900 b->rbps = CGROUP_LIMIT_MAX;
3901 b->wbps = CGROUP_LIMIT_MAX;
3902
3903 LIST_PREPEND(device_bandwidths, c->blockio_device_bandwidths, b);
3904 }
3905
3906 if (read)
3907 b->rbps = bytes;
3908 else
3909 b->wbps = bytes;
3910
3911 return 0;
3912 }
3913
3914 int config_parse_job_mode_isolate(
3915 const char *unit,
3916 const char *filename,
3917 unsigned line,
3918 const char *section,
3919 unsigned section_line,
3920 const char *lvalue,
3921 int ltype,
3922 const char *rvalue,
3923 void *data,
3924 void *userdata) {
3925
3926 JobMode *m = data;
3927 int r;
3928
3929 assert(filename);
3930 assert(lvalue);
3931 assert(rvalue);
3932
3933 r = parse_boolean(rvalue);
3934 if (r < 0) {
3935 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse boolean, ignoring: %s", rvalue);
3936 return 0;
3937 }
3938
3939 log_notice("%s is deprecated. Please use OnFailureJobMode= instead", lvalue);
3940
3941 *m = r ? JOB_ISOLATE : JOB_REPLACE;
3942 return 0;
3943 }
3944
3945 int config_parse_exec_directories(
3946 const char *unit,
3947 const char *filename,
3948 unsigned line,
3949 const char *section,
3950 unsigned section_line,
3951 const char *lvalue,
3952 int ltype,
3953 const char *rvalue,
3954 void *data,
3955 void *userdata) {
3956
3957 char***rt = data;
3958 const Unit *u = userdata;
3959 const char *p;
3960 int r;
3961
3962 assert(filename);
3963 assert(lvalue);
3964 assert(rvalue);
3965 assert(data);
3966
3967 if (isempty(rvalue)) {
3968 /* Empty assignment resets the list */
3969 *rt = strv_free(*rt);
3970 return 0;
3971 }
3972
3973 for (p = rvalue;;) {
3974 _cleanup_free_ char *word = NULL, *k = NULL;
3975
3976 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
3977 if (r == -ENOMEM)
3978 return log_oom();
3979 if (r < 0) {
3980 log_syntax(unit, LOG_WARNING, filename, line, r,
3981 "Invalid syntax, ignoring: %s", rvalue);
3982 return 0;
3983 }
3984 if (r == 0)
3985 return 0;
3986
3987 r = unit_full_printf(u, word, &k);
3988 if (r < 0) {
3989 log_syntax(unit, LOG_ERR, filename, line, r,
3990 "Failed to resolve unit specifiers in \"%s\", ignoring: %m", word);
3991 continue;
3992 }
3993
3994 r = path_simplify_and_warn(k, PATH_CHECK_RELATIVE, unit, filename, line, lvalue);
3995 if (r < 0)
3996 continue;
3997
3998 if (path_startswith(k, "private")) {
3999 log_syntax(unit, LOG_ERR, filename, line, 0,
4000 "%s= path can't be 'private', ignoring assignment: %s", lvalue, word);
4001 continue;
4002 }
4003
4004 r = strv_push(rt, k);
4005 if (r < 0)
4006 return log_oom();
4007 k = NULL;
4008 }
4009 }
4010
4011 int config_parse_set_status(
4012 const char *unit,
4013 const char *filename,
4014 unsigned line,
4015 const char *section,
4016 unsigned section_line,
4017 const char *lvalue,
4018 int ltype,
4019 const char *rvalue,
4020 void *data,
4021 void *userdata) {
4022
4023 size_t l;
4024 const char *word, *state;
4025 int r;
4026 ExitStatusSet *status_set = data;
4027
4028 assert(filename);
4029 assert(lvalue);
4030 assert(rvalue);
4031 assert(data);
4032
4033 /* Empty assignment resets the list */
4034 if (isempty(rvalue)) {
4035 exit_status_set_free(status_set);
4036 return 0;
4037 }
4038
4039 FOREACH_WORD(word, l, rvalue, state) {
4040 _cleanup_free_ char *temp;
4041 Bitmap *bitmap;
4042
4043 temp = strndup(word, l);
4044 if (!temp)
4045 return log_oom();
4046
4047 /* We need to call exit_status_from_string() first, because we want
4048 * to parse numbers as exit statuses, not signals. */
4049
4050 r = exit_status_from_string(temp);
4051 if (r >= 0) {
4052 assert(r >= 0 && r < 256);
4053 bitmap = &status_set->status;
4054 } else {
4055 r = signal_from_string(temp);
4056
4057 if (r <= 0) {
4058 log_syntax(unit, LOG_ERR, filename, line, 0,
4059 "Failed to parse value, ignoring: %s", word);
4060 continue;
4061 }
4062 bitmap = &status_set->signal;
4063 }
4064
4065 r = bitmap_set(bitmap, r);
4066 if (r < 0)
4067 return log_error_errno(r, "Failed to set signal or status %s: %m", word);
4068 }
4069 if (!isempty(state))
4070 log_syntax(unit, LOG_ERR, filename, line, 0, "Trailing garbage, ignoring.");
4071
4072 return 0;
4073 }
4074
4075 int config_parse_namespace_path_strv(
4076 const char *unit,
4077 const char *filename,
4078 unsigned line,
4079 const char *section,
4080 unsigned section_line,
4081 const char *lvalue,
4082 int ltype,
4083 const char *rvalue,
4084 void *data,
4085 void *userdata) {
4086
4087 const Unit *u = userdata;
4088 char*** sv = data;
4089 const char *p = rvalue;
4090 int r;
4091
4092 assert(filename);
4093 assert(lvalue);
4094 assert(rvalue);
4095 assert(data);
4096
4097 if (isempty(rvalue)) {
4098 /* Empty assignment resets the list */
4099 *sv = strv_free(*sv);
4100 return 0;
4101 }
4102
4103 for (;;) {
4104 _cleanup_free_ char *word = NULL, *resolved = NULL, *joined = NULL;
4105 const char *w;
4106 bool ignore_enoent = false, shall_prefix = false;
4107
4108 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
4109 if (r == 0)
4110 break;
4111 if (r == -ENOMEM)
4112 return log_oom();
4113 if (r < 0) {
4114 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to extract first word, ignoring: %s", rvalue);
4115 return 0;
4116 }
4117
4118 w = word;
4119 if (startswith(w, "-")) {
4120 ignore_enoent = true;
4121 w++;
4122 }
4123 if (startswith(w, "+")) {
4124 shall_prefix = true;
4125 w++;
4126 }
4127
4128 r = unit_full_printf(u, w, &resolved);
4129 if (r < 0) {
4130 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", w);
4131 continue;
4132 }
4133
4134 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4135 if (r < 0)
4136 continue;
4137
4138 joined = strjoin(ignore_enoent ? "-" : "",
4139 shall_prefix ? "+" : "",
4140 resolved);
4141
4142 r = strv_push(sv, joined);
4143 if (r < 0)
4144 return log_oom();
4145
4146 joined = NULL;
4147 }
4148
4149 return 0;
4150 }
4151
4152 int config_parse_temporary_filesystems(
4153 const char *unit,
4154 const char *filename,
4155 unsigned line,
4156 const char *section,
4157 unsigned section_line,
4158 const char *lvalue,
4159 int ltype,
4160 const char *rvalue,
4161 void *data,
4162 void *userdata) {
4163
4164 const Unit *u = userdata;
4165 ExecContext *c = data;
4166 const char *p = rvalue;
4167 int r;
4168
4169 assert(filename);
4170 assert(lvalue);
4171 assert(rvalue);
4172 assert(data);
4173
4174 if (isempty(rvalue)) {
4175 /* Empty assignment resets the list */
4176 temporary_filesystem_free_many(c->temporary_filesystems, c->n_temporary_filesystems);
4177 c->temporary_filesystems = NULL;
4178 c->n_temporary_filesystems = 0;
4179 return 0;
4180 }
4181
4182 for (;;) {
4183 _cleanup_free_ char *word = NULL, *path = NULL, *resolved = NULL;
4184 const char *w;
4185
4186 r = extract_first_word(&p, &word, NULL, EXTRACT_UNQUOTE);
4187 if (r == 0)
4188 return 0;
4189 if (r == -ENOMEM)
4190 return log_oom();
4191 if (r < 0) {
4192 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to extract first word, ignoring: %s", rvalue);
4193 return 0;
4194 }
4195
4196 w = word;
4197 r = extract_first_word(&w, &path, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
4198 if (r == -ENOMEM)
4199 return log_oom();
4200 if (r < 0) {
4201 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to extract first word, ignoring: %s", word);
4202 continue;
4203 }
4204 if (r == 0) {
4205 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid syntax, ignoring: %s", word);
4206 continue;
4207 }
4208
4209 r = unit_full_printf(u, path, &resolved);
4210 if (r < 0) {
4211 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", path);
4212 continue;
4213 }
4214
4215 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4216 if (r < 0)
4217 continue;
4218
4219 r = temporary_filesystem_add(&c->temporary_filesystems, &c->n_temporary_filesystems, resolved, w);
4220 if (r < 0)
4221 return log_oom();
4222 }
4223 }
4224
4225 int config_parse_bind_paths(
4226 const char *unit,
4227 const char *filename,
4228 unsigned line,
4229 const char *section,
4230 unsigned section_line,
4231 const char *lvalue,
4232 int ltype,
4233 const char *rvalue,
4234 void *data,
4235 void *userdata) {
4236
4237 ExecContext *c = data;
4238 const Unit *u = userdata;
4239 const char *p;
4240 int r;
4241
4242 assert(filename);
4243 assert(lvalue);
4244 assert(rvalue);
4245 assert(data);
4246
4247 if (isempty(rvalue)) {
4248 /* Empty assignment resets the list */
4249 bind_mount_free_many(c->bind_mounts, c->n_bind_mounts);
4250 c->bind_mounts = NULL;
4251 c->n_bind_mounts = 0;
4252 return 0;
4253 }
4254
4255 p = rvalue;
4256 for (;;) {
4257 _cleanup_free_ char *source = NULL, *destination = NULL;
4258 _cleanup_free_ char *sresolved = NULL, *dresolved = NULL;
4259 char *s = NULL, *d = NULL;
4260 bool rbind = true, ignore_enoent = false;
4261
4262 r = extract_first_word(&p, &source, ":" WHITESPACE, EXTRACT_UNQUOTE|EXTRACT_DONT_COALESCE_SEPARATORS);
4263 if (r == 0)
4264 break;
4265 if (r == -ENOMEM)
4266 return log_oom();
4267 if (r < 0) {
4268 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s, ignoring: %s", lvalue, rvalue);
4269 return 0;
4270 }
4271
4272 r = unit_full_printf(u, source, &sresolved);
4273 if (r < 0) {
4274 log_syntax(unit, LOG_ERR, filename, line, r,
4275 "Failed to resolved unit specifiers in \"%s\", ignoring: %m", source);
4276 continue;
4277 }
4278
4279 s = sresolved;
4280 if (s[0] == '-') {
4281 ignore_enoent = true;
4282 s++;
4283 }
4284
4285 r = path_simplify_and_warn(s, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4286 if (r < 0)
4287 continue;
4288
4289 /* Optionally, the destination is specified. */
4290 if (p && p[-1] == ':') {
4291 r = extract_first_word(&p, &destination, ":" WHITESPACE, EXTRACT_UNQUOTE|EXTRACT_DONT_COALESCE_SEPARATORS);
4292 if (r == -ENOMEM)
4293 return log_oom();
4294 if (r < 0) {
4295 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s, ignoring: %s", lvalue, rvalue);
4296 return 0;
4297 }
4298 if (r == 0) {
4299 log_syntax(unit, LOG_ERR, filename, line, 0, "Missing argument after ':', ignoring: %s", s);
4300 continue;
4301 }
4302
4303 r = unit_full_printf(u, destination, &dresolved);
4304 if (r < 0) {
4305 log_syntax(unit, LOG_ERR, filename, line, r,
4306 "Failed to resolved specifiers in \"%s\", ignoring: %m", destination);
4307 continue;
4308 }
4309
4310 r = path_simplify_and_warn(dresolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4311 if (r < 0)
4312 continue;
4313
4314 d = dresolved;
4315
4316 /* Optionally, there's also a short option string specified */
4317 if (p && p[-1] == ':') {
4318 _cleanup_free_ char *options = NULL;
4319
4320 r = extract_first_word(&p, &options, NULL, EXTRACT_UNQUOTE);
4321 if (r == -ENOMEM)
4322 return log_oom();
4323 if (r < 0) {
4324 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s: %s", lvalue, rvalue);
4325 return 0;
4326 }
4327
4328 if (isempty(options) || streq(options, "rbind"))
4329 rbind = true;
4330 else if (streq(options, "norbind"))
4331 rbind = false;
4332 else {
4333 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid option string, ignoring setting: %s", options);
4334 continue;
4335 }
4336 }
4337 } else
4338 d = s;
4339
4340 r = bind_mount_add(&c->bind_mounts, &c->n_bind_mounts,
4341 &(BindMount) {
4342 .source = s,
4343 .destination = d,
4344 .read_only = !!strstr(lvalue, "ReadOnly"),
4345 .recursive = rbind,
4346 .ignore_enoent = ignore_enoent,
4347 });
4348 if (r < 0)
4349 return log_oom();
4350 }
4351
4352 return 0;
4353 }
4354
4355 int config_parse_job_timeout_sec(
4356 const char* unit,
4357 const char *filename,
4358 unsigned line,
4359 const char *section,
4360 unsigned section_line,
4361 const char *lvalue,
4362 int ltype,
4363 const char *rvalue,
4364 void *data,
4365 void *userdata) {
4366
4367 Unit *u = data;
4368 usec_t usec;
4369 int r;
4370
4371 assert(filename);
4372 assert(lvalue);
4373 assert(rvalue);
4374 assert(u);
4375
4376 r = parse_sec_fix_0(rvalue, &usec);
4377 if (r < 0) {
4378 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse JobTimeoutSec= parameter, ignoring: %s", rvalue);
4379 return 0;
4380 }
4381
4382 /* If the user explicitly changed JobTimeoutSec= also change JobRunningTimeoutSec=, for compatibility with old
4383 * versions. If JobRunningTimeoutSec= was explicitly set, avoid this however as whatever the user picked should
4384 * count. */
4385
4386 if (!u->job_running_timeout_set)
4387 u->job_running_timeout = usec;
4388
4389 u->job_timeout = usec;
4390
4391 return 0;
4392 }
4393
4394 int config_parse_job_running_timeout_sec(
4395 const char* unit,
4396 const char *filename,
4397 unsigned line,
4398 const char *section,
4399 unsigned section_line,
4400 const char *lvalue,
4401 int ltype,
4402 const char *rvalue,
4403 void *data,
4404 void *userdata) {
4405
4406 Unit *u = data;
4407 usec_t usec;
4408 int r;
4409
4410 assert(filename);
4411 assert(lvalue);
4412 assert(rvalue);
4413 assert(u);
4414
4415 r = parse_sec_fix_0(rvalue, &usec);
4416 if (r < 0) {
4417 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse JobRunningTimeoutSec= parameter, ignoring: %s", rvalue);
4418 return 0;
4419 }
4420
4421 u->job_running_timeout = usec;
4422 u->job_running_timeout_set = true;
4423
4424 return 0;
4425 }
4426
4427 int config_parse_emergency_action(
4428 const char* unit,
4429 const char *filename,
4430 unsigned line,
4431 const char *section,
4432 unsigned section_line,
4433 const char *lvalue,
4434 int ltype,
4435 const char *rvalue,
4436 void *data,
4437 void *userdata) {
4438
4439 Manager *m = NULL;
4440 EmergencyAction *x = data;
4441 int r;
4442
4443 assert(filename);
4444 assert(lvalue);
4445 assert(rvalue);
4446 assert(data);
4447
4448 if (unit)
4449 m = ((Unit*) userdata)->manager;
4450 else
4451 m = data;
4452
4453 r = parse_emergency_action(rvalue, MANAGER_IS_SYSTEM(m), x);
4454 if (r < 0) {
4455 if (r == -EOPNOTSUPP && MANAGER_IS_USER(m)) {
4456 /* Compat mode: remove for systemd 241. */
4457
4458 log_syntax(unit, LOG_INFO, filename, line, r,
4459 "%s= in user mode specified as \"%s\", using \"exit-force\" instead.",
4460 lvalue, rvalue);
4461 *x = EMERGENCY_ACTION_EXIT_FORCE;
4462 return 0;
4463 }
4464
4465 if (r == -EOPNOTSUPP)
4466 log_syntax(unit, LOG_ERR, filename, line, r,
4467 "%s= specified as %s mode action, ignoring: %s",
4468 lvalue, MANAGER_IS_SYSTEM(m) ? "user" : "system", rvalue);
4469 else
4470 log_syntax(unit, LOG_ERR, filename, line, r,
4471 "Failed to parse %s=, ignoring: %s", lvalue, rvalue);
4472 return 0;
4473 }
4474
4475 return 0;
4476 }
4477
4478 int config_parse_pid_file(
4479 const char *unit,
4480 const char *filename,
4481 unsigned line,
4482 const char *section,
4483 unsigned section_line,
4484 const char *lvalue,
4485 int ltype,
4486 const char *rvalue,
4487 void *data,
4488 void *userdata) {
4489
4490 _cleanup_free_ char *k = NULL, *n = NULL;
4491 const Unit *u = userdata;
4492 char **s = data;
4493 int r;
4494
4495 assert(filename);
4496 assert(lvalue);
4497 assert(rvalue);
4498 assert(u);
4499
4500 if (isempty(rvalue)) {
4501 /* An empty assignment removes already set value. */
4502 *s = mfree(*s);
4503 return 0;
4504 }
4505
4506 r = unit_full_printf(u, rvalue, &k);
4507 if (r < 0) {
4508 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
4509 return 0;
4510 }
4511
4512 /* If this is a relative path make it absolute by prefixing the /run */
4513 n = path_make_absolute(k, u->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
4514 if (!n)
4515 return log_oom();
4516
4517 /* Check that the result is a sensible path */
4518 r = path_simplify_and_warn(n, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4519 if (r < 0)
4520 return r;
4521
4522 r = patch_var_run(unit, filename, line, lvalue, &n);
4523 if (r < 0)
4524 return r;
4525
4526 free_and_replace(*s, n);
4527 return 0;
4528 }
4529
4530 int config_parse_exit_status(
4531 const char *unit,
4532 const char *filename,
4533 unsigned line,
4534 const char *section,
4535 unsigned section_line,
4536 const char *lvalue,
4537 int ltype,
4538 const char *rvalue,
4539 void *data,
4540 void *userdata) {
4541
4542 int *exit_status = data, r;
4543 uint8_t u;
4544
4545 assert(filename);
4546 assert(lvalue);
4547 assert(rvalue);
4548 assert(exit_status);
4549
4550 if (isempty(rvalue)) {
4551 *exit_status = -1;
4552 return 0;
4553 }
4554
4555 r = safe_atou8(rvalue, &u);
4556 if (r < 0) {
4557 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse exit status '%s', ignoring: %m", rvalue);
4558 return 0;
4559 }
4560
4561 *exit_status = u;
4562 return 0;
4563 }
4564
4565 int config_parse_disable_controllers(
4566 const char *unit,
4567 const char *filename,
4568 unsigned line,
4569 const char *section,
4570 unsigned section_line,
4571 const char *lvalue,
4572 int ltype,
4573 const char *rvalue,
4574 void *data,
4575 void *userdata) {
4576
4577 int r;
4578 CGroupContext *c = data;
4579 CGroupMask disabled_mask;
4580
4581 /* 1. If empty, make all controllers eligible for use again.
4582 * 2. If non-empty, merge all listed controllers, space separated. */
4583
4584 if (isempty(rvalue)) {
4585 c->disable_controllers = 0;
4586 return 0;
4587 }
4588
4589 r = cg_mask_from_string(rvalue, &disabled_mask);
4590 if (r < 0 || disabled_mask <= 0) {
4591 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid cgroup string: %s, ignoring", rvalue);
4592 return 0;
4593 }
4594
4595 c->disable_controllers |= disabled_mask;
4596
4597 return 0;
4598 }
4599
4600 int config_parse_ip_filter_bpf_progs(
4601 const char *unit,
4602 const char *filename,
4603 unsigned line,
4604 const char *section,
4605 unsigned section_line,
4606 const char *lvalue,
4607 int ltype,
4608 const char *rvalue,
4609 void *data,
4610 void *userdata) {
4611
4612 _cleanup_free_ char *resolved = NULL;
4613 const Unit *u = userdata;
4614 char ***paths = data;
4615 int r;
4616
4617 assert(filename);
4618 assert(lvalue);
4619 assert(rvalue);
4620 assert(paths);
4621
4622 if (isempty(rvalue)) {
4623 *paths = strv_free(*paths);
4624 return 0;
4625 }
4626
4627 r = unit_full_printf(u, rvalue, &resolved);
4628 if (r < 0) {
4629 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
4630 return 0;
4631 }
4632
4633 r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
4634 if (r < 0)
4635 return 0;
4636
4637 if (strv_contains(*paths, resolved))
4638 return 0;
4639
4640 r = strv_extend(paths, resolved);
4641 if (r < 0)
4642 return log_oom();
4643
4644 r = bpf_firewall_supported();
4645 if (r < 0)
4646 return r;
4647 if (r != BPF_FIREWALL_SUPPORTED_WITH_MULTI) {
4648 static bool warned = false;
4649
4650 log_full(warned ? LOG_DEBUG : LOG_WARNING,
4651 "File %s:%u configures an IP firewall with BPF programs (%s=%s), but the local system does not support BPF/cgroup based firewalling with multiple filters.\n"
4652 "Starting this unit will fail! (This warning is only shown for the first loaded unit using IP firewalling.)", filename, line, lvalue, rvalue);
4653
4654 warned = true;
4655 }
4656
4657 return 0;
4658 }
4659
4660 static int merge_by_names(Unit **u, Set *names, const char *id) {
4661 char *k;
4662 int r;
4663
4664 assert(u);
4665 assert(*u);
4666
4667 /* Let's try to add in all names that are aliases of this unit */
4668 while ((k = set_steal_first(names))) {
4669 _cleanup_free_ _unused_ char *free_k = k;
4670
4671 /* First try to merge in the other name into our unit */
4672 r = unit_merge_by_name(*u, k);
4673 if (r < 0) {
4674 Unit *other;
4675
4676 /* Hmm, we couldn't merge the other unit into ours? Then let's try it the other way
4677 * round. */
4678
4679 other = manager_get_unit((*u)->manager, k);
4680 if (!other)
4681 return r; /* return previous failure */
4682
4683 r = unit_merge(other, *u);
4684 if (r < 0)
4685 return r;
4686
4687 *u = other;
4688 return merge_by_names(u, names, NULL);
4689 }
4690
4691 if (streq_ptr(id, k))
4692 unit_choose_id(*u, id);
4693 }
4694
4695 return 0;
4696 }
4697
4698 int unit_load_fragment(Unit *u) {
4699 const char *fragment;
4700 _cleanup_set_free_free_ Set *names = NULL;
4701 struct stat st;
4702 int r;
4703
4704 assert(u);
4705 assert(u->load_state == UNIT_STUB);
4706 assert(u->id);
4707
4708 if (u->transient) {
4709 u->load_state = UNIT_LOADED;
4710 return 0;
4711 }
4712
4713 /* Possibly rebuild the fragment map to catch new units */
4714 r = unit_file_build_name_map(&u->manager->lookup_paths,
4715 &u->manager->unit_cache_mtime,
4716 &u->manager->unit_id_map,
4717 &u->manager->unit_name_map,
4718 &u->manager->unit_path_cache);
4719 if (r < 0)
4720 log_error_errno(r, "Failed to rebuild name map: %m");
4721
4722 r = unit_file_find_fragment(u->manager->unit_id_map,
4723 u->manager->unit_name_map,
4724 u->id,
4725 &fragment,
4726 &names);
4727 if (r < 0 && r != -ENOENT)
4728 return r;
4729
4730 if (fragment) {
4731 /* Open the file, check if this is a mask, otherwise read. */
4732 _cleanup_fclose_ FILE *f = NULL;
4733
4734 /* Try to open the file name. A symlink is OK, for example for linked files or masks. We
4735 * expect that all symlinks within the lookup paths have been already resolved, but we don't
4736 * verify this here. */
4737 f = fopen(fragment, "re");
4738 if (!f)
4739 return log_unit_notice_errno(u, errno, "Failed to open %s: %m", fragment);
4740
4741 if (fstat(fileno(f), &st) < 0)
4742 return -errno;
4743
4744 r = free_and_strdup(&u->fragment_path, fragment);
4745 if (r < 0)
4746 return r;
4747
4748 if (null_or_empty(&st)) {
4749 /* Unit file is masked */
4750
4751 u->load_state = u->perpetual ? UNIT_LOADED : UNIT_MASKED; /* don't allow perpetual units to ever be masked */
4752 u->fragment_mtime = 0;
4753 } else {
4754 u->load_state = UNIT_LOADED;
4755 u->fragment_mtime = timespec_load(&st.st_mtim);
4756
4757 /* Now, parse the file contents */
4758 r = config_parse(u->id, fragment, f,
4759 UNIT_VTABLE(u)->sections,
4760 config_item_perf_lookup, load_fragment_gperf_lookup,
4761 CONFIG_PARSE_ALLOW_INCLUDE, u);
4762 if (r == -ENOEXEC)
4763 log_unit_notice_errno(u, r, "Unit configuration has fatal error, unit will not be started.");
4764 if (r < 0)
4765 return r;
4766 }
4767 }
4768
4769 if (u->source_path) {
4770 if (stat(u->source_path, &st) >= 0)
4771 u->source_mtime = timespec_load(&st.st_mtim);
4772 else
4773 u->source_mtime = 0;
4774 }
4775
4776 /* We do the merge dance here because for some unit types, the unit might have aliases which are not
4777 * declared in the file system. In particular, this is true (and frequent) for device and swap units.
4778 */
4779 Unit *merged;
4780 const char *id = u->id;
4781 _cleanup_free_ char *free_id = NULL;
4782
4783 if (fragment) {
4784 id = basename(fragment);
4785 if (unit_name_is_valid(id, UNIT_NAME_TEMPLATE)) {
4786 assert(u->instance); /* If we're not trying to use a template for non-instanced unit,
4787 * this must be set. */
4788
4789 r = unit_name_replace_instance(id, u->instance, &free_id);
4790 if (r < 0)
4791 return log_debug_errno(r, "Failed to build id (%s + %s): %m", id, u->instance);
4792 id = free_id;
4793 }
4794 }
4795
4796 merged = u;
4797 r = merge_by_names(&merged, names, id);
4798 if (r < 0)
4799 return r;
4800
4801 if (merged != u)
4802 u->load_state = UNIT_MERGED;
4803
4804 return 0;
4805 }
4806
4807 void unit_dump_config_items(FILE *f) {
4808 static const struct {
4809 const ConfigParserCallback callback;
4810 const char *rvalue;
4811 } table[] = {
4812 { config_parse_warn_compat, "NOTSUPPORTED" },
4813 { config_parse_int, "INTEGER" },
4814 { config_parse_unsigned, "UNSIGNED" },
4815 { config_parse_iec_size, "SIZE" },
4816 { config_parse_iec_uint64, "SIZE" },
4817 { config_parse_si_uint64, "SIZE" },
4818 { config_parse_bool, "BOOLEAN" },
4819 { config_parse_string, "STRING" },
4820 { config_parse_path, "PATH" },
4821 { config_parse_unit_path_printf, "PATH" },
4822 { config_parse_strv, "STRING [...]" },
4823 { config_parse_exec_nice, "NICE" },
4824 { config_parse_exec_oom_score_adjust, "OOMSCOREADJUST" },
4825 { config_parse_exec_io_class, "IOCLASS" },
4826 { config_parse_exec_io_priority, "IOPRIORITY" },
4827 { config_parse_exec_cpu_sched_policy, "CPUSCHEDPOLICY" },
4828 { config_parse_exec_cpu_sched_prio, "CPUSCHEDPRIO" },
4829 { config_parse_exec_cpu_affinity, "CPUAFFINITY" },
4830 { config_parse_mode, "MODE" },
4831 { config_parse_unit_env_file, "FILE" },
4832 { config_parse_exec_output, "OUTPUT" },
4833 { config_parse_exec_input, "INPUT" },
4834 { config_parse_log_facility, "FACILITY" },
4835 { config_parse_log_level, "LEVEL" },
4836 { config_parse_exec_secure_bits, "SECUREBITS" },
4837 { config_parse_capability_set, "BOUNDINGSET" },
4838 { config_parse_rlimit, "LIMIT" },
4839 { config_parse_unit_deps, "UNIT [...]" },
4840 { config_parse_exec, "PATH [ARGUMENT [...]]" },
4841 { config_parse_service_type, "SERVICETYPE" },
4842 { config_parse_service_restart, "SERVICERESTART" },
4843 { config_parse_kill_mode, "KILLMODE" },
4844 { config_parse_signal, "SIGNAL" },
4845 { config_parse_socket_listen, "SOCKET [...]" },
4846 { config_parse_socket_bind, "SOCKETBIND" },
4847 { config_parse_socket_bindtodevice, "NETWORKINTERFACE" },
4848 { config_parse_sec, "SECONDS" },
4849 { config_parse_nsec, "NANOSECONDS" },
4850 { config_parse_namespace_path_strv, "PATH [...]" },
4851 { config_parse_bind_paths, "PATH[:PATH[:OPTIONS]] [...]" },
4852 { config_parse_unit_requires_mounts_for, "PATH [...]" },
4853 { config_parse_exec_mount_flags, "MOUNTFLAG [...]" },
4854 { config_parse_unit_string_printf, "STRING" },
4855 { config_parse_trigger_unit, "UNIT" },
4856 { config_parse_timer, "TIMER" },
4857 { config_parse_path_spec, "PATH" },
4858 { config_parse_notify_access, "ACCESS" },
4859 { config_parse_ip_tos, "TOS" },
4860 { config_parse_unit_condition_path, "CONDITION" },
4861 { config_parse_unit_condition_string, "CONDITION" },
4862 { config_parse_unit_condition_null, "CONDITION" },
4863 { config_parse_unit_slice, "SLICE" },
4864 { config_parse_documentation, "URL" },
4865 { config_parse_service_timeout, "SECONDS" },
4866 { config_parse_emergency_action, "ACTION" },
4867 { config_parse_set_status, "STATUS" },
4868 { config_parse_service_sockets, "SOCKETS" },
4869 { config_parse_environ, "ENVIRON" },
4870 #if HAVE_SECCOMP
4871 { config_parse_syscall_filter, "SYSCALLS" },
4872 { config_parse_syscall_archs, "ARCHS" },
4873 { config_parse_syscall_errno, "ERRNO" },
4874 { config_parse_address_families, "FAMILIES" },
4875 { config_parse_restrict_namespaces, "NAMESPACES" },
4876 #endif
4877 { config_parse_cpu_shares, "SHARES" },
4878 { config_parse_cg_weight, "WEIGHT" },
4879 { config_parse_memory_limit, "LIMIT" },
4880 { config_parse_device_allow, "DEVICE" },
4881 { config_parse_device_policy, "POLICY" },
4882 { config_parse_io_limit, "LIMIT" },
4883 { config_parse_io_device_weight, "DEVICEWEIGHT" },
4884 { config_parse_io_device_latency, "DEVICELATENCY" },
4885 { config_parse_blockio_bandwidth, "BANDWIDTH" },
4886 { config_parse_blockio_weight, "WEIGHT" },
4887 { config_parse_blockio_device_weight, "DEVICEWEIGHT" },
4888 { config_parse_long, "LONG" },
4889 { config_parse_socket_service, "SERVICE" },
4890 #if HAVE_SELINUX
4891 { config_parse_exec_selinux_context, "LABEL" },
4892 #endif
4893 { config_parse_job_mode, "MODE" },
4894 { config_parse_job_mode_isolate, "BOOLEAN" },
4895 { config_parse_personality, "PERSONALITY" },
4896 };
4897
4898 const char *prev = NULL;
4899 const char *i;
4900
4901 assert(f);
4902
4903 NULSTR_FOREACH(i, load_fragment_gperf_nulstr) {
4904 const char *rvalue = "OTHER", *lvalue;
4905 const ConfigPerfItem *p;
4906 size_t prefix_len;
4907 const char *dot;
4908 unsigned j;
4909
4910 assert_se(p = load_fragment_gperf_lookup(i, strlen(i)));
4911
4912 /* Hide legacy settings */
4913 if (p->parse == config_parse_warn_compat &&
4914 p->ltype == DISABLED_LEGACY)
4915 continue;
4916
4917 for (j = 0; j < ELEMENTSOF(table); j++)
4918 if (p->parse == table[j].callback) {
4919 rvalue = table[j].rvalue;
4920 break;
4921 }
4922
4923 dot = strchr(i, '.');
4924 lvalue = dot ? dot + 1 : i;
4925 prefix_len = dot-i;
4926
4927 if (dot)
4928 if (!prev || !strneq(prev, i, prefix_len+1)) {
4929 if (prev)
4930 fputc('\n', f);
4931
4932 fprintf(f, "[%.*s]\n", (int) prefix_len, i);
4933 }
4934
4935 fprintf(f, "%s=%s\n", lvalue, rvalue);
4936 prev = i;
4937 }
4938 }
4939
4940 int config_parse_cpu_affinity2(
4941 const char *unit,
4942 const char *filename,
4943 unsigned line,
4944 const char *section,
4945 unsigned section_line,
4946 const char *lvalue,
4947 int ltype,
4948 const char *rvalue,
4949 void *data,
4950 void *userdata) {
4951
4952 CPUSet *affinity = data;
4953
4954 assert(affinity);
4955
4956 (void) parse_cpu_set_extend(rvalue, affinity, true, unit, filename, line, lvalue);
4957
4958 return 0;
4959 }
4960
4961 int config_parse_show_status(
4962 const char* unit,
4963 const char *filename,
4964 unsigned line,
4965 const char *section,
4966 unsigned section_line,
4967 const char *lvalue,
4968 int ltype,
4969 const char *rvalue,
4970 void *data,
4971 void *userdata) {
4972
4973 int k;
4974 ShowStatus *b = data;
4975
4976 assert(filename);
4977 assert(lvalue);
4978 assert(rvalue);
4979 assert(data);
4980
4981 k = parse_show_status(rvalue, b);
4982 if (k < 0) {
4983 log_syntax(unit, LOG_ERR, filename, line, k, "Failed to parse show status setting, ignoring: %s", rvalue);
4984 return 0;
4985 }
4986
4987 return 0;
4988 }
4989
4990 int config_parse_output_restricted(
4991 const char* unit,
4992 const char *filename,
4993 unsigned line,
4994 const char *section,
4995 unsigned section_line,
4996 const char *lvalue,
4997 int ltype,
4998 const char *rvalue,
4999 void *data,
5000 void *userdata) {
5001
5002 ExecOutput t, *eo = data;
5003
5004 assert(filename);
5005 assert(lvalue);
5006 assert(rvalue);
5007 assert(data);
5008
5009 t = exec_output_from_string(rvalue);
5010 if (t < 0) {
5011 log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse output type, ignoring: %s", rvalue);
5012 return 0;
5013 }
5014
5015 if (IN_SET(t, EXEC_OUTPUT_SOCKET, EXEC_OUTPUT_NAMED_FD, EXEC_OUTPUT_FILE, EXEC_OUTPUT_FILE_APPEND)) {
5016 log_syntax(unit, LOG_ERR, filename, line, 0, "Standard output types socket, fd:, file:, append: are not supported as defaults, ignoring: %s", rvalue);
5017 return 0;
5018 }
5019
5020 *eo = t;
5021 return 0;
5022 }
5023
5024 int config_parse_crash_chvt(
5025 const char* unit,
5026 const char *filename,
5027 unsigned line,
5028 const char *section,
5029 unsigned section_line,
5030 const char *lvalue,
5031 int ltype,
5032 const char *rvalue,
5033 void *data,
5034 void *userdata) {
5035
5036 int r;
5037
5038 assert(filename);
5039 assert(lvalue);
5040 assert(rvalue);
5041 assert(data);
5042
5043 r = parse_crash_chvt(rvalue, data);
5044 if (r < 0) {
5045 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse CrashChangeVT= setting, ignoring: %s", rvalue);
5046 return 0;
5047 }
5048
5049 return 0;
5050 }
5051
5052 int config_parse_swap_priority(
5053 const char *unit,
5054 const char *filename,
5055 unsigned line,
5056 const char *section,
5057 unsigned section_line,
5058 const char *lvalue,
5059 int ltype,
5060 const char *rvalue,
5061 void *data,
5062 void *userdata) {
5063
5064 Swap *s = userdata;
5065 int r, priority;
5066
5067 assert(s);
5068 assert(filename);
5069 assert(lvalue);
5070 assert(rvalue);
5071 assert(data);
5072
5073 if (isempty(rvalue)) {
5074 s->parameters_fragment.priority = -1;
5075 s->parameters_fragment.priority_set = false;
5076 return 0;
5077 }
5078
5079 r = safe_atoi(rvalue, &priority);
5080 if (r < 0) {
5081 log_syntax(unit, LOG_ERR, filename, line, r, "Invalid swap pririty '%s', ignoring.", rvalue);
5082 return 0;
5083 }
5084
5085 if (priority < -1) {
5086 log_syntax(unit, LOG_ERR, filename, line, 0, "Sorry, swap priorities smaller than -1 may only be assigned by the kernel itself, ignoring: %s", rvalue);
5087 return 0;
5088 }
5089
5090 if (priority > 32767) {
5091 log_syntax(unit, LOG_ERR, filename, line, 0, "Swap priority out of range, ignoring: %s", rvalue);
5092 return 0;
5093 }
5094
5095 s->parameters_fragment.priority = priority;
5096 s->parameters_fragment.priority_set = true;
5097 return 0;
5098 }
Unnamed repository; edit this file 'description' to name the repository.