]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/main.c
projects / thirdparty / systemd.git / blob
? search:


792b316c61b8e980fec719dee453c69da1723046
[thirdparty/systemd.git] / src / core / main.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <stdio.h>
23 #include <errno.h>
24 #include <string.h>
25 #include <unistd.h>
26 #include <sys/types.h>
27 #include <sys/stat.h>
28 #include <getopt.h>
29 #include <signal.h>
30 #include <sys/wait.h>
31 #include <fcntl.h>
32 #include <sys/prctl.h>
33 #include <sys/mount.h>
34
35 #ifdef HAVE_VALGRIND_VALGRIND_H
36 #include <valgrind/valgrind.h>
37 #endif
38 #ifdef HAVE_SECCOMP
39 #include <seccomp.h>
40 #endif
41
42 #include "sd-daemon.h"
43 #include "sd-messages.h"
44 #include "sd-bus.h"
45 #include "manager.h"
46 #include "log.h"
47 #include "load-fragment.h"
48 #include "fdset.h"
49 #include "special.h"
50 #include "conf-parser.h"
51 #include "missing.h"
52 #include "label.h"
53 #include "pager.h"
54 #include "build.h"
55 #include "strv.h"
56 #include "def.h"
57 #include "virt.h"
58 #include "architecture.h"
59 #include "watchdog.h"
60 #include "path-util.h"
61 #include "switch-root.h"
62 #include "capability.h"
63 #include "killall.h"
64 #include "env-util.h"
65 #include "clock-util.h"
66 #include "fileio.h"
67 #include "dbus-manager.h"
68 #include "bus-error.h"
69 #include "bus-util.h"
70
71 #include "mount-setup.h"
72 #include "loopback-setup.h"
73 #include "hostname-setup.h"
74 #include "machine-id-setup.h"
75 #include "selinux-setup.h"
76 #include "ima-setup.h"
77 #include "smack-setup.h"
78 #ifdef HAVE_KMOD
79 #include "kmod-setup.h"
80 #endif
81
82 static enum {
83 ACTION_RUN,
84 ACTION_HELP,
85 ACTION_VERSION,
86 ACTION_TEST,
87 ACTION_DUMP_CONFIGURATION_ITEMS,
88 ACTION_DONE
89 } arg_action = ACTION_RUN;
90 static char *arg_default_unit = NULL;
91 static SystemdRunningAs arg_running_as = _SYSTEMD_RUNNING_AS_INVALID;
92 static bool arg_dump_core = true;
93 static bool arg_crash_shell = false;
94 static int arg_crash_chvt = -1;
95 static bool arg_confirm_spawn = false;
96 static ShowStatus arg_show_status = _SHOW_STATUS_UNSET;
97 static bool arg_switched_root = false;
98 static int arg_no_pager = -1;
99 static char ***arg_join_controllers = NULL;
100 static ExecOutput arg_default_std_output = EXEC_OUTPUT_JOURNAL;
101 static ExecOutput arg_default_std_error = EXEC_OUTPUT_INHERIT;
102 static usec_t arg_default_restart_usec = DEFAULT_RESTART_USEC;
103 static usec_t arg_default_timeout_start_usec = DEFAULT_TIMEOUT_USEC;
104 static usec_t arg_default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC;
105 static usec_t arg_default_start_limit_interval = DEFAULT_START_LIMIT_INTERVAL;
106 static unsigned arg_default_start_limit_burst = DEFAULT_START_LIMIT_BURST;
107 static usec_t arg_runtime_watchdog = 0;
108 static usec_t arg_shutdown_watchdog = 10 * USEC_PER_MINUTE;
109 static char **arg_default_environment = NULL;
110 static struct rlimit *arg_default_rlimit[_RLIMIT_MAX] = {};
111 static uint64_t arg_capability_bounding_set_drop = 0;
112 static nsec_t arg_timer_slack_nsec = NSEC_INFINITY;
113 static usec_t arg_default_timer_accuracy_usec = 1 * USEC_PER_MINUTE;
114 static Set* arg_syscall_archs = NULL;
115 static FILE* arg_serialization = NULL;
116 static bool arg_default_cpu_accounting = false;
117 static bool arg_default_blockio_accounting = false;
118 static bool arg_default_memory_accounting = false;
119
120 static void nop_handler(int sig) {}
121
122 static void pager_open_if_enabled(void) {
123
124 if (arg_no_pager <= 0)
125 return;
126
127 pager_open(false);
128 }
129
130 noreturn static void crash(int sig) {
131
132 if (getpid() != 1)
133 /* Pass this on immediately, if this is not PID 1 */
134 raise(sig);
135 else if (!arg_dump_core)
136 log_error("Caught <%s>, not dumping core.", signal_to_string(sig));
137 else {
138 struct sigaction sa = {
139 .sa_handler = nop_handler,
140 .sa_flags = SA_NOCLDSTOP|SA_RESTART,
141 };
142 pid_t pid;
143
144 /* We want to wait for the core process, hence let's enable SIGCHLD */
145 sigaction(SIGCHLD, &sa, NULL);
146
147 pid = fork();
148 if (pid < 0)
149 log_error("Caught <%s>, cannot fork for core dump: %m", signal_to_string(sig));
150
151 else if (pid == 0) {
152 struct rlimit rl = {};
153
154 /* Enable default signal handler for core dump */
155 zero(sa);
156 sa.sa_handler = SIG_DFL;
157 sigaction(sig, &sa, NULL);
158
159 /* Don't limit the core dump size */
160 rl.rlim_cur = RLIM_INFINITY;
161 rl.rlim_max = RLIM_INFINITY;
162 setrlimit(RLIMIT_CORE, &rl);
163
164 /* Just to be sure... */
165 chdir("/");
166
167 /* Raise the signal again */
168 raise(sig);
169
170 assert_not_reached("We shouldn't be here...");
171 _exit(1);
172
173 } else {
174 siginfo_t status;
175 int r;
176
177 /* Order things nicely. */
178 r = wait_for_terminate(pid, &status);
179 if (r < 0)
180 log_error("Caught <%s>, waitpid() failed: %s", signal_to_string(sig), strerror(-r));
181 else if (status.si_code != CLD_DUMPED)
182 log_error("Caught <%s>, core dump failed.", signal_to_string(sig));
183 else
184 log_error("Caught <%s>, dumped core as pid "PID_FMT".", signal_to_string(sig), pid);
185 }
186 }
187
188 if (arg_crash_chvt)
189 chvt(arg_crash_chvt);
190
191 if (arg_crash_shell) {
192 struct sigaction sa = {
193 .sa_handler = SIG_IGN,
194 .sa_flags = SA_NOCLDSTOP|SA_NOCLDWAIT|SA_RESTART,
195 };
196 pid_t pid;
197
198 log_info("Executing crash shell in 10s...");
199 sleep(10);
200
201 /* Let the kernel reap children for us */
202 assert_se(sigaction(SIGCHLD, &sa, NULL) == 0);
203
204 pid = fork();
205 if (pid < 0)
206 log_error("Failed to fork off crash shell: %m");
207 else if (pid == 0) {
208 make_console_stdio();
209 execl("/bin/sh", "/bin/sh", NULL);
210
211 log_error("execl() failed: %m");
212 _exit(1);
213 }
214
215 log_info("Successfully spawned crash shell as pid "PID_FMT".", pid);
216 }
217
218 log_info("Freezing execution.");
219 freeze();
220 }
221
222 static void install_crash_handler(void) {
223 struct sigaction sa = {
224 .sa_handler = crash,
225 .sa_flags = SA_NODEFER,
226 };
227
228 sigaction_many(&sa, SIGNALS_CRASH_HANDLER, -1);
229 }
230
231 static int console_setup(void) {
232 _cleanup_close_ int tty_fd = -1;
233 int r;
234
235 tty_fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
236 if (tty_fd < 0) {
237 log_error("Failed to open /dev/console: %s", strerror(-tty_fd));
238 return tty_fd;
239 }
240
241 /* We don't want to force text mode. plymouth may be showing
242 * pictures already from initrd. */
243 r = reset_terminal_fd(tty_fd, false);
244 if (r < 0) {
245 log_error("Failed to reset /dev/console: %s", strerror(-r));
246 return r;
247 }
248
249 return 0;
250 }
251
252 static int set_default_unit(const char *u) {
253 char *c;
254
255 assert(u);
256
257 c = strdup(u);
258 if (!c)
259 return -ENOMEM;
260
261 free(arg_default_unit);
262 arg_default_unit = c;
263
264 return 0;
265 }
266
267 static int parse_proc_cmdline_item(const char *key, const char *value) {
268
269 static const char * const rlmap[] = {
270 "emergency", SPECIAL_EMERGENCY_TARGET,
271 "-b", SPECIAL_EMERGENCY_TARGET,
272 "single", SPECIAL_RESCUE_TARGET,
273 "-s", SPECIAL_RESCUE_TARGET,
274 "s", SPECIAL_RESCUE_TARGET,
275 "S", SPECIAL_RESCUE_TARGET,
276 "1", SPECIAL_RESCUE_TARGET,
277 "2", SPECIAL_RUNLEVEL2_TARGET,
278 "3", SPECIAL_RUNLEVEL3_TARGET,
279 "4", SPECIAL_RUNLEVEL4_TARGET,
280 "5", SPECIAL_RUNLEVEL5_TARGET,
281 };
282 int r;
283
284 assert(key);
285
286 if (streq(key, "systemd.unit") && value) {
287
288 if (!in_initrd())
289 return set_default_unit(value);
290
291 } else if (streq(key, "rd.systemd.unit") && value) {
292
293 if (in_initrd())
294 return set_default_unit(value);
295
296 } else if (streq(key, "systemd.dump_core") && value) {
297
298 r = parse_boolean(value);
299 if (r < 0)
300 log_warning("Failed to parse dump core switch %s. Ignoring.", value);
301 else
302 arg_dump_core = r;
303
304 } else if (streq(key, "systemd.crash_shell") && value) {
305
306 r = parse_boolean(value);
307 if (r < 0)
308 log_warning("Failed to parse crash shell switch %s. Ignoring.", value);
309 else
310 arg_crash_shell = r;
311
312 } else if (streq(key, "systemd.crash_chvt") && value) {
313
314 if (safe_atoi(value, &r) < 0)
315 log_warning("Failed to parse crash chvt switch %s. Ignoring.", value);
316 else
317 arg_crash_chvt = r;
318
319 } else if (streq(key, "systemd.confirm_spawn") && value) {
320
321 r = parse_boolean(value);
322 if (r < 0)
323 log_warning("Failed to parse confirm spawn switch %s. Ignoring.", value);
324 else
325 arg_confirm_spawn = r;
326
327 } else if (streq(key, "systemd.show_status") && value) {
328
329 r = parse_show_status(value, &arg_show_status);
330 if (r < 0)
331 log_warning("Failed to parse show status switch %s. Ignoring.", value);
332
333 } else if (streq(key, "systemd.default_standard_output") && value) {
334
335 r = exec_output_from_string(value);
336 if (r < 0)
337 log_warning("Failed to parse default standard output switch %s. Ignoring.", value);
338 else
339 arg_default_std_output = r;
340
341 } else if (streq(key, "systemd.default_standard_error") && value) {
342
343 r = exec_output_from_string(value);
344 if (r < 0)
345 log_warning("Failed to parse default standard error switch %s. Ignoring.", value);
346 else
347 arg_default_std_error = r;
348
349 } else if (streq(key, "systemd.setenv") && value) {
350
351 if (env_assignment_is_valid(value)) {
352 char **env;
353
354 env = strv_env_set(arg_default_environment, value);
355 if (env)
356 arg_default_environment = env;
357 else
358 log_warning("Setting environment variable '%s' failed, ignoring: %s", value, strerror(ENOMEM));
359 } else
360 log_warning("Environment variable name '%s' is not valid. Ignoring.", value);
361
362 } else if (streq(key, "quiet") && !value) {
363
364 log_set_max_level(LOG_NOTICE);
365
366 if (arg_show_status == _SHOW_STATUS_UNSET)
367 arg_show_status = SHOW_STATUS_AUTO;
368
369 } else if (streq(key, "debug") && !value) {
370
371 /* Note that log_parse_environment() handles 'debug'
372 * too, and sets the log level to LOG_DEBUG. */
373
374 if (detect_container(NULL) > 0)
375 log_set_target(LOG_TARGET_CONSOLE);
376
377 } else if (!in_initrd() && !value) {
378 unsigned i;
379
380 /* SysV compatibility */
381 for (i = 0; i < ELEMENTSOF(rlmap); i += 2)
382 if (streq(key, rlmap[i]))
383 return set_default_unit(rlmap[i+1]);
384 }
385
386 return 0;
387 }
388
389 #define DEFINE_SETTER(name, func, descr) \
390 static int name(const char *unit, \
391 const char *filename, \
392 unsigned line, \
393 const char *section, \
394 unsigned section_line, \
395 const char *lvalue, \
396 int ltype, \
397 const char *rvalue, \
398 void *data, \
399 void *userdata) { \
400 \
401 int r; \
402 \
403 assert(filename); \
404 assert(lvalue); \
405 assert(rvalue); \
406 \
407 r = func(rvalue); \
408 if (r < 0) \
409 log_syntax(unit, LOG_ERR, filename, line, -r, \
410 "Invalid " descr "'%s': %s", \
411 rvalue, strerror(-r)); \
412 \
413 return 0; \
414 }
415
416 DEFINE_SETTER(config_parse_level2, log_set_max_level_from_string, "log level")
417 DEFINE_SETTER(config_parse_target, log_set_target_from_string, "target")
418 DEFINE_SETTER(config_parse_color, log_show_color_from_string, "color" )
419 DEFINE_SETTER(config_parse_location, log_show_location_from_string, "location")
420
421 static int config_parse_cpu_affinity2(
422 const char *unit,
423 const char *filename,
424 unsigned line,
425 const char *section,
426 unsigned section_line,
427 const char *lvalue,
428 int ltype,
429 const char *rvalue,
430 void *data,
431 void *userdata) {
432
433 const char *word, *state;
434 size_t l;
435 cpu_set_t *c = NULL;
436 unsigned ncpus = 0;
437
438 assert(filename);
439 assert(lvalue);
440 assert(rvalue);
441
442 FOREACH_WORD_QUOTED(word, l, rvalue, state) {
443 char *t;
444 int r;
445 unsigned cpu;
446
447 if (!(t = strndup(word, l)))
448 return log_oom();
449
450 r = safe_atou(t, &cpu);
451 free(t);
452
453 if (!c)
454 if (!(c = cpu_set_malloc(&ncpus)))
455 return log_oom();
456
457 if (r < 0 || cpu >= ncpus) {
458 log_syntax(unit, LOG_ERR, filename, line, -r,
459 "Failed to parse CPU affinity '%s'", rvalue);
460 CPU_FREE(c);
461 return -EBADMSG;
462 }
463
464 CPU_SET_S(cpu, CPU_ALLOC_SIZE(ncpus), c);
465 }
466 if (!isempty(state))
467 log_syntax(unit, LOG_ERR, filename, line, EINVAL,
468 "Trailing garbage, ignoring.");
469
470 if (c) {
471 if (sched_setaffinity(0, CPU_ALLOC_SIZE(ncpus), c) < 0)
472 log_warning_unit(unit, "Failed to set CPU affinity: %m");
473
474 CPU_FREE(c);
475 }
476
477 return 0;
478 }
479
480 static int config_parse_show_status(
481 const char* unit,
482 const char *filename,
483 unsigned line,
484 const char *section,
485 unsigned section_line,
486 const char *lvalue,
487 int ltype,
488 const char *rvalue,
489 void *data,
490 void *userdata) {
491
492 int k;
493 ShowStatus *b = data;
494
495 assert(filename);
496 assert(lvalue);
497 assert(rvalue);
498 assert(data);
499
500 k = parse_show_status(rvalue, b);
501 if (k < 0) {
502 log_syntax(unit, LOG_ERR, filename, line, -k,
503 "Failed to parse show status setting, ignoring: %s", rvalue);
504 return 0;
505 }
506
507 return 0;
508 }
509
510 static void strv_free_free(char ***l) {
511 char ***i;
512
513 if (!l)
514 return;
515
516 for (i = l; *i; i++)
517 strv_free(*i);
518
519 free(l);
520 }
521
522 static void free_join_controllers(void) {
523 strv_free_free(arg_join_controllers);
524 arg_join_controllers = NULL;
525 }
526
527 static int config_parse_join_controllers(const char *unit,
528 const char *filename,
529 unsigned line,
530 const char *section,
531 unsigned section_line,
532 const char *lvalue,
533 int ltype,
534 const char *rvalue,
535 void *data,
536 void *userdata) {
537
538 unsigned n = 0;
539 const char *word, *state;
540 size_t length;
541
542 assert(filename);
543 assert(lvalue);
544 assert(rvalue);
545
546 free_join_controllers();
547
548 FOREACH_WORD_QUOTED(word, length, rvalue, state) {
549 char *s, **l;
550
551 s = strndup(word, length);
552 if (!s)
553 return log_oom();
554
555 l = strv_split(s, ",");
556 free(s);
557
558 strv_uniq(l);
559
560 if (strv_length(l) <= 1) {
561 strv_free(l);
562 continue;
563 }
564
565 if (!arg_join_controllers) {
566 arg_join_controllers = new(char**, 2);
567 if (!arg_join_controllers) {
568 strv_free(l);
569 return log_oom();
570 }
571
572 arg_join_controllers[0] = l;
573 arg_join_controllers[1] = NULL;
574
575 n = 1;
576 } else {
577 char ***a;
578 char ***t;
579
580 t = new0(char**, n+2);
581 if (!t) {
582 strv_free(l);
583 return log_oom();
584 }
585
586 n = 0;
587
588 for (a = arg_join_controllers; *a; a++) {
589
590 if (strv_overlap(*a, l)) {
591 if (strv_extend_strv(&l, *a) < 0) {
592 strv_free(l);
593 strv_free_free(t);
594 return log_oom();
595 }
596
597 } else {
598 char **c;
599
600 c = strv_copy(*a);
601 if (!c) {
602 strv_free(l);
603 strv_free_free(t);
604 return log_oom();
605 }
606
607 t[n++] = c;
608 }
609 }
610
611 t[n++] = strv_uniq(l);
612
613 strv_free_free(arg_join_controllers);
614 arg_join_controllers = t;
615 }
616 }
617 if (!isempty(state))
618 log_syntax(unit, LOG_ERR, filename, line, EINVAL,
619 "Trailing garbage, ignoring.");
620
621 return 0;
622 }
623
624 static int parse_config_file(void) {
625
626 const ConfigTableItem items[] = {
627 { "Manager", "LogLevel", config_parse_level2, 0, NULL },
628 { "Manager", "LogTarget", config_parse_target, 0, NULL },
629 { "Manager", "LogColor", config_parse_color, 0, NULL },
630 { "Manager", "LogLocation", config_parse_location, 0, NULL },
631 { "Manager", "DumpCore", config_parse_bool, 0, &arg_dump_core },
632 { "Manager", "CrashShell", config_parse_bool, 0, &arg_crash_shell },
633 { "Manager", "ShowStatus", config_parse_show_status, 0, &arg_show_status },
634 { "Manager", "CrashChVT", config_parse_int, 0, &arg_crash_chvt },
635 { "Manager", "CPUAffinity", config_parse_cpu_affinity2, 0, NULL },
636 { "Manager", "JoinControllers", config_parse_join_controllers, 0, &arg_join_controllers },
637 { "Manager", "RuntimeWatchdogSec", config_parse_sec, 0, &arg_runtime_watchdog },
638 { "Manager", "ShutdownWatchdogSec", config_parse_sec, 0, &arg_shutdown_watchdog },
639 { "Manager", "CapabilityBoundingSet", config_parse_bounding_set, 0, &arg_capability_bounding_set_drop },
640 #ifdef HAVE_SECCOMP
641 { "Manager", "SystemCallArchitectures", config_parse_syscall_archs, 0, &arg_syscall_archs },
642 #endif
643 { "Manager", "TimerSlackNSec", config_parse_nsec, 0, &arg_timer_slack_nsec },
644 { "Manager", "DefaultTimerAccuracySec", config_parse_sec, 0, &arg_default_timer_accuracy_usec },
645 { "Manager", "DefaultStandardOutput", config_parse_output, 0, &arg_default_std_output },
646 { "Manager", "DefaultStandardError", config_parse_output, 0, &arg_default_std_error },
647 { "Manager", "DefaultTimeoutStartSec", config_parse_sec, 0, &arg_default_timeout_start_usec },
648 { "Manager", "DefaultTimeoutStopSec", config_parse_sec, 0, &arg_default_timeout_stop_usec },
649 { "Manager", "DefaultRestartSec", config_parse_sec, 0, &arg_default_restart_usec },
650 { "Manager", "DefaultStartLimitInterval", config_parse_sec, 0, &arg_default_start_limit_interval },
651 { "Manager", "DefaultStartLimitBurst", config_parse_unsigned, 0, &arg_default_start_limit_burst },
652 { "Manager", "DefaultEnvironment", config_parse_environ, 0, &arg_default_environment },
653 { "Manager", "DefaultLimitCPU", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_CPU] },
654 { "Manager", "DefaultLimitFSIZE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_FSIZE] },
655 { "Manager", "DefaultLimitDATA", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_DATA] },
656 { "Manager", "DefaultLimitSTACK", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_STACK] },
657 { "Manager", "DefaultLimitCORE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_CORE] },
658 { "Manager", "DefaultLimitRSS", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_RSS] },
659 { "Manager", "DefaultLimitNOFILE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_NOFILE] },
660 { "Manager", "DefaultLimitAS", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_AS] },
661 { "Manager", "DefaultLimitNPROC", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_NPROC] },
662 { "Manager", "DefaultLimitMEMLOCK", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_MEMLOCK] },
663 { "Manager", "DefaultLimitLOCKS", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_LOCKS] },
664 { "Manager", "DefaultLimitSIGPENDING", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_SIGPENDING] },
665 { "Manager", "DefaultLimitMSGQUEUE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_MSGQUEUE] },
666 { "Manager", "DefaultLimitNICE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_NICE] },
667 { "Manager", "DefaultLimitRTPRIO", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_RTPRIO] },
668 { "Manager", "DefaultLimitRTTIME", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_RTTIME] },
669 { "Manager", "DefaultCPUAccounting", config_parse_bool, 0, &arg_default_cpu_accounting },
670 { "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_default_blockio_accounting },
671 { "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_default_memory_accounting },
672 {}
673 };
674
675 const char *fn;
676
677 fn = arg_running_as == SYSTEMD_SYSTEM ? PKGSYSCONFDIR "/system.conf" : PKGSYSCONFDIR "/user.conf";
678 config_parse(NULL, fn, NULL,
679 "Manager\0",
680 config_item_table_lookup, items,
681 false, false, true, NULL);
682
683 return 0;
684 }
685
686 static int parse_argv(int argc, char *argv[]) {
687
688 enum {
689 ARG_LOG_LEVEL = 0x100,
690 ARG_LOG_TARGET,
691 ARG_LOG_COLOR,
692 ARG_LOG_LOCATION,
693 ARG_UNIT,
694 ARG_SYSTEM,
695 ARG_USER,
696 ARG_TEST,
697 ARG_NO_PAGER,
698 ARG_VERSION,
699 ARG_DUMP_CONFIGURATION_ITEMS,
700 ARG_DUMP_CORE,
701 ARG_CRASH_SHELL,
702 ARG_CONFIRM_SPAWN,
703 ARG_SHOW_STATUS,
704 ARG_DESERIALIZE,
705 ARG_SWITCHED_ROOT,
706 ARG_DEFAULT_STD_OUTPUT,
707 ARG_DEFAULT_STD_ERROR
708 };
709
710 static const struct option options[] = {
711 { "log-level", required_argument, NULL, ARG_LOG_LEVEL },
712 { "log-target", required_argument, NULL, ARG_LOG_TARGET },
713 { "log-color", optional_argument, NULL, ARG_LOG_COLOR },
714 { "log-location", optional_argument, NULL, ARG_LOG_LOCATION },
715 { "unit", required_argument, NULL, ARG_UNIT },
716 { "system", no_argument, NULL, ARG_SYSTEM },
717 { "user", no_argument, NULL, ARG_USER },
718 { "test", no_argument, NULL, ARG_TEST },
719 { "no-pager", no_argument, NULL, ARG_NO_PAGER },
720 { "help", no_argument, NULL, 'h' },
721 { "version", no_argument, NULL, ARG_VERSION },
722 { "dump-configuration-items", no_argument, NULL, ARG_DUMP_CONFIGURATION_ITEMS },
723 { "dump-core", optional_argument, NULL, ARG_DUMP_CORE },
724 { "crash-shell", optional_argument, NULL, ARG_CRASH_SHELL },
725 { "confirm-spawn", optional_argument, NULL, ARG_CONFIRM_SPAWN },
726 { "show-status", optional_argument, NULL, ARG_SHOW_STATUS },
727 { "deserialize", required_argument, NULL, ARG_DESERIALIZE },
728 { "switched-root", no_argument, NULL, ARG_SWITCHED_ROOT },
729 { "default-standard-output", required_argument, NULL, ARG_DEFAULT_STD_OUTPUT, },
730 { "default-standard-error", required_argument, NULL, ARG_DEFAULT_STD_ERROR, },
731 {}
732 };
733
734 int c, r;
735
736 assert(argc >= 1);
737 assert(argv);
738
739 if (getpid() == 1)
740 opterr = 0;
741
742 while ((c = getopt_long(argc, argv, "hDbsz:", options, NULL)) >= 0)
743
744 switch (c) {
745
746 case ARG_LOG_LEVEL:
747 r = log_set_max_level_from_string(optarg);
748 if (r < 0) {
749 log_error("Failed to parse log level %s.", optarg);
750 return r;
751 }
752
753 break;
754
755 case ARG_LOG_TARGET:
756 r = log_set_target_from_string(optarg);
757 if (r < 0) {
758 log_error("Failed to parse log target %s.", optarg);
759 return r;
760 }
761
762 break;
763
764 case ARG_LOG_COLOR:
765
766 if (optarg) {
767 r = log_show_color_from_string(optarg);
768 if (r < 0) {
769 log_error("Failed to parse log color setting %s.", optarg);
770 return r;
771 }
772 } else
773 log_show_color(true);
774
775 break;
776
777 case ARG_LOG_LOCATION:
778 if (optarg) {
779 r = log_show_location_from_string(optarg);
780 if (r < 0) {
781 log_error("Failed to parse log location setting %s.", optarg);
782 return r;
783 }
784 } else
785 log_show_location(true);
786
787 break;
788
789 case ARG_DEFAULT_STD_OUTPUT:
790 r = exec_output_from_string(optarg);
791 if (r < 0) {
792 log_error("Failed to parse default standard output setting %s.", optarg);
793 return r;
794 } else
795 arg_default_std_output = r;
796 break;
797
798 case ARG_DEFAULT_STD_ERROR:
799 r = exec_output_from_string(optarg);
800 if (r < 0) {
801 log_error("Failed to parse default standard error output setting %s.", optarg);
802 return r;
803 } else
804 arg_default_std_error = r;
805 break;
806
807 case ARG_UNIT:
808
809 r = set_default_unit(optarg);
810 if (r < 0) {
811 log_error("Failed to set default unit %s: %s", optarg, strerror(-r));
812 return r;
813 }
814
815 break;
816
817 case ARG_SYSTEM:
818 arg_running_as = SYSTEMD_SYSTEM;
819 break;
820
821 case ARG_USER:
822 arg_running_as = SYSTEMD_USER;
823 break;
824
825 case ARG_TEST:
826 arg_action = ACTION_TEST;
827 if (arg_no_pager < 0)
828 arg_no_pager = true;
829 break;
830
831 case ARG_NO_PAGER:
832 arg_no_pager = true;
833 break;
834
835 case ARG_VERSION:
836 arg_action = ACTION_VERSION;
837 break;
838
839 case ARG_DUMP_CONFIGURATION_ITEMS:
840 arg_action = ACTION_DUMP_CONFIGURATION_ITEMS;
841 break;
842
843 case ARG_DUMP_CORE:
844 r = optarg ? parse_boolean(optarg) : 1;
845 if (r < 0) {
846 log_error("Failed to parse dump core boolean %s.", optarg);
847 return r;
848 }
849 arg_dump_core = r;
850 break;
851
852 case ARG_CRASH_SHELL:
853 r = optarg ? parse_boolean(optarg) : 1;
854 if (r < 0) {
855 log_error("Failed to parse crash shell boolean %s.", optarg);
856 return r;
857 }
858 arg_crash_shell = r;
859 break;
860
861 case ARG_CONFIRM_SPAWN:
862 r = optarg ? parse_boolean(optarg) : 1;
863 if (r < 0) {
864 log_error("Failed to parse confirm spawn boolean %s.", optarg);
865 return r;
866 }
867 arg_confirm_spawn = r;
868 break;
869
870 case ARG_SHOW_STATUS:
871 if (optarg) {
872 r = parse_show_status(optarg, &arg_show_status);
873 if (r < 0) {
874 log_error("Failed to parse show status boolean %s.", optarg);
875 return r;
876 }
877 } else
878 arg_show_status = SHOW_STATUS_YES;
879 break;
880
881 case ARG_DESERIALIZE: {
882 int fd;
883 FILE *f;
884
885 r = safe_atoi(optarg, &fd);
886 if (r < 0 || fd < 0) {
887 log_error("Failed to parse deserialize option %s.", optarg);
888 return r < 0 ? r : -EINVAL;
889 }
890
891 fd_cloexec(fd, true);
892
893 f = fdopen(fd, "r");
894 if (!f) {
895 log_error("Failed to open serialization fd: %m");
896 return -errno;
897 }
898
899 if (arg_serialization)
900 fclose(arg_serialization);
901
902 arg_serialization = f;
903
904 break;
905 }
906
907 case ARG_SWITCHED_ROOT:
908 arg_switched_root = true;
909 break;
910
911 case 'h':
912 arg_action = ACTION_HELP;
913 if (arg_no_pager < 0)
914 arg_no_pager = true;
915 break;
916
917 case 'D':
918 log_set_max_level(LOG_DEBUG);
919 break;
920
921 case 'b':
922 case 's':
923 case 'z':
924 /* Just to eat away the sysvinit kernel
925 * cmdline args without getopt() error
926 * messages that we'll parse in
927 * parse_proc_cmdline_word() or ignore. */
928
929 case '?':
930 if (getpid() != 1)
931 return -EINVAL;
932 else
933 return 0;
934
935 default:
936 assert_not_reached("Unhandled option code.");
937 }
938
939 if (optind < argc && getpid() != 1) {
940 /* Hmm, when we aren't run as init system
941 * let's complain about excess arguments */
942
943 log_error("Excess arguments.");
944 return -EINVAL;
945 }
946
947 return 0;
948 }
949
950 static int help(void) {
951
952 printf("%s [OPTIONS...]\n\n"
953 "Starts up and maintains the system or user services.\n\n"
954 " -h --help Show this help\n"
955 " --test Determine startup sequence, dump it and exit\n"
956 " --no-pager Do not pipe output into a pager\n"
957 " --dump-configuration-items Dump understood unit configuration items\n"
958 " --unit=UNIT Set default unit\n"
959 " --system Run a system instance, even if PID != 1\n"
960 " --user Run a user instance\n"
961 " --dump-core[=0|1] Dump core on crash\n"
962 " --crash-shell[=0|1] Run shell on crash\n"
963 " --confirm-spawn[=0|1] Ask for confirmation when spawning processes\n"
964 " --show-status[=0|1] Show status updates on the console during bootup\n"
965 " --log-target=TARGET Set log target (console, journal, kmsg, journal-or-kmsg, null)\n"
966 " --log-level=LEVEL Set log level (debug, info, notice, warning, err, crit, alert, emerg)\n"
967 " --log-color[=0|1] Highlight important log messages\n"
968 " --log-location[=0|1] Include code location in log messages\n"
969 " --default-standard-output= Set default standard output for services\n"
970 " --default-standard-error= Set default standard error output for services\n",
971 program_invocation_short_name);
972
973 return 0;
974 }
975
976 static int version(void) {
977 puts(PACKAGE_STRING);
978 puts(SYSTEMD_FEATURES);
979
980 return 0;
981 }
982
983 static int prepare_reexecute(Manager *m, FILE **_f, FDSet **_fds, bool switching_root) {
984 FILE *f = NULL;
985 FDSet *fds = NULL;
986 int r;
987
988 assert(m);
989 assert(_f);
990 assert(_fds);
991
992 r = manager_open_serialization(m, &f);
993 if (r < 0) {
994 log_error("Failed to create serialization file: %s", strerror(-r));
995 goto fail;
996 }
997
998 /* Make sure nothing is really destructed when we shut down */
999 m->n_reloading ++;
1000 bus_manager_send_reloading(m, true);
1001
1002 fds = fdset_new();
1003 if (!fds) {
1004 r = -ENOMEM;
1005 log_error("Failed to allocate fd set: %s", strerror(-r));
1006 goto fail;
1007 }
1008
1009 r = manager_serialize(m, f, fds, switching_root);
1010 if (r < 0) {
1011 log_error("Failed to serialize state: %s", strerror(-r));
1012 goto fail;
1013 }
1014
1015 if (fseeko(f, 0, SEEK_SET) < 0) {
1016 log_error("Failed to rewind serialization fd: %m");
1017 goto fail;
1018 }
1019
1020 r = fd_cloexec(fileno(f), false);
1021 if (r < 0) {
1022 log_error("Failed to disable O_CLOEXEC for serialization: %s", strerror(-r));
1023 goto fail;
1024 }
1025
1026 r = fdset_cloexec(fds, false);
1027 if (r < 0) {
1028 log_error("Failed to disable O_CLOEXEC for serialization fds: %s", strerror(-r));
1029 goto fail;
1030 }
1031
1032 *_f = f;
1033 *_fds = fds;
1034
1035 return 0;
1036
1037 fail:
1038 fdset_free(fds);
1039
1040 if (f)
1041 fclose(f);
1042
1043 return r;
1044 }
1045
1046 static int bump_rlimit_nofile(struct rlimit *saved_rlimit) {
1047 struct rlimit nl;
1048 int r;
1049
1050 assert(saved_rlimit);
1051
1052 /* Save the original RLIMIT_NOFILE so that we can reset it
1053 * later when transitioning from the initrd to the main
1054 * systemd or suchlike. */
1055 if (getrlimit(RLIMIT_NOFILE, saved_rlimit) < 0) {
1056 log_error("Reading RLIMIT_NOFILE failed: %m");
1057 return -errno;
1058 }
1059
1060 /* Make sure forked processes get the default kernel setting */
1061 if (!arg_default_rlimit[RLIMIT_NOFILE]) {
1062 struct rlimit *rl;
1063
1064 rl = newdup(struct rlimit, saved_rlimit, 1);
1065 if (!rl)
1066 return log_oom();
1067
1068 arg_default_rlimit[RLIMIT_NOFILE] = rl;
1069 }
1070
1071 /* Bump up the resource limit for ourselves substantially */
1072 nl.rlim_cur = nl.rlim_max = 64*1024;
1073 r = setrlimit_closest(RLIMIT_NOFILE, &nl);
1074 if (r < 0) {
1075 log_error("Setting RLIMIT_NOFILE failed: %s", strerror(-r));
1076 return r;
1077 }
1078
1079 return 0;
1080 }
1081
1082 static void test_mtab(void) {
1083
1084 static const char ok[] =
1085 "/proc/self/mounts\0"
1086 "/proc/mounts\0"
1087 "../proc/self/mounts\0"
1088 "../proc/mounts\0";
1089
1090 _cleanup_free_ char *p = NULL;
1091 int r;
1092
1093 /* Check that /etc/mtab is a symlink to the right place or
1094 * non-existing. But certainly not a file, or a symlink to
1095 * some weird place... */
1096
1097 r = readlink_malloc("/etc/mtab", &p);
1098 if (r == -ENOENT)
1099 return;
1100 if (r >= 0 && nulstr_contains(ok, p))
1101 return;
1102
1103 log_warning("/etc/mtab is not a symlink or not pointing to /proc/self/mounts. "
1104 "This is not supported anymore. "
1105 "Please make sure to replace this file by a symlink to avoid incorrect or misleading mount(8) output.");
1106 }
1107
1108 static void test_usr(void) {
1109
1110 /* Check that /usr is not a separate fs */
1111
1112 if (dir_is_empty("/usr") <= 0)
1113 return;
1114
1115 log_warning("/usr appears to be on its own filesytem and is not already mounted. This is not a supported setup. "
1116 "Some things will probably break (sometimes even silently) in mysterious ways. "
1117 "Consult http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken for more information.");
1118 }
1119
1120 static int initialize_join_controllers(void) {
1121 /* By default, mount "cpu" + "cpuacct" together, and "net_cls"
1122 * + "net_prio". We'd like to add "cpuset" to the mix, but
1123 * "cpuset" does't really work for groups with no initialized
1124 * attributes. */
1125
1126 arg_join_controllers = new(char**, 3);
1127 if (!arg_join_controllers)
1128 return -ENOMEM;
1129
1130 arg_join_controllers[0] = strv_new("cpu", "cpuacct", NULL);
1131 arg_join_controllers[1] = strv_new("net_cls", "net_prio", NULL);
1132 arg_join_controllers[2] = NULL;
1133
1134 if (!arg_join_controllers[0] || !arg_join_controllers[1]) {
1135 free_join_controllers();
1136 return -ENOMEM;
1137 }
1138
1139 return 0;
1140 }
1141
1142 static int enforce_syscall_archs(Set *archs) {
1143 #ifdef HAVE_SECCOMP
1144 scmp_filter_ctx *seccomp;
1145 Iterator i;
1146 void *id;
1147 int r;
1148
1149 seccomp = seccomp_init(SCMP_ACT_ALLOW);
1150 if (!seccomp)
1151 return log_oom();
1152
1153 SET_FOREACH(id, arg_syscall_archs, i) {
1154 r = seccomp_arch_add(seccomp, PTR_TO_UINT32(id) - 1);
1155 if (r == -EEXIST)
1156 continue;
1157 if (r < 0) {
1158 log_error("Failed to add architecture to seccomp: %s", strerror(-r));
1159 goto finish;
1160 }
1161 }
1162
1163 r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);
1164 if (r < 0) {
1165 log_error("Failed to unset NO_NEW_PRIVS: %s", strerror(-r));
1166 goto finish;
1167 }
1168
1169 r = seccomp_load(seccomp);
1170 if (r < 0)
1171 log_error("Failed to add install architecture seccomp: %s", strerror(-r));
1172
1173 finish:
1174 seccomp_release(seccomp);
1175 return r;
1176 #else
1177 return 0;
1178 #endif
1179 }
1180
1181 static int status_welcome(void) {
1182 _cleanup_free_ char *pretty_name = NULL, *ansi_color = NULL;
1183 int r;
1184
1185 r = parse_env_file("/etc/os-release", NEWLINE,
1186 "PRETTY_NAME", &pretty_name,
1187 "ANSI_COLOR", &ansi_color,
1188 NULL);
1189 if (r == -ENOENT) {
1190 r = parse_env_file("/usr/lib/os-release", NEWLINE,
1191 "PRETTY_NAME", &pretty_name,
1192 "ANSI_COLOR", &ansi_color,
1193 NULL);
1194 }
1195
1196 if (r < 0 && r != -ENOENT)
1197 log_warning("Failed to read os-release file: %s", strerror(-r));
1198
1199 return status_printf(NULL, false, false,
1200 "\nWelcome to \x1B[%sm%s\x1B[0m!\n",
1201 isempty(ansi_color) ? "1" : ansi_color,
1202 isempty(pretty_name) ? "Linux" : pretty_name);
1203 }
1204
1205 static int write_container_id(void) {
1206 const char *c;
1207
1208 c = getenv("container");
1209 if (isempty(c))
1210 return 0;
1211
1212 return write_string_file("/run/systemd/container", c);
1213 }
1214
1215 int main(int argc, char *argv[]) {
1216 Manager *m = NULL;
1217 int r, retval = EXIT_FAILURE;
1218 usec_t before_startup, after_startup;
1219 char timespan[FORMAT_TIMESPAN_MAX];
1220 FDSet *fds = NULL;
1221 bool reexecute = false;
1222 const char *shutdown_verb = NULL;
1223 dual_timestamp initrd_timestamp = { 0ULL, 0ULL };
1224 dual_timestamp userspace_timestamp = { 0ULL, 0ULL };
1225 dual_timestamp kernel_timestamp = { 0ULL, 0ULL };
1226 dual_timestamp security_start_timestamp = { 0ULL, 0ULL };
1227 dual_timestamp security_finish_timestamp = { 0ULL, 0ULL };
1228 static char systemd[] = "systemd";
1229 bool skip_setup = false;
1230 unsigned j;
1231 bool loaded_policy = false;
1232 bool arm_reboot_watchdog = false;
1233 bool queue_default_job = false;
1234 bool empty_etc = false;
1235 char *switch_root_dir = NULL, *switch_root_init = NULL;
1236 static struct rlimit saved_rlimit_nofile = { 0, 0 };
1237
1238 #ifdef HAVE_SYSV_COMPAT
1239 if (getpid() != 1 && strstr(program_invocation_short_name, "init")) {
1240 /* This is compatibility support for SysV, where
1241 * calling init as a user is identical to telinit. */
1242
1243 errno = -ENOENT;
1244 execv(SYSTEMCTL_BINARY_PATH, argv);
1245 log_error("Failed to exec " SYSTEMCTL_BINARY_PATH ": %m");
1246 return 1;
1247 }
1248 #endif
1249
1250 dual_timestamp_from_monotonic(&kernel_timestamp, 0);
1251 dual_timestamp_get(&userspace_timestamp);
1252
1253 /* Determine if this is a reexecution or normal bootup. We do
1254 * the full command line parsing much later, so let's just
1255 * have a quick peek here. */
1256 if (strv_find(argv+1, "--deserialize"))
1257 skip_setup = true;
1258
1259 /* If we have switched root, do all the special setup
1260 * things */
1261 if (strv_find(argv+1, "--switched-root"))
1262 skip_setup = false;
1263
1264 /* If we get started via the /sbin/init symlink then we are
1265 called 'init'. After a subsequent reexecution we are then
1266 called 'systemd'. That is confusing, hence let's call us
1267 systemd right-away. */
1268 program_invocation_short_name = systemd;
1269 prctl(PR_SET_NAME, systemd);
1270
1271 saved_argv = argv;
1272 saved_argc = argc;
1273
1274 log_show_color(isatty(STDERR_FILENO) > 0);
1275 log_set_upgrade_syslog_to_journal(true);
1276
1277 /* Disable the umask logic */
1278 if (getpid() == 1)
1279 umask(0);
1280
1281 if (getpid() == 1 && detect_container(NULL) <= 0) {
1282
1283 /* Running outside of a container as PID 1 */
1284 arg_running_as = SYSTEMD_SYSTEM;
1285 make_null_stdio();
1286 log_set_target(LOG_TARGET_KMSG);
1287 log_open();
1288
1289 if (in_initrd())
1290 initrd_timestamp = userspace_timestamp;
1291
1292 if (!skip_setup) {
1293 mount_setup_early();
1294 dual_timestamp_get(&security_start_timestamp);
1295 if (selinux_setup(&loaded_policy) < 0)
1296 goto finish;
1297 if (ima_setup() < 0)
1298 goto finish;
1299 if (smack_setup(&loaded_policy) < 0)
1300 goto finish;
1301 dual_timestamp_get(&security_finish_timestamp);
1302 }
1303
1304 if (label_init(NULL) < 0)
1305 goto finish;
1306
1307 if (!skip_setup) {
1308 if (clock_is_localtime() > 0) {
1309 int min;
1310
1311 /*
1312 * The very first call of settimeofday() also does a time warp in the kernel.
1313 *
1314 * In the rtc-in-local time mode, we set the kernel's timezone, and rely on
1315 * external tools to take care of maintaining the RTC and do all adjustments.
1316 * This matches the behavior of Windows, which leaves the RTC alone if the
1317 * registry tells that the RTC runs in UTC.
1318 */
1319 r = clock_set_timezone(&min);
1320 if (r < 0)
1321 log_error("Failed to apply local time delta, ignoring: %s", strerror(-r));
1322 else
1323 log_info("RTC configured in localtime, applying delta of %i minutes to system time.", min);
1324 } else if (!in_initrd()) {
1325 /*
1326 * Do a dummy very first call to seal the kernel's time warp magic.
1327 *
1328 * Do not call this this from inside the initrd. The initrd might not
1329 * carry /etc/adjtime with LOCAL, but the real system could be set up
1330 * that way. In such case, we need to delay the time-warp or the sealing
1331 * until we reach the real system.
1332 *
1333 * Do no set the kernel's timezone. The concept of local time cannot
1334 * be supported reliably, the time will jump or be incorrect at every daylight
1335 * saving time change. All kernel local time concepts will be treated
1336 * as UTC that way.
1337 */
1338 clock_reset_timewarp();
1339 }
1340 }
1341
1342 /* Set the default for later on, but don't actually
1343 * open the logs like this for now. Note that if we
1344 * are transitioning from the initrd there might still
1345 * be journal fd open, and we shouldn't attempt
1346 * opening that before we parsed /proc/cmdline which
1347 * might redirect output elsewhere. */
1348 log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
1349
1350 } else if (getpid() == 1) {
1351 /* Running inside a container, as PID 1 */
1352 arg_running_as = SYSTEMD_SYSTEM;
1353 log_set_target(LOG_TARGET_CONSOLE);
1354 log_close_console(); /* force reopen of /dev/console */
1355 log_open();
1356
1357 /* For the later on, see above... */
1358 log_set_target(LOG_TARGET_JOURNAL);
1359
1360 /* clear the kernel timestamp,
1361 * because we are in a container */
1362 kernel_timestamp.monotonic = 0ULL;
1363 kernel_timestamp.realtime = 0ULL;
1364
1365 } else {
1366 /* Running as user instance */
1367 arg_running_as = SYSTEMD_USER;
1368 log_set_target(LOG_TARGET_AUTO);
1369 log_open();
1370
1371 /* clear the kernel timestamp,
1372 * because we are not PID 1 */
1373 kernel_timestamp.monotonic = 0ULL;
1374 kernel_timestamp.realtime = 0ULL;
1375 }
1376
1377 /* Initialize default unit */
1378 r = set_default_unit(SPECIAL_DEFAULT_TARGET);
1379 if (r < 0) {
1380 log_error("Failed to set default unit %s: %s", SPECIAL_DEFAULT_TARGET, strerror(-r));
1381 goto finish;
1382 }
1383
1384 r = initialize_join_controllers();
1385 if (r < 0)
1386 goto finish;
1387
1388 /* Mount /proc, /sys and friends, so that /proc/cmdline and
1389 * /proc/$PID/fd is available. */
1390 if (getpid() == 1) {
1391 r = mount_setup(loaded_policy);
1392 if (r < 0)
1393 goto finish;
1394 }
1395
1396 /* Reset all signal handlers. */
1397 assert_se(reset_all_signal_handlers() == 0);
1398
1399 ignore_signals(SIGNALS_IGNORE, -1);
1400
1401 if (parse_config_file() < 0)
1402 goto finish;
1403
1404 if (arg_running_as == SYSTEMD_SYSTEM)
1405 if (parse_proc_cmdline(parse_proc_cmdline_item) < 0)
1406 goto finish;
1407
1408 /* Note that this also parses bits from the kernel command
1409 * line, including "debug". */
1410 log_parse_environment();
1411
1412 if (parse_argv(argc, argv) < 0)
1413 goto finish;
1414
1415 if (arg_action == ACTION_TEST &&
1416 geteuid() == 0) {
1417 log_error("Don't run test mode as root.");
1418 goto finish;
1419 }
1420
1421 if (arg_running_as == SYSTEMD_USER &&
1422 arg_action == ACTION_RUN &&
1423 sd_booted() <= 0) {
1424 log_error("Trying to run as user instance, but the system has not been booted with systemd.");
1425 goto finish;
1426 }
1427
1428 if (arg_running_as == SYSTEMD_SYSTEM &&
1429 arg_action == ACTION_RUN &&
1430 running_in_chroot() > 0) {
1431 log_error("Cannot be run in a chroot() environment.");
1432 goto finish;
1433 }
1434
1435 if (arg_action == ACTION_TEST)
1436 skip_setup = true;
1437
1438 pager_open_if_enabled();
1439
1440 if (arg_action == ACTION_HELP) {
1441 retval = help();
1442 goto finish;
1443 } else if (arg_action == ACTION_VERSION) {
1444 retval = version();
1445 goto finish;
1446 } else if (arg_action == ACTION_DUMP_CONFIGURATION_ITEMS) {
1447 unit_dump_config_items(stdout);
1448 retval = EXIT_SUCCESS;
1449 goto finish;
1450 } else if (arg_action == ACTION_DONE) {
1451 retval = EXIT_SUCCESS;
1452 goto finish;
1453 }
1454
1455 if (arg_running_as == SYSTEMD_USER &&
1456 !getenv("XDG_RUNTIME_DIR")) {
1457 log_error("Trying to run as user instance, but $XDG_RUNTIME_DIR is not set.");
1458 goto finish;
1459 }
1460
1461 assert_se(arg_action == ACTION_RUN || arg_action == ACTION_TEST);
1462
1463 /* Close logging fds, in order not to confuse fdset below */
1464 log_close();
1465
1466 /* Remember open file descriptors for later deserialization */
1467 r = fdset_new_fill(&fds);
1468 if (r < 0) {
1469 log_error("Failed to allocate fd set: %s", strerror(-r));
1470 goto finish;
1471 } else
1472 fdset_cloexec(fds, true);
1473
1474 if (arg_serialization)
1475 assert_se(fdset_remove(fds, fileno(arg_serialization)) >= 0);
1476
1477 if (arg_running_as == SYSTEMD_SYSTEM)
1478 /* Become a session leader if we aren't one yet. */
1479 setsid();
1480
1481 /* Move out of the way, so that we won't block unmounts */
1482 assert_se(chdir("/") == 0);
1483
1484 /* Reset the console, but only if this is really init and we
1485 * are freshly booted */
1486 if (arg_running_as == SYSTEMD_SYSTEM && arg_action == ACTION_RUN) {
1487
1488 /* If we are init, we connect stdin/stdout/stderr to
1489 * /dev/null and make sure we don't have a controlling
1490 * tty. */
1491 release_terminal();
1492
1493 if (getpid() == 1 && !skip_setup)
1494 console_setup();
1495 }
1496
1497 /* Open the logging devices, if possible and necessary */
1498 log_open();
1499
1500 if (arg_show_status == _SHOW_STATUS_UNSET)
1501 arg_show_status = SHOW_STATUS_YES;
1502
1503 /* Make sure we leave a core dump without panicing the
1504 * kernel. */
1505 if (getpid() == 1) {
1506 install_crash_handler();
1507
1508 r = mount_cgroup_controllers(arg_join_controllers);
1509 if (r < 0)
1510 goto finish;
1511 }
1512
1513 if (arg_running_as == SYSTEMD_SYSTEM) {
1514 const char *virtualization = NULL;
1515
1516 log_info(PACKAGE_STRING " running in %ssystem mode. (" SYSTEMD_FEATURES ")",
1517 arg_action == ACTION_TEST ? "test " : "" );
1518
1519 detect_virtualization(&virtualization);
1520 if (virtualization)
1521 log_info("Detected virtualization '%s'.", virtualization);
1522
1523 write_container_id();
1524
1525 log_info("Detected architecture '%s'.", architecture_to_string(uname_architecture()));
1526
1527 if (in_initrd())
1528 log_info("Running in initial RAM disk.");
1529
1530 /* Let's check whether /etc is already populated. We
1531 * don't actually really check for that, but use
1532 * /etc/machine-id as flag file. This allows container
1533 * managers and installers to provision a couple of
1534 * files already. If the container manager wants to
1535 * provision the machine ID itself it should pass
1536 * $container_uuid to PID 1.*/
1537
1538 empty_etc = access("/etc/machine-id", F_OK) < 0;
1539 if (empty_etc)
1540 log_info("Running with unpopulated /etc.");
1541 } else {
1542 _cleanup_free_ char *t;
1543
1544 t = uid_to_name(getuid());
1545 log_debug(PACKAGE_STRING " running in %suser mode for user "UID_FMT"/%s. (" SYSTEMD_FEATURES ")",
1546 arg_action == ACTION_TEST ? " test" : "", getuid(), t);
1547 }
1548
1549 if (arg_running_as == SYSTEMD_SYSTEM && !skip_setup) {
1550 if (arg_show_status > 0 || plymouth_running())
1551 status_welcome();
1552
1553 #ifdef HAVE_KMOD
1554 kmod_setup();
1555 #endif
1556 hostname_setup();
1557 machine_id_setup(NULL);
1558 loopback_setup();
1559
1560 test_mtab();
1561 test_usr();
1562 }
1563
1564 if (arg_running_as == SYSTEMD_SYSTEM && arg_runtime_watchdog > 0)
1565 watchdog_set_timeout(&arg_runtime_watchdog);
1566
1567 if (arg_timer_slack_nsec != NSEC_INFINITY)
1568 if (prctl(PR_SET_TIMERSLACK, arg_timer_slack_nsec) < 0)
1569 log_error("Failed to adjust timer slack: %m");
1570
1571 if (arg_capability_bounding_set_drop) {
1572 r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop);
1573 if (r < 0) {
1574 log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r));
1575 goto finish;
1576 }
1577 r = capability_bounding_set_drop(arg_capability_bounding_set_drop, true);
1578 if (r < 0) {
1579 log_error("Failed to drop capability bounding set: %s", strerror(-r));
1580 goto finish;
1581 }
1582 }
1583
1584 if (arg_syscall_archs) {
1585 r = enforce_syscall_archs(arg_syscall_archs);
1586 if (r < 0)
1587 goto finish;
1588 }
1589
1590 if (arg_running_as == SYSTEMD_USER) {
1591 /* Become reaper of our children */
1592 if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0) {
1593 log_warning("Failed to make us a subreaper: %m");
1594 if (errno == EINVAL)
1595 log_info("Perhaps the kernel version is too old (< 3.4?)");
1596 }
1597 }
1598
1599 if (arg_running_as == SYSTEMD_SYSTEM) {
1600 bump_rlimit_nofile(&saved_rlimit_nofile);
1601
1602 if (empty_etc) {
1603 r = unit_file_preset_all(UNIT_FILE_SYSTEM, false, NULL, UNIT_FILE_PRESET_FULL, false, NULL, 0);
1604 if (r < 0)
1605 log_warning("Failed to populate /etc with preset unit settings, ignoring: %s", strerror(-r));
1606 else
1607 log_info("Populated /etc with preset unit settings.");
1608 }
1609 }
1610
1611 r = manager_new(arg_running_as, arg_action == ACTION_TEST, &m);
1612 if (r < 0) {
1613 log_error("Failed to allocate manager object: %s", strerror(-r));
1614 goto finish;
1615 }
1616
1617 m->confirm_spawn = arg_confirm_spawn;
1618 m->default_timer_accuracy_usec = arg_default_timer_accuracy_usec;
1619 m->default_std_output = arg_default_std_output;
1620 m->default_std_error = arg_default_std_error;
1621 m->default_restart_usec = arg_default_restart_usec;
1622 m->default_timeout_start_usec = arg_default_timeout_start_usec;
1623 m->default_timeout_stop_usec = arg_default_timeout_stop_usec;
1624 m->default_start_limit_interval = arg_default_start_limit_interval;
1625 m->default_start_limit_burst = arg_default_start_limit_burst;
1626 m->default_cpu_accounting = arg_default_cpu_accounting;
1627 m->default_blockio_accounting = arg_default_blockio_accounting;
1628 m->default_memory_accounting = arg_default_memory_accounting;
1629 m->runtime_watchdog = arg_runtime_watchdog;
1630 m->shutdown_watchdog = arg_shutdown_watchdog;
1631 m->userspace_timestamp = userspace_timestamp;
1632 m->kernel_timestamp = kernel_timestamp;
1633 m->initrd_timestamp = initrd_timestamp;
1634 m->security_start_timestamp = security_start_timestamp;
1635 m->security_finish_timestamp = security_finish_timestamp;
1636
1637 manager_set_default_rlimits(m, arg_default_rlimit);
1638 manager_environment_add(m, NULL, arg_default_environment);
1639 manager_set_show_status(m, arg_show_status);
1640 manager_set_first_boot(m, empty_etc);
1641
1642 /* Remember whether we should queue the default job */
1643 queue_default_job = !arg_serialization || arg_switched_root;
1644
1645 before_startup = now(CLOCK_MONOTONIC);
1646
1647 r = manager_startup(m, arg_serialization, fds);
1648 if (r < 0)
1649 log_error("Failed to fully start up daemon: %s", strerror(-r));
1650
1651 /* This will close all file descriptors that were opened, but
1652 * not claimed by any unit. */
1653 fdset_free(fds);
1654 fds = NULL;
1655
1656 if (arg_serialization) {
1657 fclose(arg_serialization);
1658 arg_serialization = NULL;
1659 }
1660
1661 if (queue_default_job) {
1662 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1663 Unit *target = NULL;
1664 Job *default_unit_job;
1665
1666 log_debug("Activating default unit: %s", arg_default_unit);
1667
1668 r = manager_load_unit(m, arg_default_unit, NULL, &error, &target);
1669 if (r < 0)
1670 log_error("Failed to load default target: %s", bus_error_message(&error, r));
1671 else if (target->load_state == UNIT_ERROR || target->load_state == UNIT_NOT_FOUND)
1672 log_error("Failed to load default target: %s", strerror(-target->load_error));
1673 else if (target->load_state == UNIT_MASKED)
1674 log_error("Default target masked.");
1675
1676 if (!target || target->load_state != UNIT_LOADED) {
1677 log_info("Trying to load rescue target...");
1678
1679 r = manager_load_unit(m, SPECIAL_RESCUE_TARGET, NULL, &error, &target);
1680 if (r < 0) {
1681 log_error("Failed to load rescue target: %s", bus_error_message(&error, r));
1682 goto finish;
1683 } else if (target->load_state == UNIT_ERROR || target->load_state == UNIT_NOT_FOUND) {
1684 log_error("Failed to load rescue target: %s", strerror(-target->load_error));
1685 goto finish;
1686 } else if (target->load_state == UNIT_MASKED) {
1687 log_error("Rescue target masked.");
1688 goto finish;
1689 }
1690 }
1691
1692 assert(target->load_state == UNIT_LOADED);
1693
1694 if (arg_action == ACTION_TEST) {
1695 printf("-> By units:\n");
1696 manager_dump_units(m, stdout, "\t");
1697 }
1698
1699 r = manager_add_job(m, JOB_START, target, JOB_ISOLATE, false, &error, &default_unit_job);
1700 if (r == -EPERM) {
1701 log_debug("Default target could not be isolated, starting instead: %s", bus_error_message(&error, r));
1702
1703 r = manager_add_job(m, JOB_START, target, JOB_REPLACE, false, &error, &default_unit_job);
1704 if (r < 0) {
1705 log_error("Failed to start default target: %s", bus_error_message(&error, r));
1706 goto finish;
1707 }
1708 } else if (r < 0) {
1709 log_error("Failed to isolate default target: %s", bus_error_message(&error, r));
1710 goto finish;
1711 }
1712
1713 m->default_unit_job_id = default_unit_job->id;
1714
1715 after_startup = now(CLOCK_MONOTONIC);
1716 log_full(arg_action == ACTION_TEST ? LOG_INFO : LOG_DEBUG,
1717 "Loaded units and determined initial transaction in %s.",
1718 format_timespan(timespan, sizeof(timespan), after_startup - before_startup, 0));
1719
1720 if (arg_action == ACTION_TEST) {
1721 printf("-> By jobs:\n");
1722 manager_dump_jobs(m, stdout, "\t");
1723 retval = EXIT_SUCCESS;
1724 goto finish;
1725 }
1726 }
1727
1728 for (;;) {
1729 r = manager_loop(m);
1730 if (r < 0) {
1731 log_error("Failed to run mainloop: %s", strerror(-r));
1732 goto finish;
1733 }
1734
1735 switch (m->exit_code) {
1736
1737 case MANAGER_EXIT:
1738 retval = EXIT_SUCCESS;
1739 log_debug("Exit.");
1740 goto finish;
1741
1742 case MANAGER_RELOAD:
1743 log_info("Reloading.");
1744 r = manager_reload(m);
1745 if (r < 0)
1746 log_error("Failed to reload: %s", strerror(-r));
1747 break;
1748
1749 case MANAGER_REEXECUTE:
1750
1751 if (prepare_reexecute(m, &arg_serialization, &fds, false) < 0)
1752 goto finish;
1753
1754 reexecute = true;
1755 log_notice("Reexecuting.");
1756 goto finish;
1757
1758 case MANAGER_SWITCH_ROOT:
1759 /* Steal the switch root parameters */
1760 switch_root_dir = m->switch_root;
1761 switch_root_init = m->switch_root_init;
1762 m->switch_root = m->switch_root_init = NULL;
1763
1764 if (!switch_root_init)
1765 if (prepare_reexecute(m, &arg_serialization, &fds, true) < 0)
1766 goto finish;
1767
1768 reexecute = true;
1769 log_notice("Switching root.");
1770 goto finish;
1771
1772 case MANAGER_REBOOT:
1773 case MANAGER_POWEROFF:
1774 case MANAGER_HALT:
1775 case MANAGER_KEXEC: {
1776 static const char * const table[_MANAGER_EXIT_CODE_MAX] = {
1777 [MANAGER_REBOOT] = "reboot",
1778 [MANAGER_POWEROFF] = "poweroff",
1779 [MANAGER_HALT] = "halt",
1780 [MANAGER_KEXEC] = "kexec"
1781 };
1782
1783 assert_se(shutdown_verb = table[m->exit_code]);
1784 arm_reboot_watchdog = m->exit_code == MANAGER_REBOOT;
1785
1786 log_notice("Shutting down.");
1787 goto finish;
1788 }
1789
1790 default:
1791 assert_not_reached("Unknown exit code.");
1792 }
1793 }
1794
1795 finish:
1796 pager_close();
1797
1798 if (m) {
1799 manager_free(m);
1800 m = NULL;
1801 }
1802
1803 for (j = 0; j < ELEMENTSOF(arg_default_rlimit); j++) {
1804 free(arg_default_rlimit[j]);
1805 arg_default_rlimit[j] = NULL;
1806 }
1807
1808 free(arg_default_unit);
1809 arg_default_unit = NULL;
1810
1811 free_join_controllers();
1812
1813 strv_free(arg_default_environment);
1814 arg_default_environment = NULL;
1815
1816 set_free(arg_syscall_archs);
1817 arg_syscall_archs = NULL;
1818
1819 label_finish();
1820
1821 if (reexecute) {
1822 const char **args;
1823 unsigned i, args_size;
1824 sigset_t ss;
1825
1826 /* Close and disarm the watchdog, so that the new
1827 * instance can reinitialize it, but doesn't get
1828 * rebooted while we do that */
1829 watchdog_close(true);
1830
1831 /* Reset the RLIMIT_NOFILE to the kernel default, so
1832 * that the new systemd can pass the kernel default to
1833 * its child processes */
1834 if (saved_rlimit_nofile.rlim_cur > 0)
1835 setrlimit(RLIMIT_NOFILE, &saved_rlimit_nofile);
1836
1837 if (switch_root_dir) {
1838 /* Kill all remaining processes from the
1839 * initrd, but don't wait for them, so that we
1840 * can handle the SIGCHLD for them after
1841 * deserializing. */
1842 broadcast_signal(SIGTERM, false, true);
1843
1844 /* And switch root */
1845 r = switch_root(switch_root_dir);
1846 if (r < 0)
1847 log_error("Failed to switch root, ignoring: %s", strerror(-r));
1848 }
1849
1850 args_size = MAX(6, argc+1);
1851 args = newa(const char*, args_size);
1852
1853 if (!switch_root_init) {
1854 char sfd[16];
1855
1856 /* First try to spawn ourselves with the right
1857 * path, and with full serialization. We do
1858 * this only if the user didn't specify an
1859 * explicit init to spawn. */
1860
1861 assert(arg_serialization);
1862 assert(fds);
1863
1864 snprintf(sfd, sizeof(sfd), "%i", fileno(arg_serialization));
1865 char_array_0(sfd);
1866
1867 i = 0;
1868 args[i++] = SYSTEMD_BINARY_PATH;
1869 if (switch_root_dir)
1870 args[i++] = "--switched-root";
1871 args[i++] = arg_running_as == SYSTEMD_SYSTEM ? "--system" : "--user";
1872 args[i++] = "--deserialize";
1873 args[i++] = sfd;
1874 args[i++] = NULL;
1875
1876 /* do not pass along the environment we inherit from the kernel or initrd */
1877 if (switch_root_dir)
1878 clearenv();
1879
1880 assert(i <= args_size);
1881 execv(args[0], (char* const*) args);
1882 }
1883
1884 /* Try the fallback, if there is any, without any
1885 * serialization. We pass the original argv[] and
1886 * envp[]. (Well, modulo the ordering changes due to
1887 * getopt() in argv[], and some cleanups in envp[],
1888 * but let's hope that doesn't matter.) */
1889
1890 if (arg_serialization) {
1891 fclose(arg_serialization);
1892 arg_serialization = NULL;
1893 }
1894
1895 if (fds) {
1896 fdset_free(fds);
1897 fds = NULL;
1898 }
1899
1900 /* Reopen the console */
1901 make_console_stdio();
1902
1903 for (j = 1, i = 1; j < (unsigned) argc; j++)
1904 args[i++] = argv[j];
1905 args[i++] = NULL;
1906 assert(i <= args_size);
1907
1908 /* reenable any blocked signals, especially important
1909 * if we switch from initial ramdisk to init=... */
1910 reset_all_signal_handlers();
1911
1912 assert_se(sigemptyset(&ss) == 0);
1913 assert_se(sigprocmask(SIG_SETMASK, &ss, NULL) == 0);
1914
1915 if (switch_root_init) {
1916 args[0] = switch_root_init;
1917 execv(args[0], (char* const*) args);
1918 log_warning("Failed to execute configured init, trying fallback: %m");
1919 }
1920
1921 args[0] = "/sbin/init";
1922 execv(args[0], (char* const*) args);
1923
1924 if (errno == ENOENT) {
1925 log_warning("No /sbin/init, trying fallback");
1926
1927 args[0] = "/bin/sh";
1928 args[1] = NULL;
1929 execv(args[0], (char* const*) args);
1930 log_error("Failed to execute /bin/sh, giving up: %m");
1931 } else
1932 log_warning("Failed to execute /sbin/init, giving up: %m");
1933 }
1934
1935 if (arg_serialization) {
1936 fclose(arg_serialization);
1937 arg_serialization = NULL;
1938 }
1939
1940 if (fds) {
1941 fdset_free(fds);
1942 fds = NULL;
1943 }
1944
1945 #ifdef HAVE_VALGRIND_VALGRIND_H
1946 /* If we are PID 1 and running under valgrind, then let's exit
1947 * here explicitly. valgrind will only generate nice output on
1948 * exit(), not on exec(), hence let's do the former not the
1949 * latter here. */
1950 if (getpid() == 1 && RUNNING_ON_VALGRIND)
1951 return 0;
1952 #endif
1953
1954 if (shutdown_verb) {
1955 char log_level[DECIMAL_STR_MAX(int) + 1];
1956 const char* command_line[9] = {
1957 SYSTEMD_SHUTDOWN_BINARY_PATH,
1958 shutdown_verb,
1959 "--log-level", log_level,
1960 "--log-target",
1961 };
1962 unsigned pos = 5;
1963 _cleanup_strv_free_ char **env_block = NULL;
1964
1965 assert(command_line[pos] == NULL);
1966 env_block = strv_copy(environ);
1967
1968 snprintf(log_level, sizeof(log_level), "%d", log_get_max_level());
1969
1970 switch (log_get_target()) {
1971 case LOG_TARGET_KMSG:
1972 case LOG_TARGET_JOURNAL_OR_KMSG:
1973 case LOG_TARGET_SYSLOG_OR_KMSG:
1974 command_line[pos++] = "kmsg";
1975 break;
1976
1977 case LOG_TARGET_CONSOLE:
1978 default:
1979 command_line[pos++] = "console";
1980 break;
1981 };
1982
1983 if (log_get_show_color())
1984 command_line[pos++] = "--log-color";
1985
1986 if (log_get_show_location())
1987 command_line[pos++] = "--log-location";
1988
1989 assert(pos < ELEMENTSOF(command_line));
1990
1991 if (arm_reboot_watchdog && arg_shutdown_watchdog > 0) {
1992 char *e;
1993
1994 /* If we reboot let's set the shutdown
1995 * watchdog and tell the shutdown binary to
1996 * repeatedly ping it */
1997 watchdog_set_timeout(&arg_shutdown_watchdog);
1998 watchdog_close(false);
1999
2000 /* Tell the binary how often to ping, ignore failure */
2001 if (asprintf(&e, "WATCHDOG_USEC="USEC_FMT, arg_shutdown_watchdog) > 0)
2002 strv_push(&env_block, e);
2003 } else
2004 watchdog_close(true);
2005
2006 /* Avoid the creation of new processes forked by the
2007 * kernel; at this point, we will not listen to the
2008 * signals anyway */
2009 if (detect_container(NULL) <= 0)
2010 cg_uninstall_release_agent(SYSTEMD_CGROUP_CONTROLLER);
2011
2012 execve(SYSTEMD_SHUTDOWN_BINARY_PATH, (char **) command_line, env_block);
2013 log_error("Failed to execute shutdown binary, %s: %m",
2014 getpid() == 1 ? "freezing" : "quitting");
2015 }
2016
2017 if (getpid() == 1)
2018 freeze();
2019
2020 return retval;
2021 }
Unnamed repository; edit this file 'description' to name the repository.