]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/main.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Some modernizations
[thirdparty/systemd.git] / src / core / main.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <stdio.h>
23 #include <errno.h>
24 #include <string.h>
25 #include <unistd.h>
26 #include <sys/types.h>
27 #include <sys/stat.h>
28 #include <getopt.h>
29 #include <signal.h>
30 #include <sys/wait.h>
31 #include <fcntl.h>
32 #include <sys/prctl.h>
33 #include <sys/mount.h>
34
35 #ifdef HAVE_VALGRIND_VALGRIND_H
36 #include <valgrind/valgrind.h>
37 #endif
38
39 #include "sd-daemon.h"
40 #include "sd-messages.h"
41 #include "sd-bus.h"
42 #include "manager.h"
43 #include "log.h"
44 #include "load-fragment.h"
45 #include "fdset.h"
46 #include "special.h"
47 #include "conf-parser.h"
48 #include "missing.h"
49 #include "label.h"
50 #include "build.h"
51 #include "strv.h"
52 #include "def.h"
53 #include "virt.h"
54 #include "watchdog.h"
55 #include "path-util.h"
56 #include "switch-root.h"
57 #include "capability.h"
58 #include "killall.h"
59 #include "env-util.h"
60 #include "hwclock.h"
61 #include "fileio.h"
62 #include "dbus-manager.h"
63 #include "bus-error.h"
64 #include "bus-util.h"
65
66 #include "mount-setup.h"
67 #include "loopback-setup.h"
68 #include "hostname-setup.h"
69 #include "machine-id-setup.h"
70 #include "selinux-setup.h"
71 #include "ima-setup.h"
72 #include "smack-setup.h"
73 #ifdef HAVE_KMOD
74 #include "kmod-setup.h"
75 #endif
76
77 static enum {
78 ACTION_RUN,
79 ACTION_HELP,
80 ACTION_VERSION,
81 ACTION_TEST,
82 ACTION_DUMP_CONFIGURATION_ITEMS,
83 ACTION_DONE
84 } arg_action = ACTION_RUN;
85 static char *arg_default_unit = NULL;
86 static SystemdRunningAs arg_running_as = _SYSTEMD_RUNNING_AS_INVALID;
87 static bool arg_dump_core = true;
88 static bool arg_crash_shell = false;
89 static int arg_crash_chvt = -1;
90 static bool arg_confirm_spawn = false;
91 static ShowStatus arg_show_status = SHOW_STATUS_UNSET;
92 static bool arg_switched_root = false;
93 static char ***arg_join_controllers = NULL;
94 static ExecOutput arg_default_std_output = EXEC_OUTPUT_JOURNAL;
95 static ExecOutput arg_default_std_error = EXEC_OUTPUT_INHERIT;
96 static usec_t arg_default_restart_usec = DEFAULT_RESTART_USEC;
97 static usec_t arg_default_timeout_start_usec = DEFAULT_TIMEOUT_USEC;
98 static usec_t arg_default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC;
99 static usec_t arg_default_start_limit_interval = DEFAULT_START_LIMIT_INTERVAL;
100 static unsigned arg_default_start_limit_burst = DEFAULT_START_LIMIT_BURST;
101 static usec_t arg_runtime_watchdog = 0;
102 static usec_t arg_shutdown_watchdog = 10 * USEC_PER_MINUTE;
103 static char **arg_default_environment = NULL;
104 static struct rlimit *arg_default_rlimit[RLIMIT_NLIMITS] = {};
105 static uint64_t arg_capability_bounding_set_drop = 0;
106 static nsec_t arg_timer_slack_nsec = (nsec_t) -1;
107 static Set* arg_syscall_archs = NULL;
108 static FILE* arg_serialization = NULL;
109
110 static void nop_handler(int sig) {}
111
112 noreturn static void crash(int sig) {
113
114 if (getpid() != 1)
115 /* Pass this on immediately, if this is not PID 1 */
116 raise(sig);
117 else if (!arg_dump_core)
118 log_error("Caught <%s>, not dumping core.", signal_to_string(sig));
119 else {
120 struct sigaction sa = {
121 .sa_handler = nop_handler,
122 .sa_flags = SA_NOCLDSTOP|SA_RESTART,
123 };
124 pid_t pid;
125
126 /* We want to wait for the core process, hence let's enable SIGCHLD */
127 sigaction(SIGCHLD, &sa, NULL);
128
129 pid = fork();
130 if (pid < 0)
131 log_error("Caught <%s>, cannot fork for core dump: %m", signal_to_string(sig));
132
133 else if (pid == 0) {
134 struct rlimit rl = {};
135
136 /* Enable default signal handler for core dump */
137 zero(sa);
138 sa.sa_handler = SIG_DFL;
139 sigaction(sig, &sa, NULL);
140
141 /* Don't limit the core dump size */
142 rl.rlim_cur = RLIM_INFINITY;
143 rl.rlim_max = RLIM_INFINITY;
144 setrlimit(RLIMIT_CORE, &rl);
145
146 /* Just to be sure... */
147 chdir("/");
148
149 /* Raise the signal again */
150 raise(sig);
151
152 assert_not_reached("We shouldn't be here...");
153 _exit(1);
154
155 } else {
156 siginfo_t status;
157 int r;
158
159 /* Order things nicely. */
160 r = wait_for_terminate(pid, &status);
161 if (r < 0)
162 log_error("Caught <%s>, waitpid() failed: %s", signal_to_string(sig), strerror(-r));
163 else if (status.si_code != CLD_DUMPED)
164 log_error("Caught <%s>, core dump failed.", signal_to_string(sig));
165 else
166 log_error("Caught <%s>, dumped core as pid "PID_FMT".", signal_to_string(sig), pid);
167 }
168 }
169
170 if (arg_crash_chvt)
171 chvt(arg_crash_chvt);
172
173 if (arg_crash_shell) {
174 struct sigaction sa = {
175 .sa_handler = SIG_IGN,
176 .sa_flags = SA_NOCLDSTOP|SA_NOCLDWAIT|SA_RESTART,
177 };
178 pid_t pid;
179
180 log_info("Executing crash shell in 10s...");
181 sleep(10);
182
183 /* Let the kernel reap children for us */
184 assert_se(sigaction(SIGCHLD, &sa, NULL) == 0);
185
186 pid = fork();
187 if (pid < 0)
188 log_error("Failed to fork off crash shell: %m");
189 else if (pid == 0) {
190 make_console_stdio();
191 execl("/bin/sh", "/bin/sh", NULL);
192
193 log_error("execl() failed: %m");
194 _exit(1);
195 }
196
197 log_info("Successfully spawned crash shell as pid "PID_FMT".", pid);
198 }
199
200 log_info("Freezing execution.");
201 freeze();
202 }
203
204 static void install_crash_handler(void) {
205 struct sigaction sa = {
206 .sa_handler = crash,
207 .sa_flags = SA_NODEFER,
208 };
209
210 sigaction_many(&sa, SIGNALS_CRASH_HANDLER, -1);
211 }
212
213 static int console_setup(bool do_reset) {
214 int tty_fd, r;
215
216 /* If we are init, we connect stdin/stdout/stderr to /dev/null
217 * and make sure we don't have a controlling tty. */
218
219 release_terminal();
220
221 if (!do_reset)
222 return 0;
223
224 tty_fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
225 if (tty_fd < 0) {
226 log_error("Failed to open /dev/console: %s", strerror(-tty_fd));
227 return -tty_fd;
228 }
229
230 /* We don't want to force text mode.
231 * plymouth may be showing pictures already from initrd. */
232 r = reset_terminal_fd(tty_fd, false);
233 if (r < 0)
234 log_error("Failed to reset /dev/console: %s", strerror(-r));
235
236 close_nointr_nofail(tty_fd);
237 return r;
238 }
239
240 static int set_default_unit(const char *u) {
241 char *c;
242
243 assert(u);
244
245 c = strdup(u);
246 if (!c)
247 return -ENOMEM;
248
249 free(arg_default_unit);
250 arg_default_unit = c;
251
252 return 0;
253 }
254
255 static int parse_proc_cmdline_word(const char *word) {
256
257 static const char * const rlmap[] = {
258 "emergency", SPECIAL_EMERGENCY_TARGET,
259 "-b", SPECIAL_EMERGENCY_TARGET,
260 "single", SPECIAL_RESCUE_TARGET,
261 "-s", SPECIAL_RESCUE_TARGET,
262 "s", SPECIAL_RESCUE_TARGET,
263 "S", SPECIAL_RESCUE_TARGET,
264 "1", SPECIAL_RESCUE_TARGET,
265 "2", SPECIAL_RUNLEVEL2_TARGET,
266 "3", SPECIAL_RUNLEVEL3_TARGET,
267 "4", SPECIAL_RUNLEVEL4_TARGET,
268 "5", SPECIAL_RUNLEVEL5_TARGET,
269 };
270
271 assert(word);
272
273 if (startswith(word, "systemd.unit=")) {
274
275 if (!in_initrd())
276 return set_default_unit(word + 13);
277
278 } else if (startswith(word, "rd.systemd.unit=")) {
279
280 if (in_initrd())
281 return set_default_unit(word + 16);
282
283 } else if (startswith(word, "systemd.log_target=")) {
284
285 if (log_set_target_from_string(word + 19) < 0)
286 log_warning("Failed to parse log target %s. Ignoring.", word + 19);
287
288 } else if (startswith(word, "systemd.log_level=")) {
289
290 if (log_set_max_level_from_string(word + 18) < 0)
291 log_warning("Failed to parse log level %s. Ignoring.", word + 18);
292
293 } else if (startswith(word, "systemd.log_color=")) {
294
295 if (log_show_color_from_string(word + 18) < 0)
296 log_warning("Failed to parse log color setting %s. Ignoring.", word + 18);
297
298 } else if (startswith(word, "systemd.log_location=")) {
299
300 if (log_show_location_from_string(word + 21) < 0)
301 log_warning("Failed to parse log location setting %s. Ignoring.", word + 21);
302
303 } else if (startswith(word, "systemd.dump_core=")) {
304 int r;
305
306 r = parse_boolean(word + 18);
307 if (r < 0)
308 log_warning("Failed to parse dump core switch %s. Ignoring.", word + 18);
309 else
310 arg_dump_core = r;
311
312 } else if (startswith(word, "systemd.crash_shell=")) {
313 int r;
314
315 r = parse_boolean(word + 20);
316 if (r < 0)
317 log_warning("Failed to parse crash shell switch %s. Ignoring.", word + 20);
318 else
319 arg_crash_shell = r;
320
321 } else if (startswith(word, "systemd.confirm_spawn=")) {
322 int r;
323
324 r = parse_boolean(word + 22);
325 if (r < 0)
326 log_warning("Failed to parse confirm spawn switch %s. Ignoring.", word + 22);
327 else
328 arg_confirm_spawn = r;
329
330 } else if (startswith(word, "systemd.crash_chvt=")) {
331 int k;
332
333 if (safe_atoi(word + 19, &k) < 0)
334 log_warning("Failed to parse crash chvt switch %s. Ignoring.", word + 19);
335 else
336 arg_crash_chvt = k;
337
338 } else if (startswith(word, "systemd.show_status=")) {
339 int r;
340
341 r = parse_show_status(word + 20, &arg_show_status);
342 if (r < 0)
343 log_warning("Failed to parse show status switch %s. Ignoring.", word + 20);
344 } else if (startswith(word, "systemd.default_standard_output=")) {
345 int r;
346
347 r = exec_output_from_string(word + 32);
348 if (r < 0)
349 log_warning("Failed to parse default standard output switch %s. Ignoring.", word + 32);
350 else
351 arg_default_std_output = r;
352 } else if (startswith(word, "systemd.default_standard_error=")) {
353 int r;
354
355 r = exec_output_from_string(word + 31);
356 if (r < 0)
357 log_warning("Failed to parse default standard error switch %s. Ignoring.", word + 31);
358 else
359 arg_default_std_error = r;
360 } else if (startswith(word, "systemd.setenv=")) {
361 const char *cenv = word + 15;
362
363 if (env_assignment_is_valid(cenv)) {
364 char **env;
365
366 env = strv_env_set(arg_default_environment, cenv);
367 if (env)
368 arg_default_environment = env;
369 else
370 log_warning("Setting environment variable '%s' failed, ignoring: %s",
371 cenv, strerror(ENOMEM));
372 } else
373 log_warning("Environment variable name '%s' is not valid. Ignoring.", cenv);
374
375 } else if (startswith(word, "systemd.") ||
376 (in_initrd() && startswith(word, "rd.systemd."))) {
377
378 const char *c;
379
380 /* Ignore systemd.journald.xyz and friends */
381 c = word;
382 if (startswith(c, "rd."))
383 c += 3;
384 if (startswith(c, "systemd."))
385 c += 8;
386 if (c[strcspn(c, ".=")] != '.') {
387
388 log_warning("Unknown kernel switch %s. Ignoring.", word);
389
390 log_info("Supported kernel switches:\n"
391 "systemd.unit=UNIT Default unit to start\n"
392 "rd.systemd.unit=UNIT Default unit to start when run in initrd\n"
393 "systemd.dump_core=0|1 Dump core on crash\n"
394 "systemd.crash_shell=0|1 Run shell on crash\n"
395 "systemd.crash_chvt=N Change to VT #N on crash\n"
396 "systemd.confirm_spawn=0|1 Confirm every process spawn\n"
397 "systemd.show_status=0|1|auto Show status updates on the console during bootup\n"
398 "systemd.log_target=console|kmsg|journal|journal-or-kmsg|syslog|syslog-or-kmsg|null\n"
399 " Log target\n"
400 "systemd.log_level=LEVEL Log level\n"
401 "systemd.log_color=0|1 Highlight important log messages\n"
402 "systemd.log_location=0|1 Include code location in log messages\n"
403 "systemd.default_standard_output=null|tty|syslog|syslog+console|kmsg|kmsg+console|journal|journal+console\n"
404 " Set default log output for services\n"
405 "systemd.default_standard_error=null|tty|syslog|syslog+console|kmsg|kmsg+console|journal|journal+console\n"
406 " Set default log error output for services\n"
407 "systemd.setenv=ASSIGNMENT Set an environment variable for all spawned processes\n");
408 }
409
410 } else if (streq(word, "quiet")) {
411 if (arg_show_status == SHOW_STATUS_UNSET)
412 arg_show_status = SHOW_STATUS_AUTO;
413 } else if (streq(word, "debug")) {
414 /* Log to kmsg, the journal socket will fill up before the
415 * journal is started and tools running during that time
416 * will block with every log message for for 60 seconds,
417 * before they give up. */
418 log_set_max_level(LOG_DEBUG);
419 log_set_target(detect_container(NULL) > 0 ? LOG_TARGET_CONSOLE : LOG_TARGET_KMSG);
420 } else if (!in_initrd()) {
421 unsigned i;
422
423 /* SysV compatibility */
424 for (i = 0; i < ELEMENTSOF(rlmap); i += 2)
425 if (streq(word, rlmap[i]))
426 return set_default_unit(rlmap[i+1]);
427 }
428
429 return 0;
430 }
431
432 #define DEFINE_SETTER(name, func, descr) \
433 static int name(const char *unit, \
434 const char *filename, \
435 unsigned line, \
436 const char *section, \
437 unsigned section_line, \
438 const char *lvalue, \
439 int ltype, \
440 const char *rvalue, \
441 void *data, \
442 void *userdata) { \
443 \
444 int r; \
445 \
446 assert(filename); \
447 assert(lvalue); \
448 assert(rvalue); \
449 \
450 r = func(rvalue); \
451 if (r < 0) \
452 log_syntax(unit, LOG_ERR, filename, line, -r, \
453 "Invalid " descr "'%s': %s", \
454 rvalue, strerror(-r)); \
455 \
456 return 0; \
457 }
458
459 DEFINE_SETTER(config_parse_level2, log_set_max_level_from_string, "log level")
460 DEFINE_SETTER(config_parse_target, log_set_target_from_string, "target")
461 DEFINE_SETTER(config_parse_color, log_show_color_from_string, "color" )
462 DEFINE_SETTER(config_parse_location, log_show_location_from_string, "location")
463
464 static int config_parse_cpu_affinity2(const char *unit,
465 const char *filename,
466 unsigned line,
467 const char *section,
468 unsigned section_line,
469 const char *lvalue,
470 int ltype,
471 const char *rvalue,
472 void *data,
473 void *userdata) {
474
475 char *w;
476 size_t l;
477 char *state;
478 cpu_set_t *c = NULL;
479 unsigned ncpus = 0;
480
481 assert(filename);
482 assert(lvalue);
483 assert(rvalue);
484
485 FOREACH_WORD_QUOTED(w, l, rvalue, state) {
486 char *t;
487 int r;
488 unsigned cpu;
489
490 if (!(t = strndup(w, l)))
491 return log_oom();
492
493 r = safe_atou(t, &cpu);
494 free(t);
495
496 if (!c)
497 if (!(c = cpu_set_malloc(&ncpus)))
498 return log_oom();
499
500 if (r < 0 || cpu >= ncpus) {
501 log_syntax(unit, LOG_ERR, filename, line, -r,
502 "Failed to parse CPU affinity '%s'", rvalue);
503 CPU_FREE(c);
504 return -EBADMSG;
505 }
506
507 CPU_SET_S(cpu, CPU_ALLOC_SIZE(ncpus), c);
508 }
509
510 if (c) {
511 if (sched_setaffinity(0, CPU_ALLOC_SIZE(ncpus), c) < 0)
512 log_warning_unit(unit, "Failed to set CPU affinity: %m");
513
514 CPU_FREE(c);
515 }
516
517 return 0;
518 }
519
520 static void strv_free_free(char ***l) {
521 char ***i;
522
523 if (!l)
524 return;
525
526 for (i = l; *i; i++)
527 strv_free(*i);
528
529 free(l);
530 }
531
532 static void free_join_controllers(void) {
533 strv_free_free(arg_join_controllers);
534 arg_join_controllers = NULL;
535 }
536
537 static int config_parse_join_controllers(const char *unit,
538 const char *filename,
539 unsigned line,
540 const char *section,
541 unsigned section_line,
542 const char *lvalue,
543 int ltype,
544 const char *rvalue,
545 void *data,
546 void *userdata) {
547
548 unsigned n = 0;
549 char *state, *w;
550 size_t length;
551
552 assert(filename);
553 assert(lvalue);
554 assert(rvalue);
555
556 free_join_controllers();
557
558 FOREACH_WORD_QUOTED(w, length, rvalue, state) {
559 char *s, **l;
560
561 s = strndup(w, length);
562 if (!s)
563 return log_oom();
564
565 l = strv_split(s, ",");
566 free(s);
567
568 strv_uniq(l);
569
570 if (strv_length(l) <= 1) {
571 strv_free(l);
572 continue;
573 }
574
575 if (!arg_join_controllers) {
576 arg_join_controllers = new(char**, 2);
577 if (!arg_join_controllers) {
578 strv_free(l);
579 return log_oom();
580 }
581
582 arg_join_controllers[0] = l;
583 arg_join_controllers[1] = NULL;
584
585 n = 1;
586 } else {
587 char ***a;
588 char ***t;
589
590 t = new0(char**, n+2);
591 if (!t) {
592 strv_free(l);
593 return log_oom();
594 }
595
596 n = 0;
597
598 for (a = arg_join_controllers; *a; a++) {
599
600 if (strv_overlap(*a, l)) {
601 if (strv_extend_strv(&l, *a) < 0) {
602 strv_free(l);
603 strv_free_free(t);
604 return log_oom();
605 }
606
607 } else {
608 char **c;
609
610 c = strv_copy(*a);
611 if (!c) {
612 strv_free(l);
613 strv_free_free(t);
614 return log_oom();
615 }
616
617 t[n++] = c;
618 }
619 }
620
621 t[n++] = strv_uniq(l);
622
623 strv_free_free(arg_join_controllers);
624 arg_join_controllers = t;
625 }
626 }
627
628 return 0;
629 }
630
631 static int parse_config_file(void) {
632
633 const ConfigTableItem items[] = {
634 { "Manager", "LogLevel", config_parse_level2, 0, NULL },
635 { "Manager", "LogTarget", config_parse_target, 0, NULL },
636 { "Manager", "LogColor", config_parse_color, 0, NULL },
637 { "Manager", "LogLocation", config_parse_location, 0, NULL },
638 { "Manager", "DumpCore", config_parse_bool, 0, &arg_dump_core },
639 { "Manager", "CrashShell", config_parse_bool, 0, &arg_crash_shell },
640 { "Manager", "ShowStatus", config_parse_show_status, 0, &arg_show_status },
641 { "Manager", "CrashChVT", config_parse_int, 0, &arg_crash_chvt },
642 { "Manager", "CPUAffinity", config_parse_cpu_affinity2, 0, NULL },
643 { "Manager", "JoinControllers", config_parse_join_controllers, 0, &arg_join_controllers },
644 { "Manager", "RuntimeWatchdogSec", config_parse_sec, 0, &arg_runtime_watchdog },
645 { "Manager", "ShutdownWatchdogSec", config_parse_sec, 0, &arg_shutdown_watchdog },
646 { "Manager", "CapabilityBoundingSet", config_parse_bounding_set, 0, &arg_capability_bounding_set_drop },
647 #ifdef HAVE_SECCOMP
648 { "Manager", "SystemCallArchitectures", config_parse_syscall_archs, 0, &arg_syscall_archs },
649 #endif
650 { "Manager", "TimerSlackNSec", config_parse_nsec, 0, &arg_timer_slack_nsec },
651 { "Manager", "DefaultStandardOutput", config_parse_output, 0, &arg_default_std_output },
652 { "Manager", "DefaultStandardError", config_parse_output, 0, &arg_default_std_error },
653 { "Manager", "DefaultTimeoutStartSec", config_parse_sec, 0, &arg_default_timeout_start_usec },
654 { "Manager", "DefaultTimeoutStopSec", config_parse_sec, 0, &arg_default_timeout_stop_usec },
655 { "Manager", "DefaultRestartSec", config_parse_sec, 0, &arg_default_restart_usec },
656 { "Manager", "DefaultStartLimitInterval", config_parse_sec, 0, &arg_default_start_limit_interval },
657 { "Manager", "DefaultStartLimitBurst", config_parse_unsigned, 0, &arg_default_start_limit_burst },
658 { "Manager", "DefaultEnvironment", config_parse_environ, 0, &arg_default_environment },
659 { "Manager", "DefaultLimitCPU", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_CPU] },
660 { "Manager", "DefaultLimitFSIZE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_FSIZE] },
661 { "Manager", "DefaultLimitDATA", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_DATA] },
662 { "Manager", "DefaultLimitSTACK", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_STACK] },
663 { "Manager", "DefaultLimitCORE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_CORE] },
664 { "Manager", "DefaultLimitRSS", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_RSS] },
665 { "Manager", "DefaultLimitNOFILE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_NOFILE] },
666 { "Manager", "DefaultLimitAS", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_AS] },
667 { "Manager", "DefaultLimitNPROC", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_NPROC] },
668 { "Manager", "DefaultLimitMEMLOCK", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_MEMLOCK] },
669 { "Manager", "DefaultLimitLOCKS", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_LOCKS] },
670 { "Manager", "DefaultLimitSIGPENDING", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_SIGPENDING] },
671 { "Manager", "DefaultLimitMSGQUEUE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_MSGQUEUE] },
672 { "Manager", "DefaultLimitNICE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_NICE] },
673 { "Manager", "DefaultLimitRTPRIO", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_RTPRIO] },
674 { "Manager", "DefaultLimitRTTIME", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_RTTIME] },
675 {}
676 };
677
678 _cleanup_fclose_ FILE *f;
679 const char *fn;
680 int r;
681
682 fn = arg_running_as == SYSTEMD_SYSTEM ? PKGSYSCONFDIR "/system.conf" : PKGSYSCONFDIR "/user.conf";
683 f = fopen(fn, "re");
684 if (!f) {
685 if (errno == ENOENT)
686 return 0;
687
688 log_warning("Failed to open configuration file '%s': %m", fn);
689 return 0;
690 }
691
692 r = config_parse(NULL, fn, f, "Manager\0", config_item_table_lookup, (void*) items, false, false, NULL);
693 if (r < 0)
694 log_warning("Failed to parse configuration file: %s", strerror(-r));
695
696 return 0;
697 }
698
699 static int parse_argv(int argc, char *argv[]) {
700
701 enum {
702 ARG_LOG_LEVEL = 0x100,
703 ARG_LOG_TARGET,
704 ARG_LOG_COLOR,
705 ARG_LOG_LOCATION,
706 ARG_UNIT,
707 ARG_SYSTEM,
708 ARG_USER,
709 ARG_TEST,
710 ARG_VERSION,
711 ARG_DUMP_CONFIGURATION_ITEMS,
712 ARG_DUMP_CORE,
713 ARG_CRASH_SHELL,
714 ARG_CONFIRM_SPAWN,
715 ARG_SHOW_STATUS,
716 ARG_DESERIALIZE,
717 ARG_SWITCHED_ROOT,
718 ARG_DEFAULT_STD_OUTPUT,
719 ARG_DEFAULT_STD_ERROR
720 };
721
722 static const struct option options[] = {
723 { "log-level", required_argument, NULL, ARG_LOG_LEVEL },
724 { "log-target", required_argument, NULL, ARG_LOG_TARGET },
725 { "log-color", optional_argument, NULL, ARG_LOG_COLOR },
726 { "log-location", optional_argument, NULL, ARG_LOG_LOCATION },
727 { "unit", required_argument, NULL, ARG_UNIT },
728 { "system", no_argument, NULL, ARG_SYSTEM },
729 { "user", no_argument, NULL, ARG_USER },
730 { "test", no_argument, NULL, ARG_TEST },
731 { "help", no_argument, NULL, 'h' },
732 { "version", no_argument, NULL, ARG_VERSION },
733 { "dump-configuration-items", no_argument, NULL, ARG_DUMP_CONFIGURATION_ITEMS },
734 { "dump-core", optional_argument, NULL, ARG_DUMP_CORE },
735 { "crash-shell", optional_argument, NULL, ARG_CRASH_SHELL },
736 { "confirm-spawn", optional_argument, NULL, ARG_CONFIRM_SPAWN },
737 { "show-status", optional_argument, NULL, ARG_SHOW_STATUS },
738 { "deserialize", required_argument, NULL, ARG_DESERIALIZE },
739 { "switched-root", no_argument, NULL, ARG_SWITCHED_ROOT },
740 { "default-standard-output", required_argument, NULL, ARG_DEFAULT_STD_OUTPUT, },
741 { "default-standard-error", required_argument, NULL, ARG_DEFAULT_STD_ERROR, },
742 {}
743 };
744
745 int c, r;
746
747 assert(argc >= 1);
748 assert(argv);
749
750 if (getpid() == 1)
751 opterr = 0;
752
753 while ((c = getopt_long(argc, argv, "hDbsz:", options, NULL)) >= 0)
754
755 switch (c) {
756
757 case ARG_LOG_LEVEL:
758 r = log_set_max_level_from_string(optarg);
759 if (r < 0) {
760 log_error("Failed to parse log level %s.", optarg);
761 return r;
762 }
763
764 break;
765
766 case ARG_LOG_TARGET:
767 r = log_set_target_from_string(optarg);
768 if (r < 0) {
769 log_error("Failed to parse log target %s.", optarg);
770 return r;
771 }
772
773 break;
774
775 case ARG_LOG_COLOR:
776
777 if (optarg) {
778 r = log_show_color_from_string(optarg);
779 if (r < 0) {
780 log_error("Failed to parse log color setting %s.", optarg);
781 return r;
782 }
783 } else
784 log_show_color(true);
785
786 break;
787
788 case ARG_LOG_LOCATION:
789 if (optarg) {
790 r = log_show_location_from_string(optarg);
791 if (r < 0) {
792 log_error("Failed to parse log location setting %s.", optarg);
793 return r;
794 }
795 } else
796 log_show_location(true);
797
798 break;
799
800 case ARG_DEFAULT_STD_OUTPUT:
801 r = exec_output_from_string(optarg);
802 if (r < 0) {
803 log_error("Failed to parse default standard output setting %s.", optarg);
804 return r;
805 } else
806 arg_default_std_output = r;
807 break;
808
809 case ARG_DEFAULT_STD_ERROR:
810 r = exec_output_from_string(optarg);
811 if (r < 0) {
812 log_error("Failed to parse default standard error output setting %s.", optarg);
813 return r;
814 } else
815 arg_default_std_error = r;
816 break;
817
818 case ARG_UNIT:
819
820 r = set_default_unit(optarg);
821 if (r < 0) {
822 log_error("Failed to set default unit %s: %s", optarg, strerror(-r));
823 return r;
824 }
825
826 break;
827
828 case ARG_SYSTEM:
829 arg_running_as = SYSTEMD_SYSTEM;
830 break;
831
832 case ARG_USER:
833 arg_running_as = SYSTEMD_USER;
834 break;
835
836 case ARG_TEST:
837 arg_action = ACTION_TEST;
838 break;
839
840 case ARG_VERSION:
841 arg_action = ACTION_VERSION;
842 break;
843
844 case ARG_DUMP_CONFIGURATION_ITEMS:
845 arg_action = ACTION_DUMP_CONFIGURATION_ITEMS;
846 break;
847
848 case ARG_DUMP_CORE:
849 r = optarg ? parse_boolean(optarg) : 1;
850 if (r < 0) {
851 log_error("Failed to parse dump core boolean %s.", optarg);
852 return r;
853 }
854 arg_dump_core = r;
855 break;
856
857 case ARG_CRASH_SHELL:
858 r = optarg ? parse_boolean(optarg) : 1;
859 if (r < 0) {
860 log_error("Failed to parse crash shell boolean %s.", optarg);
861 return r;
862 }
863 arg_crash_shell = r;
864 break;
865
866 case ARG_CONFIRM_SPAWN:
867 r = optarg ? parse_boolean(optarg) : 1;
868 if (r < 0) {
869 log_error("Failed to parse confirm spawn boolean %s.", optarg);
870 return r;
871 }
872 arg_confirm_spawn = r;
873 break;
874
875 case ARG_SHOW_STATUS:
876 if (optarg) {
877 r = parse_show_status(optarg, &arg_show_status);
878 if (r < 0) {
879 log_error("Failed to parse show status boolean %s.", optarg);
880 return r;
881 }
882 } else
883 arg_show_status = SHOW_STATUS_YES;
884 break;
885
886 case ARG_DESERIALIZE: {
887 int fd;
888 FILE *f;
889
890 r = safe_atoi(optarg, &fd);
891 if (r < 0 || fd < 0) {
892 log_error("Failed to parse deserialize option %s.", optarg);
893 return r < 0 ? r : -EINVAL;
894 }
895
896 fd_cloexec(fd, true);
897
898 f = fdopen(fd, "r");
899 if (!f) {
900 log_error("Failed to open serialization fd: %m");
901 return -errno;
902 }
903
904 if (arg_serialization)
905 fclose(arg_serialization);
906
907 arg_serialization = f;
908
909 break;
910 }
911
912 case ARG_SWITCHED_ROOT:
913 arg_switched_root = true;
914 break;
915
916 case 'h':
917 arg_action = ACTION_HELP;
918 break;
919
920 case 'D':
921 log_set_max_level(LOG_DEBUG);
922 break;
923
924 case 'b':
925 case 's':
926 case 'z':
927 /* Just to eat away the sysvinit kernel
928 * cmdline args without getopt() error
929 * messages that we'll parse in
930 * parse_proc_cmdline_word() or ignore. */
931
932 case '?':
933 default:
934 if (getpid() != 1) {
935 log_error("Unknown option code %c", c);
936 return -EINVAL;
937 }
938
939 break;
940 }
941
942 if (optind < argc && getpid() != 1) {
943 /* Hmm, when we aren't run as init system
944 * let's complain about excess arguments */
945
946 log_error("Excess arguments.");
947 return -EINVAL;
948 }
949
950 if (detect_container(NULL) > 0) {
951 char **a;
952
953 /* All /proc/cmdline arguments the kernel didn't
954 * understand it passed to us. We're not really
955 * interested in that usually since /proc/cmdline is
956 * more interesting and complete. With one exception:
957 * if we are run in a container /proc/cmdline is not
958 * relevant for the container, hence we rely on argv[]
959 * instead. */
960
961 for (a = argv; a < argv + argc; a++) {
962 r = parse_proc_cmdline_word(*a);
963 if (r < 0) {
964 log_error("Failed on cmdline argument %s: %s", *a, strerror(-r));
965 return r;
966 }
967 }
968 }
969
970 return 0;
971 }
972
973 static int help(void) {
974
975 printf("%s [OPTIONS...]\n\n"
976 "Starts up and maintains the system or user services.\n\n"
977 " -h --help Show this help\n"
978 " --test Determine startup sequence, dump it and exit\n"
979 " --dump-configuration-items Dump understood unit configuration items\n"
980 " --unit=UNIT Set default unit\n"
981 " --system Run a system instance, even if PID != 1\n"
982 " --user Run a user instance\n"
983 " --dump-core[=0|1] Dump core on crash\n"
984 " --crash-shell[=0|1] Run shell on crash\n"
985 " --confirm-spawn[=0|1] Ask for confirmation when spawning processes\n"
986 " --show-status[=0|1] Show status updates on the console during bootup\n"
987 " --log-target=TARGET Set log target (console, journal, syslog, kmsg, journal-or-kmsg, syslog-or-kmsg, null)\n"
988 " --log-level=LEVEL Set log level (debug, info, notice, warning, err, crit, alert, emerg)\n"
989 " --log-color[=0|1] Highlight important log messages\n"
990 " --log-location[=0|1] Include code location in log messages\n"
991 " --default-standard-output= Set default standard output for services\n"
992 " --default-standard-error= Set default standard error output for services\n",
993 program_invocation_short_name);
994
995 return 0;
996 }
997
998 static int version(void) {
999 puts(PACKAGE_STRING);
1000 puts(SYSTEMD_FEATURES);
1001
1002 return 0;
1003 }
1004
1005 static int prepare_reexecute(Manager *m, FILE **_f, FDSet **_fds, bool switching_root) {
1006 FILE *f = NULL;
1007 FDSet *fds = NULL;
1008 int r;
1009
1010 assert(m);
1011 assert(_f);
1012 assert(_fds);
1013
1014 r = manager_open_serialization(m, &f);
1015 if (r < 0) {
1016 log_error("Failed to create serialization file: %s", strerror(-r));
1017 goto fail;
1018 }
1019
1020 /* Make sure nothing is really destructed when we shut down */
1021 m->n_reloading ++;
1022 bus_manager_send_reloading(m, true);
1023
1024 fds = fdset_new();
1025 if (!fds) {
1026 r = -ENOMEM;
1027 log_error("Failed to allocate fd set: %s", strerror(-r));
1028 goto fail;
1029 }
1030
1031 r = manager_serialize(m, f, fds, switching_root);
1032 if (r < 0) {
1033 log_error("Failed to serialize state: %s", strerror(-r));
1034 goto fail;
1035 }
1036
1037 if (fseeko(f, 0, SEEK_SET) < 0) {
1038 log_error("Failed to rewind serialization fd: %m");
1039 goto fail;
1040 }
1041
1042 r = fd_cloexec(fileno(f), false);
1043 if (r < 0) {
1044 log_error("Failed to disable O_CLOEXEC for serialization: %s", strerror(-r));
1045 goto fail;
1046 }
1047
1048 r = fdset_cloexec(fds, false);
1049 if (r < 0) {
1050 log_error("Failed to disable O_CLOEXEC for serialization fds: %s", strerror(-r));
1051 goto fail;
1052 }
1053
1054 *_f = f;
1055 *_fds = fds;
1056
1057 return 0;
1058
1059 fail:
1060 fdset_free(fds);
1061
1062 if (f)
1063 fclose(f);
1064
1065 return r;
1066 }
1067
1068 static int bump_rlimit_nofile(struct rlimit *saved_rlimit) {
1069 struct rlimit nl;
1070 int r;
1071
1072 assert(saved_rlimit);
1073
1074 /* Save the original RLIMIT_NOFILE so that we can reset it
1075 * later when transitioning from the initrd to the main
1076 * systemd or suchlike. */
1077 if (getrlimit(RLIMIT_NOFILE, saved_rlimit) < 0) {
1078 log_error("Reading RLIMIT_NOFILE failed: %m");
1079 return -errno;
1080 }
1081
1082 /* Make sure forked processes get the default kernel setting */
1083 if (!arg_default_rlimit[RLIMIT_NOFILE]) {
1084 struct rlimit *rl;
1085
1086 rl = newdup(struct rlimit, saved_rlimit, 1);
1087 if (!rl)
1088 return log_oom();
1089
1090 arg_default_rlimit[RLIMIT_NOFILE] = rl;
1091 }
1092
1093 /* Bump up the resource limit for ourselves substantially */
1094 nl.rlim_cur = nl.rlim_max = 64*1024;
1095 r = setrlimit_closest(RLIMIT_NOFILE, &nl);
1096 if (r < 0) {
1097 log_error("Setting RLIMIT_NOFILE failed: %s", strerror(-r));
1098 return r;
1099 }
1100
1101 return 0;
1102 }
1103
1104 static void test_mtab(void) {
1105 char *p;
1106
1107 /* Check that /etc/mtab is a symlink */
1108
1109 if (readlink_malloc("/etc/mtab", &p) >= 0) {
1110 bool b;
1111
1112 b = streq(p, "/proc/self/mounts") || streq(p, "/proc/mounts");
1113 free(p);
1114
1115 if (b)
1116 return;
1117 }
1118
1119 log_warning("/etc/mtab is not a symlink or not pointing to /proc/self/mounts. "
1120 "This is not supported anymore. "
1121 "Please make sure to replace this file by a symlink to avoid incorrect or misleading mount(8) output.");
1122 }
1123
1124 static void test_usr(void) {
1125
1126 /* Check that /usr is not a separate fs */
1127
1128 if (dir_is_empty("/usr") <= 0)
1129 return;
1130
1131 log_warning("/usr appears to be on its own filesytem and is not already mounted. This is not a supported setup. "
1132 "Some things will probably break (sometimes even silently) in mysterious ways. "
1133 "Consult http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken for more information.");
1134 }
1135
1136 static void test_cgroups(void) {
1137
1138 if (access("/proc/cgroups", F_OK) >= 0)
1139 return;
1140
1141 log_warning("CONFIG_CGROUPS was not set when your kernel was compiled. "
1142 "Systems without control groups are not supported. "
1143 "We will now sleep for 10s, and then continue boot-up. "
1144 "Expect breakage and please do not file bugs. "
1145 "Instead fix your kernel and enable CONFIG_CGROUPS. "
1146 "Consult http://0pointer.de/blog/projects/cgroups-vs-cgroups.html for more information.");
1147
1148 sleep(10);
1149 }
1150
1151 static int initialize_join_controllers(void) {
1152 /* By default, mount "cpu" + "cpuacct" together, and "net_cls"
1153 * + "net_prio". We'd like to add "cpuset" to the mix, but
1154 * "cpuset" does't really work for groups with no initialized
1155 * attributes. */
1156
1157 arg_join_controllers = new(char**, 3);
1158 if (!arg_join_controllers)
1159 return -ENOMEM;
1160
1161 arg_join_controllers[0] = strv_new("cpu", "cpuacct", NULL);
1162 arg_join_controllers[1] = strv_new("net_cls", "net_prio", NULL);
1163 arg_join_controllers[2] = NULL;
1164
1165 if (!arg_join_controllers[0] || !arg_join_controllers[1]) {
1166 free_join_controllers();
1167 return -ENOMEM;
1168 }
1169
1170 return 0;
1171 }
1172
1173 static int enforce_syscall_archs(Set *archs) {
1174 #ifdef HAVE_SECCOMP
1175 scmp_filter_ctx *seccomp;
1176 Iterator i;
1177 void *id;
1178 int r;
1179
1180 seccomp = seccomp_init(SCMP_ACT_ALLOW);
1181 if (!seccomp)
1182 return log_oom();
1183
1184 SET_FOREACH(id, arg_syscall_archs, i) {
1185 r = seccomp_arch_add(seccomp, PTR_TO_UINT32(id) - 1);
1186 if (r == -EEXIST)
1187 continue;
1188 if (r < 0) {
1189 log_error("Failed to add architecture to seccomp: %s", strerror(-r));
1190 goto finish;
1191 }
1192 }
1193
1194 r = seccomp_load(seccomp);
1195 if (r < 0)
1196 log_error("Failed to add install architecture seccomp: %s", strerror(-r));
1197
1198 finish:
1199 seccomp_release(seccomp);
1200 return r;
1201 #else
1202 return 0;
1203 #endif
1204 }
1205
1206 int main(int argc, char *argv[]) {
1207 Manager *m = NULL;
1208 int r, retval = EXIT_FAILURE;
1209 usec_t before_startup, after_startup;
1210 char timespan[FORMAT_TIMESPAN_MAX];
1211 FDSet *fds = NULL;
1212 bool reexecute = false;
1213 const char *shutdown_verb = NULL;
1214 dual_timestamp initrd_timestamp = { 0ULL, 0ULL };
1215 dual_timestamp userspace_timestamp = { 0ULL, 0ULL };
1216 dual_timestamp kernel_timestamp = { 0ULL, 0ULL };
1217 dual_timestamp security_start_timestamp = { 0ULL, 0ULL };
1218 dual_timestamp security_finish_timestamp = { 0ULL, 0ULL };
1219 static char systemd[] = "systemd";
1220 bool skip_setup = false;
1221 unsigned j;
1222 bool loaded_policy = false;
1223 bool arm_reboot_watchdog = false;
1224 bool queue_default_job = false;
1225 char *switch_root_dir = NULL, *switch_root_init = NULL;
1226 static struct rlimit saved_rlimit_nofile = { 0, 0 };
1227
1228 #ifdef HAVE_SYSV_COMPAT
1229 if (getpid() != 1 && strstr(program_invocation_short_name, "init")) {
1230 /* This is compatibility support for SysV, where
1231 * calling init as a user is identical to telinit. */
1232
1233 errno = -ENOENT;
1234 execv(SYSTEMCTL_BINARY_PATH, argv);
1235 log_error("Failed to exec " SYSTEMCTL_BINARY_PATH ": %m");
1236 return 1;
1237 }
1238 #endif
1239
1240 dual_timestamp_from_monotonic(&kernel_timestamp, 0);
1241 dual_timestamp_get(&userspace_timestamp);
1242
1243 /* Determine if this is a reexecution or normal bootup. We do
1244 * the full command line parsing much later, so let's just
1245 * have a quick peek here. */
1246 if (strv_find(argv+1, "--deserialize"))
1247 skip_setup = true;
1248
1249 /* If we have switched root, do all the special setup
1250 * things */
1251 if (strv_find(argv+1, "--switched-root"))
1252 skip_setup = false;
1253
1254 /* If we get started via the /sbin/init symlink then we are
1255 called 'init'. After a subsequent reexecution we are then
1256 called 'systemd'. That is confusing, hence let's call us
1257 systemd right-away. */
1258 program_invocation_short_name = systemd;
1259 prctl(PR_SET_NAME, systemd);
1260
1261 saved_argv = argv;
1262 saved_argc = argc;
1263
1264 log_show_color(isatty(STDERR_FILENO) > 0);
1265
1266 /* Disable the umask logic */
1267 if (getpid() == 1)
1268 umask(0);
1269
1270 if (getpid() == 1 && detect_container(NULL) <= 0) {
1271
1272 /* Running outside of a container as PID 1 */
1273 arg_running_as = SYSTEMD_SYSTEM;
1274 make_null_stdio();
1275 log_set_target(LOG_TARGET_KMSG);
1276 log_open();
1277
1278 if (in_initrd())
1279 initrd_timestamp = userspace_timestamp;
1280
1281 if (!skip_setup) {
1282 mount_setup_early();
1283 dual_timestamp_get(&security_start_timestamp);
1284 if (selinux_setup(&loaded_policy) < 0)
1285 goto finish;
1286 if (ima_setup() < 0)
1287 goto finish;
1288 if (smack_setup() < 0)
1289 goto finish;
1290 dual_timestamp_get(&security_finish_timestamp);
1291 }
1292
1293 if (label_init(NULL) < 0)
1294 goto finish;
1295
1296 if (!skip_setup) {
1297 if (hwclock_is_localtime() > 0) {
1298 int min;
1299
1300 /* The first-time call to settimeofday() does a time warp in the kernel */
1301 r = hwclock_set_timezone(&min);
1302 if (r < 0)
1303 log_error("Failed to apply local time delta, ignoring: %s", strerror(-r));
1304 else
1305 log_info("RTC configured in localtime, applying delta of %i minutes to system time.", min);
1306 } else if (!in_initrd()) {
1307 /*
1308 * Do dummy first-time call to seal the kernel's time warp magic
1309 *
1310 * Do not call this this from inside the initrd. The initrd might not
1311 * carry /etc/adjtime with LOCAL, but the real system could be set up
1312 * that way. In such case, we need to delay the time-warp or the sealing
1313 * until we reach the real system.
1314 */
1315 hwclock_reset_timezone();
1316
1317 /* Tell the kernel our timezone */
1318 r = hwclock_set_timezone(NULL);
1319 if (r < 0)
1320 log_error("Failed to set the kernel's timezone, ignoring: %s", strerror(-r));
1321 }
1322 }
1323
1324 /* Set the default for later on, but don't actually
1325 * open the logs like this for now. Note that if we
1326 * are transitioning from the initrd there might still
1327 * be journal fd open, and we shouldn't attempt
1328 * opening that before we parsed /proc/cmdline which
1329 * might redirect output elsewhere. */
1330 log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
1331
1332 } else if (getpid() == 1) {
1333 /* Running inside a container, as PID 1 */
1334 arg_running_as = SYSTEMD_SYSTEM;
1335 log_set_target(LOG_TARGET_CONSOLE);
1336 log_close_console(); /* force reopen of /dev/console */
1337 log_open();
1338
1339 /* For the later on, see above... */
1340 log_set_target(LOG_TARGET_JOURNAL);
1341
1342 /* clear the kernel timestamp,
1343 * because we are in a container */
1344 kernel_timestamp.monotonic = 0ULL;
1345 kernel_timestamp.realtime = 0ULL;
1346
1347 } else {
1348 /* Running as user instance */
1349 arg_running_as = SYSTEMD_USER;
1350 log_set_target(LOG_TARGET_AUTO);
1351 log_open();
1352
1353 /* clear the kernel timestamp,
1354 * because we are not PID 1 */
1355 kernel_timestamp.monotonic = 0ULL;
1356 kernel_timestamp.realtime = 0ULL;
1357 }
1358
1359 /* Initialize default unit */
1360 r = set_default_unit(SPECIAL_DEFAULT_TARGET);
1361 if (r < 0) {
1362 log_error("Failed to set default unit %s: %s", SPECIAL_DEFAULT_TARGET, strerror(-r));
1363 goto finish;
1364 }
1365
1366 r = initialize_join_controllers();
1367 if (r < 0)
1368 goto finish;
1369
1370 /* Mount /proc, /sys and friends, so that /proc/cmdline and
1371 * /proc/$PID/fd is available. */
1372 if (getpid() == 1) {
1373 r = mount_setup(loaded_policy);
1374 if (r < 0)
1375 goto finish;
1376 }
1377
1378 /* Reset all signal handlers. */
1379 assert_se(reset_all_signal_handlers() == 0);
1380
1381 ignore_signals(SIGNALS_IGNORE, -1);
1382
1383 if (parse_config_file() < 0)
1384 goto finish;
1385
1386 if (arg_running_as == SYSTEMD_SYSTEM)
1387 if (parse_proc_cmdline(parse_proc_cmdline_word) < 0)
1388 goto finish;
1389
1390 log_parse_environment();
1391
1392 if (parse_argv(argc, argv) < 0)
1393 goto finish;
1394
1395 if (arg_action == ACTION_TEST &&
1396 geteuid() == 0) {
1397 log_error("Don't run test mode as root.");
1398 goto finish;
1399 }
1400
1401 if (arg_running_as == SYSTEMD_USER &&
1402 arg_action == ACTION_RUN &&
1403 sd_booted() <= 0) {
1404 log_error("Trying to run as user instance, but the system has not been booted with systemd.");
1405 goto finish;
1406 }
1407
1408 if (arg_running_as == SYSTEMD_SYSTEM &&
1409 arg_action == ACTION_RUN &&
1410 running_in_chroot() > 0) {
1411 log_error("Cannot be run in a chroot() environment.");
1412 goto finish;
1413 }
1414
1415 if (arg_action == ACTION_HELP) {
1416 retval = help();
1417 goto finish;
1418 } else if (arg_action == ACTION_VERSION) {
1419 retval = version();
1420 goto finish;
1421 } else if (arg_action == ACTION_DUMP_CONFIGURATION_ITEMS) {
1422 unit_dump_config_items(stdout);
1423 retval = EXIT_SUCCESS;
1424 goto finish;
1425 } else if (arg_action == ACTION_DONE) {
1426 retval = EXIT_SUCCESS;
1427 goto finish;
1428 }
1429
1430 if (arg_running_as == SYSTEMD_USER &&
1431 !getenv("XDG_RUNTIME_DIR")) {
1432 log_error("Trying to run as user instance, but $XDG_RUNTIME_DIR is not set.");
1433 goto finish;
1434 }
1435
1436 assert_se(arg_action == ACTION_RUN || arg_action == ACTION_TEST);
1437
1438 /* Close logging fds, in order not to confuse fdset below */
1439 log_close();
1440
1441 /* Remember open file descriptors for later deserialization */
1442 r = fdset_new_fill(&fds);
1443 if (r < 0) {
1444 log_error("Failed to allocate fd set: %s", strerror(-r));
1445 goto finish;
1446 } else
1447 fdset_cloexec(fds, true);
1448
1449 if (arg_serialization)
1450 assert_se(fdset_remove(fds, fileno(arg_serialization)) >= 0);
1451
1452 if (arg_running_as == SYSTEMD_SYSTEM)
1453 /* Become a session leader if we aren't one yet. */
1454 setsid();
1455
1456 /* Move out of the way, so that we won't block unmounts */
1457 assert_se(chdir("/") == 0);
1458
1459 /* Reset the console, but only if this is really init and we
1460 * are freshly booted */
1461 if (arg_running_as == SYSTEMD_SYSTEM && arg_action == ACTION_RUN)
1462 console_setup(getpid() == 1 && !skip_setup);
1463
1464 /* Open the logging devices, if possible and necessary */
1465 log_open();
1466
1467 /* Make sure we leave a core dump without panicing the
1468 * kernel. */
1469 if (getpid() == 1) {
1470 install_crash_handler();
1471
1472 r = mount_cgroup_controllers(arg_join_controllers);
1473 if (r < 0)
1474 goto finish;
1475 }
1476
1477 if (arg_running_as == SYSTEMD_SYSTEM) {
1478 const char *virtualization = NULL;
1479
1480 log_info(PACKAGE_STRING " running in system mode. (" SYSTEMD_FEATURES ")");
1481
1482 detect_virtualization(&virtualization);
1483 if (virtualization)
1484 log_info("Detected virtualization '%s'.", virtualization);
1485
1486 if (in_initrd())
1487 log_info("Running in initial RAM disk.");
1488
1489 } else {
1490 _cleanup_free_ char *t = uid_to_name(getuid());
1491 log_debug(PACKAGE_STRING " running in user mode for user "PID_FMT"/%s. (" SYSTEMD_FEATURES ")",
1492 getuid(), t);
1493 }
1494
1495 if (arg_running_as == SYSTEMD_SYSTEM && !skip_setup) {
1496 if (arg_show_status > 0 || plymouth_running())
1497 status_welcome();
1498
1499 #ifdef HAVE_KMOD
1500 if (detect_container(NULL) <= 0)
1501 kmod_setup();
1502 #endif
1503 hostname_setup();
1504 machine_id_setup();
1505 loopback_setup();
1506
1507 test_mtab();
1508 test_usr();
1509 test_cgroups();
1510 }
1511
1512 if (arg_running_as == SYSTEMD_SYSTEM && arg_runtime_watchdog > 0)
1513 watchdog_set_timeout(&arg_runtime_watchdog);
1514
1515 if (arg_timer_slack_nsec != (nsec_t) -1)
1516 if (prctl(PR_SET_TIMERSLACK, arg_timer_slack_nsec) < 0)
1517 log_error("Failed to adjust timer slack: %m");
1518
1519 if (arg_capability_bounding_set_drop) {
1520 r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop);
1521 if (r < 0) {
1522 log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r));
1523 goto finish;
1524 }
1525 r = capability_bounding_set_drop(arg_capability_bounding_set_drop, true);
1526 if (r < 0) {
1527 log_error("Failed to drop capability bounding set: %s", strerror(-r));
1528 goto finish;
1529 }
1530 }
1531
1532 if (arg_syscall_archs) {
1533 r = enforce_syscall_archs(arg_syscall_archs);
1534 if (r < 0)
1535 goto finish;
1536 }
1537
1538 if (arg_running_as == SYSTEMD_USER) {
1539 /* Become reaper of our children */
1540 if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0) {
1541 log_warning("Failed to make us a subreaper: %m");
1542 if (errno == EINVAL)
1543 log_info("Perhaps the kernel version is too old (< 3.4?)");
1544 }
1545 }
1546
1547 if (arg_running_as == SYSTEMD_SYSTEM)
1548 bump_rlimit_nofile(&saved_rlimit_nofile);
1549
1550 r = manager_new(arg_running_as, &m);
1551 if (r < 0) {
1552 log_error("Failed to allocate manager object: %s", strerror(-r));
1553 goto finish;
1554 }
1555
1556 m->confirm_spawn = arg_confirm_spawn;
1557 m->default_std_output = arg_default_std_output;
1558 m->default_std_error = arg_default_std_error;
1559 m->default_restart_usec = arg_default_restart_usec;
1560 m->default_timeout_start_usec = arg_default_timeout_start_usec;
1561 m->default_timeout_stop_usec = arg_default_timeout_stop_usec;
1562 m->default_start_limit_interval = arg_default_start_limit_interval;
1563 m->default_start_limit_burst = arg_default_start_limit_burst;
1564 m->runtime_watchdog = arg_runtime_watchdog;
1565 m->shutdown_watchdog = arg_shutdown_watchdog;
1566 m->userspace_timestamp = userspace_timestamp;
1567 m->kernel_timestamp = kernel_timestamp;
1568 m->initrd_timestamp = initrd_timestamp;
1569 m->security_start_timestamp = security_start_timestamp;
1570 m->security_finish_timestamp = security_finish_timestamp;
1571
1572 manager_set_default_rlimits(m, arg_default_rlimit);
1573
1574 if (arg_default_environment)
1575 manager_environment_add(m, NULL, arg_default_environment);
1576
1577 if (arg_show_status == SHOW_STATUS_UNSET)
1578 arg_show_status = SHOW_STATUS_YES;
1579 manager_set_show_status(m, arg_show_status);
1580
1581 /* Remember whether we should queue the default job */
1582 queue_default_job = !arg_serialization || arg_switched_root;
1583
1584 before_startup = now(CLOCK_MONOTONIC);
1585
1586 r = manager_startup(m, arg_serialization, fds);
1587 if (r < 0)
1588 log_error("Failed to fully start up daemon: %s", strerror(-r));
1589
1590 /* This will close all file descriptors that were opened, but
1591 * not claimed by any unit. */
1592 fdset_free(fds);
1593 fds = NULL;
1594
1595 if (arg_serialization) {
1596 fclose(arg_serialization);
1597 arg_serialization = NULL;
1598 }
1599
1600 if (queue_default_job) {
1601 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1602 Unit *target = NULL;
1603 Job *default_unit_job;
1604
1605 log_debug("Activating default unit: %s", arg_default_unit);
1606
1607 r = manager_load_unit(m, arg_default_unit, NULL, &error, &target);
1608 if (r < 0)
1609 log_error("Failed to load default target: %s", bus_error_message(&error, r));
1610 else if (target->load_state == UNIT_ERROR || target->load_state == UNIT_NOT_FOUND)
1611 log_error("Failed to load default target: %s", strerror(-target->load_error));
1612 else if (target->load_state == UNIT_MASKED)
1613 log_error("Default target masked.");
1614
1615 if (!target || target->load_state != UNIT_LOADED) {
1616 log_info("Trying to load rescue target...");
1617
1618 r = manager_load_unit(m, SPECIAL_RESCUE_TARGET, NULL, &error, &target);
1619 if (r < 0) {
1620 log_error("Failed to load rescue target: %s", bus_error_message(&error, r));
1621 goto finish;
1622 } else if (target->load_state == UNIT_ERROR || target->load_state == UNIT_NOT_FOUND) {
1623 log_error("Failed to load rescue target: %s", strerror(-target->load_error));
1624 goto finish;
1625 } else if (target->load_state == UNIT_MASKED) {
1626 log_error("Rescue target masked.");
1627 goto finish;
1628 }
1629 }
1630
1631 assert(target->load_state == UNIT_LOADED);
1632
1633 if (arg_action == ACTION_TEST) {
1634 printf("-> By units:\n");
1635 manager_dump_units(m, stdout, "\t");
1636 }
1637
1638 r = manager_add_job(m, JOB_START, target, JOB_ISOLATE, false, &error, &default_unit_job);
1639 if (r == -EPERM) {
1640 log_debug("Default target could not be isolated, starting instead: %s", bus_error_message(&error, r));
1641
1642 r = manager_add_job(m, JOB_START, target, JOB_REPLACE, false, &error, &default_unit_job);
1643 if (r < 0) {
1644 log_error("Failed to start default target: %s", bus_error_message(&error, r));
1645 goto finish;
1646 }
1647 } else if (r < 0) {
1648 log_error("Failed to isolate default target: %s", bus_error_message(&error, r));
1649 goto finish;
1650 }
1651
1652 m->default_unit_job_id = default_unit_job->id;
1653
1654 after_startup = now(CLOCK_MONOTONIC);
1655 log_full(arg_action == ACTION_TEST ? LOG_INFO : LOG_DEBUG,
1656 "Loaded units and determined initial transaction in %s.",
1657 format_timespan(timespan, sizeof(timespan), after_startup - before_startup, 0));
1658
1659 if (arg_action == ACTION_TEST) {
1660 printf("-> By jobs:\n");
1661 manager_dump_jobs(m, stdout, "\t");
1662 retval = EXIT_SUCCESS;
1663 goto finish;
1664 }
1665 }
1666
1667 for (;;) {
1668 r = manager_loop(m);
1669 if (r < 0) {
1670 log_error("Failed to run mainloop: %s", strerror(-r));
1671 goto finish;
1672 }
1673
1674 switch (m->exit_code) {
1675
1676 case MANAGER_EXIT:
1677 retval = EXIT_SUCCESS;
1678 log_debug("Exit.");
1679 goto finish;
1680
1681 case MANAGER_RELOAD:
1682 log_info("Reloading.");
1683 r = manager_reload(m);
1684 if (r < 0)
1685 log_error("Failed to reload: %s", strerror(-r));
1686 break;
1687
1688 case MANAGER_REEXECUTE:
1689
1690 if (prepare_reexecute(m, &arg_serialization, &fds, false) < 0)
1691 goto finish;
1692
1693 reexecute = true;
1694 log_notice("Reexecuting.");
1695 goto finish;
1696
1697 case MANAGER_SWITCH_ROOT:
1698 /* Steal the switch root parameters */
1699 switch_root_dir = m->switch_root;
1700 switch_root_init = m->switch_root_init;
1701 m->switch_root = m->switch_root_init = NULL;
1702
1703 if (!switch_root_init)
1704 if (prepare_reexecute(m, &arg_serialization, &fds, true) < 0)
1705 goto finish;
1706
1707 reexecute = true;
1708 log_notice("Switching root.");
1709 goto finish;
1710
1711 case MANAGER_REBOOT:
1712 case MANAGER_POWEROFF:
1713 case MANAGER_HALT:
1714 case MANAGER_KEXEC: {
1715 static const char * const table[_MANAGER_EXIT_CODE_MAX] = {
1716 [MANAGER_REBOOT] = "reboot",
1717 [MANAGER_POWEROFF] = "poweroff",
1718 [MANAGER_HALT] = "halt",
1719 [MANAGER_KEXEC] = "kexec"
1720 };
1721
1722 assert_se(shutdown_verb = table[m->exit_code]);
1723 arm_reboot_watchdog = m->exit_code == MANAGER_REBOOT;
1724
1725 log_notice("Shutting down.");
1726 goto finish;
1727 }
1728
1729 default:
1730 assert_not_reached("Unknown exit code.");
1731 }
1732 }
1733
1734 finish:
1735 if (m) {
1736 manager_free(m);
1737 m = NULL;
1738 }
1739
1740 for (j = 0; j < ELEMENTSOF(arg_default_rlimit); j++) {
1741 free(arg_default_rlimit[j]);
1742 arg_default_rlimit[j] = NULL;
1743 }
1744
1745 free(arg_default_unit);
1746 arg_default_unit = NULL;
1747
1748 free_join_controllers();
1749
1750 strv_free(arg_default_environment);
1751 arg_default_environment = NULL;
1752
1753 set_free(arg_syscall_archs);
1754 arg_syscall_archs = NULL;
1755
1756 label_finish();
1757
1758 if (reexecute) {
1759 const char **args;
1760 unsigned i, args_size;
1761
1762 /* Close and disarm the watchdog, so that the new
1763 * instance can reinitialize it, but doesn't get
1764 * rebooted while we do that */
1765 watchdog_close(true);
1766
1767 /* Reset the RLIMIT_NOFILE to the kernel default, so
1768 * that the new systemd can pass the kernel default to
1769 * its child processes */
1770 if (saved_rlimit_nofile.rlim_cur > 0)
1771 setrlimit(RLIMIT_NOFILE, &saved_rlimit_nofile);
1772
1773 if (switch_root_dir) {
1774 /* Kill all remaining processes from the
1775 * initrd, but don't wait for them, so that we
1776 * can handle the SIGCHLD for them after
1777 * deserializing. */
1778 broadcast_signal(SIGTERM, false, true);
1779
1780 /* And switch root */
1781 r = switch_root(switch_root_dir);
1782 if (r < 0)
1783 log_error("Failed to switch root, ignoring: %s", strerror(-r));
1784 }
1785
1786 args_size = MAX(6, argc+1);
1787 args = newa(const char*, args_size);
1788
1789 if (!switch_root_init) {
1790 char sfd[16];
1791
1792 /* First try to spawn ourselves with the right
1793 * path, and with full serialization. We do
1794 * this only if the user didn't specify an
1795 * explicit init to spawn. */
1796
1797 assert(arg_serialization);
1798 assert(fds);
1799
1800 snprintf(sfd, sizeof(sfd), "%i", fileno(arg_serialization));
1801 char_array_0(sfd);
1802
1803 i = 0;
1804 args[i++] = SYSTEMD_BINARY_PATH;
1805 if (switch_root_dir)
1806 args[i++] = "--switched-root";
1807 args[i++] = arg_running_as == SYSTEMD_SYSTEM ? "--system" : "--user";
1808 args[i++] = "--deserialize";
1809 args[i++] = sfd;
1810 args[i++] = NULL;
1811
1812 /* do not pass along the environment we inherit from the kernel or initrd */
1813 if (switch_root_dir)
1814 clearenv();
1815
1816 assert(i <= args_size);
1817 execv(args[0], (char* const*) args);
1818 }
1819
1820 /* Try the fallback, if there is any, without any
1821 * serialization. We pass the original argv[] and
1822 * envp[]. (Well, modulo the ordering changes due to
1823 * getopt() in argv[], and some cleanups in envp[],
1824 * but let's hope that doesn't matter.) */
1825
1826 if (arg_serialization) {
1827 fclose(arg_serialization);
1828 arg_serialization = NULL;
1829 }
1830
1831 if (fds) {
1832 fdset_free(fds);
1833 fds = NULL;
1834 }
1835
1836 /* Reopen the console */
1837 make_console_stdio();
1838
1839 for (j = 1, i = 1; j < (unsigned) argc; j++)
1840 args[i++] = argv[j];
1841 args[i++] = NULL;
1842 assert(i <= args_size);
1843
1844 if (switch_root_init) {
1845 args[0] = switch_root_init;
1846 execv(args[0], (char* const*) args);
1847 log_warning("Failed to execute configured init, trying fallback: %m");
1848 }
1849
1850 args[0] = "/sbin/init";
1851 execv(args[0], (char* const*) args);
1852
1853 if (errno == ENOENT) {
1854 log_warning("No /sbin/init, trying fallback");
1855
1856 args[0] = "/bin/sh";
1857 args[1] = NULL;
1858 execv(args[0], (char* const*) args);
1859 log_error("Failed to execute /bin/sh, giving up: %m");
1860 } else
1861 log_warning("Failed to execute /sbin/init, giving up: %m");
1862 }
1863
1864 if (arg_serialization) {
1865 fclose(arg_serialization);
1866 arg_serialization = NULL;
1867 }
1868
1869 if (fds) {
1870 fdset_free(fds);
1871 fds = NULL;
1872 }
1873
1874 #ifdef HAVE_VALGRIND_VALGRIND_H
1875 /* If we are PID 1 and running under valgrind, then let's exit
1876 * here explicitly. valgrind will only generate nice output on
1877 * exit(), not on exec(), hence let's do the former not the
1878 * latter here. */
1879 if (getpid() == 1 && RUNNING_ON_VALGRIND)
1880 return 0;
1881 #endif
1882
1883 if (shutdown_verb) {
1884 const char * command_line[] = {
1885 SYSTEMD_SHUTDOWN_BINARY_PATH,
1886 shutdown_verb,
1887 NULL
1888 };
1889 _cleanup_strv_free_ char **env_block = NULL;
1890 env_block = strv_copy(environ);
1891
1892 if (arm_reboot_watchdog && arg_shutdown_watchdog > 0) {
1893 char *e;
1894
1895 /* If we reboot let's set the shutdown
1896 * watchdog and tell the shutdown binary to
1897 * repeatedly ping it */
1898 watchdog_set_timeout(&arg_shutdown_watchdog);
1899 watchdog_close(false);
1900
1901 /* Tell the binary how often to ping, ignore failure */
1902 if (asprintf(&e, "WATCHDOG_USEC="USEC_FMT, arg_shutdown_watchdog) > 0)
1903 strv_push(&env_block, e);
1904 } else
1905 watchdog_close(true);
1906
1907 /* Avoid the creation of new processes forked by the
1908 * kernel; at this point, we will not listen to the
1909 * signals anyway */
1910 if (detect_container(NULL) <= 0)
1911 cg_uninstall_release_agent(SYSTEMD_CGROUP_CONTROLLER);
1912
1913 execve(SYSTEMD_SHUTDOWN_BINARY_PATH, (char **) command_line, env_block);
1914 log_error("Failed to execute shutdown binary, freezing: %m");
1915 }
1916
1917 if (getpid() == 1)
1918 freeze();
1919
1920 return retval;
1921 }
Unnamed repository; edit this file 'description' to name the repository.