2 This file is part of systemd.
4 Copyright 2015 Lennart Poettering
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 #include "alloc-util.h"
22 #include "conf-parser.h"
23 #include "nspawn-network.h"
24 #include "nspawn-settings.h"
25 #include "parse-util.h"
26 #include "process-util.h"
27 #include "socket-util.h"
28 #include "string-util.h"
30 #include "user-util.h"
33 int settings_load(FILE *f
, const char *path
, Settings
**ret
) {
34 _cleanup_(settings_freep
) Settings
*s
= NULL
;
40 s
= new0(Settings
, 1);
44 s
->start_mode
= _START_MODE_INVALID
;
45 s
->personality
= PERSONALITY_INVALID
;
46 s
->userns_mode
= _USER_NAMESPACE_MODE_INVALID
;
47 s
->uid_shift
= UID_INVALID
;
48 s
->uid_range
= UID_INVALID
;
51 s
->volatile_mode
= _VOLATILE_MODE_INVALID
;
54 s
->private_network
= -1;
57 r
= config_parse(NULL
, path
, f
,
61 config_item_perf_lookup
, nspawn_gperf_lookup
,
69 /* Make sure that if userns_mode is set, userns_chown is set to something appropriate, and vice versa. Either
70 * both fields shall be initialized or neither. */
71 if (s
->userns_mode
== USER_NAMESPACE_PICK
)
72 s
->userns_chown
= true;
73 else if (s
->userns_mode
!= _USER_NAMESPACE_MODE_INVALID
&& s
->userns_chown
< 0)
74 s
->userns_chown
= false;
76 if (s
->userns_chown
>= 0 && s
->userns_mode
== _USER_NAMESPACE_MODE_INVALID
)
77 s
->userns_mode
= USER_NAMESPACE_NO
;
85 Settings
* settings_free(Settings
*s
) {
90 strv_free(s
->parameters
);
91 strv_free(s
->environment
);
93 free(s
->working_directory
);
95 strv_free(s
->network_interfaces
);
96 strv_free(s
->network_macvlan
);
97 strv_free(s
->network_ipvlan
);
98 strv_free(s
->network_veth_extra
);
99 free(s
->network_bridge
);
100 free(s
->network_zone
);
101 expose_port_free_all(s
->expose_ports
);
103 custom_mount_free_all(s
->custom_mounts
, s
->n_custom_mounts
);
107 bool settings_private_network(Settings
*s
) {
111 s
->private_network
> 0 ||
112 s
->network_veth
> 0 ||
115 s
->network_interfaces
||
116 s
->network_macvlan
||
118 s
->network_veth_extra
;
121 bool settings_network_veth(Settings
*s
) {
125 s
->network_veth
> 0 ||
130 DEFINE_CONFIG_PARSE_ENUM(config_parse_volatile_mode
, volatile_mode
, VolatileMode
, "Failed to parse volatile mode");
132 int config_parse_expose_port(
134 const char *filename
,
137 unsigned section_line
,
151 r
= expose_port_parse(&s
->expose_ports
, rvalue
);
153 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Duplicate port specification, ignoring: %s", rvalue
);
157 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to parse host port %s: %m", rvalue
);
164 int config_parse_capability(
166 const char *filename
,
169 unsigned section_line
,
176 uint64_t u
= 0, *result
= data
;
184 _cleanup_free_
char *word
= NULL
;
187 r
= extract_first_word(&rvalue
, &word
, NULL
, 0);
189 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to extract capability string, ignoring: %s", rvalue
);
195 cap
= capability_from_name(word
);
197 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Failed to parse capability, ignoring: %s", word
);
201 u
|= 1 << ((uint64_t) cap
);
211 int config_parse_id128(
213 const char *filename
,
216 unsigned section_line
,
223 sd_id128_t t
, *result
= data
;
230 r
= sd_id128_from_string(rvalue
, &t
);
232 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to parse 128bit ID/UUID, ignoring: %s", rvalue
);
240 int config_parse_bind(
242 const char *filename
,
245 unsigned section_line
,
252 Settings
*settings
= data
;
259 r
= bind_mount_parse(&settings
->custom_mounts
, &settings
->n_custom_mounts
, rvalue
, ltype
);
261 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Invalid bind mount specification %s: %m", rvalue
);
268 int config_parse_tmpfs(
270 const char *filename
,
273 unsigned section_line
,
280 Settings
*settings
= data
;
287 r
= tmpfs_mount_parse(&settings
->custom_mounts
, &settings
->n_custom_mounts
, rvalue
);
289 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Invalid temporary file system specification %s: %m", rvalue
);
296 int config_parse_veth_extra(
298 const char *filename
,
301 unsigned section_line
,
308 Settings
*settings
= data
;
315 r
= veth_extra_parse(&settings
->network_veth_extra
, rvalue
);
317 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Invalid extra virtual Ethernet link specification %s: %m", rvalue
);
324 int config_parse_network_zone(
326 const char *filename
,
329 unsigned section_line
,
336 Settings
*settings
= data
;
337 _cleanup_free_
char *j
= NULL
;
343 j
= strappend("vz-", rvalue
);
344 if (!ifname_valid(j
)) {
345 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Invalid network zone name %s, ignoring: %m", rvalue
);
349 free(settings
->network_zone
);
350 settings
->network_zone
= j
;
356 int config_parse_boot(
358 const char *filename
,
361 unsigned section_line
,
368 Settings
*settings
= data
;
375 r
= parse_boolean(rvalue
);
377 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to parse Boot= parameter %s, ignoring: %m", rvalue
);
382 if (settings
->start_mode
== START_PID2
)
385 settings
->start_mode
= START_BOOT
;
387 if (settings
->start_mode
== START_BOOT
)
390 if (settings
->start_mode
< 0)
391 settings
->start_mode
= START_PID1
;
397 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Conflicting Boot= or ProcessTwo= setting found. Ignoring.");
401 int config_parse_pid2(
403 const char *filename
,
406 unsigned section_line
,
413 Settings
*settings
= data
;
420 r
= parse_boolean(rvalue
);
422 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to parse ProcessTwo= parameter %s, ignoring: %m", rvalue
);
427 if (settings
->start_mode
== START_BOOT
)
430 settings
->start_mode
= START_PID2
;
432 if (settings
->start_mode
== START_PID2
)
435 if (settings
->start_mode
< 0)
436 settings
->start_mode
= START_PID1
;
442 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Conflicting Boot= or ProcessTwo= setting found. Ignoring.");
446 int config_parse_private_users(
448 const char *filename
,
451 unsigned section_line
,
458 Settings
*settings
= data
;
465 r
= parse_boolean(rvalue
);
467 /* no: User namespacing off */
468 settings
->userns_mode
= USER_NAMESPACE_NO
;
469 settings
->uid_shift
= UID_INVALID
;
470 settings
->uid_range
= UINT32_C(0x10000);
472 /* yes: User namespacing on, UID range is read from root dir */
473 settings
->userns_mode
= USER_NAMESPACE_FIXED
;
474 settings
->uid_shift
= UID_INVALID
;
475 settings
->uid_range
= UINT32_C(0x10000);
476 } else if (streq(rvalue
, "pick")) {
477 /* pick: User namespacing on, UID range is picked randomly */
478 settings
->userns_mode
= USER_NAMESPACE_PICK
;
479 settings
->uid_shift
= UID_INVALID
;
480 settings
->uid_range
= UINT32_C(0x10000);
482 const char *range
, *shift
;
485 /* anything else: User namespacing on, UID range is explicitly configured */
487 range
= strchr(rvalue
, ':');
489 shift
= strndupa(rvalue
, range
- rvalue
);
492 r
= safe_atou32(range
, &rn
);
493 if (r
< 0 || rn
<= 0) {
494 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "UID/GID range invalid, ignoring: %s", range
);
499 rn
= UINT32_C(0x10000);
502 r
= parse_uid(shift
, &sh
);
504 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "UID/GID shift invalid, ignoring: %s", range
);
508 settings
->userns_mode
= USER_NAMESPACE_FIXED
;
509 settings
->uid_shift
= sh
;
510 settings
->uid_range
= rn
;