2 This file is part of systemd.
4 Copyright 2015 Lennart Poettering
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 #include "alloc-util.h"
22 #include "conf-parser.h"
23 #include "nspawn-network.h"
24 #include "nspawn-settings.h"
25 #include "parse-util.h"
26 #include "process-util.h"
27 #include "socket-util.h"
28 #include "string-util.h"
30 #include "user-util.h"
33 int settings_load(FILE *f
, const char *path
, Settings
**ret
) {
34 _cleanup_(settings_freep
) Settings
*s
= NULL
;
40 s
= new0(Settings
, 1);
44 s
->start_mode
= _START_MODE_INVALID
;
45 s
->personality
= PERSONALITY_INVALID
;
46 s
->userns_mode
= _USER_NAMESPACE_MODE_INVALID
;
47 s
->uid_shift
= UID_INVALID
;
48 s
->uid_range
= UID_INVALID
;
51 s
->volatile_mode
= _VOLATILE_MODE_INVALID
;
54 s
->private_network
= -1;
57 r
= config_parse(NULL
, path
, f
,
61 config_item_perf_lookup
, nspawn_gperf_lookup
,
69 /* Make sure that if userns_mode is set, userns_chown is set to something appropriate, and vice versa. Either
70 * both fields shall be initialized or neither. */
71 if (s
->userns_mode
== USER_NAMESPACE_PICK
)
72 s
->userns_chown
= true;
73 else if (s
->userns_mode
!= _USER_NAMESPACE_MODE_INVALID
&& s
->userns_chown
< 0)
74 s
->userns_chown
= false;
76 if (s
->userns_chown
>= 0 && s
->userns_mode
== _USER_NAMESPACE_MODE_INVALID
)
77 s
->userns_mode
= USER_NAMESPACE_NO
;
85 Settings
* settings_free(Settings
*s
) {
90 strv_free(s
->parameters
);
91 strv_free(s
->environment
);
93 free(s
->working_directory
);
95 strv_free(s
->network_interfaces
);
96 strv_free(s
->network_macvlan
);
97 strv_free(s
->network_ipvlan
);
98 strv_free(s
->network_veth_extra
);
99 free(s
->network_bridge
);
100 free(s
->network_zone
);
101 expose_port_free_all(s
->expose_ports
);
103 custom_mount_free_all(s
->custom_mounts
, s
->n_custom_mounts
);
109 bool settings_private_network(Settings
*s
) {
113 s
->private_network
> 0 ||
114 s
->network_veth
> 0 ||
117 s
->network_interfaces
||
118 s
->network_macvlan
||
120 s
->network_veth_extra
;
123 bool settings_network_veth(Settings
*s
) {
127 s
->network_veth
> 0 ||
132 DEFINE_CONFIG_PARSE_ENUM(config_parse_volatile_mode
, volatile_mode
, VolatileMode
, "Failed to parse volatile mode");
134 int config_parse_expose_port(
136 const char *filename
,
139 unsigned section_line
,
153 r
= expose_port_parse(&s
->expose_ports
, rvalue
);
155 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Duplicate port specification, ignoring: %s", rvalue
);
159 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to parse host port %s: %m", rvalue
);
166 int config_parse_capability(
168 const char *filename
,
171 unsigned section_line
,
178 uint64_t u
= 0, *result
= data
;
186 _cleanup_free_
char *word
= NULL
;
189 r
= extract_first_word(&rvalue
, &word
, NULL
, 0);
191 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to extract capability string, ignoring: %s", rvalue
);
197 cap
= capability_from_name(word
);
199 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Failed to parse capability, ignoring: %s", word
);
203 u
|= 1 << ((uint64_t) cap
);
213 int config_parse_id128(
215 const char *filename
,
218 unsigned section_line
,
225 sd_id128_t t
, *result
= data
;
232 r
= sd_id128_from_string(rvalue
, &t
);
234 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to parse 128bit ID/UUID, ignoring: %s", rvalue
);
242 int config_parse_bind(
244 const char *filename
,
247 unsigned section_line
,
254 Settings
*settings
= data
;
261 r
= bind_mount_parse(&settings
->custom_mounts
, &settings
->n_custom_mounts
, rvalue
, ltype
);
263 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Invalid bind mount specification %s: %m", rvalue
);
270 int config_parse_tmpfs(
272 const char *filename
,
275 unsigned section_line
,
282 Settings
*settings
= data
;
289 r
= tmpfs_mount_parse(&settings
->custom_mounts
, &settings
->n_custom_mounts
, rvalue
);
291 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Invalid temporary file system specification %s: %m", rvalue
);
298 int config_parse_veth_extra(
300 const char *filename
,
303 unsigned section_line
,
310 Settings
*settings
= data
;
317 r
= veth_extra_parse(&settings
->network_veth_extra
, rvalue
);
319 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Invalid extra virtual Ethernet link specification %s: %m", rvalue
);
326 int config_parse_network_zone(
328 const char *filename
,
331 unsigned section_line
,
338 Settings
*settings
= data
;
339 _cleanup_free_
char *j
= NULL
;
345 j
= strappend("vz-", rvalue
);
346 if (!ifname_valid(j
)) {
347 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Invalid network zone name %s, ignoring: %m", rvalue
);
351 free(settings
->network_zone
);
352 settings
->network_zone
= j
;
358 int config_parse_boot(
360 const char *filename
,
363 unsigned section_line
,
370 Settings
*settings
= data
;
377 r
= parse_boolean(rvalue
);
379 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to parse Boot= parameter %s, ignoring: %m", rvalue
);
384 if (settings
->start_mode
== START_PID2
)
387 settings
->start_mode
= START_BOOT
;
389 if (settings
->start_mode
== START_BOOT
)
392 if (settings
->start_mode
< 0)
393 settings
->start_mode
= START_PID1
;
399 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Conflicting Boot= or ProcessTwo= setting found. Ignoring.");
403 int config_parse_pid2(
405 const char *filename
,
408 unsigned section_line
,
415 Settings
*settings
= data
;
422 r
= parse_boolean(rvalue
);
424 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to parse ProcessTwo= parameter %s, ignoring: %m", rvalue
);
429 if (settings
->start_mode
== START_BOOT
)
432 settings
->start_mode
= START_PID2
;
434 if (settings
->start_mode
== START_PID2
)
437 if (settings
->start_mode
< 0)
438 settings
->start_mode
= START_PID1
;
444 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Conflicting Boot= or ProcessTwo= setting found. Ignoring.");
448 int config_parse_private_users(
450 const char *filename
,
453 unsigned section_line
,
460 Settings
*settings
= data
;
467 r
= parse_boolean(rvalue
);
469 /* no: User namespacing off */
470 settings
->userns_mode
= USER_NAMESPACE_NO
;
471 settings
->uid_shift
= UID_INVALID
;
472 settings
->uid_range
= UINT32_C(0x10000);
474 /* yes: User namespacing on, UID range is read from root dir */
475 settings
->userns_mode
= USER_NAMESPACE_FIXED
;
476 settings
->uid_shift
= UID_INVALID
;
477 settings
->uid_range
= UINT32_C(0x10000);
478 } else if (streq(rvalue
, "pick")) {
479 /* pick: User namespacing on, UID range is picked randomly */
480 settings
->userns_mode
= USER_NAMESPACE_PICK
;
481 settings
->uid_shift
= UID_INVALID
;
482 settings
->uid_range
= UINT32_C(0x10000);
484 const char *range
, *shift
;
487 /* anything else: User namespacing on, UID range is explicitly configured */
489 range
= strchr(rvalue
, ':');
491 shift
= strndupa(rvalue
, range
- rvalue
);
494 r
= safe_atou32(range
, &rn
);
495 if (r
< 0 || rn
<= 0) {
496 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "UID/GID range invalid, ignoring: %s", range
);
501 rn
= UINT32_C(0x10000);
504 r
= parse_uid(shift
, &sh
);
506 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "UID/GID shift invalid, ignoring: %s", range
);
510 settings
->userns_mode
= USER_NAMESPACE_FIXED
;
511 settings
->uid_shift
= sh
;
512 settings
->uid_range
= rn
;