picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Systemd/src/core/main.c

2776 lines
114 KiB
C
Raw Normal View History

Add SPDX license identifiers to source files under the LGPL This follows what the kernel is doing, c.f. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
2017-11-18 17:09:20 +01:00
/* SPDX-License-Identifier: LGPL-2.1+ */
license: add GPLv2+ license blurbs everwhere
2010-02-03 13:03:47 +01:00
initial commit
2009-11-18 00:42:52 +01:00
#include <errno.h>
core: order #includes in main.c
2015-09-23 01:04:46 +02:00
#include <fcntl.h>
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
#include <getopt.h>
manager: introduce SwitchRoot bus call for initrd/main transition
2012-05-09 01:24:50 +02:00
#include <sys/mount.h>
core: order #includes in main.c
2015-09-23 01:04:46 +02:00
#include <sys/prctl.h>
core: rework crash handling This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-23 23:13:06 +02:00
#include <sys/reboot.h>
core: order #includes in main.c
2015-09-23 01:04:46 +02:00
#include <unistd.h>
build-sys: use #if Y instead of #ifdef Y everywhere The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
2017-10-03 10:41:51 +02:00
#if HAVE_SECCOMP
execute: no need to include seccomp.h from execute.h
2014-03-03 17:12:56 +01:00
#include <seccomp.h>
#endif
build-sys: use #if Y instead of #ifdef Y everywhere The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
2017-10-03 10:41:51 +02:00
#if HAVE_VALGRIND_VALGRIND_H
core: order #includes in main.c
2015-09-23 01:04:46 +02:00
#include <valgrind/valgrind.h>
#endif
valgrind: make running PID 1 in valgrind useful Since valgrind only generates useful output on exit() (rather than exec()) we need to explicitly exit when valgrind is detected.
2013-11-20 22:11:10 +01:00
core: convert PID 1 to libsystemd-bus This patch converts PID 1 to libsystemd-bus and thus drops the dependency on libdbus. The only remaining code using libdbus is a test case that validates our bus marshalling against libdbus' marshalling, and this dependency can be turned off. This patch also adds a couple of things to libsystem-bus, that are necessary to make the port work: - Synthesizing of "Disconnected" messages when bus connections are severed. - Support for attaching multiple vtables for the same interface on the same path. This patch also fixes the SetDefaultTarget() and GetDefaultTarget() bus calls which used an inappropriate signature. As a side effect we will now generate PropertiesChanged messages which carry property contents, rather than just invalidation information.
2013-11-19 21:12:59 +01:00
#include "sd-bus.h"
tree-wide: sort includes Sort the includes accoding to the new coding style.
2015-11-16 22:09:36 +01:00
#include "sd-daemon.h"
Make taint message structured and add catalog entry Dec 14 14:10:54 krowka systemd[1]: System is tainted: overflowgid-not-65534 -- Subject: The system is configured in a way that might cause problems -- Defined-By: systemd -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- The following "tags" are possible: -- - "split-usr" — /usr is a separate file system and was not mounted when systemd -- was booted -- - "cgroups-missing" — the kernel was compiled without cgroup support or access -- to expected interface files is resticted -- - "var-run-bad" — /var/run is not a symlink to /run -- - "overflowuid-not-65534" — the kernel user ID used for "unknown" users (with -- NFS or user namespaces) is not 65534 -- - "overflowgid-not-65534" — the kernel group ID used for "unknown" users (with -- NFS or user namespaces) is not 65534 -- Current system is tagged as overflowgid-not-65534.
2017-12-14 10:15:41 +01:00
#include "sd-messages.h"
core: order #includes in main.c
2015-09-23 01:04:46 +02:00
util-lib: split out allocation calls into alloc-util.[ch]
2015-10-27 03:01:06 +01:00
#include "alloc-util.h"
hostnamectl: should the sanitized arch, not the native uname() one
2014-02-21 02:28:54 +01:00
#include "architecture.h"
core: order #includes in main.c
2015-09-23 01:04:46 +02:00
#include "build.h"
#include "bus-error.h"
#include "bus-util.h"
src/basic: rename audit.[ch] → audit-util.[ch] and capability.[ch] → capability-util.[ch] The files are named too generically, so that they might conflict with the upstream project headers. Hence, let's add a "-util" suffix, to clarify that this are just our utility headers and not any official upstream headers.
2015-10-26 23:32:16 +01:00
#include "capability-util.h"
cgroup v2: DefaultCPUAccounting=yes if CPU controller isn't required We now don't enable the CPU controller just for CPU accounting if we are on 4.15+ and using pure unified hierarchy, as this is provided externally to the CPU controller. This makes CPUAccounting=yes essentially free, so enabling it by default when it's cheap seems like a good idea.
2018-10-25 15:03:58 +02:00
#include "cgroup-util.h"
shared: rename hwclock.[ch] to clock-util.[ch]
2014-05-22 14:21:38 +02:00
#include "clock-util.h"
core: order #includes in main.c
2015-09-23 01:04:46 +02:00
#include "conf-parser.h"
basic: split out cpu set specific APIs into cpu-set-util.[ch]
2015-09-30 21:50:22 +02:00
#include "cpu-set-util.h"
core: order #includes in main.c
2015-09-23 01:04:46 +02:00
#include "dbus-manager.h"
core: take random seed from boot loader and credit it to kernel entropy pool
2019-07-19 19:39:15 +02:00
#include "dbus.h"
core: order #includes in main.c
2015-09-23 01:04:46 +02:00
#include "def.h"
core: take random seed from boot loader and credit it to kernel entropy pool
2019-07-19 19:39:15 +02:00
#include "efi-random.h"
core: minor coding style/wording fixes
2016-12-08 17:23:08 +01:00
#include "emergency-action.h"
core: order #includes in main.c
2015-09-23 01:04:46 +02:00
#include "env-util.h"
core: undo the dependency inversion between unit.h and all unit types
2018-05-15 20:17:34 +02:00
#include "exit-status.h"
util-lib: split out fd-related operations into fd-util.[ch] There are more than enough to deserve their own .c file, hence move them over.
2015-10-25 13:14:12 +01:00
#include "fd-util.h"
core: order #includes in main.c
2015-09-23 01:04:46 +02:00
#include "fdset.h"
core: convert PID 1 to libsystemd-bus This patch converts PID 1 to libsystemd-bus and thus drops the dependency on libdbus. The only remaining code using libdbus is a test case that validates our bus marshalling against libdbus' marshalling, and this dependency can be turned off. This patch also adds a couple of things to libsystem-bus, that are necessary to make the port work: - Synthesizing of "Disconnected" messages when bus connections are severed. - Support for attaching multiple vtables for the same interface on the same path. This patch also fixes the SetDefaultTarget() and GetDefaultTarget() bus calls which used an inappropriate signature. As a side effect we will now generate PropertiesChanged messages which carry property contents, rather than just invalidation information.
2013-11-19 21:12:59 +01:00
#include "fileio.h"
Rename formats-util.h to format-util.h We don't have plural in the name of any other -util files and this inconsistency trips me up every time I try to type this file name from memory. "formats-util" is even hard to pronounce.
2016-11-07 16:14:59 +01:00
#include "format-util.h"
util-lib: move a number of fs operations into fs-util.[ch]
2015-10-26 21:16:26 +01:00
#include "fs-util.h"
core: order #includes in main.c
2015-09-23 01:04:46 +02:00
#include "hostname-setup.h"
#include "ima-setup.h"
#include "killall.h"
#include "kmod-setup.h"
util: split out some stuff into a new file limits-util.[ch]
2019-03-13 11:35:47 +01:00
#include "limits-util.h"
tmpfiles: add new line type 'v' for creating btrfs subvolumes
2014-12-27 18:46:36 +01:00
#include "load-fragment.h"
core: order #includes in main.c
2015-09-23 01:04:46 +02:00
#include "log.h"
main: we want all setup functions to be in files called xxx-setup.[ch]
2012-04-12 14:28:43 +02:00
#include "loopback-setup.h"
#include "machine-id-setup.h"
core: order #includes in main.c
2015-09-23 01:04:46 +02:00
#include "manager.h"
#include "mount-setup.h"
os-util: add helpers for finding /etc/os-release Place this new helpers in a new source file os-util.[ch], and move the existing and related call path_is_os_tree() to it as well.
2018-03-26 16:32:40 +02:00
#include "os-util.h"
core: order #includes in main.c
2015-09-23 01:04:46 +02:00
#include "pager.h"
util-lib: split string parsing related calls from util.[ch] into parse-util.[ch]
2015-10-26 16:18:16 +01:00
#include "parse-util.h"
core: allow to redirect confirmation messages to a different console It's rather hard to parse the confirmation messages (enabled with systemd.confirm_spawn=true) amongst the status messages and the kernel ones (if enabled). This patch gives the possibility to the user to redirect the confirmation message to a different virtual console, either by giving its name or its path, so those messages are separated from the other ones and easier to read.
2016-11-02 10:38:22 +01:00
#include "path-util.h"
Split out pretty-print.c and move pager.c and main-func.h to shared/ This is high-level functionality, and fits better in shared/ (which is for our executables), than in basic/ (which is also for libraries).
2018-11-20 15:42:57 +01:00
#include "pretty-print.h"
util-lib: move /proc/cmdline parsing code to proc-cmdline.[ch]
2015-10-27 00:06:29 +01:00
#include "proc-cmdline.h"
core: order #includes in main.c
2015-09-23 01:04:46 +02:00
#include "process-util.h"
util-lib: Add sparc64 support for process creation (#3348) The current raw_clone function takes two arguments, the cloning flags and a pointer to the stack for the cloned child. The raw cloning without passing a "thread main" function does not make sense if a new stack is specified, as it returns in both the parent and the child, which will fail in the child as the stack is virgin. All uses of raw_clone indeed pass NULL for the stack pointer which indicates that both processes should share the stack address (so you better don't pass CLONE_VM). This commit refactors the code to not require the caller to pass the stack address, as NULL is the only sensible option. It also adds the magic code needed to make raw_clone work on sparc64, which does not return 0 in %o0 for the child, but indicates the child process by setting %o1 to non-zero. This refactoring is not plain aesthetic, because non-NULL stack addresses need to get mangled before being passed to the clone syscall (you have to apply STACK_BIAS), whereas NULL must not be mangled. Implementing the conditional mangling of the stack address would needlessly complicate the code. raw_clone is moved to a separete header, because the burden of including the assert machinery and sched.h shouldn't be applied to every user of missing_syscalls.h
2016-05-30 02:03:51 +02:00
#include "raw-clone.h"
util-lib: split out resource limits related calls into rlimit-util.[ch]
2015-10-26 19:40:43 +01:00
#include "rlimit-util.h"
build-sys: use #if Y instead of #ifdef Y everywhere The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
2017-10-03 10:41:51 +02:00
#if HAVE_SECCOMP
core: do not fail at step SECCOMP if there is no kernel support (#4004) Fixes #3882
2016-08-22 21:40:58 +02:00
#include "seccomp-util.h"
#endif
main: we want all setup functions to be in files called xxx-setup.[ch]
2012-04-12 14:28:43 +02:00
#include "selinux-setup.h"
core: order #includes in main.c
2015-09-23 01:04:46 +02:00
#include "selinux-util.h"
#include "signal-util.h"
core: mount and initialize Smack SMACK is the Simple Mandatory Access Control Kernel, a minimal approach to Access Control implemented as a kernel LSM. The kernel exposes the smackfs filesystem API through which access rules can be loaded. At boot time, we want to load the access rules as early as possible to ensure all early boot steps are checked by Smack. This patch mounts smackfs at the new location at /sys/fs/smackfs for kernels 3.8 and above. The /smack mountpoint is not supported. After mounting smackfs, rules are loaded from the usual location. For more information about Smack see: http://www.kernel.org/doc/Documentation/security/Smack.txt
2013-03-07 20:06:58 +01:00
#include "smack-setup.h"
core: order #includes in main.c
2015-09-23 01:04:46 +02:00
#include "special.h"
util-lib: split stat()/statfs()/stavfs() related calls into stat-util.[ch]
2015-10-26 22:01:44 +01:00
#include "stat-util.h"
util-lib: split out printf() helpers to stdio-util.h
2015-10-27 01:26:31 +01:00
#include "stdio-util.h"
core: order #includes in main.c
2015-09-23 01:04:46 +02:00
#include "strv.h"
#include "switch-root.h"
main: bump fs.nr_open + fs.max-file to their largest possible values After discussions with kernel folks, a system with memcg really shouldn't need extra hard limits on file descriptors anymore, as they are properly accounted for by memcg anyway. Hence, let's bump these values to their maximums. This also adds a build time option to turn thiss off, to cover those users who do not want to use memcg.
2018-10-11 18:23:26 +02:00
#include "sysctl-util.h"
core: order #includes in main.c
2015-09-23 01:04:46 +02:00
#include "terminal-util.h"
core: be more paranoid when mixing umask and fopen() Let's be extra careful with the umask when we use simple fopen(), as this creates files with 0777 by default.
2016-04-07 16:15:26 +02:00
#include "umask-util.h"
util-lib: split out user/group/uid/gid calls into user-util.[ch]
2015-10-25 22:32:30 +01:00
#include "user-util.h"
tree-wide: introduce disable_core_dumps helper and port existing users Changes the core_pattern to prevent any core dumps by the kernel. Does nothing if we're in a container environment as this is system wide setting.
2018-01-10 10:36:14 +01:00
#include "util.h"
core: order #includes in main.c
2015-09-23 01:04:46 +02:00
#include "virt.h"
#include "watchdog.h"
main: we want all setup functions to be in files called xxx-setup.[ch]
2012-04-12 14:28:43 +02:00
tests: reproduce https://github.com/systemd/systemd/issues/11251
2018-12-23 14:46:00 +01:00
#if HAS_FEATURE_ADDRESS_SANITIZER
#include <sanitizer/lsan_interface.h>
#endif
core: make TasksMax a partially dynamic property TasksMax= and DefaultTasksMax= can be specified as percentages. We don't actually document of what the percentage is relative to, but the implementation uses the smallest of /proc/sys/kernel/pid_max, /proc/sys/kernel/threads-max, and /sys/fs/cgroup/pids.max (when present). When the value is a percentage, we immediately convert it to an absolute value. If the limit later changes (which can happen e.g. when systemd-sysctl runs), the absolute value becomes outdated. So let's store either the percentage or absolute value, whatever was specified, and only convert to an absolute value when the value is used. For example, when starting a unit, the absolute value will be calculated when the cgroup for the unit is created. Fixes #13419.
2019-11-05 13:50:28 +01:00
#define DEFAULT_TASKS_MAX ((TasksMax) { 15U, 100U }) /* 15% */
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
static enum {
ACTION_RUN,
main: implement --test
2010-04-07 00:10:17 +02:00
ACTION_HELP,
systemd: add --version option systemd --version mirrors systemctl --version: $ ./systemd --version systemd 186 other +PAM +LIBWRAP +AUDIT +SELINUX +IMA +SYSVINIT -LIBCRYPTSETUP This information can be retrieved by other means (systemctl, etc.), but it's easier for a newbie if 'systemd --version' says something useful. And 'systemd --help' is already there, so let's complement that with '--version'.
2012-07-17 07:31:47 +02:00
ACTION_VERSION,
mount: implement mounting properly This also includes code that writes utmp/wtmp records when applicable, making use the mount infrastructure to detct when those files are accessible. Finally, this also introduces a --dump-configuration-items switch.
2010-04-10 17:53:17 +02:00
ACTION_TEST,
core: add --dump-bus-properties option to systemd If systemd is invoked with this option, this dumps all bus properties. This may be useful for shell completion for `systemctl --property`.
2018-05-28 11:13:19 +02:00
ACTION_DUMP_CONFIGURATION_ITEMS,
ACTION_DUMP_BUS_PROPERTIES,
main: add a native implementation of the 'nomodules' kernel option understood by fedora init scripts
2010-07-06 20:21:08 +02:00
} arg_action = ACTION_RUN;
pid1: when reloading configuration, forget old settings If we had a configuration setting from a configuration file, and it was removed, we'd still remember the old value, because there's was no mechanism to "reset" everything, just to assign new values. Note that the effect of this is limited. For settings that have an "ongoing" effect, like systemd.confirm_spawn, the new value is simply used. But some settings can only be set at start. In particular, CPUAffinity= will be updated if set to a new value, but if CPUAffinity= is fully removed, it will not be reset, simply because we don't know what to reset it to. We might have inherited a setting, or we might have set it ourselves. In principle we could remember the "original" value that was set when we were executed, but propagate this over reloads and reexecs, but that would be a lot of work for little gain. So this corner case of removal of CPUAffinity= is not handled fully, and a reboot is needed to execute the change. As a work-around, a full mask of CPUAffinity=0-8191 can be specified.
2019-05-24 09:41:44 +02:00
/* Those variables are initalized to 0 automatically, so we avoid uninitialized memory access.
* Real defaults are assigned in reset_arguments() below. */
static char *arg_default_unit;
static bool arg_system;
static bool arg_dump_core;
static int arg_crash_chvt;
static bool arg_crash_shell;
static bool arg_crash_reboot;
static char *arg_confirm_spawn;
static ShowStatus arg_show_status;
Add config and kernel commandline option to use short identifiers No functional change, just docs and configuration and parsing. v2: - change ShortIdentifiers=yes|no to StatusUnitFormat=name|description.
2019-06-06 19:22:20 +02:00
static StatusUnitFormat arg_status_unit_format;
pid1: when reloading configuration, forget old settings If we had a configuration setting from a configuration file, and it was removed, we'd still remember the old value, because there's was no mechanism to "reset" everything, just to assign new values. Note that the effect of this is limited. For settings that have an "ongoing" effect, like systemd.confirm_spawn, the new value is simply used. But some settings can only be set at start. In particular, CPUAffinity= will be updated if set to a new value, but if CPUAffinity= is fully removed, it will not be reset, simply because we don't know what to reset it to. We might have inherited a setting, or we might have set it ourselves. In principle we could remember the "original" value that was set when we were executed, but propagate this over reloads and reexecs, but that would be a lot of work for little gain. So this corner case of removal of CPUAffinity= is not handled fully, and a reboot is needed to execute the change. As a work-around, a full mask of CPUAffinity=0-8191 can be specified.
2019-05-24 09:41:44 +02:00
static bool arg_switched_root;
static PagerFlags arg_pager_flags;
static bool arg_service_watchdogs;
static ExecOutput arg_default_std_output;
static ExecOutput arg_default_std_error;
static usec_t arg_default_restart_usec;
static usec_t arg_default_timeout_start_usec;
static usec_t arg_default_timeout_stop_usec;
static usec_t arg_default_timeout_abort_usec;
static bool arg_default_timeout_abort_set;
static usec_t arg_default_start_limit_interval;
static unsigned arg_default_start_limit_burst;
static usec_t arg_runtime_watchdog;
core: rename ShutdownWatchdogSec to RebootWatchdogSec This option is only used on reboot, not on other types of shutdown modes, so it is misleading. Keep the old name working for backward compatibility, but remove it from the documentation.
2019-07-22 12:39:25 +02:00
static usec_t arg_reboot_watchdog;
core: add KExecWatchdogSec option Rather than always enabling the shutdown WD on kexec, which might be dangerous in case the kernel driver and/or the hardware implementation does not reset the wd on kexec, add a new timer, disabled by default, to let users optionally enable the shutdown WD on kexec separately from the runtime and reboot ones. Advise in the documentation to also use the runtime WD in conjunction with it. Fixes: a637d0f9ecbe ("core: set shutdown watchdog on kexec too")
2019-07-19 12:54:15 +02:00
static usec_t arg_kexec_watchdog;
pid1: when reloading configuration, forget old settings If we had a configuration setting from a configuration file, and it was removed, we'd still remember the old value, because there's was no mechanism to "reset" everything, just to assign new values. Note that the effect of this is limited. For settings that have an "ongoing" effect, like systemd.confirm_spawn, the new value is simply used. But some settings can only be set at start. In particular, CPUAffinity= will be updated if set to a new value, but if CPUAffinity= is fully removed, it will not be reset, simply because we don't know what to reset it to. We might have inherited a setting, or we might have set it ourselves. In principle we could remember the "original" value that was set when we were executed, but propagate this over reloads and reexecs, but that would be a lot of work for little gain. So this corner case of removal of CPUAffinity= is not handled fully, and a reboot is needed to execute the change. As a work-around, a full mask of CPUAffinity=0-8191 can be specified.
2019-05-24 09:41:44 +02:00
static char *arg_early_core_pattern;
static char *arg_watchdog_device;
static char **arg_default_environment;
static struct rlimit *arg_default_rlimit[_RLIMIT_MAX];
static uint64_t arg_capability_bounding_set;
static bool arg_no_new_privs;
static nsec_t arg_timer_slack_nsec;
static usec_t arg_default_timer_accuracy_usec;
static Set* arg_syscall_archs;
static FILE* arg_serialization;
static int arg_default_cpu_accounting;
static bool arg_default_io_accounting;
static bool arg_default_ip_accounting;
static bool arg_default_blockio_accounting;
static bool arg_default_memory_accounting;
static bool arg_default_tasks_accounting;
core: make TasksMax a partially dynamic property TasksMax= and DefaultTasksMax= can be specified as percentages. We don't actually document of what the percentage is relative to, but the implementation uses the smallest of /proc/sys/kernel/pid_max, /proc/sys/kernel/threads-max, and /sys/fs/cgroup/pids.max (when present). When the value is a percentage, we immediately convert it to an absolute value. If the limit later changes (which can happen e.g. when systemd-sysctl runs), the absolute value becomes outdated. So let's store either the percentage or absolute value, whatever was specified, and only convert to an absolute value when the value is used. For example, when starting a unit, the absolute value will be calculated when the cgroup for the unit is created. Fixes #13419.
2019-11-05 13:50:28 +01:00
static TasksMax arg_default_tasks_max;
pid1: when reloading configuration, forget old settings If we had a configuration setting from a configuration file, and it was removed, we'd still remember the old value, because there's was no mechanism to "reset" everything, just to assign new values. Note that the effect of this is limited. For settings that have an "ongoing" effect, like systemd.confirm_spawn, the new value is simply used. But some settings can only be set at start. In particular, CPUAffinity= will be updated if set to a new value, but if CPUAffinity= is fully removed, it will not be reset, simply because we don't know what to reset it to. We might have inherited a setting, or we might have set it ourselves. In principle we could remember the "original" value that was set when we were executed, but propagate this over reloads and reexecs, but that would be a lot of work for little gain. So this corner case of removal of CPUAffinity= is not handled fully, and a reboot is needed to execute the change. As a work-around, a full mask of CPUAffinity=0-8191 can be specified.
2019-05-24 09:41:44 +02:00
static sd_id128_t arg_machine_id;
static EmergencyAction arg_cad_burst_action;
static OOMPolicy arg_default_oom_policy;
static CPUSet arg_cpu_affinity;
core: introduce NUMAPolicy and NUMAMask options Make possible to set NUMA allocation policy for manager. Manager's policy is by default inherited to all forked off processes. However, it is possible to override the policy on per-service basis. Currently we support, these policies: default, prefer, bind, interleave, local. See man 2 set_mempolicy for details on each policy. Overall NUMA policy actually consists of two parts. Policy itself and bitmask representing NUMA nodes where is policy effective. Node mask can be specified using related option, NUMAMask. Default mask can be overwritten on per-service level.
2019-03-12 18:58:26 +01:00
static NUMAPolicy arg_numa_policy;
pid1: parse CPUAffinity= in incremental fashion This makes the handling of this option match what we do in unit files. I think consistency is important here. (As it happens, it is the only option in system.conf that is "non-atomic", i.e. where there's a list of things which can be split over multiple assignments. All other options are single-valued, so there's no issue of how to handle multiple assignments.)
2019-05-24 08:35:51 +02:00
pid1: rework environment block copy logic This reworks the logic introduced in a5cede8c24fddda9b73f142e09b18b49adde1b9c (#13693). First of all, let's move this out of util.c, since only PID 1 really needs this, and there's no real need to have it in util.c. Then, fix freeing of the variable. It previously relied on STATIC_DESTRUCTOR_REGISTER() which however relies on static_destruct() to be called explicitly. Currently only the main-func.h macros do that, and PID 1 does not. (It might be worth investigating whether to do that, but it's not trivial.) Hence the freeing wasn't applied. Finally, an OOM check was missing, add it in.
2019-11-01 11:26:05 +01:00
/* A copy of the original environment block */
static char **saved_env = NULL;
pid1: make sure to restore correct default values for some rlimits Commit fb39af4ce42d7ef9af63009f271f404038703704 forgot to restore the default rlimit values (RLIMIT_NOFILE and RLIMIT_MEMLOCK) while PID1 is reloading. This patch extracts the code in charge of initializing the default values for those rlimits in order to create dedicated functions, which take care of their initialization. These functions are then called in parse_configuration() so we make sure that the default values for these rlimits get restored every time PID1 is reloading its configuration.
2019-07-10 17:00:46 +02:00
static int parse_configuration(const struct rlimit *saved_rlimit_nofile,
const struct rlimit *saved_rlimit_memlock);
main: introduce configurable crash shell
2010-04-10 22:35:37 +02:00
main: don't freeze PID 1 in containers, exit with non-zero instead After all we have a nice way to propagate total failures, hence let's use it.
2018-11-20 13:16:48 +01:00
_noreturn_ static void freeze_or_exit_or_reboot(void) {
main: use _exit() rather than exit() in code potentially caled from signal handler
2019-03-14 13:14:47 +01:00
/* If we are running in a container, let's prefer exiting, after all we can propagate an exit code to
* the container manager, and thus inform it that something went wrong. */
main: don't freeze PID 1 in containers, exit with non-zero instead After all we have a nice way to propagate total failures, hence let's use it.
2018-11-20 13:16:48 +01:00
if (detect_container() > 0) {
log_emergency("Exiting PID 1...");
main: use _exit() rather than exit() in code potentially caled from signal handler
2019-03-14 13:14:47 +01:00
_exit(EXIT_EXCEPTION);
main: don't freeze PID 1 in containers, exit with non-zero instead After all we have a nice way to propagate total failures, hence let's use it.
2018-11-20 13:16:48 +01:00
}
core: rework crash handling This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-23 23:13:06 +02:00
if (arg_crash_reboot) {
log_notice("Rebooting in 10s...");
(void) sleep(10);
log_notice("Rebooting now...");
(void) reboot(RB_AUTOBOOT);
log_emergency_errno(errno, "Failed to reboot: %m");
}
log_emergency("Freezing execution.");
freeze();
}
basic/macros: rename noreturn into _noreturn_ (#8456) "noreturn" is reserved and can be used in other header files we include: [ 16s] In file included from /usr/include/gcrypt.h:30:0, [ 16s] from ../src/journal/journal-file.h:26, [ 16s] from ../src/journal/journal-vacuum.c:31: [ 16s] /usr/include/gpg-error.h:1544:46: error: expected ‘,’ or ‘;’ before ‘)’ token [ 16s] void gpgrt_log_bug (const char *fmt, ...) GPGRT_ATTR_NR_PRINTF(1,2); Here we include grcrypt.h (which in turns include gpg-error.h) *after* we "noreturn" was defined in macro.h.
2018-03-15 06:23:46 +01:00
_noreturn_ static void crash(int sig) {
core: always let the kernel reap zombies when we're about to freeze Regardless of whether we're going to spawn a crash shell or not, let the kernel reap zombies. It's more consistent this way.
2015-09-30 17:08:04 +02:00
struct sigaction sa;
pid_t pid;
main: install crash handler for creating core dumps
2010-04-10 21:40:40 +02:00
tree-wide: make use of getpid_cached() wherever we can This moves pretty much all uses of getpid() over to getpid_raw(). I didn't specifically check whether the optimization is worth it for each replacement, but in order to keep things simple and systematic I switched over everything at once.
2017-07-20 16:19:18 +02:00
if (getpid_cached() != 1)
core: don't do runaway fork()s if we hit a segfault from our segfault handler
2013-06-27 02:28:12 +02:00
/* Pass this on immediately, if this is not PID 1 */
main: minor clean-ups Add (void) casting for a couple of functions where we knowingly ignore the returning error code. Use EXIT_FAILURE where appropriate. Try to initialize structures at declaration time, or at once.
2015-09-23 01:06:56 +02:00
(void) raise(sig);
core: don't do runaway fork()s if we hit a segfault from our segfault handler
2013-06-27 02:28:12 +02:00
else if (!arg_dump_core)
manager: log some fatal errors at emergency level This adds a new log_emergency() function, which is equivalent to log_error() for non-PID-1, and logs at the highest priority for PID 1. Some messages which occur before freezing are converted to use it.
2014-11-06 06:04:06 +01:00
log_emergency("Caught <%s>, not dumping core.", signal_to_string(sig));
main: install crash handler for creating core dumps
2010-04-10 21:40:40 +02:00
else {
core: always let the kernel reap zombies when we're about to freeze Regardless of whether we're going to spawn a crash shell or not, let the kernel reap zombies. It's more consistent this way.
2015-09-30 17:08:04 +02:00
sa = (struct sigaction) {
util: unify implementation of NOP signal handler This is highly complex code after all, we really should make sure to only keep one implementation of this extremely difficult function around.
2015-09-23 01:32:44 +02:00
.sa_handler = nop_signal_handler,
Use initalization instead of explicit zeroing Before, we would initialize many fields twice: first by filling the structure with zeros, and then a second time with the real values. We can let the compiler do the job for us, avoiding one copy. A downside of this patch is that text gets slightly bigger. This is because all zero() calls are effectively inlined: $ size build/.libs/systemd text data bss dec hex filename before 897737 107300 2560 1007597 f5fed build/.libs/systemd after 897873 107300 2560 1007733 f6075 build/.libs/systemd … actually less than 1‰. A few asserts that the parameter is not null had to be removed. I don't think this changes much, because first, it is quite unlikely for the assert to fail, and second, an immediate SEGV is almost as good as an assert.
2013-03-25 00:59:00 +01:00
.sa_flags = SA_NOCLDSTOP|SA_RESTART,
};
main: install crash handler for creating core dumps
2010-04-10 21:40:40 +02:00
main: run crash shell as subprocess, so that we can gdb pid 1
2010-04-13 20:26:54 +02:00
/* We want to wait for the core process, hence let's enable SIGCHLD */
main: minor clean-ups Add (void) casting for a couple of functions where we knowingly ignore the returning error code. Use EXIT_FAILURE where appropriate. Try to initialize structures at declaration time, or at once.
2015-09-23 01:06:56 +02:00
(void) sigaction(SIGCHLD, &sa, NULL);
main: run crash shell as subprocess, so that we can gdb pid 1
2010-04-13 20:26:54 +02:00
util-lib: Add sparc64 support for process creation (#3348) The current raw_clone function takes two arguments, the cloning flags and a pointer to the stack for the cloned child. The raw cloning without passing a "thread main" function does not make sense if a new stack is specified, as it returns in both the parent and the child, which will fail in the child as the stack is virgin. All uses of raw_clone indeed pass NULL for the stack pointer which indicates that both processes should share the stack address (so you better don't pass CLONE_VM). This commit refactors the code to not require the caller to pass the stack address, as NULL is the only sensible option. It also adds the magic code needed to make raw_clone work on sparc64, which does not return 0 in %o0 for the child, but indicates the child process by setting %o1 to non-zero. This refactoring is not plain aesthetic, because non-NULL stack addresses need to get mangled before being passed to the clone syscall (you have to apply STACK_BIAS), whereas NULL must not be mangled. Implementing the conditional mangling of the stack address would needlessly complicate the code. raw_clone is moved to a separete header, because the burden of including the assert machinery and sched.h shouldn't be applied to every user of missing_syscalls.h
2016-05-30 02:03:51 +02:00
pid = raw_clone(SIGCHLD);
Modernization Use _cleanup_ and wrap lines to ~80 chars and such.
2013-03-25 00:45:16 +01:00
if (pid < 0)
treewide: use log_*_errno whenever %m is in the format string If the format string contains %m, clearly errno must have a meaningful value, so we might as well use log_*_errno to have ERRNO= logged. Using: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\((".*%m.*")/log_\1_errno(errno, \2/' Plus some whitespace, linewrap, and indent adjustments.
2014-11-28 19:29:59 +01:00
log_emergency_errno(errno, "Caught <%s>, cannot fork for core dump: %m", signal_to_string(sig));
main: install crash handler for creating core dumps
2010-04-10 21:40:40 +02:00
else if (pid == 0) {
/* Enable default signal handler for core dump */
core: set RLIMIT_CORE to unlimited by default The kernel sets RLIMIT_CORE to 0 by default. Let's bump this to unlimited by default (for systemd itself and all processes we fork off), so that the coredump hooks have an effect if they honour it. Bumping RLIMIT_CORE of course would have the effect that "core" files will end up on the system at various places, if no coredump hook is used. To avoid this, make sure PID1 sets the core pattern to the empty string by default, so that this logic is disabled. This change in defaults should be useful for all systems where coredump hooks are used, as it allows useful usage of RLIMIT_CORE from these hooks again. OTOH systems that expect that coredumps are placed under the name "core" in the current directory will break with this change. Given how questionnable this behaviour is, and given that no common distro makes use of this by default it shouldn't be too much of a loss. Also, the old behaviour may be restored by explicitly configuring a "core_pattern" of "core", and setting the default system RLIMIT_CORE to 0 again via system.conf.
2016-02-08 22:30:58 +01:00
main: minor clean-ups Add (void) casting for a couple of functions where we knowingly ignore the returning error code. Use EXIT_FAILURE where appropriate. Try to initialize structures at declaration time, or at once.
2015-09-23 01:06:56 +02:00
sa = (struct sigaction) {
.sa_handler = SIG_DFL,
};
(void) sigaction(sig, &sa, NULL);
main: install crash handler for creating core dumps
2010-04-10 21:40:40 +02:00
core: set RLIMIT_CORE to unlimited by default The kernel sets RLIMIT_CORE to 0 by default. Let's bump this to unlimited by default (for systemd itself and all processes we fork off), so that the coredump hooks have an effect if they honour it. Bumping RLIMIT_CORE of course would have the effect that "core" files will end up on the system at various places, if no coredump hook is used. To avoid this, make sure PID1 sets the core pattern to the empty string by default, so that this logic is disabled. This change in defaults should be useful for all systems where coredump hooks are used, as it allows useful usage of RLIMIT_CORE from these hooks again. OTOH systems that expect that coredumps are placed under the name "core" in the current directory will break with this change. Given how questionnable this behaviour is, and given that no common distro makes use of this by default it shouldn't be too much of a loss. Also, the old behaviour may be restored by explicitly configuring a "core_pattern" of "core", and setting the default system RLIMIT_CORE to 0 again via system.conf.
2016-02-08 22:30:58 +01:00
/* Don't limit the coredump size */
(void) setrlimit(RLIMIT_CORE, &RLIMIT_MAKE_CONST(RLIM_INFINITY));
main: install crash handler for creating core dumps
2010-04-10 21:40:40 +02:00
/* Just to be sure... */
Add (void) where we don't care about return value
2015-03-15 22:17:24 +01:00
(void) chdir("/");
main: install crash handler for creating core dumps
2010-04-10 21:40:40 +02:00
/* Raise the signal again */
core: use raw_clone instead of fork in signal handler fork() is not async-signal-safe and calling it from the signal handler could result in a deadlock when at_fork() handlers are called. Using the raw clone() syscall sidesteps that problem. The tricky part is that raise() does not work, since getpid() does not work. Add raw_getpid() to get the real pid, and use kill() instead of raise(). https://bugs.freedesktop.org/show_bug.cgi?id=86604
2014-12-17 05:53:23 +01:00
pid = raw_getpid();
main: minor clean-ups Add (void) casting for a couple of functions where we knowingly ignore the returning error code. Use EXIT_FAILURE where appropriate. Try to initialize structures at declaration time, or at once.
2015-09-23 01:06:56 +02:00
(void) kill(pid, sig); /* raise() would kill the parent */
main: install crash handler for creating core dumps
2010-04-10 21:40:40 +02:00
assert_not_reached("We shouldn't be here...");
main: use EXIT_EXCEPTION instead of EXIT_FAILURE at two more exceptional places
2018-11-20 17:03:35 +01:00
_exit(EXIT_EXCEPTION);
main: introduce configurable crash shell
2010-04-10 22:35:37 +02:00
} else {
util: use waitid() instead of waitpid() everywhere to avoid confusion due to SIGSTOP
2010-09-15 14:48:59 +02:00
siginfo_t status;
int r;
main: introduce configurable crash shell
2010-04-10 22:35:37 +02:00
/* Order things nicely. */
Modernization Use _cleanup_ and wrap lines to ~80 chars and such.
2013-03-25 00:45:16 +01:00
r = wait_for_terminate(pid, &status);
if (r < 0)
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 13:19:16 +01:00
log_emergency_errno(r, "Caught <%s>, waitpid() failed: %m", signal_to_string(sig));
shared/exit-status: turn status level into a bitmask, add "test" The "test" doesn't really test much automatically, but it is still useful to look at the mappings.
2019-07-28 10:13:21 +02:00
else if (status.si_code != CLD_DUMPED) {
const char *s = status.si_code == CLD_EXITED
exit-status: rename EXIT_STATUS_GLIBC → EXIT_STATUS_LIBC After all these two exit codes are defined by ISO C as part of the C library, and it's not the GNU implementation defines them.
2019-07-29 19:05:25 +02:00
? exit_status_to_string(status.si_status, EXIT_STATUS_LIBC)
shared/exit-status: turn status level into a bitmask, add "test" The "test" doesn't really test much automatically, but it is still useful to look at the mappings.
2019-07-28 10:13:21 +02:00
: signal_to_string(status.si_status);
core: use raw_clone instead of fork in signal handler fork() is not async-signal-safe and calling it from the signal handler could result in a deadlock when at_fork() handlers are called. Using the raw clone() syscall sidesteps that problem. The tricky part is that raise() does not work, since getpid() does not work. Add raw_getpid() to get the real pid, and use kill() instead of raise(). https://bugs.freedesktop.org/show_bug.cgi?id=86604
2014-12-17 05:53:23 +01:00
log_emergency("Caught <%s>, core dump failed (child "PID_FMT", code=%s, status=%i/%s).",
signal_to_string(sig),
shared/exit-status: turn status level into a bitmask, add "test" The "test" doesn't really test much automatically, but it is still useful to look at the mappings.
2019-07-28 10:13:21 +02:00
pid,
sigchld_code_to_string(status.si_code),
status.si_status, strna(s));
} else
log_emergency("Caught <%s>, dumped core as pid "PID_FMT".",
signal_to_string(sig), pid);
main: install crash handler for creating core dumps
2010-04-10 21:40:40 +02:00
}
}
core: rework crash handling This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-23 23:13:06 +02:00
if (arg_crash_chvt >= 0)
main: minor clean-ups Add (void) casting for a couple of functions where we knowingly ignore the returning error code. Use EXIT_FAILURE where appropriate. Try to initialize structures at declaration time, or at once.
2015-09-23 01:06:56 +02:00
(void) chvt(arg_crash_chvt);
main: switch to primary console vt on crash
2010-04-10 23:36:43 +02:00
core: always let the kernel reap zombies when we're about to freeze Regardless of whether we're going to spawn a crash shell or not, let the kernel reap zombies. It's more consistent this way.
2015-09-30 17:08:04 +02:00
sa = (struct sigaction) {
.sa_handler = SIG_IGN,
.sa_flags = SA_NOCLDSTOP|SA_NOCLDWAIT|SA_RESTART,
};
/* Let the kernel reap children for us */
(void) sigaction(SIGCHLD, &sa, NULL);
main: try to block signals before executing crash shell
2010-04-13 04:07:19 +02:00
core: always let the kernel reap zombies when we're about to freeze Regardless of whether we're going to spawn a crash shell or not, let the kernel reap zombies. It's more consistent this way.
2015-09-30 17:08:04 +02:00
if (arg_crash_shell) {
core: rework crash handling This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-23 23:13:06 +02:00
log_notice("Executing crash shell in 10s...");
main: minor clean-ups Add (void) casting for a couple of functions where we knowingly ignore the returning error code. Use EXIT_FAILURE where appropriate. Try to initialize structures at declaration time, or at once.
2015-09-23 01:06:56 +02:00
(void) sleep(10);
main: introduce configurable crash shell
2010-04-10 22:35:37 +02:00
util-lib: Add sparc64 support for process creation (#3348) The current raw_clone function takes two arguments, the cloning flags and a pointer to the stack for the cloned child. The raw cloning without passing a "thread main" function does not make sense if a new stack is specified, as it returns in both the parent and the child, which will fail in the child as the stack is virgin. All uses of raw_clone indeed pass NULL for the stack pointer which indicates that both processes should share the stack address (so you better don't pass CLONE_VM). This commit refactors the code to not require the caller to pass the stack address, as NULL is the only sensible option. It also adds the magic code needed to make raw_clone work on sparc64, which does not return 0 in %o0 for the child, but indicates the child process by setting %o1 to non-zero. This refactoring is not plain aesthetic, because non-NULL stack addresses need to get mangled before being passed to the clone syscall (you have to apply STACK_BIAS), whereas NULL must not be mangled. Implementing the conditional mangling of the stack address would needlessly complicate the code. raw_clone is moved to a separete header, because the burden of including the assert machinery and sched.h shouldn't be applied to every user of missing_syscalls.h
2016-05-30 02:03:51 +02:00
pid = raw_clone(SIGCHLD);
switch-root: reopen /dev/console before we switch root
2012-07-10 19:19:59 +02:00
if (pid < 0)
treewide: use log_*_errno whenever %m is in the format string If the format string contains %m, clearly errno must have a meaningful value, so we might as well use log_*_errno to have ERRNO= logged. Using: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\((".*%m.*")/log_\1_errno(errno, \2/' Plus some whitespace, linewrap, and indent adjustments.
2014-11-28 19:29:59 +01:00
log_emergency_errno(errno, "Failed to fork off crash shell: %m");
main: run crash shell as subprocess, so that we can gdb pid 1
2010-04-13 20:26:54 +02:00
else if (pid == 0) {
core: rework crash handling This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-23 23:13:06 +02:00
(void) setsid();
main: minor clean-ups Add (void) casting for a couple of functions where we knowingly ignore the returning error code. Use EXIT_FAILURE where appropriate. Try to initialize structures at declaration time, or at once.
2015-09-23 01:06:56 +02:00
(void) make_console_stdio();
tree-wide: invoke rlimit_nofile_safe() before various exec{v,ve,l}() invocations Whenever we invoke external, foreign code from code that has RLIMIT_NOFILE's soft limit bumped to high values, revert it to 1024 first. This is a safety precaution for compatibility with programs using select() which cannot operate with fds > 1024. This commit adds the call to rlimit_nofile_safe() to all invocations of exec{v,ve,l}() and friends that either are in code that we know runs with RLIMIT_NOFILE bumped up (which is PID 1 and all journal code for starters) or that is part of shared code that might end up there. The calls are placed as early as we can in processes invoking a flavour of execve(), but after the last time we do fd manipulations, so that we can still take benefit of the high fd limits for that.
2018-11-26 16:06:26 +01:00
(void) rlimit_nofile_safe();
main: minor clean-ups Add (void) casting for a couple of functions where we knowingly ignore the returning error code. Use EXIT_FAILURE where appropriate. Try to initialize structures at declaration time, or at once.
2015-09-23 01:06:56 +02:00
(void) execle("/bin/sh", "/bin/sh", NULL, environ);
main: run crash shell as subprocess, so that we can gdb pid 1
2010-04-13 20:26:54 +02:00
core: use raw_clone instead of fork in signal handler fork() is not async-signal-safe and calling it from the signal handler could result in a deadlock when at_fork() handlers are called. Using the raw clone() syscall sidesteps that problem. The tricky part is that raise() does not work, since getpid() does not work. Add raw_getpid() to get the real pid, and use kill() instead of raise(). https://bugs.freedesktop.org/show_bug.cgi?id=86604
2014-12-17 05:53:23 +01:00
log_emergency_errno(errno, "execle() failed: %m");
main: use EXIT_EXCEPTION instead of EXIT_FAILURE at two more exceptional places
2018-11-20 17:03:35 +01:00
_exit(EXIT_EXCEPTION);
core: rework crash handling This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-23 23:13:06 +02:00
} else {
log_info("Spawned crash shell as PID "PID_FMT".", pid);
core: change how crash_shell and crash_reboot interact Instead of freezing in PID1 and letting the forked child freeze or reboot when exec("/bin/sh") fails, just wait for the child's exit and then do the freeze_or_reboot in PID1 as usual. This means that when both crash_shell and crash_reboot are enabled, the system will reboot after the shell exits.
2015-09-30 15:12:19 +02:00
(void) wait_for_terminate(pid, NULL);
core: rework crash handling This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-23 23:13:06 +02:00
}
main: introduce configurable crash shell
2010-04-10 22:35:37 +02:00
}
main: don't freeze PID 1 in containers, exit with non-zero instead After all we have a nice way to propagate total failures, hence let's use it.
2018-11-20 13:16:48 +01:00
freeze_or_exit_or_reboot();
main: install crash handler for creating core dumps
2010-04-10 21:40:40 +02:00
}
static void install_crash_handler(void) {
core: explain why failing to set up the crash handler is not a real problem http://lists.freedesktop.org/archives/systemd-devel/2015-January/027428.html
2015-01-27 01:47:37 +01:00
static const struct sigaction sa = {
Use initalization instead of explicit zeroing Before, we would initialize many fields twice: first by filling the structure with zeros, and then a second time with the real values. We can let the compiler do the job for us, avoiding one copy. A downside of this patch is that text gets slightly bigger. This is because all zero() calls are effectively inlined: $ size build/.libs/systemd text data bss dec hex filename before 897737 107300 2560 1007597 f5fed build/.libs/systemd after 897873 107300 2560 1007733 f6075 build/.libs/systemd … actually less than 1‰. A few asserts that the parameter is not null had to be removed. I don't think this changes much, because first, it is quite unlikely for the assert to fail, and second, an immediate SEGV is almost as good as an assert.
2013-03-25 00:59:00 +01:00
.sa_handler = crash,
core: explain why failing to set up the crash handler is not a real problem http://lists.freedesktop.org/archives/systemd-devel/2015-January/027428.html
2015-01-27 01:47:37 +01:00
.sa_flags = SA_NODEFER, /* So that we can raise the signal again from the signal handler */
Use initalization instead of explicit zeroing Before, we would initialize many fields twice: first by filling the structure with zeros, and then a second time with the real values. We can let the compiler do the job for us, avoiding one copy. A downside of this patch is that text gets slightly bigger. This is because all zero() calls are effectively inlined: $ size build/.libs/systemd text data bss dec hex filename before 897737 107300 2560 1007597 f5fed build/.libs/systemd after 897873 107300 2560 1007733 f6075 build/.libs/systemd … actually less than 1‰. A few asserts that the parameter is not null had to be removed. I don't think this changes much, because first, it is quite unlikely for the assert to fail, and second, an immediate SEGV is almost as good as an assert.
2013-03-25 00:59:00 +01:00
};
core: explain why failing to set up the crash handler is not a real problem http://lists.freedesktop.org/archives/systemd-devel/2015-January/027428.html
2015-01-27 01:47:37 +01:00
int r;
main: install crash handler for creating core dumps
2010-04-10 21:40:40 +02:00
core: explain why failing to set up the crash handler is not a real problem http://lists.freedesktop.org/archives/systemd-devel/2015-January/027428.html
2015-01-27 01:47:37 +01:00
/* We ignore the return value here, since, we don't mind if we
* cannot set up a crash handler */
r = sigaction_many(&sa, SIGNALS_CRASH_HANDLER, -1);
if (r < 0)
log_debug_errno(r, "I had trouble setting up the crash handler, ignoring: %m");
main: install crash handler for creating core dumps
2010-04-10 21:40:40 +02:00
}
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
main: minor code modernization for initializing the console
2014-08-15 18:01:52 +02:00
static int console_setup(void) {
_cleanup_close_ int tty_fd = -1;
int r;
rework tty handling We now make sure to run all services in their own session, possibly with a controlling terminal. This also extends the service and socket state machines a little.
2010-04-13 02:06:27 +02:00
main: don't force text mode in console_setup() When systemd starts, plymouth may be already displaying progress graphically. Do not switch the console to text mode at that time. All other users of reset_terminal_fd() do the switch as before. This avoids a graphical glitch with plymouth, especially visible with vesafb, but could be also seen as a sub-second blink with radeon. https://bugzilla.redhat.com/show_bug.cgi?id=785548
2012-01-29 21:55:51 +01:00
tty_fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
treewide: more log_*_errno + return simplifications
2014-11-28 18:23:20 +01:00
if (tty_fd < 0)
return log_error_errno(tty_fd, "Failed to open /dev/console: %m");
rework tty handling We now make sure to run all services in their own session, possibly with a controlling terminal. This also extends the service and socket state machines a little.
2010-04-13 02:06:27 +02:00
main: minor code modernization for initializing the console
2014-08-15 18:01:52 +02:00
/* We don't want to force text mode. plymouth may be showing
* pictures already from initrd. */
main: don't force text mode in console_setup() When systemd starts, plymouth may be already displaying progress graphically. Do not switch the console to text mode at that time. All other users of reset_terminal_fd() do the switch as before. This avoids a graphical glitch with plymouth, especially visible with vesafb, but could be also seen as a sub-second blink with radeon. https://bugzilla.redhat.com/show_bug.cgi?id=785548
2012-01-29 21:55:51 +01:00
r = reset_terminal_fd(tty_fd, false);
treewide: more log_*_errno + return simplifications
2014-11-28 18:23:20 +01:00
if (r < 0)
return log_error_errno(r, "Failed to reset /dev/console: %m");
log: rework logging logic so that we don't keep /dev/console open
2010-05-15 17:25:08 +02:00
main: minor code modernization for initializing the console
2014-08-15 18:01:52 +02:00
return 0;
rework tty handling We now make sure to run all services in their own session, possibly with a controlling terminal. This also extends the service and socket state machines a little.
2010-04-13 02:06:27 +02:00
}
core: Add machine-id setting Allow for overriding all other machine-ids which may be present on the system using a kernel command line systemd.machine_id or --machine-id= option. This is especially useful for network booted systems where the machine-id needs to be static, or for containers where a specific machine-id is wanted.
2015-07-06 00:00:59 +02:00
static int set_machine_id(const char *m) {
main: make sure set_machine_id() doesn't clobber arg_machine_id on failure
2016-07-21 20:22:42 +02:00
sd_id128_t t;
core: introduce activation rate limiting for socket units This adds two new settings TriggerLimitIntervalSec= and TriggerLimitBurst= that define a rate limit for activation of socket units. When the limit is hit, the socket is is put into a failure mode. This is an alternative fix for #2467, since the original fix resulted in issue #2684. In a later commit the StartLimitInterval=/StartLimitBurst= rate limiter will be changed to be applied after any start conditions checks are made. This way, there are two separate rate limiters enforced: one at triggering time, before any jobs are queued with this patch, as well as the start limit that is moved again to be run immediately before the unit is activated. Condition checks are done in between the two, and thus no longer affect the start limit.
2016-04-26 20:26:15 +02:00
assert(m);
core: Add machine-id setting Allow for overriding all other machine-ids which may be present on the system using a kernel command line systemd.machine_id or --machine-id= option. This is especially useful for network booted systems where the machine-id needs to be static, or for containers where a specific machine-id is wanted.
2015-07-06 00:00:59 +02:00
main: make sure set_machine_id() doesn't clobber arg_machine_id on failure
2016-07-21 20:22:42 +02:00
if (sd_id128_from_string(m, &t) < 0)
core: Add machine-id setting Allow for overriding all other machine-ids which may be present on the system using a kernel command line systemd.machine_id or --machine-id= option. This is especially useful for network booted systems where the machine-id needs to be static, or for containers where a specific machine-id is wanted.
2015-07-06 00:00:59 +02:00
return -EINVAL;
main: make sure set_machine_id() doesn't clobber arg_machine_id on failure
2016-07-21 20:22:42 +02:00
if (sd_id128_is_null(t))
core: Add machine-id setting Allow for overriding all other machine-ids which may be present on the system using a kernel command line systemd.machine_id or --machine-id= option. This is especially useful for network booted systems where the machine-id needs to be static, or for containers where a specific machine-id is wanted.
2015-07-06 00:00:59 +02:00
return -EINVAL;
main: make sure set_machine_id() doesn't clobber arg_machine_id on failure
2016-07-21 20:22:42 +02:00
arg_machine_id = t;
core: Add machine-id setting Allow for overriding all other machine-ids which may be present on the system using a kernel command line systemd.machine_id or --machine-id= option. This is especially useful for network booted systems where the machine-id needs to be static, or for containers where a specific machine-id is wanted.
2015-07-06 00:00:59 +02:00
return 0;
}
tree-wide: allow state to be passed through to parse_proc_cmdline_item No functional change.
2016-10-22 20:24:52 +02:00
static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
util: move more intellegince into parse_proc_cmdline() Already split variable assignments before invoking the callback. And drop "rd." settings if we are not in an initrd.
2014-03-06 17:05:55 +01:00
int r;
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
util: move more intellegince into parse_proc_cmdline() Already split variable assignments before invoking the callback. And drop "rd." settings if we are not in an initrd.
2014-03-06 17:05:55 +01:00
assert(key);
auto-getty: rework auto console getty logic to work in conjunction with single user mode
2010-08-17 03:29:46 +02:00
util-lib: various improvements to kernel command line parsing This improves kernel command line parsing in a number of ways: a) An kernel option "foo_bar=xyz" is now considered equivalent to "foo-bar-xyz", i.e. when comparing kernel command line option names "-" and "_" are now considered equivalent (this only applies to the option names though, not the option values!). Most of our kernel options used "-" as word separator in kernel command line options so far, but some used "_". With this change, which was a source of confusion for users (well, at least of one user: myself, I just couldn't remember that it's systemd.debug-shell, not systemd.debug_shell). Considering both as equivalent is inspired how modern kernel module loading normalizes all kernel module names to use underscores now too. b) All options previously using a dash for separating words in kernel command line options now use an underscore instead, in all documentation and in code. Since a) has been implemented this should not create any compatibility problems, but normalizes our documentation and our code. c) All kernel command line options which take booleans (or are boolean-like) have been reworked so that "foobar" (without argument) is now equivalent to "foobar=1" (but not "foobar=0"), thus normalizing the handling of our boolean arguments. Specifically this means systemd.debug-shell and systemd_debug_shell=1 are now entirely equivalent. d) All kernel command line options which take an argument, and where no argument is specified will now result in a log message. e.g. passing just "systemd.unit" will no result in a complain that it needs an argument. This is implemented in the proc_cmdline_missing_value() function. e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key() that parses booleans (following the logic explained in c). f) The proc_cmdline_parse() call's boolean argument has been replaced by a new flags argument that takes a common set of bits with proc_cmdline_get_key(). g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix. h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
if (STR_IN_SET(key, "systemd.unit", "rd.systemd.unit")) {
main: properly queue default.target after switched root This also introduces rd.systemd.unit= to specify the unit to boot into in the initrd.
2012-05-22 02:35:22 +02:00
util-lib: various improvements to kernel command line parsing This improves kernel command line parsing in a number of ways: a) An kernel option "foo_bar=xyz" is now considered equivalent to "foo-bar-xyz", i.e. when comparing kernel command line option names "-" and "_" are now considered equivalent (this only applies to the option names though, not the option values!). Most of our kernel options used "-" as word separator in kernel command line options so far, but some used "_". With this change, which was a source of confusion for users (well, at least of one user: myself, I just couldn't remember that it's systemd.debug-shell, not systemd.debug_shell). Considering both as equivalent is inspired how modern kernel module loading normalizes all kernel module names to use underscores now too. b) All options previously using a dash for separating words in kernel command line options now use an underscore instead, in all documentation and in code. Since a) has been implemented this should not create any compatibility problems, but normalizes our documentation and our code. c) All kernel command line options which take booleans (or are boolean-like) have been reworked so that "foobar" (without argument) is now equivalent to "foobar=1" (but not "foobar=0"), thus normalizing the handling of our boolean arguments. Specifically this means systemd.debug-shell and systemd_debug_shell=1 are now entirely equivalent. d) All kernel command line options which take an argument, and where no argument is specified will now result in a log message. e.g. passing just "systemd.unit" will no result in a complain that it needs an argument. This is implemented in the proc_cmdline_missing_value() function. e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key() that parses booleans (following the logic explained in c). f) The proc_cmdline_parse() call's boolean argument has been replaced by a new flags argument that takes a common set of bits with proc_cmdline_get_key(). g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix. h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
if (proc_cmdline_value_missing(key, value))
return 0;
main: properly queue default.target after switched root This also introduces rd.systemd.unit= to specify the unit to boot into in the initrd.
2012-05-22 02:35:22 +02:00
util-lib: various improvements to kernel command line parsing This improves kernel command line parsing in a number of ways: a) An kernel option "foo_bar=xyz" is now considered equivalent to "foo-bar-xyz", i.e. when comparing kernel command line option names "-" and "_" are now considered equivalent (this only applies to the option names though, not the option values!). Most of our kernel options used "-" as word separator in kernel command line options so far, but some used "_". With this change, which was a source of confusion for users (well, at least of one user: myself, I just couldn't remember that it's systemd.debug-shell, not systemd.debug_shell). Considering both as equivalent is inspired how modern kernel module loading normalizes all kernel module names to use underscores now too. b) All options previously using a dash for separating words in kernel command line options now use an underscore instead, in all documentation and in code. Since a) has been implemented this should not create any compatibility problems, but normalizes our documentation and our code. c) All kernel command line options which take booleans (or are boolean-like) have been reworked so that "foobar" (without argument) is now equivalent to "foobar=1" (but not "foobar=0"), thus normalizing the handling of our boolean arguments. Specifically this means systemd.debug-shell and systemd_debug_shell=1 are now entirely equivalent. d) All kernel command line options which take an argument, and where no argument is specified will now result in a log message. e.g. passing just "systemd.unit" will no result in a complain that it needs an argument. This is implemented in the proc_cmdline_missing_value() function. e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key() that parses booleans (following the logic explained in c). f) The proc_cmdline_parse() call's boolean argument has been replaced by a new flags argument that takes a common set of bits with proc_cmdline_get_key(). g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix. h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
if (!unit_name_is_valid(value, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE))
log_warning("Unit name specified on %s= is not valid, ignoring: %s", key, value);
else if (in_initrd() == !!startswith(key, "rd.")) {
if (free_and_strdup(&arg_default_unit, value) < 0)
return log_oom();
}
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
util-lib: various improvements to kernel command line parsing This improves kernel command line parsing in a number of ways: a) An kernel option "foo_bar=xyz" is now considered equivalent to "foo-bar-xyz", i.e. when comparing kernel command line option names "-" and "_" are now considered equivalent (this only applies to the option names though, not the option values!). Most of our kernel options used "-" as word separator in kernel command line options so far, but some used "_". With this change, which was a source of confusion for users (well, at least of one user: myself, I just couldn't remember that it's systemd.debug-shell, not systemd.debug_shell). Considering both as equivalent is inspired how modern kernel module loading normalizes all kernel module names to use underscores now too. b) All options previously using a dash for separating words in kernel command line options now use an underscore instead, in all documentation and in code. Since a) has been implemented this should not create any compatibility problems, but normalizes our documentation and our code. c) All kernel command line options which take booleans (or are boolean-like) have been reworked so that "foobar" (without argument) is now equivalent to "foobar=1" (but not "foobar=0"), thus normalizing the handling of our boolean arguments. Specifically this means systemd.debug-shell and systemd_debug_shell=1 are now entirely equivalent. d) All kernel command line options which take an argument, and where no argument is specified will now result in a log message. e.g. passing just "systemd.unit" will no result in a complain that it needs an argument. This is implemented in the proc_cmdline_missing_value() function. e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key() that parses booleans (following the logic explained in c). f) The proc_cmdline_parse() call's boolean argument has been replaced by a new flags argument that takes a common set of bits with proc_cmdline_get_key(). g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix. h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
} else if (proc_cmdline_key_streq(key, "systemd.dump_core")) {
main: introduce configurable crash shell
2010-04-10 22:35:37 +02:00
util-lib: various improvements to kernel command line parsing This improves kernel command line parsing in a number of ways: a) An kernel option "foo_bar=xyz" is now considered equivalent to "foo-bar-xyz", i.e. when comparing kernel command line option names "-" and "_" are now considered equivalent (this only applies to the option names though, not the option values!). Most of our kernel options used "-" as word separator in kernel command line options so far, but some used "_". With this change, which was a source of confusion for users (well, at least of one user: myself, I just couldn't remember that it's systemd.debug-shell, not systemd.debug_shell). Considering both as equivalent is inspired how modern kernel module loading normalizes all kernel module names to use underscores now too. b) All options previously using a dash for separating words in kernel command line options now use an underscore instead, in all documentation and in code. Since a) has been implemented this should not create any compatibility problems, but normalizes our documentation and our code. c) All kernel command line options which take booleans (or are boolean-like) have been reworked so that "foobar" (without argument) is now equivalent to "foobar=1" (but not "foobar=0"), thus normalizing the handling of our boolean arguments. Specifically this means systemd.debug-shell and systemd_debug_shell=1 are now entirely equivalent. d) All kernel command line options which take an argument, and where no argument is specified will now result in a log message. e.g. passing just "systemd.unit" will no result in a complain that it needs an argument. This is implemented in the proc_cmdline_missing_value() function. e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key() that parses booleans (following the logic explained in c). f) The proc_cmdline_parse() call's boolean argument has been replaced by a new flags argument that takes a common set of bits with proc_cmdline_get_key(). g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix. h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
r = value ? parse_boolean(value) : true;
Some modernizations
2014-02-16 00:10:36 +01:00
if (r < 0)
core: include error cause in log message
2018-10-19 18:40:42 +02:00
log_warning_errno(r, "Failed to parse dump core switch %s, ignoring: %m", value);
main: introduce configurable crash shell
2010-04-10 22:35:37 +02:00
else
main: add a native implementation of the 'nomodules' kernel option understood by fedora init scripts
2010-07-06 20:21:08 +02:00
arg_dump_core = r;
main: introduce configurable crash shell
2010-04-10 22:35:37 +02:00
core: introduce systemd.early_core_pattern= kernel cmdline option Until a core dump handler is installed by systemd-sysctl, the generation of core dump for services is turned OFF which can make the debugging of the early boot process harder especially since there's no easy way to restore the core dump generation. This patch introduces a new kernel command line option which specifies an absolute path where the kernel should write the core dump file when an early process crashes. This will take effect until systemd-coredump (or any other handlers) takes over.
2018-10-08 16:09:59 +02:00
} else if (proc_cmdline_key_streq(key, "systemd.early_core_pattern")) {
if (proc_cmdline_value_missing(key, value))
return 0;
if (path_is_absolute(value))
(void) parse_path_argument_and_warn(value, false, &arg_early_core_pattern);
else
log_warning("Specified core pattern '%s' is not an absolute path, ignoring.", value);
util-lib: various improvements to kernel command line parsing This improves kernel command line parsing in a number of ways: a) An kernel option "foo_bar=xyz" is now considered equivalent to "foo-bar-xyz", i.e. when comparing kernel command line option names "-" and "_" are now considered equivalent (this only applies to the option names though, not the option values!). Most of our kernel options used "-" as word separator in kernel command line options so far, but some used "_". With this change, which was a source of confusion for users (well, at least of one user: myself, I just couldn't remember that it's systemd.debug-shell, not systemd.debug_shell). Considering both as equivalent is inspired how modern kernel module loading normalizes all kernel module names to use underscores now too. b) All options previously using a dash for separating words in kernel command line options now use an underscore instead, in all documentation and in code. Since a) has been implemented this should not create any compatibility problems, but normalizes our documentation and our code. c) All kernel command line options which take booleans (or are boolean-like) have been reworked so that "foobar" (without argument) is now equivalent to "foobar=1" (but not "foobar=0"), thus normalizing the handling of our boolean arguments. Specifically this means systemd.debug-shell and systemd_debug_shell=1 are now entirely equivalent. d) All kernel command line options which take an argument, and where no argument is specified will now result in a log message. e.g. passing just "systemd.unit" will no result in a complain that it needs an argument. This is implemented in the proc_cmdline_missing_value() function. e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key() that parses booleans (following the logic explained in c). f) The proc_cmdline_parse() call's boolean argument has been replaced by a new flags argument that takes a common set of bits with proc_cmdline_get_key(). g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix. h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
} else if (proc_cmdline_key_streq(key, "systemd.crash_chvt")) {
core: rework crash handling This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-23 23:13:06 +02:00
util-lib: various improvements to kernel command line parsing This improves kernel command line parsing in a number of ways: a) An kernel option "foo_bar=xyz" is now considered equivalent to "foo-bar-xyz", i.e. when comparing kernel command line option names "-" and "_" are now considered equivalent (this only applies to the option names though, not the option values!). Most of our kernel options used "-" as word separator in kernel command line options so far, but some used "_". With this change, which was a source of confusion for users (well, at least of one user: myself, I just couldn't remember that it's systemd.debug-shell, not systemd.debug_shell). Considering both as equivalent is inspired how modern kernel module loading normalizes all kernel module names to use underscores now too. b) All options previously using a dash for separating words in kernel command line options now use an underscore instead, in all documentation and in code. Since a) has been implemented this should not create any compatibility problems, but normalizes our documentation and our code. c) All kernel command line options which take booleans (or are boolean-like) have been reworked so that "foobar" (without argument) is now equivalent to "foobar=1" (but not "foobar=0"), thus normalizing the handling of our boolean arguments. Specifically this means systemd.debug-shell and systemd_debug_shell=1 are now entirely equivalent. d) All kernel command line options which take an argument, and where no argument is specified will now result in a log message. e.g. passing just "systemd.unit" will no result in a complain that it needs an argument. This is implemented in the proc_cmdline_missing_value() function. e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key() that parses booleans (following the logic explained in c). f) The proc_cmdline_parse() call's boolean argument has been replaced by a new flags argument that takes a common set of bits with proc_cmdline_get_key(). g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix. h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
if (!value)
arg_crash_chvt = 0; /* turn on */
core: include error cause in log message
2018-10-19 18:40:42 +02:00
else {
core: move config_parse_* functions to a shared module Apart from making the code a little bit more clean, it should allow us to write a fuzzer around the config-parsing functions in the future
2019-06-20 18:51:42 +02:00
r = parse_crash_chvt(value, &arg_crash_chvt);
core: include error cause in log message
2018-10-19 18:40:42 +02:00
if (r < 0)
log_warning_errno(r, "Failed to parse crash chvt switch %s, ignoring: %m", value);
}
core: rework crash handling This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-23 23:13:06 +02:00
util-lib: various improvements to kernel command line parsing This improves kernel command line parsing in a number of ways: a) An kernel option "foo_bar=xyz" is now considered equivalent to "foo-bar-xyz", i.e. when comparing kernel command line option names "-" and "_" are now considered equivalent (this only applies to the option names though, not the option values!). Most of our kernel options used "-" as word separator in kernel command line options so far, but some used "_". With this change, which was a source of confusion for users (well, at least of one user: myself, I just couldn't remember that it's systemd.debug-shell, not systemd.debug_shell). Considering both as equivalent is inspired how modern kernel module loading normalizes all kernel module names to use underscores now too. b) All options previously using a dash for separating words in kernel command line options now use an underscore instead, in all documentation and in code. Since a) has been implemented this should not create any compatibility problems, but normalizes our documentation and our code. c) All kernel command line options which take booleans (or are boolean-like) have been reworked so that "foobar" (without argument) is now equivalent to "foobar=1" (but not "foobar=0"), thus normalizing the handling of our boolean arguments. Specifically this means systemd.debug-shell and systemd_debug_shell=1 are now entirely equivalent. d) All kernel command line options which take an argument, and where no argument is specified will now result in a log message. e.g. passing just "systemd.unit" will no result in a complain that it needs an argument. This is implemented in the proc_cmdline_missing_value() function. e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key() that parses booleans (following the logic explained in c). f) The proc_cmdline_parse() call's boolean argument has been replaced by a new flags argument that takes a common set of bits with proc_cmdline_get_key(). g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix. h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
} else if (proc_cmdline_key_streq(key, "systemd.crash_shell")) {
main: introduce configurable crash shell
2010-04-10 22:35:37 +02:00
util-lib: various improvements to kernel command line parsing This improves kernel command line parsing in a number of ways: a) An kernel option "foo_bar=xyz" is now considered equivalent to "foo-bar-xyz", i.e. when comparing kernel command line option names "-" and "_" are now considered equivalent (this only applies to the option names though, not the option values!). Most of our kernel options used "-" as word separator in kernel command line options so far, but some used "_". With this change, which was a source of confusion for users (well, at least of one user: myself, I just couldn't remember that it's systemd.debug-shell, not systemd.debug_shell). Considering both as equivalent is inspired how modern kernel module loading normalizes all kernel module names to use underscores now too. b) All options previously using a dash for separating words in kernel command line options now use an underscore instead, in all documentation and in code. Since a) has been implemented this should not create any compatibility problems, but normalizes our documentation and our code. c) All kernel command line options which take booleans (or are boolean-like) have been reworked so that "foobar" (without argument) is now equivalent to "foobar=1" (but not "foobar=0"), thus normalizing the handling of our boolean arguments. Specifically this means systemd.debug-shell and systemd_debug_shell=1 are now entirely equivalent. d) All kernel command line options which take an argument, and where no argument is specified will now result in a log message. e.g. passing just "systemd.unit" will no result in a complain that it needs an argument. This is implemented in the proc_cmdline_missing_value() function. e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key() that parses booleans (following the logic explained in c). f) The proc_cmdline_parse() call's boolean argument has been replaced by a new flags argument that takes a common set of bits with proc_cmdline_get_key(). g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix. h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
r = value ? parse_boolean(value) : true;
Some modernizations
2014-02-16 00:10:36 +01:00
if (r < 0)
core: include error cause in log message
2018-10-19 18:40:42 +02:00
log_warning_errno(r, "Failed to parse crash shell switch %s, ignoring: %m", value);
main: introduce configurable crash shell
2010-04-10 22:35:37 +02:00
else
main: add a native implementation of the 'nomodules' kernel option understood by fedora init scripts
2010-07-06 20:21:08 +02:00
arg_crash_shell = r;
main: add kernel option to enable confirm_spawn
2010-04-13 19:10:01 +02:00
util-lib: various improvements to kernel command line parsing This improves kernel command line parsing in a number of ways: a) An kernel option "foo_bar=xyz" is now considered equivalent to "foo-bar-xyz", i.e. when comparing kernel command line option names "-" and "_" are now considered equivalent (this only applies to the option names though, not the option values!). Most of our kernel options used "-" as word separator in kernel command line options so far, but some used "_". With this change, which was a source of confusion for users (well, at least of one user: myself, I just couldn't remember that it's systemd.debug-shell, not systemd.debug_shell). Considering both as equivalent is inspired how modern kernel module loading normalizes all kernel module names to use underscores now too. b) All options previously using a dash for separating words in kernel command line options now use an underscore instead, in all documentation and in code. Since a) has been implemented this should not create any compatibility problems, but normalizes our documentation and our code. c) All kernel command line options which take booleans (or are boolean-like) have been reworked so that "foobar" (without argument) is now equivalent to "foobar=1" (but not "foobar=0"), thus normalizing the handling of our boolean arguments. Specifically this means systemd.debug-shell and systemd_debug_shell=1 are now entirely equivalent. d) All kernel command line options which take an argument, and where no argument is specified will now result in a log message. e.g. passing just "systemd.unit" will no result in a complain that it needs an argument. This is implemented in the proc_cmdline_missing_value() function. e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key() that parses booleans (following the logic explained in c). f) The proc_cmdline_parse() call's boolean argument has been replaced by a new flags argument that takes a common set of bits with proc_cmdline_get_key(). g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix. h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
} else if (proc_cmdline_key_streq(key, "systemd.crash_reboot")) {
main: add kernel option to enable confirm_spawn
2010-04-13 19:10:01 +02:00
util-lib: various improvements to kernel command line parsing This improves kernel command line parsing in a number of ways: a) An kernel option "foo_bar=xyz" is now considered equivalent to "foo-bar-xyz", i.e. when comparing kernel command line option names "-" and "_" are now considered equivalent (this only applies to the option names though, not the option values!). Most of our kernel options used "-" as word separator in kernel command line options so far, but some used "_". With this change, which was a source of confusion for users (well, at least of one user: myself, I just couldn't remember that it's systemd.debug-shell, not systemd.debug_shell). Considering both as equivalent is inspired how modern kernel module loading normalizes all kernel module names to use underscores now too. b) All options previously using a dash for separating words in kernel command line options now use an underscore instead, in all documentation and in code. Since a) has been implemented this should not create any compatibility problems, but normalizes our documentation and our code. c) All kernel command line options which take booleans (or are boolean-like) have been reworked so that "foobar" (without argument) is now equivalent to "foobar=1" (but not "foobar=0"), thus normalizing the handling of our boolean arguments. Specifically this means systemd.debug-shell and systemd_debug_shell=1 are now entirely equivalent. d) All kernel command line options which take an argument, and where no argument is specified will now result in a log message. e.g. passing just "systemd.unit" will no result in a complain that it needs an argument. This is implemented in the proc_cmdline_missing_value() function. e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key() that parses booleans (following the logic explained in c). f) The proc_cmdline_parse() call's boolean argument has been replaced by a new flags argument that takes a common set of bits with proc_cmdline_get_key(). g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix. h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
r = value ? parse_boolean(value) : true;
core: rework crash handling This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-23 23:13:06 +02:00
if (r < 0)
core: include error cause in log message
2018-10-19 18:40:42 +02:00
log_warning_errno(r, "Failed to parse crash reboot switch %s, ignoring: %m", value);
main: add kernel option to enable confirm_spawn
2010-04-13 19:10:01 +02:00
else
core: rework crash handling This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-23 23:13:06 +02:00
arg_crash_reboot = r;
main: add kernel option to enable confirm_spawn
2010-04-13 19:10:01 +02:00
util-lib: various improvements to kernel command line parsing This improves kernel command line parsing in a number of ways: a) An kernel option "foo_bar=xyz" is now considered equivalent to "foo-bar-xyz", i.e. when comparing kernel command line option names "-" and "_" are now considered equivalent (this only applies to the option names though, not the option values!). Most of our kernel options used "-" as word separator in kernel command line options so far, but some used "_". With this change, which was a source of confusion for users (well, at least of one user: myself, I just couldn't remember that it's systemd.debug-shell, not systemd.debug_shell). Considering both as equivalent is inspired how modern kernel module loading normalizes all kernel module names to use underscores now too. b) All options previously using a dash for separating words in kernel command line options now use an underscore instead, in all documentation and in code. Since a) has been implemented this should not create any compatibility problems, but normalizes our documentation and our code. c) All kernel command line options which take booleans (or are boolean-like) have been reworked so that "foobar" (without argument) is now equivalent to "foobar=1" (but not "foobar=0"), thus normalizing the handling of our boolean arguments. Specifically this means systemd.debug-shell and systemd_debug_shell=1 are now entirely equivalent. d) All kernel command line options which take an argument, and where no argument is specified will now result in a log message. e.g. passing just "systemd.unit" will no result in a complain that it needs an argument. This is implemented in the proc_cmdline_missing_value() function. e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key() that parses booleans (following the logic explained in c). f) The proc_cmdline_parse() call's boolean argument has been replaced by a new flags argument that takes a common set of bits with proc_cmdline_get_key(). g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix. h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
} else if (proc_cmdline_key_streq(key, "systemd.confirm_spawn")) {
char *s;
core: allow to redirect confirmation messages to a different console It's rather hard to parse the confirmation messages (enabled with systemd.confirm_spawn=true) amongst the status messages and the kernel ones (if enabled). This patch gives the possibility to the user to redirect the confirmation message to a different virtual console, either by giving its name or its path, so those messages are separated from the other ones and easier to read.
2016-11-02 10:38:22 +01:00
util-lib: various improvements to kernel command line parsing This improves kernel command line parsing in a number of ways: a) An kernel option "foo_bar=xyz" is now considered equivalent to "foo-bar-xyz", i.e. when comparing kernel command line option names "-" and "_" are now considered equivalent (this only applies to the option names though, not the option values!). Most of our kernel options used "-" as word separator in kernel command line options so far, but some used "_". With this change, which was a source of confusion for users (well, at least of one user: myself, I just couldn't remember that it's systemd.debug-shell, not systemd.debug_shell). Considering both as equivalent is inspired how modern kernel module loading normalizes all kernel module names to use underscores now too. b) All options previously using a dash for separating words in kernel command line options now use an underscore instead, in all documentation and in code. Since a) has been implemented this should not create any compatibility problems, but normalizes our documentation and our code. c) All kernel command line options which take booleans (or are boolean-like) have been reworked so that "foobar" (without argument) is now equivalent to "foobar=1" (but not "foobar=0"), thus normalizing the handling of our boolean arguments. Specifically this means systemd.debug-shell and systemd_debug_shell=1 are now entirely equivalent. d) All kernel command line options which take an argument, and where no argument is specified will now result in a log message. e.g. passing just "systemd.unit" will no result in a complain that it needs an argument. This is implemented in the proc_cmdline_missing_value() function. e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key() that parses booleans (following the logic explained in c). f) The proc_cmdline_parse() call's boolean argument has been replaced by a new flags argument that takes a common set of bits with proc_cmdline_get_key(). g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix. h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
r = parse_confirm_spawn(value, &s);
util: move more intellegince into parse_proc_cmdline() Already split variable assignments before invoking the callback. And drop "rd." settings if we are not in an initrd.
2014-03-06 17:05:55 +01:00
if (r < 0)
core: include error cause in log message
2018-10-19 18:40:42 +02:00
log_warning_errno(r, "Failed to parse confirm_spawn switch %s, ignoring: %m", value);
else
free_and_replace(arg_confirm_spawn, s);
main: switch to primary console vt on crash
2010-04-10 23:36:43 +02:00
pid1: add option to disable service watchdogs Add a "systemd.service_watchdogs=" option to the command line which disables all service runtime watchdogs and emergency actions.
2017-03-20 13:10:43 +01:00
} else if (proc_cmdline_key_streq(key, "systemd.service_watchdogs")) {
r = value ? parse_boolean(value) : true;
if (r < 0)
core: include error cause in log message
2018-10-19 18:40:42 +02:00
log_warning_errno(r, "Failed to parse service watchdog switch %s, ignoring: %m", value);
pid1: add option to disable service watchdogs Add a "systemd.service_watchdogs=" option to the command line which disables all service runtime watchdogs and emergency actions.
2017-03-20 13:10:43 +01:00
else
arg_service_watchdogs = r;
util-lib: various improvements to kernel command line parsing This improves kernel command line parsing in a number of ways: a) An kernel option "foo_bar=xyz" is now considered equivalent to "foo-bar-xyz", i.e. when comparing kernel command line option names "-" and "_" are now considered equivalent (this only applies to the option names though, not the option values!). Most of our kernel options used "-" as word separator in kernel command line options so far, but some used "_". With this change, which was a source of confusion for users (well, at least of one user: myself, I just couldn't remember that it's systemd.debug-shell, not systemd.debug_shell). Considering both as equivalent is inspired how modern kernel module loading normalizes all kernel module names to use underscores now too. b) All options previously using a dash for separating words in kernel command line options now use an underscore instead, in all documentation and in code. Since a) has been implemented this should not create any compatibility problems, but normalizes our documentation and our code. c) All kernel command line options which take booleans (or are boolean-like) have been reworked so that "foobar" (without argument) is now equivalent to "foobar=1" (but not "foobar=0"), thus normalizing the handling of our boolean arguments. Specifically this means systemd.debug-shell and systemd_debug_shell=1 are now entirely equivalent. d) All kernel command line options which take an argument, and where no argument is specified will now result in a log message. e.g. passing just "systemd.unit" will no result in a complain that it needs an argument. This is implemented in the proc_cmdline_missing_value() function. e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key() that parses booleans (following the logic explained in c). f) The proc_cmdline_parse() call's boolean argument has been replaced by a new flags argument that takes a common set of bits with proc_cmdline_get_key(). g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix. h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
} else if (proc_cmdline_key_streq(key, "systemd.show_status")) {
manager: optionally print status updates to console on boot
2010-07-07 00:00:59 +02:00
util-lib: various improvements to kernel command line parsing This improves kernel command line parsing in a number of ways: a) An kernel option "foo_bar=xyz" is now considered equivalent to "foo-bar-xyz", i.e. when comparing kernel command line option names "-" and "_" are now considered equivalent (this only applies to the option names though, not the option values!). Most of our kernel options used "-" as word separator in kernel command line options so far, but some used "_". With this change, which was a source of confusion for users (well, at least of one user: myself, I just couldn't remember that it's systemd.debug-shell, not systemd.debug_shell). Considering both as equivalent is inspired how modern kernel module loading normalizes all kernel module names to use underscores now too. b) All options previously using a dash for separating words in kernel command line options now use an underscore instead, in all documentation and in code. Since a) has been implemented this should not create any compatibility problems, but normalizes our documentation and our code. c) All kernel command line options which take booleans (or are boolean-like) have been reworked so that "foobar" (without argument) is now equivalent to "foobar=1" (but not "foobar=0"), thus normalizing the handling of our boolean arguments. Specifically this means systemd.debug-shell and systemd_debug_shell=1 are now entirely equivalent. d) All kernel command line options which take an argument, and where no argument is specified will now result in a log message. e.g. passing just "systemd.unit" will no result in a complain that it needs an argument. This is implemented in the proc_cmdline_missing_value() function. e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key() that parses booleans (following the logic explained in c). f) The proc_cmdline_parse() call's boolean argument has been replaced by a new flags argument that takes a common set of bits with proc_cmdline_get_key(). g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix. h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
if (value) {
r = parse_show_status(value, &arg_show_status);
if (r < 0)
core: include error cause in log message
2018-10-19 18:40:42 +02:00
log_warning_errno(r, "Failed to parse show status switch %s, ignoring: %m", value);
util-lib: various improvements to kernel command line parsing This improves kernel command line parsing in a number of ways: a) An kernel option "foo_bar=xyz" is now considered equivalent to "foo-bar-xyz", i.e. when comparing kernel command line option names "-" and "_" are now considered equivalent (this only applies to the option names though, not the option values!). Most of our kernel options used "-" as word separator in kernel command line options so far, but some used "_". With this change, which was a source of confusion for users (well, at least of one user: myself, I just couldn't remember that it's systemd.debug-shell, not systemd.debug_shell). Considering both as equivalent is inspired how modern kernel module loading normalizes all kernel module names to use underscores now too. b) All options previously using a dash for separating words in kernel command line options now use an underscore instead, in all documentation and in code. Since a) has been implemented this should not create any compatibility problems, but normalizes our documentation and our code. c) All kernel command line options which take booleans (or are boolean-like) have been reworked so that "foobar" (without argument) is now equivalent to "foobar=1" (but not "foobar=0"), thus normalizing the handling of our boolean arguments. Specifically this means systemd.debug-shell and systemd_debug_shell=1 are now entirely equivalent. d) All kernel command line options which take an argument, and where no argument is specified will now result in a log message. e.g. passing just "systemd.unit" will no result in a complain that it needs an argument. This is implemented in the proc_cmdline_missing_value() function. e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key() that parses booleans (following the logic explained in c). f) The proc_cmdline_parse() call's boolean argument has been replaced by a new flags argument that takes a common set of bits with proc_cmdline_get_key(). g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix. h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
} else
arg_show_status = SHOW_STATUS_YES;
util: move more intellegince into parse_proc_cmdline() Already split variable assignments before invoking the callback. And drop "rd." settings if we are not in an initrd.
2014-03-06 17:05:55 +01:00
Add config and kernel commandline option to use short identifiers No functional change, just docs and configuration and parsing. v2: - change ShortIdentifiers=yes|no to StatusUnitFormat=name|description.
2019-06-06 19:22:20 +02:00
} else if (proc_cmdline_key_streq(key, "systemd.status_unit_format")) {
if (proc_cmdline_value_missing(key, value))
return 0;
r = status_unit_format_from_string(value);
if (r < 0)
log_warning_errno(r, "Failed to parse %s=%s, ignoring: %m", key, value);
else
arg_status_unit_format = r;
util-lib: various improvements to kernel command line parsing This improves kernel command line parsing in a number of ways: a) An kernel option "foo_bar=xyz" is now considered equivalent to "foo-bar-xyz", i.e. when comparing kernel command line option names "-" and "_" are now considered equivalent (this only applies to the option names though, not the option values!). Most of our kernel options used "-" as word separator in kernel command line options so far, but some used "_". With this change, which was a source of confusion for users (well, at least of one user: myself, I just couldn't remember that it's systemd.debug-shell, not systemd.debug_shell). Considering both as equivalent is inspired how modern kernel module loading normalizes all kernel module names to use underscores now too. b) All options previously using a dash for separating words in kernel command line options now use an underscore instead, in all documentation and in code. Since a) has been implemented this should not create any compatibility problems, but normalizes our documentation and our code. c) All kernel command line options which take booleans (or are boolean-like) have been reworked so that "foobar" (without argument) is now equivalent to "foobar=1" (but not "foobar=0"), thus normalizing the handling of our boolean arguments. Specifically this means systemd.debug-shell and systemd_debug_shell=1 are now entirely equivalent. d) All kernel command line options which take an argument, and where no argument is specified will now result in a log message. e.g. passing just "systemd.unit" will no result in a complain that it needs an argument. This is implemented in the proc_cmdline_missing_value() function. e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key() that parses booleans (following the logic explained in c). f) The proc_cmdline_parse() call's boolean argument has been replaced by a new flags argument that takes a common set of bits with proc_cmdline_get_key(). g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix. h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
} else if (proc_cmdline_key_streq(key, "systemd.default_standard_output")) {
if (proc_cmdline_value_missing(key, value))
return 0;
exec: introduce global defaults for the standard output of services
2011-02-15 11:52:29 +01:00
util: move more intellegince into parse_proc_cmdline() Already split variable assignments before invoking the callback. And drop "rd." settings if we are not in an initrd.
2014-03-06 17:05:55 +01:00
r = exec_output_from_string(value);
Some modernizations
2014-02-16 00:10:36 +01:00
if (r < 0)
core: include error cause in log message
2018-10-19 18:40:42 +02:00
log_warning_errno(r, "Failed to parse default standard output switch %s, ignoring: %m", value);
exec: introduce global defaults for the standard output of services
2011-02-15 11:52:29 +01:00
else
arg_default_std_output = r;
util-lib: various improvements to kernel command line parsing This improves kernel command line parsing in a number of ways: a) An kernel option "foo_bar=xyz" is now considered equivalent to "foo-bar-xyz", i.e. when comparing kernel command line option names "-" and "_" are now considered equivalent (this only applies to the option names though, not the option values!). Most of our kernel options used "-" as word separator in kernel command line options so far, but some used "_". With this change, which was a source of confusion for users (well, at least of one user: myself, I just couldn't remember that it's systemd.debug-shell, not systemd.debug_shell). Considering both as equivalent is inspired how modern kernel module loading normalizes all kernel module names to use underscores now too. b) All options previously using a dash for separating words in kernel command line options now use an underscore instead, in all documentation and in code. Since a) has been implemented this should not create any compatibility problems, but normalizes our documentation and our code. c) All kernel command line options which take booleans (or are boolean-like) have been reworked so that "foobar" (without argument) is now equivalent to "foobar=1" (but not "foobar=0"), thus normalizing the handling of our boolean arguments. Specifically this means systemd.debug-shell and systemd_debug_shell=1 are now entirely equivalent. d) All kernel command line options which take an argument, and where no argument is specified will now result in a log message. e.g. passing just "systemd.unit" will no result in a complain that it needs an argument. This is implemented in the proc_cmdline_missing_value() function. e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key() that parses booleans (following the logic explained in c). f) The proc_cmdline_parse() call's boolean argument has been replaced by a new flags argument that takes a common set of bits with proc_cmdline_get_key(). g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix. h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
} else if (proc_cmdline_key_streq(key, "systemd.default_standard_error")) {
if (proc_cmdline_value_missing(key, value))
return 0;
util: move more intellegince into parse_proc_cmdline() Already split variable assignments before invoking the callback. And drop "rd." settings if we are not in an initrd.
2014-03-06 17:05:55 +01:00
r = exec_output_from_string(value);
Some modernizations
2014-02-16 00:10:36 +01:00
if (r < 0)
core: include error cause in log message
2018-10-19 18:40:42 +02:00
log_warning_errno(r, "Failed to parse default standard error switch %s, ignoring: %m", value);
exec: introduce global defaults for the standard output of services
2011-02-15 11:52:29 +01:00
else
arg_default_std_error = r;
systemd: Add systemd.setenv for /proc/cmdline parsing. Check for systemd.setenv when parsing /proc/cmdline. ex: systemd.setenv=PATH=/opt/bin
2012-02-07 21:31:20 +01:00
util-lib: various improvements to kernel command line parsing This improves kernel command line parsing in a number of ways: a) An kernel option "foo_bar=xyz" is now considered equivalent to "foo-bar-xyz", i.e. when comparing kernel command line option names "-" and "_" are now considered equivalent (this only applies to the option names though, not the option values!). Most of our kernel options used "-" as word separator in kernel command line options so far, but some used "_". With this change, which was a source of confusion for users (well, at least of one user: myself, I just couldn't remember that it's systemd.debug-shell, not systemd.debug_shell). Considering both as equivalent is inspired how modern kernel module loading normalizes all kernel module names to use underscores now too. b) All options previously using a dash for separating words in kernel command line options now use an underscore instead, in all documentation and in code. Since a) has been implemented this should not create any compatibility problems, but normalizes our documentation and our code. c) All kernel command line options which take booleans (or are boolean-like) have been reworked so that "foobar" (without argument) is now equivalent to "foobar=1" (but not "foobar=0"), thus normalizing the handling of our boolean arguments. Specifically this means systemd.debug-shell and systemd_debug_shell=1 are now entirely equivalent. d) All kernel command line options which take an argument, and where no argument is specified will now result in a log message. e.g. passing just "systemd.unit" will no result in a complain that it needs an argument. This is implemented in the proc_cmdline_missing_value() function. e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key() that parses booleans (following the logic explained in c). f) The proc_cmdline_parse() call's boolean argument has been replaced by a new flags argument that takes a common set of bits with proc_cmdline_get_key(). g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix. h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
} else if (streq(key, "systemd.setenv")) {
if (proc_cmdline_value_missing(key, value))
return 0;
util: move more intellegince into parse_proc_cmdline() Already split variable assignments before invoking the callback. And drop "rd." settings if we are not in an initrd.
2014-03-06 17:05:55 +01:00
if (env_assignment_is_valid(value)) {
rework systemd's own process environment handling/passing Stop importing non-sensical kernel-exported variables. All parameters in the kernel command line are exported to the initial environment of PID1, but suppressed if they are recognized by kernel built-in code. The EFI booted kernel will add further kernel-internal things which do not belong into userspace. The passed original environ data of the process is not touched and preserved across re-execution, to allow external reading of /proc/self/environ for process properties like container*=.
2013-07-26 05:22:22 +02:00
char **env;
util: move more intellegince into parse_proc_cmdline() Already split variable assignments before invoking the callback. And drop "rd." settings if we are not in an initrd.
2014-03-06 17:05:55 +01:00
env = strv_env_set(arg_default_environment, value);
util-lib: various improvements to kernel command line parsing This improves kernel command line parsing in a number of ways: a) An kernel option "foo_bar=xyz" is now considered equivalent to "foo-bar-xyz", i.e. when comparing kernel command line option names "-" and "_" are now considered equivalent (this only applies to the option names though, not the option values!). Most of our kernel options used "-" as word separator in kernel command line options so far, but some used "_". With this change, which was a source of confusion for users (well, at least of one user: myself, I just couldn't remember that it's systemd.debug-shell, not systemd.debug_shell). Considering both as equivalent is inspired how modern kernel module loading normalizes all kernel module names to use underscores now too. b) All options previously using a dash for separating words in kernel command line options now use an underscore instead, in all documentation and in code. Since a) has been implemented this should not create any compatibility problems, but normalizes our documentation and our code. c) All kernel command line options which take booleans (or are boolean-like) have been reworked so that "foobar" (without argument) is now equivalent to "foobar=1" (but not "foobar=0"), thus normalizing the handling of our boolean arguments. Specifically this means systemd.debug-shell and systemd_debug_shell=1 are now entirely equivalent. d) All kernel command line options which take an argument, and where no argument is specified will now result in a log message. e.g. passing just "systemd.unit" will no result in a complain that it needs an argument. This is implemented in the proc_cmdline_missing_value() function. e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key() that parses booleans (following the logic explained in c). f) The proc_cmdline_parse() call's boolean argument has been replaced by a new flags argument that takes a common set of bits with proc_cmdline_get_key(). g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix. h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
if (!env)
return log_oom();
arg_default_environment = env;
rework systemd's own process environment handling/passing Stop importing non-sensical kernel-exported variables. All parameters in the kernel command line are exported to the initial environment of PID1, but suppressed if they are recognized by kernel built-in code. The EFI booted kernel will add further kernel-internal things which do not belong into userspace. The passed original environ data of the process is not touched and preserved across re-execution, to allow external reading of /proc/self/environ for process properties like container*=.
2013-07-26 05:22:22 +02:00
} else
util: move more intellegince into parse_proc_cmdline() Already split variable assignments before invoking the callback. And drop "rd." settings if we are not in an initrd.
2014-03-06 17:05:55 +01:00
log_warning("Environment variable name '%s' is not valid. Ignoring.", value);
manager: optionally print status updates to console on boot
2010-07-07 00:00:59 +02:00
util-lib: various improvements to kernel command line parsing This improves kernel command line parsing in a number of ways: a) An kernel option "foo_bar=xyz" is now considered equivalent to "foo-bar-xyz", i.e. when comparing kernel command line option names "-" and "_" are now considered equivalent (this only applies to the option names though, not the option values!). Most of our kernel options used "-" as word separator in kernel command line options so far, but some used "_". With this change, which was a source of confusion for users (well, at least of one user: myself, I just couldn't remember that it's systemd.debug-shell, not systemd.debug_shell). Considering both as equivalent is inspired how modern kernel module loading normalizes all kernel module names to use underscores now too. b) All options previously using a dash for separating words in kernel command line options now use an underscore instead, in all documentation and in code. Since a) has been implemented this should not create any compatibility problems, but normalizes our documentation and our code. c) All kernel command line options which take booleans (or are boolean-like) have been reworked so that "foobar" (without argument) is now equivalent to "foobar=1" (but not "foobar=0"), thus normalizing the handling of our boolean arguments. Specifically this means systemd.debug-shell and systemd_debug_shell=1 are now entirely equivalent. d) All kernel command line options which take an argument, and where no argument is specified will now result in a log message. e.g. passing just "systemd.unit" will no result in a complain that it needs an argument. This is implemented in the proc_cmdline_missing_value() function. e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key() that parses booleans (following the logic explained in c). f) The proc_cmdline_parse() call's boolean argument has been replaced by a new flags argument that takes a common set of bits with proc_cmdline_get_key(). g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix. h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
} else if (proc_cmdline_key_streq(key, "systemd.machine_id")) {
if (proc_cmdline_value_missing(key, value))
return 0;
r = set_machine_id(value);
if (r < 0)
core: include error cause in log message
2018-10-19 18:40:42 +02:00
log_warning_errno(r, "MachineID '%s' is not valid, ignoring: %m", value);
core: Add machine-id setting Allow for overriding all other machine-ids which may be present on the system using a kernel command line systemd.machine_id or --machine-id= option. This is especially useful for network booted systems where the machine-id needs to be static, or for containers where a specific machine-id is wanted.
2015-07-06 00:00:59 +02:00
util-lib: various improvements to kernel command line parsing This improves kernel command line parsing in a number of ways: a) An kernel option "foo_bar=xyz" is now considered equivalent to "foo-bar-xyz", i.e. when comparing kernel command line option names "-" and "_" are now considered equivalent (this only applies to the option names though, not the option values!). Most of our kernel options used "-" as word separator in kernel command line options so far, but some used "_". With this change, which was a source of confusion for users (well, at least of one user: myself, I just couldn't remember that it's systemd.debug-shell, not systemd.debug_shell). Considering both as equivalent is inspired how modern kernel module loading normalizes all kernel module names to use underscores now too. b) All options previously using a dash for separating words in kernel command line options now use an underscore instead, in all documentation and in code. Since a) has been implemented this should not create any compatibility problems, but normalizes our documentation and our code. c) All kernel command line options which take booleans (or are boolean-like) have been reworked so that "foobar" (without argument) is now equivalent to "foobar=1" (but not "foobar=0"), thus normalizing the handling of our boolean arguments. Specifically this means systemd.debug-shell and systemd_debug_shell=1 are now entirely equivalent. d) All kernel command line options which take an argument, and where no argument is specified will now result in a log message. e.g. passing just "systemd.unit" will no result in a complain that it needs an argument. This is implemented in the proc_cmdline_missing_value() function. e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key() that parses booleans (following the logic explained in c). f) The proc_cmdline_parse() call's boolean argument has been replaced by a new flags argument that takes a common set of bits with proc_cmdline_get_key(). g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix. h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
} else if (proc_cmdline_key_streq(key, "systemd.default_timeout_start_sec")) {
if (proc_cmdline_value_missing(key, value))
return 0;
r = parse_sec(value, &arg_default_timeout_start_usec);
if (r < 0)
core: include error cause in log message
2018-10-19 18:40:42 +02:00
log_warning_errno(r, "Failed to parse default start timeout '%s', ignoring: %m", value);
util-lib: various improvements to kernel command line parsing This improves kernel command line parsing in a number of ways: a) An kernel option "foo_bar=xyz" is now considered equivalent to "foo-bar-xyz", i.e. when comparing kernel command line option names "-" and "_" are now considered equivalent (this only applies to the option names though, not the option values!). Most of our kernel options used "-" as word separator in kernel command line options so far, but some used "_". With this change, which was a source of confusion for users (well, at least of one user: myself, I just couldn't remember that it's systemd.debug-shell, not systemd.debug_shell). Considering both as equivalent is inspired how modern kernel module loading normalizes all kernel module names to use underscores now too. b) All options previously using a dash for separating words in kernel command line options now use an underscore instead, in all documentation and in code. Since a) has been implemented this should not create any compatibility problems, but normalizes our documentation and our code. c) All kernel command line options which take booleans (or are boolean-like) have been reworked so that "foobar" (without argument) is now equivalent to "foobar=1" (but not "foobar=0"), thus normalizing the handling of our boolean arguments. Specifically this means systemd.debug-shell and systemd_debug_shell=1 are now entirely equivalent. d) All kernel command line options which take an argument, and where no argument is specified will now result in a log message. e.g. passing just "systemd.unit" will no result in a complain that it needs an argument. This is implemented in the proc_cmdline_missing_value() function. e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key() that parses booleans (following the logic explained in c). f) The proc_cmdline_parse() call's boolean argument has been replaced by a new flags argument that takes a common set of bits with proc_cmdline_get_key(). g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix. h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
if (arg_default_timeout_start_usec <= 0)
arg_default_timeout_start_usec = USEC_INFINITY;
core: Add machine-id setting Allow for overriding all other machine-ids which may be present on the system using a kernel command line systemd.machine_id or --machine-id= option. This is especially useful for network booted systems where the machine-id needs to be static, or for containers where a specific machine-id is wanted.
2015-07-06 00:00:59 +02:00
pid1: add new kernel cmdline arg systemd.cpu_affinity= Let's allow configuration of the CPU affinity via the kernel cmdline, overriding CPUAffinity= in /etc/systemd/system.conf Prompted by: https://lists.freedesktop.org/archives/systemd-devel/2019-November/043754.html
2019-11-26 09:46:00 +01:00
} else if (proc_cmdline_key_streq(key, "systemd.cpu_affinity")) {
if (proc_cmdline_value_missing(key, value))
return 0;
r = parse_cpu_set(value, &arg_cpu_affinity);
if (r < 0)
log_warning_errno(r, "Faile to parse CPU affinity mask '%s', ignoring: %m", value);
core: Add WatchdogDevice config option and implement it This option allows a device path to be specified for the systemd watchdog (both runtime and shutdown). If a system requires a watchdog other than /dev/watchdog (pointing to /dev/watchdog0) to be used to reboot the system, this setting should be changed to the relevant watchdog device path (e.g. /dev/watchdog1).
2017-12-08 18:26:44 +01:00
} else if (proc_cmdline_key_streq(key, "systemd.watchdog_device")) {
if (proc_cmdline_value_missing(key, value))
return 0;
core: introduce systemd.early_core_pattern= kernel cmdline option Until a core dump handler is installed by systemd-sysctl, the generation of core dump for services is turned OFF which can make the debugging of the early boot process harder especially since there's no easy way to restore the core dump generation. This patch introduces a new kernel command line option which specifies an absolute path where the kernel should write the core dump file when an early process crashes. This will take effect until systemd-coredump (or any other handlers) takes over.
2018-10-08 16:09:59 +02:00
(void) parse_path_argument_and_warn(value, false, &arg_watchdog_device);
core: Add WatchdogDevice config option and implement it This option allows a device path to be specified for the systemd watchdog (both runtime and shutdown). If a system requires a watchdog other than /dev/watchdog (pointing to /dev/watchdog0) to be used to reboot the system, this setting should be changed to the relevant watchdog device path (e.g. /dev/watchdog1).
2017-12-08 18:26:44 +01:00
util: move more intellegince into parse_proc_cmdline() Already split variable assignments before invoking the callback. And drop "rd." settings if we are not in an initrd.
2014-03-06 17:05:55 +01:00
} else if (streq(key, "quiet") && !value) {
log: don't downgrade log level in non-PID 1 if "quiet" is passed on kernel cmdline "debug" should apply to all tools, but "quiet" only to PID1.
2014-06-17 01:05:39 +02:00
core: normalize ShowStatus
2018-07-23 14:55:26 +02:00
if (arg_show_status == _SHOW_STATUS_INVALID)
pid1: add new mode systemd.show-status=error and use it when 'quiet' is passed systemd.show-status=error is useful for the case where people care about errors only. If people want to have a quiet boot, they most likely don't want to see all status output even if there is a delay in boot, so make "quiet" imply systemd.show-status=error instead of systemd.show-status=auto. Fixes #14976.
2020-02-29 17:49:50 +01:00
arg_show_status = SHOW_STATUS_ERROR;
util: move more intellegince into parse_proc_cmdline() Already split variable assignments before invoking the callback. And drop "rd." settings if we are not in an initrd.
2014-03-06 17:05:55 +01:00
} else if (streq(key, "debug") && !value) {
log: don't downgrade log level in non-PID 1 if "quiet" is passed on kernel cmdline "debug" should apply to all tools, but "quiet" only to PID1.
2014-06-17 01:05:39 +02:00
main,log: parse the log related kernel command line parameters at one place only, and for all tools Previously, we ended up parsing some of them three times: in main.c when processing the kernel cmdline, in main.c when processing the process cmdline (only for containers), and in log.c again. Let's streamline this, and only parse them in log.c In PID 1 also make sure we parse "quiet" first, and then override this with the more specific checks in log.c
2014-08-15 18:07:36 +02:00
/* Note that log_parse_environment() handles 'debug'
* too, and sets the log level to LOG_DEBUG. */
log: don't downgrade log level in non-PID 1 if "quiet" is passed on kernel cmdline "debug" should apply to all tools, but "quiet" only to PID1.
2014-06-17 01:05:39 +02:00
basic: rework virtualization detection API Introduce a proper enum, and don't pass around string ids anymore. This simplifies things quite a bit, and makes virtualization detection more similar to architecture detection.
2015-09-07 13:42:47 +02:00
if (detect_container() > 0)
reduce the amount of messages logged to /dev/kmsg when "debug" is specified
2014-04-05 19:59:01 +02:00
log_set_target(LOG_TARGET_CONSOLE);
util: move more intellegince into parse_proc_cmdline() Already split variable assignments before invoking the callback. And drop "rd." settings if we are not in an initrd.
2014-03-06 17:05:55 +01:00
core: parse `rd.rescue` and `rd.emergency` as initrd-specific shorthands (#3488) Typing `rd.rescue` is easier than `rd.systemd.unit=rescue.target`.
2016-06-13 16:28:42 +02:00
} else if (!value) {
core: use runlevel_to_target for /proc/cmdline parsing
2015-11-03 12:24:52 +01:00
const char *target;
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
/* SysV compatibility */
core: use runlevel_to_target for /proc/cmdline parsing
2015-11-03 12:24:52 +01:00
target = runlevel_to_target(key);
if (target)
return free_and_strdup(&arg_default_unit, target);
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
}
return 0;
}
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
#define DEFINE_SETTER(name, func, descr) \
static int name(const char *unit, \
const char *filename, \
unsigned line, \
const char *section, \
conf-parser: distinguish between multiple sections with the same name Pass on the line on which a section was decleared to the parsers, so they can distinguish between multiple sections (if they chose to). Currently no parsers take advantage of this, but a follow-up patch will do that to distinguish [Address] Address=192.168.0.1/24 Label=one [Address] Address=192.168.0.2/24 Label=two from [Address] Address=192.168.0.1/24 Label=one Address=192.168.0.2/24 Label=two
2013-11-19 16:17:55 +01:00
unsigned section_line, \
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
const char *lvalue, \
int ltype, \
const char *rvalue, \
void *data, \
void *userdata) { \
\
int r; \
\
assert(filename); \
assert(lvalue); \
assert(rvalue); \
\
r = func(rvalue); \
if (r < 0) \
core: use %m rather than strerror() where we can
2015-09-23 01:10:47 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, \
"Invalid " descr "'%s': %m", \
rvalue); \
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
\
return 0; \
}
main: implement manager configuration file
2010-07-07 01:10:27 +02:00
pid1: preserve current value of log level across re-{load,execution} To make debugging easier, this patches allows one to change the log level and do reload/reexec without modifying configuration permanently, which makes debugging easier. Indeed if one changed the log max level at runtime (via the bus or via signals), the change was lost on the next daemon reload/reexecution. In order to restore the original value back (set via system.conf, environment variables or any other means), the empty string in the "LogLevel" property is now supported as well as sending SIGRTMIN+23 signal.
2018-05-30 17:57:23 +02:00
DEFINE_SETTER(config_parse_level2, log_set_max_level_from_string, "log level");
DEFINE_SETTER(config_parse_target, log_set_target_from_string, "target");
DEFINE_SETTER(config_parse_color, log_show_color_from_string, "color" );
DEFINE_SETTER(config_parse_location, log_show_location_from_string, "location");
main: implement manager configuration file
2010-07-07 01:10:27 +02:00
pid1: fix setting of DefaultTimeoutAbortSec This partially reverts a07a7324adf504381e9374d1f1a5db6edaa46435. We have two pieces of information: the value and a boolean. config_parse_timeout_abort() added in the reverted commit would write the boolean to the usec_t value, making a mess. The code is reworked to have just one implementation and two wrappers which pass two pointers.
2019-11-27 13:13:17 +01:00
static int config_parse_default_timeout_abort(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
int r;
r = config_parse_timeout_abort(unit, filename, line, section, section_line, lvalue, ltype, rvalue,
&arg_default_timeout_abort_usec, userdata);
if (r >= 0)
arg_default_timeout_abort_set = r;
return 0;
}
main: implement manager configuration file
2010-07-07 01:10:27 +02:00
pid1: fix setting of DefaultTimeoutAbortSec This partially reverts a07a7324adf504381e9374d1f1a5db6edaa46435. We have two pieces of information: the value and a boolean. config_parse_timeout_abort() added in the reverted commit would write the boolean to the usec_t value, making a mess. The code is reworked to have just one implementation and two wrappers which pass two pointers.
2019-11-27 13:13:17 +01:00
static int parse_config_file(void) {
load-fragment: speed up parsing by using a perfect hash table with configuration settings built by gperf
2011-08-01 00:43:05 +02:00
const ConfigTableItem items[] = {
pid1: fix setting of DefaultTimeoutAbortSec This partially reverts a07a7324adf504381e9374d1f1a5db6edaa46435. We have two pieces of information: the value and a boolean. config_parse_timeout_abort() added in the reverted commit would write the boolean to the usec_t value, making a mess. The code is reworked to have just one implementation and two wrappers which pass two pointers.
2019-11-27 13:13:17 +01:00
{ "Manager", "LogLevel", config_parse_level2, 0, NULL },
{ "Manager", "LogTarget", config_parse_target, 0, NULL },
{ "Manager", "LogColor", config_parse_color, 0, NULL },
{ "Manager", "LogLocation", config_parse_location, 0, NULL },
{ "Manager", "DumpCore", config_parse_bool, 0, &arg_dump_core },
{ "Manager", "CrashChVT", /* legacy */ config_parse_crash_chvt, 0, &arg_crash_chvt },
{ "Manager", "CrashChangeVT", config_parse_crash_chvt, 0, &arg_crash_chvt },
{ "Manager", "CrashShell", config_parse_bool, 0, &arg_crash_shell },
{ "Manager", "CrashReboot", config_parse_bool, 0, &arg_crash_reboot },
{ "Manager", "ShowStatus", config_parse_show_status, 0, &arg_show_status },
{ "Manager", "StatusUnitFormat", config_parse_status_unit_format, 0, &arg_status_unit_format },
{ "Manager", "CPUAffinity", config_parse_cpu_affinity2, 0, &arg_cpu_affinity },
{ "Manager", "NUMAPolicy", config_parse_numa_policy, 0, &arg_numa_policy.type },
{ "Manager", "NUMAMask", config_parse_numa_mask, 0, &arg_numa_policy },
{ "Manager", "JoinControllers", config_parse_warn_compat, DISABLED_CONFIGURATION, NULL },
{ "Manager", "RuntimeWatchdogSec", config_parse_sec, 0, &arg_runtime_watchdog },
{ "Manager", "RebootWatchdogSec", config_parse_sec, 0, &arg_reboot_watchdog },
{ "Manager", "ShutdownWatchdogSec", config_parse_sec, 0, &arg_reboot_watchdog }, /* obsolete alias */
{ "Manager", "KExecWatchdogSec", config_parse_sec, 0, &arg_kexec_watchdog },
{ "Manager", "WatchdogDevice", config_parse_path, 0, &arg_watchdog_device },
{ "Manager", "CapabilityBoundingSet", config_parse_capability_set, 0, &arg_capability_bounding_set },
{ "Manager", "NoNewPrivileges", config_parse_bool, 0, &arg_no_new_privs },
build-sys: use #if Y instead of #ifdef Y everywhere The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
2017-10-03 10:41:51 +02:00
#if HAVE_SECCOMP
pid1: fix setting of DefaultTimeoutAbortSec This partially reverts a07a7324adf504381e9374d1f1a5db6edaa46435. We have two pieces of information: the value and a boolean. config_parse_timeout_abort() added in the reverted commit would write the boolean to the usec_t value, making a mess. The code is reworked to have just one implementation and two wrappers which pass two pointers.
2019-11-27 13:13:17 +01:00
{ "Manager", "SystemCallArchitectures", config_parse_syscall_archs, 0, &arg_syscall_archs },
seccomp: fix build again if libseccomp is missing
2014-02-13 02:25:45 +01:00
#endif
pid1: fix setting of DefaultTimeoutAbortSec This partially reverts a07a7324adf504381e9374d1f1a5db6edaa46435. We have two pieces of information: the value and a boolean. config_parse_timeout_abort() added in the reverted commit would write the boolean to the usec_t value, making a mess. The code is reworked to have just one implementation and two wrappers which pass two pointers.
2019-11-27 13:13:17 +01:00
{ "Manager", "TimerSlackNSec", config_parse_nsec, 0, &arg_timer_slack_nsec },
{ "Manager", "DefaultTimerAccuracySec", config_parse_sec, 0, &arg_default_timer_accuracy_usec },
{ "Manager", "DefaultStandardOutput", config_parse_output_restricted, 0, &arg_default_std_output },
{ "Manager", "DefaultStandardError", config_parse_output_restricted, 0, &arg_default_std_error },
{ "Manager", "DefaultTimeoutStartSec", config_parse_sec, 0, &arg_default_timeout_start_usec },
{ "Manager", "DefaultTimeoutStopSec", config_parse_sec, 0, &arg_default_timeout_stop_usec },
{ "Manager", "DefaultTimeoutAbortSec", config_parse_default_timeout_abort, 0, NULL },
{ "Manager", "DefaultRestartSec", config_parse_sec, 0, &arg_default_restart_usec },
{ "Manager", "DefaultStartLimitInterval", config_parse_sec, 0, &arg_default_start_limit_interval }, /* obsolete alias */
{ "Manager", "DefaultStartLimitIntervalSec", config_parse_sec, 0, &arg_default_start_limit_interval },
{ "Manager", "DefaultStartLimitBurst", config_parse_unsigned, 0, &arg_default_start_limit_burst },
{ "Manager", "DefaultEnvironment", config_parse_environ, 0, &arg_default_environment },
{ "Manager", "DefaultLimitCPU", config_parse_rlimit, RLIMIT_CPU, arg_default_rlimit },
{ "Manager", "DefaultLimitFSIZE", config_parse_rlimit, RLIMIT_FSIZE, arg_default_rlimit },
{ "Manager", "DefaultLimitDATA", config_parse_rlimit, RLIMIT_DATA, arg_default_rlimit },
{ "Manager", "DefaultLimitSTACK", config_parse_rlimit, RLIMIT_STACK, arg_default_rlimit },
{ "Manager", "DefaultLimitCORE", config_parse_rlimit, RLIMIT_CORE, arg_default_rlimit },
{ "Manager", "DefaultLimitRSS", config_parse_rlimit, RLIMIT_RSS, arg_default_rlimit },
{ "Manager", "DefaultLimitNOFILE", config_parse_rlimit, RLIMIT_NOFILE, arg_default_rlimit },
{ "Manager", "DefaultLimitAS", config_parse_rlimit, RLIMIT_AS, arg_default_rlimit },
{ "Manager", "DefaultLimitNPROC", config_parse_rlimit, RLIMIT_NPROC, arg_default_rlimit },
{ "Manager", "DefaultLimitMEMLOCK", config_parse_rlimit, RLIMIT_MEMLOCK, arg_default_rlimit },
{ "Manager", "DefaultLimitLOCKS", config_parse_rlimit, RLIMIT_LOCKS, arg_default_rlimit },
{ "Manager", "DefaultLimitSIGPENDING", config_parse_rlimit, RLIMIT_SIGPENDING, arg_default_rlimit },
{ "Manager", "DefaultLimitMSGQUEUE", config_parse_rlimit, RLIMIT_MSGQUEUE, arg_default_rlimit },
{ "Manager", "DefaultLimitNICE", config_parse_rlimit, RLIMIT_NICE, arg_default_rlimit },
{ "Manager", "DefaultLimitRTPRIO", config_parse_rlimit, RLIMIT_RTPRIO, arg_default_rlimit },
{ "Manager", "DefaultLimitRTTIME", config_parse_rlimit, RLIMIT_RTTIME, arg_default_rlimit },
{ "Manager", "DefaultCPUAccounting", config_parse_tristate, 0, &arg_default_cpu_accounting },
{ "Manager", "DefaultIOAccounting", config_parse_bool, 0, &arg_default_io_accounting },
{ "Manager", "DefaultIPAccounting", config_parse_bool, 0, &arg_default_ip_accounting },
{ "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_default_blockio_accounting },
{ "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_default_memory_accounting },
{ "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_default_tasks_accounting },
{ "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max },
{ "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, 0, &arg_cad_burst_action },
{ "Manager", "DefaultOOMPolicy", config_parse_oom_policy, 0, &arg_default_oom_policy },
core: add a system-wide SystemCallArchitectures= setting This is useful to prohibit execution of non-native processes on systems, for example 32bit binaries on 64bit systems, this lowering the attack service on incorrect syscall and ioctl 32→64bit mappings.
2014-02-13 01:35:27 +01:00
{}
main: implement manager configuration file
2010-07-07 01:10:27 +02:00
};
core: Support system.conf.d and user.conf.d directories in the usual search paths
2014-11-29 10:06:04 +01:00
const char *fn, *conf_dirs_nulstr;
main: implement manager configuration file
2010-07-07 01:10:27 +02:00
core: remove ManagerRunningAs enum Previously, we had two enums ManagerRunningAs and UnitFileScope, that were mostly identical and converted from one to the other all the time. The latter had one more value UNIT_FILE_GLOBAL however. Let's simplify things, and remove ManagerRunningAs and replace it by UnitFileScope everywhere, thus making the translation unnecessary. Introduce two new macros MANAGER_IS_SYSTEM() and MANAGER_IS_USER() to simplify checking if we are running in one or the user context.
2016-02-24 21:24:23 +01:00
fn = arg_system ?
defs: rework CONF_DIRS_NULSTR() macro The macro is generically useful for putting together search paths, hence let's make it truly generic, by dropping the implicit ".d" appending it does, and leave that to the caller. Also rename it from CONF_DIRS_NULSTR() to CONF_PATHS_NULSTR(), since it's not strictly about dirs that way, but any kind of file system path. Also, mark CONF_DIR_SPLIT_USR() as internal macro by renaming it to _CONF_PATHS_SPLIT_USR() so that the leading underscore indicates that it's internal.
2015-11-10 15:57:21 +01:00
PKGSYSCONFDIR "/system.conf" :
PKGSYSCONFDIR "/user.conf";
core: remove ManagerRunningAs enum Previously, we had two enums ManagerRunningAs and UnitFileScope, that were mostly identical and converted from one to the other all the time. The latter had one more value UNIT_FILE_GLOBAL however. Let's simplify things, and remove ManagerRunningAs and replace it by UnitFileScope everywhere, thus making the translation unnecessary. Introduce two new macros MANAGER_IS_SYSTEM() and MANAGER_IS_USER() to simplify checking if we are running in one or the user context.
2016-02-24 21:24:23 +01:00
conf_dirs_nulstr = arg_system ?
defs: rework CONF_DIRS_NULSTR() macro The macro is generically useful for putting together search paths, hence let's make it truly generic, by dropping the implicit ".d" appending it does, and leave that to the caller. Also rename it from CONF_DIRS_NULSTR() to CONF_PATHS_NULSTR(), since it's not strictly about dirs that way, but any kind of file system path. Also, mark CONF_DIR_SPLIT_USR() as internal macro by renaming it to _CONF_PATHS_SPLIT_USR() so that the leading underscore indicates that it's internal.
2015-11-10 15:57:21 +01:00
CONF_PATHS_NULSTR("systemd/system.conf.d") :
CONF_PATHS_NULSTR("systemd/user.conf.d");
conf-parser: turn three bool function params into a flags fields This makes things more readable and fixes some issues with incorrect flag propagation between the various flavours of config_parse().
2017-11-09 00:26:11 +01:00
(void) config_parse_many_nulstr(fn, conf_dirs_nulstr, "Manager\0", config_item_table_lookup, items, CONFIG_PARSE_WARN, NULL);
core: rework unit timeout handling, and add new setting RuntimeMaxSec= This clean-ups timeout handling in PID 1. Specifically, instead of storing 0 in internal timeout variables as indication for a disabled timeout, use USEC_INFINITY which is in-line with how we do this in the rest of our code (following the logic that 0 means "no", and USEC_INFINITY means "never"). This also replace all usec_t additions with invocations to usec_add(), so that USEC_INFINITY is properly propagated, and sd-event considers it has indication for turning off the event source. This also alters the deserialization of the units to restart timeouts from the time they were originally started from. Before this patch timeouts would be restarted beginning with the time of the deserialization, which could lead to artificially prolonged timeouts if a daemon reload took place. Finally, a new RuntimeMaxSec= setting is introduced for service units, that specifies a maximum runtime after which a specific service is forcibly terminated. This is useful to put time limits on time-intensive processing jobs. This also simplifies the various xyz_spawn() calls of the various types in that explicit distruction of the timers is removed, as that is done anyway by the state change handlers, and a state change is always done when the xyz_spawn() calls fail. Fixes: #2249
2016-02-01 21:48:10 +01:00
/* Traditionally "0" was used to turn off the default unit timeouts. Fix this up so that we used USEC_INFINITY
* like everywhere else. */
if (arg_default_timeout_start_usec <= 0)
arg_default_timeout_start_usec = USEC_INFINITY;
if (arg_default_timeout_stop_usec <= 0)
arg_default_timeout_stop_usec = USEC_INFINITY;
main: implement manager configuration file
2010-07-07 01:10:27 +02:00
return 0;
}
main: rename manager_set_defaults() → set_manager_defaults() This function is really not a method of the Manager object (implemented in manager.c), but just a helper in main.c. Hence let's not confusingly name it the way methods are called.
2017-11-15 20:15:01 +01:00
static void set_manager_defaults(Manager *m) {
Reload manager defaults at daemon-reload "systemctl daemon-reload" should also update the manager defaults from /etc/systemd/system.conf. For details, see: http://lists.freedesktop.org/archives/systemd-devel/2015-June/033062.html Amended to use manager_set_defaults() as common function.
2015-06-29 11:26:27 +02:00
assert(m);
core: comment verbosely what the difference betweem set_manager_settings() and set_manager_defaults() is
2018-06-05 16:06:19 +02:00
/* Propagates the various default unit property settings into the manager object, i.e. properties that do not
* affect the manager itself, but are just what newly allocated units will have set if they haven't set
* anything else. (Also see set_manager_settings() for the settings that affect the manager's own behaviour) */
Reload manager defaults at daemon-reload "systemctl daemon-reload" should also update the manager defaults from /etc/systemd/system.conf. For details, see: http://lists.freedesktop.org/archives/systemd-devel/2015-June/033062.html Amended to use manager_set_defaults() as common function.
2015-06-29 11:26:27 +02:00
m->default_timer_accuracy_usec = arg_default_timer_accuracy_usec;
m->default_std_output = arg_default_std_output;
m->default_std_error = arg_default_std_error;
m->default_timeout_start_usec = arg_default_timeout_start_usec;
m->default_timeout_stop_usec = arg_default_timeout_stop_usec;
service: handle abort stops with dedicated timeout When shooting down a service with SIGABRT the user might want to have a much longer stop timeout than on regular stops/shutdowns. Especially in the face of short stop timeouts the time might not be sufficient to write huge core dumps before the service is killed. This commit adds a dedicated (Default)TimeoutAbortSec= timer that is used when stopping a service via SIGABRT. In all other cases the existing TimeoutStopSec= is used. The timer value is unset by default to skip the special handling and use TimeoutStopSec= for state 'stop-watchdog' to keep the old behaviour. If the service is in state 'stop-watchdog' and the service should be stopped explicitly we still go to 'stop-sigterm' and re-apply the usual TimeoutStopSec= timeout.
2017-11-29 07:43:44 +01:00
m->default_timeout_abort_usec = arg_default_timeout_abort_usec;
m->default_timeout_abort_set = arg_default_timeout_abort_set;
Reload manager defaults at daemon-reload "systemctl daemon-reload" should also update the manager defaults from /etc/systemd/system.conf. For details, see: http://lists.freedesktop.org/archives/systemd-devel/2015-June/033062.html Amended to use manager_set_defaults() as common function.
2015-06-29 11:26:27 +02:00
m->default_restart_usec = arg_default_restart_usec;
m->default_start_limit_interval = arg_default_start_limit_interval;
m->default_start_limit_burst = arg_default_start_limit_burst;
cgroup v2: DefaultCPUAccounting=yes if CPU controller isn't required We now don't enable the CPU controller just for CPU accounting if we are on 4.15+ and using pure unified hierarchy, as this is provided externally to the CPU controller. This makes CPUAccounting=yes essentially free, so enabling it by default when it's cheap seems like a good idea.
2018-10-25 15:03:58 +02:00
/* On 4.15+ with unified hierarchy, CPU accounting is essentially free as it doesn't require the CPU
* controller to be enabled, so the default is to enable it unless we got told otherwise. */
if (arg_default_cpu_accounting >= 0)
m->default_cpu_accounting = arg_default_cpu_accounting;
else
m->default_cpu_accounting = cpu_accounting_is_cheap();
core: add io controller support on the unified hierarchy On the unified hierarchy, blkio controller is renamed to io and the interface is changed significantly. * blkio.weight and blkio.weight_device are consolidated into io.weight which uses the standardized weight range [1, 10000] with 100 as the default value. * blkio.throttle.{read|write}_{bps|iops}_device are consolidated into io.max. Expansion of throttling features is being worked on to support work-conserving absolute limits (io.low and io.high). * All stats are consolidated into io.stats. This patchset adds support for the new interface. As the interface has been revamped and new features are expected to be added, it seems best to treat it as a separate controller rather than trying to expand the blkio settings although we might add automatic translation if only blkio settings are specified. * io.weight handling is mostly identical to blkio.weight[_device] handling except that the weight range is different. * Both read and write bandwidth settings are consolidated into CGroupIODeviceLimit which describes all limits applicable to the device. This makes it less painful to add new limits. * "max" can be used to specify the maximum limit which is equivalent to no config for max limits and treated as such. If a given CGroupIODeviceLimit doesn't contain any non-default configs, the config struct is discarded once the no limit config is applied to cgroup. * lookup_blkio_device() is renamed to lookup_block_device(). Signed-off-by: Tejun Heo <htejun@fb.com>
2016-05-05 22:42:55 +02:00
m->default_io_accounting = arg_default_io_accounting;
manager: hook up IP accounting defaults
2017-09-01 16:04:50 +02:00
m->default_ip_accounting = arg_default_ip_accounting;
Reload manager defaults at daemon-reload "systemctl daemon-reload" should also update the manager defaults from /etc/systemd/system.conf. For details, see: http://lists.freedesktop.org/archives/systemd-devel/2015-June/033062.html Amended to use manager_set_defaults() as common function.
2015-06-29 11:26:27 +02:00
m->default_blockio_accounting = arg_default_blockio_accounting;
m->default_memory_accounting = arg_default_memory_accounting;
core: add support for the "pids" cgroup controller This adds support for the new "pids" cgroup controller of 4.3 kernels. It allows accounting the number of tasks in a cgroup and enforcing limits on it. This adds two new setting TasksAccounting= and TasksMax= to each unit, as well as a gloabl option DefaultTasksAccounting=. This also updated "cgtop" to optionally make use of the new kernel-provided accounting. systemctl has been updated to show the number of tasks for each service if it is available. This patch also adds correct support for undoing memory limits for units using a MemoryLimit=infinity syntax. We do the same for TasksMax= now and hence keep things in sync here.
2015-09-10 12:32:16 +02:00
m->default_tasks_accounting = arg_default_tasks_accounting;
core: add new DefaultTasksMax= setting for system.conf This allows initializing the TasksMax= setting of all units by default to some fixed value, instead of leaving it at infinity as before.
2015-11-13 17:13:55 +01:00
m->default_tasks_max = arg_default_tasks_max;
core: implement OOMPolicy= and watch cgroups for OOM killings This adds a new per-service OOMPolicy= (along with a global DefaultOOMPolicy=) that controls what to do if a process of the service is killed by the kernel's OOM killer. It has three different values: "continue" (old behaviour), "stop" (terminate the service), "kill" (let the kernel kill all the service's processes). On top of that, track OOM killer events per unit: generate a per-unit structured, recognizable log message when we see an OOM killer event, and put the service in a failure state if an OOM killer event was seen and the selected policy was not "continue". A new "result" is defined for this case: "oom-kill". All of this relies on new cgroupv2 kernel functionality: the "memory.events" notification interface and the "memory.oom.group" attribute (which makes the kernel kill all cgroup processes automatically).
2019-03-19 19:05:19 +01:00
m->default_oom_policy = arg_default_oom_policy;
Reload manager defaults at daemon-reload "systemctl daemon-reload" should also update the manager defaults from /etc/systemd/system.conf. For details, see: http://lists.freedesktop.org/archives/systemd-devel/2015-June/033062.html Amended to use manager_set_defaults() as common function.
2015-06-29 11:26:27 +02:00
main: when reloading PID 1 let's reset the default environment Otherwise we keep collecting stuff from env generators, and we really shouldn't. This was working properly on reexec but not on reload, as for reexec we would always start fresh, but for reload would reuse the Manager object and hence its default environment set. Fixes: #10671
2018-11-19 12:23:13 +01:00
(void) manager_set_default_rlimits(m, arg_default_rlimit);
(void) manager_default_environment(m);
(void) manager_transient_environment_add(m, arg_default_environment);
Reload manager defaults at daemon-reload "systemctl daemon-reload" should also update the manager defaults from /etc/systemd/system.conf. For details, see: http://lists.freedesktop.org/archives/systemd-devel/2015-June/033062.html Amended to use manager_set_defaults() as common function.
2015-06-29 11:26:27 +02:00
}
main: add set_manager_settings(), similar in style to set_manager_defaults()
2017-11-16 11:45:02 +01:00
static void set_manager_settings(Manager *m) {
assert(m);
core: comment verbosely what the difference betweem set_manager_settings() and set_manager_defaults() is
2018-06-05 16:06:19 +02:00
/* Propagates the various manager settings into the manager object, i.e. properties that effect the manager
* itself (as opposed to just being inherited into newly allocated units, see set_manager_defaults() above). */
main: add set_manager_settings(), similar in style to set_manager_defaults()
2017-11-16 11:45:02 +01:00
m->confirm_spawn = arg_confirm_spawn;
pid1: add option to disable service watchdogs Add a "systemd.service_watchdogs=" option to the command line which disables all service runtime watchdogs and emergency actions.
2017-03-20 13:10:43 +01:00
m->service_watchdogs = arg_service_watchdogs;
main: add set_manager_settings(), similar in style to set_manager_defaults()
2017-11-16 11:45:02 +01:00
m->runtime_watchdog = arg_runtime_watchdog;
core: rename ShutdownWatchdogSec to RebootWatchdogSec This option is only used on reboot, not on other types of shutdown modes, so it is misleading. Keep the old name working for backward compatibility, but remove it from the documentation.
2019-07-22 12:39:25 +02:00
m->reboot_watchdog = arg_reboot_watchdog;
core: add KExecWatchdogSec option Rather than always enabling the shutdown WD on kexec, which might be dangerous in case the kernel driver and/or the hardware implementation does not reset the wd on kexec, add a new timer, disabled by default, to let users optionally enable the shutdown WD on kexec separately from the runtime and reboot ones. Advise in the documentation to also use the runtime WD in conjunction with it. Fixes: a637d0f9ecbe ("core: set shutdown watchdog on kexec too")
2019-07-19 12:54:15 +02:00
m->kexec_watchdog = arg_kexec_watchdog;
main: add set_manager_settings(), similar in style to set_manager_defaults()
2017-11-16 11:45:02 +01:00
m->cad_burst_action = arg_cad_burst_action;
pid1: when printing status message status, give reason
2020-02-29 10:59:27 +01:00
manager_set_show_status(m, arg_show_status, "commandline");
Add config and kernel commandline option to use short identifiers No functional change, just docs and configuration and parsing. v2: - change ShortIdentifiers=yes|no to StatusUnitFormat=name|description.
2019-06-06 19:22:20 +02:00
m->status_unit_format = arg_status_unit_format;
main: add set_manager_settings(), similar in style to set_manager_defaults()
2017-11-16 11:45:02 +01:00
}
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
static int parse_argv(int argc, char *argv[]) {
enum {
ARG_LOG_LEVEL = 0x100,
ARG_LOG_TARGET,
log: make color/location logging optional
2010-06-17 22:52:55 +02:00
ARG_LOG_COLOR,
ARG_LOG_LOCATION,
main: rename systemd.default= to systemd.unit=
2010-06-09 15:38:46 +02:00
ARG_UNIT,
main: replace --running-as= by --session and --system do mimic related tools and D-Bus
2010-07-13 18:57:58 +02:00
ARG_SYSTEM,
drop support for MANAGER_SESSION, introduce MANAGER_USER instead
2010-11-15 22:12:41 +01:00
ARG_USER,
mount: implement mounting properly This also includes code that writes utmp/wtmp records when applicable, making use the mount infrastructure to detct when those files are accessible. Finally, this also introduces a --dump-configuration-items switch.
2010-04-10 17:53:17 +02:00
ARG_TEST,
systemd: use pager for --test and --help
2014-01-07 06:00:05 +01:00
ARG_NO_PAGER,
systemd: add --version option systemd --version mirrors systemctl --version: $ ./systemd --version systemd 186 other +PAM +LIBWRAP +AUDIT +SELINUX +IMA +SYSVINIT -LIBCRYPTSETUP This information can be retrieved by other means (systemctl, etc.), but it's easier for a newbie if 'systemd --version' says something useful. And 'systemd --help' is already there, so let's complement that with '--version'.
2012-07-17 07:31:47 +02:00
ARG_VERSION,
rework tty handling We now make sure to run all services in their own session, possibly with a controlling terminal. This also extends the service and socket state machines a little.
2010-04-13 02:06:27 +02:00
ARG_DUMP_CONFIGURATION_ITEMS,
core: add --dump-bus-properties option to systemd If systemd is invoked with this option, this dumps all bus properties. This may be useful for shell completion for `systemctl --property`.
2018-05-28 11:13:19 +02:00
ARG_DUMP_BUS_PROPERTIES,
manager: optionally print status updates to console on boot
2010-07-07 00:00:59 +02:00
ARG_DUMP_CORE,
core: rework crash handling This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-23 23:13:06 +02:00
ARG_CRASH_CHVT,
manager: optionally print status updates to console on boot
2010-07-07 00:00:59 +02:00
ARG_CRASH_SHELL,
core: rework crash handling This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-23 23:13:06 +02:00
ARG_CRASH_REBOOT,
reload: implement reload/reexec logic
2010-04-21 03:27:44 +02:00
ARG_CONFIRM_SPAWN,
manager: optionally print status updates to console on boot
2010-07-07 00:00:59 +02:00
ARG_SHOW_STATUS,
dbus: automatically generate and install introspection files
2010-05-23 03:45:33 +02:00
ARG_DESERIALIZE,
main: rename a few fix to follow general naming style
2012-05-21 19:48:04 +02:00
ARG_SWITCHED_ROOT,
exec: introduce global defaults for the standard output of services
2011-02-15 11:52:29 +01:00
ARG_DEFAULT_STD_OUTPUT,
core: Add machine-id setting Allow for overriding all other machine-ids which may be present on the system using a kernel command line systemd.machine_id or --machine-id= option. This is especially useful for network booted systems where the machine-id needs to be static, or for containers where a specific machine-id is wanted.
2015-07-06 00:00:59 +02:00
ARG_DEFAULT_STD_ERROR,
pid1: add option to disable service watchdogs Add a "systemd.service_watchdogs=" option to the command line which disables all service runtime watchdogs and emergency actions.
2017-03-20 13:10:43 +01:00
ARG_MACHINE_ID,
ARG_SERVICE_WATCHDOGS,
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
};
static const struct option options[] = {
reload: implement reload/reexec logic
2010-04-21 03:27:44 +02:00
{ "log-level", required_argument, NULL, ARG_LOG_LEVEL },
{ "log-target", required_argument, NULL, ARG_LOG_TARGET },
log: make color/location logging optional
2010-06-17 22:52:55 +02:00
{ "log-color", optional_argument, NULL, ARG_LOG_COLOR },
{ "log-location", optional_argument, NULL, ARG_LOG_LOCATION },
main: rename systemd.default= to systemd.unit=
2010-06-09 15:38:46 +02:00
{ "unit", required_argument, NULL, ARG_UNIT },
main: replace --running-as= by --session and --system do mimic related tools and D-Bus
2010-07-13 18:57:58 +02:00
{ "system", no_argument, NULL, ARG_SYSTEM },
drop support for MANAGER_SESSION, introduce MANAGER_USER instead
2010-11-15 22:12:41 +01:00
{ "user", no_argument, NULL, ARG_USER },
reload: implement reload/reexec logic
2010-04-21 03:27:44 +02:00
{ "test", no_argument, NULL, ARG_TEST },
systemd: use pager for --test and --help
2014-01-07 06:00:05 +01:00
{ "no-pager", no_argument, NULL, ARG_NO_PAGER },
reload: implement reload/reexec logic
2010-04-21 03:27:44 +02:00
{ "help", no_argument, NULL, 'h' },
systemd: add --version option systemd --version mirrors systemctl --version: $ ./systemd --version systemd 186 other +PAM +LIBWRAP +AUDIT +SELINUX +IMA +SYSVINIT -LIBCRYPTSETUP This information can be retrieved by other means (systemctl, etc.), but it's easier for a newbie if 'systemd --version' says something useful. And 'systemd --help' is already there, so let's complement that with '--version'.
2012-07-17 07:31:47 +02:00
{ "version", no_argument, NULL, ARG_VERSION },
reload: implement reload/reexec logic
2010-04-21 03:27:44 +02:00
{ "dump-configuration-items", no_argument, NULL, ARG_DUMP_CONFIGURATION_ITEMS },
core: add --dump-bus-properties option to systemd If systemd is invoked with this option, this dumps all bus properties. This may be useful for shell completion for `systemctl --property`.
2018-05-28 11:13:19 +02:00
{ "dump-bus-properties", no_argument, NULL, ARG_DUMP_BUS_PROPERTIES },
main: simplify+unify logic for parsing runtime booleans
2012-05-08 23:36:55 +02:00
{ "dump-core", optional_argument, NULL, ARG_DUMP_CORE },
core: rework crash handling This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-23 23:13:06 +02:00
{ "crash-chvt", required_argument, NULL, ARG_CRASH_CHVT },
main: simplify+unify logic for parsing runtime booleans
2012-05-08 23:36:55 +02:00
{ "crash-shell", optional_argument, NULL, ARG_CRASH_SHELL },
core: rework crash handling This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-23 23:13:06 +02:00
{ "crash-reboot", optional_argument, NULL, ARG_CRASH_REBOOT },
main: simplify+unify logic for parsing runtime booleans
2012-05-08 23:36:55 +02:00
{ "confirm-spawn", optional_argument, NULL, ARG_CONFIRM_SPAWN },
service: hide output of sysv scripts if quiet is passed on the kernel cmdline
2010-08-09 18:00:24 +02:00
{ "show-status", optional_argument, NULL, ARG_SHOW_STATUS },
reload: implement reload/reexec logic
2010-04-21 03:27:44 +02:00
{ "deserialize", required_argument, NULL, ARG_DESERIALIZE },
main: rename a few fix to follow general naming style
2012-05-21 19:48:04 +02:00
{ "switched-root", no_argument, NULL, ARG_SWITCHED_ROOT },
exec: introduce global defaults for the standard output of services
2011-02-15 11:52:29 +01:00
{ "default-standard-output", required_argument, NULL, ARG_DEFAULT_STD_OUTPUT, },
{ "default-standard-error", required_argument, NULL, ARG_DEFAULT_STD_ERROR, },
core: Add machine-id setting Allow for overriding all other machine-ids which may be present on the system using a kernel command line systemd.machine_id or --machine-id= option. This is especially useful for network booted systems where the machine-id needs to be static, or for containers where a specific machine-id is wanted.
2015-07-06 00:00:59 +02:00
{ "machine-id", required_argument, NULL, ARG_MACHINE_ID },
pid1: add option to disable service watchdogs Add a "systemd.service_watchdogs=" option to the command line which disables all service runtime watchdogs and emergency actions.
2017-03-20 13:10:43 +01:00
{ "service-watchdogs", required_argument, NULL, ARG_SERVICE_WATCHDOGS },
Some modernizations
2014-02-16 00:10:36 +01:00
{}
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
};
int c, r;
assert(argc >= 1);
assert(argv);
tree-wide: make use of getpid_cached() wherever we can This moves pretty much all uses of getpid() over to getpid_raw(). I didn't specifically check whether the optimization is worth it for each replacement, but in order to keep things simple and systematic I switched over everything at once.
2017-07-20 16:19:18 +02:00
if (getpid_cached() == 1)
main: don't parse /proc/cmdline in containers
2011-03-14 04:08:12 +01:00
opterr = 0;
main: properly handle -b boot option
2011-03-10 23:01:42 +01:00
while ((c = getopt_long(argc, argv, "hDbsz:", options, NULL)) >= 0)
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
switch (c) {
case ARG_LOG_LEVEL:
Some modernizations
2014-02-16 00:10:36 +01:00
r = log_set_max_level_from_string(optarg);
core/main: use return log_*_errno more
2018-07-25 12:50:14 +02:00
if (r < 0)
return log_error_errno(r, "Failed to parse log level \"%s\": %m", optarg);
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
break;
case ARG_LOG_TARGET:
Some modernizations
2014-02-16 00:10:36 +01:00
r = log_set_target_from_string(optarg);
core/main: use return log_*_errno more
2018-07-25 12:50:14 +02:00
if (r < 0)
return log_error_errno(r, "Failed to parse log target \"%s\": %m", optarg);
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
break;
log: make color/location logging optional
2010-06-17 22:52:55 +02:00
case ARG_LOG_COLOR:
main: don't segfault when --log-color is passed without parameter
2010-06-18 23:13:15 +02:00
if (optarg) {
Some modernizations
2014-02-16 00:10:36 +01:00
r = log_show_color_from_string(optarg);
core/main: use return log_*_errno more
2018-07-25 12:50:14 +02:00
if (r < 0)
return log_error_errno(r, "Failed to parse log color setting \"%s\": %m",
optarg);
main: don't segfault when --log-color is passed without parameter
2010-06-18 23:13:15 +02:00
} else
log_show_color(true);
log: make color/location logging optional
2010-06-17 22:52:55 +02:00
break;
case ARG_LOG_LOCATION:
main: don't segfault when --log-color is passed without parameter
2010-06-18 23:13:15 +02:00
if (optarg) {
Some modernizations
2014-02-16 00:10:36 +01:00
r = log_show_location_from_string(optarg);
core/main: use return log_*_errno more
2018-07-25 12:50:14 +02:00
if (r < 0)
return log_error_errno(r, "Failed to parse log location setting \"%s\": %m",
optarg);
main: don't segfault when --log-color is passed without parameter
2010-06-18 23:13:15 +02:00
} else
log_show_location(true);
log: make color/location logging optional
2010-06-17 22:52:55 +02:00
break;
exec: introduce global defaults for the standard output of services
2011-02-15 11:52:29 +01:00
case ARG_DEFAULT_STD_OUTPUT:
Some modernizations
2014-02-16 00:10:36 +01:00
r = exec_output_from_string(optarg);
core/main: use return log_*_errno more
2018-07-25 12:50:14 +02:00
if (r < 0)
return log_error_errno(r, "Failed to parse default standard output setting \"%s\": %m",
optarg);
arg_default_std_output = r;
exec: introduce global defaults for the standard output of services
2011-02-15 11:52:29 +01:00
break;
case ARG_DEFAULT_STD_ERROR:
Some modernizations
2014-02-16 00:10:36 +01:00
r = exec_output_from_string(optarg);
core/main: use return log_*_errno more
2018-07-25 12:50:14 +02:00
if (r < 0)
return log_error_errno(r, "Failed to parse default standard error output setting \"%s\": %m",
optarg);
arg_default_std_error = r;
exec: introduce global defaults for the standard output of services
2011-02-15 11:52:29 +01:00
break;
main: rename systemd.default= to systemd.unit=
2010-06-09 15:38:46 +02:00
case ARG_UNIT:
core: remove set_default_unit() The new free_and_strdup() call does pretty much the same thing these days, no need to keep a private limited purpose version around.
2015-09-23 01:14:34 +02:00
r = free_and_strdup(&arg_default_unit, optarg);
treewide: more log_*_errno + return simplifications
2014-11-28 18:23:20 +01:00
if (r < 0)
core/main: use return log_*_errno more
2018-07-25 12:50:14 +02:00
return log_error_errno(r, "Failed to set default unit \"%s\": %m", optarg);
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
break;
main: replace --running-as= by --session and --system do mimic related tools and D-Bus
2010-07-13 18:57:58 +02:00
case ARG_SYSTEM:
core: remove ManagerRunningAs enum Previously, we had two enums ManagerRunningAs and UnitFileScope, that were mostly identical and converted from one to the other all the time. The latter had one more value UNIT_FILE_GLOBAL however. Let's simplify things, and remove ManagerRunningAs and replace it by UnitFileScope everywhere, thus making the translation unnecessary. Introduce two new macros MANAGER_IS_SYSTEM() and MANAGER_IS_USER() to simplify checking if we are running in one or the user context.
2016-02-24 21:24:23 +01:00
arg_system = true;
main: replace --running-as= by --session and --system do mimic related tools and D-Bus
2010-07-13 18:57:58 +02:00
break;
manager: make running_as configurable
2010-04-06 23:55:42 +02:00
drop support for MANAGER_SESSION, introduce MANAGER_USER instead
2010-11-15 22:12:41 +01:00
case ARG_USER:
core: remove ManagerRunningAs enum Previously, we had two enums ManagerRunningAs and UnitFileScope, that were mostly identical and converted from one to the other all the time. The latter had one more value UNIT_FILE_GLOBAL however. Let's simplify things, and remove ManagerRunningAs and replace it by UnitFileScope everywhere, thus making the translation unnecessary. Introduce two new macros MANAGER_IS_SYSTEM() and MANAGER_IS_USER() to simplify checking if we are running in one or the user context.
2016-02-24 21:24:23 +01:00
arg_system = false;
manager: make running_as configurable
2010-04-06 23:55:42 +02:00
break;
main: implement --test
2010-04-07 00:10:17 +02:00
case ARG_TEST:
main: add a native implementation of the 'nomodules' kernel option understood by fedora init scripts
2010-07-06 20:21:08 +02:00
arg_action = ACTION_TEST;
systemd: use pager for --test and --help
2014-01-07 06:00:05 +01:00
break;
case ARG_NO_PAGER:
basic/pager: convert the pager options to a flags argument Pretty much everything uses just the first argument, and this doesn't make this common pattern more complicated, but makes it simpler to pass multiple options.
2018-11-11 12:56:29 +01:00
arg_pager_flags |= PAGER_DISABLE;
main: implement --test
2010-04-07 00:10:17 +02:00
break;
systemd: add --version option systemd --version mirrors systemctl --version: $ ./systemd --version systemd 186 other +PAM +LIBWRAP +AUDIT +SELINUX +IMA +SYSVINIT -LIBCRYPTSETUP This information can be retrieved by other means (systemctl, etc.), but it's easier for a newbie if 'systemd --version' says something useful. And 'systemd --help' is already there, so let's complement that with '--version'.
2012-07-17 07:31:47 +02:00
case ARG_VERSION:
arg_action = ACTION_VERSION;
break;
mount: implement mounting properly This also includes code that writes utmp/wtmp records when applicable, making use the mount infrastructure to detct when those files are accessible. Finally, this also introduces a --dump-configuration-items switch.
2010-04-10 17:53:17 +02:00
case ARG_DUMP_CONFIGURATION_ITEMS:
main: add a native implementation of the 'nomodules' kernel option understood by fedora init scripts
2010-07-06 20:21:08 +02:00
arg_action = ACTION_DUMP_CONFIGURATION_ITEMS;
mount: implement mounting properly This also includes code that writes utmp/wtmp records when applicable, making use the mount infrastructure to detct when those files are accessible. Finally, this also introduces a --dump-configuration-items switch.
2010-04-10 17:53:17 +02:00
break;
core: add --dump-bus-properties option to systemd If systemd is invoked with this option, this dumps all bus properties. This may be useful for shell completion for `systemctl --property`.
2018-05-28 11:13:19 +02:00
case ARG_DUMP_BUS_PROPERTIES:
arg_action = ACTION_DUMP_BUS_PROPERTIES;
break;
manager: optionally print status updates to console on boot
2010-07-07 00:00:59 +02:00
case ARG_DUMP_CORE:
core: rework crash handling This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-23 23:13:06 +02:00
if (!optarg)
arg_dump_core = true;
else {
r = parse_boolean(optarg);
if (r < 0)
core/main: use return log_*_errno more
2018-07-25 12:50:14 +02:00
return log_error_errno(r, "Failed to parse dump core boolean: \"%s\": %m",
optarg);
core: rework crash handling This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-23 23:13:06 +02:00
arg_dump_core = r;
main: simplify+unify logic for parsing runtime booleans
2012-05-08 23:36:55 +02:00
}
core: rework crash handling This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-23 23:13:06 +02:00
break;
case ARG_CRASH_CHVT:
core: move config_parse_* functions to a shared module Apart from making the code a little bit more clean, it should allow us to write a fuzzer around the config-parsing functions in the future
2019-06-20 18:51:42 +02:00
r = parse_crash_chvt(optarg, &arg_crash_chvt);
core: rework crash handling This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-23 23:13:06 +02:00
if (r < 0)
core/main: use return log_*_errno more
2018-07-25 12:50:14 +02:00
return log_error_errno(r, "Failed to parse crash virtual terminal index: \"%s\": %m",
optarg);
manager: optionally print status updates to console on boot
2010-07-07 00:00:59 +02:00
break;
case ARG_CRASH_SHELL:
core: rework crash handling This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-23 23:13:06 +02:00
if (!optarg)
arg_crash_shell = true;
else {
r = parse_boolean(optarg);
if (r < 0)
core/main: use return log_*_errno more
2018-07-25 12:50:14 +02:00
return log_error_errno(r, "Failed to parse crash shell boolean: \"%s\": %m",
optarg);
core: rework crash handling This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-23 23:13:06 +02:00
arg_crash_shell = r;
}
break;
case ARG_CRASH_REBOOT:
if (!optarg)
arg_crash_reboot = true;
else {
r = parse_boolean(optarg);
if (r < 0)
core/main: use return log_*_errno more
2018-07-25 12:50:14 +02:00
return log_error_errno(r, "Failed to parse crash shell boolean: \"%s\": %m",
optarg);
core: rework crash handling This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-23 23:13:06 +02:00
arg_crash_reboot = r;
main: simplify+unify logic for parsing runtime booleans
2012-05-08 23:36:55 +02:00
}
manager: optionally print status updates to console on boot
2010-07-07 00:00:59 +02:00
break;
rework tty handling We now make sure to run all services in their own session, possibly with a controlling terminal. This also extends the service and socket state machines a little.
2010-04-13 02:06:27 +02:00
case ARG_CONFIRM_SPAWN:
core: allow to redirect confirmation messages to a different console It's rather hard to parse the confirmation messages (enabled with systemd.confirm_spawn=true) amongst the status messages and the kernel ones (if enabled). This patch gives the possibility to the user to redirect the confirmation message to a different virtual console, either by giving its name or its path, so those messages are separated from the other ones and easier to read.
2016-11-02 10:38:22 +01:00
arg_confirm_spawn = mfree(arg_confirm_spawn);
r = parse_confirm_spawn(optarg, &arg_confirm_spawn);
if (r < 0)
core/main: use return log_*_errno more
2018-07-25 12:50:14 +02:00
return log_error_errno(r, "Failed to parse confirm spawn option: \"%s\": %m",
optarg);
rework tty handling We now make sure to run all services in their own session, possibly with a controlling terminal. This also extends the service and socket state machines a little.
2010-04-13 02:06:27 +02:00
break;
pid1: add option to disable service watchdogs Add a "systemd.service_watchdogs=" option to the command line which disables all service runtime watchdogs and emergency actions.
2017-03-20 13:10:43 +01:00
case ARG_SERVICE_WATCHDOGS:
r = parse_boolean(optarg);
if (r < 0)
core/main: use return log_*_errno more
2018-07-25 12:50:14 +02:00
return log_error_errno(r, "Failed to parse service watchdogs boolean: \"%s\": %m",
optarg);
pid1: add option to disable service watchdogs Add a "systemd.service_watchdogs=" option to the command line which disables all service runtime watchdogs and emergency actions.
2017-03-20 13:10:43 +01:00
arg_service_watchdogs = r;
break;
manager: optionally print status updates to console on boot
2010-07-07 00:00:59 +02:00
case ARG_SHOW_STATUS:
manager: add systemd.show_status=auto mode When set to auto, status will shown when the first ephemeral message is shown (a job has been running for five seconds). Then until the boot or shutdown ends, status messages will be shown. No indication about the switch is done: I think it should be clear for the user that first the cylon eye and the ephemeral messages appear, and afterwards messages are displayed. The initial arming of the event source was still wrong, but now should really be fixed.
2014-01-28 04:27:07 +01:00
if (optarg) {
r = parse_show_status(optarg, &arg_show_status);
main: use log_error_errno() at one more place
2018-07-23 13:03:46 +02:00
if (r < 0)
core/main: use return log_*_errno more
2018-07-25 12:50:14 +02:00
return log_error_errno(r, "Failed to parse show status boolean: \"%s\": %m",
optarg);
manager: add systemd.show_status=auto mode When set to auto, status will shown when the first ephemeral message is shown (a job has been running for five seconds). Then until the boot or shutdown ends, status messages will be shown. No indication about the switch is done: I think it should be clear for the user that first the cylon eye and the ephemeral messages appear, and afterwards messages are displayed. The initial arming of the event source was still wrong, but now should really be fixed.
2014-01-28 04:27:07 +01:00
} else
arg_show_status = SHOW_STATUS_YES;
service: hide output of sysv scripts if quiet is passed on the kernel cmdline
2010-08-09 18:00:24 +02:00
break;
main: simplify+unify logic for parsing runtime booleans
2012-05-08 23:36:55 +02:00
reload: implement reload/reexec logic
2010-04-21 03:27:44 +02:00
case ARG_DESERIALIZE: {
int fd;
FILE *f;
socket: support socket activation of containers
2012-12-22 19:30:07 +01:00
r = safe_atoi(optarg, &fd);
core/main: use return log_*_errno more
2018-07-25 12:50:14 +02:00
if (r < 0)
log_error_errno(r, "Failed to parse deserialize option \"%s\": %m", optarg);
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-20 23:40:44 +01:00
if (fd < 0)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Invalid deserialize fd: %d",
fd);
reload: implement reload/reexec logic
2010-04-21 03:27:44 +02:00
core: rework crash handling This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-23 23:13:06 +02:00
(void) fd_cloexec(fd, true);
socket: support socket activation of containers
2012-12-22 19:30:07 +01:00
f = fdopen(fd, "r");
treewide: another round of simplifications Using the same scripts as in f647962d64e "treewide: yet more log_*_errno + return simplifications".
2014-11-28 19:57:32 +01:00
if (!f)
core/main: use return log_*_errno more
2018-07-25 12:50:14 +02:00
return log_error_errno(errno, "Failed to open serialization fd %d: %m", fd);
reload: implement reload/reexec logic
2010-04-21 03:27:44 +02:00
util: introduce safe_fclose() and port everything over to it Adds a coccinelle script to port things over automatically.
2015-09-09 15:20:10 +02:00
safe_fclose(arg_serialization);
core: add a system-wide SystemCallArchitectures= setting This is useful to prohibit execution of non-native processes on systems, for example 32bit binaries on 64bit systems, this lowering the attack service on incorrect syscall and ioctl 32→64bit mappings.
2014-02-13 01:35:27 +01:00
arg_serialization = f;
reload: implement reload/reexec logic
2010-04-21 03:27:44 +02:00
break;
}
main: rename a few fix to follow general naming style
2012-05-21 19:48:04 +02:00
case ARG_SWITCHED_ROOT:
main: properly queue default.target after switched root This also introduces rd.systemd.unit= to specify the unit to boot into in the initrd.
2012-05-22 02:35:22 +02:00
arg_switched_root = true;
core/main.c: add "--switchedroot" parameter If systemd serializes from a switch_root, it adds "--switchedroot" to the systemd in the real root. If "--switchedroot" is found, then we do not skip all the stuff, which is skipped for normal rexecs.
2012-05-16 14:22:42 +02:00
break;
core: Add machine-id setting Allow for overriding all other machine-ids which may be present on the system using a kernel command line systemd.machine_id or --machine-id= option. This is especially useful for network booted systems where the machine-id needs to be static, or for containers where a specific machine-id is wanted.
2015-07-06 00:00:59 +02:00
case ARG_MACHINE_ID:
r = set_machine_id(optarg);
main: minor simplification
2016-08-26 17:25:08 +02:00
if (r < 0)
core/main: use return log_*_errno more
2018-07-25 12:50:14 +02:00
return log_error_errno(r, "MachineID '%s' is not valid: %m", optarg);
core: Add machine-id setting Allow for overriding all other machine-ids which may be present on the system using a kernel command line systemd.machine_id or --machine-id= option. This is especially useful for network booted systems where the machine-id needs to be static, or for containers where a specific machine-id is wanted.
2015-07-06 00:00:59 +02:00
break;
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
case 'h':
main: add a native implementation of the 'nomodules' kernel option understood by fedora init scripts
2010-07-06 20:21:08 +02:00
arg_action = ACTION_HELP;
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
break;
main: introduce -D as quick acess to debugging
2010-07-13 20:06:29 +02:00
case 'D':
log_set_max_level(LOG_DEBUG);
break;
main: properly handle -b boot option
2011-03-10 23:01:42 +01:00
case 'b':
case 's':
case 'z':
/* Just to eat away the sysvinit kernel
* cmdline args without getopt() error
* messages that we'll parse in
* parse_proc_cmdline_word() or ignore. */
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
main: properly handle -b boot option
2011-03-10 23:01:42 +01:00
case '?':
tree-wide: make use of getpid_cached() wherever we can This moves pretty much all uses of getpid() over to getpid_raw(). I didn't specifically check whether the optimization is worth it for each replacement, but in order to keep things simple and systematic I switched over everything at once.
2017-07-20 16:19:18 +02:00
if (getpid_cached() != 1)
main: properly handle -b boot option
2011-03-10 23:01:42 +01:00
return -EINVAL;
Unify parse_argv style getopt is usually good at printing out a nice error message when commandline options are invalid. It distinguishes between an unknown option and a known option with a missing arg. It is better to let it do its job and not use opterr=0 unless we actually want to suppress messages. So remove opterr=0 in the few places where it wasn't really useful. When an error in options is encountered, we should not print a lengthy help() and overwhelm the user, when we know precisely what is wrong with the commandline. In addition, since help() prints to stdout, it should not be used except when requested with -h or --help. Also, simplify things here and there.
2014-08-02 17:12:21 +02:00
else
return 0;
main: properly handle -b boot option
2011-03-10 23:01:42 +01:00
Unify parse_argv style getopt is usually good at printing out a nice error message when commandline options are invalid. It distinguishes between an unknown option and a known option with a missing arg. It is better to let it do its job and not use opterr=0 unless we actually want to suppress messages. So remove opterr=0 in the few places where it wasn't really useful. When an error in options is encountered, we should not print a lengthy help() and overwhelm the user, when we know precisely what is wrong with the commandline. In addition, since help() prints to stdout, it should not be used except when requested with -h or --help. Also, simplify things here and there.
2014-08-02 17:12:21 +02:00
default:
assert_not_reached("Unhandled option code.");
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
}
tree-wide: make use of getpid_cached() wherever we can This moves pretty much all uses of getpid() over to getpid_raw(). I didn't specifically check whether the optimization is worth it for each replacement, but in order to keep things simple and systematic I switched over everything at once.
2017-07-20 16:19:18 +02:00
if (optind < argc && getpid_cached() != 1) {
main: interpret all argv[] arguments unconditionally when run in a container
2011-03-16 03:35:59 +01:00
/* Hmm, when we aren't run as init system
* let's complain about excess arguments */
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-20 23:40:44 +01:00
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Excess arguments.");
main: interpret all argv[] arguments unconditionally when run in a container
2011-03-16 03:35:59 +01:00
}
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
return 0;
}
static int help(void) {
tree-wide: add clickable man page link to all --help texts This is a bit like the info link in most of GNU's --help texts, but we don't do info but man pages, and we make them properly clickable on terminal supporting that, because awesome. I think it's generally advisable to link up our (brief) --help texts and our (more comprehensive) man pages a bit, so this should be an easy and straight-forward way to do it.
2018-08-09 10:32:31 +02:00
_cleanup_free_ char *link = NULL;
int r;
r = terminal_urlify_man("systemd", "1", &link);
if (r < 0)
return log_oom();
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
minor fixes to help texts
2010-06-24 00:08:42 +02:00
printf("%s [OPTIONS...]\n\n"
drop support for MANAGER_SESSION, introduce MANAGER_USER instead
2010-11-15 22:12:41 +01:00
"Starts up and maintains the system or user services.\n\n"
mount: implement mounting properly This also includes code that writes utmp/wtmp records when applicable, making use the mount infrastructure to detct when those files are accessible. Finally, this also introduces a --dump-configuration-items switch.
2010-04-10 17:53:17 +02:00
" -h --help Show this help\n"
add version argument to help function (#6377) Signed-off-by: Stefan Pietsch <mail.ipv4v6+gh@gmail.com>
2017-07-15 13:53:21 +02:00
" --version Show version\n"
doc: make clear that --system and --user only make sense with --test Fixes: #12843
2019-06-24 14:51:52 +02:00
" --test Determine initial transaction, dump it and exit\n"
" --system In combination with --test: operate as system service manager\n"
" --user In combination with --test: operate as per-user service manager\n"
systemd: use pager for --test and --help
2014-01-07 06:00:05 +01:00
" --no-pager Do not pipe output into a pager\n"
rework tty handling We now make sure to run all services in their own session, possibly with a controlling terminal. This also extends the service and socket state machines a little.
2010-04-13 02:06:27 +02:00
" --dump-configuration-items Dump understood unit configuration items\n"
core: add --dump-bus-properties option to systemd If systemd is invoked with this option, this dumps all bus properties. This may be useful for shell completion for `systemctl --property`.
2018-05-28 11:13:19 +02:00
" --dump-bus-properties Dump exposed bus properties\n"
manager: optionally print status updates to console on boot
2010-07-07 00:00:59 +02:00
" --unit=UNIT Set default unit\n"
core: rework crash handling This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-23 23:13:06 +02:00
" --dump-core[=BOOL] Dump core on crash\n"
" --crash-vt=NR Change to specified VT on crash\n"
" --crash-reboot[=BOOL] Reboot on crash\n"
" --crash-shell[=BOOL] Run shell on crash\n"
" --confirm-spawn[=BOOL] Ask for confirmation when spawning processes\n"
" --show-status[=BOOL] Show status updates on the console during bootup\n"
log: never ever log to syslog from PID 1, log to the journal again We don't support journal-less systems anyway, so let's avoid the confusion.
2014-08-11 20:08:08 +02:00
" --log-target=TARGET Set log target (console, journal, kmsg, journal-or-kmsg, null)\n"
manager: optionally print status updates to console on boot
2010-07-07 00:00:59 +02:00
" --log-level=LEVEL Set log level (debug, info, notice, warning, err, crit, alert, emerg)\n"
core: rework crash handling This introduces a new systemd.crash_reboot=1 kernel command line option that triggers a reboot after crashing. This also cleans up crash VT handling. Specifically, it cleans up the configuration setting, to be between 1..63 or a boolean. This is to replace the previous logic where "-1" meant disabled. We continue to accept that setting, but only document the boolean syntax instead. This also brings the documentation of the default settings in sync with what actually happens. The CrashChVT= configuration file setting is renamed to CrashChangeVT=, following our usual logic of not abbreviating unnecessarily. The old setting stays support for compat reasons. Fixes #1300
2015-09-23 23:13:06 +02:00
" --log-color[=BOOL] Highlight important log messages\n"
" --log-location[=BOOL] Include code location in log messages\n"
exec: introduce global defaults for the standard output of services
2011-02-15 11:52:29 +01:00
" --default-standard-output= Set default standard output for services\n"
tree-wide: add clickable man page link to all --help texts This is a bit like the info link in most of GNU's --help texts, but we don't do info but man pages, and we make them properly clickable on terminal supporting that, because awesome. I think it's generally advisable to link up our (brief) --help texts and our (more comprehensive) man pages a bit, so this should be an easy and straight-forward way to do it.
2018-08-09 10:32:31 +02:00
" --default-standard-error= Set default standard error output for services\n"
"\nSee the %s for details.\n"
, program_invocation_short_name
, link
);
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
return 0;
}
main: minor coding style update
2018-10-09 15:30:48 +02:00
static int prepare_reexecute(
Manager *m,
FILE **ret_f,
FDSet **ret_fds,
bool switching_root) {
core: modernize prepare_reexecute()
2015-09-23 01:11:30 +02:00
_cleanup_fdset_free_ FDSet *fds = NULL;
_cleanup_fclose_ FILE *f = NULL;
reload: implement reload/reexec logic
2010-04-21 03:27:44 +02:00
int r;
assert(m);
main: minor coding style update
2018-10-09 15:30:48 +02:00
assert(ret_f);
assert(ret_fds);
reload: implement reload/reexec logic
2010-04-21 03:27:44 +02:00
unit: don't serialize job state, only unit state across switch-root
2012-07-18 01:46:52 +02:00
r = manager_open_serialization(m, &f);
core: modernize prepare_reexecute()
2015-09-23 01:11:30 +02:00
if (r < 0)
return log_error_errno(r, "Failed to create serialization file: %m");
reload: implement reload/reexec logic
2010-04-21 03:27:44 +02:00
core: send out "Reloading" signal before and after doing a full reload/reexec of PID 1 Since we'll unload all units/job during a reload, and then readd them it is really useful for clients to be aware of this phase hence sent a signal out before and after. This signal is called "Reloading" (despite the fact that it is also sent out during reexecution, which we consider a special case in this context) and has one boolean parameter which is true for the signal sent before the reload, and false for the signal after the reload. The UnitRemoved/JobRremoved and UnitNew/JobNew due to the reloading are guranteed to be between the pair of Reloading messages.
2013-07-10 21:10:53 +02:00
/* Make sure nothing is really destructed when we shut down */
tree-wide: make ++/-- usage consistent WRT spacing Throughout the tree there's spurious use of spaces separating ++ and -- operators from their respective operands. Make ++ and -- operator consistent with the majority of existing uses; discard the spaces.
2016-02-23 05:32:04 +01:00
m->n_reloading++;
core: convert PID 1 to libsystemd-bus This patch converts PID 1 to libsystemd-bus and thus drops the dependency on libdbus. The only remaining code using libdbus is a test case that validates our bus marshalling against libdbus' marshalling, and this dependency can be turned off. This patch also adds a couple of things to libsystem-bus, that are necessary to make the port work: - Synthesizing of "Disconnected" messages when bus connections are severed. - Support for attaching multiple vtables for the same interface on the same path. This patch also fixes the SetDefaultTarget() and GetDefaultTarget() bus calls which used an inappropriate signature. As a side effect we will now generate PropertiesChanged messages which carry property contents, rather than just invalidation information.
2013-11-19 21:12:59 +01:00
bus_manager_send_reloading(m, true);
core: send out "Reloading" signal before and after doing a full reload/reexec of PID 1 Since we'll unload all units/job during a reload, and then readd them it is really useful for clients to be aware of this phase hence sent a signal out before and after. This signal is called "Reloading" (despite the fact that it is also sent out during reexecution, which we consider a special case in this context) and has one boolean parameter which is true for the signal sent before the reload, and false for the signal after the reload. The UnitRemoved/JobRremoved and UnitNew/JobNew due to the reloading are guranteed to be between the pair of Reloading messages.
2013-07-10 21:10:53 +02:00
unit: don't serialize job state, only unit state across switch-root
2012-07-18 01:46:52 +02:00
fds = fdset_new();
core: modernize prepare_reexecute()
2015-09-23 01:11:30 +02:00
if (!fds)
return log_oom();
reload: implement reload/reexec logic
2010-04-21 03:27:44 +02:00
Do not serialize environment, when switching root When switching root, i.e. LANG can be set to the locale of the initramfs or "C", if it was unset. When systemd deserializes LANG in the real root this would overwrite the setting previously gathered by locale_set(). To reproduce, boot with an initramfs without locale.conf or change /etc/locale.conf to a different language than the initramfs and check a daemon started by systemd: $ tr "$\000" '\n' </proc/$(pidof sshd)/environ | grep LANG LANG=C To prevent that, serialization of environment variables is skipped, when serializing for switching root. https://bugzilla.redhat.com/show_bug.cgi?id=949525
2013-04-08 14:05:24 +02:00
r = manager_serialize(m, f, fds, switching_root);
core: modernize prepare_reexecute()
2015-09-23 01:11:30 +02:00
if (r < 0)
core: rework serialization Let's be more careful with what we serialize: let's ensure we never serialize strings that are longer than LONG_LINE_MAX, so that we know we can read them back with read_line(…, LONG_LINE_MAX, …) safely. In order to implement this all serialization functions are move to serialize.[ch], and internally will do line size checks. We'd rather skip a serialization line (with a loud warning) than write an overly long line out. Of course, this is just a second level protection, after all the data we serialize shouldn't be this long in the first place. While we are at it also clean up logging: while serializing make sure to always log about errors immediately. Also, (void)ify all calls we don't expect errors in (or catch errors as part of the general fflush_and_check() at the end.
2018-10-17 20:40:09 +02:00
return r;
reload: implement reload/reexec logic
2010-04-21 03:27:44 +02:00
core: modernize prepare_reexecute()
2015-09-23 01:11:30 +02:00
if (fseeko(f, 0, SEEK_SET) == (off_t) -1)
return log_error_errno(errno, "Failed to rewind serialization fd: %m");
reload: implement reload/reexec logic
2010-04-21 03:27:44 +02:00
unit: don't serialize job state, only unit state across switch-root
2012-07-18 01:46:52 +02:00
r = fd_cloexec(fileno(f), false);
core: modernize prepare_reexecute()
2015-09-23 01:11:30 +02:00
if (r < 0)
return log_error_errno(r, "Failed to disable O_CLOEXEC for serialization: %m");
reload: implement reload/reexec logic
2010-04-21 03:27:44 +02:00
unit: don't serialize job state, only unit state across switch-root
2012-07-18 01:46:52 +02:00
r = fdset_cloexec(fds, false);
core: modernize prepare_reexecute()
2015-09-23 01:11:30 +02:00
if (r < 0)
return log_error_errno(r, "Failed to disable O_CLOEXEC for serialization fds: %m");
reload: implement reload/reexec logic
2010-04-21 03:27:44 +02:00
main: minor coding style update
2018-10-09 15:30:48 +02:00
*ret_f = TAKE_PTR(f);
*ret_fds = TAKE_PTR(fds);
reload: implement reload/reexec logic
2010-04-21 03:27:44 +02:00
core: modernize prepare_reexecute()
2015-09-23 01:11:30 +02:00
return 0;
reload: implement reload/reexec logic
2010-04-21 03:27:44 +02:00
}
main: bump fs.nr_open + fs.max-file to their largest possible values After discussions with kernel folks, a system with memcg really shouldn't need extra hard limits on file descriptors anymore, as they are properly accounted for by memcg anyway. Hence, let's bump these values to their maximums. This also adds a build time option to turn thiss off, to cover those users who do not want to use memcg.
2018-10-11 18:23:26 +02:00
static void bump_file_max_and_nr_open(void) {
/* Let's bump fs.file-max and fs.nr_open to their respective maximums. On current kernels large numbers of file
* descriptors are no longer a performance problem and their memory is properly tracked by memcg, thus counting
* them and limiting them in another two layers of limits is unnecessary and just complicates things. This
* function hence turns off 2 of the 4 levels of limits on file descriptors, and makes RLIMIT_NOLIMIT (soft +
* hard) the only ones that really matter. */
#if BUMP_PROC_SYS_FS_FILE_MAX || BUMP_PROC_SYS_FS_NR_OPEN
int r;
#endif
#if BUMP_PROC_SYS_FS_FILE_MAX
core: set fs.file-max sysctl to LONG_MAX rather than ULONG_MAX Since kernel 5.2 the kernel thankfully returns proper errors when we write a value out of range to the sysctl. Which however breaks writing ULONG_MAX to request the maximum value. Hence let's write the new maximum value instead, LONG_MAX. /cc @brauner Fixes: #12803
2019-06-17 10:51:25 +02:00
/* The maximum the kernel allows for this since 5.2 is LONG_MAX, use that. (Previously thing where
* different but the operation would fail silently.) */
main: use sysctl_writef() where appropriate
2019-07-12 11:04:12 +02:00
r = sysctl_writef("fs/file-max", "%li\n", LONG_MAX);
main: bump fs.nr_open + fs.max-file to their largest possible values After discussions with kernel folks, a system with memcg really shouldn't need extra hard limits on file descriptors anymore, as they are properly accounted for by memcg anyway. Hence, let's bump these values to their maximums. This also adds a build time option to turn thiss off, to cover those users who do not want to use memcg.
2018-10-11 18:23:26 +02:00
if (r < 0)
log_full_errno(IN_SET(r, -EROFS, -EPERM, -EACCES) ? LOG_DEBUG : LOG_WARNING, r, "Failed to bump fs.file-max, ignoring: %m");
#endif
#if BUMP_PROC_SYS_FS_NR_OPEN
int v = INT_MAX;
/* Arg! The kernel enforces maximum and minimum values on the fs.nr_open, but we don't really know what they
* are. The expression by which the maximum is determined is dependent on the architecture, and is something we
* don't really want to copy to userspace, as it is dependent on implementation details of the kernel. Since
* the kernel doesn't expose the maximum value to us, we can only try and hope. Hence, let's start with
* INT_MAX, and then keep halving the value until we find one that works. Ugly? Yes, absolutely, but kernel
* APIs are kernel APIs, so what do can we do... 🤯 */
for (;;) {
int k;
v &= ~(__SIZEOF_POINTER__ - 1); /* Round down to next multiple of the pointer size */
if (v < 1024) {
log_warning("Can't bump fs.nr_open, value too small.");
break;
}
k = read_nr_open();
if (k < 0) {
log_error_errno(k, "Failed to read fs.nr_open: %m");
break;
}
if (k >= v) { /* Already larger */
log_debug("Skipping bump, value is already larger.");
break;
}
main: use sysctl_writef() where appropriate
2019-07-12 11:04:12 +02:00
r = sysctl_writef("fs/nr_open", "%i\n", v);
main: bump fs.nr_open + fs.max-file to their largest possible values After discussions with kernel folks, a system with memcg really shouldn't need extra hard limits on file descriptors anymore, as they are properly accounted for by memcg anyway. Hence, let's bump these values to their maximums. This also adds a build time option to turn thiss off, to cover those users who do not want to use memcg.
2018-10-11 18:23:26 +02:00
if (r == -EINVAL) {
log_debug("Couldn't write fs.nr_open as %i, halving it.", v);
v /= 2;
continue;
}
if (r < 0) {
log_full_errno(IN_SET(r, -EROFS, -EPERM, -EACCES) ? LOG_DEBUG : LOG_WARNING, r, "Failed to bump fs.nr_open, ignoring: %m");
break;
}
log_debug("Successfully bumped fs.nr_open to %i", v);
break;
}
#endif
}
main: bump up RLIMIT_NOFILE for systemd itself For setups with many listening sockets the default kernel resource limit of 1024 fds is not enough. Bump this up to 64K to avoid any limitations in this regard. We are careful to pass on the kernel default to daemons however, since normally resource limits are a good to enforce, especially since select() can't handle fds > 1023.
2012-09-17 16:35:59 +02:00
static int bump_rlimit_nofile(struct rlimit *saved_rlimit) {
main: don't bump resource limits if they are higher than we need them anyway This matters in particular in the case of --user, since there we lack the privs to bump the limits up again later on when invoking children.
2019-01-16 18:05:14 +01:00
struct rlimit new_rlimit;
main: split out reading of /proc/sys/fs/nr_open into its own function This doesn't really reduce the code size over all, but it does make main.c shorter and more readable, and that's always a good thing.
2018-06-05 15:21:47 +02:00
int r, nr;
main: bump up RLIMIT_NOFILE for systemd itself For setups with many listening sockets the default kernel resource limit of 1024 fds is not enough. Bump this up to 64K to avoid any limitations in this regard. We are careful to pass on the kernel default to daemons however, since normally resource limits are a good to enforce, especially since select() can't handle fds > 1023.
2012-09-17 16:35:59 +02:00
core: raise the RLIMIT_NOFILE hard limit for all services by default Following the discussions with the kernel folks, let's substantially increase the hard limit (but not the soft limit) of RLIMIT_NOFILE to 256K for all services we start. Note that PID 1 itself bumps the limit even further, to the max the kernel allows. We can deal with that after all.
2018-10-01 17:56:52 +02:00
/* Get the underlying absolute limit the kernel enforces */
nr = read_nr_open();
main: don't bump resource limits if they are higher than we need them anyway This matters in particular in the case of --user, since there we lack the privs to bump the limits up again later on when invoking children.
2019-01-16 18:05:14 +01:00
/* Calculate the new limits to use for us. Never lower from what we inherited. */
new_rlimit = (struct rlimit) {
.rlim_cur = MAX((rlim_t) nr, saved_rlimit->rlim_cur),
.rlim_max = MAX((rlim_t) nr, saved_rlimit->rlim_max),
};
/* Shortcut if nothing changes. */
if (saved_rlimit->rlim_max >= new_rlimit.rlim_max &&
saved_rlimit->rlim_cur >= new_rlimit.rlim_cur) {
log_debug("RLIMIT_NOFILE is already as high or higher than we need it, not bumping.");
return 0;
}
core: raise the RLIMIT_NOFILE hard limit for all services by default Following the discussions with the kernel folks, let's substantially increase the hard limit (but not the soft limit) of RLIMIT_NOFILE to 256K for all services we start. Note that PID 1 itself bumps the limit even further, to the max the kernel allows. We can deal with that after all.
2018-10-01 17:56:52 +02:00
/* Bump up the resource limit for ourselves substantially, all the way to the maximum the kernel allows, for
* both hard and soft. */
main: don't bump resource limits if they are higher than we need them anyway This matters in particular in the case of --user, since there we lack the privs to bump the limits up again later on when invoking children.
2019-01-16 18:05:14 +01:00
r = setrlimit_closest(RLIMIT_NOFILE, &new_rlimit);
treewide: more log_*_errno + return simplifications
2014-11-28 18:23:20 +01:00
if (r < 0)
pid1: downgrade some rlimit warnings Since we ignore the result anyway, downgrade errors to warning. log_oom() will still emit an error, but that's mostly theoretical, so it is not worth complicating the code to avoid the small inconsistency
2016-10-18 19:38:41 +02:00
return log_warning_errno(r, "Setting RLIMIT_NOFILE failed, ignoring: %m");
main: bump up RLIMIT_NOFILE for systemd itself For setups with many listening sockets the default kernel resource limit of 1024 fds is not enough. Bump this up to 64K to avoid any limitations in this regard. We are careful to pass on the kernel default to daemons however, since normally resource limits are a good to enforce, especially since select() can't handle fds > 1023.
2012-09-17 16:35:59 +02:00
return 0;
}
main: bump RLIMIT_NOFILE for the root user substantially On current kernels BPF_MAP_TYPE_LPM_TRIE bpf maps are charged against RLIMIT_MEMLOCK even for privileged users that have CAP_IPC_LOCK. Given that mlock() generally ignores RLIMIT_MEMLOCK if CAP_IPC_LOCK is set this appears to be an oversight in the kernel. Either way, until that's fixed, let's just bump RLIMIT_MEMLOCK for the root user considerably, as the default is quite limiting, and doesn't permit us to create more than a few TRIE maps.
2017-09-21 19:43:07 +02:00
static int bump_rlimit_memlock(struct rlimit *saved_rlimit) {
main: don't bump resource limits if they are higher than we need them anyway This matters in particular in the case of --user, since there we lack the privs to bump the limits up again later on when invoking children.
2019-01-16 18:05:14 +01:00
struct rlimit new_rlimit;
main: bump RLIMIT_NOFILE for the root user substantially On current kernels BPF_MAP_TYPE_LPM_TRIE bpf maps are charged against RLIMIT_MEMLOCK even for privileged users that have CAP_IPC_LOCK. Given that mlock() generally ignores RLIMIT_MEMLOCK if CAP_IPC_LOCK is set this appears to be an oversight in the kernel. Either way, until that's fixed, let's just bump RLIMIT_MEMLOCK for the root user considerably, as the default is quite limiting, and doesn't permit us to create more than a few TRIE maps.
2017-09-21 19:43:07 +02:00
int r;
core: bump RLIMIT_NOFILE soft+hard limit for systemd itself in all cases Previously we'd do this for PID 1 only. Let's do this when running in user mode too, because we know we can handle it.
2018-10-01 18:11:52 +02:00
/* BPF_MAP_TYPE_LPM_TRIE bpf maps are charged against RLIMIT_MEMLOCK, even if we have CAP_IPC_LOCK which should
Fix typo
2019-12-25 14:16:27 +01:00
* normally disable such checks. We need them to implement IPAddressAllow= and IPAddressDeny=, hence let's bump
core: bump RLIMIT_NOFILE soft+hard limit for systemd itself in all cases Previously we'd do this for PID 1 only. Let's do this when running in user mode too, because we know we can handle it.
2018-10-01 18:11:52 +02:00
* the value high enough for our user. */
main: bump RLIMIT_NOFILE for the root user substantially On current kernels BPF_MAP_TYPE_LPM_TRIE bpf maps are charged against RLIMIT_MEMLOCK even for privileged users that have CAP_IPC_LOCK. Given that mlock() generally ignores RLIMIT_MEMLOCK if CAP_IPC_LOCK is set this appears to be an oversight in the kernel. Either way, until that's fixed, let's just bump RLIMIT_MEMLOCK for the root user considerably, as the default is quite limiting, and doesn't permit us to create more than a few TRIE maps.
2017-09-21 19:43:07 +02:00
main: don't bump resource limits if they are higher than we need them anyway This matters in particular in the case of --user, since there we lack the privs to bump the limits up again later on when invoking children.
2019-01-16 18:05:14 +01:00
/* Using MAX() on resource limits only is safe if RLIM_INFINITY is > 0. POSIX declares that rlim_t
* must be unsigned, hence this is a given, but let's make this clear here. */
assert_cc(RLIM_INFINITY > 0);
new_rlimit = (struct rlimit) {
.rlim_cur = MAX(HIGH_RLIMIT_MEMLOCK, saved_rlimit->rlim_cur),
.rlim_max = MAX(HIGH_RLIMIT_MEMLOCK, saved_rlimit->rlim_max),
};
if (saved_rlimit->rlim_max >= new_rlimit.rlim_cur &&
saved_rlimit->rlim_cur >= new_rlimit.rlim_max) {
log_debug("RLIMIT_MEMLOCK is already as high or higher than we need it, not bumping.");
return 0;
}
r = setrlimit_closest(RLIMIT_MEMLOCK, &new_rlimit);
main: bump RLIMIT_NOFILE for the root user substantially On current kernels BPF_MAP_TYPE_LPM_TRIE bpf maps are charged against RLIMIT_MEMLOCK even for privileged users that have CAP_IPC_LOCK. Given that mlock() generally ignores RLIMIT_MEMLOCK if CAP_IPC_LOCK is set this appears to be an oversight in the kernel. Either way, until that's fixed, let's just bump RLIMIT_MEMLOCK for the root user considerably, as the default is quite limiting, and doesn't permit us to create more than a few TRIE maps.
2017-09-21 19:43:07 +02:00
if (r < 0)
return log_warning_errno(r, "Setting RLIMIT_MEMLOCK failed, ignoring: %m");
return 0;
}
main: print warning if /usr is on a seperate partition
2011-02-23 01:10:20 +01:00
static void test_usr(void) {
core: update comment Initially, the check was that /usr is not a separate fs, and was later relaxed to allow /usr to be mounted in the initramfs. Documentation was updated in 9e93f6f09229ffdbc46ab, but this comment wasn't. Let's update it too.
2019-01-03 12:33:42 +01:00
/* Check that /usr is either on the same file system as / or mounted already. */
main: print warning if /usr is on a seperate partition
2011-02-23 01:10:20 +01:00
taint: add missing cgroups taint flag
2011-03-30 02:12:46 +02:00
if (dir_is_empty("/usr") <= 0)
return;
core: fix typo in log message
2015-01-05 14:12:47 +01:00
log_warning("/usr appears to be on its own filesystem and is not already mounted. This is not a supported setup. "
taint: add missing cgroups taint flag
2011-03-30 02:12:46 +02:00
"Some things will probably break (sometimes even silently) in mysterious ways. "
"Consult http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken for more information.");
}
core: add a system-wide SystemCallArchitectures= setting This is useful to prohibit execution of non-native processes on systems, for example 32bit binaries on 64bit systems, this lowering the attack service on incorrect syscall and ioctl 32→64bit mappings.
2014-02-13 01:35:27 +01:00
static int enforce_syscall_archs(Set *archs) {
build-sys: use #if Y instead of #ifdef Y everywhere The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
2017-10-03 10:41:51 +02:00
#if HAVE_SECCOMP
core: add a system-wide SystemCallArchitectures= setting This is useful to prohibit execution of non-native processes on systems, for example 32bit binaries on 64bit systems, this lowering the attack service on incorrect syscall and ioctl 32→64bit mappings.
2014-02-13 01:35:27 +01:00
int r;
core: do not fail at step SECCOMP if there is no kernel support (#4004) Fixes #3882
2016-08-22 21:40:58 +02:00
if (!is_seccomp_available())
return 0;
seccomp: rework seccomp code, to improve compat with some archs This substantially reworks the seccomp code, to ensure better compatibility with some architectures, including i386. So far we relied on libseccomp's internal handling of the multiple syscall ABIs supported on Linux. This is problematic however, as it does not define clear semantics if an ABI is not able to support specific seccomp rules we install. This rework hence changes a couple of things: - We no longer use seccomp_rule_add(), but only seccomp_rule_add_exact(), and fail the installation of a filter if the architecture doesn't support it. - We no longer rely on adding multiple syscall architectures to a single filter, but instead install a separate filter for each syscall architecture supported. This way, we can install a strict filter for x86-64, while permitting a less strict filter for i386. - All high-level filter additions are now moved from execute.c to seccomp-util.c, so that we can test them independently of the service execution logic. - Tests have been added for all types of our seccomp filters. - SystemCallFilters= and SystemCallArchitectures= are now implemented in independent filters and installation logic, as they semantically are very much independent of each other. Fixes: #4575
2016-12-27 15:28:25 +01:00
r = seccomp_restrict_archs(arg_syscall_archs);
core: add a system-wide SystemCallArchitectures= setting This is useful to prohibit execution of non-native processes on systems, for example 32bit binaries on 64bit systems, this lowering the attack service on incorrect syscall and ioctl 32→64bit mappings.
2014-02-13 01:35:27 +01:00
if (r < 0)
seccomp: rework seccomp code, to improve compat with some archs This substantially reworks the seccomp code, to ensure better compatibility with some architectures, including i386. So far we relied on libseccomp's internal handling of the multiple syscall ABIs supported on Linux. This is problematic however, as it does not define clear semantics if an ABI is not able to support specific seccomp rules we install. This rework hence changes a couple of things: - We no longer use seccomp_rule_add(), but only seccomp_rule_add_exact(), and fail the installation of a filter if the architecture doesn't support it. - We no longer rely on adding multiple syscall architectures to a single filter, but instead install a separate filter for each syscall architecture supported. This way, we can install a strict filter for x86-64, while permitting a less strict filter for i386. - All high-level filter additions are now moved from execute.c to seccomp-util.c, so that we can test them independently of the service execution logic. - Tests have been added for all types of our seccomp filters. - SystemCallFilters= and SystemCallArchitectures= are now implemented in independent filters and installation logic, as they semantically are very much independent of each other. Fixes: #4575
2016-12-27 15:28:25 +01:00
return log_error_errno(r, "Failed to enforce system call architecture restrication: %m");
core: add a system-wide SystemCallArchitectures= setting This is useful to prohibit execution of non-native processes on systems, for example 32bit binaries on 64bit systems, this lowering the attack service on incorrect syscall and ioctl 32→64bit mappings.
2014-02-13 01:35:27 +01:00
#endif
seccomp: rework seccomp code, to improve compat with some archs This substantially reworks the seccomp code, to ensure better compatibility with some architectures, including i386. So far we relied on libseccomp's internal handling of the multiple syscall ABIs supported on Linux. This is problematic however, as it does not define clear semantics if an ABI is not able to support specific seccomp rules we install. This rework hence changes a couple of things: - We no longer use seccomp_rule_add(), but only seccomp_rule_add_exact(), and fail the installation of a filter if the architecture doesn't support it. - We no longer rely on adding multiple syscall architectures to a single filter, but instead install a separate filter for each syscall architecture supported. This way, we can install a strict filter for x86-64, while permitting a less strict filter for i386. - All high-level filter additions are now moved from execute.c to seccomp-util.c, so that we can test them independently of the service execution logic. - Tests have been added for all types of our seccomp filters. - SystemCallFilters= and SystemCallArchitectures= are now implemented in independent filters and installation logic, as they semantically are very much independent of each other. Fixes: #4575
2016-12-27 15:28:25 +01:00
return 0;
core: add a system-wide SystemCallArchitectures= setting This is useful to prohibit execution of non-native processes on systems, for example 32bit binaries on 64bit systems, this lowering the attack service on incorrect syscall and ioctl 32→64bit mappings.
2014-02-13 01:35:27 +01:00
}
core: fixate show_status earlier, so that we actually print the welcome message Previously, we'd fixed show_state only after printing the welcome message which had the effect that the welcome message was almost always suppressed.
2014-02-17 16:17:08 +01:00
static int status_welcome(void) {
_cleanup_free_ char *pretty_name = NULL, *ansi_color = NULL;
int r;
core: fix message about show status state We would say "Enabling" also for SHOW_STATUS_AUTO, which is actually "soft off". So just print the exact state to make things easier to understand. Also add a helper function to avoid repeating the enum value list. For #14814.
2020-02-28 22:49:19 +01:00
if (!show_status_on(arg_show_status))
main: let's move the arg_show_status check into status_welcome() It's kinda nice to hide this check inside of status_welcome() itself, so that it handles all this on its own.
2017-12-15 17:00:35 +01:00
return 0;
os-util: add helpers for finding /etc/os-release Place this new helpers in a new source file os-util.[ch], and move the existing and related call path_is_os_tree() to it as well.
2018-03-26 16:32:40 +02:00
r = parse_os_release(NULL,
"PRETTY_NAME", &pretty_name,
"ANSI_COLOR", &ansi_color,
NULL);
if (r < 0)
log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_WARNING, r,
"Failed to read os-release file, ignoring: %m");
core: fixate show_status earlier, so that we actually print the welcome message Previously, we'd fixed show_state only after printing the welcome message which had the effect that the welcome message was almost always suppressed.
2014-02-17 16:17:08 +01:00
systemd: obey systemd.log_color config Fixes #2845.
2016-03-16 14:27:37 +01:00
if (log_get_show_color())
show-status: fold two bool flags function arguments into a flags parameter
2018-11-23 17:18:48 +01:00
return status_printf(NULL, 0,
systemd: obey systemd.log_color config Fixes #2845.
2016-03-16 14:27:37 +01:00
"\nWelcome to \x1B[%sm%s\x1B[0m!\n",
isempty(ansi_color) ? "1" : ansi_color,
isempty(pretty_name) ? "Linux" : pretty_name);
else
show-status: fold two bool flags function arguments into a flags parameter
2018-11-23 17:18:48 +01:00
return status_printf(NULL, 0,
systemd: obey systemd.log_color config Fixes #2845.
2016-03-16 14:27:37 +01:00
"\nWelcome to %s!\n",
isempty(pretty_name) ? "Linux" : pretty_name);
core: fixate show_status earlier, so that we actually print the welcome message Previously, we'd fixed show_state only after printing the welcome message which had the effect that the welcome message was almost always suppressed.
2014-02-17 16:17:08 +01:00
}
virt: rework container detection logic Instead of accessing /proc/1/environ directly, trying to read the $container variable from it, let's make PID 1 save the contents of that variable to /run/systemd/container. This allows us to detect containers without the need for CAP_SYS_PTRACE, which allows us to drop it from a number of daemons and from the file capabilities of systemd-detect-virt. Also, don't consider chroot a container technology anymore. After all, we don't consider file system namespaces container technology anymore, and hence chroot() should be considered a container even less.
2014-05-28 12:37:11 +02:00
static int write_container_id(void) {
const char *c;
core: bump net.unix.max_dgram_qlen really early during boot Only that way it actually has an effect on all our sockets, including $NOTIFY_SOCKET.
2015-11-02 09:34:05 +01:00
int r;
virt: rework container detection logic Instead of accessing /proc/1/environ directly, trying to read the $container variable from it, let's make PID 1 save the contents of that variable to /run/systemd/container. This allows us to detect containers without the need for CAP_SYS_PTRACE, which allows us to drop it from a number of daemons and from the file capabilities of systemd-detect-virt. Also, don't consider chroot a container technology anymore. After all, we don't consider file system namespaces container technology anymore, and hence chroot() should be considered a container even less.
2014-05-28 12:37:11 +02:00
c = getenv("container");
if (isempty(c))
return 0;
core: be more paranoid when mixing umask and fopen() Let's be extra careful with the umask when we use simple fopen(), as this creates files with 0777 by default.
2016-04-07 16:15:26 +02:00
RUN_WITH_UMASK(0022)
r = write_string_file("/run/systemd/container", c, WRITE_STRING_FILE_CREATE);
core: bump net.unix.max_dgram_qlen really early during boot Only that way it actually has an effect on all our sockets, including $NOTIFY_SOCKET.
2015-11-02 09:34:05 +01:00
if (r < 0)
core: fix typo
2015-11-04 13:18:59 +01:00
return log_warning_errno(r, "Failed to write /run/systemd/container, ignoring: %m");
core: bump net.unix.max_dgram_qlen really early during boot Only that way it actually has an effect on all our sockets, including $NOTIFY_SOCKET.
2015-11-02 09:34:05 +01:00
return 1;
}
static int bump_unix_max_dgram_qlen(void) {
_cleanup_free_ char *qlen = NULL;
unsigned long v;
int r;
util: add new write_string_filef() helper This new helper combines asprintf() and write_string_file() in one, which is useful at various places to shorten the code a bit.
2018-06-05 16:02:32 +02:00
/* Let's bump the net.unix.max_dgram_qlen sysctl. The kernel default of 16 is simply too low. We set the value
* really really early during boot, so that it is actually applied to all our sockets, including the
* $NOTIFY_SOCKET one. */
core: bump net.unix.max_dgram_qlen really early during boot Only that way it actually has an effect on all our sockets, including $NOTIFY_SOCKET.
2015-11-02 09:34:05 +01:00
r = read_one_line_file("/proc/sys/net/unix/max_dgram_qlen", &qlen);
if (r < 0)
core, sysctl: skip ENOENT for /proc/sys/net/unix/max_dgram_qlen sysctl is disabled for /proc mounted from an user namespace thus entries like /proc/sys/net/unix/max_dgram_qlen do not exist. In this case, skip the error and do not try to change the default for the AF_UNIX datagram queue length.
2018-11-05 23:06:14 +01:00
return log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_WARNING, r, "Failed to read AF_UNIX datagram queue length, ignoring: %m");
core: bump net.unix.max_dgram_qlen really early during boot Only that way it actually has an effect on all our sockets, including $NOTIFY_SOCKET.
2015-11-02 09:34:05 +01:00
r = safe_atolu(qlen, &v);
if (r < 0)
util: add new write_string_filef() helper This new helper combines asprintf() and write_string_file() in one, which is useful at various places to shorten the code a bit.
2018-06-05 16:02:32 +02:00
return log_warning_errno(r, "Failed to parse AF_UNIX datagram queue length '%s', ignoring: %m", qlen);
core: bump net.unix.max_dgram_qlen really early during boot Only that way it actually has an effect on all our sockets, including $NOTIFY_SOCKET.
2015-11-02 09:34:05 +01:00
if (v >= DEFAULT_UNIX_MAX_DGRAM_QLEN)
return 0;
tree-wide: set WRITE_STRING_FILE_DISABLE_BUFFER flag when we write files under /proc or /sys
2018-11-06 13:00:07 +01:00
r = write_string_filef("/proc/sys/net/unix/max_dgram_qlen", WRITE_STRING_FILE_DISABLE_BUFFER, "%lu", DEFAULT_UNIX_MAX_DGRAM_QLEN);
core: bump net.unix.max_dgram_qlen really early during boot Only that way it actually has an effect on all our sockets, including $NOTIFY_SOCKET.
2015-11-02 09:34:05 +01:00
if (r < 0)
return log_full_errno(IN_SET(r, -EROFS, -EPERM, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
"Failed to bump AF_UNIX datagram queue length, ignoring: %m");
return 1;
virt: rework container detection logic Instead of accessing /proc/1/environ directly, trying to read the $container variable from it, let's make PID 1 save the contents of that variable to /run/systemd/container. This allows us to detect containers without the need for CAP_SYS_PTRACE, which allows us to drop it from a number of daemons and from the file capabilities of systemd-detect-virt. Also, don't consider chroot a container technology anymore. After all, we don't consider file system namespaces container technology anymore, and hence chroot() should be considered a container even less.
2014-05-28 12:37:11 +02:00
}
pid1: initialize TERM environment variable correctly When systemd is started by the kernel, the kernel set the TERM environment variable unconditionnally to "linux" no matter the console device used. This might be an issue for dumb devices with no colors support. This patch uses default_term_for_tty() for getting a more accurate value. But it makes sure to keep the user preferences (if any) which might be passed via the kernel command line. For that purpose /proc should be mounted.
2016-06-20 18:54:21 +02:00
static int fixup_environment(void) {
_cleanup_free_ char *term = NULL;
main: minor optimization Let's remove one memory allocation in the common path.
2017-12-15 16:13:44 +01:00
const char *t;
pid1: initialize TERM environment variable correctly When systemd is started by the kernel, the kernel set the TERM environment variable unconditionnally to "linux" no matter the console device used. This might be an issue for dumb devices with no colors support. This patch uses default_term_for_tty() for getting a more accurate value. But it makes sure to keep the user preferences (if any) which might be passed via the kernel command line. For that purpose /proc should be mounted.
2016-06-20 18:54:21 +02:00
int r;
main: conditionalize fixup_environment() internally This code is executed before we parse command line/configuration parameters, hence let's not use arg_system to figure our how to clean up things, but instead PID == 1. Let's move that check inside of the function, to make things a bit more robust abstract from the outside. Also, let's add a log message about this, that was so far missing.
2017-12-15 17:54:20 +01:00
/* Only fix up the environment when we are started as PID 1 */
if (getpid_cached() != 1)
return 0;
/* We expect the environment to be set correctly if run inside a container. */
main: simplify things a bit by moving container check into fixup_environment()
2016-07-19 17:00:36 +02:00
if (detect_container() > 0)
return 0;
main: conditionalize fixup_environment() internally This code is executed before we parse command line/configuration parameters, hence let's not use arg_system to figure our how to clean up things, but instead PID == 1. Let's move that check inside of the function, to make things a bit more robust abstract from the outside. Also, let's add a log message about this, that was so far missing.
2017-12-15 17:54:20 +01:00
/* When started as PID1, the kernel uses /dev/console for our stdios and uses TERM=linux whatever the backend
* device used by the console. We try to make a better guess here since some consoles might not have support
* for color mode for example.
pid1: initialize TERM environment variable correctly When systemd is started by the kernel, the kernel set the TERM environment variable unconditionnally to "linux" no matter the console device used. This might be an issue for dumb devices with no colors support. This patch uses default_term_for_tty() for getting a more accurate value. But it makes sure to keep the user preferences (if any) which might be passed via the kernel command line. For that purpose /proc should be mounted.
2016-06-20 18:54:21 +02:00
*
main: conditionalize fixup_environment() internally This code is executed before we parse command line/configuration parameters, hence let's not use arg_system to figure our how to clean up things, but instead PID == 1. Let's move that check inside of the function, to make things a bit more robust abstract from the outside. Also, let's add a log message about this, that was so far missing.
2017-12-15 17:54:20 +01:00
* However if TERM was configured through the kernel command line then leave it alone. */
util-lib: various improvements to kernel command line parsing This improves kernel command line parsing in a number of ways: a) An kernel option "foo_bar=xyz" is now considered equivalent to "foo-bar-xyz", i.e. when comparing kernel command line option names "-" and "_" are now considered equivalent (this only applies to the option names though, not the option values!). Most of our kernel options used "-" as word separator in kernel command line options so far, but some used "_". With this change, which was a source of confusion for users (well, at least of one user: myself, I just couldn't remember that it's systemd.debug-shell, not systemd.debug_shell). Considering both as equivalent is inspired how modern kernel module loading normalizes all kernel module names to use underscores now too. b) All options previously using a dash for separating words in kernel command line options now use an underscore instead, in all documentation and in code. Since a) has been implemented this should not create any compatibility problems, but normalizes our documentation and our code. c) All kernel command line options which take booleans (or are boolean-like) have been reworked so that "foobar" (without argument) is now equivalent to "foobar=1" (but not "foobar=0"), thus normalizing the handling of our boolean arguments. Specifically this means systemd.debug-shell and systemd_debug_shell=1 are now entirely equivalent. d) All kernel command line options which take an argument, and where no argument is specified will now result in a log message. e.g. passing just "systemd.unit" will no result in a complain that it needs an argument. This is implemented in the proc_cmdline_missing_value() function. e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key() that parses booleans (following the logic explained in c). f) The proc_cmdline_parse() call's boolean argument has been replaced by a new flags argument that takes a common set of bits with proc_cmdline_get_key(). g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix. h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
r = proc_cmdline_get_key("TERM", 0, &term);
pid1: initialize TERM environment variable correctly When systemd is started by the kernel, the kernel set the TERM environment variable unconditionnally to "linux" no matter the console device used. This might be an issue for dumb devices with no colors support. This patch uses default_term_for_tty() for getting a more accurate value. But it makes sure to keep the user preferences (if any) which might be passed via the kernel command line. For that purpose /proc should be mounted.
2016-06-20 18:54:21 +02:00
if (r < 0)
return r;
main: minor optimization Let's remove one memory allocation in the common path.
2017-12-15 16:13:44 +01:00
t = term ?: default_term_for_tty("/dev/console");
if (setenv("TERM", t, 1) < 0)
pid1: initialize TERM environment variable correctly When systemd is started by the kernel, the kernel set the TERM environment variable unconditionnally to "linux" no matter the console device used. This might be an issue for dumb devices with no colors support. This patch uses default_term_for_tty() for getting a more accurate value. But it makes sure to keep the user preferences (if any) which might be passed via the kernel command line. For that purpose /proc should be mounted.
2016-06-20 18:54:21 +02:00
return -errno;
core: unset HOME=/ that the kernel gives us Partially fixes #12389. %h would return "/" in a machine, but "/root" in a container. Let's fix this by resetting $HOME to the expected value.
2019-05-21 19:26:12 +02:00
/* The kernels sets HOME=/ for init. Let's undo this. */
if (path_equal_ptr(getenv("HOME"), "/") &&
unsetenv("HOME") < 0)
log_warning_errno(errno, "Failed to unset $HOME: %m");
pid1: initialize TERM environment variable correctly When systemd is started by the kernel, the kernel set the TERM environment variable unconditionnally to "linux" no matter the console device used. This might be an issue for dumb devices with no colors support. This patch uses default_term_for_tty() for getting a more accurate value. But it makes sure to keep the user preferences (if any) which might be passed via the kernel command line. For that purpose /proc should be mounted.
2016-06-20 18:54:21 +02:00
return 0;
}
core: let's shorten main() a bit, let's split out telinit redirection into a separate function
2017-11-16 11:48:45 +01:00
static void redirect_telinit(int argc, char *argv[]) {
/* This is compatibility support for SysV, where calling init as a user is identical to telinit. */
#if HAVE_SYSV_COMPAT
if (getpid_cached() == 1)
return;
if (!strstr(program_invocation_short_name, "init"))
return;
execv(SYSTEMCTL_BINARY_PATH, argv);
log_error_errno(errno, "Failed to exec " SYSTEMCTL_BINARY_PATH ": %m");
tree-wide: use EXIT_SUCCESS/EXIT_FAILURE in exit() where we can
2017-12-22 13:24:40 +01:00
exit(EXIT_FAILURE);
core: let's shorten main() a bit, let's split out telinit redirection into a separate function
2017-11-16 11:48:45 +01:00
#endif
}
main: let's make main() shorter, let's split out invocation of shutdown binary No functional changes
2017-11-16 11:54:53 +01:00
static int become_shutdown(
const char *shutdown_verb,
core: split out the core loop out of main() No real functional changes, just some rearranging to shorten the overly long main() function a bit. This gets rid of the arm_reboot_watchdog variable, as it can be directly derived from shutdown_verb, and we need it only one time. By dropping it we can reduce the number of arguments we need to pass around.
2017-12-06 20:47:28 +01:00
int retval) {
main: let's make main() shorter, let's split out invocation of shutdown binary No functional changes
2017-11-16 11:54:53 +01:00
char log_level[DECIMAL_STR_MAX(int) + 1],
shutdown: make kill timeout configurable (#7835) By default systemd-shutdown will wait for 90s after SIGTERM was sent for all processes to exit. This is way too long and effectively defeats an emergency watchdog reboot via "reboot-force" actions. Instead now use DefaultTimeoutStopSec which is configurable.
2018-01-10 19:00:20 +01:00
exit_code[DECIMAL_STR_MAX(uint8_t) + 1],
timeout[DECIMAL_STR_MAX(usec_t) + 1];
main: let's make main() shorter, let's split out invocation of shutdown binary No functional changes
2017-11-16 11:54:53 +01:00
shutdown: make kill timeout configurable (#7835) By default systemd-shutdown will wait for 90s after SIGTERM was sent for all processes to exit. This is way too long and effectively defeats an emergency watchdog reboot via "reboot-force" actions. Instead now use DefaultTimeoutStopSec which is configurable.
2018-01-10 19:00:20 +01:00
const char* command_line[13] = {
main: let's make main() shorter, let's split out invocation of shutdown binary No functional changes
2017-11-16 11:54:53 +01:00
SYSTEMD_SHUTDOWN_BINARY_PATH,
shutdown_verb,
shutdown: make kill timeout configurable (#7835) By default systemd-shutdown will wait for 90s after SIGTERM was sent for all processes to exit. This is way too long and effectively defeats an emergency watchdog reboot via "reboot-force" actions. Instead now use DefaultTimeoutStopSec which is configurable.
2018-01-10 19:00:20 +01:00
"--timeout", timeout,
main: let's make main() shorter, let's split out invocation of shutdown binary No functional changes
2017-11-16 11:54:53 +01:00
"--log-level", log_level,
"--log-target",
};
_cleanup_strv_free_ char **env_block = NULL;
shutdown: make kill timeout configurable (#7835) By default systemd-shutdown will wait for 90s after SIGTERM was sent for all processes to exit. This is way too long and effectively defeats an emergency watchdog reboot via "reboot-force" actions. Instead now use DefaultTimeoutStopSec which is configurable.
2018-01-10 19:00:20 +01:00
size_t pos = 7;
main: let's make main() shorter, let's split out invocation of shutdown binary No functional changes
2017-11-16 11:54:53 +01:00
int r;
core: add KExecWatchdogSec option Rather than always enabling the shutdown WD on kexec, which might be dangerous in case the kernel driver and/or the hardware implementation does not reset the wd on kexec, add a new timer, disabled by default, to let users optionally enable the shutdown WD on kexec separately from the runtime and reboot ones. Advise in the documentation to also use the runtime WD in conjunction with it. Fixes: a637d0f9ecbe ("core: set shutdown watchdog on kexec too")
2019-07-19 12:54:15 +02:00
usec_t watchdog_timer = 0;
main: let's make main() shorter, let's split out invocation of shutdown binary No functional changes
2017-11-16 11:54:53 +01:00
core: split out the core loop out of main() No real functional changes, just some rearranging to shorten the overly long main() function a bit. This gets rid of the arm_reboot_watchdog variable, as it can be directly derived from shutdown_verb, and we need it only one time. By dropping it we can reduce the number of arguments we need to pass around.
2017-12-06 20:47:28 +01:00
assert(shutdown_verb);
tree-wide: drop a few == NULL and != NULL comparison Our CODING_STYLE suggests not comparing with NULL, but relying on C's downgrade-to-bool feature for that. Fix up some code to match these guidelines. (This is not comprehensive, the coccinelle output for this is unfortunately kinda borked)
2017-12-08 20:52:38 +01:00
assert(!command_line[pos]);
main: let's make main() shorter, let's split out invocation of shutdown binary No functional changes
2017-11-16 11:54:53 +01:00
env_block = strv_copy(environ);
xsprintf(log_level, "%d", log_get_max_level());
shutdown: make kill timeout configurable (#7835) By default systemd-shutdown will wait for 90s after SIGTERM was sent for all processes to exit. This is way too long and effectively defeats an emergency watchdog reboot via "reboot-force" actions. Instead now use DefaultTimeoutStopSec which is configurable.
2018-01-10 19:00:20 +01:00
xsprintf(timeout, "%" PRI_USEC "us", arg_default_timeout_stop_usec);
main: let's make main() shorter, let's split out invocation of shutdown binary No functional changes
2017-11-16 11:54:53 +01:00
switch (log_get_target()) {
case LOG_TARGET_KMSG:
case LOG_TARGET_JOURNAL_OR_KMSG:
case LOG_TARGET_SYSLOG_OR_KMSG:
command_line[pos++] = "kmsg";
break;
case LOG_TARGET_NULL:
command_line[pos++] = "null";
break;
case LOG_TARGET_CONSOLE:
default:
command_line[pos++] = "console";
break;
};
if (log_get_show_color())
command_line[pos++] = "--log-color";
if (log_get_show_location())
command_line[pos++] = "--log-location";
if (streq(shutdown_verb, "exit")) {
command_line[pos++] = "--exit-code";
command_line[pos++] = exit_code;
xsprintf(exit_code, "%d", retval);
}
assert(pos < ELEMENTSOF(command_line));
core: add KExecWatchdogSec option Rather than always enabling the shutdown WD on kexec, which might be dangerous in case the kernel driver and/or the hardware implementation does not reset the wd on kexec, add a new timer, disabled by default, to let users optionally enable the shutdown WD on kexec separately from the runtime and reboot ones. Advise in the documentation to also use the runtime WD in conjunction with it. Fixes: a637d0f9ecbe ("core: set shutdown watchdog on kexec too")
2019-07-19 12:54:15 +02:00
if (streq(shutdown_verb, "reboot"))
core: rename ShutdownWatchdogSec to RebootWatchdogSec This option is only used on reboot, not on other types of shutdown modes, so it is misleading. Keep the old name working for backward compatibility, but remove it from the documentation.
2019-07-22 12:39:25 +02:00
watchdog_timer = arg_reboot_watchdog;
core: add KExecWatchdogSec option Rather than always enabling the shutdown WD on kexec, which might be dangerous in case the kernel driver and/or the hardware implementation does not reset the wd on kexec, add a new timer, disabled by default, to let users optionally enable the shutdown WD on kexec separately from the runtime and reboot ones. Advise in the documentation to also use the runtime WD in conjunction with it. Fixes: a637d0f9ecbe ("core: set shutdown watchdog on kexec too")
2019-07-19 12:54:15 +02:00
else if (streq(shutdown_verb, "kexec"))
watchdog_timer = arg_kexec_watchdog;
if (watchdog_timer > 0 && watchdog_timer != USEC_INFINITY) {
core: split out the core loop out of main() No real functional changes, just some rearranging to shorten the overly long main() function a bit. This gets rid of the arm_reboot_watchdog variable, as it can be directly derived from shutdown_verb, and we need it only one time. By dropping it we can reduce the number of arguments we need to pass around.
2017-12-06 20:47:28 +01:00
main: let's make main() shorter, let's split out invocation of shutdown binary No functional changes
2017-11-16 11:54:53 +01:00
char *e;
core: add KExecWatchdogSec option Rather than always enabling the shutdown WD on kexec, which might be dangerous in case the kernel driver and/or the hardware implementation does not reset the wd on kexec, add a new timer, disabled by default, to let users optionally enable the shutdown WD on kexec separately from the runtime and reboot ones. Advise in the documentation to also use the runtime WD in conjunction with it. Fixes: a637d0f9ecbe ("core: set shutdown watchdog on kexec too")
2019-07-19 12:54:15 +02:00
/* If we reboot or kexec let's set the shutdown
main: let's make main() shorter, let's split out invocation of shutdown binary No functional changes
2017-11-16 11:54:53 +01:00
* watchdog and tell the shutdown binary to
* repeatedly ping it */
core: add KExecWatchdogSec option Rather than always enabling the shutdown WD on kexec, which might be dangerous in case the kernel driver and/or the hardware implementation does not reset the wd on kexec, add a new timer, disabled by default, to let users optionally enable the shutdown WD on kexec separately from the runtime and reboot ones. Advise in the documentation to also use the runtime WD in conjunction with it. Fixes: a637d0f9ecbe ("core: set shutdown watchdog on kexec too")
2019-07-19 12:54:15 +02:00
r = watchdog_set_timeout(&watchdog_timer);
main: let's make main() shorter, let's split out invocation of shutdown binary No functional changes
2017-11-16 11:54:53 +01:00
watchdog_close(r < 0);
/* Tell the binary how often to ping, ignore failure */
core: add KExecWatchdogSec option Rather than always enabling the shutdown WD on kexec, which might be dangerous in case the kernel driver and/or the hardware implementation does not reset the wd on kexec, add a new timer, disabled by default, to let users optionally enable the shutdown WD on kexec separately from the runtime and reboot ones. Advise in the documentation to also use the runtime WD in conjunction with it. Fixes: a637d0f9ecbe ("core: set shutdown watchdog on kexec too")
2019-07-19 12:54:15 +02:00
if (asprintf(&e, "WATCHDOG_USEC="USEC_FMT, watchdog_timer) > 0)
core: Add WatchdogDevice config option and implement it This option allows a device path to be specified for the systemd watchdog (both runtime and shutdown). If a system requires a watchdog other than /dev/watchdog (pointing to /dev/watchdog0) to be used to reboot the system, this setting should be changed to the relevant watchdog device path (e.g. /dev/watchdog1).
2017-12-08 18:26:44 +01:00
(void) strv_consume(&env_block, e);
if (arg_watchdog_device &&
asprintf(&e, "WATCHDOG_DEVICE=%s", arg_watchdog_device) > 0)
(void) strv_consume(&env_block, e);
main: let's make main() shorter, let's split out invocation of shutdown binary No functional changes
2017-11-16 11:54:53 +01:00
} else
watchdog_close(true);
/* Avoid the creation of new processes forked by the
* kernel; at this point, we will not listen to the
* signals anyway */
if (detect_container() <= 0)
(void) cg_uninstall_release_agent(SYSTEMD_CGROUP_CONTROLLER);
execve(SYSTEMD_SHUTDOWN_BINARY_PATH, (char **) command_line, env_block);
return -errno;
}
main: let's make main() shorter, let's split out clock initialization no functional changes
2017-11-16 11:58:08 +01:00
static void initialize_clock(void) {
int r;
if (clock_is_localtime(NULL) > 0) {
int min;
/*
* The very first call of settimeofday() also does a time warp in the kernel.
*
* In the rtc-in-local time mode, we set the kernel's timezone, and rely on external tools to take care
* of maintaining the RTC and do all adjustments. This matches the behavior of Windows, which leaves
* the RTC alone if the registry tells that the RTC runs in UTC.
*/
r = clock_set_timezone(&min);
if (r < 0)
log_error_errno(r, "Failed to apply local time delta, ignoring: %m");
else
log_info("RTC configured in localtime, applying delta of %i minutes to system time.", min);
} else if (!in_initrd()) {
/*
* Do a dummy very first call to seal the kernel's time warp magic.
*
* Do not call this from inside the initrd. The initrd might not carry /etc/adjtime with LOCAL, but the
* real system could be set up that way. In such case, we need to delay the time-warp or the sealing
* until we reach the real system.
*
* Do no set the kernel's timezone. The concept of local time cannot be supported reliably, the time
* will jump or be incorrect at every daylight saving time change. All kernel local time concepts will
* be treated as UTC that way.
*/
(void) clock_reset_timewarp();
}
r = clock_apply_epoch();
if (r < 0)
log_error_errno(r, "Current system time is before build time, but cannot correct: %m");
else if (r > 0)
log_info("System time before build time, advancing clock.");
}
core: shorten main() a bit, split out coredump initialization No functional changes.
2017-11-16 12:02:39 +01:00
static void initialize_coredump(bool skip_setup) {
core: keep the kernel coredump defaults when systemd-coredump is disabled If systemd-coredump is disabled (at build time), PID1 should keep the (old) kernel defaults as they are.
2018-05-18 18:37:56 +02:00
#if ENABLE_COREDUMP
core: shorten main() a bit, split out coredump initialization No functional changes.
2017-11-16 12:02:39 +01:00
if (getpid_cached() != 1)
return;
/* Don't limit the core dump size, so that coredump handlers such as systemd-coredump (which honour the limit)
* will process core dumps for system services by default. */
if (setrlimit(RLIMIT_CORE, &RLIMIT_MAKE_CONST(RLIM_INFINITY)) < 0)
log_warning_errno(errno, "Failed to set RLIMIT_CORE: %m");
core: introduce systemd.early_core_pattern= kernel cmdline option Until a core dump handler is installed by systemd-sysctl, the generation of core dump for services is turned OFF which can make the debugging of the early boot process harder especially since there's no easy way to restore the core dump generation. This patch introduces a new kernel command line option which specifies an absolute path where the kernel should write the core dump file when an early process crashes. This will take effect until systemd-coredump (or any other handlers) takes over.
2018-10-08 16:09:59 +02:00
/* But at the same time, turn off the core_pattern logic by default, so that no
* coredumps are stored until the systemd-coredump tool is enabled via
* sysctl. However it can be changed via the kernel command line later so core
* dumps can still be generated during early startup and in initramfs. */
core: shorten main() a bit, split out coredump initialization No functional changes.
2017-11-16 12:02:39 +01:00
if (!skip_setup)
util: minor tweaks to disable_core_dumps() First, let's rename it to disable_coredumps(), as in the rest of our codebase we spell it "coredump" rather than "core_dump", so let's stick to that. However, also log about failures to turn off core dumpling on LOG_DEBUG, because debug logging is always a good idea.
2018-01-10 18:37:54 +01:00
disable_coredumps();
core: keep the kernel coredump defaults when systemd-coredump is disabled If systemd-coredump is disabled (at build time), PID1 should keep the (old) kernel defaults as they are.
2018-05-18 18:37:56 +02:00
#endif
core: shorten main() a bit, split out coredump initialization No functional changes.
2017-11-16 12:02:39 +01:00
}
core: introduce systemd.early_core_pattern= kernel cmdline option Until a core dump handler is installed by systemd-sysctl, the generation of core dump for services is turned OFF which can make the debugging of the early boot process harder especially since there's no easy way to restore the core dump generation. This patch introduces a new kernel command line option which specifies an absolute path where the kernel should write the core dump file when an early process crashes. This will take effect until systemd-coredump (or any other handlers) takes over.
2018-10-08 16:09:59 +02:00
static void initialize_core_pattern(bool skip_setup) {
int r;
if (skip_setup || !arg_early_core_pattern)
return;
if (getpid_cached() != 1)
return;
tree-wide: set WRITE_STRING_FILE_DISABLE_BUFFER flag when we write files under /proc or /sys
2018-11-06 13:00:07 +01:00
r = write_string_file("/proc/sys/kernel/core_pattern", arg_early_core_pattern, WRITE_STRING_FILE_DISABLE_BUFFER);
core: introduce systemd.early_core_pattern= kernel cmdline option Until a core dump handler is installed by systemd-sysctl, the generation of core dump for services is turned OFF which can make the debugging of the early boot process harder especially since there's no easy way to restore the core dump generation. This patch introduces a new kernel command line option which specifies an absolute path where the kernel should write the core dump file when an early process crashes. This will take effect until systemd-coredump (or any other handlers) takes over.
2018-10-08 16:09:59 +02:00
if (r < 0)
log_warning_errno(r, "Failed to write '%s' to /proc/sys/kernel/core_pattern, ignoring: %m", arg_early_core_pattern);
}
pid1: parse CPUAffinity= in incremental fashion This makes the handling of this option match what we do in unit files. I think consistency is important here. (As it happens, it is the only option in system.conf that is "non-atomic", i.e. where there's a list of things which can be split over multiple assignments. All other options are single-valued, so there's no issue of how to handle multiple assignments.)
2019-05-24 08:35:51 +02:00
static void update_cpu_affinity(bool skip_setup) {
_cleanup_free_ char *mask = NULL;
if (skip_setup || !arg_cpu_affinity.set)
return;
assert(arg_cpu_affinity.allocated > 0);
mask = cpu_set_to_string(&arg_cpu_affinity);
log_debug("Setting CPU affinity to %s.", strnull(mask));
if (sched_setaffinity(0, arg_cpu_affinity.allocated, arg_cpu_affinity.set) < 0)
log_warning_errno(errno, "Failed to set CPU affinity: %m");
}
core: introduce NUMAPolicy and NUMAMask options Make possible to set NUMA allocation policy for manager. Manager's policy is by default inherited to all forked off processes. However, it is possible to override the policy on per-service basis. Currently we support, these policies: default, prefer, bind, interleave, local. See man 2 set_mempolicy for details on each policy. Overall NUMA policy actually consists of two parts. Policy itself and bitmask representing NUMA nodes where is policy effective. Node mask can be specified using related option, NUMAMask. Default mask can be overwritten on per-service level.
2019-03-12 18:58:26 +01:00
static void update_numa_policy(bool skip_setup) {
int r;
_cleanup_free_ char *nodes = NULL;
const char * policy = NULL;
if (skip_setup || !mpol_is_valid(numa_policy_get_type(&arg_numa_policy)))
return;
if (DEBUG_LOGGING) {
policy = mpol_to_string(numa_policy_get_type(&arg_numa_policy));
nodes = cpu_set_to_range_string(&arg_numa_policy.nodes);
log_debug("Setting NUMA policy to %s, with nodes %s.", strnull(policy), strnull(nodes));
}
r = apply_numa_policy(&arg_numa_policy);
if (r == -EOPNOTSUPP)
log_debug_errno(r, "NUMA support not available, ignoring.");
else if (r < 0)
log_warning_errno(r, "Failed to set NUMA memory policy: %m");
}
core: split out reexecution code of main() into its own function No functional changes, just an attempt to shorten main() a bit.
2017-12-06 20:16:35 +01:00
static void do_reexecute(
int argc,
char *argv[],
const struct rlimit *saved_rlimit_nofile,
const struct rlimit *saved_rlimit_memlock,
FDSet *fds,
const char *switch_root_dir,
const char *switch_root_init,
const char **ret_error_message) {
unsigned i, j, args_size;
const char **args;
int r;
assert(saved_rlimit_nofile);
assert(saved_rlimit_memlock);
assert(ret_error_message);
/* Close and disarm the watchdog, so that the new instance can reinitialize it, but doesn't get rebooted while
* we do that */
watchdog_close(true);
main: add commenting, clean up handling of saved resource limits This doesn't really change behaviour, but adds comments and uses more symbolic names for everything, to make this more readable.
2019-01-16 14:50:03 +01:00
/* Reset RLIMIT_NOFILE + RLIMIT_MEMLOCK back to the kernel defaults, so that the new systemd can pass
* the kernel default to its child processes */
if (saved_rlimit_nofile->rlim_cur != 0)
core: split out reexecution code of main() into its own function No functional changes, just an attempt to shorten main() a bit.
2017-12-06 20:16:35 +01:00
(void) setrlimit(RLIMIT_NOFILE, saved_rlimit_nofile);
main: add commenting, clean up handling of saved resource limits This doesn't really change behaviour, but adds comments and uses more symbolic names for everything, to make this more readable.
2019-01-16 14:50:03 +01:00
if (saved_rlimit_memlock->rlim_cur != RLIM_INFINITY)
core: split out reexecution code of main() into its own function No functional changes, just an attempt to shorten main() a bit.
2017-12-06 20:16:35 +01:00
(void) setrlimit(RLIMIT_MEMLOCK, saved_rlimit_memlock);
if (switch_root_dir) {
/* Kill all remaining processes from the initrd, but don't wait for them, so that we can handle the
* SIGCHLD for them after deserializing. */
shutdown: make kill timeout configurable (#7835) By default systemd-shutdown will wait for 90s after SIGTERM was sent for all processes to exit. This is way too long and effectively defeats an emergency watchdog reboot via "reboot-force" actions. Instead now use DefaultTimeoutStopSec which is configurable.
2018-01-10 19:00:20 +01:00
broadcast_signal(SIGTERM, false, true, arg_default_timeout_stop_usec);
core: split out reexecution code of main() into its own function No functional changes, just an attempt to shorten main() a bit.
2017-12-06 20:16:35 +01:00
/* And switch root with MS_MOVE, because we remove the old directory afterwards and detach it. */
r = switch_root(switch_root_dir, "/mnt", true, MS_MOVE);
if (r < 0)
log_error_errno(r, "Failed to switch root, trying to continue: %m");
}
args_size = MAX(6, argc+1);
args = newa(const char*, args_size);
if (!switch_root_init) {
char sfd[DECIMAL_STR_MAX(int) + 1];
/* First try to spawn ourselves with the right path, and with full serialization. We do this only if
* the user didn't specify an explicit init to spawn. */
assert(arg_serialization);
assert(fds);
xsprintf(sfd, "%i", fileno(arg_serialization));
i = 0;
args[i++] = SYSTEMD_BINARY_PATH;
if (switch_root_dir)
args[i++] = "--switched-root";
args[i++] = arg_system ? "--system" : "--user";
args[i++] = "--deserialize";
args[i++] = sfd;
args[i++] = NULL;
assert(i <= args_size);
/*
* We want valgrind to print its memory usage summary before reexecution. Valgrind won't do this is on
* its own on exec(), but it will do it on exit(). Hence, to ensure we get a summary here, fork() off
* a child, let it exit() cleanly, so that it prints the summary, and wait() for it in the parent,
* before proceeding into the exec().
*/
valgrind_summary_hack();
(void) execv(args[0], (char* const*) args);
log_debug_errno(errno, "Failed to execute our own binary, trying fallback: %m");
}
/* Try the fallback, if there is any, without any serialization. We pass the original argv[] and envp[]. (Well,
* modulo the ordering changes due to getopt() in argv[], and some cleanups in envp[], but let's hope that
* doesn't matter.) */
arg_serialization = safe_fclose(arg_serialization);
fds = fdset_free(fds);
/* Reopen the console */
(void) make_console_stdio();
for (j = 1, i = 1; j < (unsigned) argc; j++)
args[i++] = argv[j];
args[i++] = NULL;
assert(i <= args_size);
codespell: fix spelling errors
2019-04-27 02:22:40 +02:00
/* Re-enable any blocked signals, especially important if we switch from initial ramdisk to init=... */
core: split out reexecution code of main() into its own function No functional changes, just an attempt to shorten main() a bit.
2017-12-06 20:16:35 +01:00
(void) reset_all_signal_handlers();
(void) reset_signal_mask();
tree-wide: invoke rlimit_nofile_safe() before various exec{v,ve,l}() invocations Whenever we invoke external, foreign code from code that has RLIMIT_NOFILE's soft limit bumped to high values, revert it to 1024 first. This is a safety precaution for compatibility with programs using select() which cannot operate with fds > 1024. This commit adds the call to rlimit_nofile_safe() to all invocations of exec{v,ve,l}() and friends that either are in code that we know runs with RLIMIT_NOFILE bumped up (which is PID 1 and all journal code for starters) or that is part of shared code that might end up there. The calls are placed as early as we can in processes invoking a flavour of execve(), but after the last time we do fd manipulations, so that we can still take benefit of the high fd limits for that.
2018-11-26 16:06:26 +01:00
(void) rlimit_nofile_safe();
core: split out reexecution code of main() into its own function No functional changes, just an attempt to shorten main() a bit.
2017-12-06 20:16:35 +01:00
if (switch_root_init) {
args[0] = switch_root_init;
pid1: restore the original environment passed by the kernel when switching to a new system manager PID1 may modified the environment passed by the kernel when it starts running. Commit 9d48671c62de133a2b9fe7c31e70c0ff8e68f2db unset $HOME for example. In case PID1 is going to switch to a new root and execute a new system manager which is not systemd, we should restore the original environment as the new manager might expect some variables to be set by default (more specifically $HOME).
2019-10-01 14:31:14 +02:00
(void) execve(args[0], (char* const*) args, saved_env);
core: split out reexecution code of main() into its own function No functional changes, just an attempt to shorten main() a bit.
2017-12-06 20:16:35 +01:00
log_warning_errno(errno, "Failed to execute configured init, trying fallback: %m");
}
args[0] = "/sbin/init";
(void) execv(args[0], (char* const*) args);
r = -errno;
manager_status_printf(NULL, STATUS_TYPE_EMERGENCY,
ANSI_HIGHLIGHT_RED " !! " ANSI_NORMAL,
"Failed to execute /sbin/init");
if (r == -ENOENT) {
log_warning("No /sbin/init, trying fallback");
args[0] = "/bin/sh";
args[1] = NULL;
pid1: restore the original environment passed by the kernel when switching to a new system manager PID1 may modified the environment passed by the kernel when it starts running. Commit 9d48671c62de133a2b9fe7c31e70c0ff8e68f2db unset $HOME for example. In case PID1 is going to switch to a new root and execute a new system manager which is not systemd, we should restore the original environment as the new manager might expect some variables to be set by default (more specifically $HOME).
2019-10-01 14:31:14 +02:00
(void) execve(args[0], (char* const*) args, saved_env);
core: split out reexecution code of main() into its own function No functional changes, just an attempt to shorten main() a bit.
2017-12-06 20:16:35 +01:00
log_error_errno(errno, "Failed to execute /bin/sh, giving up: %m");
} else
log_warning_errno(r, "Failed to execute /sbin/init, giving up: %m");
*ret_error_message = "Failed to execute fallback shell";
}
core: split out the core loop out of main() No real functional changes, just some rearranging to shorten the overly long main() function a bit. This gets rid of the arm_reboot_watchdog variable, as it can be directly derived from shutdown_verb, and we need it only one time. By dropping it we can reduce the number of arguments we need to pass around.
2017-12-06 20:47:28 +01:00
static int invoke_main_loop(
Manager *m,
pid1: make sure to restore correct default values for some rlimits Commit fb39af4ce42d7ef9af63009f271f404038703704 forgot to restore the default rlimit values (RLIMIT_NOFILE and RLIMIT_MEMLOCK) while PID1 is reloading. This patch extracts the code in charge of initializing the default values for those rlimits in order to create dedicated functions, which take care of their initialization. These functions are then called in parse_configuration() so we make sure that the default values for these rlimits get restored every time PID1 is reloading its configuration.
2019-07-10 17:00:46 +02:00
const struct rlimit *saved_rlimit_nofile,
const struct rlimit *saved_rlimit_memlock,
core: split out the core loop out of main() No real functional changes, just some rearranging to shorten the overly long main() function a bit. This gets rid of the arm_reboot_watchdog variable, as it can be directly derived from shutdown_verb, and we need it only one time. By dropping it we can reduce the number of arguments we need to pass around.
2017-12-06 20:47:28 +01:00
bool *ret_reexecute,
int *ret_retval, /* Return parameters relevant for shutting down */
const char **ret_shutdown_verb, /* … */
FDSet **ret_fds, /* Return parameters for reexecuting */
char **ret_switch_root_dir, /* … */
char **ret_switch_root_init, /* … */
const char **ret_error_message) {
int r;
assert(m);
pid1: make sure to restore correct default values for some rlimits Commit fb39af4ce42d7ef9af63009f271f404038703704 forgot to restore the default rlimit values (RLIMIT_NOFILE and RLIMIT_MEMLOCK) while PID1 is reloading. This patch extracts the code in charge of initializing the default values for those rlimits in order to create dedicated functions, which take care of their initialization. These functions are then called in parse_configuration() so we make sure that the default values for these rlimits get restored every time PID1 is reloading its configuration.
2019-07-10 17:00:46 +02:00
assert(saved_rlimit_nofile);
assert(saved_rlimit_memlock);
core: split out the core loop out of main() No real functional changes, just some rearranging to shorten the overly long main() function a bit. This gets rid of the arm_reboot_watchdog variable, as it can be directly derived from shutdown_verb, and we need it only one time. By dropping it we can reduce the number of arguments we need to pass around.
2017-12-06 20:47:28 +01:00
assert(ret_reexecute);
assert(ret_retval);
assert(ret_shutdown_verb);
assert(ret_fds);
assert(ret_switch_root_dir);
assert(ret_switch_root_init);
assert(ret_error_message);
for (;;) {
r = manager_loop(m);
if (r < 0) {
*ret_error_message = "Failed to run main loop";
return log_emergency_errno(r, "Failed to run main loop: %m");
}
core: make use of manager_loop()'s return value The objective is returned in the return value, let's make use of that, instead of reaching into the object.
2018-10-09 17:57:41 +02:00
switch ((ManagerObjective) r) {
core: split out the core loop out of main() No real functional changes, just some rearranging to shorten the overly long main() function a bit. This gets rid of the arm_reboot_watchdog variable, as it can be directly derived from shutdown_verb, and we need it only one time. By dropping it we can reduce the number of arguments we need to pass around.
2017-12-06 20:47:28 +01:00
pid1: preserve current value of log level across re-{load,execution} To make debugging easier, this patches allows one to change the log level and do reload/reexec without modifying configuration permanently, which makes debugging easier. Indeed if one changed the log max level at runtime (via the bus or via signals), the change was lost on the next daemon reload/reexecution. In order to restore the original value back (set via system.conf, environment variables or any other means), the empty string in the "LogLevel" property is now supported as well as sending SIGRTMIN+23 signal.
2018-05-30 17:57:23 +02:00
case MANAGER_RELOAD: {
pid1: preserve current value of log target across re-{load,execution} To make debugging easier, this patches allows one to change the log target and do reload/reexec without modifying configuration permanently, which makes debugging easier. Indeed if one changed the log target at runtime (via the bus or via signals), the change was lost on the next reload/reexecution. In order to restore back the default value (set via system.conf, environment variables or any other means ), the empty string in the "LogTarget" property is now supported as well as sending SIGTRMIN+26 signal.
2018-06-01 18:21:03 +02:00
LogTarget saved_log_target;
pid1: preserve current value of log level across re-{load,execution} To make debugging easier, this patches allows one to change the log level and do reload/reexec without modifying configuration permanently, which makes debugging easier. Indeed if one changed the log max level at runtime (via the bus or via signals), the change was lost on the next daemon reload/reexecution. In order to restore the original value back (set via system.conf, environment variables or any other means), the empty string in the "LogLevel" property is now supported as well as sending SIGRTMIN+23 signal.
2018-05-30 17:57:23 +02:00
int saved_log_level;
core: split out the core loop out of main() No real functional changes, just some rearranging to shorten the overly long main() function a bit. This gets rid of the arm_reboot_watchdog variable, as it can be directly derived from shutdown_verb, and we need it only one time. By dropping it we can reduce the number of arguments we need to pass around.
2017-12-06 20:47:28 +01:00
log_info("Reloading.");
Correct a number of trivial typos.
2018-06-18 22:43:12 +02:00
/* First, save any overridden log level/target, then parse the configuration file, which might
pid1: preserve current value of log target across re-{load,execution} To make debugging easier, this patches allows one to change the log target and do reload/reexec without modifying configuration permanently, which makes debugging easier. Indeed if one changed the log target at runtime (via the bus or via signals), the change was lost on the next reload/reexecution. In order to restore back the default value (set via system.conf, environment variables or any other means ), the empty string in the "LogTarget" property is now supported as well as sending SIGTRMIN+26 signal.
2018-06-01 18:21:03 +02:00
* change the log level to new settings. */
pid1: preserve current value of log level across re-{load,execution} To make debugging easier, this patches allows one to change the log level and do reload/reexec without modifying configuration permanently, which makes debugging easier. Indeed if one changed the log max level at runtime (via the bus or via signals), the change was lost on the next daemon reload/reexecution. In order to restore the original value back (set via system.conf, environment variables or any other means), the empty string in the "LogLevel" property is now supported as well as sending SIGRTMIN+23 signal.
2018-05-30 17:57:23 +02:00
saved_log_level = m->log_level_overridden ? log_get_max_level() : -1;
pid1: preserve current value of log target across re-{load,execution} To make debugging easier, this patches allows one to change the log target and do reload/reexec without modifying configuration permanently, which makes debugging easier. Indeed if one changed the log target at runtime (via the bus or via signals), the change was lost on the next reload/reexecution. In order to restore back the default value (set via system.conf, environment variables or any other means ), the empty string in the "LogTarget" property is now supported as well as sending SIGTRMIN+26 signal.
2018-06-01 18:21:03 +02:00
saved_log_target = m->log_target_overridden ? log_get_target() : _LOG_TARGET_INVALID;
pid1: preserve current value of log level across re-{load,execution} To make debugging easier, this patches allows one to change the log level and do reload/reexec without modifying configuration permanently, which makes debugging easier. Indeed if one changed the log max level at runtime (via the bus or via signals), the change was lost on the next daemon reload/reexecution. In order to restore the original value back (set via system.conf, environment variables or any other means), the empty string in the "LogLevel" property is now supported as well as sending SIGRTMIN+23 signal.
2018-05-30 17:57:23 +02:00
core: reload SELinux label cache on daemon-reload Reloading the SELinux label cache here enables a light-wight follow-up of a SELinux policy change, e.g. adding a label for a RuntimeDirectory. Closes: #13363
2019-11-27 19:43:47 +01:00
mac_selinux_reload();
pid1: make sure to restore correct default values for some rlimits Commit fb39af4ce42d7ef9af63009f271f404038703704 forgot to restore the default rlimit values (RLIMIT_NOFILE and RLIMIT_MEMLOCK) while PID1 is reloading. This patch extracts the code in charge of initializing the default values for those rlimits in order to create dedicated functions, which take care of their initialization. These functions are then called in parse_configuration() so we make sure that the default values for these rlimits get restored every time PID1 is reloading its configuration.
2019-07-10 17:00:46 +02:00
(void) parse_configuration(saved_rlimit_nofile, saved_rlimit_memlock);
core: split out the core loop out of main() No real functional changes, just some rearranging to shorten the overly long main() function a bit. This gets rid of the arm_reboot_watchdog variable, as it can be directly derived from shutdown_verb, and we need it only one time. By dropping it we can reduce the number of arguments we need to pass around.
2017-12-06 20:47:28 +01:00
set_manager_defaults(m);
pid1: parse CPUAffinity= in incremental fashion This makes the handling of this option match what we do in unit files. I think consistency is important here. (As it happens, it is the only option in system.conf that is "non-atomic", i.e. where there's a list of things which can be split over multiple assignments. All other options are single-valued, so there's no issue of how to handle multiple assignments.)
2019-05-24 08:35:51 +02:00
update_cpu_affinity(false);
core: introduce NUMAPolicy and NUMAMask options Make possible to set NUMA allocation policy for manager. Manager's policy is by default inherited to all forked off processes. However, it is possible to override the policy on per-service basis. Currently we support, these policies: default, prefer, bind, interleave, local. See man 2 set_mempolicy for details on each policy. Overall NUMA policy actually consists of two parts. Policy itself and bitmask representing NUMA nodes where is policy effective. Node mask can be specified using related option, NUMAMask. Default mask can be overwritten on per-service level.
2019-03-12 18:58:26 +01:00
update_numa_policy(false);
pid1: parse CPUAffinity= in incremental fashion This makes the handling of this option match what we do in unit files. I think consistency is important here. (As it happens, it is the only option in system.conf that is "non-atomic", i.e. where there's a list of things which can be split over multiple assignments. All other options are single-valued, so there's no issue of how to handle multiple assignments.)
2019-05-24 08:35:51 +02:00
pid1: preserve current value of log level across re-{load,execution} To make debugging easier, this patches allows one to change the log level and do reload/reexec without modifying configuration permanently, which makes debugging easier. Indeed if one changed the log max level at runtime (via the bus or via signals), the change was lost on the next daemon reload/reexecution. In order to restore the original value back (set via system.conf, environment variables or any other means), the empty string in the "LogLevel" property is now supported as well as sending SIGRTMIN+23 signal.
2018-05-30 17:57:23 +02:00
if (saved_log_level >= 0)
manager_override_log_level(m, saved_log_level);
pid1: preserve current value of log target across re-{load,execution} To make debugging easier, this patches allows one to change the log target and do reload/reexec without modifying configuration permanently, which makes debugging easier. Indeed if one changed the log target at runtime (via the bus or via signals), the change was lost on the next reload/reexecution. In order to restore back the default value (set via system.conf, environment variables or any other means ), the empty string in the "LogTarget" property is now supported as well as sending SIGTRMIN+26 signal.
2018-06-01 18:21:03 +02:00
if (saved_log_target >= 0)
manager_override_log_target(m, saved_log_target);
pid1: preserve current value of log level across re-{load,execution} To make debugging easier, this patches allows one to change the log level and do reload/reexec without modifying configuration permanently, which makes debugging easier. Indeed if one changed the log max level at runtime (via the bus or via signals), the change was lost on the next daemon reload/reexecution. In order to restore the original value back (set via system.conf, environment variables or any other means), the empty string in the "LogLevel" property is now supported as well as sending SIGRTMIN+23 signal.
2018-05-30 17:57:23 +02:00
core: split out the core loop out of main() No real functional changes, just some rearranging to shorten the overly long main() function a bit. This gets rid of the arm_reboot_watchdog variable, as it can be directly derived from shutdown_verb, and we need it only one time. By dropping it we can reduce the number of arguments we need to pass around.
2017-12-06 20:47:28 +01:00
r = manager_reload(m);
if (r < 0)
core: try to recover from failed reloads Let's simply continue with everything we loaded, in the hope it's somewhat useful.
2018-10-09 17:56:54 +02:00
/* Reloading failed before the point of no return. Let's continue running as if nothing happened. */
m->objective = MANAGER_OK;
core: split out the core loop out of main() No real functional changes, just some rearranging to shorten the overly long main() function a bit. This gets rid of the arm_reboot_watchdog variable, as it can be directly derived from shutdown_verb, and we need it only one time. By dropping it we can reduce the number of arguments we need to pass around.
2017-12-06 20:47:28 +01:00
break;
pid1: preserve current value of log level across re-{load,execution} To make debugging easier, this patches allows one to change the log level and do reload/reexec without modifying configuration permanently, which makes debugging easier. Indeed if one changed the log max level at runtime (via the bus or via signals), the change was lost on the next daemon reload/reexecution. In order to restore the original value back (set via system.conf, environment variables or any other means), the empty string in the "LogLevel" property is now supported as well as sending SIGRTMIN+23 signal.
2018-05-30 17:57:23 +02:00
}
core: split out the core loop out of main() No real functional changes, just some rearranging to shorten the overly long main() function a bit. This gets rid of the arm_reboot_watchdog variable, as it can be directly derived from shutdown_verb, and we need it only one time. By dropping it we can reduce the number of arguments we need to pass around.
2017-12-06 20:47:28 +01:00
case MANAGER_REEXECUTE:
r = prepare_reexecute(m, &arg_serialization, ret_fds, false);
if (r < 0) {
*ret_error_message = "Failed to prepare for reexecution";
return r;
}
log_notice("Reexecuting.");
*ret_reexecute = true;
*ret_retval = EXIT_SUCCESS;
*ret_shutdown_verb = NULL;
*ret_switch_root_dir = *ret_switch_root_init = NULL;
return 0;
case MANAGER_SWITCH_ROOT:
if (!m->switch_root_init) {
r = prepare_reexecute(m, &arg_serialization, ret_fds, true);
if (r < 0) {
*ret_error_message = "Failed to prepare for reexecution";
return r;
}
} else
*ret_fds = NULL;
log_notice("Switching root.");
*ret_reexecute = true;
*ret_retval = EXIT_SUCCESS;
*ret_shutdown_verb = NULL;
/* Steal the switch root parameters */
core: use TAKE_PTR() at few more places
2019-03-15 11:01:12 +01:00
*ret_switch_root_dir = TAKE_PTR(m->switch_root);
*ret_switch_root_init = TAKE_PTR(m->switch_root_init);
core: split out the core loop out of main() No real functional changes, just some rearranging to shorten the overly long main() function a bit. This gets rid of the arm_reboot_watchdog variable, as it can be directly derived from shutdown_verb, and we need it only one time. By dropping it we can reduce the number of arguments we need to pass around.
2017-12-06 20:47:28 +01:00
return 0;
case MANAGER_EXIT:
if (MANAGER_IS_USER(m)) {
log_debug("Exit.");
*ret_reexecute = false;
*ret_retval = m->return_value;
*ret_shutdown_verb = NULL;
*ret_fds = NULL;
*ret_switch_root_dir = *ret_switch_root_init = NULL;
return 0;
}
_fallthrough_;
case MANAGER_REBOOT:
case MANAGER_POWEROFF:
case MANAGER_HALT:
case MANAGER_KEXEC: {
core: rename ManagerExitCode → ManagerObjective "ExitCode" is a bit of a misnomer in two ways: it suggests this was about the "exit code" concept that exit()/waitid() deal with, but really isn't. Moreover, it's not event just about exiting either, but more often about reloading/reexecing or rebooting. Let's hence pick a new name for this that is a bit more correct. I initially thought about naming this the "state", but that'd be a misnomer too, as the value really encodes a "goal" more than a current state. Also we already have the externally visible ManagerState. No actual changes in behaviour, just the rename.
2018-10-09 15:42:19 +02:00
static const char * const table[_MANAGER_OBJECTIVE_MAX] = {
[MANAGER_EXIT] = "exit",
[MANAGER_REBOOT] = "reboot",
core: split out the core loop out of main() No real functional changes, just some rearranging to shorten the overly long main() function a bit. This gets rid of the arm_reboot_watchdog variable, as it can be directly derived from shutdown_verb, and we need it only one time. By dropping it we can reduce the number of arguments we need to pass around.
2017-12-06 20:47:28 +01:00
[MANAGER_POWEROFF] = "poweroff",
core: rename ManagerExitCode → ManagerObjective "ExitCode" is a bit of a misnomer in two ways: it suggests this was about the "exit code" concept that exit()/waitid() deal with, but really isn't. Moreover, it's not event just about exiting either, but more often about reloading/reexecing or rebooting. Let's hence pick a new name for this that is a bit more correct. I initially thought about naming this the "state", but that'd be a misnomer too, as the value really encodes a "goal" more than a current state. Also we already have the externally visible ManagerState. No actual changes in behaviour, just the rename.
2018-10-09 15:42:19 +02:00
[MANAGER_HALT] = "halt",
[MANAGER_KEXEC] = "kexec",
core: split out the core loop out of main() No real functional changes, just some rearranging to shorten the overly long main() function a bit. This gets rid of the arm_reboot_watchdog variable, as it can be directly derived from shutdown_verb, and we need it only one time. By dropping it we can reduce the number of arguments we need to pass around.
2017-12-06 20:47:28 +01:00
};
log_notice("Shutting down.");
*ret_reexecute = false;
*ret_retval = m->return_value;
core: rename ManagerExitCode → ManagerObjective "ExitCode" is a bit of a misnomer in two ways: it suggests this was about the "exit code" concept that exit()/waitid() deal with, but really isn't. Moreover, it's not event just about exiting either, but more often about reloading/reexecing or rebooting. Let's hence pick a new name for this that is a bit more correct. I initially thought about naming this the "state", but that'd be a misnomer too, as the value really encodes a "goal" more than a current state. Also we already have the externally visible ManagerState. No actual changes in behaviour, just the rename.
2018-10-09 15:42:19 +02:00
assert_se(*ret_shutdown_verb = table[m->objective]);
core: split out the core loop out of main() No real functional changes, just some rearranging to shorten the overly long main() function a bit. This gets rid of the arm_reboot_watchdog variable, as it can be directly derived from shutdown_verb, and we need it only one time. By dropping it we can reduce the number of arguments we need to pass around.
2017-12-06 20:47:28 +01:00
*ret_fds = NULL;
*ret_switch_root_dir = *ret_switch_root_init = NULL;
return 0;
}
default:
core: rename ManagerExitCode → ManagerObjective "ExitCode" is a bit of a misnomer in two ways: it suggests this was about the "exit code" concept that exit()/waitid() deal with, but really isn't. Moreover, it's not event just about exiting either, but more often about reloading/reexecing or rebooting. Let's hence pick a new name for this that is a bit more correct. I initially thought about naming this the "state", but that'd be a misnomer too, as the value really encodes a "goal" more than a current state. Also we already have the externally visible ManagerState. No actual changes in behaviour, just the rename.
2018-10-09 15:42:19 +02:00
assert_not_reached("Unknown or unexpected manager objective.");
core: split out the core loop out of main() No real functional changes, just some rearranging to shorten the overly long main() function a bit. This gets rid of the arm_reboot_watchdog variable, as it can be directly derived from shutdown_verb, and we need it only one time. By dropping it we can reduce the number of arguments we need to pass around.
2017-12-06 20:47:28 +01:00
}
}
}
core: split out execution context logging from main() Again, no functional changes, let's just shorten main() a bit, by splitting out more code into a separate functions.
2017-12-06 21:50:18 +01:00
static void log_execution_mode(bool *ret_first_boot) {
assert(ret_first_boot);
if (arg_system) {
int v;
meson: generate version tag from git $ build/systemctl --version systemd 239-3555-g6178cbb5b5 +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN +PCRE2 default-hierarchy=hybrid $ git tag v240 -m 'v240' $ ninja -C build ninja: Entering directory `build' [76/76] Linking target fuzz-unit-file. $ build/systemctl --version systemd 240 +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN +PCRE2 default-hierarchy=hybrid This is very useful during development, because a precise version string is embedded in the build product and displayed during boot, so we don't have to guess answers for questions like "did I just boot the latest version or the one from before?". This change creates an overhead for "noop" builds. On my laptop, 'ninja -C build' that does nothing goes from 0.1 to 0.5 s. It would be nice to avoid this, but I think that <1 s is still acceptable. Fixes #7183. PACKAGE_VERSION is renamed to GIT_VERSION, to make it obvious that this is the more dynamically changing version string. Why save to a file? It would be easy to generate the version tag using run_command(), but we want to go through a file so that stuff gets rebuilt when this file changes. If we just defined an variable in meson, ninja wouldn't know it needs to rebuild things.
2018-12-20 20:35:25 +01:00
log_info("systemd " GIT_VERSION " running in %ssystem mode. (" SYSTEMD_FEATURES ")",
core: split out execution context logging from main() Again, no functional changes, let's just shorten main() a bit, by splitting out more code into a separate functions.
2017-12-06 21:50:18 +01:00
arg_action == ACTION_TEST ? "test " : "" );
v = detect_virtualization();
if (v > 0)
log_info("Detected virtualization %s.", virtualization_to_string(v));
log_info("Detected architecture %s.", architecture_to_string(uname_architecture()));
if (in_initrd()) {
*ret_first_boot = false;
log_info("Running in initial RAM disk.");
} else {
/* Let's check whether we are in first boot, i.e. whether /etc is still unpopulated. We use
* /etc/machine-id as flag file, for this: if it exists we assume /etc is populated, if it
* doesn't it's unpopulated. This allows container managers and installers to provision a
* couple of files already. If the container manager wants to provision the machine ID itself
* it should pass $container_uuid to PID 1. */
*ret_first_boot = access("/etc/machine-id", F_OK) < 0;
if (*ret_first_boot)
log_info("Running with unpopulated /etc.");
}
} else {
main: do bother with uid_to_name() unless we do debug logging
2017-12-15 18:51:54 +01:00
if (DEBUG_LOGGING) {
_cleanup_free_ char *t;
core: split out execution context logging from main() Again, no functional changes, let's just shorten main() a bit, by splitting out more code into a separate functions.
2017-12-06 21:50:18 +01:00
main: do bother with uid_to_name() unless we do debug logging
2017-12-15 18:51:54 +01:00
t = uid_to_name(getuid());
meson: generate version tag from git $ build/systemctl --version systemd 239-3555-g6178cbb5b5 +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN +PCRE2 default-hierarchy=hybrid $ git tag v240 -m 'v240' $ ninja -C build ninja: Entering directory `build' [76/76] Linking target fuzz-unit-file. $ build/systemctl --version systemd 240 +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN +PCRE2 default-hierarchy=hybrid This is very useful during development, because a precise version string is embedded in the build product and displayed during boot, so we don't have to guess answers for questions like "did I just boot the latest version or the one from before?". This change creates an overhead for "noop" builds. On my laptop, 'ninja -C build' that does nothing goes from 0.1 to 0.5 s. It would be nice to avoid this, but I think that <1 s is still acceptable. Fixes #7183. PACKAGE_VERSION is renamed to GIT_VERSION, to make it obvious that this is the more dynamically changing version string. Why save to a file? It would be easy to generate the version tag using run_command(), but we want to go through a file so that stuff gets rebuilt when this file changes. If we just defined an variable in meson, ninja wouldn't know it needs to rebuild things.
2018-12-20 20:35:25 +01:00
log_debug("systemd " GIT_VERSION " running in %suser mode for user " UID_FMT "/%s. (" SYSTEMD_FEATURES ")",
main: do bother with uid_to_name() unless we do debug logging
2017-12-15 18:51:54 +01:00
arg_action == ACTION_TEST ? " test" : "", getuid(), strna(t));
}
core: split out execution context logging from main() Again, no functional changes, let's just shorten main() a bit, by splitting out more code into a separate functions.
2017-12-06 21:50:18 +01:00
*ret_first_boot = false;
}
}
core: split out various system/process initialization steps into its own function Again, no changes in behaviour, just some refactoring to make main() a bit more digestable.
2017-12-06 21:31:35 +01:00
static int initialize_runtime(
bool skip_setup,
struct rlimit *saved_rlimit_nofile,
struct rlimit *saved_rlimit_memlock,
const char **ret_error_message) {
int r;
assert(ret_error_message);
/* Sets up various runtime parameters. Many of these initializations are conditionalized:
*
* - Some only apply to --system instances
* - Some only apply to --user instances
* - Some only apply when we first start up, but not when we reexecute
*/
main: let's move ACTION_RUN test into initialize_runtime() Let's hide this check inside the function and make it easier to follow the general control flow of main().
2017-12-15 17:52:33 +01:00
if (arg_action != ACTION_RUN)
return 0;
pid1: parse CPUAffinity= in incremental fashion This makes the handling of this option match what we do in unit files. I think consistency is important here. (As it happens, it is the only option in system.conf that is "non-atomic", i.e. where there's a list of things which can be split over multiple assignments. All other options are single-valued, so there's no issue of how to handle multiple assignments.)
2019-05-24 08:35:51 +02:00
update_cpu_affinity(skip_setup);
core: introduce NUMAPolicy and NUMAMask options Make possible to set NUMA allocation policy for manager. Manager's policy is by default inherited to all forked off processes. However, it is possible to override the policy on per-service basis. Currently we support, these policies: default, prefer, bind, interleave, local. See man 2 set_mempolicy for details on each policy. Overall NUMA policy actually consists of two parts. Policy itself and bitmask representing NUMA nodes where is policy effective. Node mask can be specified using related option, NUMAMask. Default mask can be overwritten on per-service level.
2019-03-12 18:58:26 +01:00
update_numa_policy(skip_setup);
pid1: parse CPUAffinity= in incremental fashion This makes the handling of this option match what we do in unit files. I think consistency is important here. (As it happens, it is the only option in system.conf that is "non-atomic", i.e. where there's a list of things which can be split over multiple assignments. All other options are single-valued, so there's no issue of how to handle multiple assignments.)
2019-05-24 08:35:51 +02:00
main: move install_crash_handler() and mount_cgroup_controllers() invocations Let's place them in initialize_runtime(), where they appear to fit best. Effectively this is just a move a little bit down, swapping places with log_execution_mode(), which should require neither call to be done first. Note that changes the conditionalization a bit for these calls, from (PID == 1) to (arg_system && arg_action == ACTION_RUN). At this point this is pretty much the same however, as we don't allow PID 1 without ACTION_RUN and without arg_system set, safety_checks() ensures that.
2017-12-15 17:34:12 +01:00
if (arg_system) {
codespell: fix spelling errors
2019-04-27 02:22:40 +02:00
/* Make sure we leave a core dump without panicking the kernel. */
main: move install_crash_handler() and mount_cgroup_controllers() invocations Let's place them in initialize_runtime(), where they appear to fit best. Effectively this is just a move a little bit down, swapping places with log_execution_mode(), which should require neither call to be done first. Note that changes the conditionalization a bit for these calls, from (PID == 1) to (arg_system && arg_action == ACTION_RUN). At this point this is pretty much the same however, as we don't allow PID 1 without ACTION_RUN and without arg_system set, safety_checks() ensures that.
2017-12-15 17:34:12 +01:00
install_crash_handler();
core: split out various system/process initialization steps into its own function Again, no changes in behaviour, just some refactoring to make main() a bit more digestable.
2017-12-06 21:31:35 +01:00
main: move install_crash_handler() and mount_cgroup_controllers() invocations Let's place them in initialize_runtime(), where they appear to fit best. Effectively this is just a move a little bit down, swapping places with log_execution_mode(), which should require neither call to be done first. Note that changes the conditionalization a bit for these calls, from (PID == 1) to (arg_system && arg_action == ACTION_RUN). At this point this is pretty much the same however, as we don't allow PID 1 without ACTION_RUN and without arg_system set, safety_checks() ensures that.
2017-12-15 17:34:12 +01:00
if (!skip_setup) {
core: remove JoinControllers= configuration setting This removes the ability to configure which cgroup controllers to mount together. Instead, we'll now hardcode that "cpu" and "cpuacct" are mounted together as well as "net_cls" and "net_prio". The concept of mounting controllers together has no future as it does not exist to cgroupsv2. Moreover, the current logic is systematically broken, as revealed by the discussions in #10507. Also, we surveyed Red Hat customers and couldn't find a single user of the concept (which isn't particularly surprising, as it is broken...) This reduced the (already way too complex) cgroup handling for us, since we now know whenever we make a change to a cgroup for one controller to which other controllers it applies.
2018-11-15 21:07:43 +01:00
r = mount_cgroup_controllers();
main: move install_crash_handler() and mount_cgroup_controllers() invocations Let's place them in initialize_runtime(), where they appear to fit best. Effectively this is just a move a little bit down, swapping places with log_execution_mode(), which should require neither call to be done first. Note that changes the conditionalization a bit for these calls, from (PID == 1) to (arg_system && arg_action == ACTION_RUN). At this point this is pretty much the same however, as we don't allow PID 1 without ACTION_RUN and without arg_system set, safety_checks() ensures that.
2017-12-15 17:34:12 +01:00
if (r < 0) {
*ret_error_message = "Failed to mount cgroup hierarchies";
return r;
}
status_welcome();
hostname_setup();
machine_id_setup(NULL, arg_machine_id, NULL);
loopback_setup();
bump_unix_max_dgram_qlen();
main: bump fs.nr_open + fs.max-file to their largest possible values After discussions with kernel folks, a system with memcg really shouldn't need extra hard limits on file descriptors anymore, as they are properly accounted for by memcg anyway. Hence, let's bump these values to their maximums. This also adds a build time option to turn thiss off, to cover those users who do not want to use memcg.
2018-10-11 18:23:26 +02:00
bump_file_max_and_nr_open();
main: move install_crash_handler() and mount_cgroup_controllers() invocations Let's place them in initialize_runtime(), where they appear to fit best. Effectively this is just a move a little bit down, swapping places with log_execution_mode(), which should require neither call to be done first. Note that changes the conditionalization a bit for these calls, from (PID == 1) to (arg_system && arg_action == ACTION_RUN). At this point this is pretty much the same however, as we don't allow PID 1 without ACTION_RUN and without arg_system set, safety_checks() ensures that.
2017-12-15 17:34:12 +01:00
test_usr();
write_container_id();
}
core: Add WatchdogDevice config option and implement it This option allows a device path to be specified for the systemd watchdog (both runtime and shutdown). If a system requires a watchdog other than /dev/watchdog (pointing to /dev/watchdog0) to be used to reboot the system, this setting should be changed to the relevant watchdog device path (e.g. /dev/watchdog1).
2017-12-08 18:26:44 +01:00
main: move install_crash_handler() and mount_cgroup_controllers() invocations Let's place them in initialize_runtime(), where they appear to fit best. Effectively this is just a move a little bit down, swapping places with log_execution_mode(), which should require neither call to be done first. Note that changes the conditionalization a bit for these calls, from (PID == 1) to (arg_system && arg_action == ACTION_RUN). At this point this is pretty much the same however, as we don't allow PID 1 without ACTION_RUN and without arg_system set, safety_checks() ensures that.
2017-12-15 17:34:12 +01:00
if (arg_watchdog_device) {
r = watchdog_set_device(arg_watchdog_device);
if (r < 0)
log_warning_errno(r, "Failed to set watchdog device to %s, ignoring: %m", arg_watchdog_device);
}
basic/time-util: add helper function to check if timestamp is set No functional change.
2019-07-04 19:10:11 +02:00
if (timestamp_is_set(arg_runtime_watchdog))
main: move install_crash_handler() and mount_cgroup_controllers() invocations Let's place them in initialize_runtime(), where they appear to fit best. Effectively this is just a move a little bit down, swapping places with log_execution_mode(), which should require neither call to be done first. Note that changes the conditionalization a bit for these calls, from (PID == 1) to (arg_system && arg_action == ACTION_RUN). At this point this is pretty much the same however, as we don't allow PID 1 without ACTION_RUN and without arg_system set, safety_checks() ensures that.
2017-12-15 17:34:12 +01:00
watchdog_set_timeout(&arg_runtime_watchdog);
}
core: split out various system/process initialization steps into its own function Again, no changes in behaviour, just some refactoring to make main() a bit more digestable.
2017-12-06 21:31:35 +01:00
if (arg_timer_slack_nsec != NSEC_INFINITY)
if (prctl(PR_SET_TIMERSLACK, arg_timer_slack_nsec) < 0)
main: tweak timerslack message a bit Let's clarify that this is a non-issue, by downgrading it to LOG_WARN and saying "ignoring" in the message.
2017-12-15 17:36:19 +01:00
log_warning_errno(errno, "Failed to adjust timer slack, ignoring: %m");
core: split out various system/process initialization steps into its own function Again, no changes in behaviour, just some refactoring to make main() a bit more digestable.
2017-12-06 21:31:35 +01:00
if (arg_system && !cap_test_all(arg_capability_bounding_set)) {
r = capability_bounding_set_drop_usermode(arg_capability_bounding_set);
if (r < 0) {
*ret_error_message = "Failed to drop capability bounding set of usermode helpers";
return log_emergency_errno(r, "Failed to drop capability bounding set of usermode helpers: %m");
}
r = capability_bounding_set_drop(arg_capability_bounding_set, true);
if (r < 0) {
*ret_error_message = "Failed to drop capability bounding set";
return log_emergency_errno(r, "Failed to drop capability bounding set: %m");
}
}
main: add NoNewPrivileges config option (#8475) This makes it possible to disable new privileges for the whole system.
2018-03-21 23:41:19 +01:00
if (arg_system && arg_no_new_privs) {
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
*ret_error_message = "Failed to disable new privileges";
return log_emergency_errno(errno, "Failed to disable new privileges: %m");
}
}
core: split out various system/process initialization steps into its own function Again, no changes in behaviour, just some refactoring to make main() a bit more digestable.
2017-12-06 21:31:35 +01:00
if (arg_syscall_archs) {
r = enforce_syscall_archs(arg_syscall_archs);
if (r < 0) {
*ret_error_message = "Failed to set syscall architectures";
return r;
}
}
if (!arg_system)
/* Become reaper of our children */
if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0)
log_warning_errno(errno, "Failed to make us a subreaper: %m");
core: bump RLIMIT_NOFILE soft+hard limit for systemd itself in all cases Previously we'd do this for PID 1 only. Let's do this when running in user mode too, because we know we can handle it.
2018-10-01 18:11:52 +02:00
/* Bump up RLIMIT_NOFILE for systemd itself */
(void) bump_rlimit_nofile(saved_rlimit_nofile);
(void) bump_rlimit_memlock(saved_rlimit_memlock);
core: split out various system/process initialization steps into its own function Again, no changes in behaviour, just some refactoring to make main() a bit more digestable.
2017-12-06 21:31:35 +01:00
return 0;
}
core: split out code that queues default job from main() No functional changes really, just some refactoring to shorten main() a bit
2017-12-06 21:13:10 +01:00
static int do_queue_default_job(
Manager *m,
const char **ret_error_message) {
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
pid1: use initrd.target in the initramfs by default This makes the code do what the documentation says. The code had no inkling about initrd.target, so I think this change is fairly risky. As a fallback, default.target will be loaded, so initramfses which relied on current behaviour will still work, as along as they don't have a different initrd.target. In an initramfs created with recent dracut: $ ls -l usr/lib/systemd/system/{default.target,initrd.target} lrwxrwxrwx. usr/lib/systemd/system/default.target -> initrd.target -rw-r--r--. usr/lib/systemd/system/initrd.target So at least for dracut, there should be no difference. Also avoid a pointless allocation.
2019-11-28 09:48:26 +01:00
const char* default_unit;
core: split out code that queues default job from main() No functional changes really, just some refactoring to shorten main() a bit
2017-12-06 21:13:10 +01:00
Job *default_unit_job;
Unit *target = NULL;
int r;
pid1: use initrd.target in the initramfs by default This makes the code do what the documentation says. The code had no inkling about initrd.target, so I think this change is fairly risky. As a fallback, default.target will be loaded, so initramfses which relied on current behaviour will still work, as along as they don't have a different initrd.target. In an initramfs created with recent dracut: $ ls -l usr/lib/systemd/system/{default.target,initrd.target} lrwxrwxrwx. usr/lib/systemd/system/default.target -> initrd.target -rw-r--r--. usr/lib/systemd/system/initrd.target So at least for dracut, there should be no difference. Also avoid a pointless allocation.
2019-11-28 09:48:26 +01:00
if (arg_default_unit)
default_unit = arg_default_unit;
else if (in_initrd())
default_unit = SPECIAL_INITRD_TARGET;
else
default_unit = SPECIAL_DEFAULT_TARGET;
log_debug("Activating default unit: %s", default_unit);
r = manager_load_startable_unit_or_warn(m, default_unit, NULL, &target);
if (r < 0 && in_initrd() && !arg_default_unit) {
/* Fall back to default.target, which we used to always use by default. Only do this if no
* explicit configuration was given. */
log_info("Falling back to " SPECIAL_DEFAULT_TARGET ".");
core: split out code that queues default job from main() No functional changes really, just some refactoring to shorten main() a bit
2017-12-06 21:13:10 +01:00
pid1: use initrd.target in the initramfs by default This makes the code do what the documentation says. The code had no inkling about initrd.target, so I think this change is fairly risky. As a fallback, default.target will be loaded, so initramfses which relied on current behaviour will still work, as along as they don't have a different initrd.target. In an initramfs created with recent dracut: $ ls -l usr/lib/systemd/system/{default.target,initrd.target} lrwxrwxrwx. usr/lib/systemd/system/default.target -> initrd.target -rw-r--r--. usr/lib/systemd/system/initrd.target So at least for dracut, there should be no difference. Also avoid a pointless allocation.
2019-11-28 09:48:26 +01:00
r = manager_load_startable_unit_or_warn(m, SPECIAL_DEFAULT_TARGET, NULL, &target);
}
core/manager: split out function to verify that unit is loaded and not masked No functional change.
2018-04-12 15:13:14 +02:00
if (r < 0) {
pid1: use initrd.target in the initramfs by default This makes the code do what the documentation says. The code had no inkling about initrd.target, so I think this change is fairly risky. As a fallback, default.target will be loaded, so initramfses which relied on current behaviour will still work, as along as they don't have a different initrd.target. In an initramfs created with recent dracut: $ ls -l usr/lib/systemd/system/{default.target,initrd.target} lrwxrwxrwx. usr/lib/systemd/system/default.target -> initrd.target -rw-r--r--. usr/lib/systemd/system/initrd.target So at least for dracut, there should be no difference. Also avoid a pointless allocation.
2019-11-28 09:48:26 +01:00
log_info("Falling back to " SPECIAL_RESCUE_TARGET ".");
core: split out code that queues default job from main() No functional changes really, just some refactoring to shorten main() a bit
2017-12-06 21:13:10 +01:00
core/manager: split out function to verify that unit is loaded and not masked No functional change.
2018-04-12 15:13:14 +02:00
r = manager_load_startable_unit_or_warn(m, SPECIAL_RESCUE_TARGET, NULL, &target);
core: split out code that queues default job from main() No functional changes really, just some refactoring to shorten main() a bit
2017-12-06 21:13:10 +01:00
if (r < 0) {
pid1: use initrd.target in the initramfs by default This makes the code do what the documentation says. The code had no inkling about initrd.target, so I think this change is fairly risky. As a fallback, default.target will be loaded, so initramfses which relied on current behaviour will still work, as along as they don't have a different initrd.target. In an initramfs created with recent dracut: $ ls -l usr/lib/systemd/system/{default.target,initrd.target} lrwxrwxrwx. usr/lib/systemd/system/default.target -> initrd.target -rw-r--r--. usr/lib/systemd/system/initrd.target So at least for dracut, there should be no difference. Also avoid a pointless allocation.
2019-11-28 09:48:26 +01:00
*ret_error_message = r == -ERFKILL ? SPECIAL_RESCUE_TARGET " masked"
: "Failed to load " SPECIAL_RESCUE_TARGET;
core/manager: split out function to verify that unit is loaded and not masked No functional change.
2018-04-12 15:13:14 +02:00
return r;
core: split out code that queues default job from main() No functional changes really, just some refactoring to shorten main() a bit
2017-12-06 21:13:10 +01:00
}
}
assert(target->load_state == UNIT_LOADED);
core: add new API for enqueing a job with returning the transaction data
2019-03-22 20:57:30 +01:00
r = manager_add_job(m, JOB_START, target, JOB_ISOLATE, NULL, &error, &default_unit_job);
core: split out code that queues default job from main() No functional changes really, just some refactoring to shorten main() a bit
2017-12-06 21:13:10 +01:00
if (r == -EPERM) {
log_debug_errno(r, "Default target could not be isolated, starting instead: %s", bus_error_message(&error, r));
sd_bus_error_free(&error);
core: add new API for enqueing a job with returning the transaction data
2019-03-22 20:57:30 +01:00
r = manager_add_job(m, JOB_START, target, JOB_REPLACE, NULL, &error, &default_unit_job);
core: split out code that queues default job from main() No functional changes really, just some refactoring to shorten main() a bit
2017-12-06 21:13:10 +01:00
if (r < 0) {
*ret_error_message = "Failed to start default target";
return log_emergency_errno(r, "Failed to start default target: %s", bus_error_message(&error, r));
}
} else if (r < 0) {
*ret_error_message = "Failed to isolate default target";
return log_emergency_errno(r, "Failed to isolate default target: %s", bus_error_message(&error, r));
}
m->default_unit_job_id = default_unit_job->id;
return 0;
}
pid1: make sure to restore correct default values for some rlimits Commit fb39af4ce42d7ef9af63009f271f404038703704 forgot to restore the default rlimit values (RLIMIT_NOFILE and RLIMIT_MEMLOCK) while PID1 is reloading. This patch extracts the code in charge of initializing the default values for those rlimits in order to create dedicated functions, which take care of their initialization. These functions are then called in parse_configuration() so we make sure that the default values for these rlimits get restored every time PID1 is reloading its configuration.
2019-07-10 17:00:46 +02:00
static void save_rlimits(struct rlimit *saved_rlimit_nofile,
struct rlimit *saved_rlimit_memlock) {
assert(saved_rlimit_nofile);
assert(saved_rlimit_memlock);
if (getrlimit(RLIMIT_NOFILE, saved_rlimit_nofile) < 0)
log_warning_errno(errno, "Reading RLIMIT_NOFILE failed, ignoring: %m");
if (getrlimit(RLIMIT_MEMLOCK, saved_rlimit_memlock) < 0)
log_warning_errno(errno, "Reading RLIMIT_MEMLOCK failed, ignoring: %m");
}
static void fallback_rlimit_nofile(const struct rlimit *saved_rlimit_nofile) {
struct rlimit *rl;
if (arg_default_rlimit[RLIMIT_NOFILE])
return;
/* Make sure forked processes get limits based on the original kernel setting */
rl = newdup(struct rlimit, saved_rlimit_nofile, 1);
if (!rl) {
log_oom();
return;
}
/* Bump the hard limit for system services to a substantially higher value. The default
* hard limit current kernels set is pretty low (4K), mostly for historical
* reasons. According to kernel developers, the fd handling in recent kernels has been
* optimized substantially enough, so that we can bump the limit now, without paying too
* high a price in memory or performance. Note however that we only bump the hard limit,
* not the soft limit. That's because select() works the way it works, and chokes on fds
* >= 1024. If we'd bump the soft limit globally, it might accidentally happen to
* unexpecting programs that they get fds higher than what they can process using
* select(). By only bumping the hard limit but leaving the low limit as it is we avoid
* this pitfall: programs that are written by folks aware of the select() problem in mind
* (and thus use poll()/epoll instead of select(), the way everybody should) can
* explicitly opt into high fds by bumping their soft limit beyond 1024, to the hard limit
* we pass. */
if (arg_system) {
int nr;
/* Get the underlying absolute limit the kernel enforces */
nr = read_nr_open();
rl->rlim_max = MIN((rlim_t) nr, MAX(rl->rlim_max, (rlim_t) HIGH_RLIMIT_NOFILE));
}
/* If for some reason we were invoked with a soft limit above 1024 (which should never
* happen!, but who knows what we get passed in from pam_limit when invoked as --user
* instance), then lower what we pass on to not confuse our children */
rl->rlim_cur = MIN(rl->rlim_cur, (rlim_t) FD_SETSIZE);
arg_default_rlimit[RLIMIT_NOFILE] = rl;
}
static void fallback_rlimit_memlock(const struct rlimit *saved_rlimit_memlock) {
struct rlimit *rl;
/* Pass the original value down to invoked processes */
if (arg_default_rlimit[RLIMIT_MEMLOCK])
return;
rl = newdup(struct rlimit, saved_rlimit_memlock, 1);
if (!rl) {
log_oom();
return;
}
arg_default_rlimit[RLIMIT_MEMLOCK] = rl;
}
pid1: when reloading configuration, forget old settings If we had a configuration setting from a configuration file, and it was removed, we'd still remember the old value, because there's was no mechanism to "reset" everything, just to assign new values. Note that the effect of this is limited. For settings that have an "ongoing" effect, like systemd.confirm_spawn, the new value is simply used. But some settings can only be set at start. In particular, CPUAffinity= will be updated if set to a new value, but if CPUAffinity= is fully removed, it will not be reset, simply because we don't know what to reset it to. We might have inherited a setting, or we might have set it ourselves. In principle we could remember the "original" value that was set when we were executed, but propagate this over reloads and reexecs, but that would be a lot of work for little gain. So this corner case of removal of CPUAffinity= is not handled fully, and a reboot is needed to execute the change. As a work-around, a full mask of CPUAffinity=0-8191 can be specified.
2019-05-24 09:41:44 +02:00
static void reset_arguments(void) {
/* Frees/resets arg_* variables, with a few exceptions commented below. */
core: split out code that frees arg_xyz variables No change in behaviour, just some refactoring to shorten main() a bit.
2017-12-06 21:17:58 +01:00
arg_default_unit = mfree(arg_default_unit);
pid1: when reloading configuration, forget old settings If we had a configuration setting from a configuration file, and it was removed, we'd still remember the old value, because there's was no mechanism to "reset" everything, just to assign new values. Note that the effect of this is limited. For settings that have an "ongoing" effect, like systemd.confirm_spawn, the new value is simply used. But some settings can only be set at start. In particular, CPUAffinity= will be updated if set to a new value, but if CPUAffinity= is fully removed, it will not be reset, simply because we don't know what to reset it to. We might have inherited a setting, or we might have set it ourselves. In principle we could remember the "original" value that was set when we were executed, but propagate this over reloads and reexecs, but that would be a lot of work for little gain. So this corner case of removal of CPUAffinity= is not handled fully, and a reboot is needed to execute the change. As a work-around, a full mask of CPUAffinity=0-8191 can be specified.
2019-05-24 09:41:44 +02:00
/* arg_system — ignore */
arg_dump_core = true;
arg_crash_chvt = -1;
arg_crash_shell = false;
arg_crash_reboot = false;
core: split out code that frees arg_xyz variables No change in behaviour, just some refactoring to shorten main() a bit.
2017-12-06 21:17:58 +01:00
arg_confirm_spawn = mfree(arg_confirm_spawn);
pid1: when reloading configuration, forget old settings If we had a configuration setting from a configuration file, and it was removed, we'd still remember the old value, because there's was no mechanism to "reset" everything, just to assign new values. Note that the effect of this is limited. For settings that have an "ongoing" effect, like systemd.confirm_spawn, the new value is simply used. But some settings can only be set at start. In particular, CPUAffinity= will be updated if set to a new value, but if CPUAffinity= is fully removed, it will not be reset, simply because we don't know what to reset it to. We might have inherited a setting, or we might have set it ourselves. In principle we could remember the "original" value that was set when we were executed, but propagate this over reloads and reexecs, but that would be a lot of work for little gain. So this corner case of removal of CPUAffinity= is not handled fully, and a reboot is needed to execute the change. As a work-around, a full mask of CPUAffinity=0-8191 can be specified.
2019-05-24 09:41:44 +02:00
arg_show_status = _SHOW_STATUS_INVALID;
Add config and kernel commandline option to use short identifiers No functional change, just docs and configuration and parsing. v2: - change ShortIdentifiers=yes|no to StatusUnitFormat=name|description.
2019-06-06 19:22:20 +02:00
arg_status_unit_format = STATUS_UNIT_FORMAT_DEFAULT;
pid1: when reloading configuration, forget old settings If we had a configuration setting from a configuration file, and it was removed, we'd still remember the old value, because there's was no mechanism to "reset" everything, just to assign new values. Note that the effect of this is limited. For settings that have an "ongoing" effect, like systemd.confirm_spawn, the new value is simply used. But some settings can only be set at start. In particular, CPUAffinity= will be updated if set to a new value, but if CPUAffinity= is fully removed, it will not be reset, simply because we don't know what to reset it to. We might have inherited a setting, or we might have set it ourselves. In principle we could remember the "original" value that was set when we were executed, but propagate this over reloads and reexecs, but that would be a lot of work for little gain. So this corner case of removal of CPUAffinity= is not handled fully, and a reboot is needed to execute the change. As a work-around, a full mask of CPUAffinity=0-8191 can be specified.
2019-05-24 09:41:44 +02:00
arg_switched_root = false;
arg_pager_flags = 0;
arg_service_watchdogs = true;
arg_default_std_output = EXEC_OUTPUT_JOURNAL;
arg_default_std_error = EXEC_OUTPUT_INHERIT;
arg_default_restart_usec = DEFAULT_RESTART_USEC;
arg_default_timeout_start_usec = DEFAULT_TIMEOUT_USEC;
arg_default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC;
arg_default_timeout_abort_usec = DEFAULT_TIMEOUT_USEC;
arg_default_timeout_abort_set = false;
arg_default_start_limit_interval = DEFAULT_START_LIMIT_INTERVAL;
arg_default_start_limit_burst = DEFAULT_START_LIMIT_BURST;
arg_runtime_watchdog = 0;
core: rename ShutdownWatchdogSec to RebootWatchdogSec This option is only used on reboot, not on other types of shutdown modes, so it is misleading. Keep the old name working for backward compatibility, but remove it from the documentation.
2019-07-22 12:39:25 +02:00
arg_reboot_watchdog = 10 * USEC_PER_MINUTE;
core: add KExecWatchdogSec option Rather than always enabling the shutdown WD on kexec, which might be dangerous in case the kernel driver and/or the hardware implementation does not reset the wd on kexec, add a new timer, disabled by default, to let users optionally enable the shutdown WD on kexec separately from the runtime and reboot ones. Advise in the documentation to also use the runtime WD in conjunction with it. Fixes: a637d0f9ecbe ("core: set shutdown watchdog on kexec too")
2019-07-19 12:54:15 +02:00
arg_kexec_watchdog = 0;
pid1: when reloading configuration, forget old settings If we had a configuration setting from a configuration file, and it was removed, we'd still remember the old value, because there's was no mechanism to "reset" everything, just to assign new values. Note that the effect of this is limited. For settings that have an "ongoing" effect, like systemd.confirm_spawn, the new value is simply used. But some settings can only be set at start. In particular, CPUAffinity= will be updated if set to a new value, but if CPUAffinity= is fully removed, it will not be reset, simply because we don't know what to reset it to. We might have inherited a setting, or we might have set it ourselves. In principle we could remember the "original" value that was set when we were executed, but propagate this over reloads and reexecs, but that would be a lot of work for little gain. So this corner case of removal of CPUAffinity= is not handled fully, and a reboot is needed to execute the change. As a work-around, a full mask of CPUAffinity=0-8191 can be specified.
2019-05-24 09:41:44 +02:00
arg_early_core_pattern = NULL;
arg_watchdog_device = NULL;
core: split out code that frees arg_xyz variables No change in behaviour, just some refactoring to shorten main() a bit.
2017-12-06 21:17:58 +01:00
arg_default_environment = strv_free(arg_default_environment);
pid1: when reloading configuration, forget old settings If we had a configuration setting from a configuration file, and it was removed, we'd still remember the old value, because there's was no mechanism to "reset" everything, just to assign new values. Note that the effect of this is limited. For settings that have an "ongoing" effect, like systemd.confirm_spawn, the new value is simply used. But some settings can only be set at start. In particular, CPUAffinity= will be updated if set to a new value, but if CPUAffinity= is fully removed, it will not be reset, simply because we don't know what to reset it to. We might have inherited a setting, or we might have set it ourselves. In principle we could remember the "original" value that was set when we were executed, but propagate this over reloads and reexecs, but that would be a lot of work for little gain. So this corner case of removal of CPUAffinity= is not handled fully, and a reboot is needed to execute the change. As a work-around, a full mask of CPUAffinity=0-8191 can be specified.
2019-05-24 09:41:44 +02:00
rlimit_free_all(arg_default_rlimit);
arg_capability_bounding_set = CAP_ALL;
arg_no_new_privs = false;
arg_timer_slack_nsec = NSEC_INFINITY;
arg_default_timer_accuracy_usec = 1 * USEC_PER_MINUTE;
core: split out code that frees arg_xyz variables No change in behaviour, just some refactoring to shorten main() a bit.
2017-12-06 21:17:58 +01:00
arg_syscall_archs = set_free(arg_syscall_archs);
pid1: parse CPUAffinity= in incremental fashion This makes the handling of this option match what we do in unit files. I think consistency is important here. (As it happens, it is the only option in system.conf that is "non-atomic", i.e. where there's a list of things which can be split over multiple assignments. All other options are single-valued, so there's no issue of how to handle multiple assignments.)
2019-05-24 08:35:51 +02:00
pid1: when reloading configuration, forget old settings If we had a configuration setting from a configuration file, and it was removed, we'd still remember the old value, because there's was no mechanism to "reset" everything, just to assign new values. Note that the effect of this is limited. For settings that have an "ongoing" effect, like systemd.confirm_spawn, the new value is simply used. But some settings can only be set at start. In particular, CPUAffinity= will be updated if set to a new value, but if CPUAffinity= is fully removed, it will not be reset, simply because we don't know what to reset it to. We might have inherited a setting, or we might have set it ourselves. In principle we could remember the "original" value that was set when we were executed, but propagate this over reloads and reexecs, but that would be a lot of work for little gain. So this corner case of removal of CPUAffinity= is not handled fully, and a reboot is needed to execute the change. As a work-around, a full mask of CPUAffinity=0-8191 can be specified.
2019-05-24 09:41:44 +02:00
/* arg_serialization — ignore */
arg_default_cpu_accounting = -1;
arg_default_io_accounting = false;
arg_default_ip_accounting = false;
arg_default_blockio_accounting = false;
arg_default_memory_accounting = MEMORY_ACCOUNTING_DEFAULT;
arg_default_tasks_accounting = true;
core: make TasksMax a partially dynamic property TasksMax= and DefaultTasksMax= can be specified as percentages. We don't actually document of what the percentage is relative to, but the implementation uses the smallest of /proc/sys/kernel/pid_max, /proc/sys/kernel/threads-max, and /sys/fs/cgroup/pids.max (when present). When the value is a percentage, we immediately convert it to an absolute value. If the limit later changes (which can happen e.g. when systemd-sysctl runs), the absolute value becomes outdated. So let's store either the percentage or absolute value, whatever was specified, and only convert to an absolute value when the value is used. For example, when starting a unit, the absolute value will be calculated when the cgroup for the unit is created. Fixes #13419.
2019-11-05 13:50:28 +01:00
arg_default_tasks_max = DEFAULT_TASKS_MAX;
pid1: when reloading configuration, forget old settings If we had a configuration setting from a configuration file, and it was removed, we'd still remember the old value, because there's was no mechanism to "reset" everything, just to assign new values. Note that the effect of this is limited. For settings that have an "ongoing" effect, like systemd.confirm_spawn, the new value is simply used. But some settings can only be set at start. In particular, CPUAffinity= will be updated if set to a new value, but if CPUAffinity= is fully removed, it will not be reset, simply because we don't know what to reset it to. We might have inherited a setting, or we might have set it ourselves. In principle we could remember the "original" value that was set when we were executed, but propagate this over reloads and reexecs, but that would be a lot of work for little gain. So this corner case of removal of CPUAffinity= is not handled fully, and a reboot is needed to execute the change. As a work-around, a full mask of CPUAffinity=0-8191 can be specified.
2019-05-24 09:41:44 +02:00
arg_machine_id = (sd_id128_t) {};
arg_cad_burst_action = EMERGENCY_ACTION_REBOOT_FORCE;
arg_default_oom_policy = OOM_STOP;
pid1: parse CPUAffinity= in incremental fashion This makes the handling of this option match what we do in unit files. I think consistency is important here. (As it happens, it is the only option in system.conf that is "non-atomic", i.e. where there's a list of things which can be split over multiple assignments. All other options are single-valued, so there's no issue of how to handle multiple assignments.)
2019-05-24 08:35:51 +02:00
cpu_set_reset(&arg_cpu_affinity);
core: introduce NUMAPolicy and NUMAMask options Make possible to set NUMA allocation policy for manager. Manager's policy is by default inherited to all forked off processes. However, it is possible to override the policy on per-service basis. Currently we support, these policies: default, prefer, bind, interleave, local. See man 2 set_mempolicy for details on each policy. Overall NUMA policy actually consists of two parts. Policy itself and bitmask representing NUMA nodes where is policy effective. Node mask can be specified using related option, NUMAMask. Default mask can be overwritten on per-service level.
2019-03-12 18:58:26 +01:00
numa_policy_reset(&arg_numa_policy);
core: split out code that frees arg_xyz variables No change in behaviour, just some refactoring to shorten main() a bit.
2017-12-06 21:17:58 +01:00
}
pid1: make sure to restore correct default values for some rlimits Commit fb39af4ce42d7ef9af63009f271f404038703704 forgot to restore the default rlimit values (RLIMIT_NOFILE and RLIMIT_MEMLOCK) while PID1 is reloading. This patch extracts the code in charge of initializing the default values for those rlimits in order to create dedicated functions, which take care of their initialization. These functions are then called in parse_configuration() so we make sure that the default values for these rlimits get restored every time PID1 is reloading its configuration.
2019-07-10 17:00:46 +02:00
static int parse_configuration(const struct rlimit *saved_rlimit_nofile,
const struct rlimit *saved_rlimit_memlock) {
main: split out all parsing of command line arguments/kernel arguments/configuration files Let's shorten main() a bit, and split out everything that loads our configuration and runtime parameters into a function of its own. No changes in behaviour.
2017-12-15 16:14:19 +01:00
int r;
pid1: make sure to restore correct default values for some rlimits Commit fb39af4ce42d7ef9af63009f271f404038703704 forgot to restore the default rlimit values (RLIMIT_NOFILE and RLIMIT_MEMLOCK) while PID1 is reloading. This patch extracts the code in charge of initializing the default values for those rlimits in order to create dedicated functions, which take care of their initialization. These functions are then called in parse_configuration() so we make sure that the default values for these rlimits get restored every time PID1 is reloading its configuration.
2019-07-10 17:00:46 +02:00
assert(saved_rlimit_nofile);
assert(saved_rlimit_memlock);
pid1: when reloading configuration, forget old settings If we had a configuration setting from a configuration file, and it was removed, we'd still remember the old value, because there's was no mechanism to "reset" everything, just to assign new values. Note that the effect of this is limited. For settings that have an "ongoing" effect, like systemd.confirm_spawn, the new value is simply used. But some settings can only be set at start. In particular, CPUAffinity= will be updated if set to a new value, but if CPUAffinity= is fully removed, it will not be reset, simply because we don't know what to reset it to. We might have inherited a setting, or we might have set it ourselves. In principle we could remember the "original" value that was set when we were executed, but propagate this over reloads and reexecs, but that would be a lot of work for little gain. So this corner case of removal of CPUAffinity= is not handled fully, and a reboot is needed to execute the change. As a work-around, a full mask of CPUAffinity=0-8191 can be specified.
2019-05-24 09:41:44 +02:00
/* Assign configuration defaults */
reset_arguments();
main: split out all parsing of command line arguments/kernel arguments/configuration files Let's shorten main() a bit, and split out everything that loads our configuration and runtime parameters into a function of its own. No changes in behaviour.
2017-12-15 16:14:19 +01:00
r = parse_config_file();
pid1: don't reset setting from /proc/cmdline upon restart We have settings which may be set on the kernel command line, and also in /proc/cmdline (for pid1). The settings in /proc/cmdline have higher priority of course. When a reload was done, we'd reload just the configuration file, losing the overrides. So read /proc/cmdline again during reload. Also, when initially reading the configuration file when program starts, don't treat any errors as fatal. The configuration done in there doesn't seem important enough to refuse boot.
2019-05-24 08:59:23 +02:00
if (r < 0)
log_warning_errno(r, "Failed to parse config file, ignoring: %m");
main: split out all parsing of command line arguments/kernel arguments/configuration files Let's shorten main() a bit, and split out everything that loads our configuration and runtime parameters into a function of its own. No changes in behaviour.
2017-12-15 16:14:19 +01:00
if (arg_system) {
r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, 0);
if (r < 0)
log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
}
pid1: make sure to restore correct default values for some rlimits Commit fb39af4ce42d7ef9af63009f271f404038703704 forgot to restore the default rlimit values (RLIMIT_NOFILE and RLIMIT_MEMLOCK) while PID1 is reloading. This patch extracts the code in charge of initializing the default values for those rlimits in order to create dedicated functions, which take care of their initialization. These functions are then called in parse_configuration() so we make sure that the default values for these rlimits get restored every time PID1 is reloading its configuration.
2019-07-10 17:00:46 +02:00
/* Initialize some default rlimits for services if they haven't been configured */
fallback_rlimit_nofile(saved_rlimit_nofile);
fallback_rlimit_memlock(saved_rlimit_memlock);
main: split out all parsing of command line arguments/kernel arguments/configuration files Let's shorten main() a bit, and split out everything that loads our configuration and runtime parameters into a function of its own. No changes in behaviour.
2017-12-15 16:14:19 +01:00
/* Note that this also parses bits from the kernel command line, including "debug". */
log_parse_environment();
pid1: don't reset setting from /proc/cmdline upon restart We have settings which may be set on the kernel command line, and also in /proc/cmdline (for pid1). The settings in /proc/cmdline have higher priority of course. When a reload was done, we'd reload just the configuration file, losing the overrides. So read /proc/cmdline again during reload. Also, when initially reading the configuration file when program starts, don't treat any errors as fatal. The configuration done in there doesn't seem important enough to refuse boot.
2019-05-24 08:59:23 +02:00
return 0;
}
pid1: make sure to restore correct default values for some rlimits Commit fb39af4ce42d7ef9af63009f271f404038703704 forgot to restore the default rlimit values (RLIMIT_NOFILE and RLIMIT_MEMLOCK) while PID1 is reloading. This patch extracts the code in charge of initializing the default values for those rlimits in order to create dedicated functions, which take care of their initialization. These functions are then called in parse_configuration() so we make sure that the default values for these rlimits get restored every time PID1 is reloading its configuration.
2019-07-10 17:00:46 +02:00
static int load_configuration(
int argc,
char **argv,
const struct rlimit *saved_rlimit_nofile,
const struct rlimit *saved_rlimit_memlock,
const char **ret_error_message) {
pid1: don't reset setting from /proc/cmdline upon restart We have settings which may be set on the kernel command line, and also in /proc/cmdline (for pid1). The settings in /proc/cmdline have higher priority of course. When a reload was done, we'd reload just the configuration file, losing the overrides. So read /proc/cmdline again during reload. Also, when initially reading the configuration file when program starts, don't treat any errors as fatal. The configuration done in there doesn't seem important enough to refuse boot.
2019-05-24 08:59:23 +02:00
int r;
pid1: make sure to restore correct default values for some rlimits Commit fb39af4ce42d7ef9af63009f271f404038703704 forgot to restore the default rlimit values (RLIMIT_NOFILE and RLIMIT_MEMLOCK) while PID1 is reloading. This patch extracts the code in charge of initializing the default values for those rlimits in order to create dedicated functions, which take care of their initialization. These functions are then called in parse_configuration() so we make sure that the default values for these rlimits get restored every time PID1 is reloading its configuration.
2019-07-10 17:00:46 +02:00
assert(saved_rlimit_nofile);
assert(saved_rlimit_memlock);
pid1: don't reset setting from /proc/cmdline upon restart We have settings which may be set on the kernel command line, and also in /proc/cmdline (for pid1). The settings in /proc/cmdline have higher priority of course. When a reload was done, we'd reload just the configuration file, losing the overrides. So read /proc/cmdline again during reload. Also, when initially reading the configuration file when program starts, don't treat any errors as fatal. The configuration done in there doesn't seem important enough to refuse boot.
2019-05-24 08:59:23 +02:00
assert(ret_error_message);
pid1: make sure to restore correct default values for some rlimits Commit fb39af4ce42d7ef9af63009f271f404038703704 forgot to restore the default rlimit values (RLIMIT_NOFILE and RLIMIT_MEMLOCK) while PID1 is reloading. This patch extracts the code in charge of initializing the default values for those rlimits in order to create dedicated functions, which take care of their initialization. These functions are then called in parse_configuration() so we make sure that the default values for these rlimits get restored every time PID1 is reloading its configuration.
2019-07-10 17:00:46 +02:00
(void) parse_configuration(saved_rlimit_nofile, saved_rlimit_memlock);
pid1: don't reset setting from /proc/cmdline upon restart We have settings which may be set on the kernel command line, and also in /proc/cmdline (for pid1). The settings in /proc/cmdline have higher priority of course. When a reload was done, we'd reload just the configuration file, losing the overrides. So read /proc/cmdline again during reload. Also, when initially reading the configuration file when program starts, don't treat any errors as fatal. The configuration done in there doesn't seem important enough to refuse boot.
2019-05-24 08:59:23 +02:00
main: split out all parsing of command line arguments/kernel arguments/configuration files Let's shorten main() a bit, and split out everything that loads our configuration and runtime parameters into a function of its own. No changes in behaviour.
2017-12-15 16:14:19 +01:00
r = parse_argv(argc, argv);
if (r < 0) {
*ret_error_message = "Failed to parse commandline arguments";
return r;
}
core: move arg_show_status fix-up into load_configuration() It's part of finalizing our runtime parameters, hence let's move this into load_configuration() after we loaded everything else. This is safe, since we don't use it between the location where it was and where we place it now yet.
2017-12-15 17:16:24 +01:00
/* Initialize the show status setting if it hasn't been set explicitly yet */
core: normalize ShowStatus
2018-07-23 14:55:26 +02:00
if (arg_show_status == _SHOW_STATUS_INVALID)
core: move arg_show_status fix-up into load_configuration() It's part of finalizing our runtime parameters, hence let's move this into load_configuration() after we loaded everything else. This is safe, since we don't use it between the location where it was and where we place it now yet.
2017-12-15 17:16:24 +01:00
arg_show_status = SHOW_STATUS_YES;
main: split out all parsing of command line arguments/kernel arguments/configuration files Let's shorten main() a bit, and split out everything that loads our configuration and runtime parameters into a function of its own. No changes in behaviour.
2017-12-15 16:14:19 +01:00
return 0;
}
core: split out various startup safety checks from main() into its own function No functional changes, just some refactoring to make main() more digestable.
2017-12-15 16:23:09 +01:00
static int safety_checks(void) {
core: add more safety check Let's make sure that if we are PID 1 we are invoked in ACTION_RUN mode, and in arg_system mode, as well as the opposite. Everything else is untested and probably not worth supporting hence let's bail out early if people try anyway.
2017-12-15 16:38:20 +01:00
if (getpid_cached() == 1 &&
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-20 23:40:44 +01:00
arg_action != ACTION_RUN)
return log_error_errno(SYNTHETIC_ERRNO(EPERM),
"Unsupported execution mode while PID 1.");
core: add more safety check Let's make sure that if we are PID 1 we are invoked in ACTION_RUN mode, and in arg_system mode, as well as the opposite. Everything else is untested and probably not worth supporting hence let's bail out early if people try anyway.
2017-12-15 16:38:20 +01:00
if (getpid_cached() == 1 &&
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-20 23:40:44 +01:00
!arg_system)
return log_error_errno(SYNTHETIC_ERRNO(EPERM),
"Can't run --user mode as PID 1.");
core: add more safety check Let's make sure that if we are PID 1 we are invoked in ACTION_RUN mode, and in arg_system mode, as well as the opposite. Everything else is untested and probably not worth supporting hence let's bail out early if people try anyway.
2017-12-15 16:38:20 +01:00
if (arg_action == ACTION_RUN &&
arg_system &&
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-20 23:40:44 +01:00
getpid_cached() != 1)
return log_error_errno(SYNTHETIC_ERRNO(EPERM),
"Can't run system mode unless PID 1.");
core: add more safety check Let's make sure that if we are PID 1 we are invoked in ACTION_RUN mode, and in arg_system mode, as well as the opposite. Everything else is untested and probably not worth supporting hence let's bail out early if people try anyway.
2017-12-15 16:38:20 +01:00
core: split out various startup safety checks from main() into its own function No functional changes, just some refactoring to make main() more digestable.
2017-12-15 16:23:09 +01:00
if (arg_action == ACTION_TEST &&
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-20 23:40:44 +01:00
geteuid() == 0)
return log_error_errno(SYNTHETIC_ERRNO(EPERM),
"Don't run test mode as root.");
core: split out various startup safety checks from main() into its own function No functional changes, just some refactoring to make main() more digestable.
2017-12-15 16:23:09 +01:00
if (!arg_system &&
arg_action == ACTION_RUN &&
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-20 23:40:44 +01:00
sd_booted() <= 0)
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
"Trying to run as user instance, but the system has not been booted with systemd.");
core: split out various startup safety checks from main() into its own function No functional changes, just some refactoring to make main() more digestable.
2017-12-15 16:23:09 +01:00
if (!arg_system &&
arg_action == ACTION_RUN &&
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-20 23:40:44 +01:00
!getenv("XDG_RUNTIME_DIR"))
return log_error_errno(SYNTHETIC_ERRNO(EUNATCH),
"Trying to run as user instance, but $XDG_RUNTIME_DIR is not set.");
core: split out various startup safety checks from main() into its own function No functional changes, just some refactoring to make main() more digestable.
2017-12-15 16:23:09 +01:00
if (arg_system &&
arg_action == ACTION_RUN &&
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-20 23:40:44 +01:00
running_in_chroot() > 0)
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
"Cannot be run in a chroot() environment.");
core: split out various startup safety checks from main() into its own function No functional changes, just some refactoring to make main() more digestable.
2017-12-15 16:23:09 +01:00
return 0;
}
main: split out security policy loading into its own function More refactoring to make things more digestable.
2017-12-15 16:32:10 +01:00
static int initialize_security(
bool *loaded_policy,
dual_timestamp *security_start_timestamp,
dual_timestamp *security_finish_timestamp,
const char **ret_error_message) {
int r;
assert(loaded_policy);
assert(security_start_timestamp);
assert(security_finish_timestamp);
assert(ret_error_message);
dual_timestamp_get(security_start_timestamp);
core: fix mac_selinux_setup return value check Introduced in 74da609f0d0f9112047dd746188469df3692ad4a. CID #1384210.
2018-01-04 11:29:36 +01:00
r = mac_selinux_setup(loaded_policy);
main: split out security policy loading into its own function More refactoring to make things more digestable.
2017-12-15 16:32:10 +01:00
if (r < 0) {
*ret_error_message = "Failed to load SELinux policy";
return r;
}
r = mac_smack_setup(loaded_policy);
if (r < 0) {
*ret_error_message = "Failed to load SMACK policy";
return r;
}
r = ima_setup();
if (r < 0) {
*ret_error_message = "Failed to load IMA policy";
return r;
}
dual_timestamp_get(security_finish_timestamp);
return 0;
}
core: split out test summary output into its own function More refactoring to make main() shorter.
2017-12-15 16:34:13 +01:00
static void test_summary(Manager *m) {
assert(m);
printf("-> By units:\n");
manager_dump_units(m, stdout, "\t");
printf("-> By jobs:\n");
manager_dump_jobs(m, stdout, "\t");
}
main: split out code that collects passed fds More refactoring to make main() more digestable
2017-12-15 17:09:18 +01:00
static int collect_fds(FDSet **ret_fds, const char **ret_error_message) {
int r;
assert(ret_fds);
assert(ret_error_message);
r = fdset_new_fill(ret_fds);
if (r < 0) {
*ret_error_message = "Failed to allocate fd set";
return log_emergency_errno(r, "Failed to allocate fd set: %m");
}
fdset_cloexec(*ret_fds, true);
if (arg_serialization)
assert_se(fdset_remove(*ret_fds, fileno(arg_serialization)) >= 0);
return 0;
}
main: split out code that sets up the console/terminal and stuff More refactoring to make main() more digestable.
2017-12-15 17:13:36 +01:00
static void setup_console_terminal(bool skip_setup) {
if (!arg_system)
return;
/* Become a session leader if we aren't one yet. */
(void) setsid();
/* If we are init, we connect stdin/stdout/stderr to /dev/null and make sure we don't have a controlling
* tty. */
(void) release_terminal();
/* Reset the console, but only if this is really init and we are freshly booted */
if (getpid_cached() == 1 && !skip_setup)
(void) console_setup();
}
main: split out 'skip_setup' check into its own functions And let's optimize it a tiny bit, by only iterating through the argument list once, instead of twice.
2017-12-15 18:53:03 +01:00
static bool early_skip_setup_check(int argc, char *argv[]) {
bool found_deserialize = false;
int i;
/* Determine if this is a reexecution or normal bootup. We do the full command line parsing much later, so
* let's just have a quick peek here. Note that if we have switched root, do all the special setup things
* anyway, even if in that case we also do deserialization. */
for (i = 1; i < argc; i++) {
if (streq(argv[i], "--switched-root"))
return false; /* If we switched root, don't skip the setup. */
else if (streq(argv[i], "--deserialize"))
found_deserialize = true;
}
return found_deserialize; /* When we are deserializing, then we are reexecuting, hence avoid the extensive setup */
}
pid1: rework environment block copy logic This reworks the logic introduced in a5cede8c24fddda9b73f142e09b18b49adde1b9c (#13693). First of all, let's move this out of util.c, since only PID 1 really needs this, and there's no real need to have it in util.c. Then, fix freeing of the variable. It previously relied on STATIC_DESTRUCTOR_REGISTER() which however relies on static_destruct() to be called explicitly. Currently only the main-func.h macros do that, and PID 1 does not. (It might be worth investigating whether to do that, but it's not trivial.) Hence the freeing wasn't applied. Finally, an OOM check was missing, add it in.
2019-11-01 11:26:05 +01:00
static int save_env(void) {
char **l;
l = strv_copy(environ);
if (!l)
return -ENOMEM;
strv_free_and_replace(saved_env, l);
return 0;
}
initial commit
2009-11-18 00:42:52 +01:00
int main(int argc, char *argv[]) {
main: reorder variable declarations a bit Let's remove a bit redundancy, and list variables of the same type/category in one declaration line.
2017-12-15 19:02:35 +01:00
dual_timestamp initrd_timestamp = DUAL_TIMESTAMP_NULL, userspace_timestamp = DUAL_TIMESTAMP_NULL, kernel_timestamp = DUAL_TIMESTAMP_NULL,
security_start_timestamp = DUAL_TIMESTAMP_NULL, security_finish_timestamp = DUAL_TIMESTAMP_NULL;
main: add commenting, clean up handling of saved resource limits This doesn't really change behaviour, but adds comments and uses more symbolic names for everything, to make this more readable.
2019-01-16 14:50:03 +01:00
struct rlimit saved_rlimit_nofile = RLIMIT_MAKE_CONST(0),
saved_rlimit_memlock = RLIMIT_MAKE_CONST(RLIM_INFINITY); /* The original rlimits we passed
* in. Note we use different values
* for the two that indicate whether
* these fields are initialized! */
main: reorder variable declarations a bit Let's remove a bit redundancy, and list variables of the same type/category in one declaration line.
2017-12-15 19:02:35 +01:00
bool skip_setup, loaded_policy = false, queue_default_job = false, first_boot = false, reexecute = false;
char *switch_root_dir = NULL, *switch_root_init = NULL;
main: profile unit file loading
2011-07-28 23:41:57 +02:00
usec_t before_startup, after_startup;
main: reorder variable declarations a bit Let's remove a bit redundancy, and list variables of the same type/category in one declaration line.
2017-12-15 19:02:35 +01:00
static char systemd[] = "systemd";
main: profile unit file loading
2011-07-28 23:41:57 +02:00
char timespan[FORMAT_TIMESPAN_MAX];
main: reorder variable declarations a bit Let's remove a bit redundancy, and list variables of the same type/category in one declaration line.
2017-12-15 19:02:35 +01:00
const char *shutdown_verb = NULL, *error_message = NULL;
int r, retval = EXIT_FAILURE;
Manager *m = NULL;
reload: implement reload/reexec logic
2010-04-21 03:27:44 +02:00
FDSet *fds = NULL;
main: initialize default boot target from argv[1]
2010-04-04 22:49:26 +02:00
main: add some more comments for the early initialization phase
2017-12-15 19:03:17 +01:00
/* SysV compatibility: redirect init → telinit */
core: let's shorten main() a bit, let's split out telinit redirection into a separate function
2017-11-16 11:48:45 +01:00
redirect_telinit(argc, argv);
init: call telinit in case we are run as init and not pid1
2010-06-18 20:01:01 +02:00
main: add some more comments for the early initialization phase
2017-12-15 19:03:17 +01:00
/* Take timestamps early on */
systemd: record the timestamps as early as possible The time for systemd initialization and selinux policy loading is accounted to the initrd or the kernel, which is wrong. Instead of: Startup finished in 5.559s (firmware) + 36ms (loader) + 665ms (kernel) + 975ms (initrd) + 1.410s (userspace) = 8.647s the more correct output is: Startup finished in 5.559s (firmware) + 36ms (loader) + 665ms (kernel) + 475ms (initrd) + 1.910s (userspace) = 8.647s
2013-04-24 17:15:47 +02:00
dual_timestamp_from_monotonic(&kernel_timestamp, 0);
dual_timestamp_get(&userspace_timestamp);
main: add some more comments for the early initialization phase
2017-12-15 19:03:17 +01:00
/* Figure out whether we need to do initialize the system, or if we already did that because we are
* reexecuting */
main: split out 'skip_setup' check into its own functions And let's optimize it a tiny bit, by only iterating through the argument list once, instead of twice.
2017-12-15 18:53:03 +01:00
skip_setup = early_skip_setup_check(argc, argv);
core/main.c: add "--switchedroot" parameter If systemd serializes from a switch_root, it adds "--switchedroot" to the systemd in the real root. If "--switchedroot" is found, then we do not skip all the stuff, which is skipped for normal rexecs.
2012-05-16 14:22:42 +02:00
main: add some more comments for the early initialization phase
2017-12-15 19:03:17 +01:00
/* If we get started via the /sbin/init symlink then we are called 'init'. After a subsequent reexecution we
* are then called 'systemd'. That is confusing, hence let's call us systemd right-away. */
main: rename process on startup to 'systemd' to avoid confusion
2010-11-10 22:35:05 +01:00
program_invocation_short_name = systemd;
core: minor coding style/wording fixes
2016-12-08 17:23:08 +01:00
(void) prctl(PR_SET_NAME, systemd);
exec: include path name of binary we are about to execute when renaming forked off processes Immediately after forking off a process change the comm name and argv[0] to "(foobar)" where "foobar" is the basename of the path we are about to execute. This should be useful when charting boot progress.
2012-02-01 22:33:15 +01:00
main: add some more comments for the early initialization phase
2017-12-15 19:03:17 +01:00
/* Save the original command line */
util: introduce save_argc_argv() helper
2019-03-15 10:46:54 +01:00
save_argc_argv(argc, argv);
main: rename process on startup to 'systemd' to avoid confusion
2010-11-10 22:35:05 +01:00
pid1: rework environment block copy logic This reworks the logic introduced in a5cede8c24fddda9b73f142e09b18b49adde1b9c (#13693). First of all, let's move this out of util.c, since only PID 1 really needs this, and there's no real need to have it in util.c. Then, fix freeing of the variable. It previously relied on STATIC_DESTRUCTOR_REGISTER() which however relies on static_destruct() to be called explicitly. Currently only the main-func.h macros do that, and PID 1 does not. (It might be worth investigating whether to do that, but it's not trivial.) Hence the freeing wasn't applied. Finally, an OOM check was missing, add it in.
2019-11-01 11:26:05 +01:00
/* Save the original environment as we might need to restore it if we're requested to execute another
* system manager later. */
r = save_env();
if (r < 0) {
error_message = "Failed to copy environment block";
goto finish;
}
pid1: restore the original environment passed by the kernel when switching to a new system manager PID1 may modified the environment passed by the kernel when it starts running. Commit 9d48671c62de133a2b9fe7c31e70c0ff8e68f2db unset $HOME for example. In case PID1 is going to switch to a new root and execute a new system manager which is not systemd, we should restore the original environment as the new manager might expect some variables to be set by default (more specifically $HOME).
2019-10-01 14:31:14 +02:00
log: make log_set_upgrade_syslog_to_journal() take effect immediately This doesn't matter much, and we don't rely on it, but I think it's much nicer if we log_set_target() and log_set_upgrade_syslog_to_journal() can be called in either order and have the same effect.
2018-01-24 17:33:07 +01:00
/* Make sure that if the user says "syslog" we actually log to the journal. */
log: never ever log to syslog from PID 1, log to the journal again We don't support journal-less systems anyway, so let's avoid the confusion.
2014-08-11 20:08:08 +02:00
log_set_upgrade_syslog_to_journal(true);
log: make color/location logging optional
2010-06-17 22:52:55 +02:00
tree-wide: make use of getpid_cached() wherever we can This moves pretty much all uses of getpid() over to getpid_raw(). I didn't specifically check whether the optimization is worth it for each replacement, but in order to keep things simple and systematic I switched over everything at once.
2017-07-20 16:19:18 +02:00
if (getpid_cached() == 1) {
main: simplify arg_system initialization a bit For both branches of the if check it's the first line, hence let's just do it before.
2018-06-13 18:47:13 +02:00
/* When we run as PID 1 force system mode */
arg_system = true;
log: never log into foreign fd #2 in PID 1 or its pre-execve() children Fixes: #5401
2017-02-21 17:57:55 +01:00
/* Disable the umask logic */
main: set umask before creating any files This avoids a problem when we inherit a non-zero umask from the initramfs. This would cause /run/systemd to be created with the wrong mode.
2013-09-26 20:39:41 +02:00
umask(0);
main: combine a some if checks Let's merge a few if blocks that are conditioned out the same way. No change in behaviour.
2018-06-05 16:07:49 +02:00
/* Make sure that at least initially we do not ever log to journald/syslogd, because it might not be
* activated yet (even though the log socket for it exists). */
pid1: make use of new "prohibit_ipc" logging flag in PID 1 Let's set it initially, and then toggle it only when we know its safe.
2018-01-24 17:42:12 +01:00
log_set_prohibit_ipc(true);
log: never log into foreign fd #2 in PID 1 or its pre-execve() children Fixes: #5401
2017-02-21 17:57:55 +01:00
/* Always reopen /dev/console when running as PID 1 or one of its pre-execve() children. This is
* important so that we never end up logging to any foreign stderr, for example if we have to log in a
* child process right before execve()'ing the actual binary, at a point in time where socket
* activation stderr/stdout area already set up. */
log_set_always_reopen_console(true);
main: combine a some if checks Let's merge a few if blocks that are conditioned out the same way. No change in behaviour.
2018-06-05 16:07:49 +02:00
if (detect_container() <= 0) {
systemd: record efi timestamps after /sys is mounted This partially reverts commit c3a170f3, which moved efi_get_boot_timestamps too early in main(), before /sys is assured to be mounted Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=64371 [tomegun: in particular /sys/firmware/efi/efivars needs to be mounted, which is not a problem if a systemd-initramfs containing the correct module is being used. But not everyone uses an initramfs...]
2013-05-14 00:00:37 +02:00
main: combine a some if checks Let's merge a few if blocks that are conditioned out the same way. No change in behaviour.
2018-06-05 16:07:49 +02:00
/* Running outside of a container as PID 1 */
log_set_target(LOG_TARGET_KMSG);
log_open();
main: when transitioning from initrd to the main system log to kmsg When the new PID is invoked the journal socket from the initrd might still be around. Due to the default log target being journal we'd log to that initially when the new main systemd initializes even if the kernel command line included a directive to redirect systemd's logging elsewhere. With this fix we initially always log to kmsg now, if we are PID1, and only after parsing the kernel cmdline try to open the journal if that's desired. (The effective benefit of this is that SELinux performance data is now logged again to kmsg like it used to be.)
2012-09-17 17:42:13 +02:00
main: combine a some if checks Let's merge a few if blocks that are conditioned out the same way. No change in behaviour.
2018-06-05 16:07:49 +02:00
if (in_initrd())
initrd_timestamp = userspace_timestamp;
core/main.c: handle the initrd timestamp differently, if in the initrd If systemd is in the initrd/initramfs, set the initrd timestamp and do not try to read it from the RD_TIMESTAMP environment variable.
2012-05-16 14:22:44 +02:00
main: combine a some if checks Let's merge a few if blocks that are conditioned out the same way. No change in behaviour.
2018-06-05 16:07:49 +02:00
if (!skip_setup) {
r = mount_setup_early();
if (r < 0) {
error_message = "Failed to mount early API filesystems";
goto finish;
}
core: try to reopen /dev/kmsg again right after mounting /dev I was debugging stuff during early boot, and was confused that I never found the logs for it in kmsg. The reason for that was that /proc is generally not mounted the first time we do log_open() and hence log_set_target(LOG_TARGET_KMSG) we do when running as PID 1 had not effect. A lot later during start-up we call log_open() again where this is fixed (after the point where we close all remaining fds still open), but in the meantime no logs every got written to kmsg. This patch fixes that.
2019-07-19 18:29:11 +02:00
/* Let's open the log backend a second time, in case the first time didn't
* work. Quite possibly we have mounted /dev just now, so /dev/kmsg became
* available, and it previously wasn't. */
log_open();
pid1: disable printk ratelimit in early boot We have the problem that many early boot or late shutdown issues are harder to solve than they could be because we have no logs. When journald is not running, messages are redirected to /dev/kmsg. It is also the time when many things happen in a rapid succession, so we tend to hit the kernel printk ratelimit fairly reliably. The end result is that we get no logs from the time where they would be most useful. Thus let's disable the kernels ratelimit. Once the system is up and running, the ratelimit is not a problem. But during normal runtime, things also log to journald, and not to /dev/kmsg, so the ratelimit is not useful. Hence, there doesn't seem to be much point in trying to restore the ratelimit after boot is finished and journald is up and running. See kernel's commit 750afe7babd117daabebf4855da18e4418ea845e for the description of the kenrel interface. Our setting has lower precedence than explicit configuration on the kenrel command line.
2019-09-18 21:02:07 +02:00
disable_printk_ratelimit();
main: combine a some if checks Let's merge a few if blocks that are conditioned out the same way. No change in behaviour.
2018-06-05 16:07:49 +02:00
r = initialize_security(
&loaded_policy,
&security_start_timestamp,
&security_finish_timestamp,
&error_message);
if (r < 0)
goto finish;
manager: print fatal error if early mount failed The mount_setup_early() can fail and if it will occur, there is no sense to make selinux setup and etc.
2016-02-02 20:36:33 +01:00
}
core: minor coding style/wording fixes
2016-12-08 17:23:08 +01:00
main: combine a some if checks Let's merge a few if blocks that are conditioned out the same way. No change in behaviour.
2018-06-05 16:07:49 +02:00
if (mac_selinux_init() < 0) {
error_message = "Failed to initialize SELinux policy";
main: load Smack policy before IMA policy (#3859) IMA wiki says: "If the IMA policy contains LSM labels, then the LSM policy must be loaded prior to the IMA policy." Right now, in case of Smack, the IMA policy is loaded before the Smack policy. Move the order around to allow Smack labels to be used in IMA policy.
2016-08-02 14:58:30 +02:00
goto finish;
main: combine a some if checks Let's merge a few if blocks that are conditioned out the same way. No change in behaviour.
2018-06-05 16:07:49 +02:00
}
selinux: use setcon() instead of reexec to apply selinux policy
2011-07-28 23:52:23 +02:00
main: combine a some if checks Let's merge a few if blocks that are conditioned out the same way. No change in behaviour.
2018-06-05 16:07:49 +02:00
if (!skip_setup)
initialize_clock();
/* Set the default for later on, but don't actually open the logs like this for now. Note that
* if we are transitioning from the initrd there might still be journal fd open, and we
* shouldn't attempt opening that before we parsed /proc/cmdline which might redirect output
* elsewhere. */
log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
} else {
/* Running inside a container, as PID 1 */
log_set_target(LOG_TARGET_CONSOLE);
log_open();
/* For later on, see above... */
log_set_target(LOG_TARGET_JOURNAL);
/* clear the kernel timestamp,
* because we are in a container */
kernel_timestamp = DUAL_TIMESTAMP_NULL;
manager: print fatal errors on the console too When booting in quiet mode, fatal messages would not be shown at all to the user. https://bugzilla.redhat.com/show_bug.cgi?id=1155468
2014-11-06 06:05:38 +01:00
}
rtc in localtime: use settimeofday(NULL, tz) instead of hwclock(8) We check for LOCAL in /etc/adjtime and if needed, ask the kernel to apply the timezone delta to the system clock. The very first call of settimeofday() without a time, but a timezone warps the system clock, so that it properly runs in UTC.
2011-05-24 20:23:07 +02:00
main: combine a some if checks Let's merge a few if blocks that are conditioned out the same way. No change in behaviour.
2018-06-05 16:07:49 +02:00
initialize_coredump(skip_setup);
main: when transitioning from initrd to the main system log to kmsg When the new PID is invoked the journal socket from the initrd might still be around. Due to the default log target being journal we'd log to that initially when the new main systemd initializes even if the kernel command line included a directive to redirect systemd's logging elsewhere. With this fix we initially always log to kmsg now, if we are PID1, and only after parsing the kernel cmdline try to open the journal if that's desired. (The effective benefit of this is that SELinux performance data is now logged again to kmsg like it used to be.)
2012-09-17 17:42:13 +02:00
main: combine a some if checks Let's merge a few if blocks that are conditioned out the same way. No change in behaviour.
2018-06-05 16:07:49 +02:00
r = fixup_environment();
if (r < 0) {
log_emergency_errno(r, "Failed to fix up PID 1 environment: %m");
error_message = "Failed to fix up PID1 environment";
goto finish;
}
main: when transitioning from initrd to the main system log to kmsg When the new PID is invoked the journal socket from the initrd might still be around. Due to the default log target being journal we'd log to that initially when the new main systemd initializes even if the kernel command line included a directive to redirect systemd's logging elsewhere. With this fix we initially always log to kmsg now, if we are PID1, and only after parsing the kernel cmdline try to open the journal if that's desired. (The effective benefit of this is that SELinux performance data is now logged again to kmsg like it used to be.)
2012-09-17 17:42:13 +02:00
systemd: record the timestamps as early as possible The time for systemd initialization and selinux policy loading is accounted to the initrd or the kernel, which is wrong. Instead of: Startup finished in 5.559s (firmware) + 36ms (loader) + 665ms (kernel) + 975ms (initrd) + 1.410s (userspace) = 8.647s the more correct output is: Startup finished in 5.559s (firmware) + 36ms (loader) + 665ms (kernel) + 475ms (initrd) + 1.910s (userspace) = 8.647s
2013-04-24 17:15:47 +02:00
} else {
main: when transitioning from initrd to the main system log to kmsg When the new PID is invoked the journal socket from the initrd might still be around. Due to the default log target being journal we'd log to that initially when the new main systemd initializes even if the kernel command line included a directive to redirect systemd's logging elsewhere. With this fix we initially always log to kmsg now, if we are PID1, and only after parsing the kernel cmdline try to open the journal if that's desired. (The effective benefit of this is that SELinux performance data is now logged again to kmsg like it used to be.)
2012-09-17 17:42:13 +02:00
/* Running as user instance */
core: remove ManagerRunningAs enum Previously, we had two enums ManagerRunningAs and UnitFileScope, that were mostly identical and converted from one to the other all the time. The latter had one more value UNIT_FILE_GLOBAL however. Let's simplify things, and remove ManagerRunningAs and replace it by UnitFileScope everywhere, thus making the translation unnecessary. Introduce two new macros MANAGER_IS_SYSTEM() and MANAGER_IS_USER() to simplify checking if we are running in one or the user context.
2016-02-24 21:24:23 +01:00
arg_system = false;
log: log to syslog unless connected to a tty in user mode
2011-07-01 22:35:34 +02:00
log_set_target(LOG_TARGET_AUTO);
selinux: log how much time it takes to load the SELinux policy and database
2011-07-25 21:22:57 +02:00
log_open();
systemd: record the timestamps as early as possible The time for systemd initialization and selinux policy loading is accounted to the initrd or the kernel, which is wrong. Instead of: Startup finished in 5.559s (firmware) + 36ms (loader) + 665ms (kernel) + 975ms (initrd) + 1.410s (userspace) = 8.647s the more correct output is: Startup finished in 5.559s (firmware) + 36ms (loader) + 665ms (kernel) + 475ms (initrd) + 1.910s (userspace) = 8.647s
2013-04-24 17:15:47 +02:00
/* clear the kernel timestamp,
* because we are not PID 1 */
core: use DUAL_TIMESTAMP_NULL where we can
2015-08-28 17:11:37 +02:00
kernel_timestamp = DUAL_TIMESTAMP_NULL;
log: make color/location logging optional
2010-06-17 22:52:55 +02:00
}
manager: make running_as configurable
2010-04-06 23:55:42 +02:00
pid1: restore console color support for containers (#3595) Commit 3a18b60489504056f9b0b1a139439cbfa60a87e1 introduced a regression that disabled the color mode for container. This patch fixes this.
2016-06-24 16:08:43 +02:00
if (arg_system) {
main: combine a some if checks Let's merge a few if blocks that are conditioned out the same way. No change in behaviour.
2018-06-05 16:07:49 +02:00
/* Try to figure out if we can use colors with the console. No need to do that for user instances since
* they never log into the console. */
pid1: initialize status color mode after setting up TERM Also we had to connect PID's stdio to null later since colors_enabled() assume that stdout is connected to the console.
2016-06-20 21:45:28 +02:00
log_show_color(colors_enabled());
main: combine a some if checks Let's merge a few if blocks that are conditioned out the same way. No change in behaviour.
2018-06-05 16:07:49 +02:00
tree-wide: pass return value of make_null_stdio() to warning instead of errno (#4328) as @poettering suggested in the #4320
2016-10-10 19:51:33 +02:00
r = make_null_stdio();
if (r < 0)
main: combine a some if checks Let's merge a few if blocks that are conditioned out the same way. No change in behaviour.
2018-06-05 16:07:49 +02:00
log_warning_errno(r, "Failed to redirect standard streams to /dev/null, ignoring: %m");
pid1: initialize status color mode after setting up TERM Also we had to connect PID's stdio to null later since colors_enabled() assume that stdout is connected to the console.
2016-06-20 21:45:28 +02:00
}
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
/* Mount /proc, /sys and friends, so that /proc/cmdline and
* /proc/$PID/fd is available. */
tree-wide: make use of getpid_cached() wherever we can This moves pretty much all uses of getpid() over to getpid_raw(). I didn't specifically check whether the optimization is worth it for each replacement, but in order to keep things simple and systematic I switched over everything at once.
2017-07-20 16:19:18 +02:00
if (getpid_cached() == 1) {
kmod: move #ifdef checks for kmod-setup out of main.c into kmod-setup.c
2014-11-14 17:58:32 +01:00
Drop kdbus bits Some kdbus_flag and memfd related parts are left behind, because they are entangled with the "legacy" dbus support. test-bus-benchmark is switched to "manual". It was already broken before (in the non-kdbus mode) but apparently nobody noticed. Hopefully it can be fixed later.
2017-07-23 17:45:57 +02:00
/* Load the kernel modules early. */
mount-setup: remove mount_setup_late() Turns out we can just do kmod_setup() earlier, before we do mount_setup(), so there's no need for mount_setup_late() anymore. Instead, put kdbusfs in mount_table[].
2014-11-14 15:18:56 +01:00
if (!skip_setup)
kmod_setup();
cgroup: optionally mount a specific cgroup controllers together, and add cpu+cpuacct to the default
2011-08-23 00:37:35 +02:00
r = mount_setup(loaded_policy);
manager: print fatal errors on the console too When booting in quiet mode, fatal messages would not be shown at all to the user. https://bugzilla.redhat.com/show_bug.cgi?id=1155468
2014-11-06 06:05:38 +01:00
if (r < 0) {
error_message = "Failed to mount API filesystems";
main: don't try to mount api dirs if we are not root
2010-05-24 18:59:13 +02:00
goto finish;
manager: print fatal errors on the console too When booting in quiet mode, fatal messages would not be shown at all to the user. https://bugzilla.redhat.com/show_bug.cgi?id=1155468
2014-11-06 06:05:38 +01:00
}
core: take random seed from boot loader and credit it to kernel entropy pool
2019-07-19 19:39:15 +02:00
/* The efivarfs is now mounted, let's read the random seed off it */
(void) efi_take_random_seed();
cgroup: optionally mount a specific cgroup controllers together, and add cpu+cpuacct to the default
2011-08-23 00:37:35 +02:00
}
main: move basic setup into main.c
2010-04-06 21:59:25 +02:00
pid1: make sure to restore correct default values for some rlimits Commit fb39af4ce42d7ef9af63009f271f404038703704 forgot to restore the default rlimit values (RLIMIT_NOFILE and RLIMIT_MEMLOCK) while PID1 is reloading. This patch extracts the code in charge of initializing the default values for those rlimits in order to create dedicated functions, which take care of their initialization. These functions are then called in parse_configuration() so we make sure that the default values for these rlimits get restored every time PID1 is reloading its configuration.
2019-07-10 17:00:46 +02:00
/* Save the original RLIMIT_NOFILE/RLIMIT_MEMLOCK so that we can reset it later when
* transitioning from the initrd to the main systemd or suchlike. */
save_rlimits(&saved_rlimit_nofile, &saved_rlimit_memlock);
main: move basic setup into main.c
2010-04-06 21:59:25 +02:00
/* Reset all signal handlers. */
tree-wide: whenever we fork off a foreign child process reset signal mask/handlers Also, when the child is potentially long-running make sure to set a death signal. Also, ignore the result of the reset operations explicitly by casting them to (void).
2015-05-31 23:55:55 +02:00
(void) reset_all_signal_handlers();
(void) ignore_signals(SIGNALS_IGNORE, -1);
main: ignore SIGKILL and SIGPIPE so that nothing intereferes with us
2010-04-13 02:01:28 +02:00
pid1: make sure to restore correct default values for some rlimits Commit fb39af4ce42d7ef9af63009f271f404038703704 forgot to restore the default rlimit values (RLIMIT_NOFILE and RLIMIT_MEMLOCK) while PID1 is reloading. This patch extracts the code in charge of initializing the default values for those rlimits in order to create dedicated functions, which take care of their initialization. These functions are then called in parse_configuration() so we make sure that the default values for these rlimits get restored every time PID1 is reloading its configuration.
2019-07-10 17:00:46 +02:00
r = load_configuration(argc, argv, &saved_rlimit_nofile, &saved_rlimit_memlock, &error_message);
main: split out all parsing of command line arguments/kernel arguments/configuration files Let's shorten main() a bit, and split out everything that loads our configuration and runtime parameters into a function of its own. No changes in behaviour.
2017-12-15 16:14:19 +01:00
if (r < 0)
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
goto finish;
main: initialize default unit little later (#4321) systemd fills arg_default_unit during startup with default.target value. But arg_default_unit may be overwritten in parse_argv() or parse_proc_cmdline_item(). Let's check value of arg_default_unit after calls of parse_argv() and parse_proc_cmdline_item() and fill it with default.target if it wasn't filled before. In this way we will not spend unnecessary time to for filling arg_default_unit with default.target.
2016-10-10 04:57:03 +02:00
core: split out various startup safety checks from main() into its own function No functional changes, just some refactoring to make main() more digestable.
2017-12-15 16:23:09 +01:00
r = safety_checks();
if (r < 0)
main: refuse system to be started in a chroot
2011-03-09 23:59:27 +01:00
goto finish;
core: add --dump-bus-properties option to systemd If systemd is invoked with this option, this dumps all bus properties. This may be useful for shell completion for `systemctl --property`.
2018-05-28 11:13:19 +02:00
if (IN_SET(arg_action, ACTION_TEST, ACTION_HELP, ACTION_DUMP_CONFIGURATION_ITEMS, ACTION_DUMP_BUS_PROPERTIES))
basic/pager: convert the pager options to a flags argument Pretty much everything uses just the first argument, and this doesn't make this common pattern more complicated, but makes it simpler to pass multiple options.
2018-11-11 12:56:29 +01:00
(void) pager_open(arg_pager_flags);
core: split out various startup safety checks from main() into its own function No functional changes, just some refactoring to make main() more digestable.
2017-12-15 16:23:09 +01:00
if (arg_action != ACTION_RUN)
core/main: get rid from excess check of ACTION_TEST (#4350) If `--test` command line option was passed, the systemd set skip_setup to true during bootup. But after this we check again that arg_action is test or help and opens pager depends on result. We should skip setup in a case when `--test` is passed, but it is also safe to set skip_setup in a case of `--help`. So let's remove first check and move skip_setup = true to the second check.
2016-10-11 23:30:04 +02:00
skip_setup = true;
systemd: use pager for --test and --help
2014-01-07 06:00:05 +01:00
main: add a native implementation of the 'nomodules' kernel option understood by fedora init scripts
2010-07-06 20:21:08 +02:00
if (arg_action == ACTION_HELP) {
tree-wide: add clickable man page link to all --help texts This is a bit like the info link in most of GNU's --help texts, but we don't do info but man pages, and we make them properly clickable on terminal supporting that, because awesome. I think it's generally advisable to link up our (brief) --help texts and our (more comprehensive) man pages a bit, so this should be an easy and straight-forward way to do it.
2018-08-09 10:32:31 +02:00
retval = help() < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
goto finish;
systemd: add --version option systemd --version mirrors systemctl --version: $ ./systemd --version systemd 186 other +PAM +LIBWRAP +AUDIT +SELINUX +IMA +SYSVINIT -LIBCRYPTSETUP This information can be retrieved by other means (systemctl, etc.), but it's easier for a newbie if 'systemd --version' says something useful. And 'systemd --help' is already there, so let's complement that with '--version'.
2012-07-17 07:31:47 +02:00
} else if (arg_action == ACTION_VERSION) {
retval = version();
goto finish;
main: add a native implementation of the 'nomodules' kernel option understood by fedora init scripts
2010-07-06 20:21:08 +02:00
} else if (arg_action == ACTION_DUMP_CONFIGURATION_ITEMS) {
mount: implement mounting properly This also includes code that writes utmp/wtmp records when applicable, making use the mount infrastructure to detct when those files are accessible. Finally, this also introduces a --dump-configuration-items switch.
2010-04-10 17:53:17 +02:00
unit_dump_config_items(stdout);
systemctl: rework exit codes for all utility programs to follow LSB or other standards
2010-08-31 21:05:54 +02:00
retval = EXIT_SUCCESS;
mount: implement mounting properly This also includes code that writes utmp/wtmp records when applicable, making use the mount infrastructure to detct when those files are accessible. Finally, this also introduces a --dump-configuration-items switch.
2010-04-10 17:53:17 +02:00
goto finish;
core: add --dump-bus-properties option to systemd If systemd is invoked with this option, this dumps all bus properties. This may be useful for shell completion for `systemctl --property`.
2018-05-28 11:13:19 +02:00
} else if (arg_action == ACTION_DUMP_BUS_PROPERTIES) {
dump_bus_properties(stdout);
retval = EXIT_SUCCESS;
goto finish;
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
}
tree-wide: use IN_SET macro (#6977)
2017-10-04 16:01:32 +02:00
assert_se(IN_SET(arg_action, ACTION_RUN, ACTION_TEST));
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
main: move chdir("/") a bit earlier There's no need to do this within the block where logging is closed, hence move it earlier, so that this block can be kept as small as possible.
2017-12-15 16:49:43 +01:00
/* Move out of the way, so that we won't block unmounts */
assert_se(chdir("/") == 0);
main: skip many initialization steps when running in --test mode Most importantly, don't collect open socket activation fds when in --test mode. This specifically created a problem because we invoke pager_open() beforehand (which these days makes copies of the original stdout/stderr in order to be able to restore them when the pager goes away) and we might mistakenly the fd copies it creates as socket activation fds. Fixes: #6383
2017-09-13 10:31:40 +02:00
if (arg_action == ACTION_RUN) {
main: slightly rearrange serialization fdset, and logging/console setup Let's merge two if blocks, and move log_close()/log_open() out of the testing codepath, as there's no reason to have it there.
2017-12-15 16:53:13 +01:00
core: introduce systemd.early_core_pattern= kernel cmdline option Until a core dump handler is installed by systemd-sysctl, the generation of core dump for services is turned OFF which can make the debugging of the early boot process harder especially since there's no easy way to restore the core dump generation. This patch introduces a new kernel command line option which specifies an absolute path where the kernel should write the core dump file when an early process crashes. This will take effect until systemd-coredump (or any other handlers) takes over.
2018-10-08 16:09:59 +02:00
/* A core pattern might have been specified via the cmdline. */
initialize_core_pattern(skip_setup);
main: split out code that collects passed fds More refactoring to make main() more digestable
2017-12-15 17:09:18 +01:00
/* Close logging fds, in order not to confuse collecting passed fds and terminal logic below */
main: slightly rearrange serialization fdset, and logging/console setup Let's merge two if blocks, and move log_close()/log_open() out of the testing codepath, as there's no reason to have it there.
2017-12-15 16:53:13 +01:00
log_close();
/* Remember open file descriptors for later deserialization */
main: split out code that collects passed fds More refactoring to make main() more digestable
2017-12-15 17:09:18 +01:00
r = collect_fds(&fds, &error_message);
if (r < 0)
main: skip many initialization steps when running in --test mode Most importantly, don't collect open socket activation fds when in --test mode. This specifically created a problem because we invoke pager_open() beforehand (which these days makes copies of the original stdout/stderr in order to be able to restore them when the pager goes away) and we might mistakenly the fd copies it creates as socket activation fds. Fixes: #6383
2017-09-13 10:31:40 +02:00
goto finish;
reload: implement reload/reexec logic
2010-04-21 03:27:44 +02:00
main: split out code that sets up the console/terminal and stuff More refactoring to make main() more digestable.
2017-12-15 17:13:36 +01:00
/* Give up any control of the console, but make sure its initialized. */
setup_console_terminal(skip_setup);
main: minor code modernization for initializing the console
2014-08-15 18:01:52 +02:00
main: slightly rearrange serialization fdset, and logging/console setup Let's merge two if blocks, and move log_close()/log_open() out of the testing codepath, as there's no reason to have it there.
2017-12-15 16:53:13 +01:00
/* Open the logging devices, if possible and necessary */
log_open();
main: minor code modernization for initializing the console
2014-08-15 18:01:52 +02:00
}
main: move basic setup into main.c
2010-04-06 21:59:25 +02:00
core: split out execution context logging from main() Again, no functional changes, let's just shorten main() a bit, by splitting out more code into a separate functions.
2017-12-06 21:50:18 +01:00
log_execution_mode(&first_boot);
manager: make running_as configurable
2010-04-06 23:55:42 +02:00
main: let's move ACTION_RUN test into initialize_runtime() Let's hide this check inside the function and make it easier to follow the general control flow of main().
2017-12-15 17:52:33 +01:00
r = initialize_runtime(skip_setup,
&saved_rlimit_nofile,
&saved_rlimit_memlock,
&error_message);
if (r < 0)
goto finish;
main: bump up RLIMIT_NOFILE for systemd itself For setups with many listening sockets the default kernel resource limit of 1024 fds is not enough. Bump this up to 64K to avoid any limitations in this regard. We are careful to pass on the kernel default to daemons however, since normally resource limits are a good to enforce, especially since select() can't handle fds > 1023.
2012-09-17 16:35:59 +02:00
Make test_run into a flags field and disable generators again Now generators are only run in systemd --test mode, where this makes most sense (how are you going to test what would happen otherwise?). Fixes #6842. v2: - rename test_run to test_run_flags
2017-09-16 11:19:43 +02:00
r = manager_new(arg_system ? UNIT_FILE_SYSTEM : UNIT_FILE_USER,
arg_action == ACTION_TEST ? MANAGER_TEST_FULL : 0,
&m);
systemd: add hardware watchdog support This adds minimal hardware watchdog support to PID 1. The idea is that PID 1 supervises and watchdogs system services, while the hardware watchdog is used to supervise PID 1. This adds two hardware watchdog configuration options, for the runtime watchdog and for a shutdown watchdog. The former is active during normal operation, the latter only at reboots to ensure that if a clean reboot times out we reboot nonetheless. If the runtime watchdog is enabled PID 1 will automatically wake up at half the configured interval and write to the watchdog daemon. By default we enable the shutdown watchdog, but leave the runtime watchdog disabled in order not to break independent hardware watchdog daemons people might be using. This is only the most basic hookup. If necessary we can later on hook up the watchdog ping more closely with services deemed crucial.
2012-04-05 22:08:10 +02:00
if (r < 0) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 13:19:16 +01:00
log_emergency_errno(r, "Failed to allocate manager object: %m");
manager: print fatal errors on the console too When booting in quiet mode, fatal messages would not be shown at all to the user. https://bugzilla.redhat.com/show_bug.cgi?id=1155468
2014-11-06 06:05:38 +01:00
error_message = "Failed to allocate manager object";
initial commit
2009-11-18 00:42:52 +01:00
goto finish;
}
manager: rework the timestamps logic, so that they are an enum-index array This makes things quite a bit more systematic I think, as we can systematically operate on all timestamps, for example for the purpose of serialization/deserialization. This rework doesn't necessarily make things shorter in the individual lines, but it does reduce the line count a bit. (This is useful particularly when we want to add additional timestamps, for example to solve #7023)
2017-11-20 21:01:13 +01:00
m->timestamps[MANAGER_TIMESTAMP_KERNEL] = kernel_timestamp;
m->timestamps[MANAGER_TIMESTAMP_INITRD] = initrd_timestamp;
m->timestamps[MANAGER_TIMESTAMP_USERSPACE] = userspace_timestamp;
core: serialize/deserialize several timestamps on initrd in different names
2018-07-22 06:41:44 +02:00
m->timestamps[manager_timestamp_initrd_mangle(MANAGER_TIMESTAMP_SECURITY_START)] = security_start_timestamp;
m->timestamps[manager_timestamp_initrd_mangle(MANAGER_TIMESTAMP_SECURITY_FINISH)] = security_finish_timestamp;
manager: optionally print status updates to console on boot
2010-07-07 00:00:59 +02:00
main: rename manager_set_defaults() → set_manager_defaults() This function is really not a method of the Manager object (implemented in manager.c), but just a helper in main.c. Hence let's not confusingly name it the way methods are called.
2017-11-15 20:15:01 +01:00
set_manager_defaults(m);
main: add set_manager_settings(), similar in style to set_manager_defaults()
2017-11-16 11:45:02 +01:00
set_manager_settings(m);
core: never apply first boot presets in the initrd Presets are useful to initialize uninitialized /etc, but that doesn't apply to the initrd. Also, let's rename etc_empty → first_boot. After all, the variable doesn't actually reflect whether /etc is really empty, it just reflects whether /etc/machine-id existed originally or not. Moreover, we later on directly initialize manager_set_first_boot() from it, hence let's just name it the same way all through the codepath, to make this all less confusing. See: #7100
2017-11-15 19:56:21 +01:00
manager_set_first_boot(m, first_boot);
fsck: show progress while fscking at boot
2011-09-01 21:05:06 +02:00
main: properly queue default.target after switched root This also introduces rd.systemd.unit= to specify the unit to boot into in the initrd.
2012-05-22 02:35:22 +02:00
/* Remember whether we should queue the default job */
core: add a system-wide SystemCallArchitectures= setting This is useful to prohibit execution of non-native processes on systems, for example 32bit binaries on 64bit systems, this lowering the attack service on incorrect syscall and ioctl 32→64bit mappings.
2014-02-13 01:35:27 +01:00
queue_default_job = !arg_serialization || arg_switched_root;
main: properly queue default.target after switched root This also introduces rd.systemd.unit= to specify the unit to boot into in the initrd.
2012-05-22 02:35:22 +02:00
main: profile unit file loading
2011-07-28 23:41:57 +02:00
before_startup = now(CLOCK_MONOTONIC);
core: add a system-wide SystemCallArchitectures= setting This is useful to prohibit execution of non-native processes on systems, for example 32bit binaries on 64bit systems, this lowering the attack service on incorrect syscall and ioctl 32→64bit mappings.
2014-02-13 01:35:27 +01:00
r = manager_startup(m, arg_serialization, fds);
manager: fix handling of failure in initialization We would warn and continue after failure in manager_startup, but there's no way we can continue. We must fail.
2017-01-22 07:35:33 +01:00
if (r < 0) {
core: add console error message if manager_startup() fails
2017-12-07 11:28:00 +01:00
error_message = "Failed to start up manager";
manager: fix handling of failure in initialization We would warn and continue after failure in manager_startup, but there's no way we can continue. We must fail.
2017-01-22 07:35:33 +01:00
goto finish;
}
reload: implement reload/reexec logic
2010-04-21 03:27:44 +02:00
core: split out code that queues default job from main() No functional changes really, just some refactoring to shorten main() a bit
2017-12-06 21:13:10 +01:00
/* This will close all file descriptors that were opened, but not claimed by any unit. */
tree-wide: take benefit of the fact that fdset_free() returns NULL
2015-09-23 01:05:55 +02:00
fds = fdset_free(fds);
util: introduce safe_fclose() and port everything over to it Adds a coccinelle script to port things over automatically.
2015-09-09 15:20:10 +02:00
arg_serialization = safe_fclose(arg_serialization);
main: properly queue default.target after switched root This also introduces rd.systemd.unit= to specify the unit to boot into in the initrd.
2012-05-22 02:35:22 +02:00
if (queue_default_job) {
core: split out code that queues default job from main() No functional changes really, just some refactoring to shorten main() a bit
2017-12-06 21:13:10 +01:00
r = do_queue_default_job(m, &error_message);
core: convert PID 1 to libsystemd-bus This patch converts PID 1 to libsystemd-bus and thus drops the dependency on libdbus. The only remaining code using libdbus is a test case that validates our bus marshalling against libdbus' marshalling, and this dependency can be turned off. This patch also adds a couple of things to libsystem-bus, that are necessary to make the port work: - Synthesizing of "Disconnected" messages when bus connections are severed. - Support for attaching multiple vtables for the same interface on the same path. This patch also fixes the SetDefaultTarget() and GetDefaultTarget() bus calls which used an inappropriate signature. As a side effect we will now generate PropertiesChanged messages which carry property contents, rather than just invalidation information.
2013-11-19 21:12:59 +01:00
if (r < 0)
main: fall back to rescue target when default target cannot be loaded
2010-04-08 02:00:40 +02:00
goto finish;
core: split out code that queues default job from main() No functional changes really, just some refactoring to shorten main() a bit
2017-12-06 21:13:10 +01:00
}
core: if we cannot JOB_ISOLATE the default target JOB_REPLACE it instead In order to maintain compatibility with older initrds which do not have AllowIsolate=yes set for their target units, fallback to JOB_REPLACE if JOB_ISOLATE doesn't work, but complain about it.
2013-03-07 22:18:34 +01:00
core: split out code that queues default job from main() No functional changes really, just some refactoring to shorten main() a bit
2017-12-06 21:13:10 +01:00
after_startup = now(CLOCK_MONOTONIC);
initial commit
2009-11-18 00:42:52 +01:00
core: split out code that queues default job from main() No functional changes really, just some refactoring to shorten main() a bit
2017-12-06 21:13:10 +01:00
log_full(arg_action == ACTION_TEST ? LOG_INFO : LOG_DEBUG,
"Loaded units and determined initial transaction in %s.",
format_timespan(timespan, sizeof(timespan), after_startup - before_startup, 100 * USEC_PER_MSEC));
main: show load profiling in test mode, too
2011-07-31 18:13:59 +02:00
core: split out code that queues default job from main() No functional changes really, just some refactoring to shorten main() a bit
2017-12-06 21:13:10 +01:00
if (arg_action == ACTION_TEST) {
core: split out test summary output into its own function More refactoring to make main() shorter.
2017-12-15 16:34:13 +01:00
test_summary(m);
core: split out code that queues default job from main() No functional changes really, just some refactoring to shorten main() a bit
2017-12-06 21:13:10 +01:00
retval = EXIT_SUCCESS;
goto finish;
main: implement --test
2010-04-07 00:10:17 +02:00
}
rework config file load logic
2010-01-28 02:44:47 +01:00
main: don't bother with the return value of invoke_mainloop() (#7802) We don't use the return value, and we don't have to, as the call already initializes &ret, which is the one we return as exit code from the process. CID#1384230
2018-01-04 12:55:21 +01:00
(void) invoke_main_loop(m,
pid1: make sure to restore correct default values for some rlimits Commit fb39af4ce42d7ef9af63009f271f404038703704 forgot to restore the default rlimit values (RLIMIT_NOFILE and RLIMIT_MEMLOCK) while PID1 is reloading. This patch extracts the code in charge of initializing the default values for those rlimits in order to create dedicated functions, which take care of their initialization. These functions are then called in parse_configuration() so we make sure that the default values for these rlimits get restored every time PID1 is reloading its configuration.
2019-07-10 17:00:46 +02:00
&saved_rlimit_nofile,
&saved_rlimit_memlock,
main: don't bother with the return value of invoke_mainloop() (#7802) We don't use the return value, and we don't have to, as the call already initializes &ret, which is the one we return as exit code from the process. CID#1384230
2018-01-04 12:55:21 +01:00
&reexecute,
&retval,
&shutdown_verb,
&fds,
&switch_root_dir,
&switch_root_init,
&error_message);
main: parse our own command line and the kernel command line
2010-04-06 23:40:24 +02:00
initial commit
2009-11-18 00:42:52 +01:00
finish:
systemd: use pager for --test and --help
2014-01-07 06:00:05 +01:00
pager_close();
main: combine a some if checks Let's merge a few if blocks that are conditioned out the same way. No change in behaviour.
2018-06-05 16:07:49 +02:00
if (m) {
core: rename ShutdownWatchdogSec to RebootWatchdogSec This option is only used on reboot, not on other types of shutdown modes, so it is misleading. Keep the old name working for backward compatibility, but remove it from the documentation.
2019-07-22 12:39:25 +02:00
arg_reboot_watchdog = m->reboot_watchdog;
core: add KExecWatchdogSec option Rather than always enabling the shutdown WD on kexec, which might be dangerous in case the kernel driver and/or the hardware implementation does not reset the wd on kexec, add a new timer, disabled by default, to let users optionally enable the shutdown WD on kexec separately from the runtime and reboot ones. Advise in the documentation to also use the runtime WD in conjunction with it. Fixes: a637d0f9ecbe ("core: set shutdown watchdog on kexec too")
2019-07-19 12:54:15 +02:00
arg_kexec_watchdog = m->kexec_watchdog;
main: combine a some if checks Let's merge a few if blocks that are conditioned out the same way. No change in behaviour.
2018-06-05 16:07:49 +02:00
m = manager_free(m);
}
initial commit
2009-11-18 00:42:52 +01:00
pid1: when reloading configuration, forget old settings If we had a configuration setting from a configuration file, and it was removed, we'd still remember the old value, because there's was no mechanism to "reset" everything, just to assign new values. Note that the effect of this is limited. For settings that have an "ongoing" effect, like systemd.confirm_spawn, the new value is simply used. But some settings can only be set at start. In particular, CPUAffinity= will be updated if set to a new value, but if CPUAffinity= is fully removed, it will not be reset, simply because we don't know what to reset it to. We might have inherited a setting, or we might have set it ourselves. In principle we could remember the "original" value that was set when we were executed, but propagate this over reloads and reexecs, but that would be a lot of work for little gain. So this corner case of removal of CPUAffinity= is not handled fully, and a reboot is needed to execute the change. As a work-around, a full mask of CPUAffinity=0-8191 can be specified.
2019-05-24 09:41:44 +02:00
reset_arguments();
mac: rename apis with mac_{selinux/smack}_ prefix
2014-10-23 10:23:46 +02:00
mac_selinux_finish();
console: rework automatic getty on kernel console logic again It is essential that the gettys are proper dependencies from getty.target so that they aren't killed and immediately restarted on runlevel changes. Hence rework the logic to implicitly add console gettys to getty.target as dependencies. This also adds an automatic hvc console for virtualizers. https://bugzilla.redhat.com/show_bug.cgi?id=501720
2010-08-30 21:31:40 +02:00
core: split out reexecution code of main() into its own function No functional changes, just an attempt to shorten main() a bit.
2017-12-06 20:16:35 +01:00
if (reexecute)
do_reexecute(argc, argv,
&saved_rlimit_nofile,
&saved_rlimit_memlock,
fds,
switch_root_dir,
switch_root_init,
&error_message); /* This only returns if reexecution failed */
reload: implement reload/reexec logic
2010-04-21 03:27:44 +02:00
util: introduce safe_fclose() and port everything over to it Adds a coccinelle script to port things over automatically.
2015-09-09 15:20:10 +02:00
arg_serialization = safe_fclose(arg_serialization);
tree-wide: take benefit of the fact that fdset_free() returns NULL
2015-09-23 01:05:55 +02:00
fds = fdset_free(fds);
reload: implement reload/reexec logic
2010-04-21 03:27:44 +02:00
pid1: rework environment block copy logic This reworks the logic introduced in a5cede8c24fddda9b73f142e09b18b49adde1b9c (#13693). First of all, let's move this out of util.c, since only PID 1 really needs this, and there's no real need to have it in util.c. Then, fix freeing of the variable. It previously relied on STATIC_DESTRUCTOR_REGISTER() which however relies on static_destruct() to be called explicitly. Currently only the main-func.h macros do that, and PID 1 does not. (It might be worth investigating whether to do that, but it's not trivial.) Hence the freeing wasn't applied. Finally, an OOM check was missing, add it in.
2019-11-01 11:26:05 +01:00
saved_env = strv_free(saved_env);
build-sys: use #if Y instead of #ifdef Y everywhere The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
2017-10-03 10:41:51 +02:00
#if HAVE_VALGRIND_VALGRIND_H
valgrind: make running PID 1 in valgrind useful Since valgrind only generates useful output on exit() (rather than exec()) we need to explicitly exit when valgrind is detected.
2013-11-20 22:11:10 +01:00
/* If we are PID 1 and running under valgrind, then let's exit
* here explicitly. valgrind will only generate nice output on
* exit(), not on exec(), hence let's do the former not the
* latter here. */
core: Add WatchdogDevice config option and implement it This option allows a device path to be specified for the systemd watchdog (both runtime and shutdown). If a system requires a watchdog other than /dev/watchdog (pointing to /dev/watchdog0) to be used to reboot the system, this setting should be changed to the relevant watchdog device path (e.g. /dev/watchdog1).
2017-12-08 18:26:44 +01:00
if (getpid_cached() == 1 && RUNNING_ON_VALGRIND) {
/* Cleanup watchdog_device strings for valgrind. We need them
* in become_shutdown() so normally we cannot free them yet. */
watchdog_free_device();
arg_watchdog_device = mfree(arg_watchdog_device);
core/main: preserve return value under valgrind
2018-03-27 22:09:25 +02:00
return retval;
core: Add WatchdogDevice config option and implement it This option allows a device path to be specified for the systemd watchdog (both runtime and shutdown). If a system requires a watchdog other than /dev/watchdog (pointing to /dev/watchdog0) to be used to reboot the system, this setting should be changed to the relevant watchdog device path (e.g. /dev/watchdog1).
2017-12-08 18:26:44 +01:00
}
valgrind: make running PID 1 in valgrind useful Since valgrind only generates useful output on exit() (rather than exec()) we need to explicitly exit when valgrind is detected.
2013-11-20 22:11:10 +01:00
#endif
tests: reproduce https://github.com/systemd/systemd/issues/11251
2018-12-23 14:46:00 +01:00
#if HAS_FEATURE_ADDRESS_SANITIZER
__lsan_do_leak_check();
#endif
manager: hookup execution of systemd-shutdown helper (Modified by Lennart Poettering)
2010-10-14 00:52:26 +02:00
if (shutdown_verb) {
core: split out the core loop out of main() No real functional changes, just some rearranging to shorten the overly long main() function a bit. This gets rid of the arm_reboot_watchdog variable, as it can be directly derived from shutdown_verb, and we need it only one time. By dropping it we can reduce the number of arguments we need to pass around.
2017-12-06 20:47:28 +01:00
r = become_shutdown(shutdown_verb, retval);
main: let's make main() shorter, let's split out invocation of shutdown binary No functional changes
2017-11-16 11:54:53 +01:00
log_error_errno(r, "Failed to execute shutdown binary, %s: %m", getpid_cached() == 1 ? "freezing" : "quitting");
core: add missing error_message cases (#6911) We neglected to set error_message for errors which occur _after_ the `finish` label. These fatal errors only happen in paths where `finish` was reached successfully, i.e. error_message has not already been set (and this analysis is simple enough that this need not cause too much headaches. Also our new assignments to error_message come immediately after execve() calls, which would have lost the error_message if it had been set). Also print a status message when we fail to exec init, otherwise the only sign the user will see is `# ` :). This addresses the lack of error messages pointed out in issue #6827.
2017-11-10 15:57:52 +01:00
error_message = "Failed to execute shutdown binary";
manager: hookup execution of systemd-shutdown helper (Modified by Lennart Poettering)
2010-10-14 00:52:26 +02:00
}
core: Add WatchdogDevice config option and implement it This option allows a device path to be specified for the systemd watchdog (both runtime and shutdown). If a system requires a watchdog other than /dev/watchdog (pointing to /dev/watchdog0) to be used to reboot the system, this setting should be changed to the relevant watchdog device path (e.g. /dev/watchdog1).
2017-12-08 18:26:44 +01:00
watchdog_free_device();
arg_watchdog_device = mfree(arg_watchdog_device);
tree-wide: make use of getpid_cached() wherever we can This moves pretty much all uses of getpid() over to getpid_raw(). I didn't specifically check whether the optimization is worth it for each replacement, but in order to keep things simple and systematic I switched over everything at once.
2017-07-20 16:19:18 +02:00
if (getpid_cached() == 1) {
manager: print fatal errors on the console too When booting in quiet mode, fatal messages would not be shown at all to the user. https://bugzilla.redhat.com/show_bug.cgi?id=1155468
2014-11-06 06:05:38 +01:00
if (error_message)
manager_status_printf(NULL, STATUS_TYPE_EMERGENCY,
cgtop: underline table header Let's underline the header line of the table shown by cgtop, how it is customary for tables. In order to do this, let's introduce new ANSI underline macros, and clean up the existing ones as side effect.
2015-09-19 00:45:05 +02:00
ANSI_HIGHLIGHT_RED "!!!!!!" ANSI_NORMAL,
main: don't freeze PID 1 in containers, exit with non-zero instead After all we have a nice way to propagate total failures, hence let's use it.
2018-11-20 13:16:48 +01:00
"%s.", error_message);
freeze_or_exit_or_reboot();
manager: print fatal errors on the console too When booting in quiet mode, fatal messages would not be shown at all to the user. https://bugzilla.redhat.com/show_bug.cgi?id=1155468
2014-11-06 06:05:38 +01:00
}
main: freeze instead of exiting when run as init
2010-04-13 04:19:02 +02:00
initial commit
2009-11-18 00:42:52 +01:00
return retval;
}