picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Systemd/src/core/load-fragment.c

4691 lines
154 KiB
C
Raw Normal View History

Add SPDX license identifiers to source files under the LGPL This follows what the kernel is doing, c.f. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
2017-11-18 17:09:20 +01:00
/* SPDX-License-Identifier: LGPL-2.1+ */
license: add GPLv2+ license blurbs everwhere
2010-02-03 13:03:47 +01:00
/***
tree-wide: beautify remaining copyright statements Let's unify an beautify our remaining copyright statements, with a unicode ©. This means our copyright statements are now always formatted the same way. Yay.
2018-06-12 19:00:24 +02:00
Copyright © 2012 Holger Hans Peter Freyther
license: add GPLv2+ license blurbs everwhere
2010-02-03 13:03:47 +01:00
***/
load-fragment: add missing .c/h files
2009-11-19 23:13:20 +01:00
#include <errno.h>
s/name/unit
2010-01-26 21:39:06 +01:00
#include <fcntl.h>
build fix for opensuse
2010-04-24 05:05:01 +02:00
#include <linux/fs.h>
core: allow setting WorkingDirectory= to the special value ~ If set to ~ the working directory is set to the home directory of the user configured in User=. This change also exposes the existing switch for the working directory that allowed making missing working directories non-fatal. This also changes "machinectl shell" to make use of this to ensure that the invoked shell is by default in the user's home directory. Fixes #1268.
2015-09-23 19:46:23 +02:00
#include <linux/oom.h>
build-sys: use #if Y instead of #ifdef Y everywhere The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
2017-10-03 10:41:51 +02:00
#if HAVE_SECCOMP
basic: split out cpu set specific APIs into cpu-set-util.[ch]
2015-09-30 21:50:22 +02:00
#include <seccomp.h>
#endif
core: allow setting WorkingDirectory= to the special value ~ If set to ~ the working directory is set to the home directory of the user configured in User=. This change also exposes the existing switch for the working directory that allowed making missing working directories non-fatal. This also changes "machinectl shell" to make use of this to ensure that the invoked shell is by default in the user's home directory. Fixes #1268.
2015-09-23 19:46:23 +02:00
#include <sched.h>
#include <string.h>
exec: support unlimited resources
2011-04-04 18:15:13 +02:00
#include <sys/resource.h>
core: allow setting WorkingDirectory= to the special value ~ If set to ~ the working directory is set to the home directory of the user configured in User=. This change also exposes the existing switch for the working directory that allowed making missing working directories non-fatal. This also changes "machinectl shell" to make use of this to ensure that the invoked shell is by default in the user's home directory. Fixes #1268.
2015-09-23 19:46:23 +02:00
#include <sys/stat.h>
load-fragment: add missing .c/h files
2009-11-19 23:13:20 +01:00
core: allow setting WorkingDirectory= to the special value ~ If set to ~ the working directory is set to the home directory of the user configured in User=. This change also exposes the existing switch for the working directory that allowed making missing working directories non-fatal. This also changes "machinectl shell" to make use of this to ensure that the invoked shell is by default in the user's home directory. Fixes #1268.
2015-09-23 19:46:23 +02:00
#include "af-list.h"
tree-wide: sort includes Sort the includes accoding to the new coding style.
2015-11-16 22:09:36 +01:00
#include "alloc-util.h"
core: undo the dependency inversion between unit.h and all unit types
2018-05-15 20:17:34 +02:00
#include "all-units.h"
core: allow setting WorkingDirectory= to the special value ~ If set to ~ the working directory is set to the home directory of the user configured in User=. This change also exposes the existing switch for the working directory that allowed making missing working directories non-fatal. This also changes "machinectl shell" to make use of this to ensure that the invoked shell is by default in the user's home directory. Fixes #1268.
2015-09-23 19:46:23 +02:00
#include "bus-error.h"
#include "bus-internal.h"
#include "bus-util.h"
#include "cap-list.h"
capabilities: keep bounding set in non-inverted format. Change the capability bounding set parser and logic so that the bounding set is kept as a positive set internally. This means that the set reflects those capabilities that we want to keep instead of drop.
2016-01-07 23:00:04 +01:00
#include "capability-util.h"
core: allow setting WorkingDirectory= to the special value ~ If set to ~ the working directory is set to the home directory of the user configured in User=. This change also exposes the existing switch for the working directory that allowed making missing working directories non-fatal. This also changes "machinectl shell" to make use of this to ensure that the invoked shell is by default in the user's home directory. Fixes #1268.
2015-09-23 19:46:23 +02:00
#include "cgroup.h"
load-fragment: add missing .c/h files
2009-11-19 23:13:20 +01:00
#include "conf-parser.h"
basic: split out cpu set specific APIs into cpu-set-util.[ch]
2015-09-30 21:50:22 +02:00
#include "cpu-set-util.h"
core: allow setting WorkingDirectory= to the special value ~ If set to ~ the working directory is set to the home directory of the user configured in User=. This change also exposes the existing switch for the working directory that allowed making missing working directories non-fatal. This also changes "machinectl shell" to make use of this to ensure that the invoked shell is by default in the user's home directory. Fixes #1268.
2015-09-23 19:46:23 +02:00
#include "env-util.h"
#include "errno-list.h"
util: split out escaping code into escape.[ch] This really deserves its own file, given how much code this is now.
2015-10-23 18:52:53 +02:00
#include "escape.h"
util-lib: split out fd-related operations into fd-util.[ch] There are more than enough to deserve their own .c file, hence move them over.
2015-10-25 13:14:12 +01:00
#include "fd-util.h"
util-lib: move a number of fs operations into fs-util.[ch]
2015-10-26 21:16:26 +01:00
#include "fs-util.h"
core: add two new unit file settings: StandardInputData= + StandardInputText= Both permit configuring data to pass through STDIN to an invoked process. StandardInputText= accepts a line of text (possibly with embedded C-style escapes as well as unit specifiers), which is appended to the buffer to pass as stdin, followed by a single newline. StandardInputData= is similar, but accepts arbitrary base64 encoded data, and will not resolve specifiers or C-style escapes, nor append newlines. This may be used to pass input/configuration data to services, directly in-line from unit files, either in a cooked or in a more raw format.
2017-10-27 11:33:05 +02:00
#include "hexdecoct.h"
core: implement /run/systemd/units/-based path for passing unit info from PID 1 to journald And let's make use of it to implement two new unit settings with it: 1. LogLevelMax= is a new per-unit setting that may be used to configure log priority filtering: set it to LogLevelMax=notice and only messages of level "notice" and lower (i.e. more important) will be processed, all others are dropped. 2. LogExtraFields= is a new per-unit setting for configuring per-unit journal fields, that are implicitly included in every log record generated by the unit's processes. It takes field/value pairs in the form of FOO=BAR. Also, related to this, one exisiting unit setting is ported to this new facility: 3. The invocation ID is now pulled from /run/systemd/units/ instead of cgroupfs xattrs. This substantially relaxes requirements of systemd on the kernel version and the privileges it runs with (specifically, cgroupfs xattrs are not available in containers, since they are stored in kernel memory, and hence are unsafe to permit to lesser privileged code). /run/systemd/units/ is a new directory, which contains a number of files and symlinks encoding the above information. PID 1 creates and manages these files, and journald reads them from there. Note that this is supposed to be a direct path between PID 1 and the journal only, due to the special runtime environment the journal runs in. Normally, today we shouldn't introduce new interfaces that (mis-)use a file system as IPC framework, and instead just an IPC system, but this is very hard to do between the journal and PID 1, as long as the IPC system is a subject PID 1 manages, and itself a client to the journal. This patch cleans up a couple of types used in journal code: specifically we switch to size_t for a couple of memory-sizing values, as size_t is the right choice for everything that is memory. Fixes: #4089 Fixes: #3041 Fixes: #4441
2017-11-02 19:43:32 +01:00
#include "io-util.h"
support chrooting/setting of ioprio when spawning
2010-01-29 20:46:22 +01:00
#include "ioprio.h"
core: implement /run/systemd/units/-based path for passing unit info from PID 1 to journald And let's make use of it to implement two new unit settings with it: 1. LogLevelMax= is a new per-unit setting that may be used to configure log priority filtering: set it to LogLevelMax=notice and only messages of level "notice" and lower (i.e. more important) will be processed, all others are dropped. 2. LogExtraFields= is a new per-unit setting for configuring per-unit journal fields, that are implicitly included in every log record generated by the unit's processes. It takes field/value pairs in the form of FOO=BAR. Also, related to this, one exisiting unit setting is ported to this new facility: 3. The invocation ID is now pulled from /run/systemd/units/ instead of cgroupfs xattrs. This substantially relaxes requirements of systemd on the kernel version and the privileges it runs with (specifically, cgroupfs xattrs are not available in containers, since they are stored in kernel memory, and hence are unsafe to permit to lesser privileged code). /run/systemd/units/ is a new directory, which contains a number of files and symlinks encoding the above information. PID 1 creates and manages these files, and journald reads them from there. Note that this is supposed to be a direct path between PID 1 and the journal only, due to the special runtime environment the journal runs in. Normally, today we shouldn't introduce new interfaces that (mis-)use a file system as IPC framework, and instead just an IPC system, but this is very hard to do between the journal and PID 1, as long as the IPC system is a subject PID 1 manages, and itself a client to the journal. This patch cleans up a couple of types used in journal code: specifically we switch to size_t for a couple of memory-sizing values, as size_t is the right choice for everything that is memory. Fixes: #4089 Fixes: #3041 Fixes: #4441
2017-11-02 19:43:32 +01:00
#include "journal-util.h"
util-lib: split out fd-related operations into fd-util.[ch] There are more than enough to deserve their own .c file, hence move them over.
2015-10-25 13:14:12 +01:00
#include "load-fragment.h"
core: allow setting WorkingDirectory= to the special value ~ If set to ~ the working directory is set to the home directory of the user configured in User=. This change also exposes the existing switch for the working directory that allowed making missing working directories non-fatal. This also changes "machinectl shell" to make use of this to ensure that the invoked shell is by default in the user's home directory. Fixes #1268.
2015-09-23 19:46:23 +02:00
#include "log.h"
greatly extend what we enforce as process properties
2010-01-30 01:55:42 +01:00
#include "missing.h"
core: hook up MountFlags= to the transient unit logic This makes "systemd-run -p MountFlags=shared -t /bin/sh" work, by making MountFlags= to the list of properties that may be accessed transiently.
2016-11-22 20:19:08 +01:00
#include "mount-util.h"
util-lib: split string parsing related calls from util.[ch] into parse-util.[ch]
2015-10-26 16:18:16 +01:00
#include "parse-util.h"
util: split-out path-util.[ch]
2012-05-07 21:36:12 +02:00
#include "path-util.h"
process-util: move a couple of process-related calls over
2015-10-27 14:24:58 +01:00
#include "process-util.h"
build-sys: use #if Y instead of #ifdef Y everywhere The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
2017-10-03 10:41:51 +02:00
#if HAVE_SECCOMP
core: add SystemCallArchitectures= unit setting to allow disabling of non-native architecture support for system calls Also, turn system call filter bus properties into complex types instead of concatenated strings.
2014-02-13 00:24:00 +01:00
#include "seccomp-util.h"
#endif
core: allow setting WorkingDirectory= to the special value ~ If set to ~ the working directory is set to the home directory of the user configured in User=. This change also exposes the existing switch for the working directory that allowed making missing working directories non-fatal. This also changes "machinectl shell" to make use of this to ensure that the invoked shell is by default in the user's home directory. Fixes #1268.
2015-09-23 19:46:23 +02:00
#include "securebits.h"
securebits-util: add secure_bits_{from_string,to_string_alloc}()
2017-08-07 16:40:25 +02:00
#include "securebits-util.h"
core: allow setting WorkingDirectory= to the special value ~ If set to ~ the working directory is set to the home directory of the user configured in User=. This change also exposes the existing switch for the working directory that allowed making missing working directories non-fatal. This also changes "machinectl shell" to make use of this to ensure that the invoked shell is by default in the user's home directory. Fixes #1268.
2015-09-23 19:46:23 +02:00
#include "signal-util.h"
basic: introduce socket_protocol_{from,to}_name() And use them where they can be applicable.
2017-12-23 11:32:04 +01:00
#include "socket-protocol-list.h"
util-lib: split stat()/statfs()/stavfs() related calls into stat-util.[ch]
2015-10-26 22:01:44 +01:00
#include "stat-util.h"
util-lib: split our string related calls from util.[ch] into its own file string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.
2015-10-24 22:58:24 +02:00
#include "string-util.h"
core: allow setting WorkingDirectory= to the special value ~ If set to ~ the working directory is set to the home directory of the user configured in User=. This change also exposes the existing switch for the working directory that allowed making missing working directories non-fatal. This also changes "machinectl shell" to make use of this to ensure that the invoked shell is by default in the user's home directory. Fixes #1268.
2015-09-23 19:46:23 +02:00
#include "strv.h"
#include "unit-name.h"
#include "unit-printf.h"
core: be stricter when parsing User=/Group= fields Let's verify the validity of the syntax of the user/group names set.
2016-07-14 12:28:06 +02:00
#include "user-util.h"
util-lib: move web-related calls into web-util.[ch]
2015-10-27 00:41:29 +01:00
#include "web-util.h"
core: add SystemCallArchitectures= unit setting to allow disabling of non-native architecture support for system calls Also, turn system call filter bus properties into complex types instead of concatenated strings.
2014-02-13 00:24:00 +01:00
load-fragment: move macro-defined config parsers
2018-05-31 04:04:52 +02:00
static int supported_socket_protocol_from_string(const char *s) {
int r;
if (isempty(s))
return IPPROTO_IP;
r = socket_protocol_from_name(s);
if (r < 0)
return -EINVAL;
if (!IN_SET(r, IPPROTO_UDPLITE, IPPROTO_SCTP))
return -EPROTONOSUPPORT;
return r;
}
DEFINE_CONFIG_PARSE(config_parse_socket_protocol, supported_socket_protocol_from_string, "Failed to parse socket protocol");
DEFINE_CONFIG_PARSE(config_parse_exec_secure_bits, secure_bits_from_string, "Failed to parse secure bits");
core: add a new unit file setting CollectMode= for tweaking the GC logic Right now, the option only takes one of two possible values "inactive" or "inactive-or-failed", the former being the default, and exposing same behaviour as the status quo ante. If set to "inactive-or-failed" units may be collected by the GC logic when in the "failed" state too. This logic should be a nicer alternative to using the "-" modifier for ExecStart= and friends, as the exit data is collected and logged about and only removed when the GC comes along. This should be useful in particular for per-connection socket-activated services, as well as "systemd-run" command lines that shall leave no artifacts in the system. I was thinking about whether to expose this as a boolean, but opted for an enum instead, as I have the suspicion other tweaks like this might be a added later on, in which case we extend this setting instead of having to add yet another one. Also, let's add some documentation for the GC logic.
2017-11-13 17:14:07 +01:00
DEFINE_CONFIG_PARSE_ENUM(config_parse_collect_mode, collect_mode, CollectMode, "Failed to parse garbage collection mode");
load-fragment: move macro-defined config parsers
2018-05-31 04:04:52 +02:00
DEFINE_CONFIG_PARSE_ENUM(config_parse_device_policy, cgroup_device_policy, CGroupDevicePolicy, "Failed to parse device policy");
DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_keyring_mode, exec_keyring_mode, ExecKeyringMode, "Failed to parse keyring mode");
DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_utmp_mode, exec_utmp_mode, ExecUtmpMode, "Failed to parse utmp mode");
DEFINE_CONFIG_PARSE_ENUM(config_parse_job_mode, job_mode, JobMode, "Failed to parse job mode");
DEFINE_CONFIG_PARSE_ENUM(config_parse_kill_mode, kill_mode, KillMode, "Failed to parse kill mode");
DEFINE_CONFIG_PARSE_ENUM(config_parse_notify_access, notify_access, NotifyAccess, "Failed to parse notify access specifier");
namespace: drop protect_{home,system}_or_bool_from_string() The functions protect_{home,system}_from_string() are not used except for defining protect_{home,system}_or_bool_from_string(). This makes protect_{home,system}_from_string() support boolean strings, and drops protect_{home,system}_or_bool_from_string().
2018-06-15 05:29:29 +02:00
DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_home, protect_home, ProtectHome, "Failed to parse protect home value");
DEFINE_CONFIG_PARSE_ENUM(config_parse_protect_system, protect_system, ProtectSystem, "Failed to parse protect system value");
load-fragment: move macro-defined config parsers
2018-05-31 04:04:52 +02:00
DEFINE_CONFIG_PARSE_ENUM(config_parse_runtime_preserve_mode, exec_preserve_mode, ExecPreserveMode, "Failed to parse runtime directory preserve mode");
DEFINE_CONFIG_PARSE_ENUM(config_parse_service_type, service_type, ServiceType, "Failed to parse service type");
DEFINE_CONFIG_PARSE_ENUM(config_parse_service_restart, service_restart, ServiceRestart, "Failed to parse service restart specifier");
DEFINE_CONFIG_PARSE_ENUM(config_parse_socket_bind, socket_address_bind_ipv6_only_or_bool, SocketAddressBindIPv6Only, "Failed to parse bind IPv6 only value");
DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_ip_tos, ip_tos, int, -1, "Failed to parse IP TOS value");
DEFINE_CONFIG_PARSE_PTR(config_parse_blockio_weight, cg_blkio_weight_parse, uint64_t, "Invalid block IO weight");
DEFINE_CONFIG_PARSE_PTR(config_parse_cg_weight, cg_weight_parse, uint64_t, "Invalid weight");
DEFINE_CONFIG_PARSE_PTR(config_parse_cpu_shares, cg_cpu_shares_parse, uint64_t, "Invalid CPU shares");
DEFINE_CONFIG_PARSE_PTR(config_parse_exec_mount_flags, mount_propagation_flags_from_string, unsigned long, "Failed to parse mount flag");
core: add a new unit file setting CollectMode= for tweaking the GC logic Right now, the option only takes one of two possible values "inactive" or "inactive-or-failed", the former being the default, and exposing same behaviour as the status quo ante. If set to "inactive-or-failed" units may be collected by the GC logic when in the "failed" state too. This logic should be a nicer alternative to using the "-" modifier for ExecStart= and friends, as the exit data is collected and logged about and only removed when the GC comes along. This should be useful in particular for per-connection socket-activated services, as well as "systemd-run" command lines that shall leave no artifacts in the system. I was thinking about whether to expose this as a boolean, but opted for an enum instead, as I have the suspicion other tweaks like this might be a added later on, in which case we extend this setting instead of having to add yet another one. Also, let's add some documentation for the GC logic.
2017-11-13 17:14:07 +01:00
core: remove support for RequiresOverridable= and RequisiteOverridable= As discussed at systemd.conf 2015 and on also raised on the ML: http://lists.freedesktop.org/archives/systemd-devel/2015-November/034880.html This removes the two XyzOverridable= unit dependencies, that were basically never used, and do not enhance user experience in any way. Most folks looking for the functionality this provides probably opt for the "ignore-dependencies" job mode, and that's probably a good idea. Hence, let's simplify systemd's dependency engine and remove these two dependency types (and their inverses). The unit file parser and the dbus property parser will now redirect the settings/properties to result in an equivalent non-overridable dependency. In the case of the unit file parser we generate a warning, to inform the user. The dbus properties for this unit type stay available on the unit objects, but they are now hidden from usual introspection and will always return the empty list when queried. This should provide enough compatibility for the few unit files that actually ever made use of this.
2015-11-12 19:21:47 +01:00
int config_parse_unit_deps(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
load-fragment: add missing .c/h files
2009-11-19 23:13:20 +01:00
load-fragment: speed up parsing by using a perfect hash table with configuration settings built by gperf
2011-08-01 00:43:05 +02:00
UnitDependency d = ltype;
s/name/unit
2010-01-26 21:39:06 +01:00
Unit *u = userdata;
core: unit deps port to extract_first_word
2015-11-05 06:26:13 +01:00
const char *p;
load-fragment: add missing .c/h files
2009-11-19 23:13:20 +01:00
assert(filename);
assert(lvalue);
assert(rvalue);
core: unit deps port to extract_first_word
2015-11-05 06:26:13 +01:00
p = rvalue;
tree-wide: minor formatting inconsistency cleanups
2016-02-23 18:52:52 +01:00
for (;;) {
core: unit deps port to extract_first_word
2015-11-05 06:26:13 +01:00
_cleanup_free_ char *word = NULL, *k = NULL;
load-fragment: add missing .c/h files
2009-11-19 23:13:20 +01:00
int r;
core: fix dependency parsing 3d793d29059a7ddf5282efa6b32b953c183d7a4d broke parsing of unit file names that include backslashes, as extract_first_word() strips those. Fix this, by introducing a new EXTRACT_RETAIN_ESCAPE flag which disables looking at any flags, thus being compatible with the classic FOREACH_WORD() behaviour.
2015-11-11 22:53:05 +01:00
r = extract_first_word(&p, &word, NULL, EXTRACT_RETAIN_ESCAPE);
core: unit deps port to extract_first_word
2015-11-05 06:26:13 +01:00
if (r == 0)
break;
if (r == -ENOMEM)
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
return log_oom();
core: unit deps port to extract_first_word
2015-11-05 06:26:13 +01:00
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
break;
}
load-fragment: add missing .c/h files
2009-11-19 23:13:20 +01:00
core: unit deps port to extract_first_word
2015-11-05 06:26:13 +01:00
r = unit_name_printf(u, word, &k);
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
continue;
}
core: add minimal templating system
2010-04-15 03:11:11 +02:00
pid1: drop now-unused path parameter to add_dependency_by_name()
2018-09-15 19:57:52 +02:00
r = unit_add_dependency_by_name(u, d, k, true, UNIT_DEPENDENCY_FILE);
unit: properly update references to units which are merged When we merge units that some kind of object points to, those pointers might become invalidated, and needs to be updated. Introduce a UnitRef struct which links up all the unit references, to ensure corrected references. At the same time, drop configured_sockets in the Service object, and replace it by proper UNIT_TRIGGERS resp. UNIT_TRIGGERED_BY dependencies, which allow us to simplify a lot of code.
2012-01-06 23:08:54 +01:00
if (r < 0)
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
load-fragment: add missing .c/h files
2009-11-19 23:13:20 +01:00
}
return 0;
}
core: remove support for RequiresOverridable= and RequisiteOverridable= As discussed at systemd.conf 2015 and on also raised on the ML: http://lists.freedesktop.org/archives/systemd-devel/2015-November/034880.html This removes the two XyzOverridable= unit dependencies, that were basically never used, and do not enhance user experience in any way. Most folks looking for the functionality this provides probably opt for the "ignore-dependencies" job mode, and that's probably a good idea. Hence, let's simplify systemd's dependency engine and remove these two dependency types (and their inverses). The unit file parser and the dbus property parser will now redirect the settings/properties to result in an equivalent non-overridable dependency. In the case of the unit file parser we generate a warning, to inform the user. The dbus properties for this unit type stay available on the unit objects, but they are now hidden from usual introspection and will always return the empty list when queried. This should provide enough compatibility for the few unit files that actually ever made use of this.
2015-11-12 19:21:47 +01:00
int config_parse_obsolete_unit_deps(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
log_syntax(unit, LOG_WARNING, filename, line, 0,
"Unit dependency type %s= is obsolete, replacing by %s=, please update your unit file", lvalue, unit_dependency_to_string(ltype));
return config_parse_unit_deps(unit, filename, line, section, section_line, lvalue, ltype, rvalue, data, userdata);
}
conf-parse: don't accept invalid bus names as BusName= arguments in service units
2015-01-07 22:07:09 +01:00
int config_parse_unit_string_printf(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
load-fragment: replace % specifiers in descriptions
2010-04-24 03:11:01 +02:00
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
_cleanup_free_ char *k = NULL;
conf-parse: don't accept invalid bus names as BusName= arguments in service units
2015-01-07 22:07:09 +01:00
Unit *u = userdata;
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
int r;
load-fragment: replace % specifiers in descriptions
2010-04-24 03:11:01 +02:00
assert(filename);
assert(lvalue);
assert(rvalue);
execute: handle format strings in User= and other directives
2010-06-18 23:25:19 +02:00
assert(u);
load-fragment: replace % specifiers in descriptions
2010-04-24 03:11:01 +02:00
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
r = unit_full_printf(u, rvalue, &k);
conf-parse: don't accept invalid bus names as BusName= arguments in service units
2015-01-07 22:07:09 +01:00
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
conf-parse: don't accept invalid bus names as BusName= arguments in service units
2015-01-07 22:07:09 +01:00
return 0;
}
load-fragment: replace % specifiers in descriptions
2010-04-24 03:11:01 +02:00
conf-parse: don't accept invalid bus names as BusName= arguments in service units
2015-01-07 22:07:09 +01:00
return config_parse_string(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
load-fragment: replace % specifiers in descriptions
2010-04-24 03:11:01 +02:00
}
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
int config_parse_unit_strv_printf(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
unit: support wildcards in Environment=, EnvironmentFile=
2011-07-01 01:13:47 +02:00
Unit *u = userdata;
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
_cleanup_free_ char *k = NULL;
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
int r;
unit: support wildcards in Environment=, EnvironmentFile=
2011-07-01 01:13:47 +02:00
assert(filename);
assert(lvalue);
assert(rvalue);
assert(u);
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
r = unit_full_printf(u, rvalue, &k);
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
return 0;
}
unit: support wildcards in Environment=, EnvironmentFile=
2011-07-01 01:13:47 +02:00
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
return config_parse_strv(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
unit: support wildcards in Environment=, EnvironmentFile=
2011-07-01 01:13:47 +02:00
}
core: allow setting WorkingDirectory= to the special value ~ If set to ~ the working directory is set to the home directory of the user configured in User=. This change also exposes the existing switch for the working directory that allowed making missing working directories non-fatal. This also changes "machinectl shell" to make use of this to ensure that the invoked shell is by default in the user's home directory. Fixes #1268.
2015-09-23 19:46:23 +02:00
int config_parse_unit_path_printf(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
exec: hangup/reset/deallocate VTs in gettys Explicitly disconnect all clients from a VT when a getty starts/finishes (requires TIOCVHANGUP, available in 2.6.29). Explicitly deallocate getty VTs in order to flush scrollback buffer. Explicitly reset terminals to a defined state before spawning getty.
2011-05-18 01:07:31 +02:00
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
_cleanup_free_ char *k = NULL;
socket: add new Symlinks= option for socket units With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO nodes in the file system, with the same lifecycle as the socket itself. This has two benefits: first, this allows us to remove /dev/log and /dev/initctl from /dev, thus leaving only symlinks, device nodes and directories in the /dev tree. More importantly however, this allows us to move /dev/log out of /dev, while still making it accessible there, so that PrivateDevices= can provide /dev/log too.
2014-06-04 16:19:00 +02:00
Unit *u = userdata;
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
int r;
core/load-fragment: refuse units with errors in RootDirectory/RootImage/DynamicUser Behaviour of the service is completely different with the option off, so the service would probably mess up state on disk and do unexpected things.
2017-07-06 19:54:42 +02:00
bool fatal = ltype;
exec: hangup/reset/deallocate VTs in gettys Explicitly disconnect all clients from a VT when a getty starts/finishes (requires TIOCVHANGUP, available in 2.6.29). Explicitly deallocate getty VTs in order to flush scrollback buffer. Explicitly reset terminals to a defined state before spawning getty.
2011-05-18 01:07:31 +02:00
assert(filename);
assert(lvalue);
assert(rvalue);
assert(u);
core/load-fragment: reject overly long paths early No need to go through the specifier_printf() if the path is already too long in the unexpanded form (since specifiers increase the length of the string in all practical cases). In the oss-fuzz test case, valgrind reports: total heap usage: 179,044 allocs, 179,044 frees, 72,687,755,703 bytes allocated and the original config file is ~500kb. This isn't really a security issue, since the config file has to be trusted any way, but just a matter of preventing accidental resource exhaustion. https://oss-fuzz.com/v2/issue/4651449704251392/6977 While at it, fix order of arguments in the neighbouring log_syntax() call.
2018-03-19 15:43:35 +01:00
/* Let's not bother with anything that is too long */
if (strlen(rvalue) >= PATH_MAX) {
log_syntax(unit, LOG_ERR, filename, line, 0,
"%s value too long%s.",
lvalue, fatal ? "" : ", ignoring");
return fatal ? -ENAMETOOLONG : 0;
}
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
r = unit_full_printf(u, rvalue, &k);
socket: add new Symlinks= option for socket units With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO nodes in the file system, with the same lifecycle as the socket itself. This has two benefits: first, this allows us to remove /dev/log and /dev/initctl from /dev, thus leaving only symlinks, device nodes and directories in the /dev tree. More importantly however, this allows us to move /dev/log out of /dev, while still making it accessible there, so that PrivateDevices= can provide /dev/log too.
2014-06-04 16:19:00 +02:00
if (r < 0) {
core/load-fragment: refuse units with errors in RootDirectory/RootImage/DynamicUser Behaviour of the service is completely different with the option off, so the service would probably mess up state on disk and do unexpected things.
2017-07-06 19:54:42 +02:00
log_syntax(unit, LOG_ERR, filename, line, r,
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
"Failed to resolve unit specifiers in '%s'%s: %m",
core/load-fragment: reject overly long paths early No need to go through the specifier_printf() if the path is already too long in the unexpanded form (since specifiers increase the length of the string in all practical cases). In the oss-fuzz test case, valgrind reports: total heap usage: 179,044 allocs, 179,044 frees, 72,687,755,703 bytes allocated and the original config file is ~500kb. This isn't really a security issue, since the config file has to be trusted any way, but just a matter of preventing accidental resource exhaustion. https://oss-fuzz.com/v2/issue/4651449704251392/6977 While at it, fix order of arguments in the neighbouring log_syntax() call.
2018-03-19 15:43:35 +01:00
rvalue, fatal ? "" : ", ignoring");
core/load-fragment: refuse units with errors in RootDirectory/RootImage/DynamicUser Behaviour of the service is completely different with the option off, so the service would probably mess up state on disk and do unexpected things.
2017-07-06 19:54:42 +02:00
return fatal ? -ENOEXEC : 0;
socket: add new Symlinks= option for socket units With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO nodes in the file system, with the same lifecycle as the socket itself. This has two benefits: first, this allows us to remove /dev/log and /dev/initctl from /dev, thus leaving only symlinks, device nodes and directories in the /dev tree. More importantly however, this allows us to move /dev/log out of /dev, while still making it accessible there, so that PrivateDevices= can provide /dev/log too.
2014-06-04 16:19:00 +02:00
}
exec: hangup/reset/deallocate VTs in gettys Explicitly disconnect all clients from a VT when a getty starts/finishes (requires TIOCVHANGUP, available in 2.6.29). Explicitly deallocate getty VTs in order to flush scrollback buffer. Explicitly reset terminals to a defined state before spawning getty.
2011-05-18 01:07:31 +02:00
socket: add new Symlinks= option for socket units With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO nodes in the file system, with the same lifecycle as the socket itself. This has two benefits: first, this allows us to remove /dev/log and /dev/initctl from /dev, thus leaving only symlinks, device nodes and directories in the /dev tree. More importantly however, this allows us to move /dev/log out of /dev, while still making it accessible there, so that PrivateDevices= can provide /dev/log too.
2014-06-04 16:19:00 +02:00
return config_parse_path(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
}
int config_parse_unit_path_strv_printf(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
Reject invalid quoted strings String which ended in an unfinished quote were accepted, potentially with bad memory accesses. Reject anything which ends in a unfished quote, or contains non-whitespace characters right after the closing quote. _FOREACH_WORD now returns the invalid character in *state. But this return value is not checked anywhere yet. Also, make 'word' and 'state' variables const pointers, and rename 'w' to 'word' in various places. Things are easier to read if the same name is used consistently. mbiebl_> am I correct that something like this doesn't work mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"' mbiebl_> systemd seems to strip of the quotes mbiebl_> systemctl status shows mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint mbiebl_> which is pretty weird
2014-07-30 04:01:36 +02:00
char ***x = data;
socket: add new Symlinks= option for socket units With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO nodes in the file system, with the same lifecycle as the socket itself. This has two benefits: first, this allows us to remove /dev/log and /dev/initctl from /dev, thus leaving only symlinks, device nodes and directories in the /dev tree. More importantly however, this allows us to move /dev/log out of /dev, while still making it accessible there, so that PrivateDevices= can provide /dev/log too.
2014-06-04 16:19:00 +02:00
Unit *u = userdata;
int r;
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
const char *p;
socket: add new Symlinks= option for socket units With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO nodes in the file system, with the same lifecycle as the socket itself. This has two benefits: first, this allows us to remove /dev/log and /dev/initctl from /dev, thus leaving only symlinks, device nodes and directories in the /dev tree. More importantly however, this allows us to move /dev/log out of /dev, while still making it accessible there, so that PrivateDevices= can provide /dev/log too.
2014-06-04 16:19:00 +02:00
assert(filename);
assert(lvalue);
assert(rvalue);
assert(u);
socket: Symlinks= with empty string resets the list of paths.
2017-09-05 08:08:59 +02:00
if (isempty(rvalue)) {
load-fragment: do not create empty array Originally added in 4589f5bb0a973e9a41be93de06c87072cea4dfb9. C.f. 8249bb728db6c2abaf12575d661b52571bdc1ab1 and #6746.
2017-10-04 08:21:12 +02:00
*x = strv_free(*x);
socket: Symlinks= with empty string resets the list of paths.
2017-09-05 08:08:59 +02:00
return 0;
}
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
for (p = rvalue;;) {
_cleanup_free_ char *word = NULL, *k = NULL;
socket: add new Symlinks= option for socket units With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO nodes in the file system, with the same lifecycle as the socket itself. This has two benefits: first, this allows us to remove /dev/log and /dev/initctl from /dev, thus leaving only symlinks, device nodes and directories in the /dev tree. More importantly however, this allows us to move /dev/log out of /dev, while still making it accessible there, so that PrivateDevices= can provide /dev/log too.
2014-06-04 16:19:00 +02:00
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
r = extract_first_word(&p, &word, NULL, EXTRACT_QUOTES);
if (r == 0)
return 0;
if (r == -ENOMEM)
return log_oom();
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Invalid syntax, ignoring: %s", rvalue);
return 0;
}
socket: add new Symlinks= option for socket units With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO nodes in the file system, with the same lifecycle as the socket itself. This has two benefits: first, this allows us to remove /dev/log and /dev/initctl from /dev, thus leaving only symlinks, device nodes and directories in the /dev tree. More importantly however, this allows us to move /dev/log out of /dev, while still making it accessible there, so that PrivateDevices= can provide /dev/log too.
2014-06-04 16:19:00 +02:00
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
r = unit_full_printf(u, word, &k);
socket: add new Symlinks= option for socket units With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO nodes in the file system, with the same lifecycle as the socket itself. This has two benefits: first, this allows us to remove /dev/log and /dev/initctl from /dev, thus leaving only symlinks, device nodes and directories in the /dev tree. More importantly however, this allows us to move /dev/log out of /dev, while still making it accessible there, so that PrivateDevices= can provide /dev/log too.
2014-06-04 16:19:00 +02:00
if (r < 0) {
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
log_syntax(unit, LOG_ERR, filename, line, r,
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
"Failed to resolve unit specifiers in '%s', ignoring: %m", word);
socket: add new Symlinks= option for socket units With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO nodes in the file system, with the same lifecycle as the socket itself. This has two benefits: first, this allows us to remove /dev/log and /dev/initctl from /dev, thus leaving only symlinks, device nodes and directories in the /dev tree. More importantly however, this allows us to move /dev/log out of /dev, while still making it accessible there, so that PrivateDevices= can provide /dev/log too.
2014-06-04 16:19:00 +02:00
return 0;
}
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
if (r < 0)
socket: add new Symlinks= option for socket units With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO nodes in the file system, with the same lifecycle as the socket itself. This has two benefits: first, this allows us to remove /dev/log and /dev/initctl from /dev, thus leaving only symlinks, device nodes and directories in the /dev tree. More importantly however, this allows us to move /dev/log out of /dev, while still making it accessible there, so that PrivateDevices= can provide /dev/log too.
2014-06-04 16:19:00 +02:00
return 0;
r = strv_push(x, k);
if (r < 0)
return log_oom();
k = NULL;
}
exec: hangup/reset/deallocate VTs in gettys Explicitly disconnect all clients from a VT when a getty starts/finishes (requires TIOCVHANGUP, available in 2.6.29). Explicitly deallocate getty VTs in order to flush scrollback buffer. Explicitly reset terminals to a defined state before spawning getty.
2011-05-18 01:07:31 +02:00
}
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
int config_parse_socket_listen(const char *unit,
const char *filename,
unsigned line,
const char *section,
conf-parser: distinguish between multiple sections with the same name Pass on the line on which a section was decleared to the parsers, so they can distinguish between multiple sections (if they chose to). Currently no parsers take advantage of this, but a follow-up patch will do that to distinguish [Address] Address=192.168.0.1/24 Label=one [Address] Address=192.168.0.2/24 Label=two from [Address] Address=192.168.0.1/24 Label=one Address=192.168.0.2/24 Label=two
2013-11-19 16:17:55 +01:00
unsigned section_line,
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
parse socket files properly
2010-01-19 02:56:37 +01:00
Modernization
2014-10-11 17:37:37 +02:00
_cleanup_free_ SocketPort *p = NULL;
SocketPort *tail;
rework socket handling
2010-01-23 03:35:54 +01:00
Socket *s;
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
int r;
make use of logging API wherever appropriate
2010-01-20 19:19:53 +01:00
parse socket files properly
2010-01-19 02:56:37 +01:00
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
unit: use safe downcasts, remove pointless casts Always use the macros for downcasting. Remove a few obviously pointless casts.
2012-01-15 12:37:16 +01:00
s = SOCKET(data);
rework socket handling
2010-01-23 03:35:54 +01:00
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
if (isempty(rvalue)) {
/* An empty assignment removes all ports */
socket_free_ports(s);
return 0;
}
conf: enforce UTF8 validty everywhere we need to make sure that configuration data we expose via the bus ends up in using getting an assert(). Even though configuration data is only parsed from trusted sources we should be more careful with what we read.
2012-03-12 22:22:16 +01:00
p = new0(SocketPort, 1);
if (!p)
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
return log_oom();
socket: add POSIX mqueue support
2011-05-17 19:37:03 +02:00
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
if (ltype != SOCKET_SOCKET) {
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
_cleanup_free_ char *k = NULL;
socket: add POSIX mqueue support
2011-05-17 19:37:03 +02:00
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
r = unit_full_printf(UNIT(s), rvalue, &k);
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
return 0;
socket: add POSIX mqueue support
2011-05-17 19:37:03 +02:00
}
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
if (r < 0)
return 0;
free_and_replace(p->path, k);
p->type = ltype;
socket: add POSIX mqueue support
2011-05-17 19:37:03 +02:00
socket: support netlink sockets
2011-04-10 03:27:00 +02:00
} else if (streq(lvalue, "ListenNetlink")) {
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
_cleanup_free_ char *k = NULL;
unit: do wildcard expansion in ListenStream= and friends
2011-07-01 00:55:34 +02:00
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
r = unit_full_printf(UNIT(s), rvalue, &k);
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
return 0;
}
socket: support netlink sockets
2011-04-10 03:27:00 +02:00
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
r = socket_address_parse_netlink(&p->address, k);
unit: do wildcard expansion in ListenStream= and friends
2011-07-01 00:55:34 +02:00
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse address value in '%s', ignoring: %m", k);
socket: support netlink sockets
2011-04-10 03:27:00 +02:00
return 0;
}
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
p->type = SOCKET_SOCKET;
rework socket handling
2010-01-23 03:35:54 +01:00
} else {
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
_cleanup_free_ char *k = NULL;
unit: do wildcard expansion in ListenStream= and friends
2011-07-01 00:55:34 +02:00
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
r = unit_full_printf(UNIT(s), rvalue, &k);
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
return 0;
}
rework socket handling
2010-01-23 03:35:54 +01:00
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
r = socket_address_parse_and_warn(&p->address, k);
unit: do wildcard expansion in ListenStream= and friends
2011-07-01 00:55:34 +02:00
if (r < 0) {
load-fragment: don't print error about incorrect syntax when IPv6 is disabled (#5791)
2017-04-25 09:31:52 +02:00
if (r != -EAFNOSUPPORT)
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse address value in '%s', ignoring: %m", k);
load-fragment: make parser more forgiving
2010-08-17 03:30:53 +02:00
return 0;
rework socket handling
2010-01-23 03:35:54 +01:00
}
if (streq(lvalue, "ListenStream"))
p->address.type = SOCK_STREAM;
else if (streq(lvalue, "ListenDatagram"))
p->address.type = SOCK_DGRAM;
else {
assert(streq(lvalue, "ListenSequentialPacket"));
p->address.type = SOCK_SEQPACKET;
}
if (socket_address_family(&p->address) != AF_LOCAL && p->address.type == SOCK_SEQPACKET) {
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Address family not supported, ignoring: %s", rvalue);
load-fragment: make parser more forgiving
2010-08-17 03:30:53 +02:00
return 0;
rework socket handling
2010-01-23 03:35:54 +01:00
}
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
p->type = SOCKET_SOCKET;
make use of logging API wherever appropriate
2010-01-20 19:19:53 +01:00
}
rework socket handling
2010-01-23 03:35:54 +01:00
p->fd = -1;
core: Add list of additional file descriptors to socket port Some additional files related to single socket may appear in the filesystem and they should be opened and passed to related service. This commit adds optional list of file descriptors, which are dynamically discovered and opened.
2015-09-21 16:30:41 +02:00
p->auxiliary_fds = NULL;
p->n_auxiliary_fds = 0;
socket: fix segfault
2013-11-21 00:06:11 +01:00
p->socket = s;
socket: guarantee order in which sockets are passed to be the one of the configuration file
2011-04-16 03:42:18 +02:00
load-fragment: simplify list insertion logic LIST_FIND_TAIL and LIST_INSERT_AFTER can work for empty list.
2017-12-23 11:16:49 +01:00
LIST_FIND_TAIL(port, s->ports, tail);
LIST_INSERT_AFTER(port, s->ports, tail, p);
Modernization
2014-10-11 17:37:37 +02:00
p = NULL;
rework socket handling
2010-01-23 03:35:54 +01:00
make use of logging API wherever appropriate
2010-01-20 19:19:53 +01:00
return 0;
parse socket files properly
2010-01-19 02:56:37 +01:00
}
util-lib: unify parsing of nice level values This adds parse_nice() that parses a nice level and ensures it is in the right range, via a new nice_is_valid() helper. It then ports over a number of users to this. No functional changes.
2016-08-05 11:17:08 +02:00
int config_parse_exec_nice(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
first attempt at proper service/socket logic
2010-01-26 04:18:44 +01:00
set nice/oom_adjust only when asked for
2010-01-28 02:53:56 +01:00
ExecContext *c = data;
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
int priority, r;
first attempt at proper service/socket logic
2010-01-26 04:18:44 +01:00
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
load-fragment: setting empty string to Nice= resets the previous assignments
2018-05-25 03:52:47 +02:00
if (isempty(rvalue)) {
c->nice_set = false;
return 0;
}
util-lib: unify parsing of nice level values This adds parse_nice() that parses a nice level and ensures it is in the right range, via a new nice_is_valid() helper. It then ports over a number of users to this. No functional changes.
2016-08-05 11:17:08 +02:00
r = parse_nice(rvalue, &priority);
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
if (r < 0) {
util-lib: unify parsing of nice level values This adds parse_nice() that parses a nice level and ensures it is in the right range, via a new nice_is_valid() helper. It then ports over a number of users to this. No functional changes.
2016-08-05 11:17:08 +02:00
if (r == -ERANGE)
log_syntax(unit, LOG_ERR, filename, line, r, "Nice priority out of range, ignoring: %s", rvalue);
else
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse nice priority '%s', ignoring: %m", rvalue);
load-fragment: make parser more forgiving
2010-08-17 03:30:53 +02:00
return 0;
first attempt at proper service/socket logic
2010-01-26 04:18:44 +01:00
}
set nice/oom_adjust only when asked for
2010-01-28 02:53:56 +01:00
c->nice = priority;
load-fragment: properly parse Nice= value Hello, i`ve been using systemd for a while now, and found out that when using NICE parameter for .service files the varible is not set correctly. i`ve found the problem in file *load-fragment.c* function *config_parse_nice* variable /*c->nice_set = false;*/ should be /*c->nice_set = true;*/ Problem is alsom manifesting on v17 but did not upgrade yet ...
2011-02-02 14:57:52 +01:00
c->nice_set = true;
set nice/oom_adjust only when asked for
2010-01-28 02:53:56 +01:00
first attempt at proper service/socket logic
2010-01-26 04:18:44 +01:00
return 0;
}
basic: split parsing of the OOM score adjust value into its own function in parse-util.c And port config_parse_exec_oom_score_adjust() over to use it. While we are at it, let's also fix config_parse_exec_oom_score_adjust() to accept an empty string for turning off OOM score adjustments set earlier.
2018-05-07 20:26:38 +02:00
int config_parse_exec_oom_score_adjust(
const char* unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
first attempt at proper service/socket logic
2010-01-26 04:18:44 +01:00
set nice/oom_adjust only when asked for
2010-01-28 02:53:56 +01:00
ExecContext *c = data;
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
int oa, r;
first attempt at proper service/socket logic
2010-01-26 04:18:44 +01:00
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
basic: split parsing of the OOM score adjust value into its own function in parse-util.c And port config_parse_exec_oom_score_adjust() over to use it. While we are at it, let's also fix config_parse_exec_oom_score_adjust() to accept an empty string for turning off OOM score adjustments set earlier.
2018-05-07 20:26:38 +02:00
if (isempty(rvalue)) {
c->oom_score_adjust_set = false;
load-fragment: make parser more forgiving
2010-08-17 03:30:53 +02:00
return 0;
first attempt at proper service/socket logic
2010-01-26 04:18:44 +01:00
}
basic: split parsing of the OOM score adjust value into its own function in parse-util.c And port config_parse_exec_oom_score_adjust() over to use it. While we are at it, let's also fix config_parse_exec_oom_score_adjust() to accept an empty string for turning off OOM score adjustments set earlier.
2018-05-07 20:26:38 +02:00
r = parse_oom_score_adjust(rvalue, &oa);
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
if (r == -ERANGE)
log_syntax(unit, LOG_ERR, filename, line, r, "OOM score adjust value out of range, ignoring: %s", rvalue);
else
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse the OOM score adjust value '%s', ignoring: %m", rvalue);
load-fragment: make parser more forgiving
2010-08-17 03:30:53 +02:00
return 0;
first attempt at proper service/socket logic
2010-01-26 04:18:44 +01:00
}
exec: replace OOMAdjust= by OOMScoreAdjust= to follow new kernel interface This replaces OOMAdjust= by OOMScoreAdjust= in the config files, breaking compatibility with older unit files. However, this keeps compat with older kernels which lack the new OOM rework.
2010-08-31 01:33:39 +02:00
c->oom_score_adjust = oa;
c->oom_score_adjust_set = true;
set nice/oom_adjust only when asked for
2010-01-28 02:53:56 +01:00
first attempt at proper service/socket logic
2010-01-26 04:18:44 +01:00
return 0;
}
util: rework cunescape(), improve error handling Change cunescape() to return a normal error code, so that we can distuingish OOM errors from parse errors. This also adds a flags parameter to control whether "relaxed" or normal parsing shall be done. If set no parse failures are generated, and the only reason why cunescape() can fail is OOM.
2015-04-06 20:11:41 +02:00
int config_parse_exec(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
first attempt at proper service/socket logic
2010-01-26 04:18:44 +01:00
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
ExecCommand **e = data;
core: move specifier expansion out of service.c/socket.c This monopolizes unit file specifier expansion in load-fragment.c, and removes it from socket.c + service.c. This way expansion becomes an operation done exclusively at time of loading unit files. Previously specifiers were resolved for all settings during loading of unit files with the exception of ExecStart= and friends which were resolved in socket.c and service.c. With this change the latter is also moved to the loading of unit files. Fixes: #3061
2016-12-05 18:56:25 +01:00
Unit *u = userdata;
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
const char *p;
bool semicolon;
conf: enforce UTF8 validty everywhere we need to make sure that configuration data we expose via the bus ends up in using getting an assert(). Even though configuration data is only parsed from trusted sources we should be more careful with what we read.
2012-03-12 22:22:16 +01:00
int r;
first attempt at proper service/socket logic
2010-01-26 04:18:44 +01:00
assert(filename);
assert(lvalue);
assert(rvalue);
service: allow configuration of more than one Exec command in one line
2010-07-07 20:59:20 +02:00
assert(e);
first attempt at proper service/socket logic
2010-01-26 04:18:44 +01:00
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
e += ltype;
load-fragment: reset the list on an ExecStart= containing only whitespace This is consistent with how an empty string works in an ExecStart= statement. We should not differentiate between an empty string and whitespace only (since they look the same.) Update the test case with whitespace only to reflect that the list is reset. Tested that `test-unit-file` passes and other test cases are not affected. Installed the patched systemd binaries on a machine, booted it, looked for out of the usual behavior but did not find any.
2015-06-06 08:12:25 +02:00
rvalue += strspn(rvalue, WHITESPACE);
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
if (isempty(rvalue)) {
/* An empty assignment resets the list */
core: make exec_command_free_list return NULL
2014-12-18 18:29:24 +01:00
*e = exec_command_free_list(*e);
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
return 0;
}
core: revert "core: resolve specifier in config_parse_exec()" This reverts commit cb48dfca6a8bc15d9081651001a16bf51e03838a. Exec*-settings resolve specifiers twice: %%U -> config_parse_exec [cb48dfca6a8] -> %U -> service_spawn -> 0 Fixes #2637
2016-02-17 23:32:36 +01:00
p = rvalue;
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
do {
util-lib: rework extract_first_word_and_warn() a bit - Really warn in all error cases, not just some. We need to make sure that all errors are logged to not confuse the user. - Explicitly check for EINVAL error code before claiming anything about invalid escapes, could be ENOMEM after all.
2015-10-23 18:20:54 +02:00
_cleanup_free_ char *path = NULL, *firstword = NULL;
core: add two new special ExecStart= character prefixes This patch adds two new special character prefixes to ExecStart= and friends, in addition to the existing "-", "@" and "+": "!" → much like "+", except with a much reduced effect as it only disables the actual setresuid()/setresgid()/setgroups() calls, but leaves all other security features on, including namespace options. This is very useful in combination with RuntimeDirectory= or DynamicUser= and similar option, as a user is still allocated and used for the runtime directory, but the actual UID/GID dropping is left to the daemon process itself. This should make RuntimeDirectory= a lot more useful for daemons which insist on doing their own privilege dropping. "!!" → Similar to "!", but on systems supporting ambient caps this becomes a NOP. This makes it relatively straightforward to write unit files that make use of ambient capabilities to let systemd drop all privs while retaining compatibility with systems that lack ambient caps, where priv dropping is the left to the daemon codes themselves. This is an alternative approach to #6564 and related PRs.
2017-08-09 16:09:04 +02:00
ExecCommandFlags flags = 0;
bool ignore = false, separate_argv0 = false;
util-lib: rework extract_first_word_and_warn() a bit - Really warn in all error cases, not just some. We need to make sure that all errors are logged to not confuse the user. - Explicitly check for EINVAL error code before claiming anything about invalid escapes, could be ENOMEM after all.
2015-10-23 18:20:54 +02:00
_cleanup_free_ ExecCommand *nce = NULL;
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
_cleanup_strv_free_ char **n = NULL;
size_t nlen = 0, nbufsize = 0;
core: move specifier expansion out of service.c/socket.c This monopolizes unit file specifier expansion in load-fragment.c, and removes it from socket.c + service.c. This way expansion becomes an operation done exclusively at time of loading unit files. Previously specifiers were resolved for all settings during loading of unit files with the exception of ExecStart= and friends which were resolved in socket.c and service.c. With this change the latter is also moved to the loading of unit files. Fixes: #3061
2016-12-05 18:56:25 +01:00
const char *f;
load-fragment: add support for overriding argv[0] in parsed command lines
2010-05-19 21:51:53 +02:00
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
semicolon = false;
tree-wide: drop unneded WHITESPACE param to extract_first_word It's the default, and NULL is shorter.
2016-10-28 02:06:44 +02:00
r = extract_first_word_and_warn(&p, &firstword, NULL, EXTRACT_QUOTES|EXTRACT_CUNESCAPE, unit, filename, line, rvalue);
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
if (r <= 0)
return 0;
load-fragment: add support for overriding argv[0] in parsed command lines
2010-05-19 21:51:53 +02:00
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
f = firstword;
pid1: remove unnecessary counter The loop must terminate after at most three iterations anyway.
2016-12-11 05:07:46 +01:00
for (;;) {
core: add two new special ExecStart= character prefixes This patch adds two new special character prefixes to ExecStart= and friends, in addition to the existing "-", "@" and "+": "!" → much like "+", except with a much reduced effect as it only disables the actual setresuid()/setresgid()/setgroups() calls, but leaves all other security features on, including namespace options. This is very useful in combination with RuntimeDirectory= or DynamicUser= and similar option, as a user is still allocated and used for the runtime directory, but the actual UID/GID dropping is left to the daemon process itself. This should make RuntimeDirectory= a lot more useful for daemons which insist on doing their own privilege dropping. "!!" → Similar to "!", but on systems supporting ambient caps this becomes a NOP. This makes it relatively straightforward to write unit files that make use of ambient capabilities to let systemd drop all privs while retaining compatibility with systems that lack ambient caps, where priv dropping is the left to the daemon codes themselves. This is an alternative approach to #6564 and related PRs.
2017-08-09 16:09:04 +02:00
/* We accept an absolute path as first argument. If it's prefixed with - and the path doesn't
* exist, we ignore it instead of erroring out; if it's prefixed with @, we allow overriding of
* argv[0]; if it's prefixed with +, it will be run with full privileges and no sandboxing; if
* it's prefixed with '!' we apply sandboxing, but do not change user/group credentials; if
* it's prefixed with '!!', then we apply user/group credentials if the kernel supports ambient
* capabilities -- if it doesn't we don't apply the credentials themselves, but do apply most
* other sandboxing, with some special exceptions for changing UID.
*
* The idea is that '!!' may be used to write services that can take benefit of systemd's
* UID/GID dropping if the kernel supports ambient creds, but provide an automatic fallback to
* privilege dropping within the daemon if the kernel does not offer that. */
if (*f == '-' && !(flags & EXEC_COMMAND_IGNORE_FAILURE)) {
flags |= EXEC_COMMAND_IGNORE_FAILURE;
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
ignore = true;
core: add two new special ExecStart= character prefixes This patch adds two new special character prefixes to ExecStart= and friends, in addition to the existing "-", "@" and "+": "!" → much like "+", except with a much reduced effect as it only disables the actual setresuid()/setresgid()/setgroups() calls, but leaves all other security features on, including namespace options. This is very useful in combination with RuntimeDirectory= or DynamicUser= and similar option, as a user is still allocated and used for the runtime directory, but the actual UID/GID dropping is left to the daemon process itself. This should make RuntimeDirectory= a lot more useful for daemons which insist on doing their own privilege dropping. "!!" → Similar to "!", but on systems supporting ambient caps this becomes a NOP. This makes it relatively straightforward to write unit files that make use of ambient capabilities to let systemd drop all privs while retaining compatibility with systems that lack ambient caps, where priv dropping is the left to the daemon codes themselves. This is an alternative approach to #6564 and related PRs.
2017-08-09 16:09:04 +02:00
} else if (*f == '@' && !separate_argv0)
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
separate_argv0 = true;
core: add two new special ExecStart= character prefixes This patch adds two new special character prefixes to ExecStart= and friends, in addition to the existing "-", "@" and "+": "!" → much like "+", except with a much reduced effect as it only disables the actual setresuid()/setresgid()/setgroups() calls, but leaves all other security features on, including namespace options. This is very useful in combination with RuntimeDirectory= or DynamicUser= and similar option, as a user is still allocated and used for the runtime directory, but the actual UID/GID dropping is left to the daemon process itself. This should make RuntimeDirectory= a lot more useful for daemons which insist on doing their own privilege dropping. "!!" → Similar to "!", but on systems supporting ambient caps this becomes a NOP. This makes it relatively straightforward to write unit files that make use of ambient capabilities to let systemd drop all privs while retaining compatibility with systems that lack ambient caps, where priv dropping is the left to the daemon codes themselves. This is an alternative approach to #6564 and related PRs.
2017-08-09 16:09:04 +02:00
else if (*f == '+' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_NO_SETUID|EXEC_COMMAND_AMBIENT_MAGIC)))
flags |= EXEC_COMMAND_FULLY_PRIVILEGED;
else if (*f == '!' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_NO_SETUID|EXEC_COMMAND_AMBIENT_MAGIC)))
flags |= EXEC_COMMAND_NO_SETUID;
else if (*f == '!' && !(flags & (EXEC_COMMAND_FULLY_PRIVILEGED|EXEC_COMMAND_AMBIENT_MAGIC))) {
flags &= ~EXEC_COMMAND_NO_SETUID;
flags |= EXEC_COMMAND_AMBIENT_MAGIC;
} else
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
break;
tree-wide: make ++/-- usage consistent WRT spacing Throughout the tree there's spurious use of spaces separating ++ and -- operators from their respective operands. Make ++ and -- operator consistent with the majority of existing uses; discard the spaces.
2016-02-23 05:32:04 +01:00
f++;
service: allow configuration of more than one Exec command in one line
2010-07-07 20:59:20 +02:00
}
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
core: move specifier expansion out of service.c/socket.c This monopolizes unit file specifier expansion in load-fragment.c, and removes it from socket.c + service.c. This way expansion becomes an operation done exclusively at time of loading unit files. Previously specifiers were resolved for all settings during loading of unit files with the exception of ExecStart= and friends which were resolved in socket.c and service.c. With this change the latter is also moved to the loading of unit files. Fixes: #3061
2016-12-05 18:56:25 +01:00
r = unit_full_printf(u, f, &path);
if (r < 0) {
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
log_syntax(unit, LOG_ERR, filename, line, r,
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
"Failed to resolve unit specifiers in '%s'%s: %m",
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
f, ignore ? ", ignoring" : "");
return ignore ? 0 : -ENOEXEC;
core: move specifier expansion out of service.c/socket.c This monopolizes unit file specifier expansion in load-fragment.c, and removes it from socket.c + service.c. This way expansion becomes an operation done exclusively at time of loading unit files. Previously specifiers were resolved for all settings during loading of unit files with the exception of ExecStart= and friends which were resolved in socket.c and service.c. With this change the latter is also moved to the loading of unit files. Fixes: #3061
2016-12-05 18:56:25 +01:00
}
if (isempty(path)) {
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
/* First word is either "-" or "@" with no command. */
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0,
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
"Empty path in command line%s: '%s'",
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
ignore ? ", ignoring" : "", rvalue);
return ignore ? 0 : -ENOEXEC;
Properly report invalid quoted strings $ systemd-analyze verify trailing-g.service [./trailing-g.service:2] Trailing garbage, ignoring. trailing-g.service lacks ExecStart setting. Refusing. Error: org.freedesktop.systemd1.LoadFailed: Unit trailing-g.service failed to load: Invalid argument. Failed to create trailing-g.service/start: Invalid argument
2014-07-31 09:28:37 +02:00
}
core: move specifier expansion out of service.c/socket.c This monopolizes unit file specifier expansion in load-fragment.c, and removes it from socket.c + service.c. This way expansion becomes an operation done exclusively at time of loading unit files. Previously specifiers were resolved for all settings during loading of unit files with the exception of ExecStart= and friends which were resolved in socket.c and service.c. With this change the latter is also moved to the loading of unit files. Fixes: #3061
2016-12-05 18:56:25 +01:00
if (!string_is_safe(path)) {
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0,
systemd: do not require absolute paths in ExecStart Absolute paths make everything simple and quick, but sometimes this requirement can be annoying. A good example is calling 'test', which will be located in /usr/bin/ or /bin depending on the distro. The need the provide the full path makes it harder a portable unit file in such cases. This patch uses a fixed search path (DEFAULT_PATH which was already used as the default value of $PATH), and if a non-absolute file name is found, it is immediately resolved to a full path using this search path when the unit is loaded. After that, everything behaves as if an absolute path was specified. In particular, the executable must exist when the unit is loaded.
2018-03-25 20:50:15 +02:00
"Executable name contains special characters%s: %s",
ignore ? ", ignoring" : "", path);
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
return ignore ? 0 : -ENOEXEC;
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
}
core: move specifier expansion out of service.c/socket.c This monopolizes unit file specifier expansion in load-fragment.c, and removes it from socket.c + service.c. This way expansion becomes an operation done exclusively at time of loading unit files. Previously specifiers were resolved for all settings during loading of unit files with the exception of ExecStart= and friends which were resolved in socket.c and service.c. With this change the latter is also moved to the loading of unit files. Fixes: #3061
2016-12-05 18:56:25 +01:00
if (endswith(path, "/")) {
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0,
"Executable path specifies a directory%s: %s",
systemd: do not require absolute paths in ExecStart Absolute paths make everything simple and quick, but sometimes this requirement can be annoying. A good example is calling 'test', which will be located in /usr/bin/ or /bin depending on the distro. The need the provide the full path makes it harder a portable unit file in such cases. This patch uses a fixed search path (DEFAULT_PATH which was already used as the default value of $PATH), and if a non-absolute file name is found, it is immediately resolved to a full path using this search path when the unit is loaded. After that, everything behaves as if an absolute path was specified. In particular, the executable must exist when the unit is loaded.
2018-03-25 20:50:15 +02:00
ignore ? ", ignoring" : "", path);
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
return ignore ? 0 : -ENOEXEC;
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
}
service: allow configuration of more than one Exec command in one line
2010-07-07 20:59:20 +02:00
systemd: do not require absolute paths in ExecStart Absolute paths make everything simple and quick, but sometimes this requirement can be annoying. A good example is calling 'test', which will be located in /usr/bin/ or /bin depending on the distro. The need the provide the full path makes it harder a portable unit file in such cases. This patch uses a fixed search path (DEFAULT_PATH which was already used as the default value of $PATH), and if a non-absolute file name is found, it is immediately resolved to a full path using this search path when the unit is loaded. After that, everything behaves as if an absolute path was specified. In particular, the executable must exist when the unit is loaded.
2018-03-25 20:50:15 +02:00
if (!path_is_absolute(path)) {
const char *prefix;
bool found = false;
if (!filename_is_valid(path)) {
log_syntax(unit, LOG_ERR, filename, line, 0,
"Neither a valid executable name nor an absolute path%s: %s",
ignore ? ", ignoring" : "", path);
return ignore ? 0 : -ENOEXEC;
}
/* Resolve a single-component name to a full path */
NULSTR_FOREACH(prefix, DEFAULT_PATH_NULSTR) {
_cleanup_free_ char *fullpath = NULL;
fullpath = strjoin(prefix, "/", path);
if (!fullpath)
return log_oom();
if (access(fullpath, F_OK) >= 0) {
free_and_replace(path, fullpath);
found = true;
break;
}
}
if (!found) {
log_syntax(unit, LOG_ERR, filename, line, 0,
"Executable \"%s\" not found in path \"%s\"%s",
path, DEFAULT_PATH, ignore ? ", ignoring" : "");
return ignore ? 0 : -ENOEXEC;
}
}
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
if (!separate_argv0) {
core: move specifier expansion out of service.c/socket.c This monopolizes unit file specifier expansion in load-fragment.c, and removes it from socket.c + service.c. This way expansion becomes an operation done exclusively at time of loading unit files. Previously specifiers were resolved for all settings during loading of unit files with the exception of ExecStart= and friends which were resolved in socket.c and service.c. With this change the latter is also moved to the loading of unit files. Fixes: #3061
2016-12-05 18:56:25 +01:00
char *w = NULL;
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
return log_oom();
core: move specifier expansion out of service.c/socket.c This monopolizes unit file specifier expansion in load-fragment.c, and removes it from socket.c + service.c. This way expansion becomes an operation done exclusively at time of loading unit files. Previously specifiers were resolved for all settings during loading of unit files with the exception of ExecStart= and friends which were resolved in socket.c and service.c. With this change the latter is also moved to the loading of unit files. Fixes: #3061
2016-12-05 18:56:25 +01:00
w = strdup(path);
if (!w)
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
return log_oom();
core: move specifier expansion out of service.c/socket.c This monopolizes unit file specifier expansion in load-fragment.c, and removes it from socket.c + service.c. This way expansion becomes an operation done exclusively at time of loading unit files. Previously specifiers were resolved for all settings during loading of unit files with the exception of ExecStart= and friends which were resolved in socket.c and service.c. With this change the latter is also moved to the loading of unit files. Fixes: #3061
2016-12-05 18:56:25 +01:00
n[nlen++] = w;
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
n[nlen] = NULL;
}
conf: enforce UTF8 validty everywhere we need to make sure that configuration data we expose via the bus ends up in using getting an assert(). Even though configuration data is only parsed from trusted sources we should be more careful with what we read.
2012-03-12 22:22:16 +01:00
path-util: introduce path_simplify() The function is similar to path_kill_slashes() but also removes initial './', trailing '/.', and '/./' in the path. When the second argument of path_simplify() is false, then it behaves as the same as path_kill_slashes(). Hence, this also replaces path_kill_slashes() with path_simplify().
2018-05-31 16:39:31 +02:00
path_simplify(path, false);
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
Convert unquote_*_word users to expect isempty(p) after the last entry This is so that, when called in a loop, unquote_first_word can distinguish between reaching the end of a string because it has consumed all the input before the end, and consuming all the input. This is important because we later add a flag that allows char *in = ""; char *out; unquote_first_word(&in, &out, flags); To put "" in out, and set in = NULL, so the trailing empty string of the input can be consumed, and mark that the input has been consumed.
2015-06-19 17:24:29 +02:00
while (!isempty(p)) {
core: move specifier expansion out of service.c/socket.c This monopolizes unit file specifier expansion in load-fragment.c, and removes it from socket.c + service.c. This way expansion becomes an operation done exclusively at time of loading unit files. Previously specifiers were resolved for all settings during loading of unit files with the exception of ExecStart= and friends which were resolved in socket.c and service.c. With this change the latter is also moved to the loading of unit files. Fixes: #3061
2016-12-05 18:56:25 +01:00
_cleanup_free_ char *word = NULL, *resolved = NULL;
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
/* Check explicitly for an unquoted semicolon as
* command separator token. */
if (p[0] == ';' && (!p[1] || strchr(WHITESPACE, p[1]))) {
tree-wide: make ++/-- usage consistent WRT spacing Throughout the tree there's spurious use of spaces separating ++ and -- operators from their respective operands. Make ++ and -- operator consistent with the majority of existing uses; discard the spaces.
2016-02-23 05:32:04 +01:00
p++;
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
p += strspn(p, WHITESPACE);
semicolon = true;
break;
load-fragment: allow quoting in command name and document allowed escapes The handling of the command name and other arguments is unified. This simplifies things and should make them more predictable for users. Incidentally, this makes ExecStart handling match the .desktop file specification, apart for the requirment for an absolute path. https://bugs.freedesktop.org/show_bug.cgi?id=86171
2014-12-19 00:08:13 +01:00
}
conf: enforce UTF8 validty everywhere we need to make sure that configuration data we expose via the bus ends up in using getting an assert(). Even though configuration data is only parsed from trusted sources we should be more careful with what we read.
2012-03-12 22:22:16 +01:00
core: move specifier expansion out of service.c/socket.c This monopolizes unit file specifier expansion in load-fragment.c, and removes it from socket.c + service.c. This way expansion becomes an operation done exclusively at time of loading unit files. Previously specifiers were resolved for all settings during loading of unit files with the exception of ExecStart= and friends which were resolved in socket.c and service.c. With this change the latter is also moved to the loading of unit files. Fixes: #3061
2016-12-05 18:56:25 +01:00
/* Check for \; explicitly, to not confuse it with \\; or "\;" or "\\;" etc.
* extract_first_word() would return the same for all of those. */
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
if (p[0] == '\\' && p[1] == ';' && (!p[2] || strchr(WHITESPACE, p[2]))) {
core: move specifier expansion out of service.c/socket.c This monopolizes unit file specifier expansion in load-fragment.c, and removes it from socket.c + service.c. This way expansion becomes an operation done exclusively at time of loading unit files. Previously specifiers were resolved for all settings during loading of unit files with the exception of ExecStart= and friends which were resolved in socket.c and service.c. With this change the latter is also moved to the loading of unit files. Fixes: #3061
2016-12-05 18:56:25 +01:00
char *w;
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
p += 2;
p += strspn(p, WHITESPACE);
core: move specifier expansion out of service.c/socket.c This monopolizes unit file specifier expansion in load-fragment.c, and removes it from socket.c + service.c. This way expansion becomes an operation done exclusively at time of loading unit files. Previously specifiers were resolved for all settings during loading of unit files with the exception of ExecStart= and friends which were resolved in socket.c and service.c. With this change the latter is also moved to the loading of unit files. Fixes: #3061
2016-12-05 18:56:25 +01:00
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
return log_oom();
core: move specifier expansion out of service.c/socket.c This monopolizes unit file specifier expansion in load-fragment.c, and removes it from socket.c + service.c. This way expansion becomes an operation done exclusively at time of loading unit files. Previously specifiers were resolved for all settings during loading of unit files with the exception of ExecStart= and friends which were resolved in socket.c and service.c. With this change the latter is also moved to the loading of unit files. Fixes: #3061
2016-12-05 18:56:25 +01:00
w = strdup(";");
if (!w)
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
return log_oom();
core: move specifier expansion out of service.c/socket.c This monopolizes unit file specifier expansion in load-fragment.c, and removes it from socket.c + service.c. This way expansion becomes an operation done exclusively at time of loading unit files. Previously specifiers were resolved for all settings during loading of unit files with the exception of ExecStart= and friends which were resolved in socket.c and service.c. With this change the latter is also moved to the loading of unit files. Fixes: #3061
2016-12-05 18:56:25 +01:00
n[nlen++] = w;
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
n[nlen] = NULL;
continue;
service: allow configuration of more than one Exec command in one line
2010-07-07 20:59:20 +02:00
}
load-fragment: allow quoting in command name and document allowed escapes The handling of the command name and other arguments is unified. This simplifies things and should make them more predictable for users. Incidentally, this makes ExecStart handling match the .desktop file specification, apart for the requirment for an absolute path. https://bugs.freedesktop.org/show_bug.cgi?id=86171
2014-12-19 00:08:13 +01:00
tree-wide: drop unneded WHITESPACE param to extract_first_word It's the default, and NULL is shorter.
2016-10-28 02:06:44 +02:00
r = extract_first_word_and_warn(&p, &word, NULL, EXTRACT_QUOTES|EXTRACT_CUNESCAPE, unit, filename, line, rvalue);
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
if (r == 0)
break;
core: move specifier expansion out of service.c/socket.c This monopolizes unit file specifier expansion in load-fragment.c, and removes it from socket.c + service.c. This way expansion becomes an operation done exclusively at time of loading unit files. Previously specifiers were resolved for all settings during loading of unit files with the exception of ExecStart= and friends which were resolved in socket.c and service.c. With this change the latter is also moved to the loading of unit files. Fixes: #3061
2016-12-05 18:56:25 +01:00
if (r < 0)
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
return ignore ? 0 : -ENOEXEC;
core: move specifier expansion out of service.c/socket.c This monopolizes unit file specifier expansion in load-fragment.c, and removes it from socket.c + service.c. This way expansion becomes an operation done exclusively at time of loading unit files. Previously specifiers were resolved for all settings during loading of unit files with the exception of ExecStart= and friends which were resolved in socket.c and service.c. With this change the latter is also moved to the loading of unit files. Fixes: #3061
2016-12-05 18:56:25 +01:00
r = unit_full_printf(u, word, &resolved);
if (r < 0) {
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
log_syntax(unit, LOG_ERR, filename, line, r,
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
"Failed to resolve unit specifiers in %s%s: %m",
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
word, ignore ? ", ignoring" : "");
return ignore ? 0 : -ENOEXEC;
core: move specifier expansion out of service.c/socket.c This monopolizes unit file specifier expansion in load-fragment.c, and removes it from socket.c + service.c. This way expansion becomes an operation done exclusively at time of loading unit files. Previously specifiers were resolved for all settings during loading of unit files with the exception of ExecStart= and friends which were resolved in socket.c and service.c. With this change the latter is also moved to the loading of unit files. Fixes: #3061
2016-12-05 18:56:25 +01:00
}
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
return log_oom();
tree-wide: use TAKE_PTR() and TAKE_FD() macros
2018-04-05 07:26:26 +02:00
n[nlen++] = TAKE_PTR(resolved);
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
n[nlen] = NULL;
service: allow configuration of more than one Exec command in one line
2010-07-07 20:59:20 +02:00
}
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
if (!n || !n[0]) {
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0,
"Empty executable name or zeroeth argument%s: %s",
ignore ? ", ignoring" : "", rvalue);
return ignore ? 0 : -ENOEXEC;
conf: enforce UTF8 validty everywhere we need to make sure that configuration data we expose via the bus ends up in using getting an assert(). Even though configuration data is only parsed from trusted sources we should be more careful with what we read.
2012-03-12 22:22:16 +01:00
}
load-fragment: add support for overriding argv[0] in parsed command lines
2010-05-19 21:51:53 +02:00
conf: enforce UTF8 validty everywhere we need to make sure that configuration data we expose via the bus ends up in using getting an assert(). Even though configuration data is only parsed from trusted sources we should be more careful with what we read.
2012-03-12 22:22:16 +01:00
nce = new0(ExecCommand, 1);
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
if (!nce)
return log_oom();
service: allow configuration of more than one Exec command in one line
2010-07-07 20:59:20 +02:00
tree-wide: use TAKE_PTR() and TAKE_FD() macros
2018-04-05 07:26:26 +02:00
nce->argv = TAKE_PTR(n);
nce->path = TAKE_PTR(path);
core: add two new special ExecStart= character prefixes This patch adds two new special character prefixes to ExecStart= and friends, in addition to the existing "-", "@" and "+": "!" → much like "+", except with a much reduced effect as it only disables the actual setresuid()/setresgid()/setgroups() calls, but leaves all other security features on, including namespace options. This is very useful in combination with RuntimeDirectory= or DynamicUser= and similar option, as a user is still allocated and used for the runtime directory, but the actual UID/GID dropping is left to the daemon process itself. This should make RuntimeDirectory= a lot more useful for daemons which insist on doing their own privilege dropping. "!!" → Similar to "!", but on systems supporting ambient caps this becomes a NOP. This makes it relatively straightforward to write unit files that make use of ambient capabilities to let systemd drop all privs while retaining compatibility with systems that lack ambient caps, where priv dropping is the left to the daemon codes themselves. This is an alternative approach to #6564 and related PRs.
2017-08-09 16:09:04 +02:00
nce->flags = flags;
first attempt at proper service/socket logic
2010-01-26 04:18:44 +01:00
service: allow configuration of more than one Exec command in one line
2010-07-07 20:59:20 +02:00
exec_command_append_list(e, nce);
path: add .path unit type for monitoring files
2010-05-24 05:25:33 +02:00
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
/* Do not _cleanup_free_ these. */
nce = NULL;
first attempt at proper service/socket logic
2010-01-26 04:18:44 +01:00
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
rvalue = p;
} while (semicolon);
first attempt at proper service/socket logic
2010-01-26 04:18:44 +01:00
load-fragment: use unquote_first_word in config_parse_exec Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-05-31 07:48:52 +02:00
return 0;
first attempt at proper service/socket logic
2010-01-26 04:18:44 +01:00
}
tree-wide: port more code to use ifname_valid()
2016-05-06 21:20:59 +02:00
int config_parse_socket_bindtodevice(
const char* unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
yay, we can start socket units
2010-01-27 04:31:52 +01:00
Socket *s = data;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
if (isempty(rvalue) || streq(rvalue, "*")) {
s->bind_to_device = mfree(s->bind_to_device);
return 0;
}
tree-wide: port more code to use ifname_valid()
2016-05-06 21:20:59 +02:00
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
if (!ifname_valid(rvalue)) {
log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid interface name, ignoring: %s", rvalue);
return 0;
}
yay, we can start socket units
2010-01-27 04:31:52 +01:00
load-fragment: add missing oom check Fixes CID#1391379.
2018-05-31 06:26:24 +02:00
if (free_and_strdup(&s->bind_to_device, rvalue) < 0)
return log_oom();
yay, we can start socket units
2010-01-27 04:31:52 +01:00
return 0;
}
core: clean up config_parse_exec_input() a bit Mostly coding style fixes, but most importantly, initialize c->std_input only after we know the free_and_strdup() invocation succeeded, so that we don't leave half-initialized fields around on failure.
2017-10-26 20:06:42 +02:00
int config_parse_exec_input(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
core/exec: add a named-descriptor option ("fd") for streams (#4179) This commit adds a `fd` option to `StandardInput=`, `StandardOutput=` and `StandardError=` properties in order to connect standard streams to externally named descriptors provided by some socket units. This option looks for a file descriptor named as the corresponding stream. Custom names can be specified, separated by a colon. If multiple name-matches exist, the first matching fd will be used.
2016-10-18 02:05:49 +02:00
ExecContext *c = data;
core: add support for StandardInputFile= and friends These new settings permit specifiying arbitrary paths as stdin/stdout/stderr locations. We try to open/create them as necessary. Some special magic is applied: 1) if the same path is specified for both input and output/stderr, we'll open it only once O_RDWR, and duplicate them fd instead. 2) If we an AF_UNIX socket path is specified, we'll connect() to it, rather than open() it. This allows invoking systemd services with stdin/stdout/stderr connected to arbitrary foreign service sockets. Fixes: #3991
2017-10-27 16:09:57 +02:00
Unit *u = userdata;
const char *n;
ExecInput ei;
core/exec: add a named-descriptor option ("fd") for streams (#4179) This commit adds a `fd` option to `StandardInput=`, `StandardOutput=` and `StandardError=` properties in order to connect standard streams to externally named descriptors provided by some socket units. This option looks for a file descriptor named as the corresponding stream. Custom names can be specified, separated by a colon. If multiple name-matches exist, the first matching fd will be used.
2016-10-18 02:05:49 +02:00
int r;
assert(data);
assert(filename);
assert(line);
assert(rvalue);
core: add support for StandardInputFile= and friends These new settings permit specifiying arbitrary paths as stdin/stdout/stderr locations. We try to open/create them as necessary. Some special magic is applied: 1) if the same path is specified for both input and output/stderr, we'll open it only once O_RDWR, and duplicate them fd instead. 2) If we an AF_UNIX socket path is specified, we'll connect() to it, rather than open() it. This allows invoking systemd services with stdin/stdout/stderr connected to arbitrary foreign service sockets. Fixes: #3991
2017-10-27 16:09:57 +02:00
n = startswith(rvalue, "fd:");
if (n) {
_cleanup_free_ char *resolved = NULL;
r = unit_full_printf(u, n, &resolved);
if (r < 0)
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s': %m", n);
core: add support for StandardInputFile= and friends These new settings permit specifiying arbitrary paths as stdin/stdout/stderr locations. We try to open/create them as necessary. Some special magic is applied: 1) if the same path is specified for both input and output/stderr, we'll open it only once O_RDWR, and duplicate them fd instead. 2) If we an AF_UNIX socket path is specified, we'll connect() to it, rather than open() it. This allows invoking systemd services with stdin/stdout/stderr connected to arbitrary foreign service sockets. Fixes: #3991
2017-10-27 16:09:57 +02:00
if (isempty(resolved))
resolved = mfree(resolved);
else if (!fdname_is_valid(resolved)) {
log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid file descriptor name: %s", resolved);
core: add a couple of more error cases that should result in "bad-setting" This changes a number of EINVAL cases to ENOEXEC, so that we enter "bad-setting" state if they fail.
2018-06-01 18:06:54 +02:00
return -ENOEXEC;
core/exec: add a named-descriptor option ("fd") for streams (#4179) This commit adds a `fd` option to `StandardInput=`, `StandardOutput=` and `StandardError=` properties in order to connect standard streams to externally named descriptors provided by some socket units. This option looks for a file descriptor named as the corresponding stream. Custom names can be specified, separated by a colon. If multiple name-matches exist, the first matching fd will be used.
2016-10-18 02:05:49 +02:00
}
core: clean up config_parse_exec_input() a bit Mostly coding style fixes, but most importantly, initialize c->std_input only after we know the free_and_strdup() invocation succeeded, so that we don't leave half-initialized fields around on failure.
2017-10-26 20:06:42 +02:00
core: add support for StandardInputFile= and friends These new settings permit specifiying arbitrary paths as stdin/stdout/stderr locations. We try to open/create them as necessary. Some special magic is applied: 1) if the same path is specified for both input and output/stderr, we'll open it only once O_RDWR, and duplicate them fd instead. 2) If we an AF_UNIX socket path is specified, we'll connect() to it, rather than open() it. This allows invoking systemd services with stdin/stdout/stderr connected to arbitrary foreign service sockets. Fixes: #3991
2017-10-27 16:09:57 +02:00
free_and_replace(c->stdio_fdname[STDIN_FILENO], resolved);
ei = EXEC_INPUT_NAMED_FD;
} else if ((n = startswith(rvalue, "file:"))) {
_cleanup_free_ char *resolved = NULL;
r = unit_full_printf(u, n, &resolved);
core/exec: add a named-descriptor option ("fd") for streams (#4179) This commit adds a `fd` option to `StandardInput=`, `StandardOutput=` and `StandardError=` properties in order to connect standard streams to externally named descriptors provided by some socket units. This option looks for a file descriptor named as the corresponding stream. Custom names can be specified, separated by a colon. If multiple name-matches exist, the first matching fd will be used.
2016-10-18 02:05:49 +02:00
if (r < 0)
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s': %m", n);
core: clean up config_parse_exec_input() a bit Mostly coding style fixes, but most importantly, initialize c->std_input only after we know the free_and_strdup() invocation succeeded, so that we don't leave half-initialized fields around on failure.
2017-10-26 20:06:42 +02:00
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
if (r < 0)
core: add a couple of more error cases that should result in "bad-setting" This changes a number of EINVAL cases to ENOEXEC, so that we enter "bad-setting" state if they fail.
2018-06-01 18:06:54 +02:00
return -ENOEXEC;
core: add support for StandardInputFile= and friends These new settings permit specifiying arbitrary paths as stdin/stdout/stderr locations. We try to open/create them as necessary. Some special magic is applied: 1) if the same path is specified for both input and output/stderr, we'll open it only once O_RDWR, and duplicate them fd instead. 2) If we an AF_UNIX socket path is specified, we'll connect() to it, rather than open() it. This allows invoking systemd services with stdin/stdout/stderr connected to arbitrary foreign service sockets. Fixes: #3991
2017-10-27 16:09:57 +02:00
free_and_replace(c->stdio_file[STDIN_FILENO], resolved);
ei = EXEC_INPUT_FILE;
core: clean up config_parse_exec_input() a bit Mostly coding style fixes, but most importantly, initialize c->std_input only after we know the free_and_strdup() invocation succeeded, so that we don't leave half-initialized fields around on failure.
2017-10-26 20:06:42 +02:00
core/exec: add a named-descriptor option ("fd") for streams (#4179) This commit adds a `fd` option to `StandardInput=`, `StandardOutput=` and `StandardError=` properties in order to connect standard streams to externally named descriptors provided by some socket units. This option looks for a file descriptor named as the corresponding stream. Custom names can be specified, separated by a colon. If multiple name-matches exist, the first matching fd will be used.
2016-10-18 02:05:49 +02:00
} else {
core: clean up config_parse_exec_input() a bit Mostly coding style fixes, but most importantly, initialize c->std_input only after we know the free_and_strdup() invocation succeeded, so that we don't leave half-initialized fields around on failure.
2017-10-26 20:06:42 +02:00
ei = exec_input_from_string(rvalue);
if (ei < 0) {
core/exec: add a named-descriptor option ("fd") for streams (#4179) This commit adds a `fd` option to `StandardInput=`, `StandardOutput=` and `StandardError=` properties in order to connect standard streams to externally named descriptors provided by some socket units. This option looks for a file descriptor named as the corresponding stream. Custom names can be specified, separated by a colon. If multiple name-matches exist, the first matching fd will be used.
2016-10-18 02:05:49 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse input specifier, ignoring: %s", rvalue);
core: clean up config_parse_exec_input() a bit Mostly coding style fixes, but most importantly, initialize c->std_input only after we know the free_and_strdup() invocation succeeded, so that we don't leave half-initialized fields around on failure.
2017-10-26 20:06:42 +02:00
return 0;
}
core/exec: add a named-descriptor option ("fd") for streams (#4179) This commit adds a `fd` option to `StandardInput=`, `StandardOutput=` and `StandardError=` properties in order to connect standard streams to externally named descriptors provided by some socket units. This option looks for a file descriptor named as the corresponding stream. Custom names can be specified, separated by a colon. If multiple name-matches exist, the first matching fd will be used.
2016-10-18 02:05:49 +02:00
}
core: clean up config_parse_exec_input() a bit Mostly coding style fixes, but most importantly, initialize c->std_input only after we know the free_and_strdup() invocation succeeded, so that we don't leave half-initialized fields around on failure.
2017-10-26 20:06:42 +02:00
core: add support for StandardInputFile= and friends These new settings permit specifiying arbitrary paths as stdin/stdout/stderr locations. We try to open/create them as necessary. Some special magic is applied: 1) if the same path is specified for both input and output/stderr, we'll open it only once O_RDWR, and duplicate them fd instead. 2) If we an AF_UNIX socket path is specified, we'll connect() to it, rather than open() it. This allows invoking systemd services with stdin/stdout/stderr connected to arbitrary foreign service sockets. Fixes: #3991
2017-10-27 16:09:57 +02:00
c->std_input = ei;
core: clean up config_parse_exec_input() a bit Mostly coding style fixes, but most importantly, initialize c->std_input only after we know the free_and_strdup() invocation succeeded, so that we don't leave half-initialized fields around on failure.
2017-10-26 20:06:42 +02:00
return 0;
core/exec: add a named-descriptor option ("fd") for streams (#4179) This commit adds a `fd` option to `StandardInput=`, `StandardOutput=` and `StandardError=` properties in order to connect standard streams to externally named descriptors provided by some socket units. This option looks for a file descriptor named as the corresponding stream. Custom names can be specified, separated by a colon. If multiple name-matches exist, the first matching fd will be used.
2016-10-18 02:05:49 +02:00
}
core: add two new unit file settings: StandardInputData= + StandardInputText= Both permit configuring data to pass through STDIN to an invoked process. StandardInputText= accepts a line of text (possibly with embedded C-style escapes as well as unit specifiers), which is appended to the buffer to pass as stdin, followed by a single newline. StandardInputData= is similar, but accepts arbitrary base64 encoded data, and will not resolve specifiers or C-style escapes, nor append newlines. This may be used to pass input/configuration data to services, directly in-line from unit files, either in a cooked or in a more raw format.
2017-10-27 11:33:05 +02:00
int config_parse_exec_input_text(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
_cleanup_free_ char *unescaped = NULL, *resolved = NULL;
ExecContext *c = data;
Unit *u = userdata;
size_t sz;
void *p;
int r;
assert(data);
assert(filename);
assert(line);
assert(rvalue);
if (isempty(rvalue)) {
/* Reset if the empty string is assigned */
c->stdin_data = mfree(c->stdin_data);
c->stdin_data_size = 0;
core/exec: add a named-descriptor option ("fd") for streams (#4179) This commit adds a `fd` option to `StandardInput=`, `StandardOutput=` and `StandardError=` properties in order to connect standard streams to externally named descriptors provided by some socket units. This option looks for a file descriptor named as the corresponding stream. Custom names can be specified, separated by a colon. If multiple name-matches exist, the first matching fd will be used.
2016-10-18 02:05:49 +02:00
return 0;
}
core: add two new unit file settings: StandardInputData= + StandardInputText= Both permit configuring data to pass through STDIN to an invoked process. StandardInputText= accepts a line of text (possibly with embedded C-style escapes as well as unit specifiers), which is appended to the buffer to pass as stdin, followed by a single newline. StandardInputData= is similar, but accepts arbitrary base64 encoded data, and will not resolve specifiers or C-style escapes, nor append newlines. This may be used to pass input/configuration data to services, directly in-line from unit files, either in a cooked or in a more raw format.
2017-10-27 11:33:05 +02:00
r = cunescape(rvalue, 0, &unescaped);
core: add support for StandardInputFile= and friends These new settings permit specifiying arbitrary paths as stdin/stdout/stderr locations. We try to open/create them as necessary. Some special magic is applied: 1) if the same path is specified for both input and output/stderr, we'll open it only once O_RDWR, and duplicate them fd instead. 2) If we an AF_UNIX socket path is specified, we'll connect() to it, rather than open() it. This allows invoking systemd services with stdin/stdout/stderr connected to arbitrary foreign service sockets. Fixes: #3991
2017-10-27 16:09:57 +02:00
if (r < 0)
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to decode C escaped text '%s': %m", rvalue);
core: add two new unit file settings: StandardInputData= + StandardInputText= Both permit configuring data to pass through STDIN to an invoked process. StandardInputText= accepts a line of text (possibly with embedded C-style escapes as well as unit specifiers), which is appended to the buffer to pass as stdin, followed by a single newline. StandardInputData= is similar, but accepts arbitrary base64 encoded data, and will not resolve specifiers or C-style escapes, nor append newlines. This may be used to pass input/configuration data to services, directly in-line from unit files, either in a cooked or in a more raw format.
2017-10-27 11:33:05 +02:00
r = unit_full_printf(u, unescaped, &resolved);
core: add support for StandardInputFile= and friends These new settings permit specifiying arbitrary paths as stdin/stdout/stderr locations. We try to open/create them as necessary. Some special magic is applied: 1) if the same path is specified for both input and output/stderr, we'll open it only once O_RDWR, and duplicate them fd instead. 2) If we an AF_UNIX socket path is specified, we'll connect() to it, rather than open() it. This allows invoking systemd services with stdin/stdout/stderr connected to arbitrary foreign service sockets. Fixes: #3991
2017-10-27 16:09:57 +02:00
if (r < 0)
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s': %m", unescaped);
core: add two new unit file settings: StandardInputData= + StandardInputText= Both permit configuring data to pass through STDIN to an invoked process. StandardInputText= accepts a line of text (possibly with embedded C-style escapes as well as unit specifiers), which is appended to the buffer to pass as stdin, followed by a single newline. StandardInputData= is similar, but accepts arbitrary base64 encoded data, and will not resolve specifiers or C-style escapes, nor append newlines. This may be used to pass input/configuration data to services, directly in-line from unit files, either in a cooked or in a more raw format.
2017-10-27 11:33:05 +02:00
sz = strlen(resolved);
if (c->stdin_data_size + sz + 1 < c->stdin_data_size || /* check for overflow */
c->stdin_data_size + sz + 1 > EXEC_STDIN_DATA_MAX) {
core: add support for StandardInputFile= and friends These new settings permit specifiying arbitrary paths as stdin/stdout/stderr locations. We try to open/create them as necessary. Some special magic is applied: 1) if the same path is specified for both input and output/stderr, we'll open it only once O_RDWR, and duplicate them fd instead. 2) If we an AF_UNIX socket path is specified, we'll connect() to it, rather than open() it. This allows invoking systemd services with stdin/stdout/stderr connected to arbitrary foreign service sockets. Fixes: #3991
2017-10-27 16:09:57 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Standard input data too large (%zu), maximum of %zu permitted, ignoring.", c->stdin_data_size + sz, (size_t) EXEC_STDIN_DATA_MAX);
return -E2BIG;
core: add two new unit file settings: StandardInputData= + StandardInputText= Both permit configuring data to pass through STDIN to an invoked process. StandardInputText= accepts a line of text (possibly with embedded C-style escapes as well as unit specifiers), which is appended to the buffer to pass as stdin, followed by a single newline. StandardInputData= is similar, but accepts arbitrary base64 encoded data, and will not resolve specifiers or C-style escapes, nor append newlines. This may be used to pass input/configuration data to services, directly in-line from unit files, either in a cooked or in a more raw format.
2017-10-27 11:33:05 +02:00
}
p = realloc(c->stdin_data, c->stdin_data_size + sz + 1);
if (!p)
return log_oom();
*((char*) mempcpy((char*) p + c->stdin_data_size, resolved, sz)) = '\n';
c->stdin_data = p;
c->stdin_data_size += sz + 1;
return 0;
core/exec: add a named-descriptor option ("fd") for streams (#4179) This commit adds a `fd` option to `StandardInput=`, `StandardOutput=` and `StandardError=` properties in order to connect standard streams to externally named descriptors provided by some socket units. This option looks for a file descriptor named as the corresponding stream. Custom names can be specified, separated by a colon. If multiple name-matches exist, the first matching fd will be used.
2016-10-18 02:05:49 +02:00
}
core: add two new unit file settings: StandardInputData= + StandardInputText= Both permit configuring data to pass through STDIN to an invoked process. StandardInputText= accepts a line of text (possibly with embedded C-style escapes as well as unit specifiers), which is appended to the buffer to pass as stdin, followed by a single newline. StandardInputData= is similar, but accepts arbitrary base64 encoded data, and will not resolve specifiers or C-style escapes, nor append newlines. This may be used to pass input/configuration data to services, directly in-line from unit files, either in a cooked or in a more raw format.
2017-10-27 11:33:05 +02:00
int config_parse_exec_input_data(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
_cleanup_free_ void *p = NULL;
ExecContext *c = data;
size_t sz;
void *q;
int r;
assert(data);
assert(filename);
assert(line);
assert(rvalue);
if (isempty(rvalue)) {
/* Reset if the empty string is assigned */
c->stdin_data = mfree(c->stdin_data);
c->stdin_data_size = 0;
return 0;
}
util-lib,tests: rework unbase64 so that we skip over whitespace automatically (#7522) Let's optimize things a bit, and instead of having to strip whitespace first before decoding base64, let's do that implicitly while doing so. Given that base64 was designed the way it was designed specifically to be tolerant to whitespace changes, it's a good idea to do this automatically and implicitly.
2017-12-03 20:57:24 +01:00
r = unbase64mem(rvalue, (size_t) -1, &p, &sz);
core: add support for StandardInputFile= and friends These new settings permit specifiying arbitrary paths as stdin/stdout/stderr locations. We try to open/create them as necessary. Some special magic is applied: 1) if the same path is specified for both input and output/stderr, we'll open it only once O_RDWR, and duplicate them fd instead. 2) If we an AF_UNIX socket path is specified, we'll connect() to it, rather than open() it. This allows invoking systemd services with stdin/stdout/stderr connected to arbitrary foreign service sockets. Fixes: #3991
2017-10-27 16:09:57 +02:00
if (r < 0)
util-lib,tests: rework unbase64 so that we skip over whitespace automatically (#7522) Let's optimize things a bit, and instead of having to strip whitespace first before decoding base64, let's do that implicitly while doing so. Given that base64 was designed the way it was designed specifically to be tolerant to whitespace changes, it's a good idea to do this automatically and implicitly.
2017-12-03 20:57:24 +01:00
return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to decode base64 data, ignoring: %s", rvalue);
core: add two new unit file settings: StandardInputData= + StandardInputText= Both permit configuring data to pass through STDIN to an invoked process. StandardInputText= accepts a line of text (possibly with embedded C-style escapes as well as unit specifiers), which is appended to the buffer to pass as stdin, followed by a single newline. StandardInputData= is similar, but accepts arbitrary base64 encoded data, and will not resolve specifiers or C-style escapes, nor append newlines. This may be used to pass input/configuration data to services, directly in-line from unit files, either in a cooked or in a more raw format.
2017-10-27 11:33:05 +02:00
assert(sz > 0);
if (c->stdin_data_size + sz < c->stdin_data_size || /* check for overflow */
c->stdin_data_size + sz > EXEC_STDIN_DATA_MAX) {
core: add support for StandardInputFile= and friends These new settings permit specifiying arbitrary paths as stdin/stdout/stderr locations. We try to open/create them as necessary. Some special magic is applied: 1) if the same path is specified for both input and output/stderr, we'll open it only once O_RDWR, and duplicate them fd instead. 2) If we an AF_UNIX socket path is specified, we'll connect() to it, rather than open() it. This allows invoking systemd services with stdin/stdout/stderr connected to arbitrary foreign service sockets. Fixes: #3991
2017-10-27 16:09:57 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Standard input data too large (%zu), maximum of %zu permitted, ignoring.", c->stdin_data_size + sz, (size_t) EXEC_STDIN_DATA_MAX);
return -E2BIG;
core: add two new unit file settings: StandardInputData= + StandardInputText= Both permit configuring data to pass through STDIN to an invoked process. StandardInputText= accepts a line of text (possibly with embedded C-style escapes as well as unit specifiers), which is appended to the buffer to pass as stdin, followed by a single newline. StandardInputData= is similar, but accepts arbitrary base64 encoded data, and will not resolve specifiers or C-style escapes, nor append newlines. This may be used to pass input/configuration data to services, directly in-line from unit files, either in a cooked or in a more raw format.
2017-10-27 11:33:05 +02:00
}
q = realloc(c->stdin_data, c->stdin_data_size + sz);
if (!q)
return log_oom();
memcpy((uint8_t*) q + c->stdin_data_size, p, sz);
c->stdin_data = q;
c->stdin_data_size += sz;
return 0;
}
core: add support for StandardInputFile= and friends These new settings permit specifiying arbitrary paths as stdin/stdout/stderr locations. We try to open/create them as necessary. Some special magic is applied: 1) if the same path is specified for both input and output/stderr, we'll open it only once O_RDWR, and duplicate them fd instead. 2) If we an AF_UNIX socket path is specified, we'll connect() to it, rather than open() it. This allows invoking systemd services with stdin/stdout/stderr connected to arbitrary foreign service sockets. Fixes: #3991
2017-10-27 16:09:57 +02:00
int config_parse_exec_output(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
_cleanup_free_ char *resolved = NULL;
const char *n;
core/exec: add a named-descriptor option ("fd") for streams (#4179) This commit adds a `fd` option to `StandardInput=`, `StandardOutput=` and `StandardError=` properties in order to connect standard streams to externally named descriptors provided by some socket units. This option looks for a file descriptor named as the corresponding stream. Custom names can be specified, separated by a colon. If multiple name-matches exist, the first matching fd will be used.
2016-10-18 02:05:49 +02:00
ExecContext *c = data;
core: add support for StandardInputFile= and friends These new settings permit specifiying arbitrary paths as stdin/stdout/stderr locations. We try to open/create them as necessary. Some special magic is applied: 1) if the same path is specified for both input and output/stderr, we'll open it only once O_RDWR, and duplicate them fd instead. 2) If we an AF_UNIX socket path is specified, we'll connect() to it, rather than open() it. This allows invoking systemd services with stdin/stdout/stderr connected to arbitrary foreign service sockets. Fixes: #3991
2017-10-27 16:09:57 +02:00
Unit *u = userdata;
core/exec: add a named-descriptor option ("fd") for streams (#4179) This commit adds a `fd` option to `StandardInput=`, `StandardOutput=` and `StandardError=` properties in order to connect standard streams to externally named descriptors provided by some socket units. This option looks for a file descriptor named as the corresponding stream. Custom names can be specified, separated by a colon. If multiple name-matches exist, the first matching fd will be used.
2016-10-18 02:05:49 +02:00
ExecOutput eo;
int r;
assert(data);
assert(filename);
assert(line);
assert(lvalue);
assert(rvalue);
core: add support for StandardInputFile= and friends These new settings permit specifiying arbitrary paths as stdin/stdout/stderr locations. We try to open/create them as necessary. Some special magic is applied: 1) if the same path is specified for both input and output/stderr, we'll open it only once O_RDWR, and duplicate them fd instead. 2) If we an AF_UNIX socket path is specified, we'll connect() to it, rather than open() it. This allows invoking systemd services with stdin/stdout/stderr connected to arbitrary foreign service sockets. Fixes: #3991
2017-10-27 16:09:57 +02:00
n = startswith(rvalue, "fd:");
if (n) {
r = unit_full_printf(u, n, &resolved);
if (r < 0)
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", n);
core: add support for StandardInputFile= and friends These new settings permit specifiying arbitrary paths as stdin/stdout/stderr locations. We try to open/create them as necessary. Some special magic is applied: 1) if the same path is specified for both input and output/stderr, we'll open it only once O_RDWR, and duplicate them fd instead. 2) If we an AF_UNIX socket path is specified, we'll connect() to it, rather than open() it. This allows invoking systemd services with stdin/stdout/stderr connected to arbitrary foreign service sockets. Fixes: #3991
2017-10-27 16:09:57 +02:00
if (isempty(resolved))
resolved = mfree(resolved);
else if (!fdname_is_valid(resolved)) {
log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid file descriptor name: %s", resolved);
core: add a couple of more error cases that should result in "bad-setting" This changes a number of EINVAL cases to ENOEXEC, so that we enter "bad-setting" state if they fail.
2018-06-01 18:06:54 +02:00
return -ENOEXEC;
core/exec: add a named-descriptor option ("fd") for streams (#4179) This commit adds a `fd` option to `StandardInput=`, `StandardOutput=` and `StandardError=` properties in order to connect standard streams to externally named descriptors provided by some socket units. This option looks for a file descriptor named as the corresponding stream. Custom names can be specified, separated by a colon. If multiple name-matches exist, the first matching fd will be used.
2016-10-18 02:05:49 +02:00
}
core: add support for StandardInputFile= and friends These new settings permit specifiying arbitrary paths as stdin/stdout/stderr locations. We try to open/create them as necessary. Some special magic is applied: 1) if the same path is specified for both input and output/stderr, we'll open it only once O_RDWR, and duplicate them fd instead. 2) If we an AF_UNIX socket path is specified, we'll connect() to it, rather than open() it. This allows invoking systemd services with stdin/stdout/stderr connected to arbitrary foreign service sockets. Fixes: #3991
2017-10-27 16:09:57 +02:00
core/exec: add a named-descriptor option ("fd") for streams (#4179) This commit adds a `fd` option to `StandardInput=`, `StandardOutput=` and `StandardError=` properties in order to connect standard streams to externally named descriptors provided by some socket units. This option looks for a file descriptor named as the corresponding stream. Custom names can be specified, separated by a colon. If multiple name-matches exist, the first matching fd will be used.
2016-10-18 02:05:49 +02:00
eo = EXEC_OUTPUT_NAMED_FD;
core: add support for StandardInputFile= and friends These new settings permit specifiying arbitrary paths as stdin/stdout/stderr locations. We try to open/create them as necessary. Some special magic is applied: 1) if the same path is specified for both input and output/stderr, we'll open it only once O_RDWR, and duplicate them fd instead. 2) If we an AF_UNIX socket path is specified, we'll connect() to it, rather than open() it. This allows invoking systemd services with stdin/stdout/stderr connected to arbitrary foreign service sockets. Fixes: #3991
2017-10-27 16:09:57 +02:00
} else if ((n = startswith(rvalue, "file:"))) {
r = unit_full_printf(u, n, &resolved);
if (r < 0)
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", n);
core: add support for StandardInputFile= and friends These new settings permit specifiying arbitrary paths as stdin/stdout/stderr locations. We try to open/create them as necessary. Some special magic is applied: 1) if the same path is specified for both input and output/stderr, we'll open it only once O_RDWR, and duplicate them fd instead. 2) If we an AF_UNIX socket path is specified, we'll connect() to it, rather than open() it. This allows invoking systemd services with stdin/stdout/stderr connected to arbitrary foreign service sockets. Fixes: #3991
2017-10-27 16:09:57 +02:00
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
if (r < 0)
core: add a couple of more error cases that should result in "bad-setting" This changes a number of EINVAL cases to ENOEXEC, so that we enter "bad-setting" state if they fail.
2018-06-01 18:06:54 +02:00
return -ENOEXEC;
core: add support for StandardInputFile= and friends These new settings permit specifiying arbitrary paths as stdin/stdout/stderr locations. We try to open/create them as necessary. Some special magic is applied: 1) if the same path is specified for both input and output/stderr, we'll open it only once O_RDWR, and duplicate them fd instead. 2) If we an AF_UNIX socket path is specified, we'll connect() to it, rather than open() it. This allows invoking systemd services with stdin/stdout/stderr connected to arbitrary foreign service sockets. Fixes: #3991
2017-10-27 16:09:57 +02:00
eo = EXEC_OUTPUT_FILE;
Add support for opening files for appending Addresses part of #8983
2018-07-03 21:22:29 +02:00
} else if ((n = startswith(rvalue, "append:"))) {
r = unit_full_printf(u, n, &resolved);
if (r < 0)
return log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", n);
r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE | PATH_CHECK_FATAL, unit, filename, line, lvalue);
if (r < 0)
return -ENOEXEC;
eo = EXEC_OUTPUT_FILE_APPEND;
core/exec: add a named-descriptor option ("fd") for streams (#4179) This commit adds a `fd` option to `StandardInput=`, `StandardOutput=` and `StandardError=` properties in order to connect standard streams to externally named descriptors provided by some socket units. This option looks for a file descriptor named as the corresponding stream. Custom names can be specified, separated by a colon. If multiple name-matches exist, the first matching fd will be used.
2016-10-18 02:05:49 +02:00
} else {
eo = exec_output_from_string(rvalue);
core: add support for StandardInputFile= and friends These new settings permit specifiying arbitrary paths as stdin/stdout/stderr locations. We try to open/create them as necessary. Some special magic is applied: 1) if the same path is specified for both input and output/stderr, we'll open it only once O_RDWR, and duplicate them fd instead. 2) If we an AF_UNIX socket path is specified, we'll connect() to it, rather than open() it. This allows invoking systemd services with stdin/stdout/stderr connected to arbitrary foreign service sockets. Fixes: #3991
2017-10-27 16:09:57 +02:00
if (eo < 0) {
core/exec: add a named-descriptor option ("fd") for streams (#4179) This commit adds a `fd` option to `StandardInput=`, `StandardOutput=` and `StandardError=` properties in order to connect standard streams to externally named descriptors provided by some socket units. This option looks for a file descriptor named as the corresponding stream. Custom names can be specified, separated by a colon. If multiple name-matches exist, the first matching fd will be used.
2016-10-18 02:05:49 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse output specifier, ignoring: %s", rvalue);
return 0;
}
}
if (streq(lvalue, "StandardOutput")) {
core: add support for StandardInputFile= and friends These new settings permit specifiying arbitrary paths as stdin/stdout/stderr locations. We try to open/create them as necessary. Some special magic is applied: 1) if the same path is specified for both input and output/stderr, we'll open it only once O_RDWR, and duplicate them fd instead. 2) If we an AF_UNIX socket path is specified, we'll connect() to it, rather than open() it. This allows invoking systemd services with stdin/stdout/stderr connected to arbitrary foreign service sockets. Fixes: #3991
2017-10-27 16:09:57 +02:00
if (eo == EXEC_OUTPUT_NAMED_FD)
free_and_replace(c->stdio_fdname[STDOUT_FILENO], resolved);
else
free_and_replace(c->stdio_file[STDOUT_FILENO], resolved);
core/exec: add a named-descriptor option ("fd") for streams (#4179) This commit adds a `fd` option to `StandardInput=`, `StandardOutput=` and `StandardError=` properties in order to connect standard streams to externally named descriptors provided by some socket units. This option looks for a file descriptor named as the corresponding stream. Custom names can be specified, separated by a colon. If multiple name-matches exist, the first matching fd will be used.
2016-10-18 02:05:49 +02:00
c->std_output = eo;
core: add support for StandardInputFile= and friends These new settings permit specifiying arbitrary paths as stdin/stdout/stderr locations. We try to open/create them as necessary. Some special magic is applied: 1) if the same path is specified for both input and output/stderr, we'll open it only once O_RDWR, and duplicate them fd instead. 2) If we an AF_UNIX socket path is specified, we'll connect() to it, rather than open() it. This allows invoking systemd services with stdin/stdout/stderr connected to arbitrary foreign service sockets. Fixes: #3991
2017-10-27 16:09:57 +02:00
core/exec: add a named-descriptor option ("fd") for streams (#4179) This commit adds a `fd` option to `StandardInput=`, `StandardOutput=` and `StandardError=` properties in order to connect standard streams to externally named descriptors provided by some socket units. This option looks for a file descriptor named as the corresponding stream. Custom names can be specified, separated by a colon. If multiple name-matches exist, the first matching fd will be used.
2016-10-18 02:05:49 +02:00
} else {
core: add support for StandardInputFile= and friends These new settings permit specifiying arbitrary paths as stdin/stdout/stderr locations. We try to open/create them as necessary. Some special magic is applied: 1) if the same path is specified for both input and output/stderr, we'll open it only once O_RDWR, and duplicate them fd instead. 2) If we an AF_UNIX socket path is specified, we'll connect() to it, rather than open() it. This allows invoking systemd services with stdin/stdout/stderr connected to arbitrary foreign service sockets. Fixes: #3991
2017-10-27 16:09:57 +02:00
assert(streq(lvalue, "StandardError"));
if (eo == EXEC_OUTPUT_NAMED_FD)
free_and_replace(c->stdio_fdname[STDERR_FILENO], resolved);
else
free_and_replace(c->stdio_file[STDERR_FILENO], resolved);
c->std_error = eo;
core/exec: add a named-descriptor option ("fd") for streams (#4179) This commit adds a `fd` option to `StandardInput=`, `StandardOutput=` and `StandardError=` properties in order to connect standard streams to externally named descriptors provided by some socket units. This option looks for a file descriptor named as the corresponding stream. Custom names can be specified, separated by a colon. If multiple name-matches exist, the first matching fd will be used.
2016-10-18 02:05:49 +02:00
}
core: add support for StandardInputFile= and friends These new settings permit specifiying arbitrary paths as stdin/stdout/stderr locations. We try to open/create them as necessary. Some special magic is applied: 1) if the same path is specified for both input and output/stderr, we'll open it only once O_RDWR, and duplicate them fd instead. 2) If we an AF_UNIX socket path is specified, we'll connect() to it, rather than open() it. This allows invoking systemd services with stdin/stdout/stderr connected to arbitrary foreign service sockets. Fixes: #3991
2017-10-27 16:09:57 +02:00
return 0;
core/exec: add a named-descriptor option ("fd") for streams (#4179) This commit adds a `fd` option to `StandardInput=`, `StandardOutput=` and `StandardError=` properties in order to connect standard streams to externally named descriptors provided by some socket units. This option looks for a file descriptor named as the corresponding stream. Custom names can be specified, separated by a colon. If multiple name-matches exist, the first matching fd will be used.
2016-10-18 02:05:49 +02:00
}
s/name/unit
2010-01-26 21:39:06 +01:00
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
int config_parse_exec_io_class(const char *unit,
const char *filename,
unsigned line,
const char *section,
conf-parser: distinguish between multiple sections with the same name Pass on the line on which a section was decleared to the parsers, so they can distinguish between multiple sections (if they chose to). Currently no parsers take advantage of this, but a follow-up patch will do that to distinguish [Address] Address=192.168.0.1/24 Label=one [Address] Address=192.168.0.2/24 Label=two from [Address] Address=192.168.0.1/24 Label=one Address=192.168.0.2/24 Label=two
2013-11-19 16:17:55 +01:00
unsigned section_line,
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
greatly extend what we enforce as process properties
2010-01-30 01:55:42 +01:00
ExecContext *c = data;
int x;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
load-fragment: make IOScheduling{Class,Priority}= accept the empty string
2018-05-25 04:25:43 +02:00
if (isempty(rvalue)) {
c->ioprio_set = false;
c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
return 0;
}
shared, core: do not always accept numbers in string lookups The behaviour of the common name##_from_string conversion is surprising. It accepts not only the strings from name##_table but also any number that falls within the range of the table. The order of items in most of our tables is an internal affair. It should not be visible to the user. I know of a case where the surprising numeric conversion leads to a crash. We will allow the direct numeric conversion only for the tables where the mapping of strings to numeric values has an external meaning. This holds for the following lookup tables: - netlink_family, ioprio_class, ip_tos, sched_policy - their numeric values are stable as they are defined by the Linux kernel interface. - log_level, log_facility_unshifted - the well-known syslog interface. We allow the user to use numeric values whose string names systemd does not know. For instance, the user may want to test a new kernel featuring a scheduling policy that did not exist when his systemd version was released. A slightly unpleasant effect of this is that the name##_to_string conversion cannot return pointers to constant strings anymore. The strings have to be allocated on demand and freed by the caller.
2012-10-30 14:29:38 +01:00
x = ioprio_class_from_string(rvalue);
if (x < 0) {
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse IO scheduling class, ignoring: %s", rvalue);
load-fragment: make parser more forgiving
2010-08-17 03:30:53 +02:00
return 0;
load-fragment: simplify fragment loading code by using macros
2010-04-13 02:22:41 +02:00
}
greatly extend what we enforce as process properties
2010-01-30 01:55:42 +01:00
c->ioprio = IOPRIO_PRIO_VALUE(x, IOPRIO_PRIO_DATA(c->ioprio));
c->ioprio_set = true;
return 0;
}
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
int config_parse_exec_io_priority(const char *unit,
const char *filename,
unsigned line,
const char *section,
conf-parser: distinguish between multiple sections with the same name Pass on the line on which a section was decleared to the parsers, so they can distinguish between multiple sections (if they chose to). Currently no parsers take advantage of this, but a follow-up patch will do that to distinguish [Address] Address=192.168.0.1/24 Label=one [Address] Address=192.168.0.2/24 Label=two from [Address] Address=192.168.0.1/24 Label=one Address=192.168.0.2/24 Label=two
2013-11-19 16:17:55 +01:00
unsigned section_line,
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
greatly extend what we enforce as process properties
2010-01-30 01:55:42 +01:00
ExecContext *c = data;
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
int i, r;
greatly extend what we enforce as process properties
2010-01-30 01:55:42 +01:00
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
load-fragment: make IOScheduling{Class,Priority}= accept the empty string
2018-05-25 04:25:43 +02:00
if (isempty(rvalue)) {
c->ioprio_set = false;
c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
return 0;
}
core: make IOSchedulingClass= and IOSchedulingPriority= settable for transient units This patch is a bit more complex thant I hoped. In particular the single IOScheduling= property exposed on the bus is split up into IOSchedulingClass= and IOSchedulingPriority= (though compat is retained). Otherwise the asymmetry between setting props and getting them is a bit too nasty. Fixes #5613
2017-06-26 17:40:08 +02:00
r = ioprio_parse_priority(rvalue, &i);
if (r < 0) {
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse IO priority, ignoring: %s", rvalue);
load-fragment: make parser more forgiving
2010-08-17 03:30:53 +02:00
return 0;
implement proper logging for services
2010-01-28 02:06:20 +01:00
}
greatly extend what we enforce as process properties
2010-01-30 01:55:42 +01:00
c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_PRIO_CLASS(c->ioprio), i);
c->ioprio_set = true;
implement proper logging for services
2010-01-28 02:06:20 +01:00
return 0;
}
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
int config_parse_exec_cpu_sched_policy(const char *unit,
const char *filename,
unsigned line,
const char *section,
conf-parser: distinguish between multiple sections with the same name Pass on the line on which a section was decleared to the parsers, so they can distinguish between multiple sections (if they chose to). Currently no parsers take advantage of this, but a follow-up patch will do that to distinguish [Address] Address=192.168.0.1/24 Label=one [Address] Address=192.168.0.2/24 Label=two from [Address] Address=192.168.0.1/24 Label=one Address=192.168.0.2/24 Label=two
2013-11-19 16:17:55 +01:00
unsigned section_line,
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
support chrooting/setting of ioprio when spawning
2010-01-29 20:46:22 +01:00
greatly extend what we enforce as process properties
2010-01-30 01:55:42 +01:00
ExecContext *c = data;
int x;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
load-fragment: make CPUSchedulingPolicy= accept the empty string
2018-05-25 04:36:10 +02:00
if (isempty(rvalue)) {
c->cpu_sched_set = false;
c->cpu_sched_policy = SCHED_OTHER;
c->cpu_sched_priority = 0;
return 0;
}
shared, core: do not always accept numbers in string lookups The behaviour of the common name##_from_string conversion is surprising. It accepts not only the strings from name##_table but also any number that falls within the range of the table. The order of items in most of our tables is an internal affair. It should not be visible to the user. I know of a case where the surprising numeric conversion leads to a crash. We will allow the direct numeric conversion only for the tables where the mapping of strings to numeric values has an external meaning. This holds for the following lookup tables: - netlink_family, ioprio_class, ip_tos, sched_policy - their numeric values are stable as they are defined by the Linux kernel interface. - log_level, log_facility_unshifted - the well-known syslog interface. We allow the user to use numeric values whose string names systemd does not know. For instance, the user may want to test a new kernel featuring a scheduling policy that did not exist when his systemd version was released. A slightly unpleasant effect of this is that the name##_to_string conversion cannot return pointers to constant strings anymore. The strings have to be allocated on demand and freed by the caller.
2012-10-30 14:29:38 +01:00
x = sched_policy_from_string(rvalue);
if (x < 0) {
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse CPU scheduling policy, ignoring: %s", rvalue);
load-fragment: make parser more forgiving
2010-08-17 03:30:53 +02:00
return 0;
load-fragment: simplify fragment loading code by using macros
2010-04-13 02:22:41 +02:00
}
greatly extend what we enforce as process properties
2010-01-30 01:55:42 +01:00
c->cpu_sched_policy = x;
sched: Only setting CPUSchedulingPriority=rr doesn't work A service that only sets the scheduling policy to round-robin fails to be started. This is because the cpu_sched_priority is initialized to 0 and is not adjusted when the policy is changed. Clamp the cpu_sched_priority when the scheduler policy is set. Use the current policy to validate the new priority. Change the manual page to state that the given range only applies to the real-time scheduling policies. Add a testcase that verifies this change: $ make test-sched-prio; ./test-sched-prio [test/sched_idle_bad.service:6] CPU scheduling priority is out of range, ignoring: 1 [test/sched_rr_bad.service:7] CPU scheduling priority is out of range, ignoring: 0 [test/sched_rr_bad.service:8] CPU scheduling priority is out of range, ignoring: 100
2012-11-01 18:48:11 +01:00
/* Moving to or from real-time policy? We need to adjust the priority */
c->cpu_sched_priority = CLAMP(c->cpu_sched_priority, sched_get_priority_min(x), sched_get_priority_max(x));
greatly extend what we enforce as process properties
2010-01-30 01:55:42 +01:00
c->cpu_sched_set = true;
return 0;
}
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
int config_parse_exec_cpu_sched_prio(const char *unit,
const char *filename,
unsigned line,
const char *section,
conf-parser: distinguish between multiple sections with the same name Pass on the line on which a section was decleared to the parsers, so they can distinguish between multiple sections (if they chose to). Currently no parsers take advantage of this, but a follow-up patch will do that to distinguish [Address] Address=192.168.0.1/24 Label=one [Address] Address=192.168.0.2/24 Label=two from [Address] Address=192.168.0.1/24 Label=one Address=192.168.0.2/24 Label=two
2013-11-19 16:17:55 +01:00
unsigned section_line,
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
support chrooting/setting of ioprio when spawning
2010-01-29 20:46:22 +01:00
ExecContext *c = data;
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
int i, min, max, r;
support chrooting/setting of ioprio when spawning
2010-01-29 20:46:22 +01:00
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
r = safe_atoi(rvalue, &i);
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse CPU scheduling priority, ignoring: %s", rvalue);
load-fragment: make parser more forgiving
2010-08-17 03:30:53 +02:00
return 0;
greatly extend what we enforce as process properties
2010-01-30 01:55:42 +01:00
}
support chrooting/setting of ioprio when spawning
2010-01-29 20:46:22 +01:00
sched: Only setting CPUSchedulingPriority=rr doesn't work A service that only sets the scheduling policy to round-robin fails to be started. This is because the cpu_sched_priority is initialized to 0 and is not adjusted when the policy is changed. Clamp the cpu_sched_priority when the scheduler policy is set. Use the current policy to validate the new priority. Change the manual page to state that the given range only applies to the real-time scheduling policies. Add a testcase that verifies this change: $ make test-sched-prio; ./test-sched-prio [test/sched_idle_bad.service:6] CPU scheduling priority is out of range, ignoring: 1 [test/sched_rr_bad.service:7] CPU scheduling priority is out of range, ignoring: 0 [test/sched_rr_bad.service:8] CPU scheduling priority is out of range, ignoring: 100
2012-11-01 18:48:11 +01:00
/* On Linux RR/FIFO range from 1 to 99 and OTHER/BATCH may only be 0 */
min = sched_get_priority_min(c->cpu_sched_policy);
max = sched_get_priority_max(c->cpu_sched_policy);
if (i < min || i > max) {
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "CPU scheduling priority is out of range, ignoring: %s", rvalue);
sched: Only setting CPUSchedulingPriority=rr doesn't work A service that only sets the scheduling policy to round-robin fails to be started. This is because the cpu_sched_priority is initialized to 0 and is not adjusted when the policy is changed. Clamp the cpu_sched_priority when the scheduler policy is set. Use the current policy to validate the new priority. Change the manual page to state that the given range only applies to the real-time scheduling policies. Add a testcase that verifies this change: $ make test-sched-prio; ./test-sched-prio [test/sched_idle_bad.service:6] CPU scheduling priority is out of range, ignoring: 1 [test/sched_rr_bad.service:7] CPU scheduling priority is out of range, ignoring: 0 [test/sched_rr_bad.service:8] CPU scheduling priority is out of range, ignoring: 100
2012-11-01 18:48:11 +01:00
return 0;
}
greatly extend what we enforce as process properties
2010-01-30 01:55:42 +01:00
c->cpu_sched_priority = i;
c->cpu_sched_set = true;
return 0;
}
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
int config_parse_exec_cpu_affinity(const char *unit,
const char *filename,
unsigned line,
const char *section,
conf-parser: distinguish between multiple sections with the same name Pass on the line on which a section was decleared to the parsers, so they can distinguish between multiple sections (if they chose to). Currently no parsers take advantage of this, but a follow-up patch will do that to distinguish [Address] Address=192.168.0.1/24 Label=one [Address] Address=192.168.0.2/24 Label=two from [Address] Address=192.168.0.1/24 Label=one Address=192.168.0.2/24 Label=two
2013-11-19 16:17:55 +01:00
unsigned section_line,
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
greatly extend what we enforce as process properties
2010-01-30 01:55:42 +01:00
ExecContext *c = data;
load-fragment: Use parse_cpu_set in CPUAffinity support Tested with a dummy service running 'sleep', modifying its CPUAffinity, restarting the service and checking the ^Cpus_allowed entries in the /proc/PID/status file.
2015-09-25 04:25:20 +02:00
_cleanup_cpu_free_ cpu_set_t *cpuset = NULL;
int ncpus;
greatly extend what we enforce as process properties
2010-01-30 01:55:42 +01:00
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
util: rename parse_cpu_set() to parse_cpu_set_and_warn() It's pretty untypical for our parsing functions to log on their own. Clarify in the name that this one does.
2015-09-30 20:16:51 +02:00
ncpus = parse_cpu_set_and_warn(rvalue, &cpuset, unit, filename, line, lvalue);
load-fragment: Use parse_cpu_set in CPUAffinity support Tested with a dummy service running 'sleep', modifying its CPUAffinity, restarting the service and checking the ^Cpus_allowed entries in the /proc/PID/status file.
2015-09-25 04:25:20 +02:00
if (ncpus < 0)
return ncpus;
main: implement manager configuration file
2010-07-07 01:10:27 +02:00
core: merge multiple CPUAffinity= settings
2017-11-30 15:16:58 +01:00
if (ncpus == 0) {
load-fragment: Use parse_cpu_set in CPUAffinity support Tested with a dummy service running 'sleep', modifying its CPUAffinity, restarting the service and checking the ^Cpus_allowed entries in the /proc/PID/status file.
2015-09-25 04:25:20 +02:00
/* An empty assignment resets the CPU list */
core: merge multiple CPUAffinity= settings
2017-11-30 15:16:58 +01:00
c->cpuset = cpu_set_mfree(c->cpuset);
c->cpuset_ncpus = 0;
return 0;
}
if (!c->cpuset) {
macro: introduce TAKE_PTR() macro This macro will read a pointer of any type, return it, and set the pointer to NULL. This is useful as an explicit concept of passing ownership of a memory area between pointers. This takes inspiration from Rust: https://doc.rust-lang.org/std/option/enum.Option.html#method.take and was suggested by Alan Jenkins (@sourcejedi). It drops ~160 lines of code from our codebase, which makes me like it. Also, I think it clarifies passing of ownership, and thus helps readability a bit (at least for the initiated who know the new macro)
2018-03-22 16:53:26 +01:00
c->cpuset = TAKE_PTR(cpuset);
core: merge multiple CPUAffinity= settings
2017-11-30 15:16:58 +01:00
c->cpuset_ncpus = (unsigned) ncpus;
return 0;
}
if (c->cpuset_ncpus < (unsigned) ncpus) {
CPU_OR_S(CPU_ALLOC_SIZE(c->cpuset_ncpus), cpuset, c->cpuset, cpuset);
CPU_FREE(c->cpuset);
macro: introduce TAKE_PTR() macro This macro will read a pointer of any type, return it, and set the pointer to NULL. This is useful as an explicit concept of passing ownership of a memory area between pointers. This takes inspiration from Rust: https://doc.rust-lang.org/std/option/enum.Option.html#method.take and was suggested by Alan Jenkins (@sourcejedi). It drops ~160 lines of code from our codebase, which makes me like it. Also, I think it clarifies passing of ownership, and thus helps readability a bit (at least for the initiated who know the new macro)
2018-03-22 16:53:26 +01:00
c->cpuset = TAKE_PTR(cpuset);
core: merge multiple CPUAffinity= settings
2017-11-30 15:16:58 +01:00
c->cpuset_ncpus = (unsigned) ncpus;
return 0;
support chrooting/setting of ioprio when spawning
2010-01-29 20:46:22 +01:00
}
core: merge multiple CPUAffinity= settings
2017-11-30 15:16:58 +01:00
CPU_OR_S(CPU_ALLOC_SIZE((unsigned) ncpus), c->cpuset, c->cpuset, cpuset);
support chrooting/setting of ioprio when spawning
2010-01-29 20:46:22 +01:00
greatly extend what we enforce as process properties
2010-01-30 01:55:42 +01:00
return 0;
}
capabilities: keep bounding set in non-inverted format. Change the capability bounding set parser and logic so that the bounding set is kept as a positive set internally. This means that the set reflects those capabilities that we want to keep instead of drop.
2016-01-07 23:00:04 +01:00
int config_parse_capability_set(
core: simplify parsing of capability bounding set settings Let's generate a simple error, and that's it. Let's not try to be smart and record the last word that failed. Also, let's make sure we don't compare numeric values with 0 by relying on C's downgrade-to-bool feature, as suggested in CODING_STYLE.
2015-11-10 16:08:03 +01:00
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
greatly extend what we enforce as process properties
2010-01-30 01:55:42 +01:00
capabilities: keep bounding set in non-inverted format. Change the capability bounding set parser and logic so that the bounding set is kept as a positive set internally. This means that the set reflects those capabilities that we want to keep instead of drop.
2016-01-07 23:00:04 +01:00
uint64_t *capability_set = data;
uint64_t sum = 0, initial = 0;
exec: properly apply capability bounding set, add inverted bounding sets
2011-03-18 03:13:15 +01:00
bool invert = false;
cap-list: add capability_set_{from_string,to_string_alloc}()
2017-08-07 16:25:11 +02:00
int r;
greatly extend what we enforce as process properties
2010-01-30 01:55:42 +01:00
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
exec: properly apply capability bounding set, add inverted bounding sets
2011-03-18 03:13:15 +01:00
if (rvalue[0] == '~') {
invert = true;
rvalue++;
}
core: replace strcmp() == 0 with streq()
2017-08-01 01:55:15 +02:00
if (streq(lvalue, "CapabilityBoundingSet"))
capabilities: keep bounding set in non-inverted format. Change the capability bounding set parser and logic so that the bounding set is kept as a positive set internally. This means that the set reflects those capabilities that we want to keep instead of drop.
2016-01-07 23:00:04 +01:00
initial = CAP_ALL; /* initialized to all bits on */
capabilities: added support for ambient capabilities. This patch adds support for ambient capabilities in service files. The idea with ambient capabilities is that the execed processes can run with non-root user and get some inherited capabilities, without having any need to add the capabilities to the executable file. You need at least Linux 4.3 to use ambient capabilities. SecureBit keep-caps is automatically added when you use ambient capabilities and wish to change the user. An example system service file might look like this: [Unit] Description=Service for testing caps [Service] ExecStart=/usr/bin/sleep 10000 User=nobody AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW After starting the service it has these capabilities: CapInh: 0000000000003000 CapPrm: 0000000000003000 CapEff: 0000000000003000 CapBnd: 0000003fffffffff CapAmb: 0000000000003000
2015-12-31 13:54:44 +01:00
/* else "AmbientCapabilities" initialized to all bits off */
exec: properly apply capability bounding set, add inverted bounding sets
2011-03-18 03:13:15 +01:00
cap-list: add capability_set_{from_string,to_string_alloc}()
2017-08-07 16:25:11 +02:00
r = capability_set_from_string(rvalue, &sum);
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s= specifier '%s', ignoring: %m", lvalue, rvalue);
cap-list: add capability_set_{from_string,to_string_alloc}()
2017-08-07 16:25:11 +02:00
return 0;
greatly extend what we enforce as process properties
2010-01-30 01:55:42 +01:00
}
support chrooting/setting of ioprio when spawning
2010-01-29 20:46:22 +01:00
capabilities: keep bounding set in non-inverted format. Change the capability bounding set parser and logic so that the bounding set is kept as a positive set internally. This means that the set reflects those capabilities that we want to keep instead of drop.
2016-01-07 23:00:04 +01:00
if (sum == 0 || *capability_set == initial)
core: merge the second CapabilityBoundingSet= lines by AND when it is prefixed with tilde (#6724) If a unit file contains multiple CapabilityBoundingSet= or AmbientCapabilities= lines, e.g., === CapabilityBoundingSet=CAP_A CAP_B CapabilityBoundingSet=~CAP_B CAP_C === before this commit, it results all capabilities except CAP_C are set to CapabilityBoundingSet=, as each lines are always merged by OR. This commit makes lines prefixed with ~ are merged by AND. So, for the above example only CAP_A is set. This makes easier to drop capabilities with drop-in config files.
2017-09-04 05:12:27 +02:00
/* "", "~" or uninitialized data -> replace */
*capability_set = invert ? ~sum : sum;
else {
capabilities: keep bounding set in non-inverted format. Change the capability bounding set parser and logic so that the bounding set is kept as a positive set internally. This means that the set reflects those capabilities that we want to keep instead of drop.
2016-01-07 23:00:04 +01:00
/* previous data -> merge */
core: merge the second CapabilityBoundingSet= lines by AND when it is prefixed with tilde (#6724) If a unit file contains multiple CapabilityBoundingSet= or AmbientCapabilities= lines, e.g., === CapabilityBoundingSet=CAP_A CAP_B CapabilityBoundingSet=~CAP_B CAP_C === before this commit, it results all capabilities except CAP_C are set to CapabilityBoundingSet=, as each lines are always merged by OR. This commit makes lines prefixed with ~ are merged by AND. So, for the above example only CAP_A is set. This makes easier to drop capabilities with drop-in config files.
2017-09-04 05:12:27 +02:00
if (invert)
*capability_set &= ~sum;
else
*capability_set |= sum;
}
exec: properly apply capability bounding set, add inverted bounding sets
2011-03-18 03:13:15 +01:00
support chrooting/setting of ioprio when spawning
2010-01-29 20:46:22 +01:00
return 0;
}
core: store and expose SELinuxContext field normalized as bool + string
2014-02-17 16:52:52 +01:00
int config_parse_exec_selinux_context(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
ExecContext *c = data;
Unit *u = userdata;
bool ignore;
char *k;
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
if (isempty(rvalue)) {
tree-wide: use coccinelle to patch a lot of code to use mfree() This replaces this: free(p); p = NULL; by this: p = mfree(p); Change generated using coccinelle. Semantic patch is added to the sources.
2015-09-08 18:43:11 +02:00
c->selinux_context = mfree(c->selinux_context);
core: store and expose SELinuxContext field normalized as bool + string
2014-02-17 16:52:52 +01:00
c->selinux_context_ignore = false;
return 0;
}
if (rvalue[0] == '-') {
ignore = true;
rvalue++;
} else
ignore = false;
core: use unit_full_printf() at a couple of locations we used unit_name_printf() before For settings that are not taking unit names there's no reason to use unit_name_printf(). Use unit_full_printf() instead, as the names are validated anyway in one form or another after expansion.
2016-12-05 19:25:44 +01:00
r = unit_full_printf(u, rvalue, &k);
core: store and expose SELinuxContext field normalized as bool + string
2014-02-17 16:52:52 +01:00
if (r < 0) {
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
log_syntax(unit, LOG_ERR, filename, line, r,
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
"Failed to resolve unit specifiers in '%s'%s: %m",
rvalue, ignore ? ", ignoring" : "");
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
return ignore ? 0 : -ENOEXEC;
core: store and expose SELinuxContext field normalized as bool + string
2014-02-17 16:52:52 +01:00
}
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
free_and_replace(c->selinux_context, k);
core: store and expose SELinuxContext field normalized as bool + string
2014-02-17 16:52:52 +01:00
c->selinux_context_ignore = ignore;
return 0;
}
core: Add AppArmor profile switching This permit to switch to a specific apparmor profile when starting a daemon. This will result in a non operation if apparmor is disabled. It also add a new build requirement on libapparmor for using this feature.
2014-02-20 16:19:44 +01:00
int config_parse_exec_apparmor_profile(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
ExecContext *c = data;
Unit *u = userdata;
bool ignore;
char *k;
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
if (isempty(rvalue)) {
tree-wide: use coccinelle to patch a lot of code to use mfree() This replaces this: free(p); p = NULL; by this: p = mfree(p); Change generated using coccinelle. Semantic patch is added to the sources.
2015-09-08 18:43:11 +02:00
c->apparmor_profile = mfree(c->apparmor_profile);
core: Add AppArmor profile switching This permit to switch to a specific apparmor profile when starting a daemon. This will result in a non operation if apparmor is disabled. It also add a new build requirement on libapparmor for using this feature.
2014-02-20 16:19:44 +01:00
c->apparmor_profile_ignore = false;
return 0;
}
if (rvalue[0] == '-') {
ignore = true;
rvalue++;
} else
ignore = false;
core: use unit_full_printf() at a couple of locations we used unit_name_printf() before For settings that are not taking unit names there's no reason to use unit_name_printf(). Use unit_full_printf() instead, as the names are validated anyway in one form or another after expansion.
2016-12-05 19:25:44 +01:00
r = unit_full_printf(u, rvalue, &k);
core: Add AppArmor profile switching This permit to switch to a specific apparmor profile when starting a daemon. This will result in a non operation if apparmor is disabled. It also add a new build requirement on libapparmor for using this feature.
2014-02-20 16:19:44 +01:00
if (r < 0) {
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
log_syntax(unit, LOG_ERR, filename, line, r,
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
"Failed to resolve unit specifiers in '%s'%s: %m",
rvalue, ignore ? ", ignoring" : "");
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
return ignore ? 0 : -ENOEXEC;
core: Add AppArmor profile switching This permit to switch to a specific apparmor profile when starting a daemon. This will result in a non operation if apparmor is disabled. It also add a new build requirement on libapparmor for using this feature.
2014-02-20 16:19:44 +01:00
}
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
free_and_replace(c->apparmor_profile, k);
core: Add AppArmor profile switching This permit to switch to a specific apparmor profile when starting a daemon. This will result in a non operation if apparmor is disabled. It also add a new build requirement on libapparmor for using this feature.
2014-02-20 16:19:44 +01:00
c->apparmor_profile_ignore = ignore;
return 0;
}
smack: introduce new SmackProcessLabel option In service file, if the file has some of special SMACK label in ExecStart= and systemd has no permission for the special SMACK label then permission error will occurred. To resolve this, systemd should be able to set its SMACK label to something accessible of ExecStart=. So introduce new SmackProcessLabel. If label is specified with SmackProcessLabel= then the child systemd will set its label to that. To successfully execute the ExecStart=, accessible label should be specified with SmackProcessLabel=. Additionally, by SMACK policy, if the file in ExecStart= has no SMACK64EXEC then the executed process will have given label by SmackProcessLabel=. But if the file has SMACK64EXEC then the SMACK64EXEC label will be overridden. [zj: reword man page]
2014-11-24 12:46:20 +01:00
int config_parse_exec_smack_process_label(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
ExecContext *c = data;
Unit *u = userdata;
bool ignore;
char *k;
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
if (isempty(rvalue)) {
tree-wide: use coccinelle to patch a lot of code to use mfree() This replaces this: free(p); p = NULL; by this: p = mfree(p); Change generated using coccinelle. Semantic patch is added to the sources.
2015-09-08 18:43:11 +02:00
c->smack_process_label = mfree(c->smack_process_label);
smack: introduce new SmackProcessLabel option In service file, if the file has some of special SMACK label in ExecStart= and systemd has no permission for the special SMACK label then permission error will occurred. To resolve this, systemd should be able to set its SMACK label to something accessible of ExecStart=. So introduce new SmackProcessLabel. If label is specified with SmackProcessLabel= then the child systemd will set its label to that. To successfully execute the ExecStart=, accessible label should be specified with SmackProcessLabel=. Additionally, by SMACK policy, if the file in ExecStart= has no SMACK64EXEC then the executed process will have given label by SmackProcessLabel=. But if the file has SMACK64EXEC then the SMACK64EXEC label will be overridden. [zj: reword man page]
2014-11-24 12:46:20 +01:00
c->smack_process_label_ignore = false;
return 0;
}
if (rvalue[0] == '-') {
ignore = true;
rvalue++;
} else
ignore = false;
core: use unit_full_printf() at a couple of locations we used unit_name_printf() before For settings that are not taking unit names there's no reason to use unit_name_printf(). Use unit_full_printf() instead, as the names are validated anyway in one form or another after expansion.
2016-12-05 19:25:44 +01:00
r = unit_full_printf(u, rvalue, &k);
smack: introduce new SmackProcessLabel option In service file, if the file has some of special SMACK label in ExecStart= and systemd has no permission for the special SMACK label then permission error will occurred. To resolve this, systemd should be able to set its SMACK label to something accessible of ExecStart=. So introduce new SmackProcessLabel. If label is specified with SmackProcessLabel= then the child systemd will set its label to that. To successfully execute the ExecStart=, accessible label should be specified with SmackProcessLabel=. Additionally, by SMACK policy, if the file in ExecStart= has no SMACK64EXEC then the executed process will have given label by SmackProcessLabel=. But if the file has SMACK64EXEC then the SMACK64EXEC label will be overridden. [zj: reword man page]
2014-11-24 12:46:20 +01:00
if (r < 0) {
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
log_syntax(unit, LOG_ERR, filename, line, r,
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
"Failed to resolve unit specifiers in '%s'%s: %m",
rvalue, ignore ? ", ignoring" : "");
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
return ignore ? 0 : -ENOEXEC;
smack: introduce new SmackProcessLabel option In service file, if the file has some of special SMACK label in ExecStart= and systemd has no permission for the special SMACK label then permission error will occurred. To resolve this, systemd should be able to set its SMACK label to something accessible of ExecStart=. So introduce new SmackProcessLabel. If label is specified with SmackProcessLabel= then the child systemd will set its label to that. To successfully execute the ExecStart=, accessible label should be specified with SmackProcessLabel=. Additionally, by SMACK policy, if the file in ExecStart= has no SMACK64EXEC then the executed process will have given label by SmackProcessLabel=. But if the file has SMACK64EXEC then the SMACK64EXEC label will be overridden. [zj: reword man page]
2014-11-24 12:46:20 +01:00
}
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
free_and_replace(c->smack_process_label, k);
smack: introduce new SmackProcessLabel option In service file, if the file has some of special SMACK label in ExecStart= and systemd has no permission for the special SMACK label then permission error will occurred. To resolve this, systemd should be able to set its SMACK label to something accessible of ExecStart=. So introduce new SmackProcessLabel. If label is specified with SmackProcessLabel= then the child systemd will set its label to that. To successfully execute the ExecStart=, accessible label should be specified with SmackProcessLabel=. Additionally, by SMACK policy, if the file in ExecStart= has no SMACK64EXEC then the executed process will have given label by SmackProcessLabel=. But if the file has SMACK64EXEC then the SMACK64EXEC label will be overridden. [zj: reword man page]
2014-11-24 12:46:20 +01:00
c->smack_process_label_ignore = ignore;
return 0;
}
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
int config_parse_timer(const char *unit,
const char *filename,
unsigned line,
const char *section,
conf-parser: distinguish between multiple sections with the same name Pass on the line on which a section was decleared to the parsers, so they can distinguish between multiple sections (if they chose to). Currently no parsers take advantage of this, but a follow-up patch will do that to distinguish [Address] Address=192.168.0.1/24 Label=one [Address] Address=192.168.0.2/24 Label=two from [Address] Address=192.168.0.1/24 Label=one Address=192.168.0.2/24 Label=two
2013-11-19 16:17:55 +01:00
unsigned section_line,
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
timer: fully implement timer units
2010-05-24 01:45:54 +02:00
Timer *t = data;
load-fragment: Resolve specifiers in OnCalendar and On*Sec Resolves #3534
2016-08-26 18:13:16 +02:00
usec_t usec = 0;
timer: fully implement timer units
2010-05-24 01:45:54 +02:00
TimerValue *v;
TimerBase b;
basic: use automatic cleanup more
2018-05-10 14:04:30 +02:00
_cleanup_(calendar_spec_freep) CalendarSpec *c = NULL;
load-fragment: Resolve specifiers in OnCalendar and On*Sec Resolves #3534
2016-08-26 18:13:16 +02:00
Unit *u = userdata;
_cleanup_free_ char *k = NULL;
int r;
timer: fully implement timer units
2010-05-24 01:45:54 +02:00
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
if (isempty(rvalue)) {
/* Empty assignment resets list */
timer_free_values(t);
return 0;
}
timer: implement calendar time events
2012-11-23 21:37:58 +01:00
b = timer_base_from_string(lvalue);
if (b < 0) {
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse timer base, ignoring: %s", lvalue);
load-fragment: make parser more forgiving
2010-08-17 03:30:53 +02:00
return 0;
timer: fully implement timer units
2010-05-24 01:45:54 +02:00
}
load-fragment: Resolve specifiers in OnCalendar and On*Sec Resolves #3534
2016-08-26 18:13:16 +02:00
r = unit_full_printf(u, rvalue, &k);
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
load-fragment: Resolve specifiers in OnCalendar and On*Sec Resolves #3534
2016-08-26 18:13:16 +02:00
return 0;
}
timer: implement calendar time events
2012-11-23 21:37:58 +01:00
if (b == TIMER_CALENDAR) {
load-fragment: Resolve specifiers in OnCalendar and On*Sec Resolves #3534
2016-08-26 18:13:16 +02:00
if (calendar_spec_from_string(k, &c) < 0) {
log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse calendar specification, ignoring: %s", k);
timer: implement calendar time events
2012-11-23 21:37:58 +01:00
return 0;
}
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
} else
load-fragment: Resolve specifiers in OnCalendar and On*Sec Resolves #3534
2016-08-26 18:13:16 +02:00
if (parse_sec(k, &usec) < 0) {
log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse timer value, ignoring: %s", k);
timer: implement calendar time events
2012-11-23 21:37:58 +01:00
return 0;
}
timer: fully implement timer units
2010-05-24 01:45:54 +02:00
timer: implement calendar time events
2012-11-23 21:37:58 +01:00
v = new0(TimerValue, 1);
basic: use automatic cleanup more
2018-05-10 14:04:30 +02:00
if (!v)
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
return log_oom();
timer: fully implement timer units
2010-05-24 01:45:54 +02:00
v->base = b;
load-fragment: Resolve specifiers in OnCalendar and On*Sec Resolves #3534
2016-08-26 18:13:16 +02:00
v->value = usec;
basic: use automatic cleanup more
2018-05-10 14:04:30 +02:00
v->calendar_spec = TAKE_PTR(c);
timer: fully implement timer units
2010-05-24 01:45:54 +02:00
list: make our list macros a bit easier to use by not requring type spec on each invocation We can determine the list entry type via the typeof() gcc construct, and so we should to make the macros much shorter to use.
2013-10-14 06:10:14 +02:00
LIST_PREPEND(value, t->values, v);
timer: fully implement timer units
2010-05-24 01:45:54 +02:00
return 0;
}
unit: rework trigger dependency logic Instead of having explicit type-specific callbacks that inform the triggering unit when a triggered unit changes state, make this generic so that state changes are forwarded betwee any triggered and triggering unit. Also, get rid of UnitRef references from automount, timer, path units, to the units they trigger and rely exclsuively on UNIT_TRIGGER type dendencies.
2013-04-23 20:53:16 +02:00
int config_parse_trigger_unit(
const char *unit,
const char *filename,
unsigned line,
const char *section,
conf-parser: distinguish between multiple sections with the same name Pass on the line on which a section was decleared to the parsers, so they can distinguish between multiple sections (if they chose to). Currently no parsers take advantage of this, but a follow-up patch will do that to distinguish [Address] Address=192.168.0.1/24 Label=one [Address] Address=192.168.0.2/24 Label=two from [Address] Address=192.168.0.1/24 Label=one Address=192.168.0.2/24 Label=two
2013-11-19 16:17:55 +01:00
unsigned section_line,
unit: rework trigger dependency logic Instead of having explicit type-specific callbacks that inform the triggering unit when a triggered unit changes state, make this generic so that state changes are forwarded betwee any triggered and triggering unit. Also, get rid of UnitRef references from automount, timer, path units, to the units they trigger and rely exclsuively on UNIT_TRIGGER type dendencies.
2013-04-23 20:53:16 +02:00
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
timer: fully implement timer units
2010-05-24 01:45:54 +02:00
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
_cleanup_free_ char *p = NULL;
unit: rework trigger dependency logic Instead of having explicit type-specific callbacks that inform the triggering unit when a triggered unit changes state, make this generic so that state changes are forwarded betwee any triggered and triggering unit. Also, get rid of UnitRef references from automount, timer, path units, to the units they trigger and rely exclsuively on UNIT_TRIGGER type dendencies.
2013-04-23 20:53:16 +02:00
Unit *u = data;
UnitType type;
int r;
dbus: make errors reported via D-Bus more useful
2010-07-08 02:43:18 +02:00
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
core: track why unit dependencies came to be This replaces the dependencies Set* objects by Hashmap* objects, where the key is the depending Unit, and the value is a bitmask encoding why the specific dependency was created. The bitmask contains a number of different, defined bits, that indicate why dependencies exist, for example whether they are created due to explicitly configured deps in files, by udev rules or implicitly. Note that memory usage is not increased by this change, even though we store more information, as we manage to encode the bit mask inside the value pointer each Hashmap entry contains. Why this all? When we know how a dependency came to be, we can update dependencies correctly when a configuration source changes but others are left unaltered. Specifically: 1. We can fix UDEV_WANTS dependency generation: so far we kept adding dependencies configured that way, but if a device lost such a dependency we couldn't them again as there was no scheme for removing of dependencies in place. 2. We can implement "pin-pointed" reload of unit files. If we know what dependencies were created as result of configuration in a unit file, then we know what to flush out when we want to reload it. 3. It's useful for debugging: "systemd-analyze dump" now shows this information, helping substantially with understanding how systemd's dependency tree came to be the way it came to be.
2017-10-25 20:46:01 +02:00
if (!hashmap_isempty(u->dependencies[UNIT_TRIGGERS])) {
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Multiple units to trigger specified, ignoring: %s", rvalue);
unit: rework trigger dependency logic Instead of having explicit type-specific callbacks that inform the triggering unit when a triggered unit changes state, make this generic so that state changes are forwarded betwee any triggered and triggering unit. Also, get rid of UnitRef references from automount, timer, path units, to the units they trigger and rely exclsuively on UNIT_TRIGGER type dendencies.
2013-04-23 20:53:16 +02:00
return 0;
}
timer: fully implement timer units
2010-05-24 01:45:54 +02:00
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
r = unit_name_printf(u, rvalue, &p);
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
return 0;
}
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
type = unit_name_to_type(p);
unit: rework trigger dependency logic Instead of having explicit type-specific callbacks that inform the triggering unit when a triggered unit changes state, make this generic so that state changes are forwarded betwee any triggered and triggering unit. Also, get rid of UnitRef references from automount, timer, path units, to the units they trigger and rely exclsuively on UNIT_TRIGGER type dendencies.
2013-04-23 20:53:16 +02:00
if (type < 0) {
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Unit type not valid, ignoring: %s", rvalue);
load-fragment: make parser more forgiving
2010-08-17 03:30:53 +02:00
return 0;
timer: fully implement timer units
2010-05-24 01:45:54 +02:00
}
Allow timers to trigger timers (#8043) Unlike any other unit type, it makes sense for a timer to start another timer. It is an easy way to crate logical "and" between time conditions for instance, every day but no less than 5' after boot can easily be implemented by a OnBootSec triggering an OnCalendar. This is particulary usefull with Persistant timers which tend to all fire together at startup
2018-02-14 14:10:07 +01:00
if (unit_has_name(u, p)) {
log_syntax(unit, LOG_ERR, filename, line, 0, "Units cannot trigger themselves, ignoring: %s", rvalue);
unit: rework trigger dependency logic Instead of having explicit type-specific callbacks that inform the triggering unit when a triggered unit changes state, make this generic so that state changes are forwarded betwee any triggered and triggering unit. Also, get rid of UnitRef references from automount, timer, path units, to the units they trigger and rely exclsuively on UNIT_TRIGGER type dendencies.
2013-04-23 20:53:16 +02:00
return 0;
}
pid1: drop unused path parameter to add_two_dependencies_by_name()
2018-09-15 20:02:00 +02:00
r = unit_add_two_dependencies_by_name(u, UNIT_BEFORE, UNIT_TRIGGERS, p, true, UNIT_DEPENDENCY_FILE);
unit: properly update references to units which are merged When we merge units that some kind of object points to, those pointers might become invalidated, and needs to be updated. Introduce a UnitRef struct which links up all the unit references, to ensure corrected references. At the same time, drop configured_sockets in the Service object, and replace it by proper UNIT_TRIGGERS resp. UNIT_TRIGGERED_BY dependencies, which allow us to simplify a lot of code.
2012-01-06 23:08:54 +01:00
if (r < 0) {
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add trigger on %s, ignoring: %m", p);
load-fragment: make parser more forgiving
2010-08-17 03:30:53 +02:00
return 0;
timer: fully implement timer units
2010-05-24 01:45:54 +02:00
}
return 0;
}
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
int config_parse_path_spec(const char *unit,
const char *filename,
unsigned line,
const char *section,
conf-parser: distinguish between multiple sections with the same name Pass on the line on which a section was decleared to the parsers, so they can distinguish between multiple sections (if they chose to). Currently no parsers take advantage of this, but a follow-up patch will do that to distinguish [Address] Address=192.168.0.1/24 Label=one [Address] Address=192.168.0.2/24 Label=two from [Address] Address=192.168.0.1/24 Label=one Address=192.168.0.2/24 Label=two
2013-11-19 16:17:55 +01:00
unsigned section_line,
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
path: add .path unit type for monitoring files
2010-05-24 05:25:33 +02:00
Path *p = data;
PathSpec *s;
PathType b;
move _cleanup_ attribute in front of the type http://lists.freedesktop.org/archives/systemd-devel/2013-April/010510.html
2013-04-18 09:11:22 +02:00
_cleanup_free_ char *k = NULL;
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
int r;
path: add .path unit type for monitoring files
2010-05-24 05:25:33 +02:00
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
if (isempty(rvalue)) {
/* Empty assignment clears list */
path_free_specs(p);
return 0;
}
path: support specifier resolvin in .path units
2012-09-19 20:09:27 +02:00
b = path_type_from_string(lvalue);
if (b < 0) {
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse path type, ignoring: %s", lvalue);
load-fragment: make parser more forgiving
2010-08-17 03:30:53 +02:00
return 0;
path: add .path unit type for monitoring files
2010-05-24 05:25:33 +02:00
}
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
r = unit_full_printf(UNIT(p), rvalue, &k);
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
return 0;
specifier: when resolving specifier strings when loading configuration, don't misunderstand parse failures as OOM http://lists.freedesktop.org/archives/systemd-devel/2013-February/009179.html
2013-03-01 14:54:55 +01:00
}
path: support specifier resolvin in .path units
2012-09-19 20:09:27 +02:00
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
if (r < 0)
load-fragment: make parser more forgiving
2010-08-17 03:30:53 +02:00
return 0;
path: add .path unit type for monitoring files
2010-05-24 05:25:33 +02:00
path: support specifier resolvin in .path units
2012-09-19 20:09:27 +02:00
s = new0(PathSpec, 1);
core/main: use _cleanup_
2013-04-16 03:58:22 +02:00
if (!s)
path: support specifier resolvin in .path units
2012-09-19 20:09:27 +02:00
return log_oom();
path: add .path unit type for monitoring files
2010-05-24 05:25:33 +02:00
core: convert PID 1 to libsystemd-bus This patch converts PID 1 to libsystemd-bus and thus drops the dependency on libdbus. The only remaining code using libdbus is a test case that validates our bus marshalling against libdbus' marshalling, and this dependency can be turned off. This patch also adds a couple of things to libsystem-bus, that are necessary to make the port work: - Synthesizing of "Disconnected" messages when bus connections are severed. - Support for attaching multiple vtables for the same interface on the same path. This patch also fixes the SetDefaultTarget() and GetDefaultTarget() bus calls which used an inappropriate signature. As a side effect we will now generate PropertiesChanged messages which carry property contents, rather than just invalidation information.
2013-11-19 21:12:59 +01:00
s->unit = UNIT(p);
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
s->path = TAKE_PTR(k);
path: add .path unit type for monitoring files
2010-05-24 05:25:33 +02:00
s->type = b;
s->inotify_fd = -1;
list: make our list macros a bit easier to use by not requring type spec on each invocation We can determine the list entry type via the typeof() gcc construct, and so we should to make the macros much shorter to use.
2013-10-14 06:10:14 +02:00
LIST_PREPEND(spec, p->specs, s);
path: add .path unit type for monitoring files
2010-05-24 05:25:33 +02:00
return 0;
}
conf-parse: don't accept invalid bus names as BusName= arguments in service units
2015-01-07 22:07:09 +01:00
int config_parse_socket_service(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
socket: make service to start on incoming traffic configurable
2010-09-30 02:19:12 +02:00
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy GLIB has recently started to officially support the gcc cleanup attribute in its public API, hence let's do the same for our APIs. With this patch we'll define an xyz_unrefp() call for each public xyz_unref() call, to make it easy to use inside a __attribute__((cleanup())) expression. Then, all code is ported over to make use of this. The new calls are also documented in the man pages, with examples how to use them (well, I only added docs where the _unref() call itself already had docs, and the examples, only cover sd_bus_unrefp() and sd_event_unrefp()). This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we tend to call our destructors these days. Note that this defines no public macro that wraps gcc's attribute and makes it easier to use. While I think it's our duty in the library to make our stuff easy to use, I figure it's not our duty to make gcc's own features easy to use on its own. Most likely, client code which wants to make use of this should define its own: #define _cleanup_(function) __attribute__((cleanup(function))) Or similar, to make the gcc feature easier to use. Making this logic public has the benefit that we can remove three header files whose only purpose was to define these functions internally. See #2008.
2015-11-27 19:13:45 +01:00
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
core: add support for naming file descriptors passed using socket activation This adds support for naming file descriptors passed using socket activation. The names are passed in a new $LISTEN_FDNAMES= environment variable, that matches the existign $LISTEN_FDS= one and contains a colon-separated list of names. This also adds support for naming fds submitted to the per-service fd store using FDNAME= in the sd_notify() message. This also adds a new FileDescriptorName= setting for socket unit files to set the name for fds created by socket units. This also adds a new call sd_listen_fds_with_names(), that is similar to sd_listen_fds(), but also returns the names of the fds. systemd-activate gained the new --fdname= switch to specify a name for testing socket activation. This is based on #1247 by Maciej Wereski. Fixes #1247.
2015-10-04 17:36:19 +02:00
_cleanup_free_ char *p = NULL;
socket: make service to start on incoming traffic configurable
2010-09-30 02:19:12 +02:00
Socket *s = data;
load-fragment: fix parsing of Socket= setting
2012-01-07 01:21:40 +01:00
Unit *x;
core: add support for naming file descriptors passed using socket activation This adds support for naming file descriptors passed using socket activation. The names are passed in a new $LISTEN_FDNAMES= environment variable, that matches the existign $LISTEN_FDS= one and contains a colon-separated list of names. This also adds support for naming fds submitted to the per-service fd store using FDNAME= in the sd_notify() message. This also adds a new FileDescriptorName= setting for socket unit files to set the name for fds created by socket units. This also adds a new call sd_listen_fds_with_names(), that is similar to sd_listen_fds(), but also returns the names of the fds. systemd-activate gained the new --fdname= switch to specify a name for testing socket activation. This is based on #1247 by Maciej Wereski. Fixes #1247.
2015-10-04 17:36:19 +02:00
int r;
socket: make service to start on incoming traffic configurable
2010-09-30 02:19:12 +02:00
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
r = unit_name_printf(UNIT(s), rvalue, &p);
service: add the ability for units to join other unit's PrivateNetwork= and PrivateTmp= namespaces
2013-11-27 20:23:18 +01:00
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", rvalue);
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
return -ENOEXEC;
service: add the ability for units to join other unit's PrivateNetwork= and PrivateTmp= namespaces
2013-11-27 20:23:18 +01:00
}
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
service: add the ability for units to join other unit's PrivateNetwork= and PrivateTmp= namespaces
2013-11-27 20:23:18 +01:00
if (!endswith(p, ".service")) {
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Unit must be of type service: %s", rvalue);
return -ENOEXEC;
socket: make service to start on incoming traffic configurable
2010-09-30 02:19:12 +02:00
}
service: add the ability for units to join other unit's PrivateNetwork= and PrivateTmp= namespaces
2013-11-27 20:23:18 +01:00
r = manager_load_unit(UNIT(s)->manager, p, NULL, &error, &x);
load-fragment: fix parsing of Socket= setting
2012-01-07 01:21:40 +01:00
if (r < 0) {
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to load unit %s: %s", rvalue, bus_error_message(&error, r));
return -ENOEXEC;
socket: make service to start on incoming traffic configurable
2010-09-30 02:19:12 +02:00
}
pid1: include the source unit in UnitRef No functional change. The source unit manages the reference. It allocates the UnitRef structure and registers it in the target unit, and then the reference must be destroyed before the source unit is destroyed. Thus, is should be OK to include the pointer to the source unit, it should be live as long as the reference exists. v2: - rename refs to refs_by_target
2018-02-13 13:12:43 +01:00
unit_ref_set(&s->service, UNIT(s), x);
load-fragment: fix parsing of Socket= setting
2012-01-07 01:21:40 +01:00
socket: make service to start on incoming traffic configurable
2010-09-30 02:19:12 +02:00
return 0;
}
core: add support for naming file descriptors passed using socket activation This adds support for naming file descriptors passed using socket activation. The names are passed in a new $LISTEN_FDNAMES= environment variable, that matches the existign $LISTEN_FDS= one and contains a colon-separated list of names. This also adds support for naming fds submitted to the per-service fd store using FDNAME= in the sd_notify() message. This also adds a new FileDescriptorName= setting for socket unit files to set the name for fds created by socket units. This also adds a new call sd_listen_fds_with_names(), that is similar to sd_listen_fds(), but also returns the names of the fds. systemd-activate gained the new --fdname= switch to specify a name for testing socket activation. This is based on #1247 by Maciej Wereski. Fixes #1247.
2015-10-04 17:36:19 +02:00
int config_parse_fdname(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
_cleanup_free_ char *p = NULL;
Socket *s = data;
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
if (isempty(rvalue)) {
s->fdname = mfree(s->fdname);
return 0;
}
core: use unit_full_printf() at a couple of locations we used unit_name_printf() before For settings that are not taking unit names there's no reason to use unit_name_printf(). Use unit_full_printf() instead, as the names are validated anyway in one form or another after expansion.
2016-12-05 19:25:44 +01:00
r = unit_full_printf(UNIT(s), rvalue, &p);
core: add support for naming file descriptors passed using socket activation This adds support for naming file descriptors passed using socket activation. The names are passed in a new $LISTEN_FDNAMES= environment variable, that matches the existign $LISTEN_FDS= one and contains a colon-separated list of names. This also adds support for naming fds submitted to the per-service fd store using FDNAME= in the sd_notify() message. This also adds a new FileDescriptorName= setting for socket unit files to set the name for fds created by socket units. This also adds a new call sd_listen_fds_with_names(), that is similar to sd_listen_fds(), but also returns the names of the fds. systemd-activate gained the new --fdname= switch to specify a name for testing socket activation. This is based on #1247 by Maciej Wereski. Fixes #1247.
2015-10-04 17:36:19 +02:00
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
core: add support for naming file descriptors passed using socket activation This adds support for naming file descriptors passed using socket activation. The names are passed in a new $LISTEN_FDNAMES= environment variable, that matches the existign $LISTEN_FDS= one and contains a colon-separated list of names. This also adds support for naming fds submitted to the per-service fd store using FDNAME= in the sd_notify() message. This also adds a new FileDescriptorName= setting for socket unit files to set the name for fds created by socket units. This also adds a new call sd_listen_fds_with_names(), that is similar to sd_listen_fds(), but also returns the names of the fds. systemd-activate gained the new --fdname= switch to specify a name for testing socket activation. This is based on #1247 by Maciej Wereski. Fixes #1247.
2015-10-04 17:36:19 +02:00
return 0;
}
if (!fdname_is_valid(p)) {
log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid file descriptor name, ignoring: %s", p);
return 0;
}
tree-wide: introduce free_and_replace helper It's a common pattern, so add a helper for it. A macro is necessary because a function that takes a pointer to a pointer would be type specific, similarly to cleanup functions. Seems better to use a macro.
2016-10-17 01:23:35 +02:00
return free_and_replace(s->fdname, p);
core: add support for naming file descriptors passed using socket activation This adds support for naming file descriptors passed using socket activation. The names are passed in a new $LISTEN_FDNAMES= environment variable, that matches the existign $LISTEN_FDS= one and contains a colon-separated list of names. This also adds support for naming fds submitted to the per-service fd store using FDNAME= in the sd_notify() message. This also adds a new FileDescriptorName= setting for socket unit files to set the name for fds created by socket units. This also adds a new call sd_listen_fds_with_names(), that is similar to sd_listen_fds(), but also returns the names of the fds. systemd-activate gained the new --fdname= switch to specify a name for testing socket activation. This is based on #1247 by Maciej Wereski. Fixes #1247.
2015-10-04 17:36:19 +02:00
}
conf-parse: don't accept invalid bus names as BusName= arguments in service units
2015-01-07 22:07:09 +01:00
int config_parse_service_sockets(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
socket: make sockets to pass to a service configurable
2010-10-05 19:49:15 +02:00
Service *s = data;
core: parse socket port to extract_first_word
2015-11-03 18:19:05 +01:00
const char *p;
conf-parse: don't accept invalid bus names as BusName= arguments in service units
2015-01-07 22:07:09 +01:00
int r;
socket: make sockets to pass to a service configurable
2010-10-05 19:49:15 +02:00
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
core: parse socket port to extract_first_word
2015-11-03 18:19:05 +01:00
p = rvalue;
tree-wide: minor formatting inconsistency cleanups
2016-02-23 18:52:52 +01:00
for (;;) {
core: remove unused variable unused since 7b2313f5
2015-11-07 11:03:11 +01:00
_cleanup_free_ char *word = NULL, *k = NULL;
socket: make sockets to pass to a service configurable
2010-10-05 19:49:15 +02:00
core: parse socket port to extract_first_word
2015-11-03 18:19:05 +01:00
r = extract_first_word(&p, &word, NULL, 0);
if (r == 0)
break;
if (r == -ENOMEM)
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
return log_oom();
core: parse socket port to extract_first_word
2015-11-03 18:19:05 +01:00
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r, "Trailing garbage in sockets, ignoring: %s", rvalue);
break;
}
socket: make sockets to pass to a service configurable
2010-10-05 19:49:15 +02:00
core: parse socket port to extract_first_word
2015-11-03 18:19:05 +01:00
r = unit_name_printf(UNIT(s), word, &k);
conf-parse: don't accept invalid bus names as BusName= arguments in service units
2015-01-07 22:07:09 +01:00
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
conf-parse: don't accept invalid bus names as BusName= arguments in service units
2015-01-07 22:07:09 +01:00
continue;
}
unit: properly update references to units which are merged When we merge units that some kind of object points to, those pointers might become invalidated, and needs to be updated. Introduce a UnitRef struct which links up all the unit references, to ensure corrected references. At the same time, drop configured_sockets in the Service object, and replace it by proper UNIT_TRIGGERS resp. UNIT_TRIGGERED_BY dependencies, which allow us to simplify a lot of code.
2012-01-06 23:08:54 +01:00
conf-parse: don't accept invalid bus names as BusName= arguments in service units
2015-01-07 22:07:09 +01:00
if (!endswith(k, ".socket")) {
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Unit must be of type socket, ignoring: %s", k);
socket: make sockets to pass to a service configurable
2010-10-05 19:49:15 +02:00
continue;
}
pid1: drop unused path parameter to add_two_dependencies_by_name()
2018-09-15 20:02:00 +02:00
r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_WANTS, UNIT_AFTER, k, true, UNIT_DEPENDENCY_FILE);
unit: properly update references to units which are merged When we merge units that some kind of object points to, those pointers might become invalidated, and needs to be updated. Introduce a UnitRef struct which links up all the unit references, to ensure corrected references. At the same time, drop configured_sockets in the Service object, and replace it by proper UNIT_TRIGGERS resp. UNIT_TRIGGERED_BY dependencies, which allow us to simplify a lot of code.
2012-01-06 23:08:54 +01:00
if (r < 0)
conf-parse: don't accept invalid bus names as BusName= arguments in service units
2015-01-07 22:07:09 +01:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
socket: make sockets to pass to a service configurable
2010-10-05 19:49:15 +02:00
pid1: drop now-unused path parameter to add_dependency_by_name()
2018-09-15 19:57:52 +02:00
r = unit_add_dependency_by_name(UNIT(s), UNIT_TRIGGERED_BY, k, true, UNIT_DEPENDENCY_FILE);
unit: properly update references to units which are merged When we merge units that some kind of object points to, those pointers might become invalidated, and needs to be updated. Introduce a UnitRef struct which links up all the unit references, to ensure corrected references. At the same time, drop configured_sockets in the Service object, and replace it by proper UNIT_TRIGGERS resp. UNIT_TRIGGERED_BY dependencies, which allow us to simplify a lot of code.
2012-01-06 23:08:54 +01:00
if (r < 0)
conf-parse: don't accept invalid bus names as BusName= arguments in service units
2015-01-07 22:07:09 +01:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add dependency on %s, ignoring: %m", k);
socket: make sockets to pass to a service configurable
2010-10-05 19:49:15 +02:00
}
return 0;
}
conf-parse: don't accept invalid bus names as BusName= arguments in service units
2015-01-07 22:07:09 +01:00
int config_parse_bus_name(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
_cleanup_free_ char *k = NULL;
Unit *u = userdata;
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(u);
r = unit_full_printf(u, rvalue, &k);
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
conf-parse: don't accept invalid bus names as BusName= arguments in service units
2015-01-07 22:07:09 +01:00
return 0;
}
if (!service_name_is_valid(k)) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid bus name, ignoring: %s", k);
conf-parse: don't accept invalid bus names as BusName= arguments in service units
2015-01-07 22:07:09 +01:00
return 0;
}
return config_parse_string(unit, filename, line, section, section_line, lvalue, ltype, k, data, userdata);
}
core: simplify how we parse TimeoutSec=, TimeoutStartSec= and TimeoutStopSec= Let's make things more obvious by placing the parse_usec() invocation directly in config_parse_service_timeout().
2016-02-08 23:54:54 +01:00
int config_parse_service_timeout(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
service: timeout for oneshot services Add possibility to specify timeout for oneshot services. [ https://bugzilla.redhat.com/show_bug.cgi?id=761656 Added minor fixups. -- michich ]
2012-06-14 17:07:07 +02:00
Service *s = userdata;
core: simplify how we parse TimeoutSec=, TimeoutStartSec= and TimeoutStopSec= Let's make things more obvious by placing the parse_usec() invocation directly in config_parse_service_timeout().
2016-02-08 23:54:54 +01:00
usec_t usec;
service: timeout for oneshot services Add possibility to specify timeout for oneshot services. [ https://bugzilla.redhat.com/show_bug.cgi?id=761656 Added minor fixups. -- michich ]
2012-06-14 17:07:07 +02:00
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(s);
load-fragment: use config_parse_sec_fix_0() for TimeoutStopSec=
2018-05-25 05:16:24 +02:00
/* This is called for two cases: TimeoutSec= and TimeoutStartSec=. */
service: timeout for oneshot services Add possibility to specify timeout for oneshot services. [ https://bugzilla.redhat.com/show_bug.cgi?id=761656 Added minor fixups. -- michich ]
2012-06-14 17:07:07 +02:00
load-fragment: use parse_sec_fix_0() instead of updating the value later
2018-05-25 05:17:52 +02:00
/* Traditionally, these options accepted 0 to disable the timeouts. However, a timeout of 0 suggests it happens
* immediately, hence fix this to become USEC_INFINITY instead. This is in-line with how we internally handle
* all other timeouts. */
r = parse_sec_fix_0(rvalue, &usec);
core: simplify how we parse TimeoutSec=, TimeoutStartSec= and TimeoutStopSec= Let's make things more obvious by placing the parse_usec() invocation directly in config_parse_service_timeout().
2016-02-08 23:54:54 +01:00
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s= parameter, ignoring: %s", lvalue, rvalue);
return 0;
}
systemd: introduced new timeout types Makes possible to specify separate timeout for start and stop of the service. [ Improved the manpage. Coding style fix. -- michich ]
2012-08-07 14:41:48 +02:00
load-fragment: use config_parse_sec_fix_0() for TimeoutStopSec=
2018-05-25 05:16:24 +02:00
s->start_timeout_defined = true;
s->timeout_start_usec = usec;
core: rework unit timeout handling, and add new setting RuntimeMaxSec= This clean-ups timeout handling in PID 1. Specifically, instead of storing 0 in internal timeout variables as indication for a disabled timeout, use USEC_INFINITY which is in-line with how we do this in the rest of our code (following the logic that 0 means "no", and USEC_INFINITY means "never"). This also replace all usec_t additions with invocations to usec_add(), so that USEC_INFINITY is properly propagated, and sd-event considers it has indication for turning off the event source. This also alters the deserialization of the units to restart timeouts from the time they were originally started from. Before this patch timeouts would be restarted beginning with the time of the deserialization, which could lead to artificially prolonged timeouts if a daemon reload took place. Finally, a new RuntimeMaxSec= setting is introduced for service units, that specifies a maximum runtime after which a specific service is forcibly terminated. This is useful to put time limits on time-intensive processing jobs. This also simplifies the various xyz_spawn() calls of the various types in that explicit distruction of the timers is removed, as that is done anyway by the state change handlers, and a state change is always done when the xyz_spawn() calls fail. Fixes: #2249
2016-02-01 21:48:10 +01:00
load-fragment: use config_parse_sec_fix_0() for TimeoutStopSec=
2018-05-25 05:16:24 +02:00
if (streq(lvalue, "TimeoutSec"))
core: simplify how we parse TimeoutSec=, TimeoutStartSec= and TimeoutStopSec= Let's make things more obvious by placing the parse_usec() invocation directly in config_parse_service_timeout().
2016-02-08 23:54:54 +01:00
s->timeout_stop_usec = usec;
core: rework unit timeout handling, and add new setting RuntimeMaxSec= This clean-ups timeout handling in PID 1. Specifically, instead of storing 0 in internal timeout variables as indication for a disabled timeout, use USEC_INFINITY which is in-line with how we do this in the rest of our code (following the logic that 0 means "no", and USEC_INFINITY means "never"). This also replace all usec_t additions with invocations to usec_add(), so that USEC_INFINITY is properly propagated, and sd-event considers it has indication for turning off the event source. This also alters the deserialization of the units to restart timeouts from the time they were originally started from. Before this patch timeouts would be restarted beginning with the time of the deserialization, which could lead to artificially prolonged timeouts if a daemon reload took place. Finally, a new RuntimeMaxSec= setting is introduced for service units, that specifies a maximum runtime after which a specific service is forcibly terminated. This is useful to put time limits on time-intensive processing jobs. This also simplifies the various xyz_spawn() calls of the various types in that explicit distruction of the timers is removed, as that is done anyway by the state change handlers, and a state change is always done when the xyz_spawn() calls fail. Fixes: #2249
2016-02-01 21:48:10 +01:00
systemd: introduced new timeout types Makes possible to specify separate timeout for start and stop of the service. [ Improved the manpage. Coding style fix. -- michich ]
2012-08-07 14:41:48 +02:00
return 0;
service: timeout for oneshot services Add possibility to specify timeout for oneshot services. [ https://bugzilla.redhat.com/show_bug.cgi?id=761656 Added minor fixups. -- michich ]
2012-06-14 17:07:07 +02:00
}
core: treat JobTimeout=0 as equivalent to JobTimeout=infinity Corrects an incompatibility introduced with 36c16a7cdd6c33d7980efc2cd6a2211941f302b4. Fixes: #2537
2016-02-08 23:56:30 +01:00
int config_parse_sec_fix_0(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
usec_t *usec = data;
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(usec);
/* This is pretty much like config_parse_sec(), except that this treats a time of 0 as infinity, for
* compatibility with older versions of systemd where 0 instead of infinity was used as indicator to turn off a
* timeout. */
Parse "timeout=0" as infinity in various generators (#6264) This extends 2d79a0bbb9f651656384a0a86ed814e6306fb5dd to the kernel command line parsing. The parsing is changed a bit to only understand "0" as infinity. If units are specified, parse normally, e.g. "0s" is just 0. This makes it possible to provide a zero timeout if necessary. Simple test is added. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1462378.
2017-07-03 14:29:32 +02:00
r = parse_sec_fix_0(rvalue, usec);
core: treat JobTimeout=0 as equivalent to JobTimeout=infinity Corrects an incompatibility introduced with 36c16a7cdd6c33d7980efc2cd6a2211941f302b4. Fixes: #2537
2016-02-08 23:56:30 +01:00
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s= parameter, ignoring: %s", lvalue, rvalue);
return 0;
}
return 0;
}
core: be stricter when parsing User=/Group= fields Let's verify the validity of the syntax of the user/group names set.
2016-07-14 12:28:06 +02:00
int config_parse_user_group(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
_cleanup_free_ char *k = NULL;
char **user = data;
core: be stricter when parsing User=/Group= fields Let's verify the validity of the syntax of the user/group names set.
2016-07-14 12:28:06 +02:00
Unit *u = userdata;
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(u);
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
if (isempty(rvalue)) {
*user = mfree(*user);
return 0;
}
core: be stricter when parsing User=/Group= fields Let's verify the validity of the syntax of the user/group names set.
2016-07-14 12:28:06 +02:00
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
r = unit_full_printf(u, rvalue, &k);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", rvalue);
return -ENOEXEC;
core: be stricter when parsing User=/Group= fields Let's verify the validity of the syntax of the user/group names set.
2016-07-14 12:28:06 +02:00
}
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
if (!valid_user_group_name_or_id(k)) {
log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
return -ENOEXEC;
}
core: be stricter when parsing User=/Group= fields Let's verify the validity of the syntax of the user/group names set.
2016-07-14 12:28:06 +02:00
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
return free_and_replace(*user, k);
core: be stricter when parsing User=/Group= fields Let's verify the validity of the syntax of the user/group names set.
2016-07-14 12:28:06 +02:00
}
int config_parse_user_group_strv(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
char ***users = data;
Unit *u = userdata;
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
const char *p = rvalue;
core: be stricter when parsing User=/Group= fields Let's verify the validity of the syntax of the user/group names set.
2016-07-14 12:28:06 +02:00
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(u);
if (isempty(rvalue)) {
load-fragment: do not create empty array Originally added in 4589f5bb0a973e9a41be93de06c87072cea4dfb9. C.f. 8249bb728db6c2abaf12575d661b52571bdc1ab1 and #6746.
2017-10-04 08:21:12 +02:00
*users = strv_free(*users);
core: be stricter when parsing User=/Group= fields Let's verify the validity of the syntax of the user/group names set.
2016-07-14 12:28:06 +02:00
return 0;
}
for (;;) {
_cleanup_free_ char *word = NULL, *k = NULL;
tree-wide: drop unneded WHITESPACE param to extract_first_word It's the default, and NULL is shorter.
2016-10-28 02:06:44 +02:00
r = extract_first_word(&p, &word, NULL, 0);
core: be stricter when parsing User=/Group= fields Let's verify the validity of the syntax of the user/group names set.
2016-07-14 12:28:06 +02:00
if (r == 0)
break;
if (r == -ENOMEM)
return log_oom();
if (r < 0) {
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax: %s", rvalue);
return -ENOEXEC;
core: be stricter when parsing User=/Group= fields Let's verify the validity of the syntax of the user/group names set.
2016-07-14 12:28:06 +02:00
}
r = unit_full_printf(u, word, &k);
if (r < 0) {
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", word);
return -ENOEXEC;
core: be stricter when parsing User=/Group= fields Let's verify the validity of the syntax of the user/group names set.
2016-07-14 12:28:06 +02:00
}
if (!valid_user_group_name_or_id(k)) {
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
return -ENOEXEC;
core: be stricter when parsing User=/Group= fields Let's verify the validity of the syntax of the user/group names set.
2016-07-14 12:28:06 +02:00
}
r = strv_push(users, k);
if (r < 0)
return log_oom();
k = NULL;
}
return 0;
}
core: allow setting WorkingDirectory= to the special value ~ If set to ~ the working directory is set to the home directory of the user configured in User=. This change also exposes the existing switch for the working directory that allowed making missing working directories non-fatal. This also changes "machinectl shell" to make use of this to ensure that the invoked shell is by default in the user's home directory. Fixes #1268.
2015-09-23 19:46:23 +02:00
int config_parse_working_directory(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
ExecContext *c = data;
Unit *u = userdata;
bool missing_ok;
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(c);
assert(u);
load-fragment: make WorkingDirectory= accept the empty string
2018-05-25 05:25:41 +02:00
if (isempty(rvalue)) {
c->working_directory_home = false;
c->working_directory = mfree(c->working_directory);
return 0;
}
core: allow setting WorkingDirectory= to the special value ~ If set to ~ the working directory is set to the home directory of the user configured in User=. This change also exposes the existing switch for the working directory that allowed making missing working directories non-fatal. This also changes "machinectl shell" to make use of this to ensure that the invoked shell is by default in the user's home directory. Fixes #1268.
2015-09-23 19:46:23 +02:00
if (rvalue[0] == '-') {
missing_ok = true;
rvalue++;
} else
missing_ok = false;
if (streq(rvalue, "~")) {
c->working_directory_home = true;
c->working_directory = mfree(c->working_directory);
} else {
_cleanup_free_ char *k = NULL;
r = unit_full_printf(u, rvalue, &k);
if (r < 0) {
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
log_syntax(unit, LOG_ERR, filename, line, r,
"Failed to resolve unit specifiers in working directory path '%s'%s: %m",
rvalue, missing_ok ? ", ignoring" : "");
return missing_ok ? 0 : -ENOEXEC;
core: allow setting WorkingDirectory= to the special value ~ If set to ~ the working directory is set to the home directory of the user configured in User=. This change also exposes the existing switch for the working directory that allowed making missing working directories non-fatal. This also changes "machinectl shell" to make use of this to ensure that the invoked shell is by default in the user's home directory. Fixes #1268.
2015-09-23 19:46:23 +02:00
}
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
r = path_simplify_and_warn(k, PATH_CHECK_ABSOLUTE | (missing_ok ? 0 : PATH_CHECK_FATAL), unit, filename, line, lvalue);
if (r < 0)
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
return missing_ok ? 0 : -ENOEXEC;
core: allow setting WorkingDirectory= to the special value ~ If set to ~ the working directory is set to the home directory of the user configured in User=. This change also exposes the existing switch for the working directory that allowed making missing working directories non-fatal. This also changes "machinectl shell" to make use of this to ensure that the invoked shell is by default in the user's home directory. Fixes #1268.
2015-09-23 19:46:23 +02:00
c->working_directory_home = false;
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
free_and_replace(c->working_directory, k);
core: allow setting WorkingDirectory= to the special value ~ If set to ~ the working directory is set to the home directory of the user configured in User=. This change also exposes the existing switch for the working directory that allowed making missing working directories non-fatal. This also changes "machinectl shell" to make use of this to ensure that the invoked shell is by default in the user's home directory. Fixes #1268.
2015-09-23 19:46:23 +02:00
}
c->working_directory_missing_ok = missing_ok;
return 0;
}
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
int config_parse_unit_env_file(const char *unit,
const char *filename,
unsigned line,
const char *section,
conf-parser: distinguish between multiple sections with the same name Pass on the line on which a section was decleared to the parsers, so they can distinguish between multiple sections (if they chose to). Currently no parsers take advantage of this, but a follow-up patch will do that to distinguish [Address] Address=192.168.0.1/24 Label=one [Address] Address=192.168.0.2/24 Label=two from [Address] Address=192.168.0.1/24 Label=one Address=192.168.0.2/24 Label=two
2013-11-19 16:17:55 +01:00
unsigned section_line,
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
execute: add EnvironmentFile= option
2010-06-18 06:06:24 +02:00
core: properly validate environment data from Environment= lines in unit files
2013-02-11 23:45:59 +01:00
char ***env = data;
unit: support wildcards in Environment=, EnvironmentFile=
2011-07-01 01:13:47 +02:00
Unit *u = userdata;
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
_cleanup_free_ char *n = NULL;
core: properly validate environment data from Environment= lines in unit files
2013-02-11 23:45:59 +01:00
int r;
execute: add EnvironmentFile= option
2010-06-18 06:06:24 +02:00
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
if (isempty(rvalue)) {
/* Empty assignment frees the list */
tree-wide: make use of the fact that strv_free() returns NULL Another Coccinelle patch.
2015-09-09 23:05:10 +02:00
*env = strv_free(*env);
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
return 0;
}
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
r = unit_full_printf(u, rvalue, &n);
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
return 0;
}
unit: support wildcards in Environment=, EnvironmentFile=
2011-07-01 01:13:47 +02:00
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
r = path_simplify_and_warn(n[0] == '-' ? n + 1 : n, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
if (r < 0)
fragment: allow prefixing of the EnvironmentFile= path with - to ignore errors
2011-01-06 01:39:08 +01:00
return 0;
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
r = strv_push(env, n);
core: properly validate environment data from Environment= lines in unit files
2013-02-11 23:45:59 +01:00
if (r < 0)
return log_oom();
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
n = NULL;
core: properly validate environment data from Environment= lines in unit files
2013-02-11 23:45:59 +01:00
return 0;
}
core: print the right string when we fail to replace specifiers in config_parse_environ()
2017-09-12 19:47:58 +02:00
int config_parse_environ(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
core: properly validate environment data from Environment= lines in unit files
2013-02-11 23:45:59 +01:00
Unit *u = userdata;
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
char ***env = data;
const char *p;
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
int r;
core: properly validate environment data from Environment= lines in unit files
2013-02-11 23:45:59 +01:00
assert(filename);
assert(lvalue);
assert(rvalue);
manager: add DefaultEnvironment option This complements existing functionality of setting variables through 'systemctl set-environment', the kernel command line, and through normal environment variables for systemd in session mode.
2013-06-09 07:08:46 +02:00
assert(data);
core: properly validate environment data from Environment= lines in unit files
2013-02-11 23:45:59 +01:00
if (isempty(rvalue)) {
/* Empty assignment resets the list */
tree-wide: make use of the fact that strv_free() returns NULL Another Coccinelle patch.
2015-09-09 23:05:10 +02:00
*env = strv_free(*env);
core: properly validate environment data from Environment= lines in unit files
2013-02-11 23:45:59 +01:00
return 0;
}
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
for (p = rvalue;; ) {
_cleanup_free_ char *word = NULL, *k = NULL;
r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_QUOTES);
if (r == 0)
return 0;
if (r == -ENOMEM)
return log_oom();
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
if (r < 0) {
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
log_syntax(unit, LOG_WARNING, filename, line, r,
"Invalid syntax, ignoring: %s", rvalue);
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
return 0;
}
manager: add DefaultEnvironment option This complements existing functionality of setting variables through 'systemctl set-environment', the kernel command line, and through normal environment variables for systemd in session mode.
2013-06-09 07:08:46 +02:00
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
if (u) {
r = unit_full_printf(u, word, &k);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r,
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
"Failed to resolve unit specifiers in %s, ignoring: %m", word);
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
continue;
}
macro: introduce TAKE_PTR() macro This macro will read a pointer of any type, return it, and set the pointer to NULL. This is useful as an explicit concept of passing ownership of a memory area between pointers. This takes inspiration from Rust: https://doc.rust-lang.org/std/option/enum.Option.html#method.take and was suggested by Alan Jenkins (@sourcejedi). It drops ~160 lines of code from our codebase, which makes me like it. Also, I think it clarifies passing of ownership, and thus helps readability a bit (at least for the initiated who know the new macro)
2018-03-22 16:53:26 +01:00
} else
k = TAKE_PTR(word);
core: properly validate environment data from Environment= lines in unit files
2013-02-11 23:45:59 +01:00
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
if (!env_assignment_is_valid(k)) {
log_syntax(unit, LOG_ERR, filename, line, 0,
"Invalid environment assignment, ignoring: %s", k);
core: properly validate environment data from Environment= lines in unit files
2013-02-11 23:45:59 +01:00
continue;
}
core/load-fragment: modify existing environment instead of copying strv over and over
2016-10-28 03:15:59 +02:00
r = strv_env_replace(env, k);
if (r < 0)
core: properly validate environment data from Environment= lines in unit files
2013-02-11 23:45:59 +01:00
return log_oom();
core: print the right string when we fail to replace specifiers in config_parse_environ()
2017-09-12 19:47:58 +02:00
core/load-fragment: modify existing environment instead of copying strv over and over
2016-10-28 03:15:59 +02:00
k = NULL;
core: properly validate environment data from Environment= lines in unit files
2013-02-11 23:45:59 +01:00
}
execute: add EnvironmentFile= option
2010-06-18 06:06:24 +02:00
}
core: add new UnsetEnvironment= setting for unit files With this setting we can explicitly unset specific variables for processes of a unit, as last step of assembling the environment block for them. This is useful to fix #6407. While we are at it, greatly expand the documentation on how the environment block for forked off processes is assembled.
2017-09-10 12:16:44 +02:00
int config_parse_pass_environ(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
execute: Add new PassEnvironment= directive This directive allows passing environment variables from the system manager to spawned services. Variables in the system manager can be set inside a container by passing `--set-env=...` options to systemd-spawn. Tested with an on-disk test.service unit. Tested using multiple variable names on a single line, with an empty setting to clear the current list of variables, with non-existing variables. Tested using `systemd-run -p PassEnvironment=VARNAME` to confirm it works with transient units. Confirmed that `systemctl show` will display the PassEnvironment settings. Checked that man pages are generated correctly. No regressions in `make check`.
2015-09-07 08:06:53 +02:00
_cleanup_strv_free_ char **n = NULL;
size_t nlen = 0, nbufsize = 0;
core: support specifier expansion in PassEnvironment= I can't come up with any usecase for this, but let's add this here, to match what we support for Environment=. It's kind surprising if we support specifier expansion for some environment related settings, but not for others.
2017-09-12 19:48:29 +02:00
char*** passenv = data;
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
const char *p = rvalue;
core: support specifier expansion in PassEnvironment= I can't come up with any usecase for this, but let's add this here, to match what we support for Environment=. It's kind surprising if we support specifier expansion for some environment related settings, but not for others.
2017-09-12 19:48:29 +02:00
Unit *u = userdata;
execute: Add new PassEnvironment= directive This directive allows passing environment variables from the system manager to spawned services. Variables in the system manager can be set inside a container by passing `--set-env=...` options to systemd-spawn. Tested with an on-disk test.service unit. Tested using multiple variable names on a single line, with an empty setting to clear the current list of variables, with non-existing variables. Tested using `systemd-run -p PassEnvironment=VARNAME` to confirm it works with transient units. Confirmed that `systemctl show` will display the PassEnvironment settings. Checked that man pages are generated correctly. No regressions in `make check`.
2015-09-07 08:06:53 +02:00
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
if (isempty(rvalue)) {
/* Empty assignment resets the list */
*passenv = strv_free(*passenv);
return 0;
}
for (;;) {
core: support specifier expansion in PassEnvironment= I can't come up with any usecase for this, but let's add this here, to match what we support for Environment=. It's kind surprising if we support specifier expansion for some environment related settings, but not for others.
2017-09-12 19:48:29 +02:00
_cleanup_free_ char *word = NULL, *k = NULL;
execute: Add new PassEnvironment= directive This directive allows passing environment variables from the system manager to spawned services. Variables in the system manager can be set inside a container by passing `--set-env=...` options to systemd-spawn. Tested with an on-disk test.service unit. Tested using multiple variable names on a single line, with an empty setting to clear the current list of variables, with non-existing variables. Tested using `systemd-run -p PassEnvironment=VARNAME` to confirm it works with transient units. Confirmed that `systemctl show` will display the PassEnvironment settings. Checked that man pages are generated correctly. No regressions in `make check`.
2015-09-07 08:06:53 +02:00
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
r = extract_first_word(&p, &word, NULL, EXTRACT_QUOTES);
execute: Add new PassEnvironment= directive This directive allows passing environment variables from the system manager to spawned services. Variables in the system manager can be set inside a container by passing `--set-env=...` options to systemd-spawn. Tested with an on-disk test.service unit. Tested using multiple variable names on a single line, with an empty setting to clear the current list of variables, with non-existing variables. Tested using `systemd-run -p PassEnvironment=VARNAME` to confirm it works with transient units. Confirmed that `systemctl show` will display the PassEnvironment settings. Checked that man pages are generated correctly. No regressions in `make check`.
2015-09-07 08:06:53 +02:00
if (r == 0)
break;
if (r == -ENOMEM)
return log_oom();
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r,
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
"Trailing garbage in %s, ignoring: %s", lvalue, rvalue);
execute: Add new PassEnvironment= directive This directive allows passing environment variables from the system manager to spawned services. Variables in the system manager can be set inside a container by passing `--set-env=...` options to systemd-spawn. Tested with an on-disk test.service unit. Tested using multiple variable names on a single line, with an empty setting to clear the current list of variables, with non-existing variables. Tested using `systemd-run -p PassEnvironment=VARNAME` to confirm it works with transient units. Confirmed that `systemctl show` will display the PassEnvironment settings. Checked that man pages are generated correctly. No regressions in `make check`.
2015-09-07 08:06:53 +02:00
break;
}
core: support specifier expansion in PassEnvironment= I can't come up with any usecase for this, but let's add this here, to match what we support for Environment=. It's kind surprising if we support specifier expansion for some environment related settings, but not for others.
2017-09-12 19:48:29 +02:00
if (u) {
r = unit_full_printf(u, word, &k);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r,
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
"Failed to resolve specifiers in %s, ignoring: %m", word);
core: support specifier expansion in PassEnvironment= I can't come up with any usecase for this, but let's add this here, to match what we support for Environment=. It's kind surprising if we support specifier expansion for some environment related settings, but not for others.
2017-09-12 19:48:29 +02:00
continue;
}
macro: introduce TAKE_PTR() macro This macro will read a pointer of any type, return it, and set the pointer to NULL. This is useful as an explicit concept of passing ownership of a memory area between pointers. This takes inspiration from Rust: https://doc.rust-lang.org/std/option/enum.Option.html#method.take and was suggested by Alan Jenkins (@sourcejedi). It drops ~160 lines of code from our codebase, which makes me like it. Also, I think it clarifies passing of ownership, and thus helps readability a bit (at least for the initiated who know the new macro)
2018-03-22 16:53:26 +01:00
} else
k = TAKE_PTR(word);
core: support specifier expansion in PassEnvironment= I can't come up with any usecase for this, but let's add this here, to match what we support for Environment=. It's kind surprising if we support specifier expansion for some environment related settings, but not for others.
2017-09-12 19:48:29 +02:00
if (!env_name_is_valid(k)) {
log_syntax(unit, LOG_ERR, filename, line, 0,
"Invalid environment name for %s, ignoring: %s", lvalue, k);
execute: Add new PassEnvironment= directive This directive allows passing environment variables from the system manager to spawned services. Variables in the system manager can be set inside a container by passing `--set-env=...` options to systemd-spawn. Tested with an on-disk test.service unit. Tested using multiple variable names on a single line, with an empty setting to clear the current list of variables, with non-existing variables. Tested using `systemd-run -p PassEnvironment=VARNAME` to confirm it works with transient units. Confirmed that `systemctl show` will display the PassEnvironment settings. Checked that man pages are generated correctly. No regressions in `make check`.
2015-09-07 08:06:53 +02:00
continue;
}
if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
return log_oom();
core: support specifier expansion in PassEnvironment= I can't come up with any usecase for this, but let's add this here, to match what we support for Environment=. It's kind surprising if we support specifier expansion for some environment related settings, but not for others.
2017-09-12 19:48:29 +02:00
tree-wide: use TAKE_PTR() and TAKE_FD() macros
2018-04-05 07:26:26 +02:00
n[nlen++] = TAKE_PTR(k);
execute: Add new PassEnvironment= directive This directive allows passing environment variables from the system manager to spawned services. Variables in the system manager can be set inside a container by passing `--set-env=...` options to systemd-spawn. Tested with an on-disk test.service unit. Tested using multiple variable names on a single line, with an empty setting to clear the current list of variables, with non-existing variables. Tested using `systemd-run -p PassEnvironment=VARNAME` to confirm it works with transient units. Confirmed that `systemctl show` will display the PassEnvironment settings. Checked that man pages are generated correctly. No regressions in `make check`.
2015-09-07 08:06:53 +02:00
n[nlen] = NULL;
}
if (n) {
r = strv_extend_strv(passenv, n, true);
if (r < 0)
return r;
}
return 0;
}
core: add new UnsetEnvironment= setting for unit files With this setting we can explicitly unset specific variables for processes of a unit, as last step of assembling the environment block for them. This is useful to fix #6407. While we are at it, greatly expand the documentation on how the environment block for forked off processes is assembled.
2017-09-10 12:16:44 +02:00
int config_parse_unset_environ(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
_cleanup_strv_free_ char **n = NULL;
size_t nlen = 0, nbufsize = 0;
char*** unsetenv = data;
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
const char *p = rvalue;
core: add new UnsetEnvironment= setting for unit files With this setting we can explicitly unset specific variables for processes of a unit, as last step of assembling the environment block for them. This is useful to fix #6407. While we are at it, greatly expand the documentation on how the environment block for forked off processes is assembled.
2017-09-10 12:16:44 +02:00
Unit *u = userdata;
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
if (isempty(rvalue)) {
/* Empty assignment resets the list */
*unsetenv = strv_free(*unsetenv);
return 0;
}
for (;;) {
_cleanup_free_ char *word = NULL, *k = NULL;
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_QUOTES);
core: add new UnsetEnvironment= setting for unit files With this setting we can explicitly unset specific variables for processes of a unit, as last step of assembling the environment block for them. This is useful to fix #6407. While we are at it, greatly expand the documentation on how the environment block for forked off processes is assembled.
2017-09-10 12:16:44 +02:00
if (r == 0)
break;
if (r == -ENOMEM)
return log_oom();
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r,
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
"Trailing garbage in %s, ignoring: %s", lvalue, rvalue);
core: add new UnsetEnvironment= setting for unit files With this setting we can explicitly unset specific variables for processes of a unit, as last step of assembling the environment block for them. This is useful to fix #6407. While we are at it, greatly expand the documentation on how the environment block for forked off processes is assembled.
2017-09-10 12:16:44 +02:00
break;
}
if (u) {
r = unit_full_printf(u, word, &k);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r,
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
"Failed to resolve unit specifiers in %s, ignoring: %m", word);
core: add new UnsetEnvironment= setting for unit files With this setting we can explicitly unset specific variables for processes of a unit, as last step of assembling the environment block for them. This is useful to fix #6407. While we are at it, greatly expand the documentation on how the environment block for forked off processes is assembled.
2017-09-10 12:16:44 +02:00
continue;
}
macro: introduce TAKE_PTR() macro This macro will read a pointer of any type, return it, and set the pointer to NULL. This is useful as an explicit concept of passing ownership of a memory area between pointers. This takes inspiration from Rust: https://doc.rust-lang.org/std/option/enum.Option.html#method.take and was suggested by Alan Jenkins (@sourcejedi). It drops ~160 lines of code from our codebase, which makes me like it. Also, I think it clarifies passing of ownership, and thus helps readability a bit (at least for the initiated who know the new macro)
2018-03-22 16:53:26 +01:00
} else
k = TAKE_PTR(word);
core: add new UnsetEnvironment= setting for unit files With this setting we can explicitly unset specific variables for processes of a unit, as last step of assembling the environment block for them. This is useful to fix #6407. While we are at it, greatly expand the documentation on how the environment block for forked off processes is assembled.
2017-09-10 12:16:44 +02:00
if (!env_assignment_is_valid(k) && !env_name_is_valid(k)) {
log_syntax(unit, LOG_ERR, filename, line, 0,
"Invalid environment name or assignment %s, ignoring: %s", lvalue, k);
continue;
}
if (!GREEDY_REALLOC(n, nbufsize, nlen + 2))
return log_oom();
tree-wide: use TAKE_PTR() and TAKE_FD() macros
2018-04-05 07:26:26 +02:00
n[nlen++] = TAKE_PTR(k);
core: add new UnsetEnvironment= setting for unit files With this setting we can explicitly unset specific variables for processes of a unit, as last step of assembling the environment block for them. This is useful to fix #6407. While we are at it, greatly expand the documentation on how the environment block for forked off processes is assembled.
2017-09-10 12:16:44 +02:00
n[nlen] = NULL;
}
if (n) {
r = strv_extend_strv(unsetenv, n, true);
if (r < 0)
return r;
}
return 0;
}
core: implement /run/systemd/units/-based path for passing unit info from PID 1 to journald And let's make use of it to implement two new unit settings with it: 1. LogLevelMax= is a new per-unit setting that may be used to configure log priority filtering: set it to LogLevelMax=notice and only messages of level "notice" and lower (i.e. more important) will be processed, all others are dropped. 2. LogExtraFields= is a new per-unit setting for configuring per-unit journal fields, that are implicitly included in every log record generated by the unit's processes. It takes field/value pairs in the form of FOO=BAR. Also, related to this, one exisiting unit setting is ported to this new facility: 3. The invocation ID is now pulled from /run/systemd/units/ instead of cgroupfs xattrs. This substantially relaxes requirements of systemd on the kernel version and the privileges it runs with (specifically, cgroupfs xattrs are not available in containers, since they are stored in kernel memory, and hence are unsafe to permit to lesser privileged code). /run/systemd/units/ is a new directory, which contains a number of files and symlinks encoding the above information. PID 1 creates and manages these files, and journald reads them from there. Note that this is supposed to be a direct path between PID 1 and the journal only, due to the special runtime environment the journal runs in. Normally, today we shouldn't introduce new interfaces that (mis-)use a file system as IPC framework, and instead just an IPC system, but this is very hard to do between the journal and PID 1, as long as the IPC system is a subject PID 1 manages, and itself a client to the journal. This patch cleans up a couple of types used in journal code: specifically we switch to size_t for a couple of memory-sizing values, as size_t is the right choice for everything that is memory. Fixes: #4089 Fixes: #3041 Fixes: #4441
2017-11-02 19:43:32 +01:00
int config_parse_log_extra_fields(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
ExecContext *c = data;
Unit *u = userdata;
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
const char *p = rvalue;
core: implement /run/systemd/units/-based path for passing unit info from PID 1 to journald And let's make use of it to implement two new unit settings with it: 1. LogLevelMax= is a new per-unit setting that may be used to configure log priority filtering: set it to LogLevelMax=notice and only messages of level "notice" and lower (i.e. more important) will be processed, all others are dropped. 2. LogExtraFields= is a new per-unit setting for configuring per-unit journal fields, that are implicitly included in every log record generated by the unit's processes. It takes field/value pairs in the form of FOO=BAR. Also, related to this, one exisiting unit setting is ported to this new facility: 3. The invocation ID is now pulled from /run/systemd/units/ instead of cgroupfs xattrs. This substantially relaxes requirements of systemd on the kernel version and the privileges it runs with (specifically, cgroupfs xattrs are not available in containers, since they are stored in kernel memory, and hence are unsafe to permit to lesser privileged code). /run/systemd/units/ is a new directory, which contains a number of files and symlinks encoding the above information. PID 1 creates and manages these files, and journald reads them from there. Note that this is supposed to be a direct path between PID 1 and the journal only, due to the special runtime environment the journal runs in. Normally, today we shouldn't introduce new interfaces that (mis-)use a file system as IPC framework, and instead just an IPC system, but this is very hard to do between the journal and PID 1, as long as the IPC system is a subject PID 1 manages, and itself a client to the journal. This patch cleans up a couple of types used in journal code: specifically we switch to size_t for a couple of memory-sizing values, as size_t is the right choice for everything that is memory. Fixes: #4089 Fixes: #3041 Fixes: #4441
2017-11-02 19:43:32 +01:00
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(c);
if (isempty(rvalue)) {
exec_context_free_log_extra_fields(c);
return 0;
}
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
for (;;) {
core: implement /run/systemd/units/-based path for passing unit info from PID 1 to journald And let's make use of it to implement two new unit settings with it: 1. LogLevelMax= is a new per-unit setting that may be used to configure log priority filtering: set it to LogLevelMax=notice and only messages of level "notice" and lower (i.e. more important) will be processed, all others are dropped. 2. LogExtraFields= is a new per-unit setting for configuring per-unit journal fields, that are implicitly included in every log record generated by the unit's processes. It takes field/value pairs in the form of FOO=BAR. Also, related to this, one exisiting unit setting is ported to this new facility: 3. The invocation ID is now pulled from /run/systemd/units/ instead of cgroupfs xattrs. This substantially relaxes requirements of systemd on the kernel version and the privileges it runs with (specifically, cgroupfs xattrs are not available in containers, since they are stored in kernel memory, and hence are unsafe to permit to lesser privileged code). /run/systemd/units/ is a new directory, which contains a number of files and symlinks encoding the above information. PID 1 creates and manages these files, and journald reads them from there. Note that this is supposed to be a direct path between PID 1 and the journal only, due to the special runtime environment the journal runs in. Normally, today we shouldn't introduce new interfaces that (mis-)use a file system as IPC framework, and instead just an IPC system, but this is very hard to do between the journal and PID 1, as long as the IPC system is a subject PID 1 manages, and itself a client to the journal. This patch cleans up a couple of types used in journal code: specifically we switch to size_t for a couple of memory-sizing values, as size_t is the right choice for everything that is memory. Fixes: #4089 Fixes: #3041 Fixes: #4441
2017-11-02 19:43:32 +01:00
_cleanup_free_ char *word = NULL, *k = NULL;
struct iovec *t;
const char *eq;
r = extract_first_word(&p, &word, NULL, EXTRACT_CUNESCAPE|EXTRACT_QUOTES);
if (r == 0)
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
return 0;
core: implement /run/systemd/units/-based path for passing unit info from PID 1 to journald And let's make use of it to implement two new unit settings with it: 1. LogLevelMax= is a new per-unit setting that may be used to configure log priority filtering: set it to LogLevelMax=notice and only messages of level "notice" and lower (i.e. more important) will be processed, all others are dropped. 2. LogExtraFields= is a new per-unit setting for configuring per-unit journal fields, that are implicitly included in every log record generated by the unit's processes. It takes field/value pairs in the form of FOO=BAR. Also, related to this, one exisiting unit setting is ported to this new facility: 3. The invocation ID is now pulled from /run/systemd/units/ instead of cgroupfs xattrs. This substantially relaxes requirements of systemd on the kernel version and the privileges it runs with (specifically, cgroupfs xattrs are not available in containers, since they are stored in kernel memory, and hence are unsafe to permit to lesser privileged code). /run/systemd/units/ is a new directory, which contains a number of files and symlinks encoding the above information. PID 1 creates and manages these files, and journald reads them from there. Note that this is supposed to be a direct path between PID 1 and the journal only, due to the special runtime environment the journal runs in. Normally, today we shouldn't introduce new interfaces that (mis-)use a file system as IPC framework, and instead just an IPC system, but this is very hard to do between the journal and PID 1, as long as the IPC system is a subject PID 1 manages, and itself a client to the journal. This patch cleans up a couple of types used in journal code: specifically we switch to size_t for a couple of memory-sizing values, as size_t is the right choice for everything that is memory. Fixes: #4089 Fixes: #3041 Fixes: #4441
2017-11-02 19:43:32 +01:00
if (r == -ENOMEM)
return log_oom();
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
return 0;
}
r = unit_full_printf(u, word, &k);
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", word);
core: implement /run/systemd/units/-based path for passing unit info from PID 1 to journald And let's make use of it to implement two new unit settings with it: 1. LogLevelMax= is a new per-unit setting that may be used to configure log priority filtering: set it to LogLevelMax=notice and only messages of level "notice" and lower (i.e. more important) will be processed, all others are dropped. 2. LogExtraFields= is a new per-unit setting for configuring per-unit journal fields, that are implicitly included in every log record generated by the unit's processes. It takes field/value pairs in the form of FOO=BAR. Also, related to this, one exisiting unit setting is ported to this new facility: 3. The invocation ID is now pulled from /run/systemd/units/ instead of cgroupfs xattrs. This substantially relaxes requirements of systemd on the kernel version and the privileges it runs with (specifically, cgroupfs xattrs are not available in containers, since they are stored in kernel memory, and hence are unsafe to permit to lesser privileged code). /run/systemd/units/ is a new directory, which contains a number of files and symlinks encoding the above information. PID 1 creates and manages these files, and journald reads them from there. Note that this is supposed to be a direct path between PID 1 and the journal only, due to the special runtime environment the journal runs in. Normally, today we shouldn't introduce new interfaces that (mis-)use a file system as IPC framework, and instead just an IPC system, but this is very hard to do between the journal and PID 1, as long as the IPC system is a subject PID 1 manages, and itself a client to the journal. This patch cleans up a couple of types used in journal code: specifically we switch to size_t for a couple of memory-sizing values, as size_t is the right choice for everything that is memory. Fixes: #4089 Fixes: #3041 Fixes: #4441
2017-11-02 19:43:32 +01:00
continue;
}
eq = strchr(k, '=');
if (!eq) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Log field lacks '=' character, ignoring: %s", k);
core: implement /run/systemd/units/-based path for passing unit info from PID 1 to journald And let's make use of it to implement two new unit settings with it: 1. LogLevelMax= is a new per-unit setting that may be used to configure log priority filtering: set it to LogLevelMax=notice and only messages of level "notice" and lower (i.e. more important) will be processed, all others are dropped. 2. LogExtraFields= is a new per-unit setting for configuring per-unit journal fields, that are implicitly included in every log record generated by the unit's processes. It takes field/value pairs in the form of FOO=BAR. Also, related to this, one exisiting unit setting is ported to this new facility: 3. The invocation ID is now pulled from /run/systemd/units/ instead of cgroupfs xattrs. This substantially relaxes requirements of systemd on the kernel version and the privileges it runs with (specifically, cgroupfs xattrs are not available in containers, since they are stored in kernel memory, and hence are unsafe to permit to lesser privileged code). /run/systemd/units/ is a new directory, which contains a number of files and symlinks encoding the above information. PID 1 creates and manages these files, and journald reads them from there. Note that this is supposed to be a direct path between PID 1 and the journal only, due to the special runtime environment the journal runs in. Normally, today we shouldn't introduce new interfaces that (mis-)use a file system as IPC framework, and instead just an IPC system, but this is very hard to do between the journal and PID 1, as long as the IPC system is a subject PID 1 manages, and itself a client to the journal. This patch cleans up a couple of types used in journal code: specifically we switch to size_t for a couple of memory-sizing values, as size_t is the right choice for everything that is memory. Fixes: #4089 Fixes: #3041 Fixes: #4441
2017-11-02 19:43:32 +01:00
continue;
}
if (!journal_field_valid(k, eq-k, false)) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Log field name is invalid, ignoring: %s", k);
core: implement /run/systemd/units/-based path for passing unit info from PID 1 to journald And let's make use of it to implement two new unit settings with it: 1. LogLevelMax= is a new per-unit setting that may be used to configure log priority filtering: set it to LogLevelMax=notice and only messages of level "notice" and lower (i.e. more important) will be processed, all others are dropped. 2. LogExtraFields= is a new per-unit setting for configuring per-unit journal fields, that are implicitly included in every log record generated by the unit's processes. It takes field/value pairs in the form of FOO=BAR. Also, related to this, one exisiting unit setting is ported to this new facility: 3. The invocation ID is now pulled from /run/systemd/units/ instead of cgroupfs xattrs. This substantially relaxes requirements of systemd on the kernel version and the privileges it runs with (specifically, cgroupfs xattrs are not available in containers, since they are stored in kernel memory, and hence are unsafe to permit to lesser privileged code). /run/systemd/units/ is a new directory, which contains a number of files and symlinks encoding the above information. PID 1 creates and manages these files, and journald reads them from there. Note that this is supposed to be a direct path between PID 1 and the journal only, due to the special runtime environment the journal runs in. Normally, today we shouldn't introduce new interfaces that (mis-)use a file system as IPC framework, and instead just an IPC system, but this is very hard to do between the journal and PID 1, as long as the IPC system is a subject PID 1 manages, and itself a client to the journal. This patch cleans up a couple of types used in journal code: specifically we switch to size_t for a couple of memory-sizing values, as size_t is the right choice for everything that is memory. Fixes: #4089 Fixes: #3041 Fixes: #4441
2017-11-02 19:43:32 +01:00
continue;
}
tree-wide: use reallocarray instead of our home-grown realloc_multiply (#8279) There isn't much difference, but in general we prefer to use the standard functions. glibc provides reallocarray since version 2.26. I moved explicit_bzero is configure test to the bottom, so that the two stdlib functions are at the bottom.
2018-02-26 21:20:00 +01:00
t = reallocarray(c->log_extra_fields, c->n_log_extra_fields+1, sizeof(struct iovec));
core: implement /run/systemd/units/-based path for passing unit info from PID 1 to journald And let's make use of it to implement two new unit settings with it: 1. LogLevelMax= is a new per-unit setting that may be used to configure log priority filtering: set it to LogLevelMax=notice and only messages of level "notice" and lower (i.e. more important) will be processed, all others are dropped. 2. LogExtraFields= is a new per-unit setting for configuring per-unit journal fields, that are implicitly included in every log record generated by the unit's processes. It takes field/value pairs in the form of FOO=BAR. Also, related to this, one exisiting unit setting is ported to this new facility: 3. The invocation ID is now pulled from /run/systemd/units/ instead of cgroupfs xattrs. This substantially relaxes requirements of systemd on the kernel version and the privileges it runs with (specifically, cgroupfs xattrs are not available in containers, since they are stored in kernel memory, and hence are unsafe to permit to lesser privileged code). /run/systemd/units/ is a new directory, which contains a number of files and symlinks encoding the above information. PID 1 creates and manages these files, and journald reads them from there. Note that this is supposed to be a direct path between PID 1 and the journal only, due to the special runtime environment the journal runs in. Normally, today we shouldn't introduce new interfaces that (mis-)use a file system as IPC framework, and instead just an IPC system, but this is very hard to do between the journal and PID 1, as long as the IPC system is a subject PID 1 manages, and itself a client to the journal. This patch cleans up a couple of types used in journal code: specifically we switch to size_t for a couple of memory-sizing values, as size_t is the right choice for everything that is memory. Fixes: #4089 Fixes: #3041 Fixes: #4441
2017-11-02 19:43:32 +01:00
if (!t)
return log_oom();
c->log_extra_fields = t;
c->log_extra_fields[c->n_log_extra_fields++] = IOVEC_MAKE_STRING(k);
k = NULL;
}
}
core: introduce the concept of AssertXYZ= similar to ConditionXYZ=, but fatal for a start job if not met
2014-11-06 13:43:45 +01:00
int config_parse_unit_condition_path(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
unit: add minimal condition checker for unit startup
2010-10-13 02:15:41 +02:00
macro: introduce _cleanup_free_ macro for automatic freeing of scoped vars and make use of it
2012-09-13 22:30:26 +02:00
_cleanup_free_ char *p = NULL;
core: introduce the concept of AssertXYZ= similar to ConditionXYZ=, but fatal for a start job if not met
2014-11-06 13:43:45 +01:00
Condition **list = data, *c;
ConditionType t = ltype;
bool trigger, negate;
Unit *u = userdata;
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
int r;
unit: add minimal condition checker for unit startup
2010-10-13 02:15:41 +02:00
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
if (isempty(rvalue)) {
/* Empty assignment resets the list */
tree-wide: make condition_free_list return NULL
2014-12-18 18:33:05 +01:00
*list = condition_free_list(*list);
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
return 0;
}
unit: introduce ConditionPathIsMountPoint=
2011-09-21 00:44:51 +02:00
trigger = rvalue[0] == '|';
if (trigger)
unit: distuingish mandatory from triggering conditions
2011-03-08 03:04:47 +01:00
rvalue++;
unit: introduce ConditionPathIsMountPoint=
2011-09-21 00:44:51 +02:00
negate = rvalue[0] == '!';
if (negate)
unit: add minimal condition checker for unit startup
2010-10-13 02:15:41 +02:00
rvalue++;
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
r = unit_full_printf(u, rvalue, &p);
core: introduce the concept of AssertXYZ= similar to ConditionXYZ=, but fatal for a start job if not met
2014-11-06 13:43:45 +01:00
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
core: introduce the concept of AssertXYZ= similar to ConditionXYZ=, but fatal for a start job if not met
2014-11-06 13:43:45 +01:00
return 0;
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
}
load-fragment: Expand specifiers in conditions. Add specifier expansion to Path and String conditions. Specifier expansion for conditions will help create instance and user session units by allowing us to template conditions based on the instance or user session parameters. An example would be a system-wide user session service file that conditionally runs based on whether a user has the service configured through a configuration file in ~/.config/.
2012-09-13 21:34:25 +02:00
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
r = path_simplify_and_warn(p, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
if (r < 0)
unit: add minimal condition checker for unit startup
2010-10-13 02:15:41 +02:00
return 0;
core: introduce the concept of AssertXYZ= similar to ConditionXYZ=, but fatal for a start job if not met
2014-11-06 13:43:45 +01:00
c = condition_new(t, p, trigger, negate);
unit: introduce ConditionPathIsMountPoint=
2011-09-21 00:44:51 +02:00
if (!c)
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
return log_oom();
unit: add minimal condition checker for unit startup
2010-10-13 02:15:41 +02:00
core: introduce the concept of AssertXYZ= similar to ConditionXYZ=, but fatal for a start job if not met
2014-11-06 13:43:45 +01:00
LIST_PREPEND(conditions, *list, c);
unit: add minimal condition checker for unit startup
2010-10-13 02:15:41 +02:00
return 0;
}
core: introduce the concept of AssertXYZ= similar to ConditionXYZ=, but fatal for a start job if not met
2014-11-06 13:43:45 +01:00
int config_parse_unit_condition_string(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
unit: introduce ConditionVirtualization=
2011-02-21 22:07:55 +01:00
macro: introduce _cleanup_free_ macro for automatic freeing of scoped vars and make use of it
2012-09-13 22:30:26 +02:00
_cleanup_free_ char *s = NULL;
core: introduce the concept of AssertXYZ= similar to ConditionXYZ=, but fatal for a start job if not met
2014-11-06 13:43:45 +01:00
Condition **list = data, *c;
ConditionType t = ltype;
bool trigger, negate;
Unit *u = userdata;
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
int r;
unit: introduce ConditionVirtualization=
2011-02-21 22:07:55 +01:00
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
if (isempty(rvalue)) {
/* Empty assignment resets the list */
tree-wide: make condition_free_list return NULL
2014-12-18 18:33:05 +01:00
*list = condition_free_list(*list);
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
return 0;
}
unit: add new ConditionHost= condition type
2012-08-22 01:51:53 +02:00
trigger = rvalue[0] == '|';
if (trigger)
unit: distuingish mandatory from triggering conditions
2011-03-08 03:04:47 +01:00
rvalue++;
unit: add new ConditionHost= condition type
2012-08-22 01:51:53 +02:00
negate = rvalue[0] == '!';
if (negate)
unit: introduce ConditionVirtualization=
2011-02-21 22:07:55 +01:00
rvalue++;
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
r = unit_full_printf(u, rvalue, &s);
core: introduce the concept of AssertXYZ= similar to ConditionXYZ=, but fatal for a start job if not met
2014-11-06 13:43:45 +01:00
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue);
core: introduce the concept of AssertXYZ= similar to ConditionXYZ=, but fatal for a start job if not met
2014-11-06 13:43:45 +01:00
return 0;
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
}
load-fragment: Expand specifiers in conditions. Add specifier expansion to Path and String conditions. Specifier expansion for conditions will help create instance and user session units by allowing us to template conditions based on the instance or user session parameters. An example would be a system-wide user session service file that conditionally runs based on whether a user has the service configured through a configuration file in ~/.config/.
2012-09-13 21:34:25 +02:00
core: introduce the concept of AssertXYZ= similar to ConditionXYZ=, but fatal for a start job if not met
2014-11-06 13:43:45 +01:00
c = condition_new(t, s, trigger, negate);
unit: add new ConditionHost= condition type
2012-08-22 01:51:53 +02:00
if (!c)
return log_oom();
unit: introduce ConditionVirtualization=
2011-02-21 22:07:55 +01:00
core: introduce the concept of AssertXYZ= similar to ConditionXYZ=, but fatal for a start job if not met
2014-11-06 13:43:45 +01:00
LIST_PREPEND(conditions, *list, c);
unit: introduce ConditionVirtualization=
2011-02-21 22:07:55 +01:00
return 0;
}
core: introduce the concept of AssertXYZ= similar to ConditionXYZ=, but fatal for a start job if not met
2014-11-06 13:43:45 +01:00
int config_parse_unit_condition_null(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
unit: add ConditionNull= condition
2010-11-10 22:28:19 +01:00
core: introduce the concept of AssertXYZ= similar to ConditionXYZ=, but fatal for a start job if not met
2014-11-06 13:43:45 +01:00
Condition **list = data, *c;
unit: distuingish mandatory from triggering conditions
2011-03-08 03:04:47 +01:00
bool trigger, negate;
unit: add ConditionNull= condition
2010-11-10 22:28:19 +01:00
int b;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
if (isempty(rvalue)) {
/* Empty assignment resets the list */
tree-wide: make condition_free_list return NULL
2014-12-18 18:33:05 +01:00
*list = condition_free_list(*list);
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
return 0;
}
trigger = rvalue[0] == '|';
if (trigger)
unit: distuingish mandatory from triggering conditions
2011-03-08 03:04:47 +01:00
rvalue++;
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
negate = rvalue[0] == '!';
if (negate)
unit: add ConditionNull= condition
2010-11-10 22:28:19 +01:00
rvalue++;
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
b = parse_boolean(rvalue);
if (b < 0) {
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
log_syntax(unit, LOG_ERR, filename, line, b, "Failed to parse boolean value in condition, ignoring: %s", rvalue);
unit: add ConditionNull= condition
2010-11-10 22:28:19 +01:00
return 0;
}
if (!b)
negate = !negate;
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
c = condition_new(CONDITION_NULL, NULL, trigger, negate);
if (!c)
return log_oom();
unit: add ConditionNull= condition
2010-11-10 22:28:19 +01:00
core: introduce the concept of AssertXYZ= similar to ConditionXYZ=, but fatal for a start job if not met
2014-11-06 13:43:45 +01:00
LIST_PREPEND(conditions, *list, c);
unit: add ConditionNull= condition
2010-11-10 22:28:19 +01:00
return 0;
}
core: rework how we match mount units against each other Previously to automatically create dependencies between mount units we matched every mount unit agains all others resulting in O(n^2) complexity. On setups with large amounts of mount units this might make things slow. This change replaces the matching code to use a hashtable that is keyed by a path prefix, and points to a set of units that require that path to be around. When a new mount unit is installed it is hence sufficient to simply look up this set of units via its own file system paths to know which units to order after itself. This patch also changes all unit types to only create automatic mount dependencies via the RequiresMountsFor= logic, and this is exposed to the outside to make things more transparent. With this change we still have some O(n) complexities in place when handling mounts, but that's currently unavoidable due to kernel APIs, and still substantially better than O(n^2) as before. https://bugs.freedesktop.org/show_bug.cgi?id=69740
2013-09-26 20:14:24 +02:00
int config_parse_unit_requires_mounts_for(
const char *unit,
const char *filename,
unsigned line,
const char *section,
conf-parser: distinguish between multiple sections with the same name Pass on the line on which a section was decleared to the parsers, so they can distinguish between multiple sections (if they chose to). Currently no parsers take advantage of this, but a follow-up patch will do that to distinguish [Address] Address=192.168.0.1/24 Label=one [Address] Address=192.168.0.2/24 Label=two from [Address] Address=192.168.0.1/24 Label=one Address=192.168.0.2/24 Label=two
2013-11-19 16:17:55 +01:00
unsigned section_line,
core: rework how we match mount units against each other Previously to automatically create dependencies between mount units we matched every mount unit agains all others resulting in O(n^2) complexity. On setups with large amounts of mount units this might make things slow. This change replaces the matching code to use a hashtable that is keyed by a path prefix, and points to a set of units that require that path to be around. When a new mount unit is installed it is hence sufficient to simply look up this set of units via its own file system paths to know which units to order after itself. This patch also changes all unit types to only create automatic mount dependencies via the RequiresMountsFor= logic, and this is exposed to the outside to make things more transparent. With this change we still have some O(n) complexities in place when handling mounts, but that's currently unavoidable due to kernel APIs, and still substantially better than O(n^2) as before. https://bugs.freedesktop.org/show_bug.cgi?id=69740
2013-09-26 20:14:24 +02:00
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
unit: add new dependency type RequiresMountsFor= RequiresMountsFor= is a shortcut for adding requires and after dependencies to all mount units neeed for the specified paths. This solves a couple of issues regarding dep loop cycles for encrypted swap.
2012-04-29 14:26:07 +02:00
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
const char *p = rvalue;
unit: add new dependency type RequiresMountsFor= RequiresMountsFor= is a shortcut for adding requires and after dependencies to all mount units neeed for the specified paths. This solves a couple of issues regarding dep loop cycles for encrypted swap.
2012-04-29 14:26:07 +02:00
Unit *u = userdata;
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
int r;
unit: add new dependency type RequiresMountsFor= RequiresMountsFor= is a shortcut for adding requires and after dependencies to all mount units neeed for the specified paths. This solves a couple of issues regarding dep loop cycles for encrypted swap.
2012-04-29 14:26:07 +02:00
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
for (;;) {
core: add specifier expansion to RequiresMountsFor= This might be useful for some people, for example to pull in mounts for paths including the machine ID or hostname.
2016-12-05 19:40:13 +01:00
_cleanup_free_ char *word = NULL, *resolved = NULL;
core: rework how we match mount units against each other Previously to automatically create dependencies between mount units we matched every mount unit agains all others resulting in O(n^2) complexity. On setups with large amounts of mount units this might make things slow. This change replaces the matching code to use a hashtable that is keyed by a path prefix, and points to a set of units that require that path to be around. When a new mount unit is installed it is hence sufficient to simply look up this set of units via its own file system paths to know which units to order after itself. This patch also changes all unit types to only create automatic mount dependencies via the RequiresMountsFor= logic, and this is exposed to the outside to make things more transparent. With this change we still have some O(n) complexities in place when handling mounts, but that's currently unavoidable due to kernel APIs, and still substantially better than O(n^2) as before. https://bugs.freedesktop.org/show_bug.cgi?id=69740
2013-09-26 20:14:24 +02:00
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
r = extract_first_word(&p, &word, NULL, EXTRACT_QUOTES);
if (r == 0)
return 0;
if (r == -ENOMEM)
core: rework how we match mount units against each other Previously to automatically create dependencies between mount units we matched every mount unit agains all others resulting in O(n^2) complexity. On setups with large amounts of mount units this might make things slow. This change replaces the matching code to use a hashtable that is keyed by a path prefix, and points to a set of units that require that path to be around. When a new mount unit is installed it is hence sufficient to simply look up this set of units via its own file system paths to know which units to order after itself. This patch also changes all unit types to only create automatic mount dependencies via the RequiresMountsFor= logic, and this is exposed to the outside to make things more transparent. With this change we still have some O(n) complexities in place when handling mounts, but that's currently unavoidable due to kernel APIs, and still substantially better than O(n^2) as before. https://bugs.freedesktop.org/show_bug.cgi?id=69740
2013-09-26 20:14:24 +02:00
return log_oom();
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Invalid syntax, ignoring: %s", rvalue);
return 0;
}
unit: add new dependency type RequiresMountsFor= RequiresMountsFor= is a shortcut for adding requires and after dependencies to all mount units neeed for the specified paths. This solves a couple of issues regarding dep loop cycles for encrypted swap.
2012-04-29 14:26:07 +02:00
core: add specifier expansion to RequiresMountsFor= This might be useful for some people, for example to pull in mounts for paths including the machine ID or hostname.
2016-12-05 19:40:13 +01:00
r = unit_full_printf(u, word, &resolved);
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", word);
core: add specifier expansion to RequiresMountsFor= This might be useful for some people, for example to pull in mounts for paths including the machine ID or hostname.
2016-12-05 19:40:13 +01:00
continue;
}
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
if (r < 0)
continue;
core: track why unit dependencies came to be This replaces the dependencies Set* objects by Hashmap* objects, where the key is the depending Unit, and the value is a bitmask encoding why the specific dependency was created. The bitmask contains a number of different, defined bits, that indicate why dependencies exist, for example whether they are created due to explicitly configured deps in files, by udev rules or implicitly. Note that memory usage is not increased by this change, even though we store more information, as we manage to encode the bit mask inside the value pointer each Hashmap entry contains. Why this all? When we know how a dependency came to be, we can update dependencies correctly when a configuration source changes but others are left unaltered. Specifically: 1. We can fix UDEV_WANTS dependency generation: so far we kept adding dependencies configured that way, but if a device lost such a dependency we couldn't them again as there was no scheme for removing of dependencies in place. 2. We can implement "pin-pointed" reload of unit files. If we know what dependencies were created as result of configuration in a unit file, then we know what to flush out when we want to reload it. 3. It's useful for debugging: "systemd-analyze dump" now shows this information, helping substantially with understanding how systemd's dependency tree came to be the way it came to be.
2017-10-25 20:46:01 +02:00
r = unit_require_mounts_for(u, resolved, UNIT_DEPENDENCY_FILE);
core: rework how we match mount units against each other Previously to automatically create dependencies between mount units we matched every mount unit agains all others resulting in O(n^2) complexity. On setups with large amounts of mount units this might make things slow. This change replaces the matching code to use a hashtable that is keyed by a path prefix, and points to a set of units that require that path to be around. When a new mount unit is installed it is hence sufficient to simply look up this set of units via its own file system paths to know which units to order after itself. This patch also changes all unit types to only create automatic mount dependencies via the RequiresMountsFor= logic, and this is exposed to the outside to make things more transparent. With this change we still have some O(n) complexities in place when handling mounts, but that's currently unavoidable due to kernel APIs, and still substantially better than O(n^2) as before. https://bugs.freedesktop.org/show_bug.cgi?id=69740
2013-09-26 20:14:24 +02:00
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to add required mount '%s', ignoring: %m", resolved);
core: rework how we match mount units against each other Previously to automatically create dependencies between mount units we matched every mount unit agains all others resulting in O(n^2) complexity. On setups with large amounts of mount units this might make things slow. This change replaces the matching code to use a hashtable that is keyed by a path prefix, and points to a set of units that require that path to be around. When a new mount unit is installed it is hence sufficient to simply look up this set of units via its own file system paths to know which units to order after itself. This patch also changes all unit types to only create automatic mount dependencies via the RequiresMountsFor= logic, and this is exposed to the outside to make things more transparent. With this change we still have some O(n) complexities in place when handling mounts, but that's currently unavoidable due to kernel APIs, and still substantially better than O(n^2) as before. https://bugs.freedesktop.org/show_bug.cgi?id=69740
2013-09-26 20:14:24 +02:00
continue;
}
}
unit: add new dependency type RequiresMountsFor= RequiresMountsFor= is a shortcut for adding requires and after dependencies to all mount units neeed for the specified paths. This solves a couple of issues regarding dep loop cycles for encrypted swap.
2012-04-29 14:26:07 +02:00
}
exec: add high-level controls for blkio cgroup attributes
2011-08-20 01:38:10 +02:00
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
int config_parse_documentation(const char *unit,
const char *filename,
unsigned line,
const char *section,
conf-parser: distinguish between multiple sections with the same name Pass on the line on which a section was decleared to the parsers, so they can distinguish between multiple sections (if they chose to). Currently no parsers take advantage of this, but a follow-up patch will do that to distinguish [Address] Address=192.168.0.1/24 Label=one [Address] Address=192.168.0.2/24 Label=two from [Address] Address=192.168.0.1/24 Label=one Address=192.168.0.2/24 Label=two
2013-11-19 16:17:55 +01:00
unsigned section_line,
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
units: introduce new Documentation= field and make use of it everywhere This should help making the boot process a bit easier to explore and understand for the administrator. The simple idea is that "systemctl status" now shows a link to documentation alongside the other status and decriptionary information of a service. This patch adds the necessary fields to all our shipped units if we have proper documentation for them.
2012-05-21 15:12:18 +02:00
Unit *u = userdata;
int r;
char **a, **b;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(u);
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
if (isempty(rvalue)) {
/* Empty assignment resets the list */
tree-wide: make use of the fact that strv_free() returns NULL Another Coccinelle patch.
2015-09-09 23:05:10 +02:00
u->documentation = strv_free(u->documentation);
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
return 0;
}
conf-parser: distinguish between multiple sections with the same name Pass on the line on which a section was decleared to the parsers, so they can distinguish between multiple sections (if they chose to). Currently no parsers take advantage of this, but a follow-up patch will do that to distinguish [Address] Address=192.168.0.1/24 Label=one [Address] Address=192.168.0.2/24 Label=two from [Address] Address=192.168.0.1/24 Label=one Address=192.168.0.2/24 Label=two
2013-11-19 16:17:55 +01:00
r = config_parse_unit_strv_printf(unit, filename, line, section, section_line, lvalue, ltype,
Report about syntax errors with metadata The information about the unit for which files are being parsed is passed all the way down. This way messages land in the journal with proper UNIT=... or USER_UNIT=... attribution. 'systemctl status' and 'journalctl -u' not displaying those messages has been a source of confusion for users, since the journal entry for a misspelt setting was often logged quite a bit earlier than the failure to start a unit. Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
2013-04-16 04:25:58 +02:00
rvalue, data, userdata);
units: introduce new Documentation= field and make use of it everywhere This should help making the boot process a bit easier to explore and understand for the administrator. The simple idea is that "systemctl status" now shows a link to documentation alongside the other status and decriptionary information of a service. This patch adds the necessary fields to all our shipped units if we have proper documentation for them.
2012-05-21 15:12:18 +02:00
if (r < 0)
return r;
for (a = b = u->documentation; a && *a; a++) {
util: make http url validity checks more generic, and move them to util.c
2015-01-19 20:45:27 +01:00
if (documentation_url_is_valid(*a))
units: introduce new Documentation= field and make use of it everywhere This should help making the boot process a bit easier to explore and understand for the administrator. The simple idea is that "systemctl status" now shows a link to documentation alongside the other status and decriptionary information of a service. This patch adds the necessary fields to all our shipped units if we have proper documentation for them.
2012-05-21 15:12:18 +02:00
*(b++) = *a;
else {
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid URL, ignoring: %s", *a);
units: introduce new Documentation= field and make use of it everywhere This should help making the boot process a bit easier to explore and understand for the administrator. The simple idea is that "systemctl status" now shows a link to documentation alongside the other status and decriptionary information of a service. This patch adds the necessary fields to all our shipped units if we have proper documentation for them.
2012-05-21 15:12:18 +02:00
free(*a);
}
}
Make sure that we don't dereference NULL The code was actually safe, because b should never be null, because if rvalue is empty, a different branch is taken. But we *do* check for NULL in the loop above, so it's better to also check here for symmetry.
2013-10-12 19:43:07 +02:00
if (b)
*b = NULL;
units: introduce new Documentation= field and make use of it everywhere This should help making the boot process a bit easier to explore and understand for the administrator. The simple idea is that "systemctl status" now shows a link to documentation alongside the other status and decriptionary information of a service. This patch adds the necessary fields to all our shipped units if we have proper documentation for them.
2012-05-21 15:12:18 +02:00
return r;
}
build-sys: use #if Y instead of #ifdef Y everywhere The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
2017-10-03 10:41:51 +02:00
#if HAVE_SECCOMP
core: rework syscall filter - Allow configuration of an errno error to return from blacklisted syscalls, instead of immediately terminating a process. - Fix parsing logic when libseccomp support is turned off - Only keep the actual syscall set in the ExecContext, and generate the string version only on demand.
2014-02-12 18:28:21 +01:00
int config_parse_syscall_filter(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
execute: support syscall filtering using seccomp filters
2012-07-17 04:17:53 +02:00
ExecContext *c = data;
Unit *u = userdata;
load-fragment: initialize bool invert before use
2012-08-20 14:33:21 +02:00
bool invert = false;
core: rework syscall filter set handling A variety of fixes: - rename the SystemCallFilterSet structure to SyscallFilterSet. So far the main instance of it (the syscall_filter_sets[] array) used to abbreviate "SystemCall" as "Syscall". Let's stick to one of the two syntaxes, and not mix and match too wildly. Let's pick the shorter name in this case, as it is sufficiently well established to not confuse hackers reading this. - Export explicit indexes into the syscall_filter_sets[] array via an enum. This way, code that wants to make use of a specific filter set, can index it directly via the enum, instead of having to search for it. This makes apply_private_devices() in particular a lot simpler. - Provide two new helper calls in seccomp-util.c: syscall_filter_set_find() to find a set by its name, seccomp_add_syscall_filter_set() to add a set to a seccomp object. - Update SystemCallFilter= parser to use extract_first_word(). Let's work on deprecating FOREACH_WORD_QUOTED(). - Simplify apply_private_devices() using this functionality
2016-10-21 21:50:05 +02:00
const char *p;
core: rework syscall filter - Allow configuration of an errno error to return from blacklisted syscalls, instead of immediately terminating a process. - Fix parsing logic when libseccomp support is turned off - Only keep the actual syscall set in the ExecContext, and generate the string version only on demand.
2014-02-12 18:28:21 +01:00
int r;
execute: support syscall filtering using seccomp filters
2012-07-17 04:17:53 +02:00
assert(filename);
assert(lvalue);
assert(rvalue);
assert(u);
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
if (isempty(rvalue)) {
/* Empty assignment resets the list */
core: add support to specify errno in SystemCallFilter= This makes each system call in SystemCallFilter= blacklist optionally takes errno name or number after a colon. The errno takes precedence over the one given by SystemCallErrorNumber=. C.f. #7173. Closes #7169.
2017-11-11 13:35:49 +01:00
c->syscall_filter = hashmap_free(c->syscall_filter);
core: rework syscall filter - Allow configuration of an errno error to return from blacklisted syscalls, instead of immediately terminating a process. - Fix parsing logic when libseccomp support is turned off - Only keep the actual syscall set in the ExecContext, and generate the string version only on demand.
2014-02-12 18:28:21 +01:00
c->syscall_whitelist = false;
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
return 0;
}
execute: support syscall filtering using seccomp filters
2012-07-17 04:17:53 +02:00
if (rvalue[0] == '~') {
invert = true;
rvalue++;
}
core: rework syscall filter - Allow configuration of an errno error to return from blacklisted syscalls, instead of immediately terminating a process. - Fix parsing logic when libseccomp support is turned off - Only keep the actual syscall set in the ExecContext, and generate the string version only on demand.
2014-02-12 18:28:21 +01:00
if (!c->syscall_filter) {
core: add support to specify errno in SystemCallFilter= This makes each system call in SystemCallFilter= blacklist optionally takes errno name or number after a colon. The errno takes precedence over the one given by SystemCallErrorNumber=. C.f. #7173. Closes #7169.
2017-11-11 13:35:49 +01:00
c->syscall_filter = hashmap_new(NULL);
core: rework syscall filter - Allow configuration of an errno error to return from blacklisted syscalls, instead of immediately terminating a process. - Fix parsing logic when libseccomp support is turned off - Only keep the actual syscall set in the ExecContext, and generate the string version only on demand.
2014-02-12 18:28:21 +01:00
if (!c->syscall_filter)
return log_oom();
syscallfilter: port to libseccomp
2014-02-12 01:29:54 +01:00
if (invert)
core: rework syscall filter - Allow configuration of an errno error to return from blacklisted syscalls, instead of immediately terminating a process. - Fix parsing logic when libseccomp support is turned off - Only keep the actual syscall set in the ExecContext, and generate the string version only on demand.
2014-02-12 18:28:21 +01:00
/* Allow everything but the ones listed */
c->syscall_whitelist = false;
syscallfilter: port to libseccomp
2014-02-12 01:29:54 +01:00
else {
core: rework syscall filter - Allow configuration of an errno error to return from blacklisted syscalls, instead of immediately terminating a process. - Fix parsing logic when libseccomp support is turned off - Only keep the actual syscall set in the ExecContext, and generate the string version only on demand.
2014-02-12 18:28:21 +01:00
/* Allow nothing but the ones listed */
c->syscall_whitelist = true;
execute: support syscall filtering using seccomp filters
2012-07-17 04:17:53 +02:00
core: rework syscall filter - Allow configuration of an errno error to return from blacklisted syscalls, instead of immediately terminating a process. - Fix parsing logic when libseccomp support is turned off - Only keep the actual syscall set in the ExecContext, and generate the string version only on demand.
2014-02-12 18:28:21 +01:00
/* Accept default syscalls if we are on a whitelist */
seccomp: rework functions for parsing system call filters This reworks system call filter parsing, and replaces a couple of "bool" function arguments by a single flags parameter. This shouldn't change behaviour, except for one case: when we recursively call our parsing function on our own syscall list, then we'll lower the log level to LOG_DEBUG from LOG_WARNING, because at that point things are just a problem in our own code rather than in the user configuration we are parsing, and we shouldn't hence generate confusing warnings about syntax errors. Fixes: #8261
2018-02-26 12:51:35 +01:00
r = seccomp_parse_syscall_filter("@default", -1, c->syscall_filter, SECCOMP_PARSE_WHITELIST);
core: add pre-defined syscall groups to SystemCallFilter= (#3053) (#3157) Implement sets of system calls to help constructing system call filters. A set starts with '@' to distinguish from a system call. Closes: #3053, #3157
2016-06-01 11:56:01 +02:00
if (r < 0)
return r;
syscallfilter: port to libseccomp
2014-02-12 01:29:54 +01:00
}
execute: support syscall filtering using seccomp filters
2012-07-17 04:17:53 +02:00
}
core: rework syscall filter set handling A variety of fixes: - rename the SystemCallFilterSet structure to SyscallFilterSet. So far the main instance of it (the syscall_filter_sets[] array) used to abbreviate "SystemCall" as "Syscall". Let's stick to one of the two syntaxes, and not mix and match too wildly. Let's pick the shorter name in this case, as it is sufficiently well established to not confuse hackers reading this. - Export explicit indexes into the syscall_filter_sets[] array via an enum. This way, code that wants to make use of a specific filter set, can index it directly via the enum, instead of having to search for it. This makes apply_private_devices() in particular a lot simpler. - Provide two new helper calls in seccomp-util.c: syscall_filter_set_find() to find a set by its name, seccomp_add_syscall_filter_set() to add a set to a seccomp object. - Update SystemCallFilter= parser to use extract_first_word(). Let's work on deprecating FOREACH_WORD_QUOTED(). - Simplify apply_private_devices() using this functionality
2016-10-21 21:50:05 +02:00
p = rvalue;
for (;;) {
core: add support to specify errno in SystemCallFilter= This makes each system call in SystemCallFilter= blacklist optionally takes errno name or number after a colon. The errno takes precedence over the one given by SystemCallErrorNumber=. C.f. #7173. Closes #7169.
2017-11-11 13:35:49 +01:00
_cleanup_free_ char *word = NULL, *name = NULL;
int num;
execute: support syscall filtering using seccomp filters
2012-07-17 04:17:53 +02:00
core: rework syscall filter set handling A variety of fixes: - rename the SystemCallFilterSet structure to SyscallFilterSet. So far the main instance of it (the syscall_filter_sets[] array) used to abbreviate "SystemCall" as "Syscall". Let's stick to one of the two syntaxes, and not mix and match too wildly. Let's pick the shorter name in this case, as it is sufficiently well established to not confuse hackers reading this. - Export explicit indexes into the syscall_filter_sets[] array via an enum. This way, code that wants to make use of a specific filter set, can index it directly via the enum, instead of having to search for it. This makes apply_private_devices() in particular a lot simpler. - Provide two new helper calls in seccomp-util.c: syscall_filter_set_find() to find a set by its name, seccomp_add_syscall_filter_set() to add a set to a seccomp object. - Update SystemCallFilter= parser to use extract_first_word(). Let's work on deprecating FOREACH_WORD_QUOTED(). - Simplify apply_private_devices() using this functionality
2016-10-21 21:50:05 +02:00
r = extract_first_word(&p, &word, NULL, 0);
if (r == 0)
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
return 0;
core: rework syscall filter set handling A variety of fixes: - rename the SystemCallFilterSet structure to SyscallFilterSet. So far the main instance of it (the syscall_filter_sets[] array) used to abbreviate "SystemCall" as "Syscall". Let's stick to one of the two syntaxes, and not mix and match too wildly. Let's pick the shorter name in this case, as it is sufficiently well established to not confuse hackers reading this. - Export explicit indexes into the syscall_filter_sets[] array via an enum. This way, code that wants to make use of a specific filter set, can index it directly via the enum, instead of having to search for it. This makes apply_private_devices() in particular a lot simpler. - Provide two new helper calls in seccomp-util.c: syscall_filter_set_find() to find a set by its name, seccomp_add_syscall_filter_set() to add a set to a seccomp object. - Update SystemCallFilter= parser to use extract_first_word(). Let's work on deprecating FOREACH_WORD_QUOTED(). - Simplify apply_private_devices() using this functionality
2016-10-21 21:50:05 +02:00
if (r == -ENOMEM)
units: for all unit settings that take lists, allow the empty string for resetting the lists https://bugzilla.redhat.com/show_bug.cgi?id=756787
2013-01-17 02:27:06 +01:00
return log_oom();
core: rework syscall filter set handling A variety of fixes: - rename the SystemCallFilterSet structure to SyscallFilterSet. So far the main instance of it (the syscall_filter_sets[] array) used to abbreviate "SystemCall" as "Syscall". Let's stick to one of the two syntaxes, and not mix and match too wildly. Let's pick the shorter name in this case, as it is sufficiently well established to not confuse hackers reading this. - Export explicit indexes into the syscall_filter_sets[] array via an enum. This way, code that wants to make use of a specific filter set, can index it directly via the enum, instead of having to search for it. This makes apply_private_devices() in particular a lot simpler. - Provide two new helper calls in seccomp-util.c: syscall_filter_set_find() to find a set by its name, seccomp_add_syscall_filter_set() to add a set to a seccomp object. - Update SystemCallFilter= parser to use extract_first_word(). Let's work on deprecating FOREACH_WORD_QUOTED(). - Simplify apply_private_devices() using this functionality
2016-10-21 21:50:05 +02:00
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
return 0;
core: rework syscall filter set handling A variety of fixes: - rename the SystemCallFilterSet structure to SyscallFilterSet. So far the main instance of it (the syscall_filter_sets[] array) used to abbreviate "SystemCall" as "Syscall". Let's stick to one of the two syntaxes, and not mix and match too wildly. Let's pick the shorter name in this case, as it is sufficiently well established to not confuse hackers reading this. - Export explicit indexes into the syscall_filter_sets[] array via an enum. This way, code that wants to make use of a specific filter set, can index it directly via the enum, instead of having to search for it. This makes apply_private_devices() in particular a lot simpler. - Provide two new helper calls in seccomp-util.c: syscall_filter_set_find() to find a set by its name, seccomp_add_syscall_filter_set() to add a set to a seccomp object. - Update SystemCallFilter= parser to use extract_first_word(). Let's work on deprecating FOREACH_WORD_QUOTED(). - Simplify apply_private_devices() using this functionality
2016-10-21 21:50:05 +02:00
}
execute: support syscall filtering using seccomp filters
2012-07-17 04:17:53 +02:00
core: add support to specify errno in SystemCallFilter= This makes each system call in SystemCallFilter= blacklist optionally takes errno name or number after a colon. The errno takes precedence over the one given by SystemCallErrorNumber=. C.f. #7173. Closes #7169.
2017-11-11 13:35:49 +01:00
r = parse_syscall_and_errno(word, &name, &num);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse syscall:errno, ignoring: %s", word);
continue;
}
seccomp: rework functions for parsing system call filters This reworks system call filter parsing, and replaces a couple of "bool" function arguments by a single flags parameter. This shouldn't change behaviour, except for one case: when we recursively call our parsing function on our own syscall list, then we'll lower the log level to LOG_DEBUG from LOG_WARNING, because at that point things are just a problem in our own code rather than in the user configuration we are parsing, and we shouldn't hence generate confusing warnings about syntax errors. Fixes: #8261
2018-02-26 12:51:35 +01:00
r = seccomp_parse_syscall_filter_full(name, num, c->syscall_filter,
SECCOMP_PARSE_LOG|SECCOMP_PARSE_PERMISSIVE|(invert ? SECCOMP_PARSE_INVERT : 0)|(c->syscall_whitelist ? SECCOMP_PARSE_WHITELIST : 0),
unit, filename, line);
core: add pre-defined syscall groups to SystemCallFilter= (#3053) (#3157) Implement sets of system calls to help constructing system call filters. A set starts with '@' to distinguish from a system call. Closes: #3053, #3157
2016-06-01 11:56:01 +02:00
if (r < 0)
return r;
syscallfilter: port to libseccomp
2014-02-12 01:29:54 +01:00
}
core: rework syscall filter - Allow configuration of an errno error to return from blacklisted syscalls, instead of immediately terminating a process. - Fix parsing logic when libseccomp support is turned off - Only keep the actual syscall set in the ExecContext, and generate the string version only on demand.
2014-02-12 18:28:21 +01:00
}
core: add SystemCallArchitectures= unit setting to allow disabling of non-native architecture support for system calls Also, turn system call filter bus properties into complex types instead of concatenated strings.
2014-02-13 00:24:00 +01:00
int config_parse_syscall_archs(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
const char *p = rvalue;
core: add a system-wide SystemCallArchitectures= setting This is useful to prohibit execution of non-native processes on systems, for example 32bit binaries on 64bit systems, this lowering the attack service on incorrect syscall and ioctl 32→64bit mappings.
2014-02-13 01:35:27 +01:00
Set **archs = data;
core: add SystemCallArchitectures= unit setting to allow disabling of non-native architecture support for system calls Also, turn system call filter bus properties into complex types instead of concatenated strings.
2014-02-13 00:24:00 +01:00
int r;
if (isempty(rvalue)) {
tree-wide: take benefit of the fact that hashmap_free() returns NULL And set_free() too. Another Coccinelle patch.
2015-09-09 23:12:07 +02:00
*archs = set_free(*archs);
core: add SystemCallArchitectures= unit setting to allow disabling of non-native architecture support for system calls Also, turn system call filter bus properties into complex types instead of concatenated strings.
2014-02-13 00:24:00 +01:00
return 0;
}
hashmap: introduce hash_ops to make struct Hashmap smaller It is redundant to store 'hash' and 'compare' function pointers in struct Hashmap separately. The functions always comprise a pair. Store a single pointer to struct hash_ops instead. systemd keeps hundreds of hashmaps, so this saves a little bit of memory.
2014-08-13 01:00:18 +02:00
r = set_ensure_allocated(archs, NULL);
core: add SystemCallArchitectures= unit setting to allow disabling of non-native architecture support for system calls Also, turn system call filter bus properties into complex types instead of concatenated strings.
2014-02-13 00:24:00 +01:00
if (r < 0)
return log_oom();
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
for (;;) {
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
_cleanup_free_ char *word = NULL;
core: add SystemCallArchitectures= unit setting to allow disabling of non-native architecture support for system calls Also, turn system call filter bus properties into complex types instead of concatenated strings.
2014-02-13 00:24:00 +01:00
uint32_t a;
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
r = extract_first_word(&p, &word, NULL, EXTRACT_QUOTES);
if (r == 0)
return 0;
if (r == -ENOMEM)
core: add SystemCallArchitectures= unit setting to allow disabling of non-native architecture support for system calls Also, turn system call filter bus properties into complex types instead of concatenated strings.
2014-02-13 00:24:00 +01:00
return log_oom();
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Invalid syntax, ignoring: %s", rvalue);
return 0;
}
core: add SystemCallArchitectures= unit setting to allow disabling of non-native architecture support for system calls Also, turn system call filter bus properties into complex types instead of concatenated strings.
2014-02-13 00:24:00 +01:00
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
r = seccomp_arch_from_string(word, &a);
core: add SystemCallArchitectures= unit setting to allow disabling of non-native architecture support for system calls Also, turn system call filter bus properties into complex types instead of concatenated strings.
2014-02-13 00:24:00 +01:00
if (r < 0) {
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
log_syntax(unit, LOG_ERR, filename, line, r,
"Failed to parse system call architecture \"%s\", ignoring: %m", word);
core: add SystemCallArchitectures= unit setting to allow disabling of non-native architecture support for system calls Also, turn system call filter bus properties into complex types instead of concatenated strings.
2014-02-13 00:24:00 +01:00
continue;
}
core: add a system-wide SystemCallArchitectures= setting This is useful to prohibit execution of non-native processes on systems, for example 32bit binaries on 64bit systems, this lowering the attack service on incorrect syscall and ioctl 32→64bit mappings.
2014-02-13 01:35:27 +01:00
r = set_put(*archs, UINT32_TO_PTR(a + 1));
core: add SystemCallArchitectures= unit setting to allow disabling of non-native architecture support for system calls Also, turn system call filter bus properties into complex types instead of concatenated strings.
2014-02-13 00:24:00 +01:00
if (r < 0)
return log_oom();
}
}
core: rework syscall filter - Allow configuration of an errno error to return from blacklisted syscalls, instead of immediately terminating a process. - Fix parsing logic when libseccomp support is turned off - Only keep the actual syscall set in the ExecContext, and generate the string version only on demand.
2014-02-12 18:28:21 +01:00
int config_parse_syscall_errno(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
ExecContext *c = data;
int e;
assert(filename);
assert(lvalue);
assert(rvalue);
if (isempty(rvalue)) {
/* Empty assignment resets to KILL */
c->syscall_errno = 0;
return 0;
execute: support syscall filtering using seccomp filters
2012-07-17 04:17:53 +02:00
}
core: allow to specify errno number in SystemCallErrorNumber=
2017-11-11 13:40:20 +01:00
e = parse_errno(rvalue);
if (e <= 0) {
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse error number, ignoring: %s", rvalue);
core: rework syscall filter - Allow configuration of an errno error to return from blacklisted syscalls, instead of immediately terminating a process. - Fix parsing logic when libseccomp support is turned off - Only keep the actual syscall set in the ExecContext, and generate the string version only on demand.
2014-02-12 18:28:21 +01:00
return 0;
}
execute: support syscall filtering using seccomp filters
2012-07-17 04:17:53 +02:00
core: rework syscall filter - Allow configuration of an errno error to return from blacklisted syscalls, instead of immediately terminating a process. - Fix parsing logic when libseccomp support is turned off - Only keep the actual syscall set in the ExecContext, and generate the string version only on demand.
2014-02-12 18:28:21 +01:00
c->syscall_errno = e;
execute: support syscall filtering using seccomp filters
2012-07-17 04:17:53 +02:00
return 0;
}
core: add new RestrictAddressFamilies= switch This new unit settings allows restricting which address families are available to processes. This is an effective way to minimize the attack surface of services, by turning off entire network stacks for them. This is based on seccomp, and does not work on x86-32, since seccomp cannot filter socketcall() syscalls on that platform.
2014-02-25 20:37:03 +01:00
int config_parse_address_families(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
ExecContext *c = data;
bool invert = false;
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
const char *p;
core: add new RestrictAddressFamilies= switch This new unit settings allows restricting which address families are available to processes. This is an effective way to minimize the attack surface of services, by turning off entire network stacks for them. This is based on seccomp, and does not work on x86-32, since seccomp cannot filter socketcall() syscalls on that platform.
2014-02-25 20:37:03 +01:00
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
if (isempty(rvalue)) {
/* Empty assignment resets the list */
tree-wide: take benefit of the fact that hashmap_free() returns NULL And set_free() too. Another Coccinelle patch.
2015-09-09 23:12:07 +02:00
c->address_families = set_free(c->address_families);
core: add new RestrictAddressFamilies= switch This new unit settings allows restricting which address families are available to processes. This is an effective way to minimize the attack surface of services, by turning off entire network stacks for them. This is based on seccomp, and does not work on x86-32, since seccomp cannot filter socketcall() syscalls on that platform.
2014-02-25 20:37:03 +01:00
c->address_families_whitelist = false;
return 0;
}
if (rvalue[0] == '~') {
invert = true;
rvalue++;
}
if (!c->address_families) {
hashmap: introduce hash_ops to make struct Hashmap smaller It is redundant to store 'hash' and 'compare' function pointers in struct Hashmap separately. The functions always comprise a pair. Store a single pointer to struct hash_ops instead. systemd keeps hundreds of hashmaps, so this saves a little bit of memory.
2014-08-13 01:00:18 +02:00
c->address_families = set_new(NULL);
core: add new RestrictAddressFamilies= switch This new unit settings allows restricting which address families are available to processes. This is an effective way to minimize the attack surface of services, by turning off entire network stacks for them. This is based on seccomp, and does not work on x86-32, since seccomp cannot filter socketcall() syscalls on that platform.
2014-02-25 20:37:03 +01:00
if (!c->address_families)
return log_oom();
c->address_families_whitelist = !invert;
}
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
for (p = rvalue;;) {
_cleanup_free_ char *word = NULL;
core: add new RestrictAddressFamilies= switch This new unit settings allows restricting which address families are available to processes. This is an effective way to minimize the attack surface of services, by turning off entire network stacks for them. This is based on seccomp, and does not work on x86-32, since seccomp cannot filter socketcall() syscalls on that platform.
2014-02-25 20:37:03 +01:00
int af;
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
r = extract_first_word(&p, &word, NULL, EXTRACT_QUOTES);
if (r == 0)
return 0;
if (r == -ENOMEM)
core: add new RestrictAddressFamilies= switch This new unit settings allows restricting which address families are available to processes. This is an effective way to minimize the attack surface of services, by turning off entire network stacks for them. This is based on seccomp, and does not work on x86-32, since seccomp cannot filter socketcall() syscalls on that platform.
2014-02-25 20:37:03 +01:00
return log_oom();
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Invalid syntax, ignoring: %s", rvalue);
return 0;
}
core: add new RestrictAddressFamilies= switch This new unit settings allows restricting which address families are available to processes. This is an effective way to minimize the attack surface of services, by turning off entire network stacks for them. This is based on seccomp, and does not work on x86-32, since seccomp cannot filter socketcall() syscalls on that platform.
2014-02-25 20:37:03 +01:00
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
af = af_from_name(word);
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
if (af <= 0) {
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0,
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
"Failed to parse address family, ignoring: %s", word);
core: add new RestrictAddressFamilies= switch This new unit settings allows restricting which address families are available to processes. This is an effective way to minimize the attack surface of services, by turning off entire network stacks for them. This is based on seccomp, and does not work on x86-32, since seccomp cannot filter socketcall() syscalls on that platform.
2014-02-25 20:37:03 +01:00
continue;
}
/* If we previously wanted to forbid an address family and now
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
* we want to allow it, then just remove it from the list.
core: add new RestrictAddressFamilies= switch This new unit settings allows restricting which address families are available to processes. This is an effective way to minimize the attack surface of services, by turning off entire network stacks for them. This is based on seccomp, and does not work on x86-32, since seccomp cannot filter socketcall() syscalls on that platform.
2014-02-25 20:37:03 +01:00
*/
if (!invert == c->address_families_whitelist) {
r = set_put(c->address_families, INT_TO_PTR(af));
if (r < 0)
return log_oom();
} else
set_remove(c->address_families, INT_TO_PTR(af));
}
}
core: add new RestrictNamespaces= unit file setting This new setting permits restricting whether namespaces may be created and managed by processes started by a unit. It installs a seccomp filter blocking certain invocations of unshare(), clone() and setns(). RestrictNamespaces=no is the default, and does not restrict namespaces in any way. RestrictNamespaces=yes takes away the ability to create or manage any kind of namspace. "RestrictNamespaces=mnt ipc" restricts the creation of namespaces so that only mount and IPC namespaces may be created/managed, but no other kind of namespaces. This setting should be improve security quite a bit as in particular user namespacing was a major source of CVEs in the kernel in the past, and is accessible to unprivileged processes. With this setting the entire attack surface may be removed for system services that do not make use of namespaces.
2016-11-02 03:25:19 +01:00
int config_parse_restrict_namespaces(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
ExecContext *c = data;
load-fragment: allow to specify RestrictNamespaces= multiple times If multiple RestrictNamespaces= settings are set, then merge the settings. This also drops supporting "~yes" and "~no".
2018-05-01 03:36:39 +02:00
unsigned long flags;
core: add new RestrictNamespaces= unit file setting This new setting permits restricting whether namespaces may be created and managed by processes started by a unit. It installs a seccomp filter blocking certain invocations of unshare(), clone() and setns(). RestrictNamespaces=no is the default, and does not restrict namespaces in any way. RestrictNamespaces=yes takes away the ability to create or manage any kind of namspace. "RestrictNamespaces=mnt ipc" restricts the creation of namespaces so that only mount and IPC namespaces may be created/managed, but no other kind of namespaces. This setting should be improve security quite a bit as in particular user namespacing was a major source of CVEs in the kernel in the past, and is accessible to unprivileged processes. With this setting the entire attack surface may be removed for system services that do not make use of namespaces.
2016-11-02 03:25:19 +01:00
bool invert = false;
int r;
if (isempty(rvalue)) {
/* Reset to the default. */
load-fragment: allow to specify RestrictNamespaces= multiple times If multiple RestrictNamespaces= settings are set, then merge the settings. This also drops supporting "~yes" and "~no".
2018-05-01 03:36:39 +02:00
c->restrict_namespaces = NAMESPACE_FLAGS_INITIAL;
return 0;
}
/* Boolean parameter ignores the previous settings */
r = parse_boolean(rvalue);
if (r > 0) {
c->restrict_namespaces = 0;
return 0;
} else if (r == 0) {
core: add new RestrictNamespaces= unit file setting This new setting permits restricting whether namespaces may be created and managed by processes started by a unit. It installs a seccomp filter blocking certain invocations of unshare(), clone() and setns(). RestrictNamespaces=no is the default, and does not restrict namespaces in any way. RestrictNamespaces=yes takes away the ability to create or manage any kind of namspace. "RestrictNamespaces=mnt ipc" restricts the creation of namespaces so that only mount and IPC namespaces may be created/managed, but no other kind of namespaces. This setting should be improve security quite a bit as in particular user namespacing was a major source of CVEs in the kernel in the past, and is accessible to unprivileged processes. With this setting the entire attack surface may be removed for system services that do not make use of namespaces.
2016-11-02 03:25:19 +01:00
c->restrict_namespaces = NAMESPACE_FLAGS_ALL;
return 0;
}
if (rvalue[0] == '~') {
invert = true;
rvalue++;
}
load-fragment: allow to specify RestrictNamespaces= multiple times If multiple RestrictNamespaces= settings are set, then merge the settings. This also drops supporting "~yes" and "~no".
2018-05-01 03:36:39 +02:00
/* Not a boolean argument, in this case it's a list of namespace types. */
r = namespace_flags_from_string(rvalue, &flags);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse namespace type string, ignoring: %s", rvalue);
return 0;
core: add new RestrictNamespaces= unit file setting This new setting permits restricting whether namespaces may be created and managed by processes started by a unit. It installs a seccomp filter blocking certain invocations of unshare(), clone() and setns(). RestrictNamespaces=no is the default, and does not restrict namespaces in any way. RestrictNamespaces=yes takes away the ability to create or manage any kind of namspace. "RestrictNamespaces=mnt ipc" restricts the creation of namespaces so that only mount and IPC namespaces may be created/managed, but no other kind of namespaces. This setting should be improve security quite a bit as in particular user namespacing was a major source of CVEs in the kernel in the past, and is accessible to unprivileged processes. With this setting the entire attack surface may be removed for system services that do not make use of namespaces.
2016-11-02 03:25:19 +01:00
}
load-fragment: allow to specify RestrictNamespaces= multiple times If multiple RestrictNamespaces= settings are set, then merge the settings. This also drops supporting "~yes" and "~no".
2018-05-01 03:36:39 +02:00
if (c->restrict_namespaces == NAMESPACE_FLAGS_INITIAL)
/* Initial assignment. Just set the value. */
c->restrict_namespaces = invert ? (~flags) & NAMESPACE_FLAGS_ALL : flags;
else
/* Merge the value with the previous one. */
SET_FLAG(c->restrict_namespaces, flags, !invert);
core: add new RestrictNamespaces= unit file setting This new setting permits restricting whether namespaces may be created and managed by processes started by a unit. It installs a seccomp filter blocking certain invocations of unshare(), clone() and setns(). RestrictNamespaces=no is the default, and does not restrict namespaces in any way. RestrictNamespaces=yes takes away the ability to create or manage any kind of namspace. "RestrictNamespaces=mnt ipc" restricts the creation of namespaces so that only mount and IPC namespaces may be created/managed, but no other kind of namespaces. This setting should be improve security quite a bit as in particular user namespacing was a major source of CVEs in the kernel in the past, and is accessible to unprivileged processes. With this setting the entire attack surface may be removed for system services that do not make use of namespaces.
2016-11-02 03:25:19 +01:00
return 0;
}
syscallfilter: port to libseccomp
2014-02-12 01:29:54 +01:00
#endif
execute: support syscall filtering using seccomp filters
2012-07-17 04:17:53 +02:00
core: add new .slice unit type for partitioning systems In order to prepare for the kernel cgroup rework, let's introduce a new unit type to systemd, the "slice". Slices can be arranged in a tree and are useful to partition resources freely and hierarchally by the user. Each service unit can now be assigned to one of these slices, and later on login users and machines may too. Slices translate pretty directly to the cgroup hierarchy, and the various objects can be assigned to any of the slices in the tree.
2013-06-17 21:33:26 +02:00
int config_parse_unit_slice(
const char *unit,
const char *filename,
unsigned line,
const char *section,
conf-parser: distinguish between multiple sections with the same name Pass on the line on which a section was decleared to the parsers, so they can distinguish between multiple sections (if they chose to). Currently no parsers take advantage of this, but a follow-up patch will do that to distinguish [Address] Address=192.168.0.1/24 Label=one [Address] Address=192.168.0.2/24 Label=two from [Address] Address=192.168.0.1/24 Label=one Address=192.168.0.2/24 Label=two
2013-11-19 16:17:55 +01:00
unsigned section_line,
core: add new .slice unit type for partitioning systems In order to prepare for the kernel cgroup rework, let's introduce a new unit type to systemd, the "slice". Slices can be arranged in a tree and are useful to partition resources freely and hierarchally by the user. Each service unit can now be assigned to one of these slices, and later on login users and machines may too. Slices translate pretty directly to the cgroup hierarchy, and the various objects can be assigned to any of the slices in the tree.
2013-06-17 21:33:26 +02:00
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
core: add new .slice unit type for partitioning systems In order to prepare for the kernel cgroup rework, let's introduce a new unit type to systemd, the "slice". Slices can be arranged in a tree and are useful to partition resources freely and hierarchally by the user. Each service unit can now be assigned to one of these slices, and later on login users and machines may too. Slices translate pretty directly to the cgroup hierarchy, and the various objects can be assigned to any of the slices in the tree.
2013-06-17 21:33:26 +02:00
_cleanup_free_ char *k = NULL;
unit: unify how we assing slices to units This adds a new call unit_set_slice(), and simplifies unit_add_default_slice(). THis should make our code a bit more robust and simpler.
2015-08-28 17:36:39 +02:00
Unit *u = userdata, *slice = NULL;
core: add new .slice unit type for partitioning systems In order to prepare for the kernel cgroup rework, let's introduce a new unit type to systemd, the "slice". Slices can be arranged in a tree and are useful to partition resources freely and hierarchally by the user. Each service unit can now be assigned to one of these slices, and later on login users and machines may too. Slices translate pretty directly to the cgroup hierarchy, and the various objects can be assigned to any of the slices in the tree.
2013-06-17 21:33:26 +02:00
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(u);
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
r = unit_name_printf(u, rvalue, &k);
unit: unify how we assing slices to units This adds a new call unit_set_slice(), and simplifies unit_add_default_slice(). THis should make our code a bit more robust and simpler.
2015-08-28 17:36:39 +02:00
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", rvalue);
unit: unify how we assing slices to units This adds a new call unit_set_slice(), and simplifies unit_add_default_slice(). THis should make our code a bit more robust and simpler.
2015-08-28 17:36:39 +02:00
return 0;
specifier: rework specifier calls to return proper error message Previously the specifier calls could only indicate OOM by returning NULL. With this change they will return negative errno-style error codes like everything else.
2013-09-17 17:03:46 +02:00
}
core: add new .slice unit type for partitioning systems In order to prepare for the kernel cgroup rework, let's introduce a new unit type to systemd, the "slice". Slices can be arranged in a tree and are useful to partition resources freely and hierarchally by the user. Each service unit can now be assigned to one of these slices, and later on login users and machines may too. Slices translate pretty directly to the cgroup hierarchy, and the various objects can be assigned to any of the slices in the tree.
2013-06-17 21:33:26 +02:00
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
r = manager_load_unit(u->manager, k, NULL, &error, &slice);
core: add new .slice unit type for partitioning systems In order to prepare for the kernel cgroup rework, let's introduce a new unit type to systemd, the "slice". Slices can be arranged in a tree and are useful to partition resources freely and hierarchally by the user. Each service unit can now be assigned to one of these slices, and later on login users and machines may too. Slices translate pretty directly to the cgroup hierarchy, and the various objects can be assigned to any of the slices in the tree.
2013-06-17 21:33:26 +02:00
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to load slice unit %s, ignoring: %s", k, bus_error_message(&error, r));
core: add new .slice unit type for partitioning systems In order to prepare for the kernel cgroup rework, let's introduce a new unit type to systemd, the "slice". Slices can be arranged in a tree and are useful to partition resources freely and hierarchally by the user. Each service unit can now be assigned to one of these slices, and later on login users and machines may too. Slices translate pretty directly to the cgroup hierarchy, and the various objects can be assigned to any of the slices in the tree.
2013-06-17 21:33:26 +02:00
return 0;
}
unit: unify how we assing slices to units This adds a new call unit_set_slice(), and simplifies unit_add_default_slice(). THis should make our code a bit more robust and simpler.
2015-08-28 17:36:39 +02:00
r = unit_set_slice(u, slice);
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to assign slice %s to unit %s, ignoring: %m", slice->id, u->id);
core: add new .slice unit type for partitioning systems In order to prepare for the kernel cgroup rework, let's introduce a new unit type to systemd, the "slice". Slices can be arranged in a tree and are useful to partition resources freely and hierarchally by the user. Each service unit can now be assigned to one of these slices, and later on login users and machines may too. Slices translate pretty directly to the cgroup hierarchy, and the various objects can be assigned to any of the slices in the tree.
2013-06-17 21:33:26 +02:00
return 0;
}
return 0;
}
core: expose CFS CPU time quota as high-level unit properties
2014-04-25 13:27:25 +02:00
int config_parse_cpu_quota(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
CGroupContext *c = data;
util-lib: introduce parse_percent() for parsing percent specifications And port a couple of users over to it.
2016-06-08 19:25:38 +02:00
int r;
core: expose CFS CPU time quota as high-level unit properties
2014-04-25 13:27:25 +02:00
assert(filename);
assert(lvalue);
assert(rvalue);
if (isempty(rvalue)) {
time-util: add and use USEC/NSEC_INFINIY
2014-07-29 12:23:31 +02:00
c->cpu_quota_per_sec_usec = USEC_INFINITY;
core: expose CFS CPU time quota as high-level unit properties
2014-04-25 13:27:25 +02:00
return 0;
}
tree-wide: increase granularity of percent specifications all over the place to permille We so far had various placed we'd parse percentages with parse_percent(). Let's make them use parse_permille() instead, which is downward compatible (as it also parses percent values), and increases the granularity a bit. Given that on the wire we usually normalize relative specifications to something like UINT32_MAX anyway changing from base-100 to base-1000 calculations can be done easily without breaking compat. This commit doesn't document this change in the man pages. While allowing more precise specifcations permille is not as commonly understood as perent I guess, hence let's keep this out of the docs for now.
2018-07-02 18:52:42 +02:00
r = parse_permille_unbounded(rvalue);
util-lib: introduce parse_percent() for parsing percent specifications And port a couple of users over to it.
2016-06-08 19:25:38 +02:00
if (r <= 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Invalid CPU quota '%s', ignoring.", rvalue);
cgroups: simplify CPUQuota= logic Only accept cpu quota values in percentages, get rid of period definition. It's not clear whether the CFS period controllable per-cgroup even has a future in the kernel, hence let's simplify all this, hardcode the period to 100ms and only accept percentage based quota values.
2014-05-22 04:53:12 +02:00
return 0;
core: expose CFS CPU time quota as high-level unit properties
2014-04-25 13:27:25 +02:00
}
tree-wide: increase granularity of percent specifications all over the place to permille We so far had various placed we'd parse percentages with parse_percent(). Let's make them use parse_permille() instead, which is downward compatible (as it also parses percent values), and increases the granularity a bit. Given that on the wire we usually normalize relative specifications to something like UINT32_MAX anyway changing from base-100 to base-1000 calculations can be done easily without breaking compat. This commit doesn't document this change in the man pages. While allowing more precise specifcations permille is not as commonly understood as perent I guess, hence let's keep this out of the docs for now.
2018-07-02 18:52:42 +02:00
c->cpu_quota_per_sec_usec = ((usec_t) r * USEC_PER_SEC) / 1000U;
core: expose CFS CPU time quota as high-level unit properties
2014-04-25 13:27:25 +02:00
return 0;
}
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
int config_parse_memory_limit(
const char *unit,
const char *filename,
unsigned line,
const char *section,
conf-parser: distinguish between multiple sections with the same name Pass on the line on which a section was decleared to the parsers, so they can distinguish between multiple sections (if they chose to). Currently no parsers take advantage of this, but a follow-up patch will do that to distinguish [Address] Address=192.168.0.1/24 Label=one [Address] Address=192.168.0.2/24 Label=two from [Address] Address=192.168.0.1/24 Label=one Address=192.168.0.2/24 Label=two
2013-11-19 16:17:55 +01:00
unsigned section_line,
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
CGroupContext *c = data;
core: add cgroup memory controller support on the unified hierarchy (#3315) On the unified hierarchy, memory controller implements three control knobs - low, high and max which enables more useable and versatile control over memory usage. This patch implements support for the three control knobs. * MemoryLow, MemoryHigh and MemoryMax are added for memory.low, memory.high and memory.max, respectively. * As all absolute limits on the unified hierarchy use "max" for no limit, make memory limit parse functions accept "max" in addition to "infinity" and document "max" for the new knobs. * Implement compatibility translation between MemoryMax and MemoryLimit. v2: - Fixed missing else's in config_parse_memory_limit(). - Fixed missing newline when writing out drop-ins. - Coding style updates to use "val > 0" instead of "val". - Minor updates to documentation.
2016-05-27 18:10:18 +02:00
uint64_t bytes = CGROUP_LIMIT_MAX;
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
int r;
core: always use "infinity" for no upper limit instead of "max" (#3417) Recently added cgroup unified hierarchy support uses "max" in configurations for no upper limit. While consistent with what the kernel uses for no upper limit, it is inconsistent with what systemd uses for other controllers such as memory or pids. There's no point in introducing another term. Update cgroup unified hierarchy support so that "infinity" is the only term that systemd uses for no upper limit.
2016-06-03 17:49:05 +02:00
if (!isempty(rvalue) && !streq(rvalue, "infinity")) {
core: optionally, accept a percentage value for MemoryLimit= and related settings If a percentage is used, it is taken relative to the installed RAM size. This should make it easier to write generic unit files that adapt to the local system.
2016-06-08 19:36:09 +02:00
tree-wide: increase granularity of percent specifications all over the place to permille We so far had various placed we'd parse percentages with parse_percent(). Let's make them use parse_permille() instead, which is downward compatible (as it also parses percent values), and increases the granularity a bit. Given that on the wire we usually normalize relative specifications to something like UINT32_MAX anyway changing from base-100 to base-1000 calculations can be done easily without breaking compat. This commit doesn't document this change in the man pages. While allowing more precise specifcations permille is not as commonly understood as perent I guess, hence let's keep this out of the docs for now.
2018-07-02 18:52:42 +02:00
r = parse_permille(rvalue);
core: optionally, accept a percentage value for MemoryLimit= and related settings If a percentage is used, it is taken relative to the installed RAM size. This should make it easier to write generic unit files that adapt to the local system.
2016-06-08 19:36:09 +02:00
if (r < 0) {
r = parse_size(rvalue, 1024, &bytes);
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Invalid memory limit '%s', ignoring: %m", rvalue);
core: optionally, accept a percentage value for MemoryLimit= and related settings If a percentage is used, it is taken relative to the installed RAM size. This should make it easier to write generic unit files that adapt to the local system.
2016-06-08 19:36:09 +02:00
return 0;
}
} else
tree-wide: increase granularity of percent specifications all over the place to permille We so far had various placed we'd parse percentages with parse_percent(). Let's make them use parse_permille() instead, which is downward compatible (as it also parses percent values), and increases the granularity a bit. Given that on the wire we usually normalize relative specifications to something like UINT32_MAX anyway changing from base-100 to base-1000 calculations can be done easily without breaking compat. This commit doesn't document this change in the man pages. While allowing more precise specifcations permille is not as commonly understood as perent I guess, hence let's keep this out of the docs for now.
2018-07-02 18:52:42 +02:00
bytes = physical_memory_scale(r, 1000U);
core: optionally, accept a percentage value for MemoryLimit= and related settings If a percentage is used, it is taken relative to the installed RAM size. This should make it easier to write generic unit files that adapt to the local system.
2016-06-08 19:36:09 +02:00
core/cgroup: accepts MemorySwapMax=0 (#8366) Also, this moves two macros from dbus-util.h to dbus-cgroup.c, as they are only used in dbus-cgroup.c. Fixes #8363.
2018-03-09 11:34:50 +01:00
if (bytes >= UINT64_MAX ||
(bytes <= 0 && !streq(lvalue, "MemorySwapMax"))) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Memory limit '%s' out of range, ignoring.", rvalue);
core: add cgroup memory controller support on the unified hierarchy (#3315) On the unified hierarchy, memory controller implements three control knobs - low, high and max which enables more useable and versatile control over memory usage. This patch implements support for the three control knobs. * MemoryLow, MemoryHigh and MemoryMax are added for memory.low, memory.high and memory.max, respectively. * As all absolute limits on the unified hierarchy use "max" for no limit, make memory limit parse functions accept "max" in addition to "infinity" and document "max" for the new knobs. * Implement compatibility translation between MemoryMax and MemoryLimit. v2: - Fixed missing else's in config_parse_memory_limit(). - Fixed missing newline when writing out drop-ins. - Coding style updates to use "val > 0" instead of "val". - Minor updates to documentation.
2016-05-27 18:10:18 +02:00
return 0;
}
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
}
core: add MemoryMin The kernel added support for a new cgroup memory controller knob memory.min in bf8d5d52ffe8 ("memcg: introduce memory.min") which was merged during v4.18 merge window. Add MemoryMin to support memory.min.
2018-06-09 02:33:14 +02:00
if (streq(lvalue, "MemoryMin"))
c->memory_min = bytes;
else if (streq(lvalue, "MemoryLow"))
core: add cgroup memory controller support on the unified hierarchy (#3315) On the unified hierarchy, memory controller implements three control knobs - low, high and max which enables more useable and versatile control over memory usage. This patch implements support for the three control knobs. * MemoryLow, MemoryHigh and MemoryMax are added for memory.low, memory.high and memory.max, respectively. * As all absolute limits on the unified hierarchy use "max" for no limit, make memory limit parse functions accept "max" in addition to "infinity" and document "max" for the new knobs. * Implement compatibility translation between MemoryMax and MemoryLimit. v2: - Fixed missing else's in config_parse_memory_limit(). - Fixed missing newline when writing out drop-ins. - Coding style updates to use "val > 0" instead of "val". - Minor updates to documentation.
2016-05-27 18:10:18 +02:00
c->memory_low = bytes;
else if (streq(lvalue, "MemoryHigh"))
c->memory_high = bytes;
else if (streq(lvalue, "MemoryMax"))
c->memory_max = bytes;
core: introduce MemorySwapMax= Similar to MemoryMax=, MemorySwapMax= limits swap usage. This controls controls "memory.swap.max" attribute in unified cgroup.
2016-07-04 09:03:54 +02:00
else if (streq(lvalue, "MemorySwapMax"))
c->memory_swap_max = bytes;
else if (streq(lvalue, "MemoryLimit"))
core: add cgroup memory controller support on the unified hierarchy (#3315) On the unified hierarchy, memory controller implements three control knobs - low, high and max which enables more useable and versatile control over memory usage. This patch implements support for the three control knobs. * MemoryLow, MemoryHigh and MemoryMax are added for memory.low, memory.high and memory.max, respectively. * As all absolute limits on the unified hierarchy use "max" for no limit, make memory limit parse functions accept "max" in addition to "infinity" and document "max" for the new knobs. * Implement compatibility translation between MemoryMax and MemoryLimit. v2: - Fixed missing else's in config_parse_memory_limit(). - Fixed missing newline when writing out drop-ins. - Coding style updates to use "val > 0" instead of "val". - Minor updates to documentation.
2016-05-27 18:10:18 +02:00
c->memory_limit = bytes;
core: introduce MemorySwapMax= Similar to MemoryMax=, MemorySwapMax= limits swap usage. This controls controls "memory.swap.max" attribute in unified cgroup.
2016-07-04 09:03:54 +02:00
else
return -EINVAL;
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
return 0;
}
core: add support for the "pids" cgroup controller This adds support for the new "pids" cgroup controller of 4.3 kernels. It allows accounting the number of tasks in a cgroup and enforcing limits on it. This adds two new setting TasksAccounting= and TasksMax= to each unit, as well as a gloabl option DefaultTasksAccounting=. This also updated "cgtop" to optionally make use of the new kernel-provided accounting. systemctl has been updated to show the number of tasks for each service if it is available. This patch also adds correct support for undoing memory limits for units using a MemoryLimit=infinity syntax. We do the same for TasksMax= now and hence keep things in sync here.
2015-09-10 12:32:16 +02:00
int config_parse_tasks_max(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
logind: update empty and "infinity" handling for [User]TasksMax (#3835) The parsing functions for [User]TasksMax were inconsistent. Empty string and "infinity" were interpreted as no limit for TasksMax but not accepted for UserTasksMax. Update them so that they're consistent with other knobs. * Empty string indicates the default value. * "infinity" indicates no limit. While at it, replace opencoded (uint64_t) -1 with CGROUP_LIMIT_MAX in TasksMax handling. v2: Update empty string to indicate the default value as suggested by Zbigniew Jędrzejewski-Szmek. v3: Fixed empty UserTasksMax handling.
2016-08-19 04:57:53 +02:00
uint64_t *tasks_max = data, v;
Unit *u = userdata;
core: add support for the "pids" cgroup controller This adds support for the new "pids" cgroup controller of 4.3 kernels. It allows accounting the number of tasks in a cgroup and enforcing limits on it. This adds two new setting TasksAccounting= and TasksMax= to each unit, as well as a gloabl option DefaultTasksAccounting=. This also updated "cgtop" to optionally make use of the new kernel-provided accounting. systemctl has been updated to show the number of tasks for each service if it is available. This patch also adds correct support for undoing memory limits for units using a MemoryLimit=infinity syntax. We do the same for TasksMax= now and hence keep things in sync here.
2015-09-10 12:32:16 +02:00
int r;
logind: update empty and "infinity" handling for [User]TasksMax (#3835) The parsing functions for [User]TasksMax were inconsistent. Empty string and "infinity" were interpreted as no limit for TasksMax but not accepted for UserTasksMax. Update them so that they're consistent with other knobs. * Empty string indicates the default value. * "infinity" indicates no limit. While at it, replace opencoded (uint64_t) -1 with CGROUP_LIMIT_MAX in TasksMax handling. v2: Update empty string to indicate the default value as suggested by Zbigniew Jędrzejewski-Szmek. v3: Fixed empty UserTasksMax handling.
2016-08-19 04:57:53 +02:00
if (isempty(rvalue)) {
core: fix member access within null pointer config_parse_tasks_max() is also used for parsing system.conf or user.conf. In that case, userdata is NULL. Fixes #10362.
2018-10-11 21:24:27 +02:00
*tasks_max = u ? u->manager->default_tasks_max : UINT64_MAX;
logind: update empty and "infinity" handling for [User]TasksMax (#3835) The parsing functions for [User]TasksMax were inconsistent. Empty string and "infinity" were interpreted as no limit for TasksMax but not accepted for UserTasksMax. Update them so that they're consistent with other knobs. * Empty string indicates the default value. * "infinity" indicates no limit. While at it, replace opencoded (uint64_t) -1 with CGROUP_LIMIT_MAX in TasksMax handling. v2: Update empty string to indicate the default value as suggested by Zbigniew Jędrzejewski-Szmek. v3: Fixed empty UserTasksMax handling.
2016-08-19 04:57:53 +02:00
return 0;
}
if (streq(rvalue, "infinity")) {
*tasks_max = CGROUP_LIMIT_MAX;
core: add support for the "pids" cgroup controller This adds support for the new "pids" cgroup controller of 4.3 kernels. It allows accounting the number of tasks in a cgroup and enforcing limits on it. This adds two new setting TasksAccounting= and TasksMax= to each unit, as well as a gloabl option DefaultTasksAccounting=. This also updated "cgtop" to optionally make use of the new kernel-provided accounting. systemctl has been updated to show the number of tasks for each service if it is available. This patch also adds correct support for undoing memory limits for units using a MemoryLimit=infinity syntax. We do the same for TasksMax= now and hence keep things in sync here.
2015-09-10 12:32:16 +02:00
return 0;
}
tree-wide: increase granularity of percent specifications all over the place to permille We so far had various placed we'd parse percentages with parse_percent(). Let's make them use parse_permille() instead, which is downward compatible (as it also parses percent values), and increases the granularity a bit. Given that on the wire we usually normalize relative specifications to something like UINT32_MAX anyway changing from base-100 to base-1000 calculations can be done easily without breaking compat. This commit doesn't document this change in the man pages. While allowing more precise specifcations permille is not as commonly understood as perent I guess, hence let's keep this out of the docs for now.
2018-07-02 18:52:42 +02:00
r = parse_permille(rvalue);
core: support percentage specifications on TasksMax= This adds support for a TasksMax=40% syntax for specifying values relative to the system's configured maximum number of processes. This is useful in order to neatly subdivide the available room for tasks within containers.
2016-07-19 15:58:49 +02:00
if (r < 0) {
logind: update empty and "infinity" handling for [User]TasksMax (#3835) The parsing functions for [User]TasksMax were inconsistent. Empty string and "infinity" were interpreted as no limit for TasksMax but not accepted for UserTasksMax. Update them so that they're consistent with other knobs. * Empty string indicates the default value. * "infinity" indicates no limit. While at it, replace opencoded (uint64_t) -1 with CGROUP_LIMIT_MAX in TasksMax handling. v2: Update empty string to indicate the default value as suggested by Zbigniew Jędrzejewski-Szmek. v3: Fixed empty UserTasksMax handling.
2016-08-19 04:57:53 +02:00
r = safe_atou64(rvalue, &v);
core: support percentage specifications on TasksMax= This adds support for a TasksMax=40% syntax for specifying values relative to the system's configured maximum number of processes. This is useful in order to neatly subdivide the available room for tasks within containers.
2016-07-19 15:58:49 +02:00
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Invalid maximum tasks value '%s', ignoring: %m", rvalue);
core: support percentage specifications on TasksMax= This adds support for a TasksMax=40% syntax for specifying values relative to the system's configured maximum number of processes. This is useful in order to neatly subdivide the available room for tasks within containers.
2016-07-19 15:58:49 +02:00
return 0;
}
} else
tree-wide: increase granularity of percent specifications all over the place to permille We so far had various placed we'd parse percentages with parse_percent(). Let's make them use parse_permille() instead, which is downward compatible (as it also parses percent values), and increases the granularity a bit. Given that on the wire we usually normalize relative specifications to something like UINT32_MAX anyway changing from base-100 to base-1000 calculations can be done easily without breaking compat. This commit doesn't document this change in the man pages. While allowing more precise specifcations permille is not as commonly understood as perent I guess, hence let's keep this out of the docs for now.
2018-07-02 18:52:42 +02:00
v = system_tasks_max_scale(r, 1000U);
core: support percentage specifications on TasksMax= This adds support for a TasksMax=40% syntax for specifying values relative to the system's configured maximum number of processes. This is useful in order to neatly subdivide the available room for tasks within containers.
2016-07-19 15:58:49 +02:00
logind: update empty and "infinity" handling for [User]TasksMax (#3835) The parsing functions for [User]TasksMax were inconsistent. Empty string and "infinity" were interpreted as no limit for TasksMax but not accepted for UserTasksMax. Update them so that they're consistent with other knobs. * Empty string indicates the default value. * "infinity" indicates no limit. While at it, replace opencoded (uint64_t) -1 with CGROUP_LIMIT_MAX in TasksMax handling. v2: Update empty string to indicate the default value as suggested by Zbigniew Jędrzejewski-Szmek. v3: Fixed empty UserTasksMax handling.
2016-08-19 04:57:53 +02:00
if (v <= 0 || v >= UINT64_MAX) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Maximum tasks value '%s' out of range, ignoring.", rvalue);
core: add support for the "pids" cgroup controller This adds support for the new "pids" cgroup controller of 4.3 kernels. It allows accounting the number of tasks in a cgroup and enforcing limits on it. This adds two new setting TasksAccounting= and TasksMax= to each unit, as well as a gloabl option DefaultTasksAccounting=. This also updated "cgtop" to optionally make use of the new kernel-provided accounting. systemctl has been updated to show the number of tasks for each service if it is available. This patch also adds correct support for undoing memory limits for units using a MemoryLimit=infinity syntax. We do the same for TasksMax= now and hence keep things in sync here.
2015-09-10 12:32:16 +02:00
return 0;
}
logind: update empty and "infinity" handling for [User]TasksMax (#3835) The parsing functions for [User]TasksMax were inconsistent. Empty string and "infinity" were interpreted as no limit for TasksMax but not accepted for UserTasksMax. Update them so that they're consistent with other knobs. * Empty string indicates the default value. * "infinity" indicates no limit. While at it, replace opencoded (uint64_t) -1 with CGROUP_LIMIT_MAX in TasksMax handling. v2: Update empty string to indicate the default value as suggested by Zbigniew Jędrzejewski-Szmek. v3: Fixed empty UserTasksMax handling.
2016-08-19 04:57:53 +02:00
*tasks_max = v;
core: add support for the "pids" cgroup controller This adds support for the new "pids" cgroup controller of 4.3 kernels. It allows accounting the number of tasks in a cgroup and enforcing limits on it. This adds two new setting TasksAccounting= and TasksMax= to each unit, as well as a gloabl option DefaultTasksAccounting=. This also updated "cgtop" to optionally make use of the new kernel-provided accounting. systemctl has been updated to show the number of tasks for each service if it is available. This patch also adds correct support for undoing memory limits for units using a MemoryLimit=infinity syntax. We do the same for TasksMax= now and hence keep things in sync here.
2015-09-10 12:32:16 +02:00
return 0;
}
core: rework the Delegate= unit file setting to take a list of controller names Previously it was not possible to select which controllers to enable for a unit where Delegate=yes was set, as all controllers were enabled. With this change, this is made configurable, and thus delegation units can pick specifically what they want to manage themselves, and what they don't care about.
2017-11-09 15:29:34 +01:00
int config_parse_delegate(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
CGroupContext *c = data;
core: do not allow Delegate= on unsupported unit types
2018-04-18 20:06:56 +02:00
UnitType t;
core: rework the Delegate= unit file setting to take a list of controller names Previously it was not possible to select which controllers to enable for a unit where Delegate=yes was set, as all controllers were enabled. With this change, this is made configurable, and thus delegation units can pick specifically what they want to manage themselves, and what they don't care about.
2017-11-09 15:29:34 +01:00
int r;
core: do not allow Delegate= on unsupported unit types
2018-04-18 20:06:56 +02:00
t = unit_name_to_type(unit);
assert(t != _UNIT_TYPE_INVALID);
if (!unit_vtable[t]->can_delegate) {
log_syntax(unit, LOG_ERR, filename, line, 0, "Delegate= setting not supported for this unit type, ignoring.");
return 0;
}
core: rework the Delegate= unit file setting to take a list of controller names Previously it was not possible to select which controllers to enable for a unit where Delegate=yes was set, as all controllers were enabled. With this change, this is made configurable, and thus delegation units can pick specifically what they want to manage themselves, and what they don't care about.
2017-11-09 15:29:34 +01:00
/* We either accept a boolean value, which may be used to turn on delegation for all controllers, or turn it
* off for all. Or it takes a list of controller names, in which case we add the specified controllers to the
* mask to delegate. */
core/cgroup: assigning empty string to Delegate= resets list of controllers (#7336) Before this, assigning empty string to Delegate= makes no change to the controller list. This is inconsistent to the other options that take list of strings. After this, when empty string is assigned to Delegate=, the list of controllers is reset. Such behavior is consistent to other options and useful for drop-in configs. Closes #7334.
2017-11-17 10:04:25 +01:00
if (isempty(rvalue)) {
core: an empty string resets delegate controllers but enables Delegate= (#8826) This partially reverts ff1b8455c26b560641d476b426209e297209333a.
2018-04-26 15:40:45 +02:00
/* An empty string resets controllers and set Delegate=yes. */
c->delegate = true;
core/cgroup: assigning empty string to Delegate= resets list of controllers (#7336) Before this, assigning empty string to Delegate= makes no change to the controller list. This is inconsistent to the other options that take list of strings. After this, when empty string is assigned to Delegate=, the list of controllers is reset. Such behavior is consistent to other options and useful for drop-in configs. Closes #7334.
2017-11-17 10:04:25 +01:00
c->delegate_controllers = 0;
return 0;
}
core: rework the Delegate= unit file setting to take a list of controller names Previously it was not possible to select which controllers to enable for a unit where Delegate=yes was set, as all controllers were enabled. With this change, this is made configurable, and thus delegation units can pick specifically what they want to manage themselves, and what they don't care about.
2017-11-09 15:29:34 +01:00
r = parse_boolean(rvalue);
if (r < 0) {
const char *p = rvalue;
CGroupMask mask = 0;
for (;;) {
_cleanup_free_ char *word = NULL;
CGroupController cc;
r = extract_first_word(&p, &word, NULL, EXTRACT_QUOTES);
if (r == 0)
break;
if (r == -ENOMEM)
return log_oom();
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
core: fix resetting of Delegate= and properly ignore invalid assignment The default is false not true. If we say "ignoring" we must return 0.
2018-04-18 19:50:07 +02:00
return 0;
core: rework the Delegate= unit file setting to take a list of controller names Previously it was not possible to select which controllers to enable for a unit where Delegate=yes was set, as all controllers were enabled. With this change, this is made configurable, and thus delegation units can pick specifically what they want to manage themselves, and what they don't care about.
2017-11-09 15:29:34 +01:00
}
cc = cgroup_controller_from_string(word);
if (cc < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Invalid controller name '%s', ignoring", word);
core: rework the Delegate= unit file setting to take a list of controller names Previously it was not possible to select which controllers to enable for a unit where Delegate=yes was set, as all controllers were enabled. With this change, this is made configurable, and thus delegation units can pick specifically what they want to manage themselves, and what they don't care about.
2017-11-09 15:29:34 +01:00
continue;
}
mask |= CGROUP_CONTROLLER_TO_MASK(cc);
}
c->delegate = true;
c->delegate_controllers |= mask;
} else if (r > 0) {
c->delegate = true;
c->delegate_controllers = _CGROUP_MASK_ALL;
} else {
c->delegate = false;
c->delegate_controllers = 0;
}
return 0;
}
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
int config_parse_device_allow(
const char *unit,
const char *filename,
unsigned line,
const char *section,
conf-parser: distinguish between multiple sections with the same name Pass on the line on which a section was decleared to the parsers, so they can distinguish between multiple sections (if they chose to). Currently no parsers take advantage of this, but a follow-up patch will do that to distinguish [Address] Address=192.168.0.1/24 Label=one [Address] Address=192.168.0.2/24 Label=two from [Address] Address=192.168.0.1/24 Label=one Address=192.168.0.2/24 Label=two
2013-11-19 16:17:55 +01:00
unsigned section_line,
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
_cleanup_free_ char *path = NULL, *resolved = NULL;
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
CGroupContext *c = data;
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
const char *p = rvalue;
load-fragment: Resolve specifiers in DeviceAllow (#3019) Closes #1602
2016-04-12 18:00:19 +02:00
int r;
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
if (isempty(rvalue)) {
while (c->device_allow)
cgroup_context_free_device_allow(c, c->device_allow);
return 0;
}
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
r = extract_first_word(&p, &path, NULL, EXTRACT_QUOTES);
if (r == -ENOMEM)
return log_oom();
*: fix some inconsistent control statement style
2017-12-02 01:49:52 +01:00
if (r < 0) {
load-fragment: Resolve specifiers in DeviceAllow (#3019) Closes #1602
2016-04-12 18:00:19 +02:00
log_syntax(unit, LOG_WARNING, filename, line, r,
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
"Invalid syntax, ignoring: %s", rvalue);
return 0;
}
if (r == 0) {
log_syntax(unit, LOG_WARNING, filename, line, 0,
"Failed to extract device path and rights from '%s', ignoring.", rvalue);
shared/conf-parser: fix crash when specifiers cannot be resolved in config_parse_device_allow() oss-fuzz #6885.
2018-03-13 12:25:06 +01:00
return 0;
load-fragment: Resolve specifiers in DeviceAllow (#3019) Closes #1602
2016-04-12 18:00:19 +02:00
}
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
r = unit_full_printf(userdata, path, &resolved);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Failed to resolve unit specifiers in '%s', ignoring: %m", path);
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
return 0;
}
core: rework how we validate DeviceAllow= settings Let's make sure we don't validate "char-*" and "block-*" expressions as paths.
2018-06-11 12:22:58 +02:00
if (!startswith(resolved, "block-") && !startswith(resolved, "char-")) {
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
core: rework how we validate DeviceAllow= settings Let's make sure we don't validate "char-*" and "block-*" expressions as paths.
2018-06-11 12:22:58 +02:00
r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
if (r < 0)
return 0;
if (!valid_device_node_path(resolved)) {
log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid device node path '%s', ignoring.", resolved);
return 0;
}
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
}
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
if (!isempty(p) && !in_charset(p, "rwm")) {
log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid device rights '%s', ignoring.", p);
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
return 0;
}
core: introduce cgroup_add_device_allow()
2018-08-06 06:42:14 +02:00
return cgroup_add_device_allow(c, resolved, p);
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
}
core: add io controller support on the unified hierarchy On the unified hierarchy, blkio controller is renamed to io and the interface is changed significantly. * blkio.weight and blkio.weight_device are consolidated into io.weight which uses the standardized weight range [1, 10000] with 100 as the default value. * blkio.throttle.{read|write}_{bps|iops}_device are consolidated into io.max. Expansion of throttling features is being worked on to support work-conserving absolute limits (io.low and io.high). * All stats are consolidated into io.stats. This patchset adds support for the new interface. As the interface has been revamped and new features are expected to be added, it seems best to treat it as a separate controller rather than trying to expand the blkio settings although we might add automatic translation if only blkio settings are specified. * io.weight handling is mostly identical to blkio.weight[_device] handling except that the weight range is different. * Both read and write bandwidth settings are consolidated into CGroupIODeviceLimit which describes all limits applicable to the device. This makes it less painful to add new limits. * "max" can be used to specify the maximum limit which is equivalent to no config for max limits and treated as such. If a given CGroupIODeviceLimit doesn't contain any non-default configs, the config struct is discarded once the no limit config is applied to cgroup. * lookup_blkio_device() is renamed to lookup_block_device(). Signed-off-by: Tejun Heo <htejun@fb.com>
2016-05-05 22:42:55 +02:00
int config_parse_io_device_weight(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
_cleanup_free_ char *path = NULL, *resolved = NULL;
core: add io controller support on the unified hierarchy On the unified hierarchy, blkio controller is renamed to io and the interface is changed significantly. * blkio.weight and blkio.weight_device are consolidated into io.weight which uses the standardized weight range [1, 10000] with 100 as the default value. * blkio.throttle.{read|write}_{bps|iops}_device are consolidated into io.max. Expansion of throttling features is being worked on to support work-conserving absolute limits (io.low and io.high). * All stats are consolidated into io.stats. This patchset adds support for the new interface. As the interface has been revamped and new features are expected to be added, it seems best to treat it as a separate controller rather than trying to expand the blkio settings although we might add automatic translation if only blkio settings are specified. * io.weight handling is mostly identical to blkio.weight[_device] handling except that the weight range is different. * Both read and write bandwidth settings are consolidated into CGroupIODeviceLimit which describes all limits applicable to the device. This makes it less painful to add new limits. * "max" can be used to specify the maximum limit which is equivalent to no config for max limits and treated as such. If a given CGroupIODeviceLimit doesn't contain any non-default configs, the config struct is discarded once the no limit config is applied to cgroup. * lookup_blkio_device() is renamed to lookup_block_device(). Signed-off-by: Tejun Heo <htejun@fb.com>
2016-05-05 22:42:55 +02:00
CGroupIODeviceWeight *w;
CGroupContext *c = data;
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
const char *p = rvalue;
core: add io controller support on the unified hierarchy On the unified hierarchy, blkio controller is renamed to io and the interface is changed significantly. * blkio.weight and blkio.weight_device are consolidated into io.weight which uses the standardized weight range [1, 10000] with 100 as the default value. * blkio.throttle.{read|write}_{bps|iops}_device are consolidated into io.max. Expansion of throttling features is being worked on to support work-conserving absolute limits (io.low and io.high). * All stats are consolidated into io.stats. This patchset adds support for the new interface. As the interface has been revamped and new features are expected to be added, it seems best to treat it as a separate controller rather than trying to expand the blkio settings although we might add automatic translation if only blkio settings are specified. * io.weight handling is mostly identical to blkio.weight[_device] handling except that the weight range is different. * Both read and write bandwidth settings are consolidated into CGroupIODeviceLimit which describes all limits applicable to the device. This makes it less painful to add new limits. * "max" can be used to specify the maximum limit which is equivalent to no config for max limits and treated as such. If a given CGroupIODeviceLimit doesn't contain any non-default configs, the config struct is discarded once the no limit config is applied to cgroup. * lookup_blkio_device() is renamed to lookup_block_device(). Signed-off-by: Tejun Heo <htejun@fb.com>
2016-05-05 22:42:55 +02:00
uint64_t u;
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
if (isempty(rvalue)) {
while (c->io_device_weights)
cgroup_context_free_io_device_weight(c, c->io_device_weights);
return 0;
}
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
r = extract_first_word(&p, &path, NULL, EXTRACT_QUOTES);
if (r == -ENOMEM)
return log_oom();
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Invalid syntax, ignoring: %s", rvalue);
return 0;
}
if (r == 0 || isempty(p)) {
log_syntax(unit, LOG_WARNING, filename, line, 0,
"Failed to extract device path and weight from '%s', ignoring.", rvalue);
core: add io controller support on the unified hierarchy On the unified hierarchy, blkio controller is renamed to io and the interface is changed significantly. * blkio.weight and blkio.weight_device are consolidated into io.weight which uses the standardized weight range [1, 10000] with 100 as the default value. * blkio.throttle.{read|write}_{bps|iops}_device are consolidated into io.max. Expansion of throttling features is being worked on to support work-conserving absolute limits (io.low and io.high). * All stats are consolidated into io.stats. This patchset adds support for the new interface. As the interface has been revamped and new features are expected to be added, it seems best to treat it as a separate controller rather than trying to expand the blkio settings although we might add automatic translation if only blkio settings are specified. * io.weight handling is mostly identical to blkio.weight[_device] handling except that the weight range is different. * Both read and write bandwidth settings are consolidated into CGroupIODeviceLimit which describes all limits applicable to the device. This makes it less painful to add new limits. * "max" can be used to specify the maximum limit which is equivalent to no config for max limits and treated as such. If a given CGroupIODeviceLimit doesn't contain any non-default configs, the config struct is discarded once the no limit config is applied to cgroup. * lookup_blkio_device() is renamed to lookup_block_device(). Signed-off-by: Tejun Heo <htejun@fb.com>
2016-05-05 22:42:55 +02:00
return 0;
}
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
r = unit_full_printf(userdata, path, &resolved);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Failed to resolve unit specifiers in '%s', ignoring: %m", path);
return 0;
}
core: add io controller support on the unified hierarchy On the unified hierarchy, blkio controller is renamed to io and the interface is changed significantly. * blkio.weight and blkio.weight_device are consolidated into io.weight which uses the standardized weight range [1, 10000] with 100 as the default value. * blkio.throttle.{read|write}_{bps|iops}_device are consolidated into io.max. Expansion of throttling features is being worked on to support work-conserving absolute limits (io.low and io.high). * All stats are consolidated into io.stats. This patchset adds support for the new interface. As the interface has been revamped and new features are expected to be added, it seems best to treat it as a separate controller rather than trying to expand the blkio settings although we might add automatic translation if only blkio settings are specified. * io.weight handling is mostly identical to blkio.weight[_device] handling except that the weight range is different. * Both read and write bandwidth settings are consolidated into CGroupIODeviceLimit which describes all limits applicable to the device. This makes it less painful to add new limits. * "max" can be used to specify the maximum limit which is equivalent to no config for max limits and treated as such. If a given CGroupIODeviceLimit doesn't contain any non-default configs, the config struct is discarded once the no limit config is applied to cgroup. * lookup_blkio_device() is renamed to lookup_block_device(). Signed-off-by: Tejun Heo <htejun@fb.com>
2016-05-05 22:42:55 +02:00
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
if (r < 0)
return 0;
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
r = cg_weight_parse(p, &u);
core: add io controller support on the unified hierarchy On the unified hierarchy, blkio controller is renamed to io and the interface is changed significantly. * blkio.weight and blkio.weight_device are consolidated into io.weight which uses the standardized weight range [1, 10000] with 100 as the default value. * blkio.throttle.{read|write}_{bps|iops}_device are consolidated into io.max. Expansion of throttling features is being worked on to support work-conserving absolute limits (io.low and io.high). * All stats are consolidated into io.stats. This patchset adds support for the new interface. As the interface has been revamped and new features are expected to be added, it seems best to treat it as a separate controller rather than trying to expand the blkio settings although we might add automatic translation if only blkio settings are specified. * io.weight handling is mostly identical to blkio.weight[_device] handling except that the weight range is different. * Both read and write bandwidth settings are consolidated into CGroupIODeviceLimit which describes all limits applicable to the device. This makes it less painful to add new limits. * "max" can be used to specify the maximum limit which is equivalent to no config for max limits and treated as such. If a given CGroupIODeviceLimit doesn't contain any non-default configs, the config struct is discarded once the no limit config is applied to cgroup. * lookup_blkio_device() is renamed to lookup_block_device(). Signed-off-by: Tejun Heo <htejun@fb.com>
2016-05-05 22:42:55 +02:00
if (r < 0) {
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "IO weight '%s' invalid, ignoring: %m", p);
core: add io controller support on the unified hierarchy On the unified hierarchy, blkio controller is renamed to io and the interface is changed significantly. * blkio.weight and blkio.weight_device are consolidated into io.weight which uses the standardized weight range [1, 10000] with 100 as the default value. * blkio.throttle.{read|write}_{bps|iops}_device are consolidated into io.max. Expansion of throttling features is being worked on to support work-conserving absolute limits (io.low and io.high). * All stats are consolidated into io.stats. This patchset adds support for the new interface. As the interface has been revamped and new features are expected to be added, it seems best to treat it as a separate controller rather than trying to expand the blkio settings although we might add automatic translation if only blkio settings are specified. * io.weight handling is mostly identical to blkio.weight[_device] handling except that the weight range is different. * Both read and write bandwidth settings are consolidated into CGroupIODeviceLimit which describes all limits applicable to the device. This makes it less painful to add new limits. * "max" can be used to specify the maximum limit which is equivalent to no config for max limits and treated as such. If a given CGroupIODeviceLimit doesn't contain any non-default configs, the config struct is discarded once the no limit config is applied to cgroup. * lookup_blkio_device() is renamed to lookup_block_device(). Signed-off-by: Tejun Heo <htejun@fb.com>
2016-05-05 22:42:55 +02:00
return 0;
}
assert(u != CGROUP_WEIGHT_INVALID);
w = new0(CGroupIODeviceWeight, 1);
if (!w)
return log_oom();
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
w->path = TAKE_PTR(resolved);
core: add io controller support on the unified hierarchy On the unified hierarchy, blkio controller is renamed to io and the interface is changed significantly. * blkio.weight and blkio.weight_device are consolidated into io.weight which uses the standardized weight range [1, 10000] with 100 as the default value. * blkio.throttle.{read|write}_{bps|iops}_device are consolidated into io.max. Expansion of throttling features is being worked on to support work-conserving absolute limits (io.low and io.high). * All stats are consolidated into io.stats. This patchset adds support for the new interface. As the interface has been revamped and new features are expected to be added, it seems best to treat it as a separate controller rather than trying to expand the blkio settings although we might add automatic translation if only blkio settings are specified. * io.weight handling is mostly identical to blkio.weight[_device] handling except that the weight range is different. * Both read and write bandwidth settings are consolidated into CGroupIODeviceLimit which describes all limits applicable to the device. This makes it less painful to add new limits. * "max" can be used to specify the maximum limit which is equivalent to no config for max limits and treated as such. If a given CGroupIODeviceLimit doesn't contain any non-default configs, the config struct is discarded once the no limit config is applied to cgroup. * lookup_blkio_device() is renamed to lookup_block_device(). Signed-off-by: Tejun Heo <htejun@fb.com>
2016-05-05 22:42:55 +02:00
w->weight = u;
LIST_PREPEND(device_weights, c->io_device_weights, w);
return 0;
}
core: add IODeviceLatencyTargetSec This adds support for the following proposed latency based IO control mechanism. https://lkml.org/lkml/2018/6/5/428
2018-06-13 23:16:35 +02:00
int config_parse_io_device_latency(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
_cleanup_free_ char *path = NULL, *resolved = NULL;
CGroupIODeviceLatency *l;
CGroupContext *c = data;
const char *p = rvalue;
usec_t usec;
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
if (isempty(rvalue)) {
while (c->io_device_latencies)
cgroup_context_free_io_device_latency(c, c->io_device_latencies);
return 0;
}
r = extract_first_word(&p, &path, NULL, EXTRACT_QUOTES);
if (r == -ENOMEM)
return log_oom();
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Invalid syntax, ignoring: %s", rvalue);
return 0;
}
if (r == 0 || isempty(p)) {
log_syntax(unit, LOG_WARNING, filename, line, 0,
"Failed to extract device path and latency from '%s', ignoring.", rvalue);
return 0;
}
r = unit_full_printf(userdata, path, &resolved);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Failed to resolve unit specifiers in '%s', ignoring: %m", path);
return 0;
}
r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
if (r < 0)
return 0;
if (parse_sec(p, &usec) < 0) {
log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse timer value, ignoring: %s", p);
return 0;
}
l = new0(CGroupIODeviceLatency, 1);
if (!l)
return log_oom();
l->path = TAKE_PTR(resolved);
l->target_usec = usec;
LIST_PREPEND(device_latencies, c->io_device_latencies, l);
return 0;
}
core: add io controller support on the unified hierarchy On the unified hierarchy, blkio controller is renamed to io and the interface is changed significantly. * blkio.weight and blkio.weight_device are consolidated into io.weight which uses the standardized weight range [1, 10000] with 100 as the default value. * blkio.throttle.{read|write}_{bps|iops}_device are consolidated into io.max. Expansion of throttling features is being worked on to support work-conserving absolute limits (io.low and io.high). * All stats are consolidated into io.stats. This patchset adds support for the new interface. As the interface has been revamped and new features are expected to be added, it seems best to treat it as a separate controller rather than trying to expand the blkio settings although we might add automatic translation if only blkio settings are specified. * io.weight handling is mostly identical to blkio.weight[_device] handling except that the weight range is different. * Both read and write bandwidth settings are consolidated into CGroupIODeviceLimit which describes all limits applicable to the device. This makes it less painful to add new limits. * "max" can be used to specify the maximum limit which is equivalent to no config for max limits and treated as such. If a given CGroupIODeviceLimit doesn't contain any non-default configs, the config struct is discarded once the no limit config is applied to cgroup. * lookup_blkio_device() is renamed to lookup_block_device(). Signed-off-by: Tejun Heo <htejun@fb.com>
2016-05-05 22:42:55 +02:00
int config_parse_io_limit(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
_cleanup_free_ char *path = NULL, *resolved = NULL;
core: add io controller support on the unified hierarchy On the unified hierarchy, blkio controller is renamed to io and the interface is changed significantly. * blkio.weight and blkio.weight_device are consolidated into io.weight which uses the standardized weight range [1, 10000] with 100 as the default value. * blkio.throttle.{read|write}_{bps|iops}_device are consolidated into io.max. Expansion of throttling features is being worked on to support work-conserving absolute limits (io.low and io.high). * All stats are consolidated into io.stats. This patchset adds support for the new interface. As the interface has been revamped and new features are expected to be added, it seems best to treat it as a separate controller rather than trying to expand the blkio settings although we might add automatic translation if only blkio settings are specified. * io.weight handling is mostly identical to blkio.weight[_device] handling except that the weight range is different. * Both read and write bandwidth settings are consolidated into CGroupIODeviceLimit which describes all limits applicable to the device. This makes it less painful to add new limits. * "max" can be used to specify the maximum limit which is equivalent to no config for max limits and treated as such. If a given CGroupIODeviceLimit doesn't contain any non-default configs, the config struct is discarded once the no limit config is applied to cgroup. * lookup_blkio_device() is renamed to lookup_block_device(). Signed-off-by: Tejun Heo <htejun@fb.com>
2016-05-05 22:42:55 +02:00
CGroupIODeviceLimit *l = NULL, *t;
CGroupContext *c = data;
core: introduce CGroupIOLimitType enums Currently, there are two cgroup IO limits, bandwidth max for read and write, and they are hard-coded in various places. This is fine for two limits but IO is expected to grow more limits - low, high and max limits for bandwidth and IOPS - and hard-coding each limit won't make sense. This patch replaces hard-coded limits with an array indexed by CGroupIOLimitType and accompanying string and default value tables so that new limits can be added trivially.
2016-05-18 22:50:56 +02:00
CGroupIOLimitType type;
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
const char *p = rvalue;
core: add io controller support on the unified hierarchy On the unified hierarchy, blkio controller is renamed to io and the interface is changed significantly. * blkio.weight and blkio.weight_device are consolidated into io.weight which uses the standardized weight range [1, 10000] with 100 as the default value. * blkio.throttle.{read|write}_{bps|iops}_device are consolidated into io.max. Expansion of throttling features is being worked on to support work-conserving absolute limits (io.low and io.high). * All stats are consolidated into io.stats. This patchset adds support for the new interface. As the interface has been revamped and new features are expected to be added, it seems best to treat it as a separate controller rather than trying to expand the blkio settings although we might add automatic translation if only blkio settings are specified. * io.weight handling is mostly identical to blkio.weight[_device] handling except that the weight range is different. * Both read and write bandwidth settings are consolidated into CGroupIODeviceLimit which describes all limits applicable to the device. This makes it less painful to add new limits. * "max" can be used to specify the maximum limit which is equivalent to no config for max limits and treated as such. If a given CGroupIODeviceLimit doesn't contain any non-default configs, the config struct is discarded once the no limit config is applied to cgroup. * lookup_blkio_device() is renamed to lookup_block_device(). Signed-off-by: Tejun Heo <htejun@fb.com>
2016-05-05 22:42:55 +02:00
uint64_t num;
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
core: introduce CGroupIOLimitType enums Currently, there are two cgroup IO limits, bandwidth max for read and write, and they are hard-coded in various places. This is fine for two limits but IO is expected to grow more limits - low, high and max limits for bandwidth and IOPS - and hard-coding each limit won't make sense. This patch replaces hard-coded limits with an array indexed by CGroupIOLimitType and accompanying string and default value tables so that new limits can be added trivially.
2016-05-18 22:50:56 +02:00
type = cgroup_io_limit_type_from_string(lvalue);
assert(type >= 0);
core: add io controller support on the unified hierarchy On the unified hierarchy, blkio controller is renamed to io and the interface is changed significantly. * blkio.weight and blkio.weight_device are consolidated into io.weight which uses the standardized weight range [1, 10000] with 100 as the default value. * blkio.throttle.{read|write}_{bps|iops}_device are consolidated into io.max. Expansion of throttling features is being worked on to support work-conserving absolute limits (io.low and io.high). * All stats are consolidated into io.stats. This patchset adds support for the new interface. As the interface has been revamped and new features are expected to be added, it seems best to treat it as a separate controller rather than trying to expand the blkio settings although we might add automatic translation if only blkio settings are specified. * io.weight handling is mostly identical to blkio.weight[_device] handling except that the weight range is different. * Both read and write bandwidth settings are consolidated into CGroupIODeviceLimit which describes all limits applicable to the device. This makes it less painful to add new limits. * "max" can be used to specify the maximum limit which is equivalent to no config for max limits and treated as such. If a given CGroupIODeviceLimit doesn't contain any non-default configs, the config struct is discarded once the no limit config is applied to cgroup. * lookup_blkio_device() is renamed to lookup_block_device(). Signed-off-by: Tejun Heo <htejun@fb.com>
2016-05-05 22:42:55 +02:00
if (isempty(rvalue)) {
LIST_FOREACH(device_limits, l, c->io_device_limits)
core: introduce CGroupIOLimitType enums Currently, there are two cgroup IO limits, bandwidth max for read and write, and they are hard-coded in various places. This is fine for two limits but IO is expected to grow more limits - low, high and max limits for bandwidth and IOPS - and hard-coding each limit won't make sense. This patch replaces hard-coded limits with an array indexed by CGroupIOLimitType and accompanying string and default value tables so that new limits can be added trivially.
2016-05-18 22:50:56 +02:00
l->limits[type] = cgroup_io_limit_defaults[type];
core: add io controller support on the unified hierarchy On the unified hierarchy, blkio controller is renamed to io and the interface is changed significantly. * blkio.weight and blkio.weight_device are consolidated into io.weight which uses the standardized weight range [1, 10000] with 100 as the default value. * blkio.throttle.{read|write}_{bps|iops}_device are consolidated into io.max. Expansion of throttling features is being worked on to support work-conserving absolute limits (io.low and io.high). * All stats are consolidated into io.stats. This patchset adds support for the new interface. As the interface has been revamped and new features are expected to be added, it seems best to treat it as a separate controller rather than trying to expand the blkio settings although we might add automatic translation if only blkio settings are specified. * io.weight handling is mostly identical to blkio.weight[_device] handling except that the weight range is different. * Both read and write bandwidth settings are consolidated into CGroupIODeviceLimit which describes all limits applicable to the device. This makes it less painful to add new limits. * "max" can be used to specify the maximum limit which is equivalent to no config for max limits and treated as such. If a given CGroupIODeviceLimit doesn't contain any non-default configs, the config struct is discarded once the no limit config is applied to cgroup. * lookup_blkio_device() is renamed to lookup_block_device(). Signed-off-by: Tejun Heo <htejun@fb.com>
2016-05-05 22:42:55 +02:00
return 0;
}
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
r = extract_first_word(&p, &path, NULL, EXTRACT_QUOTES);
if (r == -ENOMEM)
return log_oom();
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Invalid syntax, ignoring: %s", rvalue);
return 0;
}
if (r == 0 || isempty(p)) {
log_syntax(unit, LOG_WARNING, filename, line, 0,
"Failed to extract device node and bandwidth from '%s', ignoring.", rvalue);
core: add io controller support on the unified hierarchy On the unified hierarchy, blkio controller is renamed to io and the interface is changed significantly. * blkio.weight and blkio.weight_device are consolidated into io.weight which uses the standardized weight range [1, 10000] with 100 as the default value. * blkio.throttle.{read|write}_{bps|iops}_device are consolidated into io.max. Expansion of throttling features is being worked on to support work-conserving absolute limits (io.low and io.high). * All stats are consolidated into io.stats. This patchset adds support for the new interface. As the interface has been revamped and new features are expected to be added, it seems best to treat it as a separate controller rather than trying to expand the blkio settings although we might add automatic translation if only blkio settings are specified. * io.weight handling is mostly identical to blkio.weight[_device] handling except that the weight range is different. * Both read and write bandwidth settings are consolidated into CGroupIODeviceLimit which describes all limits applicable to the device. This makes it less painful to add new limits. * "max" can be used to specify the maximum limit which is equivalent to no config for max limits and treated as such. If a given CGroupIODeviceLimit doesn't contain any non-default configs, the config struct is discarded once the no limit config is applied to cgroup. * lookup_blkio_device() is renamed to lookup_block_device(). Signed-off-by: Tejun Heo <htejun@fb.com>
2016-05-05 22:42:55 +02:00
return 0;
}
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
r = unit_full_printf(userdata, path, &resolved);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Failed to resolve unit specifiers in '%s', ignoring: %m", path);
return 0;
}
core: add io controller support on the unified hierarchy On the unified hierarchy, blkio controller is renamed to io and the interface is changed significantly. * blkio.weight and blkio.weight_device are consolidated into io.weight which uses the standardized weight range [1, 10000] with 100 as the default value. * blkio.throttle.{read|write}_{bps|iops}_device are consolidated into io.max. Expansion of throttling features is being worked on to support work-conserving absolute limits (io.low and io.high). * All stats are consolidated into io.stats. This patchset adds support for the new interface. As the interface has been revamped and new features are expected to be added, it seems best to treat it as a separate controller rather than trying to expand the blkio settings although we might add automatic translation if only blkio settings are specified. * io.weight handling is mostly identical to blkio.weight[_device] handling except that the weight range is different. * Both read and write bandwidth settings are consolidated into CGroupIODeviceLimit which describes all limits applicable to the device. This makes it less painful to add new limits. * "max" can be used to specify the maximum limit which is equivalent to no config for max limits and treated as such. If a given CGroupIODeviceLimit doesn't contain any non-default configs, the config struct is discarded once the no limit config is applied to cgroup. * lookup_blkio_device() is renamed to lookup_block_device(). Signed-off-by: Tejun Heo <htejun@fb.com>
2016-05-05 22:42:55 +02:00
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
if (r < 0)
return 0;
cgroup: relax checks for block device cgroup settings This drops needless safety checks that ensure we only reference block devices for blockio/io settings. The backing code was already able to accept regular file system paths too, in which case the backing device node of that file system would be used. Hence, let's drop the artificial restrictions and open up this underlying functionality.
2018-06-11 12:19:01 +02:00
if (streq("infinity", p))
core: add io controller support on the unified hierarchy On the unified hierarchy, blkio controller is renamed to io and the interface is changed significantly. * blkio.weight and blkio.weight_device are consolidated into io.weight which uses the standardized weight range [1, 10000] with 100 as the default value. * blkio.throttle.{read|write}_{bps|iops}_device are consolidated into io.max. Expansion of throttling features is being worked on to support work-conserving absolute limits (io.low and io.high). * All stats are consolidated into io.stats. This patchset adds support for the new interface. As the interface has been revamped and new features are expected to be added, it seems best to treat it as a separate controller rather than trying to expand the blkio settings although we might add automatic translation if only blkio settings are specified. * io.weight handling is mostly identical to blkio.weight[_device] handling except that the weight range is different. * Both read and write bandwidth settings are consolidated into CGroupIODeviceLimit which describes all limits applicable to the device. This makes it less painful to add new limits. * "max" can be used to specify the maximum limit which is equivalent to no config for max limits and treated as such. If a given CGroupIODeviceLimit doesn't contain any non-default configs, the config struct is discarded once the no limit config is applied to cgroup. * lookup_blkio_device() is renamed to lookup_block_device(). Signed-off-by: Tejun Heo <htejun@fb.com>
2016-05-05 22:42:55 +02:00
num = CGROUP_LIMIT_MAX;
cgroup: relax checks for block device cgroup settings This drops needless safety checks that ensure we only reference block devices for blockio/io settings. The backing code was already able to accept regular file system paths too, in which case the backing device node of that file system would be used. Hence, let's drop the artificial restrictions and open up this underlying functionality.
2018-06-11 12:19:01 +02:00
else {
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
r = parse_size(p, 1000, &num);
core: add io controller support on the unified hierarchy On the unified hierarchy, blkio controller is renamed to io and the interface is changed significantly. * blkio.weight and blkio.weight_device are consolidated into io.weight which uses the standardized weight range [1, 10000] with 100 as the default value. * blkio.throttle.{read|write}_{bps|iops}_device are consolidated into io.max. Expansion of throttling features is being worked on to support work-conserving absolute limits (io.low and io.high). * All stats are consolidated into io.stats. This patchset adds support for the new interface. As the interface has been revamped and new features are expected to be added, it seems best to treat it as a separate controller rather than trying to expand the blkio settings although we might add automatic translation if only blkio settings are specified. * io.weight handling is mostly identical to blkio.weight[_device] handling except that the weight range is different. * Both read and write bandwidth settings are consolidated into CGroupIODeviceLimit which describes all limits applicable to the device. This makes it less painful to add new limits. * "max" can be used to specify the maximum limit which is equivalent to no config for max limits and treated as such. If a given CGroupIODeviceLimit doesn't contain any non-default configs, the config struct is discarded once the no limit config is applied to cgroup. * lookup_blkio_device() is renamed to lookup_block_device(). Signed-off-by: Tejun Heo <htejun@fb.com>
2016-05-05 22:42:55 +02:00
if (r < 0 || num <= 0) {
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid IO limit '%s', ignoring.", p);
core: add io controller support on the unified hierarchy On the unified hierarchy, blkio controller is renamed to io and the interface is changed significantly. * blkio.weight and blkio.weight_device are consolidated into io.weight which uses the standardized weight range [1, 10000] with 100 as the default value. * blkio.throttle.{read|write}_{bps|iops}_device are consolidated into io.max. Expansion of throttling features is being worked on to support work-conserving absolute limits (io.low and io.high). * All stats are consolidated into io.stats. This patchset adds support for the new interface. As the interface has been revamped and new features are expected to be added, it seems best to treat it as a separate controller rather than trying to expand the blkio settings although we might add automatic translation if only blkio settings are specified. * io.weight handling is mostly identical to blkio.weight[_device] handling except that the weight range is different. * Both read and write bandwidth settings are consolidated into CGroupIODeviceLimit which describes all limits applicable to the device. This makes it less painful to add new limits. * "max" can be used to specify the maximum limit which is equivalent to no config for max limits and treated as such. If a given CGroupIODeviceLimit doesn't contain any non-default configs, the config struct is discarded once the no limit config is applied to cgroup. * lookup_blkio_device() is renamed to lookup_block_device(). Signed-off-by: Tejun Heo <htejun@fb.com>
2016-05-05 22:42:55 +02:00
return 0;
}
}
LIST_FOREACH(device_limits, t, c->io_device_limits) {
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
if (path_equal(resolved, t->path)) {
core: add io controller support on the unified hierarchy On the unified hierarchy, blkio controller is renamed to io and the interface is changed significantly. * blkio.weight and blkio.weight_device are consolidated into io.weight which uses the standardized weight range [1, 10000] with 100 as the default value. * blkio.throttle.{read|write}_{bps|iops}_device are consolidated into io.max. Expansion of throttling features is being worked on to support work-conserving absolute limits (io.low and io.high). * All stats are consolidated into io.stats. This patchset adds support for the new interface. As the interface has been revamped and new features are expected to be added, it seems best to treat it as a separate controller rather than trying to expand the blkio settings although we might add automatic translation if only blkio settings are specified. * io.weight handling is mostly identical to blkio.weight[_device] handling except that the weight range is different. * Both read and write bandwidth settings are consolidated into CGroupIODeviceLimit which describes all limits applicable to the device. This makes it less painful to add new limits. * "max" can be used to specify the maximum limit which is equivalent to no config for max limits and treated as such. If a given CGroupIODeviceLimit doesn't contain any non-default configs, the config struct is discarded once the no limit config is applied to cgroup. * lookup_blkio_device() is renamed to lookup_block_device(). Signed-off-by: Tejun Heo <htejun@fb.com>
2016-05-05 22:42:55 +02:00
l = t;
break;
}
}
if (!l) {
core: introduce CGroupIOLimitType enums Currently, there are two cgroup IO limits, bandwidth max for read and write, and they are hard-coded in various places. This is fine for two limits but IO is expected to grow more limits - low, high and max limits for bandwidth and IOPS - and hard-coding each limit won't make sense. This patch replaces hard-coded limits with an array indexed by CGroupIOLimitType and accompanying string and default value tables so that new limits can be added trivially.
2016-05-18 22:50:56 +02:00
CGroupIOLimitType ttype;
core: add io controller support on the unified hierarchy On the unified hierarchy, blkio controller is renamed to io and the interface is changed significantly. * blkio.weight and blkio.weight_device are consolidated into io.weight which uses the standardized weight range [1, 10000] with 100 as the default value. * blkio.throttle.{read|write}_{bps|iops}_device are consolidated into io.max. Expansion of throttling features is being worked on to support work-conserving absolute limits (io.low and io.high). * All stats are consolidated into io.stats. This patchset adds support for the new interface. As the interface has been revamped and new features are expected to be added, it seems best to treat it as a separate controller rather than trying to expand the blkio settings although we might add automatic translation if only blkio settings are specified. * io.weight handling is mostly identical to blkio.weight[_device] handling except that the weight range is different. * Both read and write bandwidth settings are consolidated into CGroupIODeviceLimit which describes all limits applicable to the device. This makes it less painful to add new limits. * "max" can be used to specify the maximum limit which is equivalent to no config for max limits and treated as such. If a given CGroupIODeviceLimit doesn't contain any non-default configs, the config struct is discarded once the no limit config is applied to cgroup. * lookup_blkio_device() is renamed to lookup_block_device(). Signed-off-by: Tejun Heo <htejun@fb.com>
2016-05-05 22:42:55 +02:00
l = new0(CGroupIODeviceLimit, 1);
if (!l)
return log_oom();
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
l->path = TAKE_PTR(resolved);
core: introduce CGroupIOLimitType enums Currently, there are two cgroup IO limits, bandwidth max for read and write, and they are hard-coded in various places. This is fine for two limits but IO is expected to grow more limits - low, high and max limits for bandwidth and IOPS - and hard-coding each limit won't make sense. This patch replaces hard-coded limits with an array indexed by CGroupIOLimitType and accompanying string and default value tables so that new limits can be added trivially.
2016-05-18 22:50:56 +02:00
for (ttype = 0; ttype < _CGROUP_IO_LIMIT_TYPE_MAX; ttype++)
l->limits[ttype] = cgroup_io_limit_defaults[ttype];
core: add io controller support on the unified hierarchy On the unified hierarchy, blkio controller is renamed to io and the interface is changed significantly. * blkio.weight and blkio.weight_device are consolidated into io.weight which uses the standardized weight range [1, 10000] with 100 as the default value. * blkio.throttle.{read|write}_{bps|iops}_device are consolidated into io.max. Expansion of throttling features is being worked on to support work-conserving absolute limits (io.low and io.high). * All stats are consolidated into io.stats. This patchset adds support for the new interface. As the interface has been revamped and new features are expected to be added, it seems best to treat it as a separate controller rather than trying to expand the blkio settings although we might add automatic translation if only blkio settings are specified. * io.weight handling is mostly identical to blkio.weight[_device] handling except that the weight range is different. * Both read and write bandwidth settings are consolidated into CGroupIODeviceLimit which describes all limits applicable to the device. This makes it less painful to add new limits. * "max" can be used to specify the maximum limit which is equivalent to no config for max limits and treated as such. If a given CGroupIODeviceLimit doesn't contain any non-default configs, the config struct is discarded once the no limit config is applied to cgroup. * lookup_blkio_device() is renamed to lookup_block_device(). Signed-off-by: Tejun Heo <htejun@fb.com>
2016-05-05 22:42:55 +02:00
LIST_PREPEND(device_limits, c->io_device_limits, l);
}
core: introduce CGroupIOLimitType enums Currently, there are two cgroup IO limits, bandwidth max for read and write, and they are hard-coded in various places. This is fine for two limits but IO is expected to grow more limits - low, high and max limits for bandwidth and IOPS - and hard-coding each limit won't make sense. This patch replaces hard-coded limits with an array indexed by CGroupIOLimitType and accompanying string and default value tables so that new limits can be added trivially.
2016-05-18 22:50:56 +02:00
l->limits[type] = num;
core: add io controller support on the unified hierarchy On the unified hierarchy, blkio controller is renamed to io and the interface is changed significantly. * blkio.weight and blkio.weight_device are consolidated into io.weight which uses the standardized weight range [1, 10000] with 100 as the default value. * blkio.throttle.{read|write}_{bps|iops}_device are consolidated into io.max. Expansion of throttling features is being worked on to support work-conserving absolute limits (io.low and io.high). * All stats are consolidated into io.stats. This patchset adds support for the new interface. As the interface has been revamped and new features are expected to be added, it seems best to treat it as a separate controller rather than trying to expand the blkio settings although we might add automatic translation if only blkio settings are specified. * io.weight handling is mostly identical to blkio.weight[_device] handling except that the weight range is different. * Both read and write bandwidth settings are consolidated into CGroupIODeviceLimit which describes all limits applicable to the device. This makes it less painful to add new limits. * "max" can be used to specify the maximum limit which is equivalent to no config for max limits and treated as such. If a given CGroupIODeviceLimit doesn't contain any non-default configs, the config struct is discarded once the no limit config is applied to cgroup. * lookup_blkio_device() is renamed to lookup_block_device(). Signed-off-by: Tejun Heo <htejun@fb.com>
2016-05-05 22:42:55 +02:00
return 0;
}
cgroup: split out per-device BlockIOWeight= setting into BlockIODeviceWeight= This way we can nicely map the configuration directive to properties and back, without requiring two different signatures for the same property.
2013-07-11 20:40:18 +02:00
int config_parse_blockio_device_weight(
const char *unit,
const char *filename,
unsigned line,
const char *section,
conf-parser: distinguish between multiple sections with the same name Pass on the line on which a section was decleared to the parsers, so they can distinguish between multiple sections (if they chose to). Currently no parsers take advantage of this, but a follow-up patch will do that to distinguish [Address] Address=192.168.0.1/24 Label=one [Address] Address=192.168.0.2/24 Label=two from [Address] Address=192.168.0.1/24 Label=one Address=192.168.0.2/24 Label=two
2013-11-19 16:17:55 +01:00
unsigned section_line,
cgroup: split out per-device BlockIOWeight= setting into BlockIODeviceWeight= This way we can nicely map the configuration directive to properties and back, without requiring two different signatures for the same property.
2013-07-11 20:40:18 +02:00
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
_cleanup_free_ char *path = NULL, *resolved = NULL;
cgroup: split out per-device BlockIOWeight= setting into BlockIODeviceWeight= This way we can nicely map the configuration directive to properties and back, without requiring two different signatures for the same property.
2013-07-11 20:40:18 +02:00
CGroupBlockIODeviceWeight *w;
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
CGroupContext *c = data;
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
const char *p = rvalue;
core: refactor cpu shares/blockio weight cgroup logic Let's stop using the "unsigned long" type for weights/shares, and let's just use uint64_t for this, as that's what we expose on the bus. Unify parsers, and always validate the range for these fields. Correct the default blockio weight to 500, since that's what the kernel actually uses. When parsing the weight/shares settings from unit files accept the empty string as a way to reset the weight/shares value. When getting it via the bus, uniformly map (uint64_t) -1 to unset. Open up StartupCPUShares= and StartupBlockIOWeight= to transient units.
2015-09-11 16:48:24 +02:00
uint64_t u;
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
if (isempty(rvalue)) {
while (c->blockio_device_weights)
cgroup_context_free_blockio_device_weight(c, c->blockio_device_weights);
return 0;
}
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
r = extract_first_word(&p, &path, NULL, EXTRACT_QUOTES);
if (r == -ENOMEM)
return log_oom();
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Invalid syntax, ignoring: %s", rvalue);
return 0;
}
if (r == 0 || isempty(p)) {
log_syntax(unit, LOG_WARNING, filename, line, 0,
"Failed to extract device node and weight from '%s', ignoring.", rvalue);
cgroup: split out per-device BlockIOWeight= setting into BlockIODeviceWeight= This way we can nicely map the configuration directive to properties and back, without requiring two different signatures for the same property.
2013-07-11 20:40:18 +02:00
return 0;
}
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
r = unit_full_printf(userdata, path, &resolved);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Failed to resolve unit specifiers in '%s', ignoring: %m", path);
return 0;
}
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
if (r < 0)
return 0;
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
r = cg_blkio_weight_parse(p, &u);
core: refactor cpu shares/blockio weight cgroup logic Let's stop using the "unsigned long" type for weights/shares, and let's just use uint64_t for this, as that's what we expose on the bus. Unify parsers, and always validate the range for these fields. Correct the default blockio weight to 500, since that's what the kernel actually uses. When parsing the weight/shares settings from unit files accept the empty string as a way to reset the weight/shares value. When getting it via the bus, uniformly map (uint64_t) -1 to unset. Open up StartupCPUShares= and StartupBlockIOWeight= to transient units.
2015-09-11 16:48:24 +02:00
if (r < 0) {
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Invalid block IO weight '%s', ignoring: %m", p);
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
return 0;
}
core: refactor cpu shares/blockio weight cgroup logic Let's stop using the "unsigned long" type for weights/shares, and let's just use uint64_t for this, as that's what we expose on the bus. Unify parsers, and always validate the range for these fields. Correct the default blockio weight to 500, since that's what the kernel actually uses. When parsing the weight/shares settings from unit files accept the empty string as a way to reset the weight/shares value. When getting it via the bus, uniformly map (uint64_t) -1 to unset. Open up StartupCPUShares= and StartupBlockIOWeight= to transient units.
2015-09-11 16:48:24 +02:00
assert(u != CGROUP_BLKIO_WEIGHT_INVALID);
cgroup: split out per-device BlockIOWeight= setting into BlockIODeviceWeight= This way we can nicely map the configuration directive to properties and back, without requiring two different signatures for the same property.
2013-07-11 20:40:18 +02:00
w = new0(CGroupBlockIODeviceWeight, 1);
if (!w)
return log_oom();
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
w->path = TAKE_PTR(resolved);
core: refactor cpu shares/blockio weight cgroup logic Let's stop using the "unsigned long" type for weights/shares, and let's just use uint64_t for this, as that's what we expose on the bus. Unify parsers, and always validate the range for these fields. Correct the default blockio weight to 500, since that's what the kernel actually uses. When parsing the weight/shares settings from unit files accept the empty string as a way to reset the weight/shares value. When getting it via the bus, uniformly map (uint64_t) -1 to unset. Open up StartupCPUShares= and StartupBlockIOWeight= to transient units.
2015-09-11 16:48:24 +02:00
w->weight = u;
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
list: make our list macros a bit easier to use by not requring type spec on each invocation We can determine the list entry type via the typeof() gcc construct, and so we should to make the macros much shorter to use.
2013-10-14 06:10:14 +02:00
LIST_PREPEND(device_weights, c->blockio_device_weights, w);
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
return 0;
}
int config_parse_blockio_bandwidth(
const char *unit,
const char *filename,
unsigned line,
const char *section,
conf-parser: distinguish between multiple sections with the same name Pass on the line on which a section was decleared to the parsers, so they can distinguish between multiple sections (if they chose to). Currently no parsers take advantage of this, but a follow-up patch will do that to distinguish [Address] Address=192.168.0.1/24 Label=one [Address] Address=192.168.0.2/24 Label=two from [Address] Address=192.168.0.1/24 Label=one Address=192.168.0.2/24 Label=two
2013-11-19 16:17:55 +01:00
unsigned section_line,
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
_cleanup_free_ char *path = NULL, *resolved = NULL;
core: update CGroupBlockIODeviceBandwidth to record both rbps and wbps CGroupBlockIODeviceBandwith is used to keep track of IO bandwidth limits for legacy cgroup hierarchies. Unlike the unified hierarchy counterpart CGroupIODeviceLimit, a CGroupBlockIODeviceBandwiddth records either a read or write limit and has a couple issues. * There's no way to clear specific config entry. * When configs are cleared for an IO direction of a unit, the kernel settings aren't cleared accordingly creating discrepancies. This patch updates CGroupBlockIODeviceBandwidth so that it behaves similarly to CGroupIODeviceLimit - each entry records both rbps and wbps limits and is cleared if both are at default values after kernel settings are updated.
2016-05-18 22:51:46 +02:00
CGroupBlockIODeviceBandwidth *b = NULL, *t;
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
CGroupContext *c = data;
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
const char *p = rvalue;
tree-wide: never use the off_t unless glibc makes us use it off_t is a really weird type as it is usually 64bit these days (at least in sane programs), but could theoretically be 32bit. We don't support off_t as 32bit builds though, but still constantly deal with safely converting from off_t to other types and back for no point. Hence, never use the type anymore. Always use uint64_t instead. This has various benefits, including that we can expose these values directly as D-Bus properties, and also that the values parse the same in all cases.
2015-09-10 18:16:18 +02:00
uint64_t bytes;
blkio bandwidth: don't clean up all of entries in blockio_device_bandwidths list if we get BlockIOReadBandwidth="", we should only remove the read-bandwidth-entries in blockio_device_bandwidths list.
2013-08-30 04:56:00 +02:00
bool read;
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
blkio bandwidth: don't clean up all of entries in blockio_device_bandwidths list if we get BlockIOReadBandwidth="", we should only remove the read-bandwidth-entries in blockio_device_bandwidths list.
2013-08-30 04:56:00 +02:00
read = streq("BlockIOReadBandwidth", lvalue);
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
if (isempty(rvalue)) {
core: update CGroupBlockIODeviceBandwidth to record both rbps and wbps CGroupBlockIODeviceBandwith is used to keep track of IO bandwidth limits for legacy cgroup hierarchies. Unlike the unified hierarchy counterpart CGroupIODeviceLimit, a CGroupBlockIODeviceBandwiddth records either a read or write limit and has a couple issues. * There's no way to clear specific config entry. * When configs are cleared for an IO direction of a unit, the kernel settings aren't cleared accordingly creating discrepancies. This patch updates CGroupBlockIODeviceBandwidth so that it behaves similarly to CGroupIODeviceLimit - each entry records both rbps and wbps limits and is cleared if both are at default values after kernel settings are updated.
2016-05-18 22:51:46 +02:00
LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths) {
b->rbps = CGROUP_LIMIT_MAX;
b->wbps = CGROUP_LIMIT_MAX;
}
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
return 0;
}
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
r = extract_first_word(&p, &path, NULL, EXTRACT_QUOTES);
if (r == -ENOMEM)
return log_oom();
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Invalid syntax, ignoring: %s", rvalue);
return 0;
}
if (r == 0 || isempty(p)) {
log_syntax(unit, LOG_WARNING, filename, line, 0,
"Failed to extract device node and bandwidth from '%s', ignoring.", rvalue);
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
return 0;
}
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
r = unit_full_printf(userdata, path, &resolved);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Failed to resolve unit specifiers in '%s', ignoring: %m", path);
return 0;
}
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
r = path_simplify_and_warn(resolved, 0, unit, filename, line, lvalue);
if (r < 0)
return 0;
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
r = parse_size(p, 1000, &bytes);
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
if (r < 0 || bytes <= 0) {
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Invalid Block IO Bandwidth '%s', ignoring.", p);
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
return 0;
}
core: update CGroupBlockIODeviceBandwidth to record both rbps and wbps CGroupBlockIODeviceBandwith is used to keep track of IO bandwidth limits for legacy cgroup hierarchies. Unlike the unified hierarchy counterpart CGroupIODeviceLimit, a CGroupBlockIODeviceBandwiddth records either a read or write limit and has a couple issues. * There's no way to clear specific config entry. * When configs are cleared for an IO direction of a unit, the kernel settings aren't cleared accordingly creating discrepancies. This patch updates CGroupBlockIODeviceBandwidth so that it behaves similarly to CGroupIODeviceLimit - each entry records both rbps and wbps limits and is cleared if both are at default values after kernel settings are updated.
2016-05-18 22:51:46 +02:00
LIST_FOREACH(device_bandwidths, t, c->blockio_device_bandwidths) {
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
if (path_equal(resolved, t->path)) {
core: update CGroupBlockIODeviceBandwidth to record both rbps and wbps CGroupBlockIODeviceBandwith is used to keep track of IO bandwidth limits for legacy cgroup hierarchies. Unlike the unified hierarchy counterpart CGroupIODeviceLimit, a CGroupBlockIODeviceBandwiddth records either a read or write limit and has a couple issues. * There's no way to clear specific config entry. * When configs are cleared for an IO direction of a unit, the kernel settings aren't cleared accordingly creating discrepancies. This patch updates CGroupBlockIODeviceBandwidth so that it behaves similarly to CGroupIODeviceLimit - each entry records both rbps and wbps limits and is cleared if both are at default values after kernel settings are updated.
2016-05-18 22:51:46 +02:00
b = t;
break;
}
}
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
core: update CGroupBlockIODeviceBandwidth to record both rbps and wbps CGroupBlockIODeviceBandwith is used to keep track of IO bandwidth limits for legacy cgroup hierarchies. Unlike the unified hierarchy counterpart CGroupIODeviceLimit, a CGroupBlockIODeviceBandwiddth records either a read or write limit and has a couple issues. * There's no way to clear specific config entry. * When configs are cleared for an IO direction of a unit, the kernel settings aren't cleared accordingly creating discrepancies. This patch updates CGroupBlockIODeviceBandwidth so that it behaves similarly to CGroupIODeviceLimit - each entry records both rbps and wbps limits and is cleared if both are at default values after kernel settings are updated.
2016-05-18 22:51:46 +02:00
if (!t) {
b = new0(CGroupBlockIODeviceBandwidth, 1);
if (!b)
return log_oom();
core: support unit specifiers in IODeviceWeight= and friends
2018-05-19 16:59:02 +02:00
b->path = TAKE_PTR(resolved);
core: update CGroupBlockIODeviceBandwidth to record both rbps and wbps CGroupBlockIODeviceBandwith is used to keep track of IO bandwidth limits for legacy cgroup hierarchies. Unlike the unified hierarchy counterpart CGroupIODeviceLimit, a CGroupBlockIODeviceBandwiddth records either a read or write limit and has a couple issues. * There's no way to clear specific config entry. * When configs are cleared for an IO direction of a unit, the kernel settings aren't cleared accordingly creating discrepancies. This patch updates CGroupBlockIODeviceBandwidth so that it behaves similarly to CGroupIODeviceLimit - each entry records both rbps and wbps limits and is cleared if both are at default values after kernel settings are updated.
2016-05-18 22:51:46 +02:00
b->rbps = CGROUP_LIMIT_MAX;
b->wbps = CGROUP_LIMIT_MAX;
LIST_PREPEND(device_bandwidths, c->blockio_device_bandwidths, b);
}
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
core: update CGroupBlockIODeviceBandwidth to record both rbps and wbps CGroupBlockIODeviceBandwith is used to keep track of IO bandwidth limits for legacy cgroup hierarchies. Unlike the unified hierarchy counterpart CGroupIODeviceLimit, a CGroupBlockIODeviceBandwiddth records either a read or write limit and has a couple issues. * There's no way to clear specific config entry. * When configs are cleared for an IO direction of a unit, the kernel settings aren't cleared accordingly creating discrepancies. This patch updates CGroupBlockIODeviceBandwidth so that it behaves similarly to CGroupIODeviceLimit - each entry records both rbps and wbps limits and is cleared if both are at default values after kernel settings are updated.
2016-05-18 22:51:46 +02:00
if (read)
b->rbps = bytes;
else
b->wbps = bytes;
core: general cgroup rework Replace the very generic cgroup hookup with a much simpler one. With this change only the high-level cgroup settings remain, the ability to set arbitrary cgroup attributes is removed, so is support for adding units to arbitrary cgroup controllers or setting arbitrary paths for them (especially paths that are different for the various controllers). This also introduces a new -.slice root slice, that is the parent of system.slice and friends. This enables easy admin configuration of root-level cgrouo properties. This replaces DeviceDeny= by DevicePolicy=, and implicitly adds in /dev/null, /dev/zero and friends if DeviceAllow= is used (unless this is turned off by DevicePolicy=).
2013-06-27 04:14:27 +02:00
return 0;
}
core: replace OnFailureIsolate= setting by a more generic OnFailureJobMode= setting and make use of it where applicable
2013-11-26 01:39:53 +01:00
int config_parse_job_mode_isolate(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
JobMode *m = data;
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
r = parse_boolean(rvalue);
if (r < 0) {
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse boolean, ignoring: %s", rvalue);
core: replace OnFailureIsolate= setting by a more generic OnFailureJobMode= setting and make use of it where applicable
2013-11-26 01:39:53 +01:00
return 0;
}
load-fragment: obsolete OnFailureIsolate=
2017-12-29 09:00:40 +01:00
log_notice("%s is deprecated. Please use OnFailureJobMode= instead", lvalue);
core: replace OnFailureIsolate= setting by a more generic OnFailureJobMode= setting and make use of it where applicable
2013-11-26 01:39:53 +01:00
*m = r ? JOB_ISOLATE : JOB_REPLACE;
return 0;
}
core: add {State,Cache,Log,Configuration}Directory= (#6384) This introduces {State,Cache,Log,Configuration}Directory= those are similar to RuntimeDirectory=. They create the directories under /var/lib, /var/cache/, /var/log, or /etc, respectively, with the mode specified in {State,Cache,Log,Configuration}DirectoryMode=. This also fixes #6391.
2017-07-18 14:34:52 +02:00
int config_parse_exec_directories(
core: introduce new RuntimeDirectory= and RuntimeDirectoryMode= unit settings As discussed on the ML these are useful to manage runtime directories below /run for services.
2014-03-03 17:14:07 +01:00
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
Reject invalid quoted strings String which ended in an unfinished quote were accepted, potentially with bad memory accesses. Reject anything which ends in a unfished quote, or contains non-whitespace characters right after the closing quote. _FOREACH_WORD now returns the invalid character in *state. But this return value is not checked anywhere yet. Also, make 'word' and 'state' variables const pointers, and rename 'w' to 'word' in various places. Things are easier to read if the same name is used consistently. mbiebl_> am I correct that something like this doesn't work mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"' mbiebl_> systemd seems to strip of the quotes mbiebl_> systemctl status shows mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint mbiebl_> which is pretty weird
2014-07-30 04:01:36 +02:00
char***rt = data;
load-fragment: resolve specifiers in RuntimeDirectory
2015-09-17 22:54:13 +02:00
Unit *u = userdata;
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
const char *p;
core: introduce new RuntimeDirectory= and RuntimeDirectoryMode= unit settings As discussed on the ML these are useful to manage runtime directories below /run for services.
2014-03-03 17:14:07 +01:00
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
if (isempty(rvalue)) {
/* Empty assignment resets the list */
tree-wide: make use of the fact that strv_free() returns NULL Another Coccinelle patch.
2015-09-09 23:05:10 +02:00
*rt = strv_free(*rt);
core: introduce new RuntimeDirectory= and RuntimeDirectoryMode= unit settings As discussed on the ML these are useful to manage runtime directories below /run for services.
2014-03-03 17:14:07 +01:00
return 0;
}
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
for (p = rvalue;;) {
_cleanup_free_ char *word = NULL, *k = NULL;
core: introduce new RuntimeDirectory= and RuntimeDirectoryMode= unit settings As discussed on the ML these are useful to manage runtime directories below /run for services.
2014-03-03 17:14:07 +01:00
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
r = extract_first_word(&p, &word, NULL, EXTRACT_QUOTES);
if (r == -ENOMEM)
core: introduce new RuntimeDirectory= and RuntimeDirectoryMode= unit settings As discussed on the ML these are useful to manage runtime directories below /run for services.
2014-03-03 17:14:07 +01:00
return log_oom();
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Invalid syntax, ignoring: %s", rvalue);
return 0;
}
core: fix StateDirectory= (and friends) safety checks when decoding transient unit properties Let's make sure relative directories such as "foo/bar" are accepted, by using the same validation checks as in unit file parsing.
2017-10-02 10:50:07 +02:00
if (r == 0)
return 0;
core: introduce new RuntimeDirectory= and RuntimeDirectoryMode= unit settings As discussed on the ML these are useful to manage runtime directories below /run for services.
2014-03-03 17:14:07 +01:00
core: use unit_full_printf() at a couple of locations we used unit_name_printf() before For settings that are not taking unit names there's no reason to use unit_name_printf(). Use unit_full_printf() instead, as the names are validated anyway in one form or another after expansion.
2016-12-05 19:25:44 +01:00
r = unit_full_printf(u, word, &k);
load-fragment: resolve specifiers in RuntimeDirectory
2015-09-17 22:54:13 +02:00
if (r < 0) {
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
log_syntax(unit, LOG_ERR, filename, line, r,
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
"Failed to resolve unit specifiers in \"%s\", ignoring: %m", word);
load-fragment: resolve specifiers in RuntimeDirectory
2015-09-17 22:54:13 +02:00
continue;
}
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
r = path_simplify_and_warn(k, PATH_CHECK_RELATIVE, unit, filename, line, lvalue);
if (r < 0)
core: refuse StateDirectory=private, as our internal DynamicUser=1 symlink is called that way Let's better be safe than sorry.
2018-05-17 04:25:12 +02:00
continue;
if (path_startswith(k, "private")) {
log_syntax(unit, LOG_ERR, filename, line, 0,
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
"%s= path can't be 'private', ingoring assignment: %s", lvalue, word);
core: introduce new RuntimeDirectory= and RuntimeDirectoryMode= unit settings As discussed on the ML these are useful to manage runtime directories below /run for services.
2014-03-03 17:14:07 +01:00
continue;
}
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
r = strv_push(rt, k);
core: introduce new RuntimeDirectory= and RuntimeDirectoryMode= unit settings As discussed on the ML these are useful to manage runtime directories below /run for services.
2014-03-03 17:14:07 +01:00
if (r < 0)
return log_oom();
core/load-fragment: port to extract_first_word
2016-10-28 02:15:22 +02:00
k = NULL;
core: introduce new RuntimeDirectory= and RuntimeDirectoryMode= unit settings As discussed on the ML these are useful to manage runtime directories below /run for services.
2014-03-03 17:14:07 +01:00
}
}
core: move config_parse_set_status() into load-fragment.c Let's keep specific config parsers close to where they are needed. Only the really generic ones should be defined in conf-parser.[ch].
2014-03-03 21:26:53 +01:00
int config_parse_set_status(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
size_t l;
Reject invalid quoted strings String which ended in an unfinished quote were accepted, potentially with bad memory accesses. Reject anything which ends in a unfished quote, or contains non-whitespace characters right after the closing quote. _FOREACH_WORD now returns the invalid character in *state. But this return value is not checked anywhere yet. Also, make 'word' and 'state' variables const pointers, and rename 'w' to 'word' in various places. Things are easier to read if the same name is used consistently. mbiebl_> am I correct that something like this doesn't work mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"' mbiebl_> systemd seems to strip of the quotes mbiebl_> systemctl status shows mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint mbiebl_> which is pretty weird
2014-07-30 04:01:36 +02:00
const char *word, *state;
core: move config_parse_set_status() into load-fragment.c Let's keep specific config parsers close to where they are needed. Only the really generic ones should be defined in conf-parser.[ch].
2014-03-03 21:26:53 +01:00
int r;
ExitStatusSet *status_set = data;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
exit-status: rename ExitStatusSet's "code" field to "status" We should follow the naming scheme waitid() uses, not come up with our own reversed one...
2014-07-03 15:36:50 +02:00
/* Empty assignment resets the list */
core: move config_parse_set_status() into load-fragment.c Let's keep specific config parsers close to where they are needed. Only the really generic ones should be defined in conf-parser.[ch].
2014-03-03 21:26:53 +01:00
if (isempty(rvalue)) {
exit-status: rename ExitStatusSet's "code" field to "status" We should follow the naming scheme waitid() uses, not come up with our own reversed one...
2014-07-03 15:36:50 +02:00
exit_status_set_free(status_set);
core: move config_parse_set_status() into load-fragment.c Let's keep specific config parsers close to where they are needed. Only the really generic ones should be defined in conf-parser.[ch].
2014-03-03 21:26:53 +01:00
return 0;
}
Reject invalid quoted strings String which ended in an unfinished quote were accepted, potentially with bad memory accesses. Reject anything which ends in a unfished quote, or contains non-whitespace characters right after the closing quote. _FOREACH_WORD now returns the invalid character in *state. But this return value is not checked anywhere yet. Also, make 'word' and 'state' variables const pointers, and rename 'w' to 'word' in various places. Things are easier to read if the same name is used consistently. mbiebl_> am I correct that something like this doesn't work mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"' mbiebl_> systemd seems to strip of the quotes mbiebl_> systemctl status shows mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint mbiebl_> which is pretty weird
2014-07-30 04:01:36 +02:00
FOREACH_WORD(word, l, rvalue, state) {
core: move config_parse_set_status() into load-fragment.c Let's keep specific config parsers close to where they are needed. Only the really generic ones should be defined in conf-parser.[ch].
2014-03-03 21:26:53 +01:00
_cleanup_free_ char *temp;
int val;
config_parse_set_status: put signals in the correct set This was broken when the code was rearranged in "1e2fd62d70ff core/load-fragment.c: correct argument sign and split up long lines"
2015-01-30 09:49:55 +01:00
Set **set;
core: move config_parse_set_status() into load-fragment.c Let's keep specific config parsers close to where they are needed. Only the really generic ones should be defined in conf-parser.[ch].
2014-03-03 21:26:53 +01:00
Reject invalid quoted strings String which ended in an unfinished quote were accepted, potentially with bad memory accesses. Reject anything which ends in a unfished quote, or contains non-whitespace characters right after the closing quote. _FOREACH_WORD now returns the invalid character in *state. But this return value is not checked anywhere yet. Also, make 'word' and 'state' variables const pointers, and rename 'w' to 'word' in various places. Things are easier to read if the same name is used consistently. mbiebl_> am I correct that something like this doesn't work mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"' mbiebl_> systemd seems to strip of the quotes mbiebl_> systemctl status shows mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint mbiebl_> which is pretty weird
2014-07-30 04:01:36 +02:00
temp = strndup(word, l);
core: move config_parse_set_status() into load-fragment.c Let's keep specific config parsers close to where they are needed. Only the really generic ones should be defined in conf-parser.[ch].
2014-03-03 21:26:53 +01:00
if (!temp)
return log_oom();
r = safe_atoi(temp, &val);
if (r < 0) {
util: rename signal_from_string_try_harder() to signal_from_string() Also this makes the new `signal_from_string()` function reject e.g, `SIG3` or `SIG+5`.
2018-05-03 09:38:57 +02:00
val = signal_from_string(temp);
core: move config_parse_set_status() into load-fragment.c Let's keep specific config parsers close to where they are needed. Only the really generic ones should be defined in conf-parser.[ch].
2014-03-03 21:26:53 +01:00
core/load-fragment.c: correct argument sign and split up long lines With everything on one line they are just harder to read.
2014-07-31 09:38:05 +02:00
if (val <= 0) {
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse value, ignoring: %s", word);
config_parse_set_status: put signals in the correct set This was broken when the code was rearranged in "1e2fd62d70ff core/load-fragment.c: correct argument sign and split up long lines"
2015-01-30 09:49:55 +01:00
continue;
core: move config_parse_set_status() into load-fragment.c Let's keep specific config parsers close to where they are needed. Only the really generic ones should be defined in conf-parser.[ch].
2014-03-03 21:26:53 +01:00
}
config_parse_set_status: put signals in the correct set This was broken when the code was rearranged in "1e2fd62d70ff core/load-fragment.c: correct argument sign and split up long lines"
2015-01-30 09:49:55 +01:00
set = &status_set->signal;
core: move config_parse_set_status() into load-fragment.c Let's keep specific config parsers close to where they are needed. Only the really generic ones should be defined in conf-parser.[ch].
2014-03-03 21:26:53 +01:00
} else {
core/load-fragment.c: correct argument sign and split up long lines With everything on one line they are just harder to read.
2014-07-31 09:38:05 +02:00
if (val < 0 || val > 255) {
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Value %d is outside range 0-255, ignoring", val);
core/load-fragment.c: correct argument sign and split up long lines With everything on one line they are just harder to read.
2014-07-31 09:38:05 +02:00
continue;
core: move config_parse_set_status() into load-fragment.c Let's keep specific config parsers close to where they are needed. Only the really generic ones should be defined in conf-parser.[ch].
2014-03-03 21:26:53 +01:00
}
config_parse_set_status: put signals in the correct set This was broken when the code was rearranged in "1e2fd62d70ff core/load-fragment.c: correct argument sign and split up long lines"
2015-01-30 09:49:55 +01:00
set = &status_set->status;
core: move config_parse_set_status() into load-fragment.c Let's keep specific config parsers close to where they are needed. Only the really generic ones should be defined in conf-parser.[ch].
2014-03-03 21:26:53 +01:00
}
core/load-fragment.c: correct argument sign and split up long lines With everything on one line they are just harder to read.
2014-07-31 09:38:05 +02:00
config_parse_set_status: put signals in the correct set This was broken when the code was rearranged in "1e2fd62d70ff core/load-fragment.c: correct argument sign and split up long lines"
2015-01-30 09:49:55 +01:00
r = set_ensure_allocated(set, NULL);
core/load-fragment.c: correct argument sign and split up long lines With everything on one line they are just harder to read.
2014-07-31 09:38:05 +02:00
if (r < 0)
return log_oom();
config_parse_set_status: put signals in the correct set This was broken when the code was rearranged in "1e2fd62d70ff core/load-fragment.c: correct argument sign and split up long lines"
2015-01-30 09:49:55 +01:00
r = set_put(*set, INT_TO_PTR(val));
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
if (r < 0)
return log_oom();
core: move config_parse_set_status() into load-fragment.c Let's keep specific config parsers close to where they are needed. Only the really generic ones should be defined in conf-parser.[ch].
2014-03-03 21:26:53 +01:00
}
Properly report invalid quoted strings $ systemd-analyze verify trailing-g.service [./trailing-g.service:2] Trailing garbage, ignoring. trailing-g.service lacks ExecStart setting. Refusing. Error: org.freedesktop.systemd1.LoadFailed: Unit trailing-g.service failed to load: Invalid argument. Failed to create trailing-g.service/start: Invalid argument
2014-07-31 09:28:37 +02:00
if (!isempty(state))
tree-wide: clean up log_syntax() usage - Rely everywhere that we use abs() on the error code passed in anyway, thus don't need to explicitly negate what we pass in - Never attach synthetic error number information to log messages. Only log about errors we *receive* with the error number we got there, don't log any synthetic error, that don#t even propagate, but just eat up. - Be more careful with attaching exactly the error we get, instead of errno or unrelated errors randomly. - Fix one occasion where the error number and line number got swapped. - Make sure we never tape over OOM issues, or inability to resolve specifiers
2015-09-30 18:22:42 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Trailing garbage, ignoring.");
core: move config_parse_set_status() into load-fragment.c Let's keep specific config parsers close to where they are needed. Only the really generic ones should be defined in conf-parser.[ch].
2014-03-03 21:26:53 +01:00
return 0;
}
conf-parser: config_parse_path_strv() is not generic, so let's move it into load-fragment.c The parse code actually checked for specific lvalue names, which is really wrong for supposedly generic parsers...
2014-03-03 21:40:55 +01:00
int config_parse_namespace_path_strv(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
core: add specifier expansion to ReadOnlyPaths= and friends Expanding specifiers here definitely makes sense. Also simplifies the loop a bit, as there's no reason to keep "prev" around...
2016-12-05 19:42:25 +01:00
Unit *u = userdata;
Reject invalid quoted strings String which ended in an unfinished quote were accepted, potentially with bad memory accesses. Reject anything which ends in a unfished quote, or contains non-whitespace characters right after the closing quote. _FOREACH_WORD now returns the invalid character in *state. But this return value is not checked anywhere yet. Also, make 'word' and 'state' variables const pointers, and rename 'w' to 'word' in various places. Things are easier to read if the same name is used consistently. mbiebl_> am I correct that something like this doesn't work mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"' mbiebl_> systemd seems to strip of the quotes mbiebl_> systemctl status shows mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint mbiebl_> which is pretty weird
2014-07-30 04:01:36 +02:00
char*** sv = data;
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
const char *p = rvalue;
conf-parser: config_parse_path_strv() is not generic, so let's move it into load-fragment.c The parse code actually checked for specific lvalue names, which is really wrong for supposedly generic parsers...
2014-03-03 21:40:55 +01:00
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
if (isempty(rvalue)) {
/* Empty assignment resets the list */
tree-wide: make use of the fact that strv_free() returns NULL Another Coccinelle patch.
2015-09-09 23:05:10 +02:00
*sv = strv_free(*sv);
conf-parser: config_parse_path_strv() is not generic, so let's move it into load-fragment.c The parse code actually checked for specific lvalue names, which is really wrong for supposedly generic parsers...
2014-03-03 21:40:55 +01:00
return 0;
}
core: use extract_first_word for namespace parsing see https://github.com/systemd/systemd/pull/1632#issuecomment-149903791 We should port this loop over to extract_first_word(), too.
2015-10-22 22:28:28 +02:00
for (;;) {
core: add specifier expansion to ReadOnlyPaths= and friends Expanding specifiers here definitely makes sense. Also simplifies the loop a bit, as there's no reason to keep "prev" around...
2016-12-05 19:42:25 +01:00
_cleanup_free_ char *word = NULL, *resolved = NULL, *joined = NULL;
core: actually make "+" prefix in ReadOnlyPaths=, InaccessiblePaths=, ReadWritablePaths= work 5327c910d2fc1ae91bd0b891be92b30379c7467b claimed to add support for "+" for prefixing paths with the configured RootDirectory=. But actually it only implemented it in the backend, it did not add support for it to the configuration file parsers. Fix that now.
2016-12-23 01:16:43 +01:00
const char *w;
bool ignore_enoent = false, shall_prefix = false;
conf-parser: config_parse_path_strv() is not generic, so let's move it into load-fragment.c The parse code actually checked for specific lvalue names, which is really wrong for supposedly generic parsers...
2014-03-03 21:40:55 +01:00
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
r = extract_first_word(&p, &word, NULL, EXTRACT_QUOTES);
core: small fixes to parse_namespace * don't hide ENOMEM * log r instead of 0
2015-11-03 22:32:34 +01:00
if (r == 0)
break;
if (r == -ENOMEM)
return log_oom();
core: use extract_first_word for namespace parsing see https://github.com/systemd/systemd/pull/1632#issuecomment-149903791 We should port this loop over to extract_first_word(), too.
2015-10-22 22:28:28 +02:00
if (r < 0) {
core: add specifier expansion to ReadOnlyPaths= and friends Expanding specifiers here definitely makes sense. Also simplifies the loop a bit, as there's no reason to keep "prev" around...
2016-12-05 19:42:25 +01:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to extract first word, ignoring: %s", rvalue);
core: use extract_first_word for namespace parsing see https://github.com/systemd/systemd/pull/1632#issuecomment-149903791 We should port this loop over to extract_first_word(), too.
2015-10-22 22:28:28 +02:00
return 0;
}
conf-parser: config_parse_path_strv() is not generic, so let's move it into load-fragment.c The parse code actually checked for specific lvalue names, which is really wrong for supposedly generic parsers...
2014-03-03 21:40:55 +01:00
core: actually make "+" prefix in ReadOnlyPaths=, InaccessiblePaths=, ReadWritablePaths= work 5327c910d2fc1ae91bd0b891be92b30379c7467b claimed to add support for "+" for prefixing paths with the configured RootDirectory=. But actually it only implemented it in the backend, it did not add support for it to the configuration file parsers. Fix that now.
2016-12-23 01:16:43 +01:00
w = word;
if (startswith(w, "-")) {
ignore_enoent = true;
w++;
}
if (startswith(w, "+")) {
shall_prefix = true;
w++;
}
core: add specifier expansion to ReadOnlyPaths= and friends Expanding specifiers here definitely makes sense. Also simplifies the loop a bit, as there's no reason to keep "prev" around...
2016-12-05 19:42:25 +01:00
core: actually make "+" prefix in ReadOnlyPaths=, InaccessiblePaths=, ReadWritablePaths= work 5327c910d2fc1ae91bd0b891be92b30379c7467b claimed to add support for "+" for prefixing paths with the configured RootDirectory=. But actually it only implemented it in the backend, it did not add support for it to the configuration file parsers. Fix that now.
2016-12-23 01:16:43 +01:00
r = unit_full_printf(u, w, &resolved);
core: add specifier expansion to ReadOnlyPaths= and friends Expanding specifiers here definitely makes sense. Also simplifies the loop a bit, as there's no reason to keep "prev" around...
2016-12-05 19:42:25 +01:00
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s: %m", w);
conf-parser: config_parse_path_strv() is not generic, so let's move it into load-fragment.c The parse code actually checked for specific lvalue names, which is really wrong for supposedly generic parsers...
2014-03-03 21:40:55 +01:00
continue;
}
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
if (r < 0)
core: add specifier expansion to ReadOnlyPaths= and friends Expanding specifiers here definitely makes sense. Also simplifies the loop a bit, as there's no reason to keep "prev" around...
2016-12-05 19:42:25 +01:00
continue;
conf-parser: config_parse_path_strv() is not generic, so let's move it into load-fragment.c The parse code actually checked for specific lvalue names, which is really wrong for supposedly generic parsers...
2014-03-03 21:40:55 +01:00
core: actually make "+" prefix in ReadOnlyPaths=, InaccessiblePaths=, ReadWritablePaths= work 5327c910d2fc1ae91bd0b891be92b30379c7467b claimed to add support for "+" for prefixing paths with the configured RootDirectory=. But actually it only implemented it in the backend, it did not add support for it to the configuration file parsers. Fix that now.
2016-12-23 01:16:43 +01:00
joined = strjoin(ignore_enoent ? "-" : "",
shall_prefix ? "+" : "",
resolved);
core: add specifier expansion to ReadOnlyPaths= and friends Expanding specifiers here definitely makes sense. Also simplifies the loop a bit, as there's no reason to keep "prev" around...
2016-12-05 19:42:25 +01:00
r = strv_push(sv, joined);
conf-parser: config_parse_path_strv() is not generic, so let's move it into load-fragment.c The parse code actually checked for specific lvalue names, which is really wrong for supposedly generic parsers...
2014-03-03 21:40:55 +01:00
if (r < 0)
return log_oom();
core: add specifier expansion to ReadOnlyPaths= and friends Expanding specifiers here definitely makes sense. Also simplifies the loop a bit, as there's no reason to keep "prev" around...
2016-12-05 19:42:25 +01:00
joined = NULL;
conf-parser: config_parse_path_strv() is not generic, so let's move it into load-fragment.c The parse code actually checked for specific lvalue names, which is really wrong for supposedly generic parsers...
2014-03-03 21:40:55 +01:00
}
return 0;
}
core: add new setting TemporaryFileSystem= This introduces a new setting TemporaryFileSystem=. This is useful to hide files not relevant to the processes invoked by unit, while necessary files or directories can be still accessed by combining with Bind{,ReadOnly}Paths=.
2018-02-21 01:17:52 +01:00
int config_parse_temporary_filesystems(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
Unit *u = userdata;
ExecContext *c = data;
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
const char *p = rvalue;
core: add new setting TemporaryFileSystem= This introduces a new setting TemporaryFileSystem=. This is useful to hide files not relevant to the processes invoked by unit, while necessary files or directories can be still accessed by combining with Bind{,ReadOnly}Paths=.
2018-02-21 01:17:52 +01:00
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
if (isempty(rvalue)) {
/* Empty assignment resets the list */
temporary_filesystem_free_many(c->temporary_filesystems, c->n_temporary_filesystems);
c->temporary_filesystems = NULL;
c->n_temporary_filesystems = 0;
return 0;
}
for (;;) {
_cleanup_free_ char *word = NULL, *path = NULL, *resolved = NULL;
const char *w;
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
r = extract_first_word(&p, &word, NULL, EXTRACT_QUOTES);
core: add new setting TemporaryFileSystem= This introduces a new setting TemporaryFileSystem=. This is useful to hide files not relevant to the processes invoked by unit, while necessary files or directories can be still accessed by combining with Bind{,ReadOnly}Paths=.
2018-02-21 01:17:52 +01:00
if (r == 0)
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
return 0;
core: add new setting TemporaryFileSystem= This introduces a new setting TemporaryFileSystem=. This is useful to hide files not relevant to the processes invoked by unit, while necessary files or directories can be still accessed by combining with Bind{,ReadOnly}Paths=.
2018-02-21 01:17:52 +01:00
if (r == -ENOMEM)
return log_oom();
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to extract first word, ignoring: %s", rvalue);
return 0;
}
w = word;
r = extract_first_word(&w, &path, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
if (r == -ENOMEM)
return log_oom();
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to extract first word, ignoring: %s", word);
continue;
}
if (r == 0) {
log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid syntax, ignoring: %s", word);
continue;
}
core: add new setting TemporaryFileSystem= This introduces a new setting TemporaryFileSystem=. This is useful to hide files not relevant to the processes invoked by unit, while necessary files or directories can be still accessed by combining with Bind{,ReadOnly}Paths=.
2018-02-21 01:17:52 +01:00
r = unit_full_printf(u, path, &resolved);
if (r < 0) {
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers in %s, ignoring: %m", path);
core: add new setting TemporaryFileSystem= This introduces a new setting TemporaryFileSystem=. This is useful to hide files not relevant to the processes invoked by unit, while necessary files or directories can be still accessed by combining with Bind{,ReadOnly}Paths=.
2018-02-21 01:17:52 +01:00
continue;
}
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
r = path_simplify_and_warn(resolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
if (r < 0)
core: add new setting TemporaryFileSystem= This introduces a new setting TemporaryFileSystem=. This is useful to hide files not relevant to the processes invoked by unit, while necessary files or directories can be still accessed by combining with Bind{,ReadOnly}Paths=.
2018-02-21 01:17:52 +01:00
continue;
core: Actually use the resolved path for TemporaryFileSystem= (#9385) The code already resolves specifiers using unit_full_printf() but then uses the unresolved version again for temporary_filesystem_add().
2018-06-23 01:17:07 +02:00
r = temporary_filesystem_add(&c->temporary_filesystems, &c->n_temporary_filesystems, resolved, w);
core: drop unused log message temporary_filesystem_add() does not parse mount options.
2018-06-22 23:39:19 +02:00
if (r < 0)
core: add new setting TemporaryFileSystem= This introduces a new setting TemporaryFileSystem=. This is useful to hide files not relevant to the processes invoked by unit, while necessary files or directories can be still accessed by combining with Bind{,ReadOnly}Paths=.
2018-02-21 01:17:52 +01:00
return log_oom();
}
}
core: add ability to define arbitrary bind mounts for services This adds two new settings BindPaths= and BindReadOnlyPaths=. They allow defining arbitrary bind mounts specific to particular services. This is particularly useful for services with RootDirectory= set as this permits making specific bits of the host directory available to chrooted services. The two new settings follow the concepts nspawn already possess in --bind= and --bind-ro=, as well as the .nspawn settings Bind= and BindReadOnly= (and these latter options should probably be renamed to BindPaths= and BindReadOnlyPaths= too). Fixes: #3439
2016-11-23 22:21:40 +01:00
int config_parse_bind_paths(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
ExecContext *c = data;
load-fragment: resolve specifiers in BindPaths/BindReadOnlyPaths (#5687)
2017-04-24 18:23:35 +02:00
Unit *u = userdata;
core: add ability to define arbitrary bind mounts for services This adds two new settings BindPaths= and BindReadOnlyPaths=. They allow defining arbitrary bind mounts specific to particular services. This is particularly useful for services with RootDirectory= set as this permits making specific bits of the host directory available to chrooted services. The two new settings follow the concepts nspawn already possess in --bind= and --bind-ro=, as well as the .nspawn settings Bind= and BindReadOnly= (and these latter options should probably be renamed to BindPaths= and BindReadOnlyPaths= too). Fixes: #3439
2016-11-23 22:21:40 +01:00
const char *p;
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
if (isempty(rvalue)) {
/* Empty assignment resets the list */
bind_mount_free_many(c->bind_mounts, c->n_bind_mounts);
c->bind_mounts = NULL;
c->n_bind_mounts = 0;
return 0;
}
p = rvalue;
for (;;) {
_cleanup_free_ char *source = NULL, *destination = NULL;
load-fragment: resolve specifiers in BindPaths/BindReadOnlyPaths (#5687)
2017-04-24 18:23:35 +02:00
_cleanup_free_ char *sresolved = NULL, *dresolved = NULL;
core: add ability to define arbitrary bind mounts for services This adds two new settings BindPaths= and BindReadOnlyPaths=. They allow defining arbitrary bind mounts specific to particular services. This is particularly useful for services with RootDirectory= set as this permits making specific bits of the host directory available to chrooted services. The two new settings follow the concepts nspawn already possess in --bind= and --bind-ro=, as well as the .nspawn settings Bind= and BindReadOnly= (and these latter options should probably be renamed to BindPaths= and BindReadOnlyPaths= too). Fixes: #3439
2016-11-23 22:21:40 +01:00
char *s = NULL, *d = NULL;
bool rbind = true, ignore_enoent = false;
r = extract_first_word(&p, &source, ":" WHITESPACE, EXTRACT_QUOTES|EXTRACT_DONT_COALESCE_SEPARATORS);
if (r == 0)
break;
if (r == -ENOMEM)
return log_oom();
if (r < 0) {
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s, ignoring: %s", lvalue, rvalue);
core: add ability to define arbitrary bind mounts for services This adds two new settings BindPaths= and BindReadOnlyPaths=. They allow defining arbitrary bind mounts specific to particular services. This is particularly useful for services with RootDirectory= set as this permits making specific bits of the host directory available to chrooted services. The two new settings follow the concepts nspawn already possess in --bind= and --bind-ro=, as well as the .nspawn settings Bind= and BindReadOnly= (and these latter options should probably be renamed to BindPaths= and BindReadOnlyPaths= too). Fixes: #3439
2016-11-23 22:21:40 +01:00
return 0;
}
load-fragment: resolve specifiers in BindPaths/BindReadOnlyPaths (#5687)
2017-04-24 18:23:35 +02:00
r = unit_full_printf(u, source, &sresolved);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r,
core/load-fragment: update log messages
2018-05-20 16:08:29 +02:00
"Failed to resolved unit specifiers in \"%s\", ignoring: %m", source);
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
continue;
load-fragment: resolve specifiers in BindPaths/BindReadOnlyPaths (#5687)
2017-04-24 18:23:35 +02:00
}
s = sresolved;
core: add ability to define arbitrary bind mounts for services This adds two new settings BindPaths= and BindReadOnlyPaths=. They allow defining arbitrary bind mounts specific to particular services. This is particularly useful for services with RootDirectory= set as this permits making specific bits of the host directory available to chrooted services. The two new settings follow the concepts nspawn already possess in --bind= and --bind-ro=, as well as the .nspawn settings Bind= and BindReadOnly= (and these latter options should probably be renamed to BindPaths= and BindReadOnlyPaths= too). Fixes: #3439
2016-11-23 22:21:40 +01:00
if (s[0] == '-') {
ignore_enoent = true;
s++;
}
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
r = path_simplify_and_warn(s, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
if (r < 0)
continue;
core: add ability to define arbitrary bind mounts for services This adds two new settings BindPaths= and BindReadOnlyPaths=. They allow defining arbitrary bind mounts specific to particular services. This is particularly useful for services with RootDirectory= set as this permits making specific bits of the host directory available to chrooted services. The two new settings follow the concepts nspawn already possess in --bind= and --bind-ro=, as well as the .nspawn settings Bind= and BindReadOnly= (and these latter options should probably be renamed to BindPaths= and BindReadOnlyPaths= too). Fixes: #3439
2016-11-23 22:21:40 +01:00
/* Optionally, the destination is specified. */
if (p && p[-1] == ':') {
r = extract_first_word(&p, &destination, ":" WHITESPACE, EXTRACT_QUOTES|EXTRACT_DONT_COALESCE_SEPARATORS);
if (r == -ENOMEM)
return log_oom();
if (r < 0) {
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s, ignoring: %s", lvalue, rvalue);
core: add ability to define arbitrary bind mounts for services This adds two new settings BindPaths= and BindReadOnlyPaths=. They allow defining arbitrary bind mounts specific to particular services. This is particularly useful for services with RootDirectory= set as this permits making specific bits of the host directory available to chrooted services. The two new settings follow the concepts nspawn already possess in --bind= and --bind-ro=, as well as the .nspawn settings Bind= and BindReadOnly= (and these latter options should probably be renamed to BindPaths= and BindReadOnlyPaths= too). Fixes: #3439
2016-11-23 22:21:40 +01:00
return 0;
}
if (r == 0) {
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
log_syntax(unit, LOG_ERR, filename, line, 0, "Missing argument after ':', ignoring: %s", s);
continue;
core: add ability to define arbitrary bind mounts for services This adds two new settings BindPaths= and BindReadOnlyPaths=. They allow defining arbitrary bind mounts specific to particular services. This is particularly useful for services with RootDirectory= set as this permits making specific bits of the host directory available to chrooted services. The two new settings follow the concepts nspawn already possess in --bind= and --bind-ro=, as well as the .nspawn settings Bind= and BindReadOnly= (and these latter options should probably be renamed to BindPaths= and BindReadOnlyPaths= too). Fixes: #3439
2016-11-23 22:21:40 +01:00
}
load-fragment: resolve specifiers in BindPaths/BindReadOnlyPaths (#5687)
2017-04-24 18:23:35 +02:00
r = unit_full_printf(u, destination, &dresolved);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r,
"Failed to resolved specifiers in \"%s\", ignoring: %m", destination);
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
continue;
load-fragment: resolve specifiers in BindPaths/BindReadOnlyPaths (#5687)
2017-04-24 18:23:35 +02:00
}
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
r = path_simplify_and_warn(dresolved, PATH_CHECK_ABSOLUTE, unit, filename, line, lvalue);
if (r < 0)
continue;
core: add ability to define arbitrary bind mounts for services This adds two new settings BindPaths= and BindReadOnlyPaths=. They allow defining arbitrary bind mounts specific to particular services. This is particularly useful for services with RootDirectory= set as this permits making specific bits of the host directory available to chrooted services. The two new settings follow the concepts nspawn already possess in --bind= and --bind-ro=, as well as the .nspawn settings Bind= and BindReadOnly= (and these latter options should probably be renamed to BindPaths= and BindReadOnlyPaths= too). Fixes: #3439
2016-11-23 22:21:40 +01:00
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
d = dresolved;
core: add ability to define arbitrary bind mounts for services This adds two new settings BindPaths= and BindReadOnlyPaths=. They allow defining arbitrary bind mounts specific to particular services. This is particularly useful for services with RootDirectory= set as this permits making specific bits of the host directory available to chrooted services. The two new settings follow the concepts nspawn already possess in --bind= and --bind-ro=, as well as the .nspawn settings Bind= and BindReadOnly= (and these latter options should probably be renamed to BindPaths= and BindReadOnlyPaths= too). Fixes: #3439
2016-11-23 22:21:40 +01:00
/* Optionally, there's also a short option string specified */
if (p && p[-1] == ':') {
_cleanup_free_ char *options = NULL;
r = extract_first_word(&p, &options, NULL, EXTRACT_QUOTES);
if (r == -ENOMEM)
return log_oom();
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse %s: %s", lvalue, rvalue);
return 0;
}
if (isempty(options) || streq(options, "rbind"))
rbind = true;
else if (streq(options, "norbind"))
rbind = false;
else {
log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid option string, ignoring setting: %s", options);
load-fragment: use path_simplify_and_warn() where applicable
2018-06-03 16:59:02 +02:00
continue;
core: add ability to define arbitrary bind mounts for services This adds two new settings BindPaths= and BindReadOnlyPaths=. They allow defining arbitrary bind mounts specific to particular services. This is particularly useful for services with RootDirectory= set as this permits making specific bits of the host directory available to chrooted services. The two new settings follow the concepts nspawn already possess in --bind= and --bind-ro=, as well as the .nspawn settings Bind= and BindReadOnly= (and these latter options should probably be renamed to BindPaths= and BindReadOnlyPaths= too). Fixes: #3439
2016-11-23 22:21:40 +01:00
}
}
} else
d = s;
r = bind_mount_add(&c->bind_mounts, &c->n_bind_mounts,
&(BindMount) {
.source = s,
.destination = d,
.read_only = !!strstr(lvalue, "ReadOnly"),
.recursive = rbind,
.ignore_enoent = ignore_enoent,
});
if (r < 0)
return log_oom();
}
return 0;
}
unit: when JobTimeoutSec= is turned off, implicitly turn off JobRunningTimeoutSec= too We added JobRunningTimeoutSec= late, and Dracut configured only JobTimeoutSec= to turn of root device timeouts before. With this change we'll propagate a reset of JobTimeoutSec= into JobRunningTimeoutSec=, but only if the latter wasn't set explicitly. This should restore compatibility with older systemd versions. Fixes: #6402
2017-09-27 17:30:50 +02:00
int config_parse_job_timeout_sec(
const char* unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
Unit *u = data;
usec_t usec;
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(u);
r = parse_sec_fix_0(rvalue, &usec);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse JobTimeoutSec= parameter, ignoring: %s", rvalue);
return 0;
}
/* If the user explicitly changed JobTimeoutSec= also change JobRunningTimeoutSec=, for compatibility with old
Merge pull request #6931 from poettering/job-timeout-sec
2017-10-05 14:42:29 +02:00
* versions. If JobRunningTimeoutSec= was explicitly set, avoid this however as whatever the user picked should
unit: when JobTimeoutSec= is turned off, implicitly turn off JobRunningTimeoutSec= too We added JobRunningTimeoutSec= late, and Dracut configured only JobTimeoutSec= to turn of root device timeouts before. With this change we'll propagate a reset of JobTimeoutSec= into JobRunningTimeoutSec=, but only if the latter wasn't set explicitly. This should restore compatibility with older systemd versions. Fixes: #6402
2017-09-27 17:30:50 +02:00
* count. */
if (!u->job_running_timeout_set)
u->job_running_timeout = usec;
u->job_timeout = usec;
return 0;
}
int config_parse_job_running_timeout_sec(
const char* unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
Unit *u = data;
usec_t usec;
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(u);
r = parse_sec_fix_0(rvalue, &usec);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse JobRunningTimeoutSec= parameter, ignoring: %s", rvalue);
return 0;
}
u->job_running_timeout = usec;
u->job_running_timeout_set = true;
return 0;
}
core: define "exit" and "exit-force" actions for user units and only accept that We would accept e.g. FailureAction=reboot-force in user units and then do an exit in the user manager. Let's be stricter, and define "exit"/"exit-force" as the only supported actions in user units. v2: - rename 'exit' to 'exit-force' and add new 'exit' - add test for the parsing function
2018-10-16 13:28:39 +02:00
int config_parse_emergency_action(
const char* unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
Manager *m = NULL;
EmergencyAction *x = data;
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
if (unit)
m = ((Unit*) userdata)->manager;
else
m = data;
r = parse_emergency_action(rvalue, MANAGER_IS_SYSTEM(m), x);
if (r < 0) {
if (r == -EOPNOTSUPP)
log_syntax(unit, LOG_ERR, filename, line, r,
"%s= specified as %s mode action, ignoring: %s",
lvalue, MANAGER_IS_SYSTEM(m) ? "user" : "system", rvalue);
else
log_syntax(unit, LOG_ERR, filename, line, r,
"Failed to parse %s=, ignoring: %s", lvalue, rvalue);
return 0;
}
return 0;
}
implement proper logging for services
2010-01-28 02:06:20 +01:00
#define FOLLOW_MAX 8
s/name/unit
2010-01-26 21:39:06 +01:00
core: add minimal templating system
2010-04-15 03:11:11 +02:00
static int open_follow(char **filename, FILE **_f, Set *names, char **_final) {
core: when encountering a symlink alias for non-aliasable units warn nicely If the user defines a symlink alias for a unit whose type does not support aliasing, detect this early and print a nice warning. Fixe: #2730
2016-04-29 17:37:33 +02:00
char *id = NULL;
implement drop-in directories
2010-01-27 00:15:56 +01:00
unsigned c = 0;
s/name/unit
2010-01-26 21:39:06 +01:00
int fd, r;
FILE *f;
assert(filename);
assert(*filename);
assert(_f);
assert(names);
implement drop-in directories
2010-01-27 00:15:56 +01:00
/* This will update the filename pointer if the loaded file is
* reached by a symlink. The old string will be freed. */
s/name/unit
2010-01-26 21:39:06 +01:00
implement drop-in directories
2010-01-27 00:15:56 +01:00
for (;;) {
util: introduce readlink_and_make_absolute()
2010-06-16 01:56:00 +02:00
char *target, *name;
s/name/unit
2010-01-26 21:39:06 +01:00
implement drop-in directories
2010-01-27 00:15:56 +01:00
if (c++ >= FOLLOW_MAX)
return -ELOOP;
path-util: introduce path_simplify() The function is similar to path_kill_slashes() but also removes initial './', trailing '/.', and '/./' in the path. When the second argument of path_simplify() is false, then it behaves as the same as path_kill_slashes(). Hence, this also replaces path_kill_slashes() with path_simplify().
2018-05-31 16:39:31 +02:00
path_simplify(*filename, false);
add mount enumerator
2010-01-29 02:07:41 +01:00
s/name/unit
2010-01-26 21:39:06 +01:00
/* Add the file name we are currently looking at to
unit: allow symlinking unit files to /dev/null
2010-07-21 03:13:15 +02:00
* the names of this unit, but only if it is a valid
* unit name. */
Get rid of our reimplementation of basename The only problem is that libgen.h #defines basename to point to it's own broken implementation instead of the GNU one. This can be fixed by #undefining basename.
2013-12-07 03:29:55 +01:00
name = basename(*filename);
core: rework unit name validation and manipulation logic A variety of changes: - Make sure all our calls distuingish OOM from other errors if OOM is not the only error possible. - Be much stricter when parsing escaped paths, do not accept trailing or leading escaped slashes. - Change unit validation to take a bit mask for allowing plain names, instance names or template names or an combination thereof. - Refuse manipulating invalid unit name
2015-04-30 20:21:00 +02:00
if (unit_name_is_valid(name, UNIT_NAME_ANY)) {
unit: allow symlinking unit files to /dev/null
2010-07-21 03:13:15 +02:00
unit: when loading symlinked template units, properly add all names on the way to the unit
2011-06-28 02:53:15 +02:00
id = set_get(names, name);
if (!id) {
id = strdup(name);
if (!id)
unit: allow symlinking unit files to /dev/null
2010-07-21 03:13:15 +02:00
return -ENOMEM;
s/name/unit
2010-01-26 21:39:06 +01:00
Add set_consume which always takes ownership Freeing in error path is the common pattern with set_put().
2013-04-23 05:12:15 +02:00
r = set_consume(names, id);
if (r < 0)
unit: allow symlinking unit files to /dev/null
2010-07-21 03:13:15 +02:00
return r;
s/name/unit
2010-01-26 21:39:06 +01:00
}
}
implement drop-in directories
2010-01-27 00:15:56 +01:00
/* Try to open the file name, but don't if its a symlink */
load-fragment: a few modernizations
2012-07-03 16:09:36 +02:00
fd = open(*filename, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW);
if (fd >= 0)
s/name/unit
2010-01-26 21:39:06 +01:00
break;
implement drop-in directories
2010-01-27 00:15:56 +01:00
if (errno != ELOOP)
return -errno;
s/name/unit
2010-01-26 21:39:06 +01:00
/* Hmm, so this is a symlink. Let's read the name, and follow it manually */
load-fragment: a few modernizations
2012-07-03 16:09:36 +02:00
r = readlink_and_make_absolute(*filename, &target);
if (r < 0)
implement drop-in directories
2010-01-27 00:15:56 +01:00
return r;
s/name/unit
2010-01-26 21:39:06 +01:00
load-fragment: use free_and_replace()
2018-05-31 06:27:06 +02:00
free_and_replace(*filename, target);
s/name/unit
2010-01-26 21:39:06 +01:00
}
load-fragment: a few modernizations
2012-07-03 16:09:36 +02:00
f = fdopen(fd, "re");
if (!f) {
util: replace close_nointr_nofail() by a more useful safe_close() safe_close() automatically becomes a NOP when a negative fd is passed, and returns -1 unconditionally. This makes it easy to write lines like this: fd = safe_close(fd); Which will close an fd if it is open, and reset the fd variable correctly. By making use of this new scheme we can drop a > 200 lines of code that was required to test for non-negative fds or to reset the closed fd variable afterwards.
2014-03-18 19:22:43 +01:00
safe_close(fd);
core/load-fragment: safe_close() protects errno
2015-03-07 20:36:14 +01:00
return -errno;
s/name/unit
2010-01-26 21:39:06 +01:00
}
*_f = f;
core: add minimal templating system
2010-04-15 03:11:11 +02:00
*_final = id;
core: when encountering a symlink alias for non-aliasable units warn nicely If the user defines a symlink alias for a unit whose type does not support aliasing, detect this early and print a nice warning. Fixe: #2730
2016-04-29 17:37:33 +02:00
implement drop-in directories
2010-01-27 00:15:56 +01:00
return 0;
s/name/unit
2010-01-26 21:39:06 +01:00
}
rework merging/loading logic
2010-04-06 02:43:58 +02:00
static int merge_by_names(Unit **u, Set *names, const char *id) {
char *k;
int r;
assert(u);
assert(*u);
assert(names);
/* Let's try to add in all symlink names we found */
while ((k = set_steal_first(names))) {
/* First try to merge in the other name into our
* unit */
load-fragment: a few modernizations
2012-07-03 16:09:36 +02:00
r = unit_merge_by_name(*u, k);
if (r < 0) {
rework merging/loading logic
2010-04-06 02:43:58 +02:00
Unit *other;
/* Hmm, we couldn't merge the other unit into
* ours? Then let's try it the other way
* round */
core: look for instance when processing template name If first attempt to merge units failed and we are trying to do merge the other way around and at the same time we are working with template name, then other unit can't possibly be template, because it is not possible to have template unit running, only instances of the template. Thus we need to look for already active instance instead.
2016-03-16 14:52:44 +01:00
/* If the symlink name we are looking at is unit template, then
we must search for instance of this template */
load-fragment: don't try to do a template instance replacement if we are not an instance (#3451) Corrects: 7aad67e7 Fixes: #3438
2016-06-09 10:49:36 +02:00
if (unit_name_is_valid(k, UNIT_NAME_TEMPLATE) && (*u)->instance) {
core: look for instance when processing template name If first attempt to merge units failed and we are trying to do merge the other way around and at the same time we are working with template name, then other unit can't possibly be template, because it is not possible to have template unit running, only instances of the template. Thus we need to look for already active instance instead.
2016-03-16 14:52:44 +01:00
_cleanup_free_ char *instance = NULL;
r = unit_name_replace_instance(k, (*u)->instance, &instance);
if (r < 0)
return r;
other = manager_get_unit((*u)->manager, instance);
} else
other = manager_get_unit((*u)->manager, k);
rework merging/loading logic
2010-04-06 02:43:58 +02:00
free(k);
load-fragment: a few modernizations
2012-07-03 16:09:36 +02:00
if (other) {
r = unit_merge(other, *u);
if (r >= 0) {
rework merging/loading logic
2010-04-06 02:43:58 +02:00
*u = other;
return merge_by_names(u, names, NULL);
}
load-fragment: a few modernizations
2012-07-03 16:09:36 +02:00
}
rework merging/loading logic
2010-04-06 02:43:58 +02:00
return r;
}
if (id == k)
unit_choose_id(*u, id);
free(k);
}
return 0;
}
mount: implement mounting properly This also includes code that writes utmp/wtmp records when applicable, making use the mount infrastructure to detct when those files are accessible. Finally, this also introduces a --dump-configuration-items switch.
2010-04-10 17:53:17 +02:00
static int load_from_path(Unit *u, const char *path) {
core: some more _cleanup_free_
2013-10-22 01:54:10 +02:00
_cleanup_set_free_free_ Set *symlink_names = NULL;
_cleanup_fclose_ FILE *f = NULL;
_cleanup_free_ char *filename = NULL;
char *id = NULL;
rework merging/loading logic
2010-04-06 02:43:58 +02:00
Unit *merged;
systemctl: warn when operating on service files that changed on disk but haven't been reloaded
2010-07-17 00:57:51 +02:00
struct stat st;
core: when encountering a symlink alias for non-aliasable units warn nicely If the user defines a symlink alias for a unit whose type does not support aliasing, detect this early and print a nice warning. Fixe: #2730
2016-04-29 17:37:33 +02:00
int r;
rework merging/loading logic
2010-04-06 02:43:58 +02:00
assert(u);
mount: implement mounting properly This also includes code that writes utmp/wtmp records when applicable, making use the mount infrastructure to detct when those files are accessible. Finally, this also introduces a --dump-configuration-items switch.
2010-04-10 17:53:17 +02:00
assert(path);
load-fragment: add missing .c/h files
2009-11-19 23:13:20 +01:00
hashmap: introduce hash_ops to make struct Hashmap smaller It is redundant to store 'hash' and 'compare' function pointers in struct Hashmap separately. The functions always comprise a pair. Store a single pointer to struct hash_ops instead. systemd keeps hundreds of hashmaps, so this saves a little bit of memory.
2014-08-13 01:00:18 +02:00
symlink_names = set_new(&string_hash_ops);
load-fragment: speed up parsing by using a perfect hash table with configuration settings built by gperf
2011-08-01 00:43:05 +02:00
if (!symlink_names)
s/name/unit
2010-01-26 21:39:06 +01:00
return -ENOMEM;
load-fragment: add missing .c/h files
2009-11-19 23:13:20 +01:00
config: implement search path logic
2010-02-13 01:07:02 +01:00
if (path_is_absolute(path)) {
load-fragment: a few modernizations
2012-07-03 16:09:36 +02:00
filename = strdup(path);
core: some more _cleanup_free_
2013-10-22 01:54:10 +02:00
if (!filename)
return -ENOMEM;
config: implement search path logic
2010-02-13 01:07:02 +01:00
load-fragment: a few modernizations
2012-07-03 16:09:36 +02:00
r = open_follow(&filename, &f, symlink_names, &id);
if (r < 0) {
tree-wide: introduce mfree() Pretty trivial helper which wraps free() but returns NULL, so we can simplify this: free(foobar); foobar = NULL; to this: foobar = mfree(foobar);
2015-07-31 19:56:38 +02:00
filename = mfree(filename);
config: implement search path logic
2010-02-13 01:07:02 +01:00
if (r != -ENOENT)
core: some more _cleanup_free_
2013-10-22 01:54:10 +02:00
return r;
config: implement search path logic
2010-02-13 01:07:02 +01:00
}
} else {
char **p;
core: rework generator dir logic, move the dirs into LookupPaths structure A long time ago – when generators where first introduced – the directories for them were randomly created via mkdtemp(). This was changed later so that they use fixed name directories now. Let's make use of this, and add the genrator dirs to the LookupPaths structure and into the unit file search path maintained in it. This has the benefit that the generator dirs are now normal part of the search path for all tools, and thus are shown in "systemctl list-unit-files" too.
2016-02-24 15:31:33 +01:00
STRV_FOREACH(p, u->manager->lookup_paths.search_path) {
config: implement search path logic
2010-02-13 01:07:02 +01:00
/* Instead of opening the path right away, we manually
* follow all symlinks and add their name to our unit
* name set while doing so */
load-fragment: a few modernizations
2012-07-03 16:09:36 +02:00
filename = path_make_absolute(path, *p);
core: some more _cleanup_free_
2013-10-22 01:54:10 +02:00
if (!filename)
return -ENOMEM;
config: implement search path logic
2010-02-13 01:07:02 +01:00
unit: remove union Unit Now that objects of all unit types are allocated the exact amount of memory they need, the Unit union has lost its purpose. Remove it. "Unit" is a more natural name for the base unit class than "Meta", so rename Meta to Unit. Access to members of the base class gets simplified.
2012-01-15 12:04:08 +01:00
if (u->manager->unit_path_cache &&
!set_get(u->manager->unit_path_cache, filename))
manager: introduce unit path cache to minimize disk accesses
2010-07-11 00:52:00 +02:00
r = -ENOENT;
else
r = open_follow(&filename, &f, symlink_names, &id);
core: when encountering a symlink alias for non-aliasable units warn nicely If the user defines a symlink alias for a unit whose type does not support aliasing, detect this early and print a nice warning. Fixe: #2730
2016-04-29 17:37:33 +02:00
if (r >= 0)
break;
filename = mfree(filename);
load-fragment: ignore ENOTDIR/EACCES errors (#3510) If for whatever reason the file system is "corrupted", we want to be resilient and ignore the error, as long as we can load the units from a different place. Arch bug https://bugs.archlinux.org/task/49547. A user had an ntfs symlink (essentially a file) instead of a directory after restoring from backup. We should just ignore that like we would treat a missing directory, for general resiliency. We should treat permission errors similarly. For example an unreadable /usr/local/lib directory would prevent (user) instances of systemd from loading any units. It seems better to continue.
2016-06-15 23:02:27 +02:00
/* ENOENT means that the file is missing or is a dangling symlink.
* ENOTDIR means that one of paths we expect to be is a directory
* is not a directory, we should just ignore that.
* EACCES means that the directory or file permissions are wrong.
*/
if (r == -EACCES)
log_debug_errno(r, "Cannot access \"%s\": %m", filename);
else if (!IN_SET(r, -ENOENT, -ENOTDIR))
core: when encountering a symlink alias for non-aliasable units warn nicely If the user defines a symlink alias for a unit whose type does not support aliasing, detect this early and print a nice warning. Fixe: #2730
2016-04-29 17:37:33 +02:00
return r;
manager: introduce unit path cache to minimize disk accesses
2010-07-11 00:52:00 +02:00
core: when encountering a symlink alias for non-aliasable units warn nicely If the user defines a symlink alias for a unit whose type does not support aliasing, detect this early and print a nice warning. Fixe: #2730
2016-04-29 17:37:33 +02:00
/* Empty the symlink names for the next run */
set_clear_free(symlink_names);
config: implement search path logic
2010-02-13 01:07:02 +01:00
}
}
first attempt at proper service/socket logic
2010-01-26 04:18:44 +01:00
core: some more _cleanup_free_
2013-10-22 01:54:10 +02:00
if (!filename)
unit: allow symlinking unit files to /dev/null
2010-07-21 03:13:15 +02:00
/* Hmm, no suitable file found? */
core: some more _cleanup_free_
2013-10-22 01:54:10 +02:00
return 0;
s/name/unit
2010-01-26 21:39:06 +01:00
Move no_alias information to shared/ This way it can be used in install.c in subsequent commit.
2016-04-30 22:21:41 +02:00
if (!unit_type_may_alias(u->type) && set_size(symlink_names) > 1) {
core: when encountering a symlink alias for non-aliasable units warn nicely If the user defines a symlink alias for a unit whose type does not support aliasing, detect this early and print a nice warning. Fixe: #2730
2016-04-29 17:37:33 +02:00
log_unit_warning(u, "Unit type of %s does not support alias names, refusing loading via symlink.", u->id);
return -ELOOP;
}
rework merging/loading logic
2010-04-06 02:43:58 +02:00
merged = u;
load-fragment: a few modernizations
2012-07-03 16:09:36 +02:00
r = merge_by_names(&merged, symlink_names, id);
if (r < 0)
core: some more _cleanup_free_
2013-10-22 01:54:10 +02:00
return r;
s/name/unit
2010-01-26 21:39:06 +01:00
rework merging/loading logic
2010-04-06 02:43:58 +02:00
if (merged != u) {
unit: remove union Unit Now that objects of all unit types are allocated the exact amount of memory they need, the Unit union has lost its purpose. Remove it. "Unit" is a more natural name for the base unit class than "Meta", so rename Meta to Unit. Access to members of the base class gets simplified.
2012-01-15 12:04:08 +01:00
u->load_state = UNIT_MERGED;
core: some more _cleanup_free_
2013-10-22 01:54:10 +02:00
return 0;
first attempt at proper service/socket logic
2010-01-26 04:18:44 +01:00
}
core: some more _cleanup_free_
2013-10-22 01:54:10 +02:00
if (fstat(fileno(f), &st) < 0)
return -errno;
systemctl: warn when operating on service files that changed on disk but haven't been reloaded
2010-07-17 00:57:51 +02:00
core: treat masked files as "unchanged" systemctl prints the "unit file changed on disk" warning for a masked unit. I think it's better to print nothing in that case. When a masked unit is loaded, set mtime as 0. When checking if a unit with mtime of 0 needs reload, check that the mask is still in place.
2016-03-31 06:22:33 +02:00
if (null_or_empty(&st)) {
unit: remove union Unit Now that objects of all unit types are allocated the exact amount of memory they need, the Unit union has lost its purpose. Remove it. "Unit" is a more natural name for the base unit class than "Meta", so rename Meta to Unit. Access to members of the base class gets simplified.
2012-01-15 12:04:08 +01:00
u->load_state = UNIT_MASKED;
core: treat masked files as "unchanged" systemctl prints the "unit file changed on disk" warning for a masked unit. I think it's better to print nothing in that case. When a masked unit is loaded, set mtime as 0. When checking if a unit with mtime of 0 needs reload, check that the mask is still in place.
2016-03-31 06:22:33 +02:00
u->fragment_mtime = 0;
} else {
core: add transient units Transient units can be created via the bus API. They are configured via the method call parameters rather than on-disk files. They are subject to normal GC. Transient units currently may only be created for services (however, we will extend this), and currently only ExecStart= and the cgroup parameters can be configured (also to be extended). Transient units require a unique name, that previously had no configuration file on disk. A tool systemd-run is added that makes use of this functionality to run arbitrary command lines as transient services: $ systemd-run /bin/ping www.heise.de Will cause systemd to create a new transient service and run ping in it.
2013-06-28 04:12:58 +02:00
u->load_state = UNIT_LOADED;
core: treat masked files as "unchanged" systemctl prints the "unit file changed on disk" warning for a masked unit. I think it's better to print nothing in that case. When a masked unit is loaded, set mtime as 0. When checking if a unit with mtime of 0 needs reload, check that the mask is still in place.
2016-03-31 06:22:33 +02:00
u->fragment_mtime = timespec_load(&st.st_mtim);
core: add transient units Transient units can be created via the bus API. They are configured via the method call parameters rather than on-disk files. They are subject to normal GC. Transient units currently may only be created for services (however, we will extend this), and currently only ExecStart= and the cgroup parameters can be configured (also to be extended). Transient units require a unique name, that previously had no configuration file on disk. A tool systemd-run is added that makes use of this functionality to run arbitrary command lines as transient services: $ systemd-run /bin/ping www.heise.de Will cause systemd to create a new transient service and run ping in it.
2013-06-28 04:12:58 +02:00
unit: introduce 'banned' load state for units symlinked to /dev/null
2010-10-08 02:31:36 +02:00
/* Now, parse the file contents */
Let config_parse open file where applicable Special care is needed so that we get an error message if the file failed to parse, but not when it is missing. To avoid duplicating the same error check in every caller, add an additional 'warn' boolean to tell config_parse whether a message should be issued. This makes things both shorter and more robust wrt. to error reporting.
2014-07-17 00:27:12 +02:00
r = config_parse(u->id, filename, f,
UNIT_VTABLE(u)->sections,
config_item_perf_lookup, load_fragment_gperf_lookup,
conf-parser: turn three bool function params into a flags fields This makes things more readable and fixes some issues with incorrect flag propagation between the various flavours of config_parse().
2017-11-09 00:26:11 +01:00
CONFIG_PARSE_ALLOW_INCLUDE, u);
load-fragment: speed up parsing by using a perfect hash table with configuration settings built by gperf
2011-08-01 00:43:05 +02:00
if (r < 0)
core: some more _cleanup_free_
2013-10-22 01:54:10 +02:00
return r;
unit: introduce 'banned' load state for units symlinked to /dev/null
2010-10-08 02:31:36 +02:00
}
add mount enumerator
2010-01-29 02:07:41 +01:00
tree-wide: use TAKE_PTR() and TAKE_FD() macros
2018-04-05 07:26:26 +02:00
free_and_replace(u->fragment_path, filename);
s/name/unit
2010-01-26 21:39:06 +01:00
units: remove service sysv_path variable and replace it by generic unit_path UnitPath= is also writable via native units and may be used by generators to clarify from which file a unit is generated. This patch also hooks up the cryptsetup and fstab generators to set UnitPath= accordingly.
2012-05-22 23:08:24 +02:00
if (u->source_path) {
if (stat(u->source_path, &st) >= 0)
u->source_mtime = timespec_load(&st.st_mtim);
else
u->source_mtime = 0;
}
core: some more _cleanup_free_
2013-10-22 01:54:10 +02:00
return 0;
implement drop-in directories
2010-01-27 00:15:56 +01:00
}
mount: implement mounting properly This also includes code that writes utmp/wtmp records when applicable, making use the mount infrastructure to detct when those files are accessible. Finally, this also introduces a --dump-configuration-items switch.
2010-04-10 17:53:17 +02:00
int unit_load_fragment(Unit *u) {
rework merging/loading logic
2010-04-06 02:43:58 +02:00
int r;
load: make sure that unit files in /etc/ always take precedence, even over link targets, to make them easily overrdiable
2010-07-21 03:28:10 +02:00
Iterator i;
const char *t;
implement drop-in directories
2010-01-27 00:15:56 +01:00
assert(u);
unit: remove union Unit Now that objects of all unit types are allocated the exact amount of memory they need, the Unit union has lost its purpose. Remove it. "Unit" is a more natural name for the base unit class than "Meta", so rename Meta to Unit. Access to members of the base class gets simplified.
2012-01-15 12:04:08 +01:00
assert(u->load_state == UNIT_STUB);
assert(u->id);
rework merging/loading logic
2010-04-06 02:43:58 +02:00
core: don't generate stub unit file for transient units We store the properties for transient units in drop-ins anyway, and units don't have to have fragment files, hence don't bother with them, and don't create them.
2015-08-28 16:05:32 +02:00
if (u->transient) {
u->load_state = UNIT_LOADED;
return 0;
}
load: make sure that unit files in /etc/ always take precedence, even over link targets, to make them easily overrdiable
2010-07-21 03:28:10 +02:00
/* First, try to find the unit under its id. We always look
* for unit files in the default directories, to make it easy
* to override things by placing things in /etc/systemd/system */
load-fragment: a few modernizations
2012-07-03 16:09:36 +02:00
r = load_from_path(u, u->id);
if (r < 0)
load: make sure that unit files in /etc/ always take precedence, even over link targets, to make them easily overrdiable
2010-07-21 03:28:10 +02:00
return r;
/* Try to find an alias we can load this with */
wrap a few *_FOREACH macros in curly braces cppcheck would give up with "syntax error" without them. This led to reports of syntax errors in unrelated locations and potentially hid other errors
2014-12-12 19:51:41 +01:00
if (u->load_state == UNIT_STUB) {
unit: remove union Unit Now that objects of all unit types are allocated the exact amount of memory they need, the Unit union has lost its purpose. Remove it. "Unit" is a more natural name for the base unit class than "Meta", so rename Meta to Unit. Access to members of the base class gets simplified.
2012-01-15 12:04:08 +01:00
SET_FOREACH(t, u->names, i) {
load: make sure that unit files in /etc/ always take precedence, even over link targets, to make them easily overrdiable
2010-07-21 03:28:10 +02:00
unit: remove union Unit Now that objects of all unit types are allocated the exact amount of memory they need, the Unit union has lost its purpose. Remove it. "Unit" is a more natural name for the base unit class than "Meta", so rename Meta to Unit. Access to members of the base class gets simplified.
2012-01-15 12:04:08 +01:00
if (t == u->id)
load: make sure that unit files in /etc/ always take precedence, even over link targets, to make them easily overrdiable
2010-07-21 03:28:10 +02:00
continue;
load-fragment: a few modernizations
2012-07-03 16:09:36 +02:00
r = load_from_path(u, t);
if (r < 0)
load: make sure that unit files in /etc/ always take precedence, even over link targets, to make them easily overrdiable
2010-07-21 03:28:10 +02:00
return r;
unit: remove union Unit Now that objects of all unit types are allocated the exact amount of memory they need, the Unit union has lost its purpose. Remove it. "Unit" is a more natural name for the base unit class than "Meta", so rename Meta to Unit. Access to members of the base class gets simplified.
2012-01-15 12:04:08 +01:00
if (u->load_state != UNIT_STUB)
load: make sure that unit files in /etc/ always take precedence, even over link targets, to make them easily overrdiable
2010-07-21 03:28:10 +02:00
break;
}
wrap a few *_FOREACH macros in curly braces cppcheck would give up with "syntax error" without them. This led to reports of syntax errors in unrelated locations and potentially hid other errors
2014-12-12 19:51:41 +01:00
}
rework merging/loading logic
2010-04-06 02:43:58 +02:00
load: make sure that unit files in /etc/ always take precedence, even over link targets, to make them easily overrdiable
2010-07-21 03:28:10 +02:00
/* And now, try looking for it under the suggested (originally linked) path */
unit: remove union Unit Now that objects of all unit types are allocated the exact amount of memory they need, the Unit union has lost its purpose. Remove it. "Unit" is a more natural name for the base unit class than "Meta", so rename Meta to Unit. Access to members of the base class gets simplified.
2012-01-15 12:04:08 +01:00
if (u->load_state == UNIT_STUB && u->fragment_path) {
load-fragment: reset fragment_path if we couldn't find a unit file for it
2010-09-27 20:31:23 +02:00
load-fragment: a few modernizations
2012-07-03 16:09:36 +02:00
r = load_from_path(u, u->fragment_path);
if (r < 0)
rework merging/loading logic
2010-04-06 02:43:58 +02:00
return r;
implement drop-in directories
2010-01-27 00:15:56 +01:00
tree-wide: drop {} from one-line if blocks Patch via coccinelle.
2015-09-08 23:03:38 +02:00
if (u->load_state == UNIT_STUB)
load-fragment: reset fragment_path if we couldn't find a unit file for it
2010-09-27 20:31:23 +02:00
/* Hmm, this didn't work? Then let's get rid
* of the fragment path stored for us, so that
* we don't point to an invalid location. */
tree-wide: use coccinelle to patch a lot of code to use mfree() This replaces this: free(p); p = NULL; by this: p = mfree(p); Change generated using coccinelle. Semantic patch is added to the sources.
2015-09-08 18:43:11 +02:00
u->fragment_path = mfree(u->fragment_path);
load-fragment: reset fragment_path if we couldn't find a unit file for it
2010-09-27 20:31:23 +02:00
}
load: make sure that unit files in /etc/ always take precedence, even over link targets, to make them easily overrdiable
2010-07-21 03:28:10 +02:00
/* Look for a template */
unit: remove union Unit Now that objects of all unit types are allocated the exact amount of memory they need, the Unit union has lost its purpose. Remove it. "Unit" is a more natural name for the base unit class than "Meta", so rename Meta to Unit. Access to members of the base class gets simplified.
2012-01-15 12:04:08 +01:00
if (u->load_state == UNIT_STUB && u->instance) {
core: rework unit name validation and manipulation logic A variety of changes: - Make sure all our calls distuingish OOM from other errors if OOM is not the only error possible. - Be much stricter when parsing escaped paths, do not accept trailing or leading escaped slashes. - Change unit validation to take a bit mask for allowing plain names, instance names or template names or an combination thereof. - Refuse manipulating invalid unit name
2015-04-30 20:21:00 +02:00
_cleanup_free_ char *k = NULL;
load: make sure that unit files in /etc/ always take precedence, even over link targets, to make them easily overrdiable
2010-07-21 03:28:10 +02:00
core: rework unit name validation and manipulation logic A variety of changes: - Make sure all our calls distuingish OOM from other errors if OOM is not the only error possible. - Be much stricter when parsing escaped paths, do not accept trailing or leading escaped slashes. - Change unit validation to take a bit mask for allowing plain names, instance names or template names or an combination thereof. - Refuse manipulating invalid unit name
2015-04-30 20:21:00 +02:00
r = unit_name_template(u->id, &k);
if (r < 0)
return r;
load: make sure that unit files in /etc/ always take precedence, even over link targets, to make them easily overrdiable
2010-07-21 03:28:10 +02:00
r = load_from_path(u, k);
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
if (r < 0) {
if (r == -ENOEXEC)
log_unit_notice(u, "Unit configuration has fatal error, unit will not be started.");
core: add minimal templating system
2010-04-15 03:11:11 +02:00
return r;
core/load-fragment: refuse units with errors in certain directives If an error is encountered in any of the Exec* lines, WorkingDirectory, SELinuxContext, ApparmorProfile, SmackProcessLabel, Service (in .socket units), User, or Group, refuse to load the unit. If the config stanza has support, ignore the failure if '-' is present. For those configuration directives, even if we started the unit, it's pretty likely that it'll do something unexpected (like write files in a wrong place, or with a wrong context, or run with wrong permissions, etc). It seems better to refuse to start the unit and have the admin clean up the configuration without giving the service a chance to mess up stuff. Note that all "security" options that restrict what the unit can do (Capabilities, AmbientCapabilities, Restrict*, SystemCallFilter, Limit*, PrivateDevices, Protect*, etc) are _not_ treated like this. Such options are only supplementary, and are not always available depending on the architecture and compilation options, so unit authors have to make sure that the service runs correctly without them anyway. Fixes #6237, #6277.
2017-07-06 19:28:19 +02:00
}
load-fragment: prefer unit id over alias names when looking for fragments
2010-02-14 01:08:20 +01:00
wrap a few *_FOREACH macros in curly braces cppcheck would give up with "syntax error" without them. This led to reports of syntax errors in unrelated locations and potentially hid other errors
2014-12-12 19:51:41 +01:00
if (u->load_state == UNIT_STUB) {
unit: remove union Unit Now that objects of all unit types are allocated the exact amount of memory they need, the Unit union has lost its purpose. Remove it. "Unit" is a more natural name for the base unit class than "Meta", so rename Meta to Unit. Access to members of the base class gets simplified.
2012-01-15 12:04:08 +01:00
SET_FOREACH(t, u->names, i) {
bus: when connecting to a container's kdbus instance, enter namespace first Previously we'd open the connection in the originating namespace, which meant most peers of the bus would not be able to make sense of the PID/UID/... identity of us since we didn't exist in the namespace they run in. However they require this identity for privilege decisions, hence disallowing access to anything from the host. Instead, when connecting to a container, create a temporary subprocess, make it join the container's namespace and then connect from there to the kdbus instance. This is similar to how we do it for socket conections already. THis also unifies the namespacing code used by machinectl and the bus APIs.
2013-12-13 22:02:47 +01:00
_cleanup_free_ char *z = NULL;
s/name/unit
2010-01-26 21:39:06 +01:00
unit: remove union Unit Now that objects of all unit types are allocated the exact amount of memory they need, the Unit union has lost its purpose. Remove it. "Unit" is a more natural name for the base unit class than "Meta", so rename Meta to Unit. Access to members of the base class gets simplified.
2012-01-15 12:04:08 +01:00
if (t == u->id)
rework merging/loading logic
2010-04-06 02:43:58 +02:00
continue;
implement proper logging for services
2010-01-28 02:06:20 +01:00
core: rework unit name validation and manipulation logic A variety of changes: - Make sure all our calls distuingish OOM from other errors if OOM is not the only error possible. - Be much stricter when parsing escaped paths, do not accept trailing or leading escaped slashes. - Change unit validation to take a bit mask for allowing plain names, instance names or template names or an combination thereof. - Refuse manipulating invalid unit name
2015-04-30 20:21:00 +02:00
r = unit_name_template(t, &z);
if (r < 0)
return r;
load: make sure that unit files in /etc/ always take precedence, even over link targets, to make them easily overrdiable
2010-07-21 03:28:10 +02:00
bus: when connecting to a container's kdbus instance, enter namespace first Previously we'd open the connection in the originating namespace, which meant most peers of the bus would not be able to make sense of the PID/UID/... identity of us since we didn't exist in the namespace they run in. However they require this identity for privilege decisions, hence disallowing access to anything from the host. Instead, when connecting to a container, create a temporary subprocess, make it join the container's namespace and then connect from there to the kdbus instance. This is similar to how we do it for socket conections already. THis also unifies the namespacing code used by machinectl and the bus APIs.
2013-12-13 22:02:47 +01:00
r = load_from_path(u, z);
load: make sure that unit files in /etc/ always take precedence, even over link targets, to make them easily overrdiable
2010-07-21 03:28:10 +02:00
if (r < 0)
rework merging/loading logic
2010-04-06 02:43:58 +02:00
return r;
load-fragment: prefer unit id over alias names when looking for fragments
2010-02-14 01:08:20 +01:00
unit: remove union Unit Now that objects of all unit types are allocated the exact amount of memory they need, the Unit union has lost its purpose. Remove it. "Unit" is a more natural name for the base unit class than "Meta", so rename Meta to Unit. Access to members of the base class gets simplified.
2012-01-15 12:04:08 +01:00
if (u->load_state != UNIT_STUB)
rework merging/loading logic
2010-04-06 02:43:58 +02:00
break;
}
wrap a few *_FOREACH macros in curly braces cppcheck would give up with "syntax error" without them. This led to reports of syntax errors in unrelated locations and potentially hid other errors
2014-12-12 19:51:41 +01:00
}
implement proper logging for services
2010-01-28 02:06:20 +01:00
}
rework merging/loading logic
2010-04-06 02:43:58 +02:00
return 0;
load-fragment: add missing .c/h files
2009-11-19 23:13:20 +01:00
}
mount: implement mounting properly This also includes code that writes utmp/wtmp records when applicable, making use the mount infrastructure to detct when those files are accessible. Finally, this also introduces a --dump-configuration-items switch.
2010-04-10 17:53:17 +02:00
void unit_dump_config_items(FILE *f) {
load-fragment: speed up parsing by using a perfect hash table with configuration settings built by gperf
2011-08-01 00:43:05 +02:00
static const struct {
const ConfigParserCallback callback;
const char *rvalue;
} table[] = {
core: rework syscall filter - Allow configuration of an errno error to return from blacklisted syscalls, instead of immediately terminating a process. - Fix parsing logic when libseccomp support is turned off - Only keep the actual syscall set in the ExecContext, and generate the string version only on demand.
2014-02-12 18:28:21 +01:00
{ config_parse_warn_compat, "NOTSUPPORTED" },
load-fragment: speed up parsing by using a perfect hash table with configuration settings built by gperf
2011-08-01 00:43:05 +02:00
{ config_parse_int, "INTEGER" },
{ config_parse_unsigned, "UNSIGNED" },
core: clean up some confusing regarding SI decimal and IEC binary suffixes for sizes According to Wikipedia it is customary to specify hardware metrics and transfer speeds to the basis 1000 (SI decimal), while software metrics and physical volatile memory (RAM) sizes to the basis 1024 (IEC binary). So far we specified everything in IEC, let's fix that and be more true to what's otherwise customary. Since we don't want to parse "Mi" instead of "M" we document each time what the context used is.
2014-02-23 03:13:54 +01:00
{ config_parse_iec_size, "SIZE" },
tree-wide: never use the off_t unless glibc makes us use it off_t is a really weird type as it is usually 64bit these days (at least in sane programs), but could theoretically be 32bit. We don't support off_t as 32bit builds though, but still constantly deal with safely converting from off_t to other types and back for no point. Hence, never use the type anymore. Always use uint64_t instead. This has various benefits, including that we can expose these values directly as D-Bus properties, and also that the values parse the same in all cases.
2015-09-10 18:16:18 +02:00
{ config_parse_iec_uint64, "SIZE" },
core: clean up some confusing regarding SI decimal and IEC binary suffixes for sizes According to Wikipedia it is customary to specify hardware metrics and transfer speeds to the basis 1000 (SI decimal), while software metrics and physical volatile memory (RAM) sizes to the basis 1024 (IEC binary). So far we specified everything in IEC, let's fix that and be more true to what's otherwise customary. Since we don't want to parse "Mi" instead of "M" we document each time what the context used is.
2014-02-23 03:13:54 +01:00
{ config_parse_si_size, "SIZE" },
load-fragment: speed up parsing by using a perfect hash table with configuration settings built by gperf
2011-08-01 00:43:05 +02:00
{ config_parse_bool, "BOOLEAN" },
{ config_parse_string, "STRING" },
{ config_parse_path, "PATH" },
{ config_parse_unit_path_printf, "PATH" },
{ config_parse_strv, "STRING [...]" },
{ config_parse_exec_nice, "NICE" },
{ config_parse_exec_oom_score_adjust, "OOMSCOREADJUST" },
{ config_parse_exec_io_class, "IOCLASS" },
{ config_parse_exec_io_priority, "IOPRIORITY" },
{ config_parse_exec_cpu_sched_policy, "CPUSCHEDPOLICY" },
{ config_parse_exec_cpu_sched_prio, "CPUSCHEDPRIO" },
{ config_parse_exec_cpu_affinity, "CPUAFFINITY" },
{ config_parse_mode, "MODE" },
{ config_parse_unit_env_file, "FILE" },
core/exec: add a named-descriptor option ("fd") for streams (#4179) This commit adds a `fd` option to `StandardInput=`, `StandardOutput=` and `StandardError=` properties in order to connect standard streams to externally named descriptors provided by some socket units. This option looks for a file descriptor named as the corresponding stream. Custom names can be specified, separated by a colon. If multiple name-matches exist, the first matching fd will be used.
2016-10-18 02:05:49 +02:00
{ config_parse_exec_output, "OUTPUT" },
{ config_parse_exec_input, "INPUT" },
conf-parse: rename config_parse_level() to config_parse_log_level() "level" is a bit too generic, let's clarify what kind of level we are referring to here.
2014-03-03 21:14:07 +01:00
{ config_parse_log_facility, "FACILITY" },
{ config_parse_log_level, "LEVEL" },
load-fragment: speed up parsing by using a perfect hash table with configuration settings built by gperf
2011-08-01 00:43:05 +02:00
{ config_parse_exec_secure_bits, "SECUREBITS" },
capabilities: keep bounding set in non-inverted format. Change the capability bounding set parser and logic so that the bounding set is kept as a positive set internally. This means that the set reflects those capabilities that we want to keep instead of drop.
2016-01-07 23:00:04 +01:00
{ config_parse_capability_set, "BOUNDINGSET" },
core: move config_parse_limit() to the generic conf-parser.[ch] That way we can use it in nspawn. Also, while we are at it, let's rename the call config_parse_rlimit(), i.e. insert the "r", to clarify what kind of limit this is about.
2018-05-03 19:01:21 +02:00
{ config_parse_rlimit, "LIMIT" },
load-fragment: speed up parsing by using a perfect hash table with configuration settings built by gperf
2011-08-01 00:43:05 +02:00
{ config_parse_unit_deps, "UNIT [...]" },
{ config_parse_exec, "PATH [ARGUMENT [...]]" },
{ config_parse_service_type, "SERVICETYPE" },
{ config_parse_service_restart, "SERVICERESTART" },
{ config_parse_kill_mode, "KILLMODE" },
nspawn: add new .nspawn files for container settings .nspawn fiels are simple settings files that may accompany container images and directories and contain settings otherwise passed on the nspawn command line. This provides an efficient way to attach execution data directly to containers.
2015-09-06 01:22:14 +02:00
{ config_parse_signal, "SIGNAL" },
load-fragment: speed up parsing by using a perfect hash table with configuration settings built by gperf
2011-08-01 00:43:05 +02:00
{ config_parse_socket_listen, "SOCKET [...]" },
{ config_parse_socket_bind, "SOCKETBIND" },
{ config_parse_socket_bindtodevice, "NETWORKINTERFACE" },
util: rename parse_usec() to parse_sec() sinds the default unit is seconds Internally we store all time values in usec_t, however parse_usec() actually was used mostly to parse values in seconds (unless explicit units were specified to define a different unit). Hence, be clear about this and name the function about what we pass into it, not what we get out of it.
2013-04-02 20:38:16 +02:00
{ config_parse_sec, "SECONDS" },
util: introduce a proper nsec_t and make use of it where appropriate
2012-05-31 04:27:03 +02:00
{ config_parse_nsec, "NANOSECONDS" },
conf-parser: config_parse_path_strv() is not generic, so let's move it into load-fragment.c The parse code actually checked for specific lvalue names, which is really wrong for supposedly generic parsers...
2014-03-03 21:40:55 +01:00
{ config_parse_namespace_path_strv, "PATH [...]" },
core: add ability to define arbitrary bind mounts for services This adds two new settings BindPaths= and BindReadOnlyPaths=. They allow defining arbitrary bind mounts specific to particular services. This is particularly useful for services with RootDirectory= set as this permits making specific bits of the host directory available to chrooted services. The two new settings follow the concepts nspawn already possess in --bind= and --bind-ro=, as well as the .nspawn settings Bind= and BindReadOnly= (and these latter options should probably be renamed to BindPaths= and BindReadOnlyPaths= too). Fixes: #3439
2016-11-23 22:21:40 +01:00
{ config_parse_bind_paths, "PATH[:PATH[:OPTIONS]] [...]" },
unit: add new dependency type RequiresMountsFor= RequiresMountsFor= is a shortcut for adding requires and after dependencies to all mount units neeed for the specified paths. This solves a couple of issues regarding dep loop cycles for encrypted swap.
2012-04-29 14:26:07 +02:00
{ config_parse_unit_requires_mounts_for, "PATH [...]" },
load-fragment: speed up parsing by using a perfect hash table with configuration settings built by gperf
2011-08-01 00:43:05 +02:00
{ config_parse_exec_mount_flags, "MOUNTFLAG [...]" },
{ config_parse_unit_string_printf, "STRING" },
unit: rework trigger dependency logic Instead of having explicit type-specific callbacks that inform the triggering unit when a triggered unit changes state, make this generic so that state changes are forwarded betwee any triggered and triggering unit. Also, get rid of UnitRef references from automount, timer, path units, to the units they trigger and rely exclsuively on UNIT_TRIGGER type dendencies.
2013-04-23 20:53:16 +02:00
{ config_parse_trigger_unit, "UNIT" },
load-fragment: speed up parsing by using a perfect hash table with configuration settings built by gperf
2011-08-01 00:43:05 +02:00
{ config_parse_timer, "TIMER" },
{ config_parse_path_spec, "PATH" },
{ config_parse_notify_access, "ACCESS" },
{ config_parse_ip_tos, "TOS" },
{ config_parse_unit_condition_path, "CONDITION" },
{ config_parse_unit_condition_string, "CONDITION" },
{ config_parse_unit_condition_null, "CONDITION" },
core: add new .slice unit type for partitioning systems In order to prepare for the kernel cgroup rework, let's introduce a new unit type to systemd, the "slice". Slices can be arranged in a tree and are useful to partition resources freely and hierarchally by the user. Each service unit can now be assigned to one of these slices, and later on login users and machines may too. Slices translate pretty directly to the cgroup hierarchy, and the various objects can be assigned to any of the slices in the tree.
2013-06-17 21:33:26 +02:00
{ config_parse_unit_slice, "SLICE" },
core: update configuration directive list "systemd --dump-configuration-items" shows
2013-07-19 18:45:11 +02:00
{ config_parse_documentation, "URL" },
{ config_parse_service_timeout, "SECONDS" },
failure-action: generalize failure action to emergency action
2016-10-20 15:27:37 +02:00
{ config_parse_emergency_action, "ACTION" },
core: update configuration directive list "systemd --dump-configuration-items" shows
2013-07-19 18:45:11 +02:00
{ config_parse_set_status, "STATUS" },
{ config_parse_service_sockets, "SOCKETS" },
{ config_parse_environ, "ENVIRON" },
build-sys: use #if Y instead of #ifdef Y everywhere The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
2017-10-03 10:41:51 +02:00
#if HAVE_SECCOMP
core: rework syscall filter - Allow configuration of an errno error to return from blacklisted syscalls, instead of immediately terminating a process. - Fix parsing logic when libseccomp support is turned off - Only keep the actual syscall set in the ExecContext, and generate the string version only on demand.
2014-02-12 18:28:21 +01:00
{ config_parse_syscall_filter, "SYSCALLS" },
core: warn when unit files with unsupported options are parsed
2014-02-17 17:49:09 +01:00
{ config_parse_syscall_archs, "ARCHS" },
core: rework syscall filter - Allow configuration of an errno error to return from blacklisted syscalls, instead of immediately terminating a process. - Fix parsing logic when libseccomp support is turned off - Only keep the actual syscall set in the ExecContext, and generate the string version only on demand.
2014-02-12 18:28:21 +01:00
{ config_parse_syscall_errno, "ERRNO" },
core: add new RestrictAddressFamilies= switch This new unit settings allows restricting which address families are available to processes. This is an effective way to minimize the attack surface of services, by turning off entire network stacks for them. This is based on seccomp, and does not work on x86-32, since seccomp cannot filter socketcall() syscalls on that platform.
2014-02-25 20:37:03 +01:00
{ config_parse_address_families, "FAMILIES" },
core: add new RestrictNamespaces= unit file setting This new setting permits restricting whether namespaces may be created and managed by processes started by a unit. It installs a seccomp filter blocking certain invocations of unshare(), clone() and setns(). RestrictNamespaces=no is the default, and does not restrict namespaces in any way. RestrictNamespaces=yes takes away the ability to create or manage any kind of namspace. "RestrictNamespaces=mnt ipc" restricts the creation of namespaces so that only mount and IPC namespaces may be created/managed, but no other kind of namespaces. This setting should be improve security quite a bit as in particular user namespacing was a major source of CVEs in the kernel in the past, and is accessible to unprivileged processes. With this setting the entire attack surface may be removed for system services that do not make use of namespaces.
2016-11-02 03:25:19 +01:00
{ config_parse_restrict_namespaces, "NAMESPACES" },
syscallfilter: port to libseccomp
2014-02-12 01:29:54 +01:00
#endif
core: update configuration directive list "systemd --dump-configuration-items" shows
2013-07-19 18:45:11 +02:00
{ config_parse_cpu_shares, "SHARES" },
load-fragment: use DEFINE_CONFIG_PARSE_*() macros
2018-05-29 05:57:06 +02:00
{ config_parse_cg_weight, "WEIGHT" },
core: update configuration directive list "systemd --dump-configuration-items" shows
2013-07-19 18:45:11 +02:00
{ config_parse_memory_limit, "LIMIT" },
{ config_parse_device_allow, "DEVICE" },
{ config_parse_device_policy, "POLICY" },
core: add io controller support on the unified hierarchy On the unified hierarchy, blkio controller is renamed to io and the interface is changed significantly. * blkio.weight and blkio.weight_device are consolidated into io.weight which uses the standardized weight range [1, 10000] with 100 as the default value. * blkio.throttle.{read|write}_{bps|iops}_device are consolidated into io.max. Expansion of throttling features is being worked on to support work-conserving absolute limits (io.low and io.high). * All stats are consolidated into io.stats. This patchset adds support for the new interface. As the interface has been revamped and new features are expected to be added, it seems best to treat it as a separate controller rather than trying to expand the blkio settings although we might add automatic translation if only blkio settings are specified. * io.weight handling is mostly identical to blkio.weight[_device] handling except that the weight range is different. * Both read and write bandwidth settings are consolidated into CGroupIODeviceLimit which describes all limits applicable to the device. This makes it less painful to add new limits. * "max" can be used to specify the maximum limit which is equivalent to no config for max limits and treated as such. If a given CGroupIODeviceLimit doesn't contain any non-default configs, the config struct is discarded once the no limit config is applied to cgroup. * lookup_blkio_device() is renamed to lookup_block_device(). Signed-off-by: Tejun Heo <htejun@fb.com>
2016-05-05 22:42:55 +02:00
{ config_parse_io_limit, "LIMIT" },
{ config_parse_io_device_weight, "DEVICEWEIGHT" },
core: add IODeviceLatencyTargetSec This adds support for the following proposed latency based IO control mechanism. https://lkml.org/lkml/2018/6/5/428
2018-06-13 23:16:35 +02:00
{ config_parse_io_device_latency, "DEVICELATENCY" },
core: update configuration directive list "systemd --dump-configuration-items" shows
2013-07-19 18:45:11 +02:00
{ config_parse_blockio_bandwidth, "BANDWIDTH" },
{ config_parse_blockio_weight, "WEIGHT" },
{ config_parse_blockio_device_weight, "DEVICEWEIGHT" },
{ config_parse_long, "LONG" },
{ config_parse_socket_service, "SERVICE" },
build-sys: use #if Y instead of #ifdef Y everywhere The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
2017-10-03 10:41:51 +02:00
#if HAVE_SELINUX
core: warn when unit files with unsupported options are parsed
2014-02-17 17:49:09 +01:00
{ config_parse_exec_selinux_context, "LABEL" },
#endif
{ config_parse_job_mode, "MODE" },
{ config_parse_job_mode_isolate, "BOOLEAN" },
core: add new RestrictAddressFamilies= switch This new unit settings allows restricting which address families are available to processes. This is an effective way to minimize the attack surface of services, by turning off entire network stacks for them. This is based on seccomp, and does not work on x86-32, since seccomp cannot filter socketcall() syscalls on that platform.
2014-02-25 20:37:03 +01:00
{ config_parse_personality, "PERSONALITY" },
load-fragment: speed up parsing by using a perfect hash table with configuration settings built by gperf
2011-08-01 00:43:05 +02:00
};
const char *prev = NULL;
const char *i;
assert(f);
mount: implement mounting properly This also includes code that writes utmp/wtmp records when applicable, making use the mount infrastructure to detct when those files are accessible. Finally, this also introduces a --dump-configuration-items switch.
2010-04-10 17:53:17 +02:00
load-fragment: speed up parsing by using a perfect hash table with configuration settings built by gperf
2011-08-01 00:43:05 +02:00
NULSTR_FOREACH(i, load_fragment_gperf_nulstr) {
const char *rvalue = "OTHER", *lvalue;
core: drop deprecated (and ignored) configuration items from --dump-configuration-items output
2018-05-28 21:47:12 +02:00
const ConfigPerfItem *p;
load-fragment: speed up parsing by using a perfect hash table with configuration settings built by gperf
2011-08-01 00:43:05 +02:00
size_t prefix_len;
const char *dot;
core: drop deprecated (and ignored) configuration items from --dump-configuration-items output
2018-05-28 21:47:12 +02:00
unsigned j;
load-fragment: speed up parsing by using a perfect hash table with configuration settings built by gperf
2011-08-01 00:43:05 +02:00
assert_se(p = load_fragment_gperf_lookup(i, strlen(i)));
core: drop deprecated (and ignored) configuration items from --dump-configuration-items output
2018-05-28 21:47:12 +02:00
/* Hide legacy settings */
if (p->parse == config_parse_warn_compat &&
p->ltype == DISABLED_LEGACY)
continue;
for (j = 0; j < ELEMENTSOF(table); j++)
if (p->parse == table[j].callback) {
rvalue = table[j].rvalue;
break;
}
load-fragment: speed up parsing by using a perfect hash table with configuration settings built by gperf
2011-08-01 00:43:05 +02:00
dot = strchr(i, '.');
lvalue = dot ? dot + 1 : i;
prefix_len = dot-i;
if (dot)
use strneq instead of strncmp
2013-02-12 21:47:36 +01:00
if (!prev || !strneq(prev, i, prefix_len+1)) {
load-fragment: speed up parsing by using a perfect hash table with configuration settings built by gperf
2011-08-01 00:43:05 +02:00
if (prev)
fputc('\n', f);
fprintf(f, "[%.*s]\n", (int) prefix_len, i);
}
fprintf(f, "%s=%s\n", lvalue, rvalue);
prev = i;
}
mount: implement mounting properly This also includes code that writes utmp/wtmp records when applicable, making use the mount infrastructure to detct when those files are accessible. Finally, this also introduces a --dump-configuration-items switch.
2010-04-10 17:53:17 +02:00
}