2012-07-18 19:07:51 +02:00
|
|
|
#pragma once
|
2010-01-23 01:52:57 +01:00
|
|
|
|
2010-02-03 13:03:47 +01:00
|
|
|
/***
|
|
|
|
This file is part of systemd.
|
|
|
|
|
|
|
|
Copyright 2010 Lennart Poettering
|
|
|
|
|
|
|
|
systemd is free software; you can redistribute it and/or modify it
|
2012-04-12 00:20:58 +02:00
|
|
|
under the terms of the GNU Lesser General Public License as published by
|
|
|
|
the Free Software Foundation; either version 2.1 of the License, or
|
2010-02-03 13:03:47 +01:00
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
systemd is distributed in the hope that it will be useful, but
|
|
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
2012-04-12 00:20:58 +02:00
|
|
|
Lesser General Public License for more details.
|
2010-02-03 13:03:47 +01:00
|
|
|
|
2012-04-12 00:20:58 +02:00
|
|
|
You should have received a copy of the GNU Lesser General Public License
|
2010-02-03 13:03:47 +01:00
|
|
|
along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
***/
|
|
|
|
|
2010-01-23 01:52:57 +01:00
|
|
|
typedef struct ExecStatus ExecStatus;
|
|
|
|
typedef struct ExecCommand ExecCommand;
|
|
|
|
typedef struct ExecContext ExecContext;
|
2013-11-27 20:23:18 +01:00
|
|
|
typedef struct ExecRuntime ExecRuntime;
|
2014-08-23 15:28:37 +02:00
|
|
|
typedef struct ExecParameters ExecParameters;
|
2010-01-23 01:52:57 +01:00
|
|
|
|
2015-11-18 22:46:33 +01:00
|
|
|
#include <sched.h>
|
2010-01-23 01:52:57 +01:00
|
|
|
#include <stdbool.h>
|
|
|
|
#include <stdio.h>
|
2015-11-18 22:46:33 +01:00
|
|
|
#include <sys/capability.h>
|
2010-01-23 01:52:57 +01:00
|
|
|
|
2016-07-02 04:58:14 +02:00
|
|
|
#include "cgroup-util.h"
|
2013-11-27 20:23:18 +01:00
|
|
|
#include "fdset.h"
|
2015-11-18 22:46:33 +01:00
|
|
|
#include "list.h"
|
2014-03-05 02:29:58 +01:00
|
|
|
#include "missing.h"
|
2014-06-03 23:41:44 +02:00
|
|
|
#include "namespace.h"
|
2016-11-02 03:25:19 +01:00
|
|
|
#include "nsflags.h"
|
2010-01-23 01:52:57 +01:00
|
|
|
|
2015-08-23 13:14:04 +02:00
|
|
|
typedef enum ExecUtmpMode {
|
|
|
|
EXEC_UTMP_INIT,
|
|
|
|
EXEC_UTMP_LOGIN,
|
|
|
|
EXEC_UTMP_USER,
|
|
|
|
_EXEC_UTMP_MODE_MAX,
|
2015-08-25 21:07:41 +02:00
|
|
|
_EXEC_UTMP_MODE_INVALID = -1
|
2015-08-23 13:14:04 +02:00
|
|
|
} ExecUtmpMode;
|
|
|
|
|
2010-04-13 02:06:27 +02:00
|
|
|
typedef enum ExecInput {
|
|
|
|
EXEC_INPUT_NULL,
|
|
|
|
EXEC_INPUT_TTY,
|
|
|
|
EXEC_INPUT_TTY_FORCE,
|
|
|
|
EXEC_INPUT_TTY_FAIL,
|
2010-04-15 06:19:54 +02:00
|
|
|
EXEC_INPUT_SOCKET,
|
2016-10-18 02:05:49 +02:00
|
|
|
EXEC_INPUT_NAMED_FD,
|
2010-04-13 02:06:27 +02:00
|
|
|
_EXEC_INPUT_MAX,
|
|
|
|
_EXEC_INPUT_INVALID = -1
|
|
|
|
} ExecInput;
|
|
|
|
|
2010-01-28 02:06:20 +01:00
|
|
|
typedef enum ExecOutput {
|
2010-04-13 02:06:27 +02:00
|
|
|
EXEC_OUTPUT_INHERIT,
|
2010-01-30 01:55:42 +01:00
|
|
|
EXEC_OUTPUT_NULL,
|
2010-04-13 02:06:27 +02:00
|
|
|
EXEC_OUTPUT_TTY,
|
2010-01-30 01:55:42 +01:00
|
|
|
EXEC_OUTPUT_SYSLOG,
|
2011-02-15 01:27:53 +01:00
|
|
|
EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
|
2010-05-19 21:49:03 +02:00
|
|
|
EXEC_OUTPUT_KMSG,
|
2011-02-15 01:27:53 +01:00
|
|
|
EXEC_OUTPUT_KMSG_AND_CONSOLE,
|
2012-01-05 23:54:45 +01:00
|
|
|
EXEC_OUTPUT_JOURNAL,
|
|
|
|
EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
|
2010-04-15 06:19:54 +02:00
|
|
|
EXEC_OUTPUT_SOCKET,
|
2016-10-18 02:05:49 +02:00
|
|
|
EXEC_OUTPUT_NAMED_FD,
|
2010-01-30 01:55:42 +01:00
|
|
|
_EXEC_OUTPUT_MAX,
|
|
|
|
_EXEC_OUTPUT_INVALID = -1
|
2010-01-28 02:06:20 +01:00
|
|
|
} ExecOutput;
|
|
|
|
|
2010-01-23 01:52:57 +01:00
|
|
|
struct ExecStatus {
|
2010-07-01 00:26:44 +02:00
|
|
|
dual_timestamp start_timestamp;
|
|
|
|
dual_timestamp exit_timestamp;
|
2010-04-21 04:01:24 +02:00
|
|
|
pid_t pid;
|
2010-01-24 00:39:29 +01:00
|
|
|
int code; /* as in siginfo_t::si_code */
|
|
|
|
int status; /* as in sigingo_t::si_status */
|
2010-01-23 01:52:57 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
struct ExecCommand {
|
|
|
|
char *path;
|
|
|
|
char **argv;
|
2010-01-26 04:18:44 +01:00
|
|
|
ExecStatus exec_status;
|
|
|
|
LIST_FIELDS(ExecCommand, command); /* useful for chaining commands */
|
core/execute: add the magic character '!' to allow privileged execution (#3493)
This patch implements the new magic character '!'. By putting '!' in front
of a command, systemd executes it with full privileges ignoring paramters
such as User, Group, SupplementaryGroups, CapabilityBoundingSet,
AmbientCapabilities, SecureBits, SystemCallFilter, SELinuxContext,
AppArmorProfile, SmackProcessLabel, and RestrictAddressFamilies.
Fixes partially https://github.com/systemd/systemd/issues/3414
Related to https://github.com/coreos/rkt/issues/2482
Testing:
1. Create a user 'bob'
2. Create the unit file /etc/systemd/system/exec-perm.service
(You can use the example below)
3. sudo systemctl start ext-perm.service
4. Verify that the commands starting with '!' were not executed as bob,
4.1 Looking to the output of ls -l /tmp/exec-perm
4.2 Each file contains the result of the id command.
`````````````````````````````````````````````````````````````````
[Unit]
Description=ext-perm
[Service]
Type=oneshot
TimeoutStartSec=0
User=bob
ExecStartPre=!/usr/bin/sh -c "/usr/bin/rm /tmp/exec-perm*" ;
/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-start-pre"
ExecStart=/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-start" ;
!/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-star-2"
ExecStartPost=/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-start-post"
ExecReload=/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-reload"
ExecStop=!/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-stop"
ExecStopPost=/usr/bin/sh -c "/usr/bin/id > /tmp/exec-perm-stop-post"
[Install]
WantedBy=multi-user.target]
`````````````````````````````````````````````````````````````````
2016-06-10 18:19:54 +02:00
|
|
|
bool ignore:1;
|
|
|
|
bool privileged:1;
|
2010-01-23 01:52:57 +01:00
|
|
|
};
|
|
|
|
|
2013-11-27 20:23:18 +01:00
|
|
|
struct ExecRuntime {
|
|
|
|
int n_ref;
|
|
|
|
|
|
|
|
char *tmp_dir;
|
|
|
|
char *var_tmp_dir;
|
|
|
|
|
2016-07-14 12:37:28 +02:00
|
|
|
/* An AF_UNIX socket pair, that contains a datagram containing a file descriptor referring to the network
|
|
|
|
* namespace. */
|
2013-11-27 20:23:18 +01:00
|
|
|
int netns_storage_socket[2];
|
|
|
|
};
|
|
|
|
|
2010-01-23 01:52:57 +01:00
|
|
|
struct ExecContext {
|
|
|
|
char **environment;
|
2011-03-04 03:44:43 +01:00
|
|
|
char **environment_files;
|
2015-09-07 08:06:53 +02:00
|
|
|
char **pass_environment;
|
2011-03-04 03:44:43 +01:00
|
|
|
|
2014-03-05 02:29:58 +01:00
|
|
|
struct rlimit *rlimit[_RLIMIT_MAX];
|
2010-01-29 20:46:22 +01:00
|
|
|
char *working_directory, *root_directory;
|
2015-02-12 12:21:16 +01:00
|
|
|
bool working_directory_missing_ok;
|
2015-09-23 19:46:23 +02:00
|
|
|
bool working_directory_home;
|
2010-04-21 04:01:24 +02:00
|
|
|
|
|
|
|
mode_t umask;
|
2010-08-31 01:33:39 +02:00
|
|
|
int oom_score_adjust;
|
2010-01-23 01:52:57 +01:00
|
|
|
int nice;
|
2010-01-29 20:46:22 +01:00
|
|
|
int ioprio;
|
2010-01-30 01:55:42 +01:00
|
|
|
int cpu_sched_policy;
|
|
|
|
int cpu_sched_priority;
|
2010-04-21 04:01:24 +02:00
|
|
|
|
2010-07-04 16:44:58 +02:00
|
|
|
cpu_set_t *cpuset;
|
|
|
|
unsigned cpuset_ncpus;
|
2010-01-28 02:53:56 +01:00
|
|
|
|
2010-04-13 02:06:27 +02:00
|
|
|
ExecInput std_input;
|
|
|
|
ExecOutput std_output;
|
|
|
|
ExecOutput std_error;
|
2016-10-18 02:05:49 +02:00
|
|
|
char *stdio_fdname[3];
|
2010-04-13 02:06:27 +02:00
|
|
|
|
2012-05-31 04:27:03 +02:00
|
|
|
nsec_t timer_slack_nsec;
|
2010-01-28 02:06:20 +01:00
|
|
|
|
2016-01-28 16:25:39 +01:00
|
|
|
bool stdio_as_fds;
|
|
|
|
|
2010-04-21 04:01:24 +02:00
|
|
|
char *tty_path;
|
2010-01-23 01:52:57 +01:00
|
|
|
|
2011-05-18 01:07:31 +02:00
|
|
|
bool tty_reset;
|
|
|
|
bool tty_vhangup;
|
|
|
|
bool tty_vt_disallocate;
|
|
|
|
|
2012-02-09 03:18:04 +01:00
|
|
|
bool ignore_sigpipe;
|
|
|
|
|
2016-07-10 14:48:23 +02:00
|
|
|
/* Since resolving these names might involve socket
|
2010-01-23 01:52:57 +01:00
|
|
|
* connections and we don't want to deadlock ourselves these
|
2010-01-30 01:55:42 +01:00
|
|
|
* names are resolved on execution only and in the child
|
|
|
|
* process. */
|
2010-01-23 01:52:57 +01:00
|
|
|
char *user;
|
|
|
|
char *group;
|
|
|
|
char **supplementary_groups;
|
2010-04-21 04:01:24 +02:00
|
|
|
|
2010-06-16 21:54:17 +02:00
|
|
|
char *pam_name;
|
|
|
|
|
2010-10-08 16:06:23 +02:00
|
|
|
char *utmp_id;
|
2015-08-23 13:14:04 +02:00
|
|
|
ExecUtmpMode utmp_mode;
|
2010-10-08 16:06:23 +02:00
|
|
|
|
2014-02-17 16:52:52 +01:00
|
|
|
bool selinux_context_ignore;
|
2014-02-06 10:05:16 +01:00
|
|
|
char *selinux_context;
|
|
|
|
|
2014-02-20 16:19:44 +01:00
|
|
|
bool apparmor_profile_ignore;
|
|
|
|
char *apparmor_profile;
|
|
|
|
|
2014-11-24 12:46:20 +01:00
|
|
|
bool smack_process_label_ignore;
|
|
|
|
char *smack_process_label;
|
|
|
|
|
2016-07-07 11:17:00 +02:00
|
|
|
char **read_write_paths, **read_only_paths, **inaccessible_paths;
|
2010-04-21 22:15:06 +02:00
|
|
|
unsigned long mount_flags;
|
|
|
|
|
2016-01-07 23:00:04 +01:00
|
|
|
uint64_t capability_bounding_set;
|
2015-12-31 13:54:44 +01:00
|
|
|
uint64_t capability_ambient_set;
|
2010-04-21 04:01:24 +02:00
|
|
|
int secure_bits;
|
|
|
|
|
2010-08-11 22:37:10 +02:00
|
|
|
int syslog_priority;
|
|
|
|
char *syslog_identifier;
|
|
|
|
bool syslog_level_prefix;
|
|
|
|
|
2010-04-21 04:01:24 +02:00
|
|
|
bool cpu_sched_reset_on_fork;
|
|
|
|
bool non_blocking;
|
2010-04-21 22:15:06 +02:00
|
|
|
bool private_tmp;
|
2011-08-02 05:24:58 +02:00
|
|
|
bool private_network;
|
2014-01-20 19:54:51 +01:00
|
|
|
bool private_devices;
|
2016-08-03 18:44:51 +02:00
|
|
|
bool private_users;
|
2014-06-04 18:07:55 +02:00
|
|
|
ProtectSystem protect_system;
|
|
|
|
ProtectHome protect_home;
|
2016-08-22 18:43:59 +02:00
|
|
|
bool protect_kernel_tunables;
|
2016-10-12 13:31:21 +02:00
|
|
|
bool protect_kernel_modules;
|
2016-08-22 18:43:59 +02:00
|
|
|
bool protect_control_groups;
|
2010-04-21 04:01:24 +02:00
|
|
|
|
2012-07-17 04:17:53 +02:00
|
|
|
bool no_new_privileges;
|
|
|
|
|
2016-07-14 12:37:28 +02:00
|
|
|
bool dynamic_user;
|
2016-08-01 19:24:40 +02:00
|
|
|
bool remove_ipc;
|
2016-07-14 12:37:28 +02:00
|
|
|
|
2010-04-21 04:01:24 +02:00
|
|
|
/* This is not exposed to the user but available
|
|
|
|
* internally. We need it to make sure that whenever we spawn
|
2015-05-13 15:43:04 +02:00
|
|
|
* /usr/bin/mount it is run in the same process group as us so
|
2010-04-21 04:01:24 +02:00
|
|
|
* that the autofs logic detects that it belongs to us and we
|
|
|
|
* don't enter a trigger loop. */
|
2010-07-05 01:08:13 +02:00
|
|
|
bool same_pgrp;
|
2010-07-10 04:49:37 +02:00
|
|
|
|
2014-02-19 02:15:24 +01:00
|
|
|
unsigned long personality;
|
|
|
|
|
2016-11-02 03:25:19 +01:00
|
|
|
unsigned long restrict_namespaces; /* The CLONE_NEWxyz flags permitted to the unit's processes */
|
|
|
|
|
2014-02-12 18:28:21 +01:00
|
|
|
Set *syscall_filter;
|
2014-02-13 00:24:00 +01:00
|
|
|
Set *syscall_archs;
|
2014-02-12 18:28:21 +01:00
|
|
|
int syscall_errno;
|
|
|
|
bool syscall_whitelist:1;
|
2012-07-17 04:17:53 +02:00
|
|
|
|
2014-02-25 20:37:03 +01:00
|
|
|
Set *address_families;
|
|
|
|
bool address_families_whitelist:1;
|
|
|
|
|
2014-03-03 17:14:07 +01:00
|
|
|
char **runtime_directory;
|
|
|
|
mode_t runtime_directory_mode;
|
|
|
|
|
2016-06-23 01:45:45 +02:00
|
|
|
bool memory_deny_write_execute;
|
|
|
|
bool restrict_realtime;
|
|
|
|
|
2010-08-31 01:33:39 +02:00
|
|
|
bool oom_score_adjust_set:1;
|
2010-08-11 22:37:10 +02:00
|
|
|
bool nice_set:1;
|
|
|
|
bool ioprio_set:1;
|
|
|
|
bool cpu_sched_set:1;
|
2014-03-05 04:41:01 +01:00
|
|
|
bool no_new_privileges_set:1;
|
2010-01-23 01:52:57 +01:00
|
|
|
};
|
|
|
|
|
2016-11-02 03:25:19 +01:00
|
|
|
static inline bool exec_context_restrict_namespaces_set(const ExecContext *c) {
|
|
|
|
assert(c);
|
|
|
|
|
|
|
|
return (c->restrict_namespaces & NAMESPACE_FLAGS_ALL) != NAMESPACE_FLAGS_ALL;
|
|
|
|
}
|
|
|
|
|
2016-07-26 17:40:35 +02:00
|
|
|
typedef enum ExecFlags {
|
|
|
|
EXEC_CONFIRM_SPAWN = 1U << 0,
|
|
|
|
EXEC_APPLY_PERMISSIONS = 1U << 1,
|
|
|
|
EXEC_APPLY_CHROOT = 1U << 2,
|
|
|
|
EXEC_APPLY_TTY_STDIN = 1U << 3,
|
|
|
|
|
2016-07-26 17:53:07 +02:00
|
|
|
/* The following are not used by execute.c, but by consumers internally */
|
2016-07-26 17:40:35 +02:00
|
|
|
EXEC_PASS_FDS = 1U << 4,
|
|
|
|
EXEC_IS_CONTROL = 1U << 5,
|
2016-07-27 11:51:11 +02:00
|
|
|
EXEC_SETENV_RESULT = 1U << 6,
|
2016-08-04 22:11:29 +02:00
|
|
|
EXEC_SET_WATCHDOG = 1U << 7,
|
2016-07-26 17:40:35 +02:00
|
|
|
} ExecFlags;
|
|
|
|
|
2014-08-23 15:28:37 +02:00
|
|
|
struct ExecParameters {
|
|
|
|
char **argv;
|
2015-10-07 23:07:39 +02:00
|
|
|
char **environment;
|
2015-10-04 17:36:19 +02:00
|
|
|
|
|
|
|
int *fds;
|
|
|
|
char **fd_names;
|
|
|
|
unsigned n_fds;
|
|
|
|
|
2016-07-26 17:40:35 +02:00
|
|
|
ExecFlags flags;
|
2015-10-07 23:07:39 +02:00
|
|
|
bool selinux_context_net:1;
|
2015-10-04 17:36:19 +02:00
|
|
|
|
2015-10-07 23:07:39 +02:00
|
|
|
bool cgroup_delegate:1;
|
core: unified cgroup hierarchy support
This patch set adds full support the new unified cgroup hierarchy logic
of modern kernels.
A new kernel command line option "systemd.unified_cgroup_hierarchy=1" is
added. If specified the unified hierarchy is mounted to /sys/fs/cgroup
instead of a tmpfs. No further hierarchies are mounted. The kernel
command line option defaults to off. We can turn it on by default as
soon as the kernel's APIs regarding this are stabilized (but even then
downstream distros might want to turn this off, as this will break any
tools that access cgroupfs directly).
It is possibly to choose for each boot individually whether the unified
or the legacy hierarchy is used. nspawn will by default provide the
legacy hierarchy to containers if the host is using it, and the unified
otherwise. However it is possible to run containers with the unified
hierarchy on a legacy host and vice versa, by setting the
$UNIFIED_CGROUP_HIERARCHY environment variable for nspawn to 1 or 0,
respectively.
The unified hierarchy provides reliable cgroup empty notifications for
the first time, via inotify. To make use of this we maintain one
manager-wide inotify fd, and each cgroup to it.
This patch also removes cg_delete() which is unused now.
On kernel 4.2 only the "memory" controller is compatible with the
unified hierarchy, hence that's the only controller systemd exposes when
booted in unified heirarchy mode.
This introduces a new enum for enumerating supported controllers, plus a
related enum for the mask bits mapping to it. The core is changed to
make use of this everywhere.
This moves PID 1 into a new "init.scope" implicit scope unit in the root
slice. This is necessary since on the unified hierarchy cgroups may
either contain subgroups or processes but not both. PID 1 hence has to
move out of the root cgroup (strictly speaking the root cgroup is the
only one where processes and subgroups are still allowed, but in order
to support containers nicey, we move PID 1 into the new scope in all
cases.) This new unit is also used on legacy hierarchy setups. It's
actually pretty useful on all systems, as it can then be used to filter
journal messages coming from PID 1, and so on.
The root slice ("-.slice") is now implicitly created and started (and
does not require a unit file on disk anymore), since
that's where "init.scope" is located and the slice needs to be started
before the scope can.
To check whether we are in unified or legacy hierarchy mode we use
statfs() on /sys/fs/cgroup. If the .f_type field reports tmpfs we are in
legacy mode, if it reports cgroupfs we are in unified mode.
This patch set carefuly makes sure that cgls and cgtop continue to work
as desired.
When invoking nspawn as a service it will implicitly create two
subcgroups in the cgroup it is using, one to move the nspawn process
into, the other to move the actual container processes into. This is
done because of the requirement that cgroups may either contain
processes or other subgroups.
2015-09-01 19:22:36 +02:00
|
|
|
CGroupMask cgroup_supported;
|
2014-08-23 15:28:37 +02:00
|
|
|
const char *cgroup_path;
|
2015-10-04 17:36:19 +02:00
|
|
|
|
2014-08-23 15:28:37 +02:00
|
|
|
const char *runtime_prefix;
|
2015-10-04 17:36:19 +02:00
|
|
|
|
2014-08-23 15:28:37 +02:00
|
|
|
usec_t watchdog_usec;
|
2015-10-04 17:36:19 +02:00
|
|
|
|
2014-08-23 15:28:37 +02:00
|
|
|
int *idle_pipe;
|
2015-10-04 17:36:19 +02:00
|
|
|
|
2015-10-07 23:07:39 +02:00
|
|
|
int stdin_fd;
|
|
|
|
int stdout_fd;
|
|
|
|
int stderr_fd;
|
2014-08-23 15:28:37 +02:00
|
|
|
};
|
|
|
|
|
2016-07-02 04:58:14 +02:00
|
|
|
#include "unit.h"
|
2016-07-14 12:37:28 +02:00
|
|
|
#include "dynamic-user.h"
|
2016-07-02 04:58:14 +02:00
|
|
|
|
core,network: major per-object logging rework
This changes log_unit_info() (and friends) to take a real Unit* object
insted of just a unit name as parameter. The call will now prefix all
logged messages with the unit name, thus allowing the unit name to be
dropped from the various passed romat strings, simplifying invocations
drastically, and unifying log output across messages. Also, UNIT= vs.
USER_UNIT= is now derived from the Manager object attached to the Unit
object, instead of getpid(). This has the benefit of correcting the
field for --test runs.
Also contains a couple of other logging improvements:
- Drops a couple of strerror() invocations in favour of using %m.
- Not only .mount units now warn if a symlinks exist for the mount
point already, .automount units do that too, now.
- A few invocations of log_struct() that didn't actually pass any
additional structured data have been replaced by simpler invocations
of log_unit_info() and friends.
- For structured data a new LOG_UNIT_MESSAGE() macro has been added,
that works like LOG_MESSAGE() but prefixes the message with the unit
name. Similar, there's now LOG_LINK_MESSAGE() and
LOG_NETDEV_MESSAGE().
- For structured data new LOG_UNIT_ID(), LOG_LINK_INTERFACE(),
LOG_NETDEV_INTERFACE() macros have been added that generate the
necessary per object fields. The old log_unit_struct() call has been
removed in favour of these new macros used in raw log_struct()
invocations. In addition to removing one more function call this
allows generated structured log messages that contain two object
fields, as necessary for example for network interfaces that are
joined into another network interface, and whose messages shall be
indexed by both.
- The LOG_ERRNO() macro has been removed, in favour of
log_struct_errno(). The latter has the benefit of ensuring that %m in
format strings is properly resolved to the specified error number.
- A number of logging messages have been converted to use
log_unit_info() instead of log_info()
- The client code in sysv-generator no longer #includes core code from
src/core/.
- log_unit_full_errno() has been removed, log_unit_full() instead takes
an errno now, too.
- log_unit_info(), log_link_info(), log_netdev_info() and friends, now
avoid double evaluation of their parameters
2015-05-11 20:38:21 +02:00
|
|
|
int exec_spawn(Unit *unit,
|
|
|
|
ExecCommand *command,
|
2014-08-23 15:28:37 +02:00
|
|
|
const ExecContext *context,
|
|
|
|
const ExecParameters *exec_params,
|
2013-11-27 20:23:18 +01:00
|
|
|
ExecRuntime *runtime,
|
2016-07-14 12:37:28 +02:00
|
|
|
DynamicCreds *dynamic_creds,
|
2010-02-14 22:43:08 +01:00
|
|
|
pid_t *ret);
|
2010-01-23 01:52:57 +01:00
|
|
|
|
2010-04-10 17:47:07 +02:00
|
|
|
void exec_command_done(ExecCommand *c);
|
|
|
|
void exec_command_done_array(ExecCommand *c, unsigned n);
|
|
|
|
|
2014-12-18 18:29:24 +01:00
|
|
|
ExecCommand* exec_command_free_list(ExecCommand *c);
|
2010-01-26 04:18:44 +01:00
|
|
|
void exec_command_free_array(ExecCommand **c, unsigned n);
|
2010-01-23 01:52:57 +01:00
|
|
|
|
2010-04-15 03:11:11 +02:00
|
|
|
char *exec_command_line(char **argv);
|
|
|
|
|
2010-01-26 07:02:51 +01:00
|
|
|
void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix);
|
|
|
|
void exec_command_dump_list(ExecCommand *c, FILE *f, const char *prefix);
|
2010-02-14 01:05:55 +01:00
|
|
|
void exec_command_append_list(ExecCommand **l, ExecCommand *e);
|
2010-04-10 17:46:41 +02:00
|
|
|
int exec_command_set(ExecCommand *c, const char *path, ...);
|
2014-09-24 14:29:05 +02:00
|
|
|
int exec_command_append(ExecCommand *c, const char *path, ...);
|
2010-01-26 07:02:51 +01:00
|
|
|
|
2010-01-26 04:18:44 +01:00
|
|
|
void exec_context_init(ExecContext *c);
|
2013-11-27 20:23:18 +01:00
|
|
|
void exec_context_done(ExecContext *c);
|
2010-01-23 01:52:57 +01:00
|
|
|
void exec_context_dump(ExecContext *c, FILE* f, const char *prefix);
|
|
|
|
|
2014-03-03 17:14:07 +01:00
|
|
|
int exec_context_destroy_runtime_directory(ExecContext *c, const char *runtime_root);
|
|
|
|
|
core,network: major per-object logging rework
This changes log_unit_info() (and friends) to take a real Unit* object
insted of just a unit name as parameter. The call will now prefix all
logged messages with the unit name, thus allowing the unit name to be
dropped from the various passed romat strings, simplifying invocations
drastically, and unifying log output across messages. Also, UNIT= vs.
USER_UNIT= is now derived from the Manager object attached to the Unit
object, instead of getpid(). This has the benefit of correcting the
field for --test runs.
Also contains a couple of other logging improvements:
- Drops a couple of strerror() invocations in favour of using %m.
- Not only .mount units now warn if a symlinks exist for the mount
point already, .automount units do that too, now.
- A few invocations of log_struct() that didn't actually pass any
additional structured data have been replaced by simpler invocations
of log_unit_info() and friends.
- For structured data a new LOG_UNIT_MESSAGE() macro has been added,
that works like LOG_MESSAGE() but prefixes the message with the unit
name. Similar, there's now LOG_LINK_MESSAGE() and
LOG_NETDEV_MESSAGE().
- For structured data new LOG_UNIT_ID(), LOG_LINK_INTERFACE(),
LOG_NETDEV_INTERFACE() macros have been added that generate the
necessary per object fields. The old log_unit_struct() call has been
removed in favour of these new macros used in raw log_struct()
invocations. In addition to removing one more function call this
allows generated structured log messages that contain two object
fields, as necessary for example for network interfaces that are
joined into another network interface, and whose messages shall be
indexed by both.
- The LOG_ERRNO() macro has been removed, in favour of
log_struct_errno(). The latter has the benefit of ensuring that %m in
format strings is properly resolved to the specified error number.
- A number of logging messages have been converted to use
log_unit_info() instead of log_info()
- The client code in sysv-generator no longer #includes core code from
src/core/.
- log_unit_full_errno() has been removed, log_unit_full() instead takes
an errno now, too.
- log_unit_info(), log_link_info(), log_netdev_info() and friends, now
avoid double evaluation of their parameters
2015-05-11 20:38:21 +02:00
|
|
|
int exec_context_load_environment(Unit *unit, const ExecContext *c, char ***l);
|
2016-10-18 02:05:49 +02:00
|
|
|
int exec_context_named_iofds(Unit *unit, const ExecContext *c, const ExecParameters *p, int named_iofds[3]);
|
|
|
|
const char* exec_context_fdname(const ExecContext *c, int fd_index);
|
2011-03-04 03:44:43 +01:00
|
|
|
|
2013-02-28 01:36:55 +01:00
|
|
|
bool exec_context_may_touch_console(ExecContext *c);
|
2014-11-05 17:57:23 +01:00
|
|
|
bool exec_context_maintains_privileges(ExecContext *c);
|
2013-02-28 01:36:55 +01:00
|
|
|
|
2010-07-04 18:49:58 +02:00
|
|
|
void exec_status_start(ExecStatus *s, pid_t pid);
|
2011-05-18 01:07:31 +02:00
|
|
|
void exec_status_exit(ExecStatus *s, ExecContext *context, pid_t pid, int code, int status);
|
2010-04-10 05:03:14 +02:00
|
|
|
void exec_status_dump(ExecStatus *s, FILE *f, const char *prefix);
|
2010-01-23 01:52:57 +01:00
|
|
|
|
2013-11-27 20:23:18 +01:00
|
|
|
int exec_runtime_make(ExecRuntime **rt, ExecContext *c, const char *id);
|
|
|
|
ExecRuntime *exec_runtime_ref(ExecRuntime *r);
|
|
|
|
ExecRuntime *exec_runtime_unref(ExecRuntime *r);
|
|
|
|
|
core,network: major per-object logging rework
This changes log_unit_info() (and friends) to take a real Unit* object
insted of just a unit name as parameter. The call will now prefix all
logged messages with the unit name, thus allowing the unit name to be
dropped from the various passed romat strings, simplifying invocations
drastically, and unifying log output across messages. Also, UNIT= vs.
USER_UNIT= is now derived from the Manager object attached to the Unit
object, instead of getpid(). This has the benefit of correcting the
field for --test runs.
Also contains a couple of other logging improvements:
- Drops a couple of strerror() invocations in favour of using %m.
- Not only .mount units now warn if a symlinks exist for the mount
point already, .automount units do that too, now.
- A few invocations of log_struct() that didn't actually pass any
additional structured data have been replaced by simpler invocations
of log_unit_info() and friends.
- For structured data a new LOG_UNIT_MESSAGE() macro has been added,
that works like LOG_MESSAGE() but prefixes the message with the unit
name. Similar, there's now LOG_LINK_MESSAGE() and
LOG_NETDEV_MESSAGE().
- For structured data new LOG_UNIT_ID(), LOG_LINK_INTERFACE(),
LOG_NETDEV_INTERFACE() macros have been added that generate the
necessary per object fields. The old log_unit_struct() call has been
removed in favour of these new macros used in raw log_struct()
invocations. In addition to removing one more function call this
allows generated structured log messages that contain two object
fields, as necessary for example for network interfaces that are
joined into another network interface, and whose messages shall be
indexed by both.
- The LOG_ERRNO() macro has been removed, in favour of
log_struct_errno(). The latter has the benefit of ensuring that %m in
format strings is properly resolved to the specified error number.
- A number of logging messages have been converted to use
log_unit_info() instead of log_info()
- The client code in sysv-generator no longer #includes core code from
src/core/.
- log_unit_full_errno() has been removed, log_unit_full() instead takes
an errno now, too.
- log_unit_info(), log_link_info(), log_netdev_info() and friends, now
avoid double evaluation of their parameters
2015-05-11 20:38:21 +02:00
|
|
|
int exec_runtime_serialize(Unit *unit, ExecRuntime *rt, FILE *f, FDSet *fds);
|
|
|
|
int exec_runtime_deserialize_item(Unit *unit, ExecRuntime **rt, const char *key, const char *value, FDSet *fds);
|
2013-11-27 20:23:18 +01:00
|
|
|
|
|
|
|
void exec_runtime_destroy(ExecRuntime *rt);
|
|
|
|
|
2013-05-03 04:51:50 +02:00
|
|
|
const char* exec_output_to_string(ExecOutput i) _const_;
|
|
|
|
ExecOutput exec_output_from_string(const char *s) _pure_;
|
2010-01-30 01:55:42 +01:00
|
|
|
|
2013-05-03 04:51:50 +02:00
|
|
|
const char* exec_input_to_string(ExecInput i) _const_;
|
|
|
|
ExecInput exec_input_from_string(const char *s) _pure_;
|
2015-08-23 13:14:04 +02:00
|
|
|
|
|
|
|
const char* exec_utmp_mode_to_string(ExecUtmpMode i) _const_;
|
|
|
|
ExecUtmpMode exec_utmp_mode_from_string(const char *s) _pure_;
|