1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

8bdbb8d9cbe1d35708385573d70984ab4533812dLennart Poettering#include <errno.h>

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include <fcntl.h>

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include <unistd.h>

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include <string.h>

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include <signal.h>

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include <sys/socket.h>

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include <sys/un.h>

04d39279245834494baccfdb9349db8bf80abd13Lennart Poettering#include <sys/prctl.h>

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering#include <sys/stat.h>

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering#include <grp.h>

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering#include <poll.h>

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering#include <glob.h>

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering#include <utmpx.h>

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include <sys/personality.h>

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#ifdef HAVE_PAM

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include <security/pam_appl.h>

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#endif

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen#ifdef HAVE_SELINUX

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen#include <selinux/selinux.h>

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#endif

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering#ifdef HAVE_SECCOMP

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include <seccomp.h>

9d12709626bccc0cae677a7035f62efe6aabb4abLennart Poettering#endif

04d39279245834494baccfdb9349db8bf80abd13Lennart Poettering

023fb90b83871a15ef7f57e8cd126e3426f99b9eLennart Poettering#ifdef HAVE_APPARMOR

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering#include <sys/apparmor.h>

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering#endif

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering#include "sd-messages.h"

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include "rm-rf.h"

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include "strv.h"

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include "macro.h"

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include "capability.h"

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include "util.h"

e56056e93d33619a3acf13e483900b4f8938228fThomas Hindoe Paaboel Andersen#include "log.h"

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include "ioprio.h"

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include "securebits.h"

d21ed1ead18d16d35c30299a69d3366847f8a039Lennart Poettering#include "namespace.h"

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include "exit-status.h"

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering#include "missing.h"

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering#include "utmp-wtmp.h"

d8f52ed25a9edce75fda5251c977b7898e33887eLennart Poettering#include "def.h"

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include "path-util.h"

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include "env-util.h"

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include "fileio.h"

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include "unit.h"

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include "async.h"

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include "selinux-util.h"

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include "errno-list.h"

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include "af-list.h"

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include "mkdir.h"

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include "smack-util.h"

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering#include "bus-endpoint.h"

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering#include "cap-list.h"

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen#include "formats-util.h"

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen#include "process-util.h"

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen#include "terminal-util.h"

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering#include "signal-util.h"

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#ifdef HAVE_APPARMOR

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include "apparmor-util.h"

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering#endif

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#ifdef HAVE_SECCOMP

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include "seccomp-util.h"

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen#endif

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen#include "execute.h"

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen#define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen#define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC)

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen#define TTY_MODE 0620

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen#define SNDBUF_SIZE (8*1024*1024)

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poetteringstatic int shift_fds(int fds[], unsigned n_fds) {

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering int start, restart_from;

e56056e93d33619a3acf13e483900b4f8938228fThomas Hindoe Paaboel Andersen

e56056e93d33619a3acf13e483900b4f8938228fThomas Hindoe Paaboel Andersen if (n_fds <= 0)

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering return 0;

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen /* Modifies the fds array! (sorts it) */

5b30bef856e89a571df57b7b953e9a1409d9acedLennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering assert(fds);

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering start = 0;

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering for (;;) {

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering int i;

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen restart_from = -1;

5b30bef856e89a571df57b7b953e9a1409d9acedLennart Poettering

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen for (i = start; i < (int) n_fds; i++) {

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen int nfd;

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen

5b30bef856e89a571df57b7b953e9a1409d9acedLennart Poettering /* Already at right index? */

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering if (fds[i] == i+3)

e56056e93d33619a3acf13e483900b4f8938228fThomas Hindoe Paaboel Andersen continue;

e56056e93d33619a3acf13e483900b4f8938228fThomas Hindoe Paaboel Andersen

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering nfd = fcntl(fds[i], F_DUPFD, i + 3);

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering if (nfd < 0)

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering return -errno;

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering safe_close(fds[i]);

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering fds[i] = nfd;

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering /* Hmm, the fd we wanted isn't free? Then

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering if (nfd != i+3 && restart_from < 0)

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering restart_from = i;

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering }

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering if (restart_from < 0)

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering break;

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering start = restart_from;

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering }

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering return 0;

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering}

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poetteringstatic int flags_fds(const int fds[], unsigned n_fds, bool nonblock) {

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering unsigned i;

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering int r;

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering if (n_fds <= 0)

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering return 0;

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering assert(fds);

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering /* Drops/Sets O_NONBLOCK and FD_CLOEXEC from the file flags */

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering for (i = 0; i < n_fds; i++) {

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering r = fd_nonblock(fds[i], nonblock);

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering if (r < 0)

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering return r;

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering /* We unconditionally drop FD_CLOEXEC from the fds,

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering r = fd_cloexec(fds[i], false);

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering if (r < 0)

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering return r;

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering }

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering return 0;

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering}

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering_pure_ static const char *tty_path(const ExecContext *context) {

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering assert(context);

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering if (context->tty_path)

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering return context->tty_path;

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering return "/dev/console";

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering}

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poetteringstatic void exec_context_tty_reset(const ExecContext *context) {

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering assert(context);

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering if (context->tty_vhangup)

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering terminal_vhangup(tty_path(context));

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering if (context->tty_reset)

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering reset_terminal(tty_path(context));

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering if (context->tty_vt_disallocate && context->tty_path)

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering vt_disallocate(context->tty_path);

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering}

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poetteringstatic bool is_terminal_output(ExecOutput o) {

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering return

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering o == EXEC_OUTPUT_TTY ||

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering o == EXEC_OUTPUT_SYSLOG_AND_CONSOLE ||

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering o == EXEC_OUTPUT_KMSG_AND_CONSOLE ||

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering o == EXEC_OUTPUT_JOURNAL_AND_CONSOLE;

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering}

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poetteringstatic int open_null_as(int flags, int nfd) {

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering int fd, r;

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering assert(nfd >= 0);

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering fd = open("/dev/null", flags|O_NOCTTY);

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering if (fd < 0)

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering return -errno;

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering if (fd != nfd) {

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering r = dup2(fd, nfd) < 0 ? -errno : nfd;

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering safe_close(fd);

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering } else

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering r = nfd;

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering return r;

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering}

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poetteringstatic int connect_journal_socket(int fd, uid_t uid, gid_t gid) {

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering union sockaddr_union sa = {

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering .un.sun_family = AF_UNIX,

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering .un.sun_path = "/run/systemd/journal/stdout",

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering };

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering uid_t olduid = UID_INVALID;

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering gid_t oldgid = GID_INVALID;

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering int r;

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering if (gid != GID_INVALID) {

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering oldgid = getgid();

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering r = setegid(gid);

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering if (r < 0)

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering return -errno;

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering }

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering if (uid != UID_INVALID) {

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering olduid = getuid();

10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering r = seteuid(uid);

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering if (r < 0) {

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering r = -errno;

8937e7b68940d0fa0d0aab90eb7425fa7dccebc9Lennart Poettering goto restore_gid;

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering }

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering }

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering r = connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path));

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering if (r < 0)

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering r = -errno;

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering /* If we fail to restore the uid or gid, things will likely

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering

cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering if (uid != UID_INVALID)

89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering (void) seteuid(olduid);

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen restore_gid:

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering if (gid != GID_INVALID)

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering (void) setegid(oldgid);

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering return r;

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering}

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poetteringstatic int connect_logger_as(const ExecContext *context, ExecOutput output, const char *ident, const char *unit_id, int nfd, uid_t uid, gid_t gid) {

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering int fd, r;

d21ed1ead18d16d35c30299a69d3366847f8a039Lennart Poettering

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering assert(context);

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering assert(output < _EXEC_OUTPUT_MAX);

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering assert(ident);

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering assert(nfd >= 0);

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering fd = socket(AF_UNIX, SOCK_STREAM, 0);

a7893c6b28772edbc7e1fea3c209caa54d465648Lennart Poettering if (fd < 0)

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering return -errno;

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering r = connect_journal_socket(fd, uid, gid);

89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering if (r < 0)

a7893c6b28772edbc7e1fea3c209caa54d465648Lennart Poettering return r;

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen if (shutdown(fd, SHUT_RD) < 0) {

a7893c6b28772edbc7e1fea3c209caa54d465648Lennart Poettering safe_close(fd);

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering return -errno;

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen }

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering fd_inc_sndbuf(fd, SNDBUF_SIZE);

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering

a7893c6b28772edbc7e1fea3c209caa54d465648Lennart Poettering dprintf(fd,

5b30bef856e89a571df57b7b953e9a1409d9acedLennart Poettering "%s\n"

5b30bef856e89a571df57b7b953e9a1409d9acedLennart Poettering "%s\n"

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering "%i\n"

9d12709626bccc0cae677a7035f62efe6aabb4abLennart Poettering "%i\n"

9d12709626bccc0cae677a7035f62efe6aabb4abLennart Poettering "%i\n"

9d12709626bccc0cae677a7035f62efe6aabb4abLennart Poettering "%i\n"

9d12709626bccc0cae677a7035f62efe6aabb4abLennart Poettering "%i\n",

9d12709626bccc0cae677a7035f62efe6aabb4abLennart Poettering context->syslog_identifier ? context->syslog_identifier : ident,

9d12709626bccc0cae677a7035f62efe6aabb4abLennart Poettering unit_id,

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering context->syslog_priority,

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering !!context->syslog_level_prefix,

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering output == EXEC_OUTPUT_SYSLOG || output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE,

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering output == EXEC_OUTPUT_KMSG || output == EXEC_OUTPUT_KMSG_AND_CONSOLE,

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering is_terminal_output(output));

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering if (fd != nfd) {

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering r = dup2(fd, nfd) < 0 ? -errno : nfd;

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering safe_close(fd);

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering } else

9d12709626bccc0cae677a7035f62efe6aabb4abLennart Poettering r = nfd;

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering return r;

aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering}

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poetteringstatic int open_terminal_as(const char *path, mode_t mode, int nfd) {

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering int fd, r;

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering assert(path);

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering assert(nfd >= 0);

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering fd = open_terminal(path, mode | O_NOCTTY);

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering if (fd < 0)

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering return fd;

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering if (fd != nfd) {

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering r = dup2(fd, nfd) < 0 ? -errno : nfd;

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering safe_close(fd);

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering } else

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering r = nfd;

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering return r;

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering}

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poetteringstatic bool is_terminal_input(ExecInput i) {

0dd25fb9f005d8ab7ac4bc10a609d00569f8c56aLennart Poettering return

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering i == EXEC_INPUT_TTY ||

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering i == EXEC_INPUT_TTY_FORCE ||

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering i == EXEC_INPUT_TTY_FAIL;

0dd25fb9f005d8ab7ac4bc10a609d00569f8c56aLennart Poettering}

0dd25fb9f005d8ab7ac4bc10a609d00569f8c56aLennart Poettering

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poetteringstatic int fixup_input(ExecInput std_input, int socket_fd, bool apply_tty_stdin) {

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering if (is_terminal_input(std_input) && !apply_tty_stdin)

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering return EXEC_INPUT_NULL;

0dd25fb9f005d8ab7ac4bc10a609d00569f8c56aLennart Poettering

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering if (std_input == EXEC_INPUT_SOCKET && socket_fd < 0)

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering return EXEC_INPUT_NULL;

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering return std_input;

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering}

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poetteringstatic int fixup_output(ExecOutput std_output, int socket_fd) {

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering if (std_output == EXEC_OUTPUT_SOCKET && socket_fd < 0)

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering return EXEC_OUTPUT_INHERIT;

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering return std_output;

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering}

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poetteringstatic int setup_input(const ExecContext *context, int socket_fd, bool apply_tty_stdin) {

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering ExecInput i;

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering assert(context);

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering i = fixup_input(context->std_input, socket_fd, apply_tty_stdin);

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering switch (i) {

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering case EXEC_INPUT_NULL:

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering return open_null_as(O_RDONLY, STDIN_FILENO);

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering case EXEC_INPUT_TTY:

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering case EXEC_INPUT_TTY_FORCE:

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering case EXEC_INPUT_TTY_FAIL: {

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering int fd, r;

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering fd = acquire_terminal(tty_path(context),

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering i == EXEC_INPUT_TTY_FAIL,

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering i == EXEC_INPUT_TTY_FORCE,

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering false,

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering USEC_INFINITY);

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering if (fd < 0)

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering return fd;

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering if (fd != STDIN_FILENO) {

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering r = dup2(fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering safe_close(fd);

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering } else

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering r = STDIN_FILENO;

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering return r;

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering }

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering case EXEC_INPUT_SOCKET:

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering return dup2(socket_fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering default:

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering assert_not_reached("Unknown input type");

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering }

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering}

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poetteringstatic int setup_output(Unit *unit, const ExecContext *context, int fileno, int socket_fd, const char *ident, bool apply_tty_stdin, uid_t uid, gid_t gid) {

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering ExecOutput o;

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering ExecInput i;

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering int r;

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering assert(unit);

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering assert(context);

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering assert(ident);

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering i = fixup_input(context->std_input, socket_fd, apply_tty_stdin);

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering o = fixup_output(context->std_output, socket_fd);

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering if (fileno == STDERR_FILENO) {

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering ExecOutput e;

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering e = fixup_output(context->std_error, socket_fd);

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering /* This expects the input and output are already set up */

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering /* Don't change the stderr file descriptor if we inherit all

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers if (e == EXEC_OUTPUT_INHERIT &&

89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering o == EXEC_OUTPUT_INHERIT &&

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers i == EXEC_INPUT_NULL &&

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering !is_terminal_input(context->std_input) &&

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering getppid () != 1)

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering return fileno;

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering /* Duplicate from stdout if possible */

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering if (e == o || e == EXEC_OUTPUT_INHERIT)

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen return dup2(STDOUT_FILENO, fileno) < 0 ? -errno : fileno;

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering o = e;

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering } else if (o == EXEC_OUTPUT_INHERIT) {

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering /* If input got downgraded, inherit the original value */

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering if (i == EXEC_INPUT_NULL && is_terminal_input(context->std_input))

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering return open_terminal_as(tty_path(context), O_WRONLY, fileno);

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering /* If the input is connected to anything that's not a /dev/null, inherit that... */

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering if (i != EXEC_INPUT_NULL)

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering return dup2(STDIN_FILENO, fileno) < 0 ? -errno : fileno;

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering /* If we are not started from PID 1 we just inherit STDOUT from our parent process. */

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering if (getppid() != 1)

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering return fileno;

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering /* We need to open /dev/null here anew, to get the right access mode. */

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering return open_null_as(O_WRONLY, fileno);

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering }

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering switch (o) {

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering case EXEC_OUTPUT_NULL:

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering return open_null_as(O_WRONLY, fileno);

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering case EXEC_OUTPUT_TTY:

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering if (is_terminal_input(i))

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering return dup2(STDIN_FILENO, fileno) < 0 ? -errno : fileno;

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering /* We don't reset the terminal if this is just about output */

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering return open_terminal_as(tty_path(context), O_WRONLY, fileno);

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering case EXEC_OUTPUT_SYSLOG:

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering case EXEC_OUTPUT_SYSLOG_AND_CONSOLE:

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering case EXEC_OUTPUT_KMSG:

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering case EXEC_OUTPUT_KMSG_AND_CONSOLE:

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering case EXEC_OUTPUT_JOURNAL:

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering case EXEC_OUTPUT_JOURNAL_AND_CONSOLE:

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering r = connect_logger_as(context, o, ident, unit->id, fileno, uid, gid);

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering if (r < 0) {

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering log_unit_error_errno(unit, r, "Failed to connect %s to the journal socket, ignoring: %m", fileno == STDOUT_FILENO ? "stdout" : "stderr");

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering r = open_null_as(O_WRONLY, fileno);

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering }

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering return r;

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering case EXEC_OUTPUT_SOCKET:

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering assert(socket_fd >= 0);

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering return dup2(socket_fd, fileno) < 0 ? -errno : fileno;

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering default:

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering assert_not_reached("Unknown error type");

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering }

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering}

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poetteringstatic int chown_terminal(int fd, uid_t uid) {

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering struct stat st;

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering assert(fd >= 0);

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering /* This might fail. What matters are the results. */

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering (void) fchown(fd, uid, -1);

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering (void) fchmod(fd, TTY_MODE);

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering if (fstat(fd, &st) < 0)

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering return -errno;

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering if (st.st_uid != uid || (st.st_mode & 0777) != TTY_MODE)

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering return -EPERM;

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering return 0;

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering}

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poetteringstatic int setup_confirm_stdio(int *_saved_stdin,

878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering int *_saved_stdout) {

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering int fd = -1, saved_stdin, saved_stdout = -1, r;

717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering

89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering assert(_saved_stdin);

89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering assert(_saved_stdout);

89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering saved_stdin = fcntl(STDIN_FILENO, F_DUPFD, 3);

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering if (saved_stdin < 0)

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering return -errno;

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering saved_stdout = fcntl(STDOUT_FILENO, F_DUPFD, 3);

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering if (saved_stdout < 0) {

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering r = errno;

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering goto fail;

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering }

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering fd = acquire_terminal(

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering "/dev/console",

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering false,

e7e9b6bb0b0bc5b1eb256a44f8afec6b634f26efZbigniew Jędrzejewski-Szmek false,

e7e9b6bb0b0bc5b1eb256a44f8afec6b634f26efZbigniew Jędrzejewski-Szmek false,

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering DEFAULT_CONFIRM_USEC);

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering if (fd < 0) {

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering r = fd;

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering goto fail;

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering }

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering r = chown_terminal(fd, getuid());

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering if (r < 0)

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering goto fail;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

a6c616024db23fef34152c1432892824a07799ccLennart Poettering if (dup2(fd, STDIN_FILENO) < 0) {

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers r = -errno;

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering goto fail;

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering }

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering if (dup2(fd, STDOUT_FILENO) < 0) {

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering r = -errno;

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering goto fail;

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering }

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering if (fd >= 2)

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers safe_close(fd);

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers

a6c616024db23fef34152c1432892824a07799ccLennart Poettering *_saved_stdin = saved_stdin;

a6c616024db23fef34152c1432892824a07799ccLennart Poettering *_saved_stdout = saved_stdout;

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen return 0;

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering

56159e0d918e9a9be07988133bb2847779325de0Lennart Poetteringfail:

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering safe_close(saved_stdout);

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering safe_close(saved_stdin);

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering safe_close(fd);

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers return r;

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers}

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers_printf_(1, 2) static int write_confirm_message(const char *format, ...) {

f647962d64e844689f3e2acfce6102fc47e76df2Michal Schmidt _cleanup_close_ int fd = -1;

f647962d64e844689f3e2acfce6102fc47e76df2Michal Schmidt va_list ap;

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering assert(format);

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering if (fd < 0)

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers return fd;

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers va_start(ap, format);

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers vdprintf(fd, format, ap);

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers va_end(ap);

89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers return 0;

f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering}

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sieversstatic int restore_confirm_stdio(int *saved_stdin,

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers int *saved_stdout) {

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering int r = 0;

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering assert(saved_stdin);

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering assert(saved_stdout);

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering release_terminal();

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers if (*saved_stdin >= 0)

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers if (dup2(*saved_stdin, STDIN_FILENO) < 0)

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering r = -errno;

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen if (*saved_stdout >= 0)

27e72d6b22890ba4a8cbc05c49667cd1cccf1461Simon Peeters if (dup2(*saved_stdout, STDOUT_FILENO) < 0)

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen r = -errno;

da927ba997d68401563b927f92e6e40e021a8e5cMichal Schmidt

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering safe_close(*saved_stdin);

a7893c6b28772edbc7e1fea3c209caa54d465648Lennart Poettering safe_close(*saved_stdout);

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering return r;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering}

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersenstatic int ask_for_confirmation(char *response, char **argv) {

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering int saved_stdout = -1, saved_stdin = -1, r;

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers _cleanup_free_ char *line = NULL;

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering r = setup_confirm_stdio(&saved_stdin, &saved_stdout);

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering if (r < 0)

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering return r;

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering line = exec_command_line(argv);

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering if (!line)

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering return -ENOMEM;

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering r = ask_char(response, "yns", "Execute %s? [Yes, No, Skip] ", line);

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers restore_confirm_stdio(&saved_stdin, &saved_stdout);

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering return r;

8c841f21f5042b11acc91cc1b039cb162cbbe8f4Djalal Harouni}

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poetteringstatic int enforce_groups(const ExecContext *context, const char *username, gid_t gid) {

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering bool keep_groups = false;

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering int r;

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering assert(context);

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen /* Lookup and set GID and supplementary group list. Here too

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen if (context->group || username) {

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen if (context->group) {

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen const char *g = context->group;

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen r = get_group_creds(&g, &gid);

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen if (r < 0)

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen return r;

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen }

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen /* First step, initialize groups from /etc/groups */

5b30bef856e89a571df57b7b953e9a1409d9acedLennart Poettering if (username && gid != 0) {

5b30bef856e89a571df57b7b953e9a1409d9acedLennart Poettering if (initgroups(username, gid) < 0)

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering return -errno;

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering keep_groups = true;

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers }

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering /* Second step, set our gids */

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering if (setresgid(gid, gid, gid) < 0)

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering return -errno;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering }

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering if (context->supplementary_groups) {

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering int ngroups_max, k;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering gid_t *gids;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering char **i;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering /* Final step, initialize any manually set supplementary groups */

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering assert_se((ngroups_max = (int) sysconf(_SC_NGROUPS_MAX)) > 0);

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering if (!(gids = new(gid_t, ngroups_max)))

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering return -ENOMEM;

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering if (keep_groups) {

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering k = getgroups(ngroups_max, gids);

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering if (k < 0) {

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering free(gids);

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering return -errno;

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering }

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering } else

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering k = 0;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering STRV_FOREACH(i, context->supplementary_groups) {

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering const char *g;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering if (k >= ngroups_max) {

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering free(gids);

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering return -E2BIG;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering }

9a14fb6285bdb089d4fc195410de3362cb4f586fThomas Hindoe Paaboel Andersen

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering g = *i;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering r = get_group_creds(&g, gids+k);

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering if (r < 0) {

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering free(gids);

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering return r;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering }

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering k++;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering }

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering if (setgroups(k, gids) < 0) {

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering free(gids);

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering return -errno;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering }

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering free(gids);

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering }

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering return 0;

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering}

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poetteringstatic int enforce_user(const ExecContext *context, uid_t uid) {

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering assert(context);

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering /* Sets (but doesn't lookup) the uid and make sure we keep the

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering if (context->capabilities) {

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering _cleanup_cap_free_ cap_t d = NULL;

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering static const cap_value_t bits[] = {

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering CAP_SETUID, /* Necessary so that we can run setresuid() below */

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering CAP_SETPCAP /* Necessary so that we can set PR_SET_SECUREBITS later on */

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering };

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering /* First step: If we need to keep capabilities but

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering if (uid != 0) {

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering int sb = context->secure_bits | 1<<SECURE_KEEP_CAPS;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering if (prctl(PR_GET_SECUREBITS) != sb)

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering if (prctl(PR_SET_SECUREBITS, sb) < 0)

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering return -errno;

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering }

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering /* Second step: set the capabilities. This will reduce

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering d = cap_dup(context->capabilities);

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering if (!d)

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering return -errno;

b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering if (cap_set_flag(d, CAP_EFFECTIVE, ELEMENTSOF(bits), bits, CAP_SET) < 0 ||

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering cap_set_flag(d, CAP_PERMITTED, ELEMENTSOF(bits), bits, CAP_SET) < 0)

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering return -errno;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering if (cap_set_proc(d) < 0)

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering return -errno;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering }

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering /* Third step: actually set the uids */

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering if (setresuid(uid, uid, uid) < 0)

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering return -errno;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering /* At this point we should have all necessary capabilities but

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering return 0;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering}

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering#ifdef HAVE_PAM

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poetteringstatic int null_conv(

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering int num_msg,

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering const struct pam_message **msg,

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering struct pam_response **resp,

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering void *appdata_ptr) {

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering /* We don't support conversations */

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering return PAM_CONV_ERR;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering}

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poetteringstatic int setup_pam(

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering const char *name,

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering const char *user,

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering uid_t uid,

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering const char *tty,

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering char ***pam_env,

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering int fds[], unsigned n_fds) {

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering static const struct pam_conv conv = {

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering .conv = null_conv,

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering .appdata_ptr = NULL

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering };

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering pam_handle_t *handle = NULL;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering sigset_t old_ss;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering int pam_code = PAM_SUCCESS;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering int err;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering char **e = NULL;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering bool close_session = false;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering pid_t pam_pid = 0, parent_pid;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering int flags = 0;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering assert(name);

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering assert(user);

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering assert(pam_env);

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering /* We set up PAM in the parent process, then fork. The child

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering if (log_get_max_level() < LOG_DEBUG)

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering flags |= PAM_SILENT;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering pam_code = pam_start(name, user, &conv, &handle);

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering if (pam_code != PAM_SUCCESS) {

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering handle = NULL;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering goto fail;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering }

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering if (tty) {

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering pam_code = pam_set_item(handle, PAM_TTY, tty);

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering if (pam_code != PAM_SUCCESS)

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering goto fail;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering }

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering pam_code = pam_acct_mgmt(handle, flags);

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering if (pam_code != PAM_SUCCESS)

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering goto fail;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering pam_code = pam_open_session(handle, flags);

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering if (pam_code != PAM_SUCCESS)

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering goto fail;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering close_session = true;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering e = pam_getenvlist(handle);

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering if (!e) {

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering pam_code = PAM_BUF_ERR;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering goto fail;

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering }

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering

fefdc04b38725457a91651218feb7000f6ccc1f4Lennart Poettering /* Block SIGTERM, so that we know that it won't get lost in

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering assert_se(sigprocmask_many(SIG_BLOCK, &old_ss, SIGTERM, -1) >= 0);

9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering parent_pid = getpid();

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering pam_pid = fork();

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen if (pam_pid < 0)

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering goto fail;

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering if (pam_pid == 0) {

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering int sig;

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering int r = EXIT_PAM;

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering /* The child's job is to reset the PAM session on

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering /* This string must fit in 10 chars (i.e. the length

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen rename_process("(sd-pam)");

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering /* Make sure we don't keep open the passed fds in this

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering close_many(fds, n_fds);

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering /* Drop privileges - we don't need any to pam_close_session

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering if (setresuid(uid, uid, uid) < 0)

a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen log_error_errno(r, "Error: Failed to setresuid() in sd-pam: %m");

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering (void) ignore_signals(SIGPIPE, -1);

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering /* Wait until our parent died. This will only work if

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering goto child_finish;

1dba654b27918c22e413ac5b3c19301f1ff86ad2Lennart Poettering

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering /* Check if our parent process might already have

1dba654b27918c22e413ac5b3c19301f1ff86ad2Lennart Poettering if (getppid() == parent_pid) {

1dba654b27918c22e413ac5b3c19301f1ff86ad2Lennart Poettering sigset_t ss;

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering assert_se(sigemptyset(&ss) >= 0);

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering assert_se(sigaddset(&ss, SIGTERM) >= 0);

1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering for (;;) {

923d8fd381bced1c2d90ca53d18629d61a0f454aLennart Poettering if (sigwait(&ss, &sig) < 0) {

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering if (errno == EINTR)

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering continue;

923d8fd381bced1c2d90ca53d18629d61a0f454aLennart Poettering

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering goto child_finish;

923d8fd381bced1c2d90ca53d18629d61a0f454aLennart Poettering }

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering

1dba654b27918c22e413ac5b3c19301f1ff86ad2Lennart Poettering assert(sig == SIGTERM);

923d8fd381bced1c2d90ca53d18629d61a0f454aLennart Poettering break;

923d8fd381bced1c2d90ca53d18629d61a0f454aLennart Poettering }

923d8fd381bced1c2d90ca53d18629d61a0f454aLennart Poettering }

923d8fd381bced1c2d90ca53d18629d61a0f454aLennart Poettering

923d8fd381bced1c2d90ca53d18629d61a0f454aLennart Poettering /* If our parent died we'll end the session */

923d8fd381bced1c2d90ca53d18629d61a0f454aLennart Poettering if (getppid() != parent_pid) {

1dba654b27918c22e413ac5b3c19301f1ff86ad2Lennart Poettering pam_code = pam_close_session(handle, flags);

923d8fd381bced1c2d90ca53d18629d61a0f454aLennart Poettering if (pam_code != PAM_SUCCESS)

1dba654b27918c22e413ac5b3c19301f1ff86ad2Lennart Poettering goto child_finish;

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering }

923d8fd381bced1c2d90ca53d18629d61a0f454aLennart Poettering

1dba654b27918c22e413ac5b3c19301f1ff86ad2Lennart Poettering r = 0;

923d8fd381bced1c2d90ca53d18629d61a0f454aLennart Poettering

923d8fd381bced1c2d90ca53d18629d61a0f454aLennart Poettering child_finish:

923d8fd381bced1c2d90ca53d18629d61a0f454aLennart Poettering pam_end(handle, pam_code | flags);

923d8fd381bced1c2d90ca53d18629d61a0f454aLennart Poettering _exit(r);

923d8fd381bced1c2d90ca53d18629d61a0f454aLennart Poettering }

923d8fd381bced1c2d90ca53d18629d61a0f454aLennart Poettering

923d8fd381bced1c2d90ca53d18629d61a0f454aLennart Poettering /* If the child was forked off successfully it will do all the

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering handle = NULL;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering /* Unblock SIGTERM again in the parent */

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering assert_se(sigprocmask(SIG_SETMASK, &old_ss, NULL) >= 0);

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering /* We close the log explicitly here, since the PAM modules

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering closelog();

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering *pam_env = e;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering e = NULL;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering return 0;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poetteringfail:

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (pam_code != PAM_SUCCESS) {

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering log_error("PAM failed: %s", pam_strerror(handle, pam_code));

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering err = -EPERM; /* PAM errors do not map to errno */

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering } else {

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering log_error_errno(errno, "PAM failed: %m");

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering err = -errno;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering }

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (handle) {

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (close_session)

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering pam_code = pam_close_session(handle, flags);

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering pam_end(handle, pam_code | flags);

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering }

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering strv_free(e);

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering closelog();

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (pam_pid > 1) {

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering kill(pam_pid, SIGTERM);

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering kill(pam_pid, SIGCONT);

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering }

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering return err;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering}

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering#endif

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poetteringstatic void rename_process_from_path(const char *path) {

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering char process_name[11];

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering const char *p;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering size_t l;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering /* This resulting string must fit in 10 chars (i.e. the length

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering p = basename(path);

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering if (isempty(p)) {

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering rename_process("(...)");

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering return;

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering }

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering l = strlen(p);

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering if (l > 8) {

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering /* The end of the process name is usually more

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering p = p + l - 8;

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering l = 8;

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering }

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering process_name[0] = '(';

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering memcpy(process_name+1, p, l);

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering process_name[1+l] = ')';

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering process_name[1+l+1] = 0;

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering rename_process(process_name);

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering}

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering#ifdef HAVE_SECCOMP

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poetteringstatic int apply_seccomp(const ExecContext *c) {

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering uint32_t negative_action, action;

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering scmp_filter_ctx *seccomp;

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering Iterator i;

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering void *id;

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering int r;

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering assert(c);

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering negative_action = c->syscall_errno == 0 ? SCMP_ACT_KILL : SCMP_ACT_ERRNO(c->syscall_errno);

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering seccomp = seccomp_init(c->syscall_whitelist ? negative_action : SCMP_ACT_ALLOW);

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering if (!seccomp)

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering return -ENOMEM;

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering if (c->syscall_archs) {

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering SET_FOREACH(id, c->syscall_archs, i) {

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering r = seccomp_arch_add(seccomp, PTR_TO_UINT32(id) - 1);

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering if (r == -EEXIST)

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering continue;

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering if (r < 0)

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering goto finish;

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering }

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering } else {

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering r = seccomp_add_secondary_archs(seccomp);

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering if (r < 0)

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering goto finish;

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering }

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering action = c->syscall_whitelist ? SCMP_ACT_ALLOW : negative_action;

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering SET_FOREACH(id, c->syscall_filter, i) {

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering r = seccomp_rule_add(seccomp, action, PTR_TO_INT(id) - 1, 0);

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering if (r < 0)

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering goto finish;

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering }

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering if (r < 0)

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering goto finish;

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering r = seccomp_load(seccomp);

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poetteringfinish:

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering seccomp_release(seccomp);

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering return r;

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering}

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poetteringstatic int apply_address_families(const ExecContext *c) {

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering scmp_filter_ctx *seccomp;

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering Iterator i;

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering int r;

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering assert(c);

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering seccomp = seccomp_init(SCMP_ACT_ALLOW);

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering if (!seccomp)

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering return -ENOMEM;

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering

f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering r = seccomp_add_secondary_archs(seccomp);

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering if (r < 0)

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering goto finish;

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (c->address_families_whitelist) {

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering int af, first = 0, last = 0;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering void *afp;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering /* If this is a whitelist, we first block the address

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering SET_FOREACH(afp, c->address_families, i) {

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering af = PTR_TO_INT(afp);

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (af <= 0 || af >= af_max())

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering continue;

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (first == 0 || af < first)

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering first = af;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (last == 0 || af > last)

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering last = af;

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering }

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering assert((first == 0) == (last == 0));

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (first == 0) {

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering /* No entries in the valid range, block everything */

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering r = seccomp_rule_add(

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering seccomp,

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering SCMP_ACT_ERRNO(EPROTONOSUPPORT),

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering SCMP_SYS(socket),

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering 0);

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (r < 0)

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering goto finish;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering } else {

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering /* Block everything below the first entry */

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering r = seccomp_rule_add(

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering seccomp,

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering SCMP_ACT_ERRNO(EPROTONOSUPPORT),

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering SCMP_SYS(socket),

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering 1,

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering SCMP_A0(SCMP_CMP_LT, first));

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (r < 0)

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering goto finish;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering /* Block everything above the last entry */

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering r = seccomp_rule_add(

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering seccomp,

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering SCMP_ACT_ERRNO(EPROTONOSUPPORT),

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering SCMP_SYS(socket),

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering 1,

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering SCMP_A0(SCMP_CMP_GT, last));

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (r < 0)

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering goto finish;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering /* Block everything between the first and last

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering for (af = 1; af < af_max(); af++) {

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (set_contains(c->address_families, INT_TO_PTR(af)))

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering continue;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering r = seccomp_rule_add(

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering seccomp,

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering SCMP_ACT_ERRNO(EPROTONOSUPPORT),

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering SCMP_SYS(socket),

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering 1,

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering SCMP_A0(SCMP_CMP_EQ, af));

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (r < 0)

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering goto finish;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering }

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering }

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering } else {

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering void *af;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering /* If this is a blacklist, then generate one rule for

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering SET_FOREACH(af, c->address_families, i) {

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering r = seccomp_rule_add(

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering seccomp,

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering SCMP_ACT_ERRNO(EPROTONOSUPPORT),

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering SCMP_SYS(socket),

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering 1,

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering SCMP_A0(SCMP_CMP_EQ, PTR_TO_INT(af)));

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (r < 0)

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering goto finish;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering }

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering }

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (r < 0)

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering goto finish;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering r = seccomp_load(seccomp);

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poetteringfinish:

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering seccomp_release(seccomp);

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering return r;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering}

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering#endif

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poetteringstatic void do_idle_pipe_dance(int idle_pipe[4]) {

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering assert(idle_pipe);

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering safe_close(idle_pipe[1]);

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering safe_close(idle_pipe[2]);

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (idle_pipe[0] >= 0) {

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering int r;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering r = fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT_USEC);

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (idle_pipe[3] >= 0 && r == 0 /* timeout */) {

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering /* Signal systemd that we are bored and want to continue. */

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering r = write(idle_pipe[3], "x", 1);

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (r > 0)

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering /* Wait for systemd to react to the signal above. */

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT2_USEC);

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering }

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering safe_close(idle_pipe[0]);

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering }

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering safe_close(idle_pipe[3]);

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering}

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poetteringstatic int build_environment(

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering const ExecContext *c,

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering unsigned n_fds,

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering usec_t watchdog_usec,

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering const char *home,

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering const char *username,

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering const char *shell,

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering char ***ret) {

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering _cleanup_strv_free_ char **our_env = NULL;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering unsigned n_env = 0;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering char *x;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering assert(c);

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering assert(ret);

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering our_env = new0(char*, 10);

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (!our_env)

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering return -ENOMEM;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (n_fds > 0) {

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (asprintf(&x, "LISTEN_PID="PID_FMT, getpid()) < 0)

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering return -ENOMEM;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering our_env[n_env++] = x;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (asprintf(&x, "LISTEN_FDS=%u", n_fds) < 0)

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering return -ENOMEM;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering our_env[n_env++] = x;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering }

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (watchdog_usec > 0) {

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (asprintf(&x, "WATCHDOG_PID="PID_FMT, getpid()) < 0)

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering return -ENOMEM;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering our_env[n_env++] = x;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (asprintf(&x, "WATCHDOG_USEC="USEC_FMT, watchdog_usec) < 0)

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering return -ENOMEM;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering our_env[n_env++] = x;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering }

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (home) {

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering x = strappend("HOME=", home);

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering if (!x)

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering return -ENOMEM;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering our_env[n_env++] = x;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering }

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering if (username) {

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering x = strappend("LOGNAME=", username);

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering if (!x)

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering return -ENOMEM;

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering our_env[n_env++] = x;

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering x = strappend("USER=", username);

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering if (!x)

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering return -ENOMEM;

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering our_env[n_env++] = x;

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering }

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering if (shell) {

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering x = strappend("SHELL=", shell);

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering if (!x)

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering return -ENOMEM;

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering our_env[n_env++] = x;

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering }

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering if (is_terminal_input(c->std_input) ||

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering c->std_output == EXEC_OUTPUT_TTY ||

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering c->std_error == EXEC_OUTPUT_TTY ||

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering c->tty_path) {

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering

04d39279245834494baccfdb9349db8bf80abd13Lennart Poettering x = strdup(default_term_for_tty(tty_path(c)));

d04c1fb8e215600b4950c6778c6c16ddafc14024Lennart Poettering if (!x)

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering return -ENOMEM;

023fb90b83871a15ef7f57e8cd126e3426f99b9eLennart Poettering our_env[n_env++] = x;

023fb90b83871a15ef7f57e8cd126e3426f99b9eLennart Poettering }

40205d706e1210763ff4c98a317556375bd04bcdLennart Poettering

56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering our_env[n_env++] = NULL;

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering assert(n_env <= 10);

04d39279245834494baccfdb9349db8bf80abd13Lennart Poettering

c7b7d4493aa03e9ef5fb1e670b8969a48aa494ddLennart Poettering *ret = our_env;

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering our_env = NULL;

04d39279245834494baccfdb9349db8bf80abd13Lennart Poettering

04d39279245834494baccfdb9349db8bf80abd13Lennart Poettering return 0;

04d39279245834494baccfdb9349db8bf80abd13Lennart Poettering}

bf441e3d9371a7e5aa1def66cfc40f0118884644Lennart Poettering

de33fc625725d199629ed074d6278504deb23debLennart Poetteringstatic bool exec_needs_mount_namespace(

923d8fd381bced1c2d90ca53d18629d61a0f454aLennart Poettering const ExecContext *context,

04d39279245834494baccfdb9349db8bf80abd13Lennart Poettering const ExecParameters *params,

04d39279245834494baccfdb9349db8bf80abd13Lennart Poettering ExecRuntime *runtime) {

04d39279245834494baccfdb9349db8bf80abd13Lennart Poettering

023fb90b83871a15ef7f57e8cd126e3426f99b9eLennart Poettering assert(context);

f647962d64e844689f3e2acfce6102fc47e76df2Michal Schmidt assert(params);

f647962d64e844689f3e2acfce6102fc47e76df2Michal Schmidt

023fb90b83871a15ef7f57e8cd126e3426f99b9eLennart Poettering if (!strv_isempty(context->read_write_dirs) ||

023fb90b83871a15ef7f57e8cd126e3426f99b9eLennart Poettering !strv_isempty(context->read_only_dirs) ||

f647962d64e844689f3e2acfce6102fc47e76df2Michal Schmidt !strv_isempty(context->inaccessible_dirs))

f647962d64e844689f3e2acfce6102fc47e76df2Michal Schmidt return true;

023fb90b83871a15ef7f57e8cd126e3426f99b9eLennart Poettering

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering if (context->mount_flags != 0)

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering return true;

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering if (context->private_tmp && runtime && (runtime->tmp_dir || runtime->var_tmp_dir))

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering return true;

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering if (params->bus_endpoint_path)

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering return true;

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering if (context->private_devices ||

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering context->protect_system != PROTECT_SYSTEM_NO ||

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering context->protect_home != PROTECT_HOME_NO)

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering return true;

d04c1fb8e215600b4950c6778c6c16ddafc14024Lennart Poettering

d04c1fb8e215600b4950c6778c6c16ddafc14024Lennart Poettering return false;

d04c1fb8e215600b4950c6778c6c16ddafc14024Lennart Poettering}

d04c1fb8e215600b4950c6778c6c16ddafc14024Lennart Poettering

d04c1fb8e215600b4950c6778c6c16ddafc14024Lennart Poetteringstatic int exec_child(

d04c1fb8e215600b4950c6778c6c16ddafc14024Lennart Poettering Unit *unit,

d04c1fb8e215600b4950c6778c6c16ddafc14024Lennart Poettering ExecCommand *command,

d04c1fb8e215600b4950c6778c6c16ddafc14024Lennart Poettering const ExecContext *context,

d04c1fb8e215600b4950c6778c6c16ddafc14024Lennart Poettering const ExecParameters *params,

d04c1fb8e215600b4950c6778c6c16ddafc14024Lennart Poettering ExecRuntime *runtime,

d04c1fb8e215600b4950c6778c6c16ddafc14024Lennart Poettering char **argv,

d04c1fb8e215600b4950c6778c6c16ddafc14024Lennart Poettering int socket_fd,

d04c1fb8e215600b4950c6778c6c16ddafc14024Lennart Poettering int *fds, unsigned n_fds,

d04c1fb8e215600b4950c6778c6c16ddafc14024Lennart Poettering char **files_env,

d04c1fb8e215600b4950c6778c6c16ddafc14024Lennart Poettering int *exit_status) {

d04c1fb8e215600b4950c6778c6c16ddafc14024Lennart Poettering

d04c1fb8e215600b4950c6778c6c16ddafc14024Lennart Poettering _cleanup_strv_free_ char **our_env = NULL, **pam_env = NULL, **final_env = NULL, **final_argv = NULL;

d04c1fb8e215600b4950c6778c6c16ddafc14024Lennart Poettering _cleanup_free_ char *mac_selinux_context_net = NULL;

40205d706e1210763ff4c98a317556375bd04bcdLennart Poettering const char *username = NULL, *home = NULL, *shell = NULL;

40205d706e1210763ff4c98a317556375bd04bcdLennart Poettering unsigned n_dont_close = 0;

785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering int dont_close[n_fds + 4];

40205d706e1210763ff4c98a317556375bd04bcdLennart Poettering uid_t uid = UID_INVALID;

04d39279245834494baccfdb9349db8bf80abd13Lennart Poettering gid_t gid = GID_INVALID;

40205d706e1210763ff4c98a317556375bd04bcdLennart Poettering int i, r;

40205d706e1210763ff4c98a317556375bd04bcdLennart Poettering bool needs_mount_namespace;

ee451d766a64117a41ec36dd71e61683c9d9b83cLennart Poettering

04d39279245834494baccfdb9349db8bf80abd13Lennart Poettering assert(unit);

04d39279245834494baccfdb9349db8bf80abd13Lennart Poettering assert(command);

04d39279245834494baccfdb9349db8bf80abd13Lennart Poettering assert(context);

04d39279245834494baccfdb9349db8bf80abd13Lennart Poettering assert(params);

04d39279245834494baccfdb9349db8bf80abd13Lennart Poettering assert(exit_status);

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering

04d39279245834494baccfdb9349db8bf80abd13Lennart Poettering rename_process_from_path(command->path);

023fb90b83871a15ef7f57e8cd126e3426f99b9eLennart Poettering

023fb90b83871a15ef7f57e8cd126e3426f99b9eLennart Poettering /* We reset exactly these signals, since they are the

023fb90b83871a15ef7f57e8cd126e3426f99b9eLennart Poettering (void) default_signals(SIGNALS_CRASH_HANDLER,

023fb90b83871a15ef7f57e8cd126e3426f99b9eLennart Poettering SIGNALS_IGNORE, -1);

f647962d64e844689f3e2acfce6102fc47e76df2Michal Schmidt

f647962d64e844689f3e2acfce6102fc47e76df2Michal Schmidt if (context->ignore_sigpipe)

04d39279245834494baccfdb9349db8bf80abd13Lennart Poettering (void) ignore_signals(SIGPIPE, -1);

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering r = reset_signal_mask();

c7b7d4493aa03e9ef5fb1e670b8969a48aa494ddLennart Poettering if (r < 0) {

023fb90b83871a15ef7f57e8cd126e3426f99b9eLennart Poettering *exit_status = EXIT_SIGNAL_MASK;

023fb90b83871a15ef7f57e8cd126e3426f99b9eLennart Poettering return r;

c7b7d4493aa03e9ef5fb1e670b8969a48aa494ddLennart Poettering }

c7b7d4493aa03e9ef5fb1e670b8969a48aa494ddLennart Poettering

04d39279245834494baccfdb9349db8bf80abd13Lennart Poettering if (params->idle_pipe)

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering do_idle_pipe_dance(params->idle_pipe);

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering

0ec5543c4c0318552a4dcdd83210793347b93081Lennart Poettering /* Close sockets very early to make sure we don't

023fb90b83871a15ef7f57e8cd126e3426f99b9eLennart Poettering

023fb90b83871a15ef7f57e8cd126e3426f99b9eLennart Poettering log_forget_fds();

04d39279245834494baccfdb9349db8bf80abd13Lennart Poettering

04d39279245834494baccfdb9349db8bf80abd13Lennart Poettering if (socket_fd >= 0)

086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering dont_close[n_dont_close++] = socket_fd;

086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering if (n_fds > 0) {

086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering memcpy(dont_close + n_dont_close, fds, sizeof(int) * n_fds);

ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering n_dont_close += n_fds;

086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering }

086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering if (params->bus_endpoint_fd >= 0)

086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering dont_close[n_dont_close++] = params->bus_endpoint_fd;

086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering if (runtime) {

086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering if (runtime->netns_storage_socket[0] >= 0)

086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering dont_close[n_dont_close++] = runtime->netns_storage_socket[0];

086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering if (runtime->netns_storage_socket[1] >= 0)

086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering dont_close[n_dont_close++] = runtime->netns_storage_socket[1];

086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering }

086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering

086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering r = close_all_fds(dont_close, n_dont_close);

086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering if (r < 0) {

086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering *exit_status = EXIT_FDS;

086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering return r;

086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering }

086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering

086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering if (!context->same_pgrp)

086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering if (setsid() < 0) {

086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering *exit_status = EXIT_SETSID;

086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering return -errno;

086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering }

086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering

ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering exec_context_tty_reset(context);

ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering

ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering if (params->confirm_spawn) {

ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering char response;

ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering

ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering r = ask_for_confirmation(&response, argv);

ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering if (r == -ETIMEDOUT)

ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering write_confirm_message("Confirmation question timed out, assuming positive response.\n");

ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering else if (r < 0)

ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering write_confirm_message("Couldn't ask confirmation question, assuming positive response: %s\n", strerror(-r));

ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering else if (response == 's') {

ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering write_confirm_message("Skipping execution.\n");