57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include <errno.h>

07630cea1f3a845c09309f197ac7c4f11edd3b62Lennart Poettering#include <fcntl.h>

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include <unistd.h>

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include <string.h>

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include <signal.h>

b5efdb8af40ea759a1ea584c1bc44ecc81dd00ceLennart Poettering#include <sys/socket.h>

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include <sys/un.h>

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include <sys/prctl.h>

07630cea1f3a845c09309f197ac7c4f11edd3b62Lennart Poettering#include <sys/stat.h>

3ffd4af22052963e7a29431721ee204e634bea75Lennart Poettering#include <grp.h>

07630cea1f3a845c09309f197ac7c4f11edd3b62Lennart Poettering#include <poll.h>

f4f15635ec05293ffcc83a5b39f624bbabbd8fd0Lennart Poettering#include <glob.h>

07630cea1f3a845c09309f197ac7c4f11edd3b62Lennart Poettering#include <sys/personality.h>

07630cea1f3a845c09309f197ac7c4f11edd3b62Lennart Poettering

07630cea1f3a845c09309f197ac7c4f11edd3b62Lennart Poettering#ifdef HAVE_PAM

6bedfcbb2970e06a4d3280c8fb62083d252ede73Lennart Poettering#include <security/pam_appl.h>

07630cea1f3a845c09309f197ac7c4f11edd3b62Lennart Poettering#endif

07630cea1f3a845c09309f197ac7c4f11edd3b62Lennart Poettering

07630cea1f3a845c09309f197ac7c4f11edd3b62Lennart Poettering#ifdef HAVE_SELINUX

8b43440b7ef4b81c69c31de7ff820dc07a780254Lennart Poettering#include <selinux/selinux.h>

07630cea1f3a845c09309f197ac7c4f11edd3b62Lennart Poettering#endif

07630cea1f3a845c09309f197ac7c4f11edd3b62Lennart Poettering

07630cea1f3a845c09309f197ac7c4f11edd3b62Lennart Poettering#ifdef HAVE_SECCOMP

ee104e11e303499a637c5cd8157bd12ad5cc116dLennart Poettering#include <seccomp.h>

07630cea1f3a845c09309f197ac7c4f11edd3b62Lennart Poettering#endif

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#ifdef HAVE_APPARMOR

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include <sys/apparmor.h>

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#endif

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "execute.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "strv.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "macro.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "capability.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "util.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "log.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "sd-messages.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "ioprio.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "securebits.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "namespace.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "exit-status.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "missing.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "utmp-wtmp.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "def.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "path-util.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "env-util.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "fileio.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "unit.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "async.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "selinux-util.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "errno-list.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "af-list.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "mkdir.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "smack-util.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "bus-endpoint.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "cap-list.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#ifdef HAVE_APPARMOR

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "apparmor-util.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#endif

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#ifdef HAVE_SECCOMP

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#include "seccomp-util.h"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#endif

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#define TTY_MODE 0620

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#define SNDBUF_SIZE (8*1024*1024)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenstatic int shift_fds(int fds[], unsigned n_fds) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int start, restart_from;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (n_fds <= 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return 0;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* Modifies the fds array! (sorts it) */

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(fds);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen start = 0;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen for (;;) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int i;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen restart_from = -1;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen for (i = start; i < (int) n_fds; i++) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int nfd;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* Already at right index? */

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (fds[i] == i+3)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen continue;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if ((nfd = fcntl(fds[i], F_DUPFD, i+3)) < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return -errno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen safe_close(fds[i]);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen fds[i] = nfd;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* Hmm, the fd we wanted isn't free? Then

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (nfd != i+3 && restart_from < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen restart_from = i;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (restart_from < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen break;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen start = restart_from;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return 0;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen}

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenstatic int flags_fds(const int fds[], unsigned n_fds, bool nonblock) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen unsigned i;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (n_fds <= 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return 0;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(fds);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* Drops/Sets O_NONBLOCK and FD_CLOEXEC from the file flags */

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen for (i = 0; i < n_fds; i++) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if ((r = fd_nonblock(fds[i], nonblock)) < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* We unconditionally drop FD_CLOEXEC from the fds,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if ((r = fd_cloexec(fds[i], false)) < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return 0;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen}

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen_pure_ static const char *tty_path(const ExecContext *context) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(context);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (context->tty_path)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return context->tty_path;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return "/dev/console";

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen}

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenstatic void exec_context_tty_reset(const ExecContext *context) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(context);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (context->tty_vhangup)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen terminal_vhangup(tty_path(context));

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (context->tty_reset)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen reset_terminal(tty_path(context));

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (context->tty_vt_disallocate && context->tty_path)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen vt_disallocate(context->tty_path);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen}

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenstatic bool is_terminal_output(ExecOutput o) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen o == EXEC_OUTPUT_TTY ||

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen o == EXEC_OUTPUT_SYSLOG_AND_CONSOLE ||

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen o == EXEC_OUTPUT_KMSG_AND_CONSOLE ||

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen o == EXEC_OUTPUT_JOURNAL_AND_CONSOLE;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen}

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenstatic int open_null_as(int flags, int nfd) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int fd, r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(nfd >= 0);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen fd = open("/dev/null", flags|O_NOCTTY);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (fd < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return -errno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (fd != nfd) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = dup2(fd, nfd) < 0 ? -errno : nfd;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen safe_close(fd);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen } else

e53fc357a9bb9d0a5362ccc4246d598cb0febd5eLennart Poettering r = nfd;

e53fc357a9bb9d0a5362ccc4246d598cb0febd5eLennart Poettering

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen}

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenstatic int connect_journal_socket(int fd, uid_t uid, gid_t gid) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen union sockaddr_union sa = {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen .un.sun_family = AF_UNIX,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen .un.sun_path = "/run/systemd/journal/stdout",

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen };

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen uid_t olduid = UID_INVALID;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen gid_t oldgid = GID_INVALID;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (gid != GID_INVALID) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen oldgid = getgid();

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = setegid(gid);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (r < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return -errno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (uid != UID_INVALID) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen olduid = getuid();

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = seteuid(uid);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (r < 0) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = -errno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto restore_gid;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path));

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (r < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = -errno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* If we fail to restore the uid or gid, things will likely

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (uid != UID_INVALID)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen (void) seteuid(olduid);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen restore_gid:

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (gid != GID_INVALID)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen (void) setegid(oldgid);

e53fc357a9bb9d0a5362ccc4246d598cb0febd5eLennart Poettering

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen}

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenstatic int connect_logger_as(const ExecContext *context, ExecOutput output, const char *ident, const char *unit_id, int nfd, uid_t uid, gid_t gid) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int fd, r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(context);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(output < _EXEC_OUTPUT_MAX);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(ident);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(nfd >= 0);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen fd = socket(AF_UNIX, SOCK_STREAM, 0);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (fd < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return -errno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = connect_journal_socket(fd, uid, gid);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (r < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (shutdown(fd, SHUT_RD) < 0) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen safe_close(fd);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return -errno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen fd_inc_sndbuf(fd, SNDBUF_SIZE);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen dprintf(fd,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen "%s\n"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen "%s\n"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen "%i\n"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen "%i\n"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen "%i\n"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen "%i\n"

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen "%i\n",

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen context->syslog_identifier ? context->syslog_identifier : ident,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen unit_id,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen context->syslog_priority,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen !!context->syslog_level_prefix,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen output == EXEC_OUTPUT_SYSLOG || output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen output == EXEC_OUTPUT_KMSG || output == EXEC_OUTPUT_KMSG_AND_CONSOLE,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen is_terminal_output(output));

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (fd != nfd) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = dup2(fd, nfd) < 0 ? -errno : nfd;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen safe_close(fd);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen } else

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = nfd;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen}

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenstatic int open_terminal_as(const char *path, mode_t mode, int nfd) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int fd, r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(path);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(nfd >= 0);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if ((fd = open_terminal(path, mode | O_NOCTTY)) < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return fd;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (fd != nfd) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = dup2(fd, nfd) < 0 ? -errno : nfd;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen safe_close(fd);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen } else

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = nfd;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen}

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenstatic bool is_terminal_input(ExecInput i) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen i == EXEC_INPUT_TTY ||

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen i == EXEC_INPUT_TTY_FORCE ||

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen i == EXEC_INPUT_TTY_FAIL;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen}

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenstatic int fixup_input(ExecInput std_input, int socket_fd, bool apply_tty_stdin) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (is_terminal_input(std_input) && !apply_tty_stdin)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return EXEC_INPUT_NULL;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (std_input == EXEC_INPUT_SOCKET && socket_fd < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return EXEC_INPUT_NULL;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return std_input;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen}

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenstatic int fixup_output(ExecOutput std_output, int socket_fd) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (std_output == EXEC_OUTPUT_SOCKET && socket_fd < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return EXEC_OUTPUT_INHERIT;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return std_output;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen}

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenstatic int setup_input(const ExecContext *context, int socket_fd, bool apply_tty_stdin) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen ExecInput i;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(context);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen i = fixup_input(context->std_input, socket_fd, apply_tty_stdin);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen switch (i) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen case EXEC_INPUT_NULL:

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return open_null_as(O_RDONLY, STDIN_FILENO);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen case EXEC_INPUT_TTY:

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen case EXEC_INPUT_TTY_FORCE:

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen case EXEC_INPUT_TTY_FAIL: {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int fd, r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen fd = acquire_terminal(tty_path(context),

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen i == EXEC_INPUT_TTY_FAIL,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen i == EXEC_INPUT_TTY_FORCE,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen false,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen USEC_INFINITY);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (fd < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return fd;

401cb61499f446c7c1579a160eeef435afd525fdTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (fd != STDIN_FILENO) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = dup2(fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen safe_close(fd);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen } else

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = STDIN_FILENO;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen case EXEC_INPUT_SOCKET:

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return dup2(socket_fd, STDIN_FILENO) < 0 ? -errno : STDIN_FILENO;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen default:

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert_not_reached("Unknown input type");

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen}

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenstatic int setup_output(const ExecContext *context, int fileno, int socket_fd, const char *ident, const char *unit_id, bool apply_tty_stdin, uid_t uid, gid_t gid) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen ExecOutput o;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen ExecInput i;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(context);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(ident);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen i = fixup_input(context->std_input, socket_fd, apply_tty_stdin);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen o = fixup_output(context->std_output, socket_fd);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (fileno == STDERR_FILENO) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen ExecOutput e;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen e = fixup_output(context->std_error, socket_fd);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* This expects the input and output are already set up */

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* Don't change the stderr file descriptor if we inherit all

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (e == EXEC_OUTPUT_INHERIT &&

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen o == EXEC_OUTPUT_INHERIT &&

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen i == EXEC_INPUT_NULL &&

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen !is_terminal_input(context->std_input) &&

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen getppid () != 1)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return fileno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* Duplicate from stdout if possible */

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (e == o || e == EXEC_OUTPUT_INHERIT)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return dup2(STDOUT_FILENO, fileno) < 0 ? -errno : fileno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen o = e;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen } else if (o == EXEC_OUTPUT_INHERIT) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* If input got downgraded, inherit the original value */

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (i == EXEC_INPUT_NULL && is_terminal_input(context->std_input))

4df4fd1127df4b70f78d952a37a51a8c69e3243fTom Gundersen return open_terminal_as(tty_path(context), O_WRONLY, fileno);

4df4fd1127df4b70f78d952a37a51a8c69e3243fTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* If the input is connected to anything that's not a /dev/null, inherit that... */

4df4fd1127df4b70f78d952a37a51a8c69e3243fTom Gundersen if (i != EXEC_INPUT_NULL)

de9b34b6d4250056ae2c483cf22844880504bcccTom Gundersen return dup2(STDIN_FILENO, fileno) < 0 ? -errno : fileno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

de9b34b6d4250056ae2c483cf22844880504bcccTom Gundersen /* If we are not started from PID 1 we just inherit STDOUT from our parent process. */

de9b34b6d4250056ae2c483cf22844880504bcccTom Gundersen if (getppid() != 1)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return fileno;

4df4fd1127df4b70f78d952a37a51a8c69e3243fTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* We need to open /dev/null here anew, to get the right access mode. */

4df4fd1127df4b70f78d952a37a51a8c69e3243fTom Gundersen return open_null_as(O_WRONLY, fileno);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

4df4fd1127df4b70f78d952a37a51a8c69e3243fTom Gundersen switch (o) {

4df4fd1127df4b70f78d952a37a51a8c69e3243fTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen case EXEC_OUTPUT_NULL:

4df4fd1127df4b70f78d952a37a51a8c69e3243fTom Gundersen return open_null_as(O_WRONLY, fileno);

de9b34b6d4250056ae2c483cf22844880504bcccTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen case EXEC_OUTPUT_TTY:

de9b34b6d4250056ae2c483cf22844880504bcccTom Gundersen if (is_terminal_input(i))

de9b34b6d4250056ae2c483cf22844880504bcccTom Gundersen return dup2(STDIN_FILENO, fileno) < 0 ? -errno : fileno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

4df4fd1127df4b70f78d952a37a51a8c69e3243fTom Gundersen /* We don't reset the terminal if this is just about output */

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return open_terminal_as(tty_path(context), O_WRONLY, fileno);

4df4fd1127df4b70f78d952a37a51a8c69e3243fTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen case EXEC_OUTPUT_SYSLOG:

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen case EXEC_OUTPUT_SYSLOG_AND_CONSOLE:

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen case EXEC_OUTPUT_KMSG:

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen case EXEC_OUTPUT_KMSG_AND_CONSOLE:

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen case EXEC_OUTPUT_JOURNAL:

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen case EXEC_OUTPUT_JOURNAL_AND_CONSOLE:

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = connect_logger_as(context, o, ident, unit_id, fileno, uid, gid);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (r < 0) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen log_unit_struct(unit_id,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen LOG_ERR,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen LOG_MESSAGE("Failed to connect %s of %s to the journal socket: %s",

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen fileno == STDOUT_FILENO ? "stdout" : "stderr",

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen unit_id, strerror(-r)),

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen LOG_ERRNO(-r),

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen NULL);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = open_null_as(O_WRONLY, fileno);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen case EXEC_OUTPUT_SOCKET:

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(socket_fd >= 0);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return dup2(socket_fd, fileno) < 0 ? -errno : fileno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen default:

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert_not_reached("Unknown error type");

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen}

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenstatic int chown_terminal(int fd, uid_t uid) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen struct stat st;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(fd >= 0);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* This might fail. What matters are the results. */

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen (void) fchown(fd, uid, -1);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen (void) fchmod(fd, TTY_MODE);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (fstat(fd, &st) < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return -errno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (st.st_uid != uid || (st.st_mode & 0777) != TTY_MODE)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return -EPERM;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return 0;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen}

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenstatic int setup_confirm_stdio(int *_saved_stdin,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int *_saved_stdout) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int fd = -1, saved_stdin, saved_stdout = -1, r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(_saved_stdin);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(_saved_stdout);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen saved_stdin = fcntl(STDIN_FILENO, F_DUPFD, 3);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (saved_stdin < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return -errno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen saved_stdout = fcntl(STDOUT_FILENO, F_DUPFD, 3);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (saved_stdout < 0) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = errno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto fail;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen fd = acquire_terminal(

401cb61499f446c7c1579a160eeef435afd525fdTom Gundersen "/dev/console",

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen false,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen false,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen false,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen DEFAULT_CONFIRM_USEC);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (fd < 0) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = fd;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto fail;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = chown_terminal(fd, getuid());

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (r < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto fail;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (dup2(fd, STDIN_FILENO) < 0) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = -errno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto fail;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (dup2(fd, STDOUT_FILENO) < 0) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = -errno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto fail;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (fd >= 2)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen safe_close(fd);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen *_saved_stdin = saved_stdin;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen *_saved_stdout = saved_stdout;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return 0;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenfail:

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen safe_close(saved_stdout);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen safe_close(saved_stdin);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen safe_close(fd);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen}

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen_printf_(1, 2) static int write_confirm_message(const char *format, ...) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen _cleanup_close_ int fd = -1;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen va_list ap;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(format);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (fd < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return fd;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen va_start(ap, format);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen vdprintf(fd, format, ap);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen va_end(ap);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return 0;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen}

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenstatic int restore_confirm_stdio(int *saved_stdin,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int *saved_stdout) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int r = 0;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(saved_stdin);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(saved_stdout);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen release_terminal();

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (*saved_stdin >= 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (dup2(*saved_stdin, STDIN_FILENO) < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = -errno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (*saved_stdout >= 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (dup2(*saved_stdout, STDOUT_FILENO) < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = -errno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen safe_close(*saved_stdin);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen safe_close(*saved_stdout);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen}

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenstatic int ask_for_confirmation(char *response, char **argv) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int saved_stdout = -1, saved_stdin = -1, r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen _cleanup_free_ char *line = NULL;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = setup_confirm_stdio(&saved_stdin, &saved_stdout);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (r < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen line = exec_command_line(argv);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (!line)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return -ENOMEM;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = ask_char(response, "yns", "Execute %s? [Yes, No, Skip] ", line);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen restore_confirm_stdio(&saved_stdin, &saved_stdout);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen}

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenstatic int enforce_groups(const ExecContext *context, const char *username, gid_t gid) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen bool keep_groups = false;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(context);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* Lookup and set GID and supplementary group list. Here too

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (context->group || username) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (context->group) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen const char *g = context->group;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if ((r = get_group_creds(&g, &gid)) < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* First step, initialize groups from /etc/groups */

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (username && gid != 0) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (initgroups(username, gid) < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return -errno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen keep_groups = true;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* Second step, set our gids */

ccc1002a1c510b7d4631833eaf60225f028f2280Tom Gundersen if (setresgid(gid, gid, gid) < 0)

ccc1002a1c510b7d4631833eaf60225f028f2280Tom Gundersen return -errno;

d854ba50a82f28b776c670d27156f0e9881fde8aMartin Pitt }

ccc1002a1c510b7d4631833eaf60225f028f2280Tom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (context->supplementary_groups) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int ngroups_max, k;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen gid_t *gids;

aa20f49a1c5816e6e7e97f2e2ba209be47f3c0a3Tom Gundersen char **i;

aa20f49a1c5816e6e7e97f2e2ba209be47f3c0a3Tom Gundersen

aa20f49a1c5816e6e7e97f2e2ba209be47f3c0a3Tom Gundersen /* Final step, initialize any manually set supplementary groups */

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert_se((ngroups_max = (int) sysconf(_SC_NGROUPS_MAX)) > 0);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (!(gids = new(gid_t, ngroups_max)))

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return -ENOMEM;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (keep_groups) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if ((k = getgroups(ngroups_max, gids)) < 0) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen free(gids);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return -errno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen } else

d854ba50a82f28b776c670d27156f0e9881fde8aMartin Pitt k = 0;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen STRV_FOREACH(i, context->supplementary_groups) {

ccc1002a1c510b7d4631833eaf60225f028f2280Tom Gundersen const char *g;

ccc1002a1c510b7d4631833eaf60225f028f2280Tom Gundersen

ccc1002a1c510b7d4631833eaf60225f028f2280Tom Gundersen if (k >= ngroups_max) {

ccc1002a1c510b7d4631833eaf60225f028f2280Tom Gundersen free(gids);

d854ba50a82f28b776c670d27156f0e9881fde8aMartin Pitt return -E2BIG;

d854ba50a82f28b776c670d27156f0e9881fde8aMartin Pitt }

ccc1002a1c510b7d4631833eaf60225f028f2280Tom Gundersen

d854ba50a82f28b776c670d27156f0e9881fde8aMartin Pitt g = *i;

d854ba50a82f28b776c670d27156f0e9881fde8aMartin Pitt r = get_group_creds(&g, gids+k);

d854ba50a82f28b776c670d27156f0e9881fde8aMartin Pitt if (r < 0) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen free(gids);

ccc1002a1c510b7d4631833eaf60225f028f2280Tom Gundersen return r;

ccc1002a1c510b7d4631833eaf60225f028f2280Tom Gundersen }

ccc1002a1c510b7d4631833eaf60225f028f2280Tom Gundersen

ccc1002a1c510b7d4631833eaf60225f028f2280Tom Gundersen k++;

ccc1002a1c510b7d4631833eaf60225f028f2280Tom Gundersen }

ccc1002a1c510b7d4631833eaf60225f028f2280Tom Gundersen

ccc1002a1c510b7d4631833eaf60225f028f2280Tom Gundersen if (setgroups(k, gids) < 0) {

ccc1002a1c510b7d4631833eaf60225f028f2280Tom Gundersen free(gids);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return -errno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen free(gids);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return 0;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen}

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenstatic int enforce_user(const ExecContext *context, uid_t uid) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(context);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

aa20f49a1c5816e6e7e97f2e2ba209be47f3c0a3Tom Gundersen /* Sets (but doesn't lookup) the uid and make sure we keep the

aa20f49a1c5816e6e7e97f2e2ba209be47f3c0a3Tom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (context->capabilities) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen _cleanup_cap_free_ cap_t d = NULL;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen static const cap_value_t bits[] = {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen CAP_SETUID, /* Necessary so that we can run setresuid() below */

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen CAP_SETPCAP /* Necessary so that we can set PR_SET_SECUREBITS later on */

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen };

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* First step: If we need to keep capabilities but

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (uid != 0) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int sb = context->secure_bits | 1<<SECURE_KEEP_CAPS;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (prctl(PR_GET_SECUREBITS) != sb)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (prctl(PR_SET_SECUREBITS, sb) < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return -errno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* Second step: set the capabilities. This will reduce

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen d = cap_dup(context->capabilities);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (!d)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return -errno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (cap_set_flag(d, CAP_EFFECTIVE, ELEMENTSOF(bits), bits, CAP_SET) < 0 ||

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen cap_set_flag(d, CAP_PERMITTED, ELEMENTSOF(bits), bits, CAP_SET) < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return -errno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (cap_set_proc(d) < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return -errno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* Third step: actually set the uids */

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (setresuid(uid, uid, uid) < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return -errno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* At this point we should have all necessary capabilities but

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return 0;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen}

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#ifdef HAVE_PAM

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenstatic int null_conv(

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int num_msg,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen const struct pam_message **msg,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen struct pam_response **resp,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen void *appdata_ptr) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* We don't support conversations */

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return PAM_CONV_ERR;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen}

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenstatic int setup_pam(

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen const char *name,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen const char *user,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen uid_t uid,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen const char *tty,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen char ***pam_env,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int fds[], unsigned n_fds) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen static const struct pam_conv conv = {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen .conv = null_conv,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen .appdata_ptr = NULL

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen };

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen pam_handle_t *handle = NULL;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen sigset_t ss, old_ss;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int pam_code = PAM_SUCCESS;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int err;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen char **e = NULL;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen bool close_session = false;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen pid_t pam_pid = 0, parent_pid;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int flags = 0;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(name);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(user);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(pam_env);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* We set up PAM in the parent process, then fork. The child

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (log_get_max_level() < LOG_DEBUG)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen flags |= PAM_SILENT;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen pam_code = pam_start(name, user, &conv, &handle);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (pam_code != PAM_SUCCESS) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen handle = NULL;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto fail;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (tty) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen pam_code = pam_set_item(handle, PAM_TTY, tty);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (pam_code != PAM_SUCCESS)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto fail;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen pam_code = pam_acct_mgmt(handle, flags);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (pam_code != PAM_SUCCESS)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto fail;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen pam_code = pam_open_session(handle, flags);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (pam_code != PAM_SUCCESS)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto fail;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen close_session = true;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen e = pam_getenvlist(handle);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (!e) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen pam_code = PAM_BUF_ERR;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto fail;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* Block SIGTERM, so that we know that it won't get lost in

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (sigemptyset(&ss) < 0 ||

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen sigaddset(&ss, SIGTERM) < 0 ||

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen sigprocmask(SIG_BLOCK, &ss, &old_ss) < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto fail;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen parent_pid = getpid();

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen pam_pid = fork();

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (pam_pid < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto fail;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (pam_pid == 0) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int sig;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int r = EXIT_PAM;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* The child's job is to reset the PAM session on

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* This string must fit in 10 chars (i.e. the length

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen rename_process("(sd-pam)");

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* Make sure we don't keep open the passed fds in this

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen close_many(fds, n_fds);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* Drop privileges - we don't need any to pam_close_session

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (setresuid(uid, uid, uid) < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen log_error_errno(r, "Error: Failed to setresuid() in sd-pam: %m");

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* Wait until our parent died. This will only work if

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto child_finish;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* Check if our parent process might already have

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (getppid() == parent_pid) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen for (;;) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (sigwait(&ss, &sig) < 0) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (errno == EINTR)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen continue;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto child_finish;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(sig == SIGTERM);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen break;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* If our parent died we'll end the session */

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (getppid() != parent_pid) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen pam_code = pam_close_session(handle, flags);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (pam_code != PAM_SUCCESS)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto child_finish;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = 0;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen child_finish:

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen pam_end(handle, pam_code | flags);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen _exit(r);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* If the child was forked off successfully it will do all the

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen handle = NULL;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* Unblock SIGTERM again in the parent */

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (sigprocmask(SIG_SETMASK, &old_ss, NULL) < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto fail;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* We close the log explicitly here, since the PAM modules

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen closelog();

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen *pam_env = e;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen e = NULL;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return 0;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenfail:

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (pam_code != PAM_SUCCESS) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen log_error("PAM failed: %s", pam_strerror(handle, pam_code));

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen err = -EPERM; /* PAM errors do not map to errno */

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen } else {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen log_error_errno(errno, "PAM failed: %m");

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen err = -errno;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (handle) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (close_session)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen pam_code = pam_close_session(handle, flags);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen pam_end(handle, pam_code | flags);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen strv_free(e);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen closelog();

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (pam_pid > 1) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen kill(pam_pid, SIGTERM);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen kill(pam_pid, SIGCONT);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return err;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen}

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#endif

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenstatic void rename_process_from_path(const char *path) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen char process_name[11];

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen const char *p;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen size_t l;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* This resulting string must fit in 10 chars (i.e. the length

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen p = basename(path);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (isempty(p)) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen rename_process("(...)");

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen l = strlen(p);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (l > 8) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* The end of the process name is usually more

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen p = p + l - 8;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen l = 8;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen process_name[0] = '(';

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen memcpy(process_name+1, p, l);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen process_name[1+l] = ')';

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen process_name[1+l+1] = 0;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen rename_process(process_name);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen}

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen#ifdef HAVE_SECCOMP

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenstatic int apply_seccomp(const ExecContext *c) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen uint32_t negative_action, action;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen scmp_filter_ctx *seccomp;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen Iterator i;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen void *id;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(c);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen negative_action = c->syscall_errno == 0 ? SCMP_ACT_KILL : SCMP_ACT_ERRNO(c->syscall_errno);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen seccomp = seccomp_init(c->syscall_whitelist ? negative_action : SCMP_ACT_ALLOW);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (!seccomp)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return -ENOMEM;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (c->syscall_archs) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen SET_FOREACH(id, c->syscall_archs, i) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = seccomp_arch_add(seccomp, PTR_TO_UINT32(id) - 1);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (r == -EEXIST)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen continue;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (r < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto finish;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen } else {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = seccomp_add_secondary_archs(seccomp);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (r < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto finish;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen action = c->syscall_whitelist ? SCMP_ACT_ALLOW : negative_action;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen SET_FOREACH(id, c->syscall_filter, i) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = seccomp_rule_add(seccomp, action, PTR_TO_INT(id) - 1, 0);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (r < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto finish;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (r < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto finish;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = seccomp_load(seccomp);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenfinish:

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen seccomp_release(seccomp);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen}

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersenstatic int apply_address_families(const ExecContext *c) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen scmp_filter_ctx *seccomp;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen Iterator i;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int r;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert(c);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen seccomp = seccomp_init(SCMP_ACT_ALLOW);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (!seccomp)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen return -ENOMEM;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = seccomp_add_secondary_archs(seccomp);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (r < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto finish;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (c->address_families_whitelist) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen int af, first = 0, last = 0;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen void *afp;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* If this is a whitelist, we first block the address

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen SET_FOREACH(afp, c->address_families, i) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen af = PTR_TO_INT(afp);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (af <= 0 || af >= af_max())

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen continue;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (first == 0 || af < first)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen first = af;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (last == 0 || af > last)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen last = af;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen assert((first == 0) == (last == 0));

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (first == 0) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* No entries in the valid range, block everything */

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = seccomp_rule_add(

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen seccomp,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen SCMP_ACT_ERRNO(EPROTONOSUPPORT),

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen SCMP_SYS(socket),

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen 0);

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (r < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto finish;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen } else {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* Block everything below the first entry */

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = seccomp_rule_add(

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen seccomp,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen SCMP_ACT_ERRNO(EPROTONOSUPPORT),

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen SCMP_SYS(socket),

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen 1,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen SCMP_A0(SCMP_CMP_LT, first));

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (r < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto finish;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* Block everything above the last entry */

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = seccomp_rule_add(

dacd6cee76a08331b8c8616c5f30f70ee49aa2f9Lennart Poettering seccomp,

dacd6cee76a08331b8c8616c5f30f70ee49aa2f9Lennart Poettering SCMP_ACT_ERRNO(EPROTONOSUPPORT),

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen SCMP_SYS(socket),

dacd6cee76a08331b8c8616c5f30f70ee49aa2f9Lennart Poettering 1,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen SCMP_A0(SCMP_CMP_GT, last));

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (r < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto finish;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen /* Block everything between the first and last

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen for (af = 1; af < af_max(); af++) {

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (set_contains(c->address_families, INT_TO_PTR(af)))

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen continue;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen r = seccomp_rule_add(

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen seccomp,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen SCMP_ACT_ERRNO(EPROTONOSUPPORT),

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen SCMP_SYS(socket),

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen 1,

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen SCMP_A0(SCMP_CMP_EQ, af));

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen if (r < 0)

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen goto finish;

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

57fa1d094cd2c5ac68970526ad0a0754c548e75dTom Gundersen }

107f2e2526d476c6cc9b81a690391c111027d641Tom Gundersen

107f2e2526d476c6cc9b81a690391c111027d641Tom Gundersen } else {

107f2e2526d476c6cc9b81a690391c111027d641Tom Gundersen void *af;

107f2e2526d476c6cc9b81a690391c111027d641Tom Gundersen

107f2e2526d476c6cc9b81a690391c111027d641Tom Gundersen /* If this is a blacklist, then generate one rule for

SET_FOREACH(af, c->address_families, i) {

r = seccomp_rule_add(

seccomp,

SCMP_ACT_ERRNO(EPROTONOSUPPORT),

SCMP_SYS(socket),

1,

SCMP_A0(SCMP_CMP_EQ, PTR_TO_INT(af)));

if (r < 0)

goto finish;

}

}

r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);

if (r < 0)

goto finish;

r = seccomp_load(seccomp);

finish:

seccomp_release(seccomp);

return r;

}

#endif

static void do_idle_pipe_dance(int idle_pipe[4]) {

assert(idle_pipe);

safe_close(idle_pipe[1]);

safe_close(idle_pipe[2]);

if (idle_pipe[0] >= 0) {

int r;

r = fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT_USEC);

if (idle_pipe[3] >= 0 && r == 0 /* timeout */) {

/* Signal systemd that we are bored and want to continue. */

r = write(idle_pipe[3], "x", 1);

if (r > 0)

/* Wait for systemd to react to the signal above. */

fd_wait_for_event(idle_pipe[0], POLLHUP, IDLE_TIMEOUT2_USEC);

}

safe_close(idle_pipe[0]);

}

safe_close(idle_pipe[3]);

}

static int build_environment(

const ExecContext *c,

unsigned n_fds,

usec_t watchdog_usec,

const char *home,

const char *username,

const char *shell,

char ***ret) {

_cleanup_strv_free_ char **our_env = NULL;

unsigned n_env = 0;

char *x;

assert(c);

assert(ret);

our_env = new0(char*, 10);

if (!our_env)

return -ENOMEM;

if (n_fds > 0) {

if (asprintf(&x, "LISTEN_PID="PID_FMT, getpid()) < 0)

return -ENOMEM;

our_env[n_env++] = x;

if (asprintf(&x, "LISTEN_FDS=%u", n_fds) < 0)

return -ENOMEM;

our_env[n_env++] = x;

}

if (watchdog_usec > 0) {

if (asprintf(&x, "WATCHDOG_PID="PID_FMT, getpid()) < 0)

return -ENOMEM;

our_env[n_env++] = x;

if (asprintf(&x, "WATCHDOG_USEC="USEC_FMT, watchdog_usec) < 0)

return -ENOMEM;

our_env[n_env++] = x;

}

if (home) {

x = strappend("HOME=", home);

if (!x)

return -ENOMEM;

our_env[n_env++] = x;

}

if (username) {

x = strappend("LOGNAME=", username);

if (!x)

return -ENOMEM;

our_env[n_env++] = x;

x = strappend("USER=", username);

if (!x)

return -ENOMEM;

our_env[n_env++] = x;

}

if (shell) {

x = strappend("SHELL=", shell);

if (!x)

return -ENOMEM;

our_env[n_env++] = x;

}

if (is_terminal_input(c->std_input) ||

c->std_output == EXEC_OUTPUT_TTY ||

c->std_error == EXEC_OUTPUT_TTY ||

c->tty_path) {

x = strdup(default_term_for_tty(tty_path(c)));

if (!x)

return -ENOMEM;

our_env[n_env++] = x;

}

our_env[n_env++] = NULL;

assert(n_env <= 10);

*ret = our_env;

our_env = NULL;

return 0;

}

static int exec_child(

ExecCommand *command,

const ExecContext *context,

const ExecParameters *params,

ExecRuntime *runtime,

char **argv,

int socket_fd,

int *fds, unsigned n_fds,

char **files_env,

int *exit_status) {

_cleanup_strv_free_ char **our_env = NULL, **pam_env = NULL, **final_env = NULL, **final_argv = NULL;

_cleanup_free_ char *mac_selinux_context_net = NULL;

const char *username = NULL, *home = NULL, *shell = NULL;

unsigned n_dont_close = 0;

int dont_close[n_fds + 4];

uid_t uid = UID_INVALID;

gid_t gid = GID_INVALID;

int i, r;

assert(command);

assert(context);

assert(params);

assert(exit_status);

rename_process_from_path(command->path);

/* We reset exactly these signals, since they are the

default_signals(SIGNALS_CRASH_HANDLER,

SIGNALS_IGNORE, -1);

if (context->ignore_sigpipe)

ignore_signals(SIGPIPE, -1);

r = reset_signal_mask();

if (r < 0) {

*exit_status = EXIT_SIGNAL_MASK;

return r;

}

if (params->idle_pipe)

do_idle_pipe_dance(params->idle_pipe);

/* Close sockets very early to make sure we don't

log_forget_fds();

if (socket_fd >= 0)

dont_close[n_dont_close++] = socket_fd;

if (n_fds > 0) {

memcpy(dont_close + n_dont_close, fds, sizeof(int) * n_fds);

n_dont_close += n_fds;

}

if (params->bus_endpoint_fd >= 0)

dont_close[n_dont_close++] = params->bus_endpoint_fd;

if (runtime) {

if (runtime->netns_storage_socket[0] >= 0)

dont_close[n_dont_close++] = runtime->netns_storage_socket[0];

if (runtime->netns_storage_socket[1] >= 0)

dont_close[n_dont_close++] = runtime->netns_storage_socket[1];

}

r = close_all_fds(dont_close, n_dont_close);

if (r < 0) {

*exit_status = EXIT_FDS;

return r;

}

if (!context->same_pgrp)

if (setsid() < 0) {

*exit_status = EXIT_SETSID;

return -errno;

}

exec_context_tty_reset(context);

if (params->confirm_spawn) {

char response;

r = ask_for_confirmation(&response, argv);

if (r == -ETIMEDOUT)

write_confirm_message("Confirmation question timed out, assuming positive response.\n");

else if (r < 0)

write_confirm_message("Couldn't ask confirmation question, assuming positive response: %s\n", strerror(-r));

else if (response == 's') {

write_confirm_message("Skipping execution.\n");

*exit_status = EXIT_CONFIRM;

return -ECANCELED;

} else if (response == 'n') {

write_confirm_message("Failing execution.\n");

*exit_status = 0;

return 0;

}

}

if (context->user) {

username = context->user;

r = get_user_creds(&username, &uid, &gid, &home, &shell);

if (r < 0) {

*exit_status = EXIT_USER;

return r;

}

}

/* If a socket is connected to STDIN/STDOUT/STDERR, we

if (socket_fd >= 0)

fd_nonblock(socket_fd, false);

r = setup_input(context, socket_fd, params->apply_tty_stdin);

if (r < 0) {

*exit_status = EXIT_STDIN;

return r;

}

r = setup_output(context, STDOUT_FILENO, socket_fd, basename(command->path), params->unit_id, params->apply_tty_stdin, uid, gid);

if (r < 0) {

*exit_status = EXIT_STDOUT;

return r;

}

r = setup_output(context, STDERR_FILENO, socket_fd, basename(command->path), params->unit_id, params->apply_tty_stdin, uid, gid);

if (r < 0) {

*exit_status = EXIT_STDERR;

return r;

}

if (params->cgroup_path) {

r = cg_attach_everywhere(params->cgroup_supported, params->cgroup_path, 0, NULL, NULL);

if (r < 0) {