main.c revision 3f6fd1ba65f962702753c4ad284b588e59689a23
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen/***
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen This file is part of systemd.
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen Copyright 2010 Lennart Poettering
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen systemd is free software; you can redistribute it and/or modify it
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen under the terms of the GNU Lesser General Public License as published by
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen the Free Software Foundation; either version 2.1 of the License, or
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen (at your option) any later version.
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen systemd is distributed in the hope that it will be useful, but
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen WITHOUT ANY WARRANTY; without even the implied warranty of
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen Lesser General Public License for more details.
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen You should have received a copy of the GNU Lesser General Public License
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen along with systemd; If not, see <http://www.gnu.org/licenses/>.
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen***/
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen#include <errno.h>
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen#include <fcntl.h>
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen#include <getopt.h>
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen#include <signal.h>
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen#include <stdio.h>
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen#include <string.h>
1346b1f0388f4100bb3c2a2bb23bc881769c020cTom Gundersen#include <sys/mount.h>
f5be560181d092c5f52a2b819aedcd48220f36abTom Gundersen#include <sys/prctl.h>
5c1d3fc93d91384bbac29adf01074fa4375317eaUmut Tezduyar Lindskog#include <sys/stat.h>
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen#include <unistd.h>
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen#ifdef HAVE_SECCOMP
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen#include <seccomp.h>
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen#endif
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen#ifdef HAVE_VALGRIND_VALGRIND_H
06f021a8048583d66202e3ac5cd0a12386d33ac2Tom Gundersen#include <valgrind/valgrind.h>
2cc412b59353576cece2d5b30c6a39c70552f0a0Tom Gundersen#endif
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen
aba496a58acf9d9c61314de71353550e579f85eeUmut Tezduyar Lindskog#include "sd-daemon.h"
aba496a58acf9d9c61314de71353550e579f85eeUmut Tezduyar Lindskog#include "sd-bus.h"
1a436809498faf6486815baa0338fb6b8e5def07Tom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen#include "architecture.h"
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen#include "build.h"
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen#include "bus-error.h"
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen#include "bus-util.h"
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen#include "capability.h"
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen#include "clock-util.h"
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen#include "conf-parser.h"
02b59d57e0c08231645120077f651151f5bb2babTom Gundersen#include "dbus-manager.h"
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen#include "def.h"
02b59d57e0c08231645120077f651151f5bb2babTom Gundersen#include "env-util.h"
02b59d57e0c08231645120077f651151f5bb2babTom Gundersen#include "fdset.h"
02b59d57e0c08231645120077f651151f5bb2babTom Gundersen#include "fileio.h"
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen#include "formats-util.h"
02b59d57e0c08231645120077f651151f5bb2babTom Gundersen#include "hostname-setup.h"
02b59d57e0c08231645120077f651151f5bb2babTom Gundersen#include "ima-setup.h"
fe6b2d55bcb379d01664ed28cea40634cb6b52e3Tom Gundersen#include "killall.h"
fe6b2d55bcb379d01664ed28cea40634cb6b52e3Tom Gundersen#include "kmod-setup.h"
fe6b2d55bcb379d01664ed28cea40634cb6b52e3Tom Gundersen#include "load-fragment.h"
fe6b2d55bcb379d01664ed28cea40634cb6b52e3Tom Gundersen#include "log.h"
fe6b2d55bcb379d01664ed28cea40634cb6b52e3Tom Gundersen#include "loopback-setup.h"
fe6b2d55bcb379d01664ed28cea40634cb6b52e3Tom Gundersen#include "machine-id-setup.h"
fe6b2d55bcb379d01664ed28cea40634cb6b52e3Tom Gundersen#include "manager.h"
fe6b2d55bcb379d01664ed28cea40634cb6b52e3Tom Gundersen#include "missing.h"
fe6b2d55bcb379d01664ed28cea40634cb6b52e3Tom Gundersen#include "mount-setup.h"
1a436809498faf6486815baa0338fb6b8e5def07Tom Gundersen#include "pager.h"
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen#include "process-util.h"
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen#include "selinux-setup.h"
54abf461d6b10dc270c4bb2aeac65f240ff1c5cdTom Gundersen#include "selinux-util.h"
fe6b2d55bcb379d01664ed28cea40634cb6b52e3Tom Gundersen#include "signal-util.h"
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen#include "smack-setup.h"
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen#include "special.h"
1a436809498faf6486815baa0338fb6b8e5def07Tom Gundersen#include "strv.h"
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen#include "switch-root.h"
1a436809498faf6486815baa0338fb6b8e5def07Tom Gundersen#include "terminal-util.h"
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen#include "virt.h"
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen#include "watchdog.h"
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen
52433f6b65eccd1c54606dde999610640f3458acTom Gundersenstatic enum {
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen ACTION_RUN,
1a436809498faf6486815baa0338fb6b8e5def07Tom Gundersen ACTION_HELP,
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen ACTION_VERSION,
1a436809498faf6486815baa0338fb6b8e5def07Tom Gundersen ACTION_TEST,
02b59d57e0c08231645120077f651151f5bb2babTom Gundersen ACTION_DUMP_CONFIGURATION_ITEMS,
02b59d57e0c08231645120077f651151f5bb2babTom Gundersen ACTION_DONE
02b59d57e0c08231645120077f651151f5bb2babTom Gundersen} arg_action = ACTION_RUN;
02b59d57e0c08231645120077f651151f5bb2babTom Gundersenstatic char *arg_default_unit = NULL;
edbb03e95a3c31bf719d5c6c46eec14d0bcb9c8fTom Gundersenstatic ManagerRunningAs arg_running_as = _MANAGER_RUNNING_AS_INVALID;
edbb03e95a3c31bf719d5c6c46eec14d0bcb9c8fTom Gundersenstatic bool arg_dump_core = true;
edbb03e95a3c31bf719d5c6c46eec14d0bcb9c8fTom Gundersenstatic bool arg_crash_shell = false;
edbb03e95a3c31bf719d5c6c46eec14d0bcb9c8fTom Gundersenstatic int arg_crash_chvt = -1;
c0dda18697e0994272c0c9616d36f6777b60e2c7Tom Gundersenstatic bool arg_confirm_spawn = false;
02b59d57e0c08231645120077f651151f5bb2babTom Gundersenstatic ShowStatus arg_show_status = _SHOW_STATUS_UNSET;
02b59d57e0c08231645120077f651151f5bb2babTom Gundersenstatic bool arg_switched_root = false;
1a436809498faf6486815baa0338fb6b8e5def07Tom Gundersenstatic int arg_no_pager = -1;
02b59d57e0c08231645120077f651151f5bb2babTom Gundersenstatic char ***arg_join_controllers = NULL;
672682a6b9d6fb6a3722c3fea1a93b4831747b54Tom Gundersenstatic ExecOutput arg_default_std_output = EXEC_OUTPUT_JOURNAL;
fe6b2d55bcb379d01664ed28cea40634cb6b52e3Tom Gundersenstatic ExecOutput arg_default_std_error = EXEC_OUTPUT_INHERIT;
54abf461d6b10dc270c4bb2aeac65f240ff1c5cdTom Gundersenstatic usec_t arg_default_restart_usec = DEFAULT_RESTART_USEC;
50add2909c2e4b13a04d285b058b1c2270137656Tom Gundersenstatic usec_t arg_default_timeout_start_usec = DEFAULT_TIMEOUT_USEC;
1a436809498faf6486815baa0338fb6b8e5def07Tom Gundersenstatic usec_t arg_default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC;
02b59d57e0c08231645120077f651151f5bb2babTom Gundersenstatic usec_t arg_default_start_limit_interval = DEFAULT_START_LIMIT_INTERVAL;
52433f6b65eccd1c54606dde999610640f3458acTom Gundersenstatic unsigned arg_default_start_limit_burst = DEFAULT_START_LIMIT_BURST;
02b59d57e0c08231645120077f651151f5bb2babTom Gundersenstatic usec_t arg_runtime_watchdog = 0;
02b59d57e0c08231645120077f651151f5bb2babTom Gundersenstatic usec_t arg_shutdown_watchdog = 10 * USEC_PER_MINUTE;
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersenstatic char **arg_default_environment = NULL;
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersenstatic struct rlimit *arg_default_rlimit[_RLIMIT_MAX] = {};
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersenstatic uint64_t arg_capability_bounding_set_drop = 0;
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersenstatic nsec_t arg_timer_slack_nsec = NSEC_INFINITY;
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersenstatic usec_t arg_default_timer_accuracy_usec = 1 * USEC_PER_MINUTE;
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersenstatic Set* arg_syscall_archs = NULL;
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersenstatic FILE* arg_serialization = NULL;
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersenstatic bool arg_default_cpu_accounting = false;
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersenstatic bool arg_default_blockio_accounting = false;
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersenstatic bool arg_default_memory_accounting = false;
2cc412b59353576cece2d5b30c6a39c70552f0a0Tom Gundersenstatic bool arg_default_tasks_accounting = false;
2cc412b59353576cece2d5b30c6a39c70552f0a0Tom Gundersen
2cc412b59353576cece2d5b30c6a39c70552f0a0Tom Gundersenstatic void pager_open_if_enabled(void) {
edbb03e95a3c31bf719d5c6c46eec14d0bcb9c8fTom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen if (arg_no_pager <= 0)
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen return;
1a436809498faf6486815baa0338fb6b8e5def07Tom Gundersen
1a436809498faf6486815baa0338fb6b8e5def07Tom Gundersen pager_open(false);
672682a6b9d6fb6a3722c3fea1a93b4831747b54Tom Gundersen}
fe6b2d55bcb379d01664ed28cea40634cb6b52e3Tom Gundersen
f5be560181d092c5f52a2b819aedcd48220f36abTom Gundersennoreturn static void crash(int sig) {
5be4d38e31281727b6f45ae869136bb01a1f7790Tom Gundersen
4f882b2a5007e51032459e29d15a86df6b5ea9f4Tom Gundersen if (getpid() != 1)
1346b1f0388f4100bb3c2a2bb23bc881769c020cTom Gundersen /* Pass this on immediately, if this is not PID 1 */
039ebe6aebaebcaa18375b33caf1db5fe2551621Tom Gundersen (void) raise(sig);
eb27aeca247a4cf8816fffc4c0dbcab55ead3864Tom Gundersen else if (!arg_dump_core)
5c1d3fc93d91384bbac29adf01074fa4375317eaUmut Tezduyar Lindskog log_emergency("Caught <%s>, not dumping core.", signal_to_string(sig));
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen else {
f048a16b464295a4e0a4f4c1210f06343ad31231Tom Gundersen struct sigaction sa = {
f048a16b464295a4e0a4f4c1210f06343ad31231Tom Gundersen .sa_handler = nop_signal_handler,
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen .sa_flags = SA_NOCLDSTOP|SA_RESTART,
6ae115c1fe95611b39d2f20cfcea3d385429f59eTom Gundersen };
6ae115c1fe95611b39d2f20cfcea3d385429f59eTom Gundersen pid_t pid;
6ae115c1fe95611b39d2f20cfcea3d385429f59eTom Gundersen
06f021a8048583d66202e3ac5cd0a12386d33ac2Tom Gundersen /* We want to wait for the core process, hence let's enable SIGCHLD */
06f021a8048583d66202e3ac5cd0a12386d33ac2Tom Gundersen (void) sigaction(SIGCHLD, &sa, NULL);
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen pid = raw_clone(SIGCHLD, NULL);
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen if (pid < 0)
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen log_emergency_errno(errno, "Caught <%s>, cannot fork for core dump: %m", signal_to_string(sig));
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen else if (pid == 0) {
6ae115c1fe95611b39d2f20cfcea3d385429f59eTom Gundersen struct rlimit rl = {
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen .rlim_cur = RLIM_INFINITY,
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen .rlim_max = RLIM_INFINITY,
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen };
5c1d3fc93d91384bbac29adf01074fa4375317eaUmut Tezduyar Lindskog
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen /* Enable default signal handler for core dump */
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen sa = (struct sigaction) {
eb0ea358b688a6f83ff305c6b825c61f12b6dcb8Tom Gundersen .sa_handler = SIG_DFL,
aba496a58acf9d9c61314de71353550e579f85eeUmut Tezduyar Lindskog };
8cd11a0f0f4ca05199e1166f6a07472b296f7455Tom Gundersen (void) sigaction(sig, &sa, NULL);
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen /* Don't limit the core dump size */
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen (void) setrlimit(RLIMIT_CORE, &rl);
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen /* Just to be sure... */
f048a16b464295a4e0a4f4c1210f06343ad31231Tom Gundersen (void) chdir("/");
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen /* Raise the signal again */
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen pid = raw_getpid();
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen (void) kill(pid, sig); /* raise() would kill the parent */
6ae115c1fe95611b39d2f20cfcea3d385429f59eTom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen assert_not_reached("We shouldn't be here...");
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen _exit(EXIT_FAILURE);
6ae115c1fe95611b39d2f20cfcea3d385429f59eTom Gundersen } else {
5c1d3fc93d91384bbac29adf01074fa4375317eaUmut Tezduyar Lindskog siginfo_t status;
5c1d3fc93d91384bbac29adf01074fa4375317eaUmut Tezduyar Lindskog int r;
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen /* Order things nicely. */
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen r = wait_for_terminate(pid, &status);
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen if (r < 0)
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen log_emergency_errno(r, "Caught <%s>, waitpid() failed: %m", signal_to_string(sig));
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen else if (status.si_code != CLD_DUMPED)
6ae115c1fe95611b39d2f20cfcea3d385429f59eTom Gundersen log_emergency("Caught <%s>, core dump failed (child "PID_FMT", code=%s, status=%i/%s).",
6ae115c1fe95611b39d2f20cfcea3d385429f59eTom Gundersen signal_to_string(sig),
6ae115c1fe95611b39d2f20cfcea3d385429f59eTom Gundersen pid, sigchld_code_to_string(status.si_code),
6ae115c1fe95611b39d2f20cfcea3d385429f59eTom Gundersen status.si_status,
6ae115c1fe95611b39d2f20cfcea3d385429f59eTom Gundersen strna(status.si_code == CLD_EXITED
f048a16b464295a4e0a4f4c1210f06343ad31231Tom Gundersen ? exit_status_to_string(status.si_status, EXIT_STATUS_FULL)
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen : signal_to_string(status.si_status)));
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen else
f882c247ad59776c3a7753bb963c1f8e2386cb79Tom Gundersen log_emergency("Caught <%s>, dumped core as pid "PID_FMT".", signal_to_string(sig), pid);
505f8da7325591defe5f751f328bd26915267602Tom Gundersen }
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen }
ef1ba6065c6ccea94d4ee867f36df7bbc53a5224Tom Gundersen
ef1ba6065c6ccea94d4ee867f36df7bbc53a5224Tom Gundersen if (arg_crash_chvt)
f882c247ad59776c3a7753bb963c1f8e2386cb79Tom Gundersen (void) chvt(arg_crash_chvt);
57bd6899b35b84d1f23809133ae45d29a87b2eaaTom Gundersen
f882c247ad59776c3a7753bb963c1f8e2386cb79Tom Gundersen if (arg_crash_shell) {
f882c247ad59776c3a7753bb963c1f8e2386cb79Tom Gundersen struct sigaction sa = {
f882c247ad59776c3a7753bb963c1f8e2386cb79Tom Gundersen .sa_handler = SIG_IGN,
f882c247ad59776c3a7753bb963c1f8e2386cb79Tom Gundersen .sa_flags = SA_NOCLDSTOP|SA_NOCLDWAIT|SA_RESTART,
f882c247ad59776c3a7753bb963c1f8e2386cb79Tom Gundersen };
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen pid_t pid;
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen log_info("Executing crash shell in 10s...");
0617ffabe86a6d366252477eafbe59a888b149d4Tom Gundersen (void) sleep(10);
c166a070553511e402de5ad216d3fb62b49bdacbTom Gundersen
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen /* Let the kernel reap children for us */
8cd11a0f0f4ca05199e1166f6a07472b296f7455Tom Gundersen (void) sigaction(SIGCHLD, &sa, NULL);
b5db00e52ee2e20578839e4e4488f7b9af9abc38Umut Tezduyar Lindskog
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen pid = raw_clone(SIGCHLD, NULL);
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen if (pid < 0)
1e9be60bbabe179f5233217384f1daec757c17c7Tom Gundersen log_emergency_errno(errno, "Failed to fork off crash shell: %m");
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen else if (pid == 0) {
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen (void) make_console_stdio();
f882c247ad59776c3a7753bb963c1f8e2386cb79Tom Gundersen (void) execle("/bin/sh", "/bin/sh", NULL, environ);
f882c247ad59776c3a7753bb963c1f8e2386cb79Tom Gundersen
f882c247ad59776c3a7753bb963c1f8e2386cb79Tom Gundersen log_emergency_errno(errno, "execle() failed: %m");
f5be560181d092c5f52a2b819aedcd48220f36abTom Gundersen _exit(EXIT_FAILURE);
f5be560181d092c5f52a2b819aedcd48220f36abTom Gundersen } else
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen log_info("Successfully spawned crash shell as PID "PID_FMT".", pid);
f5be560181d092c5f52a2b819aedcd48220f36abTom Gundersen }
a6cc569e33a05b07550c6c7b4d67d83d868f8bc1Tom Gundersen
a6cc569e33a05b07550c6c7b4d67d83d868f8bc1Tom Gundersen log_emergency("Freezing execution.");
a6cc569e33a05b07550c6c7b4d67d83d868f8bc1Tom Gundersen freeze();
5c1d3fc93d91384bbac29adf01074fa4375317eaUmut Tezduyar Lindskog}
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersenstatic void install_crash_handler(void) {
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen static const struct sigaction sa = {
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen .sa_handler = crash,
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen .sa_flags = SA_NODEFER, /* So that we can raise the signal again from the signal handler */
1346b1f0388f4100bb3c2a2bb23bc881769c020cTom Gundersen };
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen int r;
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen /* We ignore the return value here, since, we don't mind if we
0c2f9b84698b25e6065b9febd21486669a13870fTom Gundersen * cannot set up a crash handler */
0c2f9b84698b25e6065b9febd21486669a13870fTom Gundersen r = sigaction_many(&sa, SIGNALS_CRASH_HANDLER, -1);
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen if (r < 0)
bbf7c04821a71fec67eaf0e7a34d17afc5913c13Tom Gundersen log_debug_errno(r, "I had trouble setting up the crash handler, ignoring: %m");
bbf7c04821a71fec67eaf0e7a34d17afc5913c13Tom Gundersen}
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen
52433f6b65eccd1c54606dde999610640f3458acTom Gundersenstatic int console_setup(void) {
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen _cleanup_close_ int tty_fd = -1;
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen int r;
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen tty_fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen if (tty_fd < 0)
2ad8416dd057e7e3185169609ca3006e7649f576Zbigniew Jędrzejewski-Szmek return log_error_errno(tty_fd, "Failed to open /dev/console: %m");
2ad8416dd057e7e3185169609ca3006e7649f576Zbigniew Jędrzejewski-Szmek
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen /* We don't want to force text mode. plymouth may be showing
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen * pictures already from initrd. */
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen r = reset_terminal_fd(tty_fd, false);
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen if (r < 0)
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen return log_error_errno(r, "Failed to reset /dev/console: %m");
02b59d57e0c08231645120077f651151f5bb2babTom Gundersen
02b59d57e0c08231645120077f651151f5bb2babTom Gundersen return 0;
02b59d57e0c08231645120077f651151f5bb2babTom Gundersen}
505f8da7325591defe5f751f328bd26915267602Tom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersenstatic int parse_proc_cmdline_item(const char *key, const char *value) {
f882c247ad59776c3a7753bb963c1f8e2386cb79Tom Gundersen
505f8da7325591defe5f751f328bd26915267602Tom Gundersen static const char * const rlmap[] = {
1346b1f0388f4100bb3c2a2bb23bc881769c020cTom Gundersen "emergency", SPECIAL_EMERGENCY_TARGET,
f882c247ad59776c3a7753bb963c1f8e2386cb79Tom Gundersen "-b", SPECIAL_EMERGENCY_TARGET,
3bef724f7e7f7eaca69881548b06e221b77d7031Tom Gundersen "rescue", SPECIAL_RESCUE_TARGET,
bbf7c04821a71fec67eaf0e7a34d17afc5913c13Tom Gundersen "single", SPECIAL_RESCUE_TARGET,
3bef724f7e7f7eaca69881548b06e221b77d7031Tom Gundersen "-s", SPECIAL_RESCUE_TARGET,
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen "s", SPECIAL_RESCUE_TARGET,
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen "S", SPECIAL_RESCUE_TARGET,
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen "1", SPECIAL_RESCUE_TARGET,
1a436809498faf6486815baa0338fb6b8e5def07Tom Gundersen "2", SPECIAL_MULTI_USER_TARGET,
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen "3", SPECIAL_MULTI_USER_TARGET,
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen "4", SPECIAL_MULTI_USER_TARGET,
02b59d57e0c08231645120077f651151f5bb2babTom Gundersen "5", SPECIAL_GRAPHICAL_TARGET,
1a436809498faf6486815baa0338fb6b8e5def07Tom Gundersen };
02b59d57e0c08231645120077f651151f5bb2babTom Gundersen int r;
1a436809498faf6486815baa0338fb6b8e5def07Tom Gundersen
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen assert(key);
02b59d57e0c08231645120077f651151f5bb2babTom Gundersen
1a436809498faf6486815baa0338fb6b8e5def07Tom Gundersen if (streq(key, "systemd.unit") && value) {
d39edfc72f9296078a18014627bf0a2543b60627Tom Gundersen
1a436809498faf6486815baa0338fb6b8e5def07Tom Gundersen if (!in_initrd())
02b59d57e0c08231645120077f651151f5bb2babTom Gundersen return free_and_strdup(&arg_default_unit, value);
1a436809498faf6486815baa0338fb6b8e5def07Tom Gundersen
1a436809498faf6486815baa0338fb6b8e5def07Tom Gundersen } else if (streq(key, "rd.systemd.unit") && value) {
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen
fe6b2d55bcb379d01664ed28cea40634cb6b52e3Tom Gundersen if (in_initrd())
fe6b2d55bcb379d01664ed28cea40634cb6b52e3Tom Gundersen return free_and_strdup(&arg_default_unit, value);
fe6b2d55bcb379d01664ed28cea40634cb6b52e3Tom Gundersen
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen } else if (streq(key, "systemd.dump_core") && value) {
02b59d57e0c08231645120077f651151f5bb2babTom Gundersen
fe6b2d55bcb379d01664ed28cea40634cb6b52e3Tom Gundersen r = parse_boolean(value);
fe6b2d55bcb379d01664ed28cea40634cb6b52e3Tom Gundersen if (r < 0)
c0dda18697e0994272c0c9616d36f6777b60e2c7Tom Gundersen log_warning("Failed to parse dump core switch %s. Ignoring.", value);
c0dda18697e0994272c0c9616d36f6777b60e2c7Tom Gundersen else
c0dda18697e0994272c0c9616d36f6777b60e2c7Tom Gundersen arg_dump_core = r;
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen } else if (streq(key, "systemd.crash_shell") && value) {
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen r = parse_boolean(value);
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen if (r < 0)
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen log_warning("Failed to parse crash shell switch %s. Ignoring.", value);
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen else
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen arg_crash_shell = r;
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen
505f8da7325591defe5f751f328bd26915267602Tom Gundersen } else if (streq(key, "systemd.crash_chvt") && value) {
505f8da7325591defe5f751f328bd26915267602Tom Gundersen
505f8da7325591defe5f751f328bd26915267602Tom Gundersen if (safe_atoi(value, &r) < 0)
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen log_warning("Failed to parse crash chvt switch %s. Ignoring.", value);
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen else
02b59d57e0c08231645120077f651151f5bb2babTom Gundersen arg_crash_chvt = r;
02b59d57e0c08231645120077f651151f5bb2babTom Gundersen
02b59d57e0c08231645120077f651151f5bb2babTom Gundersen } else if (streq(key, "systemd.confirm_spawn") && value) {
02b59d57e0c08231645120077f651151f5bb2babTom Gundersen
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen r = parse_boolean(value);
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen if (r < 0)
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen log_warning("Failed to parse confirm spawn switch %s. Ignoring.", value);
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen else
54abf461d6b10dc270c4bb2aeac65f240ff1c5cdTom Gundersen arg_confirm_spawn = r;
54abf461d6b10dc270c4bb2aeac65f240ff1c5cdTom Gundersen
54abf461d6b10dc270c4bb2aeac65f240ff1c5cdTom Gundersen } else if (streq(key, "systemd.show_status") && value) {
54abf461d6b10dc270c4bb2aeac65f240ff1c5cdTom Gundersen
fe6b2d55bcb379d01664ed28cea40634cb6b52e3Tom Gundersen r = parse_show_status(value, &arg_show_status);
fe6b2d55bcb379d01664ed28cea40634cb6b52e3Tom Gundersen if (r < 0)
fe6b2d55bcb379d01664ed28cea40634cb6b52e3Tom Gundersen log_warning("Failed to parse show status switch %s. Ignoring.", value);
fe6b2d55bcb379d01664ed28cea40634cb6b52e3Tom Gundersen
02b59d57e0c08231645120077f651151f5bb2babTom Gundersen } else if (streq(key, "systemd.default_standard_output") && value) {
c0dda18697e0994272c0c9616d36f6777b60e2c7Tom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen r = exec_output_from_string(value);
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen if (r < 0)
f048a16b464295a4e0a4f4c1210f06343ad31231Tom Gundersen log_warning("Failed to parse default standard output switch %s. Ignoring.", value);
f048a16b464295a4e0a4f4c1210f06343ad31231Tom Gundersen else
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen arg_default_std_output = r;
f882c247ad59776c3a7753bb963c1f8e2386cb79Tom Gundersen
5c1d3fc93d91384bbac29adf01074fa4375317eaUmut Tezduyar Lindskog } else if (streq(key, "systemd.default_standard_error") && value) {
5c1d3fc93d91384bbac29adf01074fa4375317eaUmut Tezduyar Lindskog
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen r = exec_output_from_string(value);
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen if (r < 0)
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen log_warning("Failed to parse default standard error switch %s. Ignoring.", value);
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen else
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen arg_default_std_error = r;
71a6151083d842b2f5bf04e50239f0bf85d34d2eTom Gundersen
71a6151083d842b2f5bf04e50239f0bf85d34d2eTom Gundersen } else if (streq(key, "systemd.setenv") && value) {
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen
6ae115c1fe95611b39d2f20cfcea3d385429f59eTom Gundersen if (env_assignment_is_valid(value)) {
6ae115c1fe95611b39d2f20cfcea3d385429f59eTom Gundersen char **env;
6ae115c1fe95611b39d2f20cfcea3d385429f59eTom Gundersen
6ae115c1fe95611b39d2f20cfcea3d385429f59eTom Gundersen env = strv_env_set(arg_default_environment, value);
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen if (env)
f048a16b464295a4e0a4f4c1210f06343ad31231Tom Gundersen arg_default_environment = env;
f048a16b464295a4e0a4f4c1210f06343ad31231Tom Gundersen else
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen log_warning_errno(ENOMEM, "Setting environment variable '%s' failed, ignoring: %m", value);
f882c247ad59776c3a7753bb963c1f8e2386cb79Tom Gundersen } else
aba496a58acf9d9c61314de71353550e579f85eeUmut Tezduyar Lindskog log_warning("Environment variable name '%s' is not valid. Ignoring.", value);
407fe036a24834203aca6c1eec7d74d9ad3e9ee0Tom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen } else if (streq(key, "quiet") && !value) {
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen if (arg_show_status == _SHOW_STATUS_UNSET)
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen arg_show_status = SHOW_STATUS_AUTO;
3bef724f7e7f7eaca69881548b06e221b77d7031Tom Gundersen
3bef724f7e7f7eaca69881548b06e221b77d7031Tom Gundersen } else if (streq(key, "debug") && !value) {
3bef724f7e7f7eaca69881548b06e221b77d7031Tom Gundersen
3bef724f7e7f7eaca69881548b06e221b77d7031Tom Gundersen /* Note that log_parse_environment() handles 'debug'
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen * too, and sets the log level to LOG_DEBUG. */
71a6151083d842b2f5bf04e50239f0bf85d34d2eTom Gundersen
71a6151083d842b2f5bf04e50239f0bf85d34d2eTom Gundersen if (detect_container() > 0)
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen log_set_target(LOG_TARGET_CONSOLE);
eb0ea358b688a6f83ff305c6b825c61f12b6dcb8Tom Gundersen
eb0ea358b688a6f83ff305c6b825c61f12b6dcb8Tom Gundersen } else if (!in_initrd() && !value) {
eb0ea358b688a6f83ff305c6b825c61f12b6dcb8Tom Gundersen unsigned i;
eb0ea358b688a6f83ff305c6b825c61f12b6dcb8Tom Gundersen
6ae115c1fe95611b39d2f20cfcea3d385429f59eTom Gundersen /* SysV compatibility */
6ae115c1fe95611b39d2f20cfcea3d385429f59eTom Gundersen for (i = 0; i < ELEMENTSOF(rlmap); i += 2)
6ae115c1fe95611b39d2f20cfcea3d385429f59eTom Gundersen if (streq(key, rlmap[i]))
6ae115c1fe95611b39d2f20cfcea3d385429f59eTom Gundersen return free_and_strdup(&arg_default_unit, rlmap[i+1]);
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen }
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen return 0;
11a7f22939d21558df919cab44b8fbe36ab5dae0Tom Gundersen}
505f8da7325591defe5f751f328bd26915267602Tom Gundersen
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen#define DEFINE_SETTER(name, func, descr) \
22936833e177d9e477e059ec2b4f4fa9213b4e19Tom Gundersen static int name(const char *unit, \
dd3efc0993b6e95ff04775e9125e2fc9d30fe261Tom Gundersen const char *filename, \
505f8da7325591defe5f751f328bd26915267602Tom Gundersen unsigned line, \
505f8da7325591defe5f751f328bd26915267602Tom Gundersen const char *section, \
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen unsigned section_line, \
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen const char *lvalue, \
bbf7c04821a71fec67eaf0e7a34d17afc5913c13Tom Gundersen int ltype, \
bbf7c04821a71fec67eaf0e7a34d17afc5913c13Tom Gundersen const char *rvalue, \
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen void *data, \
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen void *userdata) { \
fe8db0c5ee3365a2fc80ee7ebffa238f9a0a2ae2Tom Gundersen \
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen int r; \
f579559b3a14c1f1ef96c372e7626c4733e6ef7dTom Gundersen \
3333d748facc15f49935b6b793490ba0824976e6Zbigniew Jędrzejewski-Szmek assert(filename); \
3333d748facc15f49935b6b793490ba0824976e6Zbigniew Jędrzejewski-Szmek assert(lvalue); \
3333d748facc15f49935b6b793490ba0824976e6Zbigniew Jędrzejewski-Szmek assert(rvalue); \
39032b87779323a244dd89f4832949d462b2ac68Zbigniew Jędrzejewski-Szmek \
39032b87779323a244dd89f4832949d462b2ac68Zbigniew Jędrzejewski-Szmek r = func(rvalue); \
39032b87779323a244dd89f4832949d462b2ac68Zbigniew Jędrzejewski-Szmek if (r < 0) \
39032b87779323a244dd89f4832949d462b2ac68Zbigniew Jędrzejewski-Szmek log_syntax(unit, LOG_ERR, filename, line, r, \
39032b87779323a244dd89f4832949d462b2ac68Zbigniew Jędrzejewski-Szmek "Invalid " descr "'%s': %m", \
39032b87779323a244dd89f4832949d462b2ac68Zbigniew Jędrzejewski-Szmek rvalue); \
3333d748facc15f49935b6b793490ba0824976e6Zbigniew Jędrzejewski-Szmek \
3333d748facc15f49935b6b793490ba0824976e6Zbigniew Jędrzejewski-Szmek return 0; \
3333d748facc15f49935b6b793490ba0824976e6Zbigniew Jędrzejewski-Szmek }
3333d748facc15f49935b6b793490ba0824976e6Zbigniew Jędrzejewski-Szmek
3333d748facc15f49935b6b793490ba0824976e6Zbigniew Jędrzejewski-SzmekDEFINE_SETTER(config_parse_level2, log_set_max_level_from_string, "log level")
52433f6b65eccd1c54606dde999610640f3458acTom GundersenDEFINE_SETTER(config_parse_target, log_set_target_from_string, "target")
52433f6b65eccd1c54606dde999610640f3458acTom GundersenDEFINE_SETTER(config_parse_color, log_show_color_from_string, "color" )
52433f6b65eccd1c54606dde999610640f3458acTom GundersenDEFINE_SETTER(config_parse_location, log_show_location_from_string, "location")
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen
52433f6b65eccd1c54606dde999610640f3458acTom Gundersenstatic int config_parse_cpu_affinity2(
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen const char *unit,
3333d748facc15f49935b6b793490ba0824976e6Zbigniew Jędrzejewski-Szmek const char *filename,
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen unsigned line,
3333d748facc15f49935b6b793490ba0824976e6Zbigniew Jędrzejewski-Szmek const char *section,
52433f6b65eccd1c54606dde999610640f3458acTom Gundersen unsigned section_line,
628706137efbca8aaf753ccd063e5abf7e31aed5Zbigniew Jędrzejewski-Szmek const char *lvalue,
628706137efbca8aaf753ccd063e5abf7e31aed5Zbigniew Jędrzejewski-Szmek int ltype,
628706137efbca8aaf753ccd063e5abf7e31aed5Zbigniew Jędrzejewski-Szmek const char *rvalue,
628706137efbca8aaf753ccd063e5abf7e31aed5Zbigniew Jędrzejewski-Szmek void *data,
628706137efbca8aaf753ccd063e5abf7e31aed5Zbigniew Jędrzejewski-Szmek void *userdata) {
_cleanup_cpu_free_ cpu_set_t *c = NULL;
int ncpus;
ncpus = parse_cpu_set(rvalue, &c, unit, filename, line, lvalue);
if (ncpus < 0)
return ncpus;
if (sched_setaffinity(0, CPU_ALLOC_SIZE(ncpus), c) < 0)
log_warning("Failed to set CPU affinity: %m");
return 0;
}
static int config_parse_show_status(
const char* unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
int k;
ShowStatus *b = data;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
k = parse_show_status(rvalue, b);
if (k < 0) {
log_syntax(unit, LOG_ERR, filename, line, -k,
"Failed to parse show status setting, ignoring: %s", rvalue);
return 0;
}
return 0;
}
static int config_parse_join_controllers(const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
const char *whole_rvalue = rvalue;
unsigned n = 0;
assert(filename);
assert(lvalue);
assert(rvalue);
arg_join_controllers = strv_free_free(arg_join_controllers);
for (;;) {
_cleanup_free_ char *word = NULL;
char **l;
int r;
r = extract_first_word(&rvalue, &word, WHITESPACE, EXTRACT_QUOTES);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r, "Invalid value for %s: %s", lvalue, whole_rvalue);
return r;
}
if (r == 0)
break;
l = strv_split(word, ",");
if (!l)
return log_oom();
strv_uniq(l);
if (strv_length(l) <= 1) {
strv_free(l);
continue;
}
if (!arg_join_controllers) {
arg_join_controllers = new(char**, 2);
if (!arg_join_controllers) {
strv_free(l);
return log_oom();
}
arg_join_controllers[0] = l;
arg_join_controllers[1] = NULL;
n = 1;
} else {
char ***a;
char ***t;
t = new0(char**, n+2);
if (!t) {
strv_free(l);
return log_oom();
}
n = 0;
for (a = arg_join_controllers; *a; a++) {
if (strv_overlap(*a, l)) {
if (strv_extend_strv(&l, *a) < 0) {
strv_free(l);
strv_free_free(t);
return log_oom();
}
} else {
char **c;
c = strv_copy(*a);
if (!c) {
strv_free(l);
strv_free_free(t);
return log_oom();
}
t[n++] = c;
}
}
t[n++] = strv_uniq(l);
strv_free_free(arg_join_controllers);
arg_join_controllers = t;
}
}
if (!isempty(rvalue))
log_syntax(unit, LOG_ERR, filename, line, EINVAL,
"Trailing garbage, ignoring.");
return 0;
}
static int parse_config_file(void) {
const ConfigTableItem items[] = {
{ "Manager", "LogLevel", config_parse_level2, 0, NULL },
{ "Manager", "LogTarget", config_parse_target, 0, NULL },
{ "Manager", "LogColor", config_parse_color, 0, NULL },
{ "Manager", "LogLocation", config_parse_location, 0, NULL },
{ "Manager", "DumpCore", config_parse_bool, 0, &arg_dump_core },
{ "Manager", "CrashShell", config_parse_bool, 0, &arg_crash_shell },
{ "Manager", "ShowStatus", config_parse_show_status, 0, &arg_show_status },
{ "Manager", "CrashChVT", config_parse_int, 0, &arg_crash_chvt },
{ "Manager", "CPUAffinity", config_parse_cpu_affinity2, 0, NULL },
{ "Manager", "JoinControllers", config_parse_join_controllers, 0, &arg_join_controllers },
{ "Manager", "RuntimeWatchdogSec", config_parse_sec, 0, &arg_runtime_watchdog },
{ "Manager", "ShutdownWatchdogSec", config_parse_sec, 0, &arg_shutdown_watchdog },
{ "Manager", "CapabilityBoundingSet", config_parse_bounding_set, 0, &arg_capability_bounding_set_drop },
#ifdef HAVE_SECCOMP
{ "Manager", "SystemCallArchitectures", config_parse_syscall_archs, 0, &arg_syscall_archs },
#endif
{ "Manager", "TimerSlackNSec", config_parse_nsec, 0, &arg_timer_slack_nsec },
{ "Manager", "DefaultTimerAccuracySec", config_parse_sec, 0, &arg_default_timer_accuracy_usec },
{ "Manager", "DefaultStandardOutput", config_parse_output, 0, &arg_default_std_output },
{ "Manager", "DefaultStandardError", config_parse_output, 0, &arg_default_std_error },
{ "Manager", "DefaultTimeoutStartSec", config_parse_sec, 0, &arg_default_timeout_start_usec },
{ "Manager", "DefaultTimeoutStopSec", config_parse_sec, 0, &arg_default_timeout_stop_usec },
{ "Manager", "DefaultRestartSec", config_parse_sec, 0, &arg_default_restart_usec },
{ "Manager", "DefaultStartLimitInterval", config_parse_sec, 0, &arg_default_start_limit_interval },
{ "Manager", "DefaultStartLimitBurst", config_parse_unsigned, 0, &arg_default_start_limit_burst },
{ "Manager", "DefaultEnvironment", config_parse_environ, 0, &arg_default_environment },
{ "Manager", "DefaultLimitCPU", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_CPU] },
{ "Manager", "DefaultLimitFSIZE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_FSIZE] },
{ "Manager", "DefaultLimitDATA", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_DATA] },
{ "Manager", "DefaultLimitSTACK", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_STACK] },
{ "Manager", "DefaultLimitCORE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_CORE] },
{ "Manager", "DefaultLimitRSS", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_RSS] },
{ "Manager", "DefaultLimitNOFILE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_NOFILE] },
{ "Manager", "DefaultLimitAS", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_AS] },
{ "Manager", "DefaultLimitNPROC", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_NPROC] },
{ "Manager", "DefaultLimitMEMLOCK", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_MEMLOCK] },
{ "Manager", "DefaultLimitLOCKS", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_LOCKS] },
{ "Manager", "DefaultLimitSIGPENDING", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_SIGPENDING] },
{ "Manager", "DefaultLimitMSGQUEUE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_MSGQUEUE] },
{ "Manager", "DefaultLimitNICE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_NICE] },
{ "Manager", "DefaultLimitRTPRIO", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_RTPRIO] },
{ "Manager", "DefaultLimitRTTIME", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_RTTIME] },
{ "Manager", "DefaultCPUAccounting", config_parse_bool, 0, &arg_default_cpu_accounting },
{ "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_default_blockio_accounting },
{ "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_default_memory_accounting },
{ "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_default_tasks_accounting },
{}
};
const char *fn, *conf_dirs_nulstr;
fn = arg_running_as == MANAGER_SYSTEM ? PKGSYSCONFDIR "/system.conf" : PKGSYSCONFDIR "/user.conf";
conf_dirs_nulstr = arg_running_as == MANAGER_SYSTEM ? CONF_DIRS_NULSTR("systemd/system.conf") : CONF_DIRS_NULSTR("systemd/user.conf");
config_parse_many(fn, conf_dirs_nulstr, "Manager\0",
config_item_table_lookup, items, false, NULL);
return 0;
}
static void manager_set_defaults(Manager *m) {
assert(m);
m->default_timer_accuracy_usec = arg_default_timer_accuracy_usec;
m->default_std_output = arg_default_std_output;
m->default_std_error = arg_default_std_error;
m->default_timeout_start_usec = arg_default_timeout_start_usec;
m->default_timeout_stop_usec = arg_default_timeout_stop_usec;
m->default_restart_usec = arg_default_restart_usec;
m->default_start_limit_interval = arg_default_start_limit_interval;
m->default_start_limit_burst = arg_default_start_limit_burst;
m->default_cpu_accounting = arg_default_cpu_accounting;
m->default_blockio_accounting = arg_default_blockio_accounting;
m->default_memory_accounting = arg_default_memory_accounting;
m->default_tasks_accounting = arg_default_tasks_accounting;
manager_set_default_rlimits(m, arg_default_rlimit);
manager_environment_add(m, NULL, arg_default_environment);
}
static int parse_argv(int argc, char *argv[]) {
enum {
ARG_LOG_LEVEL = 0x100,
ARG_LOG_TARGET,
ARG_LOG_COLOR,
ARG_LOG_LOCATION,
ARG_UNIT,
ARG_SYSTEM,
ARG_USER,
ARG_TEST,
ARG_NO_PAGER,
ARG_VERSION,
ARG_DUMP_CONFIGURATION_ITEMS,
ARG_DUMP_CORE,
ARG_CRASH_SHELL,
ARG_CONFIRM_SPAWN,
ARG_SHOW_STATUS,
ARG_DESERIALIZE,
ARG_SWITCHED_ROOT,
ARG_DEFAULT_STD_OUTPUT,
ARG_DEFAULT_STD_ERROR
};
static const struct option options[] = {
{ "log-level", required_argument, NULL, ARG_LOG_LEVEL },
{ "log-target", required_argument, NULL, ARG_LOG_TARGET },
{ "log-color", optional_argument, NULL, ARG_LOG_COLOR },
{ "log-location", optional_argument, NULL, ARG_LOG_LOCATION },
{ "unit", required_argument, NULL, ARG_UNIT },
{ "system", no_argument, NULL, ARG_SYSTEM },
{ "user", no_argument, NULL, ARG_USER },
{ "test", no_argument, NULL, ARG_TEST },
{ "no-pager", no_argument, NULL, ARG_NO_PAGER },
{ "help", no_argument, NULL, 'h' },
{ "version", no_argument, NULL, ARG_VERSION },
{ "dump-configuration-items", no_argument, NULL, ARG_DUMP_CONFIGURATION_ITEMS },
{ "dump-core", optional_argument, NULL, ARG_DUMP_CORE },
{ "crash-shell", optional_argument, NULL, ARG_CRASH_SHELL },
{ "confirm-spawn", optional_argument, NULL, ARG_CONFIRM_SPAWN },
{ "show-status", optional_argument, NULL, ARG_SHOW_STATUS },
{ "deserialize", required_argument, NULL, ARG_DESERIALIZE },
{ "switched-root", no_argument, NULL, ARG_SWITCHED_ROOT },
{ "default-standard-output", required_argument, NULL, ARG_DEFAULT_STD_OUTPUT, },
{ "default-standard-error", required_argument, NULL, ARG_DEFAULT_STD_ERROR, },
{}
};
int c, r;
assert(argc >= 1);
assert(argv);
if (getpid() == 1)
opterr = 0;
while ((c = getopt_long(argc, argv, "hDbsz:", options, NULL)) >= 0)
switch (c) {
case ARG_LOG_LEVEL:
r = log_set_max_level_from_string(optarg);
if (r < 0) {
log_error("Failed to parse log level %s.", optarg);
return r;
}
break;
case ARG_LOG_TARGET:
r = log_set_target_from_string(optarg);
if (r < 0) {
log_error("Failed to parse log target %s.", optarg);
return r;
}
break;
case ARG_LOG_COLOR:
if (optarg) {
r = log_show_color_from_string(optarg);
if (r < 0) {
log_error("Failed to parse log color setting %s.", optarg);
return r;
}
} else
log_show_color(true);
break;
case ARG_LOG_LOCATION:
if (optarg) {
r = log_show_location_from_string(optarg);
if (r < 0) {
log_error("Failed to parse log location setting %s.", optarg);
return r;
}
} else
log_show_location(true);
break;
case ARG_DEFAULT_STD_OUTPUT:
r = exec_output_from_string(optarg);
if (r < 0) {
log_error("Failed to parse default standard output setting %s.", optarg);
return r;
} else
arg_default_std_output = r;
break;
case ARG_DEFAULT_STD_ERROR:
r = exec_output_from_string(optarg);
if (r < 0) {
log_error("Failed to parse default standard error output setting %s.", optarg);
return r;
} else
arg_default_std_error = r;
break;
case ARG_UNIT:
r = free_and_strdup(&arg_default_unit, optarg);
if (r < 0)
return log_error_errno(r, "Failed to set default unit %s: %m", optarg);
break;
case ARG_SYSTEM:
arg_running_as = MANAGER_SYSTEM;
break;
case ARG_USER:
arg_running_as = MANAGER_USER;
break;
case ARG_TEST:
arg_action = ACTION_TEST;
if (arg_no_pager < 0)
arg_no_pager = true;
break;
case ARG_NO_PAGER:
arg_no_pager = true;
break;
case ARG_VERSION:
arg_action = ACTION_VERSION;
break;
case ARG_DUMP_CONFIGURATION_ITEMS:
arg_action = ACTION_DUMP_CONFIGURATION_ITEMS;
break;
case ARG_DUMP_CORE:
r = optarg ? parse_boolean(optarg) : 1;
if (r < 0) {
log_error("Failed to parse dump core boolean %s.", optarg);
return r;
}
arg_dump_core = r;
break;
case ARG_CRASH_SHELL:
r = optarg ? parse_boolean(optarg) : 1;
if (r < 0) {
log_error("Failed to parse crash shell boolean %s.", optarg);
return r;
}
arg_crash_shell = r;
break;
case ARG_CONFIRM_SPAWN:
r = optarg ? parse_boolean(optarg) : 1;
if (r < 0) {
log_error("Failed to parse confirm spawn boolean %s.", optarg);
return r;
}
arg_confirm_spawn = r;
break;
case ARG_SHOW_STATUS:
if (optarg) {
r = parse_show_status(optarg, &arg_show_status);
if (r < 0) {
log_error("Failed to parse show status boolean %s.", optarg);
return r;
}
} else
arg_show_status = SHOW_STATUS_YES;
break;
case ARG_DESERIALIZE: {
int fd;
FILE *f;
r = safe_atoi(optarg, &fd);
if (r < 0 || fd < 0) {
log_error("Failed to parse deserialize option %s.", optarg);
return r < 0 ? r : -EINVAL;
}
fd_cloexec(fd, true);
f = fdopen(fd, "r");
if (!f)
return log_error_errno(errno, "Failed to open serialization fd: %m");
safe_fclose(arg_serialization);
arg_serialization = f;
break;
}
case ARG_SWITCHED_ROOT:
arg_switched_root = true;
break;
case 'h':
arg_action = ACTION_HELP;
if (arg_no_pager < 0)
arg_no_pager = true;
break;
case 'D':
log_set_max_level(LOG_DEBUG);
break;
case 'b':
case 's':
case 'z':
/* Just to eat away the sysvinit kernel
* cmdline args without getopt() error
* messages that we'll parse in
* parse_proc_cmdline_word() or ignore. */
case '?':
if (getpid() != 1)
return -EINVAL;
else
return 0;
default:
assert_not_reached("Unhandled option code.");
}
if (optind < argc && getpid() != 1) {
/* Hmm, when we aren't run as init system
* let's complain about excess arguments */
log_error("Excess arguments.");
return -EINVAL;
}
return 0;
}
static int help(void) {
printf("%s [OPTIONS...]\n\n"
"Starts up and maintains the system or user services.\n\n"
" -h --help Show this help\n"
" --test Determine startup sequence, dump it and exit\n"
" --no-pager Do not pipe output into a pager\n"
" --dump-configuration-items Dump understood unit configuration items\n"
" --unit=UNIT Set default unit\n"
" --system Run a system instance, even if PID != 1\n"
" --user Run a user instance\n"
" --dump-core[=0|1] Dump core on crash\n"
" --crash-shell[=0|1] Run shell on crash\n"
" --confirm-spawn[=0|1] Ask for confirmation when spawning processes\n"
" --show-status[=0|1] Show status updates on the console during bootup\n"
" --log-target=TARGET Set log target (console, journal, kmsg, journal-or-kmsg, null)\n"
" --log-level=LEVEL Set log level (debug, info, notice, warning, err, crit, alert, emerg)\n"
" --log-color[=0|1] Highlight important log messages\n"
" --log-location[=0|1] Include code location in log messages\n"
" --default-standard-output= Set default standard output for services\n"
" --default-standard-error= Set default standard error output for services\n",
program_invocation_short_name);
return 0;
}
static int prepare_reexecute(Manager *m, FILE **_f, FDSet **_fds, bool switching_root) {
_cleanup_fdset_free_ FDSet *fds = NULL;
_cleanup_fclose_ FILE *f = NULL;
int r;
assert(m);
assert(_f);
assert(_fds);
r = manager_open_serialization(m, &f);
if (r < 0)
return log_error_errno(r, "Failed to create serialization file: %m");
/* Make sure nothing is really destructed when we shut down */
m->n_reloading ++;
bus_manager_send_reloading(m, true);
fds = fdset_new();
if (!fds)
return log_oom();
r = manager_serialize(m, f, fds, switching_root);
if (r < 0)
return log_error_errno(r, "Failed to serialize state: %m");
if (fseeko(f, 0, SEEK_SET) == (off_t) -1)
return log_error_errno(errno, "Failed to rewind serialization fd: %m");
r = fd_cloexec(fileno(f), false);
if (r < 0)
return log_error_errno(r, "Failed to disable O_CLOEXEC for serialization: %m");
r = fdset_cloexec(fds, false);
if (r < 0)
return log_error_errno(r, "Failed to disable O_CLOEXEC for serialization fds: %m");
*_f = f;
*_fds = fds;
f = NULL;
fds = NULL;
return 0;
}
static int bump_rlimit_nofile(struct rlimit *saved_rlimit) {
struct rlimit nl;
int r;
assert(saved_rlimit);
/* Save the original RLIMIT_NOFILE so that we can reset it
* later when transitioning from the initrd to the main
* systemd or suchlike. */
if (getrlimit(RLIMIT_NOFILE, saved_rlimit) < 0)
return log_error_errno(errno, "Reading RLIMIT_NOFILE failed: %m");
/* Make sure forked processes get the default kernel setting */
if (!arg_default_rlimit[RLIMIT_NOFILE]) {
struct rlimit *rl;
rl = newdup(struct rlimit, saved_rlimit, 1);
if (!rl)
return log_oom();
arg_default_rlimit[RLIMIT_NOFILE] = rl;
}
/* Bump up the resource limit for ourselves substantially */
nl.rlim_cur = nl.rlim_max = 64*1024;
r = setrlimit_closest(RLIMIT_NOFILE, &nl);
if (r < 0)
return log_error_errno(r, "Setting RLIMIT_NOFILE failed: %m");
return 0;
}
static void test_mtab(void) {
static const char ok[] =
"/proc/self/mounts\0"
"/proc/mounts\0"
"../proc/self/mounts\0"
"../proc/mounts\0";
_cleanup_free_ char *p = NULL;
int r;
/* Check that /etc/mtab is a symlink to the right place or
* non-existing. But certainly not a file, or a symlink to
* some weird place... */
r = readlink_malloc("/etc/mtab", &p);
if (r == -ENOENT)
return;
if (r >= 0 && nulstr_contains(ok, p))
return;
log_error("/etc/mtab is not a symlink or not pointing to /proc/self/mounts. "
"This is not supported anymore. "
"Please make sure to replace this file by a symlink to avoid incorrect or misleading mount(8) output.");
freeze();
}
static void test_usr(void) {
/* Check that /usr is not a separate fs */
if (dir_is_empty("/usr") <= 0)
return;
log_warning("/usr appears to be on its own filesystem and is not already mounted. This is not a supported setup. "
"Some things will probably break (sometimes even silently) in mysterious ways. "
"Consult http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken for more information.");
}
static int initialize_join_controllers(void) {
/* By default, mount "cpu" + "cpuacct" together, and "net_cls"
* + "net_prio". We'd like to add "cpuset" to the mix, but
* "cpuset" doesn't really work for groups with no initialized
* attributes. */
arg_join_controllers = new(char**, 3);
if (!arg_join_controllers)
return -ENOMEM;
arg_join_controllers[0] = strv_new("cpu", "cpuacct", NULL);
if (!arg_join_controllers[0])
goto oom;
arg_join_controllers[1] = strv_new("net_cls", "net_prio", NULL);
if (!arg_join_controllers[1])
goto oom;
arg_join_controllers[2] = NULL;
return 0;
oom:
arg_join_controllers = strv_free_free(arg_join_controllers);
return -ENOMEM;
}
static int enforce_syscall_archs(Set *archs) {
#ifdef HAVE_SECCOMP
scmp_filter_ctx *seccomp;
Iterator i;
void *id;
int r;
seccomp = seccomp_init(SCMP_ACT_ALLOW);
if (!seccomp)
return log_oom();
SET_FOREACH(id, arg_syscall_archs, i) {
r = seccomp_arch_add(seccomp, PTR_TO_UINT32(id) - 1);
if (r == -EEXIST)
continue;
if (r < 0) {
log_error_errno(r, "Failed to add architecture to seccomp: %m");
goto finish;
}
}
r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);
if (r < 0) {
log_error_errno(r, "Failed to unset NO_NEW_PRIVS: %m");
goto finish;
}
r = seccomp_load(seccomp);
if (r < 0)
log_error_errno(r, "Failed to add install architecture seccomp: %m");
finish:
seccomp_release(seccomp);
return r;
#else
return 0;
#endif
}
static int status_welcome(void) {
_cleanup_free_ char *pretty_name = NULL, *ansi_color = NULL;
int r;
r = parse_env_file("/etc/os-release", NEWLINE,
"PRETTY_NAME", &pretty_name,
"ANSI_COLOR", &ansi_color,
NULL);
if (r == -ENOENT)
r = parse_env_file("/usr/lib/os-release", NEWLINE,
"PRETTY_NAME", &pretty_name,
"ANSI_COLOR", &ansi_color,
NULL);
if (r < 0 && r != -ENOENT)
log_warning_errno(r, "Failed to read os-release file: %m");
return status_printf(NULL, false, false,
"\nWelcome to \x1B[%sm%s\x1B[0m!\n",
isempty(ansi_color) ? "1" : ansi_color,
isempty(pretty_name) ? "Linux" : pretty_name);
}
static int write_container_id(void) {
const char *c;
c = getenv("container");
if (isempty(c))
return 0;
return write_string_file("/run/systemd/container", c, WRITE_STRING_FILE_CREATE);
}
int main(int argc, char *argv[]) {
Manager *m = NULL;
int r, retval = EXIT_FAILURE;
usec_t before_startup, after_startup;
char timespan[FORMAT_TIMESPAN_MAX];
FDSet *fds = NULL;
bool reexecute = false;
const char *shutdown_verb = NULL;
dual_timestamp initrd_timestamp = DUAL_TIMESTAMP_NULL;
dual_timestamp userspace_timestamp = DUAL_TIMESTAMP_NULL;
dual_timestamp kernel_timestamp = DUAL_TIMESTAMP_NULL;
dual_timestamp security_start_timestamp = DUAL_TIMESTAMP_NULL;
dual_timestamp security_finish_timestamp = DUAL_TIMESTAMP_NULL;
static char systemd[] = "systemd";
bool skip_setup = false;
unsigned j;
bool loaded_policy = false;
bool arm_reboot_watchdog = false;
bool queue_default_job = false;
bool empty_etc = false;
char *switch_root_dir = NULL, *switch_root_init = NULL;
struct rlimit saved_rlimit_nofile = RLIMIT_MAKE_CONST(0);
const char *error_message = NULL;
uint8_t shutdown_exit_code = 0;
#ifdef HAVE_SYSV_COMPAT
if (getpid() != 1 && strstr(program_invocation_short_name, "init")) {
/* This is compatibility support for SysV, where
* calling init as a user is identical to telinit. */
errno = -ENOENT;
execv(SYSTEMCTL_BINARY_PATH, argv);
log_error_errno(errno, "Failed to exec " SYSTEMCTL_BINARY_PATH ": %m");
return 1;
}
#endif
dual_timestamp_from_monotonic(&kernel_timestamp, 0);
dual_timestamp_get(&userspace_timestamp);
/* Determine if this is a reexecution or normal bootup. We do
* the full command line parsing much later, so let's just
* have a quick peek here. */
if (strv_find(argv+1, "--deserialize"))
skip_setup = true;
/* If we have switched root, do all the special setup
* things */
if (strv_find(argv+1, "--switched-root"))
skip_setup = false;
/* If we get started via the /sbin/init symlink then we are
called 'init'. After a subsequent reexecution we are then
called 'systemd'. That is confusing, hence let's call us
systemd right-away. */
program_invocation_short_name = systemd;
prctl(PR_SET_NAME, systemd);
saved_argv = argv;
saved_argc = argc;
log_show_color(isatty(STDERR_FILENO) > 0);
log_set_upgrade_syslog_to_journal(true);
/* Disable the umask logic */
if (getpid() == 1)
umask(0);
if (getpid() == 1 && detect_container() <= 0) {
/* Running outside of a container as PID 1 */
arg_running_as = MANAGER_SYSTEM;
make_null_stdio();
log_set_target(LOG_TARGET_KMSG);
log_open();
if (in_initrd())
initrd_timestamp = userspace_timestamp;
if (!skip_setup) {
mount_setup_early();
dual_timestamp_get(&security_start_timestamp);
if (mac_selinux_setup(&loaded_policy) < 0) {
error_message = "Failed to load SELinux policy";
goto finish;
} else if (ima_setup() < 0) {
error_message = "Failed to load IMA policy";
goto finish;
} else if (mac_smack_setup(&loaded_policy) < 0) {
error_message = "Failed to load SMACK policy";
goto finish;
}
dual_timestamp_get(&security_finish_timestamp);
}
if (mac_selinux_init(NULL) < 0) {
error_message = "Failed to initialize SELinux policy";
goto finish;
}
if (!skip_setup) {
if (clock_is_localtime() > 0) {
int min;
/*
* The very first call of settimeofday() also does a time warp in the kernel.
*
* In the rtc-in-local time mode, we set the kernel's timezone, and rely on
* external tools to take care of maintaining the RTC and do all adjustments.
* This matches the behavior of Windows, which leaves the RTC alone if the
* registry tells that the RTC runs in UTC.
*/
r = clock_set_timezone(&min);
if (r < 0)
log_error_errno(r, "Failed to apply local time delta, ignoring: %m");
else
log_info("RTC configured in localtime, applying delta of %i minutes to system time.", min);
} else if (!in_initrd()) {
/*
* Do a dummy very first call to seal the kernel's time warp magic.
*
* Do not call this this from inside the initrd. The initrd might not
* carry /etc/adjtime with LOCAL, but the real system could be set up
* that way. In such case, we need to delay the time-warp or the sealing
* until we reach the real system.
*
* Do no set the kernel's timezone. The concept of local time cannot
* be supported reliably, the time will jump or be incorrect at every daylight
* saving time change. All kernel local time concepts will be treated
* as UTC that way.
*/
clock_reset_timewarp();
}
}
/* Set the default for later on, but don't actually
* open the logs like this for now. Note that if we
* are transitioning from the initrd there might still
* be journal fd open, and we shouldn't attempt
* opening that before we parsed /proc/cmdline which
* might redirect output elsewhere. */
log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
} else if (getpid() == 1) {
/* Running inside a container, as PID 1 */
arg_running_as = MANAGER_SYSTEM;
log_set_target(LOG_TARGET_CONSOLE);
log_close_console(); /* force reopen of /dev/console */
log_open();
/* For the later on, see above... */
log_set_target(LOG_TARGET_JOURNAL);
/* clear the kernel timestamp,
* because we are in a container */
kernel_timestamp.monotonic = 0ULL;
kernel_timestamp.realtime = 0ULL;
} else {
/* Running as user instance */
arg_running_as = MANAGER_USER;
log_set_target(LOG_TARGET_AUTO);
log_open();
/* clear the kernel timestamp,
* because we are not PID 1 */
kernel_timestamp = DUAL_TIMESTAMP_NULL;
}
/* Initialize default unit */
r = free_and_strdup(&arg_default_unit, SPECIAL_DEFAULT_TARGET);
if (r < 0) {
log_emergency_errno(r, "Failed to set default unit %s: %m", SPECIAL_DEFAULT_TARGET);
error_message = "Failed to set default unit";
goto finish;
}
r = initialize_join_controllers();
if (r < 0) {
error_message = "Failed to initialize cgroup controllers";
goto finish;
}
/* Mount /proc, /sys and friends, so that /proc/cmdline and
* /proc/$PID/fd is available. */
if (getpid() == 1) {
/* Load the kernel modules early, so that we kdbus.ko is loaded before kdbusfs shall be mounted */
if (!skip_setup)
kmod_setup();
r = mount_setup(loaded_policy);
if (r < 0) {
error_message = "Failed to mount API filesystems";
goto finish;
}
}
/* Reset all signal handlers. */
(void) reset_all_signal_handlers();
(void) ignore_signals(SIGNALS_IGNORE, -1);
if (parse_config_file() < 0) {
error_message = "Failed to parse config file";
goto finish;
}
if (arg_running_as == MANAGER_SYSTEM) {
r = parse_proc_cmdline(parse_proc_cmdline_item);
if (r < 0)
log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
}
/* Note that this also parses bits from the kernel command
* line, including "debug". */
log_parse_environment();
if (parse_argv(argc, argv) < 0) {
error_message = "Failed to parse commandline arguments";
goto finish;
}
if (arg_action == ACTION_TEST &&
geteuid() == 0) {
log_error("Don't run test mode as root.");
goto finish;
}
if (arg_running_as == MANAGER_USER &&
arg_action == ACTION_RUN &&
sd_booted() <= 0) {
log_error("Trying to run as user instance, but the system has not been booted with systemd.");
goto finish;
}
if (arg_running_as == MANAGER_SYSTEM &&
arg_action == ACTION_RUN &&
running_in_chroot() > 0) {
log_error("Cannot be run in a chroot() environment.");
goto finish;
}
if (arg_action == ACTION_TEST)
skip_setup = true;
pager_open_if_enabled();
if (arg_action == ACTION_HELP) {
retval = help();
goto finish;
} else if (arg_action == ACTION_VERSION) {
retval = version();
goto finish;
} else if (arg_action == ACTION_DUMP_CONFIGURATION_ITEMS) {
unit_dump_config_items(stdout);
retval = EXIT_SUCCESS;
goto finish;
} else if (arg_action == ACTION_DONE) {
retval = EXIT_SUCCESS;
goto finish;
}
if (arg_running_as == MANAGER_USER &&
!getenv("XDG_RUNTIME_DIR")) {
log_error("Trying to run as user instance, but $XDG_RUNTIME_DIR is not set.");
goto finish;
}
assert_se(arg_action == ACTION_RUN || arg_action == ACTION_TEST);
/* Close logging fds, in order not to confuse fdset below */
log_close();
/* Remember open file descriptors for later deserialization */
r = fdset_new_fill(&fds);
if (r < 0) {
log_emergency_errno(r, "Failed to allocate fd set: %m");
error_message = "Failed to allocate fd set";
goto finish;
} else
fdset_cloexec(fds, true);
if (arg_serialization)
assert_se(fdset_remove(fds, fileno(arg_serialization)) >= 0);
if (arg_running_as == MANAGER_SYSTEM)
/* Become a session leader if we aren't one yet. */
setsid();
/* Move out of the way, so that we won't block unmounts */
assert_se(chdir("/") == 0);
/* Reset the console, but only if this is really init and we
* are freshly booted */
if (arg_running_as == MANAGER_SYSTEM && arg_action == ACTION_RUN) {
/* If we are init, we connect stdin/stdout/stderr to
* /dev/null and make sure we don't have a controlling
* tty. */
release_terminal();
if (getpid() == 1 && !skip_setup)
console_setup();
}
/* Open the logging devices, if possible and necessary */
log_open();
if (arg_show_status == _SHOW_STATUS_UNSET)
arg_show_status = SHOW_STATUS_YES;
/* Make sure we leave a core dump without panicing the
* kernel. */
if (getpid() == 1) {
install_crash_handler();
r = mount_cgroup_controllers(arg_join_controllers);
if (r < 0)
goto finish;
}
if (arg_running_as == MANAGER_SYSTEM) {
int v;
log_info(PACKAGE_STRING " running in %ssystem mode. (" SYSTEMD_FEATURES ")",
arg_action == ACTION_TEST ? "test " : "" );
v = detect_virtualization();
if (v > 0)
log_info("Detected virtualization %s.", virtualization_to_string(v));
write_container_id();
log_info("Detected architecture %s.", architecture_to_string(uname_architecture()));
if (in_initrd())
log_info("Running in initial RAM disk.");
/* Let's check whether /etc is already populated. We
* don't actually really check for that, but use
* /etc/machine-id as flag file. This allows container
* managers and installers to provision a couple of
* files already. If the container manager wants to
* provision the machine ID itself it should pass
* $container_uuid to PID 1. */
empty_etc = access("/etc/machine-id", F_OK) < 0;
if (empty_etc)
log_info("Running with unpopulated /etc.");
} else {
_cleanup_free_ char *t;
t = uid_to_name(getuid());
log_debug(PACKAGE_STRING " running in %suser mode for user "UID_FMT"/%s. (" SYSTEMD_FEATURES ")",
arg_action == ACTION_TEST ? " test" : "", getuid(), t);
}
if (arg_running_as == MANAGER_SYSTEM && !skip_setup) {
if (arg_show_status > 0)
status_welcome();
hostname_setup();
machine_id_setup(NULL);
loopback_setup();
test_mtab();
test_usr();
}
if (arg_running_as == MANAGER_SYSTEM && arg_runtime_watchdog > 0)
watchdog_set_timeout(&arg_runtime_watchdog);
if (arg_timer_slack_nsec != NSEC_INFINITY)
if (prctl(PR_SET_TIMERSLACK, arg_timer_slack_nsec) < 0)
log_error_errno(errno, "Failed to adjust timer slack: %m");
if (arg_capability_bounding_set_drop) {
r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop);
if (r < 0) {
log_emergency_errno(r, "Failed to drop capability bounding set of usermode helpers: %m");
error_message = "Failed to drop capability bounding set of usermode helpers";
goto finish;
}
r = capability_bounding_set_drop(arg_capability_bounding_set_drop, true);
if (r < 0) {
log_emergency_errno(r, "Failed to drop capability bounding set: %m");
error_message = "Failed to drop capability bounding set";
goto finish;
}
}
if (arg_syscall_archs) {
r = enforce_syscall_archs(arg_syscall_archs);
if (r < 0) {
error_message = "Failed to set syscall architectures";
goto finish;
}
}
if (arg_running_as == MANAGER_USER)
/* Become reaper of our children */
if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0)
log_warning_errno(errno, "Failed to make us a subreaper: %m");
if (arg_running_as == MANAGER_SYSTEM) {
bump_rlimit_nofile(&saved_rlimit_nofile);
if (empty_etc) {
r = unit_file_preset_all(UNIT_FILE_SYSTEM, false, NULL, UNIT_FILE_PRESET_ENABLE_ONLY, false, NULL, 0);
if (r < 0)
log_warning_errno(r, "Failed to populate /etc with preset unit settings, ignoring: %m");
else
log_info("Populated /etc with preset unit settings.");
}
}
r = manager_new(arg_running_as, arg_action == ACTION_TEST, &m);
if (r < 0) {
log_emergency_errno(r, "Failed to allocate manager object: %m");
error_message = "Failed to allocate manager object";
goto finish;
}
m->confirm_spawn = arg_confirm_spawn;
m->runtime_watchdog = arg_runtime_watchdog;
m->shutdown_watchdog = arg_shutdown_watchdog;
m->userspace_timestamp = userspace_timestamp;
m->kernel_timestamp = kernel_timestamp;
m->initrd_timestamp = initrd_timestamp;
m->security_start_timestamp = security_start_timestamp;
m->security_finish_timestamp = security_finish_timestamp;
manager_set_defaults(m);
manager_set_show_status(m, arg_show_status);
manager_set_first_boot(m, empty_etc);
/* Remember whether we should queue the default job */
queue_default_job = !arg_serialization || arg_switched_root;
before_startup = now(CLOCK_MONOTONIC);
r = manager_startup(m, arg_serialization, fds);
if (r < 0)
log_error_errno(r, "Failed to fully start up daemon: %m");
/* This will close all file descriptors that were opened, but
* not claimed by any unit. */
fds = fdset_free(fds);
arg_serialization = safe_fclose(arg_serialization);
if (queue_default_job) {
_cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
Unit *target = NULL;
Job *default_unit_job;
log_debug("Activating default unit: %s", arg_default_unit);
r = manager_load_unit(m, arg_default_unit, NULL, &error, &target);
if (r < 0)
log_error("Failed to load default target: %s", bus_error_message(&error, r));
else if (target->load_state == UNIT_ERROR || target->load_state == UNIT_NOT_FOUND)
log_error_errno(target->load_error, "Failed to load default target: %m");
else if (target->load_state == UNIT_MASKED)
log_error("Default target masked.");
if (!target || target->load_state != UNIT_LOADED) {
log_info("Trying to load rescue target...");
r = manager_load_unit(m, SPECIAL_RESCUE_TARGET, NULL, &error, &target);
if (r < 0) {
log_emergency("Failed to load rescue target: %s", bus_error_message(&error, r));
error_message = "Failed to load rescue target";
goto finish;
} else if (target->load_state == UNIT_ERROR || target->load_state == UNIT_NOT_FOUND) {
log_emergency_errno(target->load_error, "Failed to load rescue target: %m");
error_message = "Failed to load rescue target";
goto finish;
} else if (target->load_state == UNIT_MASKED) {
log_emergency("Rescue target masked.");
error_message = "Rescue target masked";
goto finish;
}
}
assert(target->load_state == UNIT_LOADED);
if (arg_action == ACTION_TEST) {
printf("-> By units:\n");
manager_dump_units(m, stdout, "\t");
}
r = manager_add_job(m, JOB_START, target, JOB_ISOLATE, false, &error, &default_unit_job);
if (r == -EPERM) {
log_debug("Default target could not be isolated, starting instead: %s", bus_error_message(&error, r));
r = manager_add_job(m, JOB_START, target, JOB_REPLACE, false, &error, &default_unit_job);
if (r < 0) {
log_emergency("Failed to start default target: %s", bus_error_message(&error, r));
error_message = "Failed to start default target";
goto finish;
}
} else if (r < 0) {
log_emergency("Failed to isolate default target: %s", bus_error_message(&error, r));
error_message = "Failed to isolate default target";
goto finish;
}
m->default_unit_job_id = default_unit_job->id;
after_startup = now(CLOCK_MONOTONIC);
log_full(arg_action == ACTION_TEST ? LOG_INFO : LOG_DEBUG,
"Loaded units and determined initial transaction in %s.",
format_timespan(timespan, sizeof(timespan), after_startup - before_startup, 100 * USEC_PER_MSEC));
if (arg_action == ACTION_TEST) {
printf("-> By jobs:\n");
manager_dump_jobs(m, stdout, "\t");
retval = EXIT_SUCCESS;
goto finish;
}
}
for (;;) {
r = manager_loop(m);
if (r < 0) {
log_emergency_errno(r, "Failed to run main loop: %m");
error_message = "Failed to run main loop";
goto finish;
}
switch (m->exit_code) {
case MANAGER_RELOAD:
log_info("Reloading.");
r = parse_config_file();
if (r < 0)
log_error("Failed to parse config file.");
manager_set_defaults(m);
r = manager_reload(m);
if (r < 0)
log_error_errno(r, "Failed to reload: %m");
break;
case MANAGER_REEXECUTE:
if (prepare_reexecute(m, &arg_serialization, &fds, false) < 0) {
error_message = "Failed to prepare for reexecution";
goto finish;
}
reexecute = true;
log_notice("Reexecuting.");
goto finish;
case MANAGER_SWITCH_ROOT:
/* Steal the switch root parameters */
switch_root_dir = m->switch_root;
switch_root_init = m->switch_root_init;
m->switch_root = m->switch_root_init = NULL;
if (!switch_root_init)
if (prepare_reexecute(m, &arg_serialization, &fds, true) < 0) {
error_message = "Failed to prepare for reexecution";
goto finish;
}
reexecute = true;
log_notice("Switching root.");
goto finish;
case MANAGER_EXIT:
if (m->running_as == MANAGER_USER) {
retval = EXIT_SUCCESS;
log_debug("Exit.");
goto finish;
}
/* fallthrough */
case MANAGER_REBOOT:
case MANAGER_POWEROFF:
case MANAGER_HALT:
case MANAGER_KEXEC: {
static const char * const table[_MANAGER_EXIT_CODE_MAX] = {
[MANAGER_EXIT] = "exit",
[MANAGER_REBOOT] = "reboot",
[MANAGER_POWEROFF] = "poweroff",
[MANAGER_HALT] = "halt",
[MANAGER_KEXEC] = "kexec"
};
assert_se(shutdown_verb = table[m->exit_code]);
arm_reboot_watchdog = m->exit_code == MANAGER_REBOOT;
log_notice("Shutting down.");
goto finish;
}
default:
assert_not_reached("Unknown exit code.");
}
}
finish:
pager_close();
if (m) {
arg_shutdown_watchdog = m->shutdown_watchdog;
shutdown_exit_code = m->return_value;
}
m = manager_free(m);
for (j = 0; j < ELEMENTSOF(arg_default_rlimit); j++)
arg_default_rlimit[j] = mfree(arg_default_rlimit[j]);
arg_default_unit = mfree(arg_default_unit);
arg_join_controllers = strv_free_free(arg_join_controllers);
arg_default_environment = strv_free(arg_default_environment);
arg_syscall_archs = set_free(arg_syscall_archs);
mac_selinux_finish();
if (reexecute) {
const char **args;
unsigned i, args_size;
/* Close and disarm the watchdog, so that the new
* instance can reinitialize it, but doesn't get
* rebooted while we do that */
watchdog_close(true);
/* Reset the RLIMIT_NOFILE to the kernel default, so
* that the new systemd can pass the kernel default to
* its child processes */
if (saved_rlimit_nofile.rlim_cur > 0)
(void) setrlimit(RLIMIT_NOFILE, &saved_rlimit_nofile);
if (switch_root_dir) {
/* Kill all remaining processes from the
* initrd, but don't wait for them, so that we
* can handle the SIGCHLD for them after
* deserializing. */
broadcast_signal(SIGTERM, false, true);
/* And switch root with MS_MOVE, because we remove the old directory afterwards and detach it. */
r = switch_root(switch_root_dir, "/mnt", true, MS_MOVE);
if (r < 0)
log_error_errno(r, "Failed to switch root, trying to continue: %m");
}
args_size = MAX(6, argc+1);
args = newa(const char*, args_size);
if (!switch_root_init) {
char sfd[DECIMAL_STR_MAX(int) + 1];
/* First try to spawn ourselves with the right
* path, and with full serialization. We do
* this only if the user didn't specify an
* explicit init to spawn. */
assert(arg_serialization);
assert(fds);
xsprintf(sfd, "%i", fileno(arg_serialization));
i = 0;
args[i++] = SYSTEMD_BINARY_PATH;
if (switch_root_dir)
args[i++] = "--switched-root";
args[i++] = arg_running_as == MANAGER_SYSTEM ? "--system" : "--user";
args[i++] = "--deserialize";
args[i++] = sfd;
args[i++] = NULL;
/* do not pass along the environment we inherit from the kernel or initrd */
if (switch_root_dir)
(void) clearenv();
assert(i <= args_size);
(void) execv(args[0], (char* const*) args);
}
/* Try the fallback, if there is any, without any
* serialization. We pass the original argv[] and
* envp[]. (Well, modulo the ordering changes due to
* getopt() in argv[], and some cleanups in envp[],
* but let's hope that doesn't matter.) */
arg_serialization = safe_fclose(arg_serialization);
fds = fdset_free(fds);
/* Reopen the console */
(void) make_console_stdio();
for (j = 1, i = 1; j < (unsigned) argc; j++)
args[i++] = argv[j];
args[i++] = NULL;
assert(i <= args_size);
/* Reenable any blocked signals, especially important
* if we switch from initial ramdisk to init=... */
(void) reset_all_signal_handlers();
(void) reset_signal_mask();
if (switch_root_init) {
args[0] = switch_root_init;
(void) execv(args[0], (char* const*) args);
log_warning_errno(errno, "Failed to execute configured init, trying fallback: %m");
}
args[0] = "/sbin/init";
(void) execv(args[0], (char* const*) args);
if (errno == ENOENT) {
log_warning("No /sbin/init, trying fallback");
args[0] = "/bin/sh";
args[1] = NULL;
(void) execv(args[0], (char* const*) args);
log_error_errno(errno, "Failed to execute /bin/sh, giving up: %m");
} else
log_warning_errno(errno, "Failed to execute /sbin/init, giving up: %m");
}
arg_serialization = safe_fclose(arg_serialization);
fds = fdset_free(fds);
#ifdef HAVE_VALGRIND_VALGRIND_H
/* If we are PID 1 and running under valgrind, then let's exit
* here explicitly. valgrind will only generate nice output on
* exit(), not on exec(), hence let's do the former not the
* latter here. */
if (getpid() == 1 && RUNNING_ON_VALGRIND)
return 0;
#endif
if (shutdown_verb) {
char log_level[DECIMAL_STR_MAX(int) + 1];
char exit_code[DECIMAL_STR_MAX(uint8_t) + 1];
const char* command_line[11] = {
SYSTEMD_SHUTDOWN_BINARY_PATH,
shutdown_verb,
"--log-level", log_level,
"--log-target",
};
unsigned pos = 5;
_cleanup_strv_free_ char **env_block = NULL;
assert(command_line[pos] == NULL);
env_block = strv_copy(environ);
xsprintf(log_level, "%d", log_get_max_level());
switch (log_get_target()) {
case LOG_TARGET_KMSG:
case LOG_TARGET_JOURNAL_OR_KMSG:
case LOG_TARGET_SYSLOG_OR_KMSG:
command_line[pos++] = "kmsg";
break;
case LOG_TARGET_NULL:
command_line[pos++] = "null";
break;
case LOG_TARGET_CONSOLE:
default:
command_line[pos++] = "console";
break;
};
if (log_get_show_color())
command_line[pos++] = "--log-color";
if (log_get_show_location())
command_line[pos++] = "--log-location";
if (streq(shutdown_verb, "exit")) {
command_line[pos++] = "--exit-code";
command_line[pos++] = exit_code;
xsprintf(exit_code, "%d", shutdown_exit_code);
}
assert(pos < ELEMENTSOF(command_line));
if (arm_reboot_watchdog && arg_shutdown_watchdog > 0) {
char *e;
/* If we reboot let's set the shutdown
* watchdog and tell the shutdown binary to
* repeatedly ping it */
r = watchdog_set_timeout(&arg_shutdown_watchdog);
watchdog_close(r < 0);
/* Tell the binary how often to ping, ignore failure */
if (asprintf(&e, "WATCHDOG_USEC="USEC_FMT, arg_shutdown_watchdog) > 0)
(void) strv_push(&env_block, e);
} else
watchdog_close(true);
/* Avoid the creation of new processes forked by the
* kernel; at this point, we will not listen to the
* signals anyway */
if (detect_container() <= 0)
(void) cg_uninstall_release_agent(SYSTEMD_CGROUP_CONTROLLER);
execve(SYSTEMD_SHUTDOWN_BINARY_PATH, (char **) command_line, env_block);
log_error_errno(errno, "Failed to execute shutdown binary, %s: %m",
getpid() == 1 ? "freezing" : "quitting");
}
if (getpid() == 1) {
if (error_message)
manager_status_printf(NULL, STATUS_TYPE_EMERGENCY,
ANSI_HIGHLIGHT_RED "!!!!!!" ANSI_NORMAL,
"%s, freezing.", error_message);
freeze();
}
return retval;
}