2818N/A

2818N/A

2818N/A#include <stdio.h>

5466N/A#include <errno.h>

2818N/A#include <string.h>

2818N/A#include <unistd.h>

2818N/A#include <sys/types.h>

2818N/A#include <sys/stat.h>

6444N/A#include <getopt.h>

2818N/A#include <signal.h>

2818N/A#include <sys/wait.h>

2818N/A#include <fcntl.h>

2818N/A#include <sys/prctl.h>

6444N/A#include <sys/mount.h>

2818N/A

3869N/A#ifdef HAVE_VALGRIND_VALGRIND_H

2818N/A#include <valgrind/valgrind.h>

2818N/A#endif

6444N/A

2899N/A#include "sd-daemon.h"

3817N/A#include "sd-messages.h"

3817N/A#include "sd-bus.h"

3817N/A#include "manager.h"

3817N/A#include "log.h"

2818N/A#include "load-fragment.h"

2818N/A#include "fdset.h"

2818N/A#include "special.h"

2818N/A#include "conf-parser.h"

2818N/A#include "missing.h"

2818N/A#include "label.h"

2818N/A#include "build.h"

4976N/A#include "strv.h"

2818N/A#include "def.h"

2818N/A#include "virt.h"

2818N/A#include "watchdog.h"

2818N/A#include "path-util.h"

2818N/A#include "switch-root.h"

2818N/A#include "capability.h"

2818N/A#include "killall.h"

2818N/A#include "env-util.h"

2818N/A#include "hwclock.h"

6901N/A#include "fileio.h"

6901N/A#include "dbus-manager.h"

6901N/A#include "bus-error.h"

2818N/A#include "bus-util.h"

2818N/A

2818N/A#include "mount-setup.h"

2818N/A#include "loopback-setup.h"

2818N/A#include "hostname-setup.h"

2818N/A#include "machine-id-setup.h"

2818N/A#include "selinux-setup.h"

2818N/A#include "ima-setup.h"

2818N/A#include "smack-setup.h"

2818N/A#ifdef HAVE_KMOD

2818N/A#include "kmod-setup.h"

2818N/A#endif

2818N/A

2818N/Astatic enum {

2818N/A ACTION_RUN,

2818N/A ACTION_HELP,

4302N/A ACTION_VERSION,

4302N/A ACTION_TEST,

5934N/A ACTION_DUMP_CONFIGURATION_ITEMS,

5934N/A ACTION_DONE

5934N/A} arg_action = ACTION_RUN;

5934N/Astatic char *arg_default_unit = NULL;

4302N/Astatic SystemdRunningAs arg_running_as = _SYSTEMD_RUNNING_AS_INVALID;

4302N/Astatic bool arg_dump_core = true;

3633N/Astatic bool arg_crash_shell = false;

3633N/Astatic int arg_crash_chvt = -1;

3633N/Astatic bool arg_confirm_spawn = false;

2818N/Astatic ShowStatus arg_show_status = SHOW_STATUS_UNSET;

2818N/Astatic bool arg_switched_root = false;

2818N/Astatic char ***arg_join_controllers = NULL;

2818N/Astatic ExecOutput arg_default_std_output = EXEC_OUTPUT_JOURNAL;

2818N/Astatic ExecOutput arg_default_std_error = EXEC_OUTPUT_INHERIT;

2818N/Astatic usec_t arg_default_restart_usec = DEFAULT_RESTART_USEC;

2818N/Astatic usec_t arg_default_timeout_start_usec = DEFAULT_TIMEOUT_USEC;

2818N/Astatic usec_t arg_default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC;

2818N/Astatic usec_t arg_default_start_limit_interval = DEFAULT_START_LIMIT_INTERVAL;

2818N/Astatic unsigned arg_default_start_limit_burst = DEFAULT_START_LIMIT_BURST;

2818N/Astatic usec_t arg_runtime_watchdog = 0;

2818N/Astatic usec_t arg_shutdown_watchdog = 10 * USEC_PER_MINUTE;

2818N/Astatic char **arg_default_environment = NULL;

2818N/Astatic struct rlimit *arg_default_rlimit[RLIMIT_NLIMITS] = {};

2818N/Astatic uint64_t arg_capability_bounding_set_drop = 0;

3693N/Astatic nsec_t arg_timer_slack_nsec = (nsec_t) -1;

3693N/Astatic Set* arg_syscall_archs = NULL;

3693N/Astatic FILE* arg_serialization = NULL;

3693N/A

3693N/Astatic void nop_handler(int sig) {}

3693N/A

3693N/Anoreturn static void crash(int sig) {

2818N/A

2818N/A if (getpid() != 1)

2818N/A /* Pass this on immediately, if this is not PID 1 */

2818N/A raise(sig);

2818N/A else if (!arg_dump_core)

2818N/A log_error("Caught <%s>, not dumping core.", signal_to_string(sig));

2818N/A else {

2818N/A struct sigaction sa = {

3251N/A .sa_handler = nop_handler,

2818N/A .sa_flags = SA_NOCLDSTOP|SA_RESTART,

2818N/A };

2818N/A pid_t pid;

2818N/A

2818N/A /* We want to wait for the core process, hence let's enable SIGCHLD */

2818N/A sigaction(SIGCHLD, &sa, NULL);

2818N/A

2818N/A pid = fork();

3693N/A if (pid < 0)

2818N/A log_error("Caught <%s>, cannot fork for core dump: %m", signal_to_string(sig));

2818N/A

2818N/A else if (pid == 0) {

2818N/A struct rlimit rl = {};

2818N/A

2818N/A /* Enable default signal handler for core dump */

2818N/A zero(sa);

2818N/A sa.sa_handler = SIG_DFL;

3497N/A sigaction(sig, &sa, NULL);

3497N/A

3497N/A /* Don't limit the core dump size */

3497N/A rl.rlim_cur = RLIM_INFINITY;

3497N/A rl.rlim_max = RLIM_INFINITY;

3497N/A setrlimit(RLIMIT_CORE, &rl);

3497N/A

3497N/A /* Just to be sure... */

3497N/A chdir("/");

3497N/A

3497N/A /* Raise the signal again */

3497N/A raise(sig);

3497N/A

3497N/A assert_not_reached("We shouldn't be here...");

3693N/A _exit(1);

3497N/A

3497N/A } else {

4828N/A siginfo_t status;

4828N/A int r;

3497N/A

3497N/A /* Order things nicely. */

3497N/A r = wait_for_terminate(pid, &status);

3497N/A if (r < 0)

4828N/A log_error("Caught <%s>, waitpid() failed: %s", signal_to_string(sig), strerror(-r));

4828N/A else if (status.si_code != CLD_DUMPED)

3497N/A log_error("Caught <%s>, core dump failed.", signal_to_string(sig));

2818N/A else

3477N/A log_error("Caught <%s>, dumped core as pid "PID_FMT".", signal_to_string(sig), pid);

2818N/A }

2818N/A }

2818N/A

2818N/A if (arg_crash_chvt)

2818N/A chvt(arg_crash_chvt);

2818N/A

2818N/A if (arg_crash_shell) {

2818N/A struct sigaction sa = {

2818N/A .sa_handler = SIG_IGN,

2818N/A .sa_flags = SA_NOCLDSTOP|SA_NOCLDWAIT|SA_RESTART,

2818N/A };

2818N/A pid_t pid;

2818N/A

3722N/A log_info("Executing crash shell in 10s...");

3722N/A sleep(10);

2818N/A

2818N/A /* Let the kernel reap children for us */

4089N/A assert_se(sigaction(SIGCHLD, &sa, NULL) == 0);

4089N/A

4089N/A pid = fork();

4089N/A if (pid < 0)

4089N/A log_error("Failed to fork off crash shell: %m");

2818N/A else if (pid == 0) {

3747N/A make_console_stdio();

3747N/A execl("/bin/sh", "/bin/sh", NULL);

3747N/A

3747N/A log_error("execl() failed: %m");

3747N/A _exit(1);

3747N/A }

3747N/A

2818N/A log_info("Successfully spawned crash shell as pid "PID_FMT".", pid);

4089N/A }

2818N/A

3817N/A log_info("Freezing execution.");

3817N/A freeze();

3817N/A}

3817N/A

3817N/Astatic void install_crash_handler(void) {

3817N/A struct sigaction sa = {

3817N/A .sa_handler = crash,

3817N/A .sa_flags = SA_NODEFER,

3817N/A };

3817N/A

3817N/A sigaction_many(&sa, SIGNALS_CRASH_HANDLER, -1);

3817N/A}

3817N/A

3817N/Astatic int console_setup(bool do_reset) {

int tty_fd, r;

/* If we are init, we connect stdin/stdout/stderr to /dev/null

release_terminal();

if (!do_reset)

return 0;

tty_fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);

if (tty_fd < 0) {

log_error("Failed to open /dev/console: %s", strerror(-tty_fd));

return -tty_fd;

}

/* We don't want to force text mode.

r = reset_terminal_fd(tty_fd, false);

if (r < 0)

log_error("Failed to reset /dev/console: %s", strerror(-r));

close_nointr_nofail(tty_fd);

return r;

}

static int set_default_unit(const char *u) {

char *c;

assert(u);

c = strdup(u);

if (!c)

return -ENOMEM;

free(arg_default_unit);

arg_default_unit = c;

return 0;

}

static int parse_proc_cmdline_word(const char *word) {

static const char * const rlmap[] = {

"emergency", SPECIAL_EMERGENCY_TARGET,

"-b", SPECIAL_EMERGENCY_TARGET,

"single", SPECIAL_RESCUE_TARGET,

"-s", SPECIAL_RESCUE_TARGET,

"s", SPECIAL_RESCUE_TARGET,

"S", SPECIAL_RESCUE_TARGET,

"1", SPECIAL_RESCUE_TARGET,

"2", SPECIAL_RUNLEVEL2_TARGET,

"3", SPECIAL_RUNLEVEL3_TARGET,

"4", SPECIAL_RUNLEVEL4_TARGET,

"5", SPECIAL_RUNLEVEL5_TARGET,

};

assert(word);

if (startswith(word, "systemd.unit=")) {

if (!in_initrd())

return set_default_unit(word + 13);

} else if (startswith(word, "rd.systemd.unit=")) {

if (in_initrd())

return set_default_unit(word + 16);

} else if (startswith(word, "systemd.log_target=")) {

if (log_set_target_from_string(word + 19) < 0)

log_warning("Failed to parse log target %s. Ignoring.", word + 19);

} else if (startswith(word, "systemd.log_level=")) {

if (log_set_max_level_from_string(word + 18) < 0)

log_warning("Failed to parse log level %s. Ignoring.", word + 18);

} else if (startswith(word, "systemd.log_color=")) {

if (log_show_color_from_string(word + 18) < 0)

log_warning("Failed to parse log color setting %s. Ignoring.", word + 18);

} else if (startswith(word, "systemd.log_location=")) {

if (log_show_location_from_string(word + 21) < 0)

log_warning("Failed to parse log location setting %s. Ignoring.", word + 21);

} else if (startswith(word, "systemd.dump_core=")) {

int r;

if ((r = parse_boolean(word + 18)) < 0)

log_warning("Failed to parse dump core switch %s. Ignoring.", word + 18);

else

arg_dump_core = r;

} else if (startswith(word, "systemd.crash_shell=")) {

int r;

if ((r = parse_boolean(word + 20)) < 0)

log_warning("Failed to parse crash shell switch %s. Ignoring.", word + 20);

else

arg_crash_shell = r;

} else if (startswith(word, "systemd.confirm_spawn=")) {

int r;

if ((r = parse_boolean(word + 22)) < 0)

log_warning("Failed to parse confirm spawn switch %s. Ignoring.", word + 22);

else

arg_confirm_spawn = r;

} else if (startswith(word, "systemd.crash_chvt=")) {

int k;

if (safe_atoi(word + 19, &k) < 0)

log_warning("Failed to parse crash chvt switch %s. Ignoring.", word + 19);

else

arg_crash_chvt = k;

} else if (startswith(word, "systemd.show_status=")) {

int r;

r = parse_show_status(word + 20, &arg_show_status);

if (r < 0)

log_warning("Failed to parse show status switch %s. Ignoring.", word + 20);

} else if (startswith(word, "systemd.default_standard_output=")) {

int r;

if ((r = exec_output_from_string(word + 32)) < 0)

log_warning("Failed to parse default standard output switch %s. Ignoring.", word + 32);

else

arg_default_std_output = r;

} else if (startswith(word, "systemd.default_standard_error=")) {

int r;

if ((r = exec_output_from_string(word + 31)) < 0)

log_warning("Failed to parse default standard error switch %s. Ignoring.", word + 31);

else

arg_default_std_error = r;

} else if (startswith(word, "systemd.setenv=")) {

_cleanup_free_ char *cenv = NULL;

cenv = strdup(word + 15);

if (!cenv)

return -ENOMEM;

if (env_assignment_is_valid(cenv)) {

char **env;

env = strv_env_set(arg_default_environment, cenv);

if (env)

arg_default_environment = env;

else

log_warning("Setting environment variable '%s' failed, ignoring: %m", cenv);

} else

log_warning("Environment variable name '%s' is not valid. Ignoring.", cenv);

} else if (startswith(word, "systemd.") ||

(in_initrd() && startswith(word, "rd.systemd."))) {

const char *c;

/* Ignore systemd.journald.xyz and friends */

c = word;

if (startswith(c, "rd."))

c += 3;

if (startswith(c, "systemd."))

c += 8;

if (c[strcspn(c, ".=")] != '.') {

log_warning("Unknown kernel switch %s. Ignoring.", word);

log_info("Supported kernel switches:\n"

"systemd.unit=UNIT Default unit to start\n"

"rd.systemd.unit=UNIT Default unit to start when run in initrd\n"

"systemd.dump_core=0|1 Dump core on crash\n"

"systemd.crash_shell=0|1 Run shell on crash\n"

"systemd.crash_chvt=N Change to VT #N on crash\n"

"systemd.confirm_spawn=0|1 Confirm every process spawn\n"

"systemd.show_status=0|1|auto Show status updates on the console during bootup\n"

"systemd.log_target=console|kmsg|journal|journal-or-kmsg|syslog|syslog-or-kmsg|null\n"

" Log target\n"

"systemd.log_level=LEVEL Log level\n"

"systemd.log_color=0|1 Highlight important log messages\n"

"systemd.log_location=0|1 Include code location in log messages\n"

"systemd.default_standard_output=null|tty|syslog|syslog+console|kmsg|kmsg+console|journal|journal+console\n"

" Set default log output for services\n"

"systemd.default_standard_error=null|tty|syslog|syslog+console|kmsg|kmsg+console|journal|journal+console\n"

" Set default log error output for services\n"

"systemd.setenv=ASSIGNMENT Set an environment variable for all spawned processes\n");

}

} else if (streq(word, "quiet")) {

if (arg_show_status == SHOW_STATUS_UNSET)

arg_show_status = SHOW_STATUS_AUTO;

} else if (streq(word, "debug")) {

/* Log to kmsg, the journal socket will fill up before the

log_set_max_level(LOG_DEBUG);

log_set_target(detect_container(NULL) > 0 ? LOG_TARGET_CONSOLE : LOG_TARGET_KMSG);

} else if (!in_initrd()) {

unsigned i;

/* SysV compatibility */

for (i = 0; i < ELEMENTSOF(rlmap); i += 2)

if (streq(word, rlmap[i]))

return set_default_unit(rlmap[i+1]);

}

return 0;

}

#define DEFINE_SETTER(name, func, descr) \

static int name(const char *unit, \

const char *filename, \

unsigned line, \

const char *section, \

unsigned section_line, \

const char *lvalue, \

int ltype, \

const char *rvalue, \

void *data, \

void *userdata) { \

\

int r; \

\

assert(filename); \

assert(lvalue); \

assert(rvalue); \

\

r = func(rvalue); \

if (r < 0) \

log_syntax(unit, LOG_ERR, filename, line, -r, \

"Invalid " descr "'%s': %s", \

rvalue, strerror(-r)); \

\

return 0; \

}

DEFINE_SETTER(config_parse_level2, log_set_max_level_from_string, "log level")

DEFINE_SETTER(config_parse_target, log_set_target_from_string, "target")

DEFINE_SETTER(config_parse_color, log_show_color_from_string, "color" )

DEFINE_SETTER(config_parse_location, log_show_location_from_string, "location")

static int config_parse_cpu_affinity2(const char *unit,

const char *filename,

unsigned line,

const char *section,

unsigned section_line,

const char *lvalue,

int ltype,

const char *rvalue,

void *data,

void *userdata) {

char *w;

size_t l;

char *state;

cpu_set_t *c = NULL;

unsigned ncpus = 0;

assert(filename);

assert(lvalue);

assert(rvalue);

FOREACH_WORD_QUOTED(w, l, rvalue, state) {

char *t;

int r;

unsigned cpu;

if (!(t = strndup(w, l)))

return log_oom();

r = safe_atou(t, &cpu);

free(t);

if (!c)

if (!(c = cpu_set_malloc(&ncpus)))

return log_oom();

if (r < 0 || cpu >= ncpus) {

log_syntax(unit, LOG_ERR, filename, line, -r,

"Failed to parse CPU affinity '%s'", rvalue);

CPU_FREE(c);

return -EBADMSG;

}

CPU_SET_S(cpu, CPU_ALLOC_SIZE(ncpus), c);

}

if (c) {

if (sched_setaffinity(0, CPU_ALLOC_SIZE(ncpus), c) < 0)

log_warning_unit(unit, "Failed to set CPU affinity: %m");

CPU_FREE(c);

}

return 0;

}

static void strv_free_free(char ***l) {

char ***i;

if (!l)

return;

for (i = l; *i; i++)

strv_free(*i);

free(l);

}

static void free_join_controllers(void) {

strv_free_free(arg_join_controllers);

arg_join_controllers = NULL;

}

static int config_parse_join_controllers(const char *unit,

const char *filename,

unsigned line,

const char *section,

unsigned section_line,

const char *lvalue,

int ltype,

const char *rvalue,

void *data,

void *userdata) {

unsigned n = 0;

char *state, *w;

size_t length;

assert(filename);

assert(lvalue);

assert(rvalue);

free_join_controllers();

FOREACH_WORD_QUOTED(w, length, rvalue, state) {

char *s, **l;

s = strndup(w, length);

if (!s)

return log_oom();

l = strv_split(s, ",");

free(s);

strv_uniq(l);

if (strv_length(l) <= 1) {

strv_free(l);

continue;

}

if (!arg_join_controllers) {

arg_join_controllers = new(char**, 2);

if (!arg_join_controllers) {

strv_free(l);

return log_oom();

}

arg_join_controllers[0] = l;

arg_join_controllers[1] = NULL;

n = 1;

} else {

char ***a;

char ***t;

t = new0(char**, n+2);

if (!t) {

strv_free(l);

return log_oom();

}

n = 0;

for (a = arg_join_controllers; *a; a++) {

if (strv_overlap(*a, l)) {

if (strv_extend_strv(&l, *a) < 0) {

strv_free(l);

strv_free_free(t);

return log_oom();

}

} else {

char **c;

c = strv_copy(*a);

if (!c) {

strv_free(l);

strv_free_free(t);

return log_oom();

}

t[n++] = c;

}

}

t[n++] = strv_uniq(l);

strv_free_free(arg_join_controllers);

arg_join_controllers = t;

}

}

return 0;

}

static int parse_config_file(void) {

const ConfigTableItem items[] = {

{ "Manager", "LogLevel", config_parse_level2, 0, NULL },

{ "Manager", "LogTarget", config_parse_target, 0, NULL },

{ "Manager", "LogColor", config_parse_color, 0, NULL },

{ "Manager", "LogLocation", config_parse_location, 0, NULL },

{ "Manager", "DumpCore", config_parse_bool, 0, &arg_dump_core },

{ "Manager", "CrashShell", config_parse_bool, 0, &arg_crash_shell },

{ "Manager", "ShowStatus", config_parse_show_status, 0, &arg_show_status },

{ "Manager", "CrashChVT", config_parse_int, 0, &arg_crash_chvt },

{ "Manager", "CPUAffinity", config_parse_cpu_affinity2, 0, NULL },

{ "Manager", "JoinControllers", config_parse_join_controllers, 0, &arg_join_controllers },

{ "Manager", "RuntimeWatchdogSec", config_parse_sec, 0, &arg_runtime_watchdog },

{ "Manager", "ShutdownWatchdogSec", config_parse_sec, 0, &arg_shutdown_watchdog },

{ "Manager", "CapabilityBoundingSet", config_parse_bounding_set, 0, &arg_capability_bounding_set_drop },

{ "Manager", "SystemCallArchitectures", config_parse_syscall_archs, 0, &arg_syscall_archs },

{ "Manager", "TimerSlackNSec", config_parse_nsec, 0, &arg_timer_slack_nsec },

{ "Manager", "DefaultStandardOutput", config_parse_output, 0, &arg_default_std_output },

{ "Manager", "DefaultStandardError", config_parse_output, 0, &arg_default_std_error },

{ "Manager", "DefaultTimeoutStartSec", config_parse_sec, 0, &arg_default_timeout_start_usec },

{ "Manager", "DefaultTimeoutStopSec", config_parse_sec, 0, &arg_default_timeout_stop_usec },

{ "Manager", "DefaultRestartSec", config_parse_sec, 0, &arg_default_restart_usec },

{ "Manager", "DefaultStartLimitInterval", config_parse_sec, 0, &arg_default_start_limit_interval },

{ "Manager", "DefaultStartLimitBurst", config_parse_unsigned, 0, &arg_default_start_limit_burst },

{ "Manager", "DefaultEnvironment", config_parse_environ, 0, &arg_default_environment },

{ "Manager", "DefaultLimitCPU", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_CPU] },

{ "Manager", "DefaultLimitFSIZE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_FSIZE] },

{ "Manager", "DefaultLimitDATA", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_DATA] },

{ "Manager", "DefaultLimitSTACK", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_STACK] },

{ "Manager", "DefaultLimitCORE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_CORE] },

{ "Manager", "DefaultLimitRSS", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_RSS] },

{ "Manager", "DefaultLimitNOFILE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_NOFILE] },

{ "Manager", "DefaultLimitAS", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_AS] },

{ "Manager", "DefaultLimitNPROC", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_NPROC] },

{ "Manager", "DefaultLimitMEMLOCK", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_MEMLOCK] },

{ "Manager", "DefaultLimitLOCKS", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_LOCKS] },

{ "Manager", "DefaultLimitSIGPENDING", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_SIGPENDING] },

{ "Manager", "DefaultLimitMSGQUEUE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_MSGQUEUE] },

{ "Manager", "DefaultLimitNICE", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_NICE] },

{ "Manager", "DefaultLimitRTPRIO", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_RTPRIO] },

{ "Manager", "DefaultLimitRTTIME", config_parse_limit, 0, &arg_default_rlimit[RLIMIT_RTTIME] },

{}

};

_cleanup_fclose_ FILE *f;

const char *fn;

int r;

fn = arg_running_as == SYSTEMD_SYSTEM ? PKGSYSCONFDIR "/system.conf" : PKGSYSCONFDIR "/user.conf";

f = fopen(fn, "re");

if (!f) {

if (errno == ENOENT)

return 0;

log_warning("Failed to open configuration file '%s': %m", fn);

return 0;

}

r = config_parse(NULL, fn, f, "Manager\0", config_item_table_lookup, (void*) items, false, false, NULL);

if (r < 0)

log_warning("Failed to parse configuration file: %s", strerror(-r));

return 0;

}

static int parse_proc_cmdline(void) {

_cleanup_free_ char *line = NULL;

char *w, *state;

size_t l;

int r;

r = proc_cmdline(&line);

if (r < 0)

log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r));

if (r <= 0)

return 0;

FOREACH_WORD_QUOTED(w, l, line, state) {

_cleanup_free_ char *word;

word = strndup(w, l);

if (!word)

return log_oom();

r = parse_proc_cmdline_word(word);

if (r < 0) {

log_error("Failed on cmdline argument %s: %s", word, strerror(-r));

return r;

}

}

return 0;

}

static int parse_argv(int argc, char *argv[]) {

enum {

ARG_LOG_LEVEL = 0x100,

ARG_LOG_TARGET,

ARG_LOG_COLOR,

ARG_LOG_LOCATION,

ARG_UNIT,

ARG_SYSTEM,

ARG_USER,

ARG_TEST,

ARG_VERSION,

ARG_DUMP_CONFIGURATION_ITEMS,

ARG_DUMP_CORE,

ARG_CRASH_SHELL,

ARG_CONFIRM_SPAWN,

ARG_SHOW_STATUS,

ARG_DESERIALIZE,

ARG_SWITCHED_ROOT,

ARG_DEFAULT_STD_OUTPUT,

ARG_DEFAULT_STD_ERROR

};

static const struct option options[] = {

{ "log-level", required_argument, NULL, ARG_LOG_LEVEL },

{ "log-target", required_argument, NULL, ARG_LOG_TARGET },

{ "log-color", optional_argument, NULL, ARG_LOG_COLOR },

{ "log-location", optional_argument, NULL, ARG_LOG_LOCATION },

{ "unit", required_argument, NULL, ARG_UNIT },

{ "system", no_argument, NULL, ARG_SYSTEM },

{ "user", no_argument, NULL, ARG_USER },

{ "test", no_argument, NULL, ARG_TEST },

{ "help", no_argument, NULL, 'h' },

{ "version", no_argument, NULL, ARG_VERSION },

{ "dump-configuration-items", no_argument, NULL, ARG_DUMP_CONFIGURATION_ITEMS },

{ "dump-core", optional_argument, NULL, ARG_DUMP_CORE },

{ "crash-shell", optional_argument, NULL, ARG_CRASH_SHELL },

{ "confirm-spawn", optional_argument, NULL, ARG_CONFIRM_SPAWN },

{ "show-status", optional_argument, NULL, ARG_SHOW_STATUS },

{ "deserialize", required_argument, NULL, ARG_DESERIALIZE },

{ "switched-root", no_argument, NULL, ARG_SWITCHED_ROOT },

{ "default-standard-output", required_argument, NULL, ARG_DEFAULT_STD_OUTPUT, },

{ "default-standard-error", required_argument, NULL, ARG_DEFAULT_STD_ERROR, },

{ NULL, 0, NULL, 0 }

};

int c, r;

assert(argc >= 1);

assert(argv);

if (getpid() == 1)

opterr = 0;

while ((c = getopt_long(argc, argv, "hDbsz:", options, NULL)) >= 0)

switch (c) {

case ARG_LOG_LEVEL:

if ((r = log_set_max_level_from_string(optarg)) < 0) {

log_error("Failed to parse log level %s.", optarg);

return r;

}

break;

case ARG_LOG_TARGET:

if ((r = log_set_target_from_string(optarg)) < 0) {

log_error("Failed to parse log target %s.", optarg);

return r;

}

break;

case ARG_LOG_COLOR:

if (optarg) {

if ((r = log_show_color_from_string(optarg)) < 0) {

log_error("Failed to parse log color setting %s.", optarg);

return r;

}

} else

log_show_color(true);

break;

case ARG_LOG_LOCATION:

if (optarg) {

if ((r = log_show_location_from_string(optarg)) < 0) {

log_error("Failed to parse log location setting %s.", optarg);

return r;

}

} else

log_show_location(true);

break;

case ARG_DEFAULT_STD_OUTPUT:

if ((r = exec_output_from_string(optarg)) < 0) {

log_error("Failed to parse default standard output setting %s.", optarg);

return r;

} else

arg_default_std_output = r;

break;

case ARG_DEFAULT_STD_ERROR:

if ((r = exec_output_from_string(optarg)) < 0) {

log_error("Failed to parse default standard error output setting %s.", optarg);

return r;

} else

arg_default_std_error = r;

break;

case ARG_UNIT:

if ((r = set_default_unit(optarg)) < 0) {

log_error("Failed to set default unit %s: %s", optarg, strerror(-r));

return r;

}

break;

case ARG_SYSTEM:

arg_running_as = SYSTEMD_SYSTEM;

break;

case ARG_USER:

arg_running_as = SYSTEMD_USER;

break;

case ARG_TEST:

arg_action = ACTION_TEST;

break;

case ARG_VERSION:

arg_action = ACTION_VERSION;

break;

case ARG_DUMP_CONFIGURATION_ITEMS:

arg_action = ACTION_DUMP_CONFIGURATION_ITEMS;

break;

case ARG_DUMP_CORE:

r = optarg ? parse_boolean(optarg) : 1;

if (r < 0) {

log_error("Failed to parse dump core boolean %s.", optarg);

return r;

}

arg_dump_core = r;

break;

case ARG_CRASH_SHELL:

r = optarg ? parse_boolean(optarg) : 1;

if (r < 0) {

log_error("Failed to parse crash shell boolean %s.", optarg);

return r;

}

arg_crash_shell = r;

break;

case ARG_CONFIRM_SPAWN:

r = optarg ? parse_boolean(optarg) : 1;

if (r < 0) {

log_error("Failed to parse confirm spawn boolean %s.", optarg);

return r;

}

arg_confirm_spawn = r;

break;

case ARG_SHOW_STATUS:

if (optarg) {

r = parse_show_status(optarg, &arg_show_status);

if (r < 0) {

log_error("Failed to parse show status boolean %s.", optarg);

return r;

}

} else

arg_show_status = SHOW_STATUS_YES;

break;

case ARG_DESERIALIZE: {

int fd;

FILE *f;

r = safe_atoi(optarg, &fd);

if (r < 0 || fd < 0) {

log_error("Failed to parse deserialize option %s.", optarg);

return r < 0 ? r : -EINVAL;

}

fd_cloexec(fd, true);

f = fdopen(fd, "r");

if (!f) {

log_error("Failed to open serialization fd: %m");

return -errno;

}

if (arg_serialization)

fclose(arg_serialization);

arg_serialization = f;

break;

}

case ARG_SWITCHED_ROOT:

arg_switched_root = true;

break;

case 'h':

arg_action = ACTION_HELP;

break;

case 'D':

log_set_max_level(LOG_DEBUG);

break;

case 'b':

case 's':

case 'z':

/* Just to eat away the sysvinit kernel

case '?':

default:

if (getpid() != 1) {

log_error("Unknown option code %c", c);

return -EINVAL;

}

break;

}

if (optind < argc && getpid() != 1) {

/* Hmm, when we aren't run as init system

log_error("Excess arguments.");

return -EINVAL;

}

if (detect_container(NULL) > 0) {

char **a;

/* All /proc/cmdline arguments the kernel didn't

for (a = argv; a < argv + argc; a++) {

r = parse_proc_cmdline_word(*a);

if (r < 0) {

log_error("Failed on cmdline argument %s: %s", *a, strerror(-r));

return r;

}

}

}

return 0;

}

static int help(void) {

printf("%s [OPTIONS...]\n\n"

"Starts up and maintains the system or user services.\n\n"

" -h --help Show this help\n"

" --test Determine startup sequence, dump it and exit\n"

" --dump-configuration-items Dump understood unit configuration items\n"

" --unit=UNIT Set default unit\n"

" --system Run a system instance, even if PID != 1\n"

" --user Run a user instance\n"

" --dump-core[=0|1] Dump core on crash\n"

" --crash-shell[=0|1] Run shell on crash\n"

" --confirm-spawn[=0|1] Ask for confirmation when spawning processes\n"

" --show-status[=0|1] Show status updates on the console during bootup\n"

" --log-target=TARGET Set log target (console, journal, syslog, kmsg, journal-or-kmsg, syslog-or-kmsg, null)\n"

" --log-level=LEVEL Set log level (debug, info, notice, warning, err, crit, alert, emerg)\n"

" --log-color[=0|1] Highlight important log messages\n"

" --log-location[=0|1] Include code location in log messages\n"

" --default-standard-output= Set default standard output for services\n"

" --default-standard-error= Set default standard error output for services\n",

program_invocation_short_name);

return 0;

}

static int version(void) {

puts(PACKAGE_STRING);

puts(SYSTEMD_FEATURES);

return 0;

}

static int prepare_reexecute(Manager *m, FILE **_f, FDSet **_fds, bool switching_root) {

FILE *f = NULL;

FDSet *fds = NULL;

int r;

assert(m);

assert(_f);

assert(_fds);

r = manager_open_serialization(m, &f);

if (r < 0) {

log_error("Failed to create serialization file: %s", strerror(-r));

goto fail;

}

/* Make sure nothing is really destructed when we shut down */

m->n_reloading ++;

bus_manager_send_reloading(m, true);

fds = fdset_new();

if (!fds) {

r = -ENOMEM;

log_error("Failed to allocate fd set: %s", strerror(-r));

goto fail;

}

r = manager_serialize(m, f, fds, switching_root);

if (r < 0) {

log_error("Failed to serialize state: %s", strerror(-r));

goto fail;

}

if (fseeko(f, 0, SEEK_SET) < 0) {

log_error("Failed to rewind serialization fd: %m");

goto fail;

}

r = fd_cloexec(fileno(f), false);

if (r < 0) {

log_error("Failed to disable O_CLOEXEC for serialization: %s", strerror(-r));

goto fail;

}

r = fdset_cloexec(fds, false);

if (r < 0) {

log_error("Failed to disable O_CLOEXEC for serialization fds: %s", strerror(-r));

goto fail;

}

*_f = f;

*_fds = fds;

return 0;

fail:

fdset_free(fds);

if (f)

fclose(f);

return r;

}

static int bump_rlimit_nofile(struct rlimit *saved_rlimit) {

struct rlimit nl;

int r;

assert(saved_rlimit);

/* Save the original RLIMIT_NOFILE so that we can reset it

if (getrlimit(RLIMIT_NOFILE, saved_rlimit) < 0) {

log_error("Reading RLIMIT_NOFILE failed: %m");

return -errno;

}

/* Make sure forked processes get the default kernel setting */

if (!arg_default_rlimit[RLIMIT_NOFILE]) {

struct rlimit *rl;

rl = newdup(struct rlimit, saved_rlimit, 1);

if (!rl)

return log_oom();

arg_default_rlimit[RLIMIT_NOFILE] = rl;

}

/* Bump up the resource limit for ourselves substantially */

nl.rlim_cur = nl.rlim_max = 64*1024;

r = setrlimit_closest(RLIMIT_NOFILE, &nl);

if (r < 0) {

log_error("Setting RLIMIT_NOFILE failed: %s", strerror(-r));

return r;

}

return 0;

}

static void test_mtab(void) {

char *p;

/* Check that /etc/mtab is a symlink */

if (readlink_malloc("/etc/mtab", &p) >= 0) {

bool b;

b = streq(p, "/proc/self/mounts") || streq(p, "/proc/mounts");

free(p);

if (b)

return;

}

log_warning("/etc/mtab is not a symlink or not pointing to /proc/self/mounts. "

"This is not supported anymore. "

"Please make sure to replace this file by a symlink to avoid incorrect or misleading mount(8) output.");

}

static void test_usr(void) {

/* Check that /usr is not a separate fs */

if (dir_is_empty("/usr") <= 0)

return;

log_warning("/usr appears to be on its own filesytem and is not already mounted. This is not a supported setup. "

"Some things will probably break (sometimes even silently) in mysterious ways. "

"Consult http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken for more information.");

}

static void test_cgroups(void) {

if (access("/proc/cgroups", F_OK) >= 0)

return;

log_warning("CONFIG_CGROUPS was not set when your kernel was compiled. "

"Systems without control groups are not supported. "

"We will now sleep for 10s, and then continue boot-up. "

"Expect breakage and please do not file bugs. "

"Instead fix your kernel and enable CONFIG_CGROUPS. "

"Consult http://0pointer.de/blog/projects/cgroups-vs-cgroups.html for more information.");

sleep(10);

}

static int initialize_join_controllers(void) {

/* By default, mount "cpu" + "cpuacct" together, and "net_cls"

arg_join_controllers = new(char**, 3);

if (!arg_join_controllers)

return -ENOMEM;

arg_join_controllers[0] = strv_new("cpu", "cpuacct", NULL);

arg_join_controllers[1] = strv_new("net_cls", "net_prio", NULL);

arg_join_controllers[2] = NULL;

if (!arg_join_controllers[0] || !arg_join_controllers[1]) {

free_join_controllers();

return -ENOMEM;

}

return 0;

}

static int enforce_syscall_archs(Set *archs) {

#ifdef HAVE_SECCOMP

scmp_filter_ctx *seccomp;

Iterator i;

void *id;

int r;

seccomp = seccomp_init(SCMP_ACT_ALLOW);

if (!seccomp)

return log_oom();

SET_FOREACH(id, arg_syscall_archs, i) {

r = seccomp_arch_add(seccomp, PTR_TO_UINT32(id) - 1);

if (r == -EEXIST)

continue;

if (r < 0) {

log_error("Failed to add architecture to seccomp: %s", strerror(-r));

goto finish;

}

}

r = seccomp_load(seccomp);

if (r < 0)

log_error("Failed to add install architecture seccomp: %s", strerror(-r));

finish:

seccomp_release(seccomp);

return r;

#else

return 0;

#endif

}

int main(int argc, char *argv[]) {

Manager *m = NULL;

int r, retval = EXIT_FAILURE;

usec_t before_startup, after_startup;

char timespan[FORMAT_TIMESPAN_MAX];

FDSet *fds = NULL;

bool reexecute = false;

const char *shutdown_verb = NULL;

dual_timestamp initrd_timestamp = { 0ULL, 0ULL };

dual_timestamp userspace_timestamp = { 0ULL, 0ULL };

dual_timestamp kernel_timestamp = { 0ULL, 0ULL };

dual_timestamp security_start_timestamp = { 0ULL, 0ULL };

dual_timestamp security_finish_timestamp = { 0ULL, 0ULL };

static char systemd[] = "systemd";

bool skip_setup = false;

unsigned j;

bool loaded_policy = false;

bool arm_reboot_watchdog = false;

bool queue_default_job = false;

char *switch_root_dir = NULL, *switch_root_init = NULL;

static struct rlimit saved_rlimit_nofile = { 0, 0 };

#ifdef HAVE_SYSV_COMPAT

if (getpid() != 1 && strstr(program_invocation_short_name, "init")) {

/* This is compatibility support for SysV, where

errno = -ENOENT;

execv(SYSTEMCTL_BINARY_PATH, argv);

log_error("Failed to exec " SYSTEMCTL_BINARY_PATH ": %m");

return 1;

}

#endif

dual_timestamp_from_monotonic(&kernel_timestamp, 0);

dual_timestamp_get(&userspace_timestamp);

/* Determine if this is a reexecution or normal bootup. We do

if (strv_find(argv+1, "--deserialize"))

skip_setup = true;

/* If we have switched root, do all the special setup

if (strv_find(argv+1, "--switched-root"))

skip_setup = false;

/* If we get started via the /sbin/init symlink then we are

program_invocation_short_name = systemd;

prctl(PR_SET_NAME, systemd);

saved_argv = argv;

saved_argc = argc;

log_show_color(isatty(STDERR_FILENO) > 0);

/* Disable the umask logic */

if (getpid() == 1)

umask(0);

if (getpid() == 1 && detect_container(NULL) <= 0) {

/* Running outside of a container as PID 1 */

arg_running_as = SYSTEMD_SYSTEM;

make_null_stdio();

log_set_target(LOG_TARGET_KMSG);

log_open();

if (in_initrd())

initrd_timestamp = userspace_timestamp;

if (!skip_setup) {

mount_setup_early();

dual_timestamp_get(&security_start_timestamp);

if (selinux_setup(&loaded_policy) < 0)

goto finish;

if (ima_setup() < 0)

goto finish;

if (smack_setup() < 0)

goto finish;

dual_timestamp_get(&security_finish_timestamp);

}

if (label_init(NULL) < 0)

goto finish;

if (!skip_setup) {

if (hwclock_is_localtime() > 0) {

int min;

/* The first-time call to settimeofday() does a time warp in the kernel */

r = hwclock_set_timezone(&min);

if (r < 0)

log_error("Failed to apply local time delta, ignoring: %s", strerror(-r));

else

log_info("RTC configured in localtime, applying delta of %i minutes to system time.", min);

} else if (!in_initrd()) {

/*

hwclock_reset_timezone();

/* Tell the kernel our timezone */

r = hwclock_set_timezone(NULL);

if (r < 0)

log_error("Failed to set the kernel's timezone, ignoring: %s", strerror(-r));

}

}

/* Set the default for later on, but don't actually

log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);

} else if (getpid() == 1) {

/* Running inside a container, as PID 1 */

arg_running_as = SYSTEMD_SYSTEM;

log_set_target(LOG_TARGET_CONSOLE);

log_close_console(); /* force reopen of /dev/console */

log_open();

/* For the later on, see above... */

log_set_target(LOG_TARGET_JOURNAL);

/* clear the kernel timestamp,

kernel_timestamp.monotonic = 0ULL;

kernel_timestamp.realtime = 0ULL;

} else {

/* Running as user instance */

arg_running_as = SYSTEMD_USER;

log_set_target(LOG_TARGET_AUTO);

log_open();

/* clear the kernel timestamp,

kernel_timestamp.monotonic = 0ULL;

kernel_timestamp.realtime = 0ULL;

}