← Back to branch summary

~ubuntu-branches/debian/jessie/systemd/jessie

« back to all changes in this revision

Viewing changes to src/execute.c

  • Committer: Package Import Robot
  • Author(s): Tollef Fog Heen, Tollef Fog Heen, Michael Biebl
  • Date: 2012-04-03 19:59:17 UTC
  • mfrom: (1.1.10) (6.1.3 experimental)
  • Revision ID: package-import@ubuntu.com-20120403195917-l532urrbg4pkreas
Tags: 44-1
http://bugs.debian.org/664364
http://bugs.debian.org/663219
http://bugs.debian.org/663323
[ Tollef Fog Heen ]
* New upstream version.
  - Backport 3492207: journal: PAGE_SIZE is not known on ppc and other
    archs
  - Backport 5a2a2a1: journal: react with immediate rotation to a couple
    of more errors
  - Backport 693ce21: util: never follow symlinks in rm_rf_children()
    Fixes CVE-2012-1174, closes: #664364
* Drop output message from init-functions hook, it's pointless.
* Only rmdir /lib/init/rw if it exists.
* Explicitly order debian-fixup before sysinit.target to prevent a
  possible race condition with the creation of sockets.  Thanks to
  Michael Biebl for debugging this.
* Always restart the initctl socket on upgrades, to mask sysvinit
  removing it.

[ Michael Biebl ]
* Remove workaround for non-interactive sessions from pam config again.
* Create compat /dev/initctl symlink in case we are upgrading from a system
  running a newer version of sysvinit (using /run/initctl) and sysvinit is
  replaced with systemd-sysv during the upgrade. Closes: #663219
* Install new man pages.
* Build-Depend on valac (>= 0.12) instead of valac-0.12. Closes: #663323

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/execute.c
173
173
 
174
174
static int connect_logger_as(const ExecContext *context, ExecOutput output, const char *ident, int nfd) {
175
175
        int fd, r;
176
 
        union {
177
 
                struct sockaddr sa;
178
 
                struct sockaddr_un un;
179
 
        } sa;
 
176
        union sockaddr_union sa;
180
177
 
181
178
        assert(context);
182
179
        assert(output < _EXEC_OUTPUT_MAX);
183
180
        assert(ident);
184
181
        assert(nfd >= 0);
185
182
 
186
 
        if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
 
183
        fd = socket(AF_UNIX, SOCK_STREAM, 0);
 
184
        if (fd < 0)
187
185
                return -errno;
188
186
 
189
187
        zero(sa);
190
 
        sa.sa.sa_family = AF_UNIX;
191
 
        strncpy(sa.un.sun_path, STDOUT_SYSLOG_BRIDGE_SOCKET, sizeof(sa.un.sun_path));
 
188
        sa.un.sun_family = AF_UNIX;
 
189
        strncpy(sa.un.sun_path, "/run/systemd/journal/stdout", sizeof(sa.un.sun_path));
192
190
 
193
 
        if (connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + sizeof(STDOUT_SYSLOG_BRIDGE_SOCKET) - 1) < 0) {
 
191
        r = connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path));
 
192
        if (r < 0) {
194
193
                close_nointr_nofail(fd);
195
194
                return -errno;
196
195
        }
200
199
                return -errno;
201
200
        }
202
201
 
203
 
        /* We speak a very simple protocol between log server
204
 
         * and client: one line for the log destination (kmsg
205
 
         * or syslog), followed by the priority field,
206
 
         * followed by the process name. Since we replaced
207
 
         * stdin/stderr we simple use stdio to write to
208
 
         * it. Note that we use stderr, to minimize buffer
209
 
         * flushing issues. */
210
 
 
211
202
        dprintf(fd,
212
203
                "%s\n"
213
204
                "%i\n"
214
 
                "%s\n"
 
205
                "%i\n"
 
206
                "%i\n"
 
207
                "%i\n"
215
208
                "%i\n",
216
 
                output == EXEC_OUTPUT_KMSG ?             "kmsg" :
217
 
                output == EXEC_OUTPUT_KMSG_AND_CONSOLE ? "kmsg+console" :
218
 
                output == EXEC_OUTPUT_SYSLOG ?           "syslog" :
219
 
                                                         "syslog+console",
 
209
                context->syslog_identifier ? context->syslog_identifier : ident,
220
210
                context->syslog_priority,
221
 
                context->syslog_identifier ? context->syslog_identifier : ident,
222
 
                context->syslog_level_prefix);
 
211
                !!context->syslog_level_prefix,
 
212
                output == EXEC_OUTPUT_SYSLOG || output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
 
213
                output == EXEC_OUTPUT_KMSG || output == EXEC_OUTPUT_KMSG_AND_CONSOLE,
 
214
                output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE || output == EXEC_OUTPUT_KMSG_AND_CONSOLE || output == EXEC_OUTPUT_JOURNAL_AND_CONSOLE);
223
215
 
224
216
        if (fd != nfd) {
225
217
                r = dup2(fd, nfd) < 0 ? -errno : nfd;
359
351
        case EXEC_OUTPUT_SYSLOG_AND_CONSOLE:
360
352
        case EXEC_OUTPUT_KMSG:
361
353
        case EXEC_OUTPUT_KMSG_AND_CONSOLE:
 
354
        case EXEC_OUTPUT_JOURNAL:
 
355
        case EXEC_OUTPUT_JOURNAL_AND_CONSOLE:
362
356
                return connect_logger_as(context, o, ident, STDOUT_FILENO);
363
357
 
364
358
        case EXEC_OUTPUT_SOCKET:
412
406
        case EXEC_OUTPUT_SYSLOG_AND_CONSOLE:
413
407
        case EXEC_OUTPUT_KMSG:
414
408
        case EXEC_OUTPUT_KMSG_AND_CONSOLE:
 
409
        case EXEC_OUTPUT_JOURNAL:
 
410
        case EXEC_OUTPUT_JOURNAL_AND_CONSOLE:
415
411
                return connect_logger_as(context, e, ident, STDERR_FILENO);
416
412
 
417
413
        case EXEC_OUTPUT_SOCKET:
716
712
        pam_handle_t *handle = NULL;
717
713
        sigset_t ss, old_ss;
718
714
        int pam_code = PAM_SUCCESS;
 
715
        int err;
719
716
        char **e = NULL;
720
717
        bool close_session = false;
721
718
        pid_t pam_pid = 0, parent_pid;
773
770
                 * termination */
774
771
 
775
772
                /* This string must fit in 10 chars (i.e. the length
776
 
                 * of "/sbin/init") */
777
 
                rename_process("sd(PAM)");
 
773
                 * of "/sbin/init"), to look pretty in /bin/ps */
 
774
                rename_process("(sd-pam)");
778
775
 
779
776
                /* Make sure we don't keep open the passed fds in this
780
777
                child. We assume that otherwise only those fds are
835
832
        return 0;
836
833
 
837
834
fail:
 
835
        if (pam_code != PAM_SUCCESS)
 
836
                err = -EPERM;  /* PAM errors do not map to errno */
 
837
        else
 
838
                err = -errno;
 
839
 
838
840
        if (handle) {
839
841
                if (close_session)
840
842
                        pam_code = pam_close_session(handle, PAM_DATA_SILENT);
851
853
                kill(pam_pid, SIGCONT);
852
854
        }
853
855
 
854
 
        return EXIT_PAM;
 
856
        return err;
855
857
}
856
858
#endif
857
859
 
895
897
                }
896
898
        }
897
899
 
898
 
        for (i = 0; i <= MAX(63LU, (unsigned long) CAP_LAST_CAP); i++)
 
900
        for (i = 0; i <= cap_last_cap(); i++)
899
901
                if (drop & ((uint64_t) 1ULL << (uint64_t) i)) {
900
902
                        if (prctl(PR_CAPBSET_DROP, i) < 0) {
901
 
                                if (errno == EINVAL)
902
 
                                        break;
903
 
 
904
903
                                r = -errno;
905
904
                                goto finish;
906
905
                        }
920
919
        return r;
921
920
}
922
921
 
 
922
static void rename_process_from_path(const char *path) {
 
923
        char process_name[11];
 
924
        const char *p;
 
925
        size_t l;
 
926
 
 
927
        /* This resulting string must fit in 10 chars (i.e. the length
 
928
         * of "/sbin/init") to look pretty in /bin/ps */
 
929
 
 
930
        p = file_name_from_path(path);
 
931
        if (isempty(p)) {
 
932
                rename_process("(...)");
 
933
                return;
 
934
        }
 
935
 
 
936
        l = strlen(p);
 
937
        if (l > 8) {
 
938
                /* The end of the process name is usually more
 
939
                 * interesting, since the first bit might just be
 
940
                 * "systemd-" */
 
941
                p = p + l - 8;
 
942
                l = 8;
 
943
        }
 
944
 
 
945
        process_name[0] = '(';
 
946
        memcpy(process_name+1, p, l);
 
947
        process_name[1+l] = ')';
 
948
        process_name[1+l+1] = 0;
 
949
 
 
950
        rename_process(process_name);
 
951
}
 
952
 
923
953
int exec_spawn(ExecCommand *command,
924
954
               char **argv,
925
955
               const ExecContext *context,
986
1016
        }
987
1017
 
988
1018
        if (pid == 0) {
989
 
                int i;
 
1019
                int i, err;
990
1020
                sigset_t ss;
991
1021
                const char *username = NULL, *home = NULL;
992
1022
                uid_t uid = (uid_t) -1;
994
1024
                char **our_env = NULL, **pam_env = NULL, **final_env = NULL, **final_argv = NULL;
995
1025
                unsigned n_env = 0;
996
1026
                int saved_stdout = -1, saved_stdin = -1;
997
 
                bool keep_stdout = false, keep_stdin = false;
 
1027
                bool keep_stdout = false, keep_stdin = false, set_access = false;
998
1028
 
999
1029
                /* child */
1000
1030
 
1001
 
                /* This string must fit in 10 chars (i.e. the length
1002
 
                 * of "/sbin/init") */
1003
 
                rename_process("sd(EXEC)");
 
1031
                rename_process_from_path(command->path);
1004
1032
 
1005
1033
                /* We reset exactly these signals, since they are the
1006
1034
                 * only ones we set to SIG_IGN in the main daemon. All
1010
1038
                default_signals(SIGNALS_CRASH_HANDLER,
1011
1039
                                SIGNALS_IGNORE, -1);
1012
1040
 
1013
 
                if (sigemptyset(&ss) < 0 ||
1014
 
                    sigprocmask(SIG_SETMASK, &ss, NULL) < 0) {
 
1041
                if (context->ignore_sigpipe)
 
1042
                        ignore_signals(SIGPIPE, -1);
 
1043
 
 
1044
                assert_se(sigemptyset(&ss) == 0);
 
1045
                if (sigprocmask(SIG_SETMASK, &ss, NULL) < 0) {
 
1046
                        err = -errno;
1015
1047
                        r = EXIT_SIGNAL_MASK;
1016
1048
                        goto fail_child;
1017
1049
                }
1019
1051
                /* Close sockets very early to make sure we don't
1020
1052
                 * block init reexecution because it cannot bind its
1021
1053
                 * sockets */
1022
 
                if (close_all_fds(socket_fd >= 0 ? &socket_fd : fds,
1023
 
                                  socket_fd >= 0 ? 1 : n_fds) < 0) {
 
1054
                log_forget_fds();
 
1055
                err = close_all_fds(socket_fd >= 0 ? &socket_fd : fds,
 
1056
                                           socket_fd >= 0 ? 1 : n_fds);
 
1057
                if (err < 0) {
1024
1058
                        r = EXIT_FDS;
1025
1059
                        goto fail_child;
1026
1060
                }
1027
1061
 
1028
1062
                if (!context->same_pgrp)
1029
1063
                        if (setsid() < 0) {
 
1064
                                err = -errno;
1030
1065
                                r = EXIT_SETSID;
1031
1066
                                goto fail_child;
1032
1067
                        }
1034
1069
                if (context->tcpwrap_name) {
1035
1070
                        if (socket_fd >= 0)
1036
1071
                                if (!socket_tcpwrap(socket_fd, context->tcpwrap_name)) {
 
1072
                                        err = -EACCES;
1037
1073
                                        r = EXIT_TCPWRAP;
1038
1074
                                        goto fail_child;
1039
1075
                                }
1040
1076
 
1041
1077
                        for (i = 0; i < (int) n_fds; i++) {
1042
1078
                                if (!socket_tcpwrap(fds[i], context->tcpwrap_name)) {
 
1079
                                        err = -EACCES;
1043
1080
                                        r = EXIT_TCPWRAP;
1044
1081
                                        goto fail_child;
1045
1082
                                }
1055
1092
 
1056
1093
                        /* Set up terminal for the question */
1057
1094
                        if ((r = setup_confirm_stdio(context,
1058
 
                                                     &saved_stdin, &saved_stdout)))
 
1095
                                                     &saved_stdin, &saved_stdout))) {
 
1096
                                err = -errno;
1059
1097
                                goto fail_child;
 
1098
                        }
1060
1099
 
1061
1100
                        /* Now ask the question. */
1062
1101
                        if (!(line = exec_command_line(argv))) {
 
1102
                                err = -ENOMEM;
1063
1103
                                r = EXIT_MEMORY;
1064
1104
                                goto fail_child;
1065
1105
                        }
1068
1108
                        free(line);
1069
1109
 
1070
1110
                        if (r < 0 || response == 'n') {
 
1111
                                err = -ECANCELED;
1071
1112
                                r = EXIT_CONFIRM;
1072
1113
                                goto fail_child;
1073
1114
                        } else if (response == 's') {
1074
 
                                r = 0;
 
1115
                                err = r = 0;
1075
1116
                                goto fail_child;
1076
1117
                        }
1077
1118
 
1078
1119
                        /* Release terminal for the question */
1079
1120
                        if ((r = restore_confirm_stdio(context,
1080
1121
                                                       &saved_stdin, &saved_stdout,
1081
 
                                                       &keep_stdin, &keep_stdout)))
 
1122
                                                       &keep_stdin, &keep_stdout))) {
 
1123
                                err = -errno;
1082
1124
                                goto fail_child;
 
1125
                        }
1083
1126
                }
1084
1127
 
1085
1128
                /* If a socket is connected to STDIN/STDOUT/STDERR, we
1087
1130
                if (socket_fd >= 0)
1088
1131
                        fd_nonblock(socket_fd, false);
1089
1132
 
1090
 
                if (!keep_stdin)
1091
 
                        if (setup_input(context, socket_fd, apply_tty_stdin) < 0) {
 
1133
                if (!keep_stdin) {
 
1134
                        err = setup_input(context, socket_fd, apply_tty_stdin);
 
1135
                        if (err < 0) {
1092
1136
                                r = EXIT_STDIN;
1093
1137
                                goto fail_child;
1094
1138
                        }
 
1139
                }
1095
1140
 
1096
 
                if (!keep_stdout)
1097
 
                        if (setup_output(context, socket_fd, file_name_from_path(command->path), apply_tty_stdin) < 0) {
 
1141
                if (!keep_stdout) {
 
1142
                        err = setup_output(context, socket_fd, file_name_from_path(command->path), apply_tty_stdin);
 
1143
                        if (err < 0) {
1098
1144
                                r = EXIT_STDOUT;
1099
1145
                                goto fail_child;
1100
1146
                        }
 
1147
                }
1101
1148
 
1102
 
                if (setup_error(context, socket_fd, file_name_from_path(command->path), apply_tty_stdin) < 0) {
 
1149
                err = setup_error(context, socket_fd, file_name_from_path(command->path), apply_tty_stdin);
 
1150
                if (err < 0) {
1103
1151
                        r = EXIT_STDERR;
1104
1152
                        goto fail_child;
1105
1153
                }
1106
1154
 
1107
 
                if (cgroup_bondings)
1108
 
                        if (cgroup_bonding_install_list(cgroup_bondings, 0) < 0) {
 
1155
                if (cgroup_bondings) {
 
1156
                        err = cgroup_bonding_install_list(cgroup_bondings, 0);
 
1157
                        if (err < 0) {
1109
1158
                                r = EXIT_CGROUP;
1110
1159
                                goto fail_child;
1111
1160
                        }
 
1161
                }
1112
1162
 
1113
1163
                if (context->oom_score_adjust_set) {
1114
1164
                        char t[16];
1129
1179
 
1130
1180
                                if (write_one_line_file("/proc/self/oom_adj", t) < 0
1131
1181
                                    && errno != EACCES) {
 
1182
                                        err = -errno;
1132
1183
                                        r = EXIT_OOM_ADJUST;
1133
1184
                                        goto fail_child;
1134
1185
                                }
1137
1188
 
1138
1189
                if (context->nice_set)
1139
1190
                        if (setpriority(PRIO_PROCESS, 0, context->nice) < 0) {
 
1191
                                err = -errno;
1140
1192
                                r = EXIT_NICE;
1141
1193
                                goto fail_child;
1142
1194
                        }
1149
1201
 
1150
1202
                        if (sched_setscheduler(0, context->cpu_sched_policy |
1151
1203
                                               (context->cpu_sched_reset_on_fork ? SCHED_RESET_ON_FORK : 0), &param) < 0) {
 
1204
                                err = -errno;
1152
1205
                                r = EXIT_SETSCHEDULER;
1153
1206
                                goto fail_child;
1154
1207
                        }
1156
1209
 
1157
1210
                if (context->cpuset)
1158
1211
                        if (sched_setaffinity(0, CPU_ALLOC_SIZE(context->cpuset_ncpus), context->cpuset) < 0) {
 
1212
                                err = -errno;
1159
1213
                                r = EXIT_CPUAFFINITY;
1160
1214
                                goto fail_child;
1161
1215
                        }
1162
1216
 
1163
1217
                if (context->ioprio_set)
1164
1218
                        if (ioprio_set(IOPRIO_WHO_PROCESS, 0, context->ioprio) < 0) {
 
1219
                                err = -errno;
1165
1220
                                r = EXIT_IOPRIO;
1166
1221
                                goto fail_child;
1167
1222
                        }
1168
1223
 
1169
1224
                if (context->timer_slack_nsec_set)
1170
1225
                        if (prctl(PR_SET_TIMERSLACK, context->timer_slack_nsec) < 0) {
 
1226
                                err = -errno;
1171
1227
                                r = EXIT_TIMERSLACK;
1172
1228
                                goto fail_child;
1173
1229
                        }
1174
1230
 
1175
1231
                if (context->utmp_id)
1176
 
                        utmp_put_init_process(0, context->utmp_id, getpid(), getsid(0), context->tty_path);
 
1232
                        utmp_put_init_process(context->utmp_id, getpid(), getsid(0), context->tty_path);
1177
1233
 
1178
1234
                if (context->user) {
1179
1235
                        username = context->user;
1180
 
                        if (get_user_creds(&username, &uid, &gid, &home) < 0) {
 
1236
                        err = get_user_creds(&username, &uid, &gid, &home);
 
1237
                        if (err < 0) {
1181
1238
                                r = EXIT_USER;
1182
1239
                                goto fail_child;
1183
1240
                        }
1184
1241
 
1185
 
                        if (is_terminal_input(context->std_input))
1186
 
                                if (chown_terminal(STDIN_FILENO, uid) < 0) {
 
1242
                        if (is_terminal_input(context->std_input)) {
 
1243
                                err = chown_terminal(STDIN_FILENO, uid);
 
1244
                                if (err < 0) {
1187
1245
                                        r = EXIT_STDIN;
1188
1246
                                        goto fail_child;
1189
1247
                                }
 
1248
                        }
1190
1249
 
1191
 
                        if (cgroup_bondings && context->control_group_modify)
1192
 
                                if (cgroup_bonding_set_group_access_list(cgroup_bondings, 0755, uid, gid) < 0 ||
1193
 
                                    cgroup_bonding_set_task_access_list(cgroup_bondings, 0644, uid, gid) < 0) {
 
1250
                        if (cgroup_bondings && context->control_group_modify) {
 
1251
                                err = cgroup_bonding_set_group_access_list(cgroup_bondings, 0755, uid, gid);
 
1252
                                if (err >= 0)
 
1253
                                        err = cgroup_bonding_set_task_access_list(cgroup_bondings, 0644, uid, gid, context->control_group_persistent);
 
1254
                                if (err < 0) {
1194
1255
                                        r = EXIT_CGROUP;
1195
1256
                                        goto fail_child;
1196
1257
                                }
1197
 
                }
1198
 
 
1199
 
                if (apply_permissions)
1200
 
                        if (enforce_groups(context, username, gid) < 0) {
 
1258
 
 
1259
                                set_access = true;
 
1260
                        }
 
1261
                }
 
1262
 
 
1263
                if (cgroup_bondings && !set_access && context->control_group_persistent >= 0)  {
 
1264
                        err = cgroup_bonding_set_task_access_list(cgroup_bondings, (mode_t) -1, (uid_t) -1, (uid_t) -1, context->control_group_persistent);
 
1265
                        if (err < 0) {
 
1266
                                r = EXIT_CGROUP;
 
1267
                                goto fail_child;
 
1268
                        }
 
1269
                }
 
1270
 
 
1271
                if (apply_permissions) {
 
1272
                        err = enforce_groups(context, username, gid);
 
1273
                        if (err < 0) {
1201
1274
                                r = EXIT_GROUP;
1202
1275
                                goto fail_child;
1203
1276
                        }
 
1277
                }
1204
1278
 
1205
1279
                umask(context->umask);
1206
1280
 
1207
1281
#ifdef HAVE_PAM
1208
1282
                if (context->pam_name && username) {
1209
 
                        if (setup_pam(context->pam_name, username, context->tty_path, &pam_env, fds, n_fds) != 0) {
 
1283
                        err = setup_pam(context->pam_name, username, context->tty_path, &pam_env, fds, n_fds);
 
1284
                        if (err < 0) {
1210
1285
                                r = EXIT_PAM;
1211
1286
                                goto fail_child;
1212
1287
                        }
1214
1289
#endif
1215
1290
                if (context->private_network) {
1216
1291
                        if (unshare(CLONE_NEWNET) < 0) {
 
1292
                                err = -errno;
1217
1293
                                r = EXIT_NETWORK;
1218
1294
                                goto fail_child;
1219
1295
                        }
1225
1301
                    strv_length(context->read_only_dirs) > 0 ||
1226
1302
                    strv_length(context->inaccessible_dirs) > 0 ||
1227
1303
                    context->mount_flags != MS_SHARED ||
1228
 
                    context->private_tmp)
1229
 
                        if ((r = setup_namespace(
1230
 
                                             context->read_write_dirs,
1231
 
                                             context->read_only_dirs,
1232
 
                                             context->inaccessible_dirs,
1233
 
                                             context->private_tmp,
1234
 
                                             context->mount_flags)) < 0)
 
1304
                    context->private_tmp) {
 
1305
                        err = setup_namespace(context->read_write_dirs,
 
1306
                                              context->read_only_dirs,
 
1307
                                              context->inaccessible_dirs,
 
1308
                                              context->private_tmp,
 
1309
                                              context->mount_flags);
 
1310
                        if (err < 0) {
 
1311
                                r = EXIT_NAMESPACE;
1235
1312
                                goto fail_child;
 
1313
                        }
 
1314
                }
1236
1315
 
1237
1316
                if (apply_chroot) {
1238
1317
                        if (context->root_directory)
1239
1318
                                if (chroot(context->root_directory) < 0) {
 
1319
                                        err = -errno;
1240
1320
                                        r = EXIT_CHROOT;
1241
1321
                                        goto fail_child;
1242
1322
                                }
1243
1323
 
1244
1324
                        if (chdir(context->working_directory ? context->working_directory : "/") < 0) {
 
1325
                                err = -errno;
1245
1326
                                r = EXIT_CHDIR;
1246
1327
                                goto fail_child;
1247
1328
                        }
1252
1333
                        if (asprintf(&d, "%s/%s",
1253
1334
                                     context->root_directory ? context->root_directory : "",
1254
1335
                                     context->working_directory ? context->working_directory : "") < 0) {
 
1336
                                err = -ENOMEM;
1255
1337
                                r = EXIT_MEMORY;
1256
1338
                                goto fail_child;
1257
1339
                        }
1258
1340
 
1259
1341
                        if (chdir(d) < 0) {
 
1342
                                err = -errno;
1260
1343
                                free(d);
1261
1344
                                r = EXIT_CHDIR;
1262
1345
                                goto fail_child;
1267
1350
 
1268
1351
                /* We repeat the fd closing here, to make sure that
1269
1352
                 * nothing is leaked from the PAM modules */
1270
 
                if (close_all_fds(fds, n_fds) < 0 ||
1271
 
                    shift_fds(fds, n_fds) < 0 ||
1272
 
                    flags_fds(fds, n_fds, context->non_blocking) < 0) {
 
1353
                err = close_all_fds(fds, n_fds);
 
1354
                if (err >= 0)
 
1355
                        err = shift_fds(fds, n_fds);
 
1356
                if (err >= 0)
 
1357
                        err = flags_fds(fds, n_fds, context->non_blocking);
 
1358
                if (err < 0) {
1273
1359
                        r = EXIT_FDS;
1274
1360
                        goto fail_child;
1275
1361
                }
1281
1367
                                        continue;
1282
1368
 
1283
1369
                                if (setrlimit(i, context->rlimit[i]) < 0) {
 
1370
                                        err = -errno;
1284
1371
                                        r = EXIT_LIMITS;
1285
1372
                                        goto fail_child;
1286
1373
                                }
1287
1374
                        }
1288
1375
 
1289
 
                        if (context->capability_bounding_set_drop)
1290
 
                                if (do_capability_bounding_set_drop(context->capability_bounding_set_drop) < 0) {
 
1376
                        if (context->capability_bounding_set_drop) {
 
1377
                                err = do_capability_bounding_set_drop(context->capability_bounding_set_drop);
 
1378
                                if (err < 0) {
1291
1379
                                        r = EXIT_CAPABILITIES;
1292
1380
                                        goto fail_child;
1293
1381
                                }
 
1382
                        }
1294
1383
 
1295
 
                        if (context->user)
1296
 
                                if (enforce_user(context, uid) < 0) {
 
1384
                        if (context->user) {
 
1385
                                err = enforce_user(context, uid);
 
1386
                                if (err < 0) {
1297
1387
                                        r = EXIT_USER;
1298
1388
                                        goto fail_child;
1299
1389
                                }
 
1390
                        }
1300
1391
 
1301
1392
                        /* PR_GET_SECUREBITS is not privileged, while
1302
1393
                         * PR_SET_SECUREBITS is. So to suppress
1304
1395
                         * PR_SET_SECUREBITS unless necessary. */
1305
1396
                        if (prctl(PR_GET_SECUREBITS) != context->secure_bits)
1306
1397
                                if (prctl(PR_SET_SECUREBITS, context->secure_bits) < 0) {
 
1398
                                        err = -errno;
1307
1399
                                        r = EXIT_SECUREBITS;
1308
1400
                                        goto fail_child;
1309
1401
                                }
1310
1402
 
1311
1403
                        if (context->capabilities)
1312
1404
                                if (cap_set_proc(context->capabilities) < 0) {
 
1405
                                        err = -errno;
1313
1406
                                        r = EXIT_CAPABILITIES;
1314
1407
                                        goto fail_child;
1315
1408
                                }
1316
1409
                }
1317
1410
 
1318
1411
                if (!(our_env = new0(char*, 7))) {
 
1412
                        err = -ENOMEM;
1319
1413
                        r = EXIT_MEMORY;
1320
1414
                        goto fail_child;
1321
1415
                }
1323
1417
                if (n_fds > 0)
1324
1418
                        if (asprintf(our_env + n_env++, "LISTEN_PID=%lu", (unsigned long) getpid()) < 0 ||
1325
1419
                            asprintf(our_env + n_env++, "LISTEN_FDS=%u", n_fds) < 0) {
 
1420
                                err = -ENOMEM;
1326
1421
                                r = EXIT_MEMORY;
1327
1422
                                goto fail_child;
1328
1423
                        }
1329
1424
 
1330
1425
                if (home)
1331
1426
                        if (asprintf(our_env + n_env++, "HOME=%s", home) < 0) {
 
1427
                                err = -ENOMEM;
1332
1428
                                r = EXIT_MEMORY;
1333
1429
                                goto fail_child;
1334
1430
                        }
1336
1432
                if (username)
1337
1433
                        if (asprintf(our_env + n_env++, "LOGNAME=%s", username) < 0 ||
1338
1434
                            asprintf(our_env + n_env++, "USER=%s", username) < 0) {
 
1435
                                err = -ENOMEM;
1339
1436
                                r = EXIT_MEMORY;
1340
1437
                                goto fail_child;
1341
1438
                        }
1344
1441
                    context->std_output == EXEC_OUTPUT_TTY ||
1345
1442
                    context->std_error == EXEC_OUTPUT_TTY)
1346
1443
                        if (!(our_env[n_env++] = strdup(default_term_for_tty(tty_path(context))))) {
 
1444
                                err = -ENOMEM;
1347
1445
                                r = EXIT_MEMORY;
1348
1446
                                goto fail_child;
1349
1447
                        }
1358
1456
                                      files_env,
1359
1457
                                      pam_env,
1360
1458
                                      NULL))) {
 
1459
                        err = -ENOMEM;
1361
1460
                        r = EXIT_MEMORY;
1362
1461
                        goto fail_child;
1363
1462
                }
1364
1463
 
1365
1464
                if (!(final_argv = replace_env_argv(argv, final_env))) {
 
1465
                        err = -ENOMEM;
1366
1466
                        r = EXIT_MEMORY;
1367
1467
                        goto fail_child;
1368
1468
                }
1370
1470
                final_env = strv_env_clean(final_env);
1371
1471
 
1372
1472
                execve(command->path, final_argv, final_env);
 
1473
                err = -errno;
1373
1474
                r = EXIT_EXEC;
1374
1475
 
1375
1476
        fail_child:
 
1477
                if (r != 0) {
 
1478
                        log_open();
 
1479
                        log_warning("Failed at step %s spawning %s: %s",
 
1480
                                    exit_status_to_string(r, EXIT_STATUS_SYSTEMD),
 
1481
                                    command->path, strerror(-err));
 
1482
                }
 
1483
 
1376
1484
                strv_free(our_env);
1377
1485
                strv_free(final_env);
1378
1486
                strv_free(pam_env);
1422
1530
        c->mount_flags = MS_SHARED;
1423
1531
        c->kill_signal = SIGTERM;
1424
1532
        c->send_sigkill = true;
 
1533
        c->control_group_persistent = -1;
 
1534
        c->ignore_sigpipe = true;
1425
1535
}
1426
1536
 
1427
1537
void exec_context_done(ExecContext *c) {
1607
1717
                "%sNonBlocking: %s\n"
1608
1718
                "%sPrivateTmp: %s\n"
1609
1719
                "%sControlGroupModify: %s\n"
 
1720
                "%sControlGroupPersistent: %s\n"
1610
1721
                "%sPrivateNetwork: %s\n",
1611
1722
                prefix, c->umask,
1612
1723
                prefix, c->working_directory ? c->working_directory : "/",
1614
1725
                prefix, yes_no(c->non_blocking),
1615
1726
                prefix, yes_no(c->private_tmp),
1616
1727
                prefix, yes_no(c->control_group_modify),
 
1728
                prefix, yes_no(c->control_group_persistent),
1617
1729
                prefix, yes_no(c->private_network));
1618
1730
 
1619
1731
        STRV_FOREACH(e, c->environment)
1687
1799
                        prefix, yes_no(c->tty_vhangup),
1688
1800
                        prefix, yes_no(c->tty_vt_disallocate));
1689
1801
 
1690
 
        if (c->std_output == EXEC_OUTPUT_SYSLOG || c->std_output == EXEC_OUTPUT_KMSG ||
1691
 
            c->std_output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE || c->std_output == EXEC_OUTPUT_KMSG_AND_CONSOLE ||
1692
 
            c->std_error == EXEC_OUTPUT_SYSLOG || c->std_error == EXEC_OUTPUT_KMSG ||
1693
 
            c->std_error == EXEC_OUTPUT_SYSLOG_AND_CONSOLE || c->std_error == EXEC_OUTPUT_KMSG_AND_CONSOLE)
 
1802
        if (c->std_output == EXEC_OUTPUT_SYSLOG || c->std_output == EXEC_OUTPUT_KMSG || c->std_output == EXEC_OUTPUT_JOURNAL ||
 
1803
            c->std_output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE || c->std_output == EXEC_OUTPUT_KMSG_AND_CONSOLE || c->std_output == EXEC_OUTPUT_JOURNAL_AND_CONSOLE ||
 
1804
            c->std_error == EXEC_OUTPUT_SYSLOG || c->std_error == EXEC_OUTPUT_KMSG || c->std_error == EXEC_OUTPUT_JOURNAL ||
 
1805
            c->std_error == EXEC_OUTPUT_SYSLOG_AND_CONSOLE || c->std_error == EXEC_OUTPUT_KMSG_AND_CONSOLE || c->std_error == EXEC_OUTPUT_JOURNAL_AND_CONSOLE)
1694
1806
                fprintf(f,
1695
1807
                        "%sSyslogFacility: %s\n"
1696
1808
                        "%sSyslogLevel: %s\n",
1720
1832
                unsigned long l;
1721
1833
                fprintf(f, "%sCapabilityBoundingSet:", prefix);
1722
1834
 
1723
 
                for (l = 0; l <= (unsigned long) CAP_LAST_CAP; l++)
 
1835
                for (l = 0; l <= cap_last_cap(); l++)
1724
1836
                        if (!(c->capability_bounding_set_drop & ((uint64_t) 1ULL << (uint64_t) l))) {
1725
1837
                                char *t;
1726
1838
 
1768
1880
        fprintf(f,
1769
1881
                "%sKillMode: %s\n"
1770
1882
                "%sKillSignal: SIG%s\n"
1771
 
                "%sSendSIGKILL: %s\n",
 
1883
                "%sSendSIGKILL: %s\n"
 
1884
                "%sIgnoreSIGPIPE: %s\n",
1772
1885
                prefix, kill_mode_to_string(c->kill_mode),
1773
1886
                prefix, signal_to_string(c->kill_signal),
1774
 
                prefix, yes_no(c->send_sigkill));
 
1887
                prefix, yes_no(c->send_sigkill),
 
1888
                prefix, yes_no(c->ignore_sigpipe));
1775
1889
 
1776
1890
        if (c->utmp_id)
1777
1891
                fprintf(f,
1790
1904
void exec_status_exit(ExecStatus *s, ExecContext *context, pid_t pid, int code, int status) {
1791
1905
        assert(s);
1792
1906
 
1793
 
        if ((s->pid && s->pid != pid) ||
1794
 
            !s->start_timestamp.realtime <= 0)
 
1907
        if (s->pid && s->pid != pid)
1795
1908
                zero(*s);
1796
1909
 
1797
1910
        s->pid = pid;
1975
2088
        [EXEC_OUTPUT_SYSLOG_AND_CONSOLE] = "syslog+console",
1976
2089
        [EXEC_OUTPUT_KMSG] = "kmsg",
1977
2090
        [EXEC_OUTPUT_KMSG_AND_CONSOLE] = "kmsg+console",
 
2091
        [EXEC_OUTPUT_JOURNAL] = "journal",
 
2092
        [EXEC_OUTPUT_JOURNAL_AND_CONSOLE] = "journal+console",
1978
2093
        [EXEC_OUTPUT_SOCKET] = "socket"
1979
2094
};
1980
2095