174
174
static int connect_logger_as(const ExecContext *context, ExecOutput output, const char *ident, int nfd) {
178
struct sockaddr_un un;
176
union sockaddr_union sa;
182
179
assert(output < _EXEC_OUTPUT_MAX);
184
181
assert(nfd >= 0);
186
if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
183
fd = socket(AF_UNIX, SOCK_STREAM, 0);
190
sa.sa.sa_family = AF_UNIX;
191
strncpy(sa.un.sun_path, STDOUT_SYSLOG_BRIDGE_SOCKET, sizeof(sa.un.sun_path));
188
sa.un.sun_family = AF_UNIX;
189
strncpy(sa.un.sun_path, "/run/systemd/journal/stdout", sizeof(sa.un.sun_path));
193
if (connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + sizeof(STDOUT_SYSLOG_BRIDGE_SOCKET) - 1) < 0) {
191
r = connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path));
194
193
close_nointr_nofail(fd);
203
/* We speak a very simple protocol between log server
204
* and client: one line for the log destination (kmsg
205
* or syslog), followed by the priority field,
206
* followed by the process name. Since we replaced
207
* stdin/stderr we simple use stdio to write to
208
* it. Note that we use stderr, to minimize buffer
209
* flushing issues. */
216
output == EXEC_OUTPUT_KMSG ? "kmsg" :
217
output == EXEC_OUTPUT_KMSG_AND_CONSOLE ? "kmsg+console" :
218
output == EXEC_OUTPUT_SYSLOG ? "syslog" :
209
context->syslog_identifier ? context->syslog_identifier : ident,
220
210
context->syslog_priority,
221
context->syslog_identifier ? context->syslog_identifier : ident,
222
context->syslog_level_prefix);
211
!!context->syslog_level_prefix,
212
output == EXEC_OUTPUT_SYSLOG || output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE,
213
output == EXEC_OUTPUT_KMSG || output == EXEC_OUTPUT_KMSG_AND_CONSOLE,
214
output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE || output == EXEC_OUTPUT_KMSG_AND_CONSOLE || output == EXEC_OUTPUT_JOURNAL_AND_CONSOLE);
225
217
r = dup2(fd, nfd) < 0 ? -errno : nfd;
922
static void rename_process_from_path(const char *path) {
923
char process_name[11];
927
/* This resulting string must fit in 10 chars (i.e. the length
928
* of "/sbin/init") to look pretty in /bin/ps */
930
p = file_name_from_path(path);
932
rename_process("(...)");
938
/* The end of the process name is usually more
939
* interesting, since the first bit might just be
945
process_name[0] = '(';
946
memcpy(process_name+1, p, l);
947
process_name[1+l] = ')';
948
process_name[1+l+1] = 0;
950
rename_process(process_name);
923
953
int exec_spawn(ExecCommand *command,
925
955
const ExecContext *context,
994
1024
char **our_env = NULL, **pam_env = NULL, **final_env = NULL, **final_argv = NULL;
995
1025
unsigned n_env = 0;
996
1026
int saved_stdout = -1, saved_stdin = -1;
997
bool keep_stdout = false, keep_stdin = false;
1027
bool keep_stdout = false, keep_stdin = false, set_access = false;
1001
/* This string must fit in 10 chars (i.e. the length
1002
* of "/sbin/init") */
1003
rename_process("sd(EXEC)");
1031
rename_process_from_path(command->path);
1005
1033
/* We reset exactly these signals, since they are the
1006
1034
* only ones we set to SIG_IGN in the main daemon. All
1010
1038
default_signals(SIGNALS_CRASH_HANDLER,
1011
1039
SIGNALS_IGNORE, -1);
1013
if (sigemptyset(&ss) < 0 ||
1014
sigprocmask(SIG_SETMASK, &ss, NULL) < 0) {
1041
if (context->ignore_sigpipe)
1042
ignore_signals(SIGPIPE, -1);
1044
assert_se(sigemptyset(&ss) == 0);
1045
if (sigprocmask(SIG_SETMASK, &ss, NULL) < 0) {
1015
1047
r = EXIT_SIGNAL_MASK;
1016
1048
goto fail_child;
1019
1051
/* Close sockets very early to make sure we don't
1020
1052
* block init reexecution because it cannot bind its
1022
if (close_all_fds(socket_fd >= 0 ? &socket_fd : fds,
1023
socket_fd >= 0 ? 1 : n_fds) < 0) {
1055
err = close_all_fds(socket_fd >= 0 ? &socket_fd : fds,
1056
socket_fd >= 0 ? 1 : n_fds);
1025
1059
goto fail_child;
1028
1062
if (!context->same_pgrp)
1029
1063
if (setsid() < 0) {
1030
1065
r = EXIT_SETSID;
1031
1066
goto fail_child;
1056
1093
/* Set up terminal for the question */
1057
1094
if ((r = setup_confirm_stdio(context,
1058
&saved_stdin, &saved_stdout)))
1095
&saved_stdin, &saved_stdout))) {
1059
1097
goto fail_child;
1061
1100
/* Now ask the question. */
1062
1101
if (!(line = exec_command_line(argv))) {
1063
1103
r = EXIT_MEMORY;
1064
1104
goto fail_child;
1070
1110
if (r < 0 || response == 'n') {
1071
1112
r = EXIT_CONFIRM;
1072
1113
goto fail_child;
1073
1114
} else if (response == 's') {
1075
1116
goto fail_child;
1078
1119
/* Release terminal for the question */
1079
1120
if ((r = restore_confirm_stdio(context,
1080
1121
&saved_stdin, &saved_stdout,
1081
&keep_stdin, &keep_stdout)))
1122
&keep_stdin, &keep_stdout))) {
1082
1124
goto fail_child;
1085
1128
/* If a socket is connected to STDIN/STDOUT/STDERR, we
1087
1130
if (socket_fd >= 0)
1088
1131
fd_nonblock(socket_fd, false);
1091
if (setup_input(context, socket_fd, apply_tty_stdin) < 0) {
1134
err = setup_input(context, socket_fd, apply_tty_stdin);
1092
1136
r = EXIT_STDIN;
1093
1137
goto fail_child;
1097
if (setup_output(context, socket_fd, file_name_from_path(command->path), apply_tty_stdin) < 0) {
1142
err = setup_output(context, socket_fd, file_name_from_path(command->path), apply_tty_stdin);
1098
1144
r = EXIT_STDOUT;
1099
1145
goto fail_child;
1102
if (setup_error(context, socket_fd, file_name_from_path(command->path), apply_tty_stdin) < 0) {
1149
err = setup_error(context, socket_fd, file_name_from_path(command->path), apply_tty_stdin);
1103
1151
r = EXIT_STDERR;
1104
1152
goto fail_child;
1107
if (cgroup_bondings)
1108
if (cgroup_bonding_install_list(cgroup_bondings, 0) < 0) {
1155
if (cgroup_bondings) {
1156
err = cgroup_bonding_install_list(cgroup_bondings, 0);
1109
1158
r = EXIT_CGROUP;
1110
1159
goto fail_child;
1113
1163
if (context->oom_score_adjust_set) {
1157
1210
if (context->cpuset)
1158
1211
if (sched_setaffinity(0, CPU_ALLOC_SIZE(context->cpuset_ncpus), context->cpuset) < 0) {
1159
1213
r = EXIT_CPUAFFINITY;
1160
1214
goto fail_child;
1163
1217
if (context->ioprio_set)
1164
1218
if (ioprio_set(IOPRIO_WHO_PROCESS, 0, context->ioprio) < 0) {
1165
1220
r = EXIT_IOPRIO;
1166
1221
goto fail_child;
1169
1224
if (context->timer_slack_nsec_set)
1170
1225
if (prctl(PR_SET_TIMERSLACK, context->timer_slack_nsec) < 0) {
1171
1227
r = EXIT_TIMERSLACK;
1172
1228
goto fail_child;
1175
1231
if (context->utmp_id)
1176
utmp_put_init_process(0, context->utmp_id, getpid(), getsid(0), context->tty_path);
1232
utmp_put_init_process(context->utmp_id, getpid(), getsid(0), context->tty_path);
1178
1234
if (context->user) {
1179
1235
username = context->user;
1180
if (get_user_creds(&username, &uid, &gid, &home) < 0) {
1236
err = get_user_creds(&username, &uid, &gid, &home);
1182
1239
goto fail_child;
1185
if (is_terminal_input(context->std_input))
1186
if (chown_terminal(STDIN_FILENO, uid) < 0) {
1242
if (is_terminal_input(context->std_input)) {
1243
err = chown_terminal(STDIN_FILENO, uid);
1187
1245
r = EXIT_STDIN;
1188
1246
goto fail_child;
1191
if (cgroup_bondings && context->control_group_modify)
1192
if (cgroup_bonding_set_group_access_list(cgroup_bondings, 0755, uid, gid) < 0 ||
1193
cgroup_bonding_set_task_access_list(cgroup_bondings, 0644, uid, gid) < 0) {
1250
if (cgroup_bondings && context->control_group_modify) {
1251
err = cgroup_bonding_set_group_access_list(cgroup_bondings, 0755, uid, gid);
1253
err = cgroup_bonding_set_task_access_list(cgroup_bondings, 0644, uid, gid, context->control_group_persistent);
1194
1255
r = EXIT_CGROUP;
1195
1256
goto fail_child;
1199
if (apply_permissions)
1200
if (enforce_groups(context, username, gid) < 0) {
1263
if (cgroup_bondings && !set_access && context->control_group_persistent >= 0) {
1264
err = cgroup_bonding_set_task_access_list(cgroup_bondings, (mode_t) -1, (uid_t) -1, (uid_t) -1, context->control_group_persistent);
1271
if (apply_permissions) {
1272
err = enforce_groups(context, username, gid);
1201
1274
r = EXIT_GROUP;
1202
1275
goto fail_child;
1205
1279
umask(context->umask);
1207
1281
#ifdef HAVE_PAM
1208
1282
if (context->pam_name && username) {
1209
if (setup_pam(context->pam_name, username, context->tty_path, &pam_env, fds, n_fds) != 0) {
1283
err = setup_pam(context->pam_name, username, context->tty_path, &pam_env, fds, n_fds);
1211
1286
goto fail_child;
1225
1301
strv_length(context->read_only_dirs) > 0 ||
1226
1302
strv_length(context->inaccessible_dirs) > 0 ||
1227
1303
context->mount_flags != MS_SHARED ||
1228
context->private_tmp)
1229
if ((r = setup_namespace(
1230
context->read_write_dirs,
1231
context->read_only_dirs,
1232
context->inaccessible_dirs,
1233
context->private_tmp,
1234
context->mount_flags)) < 0)
1304
context->private_tmp) {
1305
err = setup_namespace(context->read_write_dirs,
1306
context->read_only_dirs,
1307
context->inaccessible_dirs,
1308
context->private_tmp,
1309
context->mount_flags);
1235
1312
goto fail_child;
1237
1316
if (apply_chroot) {
1238
1317
if (context->root_directory)
1239
1318
if (chroot(context->root_directory) < 0) {
1240
1320
r = EXIT_CHROOT;
1241
1321
goto fail_child;
1244
1324
if (chdir(context->working_directory ? context->working_directory : "/") < 0) {
1245
1326
r = EXIT_CHDIR;
1246
1327
goto fail_child;
1268
1351
/* We repeat the fd closing here, to make sure that
1269
1352
* nothing is leaked from the PAM modules */
1270
if (close_all_fds(fds, n_fds) < 0 ||
1271
shift_fds(fds, n_fds) < 0 ||
1272
flags_fds(fds, n_fds, context->non_blocking) < 0) {
1353
err = close_all_fds(fds, n_fds);
1355
err = shift_fds(fds, n_fds);
1357
err = flags_fds(fds, n_fds, context->non_blocking);
1274
1360
goto fail_child;
1283
1369
if (setrlimit(i, context->rlimit[i]) < 0) {
1284
1371
r = EXIT_LIMITS;
1285
1372
goto fail_child;
1289
if (context->capability_bounding_set_drop)
1290
if (do_capability_bounding_set_drop(context->capability_bounding_set_drop) < 0) {
1376
if (context->capability_bounding_set_drop) {
1377
err = do_capability_bounding_set_drop(context->capability_bounding_set_drop);
1291
1379
r = EXIT_CAPABILITIES;
1292
1380
goto fail_child;
1296
if (enforce_user(context, uid) < 0) {
1384
if (context->user) {
1385
err = enforce_user(context, uid);
1298
1388
goto fail_child;
1301
1392
/* PR_GET_SECUREBITS is not privileged, while
1302
1393
* PR_SET_SECUREBITS is. So to suppress
1304
1395
* PR_SET_SECUREBITS unless necessary. */
1305
1396
if (prctl(PR_GET_SECUREBITS) != context->secure_bits)
1306
1397
if (prctl(PR_SET_SECUREBITS, context->secure_bits) < 0) {
1307
1399
r = EXIT_SECUREBITS;
1308
1400
goto fail_child;
1311
1403
if (context->capabilities)
1312
1404
if (cap_set_proc(context->capabilities) < 0) {
1313
1406
r = EXIT_CAPABILITIES;
1314
1407
goto fail_child;
1318
1411
if (!(our_env = new0(char*, 7))) {
1319
1413
r = EXIT_MEMORY;
1320
1414
goto fail_child;
1370
1470
final_env = strv_env_clean(final_env);
1372
1472
execve(command->path, final_argv, final_env);
1479
log_warning("Failed at step %s spawning %s: %s",
1480
exit_status_to_string(r, EXIT_STATUS_SYSTEMD),
1481
command->path, strerror(-err));
1376
1484
strv_free(our_env);
1377
1485
strv_free(final_env);
1378
1486
strv_free(pam_env);
1614
1725
prefix, yes_no(c->non_blocking),
1615
1726
prefix, yes_no(c->private_tmp),
1616
1727
prefix, yes_no(c->control_group_modify),
1728
prefix, yes_no(c->control_group_persistent),
1617
1729
prefix, yes_no(c->private_network));
1619
1731
STRV_FOREACH(e, c->environment)
1687
1799
prefix, yes_no(c->tty_vhangup),
1688
1800
prefix, yes_no(c->tty_vt_disallocate));
1690
if (c->std_output == EXEC_OUTPUT_SYSLOG || c->std_output == EXEC_OUTPUT_KMSG ||
1691
c->std_output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE || c->std_output == EXEC_OUTPUT_KMSG_AND_CONSOLE ||
1692
c->std_error == EXEC_OUTPUT_SYSLOG || c->std_error == EXEC_OUTPUT_KMSG ||
1693
c->std_error == EXEC_OUTPUT_SYSLOG_AND_CONSOLE || c->std_error == EXEC_OUTPUT_KMSG_AND_CONSOLE)
1802
if (c->std_output == EXEC_OUTPUT_SYSLOG || c->std_output == EXEC_OUTPUT_KMSG || c->std_output == EXEC_OUTPUT_JOURNAL ||
1803
c->std_output == EXEC_OUTPUT_SYSLOG_AND_CONSOLE || c->std_output == EXEC_OUTPUT_KMSG_AND_CONSOLE || c->std_output == EXEC_OUTPUT_JOURNAL_AND_CONSOLE ||
1804
c->std_error == EXEC_OUTPUT_SYSLOG || c->std_error == EXEC_OUTPUT_KMSG || c->std_error == EXEC_OUTPUT_JOURNAL ||
1805
c->std_error == EXEC_OUTPUT_SYSLOG_AND_CONSOLE || c->std_error == EXEC_OUTPUT_KMSG_AND_CONSOLE || c->std_error == EXEC_OUTPUT_JOURNAL_AND_CONSOLE)
1695
1807
"%sSyslogFacility: %s\n"
1696
1808
"%sSyslogLevel: %s\n",
1769
1881
"%sKillMode: %s\n"
1770
1882
"%sKillSignal: SIG%s\n"
1771
"%sSendSIGKILL: %s\n",
1883
"%sSendSIGKILL: %s\n"
1884
"%sIgnoreSIGPIPE: %s\n",
1772
1885
prefix, kill_mode_to_string(c->kill_mode),
1773
1886
prefix, signal_to_string(c->kill_signal),
1774
prefix, yes_no(c->send_sigkill));
1887
prefix, yes_no(c->send_sigkill),
1888
prefix, yes_no(c->ignore_sigpipe));
1776
1890
if (c->utmp_id)
1975
2088
[EXEC_OUTPUT_SYSLOG_AND_CONSOLE] = "syslog+console",
1976
2089
[EXEC_OUTPUT_KMSG] = "kmsg",
1977
2090
[EXEC_OUTPUT_KMSG_AND_CONSOLE] = "kmsg+console",
2091
[EXEC_OUTPUT_JOURNAL] = "journal",
2092
[EXEC_OUTPUT_JOURNAL_AND_CONSOLE] = "journal+console",
1978
2093
[EXEC_OUTPUT_SOCKET] = "socket"