load-fragment.c 65.8 KB
Newer Older
1
2
/*-*- Mode: C; c-basic-offset: 8 -*-*/

3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

Lennart Poettering's avatar
Lennart Poettering committed
22
#include <linux/oom.h>
23
24
25
#include <assert.h>
#include <errno.h>
#include <string.h>
Lennart Poettering's avatar
Lennart Poettering committed
26
27
#include <unistd.h>
#include <fcntl.h>
28
29
#include <sched.h>
#include <sys/prctl.h>
30
#include <sys/mount.h>
Kay Sievers's avatar
Kay Sievers committed
31
#include <linux/fs.h>
32
#include <sys/stat.h>
33

Lennart Poettering's avatar
Lennart Poettering committed
34
#include "unit.h"
35
36
37
#include "strv.h"
#include "conf-parser.h"
#include "load-fragment.h"
38
#include "log.h"
39
#include "ioprio.h"
40
41
#include "securebits.h"
#include "missing.h"
42
#include "unit-name.h"
43
#include "bus-errors.h"
44

45
46
#define COMMENTS "#;\n"

47
static int config_parse_deps(
48
49
50
51
52
53
54
55
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

Lennart Poettering's avatar
Lennart Poettering committed
56
57
        UnitDependency d = PTR_TO_UINT(data);
        Unit *u = userdata;
58
59
60
61
62
63
64
65
        char *w;
        size_t l;
        char *state;

        assert(filename);
        assert(lvalue);
        assert(rvalue);

66
        FOREACH_WORD_QUOTED(w, l, rvalue, state) {
67
                char *t, *k;
68
69
70
71
72
                int r;

                if (!(t = strndup(w, l)))
                        return -ENOMEM;

73
                k = unit_name_printf(u, t);
74
75
                free(t);

76
77
78
                if (!k)
                        return -ENOMEM;

79
                r = unit_add_dependency_by_name(u, d, k, NULL, true);
80
81
                free(k);

82
83
84
85
86
87
88
                if (r < 0)
                        return r;
        }

        return 0;
}

89
static int config_parse_names(
90
91
92
93
94
95
96
97
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

Lennart Poettering's avatar
Lennart Poettering committed
98
        Unit *u = userdata;
99
100
101
102
103
104
105
106
107
        char *w;
        size_t l;
        char *state;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

108
        FOREACH_WORD_QUOTED(w, l, rvalue, state) {
109
                char *t, *k;
110
111
112
113
114
                int r;

                if (!(t = strndup(w, l)))
                        return -ENOMEM;

115
                k = unit_name_printf(u, t);
116
                free(t);
117

118
119
120
121
122
123
                if (!k)
                        return -ENOMEM;

                r = unit_merge_by_name(u, k);
                free(k);

124
125
                if (r < 0)
                        return r;
126
127
128
129
130
        }

        return 0;
}

131
static int config_parse_string_printf(
132
133
134
135
136
137
138
139
140
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

        Unit *u = userdata;
141
        char **s = data;
142
143
144
145
146
        char *k;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
147
148
        assert(s);
        assert(u);
149
150
151
152

        if (!(k = unit_full_printf(u, rvalue)))
                return -ENOMEM;

153
        free(*s);
154
        if (*k)
155
                *s = k;
156
157
        else {
                free(k);
158
                *s = NULL;
159
160
161
162
163
        }

        return 0;
}

164
165
166
167
168
169
170
171
172
static int config_parse_listen(
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

173
        int r;
Lennart Poettering's avatar
Lennart Poettering committed
174
175
        SocketPort *p;
        Socket *s;
176

177
178
179
180
181
        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

Lennart Poettering's avatar
Lennart Poettering committed
182
183
184
185
186
187
188
189
190
191
192
193
        s = (Socket*) data;

        if (!(p = new0(SocketPort, 1)))
                return -ENOMEM;

        if (streq(lvalue, "ListenFIFO")) {
                p->type = SOCKET_FIFO;

                if (!(p->path = strdup(rvalue))) {
                        free(p);
                        return -ENOMEM;
                }
194
195

                path_kill_slashes(p->path);
Lennart Poettering's avatar
Lennart Poettering committed
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
        } else {
                p->type = SOCKET_SOCKET;

                if ((r = socket_address_parse(&p->address, rvalue)) < 0) {
                        log_error("[%s:%u] Failed to parse address value: %s", filename, line, rvalue);
                        free(p);
                        return r;
                }

                if (streq(lvalue, "ListenStream"))
                        p->address.type = SOCK_STREAM;
                else if (streq(lvalue, "ListenDatagram"))
                        p->address.type = SOCK_DGRAM;
                else {
                        assert(streq(lvalue, "ListenSequentialPacket"));
                        p->address.type = SOCK_SEQPACKET;
                }

                if (socket_address_family(&p->address) != AF_LOCAL && p->address.type == SOCK_SEQPACKET) {
                        free(p);
                        return -EPROTONOSUPPORT;
                }
218
219
        }

Lennart Poettering's avatar
Lennart Poettering committed
220
        p->fd = -1;
221
        LIST_PREPEND(SocketPort, port, s->ports, p);
Lennart Poettering's avatar
Lennart Poettering committed
222

223
        return 0;
224
225
}

226
static int config_parse_socket_bind(
227
228
229
230
231
232
233
234
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

Lennart Poettering's avatar
Lennart Poettering committed
235
        Socket *s;
236
        SocketAddressBindIPv6Only b;
237
238
239
240
241
242

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

Lennart Poettering's avatar
Lennart Poettering committed
243
244
        s = (Socket*) data;

245
246
247
248
249
250
251
        if ((b = socket_address_bind_ipv6_only_from_string(rvalue)) < 0) {
                int r;

                if ((r = parse_boolean(rvalue)) < 0) {
                        log_error("[%s:%u] Failed to parse bind IPv6 only value: %s", filename, line, rvalue);
                        return -EBADMSG;
                }
252

253
254
255
                s->bind_ipv6_only = r ? SOCKET_ADDRESS_IPV6_ONLY : SOCKET_ADDRESS_BOTH;
        } else
                s->bind_ipv6_only = b;
Lennart Poettering's avatar
Lennart Poettering committed
256

257
258
259
        return 0;
}

260
261
262
263
264
265
266
267
268
static int config_parse_nice(
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

269
270
        ExecContext *c = data;
        int priority, r;
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

        if ((r = safe_atoi(rvalue, &priority)) < 0) {
                log_error("[%s:%u] Failed to parse nice priority: %s", filename, line, rvalue);
                return r;
        }

        if (priority < PRIO_MIN || priority >= PRIO_MAX) {
                log_error("[%s:%u] Nice priority out of range: %s", filename, line, rvalue);
                return -ERANGE;
        }

287
288
289
        c->nice = priority;
        c->nice_set = false;

290
291
292
293
294
295
296
297
298
299
300
301
        return 0;
}

static int config_parse_oom_adjust(
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

302
303
        ExecContext *c = data;
        int oa, r;
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

        if ((r = safe_atoi(rvalue, &oa)) < 0) {
                log_error("[%s:%u] Failed to parse OOM adjust value: %s", filename, line, rvalue);
                return r;
        }

        if (oa < OOM_DISABLE || oa > OOM_ADJUST_MAX) {
                log_error("[%s:%u] OOM adjust value out of range: %s", filename, line, rvalue);
                return -ERANGE;
        }

320
321
322
        c->oom_adjust = oa;
        c->oom_adjust_set = true;

323
324
325
        return 0;
}

326
static int config_parse_mode(
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

        mode_t *m = data;
        long l;
        char *x = NULL;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

        errno = 0;
        l = strtol(rvalue, &x, 8);
        if (!x || *x || errno) {
347
                log_error("[%s:%u] Failed to parse mode value: %s", filename, line, rvalue);
348
349
350
                return errno ? -errno : -EINVAL;
        }

351
352
        if (l < 0000 || l > 07777) {
                log_error("[%s:%u] mode value out of range: %s", filename, line, rvalue);
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
                return -ERANGE;
        }

        *m = (mode_t) l;
        return 0;
}

static int config_parse_exec(
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

369
370
        ExecCommand **e = data, *nce;
        char *path, **n;
371
372
373
374
375
        unsigned k;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
376
        assert(e);
377

378
379
380
381
        /* We accept an absolute path as first argument, or
         * alternatively an absolute prefixed with @ to allow
         * overriding of argv[0]. */

382
383
384
385
        for (;;) {
                char *w;
                size_t l;
                char *state;
386
                bool honour_argv0 = false, ignore = false;
387

388
389
390
                path = NULL;
                nce = NULL;
                n = NULL;
391

392
                rvalue += strspn(rvalue, WHITESPACE);
393

394
395
                if (rvalue[0] == 0)
                        break;
396

397
398
399
400
401
402
403
404
405
                if (rvalue[0] == '-') {
                        ignore = true;
                        rvalue ++;
                }

                if (rvalue[0] == '@') {
                        honour_argv0 = true;
                        rvalue ++;
                }
406

407
                if (*rvalue != '/') {
408
409
                        log_error("[%s:%u] Invalid executable path in command line: %s", filename, line, rvalue);
                        return -EINVAL;
410
                }
411

412
413
414
415
                k = 0;
                FOREACH_WORD_QUOTED(w, l, rvalue, state) {
                        if (strncmp(w, ";", l) == 0)
                                break;
416

417
418
                        k++;
                }
419

420
                if (!(n = new(char*, k + !honour_argv0)))
421
422
423
424
425
426
427
                        return -ENOMEM;

                k = 0;
                FOREACH_WORD_QUOTED(w, l, rvalue, state) {
                        if (strncmp(w, ";", l) == 0)
                                break;

428
429
430
                        if (honour_argv0 && w == rvalue) {
                                assert(!path);
                                if (!(path = cunescape_length(w, l)))
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
                                        goto fail;
                        } else {
                                if (!(n[k++] = cunescape_length(w, l)))
                                        goto fail;
                        }
                }

                n[k] = NULL;

                if (!n[0]) {
                        log_error("[%s:%u] Invalid command line: %s", filename, line, rvalue);
                        strv_free(n);
                        return -EINVAL;
                }

                if (!path)
                        if (!(path = strdup(n[0])))
                                goto fail;
449

450
                assert(path_is_absolute(path));
451

452
453
454
455
456
                if (!(nce = new0(ExecCommand, 1)))
                        goto fail;

                nce->argv = n;
                nce->path = path;
457
                nce->ignore = ignore;
458

459
                path_kill_slashes(nce->path);
460

461
                exec_command_append_list(e, nce);
462

463
464
                rvalue = state;
        }
465
466
467
468

        return 0;

fail:
469
470
471
        n[k] = NULL;
        strv_free(n);
        free(path);
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
        free(nce);

        return -ENOMEM;
}

static int config_parse_usec(
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

        usec_t *usec = data;
        int r;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

494
        if ((r = parse_usec(rvalue, usec)) < 0) {
495
496
497
498
499
500
501
                log_error("[%s:%u] Failed to parse time value: %s", filename, line, rvalue);
                return r;
        }

        return 0;
}

502
503
static DEFINE_CONFIG_PARSE_ENUM(config_parse_service_type, service_type, ServiceType, "Failed to parse service type");
static DEFINE_CONFIG_PARSE_ENUM(config_parse_service_restart, service_restart, ServiceRestart, "Failed to parse service restart specifier");
504

505
static int config_parse_bindtodevice(
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

        Socket *s = data;
        char *n;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

        if (rvalue[0] && !streq(rvalue, "*")) {
                if (!(n = strdup(rvalue)))
                        return -ENOMEM;
        } else
                n = NULL;

        free(s->bind_to_device);
        s->bind_to_device = n;

        return 0;
}

534
535
static DEFINE_CONFIG_PARSE_ENUM(config_parse_output, exec_output, ExecOutput, "Failed to parse output specifier");
static DEFINE_CONFIG_PARSE_ENUM(config_parse_input, exec_input, ExecInput, "Failed to parse input specifier");
Lennart Poettering's avatar
Lennart Poettering committed
536

537
static int config_parse_facility(
538
539
540
541
542
543
544
545
546
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {


547
        int *o = data, x;
548
549
550
551
552
553

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

554
555
556
557
        if ((x = log_facility_from_string(rvalue)) < 0) {
                log_error("[%s:%u] Failed to parse log facility: %s", filename, line, rvalue);
                return -EBADMSG;
        }
558
559

        *o = LOG_MAKEPRI(x, LOG_PRI(*o));
560
561
562
563

        return 0;
}

564
static int config_parse_level(
565
566
567
568
569
570
571
572
573
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {


574
        int *o = data, x;
575
576
577
578
579
580

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

581
582
583
584
        if ((x = log_level_from_string(rvalue)) < 0) {
                log_error("[%s:%u] Failed to parse log level: %s", filename, line, rvalue);
                return -EBADMSG;
        }
585

586
587
588
589
        *o = LOG_MAKEPRI(LOG_FAC(*o), x);
        return 0;
}

590
static int config_parse_io_class(
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

        ExecContext *c = data;
        int x;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

607
608
609
610
        if ((x = ioprio_class_from_string(rvalue)) < 0) {
                log_error("[%s:%u] Failed to parse IO scheduling class: %s", filename, line, rvalue);
                return -EBADMSG;
        }
611
612
613
614
615
616
617

        c->ioprio = IOPRIO_PRIO_VALUE(x, IOPRIO_PRIO_DATA(c->ioprio));
        c->ioprio_set = true;

        return 0;
}

618
static int config_parse_io_priority(
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

        ExecContext *c = data;
        int i;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

        if (safe_atoi(rvalue, &i) < 0 || i < 0 || i >= IOPRIO_BE_NR) {
                log_error("[%s:%u] Failed to parse io priority: %s", filename, line, rvalue);
                return -EBADMSG;
638
639
        }

640
641
642
        c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_PRIO_CLASS(c->ioprio), i);
        c->ioprio_set = true;

643
644
645
        return 0;
}

646
static int config_parse_cpu_sched_policy(
647
648
649
650
651
652
653
654
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

655
656
657
658
659
660
661
662
663

        ExecContext *c = data;
        int x;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

664
665
666
667
        if ((x = sched_policy_from_string(rvalue)) < 0) {
                log_error("[%s:%u] Failed to parse CPU scheduling policy: %s", filename, line, rvalue);
                return -EBADMSG;
        }
668
669
670
671
672
673
674

        c->cpu_sched_policy = x;
        c->cpu_sched_set = true;

        return 0;
}

675
static int config_parse_cpu_sched_prio(
676
677
678
679
680
681
682
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {
683
684
685
686
687
688
689
690
691

        ExecContext *c = data;
        int i;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

692
693
694
695
696
        /* On Linux RR/FIFO have the same range */
        if (safe_atoi(rvalue, &i) < 0 || i < sched_get_priority_min(SCHED_RR) || i > sched_get_priority_max(SCHED_RR)) {
                log_error("[%s:%u] Failed to parse CPU scheduling priority: %s", filename, line, rvalue);
                return -EBADMSG;
        }
697

698
699
700
701
702
703
        c->cpu_sched_priority = i;
        c->cpu_sched_set = true;

        return 0;
}

704
static int config_parse_cpu_affinity(
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

        ExecContext *c = data;
        char *w;
        size_t l;
        char *state;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

723
        FOREACH_WORD_QUOTED(w, l, rvalue, state) {
724
725
726
727
728
729
730
                char *t;
                int r;
                unsigned cpu;

                if (!(t = strndup(w, l)))
                        return -ENOMEM;

731
732
733
                r = safe_atou(t, &cpu);
                free(t);

734
735
736
737
738
                if (!(c->cpuset))
                        if (!(c->cpuset = cpu_set_malloc(&c->cpuset_ncpus)))
                                return -ENOMEM;

                if (r < 0 || cpu >= c->cpuset_ncpus) {
739
740
                        log_error("[%s:%u] Failed to parse CPU affinity: %s", filename, line, rvalue);
                        return -EBADMSG;
741
                }
742

743
                CPU_SET_S(cpu, CPU_ALLOC_SIZE(c->cpuset_ncpus), c->cpuset);
744
745
        }

746
747
748
        return 0;
}

749
static int config_parse_capabilities(
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

        ExecContext *c = data;
        cap_t cap;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

        if (!(cap = cap_from_text(rvalue))) {
                if (errno == ENOMEM)
                        return -ENOMEM;

                log_error("[%s:%u] Failed to parse capabilities: %s", filename, line, rvalue);
                return -EBADMSG;
        }

        if (c->capabilities)
                cap_free(c->capabilities);
        c->capabilities = cap;

        return 0;
}

781
static int config_parse_secure_bits(
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

        ExecContext *c = data;
        char *w;
        size_t l;
        char *state;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

800
        FOREACH_WORD_QUOTED(w, l, rvalue, state) {
801
802
803
804
805
806
807
808
809
810
811
812
                if (first_word(w, "keep-caps"))
                        c->secure_bits |= SECURE_KEEP_CAPS;
                else if (first_word(w, "keep-caps-locked"))
                        c->secure_bits |= SECURE_KEEP_CAPS_LOCKED;
                else if (first_word(w, "no-setuid-fixup"))
                        c->secure_bits |= SECURE_NO_SETUID_FIXUP;
                else if (first_word(w, "no-setuid-fixup-locked"))
                        c->secure_bits |= SECURE_NO_SETUID_FIXUP_LOCKED;
                else if (first_word(w, "noroot"))
                        c->secure_bits |= SECURE_NOROOT;
                else if (first_word(w, "noroot-locked"))
                        c->secure_bits |= SECURE_NOROOT_LOCKED;
813
                else {
814
                        log_error("[%s:%u] Failed to parse secure bits: %s", filename, line, rvalue);
815
816
817
818
                        return -EBADMSG;
                }
        }

819
820
821
        return 0;
}

822
static int config_parse_bounding_set(
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

        ExecContext *c = data;
        char *w;
        size_t l;
        char *state;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

841
        FOREACH_WORD_QUOTED(w, l, rvalue, state) {
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
                char *t;
                int r;
                cap_value_t cap;

                if (!(t = strndup(w, l)))
                        return -ENOMEM;

                r = cap_from_name(t, &cap);
                free(t);

                if (r < 0) {
                        log_error("[%s:%u] Failed to parse capability bounding set: %s", filename, line, rvalue);
                        return -EBADMSG;
                }

                c->capability_bounding_set_drop |= 1 << cap;
        }
859
860
861
862

        return 0;
}

863
static int config_parse_timer_slack_nsec(
864
865
866
867
868
869
870
871
872
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

        ExecContext *c = data;
873
874
        unsigned long u;
        int r;
875
876
877
878
879
880

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

881
882
883
        if ((r = safe_atolu(rvalue, &u)) < 0) {
                log_error("[%s:%u] Failed to parse time slack value: %s", filename, line, rvalue);
                return r;
884
885
        }

886
        c->timer_slack_nsec = u;
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916

        return 0;
}

static int config_parse_limit(
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

        struct rlimit **rl = data;
        unsigned long long u;
        int r;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

        if ((r = safe_atollu(rvalue, &u)) < 0) {
                log_error("[%s:%u] Failed to parse resource value: %s", filename, line, rvalue);
                return r;
        }

        if (!*rl)
                if (!(*rl = new(struct rlimit, 1)))
                        return -ENOMEM;
917

918
        (*rl)->rlim_cur = (*rl)->rlim_max = (rlim_t) u;
919
920
921
        return 0;
}

922
923
924
925
926
927
928
929
930
931
932
933
934
935
static int config_parse_cgroup(
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

        Unit *u = userdata;
        char *w;
        size_t l;
        char *state;

936
        FOREACH_WORD_QUOTED(w, l, rvalue, state) {
937
938
939
                char *t;
                int r;

940
                if (!(t = cunescape_length(w, l)))
941
942
943
944
945
946
947
948
949
950
951
952
                        return -ENOMEM;

                r = unit_add_cgroup_from_text(u, t);
                free(t);

                if (r < 0)
                        return r;
        }

        return 0;
}

953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
static int config_parse_sysv_priority(
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

        int *priority = data;
        int r, i;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

        if ((r = safe_atoi(rvalue, &i)) < 0 || i < 0) {
                log_error("[%s:%u] Failed to parse SysV start priority: %s", filename, line, rvalue);
                return r;
        }

        *priority = (int) i;
        return 0;
}

979
static DEFINE_CONFIG_PARSE_ENUM(config_parse_kill_mode, kill_mode, KillMode, "Failed to parse kill mode");
980

981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
static int config_parse_kill_signal(
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

        int *sig = data;
        int r;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(sig);

        if ((r = signal_from_string(rvalue)) <= 0)
                if (startswith(rvalue, "SIG"))
                        r = signal_from_string(rvalue+3);

        if (r <= 0) {
                log_error("[%s:%u] Failed to parse kill signal: %s", filename, line, rvalue);
                return -EINVAL;
        }

        *sig = r;
        return 0;
}

1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
static int config_parse_mount_flags(
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

        ExecContext *c = data;
        char *w;
        size_t l;
        char *state;
        unsigned long flags = 0;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

1031
        FOREACH_WORD_QUOTED(w, l, rvalue, state) {
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
                if (strncmp(w, "shared", l) == 0)
                        flags |= MS_SHARED;
                else if (strncmp(w, "slave", l) == 0)
                        flags |= MS_SLAVE;
                else if (strncmp(w, "private", l) == 0)
                        flags |= MS_PRIVATE;
                else {
                        log_error("[%s:%u] Failed to parse mount flags: %s", filename, line, rvalue);
                        return -EINVAL;
                }
        }

        c->mount_flags = flags;
        return 0;
}

1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
static int config_parse_timer(
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

        Timer *t = data;
        usec_t u;
        int r;
        TimerValue *v;
        TimerBase b;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

        if ((b = timer_base_from_string(lvalue)) < 0) {
                log_error("[%s:%u] Failed to parse timer base: %s", filename, line, lvalue);
                return -EINVAL;
        }

        if ((r = parse_usec(rvalue, &u)) < 0) {
                log_error("[%s:%u] Failed to parse timer value: %s", filename, line, rvalue);
                return r;
        }

        if (!(v = new0(TimerValue, 1)))
                return -ENOMEM;

        v->base = b;
        v->value = u;

        LIST_PREPEND(TimerValue, value, t->values, v);

        return 0;
}

static int config_parse_timer_unit(
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

        Timer *t = data;
        int r;
1100
1101
1102
1103
1104
1105
1106
1107
        DBusError error;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

        dbus_error_init(&error);
1108
1109
1110
1111
1112
1113

        if (endswith(rvalue, ".timer")) {
                log_error("[%s:%u] Unit cannot be of type timer: %s", filename, line, rvalue);
                return -EINVAL;
        }

1114
1115
1116
        if ((r = manager_load_unit(t->meta.manager, rvalue, NULL, NULL, &t->unit)) < 0) {
                log_error("[%s:%u] Failed to load unit %s: %s", filename, line, rvalue, bus_error(&error, r));
                dbus_error_free(&error);
1117
1118
1119
1120
1121
1122
                return r;
        }

        return 0;
}

1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
static int config_parse_path_spec(
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

        Path *p = data;
        PathSpec *s;
        PathType b;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

        if ((b = path_type_from_string(lvalue)) < 0) {
                log_error("[%s:%u] Failed to parse path type: %s", filename, line, lvalue);
                return -EINVAL;
        }

        if (!path_is_absolute(rvalue)) {
                log_error("[%s:%u] Path is not absolute: %s", filename, line, rvalue);
                return -EINVAL;
        }

        if (!(s = new0(PathSpec, 1)))
                return -ENOMEM;

        if (!(s->path = strdup(rvalue))) {
                free(s);
                return -ENOMEM;
        }

        path_kill_slashes(s->path);

        s->type = b;
        s->inotify_fd = -1;

        LIST_PREPEND(PathSpec, spec, p->specs, s);

        return 0;
}

static int config_parse_path_unit(
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

        Path *t = data;
        int r;
1180
1181
1182
1183
1184
1185
1186
1187
        DBusError error;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

        dbus_error_init(&error);
1188
1189
1190
1191
1192
1193

        if (endswith(rvalue, ".path")) {
                log_error("[%s:%u] Unit cannot be of type path: %s", filename, line, rvalue);
                return -EINVAL;
        }

1194
1195
1196
        if ((r = manager_load_unit(t->meta.manager, rvalue, NULL, &error, &t->unit)) < 0) {
                log_error("[%s:%u] Failed to load unit %s: %s", filename, line, rvalue, bus_error(&error, r));
                dbus_error_free(&error);
1197
1198
1199
1200
1201
1202
                return r;
        }

        return 0;
}

1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
static int config_parse_env_file(
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

        FILE *f;
        int r;
        char ***env = data;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

        if (!(f = fopen(rvalue, "re"))) {
                log_error("[%s:%u] Failed to open environment file '%s': %m", filename, line, rvalue);
                return -errno;
        }

        while (!feof(f)) {
                char l[LINE_MAX], *p;
                char **t;

                if (!fgets(l, sizeof(l), f)) {
                        if (feof(f))
                                break;

                        r = -errno;
                        log_error("[%s:%u] Failed to read environment file '%s': %m", filename, line, rvalue);
                        goto finish;
                }

                p = strstrip(l);

                if (!*p)
                        continue;

                if (strchr(COMMENTS, *p))
                        continue;

                t = strv_env_set(*env, p);
                strv_free(*env);
                *env = t;
        }

        r = 0;

finish:
        if (f)
                fclose(f);

        return r;
}

1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
static int config_parse_ip_tos(
                const char *filename,
                unsigned line,
                const char *section,
                const char *lvalue,
                const char *rvalue,
                void *data,
                void *userdata) {

        int *ip_tos = data, x;
        int r;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(data);

        if ((x = ip_tos_from_string(rvalue)) < 0)
                if ((r = safe_atoi(rvalue, &x)) < 0) {
                        log_error("[%s:%u] Failed to parse IP TOS value: %s", filename, line, rvalue);
                        return r;
                }

        *ip_tos = x;
        return 0;
}

1288
static DEFINE_CONFIG_PARSE_ENUM(config_parse_notify_access, notify_access, NotifyAccess, "Failed to parse notify access specifier");
1289

1290
#define FOLLOW_MAX 8
Lennart Poettering's avatar
Lennart Poettering committed
1291

1292
static int open_follow(char **filename, FILE **_f, Set *names, char **_final) {
1293
        unsigned c = 0;
Lennart Poettering's avatar
Lennart Poettering committed
1294
1295
        int fd, r;
        FILE *f;
1296
        char *id = NULL;
Lennart Poettering's avatar
Lennart Poettering committed
1297
1298
1299
1300
1301
1302

        assert(filename);
        assert(*filename);
        assert(_f);
        assert(names);

1303
1304
        /* This will update the filename pointer if the loaded file is
         * reached by a symlink. The old string will be freed. */
Lennart Poettering's avatar
Lennart Poettering committed
1305

1306
        for (;;) {
1307
                char *target, *name;
Lennart Poettering's avatar
Lennart Poettering committed
1308

1309
1310
1311
                if (c++ >= FOLLOW_MAX)
                        return -ELOOP;

Lennart Poettering's avatar
Lennart Poettering committed
1312
1313
                path_kill_slashes(*filename);

Lennart Poettering's avatar
Lennart Poettering committed
1314
1315
                /* Add the file name we are currently looking at to
                 * the names of this unit */
1316
1317
                name = file_name_from_path(*filename);
                if (!(id = set_get(names, name))) {
Lennart Poettering's avatar
Lennart Poettering committed
1318

1319
1320
                        if (!(id = strdup(name)))
                                return -ENOMEM;
Lennart Poettering's avatar
Lennart Poettering committed
1321

1322
1323
1324
                        if ((r = set_put(names, id)) < 0) {
                                free(id);
                                return r;
Lennart Poettering's avatar
Lennart Poettering committed
1325
1326
1327
                        }
                }

1328
1329
                /* Try to open the file name, but don't if its a symlink */
                if ((fd = open(*filename, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW)) >= 0)
Lennart Poettering's avatar
Lennart Poettering committed
1330
1331
                        break;

1332
1333
1334
                if (errno != ELOOP)
                        return -errno;

Lennart Poettering's avatar
Lennart Poettering committed
1335
                /* Hmm, so this is a symlink. Let's read the name, and follow it manually */
1336
                if ((r = readlink_and_make_absolute(*filename, &target)) < 0)
1337
                        return r;
Lennart Poettering's avatar
Lennart Poettering committed
1338

1339
                free(*filename);
1340
                *filename = target;
Lennart Poettering's avatar
Lennart Poettering committed
1341
1342
1343
1344
        }

        if (!(f = fdopen(fd, "r"))) {
                r = -errno;
1345
                close_nointr_nofail(fd);
1346
                return r;
Lennart Poettering's avatar
Lennart Poettering committed
1347
1348
1349
        }

        *_f = f;
1350
        *_final = id;
1351
        return 0;
Lennart Poettering's avatar
Lennart Poettering committed
1352
1353
}

1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
static int merge_by_names(Unit **u, Set *names, const char *id) {
        char *k;
        int r;

        assert(u);
        assert(*u);
        assert(names);

        /* Let's try to add in all symlink names we found */
        while ((k = set_steal_first(names))) {

                /* First try to merge in the other name into our
                 * unit */
                if ((r = unit_merge_by_name(*u, k)) < 0) {
                        Unit *other;

                        /* Hmm, we couldn't merge the other unit into
                         * ours? Then let's try it the other way
                         * round */

                        other = manager_get_unit((*u)->meta.manager, k);
                        free(k);

                        if (other)
                                if ((r = unit_merge(other, *u)) >= 0) {
                                        *u = other;
                                        return merge_by_names(u, names, NULL);
                                }

                        return r;
                }

                if (id == k)
                        unit_choose_id(*u, id);

                free(k);
        }

        return 0;
}

1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
static void dump_items(FILE *f, const ConfigItem *items) {
        const ConfigItem *i;
        const char *prev_section = NULL;
        bool not_first = false;

        struct {
                ConfigParserCallback callback;
                const char *rvalue;
        } table[] = {
                { config_parse_int,              "INTEGER" },
                { config_parse_unsigned,         "UNSIGNED" },
                { config_parse_size,             "SIZE" },
                { config_parse_bool,             "BOOLEAN" },
                { config_parse_string,           "STRING" },
                { config_parse_path,             "PATH" },
                { config_parse_strv,             "STRING [...]" },
                { config_parse_nice,             "NICE" },
                { config_parse_oom_adjust,       "OOMADJUST" },
                { config_parse_io_class,         "IOCLASS" },
                { config_parse_io_priority,      "IOPRIORITY" },
                { config_parse_cpu_sched_policy, "CPUSCHEDPOLICY" },
                { config_parse_cpu_sched_prio,   "CPUSCHEDPRIO" },
                { config_parse_cpu_affinity,     "CPUAFFINITY" },
                { config_parse_mode,             "MODE" },
1419
                { config_parse_env_file,         "FILE" },
1420
1421
1422
1423
1424
1425
1426
                { config_parse_output,           "OUTPUT" },
                { config_parse_input,            "INPUT" },
                { config_parse_facility,         "FACILITY" },
                { config_parse_level,            "LEVEL" },
                { config_parse_capabilities,     "CAPABILITIES" },
                { config_parse_secure_bits,      "SECUREBITS" },
                { config_parse_bounding_set,     "BOUNDINGSET" },
1427
                { config_parse_timer_slack_nsec, "TIMERSLACK" },
1428
1429
1430
1431
1432
1433
1434
1435
1436
                { config_parse_limit,            "LIMIT" },
                { config_parse_cgroup,           "CGROUP [...]" },
                { config_parse_deps,             "UNIT [...]" },
                { config_parse_names,            "UNIT [...]" },
                { config_parse_exec,             "PATH [ARGUMENT [...]]" },
                { config_parse_service_type,     "SERVICETYPE" },
                { config_parse_service_restart,  "SERVICERESTART" },
                { config_parse_sysv_priority,    "SYSVPRIORITY" },
                { config_parse_kill_mode,        "KILLMODE" },
1437
                { config_parse_kill_signal,      "SIGNAL" },
1438
1439
                { config_parse_listen,           "SOCKET [...]" },
                { config_parse_socket_bind,      "SOCKETBIND" },
1440
1441
1442
                { config_parse_bindtodevice,     "NETWORKINTERFACE" },
                { config_parse_usec,             "SECONDS" },
                { config_parse_path_strv,        "PATH [...]" },
1443
                { config_parse_mount_flags,      "MOUNTFLAG [...]" },
1444
                { config_parse_string_printf,    "STRING" },
1445
1446
                { config_parse_timer,            "TIMER" },
                { config_parse_timer_unit,       "NAME" },
1447
1448
                { config_parse_path_spec,        "PATH" },
                { config_parse_path_unit,        "UNIT" },
1449
1450
                { config_parse_notify_access,    "ACCESS" },
                { config_parse_ip_tos,           "TOS" },
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
        };

        assert(f);
        assert(items);

        for (i = items; i->lvalue; i++) {
                unsigned j;
                const char *rvalue = "OTHER";

                if (!streq_ptr(i->section, prev_section)) {
                        if (!not_first)
                                not_first = true;
                        else
                                fputc('\n', f);

                        fprintf(f, "[%s]\n", i->section);
                        prev_section = i->section;
                }

                for (j = 0; j < ELEMENTSOF(table); j++)
                        if (i->parse == table[j].callback) {
                                rvalue = table[j].rvalue;
                                break;
                        }

                fprintf(f, "%s=%s\n", i->lvalue, rvalue);
        }
}

static int load_from_path(Unit *u, const char *path) {
Lennart Poettering's avatar
Lennart Poettering committed
1481
1482
1483
1484
1485
1486
1487
1488
1489

        static const char* const section_table[_UNIT_TYPE_MAX] = {
                [UNIT_SERVICE]   = "Service",
                [UNIT_TIMER]     = "Timer",
                [UNIT_SOCKET]    = "Socket",
                [UNIT_TARGET]    = "Target",
                [UNIT_DEVICE]    = "Device",
                [UNIT_MOUNT]     = "Mount",
                [UNIT_AUTOMOUNT] = "Automount",
Maarten Lankhorst's avatar
Maarten Lankhorst committed
1490
                [UNIT_SNAPSHOT]  = "Snapshot",
1491
1492
                [UNIT_SWAP]      = "Swap",
                [UNIT_PATH]      = "Path"
1493
1494
        };

1495
#define EXEC_CONTEXT_CONFIG_ITEMS(context, section) \
1496
1497
                { "WorkingDirectory",       config_parse_path,            &(context).working_directory,                    section   }, \
                { "RootDirectory",          config_parse_path,            &(context).root_directory,                       section   }, \
1498
1499
                { "User",                   config_parse_string_printf,   &(context).user,                                 section   }, \
                { "Group",                  config_parse_string_printf,   &(context).group,                                section   }, \
1500
                { "SupplementaryGroups",    config_parse_strv,            &(context).supplementary_groups,                 section   }, \
1501
1502
                { "Nice",                   config_parse_nice,            &(context),                                      section   }, \
                { "OOMAdjust",              config_parse_oom_adjust,      &(context),                                      section   }, \
1503
                { "IOSchedulingClass",      config_parse_io_class,        &(context),                                      section   }, \
1504
1505
1506
                { "IOSchedulingPriority",   config_parse_io_priority,     &(context),                                      section   }, \
                { "CPUSchedulingPolicy",    config_parse_cpu_sched_policy,&(context),                                      section   }, \
                { "CPUSchedulingPriority",  config_parse_cpu_sched_prio,  &(context),                                      section   }, \
1507
                { "CPUSchedulingResetOnFork", config_parse_bool,          &(context).cpu_sched_reset_on_fork,              section   }, \
1508
                { "CPUAffinity",            config_parse_cpu_affinity,    &(context),                                      section   }, \
1509
                { "UMask",                  config_parse_mode,            &(context).umask,                                section   }, \
1510
                { "Environment",            config_parse_strv,            &(context).environment,                          section   }, \
1511
                { "EnvironmentFile",        config_parse_env_file,        &(context).environment,                          section   }, \
Lennart Poettering's avatar
Lennart Poettering committed
1512
1513
                { "StandardInput",          config_parse_input,           &(context).std_input,                            section   }, \
                { "StandardOutput",         config_parse_output,          &(context).std_output,                           section   }, \
1514
                { "StandardError",          config_parse_output,          &(context).std_error,                            section   }, \
Lennart Poettering's avatar
Lennart Poettering committed
1515
                { "TTYPath",                config_parse_path,            &(context).tty_path,                             section   }, \
1516
                { "SyslogIdentifier",       config_parse_string_printf,   &(context).syslog_identifier,                    section   }, \
1517
                { "SyslogFacility",         config_parse_facility,        &(context).syslog_priority,                      section   }, \
1518
                { "SyslogLevel",            config_parse_level,           &(context).syslog_priority,                      section   }, \
1519
                { "SyslogLevelPrefix",      config_parse_bool,            &(context).syslog_level_prefix,                  section   }, \
1520
1521
1522
                { "Capabilities",           config_parse_capabilities,    &(context),                                      section   }, \
                { "SecureBits",             config_parse_secure_bits,     &(context),                                      section   }, \
                { "CapabilityBoundingSetDrop", config_parse_bounding_set, &(context),                                      section   }, \
1523
                { "TimerSlackNSec",         config_parse_timer_slack_nsec,&(context),                                      section   }, \
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
                { "LimitCPU",               config_parse_limit,           &(context).rlimit[RLIMIT_CPU],                   section   }, \
                { "LimitFSIZE",             config_parse_limit,           &(context).rlimit[RLIMIT_FSIZE],                 section   }, \
                { "LimitDATA",              config_parse_limit,           &(context).rlimit[RLIMIT_DATA],                  section   }, \
                { "LimitSTACK",             config_parse_limit,           &(context).rlimit[RLIMIT_STACK],                 section   }, \
                { "LimitCORE",              config_parse_limit,           &(context).rlimit[RLIMIT_CORE],                  section   }, \
                { "LimitRSS",               config_parse_limit,           &(context).rlimit[RLIMIT_RSS],                   section   }, \
                { "LimitNOFILE",            config_parse_limit,           &(context).rlimit[RLIMIT_NOFILE],                section   }, \
                { "LimitAS",                config_parse_limit,           &(context).rlimit[RLIMIT_AS],                    section   }, \
                { "LimitNPROC",             config_parse_limit,           &(context).rlimit[RLIMIT_NPROC],                 section   }, \
                { "LimitMEMLOCK",           config_parse_limit,           &(context).rlimit[RLIMIT_MEMLOCK],               section   }, \
                { "LimitLOCKS",             config_parse_limit,           &(context).rlimit[RLIMIT_LOCKS],                 section   }, \
                { "LimitSIGPENDING",        config_parse_limit,           &(context).rlimit[RLIMIT_SIGPENDING],            section   }, \
                { "LimitMSGQUEUE",          config_parse_limit,           &(context).rlimit[RLIMIT_MSGQUEUE],              section   }, \
                { "LimitNICE",              config_parse_limit,           &(context).rlimit[RLIMIT_NICE],                  section   }, \
                { "LimitRTPRIO",            config_parse_limit,           &(context).rlimit[RLIMIT_RTPRIO],                section   }, \
1539
                { "LimitRTTIME",            config_parse_limit,           &(context).rlimit[RLIMIT_RTTIME],                section   }, \
1540
1541
1542
1543
1544
                { "ControlGroup",           config_parse_cgroup,          u,                                               section   }, \
                { "ReadWriteDirectories",   config_parse_path_strv,       &(context).read_write_dirs,                      section   }, \
                { "ReadOnlyDirectories",    config_parse_path_strv,       &(context).read_only_dirs,                       section   }, \
                { "InaccessibleDirectories",config_parse_path_strv,       &(context).inaccessible_dirs,                    section   }, \
                { "PrivateTmp",             config_parse_bool,            &(context).private_tmp,                          section   }, \
1545
                { "MountFlags",             config_parse_mount_flags,     &(context),                                      section   }, \
1546
                { "TCPWrapName",            config_parse_string_printf,   &(context).tcpwrap_name,                         section   }, \
1547
1548
1549
                { "PAMName",                config_parse_string_printf,   &(context).pam_name,                             section   }, \
                { "KillMode",               config_parse_kill_mode,       &(context).kill_mode,                            section   }, \
                { "KillSignal",             config_parse_kill_signal,     &(context).kill_signal,                          section   }
1550

1551
        const ConfigItem items[] = {
1552
                { "Names",                  config_parse_names,           u,                                               "Unit"    },