blob: e263d459a84c9aba1324817293bfb5ed44624bfc [file] [log] [blame] [raw]
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include <errno.h>
#include <getopt.h>
#include <limits.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <sys/types.h>
#include "conf-files.h"
#include "def.h"
#include "errno-util.h"
#include "fd-util.h"
#include "fileio.h"
#include "glob-util.h"
#include "hashmap.h"
#include "log.h"
#include "main-func.h"
#include "pager.h"
#include "path-util.h"
#include "pretty-print.h"
#include "string-util.h"
#include "strv.h"
#include "sysctl-util.h"
static char **arg_prefixes = NULL;
static bool arg_cat_config = false;
static PagerFlags arg_pager_flags = 0;
STATIC_DESTRUCTOR_REGISTER(arg_prefixes, strv_freep);
typedef struct Option {
char *key;
char *value;
bool ignore_failure;
} Option;
static Option *option_free(Option *o) {
if (!o)
return NULL;
free(o->key);
free(o->value);
return mfree(o);
}
DEFINE_TRIVIAL_CLEANUP_FUNC(Option*, option_free);
DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(option_hash_ops, char, string_hash_func, string_compare_func, Option, option_free);
static bool test_prefix(const char *p) {
char **i;
if (strv_isempty(arg_prefixes))
return true;
STRV_FOREACH(i, arg_prefixes) {
const char *t;
t = path_startswith(*i, "/proc/sys/");
if (!t)
t = *i;
if (path_startswith(p, t))
return true;
}
return false;
}
static Option *option_new(
const char *key,
const char *value,
bool ignore_failure) {
_cleanup_(option_freep) Option *o = NULL;
assert(key);
o = new(Option, 1);
if (!o)
return NULL;
*o = (Option) {
.key = strdup(key),
.value = value ? strdup(value) : NULL,
.ignore_failure = ignore_failure,
};
if (!o->key)
return NULL;
if (value && !o->value)
return NULL;
return TAKE_PTR(o);
}
static int sysctl_write_or_warn(const char *key, const char *value, bool ignore_failure) {
int r;
r = sysctl_write(key, value);
if (r < 0) {
/* If the sysctl is not available in the kernel or we are running with reduced privileges and
* cannot write it, then log about the issue, and proceed without failing. (EROFS is treated
* as a permission problem here, since that's how container managers usually protected their
* sysctls.) In all other cases log an error and make the tool fail. */
if (ignore_failure || r == -EROFS || ERRNO_IS_PRIVILEGE(r))
log_debug_errno(r, "Couldn't write '%s' to '%s', ignoring: %m", value, key);
else if (r == -ENOENT)
log_info_errno(r, "Couldn't write '%s' to '%s', ignoring: %m", value, key);
else
return log_error_errno(r, "Couldn't write '%s' to '%s': %m", value, key);
}
return 0;
}
static int apply_all(OrderedHashmap *sysctl_options) {
Option *option;
int r = 0;
ORDERED_HASHMAP_FOREACH(option, sysctl_options) {
int k;
/* Ignore "negative match" options, they are there only to exclude stuff from globs. */
if (!option->value)
continue;
if (string_is_glob(option->key)) {
_cleanup_strv_free_ char **paths = NULL;
_cleanup_free_ char *pattern = NULL;
char **s;
pattern = path_join("/proc/sys", option->key);
if (!pattern)
return log_oom();
k = glob_extend(&paths, pattern, GLOB_NOCHECK);
if (k < 0) {
if (option->ignore_failure || ERRNO_IS_PRIVILEGE(k))
log_debug_errno(k, "Failed to resolve glob '%s', ignoring: %m",
option->key);
else {
log_error_errno(k, "Couldn't resolve glob '%s': %m",
option->key);
if (r == 0)
r = k;
}
} else if (strv_isempty(paths))
log_debug("No match for glob: %s", option->key);
STRV_FOREACH(s, paths) {
const char *key;
assert_se(key = path_startswith(*s, "/proc/sys"));
if (!test_prefix(key))
continue;
if (ordered_hashmap_contains(sysctl_options, key)) {
log_info("Not setting %s (explicit setting exists).", key);
continue;
}
k = sysctl_write_or_warn(key, option->value, option->ignore_failure);
if (r == 0)
r = k;
}
} else {
k = sysctl_write_or_warn(option->key, option->value, option->ignore_failure);
if (r == 0)
r = k;
}
}
return r;
}
static int parse_file(OrderedHashmap **sysctl_options, const char *path, bool ignore_enoent) {
_cleanup_fclose_ FILE *f = NULL;
unsigned c = 0;
int r;
assert(path);
r = search_and_fopen(path, "re", NULL, (const char**) CONF_PATHS_STRV("sysctl.d"), &f);
if (r < 0) {
if (ignore_enoent && r == -ENOENT)
return 0;
return log_error_errno(r, "Failed to open file '%s', ignoring: %m", path);
}
log_debug("Parsing %s", path);
for (;;) {
_cleanup_(option_freep) Option *new_option = NULL;
_cleanup_free_ char *l = NULL;
bool ignore_failure = false;
Option *existing;
char *p, *value;
int k;
k = read_line(f, LONG_LINE_MAX, &l);
if (k == 0)
break;
if (k < 0)
return log_error_errno(k, "Failed to read file '%s', ignoring: %m", path);
c++;
p = strstrip(l);
if (isempty(p))
continue;
if (strchr(COMMENTS "\n", *p))
continue;
value = strchr(p, '=');
if (value) {
if (p[0] == '-') {
ignore_failure = true;
p++;
}
*value = 0;
value++;
value = strstrip(value);
} else {
if (p[0] == '-')
/* We have a "negative match" option. Let's continue with value==NULL. */
p++;
else {
log_syntax(NULL, LOG_WARNING, path, c, 0,
"Line is not an assignment, ignoring: %s", p);
if (r == 0)
r = -EINVAL;
continue;
}
}
p = strstrip(p);
p = sysctl_normalize(p);
/* We can't filter out globs at this point, we'll need to do that later. */
if (!string_is_glob(p) &&
!test_prefix(p))
continue;
if (ordered_hashmap_ensure_allocated(sysctl_options, &option_hash_ops) < 0)
return log_oom();
existing = ordered_hashmap_get(*sysctl_options, p);
if (existing) {
if (streq_ptr(value, existing->value)) {
existing->ignore_failure = existing->ignore_failure || ignore_failure;
continue;
}
log_debug("Overwriting earlier assignment of %s at '%s:%u'.", p, path, c);
option_free(ordered_hashmap_remove(*sysctl_options, p));
}
new_option = option_new(p, value, ignore_failure);
if (!new_option)
return log_oom();
k = ordered_hashmap_put(*sysctl_options, new_option->key, new_option);
if (k < 0)
return log_error_errno(k, "Failed to add sysctl variable %s to hashmap: %m", p);
TAKE_PTR(new_option);
}
return r;
}
static int help(void) {
_cleanup_free_ char *link = NULL;
int r;
r = terminal_urlify_man("systemd-sysctl.service", "8", &link);
if (r < 0)
return log_oom();
printf("%s [OPTIONS...] [CONFIGURATION FILE...]\n\n"
"Applies kernel sysctl settings.\n\n"
" -h --help Show this help\n"
" --version Show package version\n"
" --cat-config Show configuration files\n"
" --prefix=PATH Only apply rules with the specified prefix\n"
" --no-pager Do not pipe output into a pager\n"
"\nSee the %s for details.\n"
, program_invocation_short_name
, link
);
return 0;
}
static int parse_argv(int argc, char *argv[]) {
enum {
ARG_VERSION = 0x100,
ARG_CAT_CONFIG,
ARG_PREFIX,
ARG_NO_PAGER,
};
static const struct option options[] = {
{ "help", no_argument, NULL, 'h' },
{ "version", no_argument, NULL, ARG_VERSION },
{ "cat-config", no_argument, NULL, ARG_CAT_CONFIG },
{ "prefix", required_argument, NULL, ARG_PREFIX },
{ "no-pager", no_argument, NULL, ARG_NO_PAGER },
{}
};
int c;
assert(argc >= 0);
assert(argv);
while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
switch (c) {
case 'h':
return help();
case ARG_VERSION:
return version();
case ARG_CAT_CONFIG:
arg_cat_config = true;
break;
case ARG_PREFIX: {
char *p;
/* We used to require people to specify absolute paths
* in /proc/sys in the past. This is kinda useless, but
* we need to keep compatibility. We now support any
* sysctl name available. */
sysctl_normalize(optarg);
if (path_startswith(optarg, "/proc/sys"))
p = strdup(optarg);
else
p = path_join("/proc/sys", optarg);
if (!p)
return log_oom();
if (strv_consume(&arg_prefixes, p) < 0)
return log_oom();
break;
}
case ARG_NO_PAGER:
arg_pager_flags |= PAGER_DISABLE;
break;
case '?':
return -EINVAL;
default:
assert_not_reached("Unhandled option");
}
if (arg_cat_config && argc > optind)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Positional arguments are not allowed with --cat-config");
return 1;
}
static int run(int argc, char *argv[]) {
_cleanup_(ordered_hashmap_freep) OrderedHashmap *sysctl_options = NULL;
int r, k;
r = parse_argv(argc, argv);
if (r <= 0)
return r;
log_setup_service();
umask(0022);
if (argc > optind) {
int i;
r = 0;
for (i = optind; i < argc; i++) {
k = parse_file(&sysctl_options, argv[i], false);
if (k < 0 && r == 0)
r = k;
}
} else {
_cleanup_strv_free_ char **files = NULL;
char **f;
r = conf_files_list_strv(&files, ".conf", NULL, 0, (const char**) CONF_PATHS_STRV("sysctl.d"));
if (r < 0)
return log_error_errno(r, "Failed to enumerate sysctl.d files: %m");
if (arg_cat_config) {
(void) pager_open(arg_pager_flags);
return cat_files(NULL, files, 0);
}
STRV_FOREACH(f, files) {
k = parse_file(&sysctl_options, *f, true);
if (k < 0 && r == 0)
r = k;
}
}
k = apply_all(sysctl_options);
if (k < 0 && r == 0)
r = k;
return r;
}
DEFINE_MAIN_FUNCTION(run);