int main(int argc, char **argv) {
const char *vc;
char *vc_keymap = NULL;
char *vc_keymap_toggle = NULL;
char *vc_font = NULL;
char *vc_font_map = NULL;
char *vc_font_unimap = NULL;
int fd = -1;
bool utf8;
pid_t font_pid = 0, keymap_pid = 0;
bool font_copy = false;
int r = EXIT_FAILURE;
log_set_target(LOG_TARGET_AUTO);
log_parse_environment();
log_open();
umask(0022);
if (argv[1])
vc = argv[1];
else {
vc = "/dev/tty0";
font_copy = true;
}
fd = open_terminal(vc, O_RDWR|O_CLOEXEC);
if (fd < 0) {
log_error("Failed to open %s: %m", vc);
goto finish;
}
if (!is_vconsole(fd)) {
log_error("Device %s is not a virtual console.", vc);
goto finish;
}
utf8 = is_locale_utf8();
r = 0;
if (detect_container(NULL) <= 0) {
r = parse_env_file("/proc/cmdline", WHITESPACE,
"vconsole.keymap", &vc_keymap,
"vconsole.keymap.toggle", &vc_keymap_toggle,
"vconsole.font", &vc_font,
"vconsole.font.map", &vc_font_map,
"vconsole.font.unimap", &vc_font_unimap,
NULL);
if (r < 0 && r != -ENOENT)
log_warning("Failed to read /proc/cmdline: %s", strerror(-r));
}
/* Hmm, nothing set on the kernel cmd line? Then let's
* try /etc/vconsole.conf */
if (r <= 0) {
r = parse_env_file("/etc/vconsole.conf", NEWLINE,
"KEYMAP", &vc_keymap,
"KEYMAP_TOGGLE", &vc_keymap_toggle,
"FONT", &vc_font,
"FONT_MAP", &vc_font_map,
"FONT_UNIMAP", &vc_font_unimap,
NULL);
if (r < 0 && r != -ENOENT)
log_warning("Failed to read /etc/vconsole.conf: %s", strerror(-r));
}
if (utf8)
enable_utf8(fd);
else
disable_utf8(fd);
r = EXIT_FAILURE;
if (keymap_load(vc, vc_keymap, vc_keymap_toggle, utf8, &keymap_pid) >= 0 &&
font_load(vc, vc_font, vc_font_map, vc_font_unimap, &font_pid) >= 0)
r = EXIT_SUCCESS;
finish:
if (keymap_pid > 0)
wait_for_terminate_and_warn(KBD_LOADKEYS, keymap_pid);
if (font_pid > 0) {
wait_for_terminate_and_warn(KBD_SETFONT, font_pid);
if (font_copy)
font_copy_to_all_vcs(fd);
}
free(vc_keymap);
free(vc_font);
free(vc_font_map);
free(vc_font_unimap);
if (fd >= 0)
close_nointr_nofail(fd);
return r;
}
int main(int argc, char *argv[]) {
bool need_umount, need_swapoff, need_loop_detach, need_dm_detach;
bool in_container, use_watchdog = false;
_cleanup_free_ char *cgroup = NULL;
char *arguments[3];
unsigned retries;
int cmd, r;
static const char* const dirs[] = {SYSTEM_SHUTDOWN_PATH, NULL};
log_parse_environment();
r = parse_argv(argc, argv);
if (r < 0)
goto error;
/* journald will die if not gone yet. The log target defaults
* to console, but may have been changed by command line options. */
log_close_console(); /* force reopen of /dev/console */
log_open();
umask(0022);
if (getpid() != 1) {
log_error("Not executed by init (PID 1).");
r = -EPERM;
goto error;
}
if (streq(arg_verb, "reboot"))
cmd = RB_AUTOBOOT;
else if (streq(arg_verb, "poweroff"))
cmd = RB_POWER_OFF;
else if (streq(arg_verb, "halt"))
cmd = RB_HALT_SYSTEM;
else if (streq(arg_verb, "kexec"))
cmd = LINUX_REBOOT_CMD_KEXEC;
else if (streq(arg_verb, "exit"))
cmd = 0; /* ignored, just checking that arg_verb is valid */
else {
r = -EINVAL;
log_error("Unknown action '%s'.", arg_verb);
goto error;
}
(void) cg_get_root_path(&cgroup);
use_watchdog = !!getenv("WATCHDOG_USEC");
/* lock us into memory */
mlockall(MCL_CURRENT|MCL_FUTURE);
log_info("Sending SIGTERM to remaining processes...");
broadcast_signal(SIGTERM, true, true);
log_info("Sending SIGKILL to remaining processes...");
broadcast_signal(SIGKILL, true, false);
in_container = detect_container() > 0;
need_umount = !in_container;
need_swapoff = !in_container;
need_loop_detach = !in_container;
need_dm_detach = !in_container;
/* Unmount all mountpoints, swaps, and loopback devices */
for (retries = 0; retries < FINALIZE_ATTEMPTS; retries++) {
bool changed = false;
if (use_watchdog)
watchdog_ping();
/* Let's trim the cgroup tree on each iteration so
that we leave an empty cgroup tree around, so that
container managers get a nice notify event when we
are down */
if (cgroup)
cg_trim(SYSTEMD_CGROUP_CONTROLLER, cgroup, false);
if (need_umount) {
log_info("Unmounting file systems.");
r = umount_all(&changed);
if (r == 0) {
need_umount = false;
log_info("All filesystems unmounted.");
} else if (r > 0)
log_info("Not all file systems unmounted, %d left.", r);
else
log_error_errno(r, "Failed to unmount file systems: %m");
}
if (need_swapoff) {
log_info("Deactivating swaps.");
r = swapoff_all(&changed);
if (r == 0) {
need_swapoff = false;
log_info("All swaps deactivated.");
} else if (r > 0)
log_info("Not all swaps deactivated, %d left.", r);
else
log_error_errno(r, "Failed to deactivate swaps: %m");
}
if (need_loop_detach) {
log_info("Detaching loop devices.");
r = loopback_detach_all(&changed);
if (r == 0) {
need_loop_detach = false;
log_info("All loop devices detached.");
} else if (r > 0)
log_info("Not all loop devices detached, %d left.", r);
else
log_error_errno(r, "Failed to detach loop devices: %m");
}
if (need_dm_detach) {
log_info("Detaching DM devices.");
r = dm_detach_all(&changed);
if (r == 0) {
need_dm_detach = false;
log_info("All DM devices detached.");
} else if (r > 0)
log_info("Not all DM devices detached, %d left.", r);
else
log_error_errno(r, "Failed to detach DM devices: %m");
}
if (!need_umount && !need_swapoff && !need_loop_detach && !need_dm_detach) {
if (retries > 0)
log_info("All filesystems, swaps, loop devices, DM devices detached.");
/* Yay, done */
goto initrd_jump;
}
/* If in this iteration we didn't manage to
* unmount/deactivate anything, we simply give up */
if (!changed) {
log_info("Cannot finalize remaining%s%s%s%s continuing.",
need_umount ? " file systems," : "",
need_swapoff ? " swap devices," : "",
need_loop_detach ? " loop devices," : "",
need_dm_detach ? " DM devices," : "");
goto initrd_jump;
}
log_debug("After %u retries, couldn't finalize remaining %s%s%s%s trying again.",
retries + 1,
need_umount ? " file systems," : "",
need_swapoff ? " swap devices," : "",
need_loop_detach ? " loop devices," : "",
need_dm_detach ? " DM devices," : "");
}
log_error("Too many iterations, giving up.");
initrd_jump:
arguments[0] = NULL;
arguments[1] = arg_verb;
arguments[2] = NULL;
execute_directories(dirs, DEFAULT_TIMEOUT_USEC, arguments);
if (!in_container && !in_initrd() &&
access("/run/initramfs/shutdown", X_OK) == 0) {
r = switch_root_initramfs();
if (r >= 0) {
argv[0] = (char*) "/shutdown";
setsid();
make_console_stdio();
log_info("Successfully changed into root pivot.\n"
"Returning to initrd...");
execv("/shutdown", argv);
log_error_errno(errno, "Failed to execute shutdown binary: %m");
} else
log_error_errno(r, "Failed to switch root to \"/run/initramfs\": %m");
}
if (need_umount || need_swapoff || need_loop_detach || need_dm_detach)
log_error("Failed to finalize %s%s%s%s ignoring",
need_umount ? " file systems," : "",
need_swapoff ? " swap devices," : "",
need_loop_detach ? " loop devices," : "",
need_dm_detach ? " DM devices," : "");
/* The kernel will automaticall flush ATA disks and suchlike
* on reboot(), but the file systems need to be synce'd
* explicitly in advance. So let's do this here, but not
* needlessly slow down containers. */
if (!in_container)
sync();
if (streq(arg_verb, "exit")) {
if (in_container)
exit(arg_exit_code);
else {
/* We cannot exit() on the host, fallback on another
* method. */
cmd = RB_POWER_OFF;
}
}
switch (cmd) {
case LINUX_REBOOT_CMD_KEXEC:
if (!in_container) {
/* We cheat and exec kexec to avoid doing all its work */
pid_t pid;
log_info("Rebooting with kexec.");
pid = fork();
if (pid < 0)
log_error_errno(errno, "Failed to fork: %m");
else if (pid == 0) {
const char * const args[] = {
KEXEC, "-e", NULL
};
/* Child */
execv(args[0], (char * const *) args);
_exit(EXIT_FAILURE);
} else
wait_for_terminate_and_warn("kexec", pid, true);
}
cmd = RB_AUTOBOOT;
/* Fall through */
case RB_AUTOBOOT:
if (!in_container) {
_cleanup_free_ char *param = NULL;
if (read_one_line_file(REBOOT_PARAM_FILE, ¶m) >= 0) {
log_info("Rebooting with argument '%s'.", param);
syscall(SYS_reboot, LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2, LINUX_REBOOT_CMD_RESTART2, param);
}
}
log_info("Rebooting.");
break;
case RB_POWER_OFF:
log_info("Powering off.");
break;
case RB_HALT_SYSTEM:
log_info("Halting system.");
break;
default:
assert_not_reached("Unknown magic");
}
reboot(cmd);
if (errno == EPERM && in_container) {
/* If we are in a container, and we lacked
* CAP_SYS_BOOT just exit, this will kill our
* container for good. */
log_info("Exiting container.");
exit(0);
}
r = log_error_errno(errno, "Failed to invoke reboot(): %m");
error:
log_emergency_errno(r, "Critical error while doing system shutdown: %m");
freeze();
}
int change_uid_gid(const char *user, char **_home) {
char line[LINE_MAX], *x, *u, *g, *h;
const char *word, *state;
_cleanup_free_ uid_t *uids = NULL;
_cleanup_free_ char *home = NULL;
_cleanup_fclose_ FILE *f = NULL;
_cleanup_close_ int fd = -1;
unsigned n_uids = 0;
size_t sz = 0, l;
uid_t uid;
gid_t gid;
pid_t pid;
int r;
assert(_home);
if (!user || streq(user, "root") || streq(user, "0")) {
/* Reset everything fully to 0, just in case */
r = reset_uid_gid();
if (r < 0)
return log_error_errno(r, "Failed to become root: %m");
*_home = NULL;
return 0;
}
/* First, get user credentials */
fd = spawn_getent("passwd", user, &pid);
if (fd < 0)
return fd;
f = fdopen(fd, "r");
if (!f)
return log_oom();
fd = -1;
if (!fgets(line, sizeof(line), f)) {
if (!ferror(f)) {
log_error("Failed to resolve user %s.", user);
return -ESRCH;
}
log_error_errno(errno, "Failed to read from getent: %m");
return -errno;
}
truncate_nl(line);
wait_for_terminate_and_warn("getent passwd", pid, true);
x = strchr(line, ':');
if (!x) {
log_error("/etc/passwd entry has invalid user field.");
return -EIO;
}
u = strchr(x+1, ':');
if (!u) {
log_error("/etc/passwd entry has invalid password field.");
return -EIO;
}
u++;
g = strchr(u, ':');
if (!g) {
log_error("/etc/passwd entry has invalid UID field.");
return -EIO;
}
*g = 0;
g++;
x = strchr(g, ':');
if (!x) {
log_error("/etc/passwd entry has invalid GID field.");
return -EIO;
}
*x = 0;
h = strchr(x+1, ':');
if (!h) {
log_error("/etc/passwd entry has invalid GECOS field.");
return -EIO;
}
h++;
x = strchr(h, ':');
if (!x) {
log_error("/etc/passwd entry has invalid home directory field.");
return -EIO;
}
*x = 0;
r = parse_uid(u, &uid);
if (r < 0) {
log_error("Failed to parse UID of user.");
return -EIO;
}
r = parse_gid(g, &gid);
if (r < 0) {
log_error("Failed to parse GID of user.");
return -EIO;
}
home = strdup(h);
if (!home)
return log_oom();
/* Second, get group memberships */
fd = spawn_getent("initgroups", user, &pid);
if (fd < 0)
return fd;
fclose(f);
f = fdopen(fd, "r");
if (!f)
return log_oom();
fd = -1;
if (!fgets(line, sizeof(line), f)) {
if (!ferror(f)) {
log_error("Failed to resolve user %s.", user);
return -ESRCH;
}
log_error_errno(errno, "Failed to read from getent: %m");
return -errno;
}
truncate_nl(line);
wait_for_terminate_and_warn("getent initgroups", pid, true);
/* Skip over the username and subsequent separator whitespace */
x = line;
x += strcspn(x, WHITESPACE);
x += strspn(x, WHITESPACE);
FOREACH_WORD(word, l, x, state) {
char c[l+1];
memcpy(c, word, l);
c[l] = 0;
if (!GREEDY_REALLOC(uids, sz, n_uids+1))
return log_oom();
r = parse_uid(c, &uids[n_uids++]);
if (r < 0) {
log_error("Failed to parse group data from getent.");
return -EIO;
}
}
