12 #include <sys/socket.h>
17 #include <sys/prctl.h>
19 #include <sys/reboot.h>
21 #if defined(__FreeBSD__) || defined(__DragonFly__)
22 #include <sys/procctl.h>
29 #include "dinit-log.h"
30 #include "dinit-socket.h"
33 * When running as the system init process, Dinit processes the following signals:
35 * SIGTERM - roll back services and then fork/exec /sbin/halt
36 * SIGINT - roll back services and then fork/exec /sbin/reboot
37 * SIGQUIT - exec() /sbin/shutdown without rolling back services
39 * It's an open question about whether Dinit should roll back services *before*
40 * running halt/reboot, since those commands should prompt rollback of services
41 * anyway. But it seems safe to do so, and it means the user can at least stop
42 * services even if the halt/reboot commands are unavailable for some reason.
45 using eventloop_t = dasynq::event_loop<dasynq::null_mutex>;
47 eventloop_t event_loop;
49 static void sigint_reboot_cb(eventloop_t &eloop) noexcept;
50 static void sigquit_cb(eventloop_t &eloop) noexcept;
51 static void sigterm_cb(eventloop_t &eloop) noexcept;
52 static void close_control_socket() noexcept;
53 static void wait_for_user_input() noexcept;
54 static void read_env_file(const char *);
56 static void control_socket_cb(eventloop_t *loop, int fd);
61 static dirload_service_set *services;
63 static bool am_system_init = false; // true if we are the system init process
65 static bool control_socket_open = false;
66 static bool external_log_open = false;
67 int active_control_conns = 0;
69 // Control socket path. We maintain a string (control_socket_str) in case we need
70 // to allocate storage, but control_socket_path is the authoritative value.
71 static const char *control_socket_path = "/dev/dinitctl";
72 static std::string control_socket_str;
74 static const char *env_file_path = "/etc/dinit/environment";
76 static const char *log_socket_path = "/dev/log";
78 static const char *user_home_path = nullptr;
81 // Get user home (and set user_home_path). (The return may become invalid after
82 // changing the evironment (HOME variable) or using the getpwuid() function).
83 const char * get_user_home()
85 if (user_home_path == nullptr) {
86 user_home_path = getenv("HOME");
87 if (user_home_path == nullptr) {
88 struct passwd * pwuid_p = getpwuid(getuid());
89 if (pwuid_p != nullptr) {
90 user_home_path = pwuid_p->pw_dir;
94 return user_home_path;
99 class callback_signal_handler : public eventloop_t::signal_watcher_impl<callback_signal_handler>
101 using rearm = dasynq::rearm;
104 typedef void (*cb_func_t)(eventloop_t &);
110 callback_signal_handler() : cb_func(nullptr) { }
111 callback_signal_handler(cb_func_t pcb_func) : cb_func(pcb_func) { }
113 void setCbFunc(cb_func_t cb_func)
115 this->cb_func = cb_func;
118 rearm received(eventloop_t &eloop, int signo, siginfo_p siginfo)
125 class control_socket_watcher : public eventloop_t::fd_watcher_impl<control_socket_watcher>
127 using rearm = dasynq::rearm;
130 rearm fd_event(eventloop_t &loop, int fd, int flags) noexcept
132 control_socket_cb(&loop, fd);
137 // Simple timer used to limit the amount of time waiting for the log flush to complete (at shutdown)
138 class log_flush_timer_t : public eventloop_t::timer_impl<log_flush_timer_t>
140 using rearm = dasynq::rearm;
142 bool expired = false;
145 rearm timer_expiry(eventloop_t &, int expiry_count)
148 return rearm::DISARM;
157 control_socket_watcher control_socket_io;
158 log_flush_timer_t log_flush_timer;
161 int dinit_main(int argc, char **argv)
165 am_system_init = (getpid() == 1);
166 const char * service_dir = nullptr;
167 const char * env_file = nullptr;
168 string service_dir_str; // to hold storage for above if necessary
169 bool control_socket_path_set = false;
170 bool env_file_set = false;
172 // list of services to start
173 list<const char *> services_to_start;
175 // Arguments, if given, specify a list of services to start.
176 // If we are running as init (PID=1), the Linux kernel gives us any command line arguments it was given
177 // but didn't recognize, including "single" (usually for "boot to single user mode" aka just start the
178 // shell). We can treat them as service names. In the worst case we can't find any of the named
179 // services, and so we'll start the "boot" service by default.
181 for (int i = 1; i < argc; i++) {
182 if (argv[i][0] == '-') {
184 if (strcmp(argv[i], "--env-file") == 0 || strcmp(argv[i], "-e") == 0) {
190 cerr << "dinit: '--env-file' (-e) requires an argument" << endl;
193 else if (strcmp(argv[i], "--services-dir") == 0 || strcmp(argv[i], "-d") == 0) {
195 service_dir = argv[i];
198 cerr << "dinit: '--services-dir' (-d) requires an argument" << endl;
202 else if (strcmp(argv[i], "--system") == 0 || strcmp(argv[i], "-s") == 0) {
203 am_system_init = true;
205 else if (strcmp(argv[i], "--socket-path") == 0 || strcmp(argv[i], "-p") == 0) {
207 control_socket_path = argv[i];
208 control_socket_path_set = true;
211 cerr << "dinit: '--socket-path' (-p) requires an argument" << endl;
215 else if (strcmp(argv[i], "--help") == 0) {
216 cout << "dinit, an init with dependency management" << endl;
217 cout << " --help display help" << endl;
218 cout << " --env-file <file>, -e <file>" << endl;
219 cout << " environment variable initialisation file" << endl;
220 cout << " --services-dir <dir>, -d <dir>" << endl;
221 cout << " set base directory for service description" << endl;
222 cout << " files (-d <dir>)" << endl;
223 cout << " --system, -s run as the system init process" << endl;
224 cout << " --socket-path <path>, -p <path>" << endl;
225 cout << " path to control socket" << endl;
226 cout << " <service-name> start service with name <service-name>" << endl;
231 if (! am_system_init) {
232 cerr << "dinit: Unrecognized option: " << argv[i] << endl;
239 // LILO puts "auto" on the kernel command line for unattended boots; we'll filter it.
240 if (! am_system_init || strcmp(argv[i], "auto") != 0) {
241 services_to_start.push_back(argv[i]);
244 services_to_start.push_back(argv[i]);
250 if (am_system_init) {
251 // setup STDIN, STDOUT, STDERR so that we can use them
252 int onefd = open("/dev/console", O_RDONLY, 0);
254 int twofd = open("/dev/console", O_RDWR, 0);
258 if (onefd > 2) close(onefd);
259 if (twofd > 2) close(twofd);
261 if (! env_file_set) {
262 env_file = env_file_path;
266 /* Set up signal handlers etc */
267 /* SIG_CHILD is ignored by default: good */
268 sigset_t sigwait_set;
269 sigemptyset(&sigwait_set);
270 sigaddset(&sigwait_set, SIGCHLD);
271 sigaddset(&sigwait_set, SIGINT);
272 sigaddset(&sigwait_set, SIGTERM);
273 if (am_system_init) sigaddset(&sigwait_set, SIGQUIT);
274 sigprocmask(SIG_BLOCK, &sigwait_set, NULL);
276 // Terminal access control signals - we block these so that dinit can't be
277 // suspended if it writes to the terminal after some other process has claimed
279 signal(SIGTSTP, SIG_IGN);
280 signal(SIGTTIN, SIG_IGN);
281 signal(SIGTTOU, SIG_IGN);
283 signal(SIGPIPE, SIG_IGN);
285 if (! am_system_init && ! control_socket_path_set) {
286 const char * userhome = get_user_home();
287 if (userhome != nullptr) {
288 control_socket_str = userhome;
289 control_socket_str += "/.dinitctl";
290 control_socket_path = control_socket_str.c_str();
294 /* service directory name */
295 if (service_dir == nullptr && ! am_system_init) {
296 const char * userhome = get_user_home();
297 if (userhome != nullptr) {
298 service_dir_str = get_user_home();
299 service_dir_str += "/dinit.d";
300 service_dir = service_dir_str.c_str();
304 if (service_dir == nullptr) {
305 service_dir = "/etc/dinit.d";
308 if (services_to_start.empty()) {
309 services_to_start.push_back("boot");
312 // Set up signal handlers
313 callback_signal_handler sigterm_watcher {sigterm_cb};
314 callback_signal_handler sigint_watcher;
315 callback_signal_handler sigquit_watcher;
317 if (am_system_init) {
318 sigint_watcher.setCbFunc(sigint_reboot_cb);
319 sigquit_watcher.setCbFunc(sigquit_cb);
322 sigint_watcher.setCbFunc(sigterm_cb);
325 sigint_watcher.add_watch(event_loop, SIGINT);
326 sigterm_watcher.add_watch(event_loop, SIGTERM);
328 if (am_system_init) {
329 // PID 1: SIGQUIT exec's shutdown
330 sigquit_watcher.add_watch(event_loop, SIGQUIT);
331 // As a user process, we instead just let SIGQUIT perform the default action.
334 // Try to open control socket (may fail due to readonly filesystem)
335 open_control_socket(false);
338 if (am_system_init) {
339 // Disable non-critical kernel output to console
340 klogctl(6 /* SYSLOG_ACTION_CONSOLE_OFF */, nullptr, 0);
341 // Make ctrl+alt+del combination send SIGINT to PID 1 (this process)
342 reboot(RB_DISABLE_CAD);
345 // Mark ourselves as a subreaper. This means that if a process we start double-forks, the
346 // orphaned child will re-parent to us rather than to PID 1 (although that could be us too).
347 prctl(PR_SET_CHILD_SUBREAPER, 1);
348 #elif defined(__FreeBSD__) || defined(__DragonFly__)
349 // Documentation (man page) for this kind of sucks. PROC_REAP_ACQUIRE "acquires the reaper status for
350 // the current process" but does that mean the first two arguments still need valid values to be
351 // supplied? We'll play it safe and explicitly target our own process:
352 procctl(P_PID, getpid(), PROC_REAP_ACQUIRE, NULL);
355 log_flush_timer.add_timer(event_loop, dasynq::clock_type::MONOTONIC);
357 /* start requested services */
358 services = new dirload_service_set(service_dir);
361 if (am_system_init) {
362 log(loglevel_t::INFO, false, "starting system");
365 if (env_file != nullptr) {
366 read_env_file(env_file);
369 for (auto svc : services_to_start) {
371 services->start_service(svc);
372 // Note in general if we fail to start a service we don't need any special error handling,
373 // since we either leave other services running or, if it was the only service, then no
374 // services will be running and we will process normally (reboot if system process,
375 // exit if user process).
377 catch (service_not_found &snf) {
378 log(loglevel_t::ERROR, snf.serviceName, ": Could not find service description.");
380 catch (service_load_exc &sle) {
381 log(loglevel_t::ERROR, sle.serviceName, ": ", sle.excDescription);
383 catch (std::bad_alloc &badalloce) {
384 log(loglevel_t::ERROR, "Out of memory when trying to start service: ", svc, ".");
391 // Process events until all services have terminated.
392 while (services->count_active_services() != 0) {
396 shutdown_type_t shutdown_type = services->get_shutdown_type();
398 if (am_system_init) {
399 log_msg_begin(loglevel_t::INFO, "No more active services.");
401 if (shutdown_type == shutdown_type_t::REBOOT) {
402 log_msg_end(" Will reboot.");
404 else if (shutdown_type == shutdown_type_t::HALT) {
405 log_msg_end(" Will halt.");
407 else if (shutdown_type == shutdown_type_t::POWEROFF) {
408 log_msg_end(" Will power down.");
411 log_msg_end(" Re-initiating boot sequence.");
415 log_flush_timer.arm_timer_rel(event_loop, timespec{5,0}); // 5 seconds
416 while (! is_log_flushed() && ! log_flush_timer.has_expired()) {
420 close_control_socket();
422 if (am_system_init) {
423 if (shutdown_type == shutdown_type_t::CONTINUE) {
424 // It could be that we started in single user mode, and the
425 // user has now exited the shell. We'll try and re-start the
428 services->start_service("boot");
429 goto event_loop; // yes, the "evil" goto
432 // Now what do we do? try to reboot, but wait for user ack to avoid boot loop.
433 log(loglevel_t::ERROR, "Could not start 'boot' service. Will attempt reboot.");
434 wait_for_user_input();
435 shutdown_type = shutdown_type_t::REBOOT;
439 const char * cmd_arg;
440 if (shutdown_type == shutdown_type_t::HALT) {
443 else if (shutdown_type == shutdown_type_t::REBOOT) {
451 // Fork and execute dinit-reboot.
452 execl("/sbin/shutdown", "/sbin/shutdown", "--system", cmd_arg, nullptr);
453 log(loglevel_t::ERROR, "Could not execute /sbin/shutdown: ", strerror(errno));
455 // PID 1 must not actually exit, although we should never reach this point:
460 else if (shutdown_type == shutdown_type_t::REBOOT) {
461 // Non-system-process. If we got SIGINT, let's die due to it:
462 sigset_t sigwait_set;
463 sigemptyset(&sigwait_set);
464 sigaddset(&sigwait_set, SIGINT);
466 sigprocmask(SIG_UNBLOCK, &sigwait_set, NULL);
472 static void log_bad_env(int linenum)
474 log(loglevel_t::ERROR, "invalid environment variable setting in environment file (line ", linenum, ")");
477 // Read and set environment variables from a file.
478 static void read_env_file(const char *env_file_path)
480 // Note that we can't use the log in this function; it hasn't been initialised yet.
482 std::ifstream env_file(env_file_path);
483 if (! env_file) return;
485 env_file.exceptions(std::ios::badbit);
487 auto &clocale = std::locale::classic();
491 while (std::getline(env_file, line)) {
493 auto lpos = line.begin();
494 auto lend = line.end();
495 while (lpos != lend && std::isspace(*lpos, clocale)) {
502 log_bad_env(linenum);
505 auto name_begin = lpos++;
506 // skip until '=' or whitespace:
507 while (lpos != lend && *lpos != '=' && ! std::isspace(*lpos, clocale)) ++lpos;
508 auto name_end = lpos;
510 while (lpos != lend && std::isspace(*lpos, clocale)) ++lpos;
512 log_bad_env(linenum);
517 auto val_begin = lpos;
518 while (lpos != lend && *lpos != '\n') ++lpos;
521 std::string name = line.substr(name_begin - line.begin(), name_end - name_begin);
522 std::string value = line.substr(val_begin - line.begin(), val_end - val_begin);
523 if (setenv(name.c_str(), value.c_str(), true) == -1) {
524 throw std::system_error(errno, std::system_category());
531 // In exception situations we want user confirmation before proceeding (eg on critical boot failure
532 // we wait before rebooting to avoid a reboot loop).
533 static void wait_for_user_input() noexcept
535 std::cout << "Press Enter to continue." << std::endl;
537 read(STDIN_FILENO, buf, 1);
540 // Callback for control socket
541 static void control_socket_cb(eventloop_t *loop, int sockfd)
543 // Considered keeping a limit the number of active connections, however, there doesn't
544 // seem much to be gained from that. Only root can create connections and not being
545 // able to establish a control connection is as much a denial-of-service as is not being
546 // able to start a service due to lack of fd's.
548 // Accept a connection
549 int newfd = dinit_accept4(sockfd, nullptr, nullptr, SOCK_NONBLOCK | SOCK_CLOEXEC);
553 new control_conn_t(*loop, services, newfd); // will delete itself when it's finished
555 catch (std::exception &exc) {
556 log(loglevel_t::ERROR, "Accepting control connection: ", exc.what());
562 void open_control_socket(bool report_ro_failure) noexcept
564 if (! control_socket_open) {
565 const char * saddrname = control_socket_path;
566 size_t saddrname_len = strlen(saddrname);
567 uint sockaddr_size = offsetof(struct sockaddr_un, sun_path) + saddrname_len + 1;
569 struct sockaddr_un * name = static_cast<sockaddr_un *>(malloc(sockaddr_size));
570 if (name == nullptr) {
571 log(loglevel_t::ERROR, "Opening control socket: out of memory");
575 if (am_system_init) {
576 // Unlink any stale control socket file, but only if we are system init, since otherwise
577 // the 'stale' file may not be stale at all:
581 name->sun_family = AF_UNIX;
582 memcpy(name->sun_path, saddrname, saddrname_len + 1);
584 int sockfd = dinit_socket(AF_UNIX, SOCK_STREAM, 0, SOCK_NONBLOCK | SOCK_CLOEXEC);
586 log(loglevel_t::ERROR, "Error creating control socket: ", strerror(errno));
591 if (bind(sockfd, (struct sockaddr *) name, sockaddr_size) == -1) {
592 if (errno != EROFS || report_ro_failure) {
593 log(loglevel_t::ERROR, "Error binding control socket: ", strerror(errno));
602 // No connections can be made until we listen, so it is fine to change the permissions now
603 // (and anyway there is no way to atomically create the socket and set permissions):
604 if (chmod(saddrname, S_IRUSR | S_IWUSR) == -1) {
605 log(loglevel_t::ERROR, "Error setting control socket permissions: ", strerror(errno));
610 if (listen(sockfd, 10) == -1) {
611 log(loglevel_t::ERROR, "Error listening on control socket: ", strerror(errno));
617 control_socket_io.add_watch(event_loop, sockfd, dasynq::IN_EVENTS);
618 control_socket_open = true;
620 catch (std::exception &e)
622 log(loglevel_t::ERROR, "Could not setup I/O on control socket: ", e.what());
628 static void close_control_socket() noexcept
630 if (control_socket_open) {
631 int fd = control_socket_io.get_watched_fd();
632 control_socket_io.deregister(event_loop);
635 // Unlink the socket:
636 unlink(control_socket_path);
640 void setup_external_log() noexcept
642 if (! external_log_open) {
644 const char * saddrname = log_socket_path;
645 size_t saddrname_len = strlen(saddrname);
646 uint sockaddr_size = offsetof(struct sockaddr_un, sun_path) + saddrname_len + 1;
648 struct sockaddr_un * name = static_cast<sockaddr_un *>(malloc(sockaddr_size));
649 if (name == nullptr) {
650 log(loglevel_t::ERROR, "Connecting to log socket: out of memory");
654 name->sun_family = AF_UNIX;
655 memcpy(name->sun_path, saddrname, saddrname_len + 1);
657 int sockfd = dinit_socket(AF_UNIX, SOCK_DGRAM, 0, SOCK_NONBLOCK | SOCK_CLOEXEC);
659 log(loglevel_t::ERROR, "Error creating log socket: ", strerror(errno));
664 if (connect(sockfd, (struct sockaddr *) name, sockaddr_size) == 0 || errno == EINPROGRESS) {
665 // For EINPROGRESS, connection is still being established; however, we can select on
666 // the file descriptor so we will be notified when it's ready. In other words we can
667 // basically use it anyway.
669 setup_main_log(sockfd);
671 catch (std::exception &e) {
672 log(loglevel_t::ERROR, "Setting up log failed: ", e.what());
677 // Note if connect fails, we haven't warned at all, because the syslog server might not
686 /* handle SIGINT signal (generated by Linux kernel when ctrl+alt+del pressed) */
687 static void sigint_reboot_cb(eventloop_t &eloop) noexcept
689 services->stop_all_services(shutdown_type_t::REBOOT);
692 /* handle SIGQUIT (if we are system init) */
693 static void sigquit_cb(eventloop_t &eloop) noexcept
695 // This performs an immediate shutdown, without service rollback.
696 close_control_socket();
697 execl("/sbin/shutdown", "/sbin/shutdown", "--system", (char *) 0);
698 log(loglevel_t::ERROR, "Error executing /sbin/shutdown: ", strerror(errno));
699 sync(); // since a hard poweroff might be required at this point...
702 /* handle SIGTERM/SIGQUIT(non-system-daemon) - stop all services and shut down */
703 static void sigterm_cb(eventloop_t &eloop) noexcept
705 services->stop_all_services();
projects / oweals / dinit.git / blob