12 #include <sys/socket.h>
18 #include <sys/prctl.h>
20 #include <sys/reboot.h>
22 #if defined(__FreeBSD__) || defined(__DragonFly__)
23 #include <sys/procctl.h>
30 #include "dinit-log.h"
31 #include "dinit-socket.h"
32 #include "static-string.h"
33 #include "dinit-utmp.h"
34 #include "options-processing.h"
39 * When running as the system init process, Dinit processes the following signals:
41 * SIGTERM - roll back services and then fork/exec /sbin/halt
42 * SIGINT - roll back services and then fork/exec /sbin/reboot
43 * SIGQUIT - exec() /sbin/shutdown without rolling back services
45 * It's an open question about whether Dinit should roll back services *before*
46 * running halt/reboot, since those commands should prompt rollback of services
47 * anyway. But it seems safe to do so, and it means the user can at least stop
48 * services even if the halt/reboot commands are unavailable for some reason.
53 using eventloop_t = dasynq::event_loop<dasynq::null_mutex>;
55 eventloop_t event_loop;
57 static void sigint_reboot_cb(eventloop_t &eloop) noexcept;
58 static void sigquit_cb(eventloop_t &eloop) noexcept;
59 static void sigterm_cb(eventloop_t &eloop) noexcept;
60 static void open_control_socket(bool report_ro_failure = true) noexcept;
61 static void close_control_socket() noexcept;
62 static void confirm_restart_boot() noexcept;
64 static void control_socket_cb(eventloop_t *loop, int fd);
69 static dirload_service_set *services;
71 static bool am_pid_one = false; // true if we are PID 1
72 static bool am_system_init = false; // true if we are the system init process
74 static bool did_log_boot = false;
75 static bool control_socket_open = false;
76 static bool external_log_open = false;
77 int active_control_conns = 0;
79 // Control socket path. We maintain a string (control_socket_str) in case we need
80 // to allocate storage, but control_socket_path is the authoritative value.
81 static const char *control_socket_path = SYSCONTROLSOCKET;
82 static std::string control_socket_str;
84 static const char *env_file_path = "/etc/dinit/environment";
86 static const char *log_path = "/dev/log";
87 static bool log_is_syslog = true; // if false, log is a file
89 // Set to true (when console_input_watcher is active) if console input becomes available
90 static bool console_input_ready = false;
94 // Event-loop handler for a signal, which just delegates to a function (pointer).
95 class callback_signal_handler : public eventloop_t::signal_watcher_impl<callback_signal_handler>
97 using rearm = dasynq::rearm;
100 typedef void (*cb_func_t)(eventloop_t &);
106 callback_signal_handler() : cb_func(nullptr) { }
107 callback_signal_handler(cb_func_t pcb_func) : cb_func(pcb_func) { }
109 void set_cb_func(cb_func_t cb_func)
111 this->cb_func = cb_func;
114 rearm received(eventloop_t &eloop, int signo, siginfo_p siginfo)
121 // Event-loop handler for when a connection is made to the control socket.
122 class control_socket_watcher : public eventloop_t::fd_watcher_impl<control_socket_watcher>
124 using rearm = dasynq::rearm;
127 rearm fd_event(eventloop_t &loop, int fd, int flags) noexcept
129 control_socket_cb(&loop, fd);
134 // Watch for console input and set a flag when it is available.
135 class console_input_watcher : public eventloop_t::fd_watcher_impl<console_input_watcher>
137 using rearm = dasynq::rearm;
140 rearm fd_event(eventloop_t &loop, int fd, int flags) noexcept
142 console_input_ready = true;
143 return rearm::DISARM;
147 // Simple timer used to limit the amount of time waiting for the log flush to complete (at shutdown)
148 class log_flush_timer_t : public eventloop_t::timer_impl<log_flush_timer_t>
150 using rearm = dasynq::rearm;
155 rearm timer_expiry(eventloop_t &, int expiry_count)
158 return rearm::DISARM;
172 control_socket_watcher control_socket_io;
173 console_input_watcher console_input_io;
174 log_flush_timer_t log_flush_timer;
178 int dinit_main(int argc, char **argv)
182 am_pid_one = (getpid() == 1);
183 am_system_init = (getuid() == 0);
184 const char * env_file = nullptr;
185 bool control_socket_path_set = false;
186 bool env_file_set = false;
187 bool log_specified = false;
189 service_dir_opt service_dir_opts;
191 // list of services to start
192 list<const char *> services_to_start;
194 // Arguments, if given, specify a list of services to start.
195 // If we are running as init (PID=1), the Linux kernel gives us any command line arguments it was given
196 // but didn't recognize, including "single" (usually for "boot to single user mode" aka just start the
197 // shell). We can treat them as service names. In the worst case we can't find any of the named
198 // services, and so we'll start the "boot" service by default.
200 for (int i = 1; i < argc; i++) {
201 if (argv[i][0] == '-') {
203 if (strcmp(argv[i], "--env-file") == 0 || strcmp(argv[i], "-e") == 0) {
209 cerr << "dinit: '--env-file' (-e) requires an argument" << endl;
212 else if (strcmp(argv[i], "--services-dir") == 0 || strcmp(argv[i], "-d") == 0) {
214 service_dir_opts.set_specified_service_dir(argv[i]);
217 cerr << "dinit: '--services-dir' (-d) requires an argument" << endl;
221 else if (strcmp(argv[i], "--system") == 0 || strcmp(argv[i], "-s") == 0) {
222 am_system_init = true;
224 else if (strcmp(argv[i], "--user") == 0 || strcmp(argv[i], "-u") == 0) {
225 am_system_init = false;
227 else if (strcmp(argv[i], "--socket-path") == 0 || strcmp(argv[i], "-p") == 0) {
229 control_socket_path = argv[i];
230 control_socket_path_set = true;
233 cerr << "dinit: '--socket-path' (-p) requires an argument" << endl;
237 else if (strcmp(argv[i], "--log-file") == 0 || strcmp(argv[i], "-l") == 0) {
240 log_is_syslog = false;
241 log_specified = true;
244 cerr << "dinit: '--log-file' (-l) requires an argument" << endl;
248 else if (strcmp(argv[i], "--quiet") == 0 || strcmp(argv[i], "-q") == 0) {
249 console_service_status = false;
250 log_level[DLOG_CONS] = loglevel_t::ZERO;
252 else if (strcmp(argv[i], "--help") == 0) {
253 cout << "dinit, an init with dependency management\n"
254 " --help display help\n"
255 " --env-file <file>, -e <file>\n"
256 " environment variable initialisation file\n"
257 " --services-dir <dir>, -d <dir>\n"
258 " set base directory for service description\n"
260 " --system, -s run as the system service manager\n"
261 " --user, -u run as a user service manager\n"
262 " --socket-path <path>, -p <path>\n"
263 " path to control socket\n"
264 " --log-file <file>, -l <file> log to the specified file\n"
265 " --quiet, -q disable output to standard output\n"
266 " <service-name> start service with name <service-name>\n";
271 if (! am_system_init) {
272 cerr << "dinit: Unrecognized option: " << argv[i] << endl;
279 // LILO puts "auto" on the kernel command line for unattended boots; we'll filter it.
280 if (! am_pid_one || strcmp(argv[i], "auto") != 0) {
281 services_to_start.push_back(argv[i]);
284 services_to_start.push_back(argv[i]);
290 if (am_system_init) {
291 // setup STDIN, STDOUT, STDERR so that we can use them
292 int onefd = open("/dev/console", O_RDONLY, 0);
296 int twofd = open("/dev/console", O_RDWR, 0);
302 if (onefd > 2) close(onefd);
303 if (twofd > 2) close(twofd);
305 if (! env_file_set) {
306 env_file = env_file_path;
310 /* Set up signal handlers etc */
311 /* SIG_CHILD is ignored by default: good */
312 sigset_t sigwait_set;
313 sigemptyset(&sigwait_set);
314 sigaddset(&sigwait_set, SIGCHLD);
315 sigaddset(&sigwait_set, SIGINT);
316 sigaddset(&sigwait_set, SIGTERM);
317 if (am_pid_one) sigaddset(&sigwait_set, SIGQUIT);
318 sigprocmask(SIG_BLOCK, &sigwait_set, NULL);
320 // Terminal access control signals - we ignore these so that dinit can't be
321 // suspended if it writes to the terminal after some other process has claimed
323 signal(SIGTSTP, SIG_IGN);
324 signal(SIGTTIN, SIG_IGN);
325 signal(SIGTTOU, SIG_IGN);
327 signal(SIGPIPE, SIG_IGN);
329 if (! am_system_init && ! control_socket_path_set) {
330 const char * userhome = service_dir_opt::get_user_home();
331 if (userhome != nullptr) {
332 control_socket_str = userhome;
333 control_socket_str += "/.dinitctl";
334 control_socket_path = control_socket_str.c_str();
338 if (services_to_start.empty()) {
339 services_to_start.push_back("boot");
342 // Set up signal handlers
343 callback_signal_handler sigterm_watcher {sigterm_cb};
344 callback_signal_handler sigint_watcher;
345 callback_signal_handler sigquit_watcher;
348 sigint_watcher.set_cb_func(sigint_reboot_cb);
349 sigquit_watcher.set_cb_func(sigquit_cb);
352 sigint_watcher.set_cb_func(sigterm_cb);
355 sigint_watcher.add_watch(event_loop, SIGINT);
356 sigterm_watcher.add_watch(event_loop, SIGTERM);
359 // PID 1: we may ask for console input; SIGQUIT exec's shutdown
360 console_input_io.add_watch(event_loop, STDIN_FILENO, dasynq::IN_EVENTS, false);
361 sigquit_watcher.add_watch(event_loop, SIGQUIT);
362 // (If not PID 1, we instead just let SIGQUIT perform the default action.)
365 // Try to open control socket (may fail due to readonly filesystem)
366 open_control_socket(false);
369 if (am_system_init) {
370 // Disable non-critical kernel output to console
371 klogctl(6 /* SYSLOG_ACTION_CONSOLE_OFF */, nullptr, 0);
372 // Make ctrl+alt+del combination send SIGINT to PID 1 (this process)
373 reboot(RB_DISABLE_CAD);
376 // Mark ourselves as a subreaper. This means that if a process we start double-forks, the
377 // orphaned child will re-parent to us rather than to PID 1 (although that could be us too).
378 prctl(PR_SET_CHILD_SUBREAPER, 1);
379 #elif defined(__FreeBSD__) || defined(__DragonFly__)
380 // Documentation (man page) for this kind of sucks. PROC_REAP_ACQUIRE "acquires the reaper status for
381 // the current process" but does that mean the first two arguments still need valid values to be
382 // supplied? We'll play it safe and explicitly target our own process:
383 procctl(P_PID, getpid(), PROC_REAP_ACQUIRE, NULL);
386 log_flush_timer.add_timer(event_loop, dasynq::clock_type::MONOTONIC);
388 service_dir_opts.build_paths(am_system_init);
390 /* start requested services */
391 services = new dirload_service_set(std::move(service_dir_opts.get_paths()));
393 init_log(services, log_is_syslog);
394 if (am_system_init) {
395 log(loglevel_t::INFO, false, "Starting system");
398 // Only try to set up the external log now if we aren't the system init. (If we are the
399 // system init, wait until the log service starts).
400 if (! am_system_init && log_specified) setup_external_log();
402 if (env_file != nullptr) {
403 read_env_file(env_file);
406 for (auto svc : services_to_start) {
408 services->start_service(svc);
409 // Note in general if we fail to start a service we don't need any special error handling,
410 // since we either leave other services running or, if it was the only service, then no
411 // services will be running and we will process normally (reboot if system process,
412 // exit if user process).
414 catch (service_not_found &snf) {
415 log(loglevel_t::ERROR, snf.service_name, ": Could not find service description.");
417 catch (service_load_exc &sle) {
418 log(loglevel_t::ERROR, sle.service_name, ": ", sle.exc_description);
420 catch (std::bad_alloc &badalloce) {
421 log(loglevel_t::ERROR, "Out of memory when trying to start service: ", svc, ".");
428 // Process events until all services have terminated.
429 while (services->count_active_services() != 0) {
433 shutdown_type_t shutdown_type = services->get_shutdown_type();
434 if (shutdown_type == shutdown_type_t::REMAIN) {
439 log_msg_begin(loglevel_t::INFO, "No more active services.");
441 if (shutdown_type == shutdown_type_t::REBOOT) {
442 log_msg_end(" Will reboot.");
444 else if (shutdown_type == shutdown_type_t::HALT) {
445 log_msg_end(" Will halt.");
447 else if (shutdown_type == shutdown_type_t::POWEROFF) {
448 log_msg_end(" Will power down.");
452 log_flush_timer.reset();
453 log_flush_timer.arm_timer_rel(event_loop, timespec{5,0}); // 5 seconds
454 while (! is_log_flushed() && ! log_flush_timer.has_expired()) {
458 close_control_socket();
461 if (shutdown_type == shutdown_type_t::NONE) {
462 // Services all stopped but there was no shutdown issued. Inform user, wait for ack, and
463 // re-start boot sequence.
464 sync(); // Sync to minimise data loss if user elects to power off / hard reset
465 confirm_restart_boot();
466 if (services->count_active_services() != 0) {
467 // Recovery service started
470 shutdown_type = services->get_shutdown_type();
471 if (shutdown_type == shutdown_type_t::NONE) {
473 services->start_service("boot");
474 goto run_event_loop; // yes, the "evil" goto
477 // Now what do we do? try to reboot, but wait for user ack to avoid boot loop.
478 log(loglevel_t::ERROR, "Could not start 'boot' service. Will attempt reboot.");
479 shutdown_type = shutdown_type_t::REBOOT;
484 const char * cmd_arg;
485 if (shutdown_type == shutdown_type_t::HALT) {
488 else if (shutdown_type == shutdown_type_t::REBOOT) {
496 // Fork and execute dinit-reboot.
497 constexpr auto shutdown_exec = literal(SBINDIR) + "/shutdown";
498 execl(shutdown_exec.c_str(), shutdown_exec.c_str(), "--system", cmd_arg, nullptr);
499 log(loglevel_t::ERROR, (literal("Could not execute ") + SBINDIR + "/shutdown: ").c_str(),
502 // PID 1 must not actually exit, although we should never reach this point:
507 else if (shutdown_type == shutdown_type_t::REBOOT) {
508 // Non-system-process. If we got SIGINT, let's die due to it:
509 sigset_t sigwait_set_int;
510 sigemptyset(&sigwait_set_int);
511 sigaddset(&sigwait_set_int, SIGINT);
513 sigprocmask(SIG_UNBLOCK, &sigwait_set_int, NULL);
519 // Log a parse error when reading the environment file.
520 static void log_bad_env(int linenum)
522 log(loglevel_t::ERROR, "invalid environment variable setting in environment file (line ", linenum, ")");
525 // Read and set environment variables from a file. May throw std::bad_alloc, std::system_error.
526 void read_env_file(const char *env_file_path)
528 // Note that we can't use the log in this function; it hasn't been initialised yet.
530 std::ifstream env_file(env_file_path);
531 if (! env_file) return;
533 env_file.exceptions(std::ios::badbit);
535 auto &clocale = std::locale::classic();
539 while (std::getline(env_file, line)) {
541 auto lpos = line.begin();
542 auto lend = line.end();
543 while (lpos != lend && std::isspace(*lpos, clocale)) {
550 log_bad_env(linenum);
553 auto name_begin = lpos++;
554 // skip until '=' or whitespace:
555 while (lpos != lend && *lpos != '=' && ! std::isspace(*lpos, clocale)) ++lpos;
556 auto name_end = lpos;
558 while (lpos != lend && std::isspace(*lpos, clocale)) ++lpos;
560 log_bad_env(linenum);
565 auto val_begin = lpos;
566 while (lpos != lend && *lpos != '\n') ++lpos;
569 std::string name = line.substr(name_begin - line.begin(), name_end - name_begin);
570 std::string value = line.substr(val_begin - line.begin(), val_end - val_begin);
571 if (setenv(name.c_str(), value.c_str(), true) == -1) {
572 throw std::system_error(errno, std::system_category());
579 // Get user confirmation before proceeding with restarting boot sequence.
580 // Returns after confirmation, possibly with shutdown type altered.
581 static void confirm_restart_boot() noexcept
583 // Bypass log; we want to make certain the message is seen:
584 std::cout << "All services have stopped with no shutdown issued; boot failure?\n";
586 // Drain input, set non-canonical input mode (receive characters as they are typed)
587 struct termios term_attr;
588 if (tcgetattr(STDIN_FILENO, &term_attr) != 0) {
590 std::cout << "Halting." << std::endl;
591 services->stop_all_services(shutdown_type_t::HALT);
594 term_attr.c_lflag &= ~ICANON;
595 tcsetattr(STDIN_FILENO, TCSAFLUSH, &term_attr);
597 // Set non-blocking mode
598 int origFlags = fcntl(STDIN_FILENO, F_GETFL);
599 fcntl(STDIN_FILENO, F_SETFL, origFlags | O_NONBLOCK);
602 std::cout << "Choose: (r)eboot, r(e)covery, re(s)tart boot sequence, (p)ower off? " << std::flush;
604 console_input_io.set_enabled(event_loop, true);
607 } while (! console_input_ready && services->get_shutdown_type() == shutdown_type_t::NONE);
608 console_input_io.set_enabled(event_loop, false);
610 // We either have input, or shutdown type has been set, or both.
611 if (console_input_ready) {
612 console_input_ready = false;
614 int r = read(STDIN_FILENO, buf, 1); // read a single character, to make sure we wait for input
616 std::cout << "\n"; // force new line after input
617 if (buf[0] == 'r' || buf[0] == 'R') {
618 services->stop_all_services(shutdown_type_t::REBOOT);
620 else if (buf[0] == 'e' || buf[0] == 'E') {
622 services->start_service("recovery");
625 std::cout << "Unable to start recovery service.\n";
629 else if (buf[0] == 's' || buf[0] == 'S') {
630 // nothing - leave no shutdown type
632 else if (buf[0] == 'p' || buf[0] == 'P') {
633 services->stop_all_services(shutdown_type_t::POWEROFF);
639 tcflush(STDIN_FILENO, TCIFLUSH); // discard the rest of input
642 term_attr.c_lflag |= ICANON;
643 tcsetattr(STDIN_FILENO, TCSANOW, &term_attr);
644 fcntl(STDIN_FILENO, F_SETFL, origFlags);
647 // Callback for control socket
648 static void control_socket_cb(eventloop_t *loop, int sockfd)
650 // Considered keeping a limit the number of active connections, however, there doesn't
651 // seem much to be gained from that. Only root can create connections and not being
652 // able to establish a control connection is as much a denial-of-service as is not being
653 // able to start a service due to lack of fd's.
655 // Accept a connection
656 int newfd = dinit_accept4(sockfd, nullptr, nullptr, SOCK_NONBLOCK | SOCK_CLOEXEC);
660 new control_conn_t(*loop, services, newfd); // will delete itself when it's finished
662 catch (std::exception &exc) {
663 log(loglevel_t::ERROR, "Accepting control connection: ", exc.what());
669 // Callback when the root filesystem is read/write:
670 void rootfs_is_rw() noexcept
672 open_control_socket(true);
673 if (! did_log_boot) {
674 did_log_boot = log_boot();
678 // Open/create the control socket, normally /dev/dinitctl, used to allow client programs to connect
679 // and issue service orders and shutdown commands etc. This can safely be called multiple times;
680 // once the socket has been successfully opened, further calls have no effect.
681 static void open_control_socket(bool report_ro_failure) noexcept
683 if (control_socket_open) {
684 struct stat stat_buf;
685 if (stat(control_socket_path, &stat_buf) != 0 && errno == ENOENT) {
686 // Looks like our control socket has disappeared from the filesystem. Close our control
687 // socket and re-create it:
688 control_socket_io.deregister(event_loop);
689 close(control_socket_io.get_watched_fd());
690 control_socket_open = false; // now re-open below
694 if (! control_socket_open) {
695 const char * saddrname = control_socket_path;
696 size_t saddrname_len = strlen(saddrname);
697 uint sockaddr_size = offsetof(struct sockaddr_un, sun_path) + saddrname_len + 1;
699 struct sockaddr_un * name = static_cast<sockaddr_un *>(malloc(sockaddr_size));
700 if (name == nullptr) {
701 log(loglevel_t::ERROR, "Opening control socket: out of memory");
705 if (am_system_init) {
706 // Unlink any stale control socket file, but only if we are system init, since otherwise
707 // the 'stale' file may not be stale at all:
711 name->sun_family = AF_UNIX;
712 memcpy(name->sun_path, saddrname, saddrname_len + 1);
714 int sockfd = dinit_socket(AF_UNIX, SOCK_STREAM, 0, SOCK_NONBLOCK | SOCK_CLOEXEC);
716 log(loglevel_t::ERROR, "Error creating control socket: ", strerror(errno));
721 if (bind(sockfd, (struct sockaddr *) name, sockaddr_size) == -1) {
722 if (errno != EROFS || report_ro_failure) {
723 log(loglevel_t::ERROR, "Error binding control socket: ", strerror(errno));
732 // No connections can be made until we listen, so it is fine to change the permissions now
733 // (and anyway there is no way to atomically create the socket and set permissions):
734 if (chmod(saddrname, S_IRUSR | S_IWUSR) == -1) {
735 log(loglevel_t::ERROR, "Error setting control socket permissions: ", strerror(errno));
740 if (listen(sockfd, 10) == -1) {
741 log(loglevel_t::ERROR, "Error listening on control socket: ", strerror(errno));
747 control_socket_io.add_watch(event_loop, sockfd, dasynq::IN_EVENTS);
748 control_socket_open = true;
750 catch (std::exception &e)
752 log(loglevel_t::ERROR, "Could not setup I/O on control socket: ", e.what());
758 static void close_control_socket() noexcept
760 if (control_socket_open) {
761 int fd = control_socket_io.get_watched_fd();
762 control_socket_io.deregister(event_loop);
765 // Unlink the socket:
766 unlink(control_socket_path);
768 control_socket_open = false;
772 void setup_external_log() noexcept
774 if (! external_log_open) {
776 const char * saddrname = log_path;
777 size_t saddrname_len = strlen(saddrname);
778 uint sockaddr_size = offsetof(struct sockaddr_un, sun_path) + saddrname_len + 1;
780 struct sockaddr_un * name = static_cast<sockaddr_un *>(malloc(sockaddr_size));
781 if (name == nullptr) {
782 log(loglevel_t::ERROR, "Connecting to log socket: out of memory");
786 name->sun_family = AF_UNIX;
787 memcpy(name->sun_path, saddrname, saddrname_len + 1);
789 int sockfd = dinit_socket(AF_UNIX, SOCK_DGRAM, 0, SOCK_NONBLOCK | SOCK_CLOEXEC);
791 log(loglevel_t::ERROR, "Error creating log socket: ", strerror(errno));
796 if (connect(sockfd, (struct sockaddr *) name, sockaddr_size) == 0 || errno == EINPROGRESS) {
797 // For EINPROGRESS, connection is still being established; however, we can select on
798 // the file descriptor so we will be notified when it's ready. In other words we can
799 // basically use it anyway.
801 setup_main_log(sockfd);
802 external_log_open = true;
804 catch (std::exception &e) {
805 log(loglevel_t::ERROR, "Setting up log failed: ", e.what());
810 // Note if connect fails, we haven't warned at all, because the syslog server might not
819 int log_fd = open(log_path, O_WRONLY | O_CREAT | O_APPEND | O_NONBLOCK | O_CLOEXEC, 0644);
822 setup_main_log(log_fd);
823 external_log_open = true;
825 catch (std::exception &e) {
826 log(loglevel_t::ERROR, "Setting up log failed: ", e.what());
831 // log failure to log? It makes more sense than first appears, because we also log
833 log(loglevel_t::ERROR, "Setting up log failed: ", strerror(errno));
839 /* handle SIGINT signal (generated by Linux kernel when ctrl+alt+del pressed) */
840 static void sigint_reboot_cb(eventloop_t &eloop) noexcept
842 services->stop_all_services(shutdown_type_t::REBOOT);
845 /* handle SIGQUIT (if we are system init) */
846 static void sigquit_cb(eventloop_t &eloop) noexcept
848 // This performs an immediate shutdown, without service rollback.
849 close_control_socket();
850 constexpr auto shutdown_exec = literal(SBINDIR) + "/shutdown";
851 execl(shutdown_exec.c_str(), shutdown_exec.c_str(), "--system", (char *) 0);
852 log(loglevel_t::ERROR, literal("Error executing ") + SBINDIR + "/sbin/shutdown: ", strerror(errno));
853 sync(); // since a hard poweroff might be required at this point...
856 /* handle SIGTERM/SIGQUIT(non-system-daemon) - stop all services and shut down */
857 static void sigterm_cb(eventloop_t &eloop) noexcept
859 services->stop_all_services();