]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/unit.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #18007 from fw-strlen/ipv6_masq_and_dnat
[thirdparty/systemd.git] / src / core / unit.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
a7334b09 2
87f0e418 3#include <errno.h>
0301abf4 4#include <stdlib.h>
4c253ed1 5#include <sys/prctl.h>
4f5dd394 6#include <unistd.h>
87f0e418 7
718db961
LP		 8#include "sd-id128.h"
9#include "sd-messages.h"
4f5dd394 10
57b7a260 11#include "all-units.h"
d68c645b 12#include "alloc-util.h"
fab34748 13#include "bpf-firewall.h"
4f5dd394
LP		 14#include "bus-common-errors.h"
15#include "bus-util.h"
fdb3deca 16#include "cgroup-setup.h"
c6c18be3 17#include "cgroup-util.h"
e30bbc90 18#include "core-varlink.h"
4f5dd394
LP		 19#include "dbus-unit.h"
20#include "dbus.h"
21#include "dropin.h"
22#include "escape.h"
23#include "execute.h"
6a48d82f 24#include "fd-util.h"
a5c32cff 25#include "fileio-label.h"
ee228be1 26#include "fileio.h"
f97b34a6 27#include "format-util.h"
4b58153d 28#include "id128-util.h"
5cfa33e0 29#include "install.h"
2d3b784d 30#include "io-util.h"
a3f5fd96 31#include "label.h"
4f5dd394
LP		 32#include "load-dropin.h"
33#include "load-fragment.h"
34#include "log.h"
35#include "macro.h"
f5947a5e 36#include "missing_audit.h"
4f5dd394
LP		 37#include "mkdir.h"
38#include "path-util.h"
0b452006 39#include "process-util.h"
810ef318 40#include "rm-rf.h"
4f5dd394 41#include "set.h"
6eb7c172 42#include "signal-util.h"
d3070fbd 43#include "sparse-endian.h"
e9db43d5 44#include "special.h"
2e59b241 45#include "specifier.h"
8fcde012 46#include "stat-util.h"
d054f0a4 47#include "stdio-util.h"
5afe510c 48#include "string-table.h"
07630cea 49#include "string-util.h"
4f5dd394 50#include "strv.h"
5b262f74 51#include "terminal-util.h"
e4de7287 52#include "tmpfile-util.h"
4f4afc88 53#include "umask-util.h"
4f5dd394 54#include "unit-name.h"
e9db43d5 55#include "unit.h"
b1d4f8e1
LP		 56#include "user-util.h"
57#include "virt.h"
87f0e418 58
37109b85
ZJS		 59/* Thresholds for logging at INFO level about resource consumption */
60#define MENTIONWORTHY_CPU_NSEC (1 * NSEC_PER_SEC)
61#define MENTIONWORTHY_IO_BYTES (1024 * 1024ULL)
62#define MENTIONWORTHY_IP_BYTES (0ULL)
63
64/* Thresholds for logging at INFO level about resource consumption */
65#define NOTICEWORTHY_CPU_NSEC (10*60 * NSEC_PER_SEC) /* 10 minutes */
66#define NOTICEWORTHY_IO_BYTES (10 * 1024 * 1024ULL) /* 10 MB */
67#define NOTICEWORTHY_IP_BYTES (128 * 1024 * 1024ULL) /* 128 MB */
68
87f0e418
LP		 69const UnitVTable * const unit_vtable[_UNIT_TYPE_MAX] = {
70 [UNIT_SERVICE] = &service_vtable,
87f0e418
LP		 71 [UNIT_SOCKET] = &socket_vtable,
72 [UNIT_TARGET] = &target_vtable,
73 [UNIT_DEVICE] = &device_vtable,
74 [UNIT_MOUNT] = &mount_vtable,
75 [UNIT_AUTOMOUNT] = &automount_vtable,
01f78473 76 [UNIT_SWAP] = &swap_vtable,
e821075a 77 [UNIT_TIMER] = &timer_vtable,
a016b922 78 [UNIT_PATH] = &path_vtable,
6c12b52e 79 [UNIT_SLICE] = &slice_vtable,
5afe510c 80 [UNIT_SCOPE] = &scope_vtable,
87f0e418
LP		 81};
82
f2341e0a 83static void maybe_warn_about_dependency(Unit *u, const char *other, UnitDependency dependency);
d1fab3fe 84
75db809a 85Unit* unit_new(Manager *m, size_t size) {
87f0e418
LP		 86 Unit *u;
87
88 assert(m);
ac155bb8 89 assert(size >= sizeof(Unit));
87f0e418 90
7d17cfbc
MS		 91 u = malloc0(size);
92 if (!u)
87f0e418
LP		 93 return NULL;
94
ac155bb8
MS		 95 u->manager = m;
96 u->type = _UNIT_TYPE_INVALID;
ac155bb8
MS		 97 u->default_dependencies = true;
98 u->unit_file_state = _UNIT_FILE_STATE_INVALID;
d2dc52db 99 u->unit_file_preset = -1;
d420282b 100 u->on_failure_job_mode = JOB_REPLACE;
0bb814c2 101 u->cgroup_control_inotify_wd = -1;
afcfaa69 102 u->cgroup_memory_inotify_wd = -1;
36c16a7c 103 u->job_timeout = USEC_INFINITY;
a2df3ea4 104 u->job_running_timeout = USEC_INFINITY;
00d9ef85
LP		 105 u->ref_uid = UID_INVALID;
106 u->ref_gid = GID_INVALID;
fe700f46 107 u->cpu_usage_last = NSEC_INFINITY;
17f14955 108 u->cgroup_invalidated_mask |= CGROUP_MASK_BPF_FIREWALL;
7af67e9a 109 u->failure_action_exit_status = u->success_action_exit_status = -1;
87f0e418 110
6a48d82f
DM		 111 u->ip_accounting_ingress_map_fd = -1;
112 u->ip_accounting_egress_map_fd = -1;
113 u->ipv4_allow_map_fd = -1;
114 u->ipv6_allow_map_fd = -1;
115 u->ipv4_deny_map_fd = -1;
116 u->ipv6_deny_map_fd = -1;
117
2e59b241
LP		 118 u->last_section_private = -1;
119
7bf081a1 120 u->start_ratelimit = (RateLimit) { m->default_start_limit_interval, m->default_start_limit_burst };
8c227e7f 121 u->auto_stop_ratelimit = (RateLimit) { 10 * USEC_PER_SEC, 16 };
bea355da 122
fbe14fc9
LP		 123 for (CGroupIOAccountingMetric i = 0; i < _CGROUP_IO_ACCOUNTING_METRIC_MAX; i++)
124 u->io_accounting_last[i] = UINT64_MAX;
125
87f0e418
LP		 126 return u;
127}
128
a581e45a 129int unit_new_for_name(Manager *m, size_t size, const char *name, Unit **ret) {
dc409696 130 _cleanup_(unit_freep) Unit *u = NULL;
a581e45a
LP		 131 int r;
132
133 u = unit_new(m, size);
134 if (!u)
135 return -ENOMEM;
136
137 r = unit_add_name(u, name);
dc409696 138 if (r < 0)
a581e45a 139 return r;
a581e45a 140
1cc6c93a
YW		 141 *ret = TAKE_PTR(u);
142
a581e45a
LP		 143 return r;
144}
145
303ee601 146bool unit_has_name(const Unit *u, const char *name) {
f278026d
LP		 147 assert(u);
148 assert(name);
149
4562c355
ZJS		 150 return streq_ptr(name, u->id) ||
151 set_contains(u->aliases, name);
f278026d
LP		 152}
153
598459ce
LP		 154static void unit_init(Unit *u) {
155 CGroupContext *cc;
156 ExecContext *ec;
157 KillContext *kc;
158
159 assert(u);
160 assert(u->manager);
161 assert(u->type >= 0);
162
163 cc = unit_get_cgroup_context(u);
164 if (cc) {
165 cgroup_context_init(cc);
166
167 /* Copy in the manager defaults into the cgroup
168 * context, _before_ the rest of the settings have
169 * been initialized */
170
171 cc->cpu_accounting = u->manager->default_cpu_accounting;
13c31542 172 cc->io_accounting = u->manager->default_io_accounting;
598459ce
LP		 173 cc->blockio_accounting = u->manager->default_blockio_accounting;
174 cc->memory_accounting = u->manager->default_memory_accounting;
03a7b521 175 cc->tasks_accounting = u->manager->default_tasks_accounting;
6a48d82f 176 cc->ip_accounting = u->manager->default_ip_accounting;
0af20ea2
LP		 177
178 if (u->type != UNIT_SLICE)
179 cc->tasks_max = u->manager->default_tasks_max;
598459ce
LP		 180 }
181
182 ec = unit_get_exec_context(u);
b1edf445 183 if (ec) {
598459ce
LP		 184 exec_context_init(ec);
185
5e37d193
FB		 186 if (MANAGER_IS_SYSTEM(u->manager))
187 ec->keyring_mode = EXEC_KEYRING_SHARED;
188 else {
189 ec->keyring_mode = EXEC_KEYRING_INHERIT;
190
191 /* User manager might have its umask redefined by PAM or UMask=. In this
192 * case let the units it manages inherit this value by default. They can
193 * still tune this value through their own unit file */
194 (void) get_process_umask(getpid_cached(), &ec->umask);
195 }
b1edf445
LP		 196 }
197
598459ce
LP		 198 kc = unit_get_kill_context(u);
199 if (kc)
200 kill_context_init(kc);
201
202 if (UNIT_VTABLE(u)->init)
203 UNIT_VTABLE(u)->init(u);
204}
205
4562c355
ZJS		 206static int unit_add_alias(Unit *u, char *donated_name) {
207 int r;
208
209 /* Make sure that u->names is allocated. We may leave u->names
210 * empty if we fail later, but this is not a problem. */
973bc32a 211 r = set_ensure_put(&u->aliases, &string_hash_ops, donated_name);
4562c355
ZJS		 212 if (r < 0)
213 return r;
214 assert(r > 0);
215
216 return 0;
217}
218
87f0e418 219int unit_add_name(Unit *u, const char *text) {
4562c355 220 _cleanup_free_ char *name = NULL, *instance = NULL;
87f0e418 221 UnitType t;
87f0e418
LP		 222 int r;
223
224 assert(u);
225 assert(text);
226
7410616c 227 if (unit_name_is_valid(text, UNIT_NAME_TEMPLATE)) {
ac155bb8 228 if (!u->instance)
acd1987a
WY		 229 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EINVAL),
230 "instance is not set when adding name '%s': %m", text);
87f0e418 231
4562c355 232 r = unit_name_replace_instance(text, u->instance, &name);
7410616c 233 if (r < 0)
acd1987a
WY		 234 return log_unit_debug_errno(u, r,
235 "failed to build instance name from '%s': %m", text);
7410616c 236 } else {
4562c355
ZJS		 237 name = strdup(text);
238 if (!name)
7410616c
LP		 239 return -ENOMEM;
240 }
87f0e418 241
4562c355 242 if (unit_has_name(u, name))
7410616c 243 return 0;
4562c355
ZJS		 244
245 if (hashmap_contains(u->manager->units, name))
acd1987a 246 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EEXIST),
4562c355 247 "unit already exist when adding name '%s': %m", name);
7410616c 248
4562c355 249 if (!unit_name_is_valid(name, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE))
acd1987a 250 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EINVAL),
4562c355 251 "name '%s' is invalid: %m", name);
e537352b 252
4562c355 253 t = unit_name_to_type(name);
7410616c 254 if (t < 0)
acd1987a 255 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EINVAL),
cd990847 256 "failed to derive unit type from name '%s': %m", name);
87f0e418 257
598459ce 258 if (u->type != _UNIT_TYPE_INVALID && t != u->type)
acd1987a
WY		 259 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EINVAL),
260 "unit type is illegal: u->type(%d) and t(%d) for name '%s': %m",
4562c355 261 u->type, t, name);
87f0e418 262
4562c355 263 r = unit_name_to_instance(name, &instance);
e48614c4 264 if (r < 0)
4562c355 265 return log_unit_debug_errno(u, r, "failed to extract instance from name '%s': %m", name);
87f0e418 266
4562c355
ZJS		 267 if (instance && !unit_type_may_template(t))
268 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EINVAL), "templates are not allowed for name '%s': %m", name);
9e2f7c11 269
d383acad
ZJS		 270 /* Ensure that this unit either has no instance, or that the instance matches. */
271 if (u->type != _UNIT_TYPE_INVALID && !streq_ptr(u->instance, instance))
acd1987a 272 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EINVAL),
ada4b34e
ZJS		 273 "cannot add name %s, the instances don't match (\"%s\" != \"%s\").",
274 name, instance, u->instance);
9e2f7c11 275
4562c355 276 if (u->id && !unit_type_may_alias(t))
ada4b34e
ZJS		 277 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EEXIST),
278 "cannot add name %s, aliases are not allowed for %s units.",
279 name, unit_type_to_string(t));
9e2f7c11 280
598459ce 281 if (hashmap_size(u->manager->units) >= MANAGER_MAX_NAMES)
ada4b34e 282 return log_unit_warning_errno(u, SYNTHETIC_ERRNO(E2BIG), "cannot add name, manager has too many units: %m");
4f0f902f 283
4562c355
ZJS		 284 /* Add name to the global hashmap first, because that's easier to undo */
285 r = hashmap_put(u->manager->units, name, u);
7410616c 286 if (r < 0)
acd1987a 287 return log_unit_debug_errno(u, r, "add unit to hashmap failed for name '%s': %m", text);
87f0e418 288
4562c355
ZJS		 289 if (u->id) {
290 r = unit_add_alias(u, name); /* unit_add_alias() takes ownership of the name on success */
291 if (r < 0) {
292 hashmap_remove(u->manager->units, name);
293 return r;
294 }
295 TAKE_PTR(name);
296
297 } else {
298 /* A new name, we don't need the set yet. */
299 assert(u->type == _UNIT_TYPE_INVALID);
300 assert(!u->instance);
301
ac155bb8 302 u->type = t;
4562c355
ZJS		 303 u->id = TAKE_PTR(name);
304 u->instance = TAKE_PTR(instance);
9e2f7c11 305
71fda00f 306 LIST_PREPEND(units_by_type, u->manager->units_by_type[t], u);
598459ce 307 unit_init(u);
598459ce 308 }
9e2f7c11 309
598459ce
LP		 310 unit_add_to_dbus_queue(u);
311 return 0;
87f0e418
LP		 312}
313
0ae97ec1 314int unit_choose_id(Unit *u, const char *name) {
68eda4bd 315 _cleanup_free_ char *t = NULL;
4562c355 316 char *s;
276c3e78 317 int r;
0ae97ec1
LP		 318
319 assert(u);
320 assert(name);
321
7410616c 322 if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) {
ac155bb8 323 if (!u->instance)
9e2f7c11
LP		 324 return -EINVAL;
325
7410616c
LP		 326 r = unit_name_replace_instance(name, u->instance, &t);
327 if (r < 0)
328 return r;
9e2f7c11
LP		 329
330 name = t;
331 }
332
4562c355
ZJS		 333 if (streq_ptr(u->id, name))
334 return 0; /* Nothing to do. */
335
336 /* Selects one of the aliases of this unit as the id */
337 s = set_get(u->aliases, (char*) name);
9e2f7c11 338 if (!s)
0ae97ec1
LP		 339 return -ENOENT;
340
4562c355
ZJS		 341 if (u->id) {
342 r = set_remove_and_put(u->aliases, name, u->id);
343 if (r < 0)
344 return r;
345 } else
346 assert_se(set_remove(u->aliases, name)); /* see set_get() above… */
276c3e78 347
4562c355 348 u->id = s; /* Old u->id is now stored in the set, and s is not stored anywhere */
c1e1601e 349 unit_add_to_dbus_queue(u);
9e2f7c11 350
0ae97ec1
LP		 351 return 0;
352}
353
f50e0a01 354int unit_set_description(Unit *u, const char *description) {
84b26d51 355 int r;
f50e0a01
LP		 356
357 assert(u);
358
84b26d51
LP		 359 r = free_and_strdup(&u->description, empty_to_null(description));
360 if (r < 0)
361 return r;
362 if (r > 0)
363 unit_add_to_dbus_queue(u);
c1e1601e 364
f50e0a01
LP		 365 return 0;
366}
367
f2f725e5 368bool unit_may_gc(Unit *u) {
a354329f 369 UnitActiveState state;
e98b2fbb 370 int r;
5afe510c 371
701cc384
LP		 372 assert(u);
373
f2f725e5
ZJS		 374 /* Checks whether the unit is ready to be unloaded for garbage collection.
375 * Returns true when the unit may be collected, and false if there's some
2641f02e
ZJS		 376 * reason to keep it loaded.
377 *
378 * References from other units are *not* checked here. Instead, this is done
379 * in unit_gc_sweep(), but using markers to properly collect dependency loops.
380 */
5afe510c 381
a354329f 382 if (u->job)
f2f725e5 383 return false;
701cc384 384
a354329f 385 if (u->nop_job)
f2f725e5 386 return false;
6c073082 387
a354329f
LP		 388 state = unit_active_state(u);
389
7eb2a8a1 390 /* If the unit is inactive and failed and no job is queued for it, then release its runtime resources */
a354329f
LP		 391 if (UNIT_IS_INACTIVE_OR_FAILED(state) &&
392 UNIT_VTABLE(u)->release_resources)
7eb2a8a1 393 UNIT_VTABLE(u)->release_resources(u);
a354329f 394
f5869324 395 if (u->perpetual)
f2f725e5 396 return false;
9d576438 397
05a98afd 398 if (sd_bus_track_count(u->bus_track) > 0)
f2f725e5 399 return false;
05a98afd 400
5afe510c
LP		 401 /* But we keep the unit object around for longer when it is referenced or configured to not be gc'ed */
402 switch (u->collect_mode) {
403
404 case COLLECT_INACTIVE:
405 if (state != UNIT_INACTIVE)
f2f725e5 406 return false;
5afe510c
LP		 407
408 break;
409
410 case COLLECT_INACTIVE_OR_FAILED:
411 if (!IN_SET(state, UNIT_INACTIVE, UNIT_FAILED))
f2f725e5 412 return false;
5afe510c
LP		 413
414 break;
415
416 default:
417 assert_not_reached("Unknown garbage collection mode");
418 }
419
e98b2fbb
LP		 420 if (u->cgroup_path) {
421 /* If the unit has a cgroup, then check whether there's anything in it. If so, we should stay
422 * around. Units with active processes should never be collected. */
423
424 r = cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path);
425 if (r < 0)
426 log_unit_debug_errno(u, r, "Failed to determine whether cgroup %s is empty: %m", u->cgroup_path);
427 if (r <= 0)
f2f725e5 428 return false;
e98b2fbb
LP		 429 }
430
f2f725e5
ZJS		 431 if (UNIT_VTABLE(u)->may_gc && !UNIT_VTABLE(u)->may_gc(u))
432 return false;
701cc384 433
f2f725e5 434 return true;
701cc384
LP		 435}
436
87f0e418
LP		 437void unit_add_to_load_queue(Unit *u) {
438 assert(u);
ac155bb8 439 assert(u->type != _UNIT_TYPE_INVALID);
87f0e418 440
ac155bb8 441 if (u->load_state != UNIT_STUB || u->in_load_queue)
87f0e418
LP		 442 return;
443
71fda00f 444 LIST_PREPEND(load_queue, u->manager->load_queue, u);
ac155bb8 445 u->in_load_queue = true;
87f0e418
LP		 446}
447
23a177ef
LP		 448void unit_add_to_cleanup_queue(Unit *u) {
449 assert(u);
450
ac155bb8 451 if (u->in_cleanup_queue)
23a177ef
LP		 452 return;
453
71fda00f 454 LIST_PREPEND(cleanup_queue, u->manager->cleanup_queue, u);
ac155bb8 455 u->in_cleanup_queue = true;
23a177ef
LP		 456}
457
701cc384
LP		 458void unit_add_to_gc_queue(Unit *u) {
459 assert(u);
460
ac155bb8 461 if (u->in_gc_queue || u->in_cleanup_queue)
701cc384
LP		 462 return;
463
f2f725e5 464 if (!unit_may_gc(u))
701cc384
LP		 465 return;
466
c5a97ed1 467 LIST_PREPEND(gc_queue, u->manager->gc_unit_queue, u);
ac155bb8 468 u->in_gc_queue = true;
701cc384
LP		 469}
470
c1e1601e
LP		 471void unit_add_to_dbus_queue(Unit *u) {
472 assert(u);
ac155bb8 473 assert(u->type != _UNIT_TYPE_INVALID);
c1e1601e 474
ac155bb8 475 if (u->load_state == UNIT_STUB || u->in_dbus_queue)
c1e1601e
LP		 476 return;
477
a567261a 478 /* Shortcut things if nobody cares */
8f8f05a9 479 if (sd_bus_track_count(u->manager->subscribed) <= 0 &&
ae572acd 480 sd_bus_track_count(u->bus_track) <= 0 &&
8f8f05a9 481 set_isempty(u->manager->private_buses)) {
ac155bb8 482 u->sent_dbus_new_signal = true;
94b6dfa2
LP		 483 return;
484 }
485
71fda00f 486 LIST_PREPEND(dbus_queue, u->manager->dbus_unit_queue, u);
ac155bb8 487 u->in_dbus_queue = true;
c1e1601e
LP		 488}
489
fda09318 490void unit_submit_to_stop_when_unneeded_queue(Unit *u) {
a3c1168a
LP		 491 assert(u);
492
493 if (u->in_stop_when_unneeded_queue)
494 return;
495
496 if (!u->stop_when_unneeded)
497 return;
498
499 if (!UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u)))
500 return;
501
502 LIST_PREPEND(stop_when_unneeded_queue, u->manager->stop_when_unneeded_queue, u);
503 u->in_stop_when_unneeded_queue = true;
504}
505
eef85c4a 506static void bidi_set_free(Unit *u, Hashmap *h) {
87f0e418 507 Unit *other;
eef85c4a 508 void *v;
87f0e418
LP		 509
510 assert(u);
511
eef85c4a 512 /* Frees the hashmap and makes sure we are dropped from the inverse pointers */
87f0e418 513
90e74a66 514 HASHMAP_FOREACH_KEY(v, other, h) {
f6173cb9 515 for (UnitDependency d = 0; d < _UNIT_DEPENDENCY_MAX; d++)
eef85c4a 516 hashmap_remove(other->dependencies[d], u);
701cc384
LP		 517
518 unit_add_to_gc_queue(other);
87f0e418
LP		 519 }
520
eef85c4a 521 hashmap_free(h);
87f0e418
LP		 522}
523
c2756a68
LP		 524static void unit_remove_transient(Unit *u) {
525 char **i;
526
527 assert(u);
528
529 if (!u->transient)
530 return;
531
532 if (u->fragment_path)
3f5e8115 533 (void) unlink(u->fragment_path);
c2756a68
LP		 534
535 STRV_FOREACH(i, u->dropin_paths) {
39591351 536 _cleanup_free_ char *p = NULL, *pp = NULL;
c2756a68 537
39591351
LP		 538 p = dirname_malloc(*i); /* Get the drop-in directory from the drop-in file */
539 if (!p)
540 continue;
541
542 pp = dirname_malloc(p); /* Get the config directory from the drop-in directory */
543 if (!pp)
544 continue;
545
546 /* Only drop transient drop-ins */
547 if (!path_equal(u->manager->lookup_paths.transient, pp))
548 continue;
c2756a68 549
39591351
LP		 550 (void) unlink(*i);
551 (void) rmdir(p);
c2756a68
LP		 552 }
553}
554
a57f7e2c 555static void unit_free_requires_mounts_for(Unit *u) {
eef85c4a 556 assert(u);
a57f7e2c 557
eef85c4a
LP		 558 for (;;) {
559 _cleanup_free_ char *path;
a57f7e2c 560
eef85c4a
LP		 561 path = hashmap_steal_first_key(u->requires_mounts_for);
562 if (!path)
563 break;
564 else {
565 char s[strlen(path) + 1];
a57f7e2c 566
eef85c4a
LP		 567 PATH_FOREACH_PREFIX_MORE(s, path) {
568 char *y;
569 Set *x;
570
571 x = hashmap_get2(u->manager->units_requiring_mounts_for, s, (void**) &y);
572 if (!x)
573 continue;
a57f7e2c 574
eef85c4a 575 (void) set_remove(x, u);
a57f7e2c 576
eef85c4a
LP		 577 if (set_isempty(x)) {
578 (void) hashmap_remove(u->manager->units_requiring_mounts_for, y);
579 free(y);
580 set_free(x);
581 }
a57f7e2c
LP		 582 }
583 }
584 }
585
eef85c4a 586 u->requires_mounts_for = hashmap_free(u->requires_mounts_for);
a57f7e2c
LP		 587}
588
598459ce
LP		 589static void unit_done(Unit *u) {
590 ExecContext *ec;
591 CGroupContext *cc;
592
593 assert(u);
594
595 if (u->type < 0)
596 return;
597
598 if (UNIT_VTABLE(u)->done)
599 UNIT_VTABLE(u)->done(u);
600
601 ec = unit_get_exec_context(u);
602 if (ec)
603 exec_context_done(ec);
604
605 cc = unit_get_cgroup_context(u);
606 if (cc)
607 cgroup_context_done(cc);
608}
609
75db809a 610Unit* unit_free(Unit *u) {
87f0e418
LP		 611 char *t;
612
c9d5c9c0 613 if (!u)
75db809a 614 return NULL;
87f0e418 615
50fb00b7 616 u->transient_file = safe_fclose(u->transient_file);
4f4afc88 617
2c289ea8 618 if (!MANAGER_IS_RELOADING(u->manager))
c2756a68
LP		 619 unit_remove_transient(u);
620
c1e1601e
LP		 621 bus_unit_send_removed_signal(u);
622
598459ce 623 unit_done(u);
a013b84b 624
50be4f4a 625 unit_dequeue_rewatch_pids(u);
cf9fd508 626
50be4f4a 627 sd_bus_slot_unref(u->match_bus_slot);
05a98afd
LP		 628 sd_bus_track_unref(u->bus_track);
629 u->deserialized_refs = strv_free(u->deserialized_refs);
d9e45bc3 630 u->pending_freezer_message = sd_bus_message_unref(u->pending_freezer_message);
05a98afd 631
a57f7e2c
LP		 632 unit_free_requires_mounts_for(u);
633
90e74a66 634 SET_FOREACH(t, u->aliases)
ac155bb8 635 hashmap_remove_value(u->manager->units, t, u);
4562c355
ZJS		 636 if (u->id)
637 hashmap_remove_value(u->manager->units, u->id, u);
87f0e418 638
4b58153d
LP		 639 if (!sd_id128_is_null(u->invocation_id))
640 hashmap_remove_value(u->manager->units_by_invocation_id, &u->invocation_id, u);
641
97e7d748
MS		 642 if (u->job) {
643 Job *j = u->job;
644 job_uninstall(j);
645 job_free(j);
646 }
964e0949 647
e0209d83
MS		 648 if (u->nop_job) {
649 Job *j = u->nop_job;
650 job_uninstall(j);
651 job_free(j);
652 }
653
f6173cb9 654 for (UnitDependency d = 0; d < _UNIT_DEPENDENCY_MAX; d++)
ac155bb8 655 bidi_set_free(u, u->dependencies[d]);
964e0949 656
4c591f39
MK		 657 /* A unit is being dropped from the tree, make sure our family is realized properly. Do this after we
658 * detach the unit from slice tree in order to eliminate its effect on controller masks. */
f23ba94d 659 if (UNIT_ISSET(u->slice))
4c591f39 660 unit_add_family_to_cgroup_realize_queue(UNIT_DEREF(u->slice));
fb46fca7 661
adefcf28
LP		 662 if (u->on_console)
663 manager_unref_console(u->manager);
664
efdb0237 665 unit_release_cgroup(u);
72673e86 666
d3070fbd
LP		 667 if (!MANAGER_IS_RELOADING(u->manager))
668 unit_unlink_state_files(u);
669
00d9ef85
LP		 670 unit_unref_uid_gid(u, false);
671
5269eb6b 672 (void) manager_update_failed_units(u->manager, u, false);
db785129 673 set_remove(u->manager->startup_units, u);
f755e3b7 674
a911bb9a
LP		 675 unit_unwatch_all_pids(u);
676
702a2d8f 677 unit_ref_unset(&u->slice);
7f7d01ed
ZJS		 678 while (u->refs_by_target)
679 unit_ref_unset(u->refs_by_target);
57020a3a 680
ac155bb8 681 if (u->type != _UNIT_TYPE_INVALID)
71fda00f 682 LIST_REMOVE(units_by_type, u->manager->units_by_type[u->type], u);
ef734fd6 683
ac155bb8 684 if (u->in_load_queue)
71fda00f 685 LIST_REMOVE(load_queue, u->manager->load_queue, u);
87f0e418 686
ac155bb8 687 if (u->in_dbus_queue)
71fda00f 688 LIST_REMOVE(dbus_queue, u->manager->dbus_unit_queue, u);
c1e1601e 689
a2d72e26 690 if (u->in_gc_queue)
c5a97ed1 691 LIST_REMOVE(gc_queue, u->manager->gc_unit_queue, u);
701cc384 692
91a6073e
LP		 693 if (u->in_cgroup_realize_queue)
694 LIST_REMOVE(cgroup_realize_queue, u->manager->cgroup_realize_queue, u);
87f0e418 695
09e24654
LP		 696 if (u->in_cgroup_empty_queue)
697 LIST_REMOVE(cgroup_empty_queue, u->manager->cgroup_empty_queue, u);
698
1bdf2790
ZJS		 699 if (u->in_cleanup_queue)
700 LIST_REMOVE(cleanup_queue, u->manager->cleanup_queue, u);
adefcf28 701
19496554
MS		 702 if (u->in_target_deps_queue)
703 LIST_REMOVE(target_deps_queue, u->manager->target_deps_queue, u);
704
a3c1168a
LP		 705 if (u->in_stop_when_unneeded_queue)
706 LIST_REMOVE(stop_when_unneeded_queue, u->manager->stop_when_unneeded_queue, u);
707
6a48d82f
DM		 708 safe_close(u->ip_accounting_ingress_map_fd);
709 safe_close(u->ip_accounting_egress_map_fd);
72673e86 710
6a48d82f
DM		 711 safe_close(u->ipv4_allow_map_fd);
712 safe_close(u->ipv6_allow_map_fd);
713 safe_close(u->ipv4_deny_map_fd);
714 safe_close(u->ipv6_deny_map_fd);
d3070fbd 715
6a48d82f 716 bpf_program_unref(u->ip_bpf_ingress);
aa2b6f1d 717 bpf_program_unref(u->ip_bpf_ingress_installed);
6a48d82f 718 bpf_program_unref(u->ip_bpf_egress);
aa2b6f1d 719 bpf_program_unref(u->ip_bpf_egress_installed);
00d9ef85 720
fab34748
KL		 721 set_free(u->ip_bpf_custom_ingress);
722 set_free(u->ip_bpf_custom_egress);
723 set_free(u->ip_bpf_custom_ingress_installed);
724 set_free(u->ip_bpf_custom_egress_installed);
725
084c7007
RG		 726 bpf_program_unref(u->bpf_device_control_installed);
727
a946fa9b
ZJS		 728 condition_free_list(u->conditions);
729 condition_free_list(u->asserts);
f755e3b7 730
ac155bb8 731 free(u->description);
49dbfa7b 732 strv_free(u->documentation);
ac155bb8 733 free(u->fragment_path);
1b64d026 734 free(u->source_path);
ae7a7182 735 strv_free(u->dropin_paths);
ac155bb8 736 free(u->instance);
87f0e418 737
f189ab18 738 free(u->job_timeout_reboot_arg);
6bf0f408
LP		 739 free(u->reboot_arg);
740
4562c355
ZJS		 741 set_free_free(u->aliases);
742 free(u->id);
743
75db809a 744 return mfree(u);
87f0e418
LP		 745}
746
d9e45bc3
MS		 747FreezerState unit_freezer_state(Unit *u) {
748 assert(u);
749
750 return u->freezer_state;
751}
752
753int unit_freezer_state_kernel(Unit *u, FreezerState *ret) {
754 char *values[1] = {};
755 int r;
756
757 assert(u);
758
759 r = cg_get_keyed_attribute(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, "cgroup.events",
760 STRV_MAKE("frozen"), values);
761 if (r < 0)
762 return r;
763
764 r = _FREEZER_STATE_INVALID;
765
766 if (values[0]) {
767 if (streq(values[0], "0"))
768 r = FREEZER_RUNNING;
769 else if (streq(values[0], "1"))
770 r = FREEZER_FROZEN;
771 }
772
773 free(values[0]);
774 *ret = r;
775
776 return 0;
777}
778
87f0e418
LP		 779UnitActiveState unit_active_state(Unit *u) {
780 assert(u);
781
ac155bb8 782 if (u->load_state == UNIT_MERGED)
6124958c
LP		 783 return unit_active_state(unit_follow_merge(u));
784
785 /* After a reload it might happen that a unit is not correctly
786 * loaded but still has a process around. That's why we won't
fdf20a31 787 * shortcut failed loading to UNIT_INACTIVE_FAILED. */
87f0e418
LP		 788
789 return UNIT_VTABLE(u)->active_state(u);
790}
791
10a94420
LP		 792const char* unit_sub_state_to_string(Unit *u) {
793 assert(u);
794
795 return UNIT_VTABLE(u)->sub_state_to_string(u);
796}
797
eef85c4a 798static int hashmap_complete_move(Hashmap **s, Hashmap **other) {
23a177ef
LP		 799 assert(s);
800 assert(other);
87f0e418 801
23a177ef 802 if (!*other)
7c0b05e5 803 return 0;
87f0e418 804
eef85c4a
LP		 805 if (*s)
806 return hashmap_move(*s, *other);
ae2a15bc
LP		 807 else
808 *s = TAKE_PTR(*other);
7c0b05e5
MS		 809
810 return 0;
23a177ef 811}
87f0e418 812
7c0b05e5 813static int merge_names(Unit *u, Unit *other) {
4562c355 814 char *name;
7c0b05e5 815 int r;
87f0e418 816
23a177ef
LP		 817 assert(u);
818 assert(other);
819
4562c355 820 r = unit_add_alias(u, other->id);
7c0b05e5
MS		 821 if (r < 0)
822 return r;
23a177ef 823
4562c355
ZJS		 824 r = set_move(u->aliases, other->aliases);
825 if (r < 0) {
826 set_remove(u->aliases, other->id);
827 return r;
828 }
23a177ef 829
4562c355
ZJS		 830 TAKE_PTR(other->id);
831 other->aliases = set_free_free(other->aliases);
23a177ef 832
90e74a66 833 SET_FOREACH(name, u->aliases)
4562c355 834 assert_se(hashmap_replace(u->manager->units, name, u) == 0);
7c0b05e5
MS		 835
836 return 0;
87f0e418
LP		 837}
838
09a65f92
MS		 839static int reserve_dependencies(Unit *u, Unit *other, UnitDependency d) {
840 unsigned n_reserve;
841
842 assert(u);
843 assert(other);
844 assert(d < _UNIT_DEPENDENCY_MAX);
845
846 /*
847 * If u does not have this dependency set allocated, there is no need
f131770b 848 * to reserve anything. In that case other's set will be transferred
09a65f92
MS		 849 * as a whole to u by complete_move().
850 */
851 if (!u->dependencies[d])
852 return 0;
853
854 /* merge_dependencies() will skip a u-on-u dependency */
eef85c4a 855 n_reserve = hashmap_size(other->dependencies[d]) - !!hashmap_get(other->dependencies[d], u);
09a65f92 856
eef85c4a 857 return hashmap_reserve(u->dependencies[d], n_reserve);
09a65f92
MS		 858}
859
d1fab3fe 860static void merge_dependencies(Unit *u, Unit *other, const char *other_id, UnitDependency d) {
23a177ef 861 Unit *back;
eef85c4a 862 void *v;
87f0e418 863 int r;
23a177ef 864
eef85c4a
LP		 865 /* Merges all dependencies of type 'd' of the unit 'other' into the deps of the unit 'u' */
866
23a177ef
LP		 867 assert(u);
868 assert(other);
869 assert(d < _UNIT_DEPENDENCY_MAX);
870
5238e957 871 /* Fix backwards pointers. Let's iterate through all dependent units of the other unit. */
90e74a66 872 HASHMAP_FOREACH_KEY(v, back, other->dependencies[d])
eef85c4a 873
f6173cb9
ZJS		 874 /* Let's now iterate through the dependencies of that dependencies of the other units,
875 * looking for pointers back, and let's fix them up, to instead point to 'u'. */
876 for (UnitDependency k = 0; k < _UNIT_DEPENDENCY_MAX; k++)
e66047ff 877 if (back == u) {
eef85c4a
LP		 878 /* Do not add dependencies between u and itself. */
879 if (hashmap_remove(back->dependencies[k], other))
f2341e0a 880 maybe_warn_about_dependency(u, other_id, k);
e66047ff 881 } else {
f6173cb9 882 UnitDependencyInfo di_u, di_other;
eef85c4a
LP		 883
884 /* Let's drop this dependency between "back" and "other", and let's create it between
885 * "back" and "u" instead. Let's merge the bit masks of the dependency we are moving,
886 * and any such dependency which might already exist */
887
888 di_other.data = hashmap_get(back->dependencies[k], other);
889 if (!di_other.data)
890 continue; /* dependency isn't set, let's try the next one */
891
892 di_u.data = hashmap_get(back->dependencies[k], u);
893
f6173cb9 894 UnitDependencyInfo di_merged = {
eef85c4a
LP		 895 .origin_mask = di_u.origin_mask | di_other.origin_mask,
896 .destination_mask = di_u.destination_mask | di_other.destination_mask,
897 };
898
899 r = hashmap_remove_and_replace(back->dependencies[k], other, u, di_merged.data);
900 if (r < 0)
901 log_warning_errno(r, "Failed to remove/replace: back=%s other=%s u=%s: %m", back->id, other_id, u->id);
902 assert(r >= 0);
903
904 /* assert_se(hashmap_remove_and_replace(back->dependencies[k], other, u, di_merged.data) >= 0); */
e66047ff 905 }
23a177ef 906
e66047ff 907 /* Also do not move dependencies on u to itself */
eef85c4a 908 back = hashmap_remove(other->dependencies[d], u);
d1fab3fe 909 if (back)
f2341e0a 910 maybe_warn_about_dependency(u, other_id, d);
e66047ff 911
7c0b05e5 912 /* The move cannot fail. The caller must have performed a reservation. */
eef85c4a 913 assert_se(hashmap_complete_move(&u->dependencies[d], &other->dependencies[d]) == 0);
23a177ef 914
eef85c4a 915 other->dependencies[d] = hashmap_free(other->dependencies[d]);
23a177ef
LP		 916}
917
918int unit_merge(Unit *u, Unit *other) {
d1fab3fe 919 const char *other_id = NULL;
09a65f92 920 int r;
87f0e418
LP		 921
922 assert(u);
923 assert(other);
ac155bb8
MS		 924 assert(u->manager == other->manager);
925 assert(u->type != _UNIT_TYPE_INVALID);
87f0e418 926
cc916967
LP		 927 other = unit_follow_merge(other);
928
23a177ef
LP		 929 if (other == u)
930 return 0;
931
ac155bb8 932 if (u->type != other->type)
9e2f7c11
LP		 933 return -EINVAL;
934
8a993b61 935 if (!unit_type_may_alias(u->type)) /* Merging only applies to unit names that support aliases */
934e749e
LP		 936 return -EEXIST;
937
ec2ce0c5 938 if (!IN_SET(other->load_state, UNIT_STUB, UNIT_NOT_FOUND))
23a177ef 939 return -EEXIST;
87f0e418 940
d383acad
ZJS		 941 if (!streq_ptr(u->instance, other->instance))
942 return -EINVAL;
943
ac155bb8 944 if (other->job)
819e213f
LP		 945 return -EEXIST;
946
e0209d83
MS		 947 if (other->nop_job)
948 return -EEXIST;
949
fdf20a31 950 if (!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other)))
819e213f
LP		 951 return -EEXIST;
952
d1fab3fe
ZJS		 953 if (other->id)
954 other_id = strdupa(other->id);
955
09a65f92 956 /* Make reservations to ensure merge_dependencies() won't fail */
f6173cb9 957 for (UnitDependency d = 0; d < _UNIT_DEPENDENCY_MAX; d++) {
09a65f92
MS		 958 r = reserve_dependencies(u, other, d);
959 /*
960 * We don't rollback reservations if we fail. We don't have
961 * a way to undo reservations. A reservation is not a leak.
962 */
963 if (r < 0)
964 return r;
965 }
966
87f0e418 967 /* Merge names */
7c0b05e5
MS		 968 r = merge_names(u, other);
969 if (r < 0)
970 return r;
87f0e418 971
57020a3a 972 /* Redirect all references */
7f7d01ed
ZJS		 973 while (other->refs_by_target)
974 unit_ref_set(other->refs_by_target, other->refs_by_target->source, u);
57020a3a 975
87f0e418 976 /* Merge dependencies */
f6173cb9 977 for (UnitDependency d = 0; d < _UNIT_DEPENDENCY_MAX; d++)
d1fab3fe 978 merge_dependencies(u, other, other_id, d);
87f0e418 979
ac155bb8
MS		 980 other->load_state = UNIT_MERGED;
981 other->merged_into = u;
23a177ef 982
3616a49c
LP		 983 /* If there is still some data attached to the other node, we
984 * don't need it anymore, and can free it. */
ac155bb8 985 if (other->load_state != UNIT_STUB)
3616a49c
LP		 986 if (UNIT_VTABLE(other)->done)
987 UNIT_VTABLE(other)->done(other);
988
989 unit_add_to_dbus_queue(u);
23a177ef
LP		 990 unit_add_to_cleanup_queue(other);
991
992 return 0;
993}
994
995int unit_merge_by_name(Unit *u, const char *name) {
934e749e 996 _cleanup_free_ char *s = NULL;
23a177ef 997 Unit *other;
9e2f7c11 998 int r;
23a177ef 999
e8630e69
ZJS		 1000 /* Either add name to u, or if a unit with name already exists, merge it with u.
1001 * If name is a template, do the same for name@instance, where instance is u's instance. */
1002
23a177ef
LP		 1003 assert(u);
1004 assert(name);
1005
7410616c 1006 if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) {
ac155bb8 1007 if (!u->instance)
9e2f7c11
LP		 1008 return -EINVAL;
1009
7410616c
LP		 1010 r = unit_name_replace_instance(name, u->instance, &s);
1011 if (r < 0)
1012 return r;
9e2f7c11
LP		 1013
1014 name = s;
1015 }
1016
c2756a68 1017 other = manager_get_unit(u->manager, name);
7410616c
LP		 1018 if (other)
1019 return unit_merge(u, other);
23a177ef 1020
7410616c 1021 return unit_add_name(u, name);
23a177ef
LP		 1022}
1023
1024Unit* unit_follow_merge(Unit *u) {
1025 assert(u);
1026
ac155bb8
MS		 1027 while (u->load_state == UNIT_MERGED)
1028 assert_se(u = u->merged_into);
23a177ef
LP		 1029
1030 return u;
1031}
1032
1033int unit_add_exec_dependencies(Unit *u, ExecContext *c) {
1034 int r;
1035
1036 assert(u);
1037 assert(c);
1038
e1e74614 1039 if (c->working_directory && !c->working_directory_missing_ok) {
eef85c4a 1040 r = unit_require_mounts_for(u, c->working_directory, UNIT_DEPENDENCY_FILE);
36be24c8
ZJS		 1041 if (r < 0)
1042 return r;
1043 }
1044
1045 if (c->root_directory) {
eef85c4a 1046 r = unit_require_mounts_for(u, c->root_directory, UNIT_DEPENDENCY_FILE);
36be24c8
ZJS		 1047 if (r < 0)
1048 return r;
1049 }
1050
915e6d16 1051 if (c->root_image) {
eef85c4a 1052 r = unit_require_mounts_for(u, c->root_image, UNIT_DEPENDENCY_FILE);
915e6d16
LP		 1053 if (r < 0)
1054 return r;
1055 }
1056
12375b95 1057 for (ExecDirectoryType dt = 0; dt < _EXEC_DIRECTORY_TYPE_MAX; dt++) {
ada5e276
YW		 1058 if (!u->manager->prefix[dt])
1059 continue;
1060
12375b95 1061 char **dp;
ada5e276
YW		 1062 STRV_FOREACH(dp, c->directories[dt].paths) {
1063 _cleanup_free_ char *p;
1064
657ee2d8 1065 p = path_join(u->manager->prefix[dt], *dp);
ada5e276
YW		 1066 if (!p)
1067 return -ENOMEM;
1068
eef85c4a 1069 r = unit_require_mounts_for(u, p, UNIT_DEPENDENCY_FILE);
ada5e276
YW		 1070 if (r < 0)
1071 return r;
1072 }
1073 }
1074
463d0d15 1075 if (!MANAGER_IS_SYSTEM(u->manager))
b46a529c
LP		 1076 return 0;
1077
f3b7a79b
LP		 1078 /* For the following three directory types we need write access, and /var/ is possibly on the root
1079 * fs. Hence order after systemd-remount-fs.service, to ensure things are writable. */
1080 if (!strv_isempty(c->directories[EXEC_DIRECTORY_STATE].paths) ||
1081 !strv_isempty(c->directories[EXEC_DIRECTORY_CACHE].paths) ||
1082 !strv_isempty(c->directories[EXEC_DIRECTORY_LOGS].paths)) {
1083 r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_REMOUNT_FS_SERVICE, true, UNIT_DEPENDENCY_FILE);
1084 if (r < 0)
1085 return r;
1086 }
1087
b46a529c 1088 if (c->private_tmp) {
d71f0505
LP		 1089 const char *p;
1090
1091 FOREACH_STRING(p, "/tmp", "/var/tmp") {
eef85c4a 1092 r = unit_require_mounts_for(u, p, UNIT_DEPENDENCY_FILE);
d71f0505
LP		 1093 if (r < 0)
1094 return r;
1095 }
b46a529c 1096
35d8c19a 1097 r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_TMPFILES_SETUP_SERVICE, true, UNIT_DEPENDENCY_FILE);
b46a529c
LP		 1098 if (r < 0)
1099 return r;
1100 }
1101
33b58dfb
LP		 1102 if (c->root_image) {
1103 /* We need to wait for /dev/loopX to appear when doing RootImage=, hence let's add an
1104 * implicit dependency on udev */
1105
1106 r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_UDEVD_SERVICE, true, UNIT_DEPENDENCY_FILE);
1107 if (r < 0)
1108 return r;
1109 }
1110
52c239d7
LB		 1111 if (!IN_SET(c->std_output,
1112 EXEC_OUTPUT_JOURNAL, EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
f3dc6af2 1113 EXEC_OUTPUT_KMSG, EXEC_OUTPUT_KMSG_AND_CONSOLE) &&
52c239d7
LB		 1114 !IN_SET(c->std_error,
1115 EXEC_OUTPUT_JOURNAL, EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
f3dc6af2 1116 EXEC_OUTPUT_KMSG, EXEC_OUTPUT_KMSG_AND_CONSOLE) &&
91dd5f7c 1117 !c->log_namespace)
23a177ef
LP		 1118 return 0;
1119
91dd5f7c
LP		 1120 /* If syslog or kernel logging is requested (or log namespacing is), make sure our own logging daemon
1121 * is run first. */
1122
1123 if (c->log_namespace) {
dc5437c7 1124 _cleanup_free_ char *socket_unit = NULL, *varlink_socket_unit = NULL;
23a177ef 1125
91dd5f7c
LP		 1126 r = unit_name_build_from_type("systemd-journald", c->log_namespace, UNIT_SOCKET, &socket_unit);
1127 if (r < 0)
1128 return r;
1129
1130 r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_REQUIRES, socket_unit, true, UNIT_DEPENDENCY_FILE);
1131 if (r < 0)
1132 return r;
dc5437c7
LP		 1133
1134 r = unit_name_build_from_type("systemd-journald-varlink", c->log_namespace, UNIT_SOCKET, &varlink_socket_unit);
1135 if (r < 0)
1136 return r;
1137
1138 r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_REQUIRES, varlink_socket_unit, true, UNIT_DEPENDENCY_FILE);
1139 if (r < 0)
1140 return r;
91dd5f7c
LP		 1141 } else
1142 r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_JOURNALD_SOCKET, true, UNIT_DEPENDENCY_FILE);
b46a529c
LP		 1143 if (r < 0)
1144 return r;
23a177ef 1145
87f0e418
LP		 1146 return 0;
1147}
1148
87f0e418
LP		 1149const char *unit_description(Unit *u) {
1150 assert(u);
1151
ac155bb8
MS		 1152 if (u->description)
1153 return u->description;
87f0e418 1154
ac155bb8 1155 return strna(u->id);
87f0e418
LP		 1156}
1157
2a8f53c6
ZJS		 1158const char *unit_status_string(Unit *u) {
1159 assert(u);
1160
1161 if (u->manager->status_unit_format == STATUS_UNIT_FORMAT_NAME && u->id)
1162 return u->id;
1163
1164 return unit_description(u);
1165}
1166
87f0e418 1167/* Common implementation for multiple backends */
c3620770 1168int unit_load_fragment_and_dropin(Unit *u, bool fragment_required) {
23a177ef
LP		 1169 int r;
1170
1171 assert(u);
23a177ef 1172
e48614c4 1173 /* Load a .{service,socket,...} file */
4ad49000
LP		 1174 r = unit_load_fragment(u);
1175 if (r < 0)
23a177ef
LP		 1176 return r;
1177
c3620770
ZJS		 1178 if (u->load_state == UNIT_STUB) {
1179 if (fragment_required)
1180 return -ENOENT;
1181
1182 u->load_state = UNIT_LOADED;
1183 }
23a177ef 1184
9e4ea9cc
ZJS		 1185 /* Load drop-in directory data. If u is an alias, we might be reloading the
1186 * target unit needlessly. But we cannot be sure which drops-ins have already
1187 * been loaded and which not, at least without doing complicated book-keeping,
1188 * so let's always reread all drop-ins. */
c9e06956
ZJS		 1189 r = unit_load_dropin(unit_follow_merge(u));
1190 if (r < 0)
1191 return r;
1192
1193 if (u->source_path) {
1194 struct stat st;
1195
1196 if (stat(u->source_path, &st) >= 0)
1197 u->source_mtime = timespec_load(&st.st_mtim);
1198 else
1199 u->source_mtime = 0;
1200 }
1201
1202 return 0;
23a177ef
LP		 1203}
1204
19496554
MS		 1205void unit_add_to_target_deps_queue(Unit *u) {
1206 Manager *m = u->manager;
1207
1208 assert(u);
1209
1210 if (u->in_target_deps_queue)
1211 return;
1212
1213 LIST_PREPEND(target_deps_queue, m->target_deps_queue, u);
1214 u->in_target_deps_queue = true;
1215}
1216
bba34eed 1217int unit_add_default_target_dependency(Unit *u, Unit *target) {
98bc2000
LP		 1218 assert(u);
1219 assert(target);
1220
ac155bb8 1221 if (target->type != UNIT_TARGET)
98bc2000
LP		 1222 return 0;
1223
35b8ca3a 1224 /* Only add the dependency if both units are loaded, so that
bba34eed 1225 * that loop check below is reliable */
ac155bb8
MS		 1226 if (u->load_state != UNIT_LOADED ||
1227 target->load_state != UNIT_LOADED)
bba34eed
LP		 1228 return 0;
1229
21256a2b
LP		 1230 /* If either side wants no automatic dependencies, then let's
1231 * skip this */
ac155bb8
MS		 1232 if (!u->default_dependencies ||
1233 !target->default_dependencies)
21256a2b
LP		 1234 return 0;
1235
98bc2000 1236 /* Don't create loops */
eef85c4a 1237 if (hashmap_get(target->dependencies[UNIT_BEFORE], u))
98bc2000
LP		 1238 return 0;
1239
eef85c4a 1240 return unit_add_dependency(target, UNIT_AFTER, u, true, UNIT_DEPENDENCY_DEFAULT);
98bc2000
LP		 1241}
1242
e954c9cf
LP		 1243static int unit_add_slice_dependencies(Unit *u) {
1244 assert(u);
b81884e7 1245
35b7ff80 1246 if (!UNIT_HAS_CGROUP_CONTEXT(u))
e954c9cf
LP		 1247 return 0;
1248
eef85c4a
LP		 1249 /* Slice units are implicitly ordered against their parent slices (as this relationship is encoded in the
1250 name), while all other units are ordered based on configuration (as in their case Slice= configures the
1251 relationship). */
f6173cb9 1252 UnitDependencyMask mask = u->type == UNIT_SLICE ? UNIT_DEPENDENCY_IMPLICIT : UNIT_DEPENDENCY_FILE;
eef85c4a 1253
e954c9cf 1254 if (UNIT_ISSET(u->slice))
eef85c4a 1255 return unit_add_two_dependencies(u, UNIT_AFTER, UNIT_REQUIRES, UNIT_DEREF(u->slice), true, mask);
e954c9cf 1256
8c8da0e0 1257 if (unit_has_name(u, SPECIAL_ROOT_SLICE))
d1fab3fe
ZJS		 1258 return 0;
1259
5a724170 1260 return unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_REQUIRES, SPECIAL_ROOT_SLICE, true, mask);
98bc2000
LP		 1261}
1262
e954c9cf 1263static int unit_add_mount_dependencies(Unit *u) {
eef85c4a
LP		 1264 UnitDependencyInfo di;
1265 const char *path;
9588bc32
LP		 1266 int r;
1267
1268 assert(u);
1269
90e74a66 1270 HASHMAP_FOREACH_KEY(di.data, path, u->requires_mounts_for) {
eef85c4a 1271 char prefix[strlen(path) + 1];
9588bc32 1272
eef85c4a 1273 PATH_FOREACH_PREFIX_MORE(prefix, path) {
c7c89abb 1274 _cleanup_free_ char *p = NULL;
9588bc32
LP		 1275 Unit *m;
1276
c7c89abb 1277 r = unit_name_from_path(prefix, ".mount", &p);
9588bc32
LP		 1278 if (r < 0)
1279 return r;
c7c89abb
FB		 1280
1281 m = manager_get_unit(u->manager, p);
1282 if (!m) {
1283 /* Make sure to load the mount unit if
1284 * it exists. If so the dependencies
1285 * on this unit will be added later
1286 * during the loading of the mount
1287 * unit. */
1288 (void) manager_load_unit_prepare(u->manager, p, NULL, NULL, &m);
9588bc32 1289 continue;
c7c89abb 1290 }
9588bc32
LP		 1291 if (m == u)
1292 continue;
1293
1294 if (m->load_state != UNIT_LOADED)
1295 continue;
1296
eef85c4a 1297 r = unit_add_dependency(u, UNIT_AFTER, m, true, di.origin_mask);
9588bc32
LP		 1298 if (r < 0)
1299 return r;
1300
1301 if (m->fragment_path) {
eef85c4a 1302 r = unit_add_dependency(u, UNIT_REQUIRES, m, true, di.origin_mask);
9588bc32
LP		 1303 if (r < 0)
1304 return r;
1305 }
1306 }
1307 }
1308
1309 return 0;
1310}
1311
a2db0225
AZ		 1312static int unit_add_oomd_dependencies(Unit *u) {
1313 CGroupContext *c;
1314 bool wants_oomd;
1315 int r;
1316
1317 assert(u);
1318
1319 if (!u->default_dependencies)
1320 return 0;
1321
1322 c = unit_get_cgroup_context(u);
1323 if (!c)
1324 return 0;
1325
1326 wants_oomd = (c->moom_swap == MANAGED_OOM_KILL || c->moom_mem_pressure == MANAGED_OOM_KILL);
1327 if (!wants_oomd)
1328 return 0;
1329
1330 r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, "systemd-oomd.service", true, UNIT_DEPENDENCY_FILE);
1331 if (r < 0)
1332 return r;
1333
1334 return 0;
1335}
1336
95ae05c0
WC		 1337static int unit_add_startup_units(Unit *u) {
1338 CGroupContext *c;
95ae05c0
WC		 1339
1340 c = unit_get_cgroup_context(u);
db785129
LP		 1341 if (!c)
1342 return 0;
1343
d53d9474 1344 if (c->startup_cpu_shares == CGROUP_CPU_SHARES_INVALID &&
13c31542 1345 c->startup_io_weight == CGROUP_WEIGHT_INVALID &&
d53d9474 1346 c->startup_blockio_weight == CGROUP_BLKIO_WEIGHT_INVALID)
db785129
LP		 1347 return 0;
1348
de7fef4b 1349 return set_ensure_put(&u->manager->startup_units, NULL, u);
95ae05c0
WC		 1350}
1351
87f0e418
LP		 1352int unit_load(Unit *u) {
1353 int r;
1354
1355 assert(u);
1356
ac155bb8 1357 if (u->in_load_queue) {
71fda00f 1358 LIST_REMOVE(load_queue, u->manager->load_queue, u);
ac155bb8 1359 u->in_load_queue = false;
87f0e418
LP		 1360 }
1361
ac155bb8 1362 if (u->type == _UNIT_TYPE_INVALID)
e537352b
LP		 1363 return -EINVAL;
1364
ac155bb8 1365 if (u->load_state != UNIT_STUB)
87f0e418
LP		 1366 return 0;
1367
4f4afc88 1368 if (u->transient_file) {
66fa4bdd
LP		 1369 /* Finalize transient file: if this is a transient unit file, as soon as we reach unit_load() the setup
1370 * is complete, hence let's synchronize the unit file we just wrote to disk. */
1371
4f4afc88
LP		 1372 r = fflush_and_check(u->transient_file);
1373 if (r < 0)
1374 goto fail;
1375
50fb00b7 1376 u->transient_file = safe_fclose(u->transient_file);
f76707da 1377 u->fragment_mtime = now(CLOCK_REALTIME);
4f4afc88
LP		 1378 }
1379
c3784a7d
ZJS		 1380 r = UNIT_VTABLE(u)->load(u);
1381 if (r < 0)
23a177ef 1382 goto fail;
c3784a7d
ZJS		 1383
1384 assert(u->load_state != UNIT_STUB);
23a177ef 1385
7c8fa05c 1386 if (u->load_state == UNIT_LOADED) {
19496554 1387 unit_add_to_target_deps_queue(u);
e954c9cf
LP		 1388
1389 r = unit_add_slice_dependencies(u);
1390 if (r < 0)
1391 goto fail;
c2756a68 1392
e954c9cf 1393 r = unit_add_mount_dependencies(u);
7c8fa05c 1394 if (r < 0)
c2756a68 1395 goto fail;
7c8fa05c 1396
a2db0225
AZ		 1397 r = unit_add_oomd_dependencies(u);
1398 if (r < 0)
1399 goto fail;
1400
95ae05c0
WC		 1401 r = unit_add_startup_units(u);
1402 if (r < 0)
1403 goto fail;
1404
eef85c4a 1405 if (u->on_failure_job_mode == JOB_ISOLATE && hashmap_size(u->dependencies[UNIT_ON_FAILURE]) > 1) {
d85ff944
YW		 1406 r = log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOEXEC),
1407 "More than one OnFailure= dependencies specified but OnFailureJobMode=isolate set. Refusing.");
c2756a68
LP		 1408 goto fail;
1409 }
bc432dc7 1410
a2df3ea4
MK		 1411 if (u->job_running_timeout != USEC_INFINITY && u->job_running_timeout > u->job_timeout)
1412 log_unit_warning(u, "JobRunningTimeoutSec= is greater than JobTimeoutSec=, it has no effect.");
1413
5af88058
LP		 1414 /* We finished loading, let's ensure our parents recalculate the members mask */
1415 unit_invalidate_cgroup_members_masks(u);
f68319bb
LP		 1416 }
1417
ac155bb8 1418 assert((u->load_state != UNIT_MERGED) == !u->merged_into);
23a177ef
LP		 1419
1420 unit_add_to_dbus_queue(unit_follow_merge(u));
701cc384 1421 unit_add_to_gc_queue(u);
f561e8c6 1422 (void) manager_varlink_send_managed_oom_update(u);
87f0e418 1423
87f0e418
LP		 1424 return 0;
1425
1426fail:
81be2388
ZJS		 1427 /* We convert ENOEXEC errors to the UNIT_BAD_SETTING load state here. Configuration parsing code
1428 * should hence return ENOEXEC to ensure units are placed in this state after loading. */
c4555ad8
LP		 1429
1430 u->load_state = u->load_state == UNIT_STUB ? UNIT_NOT_FOUND :
1431 r == -ENOEXEC ? UNIT_BAD_SETTING :
1432 UNIT_ERROR;
ac155bb8 1433 u->load_error = r;
c4555ad8 1434
c149d2b4
ZJS		 1435 /* Record the timestamp on the cache, so that if the cache gets updated between now and the next time
1436 * an attempt is made to load this unit, we know we need to check again. */
7233e91a 1437 if (u->load_state == UNIT_NOT_FOUND)
c2911d48 1438 u->fragment_not_found_timestamp_hash = u->manager->unit_cache_timestamp_hash;
7233e91a 1439
c1e1601e 1440 unit_add_to_dbus_queue(u);
9a46fc3b 1441 unit_add_to_gc_queue(u);
23a177ef 1442
c4555ad8 1443 return log_unit_debug_errno(u, r, "Failed to load configuration: %m");
87f0e418
LP		 1444}
1445
f9f88198
YW		 1446_printf_(7, 8)
1447static int log_unit_internal(void *userdata, int level, int error, const char *file, int line, const char *func, const char *format, ...) {
1448 Unit *u = userdata;
1449 va_list ap;
1450 int r;
49365733 1451
f9f88198
YW		 1452 va_start(ap, format);
1453 if (u)
1454 r = log_object_internalv(level, error, file, line, func,
1455 u->manager->unit_log_field,
1456 u->id,
1457 u->manager->invocation_log_field,
1458 u->invocation_id_string,
1459 format, ap);
1460 else
1461 r = log_internalv(level, error, file, line, func, format, ap);
1462 va_end(ap);
49365733 1463
f9f88198 1464 return r;
49365733
LP		 1465}
1466
97a3f4ee 1467static bool unit_test_condition(Unit *u) {
a0b191b7
LP		 1468 _cleanup_strv_free_ char **env = NULL;
1469 int r;
1470
90bbc946
LP		 1471 assert(u);
1472
ac155bb8 1473 dual_timestamp_get(&u->condition_timestamp);
90bbc946 1474
a0b191b7
LP		 1475 r = manager_get_effective_environment(u->manager, &env);
1476 if (r < 0) {
1477 log_unit_error_errno(u, r, "Failed to determine effective environment: %m");
1478 u->condition_result = CONDITION_ERROR;
1479 } else
1480 u->condition_result = condition_test_list(
1481 u->conditions,
1482 env,
1483 condition_type_to_string,
1484 log_unit_internal,
1485 u);
e18f8852 1486
a0b191b7 1487 unit_add_to_dbus_queue(u);
ac155bb8 1488 return u->condition_result;
90bbc946
LP		 1489}
1490
97a3f4ee 1491static bool unit_test_assert(Unit *u) {
a0b191b7
LP		 1492 _cleanup_strv_free_ char **env = NULL;
1493 int r;
1494
59fccdc5
LP		 1495 assert(u);
1496
1497 dual_timestamp_get(&u->assert_timestamp);
59fccdc5 1498
a0b191b7
LP		 1499 r = manager_get_effective_environment(u->manager, &env);
1500 if (r < 0) {
1501 log_unit_error_errno(u, r, "Failed to determine effective environment: %m");
1502 u->assert_result = CONDITION_ERROR;
1503 } else
1504 u->assert_result = condition_test_list(
1505 u->asserts,
1506 env,
1507 assert_type_to_string,
1508 log_unit_internal,
1509 u);
e18f8852 1510
a0b191b7 1511 unit_add_to_dbus_queue(u);
59fccdc5
LP		 1512 return u->assert_result;
1513}
1514
5bcf34eb 1515void unit_status_printf(Unit *u, StatusType status_type, const char *status, const char *unit_status_msg_format) {
5b262f74
LP		 1516 const char *d;
1517
2a8f53c6 1518 d = unit_status_string(u);
5b262f74
LP		 1519 if (log_get_show_color())
1520 d = strjoina(ANSI_HIGHLIGHT, d, ANSI_NORMAL);
1521
df446f96 1522 DISABLE_WARNING_FORMAT_NONLITERAL;
5bcf34eb 1523 manager_status_printf(u->manager, status_type, status, unit_status_msg_format, d);
df446f96
LP		 1524 REENABLE_WARNING;
1525}
1526
97a3f4ee 1527int unit_test_start_limit(Unit *u) {
429926e9
TR		 1528 const char *reason;
1529
6bf0f408
LP		 1530 assert(u);
1531
7bf081a1 1532 if (ratelimit_below(&u->start_ratelimit)) {
6bf0f408
LP		 1533 u->start_limit_hit = false;
1534 return 0;
1535 }
1536
1537 log_unit_warning(u, "Start request repeated too quickly.");
1538 u->start_limit_hit = true;
1539
429926e9
TR		 1540 reason = strjoina("unit ", u->id, " failed");
1541
36c4dc08
LP		 1542 emergency_action(u->manager, u->start_limit_action,
1543 EMERGENCY_ACTION_IS_WATCHDOG|EMERGENCY_ACTION_WARN,
1544 u->reboot_arg, -1, reason);
1545
1546 return -ECANCELED;
6bf0f408
LP		 1547}
1548
c891efaf 1549bool unit_shall_confirm_spawn(Unit *u) {
631b676b 1550 assert(u);
c891efaf
FB		 1551
1552 if (manager_is_confirm_spawn_disabled(u->manager))
1553 return false;
1554
1555 /* For some reasons units remaining in the same process group
1556 * as PID 1 fail to acquire the console even if it's not used
1557 * by any process. So skip the confirmation question for them. */
1558 return !unit_get_exec_context(u)->same_pgrp;
1559}
1560
631b676b
LP		 1561static bool unit_verify_deps(Unit *u) {
1562 Unit *other;
eef85c4a 1563 void *v;
631b676b
LP		 1564
1565 assert(u);
1566
1567 /* Checks whether all BindsTo= dependencies of this unit are fulfilled — if they are also combined with
1568 * After=. We do not check Requires= or Requisite= here as they only should have an effect on the job
1569 * processing, but do not have any effect afterwards. We don't check BindsTo= dependencies that are not used in
1570 * conjunction with After= as for them any such check would make things entirely racy. */
1571
90e74a66 1572 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_BINDS_TO]) {
631b676b 1573
eef85c4a 1574 if (!hashmap_contains(u->dependencies[UNIT_AFTER], other))
631b676b
LP		 1575 continue;
1576
1577 if (!UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(other))) {
1578 log_unit_notice(u, "Bound to unit %s, but unit isn't active.", other->id);
1579 return false;
1580 }
1581 }
1582
1583 return true;
1584}
1585
9adb6959 1586/* Errors that aren't really errors:
6bf0f408 1587 * -EALREADY: Unit is already started.
9adb6959 1588 * -ECOMM: Condition failed
6bf0f408 1589 * -EAGAIN: An operation is already in progress. Retry later.
9adb6959
LP		 1590 *
1591 * Errors that are real errors:
1592 * -EBADR: This unit type does not support starting.
2de9b979 1593 * -ECANCELED: Start limit hit, too many requests for now
6bf0f408
LP		 1594 * -EPROTO: Assert failed
1595 * -EINVAL: Unit not loaded
1596 * -EOPNOTSUPP: Unit type not supported
631b676b 1597 * -ENOLINK: The necessary dependencies are not fulfilled.
d4fd1cf2 1598 * -ESTALE: This unit has been started before and can't be started a second time
a4191c9f 1599 * -ENOENT: This is a triggering unit and unit to trigger is not loaded
87f0e418
LP		 1600 */
1601int unit_start(Unit *u) {
1602 UnitActiveState state;
92ab323c 1603 Unit *following;
87f0e418
LP		 1604
1605 assert(u);
1606
5766aca8
LP		 1607 /* If this is already started, then this will succeed. Note that this will even succeed if this unit
1608 * is not startable by the user. This is relied on to detect when we need to wait for units and when
1609 * waiting is finished. */
87f0e418
LP		 1610 state = unit_active_state(u);
1611 if (UNIT_IS_ACTIVE_OR_RELOADING(state))
1612 return -EALREADY;
380dc8b0
LP		 1613 if (state == UNIT_MAINTENANCE)
1614 return -EAGAIN;
87f0e418 1615
6bf0f408
LP		 1616 /* Units that aren't loaded cannot be started */
1617 if (u->load_state != UNIT_LOADED)
1618 return -EINVAL;
1619
d4fd1cf2
LP		 1620 /* Refuse starting scope units more than once */
1621 if (UNIT_VTABLE(u)->once_only && dual_timestamp_is_set(&u->inactive_enter_timestamp))
1622 return -ESTALE;
1623
5766aca8
LP		 1624 /* If the conditions failed, don't do anything at all. If we already are activating this call might
1625 * still be useful to speed up activation in case there is some hold-off time, but we don't want to
1626 * recheck the condition in that case. */
a82e5507 1627 if (state != UNIT_ACTIVATING &&
5af6aa58 1628 !unit_test_condition(u))
5766aca8 1629 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(ECOMM), "Starting requested but condition failed. Not starting unit.");
52661efd 1630
59fccdc5
LP		 1631 /* If the asserts failed, fail the entire job */
1632 if (state != UNIT_ACTIVATING &&
5766aca8
LP		 1633 !unit_test_assert(u))
1634 return log_unit_notice_errno(u, SYNTHETIC_ERRNO(EPROTO), "Starting requested but asserts failed.");
59fccdc5 1635
5766aca8
LP		 1636 /* Units of types that aren't supported cannot be started. Note that we do this test only after the
1637 * condition checks, so that we rather return condition check errors (which are usually not
1638 * considered a true failure) than "not supported" errors (which are considered a failure).
d11a7645 1639 */
96cf3ec9 1640 if (!unit_type_supported(u->type))
d11a7645
LP		 1641 return -EOPNOTSUPP;
1642
5766aca8
LP		 1643 /* Let's make sure that the deps really are in order before we start this. Normally the job engine
1644 * should have taken care of this already, but let's check this here again. After all, our
1645 * dependencies might not be in effect anymore, due to a reload or due to a failed condition. */
631b676b
LP		 1646 if (!unit_verify_deps(u))
1647 return -ENOLINK;
1648
92ab323c 1649 /* Forward to the main object, if we aren't it. */
52990c2e
ZJS		 1650 following = unit_following(u);
1651 if (following) {
f2341e0a 1652 log_unit_debug(u, "Redirecting start request from %s to %s.", u->id, following->id);
92ab323c
LP		 1653 return unit_start(following);
1654 }
1655
1656 /* If it is stopped, but we cannot start it, then fail */
1657 if (!UNIT_VTABLE(u)->start)
1658 return -EBADR;
1659
5766aca8
LP		 1660 /* We don't suppress calls to ->start() here when we are already starting, to allow this request to
1661 * be used as a "hurry up" call, for example when the unit is in some "auto restart" state where it
1662 * waits for a holdoff timer to elapse before it will start again. */
87f0e418 1663
c1e1601e 1664 unit_add_to_dbus_queue(u);
d9e45bc3 1665 unit_cgroup_freezer_action(u, FREEZER_THAW);
9e58ff9c 1666
d1a34ae9 1667 return UNIT_VTABLE(u)->start(u);
87f0e418
LP		 1668}
1669
1670bool unit_can_start(Unit *u) {
1671 assert(u);
1672
8ff4d2ab
LP		 1673 if (u->load_state != UNIT_LOADED)
1674 return false;
1675
96cf3ec9 1676 if (!unit_type_supported(u->type))
8ff4d2ab
LP		 1677 return false;
1678
d4fd1cf2
LP		 1679 /* Scope units may be started only once */
1680 if (UNIT_VTABLE(u)->once_only && dual_timestamp_is_set(&u->inactive_exit_timestamp))
1681 return false;
1682
87f0e418
LP		 1683 return !!UNIT_VTABLE(u)->start;
1684}
1685
2528a7a6
LP		 1686bool unit_can_isolate(Unit *u) {
1687 assert(u);
1688
1689 return unit_can_start(u) &&
ac155bb8 1690 u->allow_isolate;
2528a7a6
LP		 1691}
1692
87f0e418
LP		 1693/* Errors:
1694 * -EBADR: This unit type does not support stopping.
1695 * -EALREADY: Unit is already stopped.
1696 * -EAGAIN: An operation is already in progress. Retry later.
1697 */
1698int unit_stop(Unit *u) {
1699 UnitActiveState state;
92ab323c 1700 Unit *following;
87f0e418
LP		 1701
1702 assert(u);
1703
87f0e418 1704 state = unit_active_state(u);
fdf20a31 1705 if (UNIT_IS_INACTIVE_OR_FAILED(state))
87f0e418
LP		 1706 return -EALREADY;
1707
0faacd47
LP		 1708 following = unit_following(u);
1709 if (following) {
f2341e0a 1710 log_unit_debug(u, "Redirecting stop request from %s to %s.", u->id, following->id);
92ab323c
LP		 1711 return unit_stop(following);
1712 }
1713
7898b0cf
LP		 1714 if (!UNIT_VTABLE(u)->stop)
1715 return -EBADR;
1716
c1e1601e 1717 unit_add_to_dbus_queue(u);
d9e45bc3 1718 unit_cgroup_freezer_action(u, FREEZER_THAW);
9e58ff9c 1719
d1a34ae9 1720 return UNIT_VTABLE(u)->stop(u);
87f0e418
LP		 1721}
1722
f5869324
LP		 1723bool unit_can_stop(Unit *u) {
1724 assert(u);
1725
39c79477
ZJS		 1726 /* Note: if we return true here, it does not mean that the unit may be successfully stopped.
1727 * Extrinsic units follow external state and they may stop following external state changes
1728 * (hence we return true here), but an attempt to do this through the manager will fail. */
1729
96cf3ec9 1730 if (!unit_type_supported(u->type))
f5869324
LP		 1731 return false;
1732
1733 if (u->perpetual)
1734 return false;
1735
1736 return !!UNIT_VTABLE(u)->stop;
1737}
1738
87f0e418
LP		 1739/* Errors:
1740 * -EBADR: This unit type does not support reloading.
1741 * -ENOEXEC: Unit is not started.
1742 * -EAGAIN: An operation is already in progress. Retry later.
1743 */
1744int unit_reload(Unit *u) {
1745 UnitActiveState state;
92ab323c 1746 Unit *following;
87f0e418
LP		 1747
1748 assert(u);
1749
ac155bb8 1750 if (u->load_state != UNIT_LOADED)
6124958c
LP		 1751 return -EINVAL;
1752
87f0e418
LP		 1753 if (!unit_can_reload(u))
1754 return -EBADR;
1755
1756 state = unit_active_state(u);
e364ad06 1757 if (state == UNIT_RELOADING)
6255af75 1758 return -EAGAIN;
87f0e418 1759
d85ff944
YW		 1760 if (state != UNIT_ACTIVE)
1761 return log_unit_warning_errno(u, SYNTHETIC_ERRNO(ENOEXEC), "Unit cannot be reloaded because it is inactive.");
87f0e418 1762
e48614c4
ZJS		 1763 following = unit_following(u);
1764 if (following) {
f2341e0a 1765 log_unit_debug(u, "Redirecting reload request from %s to %s.", u->id, following->id);
92ab323c
LP		 1766 return unit_reload(following);
1767 }
1768
c1e1601e 1769 unit_add_to_dbus_queue(u);
82a2b6bb 1770
f54bcca5
JR		 1771 if (!UNIT_VTABLE(u)->reload) {
1772 /* Unit doesn't have a reload function, but we need to propagate the reload anyway */
2ad2e41a 1773 unit_notify(u, unit_active_state(u), unit_active_state(u), 0);
f54bcca5
JR		 1774 return 0;
1775 }
1776
d9e45bc3
MS		 1777 unit_cgroup_freezer_action(u, FREEZER_THAW);
1778
d1a34ae9 1779 return UNIT_VTABLE(u)->reload(u);
87f0e418
LP		 1780}
1781
1782bool unit_can_reload(Unit *u) {
1783 assert(u);
1784
f54bcca5
JR		 1785 if (UNIT_VTABLE(u)->can_reload)
1786 return UNIT_VTABLE(u)->can_reload(u);
87f0e418 1787
eef85c4a 1788 if (!hashmap_isempty(u->dependencies[UNIT_PROPAGATES_RELOAD_TO]))
87f0e418
LP		 1789 return true;
1790
f54bcca5 1791 return UNIT_VTABLE(u)->reload;
87f0e418
LP		 1792}
1793
a3c1168a
LP		 1794bool unit_is_unneeded(Unit *u) {
1795 static const UnitDependency deps[] = {
be7d9ff7 1796 UNIT_REQUIRED_BY,
084918ba 1797 UNIT_REQUISITE_OF,
be7d9ff7
LP		 1798 UNIT_WANTED_BY,
1799 UNIT_BOUND_BY,
1800 };
f3bff0eb
LP		 1801
1802 assert(u);
1803
ac155bb8 1804 if (!u->stop_when_unneeded)
a3c1168a 1805 return false;
f3bff0eb 1806
a3c1168a
LP		 1807 /* Don't clean up while the unit is transitioning or is even inactive. */
1808 if (!UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u)))
1809 return false;
1810 if (u->job)
1811 return false;
f3bff0eb 1812
12375b95 1813 for (size_t j = 0; j < ELEMENTSOF(deps); j++) {
eef85c4a 1814 Unit *other;
eef85c4a
LP		 1815 void *v;
1816
fda09318 1817 /* If a dependent unit has a job queued, is active or transitioning, or is marked for
a3c1168a 1818 * restart, then don't clean this one up. */
b81884e7 1819
90e74a66 1820 HASHMAP_FOREACH_KEY(v, other, u->dependencies[deps[j]]) {
93d4cb09 1821 if (other->job)
a3c1168a
LP		 1822 return false;
1823
1824 if (!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other)))
1825 return false;
1826
1827 if (unit_will_restart(other))
1828 return false;
1829 }
bea355da
LP		 1830 }
1831
a3c1168a
LP		 1832 return true;
1833}
f3bff0eb 1834
a3c1168a
LP		 1835static void check_unneeded_dependencies(Unit *u) {
1836
1837 static const UnitDependency deps[] = {
1838 UNIT_REQUIRES,
1839 UNIT_REQUISITE,
1840 UNIT_WANTS,
1841 UNIT_BINDS_TO,
1842 };
a3c1168a
LP		 1843
1844 assert(u);
1845
1846 /* Add all units this unit depends on to the queue that processes StopWhenUnneeded= behaviour. */
1847
12375b95 1848 for (size_t j = 0; j < ELEMENTSOF(deps); j++) {
a3c1168a 1849 Unit *other;
a3c1168a
LP		 1850 void *v;
1851
90e74a66 1852 HASHMAP_FOREACH_KEY(v, other, u->dependencies[deps[j]])
fda09318 1853 unit_submit_to_stop_when_unneeded_queue(other);
a3c1168a 1854 }
f3bff0eb
LP		 1855}
1856
ff502445 1857static void unit_check_binds_to(Unit *u) {
4afd3348 1858 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
ff502445
LP		 1859 bool stop = false;
1860 Unit *other;
eef85c4a 1861 void *v;
67bfdc97 1862 int r;
ff502445
LP		 1863
1864 assert(u);
1865
1866 if (u->job)
1867 return;
1868
1869 if (unit_active_state(u) != UNIT_ACTIVE)
1870 return;
1871
90e74a66 1872 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_BINDS_TO]) {
ff502445
LP		 1873 if (other->job)
1874 continue;
13ddc3fc
ZJS		 1875
1876 if (!other->coldplugged)
1877 /* We might yet create a job for the other unit… */
1878 continue;
ff502445
LP		 1879
1880 if (!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other)))
1881 continue;
1882
1883 stop = true;
98f738b6 1884 break;
ff502445
LP		 1885 }
1886
1887 if (!stop)
1888 return;
1889
595bfe7d 1890 /* If stopping a unit fails continuously we might enter a stop
67bfdc97
LP		 1891 * loop here, hence stop acting on the service being
1892 * unnecessary after a while. */
7994ac1d 1893 if (!ratelimit_below(&u->auto_stop_ratelimit)) {
67bfdc97
LP		 1894 log_unit_warning(u, "Unit is bound to inactive unit %s, but not stopping since we tried this too often recently.", other->id);
1895 return;
1896 }
1897
98f738b6 1898 assert(other);
f2341e0a 1899 log_unit_info(u, "Unit is bound to inactive unit %s. Stopping, too.", other->id);
ff502445
LP		 1900
1901 /* A unit we need to run is gone. Sniff. Let's stop this. */
50cbaba4 1902 r = manager_add_job(u->manager, JOB_STOP, u, JOB_FAIL, NULL, &error, NULL);
67bfdc97 1903 if (r < 0)
4bd29fe5 1904 log_unit_warning_errno(u, r, "Failed to enqueue stop job, ignoring: %s", bus_error_message(&error, r));
ff502445
LP		 1905}
1906
87f0e418 1907static void retroactively_start_dependencies(Unit *u) {
87f0e418 1908 Unit *other;
eef85c4a 1909 void *v;
87f0e418
LP		 1910
1911 assert(u);
1912 assert(UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(u)));
1913
90e74a66 1914 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_REQUIRES])
eef85c4a 1915 if (!hashmap_get(u->dependencies[UNIT_AFTER], other) &&
b81884e7 1916 !UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(other)))
50cbaba4 1917 manager_add_job(u->manager, JOB_START, other, JOB_REPLACE, NULL, NULL, NULL);
b81884e7 1918
90e74a66 1919 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_BINDS_TO])
eef85c4a 1920 if (!hashmap_get(u->dependencies[UNIT_AFTER], other) &&
b81884e7 1921 !UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(other)))
50cbaba4 1922 manager_add_job(u->manager, JOB_START, other, JOB_REPLACE, NULL, NULL, NULL);
87f0e418 1923
90e74a66 1924 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_WANTS])
eef85c4a 1925 if (!hashmap_get(u->dependencies[UNIT_AFTER], other) &&
b81884e7 1926 !UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(other)))
50cbaba4 1927 manager_add_job(u->manager, JOB_START, other, JOB_FAIL, NULL, NULL, NULL);
87f0e418 1928
90e74a66 1929 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_CONFLICTS])
b81884e7 1930 if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
50cbaba4 1931 manager_add_job(u->manager, JOB_STOP, other, JOB_REPLACE, NULL, NULL, NULL);
69dd2852 1932
90e74a66 1933 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_CONFLICTED_BY])
b81884e7 1934 if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
50cbaba4 1935 manager_add_job(u->manager, JOB_STOP, other, JOB_REPLACE, NULL, NULL, NULL);
87f0e418
LP		 1936}
1937
1938static void retroactively_stop_dependencies(Unit *u) {
87f0e418 1939 Unit *other;
eef85c4a 1940 void *v;
87f0e418
LP		 1941
1942 assert(u);
1943 assert(UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(u)));
1944
b81884e7 1945 /* Pull down units which are bound to us recursively if enabled */
90e74a66 1946 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_BOUND_BY])
b81884e7 1947 if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
50cbaba4 1948 manager_add_job(u->manager, JOB_STOP, other, JOB_REPLACE, NULL, NULL, NULL);
cd0504d0
MS		 1949}
1950
3ecaa09b 1951void unit_start_on_failure(Unit *u) {
c0daa706 1952 Unit *other;
eef85c4a 1953 void *v;
7f66b026 1954 int r;
c0daa706
LP		 1955
1956 assert(u);
1957
eef85c4a 1958 if (hashmap_size(u->dependencies[UNIT_ON_FAILURE]) <= 0)
222ae6a8
LP		 1959 return;
1960
f2341e0a 1961 log_unit_info(u, "Triggering OnFailure= dependencies.");
222ae6a8 1962
90e74a66 1963 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_ON_FAILURE]) {
7f66b026 1964 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
222ae6a8 1965
50cbaba4 1966 r = manager_add_job(u->manager, JOB_START, other, u->on_failure_job_mode, NULL, &error, NULL);
c1b6628d 1967 if (r < 0)
7f66b026 1968 log_unit_warning_errno(u, r, "Failed to enqueue OnFailure= job, ignoring: %s", bus_error_message(&error, r));
222ae6a8 1969 }
c0daa706
LP		 1970}
1971
3ecaa09b
LP		 1972void unit_trigger_notify(Unit *u) {
1973 Unit *other;
eef85c4a 1974 void *v;
3ecaa09b
LP		 1975
1976 assert(u);
1977
90e74a66 1978 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_TRIGGERED_BY])
3ecaa09b
LP		 1979 if (UNIT_VTABLE(other)->trigger_notify)
1980 UNIT_VTABLE(other)->trigger_notify(other, u);
1981}
1982
37109b85
ZJS		 1983static int raise_level(int log_level, bool condition_info, bool condition_notice) {
1984 if (condition_notice && log_level > LOG_NOTICE)
1985 return LOG_NOTICE;
1986 if (condition_info && log_level > LOG_INFO)
1987 return LOG_INFO;
1988 return log_level;
1989}
1990
915b1d01 1991static int unit_log_resources(Unit *u) {
bc40a20e
LP		 1992 struct iovec iovec[1 + _CGROUP_IP_ACCOUNTING_METRIC_MAX + _CGROUP_IO_ACCOUNTING_METRIC_MAX + 4];
1993 bool any_traffic = false, have_ip_accounting = false, any_io = false, have_io_accounting = false;
1994 _cleanup_free_ char *igress = NULL, *egress = NULL, *rr = NULL, *wr = NULL;
162392b7 1995 int log_level = LOG_DEBUG; /* May be raised if resources consumed over a threshold */
915b1d01 1996 size_t n_message_parts = 0, n_iovec = 0;
bc40a20e 1997 char* message_parts[1 + 2 + 2 + 1], *t;
915b1d01 1998 nsec_t nsec = NSEC_INFINITY;
915b1d01
LP		 1999 int r;
2000 const char* const ip_fields[_CGROUP_IP_ACCOUNTING_METRIC_MAX] = {
2001 [CGROUP_IP_INGRESS_BYTES] = "IP_METRIC_INGRESS_BYTES",
2002 [CGROUP_IP_INGRESS_PACKETS] = "IP_METRIC_INGRESS_PACKETS",
2003 [CGROUP_IP_EGRESS_BYTES] = "IP_METRIC_EGRESS_BYTES",
2004 [CGROUP_IP_EGRESS_PACKETS] = "IP_METRIC_EGRESS_PACKETS",
2005 };
bc40a20e
LP		 2006 const char* const io_fields[_CGROUP_IO_ACCOUNTING_METRIC_MAX] = {
2007 [CGROUP_IO_READ_BYTES] = "IO_METRIC_READ_BYTES",
2008 [CGROUP_IO_WRITE_BYTES] = "IO_METRIC_WRITE_BYTES",
2009 [CGROUP_IO_READ_OPERATIONS] = "IO_METRIC_READ_OPERATIONS",
2010 [CGROUP_IO_WRITE_OPERATIONS] = "IO_METRIC_WRITE_OPERATIONS",
2011 };
915b1d01
LP		 2012
2013 assert(u);
2014
2015 /* Invoked whenever a unit enters failed or dead state. Logs information about consumed resources if resource
2016 * accounting was enabled for a unit. It does this in two ways: a friendly human readable string with reduced
2017 * information and the complete data in structured fields. */
2018
2019 (void) unit_get_cpu_usage(u, &nsec);
2020 if (nsec != NSEC_INFINITY) {
2021 char buf[FORMAT_TIMESPAN_MAX] = "";
2022
2023 /* Format the CPU time for inclusion in the structured log message */
2024 if (asprintf(&t, "CPU_USAGE_NSEC=%" PRIu64, nsec) < 0) {
2025 r = log_oom();
2026 goto finish;
2027 }
2028 iovec[n_iovec++] = IOVEC_MAKE_STRING(t);
2029
2030 /* Format the CPU time for inclusion in the human language message string */
2031 format_timespan(buf, sizeof(buf), nsec / NSEC_PER_USEC, USEC_PER_MSEC);
ec9d636b 2032 t = strjoin("consumed ", buf, " CPU time");
915b1d01
LP		 2033 if (!t) {
2034 r = log_oom();
2035 goto finish;
2036 }
2037
2038 message_parts[n_message_parts++] = t;
37109b85
ZJS		 2039
2040 log_level = raise_level(log_level,
2041 nsec > NOTICEWORTHY_CPU_NSEC,
2042 nsec > MENTIONWORTHY_CPU_NSEC);
915b1d01
LP		 2043 }
2044
bc40a20e
LP		 2045 for (CGroupIOAccountingMetric k = 0; k < _CGROUP_IO_ACCOUNTING_METRIC_MAX; k++) {
2046 char buf[FORMAT_BYTES_MAX] = "";
2047 uint64_t value = UINT64_MAX;
2048
2049 assert(io_fields[k]);
2050
2051 (void) unit_get_io_accounting(u, k, k > 0, &value);
2052 if (value == UINT64_MAX)
2053 continue;
2054
2055 have_io_accounting = true;
2056 if (value > 0)
2057 any_io = true;
2058
2059 /* Format IO accounting data for inclusion in the structured log message */
2060 if (asprintf(&t, "%s=%" PRIu64, io_fields[k], value) < 0) {
2061 r = log_oom();
2062 goto finish;
2063 }
2064 iovec[n_iovec++] = IOVEC_MAKE_STRING(t);
2065
2066 /* Format the IO accounting data for inclusion in the human language message string, but only
2067 * for the bytes counters (and not for the operations counters) */
2068 if (k == CGROUP_IO_READ_BYTES) {
2069 assert(!rr);
2070 rr = strjoin("read ", format_bytes(buf, sizeof(buf), value), " from disk");
2071 if (!rr) {
2072 r = log_oom();
2073 goto finish;
2074 }
2075 } else if (k == CGROUP_IO_WRITE_BYTES) {
2076 assert(!wr);
2077 wr = strjoin("written ", format_bytes(buf, sizeof(buf), value), " to disk");
2078 if (!wr) {
2079 r = log_oom();
2080 goto finish;
2081 }
2082 }
37109b85
ZJS		 2083
2084 if (IN_SET(k, CGROUP_IO_READ_BYTES, CGROUP_IO_WRITE_BYTES))
2085 log_level = raise_level(log_level,
2086 value > MENTIONWORTHY_IO_BYTES,
2087 value > NOTICEWORTHY_IO_BYTES);
bc40a20e
LP		 2088 }
2089
2090 if (have_io_accounting) {
2091 if (any_io) {
2092 if (rr)
2093 message_parts[n_message_parts++] = TAKE_PTR(rr);
2094 if (wr)
2095 message_parts[n_message_parts++] = TAKE_PTR(wr);
2096
2097 } else {
2098 char *k;
2099
2100 k = strdup("no IO");
2101 if (!k) {
2102 r = log_oom();
2103 goto finish;
2104 }
2105
2106 message_parts[n_message_parts++] = k;
2107 }
2108 }
2109
12375b95 2110 for (CGroupIPAccountingMetric m = 0; m < _CGROUP_IP_ACCOUNTING_METRIC_MAX; m++) {
915b1d01
LP		 2111 char buf[FORMAT_BYTES_MAX] = "";
2112 uint64_t value = UINT64_MAX;
2113
2114 assert(ip_fields[m]);
2115
2116 (void) unit_get_ip_accounting(u, m, &value);
2117 if (value == UINT64_MAX)
2118 continue;
82044702
LP		 2119
2120 have_ip_accounting = true;
a87b1faa
LP		 2121 if (value > 0)
2122 any_traffic = true;
915b1d01
LP		 2123
2124 /* Format IP accounting data for inclusion in the structured log message */
2125 if (asprintf(&t, "%s=%" PRIu64, ip_fields[m], value) < 0) {
2126 r = log_oom();
2127 goto finish;
2128 }
2129 iovec[n_iovec++] = IOVEC_MAKE_STRING(t);
2130
2131 /* Format the IP accounting data for inclusion in the human language message string, but only for the
2132 * bytes counters (and not for the packets counters) */
a87b1faa
LP		 2133 if (m == CGROUP_IP_INGRESS_BYTES) {
2134 assert(!igress);
ec9d636b 2135 igress = strjoin("received ", format_bytes(buf, sizeof(buf), value), " IP traffic");
a87b1faa
LP		 2136 if (!igress) {
2137 r = log_oom();
2138 goto finish;
2139 }
2140 } else if (m == CGROUP_IP_EGRESS_BYTES) {
2141 assert(!egress);
ec9d636b 2142 egress = strjoin("sent ", format_bytes(buf, sizeof(buf), value), " IP traffic");
a87b1faa
LP		 2143 if (!egress) {
2144 r = log_oom();
2145 goto finish;
2146 }
2147 }
37109b85
ZJS		 2148
2149 if (IN_SET(m, CGROUP_IP_INGRESS_BYTES, CGROUP_IP_EGRESS_BYTES))
2150 log_level = raise_level(log_level,
2151 value > MENTIONWORTHY_IP_BYTES,
2152 value > NOTICEWORTHY_IP_BYTES);
a87b1faa
LP		 2153 }
2154
82044702
LP		 2155 if (have_ip_accounting) {
2156 if (any_traffic) {
2157 if (igress)
2158 message_parts[n_message_parts++] = TAKE_PTR(igress);
2159 if (egress)
2160 message_parts[n_message_parts++] = TAKE_PTR(egress);
a87b1faa 2161
82044702
LP		 2162 } else {
2163 char *k;
915b1d01 2164
82044702
LP		 2165 k = strdup("no IP traffic");
2166 if (!k) {
2167 r = log_oom();
2168 goto finish;
2169 }
2170
2171 message_parts[n_message_parts++] = k;
2172 }
915b1d01
LP		 2173 }
2174
2175 /* Is there any accounting data available at all? */
2176 if (n_iovec == 0) {
2177 r = 0;
2178 goto finish;
2179 }
2180
2181 if (n_message_parts == 0)
a87b1faa 2182 t = strjoina("MESSAGE=", u->id, ": Completed.");
915b1d01
LP		 2183 else {
2184 _cleanup_free_ char *joined;
2185
2186 message_parts[n_message_parts] = NULL;
2187
2188 joined = strv_join(message_parts, ", ");
2189 if (!joined) {
2190 r = log_oom();
2191 goto finish;
2192 }
2193
ec9d636b 2194 joined[0] = ascii_toupper(joined[0]);
a87b1faa 2195 t = strjoina("MESSAGE=", u->id, ": ", joined, ".");
915b1d01
LP		 2196 }
2197
2198 /* The following four fields we allocate on the stack or are static strings, we hence don't want to free them,
2199 * and hence don't increase n_iovec for them */
2200 iovec[n_iovec] = IOVEC_MAKE_STRING(t);
2201 iovec[n_iovec + 1] = IOVEC_MAKE_STRING("MESSAGE_ID=" SD_MESSAGE_UNIT_RESOURCES_STR);
2202
2203 t = strjoina(u->manager->unit_log_field, u->id);
2204 iovec[n_iovec + 2] = IOVEC_MAKE_STRING(t);
2205
2206 t = strjoina(u->manager->invocation_log_field, u->invocation_id_string);
2207 iovec[n_iovec + 3] = IOVEC_MAKE_STRING(t);
2208
37109b85 2209 log_struct_iovec(log_level, iovec, n_iovec + 4);
915b1d01
LP		 2210 r = 0;
2211
2212finish:
12375b95 2213 for (size_t i = 0; i < n_message_parts; i++)
915b1d01
LP		 2214 free(message_parts[i]);
2215
12375b95 2216 for (size_t i = 0; i < n_iovec; i++)
915b1d01
LP		 2217 free(iovec[i].iov_base);
2218
2219 return r;
2220
2221}
2222
adefcf28
LP		 2223static void unit_update_on_console(Unit *u) {
2224 bool b;
2225
2226 assert(u);
2227
2228 b = unit_needs_console(u);
2229 if (u->on_console == b)
2230 return;
2231
2232 u->on_console = b;
2233 if (b)
2234 manager_ref_console(u->manager);
2235 else
2236 manager_unref_console(u->manager);
adefcf28
LP		 2237}
2238
6eb65e7c
LP		 2239static void unit_emit_audit_start(Unit *u) {
2240 assert(u);
2241
2242 if (u->type != UNIT_SERVICE)
2243 return;
2244
2245 /* Write audit record if we have just finished starting up */
2246 manager_send_unit_audit(u->manager, u, AUDIT_SERVICE_START, true);
2247 u->in_audit = true;
2248}
2249
2250static void unit_emit_audit_stop(Unit *u, UnitActiveState state) {
2251 assert(u);
2252
2253 if (u->type != UNIT_SERVICE)
2254 return;
2255
2256 if (u->in_audit) {
2257 /* Write audit record if we have just finished shutting down */
2258 manager_send_unit_audit(u->manager, u, AUDIT_SERVICE_STOP, state == UNIT_INACTIVE);
2259 u->in_audit = false;
2260 } else {
2261 /* Hmm, if there was no start record written write it now, so that we always have a nice pair */
2262 manager_send_unit_audit(u->manager, u, AUDIT_SERVICE_START, state == UNIT_INACTIVE);
2263
2264 if (state == UNIT_INACTIVE)
2265 manager_send_unit_audit(u->manager, u, AUDIT_SERVICE_STOP, true);
2266 }
2267}
2268
16c74914
LP		 2269static bool unit_process_job(Job *j, UnitActiveState ns, UnitNotifyFlags flags) {
2270 bool unexpected = false;
31cd5f63 2271 JobResult result;
16c74914
LP		 2272
2273 assert(j);
2274
2275 if (j->state == JOB_WAITING)
2276
2277 /* So we reached a different state for this job. Let's see if we can run it now if it failed previously
2278 * due to EAGAIN. */
2279 job_add_to_run_queue(j);
2280
2281 /* Let's check whether the unit's new state constitutes a finished job, or maybe contradicts a running job and
2282 * hence needs to invalidate jobs. */
2283
2284 switch (j->type) {
2285
2286 case JOB_START:
2287 case JOB_VERIFY_ACTIVE:
2288
2289 if (UNIT_IS_ACTIVE_OR_RELOADING(ns))
2290 job_finish_and_invalidate(j, JOB_DONE, true, false);
2291 else if (j->state == JOB_RUNNING && ns != UNIT_ACTIVATING) {
2292 unexpected = true;
2293
31cd5f63
AZ		 2294 if (UNIT_IS_INACTIVE_OR_FAILED(ns)) {
2295 if (ns == UNIT_FAILED)
2296 result = JOB_FAILED;
31cd5f63
AZ		 2297 else
2298 result = JOB_DONE;
2299
2300 job_finish_and_invalidate(j, result, true, false);
2301 }
16c74914
LP		 2302 }
2303
2304 break;
2305
2306 case JOB_RELOAD:
2307 case JOB_RELOAD_OR_START:
2308 case JOB_TRY_RELOAD:
2309
2310 if (j->state == JOB_RUNNING) {
2311 if (ns == UNIT_ACTIVE)
2312 job_finish_and_invalidate(j, (flags & UNIT_NOTIFY_RELOAD_FAILURE) ? JOB_FAILED : JOB_DONE, true, false);
2313 else if (!IN_SET(ns, UNIT_ACTIVATING, UNIT_RELOADING)) {
2314 unexpected = true;
2315
2316 if (UNIT_IS_INACTIVE_OR_FAILED(ns))
2317 job_finish_and_invalidate(j, ns == UNIT_FAILED ? JOB_FAILED : JOB_DONE, true, false);
2318 }
2319 }
2320
2321 break;
2322
2323 case JOB_STOP:
2324 case JOB_RESTART:
2325 case JOB_TRY_RESTART:
2326
2327 if (UNIT_IS_INACTIVE_OR_FAILED(ns))
2328 job_finish_and_invalidate(j, JOB_DONE, true, false);
2329 else if (j->state == JOB_RUNNING && ns != UNIT_DEACTIVATING) {
2330 unexpected = true;
2331 job_finish_and_invalidate(j, JOB_FAILED, true, false);
2332 }
2333
2334 break;
2335
2336 default:
2337 assert_not_reached("Job type unknown");
2338 }
2339
2340 return unexpected;
2341}
2342
2ad2e41a 2343void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, UnitNotifyFlags flags) {
429926e9 2344 const char *reason;
8559b3b7 2345 Manager *m;
a096ed36 2346
87f0e418
LP		 2347 assert(u);
2348 assert(os < _UNIT_ACTIVE_STATE_MAX);
2349 assert(ns < _UNIT_ACTIVE_STATE_MAX);
87f0e418 2350
8559b3b7
LP		 2351 /* Note that this is called for all low-level state changes, even if they might map to the same high-level
2352 * UnitActiveState! That means that ns == os is an expected behavior here. For example: if a mount point is
2353 * remounted this function will be called too! */
87f0e418 2354
546ac4f0
MS		 2355 m = u->manager;
2356
3c4832ad
LP		 2357 /* Let's enqueue the change signal early. In case this unit has a job associated we want that this unit is in
2358 * the bus queue, so that any job change signal queued will force out the unit change signal first. */
2359 unit_add_to_dbus_queue(u);
2360
e30bbc90
AZ		 2361 /* Update systemd-oomd on the property/state change */
2362 if (os != ns) {
2363 /* Always send an update if the unit is going into an inactive state so systemd-oomd knows to stop
2364 * monitoring.
2365 * Also send an update whenever the unit goes active; this is to handle a case where an override file
2366 * sets one of the ManagedOOM*= properties to "kill", then later removes it. systemd-oomd needs to
2367 * know to stop monitoring when the unit changes from "kill" -> "auto" on daemon-reload, but we don't
2368 * have the information on the property. Thus, indiscriminately send an update. */
f561e8c6 2369 if (UNIT_IS_INACTIVE_OR_FAILED(ns) || UNIT_IS_ACTIVE_OR_RELOADING(ns))
e30bbc90
AZ		 2370 (void) manager_varlink_send_managed_oom_update(u);
2371 }
2372
f755e3b7 2373 /* Update timestamps for state changes */
2c289ea8 2374 if (!MANAGER_IS_RELOADING(m)) {
a483fb59 2375 dual_timestamp_get(&u->state_change_timestamp);
173e3821 2376
bdbf9951 2377 if (UNIT_IS_INACTIVE_OR_FAILED(os) && !UNIT_IS_INACTIVE_OR_FAILED(ns))
a483fb59 2378 u->inactive_exit_timestamp = u->state_change_timestamp;
bdbf9951 2379 else if (!UNIT_IS_INACTIVE_OR_FAILED(os) && UNIT_IS_INACTIVE_OR_FAILED(ns))
a483fb59 2380 u->inactive_enter_timestamp = u->state_change_timestamp;
bdbf9951
LP		 2381
2382 if (!UNIT_IS_ACTIVE_OR_RELOADING(os) && UNIT_IS_ACTIVE_OR_RELOADING(ns))
a483fb59 2383 u->active_enter_timestamp = u->state_change_timestamp;
bdbf9951 2384 else if (UNIT_IS_ACTIVE_OR_RELOADING(os) && !UNIT_IS_ACTIVE_OR_RELOADING(ns))
a483fb59 2385 u->active_exit_timestamp = u->state_change_timestamp;
bdbf9951 2386 }
87f0e418 2387
865cc19a 2388 /* Keep track of failed units */
8724defe 2389 (void) manager_update_failed_units(m, u, ns == UNIT_FAILED);
f755e3b7 2390
d3070fbd
LP		 2391 /* Make sure the cgroup and state files are always removed when we become inactive */
2392 if (UNIT_IS_INACTIVE_OR_FAILED(ns)) {
ff68472a
ZJS		 2393 SET_FLAG(u->markers,
2394 (1u << UNIT_MARKER_NEEDS_RELOAD)|(1u << UNIT_MARKER_NEEDS_RESTART),
2395 false);
efdb0237 2396 unit_prune_cgroup(u);
d3070fbd 2397 unit_unlink_state_files(u);
ff68472a
ZJS		 2398 } else if (ns != os && ns == UNIT_RELOADING)
2399 SET_FLAG(u->markers, 1u << UNIT_MARKER_NEEDS_RELOAD, false);
fb385181 2400
adefcf28 2401 unit_update_on_console(u);
7ed9f6cd 2402
2c289ea8 2403 if (!MANAGER_IS_RELOADING(m)) {
a1c7334b
LP		 2404 bool unexpected;
2405
2406 /* Let's propagate state changes to the job */
2407 if (u->job)
2408 unexpected = unit_process_job(u->job, ns, flags);
2409 else
2410 unexpected = true;
f3bff0eb 2411
a1c7334b
LP		 2412 /* If this state change happened without being requested by a job, then let's retroactively start or
2413 * stop dependencies. We skip that step when deserializing, since we don't want to create any
2414 * additional jobs just because something is already activated. */
bdbf9951
LP		 2415
2416 if (unexpected) {
2417 if (UNIT_IS_INACTIVE_OR_FAILED(os) && UNIT_IS_ACTIVE_OR_ACTIVATING(ns))
2418 retroactively_start_dependencies(u);
2419 else if (UNIT_IS_ACTIVE_OR_ACTIVATING(os) && UNIT_IS_INACTIVE_OR_DEACTIVATING(ns))
2420 retroactively_stop_dependencies(u);
2421 }
5de9682c 2422
cd0504d0 2423 /* stop unneeded units regardless if going down was expected or not */
a3c1168a 2424 if (UNIT_IS_INACTIVE_OR_FAILED(ns))
cd0504d0
MS		 2425 check_unneeded_dependencies(u);
2426
bdbf9951 2427 if (ns != os && ns == UNIT_FAILED) {
ed77d407 2428 log_unit_debug(u, "Unit entered failed state.");
2ad2e41a
LP		 2429
2430 if (!(flags & UNIT_NOTIFY_WILL_AUTO_RESTART))
2431 unit_start_on_failure(u);
cd6d0a45 2432 }
e537352b 2433
256f65d0
LP		 2434 if (UNIT_IS_ACTIVE_OR_RELOADING(ns) && !UNIT_IS_ACTIVE_OR_RELOADING(os)) {
2435 /* This unit just finished starting up */
3b2775c5 2436
6eb65e7c 2437 unit_emit_audit_start(u);
546ac4f0 2438 manager_send_unit_plymouth(m, u);
256f65d0 2439 }
bdbf9951 2440
256f65d0 2441 if (UNIT_IS_INACTIVE_OR_FAILED(ns) && !UNIT_IS_INACTIVE_OR_FAILED(os)) {
915b1d01 2442 /* This unit just stopped/failed. */
256f65d0 2443
6eb65e7c 2444 unit_emit_audit_stop(u, ns);
915b1d01 2445 unit_log_resources(u);
cd6d0a45 2446 }
f278026d
LP		 2447 }
2448
31dc1ca3
LP		 2449 manager_recheck_journal(m);
2450 manager_recheck_dbus(m);
e63ebf71 2451
3ecaa09b 2452 unit_trigger_notify(u);
3b2775c5 2453
8724defe 2454 if (!MANAGER_IS_RELOADING(m)) {
8559b3b7 2455 /* Maybe we finished startup and are now ready for being stopped because unneeded? */
fda09318 2456 unit_submit_to_stop_when_unneeded_queue(u);
c1e1601e 2457
8559b3b7
LP		 2458 /* Maybe we finished startup, but something we needed has vanished? Let's die then. (This happens when
2459 * something BindsTo= to a Type=oneshot unit, as these units go directly from starting to inactive,
ff502445
LP		 2460 * without ever entering started.) */
2461 unit_check_binds_to(u);
53c35a76 2462
429926e9
TR		 2463 if (os != UNIT_FAILED && ns == UNIT_FAILED) {
2464 reason = strjoina("unit ", u->id, " failed");
36c4dc08 2465 emergency_action(m, u->failure_action, 0, u->reboot_arg, unit_failure_action_exit_status(u), reason);
429926e9
TR		 2466 } else if (!UNIT_IS_INACTIVE_OR_FAILED(os) && ns == UNIT_INACTIVE) {
2467 reason = strjoina("unit ", u->id, " succeeded");
36c4dc08 2468 emergency_action(m, u->success_action, 0, u->reboot_arg, unit_success_action_exit_status(u), reason);
429926e9 2469 }
ff502445
LP		 2470 }
2471
701cc384 2472 unit_add_to_gc_queue(u);
87f0e418
LP		 2473}
2474
f75f613d 2475int unit_watch_pid(Unit *u, pid_t pid, bool exclusive) {
62a76913 2476 int r;
a911bb9a 2477
87f0e418 2478 assert(u);
62a76913 2479 assert(pid_is_valid(pid));
87f0e418 2480
62a76913 2481 /* Watch a specific PID */
5ba6985b 2482
f75f613d
FB		 2483 /* Caller might be sure that this PID belongs to this unit only. Let's take this
2484 * opportunity to remove any stalled references to this PID as they can be created
2485 * easily (when watching a process which is not our direct child). */
2486 if (exclusive)
2487 manager_unwatch_pid(u->manager, pid);
2488
d5099efc 2489 r = set_ensure_allocated(&u->pids, NULL);
5ba6985b
LP		 2490 if (r < 0)
2491 return r;
2492
62a76913 2493 r = hashmap_ensure_allocated(&u->manager->watch_pids, NULL);
a911bb9a
LP		 2494 if (r < 0)
2495 return r;
2496
62a76913
LP		 2497 /* First try, let's add the unit keyed by "pid". */
2498 r = hashmap_put(u->manager->watch_pids, PID_TO_PTR(pid), u);
2499 if (r == -EEXIST) {
2500 Unit **array;
2501 bool found = false;
2502 size_t n = 0;
05e343b7 2503
62a76913
LP		 2504 /* OK, the "pid" key is already assigned to a different unit. Let's see if the "-pid" key (which points
2505 * to an array of Units rather than just a Unit), lists us already. */
a911bb9a 2506
62a76913
LP		 2507 array = hashmap_get(u->manager->watch_pids, PID_TO_PTR(-pid));
2508 if (array)
2509 for (; array[n]; n++)
2510 if (array[n] == u)
2511 found = true;
a911bb9a 2512
62a76913
LP		 2513 if (found) /* Found it already? if so, do nothing */
2514 r = 0;
2515 else {
2516 Unit **new_array;
2517
2518 /* Allocate a new array */
2519 new_array = new(Unit*, n + 2);
2520 if (!new_array)
2521 return -ENOMEM;
2522
2523 memcpy_safe(new_array, array, sizeof(Unit*) * n);
2524 new_array[n] = u;
2525 new_array[n+1] = NULL;
2526
2527 /* Add or replace the old array */
2528 r = hashmap_replace(u->manager->watch_pids, PID_TO_PTR(-pid), new_array);
2529 if (r < 0) {
2530 free(new_array);
2531 return r;
2532 }
2533
2534 free(array);
2535 }
2536 } else if (r < 0)
2537 return r;
2538
2539 r = set_put(u->pids, PID_TO_PTR(pid));
2540 if (r < 0)
2541 return r;
2542
2543 return 0;
87f0e418
LP		 2544}
2545
2546void unit_unwatch_pid(Unit *u, pid_t pid) {
62a76913
LP		 2547 Unit **array;
2548
87f0e418 2549 assert(u);
62a76913
LP		 2550 assert(pid_is_valid(pid));
2551
2552 /* First let's drop the unit in case it's keyed as "pid". */
2553 (void) hashmap_remove_value(u->manager->watch_pids, PID_TO_PTR(pid), u);
2554
2555 /* Then, let's also drop the unit, in case it's in the array keyed by -pid */
2556 array = hashmap_get(u->manager->watch_pids, PID_TO_PTR(-pid));
2557 if (array) {
62a76913 2558 /* Let's iterate through the array, dropping our own entry */
12375b95
ZJS		 2559
2560 size_t m = 0;
2561 for (size_t n = 0; array[n]; n++)
62a76913
LP		 2562 if (array[n] != u)
2563 array[m++] = array[n];
2564 array[m] = NULL;
2565
2566 if (m == 0) {
2567 /* The array is now empty, remove the entire entry */
20c3acfa 2568 assert_se(hashmap_remove(u->manager->watch_pids, PID_TO_PTR(-pid)) == array);
62a76913
LP		 2569 free(array);
2570 }
2571 }
87f0e418 2572
fea72cc0 2573 (void) set_remove(u->pids, PID_TO_PTR(pid));
a911bb9a
LP		 2574}
2575
bd44e61b
LP		 2576void unit_unwatch_all_pids(Unit *u) {
2577 assert(u);
2578
2579 while (!set_isempty(u->pids))
fea72cc0 2580 unit_unwatch_pid(u, PTR_TO_PID(set_first(u->pids)));
bd44e61b 2581
efdb0237 2582 u->pids = set_free(u->pids);
a911bb9a
LP		 2583}
2584
50be4f4a
LP		 2585static void unit_tidy_watch_pids(Unit *u) {
2586 pid_t except1, except2;
a911bb9a
LP		 2587 void *e;
2588
2589 assert(u);
2590
2591 /* Cleans dead PIDs from our list */
2592
50be4f4a
LP		 2593 except1 = unit_main_pid(u);
2594 except2 = unit_control_pid(u);
2595
90e74a66 2596 SET_FOREACH(e, u->pids) {
fea72cc0 2597 pid_t pid = PTR_TO_PID(e);
a911bb9a
LP		 2598
2599 if (pid == except1 || pid == except2)
2600 continue;
2601
9f5650ae 2602 if (!pid_is_unwaited(pid))
bd44e61b 2603 unit_unwatch_pid(u, pid);
a911bb9a 2604 }
87f0e418
LP		 2605}
2606
50be4f4a
LP		 2607static int on_rewatch_pids_event(sd_event_source *s, void *userdata) {
2608 Unit *u = userdata;
2609
2610 assert(s);
2611 assert(u);
2612
2613 unit_tidy_watch_pids(u);
2614 unit_watch_all_pids(u);
2615
2616 /* If the PID set is empty now, then let's finish this off. */
2617 unit_synthesize_cgroup_empty_event(u);
2618
2619 return 0;
2620}
2621
2622int unit_enqueue_rewatch_pids(Unit *u) {
2623 int r;
2624
2625 assert(u);
2626
2627 if (!u->cgroup_path)
2628 return -ENOENT;
2629
2630 r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
2631 if (r < 0)
2632 return r;
2633 if (r > 0) /* On unified we can use proper notifications */
2634 return 0;
2635
2636 /* Enqueues a low-priority job that will clean up dead PIDs from our list of PIDs to watch and subscribe to new
2637 * PIDs that might have appeared. We do this in a delayed job because the work might be quite slow, as it
2638 * involves issuing kill(pid, 0) on all processes we watch. */
2639
2640 if (!u->rewatch_pids_event_source) {
2641 _cleanup_(sd_event_source_unrefp) sd_event_source *s = NULL;
2642
2643 r = sd_event_add_defer(u->manager->event, &s, on_rewatch_pids_event, u);
2644 if (r < 0)
2645 return log_error_errno(r, "Failed to allocate event source for tidying watched PIDs: %m");
2646
2647 r = sd_event_source_set_priority(s, SD_EVENT_PRIORITY_IDLE);
2648 if (r < 0)
28b77ab2 2649 return log_error_errno(r, "Failed to adjust priority of event source for tidying watched PIDs: %m");
50be4f4a
LP		 2650
2651 (void) sd_event_source_set_description(s, "tidy-watch-pids");
2652
2653 u->rewatch_pids_event_source = TAKE_PTR(s);
2654 }
2655
2656 r = sd_event_source_set_enabled(u->rewatch_pids_event_source, SD_EVENT_ONESHOT);
2657 if (r < 0)
2658 return log_error_errno(r, "Failed to enable event source for tidying watched PIDs: %m");
2659
2660 return 0;
2661}
2662
2663void unit_dequeue_rewatch_pids(Unit *u) {
2664 int r;
2665 assert(u);
2666
2667 if (!u->rewatch_pids_event_source)
2668 return;
2669
2670 r = sd_event_source_set_enabled(u->rewatch_pids_event_source, SD_EVENT_OFF);
2671 if (r < 0)
2672 log_warning_errno(r, "Failed to disable event source for tidying watched PIDs, ignoring: %m");
2673
2674 u->rewatch_pids_event_source = sd_event_source_unref(u->rewatch_pids_event_source);
2675}
2676
87f0e418
LP		 2677bool unit_job_is_applicable(Unit *u, JobType j) {
2678 assert(u);
2679 assert(j >= 0 && j < _JOB_TYPE_MAX);
2680
2681 switch (j) {
2682
2683 case JOB_VERIFY_ACTIVE:
2684 case JOB_START:
e0209d83 2685 case JOB_NOP:
f5869324 2686 /* Note that we don't check unit_can_start() here. That's because .device units and suchlike are not
86b52a39 2687 * startable by us but may appear due to external events, and it thus makes sense to permit enqueuing
f5869324 2688 * jobs for it. */
87f0e418
LP		 2689 return true;
2690
f5869324
LP		 2691 case JOB_STOP:
2692 /* Similar as above. However, perpetual units can never be stopped (neither explicitly nor due to
86b52a39 2693 * external events), hence it makes no sense to permit enqueuing such a request either. */
f5869324
LP		 2694 return !u->perpetual;
2695
87f0e418
LP		 2696 case JOB_RESTART:
2697 case JOB_TRY_RESTART:
f5869324 2698 return unit_can_stop(u) && unit_can_start(u);
87f0e418
LP		 2699
2700 case JOB_RELOAD:
3282591d 2701 case JOB_TRY_RELOAD:
87f0e418
LP		 2702 return unit_can_reload(u);
2703
2704 case JOB_RELOAD_OR_START:
2705 return unit_can_reload(u) && unit_can_start(u);
2706
2707 default:
2708 assert_not_reached("Invalid job type");
2709 }
2710}
2711
f2341e0a
LP		 2712static void maybe_warn_about_dependency(Unit *u, const char *other, UnitDependency dependency) {
2713 assert(u);
d1fab3fe 2714
f2341e0a
LP		 2715 /* Only warn about some unit types */
2716 if (!IN_SET(dependency, UNIT_CONFLICTS, UNIT_CONFLICTED_BY, UNIT_BEFORE, UNIT_AFTER, UNIT_ON_FAILURE, UNIT_TRIGGERS, UNIT_TRIGGERED_BY))
2717 return;
3f3cc397 2718
f2341e0a
LP		 2719 if (streq_ptr(u->id, other))
2720 log_unit_warning(u, "Dependency %s=%s dropped", unit_dependency_to_string(dependency), u->id);
2721 else
2722 log_unit_warning(u, "Dependency %s=%s dropped, merged into %s", unit_dependency_to_string(dependency), strna(other), u->id);
d1fab3fe
ZJS		 2723}
2724
eef85c4a
LP		 2725static int unit_add_dependency_hashmap(
2726 Hashmap **h,
2727 Unit *other,
2728 UnitDependencyMask origin_mask,
2729 UnitDependencyMask destination_mask) {
2730
2731 UnitDependencyInfo info;
2732 int r;
2733
2734 assert(h);
2735 assert(other);
2736 assert(origin_mask < _UNIT_DEPENDENCY_MASK_FULL);
2737 assert(destination_mask < _UNIT_DEPENDENCY_MASK_FULL);
2738 assert(origin_mask > 0 || destination_mask > 0);
2739
2740 r = hashmap_ensure_allocated(h, NULL);
2741 if (r < 0)
2742 return r;
2743
2744 assert_cc(sizeof(void*) == sizeof(info));
2745
2746 info.data = hashmap_get(*h, other);
2747 if (info.data) {
2748 /* Entry already exists. Add in our mask. */
2749
d94a24ca
ZJS		 2750 if (FLAGS_SET(origin_mask, info.origin_mask) &&
2751 FLAGS_SET(destination_mask, info.destination_mask))
eef85c4a
LP		 2752 return 0; /* NOP */
2753
2754 info.origin_mask |= origin_mask;
2755 info.destination_mask |= destination_mask;
2756
2757 r = hashmap_update(*h, other, info.data);
2758 } else {
2759 info = (UnitDependencyInfo) {
2760 .origin_mask = origin_mask,
2761 .destination_mask = destination_mask,
2762 };
2763
2764 r = hashmap_put(*h, other, info.data);
2765 }
2766 if (r < 0)
2767 return r;
2768
2769 return 1;
2770}
2771
2772int unit_add_dependency(
2773 Unit *u,
2774 UnitDependency d,
2775 Unit *other,
2776 bool add_reference,
2777 UnitDependencyMask mask) {
87f0e418
LP		 2778
2779 static const UnitDependency inverse_table[_UNIT_DEPENDENCY_MAX] = {
2780 [UNIT_REQUIRES] = UNIT_REQUIRED_BY,
87f0e418 2781 [UNIT_WANTS] = UNIT_WANTED_BY,
be7d9ff7 2782 [UNIT_REQUISITE] = UNIT_REQUISITE_OF,
7f2cddae 2783 [UNIT_BINDS_TO] = UNIT_BOUND_BY,
60649f17 2784 [UNIT_PART_OF] = UNIT_CONSISTS_OF,
be7d9ff7 2785 [UNIT_REQUIRED_BY] = UNIT_REQUIRES,
be7d9ff7 2786 [UNIT_REQUISITE_OF] = UNIT_REQUISITE,
be7d9ff7 2787 [UNIT_WANTED_BY] = UNIT_WANTS,
7f2cddae 2788 [UNIT_BOUND_BY] = UNIT_BINDS_TO,
60649f17 2789 [UNIT_CONSISTS_OF] = UNIT_PART_OF,
69dd2852
LP		 2790 [UNIT_CONFLICTS] = UNIT_CONFLICTED_BY,
2791 [UNIT_CONFLICTED_BY] = UNIT_CONFLICTS,
87f0e418 2792 [UNIT_BEFORE] = UNIT_AFTER,
701cc384 2793 [UNIT_AFTER] = UNIT_BEFORE,
5de9682c 2794 [UNIT_ON_FAILURE] = _UNIT_DEPENDENCY_INVALID,
701cc384 2795 [UNIT_REFERENCES] = UNIT_REFERENCED_BY,
57020a3a
LP		 2796 [UNIT_REFERENCED_BY] = UNIT_REFERENCES,
2797 [UNIT_TRIGGERS] = UNIT_TRIGGERED_BY,
4dcc1cb4 2798 [UNIT_TRIGGERED_BY] = UNIT_TRIGGERS,
7f2cddae 2799 [UNIT_PROPAGATES_RELOAD_TO] = UNIT_RELOAD_PROPAGATED_FROM,
85e9a101 2800 [UNIT_RELOAD_PROPAGATED_FROM] = UNIT_PROPAGATES_RELOAD_TO,
613b411c 2801 [UNIT_JOINS_NAMESPACE_OF] = UNIT_JOINS_NAMESPACE_OF,
87f0e418 2802 };
eef85c4a
LP		 2803 Unit *original_u = u, *original_other = other;
2804 int r;
5177cb0a
RM		 2805 /* Helper to know whether sending a notification is necessary or not:
2806 * if the dependency is already there, no need to notify! */
2807 bool noop = true;
87f0e418
LP		 2808
2809 assert(u);
2810 assert(d >= 0 && d < _UNIT_DEPENDENCY_MAX);
87f0e418
LP		 2811 assert(other);
2812
9f151f29
LP		 2813 u = unit_follow_merge(u);
2814 other = unit_follow_merge(other);
2815
87f0e418
LP		 2816 /* We won't allow dependencies on ourselves. We will not
2817 * consider them an error however. */
d1fab3fe 2818 if (u == other) {
eef85c4a 2819 maybe_warn_about_dependency(original_u, original_other->id, d);
87f0e418 2820 return 0;
d1fab3fe 2821 }
87f0e418 2822
b862c257
FB		 2823 /* Note that ordering a device unit after a unit is permitted since it
2824 * allows to start its job running timeout at a specific time. */
2825 if (d == UNIT_BEFORE && other->type == UNIT_DEVICE) {
2826 log_unit_warning(u, "Dependency Before=%s ignored (.device units cannot be delayed)", other->id);
c80a9a33
LP		 2827 return 0;
2828 }
2829
2830 if (d == UNIT_ON_FAILURE && !UNIT_VTABLE(u)->can_fail) {
2831 log_unit_warning(u, "Requested dependency OnFailure=%s ignored (%s units cannot fail).", other->id, unit_type_to_string(u->type));
2832 return 0;
2833 }
2834
2835 if (d == UNIT_TRIGGERS && !UNIT_VTABLE(u)->can_trigger)
2836 return log_unit_error_errno(u, SYNTHETIC_ERRNO(EINVAL),
2837 "Requested dependency Triggers=%s refused (%s units cannot trigger other units).", other->id, unit_type_to_string(u->type));
2838 if (d == UNIT_TRIGGERED_BY && !UNIT_VTABLE(other)->can_trigger)
2839 return log_unit_error_errno(u, SYNTHETIC_ERRNO(EINVAL),
2840 "Requested dependency TriggeredBy=%s refused (%s units cannot trigger other units).", other->id, unit_type_to_string(other->type));
2841
eef85c4a 2842 r = unit_add_dependency_hashmap(u->dependencies + d, other, mask, 0);
613b411c 2843 if (r < 0)
87f0e418 2844 return r;
5177cb0a
RM		 2845 else if (r > 0)
2846 noop = false;
87f0e418 2847
eef85c4a
LP		 2848 if (inverse_table[d] != _UNIT_DEPENDENCY_INVALID && inverse_table[d] != d) {
2849 r = unit_add_dependency_hashmap(other->dependencies + inverse_table[d], u, 0, mask);
613b411c
LP		 2850 if (r < 0)
2851 return r;
5177cb0a
RM		 2852 else if (r > 0)
2853 noop = false;
613b411c
LP		 2854 }
2855
2856 if (add_reference) {
eef85c4a 2857 r = unit_add_dependency_hashmap(u->dependencies + UNIT_REFERENCES, other, mask, 0);
613b411c 2858 if (r < 0)
5de9682c 2859 return r;
5177cb0a
RM		 2860 else if (r > 0)
2861 noop = false;
5de9682c 2862
eef85c4a 2863 r = unit_add_dependency_hashmap(other->dependencies + UNIT_REFERENCED_BY, u, 0, mask);
613b411c 2864 if (r < 0)
701cc384 2865 return r;
5177cb0a
RM		 2866 else if (r > 0)
2867 noop = false;
613b411c 2868 }
87f0e418 2869
5177cb0a
RM		 2870 if (!noop)
2871 unit_add_to_dbus_queue(u);
87f0e418
LP		 2872 return 0;
2873}
0301abf4 2874
eef85c4a 2875int unit_add_two_dependencies(Unit *u, UnitDependency d, UnitDependency e, Unit *other, bool add_reference, UnitDependencyMask mask) {
2c966c03
LP		 2876 int r;
2877
2878 assert(u);
2879
eef85c4a 2880 r = unit_add_dependency(u, d, other, add_reference, mask);
3f3cc397 2881 if (r < 0)
2c966c03
LP		 2882 return r;
2883
eef85c4a 2884 return unit_add_dependency(u, e, other, add_reference, mask);
2c966c03
LP		 2885}
2886
23e8c796 2887static int resolve_template(Unit *u, const char *name, char **buf, const char **ret) {
7410616c 2888 int r;
9e2f7c11
LP		 2889
2890 assert(u);
23e8c796 2891 assert(name);
7410616c
LP		 2892 assert(buf);
2893 assert(ret);
9e2f7c11 2894
7410616c
LP		 2895 if (!unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) {
2896 *buf = NULL;
2897 *ret = name;
2898 return 0;
9e2f7c11
LP		 2899 }
2900
ac155bb8 2901 if (u->instance)
7410616c 2902 r = unit_name_replace_instance(name, u->instance, buf);
9e2f7c11 2903 else {
ae018d9b 2904 _cleanup_free_ char *i = NULL;
9e2f7c11 2905
7410616c
LP		 2906 r = unit_name_to_prefix(u->id, &i);
2907 if (r < 0)
2908 return r;
9e2f7c11 2909
7410616c 2910 r = unit_name_replace_instance(name, i, buf);
9e2f7c11 2911 }
7410616c
LP		 2912 if (r < 0)
2913 return r;
9e2f7c11 2914
7410616c
LP		 2915 *ret = *buf;
2916 return 0;
9e2f7c11
LP		 2917}
2918
35d8c19a 2919int unit_add_dependency_by_name(Unit *u, UnitDependency d, const char *name, bool add_reference, UnitDependencyMask mask) {
7410616c 2920 _cleanup_free_ char *buf = NULL;
09b6b09f
LP		 2921 Unit *other;
2922 int r;
2923
9e2f7c11 2924 assert(u);
35d8c19a 2925 assert(name);
09b6b09f 2926
23e8c796 2927 r = resolve_template(u, name, &buf, &name);
7410616c
LP		 2928 if (r < 0)
2929 return r;
09b6b09f 2930
35d8c19a 2931 r = manager_load_unit(u->manager, name, NULL, NULL, &other);
8afbb8e1
LP		 2932 if (r < 0)
2933 return r;
9e2f7c11 2934
eef85c4a 2935 return unit_add_dependency(u, d, other, add_reference, mask);
09b6b09f
LP		 2936}
2937
5a724170 2938int unit_add_two_dependencies_by_name(Unit *u, UnitDependency d, UnitDependency e, const char *name, bool add_reference, UnitDependencyMask mask) {
7410616c 2939 _cleanup_free_ char *buf = NULL;
2c966c03
LP		 2940 Unit *other;
2941 int r;
2c966c03
LP		 2942
2943 assert(u);
5a724170 2944 assert(name);
2c966c03 2945
23e8c796 2946 r = resolve_template(u, name, &buf, &name);
7410616c
LP		 2947 if (r < 0)
2948 return r;
2c966c03 2949
5a724170 2950 r = manager_load_unit(u->manager, name, NULL, NULL, &other);
3f3cc397 2951 if (r < 0)
68eda4bd 2952 return r;
2c966c03 2953
eef85c4a 2954 return unit_add_two_dependencies(u, d, e, other, add_reference, mask);
2c966c03
LP		 2955}
2956
0301abf4 2957int set_unit_path(const char *p) {
0301abf4 2958 /* This is mostly for debug purposes */
cbe46ead 2959 if (setenv("SYSTEMD_UNIT_PATH", p, 1) < 0)
26d04f86 2960 return -errno;
0301abf4
LP		 2961
2962 return 0;
2963}
88066b3a 2964
ea430986 2965char *unit_dbus_path(Unit *u) {
ea430986
LP		 2966 assert(u);
2967
ac155bb8 2968 if (!u->id)
04ade7d2
LP		 2969 return NULL;
2970
48899192 2971 return unit_dbus_path_from_name(u->id);
ea430986
LP		 2972}
2973
4b58153d
LP		 2974char *unit_dbus_path_invocation_id(Unit *u) {
2975 assert(u);
2976
2977 if (sd_id128_is_null(u->invocation_id))
2978 return NULL;
2979
2980 return unit_dbus_path_from_name(u->invocation_id_string);
2981}
2982
2d3b784d 2983int unit_set_invocation_id(Unit *u, sd_id128_t id) {
db868d45
ZJS		 2984 int r;
2985
2986 assert(u);
2987
2988 /* Set the invocation ID for this unit. If we cannot, this will not roll back, but reset the whole thing. */
2989
2990 if (sd_id128_equal(u->invocation_id, id))
2991 return 0;
2992
2993 if (!sd_id128_is_null(u->invocation_id))
2994 (void) hashmap_remove_value(u->manager->units_by_invocation_id, &u->invocation_id, u);
2995
2996 if (sd_id128_is_null(id)) {
2997 r = 0;
2998 goto reset;
2999 }
3000
3001 r = hashmap_ensure_allocated(&u->manager->units_by_invocation_id, &id128_hash_ops);
3002 if (r < 0)
3003 goto reset;
3004
3005 u->invocation_id = id;
3006 sd_id128_to_string(id, u->invocation_id_string);
3007
3008 r = hashmap_put(u->manager->units_by_invocation_id, &u->invocation_id, u);
3009 if (r < 0)
3010 goto reset;
3011
3012 return 0;
3013
3014reset:
3015 u->invocation_id = SD_ID128_NULL;
3016 u->invocation_id_string[0] = 0;
3017 return r;
3018}
3019
d79200e2
LP		 3020int unit_set_slice(Unit *u, Unit *slice) {
3021 assert(u);
3022 assert(slice);
3023
3024 /* Sets the unit slice if it has not been set before. Is extra
3025 * careful, to only allow this for units that actually have a
3026 * cgroup context. Also, we don't allow to set this for slices
3027 * (since the parent slice is derived from the name). Make
3028 * sure the unit we set is actually a slice. */
3029
3030 if (!UNIT_HAS_CGROUP_CONTEXT(u))
3031 return -EOPNOTSUPP;
3032
3033 if (u->type == UNIT_SLICE)
3034 return -EINVAL;
3035
102ef982
LP		 3036 if (unit_active_state(u) != UNIT_INACTIVE)
3037 return -EBUSY;
3038
d79200e2
LP		 3039 if (slice->type != UNIT_SLICE)
3040 return -EINVAL;
3041
efdb0237
LP		 3042 if (unit_has_name(u, SPECIAL_INIT_SCOPE) &&
3043 !unit_has_name(slice, SPECIAL_ROOT_SLICE))
3044 return -EPERM;
3045
d79200e2
LP		 3046 if (UNIT_DEREF(u->slice) == slice)
3047 return 0;
3048
99e66921
TH		 3049 /* Disallow slice changes if @u is already bound to cgroups */
3050 if (UNIT_ISSET(u->slice) && u->cgroup_realized)
d79200e2
LP		 3051 return -EBUSY;
3052
7f7d01ed 3053 unit_ref_set(&u->slice, u, slice);
d79200e2
LP		 3054 return 1;
3055}
3056
3057int unit_set_default_slice(Unit *u) {
a8833944 3058 const char *slice_name;
a016b922
LP		 3059 Unit *slice;
3060 int r;
3061
3062 assert(u);
3063
9444b1f2 3064 if (UNIT_ISSET(u->slice))
a016b922
LP		 3065 return 0;
3066
a8833944
LP		 3067 if (u->instance) {
3068 _cleanup_free_ char *prefix = NULL, *escaped = NULL;
68eda4bd 3069
a8833944
LP		 3070 /* Implicitly place all instantiated units in their
3071 * own per-template slice */
3072
7410616c
LP		 3073 r = unit_name_to_prefix(u->id, &prefix);
3074 if (r < 0)
3075 return r;
a8833944
LP		 3076
3077 /* The prefix is already escaped, but it might include
3078 * "-" which has a special meaning for slice units,
3079 * hence escape it here extra. */
7410616c 3080 escaped = unit_name_escape(prefix);
a8833944
LP		 3081 if (!escaped)
3082 return -ENOMEM;
3083
463d0d15 3084 if (MANAGER_IS_SYSTEM(u->manager))
00e7b3c8 3085 slice_name = strjoina("system-", escaped, ".slice");
a8833944 3086 else
7f3b86a4 3087 slice_name = strjoina("app-", escaped, ".slice");
5ee24fa0
ZJS		 3088
3089 } else if (unit_is_extrinsic(u))
3090 /* Keep all extrinsic units (e.g. perpetual units and swap and mount units in user mode) in
3091 * the root slice. They don't really belong in one of the subslices. */
3092 slice_name = SPECIAL_ROOT_SLICE;
3093
3094 else if (MANAGER_IS_SYSTEM(u->manager))
3095 slice_name = SPECIAL_SYSTEM_SLICE;
3096 else
3097 slice_name = SPECIAL_APP_SLICE;
a8833944
LP		 3098
3099 r = manager_load_unit(u->manager, slice_name, NULL, NULL, &slice);
a016b922
LP		 3100 if (r < 0)
3101 return r;
3102
d79200e2 3103 return unit_set_slice(u, slice);
a016b922
LP		 3104}
3105
9444b1f2
LP		 3106const char *unit_slice_name(Unit *u) {
3107 assert(u);
3108
3109 if (!UNIT_ISSET(u->slice))
3110 return NULL;
3111
3112 return UNIT_DEREF(u->slice)->id;
3113}
3114
f6ff8c29 3115int unit_load_related_unit(Unit *u, const char *type, Unit **_found) {
78edb35a 3116 _cleanup_free_ char *t = NULL;
f6ff8c29
LP		 3117 int r;
3118
3119 assert(u);
3120 assert(type);
3121 assert(_found);
3122
7410616c
LP		 3123 r = unit_name_change_suffix(u->id, type, &t);
3124 if (r < 0)
3125 return r;
3126 if (unit_has_name(u, t))
3127 return -EINVAL;
f6ff8c29 3128
ac155bb8 3129 r = manager_load_unit(u->manager, t, NULL, NULL, _found);
9e2f7c11 3130 assert(r < 0 || *_found != u);
f6ff8c29
LP		 3131 return r;
3132}
3133
bbc29086 3134static int signal_name_owner_changed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
fc67a943 3135 const char *new_owner;
bbc29086
DM		 3136 Unit *u = userdata;
3137 int r;
3138
3139 assert(message);
3140 assert(u);
3141
fc67a943 3142 r = sd_bus_message_read(message, "sss", NULL, NULL, &new_owner);
bbc29086
DM		 3143 if (r < 0) {
3144 bus_log_parse_error(r);
3145 return 0;
3146 }
3147
3148 if (UNIT_VTABLE(u)->bus_name_owner_change)
fc67a943 3149 UNIT_VTABLE(u)->bus_name_owner_change(u, empty_to_null(new_owner));
a5a8776a
MJ		 3150
3151 return 0;
3152}
3153
3154static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bus_error *error) {
3155 const sd_bus_error *e;
3156 const char *new_owner;
3157 Unit *u = userdata;
3158 int r;
3159
3160 assert(message);
3161 assert(u);
3162
3163 u->get_name_owner_slot = sd_bus_slot_unref(u->get_name_owner_slot);
3164
a5a8776a 3165 e = sd_bus_message_get_error(message);
a5a8776a 3166 if (e) {
a54654ba
LP		 3167 if (!sd_bus_error_has_name(e, "org.freedesktop.DBus.Error.NameHasNoOwner"))
3168 log_unit_error(u, "Unexpected error response from GetNameOwner(): %s", e->message);
a5a8776a 3169
fc67a943
LP		 3170 new_owner = NULL;
3171 } else {
3172 r = sd_bus_message_read(message, "s", &new_owner);
3173 if (r < 0)
3174 return bus_log_parse_error(r);
a5a8776a 3175
fc67a943
LP		 3176 assert(!isempty(new_owner));
3177 }
a5a8776a
MJ		 3178
3179 if (UNIT_VTABLE(u)->bus_name_owner_change)
fc67a943 3180 UNIT_VTABLE(u)->bus_name_owner_change(u, new_owner);
bbc29086
DM		 3181
3182 return 0;
3183}
3184
9806e87d
LP		 3185int unit_install_bus_match(Unit *u, sd_bus *bus, const char *name) {
3186 const char *match;
a5b07847 3187 int r;
bbc29086 3188
9806e87d
LP		 3189 assert(u);
3190 assert(bus);
3191 assert(name);
bbc29086 3192
a5b07847 3193 if (u->match_bus_slot || u->get_name_owner_slot)
bbc29086
DM		 3194 return -EBUSY;
3195
9806e87d 3196 match = strjoina("type='signal',"
81d62103
ZJS		 3197 "sender='org.freedesktop.DBus',"
3198 "path='/org/freedesktop/DBus',"
3199 "interface='org.freedesktop.DBus',"
3200 "member='NameOwnerChanged',"
3201 "arg0='", name, "'");
bbc29086 3202
a5b07847 3203 r = sd_bus_add_match_async(bus, &u->match_bus_slot, match, signal_name_owner_changed, NULL, u);
a5a8776a
MJ		 3204 if (r < 0)
3205 return r;
3206
a5b07847
LP		 3207 r = sd_bus_call_method_async(
3208 bus,
3209 &u->get_name_owner_slot,
3210 "org.freedesktop.DBus",
3211 "/org/freedesktop/DBus",
3212 "org.freedesktop.DBus",
3213 "GetNameOwner",
3214 get_name_owner_handler,
3215 u,
3216 "s", name);
3217 if (r < 0) {
3218 u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
3219 return r;
3220 }
3221
3222 log_unit_debug(u, "Watching D-Bus name '%s'.", name);
3223 return 0;
bbc29086
DM		 3224}
3225
05e343b7 3226int unit_watch_bus_name(Unit *u, const char *name) {
bbc29086
DM		 3227 int r;
3228
05e343b7
LP		 3229 assert(u);
3230 assert(name);
3231
3232 /* Watch a specific name on the bus. We only support one unit
3233 * watching each name for now. */
3234
bbc29086
DM		 3235 if (u->manager->api_bus) {
3236 /* If the bus is already available, install the match directly.
3237 * Otherwise, just put the name in the list. bus_setup_api() will take care later. */
9806e87d 3238 r = unit_install_bus_match(u, u->manager->api_bus, name);
bbc29086 3239 if (r < 0)
8ea823b6 3240 return log_warning_errno(r, "Failed to subscribe to NameOwnerChanged signal for '%s': %m", name);
bbc29086
DM		 3241 }
3242
3243 r = hashmap_put(u->manager->watch_bus, name, u);
3244 if (r < 0) {
3245 u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
a5b07847 3246 u->get_name_owner_slot = sd_bus_slot_unref(u->get_name_owner_slot);
bbc29086
DM		 3247 return log_warning_errno(r, "Failed to put bus name to hashmap: %m");
3248 }
3249
3250 return 0;
05e343b7
LP		 3251}
3252
3253void unit_unwatch_bus_name(Unit *u, const char *name) {
3254 assert(u);
3255 assert(name);
3256
8367fea5 3257 (void) hashmap_remove_value(u->manager->watch_bus, name, u);
bbc29086 3258 u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
a5a8776a 3259 u->get_name_owner_slot = sd_bus_slot_unref(u->get_name_owner_slot);
05e343b7
LP		 3260}
3261
a16e1123
LP		 3262bool unit_can_serialize(Unit *u) {
3263 assert(u);
3264
3265 return UNIT_VTABLE(u)->serialize && UNIT_VTABLE(u)->deserialize_item;
3266}
3267
d336ba9f 3268int unit_add_node_dependency(Unit *u, const char *what, UnitDependency dep, UnitDependencyMask mask) {
68eda4bd 3269 _cleanup_free_ char *e = NULL;
44b0d1fd 3270 Unit *device;
6e2ef85b
LP		 3271 int r;
3272
3273 assert(u);
3274
6e2ef85b 3275 /* Adds in links to the device node that this unit is based on */
47bc12e1
LP		 3276 if (isempty(what))
3277 return 0;
6e2ef85b 3278
8407a5d0 3279 if (!is_device_path(what))
6e2ef85b
LP		 3280 return 0;
3281
44b0d1fd 3282 /* When device units aren't supported (such as in a container), don't create dependencies on them. */
1c2e9646 3283 if (!unit_type_supported(UNIT_DEVICE))
47bc12e1
LP		 3284 return 0;
3285
7410616c
LP		 3286 r = unit_name_from_path(what, ".device", &e);
3287 if (r < 0)
3288 return r;
6e2ef85b 3289
ac155bb8 3290 r = manager_load_unit(u->manager, e, NULL, NULL, &device);
6e2ef85b
LP		 3291 if (r < 0)
3292 return r;
3293
ebc8968b
FB		 3294 if (dep == UNIT_REQUIRES && device_shall_be_bound_by(device, u))
3295 dep = UNIT_BINDS_TO;
3296
d336ba9f
FB		 3297 return unit_add_two_dependencies(u, UNIT_AFTER,
3298 MANAGER_IS_SYSTEM(u->manager) ? dep : UNIT_WANTS,
3299 device, true, mask);
6e2ef85b 3300}
a16e1123 3301
44b0d1fd
LP		 3302int unit_add_blockdev_dependency(Unit *u, const char *what, UnitDependencyMask mask) {
3303 _cleanup_free_ char *escaped = NULL, *target = NULL;
3304 int r;
3305
3306 assert(u);
3307
3308 if (isempty(what))
3309 return 0;
3310
3311 if (!path_startswith(what, "/dev/"))
3312 return 0;
3313
3314 /* If we don't support devices, then also don't bother with blockdev@.target */
3315 if (!unit_type_supported(UNIT_DEVICE))
3316 return 0;
3317
3318 r = unit_name_path_escape(what, &escaped);
3319 if (r < 0)
3320 return r;
3321
3322 r = unit_name_build("blockdev", escaped, ".target", &target);
3323 if (r < 0)
3324 return r;
3325
3326 return unit_add_dependency_by_name(u, UNIT_AFTER, target, true, mask);
3327}
3328
be847e82 3329int unit_coldplug(Unit *u) {
05a98afd
LP		 3330 int r = 0, q;
3331 char **i;
b49e14d5 3332 Job *uj;
cca098b0
LP		 3333
3334 assert(u);
3335
f0831ed2 3336 /* Make sure we don't enter a loop, when coldplugging recursively. */
f78f265f
LP		 3337 if (u->coldplugged)
3338 return 0;
3339
3340 u->coldplugged = true;
3341
05a98afd
LP		 3342 STRV_FOREACH(i, u->deserialized_refs) {
3343 q = bus_unit_track_add_name(u, *i);
3344 if (q < 0 && r >= 0)
3345 r = q;
3346 }
3347 u->deserialized_refs = strv_free(u->deserialized_refs);
cca098b0 3348
05a98afd
LP		 3349 if (UNIT_VTABLE(u)->coldplug) {
3350 q = UNIT_VTABLE(u)->coldplug(u);
3351 if (q < 0 && r >= 0)
3352 r = q;
3353 }
5a6158b6 3354
b49e14d5 3355 uj = u->job ?: u->nop_job;
3356 if (uj) {
3357 q = job_coldplug(uj);
05a98afd
LP		 3358 if (q < 0 && r >= 0)
3359 r = q;
3360 }
cca098b0 3361
05a98afd 3362 return r;
cca098b0
LP		 3363}
3364
f0831ed2
LP		 3365void unit_catchup(Unit *u) {
3366 assert(u);
3367
3368 if (UNIT_VTABLE(u)->catchup)
3369 UNIT_VTABLE(u)->catchup(u);
3370}
3371
ba25d39e 3372static bool fragment_mtime_newer(const char *path, usec_t mtime, bool path_masked) {
21b95806
ZJS		 3373 struct stat st;
3374
3375 if (!path)
3376 return false;
3377
77969722
LP		 3378 /* If the source is some virtual kernel file system, then we assume we watch it anyway, and hence pretend we
3379 * are never out-of-date. */
3380 if (PATH_STARTSWITH_SET(path, "/proc", "/sys"))
3381 return false;
3382
21b95806
ZJS		 3383 if (stat(path, &st) < 0)
3384 /* What, cannot access this anymore? */
3385 return true;
3386
ba25d39e
ZJS		 3387 if (path_masked)
3388 /* For masked files check if they are still so */
3389 return !null_or_empty(&st);
3390 else
3a8db9fe 3391 /* For non-empty files check the mtime */
87ec20ef 3392 return timespec_load(&st.st_mtim) > mtime;
21b95806
ZJS		 3393
3394 return false;
3395}
3396
45fb0699 3397bool unit_need_daemon_reload(Unit *u) {
ae7a7182
OS		 3398 _cleanup_strv_free_ char **t = NULL;
3399 char **path;
1b64d026 3400
45fb0699
LP		 3401 assert(u);
3402
ba25d39e
ZJS		 3403 /* For unit files, we allow masking… */
3404 if (fragment_mtime_newer(u->fragment_path, u->fragment_mtime,
3405 u->load_state == UNIT_MASKED))
21b95806 3406 return true;
5f4b19f4 3407
ba25d39e
ZJS		 3408 /* Source paths should not be masked… */
3409 if (fragment_mtime_newer(u->source_path, u->source_mtime, false))
ab932a62 3410 return true;
ae7a7182 3411
19a44dfe
LR		 3412 if (u->load_state == UNIT_LOADED)
3413 (void) unit_find_dropin_paths(u, &t);
ab932a62
LP		 3414 if (!strv_equal(u->dropin_paths, t))
3415 return true;
6d10d308 3416
ba25d39e 3417 /* … any drop-ins that are masked are simply omitted from the list. */
ab932a62 3418 STRV_FOREACH(path, u->dropin_paths)
ba25d39e 3419 if (fragment_mtime_newer(*path, u->dropin_mtime, false))
ab932a62 3420 return true;
21b95806 3421
ab932a62 3422 return false;
45fb0699
LP		 3423}
3424
fdf20a31 3425void unit_reset_failed(Unit *u) {
5632e374
LP		 3426 assert(u);
3427
fdf20a31
MM		 3428 if (UNIT_VTABLE(u)->reset_failed)
3429 UNIT_VTABLE(u)->reset_failed(u);
6bf0f408 3430
7bf081a1 3431 ratelimit_reset(&u->start_ratelimit);
6bf0f408 3432 u->start_limit_hit = false;
5632e374
LP		 3433}
3434
a7f241db
LP		 3435Unit *unit_following(Unit *u) {
3436 assert(u);
3437
3438 if (UNIT_VTABLE(u)->following)
3439 return UNIT_VTABLE(u)->following(u);
3440
3441 return NULL;
3442}
3443
31afa0a4 3444bool unit_stop_pending(Unit *u) {
18ffdfda
LP		 3445 assert(u);
3446
31afa0a4
LP		 3447 /* This call does check the current state of the unit. It's
3448 * hence useful to be called from state change calls of the
3449 * unit itself, where the state isn't updated yet. This is
3450 * different from unit_inactive_or_pending() which checks both
3451 * the current state and for a queued job. */
18ffdfda 3452
28a2dfe8 3453 return unit_has_job_type(u, JOB_STOP);
31afa0a4
LP		 3454}
3455
3456bool unit_inactive_or_pending(Unit *u) {
3457 assert(u);
3458
3459 /* Returns true if the unit is inactive or going down */
18ffdfda 3460
d956ac29
LP		 3461 if (UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(u)))
3462 return true;
3463
31afa0a4 3464 if (unit_stop_pending(u))
18ffdfda
LP		 3465 return true;
3466
3467 return false;
3468}
3469
31afa0a4 3470bool unit_active_or_pending(Unit *u) {
f976f3f6
LP		 3471 assert(u);
3472
f60c2665 3473 /* Returns true if the unit is active or going up */
f976f3f6
LP		 3474
3475 if (UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(u)))
3476 return true;
3477
ac155bb8 3478 if (u->job &&
3742095b 3479 IN_SET(u->job->type, JOB_START, JOB_RELOAD_OR_START, JOB_RESTART))
f976f3f6
LP		 3480 return true;
3481
3482 return false;
3483}
3484
52a12341
YW		 3485bool unit_will_restart_default(Unit *u) {
3486 assert(u);
3487
28a2dfe8 3488 return unit_has_job_type(u, JOB_START);
52a12341
YW		 3489}
3490
deb4e708
MK		 3491bool unit_will_restart(Unit *u) {
3492 assert(u);
3493
3494 if (!UNIT_VTABLE(u)->will_restart)
3495 return false;
3496
3497 return UNIT_VTABLE(u)->will_restart(u);
3498}
3499
718db961 3500int unit_kill(Unit *u, KillWho w, int signo, sd_bus_error *error) {
8a0867d6
LP		 3501 assert(u);
3502 assert(w >= 0 && w < _KILL_WHO_MAX);
6eb7c172 3503 assert(SIGNAL_VALID(signo));
8a0867d6 3504
8a0867d6 3505 if (!UNIT_VTABLE(u)->kill)
15411c0c 3506 return -EOPNOTSUPP;
8a0867d6 3507
c74f17d9 3508 return UNIT_VTABLE(u)->kill(u, w, signo, error);
8a0867d6
LP		 3509}
3510
82659fd7 3511static Set *unit_pid_set(pid_t main_pid, pid_t control_pid) {
af4fa99d 3512 _cleanup_set_free_ Set *pid_set = NULL;
82659fd7
LP		 3513 int r;
3514
d5099efc 3515 pid_set = set_new(NULL);
82659fd7
LP		 3516 if (!pid_set)
3517 return NULL;
3518
3519 /* Exclude the main/control pids from being killed via the cgroup */
3520 if (main_pid > 0) {
fea72cc0 3521 r = set_put(pid_set, PID_TO_PTR(main_pid));
82659fd7 3522 if (r < 0)
95f14a3e 3523 return NULL;
82659fd7
LP		 3524 }
3525
3526 if (control_pid > 0) {
fea72cc0 3527 r = set_put(pid_set, PID_TO_PTR(control_pid));
82659fd7 3528 if (r < 0)
95f14a3e 3529 return NULL;
82659fd7
LP		 3530 }
3531
95f14a3e 3532 return TAKE_PTR(pid_set);
82659fd7
LP		 3533}
3534
d9911002
LP		 3535static int kill_common_log(pid_t pid, int signo, void *userdata) {
3536 _cleanup_free_ char *comm = NULL;
3537 Unit *u = userdata;
3538
3539 assert(u);
3540
3541 (void) get_process_comm(pid, &comm);
3542 log_unit_info(u, "Sending signal SIG%s to process " PID_FMT " (%s) on client request.",
3543 signal_to_string(signo), pid, strna(comm));
3544
3545 return 1;
3546}
3547
d91c34f2
LP		 3548int unit_kill_common(
3549 Unit *u,
3550 KillWho who,
3551 int signo,
3552 pid_t main_pid,
3553 pid_t control_pid,
718db961 3554 sd_bus_error *error) {
d91c34f2 3555
814cc562 3556 int r = 0;
ac5e3a50 3557 bool killed = false;
814cc562 3558
8aff7ac4
LP		 3559 /* This is the common implementation for explicit user-requested killing of unit processes, shared by
3560 * various unit types. Do not confuse with unit_kill_context(), which is what we use when we want to
3561 * stop a service ourselves. */
3562
ac5e3a50 3563 if (IN_SET(who, KILL_MAIN, KILL_MAIN_FAIL)) {
814cc562 3564 if (main_pid < 0)
7358dc02 3565 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_PROCESS, "%s units have no main processes", unit_type_to_string(u->type));
8aff7ac4 3566 if (main_pid == 0)
7358dc02 3567 return sd_bus_error_set_const(error, BUS_ERROR_NO_SUCH_PROCESS, "No main process to kill");
814cc562
MS		 3568 }
3569
ac5e3a50 3570 if (IN_SET(who, KILL_CONTROL, KILL_CONTROL_FAIL)) {
814cc562 3571 if (control_pid < 0)
7358dc02 3572 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_PROCESS, "%s units have no control processes", unit_type_to_string(u->type));
8aff7ac4 3573 if (control_pid == 0)
7358dc02 3574 return sd_bus_error_set_const(error, BUS_ERROR_NO_SUCH_PROCESS, "No control process to kill");
814cc562
MS		 3575 }
3576
ac5e3a50
JS		 3577 if (IN_SET(who, KILL_CONTROL, KILL_CONTROL_FAIL, KILL_ALL, KILL_ALL_FAIL))
3578 if (control_pid > 0) {
d9911002
LP		 3579 _cleanup_free_ char *comm = NULL;
3580 (void) get_process_comm(control_pid, &comm);
3581
3582 if (kill(control_pid, signo) < 0) {
3583 /* Report this failure both to the logs and to the client */
3584 sd_bus_error_set_errnof(
3585 error, errno,
3586 "Failed to send signal SIG%s to control process " PID_FMT " (%s): %m",
3587 signal_to_string(signo), control_pid, strna(comm));
3588 r = log_unit_warning_errno(
3589 u, errno,
3590 "Failed to send signal SIG%s to control process " PID_FMT " (%s) on client request: %m",
3591 signal_to_string(signo), control_pid, strna(comm));
3592 } else {
3593 log_unit_info(u, "Sent signal SIG%s to control process " PID_FMT " (%s) on client request.",
3594 signal_to_string(signo), control_pid, strna(comm));
ac5e3a50 3595 killed = true;
d9911002 3596 }
ac5e3a50 3597 }
814cc562 3598
ac5e3a50
JS		 3599 if (IN_SET(who, KILL_MAIN, KILL_MAIN_FAIL, KILL_ALL, KILL_ALL_FAIL))
3600 if (main_pid > 0) {
d9911002
LP		 3601 _cleanup_free_ char *comm = NULL;
3602 (void) get_process_comm(main_pid, &comm);
3603
3604 if (kill(main_pid, signo) < 0) {
3605 if (r == 0)
3606 sd_bus_error_set_errnof(
3607 error, errno,
3608 "Failed to send signal SIG%s to main process " PID_FMT " (%s): %m",
3609 signal_to_string(signo), main_pid, strna(comm));
3610
3611 r = log_unit_warning_errno(
3612 u, errno,
3613 "Failed to send signal SIG%s to main process " PID_FMT " (%s) on client request: %m",
3614 signal_to_string(signo), main_pid, strna(comm));
3615 } else {
3616 log_unit_info(u, "Sent signal SIG%s to main process " PID_FMT " (%s) on client request.",
3617 signal_to_string(signo), main_pid, strna(comm));
ac5e3a50 3618 killed = true;
d9911002 3619 }
ac5e3a50 3620 }
814cc562 3621
ac5e3a50 3622 if (IN_SET(who, KILL_ALL, KILL_ALL_FAIL) && u->cgroup_path) {
814cc562
MS		 3623 _cleanup_set_free_ Set *pid_set = NULL;
3624 int q;
3625
82659fd7
LP		 3626 /* Exclude the main/control pids from being killed via the cgroup */
3627 pid_set = unit_pid_set(main_pid, control_pid);
814cc562 3628 if (!pid_set)
d9911002
LP		 3629 return log_oom();
3630
3631 q = cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, signo, 0, pid_set, kill_common_log, u);
3632 if (q < 0) {
3633 if (!IN_SET(q, -ESRCH, -ENOENT)) {
3634 if (r == 0)
3635 sd_bus_error_set_errnof(
3636 error, q,
3637 "Failed to send signal SIG%s to auxiliary processes: %m",
3638 signal_to_string(signo));
3639
3640 r = log_unit_warning_errno(
3641 u, q,
3642 "Failed to send signal SIG%s to auxiliary processes on client request: %m",
3643 signal_to_string(signo));
3644 }
3645 } else
ac5e3a50 3646 killed = true;
814cc562
MS		 3647 }
3648
2ae0508e
LP		 3649 /* If the "fail" versions of the operation are requested, then complain if the set of processes we killed is empty */
3650 if (r == 0 && !killed && IN_SET(who, KILL_ALL_FAIL, KILL_CONTROL_FAIL, KILL_MAIN_FAIL))
3651 return sd_bus_error_set_const(error, BUS_ERROR_NO_SUCH_PROCESS, "No matching processes to kill");
ac5e3a50 3652
814cc562
MS		 3653 return r;
3654}
3655
6210e7fc
LP		 3656int unit_following_set(Unit *u, Set **s) {
3657 assert(u);
3658 assert(s);
3659
3660 if (UNIT_VTABLE(u)->following_set)
3661 return UNIT_VTABLE(u)->following_set(u, s);
3662
3663 *s = NULL;
3664 return 0;
3665}
3666
a4375746 3667UnitFileState unit_get_unit_file_state(Unit *u) {
0ec0deaa
LP		 3668 int r;
3669
a4375746
LP		 3670 assert(u);
3671
0ec0deaa
LP		 3672 if (u->unit_file_state < 0 && u->fragment_path) {
3673 r = unit_file_get_state(
463d0d15 3674 u->manager->unit_file_scope,
0ec0deaa 3675 NULL,
9ea3a0e7 3676 u->id,
0ec0deaa
LP		 3677 &u->unit_file_state);
3678 if (r < 0)
3679 u->unit_file_state = UNIT_FILE_BAD;
3680 }
a4375746 3681
ac155bb8 3682 return u->unit_file_state;
a4375746
LP		 3683}
3684
d2dc52db
LP		 3685int unit_get_unit_file_preset(Unit *u) {
3686 assert(u);
3687
3688 if (u->unit_file_preset < 0 && u->fragment_path)
3689 u->unit_file_preset = unit_file_query_preset(
463d0d15 3690 u->manager->unit_file_scope,
0ec0deaa 3691 NULL,
8f7b2566
ZJS		 3692 basename(u->fragment_path),
3693 NULL);
d2dc52db
LP		 3694
3695 return u->unit_file_preset;
3696}
3697
7f7d01ed 3698Unit* unit_ref_set(UnitRef *ref, Unit *source, Unit *target) {
57020a3a 3699 assert(ref);
7f7d01ed
ZJS		 3700 assert(source);
3701 assert(target);
57020a3a 3702
7f7d01ed 3703 if (ref->target)
57020a3a
LP		 3704 unit_ref_unset(ref);
3705
7f7d01ed
ZJS		 3706 ref->source = source;
3707 ref->target = target;
3708 LIST_PREPEND(refs_by_target, target->refs_by_target, ref);
3709 return target;
57020a3a
LP		 3710}
3711
3712void unit_ref_unset(UnitRef *ref) {
3713 assert(ref);
3714
7f7d01ed 3715 if (!ref->target)
57020a3a
LP		 3716 return;
3717
b75102e5
LP		 3718 /* We are about to drop a reference to the unit, make sure the garbage collection has a look at it as it might
3719 * be unreferenced now. */
7f7d01ed 3720 unit_add_to_gc_queue(ref->target);
b75102e5 3721
7f7d01ed
ZJS		 3722 LIST_REMOVE(refs_by_target, ref->target->refs_by_target, ref);
3723 ref->source = ref->target = NULL;
57020a3a
LP		 3724}
3725
29206d46
LP		 3726static int user_from_unit_name(Unit *u, char **ret) {
3727
3728 static const uint8_t hash_key[] = {
3729 0x58, 0x1a, 0xaf, 0xe6, 0x28, 0x58, 0x4e, 0x96,
3730 0xb4, 0x4e, 0xf5, 0x3b, 0x8c, 0x92, 0x07, 0xec
3731 };
3732
3733 _cleanup_free_ char *n = NULL;
3734 int r;
3735
3736 r = unit_name_to_prefix(u->id, &n);
3737 if (r < 0)
3738 return r;
3739
7a8867ab 3740 if (valid_user_group_name(n, 0)) {
ae2a15bc 3741 *ret = TAKE_PTR(n);
29206d46
LP		 3742 return 0;
3743 }
3744
3745 /* If we can't use the unit name as a user name, then let's hash it and use that */
3746 if (asprintf(ret, "_du%016" PRIx64, siphash24(n, strlen(n), hash_key)) < 0)
3747 return -ENOMEM;
3748
3749 return 0;
3750}
3751
598459ce
LP		 3752int unit_patch_contexts(Unit *u) {
3753 CGroupContext *cc;
3754 ExecContext *ec;
cba6e062
LP		 3755 int r;
3756
e06c73cc 3757 assert(u);
e06c73cc 3758
598459ce
LP		 3759 /* Patch in the manager defaults into the exec and cgroup
3760 * contexts, _after_ the rest of the settings have been
3761 * initialized */
085afe36 3762
598459ce
LP		 3763 ec = unit_get_exec_context(u);
3764 if (ec) {
3765 /* This only copies in the ones that need memory */
12375b95 3766 for (unsigned i = 0; i < _RLIMIT_MAX; i++)
598459ce
LP		 3767 if (u->manager->rlimit[i] && !ec->rlimit[i]) {
3768 ec->rlimit[i] = newdup(struct rlimit, u->manager->rlimit[i], 1);
3769 if (!ec->rlimit[i])
3770 return -ENOMEM;
3771 }
3772
463d0d15 3773 if (MANAGER_IS_USER(u->manager) &&
598459ce
LP		 3774 !ec->working_directory) {
3775
3776 r = get_home_dir(&ec->working_directory);
3777 if (r < 0)
3778 return r;
4c08c824
LP		 3779
3780 /* Allow user services to run, even if the
3781 * home directory is missing */
3782 ec->working_directory_missing_ok = true;
cba6e062
LP		 3783 }
3784
598459ce 3785 if (ec->private_devices)
2cd0a735 3786 ec->capability_bounding_set &= ~((UINT64_C(1) << CAP_MKNOD) | (UINT64_C(1) << CAP_SYS_RAWIO));
502d704e
DH		 3787
3788 if (ec->protect_kernel_modules)
3789 ec->capability_bounding_set &= ~(UINT64_C(1) << CAP_SYS_MODULE);
29206d46 3790
84703040
KK		 3791 if (ec->protect_kernel_logs)
3792 ec->capability_bounding_set &= ~(UINT64_C(1) << CAP_SYSLOG);
3793
fc64760d
KK		 3794 if (ec->protect_clock)
3795 ec->capability_bounding_set &= ~((UINT64_C(1) << CAP_SYS_TIME) | (UINT64_C(1) << CAP_WAKE_ALARM));
3796
29206d46
LP		 3797 if (ec->dynamic_user) {
3798 if (!ec->user) {
3799 r = user_from_unit_name(u, &ec->user);
3800 if (r < 0)
3801 return r;
3802 }
3803
3804 if (!ec->group) {
3805 ec->group = strdup(ec->user);
3806 if (!ec->group)
3807 return -ENOMEM;
3808 }
3809
bf65b7e0
LP		 3810 /* If the dynamic user option is on, let's make sure that the unit can't leave its
3811 * UID/GID around in the file system or on IPC objects. Hence enforce a strict
3812 * sandbox. */
63bb64a0 3813
29206d46 3814 ec->private_tmp = true;
00d9ef85 3815 ec->remove_ipc = true;
63bb64a0
LP		 3816 ec->protect_system = PROTECT_SYSTEM_STRICT;
3817 if (ec->protect_home == PROTECT_HOME_NO)
3818 ec->protect_home = PROTECT_HOME_READ_ONLY;
bf65b7e0
LP		 3819
3820 /* Make sure this service can neither benefit from SUID/SGID binaries nor create
3821 * them. */
3822 ec->no_new_privileges = true;
3823 ec->restrict_suid_sgid = true;
29206d46 3824 }
cba6e062
LP		 3825 }
3826
598459ce 3827 cc = unit_get_cgroup_context(u);
fe65e88b 3828 if (cc && ec) {
f513e420 3829
fe65e88b 3830 if (ec->private_devices &&
084870f9
ZJS		 3831 cc->device_policy == CGROUP_DEVICE_POLICY_AUTO)
3832 cc->device_policy = CGROUP_DEVICE_POLICY_CLOSED;
fe65e88b 3833
b3d13314 3834 if ((ec->root_image || !LIST_IS_EMPTY(ec->mount_images)) &&
084870f9 3835 (cc->device_policy != CGROUP_DEVICE_POLICY_AUTO || cc->device_allow)) {
0cffae95 3836 const char *p;
fe65e88b 3837
b3d13314 3838 /* When RootImage= or MountImages= is specified, the following devices are touched. */
0cffae95
LB		 3839 FOREACH_STRING(p, "/dev/loop-control", "/dev/mapper/control") {
3840 r = cgroup_add_device_allow(cc, p, "rw");
3841 if (r < 0)
3842 return r;
3843 }
3844 FOREACH_STRING(p, "block-loop", "block-blkext", "block-device-mapper") {
3845 r = cgroup_add_device_allow(cc, p, "rwm");
3846 if (r < 0)
3847 return r;
3848 }
867af728 3849
0cffae95
LB		 3850 /* Make sure "block-loop" can be resolved, i.e. make sure "loop" shows up in /proc/devices.
3851 * Same for mapper and verity. */
3852 FOREACH_STRING(p, "modprobe@loop.service", "modprobe@dm_mod.service", "modprobe@dm_verity.service") {
3853 r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, p, true, UNIT_DEPENDENCY_FILE);
3854 if (r < 0)
3855 return r;
3856 }
fe65e88b 3857 }
fc64760d
KK		 3858
3859 if (ec->protect_clock) {
3860 r = cgroup_add_device_allow(cc, "char-rtc", "r");
3861 if (r < 0)
3862 return r;
3863 }
598459ce 3864 }
f1660f96 3865
cba6e062 3866 return 0;
e06c73cc
LP		 3867}
3868
3ef63c31
LP		 3869ExecContext *unit_get_exec_context(Unit *u) {
3870 size_t offset;
3871 assert(u);
3872
598459ce
LP		 3873 if (u->type < 0)
3874 return NULL;
3875
3ef63c31
LP		 3876 offset = UNIT_VTABLE(u)->exec_context_offset;
3877 if (offset <= 0)
3878 return NULL;
3879
3880 return (ExecContext*) ((uint8_t*) u + offset);
3881}
3882
718db961
LP		 3883KillContext *unit_get_kill_context(Unit *u) {
3884 size_t offset;
3885 assert(u);
3886
598459ce
LP		 3887 if (u->type < 0)
3888 return NULL;
3889
718db961
LP		 3890 offset = UNIT_VTABLE(u)->kill_context_offset;
3891 if (offset <= 0)
3892 return NULL;
3893
3894 return (KillContext*) ((uint8_t*) u + offset);
3895}
3896
4ad49000
LP		 3897CGroupContext *unit_get_cgroup_context(Unit *u) {
3898 size_t offset;
3899
598459ce
LP		 3900 if (u->type < 0)
3901 return NULL;
3902
4ad49000
LP		 3903 offset = UNIT_VTABLE(u)->cgroup_context_offset;
3904 if (offset <= 0)
3905 return NULL;
3906
3907 return (CGroupContext*) ((uint8_t*) u + offset);
3908}
3909
613b411c
LP		 3910ExecRuntime *unit_get_exec_runtime(Unit *u) {
3911 size_t offset;
3912
598459ce
LP		 3913 if (u->type < 0)
3914 return NULL;
3915
613b411c
LP		 3916 offset = UNIT_VTABLE(u)->exec_runtime_offset;
3917 if (offset <= 0)
3918 return NULL;
3919
3920 return *(ExecRuntime**) ((uint8_t*) u + offset);
3921}
3922
2e59b241 3923static const char* unit_drop_in_dir(Unit *u, UnitWriteFlags flags) {
3f5e8115
LP		 3924 assert(u);
3925
2e59b241 3926 if (UNIT_WRITE_FLAGS_NOOP(flags))
4f4afc88
LP		 3927 return NULL;
3928
39591351
LP		 3929 if (u->transient) /* Redirect drop-ins for transient units always into the transient directory. */
3930 return u->manager->lookup_paths.transient;
26d04f86 3931
2e59b241 3932 if (flags & UNIT_PERSISTENT)
4f4afc88 3933 return u->manager->lookup_paths.persistent_control;
26d04f86 3934
2e59b241
LP		 3935 if (flags & UNIT_RUNTIME)
3936 return u->manager->lookup_paths.runtime_control;
3937
39591351 3938 return NULL;
71645aca
LP		 3939}
3940
2e59b241
LP		 3941char* unit_escape_setting(const char *s, UnitWriteFlags flags, char **buf) {
3942 char *ret = NULL;
3943
3944 if (!s)
3945 return NULL;
3946
3947 /* Escapes the input string as requested. Returns the escaped string. If 'buf' is specified then the allocated
3948 * return buffer pointer is also written to *buf, except if no escaping was necessary, in which case *buf is
3949 * set to NULL, and the input pointer is returned as-is. This means the return value always contains a properly
3950 * escaped version, but *buf when passed only contains a pointer if an allocation was necessary. If *buf is
3951 * not specified, then the return value always needs to be freed. Callers can use this to optimize memory
3952 * allocations. */
3953
3954 if (flags & UNIT_ESCAPE_SPECIFIERS) {
3955 ret = specifier_escape(s);
3956 if (!ret)
3957 return NULL;
3958
3959 s = ret;
3960 }
3961
3962 if (flags & UNIT_ESCAPE_C) {
3963 char *a;
3964
3965 a = cescape(s);
3966 free(ret);
3967 if (!a)
3968 return NULL;
3969
3970 ret = a;
3971 }
3972
3973 if (buf) {
3974 *buf = ret;
3975 return ret ?: (char*) s;
3976 }
3977
3978 return ret ?: strdup(s);
3979}
3980
3981char* unit_concat_strv(char **l, UnitWriteFlags flags) {
3982 _cleanup_free_ char *result = NULL;
3983 size_t n = 0, allocated = 0;
ae2a15bc 3984 char **i;
2e59b241
LP		 3985
3986 /* Takes a list of strings, escapes them, and concatenates them. This may be used to format command lines in a
3987 * way suitable for ExecStart= stanzas */
3988
3989 STRV_FOREACH(i, l) {
3990 _cleanup_free_ char *buf = NULL;
3991 const char *p;
3992 size_t a;
3993 char *q;
3994
3995 p = unit_escape_setting(*i, flags, &buf);
3996 if (!p)
3997 return NULL;
3998
3999 a = (n > 0) + 1 + strlen(p) + 1; /* separating space + " + entry + " */
4000 if (!GREEDY_REALLOC(result, allocated, n + a + 1))
4001 return NULL;
4002
4003 q = result + n;
4004 if (n > 0)
4005 *(q++) = ' ';
4006
4007 *(q++) = '"';
4008 q = stpcpy(q, p);
4009 *(q++) = '"';
4010
4011 n += a;
4012 }
4013
4014 if (!GREEDY_REALLOC(result, allocated, n + 1))
4015 return NULL;
4016
4017 result[n] = 0;
4018
ae2a15bc 4019 return TAKE_PTR(result);
2e59b241
LP		 4020}
4021
4022int unit_write_setting(Unit *u, UnitWriteFlags flags, const char *name, const char *data) {
4023 _cleanup_free_ char *p = NULL, *q = NULL, *escaped = NULL;
2a9a6f8a 4024 const char *dir, *wrapped;
26d04f86 4025 int r;
71645aca
LP		 4026
4027 assert(u);
2e59b241
LP		 4028 assert(name);
4029 assert(data);
4030
4031 if (UNIT_WRITE_FLAGS_NOOP(flags))
4032 return 0;
4033
4034 data = unit_escape_setting(data, flags, &escaped);
4035 if (!data)
4036 return -ENOMEM;
4037
4038 /* Prefix the section header. If we are writing this out as transient file, then let's suppress this if the
4039 * previous section header is the same */
4040
4041 if (flags & UNIT_PRIVATE) {
4042 if (!UNIT_VTABLE(u)->private_section)
4043 return -EINVAL;
4044
4045 if (!u->transient_file || u->last_section_private < 0)
4046 data = strjoina("[", UNIT_VTABLE(u)->private_section, "]\n", data);
4047 else if (u->last_section_private == 0)
4048 data = strjoina("\n[", UNIT_VTABLE(u)->private_section, "]\n", data);
4049 } else {
4050 if (!u->transient_file || u->last_section_private < 0)
4051 data = strjoina("[Unit]\n", data);
4052 else if (u->last_section_private > 0)
4053 data = strjoina("\n[Unit]\n", data);
4054 }
71645aca 4055
4f4afc88
LP		 4056 if (u->transient_file) {
4057 /* When this is a transient unit file in creation, then let's not create a new drop-in but instead
4058 * write to the transient unit file. */
4059 fputs(data, u->transient_file);
4f4afc88 4060
2e59b241
LP		 4061 if (!endswith(data, "\n"))
4062 fputc('\n', u->transient_file);
4063
4064 /* Remember which section we wrote this entry to */
4065 u->last_section_private = !!(flags & UNIT_PRIVATE);
8e2af478 4066 return 0;
2e59b241 4067 }
8e2af478 4068
2e59b241 4069 dir = unit_drop_in_dir(u, flags);
39591351
LP		 4070 if (!dir)
4071 return -EINVAL;
71645aca 4072
2a9a6f8a 4073 wrapped = strjoina("# This is a drop-in unit file extension, created via \"systemctl set-property\"\n"
3f71dec5 4074 "# or an equivalent operation. Do not edit.\n",
2a9a6f8a
ZJS		 4075 data,
4076 "\n");
e20b2a86 4077
815b09d3 4078 r = drop_in_file(dir, u->id, 50, name, &p, &q);
adb76a70
WC		 4079 if (r < 0)
4080 return r;
4081
45639f1b 4082 (void) mkdir_p_label(p, 0755);
4dba44a5
ZJS		 4083
4084 /* Make sure the drop-in dir is registered in our path cache. This way we don't need to stupidly
4085 * recreate the cache after every drop-in we write. */
4086 if (u->manager->unit_path_cache) {
be327321 4087 r = set_put_strdup(&u->manager->unit_path_cache, p);
4dba44a5
ZJS		 4088 if (r < 0)
4089 return r;
4090 }
4091
2a9a6f8a 4092 r = write_string_file_atomic_label(q, wrapped);
adb76a70
WC		 4093 if (r < 0)
4094 return r;
4095
815b09d3 4096 r = strv_push(&u->dropin_paths, q);
adb76a70
WC		 4097 if (r < 0)
4098 return r;
815b09d3 4099 q = NULL;
adb76a70 4100
adb76a70
WC		 4101 strv_uniq(u->dropin_paths);
4102
4103 u->dropin_mtime = now(CLOCK_REALTIME);
4104
4105 return 0;
26d04f86 4106}
71645aca 4107
2e59b241 4108int unit_write_settingf(Unit *u, UnitWriteFlags flags, const char *name, const char *format, ...) {
b9ec9359
LP		 4109 _cleanup_free_ char *p = NULL;
4110 va_list ap;
4111 int r;
4112
4113 assert(u);
4114 assert(name);
4115 assert(format);
4116
2e59b241 4117 if (UNIT_WRITE_FLAGS_NOOP(flags))
b9ec9359
LP		 4118 return 0;
4119
4120 va_start(ap, format);
4121 r = vasprintf(&p, format, ap);
4122 va_end(ap);
4123
4124 if (r < 0)
4125 return -ENOMEM;
4126
2e59b241 4127 return unit_write_setting(u, flags, name, p);
b9ec9359 4128}
71645aca 4129
c2756a68 4130int unit_make_transient(Unit *u) {
0126c8f3 4131 _cleanup_free_ char *path = NULL;
4f4afc88 4132 FILE *f;
4f4afc88 4133
c2756a68
LP		 4134 assert(u);
4135
3f5e8115
LP		 4136 if (!UNIT_VTABLE(u)->can_transient)
4137 return -EOPNOTSUPP;
4138
45639f1b
LP		 4139 (void) mkdir_p_label(u->manager->lookup_paths.transient, 0755);
4140
657ee2d8 4141 path = path_join(u->manager->lookup_paths.transient, u->id);
4f4afc88
LP		 4142 if (!path)
4143 return -ENOMEM;
4144
4145 /* Let's open the file we'll write the transient settings into. This file is kept open as long as we are
4146 * creating the transient, and is closed in unit_load(), as soon as we start loading the file. */
4147
78e334b5 4148 RUN_WITH_UMASK(0022) {
4f4afc88 4149 f = fopen(path, "we");
0126c8f3 4150 if (!f)
78e334b5 4151 return -errno;
4f4afc88
LP		 4152 }
4153
0126c8f3 4154 safe_fclose(u->transient_file);
4f4afc88
LP		 4155 u->transient_file = f;
4156
0126c8f3 4157 free_and_replace(u->fragment_path, path);
7c65093a 4158
7c65093a
LP		 4159 u->source_path = mfree(u->source_path);
4160 u->dropin_paths = strv_free(u->dropin_paths);
4161 u->fragment_mtime = u->source_mtime = u->dropin_mtime = 0;
4162
4f4afc88
LP		 4163 u->load_state = UNIT_STUB;
4164 u->load_error = 0;
4165 u->transient = true;
4166
7c65093a
LP		 4167 unit_add_to_dbus_queue(u);
4168 unit_add_to_gc_queue(u);
c2756a68 4169
4f4afc88
LP		 4170 fputs("# This is a transient unit file, created programmatically via the systemd API. Do not edit.\n",
4171 u->transient_file);
4172
3f5e8115 4173 return 0;
c2756a68
LP		 4174}
4175
c53d2d54 4176static int log_kill(pid_t pid, int sig, void *userdata) {
1d98fef1
LP		 4177 _cleanup_free_ char *comm = NULL;
4178
4179 (void) get_process_comm(pid, &comm);
4180
4181 /* Don't log about processes marked with brackets, under the assumption that these are temporary processes
4182 only, like for example systemd's own PAM stub process. */
4183 if (comm && comm[0] == '(')
c53d2d54 4184 return 0;
1d98fef1
LP		 4185
4186 log_unit_notice(userdata,
4187 "Killing process " PID_FMT " (%s) with signal SIG%s.",
4188 pid,
4189 strna(comm),
4190 signal_to_string(sig));
c53d2d54
DB		 4191
4192 return 1;
1d98fef1
LP		 4193}
4194
4ab1670f 4195static int operation_to_signal(const KillContext *c, KillOperation k, bool *noteworthy) {
1d98fef1
LP		 4196 assert(c);
4197
4198 switch (k) {
4199
4200 case KILL_TERMINATE:
4201 case KILL_TERMINATE_AND_LOG:
4ab1670f 4202 *noteworthy = false;
1d98fef1
LP		 4203 return c->kill_signal;
4204
a232ebcc 4205 case KILL_RESTART:
4ab1670f 4206 *noteworthy = false;
a232ebcc
ZJS		 4207 return restart_kill_signal(c);
4208
1d98fef1 4209 case KILL_KILL:
4ab1670f 4210 *noteworthy = true;
fbb48d4c 4211 return c->final_kill_signal;
1d98fef1 4212
c87700a1 4213 case KILL_WATCHDOG:
4ab1670f 4214 *noteworthy = true;
c87700a1 4215 return c->watchdog_signal;
1d98fef1
LP		 4216
4217 default:
4218 assert_not_reached("KillOperation unknown");
4219 }
4220}
4221
cd2086fe
LP		 4222int unit_kill_context(
4223 Unit *u,
4224 KillContext *c,
db2cb23b 4225 KillOperation k,
cd2086fe
LP		 4226 pid_t main_pid,
4227 pid_t control_pid,
4228 bool main_pid_alien) {
4229
1d98fef1 4230 bool wait_for_exit = false, send_sighup;
59ec09a8 4231 cg_kill_log_func_t log_func = NULL;
b821a397 4232 int sig, r;
cd2086fe
LP		 4233
4234 assert(u);
4235 assert(c);
4236
8aff7ac4
LP		 4237 /* Kill the processes belonging to this unit, in preparation for shutting the unit down. Returns > 0
4238 * if we killed something worth waiting for, 0 otherwise. Do not confuse with unit_kill_common()
4239 * which is used for user-requested killing of unit processes. */
1d98fef1 4240
cd2086fe
LP		 4241 if (c->kill_mode == KILL_NONE)
4242 return 0;
4243
4ab1670f
ZJS		 4244 bool noteworthy;
4245 sig = operation_to_signal(c, k, &noteworthy);
4246 if (noteworthy)
4247 log_func = log_kill;
1d98fef1
LP		 4248
4249 send_sighup =
4250 c->send_sighup &&
4251 IN_SET(k, KILL_TERMINATE, KILL_TERMINATE_AND_LOG) &&
4252 sig != SIGHUP;
4253
cd2086fe 4254 if (main_pid > 0) {
1d98fef1
LP		 4255 if (log_func)
4256 log_func(main_pid, sig, u);
cd2086fe 4257
1d98fef1 4258 r = kill_and_sigcont(main_pid, sig);
cd2086fe
LP		 4259 if (r < 0 && r != -ESRCH) {
4260 _cleanup_free_ char *comm = NULL;
1d98fef1 4261 (void) get_process_comm(main_pid, &comm);
cd2086fe 4262
b821a397 4263 log_unit_warning_errno(u, r, "Failed to kill main process " PID_FMT " (%s), ignoring: %m", main_pid, strna(comm));
82659fd7 4264 } else {
bc6aed7b
LP		 4265 if (!main_pid_alien)
4266 wait_for_exit = true;
82659fd7 4267
1d98fef1 4268 if (r != -ESRCH && send_sighup)
d0667321 4269 (void) kill(main_pid, SIGHUP);
82659fd7 4270 }
cd2086fe
LP		 4271 }
4272
4273 if (control_pid > 0) {
1d98fef1
LP		 4274 if (log_func)
4275 log_func(control_pid, sig, u);
cd2086fe 4276
1d98fef1 4277 r = kill_and_sigcont(control_pid, sig);
cd2086fe
LP		 4278 if (r < 0 && r != -ESRCH) {
4279 _cleanup_free_ char *comm = NULL;
1d98fef1 4280 (void) get_process_comm(control_pid, &comm);
cd2086fe 4281
b821a397 4282 log_unit_warning_errno(u, r, "Failed to kill control process " PID_FMT " (%s), ignoring: %m", control_pid, strna(comm));
82659fd7 4283 } else {
cd2086fe 4284 wait_for_exit = true;
82659fd7 4285
1d98fef1 4286 if (r != -ESRCH && send_sighup)
d0667321 4287 (void) kill(control_pid, SIGHUP);
82659fd7 4288 }
cd2086fe
LP		 4289 }
4290
b821a397
LP		 4291 if (u->cgroup_path &&
4292 (c->kill_mode == KILL_CONTROL_GROUP || (c->kill_mode == KILL_MIXED && k == KILL_KILL))) {
cd2086fe
LP		 4293 _cleanup_set_free_ Set *pid_set = NULL;
4294
82659fd7
LP		 4295 /* Exclude the main/control pids from being killed via the cgroup */
4296 pid_set = unit_pid_set(main_pid, control_pid);
cd2086fe
LP		 4297 if (!pid_set)
4298 return -ENOMEM;
4299
1d98fef1
LP		 4300 r = cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path,
4301 sig,
4302 CGROUP_SIGCONT|CGROUP_IGNORE_SELF,
4303 pid_set,
4304 log_func, u);
cd2086fe 4305 if (r < 0) {
4c701096 4306 if (!IN_SET(r, -EAGAIN, -ESRCH, -ENOENT))
b821a397
LP		 4307 log_unit_warning_errno(u, r, "Failed to kill control group %s, ignoring: %m", u->cgroup_path);
4308
82659fd7 4309 } else if (r > 0) {
bc6aed7b 4310
1d9cc876
LP		 4311 /* FIXME: For now, on the legacy hierarchy, we will not wait for the cgroup members to die if
4312 * we are running in a container or if this is a delegation unit, simply because cgroup
4313 * notification is unreliable in these cases. It doesn't work at all in containers, and outside
4314 * of containers it can be confused easily by left-over directories in the cgroup — which
4315 * however should not exist in non-delegated units. On the unified hierarchy that's different,
4316 * there we get proper events. Hence rely on them. */
efdb0237 4317
c22800e4 4318 if (cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER) > 0 ||
1d9cc876 4319 (detect_container() == 0 && !unit_cgroup_delegate(u)))
e9db43d5 4320 wait_for_exit = true;
58ea275a 4321
1d98fef1 4322 if (send_sighup) {
82659fd7
LP		 4323 set_free(pid_set);
4324
4325 pid_set = unit_pid_set(main_pid, control_pid);
4326 if (!pid_set)
4327 return -ENOMEM;
4328
c8aa4b5b
LP		 4329 (void) cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path,
4330 SIGHUP,
4331 CGROUP_IGNORE_SELF,
4332 pid_set,
4333 NULL, NULL);
82659fd7
LP		 4334 }
4335 }
cd2086fe
LP		 4336 }
4337
4338 return wait_for_exit;
4339}
4340
eef85c4a 4341int unit_require_mounts_for(Unit *u, const char *path, UnitDependencyMask mask) {
ca8700e9 4342 _cleanup_free_ char *p = NULL;
eef85c4a 4343 UnitDependencyInfo di;
a57f7e2c
LP		 4344 int r;
4345
4346 assert(u);
4347 assert(path);
4348
eef85c4a
LP		 4349 /* Registers a unit for requiring a certain path and all its prefixes. We keep a hashtable of these paths in
4350 * the unit (from the path to the UnitDependencyInfo structure indicating how to the dependency came to
4351 * be). However, we build a prefix table for all possible prefixes so that new appearing mount units can easily
4352 * determine which units to make themselves a dependency of. */
a57f7e2c 4353
70b64bd3
ZJS		 4354 if (!path_is_absolute(path))
4355 return -EINVAL;
4356
548f6937 4357 r = hashmap_ensure_allocated(&u->requires_mounts_for, &path_hash_ops);
eef85c4a
LP		 4358 if (r < 0)
4359 return r;
4360
a57f7e2c
LP		 4361 p = strdup(path);
4362 if (!p)
4363 return -ENOMEM;
4364
106bf8e4 4365 path = path_simplify(p, true);
a57f7e2c 4366
ca8700e9 4367 if (!path_is_normalized(path))
a57f7e2c 4368 return -EPERM;
a57f7e2c 4369
ca8700e9 4370 if (hashmap_contains(u->requires_mounts_for, path))
a57f7e2c 4371 return 0;
a57f7e2c 4372
eef85c4a
LP		 4373 di = (UnitDependencyInfo) {
4374 .origin_mask = mask
4375 };
4376
ca8700e9
ZJS		 4377 r = hashmap_put(u->requires_mounts_for, path, di.data);
4378 if (r < 0)
a57f7e2c 4379 return r;
ca8700e9 4380 p = NULL;
a57f7e2c 4381
4cb06c59 4382 char prefix[strlen(path) + 1];
ca8700e9 4383 PATH_FOREACH_PREFIX_MORE(prefix, path) {
a57f7e2c
LP		 4384 Set *x;
4385
4386 x = hashmap_get(u->manager->units_requiring_mounts_for, prefix);
4387 if (!x) {
ca8700e9 4388 _cleanup_free_ char *q = NULL;
a57f7e2c 4389
548f6937 4390 r = hashmap_ensure_allocated(&u->manager->units_requiring_mounts_for, &path_hash_ops);
742f41ad
LP		 4391 if (r < 0)
4392 return r;
a57f7e2c
LP		 4393
4394 q = strdup(prefix);
4395 if (!q)
4396 return -ENOMEM;
4397
d5099efc 4398 x = set_new(NULL);
ca8700e9 4399 if (!x)
a57f7e2c 4400 return -ENOMEM;
a57f7e2c
LP		 4401
4402 r = hashmap_put(u->manager->units_requiring_mounts_for, q, x);
4403 if (r < 0) {
a57f7e2c
LP		 4404 set_free(x);
4405 return r;
4406 }
ca8700e9 4407 q = NULL;
a57f7e2c
LP		 4408 }
4409
4410 r = set_put(x, u);
4411 if (r < 0)
4412 return r;
4413 }
4414
4415 return 0;
4416}
4417
613b411c
LP		 4418int unit_setup_exec_runtime(Unit *u) {
4419 ExecRuntime **rt;
4420 size_t offset;
613b411c 4421 Unit *other;
eef85c4a 4422 void *v;
e8a565cb 4423 int r;
613b411c
LP		 4424
4425 offset = UNIT_VTABLE(u)->exec_runtime_offset;
4426 assert(offset > 0);
4427
06b643e7 4428 /* Check if there already is an ExecRuntime for this unit? */
613b411c
LP		 4429 rt = (ExecRuntime**) ((uint8_t*) u + offset);
4430 if (*rt)
4431 return 0;
4432
4433 /* Try to get it from somebody else */
90e74a66 4434 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_JOINS_NAMESPACE_OF]) {
e8a565cb
YW		 4435 r = exec_runtime_acquire(u->manager, NULL, other->id, false, rt);
4436 if (r == 1)
4437 return 1;
613b411c
LP		 4438 }
4439
e8a565cb 4440 return exec_runtime_acquire(u->manager, unit_get_exec_context(u), u->id, true, rt);
613b411c
LP		 4441}
4442
29206d46
LP		 4443int unit_setup_dynamic_creds(Unit *u) {
4444 ExecContext *ec;
4445 DynamicCreds *dcreds;
4446 size_t offset;
4447
4448 assert(u);
4449
4450 offset = UNIT_VTABLE(u)->dynamic_creds_offset;
4451 assert(offset > 0);
4452 dcreds = (DynamicCreds*) ((uint8_t*) u + offset);
4453
4454 ec = unit_get_exec_context(u);
4455 assert(ec);
4456
4457 if (!ec->dynamic_user)
4458 return 0;
4459
4460 return dynamic_creds_acquire(dcreds, u->manager, ec->user, ec->group);
4461}
4462
1c2e9646
LP		 4463bool unit_type_supported(UnitType t) {
4464 if (_unlikely_(t < 0))
4465 return false;
4466 if (_unlikely_(t >= _UNIT_TYPE_MAX))
4467 return false;
4468
4469 if (!unit_vtable[t]->supported)
4470 return true;
4471
4472 return unit_vtable[t]->supported();
4473}
4474
8b4305c7
LP		 4475void unit_warn_if_dir_nonempty(Unit *u, const char* where) {
4476 int r;
4477
4478 assert(u);
4479 assert(where);
4480
4481 r = dir_is_empty(where);
3f602115 4482 if (r > 0 || r == -ENOTDIR)
8b4305c7
LP		 4483 return;
4484 if (r < 0) {
4485 log_unit_warning_errno(u, r, "Failed to check directory %s: %m", where);
4486 return;
4487 }
4488
4489 log_struct(LOG_NOTICE,
2b044526 4490 "MESSAGE_ID=" SD_MESSAGE_OVERMOUNTING_STR,
8b4305c7 4491 LOG_UNIT_ID(u),
f1c50bec 4492 LOG_UNIT_INVOCATION_ID(u),
8b4305c7 4493 LOG_UNIT_MESSAGE(u, "Directory %s to mount over is not empty, mounting anyway.", where),
a1230ff9 4494 "WHERE=%s", where);
8b4305c7
LP		 4495}
4496
25cd4964 4497int unit_fail_if_noncanonical(Unit *u, const char* where) {
58d9d89b 4498 _cleanup_free_ char *canonical_where = NULL;
8b4305c7
LP		 4499 int r;
4500
4501 assert(u);
4502 assert(where);
4503
a5648b80 4504 r = chase_symlinks(where, NULL, CHASE_NONEXISTENT, &canonical_where, NULL);
8b4305c7 4505 if (r < 0) {
25cd4964 4506 log_unit_debug_errno(u, r, "Failed to check %s for symlinks, ignoring: %m", where);
8b4305c7
LP		 4507 return 0;
4508 }
25cd4964
AJ		 4509
4510 /* We will happily ignore a trailing slash (or any redundant slashes) */
4511 if (path_equal(where, canonical_where))
8b4305c7
LP		 4512 return 0;
4513
25cd4964 4514 /* No need to mention "." or "..", they would already have been rejected by unit_name_from_path() */
8b4305c7 4515 log_struct(LOG_ERR,
2b044526 4516 "MESSAGE_ID=" SD_MESSAGE_OVERMOUNTING_STR,
8b4305c7 4517 LOG_UNIT_ID(u),
f1c50bec 4518 LOG_UNIT_INVOCATION_ID(u),
25cd4964 4519 LOG_UNIT_MESSAGE(u, "Mount path %s is not canonical (contains a symlink).", where),
a1230ff9 4520 "WHERE=%s", where);
8b4305c7
LP		 4521
4522 return -ELOOP;
4523}
0f13f3bd
LP		 4524
4525bool unit_is_pristine(Unit *u) {
4526 assert(u);
4527
7c65093a 4528 /* Check if the unit already exists or is already around,
0f13f3bd
LP		 4529 * in a number of different ways. Note that to cater for unit
4530 * types such as slice, we are generally fine with units that
e9e8cbc8
ZJS		 4531 * are marked UNIT_LOADED even though nothing was actually
4532 * loaded, as those unit types don't require a file on disk. */
0f13f3bd
LP		 4533
4534 return !(!IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_LOADED) ||
4535 u->fragment_path ||
4536 u->source_path ||
4537 !strv_isempty(u->dropin_paths) ||
0f13f3bd
LP		 4538 u->job ||
4539 u->merged_into);
4540}
291d565a
LP		 4541
4542pid_t unit_control_pid(Unit *u) {
4543 assert(u);
4544
4545 if (UNIT_VTABLE(u)->control_pid)
4546 return UNIT_VTABLE(u)->control_pid(u);
4547
4548 return 0;
4549}
4550
4551pid_t unit_main_pid(Unit *u) {
4552 assert(u);
4553
4554 if (UNIT_VTABLE(u)->main_pid)
4555 return UNIT_VTABLE(u)->main_pid(u);
4556
4557 return 0;
4558}
00d9ef85
LP		 4559
4560static void unit_unref_uid_internal(
4561 Unit *u,
4562 uid_t *ref_uid,
4563 bool destroy_now,
4564 void (*_manager_unref_uid)(Manager *m, uid_t uid, bool destroy_now)) {
4565
4566 assert(u);
4567 assert(ref_uid);
4568 assert(_manager_unref_uid);
4569
4570 /* Generic implementation of both unit_unref_uid() and unit_unref_gid(), under the assumption that uid_t and
4571 * gid_t are actually the same time, with the same validity rules.
4572 *
4573 * Drops a reference to UID/GID from a unit. */
4574
4575 assert_cc(sizeof(uid_t) == sizeof(gid_t));
4576 assert_cc(UID_INVALID == (uid_t) GID_INVALID);
4577
4578 if (!uid_is_valid(*ref_uid))
4579 return;
4580
4581 _manager_unref_uid(u->manager, *ref_uid, destroy_now);
4582 *ref_uid = UID_INVALID;
4583}
4584
b90cf102 4585static void unit_unref_uid(Unit *u, bool destroy_now) {
00d9ef85
LP		 4586 unit_unref_uid_internal(u, &u->ref_uid, destroy_now, manager_unref_uid);
4587}
4588
b90cf102 4589static void unit_unref_gid(Unit *u, bool destroy_now) {
00d9ef85
LP		 4590 unit_unref_uid_internal(u, (uid_t*) &u->ref_gid, destroy_now, manager_unref_gid);
4591}
4592
b90cf102
LP		 4593void unit_unref_uid_gid(Unit *u, bool destroy_now) {
4594 assert(u);
4595
4596 unit_unref_uid(u, destroy_now);
4597 unit_unref_gid(u, destroy_now);
4598}
4599
00d9ef85
LP		 4600static int unit_ref_uid_internal(
4601 Unit *u,
4602 uid_t *ref_uid,
4603 uid_t uid,
4604 bool clean_ipc,
4605 int (*_manager_ref_uid)(Manager *m, uid_t uid, bool clean_ipc)) {
4606
4607 int r;
4608
4609 assert(u);
4610 assert(ref_uid);
4611 assert(uid_is_valid(uid));
4612 assert(_manager_ref_uid);
4613
4614 /* Generic implementation of both unit_ref_uid() and unit_ref_guid(), under the assumption that uid_t and gid_t
4615 * are actually the same type, and have the same validity rules.
4616 *
4617 * Adds a reference on a specific UID/GID to this unit. Each unit referencing the same UID/GID maintains a
4618 * reference so that we can destroy the UID/GID's IPC resources as soon as this is requested and the counter
4619 * drops to zero. */
4620
4621 assert_cc(sizeof(uid_t) == sizeof(gid_t));
4622 assert_cc(UID_INVALID == (uid_t) GID_INVALID);
4623
4624 if (*ref_uid == uid)
4625 return 0;
4626
4627 if (uid_is_valid(*ref_uid)) /* Already set? */
4628 return -EBUSY;
4629
4630 r = _manager_ref_uid(u->manager, uid, clean_ipc);
4631 if (r < 0)
4632 return r;
4633
4634 *ref_uid = uid;
4635 return 1;
4636}
4637
b90cf102 4638static int unit_ref_uid(Unit *u, uid_t uid, bool clean_ipc) {
00d9ef85
LP		 4639 return unit_ref_uid_internal(u, &u->ref_uid, uid, clean_ipc, manager_ref_uid);
4640}
4641
b90cf102 4642static int unit_ref_gid(Unit *u, gid_t gid, bool clean_ipc) {
00d9ef85
LP		 4643 return unit_ref_uid_internal(u, (uid_t*) &u->ref_gid, (uid_t) gid, clean_ipc, manager_ref_gid);
4644}
4645
4646static int unit_ref_uid_gid_internal(Unit *u, uid_t uid, gid_t gid, bool clean_ipc) {
4647 int r = 0, q = 0;
4648
4649 assert(u);
4650
4651 /* Reference both a UID and a GID in one go. Either references both, or neither. */
4652
4653 if (uid_is_valid(uid)) {
4654 r = unit_ref_uid(u, uid, clean_ipc);
4655 if (r < 0)
4656 return r;
4657 }
4658
4659 if (gid_is_valid(gid)) {
4660 q = unit_ref_gid(u, gid, clean_ipc);
4661 if (q < 0) {
4662 if (r > 0)
4663 unit_unref_uid(u, false);
4664
4665 return q;
4666 }
4667 }
4668
4669 return r > 0 || q > 0;
4670}
4671
4672int unit_ref_uid_gid(Unit *u, uid_t uid, gid_t gid) {
4673 ExecContext *c;
4674 int r;
4675
4676 assert(u);
4677
4678 c = unit_get_exec_context(u);
4679
4680 r = unit_ref_uid_gid_internal(u, uid, gid, c ? c->remove_ipc : false);
4681 if (r < 0)
4682 return log_unit_warning_errno(u, r, "Couldn't add UID/GID reference to unit, proceeding without: %m");
4683
4684 return r;
4685}
4686
00d9ef85
LP		 4687void unit_notify_user_lookup(Unit *u, uid_t uid, gid_t gid) {
4688 int r;
4689
4690 assert(u);
4691
4692 /* This is invoked whenever one of the forked off processes let's us know the UID/GID its user name/group names
4693 * resolved to. We keep track of which UID/GID is currently assigned in order to be able to destroy its IPC
4694 * objects when no service references the UID/GID anymore. */
4695
4696 r = unit_ref_uid_gid(u, uid, gid);
4697 if (r > 0)
37d0b962 4698 unit_add_to_dbus_queue(u);
00d9ef85 4699}
4b58153d 4700
4b58153d
LP		 4701int unit_acquire_invocation_id(Unit *u) {
4702 sd_id128_t id;
4703 int r;
4704
4705 assert(u);
4706
4707 r = sd_id128_randomize(&id);
4708 if (r < 0)
4709 return log_unit_error_errno(u, r, "Failed to generate invocation ID for unit: %m");
4710
4711 r = unit_set_invocation_id(u, id);
4712 if (r < 0)
4713 return log_unit_error_errno(u, r, "Failed to set invocation ID for unit: %m");
4714
af92c603 4715 unit_add_to_dbus_queue(u);
4b58153d
LP		 4716 return 0;
4717}
f0d47797 4718
1ad6e8b3
LP		 4719int unit_set_exec_params(Unit *u, ExecParameters *p) {
4720 int r;
4721
7960b0c7
LP		 4722 assert(u);
4723 assert(p);
f0d47797 4724
004c7f16 4725 /* Copy parameters from manager */
1ad6e8b3
LP		 4726 r = manager_get_effective_environment(u->manager, &p->environment);
4727 if (r < 0)
4728 return r;
4729
004c7f16
LP		 4730 p->confirm_spawn = manager_get_confirm_spawn(u->manager);
4731 p->cgroup_supported = u->manager->cgroup_supported;
4732 p->prefix = u->manager->prefix;
4733 SET_FLAG(p->flags, EXEC_PASS_LOG_UNIT|EXEC_CHOWN_DIRECTORIES, MANAGER_IS_SYSTEM(u->manager));
4734
5238e957 4735 /* Copy parameters from unit */
7960b0c7 4736 p->cgroup_path = u->cgroup_path;
1d9cc876 4737 SET_FLAG(p->flags, EXEC_CGROUP_DELEGATE, unit_cgroup_delegate(u));
1ad6e8b3 4738
bb0c0d6f
LP		 4739 p->received_credentials = u->manager->received_credentials;
4740
1ad6e8b3 4741 return 0;
f0d47797 4742}
a79279c7 4743
4c253ed1 4744int unit_fork_helper_process(Unit *u, const char *name, pid_t *ret) {
a79279c7
LP		 4745 int r;
4746
4747 assert(u);
4748 assert(ret);
4749
4750 /* Forks off a helper process and makes sure it is a member of the unit's cgroup. Returns == 0 in the child,
4751 * and > 0 in the parent. The pid parameter is always filled in with the child's PID. */
4752
4753 (void) unit_realize_cgroup(u);
4754
4c253ed1
LP		 4755 r = safe_fork(name, FORK_REOPEN_LOG, ret);
4756 if (r != 0)
4757 return r;
a79279c7 4758
4c253ed1
LP		 4759 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
4760 (void) ignore_signals(SIGPIPE, -1);
a79279c7 4761
4c253ed1 4762 (void) prctl(PR_SET_PDEATHSIG, SIGTERM);
a79279c7 4763
4c253ed1
LP		 4764 if (u->cgroup_path) {
4765 r = cg_attach_everywhere(u->manager->cgroup_supported, u->cgroup_path, 0, NULL, NULL);
4766 if (r < 0) {
4767 log_unit_error_errno(u, r, "Failed to join unit cgroup %s: %m", u->cgroup_path);
4768 _exit(EXIT_CGROUP);
a79279c7 4769 }
a79279c7
LP		 4770 }
4771
4c253ed1 4772 return 0;
a79279c7 4773}
c999cf38 4774
810ef318
YW		 4775int unit_fork_and_watch_rm_rf(Unit *u, char **paths, pid_t *ret_pid) {
4776 pid_t pid;
4777 int r;
4778
4779 assert(u);
4780 assert(ret_pid);
4781
4782 r = unit_fork_helper_process(u, "(sd-rmrf)", &pid);
4783 if (r < 0)
4784 return r;
4785 if (r == 0) {
4786 int ret = EXIT_SUCCESS;
4787 char **i;
4788
4789 STRV_FOREACH(i, paths) {
4790 r = rm_rf(*i, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_MISSING_OK);
4791 if (r < 0) {
4792 log_error_errno(r, "Failed to remove '%s': %m", *i);
4793 ret = EXIT_FAILURE;
4794 }
4795 }
4796
4797 _exit(ret);
4798 }
4799
4800 r = unit_watch_pid(u, pid, true);
4801 if (r < 0)
4802 return r;
4803
4804 *ret_pid = pid;
4805 return 0;
4806}
4807
c999cf38
LP		 4808static void unit_update_dependency_mask(Unit *u, UnitDependency d, Unit *other, UnitDependencyInfo di) {
4809 assert(u);
4810 assert(d >= 0);
4811 assert(d < _UNIT_DEPENDENCY_MAX);
4812 assert(other);
4813
4814 if (di.origin_mask == 0 && di.destination_mask == 0) {
4815 /* No bit set anymore, let's drop the whole entry */
4816 assert_se(hashmap_remove(u->dependencies[d], other));
29a743f9 4817 log_unit_debug(u, "lost dependency %s=%s", unit_dependency_to_string(d), other->id);
c999cf38
LP		 4818 } else
4819 /* Mask was reduced, let's update the entry */
4820 assert_se(hashmap_update(u->dependencies[d], other, di.data) == 0);
4821}
4822
4823void unit_remove_dependencies(Unit *u, UnitDependencyMask mask) {
c999cf38
LP		 4824 assert(u);
4825
4826 /* Removes all dependencies u has on other units marked for ownership by 'mask'. */
4827
4828 if (mask == 0)
4829 return;
4830
f6173cb9 4831 for (UnitDependency d = 0; d < _UNIT_DEPENDENCY_MAX; d++) {
c999cf38
LP		 4832 bool done;
4833
4834 do {
4835 UnitDependencyInfo di;
4836 Unit *other;
c999cf38
LP		 4837
4838 done = true;
4839
90e74a66 4840 HASHMAP_FOREACH_KEY(di.data, other, u->dependencies[d]) {
1d6cc5d0 4841 if (FLAGS_SET(~mask, di.origin_mask))
c999cf38
LP		 4842 continue;
4843 di.origin_mask &= ~mask;
4844 unit_update_dependency_mask(u, d, other, di);
4845
4846 /* We updated the dependency from our unit to the other unit now. But most dependencies
4847 * imply a reverse dependency. Hence, let's delete that one too. For that we go through
4848 * all dependency types on the other unit and delete all those which point to us and
4849 * have the right mask set. */
4850
f6173cb9 4851 for (UnitDependency q = 0; q < _UNIT_DEPENDENCY_MAX; q++) {
c999cf38
LP		 4852 UnitDependencyInfo dj;
4853
4854 dj.data = hashmap_get(other->dependencies[q], u);
1d6cc5d0 4855 if (FLAGS_SET(~mask, dj.destination_mask))
c999cf38
LP		 4856 continue;
4857 dj.destination_mask &= ~mask;
4858
4859 unit_update_dependency_mask(other, q, u, dj);
4860 }
4861
4862 unit_add_to_gc_queue(other);
4863
4864 done = false;
4865 break;
4866 }
4867
4868 } while (!done);
4869 }
4870}
d3070fbd 4871
2f8c48b6
AZ		 4872static int unit_get_invocation_path(Unit *u, char **ret) {
4873 char *p;
4874 int r;
4875
4876 assert(u);
4877 assert(ret);
4878
4879 if (MANAGER_IS_SYSTEM(u->manager))
4880 p = strjoin("/run/systemd/units/invocation:", u->id);
4881 else {
4882 _cleanup_free_ char *user_path = NULL;
4883 r = xdg_user_runtime_dir(&user_path, "/systemd/units/invocation:");
4884 if (r < 0)
4885 return r;
4886 p = strjoin(user_path, u->id);
4887 }
4888
4889 if (!p)
4890 return -ENOMEM;
4891
4892 *ret = p;
4893 return 0;
4894}
4895
d3070fbd 4896static int unit_export_invocation_id(Unit *u) {
2f8c48b6 4897 _cleanup_free_ char *p = NULL;
d3070fbd
LP		 4898 int r;
4899
4900 assert(u);
4901
4902 if (u->exported_invocation_id)
4903 return 0;
4904
4905 if (sd_id128_is_null(u->invocation_id))
4906 return 0;
4907
2f8c48b6
AZ		 4908 r = unit_get_invocation_path(u, &p);
4909 if (r < 0)
4910 return log_unit_debug_errno(u, r, "Failed to get invocation path: %m");
4911
a3f5fd96 4912 r = symlink_atomic_label(u->invocation_id_string, p);
d3070fbd
LP		 4913 if (r < 0)
4914 return log_unit_debug_errno(u, r, "Failed to create invocation ID symlink %s: %m", p);
4915
4916 u->exported_invocation_id = true;
4917 return 0;
4918}
4919
4920static int unit_export_log_level_max(Unit *u, const ExecContext *c) {
4921 const char *p;
4922 char buf[2];
4923 int r;
4924
4925 assert(u);
4926 assert(c);
4927
4928 if (u->exported_log_level_max)
4929 return 0;
4930
4931 if (c->log_level_max < 0)
4932 return 0;
4933
4934 assert(c->log_level_max <= 7);
4935
4936 buf[0] = '0' + c->log_level_max;
4937 buf[1] = 0;
4938
4939 p = strjoina("/run/systemd/units/log-level-max:", u->id);
4940 r = symlink_atomic(buf, p);
4941 if (r < 0)
4942 return log_unit_debug_errno(u, r, "Failed to create maximum log level symlink %s: %m", p);
4943
4944 u->exported_log_level_max = true;
4945 return 0;
4946}
4947
4948static int unit_export_log_extra_fields(Unit *u, const ExecContext *c) {
4949 _cleanup_close_ int fd = -1;
4950 struct iovec *iovec;
4951 const char *p;
4952 char *pattern;
4953 le64_t *sizes;
4954 ssize_t n;
d3070fbd
LP		 4955 int r;
4956
4957 if (u->exported_log_extra_fields)
4958 return 0;
4959
4960 if (c->n_log_extra_fields <= 0)
4961 return 0;
4962
4963 sizes = newa(le64_t, c->n_log_extra_fields);
4964 iovec = newa(struct iovec, c->n_log_extra_fields * 2);
4965
12375b95 4966 for (size_t i = 0; i < c->n_log_extra_fields; i++) {
d3070fbd
LP		 4967 sizes[i] = htole64(c->log_extra_fields[i].iov_len);
4968
4969 iovec[i*2] = IOVEC_MAKE(sizes + i, sizeof(le64_t));
4970 iovec[i*2+1] = c->log_extra_fields[i];
4971 }
4972
4973 p = strjoina("/run/systemd/units/log-extra-fields:", u->id);
4974 pattern = strjoina(p, ".XXXXXX");
4975
4976 fd = mkostemp_safe(pattern);
4977 if (fd < 0)
4978 return log_unit_debug_errno(u, fd, "Failed to create extra fields file %s: %m", p);
4979
4980 n = writev(fd, iovec, c->n_log_extra_fields*2);
4981 if (n < 0) {
4982 r = log_unit_debug_errno(u, errno, "Failed to write extra fields: %m");
4983 goto fail;
4984 }
4985
4986 (void) fchmod(fd, 0644);
4987
4988 if (rename(pattern, p) < 0) {
4989 r = log_unit_debug_errno(u, errno, "Failed to rename extra fields file: %m");
4990 goto fail;
4991 }
4992
4993 u->exported_log_extra_fields = true;
4994 return 0;
4995
4996fail:
4997 (void) unlink(pattern);
4998 return r;
4999}
5000
5ac1530e 5001static int unit_export_log_ratelimit_interval(Unit *u, const ExecContext *c) {
90fc172e
AZ		 5002 _cleanup_free_ char *buf = NULL;
5003 const char *p;
5004 int r;
5005
5006 assert(u);
5007 assert(c);
5008
5ac1530e 5009 if (u->exported_log_ratelimit_interval)
90fc172e
AZ		 5010 return 0;
5011
5ac1530e 5012 if (c->log_ratelimit_interval_usec == 0)
90fc172e
AZ		 5013 return 0;
5014
5015 p = strjoina("/run/systemd/units/log-rate-limit-interval:", u->id);
5016
5ac1530e 5017 if (asprintf(&buf, "%" PRIu64, c->log_ratelimit_interval_usec) < 0)
90fc172e
AZ		 5018 return log_oom();
5019
5020 r = symlink_atomic(buf, p);
5021 if (r < 0)
5022 return log_unit_debug_errno(u, r, "Failed to create log rate limit interval symlink %s: %m", p);
5023
5ac1530e 5024 u->exported_log_ratelimit_interval = true;
90fc172e
AZ		 5025 return 0;
5026}
5027
5ac1530e 5028static int unit_export_log_ratelimit_burst(Unit *u, const ExecContext *c) {
90fc172e
AZ		 5029 _cleanup_free_ char *buf = NULL;
5030 const char *p;
5031 int r;
5032
5033 assert(u);
5034 assert(c);
5035
5ac1530e 5036 if (u->exported_log_ratelimit_burst)
90fc172e
AZ		 5037 return 0;
5038
5ac1530e 5039 if (c->log_ratelimit_burst == 0)
90fc172e
AZ		 5040 return 0;
5041
5042 p = strjoina("/run/systemd/units/log-rate-limit-burst:", u->id);
5043
5ac1530e 5044 if (asprintf(&buf, "%u", c->log_ratelimit_burst) < 0)
90fc172e
AZ		 5045 return log_oom();
5046
5047 r = symlink_atomic(buf, p);
5048 if (r < 0)
5049 return log_unit_debug_errno(u, r, "Failed to create log rate limit burst symlink %s: %m", p);
5050
5ac1530e 5051 u->exported_log_ratelimit_burst = true;
90fc172e
AZ		 5052 return 0;
5053}
5054
d3070fbd
LP		 5055void unit_export_state_files(Unit *u) {
5056 const ExecContext *c;
5057
5058 assert(u);
5059
5060 if (!u->id)
5061 return;
5062
638cece4 5063 if (MANAGER_IS_TEST_RUN(u->manager))
8f632531
LP		 5064 return;
5065
d3070fbd
LP		 5066 /* Exports a couple of unit properties to /run/systemd/units/, so that journald can quickly query this data
5067 * from there. Ideally, journald would use IPC to query this, like everybody else, but that's hard, as long as
5068 * the IPC system itself and PID 1 also log to the journal.
5069 *
5070 * Note that these files really shouldn't be considered API for anyone else, as use a runtime file system as
5071 * IPC replacement is not compatible with today's world of file system namespaces. However, this doesn't really
5072 * apply to communication between the journal and systemd, as we assume that these two daemons live in the same
5073 * namespace at least.
5074 *
5075 * Note that some of the "files" exported here are actually symlinks and not regular files. Symlinks work
5076 * better for storing small bits of data, in particular as we can write them with two system calls, and read
5077 * them with one. */
5078
5079 (void) unit_export_invocation_id(u);
5080
2f8c48b6
AZ		 5081 if (!MANAGER_IS_SYSTEM(u->manager))
5082 return;
5083
d3070fbd
LP		 5084 c = unit_get_exec_context(u);
5085 if (c) {
5086 (void) unit_export_log_level_max(u, c);
5087 (void) unit_export_log_extra_fields(u, c);
5ac1530e
ZJS		 5088 (void) unit_export_log_ratelimit_interval(u, c);
5089 (void) unit_export_log_ratelimit_burst(u, c);
d3070fbd
LP		 5090 }
5091}
5092
5093void unit_unlink_state_files(Unit *u) {
5094 const char *p;
5095
5096 assert(u);
5097
5098 if (!u->id)
5099 return;
5100
d3070fbd
LP		 5101 /* Undoes the effect of unit_export_state() */
5102
5103 if (u->exported_invocation_id) {
2f8c48b6
AZ		 5104 _cleanup_free_ char *invocation_path = NULL;
5105 int r = unit_get_invocation_path(u, &invocation_path);
5106 if (r >= 0) {
5107 (void) unlink(invocation_path);
5108 u->exported_invocation_id = false;
5109 }
d3070fbd
LP		 5110 }
5111
2f8c48b6
AZ		 5112 if (!MANAGER_IS_SYSTEM(u->manager))
5113 return;
5114
d3070fbd
LP		 5115 if (u->exported_log_level_max) {
5116 p = strjoina("/run/systemd/units/log-level-max:", u->id);
5117 (void) unlink(p);
5118
5119 u->exported_log_level_max = false;
5120 }
5121
5122 if (u->exported_log_extra_fields) {
5123 p = strjoina("/run/systemd/units/extra-fields:", u->id);
5124 (void) unlink(p);
5125
5126 u->exported_log_extra_fields = false;
5127 }
90fc172e 5128
5ac1530e 5129 if (u->exported_log_ratelimit_interval) {
90fc172e
AZ		 5130 p = strjoina("/run/systemd/units/log-rate-limit-interval:", u->id);
5131 (void) unlink(p);
5132
5ac1530e 5133 u->exported_log_ratelimit_interval = false;
90fc172e
AZ		 5134 }
5135
5ac1530e 5136 if (u->exported_log_ratelimit_burst) {
90fc172e
AZ		 5137 p = strjoina("/run/systemd/units/log-rate-limit-burst:", u->id);
5138 (void) unlink(p);
5139
5ac1530e 5140 u->exported_log_ratelimit_burst = false;
90fc172e 5141 }
d3070fbd 5142}
5afe510c 5143
3c7416b6
LP		 5144int unit_prepare_exec(Unit *u) {
5145 int r;
5146
5147 assert(u);
5148
fab34748
KL		 5149 /* Load any custom firewall BPF programs here once to test if they are existing and actually loadable.
5150 * Fail here early since later errors in the call chain unit_realize_cgroup to cgroup_context_apply are ignored. */
5151 r = bpf_firewall_load_custom(u);
5152 if (r < 0)
5153 return r;
5154
3c7416b6
LP		 5155 /* Prepares everything so that we can fork of a process for this unit */
5156
5157 (void) unit_realize_cgroup(u);
5158
5159 if (u->reset_accounting) {
9b2559a1 5160 (void) unit_reset_accounting(u);
3c7416b6
LP		 5161 u->reset_accounting = false;
5162 }
5163
5164 unit_export_state_files(u);
5165
5166 r = unit_setup_exec_runtime(u);
5167 if (r < 0)
5168 return r;
5169
5170 r = unit_setup_dynamic_creds(u);
5171 if (r < 0)
5172 return r;
5173
5174 return 0;
5175}
5176
4c425434
LP		 5177static bool ignore_leftover_process(const char *comm) {
5178 return comm && comm[0] == '('; /* Most likely our own helper process (PAM?), ignore */
5179}
5180
5181int unit_log_leftover_process_start(pid_t pid, int sig, void *userdata) {
a4634b21
LP		 5182 _cleanup_free_ char *comm = NULL;
5183
5184 (void) get_process_comm(pid, &comm);
5185
4c425434 5186 if (ignore_leftover_process(comm))
c53d2d54 5187 return 0;
a4634b21 5188
4c425434
LP		 5189 /* During start we print a warning */
5190
a4634b21
LP		 5191 log_unit_warning(userdata,
5192 "Found left-over process " PID_FMT " (%s) in control group while starting unit. Ignoring.\n"
5193 "This usually indicates unclean termination of a previous run, or service implementation deficiencies.",
5194 pid, strna(comm));
c53d2d54
DB		 5195
5196 return 1;
a4634b21
LP		 5197}
5198
4c425434
LP		 5199int unit_log_leftover_process_stop(pid_t pid, int sig, void *userdata) {
5200 _cleanup_free_ char *comm = NULL;
5201
5202 (void) get_process_comm(pid, &comm);
5203
5204 if (ignore_leftover_process(comm))
5205 return 0;
5206
5207 /* During stop we only print an informational message */
5208
5209 log_unit_info(userdata,
5210 "Unit process " PID_FMT " (%s) remains running after unit stopped.",
5211 pid, strna(comm));
5212
5213 return 1;
5214}
5215
5216int unit_warn_leftover_processes(Unit *u, cg_kill_log_func_t log_func) {
a4634b21
LP		 5217 assert(u);
5218
5219 (void) unit_pick_cgroup_path(u);
5220
5221 if (!u->cgroup_path)
c53d2d54 5222 return 0;
a4634b21 5223
4c425434 5224 return cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, 0, 0, NULL, log_func, u);
a4634b21
LP		 5225}
5226
bb2c7685
LP		 5227bool unit_needs_console(Unit *u) {
5228 ExecContext *ec;
5229 UnitActiveState state;
5230
5231 assert(u);
5232
5233 state = unit_active_state(u);
5234
5235 if (UNIT_IS_INACTIVE_OR_FAILED(state))
5236 return false;
5237
5238 if (UNIT_VTABLE(u)->needs_console)
5239 return UNIT_VTABLE(u)->needs_console(u);
5240
5241 /* If this unit type doesn't implement this call, let's use a generic fallback implementation: */
5242 ec = unit_get_exec_context(u);
5243 if (!ec)
5244 return false;
5245
5246 return exec_context_may_touch_console(ec);
5247}
5248
f156e60c 5249const char *unit_label_path(const Unit *u) {
81e9871e
LP		 5250 const char *p;
5251
f156e60c
CG		 5252 assert(u);
5253
81e9871e
LP		 5254 /* Returns the file system path to use for MAC access decisions, i.e. the file to read the SELinux label off
5255 * when validating access checks. */
5256
5257 p = u->source_path ?: u->fragment_path;
5258 if (!p)
5259 return NULL;
5260
5261 /* If a unit is masked, then don't read the SELinux label of /dev/null, as that really makes no sense */
640f3b14 5262 if (null_or_empty_path(p) > 0)
81e9871e
LP		 5263 return NULL;
5264
5265 return p;
5266}
5267
6592b975
LP		 5268int unit_pid_attachable(Unit *u, pid_t pid, sd_bus_error *error) {
5269 int r;
5270
5271 assert(u);
5272
5273 /* Checks whether the specified PID is generally good for attaching, i.e. a valid PID, not our manager itself,
5274 * and not a kernel thread either */
5275
5276 /* First, a simple range check */
5277 if (!pid_is_valid(pid))
5278 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Process identifier " PID_FMT " is not valid.", pid);
5279
5280 /* Some extra safety check */
5281 if (pid == 1 || pid == getpid_cached())
3fe91079 5282 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Process " PID_FMT " is a manager process, refusing.", pid);
6592b975
LP		 5283
5284 /* Don't even begin to bother with kernel threads */
5285 r = is_kernel_thread(pid);
5286 if (r == -ESRCH)
5287 return sd_bus_error_setf(error, SD_BUS_ERROR_UNIX_PROCESS_ID_UNKNOWN, "Process with ID " PID_FMT " does not exist.", pid);
5288 if (r < 0)
5289 return sd_bus_error_set_errnof(error, r, "Failed to determine whether process " PID_FMT " is a kernel thread: %m", pid);
5290 if (r > 0)
5291 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Process " PID_FMT " is a kernel thread, refusing.", pid);
5292
5293 return 0;
5294}
5295
523ee2d4
LP		 5296void unit_log_success(Unit *u) {
5297 assert(u);
5298
5299 log_struct(LOG_INFO,
5300 "MESSAGE_ID=" SD_MESSAGE_UNIT_SUCCESS_STR,
5301 LOG_UNIT_ID(u),
5302 LOG_UNIT_INVOCATION_ID(u),
f5ec78e5 5303 LOG_UNIT_MESSAGE(u, "Deactivated successfully."));
523ee2d4
LP		 5304}
5305
7c047d74
LP		 5306void unit_log_failure(Unit *u, const char *result) {
5307 assert(u);
5308 assert(result);
5309
5310 log_struct(LOG_WARNING,
5311 "MESSAGE_ID=" SD_MESSAGE_UNIT_FAILURE_RESULT_STR,
5312 LOG_UNIT_ID(u),
5313 LOG_UNIT_INVOCATION_ID(u),
5314 LOG_UNIT_MESSAGE(u, "Failed with result '%s'.", result),
5315 "UNIT_RESULT=%s", result);
5316}
5317
31cd5f63
AZ		 5318void unit_log_skip(Unit *u, const char *result) {
5319 assert(u);
5320 assert(result);
5321
5322 log_struct(LOG_INFO,
5323 "MESSAGE_ID=" SD_MESSAGE_UNIT_SKIPPED_STR,
5324 LOG_UNIT_ID(u),
5325 LOG_UNIT_INVOCATION_ID(u),
5326 LOG_UNIT_MESSAGE(u, "Skipped due to '%s'.", result),
5327 "UNIT_RESULT=%s", result);
5328}
5329
91bbd9b7
LP		 5330void unit_log_process_exit(
5331 Unit *u,
91bbd9b7
LP		 5332 const char *kind,
5333 const char *command,
5cc2cd1c 5334 bool success,
91bbd9b7
LP		 5335 int code,
5336 int status) {
5337
5cc2cd1c
ZJS		 5338 int level;
5339
91bbd9b7
LP		 5340 assert(u);
5341 assert(kind);
5342
5cc2cd1c
ZJS		 5343 /* If this is a successful exit, let's log about the exit code on DEBUG level. If this is a failure
5344 * and the process exited on its own via exit(), then let's make this a NOTICE, under the assumption
5345 * that the service already logged the reason at a higher log level on its own. Otherwise, make it a
5346 * WARNING. */
5347 if (success)
5348 level = LOG_DEBUG;
5349 else if (code == CLD_EXITED)
5350 level = LOG_NOTICE;
5351 else
91bbd9b7
LP		 5352 level = LOG_WARNING;
5353
5354 log_struct(level,
5355 "MESSAGE_ID=" SD_MESSAGE_UNIT_PROCESS_EXIT_STR,
5356 LOG_UNIT_MESSAGE(u, "%s exited, code=%s, status=%i/%s",
5357 kind,
5358 sigchld_code_to_string(code), status,
5359 strna(code == CLD_EXITED
5360 ? exit_status_to_string(status, EXIT_STATUS_FULL)
5361 : signal_to_string(status))),
5362 "EXIT_CODE=%s", sigchld_code_to_string(code),
5363 "EXIT_STATUS=%i", status,
5364 "COMMAND=%s", strna(command),
5365 LOG_UNIT_ID(u),
5366 LOG_UNIT_INVOCATION_ID(u));
5367}
5368
7af67e9a
LP		 5369int unit_exit_status(Unit *u) {
5370 assert(u);
5371
5372 /* Returns the exit status to propagate for the most recent cycle of this unit. Returns a value in the range
5373 * 0…255 if there's something to propagate. EOPNOTSUPP if the concept does not apply to this unit type, ENODATA
5374 * if no data is currently known (for example because the unit hasn't deactivated yet) and EBADE if the main
5375 * service process has exited abnormally (signal/coredump). */
5376
5377 if (!UNIT_VTABLE(u)->exit_status)
5378 return -EOPNOTSUPP;
5379
5380 return UNIT_VTABLE(u)->exit_status(u);
5381}
5382
5383int unit_failure_action_exit_status(Unit *u) {
5384 int r;
5385
5386 assert(u);
5387
5388 /* Returns the exit status to propagate on failure, or an error if there's nothing to propagate */
5389
5390 if (u->failure_action_exit_status >= 0)
5391 return u->failure_action_exit_status;
5392
5393 r = unit_exit_status(u);
5394 if (r == -EBADE) /* Exited, but not cleanly (i.e. by signal or such) */
5395 return 255;
5396
5397 return r;
5398}
5399
5400int unit_success_action_exit_status(Unit *u) {
5401 int r;
5402
5403 assert(u);
5404
5405 /* Returns the exit status to propagate on success, or an error if there's nothing to propagate */
5406
5407 if (u->success_action_exit_status >= 0)
5408 return u->success_action_exit_status;
5409
5410 r = unit_exit_status(u);
5411 if (r == -EBADE) /* Exited, but not cleanly (i.e. by signal or such) */
5412 return 255;
5413
5414 return r;
5415}
5416
a4191c9f
LP		 5417int unit_test_trigger_loaded(Unit *u) {
5418 Unit *trigger;
5419
5420 /* Tests whether the unit to trigger is loaded */
5421
5422 trigger = UNIT_TRIGGER(u);
5423 if (!trigger)
e7b9f4d9
ZJS		 5424 return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOENT),
5425 "Refusing to start, no unit to trigger.");
a4191c9f 5426 if (trigger->load_state != UNIT_LOADED)
e7b9f4d9
ZJS		 5427 return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOENT),
5428 "Refusing to start, unit %s to trigger not loaded.", trigger->id);
a4191c9f
LP		 5429
5430 return 0;
5431}
5432
bb0c0d6f
LP		 5433void unit_destroy_runtime_data(Unit *u, const ExecContext *context) {
5434 assert(u);
5435 assert(context);
5436
95939aed
YW		 5437 if (context->runtime_directory_preserve_mode == EXEC_PRESERVE_NO ||
5438 (context->runtime_directory_preserve_mode == EXEC_PRESERVE_RESTART && !unit_will_restart(u)))
5439 exec_context_destroy_runtime_directory(context, u->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
bb0c0d6f
LP		 5440
5441 exec_context_destroy_credentials(context, u->manager->prefix[EXEC_DIRECTORY_RUNTIME], u->id);
95939aed
YW		 5442}
5443
380dc8b0
LP		 5444int unit_clean(Unit *u, ExecCleanMask mask) {
5445 UnitActiveState state;
5446
5447 assert(u);
5448
5449 /* Special return values:
5450 *
5451 * -EOPNOTSUPP → cleaning not supported for this unit type
5452 * -EUNATCH → cleaning not defined for this resource type
5453 * -EBUSY → unit currently can't be cleaned since it's running or not properly loaded, or has
5454 * a job queued or similar
5455 */
5456
5457 if (!UNIT_VTABLE(u)->clean)
5458 return -EOPNOTSUPP;
5459
5460 if (mask == 0)
5461 return -EUNATCH;
5462
5463 if (u->load_state != UNIT_LOADED)
5464 return -EBUSY;
5465
5466 if (u->job)
5467 return -EBUSY;
5468
5469 state = unit_active_state(u);
5470 if (!IN_SET(state, UNIT_INACTIVE))
5471 return -EBUSY;
5472
5473 return UNIT_VTABLE(u)->clean(u, mask);
5474}
5475
5476int unit_can_clean(Unit *u, ExecCleanMask *ret) {
5477 assert(u);
5478
5479 if (!UNIT_VTABLE(u)->clean ||
5480 u->load_state != UNIT_LOADED) {
5481 *ret = 0;
5482 return 0;
5483 }
5484
5485 /* When the clean() method is set, can_clean() really should be set too */
5486 assert(UNIT_VTABLE(u)->can_clean);
5487
5488 return UNIT_VTABLE(u)->can_clean(u, ret);
5489}
5490
d9e45bc3
MS		 5491bool unit_can_freeze(Unit *u) {
5492 assert(u);
5493
5494 if (UNIT_VTABLE(u)->can_freeze)
5495 return UNIT_VTABLE(u)->can_freeze(u);
5496
5497 return UNIT_VTABLE(u)->freeze;
5498}
5499
5500void unit_frozen(Unit *u) {
5501 assert(u);
5502
5503 u->freezer_state = FREEZER_FROZEN;
5504
5505 bus_unit_send_pending_freezer_message(u);
5506}
5507
5508void unit_thawed(Unit *u) {
5509 assert(u);
5510
5511 u->freezer_state = FREEZER_RUNNING;
5512
5513 bus_unit_send_pending_freezer_message(u);
5514}
5515
5516static int unit_freezer_action(Unit *u, FreezerAction action) {
5517 UnitActiveState s;
5518 int (*method)(Unit*);
5519 int r;
5520
5521 assert(u);
5522 assert(IN_SET(action, FREEZER_FREEZE, FREEZER_THAW));
5523
5524 method = action == FREEZER_FREEZE ? UNIT_VTABLE(u)->freeze : UNIT_VTABLE(u)->thaw;
5525 if (!method || !cg_freezer_supported())
5526 return -EOPNOTSUPP;
5527
5528 if (u->job)
5529 return -EBUSY;
5530
5531 if (u->load_state != UNIT_LOADED)
5532 return -EHOSTDOWN;
5533
5534 s = unit_active_state(u);
5535 if (s != UNIT_ACTIVE)
5536 return -EHOSTDOWN;
5537
5538 if (IN_SET(u->freezer_state, FREEZER_FREEZING, FREEZER_THAWING))
5539 return -EALREADY;
5540
5541 r = method(u);
5542 if (r <= 0)
5543 return r;
5544
5545 return 1;
5546}
5547
5548int unit_freeze(Unit *u) {
5549 return unit_freezer_action(u, FREEZER_FREEZE);
5550}
5551
5552int unit_thaw(Unit *u) {
5553 return unit_freezer_action(u, FREEZER_THAW);
5554}
5555
5556/* Wrappers around low-level cgroup freezer operations common for service and scope units */
5557int unit_freeze_vtable_common(Unit *u) {
5558 return unit_cgroup_freezer_action(u, FREEZER_FREEZE);
5559}
5560
5561int unit_thaw_vtable_common(Unit *u) {
5562 return unit_cgroup_freezer_action(u, FREEZER_THAW);
5563}
5564
5afe510c
LP		 5565static const char* const collect_mode_table[_COLLECT_MODE_MAX] = {
5566 [COLLECT_INACTIVE] = "inactive",
5567 [COLLECT_INACTIVE_OR_FAILED] = "inactive-or-failed",
5568};
5569
5570DEFINE_STRING_TABLE_LOOKUP(collect_mode, CollectMode);
Unnamed repository; edit this file 'description' to name the repository.