]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/unit.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
userdb: suppress creation of empty userdb dirs
[thirdparty/systemd.git] / src / core / unit.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
a7334b09 2
6553db60 3#include <fnmatch.h>
836e4e7e 4#include <linux/capability.h>
4f5dd394 5#include <unistd.h>
87f0e418 6
836e4e7e 7#include "sd-bus.h"
718db961
LP		 8#include "sd-id128.h"
9#include "sd-messages.h"
4f5dd394 10
57b7a260 11#include "all-units.h"
d68c645b 12#include "alloc-util.h"
b7120388 13#include "ansi-color.h"
fab34748 14#include "bpf-firewall.h"
836e4e7e 15#include "bpf-restrict-fs.h"
4f5dd394 16#include "bus-common-errors.h"
8df433d7 17#include "bus-internal.h"
4f5dd394 18#include "bus-util.h"
fdb3deca 19#include "cgroup-setup.h"
c6c18be3 20#include "cgroup-util.h"
f461a28d 21#include "chase.h"
a89afe19 22#include "chattr-util.h"
836e4e7e 23#include "condition.h"
1cf40697 24#include "dbus-unit.h"
4f5dd394 25#include "dropin.h"
4ea4abb6 26#include "dynamic-user.h"
88e4bfa6 27#include "env-util.h"
4f5dd394 28#include "escape.h"
43962c30 29#include "exec-credential.h"
4f5dd394 30#include "execute.h"
6a48d82f 31#include "fd-util.h"
ee228be1 32#include "fileio.h"
f97b34a6 33#include "format-util.h"
836e4e7e 34#include "fs-util.h"
4b58153d 35#include "id128-util.h"
5cfa33e0 36#include "install.h"
bd1ae178 37#include "iovec-util.h"
0690160e 38#include "label-util.h"
4f5dd394
LP		 39#include "load-dropin.h"
40#include "load-fragment.h"
41#include "log.h"
8c41640a 42#include "logarithm.h"
35cd0ba5 43#include "mkdir-label.h"
836e4e7e
DDM		 44#include "manager.h"
45#include "mount-util.h"
276bd392 46#include "mountpoint-util.h"
4f5dd394 47#include "path-util.h"
0b452006 48#include "process-util.h"
a89afe19 49#include "quota-util.h"
810ef318 50#include "rm-rf.h"
48b92b37 51#include "serialize.h"
4f5dd394 52#include "set.h"
6eb7c172 53#include "signal-util.h"
836e4e7e 54#include "siphash24.h"
d3070fbd 55#include "sparse-endian.h"
e9db43d5 56#include "special.h"
2e59b241 57#include "specifier.h"
8fcde012 58#include "stat-util.h"
5afe510c 59#include "string-table.h"
07630cea 60#include "string-util.h"
4f5dd394 61#include "strv.h"
e4de7287 62#include "tmpfile-util.h"
4f4afc88 63#include "umask-util.h"
e9db43d5 64#include "unit.h"
1cf40697 65#include "unit-name.h"
b1d4f8e1 66#include "user-util.h"
bad578b1 67#include "varlink.h"
87f0e418 68
37109b85 69/* Thresholds for logging at INFO level about resource consumption */
b1b84bc5
MY		 70#define MENTIONWORTHY_CPU_NSEC (1 * NSEC_PER_SEC)
71#define MENTIONWORTHY_MEMORY_BYTES (64 * U64_MB)
72#define MENTIONWORTHY_IO_BYTES (1 * U64_MB)
73#define MENTIONWORTHY_IP_BYTES UINT64_C(0)
37109b85 74
b1b84bc5
MY		 75/* Thresholds for logging at NOTICE level about resource consumption */
76#define NOTICEWORTHY_CPU_NSEC (10 * NSEC_PER_MINUTE)
77#define NOTICEWORTHY_MEMORY_BYTES (512 * U64_MB)
78#define NOTICEWORTHY_IO_BYTES (10 * U64_MB)
79#define NOTICEWORTHY_IP_BYTES (128 * U64_MB)
37109b85 80
87f0e418 81const UnitVTable * const unit_vtable[_UNIT_TYPE_MAX] = {
17f6b640
YW		 82 [UNIT_SERVICE] = &service_vtable,
83 [UNIT_SOCKET] = &socket_vtable,
84 [UNIT_TARGET] = &target_vtable,
85 [UNIT_DEVICE] = &device_vtable,
86 [UNIT_MOUNT] = &mount_vtable,
87f0e418 87 [UNIT_AUTOMOUNT] = &automount_vtable,
17f6b640
YW		 88 [UNIT_SWAP] = &swap_vtable,
89 [UNIT_TIMER] = &timer_vtable,
90 [UNIT_PATH] = &path_vtable,
91 [UNIT_SLICE] = &slice_vtable,
92 [UNIT_SCOPE] = &scope_vtable,
87f0e418
LP		 93};
94
75db809a 95Unit* unit_new(Manager *m, size_t size) {
87f0e418
LP		 96 Unit *u;
97
98 assert(m);
ac155bb8 99 assert(size >= sizeof(Unit));
87f0e418 100
7d17cfbc
MS		 101 u = malloc0(size);
102 if (!u)
87f0e418
LP		 103 return NULL;
104
ac155bb8
MS		 105 u->manager = m;
106 u->type = _UNIT_TYPE_INVALID;
ac155bb8
MS		 107 u->default_dependencies = true;
108 u->unit_file_state = _UNIT_FILE_STATE_INVALID;
7cb7f8b8 109 u->unit_file_preset = _PRESET_ACTION_INVALID;
d420282b 110 u->on_failure_job_mode = JOB_REPLACE;
294446dc 111 u->on_success_job_mode = JOB_FAIL;
36c16a7c 112 u->job_timeout = USEC_INFINITY;
a2df3ea4 113 u->job_running_timeout = USEC_INFINITY;
00d9ef85
LP		 114 u->ref_uid = UID_INVALID;
115 u->ref_gid = GID_INVALID;
9824ab1f 116
7af67e9a 117 u->failure_action_exit_status = u->success_action_exit_status = -1;
87f0e418 118
2e59b241
LP		 119 u->last_section_private = -1;
120
14702b9c 121 u->start_ratelimit = m->defaults.start_limit;
c9e120e0 122
9cc54544
LP		 123 u->auto_start_stop_ratelimit = (const RateLimit) {
124 .interval = 10 * USEC_PER_SEC,
125 .burst = 16
126 };
127
87f0e418
LP		 128 return u;
129}
130
a581e45a 131int unit_new_for_name(Manager *m, size_t size, const char *name, Unit **ret) {
dc409696 132 _cleanup_(unit_freep) Unit *u = NULL;
a581e45a
LP		 133 int r;
134
135 u = unit_new(m, size);
136 if (!u)
137 return -ENOMEM;
138
139 r = unit_add_name(u, name);
dc409696 140 if (r < 0)
a581e45a 141 return r;
a581e45a 142
1cc6c93a
YW		 143 *ret = TAKE_PTR(u);
144
a581e45a
LP		 145 return r;
146}
147
303ee601 148bool unit_has_name(const Unit *u, const char *name) {
f278026d
LP		 149 assert(u);
150 assert(name);
151
4562c355
ZJS		 152 return streq_ptr(name, u->id) ||
153 set_contains(u->aliases, name);
f278026d
LP		 154}
155
598459ce
LP		 156static void unit_init(Unit *u) {
157 CGroupContext *cc;
158 ExecContext *ec;
159 KillContext *kc;
160
161 assert(u);
162 assert(u->manager);
163 assert(u->type >= 0);
164
165 cc = unit_get_cgroup_context(u);
166 if (cc) {
167 cgroup_context_init(cc);
168
169 /* Copy in the manager defaults into the cgroup
170 * context, _before_ the rest of the settings have
171 * been initialized */
172
c9e120e0 173 cc->io_accounting = u->manager->defaults.io_accounting;
c9e120e0
LP		 174 cc->memory_accounting = u->manager->defaults.memory_accounting;
175 cc->tasks_accounting = u->manager->defaults.tasks_accounting;
176 cc->ip_accounting = u->manager->defaults.ip_accounting;
0af20ea2
LP		 177
178 if (u->type != UNIT_SLICE)
c9e120e0 179 cc->tasks_max = u->manager->defaults.tasks_max;
6bb00842 180
c9e120e0
LP		 181 cc->memory_pressure_watch = u->manager->defaults.memory_pressure_watch;
182 cc->memory_pressure_threshold_usec = u->manager->defaults.memory_pressure_threshold_usec;
598459ce
LP		 183 }
184
185 ec = unit_get_exec_context(u);
b1edf445 186 if (ec) {
598459ce
LP		 187 exec_context_init(ec);
188
c9e120e0
LP		 189 if (u->manager->defaults.oom_score_adjust_set) {
190 ec->oom_score_adjust = u->manager->defaults.oom_score_adjust;
d4a402e4
LP		 191 ec->oom_score_adjust_set = true;
192 }
193
30bbdf07
G		 194 ec->restrict_suid_sgid = u->manager->defaults.restrict_suid_sgid;
195
5e37d193
FB		 196 if (MANAGER_IS_SYSTEM(u->manager))
197 ec->keyring_mode = EXEC_KEYRING_SHARED;
198 else {
199 ec->keyring_mode = EXEC_KEYRING_INHERIT;
200
201 /* User manager might have its umask redefined by PAM or UMask=. In this
202 * case let the units it manages inherit this value by default. They can
203 * still tune this value through their own unit file */
41beeb3e 204 (void) get_process_umask(0, &ec->umask);
5e37d193 205 }
b1edf445
LP		 206 }
207
598459ce
LP		 208 kc = unit_get_kill_context(u);
209 if (kc)
210 kill_context_init(kc);
211
212 if (UNIT_VTABLE(u)->init)
213 UNIT_VTABLE(u)->init(u);
214}
215
4562c355
ZJS		 216static int unit_add_alias(Unit *u, char *donated_name) {
217 int r;
218
219 /* Make sure that u->names is allocated. We may leave u->names
220 * empty if we fail later, but this is not a problem. */
5c6ea302 221 r = set_ensure_put(&u->aliases, &string_hash_ops_free, donated_name);
4562c355
ZJS		 222 if (r < 0)
223 return r;
224 assert(r > 0);
225
226 return 0;
227}
228
87f0e418 229int unit_add_name(Unit *u, const char *text) {
4562c355 230 _cleanup_free_ char *name = NULL, *instance = NULL;
87f0e418 231 UnitType t;
87f0e418
LP		 232 int r;
233
234 assert(u);
235 assert(text);
236
7410616c 237 if (unit_name_is_valid(text, UNIT_NAME_TEMPLATE)) {
ac155bb8 238 if (!u->instance)
acd1987a 239 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EINVAL),
4e494e6a 240 "Instance is not set when adding name '%s'.", text);
87f0e418 241
4562c355 242 r = unit_name_replace_instance(text, u->instance, &name);
7410616c 243 if (r < 0)
acd1987a 244 return log_unit_debug_errno(u, r,
4e494e6a 245 "Failed to build instance name from '%s': %m", text);
7410616c 246 } else {
4562c355
ZJS		 247 name = strdup(text);
248 if (!name)
7410616c
LP		 249 return -ENOMEM;
250 }
87f0e418 251
4562c355 252 if (unit_has_name(u, name))
7410616c 253 return 0;
4562c355
ZJS		 254
255 if (hashmap_contains(u->manager->units, name))
acd1987a 256 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EEXIST),
4e494e6a 257 "Unit already exist when adding name '%s'.", name);
7410616c 258
4562c355 259 if (!unit_name_is_valid(name, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE))
acd1987a 260 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EINVAL),
4e494e6a 261 "Name '%s' is invalid.", name);
e537352b 262
4562c355 263 t = unit_name_to_type(name);
7410616c 264 if (t < 0)
acd1987a 265 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EINVAL),
4e494e6a 266 "failed to derive unit type from name '%s'.", name);
87f0e418 267
598459ce 268 if (u->type != _UNIT_TYPE_INVALID && t != u->type)
acd1987a 269 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EINVAL),
4e494e6a 270 "Unit type is illegal: u->type(%d) and t(%d) for name '%s'.",
4562c355 271 u->type, t, name);
87f0e418 272
4562c355 273 r = unit_name_to_instance(name, &instance);
e48614c4 274 if (r < 0)
4e494e6a 275 return log_unit_debug_errno(u, r, "Failed to extract instance from name '%s': %m", name);
87f0e418 276
4562c355 277 if (instance && !unit_type_may_template(t))
4e494e6a 278 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EINVAL), "Templates are not allowed for name '%s'.", name);
9e2f7c11 279
d383acad
ZJS		 280 /* Ensure that this unit either has no instance, or that the instance matches. */
281 if (u->type != _UNIT_TYPE_INVALID && !streq_ptr(u->instance, instance))
acd1987a 282 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EINVAL),
4e494e6a 283 "Cannot add name %s, the instances don't match (\"%s\" != \"%s\").",
ada4b34e 284 name, instance, u->instance);
9e2f7c11 285
4562c355 286 if (u->id && !unit_type_may_alias(t))
ada4b34e 287 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EEXIST),
4e494e6a 288 "Cannot add name %s, aliases are not allowed for %s units.",
ada4b34e 289 name, unit_type_to_string(t));
9e2f7c11 290
598459ce 291 if (hashmap_size(u->manager->units) >= MANAGER_MAX_NAMES)
4e494e6a 292 return log_unit_warning_errno(u, SYNTHETIC_ERRNO(E2BIG), "Cannot add name, manager has too many units.");
4f0f902f 293
4562c355
ZJS		 294 /* Add name to the global hashmap first, because that's easier to undo */
295 r = hashmap_put(u->manager->units, name, u);
7410616c 296 if (r < 0)
4e494e6a 297 return log_unit_debug_errno(u, r, "Add unit to hashmap failed for name '%s': %m", text);
87f0e418 298
4562c355
ZJS		 299 if (u->id) {
300 r = unit_add_alias(u, name); /* unit_add_alias() takes ownership of the name on success */
301 if (r < 0) {
302 hashmap_remove(u->manager->units, name);
303 return r;
304 }
305 TAKE_PTR(name);
306
307 } else {
308 /* A new name, we don't need the set yet. */
309 assert(u->type == _UNIT_TYPE_INVALID);
310 assert(!u->instance);
311
ac155bb8 312 u->type = t;
4562c355
ZJS		 313 u->id = TAKE_PTR(name);
314 u->instance = TAKE_PTR(instance);
9e2f7c11 315
71fda00f 316 LIST_PREPEND(units_by_type, u->manager->units_by_type[t], u);
598459ce 317 unit_init(u);
598459ce 318 }
9e2f7c11 319
598459ce
LP		 320 unit_add_to_dbus_queue(u);
321 return 0;
87f0e418
LP		 322}
323
0ae97ec1 324int unit_choose_id(Unit *u, const char *name) {
68eda4bd 325 _cleanup_free_ char *t = NULL;
4562c355 326 char *s;
276c3e78 327 int r;
0ae97ec1
LP		 328
329 assert(u);
330 assert(name);
331
7410616c 332 if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) {
ac155bb8 333 if (!u->instance)
9e2f7c11
LP		 334 return -EINVAL;
335
7410616c
LP		 336 r = unit_name_replace_instance(name, u->instance, &t);
337 if (r < 0)
338 return r;
9e2f7c11
LP		 339
340 name = t;
341 }
342
4562c355
ZJS		 343 if (streq_ptr(u->id, name))
344 return 0; /* Nothing to do. */
345
346 /* Selects one of the aliases of this unit as the id */
347 s = set_get(u->aliases, (char*) name);
9e2f7c11 348 if (!s)
0ae97ec1
LP		 349 return -ENOENT;
350
4562c355
ZJS		 351 if (u->id) {
352 r = set_remove_and_put(u->aliases, name, u->id);
353 if (r < 0)
354 return r;
355 } else
356 assert_se(set_remove(u->aliases, name)); /* see set_get() above… */
276c3e78 357
4562c355 358 u->id = s; /* Old u->id is now stored in the set, and s is not stored anywhere */
c1e1601e 359 unit_add_to_dbus_queue(u);
9e2f7c11 360
0ae97ec1
LP		 361 return 0;
362}
363
f50e0a01 364int unit_set_description(Unit *u, const char *description) {
84b26d51 365 int r;
f50e0a01
LP		 366
367 assert(u);
368
84b26d51
LP		 369 r = free_and_strdup(&u->description, empty_to_null(description));
370 if (r < 0)
371 return r;
372 if (r > 0)
373 unit_add_to_dbus_queue(u);
c1e1601e 374
f50e0a01
LP		 375 return 0;
376}
377
02de9614
ZJS		 378static bool unit_success_failure_handler_has_jobs(Unit *unit) {
379 Unit *other;
380
381 UNIT_FOREACH_DEPENDENCY(other, unit, UNIT_ATOM_ON_SUCCESS)
382 if (other->job || other->nop_job)
383 return true;
384
385 UNIT_FOREACH_DEPENDENCY(other, unit, UNIT_ATOM_ON_FAILURE)
386 if (other->job || other->nop_job)
387 return true;
388
389 return false;
390}
391
6ac62d61
LP		 392void unit_release_resources(Unit *u) {
393 UnitActiveState state;
1ba84fef 394 ExecContext *ec;
6ac62d61
LP		 395
396 assert(u);
397
398 if (u->job || u->nop_job)
399 return;
400
401 if (u->perpetual)
402 return;
403
404 state = unit_active_state(u);
468e8726 405 if (!UNIT_IS_INACTIVE_OR_FAILED(state))
6ac62d61
LP		 406 return;
407
408 if (unit_will_restart(u))
409 return;
410
1ba84fef
LP		 411 ec = unit_get_exec_context(u);
412 if (ec && ec->runtime_directory_preserve_mode == EXEC_PRESERVE_RESTART)
413 exec_context_destroy_runtime_directory(ec, u->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
414
6ac62d61
LP		 415 if (UNIT_VTABLE(u)->release_resources)
416 UNIT_VTABLE(u)->release_resources(u);
417}
418
f2f725e5 419bool unit_may_gc(Unit *u) {
a354329f 420 UnitActiveState state;
e98b2fbb 421 int r;
5afe510c 422
701cc384
LP		 423 assert(u);
424
6ac62d61
LP		 425 /* Checks whether the unit is ready to be unloaded for garbage collection. Returns true when the
426 * unit may be collected, and false if there's some reason to keep it loaded.
2641f02e 427 *
6ac62d61
LP		 428 * References from other units are *not* checked here. Instead, this is done in unit_gc_sweep(), but
429 * using markers to properly collect dependency loops.
2641f02e 430 */
5afe510c 431
02de9614 432 if (u->job || u->nop_job)
f2f725e5 433 return false;
6c073082 434
f5869324 435 if (u->perpetual)
f2f725e5 436 return false;
9d576438 437
935f8042
LP		 438 /* if we saw a cgroup empty event for this unit, stay around until we processed it so that we remove
439 * the empty cgroup if possible. Similar, process any pending OOM events if they are already queued
440 * before we release the unit. */
441 if (u->in_cgroup_empty_queue || u->in_cgroup_oom_queue)
8db99898
RP		 442 return false;
443
af05bb97
LP		 444 /* Make sure to send out D-Bus events before we unload the unit */
445 if (u->in_dbus_queue)
446 return false;
447
05a98afd 448 if (sd_bus_track_count(u->bus_track) > 0)
f2f725e5 449 return false;
05a98afd 450
6ac62d61
LP		 451 state = unit_active_state(u);
452
453 /* But we keep the unit object around for longer when it is referenced or configured to not be
454 * gc'ed */
5afe510c
LP		 455 switch (u->collect_mode) {
456
457 case COLLECT_INACTIVE:
458 if (state != UNIT_INACTIVE)
f2f725e5 459 return false;
5afe510c
LP		 460
461 break;
462
463 case COLLECT_INACTIVE_OR_FAILED:
fcd7aef7 464 if (!UNIT_IS_INACTIVE_OR_FAILED(state))
f2f725e5 465 return false;
5afe510c
LP		 466
467 break;
468
469 default:
04499a70 470 assert_not_reached();
5afe510c
LP		 471 }
472
02de9614
ZJS		 473 /* Check if any OnFailure= or on Success= jobs may be pending */
474 if (unit_success_failure_handler_has_jobs(u))
475 return false;
476
9cc54544
LP		 477 /* If the unit has a cgroup, then check whether there's anything in it. If so, we should stay
478 * around. Units with active processes should never be collected. */
479 r = unit_cgroup_is_empty(u);
4918f14a
MY		 480 if (r <= 0 && !IN_SET(r, -ENXIO, -EOWNERDEAD))
481 return false; /* ENXIO/EOWNERDEAD means: currently not realized */
e98b2fbb 482
6ac62d61
LP		 483 if (!UNIT_VTABLE(u)->may_gc)
484 return true;
701cc384 485
6ac62d61 486 return UNIT_VTABLE(u)->may_gc(u);
701cc384
LP		 487}
488
87f0e418
LP		 489void unit_add_to_load_queue(Unit *u) {
490 assert(u);
ac155bb8 491 assert(u->type != _UNIT_TYPE_INVALID);
87f0e418 492
ac155bb8 493 if (u->load_state != UNIT_STUB || u->in_load_queue)
87f0e418
LP		 494 return;
495
71fda00f 496 LIST_PREPEND(load_queue, u->manager->load_queue, u);
ac155bb8 497 u->in_load_queue = true;
87f0e418
LP		 498}
499
23a177ef
LP		 500void unit_add_to_cleanup_queue(Unit *u) {
501 assert(u);
502
ac155bb8 503 if (u->in_cleanup_queue)
23a177ef
LP		 504 return;
505
71fda00f 506 LIST_PREPEND(cleanup_queue, u->manager->cleanup_queue, u);
ac155bb8 507 u->in_cleanup_queue = true;
23a177ef
LP		 508}
509
701cc384
LP		 510void unit_add_to_gc_queue(Unit *u) {
511 assert(u);
512
ac155bb8 513 if (u->in_gc_queue || u->in_cleanup_queue)
701cc384
LP		 514 return;
515
f2f725e5 516 if (!unit_may_gc(u))
701cc384
LP		 517 return;
518
c5a97ed1 519 LIST_PREPEND(gc_queue, u->manager->gc_unit_queue, u);
ac155bb8 520 u->in_gc_queue = true;
701cc384
LP		 521}
522
c1e1601e
LP		 523void unit_add_to_dbus_queue(Unit *u) {
524 assert(u);
ac155bb8 525 assert(u->type != _UNIT_TYPE_INVALID);
c1e1601e 526
ac155bb8 527 if (u->load_state == UNIT_STUB || u->in_dbus_queue)
c1e1601e
LP		 528 return;
529
a567261a 530 /* Shortcut things if nobody cares */
8f8f05a9 531 if (sd_bus_track_count(u->manager->subscribed) <= 0 &&
ae572acd 532 sd_bus_track_count(u->bus_track) <= 0 &&
8f8f05a9 533 set_isempty(u->manager->private_buses)) {
ac155bb8 534 u->sent_dbus_new_signal = true;
94b6dfa2
LP		 535 return;
536 }
537
71fda00f 538 LIST_PREPEND(dbus_queue, u->manager->dbus_unit_queue, u);
ac155bb8 539 u->in_dbus_queue = true;
c1e1601e
LP		 540}
541
fda09318 542void unit_submit_to_stop_when_unneeded_queue(Unit *u) {
a3c1168a
LP		 543 assert(u);
544
545 if (u->in_stop_when_unneeded_queue)
546 return;
547
548 if (!u->stop_when_unneeded)
549 return;
550
551 if (!UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u)))
552 return;
553
554 LIST_PREPEND(stop_when_unneeded_queue, u->manager->stop_when_unneeded_queue, u);
555 u->in_stop_when_unneeded_queue = true;
556}
557
0bc488c9
LP		 558void unit_submit_to_start_when_upheld_queue(Unit *u) {
559 assert(u);
560
561 if (u->in_start_when_upheld_queue)
562 return;
563
564 if (!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(u)))
565 return;
566
567 if (!unit_has_dependency(u, UNIT_ATOM_START_STEADILY, NULL))
568 return;
569
570 LIST_PREPEND(start_when_upheld_queue, u->manager->start_when_upheld_queue, u);
571 u->in_start_when_upheld_queue = true;
572}
573
56c59592
LP		 574void unit_submit_to_stop_when_bound_queue(Unit *u) {
575 assert(u);
576
577 if (u->in_stop_when_bound_queue)
578 return;
579
580 if (!UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u)))
581 return;
582
583 if (!unit_has_dependency(u, UNIT_ATOM_CANNOT_BE_ACTIVE_WITHOUT, NULL))
584 return;
585
586 LIST_PREPEND(stop_when_bound_queue, u->manager->stop_when_bound_queue, u);
587 u->in_stop_when_bound_queue = true;
588}
589
1ba84fef
LP		 590static bool unit_can_release_resources(Unit *u) {
591 ExecContext *ec;
592
593 assert(u);
594
595 if (UNIT_VTABLE(u)->release_resources)
596 return true;
597
598 ec = unit_get_exec_context(u);
599 if (ec && ec->runtime_directory_preserve_mode == EXEC_PRESERVE_RESTART)
600 return true;
601
602 return false;
603}
604
6ac62d61
LP		 605void unit_submit_to_release_resources_queue(Unit *u) {
606 assert(u);
607
608 if (u->in_release_resources_queue)
609 return;
610
611 if (u->job || u->nop_job)
612 return;
613
614 if (u->perpetual)
615 return;
616
1ba84fef 617 if (!unit_can_release_resources(u))
6ac62d61
LP		 618 return;
619
620 LIST_PREPEND(release_resources_queue, u->manager->release_resources_queue, u);
621 u->in_release_resources_queue = true;
622}
623
1b4ab5a2
MY		 624void unit_add_to_stop_notify_queue(Unit *u) {
625 assert(u);
626
627 if (u->in_stop_notify_queue)
628 return;
629
630 assert(UNIT_VTABLE(u)->stop_notify);
631
632 LIST_PREPEND(stop_notify_queue, u->manager->stop_notify_queue, u);
633 u->in_stop_notify_queue = true;
634}
635
636void unit_remove_from_stop_notify_queue(Unit *u) {
637 assert(u);
638
639 if (!u->in_stop_notify_queue)
640 return;
641
642 LIST_REMOVE(stop_notify_queue, u->manager->stop_notify_queue, u);
643 u->in_stop_notify_queue = false;
644}
645
15ed3c3a 646static void unit_clear_dependencies(Unit *u) {
87f0e418
LP		 647 assert(u);
648
15ed3c3a
LP		 649 /* Removes all dependencies configured on u and their reverse dependencies. */
650
651 for (Hashmap *deps; (deps = hashmap_steal_first(u->dependencies));) {
87f0e418 652
15ed3c3a
LP		 653 for (Unit *other; (other = hashmap_steal_first_key(deps));) {
654 Hashmap *other_deps;
701cc384 655
15ed3c3a
LP		 656 HASHMAP_FOREACH(other_deps, other->dependencies)
657 hashmap_remove(other_deps, u);
658
659 unit_add_to_gc_queue(other);
b7777d08 660 other->dependency_generation++;
15ed3c3a
LP		 661 }
662
663 hashmap_free(deps);
87f0e418
LP		 664 }
665
15ed3c3a 666 u->dependencies = hashmap_free(u->dependencies);
b7777d08 667 u->dependency_generation++;
87f0e418
LP		 668}
669
c2756a68 670static void unit_remove_transient(Unit *u) {
c2756a68 671 assert(u);
fce94c5c 672 assert(u->manager);
c2756a68
LP		 673
674 if (!u->transient)
675 return;
676
c2756a68 677 STRV_FOREACH(i, u->dropin_paths) {
39591351 678 _cleanup_free_ char *p = NULL, *pp = NULL;
c2756a68 679
45519d13 680 if (path_extract_directory(*i, &p) < 0) /* Get the drop-in directory from the drop-in file */
39591351
LP		 681 continue;
682
45519d13 683 if (path_extract_directory(p, &pp) < 0) /* Get the config directory from the drop-in directory */
39591351
LP		 684 continue;
685
686 /* Only drop transient drop-ins */
687 if (!path_equal(u->manager->lookup_paths.transient, pp))
688 continue;
c2756a68 689
39591351
LP		 690 (void) unlink(*i);
691 (void) rmdir(p);
c2756a68 692 }
fce94c5c
YW		 693
694 if (u->fragment_path) {
695 (void) unlink(u->fragment_path);
696 (void) unit_file_remove_from_name_map(
697 &u->manager->lookup_paths,
698 &u->manager->unit_cache_timestamp_hash,
699 &u->manager->unit_id_map,
700 &u->manager->unit_name_map,
701 &u->manager->unit_path_cache,
702 u->fragment_path);
703 }
c2756a68
LP		 704}
705
9e615fa3 706static void unit_free_mounts_for(Unit *u) {
eef85c4a 707 assert(u);
a57f7e2c 708
9e615fa3
LB		 709 for (UnitMountDependencyType t = 0; t < _UNIT_MOUNT_DEPENDENCY_TYPE_MAX; ++t) {
710 for (;;) {
711 _cleanup_free_ char *path = NULL;
712
713 path = hashmap_steal_first_key(u->mounts_for[t]);
714 if (!path)
715 break;
a57f7e2c 716
eef85c4a 717 char s[strlen(path) + 1];
a57f7e2c 718
eef85c4a
LP		 719 PATH_FOREACH_PREFIX_MORE(s, path) {
720 char *y;
721 Set *x;
722
9e615fa3 723 x = hashmap_get2(u->manager->units_needing_mounts_for[t], s, (void**) &y);
eef85c4a
LP		 724 if (!x)
725 continue;
a57f7e2c 726
eef85c4a 727 (void) set_remove(x, u);
a57f7e2c 728
eef85c4a 729 if (set_isempty(x)) {
9e615fa3 730 assert_se(hashmap_remove(u->manager->units_needing_mounts_for[t], y));
eef85c4a
LP		 731 free(y);
732 set_free(x);
733 }
a57f7e2c
LP		 734 }
735 }
a57f7e2c 736
9e615fa3
LB		 737 u->mounts_for[t] = hashmap_free(u->mounts_for[t]);
738 }
a57f7e2c
LP		 739}
740
598459ce
LP		 741static void unit_done(Unit *u) {
742 ExecContext *ec;
743 CGroupContext *cc;
744
745 assert(u);
746
747 if (u->type < 0)
748 return;
749
750 if (UNIT_VTABLE(u)->done)
751 UNIT_VTABLE(u)->done(u);
752
753 ec = unit_get_exec_context(u);
754 if (ec)
755 exec_context_done(ec);
756
757 cc = unit_get_cgroup_context(u);
758 if (cc)
759 cgroup_context_done(cc);
760}
761
75db809a 762Unit* unit_free(Unit *u) {
12f64221 763 Unit *slice;
87f0e418
LP		 764 char *t;
765
c9d5c9c0 766 if (!u)
75db809a 767 return NULL;
87f0e418 768
7223d500
LB		 769 sd_event_source_disable_unref(u->auto_start_stop_event_source);
770
50fb00b7 771 u->transient_file = safe_fclose(u->transient_file);
4f4afc88 772
2c289ea8 773 if (!MANAGER_IS_RELOADING(u->manager))
c2756a68
LP		 774 unit_remove_transient(u);
775
c1e1601e
LP		 776 bus_unit_send_removed_signal(u);
777
598459ce 778 unit_done(u);
a013b84b 779
73458283
YW		 780 u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
781 u->bus_track = sd_bus_track_unref(u->bus_track);
05a98afd 782 u->deserialized_refs = strv_free(u->deserialized_refs);
af1e3365 783 u->pending_freezer_invocation = sd_bus_message_unref(u->pending_freezer_invocation);
05a98afd 784
9e615fa3 785 unit_free_mounts_for(u);
a57f7e2c 786
90e74a66 787 SET_FOREACH(t, u->aliases)
ac155bb8 788 hashmap_remove_value(u->manager->units, t, u);
4562c355
ZJS		 789 if (u->id)
790 hashmap_remove_value(u->manager->units, u->id, u);
87f0e418 791
4b58153d
LP		 792 if (!sd_id128_is_null(u->invocation_id))
793 hashmap_remove_value(u->manager->units_by_invocation_id, &u->invocation_id, u);
794
97e7d748
MS		 795 if (u->job) {
796 Job *j = u->job;
797 job_uninstall(j);
798 job_free(j);
799 }
964e0949 800
e0209d83
MS		 801 if (u->nop_job) {
802 Job *j = u->nop_job;
803 job_uninstall(j);
804 job_free(j);
805 }
806
4c591f39
MK		 807 /* A unit is being dropped from the tree, make sure our family is realized properly. Do this after we
808 * detach the unit from slice tree in order to eliminate its effect on controller masks. */
12f64221 809 slice = UNIT_GET_SLICE(u);
d219a2b0 810 unit_clear_dependencies(u);
12f64221
LP		 811 if (slice)
812 unit_add_family_to_cgroup_realize_queue(slice);
fb46fca7 813
adefcf28
LP		 814 if (u->on_console)
815 manager_unref_console(u->manager);
816
4918f14a 817 unit_release_cgroup(u, /* drop_cgroup_runtime = */ true);
72673e86 818
d3070fbd
LP		 819 if (!MANAGER_IS_RELOADING(u->manager))
820 unit_unlink_state_files(u);
821
00d9ef85
LP		 822 unit_unref_uid_gid(u, false);
823
5269eb6b 824 (void) manager_update_failed_units(u->manager, u, false);
db785129 825 set_remove(u->manager->startup_units, u);
f755e3b7 826
a911bb9a
LP		 827 unit_unwatch_all_pids(u);
828
7f7d01ed
ZJS		 829 while (u->refs_by_target)
830 unit_ref_unset(u->refs_by_target);
57020a3a 831
ac155bb8 832 if (u->type != _UNIT_TYPE_INVALID)
71fda00f 833 LIST_REMOVE(units_by_type, u->manager->units_by_type[u->type], u);
ef734fd6 834
ac155bb8 835 if (u->in_load_queue)
71fda00f 836 LIST_REMOVE(load_queue, u->manager->load_queue, u);
87f0e418 837
ac155bb8 838 if (u->in_dbus_queue)
71fda00f 839 LIST_REMOVE(dbus_queue, u->manager->dbus_unit_queue, u);
c1e1601e 840
13e72103
MK		 841 if (u->in_cleanup_queue)
842 LIST_REMOVE(cleanup_queue, u->manager->cleanup_queue, u);
843
a2d72e26 844 if (u->in_gc_queue)
c5a97ed1 845 LIST_REMOVE(gc_queue, u->manager->gc_unit_queue, u);
701cc384 846
91a6073e
LP		 847 if (u->in_cgroup_realize_queue)
848 LIST_REMOVE(cgroup_realize_queue, u->manager->cgroup_realize_queue, u);
87f0e418 849
09e24654
LP		 850 if (u->in_cgroup_empty_queue)
851 LIST_REMOVE(cgroup_empty_queue, u->manager->cgroup_empty_queue, u);
852
13e72103
MK		 853 if (u->in_cgroup_oom_queue)
854 LIST_REMOVE(cgroup_oom_queue, u->manager->cgroup_oom_queue, u);
adefcf28 855
19496554
MS		 856 if (u->in_target_deps_queue)
857 LIST_REMOVE(target_deps_queue, u->manager->target_deps_queue, u);
858
a3c1168a
LP		 859 if (u->in_stop_when_unneeded_queue)
860 LIST_REMOVE(stop_when_unneeded_queue, u->manager->stop_when_unneeded_queue, u);
861
0bc488c9
LP		 862 if (u->in_start_when_upheld_queue)
863 LIST_REMOVE(start_when_upheld_queue, u->manager->start_when_upheld_queue, u);
864
56c59592
LP		 865 if (u->in_stop_when_bound_queue)
866 LIST_REMOVE(stop_when_bound_queue, u->manager->stop_when_bound_queue, u);
867
6ac62d61
LP		 868 if (u->in_release_resources_queue)
869 LIST_REMOVE(release_resources_queue, u->manager->release_resources_queue, u);
870
1b4ab5a2
MY		 871 unit_remove_from_stop_notify_queue(u);
872
a946fa9b
ZJS		 873 condition_free_list(u->conditions);
874 condition_free_list(u->asserts);
f755e3b7 875
ac155bb8 876 free(u->description);
49dbfa7b 877 strv_free(u->documentation);
ac155bb8 878 free(u->fragment_path);
1b64d026 879 free(u->source_path);
ae7a7182 880 strv_free(u->dropin_paths);
ac155bb8 881 free(u->instance);
87f0e418 882
f189ab18 883 free(u->job_timeout_reboot_arg);
6bf0f408
LP		 884 free(u->reboot_arg);
885
23e9a7dd
LP		 886 free(u->access_selinux_context);
887
5c6ea302 888 set_free(u->aliases);
4562c355
ZJS		 889 free(u->id);
890
48b92b37
LB		 891 activation_details_unref(u->activation_details);
892
75db809a 893 return mfree(u);
87f0e418
LP		 894}
895
896UnitActiveState unit_active_state(Unit *u) {
897 assert(u);
898
ac155bb8 899 if (u->load_state == UNIT_MERGED)
6124958c
LP		 900 return unit_active_state(unit_follow_merge(u));
901
902 /* After a reload it might happen that a unit is not correctly
903 * loaded but still has a process around. That's why we won't
fdf20a31 904 * shortcut failed loading to UNIT_INACTIVE_FAILED. */
87f0e418
LP		 905
906 return UNIT_VTABLE(u)->active_state(u);
907}
908
10a94420
LP		 909const char* unit_sub_state_to_string(Unit *u) {
910 assert(u);
911
912 return UNIT_VTABLE(u)->sub_state_to_string(u);
913}
914
15ed3c3a 915static int unit_merge_names(Unit *u, Unit *other) {
4562c355 916 char *name;
7c0b05e5 917 int r;
87f0e418 918
23a177ef
LP		 919 assert(u);
920 assert(other);
921
4562c355 922 r = unit_add_alias(u, other->id);
7c0b05e5
MS		 923 if (r < 0)
924 return r;
23a177ef 925
4562c355
ZJS		 926 r = set_move(u->aliases, other->aliases);
927 if (r < 0) {
928 set_remove(u->aliases, other->id);
929 return r;
930 }
23a177ef 931
4562c355 932 TAKE_PTR(other->id);
5c6ea302 933 other->aliases = set_free(other->aliases);
23a177ef 934
90e74a66 935 SET_FOREACH(name, u->aliases)
4562c355 936 assert_se(hashmap_replace(u->manager->units, name, u) == 0);
7c0b05e5
MS		 937
938 return 0;
87f0e418
LP		 939}
940
15ed3c3a
LP		 941static int unit_reserve_dependencies(Unit *u, Unit *other) {
942 size_t n_reserve;
943 Hashmap* deps;
944 void *d;
945 int r;
09a65f92
MS		 946
947 assert(u);
948 assert(other);
09a65f92 949
15ed3c3a
LP		 950 /* Let's reserve some space in the dependency hashmaps so that later on merging the units cannot
951 * fail.
952 *
18fe76eb 953 * First make some room in the per dependency type hashmaps. Using the summed size of both units'
15ed3c3a
LP		 954 * hashmaps is an estimate that is likely too high since they probably use some of the same
955 * types. But it's never too low, and that's all we need. */
956
957 n_reserve = MIN(hashmap_size(other->dependencies), LESS_BY((size_t) _UNIT_DEPENDENCY_MAX, hashmap_size(u->dependencies)));
958 if (n_reserve > 0) {
959 r = hashmap_ensure_allocated(&u->dependencies, NULL);
960 if (r < 0)
961 return r;
962
963 r = hashmap_reserve(u->dependencies, n_reserve);
964 if (r < 0)
965 return r;
966 }
967
968 /* Now, enlarge our per dependency type hashmaps by the number of entries in the same hashmap of the
969 * other unit's dependencies.
970 *
971 * NB: If u does not have a dependency set allocated for some dependency type, there is no need to
972 * reserve anything for. In that case other's set will be transferred as a whole to u by
973 * complete_move(). */
974
975 HASHMAP_FOREACH_KEY(deps, d, u->dependencies) {
976 Hashmap *other_deps;
977
978 other_deps = hashmap_get(other->dependencies, d);
979
980 r = hashmap_reserve(deps, hashmap_size(other_deps));
981 if (r < 0)
982 return r;
983 }
984
985 return 0;
986}
987
ed991163 988static bool unit_should_warn_about_dependency(UnitDependency dependency) {
15ed3c3a 989 /* Only warn about some unit types */
ed991163
YW		 990 return IN_SET(dependency,
991 UNIT_CONFLICTS,
992 UNIT_CONFLICTED_BY,
993 UNIT_BEFORE,
994 UNIT_AFTER,
995 UNIT_ON_SUCCESS,
996 UNIT_ON_FAILURE,
997 UNIT_TRIGGERS,
998 UNIT_TRIGGERED_BY);
15ed3c3a
LP		 999}
1000
1001static int unit_per_dependency_type_hashmap_update(
1002 Hashmap *per_type,
1003 Unit *other,
1004 UnitDependencyMask origin_mask,
1005 UnitDependencyMask destination_mask) {
1006
1007 UnitDependencyInfo info;
1008 int r;
1009
1010 assert(other);
1011 assert_cc(sizeof(void*) == sizeof(info));
1012
1013 /* Acquire the UnitDependencyInfo entry for the Unit* we are interested in, and update it if it
1014 * exists, or insert it anew if not. */
09a65f92 1015
15ed3c3a
LP		 1016 info.data = hashmap_get(per_type, other);
1017 if (info.data) {
1018 /* Entry already exists. Add in our mask. */
1019
1020 if (FLAGS_SET(origin_mask, info.origin_mask) &&
1021 FLAGS_SET(destination_mask, info.destination_mask))
1022 return 0; /* NOP */
1023
1024 info.origin_mask |= origin_mask;
1025 info.destination_mask |= destination_mask;
1026
1027 r = hashmap_update(per_type, other, info.data);
1028 } else {
1029 info = (UnitDependencyInfo) {
1030 .origin_mask = origin_mask,
1031 .destination_mask = destination_mask,
1032 };
09a65f92 1033
15ed3c3a
LP		 1034 r = hashmap_put(per_type, other, info.data);
1035 }
1036 if (r < 0)
1037 return r;
1038
15ed3c3a 1039 return 1;
09a65f92
MS		 1040}
1041
c8b3b524
YW		 1042static void unit_merge_dependencies(Unit *u, Unit *other) {
1043 Hashmap *deps;
1044 void *dt; /* Actually of type UnitDependency, except that we don't bother casting it here,
1045 * since the hashmaps all want it as void pointer. */
eef85c4a 1046
23a177ef
LP		 1047 assert(u);
1048 assert(other);
23a177ef 1049
15ed3c3a
LP		 1050 if (u == other)
1051 return;
1052
c8b3b524
YW		 1053 /* First, remove dependency to other. */
1054 HASHMAP_FOREACH_KEY(deps, dt, u->dependencies) {
ed991163
YW		 1055 if (hashmap_remove(deps, other) && unit_should_warn_about_dependency(UNIT_DEPENDENCY_FROM_PTR(dt)))
1056 log_unit_warning(u, "Dependency %s=%s is dropped, as %s is merged into %s.",
1057 unit_dependency_to_string(UNIT_DEPENDENCY_FROM_PTR(dt)),
1058 other->id, other->id, u->id);
c8b3b524
YW		 1059
1060 if (hashmap_isempty(deps))
1061 hashmap_free(hashmap_remove(u->dependencies, dt));
1062 }
1063
15ed3c3a 1064 for (;;) {
5d2a48da 1065 _cleanup_hashmap_free_ Hashmap *other_deps = NULL;
15ed3c3a
LP		 1066 UnitDependencyInfo di_back;
1067 Unit *back;
15ed3c3a
LP		 1068
1069 /* Let's focus on one dependency type at a time, that 'other' has defined. */
1070 other_deps = hashmap_steal_first_key_and_value(other->dependencies, &dt);
1071 if (!other_deps)
1072 break; /* done! */
1073
4b7918a6
YW		 1074 deps = hashmap_get(u->dependencies, dt);
1075
15ed3c3a
LP		 1076 /* Now iterate through all dependencies of this dependency type, of 'other'. We refer to the
1077 * referenced units as 'back'. */
1078 HASHMAP_FOREACH_KEY(di_back.data, back, other_deps) {
1079 Hashmap *back_deps;
1080 void *back_dt;
eef85c4a 1081
e66047ff 1082 if (back == u) {
15ed3c3a
LP		 1083 /* This is a dependency pointing back to the unit we want to merge with?
1084 * Suppress it (but warn) */
ed991163
YW		 1085 if (unit_should_warn_about_dependency(UNIT_DEPENDENCY_FROM_PTR(dt)))
1086 log_unit_warning(u, "Dependency %s=%s in %s is dropped, as %s is merged into %s.",
1087 unit_dependency_to_string(UNIT_DEPENDENCY_FROM_PTR(dt)),
1088 u->id, other->id, other->id, u->id);
1089
4b7918a6 1090 hashmap_remove(other_deps, back);
15ed3c3a
LP		 1091 continue;
1092 }
eef85c4a 1093
15ed3c3a
LP		 1094 /* Now iterate through all deps of 'back', and fix the ones pointing to 'other' to
1095 * point to 'u' instead. */
1096 HASHMAP_FOREACH_KEY(back_deps, back_dt, back->dependencies) {
1097 UnitDependencyInfo di_move;
eef85c4a 1098
15ed3c3a
LP		 1099 di_move.data = hashmap_remove(back_deps, other);
1100 if (!di_move.data)
1101 continue;
eef85c4a 1102
15ed3c3a
LP		 1103 assert_se(unit_per_dependency_type_hashmap_update(
1104 back_deps,
1105 u,
1106 di_move.origin_mask,
1107 di_move.destination_mask) >= 0);
1108 }
eef85c4a 1109
15ed3c3a 1110 /* The target unit already has dependencies of this type, let's then merge this individually. */
4b7918a6
YW		 1111 if (deps)
1112 assert_se(unit_per_dependency_type_hashmap_update(
1113 deps,
1114 back,
1115 di_back.origin_mask,
1116 di_back.destination_mask) >= 0);
15ed3c3a 1117 }
4b7918a6
YW		 1118
1119 /* Now all references towards 'other' of the current type 'dt' are corrected to point to 'u'.
1120 * Lets's now move the deps of type 'dt' from 'other' to 'u'. If the unit does not have
1121 * dependencies of this type, let's move them per type wholesale. */
1122 if (!deps)
1123 assert_se(hashmap_put(u->dependencies, dt, TAKE_PTR(other_deps)) >= 0);
15ed3c3a 1124 }
23a177ef 1125
15ed3c3a 1126 other->dependencies = hashmap_free(other->dependencies);
b7777d08
YW		 1127
1128 u->dependency_generation++;
1129 other->dependency_generation++;
23a177ef
LP		 1130}
1131
1132int unit_merge(Unit *u, Unit *other) {
09a65f92 1133 int r;
87f0e418
LP		 1134
1135 assert(u);
1136 assert(other);
ac155bb8
MS		 1137 assert(u->manager == other->manager);
1138 assert(u->type != _UNIT_TYPE_INVALID);
87f0e418 1139
cc916967
LP		 1140 other = unit_follow_merge(other);
1141
23a177ef
LP		 1142 if (other == u)
1143 return 0;
1144
ac155bb8 1145 if (u->type != other->type)
9e2f7c11
LP		 1146 return -EINVAL;
1147
8a993b61 1148 if (!unit_type_may_alias(u->type)) /* Merging only applies to unit names that support aliases */
934e749e
LP		 1149 return -EEXIST;
1150
ec2ce0c5 1151 if (!IN_SET(other->load_state, UNIT_STUB, UNIT_NOT_FOUND))
23a177ef 1152 return -EEXIST;
87f0e418 1153
d383acad
ZJS		 1154 if (!streq_ptr(u->instance, other->instance))
1155 return -EINVAL;
1156
ac155bb8 1157 if (other->job)
819e213f
LP		 1158 return -EEXIST;
1159
e0209d83
MS		 1160 if (other->nop_job)
1161 return -EEXIST;
1162
fdf20a31 1163 if (!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other)))
819e213f
LP		 1164 return -EEXIST;
1165
15ed3c3a
LP		 1166 /* Make reservations to ensure merge_dependencies() won't fail. We don't rollback reservations if we
1167 * fail. We don't have a way to undo reservations. A reservation is not a leak. */
1168 r = unit_reserve_dependencies(u, other);
1169 if (r < 0)
1170 return r;
09a65f92 1171
57020a3a 1172 /* Redirect all references */
7f7d01ed
ZJS		 1173 while (other->refs_by_target)
1174 unit_ref_set(other->refs_by_target, other->refs_by_target->source, u);
57020a3a 1175
87f0e418 1176 /* Merge dependencies */
15ed3c3a 1177 unit_merge_dependencies(u, other);
87f0e418 1178
1d0c81a0
YW		 1179 /* Merge names. It is better to do that after merging deps, otherwise the log message contains n/a. */
1180 r = unit_merge_names(u, other);
1181 if (r < 0)
1182 return r;
1183
ac155bb8
MS		 1184 other->load_state = UNIT_MERGED;
1185 other->merged_into = u;
23a177ef 1186
48b92b37
LB		 1187 if (!u->activation_details)
1188 u->activation_details = activation_details_ref(other->activation_details);
1189
3616a49c
LP		 1190 /* If there is still some data attached to the other node, we
1191 * don't need it anymore, and can free it. */
ac155bb8 1192 if (other->load_state != UNIT_STUB)
3616a49c
LP		 1193 if (UNIT_VTABLE(other)->done)
1194 UNIT_VTABLE(other)->done(other);
1195
1196 unit_add_to_dbus_queue(u);
23a177ef
LP		 1197 unit_add_to_cleanup_queue(other);
1198
1199 return 0;
1200}
1201
1202int unit_merge_by_name(Unit *u, const char *name) {
934e749e 1203 _cleanup_free_ char *s = NULL;
23a177ef 1204 Unit *other;
9e2f7c11 1205 int r;
23a177ef 1206
e8630e69
ZJS		 1207 /* Either add name to u, or if a unit with name already exists, merge it with u.
1208 * If name is a template, do the same for name@instance, where instance is u's instance. */
1209
23a177ef
LP		 1210 assert(u);
1211 assert(name);
1212
7410616c 1213 if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) {
ac155bb8 1214 if (!u->instance)
9e2f7c11
LP		 1215 return -EINVAL;
1216
7410616c
LP		 1217 r = unit_name_replace_instance(name, u->instance, &s);
1218 if (r < 0)
1219 return r;
9e2f7c11
LP		 1220
1221 name = s;
1222 }
1223
c2756a68 1224 other = manager_get_unit(u->manager, name);
7410616c
LP		 1225 if (other)
1226 return unit_merge(u, other);
23a177ef 1227
7410616c 1228 return unit_add_name(u, name);
23a177ef
LP		 1229}
1230
1231Unit* unit_follow_merge(Unit *u) {
1232 assert(u);
1233
ac155bb8
MS		 1234 while (u->load_state == UNIT_MERGED)
1235 assert_se(u = u->merged_into);
23a177ef
LP		 1236
1237 return u;
1238}
1239
1240int unit_add_exec_dependencies(Unit *u, ExecContext *c) {
1241 int r;
1242
1243 assert(u);
1244 assert(c);
1245
a8c5a4c6
YW		 1246 /* Unlike unit_add_dependency() or friends, this always returns 0 on success. */
1247
61aa5f70
LB		 1248 if (c->working_directory) {
1249 r = unit_add_mounts_for(
1250 u,
1251 c->working_directory,
1252 UNIT_DEPENDENCY_FILE,
1253 c->working_directory_missing_ok ? UNIT_MOUNT_WANTS : UNIT_MOUNT_REQUIRES);
36be24c8
ZJS		 1254 if (r < 0)
1255 return r;
1256 }
1257
1258 if (c->root_directory) {
ebc75103 1259 r = unit_add_mounts_for(u, c->root_directory, UNIT_DEPENDENCY_FILE, UNIT_MOUNT_WANTS);
36be24c8
ZJS		 1260 if (r < 0)
1261 return r;
1262 }
1263
915e6d16 1264 if (c->root_image) {
ebc75103 1265 r = unit_add_mounts_for(u, c->root_image, UNIT_DEPENDENCY_FILE, UNIT_MOUNT_WANTS);
915e6d16
LP		 1266 if (r < 0)
1267 return r;
1268 }
1269
12375b95 1270 for (ExecDirectoryType dt = 0; dt < _EXEC_DIRECTORY_TYPE_MAX; dt++) {
ada5e276
YW		 1271 if (!u->manager->prefix[dt])
1272 continue;
1273
5e702203 1274 FOREACH_ARRAY(i, c->directories[dt].items, c->directories[dt].n_items) {
c2b2df60 1275 _cleanup_free_ char *p = NULL;
ada5e276 1276
5e702203 1277 p = path_join(u->manager->prefix[dt], i->path);
ada5e276
YW		 1278 if (!p)
1279 return -ENOMEM;
1280
9e615fa3 1281 r = unit_add_mounts_for(u, p, UNIT_DEPENDENCY_FILE, UNIT_MOUNT_REQUIRES);
ada5e276
YW		 1282 if (r < 0)
1283 return r;
1284 }
1285 }
1286
463d0d15 1287 if (!MANAGER_IS_SYSTEM(u->manager))
b46a529c
LP		 1288 return 0;
1289
f3b7a79b
LP		 1290 /* For the following three directory types we need write access, and /var/ is possibly on the root
1291 * fs. Hence order after systemd-remount-fs.service, to ensure things are writable. */
211a3d87
LB		 1292 if (c->directories[EXEC_DIRECTORY_STATE].n_items > 0 ||
1293 c->directories[EXEC_DIRECTORY_CACHE].n_items > 0 ||
1294 c->directories[EXEC_DIRECTORY_LOGS].n_items > 0) {
f3b7a79b
LP		 1295 r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_REMOUNT_FS_SERVICE, true, UNIT_DEPENDENCY_FILE);
1296 if (r < 0)
1297 return r;
1298 }
1299
6156bec7
YW		 1300 /* This must be already set in unit_patch_contexts(). */
1301 assert(c->private_var_tmp >= 0 && c->private_var_tmp < _PRIVATE_TMP_MAX);
1302
0e551b04 1303 if (c->private_tmp == PRIVATE_TMP_CONNECTED) {
6156bec7
YW		 1304 assert(c->private_var_tmp == PRIVATE_TMP_CONNECTED);
1305
a4b1232d 1306 r = unit_add_mounts_for(u, "/tmp/", UNIT_DEPENDENCY_FILE, UNIT_MOUNT_WANTS);
b2c7d1bb
FB		 1307 if (r < 0)
1308 return r;
1309
a4b1232d 1310 r = unit_add_mounts_for(u, "/var/tmp/", UNIT_DEPENDENCY_FILE, UNIT_MOUNT_WANTS);
b2c7d1bb
FB		 1311 if (r < 0)
1312 return r;
b46a529c 1313
35d8c19a 1314 r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_TMPFILES_SETUP_SERVICE, true, UNIT_DEPENDENCY_FILE);
b46a529c
LP		 1315 if (r < 0)
1316 return r;
6156bec7
YW		 1317
1318 } else if (c->private_var_tmp == PRIVATE_TMP_DISCONNECTED && !exec_context_with_rootfs(c)) {
1319 /* Even if PrivateTmp=disconnected, we still require /var/tmp/ mountpoint to be present,
1320 * i.e. /var/ needs to be mounted. See comments in unit_patch_contexts(). */
1321 r = unit_add_mounts_for(u, "/var/", UNIT_DEPENDENCY_FILE, UNIT_MOUNT_WANTS);
1322 if (r < 0)
1323 return r;
b46a529c
LP		 1324 }
1325
33b58dfb
LP		 1326 if (c->root_image) {
1327 /* We need to wait for /dev/loopX to appear when doing RootImage=, hence let's add an
1328 * implicit dependency on udev */
1329
1330 r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_UDEVD_SERVICE, true, UNIT_DEPENDENCY_FILE);
1331 if (r < 0)
1332 return r;
1333 }
1334
91dd5f7c
LP		 1335 /* If syslog or kernel logging is requested (or log namespacing is), make sure our own logging daemon
1336 * is run first. */
91dd5f7c 1337 if (c->log_namespace) {
2b699c23
YW		 1338 static const struct {
1339 const char *template;
1340 UnitType type;
1341 } deps[] = {
1342 { "systemd-journald", UNIT_SOCKET, },
1343 { "systemd-journald-varlink", UNIT_SOCKET, },
1344 { "systemd-journald-sync", UNIT_SERVICE, },
1345 };
1346
1347 FOREACH_ELEMENT(i, deps) {
1348 _cleanup_free_ char *unit = NULL;
23a177ef 1349
2b699c23 1350 r = unit_name_build_from_type(i->template, c->log_namespace, i->type, &unit);
06c0f569
MY		 1351 if (r < 0)
1352 return r;
61628287 1353
2b699c23 1354 r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_REQUIRES, unit, true, UNIT_DEPENDENCY_FILE);
06c0f569
MY		 1355 if (r < 0)
1356 return r;
1357 }
813c96c0
MY		 1358 } else if (IN_SET(c->std_output, EXEC_OUTPUT_JOURNAL, EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
1359 EXEC_OUTPUT_KMSG, EXEC_OUTPUT_KMSG_AND_CONSOLE) ||
1360 IN_SET(c->std_error, EXEC_OUTPUT_JOURNAL, EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
1361 EXEC_OUTPUT_KMSG, EXEC_OUTPUT_KMSG_AND_CONSOLE)) {
1362
91dd5f7c 1363 r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_JOURNALD_SOCKET, true, UNIT_DEPENDENCY_FILE);
ce18c396
LP		 1364 if (r < 0)
1365 return r;
1366 }
1367
87f0e418
LP		 1368 return 0;
1369}
1370
04d232d8 1371const char* unit_description(Unit *u) {
87f0e418
LP		 1372 assert(u);
1373
ac155bb8
MS		 1374 if (u->description)
1375 return u->description;
87f0e418 1376
ac155bb8 1377 return strna(u->id);
87f0e418
LP		 1378}
1379
e6a16a82 1380const char* unit_status_string(Unit *u, char **ret_combined_buffer) {
2a8f53c6 1381 assert(u);
04d232d8 1382 assert(u->id);
2a8f53c6 1383
04d232d8
ZJS		 1384 /* Return u->id, u->description, or "{u->id} - {u->description}".
1385 * Versions with u->description are only used if it is set.
e6a16a82
ZJS		 1386 * The last option is used if configured and the caller provided the 'ret_combined_buffer'
1387 * pointer.
1388 *
1389 * Note that *ret_combined_buffer may be set to NULL. */
04d232d8
ZJS		 1390
1391 if (!u->description ||
1392 u->manager->status_unit_format == STATUS_UNIT_FORMAT_NAME ||
e6a16a82
ZJS		 1393 (u->manager->status_unit_format == STATUS_UNIT_FORMAT_COMBINED && !ret_combined_buffer) ||
1394 streq(u->description, u->id)) {
1395
1396 if (ret_combined_buffer)
1397 *ret_combined_buffer = NULL;
2a8f53c6 1398 return u->id;
e6a16a82 1399 }
2a8f53c6 1400
e6a16a82
ZJS		 1401 if (ret_combined_buffer) {
1402 if (u->manager->status_unit_format == STATUS_UNIT_FORMAT_COMBINED) {
1403 *ret_combined_buffer = strjoin(u->id, " - ", u->description);
1404 if (*ret_combined_buffer)
1405 return *ret_combined_buffer;
1406 log_oom(); /* Fall back to ->description */
04d232d8 1407 } else
e6a16a82 1408 *ret_combined_buffer = NULL;
04d232d8
ZJS		 1409 }
1410
1411 return u->description;
2a8f53c6
ZJS		 1412}
1413
87f0e418 1414/* Common implementation for multiple backends */
c3620770 1415int unit_load_fragment_and_dropin(Unit *u, bool fragment_required) {
23a177ef
LP		 1416 int r;
1417
1418 assert(u);
23a177ef 1419
e48614c4 1420 /* Load a .{service,socket,...} file */
4ad49000
LP		 1421 r = unit_load_fragment(u);
1422 if (r < 0)
23a177ef
LP		 1423 return r;
1424
2ba0eacc
YW		 1425 if (u->load_state == UNIT_MASKED)
1426 return 0;
1427
c3620770
ZJS		 1428 if (u->load_state == UNIT_STUB) {
1429 if (fragment_required)
1430 return -ENOENT;
1431
1432 u->load_state = UNIT_LOADED;
1433 }
23a177ef 1434
740cd1e0
MY		 1435 u = unit_follow_merge(u);
1436
9e4ea9cc
ZJS		 1437 /* Load drop-in directory data. If u is an alias, we might be reloading the
1438 * target unit needlessly. But we cannot be sure which drops-ins have already
1439 * been loaded and which not, at least without doing complicated book-keeping,
1440 * so let's always reread all drop-ins. */
740cd1e0 1441 r = unit_load_dropin(u);
c9e06956
ZJS		 1442 if (r < 0)
1443 return r;
1444
1445 if (u->source_path) {
1446 struct stat st;
1447
1448 if (stat(u->source_path, &st) >= 0)
1449 u->source_mtime = timespec_load(&st.st_mtim);
1450 else
1451 u->source_mtime = 0;
1452 }
1453
1454 return 0;
23a177ef
LP		 1455}
1456
19496554 1457void unit_add_to_target_deps_queue(Unit *u) {
fbd747a4 1458 Manager *m = ASSERT_PTR(ASSERT_PTR(u)->manager);
c9958c4f 1459
19496554
MS		 1460 if (u->in_target_deps_queue)
1461 return;
1462
1463 LIST_PREPEND(target_deps_queue, m->target_deps_queue, u);
1464 u->in_target_deps_queue = true;
1465}
1466
bba34eed 1467int unit_add_default_target_dependency(Unit *u, Unit *target) {
98bc2000
LP		 1468 assert(u);
1469 assert(target);
1470
ac155bb8 1471 if (target->type != UNIT_TARGET)
98bc2000
LP		 1472 return 0;
1473
35b8ca3a 1474 /* Only add the dependency if both units are loaded, so that
bba34eed 1475 * that loop check below is reliable */
ac155bb8
MS		 1476 if (u->load_state != UNIT_LOADED ||
1477 target->load_state != UNIT_LOADED)
bba34eed
LP		 1478 return 0;
1479
21256a2b
LP		 1480 /* If either side wants no automatic dependencies, then let's
1481 * skip this */
ac155bb8
MS		 1482 if (!u->default_dependencies ||
1483 !target->default_dependencies)
21256a2b
LP		 1484 return 0;
1485
98bc2000 1486 /* Don't create loops */
15ed3c3a 1487 if (unit_has_dependency(target, UNIT_ATOM_BEFORE, u))
98bc2000
LP		 1488 return 0;
1489
eef85c4a 1490 return unit_add_dependency(target, UNIT_AFTER, u, true, UNIT_DEPENDENCY_DEFAULT);
98bc2000
LP		 1491}
1492
e954c9cf 1493static int unit_add_slice_dependencies(Unit *u) {
12f64221 1494 Unit *slice;
3b23501a 1495
e954c9cf 1496 assert(u);
b81884e7 1497
35b7ff80 1498 if (!UNIT_HAS_CGROUP_CONTEXT(u))
e954c9cf
LP		 1499 return 0;
1500
eef85c4a
LP		 1501 /* Slice units are implicitly ordered against their parent slices (as this relationship is encoded in the
1502 name), while all other units are ordered based on configuration (as in their case Slice= configures the
1503 relationship). */
f6173cb9 1504 UnitDependencyMask mask = u->type == UNIT_SLICE ? UNIT_DEPENDENCY_IMPLICIT : UNIT_DEPENDENCY_FILE;
eef85c4a 1505
12f64221 1506 slice = UNIT_GET_SLICE(u);
3b23501a
MY		 1507 if (slice) {
1508 if (!IN_SET(slice->freezer_state, FREEZER_RUNNING, FREEZER_THAWING))
1509 u->freezer_state = FREEZER_FROZEN_BY_PARENT;
1510
12f64221 1511 return unit_add_two_dependencies(u, UNIT_AFTER, UNIT_REQUIRES, slice, true, mask);
3b23501a 1512 }
e954c9cf 1513
8c8da0e0 1514 if (unit_has_name(u, SPECIAL_ROOT_SLICE))
d1fab3fe
ZJS		 1515 return 0;
1516
5a724170 1517 return unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_REQUIRES, SPECIAL_ROOT_SLICE, true, mask);
98bc2000
LP		 1518}
1519
e954c9cf 1520static int unit_add_mount_dependencies(Unit *u) {
a8c5a4c6 1521 bool changed = false;
9588bc32
LP		 1522 int r;
1523
1524 assert(u);
1525
9e615fa3
LB		 1526 for (UnitMountDependencyType t = 0; t < _UNIT_MOUNT_DEPENDENCY_TYPE_MAX; ++t) {
1527 UnitDependencyInfo di;
1528 const char *path;
9588bc32 1529
9e615fa3 1530 HASHMAP_FOREACH_KEY(di.data, path, u->mounts_for[t]) {
9588bc32 1531
9e615fa3 1532 char prefix[strlen(ASSERT_PTR(path)) + 1];
c7c89abb 1533
9e615fa3
LB		 1534 PATH_FOREACH_PREFIX_MORE(prefix, path) {
1535 _cleanup_free_ char *p = NULL;
1536 Unit *m;
9588bc32 1537
9e615fa3
LB		 1538 r = unit_name_from_path(prefix, ".mount", &p);
1539 if (r == -EINVAL)
1540 continue; /* If the path cannot be converted to a mount unit name,
1541 * then it's not manageable as a unit by systemd, and
1542 * hence we don't need a dependency on it. Let's thus
1543 * silently ignore the issue. */
1544 if (r < 0)
1545 return r;
9588bc32 1546
9e615fa3
LB		 1547 m = manager_get_unit(u->manager, p);
1548 if (!m) {
1549 /* Make sure to load the mount unit if it exists. If so the
1550 * dependencies on this unit will be added later during the loading
1551 * of the mount unit. */
1552 (void) manager_load_unit_prepare(
1553 u->manager,
1554 p,
1555 /* path= */NULL,
1556 /* e= */NULL,
1557 &m);
1558 continue;
1559 }
1560 if (m == u)
1561 continue;
1562
1563 if (m->load_state != UNIT_LOADED)
1564 continue;
9588bc32 1565
9e615fa3
LB		 1566 r = unit_add_dependency(
1567 u,
1568 UNIT_AFTER,
1569 m,
1570 /* add_reference= */ true,
1571 di.origin_mask);
9588bc32
LP		 1572 if (r < 0)
1573 return r;
a8c5a4c6 1574 changed = changed || r > 0;
9e615fa3
LB		 1575
1576 if (m->fragment_path) {
1577 r = unit_add_dependency(
1578 u,
1579 unit_mount_dependency_type_to_dependency_type(t),
1580 m,
1581 /* add_reference= */ true,
1582 di.origin_mask);
1583 if (r < 0)
1584 return r;
1585 changed = changed || r > 0;
1586 }
9588bc32
LP		 1587 }
1588 }
1589 }
1590
a8c5a4c6 1591 return changed;
9588bc32
LP		 1592}
1593
a2db0225
AZ		 1594static int unit_add_oomd_dependencies(Unit *u) {
1595 CGroupContext *c;
2a4efebb
ZJS		 1596 CGroupMask mask;
1597 int r;
a2db0225
AZ		 1598
1599 assert(u);
1600
1601 if (!u->default_dependencies)
1602 return 0;
1603
1604 c = unit_get_cgroup_context(u);
1605 if (!c)
1606 return 0;
1607
2a4efebb 1608 bool wants_oomd = c->moom_swap == MANAGED_OOM_KILL || c->moom_mem_pressure == MANAGED_OOM_KILL;
a2db0225
AZ		 1609 if (!wants_oomd)
1610 return 0;
1611
2a4efebb
ZJS		 1612 r = cg_mask_supported(&mask);
1613 if (r < 0)
1614 return log_debug_errno(r, "Failed to determine supported controllers: %m");
1615
1616 if (!FLAGS_SET(mask, CGROUP_MASK_MEMORY))
1617 return 0;
1618
a8c5a4c6 1619 return unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, "systemd-oomd.service", true, UNIT_DEPENDENCY_FILE);
a2db0225
AZ		 1620}
1621
95ae05c0 1622static int unit_add_startup_units(Unit *u) {
9dfb6a3a 1623 if (!unit_has_startup_cgroup_constraints(u))
db785129
LP		 1624 return 0;
1625
de7fef4b 1626 return set_ensure_put(&u->manager->startup_units, NULL, u);
95ae05c0
WC		 1627}
1628
9faeb2d0
MY		 1629static const struct {
1630 UnitDependencyAtom atom;
1631 size_t job_mode_offset;
1632 const char *dependency_name;
1633 const char *job_mode_setting_name;
1634} on_termination_settings[] = {
1635 { UNIT_ATOM_ON_SUCCESS, offsetof(Unit, on_success_job_mode), "OnSuccess=", "OnSuccessJobMode=" },
1636 { UNIT_ATOM_ON_FAILURE, offsetof(Unit, on_failure_job_mode), "OnFailure=", "OnFailureJobMode=" },
1637};
294446dc 1638
9faeb2d0
MY		 1639static int unit_validate_on_termination_job_modes(Unit *u) {
1640 assert(u);
294446dc 1641
9faeb2d0 1642 /* Verify that if On{Success,Failure}JobMode=isolate, only one unit gets specified. */
294446dc 1643
9faeb2d0
MY		 1644 FOREACH_ELEMENT(setting, on_termination_settings) {
1645 JobMode job_mode = *(JobMode*) ((uint8_t*) u + setting->job_mode_offset);
1646
1647 if (job_mode != JOB_ISOLATE)
1648 continue;
1649
1650 Unit *other, *found = NULL;
1651 UNIT_FOREACH_DEPENDENCY(other, u, setting->atom) {
1652 if (!found)
1653 found = other;
1654 else if (found != other)
1655 return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOEXEC),
1656 "More than one %s dependencies specified but %sisolate set. Refusing.",
1657 setting->dependency_name, setting->job_mode_setting_name);
1658 }
294446dc
LP		 1659 }
1660
1661 return 0;
1662}
1663
87f0e418
LP		 1664int unit_load(Unit *u) {
1665 int r;
1666
1667 assert(u);
1668
ac155bb8 1669 if (u->in_load_queue) {
71fda00f 1670 LIST_REMOVE(load_queue, u->manager->load_queue, u);
ac155bb8 1671 u->in_load_queue = false;
87f0e418
LP		 1672 }
1673
ac155bb8 1674 if (u->type == _UNIT_TYPE_INVALID)
e537352b
LP		 1675 return -EINVAL;
1676
ac155bb8 1677 if (u->load_state != UNIT_STUB)
87f0e418
LP		 1678 return 0;
1679
4f4afc88 1680 if (u->transient_file) {
66fa4bdd
LP		 1681 /* Finalize transient file: if this is a transient unit file, as soon as we reach unit_load() the setup
1682 * is complete, hence let's synchronize the unit file we just wrote to disk. */
1683
4f4afc88
LP		 1684 r = fflush_and_check(u->transient_file);
1685 if (r < 0)
1686 goto fail;
1687
50fb00b7 1688 u->transient_file = safe_fclose(u->transient_file);
f76707da 1689 u->fragment_mtime = now(CLOCK_REALTIME);
4f4afc88
LP		 1690 }
1691
c3784a7d
ZJS		 1692 r = UNIT_VTABLE(u)->load(u);
1693 if (r < 0)
23a177ef 1694 goto fail;
c3784a7d
ZJS		 1695
1696 assert(u->load_state != UNIT_STUB);
23a177ef 1697
7c8fa05c 1698 if (u->load_state == UNIT_LOADED) {
19496554 1699 unit_add_to_target_deps_queue(u);
e954c9cf
LP		 1700
1701 r = unit_add_slice_dependencies(u);
1702 if (r < 0)
1703 goto fail;
c2756a68 1704
e954c9cf 1705 r = unit_add_mount_dependencies(u);
7c8fa05c 1706 if (r < 0)
c2756a68 1707 goto fail;
7c8fa05c 1708
a2db0225
AZ		 1709 r = unit_add_oomd_dependencies(u);
1710 if (r < 0)
1711 goto fail;
1712
95ae05c0
WC		 1713 r = unit_add_startup_units(u);
1714 if (r < 0)
1715 goto fail;
1716
9faeb2d0 1717 r = unit_validate_on_termination_job_modes(u);
294446dc
LP		 1718 if (r < 0)
1719 goto fail;
bc432dc7 1720
a2df3ea4
MK		 1721 if (u->job_running_timeout != USEC_INFINITY && u->job_running_timeout > u->job_timeout)
1722 log_unit_warning(u, "JobRunningTimeoutSec= is greater than JobTimeoutSec=, it has no effect.");
1723
5af88058
LP		 1724 /* We finished loading, let's ensure our parents recalculate the members mask */
1725 unit_invalidate_cgroup_members_masks(u);
f68319bb
LP		 1726 }
1727
ac155bb8 1728 assert((u->load_state != UNIT_MERGED) == !u->merged_into);
23a177ef
LP		 1729
1730 unit_add_to_dbus_queue(unit_follow_merge(u));
701cc384 1731 unit_add_to_gc_queue(u);
f561e8c6 1732 (void) manager_varlink_send_managed_oom_update(u);
87f0e418 1733
87f0e418
LP		 1734 return 0;
1735
1736fail:
81be2388
ZJS		 1737 /* We convert ENOEXEC errors to the UNIT_BAD_SETTING load state here. Configuration parsing code
1738 * should hence return ENOEXEC to ensure units are placed in this state after loading. */
c4555ad8
LP		 1739
1740 u->load_state = u->load_state == UNIT_STUB ? UNIT_NOT_FOUND :
1741 r == -ENOEXEC ? UNIT_BAD_SETTING :
1742 UNIT_ERROR;
ac155bb8 1743 u->load_error = r;
c4555ad8 1744
c149d2b4
ZJS		 1745 /* Record the timestamp on the cache, so that if the cache gets updated between now and the next time
1746 * an attempt is made to load this unit, we know we need to check again. */
7233e91a 1747 if (u->load_state == UNIT_NOT_FOUND)
c2911d48 1748 u->fragment_not_found_timestamp_hash = u->manager->unit_cache_timestamp_hash;
7233e91a 1749
c1e1601e 1750 unit_add_to_dbus_queue(u);
9a46fc3b 1751 unit_add_to_gc_queue(u);
23a177ef 1752
c4555ad8 1753 return log_unit_debug_errno(u, r, "Failed to load configuration: %m");
87f0e418
LP		 1754}
1755
f9f88198
YW		 1756_printf_(7, 8)
1757static int log_unit_internal(void *userdata, int level, int error, const char *file, int line, const char *func, const char *format, ...) {
1758 Unit *u = userdata;
1759 va_list ap;
1760 int r;
49365733 1761
c2503e35
RH		 1762 if (u && !unit_log_level_test(u, level))
1763 return -ERRNO_VALUE(error);
1764
f9f88198
YW		 1765 va_start(ap, format);
1766 if (u)
1767 r = log_object_internalv(level, error, file, line, func,
64fd6ba9 1768 unit_log_field(u),
f9f88198 1769 u->id,
64fd6ba9 1770 unit_invocation_log_field(u),
f9f88198
YW		 1771 u->invocation_id_string,
1772 format, ap);
1773 else
1774 r = log_internalv(level, error, file, line, func, format, ap);
1775 va_end(ap);
49365733 1776
f9f88198 1777 return r;
49365733
LP		 1778}
1779
97a3f4ee 1780static bool unit_test_condition(Unit *u) {
a0b191b7
LP		 1781 _cleanup_strv_free_ char **env = NULL;
1782 int r;
1783
90bbc946
LP		 1784 assert(u);
1785
fa5a0251 1786 dual_timestamp_now(&u->condition_timestamp);
90bbc946 1787
a0b191b7
LP		 1788 r = manager_get_effective_environment(u->manager, &env);
1789 if (r < 0) {
1790 log_unit_error_errno(u, r, "Failed to determine effective environment: %m");
d52cc0a5 1791 u->condition_result = true;
a0b191b7
LP		 1792 } else
1793 u->condition_result = condition_test_list(
1794 u->conditions,
1795 env,
1796 condition_type_to_string,
1797 log_unit_internal,
1798 u);
e18f8852 1799
a0b191b7 1800 unit_add_to_dbus_queue(u);
ac155bb8 1801 return u->condition_result;
90bbc946
LP		 1802}
1803
97a3f4ee 1804static bool unit_test_assert(Unit *u) {
a0b191b7
LP		 1805 _cleanup_strv_free_ char **env = NULL;
1806 int r;
1807
59fccdc5
LP		 1808 assert(u);
1809
fa5a0251 1810 dual_timestamp_now(&u->assert_timestamp);
59fccdc5 1811
a0b191b7
LP		 1812 r = manager_get_effective_environment(u->manager, &env);
1813 if (r < 0) {
1814 log_unit_error_errno(u, r, "Failed to determine effective environment: %m");
1815 u->assert_result = CONDITION_ERROR;
1816 } else
1817 u->assert_result = condition_test_list(
1818 u->asserts,
1819 env,
1820 assert_type_to_string,
1821 log_unit_internal,
1822 u);
e18f8852 1823
a0b191b7 1824 unit_add_to_dbus_queue(u);
59fccdc5
LP		 1825 return u->assert_result;
1826}
1827
04d232d8
ZJS		 1828void unit_status_printf(Unit *u, StatusType status_type, const char *status, const char *format, const char *ident) {
1829 if (log_get_show_color()) {
1830 if (u->manager->status_unit_format == STATUS_UNIT_FORMAT_COMBINED && strchr(ident, ' '))
1831 ident = strjoina(ANSI_HIGHLIGHT, u->id, ANSI_NORMAL, " - ", u->description);
1832 else
1833 ident = strjoina(ANSI_HIGHLIGHT, ident, ANSI_NORMAL);
1834 }
5b262f74 1835
df446f96 1836 DISABLE_WARNING_FORMAT_NONLITERAL;
04d232d8 1837 manager_status_printf(u->manager, status_type, status, format, ident);
df446f96
LP		 1838 REENABLE_WARNING;
1839}
1840
97a3f4ee 1841int unit_test_start_limit(Unit *u) {
429926e9
TR		 1842 const char *reason;
1843
6bf0f408
LP		 1844 assert(u);
1845
7bf081a1 1846 if (ratelimit_below(&u->start_ratelimit)) {
6bf0f408
LP		 1847 u->start_limit_hit = false;
1848 return 0;
1849 }
1850
1851 log_unit_warning(u, "Start request repeated too quickly.");
1852 u->start_limit_hit = true;
1853
429926e9
TR		 1854 reason = strjoina("unit ", u->id, " failed");
1855
96a0cfbf
LP		 1856 emergency_action(
1857 u->manager,
1858 u->start_limit_action,
1859 EMERGENCY_ACTION_IS_WATCHDOG|EMERGENCY_ACTION_WARN|EMERGENCY_ACTION_SLEEP_5S,
1860 u->reboot_arg,
1861 /* exit_status= */ -1,
1862 reason);
36c4dc08
LP		 1863
1864 return -ECANCELED;
6bf0f408
LP		 1865}
1866
631b676b
LP		 1867static bool unit_verify_deps(Unit *u) {
1868 Unit *other;
631b676b
LP		 1869
1870 assert(u);
1871
defe63b0
LP		 1872 /* Checks whether all BindsTo= dependencies of this unit are fulfilled — if they are also combined
1873 * with After=. We do not check Requires= or Requisite= here as they only should have an effect on
1874 * the job processing, but do not have any effect afterwards. We don't check BindsTo= dependencies
1875 * that are not used in conjunction with After= as for them any such check would make things entirely
1876 * racy. */
631b676b 1877
15ed3c3a 1878 UNIT_FOREACH_DEPENDENCY(other, u, UNIT_ATOM_CANNOT_BE_ACTIVE_WITHOUT) {
631b676b 1879
15ed3c3a 1880 if (!unit_has_dependency(u, UNIT_ATOM_AFTER, other))
631b676b
LP		 1881 continue;
1882
1883 if (!UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(other))) {
1884 log_unit_notice(u, "Bound to unit %s, but unit isn't active.", other->id);
1885 return false;
1886 }
1887 }
1888
1889 return true;
1890}
1891
9adb6959 1892/* Errors that aren't really errors:
9ca16f6f
LP		 1893 * -EALREADY: Unit is already started.
1894 * -ECOMM: Condition failed
1895 * -EAGAIN: An operation is already in progress. Retry later.
9adb6959
LP		 1896 *
1897 * Errors that are real errors:
9ca16f6f
LP		 1898 * -EBADR: This unit type does not support starting.
1899 * -ECANCELED: Start limit hit, too many requests for now
1900 * -EPROTO: Assert failed
1901 * -EINVAL: Unit not loaded
1902 * -EOPNOTSUPP: Unit type not supported
1903 * -ENOLINK: The necessary dependencies are not fulfilled.
1904 * -ESTALE: This unit has been started before and can't be started a second time
1905 * -EDEADLK: This unit is frozen
1906 * -ENOENT: This is a triggering unit and unit to trigger is not loaded
1907 * -ETOOMANYREFS: The hard concurrency limit of at least one of the slices the unit is contained in has been reached
87f0e418 1908 */
48b92b37 1909int unit_start(Unit *u, ActivationDetails *details) {
87f0e418 1910 UnitActiveState state;
92ab323c 1911 Unit *following;
5f37c1a9 1912 int r;
87f0e418
LP		 1913
1914 assert(u);
1915
47261967
LP		 1916 /* Let's hold off running start jobs for mount units when /proc/self/mountinfo monitor is ratelimited. */
1917 if (UNIT_VTABLE(u)->subsystem_ratelimited) {
1918 r = UNIT_VTABLE(u)->subsystem_ratelimited(u->manager);
1919 if (r < 0)
1920 return r;
1921 if (r > 0)
1922 return -EAGAIN;
1923 }
b161bc39 1924
5766aca8
LP		 1925 /* If this is already started, then this will succeed. Note that this will even succeed if this unit
1926 * is not startable by the user. This is relied on to detect when we need to wait for units and when
1927 * waiting is finished. */
87f0e418
LP		 1928 state = unit_active_state(u);
1929 if (UNIT_IS_ACTIVE_OR_RELOADING(state))
1930 return -EALREADY;
380dc8b0
LP		 1931 if (state == UNIT_MAINTENANCE)
1932 return -EAGAIN;
87f0e418 1933
6bf0f408
LP		 1934 /* Units that aren't loaded cannot be started */
1935 if (u->load_state != UNIT_LOADED)
1936 return -EINVAL;
1937
d4fd1cf2
LP		 1938 /* Refuse starting scope units more than once */
1939 if (UNIT_VTABLE(u)->once_only && dual_timestamp_is_set(&u->inactive_enter_timestamp))
1940 return -ESTALE;
1941
4e1ac54e 1942 /* If the conditions were unmet, don't do anything at all. If we already are activating this call might
5766aca8
LP		 1943 * still be useful to speed up activation in case there is some hold-off time, but we don't want to
1944 * recheck the condition in that case. */
a82e5507 1945 if (state != UNIT_ACTIVATING &&
5af6aa58 1946 !unit_test_condition(u))
4e1ac54e 1947 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(ECOMM), "Starting requested but condition not met. Not starting unit.");
52661efd 1948
59fccdc5
LP		 1949 /* If the asserts failed, fail the entire job */
1950 if (state != UNIT_ACTIVATING &&
5766aca8
LP		 1951 !unit_test_assert(u))
1952 return log_unit_notice_errno(u, SYNTHETIC_ERRNO(EPROTO), "Starting requested but asserts failed.");
59fccdc5 1953
5766aca8
LP		 1954 /* Units of types that aren't supported cannot be started. Note that we do this test only after the
1955 * condition checks, so that we rather return condition check errors (which are usually not
1956 * considered a true failure) than "not supported" errors (which are considered a failure).
d11a7645 1957 */
96cf3ec9 1958 if (!unit_type_supported(u->type))
d11a7645
LP		 1959 return -EOPNOTSUPP;
1960
5766aca8
LP		 1961 /* Let's make sure that the deps really are in order before we start this. Normally the job engine
1962 * should have taken care of this already, but let's check this here again. After all, our
413e8650 1963 * dependencies might not be in effect anymore, due to a reload or due to an unmet condition. */
631b676b
LP		 1964 if (!unit_verify_deps(u))
1965 return -ENOLINK;
1966
92ab323c 1967 /* Forward to the main object, if we aren't it. */
52990c2e
ZJS		 1968 following = unit_following(u);
1969 if (following) {
f2341e0a 1970 log_unit_debug(u, "Redirecting start request from %s to %s.", u->id, following->id);
48b92b37 1971 return unit_start(following, details);
92ab323c
LP		 1972 }
1973
4cb2e6af
AV		 1974 /* Check to make sure the unit isn't frozen */
1975 if (u->freezer_state != FREEZER_RUNNING)
1976 return -EDEADLK;
1977
705578c3
MS		 1978 /* Check our ability to start early so that failure conditions don't cause us to enter a busy loop. */
1979 if (UNIT_VTABLE(u)->can_start) {
1980 r = UNIT_VTABLE(u)->can_start(u);
ce2146f5
DDM		 1981 if (r < 0)
1982 return r;
1983 }
1984
92ab323c
LP		 1985 /* If it is stopped, but we cannot start it, then fail */
1986 if (!UNIT_VTABLE(u)->start)
1987 return -EBADR;
1988
9ca16f6f
LP		 1989 if (UNIT_IS_INACTIVE_OR_FAILED(state)) {
1990 Slice *slice = SLICE(UNIT_GET_SLICE(u));
1991
1992 if (slice) {
1993 /* Check hard concurrency limit. Note this is partially redundant, we already checked
1994 * this when enqueuing jobs. However, between the time when we enqueued this and the
1995 * time we are dispatching the queue the configuration might have changed, hence
1996 * check here again */
1997 if (slice_concurrency_hard_max_reached(slice, u))
1998 return -ETOOMANYREFS;
1999
2000 /* Also check soft concurrenty limit, and return EAGAIN so that the job is kept in
2001 * the queue */
2002 if (slice_concurrency_soft_max_reached(slice, u))
2003 return -EAGAIN; /* Try again, keep in queue */
2004 }
2005 }
2006
5766aca8
LP		 2007 /* We don't suppress calls to ->start() here when we are already starting, to allow this request to
2008 * be used as a "hurry up" call, for example when the unit is in some "auto restart" state where it
2009 * waits for a holdoff timer to elapse before it will start again. */
87f0e418 2010
c1e1601e 2011 unit_add_to_dbus_queue(u);
9e58ff9c 2012
48b92b37
LB		 2013 if (!u->activation_details) /* Older details object wins */
2014 u->activation_details = activation_details_ref(details);
2015
d1a34ae9 2016 return UNIT_VTABLE(u)->start(u);
87f0e418
LP		 2017}
2018
2019bool unit_can_start(Unit *u) {
2020 assert(u);
2021
8ff4d2ab
LP		 2022 if (u->load_state != UNIT_LOADED)
2023 return false;
2024
96cf3ec9 2025 if (!unit_type_supported(u->type))
8ff4d2ab
LP		 2026 return false;
2027
d4fd1cf2
LP		 2028 /* Scope units may be started only once */
2029 if (UNIT_VTABLE(u)->once_only && dual_timestamp_is_set(&u->inactive_exit_timestamp))
2030 return false;
2031
87f0e418
LP		 2032 return !!UNIT_VTABLE(u)->start;
2033}
2034
2528a7a6
LP		 2035bool unit_can_isolate(Unit *u) {
2036 assert(u);
2037
2038 return unit_can_start(u) &&
ac155bb8 2039 u->allow_isolate;
2528a7a6
LP		 2040}
2041
87f0e418
LP		 2042/* Errors:
2043 * -EBADR: This unit type does not support stopping.
2044 * -EALREADY: Unit is already stopped.
2045 * -EAGAIN: An operation is already in progress. Retry later.
4cb2e6af 2046 * -EDEADLK: Unit is frozen
87f0e418
LP		 2047 */
2048int unit_stop(Unit *u) {
2049 UnitActiveState state;
92ab323c 2050 Unit *following;
87f0e418
LP		 2051
2052 assert(u);
2053
87f0e418 2054 state = unit_active_state(u);
fdf20a31 2055 if (UNIT_IS_INACTIVE_OR_FAILED(state))
87f0e418
LP		 2056 return -EALREADY;
2057
0faacd47
LP		 2058 following = unit_following(u);
2059 if (following) {
f2341e0a 2060 log_unit_debug(u, "Redirecting stop request from %s to %s.", u->id, following->id);
92ab323c
LP		 2061 return unit_stop(following);
2062 }
2063
4cb2e6af
AV		 2064 /* Check to make sure the unit isn't frozen */
2065 if (u->freezer_state != FREEZER_RUNNING)
2066 return -EDEADLK;
2067
7898b0cf
LP		 2068 if (!UNIT_VTABLE(u)->stop)
2069 return -EBADR;
2070
c1e1601e 2071 unit_add_to_dbus_queue(u);
9e58ff9c 2072
d1a34ae9 2073 return UNIT_VTABLE(u)->stop(u);
87f0e418
LP		 2074}
2075
f5869324
LP		 2076bool unit_can_stop(Unit *u) {
2077 assert(u);
2078
39c79477
ZJS		 2079 /* Note: if we return true here, it does not mean that the unit may be successfully stopped.
2080 * Extrinsic units follow external state and they may stop following external state changes
2081 * (hence we return true here), but an attempt to do this through the manager will fail. */
2082
96cf3ec9 2083 if (!unit_type_supported(u->type))
f5869324
LP		 2084 return false;
2085
2086 if (u->perpetual)
2087 return false;
2088
2089 return !!UNIT_VTABLE(u)->stop;
2090}
2091
87f0e418
LP		 2092/* Errors:
2093 * -EBADR: This unit type does not support reloading.
2094 * -ENOEXEC: Unit is not started.
2095 * -EAGAIN: An operation is already in progress. Retry later.
4cb2e6af 2096 * -EDEADLK: Unit is frozen.
87f0e418
LP		 2097 */
2098int unit_reload(Unit *u) {
2099 UnitActiveState state;
92ab323c 2100 Unit *following;
87f0e418
LP		 2101
2102 assert(u);
2103
ac155bb8 2104 if (u->load_state != UNIT_LOADED)
6124958c
LP		 2105 return -EINVAL;
2106
87f0e418
LP		 2107 if (!unit_can_reload(u))
2108 return -EBADR;
2109
2110 state = unit_active_state(u);
b8fa2305
MY		 2111 if (IN_SET(state, UNIT_RELOADING, UNIT_REFRESHING))
2112 /* "refreshing" means some resources in the unit namespace is being updated. Unlike reload,
2113 * the unit processes aren't made aware of refresh. Let's put the job back to queue
2114 * in both cases, as refresh typically takes place before reload and it's better to wait
2115 * for it rather than failing. */
6255af75 2116 return -EAGAIN;
87f0e418 2117
d85ff944
YW		 2118 if (state != UNIT_ACTIVE)
2119 return log_unit_warning_errno(u, SYNTHETIC_ERRNO(ENOEXEC), "Unit cannot be reloaded because it is inactive.");
87f0e418 2120
e48614c4
ZJS		 2121 following = unit_following(u);
2122 if (following) {
f2341e0a 2123 log_unit_debug(u, "Redirecting reload request from %s to %s.", u->id, following->id);
92ab323c
LP		 2124 return unit_reload(following);
2125 }
2126
4cb2e6af
AV		 2127 /* Check to make sure the unit isn't frozen */
2128 if (u->freezer_state != FREEZER_RUNNING)
2129 return -EDEADLK;
2130
c1e1601e 2131 unit_add_to_dbus_queue(u);
82a2b6bb 2132
f54bcca5
JR		 2133 if (!UNIT_VTABLE(u)->reload) {
2134 /* Unit doesn't have a reload function, but we need to propagate the reload anyway */
96b09de5 2135 unit_notify(u, unit_active_state(u), unit_active_state(u), /* reload_success = */ true);
f54bcca5
JR		 2136 return 0;
2137 }
2138
d1a34ae9 2139 return UNIT_VTABLE(u)->reload(u);
87f0e418
LP		 2140}
2141
2142bool unit_can_reload(Unit *u) {
2143 assert(u);
2144
f54bcca5
JR		 2145 if (UNIT_VTABLE(u)->can_reload)
2146 return UNIT_VTABLE(u)->can_reload(u);
87f0e418 2147
15ed3c3a 2148 if (unit_has_dependency(u, UNIT_ATOM_PROPAGATES_RELOAD_TO, NULL))
87f0e418
LP		 2149 return true;
2150
f54bcca5 2151 return UNIT_VTABLE(u)->reload;
87f0e418
LP		 2152}
2153
a3c1168a 2154bool unit_is_unneeded(Unit *u) {
15ed3c3a 2155 Unit *other;
f3bff0eb
LP		 2156 assert(u);
2157
ac155bb8 2158 if (!u->stop_when_unneeded)
a3c1168a 2159 return false;
f3bff0eb 2160
a3c1168a 2161 /* Don't clean up while the unit is transitioning or is even inactive. */
116654d2 2162 if (unit_active_state(u) != UNIT_ACTIVE)
a3c1168a
LP		 2163 return false;
2164 if (u->job)
2165 return false;
f3bff0eb 2166
15ed3c3a 2167 UNIT_FOREACH_DEPENDENCY(other, u, UNIT_ATOM_PINS_STOP_WHEN_UNNEEDED) {
fda09318 2168 /* If a dependent unit has a job queued, is active or transitioning, or is marked for
a3c1168a 2169 * restart, then don't clean this one up. */
b81884e7 2170
15ed3c3a
LP		 2171 if (other->job)
2172 return false;
a3c1168a 2173
15ed3c3a
LP		 2174 if (!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other)))
2175 return false;
a3c1168a 2176
15ed3c3a
LP		 2177 if (unit_will_restart(other))
2178 return false;
bea355da
LP		 2179 }
2180
a3c1168a
LP		 2181 return true;
2182}
f3bff0eb 2183
0bc488c9
LP		 2184bool unit_is_upheld_by_active(Unit *u, Unit **ret_culprit) {
2185 Unit *other;
2186
2187 assert(u);
2188
2189 /* Checks if the unit needs to be started because it currently is not running, but some other unit
2190 * that is active declared an Uphold= dependencies on it */
2191
2192 if (!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(u)) || u->job) {
2193 if (ret_culprit)
2194 *ret_culprit = NULL;
2195 return false;
2196 }
2197
2198 UNIT_FOREACH_DEPENDENCY(other, u, UNIT_ATOM_START_STEADILY) {
2199 if (other->job)
2200 continue;
2201
2202 if (UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(other))) {
2203 if (ret_culprit)
2204 *ret_culprit = other;
2205 return true;
2206 }
2207 }
2208
2209 if (ret_culprit)
2210 *ret_culprit = NULL;
2211 return false;
2212}
2213
56c59592
LP		 2214bool unit_is_bound_by_inactive(Unit *u, Unit **ret_culprit) {
2215 Unit *other;
2216
2217 assert(u);
2218
2219 /* Checks whether this unit is bound to another unit that is inactive, i.e. whether we should stop
7802194a 2220 * because the other unit is down. */
56c59592
LP		 2221
2222 if (unit_active_state(u) != UNIT_ACTIVE || u->job) {
2223 /* Don't clean up while the unit is transitioning or is even inactive. */
2224 if (ret_culprit)
2225 *ret_culprit = NULL;
2226 return false;
2227 }
2228
2229 UNIT_FOREACH_DEPENDENCY(other, u, UNIT_ATOM_CANNOT_BE_ACTIVE_WITHOUT) {
2230 if (other->job)
2231 continue;
2232
2233 if (UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other))) {
3da36106 2234 if (ret_culprit)
56c59592
LP		 2235 *ret_culprit = other;
2236
2237 return true;
2238 }
2239 }
2240
2241 if (ret_culprit)
2242 *ret_culprit = NULL;
2243 return false;
2244}
2245
a3c1168a 2246static void check_unneeded_dependencies(Unit *u) {
15ed3c3a 2247 Unit *other;
a3c1168a
LP		 2248 assert(u);
2249
2250 /* Add all units this unit depends on to the queue that processes StopWhenUnneeded= behaviour. */
2251
15ed3c3a
LP		 2252 UNIT_FOREACH_DEPENDENCY(other, u, UNIT_ATOM_ADD_STOP_WHEN_UNNEEDED_QUEUE)
2253 unit_submit_to_stop_when_unneeded_queue(other);
f3bff0eb
LP		 2254}
2255
0bc488c9
LP		 2256static void check_uphold_dependencies(Unit *u) {
2257 Unit *other;
2258 assert(u);
2259
2260 /* Add all units this unit depends on to the queue that processes Uphold= behaviour. */
2261
2262 UNIT_FOREACH_DEPENDENCY(other, u, UNIT_ATOM_ADD_START_WHEN_UPHELD_QUEUE)
2263 unit_submit_to_start_when_upheld_queue(other);
2264}
2265
56c59592 2266static void check_bound_by_dependencies(Unit *u) {
ff502445 2267 Unit *other;
ff502445
LP		 2268 assert(u);
2269
56c59592 2270 /* Add all units this unit depends on to the queue that processes BindsTo= stop behaviour. */
ff502445 2271
56c59592
LP		 2272 UNIT_FOREACH_DEPENDENCY(other, u, UNIT_ATOM_ADD_CANNOT_BE_ACTIVE_WITHOUT_QUEUE)
2273 unit_submit_to_stop_when_bound_queue(other);
ff502445
LP		 2274}
2275
87f0e418 2276static void retroactively_start_dependencies(Unit *u) {
87f0e418
LP		 2277 Unit *other;
2278
2279 assert(u);
2280 assert(UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(u)));
2281
64fc4917 2282 UNIT_FOREACH_DEPENDENCY_SAFE(other, u, UNIT_ATOM_RETROACTIVE_START_REPLACE) /* Requires= + BindsTo= */
15ed3c3a 2283 if (!unit_has_dependency(u, UNIT_ATOM_AFTER, other) &&
b81884e7 2284 !UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(other)))
d993ad6c 2285 (void) manager_add_job(u->manager, JOB_START, other, JOB_REPLACE, /* error = */ NULL, /* ret = */ NULL);
b81884e7 2286
64fc4917 2287 UNIT_FOREACH_DEPENDENCY_SAFE(other, u, UNIT_ATOM_RETROACTIVE_START_FAIL) /* Wants= */
15ed3c3a 2288 if (!unit_has_dependency(u, UNIT_ATOM_AFTER, other) &&
b81884e7 2289 !UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(other)))
d993ad6c 2290 (void) manager_add_job(u->manager, JOB_START, other, JOB_FAIL, /* error = */ NULL, /* ret = */ NULL);
87f0e418 2291
64fc4917 2292 UNIT_FOREACH_DEPENDENCY_SAFE(other, u, UNIT_ATOM_RETROACTIVE_STOP_ON_START) /* Conflicts= (and inverse) */
b81884e7 2293 if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
d993ad6c 2294 (void) manager_add_job(u->manager, JOB_STOP, other, JOB_REPLACE, /* error = */ NULL, /* ret = */ NULL);
87f0e418
LP		 2295}
2296
2297static void retroactively_stop_dependencies(Unit *u) {
87f0e418
LP		 2298 Unit *other;
2299
2300 assert(u);
2301 assert(UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(u)));
2302
b81884e7 2303 /* Pull down units which are bound to us recursively if enabled */
64fc4917 2304 UNIT_FOREACH_DEPENDENCY_SAFE(other, u, UNIT_ATOM_RETROACTIVE_STOP_ON_STOP) /* BoundBy= */
b81884e7 2305 if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
d993ad6c 2306 (void) manager_add_job(u->manager, JOB_STOP, other, JOB_REPLACE, /* error = */ NULL, /* ret = */ NULL);
cd0504d0
MS		 2307}
2308
9faeb2d0
MY		 2309void unit_start_on_termination_deps(Unit *u, UnitDependencyAtom atom) {
2310 const char *dependency_name = NULL;
2311 JobMode job_mode;
2312 unsigned n_jobs = 0;
7f66b026 2313 int r;
c0daa706 2314
9faeb2d0
MY		 2315 /* Act on OnFailure= and OnSuccess= dependencies */
2316
c0daa706 2317 assert(u);
9faeb2d0 2318 assert(u->manager);
294446dc
LP		 2319 assert(IN_SET(atom, UNIT_ATOM_ON_SUCCESS, UNIT_ATOM_ON_FAILURE));
2320
9faeb2d0
MY		 2321 FOREACH_ELEMENT(setting, on_termination_settings)
2322 if (atom == setting->atom) {
2323 job_mode = *(JobMode*) ((uint8_t*) u + setting->job_mode_offset);
2324 dependency_name = setting->dependency_name;
2325 break;
2326 }
2327
2328 assert(dependency_name);
c0daa706 2329
9faeb2d0 2330 Unit *other;
64fc4917 2331 UNIT_FOREACH_DEPENDENCY_SAFE(other, u, atom) {
7f66b026 2332 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
222ae6a8 2333
9faeb2d0 2334 if (n_jobs == 0)
294446dc 2335 log_unit_info(u, "Triggering %s dependencies.", dependency_name);
15ed3c3a 2336
d993ad6c 2337 r = manager_add_job(u->manager, JOB_START, other, job_mode, &error, /* ret = */ NULL);
c1b6628d 2338 if (r < 0)
9faeb2d0
MY		 2339 log_unit_warning_errno(u, r, "Failed to enqueue %s%s job, ignoring: %s",
2340 dependency_name, other->id, bus_error_message(&error, r));
b3a9d980 2341 n_jobs++;
222ae6a8 2342 }
294446dc 2343
9faeb2d0
MY		 2344 if (n_jobs > 0)
2345 log_unit_debug(u, "Triggering %s dependencies done (%u %s).",
82acee14 2346 dependency_name, n_jobs, n_jobs == 1 ? "job" : "jobs");
c0daa706
LP		 2347}
2348
3ecaa09b
LP		 2349void unit_trigger_notify(Unit *u) {
2350 Unit *other;
3ecaa09b
LP		 2351
2352 assert(u);
2353
64fc4917 2354 UNIT_FOREACH_DEPENDENCY_SAFE(other, u, UNIT_ATOM_TRIGGERED_BY)
3ecaa09b
LP		 2355 if (UNIT_VTABLE(other)->trigger_notify)
2356 UNIT_VTABLE(other)->trigger_notify(other, u);
2357}
2358
37109b85
ZJS		 2359static int raise_level(int log_level, bool condition_info, bool condition_notice) {
2360 if (condition_notice && log_level > LOG_NOTICE)
2361 return LOG_NOTICE;
2362 if (condition_info && log_level > LOG_INFO)
2363 return LOG_INFO;
2364 return log_level;
2365}
2366
915b1d01 2367static int unit_log_resources(Unit *u) {
3e5b96ee
MY		 2368
2369 static const struct {
2370 const char *journal_field;
2371 const char *message_suffix;
2372 } memory_fields[_CGROUP_MEMORY_ACCOUNTING_METRIC_CACHED_LAST + 1] = {
2373 [CGROUP_MEMORY_PEAK] = { "MEMORY_PEAK", "memory peak" },
2374 [CGROUP_MEMORY_SWAP_PEAK] = { "MEMORY_SWAP_PEAK", "memory swap peak" },
2375 }, ip_fields[_CGROUP_IP_ACCOUNTING_METRIC_MAX] = {
2376 [CGROUP_IP_INGRESS_BYTES] = { "IP_METRIC_INGRESS_BYTES", "incoming IP traffic" },
2377 [CGROUP_IP_EGRESS_BYTES] = { "IP_METRIC_EGRESS_BYTES", "outgoing IP traffic" },
2378 [CGROUP_IP_INGRESS_PACKETS] = { "IP_METRIC_INGRESS_PACKETS", NULL },
2379 [CGROUP_IP_EGRESS_PACKETS] = { "IP_METRIC_EGRESS_PACKETS", NULL },
2380 }, io_fields[_CGROUP_IO_ACCOUNTING_METRIC_MAX] = {
2381 [CGROUP_IO_READ_BYTES] = { "IO_METRIC_READ_BYTES", "read from disk" },
2382 [CGROUP_IO_WRITE_BYTES] = { "IO_METRIC_WRITE_BYTES", "written to disk" },
2383 [CGROUP_IO_READ_OPERATIONS] = { "IO_METRIC_READ_OPERATIONS", NULL },
2384 [CGROUP_IO_WRITE_OPERATIONS] = { "IO_METRIC_WRITE_OPERATIONS", NULL },
bc40a20e 2385 };
915b1d01 2386
3e5b96ee
MY		 2387 struct iovec *iovec = NULL;
2388 size_t n_iovec = 0;
2389 _cleanup_free_ char *message = NULL, *t = NULL;
2390 nsec_t cpu_nsec = NSEC_INFINITY;
2391 int log_level = LOG_DEBUG; /* May be raised if resources consumed over a threshold */
2392
915b1d01
LP		 2393 assert(u);
2394
3e5b96ee
MY		 2395 CLEANUP_ARRAY(iovec, n_iovec, iovec_array_free);
2396
2397 iovec = new(struct iovec, 1 + (_CGROUP_MEMORY_ACCOUNTING_METRIC_CACHED_LAST + 1) +
2398 _CGROUP_IP_ACCOUNTING_METRIC_MAX + _CGROUP_IO_ACCOUNTING_METRIC_MAX + 4);
2399 if (!iovec)
2400 return log_oom();
2401
915b1d01 2402 /* Invoked whenever a unit enters failed or dead state. Logs information about consumed resources if resource
d03714e4 2403 * accounting was enabled for a unit. It does this in two ways: a friendly human-readable string with reduced
915b1d01
LP		 2404 * information and the complete data in structured fields. */
2405
3e5b96ee
MY		 2406 (void) unit_get_cpu_usage(u, &cpu_nsec);
2407 if (cpu_nsec != NSEC_INFINITY) {
915b1d01 2408 /* Format the CPU time for inclusion in the structured log message */
3e5b96ee
MY		 2409 if (asprintf(&t, "CPU_USAGE_NSEC=%" PRIu64, cpu_nsec) < 0)
2410 return log_oom();
2411 iovec[n_iovec++] = IOVEC_MAKE_STRING(TAKE_PTR(t));
915b1d01
LP		 2412
2413 /* Format the CPU time for inclusion in the human language message string */
df6ccb04 2414 if (dual_timestamp_is_set(&u->inactive_exit_timestamp) &&
2415 dual_timestamp_is_set(&u->inactive_enter_timestamp)) {
2416 usec_t wall_clock_usec = usec_sub_unsigned(u->inactive_enter_timestamp.monotonic, u->inactive_exit_timestamp.monotonic);
2417 if (strextendf_with_separator(&message, ", ",
2418 "Consumed %s CPU time over %s wall clock time",
2419 FORMAT_TIMESPAN(cpu_nsec / NSEC_PER_USEC, USEC_PER_MSEC),
2420 FORMAT_TIMESPAN(wall_clock_usec, USEC_PER_MSEC)) < 0)
2421 return log_oom();
2422 } else {
2423 if (strextendf_with_separator(&message, ", ",
2424 "Consumed %s CPU time",
2425 FORMAT_TIMESPAN(cpu_nsec / NSEC_PER_USEC, USEC_PER_MSEC)) < 0)
2426 return log_oom();
2427 }
37109b85
ZJS		 2428
2429 log_level = raise_level(log_level,
3e5b96ee
MY		 2430 cpu_nsec > MENTIONWORTHY_CPU_NSEC,
2431 cpu_nsec > NOTICEWORTHY_CPU_NSEC);
915b1d01
LP		 2432 }
2433
3e5b96ee 2434 for (CGroupMemoryAccountingMetric metric = 0; metric <= _CGROUP_MEMORY_ACCOUNTING_METRIC_CACHED_LAST; metric++) {
245841a8 2435 uint64_t value = UINT64_MAX;
0531bded 2436
3e5b96ee
MY		 2437 assert(memory_fields[metric].journal_field);
2438 assert(memory_fields[metric].message_suffix);
b1b84bc5 2439
245841a8
MY		 2440 (void) unit_get_memory_accounting(u, metric, &value);
2441 if (value == UINT64_MAX)
3e5b96ee 2442 continue;
0531bded 2443
245841a8 2444 if (asprintf(&t, "%s=%" PRIu64, memory_fields[metric].journal_field, value) < 0)
3e5b96ee
MY		 2445 return log_oom();
2446 iovec[n_iovec++] = IOVEC_MAKE_STRING(TAKE_PTR(t));
aac3384e 2447
245841a8
MY		 2448 /* If value is 0, we don't log it in the MESSAGE= field. */
2449 if (value == 0)
2450 continue;
2451
3e5b96ee 2452 if (strextendf_with_separator(&message, ", ", "%s %s",
245841a8 2453 FORMAT_BYTES(value), memory_fields[metric].message_suffix) < 0)
3e5b96ee 2454 return log_oom();
b1b84bc5
MY		 2455
2456 log_level = raise_level(log_level,
245841a8
MY		 2457 value > MENTIONWORTHY_MEMORY_BYTES,
2458 value > NOTICEWORTHY_MEMORY_BYTES);
aac3384e
FS		 2459 }
2460
bc40a20e 2461 for (CGroupIOAccountingMetric k = 0; k < _CGROUP_IO_ACCOUNTING_METRIC_MAX; k++) {
bc40a20e
LP		 2462 uint64_t value = UINT64_MAX;
2463
3e5b96ee 2464 assert(io_fields[k].journal_field);
bc40a20e 2465
a0020ad8 2466 (void) unit_get_io_accounting(u, k, &value);
bc40a20e
LP		 2467 if (value == UINT64_MAX)
2468 continue;
2469
bc40a20e 2470 /* Format IO accounting data for inclusion in the structured log message */
3e5b96ee
MY		 2471 if (asprintf(&t, "%s=%" PRIu64, io_fields[k].journal_field, value) < 0)
2472 return log_oom();
2473 iovec[n_iovec++] = IOVEC_MAKE_STRING(TAKE_PTR(t));
bc40a20e 2474
245841a8
MY		 2475 /* If value is 0, we don't log it in the MESSAGE= field. */
2476 if (value == 0)
2477 continue;
2478
bc40a20e
LP		 2479 /* Format the IO accounting data for inclusion in the human language message string, but only
2480 * for the bytes counters (and not for the operations counters) */
3e5b96ee
MY		 2481 if (io_fields[k].message_suffix) {
2482 if (strextendf_with_separator(&message, ", ", "%s %s",
2483 FORMAT_BYTES(value), io_fields[k].message_suffix) < 0)
2484 return log_oom();
37109b85 2485
37109b85
ZJS		 2486 log_level = raise_level(log_level,
2487 value > MENTIONWORTHY_IO_BYTES,
2488 value > NOTICEWORTHY_IO_BYTES);
bc40a20e
LP		 2489 }
2490 }
2491
12375b95 2492 for (CGroupIPAccountingMetric m = 0; m < _CGROUP_IP_ACCOUNTING_METRIC_MAX; m++) {
915b1d01
LP		 2493 uint64_t value = UINT64_MAX;
2494
3e5b96ee 2495 assert(ip_fields[m].journal_field);
915b1d01
LP		 2496
2497 (void) unit_get_ip_accounting(u, m, &value);
2498 if (value == UINT64_MAX)
2499 continue;
82044702 2500
915b1d01 2501 /* Format IP accounting data for inclusion in the structured log message */
3e5b96ee
MY		 2502 if (asprintf(&t, "%s=%" PRIu64, ip_fields[m].journal_field, value) < 0)
2503 return log_oom();
2504 iovec[n_iovec++] = IOVEC_MAKE_STRING(TAKE_PTR(t));
2505
245841a8
MY		 2506 /* If value is 0, we don't log it in the MESSAGE= field. */
2507 if (value == 0)
2508 continue;
2509
3e5b96ee
MY		 2510 /* Format the IP accounting data for inclusion in the human language message string, but only
2511 * for the bytes counters (and not for the packets counters) */
2512 if (ip_fields[m].message_suffix) {
2513 if (strextendf_with_separator(&message, ", ", "%s %s",
2514 FORMAT_BYTES(value), ip_fields[m].message_suffix) < 0)
2515 return log_oom();
37109b85 2516
37109b85
ZJS		 2517 log_level = raise_level(log_level,
2518 value > MENTIONWORTHY_IP_BYTES,
2519 value > NOTICEWORTHY_IP_BYTES);
82044702 2520 }
915b1d01
LP		 2521 }
2522
3e5b96ee
MY		 2523 /* This check is here because it is the earliest point following all possible log_level assignments.
2524 * (If log_level is assigned anywhere after this point, move this check.) */
2525 if (!unit_log_level_test(u, log_level))
2526 return 0;
2527
915b1d01
LP		 2528 /* Is there any accounting data available at all? */
2529 if (n_iovec == 0) {
3e5b96ee
MY		 2530 assert(!message);
2531 return 0;
915b1d01
LP		 2532 }
2533
3e5b96ee
MY		 2534 t = strjoin("MESSAGE=", u->id, ": ", message ?: "Completed", ".");
2535 if (!t)
2536 return log_oom();
2537 iovec[n_iovec++] = IOVEC_MAKE_STRING(TAKE_PTR(t));
915b1d01 2538
3e5b96ee
MY		 2539 if (!set_iovec_string_field(iovec, &n_iovec, "MESSAGE_ID=", SD_MESSAGE_UNIT_RESOURCES_STR))
2540 return log_oom();
915b1d01 2541
64fd6ba9 2542 if (!set_iovec_string_field(iovec, &n_iovec, unit_log_field(u), u->id))
3e5b96ee 2543 return log_oom();
915b1d01 2544
64fd6ba9 2545 if (!set_iovec_string_field(iovec, &n_iovec, unit_invocation_log_field(u), u->invocation_id_string))
3e5b96ee 2546 return log_oom();
915b1d01 2547
3e5b96ee 2548 log_unit_struct_iovec(u, log_level, iovec, n_iovec);
915b1d01 2549
3e5b96ee 2550 return 0;
915b1d01
LP		 2551}
2552
adefcf28
LP		 2553static void unit_update_on_console(Unit *u) {
2554 bool b;
2555
2556 assert(u);
2557
2558 b = unit_needs_console(u);
2559 if (u->on_console == b)
2560 return;
2561
2562 u->on_console = b;
2563 if (b)
2564 manager_ref_console(u->manager);
2565 else
2566 manager_unref_console(u->manager);
adefcf28
LP		 2567}
2568
6eb65e7c
LP		 2569static void unit_emit_audit_start(Unit *u) {
2570 assert(u);
2571
d52b8493 2572 if (UNIT_VTABLE(u)->audit_start_message_type <= 0)
6eb65e7c
LP		 2573 return;
2574
2575 /* Write audit record if we have just finished starting up */
d52b8493 2576 manager_send_unit_audit(u->manager, u, UNIT_VTABLE(u)->audit_start_message_type, /* success= */ true);
6eb65e7c
LP		 2577 u->in_audit = true;
2578}
2579
2580static void unit_emit_audit_stop(Unit *u, UnitActiveState state) {
2581 assert(u);
2582
d52b8493 2583 if (UNIT_VTABLE(u)->audit_start_message_type <= 0)
6eb65e7c
LP		 2584 return;
2585
2586 if (u->in_audit) {
2587 /* Write audit record if we have just finished shutting down */
d52b8493 2588 manager_send_unit_audit(u->manager, u, UNIT_VTABLE(u)->audit_stop_message_type, /* success= */ state == UNIT_INACTIVE);
6eb65e7c
LP		 2589 u->in_audit = false;
2590 } else {
2591 /* Hmm, if there was no start record written write it now, so that we always have a nice pair */
d52b8493 2592 manager_send_unit_audit(u->manager, u, UNIT_VTABLE(u)->audit_start_message_type, /* success= */ state == UNIT_INACTIVE);
6eb65e7c
LP		 2593
2594 if (state == UNIT_INACTIVE)
d52b8493 2595 manager_send_unit_audit(u->manager, u, UNIT_VTABLE(u)->audit_stop_message_type, /* success= */ true);
6eb65e7c
LP		 2596 }
2597}
2598
96b09de5 2599static bool unit_process_job(Job *j, UnitActiveState ns, bool reload_success) {
16c74914 2600 bool unexpected = false;
31cd5f63 2601 JobResult result;
16c74914
LP		 2602
2603 assert(j);
2604
2605 if (j->state == JOB_WAITING)
16c74914
LP		 2606 /* So we reached a different state for this job. Let's see if we can run it now if it failed previously
2607 * due to EAGAIN. */
2608 job_add_to_run_queue(j);
2609
2610 /* Let's check whether the unit's new state constitutes a finished job, or maybe contradicts a running job and
2611 * hence needs to invalidate jobs. */
2612
2613 switch (j->type) {
2614
2615 case JOB_START:
2616 case JOB_VERIFY_ACTIVE:
2617
2618 if (UNIT_IS_ACTIVE_OR_RELOADING(ns))
2619 job_finish_and_invalidate(j, JOB_DONE, true, false);
2620 else if (j->state == JOB_RUNNING && ns != UNIT_ACTIVATING) {
2621 unexpected = true;
2622
31cd5f63
AZ		 2623 if (UNIT_IS_INACTIVE_OR_FAILED(ns)) {
2624 if (ns == UNIT_FAILED)
2625 result = JOB_FAILED;
31cd5f63
AZ		 2626 else
2627 result = JOB_DONE;
2628
2629 job_finish_and_invalidate(j, result, true, false);
2630 }
16c74914
LP		 2631 }
2632
2633 break;
2634
2635 case JOB_RELOAD:
2636 case JOB_RELOAD_OR_START:
2637 case JOB_TRY_RELOAD:
2638
2639 if (j->state == JOB_RUNNING) {
2640 if (ns == UNIT_ACTIVE)
96b09de5 2641 job_finish_and_invalidate(j, reload_success ? JOB_DONE : JOB_FAILED, true, false);
5162829e 2642 else if (!IN_SET(ns, UNIT_ACTIVATING, UNIT_RELOADING, UNIT_REFRESHING)) {
16c74914
LP		 2643 unexpected = true;
2644
2645 if (UNIT_IS_INACTIVE_OR_FAILED(ns))
2646 job_finish_and_invalidate(j, ns == UNIT_FAILED ? JOB_FAILED : JOB_DONE, true, false);
2647 }
2648 }
2649
2650 break;
2651
2652 case JOB_STOP:
2653 case JOB_RESTART:
2654 case JOB_TRY_RESTART:
2655
2656 if (UNIT_IS_INACTIVE_OR_FAILED(ns))
2657 job_finish_and_invalidate(j, JOB_DONE, true, false);
2658 else if (j->state == JOB_RUNNING && ns != UNIT_DEACTIVATING) {
2659 unexpected = true;
2660 job_finish_and_invalidate(j, JOB_FAILED, true, false);
2661 }
2662
2663 break;
2664
2665 default:
04499a70 2666 assert_not_reached();
16c74914
LP		 2667 }
2668
2669 return unexpected;
2670}
2671
9ca16f6f
LP		 2672static void unit_recursive_add_to_run_queue(Unit *u) {
2673 assert(u);
2674
2675 if (u->job)
2676 job_add_to_run_queue(u->job);
2677
2678 Unit *child;
2679 UNIT_FOREACH_DEPENDENCY(child, u, UNIT_ATOM_SLICE_OF) {
2680
2681 if (!child->job)
2682 continue;
2683
2684 unit_recursive_add_to_run_queue(child);
2685 }
2686}
2687
2688static void unit_check_concurrency_limit(Unit *u) {
2689 assert(u);
2690
2691 Unit *slice = UNIT_GET_SLICE(u);
2692 if (!slice)
2693 return;
2694
2695 /* If a unit was stopped, maybe it has pending siblings (or children thereof) that can be started now */
2696
2697 if (SLICE(slice)->concurrency_soft_max != UINT_MAX) {
2698 Unit *sibling;
2699 UNIT_FOREACH_DEPENDENCY(sibling, slice, UNIT_ATOM_SLICE_OF) {
2700 if (sibling == u)
2701 continue;
2702
2703 unit_recursive_add_to_run_queue(sibling);
2704 }
2705 }
2706
2707 /* Also go up the tree. */
2708 unit_check_concurrency_limit(slice);
2709}
2710
96b09de5 2711void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, bool reload_success) {
87f0e418
LP		 2712 assert(u);
2713 assert(os < _UNIT_ACTIVE_STATE_MAX);
2714 assert(ns < _UNIT_ACTIVE_STATE_MAX);
87f0e418 2715
8559b3b7
LP		 2716 /* Note that this is called for all low-level state changes, even if they might map to the same high-level
2717 * UnitActiveState! That means that ns == os is an expected behavior here. For example: if a mount point is
2718 * remounted this function will be called too! */
87f0e418 2719
f6f271f0 2720 Manager *m = ASSERT_PTR(u->manager);
546ac4f0 2721
3c4832ad
LP		 2722 /* Let's enqueue the change signal early. In case this unit has a job associated we want that this unit is in
2723 * the bus queue, so that any job change signal queued will force out the unit change signal first. */
2724 unit_add_to_dbus_queue(u);
2725
b984151e
MY		 2726 /* Update systemd-oomd on the property/state change.
2727 *
2728 * Always send an update if the unit is going into an inactive state so systemd-oomd knows to
2729 * stop monitoring.
2730 * Also send an update whenever the unit goes active; this is to handle a case where an override file
2731 * sets one of the ManagedOOM*= properties to "kill", then later removes it. systemd-oomd needs to
2732 * know to stop monitoring when the unit changes from "kill" -> "auto" on daemon-reload, but we don't
2733 * have the information on the property. Thus, indiscriminately send an update. */
2734 if (os != ns && (UNIT_IS_INACTIVE_OR_FAILED(ns) || UNIT_IS_ACTIVE_OR_RELOADING(ns)))
2735 (void) manager_varlink_send_managed_oom_update(u);
e30bbc90 2736
f755e3b7 2737 /* Update timestamps for state changes */
2c289ea8 2738 if (!MANAGER_IS_RELOADING(m)) {
fa5a0251 2739 dual_timestamp_now(&u->state_change_timestamp);
173e3821 2740
bdbf9951 2741 if (UNIT_IS_INACTIVE_OR_FAILED(os) && !UNIT_IS_INACTIVE_OR_FAILED(ns))
a483fb59 2742 u->inactive_exit_timestamp = u->state_change_timestamp;
bdbf9951 2743 else if (!UNIT_IS_INACTIVE_OR_FAILED(os) && UNIT_IS_INACTIVE_OR_FAILED(ns))
a483fb59 2744 u->inactive_enter_timestamp = u->state_change_timestamp;
bdbf9951
LP		 2745
2746 if (!UNIT_IS_ACTIVE_OR_RELOADING(os) && UNIT_IS_ACTIVE_OR_RELOADING(ns))
a483fb59 2747 u->active_enter_timestamp = u->state_change_timestamp;
bdbf9951 2748 else if (UNIT_IS_ACTIVE_OR_RELOADING(os) && !UNIT_IS_ACTIVE_OR_RELOADING(ns))
a483fb59 2749 u->active_exit_timestamp = u->state_change_timestamp;
bdbf9951 2750 }
87f0e418 2751
865cc19a 2752 /* Keep track of failed units */
8724defe 2753 (void) manager_update_failed_units(m, u, ns == UNIT_FAILED);
f755e3b7 2754
d3070fbd
LP		 2755 /* Make sure the cgroup and state files are always removed when we become inactive */
2756 if (UNIT_IS_INACTIVE_OR_FAILED(ns)) {
ff68472a
ZJS		 2757 SET_FLAG(u->markers,
2758 (1u << UNIT_MARKER_NEEDS_RELOAD)|(1u << UNIT_MARKER_NEEDS_RESTART),
2759 false);
efdb0237 2760 unit_prune_cgroup(u);
d3070fbd 2761 unit_unlink_state_files(u);
ff68472a
ZJS		 2762 } else if (ns != os && ns == UNIT_RELOADING)
2763 SET_FLAG(u->markers, 1u << UNIT_MARKER_NEEDS_RELOAD, false);
fb385181 2764
adefcf28 2765 unit_update_on_console(u);
7ed9f6cd 2766
2c289ea8 2767 if (!MANAGER_IS_RELOADING(m)) {
a1c7334b
LP		 2768 bool unexpected;
2769
2770 /* Let's propagate state changes to the job */
2771 if (u->job)
96b09de5 2772 unexpected = unit_process_job(u->job, ns, reload_success);
a1c7334b
LP		 2773 else
2774 unexpected = true;
f3bff0eb 2775
a1c7334b
LP		 2776 /* If this state change happened without being requested by a job, then let's retroactively start or
2777 * stop dependencies. We skip that step when deserializing, since we don't want to create any
2778 * additional jobs just because something is already activated. */
bdbf9951
LP		 2779
2780 if (unexpected) {
2781 if (UNIT_IS_INACTIVE_OR_FAILED(os) && UNIT_IS_ACTIVE_OR_ACTIVATING(ns))
2782 retroactively_start_dependencies(u);
2783 else if (UNIT_IS_ACTIVE_OR_ACTIVATING(os) && UNIT_IS_INACTIVE_OR_DEACTIVATING(ns))
2784 retroactively_stop_dependencies(u);
2785 }
5de9682c 2786
256f65d0
LP		 2787 if (UNIT_IS_ACTIVE_OR_RELOADING(ns) && !UNIT_IS_ACTIVE_OR_RELOADING(os)) {
2788 /* This unit just finished starting up */
3b2775c5 2789
6eb65e7c 2790 unit_emit_audit_start(u);
546ac4f0 2791 manager_send_unit_plymouth(m, u);
b2d6bb5b 2792 manager_send_unit_supervisor(m, u, /* active= */ true);
bdbf9951 2793
8c4514b2 2794 } else if (UNIT_IS_INACTIVE_OR_FAILED(ns) && !UNIT_IS_INACTIVE_OR_FAILED(os)) {
915b1d01 2795 /* This unit just stopped/failed. */
256f65d0 2796
6eb65e7c 2797 unit_emit_audit_stop(u, ns);
b2d6bb5b 2798 manager_send_unit_supervisor(m, u, /* active= */ false);
915b1d01 2799 unit_log_resources(u);
cd6d0a45 2800 }
294446dc 2801
49b34f75 2802 if (ns == UNIT_INACTIVE && !IN_SET(os, UNIT_FAILED, UNIT_INACTIVE, UNIT_MAINTENANCE))
9faeb2d0 2803 unit_start_on_termination_deps(u, UNIT_ATOM_ON_SUCCESS);
8c4514b2 2804 else if (ns != os && ns == UNIT_FAILED)
9faeb2d0 2805 unit_start_on_termination_deps(u, UNIT_ATOM_ON_FAILURE);
f278026d
LP		 2806 }
2807
31dc1ca3
LP		 2808 manager_recheck_journal(m);
2809 manager_recheck_dbus(m);
e63ebf71 2810
3ecaa09b 2811 unit_trigger_notify(u);
3b2775c5 2812
8724defe 2813 if (!MANAGER_IS_RELOADING(m)) {
f6f271f0
MY		 2814 const char *reason;
2815
429926e9
TR		 2816 if (os != UNIT_FAILED && ns == UNIT_FAILED) {
2817 reason = strjoina("unit ", u->id, " failed");
96a0cfbf 2818 emergency_action(m, u->failure_action, EMERGENCY_ACTION_WARN|EMERGENCY_ACTION_SLEEP_5S, u->reboot_arg, unit_failure_action_exit_status(u), reason);
429926e9
TR		 2819 } else if (!UNIT_IS_INACTIVE_OR_FAILED(os) && ns == UNIT_INACTIVE) {
2820 reason = strjoina("unit ", u->id, " succeeded");
96a0cfbf 2821 emergency_action(m, u->success_action, /* flags= */ 0, u->reboot_arg, unit_success_action_exit_status(u), reason);
429926e9 2822 }
ff502445
LP		 2823 }
2824
99e9af25 2825 /* And now, add the unit or depending units to various queues that will act on the new situation if
48008c1c 2826 * needed. These queues generally check for continuous state changes rather than events (like most of
99e9af25
LP		 2827 * the state propagation above), and do work deferred instead of instantly, since they typically
2828 * don't want to run during reloading, and usually involve checking combined state of multiple units
2829 * at once. */
2830
2831 if (UNIT_IS_INACTIVE_OR_FAILED(ns)) {
2832 /* Stop unneeded units and bound-by units regardless if going down was expected or not */
2833 check_unneeded_dependencies(u);
2834 check_bound_by_dependencies(u);
2835
2836 /* Maybe someone wants us to remain up? */
2837 unit_submit_to_start_when_upheld_queue(u);
2838
2839 /* Maybe the unit should be GC'ed now? */
2840 unit_add_to_gc_queue(u);
6ac62d61
LP		 2841
2842 /* Maybe we can release some resources now? */
2843 unit_submit_to_release_resources_queue(u);
99e9af25 2844
9ca16f6f
LP		 2845 /* Maybe the concurrency limits now allow dispatching of another start job in this slice? */
2846 unit_check_concurrency_limit(u);
2847
1b4ab5a2
MY		 2848 /* Maybe someone else has been waiting for us to stop? */
2849 m->may_dispatch_stop_notify_queue = true;
2850
b984151e 2851 } else if (UNIT_IS_ACTIVE_OR_RELOADING(ns)) {
99e9af25
LP		 2852 /* Start uphold units regardless if going up was expected or not */
2853 check_uphold_dependencies(u);
2854
2855 /* Maybe we finished startup and are now ready for being stopped because unneeded? */
2856 unit_submit_to_stop_when_unneeded_queue(u);
2857
2858 /* Maybe we finished startup, but something we needed has vanished? Let's die then. (This happens
2859 * when something BindsTo= to a Type=oneshot unit, as these units go directly from starting to
2860 * inactive, without ever entering started.) */
2861 unit_submit_to_stop_when_bound_queue(u);
2862 }
87f0e418
LP		 2863}
2864
d70dfe1b 2865int unit_watch_pidref(Unit *u, const PidRef *pid, bool exclusive) {
495e75ed 2866 _cleanup_(pidref_freep) PidRef *pid_dup = NULL;
62a76913 2867 int r;
a911bb9a 2868
495e75ed 2869 /* Adds a specific PID to the set of PIDs this unit watches. */
87f0e418 2870
495e75ed
LP		 2871 assert(u);
2872 assert(pidref_is_set(pid));
5ba6985b 2873
f75f613d
FB		 2874 /* Caller might be sure that this PID belongs to this unit only. Let's take this
2875 * opportunity to remove any stalled references to this PID as they can be created
2876 * easily (when watching a process which is not our direct child). */
2877 if (exclusive)
495e75ed
LP		 2878 manager_unwatch_pidref(u->manager, pid);
2879
c06b8d96
MY		 2880 if (set_contains(u->pids, pid)) { /* early exit if already being watched */
2881 assert(!exclusive);
495e75ed 2882 return 0;
c06b8d96 2883 }
f75f613d 2884
495e75ed 2885 r = pidref_dup(pid, &pid_dup);
5ba6985b
LP		 2886 if (r < 0)
2887 return r;
2888
495e75ed 2889 /* First, insert into the set of PIDs maintained by the unit */
4c8d5f02 2890 r = set_ensure_put(&u->pids, &pidref_hash_ops_free, pid_dup);
a911bb9a
LP		 2891 if (r < 0)
2892 return r;
2893
495e75ed 2894 pid = TAKE_PTR(pid_dup); /* continue with our copy now that we have installed it properly in our set */
05e343b7 2895
495e75ed 2896 /* Second, insert it into the simple global table, see if that works */
c06b8d96 2897 r = hashmap_ensure_put(&u->manager->watch_pids, &pidref_hash_ops, pid, u);
495e75ed
LP		 2898 if (r != -EEXIST)
2899 return r;
a911bb9a 2900
495e75ed
LP		 2901 /* OK, the key is already assigned to a different unit. That's fine, then add us via the second
2902 * hashmap that points to an array. */
a911bb9a 2903
495e75ed
LP		 2904 PidRef *old_pid = NULL;
2905 Unit **array = hashmap_get2(u->manager->watch_pids_more, pid, (void**) &old_pid);
62a76913 2906
495e75ed
LP		 2907 /* Count entries in array */
2908 size_t n = 0;
2909 for (; array && array[n]; n++)
2910 ;
62a76913 2911
495e75ed
LP		 2912 /* Allocate a new array */
2913 _cleanup_free_ Unit **new_array = new(Unit*, n + 2);
2914 if (!new_array)
2915 return -ENOMEM;
62a76913 2916
495e75ed
LP		 2917 /* Append us to the end */
2918 memcpy_safe(new_array, array, sizeof(Unit*) * n);
2919 new_array[n] = u;
2920 new_array[n+1] = NULL;
62a76913 2921
495e75ed 2922 /* Add or replace the old array */
c06b8d96 2923 r = hashmap_ensure_replace(&u->manager->watch_pids_more, &pidref_hash_ops, old_pid ?: pid, new_array);
62a76913
LP		 2924 if (r < 0)
2925 return r;
2926
495e75ed
LP		 2927 TAKE_PTR(new_array); /* Now part of the hash table */
2928 free(array); /* Which means we can now delete the old version */
62a76913 2929 return 0;
87f0e418
LP		 2930}
2931
d70dfe1b 2932void unit_unwatch_pidref(Unit *u, const PidRef *pid) {
495e75ed
LP		 2933 assert(u);
2934 assert(pidref_is_set(pid));
2935
2936 /* Remove from the set we maintain for this unit. (And destroy the returned pid eventually) */
2937 _cleanup_(pidref_freep) PidRef *pid1 = set_remove(u->pids, pid);
2938 if (!pid1)
2939 return; /* Early exit if this PID was never watched by us */
2940
2941 /* First let's drop the unit from the simple hash table, if it is included there */
2942 PidRef *pid2 = NULL;
2943 Unit *uu = hashmap_get2(u->manager->watch_pids, pid, (void**) &pid2);
2944
2945 /* Quick validation: iff we are in the watch_pids table then the PidRef object must be the same as in our local pids set */
2946 assert((uu == u) == (pid1 == pid2));
2947
2948 if (uu == u)
2949 /* OK, we are in the first table. Let's remove it there then, and we are done already. */
1c2beeb0 2950 assert_se(hashmap_remove_value(u->manager->watch_pids, pid2, uu));
495e75ed
LP		 2951 else {
2952 /* We weren't in the first table, then let's consult the 2nd table that points to an array */
2953 PidRef *pid3 = NULL;
2954 Unit **array = hashmap_get2(u->manager->watch_pids_more, pid, (void**) &pid3);
2955
2956 /* Let's iterate through the array, dropping our own entry */
2957 size_t m = 0, n = 0;
2958 for (; array && array[n]; n++)
62a76913
LP		 2959 if (array[n] != u)
2960 array[m++] = array[n];
495e75ed
LP		 2961 if (n == m)
2962 return; /* Not there */
2963
2964 array[m] = NULL; /* set trailing NULL marker on the new end */
62a76913
LP		 2965
2966 if (m == 0) {
2967 /* The array is now empty, remove the entire entry */
1c2beeb0 2968 assert_se(hashmap_remove_value(u->manager->watch_pids_more, pid3, array));
62a76913 2969 free(array);
495e75ed
LP		 2970 } else {
2971 /* The array is not empty, but let's make sure the entry is not keyed by the PidRef
2972 * we will delete, but by the PidRef object of the Unit that is now first in the
2973 * array. */
2974
2975 PidRef *new_pid3 = ASSERT_PTR(set_get(array[0]->pids, pid));
2976 assert_se(hashmap_replace(u->manager->watch_pids_more, new_pid3, array) >= 0);
62a76913
LP		 2977 }
2978 }
495e75ed 2979}
87f0e418 2980
bd44e61b
LP		 2981void unit_unwatch_all_pids(Unit *u) {
2982 assert(u);
2983
2984 while (!set_isempty(u->pids))
495e75ed 2985 unit_unwatch_pidref(u, set_first(u->pids));
bd44e61b 2986
efdb0237 2987 u->pids = set_free(u->pids);
a911bb9a
LP		 2988}
2989
ea1e0bf1
YW		 2990void unit_unwatch_pidref_done(Unit *u, PidRef *pidref) {
2991 assert(u);
2992
2993 if (!pidref_is_set(pidref))
2994 return;
2995
2996 unit_unwatch_pidref(u, pidref);
2997 pidref_done(pidref);
2998}
2999
87f0e418
LP		 3000bool unit_job_is_applicable(Unit *u, JobType j) {
3001 assert(u);
3002 assert(j >= 0 && j < _JOB_TYPE_MAX);
3003
3004 switch (j) {
3005
3006 case JOB_VERIFY_ACTIVE:
3007 case JOB_START:
e0209d83 3008 case JOB_NOP:
f5869324 3009 /* Note that we don't check unit_can_start() here. That's because .device units and suchlike are not
86b52a39 3010 * startable by us but may appear due to external events, and it thus makes sense to permit enqueuing
f5869324 3011 * jobs for it. */
87f0e418
LP		 3012 return true;
3013
f5869324
LP		 3014 case JOB_STOP:
3015 /* Similar as above. However, perpetual units can never be stopped (neither explicitly nor due to
86b52a39 3016 * external events), hence it makes no sense to permit enqueuing such a request either. */
f5869324
LP		 3017 return !u->perpetual;
3018
87f0e418
LP		 3019 case JOB_RESTART:
3020 case JOB_TRY_RESTART:
f5869324 3021 return unit_can_stop(u) && unit_can_start(u);
87f0e418
LP		 3022
3023 case JOB_RELOAD:
3282591d 3024 case JOB_TRY_RELOAD:
87f0e418
LP		 3025 return unit_can_reload(u);
3026
3027 case JOB_RELOAD_OR_START:
3028 return unit_can_reload(u) && unit_can_start(u);
3029
3030 default:
04499a70 3031 assert_not_reached();
87f0e418
LP		 3032 }
3033}
3034
83110824
YW		 3035static Hashmap *unit_get_dependency_hashmap_per_type(Unit *u, UnitDependency d) {
3036 Hashmap *deps;
3037
3038 assert(u);
3039 assert(d >= 0 && d < _UNIT_DEPENDENCY_MAX);
3040
3041 deps = hashmap_get(u->dependencies, UNIT_DEPENDENCY_TO_PTR(d));
3042 if (!deps) {
3043 _cleanup_hashmap_free_ Hashmap *h = NULL;
3044
3045 h = hashmap_new(NULL);
3046 if (!h)
3047 return NULL;
3048
3049 if (hashmap_ensure_put(&u->dependencies, NULL, UNIT_DEPENDENCY_TO_PTR(d), h) < 0)
3050 return NULL;
3051
3052 deps = TAKE_PTR(h);
3053 }
3054
3055 return deps;
3056}
3057
3058typedef enum NotifyDependencyFlags {
3059 NOTIFY_DEPENDENCY_UPDATE_FROM = 1 << 0,
3060 NOTIFY_DEPENDENCY_UPDATE_TO = 1 << 1,
3061} NotifyDependencyFlags;
3062
3063static int unit_add_dependency_impl(
eef85c4a
LP		 3064 Unit *u,
3065 UnitDependency d,
3066 Unit *other,
eef85c4a 3067 UnitDependencyMask mask) {
87f0e418
LP		 3068
3069 static const UnitDependency inverse_table[_UNIT_DEPENDENCY_MAX] = {
fb138166
ZJS		 3070 [UNIT_REQUIRES] = UNIT_REQUIRED_BY,
3071 [UNIT_REQUISITE] = UNIT_REQUISITE_OF,
3072 [UNIT_WANTS] = UNIT_WANTED_BY,
3073 [UNIT_BINDS_TO] = UNIT_BOUND_BY,
3074 [UNIT_PART_OF] = UNIT_CONSISTS_OF,
3075 [UNIT_UPHOLDS] = UNIT_UPHELD_BY,
3076 [UNIT_REQUIRED_BY] = UNIT_REQUIRES,
3077 [UNIT_REQUISITE_OF] = UNIT_REQUISITE,
3078 [UNIT_WANTED_BY] = UNIT_WANTS,
3079 [UNIT_BOUND_BY] = UNIT_BINDS_TO,
3080 [UNIT_CONSISTS_OF] = UNIT_PART_OF,
3081 [UNIT_UPHELD_BY] = UNIT_UPHOLDS,
3082 [UNIT_CONFLICTS] = UNIT_CONFLICTED_BY,
3083 [UNIT_CONFLICTED_BY] = UNIT_CONFLICTS,
3084 [UNIT_BEFORE] = UNIT_AFTER,
3085 [UNIT_AFTER] = UNIT_BEFORE,
3086 [UNIT_ON_SUCCESS] = UNIT_ON_SUCCESS_OF,
3087 [UNIT_ON_SUCCESS_OF] = UNIT_ON_SUCCESS,
3088 [UNIT_ON_FAILURE] = UNIT_ON_FAILURE_OF,
3089 [UNIT_ON_FAILURE_OF] = UNIT_ON_FAILURE,
3090 [UNIT_TRIGGERS] = UNIT_TRIGGERED_BY,
3091 [UNIT_TRIGGERED_BY] = UNIT_TRIGGERS,
3092 [UNIT_PROPAGATES_RELOAD_TO] = UNIT_RELOAD_PROPAGATED_FROM,
85e9a101 3093 [UNIT_RELOAD_PROPAGATED_FROM] = UNIT_PROPAGATES_RELOAD_TO,
fb138166
ZJS		 3094 [UNIT_PROPAGATES_STOP_TO] = UNIT_STOP_PROPAGATED_FROM,
3095 [UNIT_STOP_PROPAGATED_FROM] = UNIT_PROPAGATES_STOP_TO,
3096 [UNIT_JOINS_NAMESPACE_OF] = UNIT_JOINS_NAMESPACE_OF, /* symmetric! 👓 */
3097 [UNIT_REFERENCES] = UNIT_REFERENCED_BY,
3098 [UNIT_REFERENCED_BY] = UNIT_REFERENCES,
3099 [UNIT_IN_SLICE] = UNIT_SLICE_OF,
3100 [UNIT_SLICE_OF] = UNIT_IN_SLICE,
87f0e418 3101 };
83110824
YW		 3102
3103 Hashmap *u_deps, *other_deps;
3104 UnitDependencyInfo u_info, u_info_old, other_info, other_info_old;
3105 NotifyDependencyFlags flags = 0;
3106 int r;
3107
3108 assert(u);
3109 assert(other);
3110 assert(d >= 0 && d < _UNIT_DEPENDENCY_MAX);
3111 assert(inverse_table[d] >= 0 && inverse_table[d] < _UNIT_DEPENDENCY_MAX);
3112 assert(mask > 0 && mask < _UNIT_DEPENDENCY_MASK_FULL);
3113
3114 /* Ensure the following two hashmaps for each unit exist:
3115 * - the top-level dependency hashmap that maps UnitDependency → Hashmap(Unit* → UnitDependencyInfo),
3116 * - the inner hashmap, that maps Unit* → UnitDependencyInfo, for the specified dependency type. */
3117 u_deps = unit_get_dependency_hashmap_per_type(u, d);
3118 if (!u_deps)
3119 return -ENOMEM;
3120
3121 other_deps = unit_get_dependency_hashmap_per_type(other, inverse_table[d]);
3122 if (!other_deps)
3123 return -ENOMEM;
3124
3125 /* Save the original dependency info. */
3126 u_info.data = u_info_old.data = hashmap_get(u_deps, other);
3127 other_info.data = other_info_old.data = hashmap_get(other_deps, u);
3128
3129 /* Update dependency info. */
3130 u_info.origin_mask |= mask;
3131 other_info.destination_mask |= mask;
3132
3133 /* Save updated dependency info. */
3134 if (u_info.data != u_info_old.data) {
3135 r = hashmap_replace(u_deps, other, u_info.data);
3136 if (r < 0)
3137 return r;
3138
3139 flags = NOTIFY_DEPENDENCY_UPDATE_FROM;
b7777d08 3140 u->dependency_generation++;
83110824
YW		 3141 }
3142
3143 if (other_info.data != other_info_old.data) {
3144 r = hashmap_replace(other_deps, u, other_info.data);
3145 if (r < 0) {
3146 if (u_info.data != u_info_old.data) {
3147 /* Restore the old dependency. */
3148 if (u_info_old.data)
3149 (void) hashmap_update(u_deps, other, u_info_old.data);
3150 else
3151 hashmap_remove(u_deps, other);
3152 }
3153 return r;
3154 }
3155
3156 flags |= NOTIFY_DEPENDENCY_UPDATE_TO;
b7777d08 3157 other->dependency_generation++;
83110824
YW		 3158 }
3159
3160 return flags;
3161}
3162
3163int unit_add_dependency(
3164 Unit *u,
3165 UnitDependency d,
3166 Unit *other,
3167 bool add_reference,
3168 UnitDependencyMask mask) {
3169
15ed3c3a 3170 UnitDependencyAtom a;
eef85c4a 3171 int r;
15ed3c3a
LP		 3172
3173 /* Helper to know whether sending a notification is necessary or not: if the dependency is already
3174 * there, no need to notify! */
83110824 3175 NotifyDependencyFlags notify_flags;
87f0e418
LP		 3176
3177 assert(u);
3178 assert(d >= 0 && d < _UNIT_DEPENDENCY_MAX);
87f0e418
LP		 3179 assert(other);
3180
9f151f29
LP		 3181 u = unit_follow_merge(u);
3182 other = unit_follow_merge(other);
15ed3c3a
LP		 3183 a = unit_dependency_to_atom(d);
3184 assert(a >= 0);
9f151f29 3185
15ed3c3a 3186 /* We won't allow dependencies on ourselves. We will not consider them an error however. */
d1fab3fe 3187 if (u == other) {
ed991163
YW		 3188 if (unit_should_warn_about_dependency(d))
3189 log_unit_warning(u, "Dependency %s=%s is dropped.",
3190 unit_dependency_to_string(d), u->id);
87f0e418 3191 return 0;
d1fab3fe 3192 }
87f0e418 3193
f14d6810
MG		 3194 if (u->manager && FLAGS_SET(u->manager->test_run_flags, MANAGER_TEST_RUN_IGNORE_DEPENDENCIES))
3195 return 0;
3196
93df5217
LB		 3197 /* Note that ordering a device unit after a unit is permitted since it allows its job running
3198 * timeout to be started at a specific time. */
15ed3c3a 3199 if (FLAGS_SET(a, UNIT_ATOM_BEFORE) && other->type == UNIT_DEVICE) {
b862c257 3200 log_unit_warning(u, "Dependency Before=%s ignored (.device units cannot be delayed)", other->id);
c80a9a33
LP		 3201 return 0;
3202 }
3203
15ed3c3a 3204 if (FLAGS_SET(a, UNIT_ATOM_ON_FAILURE) && !UNIT_VTABLE(u)->can_fail) {
c80a9a33
LP		 3205 log_unit_warning(u, "Requested dependency OnFailure=%s ignored (%s units cannot fail).", other->id, unit_type_to_string(u->type));
3206 return 0;
3207 }
3208
15ed3c3a 3209 if (FLAGS_SET(a, UNIT_ATOM_TRIGGERS) && !UNIT_VTABLE(u)->can_trigger)
c80a9a33
LP		 3210 return log_unit_error_errno(u, SYNTHETIC_ERRNO(EINVAL),
3211 "Requested dependency Triggers=%s refused (%s units cannot trigger other units).", other->id, unit_type_to_string(u->type));
15ed3c3a 3212 if (FLAGS_SET(a, UNIT_ATOM_TRIGGERED_BY) && !UNIT_VTABLE(other)->can_trigger)
c80a9a33
LP		 3213 return log_unit_error_errno(u, SYNTHETIC_ERRNO(EINVAL),
3214 "Requested dependency TriggeredBy=%s refused (%s units cannot trigger other units).", other->id, unit_type_to_string(other->type));
3215
d219a2b0
LP		 3216 if (FLAGS_SET(a, UNIT_ATOM_IN_SLICE) && other->type != UNIT_SLICE)
3217 return log_unit_error_errno(u, SYNTHETIC_ERRNO(EINVAL),
3218 "Requested dependency Slice=%s refused (%s is not a slice unit).", other->id, other->id);
3219 if (FLAGS_SET(a, UNIT_ATOM_SLICE_OF) && u->type != UNIT_SLICE)
3220 return log_unit_error_errno(u, SYNTHETIC_ERRNO(EINVAL),
3221 "Requested dependency SliceOf=%s refused (%s is not a slice unit).", other->id, u->id);
3222
3223 if (FLAGS_SET(a, UNIT_ATOM_IN_SLICE) && !UNIT_HAS_CGROUP_CONTEXT(u))
3224 return log_unit_error_errno(u, SYNTHETIC_ERRNO(EINVAL),
3225 "Requested dependency Slice=%s refused (%s is not a cgroup unit).", other->id, u->id);
3226
3227 if (FLAGS_SET(a, UNIT_ATOM_SLICE_OF) && !UNIT_HAS_CGROUP_CONTEXT(other))
3228 return log_unit_error_errno(u, SYNTHETIC_ERRNO(EINVAL),
3229 "Requested dependency SliceOf=%s refused (%s is not a cgroup unit).", other->id, other->id);
3230
83110824 3231 r = unit_add_dependency_impl(u, d, other, mask);
613b411c 3232 if (r < 0)
87f0e418 3233 return r;
83110824 3234 notify_flags = r;
613b411c
LP		 3235
3236 if (add_reference) {
83110824 3237 r = unit_add_dependency_impl(u, UNIT_REFERENCES, other, mask);
613b411c 3238 if (r < 0)
701cc384 3239 return r;
83110824 3240 notify_flags |= r;
613b411c 3241 }
87f0e418 3242
83110824 3243 if (FLAGS_SET(notify_flags, NOTIFY_DEPENDENCY_UPDATE_FROM))
5177cb0a 3244 unit_add_to_dbus_queue(u);
83110824 3245 if (FLAGS_SET(notify_flags, NOTIFY_DEPENDENCY_UPDATE_TO))
ac17080c 3246 unit_add_to_dbus_queue(other);
15ed3c3a 3247
83110824 3248 return notify_flags != 0;
87f0e418 3249}
0301abf4 3250
eef85c4a 3251int unit_add_two_dependencies(Unit *u, UnitDependency d, UnitDependency e, Unit *other, bool add_reference, UnitDependencyMask mask) {
5ee8e988 3252 int r = 0, s = 0;
2c966c03
LP		 3253
3254 assert(u);
5ee8e988 3255 assert(d >= 0 || e >= 0);
2c966c03 3256
5ee8e988
LB		 3257 if (d >= 0) {
3258 r = unit_add_dependency(u, d, other, add_reference, mask);
3259 if (r < 0)
3260 return r;
3261 }
2c966c03 3262
5ee8e988
LB		 3263 if (e >= 0) {
3264 s = unit_add_dependency(u, e, other, add_reference, mask);
3265 if (s < 0)
3266 return s;
3267 }
a8c5a4c6
YW		 3268
3269 return r > 0 || s > 0;
2c966c03
LP		 3270}
3271
23e8c796 3272static int resolve_template(Unit *u, const char *name, char **buf, const char **ret) {
7410616c 3273 int r;
9e2f7c11
LP		 3274
3275 assert(u);
23e8c796 3276 assert(name);
7410616c
LP		 3277 assert(buf);
3278 assert(ret);
9e2f7c11 3279
7410616c
LP		 3280 if (!unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) {
3281 *buf = NULL;
3282 *ret = name;
3283 return 0;
9e2f7c11
LP		 3284 }
3285
ac155bb8 3286 if (u->instance)
7410616c 3287 r = unit_name_replace_instance(name, u->instance, buf);
9e2f7c11 3288 else {
ae018d9b 3289 _cleanup_free_ char *i = NULL;
9e2f7c11 3290
7410616c
LP		 3291 r = unit_name_to_prefix(u->id, &i);
3292 if (r < 0)
3293 return r;
9e2f7c11 3294
7410616c 3295 r = unit_name_replace_instance(name, i, buf);
9e2f7c11 3296 }
7410616c
LP		 3297 if (r < 0)
3298 return r;
9e2f7c11 3299
7410616c
LP		 3300 *ret = *buf;
3301 return 0;
9e2f7c11
LP		 3302}
3303
35d8c19a 3304int unit_add_dependency_by_name(Unit *u, UnitDependency d, const char *name, bool add_reference, UnitDependencyMask mask) {
7410616c 3305 _cleanup_free_ char *buf = NULL;
09b6b09f
LP		 3306 Unit *other;
3307 int r;
3308
9e2f7c11 3309 assert(u);
35d8c19a 3310 assert(name);
09b6b09f 3311
23e8c796 3312 r = resolve_template(u, name, &buf, &name);
7410616c
LP		 3313 if (r < 0)
3314 return r;
09b6b09f 3315
f14d6810
MG		 3316 if (u->manager && FLAGS_SET(u->manager->test_run_flags, MANAGER_TEST_RUN_IGNORE_DEPENDENCIES))
3317 return 0;
3318
35d8c19a 3319 r = manager_load_unit(u->manager, name, NULL, NULL, &other);
8afbb8e1
LP		 3320 if (r < 0)
3321 return r;
9e2f7c11 3322
eef85c4a 3323 return unit_add_dependency(u, d, other, add_reference, mask);
09b6b09f
LP		 3324}
3325
5a724170 3326int unit_add_two_dependencies_by_name(Unit *u, UnitDependency d, UnitDependency e, const char *name, bool add_reference, UnitDependencyMask mask) {
7410616c 3327 _cleanup_free_ char *buf = NULL;
2c966c03
LP		 3328 Unit *other;
3329 int r;
2c966c03
LP		 3330
3331 assert(u);
5a724170 3332 assert(name);
2c966c03 3333
23e8c796 3334 r = resolve_template(u, name, &buf, &name);
7410616c
LP		 3335 if (r < 0)
3336 return r;
2c966c03 3337
f14d6810
MG		 3338 if (u->manager && FLAGS_SET(u->manager->test_run_flags, MANAGER_TEST_RUN_IGNORE_DEPENDENCIES))
3339 return 0;
3340
5a724170 3341 r = manager_load_unit(u->manager, name, NULL, NULL, &other);
3f3cc397 3342 if (r < 0)
68eda4bd 3343 return r;
2c966c03 3344
eef85c4a 3345 return unit_add_two_dependencies(u, d, e, other, add_reference, mask);
2c966c03
LP		 3346}
3347
6c8ade30
MY		 3348int setenv_unit_path(const char *p) {
3349 assert(p);
3350
0301abf4 3351 /* This is mostly for debug purposes */
6c8ade30 3352 return RET_NERRNO(setenv("SYSTEMD_UNIT_PATH", p, /* overwrite = */ true));
0301abf4 3353}
88066b3a 3354
ff3f2953 3355char* unit_dbus_path(Unit *u) {
ea430986
LP		 3356 assert(u);
3357
ac155bb8 3358 if (!u->id)
04ade7d2
LP		 3359 return NULL;
3360
48899192 3361 return unit_dbus_path_from_name(u->id);
ea430986
LP		 3362}
3363
ff3f2953 3364char* unit_dbus_path_invocation_id(Unit *u) {
4b58153d
LP		 3365 assert(u);
3366
3367 if (sd_id128_is_null(u->invocation_id))
3368 return NULL;
3369
3370 return unit_dbus_path_from_name(u->invocation_id_string);
3371}
3372
2d3b784d 3373int unit_set_invocation_id(Unit *u, sd_id128_t id) {
db868d45
ZJS		 3374 int r;
3375
3376 assert(u);
3377
3378 /* Set the invocation ID for this unit. If we cannot, this will not roll back, but reset the whole thing. */
3379
3380 if (sd_id128_equal(u->invocation_id, id))
3381 return 0;
3382
3383 if (!sd_id128_is_null(u->invocation_id))
3384 (void) hashmap_remove_value(u->manager->units_by_invocation_id, &u->invocation_id, u);
3385
3386 if (sd_id128_is_null(id)) {
3387 r = 0;
3388 goto reset;
3389 }
3390
3391 r = hashmap_ensure_allocated(&u->manager->units_by_invocation_id, &id128_hash_ops);
3392 if (r < 0)
3393 goto reset;
3394
3395 u->invocation_id = id;
3396 sd_id128_to_string(id, u->invocation_id_string);
3397
3398 r = hashmap_put(u->manager->units_by_invocation_id, &u->invocation_id, u);
3399 if (r < 0)
3400 goto reset;
3401
3402 return 0;
3403
3404reset:
3405 u->invocation_id = SD_ID128_NULL;
3406 u->invocation_id_string[0] = 0;
3407 return r;
3408}
3409
899acf5c 3410int unit_set_slice(Unit *u, Unit *slice) {
d219a2b0
LP		 3411 int r;
3412
d79200e2
LP		 3413 assert(u);
3414 assert(slice);
3415
d219a2b0
LP		 3416 /* Sets the unit slice if it has not been set before. Is extra careful, to only allow this for units
3417 * that actually have a cgroup context. Also, we don't allow to set this for slices (since the parent
3418 * slice is derived from the name). Make sure the unit we set is actually a slice. */
d79200e2
LP		 3419
3420 if (!UNIT_HAS_CGROUP_CONTEXT(u))
3421 return -EOPNOTSUPP;
3422
3423 if (u->type == UNIT_SLICE)
3424 return -EINVAL;
3425
102ef982
LP		 3426 if (unit_active_state(u) != UNIT_INACTIVE)
3427 return -EBUSY;
3428
d79200e2
LP		 3429 if (slice->type != UNIT_SLICE)
3430 return -EINVAL;
3431
efdb0237
LP		 3432 if (unit_has_name(u, SPECIAL_INIT_SCOPE) &&
3433 !unit_has_name(slice, SPECIAL_ROOT_SLICE))
3434 return -EPERM;
3435
12f64221 3436 if (UNIT_GET_SLICE(u) == slice)
d79200e2
LP		 3437 return 0;
3438
99e66921 3439 /* Disallow slice changes if @u is already bound to cgroups */
9cc54544
LP		 3440 if (UNIT_GET_SLICE(u)) {
3441 CGroupRuntime *crt = unit_get_cgroup_runtime(u);
23ac0811 3442 if (crt && crt->cgroup_path)
9cc54544
LP		 3443 return -EBUSY;
3444 }
d79200e2 3445
899acf5c
AZ		 3446 /* Remove any slices assigned prior; we should only have one UNIT_IN_SLICE dependency */
3447 if (UNIT_GET_SLICE(u))
3448 unit_remove_dependencies(u, UNIT_DEPENDENCY_SLICE_PROPERTY);
3449
3450 r = unit_add_dependency(u, UNIT_IN_SLICE, slice, true, UNIT_DEPENDENCY_SLICE_PROPERTY);
d219a2b0
LP		 3451 if (r < 0)
3452 return r;
3453
d79200e2
LP		 3454 return 1;
3455}
3456
3457int unit_set_default_slice(Unit *u) {
a8833944 3458 const char *slice_name;
a016b922
LP		 3459 Unit *slice;
3460 int r;
3461
3462 assert(u);
3463
f14d6810
MG		 3464 if (u->manager && FLAGS_SET(u->manager->test_run_flags, MANAGER_TEST_RUN_IGNORE_DEPENDENCIES))
3465 return 0;
3466
12f64221 3467 if (UNIT_GET_SLICE(u))
a016b922
LP		 3468 return 0;
3469
a8833944
LP		 3470 if (u->instance) {
3471 _cleanup_free_ char *prefix = NULL, *escaped = NULL;
68eda4bd 3472
a8833944
LP		 3473 /* Implicitly place all instantiated units in their
3474 * own per-template slice */
3475
7410616c
LP		 3476 r = unit_name_to_prefix(u->id, &prefix);
3477 if (r < 0)
3478 return r;
a8833944
LP		 3479
3480 /* The prefix is already escaped, but it might include
3481 * "-" which has a special meaning for slice units,
3482 * hence escape it here extra. */
7410616c 3483 escaped = unit_name_escape(prefix);
a8833944
LP		 3484 if (!escaped)
3485 return -ENOMEM;
3486
463d0d15 3487 if (MANAGER_IS_SYSTEM(u->manager))
00e7b3c8 3488 slice_name = strjoina("system-", escaped, ".slice");
a8833944 3489 else
7f3b86a4 3490 slice_name = strjoina("app-", escaped, ".slice");
5ee24fa0
ZJS		 3491
3492 } else if (unit_is_extrinsic(u))
3493 /* Keep all extrinsic units (e.g. perpetual units and swap and mount units in user mode) in
3494 * the root slice. They don't really belong in one of the subslices. */
3495 slice_name = SPECIAL_ROOT_SLICE;
3496
3497 else if (MANAGER_IS_SYSTEM(u->manager))
3498 slice_name = SPECIAL_SYSTEM_SLICE;
3499 else
3500 slice_name = SPECIAL_APP_SLICE;
a8833944
LP		 3501
3502 r = manager_load_unit(u->manager, slice_name, NULL, NULL, &slice);
a016b922
LP		 3503 if (r < 0)
3504 return r;
3505
899acf5c 3506 return unit_set_slice(u, slice);
a016b922
LP		 3507}
3508
bfd5a068 3509const char* unit_slice_name(Unit *u) {
12f64221 3510 Unit *slice;
9444b1f2
LP		 3511 assert(u);
3512
12f64221
LP		 3513 slice = UNIT_GET_SLICE(u);
3514 if (!slice)
9444b1f2
LP		 3515 return NULL;
3516
12f64221 3517 return slice->id;
9444b1f2
LP		 3518}
3519
f6ff8c29 3520int unit_load_related_unit(Unit *u, const char *type, Unit **_found) {
78edb35a 3521 _cleanup_free_ char *t = NULL;
f6ff8c29
LP		 3522 int r;
3523
3524 assert(u);
3525 assert(type);
3526 assert(_found);
3527
7410616c
LP		 3528 r = unit_name_change_suffix(u->id, type, &t);
3529 if (r < 0)
3530 return r;
3531 if (unit_has_name(u, t))
3532 return -EINVAL;
f6ff8c29 3533
ac155bb8 3534 r = manager_load_unit(u->manager, t, NULL, NULL, _found);
9e2f7c11 3535 assert(r < 0 || *_found != u);
f6ff8c29
LP		 3536 return r;
3537}
3538
db6b214f
YW		 3539static int signal_name_owner_changed_install_handler(sd_bus_message *message, void *userdata, sd_bus_error *error) {
3540 Unit *u = ASSERT_PTR(userdata);
3541 const sd_bus_error *e;
3542 int r;
3543
3544 e = sd_bus_message_get_error(message);
3545 if (!e) {
3546 log_unit_trace(u, "Successfully installed NameOwnerChanged signal match.");
3547 return 0;
3548 }
3549
3550 r = sd_bus_error_get_errno(e);
3551 log_unit_error_errno(u, r,
3552 "Unexpected error response on installing NameOwnerChanged signal match: %s",
3553 bus_error_message(e, r));
3554
3555 /* If we failed to install NameOwnerChanged signal, also unref the bus slot of GetNameOwner(). */
3556 u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
3557 u->get_name_owner_slot = sd_bus_slot_unref(u->get_name_owner_slot);
3558
3559 if (UNIT_VTABLE(u)->bus_name_owner_change)
3560 UNIT_VTABLE(u)->bus_name_owner_change(u, NULL);
3561
3562 return 0;
3563}
3564
bbc29086 3565static int signal_name_owner_changed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
fc67a943 3566 const char *new_owner;
99534007 3567 Unit *u = ASSERT_PTR(userdata);
bbc29086
DM		 3568 int r;
3569
3570 assert(message);
bbc29086 3571
fc67a943 3572 r = sd_bus_message_read(message, "sss", NULL, NULL, &new_owner);
bbc29086
DM		 3573 if (r < 0) {
3574 bus_log_parse_error(r);
3575 return 0;
3576 }
3577
3578 if (UNIT_VTABLE(u)->bus_name_owner_change)
fc67a943 3579 UNIT_VTABLE(u)->bus_name_owner_change(u, empty_to_null(new_owner));
a5a8776a
MJ		 3580
3581 return 0;
3582}
3583
3584static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bus_error *error) {
3585 const sd_bus_error *e;
3586 const char *new_owner;
99534007 3587 Unit *u = ASSERT_PTR(userdata);
a5a8776a
MJ		 3588 int r;
3589
3590 assert(message);
a5a8776a
MJ		 3591
3592 u->get_name_owner_slot = sd_bus_slot_unref(u->get_name_owner_slot);
3593
a5a8776a 3594 e = sd_bus_message_get_error(message);
a5a8776a 3595 if (e) {
91053fc9 3596 if (!sd_bus_error_has_name(e, SD_BUS_ERROR_NAME_HAS_NO_OWNER)) {
33322185
YW		 3597 r = sd_bus_error_get_errno(e);
3598 log_unit_error_errno(u, r,
3599 "Unexpected error response from GetNameOwner(): %s",
3600 bus_error_message(e, r));
3601 }
a5a8776a 3602
fc67a943
LP		 3603 new_owner = NULL;
3604 } else {
3605 r = sd_bus_message_read(message, "s", &new_owner);
3606 if (r < 0)
3607 return bus_log_parse_error(r);
a5a8776a 3608
fc67a943
LP		 3609 assert(!isempty(new_owner));
3610 }
a5a8776a
MJ		 3611
3612 if (UNIT_VTABLE(u)->bus_name_owner_change)
fc67a943 3613 UNIT_VTABLE(u)->bus_name_owner_change(u, new_owner);
bbc29086
DM		 3614
3615 return 0;
3616}
3617
9806e87d 3618int unit_install_bus_match(Unit *u, sd_bus *bus, const char *name) {
8df433d7 3619 _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
9806e87d 3620 const char *match;
8df433d7 3621 usec_t timeout_usec = 0;
a5b07847 3622 int r;
bbc29086 3623
9806e87d
LP		 3624 assert(u);
3625 assert(bus);
3626 assert(name);
bbc29086 3627
a5b07847 3628 if (u->match_bus_slot || u->get_name_owner_slot)
bbc29086
DM		 3629 return -EBUSY;
3630
8df433d7 3631 /* NameOwnerChanged and GetNameOwner is used to detect when a service finished starting up. The dbus
3632 * call timeout shouldn't be earlier than that. If we couldn't get the start timeout, use the default
3633 * value defined above. */
3634 if (UNIT_VTABLE(u)->get_timeout_start_usec)
3635 timeout_usec = UNIT_VTABLE(u)->get_timeout_start_usec(u);
3636
9806e87d 3637 match = strjoina("type='signal',"
81d62103
ZJS		 3638 "sender='org.freedesktop.DBus',"
3639 "path='/org/freedesktop/DBus',"
3640 "interface='org.freedesktop.DBus',"
3641 "member='NameOwnerChanged',"
3642 "arg0='", name, "'");
bbc29086 3643
8df433d7 3644 r = bus_add_match_full(
3645 bus,
3646 &u->match_bus_slot,
db6b214f 3647 /* asynchronous = */ true,
8df433d7 3648 match,
3649 signal_name_owner_changed,
db6b214f 3650 signal_name_owner_changed_install_handler,
8df433d7 3651 u,
3652 timeout_usec);
a5a8776a
MJ		 3653 if (r < 0)
3654 return r;
3655
8df433d7 3656 r = sd_bus_message_new_method_call(
a5b07847 3657 bus,
8df433d7 3658 &m,
a5b07847
LP		 3659 "org.freedesktop.DBus",
3660 "/org/freedesktop/DBus",
3661 "org.freedesktop.DBus",
8df433d7 3662 "GetNameOwner");
3663 if (r < 0)
3664 return r;
3665
3666 r = sd_bus_message_append(m, "s", name);
3667 if (r < 0)
3668 return r;
3669
3670 r = sd_bus_call_async(
3671 bus,
3672 &u->get_name_owner_slot,
3673 m,
a5b07847
LP		 3674 get_name_owner_handler,
3675 u,
8df433d7 3676 timeout_usec);
a5b07847
LP		 3677 if (r < 0) {
3678 u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
3679 return r;
3680 }
3681
3682 log_unit_debug(u, "Watching D-Bus name '%s'.", name);
3683 return 0;
bbc29086
DM		 3684}
3685
05e343b7 3686int unit_watch_bus_name(Unit *u, const char *name) {
bbc29086
DM		 3687 int r;
3688
05e343b7
LP		 3689 assert(u);
3690 assert(name);
3691
3692 /* Watch a specific name on the bus. We only support one unit
3693 * watching each name for now. */
3694
bbc29086
DM		 3695 if (u->manager->api_bus) {
3696 /* If the bus is already available, install the match directly.
3697 * Otherwise, just put the name in the list. bus_setup_api() will take care later. */
9806e87d 3698 r = unit_install_bus_match(u, u->manager->api_bus, name);
bbc29086 3699 if (r < 0)
8ea823b6 3700 return log_warning_errno(r, "Failed to subscribe to NameOwnerChanged signal for '%s': %m", name);
bbc29086
DM		 3701 }
3702
3703 r = hashmap_put(u->manager->watch_bus, name, u);
3704 if (r < 0) {
3705 u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
a5b07847 3706 u->get_name_owner_slot = sd_bus_slot_unref(u->get_name_owner_slot);
bbc29086
DM		 3707 return log_warning_errno(r, "Failed to put bus name to hashmap: %m");
3708 }
3709
3710 return 0;
05e343b7
LP		 3711}
3712
3713void unit_unwatch_bus_name(Unit *u, const char *name) {
3714 assert(u);
3715 assert(name);
3716
8367fea5 3717 (void) hashmap_remove_value(u->manager->watch_bus, name, u);
bbc29086 3718 u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
a5a8776a 3719 u->get_name_owner_slot = sd_bus_slot_unref(u->get_name_owner_slot);
05e343b7
LP		 3720}
3721
d336ba9f 3722int unit_add_node_dependency(Unit *u, const char *what, UnitDependency dep, UnitDependencyMask mask) {
68eda4bd 3723 _cleanup_free_ char *e = NULL;
44b0d1fd 3724 Unit *device;
6e2ef85b
LP		 3725 int r;
3726
3727 assert(u);
3728
6e2ef85b 3729 /* Adds in links to the device node that this unit is based on */
47bc12e1
LP		 3730 if (isempty(what))
3731 return 0;
6e2ef85b 3732
8407a5d0 3733 if (!is_device_path(what))
6e2ef85b
LP		 3734 return 0;
3735
44b0d1fd 3736 /* When device units aren't supported (such as in a container), don't create dependencies on them. */
1c2e9646 3737 if (!unit_type_supported(UNIT_DEVICE))
47bc12e1
LP		 3738 return 0;
3739
7410616c
LP		 3740 r = unit_name_from_path(what, ".device", &e);
3741 if (r < 0)
3742 return r;
6e2ef85b 3743
ac155bb8 3744 r = manager_load_unit(u->manager, e, NULL, NULL, &device);
6e2ef85b
LP		 3745 if (r < 0)
3746 return r;
3747
ebc8968b
FB		 3748 if (dep == UNIT_REQUIRES && device_shall_be_bound_by(device, u))
3749 dep = UNIT_BINDS_TO;
3750
d336ba9f
FB		 3751 return unit_add_two_dependencies(u, UNIT_AFTER,
3752 MANAGER_IS_SYSTEM(u->manager) ? dep : UNIT_WANTS,
3753 device, true, mask);
6e2ef85b 3754}
a16e1123 3755
44b0d1fd
LP		 3756int unit_add_blockdev_dependency(Unit *u, const char *what, UnitDependencyMask mask) {
3757 _cleanup_free_ char *escaped = NULL, *target = NULL;
3758 int r;
3759
3760 assert(u);
3761
3762 if (isempty(what))
3763 return 0;
3764
3765 if (!path_startswith(what, "/dev/"))
3766 return 0;
3767
3768 /* If we don't support devices, then also don't bother with blockdev@.target */
3769 if (!unit_type_supported(UNIT_DEVICE))
3770 return 0;
3771
3772 r = unit_name_path_escape(what, &escaped);
3773 if (r < 0)
3774 return r;
3775
3776 r = unit_name_build("blockdev", escaped, ".target", &target);
3777 if (r < 0)
3778 return r;
3779
3780 return unit_add_dependency_by_name(u, UNIT_AFTER, target, true, mask);
3781}
3782
be847e82 3783int unit_coldplug(Unit *u) {
95f74928 3784 int r = 0;
cca098b0
LP		 3785
3786 assert(u);
3787
f0831ed2 3788 /* Make sure we don't enter a loop, when coldplugging recursively. */
f78f265f
LP		 3789 if (u->coldplugged)
3790 return 0;
3791
3792 u->coldplugged = true;
3793
95f74928
MY		 3794 STRV_FOREACH(i, u->deserialized_refs)
3795 RET_GATHER(r, bus_unit_track_add_name(u, *i));
3796
05a98afd 3797 u->deserialized_refs = strv_free(u->deserialized_refs);
cca098b0 3798
95f74928
MY		 3799 if (UNIT_VTABLE(u)->coldplug)
3800 RET_GATHER(r, UNIT_VTABLE(u)->coldplug(u));
5a6158b6 3801
95f74928
MY		 3802 if (u->job)
3803 RET_GATHER(r, job_coldplug(u->job));
3804 if (u->nop_job)
3805 RET_GATHER(r, job_coldplug(u->nop_job));
cca098b0 3806
49b6babb 3807 unit_modify_nft_set(u, /* add = */ true);
05a98afd 3808 return r;
cca098b0
LP		 3809}
3810
f0831ed2
LP		 3811void unit_catchup(Unit *u) {
3812 assert(u);
3813
3814 if (UNIT_VTABLE(u)->catchup)
3815 UNIT_VTABLE(u)->catchup(u);
869f52f2
DS		 3816
3817 unit_cgroup_catchup(u);
f0831ed2
LP		 3818}
3819
ba25d39e 3820static bool fragment_mtime_newer(const char *path, usec_t mtime, bool path_masked) {
21b95806
ZJS		 3821 struct stat st;
3822
3823 if (!path)
3824 return false;
3825
77969722
LP		 3826 /* If the source is some virtual kernel file system, then we assume we watch it anyway, and hence pretend we
3827 * are never out-of-date. */
3828 if (PATH_STARTSWITH_SET(path, "/proc", "/sys"))
3829 return false;
3830
21b95806
ZJS		 3831 if (stat(path, &st) < 0)
3832 /* What, cannot access this anymore? */
3833 return true;
3834
ba25d39e
ZJS		 3835 if (path_masked)
3836 /* For masked files check if they are still so */
3837 return !null_or_empty(&st);
3838 else
3a8db9fe 3839 /* For non-empty files check the mtime */
87ec20ef 3840 return timespec_load(&st.st_mtim) > mtime;
21b95806
ZJS		 3841
3842 return false;
3843}
3844
45fb0699 3845bool unit_need_daemon_reload(Unit *u) {
45fb0699 3846 assert(u);
a82b8b3d
MY		 3847 assert(u->manager);
3848
3849 if (u->manager->unit_file_state_outdated)
3850 return true;
45fb0699 3851
ba25d39e
ZJS		 3852 /* For unit files, we allow masking… */
3853 if (fragment_mtime_newer(u->fragment_path, u->fragment_mtime,
3854 u->load_state == UNIT_MASKED))
21b95806 3855 return true;
5f4b19f4 3856
ba25d39e
ZJS		 3857 /* Source paths should not be masked… */
3858 if (fragment_mtime_newer(u->source_path, u->source_mtime, false))
ab932a62 3859 return true;
ae7a7182 3860
11b3775f
MY		 3861 if (u->load_state == UNIT_LOADED) {
3862 _cleanup_strv_free_ char **dropins = NULL;
3863
82c482d5 3864 (void) unit_find_dropin_paths(u, /* use_unit_path_cache = */ false, &dropins);
6d10d308 3865
11b3775f 3866 if (!strv_equal(u->dropin_paths, dropins))
ab932a62 3867 return true;
21b95806 3868
11b3775f
MY		 3869 /* … any drop-ins that are masked are simply omitted from the list. */
3870 STRV_FOREACH(path, u->dropin_paths)
3871 if (fragment_mtime_newer(*path, u->dropin_mtime, false))
3872 return true;
3873 }
3874
ab932a62 3875 return false;
45fb0699
LP		 3876}
3877
fdf20a31 3878void unit_reset_failed(Unit *u) {
5632e374
LP		 3879 assert(u);
3880
fdf20a31
MM		 3881 if (UNIT_VTABLE(u)->reset_failed)
3882 UNIT_VTABLE(u)->reset_failed(u);
6bf0f408 3883
7bf081a1 3884 ratelimit_reset(&u->start_ratelimit);
6bf0f408 3885 u->start_limit_hit = false;
a364ebd4
MY		 3886
3887 (void) unit_set_debug_invocation(u, /* enable= */ false);
5632e374
LP		 3888}
3889
a7f241db
LP		 3890Unit *unit_following(Unit *u) {
3891 assert(u);
3892
3893 if (UNIT_VTABLE(u)->following)
3894 return UNIT_VTABLE(u)->following(u);
3895
3896 return NULL;
3897}
3898
31afa0a4 3899bool unit_stop_pending(Unit *u) {
18ffdfda
LP		 3900 assert(u);
3901
31afa0a4
LP		 3902 /* This call does check the current state of the unit. It's
3903 * hence useful to be called from state change calls of the
3904 * unit itself, where the state isn't updated yet. This is
3905 * different from unit_inactive_or_pending() which checks both
3906 * the current state and for a queued job. */
18ffdfda 3907
28a2dfe8 3908 return unit_has_job_type(u, JOB_STOP);
31afa0a4
LP		 3909}
3910
3911bool unit_inactive_or_pending(Unit *u) {
3912 assert(u);
3913
3914 /* Returns true if the unit is inactive or going down */
18ffdfda 3915
d956ac29
LP		 3916 if (UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(u)))
3917 return true;
3918
31afa0a4 3919 if (unit_stop_pending(u))
18ffdfda
LP		 3920 return true;
3921
3922 return false;
3923}
3924
31afa0a4 3925bool unit_active_or_pending(Unit *u) {
f976f3f6
LP		 3926 assert(u);
3927
f60c2665 3928 /* Returns true if the unit is active or going up */
f976f3f6
LP		 3929
3930 if (UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(u)))
3931 return true;
3932
ac155bb8 3933 if (u->job &&
3742095b 3934 IN_SET(u->job->type, JOB_START, JOB_RELOAD_OR_START, JOB_RESTART))
f976f3f6
LP		 3935 return true;
3936
3937 return false;
3938}
3939
52a12341
YW		 3940bool unit_will_restart_default(Unit *u) {
3941 assert(u);
3942
28a2dfe8 3943 return unit_has_job_type(u, JOB_START);
52a12341
YW		 3944}
3945
deb4e708
MK		 3946bool unit_will_restart(Unit *u) {
3947 assert(u);
3948
3949 if (!UNIT_VTABLE(u)->will_restart)
3950 return false;
3951
3952 return UNIT_VTABLE(u)->will_restart(u);
3953}
3954
38c41427
NK		 3955void unit_notify_cgroup_oom(Unit *u, bool managed_oom) {
3956 assert(u);
3957
3958 if (UNIT_VTABLE(u)->notify_cgroup_oom)
3959 UNIT_VTABLE(u)->notify_cgroup_oom(u, managed_oom);
3960}
3961
ae6a9e65 3962static int unit_pid_set(Unit *u, Set **pid_set) {
82659fd7
LP		 3963 int r;
3964
ae6a9e65
YW		 3965 assert(u);
3966 assert(pid_set);
3967
3968 set_clear(*pid_set); /* This updates input. */
82659fd7
LP		 3969
3970 /* Exclude the main/control pids from being killed via the cgroup */
82659fd7 3971
ae6a9e65 3972 PidRef *pid;
2d708781 3973 FOREACH_ARGUMENT(pid, unit_main_pid(u), unit_control_pid(u))
ae6a9e65
YW		 3974 if (pidref_is_set(pid)) {
3975 r = set_ensure_put(pid_set, NULL, PID_TO_PTR(pid->pid));
3976 if (r < 0)
3977 return r;
3978 }
82659fd7 3979
ae6a9e65 3980 return 0;
82659fd7
LP		 3981}
3982
4d1b2df1 3983static int kill_common_log(const PidRef *pid, int signo, void *userdata) {
d9911002 3984 _cleanup_free_ char *comm = NULL;
99534007 3985 Unit *u = ASSERT_PTR(userdata);
d9911002 3986
4d1b2df1
LP		 3987 (void) pidref_get_comm(pid, &comm);
3988
d9911002 3989 log_unit_info(u, "Sending signal SIG%s to process " PID_FMT " (%s) on client request.",
4d1b2df1 3990 signal_to_string(signo), pid->pid, strna(comm));
d9911002
LP		 3991
3992 return 1;
3993}
3994
ba16a93d 3995static int kill_or_sigqueue(PidRef *pidref, int signo, int code, int value) {
37eb258e 3996 assert(pidref_is_set(pidref));
a721cd00
LP		 3997 assert(SIGNAL_VALID(signo));
3998
3999 switch (code) {
4000
4001 case SI_USER:
37eb258e
LP		 4002 log_debug("Killing " PID_FMT " with signal SIG%s.", pidref->pid, signal_to_string(signo));
4003 return pidref_kill(pidref, signo);
a721cd00
LP		 4004
4005 case SI_QUEUE:
37eb258e
LP		 4006 log_debug("Enqueuing value %i to " PID_FMT " on signal SIG%s.", value, pidref->pid, signal_to_string(signo));
4007 return pidref_sigqueue(pidref, signo, value);
a721cd00
LP		 4008
4009 default:
4010 assert_not_reached();
4011 }
4012}
4013
ec5e2a13
YW		 4014static int unit_kill_one(
4015 Unit *u,
4016 PidRef *pidref,
4017 const char *type,
4018 int signo,
4019 int code,
4020 int value,
4021 sd_bus_error *ret_error) {
4022
4023 int r;
4024
4025 assert(u);
4026 assert(type);
4027
4028 if (!pidref_is_set(pidref))
4029 return 0;
4030
4031 _cleanup_free_ char *comm = NULL;
4032 (void) pidref_get_comm(pidref, &comm);
4033
4034 r = kill_or_sigqueue(pidref, signo, code, value);
4035 if (r == -ESRCH)
4036 return 0;
4037 if (r < 0) {
4038 /* Report this failure both to the logs and to the client */
4039 if (ret_error)
4040 sd_bus_error_set_errnof(
4041 ret_error, r,
4042 "Failed to send signal SIG%s to %s process " PID_FMT " (%s): %m",
4043 signal_to_string(signo), type, pidref->pid, strna(comm));
4044
4045 return log_unit_warning_errno(
4046 u, r,
4047 "Failed to send signal SIG%s to %s process " PID_FMT " (%s) on client request: %m",
4048 signal_to_string(signo), type, pidref->pid, strna(comm));
4049 }
4050
4051 log_unit_info(u, "Sent signal SIG%s to %s process " PID_FMT " (%s) on client request.",
4052 signal_to_string(signo), type, pidref->pid, strna(comm));
4053 return 1; /* killed */
4054}
4055
37eb258e 4056int unit_kill(
d91c34f2 4057 Unit *u,
cd2fb049 4058 KillWhom whom,
0f23564a 4059 const char *subgroup,
d91c34f2 4060 int signo,
a721cd00
LP		 4061 int code,
4062 int value,
ec5e2a13 4063 sd_bus_error *ret_error) {
d91c34f2 4064
37eb258e 4065 PidRef *main_pid, *control_pid;
ac5e3a50 4066 bool killed = false;
a721cd00 4067 int ret = 0, r;
814cc562 4068
8aff7ac4
LP		 4069 /* This is the common implementation for explicit user-requested killing of unit processes, shared by
4070 * various unit types. Do not confuse with unit_kill_context(), which is what we use when we want to
4071 * stop a service ourselves. */
4072
a721cd00 4073 assert(u);
cd2fb049
ZJS		 4074 assert(whom >= 0);
4075 assert(whom < _KILL_WHOM_MAX);
a721cd00
LP		 4076 assert(SIGNAL_VALID(signo));
4077 assert(IN_SET(code, SI_USER, SI_QUEUE));
4078
0f23564a
LP		 4079 if (subgroup) {
4080 if (!IN_SET(whom, KILL_CGROUP, KILL_CGROUP_FAIL))
03b4a607
LP		 4081 return sd_bus_error_set(ret_error, SD_BUS_ERROR_NOT_SUPPORTED,
4082 "Killing by subgroup is only supported for 'cgroup' or 'cgroup-kill' modes.");
0f23564a
LP		 4083
4084 if (!unit_cgroup_delegate(u))
03b4a607
LP		 4085 return sd_bus_error_set(ret_error, SD_BUS_ERROR_NOT_SUPPORTED,
4086 "Killing by subgroup is only available for units with control group delegation enabled.");
0f23564a
LP		 4087 }
4088
37eb258e
LP		 4089 main_pid = unit_main_pid(u);
4090 control_pid = unit_control_pid(u);
4091
4092 if (!UNIT_HAS_CGROUP_CONTEXT(u) && !main_pid && !control_pid)
0f23564a 4093 return sd_bus_error_set(ret_error, SD_BUS_ERROR_NOT_SUPPORTED, "Unit type does not support process killing.");
37eb258e 4094
cd2fb049 4095 if (IN_SET(whom, KILL_MAIN, KILL_MAIN_FAIL)) {
37eb258e 4096 if (!main_pid)
ec5e2a13 4097 return sd_bus_error_setf(ret_error, BUS_ERROR_NO_SUCH_PROCESS, "%s units have no main processes", unit_type_to_string(u->type));
37eb258e 4098 if (!pidref_is_set(main_pid))
ec5e2a13 4099 return sd_bus_error_set_const(ret_error, BUS_ERROR_NO_SUCH_PROCESS, "No main process to kill");
814cc562
MS		 4100 }
4101
cd2fb049 4102 if (IN_SET(whom, KILL_CONTROL, KILL_CONTROL_FAIL)) {
37eb258e 4103 if (!control_pid)
ec5e2a13 4104 return sd_bus_error_setf(ret_error, BUS_ERROR_NO_SUCH_PROCESS, "%s units have no control processes", unit_type_to_string(u->type));
37eb258e 4105 if (!pidref_is_set(control_pid))
ec5e2a13 4106 return sd_bus_error_set_const(ret_error, BUS_ERROR_NO_SUCH_PROCESS, "No control process to kill");
814cc562
MS		 4107 }
4108
cd2fb049 4109 if (IN_SET(whom, KILL_CONTROL, KILL_CONTROL_FAIL, KILL_ALL, KILL_ALL_FAIL)) {
ec5e2a13
YW		 4110 r = unit_kill_one(u, control_pid, "control", signo, code, value, ret_error);
4111 RET_GATHER(ret, r);
4112 killed = killed || r > 0;
a721cd00 4113 }
814cc562 4114
cd2fb049 4115 if (IN_SET(whom, KILL_MAIN, KILL_MAIN_FAIL, KILL_ALL, KILL_ALL_FAIL)) {
ec5e2a13
YW		 4116 r = unit_kill_one(u, main_pid, "main", signo, code, value, ret >= 0 ? ret_error : NULL);
4117 RET_GATHER(ret, r);
4118 killed = killed || r > 0;
a721cd00 4119 }
814cc562 4120
a721cd00
LP		 4121 /* Note: if we shall enqueue rather than kill we won't do this via the cgroup mechanism, since it
4122 * doesn't really make much sense (and given that enqueued values are a relatively expensive
4123 * resource, and we shouldn't allow us to be subjects for such allocation sprees) */
0f23564a 4124 if (IN_SET(whom, KILL_ALL, KILL_ALL_FAIL, KILL_CGROUP, KILL_CGROUP_FAIL) && code == SI_USER) {
9cc54544 4125 CGroupRuntime *crt = unit_get_cgroup_runtime(u);
9cc54544
LP		 4126 if (crt && crt->cgroup_path) {
4127 _cleanup_set_free_ Set *pid_set = NULL;
0f23564a
LP		 4128 _cleanup_free_ char *joined = NULL;
4129 const char *p;
4130
4131 if (empty_or_root(subgroup))
4132 p = crt->cgroup_path;
4133 else {
4134 joined = path_join(crt->cgroup_path, subgroup);
4135 if (!joined)
4136 return -ENOMEM;
4137
4138 p = joined;
4139 }
d9911002 4140
ba16a93d 4141 if (signo == SIGKILL) {
0f23564a 4142 r = cg_kill_kernel_sigkill(p);
ba16a93d
MY		 4143 if (r >= 0) {
4144 killed = true;
0f23564a 4145 log_unit_info(u, "Killed unit cgroup '%s' with SIGKILL on client request.", p);
ba16a93d
MY		 4146 goto finish;
4147 }
4148 if (r != -EOPNOTSUPP) {
4149 if (ret >= 0)
4150 sd_bus_error_set_errnof(ret_error, r,
4151 "Failed to kill unit cgroup: %m");
0f23564a 4152 RET_GATHER(ret, log_unit_warning_errno(u, r, "Failed to kill unit cgroup '%s': %m", p));
ba16a93d
MY		 4153 goto finish;
4154 }
4155 /* Fall back to manual enumeration */
0f23564a
LP		 4156 } else if (IN_SET(whom, KILL_ALL, KILL_ALL_FAIL)) {
4157 /* Exclude the main/control pids from being killed via the cgroup if not
4158 * SIGKILL */
ba16a93d
MY		 4159 r = unit_pid_set(u, &pid_set);
4160 if (r < 0)
4161 return log_oom();
4162 }
9cc54544 4163
0f23564a 4164 r = cg_kill_recursive(p, signo, /* flags= */ 0, pid_set, kill_common_log, u);
9cc54544
LP		 4165 if (r < 0 && !IN_SET(r, -ESRCH, -ENOENT)) {
4166 if (ret >= 0)
4167 sd_bus_error_set_errnof(
4168 ret_error, r,
0f23564a
LP		 4169 "Failed to send signal SIG%s to processes in unit cgroup '%s': %m",
4170 signal_to_string(signo), p);
9cc54544 4171
ba16a93d
MY		 4172 RET_GATHER(ret, log_unit_warning_errno(
4173 u, r,
0f23564a
LP		 4174 "Failed to send signal SIG%s to processes in unit cgroup '%s' on client request: %m",
4175 signal_to_string(signo), p));
9cc54544 4176 }
9afe65d9 4177 killed = killed || r > 0;
ec5e2a13 4178 }
814cc562
MS		 4179 }
4180
ba16a93d 4181finish:
2ae0508e 4182 /* If the "fail" versions of the operation are requested, then complain if the set of processes we killed is empty */
0f23564a 4183 if (ret >= 0 && !killed && IN_SET(whom, KILL_ALL_FAIL, KILL_CONTROL_FAIL, KILL_MAIN_FAIL, KILL_CGROUP_FAIL))
ec5e2a13 4184 return sd_bus_error_set_const(ret_error, BUS_ERROR_NO_SUCH_PROCESS, "No matching processes to kill");
ac5e3a50 4185
a721cd00 4186 return ret;
814cc562
MS		 4187}
4188
6210e7fc
LP		 4189int unit_following_set(Unit *u, Set **s) {
4190 assert(u);
4191 assert(s);
4192
4193 if (UNIT_VTABLE(u)->following_set)
4194 return UNIT_VTABLE(u)->following_set(u, s);
4195
4196 *s = NULL;
4197 return 0;
4198}
4199
a4375746 4200UnitFileState unit_get_unit_file_state(Unit *u) {
0ec0deaa
LP		 4201 int r;
4202
a4375746
LP		 4203 assert(u);
4204
e735bc49
LP		 4205 if (u->unit_file_state >= 0 || !u->fragment_path)
4206 return u->unit_file_state;
4207
4208 /* If we know this is a transient unit no need to ask the unit file state for details. Let's bypass
4209 * the more expensive on-disk check. */
4210 if (u->transient)
4211 return (u->unit_file_state = UNIT_FILE_TRANSIENT);
4212
4213 r = unit_file_get_state(
4214 u->manager->runtime_scope,
4215 /* root_dir= */ NULL,
4216 u->id,
4217 &u->unit_file_state);
4218 if (r < 0)
4219 u->unit_file_state = UNIT_FILE_BAD;
a4375746 4220
ac155bb8 4221 return u->unit_file_state;
a4375746
LP		 4222}
4223
e77e07f6 4224PresetAction unit_get_unit_file_preset(Unit *u) {
a99626c1
LP		 4225 int r;
4226
d2dc52db
LP		 4227 assert(u);
4228
cb16d391 4229 if (u->unit_file_preset >= 0)
e735bc49 4230 return u->unit_file_preset;
a99626c1 4231
e735bc49
LP		 4232 /* If this is a transient or perpetual unit file it doesn't make much sense to ask the preset
4233 * database about this, because enabling/disabling makes no sense for either. Hence don't. */
cb16d391 4234 if (!u->fragment_path || u->transient || u->perpetual)
e735bc49 4235 return (u->unit_file_preset = -ENOEXEC);
a99626c1 4236
e735bc49
LP		 4237 _cleanup_free_ char *bn = NULL;
4238 r = path_extract_filename(u->fragment_path, &bn);
4239 if (r < 0)
4240 return (u->unit_file_preset = r);
4241 if (r == O_DIRECTORY)
4242 return (u->unit_file_preset = -EISDIR);
a99626c1 4243
e735bc49 4244 return (u->unit_file_preset = unit_file_query_preset(
4870133b 4245 u->manager->runtime_scope,
e735bc49 4246 /* root_dir= */ NULL,
a99626c1 4247 bn,
396b3a1e 4248 /* cached= */ NULL));
d2dc52db
LP		 4249}
4250
7f7d01ed 4251Unit* unit_ref_set(UnitRef *ref, Unit *source, Unit *target) {
57020a3a 4252 assert(ref);
7f7d01ed
ZJS		 4253 assert(source);
4254 assert(target);
57020a3a 4255
7f7d01ed 4256 if (ref->target)
57020a3a
LP		 4257 unit_ref_unset(ref);
4258
7f7d01ed
ZJS		 4259 ref->source = source;
4260 ref->target = target;
4261 LIST_PREPEND(refs_by_target, target->refs_by_target, ref);
4262 return target;
57020a3a
LP		 4263}
4264
4265void unit_ref_unset(UnitRef *ref) {
4266 assert(ref);
4267
7f7d01ed 4268 if (!ref->target)
57020a3a
LP		 4269 return;
4270
b75102e5
LP		 4271 /* We are about to drop a reference to the unit, make sure the garbage collection has a look at it as it might
4272 * be unreferenced now. */
7f7d01ed 4273 unit_add_to_gc_queue(ref->target);
b75102e5 4274
7f7d01ed
ZJS		 4275 LIST_REMOVE(refs_by_target, ref->target->refs_by_target, ref);
4276 ref->source = ref->target = NULL;
57020a3a
LP		 4277}
4278
29206d46
LP		 4279static int user_from_unit_name(Unit *u, char **ret) {
4280
4281 static const uint8_t hash_key[] = {
4282 0x58, 0x1a, 0xaf, 0xe6, 0x28, 0x58, 0x4e, 0x96,
4283 0xb4, 0x4e, 0xf5, 0x3b, 0x8c, 0x92, 0x07, 0xec
4284 };
4285
4286 _cleanup_free_ char *n = NULL;
4287 int r;
4288
4289 r = unit_name_to_prefix(u->id, &n);
4290 if (r < 0)
4291 return r;
4292
7a8867ab 4293 if (valid_user_group_name(n, 0)) {
ae2a15bc 4294 *ret = TAKE_PTR(n);
29206d46
LP		 4295 return 0;
4296 }
4297
4298 /* If we can't use the unit name as a user name, then let's hash it and use that */
4299 if (asprintf(ret, "_du%016" PRIx64, siphash24(n, strlen(n), hash_key)) < 0)
4300 return -ENOMEM;
4301
4302 return 0;
4303}
4304
2234032c 4305static int unit_verify_contexts(const Unit *u) {
52d8ba71
MY		 4306 assert(u);
4307
2234032c 4308 const ExecContext *ec = unit_get_exec_context(u);
52d8ba71
MY		 4309 if (!ec)
4310 return 0;
4311
4312 if (MANAGER_IS_USER(u->manager) && ec->dynamic_user)
4313 return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOEXEC), "DynamicUser= enabled for user unit, which is not supported. Refusing.");
4314
4315 if (ec->dynamic_user && ec->working_directory_home)
4316 return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOEXEC), "WorkingDirectory=~ is not allowed under DynamicUser=yes. Refusing.");
4317
276bd392
MY		 4318 if (ec->working_directory && path_below_api_vfs(ec->working_directory) &&
4319 exec_needs_mount_namespace(ec, /* params = */ NULL, /* runtime = */ NULL))
4320 return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOEXEC), "WorkingDirectory= may not be below /proc/, /sys/ or /dev/ when using mount namespacing. Refusing.");
4321
2d8191f4 4322 if (exec_needs_pid_namespace(ec, /* params= */ NULL) && !UNIT_VTABLE(u)->notify_pidref)
406f1775
DDM		 4323 return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOEXEC), "PrivatePIDs= setting is only supported for service units. Refusing.");
4324
2234032c
MY		 4325 const KillContext *kc = unit_get_kill_context(u);
4326
4327 if (ec->pam_name && kc && !IN_SET(kc->kill_mode, KILL_CONTROL_GROUP, KILL_MIXED))
4328 return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOEXEC), "Unit has PAM enabled. Kill mode must be set to 'control-group' or 'mixed'. Refusing.");
4329
52d8ba71
MY		 4330 return 0;
4331}
4332
6156bec7
YW		 4333static PrivateTmp unit_get_private_var_tmp(const Unit *u, const ExecContext *c) {
4334 assert(u);
4335 assert(c);
4336 assert(c->private_tmp >= 0 && c->private_tmp < _PRIVATE_TMP_MAX);
4337
4338 /* Disable disconnected private tmpfs on /var/tmp/ when DefaultDependencies=no and
4339 * RootImage=/RootDirectory= are not set, as /var/ may be a separated partition.
4340 * See issue #37258. */
4341
4342 /* PrivateTmp=yes/no also enables/disables private tmpfs on /var/tmp/. */
4343 if (c->private_tmp != PRIVATE_TMP_DISCONNECTED)
4344 return c->private_tmp;
4345
4346 /* When DefaultDependencies=yes, disconnected tmpfs is also enabled on /var/tmp/, and an explicit
4347 * dependency to the mount on /var/ will be added in unit_add_exec_dependencies(). */
4348 if (u->default_dependencies)
4349 return PRIVATE_TMP_DISCONNECTED;
4350
4351 /* When RootImage=/RootDirectory= is enabled, /var/ should be prepared by the image or directory,
4352 * hence we can mount a disconnected tmpfs on /var/tmp/. */
4353 if (exec_context_with_rootfs(c))
4354 return PRIVATE_TMP_DISCONNECTED;
4355
4356 /* Even if DefaultDependencies=no, enable disconnected tmpfs when
4357 * RequiresMountsFor=/WantsMountsFor=/var/ is explicitly set. */
4358 for (UnitMountDependencyType t = 0; t < _UNIT_MOUNT_DEPENDENCY_TYPE_MAX; t++)
4359 if (hashmap_contains(u->mounts_for[t], "/var/"))
4360 return PRIVATE_TMP_DISCONNECTED;
4361
4362 /* Check the same but for After= with Requires=/Requisite=/Wants= or friends. */
4363 Unit *m = manager_get_unit(u->manager, "var.mount");
4364 if (!m)
4365 return PRIVATE_TMP_NO;
4366
4367 if (!unit_has_dependency(u, UNIT_ATOM_AFTER, m))
4368 return PRIVATE_TMP_NO;
4369
4370 if (unit_has_dependency(u, UNIT_ATOM_PULL_IN_START, m) ||
4371 unit_has_dependency(u, UNIT_ATOM_PULL_IN_VERIFY, m) ||
4372 unit_has_dependency(u, UNIT_ATOM_PULL_IN_START_IGNORED, m))
4373 return PRIVATE_TMP_DISCONNECTED;
4374
4375 return PRIVATE_TMP_NO;
4376}
4377
598459ce
LP		 4378int unit_patch_contexts(Unit *u) {
4379 CGroupContext *cc;
4380 ExecContext *ec;
cba6e062
LP		 4381 int r;
4382
e06c73cc 4383 assert(u);
e06c73cc 4384
598459ce
LP		 4385 /* Patch in the manager defaults into the exec and cgroup
4386 * contexts, _after_ the rest of the settings have been
4387 * initialized */
085afe36 4388
598459ce
LP		 4389 ec = unit_get_exec_context(u);
4390 if (ec) {
4391 /* This only copies in the ones that need memory */
12375b95 4392 for (unsigned i = 0; i < _RLIMIT_MAX; i++)
c9e120e0
LP		 4393 if (u->manager->defaults.rlimit[i] && !ec->rlimit[i]) {
4394 ec->rlimit[i] = newdup(struct rlimit, u->manager->defaults.rlimit[i], 1);
598459ce
LP		 4395 if (!ec->rlimit[i])
4396 return -ENOMEM;
4397 }
4398
4dd884af 4399 if (MANAGER_IS_USER(u->manager) && !ec->working_directory) {
598459ce
LP		 4400 r = get_home_dir(&ec->working_directory);
4401 if (r < 0)
4402 return r;
4c08c824 4403
4dd884af
MY		 4404 if (!ec->working_directory_home)
4405 /* If home directory is implied by us, allow it to be missing. */
4406 ec->working_directory_missing_ok = true;
cba6e062
LP		 4407 }
4408
598459ce 4409 if (ec->private_devices)
2cd0a735 4410 ec->capability_bounding_set &= ~((UINT64_C(1) << CAP_MKNOD) | (UINT64_C(1) << CAP_SYS_RAWIO));
502d704e
DH		 4411
4412 if (ec->protect_kernel_modules)
4413 ec->capability_bounding_set &= ~(UINT64_C(1) << CAP_SYS_MODULE);
29206d46 4414
84703040
KK		 4415 if (ec->protect_kernel_logs)
4416 ec->capability_bounding_set &= ~(UINT64_C(1) << CAP_SYSLOG);
4417
fc64760d
KK		 4418 if (ec->protect_clock)
4419 ec->capability_bounding_set &= ~((UINT64_C(1) << CAP_SYS_TIME) | (UINT64_C(1) << CAP_WAKE_ALARM));
4420
29206d46
LP		 4421 if (ec->dynamic_user) {
4422 if (!ec->user) {
4423 r = user_from_unit_name(u, &ec->user);
4424 if (r < 0)
4425 return r;
4426 }
4427
4428 if (!ec->group) {
4429 ec->group = strdup(ec->user);
4430 if (!ec->group)
4431 return -ENOMEM;
4432 }
4433
bf65b7e0
LP		 4434 /* If the dynamic user option is on, let's make sure that the unit can't leave its
4435 * UID/GID around in the file system or on IPC objects. Hence enforce a strict
4436 * sandbox. */
63bb64a0 4437
0e551b04
LB		 4438 /* With DynamicUser= we want private directories, so if the user hasn't manually
4439 * selected PrivateTmp=, enable it, but to a fully private (disconnected) tmpfs
4440 * instance. */
2e8a581b 4441 if (ec->private_tmp == PRIVATE_TMP_NO)
0e551b04 4442 ec->private_tmp = PRIVATE_TMP_DISCONNECTED;
00d9ef85 4443 ec->remove_ipc = true;
63bb64a0
LP		 4444 ec->protect_system = PROTECT_SYSTEM_STRICT;
4445 if (ec->protect_home == PROTECT_HOME_NO)
4446 ec->protect_home = PROTECT_HOME_READ_ONLY;
bf65b7e0
LP		 4447
4448 /* Make sure this service can neither benefit from SUID/SGID binaries nor create
4449 * them. */
4450 ec->no_new_privileges = true;
4451 ec->restrict_suid_sgid = true;
29206d46 4452 }
a2ab603c 4453
6156bec7
YW		 4454 ec->private_var_tmp = unit_get_private_var_tmp(u, ec);
4455
7b89efda
MY		 4456 FOREACH_ARRAY(d, ec->directories, _EXEC_DIRECTORY_TYPE_MAX)
4457 exec_directory_sort(d);
cba6e062
LP		 4458 }
4459
598459ce 4460 cc = unit_get_cgroup_context(u);
fe65e88b 4461 if (cc && ec) {
f513e420 4462
fe65e88b 4463 if (ec->private_devices &&
084870f9
ZJS		 4464 cc->device_policy == CGROUP_DEVICE_POLICY_AUTO)
4465 cc->device_policy = CGROUP_DEVICE_POLICY_CLOSED;
fe65e88b 4466
63857bf4 4467 /* Only add these if needed, as they imply that everything else is blocked. */
f3393148 4468 if (cgroup_context_has_device_policy(cc)) {
63857bf4
LB		 4469 if (ec->root_image || ec->mount_images) {
4470
4471 /* When RootImage= or MountImages= is specified, the following devices are touched. */
4472 FOREACH_STRING(p, "/dev/loop-control", "/dev/mapper/control") {
a1044811 4473 r = cgroup_context_add_device_allow(cc, p, CGROUP_DEVICE_READ|CGROUP_DEVICE_WRITE);
63857bf4
LB		 4474 if (r < 0)
4475 return r;
4476 }
4477 FOREACH_STRING(p, "block-loop", "block-blkext", "block-device-mapper") {
a1044811 4478 r = cgroup_context_add_device_allow(cc, p, CGROUP_DEVICE_READ|CGROUP_DEVICE_WRITE|CGROUP_DEVICE_MKNOD);
63857bf4
LB		 4479 if (r < 0)
4480 return r;
4481 }
fe65e88b 4482
63857bf4
LB		 4483 /* Make sure "block-loop" can be resolved, i.e. make sure "loop" shows up in /proc/devices.
4484 * Same for mapper and verity. */
4485 FOREACH_STRING(p, "modprobe@loop.service", "modprobe@dm_mod.service", "modprobe@dm_verity.service") {
4486 r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, p, true, UNIT_DEPENDENCY_FILE);
4487 if (r < 0)
4488 return r;
4489 }
0cffae95 4490 }
867af728 4491
63857bf4 4492 if (ec->protect_clock) {
a1044811 4493 r = cgroup_context_add_device_allow(cc, "char-rtc", CGROUP_DEVICE_READ);
0cffae95
LB		 4494 if (r < 0)
4495 return r;
4496 }
fe65e88b 4497 }
598459ce 4498 }
f1660f96 4499
2234032c 4500 return unit_verify_contexts(u);
e06c73cc
LP		 4501}
4502
c2503e35 4503ExecContext *unit_get_exec_context(const Unit *u) {
3ef63c31
LP		 4504 size_t offset;
4505 assert(u);
4506
598459ce
LP		 4507 if (u->type < 0)
4508 return NULL;
4509
3ef63c31
LP		 4510 offset = UNIT_VTABLE(u)->exec_context_offset;
4511 if (offset <= 0)
4512 return NULL;
4513
4514 return (ExecContext*) ((uint8_t*) u + offset);
4515}
4516
9cc54544 4517KillContext *unit_get_kill_context(const Unit *u) {
718db961
LP		 4518 size_t offset;
4519 assert(u);
4520
598459ce
LP		 4521 if (u->type < 0)
4522 return NULL;
4523
718db961
LP		 4524 offset = UNIT_VTABLE(u)->kill_context_offset;
4525 if (offset <= 0)
4526 return NULL;
4527
4528 return (KillContext*) ((uint8_t*) u + offset);
4529}
4530
9cc54544 4531CGroupContext *unit_get_cgroup_context(const Unit *u) {
4ad49000
LP		 4532 size_t offset;
4533
598459ce
LP		 4534 if (u->type < 0)
4535 return NULL;
4536
4ad49000
LP		 4537 offset = UNIT_VTABLE(u)->cgroup_context_offset;
4538 if (offset <= 0)
4539 return NULL;
4540
4541 return (CGroupContext*) ((uint8_t*) u + offset);
4542}
4543
9cc54544 4544ExecRuntime *unit_get_exec_runtime(const Unit *u) {
613b411c
LP		 4545 size_t offset;
4546
598459ce
LP		 4547 if (u->type < 0)
4548 return NULL;
4549
613b411c
LP		 4550 offset = UNIT_VTABLE(u)->exec_runtime_offset;
4551 if (offset <= 0)
4552 return NULL;
4553
28135da3 4554 return *(ExecRuntime**) ((uint8_t*) u + offset);
613b411c
LP		 4555}
4556
9cc54544
LP		 4557CGroupRuntime *unit_get_cgroup_runtime(const Unit *u) {
4558 size_t offset;
4559
4560 if (u->type < 0)
4561 return NULL;
4562
4563 offset = UNIT_VTABLE(u)->cgroup_runtime_offset;
4564 if (offset <= 0)
4565 return NULL;
4566
4567 return *(CGroupRuntime**) ((uint8_t*) u + offset);
4568}
4569
2e59b241 4570static const char* unit_drop_in_dir(Unit *u, UnitWriteFlags flags) {
3f5e8115
LP		 4571 assert(u);
4572
2e59b241 4573 if (UNIT_WRITE_FLAGS_NOOP(flags))
4f4afc88
LP		 4574 return NULL;
4575
39591351
LP		 4576 if (u->transient) /* Redirect drop-ins for transient units always into the transient directory. */
4577 return u->manager->lookup_paths.transient;
26d04f86 4578
2e59b241 4579 if (flags & UNIT_PERSISTENT)
4f4afc88 4580 return u->manager->lookup_paths.persistent_control;
26d04f86 4581
2e59b241
LP		 4582 if (flags & UNIT_RUNTIME)
4583 return u->manager->lookup_paths.runtime_control;
4584
39591351 4585 return NULL;
71645aca
LP		 4586}
4587
68ecb48b
ZJS		 4588const char* unit_escape_setting(const char *s, UnitWriteFlags flags, char **buf) {
4589 assert(s);
8c41640a 4590 assert(popcount(flags & (UNIT_ESCAPE_EXEC_SYNTAX_ENV | UNIT_ESCAPE_EXEC_SYNTAX | UNIT_ESCAPE_C)) <= 1);
68ecb48b 4591 assert(buf);
24536beb
ZJS		 4592
4593 _cleanup_free_ char *t = NULL;
2e59b241 4594
68ecb48b
ZJS		 4595 /* Returns a string with any escaping done. If no escaping was necessary, *buf is set to NULL, and
4596 * the input pointer is returned as-is. If an allocation was needed, the return buffer pointer is
4597 * written to *buf. This means the return value always contains a properly escaped version, but *buf
4598 * only contains a pointer if an allocation was made. Callers can use this to optimize memory
4599 * allocations. */
2e59b241
LP		 4600
4601 if (flags & UNIT_ESCAPE_SPECIFIERS) {
24536beb
ZJS		 4602 t = specifier_escape(s);
4603 if (!t)
2e59b241
LP		 4604 return NULL;
4605
24536beb 4606 s = t;
2e59b241
LP		 4607 }
4608
4a055e5a 4609 /* We either do C-escaping or shell-escaping, to additionally escape characters that we parse for
e7416db1 4610 * ExecStart= and friends, i.e. '$' and quotes. */
24536beb 4611
8c41640a 4612 if (flags & (UNIT_ESCAPE_EXEC_SYNTAX_ENV | UNIT_ESCAPE_EXEC_SYNTAX)) {
e7416db1
ZJS		 4613 char *t2;
4614
8c41640a
ZJS		 4615 if (flags & UNIT_ESCAPE_EXEC_SYNTAX_ENV) {
4616 t2 = strreplace(s, "$", "$$");
4617 if (!t2)
4618 return NULL;
4619 free_and_replace(t, t2);
4620 }
e7416db1 4621
8c41640a 4622 t2 = shell_escape(t ?: s, "\"");
24536beb
ZJS		 4623 if (!t2)
4624 return NULL;
4625 free_and_replace(t, t2);
4626
4627 s = t;
2e59b241 4628
24536beb 4629 } else if (flags & UNIT_ESCAPE_C) {
e7416db1
ZJS		 4630 char *t2;
4631
4632 t2 = cescape(s);
24536beb 4633 if (!t2)
2e59b241 4634 return NULL;
24536beb 4635 free_and_replace(t, t2);
2e59b241 4636
24536beb 4637 s = t;
2e59b241
LP		 4638 }
4639
68ecb48b
ZJS		 4640 *buf = TAKE_PTR(t);
4641 return s;
2e59b241
LP		 4642}
4643
4644char* unit_concat_strv(char **l, UnitWriteFlags flags) {
4645 _cleanup_free_ char *result = NULL;
319a4f4b 4646 size_t n = 0;
2e59b241 4647
24536beb
ZJS		 4648 /* Takes a list of strings, escapes them, and concatenates them. This may be used to format command
4649 * lines in a way suitable for ExecStart= stanzas. */
2e59b241
LP		 4650
4651 STRV_FOREACH(i, l) {
4652 _cleanup_free_ char *buf = NULL;
4653 const char *p;
4654 size_t a;
4655 char *q;
4656
4657 p = unit_escape_setting(*i, flags, &buf);
4658 if (!p)
4659 return NULL;
4660
4661 a = (n > 0) + 1 + strlen(p) + 1; /* separating space + " + entry + " */
319a4f4b 4662 if (!GREEDY_REALLOC(result, n + a + 1))
2e59b241
LP		 4663 return NULL;
4664
4665 q = result + n;
4666 if (n > 0)
4667 *(q++) = ' ';
4668
4669 *(q++) = '"';
4670 q = stpcpy(q, p);
4671 *(q++) = '"';
4672
4673 n += a;
4674 }
4675
319a4f4b 4676 if (!GREEDY_REALLOC(result, n + 1))
2e59b241
LP		 4677 return NULL;
4678
4679 result[n] = 0;
4680
ae2a15bc 4681 return TAKE_PTR(result);
2e59b241
LP		 4682}
4683
4684int unit_write_setting(Unit *u, UnitWriteFlags flags, const char *name, const char *data) {
4685 _cleanup_free_ char *p = NULL, *q = NULL, *escaped = NULL;
2a9a6f8a 4686 const char *dir, *wrapped;
26d04f86 4687 int r;
71645aca
LP		 4688
4689 assert(u);
2e59b241
LP		 4690 assert(name);
4691 assert(data);
4692
4693 if (UNIT_WRITE_FLAGS_NOOP(flags))
4694 return 0;
4695
4696 data = unit_escape_setting(data, flags, &escaped);
4697 if (!data)
4698 return -ENOMEM;
4699
4700 /* Prefix the section header. If we are writing this out as transient file, then let's suppress this if the
4701 * previous section header is the same */
4702
4703 if (flags & UNIT_PRIVATE) {
4704 if (!UNIT_VTABLE(u)->private_section)
4705 return -EINVAL;
4706
4707 if (!u->transient_file || u->last_section_private < 0)
4708 data = strjoina("[", UNIT_VTABLE(u)->private_section, "]\n", data);
4709 else if (u->last_section_private == 0)
4710 data = strjoina("\n[", UNIT_VTABLE(u)->private_section, "]\n", data);
4711 } else {
4712 if (!u->transient_file || u->last_section_private < 0)
4713 data = strjoina("[Unit]\n", data);
4714 else if (u->last_section_private > 0)
4715 data = strjoina("\n[Unit]\n", data);
4716 }
71645aca 4717
4f4afc88 4718 if (u->transient_file) {
0160a1db
MY		 4719 /* When this is a transient unit file in creation, then let's not create a new drop-in,
4720 * but instead write to the transient unit file. */
4721 fputs_with_newline(u->transient_file, data);
2e59b241
LP		 4722
4723 /* Remember which section we wrote this entry to */
4724 u->last_section_private = !!(flags & UNIT_PRIVATE);
8e2af478 4725 return 0;
2e59b241 4726 }
8e2af478 4727
2e59b241 4728 dir = unit_drop_in_dir(u, flags);
39591351
LP		 4729 if (!dir)
4730 return -EINVAL;
71645aca 4731
2a9a6f8a 4732 wrapped = strjoina("# This is a drop-in unit file extension, created via \"systemctl set-property\"\n"
3f71dec5 4733 "# or an equivalent operation. Do not edit.\n",
2a9a6f8a
ZJS		 4734 data,
4735 "\n");
e20b2a86 4736
815b09d3 4737 r = drop_in_file(dir, u->id, 50, name, &p, &q);
adb76a70
WC		 4738 if (r < 0)
4739 return r;
4740
45639f1b 4741 (void) mkdir_p_label(p, 0755);
4dba44a5
ZJS		 4742
4743 /* Make sure the drop-in dir is registered in our path cache. This way we don't need to stupidly
4744 * recreate the cache after every drop-in we write. */
4745 if (u->manager->unit_path_cache) {
16c7555e 4746 r = set_put_strdup_full(&u->manager->unit_path_cache, &path_hash_ops_free, p);
4dba44a5
ZJS		 4747 if (r < 0)
4748 return r;
4749 }
4750
8eeb8709 4751 r = write_string_file(q, wrapped, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_LABEL);
adb76a70
WC		 4752 if (r < 0)
4753 return r;
4754
815b09d3 4755 r = strv_push(&u->dropin_paths, q);
adb76a70
WC		 4756 if (r < 0)
4757 return r;
815b09d3 4758 q = NULL;
adb76a70 4759
adb76a70
WC		 4760 strv_uniq(u->dropin_paths);
4761
4762 u->dropin_mtime = now(CLOCK_REALTIME);
4763
4764 return 0;
26d04f86 4765}
71645aca 4766
2e59b241 4767int unit_write_settingf(Unit *u, UnitWriteFlags flags, const char *name, const char *format, ...) {
b9ec9359
LP		 4768 _cleanup_free_ char *p = NULL;
4769 va_list ap;
4770 int r;
4771
4772 assert(u);
4773 assert(name);
4774 assert(format);
4775
2e59b241 4776 if (UNIT_WRITE_FLAGS_NOOP(flags))
b9ec9359
LP		 4777 return 0;
4778
4779 va_start(ap, format);
4780 r = vasprintf(&p, format, ap);
4781 va_end(ap);
4782
4783 if (r < 0)
4784 return -ENOMEM;
4785
2e59b241 4786 return unit_write_setting(u, flags, name, p);
b9ec9359 4787}
71645aca 4788
c2756a68 4789int unit_make_transient(Unit *u) {
0126c8f3 4790 _cleanup_free_ char *path = NULL;
4f4afc88 4791 FILE *f;
4f4afc88 4792
c2756a68
LP		 4793 assert(u);
4794
3f5e8115
LP		 4795 if (!UNIT_VTABLE(u)->can_transient)
4796 return -EOPNOTSUPP;
4797
45639f1b
LP		 4798 (void) mkdir_p_label(u->manager->lookup_paths.transient, 0755);
4799
657ee2d8 4800 path = path_join(u->manager->lookup_paths.transient, u->id);
4f4afc88
LP		 4801 if (!path)
4802 return -ENOMEM;
4803
4804 /* Let's open the file we'll write the transient settings into. This file is kept open as long as we are
4805 * creating the transient, and is closed in unit_load(), as soon as we start loading the file. */
4806
2053593f 4807 WITH_UMASK(0022) {
4f4afc88 4808 f = fopen(path, "we");
0126c8f3 4809 if (!f)
78e334b5 4810 return -errno;
4f4afc88
LP		 4811 }
4812
0126c8f3 4813 safe_fclose(u->transient_file);
4f4afc88
LP		 4814 u->transient_file = f;
4815
0126c8f3 4816 free_and_replace(u->fragment_path, path);
7c65093a 4817
7c65093a
LP		 4818 u->source_path = mfree(u->source_path);
4819 u->dropin_paths = strv_free(u->dropin_paths);
4820 u->fragment_mtime = u->source_mtime = u->dropin_mtime = 0;
4821
4f4afc88
LP		 4822 u->load_state = UNIT_STUB;
4823 u->load_error = 0;
4824 u->transient = true;
4825
7c65093a
LP		 4826 unit_add_to_dbus_queue(u);
4827 unit_add_to_gc_queue(u);
c2756a68 4828
4f4afc88
LP		 4829 fputs("# This is a transient unit file, created programmatically via the systemd API. Do not edit.\n",
4830 u->transient_file);
4831
3f5e8115 4832 return 0;
c2756a68
LP		 4833}
4834
5ffa9490
MY		 4835static bool ignore_leftover_process(const char *comm) {
4836 return comm && comm[0] == '('; /* Most likely our own helper process (PAM?), ignore */
4837}
4838
4d1b2df1 4839static int log_kill(const PidRef *pid, int sig, void *userdata) {
5ffa9490 4840 const Unit *u = ASSERT_PTR(userdata);
1d98fef1
LP		 4841 _cleanup_free_ char *comm = NULL;
4842
4d1b2df1
LP		 4843 assert(pidref_is_set(pid));
4844
4845 (void) pidref_get_comm(pid, &comm);
1d98fef1 4846
5ffa9490 4847 if (ignore_leftover_process(comm))
500cd2e8 4848 /* Although we didn't log anything, as this callback is used in unit_kill_context we must return 1
4849 * here to let the manager know that a process was killed. */
4850 return 1;
1d98fef1 4851
5ffa9490 4852 log_unit_notice(u,
1d98fef1 4853 "Killing process " PID_FMT " (%s) with signal SIG%s.",
4d1b2df1 4854 pid->pid,
1d98fef1
LP		 4855 strna(comm),
4856 signal_to_string(sig));
c53d2d54
DB		 4857
4858 return 1;
1d98fef1
LP		 4859}
4860
efa75d70
LP		 4861static int operation_to_signal(
4862 const KillContext *c,
4863 KillOperation k,
4864 bool *ret_noteworthy) {
4865
1d98fef1 4866 assert(c);
5ffa9490 4867 assert(ret_noteworthy);
1d98fef1
LP		 4868
4869 switch (k) {
4870
4871 case KILL_TERMINATE:
4872 case KILL_TERMINATE_AND_LOG:
b98d6bff 4873 *ret_noteworthy = k == KILL_TERMINATE_AND_LOG;
1d98fef1
LP		 4874 return c->kill_signal;
4875
a232ebcc 4876 case KILL_RESTART:
efa75d70 4877 *ret_noteworthy = false;
a232ebcc
ZJS		 4878 return restart_kill_signal(c);
4879
1d98fef1 4880 case KILL_KILL:
efa75d70 4881 *ret_noteworthy = true;
fbb48d4c 4882 return c->final_kill_signal;
1d98fef1 4883
c87700a1 4884 case KILL_WATCHDOG:
efa75d70 4885 *ret_noteworthy = true;
c87700a1 4886 return c->watchdog_signal;
1d98fef1
LP		 4887
4888 default:
04499a70 4889 assert_not_reached();
1d98fef1
LP		 4890 }
4891}
4892
fe80d626
YW		 4893static int unit_kill_context_one(
4894 Unit *u,
4895 const PidRef *pidref,
4896 const char *type,
4897 bool is_alien,
4898 int sig,
4899 bool send_sighup,
4900 cg_kill_log_func_t log_func) {
4901
4902 int r;
4903
4904 assert(u);
4905 assert(type);
4906
4907 /* This returns > 0 if it makes sense to wait for SIGCHLD for the process, == 0 if not. */
4908
4909 if (!pidref_is_set(pidref))
4910 return 0;
4911
4912 if (log_func)
4913 log_func(pidref, sig, u);
4914
4915 r = pidref_kill_and_sigcont(pidref, sig);
4916 if (r == -ESRCH)
4917 return !is_alien;
4918 if (r < 0) {
4919 _cleanup_free_ char *comm = NULL;
4920
4921 (void) pidref_get_comm(pidref, &comm);
4922 return log_unit_warning_errno(u, r, "Failed to kill %s process " PID_FMT " (%s), ignoring: %m", type, pidref->pid, strna(comm));
4923 }
4924
4925 if (send_sighup)
4926 (void) pidref_kill(pidref, SIGHUP);
4927
4928 return !is_alien;
4929}
4930
b826e317 4931int unit_kill_context(Unit *u, KillOperation k) {
1d98fef1 4932 bool wait_for_exit = false, send_sighup;
59ec09a8 4933 cg_kill_log_func_t log_func = NULL;
b821a397 4934 int sig, r;
cd2086fe
LP		 4935
4936 assert(u);
cd2086fe 4937
8aff7ac4
LP		 4938 /* Kill the processes belonging to this unit, in preparation for shutting the unit down. Returns > 0
4939 * if we killed something worth waiting for, 0 otherwise. Do not confuse with unit_kill_common()
4940 * which is used for user-requested killing of unit processes. */
1d98fef1 4941
b826e317
YW		 4942 KillContext *c = unit_get_kill_context(u);
4943 if (!c || c->kill_mode == KILL_NONE)
cd2086fe
LP		 4944 return 0;
4945
4ab1670f
ZJS		 4946 bool noteworthy;
4947 sig = operation_to_signal(c, k, &noteworthy);
4948 if (noteworthy)
4949 log_func = log_kill;
1d98fef1
LP		 4950
4951 send_sighup =
4952 c->send_sighup &&
4953 IN_SET(k, KILL_TERMINATE, KILL_TERMINATE_AND_LOG) &&
4954 sig != SIGHUP;
4955
b826e317
YW		 4956 bool is_alien;
4957 PidRef *main_pid = unit_main_pid_full(u, &is_alien);
fe80d626
YW		 4958 r = unit_kill_context_one(u, main_pid, "main", is_alien, sig, send_sighup, log_func);
4959 wait_for_exit = wait_for_exit || r > 0;
cd2086fe 4960
fe80d626
YW		 4961 r = unit_kill_context_one(u, unit_control_pid(u), "control", /* is_alien = */ false, sig, send_sighup, log_func);
4962 wait_for_exit = wait_for_exit || r > 0;
cd2086fe 4963
9cc54544
LP		 4964 CGroupRuntime *crt = unit_get_cgroup_runtime(u);
4965 if (crt && crt->cgroup_path &&
b821a397 4966 (c->kill_mode == KILL_CONTROL_GROUP || (c->kill_mode == KILL_MIXED && k == KILL_KILL))) {
cd2086fe
LP		 4967 _cleanup_set_free_ Set *pid_set = NULL;
4968
82659fd7 4969 /* Exclude the main/control pids from being killed via the cgroup */
ae6a9e65
YW		 4970 r = unit_pid_set(u, &pid_set);
4971 if (r < 0)
4972 return r;
cd2086fe 4973
bd1791b5 4974 r = cg_kill_recursive(
9cc54544 4975 crt->cgroup_path,
bd1791b5
LP		 4976 sig,
4977 CGROUP_SIGCONT|CGROUP_IGNORE_SELF,
4978 pid_set,
4979 log_func, u);
cd2086fe 4980 if (r < 0) {
4c701096 4981 if (!IN_SET(r, -EAGAIN, -ESRCH, -ENOENT))
9cc54544 4982 log_unit_warning_errno(u, r, "Failed to kill control group %s, ignoring: %m", empty_to_root(crt->cgroup_path));
b821a397 4983
82659fd7 4984 } else if (r > 0) {
bc6aed7b 4985
3988e248 4986 wait_for_exit = true;
58ea275a 4987
1d98fef1 4988 if (send_sighup) {
ae6a9e65
YW		 4989 r = unit_pid_set(u, &pid_set);
4990 if (r < 0)
4991 return r;
82659fd7 4992
bd1791b5 4993 (void) cg_kill_recursive(
9cc54544 4994 crt->cgroup_path,
bd1791b5
LP		 4995 SIGHUP,
4996 CGROUP_IGNORE_SELF,
4997 pid_set,
3ce64b0f 4998 /* log_kill= */ NULL,
bd1791b5 4999 /* userdata= */ NULL);
82659fd7
LP		 5000 }
5001 }
cd2086fe
LP		 5002 }
5003
5004 return wait_for_exit;
5005}
5006
9e615fa3
LB		 5007int unit_add_mounts_for(Unit *u, const char *path, UnitDependencyMask mask, UnitMountDependencyType type) {
5008 Hashmap **unit_map, **manager_map;
a57f7e2c
LP		 5009 int r;
5010
5011 assert(u);
5012 assert(path);
9e615fa3
LB		 5013 assert(type >= 0 && type < _UNIT_MOUNT_DEPENDENCY_TYPE_MAX);
5014
5015 unit_map = &u->mounts_for[type];
5016 manager_map = &u->manager->units_needing_mounts_for[type];
a57f7e2c 5017
ac19bdd0
ZJS		 5018 /* Registers a unit for requiring a certain path and all its prefixes. We keep a hashtable of these
5019 * paths in the unit (from the path to the UnitDependencyInfo structure indicating how to the
5020 * dependency came to be). However, we build a prefix table for all possible prefixes so that new
5021 * appearing mount units can easily determine which units to make themselves a dependency of. */
a57f7e2c 5022
70b64bd3
ZJS		 5023 if (!path_is_absolute(path))
5024 return -EINVAL;
5025
9e615fa3 5026 if (hashmap_contains(*unit_map, path)) /* Exit quickly if the path is already covered. */
ac19bdd0 5027 return 0;
eef85c4a 5028
ac19bdd0
ZJS		 5029 /* Use the canonical form of the path as the stored key. We call path_is_normalized()
5030 * only after simplification, since path_is_normalized() rejects paths with '.'.
5031 * path_is_normalized() also verifies that the path fits in PATH_MAX. */
cf3d95b2
YW		 5032 _cleanup_free_ char *p = NULL;
5033 r = path_simplify_alloc(path, &p);
5034 if (r < 0)
5035 return r;
5036 path = p;
a57f7e2c 5037
ca8700e9 5038 if (!path_is_normalized(path))
a57f7e2c 5039 return -EPERM;
a57f7e2c 5040
ac19bdd0 5041 UnitDependencyInfo di = {
eef85c4a
LP		 5042 .origin_mask = mask
5043 };
5044
9e615fa3 5045 r = hashmap_ensure_put(unit_map, &path_hash_ops, p, di.data);
ca8700e9 5046 if (r < 0)
a57f7e2c 5047 return r;
ac19bdd0
ZJS		 5048 assert(r > 0);
5049 TAKE_PTR(p); /* path remains a valid pointer to the string stored in the hashmap */
a57f7e2c 5050
4cb06c59 5051 char prefix[strlen(path) + 1];
ca8700e9 5052 PATH_FOREACH_PREFIX_MORE(prefix, path) {
a57f7e2c
LP		 5053 Set *x;
5054
9e615fa3 5055 x = hashmap_get(*manager_map, prefix);
a57f7e2c 5056 if (!x) {
ca8700e9 5057 _cleanup_free_ char *q = NULL;
a57f7e2c 5058
9e615fa3 5059 r = hashmap_ensure_allocated(manager_map, &path_hash_ops);
742f41ad
LP		 5060 if (r < 0)
5061 return r;
a57f7e2c
LP		 5062
5063 q = strdup(prefix);
5064 if (!q)
5065 return -ENOMEM;
5066
d5099efc 5067 x = set_new(NULL);
ca8700e9 5068 if (!x)
a57f7e2c 5069 return -ENOMEM;
a57f7e2c 5070
9e615fa3 5071 r = hashmap_put(*manager_map, q, x);
a57f7e2c 5072 if (r < 0) {
a57f7e2c
LP		 5073 set_free(x);
5074 return r;
5075 }
ca8700e9 5076 q = NULL;
a57f7e2c
LP		 5077 }
5078
5079 r = set_put(x, u);
5080 if (r < 0)
5081 return r;
5082 }
5083
5084 return 0;
5085}
5086
613b411c 5087int unit_setup_exec_runtime(Unit *u) {
28135da3 5088 _cleanup_(exec_shared_runtime_unrefp) ExecSharedRuntime *esr = NULL;
15220772 5089 _cleanup_(dynamic_creds_unrefp) DynamicCreds *dcreds = NULL;
83123a44 5090 _cleanup_set_free_ Set *units = NULL;
28135da3 5091 ExecRuntime **rt;
15220772 5092 ExecContext *ec;
613b411c 5093 size_t offset;
613b411c 5094 Unit *other;
e8a565cb 5095 int r;
613b411c
LP		 5096
5097 offset = UNIT_VTABLE(u)->exec_runtime_offset;
5098 assert(offset > 0);
5099
28135da3
DDM		 5100 /* Check if there already is an ExecRuntime for this unit? */
5101 rt = (ExecRuntime**) ((uint8_t*) u + offset);
613b411c
LP		 5102 if (*rt)
5103 return 0;
5104
a5801e97 5105 ec = ASSERT_PTR(unit_get_exec_context(u));
15220772 5106
83123a44
YW		 5107 r = unit_get_transitive_dependency_set(u, UNIT_ATOM_JOINS_NAMESPACE_OF, &units);
5108 if (r < 0)
5109 return r;
5110
613b411c 5111 /* Try to get it from somebody else */
83123a44 5112 SET_FOREACH(other, units) {
28135da3
DDM		 5113 r = exec_shared_runtime_acquire(u->manager, NULL, other->id, false, &esr);
5114 if (r < 0)
5115 return r;
5116 if (r > 0)
5117 break;
5118 }
5119
5120 if (!esr) {
15220772 5121 r = exec_shared_runtime_acquire(u->manager, ec, u->id, true, &esr);
28135da3
DDM		 5122 if (r < 0)
5123 return r;
613b411c
LP		 5124 }
5125
15220772
DDM		 5126 if (ec->dynamic_user) {
5127 r = dynamic_creds_make(u->manager, ec->user, ec->group, &dcreds);
5128 if (r < 0)
5129 return r;
5130 }
5131
9c0c6701 5132 r = exec_runtime_make(u, ec, esr, dcreds, rt);
28135da3
DDM		 5133 if (r < 0)
5134 return r;
5135
5136 TAKE_PTR(esr);
15220772 5137 TAKE_PTR(dcreds);
28135da3
DDM		 5138
5139 return r;
613b411c
LP		 5140}
5141
9cc54544
LP		 5142CGroupRuntime *unit_setup_cgroup_runtime(Unit *u) {
5143 size_t offset;
5144
5145 assert(u);
5146
5147 offset = UNIT_VTABLE(u)->cgroup_runtime_offset;
5148 assert(offset > 0);
5149
5150 CGroupRuntime **rt = (CGroupRuntime**) ((uint8_t*) u + offset);
5151 if (*rt)
5152 return *rt;
5153
5154 return (*rt = cgroup_runtime_new());
5155}
5156
1c2e9646 5157bool unit_type_supported(UnitType t) {
88e4bfa6
MS		 5158 static int8_t cache[_UNIT_TYPE_MAX] = {}; /* -1: disabled, 1: enabled: 0: don't know */
5159 int r;
5160
ffcf54d4 5161 assert(t >= 0 && t < _UNIT_TYPE_MAX);
1c2e9646 5162
88e4bfa6
MS		 5163 if (cache[t] == 0) {
5164 char *e;
5165
5166 e = strjoina("SYSTEMD_SUPPORT_", unit_type_to_string(t));
5167
5168 r = getenv_bool(ascii_strupper(e));
5169 if (r < 0 && r != -ENXIO)
5170 log_debug_errno(r, "Failed to parse $%s, ignoring: %m", e);
5171
5172 cache[t] = r == 0 ? -1 : 1;
5173 }
5174 if (cache[t] < 0)
5175 return false;
5176
1c2e9646
LP		 5177 if (!unit_vtable[t]->supported)
5178 return true;
5179
5180 return unit_vtable[t]->supported();
5181}
5182
8b4305c7
LP		 5183void unit_warn_if_dir_nonempty(Unit *u, const char* where) {
5184 int r;
5185
5186 assert(u);
5187 assert(where);
5188
c2503e35
RH		 5189 if (!unit_log_level_test(u, LOG_NOTICE))
5190 return;
5191
db55bbf2 5192 r = dir_is_empty(where, /* ignore_hidden_or_backup= */ false);
3f602115 5193 if (r > 0 || r == -ENOTDIR)
8b4305c7
LP		 5194 return;
5195 if (r < 0) {
5196 log_unit_warning_errno(u, r, "Failed to check directory %s: %m", where);
5197 return;
5198 }
5199
c2503e35 5200 log_unit_struct(u, LOG_NOTICE,
3cf6a3a3 5201 LOG_MESSAGE_ID(SD_MESSAGE_OVERMOUNTING_STR),
c2503e35
RH		 5202 LOG_UNIT_INVOCATION_ID(u),
5203 LOG_UNIT_MESSAGE(u, "Directory %s to mount over is not empty, mounting anyway.", where),
3cf6a3a3 5204 LOG_ITEM("WHERE=%s", where));
8b4305c7
LP		 5205}
5206
38c35970
LP		 5207int unit_log_noncanonical_mount_path(Unit *u, const char *where) {
5208 assert(u);
5209 assert(where);
5210
5211 /* No need to mention "." or "..", they would already have been rejected by unit_name_from_path() */
5212 log_unit_struct(u, LOG_ERR,
3cf6a3a3 5213 LOG_MESSAGE_ID(SD_MESSAGE_NON_CANONICAL_MOUNT_STR),
38c35970
LP		 5214 LOG_UNIT_INVOCATION_ID(u),
5215 LOG_UNIT_MESSAGE(u, "Mount path %s is not canonical (contains a symlink).", where),
3cf6a3a3 5216 LOG_ITEM("WHERE=%s", where));
38c35970
LP		 5217
5218 return -ELOOP;
5219}
5220
5221int unit_fail_if_noncanonical_mount_path(Unit *u, const char* where) {
8b4305c7
LP		 5222 int r;
5223
5224 assert(u);
5225 assert(where);
5226
38c35970
LP		 5227 _cleanup_free_ char *canonical_where = NULL;
5228 r = chase(where, /* root= */ NULL, CHASE_NONEXISTENT, &canonical_where, /* ret_fd= */ NULL);
8b4305c7 5229 if (r < 0) {
25cd4964 5230 log_unit_debug_errno(u, r, "Failed to check %s for symlinks, ignoring: %m", where);
8b4305c7
LP		 5231 return 0;
5232 }
25cd4964
AJ		 5233
5234 /* We will happily ignore a trailing slash (or any redundant slashes) */
5235 if (path_equal(where, canonical_where))
8b4305c7
LP		 5236 return 0;
5237
38c35970 5238 return unit_log_noncanonical_mount_path(u, where);
8b4305c7 5239}
0f13f3bd
LP		 5240
5241bool unit_is_pristine(Unit *u) {
5242 assert(u);
5243
1f832446
ZJS		 5244 /* Check if the unit already exists or is already around, in a number of different ways. Note that to
5245 * cater for unit types such as slice, we are generally fine with units that are marked UNIT_LOADED
5246 * even though nothing was actually loaded, as those unit types don't require a file on disk.
5247 *
5248 * Note that we don't check for drop-ins here, because we allow drop-ins for transient units
5249 * identically to non-transient units, both unit-specific and hierarchical. E.g. for a-b-c.service:
5250 * service.d/….conf, a-.service.d/….conf, a-b-.service.d/….conf, a-b-c.service.d/….conf.
5251 */
0f13f3bd 5252
b146a734
ZJS		 5253 return IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_LOADED) &&
5254 !u->fragment_path &&
5255 !u->source_path &&
b146a734
ZJS		 5256 !u->job &&
5257 !u->merged_into;
0f13f3bd 5258}
291d565a 5259
37eb258e 5260PidRef* unit_control_pid(Unit *u) {
291d565a
LP		 5261 assert(u);
5262
5263 if (UNIT_VTABLE(u)->control_pid)
5264 return UNIT_VTABLE(u)->control_pid(u);
5265
37eb258e 5266 return NULL;
291d565a
LP		 5267}
5268
3e22239d 5269PidRef* unit_main_pid_full(Unit *u, bool *ret_is_alien) {
291d565a
LP		 5270 assert(u);
5271
5272 if (UNIT_VTABLE(u)->main_pid)
3e22239d 5273 return UNIT_VTABLE(u)->main_pid(u, ret_is_alien);
291d565a 5274
3e22239d
YW		 5275 if (ret_is_alien)
5276 *ret_is_alien = false;
37eb258e 5277 return NULL;
291d565a 5278}
00d9ef85 5279
3bb48b19
TM		 5280static void unit_modify_user_nft_set(Unit *u, bool add, NFTSetSource source, uint32_t element) {
5281 int r;
5282
5283 assert(u);
5284
5285 if (!MANAGER_IS_SYSTEM(u->manager))
5286 return;
5287
5288 CGroupContext *c;
5289 c = unit_get_cgroup_context(u);
5290 if (!c)
5291 return;
5292
5293 if (!u->manager->fw_ctx) {
5294 r = fw_ctx_new_full(&u->manager->fw_ctx, /* init_tables= */ false);
5295 if (r < 0)
5296 return;
5297
5298 assert(u->manager->fw_ctx);
5299 }
5300
5301 FOREACH_ARRAY(nft_set, c->nft_set_context.sets, c->nft_set_context.n_sets) {
5302 if (nft_set->source != source)
5303 continue;
5304
5305 r = nft_set_element_modify_any(u->manager->fw_ctx, add, nft_set->nfproto, nft_set->table, nft_set->set, &element, sizeof(element));
5306 if (r < 0)
2fe2ee9a 5307 log_warning_errno(r, "Failed to %s NFT set entry: family %s, table %s, set %s, ID %u, ignoring: %m",
3bb48b19
TM		 5308 add? "add" : "delete", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, element);
5309 else
2fe2ee9a 5310 log_debug("%s NFT set entry: family %s, table %s, set %s, ID %u",
3bb48b19
TM		 5311 add? "Added" : "Deleted", nfproto_to_string(nft_set->nfproto), nft_set->table, nft_set->set, element);
5312 }
5313}
5314
00d9ef85
LP		 5315static void unit_unref_uid_internal(
5316 Unit *u,
5317 uid_t *ref_uid,
5318 bool destroy_now,
5319 void (*_manager_unref_uid)(Manager *m, uid_t uid, bool destroy_now)) {
5320
5321 assert(u);
5322 assert(ref_uid);
5323 assert(_manager_unref_uid);
5324
5325 /* Generic implementation of both unit_unref_uid() and unit_unref_gid(), under the assumption that uid_t and
5326 * gid_t are actually the same time, with the same validity rules.
5327 *
5328 * Drops a reference to UID/GID from a unit. */
5329
5330 assert_cc(sizeof(uid_t) == sizeof(gid_t));
5331 assert_cc(UID_INVALID == (uid_t) GID_INVALID);
5332
5333 if (!uid_is_valid(*ref_uid))
5334 return;
5335
5336 _manager_unref_uid(u->manager, *ref_uid, destroy_now);
5337 *ref_uid = UID_INVALID;
5338}
5339
b90cf102 5340static void unit_unref_uid(Unit *u, bool destroy_now) {
3bb48b19
TM		 5341 assert(u);
5342
5343 unit_modify_user_nft_set(u, /* add = */ false, NFT_SET_SOURCE_USER, u->ref_uid);
5344
00d9ef85
LP		 5345 unit_unref_uid_internal(u, &u->ref_uid, destroy_now, manager_unref_uid);
5346}
5347
b90cf102 5348static void unit_unref_gid(Unit *u, bool destroy_now) {
3bb48b19
TM		 5349 assert(u);
5350
5351 unit_modify_user_nft_set(u, /* add = */ false, NFT_SET_SOURCE_GROUP, u->ref_gid);
5352
00d9ef85
LP		 5353 unit_unref_uid_internal(u, (uid_t*) &u->ref_gid, destroy_now, manager_unref_gid);
5354}
5355
b90cf102
LP		 5356void unit_unref_uid_gid(Unit *u, bool destroy_now) {
5357 assert(u);
5358
5359 unit_unref_uid(u, destroy_now);
5360 unit_unref_gid(u, destroy_now);
5361}
5362
00d9ef85
LP		 5363static int unit_ref_uid_internal(
5364 Unit *u,
5365 uid_t *ref_uid,
5366 uid_t uid,
5367 bool clean_ipc,
5368 int (*_manager_ref_uid)(Manager *m, uid_t uid, bool clean_ipc)) {
5369
5370 int r;
5371
5372 assert(u);
5373 assert(ref_uid);
5374 assert(uid_is_valid(uid));
5375 assert(_manager_ref_uid);
5376
5377 /* Generic implementation of both unit_ref_uid() and unit_ref_guid(), under the assumption that uid_t and gid_t
5378 * are actually the same type, and have the same validity rules.
5379 *
5380 * Adds a reference on a specific UID/GID to this unit. Each unit referencing the same UID/GID maintains a
5381 * reference so that we can destroy the UID/GID's IPC resources as soon as this is requested and the counter
5382 * drops to zero. */
5383
5384 assert_cc(sizeof(uid_t) == sizeof(gid_t));
5385 assert_cc(UID_INVALID == (uid_t) GID_INVALID);
5386
5387 if (*ref_uid == uid)
5388 return 0;
5389
5390 if (uid_is_valid(*ref_uid)) /* Already set? */
5391 return -EBUSY;
5392
5393 r = _manager_ref_uid(u->manager, uid, clean_ipc);
5394 if (r < 0)
5395 return r;
5396
5397 *ref_uid = uid;
5398 return 1;
5399}
5400
b90cf102 5401static int unit_ref_uid(Unit *u, uid_t uid, bool clean_ipc) {
00d9ef85
LP		 5402 return unit_ref_uid_internal(u, &u->ref_uid, uid, clean_ipc, manager_ref_uid);
5403}
5404
b90cf102 5405static int unit_ref_gid(Unit *u, gid_t gid, bool clean_ipc) {
00d9ef85
LP		 5406 return unit_ref_uid_internal(u, (uid_t*) &u->ref_gid, (uid_t) gid, clean_ipc, manager_ref_gid);
5407}
5408
5409static int unit_ref_uid_gid_internal(Unit *u, uid_t uid, gid_t gid, bool clean_ipc) {
5410 int r = 0, q = 0;
5411
5412 assert(u);
5413
5414 /* Reference both a UID and a GID in one go. Either references both, or neither. */
5415
5416 if (uid_is_valid(uid)) {
5417 r = unit_ref_uid(u, uid, clean_ipc);
5418 if (r < 0)
5419 return r;
5420 }
5421
5422 if (gid_is_valid(gid)) {
5423 q = unit_ref_gid(u, gid, clean_ipc);
5424 if (q < 0) {
5425 if (r > 0)
5426 unit_unref_uid(u, false);
5427
5428 return q;
5429 }
5430 }
5431
5432 return r > 0 || q > 0;
5433}
5434
5435int unit_ref_uid_gid(Unit *u, uid_t uid, gid_t gid) {
5436 ExecContext *c;
5437 int r;
5438
5439 assert(u);
5440
5441 c = unit_get_exec_context(u);
5442
5443 r = unit_ref_uid_gid_internal(u, uid, gid, c ? c->remove_ipc : false);
5444 if (r < 0)
5445 return log_unit_warning_errno(u, r, "Couldn't add UID/GID reference to unit, proceeding without: %m");
5446
3bb48b19
TM		 5447 unit_modify_user_nft_set(u, /* add = */ true, NFT_SET_SOURCE_USER, uid);
5448 unit_modify_user_nft_set(u, /* add = */ true, NFT_SET_SOURCE_GROUP, gid);
5449
00d9ef85
LP		 5450 return r;
5451}
5452
00d9ef85
LP		 5453void unit_notify_user_lookup(Unit *u, uid_t uid, gid_t gid) {
5454 int r;
5455
5456 assert(u);
5457
5458 /* This is invoked whenever one of the forked off processes let's us know the UID/GID its user name/group names
5459 * resolved to. We keep track of which UID/GID is currently assigned in order to be able to destroy its IPC
5460 * objects when no service references the UID/GID anymore. */
5461
5462 r = unit_ref_uid_gid(u, uid, gid);
5463 if (r > 0)
37d0b962 5464 unit_add_to_dbus_queue(u);
00d9ef85 5465}
4b58153d 5466
4b58153d
LP		 5467int unit_acquire_invocation_id(Unit *u) {
5468 sd_id128_t id;
5469 int r;
5470
5471 assert(u);
5472
5473 r = sd_id128_randomize(&id);
5474 if (r < 0)
5475 return log_unit_error_errno(u, r, "Failed to generate invocation ID for unit: %m");
5476
5477 r = unit_set_invocation_id(u, id);
5478 if (r < 0)
5479 return log_unit_error_errno(u, r, "Failed to set invocation ID for unit: %m");
5480
af92c603 5481 unit_add_to_dbus_queue(u);
4b58153d
LP		 5482 return 0;
5483}
f0d47797 5484
1ad6e8b3
LP		 5485int unit_set_exec_params(Unit *u, ExecParameters *p) {
5486 int r;
5487
7960b0c7
LP		 5488 assert(u);
5489 assert(p);
f0d47797 5490
004c7f16 5491 /* Copy parameters from manager */
1ad6e8b3
LP		 5492 r = manager_get_effective_environment(u->manager, &p->environment);
5493 if (r < 0)
5494 return r;
5495
170d978b
LP		 5496 p->runtime_scope = u->manager->runtime_scope;
5497
6a705f12 5498 r = strdup_to(&p->confirm_spawn, manager_get_confirm_spawn(u->manager));
a5801e97
MY		 5499 if (r < 0)
5500 return r;
bb5232b6 5501
004c7f16
LP		 5502 p->cgroup_supported = u->manager->cgroup_supported;
5503 p->prefix = u->manager->prefix;
5504 SET_FLAG(p->flags, EXEC_PASS_LOG_UNIT|EXEC_CHOWN_DIRECTORIES, MANAGER_IS_SYSTEM(u->manager));
5505
5238e957 5506 /* Copy parameters from unit */
9cc54544
LP		 5507 CGroupRuntime *crt = unit_get_cgroup_runtime(u);
5508 p->cgroup_path = crt ? crt->cgroup_path : NULL;
1d9cc876 5509 SET_FLAG(p->flags, EXEC_CGROUP_DELEGATE, unit_cgroup_delegate(u));
1ad6e8b3 5510
2ad591a3
LP		 5511 p->received_credentials_directory = u->manager->received_credentials_directory;
5512 p->received_encrypted_credentials_directory = u->manager->received_encrypted_credentials_directory;
bb0c0d6f 5513
c8ccd444 5514 p->shall_confirm_spawn = u->manager->confirm_spawn;
154eb43f
LB		 5515
5516 p->fallback_smack_process_label = u->manager->defaults.smack_process_label;
5517
352ec23c
LP		 5518 if (u->manager->restrict_fs && p->bpf_restrict_fs_map_fd < 0) {
5519 int fd = bpf_restrict_fs_map_fd(u);
154eb43f
LB		 5520 if (fd < 0)
5521 return fd;
5522
352ec23c 5523 p->bpf_restrict_fs_map_fd = fd;
154eb43f
LB		 5524 }
5525
b646fc32 5526 p->user_lookup_fd = u->manager->user_lookup_fds[1];
12001b1b 5527 p->handoff_timestamp_fd = u->manager->handoff_timestamp_fds[1];
406f1775
DDM		 5528 if (UNIT_VTABLE(u)->notify_pidref)
5529 p->pidref_transport_fd = u->manager->pidref_transport_fds[1];
b646fc32 5530
9cc54544 5531 p->cgroup_id = crt ? crt->cgroup_id : 0;
b646fc32
LB		 5532 p->invocation_id = u->invocation_id;
5533 sd_id128_to_string(p->invocation_id, p->invocation_id_string);
5534 p->unit_id = strdup(u->id);
5535 if (!p->unit_id)
5536 return -ENOMEM;
154eb43f 5537
7d8bbfbe
LB		 5538 p->debug_invocation = u->debug_invocation;
5539
1ad6e8b3 5540 return 0;
f0d47797 5541}
a79279c7 5542
5162829e
LB		 5543int unit_fork_helper_process(Unit *u, const char *name, bool into_cgroup, PidRef *ret) {
5544 CGroupRuntime *crt = NULL;
4775b55d 5545 pid_t pid;
a79279c7
LP		 5546 int r;
5547
5548 assert(u);
5549 assert(ret);
5550
5162829e
LB		 5551 /* Forks off a helper process and makes sure it is a member of the unit's cgroup, if configured to
5552 * do so. Returns == 0 in the child, and > 0 in the parent. The pid parameter is always filled in
5553 * with the child's PID. */
a79279c7 5554
5162829e
LB		 5555 if (into_cgroup) {
5556 (void) unit_realize_cgroup(u);
a79279c7 5557
5162829e
LB		 5558 crt = unit_setup_cgroup_runtime(u);
5559 if (!crt)
5560 return -ENOMEM;
5561 }
9cc54544 5562
e9ccae31 5563 r = safe_fork(name, FORK_REOPEN_LOG|FORK_DEATHSIG_SIGTERM, &pid);
4775b55d
LP		 5564 if (r < 0)
5565 return r;
5566 if (r > 0) {
5567 _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
5568 int q;
5569
5570 /* Parent */
5571
5572 q = pidref_set_pid(&pidref, pid);
5573 if (q < 0)
5574 return q;
5575
5576 *ret = TAKE_PIDREF(pidref);
4c253ed1 5577 return r;
4775b55d
LP		 5578 }
5579
5580 /* Child */
a79279c7 5581
9c274488
LP		 5582 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE);
5583 (void) ignore_signals(SIGPIPE);
a79279c7 5584
5162829e 5585 if (crt && crt->cgroup_path) {
188286ee 5586 r = cg_attach(crt->cgroup_path, 0);
4c253ed1 5587 if (r < 0) {
9cc54544 5588 log_unit_error_errno(u, r, "Failed to join unit cgroup %s: %m", empty_to_root(crt->cgroup_path));
4c253ed1 5589 _exit(EXIT_CGROUP);
a79279c7 5590 }
a79279c7
LP		 5591 }
5592
4c253ed1 5593 return 0;
a79279c7 5594}
c999cf38 5595
4775b55d
LP		 5596int unit_fork_and_watch_rm_rf(Unit *u, char **paths, PidRef *ret_pid) {
5597 _cleanup_(pidref_done) PidRef pid = PIDREF_NULL;
810ef318
YW		 5598 int r;
5599
5600 assert(u);
5601 assert(ret_pid);
5602
5162829e 5603 r = unit_fork_helper_process(u, "(sd-rmrf)", /* into_cgroup= */ true, &pid);
810ef318
YW		 5604 if (r < 0)
5605 return r;
5606 if (r == 0) {
5607 int ret = EXIT_SUCCESS;
810ef318
YW		 5608
5609 STRV_FOREACH(i, paths) {
5610 r = rm_rf(*i, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_MISSING_OK);
5611 if (r < 0) {
5612 log_error_errno(r, "Failed to remove '%s': %m", *i);
5613 ret = EXIT_FAILURE;
5614 }
5615 }
5616
5617 _exit(ret);
5618 }
5619
495e75ed 5620 r = unit_watch_pidref(u, &pid, /* exclusive= */ true);
810ef318
YW		 5621 if (r < 0)
5622 return r;
5623
4775b55d 5624 *ret_pid = TAKE_PIDREF(pid);
810ef318
YW		 5625 return 0;
5626}
5627
15ed3c3a
LP		 5628static void unit_update_dependency_mask(Hashmap *deps, Unit *other, UnitDependencyInfo di) {
5629 assert(deps);
c999cf38
LP		 5630 assert(other);
5631
15ed3c3a 5632 if (di.origin_mask == 0 && di.destination_mask == 0)
c999cf38 5633 /* No bit set anymore, let's drop the whole entry */
15ed3c3a
LP		 5634 assert_se(hashmap_remove(deps, other));
5635 else
c999cf38 5636 /* Mask was reduced, let's update the entry */
15ed3c3a 5637 assert_se(hashmap_update(deps, other, di.data) == 0);
c999cf38
LP		 5638}
5639
5640void unit_remove_dependencies(Unit *u, UnitDependencyMask mask) {
15ed3c3a 5641 Hashmap *deps;
c999cf38
LP		 5642 assert(u);
5643
5644 /* Removes all dependencies u has on other units marked for ownership by 'mask'. */
5645
5646 if (mask == 0)
5647 return;
5648
15ed3c3a 5649 HASHMAP_FOREACH(deps, u->dependencies) {
c999cf38
LP		 5650 bool done;
5651
5652 do {
5653 UnitDependencyInfo di;
5654 Unit *other;
c999cf38
LP		 5655
5656 done = true;
5657
15ed3c3a
LP		 5658 HASHMAP_FOREACH_KEY(di.data, other, deps) {
5659 Hashmap *other_deps;
5660
1d6cc5d0 5661 if (FLAGS_SET(~mask, di.origin_mask))
c999cf38 5662 continue;
15ed3c3a 5663
c999cf38 5664 di.origin_mask &= ~mask;
15ed3c3a 5665 unit_update_dependency_mask(deps, other, di);
c999cf38 5666
defe63b0
LP		 5667 /* We updated the dependency from our unit to the other unit now. But most
5668 * dependencies imply a reverse dependency. Hence, let's delete that one
5669 * too. For that we go through all dependency types on the other unit and
5670 * delete all those which point to us and have the right mask set. */
c999cf38 5671
15ed3c3a 5672 HASHMAP_FOREACH(other_deps, other->dependencies) {
c999cf38
LP		 5673 UnitDependencyInfo dj;
5674
15ed3c3a 5675 dj.data = hashmap_get(other_deps, u);
1d6cc5d0 5676 if (FLAGS_SET(~mask, dj.destination_mask))
c999cf38 5677 continue;
c999cf38 5678
15ed3c3a
LP		 5679 dj.destination_mask &= ~mask;
5680 unit_update_dependency_mask(other_deps, u, dj);
c999cf38
LP		 5681 }
5682
5683 unit_add_to_gc_queue(other);
5684
156ba52b
YW		 5685 /* The unit 'other' may not be wanted by the unit 'u'. */
5686 unit_submit_to_stop_when_unneeded_queue(other);
5687
b7777d08
YW		 5688 u->dependency_generation++;
5689 other->dependency_generation++;
5690
c999cf38
LP		 5691 done = false;
5692 break;
5693 }
5694
5695 } while (!done);
5696 }
5697}
d3070fbd 5698
2f8c48b6
AZ		 5699static int unit_get_invocation_path(Unit *u, char **ret) {
5700 char *p;
5701 int r;
5702
5703 assert(u);
5704 assert(ret);
5705
5706 if (MANAGER_IS_SYSTEM(u->manager))
5707 p = strjoin("/run/systemd/units/invocation:", u->id);
5708 else {
5709 _cleanup_free_ char *user_path = NULL;
60cd6deb
MY		 5710
5711 r = xdg_user_runtime_dir("/systemd/units/invocation:", &user_path);
2f8c48b6
AZ		 5712 if (r < 0)
5713 return r;
60cd6deb 5714
2f8c48b6
AZ		 5715 p = strjoin(user_path, u->id);
5716 }
2f8c48b6
AZ		 5717 if (!p)
5718 return -ENOMEM;
5719
5720 *ret = p;
5721 return 0;
5722}
5723
d3070fbd 5724static int unit_export_invocation_id(Unit *u) {
2f8c48b6 5725 _cleanup_free_ char *p = NULL;
d3070fbd
LP		 5726 int r;
5727
5728 assert(u);
5729
5730 if (u->exported_invocation_id)
5731 return 0;
5732
5733 if (sd_id128_is_null(u->invocation_id))
5734 return 0;
5735
2f8c48b6
AZ		 5736 r = unit_get_invocation_path(u, &p);
5737 if (r < 0)
5738 return log_unit_debug_errno(u, r, "Failed to get invocation path: %m");
5739
9ea5a6e7 5740 r = symlinkat_atomic_full(u->invocation_id_string, AT_FDCWD, p, SYMLINK_LABEL);
d3070fbd
LP		 5741 if (r < 0)
5742 return log_unit_debug_errno(u, r, "Failed to create invocation ID symlink %s: %m", p);
5743
5744 u->exported_invocation_id = true;
5745 return 0;
5746}
5747
7d8bbfbe 5748static int unit_export_log_level_max(Unit *u, int log_level_max, bool overwrite) {
d3070fbd
LP		 5749 const char *p;
5750 char buf[2];
5751 int r;
5752
5753 assert(u);
d3070fbd 5754
7d8bbfbe
LB		 5755 /* When the debug_invocation logic runs, overwrite will be true as we always want to switch the max
5756 * log level that the journal applies, and we want to always restore the previous level once done */
5757
5758 if (!overwrite && u->exported_log_level_max)
d3070fbd
LP		 5759 return 0;
5760
7d8bbfbe 5761 if (log_level_max < 0)
d3070fbd
LP		 5762 return 0;
5763
7d8bbfbe 5764 assert(log_level_max <= 7);
d3070fbd 5765
7d8bbfbe 5766 buf[0] = '0' + log_level_max;
d3070fbd
LP		 5767 buf[1] = 0;
5768
5769 p = strjoina("/run/systemd/units/log-level-max:", u->id);
5770 r = symlink_atomic(buf, p);
5771 if (r < 0)
5772 return log_unit_debug_errno(u, r, "Failed to create maximum log level symlink %s: %m", p);
5773
5774 u->exported_log_level_max = true;
5775 return 0;
5776}
5777
5778static int unit_export_log_extra_fields(Unit *u, const ExecContext *c) {
254d1313 5779 _cleanup_close_ int fd = -EBADF;
d3070fbd
LP		 5780 struct iovec *iovec;
5781 const char *p;
5782 char *pattern;
5783 le64_t *sizes;
5784 ssize_t n;
d3070fbd
LP		 5785 int r;
5786
5787 if (u->exported_log_extra_fields)
5788 return 0;
5789
5790 if (c->n_log_extra_fields <= 0)
5791 return 0;
5792
5793 sizes = newa(le64_t, c->n_log_extra_fields);
5794 iovec = newa(struct iovec, c->n_log_extra_fields * 2);
5795
12375b95 5796 for (size_t i = 0; i < c->n_log_extra_fields; i++) {
d3070fbd
LP		 5797 sizes[i] = htole64(c->log_extra_fields[i].iov_len);
5798
5799 iovec[i*2] = IOVEC_MAKE(sizes + i, sizeof(le64_t));
5800 iovec[i*2+1] = c->log_extra_fields[i];
5801 }
5802
5803 p = strjoina("/run/systemd/units/log-extra-fields:", u->id);
5804 pattern = strjoina(p, ".XXXXXX");
5805
5806 fd = mkostemp_safe(pattern);
5807 if (fd < 0)
5808 return log_unit_debug_errno(u, fd, "Failed to create extra fields file %s: %m", p);
5809
5810 n = writev(fd, iovec, c->n_log_extra_fields*2);
5811 if (n < 0) {
5812 r = log_unit_debug_errno(u, errno, "Failed to write extra fields: %m");
5813 goto fail;
5814 }
5815
5816 (void) fchmod(fd, 0644);
5817
5818 if (rename(pattern, p) < 0) {
5819 r = log_unit_debug_errno(u, errno, "Failed to rename extra fields file: %m");
5820 goto fail;
5821 }
5822
5823 u->exported_log_extra_fields = true;
5824 return 0;
5825
5826fail:
5827 (void) unlink(pattern);
5828 return r;
5829}
5830
5ac1530e 5831static int unit_export_log_ratelimit_interval(Unit *u, const ExecContext *c) {
90fc172e
AZ		 5832 _cleanup_free_ char *buf = NULL;
5833 const char *p;
5834 int r;
5835
5836 assert(u);
5837 assert(c);
5838
5ac1530e 5839 if (u->exported_log_ratelimit_interval)
90fc172e
AZ		 5840 return 0;
5841
14702b9c 5842 if (c->log_ratelimit.interval == 0)
90fc172e
AZ		 5843 return 0;
5844
5845 p = strjoina("/run/systemd/units/log-rate-limit-interval:", u->id);
5846
14702b9c 5847 if (asprintf(&buf, "%" PRIu64, c->log_ratelimit.interval) < 0)
90fc172e
AZ		 5848 return log_oom();
5849
5850 r = symlink_atomic(buf, p);
5851 if (r < 0)
5852 return log_unit_debug_errno(u, r, "Failed to create log rate limit interval symlink %s: %m", p);
5853
5ac1530e 5854 u->exported_log_ratelimit_interval = true;
90fc172e
AZ		 5855 return 0;
5856}
5857
5ac1530e 5858static int unit_export_log_ratelimit_burst(Unit *u, const ExecContext *c) {
90fc172e
AZ		 5859 _cleanup_free_ char *buf = NULL;
5860 const char *p;
5861 int r;
5862
5863 assert(u);
5864 assert(c);
5865
5ac1530e 5866 if (u->exported_log_ratelimit_burst)
90fc172e
AZ		 5867 return 0;
5868
14702b9c 5869 if (c->log_ratelimit.burst == 0)
90fc172e
AZ		 5870 return 0;
5871
5872 p = strjoina("/run/systemd/units/log-rate-limit-burst:", u->id);
5873
14702b9c 5874 if (asprintf(&buf, "%u", c->log_ratelimit.burst) < 0)
90fc172e
AZ		 5875 return log_oom();
5876
5877 r = symlink_atomic(buf, p);
5878 if (r < 0)
5879 return log_unit_debug_errno(u, r, "Failed to create log rate limit burst symlink %s: %m", p);
5880
5ac1530e 5881 u->exported_log_ratelimit_burst = true;
90fc172e
AZ		 5882 return 0;
5883}
5884
d3070fbd
LP		 5885void unit_export_state_files(Unit *u) {
5886 const ExecContext *c;
5887
5888 assert(u);
5889
5890 if (!u->id)
5891 return;
5892
638cece4 5893 if (MANAGER_IS_TEST_RUN(u->manager))
8f632531
LP		 5894 return;
5895
d3070fbd
LP		 5896 /* Exports a couple of unit properties to /run/systemd/units/, so that journald can quickly query this data
5897 * from there. Ideally, journald would use IPC to query this, like everybody else, but that's hard, as long as
5898 * the IPC system itself and PID 1 also log to the journal.
5899 *
5900 * Note that these files really shouldn't be considered API for anyone else, as use a runtime file system as
5901 * IPC replacement is not compatible with today's world of file system namespaces. However, this doesn't really
5902 * apply to communication between the journal and systemd, as we assume that these two daemons live in the same
5903 * namespace at least.
5904 *
5905 * Note that some of the "files" exported here are actually symlinks and not regular files. Symlinks work
5906 * better for storing small bits of data, in particular as we can write them with two system calls, and read
5907 * them with one. */
5908
5909 (void) unit_export_invocation_id(u);
5910
2f8c48b6
AZ		 5911 if (!MANAGER_IS_SYSTEM(u->manager))
5912 return;
5913
d3070fbd
LP		 5914 c = unit_get_exec_context(u);
5915 if (c) {
7d8bbfbe 5916 (void) unit_export_log_level_max(u, c->log_level_max, /* overwrite= */ false);
d3070fbd 5917 (void) unit_export_log_extra_fields(u, c);
5ac1530e
ZJS		 5918 (void) unit_export_log_ratelimit_interval(u, c);
5919 (void) unit_export_log_ratelimit_burst(u, c);
d3070fbd
LP		 5920 }
5921}
5922
5923void unit_unlink_state_files(Unit *u) {
5924 const char *p;
5925
5926 assert(u);
5927
5928 if (!u->id)
5929 return;
5930
d3070fbd
LP		 5931 /* Undoes the effect of unit_export_state() */
5932
5933 if (u->exported_invocation_id) {
2f8c48b6
AZ		 5934 _cleanup_free_ char *invocation_path = NULL;
5935 int r = unit_get_invocation_path(u, &invocation_path);
5936 if (r >= 0) {
5937 (void) unlink(invocation_path);
5938 u->exported_invocation_id = false;
5939 }
d3070fbd
LP		 5940 }
5941
2f8c48b6
AZ		 5942 if (!MANAGER_IS_SYSTEM(u->manager))
5943 return;
5944
d3070fbd
LP		 5945 if (u->exported_log_level_max) {
5946 p = strjoina("/run/systemd/units/log-level-max:", u->id);
5947 (void) unlink(p);
5948
5949 u->exported_log_level_max = false;
5950 }
5951
5952 if (u->exported_log_extra_fields) {
5953 p = strjoina("/run/systemd/units/extra-fields:", u->id);
5954 (void) unlink(p);
5955
5956 u->exported_log_extra_fields = false;
5957 }
90fc172e 5958
5ac1530e 5959 if (u->exported_log_ratelimit_interval) {
90fc172e
AZ		 5960 p = strjoina("/run/systemd/units/log-rate-limit-interval:", u->id);
5961 (void) unlink(p);
5962
5ac1530e 5963 u->exported_log_ratelimit_interval = false;
90fc172e
AZ		 5964 }
5965
5ac1530e 5966 if (u->exported_log_ratelimit_burst) {
90fc172e
AZ		 5967 p = strjoina("/run/systemd/units/log-rate-limit-burst:", u->id);
5968 (void) unlink(p);
5969
5ac1530e 5970 u->exported_log_ratelimit_burst = false;
90fc172e 5971 }
d3070fbd 5972}
5afe510c 5973
7f2a7ccf
MY		 5974int unit_set_debug_invocation(Unit *u, bool enable) {
5975 int r;
5976
7d8bbfbe
LB		 5977 assert(u);
5978
7f2a7ccf 5979 if (u->debug_invocation == enable)
7d8bbfbe
LB		 5980 return 0; /* Nothing to do */
5981
7f2a7ccf
MY		 5982 u->debug_invocation = enable;
5983
7d8bbfbe 5984 /* Ensure that the new log level is exported for the journal, in place of the previous one */
7f2a7ccf
MY		 5985 if (u->exported_log_level_max) {
5986 const ExecContext *ec = unit_get_exec_context(u);
5987 if (ec) {
5988 r = unit_export_log_level_max(u, enable ? LOG_PRI(LOG_DEBUG) : ec->log_level_max, /* overwrite= */ true);
5989 if (r < 0)
5990 return r;
5991 }
5992 }
5993
5994 return 1;
7d8bbfbe
LB		 5995}
5996
3c7416b6
LP		 5997int unit_prepare_exec(Unit *u) {
5998 int r;
5999
6000 assert(u);
6001
fab34748
KL		 6002 /* Load any custom firewall BPF programs here once to test if they are existing and actually loadable.
6003 * Fail here early since later errors in the call chain unit_realize_cgroup to cgroup_context_apply are ignored. */
6004 r = bpf_firewall_load_custom(u);
6005 if (r < 0)
6006 return r;
6007
3c7416b6
LP		 6008 /* Prepares everything so that we can fork of a process for this unit */
6009
6010 (void) unit_realize_cgroup(u);
6011
9cc54544 6012 CGroupRuntime *crt = unit_get_cgroup_runtime(u);
ad48cc6f 6013 if (crt && crt->reset_accounting) {
9b2559a1 6014 (void) unit_reset_accounting(u);
9cc54544 6015 crt->reset_accounting = false;
3c7416b6
LP		 6016 }
6017
6018 unit_export_state_files(u);
6019
6020 r = unit_setup_exec_runtime(u);
6021 if (r < 0)
6022 return r;
6023
3c7416b6
LP		 6024 return 0;
6025}
6026
95e631da
MY		 6027static int unit_log_leftover_process_start(const PidRef *pid, int sig, void *userdata) {
6028 const Unit *u = ASSERT_PTR(userdata);
a4634b21
LP		 6029 _cleanup_free_ char *comm = NULL;
6030
4d1b2df1
LP		 6031 assert(pidref_is_set(pid));
6032
6033 (void) pidref_get_comm(pid, &comm);
a4634b21 6034
4c425434 6035 if (ignore_leftover_process(comm))
c53d2d54 6036 return 0;
a4634b21 6037
4c425434
LP		 6038 /* During start we print a warning */
6039
95e631da 6040 log_unit_warning(u,
a4634b21
LP		 6041 "Found left-over process " PID_FMT " (%s) in control group while starting unit. Ignoring.\n"
6042 "This usually indicates unclean termination of a previous run, or service implementation deficiencies.",
4d1b2df1 6043 pid->pid, strna(comm));
c53d2d54
DB		 6044
6045 return 1;
a4634b21
LP		 6046}
6047
95e631da
MY		 6048static int unit_log_leftover_process_stop(const PidRef *pid, int sig, void *userdata) {
6049 const Unit *u = ASSERT_PTR(userdata);
4c425434
LP		 6050 _cleanup_free_ char *comm = NULL;
6051
4d1b2df1
LP		 6052 assert(pidref_is_set(pid));
6053
6054 (void) pidref_get_comm(pid, &comm);
4c425434
LP		 6055
6056 if (ignore_leftover_process(comm))
6057 return 0;
6058
6059 /* During stop we only print an informational message */
6060
95e631da 6061 log_unit_info(u,
4c425434 6062 "Unit process " PID_FMT " (%s) remains running after unit stopped.",
4d1b2df1 6063 pid->pid, strna(comm));
4c425434
LP		 6064
6065 return 1;
6066}
6067
95e631da 6068int unit_warn_leftover_processes(Unit *u, bool start) {
23ac0811
MY		 6069 _cleanup_free_ char *cgroup = NULL;
6070 int r;
a4634b21 6071
23ac0811 6072 assert(u);
a4634b21 6073
23ac0811
MY		 6074 r = unit_get_cgroup_path_with_fallback(u, &cgroup);
6075 if (r < 0)
6076 return r;
a4634b21 6077
bd1791b5 6078 return cg_kill_recursive(
23ac0811 6079 cgroup,
bd1791b5
LP		 6080 /* sig= */ 0,
6081 /* flags= */ 0,
684cd01f 6082 /* killed_pids= */ NULL,
95e631da 6083 start ? unit_log_leftover_process_start : unit_log_leftover_process_stop,
bd1791b5 6084 u);
a4634b21
LP		 6085}
6086
bb2c7685
LP		 6087bool unit_needs_console(Unit *u) {
6088 ExecContext *ec;
6089 UnitActiveState state;
6090
6091 assert(u);
6092
6093 state = unit_active_state(u);
6094
6095 if (UNIT_IS_INACTIVE_OR_FAILED(state))
6096 return false;
6097
6098 if (UNIT_VTABLE(u)->needs_console)
6099 return UNIT_VTABLE(u)->needs_console(u);
6100
6101 /* If this unit type doesn't implement this call, let's use a generic fallback implementation: */
6102 ec = unit_get_exec_context(u);
6103 if (!ec)
6104 return false;
6105
6106 return exec_context_may_touch_console(ec);
6107}
6108
4ace93da 6109int unit_pid_attachable(Unit *u, PidRef *pid, sd_bus_error *error) {
6592b975
LP		 6110 int r;
6111
6112 assert(u);
6113
6114 /* Checks whether the specified PID is generally good for attaching, i.e. a valid PID, not our manager itself,
6115 * and not a kernel thread either */
6116
6117 /* First, a simple range check */
495e75ed 6118 if (!pidref_is_set(pid))
a5ddad27 6119 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Process identifier is not valid.");
6592b975
LP		 6120
6121 /* Some extra safety check */
a7a87769 6122 if (pid->pid == 1 || pidref_is_self(pid))
495e75ed 6123 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Process " PID_FMT " is a manager process, refusing.", pid->pid);
6592b975
LP		 6124
6125 /* Don't even begin to bother with kernel threads */
fc87713b 6126 r = pidref_is_kernel_thread(pid);
6592b975 6127 if (r == -ESRCH)
495e75ed 6128 return sd_bus_error_setf(error, SD_BUS_ERROR_UNIX_PROCESS_ID_UNKNOWN, "Process with ID " PID_FMT " does not exist.", pid->pid);
6592b975 6129 if (r < 0)
495e75ed 6130 return sd_bus_error_set_errnof(error, r, "Failed to determine whether process " PID_FMT " is a kernel thread: %m", pid->pid);
6592b975 6131 if (r > 0)
495e75ed 6132 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Process " PID_FMT " is a kernel thread, refusing.", pid->pid);
6592b975
LP		 6133
6134 return 0;
6135}
6136
836e4e7e
DDM		 6137int unit_get_log_level_max(const Unit *u) {
6138 if (u) {
6139 if (u->debug_invocation)
6140 return LOG_DEBUG;
6141
6142 ExecContext *ec = unit_get_exec_context(u);
6143 if (ec && ec->log_level_max >= 0)
6144 return ec->log_level_max;
6145 }
6146
6147 return log_get_max_level();
6148}
6149
6150bool unit_log_level_test(const Unit *u, int level) {
6151 assert(u);
6152 return LOG_PRI(level) <= unit_get_log_level_max(u);
6153}
6154
523ee2d4
LP		 6155void unit_log_success(Unit *u) {
6156 assert(u);
6157
edf2ee22
JM		 6158 /* Let's show message "Deactivated successfully" in debug mode (when manager is user) rather than in info mode.
6159 * This message has low information value for regular users and it might be a bit overwhelming on a system with
6160 * a lot of devices. */
6161 log_unit_struct(u,
6162 MANAGER_IS_USER(u->manager) ? LOG_DEBUG : LOG_INFO,
3cf6a3a3 6163 LOG_MESSAGE_ID(SD_MESSAGE_UNIT_SUCCESS_STR),
c2503e35
RH		 6164 LOG_UNIT_INVOCATION_ID(u),
6165 LOG_UNIT_MESSAGE(u, "Deactivated successfully."));
523ee2d4
LP		 6166}
6167
7c047d74
LP		 6168void unit_log_failure(Unit *u, const char *result) {
6169 assert(u);
6170 assert(result);
6171
c2503e35 6172 log_unit_struct(u, LOG_WARNING,
3cf6a3a3 6173 LOG_MESSAGE_ID(SD_MESSAGE_UNIT_FAILURE_RESULT_STR),
c2503e35
RH		 6174 LOG_UNIT_INVOCATION_ID(u),
6175 LOG_UNIT_MESSAGE(u, "Failed with result '%s'.", result),
3cf6a3a3 6176 LOG_ITEM("UNIT_RESULT=%s", result));
7c047d74
LP		 6177}
6178
31cd5f63
AZ		 6179void unit_log_skip(Unit *u, const char *result) {
6180 assert(u);
6181 assert(result);
6182
c2503e35 6183 log_unit_struct(u, LOG_INFO,
3cf6a3a3 6184 LOG_MESSAGE_ID(SD_MESSAGE_UNIT_SKIPPED_STR),
c2503e35
RH		 6185 LOG_UNIT_INVOCATION_ID(u),
6186 LOG_UNIT_MESSAGE(u, "Skipped due to '%s'.", result),
3cf6a3a3 6187 LOG_ITEM("UNIT_RESULT=%s", result));
31cd5f63
AZ		 6188}
6189
91bbd9b7
LP		 6190void unit_log_process_exit(
6191 Unit *u,
91bbd9b7
LP		 6192 const char *kind,
6193 const char *command,
5cc2cd1c 6194 bool success,
91bbd9b7
LP		 6195 int code,
6196 int status) {
6197
5cc2cd1c
ZJS		 6198 int level;
6199
91bbd9b7
LP		 6200 assert(u);
6201 assert(kind);
6202
5cc2cd1c
ZJS		 6203 /* If this is a successful exit, let's log about the exit code on DEBUG level. If this is a failure
6204 * and the process exited on its own via exit(), then let's make this a NOTICE, under the assumption
6205 * that the service already logged the reason at a higher log level on its own. Otherwise, make it a
6206 * WARNING. */
6207 if (success)
6208 level = LOG_DEBUG;
6209 else if (code == CLD_EXITED)
6210 level = LOG_NOTICE;
6211 else
91bbd9b7
LP		 6212 level = LOG_WARNING;
6213
c2503e35 6214 log_unit_struct(u, level,
3cf6a3a3 6215 LOG_MESSAGE_ID(SD_MESSAGE_UNIT_PROCESS_EXIT_STR),
58441bc1 6216 LOG_UNIT_MESSAGE(u, "%s exited, code=%s, status=%i/%s%s",
c2503e35
RH		 6217 kind,
6218 sigchld_code_to_string(code), status,
6219 strna(code == CLD_EXITED
6220 ? exit_status_to_string(status, EXIT_STATUS_FULL)
58441bc1
ZJS		 6221 : signal_to_string(status)),
6222 success ? " (success)" : ""),
3cf6a3a3
YW		 6223 LOG_ITEM("EXIT_CODE=%s", sigchld_code_to_string(code)),
6224 LOG_ITEM("EXIT_STATUS=%i", status),
6225 LOG_ITEM("COMMAND=%s", strna(command)),
c2503e35 6226 LOG_UNIT_INVOCATION_ID(u));
91bbd9b7
LP		 6227}
6228
7af67e9a
LP		 6229int unit_exit_status(Unit *u) {
6230 assert(u);
6231
6232 /* Returns the exit status to propagate for the most recent cycle of this unit. Returns a value in the range
6233 * 0…255 if there's something to propagate. EOPNOTSUPP if the concept does not apply to this unit type, ENODATA
6234 * if no data is currently known (for example because the unit hasn't deactivated yet) and EBADE if the main
6235 * service process has exited abnormally (signal/coredump). */
6236
6237 if (!UNIT_VTABLE(u)->exit_status)
6238 return -EOPNOTSUPP;
6239
6240 return UNIT_VTABLE(u)->exit_status(u);
6241}
6242
6243int unit_failure_action_exit_status(Unit *u) {
6244 int r;
6245
6246 assert(u);
6247
6248 /* Returns the exit status to propagate on failure, or an error if there's nothing to propagate */
6249
6250 if (u->failure_action_exit_status >= 0)
6251 return u->failure_action_exit_status;
6252
6253 r = unit_exit_status(u);
6254 if (r == -EBADE) /* Exited, but not cleanly (i.e. by signal or such) */
6255 return 255;
6256
6257 return r;
6258}
6259
6260int unit_success_action_exit_status(Unit *u) {
6261 int r;
6262
6263 assert(u);
6264
6265 /* Returns the exit status to propagate on success, or an error if there's nothing to propagate */
6266
6267 if (u->success_action_exit_status >= 0)
6268 return u->success_action_exit_status;
6269
6270 r = unit_exit_status(u);
6271 if (r == -EBADE) /* Exited, but not cleanly (i.e. by signal or such) */
6272 return 255;
6273
6274 return r;
6275}
6276
a4191c9f
LP		 6277int unit_test_trigger_loaded(Unit *u) {
6278 Unit *trigger;
6279
6280 /* Tests whether the unit to trigger is loaded */
6281
6282 trigger = UNIT_TRIGGER(u);
6283 if (!trigger)
e7b9f4d9
ZJS		 6284 return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOENT),
6285 "Refusing to start, no unit to trigger.");
a4191c9f 6286 if (trigger->load_state != UNIT_LOADED)
e7b9f4d9
ZJS		 6287 return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOENT),
6288 "Refusing to start, unit %s to trigger not loaded.", trigger->id);
a4191c9f
LP		 6289
6290 return 0;
6291}
6292
703b1b7f 6293void unit_destroy_runtime_data(Unit *u, const ExecContext *context, bool destroy_runtime_dir) {
bb0c0d6f 6294 assert(u);
8b17371b 6295 assert(u->manager);
bb0c0d6f
LP		 6296 assert(context);
6297
1ba84fef 6298 /* EXEC_PRESERVE_RESTART is handled via unit_release_resources()! */
703b1b7f 6299 if (destroy_runtime_dir && context->runtime_directory_preserve_mode == EXEC_PRESERVE_NO)
95939aed 6300 exec_context_destroy_runtime_directory(context, u->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
bb0c0d6f 6301
c5087ef5 6302 exec_context_destroy_credentials(context, u->manager->prefix[EXEC_DIRECTORY_RUNTIME], u->id);
b9f976fb 6303 exec_context_destroy_mount_ns_dir(u);
95939aed
YW		 6304}
6305
380dc8b0
LP		 6306int unit_clean(Unit *u, ExecCleanMask mask) {
6307 UnitActiveState state;
6308
6309 assert(u);
6310
6311 /* Special return values:
6312 *
6313 * -EOPNOTSUPP → cleaning not supported for this unit type
6314 * -EUNATCH → cleaning not defined for this resource type
6315 * -EBUSY → unit currently can't be cleaned since it's running or not properly loaded, or has
6316 * a job queued or similar
6317 */
6318
6319 if (!UNIT_VTABLE(u)->clean)
6320 return -EOPNOTSUPP;
6321
6322 if (mask == 0)
6323 return -EUNATCH;
6324
6325 if (u->load_state != UNIT_LOADED)
6326 return -EBUSY;
6327
6328 if (u->job)
6329 return -EBUSY;
6330
6331 state = unit_active_state(u);
4f06325c 6332 if (state != UNIT_INACTIVE)
380dc8b0
LP		 6333 return -EBUSY;
6334
6335 return UNIT_VTABLE(u)->clean(u, mask);
6336}
6337
6338int unit_can_clean(Unit *u, ExecCleanMask *ret) {
6339 assert(u);
6340
6341 if (!UNIT_VTABLE(u)->clean ||
6342 u->load_state != UNIT_LOADED) {
6343 *ret = 0;
6344 return 0;
6345 }
6346
6347 /* When the clean() method is set, can_clean() really should be set too */
6348 assert(UNIT_VTABLE(u)->can_clean);
6349
6350 return UNIT_VTABLE(u)->can_clean(u, ret);
6351}
6352
f882c102
DDM		 6353bool unit_can_start_refuse_manual(Unit *u) {
6354 return unit_can_start(u) && !u->refuse_manual_start;
6355}
6356
6357bool unit_can_stop_refuse_manual(Unit *u) {
6358 return unit_can_stop(u) && !u->refuse_manual_stop;
6359}
6360
6361bool unit_can_isolate_refuse_manual(Unit *u) {
6362 return unit_can_isolate(u) && !u->refuse_manual_start;
6363}
6364
54e1f676
MY		 6365void unit_next_freezer_state(Unit *u, FreezerAction action, FreezerState *ret_next, FreezerState *ret_objective) {
6366 FreezerState current, parent, next, objective;
16b6af6a
AV		 6367
6368 assert(u);
21fed6ea
MY		 6369 assert(action >= 0);
6370 assert(action < _FREEZER_ACTION_MAX);
54e1f676 6371 assert(ret_next);
f27f461b 6372 assert(ret_objective);
16b6af6a 6373
197e77c5 6374 /* This function determines the correct freezer state transitions for a unit
f27f461b 6375 * given the action being requested. It returns the next state, and also the "objective",
16b6af6a
AV		 6376 * which is either FREEZER_FROZEN or FREEZER_RUNNING, depending on what actual state we
6377 * ultimately want to achieve. */
6378
54e1f676 6379 current = u->freezer_state;
f27f461b
MY		 6380
6381 Unit *slice = UNIT_GET_SLICE(u);
6382 if (slice)
16b6af6a 6383 parent = slice->freezer_state;
f27f461b 6384 else
16b6af6a
AV		 6385 parent = FREEZER_RUNNING;
6386
aba5e466
MY		 6387 switch (action) {
6388
6389 case FREEZER_FREEZE:
16b6af6a 6390 /* We always "promote" a freeze initiated by parent into a normal freeze */
54e1f676 6391 if (IN_SET(current, FREEZER_FROZEN, FREEZER_FROZEN_BY_PARENT))
16b6af6a
AV		 6392 next = FREEZER_FROZEN;
6393 else
6394 next = FREEZER_FREEZING;
aba5e466
MY		 6395 break;
6396
6397 case FREEZER_THAW:
16b6af6a
AV		 6398 /* Thawing is the most complicated operation here, because we can't thaw a unit
6399 * if its parent is frozen. So we instead "demote" a normal freeze into a freeze
6400 * initiated by parent if the parent is frozen */
54e1f676 6401 if (IN_SET(current, FREEZER_RUNNING, FREEZER_THAWING,
7732cecb 6402 FREEZER_FREEZING_BY_PARENT, FREEZER_FROZEN_BY_PARENT)) /* Should usually be refused by unit_freezer_action */
54e1f676
MY		 6403 next = current;
6404 else if (current == FREEZER_FREEZING) {
16b6af6a
AV		 6405 if (IN_SET(parent, FREEZER_RUNNING, FREEZER_THAWING))
6406 next = FREEZER_THAWING;
6407 else
6408 next = FREEZER_FREEZING_BY_PARENT;
54e1f676 6409 } else if (current == FREEZER_FROZEN) {
16b6af6a
AV		 6410 if (IN_SET(parent, FREEZER_RUNNING, FREEZER_THAWING))
6411 next = FREEZER_THAWING;
6412 else
6413 next = FREEZER_FROZEN_BY_PARENT;
aba5e466
MY		 6414 } else
6415 assert_not_reached();
6416 break;
6417
6418 case FREEZER_PARENT_FREEZE:
16b6af6a 6419 /* We need to avoid accidentally demoting units frozen manually */
54e1f676
MY		 6420 if (IN_SET(current, FREEZER_FREEZING, FREEZER_FROZEN, FREEZER_FROZEN_BY_PARENT))
6421 next = current;
16b6af6a
AV		 6422 else
6423 next = FREEZER_FREEZING_BY_PARENT;
aba5e466 6424 break;
16b6af6a 6425
aba5e466 6426 case FREEZER_PARENT_THAW:
16b6af6a
AV		 6427 /* We don't want to thaw units from a parent if they were frozen
6428 * manually, so for such units this action is a no-op */
54e1f676
MY		 6429 if (IN_SET(current, FREEZER_RUNNING, FREEZER_FREEZING, FREEZER_FROZEN))
6430 next = current;
16b6af6a
AV		 6431 else
6432 next = FREEZER_THAWING;
aba5e466
MY		 6433 break;
6434
6435 default:
6436 assert_not_reached();
16b6af6a
AV		 6437 }
6438
f27f461b
MY		 6439 objective = freezer_state_finish(next);
6440 if (objective == FREEZER_FROZEN_BY_PARENT)
6441 objective = FREEZER_FROZEN;
6442 assert(IN_SET(objective, FREEZER_RUNNING, FREEZER_FROZEN));
16b6af6a 6443
54e1f676 6444 *ret_next = next;
f27f461b 6445 *ret_objective = objective;
16b6af6a
AV		 6446}
6447
b21bebbe 6448bool unit_can_freeze(const Unit *u) {
d9e45bc3
MS		 6449 assert(u);
6450
16b6af6a
AV		 6451 if (unit_has_name(u, SPECIAL_ROOT_SLICE) || unit_has_name(u, SPECIAL_INIT_SCOPE))
6452 return false;
6453
d9e45bc3
MS		 6454 if (UNIT_VTABLE(u)->can_freeze)
6455 return UNIT_VTABLE(u)->can_freeze(u);
6456
16b6af6a 6457 return UNIT_VTABLE(u)->freezer_action;
d9e45bc3
MS		 6458}
6459
0064290a
MY		 6460void unit_set_freezer_state(Unit *u, FreezerState state) {
6461 assert(u);
6462 assert(state >= 0);
6463 assert(state < _FREEZER_STATE_MAX);
6464
6465 if (u->freezer_state == state)
6466 return;
6467
6468 log_unit_debug(u, "Freezer state changed %s -> %s",
6469 freezer_state_to_string(u->freezer_state), freezer_state_to_string(state));
6470
6471 u->freezer_state = state;
6472
6473 unit_add_to_dbus_queue(u);
6474}
6475
e1ac5259
MY		 6476void unit_freezer_complete(Unit *u, FreezerState kernel_state) {
6477 bool expected;
d9e45bc3 6478
d9e45bc3 6479 assert(u);
e1ac5259 6480 assert(IN_SET(kernel_state, FREEZER_RUNNING, FREEZER_FROZEN));
d9e45bc3 6481
e1ac5259 6482 expected = IN_SET(u->freezer_state, FREEZER_RUNNING, FREEZER_THAWING) == (kernel_state == FREEZER_RUNNING);
d9e45bc3 6483
e1ac5259
MY		 6484 unit_set_freezer_state(u, expected ? freezer_state_finish(u->freezer_state) : kernel_state);
6485 log_unit_info(u, "Unit now %s.", u->freezer_state == FREEZER_RUNNING ? "thawed" :
6486 freezer_state_to_string(u->freezer_state));
16b6af6a 6487
e1ac5259
MY		 6488 /* If the cgroup's final state is against what's requested by us, report as canceled. */
6489 bus_unit_send_pending_freezer_message(u, /* canceled = */ !expected);
d9e45bc3
MS		 6490}
6491
16b6af6a 6492int unit_freezer_action(Unit *u, FreezerAction action) {
d9e45bc3 6493 UnitActiveState s;
d9e45bc3
MS		 6494 int r;
6495
6496 assert(u);
6497 assert(IN_SET(action, FREEZER_FREEZE, FREEZER_THAW));
6498
3c86a935 6499 if (!unit_can_freeze(u))
d9e45bc3
MS		 6500 return -EOPNOTSUPP;
6501
6502 if (u->job)
6503 return -EBUSY;
6504
6505 if (u->load_state != UNIT_LOADED)
6506 return -EHOSTDOWN;
6507
6508 s = unit_active_state(u);
6509 if (s != UNIT_ACTIVE)
6510 return -EHOSTDOWN;
6511
16b6af6a
AV		 6512 if (action == FREEZER_FREEZE && IN_SET(u->freezer_state, FREEZER_FREEZING, FREEZER_FREEZING_BY_PARENT))
6513 return -EALREADY;
6514 if (action == FREEZER_THAW && u->freezer_state == FREEZER_THAWING)
d9e45bc3 6515 return -EALREADY;
16b6af6a 6516 if (action == FREEZER_THAW && IN_SET(u->freezer_state, FREEZER_FREEZING_BY_PARENT, FREEZER_FROZEN_BY_PARENT))
6798fa11 6517 return -EDEADLK;
d9e45bc3 6518
16b6af6a 6519 r = UNIT_VTABLE(u)->freezer_action(u, action);
d9e45bc3
MS		 6520 if (r <= 0)
6521 return r;
6522
16b6af6a 6523 assert(IN_SET(u->freezer_state, FREEZER_FREEZING, FREEZER_FREEZING_BY_PARENT, FREEZER_THAWING));
d9e45bc3
MS		 6524 return 1;
6525}
6526
6e548561 6527Condition *unit_find_failed_condition(Unit *u) {
03677889 6528 Condition *failed_trigger = NULL;
6e548561
DDM		 6529 bool has_succeeded_trigger = false;
6530
6531 if (u->condition_result)
6532 return NULL;
6533
6534 LIST_FOREACH(conditions, c, u->conditions)
6535 if (c->trigger) {
6536 if (c->result == CONDITION_SUCCEEDED)
6537 has_succeeded_trigger = true;
6538 else if (!failed_trigger)
6539 failed_trigger = c;
6540 } else if (c->result != CONDITION_SUCCEEDED)
6541 return c;
6542
6543 return failed_trigger && !has_succeeded_trigger ? failed_trigger : NULL;
6544}
6545
f19afb21 6546int unit_can_live_mount(Unit *u, sd_bus_error *error) {
5162829e
LB		 6547 assert(u);
6548
d24d546d 6549 if (!UNIT_VTABLE(u)->live_mount)
5162829e
LB		 6550 return sd_bus_error_setf(
6551 error,
f19afb21
MY		 6552 SD_BUS_ERROR_NOT_SUPPORTED,
6553 "Live mounting not supported by unit type '%s'",
6554 unit_type_to_string(u->type));
5162829e 6555
d24d546d 6556 if (u->load_state != UNIT_LOADED)
5162829e
LB		 6557 return sd_bus_error_setf(
6558 error,
6559 BUS_ERROR_NO_SUCH_UNIT,
f19afb21 6560 "Unit '%s' not loaded, cannot live mount",
5162829e 6561 u->id);
5162829e
LB		 6562
6563 if (!UNIT_VTABLE(u)->can_live_mount)
6564 return 0;
6565
6566 return UNIT_VTABLE(u)->can_live_mount(u, error);
6567}
6568
6569int unit_live_mount(
6570 Unit *u,
6571 const char *src,
6572 const char *dst,
6573 sd_bus_message *message,
6574 MountInNamespaceFlags flags,
6575 const MountOptions *options,
6576 sd_bus_error *error) {
6577
6578 assert(u);
6579 assert(UNIT_VTABLE(u)->live_mount);
6580
6581 if (!UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u))) {
f19afb21 6582 log_unit_debug(u, "Unit not active, cannot perform live mount.");
5162829e
LB		 6583 return sd_bus_error_setf(
6584 error,
6585 BUS_ERROR_UNIT_INACTIVE,
6586 "Live mounting '%s' on '%s' for unit '%s' cannot be scheduled: unit not active",
6587 src,
6588 dst,
6589 u->id);
6590 }
6591
6592 if (unit_active_state(u) == UNIT_REFRESHING) {
f19afb21 6593 log_unit_debug(u, "Unit already live mounting, refusing further requests.");
5162829e
LB		 6594 return sd_bus_error_setf(
6595 error,
6596 BUS_ERROR_UNIT_BUSY,
6597 "Live mounting '%s' on '%s' for unit '%s' cannot be scheduled: another live mount in progress",
6598 src,
6599 dst,
6600 u->id);
6601 }
6602
6603 if (u->job) {
6604 log_unit_debug(u, "Unit already has a job in progress, cannot live mount");
6605 return sd_bus_error_setf(
6606 error,
6607 BUS_ERROR_UNIT_BUSY,
6608 "Live mounting '%s' on '%s' for unit '%s' cannot be scheduled: another operation in progress",
6609 src,
6610 dst,
6611 u->id);
6612 }
6613
6614 return UNIT_VTABLE(u)->live_mount(u, src, dst, message, flags, options, error);
6615}
6616
5afe510c 6617static const char* const collect_mode_table[_COLLECT_MODE_MAX] = {
17f6b640 6618 [COLLECT_INACTIVE] = "inactive",
5afe510c
LP		 6619 [COLLECT_INACTIVE_OR_FAILED] = "inactive-or-failed",
6620};
6621
6622DEFINE_STRING_TABLE_LOOKUP(collect_mode, CollectMode);
15ed3c3a
LP		 6623
6624Unit* unit_has_dependency(const Unit *u, UnitDependencyAtom atom, Unit *other) {
6625 Unit *i;
6626
6627 assert(u);
6628
6629 /* Checks if the unit has a dependency on 'other' with the specified dependency atom. If 'other' is
6630 * NULL checks if the unit has *any* dependency of that atom. Returns 'other' if found (or if 'other'
6631 * is NULL the first entry found), or NULL if not found. */
6632
6633 UNIT_FOREACH_DEPENDENCY(i, u, atom)
6634 if (!other || other == i)
6635 return i;
6636
6637 return NULL;
6638}
6639
6640int unit_get_dependency_array(const Unit *u, UnitDependencyAtom atom, Unit ***ret_array) {
6641 _cleanup_free_ Unit **array = NULL;
6642 size_t n = 0;
6643 Unit *other;
6644
6645 assert(u);
6646 assert(ret_array);
6647
6648 /* Gets a list of units matching a specific atom as array. This is useful when iterating through
6649 * dependencies while modifying them: the array is an "atomic snapshot" of sorts, that can be read
48008c1c 6650 * while the dependency table is continuously updated. */
15ed3c3a
LP		 6651
6652 UNIT_FOREACH_DEPENDENCY(other, u, atom) {
6653 if (!GREEDY_REALLOC(array, n + 1))
6654 return -ENOMEM;
6655
6656 array[n++] = other;
6657 }
6658
6659 *ret_array = TAKE_PTR(array);
6660
6661 assert(n <= INT_MAX);
6662 return (int) n;
6663}
48b92b37 6664
83123a44
YW		 6665int unit_get_transitive_dependency_set(Unit *u, UnitDependencyAtom atom, Set **ret) {
6666 _cleanup_set_free_ Set *units = NULL, *queue = NULL;
6667 Unit *other;
6668 int r;
6669
6670 assert(u);
6671 assert(ret);
6672
6673 /* Similar to unit_get_dependency_array(), but also search the same dependency in other units. */
6674
6675 do {
6676 UNIT_FOREACH_DEPENDENCY(other, u, atom) {
6677 r = set_ensure_put(&units, NULL, other);
6678 if (r < 0)
6679 return r;
6680 if (r == 0)
6681 continue;
6682 r = set_ensure_put(&queue, NULL, other);
6683 if (r < 0)
6684 return r;
6685 }
6686 } while ((u = set_steal_first(queue)));
6687
6688 *ret = TAKE_PTR(units);
6689 return 0;
6690}
6691
e9276800
LP		 6692int unit_arm_timer(
6693 Unit *u,
6694 sd_event_source **source,
6695 bool relative,
6696 usec_t usec,
6697 sd_event_time_handler_t handler) {
6698
6699 int r;
6700
6701 assert(u);
6702 assert(source);
6703 assert(handler);
6704
6705 if (*source) {
6706 if (usec == USEC_INFINITY)
6707 return sd_event_source_set_enabled(*source, SD_EVENT_OFF);
6708
6709 r = (relative ? sd_event_source_set_time_relative : sd_event_source_set_time)(*source, usec);
6710 if (r < 0)
6711 return r;
6712
6713 return sd_event_source_set_enabled(*source, SD_EVENT_ONESHOT);
6714 }
6715
6716 if (usec == USEC_INFINITY)
6717 return 0;
6718
6719 r = (relative ? sd_event_add_time_relative : sd_event_add_time)(
6720 u->manager->event,
6721 source,
6722 CLOCK_MONOTONIC,
6723 usec, 0,
6724 handler,
6725 u);
6726 if (r < 0)
6727 return r;
6728
6729 const char *d = strjoina(unit_type_to_string(u->type), "-timer");
6730 (void) sd_event_source_set_description(*source, d);
6731
6732 return 0;
6733}
6734
6e0f9593 6735bool unit_passes_filter(Unit *u, char * const *states, char * const *patterns) {
6d2984d2
DDM		 6736 assert(u);
6737
6738 if (!strv_isempty(states)) {
6e0f9593 6739 char * const *unit_states = STRV_MAKE(
6d2984d2
DDM		 6740 unit_load_state_to_string(u->load_state),
6741 unit_active_state_to_string(unit_active_state(u)),
6742 unit_sub_state_to_string(u));
6743
6744 if (!strv_overlap(states, unit_states))
6e0f9593 6745 return false;
6d2984d2
DDM		 6746 }
6747
6e0f9593 6748 return strv_fnmatch_or_empty(patterns, u->id, FNM_NOESCAPE);
6d2984d2
DDM		 6749}
6750
a8157796
LP		 6751static int unit_get_nice(Unit *u) {
6752 ExecContext *ec;
6753
6754 ec = unit_get_exec_context(u);
6755 return ec ? ec->nice : 0;
6756}
6757
6758static uint64_t unit_get_cpu_weight(Unit *u) {
6759 CGroupContext *cc;
6760
6761 cc = unit_get_cgroup_context(u);
6762 return cc ? cgroup_context_cpu_weight(cc, manager_state(u->manager)) : CGROUP_WEIGHT_DEFAULT;
6763}
6764
a89afe19
AB		 6765int unit_get_exec_quota_stats(Unit *u, ExecContext *c, ExecDirectoryType dt, uint64_t *ret_usage, uint64_t *ret_limit) {
6766 int r;
6767 _cleanup_close_ int fd = -EBADF;
6768 _cleanup_free_ char *p = NULL, *pp = NULL;
6769
6770 assert(u);
6771 assert(c);
6772
6773 if (c->directories[dt].n_items == 0) {
6774 *ret_usage = UINT64_MAX;
6775 *ret_limit = UINT64_MAX;
6776 return 0;
6777 }
6778
6779 ExecDirectoryItem *i = &c->directories[dt].items[0];
6780 p = path_join(u->manager->prefix[dt], i->path);
6781 if (!p)
6782 return log_oom_debug();
6783
6784 if (exec_directory_is_private(c, dt)) {
6785 pp = path_join(u->manager->prefix[dt], "private", i->path);
6786 if (!pp)
6787 return log_oom_debug();
6788 }
6789
6790 const char *target_dir = pp ?: p;
6791 fd = open(target_dir, O_PATH | O_CLOEXEC | O_DIRECTORY);
6792 if (fd < 0)
6793 return log_unit_debug_errno(u, errno, "Failed to get exec quota stats: %m");
6794
6795 uint32_t proj_id;
6796 r = read_fs_xattr_fd(fd, /* ret_xflags = */ NULL, &proj_id);
6797 if (r < 0)
6798 return log_unit_debug_errno(u, r, "Failed to get project ID for exec quota stats: %m");
6799
6800 struct dqblk req;
6801 r = quota_query_proj_id(fd, proj_id, &req);
6802 if (r <= 0)
6803 return log_unit_debug_errno(u, r, "Failed to query project ID for exec quota stats: %m");
6804
6805 *ret_usage = req.dqb_curspace;
6806 *ret_limit = req.dqb_bhardlimit * QIF_DQBLKSIZE;
6807
6808 return r;
6809}
6810
a8157796
LP		 6811int unit_compare_priority(Unit *a, Unit *b) {
6812 int ret;
6813
6814 ret = CMP(a->type, b->type);
6815 if (ret != 0)
6816 return -ret;
6817
6818 ret = CMP(unit_get_cpu_weight(a), unit_get_cpu_weight(b));
6819 if (ret != 0)
6820 return -ret;
6821
6822 ret = CMP(unit_get_nice(a), unit_get_nice(b));
6823 if (ret != 0)
6824 return ret;
6825
6826 return strcmp(a->id, b->id);
6827}
6828
64fd6ba9
DDM		 6829const char* unit_log_field(const Unit *u) {
6830 return MANAGER_IS_SYSTEM(ASSERT_PTR(u)->manager) ? "UNIT=" : "USER_UNIT=";
6831}
6832
6833const char* unit_invocation_log_field(const Unit *u) {
6834 return MANAGER_IS_SYSTEM(ASSERT_PTR(u)->manager) ? "INVOCATION_ID=" : "USER_INVOCATION_ID=";
6835}
6836
48b92b37 6837const ActivationDetailsVTable * const activation_details_vtable[_UNIT_TYPE_MAX] = {
17f6b640 6838 [UNIT_PATH] = &activation_details_path_vtable,
c8bc7519 6839 [UNIT_TIMER] = &activation_details_timer_vtable,
48b92b37
LB		 6840};
6841
6842ActivationDetails *activation_details_new(Unit *trigger_unit) {
6843 _cleanup_free_ ActivationDetails *details = NULL;
6844
6845 assert(trigger_unit);
6846 assert(trigger_unit->type != _UNIT_TYPE_INVALID);
6847 assert(trigger_unit->id);
6848
6849 details = malloc0(activation_details_vtable[trigger_unit->type]->object_size);
6850 if (!details)
6851 return NULL;
6852
6853 *details = (ActivationDetails) {
6854 .n_ref = 1,
6855 .trigger_unit_type = trigger_unit->type,
6856 };
6857
6858 details->trigger_unit_name = strdup(trigger_unit->id);
6859 if (!details->trigger_unit_name)
6860 return NULL;
6861
6862 if (ACTIVATION_DETAILS_VTABLE(details)->init)
6863 ACTIVATION_DETAILS_VTABLE(details)->init(details, trigger_unit);
6864
6865 return TAKE_PTR(details);
6866}
6867
6868static ActivationDetails *activation_details_free(ActivationDetails *details) {
6869 if (!details)
6870 return NULL;
6871
6872 if (ACTIVATION_DETAILS_VTABLE(details)->done)
6873 ACTIVATION_DETAILS_VTABLE(details)->done(details);
6874
6875 free(details->trigger_unit_name);
6876
6877 return mfree(details);
6878}
6879
acca52ab 6880void activation_details_serialize(const ActivationDetails *details, FILE *f) {
48b92b37
LB		 6881 if (!details || details->trigger_unit_type == _UNIT_TYPE_INVALID)
6882 return;
6883
6884 (void) serialize_item(f, "activation-details-unit-type", unit_type_to_string(details->trigger_unit_type));
6885 if (details->trigger_unit_name)
6886 (void) serialize_item(f, "activation-details-unit-name", details->trigger_unit_name);
6887 if (ACTIVATION_DETAILS_VTABLE(details)->serialize)
6888 ACTIVATION_DETAILS_VTABLE(details)->serialize(details, f);
6889}
6890
6891int activation_details_deserialize(const char *key, const char *value, ActivationDetails **details) {
e8dba806
FS		 6892 int r;
6893
48b92b37
LB		 6894 assert(key);
6895 assert(value);
6896 assert(details);
6897
6898 if (!*details) {
6899 UnitType t;
6900
6901 if (!streq(key, "activation-details-unit-type"))
6902 return -EINVAL;
6903
6904 t = unit_type_from_string(value);
210cb8d6
YW		 6905 if (t < 0)
6906 return t;
6907
6908 /* The activation details vtable has defined ops only for path and timer units */
6909 if (!activation_details_vtable[t])
48b92b37
LB		 6910 return -EINVAL;
6911
6912 *details = malloc0(activation_details_vtable[t]->object_size);
6913 if (!*details)
6914 return -ENOMEM;
6915
6916 **details = (ActivationDetails) {
6917 .n_ref = 1,
6918 .trigger_unit_type = t,
6919 };
6920
6921 return 0;
6922 }
6923
6924 if (streq(key, "activation-details-unit-name")) {
e8dba806
FS		 6925 r = free_and_strdup(&(*details)->trigger_unit_name, value);
6926 if (r < 0)
6927 return r;
48b92b37
LB		 6928
6929 return 0;
6930 }
6931
6932 if (ACTIVATION_DETAILS_VTABLE(*details)->deserialize)
6933 return ACTIVATION_DETAILS_VTABLE(*details)->deserialize(key, value, details);
6934
6935 return -EINVAL;
6936}
6937
acca52ab 6938int activation_details_append_env(const ActivationDetails *details, char ***strv) {
48b92b37
LB		 6939 int r = 0;
6940
6941 assert(strv);
6942
6943 if (!details)
6944 return 0;
6945
6946 if (!isempty(details->trigger_unit_name)) {
6947 char *s = strjoin("TRIGGER_UNIT=", details->trigger_unit_name);
6948 if (!s)
6949 return -ENOMEM;
6950
6951 r = strv_consume(strv, TAKE_PTR(s));
6952 if (r < 0)
6953 return r;
6954 }
6955
6956 if (ACTIVATION_DETAILS_VTABLE(details)->append_env) {
6957 r = ACTIVATION_DETAILS_VTABLE(details)->append_env(details, strv);
6958 if (r < 0)
6959 return r;
6960 }
6961
6962 return r + !isempty(details->trigger_unit_name); /* Return the number of variables added to the env block */
6963}
6964
acca52ab 6965int activation_details_append_pair(const ActivationDetails *details, char ***strv) {
48b92b37
LB		 6966 int r = 0;
6967
6968 assert(strv);
6969
6970 if (!details)
6971 return 0;
6972
6973 if (!isempty(details->trigger_unit_name)) {
69f3c619 6974 r = strv_extend_many(strv, "trigger_unit", details->trigger_unit_name);
48b92b37
LB		 6975 if (r < 0)
6976 return r;
6977 }
6978
18cf8411 6979 if (ACTIVATION_DETAILS_VTABLE(details)->append_pair) {
48b92b37
LB		 6980 r = ACTIVATION_DETAILS_VTABLE(details)->append_pair(details, strv);
6981 if (r < 0)
6982 return r;
6983 }
6984
6985 return r + !isempty(details->trigger_unit_name); /* Return the number of pairs added to the strv */
6986}
6987
6988DEFINE_TRIVIAL_REF_UNREF_FUNC(ActivationDetails, activation_details, activation_details_free);
9e615fa3
LB		 6989
6990static const char* const unit_mount_dependency_type_table[_UNIT_MOUNT_DEPENDENCY_TYPE_MAX] = {
6991 [UNIT_MOUNT_WANTS] = "WantsMountsFor",
6992 [UNIT_MOUNT_REQUIRES] = "RequiresMountsFor",
6993};
6994
6995DEFINE_STRING_TABLE_LOOKUP(unit_mount_dependency_type, UnitMountDependencyType);
6996
4ea4abb6
DDM		 6997static const char* const oom_policy_table[_OOM_POLICY_MAX] = {
6998 [OOM_CONTINUE] = "continue",
6999 [OOM_STOP] = "stop",
7000 [OOM_KILL] = "kill",
7001};
7002
7003DEFINE_STRING_TABLE_LOOKUP(oom_policy, OOMPolicy);
7004
9e615fa3
LB		 7005UnitDependency unit_mount_dependency_type_to_dependency_type(UnitMountDependencyType t) {
7006 switch (t) {
7007
7008 case UNIT_MOUNT_WANTS:
7009 return UNIT_WANTS;
7010
7011 case UNIT_MOUNT_REQUIRES:
7012 return UNIT_REQUIRES;
7013
7014 default:
7015 assert_not_reached();
7016 }
7017}
Unnamed repository; edit this file 'description' to name the repository.