]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/unit.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
alloc-util: simplify GREEDY_REALLOC() logic by relying on malloc_usable_size()
[thirdparty/systemd.git] / src / core / unit.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
a7334b09 2
87f0e418 3#include <errno.h>
0301abf4 4#include <stdlib.h>
4c253ed1 5#include <sys/prctl.h>
4f5dd394 6#include <unistd.h>
87f0e418 7
718db961
LP		 8#include "sd-id128.h"
9#include "sd-messages.h"
4f5dd394 10
57b7a260 11#include "all-units.h"
d68c645b 12#include "alloc-util.h"
fab34748 13#include "bpf-firewall.h"
5f8ba20d 14#include "bpf-foreign.h"
4f5dd394
LP		 15#include "bus-common-errors.h"
16#include "bus-util.h"
fdb3deca 17#include "cgroup-setup.h"
c6c18be3 18#include "cgroup-util.h"
e30bbc90 19#include "core-varlink.h"
4f5dd394
LP		 20#include "dbus-unit.h"
21#include "dbus.h"
22#include "dropin.h"
23#include "escape.h"
24#include "execute.h"
6a48d82f 25#include "fd-util.h"
a5c32cff 26#include "fileio-label.h"
ee228be1 27#include "fileio.h"
f97b34a6 28#include "format-util.h"
4b58153d 29#include "id128-util.h"
5cfa33e0 30#include "install.h"
2d3b784d 31#include "io-util.h"
a3f5fd96 32#include "label.h"
4f5dd394
LP		 33#include "load-dropin.h"
34#include "load-fragment.h"
35#include "log.h"
36#include "macro.h"
f5947a5e 37#include "missing_audit.h"
4f5dd394
LP		 38#include "mkdir.h"
39#include "path-util.h"
0b452006 40#include "process-util.h"
810ef318 41#include "rm-rf.h"
4f5dd394 42#include "set.h"
6eb7c172 43#include "signal-util.h"
91ce91c7 44#include "socket-bind.h"
d3070fbd 45#include "sparse-endian.h"
e9db43d5 46#include "special.h"
2e59b241 47#include "specifier.h"
8fcde012 48#include "stat-util.h"
d054f0a4 49#include "stdio-util.h"
5afe510c 50#include "string-table.h"
07630cea 51#include "string-util.h"
4f5dd394 52#include "strv.h"
5b262f74 53#include "terminal-util.h"
e4de7287 54#include "tmpfile-util.h"
4f4afc88 55#include "umask-util.h"
4f5dd394 56#include "unit-name.h"
e9db43d5 57#include "unit.h"
b1d4f8e1
LP		 58#include "user-util.h"
59#include "virt.h"
91ce91c7
JK		 60#if BPF_FRAMEWORK
61#include "bpf-link.h"
62#endif
87f0e418 63
37109b85
ZJS		 64/* Thresholds for logging at INFO level about resource consumption */
65#define MENTIONWORTHY_CPU_NSEC (1 * NSEC_PER_SEC)
66#define MENTIONWORTHY_IO_BYTES (1024 * 1024ULL)
67#define MENTIONWORTHY_IP_BYTES (0ULL)
68
69/* Thresholds for logging at INFO level about resource consumption */
70#define NOTICEWORTHY_CPU_NSEC (10*60 * NSEC_PER_SEC) /* 10 minutes */
71#define NOTICEWORTHY_IO_BYTES (10 * 1024 * 1024ULL) /* 10 MB */
72#define NOTICEWORTHY_IP_BYTES (128 * 1024 * 1024ULL) /* 128 MB */
73
87f0e418
LP		 74const UnitVTable * const unit_vtable[_UNIT_TYPE_MAX] = {
75 [UNIT_SERVICE] = &service_vtable,
87f0e418
LP		 76 [UNIT_SOCKET] = &socket_vtable,
77 [UNIT_TARGET] = &target_vtable,
78 [UNIT_DEVICE] = &device_vtable,
79 [UNIT_MOUNT] = &mount_vtable,
80 [UNIT_AUTOMOUNT] = &automount_vtable,
01f78473 81 [UNIT_SWAP] = &swap_vtable,
e821075a 82 [UNIT_TIMER] = &timer_vtable,
a016b922 83 [UNIT_PATH] = &path_vtable,
6c12b52e 84 [UNIT_SLICE] = &slice_vtable,
5afe510c 85 [UNIT_SCOPE] = &scope_vtable,
87f0e418
LP		 86};
87
f2341e0a 88static void maybe_warn_about_dependency(Unit *u, const char *other, UnitDependency dependency);
d1fab3fe 89
75db809a 90Unit* unit_new(Manager *m, size_t size) {
87f0e418
LP		 91 Unit *u;
92
93 assert(m);
ac155bb8 94 assert(size >= sizeof(Unit));
87f0e418 95
7d17cfbc
MS		 96 u = malloc0(size);
97 if (!u)
87f0e418
LP		 98 return NULL;
99
ac155bb8
MS		 100 u->manager = m;
101 u->type = _UNIT_TYPE_INVALID;
ac155bb8
MS		 102 u->default_dependencies = true;
103 u->unit_file_state = _UNIT_FILE_STATE_INVALID;
d2dc52db 104 u->unit_file_preset = -1;
d420282b 105 u->on_failure_job_mode = JOB_REPLACE;
0bb814c2 106 u->cgroup_control_inotify_wd = -1;
afcfaa69 107 u->cgroup_memory_inotify_wd = -1;
36c16a7c 108 u->job_timeout = USEC_INFINITY;
a2df3ea4 109 u->job_running_timeout = USEC_INFINITY;
00d9ef85
LP		 110 u->ref_uid = UID_INVALID;
111 u->ref_gid = GID_INVALID;
fe700f46 112 u->cpu_usage_last = NSEC_INFINITY;
17f14955 113 u->cgroup_invalidated_mask |= CGROUP_MASK_BPF_FIREWALL;
7af67e9a 114 u->failure_action_exit_status = u->success_action_exit_status = -1;
87f0e418 115
6a48d82f
DM		 116 u->ip_accounting_ingress_map_fd = -1;
117 u->ip_accounting_egress_map_fd = -1;
118 u->ipv4_allow_map_fd = -1;
119 u->ipv6_allow_map_fd = -1;
120 u->ipv4_deny_map_fd = -1;
121 u->ipv6_deny_map_fd = -1;
122
2e59b241
LP		 123 u->last_section_private = -1;
124
7bf081a1 125 u->start_ratelimit = (RateLimit) { m->default_start_limit_interval, m->default_start_limit_burst };
8c227e7f 126 u->auto_stop_ratelimit = (RateLimit) { 10 * USEC_PER_SEC, 16 };
bea355da 127
fbe14fc9
LP		 128 for (CGroupIOAccountingMetric i = 0; i < _CGROUP_IO_ACCOUNTING_METRIC_MAX; i++)
129 u->io_accounting_last[i] = UINT64_MAX;
130
87f0e418
LP		 131 return u;
132}
133
a581e45a 134int unit_new_for_name(Manager *m, size_t size, const char *name, Unit **ret) {
dc409696 135 _cleanup_(unit_freep) Unit *u = NULL;
a581e45a
LP		 136 int r;
137
138 u = unit_new(m, size);
139 if (!u)
140 return -ENOMEM;
141
142 r = unit_add_name(u, name);
dc409696 143 if (r < 0)
a581e45a 144 return r;
a581e45a 145
1cc6c93a
YW		 146 *ret = TAKE_PTR(u);
147
a581e45a
LP		 148 return r;
149}
150
303ee601 151bool unit_has_name(const Unit *u, const char *name) {
f278026d
LP		 152 assert(u);
153 assert(name);
154
4562c355
ZJS		 155 return streq_ptr(name, u->id) ||
156 set_contains(u->aliases, name);
f278026d
LP		 157}
158
598459ce
LP		 159static void unit_init(Unit *u) {
160 CGroupContext *cc;
161 ExecContext *ec;
162 KillContext *kc;
163
164 assert(u);
165 assert(u->manager);
166 assert(u->type >= 0);
167
168 cc = unit_get_cgroup_context(u);
169 if (cc) {
170 cgroup_context_init(cc);
171
172 /* Copy in the manager defaults into the cgroup
173 * context, _before_ the rest of the settings have
174 * been initialized */
175
176 cc->cpu_accounting = u->manager->default_cpu_accounting;
13c31542 177 cc->io_accounting = u->manager->default_io_accounting;
598459ce
LP		 178 cc->blockio_accounting = u->manager->default_blockio_accounting;
179 cc->memory_accounting = u->manager->default_memory_accounting;
03a7b521 180 cc->tasks_accounting = u->manager->default_tasks_accounting;
6a48d82f 181 cc->ip_accounting = u->manager->default_ip_accounting;
0af20ea2
LP		 182
183 if (u->type != UNIT_SLICE)
184 cc->tasks_max = u->manager->default_tasks_max;
598459ce
LP		 185 }
186
187 ec = unit_get_exec_context(u);
b1edf445 188 if (ec) {
598459ce
LP		 189 exec_context_init(ec);
190
5e37d193
FB		 191 if (MANAGER_IS_SYSTEM(u->manager))
192 ec->keyring_mode = EXEC_KEYRING_SHARED;
193 else {
194 ec->keyring_mode = EXEC_KEYRING_INHERIT;
195
196 /* User manager might have its umask redefined by PAM or UMask=. In this
197 * case let the units it manages inherit this value by default. They can
198 * still tune this value through their own unit file */
199 (void) get_process_umask(getpid_cached(), &ec->umask);
200 }
b1edf445
LP		 201 }
202
598459ce
LP		 203 kc = unit_get_kill_context(u);
204 if (kc)
205 kill_context_init(kc);
206
207 if (UNIT_VTABLE(u)->init)
208 UNIT_VTABLE(u)->init(u);
209}
210
4562c355
ZJS		 211static int unit_add_alias(Unit *u, char *donated_name) {
212 int r;
213
214 /* Make sure that u->names is allocated. We may leave u->names
215 * empty if we fail later, but this is not a problem. */
973bc32a 216 r = set_ensure_put(&u->aliases, &string_hash_ops, donated_name);
4562c355
ZJS		 217 if (r < 0)
218 return r;
219 assert(r > 0);
220
221 return 0;
222}
223
87f0e418 224int unit_add_name(Unit *u, const char *text) {
4562c355 225 _cleanup_free_ char *name = NULL, *instance = NULL;
87f0e418 226 UnitType t;
87f0e418
LP		 227 int r;
228
229 assert(u);
230 assert(text);
231
7410616c 232 if (unit_name_is_valid(text, UNIT_NAME_TEMPLATE)) {
ac155bb8 233 if (!u->instance)
acd1987a
WY		 234 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EINVAL),
235 "instance is not set when adding name '%s': %m", text);
87f0e418 236
4562c355 237 r = unit_name_replace_instance(text, u->instance, &name);
7410616c 238 if (r < 0)
acd1987a
WY		 239 return log_unit_debug_errno(u, r,
240 "failed to build instance name from '%s': %m", text);
7410616c 241 } else {
4562c355
ZJS		 242 name = strdup(text);
243 if (!name)
7410616c
LP		 244 return -ENOMEM;
245 }
87f0e418 246
4562c355 247 if (unit_has_name(u, name))
7410616c 248 return 0;
4562c355
ZJS		 249
250 if (hashmap_contains(u->manager->units, name))
acd1987a 251 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EEXIST),
4562c355 252 "unit already exist when adding name '%s': %m", name);
7410616c 253
4562c355 254 if (!unit_name_is_valid(name, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE))
acd1987a 255 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EINVAL),
4562c355 256 "name '%s' is invalid: %m", name);
e537352b 257
4562c355 258 t = unit_name_to_type(name);
7410616c 259 if (t < 0)
acd1987a 260 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EINVAL),
cd990847 261 "failed to derive unit type from name '%s': %m", name);
87f0e418 262
598459ce 263 if (u->type != _UNIT_TYPE_INVALID && t != u->type)
acd1987a
WY		 264 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EINVAL),
265 "unit type is illegal: u->type(%d) and t(%d) for name '%s': %m",
4562c355 266 u->type, t, name);
87f0e418 267
4562c355 268 r = unit_name_to_instance(name, &instance);
e48614c4 269 if (r < 0)
4562c355 270 return log_unit_debug_errno(u, r, "failed to extract instance from name '%s': %m", name);
87f0e418 271
4562c355
ZJS		 272 if (instance && !unit_type_may_template(t))
273 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EINVAL), "templates are not allowed for name '%s': %m", name);
9e2f7c11 274
d383acad
ZJS		 275 /* Ensure that this unit either has no instance, or that the instance matches. */
276 if (u->type != _UNIT_TYPE_INVALID && !streq_ptr(u->instance, instance))
acd1987a 277 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EINVAL),
ada4b34e
ZJS		 278 "cannot add name %s, the instances don't match (\"%s\" != \"%s\").",
279 name, instance, u->instance);
9e2f7c11 280
4562c355 281 if (u->id && !unit_type_may_alias(t))
ada4b34e
ZJS		 282 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EEXIST),
283 "cannot add name %s, aliases are not allowed for %s units.",
284 name, unit_type_to_string(t));
9e2f7c11 285
598459ce 286 if (hashmap_size(u->manager->units) >= MANAGER_MAX_NAMES)
ada4b34e 287 return log_unit_warning_errno(u, SYNTHETIC_ERRNO(E2BIG), "cannot add name, manager has too many units: %m");
4f0f902f 288
4562c355
ZJS		 289 /* Add name to the global hashmap first, because that's easier to undo */
290 r = hashmap_put(u->manager->units, name, u);
7410616c 291 if (r < 0)
acd1987a 292 return log_unit_debug_errno(u, r, "add unit to hashmap failed for name '%s': %m", text);
87f0e418 293
4562c355
ZJS		 294 if (u->id) {
295 r = unit_add_alias(u, name); /* unit_add_alias() takes ownership of the name on success */
296 if (r < 0) {
297 hashmap_remove(u->manager->units, name);
298 return r;
299 }
300 TAKE_PTR(name);
301
302 } else {
303 /* A new name, we don't need the set yet. */
304 assert(u->type == _UNIT_TYPE_INVALID);
305 assert(!u->instance);
306
ac155bb8 307 u->type = t;
4562c355
ZJS		 308 u->id = TAKE_PTR(name);
309 u->instance = TAKE_PTR(instance);
9e2f7c11 310
71fda00f 311 LIST_PREPEND(units_by_type, u->manager->units_by_type[t], u);
598459ce 312 unit_init(u);
598459ce 313 }
9e2f7c11 314
598459ce
LP		 315 unit_add_to_dbus_queue(u);
316 return 0;
87f0e418
LP		 317}
318
0ae97ec1 319int unit_choose_id(Unit *u, const char *name) {
68eda4bd 320 _cleanup_free_ char *t = NULL;
4562c355 321 char *s;
276c3e78 322 int r;
0ae97ec1
LP		 323
324 assert(u);
325 assert(name);
326
7410616c 327 if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) {
ac155bb8 328 if (!u->instance)
9e2f7c11
LP		 329 return -EINVAL;
330
7410616c
LP		 331 r = unit_name_replace_instance(name, u->instance, &t);
332 if (r < 0)
333 return r;
9e2f7c11
LP		 334
335 name = t;
336 }
337
4562c355
ZJS		 338 if (streq_ptr(u->id, name))
339 return 0; /* Nothing to do. */
340
341 /* Selects one of the aliases of this unit as the id */
342 s = set_get(u->aliases, (char*) name);
9e2f7c11 343 if (!s)
0ae97ec1
LP		 344 return -ENOENT;
345
4562c355
ZJS		 346 if (u->id) {
347 r = set_remove_and_put(u->aliases, name, u->id);
348 if (r < 0)
349 return r;
350 } else
351 assert_se(set_remove(u->aliases, name)); /* see set_get() above… */
276c3e78 352
4562c355 353 u->id = s; /* Old u->id is now stored in the set, and s is not stored anywhere */
c1e1601e 354 unit_add_to_dbus_queue(u);
9e2f7c11 355
0ae97ec1
LP		 356 return 0;
357}
358
f50e0a01 359int unit_set_description(Unit *u, const char *description) {
84b26d51 360 int r;
f50e0a01
LP		 361
362 assert(u);
363
84b26d51
LP		 364 r = free_and_strdup(&u->description, empty_to_null(description));
365 if (r < 0)
366 return r;
367 if (r > 0)
368 unit_add_to_dbus_queue(u);
c1e1601e 369
f50e0a01
LP		 370 return 0;
371}
372
f2f725e5 373bool unit_may_gc(Unit *u) {
a354329f 374 UnitActiveState state;
e98b2fbb 375 int r;
5afe510c 376
701cc384
LP		 377 assert(u);
378
f2f725e5
ZJS		 379 /* Checks whether the unit is ready to be unloaded for garbage collection.
380 * Returns true when the unit may be collected, and false if there's some
2641f02e
ZJS		 381 * reason to keep it loaded.
382 *
383 * References from other units are *not* checked here. Instead, this is done
384 * in unit_gc_sweep(), but using markers to properly collect dependency loops.
385 */
5afe510c 386
a354329f 387 if (u->job)
f2f725e5 388 return false;
701cc384 389
a354329f 390 if (u->nop_job)
f2f725e5 391 return false;
6c073082 392
a354329f
LP		 393 state = unit_active_state(u);
394
7eb2a8a1 395 /* If the unit is inactive and failed and no job is queued for it, then release its runtime resources */
a354329f
LP		 396 if (UNIT_IS_INACTIVE_OR_FAILED(state) &&
397 UNIT_VTABLE(u)->release_resources)
7eb2a8a1 398 UNIT_VTABLE(u)->release_resources(u);
a354329f 399
f5869324 400 if (u->perpetual)
f2f725e5 401 return false;
9d576438 402
05a98afd 403 if (sd_bus_track_count(u->bus_track) > 0)
f2f725e5 404 return false;
05a98afd 405
5afe510c
LP		 406 /* But we keep the unit object around for longer when it is referenced or configured to not be gc'ed */
407 switch (u->collect_mode) {
408
409 case COLLECT_INACTIVE:
410 if (state != UNIT_INACTIVE)
f2f725e5 411 return false;
5afe510c
LP		 412
413 break;
414
415 case COLLECT_INACTIVE_OR_FAILED:
416 if (!IN_SET(state, UNIT_INACTIVE, UNIT_FAILED))
f2f725e5 417 return false;
5afe510c
LP		 418
419 break;
420
421 default:
422 assert_not_reached("Unknown garbage collection mode");
423 }
424
e98b2fbb
LP		 425 if (u->cgroup_path) {
426 /* If the unit has a cgroup, then check whether there's anything in it. If so, we should stay
427 * around. Units with active processes should never be collected. */
428
429 r = cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path);
430 if (r < 0)
431 log_unit_debug_errno(u, r, "Failed to determine whether cgroup %s is empty: %m", u->cgroup_path);
432 if (r <= 0)
f2f725e5 433 return false;
e98b2fbb
LP		 434 }
435
f2f725e5
ZJS		 436 if (UNIT_VTABLE(u)->may_gc && !UNIT_VTABLE(u)->may_gc(u))
437 return false;
701cc384 438
f2f725e5 439 return true;
701cc384
LP		 440}
441
87f0e418
LP		 442void unit_add_to_load_queue(Unit *u) {
443 assert(u);
ac155bb8 444 assert(u->type != _UNIT_TYPE_INVALID);
87f0e418 445
ac155bb8 446 if (u->load_state != UNIT_STUB || u->in_load_queue)
87f0e418
LP		 447 return;
448
71fda00f 449 LIST_PREPEND(load_queue, u->manager->load_queue, u);
ac155bb8 450 u->in_load_queue = true;
87f0e418
LP		 451}
452
23a177ef
LP		 453void unit_add_to_cleanup_queue(Unit *u) {
454 assert(u);
455
ac155bb8 456 if (u->in_cleanup_queue)
23a177ef
LP		 457 return;
458
71fda00f 459 LIST_PREPEND(cleanup_queue, u->manager->cleanup_queue, u);
ac155bb8 460 u->in_cleanup_queue = true;
23a177ef
LP		 461}
462
701cc384
LP		 463void unit_add_to_gc_queue(Unit *u) {
464 assert(u);
465
ac155bb8 466 if (u->in_gc_queue || u->in_cleanup_queue)
701cc384
LP		 467 return;
468
f2f725e5 469 if (!unit_may_gc(u))
701cc384
LP		 470 return;
471
c5a97ed1 472 LIST_PREPEND(gc_queue, u->manager->gc_unit_queue, u);
ac155bb8 473 u->in_gc_queue = true;
701cc384
LP		 474}
475
c1e1601e
LP		 476void unit_add_to_dbus_queue(Unit *u) {
477 assert(u);
ac155bb8 478 assert(u->type != _UNIT_TYPE_INVALID);
c1e1601e 479
ac155bb8 480 if (u->load_state == UNIT_STUB || u->in_dbus_queue)
c1e1601e
LP		 481 return;
482
a567261a 483 /* Shortcut things if nobody cares */
8f8f05a9 484 if (sd_bus_track_count(u->manager->subscribed) <= 0 &&
ae572acd 485 sd_bus_track_count(u->bus_track) <= 0 &&
8f8f05a9 486 set_isempty(u->manager->private_buses)) {
ac155bb8 487 u->sent_dbus_new_signal = true;
94b6dfa2
LP		 488 return;
489 }
490
71fda00f 491 LIST_PREPEND(dbus_queue, u->manager->dbus_unit_queue, u);
ac155bb8 492 u->in_dbus_queue = true;
c1e1601e
LP		 493}
494
fda09318 495void unit_submit_to_stop_when_unneeded_queue(Unit *u) {
a3c1168a
LP		 496 assert(u);
497
498 if (u->in_stop_when_unneeded_queue)
499 return;
500
501 if (!u->stop_when_unneeded)
502 return;
503
504 if (!UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u)))
505 return;
506
507 LIST_PREPEND(stop_when_unneeded_queue, u->manager->stop_when_unneeded_queue, u);
508 u->in_stop_when_unneeded_queue = true;
509}
510
eef85c4a 511static void bidi_set_free(Unit *u, Hashmap *h) {
87f0e418 512 Unit *other;
eef85c4a 513 void *v;
87f0e418
LP		 514
515 assert(u);
516
eef85c4a 517 /* Frees the hashmap and makes sure we are dropped from the inverse pointers */
87f0e418 518
90e74a66 519 HASHMAP_FOREACH_KEY(v, other, h) {
f6173cb9 520 for (UnitDependency d = 0; d < _UNIT_DEPENDENCY_MAX; d++)
eef85c4a 521 hashmap_remove(other->dependencies[d], u);
701cc384
LP		 522
523 unit_add_to_gc_queue(other);
87f0e418
LP		 524 }
525
eef85c4a 526 hashmap_free(h);
87f0e418
LP		 527}
528
c2756a68
LP		 529static void unit_remove_transient(Unit *u) {
530 char **i;
531
532 assert(u);
533
534 if (!u->transient)
535 return;
536
537 if (u->fragment_path)
3f5e8115 538 (void) unlink(u->fragment_path);
c2756a68
LP		 539
540 STRV_FOREACH(i, u->dropin_paths) {
39591351 541 _cleanup_free_ char *p = NULL, *pp = NULL;
c2756a68 542
39591351
LP		 543 p = dirname_malloc(*i); /* Get the drop-in directory from the drop-in file */
544 if (!p)
545 continue;
546
547 pp = dirname_malloc(p); /* Get the config directory from the drop-in directory */
548 if (!pp)
549 continue;
550
551 /* Only drop transient drop-ins */
552 if (!path_equal(u->manager->lookup_paths.transient, pp))
553 continue;
c2756a68 554
39591351
LP		 555 (void) unlink(*i);
556 (void) rmdir(p);
c2756a68
LP		 557 }
558}
559
a57f7e2c 560static void unit_free_requires_mounts_for(Unit *u) {
eef85c4a 561 assert(u);
a57f7e2c 562
eef85c4a 563 for (;;) {
c2b2df60 564 _cleanup_free_ char *path = NULL;
a57f7e2c 565
eef85c4a
LP		 566 path = hashmap_steal_first_key(u->requires_mounts_for);
567 if (!path)
568 break;
569 else {
570 char s[strlen(path) + 1];
a57f7e2c 571
eef85c4a
LP		 572 PATH_FOREACH_PREFIX_MORE(s, path) {
573 char *y;
574 Set *x;
575
576 x = hashmap_get2(u->manager->units_requiring_mounts_for, s, (void**) &y);
577 if (!x)
578 continue;
a57f7e2c 579
eef85c4a 580 (void) set_remove(x, u);
a57f7e2c 581
eef85c4a
LP		 582 if (set_isempty(x)) {
583 (void) hashmap_remove(u->manager->units_requiring_mounts_for, y);
584 free(y);
585 set_free(x);
586 }
a57f7e2c
LP		 587 }
588 }
589 }
590
eef85c4a 591 u->requires_mounts_for = hashmap_free(u->requires_mounts_for);
a57f7e2c
LP		 592}
593
598459ce
LP		 594static void unit_done(Unit *u) {
595 ExecContext *ec;
596 CGroupContext *cc;
597
598 assert(u);
599
600 if (u->type < 0)
601 return;
602
603 if (UNIT_VTABLE(u)->done)
604 UNIT_VTABLE(u)->done(u);
605
606 ec = unit_get_exec_context(u);
607 if (ec)
608 exec_context_done(ec);
609
610 cc = unit_get_cgroup_context(u);
611 if (cc)
612 cgroup_context_done(cc);
613}
614
75db809a 615Unit* unit_free(Unit *u) {
87f0e418
LP		 616 char *t;
617
c9d5c9c0 618 if (!u)
75db809a 619 return NULL;
87f0e418 620
50fb00b7 621 u->transient_file = safe_fclose(u->transient_file);
4f4afc88 622
2c289ea8 623 if (!MANAGER_IS_RELOADING(u->manager))
c2756a68
LP		 624 unit_remove_transient(u);
625
c1e1601e
LP		 626 bus_unit_send_removed_signal(u);
627
598459ce 628 unit_done(u);
a013b84b 629
50be4f4a 630 unit_dequeue_rewatch_pids(u);
cf9fd508 631
50be4f4a 632 sd_bus_slot_unref(u->match_bus_slot);
05a98afd
LP		 633 sd_bus_track_unref(u->bus_track);
634 u->deserialized_refs = strv_free(u->deserialized_refs);
d9e45bc3 635 u->pending_freezer_message = sd_bus_message_unref(u->pending_freezer_message);
05a98afd 636
a57f7e2c
LP		 637 unit_free_requires_mounts_for(u);
638
90e74a66 639 SET_FOREACH(t, u->aliases)
ac155bb8 640 hashmap_remove_value(u->manager->units, t, u);
4562c355
ZJS		 641 if (u->id)
642 hashmap_remove_value(u->manager->units, u->id, u);
87f0e418 643
4b58153d
LP		 644 if (!sd_id128_is_null(u->invocation_id))
645 hashmap_remove_value(u->manager->units_by_invocation_id, &u->invocation_id, u);
646
97e7d748
MS		 647 if (u->job) {
648 Job *j = u->job;
649 job_uninstall(j);
650 job_free(j);
651 }
964e0949 652
e0209d83
MS		 653 if (u->nop_job) {
654 Job *j = u->nop_job;
655 job_uninstall(j);
656 job_free(j);
657 }
658
f6173cb9 659 for (UnitDependency d = 0; d < _UNIT_DEPENDENCY_MAX; d++)
ac155bb8 660 bidi_set_free(u, u->dependencies[d]);
964e0949 661
4c591f39
MK		 662 /* A unit is being dropped from the tree, make sure our family is realized properly. Do this after we
663 * detach the unit from slice tree in order to eliminate its effect on controller masks. */
f23ba94d 664 if (UNIT_ISSET(u->slice))
4c591f39 665 unit_add_family_to_cgroup_realize_queue(UNIT_DEREF(u->slice));
fb46fca7 666
adefcf28
LP		 667 if (u->on_console)
668 manager_unref_console(u->manager);
669
3d027d4d
JK		 670
671 fdset_free(u->initial_socket_bind_link_fds);
91ce91c7
JK		 672#if BPF_FRAMEWORK
673 bpf_link_free(u->ipv4_socket_bind_link);
674 bpf_link_free(u->ipv6_socket_bind_link);
675#endif
676
efdb0237 677 unit_release_cgroup(u);
72673e86 678
d3070fbd
LP		 679 if (!MANAGER_IS_RELOADING(u->manager))
680 unit_unlink_state_files(u);
681
00d9ef85
LP		 682 unit_unref_uid_gid(u, false);
683
5269eb6b 684 (void) manager_update_failed_units(u->manager, u, false);
db785129 685 set_remove(u->manager->startup_units, u);
f755e3b7 686
a911bb9a
LP		 687 unit_unwatch_all_pids(u);
688
702a2d8f 689 unit_ref_unset(&u->slice);
7f7d01ed
ZJS		 690 while (u->refs_by_target)
691 unit_ref_unset(u->refs_by_target);
57020a3a 692
ac155bb8 693 if (u->type != _UNIT_TYPE_INVALID)
71fda00f 694 LIST_REMOVE(units_by_type, u->manager->units_by_type[u->type], u);
ef734fd6 695
ac155bb8 696 if (u->in_load_queue)
71fda00f 697 LIST_REMOVE(load_queue, u->manager->load_queue, u);
87f0e418 698
ac155bb8 699 if (u->in_dbus_queue)
71fda00f 700 LIST_REMOVE(dbus_queue, u->manager->dbus_unit_queue, u);
c1e1601e 701
a2d72e26 702 if (u->in_gc_queue)
c5a97ed1 703 LIST_REMOVE(gc_queue, u->manager->gc_unit_queue, u);
701cc384 704
91a6073e
LP		 705 if (u->in_cgroup_realize_queue)
706 LIST_REMOVE(cgroup_realize_queue, u->manager->cgroup_realize_queue, u);
87f0e418 707
09e24654
LP		 708 if (u->in_cgroup_empty_queue)
709 LIST_REMOVE(cgroup_empty_queue, u->manager->cgroup_empty_queue, u);
710
1bdf2790
ZJS		 711 if (u->in_cleanup_queue)
712 LIST_REMOVE(cleanup_queue, u->manager->cleanup_queue, u);
adefcf28 713
19496554
MS		 714 if (u->in_target_deps_queue)
715 LIST_REMOVE(target_deps_queue, u->manager->target_deps_queue, u);
716
a3c1168a
LP		 717 if (u->in_stop_when_unneeded_queue)
718 LIST_REMOVE(stop_when_unneeded_queue, u->manager->stop_when_unneeded_queue, u);
719
6a48d82f
DM		 720 safe_close(u->ip_accounting_ingress_map_fd);
721 safe_close(u->ip_accounting_egress_map_fd);
72673e86 722
6a48d82f
DM		 723 safe_close(u->ipv4_allow_map_fd);
724 safe_close(u->ipv6_allow_map_fd);
725 safe_close(u->ipv4_deny_map_fd);
726 safe_close(u->ipv6_deny_map_fd);
d3070fbd 727
6a48d82f 728 bpf_program_unref(u->ip_bpf_ingress);
aa2b6f1d 729 bpf_program_unref(u->ip_bpf_ingress_installed);
6a48d82f 730 bpf_program_unref(u->ip_bpf_egress);
aa2b6f1d 731 bpf_program_unref(u->ip_bpf_egress_installed);
00d9ef85 732
fab34748
KL		 733 set_free(u->ip_bpf_custom_ingress);
734 set_free(u->ip_bpf_custom_egress);
735 set_free(u->ip_bpf_custom_ingress_installed);
736 set_free(u->ip_bpf_custom_egress_installed);
737
5f8ba20d
JK		 738 hashmap_free(u->bpf_foreign_by_key);
739
084c7007
RG		 740 bpf_program_unref(u->bpf_device_control_installed);
741
a946fa9b
ZJS		 742 condition_free_list(u->conditions);
743 condition_free_list(u->asserts);
f755e3b7 744
ac155bb8 745 free(u->description);
49dbfa7b 746 strv_free(u->documentation);
ac155bb8 747 free(u->fragment_path);
1b64d026 748 free(u->source_path);
ae7a7182 749 strv_free(u->dropin_paths);
ac155bb8 750 free(u->instance);
87f0e418 751
f189ab18 752 free(u->job_timeout_reboot_arg);
6bf0f408
LP		 753 free(u->reboot_arg);
754
4562c355
ZJS		 755 set_free_free(u->aliases);
756 free(u->id);
757
75db809a 758 return mfree(u);
87f0e418
LP		 759}
760
d9e45bc3
MS		 761FreezerState unit_freezer_state(Unit *u) {
762 assert(u);
763
764 return u->freezer_state;
765}
766
767int unit_freezer_state_kernel(Unit *u, FreezerState *ret) {
768 char *values[1] = {};
769 int r;
770
771 assert(u);
772
773 r = cg_get_keyed_attribute(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, "cgroup.events",
774 STRV_MAKE("frozen"), values);
775 if (r < 0)
776 return r;
777
778 r = _FREEZER_STATE_INVALID;
779
780 if (values[0]) {
781 if (streq(values[0], "0"))
782 r = FREEZER_RUNNING;
783 else if (streq(values[0], "1"))
784 r = FREEZER_FROZEN;
785 }
786
787 free(values[0]);
788 *ret = r;
789
790 return 0;
791}
792
87f0e418
LP		 793UnitActiveState unit_active_state(Unit *u) {
794 assert(u);
795
ac155bb8 796 if (u->load_state == UNIT_MERGED)
6124958c
LP		 797 return unit_active_state(unit_follow_merge(u));
798
799 /* After a reload it might happen that a unit is not correctly
800 * loaded but still has a process around. That's why we won't
fdf20a31 801 * shortcut failed loading to UNIT_INACTIVE_FAILED. */
87f0e418
LP		 802
803 return UNIT_VTABLE(u)->active_state(u);
804}
805
10a94420
LP		 806const char* unit_sub_state_to_string(Unit *u) {
807 assert(u);
808
809 return UNIT_VTABLE(u)->sub_state_to_string(u);
810}
811
eef85c4a 812static int hashmap_complete_move(Hashmap **s, Hashmap **other) {
23a177ef
LP		 813 assert(s);
814 assert(other);
87f0e418 815
23a177ef 816 if (!*other)
7c0b05e5 817 return 0;
87f0e418 818
eef85c4a
LP		 819 if (*s)
820 return hashmap_move(*s, *other);
ae2a15bc
LP		 821 else
822 *s = TAKE_PTR(*other);
7c0b05e5
MS		 823
824 return 0;
23a177ef 825}
87f0e418 826
7c0b05e5 827static int merge_names(Unit *u, Unit *other) {
4562c355 828 char *name;
7c0b05e5 829 int r;
87f0e418 830
23a177ef
LP		 831 assert(u);
832 assert(other);
833
4562c355 834 r = unit_add_alias(u, other->id);
7c0b05e5
MS		 835 if (r < 0)
836 return r;
23a177ef 837
4562c355
ZJS		 838 r = set_move(u->aliases, other->aliases);
839 if (r < 0) {
840 set_remove(u->aliases, other->id);
841 return r;
842 }
23a177ef 843
4562c355
ZJS		 844 TAKE_PTR(other->id);
845 other->aliases = set_free_free(other->aliases);
23a177ef 846
90e74a66 847 SET_FOREACH(name, u->aliases)
4562c355 848 assert_se(hashmap_replace(u->manager->units, name, u) == 0);
7c0b05e5
MS		 849
850 return 0;
87f0e418
LP		 851}
852
09a65f92
MS		 853static int reserve_dependencies(Unit *u, Unit *other, UnitDependency d) {
854 unsigned n_reserve;
855
856 assert(u);
857 assert(other);
858 assert(d < _UNIT_DEPENDENCY_MAX);
859
860 /*
861 * If u does not have this dependency set allocated, there is no need
f131770b 862 * to reserve anything. In that case other's set will be transferred
09a65f92
MS		 863 * as a whole to u by complete_move().
864 */
865 if (!u->dependencies[d])
866 return 0;
867
868 /* merge_dependencies() will skip a u-on-u dependency */
eef85c4a 869 n_reserve = hashmap_size(other->dependencies[d]) - !!hashmap_get(other->dependencies[d], u);
09a65f92 870
eef85c4a 871 return hashmap_reserve(u->dependencies[d], n_reserve);
09a65f92
MS		 872}
873
d1fab3fe 874static void merge_dependencies(Unit *u, Unit *other, const char *other_id, UnitDependency d) {
23a177ef 875 Unit *back;
eef85c4a 876 void *v;
87f0e418 877 int r;
23a177ef 878
eef85c4a
LP		 879 /* Merges all dependencies of type 'd' of the unit 'other' into the deps of the unit 'u' */
880
23a177ef
LP		 881 assert(u);
882 assert(other);
883 assert(d < _UNIT_DEPENDENCY_MAX);
884
5238e957 885 /* Fix backwards pointers. Let's iterate through all dependent units of the other unit. */
90e74a66 886 HASHMAP_FOREACH_KEY(v, back, other->dependencies[d])
eef85c4a 887
f6173cb9
ZJS		 888 /* Let's now iterate through the dependencies of that dependencies of the other units,
889 * looking for pointers back, and let's fix them up, to instead point to 'u'. */
890 for (UnitDependency k = 0; k < _UNIT_DEPENDENCY_MAX; k++)
e66047ff 891 if (back == u) {
eef85c4a
LP		 892 /* Do not add dependencies between u and itself. */
893 if (hashmap_remove(back->dependencies[k], other))
f2341e0a 894 maybe_warn_about_dependency(u, other_id, k);
e66047ff 895 } else {
f6173cb9 896 UnitDependencyInfo di_u, di_other;
eef85c4a
LP		 897
898 /* Let's drop this dependency between "back" and "other", and let's create it between
899 * "back" and "u" instead. Let's merge the bit masks of the dependency we are moving,
900 * and any such dependency which might already exist */
901
902 di_other.data = hashmap_get(back->dependencies[k], other);
903 if (!di_other.data)
904 continue; /* dependency isn't set, let's try the next one */
905
906 di_u.data = hashmap_get(back->dependencies[k], u);
907
f6173cb9 908 UnitDependencyInfo di_merged = {
eef85c4a
LP		 909 .origin_mask = di_u.origin_mask | di_other.origin_mask,
910 .destination_mask = di_u.destination_mask | di_other.destination_mask,
911 };
912
913 r = hashmap_remove_and_replace(back->dependencies[k], other, u, di_merged.data);
914 if (r < 0)
915 log_warning_errno(r, "Failed to remove/replace: back=%s other=%s u=%s: %m", back->id, other_id, u->id);
916 assert(r >= 0);
917
918 /* assert_se(hashmap_remove_and_replace(back->dependencies[k], other, u, di_merged.data) >= 0); */
e66047ff 919 }
23a177ef 920
e66047ff 921 /* Also do not move dependencies on u to itself */
eef85c4a 922 back = hashmap_remove(other->dependencies[d], u);
d1fab3fe 923 if (back)
f2341e0a 924 maybe_warn_about_dependency(u, other_id, d);
e66047ff 925
7c0b05e5 926 /* The move cannot fail. The caller must have performed a reservation. */
eef85c4a 927 assert_se(hashmap_complete_move(&u->dependencies[d], &other->dependencies[d]) == 0);
23a177ef 928
eef85c4a 929 other->dependencies[d] = hashmap_free(other->dependencies[d]);
23a177ef
LP		 930}
931
932int unit_merge(Unit *u, Unit *other) {
d1fab3fe 933 const char *other_id = NULL;
09a65f92 934 int r;
87f0e418
LP		 935
936 assert(u);
937 assert(other);
ac155bb8
MS		 938 assert(u->manager == other->manager);
939 assert(u->type != _UNIT_TYPE_INVALID);
87f0e418 940
cc916967
LP		 941 other = unit_follow_merge(other);
942
23a177ef
LP		 943 if (other == u)
944 return 0;
945
ac155bb8 946 if (u->type != other->type)
9e2f7c11
LP		 947 return -EINVAL;
948
8a993b61 949 if (!unit_type_may_alias(u->type)) /* Merging only applies to unit names that support aliases */
934e749e
LP		 950 return -EEXIST;
951
ec2ce0c5 952 if (!IN_SET(other->load_state, UNIT_STUB, UNIT_NOT_FOUND))
23a177ef 953 return -EEXIST;
87f0e418 954
d383acad
ZJS		 955 if (!streq_ptr(u->instance, other->instance))
956 return -EINVAL;
957
ac155bb8 958 if (other->job)
819e213f
LP		 959 return -EEXIST;
960
e0209d83
MS		 961 if (other->nop_job)
962 return -EEXIST;
963
fdf20a31 964 if (!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other)))
819e213f
LP		 965 return -EEXIST;
966
d1fab3fe
ZJS		 967 if (other->id)
968 other_id = strdupa(other->id);
969
09a65f92 970 /* Make reservations to ensure merge_dependencies() won't fail */
f6173cb9 971 for (UnitDependency d = 0; d < _UNIT_DEPENDENCY_MAX; d++) {
09a65f92
MS		 972 r = reserve_dependencies(u, other, d);
973 /*
974 * We don't rollback reservations if we fail. We don't have
975 * a way to undo reservations. A reservation is not a leak.
976 */
977 if (r < 0)
978 return r;
979 }
980
87f0e418 981 /* Merge names */
7c0b05e5
MS		 982 r = merge_names(u, other);
983 if (r < 0)
984 return r;
87f0e418 985
57020a3a 986 /* Redirect all references */
7f7d01ed
ZJS		 987 while (other->refs_by_target)
988 unit_ref_set(other->refs_by_target, other->refs_by_target->source, u);
57020a3a 989
87f0e418 990 /* Merge dependencies */
f6173cb9 991 for (UnitDependency d = 0; d < _UNIT_DEPENDENCY_MAX; d++)
d1fab3fe 992 merge_dependencies(u, other, other_id, d);
87f0e418 993
ac155bb8
MS		 994 other->load_state = UNIT_MERGED;
995 other->merged_into = u;
23a177ef 996
3616a49c
LP		 997 /* If there is still some data attached to the other node, we
998 * don't need it anymore, and can free it. */
ac155bb8 999 if (other->load_state != UNIT_STUB)
3616a49c
LP		 1000 if (UNIT_VTABLE(other)->done)
1001 UNIT_VTABLE(other)->done(other);
1002
1003 unit_add_to_dbus_queue(u);
23a177ef
LP		 1004 unit_add_to_cleanup_queue(other);
1005
1006 return 0;
1007}
1008
1009int unit_merge_by_name(Unit *u, const char *name) {
934e749e 1010 _cleanup_free_ char *s = NULL;
23a177ef 1011 Unit *other;
9e2f7c11 1012 int r;
23a177ef 1013
e8630e69
ZJS		 1014 /* Either add name to u, or if a unit with name already exists, merge it with u.
1015 * If name is a template, do the same for name@instance, where instance is u's instance. */
1016
23a177ef
LP		 1017 assert(u);
1018 assert(name);
1019
7410616c 1020 if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) {
ac155bb8 1021 if (!u->instance)
9e2f7c11
LP		 1022 return -EINVAL;
1023
7410616c
LP		 1024 r = unit_name_replace_instance(name, u->instance, &s);
1025 if (r < 0)
1026 return r;
9e2f7c11
LP		 1027
1028 name = s;
1029 }
1030
c2756a68 1031 other = manager_get_unit(u->manager, name);
7410616c
LP		 1032 if (other)
1033 return unit_merge(u, other);
23a177ef 1034
7410616c 1035 return unit_add_name(u, name);
23a177ef
LP		 1036}
1037
1038Unit* unit_follow_merge(Unit *u) {
1039 assert(u);
1040
ac155bb8
MS		 1041 while (u->load_state == UNIT_MERGED)
1042 assert_se(u = u->merged_into);
23a177ef
LP		 1043
1044 return u;
1045}
1046
1047int unit_add_exec_dependencies(Unit *u, ExecContext *c) {
1048 int r;
1049
1050 assert(u);
1051 assert(c);
1052
e1e74614 1053 if (c->working_directory && !c->working_directory_missing_ok) {
eef85c4a 1054 r = unit_require_mounts_for(u, c->working_directory, UNIT_DEPENDENCY_FILE);
36be24c8
ZJS		 1055 if (r < 0)
1056 return r;
1057 }
1058
1059 if (c->root_directory) {
eef85c4a 1060 r = unit_require_mounts_for(u, c->root_directory, UNIT_DEPENDENCY_FILE);
36be24c8
ZJS		 1061 if (r < 0)
1062 return r;
1063 }
1064
915e6d16 1065 if (c->root_image) {
eef85c4a 1066 r = unit_require_mounts_for(u, c->root_image, UNIT_DEPENDENCY_FILE);
915e6d16
LP		 1067 if (r < 0)
1068 return r;
1069 }
1070
12375b95 1071 for (ExecDirectoryType dt = 0; dt < _EXEC_DIRECTORY_TYPE_MAX; dt++) {
ada5e276
YW		 1072 if (!u->manager->prefix[dt])
1073 continue;
1074
12375b95 1075 char **dp;
ada5e276 1076 STRV_FOREACH(dp, c->directories[dt].paths) {
c2b2df60 1077 _cleanup_free_ char *p = NULL;
ada5e276 1078
657ee2d8 1079 p = path_join(u->manager->prefix[dt], *dp);
ada5e276
YW		 1080 if (!p)
1081 return -ENOMEM;
1082
eef85c4a 1083 r = unit_require_mounts_for(u, p, UNIT_DEPENDENCY_FILE);
ada5e276
YW		 1084 if (r < 0)
1085 return r;
1086 }
1087 }
1088
463d0d15 1089 if (!MANAGER_IS_SYSTEM(u->manager))
b46a529c
LP		 1090 return 0;
1091
f3b7a79b
LP		 1092 /* For the following three directory types we need write access, and /var/ is possibly on the root
1093 * fs. Hence order after systemd-remount-fs.service, to ensure things are writable. */
1094 if (!strv_isempty(c->directories[EXEC_DIRECTORY_STATE].paths) ||
1095 !strv_isempty(c->directories[EXEC_DIRECTORY_CACHE].paths) ||
1096 !strv_isempty(c->directories[EXEC_DIRECTORY_LOGS].paths)) {
1097 r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_REMOUNT_FS_SERVICE, true, UNIT_DEPENDENCY_FILE);
1098 if (r < 0)
1099 return r;
1100 }
1101
b46a529c 1102 if (c->private_tmp) {
d71f0505
LP		 1103 const char *p;
1104
1105 FOREACH_STRING(p, "/tmp", "/var/tmp") {
eef85c4a 1106 r = unit_require_mounts_for(u, p, UNIT_DEPENDENCY_FILE);
d71f0505
LP		 1107 if (r < 0)
1108 return r;
1109 }
b46a529c 1110
35d8c19a 1111 r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_TMPFILES_SETUP_SERVICE, true, UNIT_DEPENDENCY_FILE);
b46a529c
LP		 1112 if (r < 0)
1113 return r;
1114 }
1115
33b58dfb
LP		 1116 if (c->root_image) {
1117 /* We need to wait for /dev/loopX to appear when doing RootImage=, hence let's add an
1118 * implicit dependency on udev */
1119
1120 r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_UDEVD_SERVICE, true, UNIT_DEPENDENCY_FILE);
1121 if (r < 0)
1122 return r;
1123 }
1124
52c239d7
LB		 1125 if (!IN_SET(c->std_output,
1126 EXEC_OUTPUT_JOURNAL, EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
f3dc6af2 1127 EXEC_OUTPUT_KMSG, EXEC_OUTPUT_KMSG_AND_CONSOLE) &&
52c239d7
LB		 1128 !IN_SET(c->std_error,
1129 EXEC_OUTPUT_JOURNAL, EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
f3dc6af2 1130 EXEC_OUTPUT_KMSG, EXEC_OUTPUT_KMSG_AND_CONSOLE) &&
91dd5f7c 1131 !c->log_namespace)
23a177ef
LP		 1132 return 0;
1133
91dd5f7c
LP		 1134 /* If syslog or kernel logging is requested (or log namespacing is), make sure our own logging daemon
1135 * is run first. */
1136
1137 if (c->log_namespace) {
dc5437c7 1138 _cleanup_free_ char *socket_unit = NULL, *varlink_socket_unit = NULL;
23a177ef 1139
91dd5f7c
LP		 1140 r = unit_name_build_from_type("systemd-journald", c->log_namespace, UNIT_SOCKET, &socket_unit);
1141 if (r < 0)
1142 return r;
1143
1144 r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_REQUIRES, socket_unit, true, UNIT_DEPENDENCY_FILE);
1145 if (r < 0)
1146 return r;
dc5437c7
LP		 1147
1148 r = unit_name_build_from_type("systemd-journald-varlink", c->log_namespace, UNIT_SOCKET, &varlink_socket_unit);
1149 if (r < 0)
1150 return r;
1151
1152 r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_REQUIRES, varlink_socket_unit, true, UNIT_DEPENDENCY_FILE);
1153 if (r < 0)
1154 return r;
91dd5f7c
LP		 1155 } else
1156 r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_JOURNALD_SOCKET, true, UNIT_DEPENDENCY_FILE);
b46a529c
LP		 1157 if (r < 0)
1158 return r;
23a177ef 1159
87f0e418
LP		 1160 return 0;
1161}
1162
87f0e418
LP		 1163const char *unit_description(Unit *u) {
1164 assert(u);
1165
ac155bb8
MS		 1166 if (u->description)
1167 return u->description;
87f0e418 1168
ac155bb8 1169 return strna(u->id);
87f0e418
LP		 1170}
1171
2a8f53c6
ZJS		 1172const char *unit_status_string(Unit *u) {
1173 assert(u);
1174
1175 if (u->manager->status_unit_format == STATUS_UNIT_FORMAT_NAME && u->id)
1176 return u->id;
1177
1178 return unit_description(u);
1179}
1180
87f0e418 1181/* Common implementation for multiple backends */
c3620770 1182int unit_load_fragment_and_dropin(Unit *u, bool fragment_required) {
23a177ef
LP		 1183 int r;
1184
1185 assert(u);
23a177ef 1186
e48614c4 1187 /* Load a .{service,socket,...} file */
4ad49000
LP		 1188 r = unit_load_fragment(u);
1189 if (r < 0)
23a177ef
LP		 1190 return r;
1191
c3620770
ZJS		 1192 if (u->load_state == UNIT_STUB) {
1193 if (fragment_required)
1194 return -ENOENT;
1195
1196 u->load_state = UNIT_LOADED;
1197 }
23a177ef 1198
9e4ea9cc
ZJS		 1199 /* Load drop-in directory data. If u is an alias, we might be reloading the
1200 * target unit needlessly. But we cannot be sure which drops-ins have already
1201 * been loaded and which not, at least without doing complicated book-keeping,
1202 * so let's always reread all drop-ins. */
c9e06956
ZJS		 1203 r = unit_load_dropin(unit_follow_merge(u));
1204 if (r < 0)
1205 return r;
1206
1207 if (u->source_path) {
1208 struct stat st;
1209
1210 if (stat(u->source_path, &st) >= 0)
1211 u->source_mtime = timespec_load(&st.st_mtim);
1212 else
1213 u->source_mtime = 0;
1214 }
1215
1216 return 0;
23a177ef
LP		 1217}
1218
19496554
MS		 1219void unit_add_to_target_deps_queue(Unit *u) {
1220 Manager *m = u->manager;
1221
1222 assert(u);
1223
1224 if (u->in_target_deps_queue)
1225 return;
1226
1227 LIST_PREPEND(target_deps_queue, m->target_deps_queue, u);
1228 u->in_target_deps_queue = true;
1229}
1230
bba34eed 1231int unit_add_default_target_dependency(Unit *u, Unit *target) {
98bc2000
LP		 1232 assert(u);
1233 assert(target);
1234
ac155bb8 1235 if (target->type != UNIT_TARGET)
98bc2000
LP		 1236 return 0;
1237
35b8ca3a 1238 /* Only add the dependency if both units are loaded, so that
bba34eed 1239 * that loop check below is reliable */
ac155bb8
MS		 1240 if (u->load_state != UNIT_LOADED ||
1241 target->load_state != UNIT_LOADED)
bba34eed
LP		 1242 return 0;
1243
21256a2b
LP		 1244 /* If either side wants no automatic dependencies, then let's
1245 * skip this */
ac155bb8
MS		 1246 if (!u->default_dependencies ||
1247 !target->default_dependencies)
21256a2b
LP		 1248 return 0;
1249
98bc2000 1250 /* Don't create loops */
eef85c4a 1251 if (hashmap_get(target->dependencies[UNIT_BEFORE], u))
98bc2000
LP		 1252 return 0;
1253
eef85c4a 1254 return unit_add_dependency(target, UNIT_AFTER, u, true, UNIT_DEPENDENCY_DEFAULT);
98bc2000
LP		 1255}
1256
e954c9cf
LP		 1257static int unit_add_slice_dependencies(Unit *u) {
1258 assert(u);
b81884e7 1259
35b7ff80 1260 if (!UNIT_HAS_CGROUP_CONTEXT(u))
e954c9cf
LP		 1261 return 0;
1262
eef85c4a
LP		 1263 /* Slice units are implicitly ordered against their parent slices (as this relationship is encoded in the
1264 name), while all other units are ordered based on configuration (as in their case Slice= configures the
1265 relationship). */
f6173cb9 1266 UnitDependencyMask mask = u->type == UNIT_SLICE ? UNIT_DEPENDENCY_IMPLICIT : UNIT_DEPENDENCY_FILE;
eef85c4a 1267
e954c9cf 1268 if (UNIT_ISSET(u->slice))
eef85c4a 1269 return unit_add_two_dependencies(u, UNIT_AFTER, UNIT_REQUIRES, UNIT_DEREF(u->slice), true, mask);
e954c9cf 1270
8c8da0e0 1271 if (unit_has_name(u, SPECIAL_ROOT_SLICE))
d1fab3fe
ZJS		 1272 return 0;
1273
5a724170 1274 return unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_REQUIRES, SPECIAL_ROOT_SLICE, true, mask);
98bc2000
LP		 1275}
1276
e954c9cf 1277static int unit_add_mount_dependencies(Unit *u) {
eef85c4a
LP		 1278 UnitDependencyInfo di;
1279 const char *path;
9588bc32
LP		 1280 int r;
1281
1282 assert(u);
1283
90e74a66 1284 HASHMAP_FOREACH_KEY(di.data, path, u->requires_mounts_for) {
eef85c4a 1285 char prefix[strlen(path) + 1];
9588bc32 1286
eef85c4a 1287 PATH_FOREACH_PREFIX_MORE(prefix, path) {
c7c89abb 1288 _cleanup_free_ char *p = NULL;
9588bc32
LP		 1289 Unit *m;
1290
c7c89abb 1291 r = unit_name_from_path(prefix, ".mount", &p);
9588bc32
LP		 1292 if (r < 0)
1293 return r;
c7c89abb
FB		 1294
1295 m = manager_get_unit(u->manager, p);
1296 if (!m) {
1297 /* Make sure to load the mount unit if
1298 * it exists. If so the dependencies
1299 * on this unit will be added later
1300 * during the loading of the mount
1301 * unit. */
1302 (void) manager_load_unit_prepare(u->manager, p, NULL, NULL, &m);
9588bc32 1303 continue;
c7c89abb 1304 }
9588bc32
LP		 1305 if (m == u)
1306 continue;
1307
1308 if (m->load_state != UNIT_LOADED)
1309 continue;
1310
eef85c4a 1311 r = unit_add_dependency(u, UNIT_AFTER, m, true, di.origin_mask);
9588bc32
LP		 1312 if (r < 0)
1313 return r;
1314
1315 if (m->fragment_path) {
eef85c4a 1316 r = unit_add_dependency(u, UNIT_REQUIRES, m, true, di.origin_mask);
9588bc32
LP		 1317 if (r < 0)
1318 return r;
1319 }
1320 }
1321 }
1322
1323 return 0;
1324}
1325
a2db0225
AZ		 1326static int unit_add_oomd_dependencies(Unit *u) {
1327 CGroupContext *c;
1328 bool wants_oomd;
1329 int r;
1330
1331 assert(u);
1332
1333 if (!u->default_dependencies)
1334 return 0;
1335
1336 c = unit_get_cgroup_context(u);
1337 if (!c)
1338 return 0;
1339
1340 wants_oomd = (c->moom_swap == MANAGED_OOM_KILL || c->moom_mem_pressure == MANAGED_OOM_KILL);
1341 if (!wants_oomd)
1342 return 0;
1343
1344 r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, "systemd-oomd.service", true, UNIT_DEPENDENCY_FILE);
1345 if (r < 0)
1346 return r;
1347
1348 return 0;
1349}
1350
95ae05c0
WC		 1351static int unit_add_startup_units(Unit *u) {
1352 CGroupContext *c;
95ae05c0
WC		 1353
1354 c = unit_get_cgroup_context(u);
db785129
LP		 1355 if (!c)
1356 return 0;
1357
d53d9474 1358 if (c->startup_cpu_shares == CGROUP_CPU_SHARES_INVALID &&
13c31542 1359 c->startup_io_weight == CGROUP_WEIGHT_INVALID &&
d53d9474 1360 c->startup_blockio_weight == CGROUP_BLKIO_WEIGHT_INVALID)
db785129
LP		 1361 return 0;
1362
de7fef4b 1363 return set_ensure_put(&u->manager->startup_units, NULL, u);
95ae05c0
WC		 1364}
1365
87f0e418
LP		 1366int unit_load(Unit *u) {
1367 int r;
1368
1369 assert(u);
1370
ac155bb8 1371 if (u->in_load_queue) {
71fda00f 1372 LIST_REMOVE(load_queue, u->manager->load_queue, u);
ac155bb8 1373 u->in_load_queue = false;
87f0e418
LP		 1374 }
1375
ac155bb8 1376 if (u->type == _UNIT_TYPE_INVALID)
e537352b
LP		 1377 return -EINVAL;
1378
ac155bb8 1379 if (u->load_state != UNIT_STUB)
87f0e418
LP		 1380 return 0;
1381
4f4afc88 1382 if (u->transient_file) {
66fa4bdd
LP		 1383 /* Finalize transient file: if this is a transient unit file, as soon as we reach unit_load() the setup
1384 * is complete, hence let's synchronize the unit file we just wrote to disk. */
1385
4f4afc88
LP		 1386 r = fflush_and_check(u->transient_file);
1387 if (r < 0)
1388 goto fail;
1389
50fb00b7 1390 u->transient_file = safe_fclose(u->transient_file);
f76707da 1391 u->fragment_mtime = now(CLOCK_REALTIME);
4f4afc88
LP		 1392 }
1393
c3784a7d
ZJS		 1394 r = UNIT_VTABLE(u)->load(u);
1395 if (r < 0)
23a177ef 1396 goto fail;
c3784a7d
ZJS		 1397
1398 assert(u->load_state != UNIT_STUB);
23a177ef 1399
7c8fa05c 1400 if (u->load_state == UNIT_LOADED) {
19496554 1401 unit_add_to_target_deps_queue(u);
e954c9cf
LP		 1402
1403 r = unit_add_slice_dependencies(u);
1404 if (r < 0)
1405 goto fail;
c2756a68 1406
e954c9cf 1407 r = unit_add_mount_dependencies(u);
7c8fa05c 1408 if (r < 0)
c2756a68 1409 goto fail;
7c8fa05c 1410
a2db0225
AZ		 1411 r = unit_add_oomd_dependencies(u);
1412 if (r < 0)
1413 goto fail;
1414
95ae05c0
WC		 1415 r = unit_add_startup_units(u);
1416 if (r < 0)
1417 goto fail;
1418
eef85c4a 1419 if (u->on_failure_job_mode == JOB_ISOLATE && hashmap_size(u->dependencies[UNIT_ON_FAILURE]) > 1) {
d85ff944
YW		 1420 r = log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOEXEC),
1421 "More than one OnFailure= dependencies specified but OnFailureJobMode=isolate set. Refusing.");
c2756a68
LP		 1422 goto fail;
1423 }
bc432dc7 1424
a2df3ea4
MK		 1425 if (u->job_running_timeout != USEC_INFINITY && u->job_running_timeout > u->job_timeout)
1426 log_unit_warning(u, "JobRunningTimeoutSec= is greater than JobTimeoutSec=, it has no effect.");
1427
5af88058
LP		 1428 /* We finished loading, let's ensure our parents recalculate the members mask */
1429 unit_invalidate_cgroup_members_masks(u);
f68319bb
LP		 1430 }
1431
ac155bb8 1432 assert((u->load_state != UNIT_MERGED) == !u->merged_into);
23a177ef
LP		 1433
1434 unit_add_to_dbus_queue(unit_follow_merge(u));
701cc384 1435 unit_add_to_gc_queue(u);
f561e8c6 1436 (void) manager_varlink_send_managed_oom_update(u);
87f0e418 1437
87f0e418
LP		 1438 return 0;
1439
1440fail:
81be2388
ZJS		 1441 /* We convert ENOEXEC errors to the UNIT_BAD_SETTING load state here. Configuration parsing code
1442 * should hence return ENOEXEC to ensure units are placed in this state after loading. */
c4555ad8
LP		 1443
1444 u->load_state = u->load_state == UNIT_STUB ? UNIT_NOT_FOUND :
1445 r == -ENOEXEC ? UNIT_BAD_SETTING :
1446 UNIT_ERROR;
ac155bb8 1447 u->load_error = r;
c4555ad8 1448
c149d2b4
ZJS		 1449 /* Record the timestamp on the cache, so that if the cache gets updated between now and the next time
1450 * an attempt is made to load this unit, we know we need to check again. */
7233e91a 1451 if (u->load_state == UNIT_NOT_FOUND)
c2911d48 1452 u->fragment_not_found_timestamp_hash = u->manager->unit_cache_timestamp_hash;
7233e91a 1453
c1e1601e 1454 unit_add_to_dbus_queue(u);
9a46fc3b 1455 unit_add_to_gc_queue(u);
23a177ef 1456
c4555ad8 1457 return log_unit_debug_errno(u, r, "Failed to load configuration: %m");
87f0e418
LP		 1458}
1459
f9f88198
YW		 1460_printf_(7, 8)
1461static int log_unit_internal(void *userdata, int level, int error, const char *file, int line, const char *func, const char *format, ...) {
1462 Unit *u = userdata;
1463 va_list ap;
1464 int r;
49365733 1465
c2503e35
RH		 1466 if (u && !unit_log_level_test(u, level))
1467 return -ERRNO_VALUE(error);
1468
f9f88198
YW		 1469 va_start(ap, format);
1470 if (u)
1471 r = log_object_internalv(level, error, file, line, func,
1472 u->manager->unit_log_field,
1473 u->id,
1474 u->manager->invocation_log_field,
1475 u->invocation_id_string,
1476 format, ap);
1477 else
1478 r = log_internalv(level, error, file, line, func, format, ap);
1479 va_end(ap);
49365733 1480
f9f88198 1481 return r;
49365733
LP		 1482}
1483
97a3f4ee 1484static bool unit_test_condition(Unit *u) {
a0b191b7
LP		 1485 _cleanup_strv_free_ char **env = NULL;
1486 int r;
1487
90bbc946
LP		 1488 assert(u);
1489
ac155bb8 1490 dual_timestamp_get(&u->condition_timestamp);
90bbc946 1491
a0b191b7
LP		 1492 r = manager_get_effective_environment(u->manager, &env);
1493 if (r < 0) {
1494 log_unit_error_errno(u, r, "Failed to determine effective environment: %m");
1495 u->condition_result = CONDITION_ERROR;
1496 } else
1497 u->condition_result = condition_test_list(
1498 u->conditions,
1499 env,
1500 condition_type_to_string,
1501 log_unit_internal,
1502 u);
e18f8852 1503
a0b191b7 1504 unit_add_to_dbus_queue(u);
ac155bb8 1505 return u->condition_result;
90bbc946
LP		 1506}
1507
97a3f4ee 1508static bool unit_test_assert(Unit *u) {
a0b191b7
LP		 1509 _cleanup_strv_free_ char **env = NULL;
1510 int r;
1511
59fccdc5
LP		 1512 assert(u);
1513
1514 dual_timestamp_get(&u->assert_timestamp);
59fccdc5 1515
a0b191b7
LP		 1516 r = manager_get_effective_environment(u->manager, &env);
1517 if (r < 0) {
1518 log_unit_error_errno(u, r, "Failed to determine effective environment: %m");
1519 u->assert_result = CONDITION_ERROR;
1520 } else
1521 u->assert_result = condition_test_list(
1522 u->asserts,
1523 env,
1524 assert_type_to_string,
1525 log_unit_internal,
1526 u);
e18f8852 1527
a0b191b7 1528 unit_add_to_dbus_queue(u);
59fccdc5
LP		 1529 return u->assert_result;
1530}
1531
5bcf34eb 1532void unit_status_printf(Unit *u, StatusType status_type, const char *status, const char *unit_status_msg_format) {
5b262f74
LP		 1533 const char *d;
1534
2a8f53c6 1535 d = unit_status_string(u);
5b262f74
LP		 1536 if (log_get_show_color())
1537 d = strjoina(ANSI_HIGHLIGHT, d, ANSI_NORMAL);
1538
df446f96 1539 DISABLE_WARNING_FORMAT_NONLITERAL;
5bcf34eb 1540 manager_status_printf(u->manager, status_type, status, unit_status_msg_format, d);
df446f96
LP		 1541 REENABLE_WARNING;
1542}
1543
97a3f4ee 1544int unit_test_start_limit(Unit *u) {
429926e9
TR		 1545 const char *reason;
1546
6bf0f408
LP		 1547 assert(u);
1548
7bf081a1 1549 if (ratelimit_below(&u->start_ratelimit)) {
6bf0f408
LP		 1550 u->start_limit_hit = false;
1551 return 0;
1552 }
1553
1554 log_unit_warning(u, "Start request repeated too quickly.");
1555 u->start_limit_hit = true;
1556
429926e9
TR		 1557 reason = strjoina("unit ", u->id, " failed");
1558
36c4dc08
LP		 1559 emergency_action(u->manager, u->start_limit_action,
1560 EMERGENCY_ACTION_IS_WATCHDOG|EMERGENCY_ACTION_WARN,
1561 u->reboot_arg, -1, reason);
1562
1563 return -ECANCELED;
6bf0f408
LP		 1564}
1565
c891efaf 1566bool unit_shall_confirm_spawn(Unit *u) {
631b676b 1567 assert(u);
c891efaf
FB		 1568
1569 if (manager_is_confirm_spawn_disabled(u->manager))
1570 return false;
1571
1572 /* For some reasons units remaining in the same process group
1573 * as PID 1 fail to acquire the console even if it's not used
1574 * by any process. So skip the confirmation question for them. */
1575 return !unit_get_exec_context(u)->same_pgrp;
1576}
1577
631b676b
LP		 1578static bool unit_verify_deps(Unit *u) {
1579 Unit *other;
eef85c4a 1580 void *v;
631b676b
LP		 1581
1582 assert(u);
1583
1584 /* Checks whether all BindsTo= dependencies of this unit are fulfilled — if they are also combined with
1585 * After=. We do not check Requires= or Requisite= here as they only should have an effect on the job
1586 * processing, but do not have any effect afterwards. We don't check BindsTo= dependencies that are not used in
1587 * conjunction with After= as for them any such check would make things entirely racy. */
1588
90e74a66 1589 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_BINDS_TO]) {
631b676b 1590
eef85c4a 1591 if (!hashmap_contains(u->dependencies[UNIT_AFTER], other))
631b676b
LP		 1592 continue;
1593
1594 if (!UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(other))) {
1595 log_unit_notice(u, "Bound to unit %s, but unit isn't active.", other->id);
1596 return false;
1597 }
1598 }
1599
1600 return true;
1601}
1602
9adb6959 1603/* Errors that aren't really errors:
6bf0f408 1604 * -EALREADY: Unit is already started.
9adb6959 1605 * -ECOMM: Condition failed
6bf0f408 1606 * -EAGAIN: An operation is already in progress. Retry later.
9adb6959
LP		 1607 *
1608 * Errors that are real errors:
1609 * -EBADR: This unit type does not support starting.
2de9b979 1610 * -ECANCELED: Start limit hit, too many requests for now
6bf0f408
LP		 1611 * -EPROTO: Assert failed
1612 * -EINVAL: Unit not loaded
1613 * -EOPNOTSUPP: Unit type not supported
631b676b 1614 * -ENOLINK: The necessary dependencies are not fulfilled.
d4fd1cf2 1615 * -ESTALE: This unit has been started before and can't be started a second time
a4191c9f 1616 * -ENOENT: This is a triggering unit and unit to trigger is not loaded
87f0e418
LP		 1617 */
1618int unit_start(Unit *u) {
1619 UnitActiveState state;
92ab323c 1620 Unit *following;
87f0e418
LP		 1621
1622 assert(u);
1623
5766aca8
LP		 1624 /* If this is already started, then this will succeed. Note that this will even succeed if this unit
1625 * is not startable by the user. This is relied on to detect when we need to wait for units and when
1626 * waiting is finished. */
87f0e418
LP		 1627 state = unit_active_state(u);
1628 if (UNIT_IS_ACTIVE_OR_RELOADING(state))
1629 return -EALREADY;
380dc8b0
LP		 1630 if (state == UNIT_MAINTENANCE)
1631 return -EAGAIN;
87f0e418 1632
6bf0f408
LP		 1633 /* Units that aren't loaded cannot be started */
1634 if (u->load_state != UNIT_LOADED)
1635 return -EINVAL;
1636
d4fd1cf2
LP		 1637 /* Refuse starting scope units more than once */
1638 if (UNIT_VTABLE(u)->once_only && dual_timestamp_is_set(&u->inactive_enter_timestamp))
1639 return -ESTALE;
1640
5766aca8
LP		 1641 /* If the conditions failed, don't do anything at all. If we already are activating this call might
1642 * still be useful to speed up activation in case there is some hold-off time, but we don't want to
1643 * recheck the condition in that case. */
a82e5507 1644 if (state != UNIT_ACTIVATING &&
5af6aa58 1645 !unit_test_condition(u))
5766aca8 1646 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(ECOMM), "Starting requested but condition failed. Not starting unit.");
52661efd 1647
59fccdc5
LP		 1648 /* If the asserts failed, fail the entire job */
1649 if (state != UNIT_ACTIVATING &&
5766aca8
LP		 1650 !unit_test_assert(u))
1651 return log_unit_notice_errno(u, SYNTHETIC_ERRNO(EPROTO), "Starting requested but asserts failed.");
59fccdc5 1652
5766aca8
LP		 1653 /* Units of types that aren't supported cannot be started. Note that we do this test only after the
1654 * condition checks, so that we rather return condition check errors (which are usually not
1655 * considered a true failure) than "not supported" errors (which are considered a failure).
d11a7645 1656 */
96cf3ec9 1657 if (!unit_type_supported(u->type))
d11a7645
LP		 1658 return -EOPNOTSUPP;
1659
5766aca8
LP		 1660 /* Let's make sure that the deps really are in order before we start this. Normally the job engine
1661 * should have taken care of this already, but let's check this here again. After all, our
1662 * dependencies might not be in effect anymore, due to a reload or due to a failed condition. */
631b676b
LP		 1663 if (!unit_verify_deps(u))
1664 return -ENOLINK;
1665
92ab323c 1666 /* Forward to the main object, if we aren't it. */
52990c2e
ZJS		 1667 following = unit_following(u);
1668 if (following) {
f2341e0a 1669 log_unit_debug(u, "Redirecting start request from %s to %s.", u->id, following->id);
92ab323c
LP		 1670 return unit_start(following);
1671 }
1672
1673 /* If it is stopped, but we cannot start it, then fail */
1674 if (!UNIT_VTABLE(u)->start)
1675 return -EBADR;
1676
5766aca8
LP		 1677 /* We don't suppress calls to ->start() here when we are already starting, to allow this request to
1678 * be used as a "hurry up" call, for example when the unit is in some "auto restart" state where it
1679 * waits for a holdoff timer to elapse before it will start again. */
87f0e418 1680
c1e1601e 1681 unit_add_to_dbus_queue(u);
d9e45bc3 1682 unit_cgroup_freezer_action(u, FREEZER_THAW);
9e58ff9c 1683
d1a34ae9 1684 return UNIT_VTABLE(u)->start(u);
87f0e418
LP		 1685}
1686
1687bool unit_can_start(Unit *u) {
1688 assert(u);
1689
8ff4d2ab
LP		 1690 if (u->load_state != UNIT_LOADED)
1691 return false;
1692
96cf3ec9 1693 if (!unit_type_supported(u->type))
8ff4d2ab
LP		 1694 return false;
1695
d4fd1cf2
LP		 1696 /* Scope units may be started only once */
1697 if (UNIT_VTABLE(u)->once_only && dual_timestamp_is_set(&u->inactive_exit_timestamp))
1698 return false;
1699
87f0e418
LP		 1700 return !!UNIT_VTABLE(u)->start;
1701}
1702
2528a7a6
LP		 1703bool unit_can_isolate(Unit *u) {
1704 assert(u);
1705
1706 return unit_can_start(u) &&
ac155bb8 1707 u->allow_isolate;
2528a7a6
LP		 1708}
1709
87f0e418
LP		 1710/* Errors:
1711 * -EBADR: This unit type does not support stopping.
1712 * -EALREADY: Unit is already stopped.
1713 * -EAGAIN: An operation is already in progress. Retry later.
1714 */
1715int unit_stop(Unit *u) {
1716 UnitActiveState state;
92ab323c 1717 Unit *following;
87f0e418
LP		 1718
1719 assert(u);
1720
87f0e418 1721 state = unit_active_state(u);
fdf20a31 1722 if (UNIT_IS_INACTIVE_OR_FAILED(state))
87f0e418
LP		 1723 return -EALREADY;
1724
0faacd47
LP		 1725 following = unit_following(u);
1726 if (following) {
f2341e0a 1727 log_unit_debug(u, "Redirecting stop request from %s to %s.", u->id, following->id);
92ab323c
LP		 1728 return unit_stop(following);
1729 }
1730
7898b0cf
LP		 1731 if (!UNIT_VTABLE(u)->stop)
1732 return -EBADR;
1733
c1e1601e 1734 unit_add_to_dbus_queue(u);
d9e45bc3 1735 unit_cgroup_freezer_action(u, FREEZER_THAW);
9e58ff9c 1736
d1a34ae9 1737 return UNIT_VTABLE(u)->stop(u);
87f0e418
LP		 1738}
1739
f5869324
LP		 1740bool unit_can_stop(Unit *u) {
1741 assert(u);
1742
39c79477
ZJS		 1743 /* Note: if we return true here, it does not mean that the unit may be successfully stopped.
1744 * Extrinsic units follow external state and they may stop following external state changes
1745 * (hence we return true here), but an attempt to do this through the manager will fail. */
1746
96cf3ec9 1747 if (!unit_type_supported(u->type))
f5869324
LP		 1748 return false;
1749
1750 if (u->perpetual)
1751 return false;
1752
1753 return !!UNIT_VTABLE(u)->stop;
1754}
1755
87f0e418
LP		 1756/* Errors:
1757 * -EBADR: This unit type does not support reloading.
1758 * -ENOEXEC: Unit is not started.
1759 * -EAGAIN: An operation is already in progress. Retry later.
1760 */
1761int unit_reload(Unit *u) {
1762 UnitActiveState state;
92ab323c 1763 Unit *following;
87f0e418
LP		 1764
1765 assert(u);
1766
ac155bb8 1767 if (u->load_state != UNIT_LOADED)
6124958c
LP		 1768 return -EINVAL;
1769
87f0e418
LP		 1770 if (!unit_can_reload(u))
1771 return -EBADR;
1772
1773 state = unit_active_state(u);
e364ad06 1774 if (state == UNIT_RELOADING)
6255af75 1775 return -EAGAIN;
87f0e418 1776
d85ff944
YW		 1777 if (state != UNIT_ACTIVE)
1778 return log_unit_warning_errno(u, SYNTHETIC_ERRNO(ENOEXEC), "Unit cannot be reloaded because it is inactive.");
87f0e418 1779
e48614c4
ZJS		 1780 following = unit_following(u);
1781 if (following) {
f2341e0a 1782 log_unit_debug(u, "Redirecting reload request from %s to %s.", u->id, following->id);
92ab323c
LP		 1783 return unit_reload(following);
1784 }
1785
c1e1601e 1786 unit_add_to_dbus_queue(u);
82a2b6bb 1787
f54bcca5
JR		 1788 if (!UNIT_VTABLE(u)->reload) {
1789 /* Unit doesn't have a reload function, but we need to propagate the reload anyway */
2ad2e41a 1790 unit_notify(u, unit_active_state(u), unit_active_state(u), 0);
f54bcca5
JR		 1791 return 0;
1792 }
1793
d9e45bc3
MS		 1794 unit_cgroup_freezer_action(u, FREEZER_THAW);
1795
d1a34ae9 1796 return UNIT_VTABLE(u)->reload(u);
87f0e418
LP		 1797}
1798
1799bool unit_can_reload(Unit *u) {
1800 assert(u);
1801
f54bcca5
JR		 1802 if (UNIT_VTABLE(u)->can_reload)
1803 return UNIT_VTABLE(u)->can_reload(u);
87f0e418 1804
eef85c4a 1805 if (!hashmap_isempty(u->dependencies[UNIT_PROPAGATES_RELOAD_TO]))
87f0e418
LP		 1806 return true;
1807
f54bcca5 1808 return UNIT_VTABLE(u)->reload;
87f0e418
LP		 1809}
1810
a3c1168a
LP		 1811bool unit_is_unneeded(Unit *u) {
1812 static const UnitDependency deps[] = {
be7d9ff7 1813 UNIT_REQUIRED_BY,
084918ba 1814 UNIT_REQUISITE_OF,
be7d9ff7
LP		 1815 UNIT_WANTED_BY,
1816 UNIT_BOUND_BY,
1817 };
f3bff0eb
LP		 1818
1819 assert(u);
1820
ac155bb8 1821 if (!u->stop_when_unneeded)
a3c1168a 1822 return false;
f3bff0eb 1823
a3c1168a
LP		 1824 /* Don't clean up while the unit is transitioning or is even inactive. */
1825 if (!UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u)))
1826 return false;
1827 if (u->job)
1828 return false;
f3bff0eb 1829
12375b95 1830 for (size_t j = 0; j < ELEMENTSOF(deps); j++) {
eef85c4a 1831 Unit *other;
eef85c4a
LP		 1832 void *v;
1833
fda09318 1834 /* If a dependent unit has a job queued, is active or transitioning, or is marked for
a3c1168a 1835 * restart, then don't clean this one up. */
b81884e7 1836
90e74a66 1837 HASHMAP_FOREACH_KEY(v, other, u->dependencies[deps[j]]) {
93d4cb09 1838 if (other->job)
a3c1168a
LP		 1839 return false;
1840
1841 if (!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other)))
1842 return false;
1843
1844 if (unit_will_restart(other))
1845 return false;
1846 }
bea355da
LP		 1847 }
1848
a3c1168a
LP		 1849 return true;
1850}
f3bff0eb 1851
a3c1168a
LP		 1852static void check_unneeded_dependencies(Unit *u) {
1853
1854 static const UnitDependency deps[] = {
1855 UNIT_REQUIRES,
1856 UNIT_REQUISITE,
1857 UNIT_WANTS,
1858 UNIT_BINDS_TO,
1859 };
a3c1168a
LP		 1860
1861 assert(u);
1862
1863 /* Add all units this unit depends on to the queue that processes StopWhenUnneeded= behaviour. */
1864
12375b95 1865 for (size_t j = 0; j < ELEMENTSOF(deps); j++) {
a3c1168a 1866 Unit *other;
a3c1168a
LP		 1867 void *v;
1868
90e74a66 1869 HASHMAP_FOREACH_KEY(v, other, u->dependencies[deps[j]])
fda09318 1870 unit_submit_to_stop_when_unneeded_queue(other);
a3c1168a 1871 }
f3bff0eb
LP		 1872}
1873
ff502445 1874static void unit_check_binds_to(Unit *u) {
4afd3348 1875 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
ff502445
LP		 1876 bool stop = false;
1877 Unit *other;
eef85c4a 1878 void *v;
67bfdc97 1879 int r;
ff502445
LP		 1880
1881 assert(u);
1882
1883 if (u->job)
1884 return;
1885
1886 if (unit_active_state(u) != UNIT_ACTIVE)
1887 return;
1888
90e74a66 1889 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_BINDS_TO]) {
ff502445
LP		 1890 if (other->job)
1891 continue;
13ddc3fc
ZJS		 1892
1893 if (!other->coldplugged)
1894 /* We might yet create a job for the other unit… */
1895 continue;
ff502445
LP		 1896
1897 if (!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other)))
1898 continue;
1899
1900 stop = true;
98f738b6 1901 break;
ff502445
LP		 1902 }
1903
1904 if (!stop)
1905 return;
1906
595bfe7d 1907 /* If stopping a unit fails continuously we might enter a stop
67bfdc97
LP		 1908 * loop here, hence stop acting on the service being
1909 * unnecessary after a while. */
7994ac1d 1910 if (!ratelimit_below(&u->auto_stop_ratelimit)) {
67bfdc97
LP		 1911 log_unit_warning(u, "Unit is bound to inactive unit %s, but not stopping since we tried this too often recently.", other->id);
1912 return;
1913 }
1914
98f738b6 1915 assert(other);
f2341e0a 1916 log_unit_info(u, "Unit is bound to inactive unit %s. Stopping, too.", other->id);
ff502445
LP		 1917
1918 /* A unit we need to run is gone. Sniff. Let's stop this. */
50cbaba4 1919 r = manager_add_job(u->manager, JOB_STOP, u, JOB_FAIL, NULL, &error, NULL);
67bfdc97 1920 if (r < 0)
4bd29fe5 1921 log_unit_warning_errno(u, r, "Failed to enqueue stop job, ignoring: %s", bus_error_message(&error, r));
ff502445
LP		 1922}
1923
87f0e418 1924static void retroactively_start_dependencies(Unit *u) {
87f0e418 1925 Unit *other;
eef85c4a 1926 void *v;
87f0e418
LP		 1927
1928 assert(u);
1929 assert(UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(u)));
1930
90e74a66 1931 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_REQUIRES])
eef85c4a 1932 if (!hashmap_get(u->dependencies[UNIT_AFTER], other) &&
b81884e7 1933 !UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(other)))
50cbaba4 1934 manager_add_job(u->manager, JOB_START, other, JOB_REPLACE, NULL, NULL, NULL);
b81884e7 1935
90e74a66 1936 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_BINDS_TO])
eef85c4a 1937 if (!hashmap_get(u->dependencies[UNIT_AFTER], other) &&
b81884e7 1938 !UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(other)))
50cbaba4 1939 manager_add_job(u->manager, JOB_START, other, JOB_REPLACE, NULL, NULL, NULL);
87f0e418 1940
90e74a66 1941 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_WANTS])
eef85c4a 1942 if (!hashmap_get(u->dependencies[UNIT_AFTER], other) &&
b81884e7 1943 !UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(other)))
50cbaba4 1944 manager_add_job(u->manager, JOB_START, other, JOB_FAIL, NULL, NULL, NULL);
87f0e418 1945
90e74a66 1946 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_CONFLICTS])
b81884e7 1947 if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
50cbaba4 1948 manager_add_job(u->manager, JOB_STOP, other, JOB_REPLACE, NULL, NULL, NULL);
69dd2852 1949
90e74a66 1950 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_CONFLICTED_BY])
b81884e7 1951 if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
50cbaba4 1952 manager_add_job(u->manager, JOB_STOP, other, JOB_REPLACE, NULL, NULL, NULL);
87f0e418
LP		 1953}
1954
1955static void retroactively_stop_dependencies(Unit *u) {
87f0e418 1956 Unit *other;
eef85c4a 1957 void *v;
87f0e418
LP		 1958
1959 assert(u);
1960 assert(UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(u)));
1961
b81884e7 1962 /* Pull down units which are bound to us recursively if enabled */
90e74a66 1963 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_BOUND_BY])
b81884e7 1964 if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
50cbaba4 1965 manager_add_job(u->manager, JOB_STOP, other, JOB_REPLACE, NULL, NULL, NULL);
cd0504d0
MS		 1966}
1967
3ecaa09b 1968void unit_start_on_failure(Unit *u) {
c0daa706 1969 Unit *other;
eef85c4a 1970 void *v;
7f66b026 1971 int r;
c0daa706
LP		 1972
1973 assert(u);
1974
eef85c4a 1975 if (hashmap_size(u->dependencies[UNIT_ON_FAILURE]) <= 0)
222ae6a8
LP		 1976 return;
1977
f2341e0a 1978 log_unit_info(u, "Triggering OnFailure= dependencies.");
222ae6a8 1979
90e74a66 1980 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_ON_FAILURE]) {
7f66b026 1981 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
222ae6a8 1982
50cbaba4 1983 r = manager_add_job(u->manager, JOB_START, other, u->on_failure_job_mode, NULL, &error, NULL);
c1b6628d 1984 if (r < 0)
7f66b026 1985 log_unit_warning_errno(u, r, "Failed to enqueue OnFailure= job, ignoring: %s", bus_error_message(&error, r));
222ae6a8 1986 }
c0daa706
LP		 1987}
1988
3ecaa09b
LP		 1989void unit_trigger_notify(Unit *u) {
1990 Unit *other;
eef85c4a 1991 void *v;
3ecaa09b
LP		 1992
1993 assert(u);
1994
90e74a66 1995 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_TRIGGERED_BY])
3ecaa09b
LP		 1996 if (UNIT_VTABLE(other)->trigger_notify)
1997 UNIT_VTABLE(other)->trigger_notify(other, u);
1998}
1999
37109b85
ZJS		 2000static int raise_level(int log_level, bool condition_info, bool condition_notice) {
2001 if (condition_notice && log_level > LOG_NOTICE)
2002 return LOG_NOTICE;
2003 if (condition_info && log_level > LOG_INFO)
2004 return LOG_INFO;
2005 return log_level;
2006}
2007
915b1d01 2008static int unit_log_resources(Unit *u) {
bc40a20e
LP		 2009 struct iovec iovec[1 + _CGROUP_IP_ACCOUNTING_METRIC_MAX + _CGROUP_IO_ACCOUNTING_METRIC_MAX + 4];
2010 bool any_traffic = false, have_ip_accounting = false, any_io = false, have_io_accounting = false;
2011 _cleanup_free_ char *igress = NULL, *egress = NULL, *rr = NULL, *wr = NULL;
162392b7 2012 int log_level = LOG_DEBUG; /* May be raised if resources consumed over a threshold */
915b1d01 2013 size_t n_message_parts = 0, n_iovec = 0;
bc40a20e 2014 char* message_parts[1 + 2 + 2 + 1], *t;
915b1d01 2015 nsec_t nsec = NSEC_INFINITY;
915b1d01
LP		 2016 int r;
2017 const char* const ip_fields[_CGROUP_IP_ACCOUNTING_METRIC_MAX] = {
2018 [CGROUP_IP_INGRESS_BYTES] = "IP_METRIC_INGRESS_BYTES",
2019 [CGROUP_IP_INGRESS_PACKETS] = "IP_METRIC_INGRESS_PACKETS",
2020 [CGROUP_IP_EGRESS_BYTES] = "IP_METRIC_EGRESS_BYTES",
2021 [CGROUP_IP_EGRESS_PACKETS] = "IP_METRIC_EGRESS_PACKETS",
2022 };
bc40a20e
LP		 2023 const char* const io_fields[_CGROUP_IO_ACCOUNTING_METRIC_MAX] = {
2024 [CGROUP_IO_READ_BYTES] = "IO_METRIC_READ_BYTES",
2025 [CGROUP_IO_WRITE_BYTES] = "IO_METRIC_WRITE_BYTES",
2026 [CGROUP_IO_READ_OPERATIONS] = "IO_METRIC_READ_OPERATIONS",
2027 [CGROUP_IO_WRITE_OPERATIONS] = "IO_METRIC_WRITE_OPERATIONS",
2028 };
915b1d01
LP		 2029
2030 assert(u);
2031
2032 /* Invoked whenever a unit enters failed or dead state. Logs information about consumed resources if resource
2033 * accounting was enabled for a unit. It does this in two ways: a friendly human readable string with reduced
2034 * information and the complete data in structured fields. */
2035
2036 (void) unit_get_cpu_usage(u, &nsec);
2037 if (nsec != NSEC_INFINITY) {
2038 char buf[FORMAT_TIMESPAN_MAX] = "";
2039
2040 /* Format the CPU time for inclusion in the structured log message */
2041 if (asprintf(&t, "CPU_USAGE_NSEC=%" PRIu64, nsec) < 0) {
2042 r = log_oom();
2043 goto finish;
2044 }
2045 iovec[n_iovec++] = IOVEC_MAKE_STRING(t);
2046
2047 /* Format the CPU time for inclusion in the human language message string */
2048 format_timespan(buf, sizeof(buf), nsec / NSEC_PER_USEC, USEC_PER_MSEC);
ec9d636b 2049 t = strjoin("consumed ", buf, " CPU time");
915b1d01
LP		 2050 if (!t) {
2051 r = log_oom();
2052 goto finish;
2053 }
2054
2055 message_parts[n_message_parts++] = t;
37109b85
ZJS		 2056
2057 log_level = raise_level(log_level,
2058 nsec > NOTICEWORTHY_CPU_NSEC,
2059 nsec > MENTIONWORTHY_CPU_NSEC);
915b1d01
LP		 2060 }
2061
bc40a20e
LP		 2062 for (CGroupIOAccountingMetric k = 0; k < _CGROUP_IO_ACCOUNTING_METRIC_MAX; k++) {
2063 char buf[FORMAT_BYTES_MAX] = "";
2064 uint64_t value = UINT64_MAX;
2065
2066 assert(io_fields[k]);
2067
2068 (void) unit_get_io_accounting(u, k, k > 0, &value);
2069 if (value == UINT64_MAX)
2070 continue;
2071
2072 have_io_accounting = true;
2073 if (value > 0)
2074 any_io = true;
2075
2076 /* Format IO accounting data for inclusion in the structured log message */
2077 if (asprintf(&t, "%s=%" PRIu64, io_fields[k], value) < 0) {
2078 r = log_oom();
2079 goto finish;
2080 }
2081 iovec[n_iovec++] = IOVEC_MAKE_STRING(t);
2082
2083 /* Format the IO accounting data for inclusion in the human language message string, but only
2084 * for the bytes counters (and not for the operations counters) */
2085 if (k == CGROUP_IO_READ_BYTES) {
2086 assert(!rr);
2087 rr = strjoin("read ", format_bytes(buf, sizeof(buf), value), " from disk");
2088 if (!rr) {
2089 r = log_oom();
2090 goto finish;
2091 }
2092 } else if (k == CGROUP_IO_WRITE_BYTES) {
2093 assert(!wr);
2094 wr = strjoin("written ", format_bytes(buf, sizeof(buf), value), " to disk");
2095 if (!wr) {
2096 r = log_oom();
2097 goto finish;
2098 }
2099 }
37109b85
ZJS		 2100
2101 if (IN_SET(k, CGROUP_IO_READ_BYTES, CGROUP_IO_WRITE_BYTES))
2102 log_level = raise_level(log_level,
2103 value > MENTIONWORTHY_IO_BYTES,
2104 value > NOTICEWORTHY_IO_BYTES);
bc40a20e
LP		 2105 }
2106
2107 if (have_io_accounting) {
2108 if (any_io) {
2109 if (rr)
2110 message_parts[n_message_parts++] = TAKE_PTR(rr);
2111 if (wr)
2112 message_parts[n_message_parts++] = TAKE_PTR(wr);
2113
2114 } else {
2115 char *k;
2116
2117 k = strdup("no IO");
2118 if (!k) {
2119 r = log_oom();
2120 goto finish;
2121 }
2122
2123 message_parts[n_message_parts++] = k;
2124 }
2125 }
2126
12375b95 2127 for (CGroupIPAccountingMetric m = 0; m < _CGROUP_IP_ACCOUNTING_METRIC_MAX; m++) {
915b1d01
LP		 2128 char buf[FORMAT_BYTES_MAX] = "";
2129 uint64_t value = UINT64_MAX;
2130
2131 assert(ip_fields[m]);
2132
2133 (void) unit_get_ip_accounting(u, m, &value);
2134 if (value == UINT64_MAX)
2135 continue;
82044702
LP		 2136
2137 have_ip_accounting = true;
a87b1faa
LP		 2138 if (value > 0)
2139 any_traffic = true;
915b1d01
LP		 2140
2141 /* Format IP accounting data for inclusion in the structured log message */
2142 if (asprintf(&t, "%s=%" PRIu64, ip_fields[m], value) < 0) {
2143 r = log_oom();
2144 goto finish;
2145 }
2146 iovec[n_iovec++] = IOVEC_MAKE_STRING(t);
2147
2148 /* Format the IP accounting data for inclusion in the human language message string, but only for the
2149 * bytes counters (and not for the packets counters) */
a87b1faa
LP		 2150 if (m == CGROUP_IP_INGRESS_BYTES) {
2151 assert(!igress);
ec9d636b 2152 igress = strjoin("received ", format_bytes(buf, sizeof(buf), value), " IP traffic");
a87b1faa
LP		 2153 if (!igress) {
2154 r = log_oom();
2155 goto finish;
2156 }
2157 } else if (m == CGROUP_IP_EGRESS_BYTES) {
2158 assert(!egress);
ec9d636b 2159 egress = strjoin("sent ", format_bytes(buf, sizeof(buf), value), " IP traffic");
a87b1faa
LP		 2160 if (!egress) {
2161 r = log_oom();
2162 goto finish;
2163 }
2164 }
37109b85
ZJS		 2165
2166 if (IN_SET(m, CGROUP_IP_INGRESS_BYTES, CGROUP_IP_EGRESS_BYTES))
2167 log_level = raise_level(log_level,
2168 value > MENTIONWORTHY_IP_BYTES,
2169 value > NOTICEWORTHY_IP_BYTES);
a87b1faa
LP		 2170 }
2171
c2503e35
RH		 2172 /* This check is here because it is the earliest point following all possible log_level assignments. If
2173 * log_level is assigned anywhere after this point, move this check. */
2174 if (!unit_log_level_test(u, log_level)) {
2175 r = 0;
2176 goto finish;
2177 }
2178
82044702
LP		 2179 if (have_ip_accounting) {
2180 if (any_traffic) {
2181 if (igress)
2182 message_parts[n_message_parts++] = TAKE_PTR(igress);
2183 if (egress)
2184 message_parts[n_message_parts++] = TAKE_PTR(egress);
a87b1faa 2185
82044702
LP		 2186 } else {
2187 char *k;
915b1d01 2188
82044702
LP		 2189 k = strdup("no IP traffic");
2190 if (!k) {
2191 r = log_oom();
2192 goto finish;
2193 }
2194
2195 message_parts[n_message_parts++] = k;
2196 }
915b1d01
LP		 2197 }
2198
2199 /* Is there any accounting data available at all? */
2200 if (n_iovec == 0) {
2201 r = 0;
2202 goto finish;
2203 }
2204
2205 if (n_message_parts == 0)
a87b1faa 2206 t = strjoina("MESSAGE=", u->id, ": Completed.");
915b1d01 2207 else {
c2b2df60 2208 _cleanup_free_ char *joined = NULL;
915b1d01
LP		 2209
2210 message_parts[n_message_parts] = NULL;
2211
2212 joined = strv_join(message_parts, ", ");
2213 if (!joined) {
2214 r = log_oom();
2215 goto finish;
2216 }
2217
ec9d636b 2218 joined[0] = ascii_toupper(joined[0]);
a87b1faa 2219 t = strjoina("MESSAGE=", u->id, ": ", joined, ".");
915b1d01
LP		 2220 }
2221
2222 /* The following four fields we allocate on the stack or are static strings, we hence don't want to free them,
2223 * and hence don't increase n_iovec for them */
2224 iovec[n_iovec] = IOVEC_MAKE_STRING(t);
2225 iovec[n_iovec + 1] = IOVEC_MAKE_STRING("MESSAGE_ID=" SD_MESSAGE_UNIT_RESOURCES_STR);
2226
2227 t = strjoina(u->manager->unit_log_field, u->id);
2228 iovec[n_iovec + 2] = IOVEC_MAKE_STRING(t);
2229
2230 t = strjoina(u->manager->invocation_log_field, u->invocation_id_string);
2231 iovec[n_iovec + 3] = IOVEC_MAKE_STRING(t);
2232
c2503e35 2233 log_unit_struct_iovec(u, log_level, iovec, n_iovec + 4);
915b1d01
LP		 2234 r = 0;
2235
2236finish:
12375b95 2237 for (size_t i = 0; i < n_message_parts; i++)
915b1d01
LP		 2238 free(message_parts[i]);
2239
12375b95 2240 for (size_t i = 0; i < n_iovec; i++)
915b1d01
LP		 2241 free(iovec[i].iov_base);
2242
2243 return r;
2244
2245}
2246
adefcf28
LP		 2247static void unit_update_on_console(Unit *u) {
2248 bool b;
2249
2250 assert(u);
2251
2252 b = unit_needs_console(u);
2253 if (u->on_console == b)
2254 return;
2255
2256 u->on_console = b;
2257 if (b)
2258 manager_ref_console(u->manager);
2259 else
2260 manager_unref_console(u->manager);
adefcf28
LP		 2261}
2262
6eb65e7c
LP		 2263static void unit_emit_audit_start(Unit *u) {
2264 assert(u);
2265
2266 if (u->type != UNIT_SERVICE)
2267 return;
2268
2269 /* Write audit record if we have just finished starting up */
2270 manager_send_unit_audit(u->manager, u, AUDIT_SERVICE_START, true);
2271 u->in_audit = true;
2272}
2273
2274static void unit_emit_audit_stop(Unit *u, UnitActiveState state) {
2275 assert(u);
2276
2277 if (u->type != UNIT_SERVICE)
2278 return;
2279
2280 if (u->in_audit) {
2281 /* Write audit record if we have just finished shutting down */
2282 manager_send_unit_audit(u->manager, u, AUDIT_SERVICE_STOP, state == UNIT_INACTIVE);
2283 u->in_audit = false;
2284 } else {
2285 /* Hmm, if there was no start record written write it now, so that we always have a nice pair */
2286 manager_send_unit_audit(u->manager, u, AUDIT_SERVICE_START, state == UNIT_INACTIVE);
2287
2288 if (state == UNIT_INACTIVE)
2289 manager_send_unit_audit(u->manager, u, AUDIT_SERVICE_STOP, true);
2290 }
2291}
2292
16c74914
LP		 2293static bool unit_process_job(Job *j, UnitActiveState ns, UnitNotifyFlags flags) {
2294 bool unexpected = false;
31cd5f63 2295 JobResult result;
16c74914
LP		 2296
2297 assert(j);
2298
2299 if (j->state == JOB_WAITING)
2300
2301 /* So we reached a different state for this job. Let's see if we can run it now if it failed previously
2302 * due to EAGAIN. */
2303 job_add_to_run_queue(j);
2304
2305 /* Let's check whether the unit's new state constitutes a finished job, or maybe contradicts a running job and
2306 * hence needs to invalidate jobs. */
2307
2308 switch (j->type) {
2309
2310 case JOB_START:
2311 case JOB_VERIFY_ACTIVE:
2312
2313 if (UNIT_IS_ACTIVE_OR_RELOADING(ns))
2314 job_finish_and_invalidate(j, JOB_DONE, true, false);
2315 else if (j->state == JOB_RUNNING && ns != UNIT_ACTIVATING) {
2316 unexpected = true;
2317
31cd5f63
AZ		 2318 if (UNIT_IS_INACTIVE_OR_FAILED(ns)) {
2319 if (ns == UNIT_FAILED)
2320 result = JOB_FAILED;
31cd5f63
AZ		 2321 else
2322 result = JOB_DONE;
2323
2324 job_finish_and_invalidate(j, result, true, false);
2325 }
16c74914
LP		 2326 }
2327
2328 break;
2329
2330 case JOB_RELOAD:
2331 case JOB_RELOAD_OR_START:
2332 case JOB_TRY_RELOAD:
2333
2334 if (j->state == JOB_RUNNING) {
2335 if (ns == UNIT_ACTIVE)
2336 job_finish_and_invalidate(j, (flags & UNIT_NOTIFY_RELOAD_FAILURE) ? JOB_FAILED : JOB_DONE, true, false);
2337 else if (!IN_SET(ns, UNIT_ACTIVATING, UNIT_RELOADING)) {
2338 unexpected = true;
2339
2340 if (UNIT_IS_INACTIVE_OR_FAILED(ns))
2341 job_finish_and_invalidate(j, ns == UNIT_FAILED ? JOB_FAILED : JOB_DONE, true, false);
2342 }
2343 }
2344
2345 break;
2346
2347 case JOB_STOP:
2348 case JOB_RESTART:
2349 case JOB_TRY_RESTART:
2350
2351 if (UNIT_IS_INACTIVE_OR_FAILED(ns))
2352 job_finish_and_invalidate(j, JOB_DONE, true, false);
2353 else if (j->state == JOB_RUNNING && ns != UNIT_DEACTIVATING) {
2354 unexpected = true;
2355 job_finish_and_invalidate(j, JOB_FAILED, true, false);
2356 }
2357
2358 break;
2359
2360 default:
2361 assert_not_reached("Job type unknown");
2362 }
2363
2364 return unexpected;
2365}
2366
2ad2e41a 2367void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, UnitNotifyFlags flags) {
429926e9 2368 const char *reason;
8559b3b7 2369 Manager *m;
a096ed36 2370
87f0e418
LP		 2371 assert(u);
2372 assert(os < _UNIT_ACTIVE_STATE_MAX);
2373 assert(ns < _UNIT_ACTIVE_STATE_MAX);
87f0e418 2374
8559b3b7
LP		 2375 /* Note that this is called for all low-level state changes, even if they might map to the same high-level
2376 * UnitActiveState! That means that ns == os is an expected behavior here. For example: if a mount point is
2377 * remounted this function will be called too! */
87f0e418 2378
546ac4f0
MS		 2379 m = u->manager;
2380
3c4832ad
LP		 2381 /* Let's enqueue the change signal early. In case this unit has a job associated we want that this unit is in
2382 * the bus queue, so that any job change signal queued will force out the unit change signal first. */
2383 unit_add_to_dbus_queue(u);
2384
e30bbc90
AZ		 2385 /* Update systemd-oomd on the property/state change */
2386 if (os != ns) {
2387 /* Always send an update if the unit is going into an inactive state so systemd-oomd knows to stop
2388 * monitoring.
2389 * Also send an update whenever the unit goes active; this is to handle a case where an override file
2390 * sets one of the ManagedOOM*= properties to "kill", then later removes it. systemd-oomd needs to
2391 * know to stop monitoring when the unit changes from "kill" -> "auto" on daemon-reload, but we don't
2392 * have the information on the property. Thus, indiscriminately send an update. */
f561e8c6 2393 if (UNIT_IS_INACTIVE_OR_FAILED(ns) || UNIT_IS_ACTIVE_OR_RELOADING(ns))
e30bbc90
AZ		 2394 (void) manager_varlink_send_managed_oom_update(u);
2395 }
2396
f755e3b7 2397 /* Update timestamps for state changes */
2c289ea8 2398 if (!MANAGER_IS_RELOADING(m)) {
a483fb59 2399 dual_timestamp_get(&u->state_change_timestamp);
173e3821 2400
bdbf9951 2401 if (UNIT_IS_INACTIVE_OR_FAILED(os) && !UNIT_IS_INACTIVE_OR_FAILED(ns))
a483fb59 2402 u->inactive_exit_timestamp = u->state_change_timestamp;
bdbf9951 2403 else if (!UNIT_IS_INACTIVE_OR_FAILED(os) && UNIT_IS_INACTIVE_OR_FAILED(ns))
a483fb59 2404 u->inactive_enter_timestamp = u->state_change_timestamp;
bdbf9951
LP		 2405
2406 if (!UNIT_IS_ACTIVE_OR_RELOADING(os) && UNIT_IS_ACTIVE_OR_RELOADING(ns))
a483fb59 2407 u->active_enter_timestamp = u->state_change_timestamp;
bdbf9951 2408 else if (UNIT_IS_ACTIVE_OR_RELOADING(os) && !UNIT_IS_ACTIVE_OR_RELOADING(ns))
a483fb59 2409 u->active_exit_timestamp = u->state_change_timestamp;
bdbf9951 2410 }
87f0e418 2411
865cc19a 2412 /* Keep track of failed units */
8724defe 2413 (void) manager_update_failed_units(m, u, ns == UNIT_FAILED);
f755e3b7 2414
d3070fbd
LP		 2415 /* Make sure the cgroup and state files are always removed when we become inactive */
2416 if (UNIT_IS_INACTIVE_OR_FAILED(ns)) {
ff68472a
ZJS		 2417 SET_FLAG(u->markers,
2418 (1u << UNIT_MARKER_NEEDS_RELOAD)|(1u << UNIT_MARKER_NEEDS_RESTART),
2419 false);
efdb0237 2420 unit_prune_cgroup(u);
d3070fbd 2421 unit_unlink_state_files(u);
ff68472a
ZJS		 2422 } else if (ns != os && ns == UNIT_RELOADING)
2423 SET_FLAG(u->markers, 1u << UNIT_MARKER_NEEDS_RELOAD, false);
fb385181 2424
adefcf28 2425 unit_update_on_console(u);
7ed9f6cd 2426
2c289ea8 2427 if (!MANAGER_IS_RELOADING(m)) {
a1c7334b
LP		 2428 bool unexpected;
2429
2430 /* Let's propagate state changes to the job */
2431 if (u->job)
2432 unexpected = unit_process_job(u->job, ns, flags);
2433 else
2434 unexpected = true;
f3bff0eb 2435
a1c7334b
LP		 2436 /* If this state change happened without being requested by a job, then let's retroactively start or
2437 * stop dependencies. We skip that step when deserializing, since we don't want to create any
2438 * additional jobs just because something is already activated. */
bdbf9951
LP		 2439
2440 if (unexpected) {
2441 if (UNIT_IS_INACTIVE_OR_FAILED(os) && UNIT_IS_ACTIVE_OR_ACTIVATING(ns))
2442 retroactively_start_dependencies(u);
2443 else if (UNIT_IS_ACTIVE_OR_ACTIVATING(os) && UNIT_IS_INACTIVE_OR_DEACTIVATING(ns))
2444 retroactively_stop_dependencies(u);
2445 }
5de9682c 2446
cd0504d0 2447 /* stop unneeded units regardless if going down was expected or not */
a3c1168a 2448 if (UNIT_IS_INACTIVE_OR_FAILED(ns))
cd0504d0
MS		 2449 check_unneeded_dependencies(u);
2450
bdbf9951 2451 if (ns != os && ns == UNIT_FAILED) {
ed77d407 2452 log_unit_debug(u, "Unit entered failed state.");
2ad2e41a
LP		 2453
2454 if (!(flags & UNIT_NOTIFY_WILL_AUTO_RESTART))
2455 unit_start_on_failure(u);
cd6d0a45 2456 }
e537352b 2457
256f65d0
LP		 2458 if (UNIT_IS_ACTIVE_OR_RELOADING(ns) && !UNIT_IS_ACTIVE_OR_RELOADING(os)) {
2459 /* This unit just finished starting up */
3b2775c5 2460
6eb65e7c 2461 unit_emit_audit_start(u);
546ac4f0 2462 manager_send_unit_plymouth(m, u);
256f65d0 2463 }
bdbf9951 2464
256f65d0 2465 if (UNIT_IS_INACTIVE_OR_FAILED(ns) && !UNIT_IS_INACTIVE_OR_FAILED(os)) {
915b1d01 2466 /* This unit just stopped/failed. */
256f65d0 2467
6eb65e7c 2468 unit_emit_audit_stop(u, ns);
915b1d01 2469 unit_log_resources(u);
cd6d0a45 2470 }
f278026d
LP		 2471 }
2472
31dc1ca3
LP		 2473 manager_recheck_journal(m);
2474 manager_recheck_dbus(m);
e63ebf71 2475
3ecaa09b 2476 unit_trigger_notify(u);
3b2775c5 2477
8724defe 2478 if (!MANAGER_IS_RELOADING(m)) {
8559b3b7 2479 /* Maybe we finished startup and are now ready for being stopped because unneeded? */
fda09318 2480 unit_submit_to_stop_when_unneeded_queue(u);
c1e1601e 2481
8559b3b7
LP		 2482 /* Maybe we finished startup, but something we needed has vanished? Let's die then. (This happens when
2483 * something BindsTo= to a Type=oneshot unit, as these units go directly from starting to inactive,
ff502445
LP		 2484 * without ever entering started.) */
2485 unit_check_binds_to(u);
53c35a76 2486
429926e9
TR		 2487 if (os != UNIT_FAILED && ns == UNIT_FAILED) {
2488 reason = strjoina("unit ", u->id, " failed");
36c4dc08 2489 emergency_action(m, u->failure_action, 0, u->reboot_arg, unit_failure_action_exit_status(u), reason);
429926e9
TR		 2490 } else if (!UNIT_IS_INACTIVE_OR_FAILED(os) && ns == UNIT_INACTIVE) {
2491 reason = strjoina("unit ", u->id, " succeeded");
36c4dc08 2492 emergency_action(m, u->success_action, 0, u->reboot_arg, unit_success_action_exit_status(u), reason);
429926e9 2493 }
ff502445
LP		 2494 }
2495
701cc384 2496 unit_add_to_gc_queue(u);
87f0e418
LP		 2497}
2498
f75f613d 2499int unit_watch_pid(Unit *u, pid_t pid, bool exclusive) {
62a76913 2500 int r;
a911bb9a 2501
87f0e418 2502 assert(u);
62a76913 2503 assert(pid_is_valid(pid));
87f0e418 2504
62a76913 2505 /* Watch a specific PID */
5ba6985b 2506
f75f613d
FB		 2507 /* Caller might be sure that this PID belongs to this unit only. Let's take this
2508 * opportunity to remove any stalled references to this PID as they can be created
2509 * easily (when watching a process which is not our direct child). */
2510 if (exclusive)
2511 manager_unwatch_pid(u->manager, pid);
2512
d5099efc 2513 r = set_ensure_allocated(&u->pids, NULL);
5ba6985b
LP		 2514 if (r < 0)
2515 return r;
2516
62a76913 2517 r = hashmap_ensure_allocated(&u->manager->watch_pids, NULL);
a911bb9a
LP		 2518 if (r < 0)
2519 return r;
2520
62a76913
LP		 2521 /* First try, let's add the unit keyed by "pid". */
2522 r = hashmap_put(u->manager->watch_pids, PID_TO_PTR(pid), u);
2523 if (r == -EEXIST) {
2524 Unit **array;
2525 bool found = false;
2526 size_t n = 0;
05e343b7 2527
62a76913
LP		 2528 /* OK, the "pid" key is already assigned to a different unit. Let's see if the "-pid" key (which points
2529 * to an array of Units rather than just a Unit), lists us already. */
a911bb9a 2530
62a76913
LP		 2531 array = hashmap_get(u->manager->watch_pids, PID_TO_PTR(-pid));
2532 if (array)
2533 for (; array[n]; n++)
2534 if (array[n] == u)
2535 found = true;
a911bb9a 2536
62a76913
LP		 2537 if (found) /* Found it already? if so, do nothing */
2538 r = 0;
2539 else {
2540 Unit **new_array;
2541
2542 /* Allocate a new array */
2543 new_array = new(Unit*, n + 2);
2544 if (!new_array)
2545 return -ENOMEM;
2546
2547 memcpy_safe(new_array, array, sizeof(Unit*) * n);
2548 new_array[n] = u;
2549 new_array[n+1] = NULL;
2550
2551 /* Add or replace the old array */
2552 r = hashmap_replace(u->manager->watch_pids, PID_TO_PTR(-pid), new_array);
2553 if (r < 0) {
2554 free(new_array);
2555 return r;
2556 }
2557
2558 free(array);
2559 }
2560 } else if (r < 0)
2561 return r;
2562
2563 r = set_put(u->pids, PID_TO_PTR(pid));
2564 if (r < 0)
2565 return r;
2566
2567 return 0;
87f0e418
LP		 2568}
2569
2570void unit_unwatch_pid(Unit *u, pid_t pid) {
62a76913
LP		 2571 Unit **array;
2572
87f0e418 2573 assert(u);
62a76913
LP		 2574 assert(pid_is_valid(pid));
2575
2576 /* First let's drop the unit in case it's keyed as "pid". */
2577 (void) hashmap_remove_value(u->manager->watch_pids, PID_TO_PTR(pid), u);
2578
2579 /* Then, let's also drop the unit, in case it's in the array keyed by -pid */
2580 array = hashmap_get(u->manager->watch_pids, PID_TO_PTR(-pid));
2581 if (array) {
62a76913 2582 /* Let's iterate through the array, dropping our own entry */
12375b95
ZJS		 2583
2584 size_t m = 0;
2585 for (size_t n = 0; array[n]; n++)
62a76913
LP		 2586 if (array[n] != u)
2587 array[m++] = array[n];
2588 array[m] = NULL;
2589
2590 if (m == 0) {
2591 /* The array is now empty, remove the entire entry */
20c3acfa 2592 assert_se(hashmap_remove(u->manager->watch_pids, PID_TO_PTR(-pid)) == array);
62a76913
LP		 2593 free(array);
2594 }
2595 }
87f0e418 2596
fea72cc0 2597 (void) set_remove(u->pids, PID_TO_PTR(pid));
a911bb9a
LP		 2598}
2599
bd44e61b
LP		 2600void unit_unwatch_all_pids(Unit *u) {
2601 assert(u);
2602
2603 while (!set_isempty(u->pids))
fea72cc0 2604 unit_unwatch_pid(u, PTR_TO_PID(set_first(u->pids)));
bd44e61b 2605
efdb0237 2606 u->pids = set_free(u->pids);
a911bb9a
LP		 2607}
2608
50be4f4a
LP		 2609static void unit_tidy_watch_pids(Unit *u) {
2610 pid_t except1, except2;
a911bb9a
LP		 2611 void *e;
2612
2613 assert(u);
2614
2615 /* Cleans dead PIDs from our list */
2616
50be4f4a
LP		 2617 except1 = unit_main_pid(u);
2618 except2 = unit_control_pid(u);
2619
90e74a66 2620 SET_FOREACH(e, u->pids) {
fea72cc0 2621 pid_t pid = PTR_TO_PID(e);
a911bb9a
LP		 2622
2623 if (pid == except1 || pid == except2)
2624 continue;
2625
9f5650ae 2626 if (!pid_is_unwaited(pid))
bd44e61b 2627 unit_unwatch_pid(u, pid);
a911bb9a 2628 }
87f0e418
LP		 2629}
2630
50be4f4a
LP		 2631static int on_rewatch_pids_event(sd_event_source *s, void *userdata) {
2632 Unit *u = userdata;
2633
2634 assert(s);
2635 assert(u);
2636
2637 unit_tidy_watch_pids(u);
2638 unit_watch_all_pids(u);
2639
2640 /* If the PID set is empty now, then let's finish this off. */
2641 unit_synthesize_cgroup_empty_event(u);
2642
2643 return 0;
2644}
2645
2646int unit_enqueue_rewatch_pids(Unit *u) {
2647 int r;
2648
2649 assert(u);
2650
2651 if (!u->cgroup_path)
2652 return -ENOENT;
2653
2654 r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
2655 if (r < 0)
2656 return r;
2657 if (r > 0) /* On unified we can use proper notifications */
2658 return 0;
2659
2660 /* Enqueues a low-priority job that will clean up dead PIDs from our list of PIDs to watch and subscribe to new
2661 * PIDs that might have appeared. We do this in a delayed job because the work might be quite slow, as it
2662 * involves issuing kill(pid, 0) on all processes we watch. */
2663
2664 if (!u->rewatch_pids_event_source) {
2665 _cleanup_(sd_event_source_unrefp) sd_event_source *s = NULL;
2666
2667 r = sd_event_add_defer(u->manager->event, &s, on_rewatch_pids_event, u);
2668 if (r < 0)
2669 return log_error_errno(r, "Failed to allocate event source for tidying watched PIDs: %m");
2670
2671 r = sd_event_source_set_priority(s, SD_EVENT_PRIORITY_IDLE);
2672 if (r < 0)
28b77ab2 2673 return log_error_errno(r, "Failed to adjust priority of event source for tidying watched PIDs: %m");
50be4f4a
LP		 2674
2675 (void) sd_event_source_set_description(s, "tidy-watch-pids");
2676
2677 u->rewatch_pids_event_source = TAKE_PTR(s);
2678 }
2679
2680 r = sd_event_source_set_enabled(u->rewatch_pids_event_source, SD_EVENT_ONESHOT);
2681 if (r < 0)
2682 return log_error_errno(r, "Failed to enable event source for tidying watched PIDs: %m");
2683
2684 return 0;
2685}
2686
2687void unit_dequeue_rewatch_pids(Unit *u) {
2688 int r;
2689 assert(u);
2690
2691 if (!u->rewatch_pids_event_source)
2692 return;
2693
2694 r = sd_event_source_set_enabled(u->rewatch_pids_event_source, SD_EVENT_OFF);
2695 if (r < 0)
2696 log_warning_errno(r, "Failed to disable event source for tidying watched PIDs, ignoring: %m");
2697
2698 u->rewatch_pids_event_source = sd_event_source_unref(u->rewatch_pids_event_source);
2699}
2700
87f0e418
LP		 2701bool unit_job_is_applicable(Unit *u, JobType j) {
2702 assert(u);
2703 assert(j >= 0 && j < _JOB_TYPE_MAX);
2704
2705 switch (j) {
2706
2707 case JOB_VERIFY_ACTIVE:
2708 case JOB_START:
e0209d83 2709 case JOB_NOP:
f5869324 2710 /* Note that we don't check unit_can_start() here. That's because .device units and suchlike are not
86b52a39 2711 * startable by us but may appear due to external events, and it thus makes sense to permit enqueuing
f5869324 2712 * jobs for it. */
87f0e418
LP		 2713 return true;
2714
f5869324
LP		 2715 case JOB_STOP:
2716 /* Similar as above. However, perpetual units can never be stopped (neither explicitly nor due to
86b52a39 2717 * external events), hence it makes no sense to permit enqueuing such a request either. */
f5869324
LP		 2718 return !u->perpetual;
2719
87f0e418
LP		 2720 case JOB_RESTART:
2721 case JOB_TRY_RESTART:
f5869324 2722 return unit_can_stop(u) && unit_can_start(u);
87f0e418
LP		 2723
2724 case JOB_RELOAD:
3282591d 2725 case JOB_TRY_RELOAD:
87f0e418
LP		 2726 return unit_can_reload(u);
2727
2728 case JOB_RELOAD_OR_START:
2729 return unit_can_reload(u) && unit_can_start(u);
2730
2731 default:
2732 assert_not_reached("Invalid job type");
2733 }
2734}
2735
f2341e0a
LP		 2736static void maybe_warn_about_dependency(Unit *u, const char *other, UnitDependency dependency) {
2737 assert(u);
d1fab3fe 2738
f2341e0a
LP		 2739 /* Only warn about some unit types */
2740 if (!IN_SET(dependency, UNIT_CONFLICTS, UNIT_CONFLICTED_BY, UNIT_BEFORE, UNIT_AFTER, UNIT_ON_FAILURE, UNIT_TRIGGERS, UNIT_TRIGGERED_BY))
2741 return;
3f3cc397 2742
f2341e0a
LP		 2743 if (streq_ptr(u->id, other))
2744 log_unit_warning(u, "Dependency %s=%s dropped", unit_dependency_to_string(dependency), u->id);
2745 else
2746 log_unit_warning(u, "Dependency %s=%s dropped, merged into %s", unit_dependency_to_string(dependency), strna(other), u->id);
d1fab3fe
ZJS		 2747}
2748
eef85c4a
LP		 2749static int unit_add_dependency_hashmap(
2750 Hashmap **h,
2751 Unit *other,
2752 UnitDependencyMask origin_mask,
2753 UnitDependencyMask destination_mask) {
2754
2755 UnitDependencyInfo info;
2756 int r;
2757
2758 assert(h);
2759 assert(other);
2760 assert(origin_mask < _UNIT_DEPENDENCY_MASK_FULL);
2761 assert(destination_mask < _UNIT_DEPENDENCY_MASK_FULL);
2762 assert(origin_mask > 0 || destination_mask > 0);
2763
2764 r = hashmap_ensure_allocated(h, NULL);
2765 if (r < 0)
2766 return r;
2767
2768 assert_cc(sizeof(void*) == sizeof(info));
2769
2770 info.data = hashmap_get(*h, other);
2771 if (info.data) {
2772 /* Entry already exists. Add in our mask. */
2773
d94a24ca
ZJS		 2774 if (FLAGS_SET(origin_mask, info.origin_mask) &&
2775 FLAGS_SET(destination_mask, info.destination_mask))
eef85c4a
LP		 2776 return 0; /* NOP */
2777
2778 info.origin_mask |= origin_mask;
2779 info.destination_mask |= destination_mask;
2780
2781 r = hashmap_update(*h, other, info.data);
2782 } else {
2783 info = (UnitDependencyInfo) {
2784 .origin_mask = origin_mask,
2785 .destination_mask = destination_mask,
2786 };
2787
2788 r = hashmap_put(*h, other, info.data);
2789 }
2790 if (r < 0)
2791 return r;
2792
2793 return 1;
2794}
2795
2796int unit_add_dependency(
2797 Unit *u,
2798 UnitDependency d,
2799 Unit *other,
2800 bool add_reference,
2801 UnitDependencyMask mask) {
87f0e418
LP		 2802
2803 static const UnitDependency inverse_table[_UNIT_DEPENDENCY_MAX] = {
2804 [UNIT_REQUIRES] = UNIT_REQUIRED_BY,
87f0e418 2805 [UNIT_WANTS] = UNIT_WANTED_BY,
be7d9ff7 2806 [UNIT_REQUISITE] = UNIT_REQUISITE_OF,
7f2cddae 2807 [UNIT_BINDS_TO] = UNIT_BOUND_BY,
60649f17 2808 [UNIT_PART_OF] = UNIT_CONSISTS_OF,
be7d9ff7 2809 [UNIT_REQUIRED_BY] = UNIT_REQUIRES,
be7d9ff7 2810 [UNIT_REQUISITE_OF] = UNIT_REQUISITE,
be7d9ff7 2811 [UNIT_WANTED_BY] = UNIT_WANTS,
7f2cddae 2812 [UNIT_BOUND_BY] = UNIT_BINDS_TO,
60649f17 2813 [UNIT_CONSISTS_OF] = UNIT_PART_OF,
69dd2852
LP		 2814 [UNIT_CONFLICTS] = UNIT_CONFLICTED_BY,
2815 [UNIT_CONFLICTED_BY] = UNIT_CONFLICTS,
87f0e418 2816 [UNIT_BEFORE] = UNIT_AFTER,
701cc384 2817 [UNIT_AFTER] = UNIT_BEFORE,
5de9682c 2818 [UNIT_ON_FAILURE] = _UNIT_DEPENDENCY_INVALID,
701cc384 2819 [UNIT_REFERENCES] = UNIT_REFERENCED_BY,
57020a3a
LP		 2820 [UNIT_REFERENCED_BY] = UNIT_REFERENCES,
2821 [UNIT_TRIGGERS] = UNIT_TRIGGERED_BY,
4dcc1cb4 2822 [UNIT_TRIGGERED_BY] = UNIT_TRIGGERS,
7f2cddae 2823 [UNIT_PROPAGATES_RELOAD_TO] = UNIT_RELOAD_PROPAGATED_FROM,
85e9a101 2824 [UNIT_RELOAD_PROPAGATED_FROM] = UNIT_PROPAGATES_RELOAD_TO,
613b411c 2825 [UNIT_JOINS_NAMESPACE_OF] = UNIT_JOINS_NAMESPACE_OF,
87f0e418 2826 };
eef85c4a
LP		 2827 Unit *original_u = u, *original_other = other;
2828 int r;
5177cb0a
RM		 2829 /* Helper to know whether sending a notification is necessary or not:
2830 * if the dependency is already there, no need to notify! */
2831 bool noop = true;
87f0e418
LP		 2832
2833 assert(u);
2834 assert(d >= 0 && d < _UNIT_DEPENDENCY_MAX);
87f0e418
LP		 2835 assert(other);
2836
9f151f29
LP		 2837 u = unit_follow_merge(u);
2838 other = unit_follow_merge(other);
2839
87f0e418
LP		 2840 /* We won't allow dependencies on ourselves. We will not
2841 * consider them an error however. */
d1fab3fe 2842 if (u == other) {
eef85c4a 2843 maybe_warn_about_dependency(original_u, original_other->id, d);
87f0e418 2844 return 0;
d1fab3fe 2845 }
87f0e418 2846
b862c257
FB		 2847 /* Note that ordering a device unit after a unit is permitted since it
2848 * allows to start its job running timeout at a specific time. */
2849 if (d == UNIT_BEFORE && other->type == UNIT_DEVICE) {
2850 log_unit_warning(u, "Dependency Before=%s ignored (.device units cannot be delayed)", other->id);
c80a9a33
LP		 2851 return 0;
2852 }
2853
2854 if (d == UNIT_ON_FAILURE && !UNIT_VTABLE(u)->can_fail) {
2855 log_unit_warning(u, "Requested dependency OnFailure=%s ignored (%s units cannot fail).", other->id, unit_type_to_string(u->type));
2856 return 0;
2857 }
2858
2859 if (d == UNIT_TRIGGERS && !UNIT_VTABLE(u)->can_trigger)
2860 return log_unit_error_errno(u, SYNTHETIC_ERRNO(EINVAL),
2861 "Requested dependency Triggers=%s refused (%s units cannot trigger other units).", other->id, unit_type_to_string(u->type));
2862 if (d == UNIT_TRIGGERED_BY && !UNIT_VTABLE(other)->can_trigger)
2863 return log_unit_error_errno(u, SYNTHETIC_ERRNO(EINVAL),
2864 "Requested dependency TriggeredBy=%s refused (%s units cannot trigger other units).", other->id, unit_type_to_string(other->type));
2865
eef85c4a 2866 r = unit_add_dependency_hashmap(u->dependencies + d, other, mask, 0);
613b411c 2867 if (r < 0)
87f0e418 2868 return r;
5177cb0a
RM		 2869 else if (r > 0)
2870 noop = false;
87f0e418 2871
eef85c4a
LP		 2872 if (inverse_table[d] != _UNIT_DEPENDENCY_INVALID && inverse_table[d] != d) {
2873 r = unit_add_dependency_hashmap(other->dependencies + inverse_table[d], u, 0, mask);
613b411c
LP		 2874 if (r < 0)
2875 return r;
5177cb0a
RM		 2876 else if (r > 0)
2877 noop = false;
613b411c
LP		 2878 }
2879
2880 if (add_reference) {
eef85c4a 2881 r = unit_add_dependency_hashmap(u->dependencies + UNIT_REFERENCES, other, mask, 0);
613b411c 2882 if (r < 0)
5de9682c 2883 return r;
5177cb0a
RM		 2884 else if (r > 0)
2885 noop = false;
5de9682c 2886
eef85c4a 2887 r = unit_add_dependency_hashmap(other->dependencies + UNIT_REFERENCED_BY, u, 0, mask);
613b411c 2888 if (r < 0)
701cc384 2889 return r;
5177cb0a
RM		 2890 else if (r > 0)
2891 noop = false;
613b411c 2892 }
87f0e418 2893
5177cb0a
RM		 2894 if (!noop)
2895 unit_add_to_dbus_queue(u);
87f0e418
LP		 2896 return 0;
2897}
0301abf4 2898
eef85c4a 2899int unit_add_two_dependencies(Unit *u, UnitDependency d, UnitDependency e, Unit *other, bool add_reference, UnitDependencyMask mask) {
2c966c03
LP		 2900 int r;
2901
2902 assert(u);
2903
eef85c4a 2904 r = unit_add_dependency(u, d, other, add_reference, mask);
3f3cc397 2905 if (r < 0)
2c966c03
LP		 2906 return r;
2907
eef85c4a 2908 return unit_add_dependency(u, e, other, add_reference, mask);
2c966c03
LP		 2909}
2910
23e8c796 2911static int resolve_template(Unit *u, const char *name, char **buf, const char **ret) {
7410616c 2912 int r;
9e2f7c11
LP		 2913
2914 assert(u);
23e8c796 2915 assert(name);
7410616c
LP		 2916 assert(buf);
2917 assert(ret);
9e2f7c11 2918
7410616c
LP		 2919 if (!unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) {
2920 *buf = NULL;
2921 *ret = name;
2922 return 0;
9e2f7c11
LP		 2923 }
2924
ac155bb8 2925 if (u->instance)
7410616c 2926 r = unit_name_replace_instance(name, u->instance, buf);
9e2f7c11 2927 else {
ae018d9b 2928 _cleanup_free_ char *i = NULL;
9e2f7c11 2929
7410616c
LP		 2930 r = unit_name_to_prefix(u->id, &i);
2931 if (r < 0)
2932 return r;
9e2f7c11 2933
7410616c 2934 r = unit_name_replace_instance(name, i, buf);
9e2f7c11 2935 }
7410616c
LP		 2936 if (r < 0)
2937 return r;
9e2f7c11 2938
7410616c
LP		 2939 *ret = *buf;
2940 return 0;
9e2f7c11
LP		 2941}
2942
35d8c19a 2943int unit_add_dependency_by_name(Unit *u, UnitDependency d, const char *name, bool add_reference, UnitDependencyMask mask) {
7410616c 2944 _cleanup_free_ char *buf = NULL;
09b6b09f
LP		 2945 Unit *other;
2946 int r;
2947
9e2f7c11 2948 assert(u);
35d8c19a 2949 assert(name);
09b6b09f 2950
23e8c796 2951 r = resolve_template(u, name, &buf, &name);
7410616c
LP		 2952 if (r < 0)
2953 return r;
09b6b09f 2954
35d8c19a 2955 r = manager_load_unit(u->manager, name, NULL, NULL, &other);
8afbb8e1
LP		 2956 if (r < 0)
2957 return r;
9e2f7c11 2958
eef85c4a 2959 return unit_add_dependency(u, d, other, add_reference, mask);
09b6b09f
LP		 2960}
2961
5a724170 2962int unit_add_two_dependencies_by_name(Unit *u, UnitDependency d, UnitDependency e, const char *name, bool add_reference, UnitDependencyMask mask) {
7410616c 2963 _cleanup_free_ char *buf = NULL;
2c966c03
LP		 2964 Unit *other;
2965 int r;
2c966c03
LP		 2966
2967 assert(u);
5a724170 2968 assert(name);
2c966c03 2969
23e8c796 2970 r = resolve_template(u, name, &buf, &name);
7410616c
LP		 2971 if (r < 0)
2972 return r;
2c966c03 2973
5a724170 2974 r = manager_load_unit(u->manager, name, NULL, NULL, &other);
3f3cc397 2975 if (r < 0)
68eda4bd 2976 return r;
2c966c03 2977
eef85c4a 2978 return unit_add_two_dependencies(u, d, e, other, add_reference, mask);
2c966c03
LP		 2979}
2980
0301abf4 2981int set_unit_path(const char *p) {
0301abf4 2982 /* This is mostly for debug purposes */
cbe46ead 2983 if (setenv("SYSTEMD_UNIT_PATH", p, 1) < 0)
26d04f86 2984 return -errno;
0301abf4
LP		 2985
2986 return 0;
2987}
88066b3a 2988
ea430986 2989char *unit_dbus_path(Unit *u) {
ea430986
LP		 2990 assert(u);
2991
ac155bb8 2992 if (!u->id)
04ade7d2
LP		 2993 return NULL;
2994
48899192 2995 return unit_dbus_path_from_name(u->id);
ea430986
LP		 2996}
2997
4b58153d
LP		 2998char *unit_dbus_path_invocation_id(Unit *u) {
2999 assert(u);
3000
3001 if (sd_id128_is_null(u->invocation_id))
3002 return NULL;
3003
3004 return unit_dbus_path_from_name(u->invocation_id_string);
3005}
3006
2d3b784d 3007int unit_set_invocation_id(Unit *u, sd_id128_t id) {
db868d45
ZJS		 3008 int r;
3009
3010 assert(u);
3011
3012 /* Set the invocation ID for this unit. If we cannot, this will not roll back, but reset the whole thing. */
3013
3014 if (sd_id128_equal(u->invocation_id, id))
3015 return 0;
3016
3017 if (!sd_id128_is_null(u->invocation_id))
3018 (void) hashmap_remove_value(u->manager->units_by_invocation_id, &u->invocation_id, u);
3019
3020 if (sd_id128_is_null(id)) {
3021 r = 0;
3022 goto reset;
3023 }
3024
3025 r = hashmap_ensure_allocated(&u->manager->units_by_invocation_id, &id128_hash_ops);
3026 if (r < 0)
3027 goto reset;
3028
3029 u->invocation_id = id;
3030 sd_id128_to_string(id, u->invocation_id_string);
3031
3032 r = hashmap_put(u->manager->units_by_invocation_id, &u->invocation_id, u);
3033 if (r < 0)
3034 goto reset;
3035
3036 return 0;
3037
3038reset:
3039 u->invocation_id = SD_ID128_NULL;
3040 u->invocation_id_string[0] = 0;
3041 return r;
3042}
3043
d79200e2
LP		 3044int unit_set_slice(Unit *u, Unit *slice) {
3045 assert(u);
3046 assert(slice);
3047
3048 /* Sets the unit slice if it has not been set before. Is extra
3049 * careful, to only allow this for units that actually have a
3050 * cgroup context. Also, we don't allow to set this for slices
3051 * (since the parent slice is derived from the name). Make
3052 * sure the unit we set is actually a slice. */
3053
3054 if (!UNIT_HAS_CGROUP_CONTEXT(u))
3055 return -EOPNOTSUPP;
3056
3057 if (u->type == UNIT_SLICE)
3058 return -EINVAL;
3059
102ef982
LP		 3060 if (unit_active_state(u) != UNIT_INACTIVE)
3061 return -EBUSY;
3062
d79200e2
LP		 3063 if (slice->type != UNIT_SLICE)
3064 return -EINVAL;
3065
efdb0237
LP		 3066 if (unit_has_name(u, SPECIAL_INIT_SCOPE) &&
3067 !unit_has_name(slice, SPECIAL_ROOT_SLICE))
3068 return -EPERM;
3069
d79200e2
LP		 3070 if (UNIT_DEREF(u->slice) == slice)
3071 return 0;
3072
99e66921
TH		 3073 /* Disallow slice changes if @u is already bound to cgroups */
3074 if (UNIT_ISSET(u->slice) && u->cgroup_realized)
d79200e2
LP		 3075 return -EBUSY;
3076
7f7d01ed 3077 unit_ref_set(&u->slice, u, slice);
d79200e2
LP		 3078 return 1;
3079}
3080
3081int unit_set_default_slice(Unit *u) {
a8833944 3082 const char *slice_name;
a016b922
LP		 3083 Unit *slice;
3084 int r;
3085
3086 assert(u);
3087
9444b1f2 3088 if (UNIT_ISSET(u->slice))
a016b922
LP		 3089 return 0;
3090
a8833944
LP		 3091 if (u->instance) {
3092 _cleanup_free_ char *prefix = NULL, *escaped = NULL;
68eda4bd 3093
a8833944
LP		 3094 /* Implicitly place all instantiated units in their
3095 * own per-template slice */
3096
7410616c
LP		 3097 r = unit_name_to_prefix(u->id, &prefix);
3098 if (r < 0)
3099 return r;
a8833944
LP		 3100
3101 /* The prefix is already escaped, but it might include
3102 * "-" which has a special meaning for slice units,
3103 * hence escape it here extra. */
7410616c 3104 escaped = unit_name_escape(prefix);
a8833944
LP		 3105 if (!escaped)
3106 return -ENOMEM;
3107
463d0d15 3108 if (MANAGER_IS_SYSTEM(u->manager))
00e7b3c8 3109 slice_name = strjoina("system-", escaped, ".slice");
a8833944 3110 else
7f3b86a4 3111 slice_name = strjoina("app-", escaped, ".slice");
5ee24fa0
ZJS		 3112
3113 } else if (unit_is_extrinsic(u))
3114 /* Keep all extrinsic units (e.g. perpetual units and swap and mount units in user mode) in
3115 * the root slice. They don't really belong in one of the subslices. */
3116 slice_name = SPECIAL_ROOT_SLICE;
3117
3118 else if (MANAGER_IS_SYSTEM(u->manager))
3119 slice_name = SPECIAL_SYSTEM_SLICE;
3120 else
3121 slice_name = SPECIAL_APP_SLICE;
a8833944
LP		 3122
3123 r = manager_load_unit(u->manager, slice_name, NULL, NULL, &slice);
a016b922
LP		 3124 if (r < 0)
3125 return r;
3126
d79200e2 3127 return unit_set_slice(u, slice);
a016b922
LP		 3128}
3129
9444b1f2
LP		 3130const char *unit_slice_name(Unit *u) {
3131 assert(u);
3132
3133 if (!UNIT_ISSET(u->slice))
3134 return NULL;
3135
3136 return UNIT_DEREF(u->slice)->id;
3137}
3138
f6ff8c29 3139int unit_load_related_unit(Unit *u, const char *type, Unit **_found) {
78edb35a 3140 _cleanup_free_ char *t = NULL;
f6ff8c29
LP		 3141 int r;
3142
3143 assert(u);
3144 assert(type);
3145 assert(_found);
3146
7410616c
LP		 3147 r = unit_name_change_suffix(u->id, type, &t);
3148 if (r < 0)
3149 return r;
3150 if (unit_has_name(u, t))
3151 return -EINVAL;
f6ff8c29 3152
ac155bb8 3153 r = manager_load_unit(u->manager, t, NULL, NULL, _found);
9e2f7c11 3154 assert(r < 0 || *_found != u);
f6ff8c29
LP		 3155 return r;
3156}
3157
bbc29086 3158static int signal_name_owner_changed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
fc67a943 3159 const char *new_owner;
bbc29086
DM		 3160 Unit *u = userdata;
3161 int r;
3162
3163 assert(message);
3164 assert(u);
3165
fc67a943 3166 r = sd_bus_message_read(message, "sss", NULL, NULL, &new_owner);
bbc29086
DM		 3167 if (r < 0) {
3168 bus_log_parse_error(r);
3169 return 0;
3170 }
3171
3172 if (UNIT_VTABLE(u)->bus_name_owner_change)
fc67a943 3173 UNIT_VTABLE(u)->bus_name_owner_change(u, empty_to_null(new_owner));
a5a8776a
MJ		 3174
3175 return 0;
3176}
3177
3178static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bus_error *error) {
3179 const sd_bus_error *e;
3180 const char *new_owner;
3181 Unit *u = userdata;
3182 int r;
3183
3184 assert(message);
3185 assert(u);
3186
3187 u->get_name_owner_slot = sd_bus_slot_unref(u->get_name_owner_slot);
3188
a5a8776a 3189 e = sd_bus_message_get_error(message);
a5a8776a 3190 if (e) {
a54654ba
LP		 3191 if (!sd_bus_error_has_name(e, "org.freedesktop.DBus.Error.NameHasNoOwner"))
3192 log_unit_error(u, "Unexpected error response from GetNameOwner(): %s", e->message);
a5a8776a 3193
fc67a943
LP		 3194 new_owner = NULL;
3195 } else {
3196 r = sd_bus_message_read(message, "s", &new_owner);
3197 if (r < 0)
3198 return bus_log_parse_error(r);
a5a8776a 3199
fc67a943
LP		 3200 assert(!isempty(new_owner));
3201 }
a5a8776a
MJ		 3202
3203 if (UNIT_VTABLE(u)->bus_name_owner_change)
fc67a943 3204 UNIT_VTABLE(u)->bus_name_owner_change(u, new_owner);
bbc29086
DM		 3205
3206 return 0;
3207}
3208
9806e87d
LP		 3209int unit_install_bus_match(Unit *u, sd_bus *bus, const char *name) {
3210 const char *match;
a5b07847 3211 int r;
bbc29086 3212
9806e87d
LP		 3213 assert(u);
3214 assert(bus);
3215 assert(name);
bbc29086 3216
a5b07847 3217 if (u->match_bus_slot || u->get_name_owner_slot)
bbc29086
DM		 3218 return -EBUSY;
3219
9806e87d 3220 match = strjoina("type='signal',"
81d62103
ZJS		 3221 "sender='org.freedesktop.DBus',"
3222 "path='/org/freedesktop/DBus',"
3223 "interface='org.freedesktop.DBus',"
3224 "member='NameOwnerChanged',"
3225 "arg0='", name, "'");
bbc29086 3226
a5b07847 3227 r = sd_bus_add_match_async(bus, &u->match_bus_slot, match, signal_name_owner_changed, NULL, u);
a5a8776a
MJ		 3228 if (r < 0)
3229 return r;
3230
a5b07847
LP		 3231 r = sd_bus_call_method_async(
3232 bus,
3233 &u->get_name_owner_slot,
3234 "org.freedesktop.DBus",
3235 "/org/freedesktop/DBus",
3236 "org.freedesktop.DBus",
3237 "GetNameOwner",
3238 get_name_owner_handler,
3239 u,
3240 "s", name);
3241 if (r < 0) {
3242 u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
3243 return r;
3244 }
3245
3246 log_unit_debug(u, "Watching D-Bus name '%s'.", name);
3247 return 0;
bbc29086
DM		 3248}
3249
05e343b7 3250int unit_watch_bus_name(Unit *u, const char *name) {
bbc29086
DM		 3251 int r;
3252
05e343b7
LP		 3253 assert(u);
3254 assert(name);
3255
3256 /* Watch a specific name on the bus. We only support one unit
3257 * watching each name for now. */
3258
bbc29086
DM		 3259 if (u->manager->api_bus) {
3260 /* If the bus is already available, install the match directly.
3261 * Otherwise, just put the name in the list. bus_setup_api() will take care later. */
9806e87d 3262 r = unit_install_bus_match(u, u->manager->api_bus, name);
bbc29086 3263 if (r < 0)
8ea823b6 3264 return log_warning_errno(r, "Failed to subscribe to NameOwnerChanged signal for '%s': %m", name);
bbc29086
DM		 3265 }
3266
3267 r = hashmap_put(u->manager->watch_bus, name, u);
3268 if (r < 0) {
3269 u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
a5b07847 3270 u->get_name_owner_slot = sd_bus_slot_unref(u->get_name_owner_slot);
bbc29086
DM		 3271 return log_warning_errno(r, "Failed to put bus name to hashmap: %m");
3272 }
3273
3274 return 0;
05e343b7
LP		 3275}
3276
3277void unit_unwatch_bus_name(Unit *u, const char *name) {
3278 assert(u);
3279 assert(name);
3280
8367fea5 3281 (void) hashmap_remove_value(u->manager->watch_bus, name, u);
bbc29086 3282 u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
a5a8776a 3283 u->get_name_owner_slot = sd_bus_slot_unref(u->get_name_owner_slot);
05e343b7
LP		 3284}
3285
a16e1123
LP		 3286bool unit_can_serialize(Unit *u) {
3287 assert(u);
3288
3289 return UNIT_VTABLE(u)->serialize && UNIT_VTABLE(u)->deserialize_item;
3290}
3291
d336ba9f 3292int unit_add_node_dependency(Unit *u, const char *what, UnitDependency dep, UnitDependencyMask mask) {
68eda4bd 3293 _cleanup_free_ char *e = NULL;
44b0d1fd 3294 Unit *device;
6e2ef85b
LP		 3295 int r;
3296
3297 assert(u);
3298
6e2ef85b 3299 /* Adds in links to the device node that this unit is based on */
47bc12e1
LP		 3300 if (isempty(what))
3301 return 0;
6e2ef85b 3302
8407a5d0 3303 if (!is_device_path(what))
6e2ef85b
LP		 3304 return 0;
3305
44b0d1fd 3306 /* When device units aren't supported (such as in a container), don't create dependencies on them. */
1c2e9646 3307 if (!unit_type_supported(UNIT_DEVICE))
47bc12e1
LP		 3308 return 0;
3309
7410616c
LP		 3310 r = unit_name_from_path(what, ".device", &e);
3311 if (r < 0)
3312 return r;
6e2ef85b 3313
ac155bb8 3314 r = manager_load_unit(u->manager, e, NULL, NULL, &device);
6e2ef85b
LP		 3315 if (r < 0)
3316 return r;
3317
ebc8968b
FB		 3318 if (dep == UNIT_REQUIRES && device_shall_be_bound_by(device, u))
3319 dep = UNIT_BINDS_TO;
3320
d336ba9f
FB		 3321 return unit_add_two_dependencies(u, UNIT_AFTER,
3322 MANAGER_IS_SYSTEM(u->manager) ? dep : UNIT_WANTS,
3323 device, true, mask);
6e2ef85b 3324}
a16e1123 3325
44b0d1fd
LP		 3326int unit_add_blockdev_dependency(Unit *u, const char *what, UnitDependencyMask mask) {
3327 _cleanup_free_ char *escaped = NULL, *target = NULL;
3328 int r;
3329
3330 assert(u);
3331
3332 if (isempty(what))
3333 return 0;
3334
3335 if (!path_startswith(what, "/dev/"))
3336 return 0;
3337
3338 /* If we don't support devices, then also don't bother with blockdev@.target */
3339 if (!unit_type_supported(UNIT_DEVICE))
3340 return 0;
3341
3342 r = unit_name_path_escape(what, &escaped);
3343 if (r < 0)
3344 return r;
3345
3346 r = unit_name_build("blockdev", escaped, ".target", &target);
3347 if (r < 0)
3348 return r;
3349
3350 return unit_add_dependency_by_name(u, UNIT_AFTER, target, true, mask);
3351}
3352
be847e82 3353int unit_coldplug(Unit *u) {
05a98afd
LP		 3354 int r = 0, q;
3355 char **i;
b49e14d5 3356 Job *uj;
cca098b0
LP		 3357
3358 assert(u);
3359
f0831ed2 3360 /* Make sure we don't enter a loop, when coldplugging recursively. */
f78f265f
LP		 3361 if (u->coldplugged)
3362 return 0;
3363
3364 u->coldplugged = true;
3365
05a98afd
LP		 3366 STRV_FOREACH(i, u->deserialized_refs) {
3367 q = bus_unit_track_add_name(u, *i);
3368 if (q < 0 && r >= 0)
3369 r = q;
3370 }
3371 u->deserialized_refs = strv_free(u->deserialized_refs);
cca098b0 3372
05a98afd
LP		 3373 if (UNIT_VTABLE(u)->coldplug) {
3374 q = UNIT_VTABLE(u)->coldplug(u);
3375 if (q < 0 && r >= 0)
3376 r = q;
3377 }
5a6158b6 3378
b49e14d5 3379 uj = u->job ?: u->nop_job;
3380 if (uj) {
3381 q = job_coldplug(uj);
05a98afd
LP		 3382 if (q < 0 && r >= 0)
3383 r = q;
3384 }
cca098b0 3385
05a98afd 3386 return r;
cca098b0
LP		 3387}
3388
f0831ed2
LP		 3389void unit_catchup(Unit *u) {
3390 assert(u);
3391
3392 if (UNIT_VTABLE(u)->catchup)
3393 UNIT_VTABLE(u)->catchup(u);
3394}
3395
ba25d39e 3396static bool fragment_mtime_newer(const char *path, usec_t mtime, bool path_masked) {
21b95806
ZJS		 3397 struct stat st;
3398
3399 if (!path)
3400 return false;
3401
77969722
LP		 3402 /* If the source is some virtual kernel file system, then we assume we watch it anyway, and hence pretend we
3403 * are never out-of-date. */
3404 if (PATH_STARTSWITH_SET(path, "/proc", "/sys"))
3405 return false;
3406
21b95806
ZJS		 3407 if (stat(path, &st) < 0)
3408 /* What, cannot access this anymore? */
3409 return true;
3410
ba25d39e
ZJS		 3411 if (path_masked)
3412 /* For masked files check if they are still so */
3413 return !null_or_empty(&st);
3414 else
3a8db9fe 3415 /* For non-empty files check the mtime */
87ec20ef 3416 return timespec_load(&st.st_mtim) > mtime;
21b95806
ZJS		 3417
3418 return false;
3419}
3420
45fb0699 3421bool unit_need_daemon_reload(Unit *u) {
ae7a7182
OS		 3422 _cleanup_strv_free_ char **t = NULL;
3423 char **path;
1b64d026 3424
45fb0699
LP		 3425 assert(u);
3426
ba25d39e
ZJS		 3427 /* For unit files, we allow masking… */
3428 if (fragment_mtime_newer(u->fragment_path, u->fragment_mtime,
3429 u->load_state == UNIT_MASKED))
21b95806 3430 return true;
5f4b19f4 3431
ba25d39e
ZJS		 3432 /* Source paths should not be masked… */
3433 if (fragment_mtime_newer(u->source_path, u->source_mtime, false))
ab932a62 3434 return true;
ae7a7182 3435
19a44dfe
LR		 3436 if (u->load_state == UNIT_LOADED)
3437 (void) unit_find_dropin_paths(u, &t);
ab932a62
LP		 3438 if (!strv_equal(u->dropin_paths, t))
3439 return true;
6d10d308 3440
ba25d39e 3441 /* … any drop-ins that are masked are simply omitted from the list. */
ab932a62 3442 STRV_FOREACH(path, u->dropin_paths)
ba25d39e 3443 if (fragment_mtime_newer(*path, u->dropin_mtime, false))
ab932a62 3444 return true;
21b95806 3445
ab932a62 3446 return false;
45fb0699
LP		 3447}
3448
fdf20a31 3449void unit_reset_failed(Unit *u) {
5632e374
LP		 3450 assert(u);
3451
fdf20a31
MM		 3452 if (UNIT_VTABLE(u)->reset_failed)
3453 UNIT_VTABLE(u)->reset_failed(u);
6bf0f408 3454
7bf081a1 3455 ratelimit_reset(&u->start_ratelimit);
6bf0f408 3456 u->start_limit_hit = false;
5632e374
LP		 3457}
3458
a7f241db
LP		 3459Unit *unit_following(Unit *u) {
3460 assert(u);
3461
3462 if (UNIT_VTABLE(u)->following)
3463 return UNIT_VTABLE(u)->following(u);
3464
3465 return NULL;
3466}
3467
31afa0a4 3468bool unit_stop_pending(Unit *u) {
18ffdfda
LP		 3469 assert(u);
3470
31afa0a4
LP		 3471 /* This call does check the current state of the unit. It's
3472 * hence useful to be called from state change calls of the
3473 * unit itself, where the state isn't updated yet. This is
3474 * different from unit_inactive_or_pending() which checks both
3475 * the current state and for a queued job. */
18ffdfda 3476
28a2dfe8 3477 return unit_has_job_type(u, JOB_STOP);
31afa0a4
LP		 3478}
3479
3480bool unit_inactive_or_pending(Unit *u) {
3481 assert(u);
3482
3483 /* Returns true if the unit is inactive or going down */
18ffdfda 3484
d956ac29
LP		 3485 if (UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(u)))
3486 return true;
3487
31afa0a4 3488 if (unit_stop_pending(u))
18ffdfda
LP		 3489 return true;
3490
3491 return false;
3492}
3493
31afa0a4 3494bool unit_active_or_pending(Unit *u) {
f976f3f6
LP		 3495 assert(u);
3496
f60c2665 3497 /* Returns true if the unit is active or going up */
f976f3f6
LP		 3498
3499 if (UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(u)))
3500 return true;
3501
ac155bb8 3502 if (u->job &&
3742095b 3503 IN_SET(u->job->type, JOB_START, JOB_RELOAD_OR_START, JOB_RESTART))
f976f3f6
LP		 3504 return true;
3505
3506 return false;
3507}
3508
52a12341
YW		 3509bool unit_will_restart_default(Unit *u) {
3510 assert(u);
3511
28a2dfe8 3512 return unit_has_job_type(u, JOB_START);
52a12341
YW		 3513}
3514
deb4e708
MK		 3515bool unit_will_restart(Unit *u) {
3516 assert(u);
3517
3518 if (!UNIT_VTABLE(u)->will_restart)
3519 return false;
3520
3521 return UNIT_VTABLE(u)->will_restart(u);
3522}
3523
718db961 3524int unit_kill(Unit *u, KillWho w, int signo, sd_bus_error *error) {
8a0867d6
LP		 3525 assert(u);
3526 assert(w >= 0 && w < _KILL_WHO_MAX);
6eb7c172 3527 assert(SIGNAL_VALID(signo));
8a0867d6 3528
8a0867d6 3529 if (!UNIT_VTABLE(u)->kill)
15411c0c 3530 return -EOPNOTSUPP;
8a0867d6 3531
c74f17d9 3532 return UNIT_VTABLE(u)->kill(u, w, signo, error);
8a0867d6
LP		 3533}
3534
82659fd7 3535static Set *unit_pid_set(pid_t main_pid, pid_t control_pid) {
af4fa99d 3536 _cleanup_set_free_ Set *pid_set = NULL;
82659fd7
LP		 3537 int r;
3538
d5099efc 3539 pid_set = set_new(NULL);
82659fd7
LP		 3540 if (!pid_set)
3541 return NULL;
3542
3543 /* Exclude the main/control pids from being killed via the cgroup */
3544 if (main_pid > 0) {
fea72cc0 3545 r = set_put(pid_set, PID_TO_PTR(main_pid));
82659fd7 3546 if (r < 0)
95f14a3e 3547 return NULL;
82659fd7
LP		 3548 }
3549
3550 if (control_pid > 0) {
fea72cc0 3551 r = set_put(pid_set, PID_TO_PTR(control_pid));
82659fd7 3552 if (r < 0)
95f14a3e 3553 return NULL;
82659fd7
LP		 3554 }
3555
95f14a3e 3556 return TAKE_PTR(pid_set);
82659fd7
LP		 3557}
3558
d9911002
LP		 3559static int kill_common_log(pid_t pid, int signo, void *userdata) {
3560 _cleanup_free_ char *comm = NULL;
3561 Unit *u = userdata;
3562
3563 assert(u);
3564
3565 (void) get_process_comm(pid, &comm);
3566 log_unit_info(u, "Sending signal SIG%s to process " PID_FMT " (%s) on client request.",
3567 signal_to_string(signo), pid, strna(comm));
3568
3569 return 1;
3570}
3571
d91c34f2
LP		 3572int unit_kill_common(
3573 Unit *u,
3574 KillWho who,
3575 int signo,
3576 pid_t main_pid,
3577 pid_t control_pid,
718db961 3578 sd_bus_error *error) {
d91c34f2 3579
814cc562 3580 int r = 0;
ac5e3a50 3581 bool killed = false;
814cc562 3582
8aff7ac4
LP		 3583 /* This is the common implementation for explicit user-requested killing of unit processes, shared by
3584 * various unit types. Do not confuse with unit_kill_context(), which is what we use when we want to
3585 * stop a service ourselves. */
3586
ac5e3a50 3587 if (IN_SET(who, KILL_MAIN, KILL_MAIN_FAIL)) {
814cc562 3588 if (main_pid < 0)
7358dc02 3589 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_PROCESS, "%s units have no main processes", unit_type_to_string(u->type));
8aff7ac4 3590 if (main_pid == 0)
7358dc02 3591 return sd_bus_error_set_const(error, BUS_ERROR_NO_SUCH_PROCESS, "No main process to kill");
814cc562
MS		 3592 }
3593
ac5e3a50 3594 if (IN_SET(who, KILL_CONTROL, KILL_CONTROL_FAIL)) {
814cc562 3595 if (control_pid < 0)
7358dc02 3596 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_PROCESS, "%s units have no control processes", unit_type_to_string(u->type));
8aff7ac4 3597 if (control_pid == 0)
7358dc02 3598 return sd_bus_error_set_const(error, BUS_ERROR_NO_SUCH_PROCESS, "No control process to kill");
814cc562
MS		 3599 }
3600
ac5e3a50
JS		 3601 if (IN_SET(who, KILL_CONTROL, KILL_CONTROL_FAIL, KILL_ALL, KILL_ALL_FAIL))
3602 if (control_pid > 0) {
d9911002
LP		 3603 _cleanup_free_ char *comm = NULL;
3604 (void) get_process_comm(control_pid, &comm);
3605
3606 if (kill(control_pid, signo) < 0) {
3607 /* Report this failure both to the logs and to the client */
3608 sd_bus_error_set_errnof(
3609 error, errno,
3610 "Failed to send signal SIG%s to control process " PID_FMT " (%s): %m",
3611 signal_to_string(signo), control_pid, strna(comm));
3612 r = log_unit_warning_errno(
3613 u, errno,
3614 "Failed to send signal SIG%s to control process " PID_FMT " (%s) on client request: %m",
3615 signal_to_string(signo), control_pid, strna(comm));
3616 } else {
3617 log_unit_info(u, "Sent signal SIG%s to control process " PID_FMT " (%s) on client request.",
3618 signal_to_string(signo), control_pid, strna(comm));
ac5e3a50 3619 killed = true;
d9911002 3620 }
ac5e3a50 3621 }
814cc562 3622
ac5e3a50
JS		 3623 if (IN_SET(who, KILL_MAIN, KILL_MAIN_FAIL, KILL_ALL, KILL_ALL_FAIL))
3624 if (main_pid > 0) {
d9911002
LP		 3625 _cleanup_free_ char *comm = NULL;
3626 (void) get_process_comm(main_pid, &comm);
3627
3628 if (kill(main_pid, signo) < 0) {
3629 if (r == 0)
3630 sd_bus_error_set_errnof(
3631 error, errno,
3632 "Failed to send signal SIG%s to main process " PID_FMT " (%s): %m",
3633 signal_to_string(signo), main_pid, strna(comm));
3634
3635 r = log_unit_warning_errno(
3636 u, errno,
3637 "Failed to send signal SIG%s to main process " PID_FMT " (%s) on client request: %m",
3638 signal_to_string(signo), main_pid, strna(comm));
3639 } else {
3640 log_unit_info(u, "Sent signal SIG%s to main process " PID_FMT " (%s) on client request.",
3641 signal_to_string(signo), main_pid, strna(comm));
ac5e3a50 3642 killed = true;
d9911002 3643 }
ac5e3a50 3644 }
814cc562 3645
ac5e3a50 3646 if (IN_SET(who, KILL_ALL, KILL_ALL_FAIL) && u->cgroup_path) {
814cc562
MS		 3647 _cleanup_set_free_ Set *pid_set = NULL;
3648 int q;
3649
82659fd7
LP		 3650 /* Exclude the main/control pids from being killed via the cgroup */
3651 pid_set = unit_pid_set(main_pid, control_pid);
814cc562 3652 if (!pid_set)
d9911002
LP		 3653 return log_oom();
3654
3655 q = cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, signo, 0, pid_set, kill_common_log, u);
3656 if (q < 0) {
3657 if (!IN_SET(q, -ESRCH, -ENOENT)) {
3658 if (r == 0)
3659 sd_bus_error_set_errnof(
3660 error, q,
3661 "Failed to send signal SIG%s to auxiliary processes: %m",
3662 signal_to_string(signo));
3663
3664 r = log_unit_warning_errno(
3665 u, q,
3666 "Failed to send signal SIG%s to auxiliary processes on client request: %m",
3667 signal_to_string(signo));
3668 }
3669 } else
ac5e3a50 3670 killed = true;
814cc562
MS		 3671 }
3672
2ae0508e
LP		 3673 /* If the "fail" versions of the operation are requested, then complain if the set of processes we killed is empty */
3674 if (r == 0 && !killed && IN_SET(who, KILL_ALL_FAIL, KILL_CONTROL_FAIL, KILL_MAIN_FAIL))
3675 return sd_bus_error_set_const(error, BUS_ERROR_NO_SUCH_PROCESS, "No matching processes to kill");
ac5e3a50 3676
814cc562
MS		 3677 return r;
3678}
3679
6210e7fc
LP		 3680int unit_following_set(Unit *u, Set **s) {
3681 assert(u);
3682 assert(s);
3683
3684 if (UNIT_VTABLE(u)->following_set)
3685 return UNIT_VTABLE(u)->following_set(u, s);
3686
3687 *s = NULL;
3688 return 0;
3689}
3690
a4375746 3691UnitFileState unit_get_unit_file_state(Unit *u) {
0ec0deaa
LP		 3692 int r;
3693
a4375746
LP		 3694 assert(u);
3695
0ec0deaa
LP		 3696 if (u->unit_file_state < 0 && u->fragment_path) {
3697 r = unit_file_get_state(
463d0d15 3698 u->manager->unit_file_scope,
0ec0deaa 3699 NULL,
9ea3a0e7 3700 u->id,
0ec0deaa
LP		 3701 &u->unit_file_state);
3702 if (r < 0)
3703 u->unit_file_state = UNIT_FILE_BAD;
3704 }
a4375746 3705
ac155bb8 3706 return u->unit_file_state;
a4375746
LP		 3707}
3708
d2dc52db
LP		 3709int unit_get_unit_file_preset(Unit *u) {
3710 assert(u);
3711
3712 if (u->unit_file_preset < 0 && u->fragment_path)
3713 u->unit_file_preset = unit_file_query_preset(
463d0d15 3714 u->manager->unit_file_scope,
0ec0deaa 3715 NULL,
8f7b2566
ZJS		 3716 basename(u->fragment_path),
3717 NULL);
d2dc52db
LP		 3718
3719 return u->unit_file_preset;
3720}
3721
7f7d01ed 3722Unit* unit_ref_set(UnitRef *ref, Unit *source, Unit *target) {
57020a3a 3723 assert(ref);
7f7d01ed
ZJS		 3724 assert(source);
3725 assert(target);
57020a3a 3726
7f7d01ed 3727 if (ref->target)
57020a3a
LP		 3728 unit_ref_unset(ref);
3729
7f7d01ed
ZJS		 3730 ref->source = source;
3731 ref->target = target;
3732 LIST_PREPEND(refs_by_target, target->refs_by_target, ref);
3733 return target;
57020a3a
LP		 3734}
3735
3736void unit_ref_unset(UnitRef *ref) {
3737 assert(ref);
3738
7f7d01ed 3739 if (!ref->target)
57020a3a
LP		 3740 return;
3741
b75102e5
LP		 3742 /* We are about to drop a reference to the unit, make sure the garbage collection has a look at it as it might
3743 * be unreferenced now. */
7f7d01ed 3744 unit_add_to_gc_queue(ref->target);
b75102e5 3745
7f7d01ed
ZJS		 3746 LIST_REMOVE(refs_by_target, ref->target->refs_by_target, ref);
3747 ref->source = ref->target = NULL;
57020a3a
LP		 3748}
3749
29206d46
LP		 3750static int user_from_unit_name(Unit *u, char **ret) {
3751
3752 static const uint8_t hash_key[] = {
3753 0x58, 0x1a, 0xaf, 0xe6, 0x28, 0x58, 0x4e, 0x96,
3754 0xb4, 0x4e, 0xf5, 0x3b, 0x8c, 0x92, 0x07, 0xec
3755 };
3756
3757 _cleanup_free_ char *n = NULL;
3758 int r;
3759
3760 r = unit_name_to_prefix(u->id, &n);
3761 if (r < 0)
3762 return r;
3763
7a8867ab 3764 if (valid_user_group_name(n, 0)) {
ae2a15bc 3765 *ret = TAKE_PTR(n);
29206d46
LP		 3766 return 0;
3767 }
3768
3769 /* If we can't use the unit name as a user name, then let's hash it and use that */
3770 if (asprintf(ret, "_du%016" PRIx64, siphash24(n, strlen(n), hash_key)) < 0)
3771 return -ENOMEM;
3772
3773 return 0;
3774}
3775
598459ce
LP		 3776int unit_patch_contexts(Unit *u) {
3777 CGroupContext *cc;
3778 ExecContext *ec;
cba6e062
LP		 3779 int r;
3780
e06c73cc 3781 assert(u);
e06c73cc 3782
598459ce
LP		 3783 /* Patch in the manager defaults into the exec and cgroup
3784 * contexts, _after_ the rest of the settings have been
3785 * initialized */
085afe36 3786
598459ce
LP		 3787 ec = unit_get_exec_context(u);
3788 if (ec) {
3789 /* This only copies in the ones that need memory */
12375b95 3790 for (unsigned i = 0; i < _RLIMIT_MAX; i++)
598459ce
LP		 3791 if (u->manager->rlimit[i] && !ec->rlimit[i]) {
3792 ec->rlimit[i] = newdup(struct rlimit, u->manager->rlimit[i], 1);
3793 if (!ec->rlimit[i])
3794 return -ENOMEM;
3795 }
3796
463d0d15 3797 if (MANAGER_IS_USER(u->manager) &&
598459ce
LP		 3798 !ec->working_directory) {
3799
3800 r = get_home_dir(&ec->working_directory);
3801 if (r < 0)
3802 return r;
4c08c824
LP		 3803
3804 /* Allow user services to run, even if the
3805 * home directory is missing */
3806 ec->working_directory_missing_ok = true;
cba6e062
LP		 3807 }
3808
598459ce 3809 if (ec->private_devices)
2cd0a735 3810 ec->capability_bounding_set &= ~((UINT64_C(1) << CAP_MKNOD) | (UINT64_C(1) << CAP_SYS_RAWIO));
502d704e
DH		 3811
3812 if (ec->protect_kernel_modules)
3813 ec->capability_bounding_set &= ~(UINT64_C(1) << CAP_SYS_MODULE);
29206d46 3814
84703040
KK		 3815 if (ec->protect_kernel_logs)
3816 ec->capability_bounding_set &= ~(UINT64_C(1) << CAP_SYSLOG);
3817
fc64760d
KK		 3818 if (ec->protect_clock)
3819 ec->capability_bounding_set &= ~((UINT64_C(1) << CAP_SYS_TIME) | (UINT64_C(1) << CAP_WAKE_ALARM));
3820
29206d46
LP		 3821 if (ec->dynamic_user) {
3822 if (!ec->user) {
3823 r = user_from_unit_name(u, &ec->user);
3824 if (r < 0)
3825 return r;
3826 }
3827
3828 if (!ec->group) {
3829 ec->group = strdup(ec->user);
3830 if (!ec->group)
3831 return -ENOMEM;
3832 }
3833
bf65b7e0
LP		 3834 /* If the dynamic user option is on, let's make sure that the unit can't leave its
3835 * UID/GID around in the file system or on IPC objects. Hence enforce a strict
3836 * sandbox. */
63bb64a0 3837
29206d46 3838 ec->private_tmp = true;
00d9ef85 3839 ec->remove_ipc = true;
63bb64a0
LP		 3840 ec->protect_system = PROTECT_SYSTEM_STRICT;
3841 if (ec->protect_home == PROTECT_HOME_NO)
3842 ec->protect_home = PROTECT_HOME_READ_ONLY;
bf65b7e0
LP		 3843
3844 /* Make sure this service can neither benefit from SUID/SGID binaries nor create
3845 * them. */
3846 ec->no_new_privileges = true;
3847 ec->restrict_suid_sgid = true;
29206d46 3848 }
cba6e062
LP		 3849 }
3850
598459ce 3851 cc = unit_get_cgroup_context(u);
fe65e88b 3852 if (cc && ec) {
f513e420 3853
fe65e88b 3854 if (ec->private_devices &&
084870f9
ZJS		 3855 cc->device_policy == CGROUP_DEVICE_POLICY_AUTO)
3856 cc->device_policy = CGROUP_DEVICE_POLICY_CLOSED;
fe65e88b 3857
b3d13314 3858 if ((ec->root_image || !LIST_IS_EMPTY(ec->mount_images)) &&
084870f9 3859 (cc->device_policy != CGROUP_DEVICE_POLICY_AUTO || cc->device_allow)) {
0cffae95 3860 const char *p;
fe65e88b 3861
b3d13314 3862 /* When RootImage= or MountImages= is specified, the following devices are touched. */
0cffae95
LB		 3863 FOREACH_STRING(p, "/dev/loop-control", "/dev/mapper/control") {
3864 r = cgroup_add_device_allow(cc, p, "rw");
3865 if (r < 0)
3866 return r;
3867 }
3868 FOREACH_STRING(p, "block-loop", "block-blkext", "block-device-mapper") {
3869 r = cgroup_add_device_allow(cc, p, "rwm");
3870 if (r < 0)
3871 return r;
3872 }
867af728 3873
0cffae95
LB		 3874 /* Make sure "block-loop" can be resolved, i.e. make sure "loop" shows up in /proc/devices.
3875 * Same for mapper and verity. */
3876 FOREACH_STRING(p, "modprobe@loop.service", "modprobe@dm_mod.service", "modprobe@dm_verity.service") {
3877 r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, p, true, UNIT_DEPENDENCY_FILE);
3878 if (r < 0)
3879 return r;
3880 }
fe65e88b 3881 }
fc64760d
KK		 3882
3883 if (ec->protect_clock) {
3884 r = cgroup_add_device_allow(cc, "char-rtc", "r");
3885 if (r < 0)
3886 return r;
3887 }
598459ce 3888 }
f1660f96 3889
cba6e062 3890 return 0;
e06c73cc
LP		 3891}
3892
c2503e35 3893ExecContext *unit_get_exec_context(const Unit *u) {
3ef63c31
LP		 3894 size_t offset;
3895 assert(u);
3896
598459ce
LP		 3897 if (u->type < 0)
3898 return NULL;
3899
3ef63c31
LP		 3900 offset = UNIT_VTABLE(u)->exec_context_offset;
3901 if (offset <= 0)
3902 return NULL;
3903
3904 return (ExecContext*) ((uint8_t*) u + offset);
3905}
3906
718db961
LP		 3907KillContext *unit_get_kill_context(Unit *u) {
3908 size_t offset;
3909 assert(u);
3910
598459ce
LP		 3911 if (u->type < 0)
3912 return NULL;
3913
718db961
LP		 3914 offset = UNIT_VTABLE(u)->kill_context_offset;
3915 if (offset <= 0)
3916 return NULL;
3917
3918 return (KillContext*) ((uint8_t*) u + offset);
3919}
3920
4ad49000
LP		 3921CGroupContext *unit_get_cgroup_context(Unit *u) {
3922 size_t offset;
3923
598459ce
LP		 3924 if (u->type < 0)
3925 return NULL;
3926
4ad49000
LP		 3927 offset = UNIT_VTABLE(u)->cgroup_context_offset;
3928 if (offset <= 0)
3929 return NULL;
3930
3931 return (CGroupContext*) ((uint8_t*) u + offset);
3932}
3933
613b411c
LP		 3934ExecRuntime *unit_get_exec_runtime(Unit *u) {
3935 size_t offset;
3936
598459ce
LP		 3937 if (u->type < 0)
3938 return NULL;
3939
613b411c
LP		 3940 offset = UNIT_VTABLE(u)->exec_runtime_offset;
3941 if (offset <= 0)
3942 return NULL;
3943
3944 return *(ExecRuntime**) ((uint8_t*) u + offset);
3945}
3946
2e59b241 3947static const char* unit_drop_in_dir(Unit *u, UnitWriteFlags flags) {
3f5e8115
LP		 3948 assert(u);
3949
2e59b241 3950 if (UNIT_WRITE_FLAGS_NOOP(flags))
4f4afc88
LP		 3951 return NULL;
3952
39591351
LP		 3953 if (u->transient) /* Redirect drop-ins for transient units always into the transient directory. */
3954 return u->manager->lookup_paths.transient;
26d04f86 3955
2e59b241 3956 if (flags & UNIT_PERSISTENT)
4f4afc88 3957 return u->manager->lookup_paths.persistent_control;
26d04f86 3958
2e59b241
LP		 3959 if (flags & UNIT_RUNTIME)
3960 return u->manager->lookup_paths.runtime_control;
3961
39591351 3962 return NULL;
71645aca
LP		 3963}
3964
2e59b241
LP		 3965char* unit_escape_setting(const char *s, UnitWriteFlags flags, char **buf) {
3966 char *ret = NULL;
3967
3968 if (!s)
3969 return NULL;
3970
3971 /* Escapes the input string as requested. Returns the escaped string. If 'buf' is specified then the allocated
3972 * return buffer pointer is also written to *buf, except if no escaping was necessary, in which case *buf is
3973 * set to NULL, and the input pointer is returned as-is. This means the return value always contains a properly
3974 * escaped version, but *buf when passed only contains a pointer if an allocation was necessary. If *buf is
3975 * not specified, then the return value always needs to be freed. Callers can use this to optimize memory
3976 * allocations. */
3977
3978 if (flags & UNIT_ESCAPE_SPECIFIERS) {
3979 ret = specifier_escape(s);
3980 if (!ret)
3981 return NULL;
3982
3983 s = ret;
3984 }
3985
3986 if (flags & UNIT_ESCAPE_C) {
3987 char *a;
3988
3989 a = cescape(s);
3990 free(ret);
3991 if (!a)
3992 return NULL;
3993
3994 ret = a;
3995 }
3996
3997 if (buf) {
3998 *buf = ret;
3999 return ret ?: (char*) s;
4000 }
4001
4002 return ret ?: strdup(s);
4003}
4004
4005char* unit_concat_strv(char **l, UnitWriteFlags flags) {
4006 _cleanup_free_ char *result = NULL;
319a4f4b 4007 size_t n = 0;
ae2a15bc 4008 char **i;
2e59b241
LP		 4009
4010 /* Takes a list of strings, escapes them, and concatenates them. This may be used to format command lines in a
4011 * way suitable for ExecStart= stanzas */
4012
4013 STRV_FOREACH(i, l) {
4014 _cleanup_free_ char *buf = NULL;
4015 const char *p;
4016 size_t a;
4017 char *q;
4018
4019 p = unit_escape_setting(*i, flags, &buf);
4020 if (!p)
4021 return NULL;
4022
4023 a = (n > 0) + 1 + strlen(p) + 1; /* separating space + " + entry + " */
319a4f4b 4024 if (!GREEDY_REALLOC(result, n + a + 1))
2e59b241
LP		 4025 return NULL;
4026
4027 q = result + n;
4028 if (n > 0)
4029 *(q++) = ' ';
4030
4031 *(q++) = '"';
4032 q = stpcpy(q, p);
4033 *(q++) = '"';
4034
4035 n += a;
4036 }
4037
319a4f4b 4038 if (!GREEDY_REALLOC(result, n + 1))
2e59b241
LP		 4039 return NULL;
4040
4041 result[n] = 0;
4042
ae2a15bc 4043 return TAKE_PTR(result);
2e59b241
LP		 4044}
4045
4046int unit_write_setting(Unit *u, UnitWriteFlags flags, const char *name, const char *data) {
4047 _cleanup_free_ char *p = NULL, *q = NULL, *escaped = NULL;
2a9a6f8a 4048 const char *dir, *wrapped;
26d04f86 4049 int r;
71645aca
LP		 4050
4051 assert(u);
2e59b241
LP		 4052 assert(name);
4053 assert(data);
4054
4055 if (UNIT_WRITE_FLAGS_NOOP(flags))
4056 return 0;
4057
4058 data = unit_escape_setting(data, flags, &escaped);
4059 if (!data)
4060 return -ENOMEM;
4061
4062 /* Prefix the section header. If we are writing this out as transient file, then let's suppress this if the
4063 * previous section header is the same */
4064
4065 if (flags & UNIT_PRIVATE) {
4066 if (!UNIT_VTABLE(u)->private_section)
4067 return -EINVAL;
4068
4069 if (!u->transient_file || u->last_section_private < 0)
4070 data = strjoina("[", UNIT_VTABLE(u)->private_section, "]\n", data);
4071 else if (u->last_section_private == 0)
4072 data = strjoina("\n[", UNIT_VTABLE(u)->private_section, "]\n", data);
4073 } else {
4074 if (!u->transient_file || u->last_section_private < 0)
4075 data = strjoina("[Unit]\n", data);
4076 else if (u->last_section_private > 0)
4077 data = strjoina("\n[Unit]\n", data);
4078 }
71645aca 4079
4f4afc88
LP		 4080 if (u->transient_file) {
4081 /* When this is a transient unit file in creation, then let's not create a new drop-in but instead
4082 * write to the transient unit file. */
4083 fputs(data, u->transient_file);
4f4afc88 4084
2e59b241
LP		 4085 if (!endswith(data, "\n"))
4086 fputc('\n', u->transient_file);
4087
4088 /* Remember which section we wrote this entry to */
4089 u->last_section_private = !!(flags & UNIT_PRIVATE);
8e2af478 4090 return 0;
2e59b241 4091 }
8e2af478 4092
2e59b241 4093 dir = unit_drop_in_dir(u, flags);
39591351
LP		 4094 if (!dir)
4095 return -EINVAL;
71645aca 4096
2a9a6f8a 4097 wrapped = strjoina("# This is a drop-in unit file extension, created via \"systemctl set-property\"\n"
3f71dec5 4098 "# or an equivalent operation. Do not edit.\n",
2a9a6f8a
ZJS		 4099 data,
4100 "\n");
e20b2a86 4101
815b09d3 4102 r = drop_in_file(dir, u->id, 50, name, &p, &q);
adb76a70
WC		 4103 if (r < 0)
4104 return r;
4105
45639f1b 4106 (void) mkdir_p_label(p, 0755);
4dba44a5
ZJS		 4107
4108 /* Make sure the drop-in dir is registered in our path cache. This way we don't need to stupidly
4109 * recreate the cache after every drop-in we write. */
4110 if (u->manager->unit_path_cache) {
be327321 4111 r = set_put_strdup(&u->manager->unit_path_cache, p);
4dba44a5
ZJS		 4112 if (r < 0)
4113 return r;
4114 }
4115
2a9a6f8a 4116 r = write_string_file_atomic_label(q, wrapped);
adb76a70
WC		 4117 if (r < 0)
4118 return r;
4119
815b09d3 4120 r = strv_push(&u->dropin_paths, q);
adb76a70
WC		 4121 if (r < 0)
4122 return r;
815b09d3 4123 q = NULL;
adb76a70 4124
adb76a70
WC		 4125 strv_uniq(u->dropin_paths);
4126
4127 u->dropin_mtime = now(CLOCK_REALTIME);
4128
4129 return 0;
26d04f86 4130}
71645aca 4131
2e59b241 4132int unit_write_settingf(Unit *u, UnitWriteFlags flags, const char *name, const char *format, ...) {
b9ec9359
LP		 4133 _cleanup_free_ char *p = NULL;
4134 va_list ap;
4135 int r;
4136
4137 assert(u);
4138 assert(name);
4139 assert(format);
4140
2e59b241 4141 if (UNIT_WRITE_FLAGS_NOOP(flags))
b9ec9359
LP		 4142 return 0;
4143
4144 va_start(ap, format);
4145 r = vasprintf(&p, format, ap);
4146 va_end(ap);
4147
4148 if (r < 0)
4149 return -ENOMEM;
4150
2e59b241 4151 return unit_write_setting(u, flags, name, p);
b9ec9359 4152}
71645aca 4153
c2756a68 4154int unit_make_transient(Unit *u) {
0126c8f3 4155 _cleanup_free_ char *path = NULL;
4f4afc88 4156 FILE *f;
4f4afc88 4157
c2756a68
LP		 4158 assert(u);
4159
3f5e8115
LP		 4160 if (!UNIT_VTABLE(u)->can_transient)
4161 return -EOPNOTSUPP;
4162
45639f1b
LP		 4163 (void) mkdir_p_label(u->manager->lookup_paths.transient, 0755);
4164
657ee2d8 4165 path = path_join(u->manager->lookup_paths.transient, u->id);
4f4afc88
LP		 4166 if (!path)
4167 return -ENOMEM;
4168
4169 /* Let's open the file we'll write the transient settings into. This file is kept open as long as we are
4170 * creating the transient, and is closed in unit_load(), as soon as we start loading the file. */
4171
78e334b5 4172 RUN_WITH_UMASK(0022) {
4f4afc88 4173 f = fopen(path, "we");
0126c8f3 4174 if (!f)
78e334b5 4175 return -errno;
4f4afc88
LP		 4176 }
4177
0126c8f3 4178 safe_fclose(u->transient_file);
4f4afc88
LP		 4179 u->transient_file = f;
4180
0126c8f3 4181 free_and_replace(u->fragment_path, path);
7c65093a 4182
7c65093a
LP		 4183 u->source_path = mfree(u->source_path);
4184 u->dropin_paths = strv_free(u->dropin_paths);
4185 u->fragment_mtime = u->source_mtime = u->dropin_mtime = 0;
4186
4f4afc88
LP		 4187 u->load_state = UNIT_STUB;
4188 u->load_error = 0;
4189 u->transient = true;
4190
7c65093a
LP		 4191 unit_add_to_dbus_queue(u);
4192 unit_add_to_gc_queue(u);
c2756a68 4193
4f4afc88
LP		 4194 fputs("# This is a transient unit file, created programmatically via the systemd API. Do not edit.\n",
4195 u->transient_file);
4196
3f5e8115 4197 return 0;
c2756a68
LP		 4198}
4199
c53d2d54 4200static int log_kill(pid_t pid, int sig, void *userdata) {
1d98fef1
LP		 4201 _cleanup_free_ char *comm = NULL;
4202
4203 (void) get_process_comm(pid, &comm);
4204
4205 /* Don't log about processes marked with brackets, under the assumption that these are temporary processes
4206 only, like for example systemd's own PAM stub process. */
4207 if (comm && comm[0] == '(')
c53d2d54 4208 return 0;
1d98fef1
LP		 4209
4210 log_unit_notice(userdata,
4211 "Killing process " PID_FMT " (%s) with signal SIG%s.",
4212 pid,
4213 strna(comm),
4214 signal_to_string(sig));
c53d2d54
DB		 4215
4216 return 1;
1d98fef1
LP		 4217}
4218
4ab1670f 4219static int operation_to_signal(const KillContext *c, KillOperation k, bool *noteworthy) {
1d98fef1
LP		 4220 assert(c);
4221
4222 switch (k) {
4223
4224 case KILL_TERMINATE:
4225 case KILL_TERMINATE_AND_LOG:
4ab1670f 4226 *noteworthy = false;
1d98fef1
LP		 4227 return c->kill_signal;
4228
a232ebcc 4229 case KILL_RESTART:
4ab1670f 4230 *noteworthy = false;
a232ebcc
ZJS		 4231 return restart_kill_signal(c);
4232
1d98fef1 4233 case KILL_KILL:
4ab1670f 4234 *noteworthy = true;
fbb48d4c 4235 return c->final_kill_signal;
1d98fef1 4236
c87700a1 4237 case KILL_WATCHDOG:
4ab1670f 4238 *noteworthy = true;
c87700a1 4239 return c->watchdog_signal;
1d98fef1
LP		 4240
4241 default:
4242 assert_not_reached("KillOperation unknown");
4243 }
4244}
4245
cd2086fe
LP		 4246int unit_kill_context(
4247 Unit *u,
4248 KillContext *c,
db2cb23b 4249 KillOperation k,
cd2086fe
LP		 4250 pid_t main_pid,
4251 pid_t control_pid,
4252 bool main_pid_alien) {
4253
1d98fef1 4254 bool wait_for_exit = false, send_sighup;
59ec09a8 4255 cg_kill_log_func_t log_func = NULL;
b821a397 4256 int sig, r;
cd2086fe
LP		 4257
4258 assert(u);
4259 assert(c);
4260
8aff7ac4
LP		 4261 /* Kill the processes belonging to this unit, in preparation for shutting the unit down. Returns > 0
4262 * if we killed something worth waiting for, 0 otherwise. Do not confuse with unit_kill_common()
4263 * which is used for user-requested killing of unit processes. */
1d98fef1 4264
cd2086fe
LP		 4265 if (c->kill_mode == KILL_NONE)
4266 return 0;
4267
4ab1670f
ZJS		 4268 bool noteworthy;
4269 sig = operation_to_signal(c, k, &noteworthy);
4270 if (noteworthy)
4271 log_func = log_kill;
1d98fef1
LP		 4272
4273 send_sighup =
4274 c->send_sighup &&
4275 IN_SET(k, KILL_TERMINATE, KILL_TERMINATE_AND_LOG) &&
4276 sig != SIGHUP;
4277
cd2086fe 4278 if (main_pid > 0) {
1d98fef1
LP		 4279 if (log_func)
4280 log_func(main_pid, sig, u);
cd2086fe 4281
1d98fef1 4282 r = kill_and_sigcont(main_pid, sig);
cd2086fe
LP		 4283 if (r < 0 && r != -ESRCH) {
4284 _cleanup_free_ char *comm = NULL;
1d98fef1 4285 (void) get_process_comm(main_pid, &comm);
cd2086fe 4286
b821a397 4287 log_unit_warning_errno(u, r, "Failed to kill main process " PID_FMT " (%s), ignoring: %m", main_pid, strna(comm));
82659fd7 4288 } else {
bc6aed7b
LP		 4289 if (!main_pid_alien)
4290 wait_for_exit = true;
82659fd7 4291
1d98fef1 4292 if (r != -ESRCH && send_sighup)
d0667321 4293 (void) kill(main_pid, SIGHUP);
82659fd7 4294 }
cd2086fe
LP		 4295 }
4296
4297 if (control_pid > 0) {
1d98fef1
LP		 4298 if (log_func)
4299 log_func(control_pid, sig, u);
cd2086fe 4300
1d98fef1 4301 r = kill_and_sigcont(control_pid, sig);
cd2086fe
LP		 4302 if (r < 0 && r != -ESRCH) {
4303 _cleanup_free_ char *comm = NULL;
1d98fef1 4304 (void) get_process_comm(control_pid, &comm);
cd2086fe 4305
b821a397 4306 log_unit_warning_errno(u, r, "Failed to kill control process " PID_FMT " (%s), ignoring: %m", control_pid, strna(comm));
82659fd7 4307 } else {
cd2086fe 4308 wait_for_exit = true;
82659fd7 4309
1d98fef1 4310 if (r != -ESRCH && send_sighup)
d0667321 4311 (void) kill(control_pid, SIGHUP);
82659fd7 4312 }
cd2086fe
LP		 4313 }
4314
b821a397
LP		 4315 if (u->cgroup_path &&
4316 (c->kill_mode == KILL_CONTROL_GROUP || (c->kill_mode == KILL_MIXED && k == KILL_KILL))) {
cd2086fe
LP		 4317 _cleanup_set_free_ Set *pid_set = NULL;
4318
82659fd7
LP		 4319 /* Exclude the main/control pids from being killed via the cgroup */
4320 pid_set = unit_pid_set(main_pid, control_pid);
cd2086fe
LP		 4321 if (!pid_set)
4322 return -ENOMEM;
4323
1d98fef1
LP		 4324 r = cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path,
4325 sig,
4326 CGROUP_SIGCONT|CGROUP_IGNORE_SELF,
4327 pid_set,
4328 log_func, u);
cd2086fe 4329 if (r < 0) {
4c701096 4330 if (!IN_SET(r, -EAGAIN, -ESRCH, -ENOENT))
b821a397
LP		 4331 log_unit_warning_errno(u, r, "Failed to kill control group %s, ignoring: %m", u->cgroup_path);
4332
82659fd7 4333 } else if (r > 0) {
bc6aed7b 4334
1d9cc876
LP		 4335 /* FIXME: For now, on the legacy hierarchy, we will not wait for the cgroup members to die if
4336 * we are running in a container or if this is a delegation unit, simply because cgroup
4337 * notification is unreliable in these cases. It doesn't work at all in containers, and outside
4338 * of containers it can be confused easily by left-over directories in the cgroup — which
4339 * however should not exist in non-delegated units. On the unified hierarchy that's different,
4340 * there we get proper events. Hence rely on them. */
efdb0237 4341
c22800e4 4342 if (cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER) > 0 ||
1d9cc876 4343 (detect_container() == 0 && !unit_cgroup_delegate(u)))
e9db43d5 4344 wait_for_exit = true;
58ea275a 4345
1d98fef1 4346 if (send_sighup) {
82659fd7
LP		 4347 set_free(pid_set);
4348
4349 pid_set = unit_pid_set(main_pid, control_pid);
4350 if (!pid_set)
4351 return -ENOMEM;
4352
c8aa4b5b
LP		 4353 (void) cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path,
4354 SIGHUP,
4355 CGROUP_IGNORE_SELF,
4356 pid_set,
4357 NULL, NULL);
82659fd7
LP		 4358 }
4359 }
cd2086fe
LP		 4360 }
4361
4362 return wait_for_exit;
4363}
4364
eef85c4a 4365int unit_require_mounts_for(Unit *u, const char *path, UnitDependencyMask mask) {
ca8700e9 4366 _cleanup_free_ char *p = NULL;
eef85c4a 4367 UnitDependencyInfo di;
a57f7e2c
LP		 4368 int r;
4369
4370 assert(u);
4371 assert(path);
4372
eef85c4a
LP		 4373 /* Registers a unit for requiring a certain path and all its prefixes. We keep a hashtable of these paths in
4374 * the unit (from the path to the UnitDependencyInfo structure indicating how to the dependency came to
4375 * be). However, we build a prefix table for all possible prefixes so that new appearing mount units can easily
4376 * determine which units to make themselves a dependency of. */
a57f7e2c 4377
70b64bd3
ZJS		 4378 if (!path_is_absolute(path))
4379 return -EINVAL;
4380
548f6937 4381 r = hashmap_ensure_allocated(&u->requires_mounts_for, &path_hash_ops);
eef85c4a
LP		 4382 if (r < 0)
4383 return r;
4384
a57f7e2c
LP		 4385 p = strdup(path);
4386 if (!p)
4387 return -ENOMEM;
4388
106bf8e4 4389 path = path_simplify(p, true);
a57f7e2c 4390
ca8700e9 4391 if (!path_is_normalized(path))
a57f7e2c 4392 return -EPERM;
a57f7e2c 4393
ca8700e9 4394 if (hashmap_contains(u->requires_mounts_for, path))
a57f7e2c 4395 return 0;
a57f7e2c 4396
eef85c4a
LP		 4397 di = (UnitDependencyInfo) {
4398 .origin_mask = mask
4399 };
4400
ca8700e9
ZJS		 4401 r = hashmap_put(u->requires_mounts_for, path, di.data);
4402 if (r < 0)
a57f7e2c 4403 return r;
ca8700e9 4404 p = NULL;
a57f7e2c 4405
4cb06c59 4406 char prefix[strlen(path) + 1];
ca8700e9 4407 PATH_FOREACH_PREFIX_MORE(prefix, path) {
a57f7e2c
LP		 4408 Set *x;
4409
4410 x = hashmap_get(u->manager->units_requiring_mounts_for, prefix);
4411 if (!x) {
ca8700e9 4412 _cleanup_free_ char *q = NULL;
a57f7e2c 4413
548f6937 4414 r = hashmap_ensure_allocated(&u->manager->units_requiring_mounts_for, &path_hash_ops);
742f41ad
LP		 4415 if (r < 0)
4416 return r;
a57f7e2c
LP		 4417
4418 q = strdup(prefix);
4419 if (!q)
4420 return -ENOMEM;
4421
d5099efc 4422 x = set_new(NULL);
ca8700e9 4423 if (!x)
a57f7e2c 4424 return -ENOMEM;
a57f7e2c
LP		 4425
4426 r = hashmap_put(u->manager->units_requiring_mounts_for, q, x);
4427 if (r < 0) {
a57f7e2c
LP		 4428 set_free(x);
4429 return r;
4430 }
ca8700e9 4431 q = NULL;
a57f7e2c
LP		 4432 }
4433
4434 r = set_put(x, u);
4435 if (r < 0)
4436 return r;
4437 }
4438
4439 return 0;
4440}
4441
613b411c
LP		 4442int unit_setup_exec_runtime(Unit *u) {
4443 ExecRuntime **rt;
4444 size_t offset;
613b411c 4445 Unit *other;
eef85c4a 4446 void *v;
e8a565cb 4447 int r;
613b411c
LP		 4448
4449 offset = UNIT_VTABLE(u)->exec_runtime_offset;
4450 assert(offset > 0);
4451
06b643e7 4452 /* Check if there already is an ExecRuntime for this unit? */
613b411c
LP		 4453 rt = (ExecRuntime**) ((uint8_t*) u + offset);
4454 if (*rt)
4455 return 0;
4456
4457 /* Try to get it from somebody else */
90e74a66 4458 HASHMAP_FOREACH_KEY(v, other, u->dependencies[UNIT_JOINS_NAMESPACE_OF]) {
e8a565cb
YW		 4459 r = exec_runtime_acquire(u->manager, NULL, other->id, false, rt);
4460 if (r == 1)
4461 return 1;
613b411c
LP		 4462 }
4463
e8a565cb 4464 return exec_runtime_acquire(u->manager, unit_get_exec_context(u), u->id, true, rt);
613b411c
LP		 4465}
4466
29206d46
LP		 4467int unit_setup_dynamic_creds(Unit *u) {
4468 ExecContext *ec;
4469 DynamicCreds *dcreds;
4470 size_t offset;
4471
4472 assert(u);
4473
4474 offset = UNIT_VTABLE(u)->dynamic_creds_offset;
4475 assert(offset > 0);
4476 dcreds = (DynamicCreds*) ((uint8_t*) u + offset);
4477
4478 ec = unit_get_exec_context(u);
4479 assert(ec);
4480
4481 if (!ec->dynamic_user)
4482 return 0;
4483
4484 return dynamic_creds_acquire(dcreds, u->manager, ec->user, ec->group);
4485}
4486
1c2e9646
LP		 4487bool unit_type_supported(UnitType t) {
4488 if (_unlikely_(t < 0))
4489 return false;
4490 if (_unlikely_(t >= _UNIT_TYPE_MAX))
4491 return false;
4492
4493 if (!unit_vtable[t]->supported)
4494 return true;
4495
4496 return unit_vtable[t]->supported();
4497}
4498
8b4305c7
LP		 4499void unit_warn_if_dir_nonempty(Unit *u, const char* where) {
4500 int r;
4501
4502 assert(u);
4503 assert(where);
4504
c2503e35
RH		 4505 if (!unit_log_level_test(u, LOG_NOTICE))
4506 return;
4507
8b4305c7 4508 r = dir_is_empty(where);
3f602115 4509 if (r > 0 || r == -ENOTDIR)
8b4305c7
LP		 4510 return;
4511 if (r < 0) {
4512 log_unit_warning_errno(u, r, "Failed to check directory %s: %m", where);
4513 return;
4514 }
4515
c2503e35
RH		 4516 log_unit_struct(u, LOG_NOTICE,
4517 "MESSAGE_ID=" SD_MESSAGE_OVERMOUNTING_STR,
4518 LOG_UNIT_INVOCATION_ID(u),
4519 LOG_UNIT_MESSAGE(u, "Directory %s to mount over is not empty, mounting anyway.", where),
4520 "WHERE=%s", where);
8b4305c7
LP		 4521}
4522
25cd4964 4523int unit_fail_if_noncanonical(Unit *u, const char* where) {
58d9d89b 4524 _cleanup_free_ char *canonical_where = NULL;
8b4305c7
LP		 4525 int r;
4526
4527 assert(u);
4528 assert(where);
4529
a5648b80 4530 r = chase_symlinks(where, NULL, CHASE_NONEXISTENT, &canonical_where, NULL);
8b4305c7 4531 if (r < 0) {
25cd4964 4532 log_unit_debug_errno(u, r, "Failed to check %s for symlinks, ignoring: %m", where);
8b4305c7
LP		 4533 return 0;
4534 }
25cd4964
AJ		 4535
4536 /* We will happily ignore a trailing slash (or any redundant slashes) */
4537 if (path_equal(where, canonical_where))
8b4305c7
LP		 4538 return 0;
4539
25cd4964 4540 /* No need to mention "." or "..", they would already have been rejected by unit_name_from_path() */
c2503e35
RH		 4541 log_unit_struct(u, LOG_ERR,
4542 "MESSAGE_ID=" SD_MESSAGE_OVERMOUNTING_STR,
4543 LOG_UNIT_INVOCATION_ID(u),
4544 LOG_UNIT_MESSAGE(u, "Mount path %s is not canonical (contains a symlink).", where),
4545 "WHERE=%s", where);
8b4305c7
LP		 4546
4547 return -ELOOP;
4548}
0f13f3bd
LP		 4549
4550bool unit_is_pristine(Unit *u) {
4551 assert(u);
4552
7c65093a 4553 /* Check if the unit already exists or is already around,
0f13f3bd
LP		 4554 * in a number of different ways. Note that to cater for unit
4555 * types such as slice, we are generally fine with units that
e9e8cbc8
ZJS		 4556 * are marked UNIT_LOADED even though nothing was actually
4557 * loaded, as those unit types don't require a file on disk. */
0f13f3bd
LP		 4558
4559 return !(!IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_LOADED) ||
4560 u->fragment_path ||
4561 u->source_path ||
4562 !strv_isempty(u->dropin_paths) ||
0f13f3bd
LP		 4563 u->job ||
4564 u->merged_into);
4565}
291d565a
LP		 4566
4567pid_t unit_control_pid(Unit *u) {
4568 assert(u);
4569
4570 if (UNIT_VTABLE(u)->control_pid)
4571 return UNIT_VTABLE(u)->control_pid(u);
4572
4573 return 0;
4574}
4575
4576pid_t unit_main_pid(Unit *u) {
4577 assert(u);
4578
4579 if (UNIT_VTABLE(u)->main_pid)
4580 return UNIT_VTABLE(u)->main_pid(u);
4581
4582 return 0;
4583}
00d9ef85
LP		 4584
4585static void unit_unref_uid_internal(
4586 Unit *u,
4587 uid_t *ref_uid,
4588 bool destroy_now,
4589 void (*_manager_unref_uid)(Manager *m, uid_t uid, bool destroy_now)) {
4590
4591 assert(u);
4592 assert(ref_uid);
4593 assert(_manager_unref_uid);
4594
4595 /* Generic implementation of both unit_unref_uid() and unit_unref_gid(), under the assumption that uid_t and
4596 * gid_t are actually the same time, with the same validity rules.
4597 *
4598 * Drops a reference to UID/GID from a unit. */
4599
4600 assert_cc(sizeof(uid_t) == sizeof(gid_t));
4601 assert_cc(UID_INVALID == (uid_t) GID_INVALID);
4602
4603 if (!uid_is_valid(*ref_uid))
4604 return;
4605
4606 _manager_unref_uid(u->manager, *ref_uid, destroy_now);
4607 *ref_uid = UID_INVALID;
4608}
4609
b90cf102 4610static void unit_unref_uid(Unit *u, bool destroy_now) {
00d9ef85
LP		 4611 unit_unref_uid_internal(u, &u->ref_uid, destroy_now, manager_unref_uid);
4612}
4613
b90cf102 4614static void unit_unref_gid(Unit *u, bool destroy_now) {
00d9ef85
LP		 4615 unit_unref_uid_internal(u, (uid_t*) &u->ref_gid, destroy_now, manager_unref_gid);
4616}
4617
b90cf102
LP		 4618void unit_unref_uid_gid(Unit *u, bool destroy_now) {
4619 assert(u);
4620
4621 unit_unref_uid(u, destroy_now);
4622 unit_unref_gid(u, destroy_now);
4623}
4624
00d9ef85
LP		 4625static int unit_ref_uid_internal(
4626 Unit *u,
4627 uid_t *ref_uid,
4628 uid_t uid,
4629 bool clean_ipc,
4630 int (*_manager_ref_uid)(Manager *m, uid_t uid, bool clean_ipc)) {
4631
4632 int r;
4633
4634 assert(u);
4635 assert(ref_uid);
4636 assert(uid_is_valid(uid));
4637 assert(_manager_ref_uid);
4638
4639 /* Generic implementation of both unit_ref_uid() and unit_ref_guid(), under the assumption that uid_t and gid_t
4640 * are actually the same type, and have the same validity rules.
4641 *
4642 * Adds a reference on a specific UID/GID to this unit. Each unit referencing the same UID/GID maintains a
4643 * reference so that we can destroy the UID/GID's IPC resources as soon as this is requested and the counter
4644 * drops to zero. */
4645
4646 assert_cc(sizeof(uid_t) == sizeof(gid_t));
4647 assert_cc(UID_INVALID == (uid_t) GID_INVALID);
4648
4649 if (*ref_uid == uid)
4650 return 0;
4651
4652 if (uid_is_valid(*ref_uid)) /* Already set? */
4653 return -EBUSY;
4654
4655 r = _manager_ref_uid(u->manager, uid, clean_ipc);
4656 if (r < 0)
4657 return r;
4658
4659 *ref_uid = uid;
4660 return 1;
4661}
4662
b90cf102 4663static int unit_ref_uid(Unit *u, uid_t uid, bool clean_ipc) {
00d9ef85
LP		 4664 return unit_ref_uid_internal(u, &u->ref_uid, uid, clean_ipc, manager_ref_uid);
4665}
4666
b90cf102 4667static int unit_ref_gid(Unit *u, gid_t gid, bool clean_ipc) {
00d9ef85
LP		 4668 return unit_ref_uid_internal(u, (uid_t*) &u->ref_gid, (uid_t) gid, clean_ipc, manager_ref_gid);
4669}
4670
4671static int unit_ref_uid_gid_internal(Unit *u, uid_t uid, gid_t gid, bool clean_ipc) {
4672 int r = 0, q = 0;
4673
4674 assert(u);
4675
4676 /* Reference both a UID and a GID in one go. Either references both, or neither. */
4677
4678 if (uid_is_valid(uid)) {
4679 r = unit_ref_uid(u, uid, clean_ipc);
4680 if (r < 0)
4681 return r;
4682 }
4683
4684 if (gid_is_valid(gid)) {
4685 q = unit_ref_gid(u, gid, clean_ipc);
4686 if (q < 0) {
4687 if (r > 0)
4688 unit_unref_uid(u, false);
4689
4690 return q;
4691 }
4692 }
4693
4694 return r > 0 || q > 0;
4695}
4696
4697int unit_ref_uid_gid(Unit *u, uid_t uid, gid_t gid) {
4698 ExecContext *c;
4699 int r;
4700
4701 assert(u);
4702
4703 c = unit_get_exec_context(u);
4704
4705 r = unit_ref_uid_gid_internal(u, uid, gid, c ? c->remove_ipc : false);
4706 if (r < 0)
4707 return log_unit_warning_errno(u, r, "Couldn't add UID/GID reference to unit, proceeding without: %m");
4708
4709 return r;
4710}
4711
00d9ef85
LP		 4712void unit_notify_user_lookup(Unit *u, uid_t uid, gid_t gid) {
4713 int r;
4714
4715 assert(u);
4716
4717 /* This is invoked whenever one of the forked off processes let's us know the UID/GID its user name/group names
4718 * resolved to. We keep track of which UID/GID is currently assigned in order to be able to destroy its IPC
4719 * objects when no service references the UID/GID anymore. */
4720
4721 r = unit_ref_uid_gid(u, uid, gid);
4722 if (r > 0)
37d0b962 4723 unit_add_to_dbus_queue(u);
00d9ef85 4724}
4b58153d 4725
4b58153d
LP		 4726int unit_acquire_invocation_id(Unit *u) {
4727 sd_id128_t id;
4728 int r;
4729
4730 assert(u);
4731
4732 r = sd_id128_randomize(&id);
4733 if (r < 0)
4734 return log_unit_error_errno(u, r, "Failed to generate invocation ID for unit: %m");
4735
4736 r = unit_set_invocation_id(u, id);
4737 if (r < 0)
4738 return log_unit_error_errno(u, r, "Failed to set invocation ID for unit: %m");
4739
af92c603 4740 unit_add_to_dbus_queue(u);
4b58153d
LP		 4741 return 0;
4742}
f0d47797 4743
1ad6e8b3
LP		 4744int unit_set_exec_params(Unit *u, ExecParameters *p) {
4745 int r;
4746
7960b0c7
LP		 4747 assert(u);
4748 assert(p);
f0d47797 4749
004c7f16 4750 /* Copy parameters from manager */
1ad6e8b3
LP		 4751 r = manager_get_effective_environment(u->manager, &p->environment);
4752 if (r < 0)
4753 return r;
4754
004c7f16
LP		 4755 p->confirm_spawn = manager_get_confirm_spawn(u->manager);
4756 p->cgroup_supported = u->manager->cgroup_supported;
4757 p->prefix = u->manager->prefix;
4758 SET_FLAG(p->flags, EXEC_PASS_LOG_UNIT|EXEC_CHOWN_DIRECTORIES, MANAGER_IS_SYSTEM(u->manager));
4759
5238e957 4760 /* Copy parameters from unit */
7960b0c7 4761 p->cgroup_path = u->cgroup_path;
1d9cc876 4762 SET_FLAG(p->flags, EXEC_CGROUP_DELEGATE, unit_cgroup_delegate(u));
1ad6e8b3 4763
bb0c0d6f
LP		 4764 p->received_credentials = u->manager->received_credentials;
4765
1ad6e8b3 4766 return 0;
f0d47797 4767}
a79279c7 4768
4c253ed1 4769int unit_fork_helper_process(Unit *u, const char *name, pid_t *ret) {
a79279c7
LP		 4770 int r;
4771
4772 assert(u);
4773 assert(ret);
4774
4775 /* Forks off a helper process and makes sure it is a member of the unit's cgroup. Returns == 0 in the child,
4776 * and > 0 in the parent. The pid parameter is always filled in with the child's PID. */
4777
4778 (void) unit_realize_cgroup(u);
4779
4c253ed1
LP		 4780 r = safe_fork(name, FORK_REOPEN_LOG, ret);
4781 if (r != 0)
4782 return r;
a79279c7 4783
9c274488
LP		 4784 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE);
4785 (void) ignore_signals(SIGPIPE);
a79279c7 4786
4c253ed1 4787 (void) prctl(PR_SET_PDEATHSIG, SIGTERM);
a79279c7 4788
4c253ed1
LP		 4789 if (u->cgroup_path) {
4790 r = cg_attach_everywhere(u->manager->cgroup_supported, u->cgroup_path, 0, NULL, NULL);
4791 if (r < 0) {
4792 log_unit_error_errno(u, r, "Failed to join unit cgroup %s: %m", u->cgroup_path);
4793 _exit(EXIT_CGROUP);
a79279c7 4794 }
a79279c7
LP		 4795 }
4796
4c253ed1 4797 return 0;
a79279c7 4798}
c999cf38 4799
810ef318
YW		 4800int unit_fork_and_watch_rm_rf(Unit *u, char **paths, pid_t *ret_pid) {
4801 pid_t pid;
4802 int r;
4803
4804 assert(u);
4805 assert(ret_pid);
4806
4807 r = unit_fork_helper_process(u, "(sd-rmrf)", &pid);
4808 if (r < 0)
4809 return r;
4810 if (r == 0) {
4811 int ret = EXIT_SUCCESS;
4812 char **i;
4813
4814 STRV_FOREACH(i, paths) {
4815 r = rm_rf(*i, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_MISSING_OK);
4816 if (r < 0) {
4817 log_error_errno(r, "Failed to remove '%s': %m", *i);
4818 ret = EXIT_FAILURE;
4819 }
4820 }
4821
4822 _exit(ret);
4823 }
4824
4825 r = unit_watch_pid(u, pid, true);
4826 if (r < 0)
4827 return r;
4828
4829 *ret_pid = pid;
4830 return 0;
4831}
4832
c999cf38
LP		 4833static void unit_update_dependency_mask(Unit *u, UnitDependency d, Unit *other, UnitDependencyInfo di) {
4834 assert(u);
4835 assert(d >= 0);
4836 assert(d < _UNIT_DEPENDENCY_MAX);
4837 assert(other);
4838
4839 if (di.origin_mask == 0 && di.destination_mask == 0) {
4840 /* No bit set anymore, let's drop the whole entry */
4841 assert_se(hashmap_remove(u->dependencies[d], other));
29a743f9 4842 log_unit_debug(u, "lost dependency %s=%s", unit_dependency_to_string(d), other->id);
c999cf38
LP		 4843 } else
4844 /* Mask was reduced, let's update the entry */
4845 assert_se(hashmap_update(u->dependencies[d], other, di.data) == 0);
4846}
4847
4848void unit_remove_dependencies(Unit *u, UnitDependencyMask mask) {
c999cf38
LP		 4849 assert(u);
4850
4851 /* Removes all dependencies u has on other units marked for ownership by 'mask'. */
4852
4853 if (mask == 0)
4854 return;
4855
f6173cb9 4856 for (UnitDependency d = 0; d < _UNIT_DEPENDENCY_MAX; d++) {
c999cf38
LP		 4857 bool done;
4858
4859 do {
4860 UnitDependencyInfo di;
4861 Unit *other;
c999cf38
LP		 4862
4863 done = true;
4864
90e74a66 4865 HASHMAP_FOREACH_KEY(di.data, other, u->dependencies[d]) {
1d6cc5d0 4866 if (FLAGS_SET(~mask, di.origin_mask))
c999cf38
LP		 4867 continue;
4868 di.origin_mask &= ~mask;
4869 unit_update_dependency_mask(u, d, other, di);
4870
4871 /* We updated the dependency from our unit to the other unit now. But most dependencies
4872 * imply a reverse dependency. Hence, let's delete that one too. For that we go through
4873 * all dependency types on the other unit and delete all those which point to us and
4874 * have the right mask set. */
4875
f6173cb9 4876 for (UnitDependency q = 0; q < _UNIT_DEPENDENCY_MAX; q++) {
c999cf38
LP		 4877 UnitDependencyInfo dj;
4878
4879 dj.data = hashmap_get(other->dependencies[q], u);
1d6cc5d0 4880 if (FLAGS_SET(~mask, dj.destination_mask))
c999cf38
LP		 4881 continue;
4882 dj.destination_mask &= ~mask;
4883
4884 unit_update_dependency_mask(other, q, u, dj);
4885 }
4886
4887 unit_add_to_gc_queue(other);
4888
4889 done = false;
4890 break;
4891 }
4892
4893 } while (!done);
4894 }
4895}
d3070fbd 4896
2f8c48b6
AZ		 4897static int unit_get_invocation_path(Unit *u, char **ret) {
4898 char *p;
4899 int r;
4900
4901 assert(u);
4902 assert(ret);
4903
4904 if (MANAGER_IS_SYSTEM(u->manager))
4905 p = strjoin("/run/systemd/units/invocation:", u->id);
4906 else {
4907 _cleanup_free_ char *user_path = NULL;
4908 r = xdg_user_runtime_dir(&user_path, "/systemd/units/invocation:");
4909 if (r < 0)
4910 return r;
4911 p = strjoin(user_path, u->id);
4912 }
4913
4914 if (!p)
4915 return -ENOMEM;
4916
4917 *ret = p;
4918 return 0;
4919}
4920
d3070fbd 4921static int unit_export_invocation_id(Unit *u) {
2f8c48b6 4922 _cleanup_free_ char *p = NULL;
d3070fbd
LP		 4923 int r;
4924
4925 assert(u);
4926
4927 if (u->exported_invocation_id)
4928 return 0;
4929
4930 if (sd_id128_is_null(u->invocation_id))
4931 return 0;
4932
2f8c48b6
AZ		 4933 r = unit_get_invocation_path(u, &p);
4934 if (r < 0)
4935 return log_unit_debug_errno(u, r, "Failed to get invocation path: %m");
4936
a3f5fd96 4937 r = symlink_atomic_label(u->invocation_id_string, p);
d3070fbd
LP		 4938 if (r < 0)
4939 return log_unit_debug_errno(u, r, "Failed to create invocation ID symlink %s: %m", p);
4940
4941 u->exported_invocation_id = true;
4942 return 0;
4943}
4944
4945static int unit_export_log_level_max(Unit *u, const ExecContext *c) {
4946 const char *p;
4947 char buf[2];
4948 int r;
4949
4950 assert(u);
4951 assert(c);
4952
4953 if (u->exported_log_level_max)
4954 return 0;
4955
4956 if (c->log_level_max < 0)
4957 return 0;
4958
4959 assert(c->log_level_max <= 7);
4960
4961 buf[0] = '0' + c->log_level_max;
4962 buf[1] = 0;
4963
4964 p = strjoina("/run/systemd/units/log-level-max:", u->id);
4965 r = symlink_atomic(buf, p);
4966 if (r < 0)
4967 return log_unit_debug_errno(u, r, "Failed to create maximum log level symlink %s: %m", p);
4968
4969 u->exported_log_level_max = true;
4970 return 0;
4971}
4972
4973static int unit_export_log_extra_fields(Unit *u, const ExecContext *c) {
4974 _cleanup_close_ int fd = -1;
4975 struct iovec *iovec;
4976 const char *p;
4977 char *pattern;
4978 le64_t *sizes;
4979 ssize_t n;
d3070fbd
LP		 4980 int r;
4981
4982 if (u->exported_log_extra_fields)
4983 return 0;
4984
4985 if (c->n_log_extra_fields <= 0)
4986 return 0;
4987
4988 sizes = newa(le64_t, c->n_log_extra_fields);
4989 iovec = newa(struct iovec, c->n_log_extra_fields * 2);
4990
12375b95 4991 for (size_t i = 0; i < c->n_log_extra_fields; i++) {
d3070fbd
LP		 4992 sizes[i] = htole64(c->log_extra_fields[i].iov_len);
4993
4994 iovec[i*2] = IOVEC_MAKE(sizes + i, sizeof(le64_t));
4995 iovec[i*2+1] = c->log_extra_fields[i];
4996 }
4997
4998 p = strjoina("/run/systemd/units/log-extra-fields:", u->id);
4999 pattern = strjoina(p, ".XXXXXX");
5000
5001 fd = mkostemp_safe(pattern);
5002 if (fd < 0)
5003 return log_unit_debug_errno(u, fd, "Failed to create extra fields file %s: %m", p);
5004
5005 n = writev(fd, iovec, c->n_log_extra_fields*2);
5006 if (n < 0) {
5007 r = log_unit_debug_errno(u, errno, "Failed to write extra fields: %m");
5008 goto fail;
5009 }
5010
5011 (void) fchmod(fd, 0644);
5012
5013 if (rename(pattern, p) < 0) {
5014 r = log_unit_debug_errno(u, errno, "Failed to rename extra fields file: %m");
5015 goto fail;
5016 }
5017
5018 u->exported_log_extra_fields = true;
5019 return 0;
5020
5021fail:
5022 (void) unlink(pattern);
5023 return r;
5024}
5025
5ac1530e 5026static int unit_export_log_ratelimit_interval(Unit *u, const ExecContext *c) {
90fc172e
AZ		 5027 _cleanup_free_ char *buf = NULL;
5028 const char *p;
5029 int r;
5030
5031 assert(u);
5032 assert(c);
5033
5ac1530e 5034 if (u->exported_log_ratelimit_interval)
90fc172e
AZ		 5035 return 0;
5036
5ac1530e 5037 if (c->log_ratelimit_interval_usec == 0)
90fc172e
AZ		 5038 return 0;
5039
5040 p = strjoina("/run/systemd/units/log-rate-limit-interval:", u->id);
5041
5ac1530e 5042 if (asprintf(&buf, "%" PRIu64, c->log_ratelimit_interval_usec) < 0)
90fc172e
AZ		 5043 return log_oom();
5044
5045 r = symlink_atomic(buf, p);
5046 if (r < 0)
5047 return log_unit_debug_errno(u, r, "Failed to create log rate limit interval symlink %s: %m", p);
5048
5ac1530e 5049 u->exported_log_ratelimit_interval = true;
90fc172e
AZ		 5050 return 0;
5051}
5052
5ac1530e 5053static int unit_export_log_ratelimit_burst(Unit *u, const ExecContext *c) {
90fc172e
AZ		 5054 _cleanup_free_ char *buf = NULL;
5055 const char *p;
5056 int r;
5057
5058 assert(u);
5059 assert(c);
5060
5ac1530e 5061 if (u->exported_log_ratelimit_burst)
90fc172e
AZ		 5062 return 0;
5063
5ac1530e 5064 if (c->log_ratelimit_burst == 0)
90fc172e
AZ		 5065 return 0;
5066
5067 p = strjoina("/run/systemd/units/log-rate-limit-burst:", u->id);
5068
5ac1530e 5069 if (asprintf(&buf, "%u", c->log_ratelimit_burst) < 0)
90fc172e
AZ		 5070 return log_oom();
5071
5072 r = symlink_atomic(buf, p);
5073 if (r < 0)
5074 return log_unit_debug_errno(u, r, "Failed to create log rate limit burst symlink %s: %m", p);
5075
5ac1530e 5076 u->exported_log_ratelimit_burst = true;
90fc172e
AZ		 5077 return 0;
5078}
5079
d3070fbd
LP		 5080void unit_export_state_files(Unit *u) {
5081 const ExecContext *c;
5082
5083 assert(u);
5084
5085 if (!u->id)
5086 return;
5087
638cece4 5088 if (MANAGER_IS_TEST_RUN(u->manager))
8f632531
LP		 5089 return;
5090
d3070fbd
LP		 5091 /* Exports a couple of unit properties to /run/systemd/units/, so that journald can quickly query this data
5092 * from there. Ideally, journald would use IPC to query this, like everybody else, but that's hard, as long as
5093 * the IPC system itself and PID 1 also log to the journal.
5094 *
5095 * Note that these files really shouldn't be considered API for anyone else, as use a runtime file system as
5096 * IPC replacement is not compatible with today's world of file system namespaces. However, this doesn't really
5097 * apply to communication between the journal and systemd, as we assume that these two daemons live in the same
5098 * namespace at least.
5099 *
5100 * Note that some of the "files" exported here are actually symlinks and not regular files. Symlinks work
5101 * better for storing small bits of data, in particular as we can write them with two system calls, and read
5102 * them with one. */
5103
5104 (void) unit_export_invocation_id(u);
5105
2f8c48b6
AZ		 5106 if (!MANAGER_IS_SYSTEM(u->manager))
5107 return;
5108
d3070fbd
LP		 5109 c = unit_get_exec_context(u);
5110 if (c) {
5111 (void) unit_export_log_level_max(u, c);
5112 (void) unit_export_log_extra_fields(u, c);
5ac1530e
ZJS		 5113 (void) unit_export_log_ratelimit_interval(u, c);
5114 (void) unit_export_log_ratelimit_burst(u, c);
d3070fbd
LP		 5115 }
5116}
5117
5118void unit_unlink_state_files(Unit *u) {
5119 const char *p;
5120
5121 assert(u);
5122
5123 if (!u->id)
5124 return;
5125
d3070fbd
LP		 5126 /* Undoes the effect of unit_export_state() */
5127
5128 if (u->exported_invocation_id) {
2f8c48b6
AZ		 5129 _cleanup_free_ char *invocation_path = NULL;
5130 int r = unit_get_invocation_path(u, &invocation_path);
5131 if (r >= 0) {
5132 (void) unlink(invocation_path);
5133 u->exported_invocation_id = false;
5134 }
d3070fbd
LP		 5135 }
5136
2f8c48b6
AZ		 5137 if (!MANAGER_IS_SYSTEM(u->manager))
5138 return;
5139
d3070fbd
LP		 5140 if (u->exported_log_level_max) {
5141 p = strjoina("/run/systemd/units/log-level-max:", u->id);
5142 (void) unlink(p);
5143
5144 u->exported_log_level_max = false;
5145 }
5146
5147 if (u->exported_log_extra_fields) {
5148 p = strjoina("/run/systemd/units/extra-fields:", u->id);
5149 (void) unlink(p);
5150
5151 u->exported_log_extra_fields = false;
5152 }
90fc172e 5153
5ac1530e 5154 if (u->exported_log_ratelimit_interval) {
90fc172e
AZ		 5155 p = strjoina("/run/systemd/units/log-rate-limit-interval:", u->id);
5156 (void) unlink(p);
5157
5ac1530e 5158 u->exported_log_ratelimit_interval = false;
90fc172e
AZ		 5159 }
5160
5ac1530e 5161 if (u->exported_log_ratelimit_burst) {
90fc172e
AZ		 5162 p = strjoina("/run/systemd/units/log-rate-limit-burst:", u->id);
5163 (void) unlink(p);
5164
5ac1530e 5165 u->exported_log_ratelimit_burst = false;
90fc172e 5166 }
d3070fbd 5167}
5afe510c 5168
3c7416b6
LP		 5169int unit_prepare_exec(Unit *u) {
5170 int r;
5171
5172 assert(u);
5173
fab34748
KL		 5174 /* Load any custom firewall BPF programs here once to test if they are existing and actually loadable.
5175 * Fail here early since later errors in the call chain unit_realize_cgroup to cgroup_context_apply are ignored. */
5176 r = bpf_firewall_load_custom(u);
5177 if (r < 0)
5178 return r;
5179
3c7416b6
LP		 5180 /* Prepares everything so that we can fork of a process for this unit */
5181
5182 (void) unit_realize_cgroup(u);
5183
5184 if (u->reset_accounting) {
9b2559a1 5185 (void) unit_reset_accounting(u);
3c7416b6
LP		 5186 u->reset_accounting = false;
5187 }
5188
5189 unit_export_state_files(u);
5190
5191 r = unit_setup_exec_runtime(u);
5192 if (r < 0)
5193 return r;
5194
5195 r = unit_setup_dynamic_creds(u);
5196 if (r < 0)
5197 return r;
5198
5199 return 0;
5200}
5201
4c425434
LP		 5202static bool ignore_leftover_process(const char *comm) {
5203 return comm && comm[0] == '('; /* Most likely our own helper process (PAM?), ignore */
5204}
5205
5206int unit_log_leftover_process_start(pid_t pid, int sig, void *userdata) {
a4634b21
LP		 5207 _cleanup_free_ char *comm = NULL;
5208
5209 (void) get_process_comm(pid, &comm);
5210
4c425434 5211 if (ignore_leftover_process(comm))
c53d2d54 5212 return 0;
a4634b21 5213
4c425434
LP		 5214 /* During start we print a warning */
5215
a4634b21
LP		 5216 log_unit_warning(userdata,
5217 "Found left-over process " PID_FMT " (%s) in control group while starting unit. Ignoring.\n"
5218 "This usually indicates unclean termination of a previous run, or service implementation deficiencies.",
5219 pid, strna(comm));
c53d2d54
DB		 5220
5221 return 1;
a4634b21
LP		 5222}
5223
4c425434
LP		 5224int unit_log_leftover_process_stop(pid_t pid, int sig, void *userdata) {
5225 _cleanup_free_ char *comm = NULL;
5226
5227 (void) get_process_comm(pid, &comm);
5228
5229 if (ignore_leftover_process(comm))
5230 return 0;
5231
5232 /* During stop we only print an informational message */
5233
5234 log_unit_info(userdata,
5235 "Unit process " PID_FMT " (%s) remains running after unit stopped.",
5236 pid, strna(comm));
5237
5238 return 1;
5239}
5240
5241int unit_warn_leftover_processes(Unit *u, cg_kill_log_func_t log_func) {
a4634b21
LP		 5242 assert(u);
5243
5244 (void) unit_pick_cgroup_path(u);
5245
5246 if (!u->cgroup_path)
c53d2d54 5247 return 0;
a4634b21 5248
4c425434 5249 return cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, 0, 0, NULL, log_func, u);
a4634b21
LP		 5250}
5251
bb2c7685
LP		 5252bool unit_needs_console(Unit *u) {
5253 ExecContext *ec;
5254 UnitActiveState state;
5255
5256 assert(u);
5257
5258 state = unit_active_state(u);
5259
5260 if (UNIT_IS_INACTIVE_OR_FAILED(state))
5261 return false;
5262
5263 if (UNIT_VTABLE(u)->needs_console)
5264 return UNIT_VTABLE(u)->needs_console(u);
5265
5266 /* If this unit type doesn't implement this call, let's use a generic fallback implementation: */
5267 ec = unit_get_exec_context(u);
5268 if (!ec)
5269 return false;
5270
5271 return exec_context_may_touch_console(ec);
5272}
5273
f156e60c 5274const char *unit_label_path(const Unit *u) {
81e9871e
LP		 5275 const char *p;
5276
f156e60c
CG		 5277 assert(u);
5278
81e9871e
LP		 5279 /* Returns the file system path to use for MAC access decisions, i.e. the file to read the SELinux label off
5280 * when validating access checks. */
5281
5282 p = u->source_path ?: u->fragment_path;
5283 if (!p)
5284 return NULL;
5285
5286 /* If a unit is masked, then don't read the SELinux label of /dev/null, as that really makes no sense */
640f3b14 5287 if (null_or_empty_path(p) > 0)
81e9871e
LP		 5288 return NULL;
5289
5290 return p;
5291}
5292
6592b975
LP		 5293int unit_pid_attachable(Unit *u, pid_t pid, sd_bus_error *error) {
5294 int r;
5295
5296 assert(u);
5297
5298 /* Checks whether the specified PID is generally good for attaching, i.e. a valid PID, not our manager itself,
5299 * and not a kernel thread either */
5300
5301 /* First, a simple range check */
5302 if (!pid_is_valid(pid))
5303 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Process identifier " PID_FMT " is not valid.", pid);
5304
5305 /* Some extra safety check */
5306 if (pid == 1 || pid == getpid_cached())
3fe91079 5307 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Process " PID_FMT " is a manager process, refusing.", pid);
6592b975
LP		 5308
5309 /* Don't even begin to bother with kernel threads */
5310 r = is_kernel_thread(pid);
5311 if (r == -ESRCH)
5312 return sd_bus_error_setf(error, SD_BUS_ERROR_UNIX_PROCESS_ID_UNKNOWN, "Process with ID " PID_FMT " does not exist.", pid);
5313 if (r < 0)
5314 return sd_bus_error_set_errnof(error, r, "Failed to determine whether process " PID_FMT " is a kernel thread: %m", pid);
5315 if (r > 0)
5316 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Process " PID_FMT " is a kernel thread, refusing.", pid);
5317
5318 return 0;
5319}
5320
523ee2d4
LP		 5321void unit_log_success(Unit *u) {
5322 assert(u);
5323
c2503e35
RH		 5324 log_unit_struct(u, LOG_INFO,
5325 "MESSAGE_ID=" SD_MESSAGE_UNIT_SUCCESS_STR,
5326 LOG_UNIT_INVOCATION_ID(u),
5327 LOG_UNIT_MESSAGE(u, "Deactivated successfully."));
523ee2d4
LP		 5328}
5329
7c047d74
LP		 5330void unit_log_failure(Unit *u, const char *result) {
5331 assert(u);
5332 assert(result);
5333
c2503e35
RH		 5334 log_unit_struct(u, LOG_WARNING,
5335 "MESSAGE_ID=" SD_MESSAGE_UNIT_FAILURE_RESULT_STR,
5336 LOG_UNIT_INVOCATION_ID(u),
5337 LOG_UNIT_MESSAGE(u, "Failed with result '%s'.", result),
5338 "UNIT_RESULT=%s", result);
7c047d74
LP		 5339}
5340
31cd5f63
AZ		 5341void unit_log_skip(Unit *u, const char *result) {
5342 assert(u);
5343 assert(result);
5344
c2503e35
RH		 5345 log_unit_struct(u, LOG_INFO,
5346 "MESSAGE_ID=" SD_MESSAGE_UNIT_SKIPPED_STR,
5347 LOG_UNIT_INVOCATION_ID(u),
5348 LOG_UNIT_MESSAGE(u, "Skipped due to '%s'.", result),
5349 "UNIT_RESULT=%s", result);
31cd5f63
AZ		 5350}
5351
91bbd9b7
LP		 5352void unit_log_process_exit(
5353 Unit *u,
91bbd9b7
LP		 5354 const char *kind,
5355 const char *command,
5cc2cd1c 5356 bool success,
91bbd9b7
LP		 5357 int code,
5358 int status) {
5359
5cc2cd1c
ZJS		 5360 int level;
5361
91bbd9b7
LP		 5362 assert(u);
5363 assert(kind);
5364
5cc2cd1c
ZJS		 5365 /* If this is a successful exit, let's log about the exit code on DEBUG level. If this is a failure
5366 * and the process exited on its own via exit(), then let's make this a NOTICE, under the assumption
5367 * that the service already logged the reason at a higher log level on its own. Otherwise, make it a
5368 * WARNING. */
5369 if (success)
5370 level = LOG_DEBUG;
5371 else if (code == CLD_EXITED)
5372 level = LOG_NOTICE;
5373 else
91bbd9b7
LP		 5374 level = LOG_WARNING;
5375
c2503e35
RH		 5376 log_unit_struct(u, level,
5377 "MESSAGE_ID=" SD_MESSAGE_UNIT_PROCESS_EXIT_STR,
5378 LOG_UNIT_MESSAGE(u, "%s exited, code=%s, status=%i/%s",
5379 kind,
5380 sigchld_code_to_string(code), status,
5381 strna(code == CLD_EXITED
5382 ? exit_status_to_string(status, EXIT_STATUS_FULL)
5383 : signal_to_string(status))),
5384 "EXIT_CODE=%s", sigchld_code_to_string(code),
5385 "EXIT_STATUS=%i", status,
5386 "COMMAND=%s", strna(command),
5387 LOG_UNIT_INVOCATION_ID(u));
91bbd9b7
LP		 5388}
5389
7af67e9a
LP		 5390int unit_exit_status(Unit *u) {
5391 assert(u);
5392
5393 /* Returns the exit status to propagate for the most recent cycle of this unit. Returns a value in the range
5394 * 0…255 if there's something to propagate. EOPNOTSUPP if the concept does not apply to this unit type, ENODATA
5395 * if no data is currently known (for example because the unit hasn't deactivated yet) and EBADE if the main
5396 * service process has exited abnormally (signal/coredump). */
5397
5398 if (!UNIT_VTABLE(u)->exit_status)
5399 return -EOPNOTSUPP;
5400
5401 return UNIT_VTABLE(u)->exit_status(u);
5402}
5403
5404int unit_failure_action_exit_status(Unit *u) {
5405 int r;
5406
5407 assert(u);
5408
5409 /* Returns the exit status to propagate on failure, or an error if there's nothing to propagate */
5410
5411 if (u->failure_action_exit_status >= 0)
5412 return u->failure_action_exit_status;
5413
5414 r = unit_exit_status(u);
5415 if (r == -EBADE) /* Exited, but not cleanly (i.e. by signal or such) */
5416 return 255;
5417
5418 return r;
5419}
5420
5421int unit_success_action_exit_status(Unit *u) {
5422 int r;
5423
5424 assert(u);
5425
5426 /* Returns the exit status to propagate on success, or an error if there's nothing to propagate */
5427
5428 if (u->success_action_exit_status >= 0)
5429 return u->success_action_exit_status;
5430
5431 r = unit_exit_status(u);
5432 if (r == -EBADE) /* Exited, but not cleanly (i.e. by signal or such) */
5433 return 255;
5434
5435 return r;
5436}
5437
a4191c9f
LP		 5438int unit_test_trigger_loaded(Unit *u) {
5439 Unit *trigger;
5440
5441 /* Tests whether the unit to trigger is loaded */
5442
5443 trigger = UNIT_TRIGGER(u);
5444 if (!trigger)
e7b9f4d9
ZJS		 5445 return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOENT),
5446 "Refusing to start, no unit to trigger.");
a4191c9f 5447 if (trigger->load_state != UNIT_LOADED)
e7b9f4d9
ZJS		 5448 return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOENT),
5449 "Refusing to start, unit %s to trigger not loaded.", trigger->id);
a4191c9f
LP		 5450
5451 return 0;
5452}
5453
bb0c0d6f
LP		 5454void unit_destroy_runtime_data(Unit *u, const ExecContext *context) {
5455 assert(u);
5456 assert(context);
5457
95939aed
YW		 5458 if (context->runtime_directory_preserve_mode == EXEC_PRESERVE_NO ||
5459 (context->runtime_directory_preserve_mode == EXEC_PRESERVE_RESTART && !unit_will_restart(u)))
5460 exec_context_destroy_runtime_directory(context, u->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
bb0c0d6f
LP		 5461
5462 exec_context_destroy_credentials(context, u->manager->prefix[EXEC_DIRECTORY_RUNTIME], u->id);
95939aed
YW		 5463}
5464
380dc8b0
LP		 5465int unit_clean(Unit *u, ExecCleanMask mask) {
5466 UnitActiveState state;
5467
5468 assert(u);
5469
5470 /* Special return values:
5471 *
5472 * -EOPNOTSUPP → cleaning not supported for this unit type
5473 * -EUNATCH → cleaning not defined for this resource type
5474 * -EBUSY → unit currently can't be cleaned since it's running or not properly loaded, or has
5475 * a job queued or similar
5476 */
5477
5478 if (!UNIT_VTABLE(u)->clean)
5479 return -EOPNOTSUPP;
5480
5481 if (mask == 0)
5482 return -EUNATCH;
5483
5484 if (u->load_state != UNIT_LOADED)
5485 return -EBUSY;
5486
5487 if (u->job)
5488 return -EBUSY;
5489
5490 state = unit_active_state(u);
5491 if (!IN_SET(state, UNIT_INACTIVE))
5492 return -EBUSY;
5493
5494 return UNIT_VTABLE(u)->clean(u, mask);
5495}
5496
5497int unit_can_clean(Unit *u, ExecCleanMask *ret) {
5498 assert(u);
5499
5500 if (!UNIT_VTABLE(u)->clean ||
5501 u->load_state != UNIT_LOADED) {
5502 *ret = 0;
5503 return 0;
5504 }
5505
5506 /* When the clean() method is set, can_clean() really should be set too */
5507 assert(UNIT_VTABLE(u)->can_clean);
5508
5509 return UNIT_VTABLE(u)->can_clean(u, ret);
5510}
5511
d9e45bc3
MS		 5512bool unit_can_freeze(Unit *u) {
5513 assert(u);
5514
5515 if (UNIT_VTABLE(u)->can_freeze)
5516 return UNIT_VTABLE(u)->can_freeze(u);
5517
5518 return UNIT_VTABLE(u)->freeze;
5519}
5520
5521void unit_frozen(Unit *u) {
5522 assert(u);
5523
5524 u->freezer_state = FREEZER_FROZEN;
5525
5526 bus_unit_send_pending_freezer_message(u);
5527}
5528
5529void unit_thawed(Unit *u) {
5530 assert(u);
5531
5532 u->freezer_state = FREEZER_RUNNING;
5533
5534 bus_unit_send_pending_freezer_message(u);
5535}
5536
5537static int unit_freezer_action(Unit *u, FreezerAction action) {
5538 UnitActiveState s;
5539 int (*method)(Unit*);
5540 int r;
5541
5542 assert(u);
5543 assert(IN_SET(action, FREEZER_FREEZE, FREEZER_THAW));
5544
5545 method = action == FREEZER_FREEZE ? UNIT_VTABLE(u)->freeze : UNIT_VTABLE(u)->thaw;
5546 if (!method || !cg_freezer_supported())
5547 return -EOPNOTSUPP;
5548
5549 if (u->job)
5550 return -EBUSY;
5551
5552 if (u->load_state != UNIT_LOADED)
5553 return -EHOSTDOWN;
5554
5555 s = unit_active_state(u);
5556 if (s != UNIT_ACTIVE)
5557 return -EHOSTDOWN;
5558
5559 if (IN_SET(u->freezer_state, FREEZER_FREEZING, FREEZER_THAWING))
5560 return -EALREADY;
5561
5562 r = method(u);
5563 if (r <= 0)
5564 return r;
5565
5566 return 1;
5567}
5568
5569int unit_freeze(Unit *u) {
5570 return unit_freezer_action(u, FREEZER_FREEZE);
5571}
5572
5573int unit_thaw(Unit *u) {
5574 return unit_freezer_action(u, FREEZER_THAW);
5575}
5576
5577/* Wrappers around low-level cgroup freezer operations common for service and scope units */
5578int unit_freeze_vtable_common(Unit *u) {
5579 return unit_cgroup_freezer_action(u, FREEZER_FREEZE);
5580}
5581
5582int unit_thaw_vtable_common(Unit *u) {
5583 return unit_cgroup_freezer_action(u, FREEZER_THAW);
5584}
5585
5afe510c
LP		 5586static const char* const collect_mode_table[_COLLECT_MODE_MAX] = {
5587 [COLLECT_INACTIVE] = "inactive",
5588 [COLLECT_INACTIVE_OR_FAILED] = "inactive-or-failed",
5589};
5590
5591DEFINE_STRING_TABLE_LOOKUP(collect_mode, CollectMode);
Unnamed repository; edit this file 'description' to name the repository.