1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
7 #include <sys/inotify.h>
10 #include <sys/reboot.h>
11 #include <sys/timerfd.h>
12 #include <sys/utsname.h>
20 #include "sd-daemon.h"
21 #include "sd-messages.h"
24 #include "all-units.h"
25 #include "alloc-util.h"
27 #include "boot-timestamps.h"
28 #include "build-path.h"
29 #include "bus-common-errors.h"
30 #include "bus-error.h"
31 #include "bus-kernel.h"
33 #include "clean-ipc.h"
34 #include "clock-util.h"
35 #include "common-signal.h"
36 #include "confidential-virt.h"
37 #include "constants.h"
38 #include "core-varlink.h"
39 #include "creds-util.h"
41 #include "dbus-manager.h"
42 #include "dbus-unit.h"
44 #include "dirent-util.h"
47 #include "event-util.h"
48 #include "exec-util.h"
50 #include "exit-status.h"
53 #include "generator-setup.h"
55 #include "initrd-util.h"
56 #include "inotify-util.h"
59 #include "label-util.h"
60 #include "load-fragment.h"
61 #include "locale-setup.h"
65 #include "manager-dump.h"
66 #include "manager-serialize.h"
67 #include "memory-util.h"
68 #include "mkdir-label.h"
69 #include "mount-util.h"
71 #include "parse-util.h"
72 #include "path-lookup.h"
73 #include "path-util.h"
74 #include "plymouth-util.h"
75 #include "pretty-print.h"
76 #include "process-util.h"
78 #include "ratelimit.h"
79 #include "rlimit-util.h"
81 #include "selinux-util.h"
82 #include "signal-util.h"
83 #include "socket-util.h"
85 #include "stat-util.h"
86 #include "string-table.h"
87 #include "string-util.h"
90 #include "sysctl-util.h"
91 #include "syslog-util.h"
92 #include "terminal-util.h"
93 #include "time-util.h"
94 #include "transaction.h"
95 #include "uid-range.h"
96 #include "umask-util.h"
97 #include "unit-name.h"
98 #include "user-util.h"
100 #include "watchdog.h"
102 #define NOTIFY_RCVBUF_SIZE (8*1024*1024)
103 #define CGROUPS_AGENT_RCVBUF_SIZE (8*1024*1024)
105 /* Initial delay and the interval for printing status messages about running jobs */
106 #define JOBS_IN_PROGRESS_WAIT_USEC (2*USEC_PER_SEC)
107 #define JOBS_IN_PROGRESS_QUIET_WAIT_USEC (25*USEC_PER_SEC)
108 #define JOBS_IN_PROGRESS_PERIOD_USEC (USEC_PER_SEC / 3)
109 #define JOBS_IN_PROGRESS_PERIOD_DIVISOR 3
111 /* If there are more than 1K bus messages queue across our API and direct buses, then let's not add more on top until
112 * the queue gets more empty. */
113 #define MANAGER_BUS_BUSY_THRESHOLD 1024LU
115 /* How many units and jobs to process of the bus queue before returning to the event loop. */
116 #define MANAGER_BUS_MESSAGE_BUDGET 100U
118 #define DEFAULT_TASKS_MAX ((CGroupTasksMax) { 15U, 100U }) /* 15% */
120 static int manager_dispatch_notify_fd(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
);
121 static int manager_dispatch_cgroups_agent_fd(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
);
122 static int manager_dispatch_signal_fd(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
);
123 static int manager_dispatch_time_change_fd(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
);
124 static int manager_dispatch_idle_pipe_fd(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
);
125 static int manager_dispatch_user_lookup_fd(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
);
126 static int manager_dispatch_jobs_in_progress(sd_event_source
*source
, usec_t usec
, void *userdata
);
127 static int manager_dispatch_run_queue(sd_event_source
*source
, void *userdata
);
128 static int manager_dispatch_sigchld(sd_event_source
*source
, void *userdata
);
129 static int manager_dispatch_timezone_change(sd_event_source
*source
, const struct inotify_event
*event
, void *userdata
);
130 static int manager_run_environment_generators(Manager
*m
);
131 static int manager_run_generators(Manager
*m
);
132 static void manager_vacuum(Manager
*m
);
134 static usec_t
manager_watch_jobs_next_time(Manager
*m
) {
137 if (MANAGER_IS_USER(m
))
138 /* Let the user manager without a timeout show status quickly, so the system manager can make
139 * use of it, if it wants to. */
140 timeout
= JOBS_IN_PROGRESS_WAIT_USEC
* 2 / 3;
141 else if (show_status_on(m
->show_status
))
142 /* When status is on, just use the usual timeout. */
143 timeout
= JOBS_IN_PROGRESS_WAIT_USEC
;
145 timeout
= JOBS_IN_PROGRESS_QUIET_WAIT_USEC
;
147 return usec_add(now(CLOCK_MONOTONIC
), timeout
);
150 static bool manager_is_confirm_spawn_disabled(Manager
*m
) {
153 if (!m
->confirm_spawn
)
156 return access("/run/systemd/confirm_spawn_disabled", F_OK
) >= 0;
159 static void manager_watch_jobs_in_progress(Manager
*m
) {
165 /* We do not want to show the cylon animation if the user
166 * needs to confirm service executions otherwise confirmation
167 * messages will be screwed by the cylon animation. */
168 if (!manager_is_confirm_spawn_disabled(m
))
171 if (m
->jobs_in_progress_event_source
)
174 next
= manager_watch_jobs_next_time(m
);
175 r
= sd_event_add_time(
177 &m
->jobs_in_progress_event_source
,
180 manager_dispatch_jobs_in_progress
, m
);
184 (void) sd_event_source_set_description(m
->jobs_in_progress_event_source
, "manager-jobs-in-progress");
187 static void manager_flip_auto_status(Manager
*m
, bool enable
, const char *reason
) {
191 if (m
->show_status
== SHOW_STATUS_AUTO
)
192 manager_set_show_status(m
, SHOW_STATUS_TEMPORARY
, reason
);
194 if (m
->show_status
== SHOW_STATUS_TEMPORARY
)
195 manager_set_show_status(m
, SHOW_STATUS_AUTO
, reason
);
199 static void manager_print_jobs_in_progress(Manager
*m
) {
201 unsigned counter
= 0, print_nr
;
202 char cylon
[6 + CYLON_BUFFER_EXTRA
+ 1];
204 uint64_t timeout
= 0;
207 assert(m
->n_running_jobs
> 0);
209 manager_flip_auto_status(m
, true, "delay");
211 print_nr
= (m
->jobs_in_progress_iteration
/ JOBS_IN_PROGRESS_PERIOD_DIVISOR
) % m
->n_running_jobs
;
213 HASHMAP_FOREACH(j
, m
->jobs
)
214 if (j
->state
== JOB_RUNNING
&& counter
++ == print_nr
)
217 /* m->n_running_jobs must be consistent with the contents of m->jobs,
218 * so the above loop must have succeeded in finding j. */
219 assert(counter
== print_nr
+ 1);
222 cylon_pos
= m
->jobs_in_progress_iteration
% 14;
224 cylon_pos
= 14 - cylon_pos
;
225 draw_cylon(cylon
, sizeof(cylon
), 6, cylon_pos
);
227 m
->jobs_in_progress_iteration
++;
229 char job_of_n
[STRLEN("( of ) ") + DECIMAL_STR_MAX(unsigned)*2] = "";
230 if (m
->n_running_jobs
> 1)
231 xsprintf(job_of_n
, "(%u of %u) ", counter
, m
->n_running_jobs
);
233 (void) job_get_timeout(j
, &timeout
);
235 /* We want to use enough information for the user to identify previous lines talking about the same
236 * unit, but keep the message as short as possible. So if 'Starting foo.service' or 'Starting
237 * foo.service - Description' were used, 'foo.service' is enough here. On the other hand, if we used
238 * 'Starting Description' before, then we shall also use 'Description' here. So we pass NULL as the
239 * second argument to unit_status_string(). */
240 const char *ident
= unit_status_string(j
->unit
, NULL
);
242 const char *time
= FORMAT_TIMESPAN(now(CLOCK_MONOTONIC
) - j
->begin_usec
, 1*USEC_PER_SEC
);
243 const char *limit
= timeout
> 0 ? FORMAT_TIMESPAN(timeout
- j
->begin_usec
, 1*USEC_PER_SEC
) : "no limit";
245 if (m
->status_unit_format
== STATUS_UNIT_FORMAT_DESCRIPTION
)
246 /* When using 'Description', we effectively don't have enough space to show the nested status
247 * without ellipsization, so let's not even try. */
248 manager_status_printf(m
, STATUS_TYPE_EPHEMERAL
, cylon
,
249 "%sA %s job is running for %s (%s / %s)",
251 job_type_to_string(j
->type
),
255 const char *status_text
= unit_status_text(j
->unit
);
257 manager_status_printf(m
, STATUS_TYPE_EPHEMERAL
, cylon
,
258 "%sJob %s/%s running (%s / %s)%s%s",
261 job_type_to_string(j
->type
),
263 status_text
? ": " : "",
264 strempty(status_text
));
267 (void) sd_notifyf(/* unset_environment= */ false,
268 "STATUS=%sUser job %s/%s running (%s / %s)...",
270 ident
, job_type_to_string(j
->type
),
272 m
->status_ready
= false;
275 static int have_ask_password(void) {
276 _cleanup_closedir_
DIR *dir
= NULL
;
278 dir
= opendir("/run/systemd/ask-password");
286 FOREACH_DIRENT_ALL(de
, dir
, return -errno
)
287 if (startswith(de
->d_name
, "ask."))
292 static int manager_dispatch_ask_password_fd(sd_event_source
*source
,
293 int fd
, uint32_t revents
, void *userdata
) {
294 Manager
*m
= ASSERT_PTR(userdata
);
298 m
->have_ask_password
= have_ask_password();
299 if (m
->have_ask_password
< 0)
300 /* Log error but continue. Negative have_ask_password
301 * is treated as unknown status. */
302 log_error_errno(m
->have_ask_password
, "Failed to list /run/systemd/ask-password: %m");
307 static void manager_close_ask_password(Manager
*m
) {
310 m
->ask_password_event_source
= sd_event_source_disable_unref(m
->ask_password_event_source
);
311 m
->ask_password_inotify_fd
= safe_close(m
->ask_password_inotify_fd
);
312 m
->have_ask_password
= -EINVAL
;
315 static int manager_check_ask_password(Manager
*m
) {
320 if (!m
->ask_password_event_source
) {
321 assert(m
->ask_password_inotify_fd
< 0);
323 (void) mkdir_p_label("/run/systemd/ask-password", 0755);
325 m
->ask_password_inotify_fd
= inotify_init1(IN_NONBLOCK
|IN_CLOEXEC
);
326 if (m
->ask_password_inotify_fd
< 0)
327 return log_error_errno(errno
, "Failed to create inotify object: %m");
329 r
= inotify_add_watch_and_warn(m
->ask_password_inotify_fd
,
330 "/run/systemd/ask-password",
331 IN_CREATE
|IN_DELETE
|IN_MOVE
);
333 manager_close_ask_password(m
);
337 r
= sd_event_add_io(m
->event
, &m
->ask_password_event_source
,
338 m
->ask_password_inotify_fd
, EPOLLIN
,
339 manager_dispatch_ask_password_fd
, m
);
341 log_error_errno(r
, "Failed to add event source for /run/systemd/ask-password: %m");
342 manager_close_ask_password(m
);
346 (void) sd_event_source_set_description(m
->ask_password_event_source
, "manager-ask-password");
348 /* Queries might have been added meanwhile... */
349 manager_dispatch_ask_password_fd(m
->ask_password_event_source
,
350 m
->ask_password_inotify_fd
, EPOLLIN
, m
);
353 return m
->have_ask_password
;
356 static int manager_watch_idle_pipe(Manager
*m
) {
361 if (m
->idle_pipe_event_source
)
364 if (m
->idle_pipe
[2] < 0)
367 r
= sd_event_add_io(m
->event
, &m
->idle_pipe_event_source
, m
->idle_pipe
[2], EPOLLIN
, manager_dispatch_idle_pipe_fd
, m
);
369 return log_error_errno(r
, "Failed to watch idle pipe: %m");
371 (void) sd_event_source_set_description(m
->idle_pipe_event_source
, "manager-idle-pipe");
376 static void manager_close_idle_pipe(Manager
*m
) {
379 m
->idle_pipe_event_source
= sd_event_source_disable_unref(m
->idle_pipe_event_source
);
381 safe_close_pair(m
->idle_pipe
);
382 safe_close_pair(m
->idle_pipe
+ 2);
385 static int manager_setup_time_change(Manager
*m
) {
390 if (MANAGER_IS_TEST_RUN(m
))
393 m
->time_change_event_source
= sd_event_source_disable_unref(m
->time_change_event_source
);
395 r
= event_add_time_change(m
->event
, &m
->time_change_event_source
, manager_dispatch_time_change_fd
, m
);
397 return log_error_errno(r
, "Failed to create time change event source: %m");
399 /* Schedule this slightly earlier than the .timer event sources */
400 r
= sd_event_source_set_priority(m
->time_change_event_source
, EVENT_PRIORITY_TIME_CHANGE
);
402 return log_error_errno(r
, "Failed to set priority of time change event sources: %m");
404 log_debug("Set up TFD_TIMER_CANCEL_ON_SET timerfd.");
409 static int manager_read_timezone_stat(Manager
*m
) {
415 /* Read the current stat() data of /etc/localtime so that we detect changes */
416 if (lstat("/etc/localtime", &st
) < 0) {
417 log_debug_errno(errno
, "Failed to stat /etc/localtime, ignoring: %m");
418 changed
= m
->etc_localtime_accessible
;
419 m
->etc_localtime_accessible
= false;
423 k
= timespec_load(&st
.st_mtim
);
424 changed
= !m
->etc_localtime_accessible
|| k
!= m
->etc_localtime_mtime
;
426 m
->etc_localtime_mtime
= k
;
427 m
->etc_localtime_accessible
= true;
433 static int manager_setup_timezone_change(Manager
*m
) {
434 _cleanup_(sd_event_source_unrefp
) sd_event_source
*new_event
= NULL
;
439 if (MANAGER_IS_TEST_RUN(m
))
442 /* We watch /etc/localtime for three events: change of the link count (which might mean removal from /etc even
443 * though another link might be kept), renames, and file close operations after writing. Note we don't bother
444 * with IN_DELETE_SELF, as that would just report when the inode is removed entirely, i.e. after the link count
445 * went to zero and all fds to it are closed.
447 * Note that we never follow symlinks here. This is a simplification, but should cover almost all cases
450 * Note that we create the new event source first here, before releasing the old one. This should optimize
451 * behaviour as this way sd-event can reuse the old watch in case the inode didn't change. */
453 r
= sd_event_add_inotify(m
->event
, &new_event
, "/etc/localtime",
454 IN_ATTRIB
|IN_MOVE_SELF
|IN_CLOSE_WRITE
|IN_DONT_FOLLOW
, manager_dispatch_timezone_change
, m
);
456 /* If the file doesn't exist yet, subscribe to /etc instead, and wait until it is created either by
457 * O_CREATE or by rename() */
459 log_debug_errno(r
, "/etc/localtime doesn't exist yet, watching /etc instead.");
460 r
= sd_event_add_inotify(m
->event
, &new_event
, "/etc",
461 IN_CREATE
|IN_MOVED_TO
|IN_ONLYDIR
, manager_dispatch_timezone_change
, m
);
464 return log_error_errno(r
, "Failed to create timezone change event source: %m");
466 /* Schedule this slightly earlier than the .timer event sources */
467 r
= sd_event_source_set_priority(new_event
, EVENT_PRIORITY_TIME_ZONE
);
469 return log_error_errno(r
, "Failed to set priority of timezone change event sources: %m");
471 sd_event_source_unref(m
->timezone_change_event_source
);
472 m
->timezone_change_event_source
= TAKE_PTR(new_event
);
477 static int enable_special_signals(Manager
*m
) {
478 _cleanup_close_
int fd
= -EBADF
;
482 if (MANAGER_IS_TEST_RUN(m
))
485 /* Enable that we get SIGINT on control-alt-del. In containers
486 * this will fail with EPERM (older) or EINVAL (newer), so
488 if (reboot(RB_DISABLE_CAD
) < 0 && !IN_SET(errno
, EPERM
, EINVAL
))
489 log_warning_errno(errno
, "Failed to enable ctrl-alt-del handling: %m");
491 fd
= open_terminal("/dev/tty0", O_RDWR
|O_NOCTTY
|O_CLOEXEC
);
493 /* Support systems without virtual console */
495 log_warning_errno(errno
, "Failed to open /dev/tty0: %m");
497 /* Enable that we get SIGWINCH on kbrequest */
498 if (ioctl(fd
, KDSIGACCEPT
, SIGWINCH
) < 0)
499 log_warning_errno(errno
, "Failed to enable kbrequest handling: %m");
505 #define RTSIG_IF_AVAILABLE(signum) (signum <= SIGRTMAX ? signum : -1)
507 static int manager_setup_signals(Manager
*m
) {
508 struct sigaction sa
= {
509 .sa_handler
= SIG_DFL
,
510 .sa_flags
= SA_NOCLDSTOP
|SA_RESTART
,
517 assert_se(sigaction(SIGCHLD
, &sa
, NULL
) == 0);
519 /* We make liberal use of realtime signals here. On
520 * Linux/glibc we have 30 of them (with the exception of Linux
521 * on hppa, see below), between SIGRTMIN+0 ... SIGRTMIN+30
524 assert_se(sigemptyset(&mask
) == 0);
525 sigset_add_many(&mask
,
526 SIGCHLD
, /* Child died */
527 SIGTERM
, /* Reexecute daemon */
528 SIGHUP
, /* Reload configuration */
529 SIGUSR1
, /* systemd: reconnect to D-Bus */
530 SIGUSR2
, /* systemd: dump status */
531 SIGINT
, /* Kernel sends us this on control-alt-del */
532 SIGWINCH
, /* Kernel sends us this on kbrequest (alt-arrowup) */
533 SIGPWR
, /* Some kernel drivers and upsd send us this on power failure */
535 SIGRTMIN
+0, /* systemd: start default.target */
536 SIGRTMIN
+1, /* systemd: isolate rescue.target */
537 SIGRTMIN
+2, /* systemd: isolate emergency.target */
538 SIGRTMIN
+3, /* systemd: start halt.target */
539 SIGRTMIN
+4, /* systemd: start poweroff.target */
540 SIGRTMIN
+5, /* systemd: start reboot.target */
541 SIGRTMIN
+6, /* systemd: start kexec.target */
542 SIGRTMIN
+7, /* systemd: start soft-reboot.target */
544 /* ... space for more special targets ... */
546 SIGRTMIN
+13, /* systemd: Immediate halt */
547 SIGRTMIN
+14, /* systemd: Immediate poweroff */
548 SIGRTMIN
+15, /* systemd: Immediate reboot */
549 SIGRTMIN
+16, /* systemd: Immediate kexec */
550 SIGRTMIN
+17, /* systemd: Immediate soft-reboot */
551 SIGRTMIN
+18, /* systemd: control command */
555 SIGRTMIN
+20, /* systemd: enable status messages */
556 SIGRTMIN
+21, /* systemd: disable status messages */
557 SIGRTMIN
+22, /* systemd: set log level to LOG_DEBUG */
558 SIGRTMIN
+23, /* systemd: set log level to LOG_INFO */
559 SIGRTMIN
+24, /* systemd: Immediate exit (--user only) */
560 SIGRTMIN
+25, /* systemd: reexecute manager */
562 /* Apparently Linux on hppa had fewer RT signals until v3.18,
563 * SIGRTMAX was SIGRTMIN+25, and then SIGRTMIN was lowered,
564 * see commit v3.17-7614-g1f25df2eff.
566 * We cannot unconditionally make use of those signals here,
567 * so let's use a runtime check. Since these commands are
568 * accessible by different means and only really a safety
569 * net, the missing functionality on hppa shouldn't matter.
572 RTSIG_IF_AVAILABLE(SIGRTMIN
+26), /* systemd: set log target to journal-or-kmsg */
573 RTSIG_IF_AVAILABLE(SIGRTMIN
+27), /* systemd: set log target to console */
574 RTSIG_IF_AVAILABLE(SIGRTMIN
+28), /* systemd: set log target to kmsg */
575 RTSIG_IF_AVAILABLE(SIGRTMIN
+29), /* systemd: set log target to syslog-or-kmsg (obsolete) */
577 /* ... one free signal here SIGRTMIN+30 ... */
579 assert_se(sigprocmask(SIG_SETMASK
, &mask
, NULL
) == 0);
581 m
->signal_fd
= signalfd(-1, &mask
, SFD_NONBLOCK
|SFD_CLOEXEC
);
582 if (m
->signal_fd
< 0)
585 r
= sd_event_add_io(m
->event
, &m
->signal_event_source
, m
->signal_fd
, EPOLLIN
, manager_dispatch_signal_fd
, m
);
589 (void) sd_event_source_set_description(m
->signal_event_source
, "manager-signal");
591 /* Process signals a bit earlier than the rest of things, but later than notify_fd processing, so that the
592 * notify processing can still figure out to which process/service a message belongs, before we reap the
593 * process. Also, process this before handling cgroup notifications, so that we always collect child exit
594 * status information before detecting that there's no process in a cgroup. */
595 r
= sd_event_source_set_priority(m
->signal_event_source
, EVENT_PRIORITY_SIGNALS
);
599 if (MANAGER_IS_SYSTEM(m
))
600 return enable_special_signals(m
);
605 static char** sanitize_environment(char **l
) {
607 /* Let's remove some environment variables that we need ourselves to communicate with our clients */
611 "CONFIGURATION_DIRECTORY",
612 "CREDENTIALS_DIRECTORY",
624 "MEMORY_PRESSURE_WATCH",
625 "MEMORY_PRESSURE_WRITE",
627 "MONITOR_EXIT_STATUS",
628 "MONITOR_INVOCATION_ID",
629 "MONITOR_SERVICE_RESULT",
640 "TRIGGER_TIMER_MONOTONIC_USEC",
641 "TRIGGER_TIMER_REALTIME_USEC",
646 /* Let's order the environment alphabetically, just to make it pretty */
650 int manager_default_environment(Manager
*m
) {
655 m
->transient_environment
= strv_free(m
->transient_environment
);
657 if (MANAGER_IS_SYSTEM(m
)) {
658 /* The system manager always starts with a clean environment for its children. It does not
659 * import the kernel's or the parents' exported variables.
661 * The initial passed environment is untouched to keep /proc/self/environ valid; it is used
662 * for tagging the init process inside containers. */
663 m
->transient_environment
= strv_new("PATH=" DEFAULT_PATH
);
664 if (!m
->transient_environment
)
667 /* Import locale variables LC_*= from configuration */
668 (void) locale_setup(&m
->transient_environment
);
670 /* The user manager passes its own environment along to its children, except for $PATH and
673 m
->transient_environment
= strv_copy(environ
);
674 if (!m
->transient_environment
)
677 r
= strv_env_replace_strdup(&m
->transient_environment
, "PATH=" DEFAULT_USER_PATH
);
681 /* Envvars set for our 'manager' class session are private and should not be propagated
682 * to children. Also it's likely that the graphical session will set these on their own. */
683 strv_env_unset_many(m
->transient_environment
,
687 "XDG_SESSION_DESKTOP",
692 sanitize_environment(m
->transient_environment
);
696 static int manager_setup_prefix(Manager
*m
) {
702 static const struct table_entry paths_system
[_EXEC_DIRECTORY_TYPE_MAX
] = {
703 [EXEC_DIRECTORY_RUNTIME
] = { SD_PATH_SYSTEM_RUNTIME
, NULL
},
704 [EXEC_DIRECTORY_STATE
] = { SD_PATH_SYSTEM_STATE_PRIVATE
, NULL
},
705 [EXEC_DIRECTORY_CACHE
] = { SD_PATH_SYSTEM_STATE_CACHE
, NULL
},
706 [EXEC_DIRECTORY_LOGS
] = { SD_PATH_SYSTEM_STATE_LOGS
, NULL
},
707 [EXEC_DIRECTORY_CONFIGURATION
] = { SD_PATH_SYSTEM_CONFIGURATION
, NULL
},
710 static const struct table_entry paths_user
[_EXEC_DIRECTORY_TYPE_MAX
] = {
711 [EXEC_DIRECTORY_RUNTIME
] = { SD_PATH_USER_RUNTIME
, NULL
},
712 [EXEC_DIRECTORY_STATE
] = { SD_PATH_USER_STATE_PRIVATE
, NULL
},
713 [EXEC_DIRECTORY_CACHE
] = { SD_PATH_USER_STATE_CACHE
, NULL
},
714 [EXEC_DIRECTORY_LOGS
] = { SD_PATH_USER_STATE_PRIVATE
, "log" },
715 [EXEC_DIRECTORY_CONFIGURATION
] = { SD_PATH_USER_CONFIGURATION
, NULL
},
720 const struct table_entry
*p
= MANAGER_IS_SYSTEM(m
) ? paths_system
: paths_user
;
723 for (ExecDirectoryType i
= 0; i
< _EXEC_DIRECTORY_TYPE_MAX
; i
++) {
724 r
= sd_path_lookup(p
[i
].type
, p
[i
].suffix
, &m
->prefix
[i
]);
726 return log_warning_errno(r
, "Failed to lookup %s path: %m",
727 exec_directory_type_to_string(i
));
733 static void manager_free_unit_name_maps(Manager
*m
) {
734 m
->unit_id_map
= hashmap_free(m
->unit_id_map
);
735 m
->unit_name_map
= hashmap_free(m
->unit_name_map
);
736 m
->unit_path_cache
= set_free(m
->unit_path_cache
);
737 m
->unit_cache_timestamp_hash
= 0;
740 static int manager_setup_run_queue(Manager
*m
) {
744 assert(!m
->run_queue_event_source
);
746 r
= sd_event_add_defer(m
->event
, &m
->run_queue_event_source
, manager_dispatch_run_queue
, m
);
750 r
= sd_event_source_set_priority(m
->run_queue_event_source
, EVENT_PRIORITY_RUN_QUEUE
);
754 r
= sd_event_source_set_enabled(m
->run_queue_event_source
, SD_EVENT_OFF
);
758 (void) sd_event_source_set_description(m
->run_queue_event_source
, "manager-run-queue");
763 static int manager_setup_sigchld_event_source(Manager
*m
) {
767 assert(!m
->sigchld_event_source
);
769 r
= sd_event_add_defer(m
->event
, &m
->sigchld_event_source
, manager_dispatch_sigchld
, m
);
773 r
= sd_event_source_set_priority(m
->sigchld_event_source
, EVENT_PRIORITY_SIGCHLD
);
777 r
= sd_event_source_set_enabled(m
->sigchld_event_source
, SD_EVENT_OFF
);
781 (void) sd_event_source_set_description(m
->sigchld_event_source
, "manager-sigchld");
786 int manager_setup_memory_pressure_event_source(Manager
*m
) {
791 m
->memory_pressure_event_source
= sd_event_source_disable_unref(m
->memory_pressure_event_source
);
793 r
= sd_event_add_memory_pressure(m
->event
, &m
->memory_pressure_event_source
, NULL
, NULL
);
795 log_full_errno(ERRNO_IS_NOT_SUPPORTED(r
) || ERRNO_IS_PRIVILEGE(r
) || (r
== -EHOSTDOWN
) ? LOG_DEBUG
: LOG_NOTICE
, r
,
796 "Failed to establish memory pressure event source, ignoring: %m");
797 else if (m
->defaults
.memory_pressure_threshold_usec
!= USEC_INFINITY
) {
799 /* If there's a default memory pressure threshold set, also apply it to the service manager itself */
800 r
= sd_event_source_set_memory_pressure_period(
801 m
->memory_pressure_event_source
,
802 m
->defaults
.memory_pressure_threshold_usec
,
803 MEMORY_PRESSURE_DEFAULT_WINDOW_USEC
);
805 log_warning_errno(r
, "Failed to adjust memory pressure threshold, ignoring: %m");
811 static int manager_find_credentials_dirs(Manager
*m
) {
817 r
= get_credentials_dir(&e
);
820 log_debug_errno(r
, "Failed to determine credentials directory, ignoring: %m");
822 m
->received_credentials_directory
= strdup(e
);
823 if (!m
->received_credentials_directory
)
827 r
= get_encrypted_credentials_dir(&e
);
830 log_debug_errno(r
, "Failed to determine encrypted credentials directory, ignoring: %m");
832 m
->received_encrypted_credentials_directory
= strdup(e
);
833 if (!m
->received_encrypted_credentials_directory
)
840 void manager_set_switching_root(Manager
*m
, bool switching_root
) {
843 m
->switching_root
= MANAGER_IS_SYSTEM(m
) && switching_root
;
846 double manager_get_progress(Manager
*m
) {
849 if (MANAGER_IS_FINISHED(m
) || m
->n_installed_jobs
== 0)
852 return 1.0 - ((double) hashmap_size(m
->jobs
) / (double) m
->n_installed_jobs
);
855 static int compare_job_priority(const void *a
, const void *b
) {
856 const Job
*x
= a
, *y
= b
;
858 return unit_compare_priority(x
->unit
, y
->unit
);
861 int manager_new(RuntimeScope runtime_scope
, ManagerTestRunFlags test_run_flags
, Manager
**ret
) {
862 _cleanup_(manager_freep
) Manager
*m
= NULL
;
865 assert(IN_SET(runtime_scope
, RUNTIME_SCOPE_SYSTEM
, RUNTIME_SCOPE_USER
));
873 .runtime_scope
= runtime_scope
,
874 .objective
= _MANAGER_OBJECTIVE_INVALID
,
876 .status_unit_format
= STATUS_UNIT_FORMAT_DEFAULT
,
878 .original_log_level
= -1,
879 .original_log_target
= _LOG_TARGET_INVALID
,
881 .watchdog_overridden
[WATCHDOG_RUNTIME
] = USEC_INFINITY
,
882 .watchdog_overridden
[WATCHDOG_REBOOT
] = USEC_INFINITY
,
883 .watchdog_overridden
[WATCHDOG_KEXEC
] = USEC_INFINITY
,
884 .watchdog_overridden
[WATCHDOG_PRETIMEOUT
] = USEC_INFINITY
,
886 .show_status_overridden
= _SHOW_STATUS_INVALID
,
889 .cgroups_agent_fd
= -EBADF
,
891 .user_lookup_fds
= EBADF_PAIR
,
892 .private_listen_fd
= -EBADF
,
893 .dev_autofs_fd
= -EBADF
,
894 .cgroup_inotify_fd
= -EBADF
,
895 .pin_cgroupfs_fd
= -EBADF
,
896 .ask_password_inotify_fd
= -EBADF
,
897 .idle_pipe
= { -EBADF
, -EBADF
, -EBADF
, -EBADF
},
899 /* start as id #1, so that we can leave #0 around as "null-like" value */
902 .have_ask_password
= -EINVAL
, /* we don't know */
904 .test_run_flags
= test_run_flags
,
906 .dump_ratelimit
= (const RateLimit
) { .interval
= 10 * USEC_PER_MINUTE
, .burst
= 10 },
908 .executor_fd
= -EBADF
,
911 unit_defaults_init(&m
->defaults
, runtime_scope
);
914 if (MANAGER_IS_SYSTEM(m
) && detect_container() <= 0)
915 boot_timestamps(m
->timestamps
+ MANAGER_TIMESTAMP_USERSPACE
,
916 m
->timestamps
+ MANAGER_TIMESTAMP_FIRMWARE
,
917 m
->timestamps
+ MANAGER_TIMESTAMP_LOADER
);
920 /* Prepare log fields we can use for structured logging */
921 if (MANAGER_IS_SYSTEM(m
)) {
922 m
->unit_log_field
= "UNIT=";
923 m
->unit_log_format_string
= "UNIT=%s";
925 m
->invocation_log_field
= "INVOCATION_ID=";
926 m
->invocation_log_format_string
= "INVOCATION_ID=%s";
928 m
->unit_log_field
= "USER_UNIT=";
929 m
->unit_log_format_string
= "USER_UNIT=%s";
931 m
->invocation_log_field
= "USER_INVOCATION_ID=";
932 m
->invocation_log_format_string
= "USER_INVOCATION_ID=%s";
935 /* Reboot immediately if the user hits C-A-D more often than 7x per 2s */
936 m
->ctrl_alt_del_ratelimit
= (const RateLimit
) { .interval
= 2 * USEC_PER_SEC
, .burst
= 7 };
938 r
= manager_default_environment(m
);
942 r
= hashmap_ensure_allocated(&m
->units
, &string_hash_ops
);
946 r
= hashmap_ensure_allocated(&m
->cgroup_unit
, &path_hash_ops
);
950 r
= hashmap_ensure_allocated(&m
->watch_bus
, &string_hash_ops
);
954 r
= prioq_ensure_allocated(&m
->run_queue
, compare_job_priority
);
958 r
= manager_setup_prefix(m
);
962 r
= manager_find_credentials_dirs(m
);
966 r
= sd_event_default(&m
->event
);
970 r
= manager_setup_run_queue(m
);
974 if (FLAGS_SET(test_run_flags
, MANAGER_TEST_RUN_MINIMAL
)) {
975 m
->cgroup_root
= strdup("");
979 r
= manager_setup_signals(m
);
983 r
= manager_setup_cgroup(m
);
987 r
= manager_setup_time_change(m
);
991 r
= manager_read_timezone_stat(m
);
995 (void) manager_setup_timezone_change(m
);
997 r
= manager_setup_sigchld_event_source(m
);
1001 r
= manager_setup_memory_pressure_event_source(m
);
1006 if (MANAGER_IS_SYSTEM(m
) && bpf_restrict_fs_supported(/* initialize = */ true)) {
1007 r
= bpf_restrict_fs_setup(m
);
1009 log_warning_errno(r
, "Failed to setup LSM BPF, ignoring: %m");
1014 if (test_run_flags
== 0) {
1015 if (MANAGER_IS_SYSTEM(m
))
1016 r
= mkdir_label("/run/systemd/units", 0755);
1018 _cleanup_free_
char *units_path
= NULL
;
1019 r
= xdg_user_runtime_dir(&units_path
, "/systemd/units");
1022 r
= mkdir_p_label(units_path
, 0755);
1025 if (r
< 0 && r
!= -EEXIST
)
1029 if (!FLAGS_SET(test_run_flags
, MANAGER_TEST_DONT_OPEN_EXECUTOR
)) {
1030 m
->executor_fd
= pin_callout_binary(SYSTEMD_EXECUTOR_BINARY_PATH
);
1031 if (m
->executor_fd
< 0)
1032 return log_debug_errno(m
->executor_fd
, "Failed to pin executor binary: %m");
1034 _cleanup_free_
char *executor_path
= NULL
;
1035 r
= fd_get_path(m
->executor_fd
, &executor_path
);
1039 log_debug("Using systemd-executor binary from '%s'.", executor_path
);
1042 /* Note that we do not set up the notify fd here. We do that after deserialization,
1043 * since they might have gotten serialized across the reexec. */
1050 static int manager_setup_notify(Manager
*m
) {
1053 if (MANAGER_IS_TEST_RUN(m
))
1056 if (m
->notify_fd
< 0) {
1057 _cleanup_close_
int fd
= -EBADF
;
1058 union sockaddr_union sa
;
1061 /* First free all secondary fields */
1062 m
->notify_socket
= mfree(m
->notify_socket
);
1063 m
->notify_event_source
= sd_event_source_disable_unref(m
->notify_event_source
);
1065 fd
= socket(AF_UNIX
, SOCK_DGRAM
|SOCK_CLOEXEC
|SOCK_NONBLOCK
, 0);
1067 return log_error_errno(errno
, "Failed to allocate notification socket: %m");
1069 fd_increase_rxbuf(fd
, NOTIFY_RCVBUF_SIZE
);
1071 m
->notify_socket
= path_join(m
->prefix
[EXEC_DIRECTORY_RUNTIME
], "systemd/notify");
1072 if (!m
->notify_socket
)
1075 r
= sockaddr_un_set_path(&sa
.un
, m
->notify_socket
);
1077 return log_error_errno(r
, "Notify socket '%s' not valid for AF_UNIX socket address, refusing.",
1081 (void) mkdir_parents_label(m
->notify_socket
, 0755);
1082 (void) sockaddr_un_unlink(&sa
.un
);
1084 r
= mac_selinux_bind(fd
, &sa
.sa
, sa_len
);
1086 return log_error_errno(r
, "bind(%s) failed: %m", m
->notify_socket
);
1088 r
= setsockopt_int(fd
, SOL_SOCKET
, SO_PASSCRED
, true);
1090 return log_error_errno(r
, "SO_PASSCRED failed: %m");
1092 m
->notify_fd
= TAKE_FD(fd
);
1094 log_debug("Using notification socket %s", m
->notify_socket
);
1097 if (!m
->notify_event_source
) {
1098 r
= sd_event_add_io(m
->event
, &m
->notify_event_source
, m
->notify_fd
, EPOLLIN
, manager_dispatch_notify_fd
, m
);
1100 return log_error_errno(r
, "Failed to allocate notify event source: %m");
1102 /* Process notification messages a bit earlier than SIGCHLD, so that we can still identify to which
1103 * service an exit message belongs. */
1104 r
= sd_event_source_set_priority(m
->notify_event_source
, EVENT_PRIORITY_NOTIFY
);
1106 return log_error_errno(r
, "Failed to set priority of notify event source: %m");
1108 (void) sd_event_source_set_description(m
->notify_event_source
, "manager-notify");
1114 static int manager_setup_cgroups_agent(Manager
*m
) {
1116 static const union sockaddr_union sa
= {
1117 .un
.sun_family
= AF_UNIX
,
1118 .un
.sun_path
= "/run/systemd/cgroups-agent",
1122 /* This creates a listening socket we receive cgroups agent messages on. We do not use D-Bus for delivering
1123 * these messages from the cgroups agent binary to PID 1, as the cgroups agent binary is very short-living, and
1124 * each instance of it needs a new D-Bus connection. Since D-Bus connections are SOCK_STREAM/AF_UNIX, on
1125 * overloaded systems the backlog of the D-Bus socket becomes relevant, as not more than the configured number
1126 * of D-Bus connections may be queued until the kernel will start dropping further incoming connections,
1127 * possibly resulting in lost cgroups agent messages. To avoid this, we'll use a private SOCK_DGRAM/AF_UNIX
1128 * socket, where no backlog is relevant as communication may take place without an actual connect() cycle, and
1129 * we thus won't lose messages.
1131 * Note that PID 1 will forward the agent message to system bus, so that the user systemd instance may listen
1132 * to it. The system instance hence listens on this special socket, but the user instances listen on the system
1133 * bus for these messages. */
1135 if (MANAGER_IS_TEST_RUN(m
))
1138 if (!MANAGER_IS_SYSTEM(m
))
1141 r
= cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER
);
1143 return log_error_errno(r
, "Failed to determine whether unified cgroups hierarchy is used: %m");
1144 if (r
> 0) /* We don't need this anymore on the unified hierarchy */
1147 if (m
->cgroups_agent_fd
< 0) {
1148 _cleanup_close_
int fd
= -EBADF
;
1150 /* First free all secondary fields */
1151 m
->cgroups_agent_event_source
= sd_event_source_disable_unref(m
->cgroups_agent_event_source
);
1153 fd
= socket(AF_UNIX
, SOCK_DGRAM
|SOCK_CLOEXEC
|SOCK_NONBLOCK
, 0);
1155 return log_error_errno(errno
, "Failed to allocate cgroups agent socket: %m");
1157 fd_increase_rxbuf(fd
, CGROUPS_AGENT_RCVBUF_SIZE
);
1159 (void) sockaddr_un_unlink(&sa
.un
);
1161 /* Only allow root to connect to this socket */
1163 r
= bind(fd
, &sa
.sa
, SOCKADDR_UN_LEN(sa
.un
));
1165 return log_error_errno(errno
, "bind(%s) failed: %m", sa
.un
.sun_path
);
1167 m
->cgroups_agent_fd
= TAKE_FD(fd
);
1170 if (!m
->cgroups_agent_event_source
) {
1171 r
= sd_event_add_io(m
->event
, &m
->cgroups_agent_event_source
, m
->cgroups_agent_fd
, EPOLLIN
, manager_dispatch_cgroups_agent_fd
, m
);
1173 return log_error_errno(r
, "Failed to allocate cgroups agent event source: %m");
1175 /* Process cgroups notifications early. Note that when the agent notification is received
1176 * we'll just enqueue the unit in the cgroup empty queue, hence pick a high priority than
1177 * that. Also see handling of cgroup inotify for the unified cgroup stuff. */
1178 r
= sd_event_source_set_priority(m
->cgroups_agent_event_source
, EVENT_PRIORITY_CGROUP_AGENT
);
1180 return log_error_errno(r
, "Failed to set priority of cgroups agent event source: %m");
1182 (void) sd_event_source_set_description(m
->cgroups_agent_event_source
, "manager-cgroups-agent");
1188 static int manager_setup_user_lookup_fd(Manager
*m
) {
1193 /* Set up the socket pair used for passing UID/GID resolution results from forked off processes to PID
1194 * 1. Background: we can't do name lookups (NSS) from PID 1, since it might involve IPC and thus activation,
1195 * and we might hence deadlock on ourselves. Hence we do all user/group lookups asynchronously from the forked
1196 * off processes right before executing the binaries to start. In order to be able to clean up any IPC objects
1197 * created by a unit (see RemoveIPC=) we need to know in PID 1 the used UID/GID of the executed processes,
1198 * hence we establish this communication channel so that forked off processes can pass their UID/GID
1199 * information back to PID 1. The forked off processes send their resolved UID/GID to PID 1 in a simple
1200 * datagram, along with their unit name, so that we can share one communication socket pair among all units for
1203 * You might wonder why we need a communication channel for this that is independent of the usual notification
1204 * socket scheme (i.e. $NOTIFY_SOCKET). The primary difference is about trust: data sent via the $NOTIFY_SOCKET
1205 * channel is only accepted if it originates from the right unit and if reception was enabled for it. The user
1206 * lookup socket OTOH is only accessible by PID 1 and its children until they exec(), and always available.
1208 * Note that this function is called under two circumstances: when we first initialize (in which case we
1209 * allocate both the socket pair and the event source to listen on it), and when we deserialize after a reload
1210 * (in which case the socket pair already exists but we still need to allocate the event source for it). */
1212 if (m
->user_lookup_fds
[0] < 0) {
1214 /* Free all secondary fields */
1215 safe_close_pair(m
->user_lookup_fds
);
1216 m
->user_lookup_event_source
= sd_event_source_disable_unref(m
->user_lookup_event_source
);
1218 if (socketpair(AF_UNIX
, SOCK_DGRAM
|SOCK_CLOEXEC
, 0, m
->user_lookup_fds
) < 0)
1219 return log_error_errno(errno
, "Failed to allocate user lookup socket: %m");
1221 (void) fd_increase_rxbuf(m
->user_lookup_fds
[0], NOTIFY_RCVBUF_SIZE
);
1224 if (!m
->user_lookup_event_source
) {
1225 r
= sd_event_add_io(m
->event
, &m
->user_lookup_event_source
, m
->user_lookup_fds
[0], EPOLLIN
, manager_dispatch_user_lookup_fd
, m
);
1227 return log_error_errno(errno
, "Failed to allocate user lookup event source: %m");
1229 /* Process even earlier than the notify event source, so that we always know first about valid UID/GID
1231 r
= sd_event_source_set_priority(m
->user_lookup_event_source
, EVENT_PRIORITY_USER_LOOKUP
);
1233 return log_error_errno(errno
, "Failed to set priority of user lookup event source: %m");
1235 (void) sd_event_source_set_description(m
->user_lookup_event_source
, "user-lookup");
1241 static unsigned manager_dispatch_cleanup_queue(Manager
*m
) {
1247 while ((u
= m
->cleanup_queue
)) {
1248 assert(u
->in_cleanup_queue
);
1257 static unsigned manager_dispatch_release_resources_queue(Manager
*m
) {
1263 while ((u
= LIST_POP(release_resources_queue
, m
->release_resources_queue
))) {
1264 assert(u
->in_release_resources_queue
);
1265 u
->in_release_resources_queue
= false;
1269 unit_release_resources(u
);
1276 GC_OFFSET_IN_PATH
, /* This one is on the path we were traveling */
1277 GC_OFFSET_UNSURE
, /* No clue */
1278 GC_OFFSET_GOOD
, /* We still need this unit */
1279 GC_OFFSET_BAD
, /* We don't need this unit anymore */
1283 static void unit_gc_mark_good(Unit
*u
, unsigned gc_marker
) {
1286 u
->gc_marker
= gc_marker
+ GC_OFFSET_GOOD
;
1288 /* Recursively mark referenced units as GOOD as well */
1289 UNIT_FOREACH_DEPENDENCY(other
, u
, UNIT_ATOM_REFERENCES
)
1290 if (other
->gc_marker
== gc_marker
+ GC_OFFSET_UNSURE
)
1291 unit_gc_mark_good(other
, gc_marker
);
1294 static void unit_gc_sweep(Unit
*u
, unsigned gc_marker
) {
1300 if (IN_SET(u
->gc_marker
- gc_marker
,
1301 GC_OFFSET_GOOD
, GC_OFFSET_BAD
, GC_OFFSET_UNSURE
, GC_OFFSET_IN_PATH
))
1304 if (u
->in_cleanup_queue
)
1307 if (!unit_may_gc(u
))
1310 u
->gc_marker
= gc_marker
+ GC_OFFSET_IN_PATH
;
1314 UNIT_FOREACH_DEPENDENCY(other
, u
, UNIT_ATOM_REFERENCED_BY
) {
1315 unit_gc_sweep(other
, gc_marker
);
1317 if (other
->gc_marker
== gc_marker
+ GC_OFFSET_GOOD
)
1320 if (other
->gc_marker
!= gc_marker
+ GC_OFFSET_BAD
)
1324 LIST_FOREACH(refs_by_target
, ref
, u
->refs_by_target
) {
1325 unit_gc_sweep(ref
->source
, gc_marker
);
1327 if (ref
->source
->gc_marker
== gc_marker
+ GC_OFFSET_GOOD
)
1330 if (ref
->source
->gc_marker
!= gc_marker
+ GC_OFFSET_BAD
)
1337 /* We were unable to find anything out about this entry, so
1338 * let's investigate it later */
1339 u
->gc_marker
= gc_marker
+ GC_OFFSET_UNSURE
;
1340 unit_add_to_gc_queue(u
);
1344 /* We definitely know that this one is not useful anymore, so
1345 * let's mark it for deletion */
1346 u
->gc_marker
= gc_marker
+ GC_OFFSET_BAD
;
1347 unit_add_to_cleanup_queue(u
);
1351 unit_gc_mark_good(u
, gc_marker
);
1354 static unsigned manager_dispatch_gc_unit_queue(Manager
*m
) {
1355 unsigned n
= 0, gc_marker
;
1360 /* log_debug("Running GC..."); */
1362 m
->gc_marker
+= _GC_OFFSET_MAX
;
1363 if (m
->gc_marker
+ _GC_OFFSET_MAX
<= _GC_OFFSET_MAX
)
1366 gc_marker
= m
->gc_marker
;
1368 while ((u
= LIST_POP(gc_queue
, m
->gc_unit_queue
))) {
1369 assert(u
->in_gc_queue
);
1371 unit_gc_sweep(u
, gc_marker
);
1373 u
->in_gc_queue
= false;
1377 if (IN_SET(u
->gc_marker
- gc_marker
,
1378 GC_OFFSET_BAD
, GC_OFFSET_UNSURE
)) {
1380 log_unit_debug(u
, "Collecting.");
1381 u
->gc_marker
= gc_marker
+ GC_OFFSET_BAD
;
1382 unit_add_to_cleanup_queue(u
);
1389 static unsigned manager_dispatch_gc_job_queue(Manager
*m
) {
1395 while ((j
= LIST_POP(gc_queue
, m
->gc_job_queue
))) {
1396 assert(j
->in_gc_queue
);
1397 j
->in_gc_queue
= false;
1404 log_unit_debug(j
->unit
, "Collecting job.");
1405 (void) job_finish_and_invalidate(j
, JOB_COLLECTED
, false, false);
1411 static int manager_ratelimit_requeue(sd_event_source
*s
, uint64_t usec
, void *userdata
) {
1415 assert(s
== u
->auto_start_stop_event_source
);
1417 u
->auto_start_stop_event_source
= sd_event_source_unref(u
->auto_start_stop_event_source
);
1419 /* Re-queue to all queues, if the rate limit hit we might have been throttled on any of them. */
1420 unit_submit_to_stop_when_unneeded_queue(u
);
1421 unit_submit_to_start_when_upheld_queue(u
);
1422 unit_submit_to_stop_when_bound_queue(u
);
1427 static int manager_ratelimit_check_and_queue(Unit
*u
) {
1432 if (ratelimit_below(&u
->auto_start_stop_ratelimit
))
1435 /* Already queued, no need to requeue */
1436 if (u
->auto_start_stop_event_source
)
1439 r
= sd_event_add_time(
1441 &u
->auto_start_stop_event_source
,
1443 ratelimit_end(&u
->auto_start_stop_ratelimit
),
1445 manager_ratelimit_requeue
,
1448 return log_unit_error_errno(u
, r
, "Failed to queue timer on event loop: %m");
1453 static unsigned manager_dispatch_stop_when_unneeded_queue(Manager
*m
) {
1460 while ((u
= LIST_POP(stop_when_unneeded_queue
, m
->stop_when_unneeded_queue
))) {
1461 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1463 assert(u
->in_stop_when_unneeded_queue
);
1464 u
->in_stop_when_unneeded_queue
= false;
1468 if (!unit_is_unneeded(u
))
1471 log_unit_debug(u
, "Unit is not needed anymore.");
1473 /* If stopping a unit fails continuously we might enter a stop loop here, hence stop acting on the
1474 * service being unnecessary after a while. */
1476 r
= manager_ratelimit_check_and_queue(u
);
1479 "Unit not needed anymore, but not stopping since we tried this too often recently.%s",
1480 r
== 0 ? " Will retry later." : "");
1484 /* Ok, nobody needs us anymore. Sniff. Then let's commit suicide */
1485 r
= manager_add_job(u
->manager
, JOB_STOP
, u
, JOB_FAIL
, NULL
, &error
, NULL
);
1487 log_unit_warning_errno(u
, r
, "Failed to enqueue stop job, ignoring: %s", bus_error_message(&error
, r
));
1493 static unsigned manager_dispatch_start_when_upheld_queue(Manager
*m
) {
1500 while ((u
= LIST_POP(start_when_upheld_queue
, m
->start_when_upheld_queue
))) {
1501 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1502 Unit
*culprit
= NULL
;
1504 assert(u
->in_start_when_upheld_queue
);
1505 u
->in_start_when_upheld_queue
= false;
1509 if (!unit_is_upheld_by_active(u
, &culprit
))
1512 log_unit_debug(u
, "Unit is started because upheld by active unit %s.", culprit
->id
);
1514 /* If stopping a unit fails continuously we might enter a stop loop here, hence stop acting on the
1515 * service being unnecessary after a while. */
1517 r
= manager_ratelimit_check_and_queue(u
);
1520 "Unit needs to be started because active unit %s upholds it, but not starting since we tried this too often recently.%s",
1522 r
== 0 ? " Will retry later." : "");
1526 r
= manager_add_job(u
->manager
, JOB_START
, u
, JOB_FAIL
, NULL
, &error
, NULL
);
1528 log_unit_warning_errno(u
, r
, "Failed to enqueue start job, ignoring: %s", bus_error_message(&error
, r
));
1534 static unsigned manager_dispatch_stop_when_bound_queue(Manager
*m
) {
1541 while ((u
= LIST_POP(stop_when_bound_queue
, m
->stop_when_bound_queue
))) {
1542 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1543 Unit
*culprit
= NULL
;
1545 assert(u
->in_stop_when_bound_queue
);
1546 u
->in_stop_when_bound_queue
= false;
1550 if (!unit_is_bound_by_inactive(u
, &culprit
))
1553 log_unit_debug(u
, "Unit is stopped because bound to inactive unit %s.", culprit
->id
);
1555 /* If stopping a unit fails continuously we might enter a stop loop here, hence stop acting on the
1556 * service being unnecessary after a while. */
1558 r
= manager_ratelimit_check_and_queue(u
);
1561 "Unit needs to be stopped because it is bound to inactive unit %s it, but not stopping since we tried this too often recently.%s",
1563 r
== 0 ? " Will retry later." : "");
1567 r
= manager_add_job(u
->manager
, JOB_STOP
, u
, JOB_REPLACE
, NULL
, &error
, NULL
);
1569 log_unit_warning_errno(u
, r
, "Failed to enqueue stop job, ignoring: %s", bus_error_message(&error
, r
));
1575 static void manager_clear_jobs_and_units(Manager
*m
) {
1580 while ((u
= hashmap_first(m
->units
)))
1583 manager_dispatch_cleanup_queue(m
);
1585 assert(!m
->load_queue
);
1586 assert(prioq_isempty(m
->run_queue
));
1587 assert(!m
->dbus_unit_queue
);
1588 assert(!m
->dbus_job_queue
);
1589 assert(!m
->cleanup_queue
);
1590 assert(!m
->gc_unit_queue
);
1591 assert(!m
->gc_job_queue
);
1592 assert(!m
->cgroup_realize_queue
);
1593 assert(!m
->cgroup_empty_queue
);
1594 assert(!m
->cgroup_oom_queue
);
1595 assert(!m
->target_deps_queue
);
1596 assert(!m
->stop_when_unneeded_queue
);
1597 assert(!m
->start_when_upheld_queue
);
1598 assert(!m
->stop_when_bound_queue
);
1599 assert(!m
->release_resources_queue
);
1601 assert(hashmap_isempty(m
->jobs
));
1602 assert(hashmap_isempty(m
->units
));
1604 m
->n_on_console
= 0;
1605 m
->n_running_jobs
= 0;
1606 m
->n_installed_jobs
= 0;
1607 m
->n_failed_jobs
= 0;
1610 Manager
* manager_free(Manager
*m
) {
1614 manager_clear_jobs_and_units(m
);
1616 for (UnitType c
= 0; c
< _UNIT_TYPE_MAX
; c
++)
1617 if (unit_vtable
[c
]->shutdown
)
1618 unit_vtable
[c
]->shutdown(m
);
1620 /* Keep the cgroup hierarchy in place except when we know we are going down for good */
1621 manager_shutdown_cgroup(m
, /* delete= */ IN_SET(m
->objective
, MANAGER_EXIT
, MANAGER_REBOOT
, MANAGER_POWEROFF
, MANAGER_HALT
, MANAGER_KEXEC
));
1623 lookup_paths_flush_generator(&m
->lookup_paths
);
1626 manager_varlink_done(m
);
1628 exec_shared_runtime_vacuum(m
);
1629 hashmap_free(m
->exec_shared_runtime_by_id
);
1631 dynamic_user_vacuum(m
, false);
1632 hashmap_free(m
->dynamic_users
);
1634 hashmap_free(m
->units
);
1635 hashmap_free(m
->units_by_invocation_id
);
1636 hashmap_free(m
->jobs
);
1637 hashmap_free(m
->watch_pids
);
1638 hashmap_free(m
->watch_pids_more
);
1639 hashmap_free(m
->watch_bus
);
1641 prioq_free(m
->run_queue
);
1643 set_free(m
->startup_units
);
1644 set_free(m
->failed_units
);
1646 sd_event_source_unref(m
->signal_event_source
);
1647 sd_event_source_unref(m
->sigchld_event_source
);
1648 sd_event_source_unref(m
->notify_event_source
);
1649 sd_event_source_unref(m
->cgroups_agent_event_source
);
1650 sd_event_source_unref(m
->time_change_event_source
);
1651 sd_event_source_unref(m
->timezone_change_event_source
);
1652 sd_event_source_unref(m
->jobs_in_progress_event_source
);
1653 sd_event_source_unref(m
->run_queue_event_source
);
1654 sd_event_source_unref(m
->user_lookup_event_source
);
1655 sd_event_source_unref(m
->memory_pressure_event_source
);
1657 safe_close(m
->signal_fd
);
1658 safe_close(m
->notify_fd
);
1659 safe_close(m
->cgroups_agent_fd
);
1660 safe_close_pair(m
->user_lookup_fds
);
1662 manager_close_ask_password(m
);
1664 manager_close_idle_pipe(m
);
1666 sd_event_unref(m
->event
);
1668 free(m
->notify_socket
);
1670 lookup_paths_done(&m
->lookup_paths
);
1671 strv_free(m
->transient_environment
);
1672 strv_free(m
->client_environment
);
1674 hashmap_free(m
->cgroup_unit
);
1675 manager_free_unit_name_maps(m
);
1677 free(m
->switch_root
);
1678 free(m
->switch_root_init
);
1680 unit_defaults_done(&m
->defaults
);
1682 FOREACH_ARRAY(map
, m
->units_needing_mounts_for
, _UNIT_MOUNT_DEPENDENCY_TYPE_MAX
) {
1683 assert(hashmap_isempty(*map
));
1687 hashmap_free(m
->uid_refs
);
1688 hashmap_free(m
->gid_refs
);
1690 for (ExecDirectoryType dt
= 0; dt
< _EXEC_DIRECTORY_TYPE_MAX
; dt
++)
1691 m
->prefix
[dt
] = mfree(m
->prefix
[dt
]);
1692 free(m
->received_credentials_directory
);
1693 free(m
->received_encrypted_credentials_directory
);
1695 free(m
->watchdog_pretimeout_governor
);
1696 free(m
->watchdog_pretimeout_governor_overridden
);
1698 m
->fw_ctx
= fw_ctx_free(m
->fw_ctx
);
1701 bpf_restrict_fs_destroy(m
->restrict_fs
);
1704 safe_close(m
->executor_fd
);
1709 static void manager_enumerate_perpetual(Manager
*m
) {
1712 if (FLAGS_SET(m
->test_run_flags
, MANAGER_TEST_RUN_MINIMAL
))
1715 /* Let's ask every type to load all units from disk/kernel that it might know */
1716 for (UnitType c
= 0; c
< _UNIT_TYPE_MAX
; c
++) {
1717 if (!unit_type_supported(c
)) {
1718 log_debug("Unit type .%s is not supported on this system.", unit_type_to_string(c
));
1722 if (unit_vtable
[c
]->enumerate_perpetual
)
1723 unit_vtable
[c
]->enumerate_perpetual(m
);
1727 static void manager_enumerate(Manager
*m
) {
1730 if (FLAGS_SET(m
->test_run_flags
, MANAGER_TEST_RUN_MINIMAL
))
1733 /* Let's ask every type to load all units from disk/kernel that it might know */
1734 for (UnitType c
= 0; c
< _UNIT_TYPE_MAX
; c
++) {
1735 if (!unit_type_supported(c
)) {
1736 log_debug("Unit type .%s is not supported on this system.", unit_type_to_string(c
));
1740 if (unit_vtable
[c
]->enumerate
)
1741 unit_vtable
[c
]->enumerate(m
);
1744 manager_dispatch_load_queue(m
);
1747 static void manager_coldplug(Manager
*m
) {
1754 log_debug("Invoking unit coldplug() handlers%s", special_glyph(SPECIAL_GLYPH_ELLIPSIS
));
1756 /* Let's place the units back into their deserialized state */
1757 HASHMAP_FOREACH_KEY(u
, k
, m
->units
) {
1759 /* ignore aliases */
1763 r
= unit_coldplug(u
);
1765 log_warning_errno(r
, "We couldn't coldplug %s, proceeding anyway: %m", u
->id
);
1769 static void manager_catchup(Manager
*m
) {
1775 log_debug("Invoking unit catchup() handlers%s", special_glyph(SPECIAL_GLYPH_ELLIPSIS
));
1777 /* Let's catch up on any state changes that happened while we were reloading/reexecing */
1778 HASHMAP_FOREACH_KEY(u
, k
, m
->units
) {
1780 /* ignore aliases */
1788 static void manager_distribute_fds(Manager
*m
, FDSet
*fds
) {
1793 HASHMAP_FOREACH(u
, m
->units
) {
1795 if (fdset_isempty(fds
))
1798 if (!UNIT_VTABLE(u
)->distribute_fds
)
1801 UNIT_VTABLE(u
)->distribute_fds(u
, fds
);
1805 static bool manager_dbus_is_running(Manager
*m
, bool deserialized
) {
1810 /* This checks whether the dbus instance we are supposed to expose our APIs on is up. We check both the socket
1811 * and the service unit. If the 'deserialized' parameter is true we'll check the deserialized state of the unit
1812 * rather than the current one. */
1814 if (MANAGER_IS_TEST_RUN(m
))
1817 u
= manager_get_unit(m
, SPECIAL_DBUS_SOCKET
);
1820 if ((deserialized
? SOCKET(u
)->deserialized_state
: SOCKET(u
)->state
) != SOCKET_RUNNING
)
1823 u
= manager_get_unit(m
, SPECIAL_DBUS_SERVICE
);
1826 if (!IN_SET((deserialized
? SERVICE(u
)->deserialized_state
: SERVICE(u
)->state
),
1829 SERVICE_RELOAD_NOTIFY
,
1830 SERVICE_RELOAD_SIGNAL
))
1836 static void manager_setup_bus(Manager
*m
) {
1839 /* Let's set up our private bus connection now, unconditionally */
1840 (void) bus_init_private(m
);
1842 /* If we are in --user mode also connect to the system bus now */
1843 if (MANAGER_IS_USER(m
))
1844 (void) bus_init_system(m
);
1846 /* Let's connect to the bus now, but only if the unit is supposed to be up */
1847 if (manager_dbus_is_running(m
, MANAGER_IS_RELOADING(m
))) {
1848 (void) bus_init_api(m
);
1850 if (MANAGER_IS_SYSTEM(m
))
1851 (void) bus_init_system(m
);
1855 static void manager_preset_all(Manager
*m
) {
1860 if (m
->first_boot
<= 0)
1863 if (!MANAGER_IS_SYSTEM(m
))
1866 if (MANAGER_IS_TEST_RUN(m
))
1869 /* If this is the first boot, and we are in the host system, then preset everything */
1870 UnitFilePresetMode mode
=
1871 ENABLE_FIRST_BOOT_FULL_PRESET
? UNIT_FILE_PRESET_FULL
: UNIT_FILE_PRESET_ENABLE_ONLY
;
1873 r
= unit_file_preset_all(RUNTIME_SCOPE_SYSTEM
, 0, NULL
, mode
, NULL
, 0);
1875 log_full_errno(r
== -EEXIST
? LOG_NOTICE
: LOG_WARNING
, r
,
1876 "Failed to populate /etc with preset unit settings, ignoring: %m");
1878 log_info("Populated /etc with preset unit settings.");
1881 static void manager_ready(Manager
*m
) {
1884 /* After having loaded everything, do the final round of catching up with what might have changed */
1886 m
->objective
= MANAGER_OK
; /* Tell everyone we are up now */
1888 /* It might be safe to log to the journal now and connect to dbus */
1889 manager_recheck_journal(m
);
1890 manager_recheck_dbus(m
);
1892 /* Let's finally catch up with any changes that took place while we were reloading/reexecing */
1895 /* Create a file which will indicate when the manager started loading units the last time. */
1896 if (MANAGER_IS_SYSTEM(m
))
1897 (void) touch_file("/run/systemd/systemd-units-load", false,
1898 m
->timestamps
[MANAGER_TIMESTAMP_UNITS_LOAD
].realtime
?: now(CLOCK_REALTIME
),
1899 UID_INVALID
, GID_INVALID
, 0444);
1902 Manager
* manager_reloading_start(Manager
*m
) {
1904 dual_timestamp_now(m
->timestamps
+ MANAGER_TIMESTAMP_UNITS_LOAD
);
1908 void manager_reloading_stopp(Manager
**m
) {
1910 assert((*m
)->n_reloading
> 0);
1911 (*m
)->n_reloading
--;
1915 int manager_startup(Manager
*m
, FILE *serialization
, FDSet
*fds
, const char *root
) {
1920 /* If we are running in test mode, we still want to run the generators,
1921 * but we should not touch the real generator directories. */
1922 r
= lookup_paths_init_or_warn(&m
->lookup_paths
, m
->runtime_scope
,
1923 MANAGER_IS_TEST_RUN(m
) ? LOOKUP_PATHS_TEMPORARY_GENERATED
: 0,
1928 dual_timestamp_now(m
->timestamps
+ manager_timestamp_initrd_mangle(MANAGER_TIMESTAMP_GENERATORS_START
));
1929 r
= manager_run_environment_generators(m
);
1931 r
= manager_run_generators(m
);
1932 dual_timestamp_now(m
->timestamps
+ manager_timestamp_initrd_mangle(MANAGER_TIMESTAMP_GENERATORS_FINISH
));
1936 manager_preset_all(m
);
1938 lookup_paths_log(&m
->lookup_paths
);
1941 /* This block is (optionally) done with the reloading counter bumped */
1942 _unused_
_cleanup_(manager_reloading_stopp
) Manager
*reloading
= NULL
;
1944 /* Make sure we don't have a left-over from a previous run */
1946 (void) rm_rf(m
->lookup_paths
.transient
, 0);
1948 /* If we will deserialize make sure that during enumeration this is already known, so we increase the
1949 * counter here already */
1951 reloading
= manager_reloading_start(m
);
1953 /* First, enumerate what we can from all config files */
1954 dual_timestamp_now(m
->timestamps
+ manager_timestamp_initrd_mangle(MANAGER_TIMESTAMP_UNITS_LOAD_START
));
1955 manager_enumerate_perpetual(m
);
1956 manager_enumerate(m
);
1957 dual_timestamp_now(m
->timestamps
+ manager_timestamp_initrd_mangle(MANAGER_TIMESTAMP_UNITS_LOAD_FINISH
));
1959 /* Second, deserialize if there is something to deserialize */
1960 if (serialization
) {
1961 r
= manager_deserialize(m
, serialization
, fds
);
1963 return log_error_errno(r
, "Deserialization failed: %m");
1966 /* Any fds left? Find some unit which wants them. This is useful to allow container managers to pass
1967 * some file descriptors to us pre-initialized. This enables socket-based activation of entire
1969 manager_distribute_fds(m
, fds
);
1971 /* We might have deserialized the notify fd, but if we didn't then let's create the bus now */
1972 r
= manager_setup_notify(m
);
1974 /* No sense to continue without notifications, our children would fail anyway. */
1977 r
= manager_setup_cgroups_agent(m
);
1979 /* Likewise, no sense to continue without empty cgroup notifications. */
1982 r
= manager_setup_user_lookup_fd(m
);
1984 /* This shouldn't fail, except if things are really broken. */
1987 /* Connect to the bus if we are good for it */
1988 manager_setup_bus(m
);
1990 /* Now that we are connected to all possible buses, let's deserialize who is tracking us. */
1991 r
= bus_track_coldplug(m
, &m
->subscribed
, false, m
->deserialized_subscribed
);
1993 log_warning_errno(r
, "Failed to deserialized tracked clients, ignoring: %m");
1994 m
->deserialized_subscribed
= strv_free(m
->deserialized_subscribed
);
1996 r
= manager_varlink_init(m
);
1998 log_warning_errno(r
, "Failed to set up Varlink, ignoring: %m");
2000 /* Third, fire things up! */
2001 manager_coldplug(m
);
2003 /* Clean up runtime objects */
2007 /* Let's wait for the UnitNew/JobNew messages being sent, before we notify that the
2008 * reload is finished */
2009 m
->send_reloading_done
= true;
2014 manager_set_switching_root(m
, false);
2019 int manager_add_job(
2025 sd_bus_error
*error
,
2028 _cleanup_(transaction_abort_and_freep
) Transaction
*tr
= NULL
;
2032 assert(type
< _JOB_TYPE_MAX
);
2034 assert(mode
< _JOB_MODE_MAX
);
2036 if (mode
== JOB_ISOLATE
&& type
!= JOB_START
)
2037 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "Isolate is only valid for start.");
2039 if (mode
== JOB_ISOLATE
&& !unit
->allow_isolate
)
2040 return sd_bus_error_set(error
, BUS_ERROR_NO_ISOLATION
, "Operation refused, unit may not be isolated.");
2042 if (mode
== JOB_TRIGGERING
&& type
!= JOB_STOP
)
2043 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "--job-mode=triggering is only valid for stop.");
2045 if (mode
== JOB_RESTART_DEPENDENCIES
&& type
!= JOB_START
)
2046 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "--job-mode=restart-dependencies is only valid for start.");
2048 log_unit_debug(unit
, "Trying to enqueue job %s/%s/%s", unit
->id
, job_type_to_string(type
), job_mode_to_string(mode
));
2050 type
= job_type_collapse(type
, unit
);
2052 tr
= transaction_new(mode
== JOB_REPLACE_IRREVERSIBLY
);
2056 r
= transaction_add_job_and_dependencies(
2061 TRANSACTION_MATTERS
|
2062 (IN_SET(mode
, JOB_IGNORE_DEPENDENCIES
, JOB_IGNORE_REQUIREMENTS
) ? TRANSACTION_IGNORE_REQUIREMENTS
: 0) |
2063 (mode
== JOB_IGNORE_DEPENDENCIES
? TRANSACTION_IGNORE_ORDER
: 0) |
2064 (mode
== JOB_RESTART_DEPENDENCIES
? TRANSACTION_PROPAGATE_START_AS_RESTART
: 0),
2069 if (mode
== JOB_ISOLATE
) {
2070 r
= transaction_add_isolate_jobs(tr
, m
);
2075 if (mode
== JOB_TRIGGERING
) {
2076 r
= transaction_add_triggering_jobs(tr
, unit
);
2081 r
= transaction_activate(tr
, m
, mode
, affected_jobs
, error
);
2085 log_unit_debug(unit
,
2086 "Enqueued job %s/%s as %u", unit
->id
,
2087 job_type_to_string(type
), (unsigned) tr
->anchor_job
->id
);
2090 *ret
= tr
->anchor_job
;
2092 tr
= transaction_free(tr
);
2096 int manager_add_job_by_name(Manager
*m
, JobType type
, const char *name
, JobMode mode
, Set
*affected_jobs
, sd_bus_error
*e
, Job
**ret
) {
2097 Unit
*unit
= NULL
; /* just to appease gcc, initialization is not really necessary */
2101 assert(type
< _JOB_TYPE_MAX
);
2103 assert(mode
< _JOB_MODE_MAX
);
2105 r
= manager_load_unit(m
, name
, NULL
, NULL
, &unit
);
2110 return manager_add_job(m
, type
, unit
, mode
, affected_jobs
, e
, ret
);
2113 int manager_add_job_by_name_and_warn(Manager
*m
, JobType type
, const char *name
, JobMode mode
, Set
*affected_jobs
, Job
**ret
) {
2114 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2118 assert(type
< _JOB_TYPE_MAX
);
2120 assert(mode
< _JOB_MODE_MAX
);
2122 r
= manager_add_job_by_name(m
, type
, name
, mode
, affected_jobs
, &error
, ret
);
2124 return log_warning_errno(r
, "Failed to enqueue %s job for %s: %s", job_mode_to_string(mode
), name
, bus_error_message(&error
, r
));
2129 int manager_propagate_reload(Manager
*m
, Unit
*unit
, JobMode mode
, sd_bus_error
*e
) {
2131 _cleanup_(transaction_abort_and_freep
) Transaction
*tr
= NULL
;
2135 assert(mode
< _JOB_MODE_MAX
);
2136 assert(mode
!= JOB_ISOLATE
); /* Isolate is only valid for start */
2138 tr
= transaction_new(mode
== JOB_REPLACE_IRREVERSIBLY
);
2142 /* We need an anchor job */
2143 r
= transaction_add_job_and_dependencies(tr
, JOB_NOP
, unit
, NULL
, TRANSACTION_IGNORE_REQUIREMENTS
|TRANSACTION_IGNORE_ORDER
, e
);
2147 /* Failure in adding individual dependencies is ignored, so this always succeeds. */
2148 transaction_add_propagate_reload_jobs(
2152 mode
== JOB_IGNORE_DEPENDENCIES
? TRANSACTION_IGNORE_ORDER
: 0);
2154 r
= transaction_activate(tr
, m
, mode
, NULL
, e
);
2158 tr
= transaction_free(tr
);
2162 Job
*manager_get_job(Manager
*m
, uint32_t id
) {
2165 return hashmap_get(m
->jobs
, UINT32_TO_PTR(id
));
2168 Unit
*manager_get_unit(Manager
*m
, const char *name
) {
2172 return hashmap_get(m
->units
, name
);
2175 static int manager_dispatch_target_deps_queue(Manager
*m
) {
2181 while ((u
= LIST_POP(target_deps_queue
, m
->target_deps_queue
))) {
2182 _cleanup_free_ Unit
**targets
= NULL
;
2185 assert(u
->in_target_deps_queue
);
2187 u
->in_target_deps_queue
= false;
2189 /* Take an "atomic" snapshot of dependencies here, as the call below will likely modify the
2190 * dependencies, and we can't have it that hash tables we iterate through are modified while
2191 * we are iterating through them. */
2192 n_targets
= unit_get_dependency_array(u
, UNIT_ATOM_DEFAULT_TARGET_DEPENDENCIES
, &targets
);
2196 for (int i
= 0; i
< n_targets
; i
++) {
2197 r
= unit_add_default_target_dependency(u
, targets
[i
]);
2206 unsigned manager_dispatch_load_queue(Manager
*m
) {
2212 /* Make sure we are not run recursively */
2213 if (m
->dispatching_load_queue
)
2216 m
->dispatching_load_queue
= true;
2218 /* Dispatches the load queue. Takes a unit from the queue and
2219 * tries to load its data until the queue is empty */
2221 while ((u
= m
->load_queue
)) {
2222 assert(u
->in_load_queue
);
2228 m
->dispatching_load_queue
= false;
2230 /* Dispatch the units waiting for their target dependencies to be added now, as all targets that we know about
2231 * should be loaded and have aliases resolved */
2232 (void) manager_dispatch_target_deps_queue(m
);
2237 bool manager_unit_cache_should_retry_load(Unit
*u
) {
2240 /* Automatic reloading from disk only applies to units which were not found sometime in the past, and
2241 * the not-found stub is kept pinned in the unit graph by dependencies. For units that were
2242 * previously loaded, we don't do automatic reloading, and daemon-reload is necessary to update. */
2243 if (u
->load_state
!= UNIT_NOT_FOUND
)
2246 /* The cache has been updated since the last time we tried to load the unit. There might be new
2247 * fragment paths to read. */
2248 if (u
->manager
->unit_cache_timestamp_hash
!= u
->fragment_not_found_timestamp_hash
)
2251 /* The cache needs to be updated because there are modifications on disk. */
2252 return !lookup_paths_timestamp_hash_same(&u
->manager
->lookup_paths
, u
->manager
->unit_cache_timestamp_hash
, NULL
);
2255 int manager_load_unit_prepare(
2262 _cleanup_(unit_freep
) Unit
*cleanup_unit
= NULL
;
2263 _cleanup_free_
char *nbuf
= NULL
;
2268 assert(name
|| path
);
2270 /* This will prepare the unit for loading, but not actually load anything from disk. */
2272 if (path
&& !path_is_absolute(path
))
2273 return sd_bus_error_setf(e
, SD_BUS_ERROR_INVALID_ARGS
, "Path %s is not absolute.", path
);
2276 r
= path_extract_filename(path
, &nbuf
);
2279 if (r
== O_DIRECTORY
)
2280 return sd_bus_error_setf(e
, SD_BUS_ERROR_INVALID_ARGS
, "Path '%s' refers to directory, refusing.", path
);
2285 UnitType t
= unit_name_to_type(name
);
2287 if (t
== _UNIT_TYPE_INVALID
|| !unit_name_is_valid(name
, UNIT_NAME_PLAIN
|UNIT_NAME_INSTANCE
)) {
2288 if (unit_name_is_valid(name
, UNIT_NAME_TEMPLATE
))
2289 return sd_bus_error_setf(e
, SD_BUS_ERROR_INVALID_ARGS
, "Unit name %s is missing the instance name.", name
);
2291 return sd_bus_error_setf(e
, SD_BUS_ERROR_INVALID_ARGS
, "Unit name %s is not valid.", name
);
2294 Unit
*unit
= manager_get_unit(m
, name
);
2296 /* The time-based cache allows to start new units without daemon-reload,
2297 * but if they are already referenced (because of dependencies or ordering)
2298 * then we have to force a load of the fragment. As an optimization, check
2299 * first if anything in the usual paths was modified since the last time
2300 * the cache was loaded. Also check if the last time an attempt to load the
2301 * unit was made was before the most recent cache refresh, so that we know
2302 * we need to try again — even if the cache is current, it might have been
2303 * updated in a different context before we had a chance to retry loading
2304 * this particular unit. */
2305 if (manager_unit_cache_should_retry_load(unit
))
2306 unit
->load_state
= UNIT_STUB
;
2309 return 0; /* The unit was already loaded */
2312 unit
= cleanup_unit
= unit_new(m
, unit_vtable
[t
]->object_size
);
2318 r
= free_and_strdup(&unit
->fragment_path
, path
);
2323 r
= unit_add_name(unit
, name
);
2327 unit_add_to_load_queue(unit
);
2328 unit_add_to_dbus_queue(unit
);
2329 unit_add_to_gc_queue(unit
);
2332 TAKE_PTR(cleanup_unit
);
2334 return 1; /* The unit was added the load queue */
2337 int manager_load_unit(
2348 /* This will load the unit config, but not actually start any services or anything. */
2350 r
= manager_load_unit_prepare(m
, name
, path
, e
, ret
);
2354 /* Unit was newly loaded */
2355 manager_dispatch_load_queue(m
);
2356 *ret
= unit_follow_merge(*ret
);
2360 int manager_load_startable_unit_or_warn(
2366 /* Load a unit, make sure it loaded fully and is not masked. */
2368 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2372 r
= manager_load_unit(m
, name
, path
, &error
, &unit
);
2374 return log_error_errno(r
, "Failed to load %s %s: %s",
2375 name
? "unit" : "unit file", name
?: path
,
2376 bus_error_message(&error
, r
));
2378 r
= bus_unit_validate_load_state(unit
, &error
);
2380 return log_error_errno(r
, "%s", bus_error_message(&error
, r
));
2386 void manager_clear_jobs(Manager
*m
) {
2391 while ((j
= hashmap_first(m
->jobs
)))
2392 /* No need to recurse. We're cancelling all jobs. */
2393 job_finish_and_invalidate(j
, JOB_CANCELED
, false, false);
2396 void manager_unwatch_pidref(Manager
*m
, const PidRef
*pid
) {
2402 u
= manager_get_unit_by_pidref_watching(m
, pid
);
2406 unit_unwatch_pidref(u
, pid
);
2410 static int manager_dispatch_run_queue(sd_event_source
*source
, void *userdata
) {
2411 Manager
*m
= ASSERT_PTR(userdata
);
2416 while ((j
= prioq_peek(m
->run_queue
))) {
2417 assert(j
->installed
);
2418 assert(j
->in_run_queue
);
2420 (void) job_run_and_invalidate(j
);
2423 if (m
->n_running_jobs
> 0)
2424 manager_watch_jobs_in_progress(m
);
2426 if (m
->n_on_console
> 0)
2427 manager_watch_idle_pipe(m
);
2432 void manager_trigger_run_queue(Manager
*m
) {
2437 r
= sd_event_source_set_enabled(
2438 m
->run_queue_event_source
,
2439 prioq_isempty(m
->run_queue
) ? SD_EVENT_OFF
: SD_EVENT_ONESHOT
);
2441 log_warning_errno(r
, "Failed to enable job run queue event source, ignoring: %m");
2444 static unsigned manager_dispatch_dbus_queue(Manager
*m
) {
2445 unsigned n
= 0, budget
;
2451 /* When we are reloading, let's not wait with generating signals, since we need to exit the manager as quickly
2452 * as we can. There's no point in throttling generation of signals in that case. */
2453 if (MANAGER_IS_RELOADING(m
) || m
->send_reloading_done
|| m
->pending_reload_message
)
2454 budget
= UINT_MAX
; /* infinite budget in this case */
2456 /* Anything to do at all? */
2457 if (!m
->dbus_unit_queue
&& !m
->dbus_job_queue
)
2460 /* Do we have overly many messages queued at the moment? If so, let's not enqueue more on top, let's
2461 * sit this cycle out, and process things in a later cycle when the queues got a bit emptier. */
2462 if (manager_bus_n_queued_write(m
) > MANAGER_BUS_BUSY_THRESHOLD
)
2465 /* Only process a certain number of units/jobs per event loop iteration. Even if the bus queue wasn't
2466 * overly full before this call we shouldn't increase it in size too wildly in one step, and we
2467 * shouldn't monopolize CPU time with generating these messages. Note the difference in counting of
2468 * this "budget" and the "threshold" above: the "budget" is decreased only once per generated message,
2469 * regardless how many buses/direct connections it is enqueued on, while the "threshold" is applied to
2470 * each queued instance of bus message, i.e. if the same message is enqueued to five buses/direct
2471 * connections it will be counted five times. This difference in counting ("references"
2472 * vs. "instances") is primarily a result of the fact that it's easier to implement it this way,
2473 * however it also reflects the thinking that the "threshold" should put a limit on used queue memory,
2474 * i.e. space, while the "budget" should put a limit on time. Also note that the "threshold" is
2475 * currently chosen much higher than the "budget". */
2476 budget
= MANAGER_BUS_MESSAGE_BUDGET
;
2479 while (budget
!= 0 && (u
= m
->dbus_unit_queue
)) {
2481 assert(u
->in_dbus_queue
);
2483 bus_unit_send_change_signal(u
);
2486 if (budget
!= UINT_MAX
)
2490 while (budget
!= 0 && (j
= m
->dbus_job_queue
)) {
2491 assert(j
->in_dbus_queue
);
2493 bus_job_send_change_signal(j
);
2496 if (budget
!= UINT_MAX
)
2500 if (m
->send_reloading_done
) {
2501 m
->send_reloading_done
= false;
2502 bus_manager_send_reloading(m
, false);
2506 if (m
->pending_reload_message
) {
2507 bus_send_pending_reload_message(m
);
2514 static int manager_dispatch_cgroups_agent_fd(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
) {
2515 Manager
*m
= userdata
;
2519 n
= recv(fd
, buf
, sizeof(buf
), 0);
2521 return log_error_errno(errno
, "Failed to read cgroups agent message: %m");
2523 log_error("Got zero-length cgroups agent message, ignoring.");
2526 if ((size_t) n
>= sizeof(buf
)) {
2527 log_error("Got overly long cgroups agent message, ignoring.");
2531 if (memchr(buf
, 0, n
)) {
2532 log_error("Got cgroups agent message with embedded NUL byte, ignoring.");
2537 manager_notify_cgroup_empty(m
, buf
);
2538 (void) bus_forward_agent_released(m
, buf
);
2543 static bool manager_process_barrier_fd(char * const *tags
, FDSet
*fds
) {
2545 /* nothing else must be sent when using BARRIER=1 */
2546 if (strv_contains(tags
, "BARRIER=1")) {
2547 if (strv_length(tags
) != 1)
2548 log_warning("Extra notification messages sent with BARRIER=1, ignoring everything.");
2549 else if (fdset_size(fds
) != 1)
2550 log_warning("Got incorrect number of fds with BARRIER=1, closing them.");
2552 /* Drop the message if BARRIER=1 was found */
2559 static void manager_invoke_notify_message(
2562 const struct ucred
*ucred
,
2571 if (u
->notifygen
== m
->notifygen
) /* Already invoked on this same unit in this same iteration? */
2573 u
->notifygen
= m
->notifygen
;
2575 if (UNIT_VTABLE(u
)->notify_message
)
2576 UNIT_VTABLE(u
)->notify_message(u
, ucred
, tags
, fds
);
2578 else if (DEBUG_LOGGING
) {
2579 _cleanup_free_
char *buf
= NULL
, *x
= NULL
, *y
= NULL
;
2581 buf
= strv_join(tags
, ", ");
2583 x
= ellipsize(buf
, 20, 90);
2587 log_unit_debug(u
, "Got notification message \"%s\", ignoring.", strnull(y
));
2591 static int manager_dispatch_notify_fd(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
) {
2593 _cleanup_fdset_free_ FDSet
*fds
= NULL
;
2594 Manager
*m
= ASSERT_PTR(userdata
);
2595 char buf
[NOTIFY_BUFFER_MAX
+1];
2596 struct iovec iovec
= {
2598 .iov_len
= sizeof(buf
)-1,
2600 CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct ucred
)) +
2601 CMSG_SPACE(sizeof(int) * NOTIFY_FD_MAX
)) control
;
2602 struct msghdr msghdr
= {
2605 .msg_control
= &control
,
2606 .msg_controllen
= sizeof(control
),
2609 struct cmsghdr
*cmsg
;
2610 struct ucred
*ucred
= NULL
;
2611 _cleanup_free_ Unit
**array_copy
= NULL
;
2612 _cleanup_strv_free_
char **tags
= NULL
;
2613 Unit
*u1
, *u2
, **array
;
2614 int r
, *fd_array
= NULL
;
2619 assert(m
->notify_fd
== fd
);
2621 if (revents
!= EPOLLIN
) {
2622 log_warning("Got unexpected poll event for notify fd.");
2626 n
= recvmsg_safe(m
->notify_fd
, &msghdr
, MSG_DONTWAIT
|MSG_CMSG_CLOEXEC
|MSG_TRUNC
);
2627 if (ERRNO_IS_NEG_TRANSIENT(n
))
2628 return 0; /* Spurious wakeup, try again */
2630 log_warning("Got message with truncated control data (too many fds sent?), ignoring.");
2634 /* If this is any other, real error, then stop processing this socket. This of course means
2635 * we won't take notification messages anymore, but that's still better than busy looping:
2636 * being woken up over and over again, but being unable to actually read the message from the
2638 return log_error_errno(n
, "Failed to receive notification message: %m");
2640 CMSG_FOREACH(cmsg
, &msghdr
)
2641 if (cmsg
->cmsg_level
== SOL_SOCKET
&& cmsg
->cmsg_type
== SCM_RIGHTS
) {
2644 fd_array
= CMSG_TYPED_DATA(cmsg
, int);
2645 n_fds
= (cmsg
->cmsg_len
- CMSG_LEN(0)) / sizeof(int);
2647 } else if (cmsg
->cmsg_level
== SOL_SOCKET
&&
2648 cmsg
->cmsg_type
== SCM_CREDENTIALS
&&
2649 cmsg
->cmsg_len
== CMSG_LEN(sizeof(struct ucred
))) {
2652 ucred
= CMSG_TYPED_DATA(cmsg
, struct ucred
);
2658 r
= fdset_new_array(&fds
, fd_array
, n_fds
);
2660 close_many(fd_array
, n_fds
);
2666 if (!ucred
|| !pid_is_valid(ucred
->pid
)) {
2667 log_warning("Received notify message without valid credentials. Ignoring.");
2671 if ((size_t) n
>= sizeof(buf
) || (msghdr
.msg_flags
& MSG_TRUNC
)) {
2672 log_warning("Received notify message exceeded maximum size. Ignoring.");
2676 /* As extra safety check, let's make sure the string we get doesn't contain embedded NUL bytes.
2677 * We permit one trailing NUL byte in the message, but don't expect it. */
2678 if (n
> 1 && memchr(buf
, 0, n
-1)) {
2679 log_warning("Received notify message with embedded NUL bytes. Ignoring.");
2683 /* Make sure it's NUL-terminated, then parse it to obtain the tags list. */
2685 tags
= strv_split_newlines(buf
);
2691 /* Possibly a barrier fd, let's see. */
2692 if (manager_process_barrier_fd(tags
, fds
)) {
2693 log_debug("Received barrier notification message from PID " PID_FMT
".", ucred
->pid
);
2697 /* Increase the generation counter used for filtering out duplicate unit invocations. */
2700 /* Generate lookup key from the PID (we have no pidfd here, after all) */
2701 PidRef pidref
= PIDREF_MAKE_FROM_PID(ucred
->pid
);
2703 /* Notify every unit that might be interested, which might be multiple. */
2704 u1
= manager_get_unit_by_pidref_cgroup(m
, &pidref
);
2705 u2
= hashmap_get(m
->watch_pids
, &pidref
);
2706 array
= hashmap_get(m
->watch_pids_more
, &pidref
);
2713 array_copy
= newdup(Unit
*, array
, k
+1);
2717 /* And now invoke the per-unit callbacks. Note that manager_invoke_notify_message() will handle
2718 * duplicate units make sure we only invoke each unit's handler once. */
2720 manager_invoke_notify_message(m
, u1
, ucred
, tags
, fds
);
2724 manager_invoke_notify_message(m
, u2
, ucred
, tags
, fds
);
2728 for (size_t i
= 0; array_copy
[i
]; i
++) {
2729 manager_invoke_notify_message(m
, array_copy
[i
], ucred
, tags
, fds
);
2734 log_warning("Cannot find unit for notify message of PID "PID_FMT
", ignoring.", ucred
->pid
);
2736 if (!fdset_isempty(fds
))
2737 log_warning("Got extra auxiliary fds with notification message, closing them.");
2742 static void manager_invoke_sigchld_event(
2745 const siginfo_t
*si
) {
2751 /* Already invoked the handler of this unit in this iteration? Then don't process this again */
2752 if (u
->sigchldgen
== m
->sigchldgen
)
2754 u
->sigchldgen
= m
->sigchldgen
;
2756 log_unit_debug(u
, "Child "PID_FMT
" belongs to %s.", si
->si_pid
, u
->id
);
2757 unit_unwatch_pid(u
, si
->si_pid
);
2759 if (UNIT_VTABLE(u
)->sigchld_event
)
2760 UNIT_VTABLE(u
)->sigchld_event(u
, si
->si_pid
, si
->si_code
, si
->si_status
);
2763 static int manager_dispatch_sigchld(sd_event_source
*source
, void *userdata
) {
2764 Manager
*m
= ASSERT_PTR(userdata
);
2770 /* First we call waitid() for a PID and do not reap the zombie. That way we can still access
2771 * /proc/$PID for it while it is a zombie. */
2773 if (waitid(P_ALL
, 0, &si
, WEXITED
|WNOHANG
|WNOWAIT
) < 0) {
2775 if (errno
!= ECHILD
)
2776 log_error_errno(errno
, "Failed to peek for child with waitid(), ignoring: %m");
2784 if (IN_SET(si
.si_code
, CLD_EXITED
, CLD_KILLED
, CLD_DUMPED
)) {
2785 _cleanup_free_ Unit
**array_copy
= NULL
;
2786 _cleanup_free_
char *name
= NULL
;
2787 Unit
*u1
, *u2
, **array
;
2789 (void) pid_get_comm(si
.si_pid
, &name
);
2791 log_debug("Child "PID_FMT
" (%s) died (code=%s, status=%i/%s)",
2792 si
.si_pid
, strna(name
),
2793 sigchld_code_to_string(si
.si_code
),
2795 strna(si
.si_code
== CLD_EXITED
2796 ? exit_status_to_string(si
.si_status
, EXIT_STATUS_FULL
)
2797 : signal_to_string(si
.si_status
)));
2799 /* Increase the generation counter used for filtering out duplicate unit invocations */
2802 /* We look this up by a PidRef that only consists of the PID. After all we couldn't create a
2803 * pidfd here any more even if we wanted (since the process just exited). */
2804 PidRef pidref
= PIDREF_MAKE_FROM_PID(si
.si_pid
);
2806 /* And now figure out the unit this belongs to, it might be multiple... */
2807 u1
= manager_get_unit_by_pidref_cgroup(m
, &pidref
);
2808 u2
= hashmap_get(m
->watch_pids
, &pidref
);
2809 array
= hashmap_get(m
->watch_pids_more
, &pidref
);
2813 /* Count how many entries the array has */
2817 /* Make a copy of the array so that we don't trip up on the array changing beneath us */
2818 array_copy
= newdup(Unit
*, array
, n
+1);
2823 /* Finally, execute them all. Note that u1, u2 and the array might contain duplicates, but
2824 * that's fine, manager_invoke_sigchld_event() will ensure we only invoke the handlers once for
2825 * each iteration. */
2827 /* We check for oom condition, in case we got SIGCHLD before the oom notification.
2828 * We only do this for the cgroup the PID belonged to. */
2829 (void) unit_check_oom(u1
);
2831 /* We check if systemd-oomd performed a kill so that we log and notify appropriately */
2832 (void) unit_check_oomd_kill(u1
);
2834 manager_invoke_sigchld_event(m
, u1
, &si
);
2837 manager_invoke_sigchld_event(m
, u2
, &si
);
2839 for (size_t i
= 0; array_copy
[i
]; i
++)
2840 manager_invoke_sigchld_event(m
, array_copy
[i
], &si
);
2843 /* And now, we actually reap the zombie. */
2844 if (waitid(P_PID
, si
.si_pid
, &si
, WEXITED
) < 0) {
2845 log_error_errno(errno
, "Failed to dequeue child, ignoring: %m");
2852 /* All children processed for now, turn off event source */
2854 r
= sd_event_source_set_enabled(m
->sigchld_event_source
, SD_EVENT_OFF
);
2856 return log_error_errno(r
, "Failed to disable SIGCHLD event source: %m");
2861 static void manager_start_special(Manager
*m
, const char *name
, JobMode mode
) {
2864 if (manager_add_job_by_name_and_warn(m
, JOB_START
, name
, mode
, NULL
, &job
) < 0)
2867 const char *s
= unit_status_string(job
->unit
, NULL
);
2869 log_info("Activating special unit %s...", s
);
2871 (void) sd_notifyf(/* unset_environment= */ false,
2872 "STATUS=Activating special unit %s...", s
);
2873 m
->status_ready
= false;
2876 static void manager_handle_ctrl_alt_del(Manager
*m
) {
2877 /* If the user presses C-A-D more than
2878 * 7 times within 2s, we reboot/shutdown immediately,
2879 * unless it was disabled in system.conf */
2881 if (ratelimit_below(&m
->ctrl_alt_del_ratelimit
) || m
->cad_burst_action
== EMERGENCY_ACTION_NONE
)
2882 manager_start_special(m
, SPECIAL_CTRL_ALT_DEL_TARGET
, JOB_REPLACE_IRREVERSIBLY
);
2884 emergency_action(m
, m
->cad_burst_action
, EMERGENCY_ACTION_WARN
, NULL
, -1,
2885 "Ctrl-Alt-Del was pressed more than 7 times within 2s");
2888 static int manager_dispatch_signal_fd(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
) {
2889 Manager
*m
= ASSERT_PTR(userdata
);
2891 struct signalfd_siginfo sfsi
;
2894 assert(m
->signal_fd
== fd
);
2896 if (revents
!= EPOLLIN
) {
2897 log_warning("Got unexpected events from signal file descriptor.");
2901 n
= read(m
->signal_fd
, &sfsi
, sizeof(sfsi
));
2903 if (ERRNO_IS_TRANSIENT(errno
))
2906 /* We return an error here, which will kill this handler,
2907 * to avoid a busy loop on read error. */
2908 return log_error_errno(errno
, "Reading from signal fd failed: %m");
2910 if (n
!= sizeof(sfsi
)) {
2911 log_warning("Truncated read from signal fd (%zi bytes), ignoring!", n
);
2915 log_received_signal(sfsi
.ssi_signo
== SIGCHLD
||
2916 (sfsi
.ssi_signo
== SIGTERM
&& MANAGER_IS_USER(m
))
2917 ? LOG_DEBUG
: LOG_INFO
,
2920 switch (sfsi
.ssi_signo
) {
2923 r
= sd_event_source_set_enabled(m
->sigchld_event_source
, SD_EVENT_ON
);
2925 log_warning_errno(r
, "Failed to enable SIGCHLD event source, ignoring: %m");
2930 if (MANAGER_IS_SYSTEM(m
)) {
2931 /* This is for compatibility with the original sysvinit */
2932 if (verify_run_space_and_log("Refusing to reexecute") < 0)
2935 m
->objective
= MANAGER_REEXECUTE
;
2941 if (MANAGER_IS_SYSTEM(m
))
2942 manager_handle_ctrl_alt_del(m
);
2944 manager_start_special(m
, SPECIAL_EXIT_TARGET
, JOB_REPLACE_IRREVERSIBLY
);
2948 /* This is a nop on non-init */
2949 if (MANAGER_IS_SYSTEM(m
))
2950 manager_start_special(m
, SPECIAL_KBREQUEST_TARGET
, JOB_REPLACE
);
2955 /* This is a nop on non-init */
2956 if (MANAGER_IS_SYSTEM(m
))
2957 manager_start_special(m
, SPECIAL_SIGPWR_TARGET
, JOB_REPLACE
);
2962 if (manager_dbus_is_running(m
, false)) {
2963 log_info("Trying to reconnect to bus...");
2965 (void) bus_init_api(m
);
2967 if (MANAGER_IS_SYSTEM(m
))
2968 (void) bus_init_system(m
);
2970 manager_start_special(m
, SPECIAL_DBUS_SERVICE
, JOB_REPLACE
);
2975 _cleanup_free_
char *dump
= NULL
;
2977 r
= manager_get_dump_string(m
, /* patterns= */ NULL
, &dump
);
2979 log_warning_errno(errno
, "Failed to acquire manager dump: %m");
2983 log_dump(LOG_INFO
, dump
);
2988 if (verify_run_space_and_log("Refusing to reload") < 0)
2991 m
->objective
= MANAGER_RELOAD
;
2996 /* Starting SIGRTMIN+0 */
2997 static const struct {
3000 } target_table
[] = {
3001 [0] = { SPECIAL_DEFAULT_TARGET
, JOB_ISOLATE
},
3002 [1] = { SPECIAL_RESCUE_TARGET
, JOB_ISOLATE
},
3003 [2] = { SPECIAL_EMERGENCY_TARGET
, JOB_ISOLATE
},
3004 [3] = { SPECIAL_HALT_TARGET
, JOB_REPLACE_IRREVERSIBLY
},
3005 [4] = { SPECIAL_POWEROFF_TARGET
, JOB_REPLACE_IRREVERSIBLY
},
3006 [5] = { SPECIAL_REBOOT_TARGET
, JOB_REPLACE_IRREVERSIBLY
},
3007 [6] = { SPECIAL_KEXEC_TARGET
, JOB_REPLACE_IRREVERSIBLY
},
3008 [7] = { SPECIAL_SOFT_REBOOT_TARGET
, JOB_REPLACE_IRREVERSIBLY
},
3011 /* Starting SIGRTMIN+13, so that target halt and system halt are 10 apart */
3012 static const ManagerObjective objective_table
[] = {
3014 [1] = MANAGER_POWEROFF
,
3015 [2] = MANAGER_REBOOT
,
3016 [3] = MANAGER_KEXEC
,
3017 [4] = MANAGER_SOFT_REBOOT
,
3020 if ((int) sfsi
.ssi_signo
>= SIGRTMIN
+0 &&
3021 (int) sfsi
.ssi_signo
< SIGRTMIN
+(int) ELEMENTSOF(target_table
)) {
3022 int idx
= (int) sfsi
.ssi_signo
- SIGRTMIN
;
3023 manager_start_special(m
, target_table
[idx
].target
, target_table
[idx
].mode
);
3027 if ((int) sfsi
.ssi_signo
>= SIGRTMIN
+13 &&
3028 (int) sfsi
.ssi_signo
< SIGRTMIN
+13+(int) ELEMENTSOF(objective_table
)) {
3029 m
->objective
= objective_table
[sfsi
.ssi_signo
- SIGRTMIN
- 13];
3033 switch (sfsi
.ssi_signo
- SIGRTMIN
) {
3036 bool generic
= false;
3038 if (sfsi
.ssi_code
!= SI_QUEUE
)
3041 /* Override a few select commands by our own PID1-specific logic */
3043 switch (sfsi
.ssi_int
) {
3045 case _COMMON_SIGNAL_COMMAND_LOG_LEVEL_BASE
..._COMMON_SIGNAL_COMMAND_LOG_LEVEL_END
:
3046 manager_override_log_level(m
, sfsi
.ssi_int
- _COMMON_SIGNAL_COMMAND_LOG_LEVEL_BASE
);
3049 case COMMON_SIGNAL_COMMAND_CONSOLE
:
3050 manager_override_log_target(m
, LOG_TARGET_CONSOLE
);
3053 case COMMON_SIGNAL_COMMAND_JOURNAL
:
3054 manager_override_log_target(m
, LOG_TARGET_JOURNAL
);
3057 case COMMON_SIGNAL_COMMAND_KMSG
:
3058 manager_override_log_target(m
, LOG_TARGET_KMSG
);
3061 case COMMON_SIGNAL_COMMAND_NULL
:
3062 manager_override_log_target(m
, LOG_TARGET_NULL
);
3065 case MANAGER_SIGNAL_COMMAND_DUMP_JOBS
: {
3066 _cleanup_free_
char *dump_jobs
= NULL
;
3068 r
= manager_get_dump_jobs_string(m
, /* patterns= */ NULL
, " ", &dump_jobs
);
3070 log_warning_errno(errno
, "Failed to acquire manager jobs dump: %m");
3074 log_dump(LOG_INFO
, dump_jobs
);
3084 return sigrtmin18_handler(source
, &sfsi
, NULL
);
3090 manager_override_show_status(m
, SHOW_STATUS_YES
, "signal");
3094 manager_override_show_status(m
, SHOW_STATUS_NO
, "signal");
3098 manager_override_log_level(m
, LOG_DEBUG
);
3102 manager_restore_original_log_level(m
);
3106 if (MANAGER_IS_USER(m
)) {
3107 m
->objective
= MANAGER_EXIT
;
3111 /* This is a nop on init */
3115 m
->objective
= MANAGER_REEXECUTE
;
3119 case 29: /* compatibility: used to be mapped to LOG_TARGET_SYSLOG_OR_KMSG */
3120 manager_restore_original_log_target(m
);
3124 manager_override_log_target(m
, LOG_TARGET_CONSOLE
);
3128 manager_override_log_target(m
, LOG_TARGET_KMSG
);
3132 log_warning("Got unhandled signal <%s>.", signal_to_string(sfsi
.ssi_signo
));
3139 static int manager_dispatch_time_change_fd(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
) {
3140 Manager
*m
= ASSERT_PTR(userdata
);
3143 log_struct(LOG_DEBUG
,
3144 "MESSAGE_ID=" SD_MESSAGE_TIME_CHANGE_STR
,
3145 LOG_MESSAGE("Time has been changed"));
3147 /* Restart the watch */
3148 (void) manager_setup_time_change(m
);
3150 HASHMAP_FOREACH(u
, m
->units
)
3151 if (UNIT_VTABLE(u
)->time_change
)
3152 UNIT_VTABLE(u
)->time_change(u
);
3157 static int manager_dispatch_timezone_change(
3158 sd_event_source
*source
,
3159 const struct inotify_event
*e
,
3162 Manager
*m
= ASSERT_PTR(userdata
);
3166 log_debug("inotify event for /etc/localtime");
3168 changed
= manager_read_timezone_stat(m
);
3172 /* Something changed, restart the watch, to ensure we watch the new /etc/localtime if it changed */
3173 (void) manager_setup_timezone_change(m
);
3175 /* Read the new timezone */
3178 log_debug("Timezone has been changed (now: %s).", tzname
[daylight
]);
3180 HASHMAP_FOREACH(u
, m
->units
)
3181 if (UNIT_VTABLE(u
)->timezone_change
)
3182 UNIT_VTABLE(u
)->timezone_change(u
);
3187 static int manager_dispatch_idle_pipe_fd(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
) {
3188 Manager
*m
= ASSERT_PTR(userdata
);
3190 assert(m
->idle_pipe
[2] == fd
);
3192 /* There's at least one Type=idle child that just gave up on us waiting for the boot process to
3193 * complete. Let's now turn off any further console output if there's at least one service that needs
3194 * console access, so that from now on our own output should not spill into that service's output
3195 * anymore. After all, we support Type=idle only to beautify console output and it generally is set
3196 * on services that want to own the console exclusively without our interference. */
3197 m
->no_console_output
= m
->n_on_console
> 0;
3199 /* Acknowledge the child's request, and let all other children know too that they shouldn't wait
3200 * any longer by closing the pipes towards them, which is what they are waiting for. */
3201 manager_close_idle_pipe(m
);
3206 static int manager_dispatch_jobs_in_progress(sd_event_source
*source
, usec_t usec
, void *userdata
) {
3207 Manager
*m
= ASSERT_PTR(userdata
);
3212 manager_print_jobs_in_progress(m
);
3214 r
= sd_event_source_set_time_relative(source
, JOBS_IN_PROGRESS_PERIOD_USEC
);
3218 return sd_event_source_set_enabled(source
, SD_EVENT_ONESHOT
);
3221 int manager_loop(Manager
*m
) {
3222 RateLimit rl
= { .interval
= 1*USEC_PER_SEC
, .burst
= 50000 };
3226 assert(m
->objective
== MANAGER_OK
); /* Ensure manager_startup() has been called */
3228 manager_check_finished(m
);
3230 /* There might still be some zombies hanging around from before we were exec()'ed. Let's reap them. */
3231 r
= sd_event_source_set_enabled(m
->sigchld_event_source
, SD_EVENT_ON
);
3233 return log_error_errno(r
, "Failed to enable SIGCHLD event source: %m");
3235 while (m
->objective
== MANAGER_OK
) {
3237 (void) watchdog_ping();
3239 if (!ratelimit_below(&rl
)) {
3240 /* Yay, something is going seriously wrong, pause a little */
3241 log_warning("Looping too fast. Throttling execution a little.");
3245 if (manager_dispatch_load_queue(m
) > 0)
3248 if (manager_dispatch_gc_job_queue(m
) > 0)
3251 if (manager_dispatch_gc_unit_queue(m
) > 0)
3254 if (manager_dispatch_cleanup_queue(m
) > 0)
3257 if (manager_dispatch_cgroup_realize_queue(m
) > 0)
3260 if (manager_dispatch_start_when_upheld_queue(m
) > 0)
3263 if (manager_dispatch_stop_when_bound_queue(m
) > 0)
3266 if (manager_dispatch_stop_when_unneeded_queue(m
) > 0)
3269 if (manager_dispatch_release_resources_queue(m
) > 0)
3272 if (manager_dispatch_dbus_queue(m
) > 0)
3275 /* Sleep for watchdog runtime wait time */
3276 r
= sd_event_run(m
->event
, watchdog_runtime_wait());
3278 return log_error_errno(r
, "Failed to run event loop: %m");
3281 return m
->objective
;
3284 int manager_load_unit_from_dbus_path(Manager
*m
, const char *s
, sd_bus_error
*e
, Unit
**_u
) {
3285 _cleanup_free_
char *n
= NULL
;
3286 sd_id128_t invocation_id
;
3294 r
= unit_name_from_dbus_path(s
, &n
);
3298 /* Permit addressing units by invocation ID: if the passed bus path is suffixed by a 128-bit ID then
3299 * we use it as invocation ID. */
3300 r
= sd_id128_from_string(n
, &invocation_id
);
3302 u
= hashmap_get(m
->units_by_invocation_id
, &invocation_id
);
3308 return sd_bus_error_setf(e
, BUS_ERROR_NO_UNIT_FOR_INVOCATION_ID
,
3309 "No unit with the specified invocation ID " SD_ID128_FORMAT_STR
" known.",
3310 SD_ID128_FORMAT_VAL(invocation_id
));
3313 /* If this didn't work, we check if this is a unit name */
3314 if (!unit_name_is_valid(n
, UNIT_NAME_PLAIN
|UNIT_NAME_INSTANCE
)) {
3315 _cleanup_free_
char *nn
= NULL
;
3318 return sd_bus_error_setf(e
, SD_BUS_ERROR_INVALID_ARGS
,
3319 "Unit name %s is neither a valid invocation ID nor unit name.", strnull(nn
));
3322 r
= manager_load_unit(m
, n
, NULL
, e
, &u
);
3330 int manager_get_job_from_dbus_path(Manager
*m
, const char *s
, Job
**_j
) {
3340 p
= startswith(s
, "/org/freedesktop/systemd1/job/");
3344 r
= safe_atou(p
, &id
);
3348 j
= manager_get_job(m
, id
);
3357 void manager_send_unit_audit(Manager
*m
, Unit
*u
, int type
, bool success
) {
3360 _cleanup_free_
char *p
= NULL
;
3367 if (!MANAGER_IS_SYSTEM(m
))
3370 /* Don't generate audit events if the service was already started and we're just deserializing */
3371 if (MANAGER_IS_RELOADING(m
))
3374 audit_fd
= get_audit_fd();
3378 r
= unit_name_to_prefix_and_instance(u
->id
, &p
);
3380 log_warning_errno(r
, "Failed to extract prefix and instance of unit name, ignoring: %m");
3384 msg
= strjoina("unit=", p
);
3385 if (audit_log_user_comm_message(audit_fd
, type
, msg
, "systemd", NULL
, NULL
, NULL
, success
) < 0) {
3386 if (ERRNO_IS_PRIVILEGE(errno
)) {
3387 /* We aren't allowed to send audit messages? Then let's not retry again. */
3388 log_debug_errno(errno
, "Failed to send audit message, closing audit socket: %m");
3391 log_warning_errno(errno
, "Failed to send audit message, ignoring: %m");
3396 void manager_send_unit_plymouth(Manager
*m
, Unit
*u
) {
3397 _cleanup_free_
char *message
= NULL
;
3403 if (!MANAGER_IS_SYSTEM(m
))
3406 /* Don't generate plymouth events if the service was already started and we're just deserializing */
3407 if (MANAGER_IS_RELOADING(m
))
3410 if (detect_container() > 0)
3413 if (!UNIT_VTABLE(u
)->notify_plymouth
)
3416 c
= asprintf(&message
, "U\x02%c%s%c", (int) (strlen(u
->id
) + 1), u
->id
, '\x00');
3418 return (void) log_oom();
3420 /* We set SOCK_NONBLOCK here so that we rather drop the message then wait for plymouth */
3421 r
= plymouth_send_raw(message
, c
, SOCK_NONBLOCK
);
3423 log_full_errno(ERRNO_IS_NO_PLYMOUTH(r
) ? LOG_DEBUG
: LOG_WARNING
, r
,
3424 "Failed to communicate with plymouth: %m");
3427 void manager_send_unit_supervisor(Manager
*m
, Unit
*u
, bool active
) {
3431 /* Notify a "supervisor" process about our progress, i.e. a container manager, hypervisor, or
3432 * surrounding service manager. */
3434 if (MANAGER_IS_RELOADING(m
))
3437 if (!UNIT_VTABLE(u
)->notify_supervisor
)
3440 if (in_initrd()) /* Only send these once we left the initrd */
3443 (void) sd_notifyf(/* unset_environment= */ false,
3444 active
? "X_SYSTEMD_UNIT_ACTIVE=%s" : "X_SYSTEMD_UNIT_INACTIVE=%s",
3448 usec_t
manager_get_watchdog(Manager
*m
, WatchdogType t
) {
3451 if (MANAGER_IS_USER(m
))
3452 return USEC_INFINITY
;
3454 if (m
->watchdog_overridden
[t
] != USEC_INFINITY
)
3455 return m
->watchdog_overridden
[t
];
3457 return m
->watchdog
[t
];
3460 void manager_set_watchdog(Manager
*m
, WatchdogType t
, usec_t timeout
) {
3464 if (MANAGER_IS_USER(m
))
3467 if (m
->watchdog
[t
] == timeout
)
3470 if (m
->watchdog_overridden
[t
] == USEC_INFINITY
) {
3471 if (t
== WATCHDOG_RUNTIME
)
3472 (void) watchdog_setup(timeout
);
3473 else if (t
== WATCHDOG_PRETIMEOUT
)
3474 (void) watchdog_setup_pretimeout(timeout
);
3477 m
->watchdog
[t
] = timeout
;
3480 void manager_override_watchdog(Manager
*m
, WatchdogType t
, usec_t timeout
) {
3485 if (MANAGER_IS_USER(m
))
3488 if (m
->watchdog_overridden
[t
] == timeout
)
3491 usec
= timeout
== USEC_INFINITY
? m
->watchdog
[t
] : timeout
;
3492 if (t
== WATCHDOG_RUNTIME
)
3493 (void) watchdog_setup(usec
);
3494 else if (t
== WATCHDOG_PRETIMEOUT
)
3495 (void) watchdog_setup_pretimeout(usec
);
3497 m
->watchdog_overridden
[t
] = timeout
;
3500 int manager_set_watchdog_pretimeout_governor(Manager
*m
, const char *governor
) {
3501 _cleanup_free_
char *p
= NULL
;
3506 if (MANAGER_IS_USER(m
))
3509 if (streq_ptr(m
->watchdog_pretimeout_governor
, governor
))
3512 p
= strdup(governor
);
3516 r
= watchdog_setup_pretimeout_governor(governor
);
3520 return free_and_replace(m
->watchdog_pretimeout_governor
, p
);
3523 int manager_override_watchdog_pretimeout_governor(Manager
*m
, const char *governor
) {
3524 _cleanup_free_
char *p
= NULL
;
3529 if (MANAGER_IS_USER(m
))
3532 if (streq_ptr(m
->watchdog_pretimeout_governor_overridden
, governor
))
3535 p
= strdup(governor
);
3539 r
= watchdog_setup_pretimeout_governor(governor
);
3543 return free_and_replace(m
->watchdog_pretimeout_governor_overridden
, p
);
3546 int manager_reload(Manager
*m
) {
3547 _unused_
_cleanup_(manager_reloading_stopp
) Manager
*reloading
= NULL
;
3548 _cleanup_fdset_free_ FDSet
*fds
= NULL
;
3549 _cleanup_fclose_
FILE *f
= NULL
;
3554 r
= manager_open_serialization(m
, &f
);
3556 return log_error_errno(r
, "Failed to create serialization file: %m");
3562 /* We are officially in reload mode from here on. */
3563 reloading
= manager_reloading_start(m
);
3565 r
= manager_serialize(m
, f
, fds
, false);
3569 if (fseeko(f
, 0, SEEK_SET
) < 0)
3570 return log_error_errno(errno
, "Failed to seek to beginning of serialization: %m");
3572 /* 💀 This is the point of no return, from here on there is no way back. 💀 */
3575 bus_manager_send_reloading(m
, true);
3577 /* Start by flushing out all jobs and units, all generated units, all runtime environments, all dynamic users
3578 * and everything else that is worth flushing out. We'll get it all back from the serialization — if we need
3581 manager_clear_jobs_and_units(m
);
3582 lookup_paths_flush_generator(&m
->lookup_paths
);
3583 lookup_paths_done(&m
->lookup_paths
);
3584 exec_shared_runtime_vacuum(m
);
3585 dynamic_user_vacuum(m
, false);
3586 m
->uid_refs
= hashmap_free(m
->uid_refs
);
3587 m
->gid_refs
= hashmap_free(m
->gid_refs
);
3589 r
= lookup_paths_init_or_warn(&m
->lookup_paths
, m
->runtime_scope
, 0, NULL
);
3593 (void) manager_run_environment_generators(m
);
3594 (void) manager_run_generators(m
);
3596 lookup_paths_log(&m
->lookup_paths
);
3598 /* We flushed out generated files, for which we don't watch mtime, so we should flush the old map. */
3599 manager_free_unit_name_maps(m
);
3600 m
->unit_file_state_outdated
= false;
3602 /* First, enumerate what we can from kernel and suchlike */
3603 manager_enumerate_perpetual(m
);
3604 manager_enumerate(m
);
3606 /* Second, deserialize our stored data */
3607 r
= manager_deserialize(m
, f
, fds
);
3609 log_warning_errno(r
, "Deserialization failed, proceeding anyway: %m");
3611 /* We don't need the serialization anymore */
3614 /* Re-register notify_fd as event source, and set up other sockets/communication channels we might need */
3615 (void) manager_setup_notify(m
);
3616 (void) manager_setup_cgroups_agent(m
);
3617 (void) manager_setup_user_lookup_fd(m
);
3619 /* Third, fire things up! */
3620 manager_coldplug(m
);
3622 /* Clean up runtime objects no longer referenced */
3625 /* Clean up deserialized tracked clients */
3626 m
->deserialized_subscribed
= strv_free(m
->deserialized_subscribed
);
3628 /* Consider the reload process complete now. */
3629 assert(m
->n_reloading
> 0);
3634 m
->send_reloading_done
= true;
3638 void manager_reset_failed(Manager
*m
) {
3643 HASHMAP_FOREACH(u
, m
->units
)
3644 unit_reset_failed(u
);
3647 bool manager_unit_inactive_or_pending(Manager
*m
, const char *name
) {
3653 /* Returns true if the unit is inactive or going down */
3654 u
= manager_get_unit(m
, name
);
3658 return unit_inactive_or_pending(u
);
3661 static void log_taint_string(Manager
*m
) {
3662 _cleanup_free_
char *taint
= NULL
;
3666 if (MANAGER_IS_USER(m
) || m
->taint_logged
)
3669 m
->taint_logged
= true; /* only check for taint once */
3671 taint
= manager_taint_string(m
);
3675 log_struct(LOG_NOTICE
,
3676 LOG_MESSAGE("System is tainted: %s", taint
),
3678 "MESSAGE_ID=" SD_MESSAGE_TAINTED_STR
);
3681 static void manager_notify_finished(Manager
*m
) {
3682 usec_t firmware_usec
, loader_usec
, kernel_usec
, initrd_usec
, userspace_usec
, total_usec
;
3684 if (MANAGER_IS_TEST_RUN(m
))
3687 if (MANAGER_IS_SYSTEM(m
) && detect_container() <= 0) {
3688 char buf
[FORMAT_TIMESPAN_MAX
+ STRLEN(" (firmware) + ") + FORMAT_TIMESPAN_MAX
+ STRLEN(" (loader) + ")]
3691 size_t size
= sizeof buf
;
3693 /* Note that MANAGER_TIMESTAMP_KERNEL's monotonic value is always at 0, and
3694 * MANAGER_TIMESTAMP_FIRMWARE's and MANAGER_TIMESTAMP_LOADER's monotonic value should be considered
3695 * negative values. */
3697 firmware_usec
= m
->timestamps
[MANAGER_TIMESTAMP_FIRMWARE
].monotonic
- m
->timestamps
[MANAGER_TIMESTAMP_LOADER
].monotonic
;
3698 loader_usec
= m
->timestamps
[MANAGER_TIMESTAMP_LOADER
].monotonic
- m
->timestamps
[MANAGER_TIMESTAMP_KERNEL
].monotonic
;
3699 userspace_usec
= m
->timestamps
[MANAGER_TIMESTAMP_FINISH
].monotonic
- m
->timestamps
[MANAGER_TIMESTAMP_USERSPACE
].monotonic
;
3700 total_usec
= m
->timestamps
[MANAGER_TIMESTAMP_FIRMWARE
].monotonic
+ m
->timestamps
[MANAGER_TIMESTAMP_FINISH
].monotonic
;
3702 if (firmware_usec
> 0)
3703 size
= strpcpyf(&p
, size
, "%s (firmware) + ", FORMAT_TIMESPAN(firmware_usec
, USEC_PER_MSEC
));
3704 if (loader_usec
> 0)
3705 size
= strpcpyf(&p
, size
, "%s (loader) + ", FORMAT_TIMESPAN(loader_usec
, USEC_PER_MSEC
));
3707 if (dual_timestamp_is_set(&m
->timestamps
[MANAGER_TIMESTAMP_INITRD
])) {
3709 /* The initrd case on bare-metal */
3710 kernel_usec
= m
->timestamps
[MANAGER_TIMESTAMP_INITRD
].monotonic
- m
->timestamps
[MANAGER_TIMESTAMP_KERNEL
].monotonic
;
3711 initrd_usec
= m
->timestamps
[MANAGER_TIMESTAMP_USERSPACE
].monotonic
- m
->timestamps
[MANAGER_TIMESTAMP_INITRD
].monotonic
;
3713 log_struct(LOG_INFO
,
3714 "MESSAGE_ID=" SD_MESSAGE_STARTUP_FINISHED_STR
,
3715 "KERNEL_USEC="USEC_FMT
, kernel_usec
,
3716 "INITRD_USEC="USEC_FMT
, initrd_usec
,
3717 "USERSPACE_USEC="USEC_FMT
, userspace_usec
,
3718 LOG_MESSAGE("Startup finished in %s%s (kernel) + %s (initrd) + %s (userspace) = %s.",
3720 FORMAT_TIMESPAN(kernel_usec
, USEC_PER_MSEC
),
3721 FORMAT_TIMESPAN(initrd_usec
, USEC_PER_MSEC
),
3722 FORMAT_TIMESPAN(userspace_usec
, USEC_PER_MSEC
),
3723 FORMAT_TIMESPAN(total_usec
, USEC_PER_MSEC
)));
3725 /* The initrd-less case on bare-metal */
3727 kernel_usec
= m
->timestamps
[MANAGER_TIMESTAMP_USERSPACE
].monotonic
- m
->timestamps
[MANAGER_TIMESTAMP_KERNEL
].monotonic
;
3730 log_struct(LOG_INFO
,
3731 "MESSAGE_ID=" SD_MESSAGE_STARTUP_FINISHED_STR
,
3732 "KERNEL_USEC="USEC_FMT
, kernel_usec
,
3733 "USERSPACE_USEC="USEC_FMT
, userspace_usec
,
3734 LOG_MESSAGE("Startup finished in %s%s (kernel) + %s (userspace) = %s.",
3736 FORMAT_TIMESPAN(kernel_usec
, USEC_PER_MSEC
),
3737 FORMAT_TIMESPAN(userspace_usec
, USEC_PER_MSEC
),
3738 FORMAT_TIMESPAN(total_usec
, USEC_PER_MSEC
)));
3741 /* The container and --user case */
3742 firmware_usec
= loader_usec
= initrd_usec
= kernel_usec
= 0;
3743 total_usec
= userspace_usec
= m
->timestamps
[MANAGER_TIMESTAMP_FINISH
].monotonic
- m
->timestamps
[MANAGER_TIMESTAMP_USERSPACE
].monotonic
;
3745 log_struct(LOG_INFO
,
3746 "MESSAGE_ID=" SD_MESSAGE_USER_STARTUP_FINISHED_STR
,
3747 "USERSPACE_USEC="USEC_FMT
, userspace_usec
,
3748 LOG_MESSAGE("Startup finished in %s.",
3749 FORMAT_TIMESPAN(total_usec
, USEC_PER_MSEC
)));
3752 bus_manager_send_finished(m
, firmware_usec
, loader_usec
, kernel_usec
, initrd_usec
, userspace_usec
, total_usec
);
3754 log_taint_string(m
);
3757 static void manager_send_ready_user_scope(Manager
*m
) {
3762 /* We send READY=1 on reaching basic.target only when running in --user mode. */
3763 if (!MANAGER_IS_USER(m
) || m
->ready_sent
)
3766 r
= sd_notify(/* unset_environment= */ false,
3768 "STATUS=Reached " SPECIAL_BASIC_TARGET
".");
3770 log_warning_errno(r
, "Failed to send readiness notification, ignoring: %m");
3772 m
->ready_sent
= true;
3773 m
->status_ready
= false;
3776 static void manager_send_ready_system_scope(Manager
*m
) {
3781 if (!MANAGER_IS_SYSTEM(m
))
3784 /* Skip the notification if nothing changed. */
3785 if (m
->ready_sent
&& m
->status_ready
)
3788 r
= sd_notify(/* unset_environment= */ false,
3792 log_full_errno(m
->ready_sent
? LOG_DEBUG
: LOG_WARNING
, r
,
3793 "Failed to send readiness notification, ignoring: %m");
3795 m
->ready_sent
= m
->status_ready
= true;
3798 static void manager_check_basic_target(Manager
*m
) {
3803 /* Small shortcut */
3804 if (m
->ready_sent
&& m
->taint_logged
)
3807 u
= manager_get_unit(m
, SPECIAL_BASIC_TARGET
);
3808 if (!u
|| !UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u
)))
3811 /* For user managers, send out READY=1 as soon as we reach basic.target */
3812 manager_send_ready_user_scope(m
);
3814 /* Log the taint string as soon as we reach basic.target */
3815 log_taint_string(m
);
3818 void manager_check_finished(Manager
*m
) {
3821 if (MANAGER_IS_RELOADING(m
))
3824 /* Verify that we have entered the event loop already, and not left it again. */
3825 if (!MANAGER_IS_RUNNING(m
))
3828 manager_check_basic_target(m
);
3830 if (!hashmap_isempty(m
->jobs
)) {
3831 if (m
->jobs_in_progress_event_source
)
3832 /* Ignore any failure, this is only for feedback */
3833 (void) sd_event_source_set_time(m
->jobs_in_progress_event_source
,
3834 manager_watch_jobs_next_time(m
));
3838 /* The jobs hashmap tends to grow a lot during boot, and then it's not reused until shutdown. Let's
3839 kill the hashmap if it is relatively large. */
3840 if (hashmap_buckets(m
->jobs
) > hashmap_size(m
->units
) / 10)
3841 m
->jobs
= hashmap_free(m
->jobs
);
3843 manager_send_ready_system_scope(m
);
3845 /* Notify Type=idle units that we are done now */
3846 manager_close_idle_pipe(m
);
3848 if (MANAGER_IS_FINISHED(m
))
3851 manager_flip_auto_status(m
, false, "boot finished");
3853 /* Turn off confirm spawn now */
3854 m
->confirm_spawn
= NULL
;
3856 /* No need to update ask password status when we're going non-interactive */
3857 manager_close_ask_password(m
);
3859 /* This is no longer the first boot */
3860 manager_set_first_boot(m
, false);
3862 dual_timestamp_now(m
->timestamps
+ MANAGER_TIMESTAMP_FINISH
);
3864 manager_notify_finished(m
);
3866 manager_invalidate_startup_units(m
);
3869 void manager_send_reloading(Manager
*m
) {
3872 /* Let whoever invoked us know that we are now reloading */
3873 (void) sd_notifyf(/* unset_environment= */ false,
3875 "MONOTONIC_USEC=" USEC_FMT
"\n", now(CLOCK_MONOTONIC
));
3877 /* And ensure that we'll send READY=1 again as soon as we are ready again */
3878 m
->ready_sent
= false;
3881 static bool generator_path_any(const char* const* paths
) {
3884 /* Optimize by skipping the whole process by not creating output directories
3885 * if no generators are found. */
3886 STRV_FOREACH(path
, paths
)
3887 if (access(*path
, F_OK
) == 0)
3889 else if (errno
!= ENOENT
)
3890 log_warning_errno(errno
, "Failed to open generator directory %s: %m", *path
);
3895 static int manager_run_environment_generators(Manager
*m
) {
3896 char **tmp
= NULL
; /* this is only used in the forked process, no cleanup here */
3897 _cleanup_strv_free_
char **paths
= NULL
;
3899 [STDOUT_GENERATE
] = &tmp
,
3900 [STDOUT_COLLECT
] = &tmp
,
3901 [STDOUT_CONSUME
] = &m
->transient_environment
,
3905 if (MANAGER_IS_TEST_RUN(m
) && !(m
->test_run_flags
& MANAGER_TEST_RUN_ENV_GENERATORS
))
3908 paths
= env_generator_binary_paths(m
->runtime_scope
);
3912 if (!generator_path_any((const char* const*) paths
))
3916 r
= execute_directories((const char* const*) paths
, DEFAULT_TIMEOUT_USEC
, gather_environment
,
3917 args
, NULL
, m
->transient_environment
,
3918 EXEC_DIR_PARALLEL
| EXEC_DIR_IGNORE_ERRORS
| EXEC_DIR_SET_SYSTEMD_EXEC_PID
);
3922 static int build_generator_environment(Manager
*m
, char ***ret
) {
3923 _cleanup_strv_free_
char **nl
= NULL
;
3925 ConfidentialVirtualization cv
;
3931 /* Generators oftentimes want to know some basic facts about the environment they run in, in order to
3932 * adjust generated units to that. Let's pass down some bits of information that are easy for us to
3933 * determine (but a bit harder for generator scripts to determine), as environment variables. */
3935 nl
= strv_copy(m
->transient_environment
);
3939 r
= strv_env_assign(&nl
, "SYSTEMD_SCOPE", runtime_scope_to_string(m
->runtime_scope
));
3943 if (MANAGER_IS_SYSTEM(m
)) {
3944 /* Note that $SYSTEMD_IN_INITRD may be used to override the initrd detection in much of our
3945 * codebase. This is hence more than purely informational. It will shortcut detection of the
3946 * initrd state if generators invoke our own tools. But that's OK, as it would come to the
3947 * same results (hopefully). */
3948 r
= strv_env_assign(&nl
, "SYSTEMD_IN_INITRD", one_zero(in_initrd()));
3952 if (m
->first_boot
>= 0) {
3953 r
= strv_env_assign(&nl
, "SYSTEMD_FIRST_BOOT", one_zero(m
->first_boot
));
3959 v
= detect_virtualization();
3961 log_debug_errno(v
, "Failed to detect virtualization, ignoring: %m");
3965 s
= strjoina(VIRTUALIZATION_IS_VM(v
) ? "vm:" :
3966 VIRTUALIZATION_IS_CONTAINER(v
) ? "container:" : ":",
3967 virtualization_to_string(v
));
3969 r
= strv_env_assign(&nl
, "SYSTEMD_VIRTUALIZATION", s
);
3974 cv
= detect_confidential_virtualization();
3976 log_debug_errno(cv
, "Failed to detect confidential virtualization, ignoring: %m");
3978 r
= strv_env_assign(&nl
, "SYSTEMD_CONFIDENTIAL_VIRTUALIZATION", confidential_virtualization_to_string(cv
));
3983 r
= strv_env_assign(&nl
, "SYSTEMD_ARCHITECTURE", architecture_to_string(uname_architecture()));
3987 *ret
= TAKE_PTR(nl
);
3991 static int manager_execute_generators(Manager
*m
, char **paths
, bool remount_ro
) {
3992 _cleanup_strv_free_
char **ge
= NULL
;
3993 const char *argv
[] = {
3994 NULL
, /* Leave this empty, execute_directory() will fill something in */
3995 m
->lookup_paths
.generator
,
3996 m
->lookup_paths
.generator_early
,
3997 m
->lookup_paths
.generator_late
,
4002 r
= build_generator_environment(m
, &ge
);
4004 return log_error_errno(r
, "Failed to build generator environment: %m");
4007 /* Remount most of the filesystem tree read-only. We leave /sys/ as-is, because our code
4008 * checks whether it is read-only to detect containerized execution environments. We leave
4009 * /run/ as-is too, because that's where our output goes. We also leave /proc/ and /dev/shm/
4010 * because they're API, and /tmp/ that safe_fork() mounted for us.
4012 r
= bind_remount_recursive("/", MS_RDONLY
, MS_RDONLY
,
4013 STRV_MAKE("/sys", "/run", "/proc", "/dev/shm", "/tmp"));
4015 log_warning_errno(r
, "Read-only bind remount failed, ignoring: %m");
4018 BLOCK_WITH_UMASK(0022);
4019 return execute_directories(
4020 (const char* const*) paths
,
4021 DEFAULT_TIMEOUT_USEC
,
4022 /* callbacks= */ NULL
, /* callback_args= */ NULL
,
4025 EXEC_DIR_PARALLEL
| EXEC_DIR_IGNORE_ERRORS
| EXEC_DIR_SET_SYSTEMD_EXEC_PID
);
4028 static int manager_run_generators(Manager
*m
) {
4029 ForkFlags flags
= FORK_RESET_SIGNALS
| FORK_WAIT
| FORK_NEW_MOUNTNS
| FORK_MOUNTNS_SLAVE
;
4030 _cleanup_strv_free_
char **paths
= NULL
;
4035 if (MANAGER_IS_TEST_RUN(m
) && !(m
->test_run_flags
& MANAGER_TEST_RUN_GENERATORS
))
4038 paths
= generator_binary_paths(m
->runtime_scope
);
4042 if (!generator_path_any((const char* const*) paths
))
4045 r
= lookup_paths_mkdir_generator(&m
->lookup_paths
);
4047 log_error_errno(r
, "Failed to create generator directories: %m");
4051 /* If we are the system manager, we fork and invoke the generators in a sanitized mount namespace. If
4052 * we are the user manager, let's just execute the generators directly. We might not have the
4053 * necessary privileges, and the system manager has already mounted /tmp/ and everything else for us.
4055 if (MANAGER_IS_USER(m
)) {
4056 r
= manager_execute_generators(m
, paths
, /* remount_ro= */ false);
4060 /* On some systems /tmp/ doesn't exist, and on some other systems we cannot create it at all. Avoid
4061 * trying to mount a private tmpfs on it as there's no one size fits all. */
4062 if (is_dir("/tmp", /* follow= */ false) > 0)
4063 flags
|= FORK_PRIVATE_TMP
;
4065 r
= safe_fork("(sd-gens)", flags
, NULL
);
4067 r
= manager_execute_generators(m
, paths
, /* remount_ro= */ true);
4068 _exit(r
>= 0 ? EXIT_SUCCESS
: EXIT_FAILURE
);
4071 if (!ERRNO_IS_PRIVILEGE(r
) && r
!= -EINVAL
) {
4072 log_error_errno(r
, "Failed to fork off sandboxing environment for executing generators: %m");
4076 /* Failed to fork with new mount namespace? Maybe, running in a container environment with
4077 * seccomp or without capability.
4079 * We also allow -EINVAL to allow running without CLONE_NEWNS.
4081 * Also, when running on non-native userland architecture via systemd-nspawn and
4082 * qemu-user-static QEMU-emulator, clone() with CLONE_NEWNS fails with EINVAL, see
4083 * https://github.com/systemd/systemd/issues/28901.
4086 "Failed to fork off sandboxing environment for executing generators. "
4087 "Falling back to execute generators without sandboxing: %m");
4088 r
= manager_execute_generators(m
, paths
, /* remount_ro= */ false);
4092 lookup_paths_trim_generator(&m
->lookup_paths
);
4096 int manager_transient_environment_add(Manager
*m
, char **plus
) {
4101 if (strv_isempty(plus
))
4104 a
= strv_env_merge(m
->transient_environment
, plus
);
4108 sanitize_environment(a
);
4110 return strv_free_and_replace(m
->transient_environment
, a
);
4113 int manager_client_environment_modify(
4118 char **a
= NULL
, **b
= NULL
, **l
;
4122 if (strv_isempty(minus
) && strv_isempty(plus
))
4125 l
= m
->client_environment
;
4127 if (!strv_isempty(minus
)) {
4128 a
= strv_env_delete(l
, 1, minus
);
4135 if (!strv_isempty(plus
)) {
4136 b
= strv_env_merge(l
, plus
);
4145 if (m
->client_environment
!= l
)
4146 strv_free(m
->client_environment
);
4153 m
->client_environment
= sanitize_environment(l
);
4157 int manager_get_effective_environment(Manager
*m
, char ***ret
) {
4163 l
= strv_env_merge(m
->transient_environment
, m
->client_environment
);
4171 int manager_set_unit_defaults(Manager
*m
, const UnitDefaults
*defaults
) {
4172 _cleanup_free_
char *label
= NULL
;
4173 struct rlimit
*rlimit
[_RLIMIT_MAX
];
4179 if (streq_ptr(defaults
->smack_process_label
, "/"))
4182 const char *l
= defaults
->smack_process_label
;
4183 #ifdef SMACK_DEFAULT_PROCESS_LABEL
4185 l
= SMACK_DEFAULT_PROCESS_LABEL
;
4195 r
= rlimit_copy_all(rlimit
, defaults
->rlimit
);
4199 m
->defaults
.std_output
= defaults
->std_output
;
4200 m
->defaults
.std_error
= defaults
->std_error
;
4202 m
->defaults
.restart_usec
= defaults
->restart_usec
;
4203 m
->defaults
.timeout_start_usec
= defaults
->timeout_start_usec
;
4204 m
->defaults
.timeout_stop_usec
= defaults
->timeout_stop_usec
;
4205 m
->defaults
.timeout_abort_usec
= defaults
->timeout_abort_usec
;
4206 m
->defaults
.timeout_abort_set
= defaults
->timeout_abort_set
;
4207 m
->defaults
.device_timeout_usec
= defaults
->device_timeout_usec
;
4209 m
->defaults
.start_limit_interval
= defaults
->start_limit_interval
;
4210 m
->defaults
.start_limit_burst
= defaults
->start_limit_burst
;
4212 m
->defaults
.cpu_accounting
= defaults
->cpu_accounting
;
4213 m
->defaults
.memory_accounting
= defaults
->memory_accounting
;
4214 m
->defaults
.io_accounting
= defaults
->io_accounting
;
4215 m
->defaults
.blockio_accounting
= defaults
->blockio_accounting
;
4216 m
->defaults
.tasks_accounting
= defaults
->tasks_accounting
;
4217 m
->defaults
.ip_accounting
= defaults
->ip_accounting
;
4219 m
->defaults
.tasks_max
= defaults
->tasks_max
;
4220 m
->defaults
.timer_accuracy_usec
= defaults
->timer_accuracy_usec
;
4222 m
->defaults
.oom_policy
= defaults
->oom_policy
;
4223 m
->defaults
.oom_score_adjust
= defaults
->oom_score_adjust
;
4224 m
->defaults
.oom_score_adjust_set
= defaults
->oom_score_adjust_set
;
4226 m
->defaults
.memory_pressure_watch
= defaults
->memory_pressure_watch
;
4227 m
->defaults
.memory_pressure_threshold_usec
= defaults
->memory_pressure_threshold_usec
;
4229 free_and_replace(m
->defaults
.smack_process_label
, label
);
4230 rlimit_free_all(m
->defaults
.rlimit
);
4231 memcpy(m
->defaults
.rlimit
, rlimit
, sizeof(struct rlimit
*) * _RLIMIT_MAX
);
4236 void manager_recheck_dbus(Manager
*m
) {
4239 /* Connects to the bus if the dbus service and socket are running. If we are running in user mode
4240 * this is all it does. In system mode we'll also connect to the system bus (which will most likely
4241 * just reuse the connection of the API bus). That's because the system bus after all runs as service
4242 * of the system instance, while in the user instance we can assume it's already there. */
4244 if (MANAGER_IS_RELOADING(m
))
4245 return; /* don't check while we are reloading… */
4247 if (manager_dbus_is_running(m
, false)) {
4248 (void) bus_init_api(m
);
4250 if (MANAGER_IS_SYSTEM(m
))
4251 (void) bus_init_system(m
);
4253 (void) bus_done_api(m
);
4255 if (MANAGER_IS_SYSTEM(m
))
4256 (void) bus_done_system(m
);
4260 static bool manager_journal_is_running(Manager
*m
) {
4265 if (MANAGER_IS_TEST_RUN(m
))
4268 /* If we are the user manager we can safely assume that the journal is up */
4269 if (!MANAGER_IS_SYSTEM(m
))
4272 /* Check that the socket is not only up, but in RUNNING state */
4273 u
= manager_get_unit(m
, SPECIAL_JOURNALD_SOCKET
);
4276 if (SOCKET(u
)->state
!= SOCKET_RUNNING
)
4279 /* Similar, check if the daemon itself is fully up, too */
4280 u
= manager_get_unit(m
, SPECIAL_JOURNALD_SERVICE
);
4283 if (!IN_SET(SERVICE(u
)->state
, SERVICE_RELOAD
, SERVICE_RUNNING
))
4289 void disable_printk_ratelimit(void) {
4290 /* Disable kernel's printk ratelimit.
4292 * Logging to /dev/kmsg is most useful during early boot and shutdown, where normal logging
4293 * mechanisms are not available. The semantics of this sysctl are such that any kernel command-line
4294 * setting takes precedence. */
4297 r
= sysctl_write("kernel/printk_devkmsg", "on");
4299 log_debug_errno(r
, "Failed to set sysctl kernel.printk_devkmsg=on: %m");
4302 void manager_recheck_journal(Manager
*m
) {
4306 /* Don't bother with this unless we are in the special situation of being PID 1 */
4307 if (getpid_cached() != 1)
4310 /* Don't check this while we are reloading, things might still change */
4311 if (MANAGER_IS_RELOADING(m
))
4314 /* The journal is fully and entirely up? If so, let's permit logging to it, if that's configured. If
4315 * the journal is down, don't ever log to it, otherwise we might end up deadlocking ourselves as we
4316 * might trigger an activation ourselves we can't fulfill. */
4317 log_set_prohibit_ipc(!manager_journal_is_running(m
));
4321 static ShowStatus
manager_get_show_status(Manager
*m
) {
4324 if (MANAGER_IS_USER(m
))
4325 return _SHOW_STATUS_INVALID
;
4327 if (m
->show_status_overridden
!= _SHOW_STATUS_INVALID
)
4328 return m
->show_status_overridden
;
4330 return m
->show_status
;
4333 bool manager_get_show_status_on(Manager
*m
) {
4336 return show_status_on(manager_get_show_status(m
));
4339 static void set_show_status_marker(bool b
) {
4341 (void) touch("/run/systemd/show-status");
4343 (void) unlink("/run/systemd/show-status");
4346 void manager_set_show_status(Manager
*m
, ShowStatus mode
, const char *reason
) {
4349 assert(mode
>= 0 && mode
< _SHOW_STATUS_MAX
);
4351 if (MANAGER_IS_USER(m
))
4354 if (mode
== m
->show_status
)
4357 if (m
->show_status_overridden
== _SHOW_STATUS_INVALID
) {
4360 enabled
= show_status_on(mode
);
4361 log_debug("%s (%s) showing of status (%s).",
4362 enabled
? "Enabling" : "Disabling",
4363 strna(show_status_to_string(mode
)),
4366 set_show_status_marker(enabled
);
4369 m
->show_status
= mode
;
4372 void manager_override_show_status(Manager
*m
, ShowStatus mode
, const char *reason
) {
4374 assert(mode
< _SHOW_STATUS_MAX
);
4376 if (MANAGER_IS_USER(m
))
4379 if (mode
== m
->show_status_overridden
)
4382 m
->show_status_overridden
= mode
;
4384 if (mode
== _SHOW_STATUS_INVALID
)
4385 mode
= m
->show_status
;
4387 log_debug("%s (%s) showing of status (%s).",
4388 m
->show_status_overridden
!= _SHOW_STATUS_INVALID
? "Overriding" : "Restoring",
4389 strna(show_status_to_string(mode
)),
4392 set_show_status_marker(show_status_on(mode
));
4395 const char *manager_get_confirm_spawn(Manager
*m
) {
4396 static int last_errno
= 0;
4402 /* Here's the deal: we want to test the validity of the console but don't want
4403 * PID1 to go through the whole console process which might block. But we also
4404 * want to warn the user only once if something is wrong with the console so we
4405 * cannot do the sanity checks after spawning our children. So here we simply do
4406 * really basic tests to hopefully trap common errors.
4408 * If the console suddenly disappear at the time our children will really it
4409 * then they will simply fail to acquire it and a positive answer will be
4410 * assumed. New children will fall back to /dev/console though.
4412 * Note: TTYs are devices that can come and go any time, and frequently aren't
4413 * available yet during early boot (consider a USB rs232 dongle...). If for any
4414 * reason the configured console is not ready, we fall back to the default
4417 if (!m
->confirm_spawn
|| path_equal(m
->confirm_spawn
, "/dev/console"))
4418 return m
->confirm_spawn
;
4420 if (stat(m
->confirm_spawn
, &st
) < 0) {
4425 if (!S_ISCHR(st
.st_mode
)) {
4431 return m
->confirm_spawn
;
4434 if (last_errno
!= r
)
4435 last_errno
= log_warning_errno(r
, "Failed to open %s, using default console: %m", m
->confirm_spawn
);
4437 return "/dev/console";
4440 void manager_set_first_boot(Manager
*m
, bool b
) {
4443 if (!MANAGER_IS_SYSTEM(m
))
4446 if (m
->first_boot
!= (int) b
) {
4448 (void) touch("/run/systemd/first-boot");
4450 (void) unlink("/run/systemd/first-boot");
4456 void manager_disable_confirm_spawn(void) {
4457 (void) touch("/run/systemd/confirm_spawn_disabled");
4460 static bool manager_should_show_status(Manager
*m
, StatusType type
) {
4463 if (!MANAGER_IS_SYSTEM(m
))
4466 if (m
->no_console_output
)
4469 if (!IN_SET(manager_state(m
), MANAGER_INITIALIZING
, MANAGER_STARTING
, MANAGER_STOPPING
))
4472 /* If we cannot find out the status properly, just proceed. */
4473 if (type
!= STATUS_TYPE_EMERGENCY
&& manager_check_ask_password(m
) > 0)
4476 if (type
== STATUS_TYPE_NOTICE
&& m
->show_status
!= SHOW_STATUS_NO
)
4479 return manager_get_show_status_on(m
);
4482 void manager_status_printf(Manager
*m
, StatusType type
, const char *status
, const char *format
, ...) {
4485 /* If m is NULL, assume we're after shutdown and let the messages through. */
4487 if (m
&& !manager_should_show_status(m
, type
))
4490 /* XXX We should totally drop the check for ephemeral here
4491 * and thus effectively make 'Type=idle' pointless. */
4492 if (type
== STATUS_TYPE_EPHEMERAL
&& m
&& m
->n_on_console
> 0)
4495 va_start(ap
, format
);
4496 status_vprintf(status
, SHOW_STATUS_ELLIPSIZE
|(type
== STATUS_TYPE_EPHEMERAL
? SHOW_STATUS_EPHEMERAL
: 0), format
, ap
);
4500 Set
* manager_get_units_needing_mounts_for(Manager
*m
, const char *path
, UnitMountDependencyType t
) {
4503 assert(t
>= 0 && t
< _UNIT_MOUNT_DEPENDENCY_TYPE_MAX
);
4505 if (path_equal(path
, "/"))
4508 return hashmap_get(m
->units_needing_mounts_for
[t
], path
);
4511 int manager_update_failed_units(Manager
*m
, Unit
*u
, bool failed
) {
4516 assert(u
->manager
== m
);
4518 size
= set_size(m
->failed_units
);
4521 r
= set_ensure_put(&m
->failed_units
, NULL
, u
);
4525 (void) set_remove(m
->failed_units
, u
);
4527 if (set_size(m
->failed_units
) != size
)
4528 bus_manager_send_change_signal(m
);
4533 ManagerState
manager_state(Manager
*m
) {
4538 /* Is the special shutdown target active or queued? If so, we are in shutdown state */
4539 u
= manager_get_unit(m
, SPECIAL_SHUTDOWN_TARGET
);
4540 if (u
&& unit_active_or_pending(u
))
4541 return MANAGER_STOPPING
;
4543 /* Did we ever finish booting? If not then we are still starting up */
4544 if (!MANAGER_IS_FINISHED(m
)) {
4546 u
= manager_get_unit(m
, SPECIAL_BASIC_TARGET
);
4547 if (!u
|| !UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u
)))
4548 return MANAGER_INITIALIZING
;
4550 return MANAGER_STARTING
;
4553 if (MANAGER_IS_SYSTEM(m
)) {
4554 /* Are the rescue or emergency targets active or queued? If so we are in maintenance state */
4555 u
= manager_get_unit(m
, SPECIAL_RESCUE_TARGET
);
4556 if (u
&& unit_active_or_pending(u
))
4557 return MANAGER_MAINTENANCE
;
4559 u
= manager_get_unit(m
, SPECIAL_EMERGENCY_TARGET
);
4560 if (u
&& unit_active_or_pending(u
))
4561 return MANAGER_MAINTENANCE
;
4564 /* Are there any failed units? If so, we are in degraded mode */
4565 if (!set_isempty(m
->failed_units
))
4566 return MANAGER_DEGRADED
;
4568 return MANAGER_RUNNING
;
4571 static void manager_unref_uid_internal(
4575 int (*_clean_ipc
)(uid_t uid
)) {
4579 assert(uid_is_valid(uid
));
4582 /* A generic implementation, covering both manager_unref_uid() and manager_unref_gid(), under the
4583 * assumption that uid_t and gid_t are actually defined the same way, with the same validity rules.
4585 * We store a hashmap where the key is the UID/GID and the value is a 32-bit reference counter, whose
4586 * highest bit is used as flag for marking UIDs/GIDs whose IPC objects to remove when the last
4587 * reference to the UID/GID is dropped. The flag is set to on, once at least one reference from a
4588 * unit where RemoveIPC= is set is added on a UID/GID. It is reset when the UID's/GID's reference
4589 * counter drops to 0 again. */
4591 assert_cc(sizeof(uid_t
) == sizeof(gid_t
));
4592 assert_cc(UID_INVALID
== (uid_t
) GID_INVALID
);
4594 if (uid
== 0) /* We don't keep track of root, and will never destroy it */
4597 c
= PTR_TO_UINT32(hashmap_get(uid_refs
, UID_TO_PTR(uid
)));
4599 n
= c
& ~DESTROY_IPC_FLAG
;
4603 if (destroy_now
&& n
== 0) {
4604 hashmap_remove(uid_refs
, UID_TO_PTR(uid
));
4606 if (c
& DESTROY_IPC_FLAG
) {
4607 log_debug("%s " UID_FMT
" is no longer referenced, cleaning up its IPC.",
4608 _clean_ipc
== clean_ipc_by_uid
? "UID" : "GID",
4610 (void) _clean_ipc(uid
);
4613 c
= n
| (c
& DESTROY_IPC_FLAG
);
4614 assert_se(hashmap_update(uid_refs
, UID_TO_PTR(uid
), UINT32_TO_PTR(c
)) >= 0);
4618 void manager_unref_uid(Manager
*m
, uid_t uid
, bool destroy_now
) {
4619 manager_unref_uid_internal(m
->uid_refs
, uid
, destroy_now
, clean_ipc_by_uid
);
4622 void manager_unref_gid(Manager
*m
, gid_t gid
, bool destroy_now
) {
4623 manager_unref_uid_internal(m
->gid_refs
, (uid_t
) gid
, destroy_now
, clean_ipc_by_gid
);
4626 static int manager_ref_uid_internal(
4635 assert(uid_is_valid(uid
));
4637 /* A generic implementation, covering both manager_ref_uid() and manager_ref_gid(), under the
4638 * assumption that uid_t and gid_t are actually defined the same way, with the same validity
4641 assert_cc(sizeof(uid_t
) == sizeof(gid_t
));
4642 assert_cc(UID_INVALID
== (uid_t
) GID_INVALID
);
4644 if (uid
== 0) /* We don't keep track of root, and will never destroy it */
4647 r
= hashmap_ensure_allocated(uid_refs
, &trivial_hash_ops
);
4651 c
= PTR_TO_UINT32(hashmap_get(*uid_refs
, UID_TO_PTR(uid
)));
4653 n
= c
& ~DESTROY_IPC_FLAG
;
4656 if (n
& DESTROY_IPC_FLAG
) /* check for overflow */
4659 c
= n
| (c
& DESTROY_IPC_FLAG
) | (clean_ipc
? DESTROY_IPC_FLAG
: 0);
4661 return hashmap_replace(*uid_refs
, UID_TO_PTR(uid
), UINT32_TO_PTR(c
));
4664 int manager_ref_uid(Manager
*m
, uid_t uid
, bool clean_ipc
) {
4665 return manager_ref_uid_internal(&m
->uid_refs
, uid
, clean_ipc
);
4668 int manager_ref_gid(Manager
*m
, gid_t gid
, bool clean_ipc
) {
4669 return manager_ref_uid_internal(&m
->gid_refs
, (uid_t
) gid
, clean_ipc
);
4672 static void manager_vacuum_uid_refs_internal(
4674 int (*_clean_ipc
)(uid_t uid
)) {
4680 HASHMAP_FOREACH_KEY(p
, k
, uid_refs
) {
4684 uid
= PTR_TO_UID(k
);
4685 c
= PTR_TO_UINT32(p
);
4687 n
= c
& ~DESTROY_IPC_FLAG
;
4691 if (c
& DESTROY_IPC_FLAG
) {
4692 log_debug("Found unreferenced %s " UID_FMT
" after reload/reexec. Cleaning up.",
4693 _clean_ipc
== clean_ipc_by_uid
? "UID" : "GID",
4695 (void) _clean_ipc(uid
);
4698 assert_se(hashmap_remove(uid_refs
, k
) == p
);
4702 static void manager_vacuum_uid_refs(Manager
*m
) {
4703 manager_vacuum_uid_refs_internal(m
->uid_refs
, clean_ipc_by_uid
);
4706 static void manager_vacuum_gid_refs(Manager
*m
) {
4707 manager_vacuum_uid_refs_internal(m
->gid_refs
, clean_ipc_by_gid
);
4710 static void manager_vacuum(Manager
*m
) {
4713 /* Release any dynamic users no longer referenced */
4714 dynamic_user_vacuum(m
, true);
4716 /* Release any references to UIDs/GIDs no longer referenced, and destroy any IPC owned by them */
4717 manager_vacuum_uid_refs(m
);
4718 manager_vacuum_gid_refs(m
);
4720 /* Release any runtimes no longer referenced */
4721 exec_shared_runtime_vacuum(m
);
4724 int manager_dispatch_user_lookup_fd(sd_event_source
*source
, int fd
, uint32_t revents
, void *userdata
) {
4728 char unit_name
[UNIT_NAME_MAX
+1];
4731 Manager
*m
= userdata
;
4739 /* Invoked whenever a child process succeeded resolving its user/group to use and sent us the
4740 * resulting UID/GID in a datagram. We parse the datagram here and pass it off to the unit, so that
4741 * it can add a reference to the UID/GID so that it can destroy the UID/GID's IPC objects when the
4742 * reference counter drops to 0. */
4744 l
= recv(fd
, &buffer
, sizeof(buffer
), MSG_DONTWAIT
);
4746 if (ERRNO_IS_TRANSIENT(errno
))
4749 return log_error_errno(errno
, "Failed to read from user lookup fd: %m");
4752 if ((size_t) l
<= offsetof(struct buffer
, unit_name
)) {
4753 log_warning("Received too short user lookup message, ignoring.");
4757 if ((size_t) l
> offsetof(struct buffer
, unit_name
) + UNIT_NAME_MAX
) {
4758 log_warning("Received too long user lookup message, ignoring.");
4762 if (!uid_is_valid(buffer
.uid
) && !gid_is_valid(buffer
.gid
)) {
4763 log_warning("Got user lookup message with invalid UID/GID pair, ignoring.");
4767 n
= (size_t) l
- offsetof(struct buffer
, unit_name
);
4768 if (memchr(buffer
.unit_name
, 0, n
)) {
4769 log_warning("Received lookup message with embedded NUL character, ignoring.");
4773 buffer
.unit_name
[n
] = 0;
4774 u
= manager_get_unit(m
, buffer
.unit_name
);
4776 log_debug("Got user lookup message but unit doesn't exist, ignoring.");
4780 log_unit_debug(u
, "User lookup succeeded: uid=" UID_FMT
" gid=" GID_FMT
, buffer
.uid
, buffer
.gid
);
4782 unit_notify_user_lookup(u
, buffer
.uid
, buffer
.gid
);
4786 static int short_uid_range(const char *path
) {
4787 _cleanup_(uid_range_freep
) UIDRange
*p
= NULL
;
4792 /* Taint systemd if we the UID range assigned to this environment doesn't at least cover 0…65534,
4793 * i.e. from root to nobody. */
4795 r
= uid_range_load_userns(&p
, path
);
4796 if (ERRNO_IS_NEG_NOT_SUPPORTED(r
))
4799 return log_debug_errno(r
, "Failed to load %s: %m", path
);
4801 return !uid_range_covers(p
, 0, 65535);
4804 char* manager_taint_string(const Manager
*m
) {
4805 /* Returns a "taint string", e.g. "local-hwclock:var-run-bad". Only things that are detected at
4806 * runtime should be tagged here. For stuff that is known during compilation, emit a warning in the
4807 * configuration phase. */
4811 const char* stage
[12] = {};
4814 _cleanup_free_
char *usrbin
= NULL
;
4815 if (readlink_malloc("/bin", &usrbin
) < 0 || !PATH_IN_SET(usrbin
, "usr/bin", "/usr/bin"))
4816 stage
[n
++] = "unmerged-usr";
4818 if (access("/proc/cgroups", F_OK
) < 0)
4819 stage
[n
++] = "cgroups-missing";
4821 if (cg_all_unified() == 0)
4822 stage
[n
++] = "cgroupsv1";
4824 if (clock_is_localtime(NULL
) > 0)
4825 stage
[n
++] = "local-hwclock";
4827 if (os_release_support_ended(NULL
, /* quiet= */ true, NULL
) > 0)
4828 stage
[n
++] = "support-ended";
4830 _cleanup_free_
char *destination
= NULL
;
4831 if (readlink_malloc("/var/run", &destination
) < 0 ||
4832 !PATH_IN_SET(destination
, "../run", "/run"))
4833 stage
[n
++] = "var-run-bad";
4835 _cleanup_free_
char *overflowuid
= NULL
, *overflowgid
= NULL
;
4836 if (read_one_line_file("/proc/sys/kernel/overflowuid", &overflowuid
) >= 0 &&
4837 !streq(overflowuid
, "65534"))
4838 stage
[n
++] = "overflowuid-not-65534";
4839 if (read_one_line_file("/proc/sys/kernel/overflowgid", &overflowgid
) >= 0 &&
4840 !streq(overflowgid
, "65534"))
4841 stage
[n
++] = "overflowgid-not-65534";
4844 assert_se(uname(&uts
) >= 0);
4845 if (strverscmp_improved(uts
.release
, KERNEL_BASELINE_VERSION
) < 0)
4846 stage
[n
++] = "old-kernel";
4848 if (short_uid_range("/proc/self/uid_map") > 0)
4849 stage
[n
++] = "short-uid-range";
4850 if (short_uid_range("/proc/self/gid_map") > 0)
4851 stage
[n
++] = "short-gid-range";
4853 assert(n
< ELEMENTSOF(stage
) - 1); /* One extra for NULL terminator */
4855 return strv_join((char**) stage
, ":");
4858 void manager_ref_console(Manager
*m
) {
4864 void manager_unref_console(Manager
*m
) {
4866 assert(m
->n_on_console
> 0);
4869 if (m
->n_on_console
== 0)
4870 m
->no_console_output
= false; /* unset no_console_output flag, since the console is definitely free now */
4873 void manager_override_log_level(Manager
*m
, int level
) {
4874 _cleanup_free_
char *s
= NULL
;
4877 if (!m
->log_level_overridden
) {
4878 m
->original_log_level
= log_get_max_level();
4879 m
->log_level_overridden
= true;
4882 (void) log_level_to_string_alloc(level
, &s
);
4883 log_info("Setting log level to %s.", strna(s
));
4885 log_set_max_level(level
);
4888 void manager_restore_original_log_level(Manager
*m
) {
4889 _cleanup_free_
char *s
= NULL
;
4892 if (!m
->log_level_overridden
)
4895 (void) log_level_to_string_alloc(m
->original_log_level
, &s
);
4896 log_info("Restoring log level to original (%s).", strna(s
));
4898 log_set_max_level(m
->original_log_level
);
4899 m
->log_level_overridden
= false;
4902 void manager_override_log_target(Manager
*m
, LogTarget target
) {
4905 if (!m
->log_target_overridden
) {
4906 m
->original_log_target
= log_get_target();
4907 m
->log_target_overridden
= true;
4910 log_info("Setting log target to %s.", log_target_to_string(target
));
4911 log_set_target(target
);
4914 void manager_restore_original_log_target(Manager
*m
) {
4917 if (!m
->log_target_overridden
)
4920 log_info("Restoring log target to original %s.", log_target_to_string(m
->original_log_target
));
4922 log_set_target(m
->original_log_target
);
4923 m
->log_target_overridden
= false;
4926 ManagerTimestamp
manager_timestamp_initrd_mangle(ManagerTimestamp s
) {
4928 s
>= MANAGER_TIMESTAMP_SECURITY_START
&&
4929 s
<= MANAGER_TIMESTAMP_UNITS_LOAD_FINISH
)
4930 return s
- MANAGER_TIMESTAMP_SECURITY_START
+ MANAGER_TIMESTAMP_INITRD_SECURITY_START
;
4934 int manager_allocate_idle_pipe(Manager
*m
) {
4939 if (m
->idle_pipe
[0] >= 0) {
4940 assert(m
->idle_pipe
[1] >= 0);
4941 assert(m
->idle_pipe
[2] >= 0);
4942 assert(m
->idle_pipe
[3] >= 0);
4946 assert(m
->idle_pipe
[1] < 0);
4947 assert(m
->idle_pipe
[2] < 0);
4948 assert(m
->idle_pipe
[3] < 0);
4950 r
= RET_NERRNO(pipe2(m
->idle_pipe
+ 0, O_NONBLOCK
|O_CLOEXEC
));
4954 r
= RET_NERRNO(pipe2(m
->idle_pipe
+ 2, O_NONBLOCK
|O_CLOEXEC
));
4956 safe_close_pair(m
->idle_pipe
+ 0);
4963 void unit_defaults_init(UnitDefaults
*defaults
, RuntimeScope scope
) {
4966 assert(scope
< _RUNTIME_SCOPE_MAX
);
4968 *defaults
= (UnitDefaults
) {
4969 .std_output
= EXEC_OUTPUT_JOURNAL
,
4970 .std_error
= EXEC_OUTPUT_INHERIT
,
4971 .restart_usec
= DEFAULT_RESTART_USEC
,
4972 .timeout_start_usec
= manager_default_timeout(scope
),
4973 .timeout_stop_usec
= manager_default_timeout(scope
),
4974 .timeout_abort_usec
= manager_default_timeout(scope
),
4975 .timeout_abort_set
= false,
4976 .device_timeout_usec
= manager_default_timeout(scope
),
4977 .start_limit_interval
= DEFAULT_START_LIMIT_INTERVAL
,
4978 .start_limit_burst
= DEFAULT_START_LIMIT_BURST
,
4980 /* On 4.15+ with unified hierarchy, CPU accounting is essentially free as it doesn't require the CPU
4981 * controller to be enabled, so the default is to enable it unless we got told otherwise. */
4982 .cpu_accounting
= cpu_accounting_is_cheap(),
4983 .memory_accounting
= MEMORY_ACCOUNTING_DEFAULT
,
4984 .io_accounting
= false,
4985 .blockio_accounting
= false,
4986 .tasks_accounting
= true,
4987 .ip_accounting
= false,
4989 .tasks_max
= DEFAULT_TASKS_MAX
,
4990 .timer_accuracy_usec
= 1 * USEC_PER_MINUTE
,
4992 .memory_pressure_watch
= CGROUP_PRESSURE_WATCH_AUTO
,
4993 .memory_pressure_threshold_usec
= MEMORY_PRESSURE_DEFAULT_THRESHOLD_USEC
,
4995 .oom_policy
= OOM_STOP
,
4996 .oom_score_adjust_set
= false,
5000 void unit_defaults_done(UnitDefaults
*defaults
) {
5003 defaults
->smack_process_label
= mfree(defaults
->smack_process_label
);
5004 rlimit_free_all(defaults
->rlimit
);
5007 LogTarget
manager_get_executor_log_target(Manager
*m
) {
5010 /* If journald is not available tell sd-executor to go to kmsg, as it might be starting journald */
5012 if (manager_journal_is_running(m
))
5013 return log_get_target();
5015 return LOG_TARGET_KMSG
;
5018 static const char *const manager_state_table
[_MANAGER_STATE_MAX
] = {
5019 [MANAGER_INITIALIZING
] = "initializing",
5020 [MANAGER_STARTING
] = "starting",
5021 [MANAGER_RUNNING
] = "running",
5022 [MANAGER_DEGRADED
] = "degraded",
5023 [MANAGER_MAINTENANCE
] = "maintenance",
5024 [MANAGER_STOPPING
] = "stopping",
5027 DEFINE_STRING_TABLE_LOOKUP(manager_state
, ManagerState
);
5029 static const char *const manager_timestamp_table
[_MANAGER_TIMESTAMP_MAX
] = {
5030 [MANAGER_TIMESTAMP_FIRMWARE
] = "firmware",
5031 [MANAGER_TIMESTAMP_LOADER
] = "loader",
5032 [MANAGER_TIMESTAMP_KERNEL
] = "kernel",
5033 [MANAGER_TIMESTAMP_INITRD
] = "initrd",
5034 [MANAGER_TIMESTAMP_USERSPACE
] = "userspace",
5035 [MANAGER_TIMESTAMP_FINISH
] = "finish",
5036 [MANAGER_TIMESTAMP_SECURITY_START
] = "security-start",
5037 [MANAGER_TIMESTAMP_SECURITY_FINISH
] = "security-finish",
5038 [MANAGER_TIMESTAMP_GENERATORS_START
] = "generators-start",
5039 [MANAGER_TIMESTAMP_GENERATORS_FINISH
] = "generators-finish",
5040 [MANAGER_TIMESTAMP_UNITS_LOAD_START
] = "units-load-start",
5041 [MANAGER_TIMESTAMP_UNITS_LOAD_FINISH
] = "units-load-finish",
5042 [MANAGER_TIMESTAMP_UNITS_LOAD
] = "units-load",
5043 [MANAGER_TIMESTAMP_INITRD_SECURITY_START
] = "initrd-security-start",
5044 [MANAGER_TIMESTAMP_INITRD_SECURITY_FINISH
] = "initrd-security-finish",
5045 [MANAGER_TIMESTAMP_INITRD_GENERATORS_START
] = "initrd-generators-start",
5046 [MANAGER_TIMESTAMP_INITRD_GENERATORS_FINISH
] = "initrd-generators-finish",
5047 [MANAGER_TIMESTAMP_INITRD_UNITS_LOAD_START
] = "initrd-units-load-start",
5048 [MANAGER_TIMESTAMP_INITRD_UNITS_LOAD_FINISH
] = "initrd-units-load-finish",
5051 DEFINE_STRING_TABLE_LOOKUP(manager_timestamp
, ManagerTimestamp
);
5053 static const char* const oom_policy_table
[_OOM_POLICY_MAX
] = {
5054 [OOM_CONTINUE
] = "continue",
5055 [OOM_STOP
] = "stop",
5056 [OOM_KILL
] = "kill",
5059 DEFINE_STRING_TABLE_LOOKUP(oom_policy
, OOMPolicy
);