]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
4ad49000 | 2 | |
3dc5ca97 LP |
3 | #include <arpa/inet.h> |
4 | ||
5 | #include "af-list.h" | |
b5efdb8a | 6 | #include "alloc-util.h" |
078ba556 | 7 | #include "bpf-firewall.h" |
9e009a14 | 8 | #include "bpf-foreign.h" |
40af3d02 | 9 | #include "bus-get-properties.h" |
718db961 LP |
10 | #include "cgroup-util.h" |
11 | #include "cgroup.h" | |
e30bbc90 | 12 | #include "core-varlink.h" |
4ad49000 | 13 | #include "dbus-cgroup.h" |
681ae88e | 14 | #include "dbus-util.h" |
66855de7 | 15 | #include "errno-util.h" |
3ffd4af2 | 16 | #include "fd-util.h" |
0d39fa9c | 17 | #include "fileio.h" |
84ebe6f0 | 18 | #include "in-addr-prefix-util.h" |
60477eb9 | 19 | #include "ip-protocol-list.h" |
eefc66aa | 20 | #include "limits-util.h" |
dcf4781c | 21 | #include "parse-util.h" |
3ffd4af2 | 22 | #include "path-util.h" |
9cba32bc | 23 | #include "percent-util.h" |
a59cb62c | 24 | #include "socket-util.h" |
4ad49000 | 25 | |
3a0f06c4 ZJS |
26 | BUS_DEFINE_PROPERTY_GET(bus_property_get_tasks_max, "t", TasksMax, tasks_max_resolve); |
27 | ||
718db961 | 28 | static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_cgroup_device_policy, cgroup_device_policy, CGroupDevicePolicy); |
4d824a4e | 29 | static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_managed_oom_mode, managed_oom_mode, ManagedOOMMode); |
4e806bfa | 30 | static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_managed_oom_preference, managed_oom_preference, ManagedOOMPreference); |
718db961 | 31 | |
c72703e2 | 32 | static int property_get_cgroup_mask( |
02638280 LP |
33 | sd_bus *bus, |
34 | const char *path, | |
35 | const char *interface, | |
36 | const char *property, | |
37 | sd_bus_message *reply, | |
38 | void *userdata, | |
39 | sd_bus_error *error) { | |
40 | ||
c72703e2 | 41 | CGroupMask *mask = userdata; |
02638280 LP |
42 | int r; |
43 | ||
44 | assert(bus); | |
45 | assert(reply); | |
02638280 LP |
46 | |
47 | r = sd_bus_message_open_container(reply, 'a', "s"); | |
48 | if (r < 0) | |
49 | return r; | |
50 | ||
fe96c0f8 | 51 | for (CGroupController ctrl = 0; ctrl < _CGROUP_CONTROLLER_MAX; ctrl++) { |
c72703e2 | 52 | if ((*mask & CGROUP_CONTROLLER_TO_MASK(ctrl)) == 0) |
02638280 LP |
53 | continue; |
54 | ||
c72703e2 | 55 | r = sd_bus_message_append(reply, "s", cgroup_controller_to_string(ctrl)); |
02638280 LP |
56 | if (r < 0) |
57 | return r; | |
58 | } | |
59 | ||
60 | return sd_bus_message_close_container(reply); | |
61 | } | |
62 | ||
c72703e2 CD |
63 | static int property_get_delegate_controllers( |
64 | sd_bus *bus, | |
65 | const char *path, | |
66 | const char *interface, | |
67 | const char *property, | |
68 | sd_bus_message *reply, | |
69 | void *userdata, | |
70 | sd_bus_error *error) { | |
71 | ||
72 | CGroupContext *c = userdata; | |
73 | ||
74 | assert(bus); | |
75 | assert(reply); | |
76 | assert(c); | |
77 | ||
78 | if (!c->delegate) | |
79 | return sd_bus_message_append(reply, "as", 0); | |
80 | ||
81 | return property_get_cgroup_mask(bus, path, interface, property, reply, &c->delegate_controllers, error); | |
82 | } | |
83 | ||
047f5d63 PH |
84 | static int property_get_cpuset( |
85 | sd_bus *bus, | |
86 | const char *path, | |
87 | const char *interface, | |
88 | const char *property, | |
89 | sd_bus_message *reply, | |
90 | void *userdata, | |
91 | sd_bus_error *error) { | |
92 | ||
93 | CPUSet *cpus = userdata; | |
94 | _cleanup_free_ uint8_t *array = NULL; | |
95 | size_t allocated; | |
96 | ||
97 | assert(bus); | |
98 | assert(reply); | |
99 | assert(cpus); | |
100 | ||
101 | (void) cpu_set_to_dbus(cpus, &array, &allocated); | |
102 | return sd_bus_message_append_array(reply, 'y', array, allocated); | |
103 | } | |
104 | ||
13c31542 TH |
105 | static int property_get_io_device_weight( |
106 | sd_bus *bus, | |
107 | const char *path, | |
108 | const char *interface, | |
109 | const char *property, | |
110 | sd_bus_message *reply, | |
111 | void *userdata, | |
112 | sd_bus_error *error) { | |
113 | ||
114 | CGroupContext *c = userdata; | |
13c31542 TH |
115 | int r; |
116 | ||
117 | assert(bus); | |
118 | assert(reply); | |
119 | assert(c); | |
120 | ||
121 | r = sd_bus_message_open_container(reply, 'a', "(st)"); | |
122 | if (r < 0) | |
123 | return r; | |
124 | ||
125 | LIST_FOREACH(device_weights, w, c->io_device_weights) { | |
126 | r = sd_bus_message_append(reply, "(st)", w->path, w->weight); | |
127 | if (r < 0) | |
128 | return r; | |
129 | } | |
130 | ||
131 | return sd_bus_message_close_container(reply); | |
132 | } | |
133 | ||
134 | static int property_get_io_device_limits( | |
135 | sd_bus *bus, | |
136 | const char *path, | |
137 | const char *interface, | |
138 | const char *property, | |
139 | sd_bus_message *reply, | |
140 | void *userdata, | |
141 | sd_bus_error *error) { | |
142 | ||
143 | CGroupContext *c = userdata; | |
13c31542 TH |
144 | int r; |
145 | ||
146 | assert(bus); | |
147 | assert(reply); | |
148 | assert(c); | |
149 | ||
150 | r = sd_bus_message_open_container(reply, 'a', "(st)"); | |
151 | if (r < 0) | |
152 | return r; | |
153 | ||
154 | LIST_FOREACH(device_limits, l, c->io_device_limits) { | |
9be57249 | 155 | CGroupIOLimitType type; |
13c31542 | 156 | |
9be57249 TH |
157 | type = cgroup_io_limit_type_from_string(property); |
158 | if (type < 0 || l->limits[type] == cgroup_io_limit_defaults[type]) | |
13c31542 TH |
159 | continue; |
160 | ||
9be57249 | 161 | r = sd_bus_message_append(reply, "(st)", l->path, l->limits[type]); |
13c31542 TH |
162 | if (r < 0) |
163 | return r; | |
164 | } | |
165 | ||
166 | return sd_bus_message_close_container(reply); | |
167 | } | |
168 | ||
6ae4283c TH |
169 | static int property_get_io_device_latency( |
170 | sd_bus *bus, | |
171 | const char *path, | |
172 | const char *interface, | |
173 | const char *property, | |
174 | sd_bus_message *reply, | |
175 | void *userdata, | |
176 | sd_bus_error *error) { | |
177 | ||
178 | CGroupContext *c = userdata; | |
6ae4283c TH |
179 | int r; |
180 | ||
181 | assert(bus); | |
182 | assert(reply); | |
183 | assert(c); | |
184 | ||
185 | r = sd_bus_message_open_container(reply, 'a', "(st)"); | |
186 | if (r < 0) | |
187 | return r; | |
188 | ||
189 | LIST_FOREACH(device_latencies, l, c->io_device_latencies) { | |
190 | r = sd_bus_message_append(reply, "(st)", l->path, l->target_usec); | |
191 | if (r < 0) | |
192 | return r; | |
193 | } | |
194 | ||
195 | return sd_bus_message_close_container(reply); | |
196 | } | |
197 | ||
718db961 LP |
198 | static int property_get_blockio_device_weight( |
199 | sd_bus *bus, | |
200 | const char *path, | |
201 | const char *interface, | |
202 | const char *property, | |
203 | sd_bus_message *reply, | |
ebcf1f97 LP |
204 | void *userdata, |
205 | sd_bus_error *error) { | |
4ad49000 | 206 | |
718db961 | 207 | CGroupContext *c = userdata; |
718db961 | 208 | int r; |
4ad49000 | 209 | |
718db961 LP |
210 | assert(bus); |
211 | assert(reply); | |
4ad49000 LP |
212 | assert(c); |
213 | ||
718db961 LP |
214 | r = sd_bus_message_open_container(reply, 'a', "(st)"); |
215 | if (r < 0) | |
216 | return r; | |
4ad49000 LP |
217 | |
218 | LIST_FOREACH(device_weights, w, c->blockio_device_weights) { | |
718db961 LP |
219 | r = sd_bus_message_append(reply, "(st)", w->path, w->weight); |
220 | if (r < 0) | |
221 | return r; | |
4ad49000 LP |
222 | } |
223 | ||
718db961 | 224 | return sd_bus_message_close_container(reply); |
4ad49000 LP |
225 | } |
226 | ||
718db961 LP |
227 | static int property_get_blockio_device_bandwidths( |
228 | sd_bus *bus, | |
229 | const char *path, | |
230 | const char *interface, | |
231 | const char *property, | |
232 | sd_bus_message *reply, | |
ebcf1f97 LP |
233 | void *userdata, |
234 | sd_bus_error *error) { | |
718db961 LP |
235 | |
236 | CGroupContext *c = userdata; | |
718db961 | 237 | int r; |
4ad49000 | 238 | |
718db961 LP |
239 | assert(bus); |
240 | assert(reply); | |
4ad49000 LP |
241 | assert(c); |
242 | ||
718db961 LP |
243 | r = sd_bus_message_open_container(reply, 'a', "(st)"); |
244 | if (r < 0) | |
245 | return r; | |
4ad49000 LP |
246 | |
247 | LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths) { | |
979d0311 | 248 | uint64_t v; |
4ad49000 | 249 | |
979d0311 TH |
250 | if (streq(property, "BlockIOReadBandwidth")) |
251 | v = b->rbps; | |
252 | else | |
253 | v = b->wbps; | |
254 | ||
255 | if (v == CGROUP_LIMIT_MAX) | |
4ad49000 LP |
256 | continue; |
257 | ||
979d0311 | 258 | r = sd_bus_message_append(reply, "(st)", b->path, v); |
718db961 LP |
259 | if (r < 0) |
260 | return r; | |
4ad49000 LP |
261 | } |
262 | ||
718db961 | 263 | return sd_bus_message_close_container(reply); |
4ad49000 LP |
264 | } |
265 | ||
718db961 LP |
266 | static int property_get_device_allow( |
267 | sd_bus *bus, | |
268 | const char *path, | |
269 | const char *interface, | |
270 | const char *property, | |
271 | sd_bus_message *reply, | |
ebcf1f97 LP |
272 | void *userdata, |
273 | sd_bus_error *error) { | |
718db961 LP |
274 | |
275 | CGroupContext *c = userdata; | |
718db961 | 276 | int r; |
4ad49000 | 277 | |
718db961 LP |
278 | assert(bus); |
279 | assert(reply); | |
4ad49000 LP |
280 | assert(c); |
281 | ||
718db961 LP |
282 | r = sd_bus_message_open_container(reply, 'a', "(ss)"); |
283 | if (r < 0) | |
284 | return r; | |
4ad49000 LP |
285 | |
286 | LIST_FOREACH(device_allow, a, c->device_allow) { | |
4ad49000 | 287 | unsigned k = 0; |
718db961 | 288 | char rwm[4]; |
4ad49000 LP |
289 | |
290 | if (a->r) | |
718db961 | 291 | rwm[k++] = 'r'; |
4ad49000 | 292 | if (a->w) |
718db961 | 293 | rwm[k++] = 'w'; |
4ad49000 | 294 | if (a->m) |
718db961 | 295 | rwm[k++] = 'm'; |
4ad49000 | 296 | |
718db961 | 297 | rwm[k] = 0; |
4ad49000 | 298 | |
718db961 LP |
299 | r = sd_bus_message_append(reply, "(ss)", a->path, rwm); |
300 | if (r < 0) | |
301 | return r; | |
4ad49000 LP |
302 | } |
303 | ||
718db961 | 304 | return sd_bus_message_close_container(reply); |
4ad49000 LP |
305 | } |
306 | ||
3dc5ca97 LP |
307 | static int property_get_ip_address_access( |
308 | sd_bus *bus, | |
309 | const char *path, | |
310 | const char *interface, | |
311 | const char *property, | |
312 | sd_bus_message *reply, | |
313 | void *userdata, | |
314 | sd_bus_error *error) { | |
315 | ||
84ebe6f0 YW |
316 | Set **prefixes = userdata; |
317 | struct in_addr_prefix *i; | |
3dc5ca97 LP |
318 | int r; |
319 | ||
84ebe6f0 YW |
320 | assert(prefixes); |
321 | ||
3dc5ca97 LP |
322 | r = sd_bus_message_open_container(reply, 'a', "(iayu)"); |
323 | if (r < 0) | |
324 | return r; | |
325 | ||
84ebe6f0 | 326 | SET_FOREACH(i, *prefixes) { |
3dc5ca97 LP |
327 | |
328 | r = sd_bus_message_open_container(reply, 'r', "iayu"); | |
329 | if (r < 0) | |
330 | return r; | |
331 | ||
332 | r = sd_bus_message_append(reply, "i", i->family); | |
333 | if (r < 0) | |
334 | return r; | |
335 | ||
336 | r = sd_bus_message_append_array(reply, 'y', &i->address, FAMILY_ADDRESS_SIZE(i->family)); | |
337 | if (r < 0) | |
338 | return r; | |
339 | ||
340 | r = sd_bus_message_append(reply, "u", (uint32_t) i->prefixlen); | |
341 | if (r < 0) | |
342 | return r; | |
343 | ||
344 | r = sd_bus_message_close_container(reply); | |
345 | if (r < 0) | |
346 | return r; | |
347 | } | |
348 | ||
349 | return sd_bus_message_close_container(reply); | |
350 | } | |
351 | ||
9e009a14 JK |
352 | static int property_get_bpf_foreign_program( |
353 | sd_bus *bus, | |
354 | const char *path, | |
355 | const char *interface, | |
356 | const char *property, | |
357 | sd_bus_message *reply, | |
358 | void *userdata, | |
359 | sd_bus_error *error) { | |
360 | CGroupContext *c = userdata; | |
9e009a14 JK |
361 | int r; |
362 | ||
363 | r = sd_bus_message_open_container(reply, 'a', "(ss)"); | |
364 | if (r < 0) | |
365 | return r; | |
366 | ||
367 | LIST_FOREACH(programs, p, c->bpf_foreign_programs) { | |
368 | const char *attach_type = bpf_cgroup_attach_type_to_string(p->attach_type); | |
369 | ||
370 | r = sd_bus_message_append(reply, "(ss)", attach_type, p->bpffs_path); | |
371 | if (r < 0) | |
372 | return r; | |
373 | } | |
374 | ||
375 | return sd_bus_message_close_container(reply); | |
376 | } | |
377 | ||
dcf4781c JK |
378 | static int property_get_socket_bind( |
379 | sd_bus *bus, | |
380 | const char *path, | |
381 | const char *interface, | |
382 | const char *property, | |
383 | sd_bus_message *reply, | |
384 | void *userdata, | |
385 | sd_bus_error *error) { | |
03677889 YW |
386 | |
387 | CGroupSocketBindItem **items = userdata; | |
dcf4781c JK |
388 | int r; |
389 | ||
390 | assert(items); | |
391 | ||
4883a04f | 392 | r = sd_bus_message_open_container(reply, 'a', "(iiqq)"); |
dcf4781c JK |
393 | if (r < 0) |
394 | return r; | |
395 | ||
396 | LIST_FOREACH(socket_bind_items, i, *items) { | |
4883a04f | 397 | r = sd_bus_message_append(reply, "(iiqq)", i->address_family, i->ip_protocol, i->nr_ports, i->port_min); |
dcf4781c JK |
398 | if (r < 0) |
399 | return r; | |
400 | } | |
401 | ||
402 | return sd_bus_message_close_container(reply); | |
403 | } | |
404 | ||
a59cb62c MV |
405 | static int property_get_restrict_network_interfaces( |
406 | sd_bus *bus, | |
407 | const char *path, | |
408 | const char *interface, | |
409 | const char *property, | |
410 | sd_bus_message *reply, | |
411 | void *userdata, | |
412 | sd_bus_error *error) { | |
413 | int r; | |
414 | CGroupContext *c = userdata; | |
415 | char *iface; | |
416 | ||
417 | assert(bus); | |
418 | assert(reply); | |
419 | assert(c); | |
420 | ||
421 | r = sd_bus_message_open_container(reply, 'r', "bas"); | |
422 | if (r < 0) | |
423 | return r; | |
424 | ||
425 | r = sd_bus_message_append(reply, "b", c->restrict_network_interfaces_is_allow_list); | |
426 | if (r < 0) | |
427 | return r; | |
428 | ||
429 | r = sd_bus_message_open_container(reply, 'a', "s"); | |
430 | if (r < 0) | |
431 | return r; | |
432 | ||
433 | SET_FOREACH(iface, c->restrict_network_interfaces) { | |
434 | r = sd_bus_message_append(reply, "s", iface); | |
435 | if (r < 0) | |
436 | return r; | |
437 | } | |
438 | ||
439 | r = sd_bus_message_close_container(reply); | |
440 | if (r < 0) | |
441 | return r; | |
442 | ||
443 | return sd_bus_message_close_container(reply); | |
444 | } | |
445 | ||
718db961 LP |
446 | const sd_bus_vtable bus_cgroup_vtable[] = { |
447 | SD_BUS_VTABLE_START(0), | |
a931ad47 | 448 | SD_BUS_PROPERTY("Delegate", "b", bus_property_get_bool, offsetof(CGroupContext, delegate), 0), |
02638280 | 449 | SD_BUS_PROPERTY("DelegateControllers", "as", property_get_delegate_controllers, 0, 0), |
610f780c | 450 | SD_BUS_PROPERTY("CPUAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, cpu_accounting), 0), |
66ebf6c0 TH |
451 | SD_BUS_PROPERTY("CPUWeight", "t", NULL, offsetof(CGroupContext, cpu_weight), 0), |
452 | SD_BUS_PROPERTY("StartupCPUWeight", "t", NULL, offsetof(CGroupContext, startup_cpu_weight), 0), | |
d53d9474 LP |
453 | SD_BUS_PROPERTY("CPUShares", "t", NULL, offsetof(CGroupContext, cpu_shares), 0), |
454 | SD_BUS_PROPERTY("StartupCPUShares", "t", NULL, offsetof(CGroupContext, startup_cpu_shares), 0), | |
ee26bcc0 | 455 | SD_BUS_PROPERTY("CPUQuotaPerSecUSec", "t", bus_property_get_usec, offsetof(CGroupContext, cpu_quota_per_sec_usec), 0), |
10f28641 | 456 | SD_BUS_PROPERTY("CPUQuotaPeriodUSec", "t", bus_property_get_usec, offsetof(CGroupContext, cpu_quota_period_usec), 0), |
047f5d63 | 457 | SD_BUS_PROPERTY("AllowedCPUs", "ay", property_get_cpuset, offsetof(CGroupContext, cpuset_cpus), 0), |
31d3a520 | 458 | SD_BUS_PROPERTY("StartupAllowedCPUs", "ay", property_get_cpuset, offsetof(CGroupContext, startup_cpuset_cpus), 0), |
047f5d63 | 459 | SD_BUS_PROPERTY("AllowedMemoryNodes", "ay", property_get_cpuset, offsetof(CGroupContext, cpuset_mems), 0), |
31d3a520 | 460 | SD_BUS_PROPERTY("StartupAllowedMemoryNodes", "ay", property_get_cpuset, offsetof(CGroupContext, startup_cpuset_mems), 0), |
13c31542 TH |
461 | SD_BUS_PROPERTY("IOAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, io_accounting), 0), |
462 | SD_BUS_PROPERTY("IOWeight", "t", NULL, offsetof(CGroupContext, io_weight), 0), | |
463 | SD_BUS_PROPERTY("StartupIOWeight", "t", NULL, offsetof(CGroupContext, startup_io_weight), 0), | |
464 | SD_BUS_PROPERTY("IODeviceWeight", "a(st)", property_get_io_device_weight, 0, 0), | |
465 | SD_BUS_PROPERTY("IOReadBandwidthMax", "a(st)", property_get_io_device_limits, 0, 0), | |
466 | SD_BUS_PROPERTY("IOWriteBandwidthMax", "a(st)", property_get_io_device_limits, 0, 0), | |
ac06a0cf TH |
467 | SD_BUS_PROPERTY("IOReadIOPSMax", "a(st)", property_get_io_device_limits, 0, 0), |
468 | SD_BUS_PROPERTY("IOWriteIOPSMax", "a(st)", property_get_io_device_limits, 0, 0), | |
6ae4283c | 469 | SD_BUS_PROPERTY("IODeviceLatencyTargetUSec", "a(st)", property_get_io_device_latency, 0, 0), |
610f780c | 470 | SD_BUS_PROPERTY("BlockIOAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, blockio_accounting), 0), |
d53d9474 LP |
471 | SD_BUS_PROPERTY("BlockIOWeight", "t", NULL, offsetof(CGroupContext, blockio_weight), 0), |
472 | SD_BUS_PROPERTY("StartupBlockIOWeight", "t", NULL, offsetof(CGroupContext, startup_blockio_weight), 0), | |
610f780c LP |
473 | SD_BUS_PROPERTY("BlockIODeviceWeight", "a(st)", property_get_blockio_device_weight, 0, 0), |
474 | SD_BUS_PROPERTY("BlockIOReadBandwidth", "a(st)", property_get_blockio_device_bandwidths, 0, 0), | |
475 | SD_BUS_PROPERTY("BlockIOWriteBandwidth", "a(st)", property_get_blockio_device_bandwidths, 0, 0), | |
476 | SD_BUS_PROPERTY("MemoryAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, memory_accounting), 0), | |
c52db42b | 477 | SD_BUS_PROPERTY("DefaultMemoryLow", "t", NULL, offsetof(CGroupContext, default_memory_low), 0), |
7e7223b3 | 478 | SD_BUS_PROPERTY("DefaultMemoryMin", "t", NULL, offsetof(CGroupContext, default_memory_min), 0), |
48422635 | 479 | SD_BUS_PROPERTY("MemoryMin", "t", NULL, offsetof(CGroupContext, memory_min), 0), |
da4d897e TH |
480 | SD_BUS_PROPERTY("MemoryLow", "t", NULL, offsetof(CGroupContext, memory_low), 0), |
481 | SD_BUS_PROPERTY("MemoryHigh", "t", NULL, offsetof(CGroupContext, memory_high), 0), | |
482 | SD_BUS_PROPERTY("MemoryMax", "t", NULL, offsetof(CGroupContext, memory_max), 0), | |
96e131ea | 483 | SD_BUS_PROPERTY("MemorySwapMax", "t", NULL, offsetof(CGroupContext, memory_swap_max), 0), |
610f780c LP |
484 | SD_BUS_PROPERTY("MemoryLimit", "t", NULL, offsetof(CGroupContext, memory_limit), 0), |
485 | SD_BUS_PROPERTY("DevicePolicy", "s", property_get_cgroup_device_policy, offsetof(CGroupContext, device_policy), 0), | |
486 | SD_BUS_PROPERTY("DeviceAllow", "a(ss)", property_get_device_allow, 0, 0), | |
03a7b521 | 487 | SD_BUS_PROPERTY("TasksAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, tasks_accounting), 0), |
3a0f06c4 | 488 | SD_BUS_PROPERTY("TasksMax", "t", bus_property_get_tasks_max, offsetof(CGroupContext, tasks_max), 0), |
3dc5ca97 LP |
489 | SD_BUS_PROPERTY("IPAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, ip_accounting), 0), |
490 | SD_BUS_PROPERTY("IPAddressAllow", "a(iayu)", property_get_ip_address_access, offsetof(CGroupContext, ip_address_allow), 0), | |
491 | SD_BUS_PROPERTY("IPAddressDeny", "a(iayu)", property_get_ip_address_access, offsetof(CGroupContext, ip_address_deny), 0), | |
fab34748 KL |
492 | SD_BUS_PROPERTY("IPIngressFilterPath", "as", NULL, offsetof(CGroupContext, ip_filters_ingress), 0), |
493 | SD_BUS_PROPERTY("IPEgressFilterPath", "as", NULL, offsetof(CGroupContext, ip_filters_egress), 0), | |
c72703e2 | 494 | SD_BUS_PROPERTY("DisableControllers", "as", property_get_cgroup_mask, offsetof(CGroupContext, disable_controllers), 0), |
4d824a4e AZ |
495 | SD_BUS_PROPERTY("ManagedOOMSwap", "s", property_get_managed_oom_mode, offsetof(CGroupContext, moom_swap), 0), |
496 | SD_BUS_PROPERTY("ManagedOOMMemoryPressure", "s", property_get_managed_oom_mode, offsetof(CGroupContext, moom_mem_pressure), 0), | |
d9d3f05d | 497 | SD_BUS_PROPERTY("ManagedOOMMemoryPressureLimit", "u", NULL, offsetof(CGroupContext, moom_mem_pressure_limit), 0), |
4e806bfa | 498 | SD_BUS_PROPERTY("ManagedOOMPreference", "s", property_get_managed_oom_preference, offsetof(CGroupContext, moom_preference), 0), |
9e009a14 | 499 | SD_BUS_PROPERTY("BPFProgram", "a(ss)", property_get_bpf_foreign_program, 0, 0), |
4883a04f JK |
500 | SD_BUS_PROPERTY("SocketBindAllow", "a(iiqq)", property_get_socket_bind, offsetof(CGroupContext, socket_bind_allow), 0), |
501 | SD_BUS_PROPERTY("SocketBindDeny", "a(iiqq)", property_get_socket_bind, offsetof(CGroupContext, socket_bind_deny), 0), | |
a59cb62c | 502 | SD_BUS_PROPERTY("RestrictNetworkInterfaces", "(bas)", property_get_restrict_network_interfaces, 0, 0), |
718db961 | 503 | SD_BUS_VTABLE_END |
4ad49000 | 504 | }; |
8e2af478 | 505 | |
a931ad47 LP |
506 | static int bus_cgroup_set_transient_property( |
507 | Unit *u, | |
508 | CGroupContext *c, | |
509 | const char *name, | |
510 | sd_bus_message *message, | |
2e59b241 | 511 | UnitWriteFlags flags, |
a931ad47 LP |
512 | sd_bus_error *error) { |
513 | ||
514 | int r; | |
515 | ||
516 | assert(u); | |
517 | assert(c); | |
518 | assert(name); | |
519 | assert(message); | |
520 | ||
2e59b241 LP |
521 | flags |= UNIT_PRIVATE; |
522 | ||
a931ad47 LP |
523 | if (streq(name, "Delegate")) { |
524 | int b; | |
525 | ||
1d9cc876 | 526 | if (!UNIT_VTABLE(u)->can_delegate) |
1b09b81c | 527 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Delegation not available for unit type"); |
1d9cc876 | 528 | |
a931ad47 LP |
529 | r = sd_bus_message_read(message, "b", &b); |
530 | if (r < 0) | |
531 | return r; | |
532 | ||
2e59b241 | 533 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
a931ad47 | 534 | c->delegate = b; |
02638280 LP |
535 | c->delegate_controllers = b ? _CGROUP_MASK_ALL : 0; |
536 | ||
2e59b241 | 537 | unit_write_settingf(u, flags, name, "Delegate=%s", yes_no(b)); |
a931ad47 LP |
538 | } |
539 | ||
02638280 LP |
540 | return 1; |
541 | ||
25cc30c4 | 542 | } else if (STR_IN_SET(name, "DelegateControllers", "DisableControllers")) { |
02638280 LP |
543 | CGroupMask mask = 0; |
544 | ||
25cc30c4 | 545 | if (streq(name, "DelegateControllers") && !UNIT_VTABLE(u)->can_delegate) |
1b09b81c | 546 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Delegation not available for unit type"); |
1d9cc876 | 547 | |
02638280 LP |
548 | r = sd_bus_message_enter_container(message, 'a', "s"); |
549 | if (r < 0) | |
550 | return r; | |
551 | ||
552 | for (;;) { | |
553 | CGroupController cc; | |
554 | const char *t; | |
555 | ||
556 | r = sd_bus_message_read(message, "s", &t); | |
557 | if (r < 0) | |
558 | return r; | |
559 | if (r == 0) | |
560 | break; | |
561 | ||
562 | cc = cgroup_controller_from_string(t); | |
563 | if (cc < 0) | |
ef42f561 | 564 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unknown cgroup controller '%s'", t); |
02638280 LP |
565 | |
566 | mask |= CGROUP_CONTROLLER_TO_MASK(cc); | |
567 | } | |
568 | ||
569 | r = sd_bus_message_exit_container(message); | |
570 | if (r < 0) | |
571 | return r; | |
572 | ||
2e59b241 | 573 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
02638280 LP |
574 | _cleanup_free_ char *t = NULL; |
575 | ||
576 | r = cg_mask_to_string(mask, &t); | |
577 | if (r < 0) | |
578 | return r; | |
579 | ||
25cc30c4 AZ |
580 | if (streq(name, "DelegateControllers")) { |
581 | ||
582 | c->delegate = true; | |
583 | if (mask == 0) | |
584 | c->delegate_controllers = 0; | |
585 | else | |
586 | c->delegate_controllers |= mask; | |
587 | ||
588 | unit_write_settingf(u, flags, name, "Delegate=%s", strempty(t)); | |
02638280 | 589 | |
25cc30c4 AZ |
590 | } else if (streq(name, "DisableControllers")) { |
591 | ||
592 | if (mask == 0) | |
593 | c->disable_controllers = 0; | |
594 | else | |
595 | c->disable_controllers |= mask; | |
596 | ||
597 | unit_write_settingf(u, flags, name, "%s=%s", name, strempty(t)); | |
598 | } | |
02638280 LP |
599 | } |
600 | ||
fab34748 KL |
601 | return 1; |
602 | } else if (STR_IN_SET(name, "IPIngressFilterPath", "IPEgressFilterPath")) { | |
603 | char ***filters; | |
604 | size_t n = 0; | |
605 | ||
606 | filters = streq(name, "IPIngressFilterPath") ? &c->ip_filters_ingress : &c->ip_filters_egress; | |
607 | r = sd_bus_message_enter_container(message, 'a', "s"); | |
608 | if (r < 0) | |
609 | return r; | |
610 | ||
611 | for (;;) { | |
612 | const char *path; | |
613 | ||
614 | r = sd_bus_message_read(message, "s", &path); | |
615 | if (r < 0) | |
616 | return r; | |
617 | if (r == 0) | |
618 | break; | |
619 | ||
620 | if (!path_is_normalized(path) || !path_is_absolute(path)) | |
621 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects a normalized absolute path.", name); | |
622 | ||
623 | if (!UNIT_WRITE_FLAGS_NOOP(flags) && !strv_contains(*filters, path)) { | |
624 | r = strv_extend(filters, path); | |
625 | if (r < 0) | |
626 | return log_oom(); | |
627 | } | |
628 | n++; | |
629 | } | |
630 | r = sd_bus_message_exit_container(message); | |
631 | if (r < 0) | |
632 | return r; | |
633 | ||
634 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
635 | _cleanup_free_ char *buf = NULL; | |
636 | _cleanup_fclose_ FILE *f = NULL; | |
fab34748 KL |
637 | size_t size = 0; |
638 | ||
639 | if (n == 0) | |
640 | *filters = strv_free(*filters); | |
641 | ||
642 | unit_invalidate_cgroup_bpf(u); | |
643 | f = open_memstream_unlocked(&buf, &size); | |
644 | if (!f) | |
645 | return -ENOMEM; | |
646 | ||
647 | fputs(name, f); | |
648 | fputs("=\n", f); | |
649 | ||
650 | STRV_FOREACH(entry, *filters) | |
651 | fprintf(f, "%s=%s\n", name, *entry); | |
652 | ||
653 | r = fflush_and_check(f); | |
654 | if (r < 0) | |
655 | return r; | |
656 | ||
657 | unit_write_setting(u, flags, name, buf); | |
658 | ||
659 | if (*filters) { | |
660 | r = bpf_firewall_supported(); | |
661 | if (r < 0) | |
662 | return r; | |
663 | if (r != BPF_FIREWALL_SUPPORTED_WITH_MULTI) { | |
664 | static bool warned = false; | |
665 | ||
666 | log_full(warned ? LOG_DEBUG : LOG_WARNING, | |
fc103b3e | 667 | "Transient unit %s configures an IP firewall with BPF, but the local system does not support BPF/cgroup firewalling with multiple filters.\n" |
fab34748 KL |
668 | "Starting this unit will fail! (This warning is only shown for the first started transient unit using IP firewalling.)", u->id); |
669 | warned = true; | |
670 | } | |
671 | } | |
672 | } | |
673 | ||
9e009a14 JK |
674 | return 1; |
675 | } else if (streq(name, "BPFProgram")) { | |
676 | const char *a, *p; | |
677 | size_t n = 0; | |
678 | ||
679 | r = sd_bus_message_enter_container(message, 'a', "(ss)"); | |
680 | if (r < 0) | |
681 | return r; | |
682 | ||
683 | while ((r = sd_bus_message_read(message, "(ss)", &a, &p)) > 0) { | |
684 | int attach_type = bpf_cgroup_attach_type_from_string(a); | |
685 | if (attach_type < 0) | |
686 | return sd_bus_error_setf( | |
687 | error, | |
688 | SD_BUS_ERROR_INVALID_ARGS, | |
689 | "%s expects a valid BPF attach type, got '%s'.", | |
690 | name, a); | |
691 | ||
692 | if (!path_is_normalized(p) || !path_is_absolute(p)) | |
693 | return sd_bus_error_setf( | |
694 | error, | |
695 | SD_BUS_ERROR_INVALID_ARGS, | |
696 | "%s= expects a normalized absolute path.", | |
697 | name); | |
698 | ||
699 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
700 | r = cgroup_add_bpf_foreign_program(c, attach_type, p); | |
701 | if (r < 0) | |
702 | return r; | |
703 | } | |
704 | n++; | |
705 | } | |
706 | if (r < 0) | |
707 | return r; | |
708 | ||
709 | r = sd_bus_message_exit_container(message); | |
710 | if (r < 0) | |
711 | return r; | |
712 | ||
713 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
714 | _cleanup_free_ char *buf = NULL; | |
715 | _cleanup_fclose_ FILE *f = NULL; | |
9e009a14 JK |
716 | size_t size = 0; |
717 | ||
718 | if (n == 0) | |
719 | while (c->bpf_foreign_programs) | |
720 | cgroup_context_remove_bpf_foreign_program(c, c->bpf_foreign_programs); | |
721 | ||
722 | f = open_memstream_unlocked(&buf, &size); | |
723 | if (!f) | |
724 | return -ENOMEM; | |
725 | ||
726 | fputs(name, f); | |
727 | fputs("=\n", f); | |
728 | ||
729 | LIST_FOREACH(programs, fp, c->bpf_foreign_programs) | |
730 | fprintf(f, "%s=%s:%s\n", name, | |
731 | bpf_cgroup_attach_type_to_string(fp->attach_type), | |
732 | fp->bpffs_path); | |
733 | ||
734 | r = fflush_and_check(f); | |
735 | if (r < 0) | |
736 | return r; | |
737 | ||
738 | unit_write_setting(u, flags, name, buf); | |
739 | ||
740 | if (!LIST_IS_EMPTY(c->bpf_foreign_programs)) { | |
741 | r = bpf_foreign_supported(); | |
742 | if (r < 0) | |
743 | return r; | |
744 | if (r == 0) | |
745 | log_full(LOG_DEBUG, | |
746 | "Transient unit %s configures a BPF program pinned to BPF " | |
747 | "filesystem, but the local system does not support that.\n" | |
748 | "Starting this unit will fail!", u->id); | |
749 | } | |
750 | } | |
751 | ||
a931ad47 LP |
752 | return 1; |
753 | } | |
754 | ||
755 | return 0; | |
756 | } | |
757 | ||
681ae88e YW |
758 | static int bus_cgroup_set_boolean( |
759 | Unit *u, | |
760 | const char *name, | |
761 | bool *p, | |
762 | CGroupMask mask, | |
763 | sd_bus_message *message, | |
764 | UnitWriteFlags flags, | |
765 | sd_bus_error *error) { | |
766 | ||
767 | int b, r; | |
768 | ||
769 | assert(p); | |
770 | ||
771 | r = sd_bus_message_read(message, "b", &b); | |
772 | if (r < 0) | |
773 | return r; | |
774 | ||
775 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
776 | *p = b; | |
777 | unit_invalidate_cgroup(u, mask); | |
778 | unit_write_settingf(u, flags, name, "%s=%s", name, yes_no(b)); | |
779 | } | |
780 | ||
781 | return 1; | |
782 | } | |
783 | ||
906bdbf5 YW |
784 | #define BUS_DEFINE_SET_CGROUP_WEIGHT(function, mask, check, val) \ |
785 | static int bus_cgroup_set_##function( \ | |
786 | Unit *u, \ | |
787 | const char *name, \ | |
788 | uint64_t *p, \ | |
789 | sd_bus_message *message, \ | |
790 | UnitWriteFlags flags, \ | |
791 | sd_bus_error *error) { \ | |
792 | \ | |
793 | uint64_t v; \ | |
794 | int r; \ | |
795 | \ | |
796 | assert(p); \ | |
797 | \ | |
798 | r = sd_bus_message_read(message, "t", &v); \ | |
799 | if (r < 0) \ | |
800 | return r; \ | |
801 | \ | |
802 | if (!check(v)) \ | |
803 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, \ | |
804 | "Value specified in %s is out of range", name); \ | |
805 | \ | |
806 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { \ | |
807 | *p = v; \ | |
1454ab40 | 808 | unit_invalidate_cgroup(u, mask); \ |
906bdbf5 YW |
809 | \ |
810 | if (v == (val)) \ | |
811 | unit_write_settingf(u, flags, name, \ | |
812 | "%s=", name); \ | |
813 | else \ | |
814 | unit_write_settingf(u, flags, name, \ | |
815 | "%s=%" PRIu64, name, v); \ | |
816 | } \ | |
817 | \ | |
818 | return 1; \ | |
819 | } | |
820 | ||
821 | #define BUS_DEFINE_SET_CGROUP_LIMIT(function, mask, scale, minimum) \ | |
822 | static int bus_cgroup_set_##function( \ | |
823 | Unit *u, \ | |
824 | const char *name, \ | |
825 | uint64_t *p, \ | |
826 | sd_bus_message *message, \ | |
827 | UnitWriteFlags flags, \ | |
828 | sd_bus_error *error) { \ | |
829 | \ | |
830 | uint64_t v; \ | |
831 | int r; \ | |
832 | \ | |
833 | assert(p); \ | |
834 | \ | |
835 | r = sd_bus_message_read(message, "t", &v); \ | |
836 | if (r < 0) \ | |
837 | return r; \ | |
838 | \ | |
839 | if (v < minimum) \ | |
840 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, \ | |
841 | "Value specified in %s is out of range", name); \ | |
842 | \ | |
843 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { \ | |
844 | *p = v; \ | |
1454ab40 | 845 | unit_invalidate_cgroup(u, mask); \ |
906bdbf5 YW |
846 | \ |
847 | if (v == CGROUP_LIMIT_MAX) \ | |
848 | unit_write_settingf(u, flags, name, \ | |
849 | "%s=infinity", name); \ | |
850 | else \ | |
851 | unit_write_settingf(u, flags, name, \ | |
852 | "%s=%" PRIu64, name, v); \ | |
853 | } \ | |
854 | \ | |
855 | return 1; \ | |
856 | } \ | |
857 | static int bus_cgroup_set_##function##_scale( \ | |
858 | Unit *u, \ | |
859 | const char *name, \ | |
860 | uint64_t *p, \ | |
861 | sd_bus_message *message, \ | |
862 | UnitWriteFlags flags, \ | |
863 | sd_bus_error *error) { \ | |
864 | \ | |
865 | uint64_t v; \ | |
866 | uint32_t raw; \ | |
867 | int r; \ | |
868 | \ | |
869 | assert(p); \ | |
870 | \ | |
871 | r = sd_bus_message_read(message, "u", &raw); \ | |
872 | if (r < 0) \ | |
873 | return r; \ | |
874 | \ | |
875 | v = scale(raw, UINT32_MAX); \ | |
876 | if (v < minimum || v >= UINT64_MAX) \ | |
877 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, \ | |
878 | "Value specified in %s is out of range", name); \ | |
879 | \ | |
880 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { \ | |
906bdbf5 | 881 | *p = v; \ |
1454ab40 | 882 | unit_invalidate_cgroup(u, mask); \ |
906bdbf5 | 883 | \ |
e617e2cc ZJS |
884 | /* Prepare to chop off suffix */ \ |
885 | assert_se(endswith(name, "Scale")); \ | |
906bdbf5 | 886 | \ |
9cba32bc | 887 | int scaled = UINT32_SCALE_TO_PERMYRIAD(raw); \ |
1ead0b2a | 888 | unit_write_settingf(u, flags, name, "%.*s=" PERMYRIAD_AS_PERCENT_FORMAT_STR, \ |
e617e2cc | 889 | (int)(strlen(name) - strlen("Scale")), name, \ |
1ead0b2a | 890 | PERMYRIAD_AS_PERCENT_FORMAT_VAL(scaled)); \ |
906bdbf5 YW |
891 | } \ |
892 | \ | |
893 | return 1; \ | |
894 | } | |
895 | ||
6028d766 | 896 | DISABLE_WARNING_TYPE_LIMITS; |
906bdbf5 YW |
897 | BUS_DEFINE_SET_CGROUP_WEIGHT(cpu_weight, CGROUP_MASK_CPU, CGROUP_WEIGHT_IS_OK, CGROUP_WEIGHT_INVALID); |
898 | BUS_DEFINE_SET_CGROUP_WEIGHT(cpu_shares, CGROUP_MASK_CPU, CGROUP_CPU_SHARES_IS_OK, CGROUP_CPU_SHARES_INVALID); | |
899 | BUS_DEFINE_SET_CGROUP_WEIGHT(io_weight, CGROUP_MASK_IO, CGROUP_WEIGHT_IS_OK, CGROUP_WEIGHT_INVALID); | |
900 | BUS_DEFINE_SET_CGROUP_WEIGHT(blockio_weight, CGROUP_MASK_BLKIO, CGROUP_BLKIO_WEIGHT_IS_OK, CGROUP_BLKIO_WEIGHT_INVALID); | |
901 | BUS_DEFINE_SET_CGROUP_LIMIT(memory, CGROUP_MASK_MEMORY, physical_memory_scale, 1); | |
311a0e2e | 902 | BUS_DEFINE_SET_CGROUP_LIMIT(memory_protection, CGROUP_MASK_MEMORY, physical_memory_scale, 0); |
906bdbf5 | 903 | BUS_DEFINE_SET_CGROUP_LIMIT(swap, CGROUP_MASK_MEMORY, physical_memory_scale, 0); |
6028d766 | 904 | REENABLE_WARNING; |
681ae88e | 905 | |
3a0f06c4 ZJS |
906 | static int bus_cgroup_set_tasks_max( |
907 | Unit *u, | |
908 | const char *name, | |
909 | TasksMax *p, | |
910 | sd_bus_message *message, | |
911 | UnitWriteFlags flags, | |
912 | sd_bus_error *error) { | |
913 | ||
914 | uint64_t v; | |
915 | int r; | |
916 | ||
917 | assert(p); | |
918 | ||
919 | r = sd_bus_message_read(message, "t", &v); | |
920 | if (r < 0) | |
921 | return r; | |
922 | ||
923 | if (v < 1) | |
924 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, | |
925 | "Value specified in %s is out of range", name); | |
926 | ||
927 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
928 | *p = (TasksMax) { .value = v, .scale = 0 }; /* When .scale==0, .value is the absolute value */ | |
929 | unit_invalidate_cgroup(u, CGROUP_MASK_PIDS); | |
930 | ||
931 | if (v == CGROUP_LIMIT_MAX) | |
932 | unit_write_settingf(u, flags, name, | |
933 | "%s=infinity", name); | |
934 | else | |
935 | unit_write_settingf(u, flags, name, | |
936 | "%s=%" PRIu64, name, v); | |
937 | } | |
938 | ||
939 | return 1; | |
940 | } | |
941 | ||
942 | static int bus_cgroup_set_tasks_max_scale( | |
943 | Unit *u, | |
944 | const char *name, | |
945 | TasksMax *p, | |
946 | sd_bus_message *message, | |
947 | UnitWriteFlags flags, | |
948 | sd_bus_error *error) { | |
949 | ||
950 | uint32_t v; | |
951 | int r; | |
952 | ||
953 | assert(p); | |
954 | ||
955 | r = sd_bus_message_read(message, "u", &v); | |
956 | if (r < 0) | |
957 | return r; | |
958 | ||
959 | if (v < 1 || v >= UINT32_MAX) | |
960 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, | |
961 | "Value specified in %s is out of range", name); | |
962 | ||
963 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
964 | *p = (TasksMax) { v, UINT32_MAX }; /* .scale is not 0, so this is interpreted as v/UINT32_MAX. */ | |
965 | unit_invalidate_cgroup(u, CGROUP_MASK_PIDS); | |
966 | ||
0877d4e0 ZJS |
967 | uint32_t scaled = DIV_ROUND_UP((uint64_t) v * 100U, (uint64_t) UINT32_MAX); |
968 | unit_write_settingf(u, flags, name, "%s=%" PRIu32 ".%" PRIu32 "%%", "TasksMax", | |
969 | scaled / 10, scaled % 10); | |
3a0f06c4 ZJS |
970 | } |
971 | ||
972 | return 1; | |
973 | } | |
974 | ||
8e2af478 LP |
975 | int bus_cgroup_set_property( |
976 | Unit *u, | |
977 | CGroupContext *c, | |
978 | const char *name, | |
718db961 | 979 | sd_bus_message *message, |
2e59b241 | 980 | UnitWriteFlags flags, |
718db961 LP |
981 | sd_bus_error *error) { |
982 | ||
9be57249 | 983 | CGroupIOLimitType iol_type; |
718db961 | 984 | int r; |
8e2af478 | 985 | |
8e2af478 LP |
986 | assert(u); |
987 | assert(c); | |
718db961 LP |
988 | assert(name); |
989 | assert(message); | |
8e2af478 | 990 | |
2e59b241 LP |
991 | flags |= UNIT_PRIVATE; |
992 | ||
681ae88e | 993 | if (streq(name, "CPUAccounting")) |
f98c2585 | 994 | return bus_cgroup_set_boolean(u, name, &c->cpu_accounting, get_cpu_accounting_mask(), message, flags, error); |
8e2af478 | 995 | |
681ae88e YW |
996 | if (streq(name, "CPUWeight")) |
997 | return bus_cgroup_set_cpu_weight(u, name, &c->cpu_weight, message, flags, error); | |
8e2af478 | 998 | |
681ae88e YW |
999 | if (streq(name, "StartupCPUWeight")) |
1000 | return bus_cgroup_set_cpu_weight(u, name, &c->startup_cpu_weight, message, flags, error); | |
b42defe3 | 1001 | |
681ae88e YW |
1002 | if (streq(name, "CPUShares")) |
1003 | return bus_cgroup_set_cpu_shares(u, name, &c->cpu_shares, message, flags, error); | |
b42defe3 | 1004 | |
681ae88e YW |
1005 | if (streq(name, "StartupCPUShares")) |
1006 | return bus_cgroup_set_cpu_shares(u, name, &c->startup_cpu_shares, message, flags, error); | |
66ebf6c0 | 1007 | |
681ae88e YW |
1008 | if (streq(name, "IOAccounting")) |
1009 | return bus_cgroup_set_boolean(u, name, &c->io_accounting, CGROUP_MASK_IO, message, flags, error); | |
66ebf6c0 | 1010 | |
681ae88e YW |
1011 | if (streq(name, "IOWeight")) |
1012 | return bus_cgroup_set_io_weight(u, name, &c->io_weight, message, flags, error); | |
66ebf6c0 | 1013 | |
681ae88e YW |
1014 | if (streq(name, "StartupIOWeight")) |
1015 | return bus_cgroup_set_io_weight(u, name, &c->startup_io_weight, message, flags, error); | |
66ebf6c0 | 1016 | |
681ae88e YW |
1017 | if (streq(name, "BlockIOAccounting")) |
1018 | return bus_cgroup_set_boolean(u, name, &c->blockio_accounting, CGROUP_MASK_BLKIO, message, flags, error); | |
66ebf6c0 | 1019 | |
681ae88e YW |
1020 | if (streq(name, "BlockIOWeight")) |
1021 | return bus_cgroup_set_blockio_weight(u, name, &c->blockio_weight, message, flags, error); | |
66ebf6c0 | 1022 | |
681ae88e YW |
1023 | if (streq(name, "StartupBlockIOWeight")) |
1024 | return bus_cgroup_set_blockio_weight(u, name, &c->startup_blockio_weight, message, flags, error); | |
66ebf6c0 | 1025 | |
681ae88e YW |
1026 | if (streq(name, "MemoryAccounting")) |
1027 | return bus_cgroup_set_boolean(u, name, &c->memory_accounting, CGROUP_MASK_MEMORY, message, flags, error); | |
b42defe3 | 1028 | |
311a0e2e ZJS |
1029 | if (streq(name, "MemoryMin")) { |
1030 | r = bus_cgroup_set_memory_protection(u, name, &c->memory_min, message, flags, error); | |
1031 | if (r > 0) | |
1032 | c->memory_min_set = true; | |
1033 | return r; | |
1034 | } | |
48422635 | 1035 | |
311a0e2e ZJS |
1036 | if (streq(name, "MemoryLow")) { |
1037 | r = bus_cgroup_set_memory_protection(u, name, &c->memory_low, message, flags, error); | |
1038 | if (r > 0) | |
1039 | c->memory_low_set = true; | |
1040 | return r; | |
1041 | } | |
b42defe3 | 1042 | |
311a0e2e ZJS |
1043 | if (streq(name, "DefaultMemoryMin")) { |
1044 | r = bus_cgroup_set_memory_protection(u, name, &c->default_memory_min, message, flags, error); | |
1045 | if (r > 0) | |
1046 | c->default_memory_min_set = true; | |
1047 | return r; | |
1048 | } | |
7ad5439e | 1049 | |
311a0e2e ZJS |
1050 | if (streq(name, "DefaultMemoryLow")) { |
1051 | r = bus_cgroup_set_memory_protection(u, name, &c->default_memory_low, message, flags, error); | |
1052 | if (r > 0) | |
1053 | c->default_memory_low_set = true; | |
1054 | return r; | |
1055 | } | |
c52db42b | 1056 | |
681ae88e YW |
1057 | if (streq(name, "MemoryHigh")) |
1058 | return bus_cgroup_set_memory(u, name, &c->memory_high, message, flags, error); | |
b42defe3 | 1059 | |
681ae88e | 1060 | if (streq(name, "MemorySwapMax")) |
906bdbf5 | 1061 | return bus_cgroup_set_swap(u, name, &c->memory_swap_max, message, flags, error); |
95ae05c0 | 1062 | |
681ae88e YW |
1063 | if (streq(name, "MemoryMax")) |
1064 | return bus_cgroup_set_memory(u, name, &c->memory_max, message, flags, error); | |
d53d9474 | 1065 | |
681ae88e YW |
1066 | if (streq(name, "MemoryLimit")) |
1067 | return bus_cgroup_set_memory(u, name, &c->memory_limit, message, flags, error); | |
95ae05c0 | 1068 | |
311a0e2e ZJS |
1069 | if (streq(name, "MemoryMinScale")) { |
1070 | r = bus_cgroup_set_memory_protection_scale(u, name, &c->memory_min, message, flags, error); | |
1071 | if (r > 0) | |
1072 | c->memory_min_set = true; | |
1073 | return r; | |
1074 | } | |
48422635 | 1075 | |
311a0e2e ZJS |
1076 | if (streq(name, "MemoryLowScale")) { |
1077 | r = bus_cgroup_set_memory_protection_scale(u, name, &c->memory_low, message, flags, error); | |
1078 | if (r > 0) | |
1079 | c->memory_low_set = true; | |
1080 | return r; | |
1081 | } | |
c52db42b | 1082 | |
311a0e2e ZJS |
1083 | if (streq(name, "DefaultMemoryMinScale")) { |
1084 | r = bus_cgroup_set_memory_protection_scale(u, name, &c->default_memory_min, message, flags, error); | |
1085 | if (r > 0) | |
1086 | c->default_memory_min_set = true; | |
1087 | return r; | |
1088 | } | |
7ad5439e | 1089 | |
311a0e2e ZJS |
1090 | if (streq(name, "DefaultMemoryLowScale")) { |
1091 | r = bus_cgroup_set_memory_protection_scale(u, name, &c->default_memory_low, message, flags, error); | |
1092 | if (r > 0) | |
1093 | c->default_memory_low_set = true; | |
1094 | return r; | |
1095 | } | |
681ae88e YW |
1096 | |
1097 | if (streq(name, "MemoryHighScale")) | |
1098 | return bus_cgroup_set_memory_scale(u, name, &c->memory_high, message, flags, error); | |
1099 | ||
1100 | if (streq(name, "MemorySwapMaxScale")) | |
906bdbf5 | 1101 | return bus_cgroup_set_swap_scale(u, name, &c->memory_swap_max, message, flags, error); |
681ae88e YW |
1102 | |
1103 | if (streq(name, "MemoryMaxScale")) | |
1104 | return bus_cgroup_set_memory_scale(u, name, &c->memory_max, message, flags, error); | |
95ae05c0 | 1105 | |
681ae88e YW |
1106 | if (streq(name, "MemoryLimitScale")) |
1107 | return bus_cgroup_set_memory_scale(u, name, &c->memory_limit, message, flags, error); | |
1108 | ||
60644c3d | 1109 | if (streq(name, "TasksAccounting")) |
681ae88e YW |
1110 | return bus_cgroup_set_boolean(u, name, &c->tasks_accounting, CGROUP_MASK_PIDS, message, flags, error); |
1111 | ||
1112 | if (streq(name, "TasksMax")) | |
1113 | return bus_cgroup_set_tasks_max(u, name, &c->tasks_max, message, flags, error); | |
1114 | ||
1115 | if (streq(name, "TasksMaxScale")) | |
1116 | return bus_cgroup_set_tasks_max_scale(u, name, &c->tasks_max, message, flags, error); | |
1117 | ||
1118 | if (streq(name, "CPUQuotaPerSecUSec")) { | |
b2f8b02e LP |
1119 | uint64_t u64; |
1120 | ||
1121 | r = sd_bus_message_read(message, "t", &u64); | |
1122 | if (r < 0) | |
1123 | return r; | |
1124 | ||
1125 | if (u64 <= 0) | |
1b09b81c | 1126 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "CPUQuotaPerSecUSec= value out of range"); |
b2f8b02e | 1127 | |
2e59b241 | 1128 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
b2f8b02e | 1129 | c->cpu_quota_per_sec_usec = u64; |
527ede0c | 1130 | u->warned_clamping_cpu_quota_period = false; |
e7ab4d1a | 1131 | unit_invalidate_cgroup(u, CGROUP_MASK_CPU); |
2e59b241 | 1132 | |
d4bf82fc | 1133 | if (c->cpu_quota_per_sec_usec == USEC_INFINITY) |
2e59b241 | 1134 | unit_write_setting(u, flags, "CPUQuota", "CPUQuota="); |
d4bf82fc | 1135 | else |
2e59b241 LP |
1136 | /* config_parse_cpu_quota() requires an integer, so truncating division is used on |
1137 | * purpose here. */ | |
1138 | unit_write_settingf(u, flags, "CPUQuota", | |
1139 | "CPUQuota=%0.f%%", | |
1140 | (double) (c->cpu_quota_per_sec_usec / 10000)); | |
b2f8b02e LP |
1141 | } |
1142 | ||
1143 | return 1; | |
1144 | ||
10f28641 FB |
1145 | } else if (streq(name, "CPUQuotaPeriodUSec")) { |
1146 | uint64_t u64; | |
1147 | ||
1148 | r = sd_bus_message_read(message, "t", &u64); | |
1149 | if (r < 0) | |
1150 | return r; | |
1151 | ||
1152 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
1153 | c->cpu_quota_period_usec = u64; | |
527ede0c | 1154 | u->warned_clamping_cpu_quota_period = false; |
10f28641 FB |
1155 | unit_invalidate_cgroup(u, CGROUP_MASK_CPU); |
1156 | if (c->cpu_quota_period_usec == USEC_INFINITY) | |
1157 | unit_write_setting(u, flags, "CPUQuotaPeriodSec", "CPUQuotaPeriodSec="); | |
5291f26d | 1158 | else |
10f28641 FB |
1159 | unit_write_settingf(u, flags, "CPUQuotaPeriodSec", |
1160 | "CPUQuotaPeriodSec=%s", | |
5291f26d | 1161 | FORMAT_TIMESPAN(c->cpu_quota_period_usec, 1)); |
10f28641 FB |
1162 | } |
1163 | ||
1164 | return 1; | |
1165 | ||
31d3a520 | 1166 | } else if (STR_IN_SET(name, "AllowedCPUs", "StartupAllowedCPUs", "AllowedMemoryNodes", "StartupAllowedMemoryNodes")) { |
047f5d63 PH |
1167 | const void *a; |
1168 | size_t n; | |
1169 | _cleanup_(cpu_set_reset) CPUSet new_set = {}; | |
1170 | ||
1171 | r = sd_bus_message_read_array(message, 'y', &a, &n); | |
1172 | if (r < 0) | |
1173 | return r; | |
1174 | ||
1175 | r = cpu_set_from_dbus(a, n, &new_set); | |
1176 | if (r < 0) | |
1177 | return r; | |
1178 | ||
1179 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
1180 | _cleanup_free_ char *setstr = NULL; | |
31d3a520 | 1181 | CPUSet *set = NULL; |
047f5d63 PH |
1182 | |
1183 | setstr = cpu_set_to_range_string(&new_set); | |
a897a7b8 LP |
1184 | if (!setstr) |
1185 | return -ENOMEM; | |
047f5d63 PH |
1186 | |
1187 | if (streq(name, "AllowedCPUs")) | |
1188 | set = &c->cpuset_cpus; | |
31d3a520 PM |
1189 | else if (streq(name, "StartupAllowedCPUs")) |
1190 | set = &c->startup_cpuset_cpus; | |
1191 | else if (streq(name, "AllowedMemoryNodes")) | |
047f5d63 | 1192 | set = &c->cpuset_mems; |
31d3a520 PM |
1193 | else if (streq(name, "StartupAllowedMemoryNodes")) |
1194 | set = &c->startup_cpuset_mems; | |
1195 | ||
1196 | assert(set); | |
047f5d63 | 1197 | |
047f5d63 | 1198 | cpu_set_reset(set); |
a897a7b8 LP |
1199 | *set = new_set; |
1200 | new_set = (CPUSet) {}; | |
1201 | ||
047f5d63 | 1202 | unit_invalidate_cgroup(u, CGROUP_MASK_CPUSET); |
a897a7b8 | 1203 | unit_write_settingf(u, flags, name, "%s=%s", name, setstr); |
047f5d63 PH |
1204 | } |
1205 | ||
1206 | return 1; | |
1207 | ||
9be57249 | 1208 | } else if ((iol_type = cgroup_io_limit_type_from_string(name)) >= 0) { |
13c31542 | 1209 | const char *path; |
13c31542 TH |
1210 | unsigned n = 0; |
1211 | uint64_t u64; | |
1212 | ||
13c31542 TH |
1213 | r = sd_bus_message_enter_container(message, 'a', "(st)"); |
1214 | if (r < 0) | |
1215 | return r; | |
1216 | ||
1217 | while ((r = sd_bus_message_read(message, "(st)", &path, &u64)) > 0) { | |
1218 | ||
9d5e9b4a LP |
1219 | if (!path_is_normalized(path)) |
1220 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path '%s' specified in %s= is not normalized.", name, path); | |
d9f7305f | 1221 | |
2e59b241 | 1222 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
03677889 | 1223 | CGroupIODeviceLimit *a = NULL; |
13c31542 | 1224 | |
03677889 | 1225 | LIST_FOREACH(device_limits, b, c->io_device_limits) |
13c31542 TH |
1226 | if (path_equal(path, b->path)) { |
1227 | a = b; | |
1228 | break; | |
1229 | } | |
13c31542 TH |
1230 | |
1231 | if (!a) { | |
9be57249 TH |
1232 | CGroupIOLimitType type; |
1233 | ||
13c31542 TH |
1234 | a = new0(CGroupIODeviceLimit, 1); |
1235 | if (!a) | |
1236 | return -ENOMEM; | |
1237 | ||
1238 | a->path = strdup(path); | |
1239 | if (!a->path) { | |
1240 | free(a); | |
1241 | return -ENOMEM; | |
1242 | } | |
1243 | ||
9be57249 TH |
1244 | for (type = 0; type < _CGROUP_IO_LIMIT_TYPE_MAX; type++) |
1245 | a->limits[type] = cgroup_io_limit_defaults[type]; | |
13c31542 TH |
1246 | |
1247 | LIST_PREPEND(device_limits, c->io_device_limits, a); | |
1248 | } | |
1249 | ||
9be57249 | 1250 | a->limits[iol_type] = u64; |
13c31542 TH |
1251 | } |
1252 | ||
1253 | n++; | |
1254 | } | |
1255 | if (r < 0) | |
1256 | return r; | |
1257 | ||
1258 | r = sd_bus_message_exit_container(message); | |
1259 | if (r < 0) | |
1260 | return r; | |
1261 | ||
2e59b241 | 1262 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
13c31542 TH |
1263 | _cleanup_free_ char *buf = NULL; |
1264 | _cleanup_fclose_ FILE *f = NULL; | |
1265 | size_t size = 0; | |
1266 | ||
03677889 | 1267 | if (n == 0) |
13c31542 | 1268 | LIST_FOREACH(device_limits, a, c->io_device_limits) |
9be57249 | 1269 | a->limits[iol_type] = cgroup_io_limit_defaults[iol_type]; |
13c31542 TH |
1270 | |
1271 | unit_invalidate_cgroup(u, CGROUP_MASK_IO); | |
1272 | ||
2fe21124 | 1273 | f = open_memstream_unlocked(&buf, &size); |
13c31542 TH |
1274 | if (!f) |
1275 | return -ENOMEM; | |
1276 | ||
9be57249 TH |
1277 | fprintf(f, "%s=\n", name); |
1278 | LIST_FOREACH(device_limits, a, c->io_device_limits) | |
03677889 YW |
1279 | if (a->limits[iol_type] != cgroup_io_limit_defaults[iol_type]) |
1280 | fprintf(f, "%s=%s %" PRIu64 "\n", name, a->path, a->limits[iol_type]); | |
13c31542 TH |
1281 | |
1282 | r = fflush_and_check(f); | |
1283 | if (r < 0) | |
1284 | return r; | |
2e59b241 | 1285 | unit_write_setting(u, flags, name, buf); |
13c31542 TH |
1286 | } |
1287 | ||
1288 | return 1; | |
1289 | ||
1290 | } else if (streq(name, "IODeviceWeight")) { | |
1291 | const char *path; | |
1292 | uint64_t weight; | |
1293 | unsigned n = 0; | |
1294 | ||
1295 | r = sd_bus_message_enter_container(message, 'a', "(st)"); | |
1296 | if (r < 0) | |
1297 | return r; | |
1298 | ||
1299 | while ((r = sd_bus_message_read(message, "(st)", &path, &weight)) > 0) { | |
1300 | ||
9d5e9b4a LP |
1301 | if (!path_is_normalized(path)) |
1302 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path '%s' specified in %s= is not normalized.", name, path); | |
d9f7305f | 1303 | |
13c31542 | 1304 | if (!CGROUP_WEIGHT_IS_OK(weight) || weight == CGROUP_WEIGHT_INVALID) |
1b09b81c | 1305 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "IODeviceWeight= value out of range"); |
13c31542 | 1306 | |
2e59b241 | 1307 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
03677889 | 1308 | CGroupIODeviceWeight *a = NULL; |
13c31542 | 1309 | |
03677889 | 1310 | LIST_FOREACH(device_weights, b, c->io_device_weights) |
13c31542 TH |
1311 | if (path_equal(b->path, path)) { |
1312 | a = b; | |
1313 | break; | |
1314 | } | |
13c31542 TH |
1315 | |
1316 | if (!a) { | |
1317 | a = new0(CGroupIODeviceWeight, 1); | |
1318 | if (!a) | |
1319 | return -ENOMEM; | |
1320 | ||
1321 | a->path = strdup(path); | |
1322 | if (!a->path) { | |
1323 | free(a); | |
1324 | return -ENOMEM; | |
1325 | } | |
fffbc1dc | 1326 | LIST_PREPEND(device_weights, c->io_device_weights, a); |
13c31542 TH |
1327 | } |
1328 | ||
1329 | a->weight = weight; | |
1330 | } | |
1331 | ||
1332 | n++; | |
1333 | } | |
1334 | ||
1335 | r = sd_bus_message_exit_container(message); | |
1336 | if (r < 0) | |
1337 | return r; | |
1338 | ||
2e59b241 | 1339 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
13c31542 TH |
1340 | _cleanup_free_ char *buf = NULL; |
1341 | _cleanup_fclose_ FILE *f = NULL; | |
13c31542 TH |
1342 | size_t size = 0; |
1343 | ||
03677889 | 1344 | if (n == 0) |
13c31542 TH |
1345 | while (c->io_device_weights) |
1346 | cgroup_context_free_io_device_weight(c, c->io_device_weights); | |
13c31542 TH |
1347 | |
1348 | unit_invalidate_cgroup(u, CGROUP_MASK_IO); | |
1349 | ||
2fe21124 | 1350 | f = open_memstream_unlocked(&buf, &size); |
13c31542 TH |
1351 | if (!f) |
1352 | return -ENOMEM; | |
1353 | ||
0d536673 | 1354 | fputs("IODeviceWeight=\n", f); |
13c31542 TH |
1355 | LIST_FOREACH(device_weights, a, c->io_device_weights) |
1356 | fprintf(f, "IODeviceWeight=%s %" PRIu64 "\n", a->path, a->weight); | |
1357 | ||
1358 | r = fflush_and_check(f); | |
1359 | if (r < 0) | |
1360 | return r; | |
2e59b241 | 1361 | unit_write_setting(u, flags, name, buf); |
6ae4283c TH |
1362 | } |
1363 | ||
1364 | return 1; | |
1365 | ||
1366 | } else if (streq(name, "IODeviceLatencyTargetUSec")) { | |
1367 | const char *path; | |
1368 | uint64_t target; | |
1369 | unsigned n = 0; | |
1370 | ||
1371 | r = sd_bus_message_enter_container(message, 'a', "(st)"); | |
1372 | if (r < 0) | |
1373 | return r; | |
1374 | ||
1375 | while ((r = sd_bus_message_read(message, "(st)", &path, &target)) > 0) { | |
1376 | ||
1377 | if (!path_is_normalized(path)) | |
1378 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path '%s' specified in %s= is not normalized.", name, path); | |
1379 | ||
1380 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
03677889 | 1381 | CGroupIODeviceLatency *a = NULL; |
6ae4283c | 1382 | |
03677889 | 1383 | LIST_FOREACH(device_latencies, b, c->io_device_latencies) |
6ae4283c TH |
1384 | if (path_equal(b->path, path)) { |
1385 | a = b; | |
1386 | break; | |
1387 | } | |
6ae4283c TH |
1388 | |
1389 | if (!a) { | |
1390 | a = new0(CGroupIODeviceLatency, 1); | |
1391 | if (!a) | |
1392 | return -ENOMEM; | |
1393 | ||
1394 | a->path = strdup(path); | |
1395 | if (!a->path) { | |
1396 | free(a); | |
1397 | return -ENOMEM; | |
1398 | } | |
1399 | LIST_PREPEND(device_latencies, c->io_device_latencies, a); | |
1400 | } | |
1401 | ||
1402 | a->target_usec = target; | |
1403 | } | |
1404 | ||
1405 | n++; | |
1406 | } | |
1407 | ||
1408 | r = sd_bus_message_exit_container(message); | |
1409 | if (r < 0) | |
1410 | return r; | |
1411 | ||
1412 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
1413 | _cleanup_free_ char *buf = NULL; | |
1414 | _cleanup_fclose_ FILE *f = NULL; | |
6ae4283c TH |
1415 | size_t size = 0; |
1416 | ||
03677889 | 1417 | if (n == 0) |
6ae4283c TH |
1418 | while (c->io_device_latencies) |
1419 | cgroup_context_free_io_device_latency(c, c->io_device_latencies); | |
6ae4283c TH |
1420 | |
1421 | unit_invalidate_cgroup(u, CGROUP_MASK_IO); | |
1422 | ||
2fe21124 | 1423 | f = open_memstream_unlocked(&buf, &size); |
6ae4283c TH |
1424 | if (!f) |
1425 | return -ENOMEM; | |
1426 | ||
6ae4283c TH |
1427 | fputs("IODeviceLatencyTargetSec=\n", f); |
1428 | LIST_FOREACH(device_latencies, a, c->io_device_latencies) | |
1429 | fprintf(f, "IODeviceLatencyTargetSec=%s %s\n", | |
5291f26d | 1430 | a->path, FORMAT_TIMESPAN(a->target_usec, 1)); |
6ae4283c TH |
1431 | |
1432 | r = fflush_and_check(f); | |
1433 | if (r < 0) | |
1434 | return r; | |
1435 | unit_write_setting(u, flags, name, buf); | |
13c31542 TH |
1436 | } |
1437 | ||
1438 | return 1; | |
1439 | ||
cd0a7a8e | 1440 | } else if (STR_IN_SET(name, "BlockIOReadBandwidth", "BlockIOWriteBandwidth")) { |
718db961 | 1441 | const char *path; |
f004c2ca | 1442 | bool read = true; |
718db961 LP |
1443 | unsigned n = 0; |
1444 | uint64_t u64; | |
f004c2ca G |
1445 | |
1446 | if (streq(name, "BlockIOWriteBandwidth")) | |
1447 | read = false; | |
1448 | ||
718db961 LP |
1449 | r = sd_bus_message_enter_container(message, 'a', "(st)"); |
1450 | if (r < 0) | |
1451 | return r; | |
f004c2ca | 1452 | |
718db961 | 1453 | while ((r = sd_bus_message_read(message, "(st)", &path, &u64)) > 0) { |
f004c2ca | 1454 | |
9d5e9b4a LP |
1455 | if (!path_is_normalized(path)) |
1456 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path '%s' specified in %s= is not normalized.", name, path); | |
d9f7305f | 1457 | |
2e59b241 | 1458 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
03677889 | 1459 | CGroupBlockIODeviceBandwidth *a = NULL; |
f004c2ca | 1460 | |
03677889 | 1461 | LIST_FOREACH(device_bandwidths, b, c->blockio_device_bandwidths) |
979d0311 | 1462 | if (path_equal(path, b->path)) { |
f004c2ca | 1463 | a = b; |
f004c2ca G |
1464 | break; |
1465 | } | |
f004c2ca | 1466 | |
718db961 | 1467 | if (!a) { |
f004c2ca G |
1468 | a = new0(CGroupBlockIODeviceBandwidth, 1); |
1469 | if (!a) | |
1470 | return -ENOMEM; | |
1471 | ||
979d0311 TH |
1472 | a->rbps = CGROUP_LIMIT_MAX; |
1473 | a->wbps = CGROUP_LIMIT_MAX; | |
f004c2ca G |
1474 | a->path = strdup(path); |
1475 | if (!a->path) { | |
1476 | free(a); | |
1477 | return -ENOMEM; | |
1478 | } | |
718db961 LP |
1479 | |
1480 | LIST_PREPEND(device_bandwidths, c->blockio_device_bandwidths, a); | |
f004c2ca G |
1481 | } |
1482 | ||
979d0311 TH |
1483 | if (read) |
1484 | a->rbps = u64; | |
1485 | else | |
1486 | a->wbps = u64; | |
f004c2ca G |
1487 | } |
1488 | ||
1489 | n++; | |
f004c2ca | 1490 | } |
718db961 LP |
1491 | if (r < 0) |
1492 | return r; | |
f004c2ca | 1493 | |
9c96019d LP |
1494 | r = sd_bus_message_exit_container(message); |
1495 | if (r < 0) | |
1496 | return r; | |
1497 | ||
2e59b241 | 1498 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
f004c2ca G |
1499 | _cleanup_free_ char *buf = NULL; |
1500 | _cleanup_fclose_ FILE *f = NULL; | |
f004c2ca G |
1501 | size_t size = 0; |
1502 | ||
03677889 | 1503 | if (n == 0) |
979d0311 TH |
1504 | LIST_FOREACH(device_bandwidths, a, c->blockio_device_bandwidths) { |
1505 | if (read) | |
1506 | a->rbps = CGROUP_LIMIT_MAX; | |
1507 | else | |
1508 | a->wbps = CGROUP_LIMIT_MAX; | |
1509 | } | |
f004c2ca | 1510 | |
e7ab4d1a | 1511 | unit_invalidate_cgroup(u, CGROUP_MASK_BLKIO); |
3051f187 | 1512 | |
2fe21124 | 1513 | f = open_memstream_unlocked(&buf, &size); |
f004c2ca G |
1514 | if (!f) |
1515 | return -ENOMEM; | |
1516 | ||
7d6884b6 | 1517 | if (read) { |
0d536673 | 1518 | fputs("BlockIOReadBandwidth=\n", f); |
7d6884b6 | 1519 | LIST_FOREACH(device_bandwidths, a, c->blockio_device_bandwidths) |
979d0311 TH |
1520 | if (a->rbps != CGROUP_LIMIT_MAX) |
1521 | fprintf(f, "BlockIOReadBandwidth=%s %" PRIu64 "\n", a->path, a->rbps); | |
f004c2ca | 1522 | } else { |
0d536673 | 1523 | fputs("BlockIOWriteBandwidth=\n", f); |
f004c2ca | 1524 | LIST_FOREACH(device_bandwidths, a, c->blockio_device_bandwidths) |
979d0311 TH |
1525 | if (a->wbps != CGROUP_LIMIT_MAX) |
1526 | fprintf(f, "BlockIOWriteBandwidth=%s %" PRIu64 "\n", a->path, a->wbps); | |
f004c2ca G |
1527 | } |
1528 | ||
1f2f874c NC |
1529 | r = fflush_and_check(f); |
1530 | if (r < 0) | |
1531 | return r; | |
2e59b241 LP |
1532 | |
1533 | unit_write_setting(u, flags, name, buf); | |
6f68ecb4 G |
1534 | } |
1535 | ||
1536 | return 1; | |
1537 | ||
1538 | } else if (streq(name, "BlockIODeviceWeight")) { | |
718db961 | 1539 | const char *path; |
d53d9474 | 1540 | uint64_t weight; |
6f68ecb4 G |
1541 | unsigned n = 0; |
1542 | ||
718db961 LP |
1543 | r = sd_bus_message_enter_container(message, 'a', "(st)"); |
1544 | if (r < 0) | |
1545 | return r; | |
6f68ecb4 | 1546 | |
d53d9474 | 1547 | while ((r = sd_bus_message_read(message, "(st)", &path, &weight)) > 0) { |
6f68ecb4 | 1548 | |
9d5e9b4a LP |
1549 | if (!path_is_normalized(path)) |
1550 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path '%s' specified in %s= is not normalized.", name, path); | |
d9f7305f | 1551 | |
d53d9474 | 1552 | if (!CGROUP_BLKIO_WEIGHT_IS_OK(weight) || weight == CGROUP_BLKIO_WEIGHT_INVALID) |
1b09b81c | 1553 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "BlockIODeviceWeight= out of range"); |
6f68ecb4 | 1554 | |
2e59b241 | 1555 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
03677889 | 1556 | CGroupBlockIODeviceWeight *a = NULL; |
6f68ecb4 | 1557 | |
03677889 | 1558 | LIST_FOREACH(device_weights, b, c->blockio_device_weights) |
6f68ecb4 G |
1559 | if (path_equal(b->path, path)) { |
1560 | a = b; | |
6f68ecb4 G |
1561 | break; |
1562 | } | |
6f68ecb4 | 1563 | |
718db961 | 1564 | if (!a) { |
6f68ecb4 G |
1565 | a = new0(CGroupBlockIODeviceWeight, 1); |
1566 | if (!a) | |
1567 | return -ENOMEM; | |
1568 | ||
1569 | a->path = strdup(path); | |
1570 | if (!a->path) { | |
1571 | free(a); | |
1572 | return -ENOMEM; | |
1573 | } | |
fffbc1dc | 1574 | LIST_PREPEND(device_weights, c->blockio_device_weights, a); |
6f68ecb4 G |
1575 | } |
1576 | ||
d53d9474 | 1577 | a->weight = weight; |
6f68ecb4 G |
1578 | } |
1579 | ||
1580 | n++; | |
6f68ecb4 G |
1581 | } |
1582 | ||
9c96019d LP |
1583 | r = sd_bus_message_exit_container(message); |
1584 | if (r < 0) | |
1585 | return r; | |
1586 | ||
2e59b241 | 1587 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
6f68ecb4 G |
1588 | _cleanup_free_ char *buf = NULL; |
1589 | _cleanup_fclose_ FILE *f = NULL; | |
6f68ecb4 G |
1590 | size_t size = 0; |
1591 | ||
03677889 | 1592 | if (n == 0) |
6f68ecb4 G |
1593 | while (c->blockio_device_weights) |
1594 | cgroup_context_free_blockio_device_weight(c, c->blockio_device_weights); | |
6f68ecb4 | 1595 | |
e7ab4d1a | 1596 | unit_invalidate_cgroup(u, CGROUP_MASK_BLKIO); |
3051f187 | 1597 | |
2fe21124 | 1598 | f = open_memstream_unlocked(&buf, &size); |
6f68ecb4 G |
1599 | if (!f) |
1600 | return -ENOMEM; | |
1601 | ||
0d536673 | 1602 | fputs("BlockIODeviceWeight=\n", f); |
6f68ecb4 | 1603 | LIST_FOREACH(device_weights, a, c->blockio_device_weights) |
d53d9474 | 1604 | fprintf(f, "BlockIODeviceWeight=%s %" PRIu64 "\n", a->path, a->weight); |
6f68ecb4 | 1605 | |
1f2f874c NC |
1606 | r = fflush_and_check(f); |
1607 | if (r < 0) | |
1608 | return r; | |
2e59b241 LP |
1609 | |
1610 | unit_write_setting(u, flags, name, buf); | |
f004c2ca G |
1611 | } |
1612 | ||
1613 | return 1; | |
1614 | ||
7041efe9 LP |
1615 | } else if (streq(name, "DevicePolicy")) { |
1616 | const char *policy; | |
1617 | CGroupDevicePolicy p; | |
1618 | ||
718db961 LP |
1619 | r = sd_bus_message_read(message, "s", &policy); |
1620 | if (r < 0) | |
1621 | return r; | |
7041efe9 | 1622 | |
7041efe9 LP |
1623 | p = cgroup_device_policy_from_string(policy); |
1624 | if (p < 0) | |
7211c853 | 1625 | return p; |
7041efe9 | 1626 | |
2e59b241 | 1627 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
7041efe9 | 1628 | c->device_policy = p; |
e7ab4d1a | 1629 | unit_invalidate_cgroup(u, CGROUP_MASK_DEVICES); |
2e59b241 | 1630 | unit_write_settingf(u, flags, name, "DevicePolicy=%s", policy); |
7041efe9 LP |
1631 | } |
1632 | ||
1633 | return 1; | |
1634 | ||
1635 | } else if (streq(name, "DeviceAllow")) { | |
718db961 | 1636 | const char *path, *rwm; |
7041efe9 LP |
1637 | unsigned n = 0; |
1638 | ||
718db961 LP |
1639 | r = sd_bus_message_enter_container(message, 'a', "(ss)"); |
1640 | if (r < 0) | |
1641 | return r; | |
7041efe9 | 1642 | |
718db961 | 1643 | while ((r = sd_bus_message_read(message, "(ss)", &path, &rwm)) > 0) { |
7041efe9 | 1644 | |
57e84e75 | 1645 | if (!valid_device_allow_pattern(path) || strpbrk(path, WHITESPACE)) |
1b09b81c | 1646 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "DeviceAllow= requires device node or pattern"); |
7041efe9 LP |
1647 | |
1648 | if (isempty(rwm)) | |
1649 | rwm = "rwm"; | |
57e84e75 | 1650 | else if (!in_charset(rwm, "rwm")) |
1b09b81c | 1651 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "DeviceAllow= requires combination of rwm flags"); |
7041efe9 | 1652 | |
2e59b241 | 1653 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
03677889 | 1654 | CGroupDeviceAllow *a = NULL; |
ad7bfffd | 1655 | |
03677889 | 1656 | LIST_FOREACH(device_allow, b, c->device_allow) |
06eb4e3b | 1657 | if (path_equal(b->path, path)) { |
ad7bfffd | 1658 | a = b; |
ad7bfffd G |
1659 | break; |
1660 | } | |
ad7bfffd | 1661 | |
718db961 | 1662 | if (!a) { |
ad7bfffd G |
1663 | a = new0(CGroupDeviceAllow, 1); |
1664 | if (!a) | |
1665 | return -ENOMEM; | |
1666 | ||
1667 | a->path = strdup(path); | |
1668 | if (!a->path) { | |
1669 | free(a); | |
1670 | return -ENOMEM; | |
1671 | } | |
718db961 LP |
1672 | |
1673 | LIST_PREPEND(device_allow, c->device_allow, a); | |
7041efe9 LP |
1674 | } |
1675 | ||
d7a0f1f4 FS |
1676 | a->r = strchr(rwm, 'r'); |
1677 | a->w = strchr(rwm, 'w'); | |
1678 | a->m = strchr(rwm, 'm'); | |
7041efe9 LP |
1679 | } |
1680 | ||
c2756a68 | 1681 | n++; |
7041efe9 | 1682 | } |
43a99a7a LP |
1683 | if (r < 0) |
1684 | return r; | |
7041efe9 | 1685 | |
9c96019d LP |
1686 | r = sd_bus_message_exit_container(message); |
1687 | if (r < 0) | |
1688 | return r; | |
1689 | ||
2e59b241 | 1690 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
7041efe9 LP |
1691 | _cleanup_free_ char *buf = NULL; |
1692 | _cleanup_fclose_ FILE *f = NULL; | |
7041efe9 LP |
1693 | size_t size = 0; |
1694 | ||
03677889 | 1695 | if (n == 0) |
7041efe9 LP |
1696 | while (c->device_allow) |
1697 | cgroup_context_free_device_allow(c, c->device_allow); | |
7041efe9 | 1698 | |
e7ab4d1a | 1699 | unit_invalidate_cgroup(u, CGROUP_MASK_DEVICES); |
3051f187 | 1700 | |
2fe21124 | 1701 | f = open_memstream_unlocked(&buf, &size); |
7041efe9 LP |
1702 | if (!f) |
1703 | return -ENOMEM; | |
1704 | ||
0d536673 | 1705 | fputs("DeviceAllow=\n", f); |
7041efe9 LP |
1706 | LIST_FOREACH(device_allow, a, c->device_allow) |
1707 | fprintf(f, "DeviceAllow=%s %s%s%s\n", a->path, a->r ? "r" : "", a->w ? "w" : "", a->m ? "m" : ""); | |
1708 | ||
1f2f874c NC |
1709 | r = fflush_and_check(f); |
1710 | if (r < 0) | |
1711 | return r; | |
2e59b241 | 1712 | unit_write_setting(u, flags, name, buf); |
7041efe9 LP |
1713 | } |
1714 | ||
b42defe3 | 1715 | return 1; |
a931ad47 | 1716 | |
3dc5ca97 LP |
1717 | } else if (streq(name, "IPAccounting")) { |
1718 | int b; | |
1719 | ||
1720 | r = sd_bus_message_read(message, "b", &b); | |
1721 | if (r < 0) | |
1722 | return r; | |
1723 | ||
2e59b241 | 1724 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
3dc5ca97 LP |
1725 | c->ip_accounting = b; |
1726 | ||
1727 | unit_invalidate_cgroup_bpf(u); | |
2e59b241 | 1728 | unit_write_settingf(u, flags, name, "IPAccounting=%s", yes_no(b)); |
3dc5ca97 LP |
1729 | } |
1730 | ||
1731 | return 1; | |
1732 | ||
1733 | } else if (STR_IN_SET(name, "IPAddressAllow", "IPAddressDeny")) { | |
84ebe6f0 | 1734 | _cleanup_set_free_ Set *new_prefixes = NULL; |
3dc5ca97 LP |
1735 | size_t n = 0; |
1736 | ||
3dc5ca97 LP |
1737 | r = sd_bus_message_enter_container(message, 'a', "(iayu)"); |
1738 | if (r < 0) | |
1739 | return r; | |
1740 | ||
1741 | for (;;) { | |
1742 | const void *ap; | |
1743 | int32_t family; | |
1744 | uint32_t prefixlen; | |
1745 | size_t an; | |
1746 | ||
1747 | r = sd_bus_message_enter_container(message, 'r', "iayu"); | |
1748 | if (r < 0) | |
1749 | return r; | |
1750 | if (r == 0) | |
1751 | break; | |
1752 | ||
1753 | r = sd_bus_message_read(message, "i", &family); | |
1754 | if (r < 0) | |
1755 | return r; | |
1756 | ||
1757 | if (!IN_SET(family, AF_INET, AF_INET6)) | |
e74f76ca | 1758 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects IPv4 or IPv6 addresses only.", name); |
3dc5ca97 LP |
1759 | |
1760 | r = sd_bus_message_read_array(message, 'y', &ap, &an); | |
1761 | if (r < 0) | |
1762 | return r; | |
1763 | ||
1764 | if (an != FAMILY_ADDRESS_SIZE(family)) | |
e74f76ca | 1765 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "IP address has wrong size for family (%s, expected %zu, got %zu)", |
3dc5ca97 LP |
1766 | af_to_name(family), FAMILY_ADDRESS_SIZE(family), an); |
1767 | ||
1768 | r = sd_bus_message_read(message, "u", &prefixlen); | |
1769 | if (r < 0) | |
1770 | return r; | |
1771 | ||
1772 | if (prefixlen > FAMILY_ADDRESS_SIZE(family)*8) | |
e74f76ca | 1773 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Prefix length %" PRIu32 " too large for address family %s.", prefixlen, af_to_name(family)); |
3dc5ca97 | 1774 | |
2e59b241 | 1775 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
84ebe6f0 YW |
1776 | struct in_addr_prefix prefix = { |
1777 | .family = family, | |
1778 | .prefixlen = prefixlen, | |
1779 | }; | |
3dc5ca97 | 1780 | |
84ebe6f0 | 1781 | memcpy(&prefix.address, ap, an); |
3dc5ca97 | 1782 | |
84ebe6f0 YW |
1783 | r = in_addr_prefix_add(&new_prefixes, &prefix); |
1784 | if (r < 0) | |
1785 | return r; | |
3dc5ca97 LP |
1786 | } |
1787 | ||
1788 | r = sd_bus_message_exit_container(message); | |
1789 | if (r < 0) | |
1790 | return r; | |
1791 | ||
1792 | n++; | |
1793 | } | |
1794 | ||
1795 | r = sd_bus_message_exit_container(message); | |
1796 | if (r < 0) | |
1797 | return r; | |
1798 | ||
2e59b241 | 1799 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
3dc5ca97 LP |
1800 | _cleanup_free_ char *buf = NULL; |
1801 | _cleanup_fclose_ FILE *f = NULL; | |
3dc5ca97 | 1802 | size_t size = 0; |
84ebe6f0 YW |
1803 | Set **prefixes; |
1804 | bool *reduced; | |
3dc5ca97 LP |
1805 | |
1806 | unit_invalidate_cgroup_bpf(u); | |
2fe21124 | 1807 | f = open_memstream_unlocked(&buf, &size); |
3dc5ca97 LP |
1808 | if (!f) |
1809 | return -ENOMEM; | |
1810 | ||
84ebe6f0 YW |
1811 | prefixes = streq(name, "IPAddressAllow") ? &c->ip_address_allow : &c->ip_address_deny; |
1812 | reduced = streq(name, "IPAddressAllow") ? &c->ip_address_allow_reduced : &c->ip_address_deny_reduced; | |
3dc5ca97 | 1813 | |
84ebe6f0 YW |
1814 | if (n == 0) { |
1815 | *reduced = true; | |
1816 | *prefixes = set_free(*prefixes); | |
1817 | fputs(name, f); | |
1818 | fputs("=\n", f); | |
1819 | } else { | |
1820 | struct in_addr_prefix *p; | |
3dc5ca97 | 1821 | |
84ebe6f0 | 1822 | *reduced = false; |
3dc5ca97 | 1823 | |
84ebe6f0 YW |
1824 | r = in_addr_prefixes_merge(prefixes, new_prefixes); |
1825 | if (r < 0) | |
1826 | return r; | |
1827 | ||
1828 | SET_FOREACH(p, new_prefixes) { | |
1829 | _cleanup_free_ char *buffer = NULL; | |
1830 | ||
1831 | r = in_addr_prefix_to_string(p->family, &p->address, p->prefixlen, &buffer); | |
1832 | if (r == -ENOMEM) | |
1833 | return r; | |
1834 | if (r < 0) | |
1835 | continue; | |
1836 | ||
1837 | fprintf(f, "%s=%s\n", name, buffer); | |
1838 | } | |
3dc5ca97 LP |
1839 | } |
1840 | ||
1841 | r = fflush_and_check(f); | |
1842 | if (r < 0) | |
1843 | return r; | |
2e59b241 LP |
1844 | |
1845 | unit_write_setting(u, flags, name, buf); | |
3dc5ca97 LP |
1846 | } |
1847 | ||
03a7b521 | 1848 | return 1; |
a931ad47 LP |
1849 | } |
1850 | ||
4d824a4e AZ |
1851 | if (STR_IN_SET(name, "ManagedOOMSwap", "ManagedOOMMemoryPressure")) { |
1852 | ManagedOOMMode *cgroup_mode = streq(name, "ManagedOOMSwap") ? &c->moom_swap : &c->moom_mem_pressure; | |
1853 | ManagedOOMMode m; | |
1854 | const char *mode; | |
1855 | ||
1856 | if (!UNIT_VTABLE(u)->can_set_managed_oom) | |
1857 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Cannot set %s for this unit type", name); | |
1858 | ||
1859 | r = sd_bus_message_read(message, "s", &mode); | |
1860 | if (r < 0) | |
1861 | return r; | |
1862 | ||
1863 | m = managed_oom_mode_from_string(mode); | |
1864 | if (m < 0) | |
1865 | return -EINVAL; | |
1866 | ||
1867 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
1868 | *cgroup_mode = m; | |
1869 | unit_write_settingf(u, flags, name, "%s=%s", name, mode); | |
1870 | } | |
1871 | ||
e30bbc90 | 1872 | (void) manager_varlink_send_managed_oom_update(u); |
4d824a4e AZ |
1873 | return 1; |
1874 | } | |
1875 | ||
d9d3f05d | 1876 | if (streq(name, "ManagedOOMMemoryPressureLimit")) { |
0a9f9344 AZ |
1877 | uint32_t v; |
1878 | ||
4d824a4e AZ |
1879 | if (!UNIT_VTABLE(u)->can_set_managed_oom) |
1880 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Cannot set %s for this unit type", name); | |
1881 | ||
0a9f9344 | 1882 | r = sd_bus_message_read(message, "u", &v); |
e30bbc90 AZ |
1883 | if (r < 0) |
1884 | return r; | |
1885 | ||
0a9f9344 | 1886 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
d9d3f05d LP |
1887 | c->moom_mem_pressure_limit = v; |
1888 | unit_write_settingf(u, flags, name, | |
1889 | "ManagedOOMMemoryPressureLimit=" PERMYRIAD_AS_PERCENT_FORMAT_STR, | |
1890 | PERMYRIAD_AS_PERCENT_FORMAT_VAL(UINT32_SCALE_TO_PERMYRIAD(v))); | |
0a9f9344 AZ |
1891 | } |
1892 | ||
e30bbc90 AZ |
1893 | if (c->moom_mem_pressure == MANAGED_OOM_KILL) |
1894 | (void) manager_varlink_send_managed_oom_update(u); | |
1895 | ||
1896 | return 1; | |
4d824a4e AZ |
1897 | } |
1898 | ||
4e806bfa AZ |
1899 | if (streq(name, "ManagedOOMPreference")) { |
1900 | ManagedOOMPreference p; | |
1901 | const char *pref; | |
1902 | ||
1903 | r = sd_bus_message_read(message, "s", &pref); | |
1904 | if (r < 0) | |
1905 | return r; | |
1906 | ||
1907 | p = managed_oom_preference_from_string(pref); | |
1908 | if (p < 0) | |
925484aa | 1909 | return p; |
4e806bfa AZ |
1910 | |
1911 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
1912 | c->moom_preference = p; | |
1913 | unit_write_settingf(u, flags, name, "ManagedOOMPreference=%s", pref); | |
1914 | } | |
1915 | ||
1916 | return 1; | |
1917 | } | |
dcf4781c JK |
1918 | if (STR_IN_SET(name, "SocketBindAllow", "SocketBindDeny")) { |
1919 | CGroupSocketBindItem **list; | |
1920 | uint16_t nr_ports, port_min; | |
1921 | size_t n = 0; | |
4883a04f | 1922 | int32_t family, ip_protocol; |
dcf4781c JK |
1923 | |
1924 | list = streq(name, "SocketBindAllow") ? &c->socket_bind_allow : &c->socket_bind_deny; | |
1925 | ||
4883a04f | 1926 | r = sd_bus_message_enter_container(message, 'a', "(iiqq)"); |
dcf4781c JK |
1927 | if (r < 0) |
1928 | return r; | |
1929 | ||
4883a04f | 1930 | while ((r = sd_bus_message_read(message, "(iiqq)", &family, &ip_protocol, &nr_ports, &port_min)) > 0) { |
dcf4781c JK |
1931 | |
1932 | if (!IN_SET(family, AF_UNSPEC, AF_INET, AF_INET6)) | |
1933 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects INET or INET6 family, if specified.", name); | |
1934 | ||
60477eb9 JK |
1935 | if (!IN_SET(ip_protocol, 0, IPPROTO_TCP, IPPROTO_UDP)) |
1936 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects TCP or UDP protocol, if specified.", name); | |
4883a04f | 1937 | |
dcf4781c JK |
1938 | if (port_min + (uint32_t) nr_ports > (1 << 16)) |
1939 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects maximum port value lesser than 65536.", name); | |
1940 | ||
1941 | if (port_min == 0 && nr_ports != 0) | |
1942 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects port range starting with positive value.", name); | |
1943 | ||
1944 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
1945 | _cleanup_free_ CGroupSocketBindItem *item = NULL; | |
1946 | ||
1947 | item = new(CGroupSocketBindItem, 1); | |
1948 | if (!item) | |
1949 | return log_oom(); | |
1950 | ||
1951 | *item = (CGroupSocketBindItem) { | |
1952 | .address_family = family, | |
4883a04f | 1953 | .ip_protocol = ip_protocol, |
dcf4781c JK |
1954 | .nr_ports = nr_ports, |
1955 | .port_min = port_min | |
1956 | }; | |
1957 | ||
1958 | LIST_PREPEND(socket_bind_items, *list, TAKE_PTR(item)); | |
1959 | } | |
1960 | n++; | |
1961 | } | |
1962 | if (r < 0) | |
1963 | return r; | |
1964 | ||
1965 | r = sd_bus_message_exit_container(message); | |
1966 | if (r < 0) | |
1967 | return r; | |
1968 | ||
1969 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
1970 | _cleanup_free_ char *buf = NULL; | |
1971 | _cleanup_fclose_ FILE *f = NULL; | |
dcf4781c JK |
1972 | size_t size = 0; |
1973 | ||
1974 | if (n == 0) | |
1975 | cgroup_context_remove_socket_bind(list); | |
1976 | else { | |
1977 | if ((u->manager->cgroup_supported & CGROUP_MASK_BPF_SOCKET_BIND) == 0) | |
1978 | log_full(LOG_DEBUG, | |
1979 | "Unit %s configures source compiled BPF programs " | |
1980 | "but the local system does not support that.\n" | |
1981 | "Starting this unit will fail!", u->id); | |
1982 | } | |
1983 | ||
1984 | f = open_memstream_unlocked(&buf, &size); | |
1985 | if (!f) | |
1986 | return -ENOMEM; | |
1987 | ||
1988 | fprintf(f, "%s:", name); | |
1989 | ||
1990 | LIST_FOREACH(socket_bind_items, item, *list) | |
1991 | cgroup_context_dump_socket_bind_item(item, f); | |
1992 | ||
1993 | fputc('\n', f); | |
1994 | ||
1995 | r = fflush_and_check(f); | |
1996 | if (r < 0) | |
1997 | return r; | |
1998 | ||
1999 | unit_write_setting(u, flags, name, buf); | |
2000 | } | |
2001 | ||
2002 | return 1; | |
2003 | } | |
a59cb62c MV |
2004 | if (streq(name, "RestrictNetworkInterfaces")) { |
2005 | int is_allow_list; | |
2006 | _cleanup_strv_free_ char **l = NULL; | |
2007 | ||
2008 | r = sd_bus_message_enter_container(message, 'r', "bas"); | |
2009 | if (r < 0) | |
2010 | return r; | |
2011 | ||
2012 | r = sd_bus_message_read(message, "b", &is_allow_list); | |
2013 | if (r < 0) | |
2014 | return r; | |
2015 | ||
2016 | r = sd_bus_message_read_strv(message, &l); | |
2017 | if (r < 0) | |
2018 | return r; | |
2019 | ||
2020 | r = sd_bus_message_exit_container(message); | |
2021 | if (r < 0) | |
2022 | return r; | |
2023 | ||
2024 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
2025 | _cleanup_free_ char *joined = NULL; | |
a59cb62c MV |
2026 | |
2027 | if (strv_isempty(l)) { | |
2028 | c->restrict_network_interfaces_is_allow_list = false; | |
2029 | c->restrict_network_interfaces = set_free(c->restrict_network_interfaces); | |
2030 | ||
2031 | unit_write_settingf(u, flags, name, "%s=", name); | |
2032 | return 1; | |
2033 | } | |
2034 | ||
2035 | if (set_isempty(c->restrict_network_interfaces)) | |
2036 | c->restrict_network_interfaces_is_allow_list = is_allow_list; | |
2037 | ||
2038 | STRV_FOREACH(s, l) { | |
2039 | if (!ifname_valid(*s)) { | |
2040 | log_full(LOG_WARNING, "Invalid interface name, ignoring: %s", *s); | |
2041 | continue; | |
2042 | } | |
2043 | if (c->restrict_network_interfaces_is_allow_list != (bool) is_allow_list) | |
2044 | free(set_remove(c->restrict_network_interfaces, *s)); | |
2045 | else { | |
2046 | r = set_put_strdup(&c->restrict_network_interfaces, *s); | |
2047 | if (r < 0) | |
2048 | return log_oom(); | |
2049 | } | |
2050 | } | |
2051 | ||
2052 | joined = strv_join(l, " "); | |
2053 | if (!joined) | |
2054 | return -ENOMEM; | |
2055 | ||
2056 | unit_write_settingf(u, flags, name, "%s=%s%s", name, is_allow_list ? "" : "~", joined); | |
2057 | } | |
2058 | ||
2059 | return 1; | |
2060 | } | |
4e806bfa | 2061 | |
25cc30c4 | 2062 | if (streq(name, "DisableControllers") || (u->transient && u->load_state == UNIT_STUB)) |
13ec20d4 | 2063 | return bus_cgroup_set_transient_property(u, c, name, message, flags, error); |
8e2af478 LP |
2064 | |
2065 | return 0; | |
2066 | } |