]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/socket.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
signal-util: modernize and share more code
[thirdparty/systemd.git] / src / core / socket.c
CommitLineData
d6c9574f 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
5cb5a6ff 2
a7334b09
LP		 3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
a7334b09 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
83c60c9f
LP		 22#include <sys/stat.h>
23#include <unistd.h>
24#include <errno.h>
25#include <fcntl.h>
f94ea366 26#include <sys/epoll.h>
034c6ed7 27#include <signal.h>
4f2d528d 28#include <arpa/inet.h>
718db961 29#include <netinet/tcp.h>
916abb21 30#include <mqueue.h>
83c60c9f 31
718db961 32#include "sd-event.h"
83c60c9f 33#include "log.h"
9e2f7c11 34#include "strv.h"
49e942b2 35#include "mkdir.h"
9eb977db 36#include "path-util.h"
4f2d528d 37#include "unit-name.h"
41f9172f 38#include "unit-printf.h"
4fd5948e 39#include "missing.h"
a40eb732 40#include "special.h"
e51bc1a2 41#include "label.h"
9a57c629 42#include "exit-status.h"
f6a6225e 43#include "def.h"
5a045dad 44#include "smack-util.h"
718db961
LP		 45#include "bus-util.h"
46#include "bus-error.h"
d7b8eec7 47#include "selinux-util.h"
e821075a
LP		 48#include "dbus-socket.h"
49#include "unit.h"
6482f626 50#include "formats-util.h"
24882e06
LP		 51#include "signal-util.h"
52#include "socket.h"
83c60c9f 53
acbb0225 54static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
87f0e418
LP		 55 [SOCKET_DEAD] = UNIT_INACTIVE,
56 [SOCKET_START_PRE] = UNIT_ACTIVATING,
3900e5fd 57 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
87f0e418
LP		 58 [SOCKET_START_POST] = UNIT_ACTIVATING,
59 [SOCKET_LISTENING] = UNIT_ACTIVE,
60 [SOCKET_RUNNING] = UNIT_ACTIVE,
61 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
62 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
80876c20
LP		 65 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
66 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
fdf20a31 67 [SOCKET_FAILED] = UNIT_FAILED
83c60c9f 68};
5cb5a6ff 69
718db961
LP		 70static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
71static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
72
a16e1123
LP		 73static void socket_init(Unit *u) {
74 Socket *s = SOCKET(u);
75
76 assert(u);
ac155bb8 77 assert(u->load_state == UNIT_STUB);
a16e1123 78
a16e1123 79 s->backlog = SOMAXCONN;
1f19a534 80 s->timeout_usec = u->manager->default_timeout_start_usec;
a16e1123 81 s->directory_mode = 0755;
9131f660 82 s->socket_mode = 0666;
a16e1123 83
6cf6bbc2
LP		 84 s->max_connections = 64;
85
4fd5948e 86 s->priority = -1;
4fd5948e
LP		 87 s->ip_tos = -1;
88 s->ip_ttl = -1;
4fd5948e 89 s->mark = -1;
4fd5948e 90
ac155bb8
MS		 91 s->exec_context.std_output = u->manager->default_std_output;
92 s->exec_context.std_error = u->manager->default_std_error;
085afe36 93
a16e1123
LP		 94 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
95}
acbb0225 96
5e94833f
LP		 97static void socket_unwatch_control_pid(Socket *s) {
98 assert(s);
99
100 if (s->control_pid <= 0)
101 return;
102
103 unit_unwatch_pid(UNIT(s), s->control_pid);
104 s->control_pid = 0;
105}
106
74051b9b 107void socket_free_ports(Socket *s) {
034c6ed7
LP		 108 SocketPort *p;
109
110 assert(s);
111
112 while ((p = s->ports)) {
71fda00f 113 LIST_REMOVE(port, s->ports, p);
034c6ed7 114
718db961
LP		 115 sd_event_source_unref(p->event_source);
116
03e334a1 117 safe_close(p->fd);
034c6ed7
LP		 118 free(p->path);
119 free(p);
120 }
74051b9b
LP		 121}
122
123static void socket_done(Unit *u) {
124 Socket *s = SOCKET(u);
125
126 assert(s);
127
128 socket_free_ports(s);
034c6ed7 129
613b411c 130 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
e537352b 131 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
034c6ed7
LP		 132 s->control_command = NULL;
133
5e94833f 134 socket_unwatch_control_pid(s);
034c6ed7 135
57020a3a 136 unit_ref_unset(&s->service);
034c6ed7 137
cebf8b20
TT		 138 free(s->tcp_congestion);
139 s->tcp_congestion = NULL;
140
acbb0225 141 free(s->bind_to_device);
e537352b 142 s->bind_to_device = NULL;
acbb0225 143
0eb59ccf
AK		 144 free(s->smack);
145 free(s->smack_ip_in);
146 free(s->smack_ip_out);
147
811ba7a0
LP		 148 strv_free(s->symlinks);
149
3900e5fd
LP		 150 free(s->user);
151 free(s->group);
152
718db961
LP		 153 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
154}
155
156static int socket_arm_timer(Socket *s) {
157 int r;
158
159 assert(s);
160
161 if (s->timeout_usec <= 0) {
162 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
163 return 0;
164 }
165
166 if (s->timer_event_source) {
167 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
168 if (r < 0)
169 return r;
170
171 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
172 }
173
7dfbe2e3 174 r = sd_event_add_time(
6a0f1f6d
LP		 175 UNIT(s)->manager->event,
176 &s->timer_event_source,
177 CLOCK_MONOTONIC,
178 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
179 socket_dispatch_timer, s);
7dfbe2e3
TG		 180 if (r < 0)
181 return r;
182
183 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
184
185 return 0;
5cb5a6ff
LP		 186}
187
8b835fcc
ZJS		 188int socket_instantiate_service(Socket *s) {
189 _cleanup_free_ char *prefix = NULL, *name = NULL;
b15bdda8
LP		 190 int r;
191 Unit *u;
192
193 assert(s);
194
195 /* This fills in s->service if it isn't filled in yet. For
196 * Accept=yes sockets we create the next connection service
197 * here. For Accept=no this is mostly a NOP since the service
198 * is figured out at load time anyway. */
199
7410616c 200 if (UNIT_DEREF(s->service))
b15bdda8
LP		 201 return 0;
202
7410616c
LP		 203 if (!s->accept)
204 return 0;
205
206 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
207 if (r < 0)
208 return r;
b15bdda8 209
315db1a8 210 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
b15bdda8
LP		 211 return -ENOMEM;
212
1124fe6f 213 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
b15bdda8
LP		 214 if (r < 0)
215 return r;
216
ac155bb8 217 u->no_gc = true;
57020a3a
LP		 218 unit_ref_set(&s->service, u);
219
220 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
b15bdda8
LP		 221}
222
4f2d528d
LP		 223static bool have_non_accept_socket(Socket *s) {
224 SocketPort *p;
225
226 assert(s);
227
228 if (!s->accept)
229 return true;
230
dd5ad9d4
LP		 231 LIST_FOREACH(port, p, s->ports) {
232
233 if (p->type != SOCKET_SOCKET)
234 return true;
235
4f2d528d
LP		 236 if (!socket_address_can_accept(&p->address))
237 return true;
dd5ad9d4 238 }
4f2d528d
LP		 239
240 return false;
241}
242
a57f7e2c 243static int socket_add_mount_links(Socket *s) {
6e2ef85b 244 SocketPort *p;
6e2ef85b
LP		 245 int r;
246
247 assert(s);
6e2ef85b 248
a57f7e2c
LP		 249 LIST_FOREACH(port, p, s->ports) {
250 const char *path = NULL;
6e2ef85b 251
a57f7e2c
LP		 252 if (p->type == SOCKET_SOCKET)
253 path = socket_address_get_path(&p->address);
254 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
255 path = p->path;
6e2ef85b 256
a57f7e2c
LP		 257 if (!path)
258 continue;
6e2ef85b 259
a57f7e2c 260 r = unit_require_mounts_for(UNIT(s), path);
b87705cd 261 if (r < 0)
6e2ef85b 262 return r;
b87705cd 263 }
6e2ef85b
LP		 264
265 return 0;
266}
267
268static int socket_add_device_link(Socket *s) {
269 char *t;
6e2ef85b
LP		 270
271 assert(s);
272
7d0c710d 273 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
6e2ef85b
LP		 274 return 0;
275
63c372cb 276 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
e821075a 277 return unit_add_node_link(UNIT(s), t, false);
6e2ef85b
LP		 278}
279
a40eb732
LP		 280static int socket_add_default_dependencies(Socket *s) {
281 int r;
282 assert(s);
283
e3d84721
LP		 284 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
285 if (r < 0)
286 return r;
2a77d31d 287
b2c23da8 288 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
e3d84721
LP		 289 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
290 if (r < 0)
a40eb732 291 return r;
2a77d31d 292 }
a40eb732 293
ead8e478 294 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
a40eb732
LP		 295}
296
44a6b1b6 297_pure_ static bool socket_has_exec(Socket *s) {
4cfc6dbe
LP		 298 unsigned i;
299 assert(s);
300
301 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
302 if (s->exec_command[i])
303 return true;
304
305 return false;
306}
307
e821075a
LP		 308static int socket_add_extras(Socket *s) {
309 Unit *u = UNIT(s);
e537352b 310 int r;
44d8db9e 311
e821075a 312 assert(s);
57020a3a 313
e821075a 314 if (have_non_accept_socket(s)) {
23a177ef 315
e821075a
LP		 316 if (!UNIT_DEREF(s->service)) {
317 Unit *x;
57020a3a 318
e821075a 319 r = unit_load_related_unit(u, ".service", &x);
57020a3a 320 if (r < 0)
4f2d528d 321 return r;
e821075a
LP		 322
323 unit_ref_set(&s->service, x);
4f2d528d 324 }
44d8db9e 325
e821075a
LP		 326 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
327 if (r < 0)
6e2ef85b 328 return r;
e821075a 329 }
6e2ef85b 330
e821075a
LP		 331 r = socket_add_mount_links(s);
332 if (r < 0)
333 return r;
6e2ef85b 334
e821075a
LP		 335 r = socket_add_device_link(s);
336 if (r < 0)
337 return r;
338
598459ce 339 r = unit_patch_contexts(u);
e821075a
LP		 340 if (r < 0)
341 return r;
342
343 if (socket_has_exec(s)) {
344 r = unit_add_exec_dependencies(u, &s->exec_context);
345 if (r < 0)
346 return r;
23a177ef 347
598459ce 348 r = unit_add_default_slice(u, &s->cgroup_context);
a016b922
LP		 349 if (r < 0)
350 return r;
e821075a 351 }
a016b922 352
e821075a
LP		 353 if (u->default_dependencies) {
354 r = socket_add_default_dependencies(s);
355 if (r < 0)
356 return r;
357 }
358
359 return 0;
360}
361
811ba7a0
LP		 362static const char *socket_find_symlink_target(Socket *s) {
363 const char *found = NULL;
364 SocketPort *p;
365
366 LIST_FOREACH(port, p, s->ports) {
367 const char *f = NULL;
368
369 switch (p->type) {
370
371 case SOCKET_FIFO:
372 f = p->path;
373 break;
374
375 case SOCKET_SOCKET:
376 if (p->address.sockaddr.un.sun_path[0] != 0)
377 f = p->address.sockaddr.un.sun_path;
378 break;
379
380 default:
381 break;
382 }
383
384 if (f) {
385 if (found)
386 return NULL;
387
388 found = f;
389 }
390 }
391
392 return found;
393}
394
e821075a
LP		 395static int socket_verify(Socket *s) {
396 assert(s);
397
398 if (UNIT(s)->load_state != UNIT_LOADED)
399 return 0;
400
401 if (!s->ports) {
f2341e0a 402 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
e821075a
LP		 403 return -EINVAL;
404 }
405
406 if (s->accept && have_non_accept_socket(s)) {
f2341e0a 407 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
e821075a
LP		 408 return -EINVAL;
409 }
410
411 if (s->accept && s->max_connections <= 0) {
f2341e0a 412 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
e821075a
LP		 413 return -EINVAL;
414 }
e06c73cc 415
e821075a 416 if (s->accept && UNIT_DEREF(s->service)) {
f2341e0a 417 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
e821075a
LP		 418 return -EINVAL;
419 }
420
421 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
f2341e0a 422 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
e821075a
LP		 423 return -EINVAL;
424 }
425
811ba7a0 426 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
f2341e0a 427 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
811ba7a0
LP		 428 return -EINVAL;
429 }
430
e821075a
LP		 431 return 0;
432}
433
434static int socket_load(Unit *u) {
435 Socket *s = SOCKET(u);
436 int r;
437
438 assert(u);
439 assert(u->load_state == UNIT_STUB);
440
441 r = unit_load_fragment_and_dropin(u);
442 if (r < 0)
443 return r;
444
445 if (u->load_state == UNIT_LOADED) {
446 /* This is a new unit? Then let's add in some extras */
447 r = socket_add_extras(s);
e06c73cc
LP		 448 if (r < 0)
449 return r;
23a177ef
LP		 450 }
451
4f2d528d 452 return socket_verify(s);
44d8db9e
LP		 453}
454
44a6b1b6 455_const_ static const char* listen_lookup(int family, int type) {
7a22745a
LP		 456
457 if (family == AF_NETLINK)
458 return "ListenNetlink";
542563ba
LP		 459
460 if (type == SOCK_STREAM)
461 return "ListenStream";
462 else if (type == SOCK_DGRAM)
463 return "ListenDatagram";
464 else if (type == SOCK_SEQPACKET)
465 return "ListenSequentialPacket";
466
034c6ed7 467 assert_not_reached("Unknown socket type");
542563ba
LP		 468 return NULL;
469}
470
87f0e418 471static void socket_dump(Unit *u, FILE *f, const char *prefix) {
209e9dcd 472 char time_string[FORMAT_TIMESPAN_MAX];
5cb5a6ff 473 SocketExecCommand c;
87f0e418 474 Socket *s = SOCKET(u);
542563ba 475 SocketPort *p;
82ba9f08 476 const char *prefix2;
5cb5a6ff
LP		 477
478 assert(s);
fa068367 479 assert(f);
5cb5a6ff 480
4c940960 481 prefix = strempty(prefix);
63c372cb 482 prefix2 = strjoina(prefix, "\t");
c43d20a0 483
5cb5a6ff
LP		 484 fprintf(f,
485 "%sSocket State: %s\n"
81a5c6d0 486 "%sResult: %s\n"
542563ba 487 "%sBindIPv6Only: %s\n"
b5a0699f
LP		 488 "%sBacklog: %u\n"
489 "%sSocketMode: %04o\n"
4fd5948e
LP		 490 "%sDirectoryMode: %04o\n"
491 "%sKeepAlive: %s\n"
4427c3f4 492 "%sNoDelay: %s\n"
cebf8b20 493 "%sFreeBind: %s\n"
6b6d2dee 494 "%sTransparent: %s\n"
ec6370a2 495 "%sBroadcast: %s\n"
ede3deb4 496 "%sPassCredentials: %s\n"
54ecda32 497 "%sPassSecurity: %s\n"
bd1fe7c7 498 "%sTCPCongestion: %s\n"
16115b0a
MS		 499 "%sRemoveOnStop: %s\n"
500 "%sSELinuxContextFromNet: %s\n",
a16e1123 501 prefix, socket_state_to_string(s->state),
81a5c6d0 502 prefix, socket_result_to_string(s->result),
c0120d99 503 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
b5a0699f
LP		 504 prefix, s->backlog,
505 prefix, s->socket_mode,
4fd5948e
LP		 506 prefix, s->directory_mode,
507 prefix, yes_no(s->keep_alive),
4427c3f4 508 prefix, yes_no(s->no_delay),
cebf8b20 509 prefix, yes_no(s->free_bind),
6b6d2dee 510 prefix, yes_no(s->transparent),
ec6370a2 511 prefix, yes_no(s->broadcast),
d68af586 512 prefix, yes_no(s->pass_cred),
54ecda32 513 prefix, yes_no(s->pass_sec),
bd1fe7c7 514 prefix, strna(s->tcp_congestion),
16115b0a
MS		 515 prefix, yes_no(s->remove_on_stop),
516 prefix, yes_no(s->selinux_context_from_net));
542563ba 517
70123e68
LP		 518 if (s->control_pid > 0)
519 fprintf(f,
de0671ee
ZJS		 520 "%sControl PID: "PID_FMT"\n",
521 prefix, s->control_pid);
70123e68 522
acbb0225
LP		 523 if (s->bind_to_device)
524 fprintf(f,
525 "%sBindToDevice: %s\n",
526 prefix, s->bind_to_device);
527
4f2d528d
LP		 528 if (s->accept)
529 fprintf(f,
6cf6bbc2
LP		 530 "%sAccepted: %u\n"
531 "%sNConnections: %u\n"
532 "%sMaxConnections: %u\n",
533 prefix, s->n_accepted,
534 prefix, s->n_connections,
535 prefix, s->max_connections);
4f2d528d 536
4fd5948e
LP		 537 if (s->priority >= 0)
538 fprintf(f,
539 "%sPriority: %i\n",
540 prefix, s->priority);
541
542 if (s->receive_buffer > 0)
543 fprintf(f,
544 "%sReceiveBuffer: %zu\n",
545 prefix, s->receive_buffer);
546
547 if (s->send_buffer > 0)
548 fprintf(f,
549 "%sSendBuffer: %zu\n",
550 prefix, s->send_buffer);
551
552 if (s->ip_tos >= 0)
553 fprintf(f,
554 "%sIPTOS: %i\n",
555 prefix, s->ip_tos);
556
557 if (s->ip_ttl >= 0)
558 fprintf(f,
559 "%sIPTTL: %i\n",
560 prefix, s->ip_ttl);
561
562 if (s->pipe_size > 0)
563 fprintf(f,
564 "%sPipeSize: %zu\n",
565 prefix, s->pipe_size);
566
567 if (s->mark >= 0)
568 fprintf(f,
569 "%sMark: %i\n",
570 prefix, s->mark);
571
916abb21
LP		 572 if (s->mq_maxmsg > 0)
573 fprintf(f,
574 "%sMessageQueueMaxMessages: %li\n",
575 prefix, s->mq_maxmsg);
576
577 if (s->mq_msgsize > 0)
578 fprintf(f,
579 "%sMessageQueueMessageSize: %li\n",
580 prefix, s->mq_msgsize);
581
718db961 582 if (s->reuse_port)
f7db7a69
SL		 583 fprintf(f,
584 "%sReusePort: %s\n",
718db961 585 prefix, yes_no(s->reuse_port));
f7db7a69 586
0eb59ccf
AK		 587 if (s->smack)
588 fprintf(f,
589 "%sSmackLabel: %s\n",
590 prefix, s->smack);
591
592 if (s->smack_ip_in)
593 fprintf(f,
594 "%sSmackLabelIPIn: %s\n",
595 prefix, s->smack_ip_in);
596
597 if (s->smack_ip_out)
598 fprintf(f,
599 "%sSmackLabelIPOut: %s\n",
600 prefix, s->smack_ip_out);
601
3900e5fd
LP		 602 if (!isempty(s->user) || !isempty(s->group))
603 fprintf(f,
604 "%sOwnerUser: %s\n"
605 "%sOwnerGroup: %s\n",
606 prefix, strna(s->user),
607 prefix, strna(s->group));
608
3cd761e4 609 if (s->keep_alive_time > 0)
209e9dcd 610 fprintf(f,
3cd761e4
LP		 611 "%sKeepAliveTimeSec: %s\n",
612 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
209e9dcd 613
3cd761e4 614 if (s->keep_alive_interval)
209e9dcd 615 fprintf(f,
3cd761e4
LP		 616 "%sKeepAliveIntervalSec: %s\n",
617 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
209e9dcd 618
3cd761e4 619 if (s->keep_alive_cnt)
209e9dcd
SS		 620 fprintf(f,
621 "%sKeepAliveProbes: %u\n",
622 prefix, s->keep_alive_cnt);
623
3cd761e4 624 if (s->defer_accept)
cc567c9b 625 fprintf(f,
3cd761e4
LP		 626 "%sDeferAcceptSec: %s\n",
627 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
cc567c9b 628
034c6ed7 629 LIST_FOREACH(port, p, s->ports) {
5cb5a6ff 630
542563ba
LP		 631 if (p->type == SOCKET_SOCKET) {
632 const char *t;
633 int r;
e364ad06 634 char *k = NULL;
542563ba
LP		 635
636 if ((r = socket_address_print(&p->address, &k)) < 0)
637 t = strerror(-r);
638 else
639 t = k;
640
7a22745a 641 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
542563ba 642 free(k);
b0a3f2bc
LP		 643 } else if (p->type == SOCKET_SPECIAL)
644 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
916abb21
LP		 645 else if (p->type == SOCKET_MQUEUE)
646 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
b0a3f2bc 647 else
542563ba
LP		 648 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
649 }
5cb5a6ff
LP		 650
651 exec_context_dump(&s->exec_context, f, prefix);
4819ff03 652 kill_context_dump(&s->kill_context, f, prefix);
5cb5a6ff 653
e537352b 654 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
c43d20a0
LP		 655 if (!s->exec_command[c])
656 continue;
5cb5a6ff 657
40d50879 658 fprintf(f, "%s-> %s:\n",
a16e1123 659 prefix, socket_exec_command_to_string(c));
c43d20a0
LP		 660
661 exec_command_dump_list(s->exec_command[c], f, prefix2);
5cb5a6ff
LP		 662 }
663}
664
4f2d528d
LP		 665static int instance_from_socket(int fd, unsigned nr, char **instance) {
666 socklen_t l;
667 char *r;
9d16d0c7 668 union sockaddr_union local, remote;
4f2d528d
LP		 669
670 assert(fd >= 0);
671 assert(instance);
672
673 l = sizeof(local);
674 if (getsockname(fd, &local.sa, &l) < 0)
675 return -errno;
676
677 l = sizeof(remote);
678 if (getpeername(fd, &remote.sa, &l) < 0)
679 return -errno;
680
681 switch (local.sa.sa_family) {
682
683 case AF_INET: {
684 uint32_t
685 a = ntohl(local.in.sin_addr.s_addr),
686 b = ntohl(remote.in.sin_addr.s_addr);
687
688 if (asprintf(&r,
77b088c2
LP		 689 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
690 nr,
4f2d528d
LP		 691 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
692 ntohs(local.in.sin_port),
693 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
694 ntohs(remote.in.sin_port)) < 0)
695 return -ENOMEM;
696
697 break;
698 }
699
700 case AF_INET6: {
c65a0b14 701 static const unsigned char ipv4_prefix[] = {
2b061f5a
LP		 702 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
703 };
704
705 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
706 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
707 const uint8_t
708 *a = local.in6.sin6_addr.s6_addr+12,
709 *b = remote.in6.sin6_addr.s6_addr+12;
710
711 if (asprintf(&r,
77b088c2
LP		 712 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
713 nr,
2b061f5a
LP		 714 a[0], a[1], a[2], a[3],
715 ntohs(local.in6.sin6_port),
716 b[0], b[1], b[2], b[3],
717 ntohs(remote.in6.sin6_port)) < 0)
718 return -ENOMEM;
719 } else {
720 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
721
722 if (asprintf(&r,
77b088c2
LP		 723 "%u-%s:%u-%s:%u",
724 nr,
2b061f5a
LP		 725 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
726 ntohs(local.in6.sin6_port),
727 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
728 ntohs(remote.in6.sin6_port)) < 0)
729 return -ENOMEM;
730 }
4f2d528d
LP		 731
732 break;
733 }
734
735 case AF_UNIX: {
736 struct ucred ucred;
eff05270 737 int k;
4f2d528d 738
eff05270 739 k = getpeercred(fd, &ucred);
d38f6e34
ZJS		 740 if (k >= 0) {
741 if (asprintf(&r,
742 "%u-"PID_FMT"-"UID_FMT,
743 nr, ucred.pid, ucred.uid) < 0)
744 return -ENOMEM;
745 } else if (k == -ENODATA) {
746 /* This handles the case where somebody is
747 * connecting from another pid/uid namespace
748 * (e.g. from outside of our container). */
749 if (asprintf(&r,
750 "%u-unknown",
751 nr) < 0)
752 return -ENOMEM;
753 } else
eff05270 754 return k;
2f20a8eb 755
2f20a8eb 756 break;
4f2d528d
LP		 757 }
758
759 default:
760 assert_not_reached("Unhandled socket type.");
761 }
762
763 *instance = r;
764 return 0;
765}
766
034c6ed7 767static void socket_close_fds(Socket *s) {
83c60c9f 768 SocketPort *p;
811ba7a0 769 char **i;
83c60c9f
LP		 770
771 assert(s);
772
034c6ed7 773 LIST_FOREACH(port, p, s->ports) {
718db961
LP		 774
775 p->event_source = sd_event_source_unref(p->event_source);
776
83c60c9f
LP		 777 if (p->fd < 0)
778 continue;
779
03e334a1 780 p->fd = safe_close(p->fd);
a16e1123 781
bd1fe7c7
LP		 782 /* One little note: we should normally not delete any
783 * sockets in the file system here! After all some
784 * other process we spawned might still have a
785 * reference of this fd and wants to continue to use
786 * it. Therefore we delete sockets in the file system
787 * before we create a new one, not after we stopped
788 * using one! */
789
790 if (s->remove_on_stop) {
791 switch (p->type) {
792
793 case SOCKET_FIFO:
794 unlink(p->path);
795 break;
796
797 case SOCKET_MQUEUE:
798 mq_unlink(p->path);
799 break;
800
801 case SOCKET_SOCKET:
802 socket_address_unlink(&p->address);
803 break;
804
805 default:
806 break;
807 }
808 }
83c60c9f 809 }
811ba7a0
LP		 810
811 if (s->remove_on_stop)
812 STRV_FOREACH(i, s->symlinks)
813 unlink(*i);
83c60c9f
LP		 814}
815
4fd5948e 816static void socket_apply_socket_options(Socket *s, int fd) {
d53e386d
LP		 817 int r;
818
4fd5948e
LP		 819 assert(s);
820 assert(fd >= 0);
821
822 if (s->keep_alive) {
823 int b = s->keep_alive;
824 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
f2341e0a 825 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
4fd5948e
LP		 826 }
827
209e9dcd
SS		 828 if (s->keep_alive_time) {
829 int value = s->keep_alive_time / USEC_PER_SEC;
830 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
f2341e0a 831 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
209e9dcd
SS		 832 }
833
834 if (s->keep_alive_interval) {
920b52e4 835 int value = s->keep_alive_interval / USEC_PER_SEC;
209e9dcd 836 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
f2341e0a 837 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
209e9dcd
SS		 838 }
839
840 if (s->keep_alive_cnt) {
841 int value = s->keep_alive_cnt;
842 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
f2341e0a 843 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
209e9dcd
SS		 844 }
845
cc567c9b
SS		 846 if (s->defer_accept) {
847 int value = s->defer_accept / USEC_PER_SEC;
848 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
f2341e0a 849 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
cc567c9b
SS		 850 }
851
4427c3f4
SS		 852 if (s->no_delay) {
853 int b = s->no_delay;
854 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
f2341e0a 855 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
4427c3f4
SS		 856 }
857
ec6370a2
LP		 858 if (s->broadcast) {
859 int one = 1;
860 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
f2341e0a 861 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
ec6370a2
LP		 862 }
863
d68af586
MS		 864 if (s->pass_cred) {
865 int one = 1;
866 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
f2341e0a 867 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
d68af586
MS		 868 }
869
54ecda32
LP		 870 if (s->pass_sec) {
871 int one = 1;
872 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
f2341e0a 873 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
54ecda32
LP		 874 }
875
4fd5948e
LP		 876 if (s->priority >= 0)
877 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
f2341e0a 878 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
4fd5948e
LP		 879
880 if (s->receive_buffer > 0) {
881 int value = (int) s->receive_buffer;
7d9eaa84
LP		 882
883 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
884
b8cef44e 885 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 886 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
f2341e0a 887 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
4fd5948e
LP		 888 }
889
890 if (s->send_buffer > 0) {
891 int value = (int) s->send_buffer;
b8cef44e 892 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 893 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
f2341e0a 894 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
4fd5948e
LP		 895 }
896
897 if (s->mark >= 0)
898 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
f2341e0a 899 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
4fd5948e
LP		 900
901 if (s->ip_tos >= 0)
902 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
f2341e0a 903 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
4fd5948e 904
46925ac5 905 if (s->ip_ttl >= 0) {
d53e386d 906 int x;
46925ac5
LP		 907
908 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
5bfcc1c6
FF		 909
910 if (socket_ipv6_is_supported())
911 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
912 else {
913 x = -1;
914 errno = EAFNOSUPPORT;
915 }
46925ac5
LP		 916
917 if (r < 0 && x < 0)
f2341e0a 918 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
46925ac5 919 }
cebf8b20
TT		 920
921 if (s->tcp_congestion)
922 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
f2341e0a 923 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
0eb59ccf 924
718db961
LP		 925 if (s->reuse_port) {
926 int b = s->reuse_port;
f0511bd7 927 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
f2341e0a 928 log_unit_warning_errno(UNIT(s), errno, "SO_REUSEPORT failed: %m");
f7db7a69
SL		 929 }
930
d53e386d
LP		 931 if (s->smack_ip_in) {
932 r = mac_smack_apply_ip_in_fd(fd, s->smack_ip_in);
933 if (r < 0)
f2341e0a 934 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
d53e386d 935 }
9a4e038c 936
d53e386d
LP		 937 if (s->smack_ip_out) {
938 r = mac_smack_apply_ip_out_fd(fd, s->smack_ip_out);
939 if (r < 0)
f2341e0a 940 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
d53e386d 941 }
4fd5948e
LP		 942}
943
b15bdda8 944static void socket_apply_fifo_options(Socket *s, int fd) {
d53e386d
LP		 945 int r;
946
4fd5948e
LP		 947 assert(s);
948 assert(fd >= 0);
949
950 if (s->pipe_size > 0)
951 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
f2341e0a 952 log_unit_warning_errno(UNIT(s), errno, "F_SETPIPE_SZ: %m");
0eb59ccf 953
d53e386d
LP		 954 if (s->smack) {
955 r = mac_smack_apply_fd(fd, s->smack);
956 if (r < 0)
f2341e0a 957 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_fd: %m");
d53e386d 958 }
4fd5948e
LP		 959}
960
b15bdda8
LP		 961static int fifo_address_create(
962 const char *path,
963 mode_t directory_mode,
964 mode_t socket_mode,
b15bdda8
LP		 965 int *_fd) {
966
7a58bfa4 967 int fd = -1, r = 0;
b15bdda8
LP		 968 struct stat st;
969 mode_t old_mask;
970
971 assert(path);
972 assert(_fd);
973
d2e54fae 974 mkdir_parents_label(path, directory_mode);
b15bdda8 975
ecabcf8b 976 r = mac_selinux_create_file_prepare(path, S_IFIFO);
e9a5ef7c 977 if (r < 0)
56cf987f 978 goto fail;
b15bdda8
LP		 979
980 /* Enforce the right access mode for the fifo */
981 old_mask = umask(~ socket_mode);
982
983 /* Include the original umask in our mask */
984 umask(~socket_mode | old_mask);
985
986 r = mkfifo(path, socket_mode);
987 umask(old_mask);
988
94bc2731 989 if (r < 0 && errno != EEXIST) {
b15bdda8
LP		 990 r = -errno;
991 goto fail;
992 }
993
e4f44e73 994 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
b15bdda8
LP		 995 r = -errno;
996 goto fail;
997 }
998
ecabcf8b 999 mac_selinux_create_file_clear();
7a58bfa4 1000
b15bdda8
LP		 1001 if (fstat(fd, &st) < 0) {
1002 r = -errno;
1003 goto fail;
1004 }
1005
1006 if (!S_ISFIFO(st.st_mode) ||
de0200fc 1007 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
e4f44e73
DR		 1008 st.st_uid != getuid() ||
1009 st.st_gid != getgid()) {
b15bdda8
LP		 1010
1011 r = -EEXIST;
1012 goto fail;
1013 }
1014
1015 *_fd = fd;
1016 return 0;
1017
1018fail:
ecabcf8b 1019 mac_selinux_create_file_clear();
03e334a1 1020 safe_close(fd);
b15bdda8
LP		 1021
1022 return r;
1023}
1024
b0a3f2bc
LP		 1025static int special_address_create(
1026 const char *path,
1027 int *_fd) {
1028
1029 int fd = -1, r = 0;
1030 struct stat st;
1031
1032 assert(path);
1033 assert(_fd);
1034
811ba7a0
LP		 1035 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1036 if (fd < 0) {
b0a3f2bc
LP		 1037 r = -errno;
1038 goto fail;
1039 }
1040
1041 if (fstat(fd, &st) < 0) {
1042 r = -errno;
1043 goto fail;
1044 }
1045
1046 /* Check whether this is a /proc, /sys or /dev file or char device */
1047 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1048 r = -EEXIST;
1049 goto fail;
1050 }
1051
1052 *_fd = fd;
1053 return 0;
1054
1055fail:
03e334a1 1056 safe_close(fd);
b0a3f2bc
LP		 1057
1058 return r;
1059}
1060
916abb21
LP		 1061static int mq_address_create(
1062 const char *path,
1063 mode_t mq_mode,
1064 long maxmsg,
1065 long msgsize,
1066 int *_fd) {
1067
1068 int fd = -1, r = 0;
1069 struct stat st;
1070 mode_t old_mask;
1071 struct mq_attr _attr, *attr = NULL;
1072
1073 assert(path);
1074 assert(_fd);
1075
1076 if (maxmsg > 0 && msgsize > 0) {
1077 zero(_attr);
1078 _attr.mq_flags = O_NONBLOCK;
1079 _attr.mq_maxmsg = maxmsg;
1080 _attr.mq_msgsize = msgsize;
1081 attr = &_attr;
1082 }
1083
1084 /* Enforce the right access mode for the mq */
1085 old_mask = umask(~ mq_mode);
1086
1087 /* Include the original umask in our mask */
1088 umask(~mq_mode | old_mask);
916abb21
LP		 1089 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1090 umask(old_mask);
1091
8ea913b2 1092 if (fd < 0) {
916abb21
LP		 1093 r = -errno;
1094 goto fail;
1095 }
1096
1097 if (fstat(fd, &st) < 0) {
1098 r = -errno;
1099 goto fail;
1100 }
1101
1102 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1103 st.st_uid != getuid() ||
1104 st.st_gid != getgid()) {
1105
1106 r = -EEXIST;
1107 goto fail;
1108 }
1109
1110 *_fd = fd;
1111 return 0;
1112
1113fail:
03e334a1 1114 safe_close(fd);
916abb21
LP		 1115 return r;
1116}
1117
811ba7a0
LP		 1118static int socket_symlink(Socket *s) {
1119 const char *p;
1120 char **i;
1121
1122 assert(s);
1123
1124 p = socket_find_symlink_target(s);
1125 if (!p)
1126 return 0;
1127
1128 STRV_FOREACH(i, s->symlinks)
43b133b4 1129 symlink_label(p, *i);
811ba7a0
LP		 1130
1131 return 0;
1132}
1133
034c6ed7 1134static int socket_open_fds(Socket *s) {
83c60c9f
LP		 1135 SocketPort *p;
1136 int r;
56cf987f 1137 char *label = NULL;
049f8642 1138 bool know_label = false;
83c60c9f
LP		 1139
1140 assert(s);
1141
034c6ed7 1142 LIST_FOREACH(port, p, s->ports) {
83c60c9f 1143
034c6ed7
LP		 1144 if (p->fd >= 0)
1145 continue;
83c60c9f
LP		 1146
1147 if (p->type == SOCKET_SOCKET) {
049f8642 1148
7f416dae
LP		 1149 if (!know_label) {
1150 /* Figure out label, if we don't it know
1151 * yet. We do it once, for the first
1152 * socket where we need this and
1153 * remember it for the rest. */
1154
1155 if (s->selinux_context_from_net) {
1156 /* Get it from the network label */
1157
1158 r = mac_selinux_get_our_label(&label);
75514a70 1159 if (r < 0 && r != -EOPNOTSUPP)
7f416dae 1160 goto rollback;
049f8642 1161
7f416dae
LP		 1162 } else {
1163 /* Get it from the executable we are about to start */
1164
1165 r = socket_instantiate_service(s);
1166 if (r < 0)
1167 goto rollback;
1168
1169 if (UNIT_ISSET(s->service) &&
1170 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1171 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
75514a70 1172 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
7f416dae
LP		 1173 goto rollback;
1174 }
189583d7 1175 }
049f8642
LP		 1176
1177 know_label = true;
1178 }
1179
175a3d25
LP		 1180 r = socket_address_listen(
1181 &p->address,
1182 SOCK_CLOEXEC|SOCK_NONBLOCK,
1183 s->backlog,
1184 s->bind_ipv6_only,
1185 s->bind_to_device,
1186 s->free_bind,
1187 s->transparent,
1188 s->directory_mode,
1189 s->socket_mode,
1190 label);
1191 if (r < 0)
83c60c9f
LP		 1192 goto rollback;
1193
175a3d25 1194 p->fd = r;
4fd5948e 1195 socket_apply_socket_options(s, p->fd);
811ba7a0 1196 socket_symlink(s);
4fd5948e 1197
b0a3f2bc
LP		 1198 } else if (p->type == SOCKET_SPECIAL) {
1199
175a3d25
LP		 1200 r = special_address_create(
1201 p->path,
1202 &p->fd);
1203 if (r < 0)
b0a3f2bc
LP		 1204 goto rollback;
1205
b15bdda8 1206 } else if (p->type == SOCKET_FIFO) {
83c60c9f 1207
175a3d25
LP		 1208 r = fifo_address_create(
1209 p->path,
1210 s->directory_mode,
1211 s->socket_mode,
1212 &p->fd);
1213 if (r < 0)
83c60c9f 1214 goto rollback;
83c60c9f 1215
b15bdda8 1216 socket_apply_fifo_options(s, p->fd);
811ba7a0
LP		 1217 socket_symlink(s);
1218
916abb21 1219 } else if (p->type == SOCKET_MQUEUE) {
83c60c9f 1220
175a3d25
LP		 1221 r = mq_address_create(
1222 p->path,
1223 s->socket_mode,
1224 s->mq_maxmsg,
1225 s->mq_msgsize,
1226 &p->fd);
1227 if (r < 0)
916abb21 1228 goto rollback;
b15bdda8
LP		 1229 } else
1230 assert_not_reached("Unknown port type");
034c6ed7
LP		 1231 }
1232
cc56fafe 1233 mac_selinux_free(label);
034c6ed7
LP		 1234 return 0;
1235
1236rollback:
1237 socket_close_fds(s);
cc56fafe 1238 mac_selinux_free(label);
7f416dae 1239
034c6ed7
LP		 1240 return r;
1241}
1242
1243static void socket_unwatch_fds(Socket *s) {
1244 SocketPort *p;
718db961 1245 int r;
9152c765 1246
034c6ed7
LP		 1247 assert(s);
1248
1249 LIST_FOREACH(port, p, s->ports) {
1250 if (p->fd < 0)
1251 continue;
1252
a4152e3f
LP		 1253 if (!p->event_source)
1254 continue;
1255
1256 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1257 if (r < 0)
f2341e0a 1258 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
83c60c9f 1259 }
034c6ed7
LP		 1260}
1261
1262static int socket_watch_fds(Socket *s) {
1263 SocketPort *p;
1264 int r;
1265
1266 assert(s);
83c60c9f 1267
034c6ed7
LP		 1268 LIST_FOREACH(port, p, s->ports) {
1269 if (p->fd < 0)
1270 continue;
1271
cbf60d0a 1272 if (p->event_source) {
718db961 1273 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
cbf60d0a
LP		 1274 if (r < 0)
1275 goto fail;
1276 } else {
151b9b96 1277 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
cbf60d0a
LP		 1278 if (r < 0)
1279 goto fail;
4f2d528d 1280
cbf60d0a 1281 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
718db961 1282 }
034c6ed7 1283 }
83c60c9f 1284
542563ba 1285 return 0;
83c60c9f 1286
034c6ed7 1287fail:
cbf60d0a 1288 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
034c6ed7
LP		 1289 socket_unwatch_fds(s);
1290 return r;
1291}
1292
1293static void socket_set_state(Socket *s, SocketState state) {
1294 SocketState old_state;
1295 assert(s);
1296
1297 old_state = s->state;
1298 s->state = state;
1299
bd1fe7c7
LP		 1300 if (!IN_SET(state,
1301 SOCKET_START_PRE,
3900e5fd 1302 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1303 SOCKET_START_POST,
1304 SOCKET_STOP_PRE,
1305 SOCKET_STOP_PRE_SIGTERM,
1306 SOCKET_STOP_PRE_SIGKILL,
1307 SOCKET_STOP_POST,
1308 SOCKET_FINAL_SIGTERM,
1309 SOCKET_FINAL_SIGKILL)) {
718db961
LP		 1310
1311 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
5e94833f 1312 socket_unwatch_control_pid(s);
034c6ed7 1313 s->control_command = NULL;
a16e1123 1314 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
e537352b 1315 }
034c6ed7 1316
a16e1123
LP		 1317 if (state != SOCKET_LISTENING)
1318 socket_unwatch_fds(s);
1319
bd1fe7c7 1320 if (!IN_SET(state,
3900e5fd 1321 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1322 SOCKET_START_POST,
1323 SOCKET_LISTENING,
1324 SOCKET_RUNNING,
1325 SOCKET_STOP_PRE,
1326 SOCKET_STOP_PRE_SIGTERM,
1327 SOCKET_STOP_PRE_SIGKILL))
034c6ed7
LP		 1328 socket_close_fds(s);
1329
e537352b 1330 if (state != old_state)
f2341e0a 1331 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
acbb0225 1332
e2f3b44c 1333 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
034c6ed7
LP		 1334}
1335
be847e82 1336static int socket_coldplug(Unit *u) {
a16e1123
LP		 1337 Socket *s = SOCKET(u);
1338 int r;
1339
1340 assert(s);
1341 assert(s->state == SOCKET_DEAD);
1342
e821075a
LP		 1343 if (s->deserialized_state == s->state)
1344 return 0;
a16e1123 1345
3900e5fd
LP		 1346 if (IN_SET(s->deserialized_state,
1347 SOCKET_START_PRE,
1348 SOCKET_START_CHOWN,
1349 SOCKET_START_POST,
1350 SOCKET_STOP_PRE,
1351 SOCKET_STOP_PRE_SIGTERM,
1352 SOCKET_STOP_PRE_SIGKILL,
1353 SOCKET_STOP_POST,
1354 SOCKET_FINAL_SIGTERM,
1355 SOCKET_FINAL_SIGKILL)) {
a16e1123 1356
e821075a
LP		 1357 if (s->control_pid <= 0)
1358 return -EBADMSG;
a16e1123 1359
e821075a
LP		 1360 r = unit_watch_pid(UNIT(s), s->control_pid);
1361 if (r < 0)
1362 return r;
a16e1123 1363
e821075a
LP		 1364 r = socket_arm_timer(s);
1365 if (r < 0)
1366 return r;
1367 }
a16e1123 1368
3900e5fd
LP		 1369 if (IN_SET(s->deserialized_state,
1370 SOCKET_START_CHOWN,
1371 SOCKET_START_POST,
1372 SOCKET_LISTENING,
1373 SOCKET_RUNNING,
1374 SOCKET_STOP_PRE,
1375 SOCKET_STOP_PRE_SIGTERM,
1376 SOCKET_STOP_PRE_SIGKILL)) {
e821075a
LP		 1377 r = socket_open_fds(s);
1378 if (r < 0)
1379 return r;
1380 }
a16e1123 1381
e821075a
LP		 1382 if (s->deserialized_state == SOCKET_LISTENING) {
1383 r = socket_watch_fds(s);
1384 if (r < 0)
1385 return r;
a16e1123
LP		 1386 }
1387
e821075a 1388 socket_set_state(s, s->deserialized_state);
a16e1123
LP		 1389 return 0;
1390}
1391
e537352b 1392static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
3900e5fd 1393 _cleanup_free_ char **argv = NULL;
034c6ed7
LP		 1394 pid_t pid;
1395 int r;
9fa95f85
DM		 1396 ExecParameters exec_params = {
1397 .apply_permissions = true,
1398 .apply_chroot = true,
1399 .apply_tty_stdin = true,
6f856a09 1400 .bus_endpoint_fd = -1,
9fa95f85 1401 };
034c6ed7
LP		 1402
1403 assert(s);
1404 assert(c);
1405 assert(_pid);
1406
5ad096b3
LP		 1407 (void) unit_realize_cgroup(UNIT(s));
1408 if (s->reset_cpu_usage) {
1409 (void) unit_reset_cpu_usage(UNIT(s));
1410 s->reset_cpu_usage = false;
1411 }
4ad49000 1412
613b411c
LP		 1413 r = unit_setup_exec_runtime(UNIT(s));
1414 if (r < 0)
1415 goto fail;
1416
718db961 1417 r = socket_arm_timer(s);
36697dc0 1418 if (r < 0)
e537352b 1419 goto fail;
034c6ed7 1420
19f6d710
LP		 1421 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1422 if (r < 0)
9e2f7c11 1423 goto fail;
9e2f7c11 1424
9fa95f85
DM		 1425 exec_params.argv = argv;
1426 exec_params.environment = UNIT(s)->manager->environment;
1427 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1428 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1429 exec_params.cgroup_path = UNIT(s)->cgroup_path;
a931ad47 1430 exec_params.cgroup_delegate = s->cgroup_context.delegate;
9fa95f85 1431 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
9fa95f85 1432
f2341e0a
LP		 1433 r = exec_spawn(UNIT(s),
1434 c,
9e2f7c11 1435 &s->exec_context,
9fa95f85 1436 &exec_params,
613b411c 1437 s->exec_runtime,
9e2f7c11 1438 &pid);
cee288ad
TA		 1439 if (r < 0)
1440 goto fail;
9e2f7c11 1441
3900e5fd 1442 r = unit_watch_pid(UNIT(s), pid);
9e2f7c11 1443 if (r < 0)
3900e5fd 1444 /* FIXME: we need to do something here */
034c6ed7
LP		 1445 goto fail;
1446
3900e5fd
LP		 1447 *_pid = pid;
1448 return 0;
1449
1450fail:
1451 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1452 return r;
1453}
1454
1455static int socket_chown(Socket *s, pid_t *_pid) {
1456 pid_t pid;
1457 int r;
1458
1459 r = socket_arm_timer(s);
1460 if (r < 0)
1461 goto fail;
1462
1463 /* We have to resolve the user names out-of-process, hence
1464 * let's fork here. It's messy, but well, what can we do? */
1465
1466 pid = fork();
1467 if (pid < 0)
1468 return -errno;
1469
1470 if (pid == 0) {
1471 SocketPort *p;
fed1e721
LP		 1472 uid_t uid = UID_INVALID;
1473 gid_t gid = GID_INVALID;
3900e5fd
LP		 1474 int ret;
1475
1476 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1477 ignore_signals(SIGPIPE, -1);
1478 log_forget_fds();
1479
1480 if (!isempty(s->user)) {
1481 const char *user = s->user;
1482
1483 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1484 if (r < 0) {
1485 ret = EXIT_USER;
1486 goto fail_child;
1487 }
1488 }
1489
1490 if (!isempty(s->group)) {
1491 const char *group = s->group;
1492
1493 r = get_group_creds(&group, &gid);
1494 if (r < 0) {
1495 ret = EXIT_GROUP;
1496 goto fail_child;
1497 }
1498 }
1499
1500 LIST_FOREACH(port, p, s->ports) {
e5a1c18d 1501 const char *path = NULL;
3900e5fd
LP		 1502
1503 if (p->type == SOCKET_SOCKET)
1504 path = socket_address_get_path(&p->address);
1505 else if (p->type == SOCKET_FIFO)
1506 path = p->path;
1507
1508 if (!path)
1509 continue;
1510
1511 if (chown(path, uid, gid) < 0) {
1512 r = -errno;
1513 ret = EXIT_CHOWN;
1514 goto fail_child;
1515 }
1516 }
1517
1518 _exit(0);
1519
1520 fail_child:
1521 log_open();
da927ba9 1522 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
3900e5fd
LP		 1523
1524 _exit(ret);
1525 }
1526
718db961
LP		 1527 r = unit_watch_pid(UNIT(s), pid);
1528 if (r < 0)
034c6ed7 1529 goto fail;
83c60c9f 1530
034c6ed7 1531 *_pid = pid;
034c6ed7
LP		 1532 return 0;
1533
1534fail:
718db961 1535 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
83c60c9f 1536 return r;
542563ba
LP		 1537}
1538
cfc4eb4c 1539static void socket_enter_dead(Socket *s, SocketResult f) {
034c6ed7
LP		 1540 assert(s);
1541
cfc4eb4c
LP		 1542 if (f != SOCKET_SUCCESS)
1543 s->result = f;
034c6ed7 1544
613b411c
LP		 1545 exec_runtime_destroy(s->exec_runtime);
1546 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1547
e66cf1a3
LP		 1548 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1549
cfc4eb4c 1550 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
034c6ed7
LP		 1551}
1552
cfc4eb4c 1553static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
80876c20 1554
cfc4eb4c 1555static void socket_enter_stop_post(Socket *s, SocketResult f) {
034c6ed7
LP		 1556 int r;
1557 assert(s);
1558
cfc4eb4c
LP		 1559 if (f != SOCKET_SUCCESS)
1560 s->result = f;
034c6ed7 1561
5e94833f 1562 socket_unwatch_control_pid(s);
a16e1123 1563 s->control_command_id = SOCKET_EXEC_STOP_POST;
3900e5fd 1564 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
a16e1123 1565
3900e5fd
LP		 1566 if (s->control_command) {
1567 r = socket_spawn(s, s->control_command, &s->control_pid);
1568 if (r < 0)
034c6ed7
LP		 1569 goto fail;
1570
80876c20
LP		 1571 socket_set_state(s, SOCKET_STOP_POST);
1572 } else
cfc4eb4c 1573 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
034c6ed7
LP		 1574
1575 return;
1576
1577fail:
f2341e0a 1578 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
cfc4eb4c 1579 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1580}
1581
cfc4eb4c 1582static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
034c6ed7
LP		 1583 int r;
1584
1585 assert(s);
1586
cfc4eb4c
LP		 1587 if (f != SOCKET_SUCCESS)
1588 s->result = f;
034c6ed7 1589
cd2086fe
LP		 1590 r = unit_kill_context(
1591 UNIT(s),
1592 &s->kill_context,
db2cb23b
UTL		 1593 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1594 KILL_KILL : KILL_TERMINATE,
cd2086fe
LP		 1595 -1,
1596 s->control_pid,
1597 false);
1598 if (r < 0)
1599 goto fail;
034c6ed7 1600
cd2086fe 1601 if (r > 0) {
718db961 1602 r = socket_arm_timer(s);
36697dc0 1603 if (r < 0)
80876c20 1604 goto fail;
d6ea93e3 1605
80876c20 1606 socket_set_state(s, state);
ac84d1fb
LP		 1607 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1608 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1609 else if (state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1610 socket_enter_stop_post(s, SOCKET_SUCCESS);
ac84d1fb
LP		 1611 else if (state == SOCKET_FINAL_SIGTERM)
1612 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
80876c20 1613 else
cfc4eb4c 1614 socket_enter_dead(s, SOCKET_SUCCESS);
034c6ed7
LP		 1615
1616 return;
1617
1618fail:
f2341e0a 1619 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
034c6ed7
LP		 1620
1621 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1622 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1623 else
cfc4eb4c 1624 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1625}
1626
cfc4eb4c 1627static void socket_enter_stop_pre(Socket *s, SocketResult f) {
034c6ed7
LP		 1628 int r;
1629 assert(s);
1630
cfc4eb4c
LP		 1631 if (f != SOCKET_SUCCESS)
1632 s->result = f;
034c6ed7 1633
5e94833f 1634 socket_unwatch_control_pid(s);
a16e1123 1635 s->control_command_id = SOCKET_EXEC_STOP_PRE;
3900e5fd 1636 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
a16e1123 1637
3900e5fd
LP		 1638 if (s->control_command) {
1639 r = socket_spawn(s, s->control_command, &s->control_pid);
1640 if (r < 0)
034c6ed7
LP		 1641 goto fail;
1642
80876c20
LP		 1643 socket_set_state(s, SOCKET_STOP_PRE);
1644 } else
cfc4eb4c 1645 socket_enter_stop_post(s, SOCKET_SUCCESS);
034c6ed7
LP		 1646
1647 return;
1648
1649fail:
f2341e0a 1650 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
cfc4eb4c 1651 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1652}
1653
e9af15c3
LP		 1654static void socket_enter_listening(Socket *s) {
1655 int r;
1656 assert(s);
1657
cfc4eb4c
LP		 1658 r = socket_watch_fds(s);
1659 if (r < 0) {
f2341e0a 1660 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
e9af15c3
LP		 1661 goto fail;
1662 }
1663
1664 socket_set_state(s, SOCKET_LISTENING);
1665 return;
1666
1667fail:
cfc4eb4c 1668 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
e9af15c3
LP		 1669}
1670
034c6ed7
LP		 1671static void socket_enter_start_post(Socket *s) {
1672 int r;
1673 assert(s);
1674
3900e5fd
LP		 1675 socket_unwatch_control_pid(s);
1676 s->control_command_id = SOCKET_EXEC_START_POST;
1677 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1678
1679 if (s->control_command) {
1680 r = socket_spawn(s, s->control_command, &s->control_pid);
1681 if (r < 0) {
f2341e0a 1682 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
3900e5fd
LP		 1683 goto fail;
1684 }
1685
1686 socket_set_state(s, SOCKET_START_POST);
1687 } else
1688 socket_enter_listening(s);
1689
1690 return;
1691
1692fail:
1693 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1694}
1695
1696static void socket_enter_start_chown(Socket *s) {
1697 int r;
1698
1699 assert(s);
1700
cfc4eb4c
LP		 1701 r = socket_open_fds(s);
1702 if (r < 0) {
f2341e0a 1703 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
034c6ed7
LP		 1704 goto fail;
1705 }
1706
3900e5fd 1707 if (!isempty(s->user) || !isempty(s->group)) {
5e94833f 1708
3900e5fd
LP		 1709 socket_unwatch_control_pid(s);
1710 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1711 s->control_command = NULL;
a16e1123 1712
3900e5fd 1713 r = socket_chown(s, &s->control_pid);
cfc4eb4c 1714 if (r < 0) {
f2341e0a 1715 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
034c6ed7
LP		 1716 goto fail;
1717 }
1718
3900e5fd 1719 socket_set_state(s, SOCKET_START_CHOWN);
80876c20 1720 } else
3900e5fd 1721 socket_enter_start_post(s);
034c6ed7
LP		 1722
1723 return;
1724
1725fail:
cfc4eb4c 1726 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1727}
1728
1729static void socket_enter_start_pre(Socket *s) {
1730 int r;
1731 assert(s);
1732
5e94833f 1733 socket_unwatch_control_pid(s);
a16e1123 1734 s->control_command_id = SOCKET_EXEC_START_PRE;
3900e5fd 1735 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
a16e1123 1736
3900e5fd 1737 if (s->control_command) {
e821075a 1738 r = socket_spawn(s, s->control_command, &s->control_pid);
3900e5fd 1739 if (r < 0) {
f2341e0a 1740 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
034c6ed7 1741 goto fail;
3900e5fd 1742 }
034c6ed7 1743
80876c20
LP		 1744 socket_set_state(s, SOCKET_START_PRE);
1745 } else
3900e5fd 1746 socket_enter_start_chown(s);
034c6ed7
LP		 1747
1748 return;
1749
1750fail:
cfc4eb4c 1751 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1752}
1753
4f2d528d 1754static void socket_enter_running(Socket *s, int cfd) {
718db961 1755 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
034c6ed7
LP		 1756 int r;
1757
1758 assert(s);
1759
ba3e67a7
LP		 1760 /* We don't take connections anymore if we are supposed to
1761 * shut down anyway */
31afa0a4 1762 if (unit_stop_pending(UNIT(s))) {
e821075a 1763
f2341e0a 1764 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
5d909e3e 1765
7c610628 1766 if (cfd >= 0)
03e334a1 1767 safe_close(cfd);
7c610628
LP		 1768 else {
1769 /* Flush all sockets by closing and reopening them */
1770 socket_close_fds(s);
1771
16ac4014
LP		 1772 r = socket_open_fds(s);
1773 if (r < 0) {
f2341e0a 1774 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
16ac4014
LP		 1775 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1776 return;
1777 }
1778
1a710b43
MS		 1779 r = socket_watch_fds(s);
1780 if (r < 0) {
f2341e0a 1781 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
cfc4eb4c 1782 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
7c610628
LP		 1783 }
1784 }
1785
ba3e67a7
LP		 1786 return;
1787 }
1788
4f2d528d 1789 if (cfd < 0) {
57020a3a 1790 Iterator i;
e821075a 1791 Unit *other;
f976f3f6 1792 bool pending = false;
f976f3f6
LP		 1793
1794 /* If there's already a start pending don't bother to
1795 * do anything */
e821075a
LP		 1796 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1797 if (unit_active_or_pending(other)) {
57020a3a
LP		 1798 pending = true;
1799 break;
1800 }
f976f3f6 1801
1a710b43 1802 if (!pending) {
640ace4a 1803 if (!UNIT_ISSET(s->service)) {
f2341e0a 1804 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
640ace4a
LP		 1805 r = -ENOENT;
1806 goto fail;
1807 }
1808
1a710b43
MS		 1809 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1810 if (r < 0)
f976f3f6 1811 goto fail;
1a710b43 1812 }
4f2d528d
LP		 1813
1814 socket_set_state(s, SOCKET_RUNNING);
1815 } else {
e55001eb 1816 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
b15bdda8 1817 Service *service;
4f2d528d 1818
6cf6bbc2 1819 if (s->n_connections >= s->max_connections) {
f2341e0a 1820 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
03e334a1 1821 safe_close(cfd);
6cf6bbc2
LP		 1822 return;
1823 }
1824
1a710b43
MS		 1825 r = socket_instantiate_service(s);
1826 if (r < 0)
b15bdda8
LP		 1827 goto fail;
1828
1a710b43
MS		 1829 r = instance_from_socket(cfd, s->n_accepted, &instance);
1830 if (r < 0) {
1831 if (r != -ENOTCONN)
1832 goto fail;
1833
1834 /* ENOTCONN is legitimate if TCP RST was received.
1835 * This connection is over, but the socket unit lives on. */
03e334a1 1836 safe_close(cfd);
1a710b43
MS		 1837 return;
1838 }
4f2d528d 1839
7410616c
LP		 1840 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1841 if (r < 0)
4f2d528d 1842 goto fail;
4f2d528d 1843
7410616c
LP		 1844 r = unit_name_build(prefix, instance, ".service", &name);
1845 if (r < 0)
b6dbbe1c 1846 goto fail;
4f2d528d 1847
1a710b43 1848 r = unit_add_name(UNIT_DEREF(s->service), name);
e55001eb 1849 if (r < 0)
4f2d528d 1850 goto fail;
b15bdda8 1851
57020a3a
LP		 1852 service = SERVICE(UNIT_DEREF(s->service));
1853 unit_ref_unset(&s->service);
b15bdda8 1854 s->n_accepted ++;
4f2d528d 1855
1124fe6f 1856 UNIT(service)->no_gc = false;
6c073082 1857
b15bdda8 1858 unit_choose_id(UNIT(service), name);
b15bdda8 1859
16115b0a 1860 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1a710b43 1861 if (r < 0)
4f2d528d
LP		 1862 goto fail;
1863
1864 cfd = -1;
6cf6bbc2
LP		 1865 s->n_connections ++;
1866
1a710b43
MS		 1867 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1868 if (r < 0)
4f2d528d 1869 goto fail;
c4e2ceae
LP		 1870
1871 /* Notify clients about changed counters */
1872 unit_add_to_dbus_queue(UNIT(s));
4f2d528d 1873 }
034c6ed7 1874
034c6ed7
LP		 1875 return;
1876
1877fail:
f2341e0a
LP		 1878 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1879 cfd >= 0 ? "template" : "non-template",
718db961 1880 bus_error_message(&error, r));
e821075a 1881
60089004 1882 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
03e334a1 1883 safe_close(cfd);
034c6ed7
LP		 1884}
1885
cfc4eb4c 1886static void socket_run_next(Socket *s) {
034c6ed7
LP		 1887 int r;
1888
1889 assert(s);
1890 assert(s->control_command);
1891 assert(s->control_command->command_next);
1892
5e94833f
LP		 1893 socket_unwatch_control_pid(s);
1894
034c6ed7
LP		 1895 s->control_command = s->control_command->command_next;
1896
e821075a
LP		 1897 r = socket_spawn(s, s->control_command, &s->control_pid);
1898 if (r < 0)
034c6ed7
LP		 1899 goto fail;
1900
1901 return;
1902
1903fail:
f2341e0a 1904 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
80876c20
LP		 1905
1906 if (s->state == SOCKET_START_POST)
cfc4eb4c 1907 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1908 else if (s->state == SOCKET_STOP_POST)
cfc4eb4c 1909 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1910 else
cfc4eb4c 1911 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1912}
1913
87f0e418
LP		 1914static int socket_start(Unit *u) {
1915 Socket *s = SOCKET(u);
83c60c9f
LP		 1916
1917 assert(s);
1918
034c6ed7
LP		 1919 /* We cannot fulfill this request right now, try again later
1920 * please! */
3900e5fd
LP		 1921 if (IN_SET(s->state,
1922 SOCKET_STOP_PRE,
1923 SOCKET_STOP_PRE_SIGKILL,
1924 SOCKET_STOP_PRE_SIGTERM,
1925 SOCKET_STOP_POST,
1926 SOCKET_FINAL_SIGTERM,
1927 SOCKET_FINAL_SIGKILL))
034c6ed7
LP		 1928 return -EAGAIN;
1929
a4152e3f 1930 /* Already on it! */
3900e5fd
LP		 1931 if (IN_SET(s->state,
1932 SOCKET_START_PRE,
1933 SOCKET_START_CHOWN,
1934 SOCKET_START_POST))
034c6ed7 1935 return 0;
83c60c9f 1936
034c6ed7 1937 /* Cannot run this without the service being around */
9444b1f2 1938 if (UNIT_ISSET(s->service)) {
57020a3a
LP		 1939 Service *service;
1940
1941 service = SERVICE(UNIT_DEREF(s->service));
1942
1124fe6f 1943 if (UNIT(service)->load_state != UNIT_LOADED) {
f2341e0a 1944 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
4f2d528d 1945 return -ENOENT;
4ac9236f 1946 }
4f2d528d 1947
35b8ca3a 1948 /* If the service is already active we cannot start the
4f2d528d 1949 * socket */
57020a3a
LP		 1950 if (service->state != SERVICE_DEAD &&
1951 service->state != SERVICE_FAILED &&
1952 service->state != SERVICE_AUTO_RESTART) {
f2341e0a 1953 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
4f2d528d 1954 return -EBUSY;
4ac9236f 1955 }
4f2d528d 1956 }
e537352b 1957
fdf20a31 1958 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
83c60c9f 1959
cfc4eb4c 1960 s->result = SOCKET_SUCCESS;
5ad096b3
LP		 1961 s->reset_cpu_usage = true;
1962
034c6ed7 1963 socket_enter_start_pre(s);
e821075a 1964
82a2b6bb 1965 return 1;
034c6ed7 1966}
83c60c9f 1967
87f0e418
LP		 1968static int socket_stop(Unit *u) {
1969 Socket *s = SOCKET(u);
034c6ed7
LP		 1970
1971 assert(s);
1972
e537352b 1973 /* Already on it */
3900e5fd
LP		 1974 if (IN_SET(s->state,
1975 SOCKET_STOP_PRE,
1976 SOCKET_STOP_PRE_SIGTERM,
1977 SOCKET_STOP_PRE_SIGKILL,
1978 SOCKET_STOP_POST,
1979 SOCKET_FINAL_SIGTERM,
1980 SOCKET_FINAL_SIGKILL))
e537352b
LP		 1981 return 0;
1982
3f6c78dc
LP		 1983 /* If there's already something running we go directly into
1984 * kill mode. */
3900e5fd
LP		 1985 if (IN_SET(s->state,
1986 SOCKET_START_PRE,
1987 SOCKET_START_CHOWN,
1988 SOCKET_START_POST)) {
cfc4eb4c 1989 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
3f6c78dc
LP		 1990 return -EAGAIN;
1991 }
1992
034c6ed7 1993 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
83c60c9f 1994
cfc4eb4c 1995 socket_enter_stop_pre(s, SOCKET_SUCCESS);
82a2b6bb 1996 return 1;
542563ba
LP		 1997}
1998
a16e1123
LP		 1999static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2000 Socket *s = SOCKET(u);
2001 SocketPort *p;
2002 int r;
2003
2004 assert(u);
2005 assert(f);
2006 assert(fds);
2007
2008 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
cfc4eb4c 2009 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
a16e1123
LP		 2010 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2011
2012 if (s->control_pid > 0)
de0671ee 2013 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
a16e1123
LP		 2014
2015 if (s->control_command_id >= 0)
2016 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2017
2018 LIST_FOREACH(port, p, s->ports) {
2019 int copy;
2020
2021 if (p->fd < 0)
2022 continue;
2023
613b411c
LP		 2024 copy = fdset_put_dup(fds, p->fd);
2025 if (copy < 0)
a16e1123
LP		 2026 return copy;
2027
2028 if (p->type == SOCKET_SOCKET) {
613b411c 2029 _cleanup_free_ char *t = NULL;
a16e1123 2030
ee092817
LP		 2031 r = socket_address_print(&p->address, &t);
2032 if (r < 0)
a16e1123
LP		 2033 return r;
2034
7a22745a
LP		 2035 if (socket_address_family(&p->address) == AF_NETLINK)
2036 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2037 else
2038 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
613b411c 2039
b0a3f2bc
LP		 2040 } else if (p->type == SOCKET_SPECIAL)
2041 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
ee092817
LP		 2042 else if (p->type == SOCKET_MQUEUE)
2043 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
b0a3f2bc 2044 else {
a16e1123
LP		 2045 assert(p->type == SOCKET_FIFO);
2046 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2047 }
2048 }
2049
2050 return 0;
2051}
2052
2053static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2054 Socket *s = SOCKET(u);
a16e1123
LP		 2055
2056 assert(u);
2057 assert(key);
2058 assert(value);
a16e1123
LP		 2059
2060 if (streq(key, "state")) {
2061 SocketState state;
2062
ee092817
LP		 2063 state = socket_state_from_string(value);
2064 if (state < 0)
f2341e0a 2065 log_unit_debug(u, "Failed to parse state value: %s", value);
a16e1123
LP		 2066 else
2067 s->deserialized_state = state;
cfc4eb4c
LP		 2068 } else if (streq(key, "result")) {
2069 SocketResult f;
a16e1123 2070
cfc4eb4c
LP		 2071 f = socket_result_from_string(value);
2072 if (f < 0)
f2341e0a 2073 log_unit_debug(u, "Failed to parse result value: %s", value);
cfc4eb4c
LP		 2074 else if (f != SOCKET_SUCCESS)
2075 s->result = f;
a16e1123
LP		 2076
2077 } else if (streq(key, "n-accepted")) {
2078 unsigned k;
2079
e364ad06 2080 if (safe_atou(value, &k) < 0)
f2341e0a 2081 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
a16e1123
LP		 2082 else
2083 s->n_accepted += k;
2084 } else if (streq(key, "control-pid")) {
5925dd3c 2085 pid_t pid;
a16e1123 2086
e364ad06 2087 if (parse_pid(value, &pid) < 0)
f2341e0a 2088 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
a16e1123 2089 else
5925dd3c 2090 s->control_pid = pid;
a16e1123
LP		 2091 } else if (streq(key, "control-command")) {
2092 SocketExecCommand id;
2093
66870f90
ZJS		 2094 id = socket_exec_command_from_string(value);
2095 if (id < 0)
f2341e0a 2096 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
a16e1123
LP		 2097 else {
2098 s->control_command_id = id;
2099 s->control_command = s->exec_command[id];
2100 }
2101 } else if (streq(key, "fifo")) {
2102 int fd, skip = 0;
2103 SocketPort *p;
2104
2105 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2106 log_unit_debug(u, "Failed to parse fifo value: %s", value);
a16e1123
LP		 2107 else {
2108
2109 LIST_FOREACH(port, p, s->ports)
b0a3f2bc 2110 if (p->type == SOCKET_FIFO &&
c78e47a6 2111 path_equal_or_files_same(p->path, value+skip))
b0a3f2bc
LP		 2112 break;
2113
2114 if (p) {
03e334a1 2115 safe_close(p->fd);
b0a3f2bc
LP		 2116 p->fd = fdset_remove(fds, fd);
2117 }
2118 }
2119
2120 } else if (streq(key, "special")) {
2121 int fd, skip = 0;
2122 SocketPort *p;
2123
2124 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2125 log_unit_debug(u, "Failed to parse special value: %s", value);
b0a3f2bc
LP		 2126 else {
2127
2128 LIST_FOREACH(port, p, s->ports)
2129 if (p->type == SOCKET_SPECIAL &&
c78e47a6 2130 path_equal_or_files_same(p->path, value+skip))
a16e1123
LP		 2131 break;
2132
2133 if (p) {
03e334a1 2134 safe_close(p->fd);
a16e1123
LP		 2135 p->fd = fdset_remove(fds, fd);
2136 }
2137 }
2138
ee092817
LP		 2139 } else if (streq(key, "mqueue")) {
2140 int fd, skip = 0;
2141 SocketPort *p;
2142
2143 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2144 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
ee092817
LP		 2145 else {
2146
2147 LIST_FOREACH(port, p, s->ports)
2148 if (p->type == SOCKET_MQUEUE &&
c78e47a6 2149 streq(p->path, value+skip))
ee092817
LP		 2150 break;
2151
2152 if (p) {
03e334a1 2153 safe_close(p->fd);
ee092817
LP		 2154 p->fd = fdset_remove(fds, fd);
2155 }
2156 }
2157
a16e1123 2158 } else if (streq(key, "socket")) {
27ca8d7a 2159 int fd, type, skip = 0;
a16e1123
LP		 2160 SocketPort *p;
2161
27ca8d7a 2162 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
f2341e0a 2163 log_unit_debug(u, "Failed to parse socket value: %s", value);
a16e1123
LP		 2164 else {
2165
2166 LIST_FOREACH(port, p, s->ports)
27ca8d7a 2167 if (socket_address_is(&p->address, value+skip, type))
a16e1123
LP		 2168 break;
2169
2170 if (p) {
03e334a1 2171 safe_close(p->fd);
a16e1123
LP		 2172 p->fd = fdset_remove(fds, fd);
2173 }
2174 }
2175
7a22745a
LP		 2176 } else if (streq(key, "netlink")) {
2177 int fd, skip = 0;
2178 SocketPort *p;
2179
2180 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2181 log_unit_debug(u, "Failed to parse socket value: %s", value);
7a22745a
LP		 2182 else {
2183
2184 LIST_FOREACH(port, p, s->ports)
2185 if (socket_address_is_netlink(&p->address, value+skip))
2186 break;
2187
2188 if (p) {
03e334a1 2189 safe_close(p->fd);
7a22745a
LP		 2190 p->fd = fdset_remove(fds, fd);
2191 }
2192 }
a16e1123 2193 } else
f2341e0a 2194 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
a16e1123
LP		 2195
2196 return 0;
2197}
2198
01e10de3
LP		 2199static int socket_distribute_fds(Unit *u, FDSet *fds) {
2200 Socket *s = SOCKET(u);
2201 SocketPort *p;
2202
2203 assert(u);
2204
2205 LIST_FOREACH(port, p, s->ports) {
2206 Iterator i;
2207 int fd;
2208
2209 if (p->type != SOCKET_SOCKET)
2210 continue;
2211
2212 if (p->fd >= 0)
2213 continue;
2214
2215 FDSET_FOREACH(fd, fds, i) {
2216 if (socket_address_matches_fd(&p->address, fd)) {
2217 p->fd = fdset_remove(fds, fd);
2218 s->deserialized_state = SOCKET_LISTENING;
2219 break;
2220 }
2221 }
2222 }
2223
2224 return 0;
2225}
2226
44a6b1b6 2227_pure_ static UnitActiveState socket_active_state(Unit *u) {
87f0e418 2228 assert(u);
5cb5a6ff 2229
acbb0225 2230 return state_translation_table[SOCKET(u)->state];
5cb5a6ff
LP		 2231}
2232
44a6b1b6 2233_pure_ static const char *socket_sub_state_to_string(Unit *u) {
10a94420
LP		 2234 assert(u);
2235
a16e1123 2236 return socket_state_to_string(SOCKET(u)->state);
10a94420
LP		 2237}
2238
67419600
OS		 2239const char* socket_port_type_to_string(SocketPort *p) {
2240
2241 assert(p);
2242
2243 switch (p->type) {
718db961
LP		 2244
2245 case SOCKET_SOCKET:
2246
2247 switch (p->address.type) {
2248
2249 case SOCK_STREAM:
2250 return "Stream";
2251
2252 case SOCK_DGRAM:
2253 return "Datagram";
2254
2255 case SOCK_SEQPACKET:
2256 return "SequentialPacket";
2257
2258 case SOCK_RAW:
2259 if (socket_address_family(&p->address) == AF_NETLINK)
2260 return "Netlink";
2261
2262 default:
2263 return NULL;
2264 }
2265
2266 case SOCKET_SPECIAL:
2267 return "Special";
2268
2269 case SOCKET_MQUEUE:
2270 return "MessageQueue";
2271
2272 case SOCKET_FIFO:
2273 return "FIFO";
2274
2275 default:
2276 return NULL;
67419600
OS		 2277 }
2278}
2279
44a6b1b6 2280_pure_ static bool socket_check_gc(Unit *u) {
6cf6bbc2
LP		 2281 Socket *s = SOCKET(u);
2282
2283 assert(u);
2284
2285 return s->n_connections > 0;
2286}
2287
718db961
LP		 2288static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2289 SocketPort *p = userdata;
4f2d528d 2290 int cfd = -1;
9152c765 2291
718db961 2292 assert(p);
8d567588 2293 assert(fd >= 0);
9152c765 2294
718db961
LP		 2295 if (p->socket->state != SOCKET_LISTENING)
2296 return 0;
871d7de4 2297
f2341e0a 2298 log_unit_debug(UNIT(p->socket), "Incoming traffic");
9152c765 2299
718db961 2300 if (revents != EPOLLIN) {
641e01dc 2301
718db961 2302 if (revents & EPOLLHUP)
f2341e0a 2303 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
641e01dc 2304 else
f2341e0a 2305 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
641e01dc 2306
8d567588 2307 goto fail;
4f2d528d
LP		 2308 }
2309
718db961
LP		 2310 if (p->socket->accept &&
2311 p->type == SOCKET_SOCKET &&
2312 socket_address_can_accept(&p->address)) {
2313
4f2d528d
LP		 2314 for (;;) {
2315
b14eda96
LP		 2316 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2317 if (cfd < 0) {
4f2d528d
LP		 2318
2319 if (errno == EINTR)
2320 continue;
2321
f2341e0a 2322 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
8d567588 2323 goto fail;
4f2d528d
LP		 2324 }
2325
2326 break;
2327 }
4fd5948e 2328
718db961 2329 socket_apply_socket_options(p->socket, cfd);
4f2d528d 2330 }
9152c765 2331
718db961
LP		 2332 socket_enter_running(p->socket, cfd);
2333 return 0;
8d567588
LP		 2334
2335fail:
718db961
LP		 2336 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2337 return 0;
9152c765
LP		 2338}
2339
87f0e418
LP		 2340static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2341 Socket *s = SOCKET(u);
cfc4eb4c 2342 SocketResult f;
5cb5a6ff
LP		 2343
2344 assert(s);
034c6ed7 2345 assert(pid >= 0);
5cb5a6ff 2346
8c47c732
LP		 2347 if (pid != s->control_pid)
2348 return;
542563ba 2349
034c6ed7
LP		 2350 s->control_pid = 0;
2351
96342de6 2352 if (is_clean_exit(code, status, NULL))
cfc4eb4c
LP		 2353 f = SOCKET_SUCCESS;
2354 else if (code == CLD_EXITED)
2355 f = SOCKET_FAILURE_EXIT_CODE;
2356 else if (code == CLD_KILLED)
2357 f = SOCKET_FAILURE_SIGNAL;
2358 else if (code == CLD_DUMPED)
2359 f = SOCKET_FAILURE_CORE_DUMP;
2360 else
a4152e3f 2361 assert_not_reached("Unknown sigchld code");
8c47c732 2362
b708e7ce 2363 if (s->control_command) {
6ea832a2 2364 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
a16e1123 2365
b708e7ce 2366 if (s->control_command->ignore)
cfc4eb4c 2367 f = SOCKET_SUCCESS;
b708e7ce
LP		 2368 }
2369
f2341e0a
LP		 2370 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2371 "Control process exited, code=%s status=%i",
2372 sigchld_code_to_string(code), status);
034c6ed7 2373
cfc4eb4c
LP		 2374 if (f != SOCKET_SUCCESS)
2375 s->result = f;
2376
2377 if (s->control_command &&
2378 s->control_command->command_next &&
2379 f == SOCKET_SUCCESS) {
2380
f2341e0a 2381 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
cfc4eb4c 2382 socket_run_next(s);
acbb0225 2383 } else {
a16e1123
LP		 2384 s->control_command = NULL;
2385 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2386
034c6ed7
LP		 2387 /* No further commands for this step, so let's figure
2388 * out what to do next */
5cb5a6ff 2389
f2341e0a 2390 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
acbb0225 2391
034c6ed7
LP		 2392 switch (s->state) {
2393
2394 case SOCKET_START_PRE:
cfc4eb4c 2395 if (f == SOCKET_SUCCESS)
3900e5fd 2396 socket_enter_start_chown(s);
034c6ed7 2397 else
cfc4eb4c 2398 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
034c6ed7
LP		 2399 break;
2400
3900e5fd
LP		 2401 case SOCKET_START_CHOWN:
2402 if (f == SOCKET_SUCCESS)
2403 socket_enter_start_post(s);
2404 else
2405 socket_enter_stop_pre(s, f);
2406 break;
2407
034c6ed7 2408 case SOCKET_START_POST:
cfc4eb4c 2409 if (f == SOCKET_SUCCESS)
e9af15c3 2410 socket_enter_listening(s);
034c6ed7 2411 else
cfc4eb4c 2412 socket_enter_stop_pre(s, f);
034c6ed7
LP		 2413 break;
2414
2415 case SOCKET_STOP_PRE:
2416 case SOCKET_STOP_PRE_SIGTERM:
2417 case SOCKET_STOP_PRE_SIGKILL:
cfc4eb4c 2418 socket_enter_stop_post(s, f);
034c6ed7
LP		 2419 break;
2420
2421 case SOCKET_STOP_POST:
80876c20
LP		 2422 case SOCKET_FINAL_SIGTERM:
2423 case SOCKET_FINAL_SIGKILL:
cfc4eb4c 2424 socket_enter_dead(s, f);
034c6ed7
LP		 2425 break;
2426
2427 default:
2428 assert_not_reached("Uh, control process died at wrong time.");
2429 }
2430 }
c4e2ceae
LP		 2431
2432 /* Notify clients about changed exit status */
2433 unit_add_to_dbus_queue(u);
034c6ed7 2434}
5cb5a6ff 2435
718db961
LP		 2436static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2437 Socket *s = SOCKET(userdata);
5cb5a6ff 2438
034c6ed7 2439 assert(s);
718db961 2440 assert(s->timer_event_source == source);
034c6ed7
LP		 2441
2442 switch (s->state) {
2443
2444 case SOCKET_START_PRE:
f2341e0a 2445 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
cfc4eb4c 2446 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
da19d5c1 2447 break;
80876c20 2448
3900e5fd 2449 case SOCKET_START_CHOWN:
034c6ed7 2450 case SOCKET_START_POST:
f2341e0a 2451 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
cfc4eb4c 2452 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2453 break;
2454
2455 case SOCKET_STOP_PRE:
f2341e0a 2456 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
cfc4eb4c 2457 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2458 break;
2459
2460 case SOCKET_STOP_PRE_SIGTERM:
4819ff03 2461 if (s->kill_context.send_sigkill) {
f2341e0a 2462 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
cfc4eb4c 2463 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2464 } else {
f2341e0a 2465 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
cfc4eb4c 2466 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2467 }
034c6ed7
LP		 2468 break;
2469
2470 case SOCKET_STOP_PRE_SIGKILL:
f2341e0a 2471 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
cfc4eb4c 2472 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2473 break;
2474
2475 case SOCKET_STOP_POST:
f2341e0a 2476 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
cfc4eb4c 2477 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2478 break;
2479
80876c20 2480 case SOCKET_FINAL_SIGTERM:
4819ff03 2481 if (s->kill_context.send_sigkill) {
f2341e0a 2482 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
cfc4eb4c 2483 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2484 } else {
f2341e0a 2485 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
cfc4eb4c 2486 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2487 }
034c6ed7
LP		 2488 break;
2489
80876c20 2490 case SOCKET_FINAL_SIGKILL:
f2341e0a 2491 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
cfc4eb4c 2492 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2493 break;
2494
2495 default:
2496 assert_not_reached("Timeout at wrong time.");
2497 }
718db961
LP		 2498
2499 return 0;
5cb5a6ff
LP		 2500}
2501
44d8db9e
LP		 2502int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2503 int *rfds;
2504 unsigned rn_fds, k;
2505 SocketPort *p;
2506
2507 assert(s);
2508 assert(fds);
2509 assert(n_fds);
2510
2511 /* Called from the service code for requesting our fds */
2512
2513 rn_fds = 0;
2514 LIST_FOREACH(port, p, s->ports)
2515 if (p->fd >= 0)
2516 rn_fds++;
2517
de3756ab
LP		 2518 if (rn_fds <= 0) {
2519 *fds = NULL;
2520 *n_fds = 0;
2521 return 0;
2522 }
2523
e5403f09
LP		 2524 rfds = new(int, rn_fds);
2525 if (!rfds)
44d8db9e
LP		 2526 return -ENOMEM;
2527
2528 k = 0;
2529 LIST_FOREACH(port, p, s->ports)
2530 if (p->fd >= 0)
2531 rfds[k++] = p->fd;
2532
2533 assert(k == rn_fds);
2534
2535 *fds = rfds;
2536 *n_fds = rn_fds;
2537
2538 return 0;
2539}
2540
e821075a
LP		 2541static void socket_reset_failed(Unit *u) {
2542 Socket *s = SOCKET(u);
2543
2544 assert(s);
2545
2546 if (s->state == SOCKET_FAILED)
2547 socket_set_state(s, SOCKET_DEAD);
2548
2549 s->result = SOCKET_SUCCESS;
2550}
2551
d137a488 2552static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
ceee3d82
LP		 2553 assert(s);
2554
6cf6bbc2
LP		 2555 /* The service is dead. Dang!
2556 *
2557 * This is strictly for one-instance-for-all-connections
2558 * services. */
ceee3d82
LP		 2559
2560 if (s->state == SOCKET_RUNNING) {
f2341e0a 2561 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
6bda96a0
LP		 2562 if (failed_permanent)
2563 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
c2f34808
MS		 2564 else
2565 socket_enter_listening(s);
ceee3d82
LP		 2566 }
2567}
2568
6cf6bbc2
LP		 2569void socket_connection_unref(Socket *s) {
2570 assert(s);
2571
2572 /* The service is dead. Yay!
2573 *
35b8ca3a 2574 * This is strictly for one-instance-per-connection
6cf6bbc2
LP		 2575 * services. */
2576
2577 assert(s->n_connections > 0);
2578 s->n_connections--;
2579
f2341e0a 2580 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
5632e374
LP		 2581}
2582
d137a488
UTL		 2583static void socket_trigger_notify(Unit *u, Unit *other) {
2584 Socket *s = SOCKET(u);
e821075a 2585 Service *se;
d137a488
UTL		 2586
2587 assert(u);
2588 assert(other);
2589
2590 /* Don't propagate state changes from the service if we are
2591 already down or accepting connections */
920b52e4 2592 if ((s->state != SOCKET_RUNNING &&
d137a488
UTL		 2593 s->state != SOCKET_LISTENING) ||
2594 s->accept)
2595 return;
2596
2597 if (other->load_state != UNIT_LOADED ||
2598 other->type != UNIT_SERVICE)
2599 return;
2600
e821075a
LP		 2601 se = SERVICE(other);
2602
d137a488
UTL		 2603 if (se->state == SERVICE_FAILED)
2604 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2605
2606 if (se->state == SERVICE_DEAD ||
d137a488
UTL		 2607 se->state == SERVICE_FINAL_SIGTERM ||
2608 se->state == SERVICE_FINAL_SIGKILL ||
2609 se->state == SERVICE_AUTO_RESTART)
2610 socket_notify_service_dead(s, false);
2611
2612 if (se->state == SERVICE_RUNNING)
2613 socket_set_state(s, SOCKET_RUNNING);
2614}
2615
718db961 2616static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
814cc562 2617 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
8a0867d6
LP		 2618}
2619
68db7a3b
ZJS		 2620static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2621 Socket *s = SOCKET(u);
2622 int r;
2623
2624 if (!s->timer_event_source)
2625 return 0;
2626
2627 r = sd_event_source_get_time(s->timer_event_source, timeout);
2628 if (r < 0)
2629 return r;
2630
2631 return 1;
2632}
2633
a16e1123
LP		 2634static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2635 [SOCKET_DEAD] = "dead",
2636 [SOCKET_START_PRE] = "start-pre",
3900e5fd 2637 [SOCKET_START_CHOWN] = "start-chown",
a16e1123
LP		 2638 [SOCKET_START_POST] = "start-post",
2639 [SOCKET_LISTENING] = "listening",
2640 [SOCKET_RUNNING] = "running",
2641 [SOCKET_STOP_PRE] = "stop-pre",
2642 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2643 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2644 [SOCKET_STOP_POST] = "stop-post",
2645 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2646 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
fdf20a31 2647 [SOCKET_FAILED] = "failed"
a16e1123
LP		 2648};
2649
2650DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2651
2652static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2653 [SOCKET_EXEC_START_PRE] = "StartPre",
3900e5fd 2654 [SOCKET_EXEC_START_CHOWN] = "StartChown",
a16e1123
LP		 2655 [SOCKET_EXEC_START_POST] = "StartPost",
2656 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2657 [SOCKET_EXEC_STOP_POST] = "StopPost"
2658};
2659
2660DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2661
cfc4eb4c
LP		 2662static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2663 [SOCKET_SUCCESS] = "success",
2664 [SOCKET_FAILURE_RESOURCES] = "resources",
2665 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2666 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2667 [SOCKET_FAILURE_SIGNAL] = "signal",
c2f34808 2668 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
6bda96a0 2669 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
cfc4eb4c
LP		 2670};
2671
2672DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2673
87f0e418 2674const UnitVTable socket_vtable = {
7d17cfbc 2675 .object_size = sizeof(Socket),
718db961
LP		 2676 .exec_context_offset = offsetof(Socket, exec_context),
2677 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2678 .kill_context_offset = offsetof(Socket, kill_context),
613b411c 2679 .exec_runtime_offset = offsetof(Socket, exec_runtime),
3ef63c31 2680
f975e971
LP		 2681 .sections =
2682 "Unit\0"
2683 "Socket\0"
2684 "Install\0",
4ad49000 2685 .private_section = "Socket",
71645aca 2686
034c6ed7
LP		 2687 .init = socket_init,
2688 .done = socket_done,
a16e1123
LP		 2689 .load = socket_load,
2690
2691 .coldplug = socket_coldplug,
034c6ed7 2692
5cb5a6ff
LP		 2693 .dump = socket_dump,
2694
542563ba
LP		 2695 .start = socket_start,
2696 .stop = socket_stop,
5cb5a6ff 2697
718db961
LP		 2698 .kill = socket_kill,
2699
68db7a3b
ZJS		 2700 .get_timeout = socket_get_timeout,
2701
a16e1123
LP		 2702 .serialize = socket_serialize,
2703 .deserialize_item = socket_deserialize_item,
01e10de3 2704 .distribute_fds = socket_distribute_fds,
a16e1123 2705
5cb5a6ff 2706 .active_state = socket_active_state,
10a94420 2707 .sub_state_to_string = socket_sub_state_to_string,
5cb5a6ff 2708
6cf6bbc2
LP		 2709 .check_gc = socket_check_gc,
2710
034c6ed7 2711 .sigchld_event = socket_sigchld_event,
4139c1b2 2712
d137a488
UTL		 2713 .trigger_notify = socket_trigger_notify,
2714
fdf20a31 2715 .reset_failed = socket_reset_failed,
5632e374 2716
c4e2ceae 2717 .bus_interface = "org.freedesktop.systemd1.Socket",
718db961 2718 .bus_vtable = bus_socket_vtable,
74c964d3
LP		 2719 .bus_set_property = bus_socket_set_property,
2720 .bus_commit_properties = bus_socket_commit_properties,
c6918296
MS		 2721
2722 .status_message_formats = {
2723 /*.starting_stopping = {
2724 [0] = "Starting socket %s...",
2725 [1] = "Stopping socket %s...",
2726 },*/
2727 .finished_start_job = {
2728 [JOB_DONE] = "Listening on %s.",
2729 [JOB_FAILED] = "Failed to listen on %s.",
2730 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2731 [JOB_TIMEOUT] = "Timed out starting %s.",
2732 },
2733 .finished_stop_job = {
2734 [JOB_DONE] = "Closed %s.",
2735 [JOB_FAILED] = "Failed stopping %s.",
2736 [JOB_TIMEOUT] = "Timed out stopping %s.",
2737 },
2738 },
5cb5a6ff 2739};
Unnamed repository; edit this file 'description' to name the repository.