]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/unit.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
core: split dependency types into atoms
[thirdparty/systemd.git] / src / core / unit.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
a7334b09 2
87f0e418 3#include <errno.h>
0301abf4 4#include <stdlib.h>
4c253ed1 5#include <sys/prctl.h>
4f5dd394 6#include <unistd.h>
87f0e418 7
718db961
LP		 8#include "sd-id128.h"
9#include "sd-messages.h"
4f5dd394 10
57b7a260 11#include "all-units.h"
d68c645b 12#include "alloc-util.h"
fab34748 13#include "bpf-firewall.h"
5f8ba20d 14#include "bpf-foreign.h"
4f5dd394
LP		 15#include "bus-common-errors.h"
16#include "bus-util.h"
fdb3deca 17#include "cgroup-setup.h"
c6c18be3 18#include "cgroup-util.h"
e30bbc90 19#include "core-varlink.h"
4f5dd394
LP		 20#include "dbus-unit.h"
21#include "dbus.h"
22#include "dropin.h"
23#include "escape.h"
24#include "execute.h"
6a48d82f 25#include "fd-util.h"
a5c32cff 26#include "fileio-label.h"
ee228be1 27#include "fileio.h"
f97b34a6 28#include "format-util.h"
4b58153d 29#include "id128-util.h"
5cfa33e0 30#include "install.h"
2d3b784d 31#include "io-util.h"
a3f5fd96 32#include "label.h"
4f5dd394
LP		 33#include "load-dropin.h"
34#include "load-fragment.h"
35#include "log.h"
36#include "macro.h"
f5947a5e 37#include "missing_audit.h"
4f5dd394
LP		 38#include "mkdir.h"
39#include "path-util.h"
0b452006 40#include "process-util.h"
810ef318 41#include "rm-rf.h"
4f5dd394 42#include "set.h"
6eb7c172 43#include "signal-util.h"
91ce91c7 44#include "socket-bind.h"
d3070fbd 45#include "sparse-endian.h"
e9db43d5 46#include "special.h"
2e59b241 47#include "specifier.h"
8fcde012 48#include "stat-util.h"
d054f0a4 49#include "stdio-util.h"
5afe510c 50#include "string-table.h"
07630cea 51#include "string-util.h"
4f5dd394 52#include "strv.h"
5b262f74 53#include "terminal-util.h"
e4de7287 54#include "tmpfile-util.h"
4f4afc88 55#include "umask-util.h"
4f5dd394 56#include "unit-name.h"
e9db43d5 57#include "unit.h"
b1d4f8e1
LP		 58#include "user-util.h"
59#include "virt.h"
91ce91c7
JK		 60#if BPF_FRAMEWORK
61#include "bpf-link.h"
62#endif
87f0e418 63
37109b85
ZJS		 64/* Thresholds for logging at INFO level about resource consumption */
65#define MENTIONWORTHY_CPU_NSEC (1 * NSEC_PER_SEC)
66#define MENTIONWORTHY_IO_BYTES (1024 * 1024ULL)
67#define MENTIONWORTHY_IP_BYTES (0ULL)
68
69/* Thresholds for logging at INFO level about resource consumption */
70#define NOTICEWORTHY_CPU_NSEC (10*60 * NSEC_PER_SEC) /* 10 minutes */
71#define NOTICEWORTHY_IO_BYTES (10 * 1024 * 1024ULL) /* 10 MB */
72#define NOTICEWORTHY_IP_BYTES (128 * 1024 * 1024ULL) /* 128 MB */
73
87f0e418
LP		 74const UnitVTable * const unit_vtable[_UNIT_TYPE_MAX] = {
75 [UNIT_SERVICE] = &service_vtable,
87f0e418
LP		 76 [UNIT_SOCKET] = &socket_vtable,
77 [UNIT_TARGET] = &target_vtable,
78 [UNIT_DEVICE] = &device_vtable,
79 [UNIT_MOUNT] = &mount_vtable,
80 [UNIT_AUTOMOUNT] = &automount_vtable,
01f78473 81 [UNIT_SWAP] = &swap_vtable,
e821075a 82 [UNIT_TIMER] = &timer_vtable,
a016b922 83 [UNIT_PATH] = &path_vtable,
6c12b52e 84 [UNIT_SLICE] = &slice_vtable,
5afe510c 85 [UNIT_SCOPE] = &scope_vtable,
87f0e418
LP		 86};
87
75db809a 88Unit* unit_new(Manager *m, size_t size) {
87f0e418
LP		 89 Unit *u;
90
91 assert(m);
ac155bb8 92 assert(size >= sizeof(Unit));
87f0e418 93
7d17cfbc
MS		 94 u = malloc0(size);
95 if (!u)
87f0e418
LP		 96 return NULL;
97
ac155bb8
MS		 98 u->manager = m;
99 u->type = _UNIT_TYPE_INVALID;
ac155bb8
MS		 100 u->default_dependencies = true;
101 u->unit_file_state = _UNIT_FILE_STATE_INVALID;
d2dc52db 102 u->unit_file_preset = -1;
d420282b 103 u->on_failure_job_mode = JOB_REPLACE;
0bb814c2 104 u->cgroup_control_inotify_wd = -1;
afcfaa69 105 u->cgroup_memory_inotify_wd = -1;
36c16a7c 106 u->job_timeout = USEC_INFINITY;
a2df3ea4 107 u->job_running_timeout = USEC_INFINITY;
00d9ef85
LP		 108 u->ref_uid = UID_INVALID;
109 u->ref_gid = GID_INVALID;
fe700f46 110 u->cpu_usage_last = NSEC_INFINITY;
17f14955 111 u->cgroup_invalidated_mask |= CGROUP_MASK_BPF_FIREWALL;
7af67e9a 112 u->failure_action_exit_status = u->success_action_exit_status = -1;
87f0e418 113
6a48d82f
DM		 114 u->ip_accounting_ingress_map_fd = -1;
115 u->ip_accounting_egress_map_fd = -1;
116 u->ipv4_allow_map_fd = -1;
117 u->ipv6_allow_map_fd = -1;
118 u->ipv4_deny_map_fd = -1;
119 u->ipv6_deny_map_fd = -1;
120
2e59b241
LP		 121 u->last_section_private = -1;
122
7bf081a1 123 u->start_ratelimit = (RateLimit) { m->default_start_limit_interval, m->default_start_limit_burst };
8c227e7f 124 u->auto_stop_ratelimit = (RateLimit) { 10 * USEC_PER_SEC, 16 };
bea355da 125
fbe14fc9
LP		 126 for (CGroupIOAccountingMetric i = 0; i < _CGROUP_IO_ACCOUNTING_METRIC_MAX; i++)
127 u->io_accounting_last[i] = UINT64_MAX;
128
87f0e418
LP		 129 return u;
130}
131
a581e45a 132int unit_new_for_name(Manager *m, size_t size, const char *name, Unit **ret) {
dc409696 133 _cleanup_(unit_freep) Unit *u = NULL;
a581e45a
LP		 134 int r;
135
136 u = unit_new(m, size);
137 if (!u)
138 return -ENOMEM;
139
140 r = unit_add_name(u, name);
dc409696 141 if (r < 0)
a581e45a 142 return r;
a581e45a 143
1cc6c93a
YW		 144 *ret = TAKE_PTR(u);
145
a581e45a
LP		 146 return r;
147}
148
303ee601 149bool unit_has_name(const Unit *u, const char *name) {
f278026d
LP		 150 assert(u);
151 assert(name);
152
4562c355
ZJS		 153 return streq_ptr(name, u->id) ||
154 set_contains(u->aliases, name);
f278026d
LP		 155}
156
598459ce
LP		 157static void unit_init(Unit *u) {
158 CGroupContext *cc;
159 ExecContext *ec;
160 KillContext *kc;
161
162 assert(u);
163 assert(u->manager);
164 assert(u->type >= 0);
165
166 cc = unit_get_cgroup_context(u);
167 if (cc) {
168 cgroup_context_init(cc);
169
170 /* Copy in the manager defaults into the cgroup
171 * context, _before_ the rest of the settings have
172 * been initialized */
173
174 cc->cpu_accounting = u->manager->default_cpu_accounting;
13c31542 175 cc->io_accounting = u->manager->default_io_accounting;
598459ce
LP		 176 cc->blockio_accounting = u->manager->default_blockio_accounting;
177 cc->memory_accounting = u->manager->default_memory_accounting;
03a7b521 178 cc->tasks_accounting = u->manager->default_tasks_accounting;
6a48d82f 179 cc->ip_accounting = u->manager->default_ip_accounting;
0af20ea2
LP		 180
181 if (u->type != UNIT_SLICE)
182 cc->tasks_max = u->manager->default_tasks_max;
598459ce
LP		 183 }
184
185 ec = unit_get_exec_context(u);
b1edf445 186 if (ec) {
598459ce
LP		 187 exec_context_init(ec);
188
5e37d193
FB		 189 if (MANAGER_IS_SYSTEM(u->manager))
190 ec->keyring_mode = EXEC_KEYRING_SHARED;
191 else {
192 ec->keyring_mode = EXEC_KEYRING_INHERIT;
193
194 /* User manager might have its umask redefined by PAM or UMask=. In this
195 * case let the units it manages inherit this value by default. They can
196 * still tune this value through their own unit file */
197 (void) get_process_umask(getpid_cached(), &ec->umask);
198 }
b1edf445
LP		 199 }
200
598459ce
LP		 201 kc = unit_get_kill_context(u);
202 if (kc)
203 kill_context_init(kc);
204
205 if (UNIT_VTABLE(u)->init)
206 UNIT_VTABLE(u)->init(u);
207}
208
4562c355
ZJS		 209static int unit_add_alias(Unit *u, char *donated_name) {
210 int r;
211
212 /* Make sure that u->names is allocated. We may leave u->names
213 * empty if we fail later, but this is not a problem. */
973bc32a 214 r = set_ensure_put(&u->aliases, &string_hash_ops, donated_name);
4562c355
ZJS		 215 if (r < 0)
216 return r;
217 assert(r > 0);
218
219 return 0;
220}
221
87f0e418 222int unit_add_name(Unit *u, const char *text) {
4562c355 223 _cleanup_free_ char *name = NULL, *instance = NULL;
87f0e418 224 UnitType t;
87f0e418
LP		 225 int r;
226
227 assert(u);
228 assert(text);
229
7410616c 230 if (unit_name_is_valid(text, UNIT_NAME_TEMPLATE)) {
ac155bb8 231 if (!u->instance)
acd1987a
WY		 232 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EINVAL),
233 "instance is not set when adding name '%s': %m", text);
87f0e418 234
4562c355 235 r = unit_name_replace_instance(text, u->instance, &name);
7410616c 236 if (r < 0)
acd1987a
WY		 237 return log_unit_debug_errno(u, r,
238 "failed to build instance name from '%s': %m", text);
7410616c 239 } else {
4562c355
ZJS		 240 name = strdup(text);
241 if (!name)
7410616c
LP		 242 return -ENOMEM;
243 }
87f0e418 244
4562c355 245 if (unit_has_name(u, name))
7410616c 246 return 0;
4562c355
ZJS		 247
248 if (hashmap_contains(u->manager->units, name))
acd1987a 249 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EEXIST),
4562c355 250 "unit already exist when adding name '%s': %m", name);
7410616c 251
4562c355 252 if (!unit_name_is_valid(name, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE))
acd1987a 253 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EINVAL),
4562c355 254 "name '%s' is invalid: %m", name);
e537352b 255
4562c355 256 t = unit_name_to_type(name);
7410616c 257 if (t < 0)
acd1987a 258 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EINVAL),
cd990847 259 "failed to derive unit type from name '%s': %m", name);
87f0e418 260
598459ce 261 if (u->type != _UNIT_TYPE_INVALID && t != u->type)
acd1987a
WY		 262 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EINVAL),
263 "unit type is illegal: u->type(%d) and t(%d) for name '%s': %m",
4562c355 264 u->type, t, name);
87f0e418 265
4562c355 266 r = unit_name_to_instance(name, &instance);
e48614c4 267 if (r < 0)
4562c355 268 return log_unit_debug_errno(u, r, "failed to extract instance from name '%s': %m", name);
87f0e418 269
4562c355
ZJS		 270 if (instance && !unit_type_may_template(t))
271 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EINVAL), "templates are not allowed for name '%s': %m", name);
9e2f7c11 272
d383acad
ZJS		 273 /* Ensure that this unit either has no instance, or that the instance matches. */
274 if (u->type != _UNIT_TYPE_INVALID && !streq_ptr(u->instance, instance))
acd1987a 275 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EINVAL),
ada4b34e
ZJS		 276 "cannot add name %s, the instances don't match (\"%s\" != \"%s\").",
277 name, instance, u->instance);
9e2f7c11 278
4562c355 279 if (u->id && !unit_type_may_alias(t))
ada4b34e
ZJS		 280 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EEXIST),
281 "cannot add name %s, aliases are not allowed for %s units.",
282 name, unit_type_to_string(t));
9e2f7c11 283
598459ce 284 if (hashmap_size(u->manager->units) >= MANAGER_MAX_NAMES)
ada4b34e 285 return log_unit_warning_errno(u, SYNTHETIC_ERRNO(E2BIG), "cannot add name, manager has too many units: %m");
4f0f902f 286
4562c355
ZJS		 287 /* Add name to the global hashmap first, because that's easier to undo */
288 r = hashmap_put(u->manager->units, name, u);
7410616c 289 if (r < 0)
acd1987a 290 return log_unit_debug_errno(u, r, "add unit to hashmap failed for name '%s': %m", text);
87f0e418 291
4562c355
ZJS		 292 if (u->id) {
293 r = unit_add_alias(u, name); /* unit_add_alias() takes ownership of the name on success */
294 if (r < 0) {
295 hashmap_remove(u->manager->units, name);
296 return r;
297 }
298 TAKE_PTR(name);
299
300 } else {
301 /* A new name, we don't need the set yet. */
302 assert(u->type == _UNIT_TYPE_INVALID);
303 assert(!u->instance);
304
ac155bb8 305 u->type = t;
4562c355
ZJS		 306 u->id = TAKE_PTR(name);
307 u->instance = TAKE_PTR(instance);
9e2f7c11 308
71fda00f 309 LIST_PREPEND(units_by_type, u->manager->units_by_type[t], u);
598459ce 310 unit_init(u);
598459ce 311 }
9e2f7c11 312
598459ce
LP		 313 unit_add_to_dbus_queue(u);
314 return 0;
87f0e418
LP		 315}
316
0ae97ec1 317int unit_choose_id(Unit *u, const char *name) {
68eda4bd 318 _cleanup_free_ char *t = NULL;
4562c355 319 char *s;
276c3e78 320 int r;
0ae97ec1
LP		 321
322 assert(u);
323 assert(name);
324
7410616c 325 if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) {
ac155bb8 326 if (!u->instance)
9e2f7c11
LP		 327 return -EINVAL;
328
7410616c
LP		 329 r = unit_name_replace_instance(name, u->instance, &t);
330 if (r < 0)
331 return r;
9e2f7c11
LP		 332
333 name = t;
334 }
335
4562c355
ZJS		 336 if (streq_ptr(u->id, name))
337 return 0; /* Nothing to do. */
338
339 /* Selects one of the aliases of this unit as the id */
340 s = set_get(u->aliases, (char*) name);
9e2f7c11 341 if (!s)
0ae97ec1
LP		 342 return -ENOENT;
343
4562c355
ZJS		 344 if (u->id) {
345 r = set_remove_and_put(u->aliases, name, u->id);
346 if (r < 0)
347 return r;
348 } else
349 assert_se(set_remove(u->aliases, name)); /* see set_get() above… */
276c3e78 350
4562c355 351 u->id = s; /* Old u->id is now stored in the set, and s is not stored anywhere */
c1e1601e 352 unit_add_to_dbus_queue(u);
9e2f7c11 353
0ae97ec1
LP		 354 return 0;
355}
356
f50e0a01 357int unit_set_description(Unit *u, const char *description) {
84b26d51 358 int r;
f50e0a01
LP		 359
360 assert(u);
361
84b26d51
LP		 362 r = free_and_strdup(&u->description, empty_to_null(description));
363 if (r < 0)
364 return r;
365 if (r > 0)
366 unit_add_to_dbus_queue(u);
c1e1601e 367
f50e0a01
LP		 368 return 0;
369}
370
f2f725e5 371bool unit_may_gc(Unit *u) {
a354329f 372 UnitActiveState state;
e98b2fbb 373 int r;
5afe510c 374
701cc384
LP		 375 assert(u);
376
f2f725e5
ZJS		 377 /* Checks whether the unit is ready to be unloaded for garbage collection.
378 * Returns true when the unit may be collected, and false if there's some
2641f02e
ZJS		 379 * reason to keep it loaded.
380 *
381 * References from other units are *not* checked here. Instead, this is done
382 * in unit_gc_sweep(), but using markers to properly collect dependency loops.
383 */
5afe510c 384
a354329f 385 if (u->job)
f2f725e5 386 return false;
701cc384 387
a354329f 388 if (u->nop_job)
f2f725e5 389 return false;
6c073082 390
a354329f
LP		 391 state = unit_active_state(u);
392
7eb2a8a1 393 /* If the unit is inactive and failed and no job is queued for it, then release its runtime resources */
a354329f
LP		 394 if (UNIT_IS_INACTIVE_OR_FAILED(state) &&
395 UNIT_VTABLE(u)->release_resources)
7eb2a8a1 396 UNIT_VTABLE(u)->release_resources(u);
a354329f 397
f5869324 398 if (u->perpetual)
f2f725e5 399 return false;
9d576438 400
05a98afd 401 if (sd_bus_track_count(u->bus_track) > 0)
f2f725e5 402 return false;
05a98afd 403
5afe510c
LP		 404 /* But we keep the unit object around for longer when it is referenced or configured to not be gc'ed */
405 switch (u->collect_mode) {
406
407 case COLLECT_INACTIVE:
408 if (state != UNIT_INACTIVE)
f2f725e5 409 return false;
5afe510c
LP		 410
411 break;
412
413 case COLLECT_INACTIVE_OR_FAILED:
414 if (!IN_SET(state, UNIT_INACTIVE, UNIT_FAILED))
f2f725e5 415 return false;
5afe510c
LP		 416
417 break;
418
419 default:
420 assert_not_reached("Unknown garbage collection mode");
421 }
422
e98b2fbb
LP		 423 if (u->cgroup_path) {
424 /* If the unit has a cgroup, then check whether there's anything in it. If so, we should stay
425 * around. Units with active processes should never be collected. */
426
427 r = cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path);
428 if (r < 0)
429 log_unit_debug_errno(u, r, "Failed to determine whether cgroup %s is empty: %m", u->cgroup_path);
430 if (r <= 0)
f2f725e5 431 return false;
e98b2fbb
LP		 432 }
433
f2f725e5
ZJS		 434 if (UNIT_VTABLE(u)->may_gc && !UNIT_VTABLE(u)->may_gc(u))
435 return false;
701cc384 436
f2f725e5 437 return true;
701cc384
LP		 438}
439
87f0e418
LP		 440void unit_add_to_load_queue(Unit *u) {
441 assert(u);
ac155bb8 442 assert(u->type != _UNIT_TYPE_INVALID);
87f0e418 443
ac155bb8 444 if (u->load_state != UNIT_STUB || u->in_load_queue)
87f0e418
LP		 445 return;
446
71fda00f 447 LIST_PREPEND(load_queue, u->manager->load_queue, u);
ac155bb8 448 u->in_load_queue = true;
87f0e418
LP		 449}
450
23a177ef
LP		 451void unit_add_to_cleanup_queue(Unit *u) {
452 assert(u);
453
ac155bb8 454 if (u->in_cleanup_queue)
23a177ef
LP		 455 return;
456
71fda00f 457 LIST_PREPEND(cleanup_queue, u->manager->cleanup_queue, u);
ac155bb8 458 u->in_cleanup_queue = true;
23a177ef
LP		 459}
460
701cc384
LP		 461void unit_add_to_gc_queue(Unit *u) {
462 assert(u);
463
ac155bb8 464 if (u->in_gc_queue || u->in_cleanup_queue)
701cc384
LP		 465 return;
466
f2f725e5 467 if (!unit_may_gc(u))
701cc384
LP		 468 return;
469
c5a97ed1 470 LIST_PREPEND(gc_queue, u->manager->gc_unit_queue, u);
ac155bb8 471 u->in_gc_queue = true;
701cc384
LP		 472}
473
c1e1601e
LP		 474void unit_add_to_dbus_queue(Unit *u) {
475 assert(u);
ac155bb8 476 assert(u->type != _UNIT_TYPE_INVALID);
c1e1601e 477
ac155bb8 478 if (u->load_state == UNIT_STUB || u->in_dbus_queue)
c1e1601e
LP		 479 return;
480
a567261a 481 /* Shortcut things if nobody cares */
8f8f05a9 482 if (sd_bus_track_count(u->manager->subscribed) <= 0 &&
ae572acd 483 sd_bus_track_count(u->bus_track) <= 0 &&
8f8f05a9 484 set_isempty(u->manager->private_buses)) {
ac155bb8 485 u->sent_dbus_new_signal = true;
94b6dfa2
LP		 486 return;
487 }
488
71fda00f 489 LIST_PREPEND(dbus_queue, u->manager->dbus_unit_queue, u);
ac155bb8 490 u->in_dbus_queue = true;
c1e1601e
LP		 491}
492
fda09318 493void unit_submit_to_stop_when_unneeded_queue(Unit *u) {
a3c1168a
LP		 494 assert(u);
495
496 if (u->in_stop_when_unneeded_queue)
497 return;
498
499 if (!u->stop_when_unneeded)
500 return;
501
502 if (!UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u)))
503 return;
504
505 LIST_PREPEND(stop_when_unneeded_queue, u->manager->stop_when_unneeded_queue, u);
506 u->in_stop_when_unneeded_queue = true;
507}
508
15ed3c3a 509static void unit_clear_dependencies(Unit *u) {
87f0e418
LP		 510 assert(u);
511
15ed3c3a
LP		 512 /* Removes all dependencies configured on u and their reverse dependencies. */
513
514 for (Hashmap *deps; (deps = hashmap_steal_first(u->dependencies));) {
87f0e418 515
15ed3c3a
LP		 516 for (Unit *other; (other = hashmap_steal_first_key(deps));) {
517 Hashmap *other_deps;
701cc384 518
15ed3c3a
LP		 519 HASHMAP_FOREACH(other_deps, other->dependencies)
520 hashmap_remove(other_deps, u);
521
522 unit_add_to_gc_queue(other);
523 }
524
525 hashmap_free(deps);
87f0e418
LP		 526 }
527
15ed3c3a 528 u->dependencies = hashmap_free(u->dependencies);
87f0e418
LP		 529}
530
c2756a68
LP		 531static void unit_remove_transient(Unit *u) {
532 char **i;
533
534 assert(u);
535
536 if (!u->transient)
537 return;
538
539 if (u->fragment_path)
3f5e8115 540 (void) unlink(u->fragment_path);
c2756a68
LP		 541
542 STRV_FOREACH(i, u->dropin_paths) {
39591351 543 _cleanup_free_ char *p = NULL, *pp = NULL;
c2756a68 544
39591351
LP		 545 p = dirname_malloc(*i); /* Get the drop-in directory from the drop-in file */
546 if (!p)
547 continue;
548
549 pp = dirname_malloc(p); /* Get the config directory from the drop-in directory */
550 if (!pp)
551 continue;
552
553 /* Only drop transient drop-ins */
554 if (!path_equal(u->manager->lookup_paths.transient, pp))
555 continue;
c2756a68 556
39591351
LP		 557 (void) unlink(*i);
558 (void) rmdir(p);
c2756a68
LP		 559 }
560}
561
a57f7e2c 562static void unit_free_requires_mounts_for(Unit *u) {
eef85c4a 563 assert(u);
a57f7e2c 564
eef85c4a 565 for (;;) {
c2b2df60 566 _cleanup_free_ char *path = NULL;
a57f7e2c 567
eef85c4a
LP		 568 path = hashmap_steal_first_key(u->requires_mounts_for);
569 if (!path)
570 break;
571 else {
572 char s[strlen(path) + 1];
a57f7e2c 573
eef85c4a
LP		 574 PATH_FOREACH_PREFIX_MORE(s, path) {
575 char *y;
576 Set *x;
577
578 x = hashmap_get2(u->manager->units_requiring_mounts_for, s, (void**) &y);
579 if (!x)
580 continue;
a57f7e2c 581
eef85c4a 582 (void) set_remove(x, u);
a57f7e2c 583
eef85c4a
LP		 584 if (set_isempty(x)) {
585 (void) hashmap_remove(u->manager->units_requiring_mounts_for, y);
586 free(y);
587 set_free(x);
588 }
a57f7e2c
LP		 589 }
590 }
591 }
592
eef85c4a 593 u->requires_mounts_for = hashmap_free(u->requires_mounts_for);
a57f7e2c
LP		 594}
595
598459ce
LP		 596static void unit_done(Unit *u) {
597 ExecContext *ec;
598 CGroupContext *cc;
599
600 assert(u);
601
602 if (u->type < 0)
603 return;
604
605 if (UNIT_VTABLE(u)->done)
606 UNIT_VTABLE(u)->done(u);
607
608 ec = unit_get_exec_context(u);
609 if (ec)
610 exec_context_done(ec);
611
612 cc = unit_get_cgroup_context(u);
613 if (cc)
614 cgroup_context_done(cc);
615}
616
75db809a 617Unit* unit_free(Unit *u) {
87f0e418
LP		 618 char *t;
619
c9d5c9c0 620 if (!u)
75db809a 621 return NULL;
87f0e418 622
50fb00b7 623 u->transient_file = safe_fclose(u->transient_file);
4f4afc88 624
2c289ea8 625 if (!MANAGER_IS_RELOADING(u->manager))
c2756a68
LP		 626 unit_remove_transient(u);
627
c1e1601e
LP		 628 bus_unit_send_removed_signal(u);
629
598459ce 630 unit_done(u);
a013b84b 631
50be4f4a 632 unit_dequeue_rewatch_pids(u);
cf9fd508 633
50be4f4a 634 sd_bus_slot_unref(u->match_bus_slot);
05a98afd
LP		 635 sd_bus_track_unref(u->bus_track);
636 u->deserialized_refs = strv_free(u->deserialized_refs);
d9e45bc3 637 u->pending_freezer_message = sd_bus_message_unref(u->pending_freezer_message);
05a98afd 638
a57f7e2c
LP		 639 unit_free_requires_mounts_for(u);
640
90e74a66 641 SET_FOREACH(t, u->aliases)
ac155bb8 642 hashmap_remove_value(u->manager->units, t, u);
4562c355
ZJS		 643 if (u->id)
644 hashmap_remove_value(u->manager->units, u->id, u);
87f0e418 645
4b58153d
LP		 646 if (!sd_id128_is_null(u->invocation_id))
647 hashmap_remove_value(u->manager->units_by_invocation_id, &u->invocation_id, u);
648
97e7d748
MS		 649 if (u->job) {
650 Job *j = u->job;
651 job_uninstall(j);
652 job_free(j);
653 }
964e0949 654
e0209d83
MS		 655 if (u->nop_job) {
656 Job *j = u->nop_job;
657 job_uninstall(j);
658 job_free(j);
659 }
660
15ed3c3a 661 unit_clear_dependencies(u);
964e0949 662
4c591f39
MK		 663 /* A unit is being dropped from the tree, make sure our family is realized properly. Do this after we
664 * detach the unit from slice tree in order to eliminate its effect on controller masks. */
f23ba94d 665 if (UNIT_ISSET(u->slice))
4c591f39 666 unit_add_family_to_cgroup_realize_queue(UNIT_DEREF(u->slice));
fb46fca7 667
adefcf28
LP		 668 if (u->on_console)
669 manager_unref_console(u->manager);
670
3d027d4d
JK		 671
672 fdset_free(u->initial_socket_bind_link_fds);
91ce91c7
JK		 673#if BPF_FRAMEWORK
674 bpf_link_free(u->ipv4_socket_bind_link);
675 bpf_link_free(u->ipv6_socket_bind_link);
676#endif
677
efdb0237 678 unit_release_cgroup(u);
72673e86 679
d3070fbd
LP		 680 if (!MANAGER_IS_RELOADING(u->manager))
681 unit_unlink_state_files(u);
682
00d9ef85
LP		 683 unit_unref_uid_gid(u, false);
684
5269eb6b 685 (void) manager_update_failed_units(u->manager, u, false);
db785129 686 set_remove(u->manager->startup_units, u);
f755e3b7 687
a911bb9a
LP		 688 unit_unwatch_all_pids(u);
689
702a2d8f 690 unit_ref_unset(&u->slice);
7f7d01ed
ZJS		 691 while (u->refs_by_target)
692 unit_ref_unset(u->refs_by_target);
57020a3a 693
ac155bb8 694 if (u->type != _UNIT_TYPE_INVALID)
71fda00f 695 LIST_REMOVE(units_by_type, u->manager->units_by_type[u->type], u);
ef734fd6 696
ac155bb8 697 if (u->in_load_queue)
71fda00f 698 LIST_REMOVE(load_queue, u->manager->load_queue, u);
87f0e418 699
ac155bb8 700 if (u->in_dbus_queue)
71fda00f 701 LIST_REMOVE(dbus_queue, u->manager->dbus_unit_queue, u);
c1e1601e 702
a2d72e26 703 if (u->in_gc_queue)
c5a97ed1 704 LIST_REMOVE(gc_queue, u->manager->gc_unit_queue, u);
701cc384 705
91a6073e
LP		 706 if (u->in_cgroup_realize_queue)
707 LIST_REMOVE(cgroup_realize_queue, u->manager->cgroup_realize_queue, u);
87f0e418 708
09e24654
LP		 709 if (u->in_cgroup_empty_queue)
710 LIST_REMOVE(cgroup_empty_queue, u->manager->cgroup_empty_queue, u);
711
1bdf2790
ZJS		 712 if (u->in_cleanup_queue)
713 LIST_REMOVE(cleanup_queue, u->manager->cleanup_queue, u);
adefcf28 714
19496554
MS		 715 if (u->in_target_deps_queue)
716 LIST_REMOVE(target_deps_queue, u->manager->target_deps_queue, u);
717
a3c1168a
LP		 718 if (u->in_stop_when_unneeded_queue)
719 LIST_REMOVE(stop_when_unneeded_queue, u->manager->stop_when_unneeded_queue, u);
720
6a48d82f
DM		 721 safe_close(u->ip_accounting_ingress_map_fd);
722 safe_close(u->ip_accounting_egress_map_fd);
72673e86 723
6a48d82f
DM		 724 safe_close(u->ipv4_allow_map_fd);
725 safe_close(u->ipv6_allow_map_fd);
726 safe_close(u->ipv4_deny_map_fd);
727 safe_close(u->ipv6_deny_map_fd);
d3070fbd 728
6a48d82f 729 bpf_program_unref(u->ip_bpf_ingress);
aa2b6f1d 730 bpf_program_unref(u->ip_bpf_ingress_installed);
6a48d82f 731 bpf_program_unref(u->ip_bpf_egress);
aa2b6f1d 732 bpf_program_unref(u->ip_bpf_egress_installed);
00d9ef85 733
fab34748
KL		 734 set_free(u->ip_bpf_custom_ingress);
735 set_free(u->ip_bpf_custom_egress);
736 set_free(u->ip_bpf_custom_ingress_installed);
737 set_free(u->ip_bpf_custom_egress_installed);
738
5f8ba20d
JK		 739 hashmap_free(u->bpf_foreign_by_key);
740
084c7007
RG		 741 bpf_program_unref(u->bpf_device_control_installed);
742
a946fa9b
ZJS		 743 condition_free_list(u->conditions);
744 condition_free_list(u->asserts);
f755e3b7 745
ac155bb8 746 free(u->description);
49dbfa7b 747 strv_free(u->documentation);
ac155bb8 748 free(u->fragment_path);
1b64d026 749 free(u->source_path);
ae7a7182 750 strv_free(u->dropin_paths);
ac155bb8 751 free(u->instance);
87f0e418 752
f189ab18 753 free(u->job_timeout_reboot_arg);
6bf0f408
LP		 754 free(u->reboot_arg);
755
4562c355
ZJS		 756 set_free_free(u->aliases);
757 free(u->id);
758
75db809a 759 return mfree(u);
87f0e418
LP		 760}
761
d9e45bc3
MS		 762FreezerState unit_freezer_state(Unit *u) {
763 assert(u);
764
765 return u->freezer_state;
766}
767
768int unit_freezer_state_kernel(Unit *u, FreezerState *ret) {
769 char *values[1] = {};
770 int r;
771
772 assert(u);
773
774 r = cg_get_keyed_attribute(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, "cgroup.events",
775 STRV_MAKE("frozen"), values);
776 if (r < 0)
777 return r;
778
779 r = _FREEZER_STATE_INVALID;
780
781 if (values[0]) {
782 if (streq(values[0], "0"))
783 r = FREEZER_RUNNING;
784 else if (streq(values[0], "1"))
785 r = FREEZER_FROZEN;
786 }
787
788 free(values[0]);
789 *ret = r;
790
791 return 0;
792}
793
87f0e418
LP		 794UnitActiveState unit_active_state(Unit *u) {
795 assert(u);
796
ac155bb8 797 if (u->load_state == UNIT_MERGED)
6124958c
LP		 798 return unit_active_state(unit_follow_merge(u));
799
800 /* After a reload it might happen that a unit is not correctly
801 * loaded but still has a process around. That's why we won't
fdf20a31 802 * shortcut failed loading to UNIT_INACTIVE_FAILED. */
87f0e418
LP		 803
804 return UNIT_VTABLE(u)->active_state(u);
805}
806
10a94420
LP		 807const char* unit_sub_state_to_string(Unit *u) {
808 assert(u);
809
810 return UNIT_VTABLE(u)->sub_state_to_string(u);
811}
812
15ed3c3a 813static int unit_merge_names(Unit *u, Unit *other) {
4562c355 814 char *name;
7c0b05e5 815 int r;
87f0e418 816
23a177ef
LP		 817 assert(u);
818 assert(other);
819
4562c355 820 r = unit_add_alias(u, other->id);
7c0b05e5
MS		 821 if (r < 0)
822 return r;
23a177ef 823
4562c355
ZJS		 824 r = set_move(u->aliases, other->aliases);
825 if (r < 0) {
826 set_remove(u->aliases, other->id);
827 return r;
828 }
23a177ef 829
4562c355
ZJS		 830 TAKE_PTR(other->id);
831 other->aliases = set_free_free(other->aliases);
23a177ef 832
90e74a66 833 SET_FOREACH(name, u->aliases)
4562c355 834 assert_se(hashmap_replace(u->manager->units, name, u) == 0);
7c0b05e5
MS		 835
836 return 0;
87f0e418
LP		 837}
838
15ed3c3a
LP		 839static int unit_reserve_dependencies(Unit *u, Unit *other) {
840 size_t n_reserve;
841 Hashmap* deps;
842 void *d;
843 int r;
09a65f92
MS		 844
845 assert(u);
846 assert(other);
09a65f92 847
15ed3c3a
LP		 848 /* Let's reserve some space in the dependency hashmaps so that later on merging the units cannot
849 * fail.
850 *
851 * First make some room in the per dependency type hashmaps. Using the summed size of both unit's
852 * hashmaps is an estimate that is likely too high since they probably use some of the same
853 * types. But it's never too low, and that's all we need. */
854
855 n_reserve = MIN(hashmap_size(other->dependencies), LESS_BY((size_t) _UNIT_DEPENDENCY_MAX, hashmap_size(u->dependencies)));
856 if (n_reserve > 0) {
857 r = hashmap_ensure_allocated(&u->dependencies, NULL);
858 if (r < 0)
859 return r;
860
861 r = hashmap_reserve(u->dependencies, n_reserve);
862 if (r < 0)
863 return r;
864 }
865
866 /* Now, enlarge our per dependency type hashmaps by the number of entries in the same hashmap of the
867 * other unit's dependencies.
868 *
869 * NB: If u does not have a dependency set allocated for some dependency type, there is no need to
870 * reserve anything for. In that case other's set will be transferred as a whole to u by
871 * complete_move(). */
872
873 HASHMAP_FOREACH_KEY(deps, d, u->dependencies) {
874 Hashmap *other_deps;
875
876 other_deps = hashmap_get(other->dependencies, d);
877
878 r = hashmap_reserve(deps, hashmap_size(other_deps));
879 if (r < 0)
880 return r;
881 }
882
883 return 0;
884}
885
886static void unit_maybe_warn_about_dependency(
887 Unit *u,
888 const char *other_id,
889 UnitDependency dependency) {
890
891 assert(u);
892
893 /* Only warn about some unit types */
894 if (!IN_SET(dependency,
895 UNIT_CONFLICTS,
896 UNIT_CONFLICTED_BY,
897 UNIT_BEFORE,
898 UNIT_AFTER,
899 UNIT_ON_FAILURE,
900 UNIT_TRIGGERS,
901 UNIT_TRIGGERED_BY))
902 return;
903
904 if (streq_ptr(u->id, other_id))
905 log_unit_warning(u, "Dependency %s=%s dropped", unit_dependency_to_string(dependency), u->id);
906 else
907 log_unit_warning(u, "Dependency %s=%s dropped, merged into %s", unit_dependency_to_string(dependency), strna(other_id), u->id);
908}
909
910static int unit_per_dependency_type_hashmap_update(
911 Hashmap *per_type,
912 Unit *other,
913 UnitDependencyMask origin_mask,
914 UnitDependencyMask destination_mask) {
915
916 UnitDependencyInfo info;
917 int r;
918
919 assert(other);
920 assert_cc(sizeof(void*) == sizeof(info));
921
922 /* Acquire the UnitDependencyInfo entry for the Unit* we are interested in, and update it if it
923 * exists, or insert it anew if not. */
09a65f92 924
15ed3c3a
LP		 925 info.data = hashmap_get(per_type, other);
926 if (info.data) {
927 /* Entry already exists. Add in our mask. */
928
929 if (FLAGS_SET(origin_mask, info.origin_mask) &&
930 FLAGS_SET(destination_mask, info.destination_mask))
931 return 0; /* NOP */
932
933 info.origin_mask |= origin_mask;
934 info.destination_mask |= destination_mask;
935
936 r = hashmap_update(per_type, other, info.data);
937 } else {
938 info = (UnitDependencyInfo) {
939 .origin_mask = origin_mask,
940 .destination_mask = destination_mask,
941 };
09a65f92 942
15ed3c3a
LP		 943 r = hashmap_put(per_type, other, info.data);
944 }
945 if (r < 0)
946 return r;
947
948
949 return 1;
09a65f92
MS		 950}
951
15ed3c3a
LP		 952static int unit_add_dependency_hashmap(
953 Hashmap **dependencies,
954 UnitDependency d,
955 Unit *other,
956 UnitDependencyMask origin_mask,
957 UnitDependencyMask destination_mask) {
958
959 Hashmap *per_type;
87f0e418 960 int r;
23a177ef 961
15ed3c3a
LP		 962 assert(dependencies);
963 assert(other);
964 assert(origin_mask < _UNIT_DEPENDENCY_MASK_FULL);
965 assert(destination_mask < _UNIT_DEPENDENCY_MASK_FULL);
966 assert(origin_mask > 0 || destination_mask > 0);
967
968 /* Ensure the top-level dependency hashmap exists that maps UnitDependency → Hashmap(Unit* →
969 * UnitDependencyInfo) */
970 r = hashmap_ensure_allocated(dependencies, NULL);
971 if (r < 0)
972 return r;
973
974 /* Acquire the inner hashmap, that maps Unit* → UnitDependencyInfo, for the specified dependency
975 * type, and if it's missing allocate it and insert it. */
976 per_type = hashmap_get(*dependencies, UNIT_DEPENDENCY_TO_PTR(d));
977 if (!per_type) {
978 per_type = hashmap_new(NULL);
979 if (!per_type)
980 return -ENOMEM;
981
982 r = hashmap_put(*dependencies, UNIT_DEPENDENCY_TO_PTR(d), per_type);
983 if (r < 0) {
984 hashmap_free(per_type);
985 return r;
986 }
987 }
988
989 return unit_per_dependency_type_hashmap_update(per_type, other, origin_mask, destination_mask);
990}
991
992static void unit_merge_dependencies(
993 Unit *u,
994 Unit *other) {
995
996 int r;
eef85c4a 997
23a177ef
LP		 998 assert(u);
999 assert(other);
23a177ef 1000
15ed3c3a
LP		 1001 if (u == other)
1002 return;
1003
1004 for (;;) {
1005 _cleanup_(hashmap_freep) Hashmap *other_deps = NULL;
1006 UnitDependencyInfo di_back;
1007 Unit *back;
1008 void *dt; /* Actually of type UnitDependency, except that we don't bother casting it here,
1009 * since the hashmaps all want it as void pointer. */
1010
1011 /* Let's focus on one dependency type at a time, that 'other' has defined. */
1012 other_deps = hashmap_steal_first_key_and_value(other->dependencies, &dt);
1013 if (!other_deps)
1014 break; /* done! */
1015
1016 /* Now iterate through all dependencies of this dependency type, of 'other'. We refer to the
1017 * referenced units as 'back'. */
1018 HASHMAP_FOREACH_KEY(di_back.data, back, other_deps) {
1019 Hashmap *back_deps;
1020 void *back_dt;
eef85c4a 1021
e66047ff 1022 if (back == u) {
15ed3c3a
LP		 1023 /* This is a dependency pointing back to the unit we want to merge with?
1024 * Suppress it (but warn) */
1025 unit_maybe_warn_about_dependency(u, other->id, UNIT_DEPENDENCY_FROM_PTR(dt));
1026 continue;
1027 }
eef85c4a 1028
15ed3c3a
LP		 1029 /* Now iterate through all deps of 'back', and fix the ones pointing to 'other' to
1030 * point to 'u' instead. */
1031 HASHMAP_FOREACH_KEY(back_deps, back_dt, back->dependencies) {
1032 UnitDependencyInfo di_move;
eef85c4a 1033
15ed3c3a
LP		 1034 di_move.data = hashmap_remove(back_deps, other);
1035 if (!di_move.data)
1036 continue;
eef85c4a 1037
15ed3c3a
LP		 1038 assert_se(unit_per_dependency_type_hashmap_update(
1039 back_deps,
1040 u,
1041 di_move.origin_mask,
1042 di_move.destination_mask) >= 0);
1043 }
1044 }
eef85c4a 1045
15ed3c3a
LP		 1046 /* Now all references towards 'other' of the current type 'dt' are corrected to point to
1047 * 'u'. Lets's now move the deps of type 'dt' from 'other' to 'u'. First, let's try to move
1048 * them per type wholesale. */
1049 r = hashmap_put(u->dependencies, dt, other_deps);
1050 if (r == -EEXIST) {
1051 Hashmap *deps;
eef85c4a 1052
15ed3c3a 1053 /* The target unit already has dependencies of this type, let's then merge this individually. */
eef85c4a 1054
15ed3c3a
LP		 1055 assert_se(deps = hashmap_get(u->dependencies, dt));
1056
1057 for (;;) {
1058 UnitDependencyInfo di_move;
1059
1060 /* Get first dep */
1061 di_move.data = hashmap_steal_first_key_and_value(other_deps, (void**) &back);
1062 if (!di_move.data)
1063 break; /* done */
1064 if (back == u) {
1065 /* Would point back to us, ignore */
1066 unit_maybe_warn_about_dependency(u, other->id, UNIT_DEPENDENCY_FROM_PTR(dt));
1067 continue;
1068 }
23a177ef 1069
15ed3c3a
LP		 1070 assert_se(unit_per_dependency_type_hashmap_update(deps, back, di_move.origin_mask, di_move.destination_mask) >= 0);
1071 }
1072 } else {
1073 assert_se(r >= 0);
1074 TAKE_PTR(other_deps);
e66047ff 1075
15ed3c3a
LP		 1076 if (hashmap_remove(other_deps, u))
1077 unit_maybe_warn_about_dependency(u, other->id, UNIT_DEPENDENCY_FROM_PTR(dt));
1078 }
1079 }
23a177ef 1080
15ed3c3a 1081 other->dependencies = hashmap_free(other->dependencies);
23a177ef
LP		 1082}
1083
1084int unit_merge(Unit *u, Unit *other) {
09a65f92 1085 int r;
87f0e418
LP		 1086
1087 assert(u);
1088 assert(other);
ac155bb8
MS		 1089 assert(u->manager == other->manager);
1090 assert(u->type != _UNIT_TYPE_INVALID);
87f0e418 1091
cc916967
LP		 1092 other = unit_follow_merge(other);
1093
23a177ef
LP		 1094 if (other == u)
1095 return 0;
1096
ac155bb8 1097 if (u->type != other->type)
9e2f7c11
LP		 1098 return -EINVAL;
1099
8a993b61 1100 if (!unit_type_may_alias(u->type)) /* Merging only applies to unit names that support aliases */
934e749e
LP		 1101 return -EEXIST;
1102
ec2ce0c5 1103 if (!IN_SET(other->load_state, UNIT_STUB, UNIT_NOT_FOUND))
23a177ef 1104 return -EEXIST;
87f0e418 1105
d383acad
ZJS		 1106 if (!streq_ptr(u->instance, other->instance))
1107 return -EINVAL;
1108
ac155bb8 1109 if (other->job)
819e213f
LP		 1110 return -EEXIST;
1111
e0209d83
MS		 1112 if (other->nop_job)
1113 return -EEXIST;
1114
fdf20a31 1115 if (!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other)))
819e213f
LP		 1116 return -EEXIST;
1117
15ed3c3a
LP		 1118 /* Make reservations to ensure merge_dependencies() won't fail. We don't rollback reservations if we
1119 * fail. We don't have a way to undo reservations. A reservation is not a leak. */
1120 r = unit_reserve_dependencies(u, other);
1121 if (r < 0)
1122 return r;
09a65f92 1123
87f0e418 1124 /* Merge names */
15ed3c3a 1125 r = unit_merge_names(u, other);
7c0b05e5
MS		 1126 if (r < 0)
1127 return r;
87f0e418 1128
57020a3a 1129 /* Redirect all references */
7f7d01ed
ZJS		 1130 while (other->refs_by_target)
1131 unit_ref_set(other->refs_by_target, other->refs_by_target->source, u);
57020a3a 1132
87f0e418 1133 /* Merge dependencies */
15ed3c3a 1134 unit_merge_dependencies(u, other);
87f0e418 1135
ac155bb8
MS		 1136 other->load_state = UNIT_MERGED;
1137 other->merged_into = u;
23a177ef 1138
3616a49c
LP		 1139 /* If there is still some data attached to the other node, we
1140 * don't need it anymore, and can free it. */
ac155bb8 1141 if (other->load_state != UNIT_STUB)
3616a49c
LP		 1142 if (UNIT_VTABLE(other)->done)
1143 UNIT_VTABLE(other)->done(other);
1144
1145 unit_add_to_dbus_queue(u);
23a177ef
LP		 1146 unit_add_to_cleanup_queue(other);
1147
1148 return 0;
1149}
1150
1151int unit_merge_by_name(Unit *u, const char *name) {
934e749e 1152 _cleanup_free_ char *s = NULL;
23a177ef 1153 Unit *other;
9e2f7c11 1154 int r;
23a177ef 1155
e8630e69
ZJS		 1156 /* Either add name to u, or if a unit with name already exists, merge it with u.
1157 * If name is a template, do the same for name@instance, where instance is u's instance. */
1158
23a177ef
LP		 1159 assert(u);
1160 assert(name);
1161
7410616c 1162 if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) {
ac155bb8 1163 if (!u->instance)
9e2f7c11
LP		 1164 return -EINVAL;
1165
7410616c
LP		 1166 r = unit_name_replace_instance(name, u->instance, &s);
1167 if (r < 0)
1168 return r;
9e2f7c11
LP		 1169
1170 name = s;
1171 }
1172
c2756a68 1173 other = manager_get_unit(u->manager, name);
7410616c
LP		 1174 if (other)
1175 return unit_merge(u, other);
23a177ef 1176
7410616c 1177 return unit_add_name(u, name);
23a177ef
LP		 1178}
1179
1180Unit* unit_follow_merge(Unit *u) {
1181 assert(u);
1182
ac155bb8
MS		 1183 while (u->load_state == UNIT_MERGED)
1184 assert_se(u = u->merged_into);
23a177ef
LP		 1185
1186 return u;
1187}
1188
1189int unit_add_exec_dependencies(Unit *u, ExecContext *c) {
1190 int r;
1191
1192 assert(u);
1193 assert(c);
1194
e1e74614 1195 if (c->working_directory && !c->working_directory_missing_ok) {
eef85c4a 1196 r = unit_require_mounts_for(u, c->working_directory, UNIT_DEPENDENCY_FILE);
36be24c8
ZJS		 1197 if (r < 0)
1198 return r;
1199 }
1200
1201 if (c->root_directory) {
eef85c4a 1202 r = unit_require_mounts_for(u, c->root_directory, UNIT_DEPENDENCY_FILE);
36be24c8
ZJS		 1203 if (r < 0)
1204 return r;
1205 }
1206
915e6d16 1207 if (c->root_image) {
eef85c4a 1208 r = unit_require_mounts_for(u, c->root_image, UNIT_DEPENDENCY_FILE);
915e6d16
LP		 1209 if (r < 0)
1210 return r;
1211 }
1212
12375b95 1213 for (ExecDirectoryType dt = 0; dt < _EXEC_DIRECTORY_TYPE_MAX; dt++) {
ada5e276
YW		 1214 if (!u->manager->prefix[dt])
1215 continue;
1216
12375b95 1217 char **dp;
ada5e276 1218 STRV_FOREACH(dp, c->directories[dt].paths) {
c2b2df60 1219 _cleanup_free_ char *p = NULL;
ada5e276 1220
657ee2d8 1221 p = path_join(u->manager->prefix[dt], *dp);
ada5e276
YW		 1222 if (!p)
1223 return -ENOMEM;
1224
eef85c4a 1225 r = unit_require_mounts_for(u, p, UNIT_DEPENDENCY_FILE);
ada5e276
YW		 1226 if (r < 0)
1227 return r;
1228 }
1229 }
1230
463d0d15 1231 if (!MANAGER_IS_SYSTEM(u->manager))
b46a529c
LP		 1232 return 0;
1233
f3b7a79b
LP		 1234 /* For the following three directory types we need write access, and /var/ is possibly on the root
1235 * fs. Hence order after systemd-remount-fs.service, to ensure things are writable. */
1236 if (!strv_isempty(c->directories[EXEC_DIRECTORY_STATE].paths) ||
1237 !strv_isempty(c->directories[EXEC_DIRECTORY_CACHE].paths) ||
1238 !strv_isempty(c->directories[EXEC_DIRECTORY_LOGS].paths)) {
1239 r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_REMOUNT_FS_SERVICE, true, UNIT_DEPENDENCY_FILE);
1240 if (r < 0)
1241 return r;
1242 }
1243
b46a529c 1244 if (c->private_tmp) {
d71f0505
LP		 1245 const char *p;
1246
1247 FOREACH_STRING(p, "/tmp", "/var/tmp") {
eef85c4a 1248 r = unit_require_mounts_for(u, p, UNIT_DEPENDENCY_FILE);
d71f0505
LP		 1249 if (r < 0)
1250 return r;
1251 }
b46a529c 1252
35d8c19a 1253 r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_TMPFILES_SETUP_SERVICE, true, UNIT_DEPENDENCY_FILE);
b46a529c
LP		 1254 if (r < 0)
1255 return r;
1256 }
1257
33b58dfb
LP		 1258 if (c->root_image) {
1259 /* We need to wait for /dev/loopX to appear when doing RootImage=, hence let's add an
1260 * implicit dependency on udev */
1261
1262 r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_UDEVD_SERVICE, true, UNIT_DEPENDENCY_FILE);
1263 if (r < 0)
1264 return r;
1265 }
1266
52c239d7
LB		 1267 if (!IN_SET(c->std_output,
1268 EXEC_OUTPUT_JOURNAL, EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
f3dc6af2 1269 EXEC_OUTPUT_KMSG, EXEC_OUTPUT_KMSG_AND_CONSOLE) &&
52c239d7
LB		 1270 !IN_SET(c->std_error,
1271 EXEC_OUTPUT_JOURNAL, EXEC_OUTPUT_JOURNAL_AND_CONSOLE,
f3dc6af2 1272 EXEC_OUTPUT_KMSG, EXEC_OUTPUT_KMSG_AND_CONSOLE) &&
91dd5f7c 1273 !c->log_namespace)
23a177ef
LP		 1274 return 0;
1275
91dd5f7c
LP		 1276 /* If syslog or kernel logging is requested (or log namespacing is), make sure our own logging daemon
1277 * is run first. */
1278
1279 if (c->log_namespace) {
dc5437c7 1280 _cleanup_free_ char *socket_unit = NULL, *varlink_socket_unit = NULL;
23a177ef 1281
91dd5f7c
LP		 1282 r = unit_name_build_from_type("systemd-journald", c->log_namespace, UNIT_SOCKET, &socket_unit);
1283 if (r < 0)
1284 return r;
1285
1286 r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_REQUIRES, socket_unit, true, UNIT_DEPENDENCY_FILE);
1287 if (r < 0)
1288 return r;
dc5437c7
LP		 1289
1290 r = unit_name_build_from_type("systemd-journald-varlink", c->log_namespace, UNIT_SOCKET, &varlink_socket_unit);
1291 if (r < 0)
1292 return r;
1293
1294 r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_REQUIRES, varlink_socket_unit, true, UNIT_DEPENDENCY_FILE);
1295 if (r < 0)
1296 return r;
91dd5f7c
LP		 1297 } else
1298 r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_JOURNALD_SOCKET, true, UNIT_DEPENDENCY_FILE);
b46a529c
LP		 1299 if (r < 0)
1300 return r;
23a177ef 1301
87f0e418
LP		 1302 return 0;
1303}
1304
87f0e418
LP		 1305const char *unit_description(Unit *u) {
1306 assert(u);
1307
ac155bb8
MS		 1308 if (u->description)
1309 return u->description;
87f0e418 1310
ac155bb8 1311 return strna(u->id);
87f0e418
LP		 1312}
1313
2a8f53c6
ZJS		 1314const char *unit_status_string(Unit *u) {
1315 assert(u);
1316
1317 if (u->manager->status_unit_format == STATUS_UNIT_FORMAT_NAME && u->id)
1318 return u->id;
1319
1320 return unit_description(u);
1321}
1322
87f0e418 1323/* Common implementation for multiple backends */
c3620770 1324int unit_load_fragment_and_dropin(Unit *u, bool fragment_required) {
23a177ef
LP		 1325 int r;
1326
1327 assert(u);
23a177ef 1328
e48614c4 1329 /* Load a .{service,socket,...} file */
4ad49000
LP		 1330 r = unit_load_fragment(u);
1331 if (r < 0)
23a177ef
LP		 1332 return r;
1333
c3620770
ZJS		 1334 if (u->load_state == UNIT_STUB) {
1335 if (fragment_required)
1336 return -ENOENT;
1337
1338 u->load_state = UNIT_LOADED;
1339 }
23a177ef 1340
9e4ea9cc
ZJS		 1341 /* Load drop-in directory data. If u is an alias, we might be reloading the
1342 * target unit needlessly. But we cannot be sure which drops-ins have already
1343 * been loaded and which not, at least without doing complicated book-keeping,
1344 * so let's always reread all drop-ins. */
c9e06956
ZJS		 1345 r = unit_load_dropin(unit_follow_merge(u));
1346 if (r < 0)
1347 return r;
1348
1349 if (u->source_path) {
1350 struct stat st;
1351
1352 if (stat(u->source_path, &st) >= 0)
1353 u->source_mtime = timespec_load(&st.st_mtim);
1354 else
1355 u->source_mtime = 0;
1356 }
1357
1358 return 0;
23a177ef
LP		 1359}
1360
19496554
MS		 1361void unit_add_to_target_deps_queue(Unit *u) {
1362 Manager *m = u->manager;
1363
1364 assert(u);
1365
1366 if (u->in_target_deps_queue)
1367 return;
1368
1369 LIST_PREPEND(target_deps_queue, m->target_deps_queue, u);
1370 u->in_target_deps_queue = true;
1371}
1372
bba34eed 1373int unit_add_default_target_dependency(Unit *u, Unit *target) {
98bc2000
LP		 1374 assert(u);
1375 assert(target);
1376
ac155bb8 1377 if (target->type != UNIT_TARGET)
98bc2000
LP		 1378 return 0;
1379
35b8ca3a 1380 /* Only add the dependency if both units are loaded, so that
bba34eed 1381 * that loop check below is reliable */
ac155bb8
MS		 1382 if (u->load_state != UNIT_LOADED ||
1383 target->load_state != UNIT_LOADED)
bba34eed
LP		 1384 return 0;
1385
21256a2b
LP		 1386 /* If either side wants no automatic dependencies, then let's
1387 * skip this */
ac155bb8
MS		 1388 if (!u->default_dependencies ||
1389 !target->default_dependencies)
21256a2b
LP		 1390 return 0;
1391
98bc2000 1392 /* Don't create loops */
15ed3c3a 1393 if (unit_has_dependency(target, UNIT_ATOM_BEFORE, u))
98bc2000
LP		 1394 return 0;
1395
eef85c4a 1396 return unit_add_dependency(target, UNIT_AFTER, u, true, UNIT_DEPENDENCY_DEFAULT);
98bc2000
LP		 1397}
1398
e954c9cf
LP		 1399static int unit_add_slice_dependencies(Unit *u) {
1400 assert(u);
b81884e7 1401
35b7ff80 1402 if (!UNIT_HAS_CGROUP_CONTEXT(u))
e954c9cf
LP		 1403 return 0;
1404
eef85c4a
LP		 1405 /* Slice units are implicitly ordered against their parent slices (as this relationship is encoded in the
1406 name), while all other units are ordered based on configuration (as in their case Slice= configures the
1407 relationship). */
f6173cb9 1408 UnitDependencyMask mask = u->type == UNIT_SLICE ? UNIT_DEPENDENCY_IMPLICIT : UNIT_DEPENDENCY_FILE;
eef85c4a 1409
e954c9cf 1410 if (UNIT_ISSET(u->slice))
eef85c4a 1411 return unit_add_two_dependencies(u, UNIT_AFTER, UNIT_REQUIRES, UNIT_DEREF(u->slice), true, mask);
e954c9cf 1412
8c8da0e0 1413 if (unit_has_name(u, SPECIAL_ROOT_SLICE))
d1fab3fe
ZJS		 1414 return 0;
1415
5a724170 1416 return unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_REQUIRES, SPECIAL_ROOT_SLICE, true, mask);
98bc2000
LP		 1417}
1418
e954c9cf 1419static int unit_add_mount_dependencies(Unit *u) {
eef85c4a
LP		 1420 UnitDependencyInfo di;
1421 const char *path;
9588bc32
LP		 1422 int r;
1423
1424 assert(u);
1425
90e74a66 1426 HASHMAP_FOREACH_KEY(di.data, path, u->requires_mounts_for) {
eef85c4a 1427 char prefix[strlen(path) + 1];
9588bc32 1428
eef85c4a 1429 PATH_FOREACH_PREFIX_MORE(prefix, path) {
c7c89abb 1430 _cleanup_free_ char *p = NULL;
9588bc32
LP		 1431 Unit *m;
1432
c7c89abb 1433 r = unit_name_from_path(prefix, ".mount", &p);
9588bc32
LP		 1434 if (r < 0)
1435 return r;
c7c89abb
FB		 1436
1437 m = manager_get_unit(u->manager, p);
1438 if (!m) {
1439 /* Make sure to load the mount unit if
1440 * it exists. If so the dependencies
1441 * on this unit will be added later
1442 * during the loading of the mount
1443 * unit. */
1444 (void) manager_load_unit_prepare(u->manager, p, NULL, NULL, &m);
9588bc32 1445 continue;
c7c89abb 1446 }
9588bc32
LP		 1447 if (m == u)
1448 continue;
1449
1450 if (m->load_state != UNIT_LOADED)
1451 continue;
1452
eef85c4a 1453 r = unit_add_dependency(u, UNIT_AFTER, m, true, di.origin_mask);
9588bc32
LP		 1454 if (r < 0)
1455 return r;
1456
1457 if (m->fragment_path) {
eef85c4a 1458 r = unit_add_dependency(u, UNIT_REQUIRES, m, true, di.origin_mask);
9588bc32
LP		 1459 if (r < 0)
1460 return r;
1461 }
1462 }
1463 }
1464
1465 return 0;
1466}
1467
a2db0225
AZ		 1468static int unit_add_oomd_dependencies(Unit *u) {
1469 CGroupContext *c;
1470 bool wants_oomd;
1471 int r;
1472
1473 assert(u);
1474
1475 if (!u->default_dependencies)
1476 return 0;
1477
1478 c = unit_get_cgroup_context(u);
1479 if (!c)
1480 return 0;
1481
1482 wants_oomd = (c->moom_swap == MANAGED_OOM_KILL || c->moom_mem_pressure == MANAGED_OOM_KILL);
1483 if (!wants_oomd)
1484 return 0;
1485
1486 r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, "systemd-oomd.service", true, UNIT_DEPENDENCY_FILE);
1487 if (r < 0)
1488 return r;
1489
1490 return 0;
1491}
1492
95ae05c0
WC		 1493static int unit_add_startup_units(Unit *u) {
1494 CGroupContext *c;
95ae05c0
WC		 1495
1496 c = unit_get_cgroup_context(u);
db785129
LP		 1497 if (!c)
1498 return 0;
1499
d53d9474 1500 if (c->startup_cpu_shares == CGROUP_CPU_SHARES_INVALID &&
13c31542 1501 c->startup_io_weight == CGROUP_WEIGHT_INVALID &&
d53d9474 1502 c->startup_blockio_weight == CGROUP_BLKIO_WEIGHT_INVALID)
db785129
LP		 1503 return 0;
1504
de7fef4b 1505 return set_ensure_put(&u->manager->startup_units, NULL, u);
95ae05c0
WC		 1506}
1507
87f0e418
LP		 1508int unit_load(Unit *u) {
1509 int r;
1510
1511 assert(u);
1512
ac155bb8 1513 if (u->in_load_queue) {
71fda00f 1514 LIST_REMOVE(load_queue, u->manager->load_queue, u);
ac155bb8 1515 u->in_load_queue = false;
87f0e418
LP		 1516 }
1517
ac155bb8 1518 if (u->type == _UNIT_TYPE_INVALID)
e537352b
LP		 1519 return -EINVAL;
1520
ac155bb8 1521 if (u->load_state != UNIT_STUB)
87f0e418
LP		 1522 return 0;
1523
4f4afc88 1524 if (u->transient_file) {
66fa4bdd
LP		 1525 /* Finalize transient file: if this is a transient unit file, as soon as we reach unit_load() the setup
1526 * is complete, hence let's synchronize the unit file we just wrote to disk. */
1527
4f4afc88
LP		 1528 r = fflush_and_check(u->transient_file);
1529 if (r < 0)
1530 goto fail;
1531
50fb00b7 1532 u->transient_file = safe_fclose(u->transient_file);
f76707da 1533 u->fragment_mtime = now(CLOCK_REALTIME);
4f4afc88
LP		 1534 }
1535
c3784a7d
ZJS		 1536 r = UNIT_VTABLE(u)->load(u);
1537 if (r < 0)
23a177ef 1538 goto fail;
c3784a7d
ZJS		 1539
1540 assert(u->load_state != UNIT_STUB);
23a177ef 1541
7c8fa05c 1542 if (u->load_state == UNIT_LOADED) {
19496554 1543 unit_add_to_target_deps_queue(u);
e954c9cf
LP		 1544
1545 r = unit_add_slice_dependencies(u);
1546 if (r < 0)
1547 goto fail;
c2756a68 1548
e954c9cf 1549 r = unit_add_mount_dependencies(u);
7c8fa05c 1550 if (r < 0)
c2756a68 1551 goto fail;
7c8fa05c 1552
a2db0225
AZ		 1553 r = unit_add_oomd_dependencies(u);
1554 if (r < 0)
1555 goto fail;
1556
95ae05c0
WC		 1557 r = unit_add_startup_units(u);
1558 if (r < 0)
1559 goto fail;
1560
15ed3c3a
LP		 1561 if (u->on_failure_job_mode == JOB_ISOLATE) {
1562 Unit *other, *found = NULL;
1563
1564 UNIT_FOREACH_DEPENDENCY(other, u, UNIT_ATOM_ON_FAILURE) {
1565 if (!found)
1566 found = other;
1567 else if (found != other) {
1568 r = log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOEXEC),
1569 "More than one OnFailure= dependencies specified but OnFailureJobMode=isolate set. Refusing.");
1570 goto fail;
1571 }
1572 }
c2756a68 1573 }
bc432dc7 1574
a2df3ea4
MK		 1575 if (u->job_running_timeout != USEC_INFINITY && u->job_running_timeout > u->job_timeout)
1576 log_unit_warning(u, "JobRunningTimeoutSec= is greater than JobTimeoutSec=, it has no effect.");
1577
5af88058
LP		 1578 /* We finished loading, let's ensure our parents recalculate the members mask */
1579 unit_invalidate_cgroup_members_masks(u);
f68319bb
LP		 1580 }
1581
ac155bb8 1582 assert((u->load_state != UNIT_MERGED) == !u->merged_into);
23a177ef
LP		 1583
1584 unit_add_to_dbus_queue(unit_follow_merge(u));
701cc384 1585 unit_add_to_gc_queue(u);
f561e8c6 1586 (void) manager_varlink_send_managed_oom_update(u);
87f0e418 1587
87f0e418
LP		 1588 return 0;
1589
1590fail:
81be2388
ZJS		 1591 /* We convert ENOEXEC errors to the UNIT_BAD_SETTING load state here. Configuration parsing code
1592 * should hence return ENOEXEC to ensure units are placed in this state after loading. */
c4555ad8
LP		 1593
1594 u->load_state = u->load_state == UNIT_STUB ? UNIT_NOT_FOUND :
1595 r == -ENOEXEC ? UNIT_BAD_SETTING :
1596 UNIT_ERROR;
ac155bb8 1597 u->load_error = r;
c4555ad8 1598
c149d2b4
ZJS		 1599 /* Record the timestamp on the cache, so that if the cache gets updated between now and the next time
1600 * an attempt is made to load this unit, we know we need to check again. */
7233e91a 1601 if (u->load_state == UNIT_NOT_FOUND)
c2911d48 1602 u->fragment_not_found_timestamp_hash = u->manager->unit_cache_timestamp_hash;
7233e91a 1603
c1e1601e 1604 unit_add_to_dbus_queue(u);
9a46fc3b 1605 unit_add_to_gc_queue(u);
23a177ef 1606
c4555ad8 1607 return log_unit_debug_errno(u, r, "Failed to load configuration: %m");
87f0e418
LP		 1608}
1609
f9f88198
YW		 1610_printf_(7, 8)
1611static int log_unit_internal(void *userdata, int level, int error, const char *file, int line, const char *func, const char *format, ...) {
1612 Unit *u = userdata;
1613 va_list ap;
1614 int r;
49365733 1615
c2503e35
RH		 1616 if (u && !unit_log_level_test(u, level))
1617 return -ERRNO_VALUE(error);
1618
f9f88198
YW		 1619 va_start(ap, format);
1620 if (u)
1621 r = log_object_internalv(level, error, file, line, func,
1622 u->manager->unit_log_field,
1623 u->id,
1624 u->manager->invocation_log_field,
1625 u->invocation_id_string,
1626 format, ap);
1627 else
1628 r = log_internalv(level, error, file, line, func, format, ap);
1629 va_end(ap);
49365733 1630
f9f88198 1631 return r;
49365733
LP		 1632}
1633
97a3f4ee 1634static bool unit_test_condition(Unit *u) {
a0b191b7
LP		 1635 _cleanup_strv_free_ char **env = NULL;
1636 int r;
1637
90bbc946
LP		 1638 assert(u);
1639
ac155bb8 1640 dual_timestamp_get(&u->condition_timestamp);
90bbc946 1641
a0b191b7
LP		 1642 r = manager_get_effective_environment(u->manager, &env);
1643 if (r < 0) {
1644 log_unit_error_errno(u, r, "Failed to determine effective environment: %m");
1645 u->condition_result = CONDITION_ERROR;
1646 } else
1647 u->condition_result = condition_test_list(
1648 u->conditions,
1649 env,
1650 condition_type_to_string,
1651 log_unit_internal,
1652 u);
e18f8852 1653
a0b191b7 1654 unit_add_to_dbus_queue(u);
ac155bb8 1655 return u->condition_result;
90bbc946
LP		 1656}
1657
97a3f4ee 1658static bool unit_test_assert(Unit *u) {
a0b191b7
LP		 1659 _cleanup_strv_free_ char **env = NULL;
1660 int r;
1661
59fccdc5
LP		 1662 assert(u);
1663
1664 dual_timestamp_get(&u->assert_timestamp);
59fccdc5 1665
a0b191b7
LP		 1666 r = manager_get_effective_environment(u->manager, &env);
1667 if (r < 0) {
1668 log_unit_error_errno(u, r, "Failed to determine effective environment: %m");
1669 u->assert_result = CONDITION_ERROR;
1670 } else
1671 u->assert_result = condition_test_list(
1672 u->asserts,
1673 env,
1674 assert_type_to_string,
1675 log_unit_internal,
1676 u);
e18f8852 1677
a0b191b7 1678 unit_add_to_dbus_queue(u);
59fccdc5
LP		 1679 return u->assert_result;
1680}
1681
5bcf34eb 1682void unit_status_printf(Unit *u, StatusType status_type, const char *status, const char *unit_status_msg_format) {
5b262f74
LP		 1683 const char *d;
1684
2a8f53c6 1685 d = unit_status_string(u);
5b262f74
LP		 1686 if (log_get_show_color())
1687 d = strjoina(ANSI_HIGHLIGHT, d, ANSI_NORMAL);
1688
df446f96 1689 DISABLE_WARNING_FORMAT_NONLITERAL;
5bcf34eb 1690 manager_status_printf(u->manager, status_type, status, unit_status_msg_format, d);
df446f96
LP		 1691 REENABLE_WARNING;
1692}
1693
97a3f4ee 1694int unit_test_start_limit(Unit *u) {
429926e9
TR		 1695 const char *reason;
1696
6bf0f408
LP		 1697 assert(u);
1698
7bf081a1 1699 if (ratelimit_below(&u->start_ratelimit)) {
6bf0f408
LP		 1700 u->start_limit_hit = false;
1701 return 0;
1702 }
1703
1704 log_unit_warning(u, "Start request repeated too quickly.");
1705 u->start_limit_hit = true;
1706
429926e9
TR		 1707 reason = strjoina("unit ", u->id, " failed");
1708
36c4dc08
LP		 1709 emergency_action(u->manager, u->start_limit_action,
1710 EMERGENCY_ACTION_IS_WATCHDOG|EMERGENCY_ACTION_WARN,
1711 u->reboot_arg, -1, reason);
1712
1713 return -ECANCELED;
6bf0f408
LP		 1714}
1715
c891efaf 1716bool unit_shall_confirm_spawn(Unit *u) {
631b676b 1717 assert(u);
c891efaf
FB		 1718
1719 if (manager_is_confirm_spawn_disabled(u->manager))
1720 return false;
1721
1722 /* For some reasons units remaining in the same process group
1723 * as PID 1 fail to acquire the console even if it's not used
1724 * by any process. So skip the confirmation question for them. */
1725 return !unit_get_exec_context(u)->same_pgrp;
1726}
1727
631b676b
LP		 1728static bool unit_verify_deps(Unit *u) {
1729 Unit *other;
631b676b
LP		 1730
1731 assert(u);
1732
1733 /* Checks whether all BindsTo= dependencies of this unit are fulfilled — if they are also combined with
1734 * After=. We do not check Requires= or Requisite= here as they only should have an effect on the job
1735 * processing, but do not have any effect afterwards. We don't check BindsTo= dependencies that are not used in
1736 * conjunction with After= as for them any such check would make things entirely racy. */
1737
15ed3c3a 1738 UNIT_FOREACH_DEPENDENCY(other, u, UNIT_ATOM_CANNOT_BE_ACTIVE_WITHOUT) {
631b676b 1739
15ed3c3a 1740 if (!unit_has_dependency(u, UNIT_ATOM_AFTER, other))
631b676b
LP		 1741 continue;
1742
1743 if (!UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(other))) {
1744 log_unit_notice(u, "Bound to unit %s, but unit isn't active.", other->id);
1745 return false;
1746 }
1747 }
1748
1749 return true;
1750}
1751
9adb6959 1752/* Errors that aren't really errors:
6bf0f408 1753 * -EALREADY: Unit is already started.
9adb6959 1754 * -ECOMM: Condition failed
6bf0f408 1755 * -EAGAIN: An operation is already in progress. Retry later.
9adb6959
LP		 1756 *
1757 * Errors that are real errors:
1758 * -EBADR: This unit type does not support starting.
2de9b979 1759 * -ECANCELED: Start limit hit, too many requests for now
6bf0f408
LP		 1760 * -EPROTO: Assert failed
1761 * -EINVAL: Unit not loaded
1762 * -EOPNOTSUPP: Unit type not supported
631b676b 1763 * -ENOLINK: The necessary dependencies are not fulfilled.
d4fd1cf2 1764 * -ESTALE: This unit has been started before and can't be started a second time
a4191c9f 1765 * -ENOENT: This is a triggering unit and unit to trigger is not loaded
87f0e418
LP		 1766 */
1767int unit_start(Unit *u) {
1768 UnitActiveState state;
92ab323c 1769 Unit *following;
87f0e418
LP		 1770
1771 assert(u);
1772
5766aca8
LP		 1773 /* If this is already started, then this will succeed. Note that this will even succeed if this unit
1774 * is not startable by the user. This is relied on to detect when we need to wait for units and when
1775 * waiting is finished. */
87f0e418
LP		 1776 state = unit_active_state(u);
1777 if (UNIT_IS_ACTIVE_OR_RELOADING(state))
1778 return -EALREADY;
380dc8b0
LP		 1779 if (state == UNIT_MAINTENANCE)
1780 return -EAGAIN;
87f0e418 1781
6bf0f408
LP		 1782 /* Units that aren't loaded cannot be started */
1783 if (u->load_state != UNIT_LOADED)
1784 return -EINVAL;
1785
d4fd1cf2
LP		 1786 /* Refuse starting scope units more than once */
1787 if (UNIT_VTABLE(u)->once_only && dual_timestamp_is_set(&u->inactive_enter_timestamp))
1788 return -ESTALE;
1789
5766aca8
LP		 1790 /* If the conditions failed, don't do anything at all. If we already are activating this call might
1791 * still be useful to speed up activation in case there is some hold-off time, but we don't want to
1792 * recheck the condition in that case. */
a82e5507 1793 if (state != UNIT_ACTIVATING &&
5af6aa58 1794 !unit_test_condition(u))
5766aca8 1795 return log_unit_debug_errno(u, SYNTHETIC_ERRNO(ECOMM), "Starting requested but condition failed. Not starting unit.");
52661efd 1796
59fccdc5
LP		 1797 /* If the asserts failed, fail the entire job */
1798 if (state != UNIT_ACTIVATING &&
5766aca8
LP		 1799 !unit_test_assert(u))
1800 return log_unit_notice_errno(u, SYNTHETIC_ERRNO(EPROTO), "Starting requested but asserts failed.");
59fccdc5 1801
5766aca8
LP		 1802 /* Units of types that aren't supported cannot be started. Note that we do this test only after the
1803 * condition checks, so that we rather return condition check errors (which are usually not
1804 * considered a true failure) than "not supported" errors (which are considered a failure).
d11a7645 1805 */
96cf3ec9 1806 if (!unit_type_supported(u->type))
d11a7645
LP		 1807 return -EOPNOTSUPP;
1808
5766aca8
LP		 1809 /* Let's make sure that the deps really are in order before we start this. Normally the job engine
1810 * should have taken care of this already, but let's check this here again. After all, our
1811 * dependencies might not be in effect anymore, due to a reload or due to a failed condition. */
631b676b
LP		 1812 if (!unit_verify_deps(u))
1813 return -ENOLINK;
1814
92ab323c 1815 /* Forward to the main object, if we aren't it. */
52990c2e
ZJS		 1816 following = unit_following(u);
1817 if (following) {
f2341e0a 1818 log_unit_debug(u, "Redirecting start request from %s to %s.", u->id, following->id);
92ab323c
LP		 1819 return unit_start(following);
1820 }
1821
1822 /* If it is stopped, but we cannot start it, then fail */
1823 if (!UNIT_VTABLE(u)->start)
1824 return -EBADR;
1825
5766aca8
LP		 1826 /* We don't suppress calls to ->start() here when we are already starting, to allow this request to
1827 * be used as a "hurry up" call, for example when the unit is in some "auto restart" state where it
1828 * waits for a holdoff timer to elapse before it will start again. */
87f0e418 1829
c1e1601e 1830 unit_add_to_dbus_queue(u);
d9e45bc3 1831 unit_cgroup_freezer_action(u, FREEZER_THAW);
9e58ff9c 1832
d1a34ae9 1833 return UNIT_VTABLE(u)->start(u);
87f0e418
LP		 1834}
1835
1836bool unit_can_start(Unit *u) {
1837 assert(u);
1838
8ff4d2ab
LP		 1839 if (u->load_state != UNIT_LOADED)
1840 return false;
1841
96cf3ec9 1842 if (!unit_type_supported(u->type))
8ff4d2ab
LP		 1843 return false;
1844
d4fd1cf2
LP		 1845 /* Scope units may be started only once */
1846 if (UNIT_VTABLE(u)->once_only && dual_timestamp_is_set(&u->inactive_exit_timestamp))
1847 return false;
1848
87f0e418
LP		 1849 return !!UNIT_VTABLE(u)->start;
1850}
1851
2528a7a6
LP		 1852bool unit_can_isolate(Unit *u) {
1853 assert(u);
1854
1855 return unit_can_start(u) &&
ac155bb8 1856 u->allow_isolate;
2528a7a6
LP		 1857}
1858
87f0e418
LP		 1859/* Errors:
1860 * -EBADR: This unit type does not support stopping.
1861 * -EALREADY: Unit is already stopped.
1862 * -EAGAIN: An operation is already in progress. Retry later.
1863 */
1864int unit_stop(Unit *u) {
1865 UnitActiveState state;
92ab323c 1866 Unit *following;
87f0e418
LP		 1867
1868 assert(u);
1869
87f0e418 1870 state = unit_active_state(u);
fdf20a31 1871 if (UNIT_IS_INACTIVE_OR_FAILED(state))
87f0e418
LP		 1872 return -EALREADY;
1873
0faacd47
LP		 1874 following = unit_following(u);
1875 if (following) {
f2341e0a 1876 log_unit_debug(u, "Redirecting stop request from %s to %s.", u->id, following->id);
92ab323c
LP		 1877 return unit_stop(following);
1878 }
1879
7898b0cf
LP		 1880 if (!UNIT_VTABLE(u)->stop)
1881 return -EBADR;
1882
c1e1601e 1883 unit_add_to_dbus_queue(u);
d9e45bc3 1884 unit_cgroup_freezer_action(u, FREEZER_THAW);
9e58ff9c 1885
d1a34ae9 1886 return UNIT_VTABLE(u)->stop(u);
87f0e418
LP		 1887}
1888
f5869324
LP		 1889bool unit_can_stop(Unit *u) {
1890 assert(u);
1891
39c79477
ZJS		 1892 /* Note: if we return true here, it does not mean that the unit may be successfully stopped.
1893 * Extrinsic units follow external state and they may stop following external state changes
1894 * (hence we return true here), but an attempt to do this through the manager will fail. */
1895
96cf3ec9 1896 if (!unit_type_supported(u->type))
f5869324
LP		 1897 return false;
1898
1899 if (u->perpetual)
1900 return false;
1901
1902 return !!UNIT_VTABLE(u)->stop;
1903}
1904
87f0e418
LP		 1905/* Errors:
1906 * -EBADR: This unit type does not support reloading.
1907 * -ENOEXEC: Unit is not started.
1908 * -EAGAIN: An operation is already in progress. Retry later.
1909 */
1910int unit_reload(Unit *u) {
1911 UnitActiveState state;
92ab323c 1912 Unit *following;
87f0e418
LP		 1913
1914 assert(u);
1915
ac155bb8 1916 if (u->load_state != UNIT_LOADED)
6124958c
LP		 1917 return -EINVAL;
1918
87f0e418
LP		 1919 if (!unit_can_reload(u))
1920 return -EBADR;
1921
1922 state = unit_active_state(u);
e364ad06 1923 if (state == UNIT_RELOADING)
6255af75 1924 return -EAGAIN;
87f0e418 1925
d85ff944
YW		 1926 if (state != UNIT_ACTIVE)
1927 return log_unit_warning_errno(u, SYNTHETIC_ERRNO(ENOEXEC), "Unit cannot be reloaded because it is inactive.");
87f0e418 1928
e48614c4
ZJS		 1929 following = unit_following(u);
1930 if (following) {
f2341e0a 1931 log_unit_debug(u, "Redirecting reload request from %s to %s.", u->id, following->id);
92ab323c
LP		 1932 return unit_reload(following);
1933 }
1934
c1e1601e 1935 unit_add_to_dbus_queue(u);
82a2b6bb 1936
f54bcca5
JR		 1937 if (!UNIT_VTABLE(u)->reload) {
1938 /* Unit doesn't have a reload function, but we need to propagate the reload anyway */
2ad2e41a 1939 unit_notify(u, unit_active_state(u), unit_active_state(u), 0);
f54bcca5
JR		 1940 return 0;
1941 }
1942
d9e45bc3
MS		 1943 unit_cgroup_freezer_action(u, FREEZER_THAW);
1944
d1a34ae9 1945 return UNIT_VTABLE(u)->reload(u);
87f0e418
LP		 1946}
1947
1948bool unit_can_reload(Unit *u) {
1949 assert(u);
1950
f54bcca5
JR		 1951 if (UNIT_VTABLE(u)->can_reload)
1952 return UNIT_VTABLE(u)->can_reload(u);
87f0e418 1953
15ed3c3a 1954 if (unit_has_dependency(u, UNIT_ATOM_PROPAGATES_RELOAD_TO, NULL))
87f0e418
LP		 1955 return true;
1956
f54bcca5 1957 return UNIT_VTABLE(u)->reload;
87f0e418
LP		 1958}
1959
a3c1168a 1960bool unit_is_unneeded(Unit *u) {
15ed3c3a 1961 Unit *other;
f3bff0eb
LP		 1962 assert(u);
1963
ac155bb8 1964 if (!u->stop_when_unneeded)
a3c1168a 1965 return false;
f3bff0eb 1966
a3c1168a
LP		 1967 /* Don't clean up while the unit is transitioning or is even inactive. */
1968 if (!UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u)))
1969 return false;
1970 if (u->job)
1971 return false;
f3bff0eb 1972
15ed3c3a 1973 UNIT_FOREACH_DEPENDENCY(other, u, UNIT_ATOM_PINS_STOP_WHEN_UNNEEDED) {
fda09318 1974 /* If a dependent unit has a job queued, is active or transitioning, or is marked for
a3c1168a 1975 * restart, then don't clean this one up. */
b81884e7 1976
15ed3c3a
LP		 1977 if (other->job)
1978 return false;
a3c1168a 1979
15ed3c3a
LP		 1980 if (!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other)))
1981 return false;
a3c1168a 1982
15ed3c3a
LP		 1983 if (unit_will_restart(other))
1984 return false;
bea355da
LP		 1985 }
1986
a3c1168a
LP		 1987 return true;
1988}
f3bff0eb 1989
a3c1168a 1990static void check_unneeded_dependencies(Unit *u) {
15ed3c3a 1991 Unit *other;
a3c1168a
LP		 1992 assert(u);
1993
1994 /* Add all units this unit depends on to the queue that processes StopWhenUnneeded= behaviour. */
1995
15ed3c3a
LP		 1996 UNIT_FOREACH_DEPENDENCY(other, u, UNIT_ATOM_ADD_STOP_WHEN_UNNEEDED_QUEUE)
1997 unit_submit_to_stop_when_unneeded_queue(other);
f3bff0eb
LP		 1998}
1999
ff502445 2000static void unit_check_binds_to(Unit *u) {
4afd3348 2001 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
ff502445
LP		 2002 bool stop = false;
2003 Unit *other;
67bfdc97 2004 int r;
ff502445
LP		 2005
2006 assert(u);
2007
2008 if (u->job)
2009 return;
2010
2011 if (unit_active_state(u) != UNIT_ACTIVE)
2012 return;
2013
15ed3c3a 2014 UNIT_FOREACH_DEPENDENCY(other, u, UNIT_ATOM_CANNOT_BE_ACTIVE_WITHOUT) {
ff502445
LP		 2015 if (other->job)
2016 continue;
13ddc3fc
ZJS		 2017
2018 if (!other->coldplugged)
2019 /* We might yet create a job for the other unit… */
2020 continue;
ff502445
LP		 2021
2022 if (!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other)))
2023 continue;
2024
2025 stop = true;
98f738b6 2026 break;
ff502445
LP		 2027 }
2028
2029 if (!stop)
2030 return;
2031
595bfe7d 2032 /* If stopping a unit fails continuously we might enter a stop
67bfdc97
LP		 2033 * loop here, hence stop acting on the service being
2034 * unnecessary after a while. */
7994ac1d 2035 if (!ratelimit_below(&u->auto_stop_ratelimit)) {
67bfdc97
LP		 2036 log_unit_warning(u, "Unit is bound to inactive unit %s, but not stopping since we tried this too often recently.", other->id);
2037 return;
2038 }
2039
98f738b6 2040 assert(other);
f2341e0a 2041 log_unit_info(u, "Unit is bound to inactive unit %s. Stopping, too.", other->id);
ff502445
LP		 2042
2043 /* A unit we need to run is gone. Sniff. Let's stop this. */
50cbaba4 2044 r = manager_add_job(u->manager, JOB_STOP, u, JOB_FAIL, NULL, &error, NULL);
67bfdc97 2045 if (r < 0)
4bd29fe5 2046 log_unit_warning_errno(u, r, "Failed to enqueue stop job, ignoring: %s", bus_error_message(&error, r));
ff502445
LP		 2047}
2048
87f0e418 2049static void retroactively_start_dependencies(Unit *u) {
87f0e418
LP		 2050 Unit *other;
2051
2052 assert(u);
2053 assert(UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(u)));
2054
15ed3c3a
LP		 2055 UNIT_FOREACH_DEPENDENCY(other, u, UNIT_ATOM_RETROACTIVE_START_REPLACE) /* Requires= + BindsTo= */
2056 if (!unit_has_dependency(u, UNIT_ATOM_AFTER, other) &&
b81884e7 2057 !UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(other)))
50cbaba4 2058 manager_add_job(u->manager, JOB_START, other, JOB_REPLACE, NULL, NULL, NULL);
b81884e7 2059
15ed3c3a
LP		 2060 UNIT_FOREACH_DEPENDENCY(other, u, UNIT_ATOM_RETROACTIVE_START_FAIL) /* Wants= */
2061 if (!unit_has_dependency(u, UNIT_ATOM_AFTER, other) &&
b81884e7 2062 !UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(other)))
50cbaba4 2063 manager_add_job(u->manager, JOB_START, other, JOB_FAIL, NULL, NULL, NULL);
87f0e418 2064
15ed3c3a 2065 UNIT_FOREACH_DEPENDENCY(other, u, UNIT_ATOM_RETROACTIVE_STOP_ON_START) /* Conflicts= (and inverse) */
b81884e7 2066 if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
50cbaba4 2067 manager_add_job(u->manager, JOB_STOP, other, JOB_REPLACE, NULL, NULL, NULL);
87f0e418
LP		 2068}
2069
2070static void retroactively_stop_dependencies(Unit *u) {
87f0e418
LP		 2071 Unit *other;
2072
2073 assert(u);
2074 assert(UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(u)));
2075
b81884e7 2076 /* Pull down units which are bound to us recursively if enabled */
15ed3c3a 2077 UNIT_FOREACH_DEPENDENCY(other, u, UNIT_ATOM_RETROACTIVE_STOP_ON_STOP) /* BoundBy= */
b81884e7 2078 if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
50cbaba4 2079 manager_add_job(u->manager, JOB_STOP, other, JOB_REPLACE, NULL, NULL, NULL);
cd0504d0
MS		 2080}
2081
3ecaa09b 2082void unit_start_on_failure(Unit *u) {
15ed3c3a 2083 bool logged = false;
c0daa706 2084 Unit *other;
7f66b026 2085 int r;
c0daa706
LP		 2086
2087 assert(u);
2088
15ed3c3a 2089 UNIT_FOREACH_DEPENDENCY(other, u, UNIT_ATOM_ON_FAILURE) {
7f66b026 2090 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
222ae6a8 2091
15ed3c3a
LP		 2092 if (!logged) {
2093 log_unit_info(u, "Triggering OnFailure= dependencies.");
2094 logged = true;
2095 }
2096
50cbaba4 2097 r = manager_add_job(u->manager, JOB_START, other, u->on_failure_job_mode, NULL, &error, NULL);
c1b6628d 2098 if (r < 0)
7f66b026 2099 log_unit_warning_errno(u, r, "Failed to enqueue OnFailure= job, ignoring: %s", bus_error_message(&error, r));
222ae6a8 2100 }
c0daa706
LP		 2101}
2102
3ecaa09b
LP		 2103void unit_trigger_notify(Unit *u) {
2104 Unit *other;
3ecaa09b
LP		 2105
2106 assert(u);
2107
15ed3c3a 2108 UNIT_FOREACH_DEPENDENCY(other, u, UNIT_ATOM_TRIGGERED_BY)
3ecaa09b
LP		 2109 if (UNIT_VTABLE(other)->trigger_notify)
2110 UNIT_VTABLE(other)->trigger_notify(other, u);
2111}
2112
37109b85
ZJS		 2113static int raise_level(int log_level, bool condition_info, bool condition_notice) {
2114 if (condition_notice && log_level > LOG_NOTICE)
2115 return LOG_NOTICE;
2116 if (condition_info && log_level > LOG_INFO)
2117 return LOG_INFO;
2118 return log_level;
2119}
2120
915b1d01 2121static int unit_log_resources(Unit *u) {
bc40a20e
LP		 2122 struct iovec iovec[1 + _CGROUP_IP_ACCOUNTING_METRIC_MAX + _CGROUP_IO_ACCOUNTING_METRIC_MAX + 4];
2123 bool any_traffic = false, have_ip_accounting = false, any_io = false, have_io_accounting = false;
2124 _cleanup_free_ char *igress = NULL, *egress = NULL, *rr = NULL, *wr = NULL;
162392b7 2125 int log_level = LOG_DEBUG; /* May be raised if resources consumed over a threshold */
915b1d01 2126 size_t n_message_parts = 0, n_iovec = 0;
bc40a20e 2127 char* message_parts[1 + 2 + 2 + 1], *t;
915b1d01 2128 nsec_t nsec = NSEC_INFINITY;
915b1d01
LP		 2129 int r;
2130 const char* const ip_fields[_CGROUP_IP_ACCOUNTING_METRIC_MAX] = {
2131 [CGROUP_IP_INGRESS_BYTES] = "IP_METRIC_INGRESS_BYTES",
2132 [CGROUP_IP_INGRESS_PACKETS] = "IP_METRIC_INGRESS_PACKETS",
2133 [CGROUP_IP_EGRESS_BYTES] = "IP_METRIC_EGRESS_BYTES",
2134 [CGROUP_IP_EGRESS_PACKETS] = "IP_METRIC_EGRESS_PACKETS",
2135 };
bc40a20e
LP		 2136 const char* const io_fields[_CGROUP_IO_ACCOUNTING_METRIC_MAX] = {
2137 [CGROUP_IO_READ_BYTES] = "IO_METRIC_READ_BYTES",
2138 [CGROUP_IO_WRITE_BYTES] = "IO_METRIC_WRITE_BYTES",
2139 [CGROUP_IO_READ_OPERATIONS] = "IO_METRIC_READ_OPERATIONS",
2140 [CGROUP_IO_WRITE_OPERATIONS] = "IO_METRIC_WRITE_OPERATIONS",
2141 };
915b1d01
LP		 2142
2143 assert(u);
2144
2145 /* Invoked whenever a unit enters failed or dead state. Logs information about consumed resources if resource
2146 * accounting was enabled for a unit. It does this in two ways: a friendly human readable string with reduced
2147 * information and the complete data in structured fields. */
2148
2149 (void) unit_get_cpu_usage(u, &nsec);
2150 if (nsec != NSEC_INFINITY) {
2151 char buf[FORMAT_TIMESPAN_MAX] = "";
2152
2153 /* Format the CPU time for inclusion in the structured log message */
2154 if (asprintf(&t, "CPU_USAGE_NSEC=%" PRIu64, nsec) < 0) {
2155 r = log_oom();
2156 goto finish;
2157 }
2158 iovec[n_iovec++] = IOVEC_MAKE_STRING(t);
2159
2160 /* Format the CPU time for inclusion in the human language message string */
2161 format_timespan(buf, sizeof(buf), nsec / NSEC_PER_USEC, USEC_PER_MSEC);
ec9d636b 2162 t = strjoin("consumed ", buf, " CPU time");
915b1d01
LP		 2163 if (!t) {
2164 r = log_oom();
2165 goto finish;
2166 }
2167
2168 message_parts[n_message_parts++] = t;
37109b85
ZJS		 2169
2170 log_level = raise_level(log_level,
2171 nsec > NOTICEWORTHY_CPU_NSEC,
2172 nsec > MENTIONWORTHY_CPU_NSEC);
915b1d01
LP		 2173 }
2174
bc40a20e
LP		 2175 for (CGroupIOAccountingMetric k = 0; k < _CGROUP_IO_ACCOUNTING_METRIC_MAX; k++) {
2176 char buf[FORMAT_BYTES_MAX] = "";
2177 uint64_t value = UINT64_MAX;
2178
2179 assert(io_fields[k]);
2180
2181 (void) unit_get_io_accounting(u, k, k > 0, &value);
2182 if (value == UINT64_MAX)
2183 continue;
2184
2185 have_io_accounting = true;
2186 if (value > 0)
2187 any_io = true;
2188
2189 /* Format IO accounting data for inclusion in the structured log message */
2190 if (asprintf(&t, "%s=%" PRIu64, io_fields[k], value) < 0) {
2191 r = log_oom();
2192 goto finish;
2193 }
2194 iovec[n_iovec++] = IOVEC_MAKE_STRING(t);
2195
2196 /* Format the IO accounting data for inclusion in the human language message string, but only
2197 * for the bytes counters (and not for the operations counters) */
2198 if (k == CGROUP_IO_READ_BYTES) {
2199 assert(!rr);
2200 rr = strjoin("read ", format_bytes(buf, sizeof(buf), value), " from disk");
2201 if (!rr) {
2202 r = log_oom();
2203 goto finish;
2204 }
2205 } else if (k == CGROUP_IO_WRITE_BYTES) {
2206 assert(!wr);
2207 wr = strjoin("written ", format_bytes(buf, sizeof(buf), value), " to disk");
2208 if (!wr) {
2209 r = log_oom();
2210 goto finish;
2211 }
2212 }
37109b85
ZJS		 2213
2214 if (IN_SET(k, CGROUP_IO_READ_BYTES, CGROUP_IO_WRITE_BYTES))
2215 log_level = raise_level(log_level,
2216 value > MENTIONWORTHY_IO_BYTES,
2217 value > NOTICEWORTHY_IO_BYTES);
bc40a20e
LP		 2218 }
2219
2220 if (have_io_accounting) {
2221 if (any_io) {
2222 if (rr)
2223 message_parts[n_message_parts++] = TAKE_PTR(rr);
2224 if (wr)
2225 message_parts[n_message_parts++] = TAKE_PTR(wr);
2226
2227 } else {
2228 char *k;
2229
2230 k = strdup("no IO");
2231 if (!k) {
2232 r = log_oom();
2233 goto finish;
2234 }
2235
2236 message_parts[n_message_parts++] = k;
2237 }
2238 }
2239
12375b95 2240 for (CGroupIPAccountingMetric m = 0; m < _CGROUP_IP_ACCOUNTING_METRIC_MAX; m++) {
915b1d01
LP		 2241 char buf[FORMAT_BYTES_MAX] = "";
2242 uint64_t value = UINT64_MAX;
2243
2244 assert(ip_fields[m]);
2245
2246 (void) unit_get_ip_accounting(u, m, &value);
2247 if (value == UINT64_MAX)
2248 continue;
82044702
LP		 2249
2250 have_ip_accounting = true;
a87b1faa
LP		 2251 if (value > 0)
2252 any_traffic = true;
915b1d01
LP		 2253
2254 /* Format IP accounting data for inclusion in the structured log message */
2255 if (asprintf(&t, "%s=%" PRIu64, ip_fields[m], value) < 0) {
2256 r = log_oom();
2257 goto finish;
2258 }
2259 iovec[n_iovec++] = IOVEC_MAKE_STRING(t);
2260
2261 /* Format the IP accounting data for inclusion in the human language message string, but only for the
2262 * bytes counters (and not for the packets counters) */
a87b1faa
LP		 2263 if (m == CGROUP_IP_INGRESS_BYTES) {
2264 assert(!igress);
ec9d636b 2265 igress = strjoin("received ", format_bytes(buf, sizeof(buf), value), " IP traffic");
a87b1faa
LP		 2266 if (!igress) {
2267 r = log_oom();
2268 goto finish;
2269 }
2270 } else if (m == CGROUP_IP_EGRESS_BYTES) {
2271 assert(!egress);
ec9d636b 2272 egress = strjoin("sent ", format_bytes(buf, sizeof(buf), value), " IP traffic");
a87b1faa
LP		 2273 if (!egress) {
2274 r = log_oom();
2275 goto finish;
2276 }
2277 }
37109b85
ZJS		 2278
2279 if (IN_SET(m, CGROUP_IP_INGRESS_BYTES, CGROUP_IP_EGRESS_BYTES))
2280 log_level = raise_level(log_level,
2281 value > MENTIONWORTHY_IP_BYTES,
2282 value > NOTICEWORTHY_IP_BYTES);
a87b1faa
LP		 2283 }
2284
c2503e35
RH		 2285 /* This check is here because it is the earliest point following all possible log_level assignments. If
2286 * log_level is assigned anywhere after this point, move this check. */
2287 if (!unit_log_level_test(u, log_level)) {
2288 r = 0;
2289 goto finish;
2290 }
2291
82044702
LP		 2292 if (have_ip_accounting) {
2293 if (any_traffic) {
2294 if (igress)
2295 message_parts[n_message_parts++] = TAKE_PTR(igress);
2296 if (egress)
2297 message_parts[n_message_parts++] = TAKE_PTR(egress);
a87b1faa 2298
82044702
LP		 2299 } else {
2300 char *k;
915b1d01 2301
82044702
LP		 2302 k = strdup("no IP traffic");
2303 if (!k) {
2304 r = log_oom();
2305 goto finish;
2306 }
2307
2308 message_parts[n_message_parts++] = k;
2309 }
915b1d01
LP		 2310 }
2311
2312 /* Is there any accounting data available at all? */
2313 if (n_iovec == 0) {
2314 r = 0;
2315 goto finish;
2316 }
2317
2318 if (n_message_parts == 0)
a87b1faa 2319 t = strjoina("MESSAGE=", u->id, ": Completed.");
915b1d01 2320 else {
c2b2df60 2321 _cleanup_free_ char *joined = NULL;
915b1d01
LP		 2322
2323 message_parts[n_message_parts] = NULL;
2324
2325 joined = strv_join(message_parts, ", ");
2326 if (!joined) {
2327 r = log_oom();
2328 goto finish;
2329 }
2330
ec9d636b 2331 joined[0] = ascii_toupper(joined[0]);
a87b1faa 2332 t = strjoina("MESSAGE=", u->id, ": ", joined, ".");
915b1d01
LP		 2333 }
2334
2335 /* The following four fields we allocate on the stack or are static strings, we hence don't want to free them,
2336 * and hence don't increase n_iovec for them */
2337 iovec[n_iovec] = IOVEC_MAKE_STRING(t);
2338 iovec[n_iovec + 1] = IOVEC_MAKE_STRING("MESSAGE_ID=" SD_MESSAGE_UNIT_RESOURCES_STR);
2339
2340 t = strjoina(u->manager->unit_log_field, u->id);
2341 iovec[n_iovec + 2] = IOVEC_MAKE_STRING(t);
2342
2343 t = strjoina(u->manager->invocation_log_field, u->invocation_id_string);
2344 iovec[n_iovec + 3] = IOVEC_MAKE_STRING(t);
2345
c2503e35 2346 log_unit_struct_iovec(u, log_level, iovec, n_iovec + 4);
915b1d01
LP		 2347 r = 0;
2348
2349finish:
12375b95 2350 for (size_t i = 0; i < n_message_parts; i++)
915b1d01
LP		 2351 free(message_parts[i]);
2352
12375b95 2353 for (size_t i = 0; i < n_iovec; i++)
915b1d01
LP		 2354 free(iovec[i].iov_base);
2355
2356 return r;
2357
2358}
2359
adefcf28
LP		 2360static void unit_update_on_console(Unit *u) {
2361 bool b;
2362
2363 assert(u);
2364
2365 b = unit_needs_console(u);
2366 if (u->on_console == b)
2367 return;
2368
2369 u->on_console = b;
2370 if (b)
2371 manager_ref_console(u->manager);
2372 else
2373 manager_unref_console(u->manager);
adefcf28
LP		 2374}
2375
6eb65e7c
LP		 2376static void unit_emit_audit_start(Unit *u) {
2377 assert(u);
2378
2379 if (u->type != UNIT_SERVICE)
2380 return;
2381
2382 /* Write audit record if we have just finished starting up */
2383 manager_send_unit_audit(u->manager, u, AUDIT_SERVICE_START, true);
2384 u->in_audit = true;
2385}
2386
2387static void unit_emit_audit_stop(Unit *u, UnitActiveState state) {
2388 assert(u);
2389
2390 if (u->type != UNIT_SERVICE)
2391 return;
2392
2393 if (u->in_audit) {
2394 /* Write audit record if we have just finished shutting down */
2395 manager_send_unit_audit(u->manager, u, AUDIT_SERVICE_STOP, state == UNIT_INACTIVE);
2396 u->in_audit = false;
2397 } else {
2398 /* Hmm, if there was no start record written write it now, so that we always have a nice pair */
2399 manager_send_unit_audit(u->manager, u, AUDIT_SERVICE_START, state == UNIT_INACTIVE);
2400
2401 if (state == UNIT_INACTIVE)
2402 manager_send_unit_audit(u->manager, u, AUDIT_SERVICE_STOP, true);
2403 }
2404}
2405
16c74914
LP		 2406static bool unit_process_job(Job *j, UnitActiveState ns, UnitNotifyFlags flags) {
2407 bool unexpected = false;
31cd5f63 2408 JobResult result;
16c74914
LP		 2409
2410 assert(j);
2411
2412 if (j->state == JOB_WAITING)
2413
2414 /* So we reached a different state for this job. Let's see if we can run it now if it failed previously
2415 * due to EAGAIN. */
2416 job_add_to_run_queue(j);
2417
2418 /* Let's check whether the unit's new state constitutes a finished job, or maybe contradicts a running job and
2419 * hence needs to invalidate jobs. */
2420
2421 switch (j->type) {
2422
2423 case JOB_START:
2424 case JOB_VERIFY_ACTIVE:
2425
2426 if (UNIT_IS_ACTIVE_OR_RELOADING(ns))
2427 job_finish_and_invalidate(j, JOB_DONE, true, false);
2428 else if (j->state == JOB_RUNNING && ns != UNIT_ACTIVATING) {
2429 unexpected = true;
2430
31cd5f63
AZ		 2431 if (UNIT_IS_INACTIVE_OR_FAILED(ns)) {
2432 if (ns == UNIT_FAILED)
2433 result = JOB_FAILED;
31cd5f63
AZ		 2434 else
2435 result = JOB_DONE;
2436
2437 job_finish_and_invalidate(j, result, true, false);
2438 }
16c74914
LP		 2439 }
2440
2441 break;
2442
2443 case JOB_RELOAD:
2444 case JOB_RELOAD_OR_START:
2445 case JOB_TRY_RELOAD:
2446
2447 if (j->state == JOB_RUNNING) {
2448 if (ns == UNIT_ACTIVE)
2449 job_finish_and_invalidate(j, (flags & UNIT_NOTIFY_RELOAD_FAILURE) ? JOB_FAILED : JOB_DONE, true, false);
2450 else if (!IN_SET(ns, UNIT_ACTIVATING, UNIT_RELOADING)) {
2451 unexpected = true;
2452
2453 if (UNIT_IS_INACTIVE_OR_FAILED(ns))
2454 job_finish_and_invalidate(j, ns == UNIT_FAILED ? JOB_FAILED : JOB_DONE, true, false);
2455 }
2456 }
2457
2458 break;
2459
2460 case JOB_STOP:
2461 case JOB_RESTART:
2462 case JOB_TRY_RESTART:
2463
2464 if (UNIT_IS_INACTIVE_OR_FAILED(ns))
2465 job_finish_and_invalidate(j, JOB_DONE, true, false);
2466 else if (j->state == JOB_RUNNING && ns != UNIT_DEACTIVATING) {
2467 unexpected = true;
2468 job_finish_and_invalidate(j, JOB_FAILED, true, false);
2469 }
2470
2471 break;
2472
2473 default:
2474 assert_not_reached("Job type unknown");
2475 }
2476
2477 return unexpected;
2478}
2479
2ad2e41a 2480void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, UnitNotifyFlags flags) {
429926e9 2481 const char *reason;
8559b3b7 2482 Manager *m;
a096ed36 2483
87f0e418
LP		 2484 assert(u);
2485 assert(os < _UNIT_ACTIVE_STATE_MAX);
2486 assert(ns < _UNIT_ACTIVE_STATE_MAX);
87f0e418 2487
8559b3b7
LP		 2488 /* Note that this is called for all low-level state changes, even if they might map to the same high-level
2489 * UnitActiveState! That means that ns == os is an expected behavior here. For example: if a mount point is
2490 * remounted this function will be called too! */
87f0e418 2491
546ac4f0
MS		 2492 m = u->manager;
2493
3c4832ad
LP		 2494 /* Let's enqueue the change signal early. In case this unit has a job associated we want that this unit is in
2495 * the bus queue, so that any job change signal queued will force out the unit change signal first. */
2496 unit_add_to_dbus_queue(u);
2497
e30bbc90
AZ		 2498 /* Update systemd-oomd on the property/state change */
2499 if (os != ns) {
2500 /* Always send an update if the unit is going into an inactive state so systemd-oomd knows to stop
2501 * monitoring.
2502 * Also send an update whenever the unit goes active; this is to handle a case where an override file
2503 * sets one of the ManagedOOM*= properties to "kill", then later removes it. systemd-oomd needs to
2504 * know to stop monitoring when the unit changes from "kill" -> "auto" on daemon-reload, but we don't
2505 * have the information on the property. Thus, indiscriminately send an update. */
f561e8c6 2506 if (UNIT_IS_INACTIVE_OR_FAILED(ns) || UNIT_IS_ACTIVE_OR_RELOADING(ns))
e30bbc90
AZ		 2507 (void) manager_varlink_send_managed_oom_update(u);
2508 }
2509
f755e3b7 2510 /* Update timestamps for state changes */
2c289ea8 2511 if (!MANAGER_IS_RELOADING(m)) {
a483fb59 2512 dual_timestamp_get(&u->state_change_timestamp);
173e3821 2513
bdbf9951 2514 if (UNIT_IS_INACTIVE_OR_FAILED(os) && !UNIT_IS_INACTIVE_OR_FAILED(ns))
a483fb59 2515 u->inactive_exit_timestamp = u->state_change_timestamp;
bdbf9951 2516 else if (!UNIT_IS_INACTIVE_OR_FAILED(os) && UNIT_IS_INACTIVE_OR_FAILED(ns))
a483fb59 2517 u->inactive_enter_timestamp = u->state_change_timestamp;
bdbf9951
LP		 2518
2519 if (!UNIT_IS_ACTIVE_OR_RELOADING(os) && UNIT_IS_ACTIVE_OR_RELOADING(ns))
a483fb59 2520 u->active_enter_timestamp = u->state_change_timestamp;
bdbf9951 2521 else if (UNIT_IS_ACTIVE_OR_RELOADING(os) && !UNIT_IS_ACTIVE_OR_RELOADING(ns))
a483fb59 2522 u->active_exit_timestamp = u->state_change_timestamp;
bdbf9951 2523 }
87f0e418 2524
865cc19a 2525 /* Keep track of failed units */
8724defe 2526 (void) manager_update_failed_units(m, u, ns == UNIT_FAILED);
f755e3b7 2527
d3070fbd
LP		 2528 /* Make sure the cgroup and state files are always removed when we become inactive */
2529 if (UNIT_IS_INACTIVE_OR_FAILED(ns)) {
ff68472a
ZJS		 2530 SET_FLAG(u->markers,
2531 (1u << UNIT_MARKER_NEEDS_RELOAD)|(1u << UNIT_MARKER_NEEDS_RESTART),
2532 false);
efdb0237 2533 unit_prune_cgroup(u);
d3070fbd 2534 unit_unlink_state_files(u);
ff68472a
ZJS		 2535 } else if (ns != os && ns == UNIT_RELOADING)
2536 SET_FLAG(u->markers, 1u << UNIT_MARKER_NEEDS_RELOAD, false);
fb385181 2537
adefcf28 2538 unit_update_on_console(u);
7ed9f6cd 2539
2c289ea8 2540 if (!MANAGER_IS_RELOADING(m)) {
a1c7334b
LP		 2541 bool unexpected;
2542
2543 /* Let's propagate state changes to the job */
2544 if (u->job)
2545 unexpected = unit_process_job(u->job, ns, flags);
2546 else
2547 unexpected = true;
f3bff0eb 2548
a1c7334b
LP		 2549 /* If this state change happened without being requested by a job, then let's retroactively start or
2550 * stop dependencies. We skip that step when deserializing, since we don't want to create any
2551 * additional jobs just because something is already activated. */
bdbf9951
LP		 2552
2553 if (unexpected) {
2554 if (UNIT_IS_INACTIVE_OR_FAILED(os) && UNIT_IS_ACTIVE_OR_ACTIVATING(ns))
2555 retroactively_start_dependencies(u);
2556 else if (UNIT_IS_ACTIVE_OR_ACTIVATING(os) && UNIT_IS_INACTIVE_OR_DEACTIVATING(ns))
2557 retroactively_stop_dependencies(u);
2558 }
5de9682c 2559
cd0504d0 2560 /* stop unneeded units regardless if going down was expected or not */
a3c1168a 2561 if (UNIT_IS_INACTIVE_OR_FAILED(ns))
cd0504d0
MS		 2562 check_unneeded_dependencies(u);
2563
bdbf9951 2564 if (ns != os && ns == UNIT_FAILED) {
ed77d407 2565 log_unit_debug(u, "Unit entered failed state.");
2ad2e41a
LP		 2566
2567 if (!(flags & UNIT_NOTIFY_WILL_AUTO_RESTART))
2568 unit_start_on_failure(u);
cd6d0a45 2569 }
e537352b 2570
256f65d0
LP		 2571 if (UNIT_IS_ACTIVE_OR_RELOADING(ns) && !UNIT_IS_ACTIVE_OR_RELOADING(os)) {
2572 /* This unit just finished starting up */
3b2775c5 2573
6eb65e7c 2574 unit_emit_audit_start(u);
546ac4f0 2575 manager_send_unit_plymouth(m, u);
256f65d0 2576 }
bdbf9951 2577
256f65d0 2578 if (UNIT_IS_INACTIVE_OR_FAILED(ns) && !UNIT_IS_INACTIVE_OR_FAILED(os)) {
915b1d01 2579 /* This unit just stopped/failed. */
256f65d0 2580
6eb65e7c 2581 unit_emit_audit_stop(u, ns);
915b1d01 2582 unit_log_resources(u);
cd6d0a45 2583 }
f278026d
LP		 2584 }
2585
31dc1ca3
LP		 2586 manager_recheck_journal(m);
2587 manager_recheck_dbus(m);
e63ebf71 2588
3ecaa09b 2589 unit_trigger_notify(u);
3b2775c5 2590
8724defe 2591 if (!MANAGER_IS_RELOADING(m)) {
8559b3b7 2592 /* Maybe we finished startup and are now ready for being stopped because unneeded? */
fda09318 2593 unit_submit_to_stop_when_unneeded_queue(u);
c1e1601e 2594
8559b3b7
LP		 2595 /* Maybe we finished startup, but something we needed has vanished? Let's die then. (This happens when
2596 * something BindsTo= to a Type=oneshot unit, as these units go directly from starting to inactive,
ff502445
LP		 2597 * without ever entering started.) */
2598 unit_check_binds_to(u);
53c35a76 2599
429926e9
TR		 2600 if (os != UNIT_FAILED && ns == UNIT_FAILED) {
2601 reason = strjoina("unit ", u->id, " failed");
36c4dc08 2602 emergency_action(m, u->failure_action, 0, u->reboot_arg, unit_failure_action_exit_status(u), reason);
429926e9
TR		 2603 } else if (!UNIT_IS_INACTIVE_OR_FAILED(os) && ns == UNIT_INACTIVE) {
2604 reason = strjoina("unit ", u->id, " succeeded");
36c4dc08 2605 emergency_action(m, u->success_action, 0, u->reboot_arg, unit_success_action_exit_status(u), reason);
429926e9 2606 }
ff502445
LP		 2607 }
2608
701cc384 2609 unit_add_to_gc_queue(u);
87f0e418
LP		 2610}
2611
f75f613d 2612int unit_watch_pid(Unit *u, pid_t pid, bool exclusive) {
62a76913 2613 int r;
a911bb9a 2614
87f0e418 2615 assert(u);
62a76913 2616 assert(pid_is_valid(pid));
87f0e418 2617
62a76913 2618 /* Watch a specific PID */
5ba6985b 2619
f75f613d
FB		 2620 /* Caller might be sure that this PID belongs to this unit only. Let's take this
2621 * opportunity to remove any stalled references to this PID as they can be created
2622 * easily (when watching a process which is not our direct child). */
2623 if (exclusive)
2624 manager_unwatch_pid(u->manager, pid);
2625
d5099efc 2626 r = set_ensure_allocated(&u->pids, NULL);
5ba6985b
LP		 2627 if (r < 0)
2628 return r;
2629
62a76913 2630 r = hashmap_ensure_allocated(&u->manager->watch_pids, NULL);
a911bb9a
LP		 2631 if (r < 0)
2632 return r;
2633
62a76913
LP		 2634 /* First try, let's add the unit keyed by "pid". */
2635 r = hashmap_put(u->manager->watch_pids, PID_TO_PTR(pid), u);
2636 if (r == -EEXIST) {
2637 Unit **array;
2638 bool found = false;
2639 size_t n = 0;
05e343b7 2640
62a76913
LP		 2641 /* OK, the "pid" key is already assigned to a different unit. Let's see if the "-pid" key (which points
2642 * to an array of Units rather than just a Unit), lists us already. */
a911bb9a 2643
62a76913
LP		 2644 array = hashmap_get(u->manager->watch_pids, PID_TO_PTR(-pid));
2645 if (array)
2646 for (; array[n]; n++)
2647 if (array[n] == u)
2648 found = true;
a911bb9a 2649
62a76913
LP		 2650 if (found) /* Found it already? if so, do nothing */
2651 r = 0;
2652 else {
2653 Unit **new_array;
2654
2655 /* Allocate a new array */
2656 new_array = new(Unit*, n + 2);
2657 if (!new_array)
2658 return -ENOMEM;
2659
2660 memcpy_safe(new_array, array, sizeof(Unit*) * n);
2661 new_array[n] = u;
2662 new_array[n+1] = NULL;
2663
2664 /* Add or replace the old array */
2665 r = hashmap_replace(u->manager->watch_pids, PID_TO_PTR(-pid), new_array);
2666 if (r < 0) {
2667 free(new_array);
2668 return r;
2669 }
2670
2671 free(array);
2672 }
2673 } else if (r < 0)
2674 return r;
2675
2676 r = set_put(u->pids, PID_TO_PTR(pid));
2677 if (r < 0)
2678 return r;
2679
2680 return 0;
87f0e418
LP		 2681}
2682
2683void unit_unwatch_pid(Unit *u, pid_t pid) {
62a76913
LP		 2684 Unit **array;
2685
87f0e418 2686 assert(u);
62a76913
LP		 2687 assert(pid_is_valid(pid));
2688
2689 /* First let's drop the unit in case it's keyed as "pid". */
2690 (void) hashmap_remove_value(u->manager->watch_pids, PID_TO_PTR(pid), u);
2691
2692 /* Then, let's also drop the unit, in case it's in the array keyed by -pid */
2693 array = hashmap_get(u->manager->watch_pids, PID_TO_PTR(-pid));
2694 if (array) {
62a76913 2695 /* Let's iterate through the array, dropping our own entry */
12375b95
ZJS		 2696
2697 size_t m = 0;
2698 for (size_t n = 0; array[n]; n++)
62a76913
LP		 2699 if (array[n] != u)
2700 array[m++] = array[n];
2701 array[m] = NULL;
2702
2703 if (m == 0) {
2704 /* The array is now empty, remove the entire entry */
20c3acfa 2705 assert_se(hashmap_remove(u->manager->watch_pids, PID_TO_PTR(-pid)) == array);
62a76913
LP		 2706 free(array);
2707 }
2708 }
87f0e418 2709
fea72cc0 2710 (void) set_remove(u->pids, PID_TO_PTR(pid));
a911bb9a
LP		 2711}
2712
bd44e61b
LP		 2713void unit_unwatch_all_pids(Unit *u) {
2714 assert(u);
2715
2716 while (!set_isempty(u->pids))
fea72cc0 2717 unit_unwatch_pid(u, PTR_TO_PID(set_first(u->pids)));
bd44e61b 2718
efdb0237 2719 u->pids = set_free(u->pids);
a911bb9a
LP		 2720}
2721
50be4f4a
LP		 2722static void unit_tidy_watch_pids(Unit *u) {
2723 pid_t except1, except2;
a911bb9a
LP		 2724 void *e;
2725
2726 assert(u);
2727
2728 /* Cleans dead PIDs from our list */
2729
50be4f4a
LP		 2730 except1 = unit_main_pid(u);
2731 except2 = unit_control_pid(u);
2732
90e74a66 2733 SET_FOREACH(e, u->pids) {
fea72cc0 2734 pid_t pid = PTR_TO_PID(e);
a911bb9a
LP		 2735
2736 if (pid == except1 || pid == except2)
2737 continue;
2738
9f5650ae 2739 if (!pid_is_unwaited(pid))
bd44e61b 2740 unit_unwatch_pid(u, pid);
a911bb9a 2741 }
87f0e418
LP		 2742}
2743
50be4f4a
LP		 2744static int on_rewatch_pids_event(sd_event_source *s, void *userdata) {
2745 Unit *u = userdata;
2746
2747 assert(s);
2748 assert(u);
2749
2750 unit_tidy_watch_pids(u);
2751 unit_watch_all_pids(u);
2752
2753 /* If the PID set is empty now, then let's finish this off. */
2754 unit_synthesize_cgroup_empty_event(u);
2755
2756 return 0;
2757}
2758
2759int unit_enqueue_rewatch_pids(Unit *u) {
2760 int r;
2761
2762 assert(u);
2763
2764 if (!u->cgroup_path)
2765 return -ENOENT;
2766
2767 r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
2768 if (r < 0)
2769 return r;
2770 if (r > 0) /* On unified we can use proper notifications */
2771 return 0;
2772
2773 /* Enqueues a low-priority job that will clean up dead PIDs from our list of PIDs to watch and subscribe to new
2774 * PIDs that might have appeared. We do this in a delayed job because the work might be quite slow, as it
2775 * involves issuing kill(pid, 0) on all processes we watch. */
2776
2777 if (!u->rewatch_pids_event_source) {
2778 _cleanup_(sd_event_source_unrefp) sd_event_source *s = NULL;
2779
2780 r = sd_event_add_defer(u->manager->event, &s, on_rewatch_pids_event, u);
2781 if (r < 0)
2782 return log_error_errno(r, "Failed to allocate event source for tidying watched PIDs: %m");
2783
2784 r = sd_event_source_set_priority(s, SD_EVENT_PRIORITY_IDLE);
2785 if (r < 0)
28b77ab2 2786 return log_error_errno(r, "Failed to adjust priority of event source for tidying watched PIDs: %m");
50be4f4a
LP		 2787
2788 (void) sd_event_source_set_description(s, "tidy-watch-pids");
2789
2790 u->rewatch_pids_event_source = TAKE_PTR(s);
2791 }
2792
2793 r = sd_event_source_set_enabled(u->rewatch_pids_event_source, SD_EVENT_ONESHOT);
2794 if (r < 0)
2795 return log_error_errno(r, "Failed to enable event source for tidying watched PIDs: %m");
2796
2797 return 0;
2798}
2799
2800void unit_dequeue_rewatch_pids(Unit *u) {
2801 int r;
2802 assert(u);
2803
2804 if (!u->rewatch_pids_event_source)
2805 return;
2806
2807 r = sd_event_source_set_enabled(u->rewatch_pids_event_source, SD_EVENT_OFF);
2808 if (r < 0)
2809 log_warning_errno(r, "Failed to disable event source for tidying watched PIDs, ignoring: %m");
2810
2811 u->rewatch_pids_event_source = sd_event_source_unref(u->rewatch_pids_event_source);
2812}
2813
87f0e418
LP		 2814bool unit_job_is_applicable(Unit *u, JobType j) {
2815 assert(u);
2816 assert(j >= 0 && j < _JOB_TYPE_MAX);
2817
2818 switch (j) {
2819
2820 case JOB_VERIFY_ACTIVE:
2821 case JOB_START:
e0209d83 2822 case JOB_NOP:
f5869324 2823 /* Note that we don't check unit_can_start() here. That's because .device units and suchlike are not
86b52a39 2824 * startable by us but may appear due to external events, and it thus makes sense to permit enqueuing
f5869324 2825 * jobs for it. */
87f0e418
LP		 2826 return true;
2827
f5869324
LP		 2828 case JOB_STOP:
2829 /* Similar as above. However, perpetual units can never be stopped (neither explicitly nor due to
86b52a39 2830 * external events), hence it makes no sense to permit enqueuing such a request either. */
f5869324
LP		 2831 return !u->perpetual;
2832
87f0e418
LP		 2833 case JOB_RESTART:
2834 case JOB_TRY_RESTART:
f5869324 2835 return unit_can_stop(u) && unit_can_start(u);
87f0e418
LP		 2836
2837 case JOB_RELOAD:
3282591d 2838 case JOB_TRY_RELOAD:
87f0e418
LP		 2839 return unit_can_reload(u);
2840
2841 case JOB_RELOAD_OR_START:
2842 return unit_can_reload(u) && unit_can_start(u);
2843
2844 default:
2845 assert_not_reached("Invalid job type");
2846 }
2847}
2848
eef85c4a
LP		 2849int unit_add_dependency(
2850 Unit *u,
2851 UnitDependency d,
2852 Unit *other,
2853 bool add_reference,
2854 UnitDependencyMask mask) {
87f0e418
LP		 2855
2856 static const UnitDependency inverse_table[_UNIT_DEPENDENCY_MAX] = {
2857 [UNIT_REQUIRES] = UNIT_REQUIRED_BY,
87f0e418 2858 [UNIT_WANTS] = UNIT_WANTED_BY,
be7d9ff7 2859 [UNIT_REQUISITE] = UNIT_REQUISITE_OF,
7f2cddae 2860 [UNIT_BINDS_TO] = UNIT_BOUND_BY,
60649f17 2861 [UNIT_PART_OF] = UNIT_CONSISTS_OF,
be7d9ff7 2862 [UNIT_REQUIRED_BY] = UNIT_REQUIRES,
be7d9ff7 2863 [UNIT_REQUISITE_OF] = UNIT_REQUISITE,
be7d9ff7 2864 [UNIT_WANTED_BY] = UNIT_WANTS,
7f2cddae 2865 [UNIT_BOUND_BY] = UNIT_BINDS_TO,
60649f17 2866 [UNIT_CONSISTS_OF] = UNIT_PART_OF,
69dd2852
LP		 2867 [UNIT_CONFLICTS] = UNIT_CONFLICTED_BY,
2868 [UNIT_CONFLICTED_BY] = UNIT_CONFLICTS,
87f0e418 2869 [UNIT_BEFORE] = UNIT_AFTER,
701cc384 2870 [UNIT_AFTER] = UNIT_BEFORE,
5de9682c 2871 [UNIT_ON_FAILURE] = _UNIT_DEPENDENCY_INVALID,
701cc384 2872 [UNIT_REFERENCES] = UNIT_REFERENCED_BY,
57020a3a
LP		 2873 [UNIT_REFERENCED_BY] = UNIT_REFERENCES,
2874 [UNIT_TRIGGERS] = UNIT_TRIGGERED_BY,
4dcc1cb4 2875 [UNIT_TRIGGERED_BY] = UNIT_TRIGGERS,
7f2cddae 2876 [UNIT_PROPAGATES_RELOAD_TO] = UNIT_RELOAD_PROPAGATED_FROM,
85e9a101 2877 [UNIT_RELOAD_PROPAGATED_FROM] = UNIT_PROPAGATES_RELOAD_TO,
613b411c 2878 [UNIT_JOINS_NAMESPACE_OF] = UNIT_JOINS_NAMESPACE_OF,
87f0e418 2879 };
eef85c4a 2880 Unit *original_u = u, *original_other = other;
15ed3c3a 2881 UnitDependencyAtom a;
eef85c4a 2882 int r;
15ed3c3a
LP		 2883
2884 /* Helper to know whether sending a notification is necessary or not: if the dependency is already
2885 * there, no need to notify! */
2886 bool noop;
87f0e418
LP		 2887
2888 assert(u);
2889 assert(d >= 0 && d < _UNIT_DEPENDENCY_MAX);
87f0e418
LP		 2890 assert(other);
2891
9f151f29
LP		 2892 u = unit_follow_merge(u);
2893 other = unit_follow_merge(other);
15ed3c3a
LP		 2894 a = unit_dependency_to_atom(d);
2895 assert(a >= 0);
9f151f29 2896
15ed3c3a 2897 /* We won't allow dependencies on ourselves. We will not consider them an error however. */
d1fab3fe 2898 if (u == other) {
15ed3c3a 2899 unit_maybe_warn_about_dependency(original_u, original_other->id, d);
87f0e418 2900 return 0;
d1fab3fe 2901 }
87f0e418 2902
15ed3c3a
LP		 2903 /* Note that ordering a device unit after a unit is permitted since it allows to start its job
2904 * running timeout at a specific time. */
2905 if (FLAGS_SET(a, UNIT_ATOM_BEFORE) && other->type == UNIT_DEVICE) {
b862c257 2906 log_unit_warning(u, "Dependency Before=%s ignored (.device units cannot be delayed)", other->id);
c80a9a33
LP		 2907 return 0;
2908 }
2909
15ed3c3a 2910 if (FLAGS_SET(a, UNIT_ATOM_ON_FAILURE) && !UNIT_VTABLE(u)->can_fail) {
c80a9a33
LP		 2911 log_unit_warning(u, "Requested dependency OnFailure=%s ignored (%s units cannot fail).", other->id, unit_type_to_string(u->type));
2912 return 0;
2913 }
2914
15ed3c3a 2915 if (FLAGS_SET(a, UNIT_ATOM_TRIGGERS) && !UNIT_VTABLE(u)->can_trigger)
c80a9a33
LP		 2916 return log_unit_error_errno(u, SYNTHETIC_ERRNO(EINVAL),
2917 "Requested dependency Triggers=%s refused (%s units cannot trigger other units).", other->id, unit_type_to_string(u->type));
15ed3c3a 2918 if (FLAGS_SET(a, UNIT_ATOM_TRIGGERED_BY) && !UNIT_VTABLE(other)->can_trigger)
c80a9a33
LP		 2919 return log_unit_error_errno(u, SYNTHETIC_ERRNO(EINVAL),
2920 "Requested dependency TriggeredBy=%s refused (%s units cannot trigger other units).", other->id, unit_type_to_string(other->type));
2921
15ed3c3a 2922 r = unit_add_dependency_hashmap(&u->dependencies, d, other, mask, 0);
613b411c 2923 if (r < 0)
87f0e418 2924 return r;
15ed3c3a 2925 noop = !r;
87f0e418 2926
eef85c4a 2927 if (inverse_table[d] != _UNIT_DEPENDENCY_INVALID && inverse_table[d] != d) {
15ed3c3a 2928 r = unit_add_dependency_hashmap(&other->dependencies, inverse_table[d], u, 0, mask);
613b411c
LP		 2929 if (r < 0)
2930 return r;
15ed3c3a 2931 if (r)
5177cb0a 2932 noop = false;
613b411c
LP		 2933 }
2934
2935 if (add_reference) {
15ed3c3a 2936 r = unit_add_dependency_hashmap(&u->dependencies, UNIT_REFERENCES, other, mask, 0);
613b411c 2937 if (r < 0)
5de9682c 2938 return r;
15ed3c3a 2939 if (r)
5177cb0a 2940 noop = false;
5de9682c 2941
15ed3c3a 2942 r = unit_add_dependency_hashmap(&other->dependencies, UNIT_REFERENCED_BY, u, 0, mask);
613b411c 2943 if (r < 0)
701cc384 2944 return r;
15ed3c3a 2945 if (r)
5177cb0a 2946 noop = false;
613b411c 2947 }
87f0e418 2948
5177cb0a
RM		 2949 if (!noop)
2950 unit_add_to_dbus_queue(u);
15ed3c3a 2951
87f0e418
LP		 2952 return 0;
2953}
0301abf4 2954
eef85c4a 2955int unit_add_two_dependencies(Unit *u, UnitDependency d, UnitDependency e, Unit *other, bool add_reference, UnitDependencyMask mask) {
2c966c03
LP		 2956 int r;
2957
2958 assert(u);
2959
eef85c4a 2960 r = unit_add_dependency(u, d, other, add_reference, mask);
3f3cc397 2961 if (r < 0)
2c966c03
LP		 2962 return r;
2963
eef85c4a 2964 return unit_add_dependency(u, e, other, add_reference, mask);
2c966c03
LP		 2965}
2966
23e8c796 2967static int resolve_template(Unit *u, const char *name, char **buf, const char **ret) {
7410616c 2968 int r;
9e2f7c11
LP		 2969
2970 assert(u);
23e8c796 2971 assert(name);
7410616c
LP		 2972 assert(buf);
2973 assert(ret);
9e2f7c11 2974
7410616c
LP		 2975 if (!unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) {
2976 *buf = NULL;
2977 *ret = name;
2978 return 0;
9e2f7c11
LP		 2979 }
2980
ac155bb8 2981 if (u->instance)
7410616c 2982 r = unit_name_replace_instance(name, u->instance, buf);
9e2f7c11 2983 else {
ae018d9b 2984 _cleanup_free_ char *i = NULL;
9e2f7c11 2985
7410616c
LP		 2986 r = unit_name_to_prefix(u->id, &i);
2987 if (r < 0)
2988 return r;
9e2f7c11 2989
7410616c 2990 r = unit_name_replace_instance(name, i, buf);
9e2f7c11 2991 }
7410616c
LP		 2992 if (r < 0)
2993 return r;
9e2f7c11 2994
7410616c
LP		 2995 *ret = *buf;
2996 return 0;
9e2f7c11
LP		 2997}
2998
35d8c19a 2999int unit_add_dependency_by_name(Unit *u, UnitDependency d, const char *name, bool add_reference, UnitDependencyMask mask) {
7410616c 3000 _cleanup_free_ char *buf = NULL;
09b6b09f
LP		 3001 Unit *other;
3002 int r;
3003
9e2f7c11 3004 assert(u);
35d8c19a 3005 assert(name);
09b6b09f 3006
23e8c796 3007 r = resolve_template(u, name, &buf, &name);
7410616c
LP		 3008 if (r < 0)
3009 return r;
09b6b09f 3010
35d8c19a 3011 r = manager_load_unit(u->manager, name, NULL, NULL, &other);
8afbb8e1
LP		 3012 if (r < 0)
3013 return r;
9e2f7c11 3014
eef85c4a 3015 return unit_add_dependency(u, d, other, add_reference, mask);
09b6b09f
LP		 3016}
3017
5a724170 3018int unit_add_two_dependencies_by_name(Unit *u, UnitDependency d, UnitDependency e, const char *name, bool add_reference, UnitDependencyMask mask) {
7410616c 3019 _cleanup_free_ char *buf = NULL;
2c966c03
LP		 3020 Unit *other;
3021 int r;
2c966c03
LP		 3022
3023 assert(u);
5a724170 3024 assert(name);
2c966c03 3025
23e8c796 3026 r = resolve_template(u, name, &buf, &name);
7410616c
LP		 3027 if (r < 0)
3028 return r;
2c966c03 3029
5a724170 3030 r = manager_load_unit(u->manager, name, NULL, NULL, &other);
3f3cc397 3031 if (r < 0)
68eda4bd 3032 return r;
2c966c03 3033
eef85c4a 3034 return unit_add_two_dependencies(u, d, e, other, add_reference, mask);
2c966c03
LP		 3035}
3036
0301abf4 3037int set_unit_path(const char *p) {
0301abf4 3038 /* This is mostly for debug purposes */
cbe46ead 3039 if (setenv("SYSTEMD_UNIT_PATH", p, 1) < 0)
26d04f86 3040 return -errno;
0301abf4
LP		 3041
3042 return 0;
3043}
88066b3a 3044
ea430986 3045char *unit_dbus_path(Unit *u) {
ea430986
LP		 3046 assert(u);
3047
ac155bb8 3048 if (!u->id)
04ade7d2
LP		 3049 return NULL;
3050
48899192 3051 return unit_dbus_path_from_name(u->id);
ea430986
LP		 3052}
3053
4b58153d
LP		 3054char *unit_dbus_path_invocation_id(Unit *u) {
3055 assert(u);
3056
3057 if (sd_id128_is_null(u->invocation_id))
3058 return NULL;
3059
3060 return unit_dbus_path_from_name(u->invocation_id_string);
3061}
3062
2d3b784d 3063int unit_set_invocation_id(Unit *u, sd_id128_t id) {
db868d45
ZJS		 3064 int r;
3065
3066 assert(u);
3067
3068 /* Set the invocation ID for this unit. If we cannot, this will not roll back, but reset the whole thing. */
3069
3070 if (sd_id128_equal(u->invocation_id, id))
3071 return 0;
3072
3073 if (!sd_id128_is_null(u->invocation_id))
3074 (void) hashmap_remove_value(u->manager->units_by_invocation_id, &u->invocation_id, u);
3075
3076 if (sd_id128_is_null(id)) {
3077 r = 0;
3078 goto reset;
3079 }
3080
3081 r = hashmap_ensure_allocated(&u->manager->units_by_invocation_id, &id128_hash_ops);
3082 if (r < 0)
3083 goto reset;
3084
3085 u->invocation_id = id;
3086 sd_id128_to_string(id, u->invocation_id_string);
3087
3088 r = hashmap_put(u->manager->units_by_invocation_id, &u->invocation_id, u);
3089 if (r < 0)
3090 goto reset;
3091
3092 return 0;
3093
3094reset:
3095 u->invocation_id = SD_ID128_NULL;
3096 u->invocation_id_string[0] = 0;
3097 return r;
3098}
3099
d79200e2
LP		 3100int unit_set_slice(Unit *u, Unit *slice) {
3101 assert(u);
3102 assert(slice);
3103
3104 /* Sets the unit slice if it has not been set before. Is extra
3105 * careful, to only allow this for units that actually have a
3106 * cgroup context. Also, we don't allow to set this for slices
3107 * (since the parent slice is derived from the name). Make
3108 * sure the unit we set is actually a slice. */
3109
3110 if (!UNIT_HAS_CGROUP_CONTEXT(u))
3111 return -EOPNOTSUPP;
3112
3113 if (u->type == UNIT_SLICE)
3114 return -EINVAL;
3115
102ef982
LP		 3116 if (unit_active_state(u) != UNIT_INACTIVE)
3117 return -EBUSY;
3118
d79200e2
LP		 3119 if (slice->type != UNIT_SLICE)
3120 return -EINVAL;
3121
efdb0237
LP		 3122 if (unit_has_name(u, SPECIAL_INIT_SCOPE) &&
3123 !unit_has_name(slice, SPECIAL_ROOT_SLICE))
3124 return -EPERM;
3125
d79200e2
LP		 3126 if (UNIT_DEREF(u->slice) == slice)
3127 return 0;
3128
99e66921
TH		 3129 /* Disallow slice changes if @u is already bound to cgroups */
3130 if (UNIT_ISSET(u->slice) && u->cgroup_realized)
d79200e2
LP		 3131 return -EBUSY;
3132
7f7d01ed 3133 unit_ref_set(&u->slice, u, slice);
d79200e2
LP		 3134 return 1;
3135}
3136
3137int unit_set_default_slice(Unit *u) {
a8833944 3138 const char *slice_name;
a016b922
LP		 3139 Unit *slice;
3140 int r;
3141
3142 assert(u);
3143
9444b1f2 3144 if (UNIT_ISSET(u->slice))
a016b922
LP		 3145 return 0;
3146
a8833944
LP		 3147 if (u->instance) {
3148 _cleanup_free_ char *prefix = NULL, *escaped = NULL;
68eda4bd 3149
a8833944
LP		 3150 /* Implicitly place all instantiated units in their
3151 * own per-template slice */
3152
7410616c
LP		 3153 r = unit_name_to_prefix(u->id, &prefix);
3154 if (r < 0)
3155 return r;
a8833944
LP		 3156
3157 /* The prefix is already escaped, but it might include
3158 * "-" which has a special meaning for slice units,
3159 * hence escape it here extra. */
7410616c 3160 escaped = unit_name_escape(prefix);
a8833944
LP		 3161 if (!escaped)
3162 return -ENOMEM;
3163
463d0d15 3164 if (MANAGER_IS_SYSTEM(u->manager))
00e7b3c8 3165 slice_name = strjoina("system-", escaped, ".slice");
a8833944 3166 else
7f3b86a4 3167 slice_name = strjoina("app-", escaped, ".slice");
5ee24fa0
ZJS		 3168
3169 } else if (unit_is_extrinsic(u))
3170 /* Keep all extrinsic units (e.g. perpetual units and swap and mount units in user mode) in
3171 * the root slice. They don't really belong in one of the subslices. */
3172 slice_name = SPECIAL_ROOT_SLICE;
3173
3174 else if (MANAGER_IS_SYSTEM(u->manager))
3175 slice_name = SPECIAL_SYSTEM_SLICE;
3176 else
3177 slice_name = SPECIAL_APP_SLICE;
a8833944
LP		 3178
3179 r = manager_load_unit(u->manager, slice_name, NULL, NULL, &slice);
a016b922
LP		 3180 if (r < 0)
3181 return r;
3182
d79200e2 3183 return unit_set_slice(u, slice);
a016b922
LP		 3184}
3185
9444b1f2
LP		 3186const char *unit_slice_name(Unit *u) {
3187 assert(u);
3188
3189 if (!UNIT_ISSET(u->slice))
3190 return NULL;
3191
3192 return UNIT_DEREF(u->slice)->id;
3193}
3194
f6ff8c29 3195int unit_load_related_unit(Unit *u, const char *type, Unit **_found) {
78edb35a 3196 _cleanup_free_ char *t = NULL;
f6ff8c29
LP		 3197 int r;
3198
3199 assert(u);
3200 assert(type);
3201 assert(_found);
3202
7410616c
LP		 3203 r = unit_name_change_suffix(u->id, type, &t);
3204 if (r < 0)
3205 return r;
3206 if (unit_has_name(u, t))
3207 return -EINVAL;
f6ff8c29 3208
ac155bb8 3209 r = manager_load_unit(u->manager, t, NULL, NULL, _found);
9e2f7c11 3210 assert(r < 0 || *_found != u);
f6ff8c29
LP		 3211 return r;
3212}
3213
bbc29086 3214static int signal_name_owner_changed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
fc67a943 3215 const char *new_owner;
bbc29086
DM		 3216 Unit *u = userdata;
3217 int r;
3218
3219 assert(message);
3220 assert(u);
3221
fc67a943 3222 r = sd_bus_message_read(message, "sss", NULL, NULL, &new_owner);
bbc29086
DM		 3223 if (r < 0) {
3224 bus_log_parse_error(r);
3225 return 0;
3226 }
3227
3228 if (UNIT_VTABLE(u)->bus_name_owner_change)
fc67a943 3229 UNIT_VTABLE(u)->bus_name_owner_change(u, empty_to_null(new_owner));
a5a8776a
MJ		 3230
3231 return 0;
3232}
3233
3234static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bus_error *error) {
3235 const sd_bus_error *e;
3236 const char *new_owner;
3237 Unit *u = userdata;
3238 int r;
3239
3240 assert(message);
3241 assert(u);
3242
3243 u->get_name_owner_slot = sd_bus_slot_unref(u->get_name_owner_slot);
3244
a5a8776a 3245 e = sd_bus_message_get_error(message);
a5a8776a 3246 if (e) {
a54654ba
LP		 3247 if (!sd_bus_error_has_name(e, "org.freedesktop.DBus.Error.NameHasNoOwner"))
3248 log_unit_error(u, "Unexpected error response from GetNameOwner(): %s", e->message);
a5a8776a 3249
fc67a943
LP		 3250 new_owner = NULL;
3251 } else {
3252 r = sd_bus_message_read(message, "s", &new_owner);
3253 if (r < 0)
3254 return bus_log_parse_error(r);
a5a8776a 3255
fc67a943
LP		 3256 assert(!isempty(new_owner));
3257 }
a5a8776a
MJ		 3258
3259 if (UNIT_VTABLE(u)->bus_name_owner_change)
fc67a943 3260 UNIT_VTABLE(u)->bus_name_owner_change(u, new_owner);
bbc29086
DM		 3261
3262 return 0;
3263}
3264
9806e87d
LP		 3265int unit_install_bus_match(Unit *u, sd_bus *bus, const char *name) {
3266 const char *match;
a5b07847 3267 int r;
bbc29086 3268
9806e87d
LP		 3269 assert(u);
3270 assert(bus);
3271 assert(name);
bbc29086 3272
a5b07847 3273 if (u->match_bus_slot || u->get_name_owner_slot)
bbc29086
DM		 3274 return -EBUSY;
3275
9806e87d 3276 match = strjoina("type='signal',"
81d62103
ZJS		 3277 "sender='org.freedesktop.DBus',"
3278 "path='/org/freedesktop/DBus',"
3279 "interface='org.freedesktop.DBus',"
3280 "member='NameOwnerChanged',"
3281 "arg0='", name, "'");
bbc29086 3282
a5b07847 3283 r = sd_bus_add_match_async(bus, &u->match_bus_slot, match, signal_name_owner_changed, NULL, u);
a5a8776a
MJ		 3284 if (r < 0)
3285 return r;
3286
a5b07847
LP		 3287 r = sd_bus_call_method_async(
3288 bus,
3289 &u->get_name_owner_slot,
3290 "org.freedesktop.DBus",
3291 "/org/freedesktop/DBus",
3292 "org.freedesktop.DBus",
3293 "GetNameOwner",
3294 get_name_owner_handler,
3295 u,
3296 "s", name);
3297 if (r < 0) {
3298 u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
3299 return r;
3300 }
3301
3302 log_unit_debug(u, "Watching D-Bus name '%s'.", name);
3303 return 0;
bbc29086
DM		 3304}
3305
05e343b7 3306int unit_watch_bus_name(Unit *u, const char *name) {
bbc29086
DM		 3307 int r;
3308
05e343b7
LP		 3309 assert(u);
3310 assert(name);
3311
3312 /* Watch a specific name on the bus. We only support one unit
3313 * watching each name for now. */
3314
bbc29086
DM		 3315 if (u->manager->api_bus) {
3316 /* If the bus is already available, install the match directly.
3317 * Otherwise, just put the name in the list. bus_setup_api() will take care later. */
9806e87d 3318 r = unit_install_bus_match(u, u->manager->api_bus, name);
bbc29086 3319 if (r < 0)
8ea823b6 3320 return log_warning_errno(r, "Failed to subscribe to NameOwnerChanged signal for '%s': %m", name);
bbc29086
DM		 3321 }
3322
3323 r = hashmap_put(u->manager->watch_bus, name, u);
3324 if (r < 0) {
3325 u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
a5b07847 3326 u->get_name_owner_slot = sd_bus_slot_unref(u->get_name_owner_slot);
bbc29086
DM		 3327 return log_warning_errno(r, "Failed to put bus name to hashmap: %m");
3328 }
3329
3330 return 0;
05e343b7
LP		 3331}
3332
3333void unit_unwatch_bus_name(Unit *u, const char *name) {
3334 assert(u);
3335 assert(name);
3336
8367fea5 3337 (void) hashmap_remove_value(u->manager->watch_bus, name, u);
bbc29086 3338 u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
a5a8776a 3339 u->get_name_owner_slot = sd_bus_slot_unref(u->get_name_owner_slot);
05e343b7
LP		 3340}
3341
a16e1123
LP		 3342bool unit_can_serialize(Unit *u) {
3343 assert(u);
3344
3345 return UNIT_VTABLE(u)->serialize && UNIT_VTABLE(u)->deserialize_item;
3346}
3347
d336ba9f 3348int unit_add_node_dependency(Unit *u, const char *what, UnitDependency dep, UnitDependencyMask mask) {
68eda4bd 3349 _cleanup_free_ char *e = NULL;
44b0d1fd 3350 Unit *device;
6e2ef85b
LP		 3351 int r;
3352
3353 assert(u);
3354
6e2ef85b 3355 /* Adds in links to the device node that this unit is based on */
47bc12e1
LP		 3356 if (isempty(what))
3357 return 0;
6e2ef85b 3358
8407a5d0 3359 if (!is_device_path(what))
6e2ef85b
LP		 3360 return 0;
3361
44b0d1fd 3362 /* When device units aren't supported (such as in a container), don't create dependencies on them. */
1c2e9646 3363 if (!unit_type_supported(UNIT_DEVICE))
47bc12e1
LP		 3364 return 0;
3365
7410616c
LP		 3366 r = unit_name_from_path(what, ".device", &e);
3367 if (r < 0)
3368 return r;
6e2ef85b 3369
ac155bb8 3370 r = manager_load_unit(u->manager, e, NULL, NULL, &device);
6e2ef85b
LP		 3371 if (r < 0)
3372 return r;
3373
ebc8968b
FB		 3374 if (dep == UNIT_REQUIRES && device_shall_be_bound_by(device, u))
3375 dep = UNIT_BINDS_TO;
3376
d336ba9f
FB		 3377 return unit_add_two_dependencies(u, UNIT_AFTER,
3378 MANAGER_IS_SYSTEM(u->manager) ? dep : UNIT_WANTS,
3379 device, true, mask);
6e2ef85b 3380}
a16e1123 3381
44b0d1fd
LP		 3382int unit_add_blockdev_dependency(Unit *u, const char *what, UnitDependencyMask mask) {
3383 _cleanup_free_ char *escaped = NULL, *target = NULL;
3384 int r;
3385
3386 assert(u);
3387
3388 if (isempty(what))
3389 return 0;
3390
3391 if (!path_startswith(what, "/dev/"))
3392 return 0;
3393
3394 /* If we don't support devices, then also don't bother with blockdev@.target */
3395 if (!unit_type_supported(UNIT_DEVICE))
3396 return 0;
3397
3398 r = unit_name_path_escape(what, &escaped);
3399 if (r < 0)
3400 return r;
3401
3402 r = unit_name_build("blockdev", escaped, ".target", &target);
3403 if (r < 0)
3404 return r;
3405
3406 return unit_add_dependency_by_name(u, UNIT_AFTER, target, true, mask);
3407}
3408
be847e82 3409int unit_coldplug(Unit *u) {
05a98afd
LP		 3410 int r = 0, q;
3411 char **i;
b49e14d5 3412 Job *uj;
cca098b0
LP		 3413
3414 assert(u);
3415
f0831ed2 3416 /* Make sure we don't enter a loop, when coldplugging recursively. */
f78f265f
LP		 3417 if (u->coldplugged)
3418 return 0;
3419
3420 u->coldplugged = true;
3421
05a98afd
LP		 3422 STRV_FOREACH(i, u->deserialized_refs) {
3423 q = bus_unit_track_add_name(u, *i);
3424 if (q < 0 && r >= 0)
3425 r = q;
3426 }
3427 u->deserialized_refs = strv_free(u->deserialized_refs);
cca098b0 3428
05a98afd
LP		 3429 if (UNIT_VTABLE(u)->coldplug) {
3430 q = UNIT_VTABLE(u)->coldplug(u);
3431 if (q < 0 && r >= 0)
3432 r = q;
3433 }
5a6158b6 3434
b49e14d5 3435 uj = u->job ?: u->nop_job;
3436 if (uj) {
3437 q = job_coldplug(uj);
05a98afd
LP		 3438 if (q < 0 && r >= 0)
3439 r = q;
3440 }
cca098b0 3441
05a98afd 3442 return r;
cca098b0
LP		 3443}
3444
f0831ed2
LP		 3445void unit_catchup(Unit *u) {
3446 assert(u);
3447
3448 if (UNIT_VTABLE(u)->catchup)
3449 UNIT_VTABLE(u)->catchup(u);
3450}
3451
ba25d39e 3452static bool fragment_mtime_newer(const char *path, usec_t mtime, bool path_masked) {
21b95806
ZJS		 3453 struct stat st;
3454
3455 if (!path)
3456 return false;
3457
77969722
LP		 3458 /* If the source is some virtual kernel file system, then we assume we watch it anyway, and hence pretend we
3459 * are never out-of-date. */
3460 if (PATH_STARTSWITH_SET(path, "/proc", "/sys"))
3461 return false;
3462
21b95806
ZJS		 3463 if (stat(path, &st) < 0)
3464 /* What, cannot access this anymore? */
3465 return true;
3466
ba25d39e
ZJS		 3467 if (path_masked)
3468 /* For masked files check if they are still so */
3469 return !null_or_empty(&st);
3470 else
3a8db9fe 3471 /* For non-empty files check the mtime */
87ec20ef 3472 return timespec_load(&st.st_mtim) > mtime;
21b95806
ZJS		 3473
3474 return false;
3475}
3476
45fb0699 3477bool unit_need_daemon_reload(Unit *u) {
ae7a7182
OS		 3478 _cleanup_strv_free_ char **t = NULL;
3479 char **path;
1b64d026 3480
45fb0699
LP		 3481 assert(u);
3482
ba25d39e
ZJS		 3483 /* For unit files, we allow masking… */
3484 if (fragment_mtime_newer(u->fragment_path, u->fragment_mtime,
3485 u->load_state == UNIT_MASKED))
21b95806 3486 return true;
5f4b19f4 3487
ba25d39e
ZJS		 3488 /* Source paths should not be masked… */
3489 if (fragment_mtime_newer(u->source_path, u->source_mtime, false))
ab932a62 3490 return true;
ae7a7182 3491
19a44dfe
LR		 3492 if (u->load_state == UNIT_LOADED)
3493 (void) unit_find_dropin_paths(u, &t);
ab932a62
LP		 3494 if (!strv_equal(u->dropin_paths, t))
3495 return true;
6d10d308 3496
ba25d39e 3497 /* … any drop-ins that are masked are simply omitted from the list. */
ab932a62 3498 STRV_FOREACH(path, u->dropin_paths)
ba25d39e 3499 if (fragment_mtime_newer(*path, u->dropin_mtime, false))
ab932a62 3500 return true;
21b95806 3501
ab932a62 3502 return false;
45fb0699
LP		 3503}
3504
fdf20a31 3505void unit_reset_failed(Unit *u) {
5632e374
LP		 3506 assert(u);
3507
fdf20a31
MM		 3508 if (UNIT_VTABLE(u)->reset_failed)
3509 UNIT_VTABLE(u)->reset_failed(u);
6bf0f408 3510
7bf081a1 3511 ratelimit_reset(&u->start_ratelimit);
6bf0f408 3512 u->start_limit_hit = false;
5632e374
LP		 3513}
3514
a7f241db
LP		 3515Unit *unit_following(Unit *u) {
3516 assert(u);
3517
3518 if (UNIT_VTABLE(u)->following)
3519 return UNIT_VTABLE(u)->following(u);
3520
3521 return NULL;
3522}
3523
31afa0a4 3524bool unit_stop_pending(Unit *u) {
18ffdfda
LP		 3525 assert(u);
3526
31afa0a4
LP		 3527 /* This call does check the current state of the unit. It's
3528 * hence useful to be called from state change calls of the
3529 * unit itself, where the state isn't updated yet. This is
3530 * different from unit_inactive_or_pending() which checks both
3531 * the current state and for a queued job. */
18ffdfda 3532
28a2dfe8 3533 return unit_has_job_type(u, JOB_STOP);
31afa0a4
LP		 3534}
3535
3536bool unit_inactive_or_pending(Unit *u) {
3537 assert(u);
3538
3539 /* Returns true if the unit is inactive or going down */
18ffdfda 3540
d956ac29
LP		 3541 if (UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(u)))
3542 return true;
3543
31afa0a4 3544 if (unit_stop_pending(u))
18ffdfda
LP		 3545 return true;
3546
3547 return false;
3548}
3549
31afa0a4 3550bool unit_active_or_pending(Unit *u) {
f976f3f6
LP		 3551 assert(u);
3552
f60c2665 3553 /* Returns true if the unit is active or going up */
f976f3f6
LP		 3554
3555 if (UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(u)))
3556 return true;
3557
ac155bb8 3558 if (u->job &&
3742095b 3559 IN_SET(u->job->type, JOB_START, JOB_RELOAD_OR_START, JOB_RESTART))
f976f3f6
LP		 3560 return true;
3561
3562 return false;
3563}
3564
52a12341
YW		 3565bool unit_will_restart_default(Unit *u) {
3566 assert(u);
3567
28a2dfe8 3568 return unit_has_job_type(u, JOB_START);
52a12341
YW		 3569}
3570
deb4e708
MK		 3571bool unit_will_restart(Unit *u) {
3572 assert(u);
3573
3574 if (!UNIT_VTABLE(u)->will_restart)
3575 return false;
3576
3577 return UNIT_VTABLE(u)->will_restart(u);
3578}
3579
718db961 3580int unit_kill(Unit *u, KillWho w, int signo, sd_bus_error *error) {
8a0867d6
LP		 3581 assert(u);
3582 assert(w >= 0 && w < _KILL_WHO_MAX);
6eb7c172 3583 assert(SIGNAL_VALID(signo));
8a0867d6 3584
8a0867d6 3585 if (!UNIT_VTABLE(u)->kill)
15411c0c 3586 return -EOPNOTSUPP;
8a0867d6 3587
c74f17d9 3588 return UNIT_VTABLE(u)->kill(u, w, signo, error);
8a0867d6
LP		 3589}
3590
82659fd7 3591static Set *unit_pid_set(pid_t main_pid, pid_t control_pid) {
af4fa99d 3592 _cleanup_set_free_ Set *pid_set = NULL;
82659fd7
LP		 3593 int r;
3594
d5099efc 3595 pid_set = set_new(NULL);
82659fd7
LP		 3596 if (!pid_set)
3597 return NULL;
3598
3599 /* Exclude the main/control pids from being killed via the cgroup */
3600 if (main_pid > 0) {
fea72cc0 3601 r = set_put(pid_set, PID_TO_PTR(main_pid));
82659fd7 3602 if (r < 0)
95f14a3e 3603 return NULL;
82659fd7
LP		 3604 }
3605
3606 if (control_pid > 0) {
fea72cc0 3607 r = set_put(pid_set, PID_TO_PTR(control_pid));
82659fd7 3608 if (r < 0)
95f14a3e 3609 return NULL;
82659fd7
LP		 3610 }
3611
95f14a3e 3612 return TAKE_PTR(pid_set);
82659fd7
LP		 3613}
3614
d9911002
LP		 3615static int kill_common_log(pid_t pid, int signo, void *userdata) {
3616 _cleanup_free_ char *comm = NULL;
3617 Unit *u = userdata;
3618
3619 assert(u);
3620
3621 (void) get_process_comm(pid, &comm);
3622 log_unit_info(u, "Sending signal SIG%s to process " PID_FMT " (%s) on client request.",
3623 signal_to_string(signo), pid, strna(comm));
3624
3625 return 1;
3626}
3627
d91c34f2
LP		 3628int unit_kill_common(
3629 Unit *u,
3630 KillWho who,
3631 int signo,
3632 pid_t main_pid,
3633 pid_t control_pid,
718db961 3634 sd_bus_error *error) {
d91c34f2 3635
814cc562 3636 int r = 0;
ac5e3a50 3637 bool killed = false;
814cc562 3638
8aff7ac4
LP		 3639 /* This is the common implementation for explicit user-requested killing of unit processes, shared by
3640 * various unit types. Do not confuse with unit_kill_context(), which is what we use when we want to
3641 * stop a service ourselves. */
3642
ac5e3a50 3643 if (IN_SET(who, KILL_MAIN, KILL_MAIN_FAIL)) {
814cc562 3644 if (main_pid < 0)
7358dc02 3645 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_PROCESS, "%s units have no main processes", unit_type_to_string(u->type));
8aff7ac4 3646 if (main_pid == 0)
7358dc02 3647 return sd_bus_error_set_const(error, BUS_ERROR_NO_SUCH_PROCESS, "No main process to kill");
814cc562
MS		 3648 }
3649
ac5e3a50 3650 if (IN_SET(who, KILL_CONTROL, KILL_CONTROL_FAIL)) {
814cc562 3651 if (control_pid < 0)
7358dc02 3652 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_PROCESS, "%s units have no control processes", unit_type_to_string(u->type));
8aff7ac4 3653 if (control_pid == 0)
7358dc02 3654 return sd_bus_error_set_const(error, BUS_ERROR_NO_SUCH_PROCESS, "No control process to kill");
814cc562
MS		 3655 }
3656
ac5e3a50
JS		 3657 if (IN_SET(who, KILL_CONTROL, KILL_CONTROL_FAIL, KILL_ALL, KILL_ALL_FAIL))
3658 if (control_pid > 0) {
d9911002
LP		 3659 _cleanup_free_ char *comm = NULL;
3660 (void) get_process_comm(control_pid, &comm);
3661
3662 if (kill(control_pid, signo) < 0) {
3663 /* Report this failure both to the logs and to the client */
3664 sd_bus_error_set_errnof(
3665 error, errno,
3666 "Failed to send signal SIG%s to control process " PID_FMT " (%s): %m",
3667 signal_to_string(signo), control_pid, strna(comm));
3668 r = log_unit_warning_errno(
3669 u, errno,
3670 "Failed to send signal SIG%s to control process " PID_FMT " (%s) on client request: %m",
3671 signal_to_string(signo), control_pid, strna(comm));
3672 } else {
3673 log_unit_info(u, "Sent signal SIG%s to control process " PID_FMT " (%s) on client request.",
3674 signal_to_string(signo), control_pid, strna(comm));
ac5e3a50 3675 killed = true;
d9911002 3676 }
ac5e3a50 3677 }
814cc562 3678
ac5e3a50
JS		 3679 if (IN_SET(who, KILL_MAIN, KILL_MAIN_FAIL, KILL_ALL, KILL_ALL_FAIL))
3680 if (main_pid > 0) {
d9911002
LP		 3681 _cleanup_free_ char *comm = NULL;
3682 (void) get_process_comm(main_pid, &comm);
3683
3684 if (kill(main_pid, signo) < 0) {
3685 if (r == 0)
3686 sd_bus_error_set_errnof(
3687 error, errno,
3688 "Failed to send signal SIG%s to main process " PID_FMT " (%s): %m",
3689 signal_to_string(signo), main_pid, strna(comm));
3690
3691 r = log_unit_warning_errno(
3692 u, errno,
3693 "Failed to send signal SIG%s to main process " PID_FMT " (%s) on client request: %m",
3694 signal_to_string(signo), main_pid, strna(comm));
3695 } else {
3696 log_unit_info(u, "Sent signal SIG%s to main process " PID_FMT " (%s) on client request.",
3697 signal_to_string(signo), main_pid, strna(comm));
ac5e3a50 3698 killed = true;
d9911002 3699 }
ac5e3a50 3700 }
814cc562 3701
ac5e3a50 3702 if (IN_SET(who, KILL_ALL, KILL_ALL_FAIL) && u->cgroup_path) {
814cc562
MS		 3703 _cleanup_set_free_ Set *pid_set = NULL;
3704 int q;
3705
82659fd7
LP		 3706 /* Exclude the main/control pids from being killed via the cgroup */
3707 pid_set = unit_pid_set(main_pid, control_pid);
814cc562 3708 if (!pid_set)
d9911002
LP		 3709 return log_oom();
3710
3711 q = cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, signo, 0, pid_set, kill_common_log, u);
3712 if (q < 0) {
3713 if (!IN_SET(q, -ESRCH, -ENOENT)) {
3714 if (r == 0)
3715 sd_bus_error_set_errnof(
3716 error, q,
3717 "Failed to send signal SIG%s to auxiliary processes: %m",
3718 signal_to_string(signo));
3719
3720 r = log_unit_warning_errno(
3721 u, q,
3722 "Failed to send signal SIG%s to auxiliary processes on client request: %m",
3723 signal_to_string(signo));
3724 }
3725 } else
ac5e3a50 3726 killed = true;
814cc562
MS		 3727 }
3728
2ae0508e
LP		 3729 /* If the "fail" versions of the operation are requested, then complain if the set of processes we killed is empty */
3730 if (r == 0 && !killed && IN_SET(who, KILL_ALL_FAIL, KILL_CONTROL_FAIL, KILL_MAIN_FAIL))
3731 return sd_bus_error_set_const(error, BUS_ERROR_NO_SUCH_PROCESS, "No matching processes to kill");
ac5e3a50 3732
814cc562
MS		 3733 return r;
3734}
3735
6210e7fc
LP		 3736int unit_following_set(Unit *u, Set **s) {
3737 assert(u);
3738 assert(s);
3739
3740 if (UNIT_VTABLE(u)->following_set)
3741 return UNIT_VTABLE(u)->following_set(u, s);
3742
3743 *s = NULL;
3744 return 0;
3745}
3746
a4375746 3747UnitFileState unit_get_unit_file_state(Unit *u) {
0ec0deaa
LP		 3748 int r;
3749
a4375746
LP		 3750 assert(u);
3751
0ec0deaa
LP		 3752 if (u->unit_file_state < 0 && u->fragment_path) {
3753 r = unit_file_get_state(
463d0d15 3754 u->manager->unit_file_scope,
0ec0deaa 3755 NULL,
9ea3a0e7 3756 u->id,
0ec0deaa
LP		 3757 &u->unit_file_state);
3758 if (r < 0)
3759 u->unit_file_state = UNIT_FILE_BAD;
3760 }
a4375746 3761
ac155bb8 3762 return u->unit_file_state;
a4375746
LP		 3763}
3764
d2dc52db
LP		 3765int unit_get_unit_file_preset(Unit *u) {
3766 assert(u);
3767
3768 if (u->unit_file_preset < 0 && u->fragment_path)
3769 u->unit_file_preset = unit_file_query_preset(
463d0d15 3770 u->manager->unit_file_scope,
0ec0deaa 3771 NULL,
8f7b2566
ZJS		 3772 basename(u->fragment_path),
3773 NULL);
d2dc52db
LP		 3774
3775 return u->unit_file_preset;
3776}
3777
7f7d01ed 3778Unit* unit_ref_set(UnitRef *ref, Unit *source, Unit *target) {
57020a3a 3779 assert(ref);
7f7d01ed
ZJS		 3780 assert(source);
3781 assert(target);
57020a3a 3782
7f7d01ed 3783 if (ref->target)
57020a3a
LP		 3784 unit_ref_unset(ref);
3785
7f7d01ed
ZJS		 3786 ref->source = source;
3787 ref->target = target;
3788 LIST_PREPEND(refs_by_target, target->refs_by_target, ref);
3789 return target;
57020a3a
LP		 3790}
3791
3792void unit_ref_unset(UnitRef *ref) {
3793 assert(ref);
3794
7f7d01ed 3795 if (!ref->target)
57020a3a
LP		 3796 return;
3797
b75102e5
LP		 3798 /* We are about to drop a reference to the unit, make sure the garbage collection has a look at it as it might
3799 * be unreferenced now. */
7f7d01ed 3800 unit_add_to_gc_queue(ref->target);
b75102e5 3801
7f7d01ed
ZJS		 3802 LIST_REMOVE(refs_by_target, ref->target->refs_by_target, ref);
3803 ref->source = ref->target = NULL;
57020a3a
LP		 3804}
3805
29206d46
LP		 3806static int user_from_unit_name(Unit *u, char **ret) {
3807
3808 static const uint8_t hash_key[] = {
3809 0x58, 0x1a, 0xaf, 0xe6, 0x28, 0x58, 0x4e, 0x96,
3810 0xb4, 0x4e, 0xf5, 0x3b, 0x8c, 0x92, 0x07, 0xec
3811 };
3812
3813 _cleanup_free_ char *n = NULL;
3814 int r;
3815
3816 r = unit_name_to_prefix(u->id, &n);
3817 if (r < 0)
3818 return r;
3819
7a8867ab 3820 if (valid_user_group_name(n, 0)) {
ae2a15bc 3821 *ret = TAKE_PTR(n);
29206d46
LP		 3822 return 0;
3823 }
3824
3825 /* If we can't use the unit name as a user name, then let's hash it and use that */
3826 if (asprintf(ret, "_du%016" PRIx64, siphash24(n, strlen(n), hash_key)) < 0)
3827 return -ENOMEM;
3828
3829 return 0;
3830}
3831
598459ce
LP		 3832int unit_patch_contexts(Unit *u) {
3833 CGroupContext *cc;
3834 ExecContext *ec;
cba6e062
LP		 3835 int r;
3836
e06c73cc 3837 assert(u);
e06c73cc 3838
598459ce
LP		 3839 /* Patch in the manager defaults into the exec and cgroup
3840 * contexts, _after_ the rest of the settings have been
3841 * initialized */
085afe36 3842
598459ce
LP		 3843 ec = unit_get_exec_context(u);
3844 if (ec) {
3845 /* This only copies in the ones that need memory */
12375b95 3846 for (unsigned i = 0; i < _RLIMIT_MAX; i++)
598459ce
LP		 3847 if (u->manager->rlimit[i] && !ec->rlimit[i]) {
3848 ec->rlimit[i] = newdup(struct rlimit, u->manager->rlimit[i], 1);
3849 if (!ec->rlimit[i])
3850 return -ENOMEM;
3851 }
3852
463d0d15 3853 if (MANAGER_IS_USER(u->manager) &&
598459ce
LP		 3854 !ec->working_directory) {
3855
3856 r = get_home_dir(&ec->working_directory);
3857 if (r < 0)
3858 return r;
4c08c824
LP		 3859
3860 /* Allow user services to run, even if the
3861 * home directory is missing */
3862 ec->working_directory_missing_ok = true;
cba6e062
LP		 3863 }
3864
598459ce 3865 if (ec->private_devices)
2cd0a735 3866 ec->capability_bounding_set &= ~((UINT64_C(1) << CAP_MKNOD) | (UINT64_C(1) << CAP_SYS_RAWIO));
502d704e
DH		 3867
3868 if (ec->protect_kernel_modules)
3869 ec->capability_bounding_set &= ~(UINT64_C(1) << CAP_SYS_MODULE);
29206d46 3870
84703040
KK		 3871 if (ec->protect_kernel_logs)
3872 ec->capability_bounding_set &= ~(UINT64_C(1) << CAP_SYSLOG);
3873
fc64760d
KK		 3874 if (ec->protect_clock)
3875 ec->capability_bounding_set &= ~((UINT64_C(1) << CAP_SYS_TIME) | (UINT64_C(1) << CAP_WAKE_ALARM));
3876
29206d46
LP		 3877 if (ec->dynamic_user) {
3878 if (!ec->user) {
3879 r = user_from_unit_name(u, &ec->user);
3880 if (r < 0)
3881 return r;
3882 }
3883
3884 if (!ec->group) {
3885 ec->group = strdup(ec->user);
3886 if (!ec->group)
3887 return -ENOMEM;
3888 }
3889
bf65b7e0
LP		 3890 /* If the dynamic user option is on, let's make sure that the unit can't leave its
3891 * UID/GID around in the file system or on IPC objects. Hence enforce a strict
3892 * sandbox. */
63bb64a0 3893
29206d46 3894 ec->private_tmp = true;
00d9ef85 3895 ec->remove_ipc = true;
63bb64a0
LP		 3896 ec->protect_system = PROTECT_SYSTEM_STRICT;
3897 if (ec->protect_home == PROTECT_HOME_NO)
3898 ec->protect_home = PROTECT_HOME_READ_ONLY;
bf65b7e0
LP		 3899
3900 /* Make sure this service can neither benefit from SUID/SGID binaries nor create
3901 * them. */
3902 ec->no_new_privileges = true;
3903 ec->restrict_suid_sgid = true;
29206d46 3904 }
cba6e062
LP		 3905 }
3906
598459ce 3907 cc = unit_get_cgroup_context(u);
fe65e88b 3908 if (cc && ec) {
f513e420 3909
fe65e88b 3910 if (ec->private_devices &&
084870f9
ZJS		 3911 cc->device_policy == CGROUP_DEVICE_POLICY_AUTO)
3912 cc->device_policy = CGROUP_DEVICE_POLICY_CLOSED;
fe65e88b 3913
b3d13314 3914 if ((ec->root_image || !LIST_IS_EMPTY(ec->mount_images)) &&
084870f9 3915 (cc->device_policy != CGROUP_DEVICE_POLICY_AUTO || cc->device_allow)) {
0cffae95 3916 const char *p;
fe65e88b 3917
b3d13314 3918 /* When RootImage= or MountImages= is specified, the following devices are touched. */
0cffae95
LB		 3919 FOREACH_STRING(p, "/dev/loop-control", "/dev/mapper/control") {
3920 r = cgroup_add_device_allow(cc, p, "rw");
3921 if (r < 0)
3922 return r;
3923 }
3924 FOREACH_STRING(p, "block-loop", "block-blkext", "block-device-mapper") {
3925 r = cgroup_add_device_allow(cc, p, "rwm");
3926 if (r < 0)
3927 return r;
3928 }
867af728 3929
0cffae95
LB		 3930 /* Make sure "block-loop" can be resolved, i.e. make sure "loop" shows up in /proc/devices.
3931 * Same for mapper and verity. */
3932 FOREACH_STRING(p, "modprobe@loop.service", "modprobe@dm_mod.service", "modprobe@dm_verity.service") {
3933 r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, p, true, UNIT_DEPENDENCY_FILE);
3934 if (r < 0)
3935 return r;
3936 }
fe65e88b 3937 }
fc64760d
KK		 3938
3939 if (ec->protect_clock) {
3940 r = cgroup_add_device_allow(cc, "char-rtc", "r");
3941 if (r < 0)
3942 return r;
3943 }
598459ce 3944 }
f1660f96 3945
cba6e062 3946 return 0;
e06c73cc
LP		 3947}
3948
c2503e35 3949ExecContext *unit_get_exec_context(const Unit *u) {
3ef63c31
LP		 3950 size_t offset;
3951 assert(u);
3952
598459ce
LP		 3953 if (u->type < 0)
3954 return NULL;
3955
3ef63c31
LP		 3956 offset = UNIT_VTABLE(u)->exec_context_offset;
3957 if (offset <= 0)
3958 return NULL;
3959
3960 return (ExecContext*) ((uint8_t*) u + offset);
3961}
3962
718db961
LP		 3963KillContext *unit_get_kill_context(Unit *u) {
3964 size_t offset;
3965 assert(u);
3966
598459ce
LP		 3967 if (u->type < 0)
3968 return NULL;
3969
718db961
LP		 3970 offset = UNIT_VTABLE(u)->kill_context_offset;
3971 if (offset <= 0)
3972 return NULL;
3973
3974 return (KillContext*) ((uint8_t*) u + offset);
3975}
3976
4ad49000
LP		 3977CGroupContext *unit_get_cgroup_context(Unit *u) {
3978 size_t offset;
3979
598459ce
LP		 3980 if (u->type < 0)
3981 return NULL;
3982
4ad49000
LP		 3983 offset = UNIT_VTABLE(u)->cgroup_context_offset;
3984 if (offset <= 0)
3985 return NULL;
3986
3987 return (CGroupContext*) ((uint8_t*) u + offset);
3988}
3989
613b411c
LP		 3990ExecRuntime *unit_get_exec_runtime(Unit *u) {
3991 size_t offset;
3992
598459ce
LP		 3993 if (u->type < 0)
3994 return NULL;
3995
613b411c
LP		 3996 offset = UNIT_VTABLE(u)->exec_runtime_offset;
3997 if (offset <= 0)
3998 return NULL;
3999
4000 return *(ExecRuntime**) ((uint8_t*) u + offset);
4001}
4002
2e59b241 4003static const char* unit_drop_in_dir(Unit *u, UnitWriteFlags flags) {
3f5e8115
LP		 4004 assert(u);
4005
2e59b241 4006 if (UNIT_WRITE_FLAGS_NOOP(flags))
4f4afc88
LP		 4007 return NULL;
4008
39591351
LP		 4009 if (u->transient) /* Redirect drop-ins for transient units always into the transient directory. */
4010 return u->manager->lookup_paths.transient;
26d04f86 4011
2e59b241 4012 if (flags & UNIT_PERSISTENT)
4f4afc88 4013 return u->manager->lookup_paths.persistent_control;
26d04f86 4014
2e59b241
LP		 4015 if (flags & UNIT_RUNTIME)
4016 return u->manager->lookup_paths.runtime_control;
4017
39591351 4018 return NULL;
71645aca
LP		 4019}
4020
2e59b241
LP		 4021char* unit_escape_setting(const char *s, UnitWriteFlags flags, char **buf) {
4022 char *ret = NULL;
4023
4024 if (!s)
4025 return NULL;
4026
4027 /* Escapes the input string as requested. Returns the escaped string. If 'buf' is specified then the allocated
4028 * return buffer pointer is also written to *buf, except if no escaping was necessary, in which case *buf is
4029 * set to NULL, and the input pointer is returned as-is. This means the return value always contains a properly
4030 * escaped version, but *buf when passed only contains a pointer if an allocation was necessary. If *buf is
4031 * not specified, then the return value always needs to be freed. Callers can use this to optimize memory
4032 * allocations. */
4033
4034 if (flags & UNIT_ESCAPE_SPECIFIERS) {
4035 ret = specifier_escape(s);
4036 if (!ret)
4037 return NULL;
4038
4039 s = ret;
4040 }
4041
4042 if (flags & UNIT_ESCAPE_C) {
4043 char *a;
4044
4045 a = cescape(s);
4046 free(ret);
4047 if (!a)
4048 return NULL;
4049
4050 ret = a;
4051 }
4052
4053 if (buf) {
4054 *buf = ret;
4055 return ret ?: (char*) s;
4056 }
4057
4058 return ret ?: strdup(s);
4059}
4060
4061char* unit_concat_strv(char **l, UnitWriteFlags flags) {
4062 _cleanup_free_ char *result = NULL;
319a4f4b 4063 size_t n = 0;
ae2a15bc 4064 char **i;
2e59b241
LP		 4065
4066 /* Takes a list of strings, escapes them, and concatenates them. This may be used to format command lines in a
4067 * way suitable for ExecStart= stanzas */
4068
4069 STRV_FOREACH(i, l) {
4070 _cleanup_free_ char *buf = NULL;
4071 const char *p;
4072 size_t a;
4073 char *q;
4074
4075 p = unit_escape_setting(*i, flags, &buf);
4076 if (!p)
4077 return NULL;
4078
4079 a = (n > 0) + 1 + strlen(p) + 1; /* separating space + " + entry + " */
319a4f4b 4080 if (!GREEDY_REALLOC(result, n + a + 1))
2e59b241
LP		 4081 return NULL;
4082
4083 q = result + n;
4084 if (n > 0)
4085 *(q++) = ' ';
4086
4087 *(q++) = '"';
4088 q = stpcpy(q, p);
4089 *(q++) = '"';
4090
4091 n += a;
4092 }
4093
319a4f4b 4094 if (!GREEDY_REALLOC(result, n + 1))
2e59b241
LP		 4095 return NULL;
4096
4097 result[n] = 0;
4098
ae2a15bc 4099 return TAKE_PTR(result);
2e59b241
LP		 4100}
4101
4102int unit_write_setting(Unit *u, UnitWriteFlags flags, const char *name, const char *data) {
4103 _cleanup_free_ char *p = NULL, *q = NULL, *escaped = NULL;
2a9a6f8a 4104 const char *dir, *wrapped;
26d04f86 4105 int r;
71645aca
LP		 4106
4107 assert(u);
2e59b241
LP		 4108 assert(name);
4109 assert(data);
4110
4111 if (UNIT_WRITE_FLAGS_NOOP(flags))
4112 return 0;
4113
4114 data = unit_escape_setting(data, flags, &escaped);
4115 if (!data)
4116 return -ENOMEM;
4117
4118 /* Prefix the section header. If we are writing this out as transient file, then let's suppress this if the
4119 * previous section header is the same */
4120
4121 if (flags & UNIT_PRIVATE) {
4122 if (!UNIT_VTABLE(u)->private_section)
4123 return -EINVAL;
4124
4125 if (!u->transient_file || u->last_section_private < 0)
4126 data = strjoina("[", UNIT_VTABLE(u)->private_section, "]\n", data);
4127 else if (u->last_section_private == 0)
4128 data = strjoina("\n[", UNIT_VTABLE(u)->private_section, "]\n", data);
4129 } else {
4130 if (!u->transient_file || u->last_section_private < 0)
4131 data = strjoina("[Unit]\n", data);
4132 else if (u->last_section_private > 0)
4133 data = strjoina("\n[Unit]\n", data);
4134 }
71645aca 4135
4f4afc88
LP		 4136 if (u->transient_file) {
4137 /* When this is a transient unit file in creation, then let's not create a new drop-in but instead
4138 * write to the transient unit file. */
4139 fputs(data, u->transient_file);
4f4afc88 4140
2e59b241
LP		 4141 if (!endswith(data, "\n"))
4142 fputc('\n', u->transient_file);
4143
4144 /* Remember which section we wrote this entry to */
4145 u->last_section_private = !!(flags & UNIT_PRIVATE);
8e2af478 4146 return 0;
2e59b241 4147 }
8e2af478 4148
2e59b241 4149 dir = unit_drop_in_dir(u, flags);
39591351
LP		 4150 if (!dir)
4151 return -EINVAL;
71645aca 4152
2a9a6f8a 4153 wrapped = strjoina("# This is a drop-in unit file extension, created via \"systemctl set-property\"\n"
3f71dec5 4154 "# or an equivalent operation. Do not edit.\n",
2a9a6f8a
ZJS		 4155 data,
4156 "\n");
e20b2a86 4157
815b09d3 4158 r = drop_in_file(dir, u->id, 50, name, &p, &q);
adb76a70
WC		 4159 if (r < 0)
4160 return r;
4161
45639f1b 4162 (void) mkdir_p_label(p, 0755);
4dba44a5
ZJS		 4163
4164 /* Make sure the drop-in dir is registered in our path cache. This way we don't need to stupidly
4165 * recreate the cache after every drop-in we write. */
4166 if (u->manager->unit_path_cache) {
be327321 4167 r = set_put_strdup(&u->manager->unit_path_cache, p);
4dba44a5
ZJS		 4168 if (r < 0)
4169 return r;
4170 }
4171
2a9a6f8a 4172 r = write_string_file_atomic_label(q, wrapped);
adb76a70
WC		 4173 if (r < 0)
4174 return r;
4175
815b09d3 4176 r = strv_push(&u->dropin_paths, q);
adb76a70
WC		 4177 if (r < 0)
4178 return r;
815b09d3 4179 q = NULL;
adb76a70 4180
adb76a70
WC		 4181 strv_uniq(u->dropin_paths);
4182
4183 u->dropin_mtime = now(CLOCK_REALTIME);
4184
4185 return 0;
26d04f86 4186}
71645aca 4187
2e59b241 4188int unit_write_settingf(Unit *u, UnitWriteFlags flags, const char *name, const char *format, ...) {
b9ec9359
LP		 4189 _cleanup_free_ char *p = NULL;
4190 va_list ap;
4191 int r;
4192
4193 assert(u);
4194 assert(name);
4195 assert(format);
4196
2e59b241 4197 if (UNIT_WRITE_FLAGS_NOOP(flags))
b9ec9359
LP		 4198 return 0;
4199
4200 va_start(ap, format);
4201 r = vasprintf(&p, format, ap);
4202 va_end(ap);
4203
4204 if (r < 0)
4205 return -ENOMEM;
4206
2e59b241 4207 return unit_write_setting(u, flags, name, p);
b9ec9359 4208}
71645aca 4209
c2756a68 4210int unit_make_transient(Unit *u) {
0126c8f3 4211 _cleanup_free_ char *path = NULL;
4f4afc88 4212 FILE *f;
4f4afc88 4213
c2756a68
LP		 4214 assert(u);
4215
3f5e8115
LP		 4216 if (!UNIT_VTABLE(u)->can_transient)
4217 return -EOPNOTSUPP;
4218
45639f1b
LP		 4219 (void) mkdir_p_label(u->manager->lookup_paths.transient, 0755);
4220
657ee2d8 4221 path = path_join(u->manager->lookup_paths.transient, u->id);
4f4afc88
LP		 4222 if (!path)
4223 return -ENOMEM;
4224
4225 /* Let's open the file we'll write the transient settings into. This file is kept open as long as we are
4226 * creating the transient, and is closed in unit_load(), as soon as we start loading the file. */
4227
78e334b5 4228 RUN_WITH_UMASK(0022) {
4f4afc88 4229 f = fopen(path, "we");
0126c8f3 4230 if (!f)
78e334b5 4231 return -errno;
4f4afc88
LP		 4232 }
4233
0126c8f3 4234 safe_fclose(u->transient_file);
4f4afc88
LP		 4235 u->transient_file = f;
4236
0126c8f3 4237 free_and_replace(u->fragment_path, path);
7c65093a 4238
7c65093a
LP		 4239 u->source_path = mfree(u->source_path);
4240 u->dropin_paths = strv_free(u->dropin_paths);
4241 u->fragment_mtime = u->source_mtime = u->dropin_mtime = 0;
4242
4f4afc88
LP		 4243 u->load_state = UNIT_STUB;
4244 u->load_error = 0;
4245 u->transient = true;
4246
7c65093a
LP		 4247 unit_add_to_dbus_queue(u);
4248 unit_add_to_gc_queue(u);
c2756a68 4249
4f4afc88
LP		 4250 fputs("# This is a transient unit file, created programmatically via the systemd API. Do not edit.\n",
4251 u->transient_file);
4252
3f5e8115 4253 return 0;
c2756a68
LP		 4254}
4255
c53d2d54 4256static int log_kill(pid_t pid, int sig, void *userdata) {
1d98fef1
LP		 4257 _cleanup_free_ char *comm = NULL;
4258
4259 (void) get_process_comm(pid, &comm);
4260
4261 /* Don't log about processes marked with brackets, under the assumption that these are temporary processes
4262 only, like for example systemd's own PAM stub process. */
4263 if (comm && comm[0] == '(')
c53d2d54 4264 return 0;
1d98fef1
LP		 4265
4266 log_unit_notice(userdata,
4267 "Killing process " PID_FMT " (%s) with signal SIG%s.",
4268 pid,
4269 strna(comm),
4270 signal_to_string(sig));
c53d2d54
DB		 4271
4272 return 1;
1d98fef1
LP		 4273}
4274
4ab1670f 4275static int operation_to_signal(const KillContext *c, KillOperation k, bool *noteworthy) {
1d98fef1
LP		 4276 assert(c);
4277
4278 switch (k) {
4279
4280 case KILL_TERMINATE:
4281 case KILL_TERMINATE_AND_LOG:
4ab1670f 4282 *noteworthy = false;
1d98fef1
LP		 4283 return c->kill_signal;
4284
a232ebcc 4285 case KILL_RESTART:
4ab1670f 4286 *noteworthy = false;
a232ebcc
ZJS		 4287 return restart_kill_signal(c);
4288
1d98fef1 4289 case KILL_KILL:
4ab1670f 4290 *noteworthy = true;
fbb48d4c 4291 return c->final_kill_signal;
1d98fef1 4292
c87700a1 4293 case KILL_WATCHDOG:
4ab1670f 4294 *noteworthy = true;
c87700a1 4295 return c->watchdog_signal;
1d98fef1
LP		 4296
4297 default:
4298 assert_not_reached("KillOperation unknown");
4299 }
4300}
4301
cd2086fe
LP		 4302int unit_kill_context(
4303 Unit *u,
4304 KillContext *c,
db2cb23b 4305 KillOperation k,
cd2086fe
LP		 4306 pid_t main_pid,
4307 pid_t control_pid,
4308 bool main_pid_alien) {
4309
1d98fef1 4310 bool wait_for_exit = false, send_sighup;
59ec09a8 4311 cg_kill_log_func_t log_func = NULL;
b821a397 4312 int sig, r;
cd2086fe
LP		 4313
4314 assert(u);
4315 assert(c);
4316
8aff7ac4
LP		 4317 /* Kill the processes belonging to this unit, in preparation for shutting the unit down. Returns > 0
4318 * if we killed something worth waiting for, 0 otherwise. Do not confuse with unit_kill_common()
4319 * which is used for user-requested killing of unit processes. */
1d98fef1 4320
cd2086fe
LP		 4321 if (c->kill_mode == KILL_NONE)
4322 return 0;
4323
4ab1670f
ZJS		 4324 bool noteworthy;
4325 sig = operation_to_signal(c, k, &noteworthy);
4326 if (noteworthy)
4327 log_func = log_kill;
1d98fef1
LP		 4328
4329 send_sighup =
4330 c->send_sighup &&
4331 IN_SET(k, KILL_TERMINATE, KILL_TERMINATE_AND_LOG) &&
4332 sig != SIGHUP;
4333
cd2086fe 4334 if (main_pid > 0) {
1d98fef1
LP		 4335 if (log_func)
4336 log_func(main_pid, sig, u);
cd2086fe 4337
1d98fef1 4338 r = kill_and_sigcont(main_pid, sig);
cd2086fe
LP		 4339 if (r < 0 && r != -ESRCH) {
4340 _cleanup_free_ char *comm = NULL;
1d98fef1 4341 (void) get_process_comm(main_pid, &comm);
cd2086fe 4342
b821a397 4343 log_unit_warning_errno(u, r, "Failed to kill main process " PID_FMT " (%s), ignoring: %m", main_pid, strna(comm));
82659fd7 4344 } else {
bc6aed7b
LP		 4345 if (!main_pid_alien)
4346 wait_for_exit = true;
82659fd7 4347
1d98fef1 4348 if (r != -ESRCH && send_sighup)
d0667321 4349 (void) kill(main_pid, SIGHUP);
82659fd7 4350 }
cd2086fe
LP		 4351 }
4352
4353 if (control_pid > 0) {
1d98fef1
LP		 4354 if (log_func)
4355 log_func(control_pid, sig, u);
cd2086fe 4356
1d98fef1 4357 r = kill_and_sigcont(control_pid, sig);
cd2086fe
LP		 4358 if (r < 0 && r != -ESRCH) {
4359 _cleanup_free_ char *comm = NULL;
1d98fef1 4360 (void) get_process_comm(control_pid, &comm);
cd2086fe 4361
b821a397 4362 log_unit_warning_errno(u, r, "Failed to kill control process " PID_FMT " (%s), ignoring: %m", control_pid, strna(comm));
82659fd7 4363 } else {
cd2086fe 4364 wait_for_exit = true;
82659fd7 4365
1d98fef1 4366 if (r != -ESRCH && send_sighup)
d0667321 4367 (void) kill(control_pid, SIGHUP);
82659fd7 4368 }
cd2086fe
LP		 4369 }
4370
b821a397
LP		 4371 if (u->cgroup_path &&
4372 (c->kill_mode == KILL_CONTROL_GROUP || (c->kill_mode == KILL_MIXED && k == KILL_KILL))) {
cd2086fe
LP		 4373 _cleanup_set_free_ Set *pid_set = NULL;
4374
82659fd7
LP		 4375 /* Exclude the main/control pids from being killed via the cgroup */
4376 pid_set = unit_pid_set(main_pid, control_pid);
cd2086fe
LP		 4377 if (!pid_set)
4378 return -ENOMEM;
4379
1d98fef1
LP		 4380 r = cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path,
4381 sig,
4382 CGROUP_SIGCONT|CGROUP_IGNORE_SELF,
4383 pid_set,
4384 log_func, u);
cd2086fe 4385 if (r < 0) {
4c701096 4386 if (!IN_SET(r, -EAGAIN, -ESRCH, -ENOENT))
b821a397
LP		 4387 log_unit_warning_errno(u, r, "Failed to kill control group %s, ignoring: %m", u->cgroup_path);
4388
82659fd7 4389 } else if (r > 0) {
bc6aed7b 4390
1d9cc876
LP		 4391 /* FIXME: For now, on the legacy hierarchy, we will not wait for the cgroup members to die if
4392 * we are running in a container or if this is a delegation unit, simply because cgroup
4393 * notification is unreliable in these cases. It doesn't work at all in containers, and outside
4394 * of containers it can be confused easily by left-over directories in the cgroup — which
4395 * however should not exist in non-delegated units. On the unified hierarchy that's different,
4396 * there we get proper events. Hence rely on them. */
efdb0237 4397
c22800e4 4398 if (cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER) > 0 ||
1d9cc876 4399 (detect_container() == 0 && !unit_cgroup_delegate(u)))
e9db43d5 4400 wait_for_exit = true;
58ea275a 4401
1d98fef1 4402 if (send_sighup) {
82659fd7
LP		 4403 set_free(pid_set);
4404
4405 pid_set = unit_pid_set(main_pid, control_pid);
4406 if (!pid_set)
4407 return -ENOMEM;
4408
c8aa4b5b
LP		 4409 (void) cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path,
4410 SIGHUP,
4411 CGROUP_IGNORE_SELF,
4412 pid_set,
4413 NULL, NULL);
82659fd7
LP		 4414 }
4415 }
cd2086fe
LP		 4416 }
4417
4418 return wait_for_exit;
4419}
4420
eef85c4a 4421int unit_require_mounts_for(Unit *u, const char *path, UnitDependencyMask mask) {
ca8700e9 4422 _cleanup_free_ char *p = NULL;
eef85c4a 4423 UnitDependencyInfo di;
a57f7e2c
LP		 4424 int r;
4425
4426 assert(u);
4427 assert(path);
4428
eef85c4a
LP		 4429 /* Registers a unit for requiring a certain path and all its prefixes. We keep a hashtable of these paths in
4430 * the unit (from the path to the UnitDependencyInfo structure indicating how to the dependency came to
4431 * be). However, we build a prefix table for all possible prefixes so that new appearing mount units can easily
4432 * determine which units to make themselves a dependency of. */
a57f7e2c 4433
70b64bd3
ZJS		 4434 if (!path_is_absolute(path))
4435 return -EINVAL;
4436
548f6937 4437 r = hashmap_ensure_allocated(&u->requires_mounts_for, &path_hash_ops);
eef85c4a
LP		 4438 if (r < 0)
4439 return r;
4440
a57f7e2c
LP		 4441 p = strdup(path);
4442 if (!p)
4443 return -ENOMEM;
4444
106bf8e4 4445 path = path_simplify(p, true);
a57f7e2c 4446
ca8700e9 4447 if (!path_is_normalized(path))
a57f7e2c 4448 return -EPERM;
a57f7e2c 4449
ca8700e9 4450 if (hashmap_contains(u->requires_mounts_for, path))
a57f7e2c 4451 return 0;
a57f7e2c 4452
eef85c4a
LP		 4453 di = (UnitDependencyInfo) {
4454 .origin_mask = mask
4455 };
4456
ca8700e9
ZJS		 4457 r = hashmap_put(u->requires_mounts_for, path, di.data);
4458 if (r < 0)
a57f7e2c 4459 return r;
ca8700e9 4460 p = NULL;
a57f7e2c 4461
4cb06c59 4462 char prefix[strlen(path) + 1];
ca8700e9 4463 PATH_FOREACH_PREFIX_MORE(prefix, path) {
a57f7e2c
LP		 4464 Set *x;
4465
4466 x = hashmap_get(u->manager->units_requiring_mounts_for, prefix);
4467 if (!x) {
ca8700e9 4468 _cleanup_free_ char *q = NULL;
a57f7e2c 4469
548f6937 4470 r = hashmap_ensure_allocated(&u->manager->units_requiring_mounts_for, &path_hash_ops);
742f41ad
LP		 4471 if (r < 0)
4472 return r;
a57f7e2c
LP		 4473
4474 q = strdup(prefix);
4475 if (!q)
4476 return -ENOMEM;
4477
d5099efc 4478 x = set_new(NULL);
ca8700e9 4479 if (!x)
a57f7e2c 4480 return -ENOMEM;
a57f7e2c
LP		 4481
4482 r = hashmap_put(u->manager->units_requiring_mounts_for, q, x);
4483 if (r < 0) {
a57f7e2c
LP		 4484 set_free(x);
4485 return r;
4486 }
ca8700e9 4487 q = NULL;
a57f7e2c
LP		 4488 }
4489
4490 r = set_put(x, u);
4491 if (r < 0)
4492 return r;
4493 }
4494
4495 return 0;
4496}
4497
613b411c
LP		 4498int unit_setup_exec_runtime(Unit *u) {
4499 ExecRuntime **rt;
4500 size_t offset;
613b411c 4501 Unit *other;
e8a565cb 4502 int r;
613b411c
LP		 4503
4504 offset = UNIT_VTABLE(u)->exec_runtime_offset;
4505 assert(offset > 0);
4506
06b643e7 4507 /* Check if there already is an ExecRuntime for this unit? */
613b411c
LP		 4508 rt = (ExecRuntime**) ((uint8_t*) u + offset);
4509 if (*rt)
4510 return 0;
4511
4512 /* Try to get it from somebody else */
15ed3c3a 4513 UNIT_FOREACH_DEPENDENCY(other, u, UNIT_ATOM_JOINS_NAMESPACE_OF) {
e8a565cb
YW		 4514 r = exec_runtime_acquire(u->manager, NULL, other->id, false, rt);
4515 if (r == 1)
4516 return 1;
613b411c
LP		 4517 }
4518
e8a565cb 4519 return exec_runtime_acquire(u->manager, unit_get_exec_context(u), u->id, true, rt);
613b411c
LP		 4520}
4521
29206d46
LP		 4522int unit_setup_dynamic_creds(Unit *u) {
4523 ExecContext *ec;
4524 DynamicCreds *dcreds;
4525 size_t offset;
4526
4527 assert(u);
4528
4529 offset = UNIT_VTABLE(u)->dynamic_creds_offset;
4530 assert(offset > 0);
4531 dcreds = (DynamicCreds*) ((uint8_t*) u + offset);
4532
4533 ec = unit_get_exec_context(u);
4534 assert(ec);
4535
4536 if (!ec->dynamic_user)
4537 return 0;
4538
4539 return dynamic_creds_acquire(dcreds, u->manager, ec->user, ec->group);
4540}
4541
1c2e9646
LP		 4542bool unit_type_supported(UnitType t) {
4543 if (_unlikely_(t < 0))
4544 return false;
4545 if (_unlikely_(t >= _UNIT_TYPE_MAX))
4546 return false;
4547
4548 if (!unit_vtable[t]->supported)
4549 return true;
4550
4551 return unit_vtable[t]->supported();
4552}
4553
8b4305c7
LP		 4554void unit_warn_if_dir_nonempty(Unit *u, const char* where) {
4555 int r;
4556
4557 assert(u);
4558 assert(where);
4559
c2503e35
RH		 4560 if (!unit_log_level_test(u, LOG_NOTICE))
4561 return;
4562
8b4305c7 4563 r = dir_is_empty(where);
3f602115 4564 if (r > 0 || r == -ENOTDIR)
8b4305c7
LP		 4565 return;
4566 if (r < 0) {
4567 log_unit_warning_errno(u, r, "Failed to check directory %s: %m", where);
4568 return;
4569 }
4570
c2503e35
RH		 4571 log_unit_struct(u, LOG_NOTICE,
4572 "MESSAGE_ID=" SD_MESSAGE_OVERMOUNTING_STR,
4573 LOG_UNIT_INVOCATION_ID(u),
4574 LOG_UNIT_MESSAGE(u, "Directory %s to mount over is not empty, mounting anyway.", where),
4575 "WHERE=%s", where);
8b4305c7
LP		 4576}
4577
25cd4964 4578int unit_fail_if_noncanonical(Unit *u, const char* where) {
58d9d89b 4579 _cleanup_free_ char *canonical_where = NULL;
8b4305c7
LP		 4580 int r;
4581
4582 assert(u);
4583 assert(where);
4584
a5648b80 4585 r = chase_symlinks(where, NULL, CHASE_NONEXISTENT, &canonical_where, NULL);
8b4305c7 4586 if (r < 0) {
25cd4964 4587 log_unit_debug_errno(u, r, "Failed to check %s for symlinks, ignoring: %m", where);
8b4305c7
LP		 4588 return 0;
4589 }
25cd4964
AJ		 4590
4591 /* We will happily ignore a trailing slash (or any redundant slashes) */
4592 if (path_equal(where, canonical_where))
8b4305c7
LP		 4593 return 0;
4594
25cd4964 4595 /* No need to mention "." or "..", they would already have been rejected by unit_name_from_path() */
c2503e35
RH		 4596 log_unit_struct(u, LOG_ERR,
4597 "MESSAGE_ID=" SD_MESSAGE_OVERMOUNTING_STR,
4598 LOG_UNIT_INVOCATION_ID(u),
4599 LOG_UNIT_MESSAGE(u, "Mount path %s is not canonical (contains a symlink).", where),
4600 "WHERE=%s", where);
8b4305c7
LP		 4601
4602 return -ELOOP;
4603}
0f13f3bd
LP		 4604
4605bool unit_is_pristine(Unit *u) {
4606 assert(u);
4607
7c65093a 4608 /* Check if the unit already exists or is already around,
0f13f3bd
LP		 4609 * in a number of different ways. Note that to cater for unit
4610 * types such as slice, we are generally fine with units that
e9e8cbc8
ZJS		 4611 * are marked UNIT_LOADED even though nothing was actually
4612 * loaded, as those unit types don't require a file on disk. */
0f13f3bd
LP		 4613
4614 return !(!IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_LOADED) ||
4615 u->fragment_path ||
4616 u->source_path ||
4617 !strv_isempty(u->dropin_paths) ||
0f13f3bd
LP		 4618 u->job ||
4619 u->merged_into);
4620}
291d565a
LP		 4621
4622pid_t unit_control_pid(Unit *u) {
4623 assert(u);
4624
4625 if (UNIT_VTABLE(u)->control_pid)
4626 return UNIT_VTABLE(u)->control_pid(u);
4627
4628 return 0;
4629}
4630
4631pid_t unit_main_pid(Unit *u) {
4632 assert(u);
4633
4634 if (UNIT_VTABLE(u)->main_pid)
4635 return UNIT_VTABLE(u)->main_pid(u);
4636
4637 return 0;
4638}
00d9ef85
LP		 4639
4640static void unit_unref_uid_internal(
4641 Unit *u,
4642 uid_t *ref_uid,
4643 bool destroy_now,
4644 void (*_manager_unref_uid)(Manager *m, uid_t uid, bool destroy_now)) {
4645
4646 assert(u);
4647 assert(ref_uid);
4648 assert(_manager_unref_uid);
4649
4650 /* Generic implementation of both unit_unref_uid() and unit_unref_gid(), under the assumption that uid_t and
4651 * gid_t are actually the same time, with the same validity rules.
4652 *
4653 * Drops a reference to UID/GID from a unit. */
4654
4655 assert_cc(sizeof(uid_t) == sizeof(gid_t));
4656 assert_cc(UID_INVALID == (uid_t) GID_INVALID);
4657
4658 if (!uid_is_valid(*ref_uid))
4659 return;
4660
4661 _manager_unref_uid(u->manager, *ref_uid, destroy_now);
4662 *ref_uid = UID_INVALID;
4663}
4664
b90cf102 4665static void unit_unref_uid(Unit *u, bool destroy_now) {
00d9ef85
LP		 4666 unit_unref_uid_internal(u, &u->ref_uid, destroy_now, manager_unref_uid);
4667}
4668
b90cf102 4669static void unit_unref_gid(Unit *u, bool destroy_now) {
00d9ef85
LP		 4670 unit_unref_uid_internal(u, (uid_t*) &u->ref_gid, destroy_now, manager_unref_gid);
4671}
4672
b90cf102
LP		 4673void unit_unref_uid_gid(Unit *u, bool destroy_now) {
4674 assert(u);
4675
4676 unit_unref_uid(u, destroy_now);
4677 unit_unref_gid(u, destroy_now);
4678}
4679
00d9ef85
LP		 4680static int unit_ref_uid_internal(
4681 Unit *u,
4682 uid_t *ref_uid,
4683 uid_t uid,
4684 bool clean_ipc,
4685 int (*_manager_ref_uid)(Manager *m, uid_t uid, bool clean_ipc)) {
4686
4687 int r;
4688
4689 assert(u);
4690 assert(ref_uid);
4691 assert(uid_is_valid(uid));
4692 assert(_manager_ref_uid);
4693
4694 /* Generic implementation of both unit_ref_uid() and unit_ref_guid(), under the assumption that uid_t and gid_t
4695 * are actually the same type, and have the same validity rules.
4696 *
4697 * Adds a reference on a specific UID/GID to this unit. Each unit referencing the same UID/GID maintains a
4698 * reference so that we can destroy the UID/GID's IPC resources as soon as this is requested and the counter
4699 * drops to zero. */
4700
4701 assert_cc(sizeof(uid_t) == sizeof(gid_t));
4702 assert_cc(UID_INVALID == (uid_t) GID_INVALID);
4703
4704 if (*ref_uid == uid)
4705 return 0;
4706
4707 if (uid_is_valid(*ref_uid)) /* Already set? */
4708 return -EBUSY;
4709
4710 r = _manager_ref_uid(u->manager, uid, clean_ipc);
4711 if (r < 0)
4712 return r;
4713
4714 *ref_uid = uid;
4715 return 1;
4716}
4717
b90cf102 4718static int unit_ref_uid(Unit *u, uid_t uid, bool clean_ipc) {
00d9ef85
LP		 4719 return unit_ref_uid_internal(u, &u->ref_uid, uid, clean_ipc, manager_ref_uid);
4720}
4721
b90cf102 4722static int unit_ref_gid(Unit *u, gid_t gid, bool clean_ipc) {
00d9ef85
LP		 4723 return unit_ref_uid_internal(u, (uid_t*) &u->ref_gid, (uid_t) gid, clean_ipc, manager_ref_gid);
4724}
4725
4726static int unit_ref_uid_gid_internal(Unit *u, uid_t uid, gid_t gid, bool clean_ipc) {
4727 int r = 0, q = 0;
4728
4729 assert(u);
4730
4731 /* Reference both a UID and a GID in one go. Either references both, or neither. */
4732
4733 if (uid_is_valid(uid)) {
4734 r = unit_ref_uid(u, uid, clean_ipc);
4735 if (r < 0)
4736 return r;
4737 }
4738
4739 if (gid_is_valid(gid)) {
4740 q = unit_ref_gid(u, gid, clean_ipc);
4741 if (q < 0) {
4742 if (r > 0)
4743 unit_unref_uid(u, false);
4744
4745 return q;
4746 }
4747 }
4748
4749 return r > 0 || q > 0;
4750}
4751
4752int unit_ref_uid_gid(Unit *u, uid_t uid, gid_t gid) {
4753 ExecContext *c;
4754 int r;
4755
4756 assert(u);
4757
4758 c = unit_get_exec_context(u);
4759
4760 r = unit_ref_uid_gid_internal(u, uid, gid, c ? c->remove_ipc : false);
4761 if (r < 0)
4762 return log_unit_warning_errno(u, r, "Couldn't add UID/GID reference to unit, proceeding without: %m");
4763
4764 return r;
4765}
4766
00d9ef85
LP		 4767void unit_notify_user_lookup(Unit *u, uid_t uid, gid_t gid) {
4768 int r;
4769
4770 assert(u);
4771
4772 /* This is invoked whenever one of the forked off processes let's us know the UID/GID its user name/group names
4773 * resolved to. We keep track of which UID/GID is currently assigned in order to be able to destroy its IPC
4774 * objects when no service references the UID/GID anymore. */
4775
4776 r = unit_ref_uid_gid(u, uid, gid);
4777 if (r > 0)
37d0b962 4778 unit_add_to_dbus_queue(u);
00d9ef85 4779}
4b58153d 4780
4b58153d
LP		 4781int unit_acquire_invocation_id(Unit *u) {
4782 sd_id128_t id;
4783 int r;
4784
4785 assert(u);
4786
4787 r = sd_id128_randomize(&id);
4788 if (r < 0)
4789 return log_unit_error_errno(u, r, "Failed to generate invocation ID for unit: %m");
4790
4791 r = unit_set_invocation_id(u, id);
4792 if (r < 0)
4793 return log_unit_error_errno(u, r, "Failed to set invocation ID for unit: %m");
4794
af92c603 4795 unit_add_to_dbus_queue(u);
4b58153d
LP		 4796 return 0;
4797}
f0d47797 4798
1ad6e8b3
LP		 4799int unit_set_exec_params(Unit *u, ExecParameters *p) {
4800 int r;
4801
7960b0c7
LP		 4802 assert(u);
4803 assert(p);
f0d47797 4804
004c7f16 4805 /* Copy parameters from manager */
1ad6e8b3
LP		 4806 r = manager_get_effective_environment(u->manager, &p->environment);
4807 if (r < 0)
4808 return r;
4809
004c7f16
LP		 4810 p->confirm_spawn = manager_get_confirm_spawn(u->manager);
4811 p->cgroup_supported = u->manager->cgroup_supported;
4812 p->prefix = u->manager->prefix;
4813 SET_FLAG(p->flags, EXEC_PASS_LOG_UNIT|EXEC_CHOWN_DIRECTORIES, MANAGER_IS_SYSTEM(u->manager));
4814
5238e957 4815 /* Copy parameters from unit */
7960b0c7 4816 p->cgroup_path = u->cgroup_path;
1d9cc876 4817 SET_FLAG(p->flags, EXEC_CGROUP_DELEGATE, unit_cgroup_delegate(u));
1ad6e8b3 4818
bb0c0d6f
LP		 4819 p->received_credentials = u->manager->received_credentials;
4820
1ad6e8b3 4821 return 0;
f0d47797 4822}
a79279c7 4823
4c253ed1 4824int unit_fork_helper_process(Unit *u, const char *name, pid_t *ret) {
a79279c7
LP		 4825 int r;
4826
4827 assert(u);
4828 assert(ret);
4829
4830 /* Forks off a helper process and makes sure it is a member of the unit's cgroup. Returns == 0 in the child,
4831 * and > 0 in the parent. The pid parameter is always filled in with the child's PID. */
4832
4833 (void) unit_realize_cgroup(u);
4834
4c253ed1
LP		 4835 r = safe_fork(name, FORK_REOPEN_LOG, ret);
4836 if (r != 0)
4837 return r;
a79279c7 4838
9c274488
LP		 4839 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE);
4840 (void) ignore_signals(SIGPIPE);
a79279c7 4841
4c253ed1 4842 (void) prctl(PR_SET_PDEATHSIG, SIGTERM);
a79279c7 4843
4c253ed1
LP		 4844 if (u->cgroup_path) {
4845 r = cg_attach_everywhere(u->manager->cgroup_supported, u->cgroup_path, 0, NULL, NULL);
4846 if (r < 0) {
4847 log_unit_error_errno(u, r, "Failed to join unit cgroup %s: %m", u->cgroup_path);
4848 _exit(EXIT_CGROUP);
a79279c7 4849 }
a79279c7
LP		 4850 }
4851
4c253ed1 4852 return 0;
a79279c7 4853}
c999cf38 4854
810ef318
YW		 4855int unit_fork_and_watch_rm_rf(Unit *u, char **paths, pid_t *ret_pid) {
4856 pid_t pid;
4857 int r;
4858
4859 assert(u);
4860 assert(ret_pid);
4861
4862 r = unit_fork_helper_process(u, "(sd-rmrf)", &pid);
4863 if (r < 0)
4864 return r;
4865 if (r == 0) {
4866 int ret = EXIT_SUCCESS;
4867 char **i;
4868
4869 STRV_FOREACH(i, paths) {
4870 r = rm_rf(*i, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_MISSING_OK);
4871 if (r < 0) {
4872 log_error_errno(r, "Failed to remove '%s': %m", *i);
4873 ret = EXIT_FAILURE;
4874 }
4875 }
4876
4877 _exit(ret);
4878 }
4879
4880 r = unit_watch_pid(u, pid, true);
4881 if (r < 0)
4882 return r;
4883
4884 *ret_pid = pid;
4885 return 0;
4886}
4887
15ed3c3a
LP		 4888static void unit_update_dependency_mask(Hashmap *deps, Unit *other, UnitDependencyInfo di) {
4889 assert(deps);
c999cf38
LP		 4890 assert(other);
4891
15ed3c3a 4892 if (di.origin_mask == 0 && di.destination_mask == 0)
c999cf38 4893 /* No bit set anymore, let's drop the whole entry */
15ed3c3a
LP		 4894 assert_se(hashmap_remove(deps, other));
4895 else
c999cf38 4896 /* Mask was reduced, let's update the entry */
15ed3c3a 4897 assert_se(hashmap_update(deps, other, di.data) == 0);
c999cf38
LP		 4898}
4899
4900void unit_remove_dependencies(Unit *u, UnitDependencyMask mask) {
15ed3c3a 4901 Hashmap *deps;
c999cf38
LP		 4902 assert(u);
4903
4904 /* Removes all dependencies u has on other units marked for ownership by 'mask'. */
4905
4906 if (mask == 0)
4907 return;
4908
15ed3c3a 4909 HASHMAP_FOREACH(deps, u->dependencies) {
c999cf38
LP		 4910 bool done;
4911
4912 do {
4913 UnitDependencyInfo di;
4914 Unit *other;
c999cf38
LP		 4915
4916 done = true;
4917
15ed3c3a
LP		 4918 HASHMAP_FOREACH_KEY(di.data, other, deps) {
4919 Hashmap *other_deps;
4920
1d6cc5d0 4921 if (FLAGS_SET(~mask, di.origin_mask))
c999cf38 4922 continue;
15ed3c3a 4923
c999cf38 4924 di.origin_mask &= ~mask;
15ed3c3a 4925 unit_update_dependency_mask(deps, other, di);
c999cf38
LP		 4926
4927 /* We updated the dependency from our unit to the other unit now. But most dependencies
4928 * imply a reverse dependency. Hence, let's delete that one too. For that we go through
4929 * all dependency types on the other unit and delete all those which point to us and
4930 * have the right mask set. */
4931
15ed3c3a 4932 HASHMAP_FOREACH(other_deps, other->dependencies) {
c999cf38
LP		 4933 UnitDependencyInfo dj;
4934
15ed3c3a 4935 dj.data = hashmap_get(other_deps, u);
1d6cc5d0 4936 if (FLAGS_SET(~mask, dj.destination_mask))
c999cf38 4937 continue;
c999cf38 4938
15ed3c3a
LP		 4939 dj.destination_mask &= ~mask;
4940 unit_update_dependency_mask(other_deps, u, dj);
c999cf38
LP		 4941 }
4942
4943 unit_add_to_gc_queue(other);
4944
4945 done = false;
4946 break;
4947 }
4948
4949 } while (!done);
4950 }
4951}
d3070fbd 4952
2f8c48b6
AZ		 4953static int unit_get_invocation_path(Unit *u, char **ret) {
4954 char *p;
4955 int r;
4956
4957 assert(u);
4958 assert(ret);
4959
4960 if (MANAGER_IS_SYSTEM(u->manager))
4961 p = strjoin("/run/systemd/units/invocation:", u->id);
4962 else {
4963 _cleanup_free_ char *user_path = NULL;
4964 r = xdg_user_runtime_dir(&user_path, "/systemd/units/invocation:");
4965 if (r < 0)
4966 return r;
4967 p = strjoin(user_path, u->id);
4968 }
4969
4970 if (!p)
4971 return -ENOMEM;
4972
4973 *ret = p;
4974 return 0;
4975}
4976
d3070fbd 4977static int unit_export_invocation_id(Unit *u) {
2f8c48b6 4978 _cleanup_free_ char *p = NULL;
d3070fbd
LP		 4979 int r;
4980
4981 assert(u);
4982
4983 if (u->exported_invocation_id)
4984 return 0;
4985
4986 if (sd_id128_is_null(u->invocation_id))
4987 return 0;
4988
2f8c48b6
AZ		 4989 r = unit_get_invocation_path(u, &p);
4990 if (r < 0)
4991 return log_unit_debug_errno(u, r, "Failed to get invocation path: %m");
4992
a3f5fd96 4993 r = symlink_atomic_label(u->invocation_id_string, p);
d3070fbd
LP		 4994 if (r < 0)
4995 return log_unit_debug_errno(u, r, "Failed to create invocation ID symlink %s: %m", p);
4996
4997 u->exported_invocation_id = true;
4998 return 0;
4999}
5000
5001static int unit_export_log_level_max(Unit *u, const ExecContext *c) {
5002 const char *p;
5003 char buf[2];
5004 int r;
5005
5006 assert(u);
5007 assert(c);
5008
5009 if (u->exported_log_level_max)
5010 return 0;
5011
5012 if (c->log_level_max < 0)
5013 return 0;
5014
5015 assert(c->log_level_max <= 7);
5016
5017 buf[0] = '0' + c->log_level_max;
5018 buf[1] = 0;
5019
5020 p = strjoina("/run/systemd/units/log-level-max:", u->id);
5021 r = symlink_atomic(buf, p);
5022 if (r < 0)
5023 return log_unit_debug_errno(u, r, "Failed to create maximum log level symlink %s: %m", p);
5024
5025 u->exported_log_level_max = true;
5026 return 0;
5027}
5028
5029static int unit_export_log_extra_fields(Unit *u, const ExecContext *c) {
5030 _cleanup_close_ int fd = -1;
5031 struct iovec *iovec;
5032 const char *p;
5033 char *pattern;
5034 le64_t *sizes;
5035 ssize_t n;
d3070fbd
LP		 5036 int r;
5037
5038 if (u->exported_log_extra_fields)
5039 return 0;
5040
5041 if (c->n_log_extra_fields <= 0)
5042 return 0;
5043
5044 sizes = newa(le64_t, c->n_log_extra_fields);
5045 iovec = newa(struct iovec, c->n_log_extra_fields * 2);
5046
12375b95 5047 for (size_t i = 0; i < c->n_log_extra_fields; i++) {
d3070fbd
LP		 5048 sizes[i] = htole64(c->log_extra_fields[i].iov_len);
5049
5050 iovec[i*2] = IOVEC_MAKE(sizes + i, sizeof(le64_t));
5051 iovec[i*2+1] = c->log_extra_fields[i];
5052 }
5053
5054 p = strjoina("/run/systemd/units/log-extra-fields:", u->id);
5055 pattern = strjoina(p, ".XXXXXX");
5056
5057 fd = mkostemp_safe(pattern);
5058 if (fd < 0)
5059 return log_unit_debug_errno(u, fd, "Failed to create extra fields file %s: %m", p);
5060
5061 n = writev(fd, iovec, c->n_log_extra_fields*2);
5062 if (n < 0) {
5063 r = log_unit_debug_errno(u, errno, "Failed to write extra fields: %m");
5064 goto fail;
5065 }
5066
5067 (void) fchmod(fd, 0644);
5068
5069 if (rename(pattern, p) < 0) {
5070 r = log_unit_debug_errno(u, errno, "Failed to rename extra fields file: %m");
5071 goto fail;
5072 }
5073
5074 u->exported_log_extra_fields = true;
5075 return 0;
5076
5077fail:
5078 (void) unlink(pattern);
5079 return r;
5080}
5081
5ac1530e 5082static int unit_export_log_ratelimit_interval(Unit *u, const ExecContext *c) {
90fc172e
AZ		 5083 _cleanup_free_ char *buf = NULL;
5084 const char *p;
5085 int r;
5086
5087 assert(u);
5088 assert(c);
5089
5ac1530e 5090 if (u->exported_log_ratelimit_interval)
90fc172e
AZ		 5091 return 0;
5092
5ac1530e 5093 if (c->log_ratelimit_interval_usec == 0)
90fc172e
AZ		 5094 return 0;
5095
5096 p = strjoina("/run/systemd/units/log-rate-limit-interval:", u->id);
5097
5ac1530e 5098 if (asprintf(&buf, "%" PRIu64, c->log_ratelimit_interval_usec) < 0)
90fc172e
AZ		 5099 return log_oom();
5100
5101 r = symlink_atomic(buf, p);
5102 if (r < 0)
5103 return log_unit_debug_errno(u, r, "Failed to create log rate limit interval symlink %s: %m", p);
5104
5ac1530e 5105 u->exported_log_ratelimit_interval = true;
90fc172e
AZ		 5106 return 0;
5107}
5108
5ac1530e 5109static int unit_export_log_ratelimit_burst(Unit *u, const ExecContext *c) {
90fc172e
AZ		 5110 _cleanup_free_ char *buf = NULL;
5111 const char *p;
5112 int r;
5113
5114 assert(u);
5115 assert(c);
5116
5ac1530e 5117 if (u->exported_log_ratelimit_burst)
90fc172e
AZ		 5118 return 0;
5119
5ac1530e 5120 if (c->log_ratelimit_burst == 0)
90fc172e
AZ		 5121 return 0;
5122
5123 p = strjoina("/run/systemd/units/log-rate-limit-burst:", u->id);
5124
5ac1530e 5125 if (asprintf(&buf, "%u", c->log_ratelimit_burst) < 0)
90fc172e
AZ		 5126 return log_oom();
5127
5128 r = symlink_atomic(buf, p);
5129 if (r < 0)
5130 return log_unit_debug_errno(u, r, "Failed to create log rate limit burst symlink %s: %m", p);
5131
5ac1530e 5132 u->exported_log_ratelimit_burst = true;
90fc172e
AZ		 5133 return 0;
5134}
5135
d3070fbd
LP		 5136void unit_export_state_files(Unit *u) {
5137 const ExecContext *c;
5138
5139 assert(u);
5140
5141 if (!u->id)
5142 return;
5143
638cece4 5144 if (MANAGER_IS_TEST_RUN(u->manager))
8f632531
LP		 5145 return;
5146
d3070fbd
LP		 5147 /* Exports a couple of unit properties to /run/systemd/units/, so that journald can quickly query this data
5148 * from there. Ideally, journald would use IPC to query this, like everybody else, but that's hard, as long as
5149 * the IPC system itself and PID 1 also log to the journal.
5150 *
5151 * Note that these files really shouldn't be considered API for anyone else, as use a runtime file system as
5152 * IPC replacement is not compatible with today's world of file system namespaces. However, this doesn't really
5153 * apply to communication between the journal and systemd, as we assume that these two daemons live in the same
5154 * namespace at least.
5155 *
5156 * Note that some of the "files" exported here are actually symlinks and not regular files. Symlinks work
5157 * better for storing small bits of data, in particular as we can write them with two system calls, and read
5158 * them with one. */
5159
5160 (void) unit_export_invocation_id(u);
5161
2f8c48b6
AZ		 5162 if (!MANAGER_IS_SYSTEM(u->manager))
5163 return;
5164
d3070fbd
LP		 5165 c = unit_get_exec_context(u);
5166 if (c) {
5167 (void) unit_export_log_level_max(u, c);
5168 (void) unit_export_log_extra_fields(u, c);
5ac1530e
ZJS		 5169 (void) unit_export_log_ratelimit_interval(u, c);
5170 (void) unit_export_log_ratelimit_burst(u, c);
d3070fbd
LP		 5171 }
5172}
5173
5174void unit_unlink_state_files(Unit *u) {
5175 const char *p;
5176
5177 assert(u);
5178
5179 if (!u->id)
5180 return;
5181
d3070fbd
LP		 5182 /* Undoes the effect of unit_export_state() */
5183
5184 if (u->exported_invocation_id) {
2f8c48b6
AZ		 5185 _cleanup_free_ char *invocation_path = NULL;
5186 int r = unit_get_invocation_path(u, &invocation_path);
5187 if (r >= 0) {
5188 (void) unlink(invocation_path);
5189 u->exported_invocation_id = false;
5190 }
d3070fbd
LP		 5191 }
5192
2f8c48b6
AZ		 5193 if (!MANAGER_IS_SYSTEM(u->manager))
5194 return;
5195
d3070fbd
LP		 5196 if (u->exported_log_level_max) {
5197 p = strjoina("/run/systemd/units/log-level-max:", u->id);
5198 (void) unlink(p);
5199
5200 u->exported_log_level_max = false;
5201 }
5202
5203 if (u->exported_log_extra_fields) {
5204 p = strjoina("/run/systemd/units/extra-fields:", u->id);
5205 (void) unlink(p);
5206
5207 u->exported_log_extra_fields = false;
5208 }
90fc172e 5209
5ac1530e 5210 if (u->exported_log_ratelimit_interval) {
90fc172e
AZ		 5211 p = strjoina("/run/systemd/units/log-rate-limit-interval:", u->id);
5212 (void) unlink(p);
5213
5ac1530e 5214 u->exported_log_ratelimit_interval = false;
90fc172e
AZ		 5215 }
5216
5ac1530e 5217 if (u->exported_log_ratelimit_burst) {
90fc172e
AZ		 5218 p = strjoina("/run/systemd/units/log-rate-limit-burst:", u->id);
5219 (void) unlink(p);
5220
5ac1530e 5221 u->exported_log_ratelimit_burst = false;
90fc172e 5222 }
d3070fbd 5223}
5afe510c 5224
3c7416b6
LP		 5225int unit_prepare_exec(Unit *u) {
5226 int r;
5227
5228 assert(u);
5229
fab34748
KL		 5230 /* Load any custom firewall BPF programs here once to test if they are existing and actually loadable.
5231 * Fail here early since later errors in the call chain unit_realize_cgroup to cgroup_context_apply are ignored. */
5232 r = bpf_firewall_load_custom(u);
5233 if (r < 0)
5234 return r;
5235
3c7416b6
LP		 5236 /* Prepares everything so that we can fork of a process for this unit */
5237
5238 (void) unit_realize_cgroup(u);
5239
5240 if (u->reset_accounting) {
9b2559a1 5241 (void) unit_reset_accounting(u);
3c7416b6
LP		 5242 u->reset_accounting = false;
5243 }
5244
5245 unit_export_state_files(u);
5246
5247 r = unit_setup_exec_runtime(u);
5248 if (r < 0)
5249 return r;
5250
5251 r = unit_setup_dynamic_creds(u);
5252 if (r < 0)
5253 return r;
5254
5255 return 0;
5256}
5257
4c425434
LP		 5258static bool ignore_leftover_process(const char *comm) {
5259 return comm && comm[0] == '('; /* Most likely our own helper process (PAM?), ignore */
5260}
5261
5262int unit_log_leftover_process_start(pid_t pid, int sig, void *userdata) {
a4634b21
LP		 5263 _cleanup_free_ char *comm = NULL;
5264
5265 (void) get_process_comm(pid, &comm);
5266
4c425434 5267 if (ignore_leftover_process(comm))
c53d2d54 5268 return 0;
a4634b21 5269
4c425434
LP		 5270 /* During start we print a warning */
5271
a4634b21
LP		 5272 log_unit_warning(userdata,
5273 "Found left-over process " PID_FMT " (%s) in control group while starting unit. Ignoring.\n"
5274 "This usually indicates unclean termination of a previous run, or service implementation deficiencies.",
5275 pid, strna(comm));
c53d2d54
DB		 5276
5277 return 1;
a4634b21
LP		 5278}
5279
4c425434
LP		 5280int unit_log_leftover_process_stop(pid_t pid, int sig, void *userdata) {
5281 _cleanup_free_ char *comm = NULL;
5282
5283 (void) get_process_comm(pid, &comm);
5284
5285 if (ignore_leftover_process(comm))
5286 return 0;
5287
5288 /* During stop we only print an informational message */
5289
5290 log_unit_info(userdata,
5291 "Unit process " PID_FMT " (%s) remains running after unit stopped.",
5292 pid, strna(comm));
5293
5294 return 1;
5295}
5296
5297int unit_warn_leftover_processes(Unit *u, cg_kill_log_func_t log_func) {
a4634b21
LP		 5298 assert(u);
5299
5300 (void) unit_pick_cgroup_path(u);
5301
5302 if (!u->cgroup_path)
c53d2d54 5303 return 0;
a4634b21 5304
4c425434 5305 return cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, 0, 0, NULL, log_func, u);
a4634b21
LP		 5306}
5307
bb2c7685
LP		 5308bool unit_needs_console(Unit *u) {
5309 ExecContext *ec;
5310 UnitActiveState state;
5311
5312 assert(u);
5313
5314 state = unit_active_state(u);
5315
5316 if (UNIT_IS_INACTIVE_OR_FAILED(state))
5317 return false;
5318
5319 if (UNIT_VTABLE(u)->needs_console)
5320 return UNIT_VTABLE(u)->needs_console(u);
5321
5322 /* If this unit type doesn't implement this call, let's use a generic fallback implementation: */
5323 ec = unit_get_exec_context(u);
5324 if (!ec)
5325 return false;
5326
5327 return exec_context_may_touch_console(ec);
5328}
5329
f156e60c 5330const char *unit_label_path(const Unit *u) {
81e9871e
LP		 5331 const char *p;
5332
f156e60c
CG		 5333 assert(u);
5334
81e9871e
LP		 5335 /* Returns the file system path to use for MAC access decisions, i.e. the file to read the SELinux label off
5336 * when validating access checks. */
5337
5338 p = u->source_path ?: u->fragment_path;
5339 if (!p)
5340 return NULL;
5341
5342 /* If a unit is masked, then don't read the SELinux label of /dev/null, as that really makes no sense */
640f3b14 5343 if (null_or_empty_path(p) > 0)
81e9871e
LP		 5344 return NULL;
5345
5346 return p;
5347}
5348
6592b975
LP		 5349int unit_pid_attachable(Unit *u, pid_t pid, sd_bus_error *error) {
5350 int r;
5351
5352 assert(u);
5353
5354 /* Checks whether the specified PID is generally good for attaching, i.e. a valid PID, not our manager itself,
5355 * and not a kernel thread either */
5356
5357 /* First, a simple range check */
5358 if (!pid_is_valid(pid))
5359 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Process identifier " PID_FMT " is not valid.", pid);
5360
5361 /* Some extra safety check */
5362 if (pid == 1 || pid == getpid_cached())
3fe91079 5363 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Process " PID_FMT " is a manager process, refusing.", pid);
6592b975
LP		 5364
5365 /* Don't even begin to bother with kernel threads */
5366 r = is_kernel_thread(pid);
5367 if (r == -ESRCH)
5368 return sd_bus_error_setf(error, SD_BUS_ERROR_UNIX_PROCESS_ID_UNKNOWN, "Process with ID " PID_FMT " does not exist.", pid);
5369 if (r < 0)
5370 return sd_bus_error_set_errnof(error, r, "Failed to determine whether process " PID_FMT " is a kernel thread: %m", pid);
5371 if (r > 0)
5372 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Process " PID_FMT " is a kernel thread, refusing.", pid);
5373
5374 return 0;
5375}
5376
523ee2d4
LP		 5377void unit_log_success(Unit *u) {
5378 assert(u);
5379
c2503e35
RH		 5380 log_unit_struct(u, LOG_INFO,
5381 "MESSAGE_ID=" SD_MESSAGE_UNIT_SUCCESS_STR,
5382 LOG_UNIT_INVOCATION_ID(u),
5383 LOG_UNIT_MESSAGE(u, "Deactivated successfully."));
523ee2d4
LP		 5384}
5385
7c047d74
LP		 5386void unit_log_failure(Unit *u, const char *result) {
5387 assert(u);
5388 assert(result);
5389
c2503e35
RH		 5390 log_unit_struct(u, LOG_WARNING,
5391 "MESSAGE_ID=" SD_MESSAGE_UNIT_FAILURE_RESULT_STR,
5392 LOG_UNIT_INVOCATION_ID(u),
5393 LOG_UNIT_MESSAGE(u, "Failed with result '%s'.", result),
5394 "UNIT_RESULT=%s", result);
7c047d74
LP		 5395}
5396
31cd5f63
AZ		 5397void unit_log_skip(Unit *u, const char *result) {
5398 assert(u);
5399 assert(result);
5400
c2503e35
RH		 5401 log_unit_struct(u, LOG_INFO,
5402 "MESSAGE_ID=" SD_MESSAGE_UNIT_SKIPPED_STR,
5403 LOG_UNIT_INVOCATION_ID(u),
5404 LOG_UNIT_MESSAGE(u, "Skipped due to '%s'.", result),
5405 "UNIT_RESULT=%s", result);
31cd5f63
AZ		 5406}
5407
91bbd9b7
LP		 5408void unit_log_process_exit(
5409 Unit *u,
91bbd9b7
LP		 5410 const char *kind,
5411 const char *command,
5cc2cd1c 5412 bool success,
91bbd9b7
LP		 5413 int code,
5414 int status) {
5415
5cc2cd1c
ZJS		 5416 int level;
5417
91bbd9b7
LP		 5418 assert(u);
5419 assert(kind);
5420
5cc2cd1c
ZJS		 5421 /* If this is a successful exit, let's log about the exit code on DEBUG level. If this is a failure
5422 * and the process exited on its own via exit(), then let's make this a NOTICE, under the assumption
5423 * that the service already logged the reason at a higher log level on its own. Otherwise, make it a
5424 * WARNING. */
5425 if (success)
5426 level = LOG_DEBUG;
5427 else if (code == CLD_EXITED)
5428 level = LOG_NOTICE;
5429 else
91bbd9b7
LP		 5430 level = LOG_WARNING;
5431
c2503e35
RH		 5432 log_unit_struct(u, level,
5433 "MESSAGE_ID=" SD_MESSAGE_UNIT_PROCESS_EXIT_STR,
5434 LOG_UNIT_MESSAGE(u, "%s exited, code=%s, status=%i/%s",
5435 kind,
5436 sigchld_code_to_string(code), status,
5437 strna(code == CLD_EXITED
5438 ? exit_status_to_string(status, EXIT_STATUS_FULL)
5439 : signal_to_string(status))),
5440 "EXIT_CODE=%s", sigchld_code_to_string(code),
5441 "EXIT_STATUS=%i", status,
5442 "COMMAND=%s", strna(command),
5443 LOG_UNIT_INVOCATION_ID(u));
91bbd9b7
LP		 5444}
5445
7af67e9a
LP		 5446int unit_exit_status(Unit *u) {
5447 assert(u);
5448
5449 /* Returns the exit status to propagate for the most recent cycle of this unit. Returns a value in the range
5450 * 0…255 if there's something to propagate. EOPNOTSUPP if the concept does not apply to this unit type, ENODATA
5451 * if no data is currently known (for example because the unit hasn't deactivated yet) and EBADE if the main
5452 * service process has exited abnormally (signal/coredump). */
5453
5454 if (!UNIT_VTABLE(u)->exit_status)
5455 return -EOPNOTSUPP;
5456
5457 return UNIT_VTABLE(u)->exit_status(u);
5458}
5459
5460int unit_failure_action_exit_status(Unit *u) {
5461 int r;
5462
5463 assert(u);
5464
5465 /* Returns the exit status to propagate on failure, or an error if there's nothing to propagate */
5466
5467 if (u->failure_action_exit_status >= 0)
5468 return u->failure_action_exit_status;
5469
5470 r = unit_exit_status(u);
5471 if (r == -EBADE) /* Exited, but not cleanly (i.e. by signal or such) */
5472 return 255;
5473
5474 return r;
5475}
5476
5477int unit_success_action_exit_status(Unit *u) {
5478 int r;
5479
5480 assert(u);
5481
5482 /* Returns the exit status to propagate on success, or an error if there's nothing to propagate */
5483
5484 if (u->success_action_exit_status >= 0)
5485 return u->success_action_exit_status;
5486
5487 r = unit_exit_status(u);
5488 if (r == -EBADE) /* Exited, but not cleanly (i.e. by signal or such) */
5489 return 255;
5490
5491 return r;
5492}
5493
a4191c9f
LP		 5494int unit_test_trigger_loaded(Unit *u) {
5495 Unit *trigger;
5496
5497 /* Tests whether the unit to trigger is loaded */
5498
5499 trigger = UNIT_TRIGGER(u);
5500 if (!trigger)
e7b9f4d9
ZJS		 5501 return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOENT),
5502 "Refusing to start, no unit to trigger.");
a4191c9f 5503 if (trigger->load_state != UNIT_LOADED)
e7b9f4d9
ZJS		 5504 return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOENT),
5505 "Refusing to start, unit %s to trigger not loaded.", trigger->id);
a4191c9f
LP		 5506
5507 return 0;
5508}
5509
bb0c0d6f
LP		 5510void unit_destroy_runtime_data(Unit *u, const ExecContext *context) {
5511 assert(u);
5512 assert(context);
5513
95939aed
YW		 5514 if (context->runtime_directory_preserve_mode == EXEC_PRESERVE_NO ||
5515 (context->runtime_directory_preserve_mode == EXEC_PRESERVE_RESTART && !unit_will_restart(u)))
5516 exec_context_destroy_runtime_directory(context, u->manager->prefix[EXEC_DIRECTORY_RUNTIME]);
bb0c0d6f
LP		 5517
5518 exec_context_destroy_credentials(context, u->manager->prefix[EXEC_DIRECTORY_RUNTIME], u->id);
95939aed
YW		 5519}
5520
380dc8b0
LP		 5521int unit_clean(Unit *u, ExecCleanMask mask) {
5522 UnitActiveState state;
5523
5524 assert(u);
5525
5526 /* Special return values:
5527 *
5528 * -EOPNOTSUPP → cleaning not supported for this unit type
5529 * -EUNATCH → cleaning not defined for this resource type
5530 * -EBUSY → unit currently can't be cleaned since it's running or not properly loaded, or has
5531 * a job queued or similar
5532 */
5533
5534 if (!UNIT_VTABLE(u)->clean)
5535 return -EOPNOTSUPP;
5536
5537 if (mask == 0)
5538 return -EUNATCH;
5539
5540 if (u->load_state != UNIT_LOADED)
5541 return -EBUSY;
5542
5543 if (u->job)
5544 return -EBUSY;
5545
5546 state = unit_active_state(u);
5547 if (!IN_SET(state, UNIT_INACTIVE))
5548 return -EBUSY;
5549
5550 return UNIT_VTABLE(u)->clean(u, mask);
5551}
5552
5553int unit_can_clean(Unit *u, ExecCleanMask *ret) {
5554 assert(u);
5555
5556 if (!UNIT_VTABLE(u)->clean ||
5557 u->load_state != UNIT_LOADED) {
5558 *ret = 0;
5559 return 0;
5560 }
5561
5562 /* When the clean() method is set, can_clean() really should be set too */
5563 assert(UNIT_VTABLE(u)->can_clean);
5564
5565 return UNIT_VTABLE(u)->can_clean(u, ret);
5566}
5567
d9e45bc3
MS		 5568bool unit_can_freeze(Unit *u) {
5569 assert(u);
5570
5571 if (UNIT_VTABLE(u)->can_freeze)
5572 return UNIT_VTABLE(u)->can_freeze(u);
5573
5574 return UNIT_VTABLE(u)->freeze;
5575}
5576
5577void unit_frozen(Unit *u) {
5578 assert(u);
5579
5580 u->freezer_state = FREEZER_FROZEN;
5581
5582 bus_unit_send_pending_freezer_message(u);
5583}
5584
5585void unit_thawed(Unit *u) {
5586 assert(u);
5587
5588 u->freezer_state = FREEZER_RUNNING;
5589
5590 bus_unit_send_pending_freezer_message(u);
5591}
5592
5593static int unit_freezer_action(Unit *u, FreezerAction action) {
5594 UnitActiveState s;
5595 int (*method)(Unit*);
5596 int r;
5597
5598 assert(u);
5599 assert(IN_SET(action, FREEZER_FREEZE, FREEZER_THAW));
5600
5601 method = action == FREEZER_FREEZE ? UNIT_VTABLE(u)->freeze : UNIT_VTABLE(u)->thaw;
5602 if (!method || !cg_freezer_supported())
5603 return -EOPNOTSUPP;
5604
5605 if (u->job)
5606 return -EBUSY;
5607
5608 if (u->load_state != UNIT_LOADED)
5609 return -EHOSTDOWN;
5610
5611 s = unit_active_state(u);
5612 if (s != UNIT_ACTIVE)
5613 return -EHOSTDOWN;
5614
5615 if (IN_SET(u->freezer_state, FREEZER_FREEZING, FREEZER_THAWING))
5616 return -EALREADY;
5617
5618 r = method(u);
5619 if (r <= 0)
5620 return r;
5621
5622 return 1;
5623}
5624
5625int unit_freeze(Unit *u) {
5626 return unit_freezer_action(u, FREEZER_FREEZE);
5627}
5628
5629int unit_thaw(Unit *u) {
5630 return unit_freezer_action(u, FREEZER_THAW);
5631}
5632
5633/* Wrappers around low-level cgroup freezer operations common for service and scope units */
5634int unit_freeze_vtable_common(Unit *u) {
5635 return unit_cgroup_freezer_action(u, FREEZER_FREEZE);
5636}
5637
5638int unit_thaw_vtable_common(Unit *u) {
5639 return unit_cgroup_freezer_action(u, FREEZER_THAW);
5640}
5641
5afe510c
LP		 5642static const char* const collect_mode_table[_COLLECT_MODE_MAX] = {
5643 [COLLECT_INACTIVE] = "inactive",
5644 [COLLECT_INACTIVE_OR_FAILED] = "inactive-or-failed",
5645};
5646
5647DEFINE_STRING_TABLE_LOOKUP(collect_mode, CollectMode);
15ed3c3a
LP		 5648
5649Unit* unit_has_dependency(const Unit *u, UnitDependencyAtom atom, Unit *other) {
5650 Unit *i;
5651
5652 assert(u);
5653
5654 /* Checks if the unit has a dependency on 'other' with the specified dependency atom. If 'other' is
5655 * NULL checks if the unit has *any* dependency of that atom. Returns 'other' if found (or if 'other'
5656 * is NULL the first entry found), or NULL if not found. */
5657
5658 UNIT_FOREACH_DEPENDENCY(i, u, atom)
5659 if (!other || other == i)
5660 return i;
5661
5662 return NULL;
5663}
5664
5665int unit_get_dependency_array(const Unit *u, UnitDependencyAtom atom, Unit ***ret_array) {
5666 _cleanup_free_ Unit **array = NULL;
5667 size_t n = 0;
5668 Unit *other;
5669
5670 assert(u);
5671 assert(ret_array);
5672
5673 /* Gets a list of units matching a specific atom as array. This is useful when iterating through
5674 * dependencies while modifying them: the array is an "atomic snapshot" of sorts, that can be read
5675 * while the dependency table is continously updated. */
5676
5677 UNIT_FOREACH_DEPENDENCY(other, u, atom) {
5678 if (!GREEDY_REALLOC(array, n + 1))
5679 return -ENOMEM;
5680
5681 array[n++] = other;
5682 }
5683
5684 *ret_array = TAKE_PTR(array);
5685
5686 assert(n <= INT_MAX);
5687 return (int) n;
5688}
Unnamed repository; edit this file 'description' to name the repository.