| | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
| | 2 | |
| | 3 | #include "af-list.h" |
| | 4 | #include "alloc-util.h" |
| | 5 | #include "bpf-program.h" |
| | 6 | #include "bus-get-properties.h" |
| | 7 | #include "bus-message-util.h" |
| | 8 | #include "cgroup.h" |
| | 9 | #include "cgroup-util.h" |
| | 10 | #include "dbus-cgroup.h" |
| | 11 | #include "escape.h" |
| | 12 | #include "firewall-util.h" |
| | 13 | #include "in-addr-prefix-util.h" |
| | 14 | #include "limits-util.h" |
| | 15 | #include "manager.h" |
| | 16 | #include "memstream-util.h" |
| | 17 | #include "parse-util.h" |
| | 18 | #include "path-util.h" |
| | 19 | #include "percent-util.h" |
| | 20 | #include "set.h" |
| | 21 | #include "socket-util.h" |
| | 22 | #include "string-util.h" |
| | 23 | #include "strv.h" |
| | 24 | #include "varlink.h" |
| | 25 | |
| | 26 | BUS_DEFINE_PROPERTY_GET(bus_property_get_tasks_max, "t", CGroupTasksMax, cgroup_tasks_max_resolve); |
| | 27 | BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_cgroup_pressure_watch, cgroup_pressure_watch, CGroupPressureWatch); |
| | 28 | |
| | 29 | static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_cgroup_device_policy, cgroup_device_policy, CGroupDevicePolicy); |
| | 30 | static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_managed_oom_mode, managed_oom_mode, ManagedOOMMode); |
| | 31 | static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_managed_oom_preference, managed_oom_preference, ManagedOOMPreference); |
| | 32 | |
| | 33 | static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_blockio_ast, "a(st)", 0); |
| | 34 | |
| | 35 | static int property_get_cgroup_mask( |
| | 36 | sd_bus *bus, |
| | 37 | const char *path, |
| | 38 | const char *interface, |
| | 39 | const char *property, |
| | 40 | sd_bus_message *reply, |
| | 41 | void *userdata, |
| | 42 | sd_bus_error *error) { |
| | 43 | |
| | 44 | CGroupMask *mask = userdata; |
| | 45 | int r; |
| | 46 | |
| | 47 | assert(bus); |
| | 48 | assert(reply); |
| | 49 | |
| | 50 | r = sd_bus_message_open_container(reply, 'a', "s"); |
| | 51 | if (r < 0) |
| | 52 | return r; |
| | 53 | |
| | 54 | for (CGroupController ctrl = 0; ctrl < _CGROUP_CONTROLLER_MAX; ctrl++) { |
| | 55 | if ((*mask & CGROUP_CONTROLLER_TO_MASK(ctrl)) == 0) |
| | 56 | continue; |
| | 57 | |
| | 58 | r = sd_bus_message_append(reply, "s", cgroup_controller_to_string(ctrl)); |
| | 59 | if (r < 0) |
| | 60 | return r; |
| | 61 | } |
| | 62 | |
| | 63 | return sd_bus_message_close_container(reply); |
| | 64 | } |
| | 65 | |
| | 66 | static int property_get_delegate_controllers( |
| | 67 | sd_bus *bus, |
| | 68 | const char *path, |
| | 69 | const char *interface, |
| | 70 | const char *property, |
| | 71 | sd_bus_message *reply, |
| | 72 | void *userdata, |
| | 73 | sd_bus_error *error) { |
| | 74 | |
| | 75 | CGroupContext *c = ASSERT_PTR(userdata); |
| | 76 | |
| | 77 | assert(bus); |
| | 78 | assert(reply); |
| | 79 | |
| | 80 | if (!c->delegate) |
| | 81 | return sd_bus_message_append(reply, "as", 0); |
| | 82 | |
| | 83 | return property_get_cgroup_mask(bus, path, interface, property, reply, &c->delegate_controllers, error); |
| | 84 | } |
| | 85 | |
| | 86 | static int property_get_cpuset( |
| | 87 | sd_bus *bus, |
| | 88 | const char *path, |
| | 89 | const char *interface, |
| | 90 | const char *property, |
| | 91 | sd_bus_message *reply, |
| | 92 | void *userdata, |
| | 93 | sd_bus_error *error) { |
| | 94 | |
| | 95 | CPUSet *cpus = ASSERT_PTR(userdata); |
| | 96 | _cleanup_free_ uint8_t *array = NULL; |
| | 97 | size_t allocated; |
| | 98 | |
| | 99 | assert(bus); |
| | 100 | assert(reply); |
| | 101 | |
| | 102 | (void) cpu_set_to_dbus(cpus, &array, &allocated); |
| | 103 | return sd_bus_message_append_array(reply, 'y', array, allocated); |
| | 104 | } |
| | 105 | |
| | 106 | static int property_get_io_device_weight( |
| | 107 | sd_bus *bus, |
| | 108 | const char *path, |
| | 109 | const char *interface, |
| | 110 | const char *property, |
| | 111 | sd_bus_message *reply, |
| | 112 | void *userdata, |
| | 113 | sd_bus_error *error) { |
| | 114 | |
| | 115 | CGroupContext *c = ASSERT_PTR(userdata); |
| | 116 | int r; |
| | 117 | |
| | 118 | assert(bus); |
| | 119 | assert(reply); |
| | 120 | |
| | 121 | r = sd_bus_message_open_container(reply, 'a', "(st)"); |
| | 122 | if (r < 0) |
| | 123 | return r; |
| | 124 | |
| | 125 | LIST_FOREACH(device_weights, w, c->io_device_weights) { |
| | 126 | r = sd_bus_message_append(reply, "(st)", w->path, w->weight); |
| | 127 | if (r < 0) |
| | 128 | return r; |
| | 129 | } |
| | 130 | |
| | 131 | return sd_bus_message_close_container(reply); |
| | 132 | } |
| | 133 | |
| | 134 | static int property_get_io_device_limits( |
| | 135 | sd_bus *bus, |
| | 136 | const char *path, |
| | 137 | const char *interface, |
| | 138 | const char *property, |
| | 139 | sd_bus_message *reply, |
| | 140 | void *userdata, |
| | 141 | sd_bus_error *error) { |
| | 142 | |
| | 143 | CGroupContext *c = ASSERT_PTR(userdata); |
| | 144 | int r; |
| | 145 | |
| | 146 | assert(bus); |
| | 147 | assert(reply); |
| | 148 | |
| | 149 | r = sd_bus_message_open_container(reply, 'a', "(st)"); |
| | 150 | if (r < 0) |
| | 151 | return r; |
| | 152 | |
| | 153 | LIST_FOREACH(device_limits, l, c->io_device_limits) { |
| | 154 | CGroupIOLimitType type; |
| | 155 | |
| | 156 | type = cgroup_io_limit_type_from_string(property); |
| | 157 | if (type < 0 || l->limits[type] == cgroup_io_limit_defaults[type]) |
| | 158 | continue; |
| | 159 | |
| | 160 | r = sd_bus_message_append(reply, "(st)", l->path, l->limits[type]); |
| | 161 | if (r < 0) |
| | 162 | return r; |
| | 163 | } |
| | 164 | |
| | 165 | return sd_bus_message_close_container(reply); |
| | 166 | } |
| | 167 | |
| | 168 | static int property_get_io_device_latency( |
| | 169 | sd_bus *bus, |
| | 170 | const char *path, |
| | 171 | const char *interface, |
| | 172 | const char *property, |
| | 173 | sd_bus_message *reply, |
| | 174 | void *userdata, |
| | 175 | sd_bus_error *error) { |
| | 176 | |
| | 177 | CGroupContext *c = ASSERT_PTR(userdata); |
| | 178 | int r; |
| | 179 | |
| | 180 | assert(bus); |
| | 181 | assert(reply); |
| | 182 | |
| | 183 | r = sd_bus_message_open_container(reply, 'a', "(st)"); |
| | 184 | if (r < 0) |
| | 185 | return r; |
| | 186 | |
| | 187 | LIST_FOREACH(device_latencies, l, c->io_device_latencies) { |
| | 188 | r = sd_bus_message_append(reply, "(st)", l->path, l->target_usec); |
| | 189 | if (r < 0) |
| | 190 | return r; |
| | 191 | } |
| | 192 | |
| | 193 | return sd_bus_message_close_container(reply); |
| | 194 | } |
| | 195 | |
| | 196 | static int property_get_device_allow( |
| | 197 | sd_bus *bus, |
| | 198 | const char *path, |
| | 199 | const char *interface, |
| | 200 | const char *property, |
| | 201 | sd_bus_message *reply, |
| | 202 | void *userdata, |
| | 203 | sd_bus_error *error) { |
| | 204 | |
| | 205 | CGroupContext *c = ASSERT_PTR(userdata); |
| | 206 | int r; |
| | 207 | |
| | 208 | assert(bus); |
| | 209 | assert(reply); |
| | 210 | |
| | 211 | r = sd_bus_message_open_container(reply, 'a', "(ss)"); |
| | 212 | if (r < 0) |
| | 213 | return r; |
| | 214 | |
| | 215 | LIST_FOREACH(device_allow, a, c->device_allow) { |
| | 216 | r = sd_bus_message_append(reply, "(ss)", a->path, cgroup_device_permissions_to_string(a->permissions)); |
| | 217 | if (r < 0) |
| | 218 | return r; |
| | 219 | } |
| | 220 | |
| | 221 | return sd_bus_message_close_container(reply); |
| | 222 | } |
| | 223 | |
| | 224 | static int property_get_ip_address_access( |
| | 225 | sd_bus *bus, |
| | 226 | const char *path, |
| | 227 | const char *interface, |
| | 228 | const char *property, |
| | 229 | sd_bus_message *reply, |
| | 230 | void *userdata, |
| | 231 | sd_bus_error *error) { |
| | 232 | |
| | 233 | Set **prefixes = ASSERT_PTR(userdata); |
| | 234 | struct in_addr_prefix *i; |
| | 235 | int r; |
| | 236 | |
| | 237 | r = sd_bus_message_open_container(reply, 'a', "(iayu)"); |
| | 238 | if (r < 0) |
| | 239 | return r; |
| | 240 | |
| | 241 | SET_FOREACH(i, *prefixes) { |
| | 242 | |
| | 243 | r = sd_bus_message_open_container(reply, 'r', "iayu"); |
| | 244 | if (r < 0) |
| | 245 | return r; |
| | 246 | |
| | 247 | r = sd_bus_message_append(reply, "i", i->family); |
| | 248 | if (r < 0) |
| | 249 | return r; |
| | 250 | |
| | 251 | r = sd_bus_message_append_array(reply, 'y', &i->address, FAMILY_ADDRESS_SIZE(i->family)); |
| | 252 | if (r < 0) |
| | 253 | return r; |
| | 254 | |
| | 255 | r = sd_bus_message_append(reply, "u", (uint32_t) i->prefixlen); |
| | 256 | if (r < 0) |
| | 257 | return r; |
| | 258 | |
| | 259 | r = sd_bus_message_close_container(reply); |
| | 260 | if (r < 0) |
| | 261 | return r; |
| | 262 | } |
| | 263 | |
| | 264 | return sd_bus_message_close_container(reply); |
| | 265 | } |
| | 266 | |
| | 267 | static int property_get_bpf_foreign_program( |
| | 268 | sd_bus *bus, |
| | 269 | const char *path, |
| | 270 | const char *interface, |
| | 271 | const char *property, |
| | 272 | sd_bus_message *reply, |
| | 273 | void *userdata, |
| | 274 | sd_bus_error *error) { |
| | 275 | CGroupContext *c = userdata; |
| | 276 | int r; |
| | 277 | |
| | 278 | r = sd_bus_message_open_container(reply, 'a', "(ss)"); |
| | 279 | if (r < 0) |
| | 280 | return r; |
| | 281 | |
| | 282 | LIST_FOREACH(programs, p, c->bpf_foreign_programs) { |
| | 283 | const char *attach_type = bpf_cgroup_attach_type_to_string(p->attach_type); |
| | 284 | |
| | 285 | r = sd_bus_message_append(reply, "(ss)", attach_type, p->bpffs_path); |
| | 286 | if (r < 0) |
| | 287 | return r; |
| | 288 | } |
| | 289 | |
| | 290 | return sd_bus_message_close_container(reply); |
| | 291 | } |
| | 292 | |
| | 293 | static int property_get_socket_bind( |
| | 294 | sd_bus *bus, |
| | 295 | const char *path, |
| | 296 | const char *interface, |
| | 297 | const char *property, |
| | 298 | sd_bus_message *reply, |
| | 299 | void *userdata, |
| | 300 | sd_bus_error *error) { |
| | 301 | |
| | 302 | CGroupSocketBindItem **items = ASSERT_PTR(userdata); |
| | 303 | int r; |
| | 304 | |
| | 305 | r = sd_bus_message_open_container(reply, 'a', "(iiqq)"); |
| | 306 | if (r < 0) |
| | 307 | return r; |
| | 308 | |
| | 309 | LIST_FOREACH(socket_bind_items, i, *items) { |
| | 310 | r = sd_bus_message_append(reply, "(iiqq)", i->address_family, i->ip_protocol, i->nr_ports, i->port_min); |
| | 311 | if (r < 0) |
| | 312 | return r; |
| | 313 | } |
| | 314 | |
| | 315 | return sd_bus_message_close_container(reply); |
| | 316 | } |
| | 317 | |
| | 318 | static int property_get_restrict_network_interfaces( |
| | 319 | sd_bus *bus, |
| | 320 | const char *path, |
| | 321 | const char *interface, |
| | 322 | const char *property, |
| | 323 | sd_bus_message *reply, |
| | 324 | void *userdata, |
| | 325 | sd_bus_error *error) { |
| | 326 | |
| | 327 | CGroupContext *c = ASSERT_PTR(userdata); |
| | 328 | int r; |
| | 329 | |
| | 330 | assert(bus); |
| | 331 | assert(reply); |
| | 332 | |
| | 333 | r = sd_bus_message_open_container(reply, 'r', "bas"); |
| | 334 | if (r < 0) |
| | 335 | return r; |
| | 336 | |
| | 337 | r = sd_bus_message_append(reply, "b", c->restrict_network_interfaces_is_allow_list); |
| | 338 | if (r < 0) |
| | 339 | return r; |
| | 340 | |
| | 341 | r = bus_message_append_string_set(reply, c->restrict_network_interfaces); |
| | 342 | if (r < 0) |
| | 343 | return r; |
| | 344 | |
| | 345 | return sd_bus_message_close_container(reply); |
| | 346 | } |
| | 347 | |
| | 348 | static int property_get_cgroup_nft_set( |
| | 349 | sd_bus *bus, |
| | 350 | const char *path, |
| | 351 | const char *interface, |
| | 352 | const char *property, |
| | 353 | sd_bus_message *reply, |
| | 354 | void *userdata, |
| | 355 | sd_bus_error *error) { |
| | 356 | int r; |
| | 357 | CGroupContext *c = userdata; |
| | 358 | |
| | 359 | assert(bus); |
| | 360 | assert(reply); |
| | 361 | assert(c); |
| | 362 | |
| | 363 | r = sd_bus_message_open_container(reply, 'a', "(iiss)"); |
| | 364 | if (r < 0) |
| | 365 | return r; |
| | 366 | |
| | 367 | FOREACH_ARRAY(nft_set, c->nft_set_context.sets, c->nft_set_context.n_sets) { |
| | 368 | r = sd_bus_message_append(reply, "(iiss)", nft_set->source, nft_set->nfproto, nft_set->table, nft_set->set); |
| | 369 | if (r < 0) |
| | 370 | return r; |
| | 371 | } |
| | 372 | |
| | 373 | return sd_bus_message_close_container(reply); |
| | 374 | } |
| | 375 | |
| | 376 | const sd_bus_vtable bus_cgroup_vtable[] = { |
| | 377 | SD_BUS_VTABLE_START(0), |
| | 378 | SD_BUS_PROPERTY("Delegate", "b", bus_property_get_bool, offsetof(CGroupContext, delegate), 0), |
| | 379 | SD_BUS_PROPERTY("DelegateControllers", "as", property_get_delegate_controllers, 0, 0), |
| | 380 | SD_BUS_PROPERTY("DelegateSubgroup", "s", NULL, offsetof(CGroupContext, delegate_subgroup), 0), |
| | 381 | SD_BUS_PROPERTY("CPUWeight", "t", NULL, offsetof(CGroupContext, cpu_weight), 0), |
| | 382 | SD_BUS_PROPERTY("StartupCPUWeight", "t", NULL, offsetof(CGroupContext, startup_cpu_weight), 0), |
| | 383 | SD_BUS_PROPERTY("CPUQuotaPerSecUSec", "t", bus_property_get_usec, offsetof(CGroupContext, cpu_quota_per_sec_usec), 0), |
| | 384 | SD_BUS_PROPERTY("CPUQuotaPeriodUSec", "t", bus_property_get_usec, offsetof(CGroupContext, cpu_quota_period_usec), 0), |
| | 385 | SD_BUS_PROPERTY("AllowedCPUs", "ay", property_get_cpuset, offsetof(CGroupContext, cpuset_cpus), 0), |
| | 386 | SD_BUS_PROPERTY("StartupAllowedCPUs", "ay", property_get_cpuset, offsetof(CGroupContext, startup_cpuset_cpus), 0), |
| | 387 | SD_BUS_PROPERTY("AllowedMemoryNodes", "ay", property_get_cpuset, offsetof(CGroupContext, cpuset_mems), 0), |
| | 388 | SD_BUS_PROPERTY("StartupAllowedMemoryNodes", "ay", property_get_cpuset, offsetof(CGroupContext, startup_cpuset_mems), 0), |
| | 389 | SD_BUS_PROPERTY("IOAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, io_accounting), 0), |
| | 390 | SD_BUS_PROPERTY("IOWeight", "t", NULL, offsetof(CGroupContext, io_weight), 0), |
| | 391 | SD_BUS_PROPERTY("StartupIOWeight", "t", NULL, offsetof(CGroupContext, startup_io_weight), 0), |
| | 392 | SD_BUS_PROPERTY("IODeviceWeight", "a(st)", property_get_io_device_weight, 0, 0), |
| | 393 | SD_BUS_PROPERTY("IOReadBandwidthMax", "a(st)", property_get_io_device_limits, 0, 0), |
| | 394 | SD_BUS_PROPERTY("IOWriteBandwidthMax", "a(st)", property_get_io_device_limits, 0, 0), |
| | 395 | SD_BUS_PROPERTY("IOReadIOPSMax", "a(st)", property_get_io_device_limits, 0, 0), |
| | 396 | SD_BUS_PROPERTY("IOWriteIOPSMax", "a(st)", property_get_io_device_limits, 0, 0), |
| | 397 | SD_BUS_PROPERTY("IODeviceLatencyTargetUSec", "a(st)", property_get_io_device_latency, 0, 0), |
| | 398 | SD_BUS_PROPERTY("MemoryAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, memory_accounting), 0), |
| | 399 | SD_BUS_PROPERTY("DefaultMemoryLow", "t", NULL, offsetof(CGroupContext, default_memory_low), 0), |
| | 400 | SD_BUS_PROPERTY("DefaultStartupMemoryLow", "t", NULL, offsetof(CGroupContext, default_startup_memory_low), 0), |
| | 401 | SD_BUS_PROPERTY("DefaultMemoryMin", "t", NULL, offsetof(CGroupContext, default_memory_min), 0), |
| | 402 | SD_BUS_PROPERTY("MemoryMin", "t", NULL, offsetof(CGroupContext, memory_min), 0), |
| | 403 | SD_BUS_PROPERTY("MemoryLow", "t", NULL, offsetof(CGroupContext, memory_low), 0), |
| | 404 | SD_BUS_PROPERTY("StartupMemoryLow", "t", NULL, offsetof(CGroupContext, startup_memory_low), 0), |
| | 405 | SD_BUS_PROPERTY("MemoryHigh", "t", NULL, offsetof(CGroupContext, memory_high), 0), |
| | 406 | SD_BUS_PROPERTY("StartupMemoryHigh", "t", NULL, offsetof(CGroupContext, startup_memory_high), 0), |
| | 407 | SD_BUS_PROPERTY("MemoryMax", "t", NULL, offsetof(CGroupContext, memory_max), 0), |
| | 408 | SD_BUS_PROPERTY("StartupMemoryMax", "t", NULL, offsetof(CGroupContext, startup_memory_max), 0), |
| | 409 | SD_BUS_PROPERTY("MemorySwapMax", "t", NULL, offsetof(CGroupContext, memory_swap_max), 0), |
| | 410 | SD_BUS_PROPERTY("StartupMemorySwapMax", "t", NULL, offsetof(CGroupContext, startup_memory_swap_max), 0), |
| | 411 | SD_BUS_PROPERTY("MemoryZSwapMax", "t", NULL, offsetof(CGroupContext, memory_zswap_max), 0), |
| | 412 | SD_BUS_PROPERTY("StartupMemoryZSwapMax", "t", NULL, offsetof(CGroupContext, startup_memory_zswap_max), 0), |
| | 413 | SD_BUS_PROPERTY("MemoryZSwapWriteback", "b", bus_property_get_bool, offsetof(CGroupContext, memory_zswap_writeback), 0), |
| | 414 | SD_BUS_PROPERTY("DevicePolicy", "s", property_get_cgroup_device_policy, offsetof(CGroupContext, device_policy), 0), |
| | 415 | SD_BUS_PROPERTY("DeviceAllow", "a(ss)", property_get_device_allow, 0, 0), |
| | 416 | SD_BUS_PROPERTY("TasksAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, tasks_accounting), 0), |
| | 417 | SD_BUS_PROPERTY("TasksMax", "t", bus_property_get_tasks_max, offsetof(CGroupContext, tasks_max), 0), |
| | 418 | SD_BUS_PROPERTY("IPAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, ip_accounting), 0), |
| | 419 | SD_BUS_PROPERTY("IPAddressAllow", "a(iayu)", property_get_ip_address_access, offsetof(CGroupContext, ip_address_allow), 0), |
| | 420 | SD_BUS_PROPERTY("IPAddressDeny", "a(iayu)", property_get_ip_address_access, offsetof(CGroupContext, ip_address_deny), 0), |
| | 421 | SD_BUS_PROPERTY("IPIngressFilterPath", "as", NULL, offsetof(CGroupContext, ip_filters_ingress), 0), |
| | 422 | SD_BUS_PROPERTY("IPEgressFilterPath", "as", NULL, offsetof(CGroupContext, ip_filters_egress), 0), |
| | 423 | SD_BUS_PROPERTY("DisableControllers", "as", property_get_cgroup_mask, offsetof(CGroupContext, disable_controllers), 0), |
| | 424 | SD_BUS_PROPERTY("ManagedOOMSwap", "s", property_get_managed_oom_mode, offsetof(CGroupContext, moom_swap), 0), |
| | 425 | SD_BUS_PROPERTY("ManagedOOMMemoryPressure", "s", property_get_managed_oom_mode, offsetof(CGroupContext, moom_mem_pressure), 0), |
| | 426 | SD_BUS_PROPERTY("ManagedOOMMemoryPressureLimit", "u", NULL, offsetof(CGroupContext, moom_mem_pressure_limit), 0), |
| | 427 | SD_BUS_PROPERTY("ManagedOOMMemoryPressureDurationUSec", "t", bus_property_get_usec, offsetof(CGroupContext, moom_mem_pressure_duration_usec), 0), |
| | 428 | SD_BUS_PROPERTY("ManagedOOMPreference", "s", property_get_managed_oom_preference, offsetof(CGroupContext, moom_preference), 0), |
| | 429 | SD_BUS_PROPERTY("BPFProgram", "a(ss)", property_get_bpf_foreign_program, 0, 0), |
| | 430 | SD_BUS_PROPERTY("SocketBindAllow", "a(iiqq)", property_get_socket_bind, offsetof(CGroupContext, socket_bind_allow), 0), |
| | 431 | SD_BUS_PROPERTY("SocketBindDeny", "a(iiqq)", property_get_socket_bind, offsetof(CGroupContext, socket_bind_deny), 0), |
| | 432 | SD_BUS_PROPERTY("RestrictNetworkInterfaces", "(bas)", property_get_restrict_network_interfaces, 0, 0), |
| | 433 | SD_BUS_PROPERTY("MemoryPressureWatch", "s", bus_property_get_cgroup_pressure_watch, offsetof(CGroupContext, memory_pressure_watch), 0), |
| | 434 | SD_BUS_PROPERTY("MemoryPressureThresholdUSec", "t", bus_property_get_usec, offsetof(CGroupContext, memory_pressure_threshold_usec), 0), |
| | 435 | SD_BUS_PROPERTY("NFTSet", "a(iiss)", property_get_cgroup_nft_set, 0, 0), |
| | 436 | SD_BUS_PROPERTY("CoredumpReceive", "b", bus_property_get_bool, offsetof(CGroupContext, coredump_receive), 0), |
| | 437 | |
| | 438 | /* deprecated cgroup v1 properties */ |
| | 439 | SD_BUS_PROPERTY("MemoryLimit", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN), |
| | 440 | SD_BUS_PROPERTY("CPUShares", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN), |
| | 441 | SD_BUS_PROPERTY("StartupCPUShares", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN), |
| | 442 | SD_BUS_PROPERTY("BlockIOAccounting", "b", bus_property_get_bool_false, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN), |
| | 443 | SD_BUS_PROPERTY("BlockIOWeight", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN), |
| | 444 | SD_BUS_PROPERTY("StartupBlockIOWeight", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN), |
| | 445 | SD_BUS_PROPERTY("BlockIODeviceWeight", "a(st)", property_get_blockio_ast, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN), |
| | 446 | SD_BUS_PROPERTY("BlockIOReadBandwidth", "a(st)", property_get_blockio_ast, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN), |
| | 447 | SD_BUS_PROPERTY("BlockIOWriteBandwidth", "a(st)", property_get_blockio_ast, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN), |
| | 448 | /* since kernel v4.15 CPU accounting requires no controller, i.e. is available everywhere */ |
| | 449 | SD_BUS_PROPERTY("CPUAccounting", "b", bus_property_get_bool_true, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN), |
| | 450 | |
| | 451 | SD_BUS_VTABLE_END |
| | 452 | }; |
| | 453 | |
| | 454 | static int bus_cgroup_set_transient_property( |
| | 455 | Unit *u, |
| | 456 | CGroupContext *c, |
| | 457 | const char *name, |
| | 458 | sd_bus_message *message, |
| | 459 | UnitWriteFlags flags, |
| | 460 | sd_bus_error *error) { |
| | 461 | |
| | 462 | int r; |
| | 463 | |
| | 464 | assert(u); |
| | 465 | assert(c); |
| | 466 | assert(name); |
| | 467 | assert(message); |
| | 468 | |
| | 469 | flags |= UNIT_PRIVATE; |
| | 470 | |
| | 471 | if (streq(name, "Delegate")) { |
| | 472 | int b; |
| | 473 | |
| | 474 | if (!UNIT_VTABLE(u)->can_delegate) |
| | 475 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Delegation not available for unit type"); |
| | 476 | |
| | 477 | r = sd_bus_message_read(message, "b", &b); |
| | 478 | if (r < 0) |
| | 479 | return r; |
| | 480 | |
| | 481 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 482 | c->delegate = b; |
| | 483 | c->delegate_controllers = b ? CGROUP_MASK_DELEGATE : 0; |
| | 484 | |
| | 485 | unit_write_settingf(u, flags, name, "Delegate=%s", yes_no(b)); |
| | 486 | } |
| | 487 | |
| | 488 | return 1; |
| | 489 | |
| | 490 | } else if (streq(name, "DelegateSubgroup")) { |
| | 491 | const char *s; |
| | 492 | |
| | 493 | if (!UNIT_VTABLE(u)->can_delegate) |
| | 494 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Delegation not available for unit type"); |
| | 495 | |
| | 496 | r = sd_bus_message_read(message, "s", &s); |
| | 497 | if (r < 0) |
| | 498 | return r; |
| | 499 | |
| | 500 | if (!isempty(s) && cg_needs_escape(s)) |
| | 501 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid control group name: %s", s); |
| | 502 | |
| | 503 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 504 | if (isempty(s)) |
| | 505 | c->delegate_subgroup = mfree(c->delegate_subgroup); |
| | 506 | else { |
| | 507 | r = free_and_strdup_warn(&c->delegate_subgroup, s); |
| | 508 | if (r < 0) |
| | 509 | return r; |
| | 510 | } |
| | 511 | |
| | 512 | unit_write_settingf(u, flags, name, "DelegateSubgroup=%s", s); |
| | 513 | } |
| | 514 | |
| | 515 | return 1; |
| | 516 | |
| | 517 | } else if (STR_IN_SET(name, "DelegateControllers", "DisableControllers")) { |
| | 518 | CGroupMask mask = 0; |
| | 519 | |
| | 520 | if (streq(name, "DelegateControllers") && !UNIT_VTABLE(u)->can_delegate) |
| | 521 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Delegation not available for unit type"); |
| | 522 | |
| | 523 | r = sd_bus_message_enter_container(message, 'a', "s"); |
| | 524 | if (r < 0) |
| | 525 | return r; |
| | 526 | |
| | 527 | for (;;) { |
| | 528 | CGroupController cc; |
| | 529 | const char *t; |
| | 530 | |
| | 531 | r = sd_bus_message_read(message, "s", &t); |
| | 532 | if (r < 0) |
| | 533 | return r; |
| | 534 | if (r == 0) |
| | 535 | break; |
| | 536 | |
| | 537 | cc = cgroup_controller_from_string(t); |
| | 538 | if (cc < 0) |
| | 539 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unknown cgroup controller '%s'", t); |
| | 540 | |
| | 541 | mask |= CGROUP_CONTROLLER_TO_MASK(cc); |
| | 542 | } |
| | 543 | |
| | 544 | r = sd_bus_message_exit_container(message); |
| | 545 | if (r < 0) |
| | 546 | return r; |
| | 547 | |
| | 548 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 549 | _cleanup_free_ char *t = NULL; |
| | 550 | |
| | 551 | r = cg_mask_to_string(mask, &t); |
| | 552 | if (r < 0) |
| | 553 | return r; |
| | 554 | |
| | 555 | if (streq(name, "DelegateControllers")) { |
| | 556 | |
| | 557 | c->delegate = true; |
| | 558 | if (mask == 0) |
| | 559 | c->delegate_controllers = 0; |
| | 560 | else |
| | 561 | c->delegate_controllers |= mask; |
| | 562 | |
| | 563 | unit_write_settingf(u, flags, name, "Delegate=%s", strempty(t)); |
| | 564 | |
| | 565 | } else if (streq(name, "DisableControllers")) { |
| | 566 | |
| | 567 | if (mask == 0) |
| | 568 | c->disable_controllers = 0; |
| | 569 | else |
| | 570 | c->disable_controllers |= mask; |
| | 571 | |
| | 572 | unit_write_settingf(u, flags, name, "%s=%s", name, strempty(t)); |
| | 573 | } |
| | 574 | } |
| | 575 | |
| | 576 | return 1; |
| | 577 | } else if (STR_IN_SET(name, "IPIngressFilterPath", "IPEgressFilterPath")) { |
| | 578 | char ***filters; |
| | 579 | size_t n = 0; |
| | 580 | |
| | 581 | filters = streq(name, "IPIngressFilterPath") ? &c->ip_filters_ingress : &c->ip_filters_egress; |
| | 582 | r = sd_bus_message_enter_container(message, 'a', "s"); |
| | 583 | if (r < 0) |
| | 584 | return r; |
| | 585 | |
| | 586 | for (;;) { |
| | 587 | const char *path; |
| | 588 | |
| | 589 | r = sd_bus_message_read(message, "s", &path); |
| | 590 | if (r < 0) |
| | 591 | return r; |
| | 592 | if (r == 0) |
| | 593 | break; |
| | 594 | |
| | 595 | if (!path_is_normalized(path) || !path_is_absolute(path)) |
| | 596 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects a normalized absolute path.", name); |
| | 597 | |
| | 598 | if (!UNIT_WRITE_FLAGS_NOOP(flags) && !strv_contains(*filters, path)) { |
| | 599 | r = strv_extend(filters, path); |
| | 600 | if (r < 0) |
| | 601 | return log_oom(); |
| | 602 | } |
| | 603 | n++; |
| | 604 | } |
| | 605 | r = sd_bus_message_exit_container(message); |
| | 606 | if (r < 0) |
| | 607 | return r; |
| | 608 | |
| | 609 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 610 | _cleanup_(memstream_done) MemStream m = {}; |
| | 611 | _cleanup_free_ char *buf = NULL; |
| | 612 | FILE *f; |
| | 613 | |
| | 614 | if (n == 0) |
| | 615 | *filters = strv_free(*filters); |
| | 616 | |
| | 617 | unit_invalidate_cgroup_bpf(u); |
| | 618 | |
| | 619 | f = memstream_init(&m); |
| | 620 | if (!f) |
| | 621 | return -ENOMEM; |
| | 622 | |
| | 623 | fputs(name, f); |
| | 624 | fputs("=\n", f); |
| | 625 | |
| | 626 | STRV_FOREACH(entry, *filters) |
| | 627 | fprintf(f, "%s=%s\n", name, *entry); |
| | 628 | |
| | 629 | r = memstream_finalize(&m, &buf, NULL); |
| | 630 | if (r < 0) |
| | 631 | return r; |
| | 632 | |
| | 633 | unit_write_setting(u, flags, name, buf); |
| | 634 | |
| | 635 | if (*filters && bpf_program_supported() <= 0) { |
| | 636 | static bool warned = false; |
| | 637 | |
| | 638 | log_full(warned ? LOG_DEBUG : LOG_WARNING, |
| | 639 | "Transient unit %s configures an IP firewall with BPF, but the local system does not support BPF/cgroup firewalling with multiple filters.\n" |
| | 640 | "Starting this unit will fail! (This warning is only shown for the first started transient unit using IP firewalling.)", u->id); |
| | 641 | warned = true; |
| | 642 | } |
| | 643 | } |
| | 644 | |
| | 645 | return 1; |
| | 646 | } else if (streq(name, "BPFProgram")) { |
| | 647 | const char *a, *p; |
| | 648 | size_t n = 0; |
| | 649 | |
| | 650 | r = sd_bus_message_enter_container(message, 'a', "(ss)"); |
| | 651 | if (r < 0) |
| | 652 | return r; |
| | 653 | |
| | 654 | while ((r = sd_bus_message_read(message, "(ss)", &a, &p)) > 0) { |
| | 655 | int attach_type = bpf_cgroup_attach_type_from_string(a); |
| | 656 | if (attach_type < 0) |
| | 657 | return sd_bus_error_setf( |
| | 658 | error, |
| | 659 | SD_BUS_ERROR_INVALID_ARGS, |
| | 660 | "%s expects a valid BPF attach type, got '%s'.", |
| | 661 | name, a); |
| | 662 | |
| | 663 | if (!path_is_normalized(p) || !path_is_absolute(p)) |
| | 664 | return sd_bus_error_setf( |
| | 665 | error, |
| | 666 | SD_BUS_ERROR_INVALID_ARGS, |
| | 667 | "%s= expects a normalized absolute path.", |
| | 668 | name); |
| | 669 | |
| | 670 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 671 | r = cgroup_context_add_bpf_foreign_program(c, attach_type, p); |
| | 672 | if (r < 0) |
| | 673 | return r; |
| | 674 | } |
| | 675 | n++; |
| | 676 | } |
| | 677 | if (r < 0) |
| | 678 | return r; |
| | 679 | |
| | 680 | r = sd_bus_message_exit_container(message); |
| | 681 | if (r < 0) |
| | 682 | return r; |
| | 683 | |
| | 684 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 685 | _cleanup_(memstream_done) MemStream m = {}; |
| | 686 | _cleanup_free_ char *buf = NULL; |
| | 687 | FILE *f; |
| | 688 | |
| | 689 | if (n == 0) |
| | 690 | while (c->bpf_foreign_programs) |
| | 691 | cgroup_context_remove_bpf_foreign_program(c, c->bpf_foreign_programs); |
| | 692 | |
| | 693 | f = memstream_init(&m); |
| | 694 | if (!f) |
| | 695 | return -ENOMEM; |
| | 696 | |
| | 697 | fputs(name, f); |
| | 698 | fputs("=\n", f); |
| | 699 | |
| | 700 | LIST_FOREACH(programs, fp, c->bpf_foreign_programs) |
| | 701 | fprintf(f, "%s=%s:%s\n", name, |
| | 702 | bpf_cgroup_attach_type_to_string(fp->attach_type), |
| | 703 | fp->bpffs_path); |
| | 704 | |
| | 705 | r = memstream_finalize(&m, &buf, NULL); |
| | 706 | if (r < 0) |
| | 707 | return r; |
| | 708 | |
| | 709 | unit_write_setting(u, flags, name, buf); |
| | 710 | } |
| | 711 | |
| | 712 | return 1; |
| | 713 | |
| | 714 | } else if (streq(name, "MemoryPressureWatch")) { |
| | 715 | CGroupPressureWatch p; |
| | 716 | const char *t; |
| | 717 | |
| | 718 | r = sd_bus_message_read(message, "s", &t); |
| | 719 | if (r < 0) |
| | 720 | return r; |
| | 721 | |
| | 722 | if (isempty(t)) |
| | 723 | p = _CGROUP_PRESSURE_WATCH_INVALID; |
| | 724 | else { |
| | 725 | p = cgroup_pressure_watch_from_string(t); |
| | 726 | if (p < 0) |
| | 727 | return p; |
| | 728 | } |
| | 729 | |
| | 730 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 731 | c->memory_pressure_watch = p; |
| | 732 | unit_write_settingf(u, flags, name, "MemoryPressureWatch=%s", strempty(cgroup_pressure_watch_to_string(p))); |
| | 733 | } |
| | 734 | |
| | 735 | return 1; |
| | 736 | |
| | 737 | } else if (streq(name, "MemoryPressureThresholdUSec")) { |
| | 738 | uint64_t t; |
| | 739 | |
| | 740 | r = sd_bus_message_read(message, "t", &t); |
| | 741 | if (r < 0) |
| | 742 | return r; |
| | 743 | |
| | 744 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 745 | c->memory_pressure_threshold_usec = t; |
| | 746 | |
| | 747 | if (t == UINT64_MAX) |
| | 748 | unit_write_setting(u, flags, name, "MemoryPressureThresholdUSec="); |
| | 749 | else |
| | 750 | unit_write_settingf(u, flags, name, "MemoryPressureThresholdUSec=%" PRIu64, t); |
| | 751 | } |
| | 752 | |
| | 753 | return 1; |
| | 754 | } else if (streq(name, "CoredumpReceive")) { |
| | 755 | int b; |
| | 756 | |
| | 757 | if (!UNIT_VTABLE(u)->can_delegate) |
| | 758 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Delegation not available for unit type"); |
| | 759 | |
| | 760 | r = sd_bus_message_read(message, "b", &b); |
| | 761 | if (r < 0) |
| | 762 | return r; |
| | 763 | |
| | 764 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 765 | c->coredump_receive = b; |
| | 766 | |
| | 767 | unit_write_settingf(u, flags, name, "CoredumpReceive=%s", yes_no(b)); |
| | 768 | } |
| | 769 | |
| | 770 | return 1; |
| | 771 | } |
| | 772 | |
| | 773 | return 0; |
| | 774 | } |
| | 775 | |
| | 776 | static int bus_cgroup_set_boolean( |
| | 777 | Unit *u, |
| | 778 | const char *name, |
| | 779 | bool *p, |
| | 780 | CGroupMask mask, |
| | 781 | sd_bus_message *message, |
| | 782 | UnitWriteFlags flags, |
| | 783 | sd_bus_error *error) { |
| | 784 | |
| | 785 | int b, r; |
| | 786 | |
| | 787 | assert(p); |
| | 788 | |
| | 789 | r = sd_bus_message_read(message, "b", &b); |
| | 790 | if (r < 0) |
| | 791 | return r; |
| | 792 | |
| | 793 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 794 | *p = b; |
| | 795 | unit_invalidate_cgroup(u, mask); |
| | 796 | unit_write_settingf(u, flags, name, "%s=%s", name, yes_no(b)); |
| | 797 | } |
| | 798 | |
| | 799 | return 1; |
| | 800 | } |
| | 801 | |
| | 802 | #define BUS_DEFINE_SET_CGROUP_WEIGHT(function, mask, check, val) \ |
| | 803 | static int bus_cgroup_set_##function( \ |
| | 804 | Unit *u, \ |
| | 805 | const char *name, \ |
| | 806 | uint64_t *p, \ |
| | 807 | sd_bus_message *message, \ |
| | 808 | UnitWriteFlags flags, \ |
| | 809 | sd_bus_error *error) { \ |
| | 810 | \ |
| | 811 | uint64_t v; \ |
| | 812 | int r; \ |
| | 813 | \ |
| | 814 | assert(p); \ |
| | 815 | \ |
| | 816 | r = sd_bus_message_read(message, "t", &v); \ |
| | 817 | if (r < 0) \ |
| | 818 | return r; \ |
| | 819 | \ |
| | 820 | if (!check(v)) \ |
| | 821 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, \ |
| | 822 | "Value specified in %s is out of range", name); \ |
| | 823 | \ |
| | 824 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { \ |
| | 825 | *p = v; \ |
| | 826 | unit_invalidate_cgroup(u, mask); \ |
| | 827 | \ |
| | 828 | if (v == (val)) \ |
| | 829 | unit_write_settingf(u, flags, name, \ |
| | 830 | "%s=", name); \ |
| | 831 | else \ |
| | 832 | unit_write_settingf(u, flags, name, \ |
| | 833 | "%s=%" PRIu64, name, v); \ |
| | 834 | } \ |
| | 835 | \ |
| | 836 | return 1; \ |
| | 837 | } |
| | 838 | |
| | 839 | #define BUS_DEFINE_SET_CGROUP_LIMIT(function, mask, scale, minimum) \ |
| | 840 | static int bus_cgroup_set_##function( \ |
| | 841 | Unit *u, \ |
| | 842 | const char *name, \ |
| | 843 | uint64_t *p, \ |
| | 844 | sd_bus_message *message, \ |
| | 845 | UnitWriteFlags flags, \ |
| | 846 | sd_bus_error *error) { \ |
| | 847 | \ |
| | 848 | uint64_t v; \ |
| | 849 | int r; \ |
| | 850 | \ |
| | 851 | assert(p); \ |
| | 852 | \ |
| | 853 | r = sd_bus_message_read(message, "t", &v); \ |
| | 854 | if (r < 0) \ |
| | 855 | return r; \ |
| | 856 | \ |
| | 857 | if (v < minimum) \ |
| | 858 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, \ |
| | 859 | "Value specified in %s is out of range", name); \ |
| | 860 | \ |
| | 861 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { \ |
| | 862 | *p = v; \ |
| | 863 | unit_invalidate_cgroup(u, mask); \ |
| | 864 | \ |
| | 865 | if (v == CGROUP_LIMIT_MAX) \ |
| | 866 | unit_write_settingf(u, flags, name, \ |
| | 867 | "%s=infinity", name); \ |
| | 868 | else \ |
| | 869 | unit_write_settingf(u, flags, name, \ |
| | 870 | "%s=%" PRIu64, name, v); \ |
| | 871 | } \ |
| | 872 | \ |
| | 873 | return 1; \ |
| | 874 | } \ |
| | 875 | static int bus_cgroup_set_##function##_scale( \ |
| | 876 | Unit *u, \ |
| | 877 | const char *name, \ |
| | 878 | uint64_t *p, \ |
| | 879 | sd_bus_message *message, \ |
| | 880 | UnitWriteFlags flags, \ |
| | 881 | sd_bus_error *error) { \ |
| | 882 | \ |
| | 883 | uint64_t v; \ |
| | 884 | uint32_t raw; \ |
| | 885 | int r; \ |
| | 886 | \ |
| | 887 | assert(p); \ |
| | 888 | \ |
| | 889 | r = sd_bus_message_read(message, "u", &raw); \ |
| | 890 | if (r < 0) \ |
| | 891 | return r; \ |
| | 892 | \ |
| | 893 | v = scale(raw, UINT32_MAX); \ |
| | 894 | if (v < minimum || v >= UINT64_MAX) \ |
| | 895 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, \ |
| | 896 | "Value specified in %s is out of range", name); \ |
| | 897 | \ |
| | 898 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { \ |
| | 899 | *p = v; \ |
| | 900 | unit_invalidate_cgroup(u, mask); \ |
| | 901 | \ |
| | 902 | /* Prepare to chop off suffix */ \ |
| | 903 | assert_se(endswith(name, "Scale")); \ |
| | 904 | \ |
| | 905 | int scaled = UINT32_SCALE_TO_PERMYRIAD(raw); \ |
| | 906 | unit_write_settingf(u, flags, name, "%.*s=" PERMYRIAD_AS_PERCENT_FORMAT_STR, \ |
| | 907 | (int)(strlen(name) - strlen("Scale")), name, \ |
| | 908 | PERMYRIAD_AS_PERCENT_FORMAT_VAL(scaled)); \ |
| | 909 | } \ |
| | 910 | \ |
| | 911 | return 1; \ |
| | 912 | } |
| | 913 | |
| | 914 | DISABLE_WARNING_TYPE_LIMITS; |
| | 915 | BUS_DEFINE_SET_CGROUP_WEIGHT(io_weight, CGROUP_MASK_IO, CGROUP_WEIGHT_IS_OK, CGROUP_WEIGHT_INVALID); |
| | 916 | BUS_DEFINE_SET_CGROUP_LIMIT(memory, CGROUP_MASK_MEMORY, physical_memory_scale, 1); |
| | 917 | BUS_DEFINE_SET_CGROUP_LIMIT(memory_protection, CGROUP_MASK_MEMORY, physical_memory_scale, 0); |
| | 918 | BUS_DEFINE_SET_CGROUP_LIMIT(swap, CGROUP_MASK_MEMORY, physical_memory_scale, 0); |
| | 919 | BUS_DEFINE_SET_CGROUP_LIMIT(zswap, CGROUP_MASK_MEMORY, physical_memory_scale, 0); |
| | 920 | REENABLE_WARNING; |
| | 921 | |
| | 922 | static int bus_cgroup_set_cpu_weight( |
| | 923 | Unit *u, |
| | 924 | const char *name, |
| | 925 | uint64_t *p, |
| | 926 | sd_bus_message *message, |
| | 927 | UnitWriteFlags flags, |
| | 928 | sd_bus_error *error) { |
| | 929 | uint64_t v; |
| | 930 | int r; |
| | 931 | assert(p); |
| | 932 | r = sd_bus_message_read(message, "t", &v); |
| | 933 | if (r < 0) |
| | 934 | return r; |
| | 935 | if (!CGROUP_WEIGHT_IS_OK(v) && v != CGROUP_WEIGHT_IDLE) |
| | 936 | return sd_bus_error_setf( |
| | 937 | error, SD_BUS_ERROR_INVALID_ARGS, "Value specified in %s is out of range", name); |
| | 938 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 939 | *p = v; |
| | 940 | unit_invalidate_cgroup(u, CGROUP_MASK_CPU); |
| | 941 | if (v == CGROUP_WEIGHT_INVALID) |
| | 942 | unit_write_settingf(u, flags, name, "%s=", name); |
| | 943 | else if (v == CGROUP_WEIGHT_IDLE) |
| | 944 | unit_write_settingf(u, flags, name, "%s=idle", name); |
| | 945 | else |
| | 946 | unit_write_settingf(u, flags, name, "%s=%" PRIu64, name, v); |
| | 947 | } |
| | 948 | return 1; |
| | 949 | } |
| | 950 | |
| | 951 | static int bus_cgroup_set_tasks_max( |
| | 952 | Unit *u, |
| | 953 | const char *name, |
| | 954 | CGroupTasksMax *p, |
| | 955 | sd_bus_message *message, |
| | 956 | UnitWriteFlags flags, |
| | 957 | sd_bus_error *error) { |
| | 958 | |
| | 959 | uint64_t v; |
| | 960 | int r; |
| | 961 | |
| | 962 | assert(p); |
| | 963 | |
| | 964 | r = sd_bus_message_read(message, "t", &v); |
| | 965 | if (r < 0) |
| | 966 | return r; |
| | 967 | |
| | 968 | if (v < 1) |
| | 969 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, |
| | 970 | "Value specified in %s is out of range", name); |
| | 971 | |
| | 972 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 973 | *p = (CGroupTasksMax) { .value = v, .scale = 0 }; /* When .scale==0, .value is the absolute value */ |
| | 974 | unit_invalidate_cgroup(u, CGROUP_MASK_PIDS); |
| | 975 | |
| | 976 | if (v == CGROUP_LIMIT_MAX) |
| | 977 | unit_write_settingf(u, flags, name, |
| | 978 | "%s=infinity", name); |
| | 979 | else |
| | 980 | unit_write_settingf(u, flags, name, |
| | 981 | "%s=%" PRIu64, name, v); |
| | 982 | } |
| | 983 | |
| | 984 | return 1; |
| | 985 | } |
| | 986 | |
| | 987 | static int bus_cgroup_set_tasks_max_scale( |
| | 988 | Unit *u, |
| | 989 | const char *name, |
| | 990 | CGroupTasksMax *p, |
| | 991 | sd_bus_message *message, |
| | 992 | UnitWriteFlags flags, |
| | 993 | sd_bus_error *error) { |
| | 994 | |
| | 995 | uint32_t v; |
| | 996 | int r; |
| | 997 | |
| | 998 | assert(p); |
| | 999 | |
| | 1000 | r = sd_bus_message_read(message, "u", &v); |
| | 1001 | if (r < 0) |
| | 1002 | return r; |
| | 1003 | |
| | 1004 | if (v < 1 || v >= UINT32_MAX) |
| | 1005 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, |
| | 1006 | "Value specified in %s is out of range", name); |
| | 1007 | |
| | 1008 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 1009 | *p = (CGroupTasksMax) { v, UINT32_MAX }; /* .scale is not 0, so this is interpreted as v/UINT32_MAX. */ |
| | 1010 | unit_invalidate_cgroup(u, CGROUP_MASK_PIDS); |
| | 1011 | |
| | 1012 | uint32_t scaled = DIV_ROUND_UP((uint64_t) v * 100U, (uint64_t) UINT32_MAX); |
| | 1013 | unit_write_settingf(u, flags, name, "%s=%" PRIu32 ".%" PRIu32 "%%", "TasksMax", |
| | 1014 | scaled / 10, scaled % 10); |
| | 1015 | } |
| | 1016 | |
| | 1017 | return 1; |
| | 1018 | } |
| | 1019 | |
| | 1020 | int bus_cgroup_set_property( |
| | 1021 | Unit *u, |
| | 1022 | CGroupContext *c, |
| | 1023 | const char *name, |
| | 1024 | sd_bus_message *message, |
| | 1025 | UnitWriteFlags flags, |
| | 1026 | sd_bus_error *error) { |
| | 1027 | |
| | 1028 | CGroupIOLimitType iol_type; |
| | 1029 | int r; |
| | 1030 | |
| | 1031 | assert(u); |
| | 1032 | assert(c); |
| | 1033 | assert(name); |
| | 1034 | assert(message); |
| | 1035 | |
| | 1036 | flags |= UNIT_PRIVATE; |
| | 1037 | |
| | 1038 | if (streq(name, "CPUWeight")) |
| | 1039 | return bus_cgroup_set_cpu_weight(u, name, &c->cpu_weight, message, flags, error); |
| | 1040 | |
| | 1041 | if (streq(name, "StartupCPUWeight")) |
| | 1042 | return bus_cgroup_set_cpu_weight(u, name, &c->startup_cpu_weight, message, flags, error); |
| | 1043 | |
| | 1044 | if (streq(name, "IOAccounting")) |
| | 1045 | return bus_cgroup_set_boolean(u, name, &c->io_accounting, CGROUP_MASK_IO, message, flags, error); |
| | 1046 | |
| | 1047 | if (streq(name, "IOWeight")) |
| | 1048 | return bus_cgroup_set_io_weight(u, name, &c->io_weight, message, flags, error); |
| | 1049 | |
| | 1050 | if (streq(name, "StartupIOWeight")) |
| | 1051 | return bus_cgroup_set_io_weight(u, name, &c->startup_io_weight, message, flags, error); |
| | 1052 | |
| | 1053 | if (streq(name, "MemoryAccounting")) |
| | 1054 | return bus_cgroup_set_boolean(u, name, &c->memory_accounting, CGROUP_MASK_MEMORY, message, flags, error); |
| | 1055 | |
| | 1056 | if (streq(name, "MemoryMin")) { |
| | 1057 | r = bus_cgroup_set_memory_protection(u, name, &c->memory_min, message, flags, error); |
| | 1058 | if (r > 0) |
| | 1059 | c->memory_min_set = true; |
| | 1060 | return r; |
| | 1061 | } |
| | 1062 | |
| | 1063 | if (streq(name, "MemoryLow")) { |
| | 1064 | r = bus_cgroup_set_memory_protection(u, name, &c->memory_low, message, flags, error); |
| | 1065 | if (r > 0) |
| | 1066 | c->memory_low_set = true; |
| | 1067 | return r; |
| | 1068 | } |
| | 1069 | |
| | 1070 | if (streq(name, "StartupMemoryLow")) { |
| | 1071 | r = bus_cgroup_set_memory_protection(u, name, &c->startup_memory_low, message, flags, error); |
| | 1072 | if (r > 0) |
| | 1073 | c->startup_memory_low_set = true; |
| | 1074 | return r; |
| | 1075 | } |
| | 1076 | |
| | 1077 | if (streq(name, "DefaultMemoryMin")) { |
| | 1078 | r = bus_cgroup_set_memory_protection(u, name, &c->default_memory_min, message, flags, error); |
| | 1079 | if (r > 0) |
| | 1080 | c->default_memory_min_set = true; |
| | 1081 | return r; |
| | 1082 | } |
| | 1083 | |
| | 1084 | if (streq(name, "DefaultMemoryLow")) { |
| | 1085 | r = bus_cgroup_set_memory_protection(u, name, &c->default_memory_low, message, flags, error); |
| | 1086 | if (r > 0) |
| | 1087 | c->default_memory_low_set = true; |
| | 1088 | return r; |
| | 1089 | } |
| | 1090 | |
| | 1091 | if (streq(name, "DefaultStartupMemoryLow")) { |
| | 1092 | r = bus_cgroup_set_memory_protection(u, name, &c->default_startup_memory_low, message, flags, error); |
| | 1093 | if (r > 0) |
| | 1094 | c->default_startup_memory_low_set = true; |
| | 1095 | return r; |
| | 1096 | } |
| | 1097 | |
| | 1098 | if (streq(name, "MemoryHigh")) |
| | 1099 | return bus_cgroup_set_memory(u, name, &c->memory_high, message, flags, error); |
| | 1100 | |
| | 1101 | if (streq(name, "StartupMemoryHigh")) { |
| | 1102 | r = bus_cgroup_set_memory(u, name, &c->startup_memory_high, message, flags, error); |
| | 1103 | if (r > 0) |
| | 1104 | c->startup_memory_high_set = true; |
| | 1105 | return r; |
| | 1106 | } |
| | 1107 | |
| | 1108 | if (streq(name, "MemorySwapMax")) |
| | 1109 | return bus_cgroup_set_swap(u, name, &c->memory_swap_max, message, flags, error); |
| | 1110 | |
| | 1111 | if (streq(name, "StartupMemorySwapMax")) { |
| | 1112 | r = bus_cgroup_set_swap(u, name, &c->startup_memory_swap_max, message, flags, error); |
| | 1113 | if (r > 0) |
| | 1114 | c->startup_memory_swap_max_set = true; |
| | 1115 | return r; |
| | 1116 | } |
| | 1117 | |
| | 1118 | if (streq(name, "MemoryZSwapMax")) |
| | 1119 | return bus_cgroup_set_zswap(u, name, &c->memory_zswap_max, message, flags, error); |
| | 1120 | |
| | 1121 | if (streq(name, "StartupMemoryZSwapMax")) { |
| | 1122 | r = bus_cgroup_set_zswap(u, name, &c->startup_memory_zswap_max, message, flags, error); |
| | 1123 | if (r > 0) |
| | 1124 | c->startup_memory_zswap_max_set = true; |
| | 1125 | return r; |
| | 1126 | } |
| | 1127 | |
| | 1128 | if (streq(name, "MemoryMax")) |
| | 1129 | return bus_cgroup_set_memory(u, name, &c->memory_max, message, flags, error); |
| | 1130 | |
| | 1131 | if (streq(name, "StartupMemoryMax")) { |
| | 1132 | r = bus_cgroup_set_memory(u, name, &c->startup_memory_max, message, flags, error); |
| | 1133 | if (r > 0) |
| | 1134 | c->startup_memory_max_set = true; |
| | 1135 | return r; |
| | 1136 | } |
| | 1137 | |
| | 1138 | if (streq(name, "MemoryMinScale")) { |
| | 1139 | r = bus_cgroup_set_memory_protection_scale(u, name, &c->memory_min, message, flags, error); |
| | 1140 | if (r > 0) |
| | 1141 | c->memory_min_set = true; |
| | 1142 | return r; |
| | 1143 | } |
| | 1144 | |
| | 1145 | if (streq(name, "MemoryLowScale")) { |
| | 1146 | r = bus_cgroup_set_memory_protection_scale(u, name, &c->memory_low, message, flags, error); |
| | 1147 | if (r > 0) |
| | 1148 | c->memory_low_set = true; |
| | 1149 | return r; |
| | 1150 | } |
| | 1151 | |
| | 1152 | if (streq(name, "DefaultMemoryMinScale")) { |
| | 1153 | r = bus_cgroup_set_memory_protection_scale(u, name, &c->default_memory_min, message, flags, error); |
| | 1154 | if (r > 0) |
| | 1155 | c->default_memory_min_set = true; |
| | 1156 | return r; |
| | 1157 | } |
| | 1158 | |
| | 1159 | if (streq(name, "DefaultMemoryLowScale")) { |
| | 1160 | r = bus_cgroup_set_memory_protection_scale(u, name, &c->default_memory_low, message, flags, error); |
| | 1161 | if (r > 0) |
| | 1162 | c->default_memory_low_set = true; |
| | 1163 | return r; |
| | 1164 | } |
| | 1165 | |
| | 1166 | if (streq(name, "MemoryHighScale")) |
| | 1167 | return bus_cgroup_set_memory_scale(u, name, &c->memory_high, message, flags, error); |
| | 1168 | |
| | 1169 | if (streq(name, "MemorySwapMaxScale")) |
| | 1170 | return bus_cgroup_set_swap_scale(u, name, &c->memory_swap_max, message, flags, error); |
| | 1171 | |
| | 1172 | if (streq(name, "MemoryZSwapMaxScale")) |
| | 1173 | return bus_cgroup_set_zswap_scale(u, name, &c->memory_zswap_max, message, flags, error); |
| | 1174 | |
| | 1175 | if (streq(name, "MemoryMaxScale")) |
| | 1176 | return bus_cgroup_set_memory_scale(u, name, &c->memory_max, message, flags, error); |
| | 1177 | |
| | 1178 | if (streq(name, "MemoryZSwapWriteback")) |
| | 1179 | return bus_cgroup_set_boolean(u, name, &c->memory_zswap_writeback, CGROUP_MASK_MEMORY, message, flags, error); |
| | 1180 | |
| | 1181 | if (streq(name, "TasksAccounting")) |
| | 1182 | return bus_cgroup_set_boolean(u, name, &c->tasks_accounting, CGROUP_MASK_PIDS, message, flags, error); |
| | 1183 | |
| | 1184 | if (streq(name, "TasksMax")) |
| | 1185 | return bus_cgroup_set_tasks_max(u, name, &c->tasks_max, message, flags, error); |
| | 1186 | |
| | 1187 | if (streq(name, "TasksMaxScale")) |
| | 1188 | return bus_cgroup_set_tasks_max_scale(u, name, &c->tasks_max, message, flags, error); |
| | 1189 | |
| | 1190 | if (streq(name, "CPUQuotaPerSecUSec")) { |
| | 1191 | uint64_t u64; |
| | 1192 | |
| | 1193 | r = sd_bus_message_read(message, "t", &u64); |
| | 1194 | if (r < 0) |
| | 1195 | return r; |
| | 1196 | |
| | 1197 | if (u64 <= 0) |
| | 1198 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "CPUQuotaPerSecUSec= value out of range"); |
| | 1199 | |
| | 1200 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 1201 | c->cpu_quota_per_sec_usec = u64; |
| | 1202 | CGroupRuntime *crt = unit_get_cgroup_runtime(u); |
| | 1203 | if (crt) |
| | 1204 | crt->warned_clamping_cpu_quota_period = false; |
| | 1205 | unit_invalidate_cgroup(u, CGROUP_MASK_CPU); |
| | 1206 | |
| | 1207 | if (c->cpu_quota_per_sec_usec == USEC_INFINITY) |
| | 1208 | unit_write_setting(u, flags, "CPUQuota", "CPUQuota="); |
| | 1209 | else |
| | 1210 | unit_write_settingf(u, flags, "CPUQuota", |
| | 1211 | "CPUQuota=" USEC_FMT ".%02" PRI_USEC "%%", |
| | 1212 | c->cpu_quota_per_sec_usec / 10000, |
| | 1213 | (c->cpu_quota_per_sec_usec % 10000) / 100); |
| | 1214 | } |
| | 1215 | |
| | 1216 | return 1; |
| | 1217 | |
| | 1218 | } else if (streq(name, "CPUQuotaPeriodUSec")) { |
| | 1219 | uint64_t u64; |
| | 1220 | |
| | 1221 | r = sd_bus_message_read(message, "t", &u64); |
| | 1222 | if (r < 0) |
| | 1223 | return r; |
| | 1224 | |
| | 1225 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 1226 | c->cpu_quota_period_usec = u64; |
| | 1227 | CGroupRuntime *crt = unit_get_cgroup_runtime(u); |
| | 1228 | if (crt) |
| | 1229 | crt->warned_clamping_cpu_quota_period = false; |
| | 1230 | unit_invalidate_cgroup(u, CGROUP_MASK_CPU); |
| | 1231 | if (c->cpu_quota_period_usec == USEC_INFINITY) |
| | 1232 | unit_write_setting(u, flags, "CPUQuotaPeriodSec", "CPUQuotaPeriodSec="); |
| | 1233 | else |
| | 1234 | unit_write_settingf(u, flags, "CPUQuotaPeriodSec", |
| | 1235 | "CPUQuotaPeriodSec=%s", |
| | 1236 | FORMAT_TIMESPAN(c->cpu_quota_period_usec, 1)); |
| | 1237 | } |
| | 1238 | |
| | 1239 | return 1; |
| | 1240 | |
| | 1241 | } else if (STR_IN_SET(name, "AllowedCPUs", "StartupAllowedCPUs", "AllowedMemoryNodes", "StartupAllowedMemoryNodes")) { |
| | 1242 | const void *a; |
| | 1243 | size_t n; |
| | 1244 | _cleanup_(cpu_set_done) CPUSet new_set = {}; |
| | 1245 | |
| | 1246 | r = sd_bus_message_read_array(message, 'y', &a, &n); |
| | 1247 | if (r < 0) |
| | 1248 | return r; |
| | 1249 | |
| | 1250 | r = cpu_set_from_dbus(a, n, &new_set); |
| | 1251 | if (r < 0) |
| | 1252 | return r; |
| | 1253 | |
| | 1254 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 1255 | _cleanup_free_ char *setstr = NULL; |
| | 1256 | CPUSet *set = NULL; |
| | 1257 | |
| | 1258 | setstr = cpu_set_to_range_string(&new_set); |
| | 1259 | if (!setstr) |
| | 1260 | return -ENOMEM; |
| | 1261 | |
| | 1262 | if (streq(name, "AllowedCPUs")) |
| | 1263 | set = &c->cpuset_cpus; |
| | 1264 | else if (streq(name, "StartupAllowedCPUs")) |
| | 1265 | set = &c->startup_cpuset_cpus; |
| | 1266 | else if (streq(name, "AllowedMemoryNodes")) |
| | 1267 | set = &c->cpuset_mems; |
| | 1268 | else if (streq(name, "StartupAllowedMemoryNodes")) |
| | 1269 | set = &c->startup_cpuset_mems; |
| | 1270 | else |
| | 1271 | assert_not_reached(); |
| | 1272 | |
| | 1273 | cpu_set_done_and_replace(*set, new_set); |
| | 1274 | |
| | 1275 | unit_invalidate_cgroup(u, CGROUP_MASK_CPUSET); |
| | 1276 | unit_write_settingf(u, flags, name, "%s=\n%s=%s", name, name, setstr); |
| | 1277 | } |
| | 1278 | |
| | 1279 | return 1; |
| | 1280 | |
| | 1281 | } else if ((iol_type = cgroup_io_limit_type_from_string(name)) >= 0) { |
| | 1282 | const char *path; |
| | 1283 | unsigned n = 0; |
| | 1284 | uint64_t u64; |
| | 1285 | |
| | 1286 | r = sd_bus_message_enter_container(message, 'a', "(st)"); |
| | 1287 | if (r < 0) |
| | 1288 | return r; |
| | 1289 | |
| | 1290 | while ((r = sd_bus_message_read(message, "(st)", &path, &u64)) > 0) { |
| | 1291 | |
| | 1292 | if (!path_is_normalized(path)) |
| | 1293 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path '%s' specified in %s= is not normalized.", name, path); |
| | 1294 | |
| | 1295 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 1296 | CGroupIODeviceLimit *a = NULL; |
| | 1297 | |
| | 1298 | LIST_FOREACH(device_limits, b, c->io_device_limits) |
| | 1299 | if (path_equal(path, b->path)) { |
| | 1300 | a = b; |
| | 1301 | break; |
| | 1302 | } |
| | 1303 | |
| | 1304 | if (!a) { |
| | 1305 | CGroupIOLimitType type; |
| | 1306 | |
| | 1307 | a = new0(CGroupIODeviceLimit, 1); |
| | 1308 | if (!a) |
| | 1309 | return -ENOMEM; |
| | 1310 | |
| | 1311 | a->path = strdup(path); |
| | 1312 | if (!a->path) { |
| | 1313 | free(a); |
| | 1314 | return -ENOMEM; |
| | 1315 | } |
| | 1316 | |
| | 1317 | for (type = 0; type < _CGROUP_IO_LIMIT_TYPE_MAX; type++) |
| | 1318 | a->limits[type] = cgroup_io_limit_defaults[type]; |
| | 1319 | |
| | 1320 | LIST_APPEND(device_limits, c->io_device_limits, a); |
| | 1321 | } |
| | 1322 | |
| | 1323 | a->limits[iol_type] = u64; |
| | 1324 | } |
| | 1325 | |
| | 1326 | n++; |
| | 1327 | } |
| | 1328 | if (r < 0) |
| | 1329 | return r; |
| | 1330 | |
| | 1331 | r = sd_bus_message_exit_container(message); |
| | 1332 | if (r < 0) |
| | 1333 | return r; |
| | 1334 | |
| | 1335 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 1336 | _cleanup_(memstream_done) MemStream m = {}; |
| | 1337 | _cleanup_free_ char *buf = NULL; |
| | 1338 | FILE *f; |
| | 1339 | |
| | 1340 | if (n == 0) |
| | 1341 | LIST_FOREACH(device_limits, a, c->io_device_limits) |
| | 1342 | a->limits[iol_type] = cgroup_io_limit_defaults[iol_type]; |
| | 1343 | |
| | 1344 | unit_invalidate_cgroup(u, CGROUP_MASK_IO); |
| | 1345 | |
| | 1346 | f = memstream_init(&m); |
| | 1347 | if (!f) |
| | 1348 | return -ENOMEM; |
| | 1349 | |
| | 1350 | fprintf(f, "%s=\n", name); |
| | 1351 | LIST_FOREACH(device_limits, a, c->io_device_limits) |
| | 1352 | if (a->limits[iol_type] != cgroup_io_limit_defaults[iol_type]) |
| | 1353 | fprintf(f, "%s=%s %" PRIu64 "\n", name, a->path, a->limits[iol_type]); |
| | 1354 | |
| | 1355 | r = memstream_finalize(&m, &buf, NULL); |
| | 1356 | if (r < 0) |
| | 1357 | return r; |
| | 1358 | |
| | 1359 | unit_write_setting(u, flags, name, buf); |
| | 1360 | } |
| | 1361 | |
| | 1362 | return 1; |
| | 1363 | |
| | 1364 | } else if (streq(name, "IODeviceWeight")) { |
| | 1365 | const char *path; |
| | 1366 | uint64_t weight; |
| | 1367 | unsigned n = 0; |
| | 1368 | |
| | 1369 | r = sd_bus_message_enter_container(message, 'a', "(st)"); |
| | 1370 | if (r < 0) |
| | 1371 | return r; |
| | 1372 | |
| | 1373 | while ((r = sd_bus_message_read(message, "(st)", &path, &weight)) > 0) { |
| | 1374 | |
| | 1375 | if (!path_is_normalized(path)) |
| | 1376 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path '%s' specified in %s= is not normalized.", name, path); |
| | 1377 | |
| | 1378 | if (!CGROUP_WEIGHT_IS_OK(weight) || weight == CGROUP_WEIGHT_INVALID) |
| | 1379 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "IODeviceWeight= value out of range"); |
| | 1380 | |
| | 1381 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 1382 | CGroupIODeviceWeight *a = NULL; |
| | 1383 | |
| | 1384 | LIST_FOREACH(device_weights, b, c->io_device_weights) |
| | 1385 | if (path_equal(b->path, path)) { |
| | 1386 | a = b; |
| | 1387 | break; |
| | 1388 | } |
| | 1389 | |
| | 1390 | if (!a) { |
| | 1391 | a = new0(CGroupIODeviceWeight, 1); |
| | 1392 | if (!a) |
| | 1393 | return -ENOMEM; |
| | 1394 | |
| | 1395 | a->path = strdup(path); |
| | 1396 | if (!a->path) { |
| | 1397 | free(a); |
| | 1398 | return -ENOMEM; |
| | 1399 | } |
| | 1400 | LIST_APPEND(device_weights, c->io_device_weights, a); |
| | 1401 | } |
| | 1402 | |
| | 1403 | a->weight = weight; |
| | 1404 | } |
| | 1405 | |
| | 1406 | n++; |
| | 1407 | } |
| | 1408 | |
| | 1409 | r = sd_bus_message_exit_container(message); |
| | 1410 | if (r < 0) |
| | 1411 | return r; |
| | 1412 | |
| | 1413 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 1414 | _cleanup_(memstream_done) MemStream m = {}; |
| | 1415 | _cleanup_free_ char *buf = NULL; |
| | 1416 | FILE *f; |
| | 1417 | |
| | 1418 | if (n == 0) |
| | 1419 | while (c->io_device_weights) |
| | 1420 | cgroup_context_free_io_device_weight(c, c->io_device_weights); |
| | 1421 | |
| | 1422 | unit_invalidate_cgroup(u, CGROUP_MASK_IO); |
| | 1423 | |
| | 1424 | f = memstream_init(&m); |
| | 1425 | if (!f) |
| | 1426 | return -ENOMEM; |
| | 1427 | |
| | 1428 | fputs("IODeviceWeight=\n", f); |
| | 1429 | LIST_FOREACH(device_weights, a, c->io_device_weights) |
| | 1430 | fprintf(f, "IODeviceWeight=%s %" PRIu64 "\n", a->path, a->weight); |
| | 1431 | |
| | 1432 | r = memstream_finalize(&m, &buf, NULL); |
| | 1433 | if (r < 0) |
| | 1434 | return r; |
| | 1435 | |
| | 1436 | unit_write_setting(u, flags, name, buf); |
| | 1437 | } |
| | 1438 | |
| | 1439 | return 1; |
| | 1440 | |
| | 1441 | } else if (streq(name, "IODeviceLatencyTargetUSec")) { |
| | 1442 | const char *path; |
| | 1443 | uint64_t target; |
| | 1444 | unsigned n = 0; |
| | 1445 | |
| | 1446 | r = sd_bus_message_enter_container(message, 'a', "(st)"); |
| | 1447 | if (r < 0) |
| | 1448 | return r; |
| | 1449 | |
| | 1450 | while ((r = sd_bus_message_read(message, "(st)", &path, &target)) > 0) { |
| | 1451 | |
| | 1452 | if (!path_is_normalized(path)) |
| | 1453 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path '%s' specified in %s= is not normalized.", name, path); |
| | 1454 | |
| | 1455 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 1456 | CGroupIODeviceLatency *a = NULL; |
| | 1457 | |
| | 1458 | LIST_FOREACH(device_latencies, b, c->io_device_latencies) |
| | 1459 | if (path_equal(b->path, path)) { |
| | 1460 | a = b; |
| | 1461 | break; |
| | 1462 | } |
| | 1463 | |
| | 1464 | if (!a) { |
| | 1465 | a = new0(CGroupIODeviceLatency, 1); |
| | 1466 | if (!a) |
| | 1467 | return -ENOMEM; |
| | 1468 | |
| | 1469 | a->path = strdup(path); |
| | 1470 | if (!a->path) { |
| | 1471 | free(a); |
| | 1472 | return -ENOMEM; |
| | 1473 | } |
| | 1474 | LIST_APPEND(device_latencies, c->io_device_latencies, a); |
| | 1475 | } |
| | 1476 | |
| | 1477 | a->target_usec = target; |
| | 1478 | } |
| | 1479 | |
| | 1480 | n++; |
| | 1481 | } |
| | 1482 | |
| | 1483 | r = sd_bus_message_exit_container(message); |
| | 1484 | if (r < 0) |
| | 1485 | return r; |
| | 1486 | |
| | 1487 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 1488 | _cleanup_(memstream_done) MemStream m = {}; |
| | 1489 | _cleanup_free_ char *buf = NULL; |
| | 1490 | FILE *f; |
| | 1491 | |
| | 1492 | if (n == 0) |
| | 1493 | while (c->io_device_latencies) |
| | 1494 | cgroup_context_free_io_device_latency(c, c->io_device_latencies); |
| | 1495 | |
| | 1496 | unit_invalidate_cgroup(u, CGROUP_MASK_IO); |
| | 1497 | |
| | 1498 | f = memstream_init(&m); |
| | 1499 | if (!f) |
| | 1500 | return -ENOMEM; |
| | 1501 | |
| | 1502 | fputs("IODeviceLatencyTargetSec=\n", f); |
| | 1503 | LIST_FOREACH(device_latencies, a, c->io_device_latencies) |
| | 1504 | fprintf(f, "IODeviceLatencyTargetSec=%s %s\n", |
| | 1505 | a->path, FORMAT_TIMESPAN(a->target_usec, 1)); |
| | 1506 | |
| | 1507 | r = memstream_finalize(&m, &buf, NULL); |
| | 1508 | if (r < 0) |
| | 1509 | return r; |
| | 1510 | |
| | 1511 | unit_write_setting(u, flags, name, buf); |
| | 1512 | } |
| | 1513 | |
| | 1514 | return 1; |
| | 1515 | |
| | 1516 | } else if (streq(name, "DevicePolicy")) { |
| | 1517 | const char *policy; |
| | 1518 | CGroupDevicePolicy p; |
| | 1519 | |
| | 1520 | r = sd_bus_message_read(message, "s", &policy); |
| | 1521 | if (r < 0) |
| | 1522 | return r; |
| | 1523 | |
| | 1524 | p = cgroup_device_policy_from_string(policy); |
| | 1525 | if (p < 0) |
| | 1526 | return p; |
| | 1527 | |
| | 1528 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 1529 | c->device_policy = p; |
| | 1530 | unit_invalidate_cgroup(u, CGROUP_MASK_DEVICES); |
| | 1531 | unit_write_settingf(u, flags, name, "DevicePolicy=%s", policy); |
| | 1532 | } |
| | 1533 | |
| | 1534 | return 1; |
| | 1535 | |
| | 1536 | } else if (streq(name, "DeviceAllow")) { |
| | 1537 | const char *path, *rwm; |
| | 1538 | unsigned n = 0; |
| | 1539 | |
| | 1540 | r = sd_bus_message_enter_container(message, 'a', "(ss)"); |
| | 1541 | if (r < 0) |
| | 1542 | return r; |
| | 1543 | |
| | 1544 | while ((r = sd_bus_message_read(message, "(ss)", &path, &rwm)) > 0) { |
| | 1545 | CGroupDevicePermissions p; |
| | 1546 | |
| | 1547 | if (!valid_device_allow_pattern(path) || strpbrk(path, WHITESPACE)) |
| | 1548 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "DeviceAllow= requires device node or pattern"); |
| | 1549 | |
| | 1550 | if (isempty(rwm)) |
| | 1551 | p = _CGROUP_DEVICE_PERMISSIONS_ALL; |
| | 1552 | else { |
| | 1553 | p = cgroup_device_permissions_from_string(rwm); |
| | 1554 | if (p < 0) |
| | 1555 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "DeviceAllow= requires combination of rwm flags"); |
| | 1556 | } |
| | 1557 | |
| | 1558 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 1559 | r = cgroup_context_add_or_update_device_allow(c, path, p); |
| | 1560 | if (r < 0) |
| | 1561 | return r; |
| | 1562 | } |
| | 1563 | |
| | 1564 | n++; |
| | 1565 | } |
| | 1566 | if (r < 0) |
| | 1567 | return r; |
| | 1568 | |
| | 1569 | r = sd_bus_message_exit_container(message); |
| | 1570 | if (r < 0) |
| | 1571 | return r; |
| | 1572 | |
| | 1573 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 1574 | _cleanup_(memstream_done) MemStream m = {}; |
| | 1575 | _cleanup_free_ char *buf = NULL; |
| | 1576 | FILE *f; |
| | 1577 | |
| | 1578 | if (n == 0) |
| | 1579 | while (c->device_allow) |
| | 1580 | cgroup_context_free_device_allow(c, c->device_allow); |
| | 1581 | |
| | 1582 | unit_invalidate_cgroup(u, CGROUP_MASK_DEVICES); |
| | 1583 | |
| | 1584 | f = memstream_init(&m); |
| | 1585 | if (!f) |
| | 1586 | return -ENOMEM; |
| | 1587 | |
| | 1588 | fputs("DeviceAllow=\n", f); |
| | 1589 | LIST_FOREACH(device_allow, a, c->device_allow) |
| | 1590 | fprintf(f, "DeviceAllow=%s %s\n", a->path, cgroup_device_permissions_to_string(a->permissions)); |
| | 1591 | |
| | 1592 | r = memstream_finalize(&m, &buf, NULL); |
| | 1593 | if (r < 0) |
| | 1594 | return r; |
| | 1595 | |
| | 1596 | unit_write_setting(u, flags, name, buf); |
| | 1597 | } |
| | 1598 | |
| | 1599 | return 1; |
| | 1600 | |
| | 1601 | } else if (streq(name, "IPAccounting")) { |
| | 1602 | int b; |
| | 1603 | |
| | 1604 | r = sd_bus_message_read(message, "b", &b); |
| | 1605 | if (r < 0) |
| | 1606 | return r; |
| | 1607 | |
| | 1608 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 1609 | c->ip_accounting = b; |
| | 1610 | |
| | 1611 | unit_invalidate_cgroup_bpf(u); |
| | 1612 | unit_write_settingf(u, flags, name, "IPAccounting=%s", yes_no(b)); |
| | 1613 | } |
| | 1614 | |
| | 1615 | return 1; |
| | 1616 | |
| | 1617 | } else if (STR_IN_SET(name, "IPAddressAllow", "IPAddressDeny")) { |
| | 1618 | _cleanup_set_free_ Set *new_prefixes = NULL; |
| | 1619 | size_t n = 0; |
| | 1620 | |
| | 1621 | r = sd_bus_message_enter_container(message, 'a', "(iayu)"); |
| | 1622 | if (r < 0) |
| | 1623 | return r; |
| | 1624 | |
| | 1625 | for (;;) { |
| | 1626 | r = sd_bus_message_enter_container(message, 'r', "iayu"); |
| | 1627 | if (r < 0) |
| | 1628 | return r; |
| | 1629 | if (r == 0) |
| | 1630 | break; |
| | 1631 | |
| | 1632 | struct in_addr_prefix prefix; |
| | 1633 | r = bus_message_read_in_addr_auto(message, error, &prefix.family, &prefix.address); |
| | 1634 | if (r < 0) |
| | 1635 | return r; |
| | 1636 | |
| | 1637 | uint32_t prefixlen; |
| | 1638 | r = sd_bus_message_read(message, "u", &prefixlen); |
| | 1639 | if (r < 0) |
| | 1640 | return r; |
| | 1641 | |
| | 1642 | if (prefixlen > FAMILY_ADDRESS_SIZE(prefix.family)*8) |
| | 1643 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, |
| | 1644 | "Prefix length %" PRIu32 " too large for address family %s.", |
| | 1645 | prefixlen, af_to_name(prefix.family)); |
| | 1646 | |
| | 1647 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 1648 | prefix.prefixlen = (uint8_t) prefixlen; |
| | 1649 | |
| | 1650 | r = in_addr_prefix_add(&new_prefixes, &prefix); |
| | 1651 | if (r < 0) |
| | 1652 | return r; |
| | 1653 | } |
| | 1654 | |
| | 1655 | r = sd_bus_message_exit_container(message); |
| | 1656 | if (r < 0) |
| | 1657 | return r; |
| | 1658 | |
| | 1659 | n++; |
| | 1660 | } |
| | 1661 | |
| | 1662 | r = sd_bus_message_exit_container(message); |
| | 1663 | if (r < 0) |
| | 1664 | return r; |
| | 1665 | |
| | 1666 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 1667 | _cleanup_(memstream_done) MemStream m = {}; |
| | 1668 | _cleanup_free_ char *buf = NULL; |
| | 1669 | Set **prefixes; |
| | 1670 | bool *reduced; |
| | 1671 | FILE *f; |
| | 1672 | |
| | 1673 | unit_invalidate_cgroup_bpf(u); |
| | 1674 | |
| | 1675 | f = memstream_init(&m); |
| | 1676 | if (!f) |
| | 1677 | return -ENOMEM; |
| | 1678 | |
| | 1679 | prefixes = streq(name, "IPAddressAllow") ? &c->ip_address_allow : &c->ip_address_deny; |
| | 1680 | reduced = streq(name, "IPAddressAllow") ? &c->ip_address_allow_reduced : &c->ip_address_deny_reduced; |
| | 1681 | |
| | 1682 | fputs(name, f); |
| | 1683 | fputs("=\n", f); |
| | 1684 | |
| | 1685 | if (n == 0) { |
| | 1686 | *reduced = true; |
| | 1687 | *prefixes = set_free(*prefixes); |
| | 1688 | } else { |
| | 1689 | *reduced = false; |
| | 1690 | |
| | 1691 | r = in_addr_prefixes_merge(prefixes, new_prefixes); |
| | 1692 | if (r < 0) |
| | 1693 | return r; |
| | 1694 | |
| | 1695 | const struct in_addr_prefix *p; |
| | 1696 | SET_FOREACH(p, *prefixes) |
| | 1697 | fprintf(f, "%s=%s\n", name, |
| | 1698 | IN_ADDR_PREFIX_TO_STRING(p->family, &p->address, p->prefixlen)); |
| | 1699 | } |
| | 1700 | |
| | 1701 | r = memstream_finalize(&m, &buf, NULL); |
| | 1702 | if (r < 0) |
| | 1703 | return r; |
| | 1704 | |
| | 1705 | unit_write_setting(u, flags, name, buf); |
| | 1706 | } |
| | 1707 | |
| | 1708 | return 1; |
| | 1709 | } |
| | 1710 | |
| | 1711 | if (STR_IN_SET(name, "ManagedOOMSwap", "ManagedOOMMemoryPressure")) { |
| | 1712 | ManagedOOMMode *cgroup_mode = streq(name, "ManagedOOMSwap") ? &c->moom_swap : &c->moom_mem_pressure; |
| | 1713 | ManagedOOMMode m; |
| | 1714 | const char *mode; |
| | 1715 | |
| | 1716 | if (!UNIT_VTABLE(u)->can_set_managed_oom) |
| | 1717 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Cannot set %s for this unit type", name); |
| | 1718 | |
| | 1719 | r = sd_bus_message_read(message, "s", &mode); |
| | 1720 | if (r < 0) |
| | 1721 | return r; |
| | 1722 | |
| | 1723 | m = managed_oom_mode_from_string(mode); |
| | 1724 | if (m < 0) |
| | 1725 | return -EINVAL; |
| | 1726 | |
| | 1727 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 1728 | *cgroup_mode = m; |
| | 1729 | unit_write_settingf(u, flags, name, "%s=%s", name, mode); |
| | 1730 | } |
| | 1731 | |
| | 1732 | (void) manager_varlink_send_managed_oom_update(u); |
| | 1733 | return 1; |
| | 1734 | } |
| | 1735 | |
| | 1736 | if (streq(name, "ManagedOOMMemoryPressureLimit")) { |
| | 1737 | uint32_t v; |
| | 1738 | |
| | 1739 | if (!UNIT_VTABLE(u)->can_set_managed_oom) |
| | 1740 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Cannot set %s for this unit type", name); |
| | 1741 | |
| | 1742 | r = sd_bus_message_read(message, "u", &v); |
| | 1743 | if (r < 0) |
| | 1744 | return r; |
| | 1745 | |
| | 1746 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 1747 | c->moom_mem_pressure_limit = v; |
| | 1748 | unit_write_settingf(u, flags, name, |
| | 1749 | "ManagedOOMMemoryPressureLimit=" PERMYRIAD_AS_PERCENT_FORMAT_STR, |
| | 1750 | PERMYRIAD_AS_PERCENT_FORMAT_VAL(UINT32_SCALE_TO_PERMYRIAD(v))); |
| | 1751 | } |
| | 1752 | |
| | 1753 | if (c->moom_mem_pressure == MANAGED_OOM_KILL) |
| | 1754 | (void) manager_varlink_send_managed_oom_update(u); |
| | 1755 | |
| | 1756 | return 1; |
| | 1757 | } |
| | 1758 | |
| | 1759 | if (streq(name, "ManagedOOMMemoryPressureDurationUSec")) { |
| | 1760 | uint64_t t; |
| | 1761 | |
| | 1762 | if (!UNIT_VTABLE(u)->can_set_managed_oom) |
| | 1763 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Cannot set %s for this unit type", name); |
| | 1764 | |
| | 1765 | r = sd_bus_message_read(message, "t", &t); |
| | 1766 | if (r < 0) |
| | 1767 | return r; |
| | 1768 | |
| | 1769 | if (t < 1 * USEC_PER_SEC) |
| | 1770 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= must be at least 1s, got %s", name, |
| | 1771 | FORMAT_TIMESPAN(t, USEC_PER_SEC)); |
| | 1772 | |
| | 1773 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 1774 | c->memory_pressure_threshold_usec = t; |
| | 1775 | if (c->memory_pressure_threshold_usec == USEC_INFINITY) |
| | 1776 | unit_write_setting(u, flags, name, "ManagedOOMMemoryPressureDurationSec="); |
| | 1777 | else |
| | 1778 | unit_write_settingf(u, flags, name, |
| | 1779 | "ManagedOOMMemoryPressureDurationSec=%s", |
| | 1780 | FORMAT_TIMESPAN(c->memory_pressure_threshold_usec, 1)); |
| | 1781 | } |
| | 1782 | |
| | 1783 | if (c->moom_mem_pressure == MANAGED_OOM_KILL) |
| | 1784 | (void) manager_varlink_send_managed_oom_update(u); |
| | 1785 | |
| | 1786 | return 1; |
| | 1787 | } |
| | 1788 | |
| | 1789 | if (streq(name, "ManagedOOMPreference")) { |
| | 1790 | ManagedOOMPreference p; |
| | 1791 | const char *pref; |
| | 1792 | |
| | 1793 | r = sd_bus_message_read(message, "s", &pref); |
| | 1794 | if (r < 0) |
| | 1795 | return r; |
| | 1796 | |
| | 1797 | p = managed_oom_preference_from_string(pref); |
| | 1798 | if (p < 0) |
| | 1799 | return p; |
| | 1800 | |
| | 1801 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 1802 | c->moom_preference = p; |
| | 1803 | unit_write_settingf(u, flags, name, "ManagedOOMPreference=%s", pref); |
| | 1804 | } |
| | 1805 | |
| | 1806 | return 1; |
| | 1807 | } |
| | 1808 | if (STR_IN_SET(name, "SocketBindAllow", "SocketBindDeny")) { |
| | 1809 | CGroupSocketBindItem **list; |
| | 1810 | uint16_t nr_ports, port_min; |
| | 1811 | size_t n = 0; |
| | 1812 | int32_t family, ip_protocol; |
| | 1813 | |
| | 1814 | list = streq(name, "SocketBindAllow") ? &c->socket_bind_allow : &c->socket_bind_deny; |
| | 1815 | |
| | 1816 | r = sd_bus_message_enter_container(message, 'a', "(iiqq)"); |
| | 1817 | if (r < 0) |
| | 1818 | return r; |
| | 1819 | |
| | 1820 | while ((r = sd_bus_message_read(message, "(iiqq)", &family, &ip_protocol, &nr_ports, &port_min)) > 0) { |
| | 1821 | |
| | 1822 | if (!IN_SET(family, AF_UNSPEC, AF_INET, AF_INET6)) |
| | 1823 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects INET or INET6 family, if specified.", name); |
| | 1824 | |
| | 1825 | if (!IN_SET(ip_protocol, 0, IPPROTO_TCP, IPPROTO_UDP)) |
| | 1826 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects TCP or UDP protocol, if specified.", name); |
| | 1827 | |
| | 1828 | if (port_min + (uint32_t) nr_ports > (1 << 16)) |
| | 1829 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects maximum port value lesser than 65536.", name); |
| | 1830 | |
| | 1831 | if (port_min == 0 && nr_ports != 0) |
| | 1832 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects port range starting with positive value.", name); |
| | 1833 | |
| | 1834 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 1835 | _cleanup_free_ CGroupSocketBindItem *item = NULL; |
| | 1836 | |
| | 1837 | item = new(CGroupSocketBindItem, 1); |
| | 1838 | if (!item) |
| | 1839 | return log_oom(); |
| | 1840 | |
| | 1841 | *item = (CGroupSocketBindItem) { |
| | 1842 | .address_family = family, |
| | 1843 | .ip_protocol = ip_protocol, |
| | 1844 | .nr_ports = nr_ports, |
| | 1845 | .port_min = port_min |
| | 1846 | }; |
| | 1847 | |
| | 1848 | LIST_PREPEND(socket_bind_items, *list, TAKE_PTR(item)); |
| | 1849 | } |
| | 1850 | n++; |
| | 1851 | } |
| | 1852 | if (r < 0) |
| | 1853 | return r; |
| | 1854 | |
| | 1855 | r = sd_bus_message_exit_container(message); |
| | 1856 | if (r < 0) |
| | 1857 | return r; |
| | 1858 | |
| | 1859 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 1860 | _cleanup_(memstream_done) MemStream m = {}; |
| | 1861 | _cleanup_free_ char *buf = NULL; |
| | 1862 | FILE *f; |
| | 1863 | |
| | 1864 | if (n == 0) |
| | 1865 | cgroup_context_remove_socket_bind(list); |
| | 1866 | else { |
| | 1867 | if ((u->manager->cgroup_supported & CGROUP_MASK_BPF_SOCKET_BIND) == 0) |
| | 1868 | log_full(LOG_DEBUG, |
| | 1869 | "Unit %s configures source compiled BPF programs " |
| | 1870 | "but the local system does not support that.\n" |
| | 1871 | "Starting this unit will fail!", u->id); |
| | 1872 | } |
| | 1873 | |
| | 1874 | f = memstream_init(&m); |
| | 1875 | if (!f) |
| | 1876 | return -ENOMEM; |
| | 1877 | |
| | 1878 | if (n == 0) |
| | 1879 | fprintf(f, "%s=\n", name); |
| | 1880 | else |
| | 1881 | LIST_FOREACH(socket_bind_items, item, *list) { |
| | 1882 | fprintf(f, "%s=", name); |
| | 1883 | cgroup_context_dump_socket_bind_item(item, f); |
| | 1884 | fputc('\n', f); |
| | 1885 | } |
| | 1886 | |
| | 1887 | r = memstream_finalize(&m, &buf, NULL); |
| | 1888 | if (r < 0) |
| | 1889 | return r; |
| | 1890 | |
| | 1891 | unit_write_setting(u, flags, name, buf); |
| | 1892 | } |
| | 1893 | |
| | 1894 | return 1; |
| | 1895 | } |
| | 1896 | if (streq(name, "RestrictNetworkInterfaces")) { |
| | 1897 | int is_allow_list; |
| | 1898 | _cleanup_strv_free_ char **l = NULL; |
| | 1899 | |
| | 1900 | r = sd_bus_message_enter_container(message, 'r', "bas"); |
| | 1901 | if (r < 0) |
| | 1902 | return r; |
| | 1903 | |
| | 1904 | r = sd_bus_message_read(message, "b", &is_allow_list); |
| | 1905 | if (r < 0) |
| | 1906 | return r; |
| | 1907 | |
| | 1908 | r = sd_bus_message_read_strv(message, &l); |
| | 1909 | if (r < 0) |
| | 1910 | return r; |
| | 1911 | |
| | 1912 | r = sd_bus_message_exit_container(message); |
| | 1913 | if (r < 0) |
| | 1914 | return r; |
| | 1915 | |
| | 1916 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 1917 | _cleanup_free_ char *joined = NULL; |
| | 1918 | |
| | 1919 | if (strv_isempty(l)) { |
| | 1920 | c->restrict_network_interfaces_is_allow_list = false; |
| | 1921 | c->restrict_network_interfaces = set_free(c->restrict_network_interfaces); |
| | 1922 | |
| | 1923 | unit_write_settingf(u, flags, name, "%s=", name); |
| | 1924 | return 1; |
| | 1925 | } |
| | 1926 | |
| | 1927 | if (set_isempty(c->restrict_network_interfaces)) |
| | 1928 | c->restrict_network_interfaces_is_allow_list = is_allow_list; |
| | 1929 | |
| | 1930 | STRV_FOREACH(s, l) { |
| | 1931 | if (!ifname_valid_full(*s, IFNAME_VALID_ALTERNATIVE)) { |
| | 1932 | log_full(LOG_WARNING, "Invalid interface name, ignoring: %s", *s); |
| | 1933 | continue; |
| | 1934 | } |
| | 1935 | if (c->restrict_network_interfaces_is_allow_list != (bool) is_allow_list) |
| | 1936 | free(set_remove(c->restrict_network_interfaces, *s)); |
| | 1937 | else { |
| | 1938 | r = set_put_strdup(&c->restrict_network_interfaces, *s); |
| | 1939 | if (r < 0) |
| | 1940 | return log_oom(); |
| | 1941 | } |
| | 1942 | } |
| | 1943 | |
| | 1944 | joined = strv_join(l, " "); |
| | 1945 | if (!joined) |
| | 1946 | return -ENOMEM; |
| | 1947 | |
| | 1948 | unit_write_settingf(u, flags, name, "%s=%s%s", name, is_allow_list ? "" : "~", joined); |
| | 1949 | } |
| | 1950 | |
| | 1951 | return 1; |
| | 1952 | } |
| | 1953 | |
| | 1954 | if (streq(name, "NFTSet")) { |
| | 1955 | int source, nfproto; |
| | 1956 | const char *table, *set; |
| | 1957 | bool empty = true; |
| | 1958 | |
| | 1959 | r = sd_bus_message_enter_container(message, 'a', "(iiss)"); |
| | 1960 | if (r < 0) |
| | 1961 | return r; |
| | 1962 | |
| | 1963 | while ((r = sd_bus_message_read(message, "(iiss)", &source, &nfproto, &table, &set)) > 0) { |
| | 1964 | const char *source_name, *nfproto_name; |
| | 1965 | |
| | 1966 | if (!IN_SET(source, NFT_SET_SOURCE_CGROUP, NFT_SET_SOURCE_USER, NFT_SET_SOURCE_GROUP)) |
| | 1967 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid source %d.", source); |
| | 1968 | |
| | 1969 | source_name = nft_set_source_to_string(source); |
| | 1970 | assert(source_name); |
| | 1971 | |
| | 1972 | nfproto_name = nfproto_to_string(nfproto); |
| | 1973 | if (!nfproto_name) |
| | 1974 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid protocol %d.", nfproto); |
| | 1975 | |
| | 1976 | if (!nft_identifier_valid(table)) { |
| | 1977 | _cleanup_free_ char *esc = NULL; |
| | 1978 | |
| | 1979 | esc = cescape(table); |
| | 1980 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid NFT table name %s.", strna(esc)); |
| | 1981 | } |
| | 1982 | |
| | 1983 | if (!nft_identifier_valid(set)) { |
| | 1984 | _cleanup_free_ char *esc = NULL; |
| | 1985 | |
| | 1986 | esc = cescape(set); |
| | 1987 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid NFT set name %s.", strna(esc)); |
| | 1988 | } |
| | 1989 | |
| | 1990 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 1991 | r = nft_set_add(&c->nft_set_context, source, nfproto, table, set); |
| | 1992 | if (r < 0) |
| | 1993 | return r; |
| | 1994 | |
| | 1995 | unit_write_settingf( |
| | 1996 | u, flags|UNIT_ESCAPE_SPECIFIERS, name, |
| | 1997 | "%s=%s:%s:%s:%s", |
| | 1998 | name, |
| | 1999 | source_name, |
| | 2000 | nfproto_name, |
| | 2001 | table, |
| | 2002 | set); |
| | 2003 | } |
| | 2004 | |
| | 2005 | empty = false; |
| | 2006 | } |
| | 2007 | if (r < 0) |
| | 2008 | return r; |
| | 2009 | |
| | 2010 | r = sd_bus_message_exit_container(message); |
| | 2011 | if (r < 0) |
| | 2012 | return r; |
| | 2013 | |
| | 2014 | if (empty && !UNIT_WRITE_FLAGS_NOOP(flags)) { |
| | 2015 | nft_set_context_clear(&c->nft_set_context); |
| | 2016 | unit_write_settingf(u, flags, name, "%s=", name); |
| | 2017 | } |
| | 2018 | |
| | 2019 | return 1; |
| | 2020 | } |
| | 2021 | |
| | 2022 | /* deprecated CGroup v1 properties */ |
| | 2023 | if (STR_IN_SET(name, |
| | 2024 | "MemoryLimit", |
| | 2025 | "MemoryLimitScale", |
| | 2026 | "CPUShares", |
| | 2027 | "StartupCPUShares", |
| | 2028 | "BlockIOAccounting", |
| | 2029 | "BlockIOWeight", |
| | 2030 | "StartupBlockIOWeight", |
| | 2031 | "BlockIODeviceWeight", |
| | 2032 | "BlockIOReadBandwidth", |
| | 2033 | "BlockIOWriteBandwidth", |
| | 2034 | "CPUAccounting")) { /* see comment in bus_cgroup_vtable */ |
| | 2035 | |
| | 2036 | r = sd_bus_message_skip(message, NULL); |
| | 2037 | if (r < 0) |
| | 2038 | return r; |
| | 2039 | |
| | 2040 | return 1; |
| | 2041 | } |
| | 2042 | |
| | 2043 | /* must be last */ |
| | 2044 | if (streq(name, "DisableControllers") || (u->transient && u->load_state == UNIT_STUB)) |
| | 2045 | return bus_cgroup_set_transient_property(u, c, name, message, flags, error); |
| | 2046 | |
| | 2047 | return 0; |
| | 2048 | } |
projects / thirdparty / systemd.git / blame_incremental