]> git.ipfire.org Git - thirdparty/systemd.git/blame_incremental - src/core/service.c
projects / thirdparty / systemd.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
logind: Don't match non-leader processes for utmp TTY determination (#38027)
[thirdparty/systemd.git] / src / core / service.c
... / ...
CommitLineData
1/* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3#include <math.h>
4#include <sys/stat.h>
5#include <unistd.h>
6
7#include "sd-bus.h"
8#include "sd-messages.h"
9
10#include "alloc-util.h"
11#include "async.h"
12#include "bus-common-errors.h"
13#include "bus-error.h"
14#include "bus-util.h"
15#include "chase.h"
16#include "dbus-service.h"
17#include "dbus-unit.h"
18#include "devnum-util.h"
19#include "env-util.h"
20#include "errno-util.h"
21#include "escape.h"
22#include "execute.h"
23#include "exec-credential.h"
24#include "exit-status.h"
25#include "extract-word.h"
26#include "fd-util.h"
27#include "fdset.h"
28#include "fileio.h"
29#include "format-util.h"
30#include "glyph-util.h"
31#include "image-policy.h"
32#include "log.h"
33#include "manager.h"
34#include "missing_audit.h"
35#include "mount-util.h"
36#include "namespace.h"
37#include "open-file.h"
38#include "parse-util.h"
39#include "path-util.h"
40#include "path.h"
41#include "pidfd-util.h"
42#include "process-util.h"
43#include "random-util.h"
44#include "selinux-util.h"
45#include "serialize.h"
46#include "service.h"
47#include "signal-util.h"
48#include "socket.h"
49#include "special.h"
50#include "stat-util.h"
51#include "string-table.h"
52#include "string-util.h"
53#include "strv.h"
54#include "transaction.h"
55#include "unit.h"
56#include "unit-name.h"
57#include "utf8.h"
58
59#define service_spawn(...) service_spawn_internal(__func__, __VA_ARGS__)
60
61static const UnitActiveState state_translation_table[_SERVICE_STATE_MAX] = {
62 [SERVICE_DEAD] = UNIT_INACTIVE,
63 [SERVICE_CONDITION] = UNIT_ACTIVATING,
64 [SERVICE_START_PRE] = UNIT_ACTIVATING,
65 [SERVICE_START] = UNIT_ACTIVATING,
66 [SERVICE_START_POST] = UNIT_ACTIVATING,
67 [SERVICE_RUNNING] = UNIT_ACTIVE,
68 [SERVICE_EXITED] = UNIT_ACTIVE,
69 [SERVICE_RELOAD] = UNIT_RELOADING,
70 [SERVICE_RELOAD_SIGNAL] = UNIT_RELOADING,
71 [SERVICE_RELOAD_NOTIFY] = UNIT_RELOADING,
72 [SERVICE_REFRESH_EXTENSIONS] = UNIT_REFRESHING,
73 [SERVICE_MOUNTING] = UNIT_REFRESHING,
74 [SERVICE_STOP] = UNIT_DEACTIVATING,
75 [SERVICE_STOP_WATCHDOG] = UNIT_DEACTIVATING,
76 [SERVICE_STOP_SIGTERM] = UNIT_DEACTIVATING,
77 [SERVICE_STOP_SIGKILL] = UNIT_DEACTIVATING,
78 [SERVICE_STOP_POST] = UNIT_DEACTIVATING,
79 [SERVICE_FINAL_WATCHDOG] = UNIT_DEACTIVATING,
80 [SERVICE_FINAL_SIGTERM] = UNIT_DEACTIVATING,
81 [SERVICE_FINAL_SIGKILL] = UNIT_DEACTIVATING,
82 [SERVICE_FAILED] = UNIT_FAILED,
83 [SERVICE_DEAD_BEFORE_AUTO_RESTART] = UNIT_INACTIVE,
84 [SERVICE_FAILED_BEFORE_AUTO_RESTART] = UNIT_FAILED,
85 [SERVICE_DEAD_RESOURCES_PINNED] = UNIT_INACTIVE,
86 [SERVICE_AUTO_RESTART] = UNIT_ACTIVATING,
87 [SERVICE_AUTO_RESTART_QUEUED] = UNIT_ACTIVATING,
88 [SERVICE_CLEANING] = UNIT_MAINTENANCE,
89};
90
91/* For Type=idle we never want to delay any other jobs, hence we
92 * consider idle jobs active as soon as we start working on them */
93static const UnitActiveState state_translation_table_idle[_SERVICE_STATE_MAX] = {
94 [SERVICE_DEAD] = UNIT_INACTIVE,
95 [SERVICE_CONDITION] = UNIT_ACTIVE,
96 [SERVICE_START_PRE] = UNIT_ACTIVE,
97 [SERVICE_START] = UNIT_ACTIVE,
98 [SERVICE_START_POST] = UNIT_ACTIVE,
99 [SERVICE_RUNNING] = UNIT_ACTIVE,
100 [SERVICE_EXITED] = UNIT_ACTIVE,
101 [SERVICE_RELOAD] = UNIT_RELOADING,
102 [SERVICE_RELOAD_SIGNAL] = UNIT_RELOADING,
103 [SERVICE_RELOAD_NOTIFY] = UNIT_RELOADING,
104 [SERVICE_REFRESH_EXTENSIONS] = UNIT_REFRESHING,
105 [SERVICE_MOUNTING] = UNIT_REFRESHING,
106 [SERVICE_STOP] = UNIT_DEACTIVATING,
107 [SERVICE_STOP_WATCHDOG] = UNIT_DEACTIVATING,
108 [SERVICE_STOP_SIGTERM] = UNIT_DEACTIVATING,
109 [SERVICE_STOP_SIGKILL] = UNIT_DEACTIVATING,
110 [SERVICE_STOP_POST] = UNIT_DEACTIVATING,
111 [SERVICE_FINAL_WATCHDOG] = UNIT_DEACTIVATING,
112 [SERVICE_FINAL_SIGTERM] = UNIT_DEACTIVATING,
113 [SERVICE_FINAL_SIGKILL] = UNIT_DEACTIVATING,
114 [SERVICE_FAILED] = UNIT_FAILED,
115 [SERVICE_DEAD_BEFORE_AUTO_RESTART] = UNIT_INACTIVE,
116 [SERVICE_FAILED_BEFORE_AUTO_RESTART] = UNIT_FAILED,
117 [SERVICE_DEAD_RESOURCES_PINNED] = UNIT_INACTIVE,
118 [SERVICE_AUTO_RESTART] = UNIT_ACTIVATING,
119 [SERVICE_AUTO_RESTART_QUEUED] = UNIT_ACTIVATING,
120 [SERVICE_CLEANING] = UNIT_MAINTENANCE,
121};
122
123static int service_dispatch_inotify_io(sd_event_source *source, int fd, uint32_t events, void *userdata);
124static int service_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
125static int service_dispatch_watchdog(sd_event_source *source, usec_t usec, void *userdata);
126static int service_dispatch_exec_io(sd_event_source *source, int fd, uint32_t events, void *userdata);
127
128static void service_enter_signal(Service *s, ServiceState state, ServiceResult f);
129static void service_enter_reload_by_notify(Service *s);
130
131static bool SERVICE_STATE_WITH_MAIN_PROCESS(ServiceState state) {
132 return IN_SET(state,
133 SERVICE_START, SERVICE_START_POST,
134 SERVICE_RUNNING,
135 SERVICE_RELOAD, SERVICE_RELOAD_SIGNAL, SERVICE_RELOAD_NOTIFY, SERVICE_REFRESH_EXTENSIONS,
136 SERVICE_MOUNTING,
137 SERVICE_STOP, SERVICE_STOP_WATCHDOG, SERVICE_STOP_SIGTERM, SERVICE_STOP_SIGKILL, SERVICE_STOP_POST,
138 SERVICE_FINAL_WATCHDOG, SERVICE_FINAL_SIGTERM, SERVICE_FINAL_SIGKILL);
139}
140
141static bool SERVICE_STATE_WITH_CONTROL_PROCESS(ServiceState state) {
142 return IN_SET(state,
143 SERVICE_CONDITION,
144 SERVICE_START_PRE, SERVICE_START, SERVICE_START_POST,
145 SERVICE_RELOAD, SERVICE_RELOAD_SIGNAL, SERVICE_RELOAD_NOTIFY, SERVICE_REFRESH_EXTENSIONS,
146 SERVICE_MOUNTING,
147 SERVICE_STOP, SERVICE_STOP_WATCHDOG, SERVICE_STOP_SIGTERM, SERVICE_STOP_SIGKILL, SERVICE_STOP_POST,
148 SERVICE_FINAL_WATCHDOG, SERVICE_FINAL_SIGTERM, SERVICE_FINAL_SIGKILL,
149 SERVICE_CLEANING);
150}
151
152static void service_init(Unit *u) {
153 Service *s = SERVICE(u);
154
155 assert(u);
156 assert(u->load_state == UNIT_STUB);
157
158 s->timeout_start_usec = u->manager->defaults.timeout_start_usec;
159 s->timeout_stop_usec = u->manager->defaults.timeout_stop_usec;
160 s->timeout_abort_usec = u->manager->defaults.timeout_abort_usec;
161 s->timeout_abort_set = u->manager->defaults.timeout_abort_set;
162 s->restart_usec = u->manager->defaults.restart_usec;
163 s->restart_max_delay_usec = USEC_INFINITY;
164 s->runtime_max_usec = USEC_INFINITY;
165 s->type = _SERVICE_TYPE_INVALID;
166 s->socket_fd = -EBADF;
167 s->stdin_fd = s->stdout_fd = s->stderr_fd = -EBADF;
168 s->guess_main_pid = true;
169 s->main_pid = PIDREF_NULL;
170 s->control_pid = PIDREF_NULL;
171 s->control_command_id = _SERVICE_EXEC_COMMAND_INVALID;
172
173 s->exec_context.keyring_mode = MANAGER_IS_SYSTEM(u->manager) ?
174 EXEC_KEYRING_PRIVATE : EXEC_KEYRING_INHERIT;
175
176 s->notify_access_override = _NOTIFY_ACCESS_INVALID;
177
178 s->watchdog_original_usec = USEC_INFINITY;
179
180 s->oom_policy = _OOM_POLICY_INVALID;
181 s->reload_begin_usec = USEC_INFINITY;
182 s->reload_signal = SIGHUP;
183
184 s->fd_store_preserve_mode = EXEC_PRESERVE_RESTART;
185}
186
187static void service_unwatch_control_pid(Service *s) {
188 assert(s);
189 unit_unwatch_pidref_done(UNIT(s), &s->control_pid);
190}
191
192static void service_unwatch_main_pid(Service *s) {
193 assert(s);
194 unit_unwatch_pidref_done(UNIT(s), &s->main_pid);
195}
196
197static void service_unwatch_pid_file(Service *s) {
198 assert(s);
199
200 if (!s->pid_file_pathspec)
201 return;
202
203 log_unit_debug(UNIT(s), "Stopping watch for PID file %s", s->pid_file_pathspec->path);
204 path_spec_unwatch(s->pid_file_pathspec);
205 path_spec_done(s->pid_file_pathspec);
206 s->pid_file_pathspec = mfree(s->pid_file_pathspec);
207}
208
209static int service_set_main_pidref(Service *s, PidRef pidref_consume, const dual_timestamp *start_timestamp) {
210 _cleanup_(pidref_done) PidRef pidref = pidref_consume;
211 int r;
212
213 assert(s);
214
215 /* Takes ownership of the specified pidref on both success and failure. */
216
217 if (!pidref_is_set(&pidref))
218 return -ESRCH;
219
220 if (pidref.pid <= 1)
221 return -EINVAL;
222
223 if (pidref_is_self(&pidref))
224 return -EINVAL;
225
226 if (s->main_pid_known && pidref_equal(&s->main_pid, &pidref))
227 return 0;
228
229 if (!pidref_equal(&s->main_pid, &pidref)) {
230 service_unwatch_main_pid(s);
231
232 dual_timestamp pid_start_time;
233
234 if (!start_timestamp) {
235 usec_t t;
236
237 if (pidref_get_start_time(&pidref, &t) >= 0)
238 start_timestamp = dual_timestamp_from_boottime(&pid_start_time, t);
239 }
240
241 exec_status_start(&s->main_exec_status, pidref.pid, start_timestamp);
242 }
243
244 s->main_pid = TAKE_PIDREF(pidref);
245 s->main_pid_known = true;
246
247 r = pidref_is_my_child(&s->main_pid);
248 if (r < 0)
249 log_unit_warning_errno(UNIT(s), r, "Can't determine if process "PID_FMT" is our child, assuming it is not: %m", s->main_pid.pid);
250 else if (r == 0) // FIXME: Supervise through pidfd here
251 log_unit_warning(UNIT(s), "Supervising process "PID_FMT" which is not our child. We'll most likely not notice when it exits.", s->main_pid.pid);
252 s->main_pid_alien = r <= 0;
253
254 return 0;
255}
256
257void service_release_socket_fd(Service *s) {
258 assert(s);
259
260 if (s->socket_fd < 0 && !UNIT_ISSET(s->accept_socket) && !s->socket_peer)
261 return;
262
263 log_unit_debug(UNIT(s), "Closing connection socket.");
264
265 /* Undo the effect of service_set_socket_fd(). */
266
267 s->socket_fd = asynchronous_close(s->socket_fd);
268
269 if (UNIT_ISSET(s->accept_socket)) {
270 socket_connection_unref(SOCKET(UNIT_DEREF(s->accept_socket)));
271 unit_ref_unset(&s->accept_socket);
272 }
273
274 s->socket_peer = socket_peer_unref(s->socket_peer);
275}
276
277static void service_override_notify_access(Service *s, NotifyAccess notify_access_override) {
278 assert(s);
279
280 s->notify_access_override = notify_access_override;
281
282 log_unit_debug(UNIT(s), "notify_access=%s", notify_access_to_string(s->notify_access));
283 log_unit_debug(UNIT(s), "notify_access_override=%s", notify_access_to_string(s->notify_access_override));
284}
285
286static void service_stop_watchdog(Service *s) {
287 assert(s);
288
289 s->watchdog_event_source = sd_event_source_disable_unref(s->watchdog_event_source);
290 s->watchdog_timestamp = DUAL_TIMESTAMP_NULL;
291}
292
293static void service_start_watchdog(Service *s) {
294 usec_t watchdog_usec;
295 int r;
296
297 assert(s);
298
299 watchdog_usec = service_get_watchdog_usec(s);
300 if (!timestamp_is_set(watchdog_usec)) {
301 service_stop_watchdog(s);
302 return;
303 }
304
305 if (s->watchdog_event_source) {
306 r = sd_event_source_set_time(s->watchdog_event_source, usec_add(s->watchdog_timestamp.monotonic, watchdog_usec));
307 if (r < 0) {
308 log_unit_warning_errno(UNIT(s), r, "Failed to reset watchdog timer: %m");
309 return;
310 }
311
312 r = sd_event_source_set_enabled(s->watchdog_event_source, SD_EVENT_ONESHOT);
313 } else {
314 r = sd_event_add_time(
315 UNIT(s)->manager->event,
316 &s->watchdog_event_source,
317 CLOCK_MONOTONIC,
318 usec_add(s->watchdog_timestamp.monotonic, watchdog_usec), 0,
319 service_dispatch_watchdog, s);
320 if (r < 0) {
321 log_unit_warning_errno(UNIT(s), r, "Failed to add watchdog timer: %m");
322 return;
323 }
324
325 (void) sd_event_source_set_description(s->watchdog_event_source, "service-watchdog");
326
327 /* Let's process everything else which might be a sign
328 * of living before we consider a service died. */
329 r = sd_event_source_set_priority(s->watchdog_event_source, EVENT_PRIORITY_SERVICE_WATCHDOG);
330 }
331 if (r < 0)
332 log_unit_warning_errno(UNIT(s), r, "Failed to install watchdog timer: %m");
333}
334
335usec_t service_restart_usec_next(Service *s) {
336 unsigned n_restarts_next;
337
338 assert(s);
339
340 /* When the service state is in SERVICE_*_BEFORE_AUTO_RESTART or SERVICE_AUTO_RESTART, we still need
341 * to add 1 to s->n_restarts manually, because s->n_restarts is not updated until a restart job is
342 * enqueued, i.e. state has transitioned to SERVICE_AUTO_RESTART_QUEUED. */
343 n_restarts_next = s->n_restarts + (s->state == SERVICE_AUTO_RESTART_QUEUED ? 0 : 1);
344
345 if (n_restarts_next <= 1 ||
346 s->restart_steps == 0 ||
347 s->restart_usec == 0 ||
348 s->restart_max_delay_usec == USEC_INFINITY ||
349 s->restart_usec >= s->restart_max_delay_usec)
350 return s->restart_usec;
351
352 if (n_restarts_next > s->restart_steps)
353 return s->restart_max_delay_usec;
354
355 /* Enforced in service_verify() and above */
356 assert(s->restart_max_delay_usec > s->restart_usec);
357
358 /* r_i / r_0 = (r_n / r_0) ^ (i / n)
359 * where,
360 * r_0 : initial restart usec (s->restart_usec),
361 * r_i : i-th restart usec (value),
362 * r_n : maximum restart usec (s->restart_max_delay_usec),
363 * i : index of the next step (n_restarts_next - 1)
364 * n : num maximum steps (s->restart_steps) */
365 return (usec_t) (s->restart_usec * powl((long double) s->restart_max_delay_usec / s->restart_usec,
366 (long double) (n_restarts_next - 1) / s->restart_steps));
367}
368
369static void service_extend_event_source_timeout(Service *s, sd_event_source *source, usec_t extended) {
370 usec_t current;
371 int r;
372
373 assert(s);
374
375 /* Extends the specified event source timer to at least the specified time, unless it is already later
376 * anyway. */
377
378 if (!source)
379 return;
380
381 r = sd_event_source_get_time(source, &current);
382 if (r < 0) {
383 const char *desc;
384 (void) sd_event_source_get_description(s->timer_event_source, &desc);
385 log_unit_warning_errno(UNIT(s), r, "Failed to retrieve timeout time for event source '%s', ignoring: %m", strna(desc));
386 return;
387 }
388
389 if (current >= extended) /* Current timeout is already longer, ignore this. */
390 return;
391
392 r = sd_event_source_set_time(source, extended);
393 if (r < 0) {
394 const char *desc;
395 (void) sd_event_source_get_description(s->timer_event_source, &desc);
396 log_unit_warning_errno(UNIT(s), r, "Failed to set timeout time for event source '%s', ignoring %m", strna(desc));
397 }
398}
399
400static void service_extend_timeout(Service *s, usec_t extend_timeout_usec) {
401 usec_t extended;
402
403 assert(s);
404
405 if (!timestamp_is_set(extend_timeout_usec))
406 return;
407
408 extended = usec_add(now(CLOCK_MONOTONIC), extend_timeout_usec);
409
410 service_extend_event_source_timeout(s, s->timer_event_source, extended);
411 service_extend_event_source_timeout(s, s->watchdog_event_source, extended);
412}
413
414static void service_reset_watchdog(Service *s) {
415 assert(s);
416
417 dual_timestamp_now(&s->watchdog_timestamp);
418 service_start_watchdog(s);
419}
420
421static void service_override_watchdog_timeout(Service *s, usec_t watchdog_override_usec) {
422 assert(s);
423
424 s->watchdog_override_enable = true;
425 s->watchdog_override_usec = watchdog_override_usec;
426 service_reset_watchdog(s);
427
428 log_unit_debug(UNIT(s), "watchdog_usec="USEC_FMT, s->watchdog_usec);
429 log_unit_debug(UNIT(s), "watchdog_override_usec="USEC_FMT, s->watchdog_override_usec);
430}
431
432static ServiceFDStore* service_fd_store_unlink(ServiceFDStore *fs) {
433 if (!fs)
434 return NULL;
435
436 if (fs->service) {
437 assert(fs->service->n_fd_store > 0);
438 LIST_REMOVE(fd_store, fs->service->fd_store, fs);
439 fs->service->n_fd_store--;
440 }
441
442 sd_event_source_disable_unref(fs->event_source);
443
444 free(fs->fdname);
445 asynchronous_close(fs->fd);
446 return mfree(fs);
447}
448
449DEFINE_TRIVIAL_CLEANUP_FUNC(ServiceFDStore*, service_fd_store_unlink);
450
451static void service_release_fd_store(Service *s) {
452 assert(s);
453
454 if (!s->fd_store)
455 return;
456
457 log_unit_debug(UNIT(s), "Releasing all stored fds.");
458
459 while (s->fd_store)
460 service_fd_store_unlink(s->fd_store);
461
462 assert(s->n_fd_store == 0);
463}
464
465static void service_release_extra_fds(Service *s) {
466 assert(s);
467
468 if (!s->extra_fds)
469 return;
470
471 log_unit_debug(UNIT(s), "Releasing extra file descriptors.");
472
473 FOREACH_ARRAY(i, s->extra_fds, s->n_extra_fds) {
474 asynchronous_close(i->fd);
475 free(i->fdname);
476 }
477
478 s->extra_fds = mfree(s->extra_fds);
479 s->n_extra_fds = 0;
480}
481
482static void service_release_stdio_fd(Service *s) {
483 assert(s);
484
485 if (s->stdin_fd < 0 && s->stdout_fd < 0 && s->stderr_fd < 0)
486 return;
487
488 log_unit_debug(UNIT(s), "Releasing stdin/stdout/stderr file descriptors.");
489
490 s->stdin_fd = asynchronous_close(s->stdin_fd);
491 s->stdout_fd = asynchronous_close(s->stdout_fd);
492 s->stderr_fd = asynchronous_close(s->stderr_fd);
493}
494
495static void service_done(Unit *u) {
496 Service *s = ASSERT_PTR(SERVICE(u));
497
498 open_file_free_many(&s->open_files);
499
500 s->pid_file = mfree(s->pid_file);
501 s->status_text = mfree(s->status_text);
502 s->status_bus_error = mfree(s->status_bus_error);
503 s->status_varlink_error = mfree(s->status_varlink_error);
504
505 s->exec_runtime = exec_runtime_free(s->exec_runtime);
506
507 exec_command_free_array(s->exec_command, _SERVICE_EXEC_COMMAND_MAX);
508 s->control_command = NULL;
509 s->main_command = NULL;
510
511 exit_status_set_free(&s->restart_prevent_status);
512 exit_status_set_free(&s->restart_force_status);
513 exit_status_set_free(&s->success_status);
514
515 /* This will leak a process, but at least no memory or any of our resources */
516 service_unwatch_main_pid(s);
517 service_unwatch_control_pid(s);
518 service_unwatch_pid_file(s);
519
520 if (s->bus_name) {
521 unit_unwatch_bus_name(u, s->bus_name);
522 s->bus_name = mfree(s->bus_name);
523 }
524
525 s->usb_function_descriptors = mfree(s->usb_function_descriptors);
526 s->usb_function_strings = mfree(s->usb_function_strings);
527
528 service_stop_watchdog(s);
529
530 s->timer_event_source = sd_event_source_disable_unref(s->timer_event_source);
531 s->exec_fd_event_source = sd_event_source_disable_unref(s->exec_fd_event_source);
532
533 s->bus_name_pid_lookup_slot = sd_bus_slot_unref(s->bus_name_pid_lookup_slot);
534
535 service_release_socket_fd(s);
536 service_release_stdio_fd(s);
537 service_release_fd_store(s);
538 service_release_extra_fds(s);
539
540 s->mount_request = sd_bus_message_unref(s->mount_request);
541}
542
543static int on_fd_store_io(sd_event_source *e, int fd, uint32_t revents, void *userdata) {
544 ServiceFDStore *fs = ASSERT_PTR(userdata);
545
546 assert(e);
547
548 /* If we get either EPOLLHUP or EPOLLERR, it's time to remove this entry from the fd store */
549 log_unit_debug(UNIT(fs->service),
550 "Received %s on stored fd %d (%s), closing.",
551 revents & EPOLLERR ? "EPOLLERR" : "EPOLLHUP",
552 fs->fd, strna(fs->fdname));
553 service_fd_store_unlink(fs);
554 return 0;
555}
556
557static int service_add_fd_store(Service *s, int fd_in, const char *name, bool do_poll) {
558 _cleanup_(service_fd_store_unlinkp) ServiceFDStore *fs = NULL;
559 _cleanup_(asynchronous_closep) int fd = ASSERT_FD(fd_in);
560 struct stat st;
561 int r;
562
563 /* fd is always consumed even if the function fails. */
564
565 assert(s);
566
567 if (fstat(fd, &st) < 0)
568 return -errno;
569
570 log_unit_debug(UNIT(s), "Trying to stash fd for dev=" DEVNUM_FORMAT_STR "/inode=%" PRIu64,
571 DEVNUM_FORMAT_VAL(st.st_dev), (uint64_t) st.st_ino);
572
573 if (s->n_fd_store >= s->n_fd_store_max)
574 /* Our store is full. Use this errno rather than E[NM]FILE to distinguish from the case
575 * where systemd itself hits the file limit. */
576 return log_unit_debug_errno(UNIT(s), SYNTHETIC_ERRNO(EXFULL), "Hit fd store limit.");
577
578 LIST_FOREACH(fd_store, i, s->fd_store) {
579 r = same_fd(i->fd, fd);
580 if (r < 0)
581 return r;
582 if (r > 0) {
583 log_unit_debug(UNIT(s), "Suppressing duplicate fd %i in fd store.", fd);
584 return 0; /* fd already included */
585 }
586 }
587
588 fs = new(ServiceFDStore, 1);
589 if (!fs)
590 return -ENOMEM;
591
592 *fs = (ServiceFDStore) {
593 .fd = TAKE_FD(fd),
594 .do_poll = do_poll,
595 .fdname = strdup(name ?: "stored"),
596 };
597
598 if (!fs->fdname)
599 return -ENOMEM;
600
601 if (do_poll) {
602 r = sd_event_add_io(UNIT(s)->manager->event, &fs->event_source, fs->fd, 0, on_fd_store_io, fs);
603 if (r < 0 && r != -EPERM) /* EPERM indicates fds that aren't pollable, which is OK */
604 return r;
605 if (r >= 0)
606 (void) sd_event_source_set_description(fs->event_source, "service-fd-store");
607 }
608
609 log_unit_debug(UNIT(s), "Added fd %i (%s) to fd store.", fs->fd, fs->fdname);
610
611 fs->service = s;
612 LIST_PREPEND(fd_store, s->fd_store, TAKE_PTR(fs));
613 s->n_fd_store++;
614
615 return 1; /* fd newly stored */
616}
617
618static int service_add_fd_store_set(Service *s, FDSet *fds, const char *name, bool do_poll) {
619 int r;
620
621 assert(s);
622
623 for (;;) {
624 int fd;
625
626 fd = fdset_steal_first(fds);
627 if (fd < 0)
628 break;
629
630 r = service_add_fd_store(s, fd, name, do_poll);
631 if (r == -EXFULL)
632 return log_unit_warning_errno(UNIT(s), r,
633 "Cannot store more fds than FileDescriptorStoreMax=%u, closing remaining.",
634 s->n_fd_store_max);
635 if (r < 0)
636 return log_unit_error_errno(UNIT(s), r, "Failed to add fd to store: %m");
637 }
638
639 return 0;
640}
641
642static void service_remove_fd_store(Service *s, const char *name) {
643 assert(s);
644 assert(name);
645
646 LIST_FOREACH(fd_store, fs, s->fd_store) {
647 if (!streq(fs->fdname, name))
648 continue;
649
650 log_unit_debug(UNIT(s), "Got explicit request to remove fd %i (%s), closing.", fs->fd, name);
651 service_fd_store_unlink(fs);
652 }
653}
654
655static usec_t service_running_timeout(Service *s) {
656 usec_t delta = 0;
657
658 assert(s);
659
660 if (s->runtime_rand_extra_usec != 0) {
661 delta = random_u64_range(s->runtime_rand_extra_usec);
662 log_unit_debug(UNIT(s), "Adding delta of %s sec to timeout", FORMAT_TIMESPAN(delta, USEC_PER_SEC));
663 }
664
665 return usec_add(usec_add(UNIT(s)->active_enter_timestamp.monotonic,
666 s->runtime_max_usec),
667 delta);
668}
669
670static int service_arm_timer(Service *s, bool relative, usec_t usec) {
671 assert(s);
672
673 return unit_arm_timer(UNIT(s), &s->timer_event_source, relative, usec, service_dispatch_timer);
674}
675
676static int service_verify(Service *s) {
677 assert(s);
678 assert(UNIT(s)->load_state == UNIT_LOADED);
679
680 if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP] &&
681 UNIT(s)->success_action == EMERGENCY_ACTION_NONE)
682 /* FailureAction= only makes sense if one of the start or stop commands is specified.
683 * SuccessAction= will be executed unconditionally if no commands are specified. Hence,
684 * either a command or SuccessAction= are required. */
685 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), "Service has no ExecStart=, ExecStop=, or SuccessAction=. Refusing.");
686
687 if (s->type != SERVICE_ONESHOT && !s->exec_command[SERVICE_EXEC_START])
688 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), "Service has no ExecStart= setting, which is only allowed for Type=oneshot services. Refusing.");
689
690 if (!s->remain_after_exit && !s->exec_command[SERVICE_EXEC_START] && UNIT(s)->success_action == EMERGENCY_ACTION_NONE)
691 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), "Service has no ExecStart= and no SuccessAction= settings and does not have RemainAfterExit=yes set. Refusing.");
692
693 if (s->type != SERVICE_ONESHOT && s->exec_command[SERVICE_EXEC_START]->command_next)
694 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), "Service has more than one ExecStart= setting, which is only allowed for Type=oneshot services. Refusing.");
695
696 if (s->type == SERVICE_ONESHOT && IN_SET(s->restart, SERVICE_RESTART_ALWAYS, SERVICE_RESTART_ON_SUCCESS))
697 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), "Service has Restart= set to either always or on-success, which isn't allowed for Type=oneshot services. Refusing.");
698
699 if (s->type == SERVICE_ONESHOT && s->exit_type == SERVICE_EXIT_CGROUP)
700 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), "Service has ExitType=cgroup set, which isn't allowed for Type=oneshot services. Refusing.");
701
702 if (s->type == SERVICE_DBUS && !s->bus_name)
703 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), "Service is of type D-Bus but no D-Bus service name has been specified. Refusing.");
704
705 if (s->type == SERVICE_FORKING && exec_needs_pid_namespace(&s->exec_context, /* params= */ NULL))
706 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), "Service of Type=forking does not support PrivatePIDs=yes. Refusing.");
707
708 if (s->usb_function_descriptors && !s->usb_function_strings)
709 log_unit_warning(UNIT(s), "Service has USBFunctionDescriptors= setting, but no USBFunctionStrings=. Ignoring.");
710
711 if (!s->usb_function_descriptors && s->usb_function_strings)
712 log_unit_warning(UNIT(s), "Service has USBFunctionStrings= setting, but no USBFunctionDescriptors=. Ignoring.");
713
714 if (s->runtime_max_usec != USEC_INFINITY && s->type == SERVICE_ONESHOT)
715 log_unit_warning(UNIT(s), "RuntimeMaxSec= has no effect in combination with Type=oneshot. Ignoring.");
716
717 if (s->runtime_max_usec == USEC_INFINITY && s->runtime_rand_extra_usec != 0)
718 log_unit_warning(UNIT(s), "Service has RuntimeRandomizedExtraSec= setting, but no RuntimeMaxSec=. Ignoring.");
719
720 if (s->type == SERVICE_SIMPLE && s->exec_command[SERVICE_EXEC_START_POST] && exec_context_has_credentials(&s->exec_context))
721 log_unit_warning(UNIT(s), "Service uses a combination of Type=simple, ExecStartPost=, and credentials. This could lead to race conditions. Continuing.");
722
723 if (s->restart_max_delay_usec == USEC_INFINITY && s->restart_steps > 0)
724 log_unit_warning(UNIT(s), "Service has RestartSteps= but no RestartMaxDelaySec= setting. Ignoring.");
725
726 if (s->restart_max_delay_usec != USEC_INFINITY && s->restart_steps == 0)
727 log_unit_warning(UNIT(s), "Service has RestartMaxDelaySec= but no RestartSteps= setting. Ignoring.");
728
729 if (s->restart_max_delay_usec < s->restart_usec) {
730 log_unit_warning(UNIT(s), "RestartMaxDelaySec= has a value smaller than RestartSec=, resetting RestartSec= to RestartMaxDelaySec=.");
731 s->restart_usec = s->restart_max_delay_usec;
732 }
733
734 return 0;
735}
736
737static int service_add_default_dependencies(Service *s) {
738 int r;
739
740 assert(s);
741
742 if (!UNIT(s)->default_dependencies)
743 return 0;
744
745 /* Add a number of automatic dependencies useful for the
746 * majority of services. */
747
748 if (MANAGER_IS_SYSTEM(UNIT(s)->manager)) {
749 /* First, pull in the really early boot stuff, and
750 * require it, so that we fail if we can't acquire
751 * it. */
752
753 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, true, UNIT_DEPENDENCY_DEFAULT);
754 if (r < 0)
755 return r;
756 } else {
757
758 /* In the --user instance there's no sysinit.target,
759 * in that case require basic.target instead. */
760
761 r = unit_add_dependency_by_name(UNIT(s), UNIT_REQUIRES, SPECIAL_BASIC_TARGET, true, UNIT_DEPENDENCY_DEFAULT);
762 if (r < 0)
763 return r;
764 }
765
766 /* Second, if the rest of the base system is in the same
767 * transaction, order us after it, but do not pull it in or
768 * even require it. */
769 r = unit_add_dependency_by_name(UNIT(s), UNIT_AFTER, SPECIAL_BASIC_TARGET, true, UNIT_DEPENDENCY_DEFAULT);
770 if (r < 0)
771 return r;
772
773 /* Third, add us in for normal shutdown. */
774 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, true, UNIT_DEPENDENCY_DEFAULT);
775}
776
777static void service_fix_stdio(Service *s) {
778 assert(s);
779
780 /* Note that EXEC_INPUT_NULL and EXEC_OUTPUT_INHERIT play a special role here: they are both the
781 * default value that is subject to automatic overriding triggered by other settings and an explicit
782 * choice the user can make. We don't distinguish between these cases currently. */
783
784 if (s->exec_context.std_input == EXEC_INPUT_NULL &&
785 s->exec_context.stdin_data_size > 0)
786 s->exec_context.std_input = EXEC_INPUT_DATA;
787
788 if (IN_SET(s->exec_context.std_input,
789 EXEC_INPUT_TTY,
790 EXEC_INPUT_TTY_FORCE,
791 EXEC_INPUT_TTY_FAIL,
792 EXEC_INPUT_SOCKET,
793 EXEC_INPUT_NAMED_FD))
794 return;
795
796 /* We assume these listed inputs refer to bidirectional streams, and hence duplicating them from
797 * stdin to stdout/stderr makes sense and hence leaving EXEC_OUTPUT_INHERIT in place makes sense,
798 * too. Outputs such as regular files or sealed data memfds otoh don't really make sense to be
799 * duplicated for both input and output at the same time (since they then would cause a feedback
800 * loop), hence override EXEC_OUTPUT_INHERIT with the default stderr/stdout setting. */
801
802 if (s->exec_context.std_error == EXEC_OUTPUT_INHERIT &&
803 s->exec_context.std_output == EXEC_OUTPUT_INHERIT)
804 s->exec_context.std_error = UNIT(s)->manager->defaults.std_error;
805
806 if (s->exec_context.std_output == EXEC_OUTPUT_INHERIT)
807 s->exec_context.std_output = UNIT(s)->manager->defaults.std_output;
808}
809
810static int service_setup_bus_name(Service *s) {
811 int r;
812
813 assert(s);
814
815 /* If s->bus_name is not set, then the unit will be refused by service_verify() later. */
816 if (!s->bus_name)
817 return 0;
818
819 if (s->type == SERVICE_DBUS) {
820 r = unit_add_dependency_by_name(UNIT(s), UNIT_REQUIRES, SPECIAL_DBUS_SOCKET, true, UNIT_DEPENDENCY_FILE);
821 if (r < 0)
822 return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on %s: %m", SPECIAL_DBUS_SOCKET);
823
824 /* We always want to be ordered against dbus.socket if both are in the transaction. */
825 r = unit_add_dependency_by_name(UNIT(s), UNIT_AFTER, SPECIAL_DBUS_SOCKET, true, UNIT_DEPENDENCY_FILE);
826 if (r < 0)
827 return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on %s: %m", SPECIAL_DBUS_SOCKET);
828 }
829
830 r = unit_watch_bus_name(UNIT(s), s->bus_name);
831 if (r == -EEXIST)
832 return log_unit_error_errno(UNIT(s), r, "Two services allocated for the same bus name %s, refusing operation.", s->bus_name);
833 if (r < 0)
834 return log_unit_error_errno(UNIT(s), r, "Cannot watch bus name %s: %m", s->bus_name);
835
836 return 0;
837}
838
839static int service_add_extras(Service *s) {
840 int r;
841
842 assert(s);
843
844 if (s->type == _SERVICE_TYPE_INVALID) {
845 /* Figure out a type automatically */
846 if (s->bus_name)
847 s->type = SERVICE_DBUS;
848 else if (exec_context_has_credentials(&s->exec_context))
849 s->type = SERVICE_EXEC;
850 else if (s->exec_command[SERVICE_EXEC_START])
851 s->type = SERVICE_SIMPLE;
852 else
853 s->type = SERVICE_ONESHOT;
854 }
855
856 /* Oneshot services have disabled start timeout by default */
857 if (s->type == SERVICE_ONESHOT && !s->start_timeout_defined)
858 s->timeout_start_usec = USEC_INFINITY;
859
860 service_fix_stdio(s);
861
862 r = unit_patch_contexts(UNIT(s));
863 if (r < 0)
864 return r;
865
866 r = unit_add_exec_dependencies(UNIT(s), &s->exec_context);
867 if (r < 0)
868 return r;
869
870 r = unit_set_default_slice(UNIT(s));
871 if (r < 0)
872 return r;
873
874 /* If the service needs the notify socket, let's enable it automatically. */
875 if (s->notify_access == NOTIFY_NONE &&
876 (IN_SET(s->type, SERVICE_NOTIFY, SERVICE_NOTIFY_RELOAD) || s->watchdog_usec > 0 || s->n_fd_store_max > 0))
877 s->notify_access = NOTIFY_MAIN;
878
879 /* If no OOM policy was explicitly set, then default to the configure default OOM policy. Except when
880 * delegation is on, in that case it we assume the payload knows better what to do and can process
881 * things in a more focused way. */
882 if (s->oom_policy < 0)
883 s->oom_policy = s->cgroup_context.delegate ? OOM_CONTINUE : UNIT(s)->manager->defaults.oom_policy;
884
885 /* Let the kernel do the killing if that's requested. */
886 s->cgroup_context.memory_oom_group = s->oom_policy == OOM_KILL;
887
888 r = service_add_default_dependencies(s);
889 if (r < 0)
890 return r;
891
892 r = service_setup_bus_name(s);
893 if (r < 0)
894 return r;
895
896 return 0;
897}
898
899static int service_load(Unit *u) {
900 Service *s = ASSERT_PTR(SERVICE(u));
901 int r;
902
903 r = unit_load_fragment_and_dropin(u, true);
904 if (r < 0)
905 return r;
906
907 if (u->load_state != UNIT_LOADED)
908 return 0;
909
910 /* This is a new unit? Then let's add in some extras */
911 r = service_add_extras(s);
912 if (r < 0)
913 return r;
914
915 return service_verify(s);
916}
917
918static int service_dump_fd(int fd, const char *fdname, const char *header, FILE *f, const char *prefix) {
919 _cleanup_free_ char *path = NULL;
920 struct stat st;
921 int flags;
922
923 assert(fd >= 0);
924 assert(fdname);
925 assert(header);
926 assert(f);
927 assert(prefix);
928
929 if (fstat(fd, &st) < 0)
930 return log_debug_errno(errno, "Failed to stat service fd: %m");
931
932 flags = fcntl(fd, F_GETFL);
933 if (flags < 0)
934 return log_debug_errno(errno, "Failed to get service fd flags: %m");
935
936 (void) fd_get_path(fd, &path);
937
938 fprintf(f,
939 "%s%s '%s' (type=%s; dev=" DEVNUM_FORMAT_STR "; inode=%" PRIu64 "; rdev=" DEVNUM_FORMAT_STR "; path=%s; access=%s)\n",
940 prefix,
941 header,
942 fdname,
943 strna(inode_type_to_string(st.st_mode)),
944 DEVNUM_FORMAT_VAL(st.st_dev),
945 (uint64_t) st.st_ino,
946 DEVNUM_FORMAT_VAL(st.st_rdev),
947 strna(path),
948 strna(accmode_to_string(flags)));
949
950 return 0;
951}
952
953static void service_dump(Unit *u, FILE *f, const char *prefix) {
954 Service *s = ASSERT_PTR(SERVICE(u));
955 const char *prefix2;
956
957 prefix = strempty(prefix);
958 prefix2 = strjoina(prefix, "\t");
959
960 fprintf(f,
961 "%sService State: %s\n"
962 "%sResult: %s\n"
963 "%sReload Result: %s\n"
964 "%sClean Result: %s\n"
965 "%sLiveMount Result: %s\n"
966 "%sPermissionsStartOnly: %s\n"
967 "%sRootDirectoryStartOnly: %s\n"
968 "%sRemainAfterExit: %s\n"
969 "%sGuessMainPID: %s\n"
970 "%sType: %s\n"
971 "%sRestart: %s\n"
972 "%sNotifyAccess: %s\n"
973 "%sNotifyState: %s\n"
974 "%sOOMPolicy: %s\n"
975 "%sReloadSignal: %s\n",
976 prefix, service_state_to_string(s->state),
977 prefix, service_result_to_string(s->result),
978 prefix, service_result_to_string(s->reload_result),
979 prefix, service_result_to_string(s->live_mount_result),
980 prefix, service_result_to_string(s->clean_result),
981 prefix, yes_no(s->permissions_start_only),
982 prefix, yes_no(s->root_directory_start_only),
983 prefix, yes_no(s->remain_after_exit),
984 prefix, yes_no(s->guess_main_pid),
985 prefix, service_type_to_string(s->type),
986 prefix, service_restart_to_string(s->restart),
987 prefix, notify_access_to_string(service_get_notify_access(s)),
988 prefix, notify_state_to_string(s->notify_state),
989 prefix, oom_policy_to_string(s->oom_policy),
990 prefix, signal_to_string(s->reload_signal));
991
992 if (pidref_is_set(&s->control_pid))
993 fprintf(f,
994 "%sControl PID: "PID_FMT"\n",
995 prefix, s->control_pid.pid);
996
997 if (pidref_is_set(&s->main_pid))
998 fprintf(f,
999 "%sMain PID: "PID_FMT"\n"
1000 "%sMain PID Known: %s\n"
1001 "%sMain PID Alien: %s\n",
1002 prefix, s->main_pid.pid,
1003 prefix, yes_no(s->main_pid_known),
1004 prefix, yes_no(s->main_pid_alien));
1005
1006 if (s->pid_file)
1007 fprintf(f,
1008 "%sPIDFile: %s\n",
1009 prefix, s->pid_file);
1010
1011 if (s->bus_name)
1012 fprintf(f,
1013 "%sBusName: %s\n"
1014 "%sBus Name Good: %s\n",
1015 prefix, s->bus_name,
1016 prefix, yes_no(s->bus_name_good));
1017
1018 if (UNIT_ISSET(s->accept_socket))
1019 fprintf(f,
1020 "%sAccept Socket: %s\n",
1021 prefix, UNIT_DEREF(s->accept_socket)->id);
1022
1023 fprintf(f,
1024 "%sRestartSec: %s\n"
1025 "%sRestartSteps: %u\n"
1026 "%sRestartMaxDelaySec: %s\n"
1027 "%sTimeoutStartSec: %s\n"
1028 "%sTimeoutStopSec: %s\n"
1029 "%sTimeoutStartFailureMode: %s\n"
1030 "%sTimeoutStopFailureMode: %s\n",
1031 prefix, FORMAT_TIMESPAN(s->restart_usec, USEC_PER_SEC),
1032 prefix, s->restart_steps,
1033 prefix, FORMAT_TIMESPAN(s->restart_max_delay_usec, USEC_PER_SEC),
1034 prefix, FORMAT_TIMESPAN(s->timeout_start_usec, USEC_PER_SEC),
1035 prefix, FORMAT_TIMESPAN(s->timeout_stop_usec, USEC_PER_SEC),
1036 prefix, service_timeout_failure_mode_to_string(s->timeout_start_failure_mode),
1037 prefix, service_timeout_failure_mode_to_string(s->timeout_stop_failure_mode));
1038
1039 if (s->timeout_abort_set)
1040 fprintf(f,
1041 "%sTimeoutAbortSec: %s\n",
1042 prefix, FORMAT_TIMESPAN(s->timeout_abort_usec, USEC_PER_SEC));
1043
1044 fprintf(f,
1045 "%sRuntimeMaxSec: %s\n"
1046 "%sRuntimeRandomizedExtraSec: %s\n"
1047 "%sWatchdogSec: %s\n",
1048 prefix, FORMAT_TIMESPAN(s->runtime_max_usec, USEC_PER_SEC),
1049 prefix, FORMAT_TIMESPAN(s->runtime_rand_extra_usec, USEC_PER_SEC),
1050 prefix, FORMAT_TIMESPAN(s->watchdog_usec, USEC_PER_SEC));
1051
1052 kill_context_dump(&s->kill_context, f, prefix);
1053 exec_context_dump(&s->exec_context, f, prefix);
1054
1055 for (ServiceExecCommand c = 0; c < _SERVICE_EXEC_COMMAND_MAX; c++) {
1056 if (!s->exec_command[c])
1057 continue;
1058
1059 fprintf(f, "%s%s %s:\n",
1060 prefix, glyph(GLYPH_ARROW_RIGHT), service_exec_command_to_string(c));
1061
1062 exec_command_dump_list(s->exec_command[c], f, prefix2);
1063 }
1064
1065 if (s->status_text)
1066 fprintf(f, "%sStatus Text: %s\n",
1067 prefix, s->status_text);
1068
1069 if (s->status_errno > 0)
1070 fprintf(f, "%sStatus Errno: %s\n",
1071 prefix, STRERROR(s->status_errno));
1072
1073 if (s->status_bus_error)
1074 fprintf(f, "%sStatus Bus Error: %s\n",
1075 prefix, s->status_bus_error);
1076
1077 if (s->status_varlink_error)
1078 fprintf(f, "%sStatus Varlink Error: %s\n",
1079 prefix, s->status_varlink_error);
1080
1081 if (s->n_fd_store_max > 0) {
1082 fprintf(f,
1083 "%sFile Descriptor Store Max: %u\n"
1084 "%sFile Descriptor Store Pin: %s\n"
1085 "%sFile Descriptor Store Current: %zu\n",
1086 prefix, s->n_fd_store_max,
1087 prefix, exec_preserve_mode_to_string(s->fd_store_preserve_mode),
1088 prefix, s->n_fd_store);
1089
1090 LIST_FOREACH(fd_store, i, s->fd_store)
1091 (void) service_dump_fd(i->fd,
1092 i->fdname,
1093 i == s->fd_store ? "File Descriptor Store Entry:" : " ",
1094 f,
1095 prefix);
1096 }
1097
1098 FOREACH_ARRAY(i, s->extra_fds, s->n_extra_fds)
1099 (void) service_dump_fd(i->fd,
1100 i->fdname,
1101 i == s->extra_fds ? "Extra File Descriptor Entry:" : " ",
1102 f,
1103 prefix);
1104
1105 if (s->open_files)
1106 LIST_FOREACH(open_files, of, s->open_files) {
1107 _cleanup_free_ char *ofs = NULL;
1108 int r;
1109
1110 r = open_file_to_string(of, &ofs);
1111 if (r < 0) {
1112 log_debug_errno(r,
1113 "Failed to convert OpenFile= setting to string, ignoring: %m");
1114 continue;
1115 }
1116
1117 fprintf(f, "%sOpen File: %s\n", prefix, ofs);
1118 }
1119
1120 cgroup_context_dump(UNIT(s), f, prefix);
1121}
1122
1123static int service_is_suitable_main_pid(Service *s, PidRef *pid, int prio) {
1124 Unit *owner;
1125 int r;
1126
1127 assert(s);
1128 assert(pidref_is_set(pid));
1129
1130 /* Checks whether the specified PID is suitable as main PID for this service. returns negative if not, 0 if the
1131 * PID is questionnable but should be accepted if the source of configuration is trusted. > 0 if the PID is
1132 * good */
1133
1134 if (pidref_is_self(pid) || pid->pid == 1)
1135 return log_unit_full_errno(UNIT(s), prio, SYNTHETIC_ERRNO(EPERM), "New main PID "PID_FMT" is the manager, refusing.", pid->pid);
1136
1137 if (pidref_equal(pid, &s->control_pid))
1138 return log_unit_full_errno(UNIT(s), prio, SYNTHETIC_ERRNO(EPERM), "New main PID "PID_FMT" is the control process, refusing.", pid->pid);
1139
1140 r = pidref_is_alive(pid);
1141 if (r < 0)
1142 return log_unit_full_errno(UNIT(s), prio, r, "Failed to check if main PID "PID_FMT" exists or is a zombie: %m", pid->pid);
1143 if (r == 0)
1144 return log_unit_full_errno(UNIT(s), prio, SYNTHETIC_ERRNO(ESRCH), "New main PID "PID_FMT" does not exist or is a zombie.", pid->pid);
1145
1146 owner = manager_get_unit_by_pidref(UNIT(s)->manager, pid);
1147 if (owner == UNIT(s)) {
1148 log_unit_debug(UNIT(s), "New main PID "PID_FMT" belongs to service, we are happy.", pid->pid);
1149 return 1; /* Yay, it's definitely a good PID */
1150 }
1151
1152 return 0; /* Hmm it's a suspicious PID, let's accept it if configuration source is trusted */
1153}
1154
1155static int service_load_pid_file(Service *s, bool may_warn) {
1156 _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
1157 _cleanup_fclose_ FILE *f = NULL;
1158 _cleanup_free_ char *k = NULL;
1159 bool questionable_pid_file = false;
1160 int r, prio = may_warn ? LOG_INFO : LOG_DEBUG;
1161
1162 assert(s);
1163
1164 if (!s->pid_file)
1165 return -ENOENT;
1166
1167 r = chase_and_fopen_unlocked(s->pid_file, NULL, CHASE_SAFE, "re", NULL, &f);
1168 if (r == -ENOLINK) {
1169 log_unit_debug_errno(UNIT(s), r,
1170 "Potentially unsafe symlink chain, will now retry with relaxed checks: %s", s->pid_file);
1171
1172 questionable_pid_file = true;
1173
1174 r = chase_and_fopen_unlocked(s->pid_file, NULL, 0, "re", NULL, &f);
1175 }
1176 if (r < 0)
1177 return log_unit_full_errno(UNIT(s), prio, r,
1178 "Can't open PID file '%s' (yet?) after %s: %m", s->pid_file, service_state_to_string(s->state));
1179
1180 /* Let's read the PID file now that we chased it down. */
1181 r = read_line(f, LINE_MAX, &k);
1182 if (r < 0)
1183 return log_unit_error_errno(UNIT(s), r, "Failed to read PID file '%s': %m", s->pid_file);
1184
1185 r = pidref_set_pidstr(&pidref, k);
1186 if (r < 0)
1187 return log_unit_full_errno(UNIT(s), prio, r, "Failed to create reference to PID %s from file '%s': %m", k, s->pid_file);
1188
1189 if (s->main_pid_known && pidref_equal(&pidref, &s->main_pid))
1190 return 0;
1191
1192 r = service_is_suitable_main_pid(s, &pidref, prio);
1193 if (r < 0)
1194 return r;
1195 if (r == 0) {
1196 struct stat st;
1197
1198 if (questionable_pid_file)
1199 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(EPERM),
1200 "Refusing to accept PID outside of service control group, acquired through unsafe symlink chain: %s", s->pid_file);
1201
1202 /* Hmm, it's not clear if the new main PID is safe. Let's allow this if the PID file is owned by root */
1203
1204 if (fstat(fileno(f), &st) < 0)
1205 return log_unit_error_errno(UNIT(s), errno, "Failed to fstat() PID file '%s': %m", s->pid_file);
1206
1207 if (st.st_uid != 0)
1208 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(EPERM),
1209 "New main PID "PID_FMT" from PID file does not belong to service, and PID file is not owned by root. Refusing.", pidref.pid);
1210
1211 log_unit_debug(UNIT(s), "New main PID "PID_FMT" does not belong to service, accepting anyway since PID file is owned by root.", pidref.pid);
1212 }
1213
1214 if (s->main_pid_known) {
1215 log_unit_debug(UNIT(s), "Main PID changing: "PID_FMT" -> "PID_FMT, s->main_pid.pid, pidref.pid);
1216
1217 service_unwatch_main_pid(s);
1218 s->main_pid_known = false;
1219 } else
1220 log_unit_debug(UNIT(s), "Main PID loaded: "PID_FMT, pidref.pid);
1221
1222 r = service_set_main_pidref(s, TAKE_PIDREF(pidref), /* start_timestamp = */ NULL);
1223 if (r < 0)
1224 return r;
1225
1226 r = unit_watch_pidref(UNIT(s), &s->main_pid, /* exclusive= */ false);
1227 if (r < 0) /* FIXME: we need to do something here */
1228 return log_unit_warning_errno(UNIT(s), r, "Failed to watch PID "PID_FMT" for service: %m", s->main_pid.pid);
1229
1230 return 1;
1231}
1232
1233static void service_search_main_pid(Service *s) {
1234 _cleanup_(pidref_done) PidRef pid = PIDREF_NULL;
1235 int r;
1236
1237 assert(s);
1238
1239 /* If we know it anyway, don't ever fall back to unreliable heuristics */
1240 if (s->main_pid_known)
1241 return;
1242
1243 if (!s->guess_main_pid)
1244 return;
1245
1246 assert(!pidref_is_set(&s->main_pid));
1247
1248 if (unit_search_main_pid(UNIT(s), &pid) < 0)
1249 return;
1250
1251 log_unit_debug(UNIT(s), "Main PID guessed: "PID_FMT, pid.pid);
1252 if (service_set_main_pidref(s, TAKE_PIDREF(pid), /* start_timestamp = */ NULL) < 0)
1253 return;
1254
1255 r = unit_watch_pidref(UNIT(s), &s->main_pid, /* exclusive= */ false);
1256 if (r < 0)
1257 /* FIXME: we need to do something here */
1258 log_unit_warning_errno(UNIT(s), r, "Failed to watch main PID "PID_FMT": %m", s->main_pid.pid);
1259}
1260
1261static void service_set_state(Service *s, ServiceState state) {
1262 Unit *u = UNIT(ASSERT_PTR(s));
1263 ServiceState old_state;
1264 const UnitActiveState *table;
1265
1266 if (s->state != state)
1267 bus_unit_send_pending_change_signal(u, false);
1268
1269 table = s->type == SERVICE_IDLE ? state_translation_table_idle : state_translation_table;
1270
1271 old_state = s->state;
1272 s->state = state;
1273
1274 service_unwatch_pid_file(s);
1275
1276 if (!IN_SET(state,
1277 SERVICE_CONDITION, SERVICE_START_PRE, SERVICE_START, SERVICE_START_POST,
1278 SERVICE_RUNNING,
1279 SERVICE_RELOAD, SERVICE_RELOAD_SIGNAL, SERVICE_RELOAD_NOTIFY, SERVICE_REFRESH_EXTENSIONS,
1280 SERVICE_MOUNTING,
1281 SERVICE_STOP, SERVICE_STOP_WATCHDOG, SERVICE_STOP_SIGTERM, SERVICE_STOP_SIGKILL, SERVICE_STOP_POST,
1282 SERVICE_FINAL_WATCHDOG, SERVICE_FINAL_SIGTERM, SERVICE_FINAL_SIGKILL,
1283 SERVICE_AUTO_RESTART,
1284 SERVICE_CLEANING))
1285 s->timer_event_source = sd_event_source_disable_unref(s->timer_event_source);
1286
1287 if (!SERVICE_STATE_WITH_MAIN_PROCESS(state)) {
1288 service_unwatch_main_pid(s);
1289 s->main_command = NULL;
1290 }
1291
1292 if (!SERVICE_STATE_WITH_CONTROL_PROCESS(state)) {
1293 service_unwatch_control_pid(s);
1294 s->control_command = NULL;
1295 s->control_command_id = _SERVICE_EXEC_COMMAND_INVALID;
1296 }
1297
1298 if (IN_SET(state,
1299 SERVICE_DEAD, SERVICE_FAILED,
1300 SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_FAILED_BEFORE_AUTO_RESTART, SERVICE_AUTO_RESTART, SERVICE_AUTO_RESTART_QUEUED,
1301 SERVICE_DEAD_RESOURCES_PINNED))
1302 unit_unwatch_all_pids(u);
1303
1304 if (state != SERVICE_START)
1305 s->exec_fd_event_source = sd_event_source_disable_unref(s->exec_fd_event_source);
1306
1307 if (!IN_SET(state, SERVICE_START_POST, SERVICE_RUNNING, SERVICE_RELOAD, SERVICE_RELOAD_SIGNAL, SERVICE_RELOAD_NOTIFY, SERVICE_REFRESH_EXTENSIONS, SERVICE_MOUNTING))
1308 service_stop_watchdog(s);
1309
1310 if (state != SERVICE_MOUNTING) /* Just in case */
1311 s->mount_request = sd_bus_message_unref(s->mount_request);
1312
1313 if (state == SERVICE_EXITED && !MANAGER_IS_RELOADING(u->manager)) {
1314 /* For the inactive states unit_notify() will trim the cgroup. But for exit we have to
1315 * do that ourselves... */
1316 unit_prune_cgroup(u);
1317
1318 /* If none of ExecReload= and ExecStop*= is used, we can safely destroy runtime data
1319 * as soon as the service enters SERVICE_EXITED. This saves us from keeping the credential mount
1320 * for the whole duration of the oneshot service while no processes are actually running,
1321 * among other things. */
1322
1323 bool start_only = true;
1324 for (ServiceExecCommand c = SERVICE_EXEC_RELOAD; c < _SERVICE_EXEC_COMMAND_MAX; c++)
1325 if (s->exec_command[c]) {
1326 start_only = false;
1327 break;
1328 }
1329
1330 if (start_only)
1331 unit_destroy_runtime_data(u, &s->exec_context, /* destroy_runtime_dir = */ false);
1332 }
1333
1334 if (old_state != state)
1335 log_unit_debug(u, "Changed %s -> %s", service_state_to_string(old_state), service_state_to_string(state));
1336
1337 unit_notify(u, table[old_state], table[state], s->reload_result == SERVICE_SUCCESS);
1338}
1339
1340static usec_t service_coldplug_timeout(Service *s) {
1341 assert(s);
1342
1343 switch (s->deserialized_state) {
1344
1345 case SERVICE_CONDITION:
1346 case SERVICE_START_PRE:
1347 case SERVICE_START:
1348 case SERVICE_START_POST:
1349 case SERVICE_RELOAD:
1350 case SERVICE_RELOAD_SIGNAL:
1351 case SERVICE_RELOAD_NOTIFY:
1352 case SERVICE_REFRESH_EXTENSIONS:
1353 case SERVICE_MOUNTING:
1354 return usec_add(UNIT(s)->state_change_timestamp.monotonic, s->timeout_start_usec);
1355
1356 case SERVICE_RUNNING:
1357 return service_running_timeout(s);
1358
1359 case SERVICE_STOP:
1360 case SERVICE_STOP_SIGTERM:
1361 case SERVICE_STOP_SIGKILL:
1362 case SERVICE_STOP_POST:
1363 case SERVICE_FINAL_SIGTERM:
1364 case SERVICE_FINAL_SIGKILL:
1365 return usec_add(UNIT(s)->state_change_timestamp.monotonic, s->timeout_stop_usec);
1366
1367 case SERVICE_STOP_WATCHDOG:
1368 case SERVICE_FINAL_WATCHDOG:
1369 return usec_add(UNIT(s)->state_change_timestamp.monotonic, service_timeout_abort_usec(s));
1370
1371 case SERVICE_AUTO_RESTART:
1372 return usec_add(UNIT(s)->inactive_enter_timestamp.monotonic, service_restart_usec_next(s));
1373
1374 case SERVICE_CLEANING:
1375 return usec_add(UNIT(s)->state_change_timestamp.monotonic, s->exec_context.timeout_clean_usec);
1376
1377 default:
1378 return USEC_INFINITY;
1379 }
1380}
1381
1382static int service_coldplug(Unit *u) {
1383 Service *s = SERVICE(u);
1384 int r;
1385
1386 assert(s);
1387 assert(s->state == SERVICE_DEAD);
1388
1389 if (s->deserialized_state == s->state)
1390 return 0;
1391
1392 r = service_arm_timer(s, /* relative= */ false, service_coldplug_timeout(s));
1393 if (r < 0)
1394 return r;
1395
1396 if (pidref_is_set(&s->main_pid) &&
1397 pidref_is_unwaited(&s->main_pid) > 0 &&
1398 SERVICE_STATE_WITH_MAIN_PROCESS(s->deserialized_state)) {
1399 r = unit_watch_pidref(UNIT(s), &s->main_pid, /* exclusive= */ false);
1400 if (r < 0)
1401 return r;
1402 }
1403
1404 if (pidref_is_set(&s->control_pid) &&
1405 pidref_is_unwaited(&s->control_pid) > 0 &&
1406 SERVICE_STATE_WITH_CONTROL_PROCESS(s->deserialized_state)) {
1407 r = unit_watch_pidref(UNIT(s), &s->control_pid, /* exclusive= */ false);
1408 if (r < 0)
1409 return r;
1410 }
1411
1412 if (!IN_SET(s->deserialized_state,
1413 SERVICE_DEAD, SERVICE_FAILED,
1414 SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_FAILED_BEFORE_AUTO_RESTART, SERVICE_AUTO_RESTART, SERVICE_AUTO_RESTART_QUEUED,
1415 SERVICE_CLEANING,
1416 SERVICE_DEAD_RESOURCES_PINNED))
1417 (void) unit_setup_exec_runtime(u);
1418
1419 if (IN_SET(s->deserialized_state, SERVICE_START_POST, SERVICE_RUNNING, SERVICE_RELOAD, SERVICE_RELOAD_SIGNAL, SERVICE_RELOAD_NOTIFY, SERVICE_REFRESH_EXTENSIONS, SERVICE_MOUNTING))
1420 service_start_watchdog(s);
1421
1422 if (UNIT_ISSET(s->accept_socket)) {
1423 Socket *socket = SOCKET(UNIT_DEREF(s->accept_socket));
1424
1425 if (socket->max_connections_per_source > 0) {
1426 SocketPeer *peer;
1427
1428 /* Make a best-effort attempt at bumping the connection count */
1429 if (socket_acquire_peer(socket, s->socket_fd, &peer) > 0) {
1430 socket_peer_unref(s->socket_peer);
1431 s->socket_peer = peer;
1432 }
1433 }
1434 }
1435
1436 service_set_state(s, s->deserialized_state);
1437 return 0;
1438}
1439
1440static int service_collect_fds(
1441 Service *s,
1442 int **fds,
1443 char ***fd_names,
1444 size_t *n_socket_fds,
1445 size_t *n_storage_fds,
1446 size_t *n_extra_fds) {
1447
1448 _cleanup_strv_free_ char **rfd_names = NULL;
1449 _cleanup_free_ int *rfds = NULL;
1450 size_t rn_socket_fds = 0;
1451 int r;
1452
1453 assert(s);
1454 assert(fds);
1455 assert(fd_names);
1456 assert(n_socket_fds);
1457 assert(n_storage_fds);
1458 assert(n_extra_fds);
1459
1460 if (s->socket_fd >= 0) {
1461 Socket *sock = ASSERT_PTR(SOCKET(UNIT_DEREF(s->accept_socket)));
1462
1463 /* Pass the per-connection socket */
1464
1465 rfds = newdup(int, &s->socket_fd, 1);
1466 if (!rfds)
1467 return -ENOMEM;
1468
1469 rfd_names = strv_new(socket_fdname(sock));
1470 if (!rfd_names)
1471 return -ENOMEM;
1472
1473 rn_socket_fds = 1;
1474 } else {
1475 /* Pass all our configured sockets for singleton services */
1476
1477 Unit *u;
1478 UNIT_FOREACH_DEPENDENCY(u, UNIT(s), UNIT_ATOM_TRIGGERED_BY) {
1479 _cleanup_free_ int *cfds = NULL;
1480 int cn_fds;
1481 Socket *sock;
1482
1483 sock = SOCKET(u);
1484 if (!sock)
1485 continue;
1486
1487 cn_fds = socket_collect_fds(sock, &cfds);
1488 if (cn_fds < 0)
1489 return cn_fds;
1490 if (cn_fds == 0)
1491 continue;
1492
1493 if (!rfds) {
1494 rfds = TAKE_PTR(cfds);
1495 rn_socket_fds = cn_fds;
1496 } else if (!GREEDY_REALLOC_APPEND(rfds, rn_socket_fds, cfds, cn_fds))
1497 return -ENOMEM;
1498
1499 r = strv_extend_n(&rfd_names, socket_fdname(sock), cn_fds);
1500 if (r < 0)
1501 return r;
1502 }
1503 }
1504
1505 if (s->n_fd_store + s->n_extra_fds > 0) {
1506 int *t = reallocarray(rfds, rn_socket_fds + s->n_fd_store + s->n_extra_fds, sizeof(int));
1507 if (!t)
1508 return -ENOMEM;
1509 rfds = t;
1510
1511 char **nl = reallocarray(rfd_names, rn_socket_fds + s->n_fd_store + s->n_extra_fds + 1, sizeof(char *));
1512 if (!nl)
1513 return -ENOMEM;
1514 rfd_names = nl;
1515
1516 size_t n_fds = rn_socket_fds;
1517
1518 LIST_FOREACH(fd_store, fs, s->fd_store) {
1519 rfds[n_fds] = fs->fd;
1520 rfd_names[n_fds] = strdup(fs->fdname);
1521 if (!rfd_names[n_fds])
1522 return -ENOMEM;
1523
1524 n_fds++;
1525 }
1526
1527 FOREACH_ARRAY(i, s->extra_fds, s->n_extra_fds) {
1528 rfds[n_fds] = i->fd;
1529 rfd_names[n_fds] = strdup(i->fdname);
1530 if (!rfd_names[n_fds])
1531 return -ENOMEM;
1532
1533 n_fds++;
1534 }
1535
1536 rfd_names[n_fds] = NULL;
1537 }
1538
1539 *fds = TAKE_PTR(rfds);
1540 *fd_names = TAKE_PTR(rfd_names);
1541 *n_socket_fds = rn_socket_fds;
1542 *n_storage_fds = s->n_fd_store;
1543 *n_extra_fds = s->n_extra_fds;
1544
1545 return 0;
1546}
1547
1548static int service_allocate_exec_fd_event_source(
1549 Service *s,
1550 int fd,
1551 sd_event_source **ret_event_source) {
1552
1553 _cleanup_(sd_event_source_unrefp) sd_event_source *source = NULL;
1554 int r;
1555
1556 assert(s);
1557 assert(fd >= 0);
1558 assert(ret_event_source);
1559
1560 r = sd_event_add_io(UNIT(s)->manager->event, &source, fd, 0, service_dispatch_exec_io, s);
1561 if (r < 0)
1562 return log_unit_error_errno(UNIT(s), r, "Failed to allocate exec_fd event source: %m");
1563
1564 /* This is a bit higher priority than SIGCHLD, to make sure we don't confuse the case "failed to
1565 * start" from the case "succeeded to start, but failed immediately after". */
1566
1567 r = sd_event_source_set_priority(source, EVENT_PRIORITY_EXEC_FD);
1568 if (r < 0)
1569 return log_unit_error_errno(UNIT(s), r, "Failed to adjust priority of exec_fd event source: %m");
1570
1571 (void) sd_event_source_set_description(source, "service exec_fd");
1572
1573 r = sd_event_source_set_io_fd_own(source, true);
1574 if (r < 0)
1575 return log_unit_error_errno(UNIT(s), r, "Failed to pass ownership of fd to event source: %m");
1576
1577 *ret_event_source = TAKE_PTR(source);
1578 return 0;
1579}
1580
1581static int service_allocate_exec_fd(
1582 Service *s,
1583 sd_event_source **ret_event_source,
1584 int *ret_exec_fd) {
1585
1586 _cleanup_close_pair_ int p[] = EBADF_PAIR;
1587 int r;
1588
1589 assert(s);
1590 assert(ret_event_source);
1591 assert(ret_exec_fd);
1592
1593 if (pipe2(p, O_CLOEXEC|O_NONBLOCK) < 0)
1594 return log_unit_error_errno(UNIT(s), errno, "Failed to allocate exec_fd pipe: %m");
1595
1596 r = service_allocate_exec_fd_event_source(s, p[0], ret_event_source);
1597 if (r < 0)
1598 return r;
1599
1600 TAKE_FD(p[0]);
1601 *ret_exec_fd = TAKE_FD(p[1]);
1602
1603 return 0;
1604}
1605
1606static bool service_exec_needs_notify_socket(Service *s, ExecFlags flags) {
1607 assert(s);
1608
1609 /* Notifications are accepted depending on the process and
1610 * the access setting of the service:
1611 * process: \ access: NONE MAIN EXEC ALL
1612 * main no yes yes yes
1613 * control no no yes yes
1614 * other (forked) no no no yes */
1615
1616 if (flags & EXEC_IS_CONTROL)
1617 /* A control process */
1618 return IN_SET(service_get_notify_access(s), NOTIFY_EXEC, NOTIFY_ALL);
1619
1620 /* We only spawn main processes and control processes, so any
1621 * process that is not a control process is a main process */
1622 return service_get_notify_access(s) != NOTIFY_NONE;
1623}
1624
1625static Service *service_get_triggering_service(Service *s) {
1626 Unit *candidate = NULL, *other;
1627
1628 assert(s);
1629
1630 /* Return the service which triggered service 's', this means dependency
1631 * types which include the UNIT_ATOM_ON_{FAILURE,SUCCESS}_OF atoms.
1632 *
1633 * N.B. if there are multiple services which could trigger 's' via OnFailure=
1634 * or OnSuccess= then we return NULL. This is since we don't know from which
1635 * one to propagate the exit status. */
1636
1637 UNIT_FOREACH_DEPENDENCY(other, UNIT(s), UNIT_ATOM_ON_SUCCESS_OF|UNIT_ATOM_ON_FAILURE_OF) {
1638 if (candidate)
1639 goto have_other;
1640 candidate = other;
1641 }
1642
1643 return SERVICE(candidate);
1644
1645 have_other:
1646 log_unit_warning(UNIT(s), "multiple trigger source candidates for exit status propagation (%s, %s), skipping.",
1647 candidate->id, other->id);
1648 return NULL;
1649}
1650
1651static ExecFlags service_exec_flags(ServiceExecCommand command_id, ExecFlags cred_flag) {
1652 /* All service main/control processes honor sandboxing and namespacing options (except those
1653 explicitly excluded in service_spawn()) */
1654 ExecFlags flags = EXEC_APPLY_SANDBOXING|EXEC_APPLY_CHROOT;
1655
1656 assert(command_id >= 0);
1657 assert(command_id < _SERVICE_EXEC_COMMAND_MAX);
1658 assert((cred_flag & ~(EXEC_SETUP_CREDENTIALS_FRESH|EXEC_SETUP_CREDENTIALS)) == 0);
1659 assert((cred_flag != 0) == (command_id == SERVICE_EXEC_START));
1660
1661 /* Control processes spawned before main process also get tty access */
1662 if (IN_SET(command_id, SERVICE_EXEC_CONDITION, SERVICE_EXEC_START_PRE, SERVICE_EXEC_START))
1663 flags |= EXEC_APPLY_TTY_STDIN;
1664
1665 /* All start phases get access to credentials. ExecStartPre= gets a new credential store upon
1666 * every invocation, so that updating credential files through it works. When the first main process
1667 * starts, passed creds become stable. Also see 'cred_flag'. */
1668 if (command_id == SERVICE_EXEC_START_PRE)
1669 flags |= EXEC_SETUP_CREDENTIALS_FRESH;
1670 if (command_id == SERVICE_EXEC_START_POST)
1671 flags |= EXEC_SETUP_CREDENTIALS;
1672
1673 if (IN_SET(command_id, SERVICE_EXEC_START_PRE, SERVICE_EXEC_START))
1674 flags |= EXEC_SETENV_MONITOR_RESULT;
1675
1676 if (command_id == SERVICE_EXEC_START)
1677 return flags|cred_flag|EXEC_PASS_FDS|EXEC_SET_WATCHDOG;
1678
1679 flags |= EXEC_IS_CONTROL;
1680
1681 /* Put control processes spawned later than main process under .control sub-cgroup if appropriate */
1682 if (!IN_SET(command_id, SERVICE_EXEC_CONDITION, SERVICE_EXEC_START_PRE))
1683 flags |= EXEC_CONTROL_CGROUP;
1684
1685 if (IN_SET(command_id, SERVICE_EXEC_STOP, SERVICE_EXEC_STOP_POST))
1686 flags |= EXEC_SETENV_RESULT;
1687
1688 return flags;
1689}
1690
1691static int service_spawn_internal(
1692 const char *caller,
1693 Service *s,
1694 ExecCommand *c,
1695 ExecFlags flags,
1696 usec_t timeout,
1697 PidRef *ret_pid) {
1698
1699 _cleanup_(exec_params_shallow_clear) ExecParameters exec_params = EXEC_PARAMETERS_INIT(flags);
1700 _cleanup_(sd_event_source_unrefp) sd_event_source *exec_fd_source = NULL;
1701 _cleanup_strv_free_ char **final_env = NULL, **our_env = NULL;
1702 _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
1703 size_t n_env = 0;
1704 int r;
1705
1706 assert(caller);
1707 assert(s);
1708 assert(c);
1709 assert(ret_pid);
1710
1711 log_unit_debug(UNIT(s), "Will spawn child (%s): %s", caller, c->path);
1712
1713 r = unit_prepare_exec(UNIT(s)); /* This realizes the cgroup, among other things */
1714 if (r < 0)
1715 return r;
1716
1717 assert(!s->exec_fd_event_source);
1718
1719 if (FLAGS_SET(exec_params.flags, EXEC_IS_CONTROL)) {
1720 /* If this is a control process, mask the permissions/chroot application if this is requested. */
1721 if (s->permissions_start_only)
1722 exec_params.flags &= ~EXEC_APPLY_SANDBOXING;
1723 if (s->root_directory_start_only)
1724 exec_params.flags &= ~EXEC_APPLY_CHROOT;
1725 }
1726
1727 if (FLAGS_SET(exec_params.flags, EXEC_PASS_FDS) ||
1728 s->exec_context.std_input == EXEC_INPUT_SOCKET ||
1729 s->exec_context.std_output == EXEC_OUTPUT_SOCKET ||
1730 s->exec_context.std_error == EXEC_OUTPUT_SOCKET) {
1731
1732 r = service_collect_fds(s,
1733 &exec_params.fds,
1734 &exec_params.fd_names,
1735 &exec_params.n_socket_fds,
1736 &exec_params.n_storage_fds,
1737 &exec_params.n_extra_fds);
1738 if (r < 0)
1739 return r;
1740
1741 exec_params.open_files = s->open_files;
1742
1743 exec_params.flags |= EXEC_PASS_FDS;
1744
1745 log_unit_debug(UNIT(s), "Passing %zu fds to service", exec_params.n_socket_fds + exec_params.n_storage_fds + exec_params.n_extra_fds);
1746 }
1747
1748 if (!FLAGS_SET(exec_params.flags, EXEC_IS_CONTROL) && s->type == SERVICE_EXEC) {
1749 r = service_allocate_exec_fd(s, &exec_fd_source, &exec_params.exec_fd);
1750 if (r < 0)
1751 return r;
1752 }
1753
1754 r = service_arm_timer(s, /* relative= */ true, timeout);
1755 if (r < 0)
1756 return r;
1757
1758 our_env = new0(char*, 16);
1759 if (!our_env)
1760 return -ENOMEM;
1761
1762 if (service_exec_needs_notify_socket(s, exec_params.flags)) {
1763 exec_params.notify_socket = UNIT(s)->manager->notify_socket;
1764
1765 if (s->n_fd_store_max > 0)
1766 if (asprintf(our_env + n_env++, "FDSTORE=%u", s->n_fd_store_max) < 0)
1767 return -ENOMEM;
1768 }
1769
1770 if (pidref_is_set(&s->main_pid)) {
1771 if (asprintf(our_env + n_env++, "MAINPID="PID_FMT, s->main_pid.pid) < 0)
1772 return -ENOMEM;
1773
1774 if (pidref_acquire_pidfd_id(&s->main_pid) >= 0)
1775 if (asprintf(our_env + n_env++, "MAINPIDFDID=%" PRIu64, s->main_pid.fd_id) < 0)
1776 return -ENOMEM;
1777 }
1778
1779 if (MANAGER_IS_USER(UNIT(s)->manager)) {
1780 if (asprintf(our_env + n_env++, "MANAGERPID="PID_FMT, getpid_cached()) < 0)
1781 return -ENOMEM;
1782
1783 uint64_t pidfdid;
1784 if (pidfd_get_inode_id_self_cached(&pidfdid) >= 0)
1785 if (asprintf(our_env + n_env++, "MANAGERPIDFDID=%" PRIu64, pidfdid) < 0)
1786 return -ENOMEM;
1787 }
1788
1789 if (s->pid_file)
1790 if (asprintf(our_env + n_env++, "PIDFILE=%s", s->pid_file) < 0)
1791 return -ENOMEM;
1792
1793 if (s->socket_fd >= 0) {
1794 union sockaddr_union sa;
1795 socklen_t salen = sizeof(sa);
1796
1797 /* If this is a per-connection service instance, let's set $REMOTE_ADDR and $REMOTE_PORT to something
1798 * useful. Note that we do this only when we are still connected at this point in time, which we might
1799 * very well not be. Hence we ignore all errors when retrieving peer information (as that might result
1800 * in ENOTCONN), and just use whate we can use. */
1801
1802 if (getpeername(s->socket_fd, &sa.sa, &salen) >= 0 &&
1803 IN_SET(sa.sa.sa_family, AF_INET, AF_INET6, AF_VSOCK, AF_UNIX)) {
1804 _cleanup_free_ char *addr = NULL;
1805 char *t;
1806
1807 r = sockaddr_pretty(&sa.sa, salen, /* translate_ipv6= */ true, /* include_port= */ false, &addr);
1808 if (r < 0)
1809 return r;
1810
1811 if (sa.sa.sa_family != AF_UNIX || IN_SET(addr[0], '/', '@')) {
1812 t = strjoin("REMOTE_ADDR=", addr);
1813 if (!t)
1814 return -ENOMEM;
1815 our_env[n_env++] = t;
1816 }
1817
1818 if (IN_SET(sa.sa.sa_family, AF_INET, AF_INET6, AF_VSOCK)) {
1819 unsigned port;
1820
1821 r = sockaddr_port(&sa.sa, &port);
1822 if (r < 0)
1823 return r;
1824
1825 if (asprintf(&t, "REMOTE_PORT=%u", port) < 0)
1826 return -ENOMEM;
1827 our_env[n_env++] = t;
1828 }
1829 }
1830
1831 uint64_t cookie;
1832 if (socket_get_cookie(s->socket_fd, &cookie) >= 0) {
1833 char *t;
1834 if (asprintf(&t, "SO_COOKIE=%" PRIu64, cookie) < 0)
1835 return -ENOMEM;
1836 our_env[n_env++] = t;
1837 }
1838 }
1839
1840 Service *env_source = NULL;
1841 const char *monitor_prefix;
1842 if (FLAGS_SET(exec_params.flags, EXEC_SETENV_RESULT)) {
1843 env_source = s;
1844 monitor_prefix = "";
1845 } else if (FLAGS_SET(exec_params.flags, EXEC_SETENV_MONITOR_RESULT)) {
1846 env_source = service_get_triggering_service(s);
1847 monitor_prefix = "MONITOR_";
1848 }
1849
1850 if (env_source) {
1851 if (asprintf(our_env + n_env++, "%sSERVICE_RESULT=%s", monitor_prefix, service_result_to_string(env_source->result)) < 0)
1852 return -ENOMEM;
1853
1854 if (env_source->main_exec_status.pid > 0 &&
1855 dual_timestamp_is_set(&env_source->main_exec_status.exit_timestamp)) {
1856 if (asprintf(our_env + n_env++, "%sEXIT_CODE=%s", monitor_prefix, sigchld_code_to_string(env_source->main_exec_status.code)) < 0)
1857 return -ENOMEM;
1858
1859 if (env_source->main_exec_status.code == CLD_EXITED)
1860 r = asprintf(our_env + n_env++, "%sEXIT_STATUS=%i", monitor_prefix, env_source->main_exec_status.status);
1861 else
1862 r = asprintf(our_env + n_env++, "%sEXIT_STATUS=%s", monitor_prefix, signal_to_string(env_source->main_exec_status.status));
1863 if (r < 0)
1864 return -ENOMEM;
1865 }
1866
1867 if (env_source != s) {
1868 if (!sd_id128_is_null(UNIT(env_source)->invocation_id))
1869 if (asprintf(our_env + n_env++, "%sINVOCATION_ID=" SD_ID128_FORMAT_STR,
1870 monitor_prefix, SD_ID128_FORMAT_VAL(UNIT(env_source)->invocation_id)) < 0)
1871 return -ENOMEM;
1872
1873 if (asprintf(our_env + n_env++, "%sUNIT=%s", monitor_prefix, UNIT(env_source)->id) < 0)
1874 return -ENOMEM;
1875 }
1876 }
1877
1878 if (UNIT(s)->debug_invocation) {
1879 char *t = strdup("DEBUG_INVOCATION=1");
1880 if (!t)
1881 return -ENOMEM;
1882 our_env[n_env++] = t;
1883 }
1884
1885 if (UNIT(s)->activation_details) {
1886 r = activation_details_append_env(UNIT(s)->activation_details, &our_env);
1887 if (r < 0)
1888 return r;
1889 /* The number of env vars added here can vary, rather than keeping the allocation block in
1890 * sync manually, these functions simply use the strv methods to append to it, so we need
1891 * to update n_env when we are done in case of future usage. */
1892 n_env += r;
1893 }
1894
1895 r = unit_set_exec_params(UNIT(s), &exec_params);
1896 if (r < 0)
1897 return r;
1898
1899 final_env = strv_env_merge(exec_params.environment, our_env);
1900 if (!final_env)
1901 return -ENOMEM;
1902
1903 /* System D-Bus needs nss-systemd disabled, so that we don't deadlock */
1904 SET_FLAG(exec_params.flags, EXEC_NSS_DYNAMIC_BYPASS,
1905 MANAGER_IS_SYSTEM(UNIT(s)->manager) && unit_has_name(UNIT(s), SPECIAL_DBUS_SERVICE));
1906
1907 strv_free_and_replace(exec_params.environment, final_env);
1908 exec_params.watchdog_usec = service_get_watchdog_usec(s);
1909 exec_params.selinux_context_net = s->socket_fd_selinux_context_net;
1910 if (s->type == SERVICE_IDLE)
1911 exec_params.idle_pipe = UNIT(s)->manager->idle_pipe;
1912 exec_params.stdin_fd = s->stdin_fd;
1913 exec_params.stdout_fd = s->stdout_fd;
1914 exec_params.stderr_fd = s->stderr_fd;
1915
1916 r = exec_spawn(UNIT(s),
1917 c,
1918 &s->exec_context,
1919 &exec_params,
1920 s->exec_runtime,
1921 &s->cgroup_context,
1922 &pidref);
1923 if (r < 0)
1924 return r;
1925
1926 s->exec_fd_event_source = TAKE_PTR(exec_fd_source);
1927 s->exec_fd_hot = false;
1928
1929 r = unit_watch_pidref(UNIT(s), &pidref, /* exclusive= */ true);
1930 if (r < 0)
1931 return r;
1932
1933 *ret_pid = TAKE_PIDREF(pidref);
1934 return 0;
1935}
1936
1937static int main_pid_good(Service *s) {
1938 assert(s);
1939
1940 /* Returns 0 if the pid is dead, > 0 if it is good, < 0 if we don't know */
1941
1942 /* If we know the pid file, then let's just check if it is still valid */
1943 if (s->main_pid_known) {
1944
1945 /* If it's an alien child let's check if it is still alive ... */
1946 if (s->main_pid_alien && pidref_is_set(&s->main_pid))
1947 return pidref_is_alive(&s->main_pid);
1948
1949 /* .. otherwise assume we'll get a SIGCHLD for it, which we really should wait for to collect
1950 * exit status and code */
1951 return pidref_is_set(&s->main_pid);
1952 }
1953
1954 /* We don't know the pid */
1955 return -EAGAIN;
1956}
1957
1958static int control_pid_good(Service *s) {
1959 assert(s);
1960
1961 /* Returns 0 if the control PID is dead, > 0 if it is good. We never actually return < 0 here, but in order to
1962 * make this function as similar as possible to main_pid_good() and cgroup_good(), we pretend that < 0 also
1963 * means: we can't figure it out. */
1964
1965 return pidref_is_set(&s->control_pid);
1966}
1967
1968static int cgroup_good(Service *s) {
1969 int r;
1970
1971 assert(s);
1972
1973 /* Returns 0 if the cgroup is empty or doesn't exist, > 0 if it is exists and is populated, < 0 if we can't
1974 * figure it out */
1975
1976 if (!s->cgroup_runtime || !s->cgroup_runtime->cgroup_path)
1977 return 0;
1978
1979 r = cg_is_empty(SYSTEMD_CGROUP_CONTROLLER, s->cgroup_runtime->cgroup_path);
1980 if (r < 0)
1981 return r;
1982
1983 return r == 0;
1984}
1985
1986static bool service_shall_restart(Service *s, const char **reason) {
1987 assert(s);
1988 assert(reason);
1989
1990 /* Don't restart after manual stops */
1991 if (s->forbid_restart) {
1992 *reason = "manual stop";
1993 return false;
1994 }
1995
1996 /* Never restart if this is configured as special exception */
1997 if (exit_status_set_test(&s->restart_prevent_status, s->main_exec_status.code, s->main_exec_status.status)) {
1998 *reason = "prevented by exit status";
1999 return false;
2000 }
2001
2002 /* Restart if the exit code/status are configured as restart triggers */
2003 if (exit_status_set_test(&s->restart_force_status, s->main_exec_status.code, s->main_exec_status.status)) {
2004 /* Don't allow Type=oneshot services to restart on success. Note that Restart=always/on-success
2005 * is already rejected in service_verify. */
2006 if (s->type == SERVICE_ONESHOT && s->result == SERVICE_SUCCESS) {
2007 *reason = "service type and exit status";
2008 return false;
2009 }
2010
2011 *reason = "forced by exit status";
2012 return true;
2013 }
2014
2015 *reason = "restart setting";
2016 switch (s->restart) {
2017
2018 case SERVICE_RESTART_NO:
2019 return false;
2020
2021 case SERVICE_RESTART_ALWAYS:
2022 return s->result != SERVICE_SKIP_CONDITION;
2023
2024 case SERVICE_RESTART_ON_SUCCESS:
2025 return s->result == SERVICE_SUCCESS;
2026
2027 case SERVICE_RESTART_ON_FAILURE:
2028 return !IN_SET(s->result, SERVICE_SUCCESS, SERVICE_SKIP_CONDITION);
2029
2030 case SERVICE_RESTART_ON_ABNORMAL:
2031 return !IN_SET(s->result, SERVICE_SUCCESS, SERVICE_FAILURE_EXIT_CODE, SERVICE_SKIP_CONDITION);
2032
2033 case SERVICE_RESTART_ON_WATCHDOG:
2034 return s->result == SERVICE_FAILURE_WATCHDOG;
2035
2036 case SERVICE_RESTART_ON_ABORT:
2037 return IN_SET(s->result, SERVICE_FAILURE_SIGNAL, SERVICE_FAILURE_CORE_DUMP);
2038
2039 default:
2040 assert_not_reached();
2041 }
2042}
2043
2044static bool service_will_restart(Unit *u) {
2045 Service *s = SERVICE(u);
2046
2047 assert(s);
2048
2049 if (IN_SET(s->state, SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_FAILED_BEFORE_AUTO_RESTART, SERVICE_AUTO_RESTART, SERVICE_AUTO_RESTART_QUEUED))
2050 return true;
2051
2052 return unit_will_restart_default(u);
2053}
2054
2055static ServiceState service_determine_dead_state(Service *s) {
2056 assert(s);
2057
2058 return s->fd_store && s->fd_store_preserve_mode == EXEC_PRESERVE_YES ? SERVICE_DEAD_RESOURCES_PINNED : SERVICE_DEAD;
2059}
2060
2061static void service_enter_dead(Service *s, ServiceResult f, bool allow_restart) {
2062 ServiceState end_state, restart_state;
2063 int r;
2064
2065 assert(s);
2066
2067 /* If there's a stop job queued before we enter the DEAD state, we shouldn't act on Restart=, in order to not
2068 * undo what has already been enqueued. */
2069 if (unit_stop_pending(UNIT(s)))
2070 allow_restart = false;
2071
2072 if (s->result == SERVICE_SUCCESS)
2073 s->result = f;
2074
2075 if (s->result == SERVICE_SUCCESS) {
2076 unit_log_success(UNIT(s));
2077 end_state = service_determine_dead_state(s);
2078 restart_state = SERVICE_DEAD_BEFORE_AUTO_RESTART;
2079 } else if (s->result == SERVICE_SKIP_CONDITION) {
2080 unit_log_skip(UNIT(s), service_result_to_string(s->result));
2081 end_state = service_determine_dead_state(s);
2082 restart_state = _SERVICE_STATE_INVALID; /* Never restart if skipped due to condition failure */
2083 } else {
2084 unit_log_failure(UNIT(s), service_result_to_string(s->result));
2085 end_state = SERVICE_FAILED;
2086 restart_state = SERVICE_FAILED_BEFORE_AUTO_RESTART;
2087 }
2088 unit_warn_leftover_processes(UNIT(s), /* start = */ false);
2089
2090 if (!allow_restart)
2091 log_unit_debug(UNIT(s), "Service restart not allowed.");
2092 else {
2093 const char *reason;
2094
2095 allow_restart = service_shall_restart(s, &reason);
2096 log_unit_debug(UNIT(s), "Service will %srestart (%s)",
2097 allow_restart ? "" : "not ",
2098 reason);
2099 }
2100
2101 if (allow_restart) {
2102 usec_t restart_usec_next;
2103
2104 assert(restart_state >= 0 && restart_state < _SERVICE_STATE_MAX);
2105
2106 /* We make two state changes here: one that maps to the high-level UNIT_INACTIVE/UNIT_FAILED
2107 * state (i.e. a state indicating deactivation), and then one that maps to the
2108 * high-level UNIT_STARTING state (i.e. a state indicating activation). We do this so that
2109 * external software can watch the state changes and see all service failures, even if they
2110 * are only transitionary and followed by an automatic restart. We have fine-grained
2111 * low-level states for this though so that software can distinguish the permanent UNIT_INACTIVE
2112 * state from this transitionary UNIT_INACTIVE state by looking at the low-level states. */
2113 if (s->restart_mode != SERVICE_RESTART_MODE_DIRECT)
2114 service_set_state(s, restart_state);
2115
2116 restart_usec_next = service_restart_usec_next(s);
2117
2118 r = service_arm_timer(s, /* relative= */ true, restart_usec_next);
2119 if (r < 0) {
2120 log_unit_warning_errno(UNIT(s), r, "Failed to install restart timer: %m");
2121 return service_enter_dead(s, SERVICE_FAILURE_RESOURCES, /* allow_restart= */ false);
2122 }
2123
2124 /* If the relevant option is set, and the unit doesn't already have logging level set to
2125 * debug, enable it now. Make sure to overwrite the state in /run/systemd/units/ too, to
2126 * ensure journald doesn't prune the messages. The previous state is saved and restored
2127 * once the auto-restart flow ends. */
2128 if (s->restart_mode == SERVICE_RESTART_MODE_DEBUG) {
2129 r = unit_set_debug_invocation(UNIT(s), true);
2130 if (r < 0)
2131 log_unit_warning_errno(UNIT(s), r, "Failed to enable debug invocation, ignoring: %m");
2132 if (r > 0)
2133 log_unit_notice(UNIT(s), "Service dead, subsequent restarts will be executed with debug level logging.");
2134 }
2135
2136 log_unit_debug(UNIT(s), "Next restart interval calculated as: %s", FORMAT_TIMESPAN(restart_usec_next, 0));
2137
2138 service_set_state(s, SERVICE_AUTO_RESTART);
2139 } else {
2140 /* If we shan't restart, the restart counter would be flushed out. But rather than doing that
2141 * immediately here, this is delegated to service_start(), i.e. next start, so that the user
2142 * can still introspect the counter. */
2143 service_set_state(s, end_state);
2144
2145 (void) unit_set_debug_invocation(UNIT(s), false);
2146 }
2147
2148 /* The next restart might not be a manual stop, hence reset the flag indicating manual stops */
2149 s->forbid_restart = false;
2150
2151 /* Reset NotifyAccess override */
2152 s->notify_access_override = _NOTIFY_ACCESS_INVALID;
2153
2154 /* We want fresh tmpdirs and ephemeral snapshots in case the service is started again immediately. */
2155 s->exec_runtime = exec_runtime_destroy(s->exec_runtime);
2156
2157 /* Also, remove the runtime directory */
2158 unit_destroy_runtime_data(UNIT(s), &s->exec_context, /* destroy_runtime_dir = */ true);
2159
2160 /* Also get rid of the fd store, if that's configured. */
2161 if (s->fd_store_preserve_mode == EXEC_PRESERVE_NO)
2162 service_release_fd_store(s);
2163
2164 /* Get rid of the IPC bits of the user */
2165 unit_unref_uid_gid(UNIT(s), true);
2166
2167 /* Try to delete the pid file. At this point it will be
2168 * out-of-date, and some software might be confused by it, so
2169 * let's remove it. */
2170 if (s->pid_file)
2171 (void) unlink(s->pid_file);
2172
2173 /* Reset TTY ownership if necessary */
2174 exec_context_revert_tty(&s->exec_context, UNIT(s)->invocation_id);
2175}
2176
2177static void service_enter_stop_post(Service *s, ServiceResult f) {
2178 int r;
2179 assert(s);
2180
2181 if (s->result == SERVICE_SUCCESS)
2182 s->result = f;
2183
2184 service_unwatch_control_pid(s);
2185
2186 s->control_command = s->exec_command[SERVICE_EXEC_STOP_POST];
2187 if (s->control_command) {
2188 s->control_command_id = SERVICE_EXEC_STOP_POST;
2189 pidref_done(&s->control_pid);
2190
2191 r = service_spawn(s,
2192 s->control_command,
2193 service_exec_flags(s->control_command_id, /* cred_flag = */ 0),
2194 s->timeout_stop_usec,
2195 &s->control_pid);
2196 if (r < 0) {
2197 log_unit_warning_errno(UNIT(s), r, "Failed to spawn 'stop-post' task: %m");
2198 service_enter_signal(s, SERVICE_FINAL_SIGTERM, SERVICE_FAILURE_RESOURCES);
2199 return;
2200 }
2201
2202 service_set_state(s, SERVICE_STOP_POST);
2203 } else
2204 service_enter_signal(s, SERVICE_FINAL_SIGTERM, SERVICE_SUCCESS);
2205}
2206
2207static int state_to_kill_operation(Service *s, ServiceState state) {
2208 switch (state) {
2209
2210 case SERVICE_STOP_WATCHDOG:
2211 case SERVICE_FINAL_WATCHDOG:
2212 return KILL_WATCHDOG;
2213
2214 case SERVICE_STOP_SIGTERM:
2215 if (unit_has_job_type(UNIT(s), JOB_RESTART))
2216 return KILL_RESTART;
2217 _fallthrough_;
2218
2219 case SERVICE_FINAL_SIGTERM:
2220 return KILL_TERMINATE;
2221
2222 case SERVICE_STOP_SIGKILL:
2223 case SERVICE_FINAL_SIGKILL:
2224 return KILL_KILL;
2225
2226 default:
2227 return _KILL_OPERATION_INVALID;
2228 }
2229}
2230
2231static void service_enter_signal(Service *s, ServiceState state, ServiceResult f) {
2232 int kill_operation, r;
2233
2234 assert(s);
2235
2236 if (s->result == SERVICE_SUCCESS)
2237 s->result = f;
2238
2239 kill_operation = state_to_kill_operation(s, state);
2240 r = unit_kill_context(UNIT(s), kill_operation);
2241 if (r < 0) {
2242 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
2243 goto fail;
2244 }
2245
2246 if (r > 0) {
2247 r = service_arm_timer(s, /* relative= */ true,
2248 kill_operation == KILL_WATCHDOG ? service_timeout_abort_usec(s) : s->timeout_stop_usec);
2249 if (r < 0) {
2250 log_unit_warning_errno(UNIT(s), r, "Failed to install timer: %m");
2251 goto fail;
2252 }
2253
2254 service_set_state(s, state);
2255 } else if (IN_SET(state, SERVICE_STOP_WATCHDOG, SERVICE_STOP_SIGTERM) && s->kill_context.send_sigkill)
2256 service_enter_signal(s, SERVICE_STOP_SIGKILL, SERVICE_SUCCESS);
2257 else if (IN_SET(state, SERVICE_STOP_WATCHDOG, SERVICE_STOP_SIGTERM, SERVICE_STOP_SIGKILL))
2258 service_enter_stop_post(s, SERVICE_SUCCESS);
2259 else if (IN_SET(state, SERVICE_FINAL_WATCHDOG, SERVICE_FINAL_SIGTERM) && s->kill_context.send_sigkill)
2260 service_enter_signal(s, SERVICE_FINAL_SIGKILL, SERVICE_SUCCESS);
2261 else
2262 service_enter_dead(s, SERVICE_SUCCESS, /* allow_restart= */ true);
2263
2264 return;
2265
2266fail:
2267 if (IN_SET(state, SERVICE_STOP_WATCHDOG, SERVICE_STOP_SIGTERM, SERVICE_STOP_SIGKILL))
2268 service_enter_stop_post(s, SERVICE_FAILURE_RESOURCES);
2269 else
2270 service_enter_dead(s, SERVICE_FAILURE_RESOURCES, /* allow_restart= */ true);
2271}
2272
2273static void service_enter_stop_by_notify(Service *s) {
2274 int r;
2275
2276 assert(s);
2277
2278 r = service_arm_timer(s, /* relative= */ true, s->timeout_stop_usec);
2279 if (r < 0) {
2280 log_unit_warning_errno(UNIT(s), r, "Failed to install timer: %m");
2281 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_RESOURCES);
2282 return;
2283 }
2284
2285 /* The service told us it's stopping, so it's as if we SIGTERM'd it. */
2286 service_set_state(s, SERVICE_STOP_SIGTERM);
2287}
2288
2289static void service_enter_stop(Service *s, ServiceResult f) {
2290 int r;
2291
2292 assert(s);
2293
2294 if (s->result == SERVICE_SUCCESS)
2295 s->result = f;
2296
2297 service_unwatch_control_pid(s);
2298
2299 s->control_command = s->exec_command[SERVICE_EXEC_STOP];
2300 if (s->control_command) {
2301 s->control_command_id = SERVICE_EXEC_STOP;
2302 pidref_done(&s->control_pid);
2303
2304 r = service_spawn(s,
2305 s->control_command,
2306 service_exec_flags(s->control_command_id, /* cred_flag = */ 0),
2307 s->timeout_stop_usec,
2308 &s->control_pid);
2309 if (r < 0) {
2310 log_unit_warning_errno(UNIT(s), r, "Failed to spawn 'stop' task: %m");
2311 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_RESOURCES);
2312 return;
2313 }
2314
2315 service_set_state(s, SERVICE_STOP);
2316 } else
2317 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_SUCCESS);
2318}
2319
2320static bool service_good(Service *s) {
2321 int main_pid_ok;
2322
2323 assert(s);
2324
2325 if (s->type == SERVICE_DBUS && !s->bus_name_good)
2326 return false;
2327
2328 main_pid_ok = main_pid_good(s);
2329 if (main_pid_ok > 0) /* It's alive */
2330 return true;
2331 if (main_pid_ok == 0 && s->exit_type == SERVICE_EXIT_MAIN) /* It's dead */
2332 return false;
2333
2334 /* OK, we don't know anything about the main PID, maybe
2335 * because there is none. Let's check the control group
2336 * instead. */
2337
2338 return cgroup_good(s) != 0;
2339}
2340
2341static void service_enter_running(Service *s, ServiceResult f) {
2342 int r;
2343
2344 assert(s);
2345
2346 if (s->result == SERVICE_SUCCESS)
2347 s->result = f;
2348
2349 service_unwatch_control_pid(s);
2350
2351 if (s->result != SERVICE_SUCCESS)
2352 service_enter_signal(s, SERVICE_STOP_SIGTERM, f);
2353 else if (service_good(s)) {
2354
2355 /* If there are any queued up sd_notify() notifications, process them now */
2356 if (s->notify_state == NOTIFY_RELOADING)
2357 service_enter_reload_by_notify(s);
2358 else if (s->notify_state == NOTIFY_STOPPING)
2359 service_enter_stop_by_notify(s);
2360 else {
2361 service_set_state(s, SERVICE_RUNNING);
2362
2363 r = service_arm_timer(s, /* relative= */ false, service_running_timeout(s));
2364 if (r < 0) {
2365 log_unit_warning_errno(UNIT(s), r, "Failed to install timer: %m");
2366 service_enter_running(s, SERVICE_FAILURE_RESOURCES);
2367 return;
2368 }
2369 }
2370
2371 } else if (s->remain_after_exit)
2372 service_set_state(s, SERVICE_EXITED);
2373 else
2374 service_enter_stop(s, SERVICE_SUCCESS);
2375}
2376
2377static void service_enter_start_post(Service *s) {
2378 int r;
2379
2380 assert(s);
2381
2382 service_unwatch_control_pid(s);
2383 service_reset_watchdog(s);
2384
2385 s->control_command = s->exec_command[SERVICE_EXEC_START_POST];
2386 if (s->control_command) {
2387 s->control_command_id = SERVICE_EXEC_START_POST;
2388 pidref_done(&s->control_pid);
2389
2390 r = service_spawn(s,
2391 s->control_command,
2392 service_exec_flags(s->control_command_id, /* cred_flag = */ 0),
2393 s->timeout_start_usec,
2394 &s->control_pid);
2395 if (r < 0) {
2396 log_unit_warning_errno(UNIT(s), r, "Failed to spawn 'start-post' task: %m");
2397 service_enter_stop(s, SERVICE_FAILURE_RESOURCES);
2398 return;
2399 }
2400
2401 service_set_state(s, SERVICE_START_POST);
2402 } else
2403 service_enter_running(s, SERVICE_SUCCESS);
2404}
2405
2406static void service_kill_control_process(Service *s) {
2407 int r;
2408
2409 assert(s);
2410
2411 if (!pidref_is_set(&s->control_pid))
2412 return;
2413
2414 r = pidref_kill_and_sigcont(&s->control_pid, SIGKILL);
2415 if (r < 0) {
2416 _cleanup_free_ char *comm = NULL;
2417
2418 (void) pidref_get_comm(&s->control_pid, &comm);
2419
2420 log_unit_debug_errno(UNIT(s), r, "Failed to kill control process " PID_FMT " (%s), ignoring: %m",
2421 s->control_pid.pid, strna(comm));
2422 }
2423}
2424
2425static int service_adverse_to_leftover_processes(Service *s) {
2426 assert(s);
2427
2428 /* KillMode=mixed and control group are used to indicate that all process should be killed off.
2429 * SendSIGKILL= is used for services that require a clean shutdown. These are typically database
2430 * service where a SigKilled process would result in a lengthy recovery and who's shutdown or startup
2431 * time is quite variable (so Timeout settings aren't of use).
2432 *
2433 * Here we take these two factors and refuse to start a service if there are existing processes
2434 * within a control group. Databases, while generally having some protection against multiple
2435 * instances running, lets not stress the rigor of these. Also ExecStartPre= parts of the service
2436 * aren't as rigoriously written to protect against multiple use. */
2437
2438 if (unit_warn_leftover_processes(UNIT(s), /* start = */ true) > 0 &&
2439 IN_SET(s->kill_context.kill_mode, KILL_MIXED, KILL_CONTROL_GROUP) &&
2440 !s->kill_context.send_sigkill)
2441 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(EBUSY),
2442 "Will not start SendSIGKILL=no service of type KillMode=control-group or mixed while processes exist");
2443
2444 return 0;
2445}
2446
2447static void service_enter_start(Service *s) {
2448 _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
2449 ExecCommand *c;
2450 usec_t timeout;
2451 int r;
2452
2453 assert(s);
2454
2455 service_unwatch_control_pid(s);
2456 service_unwatch_main_pid(s);
2457
2458 r = service_adverse_to_leftover_processes(s);
2459 if (r < 0)
2460 goto fail;
2461
2462 if (s->type == SERVICE_FORKING) {
2463 s->control_command_id = SERVICE_EXEC_START;
2464 c = s->control_command = s->exec_command[SERVICE_EXEC_START];
2465
2466 s->main_command = NULL;
2467 } else {
2468 s->control_command_id = _SERVICE_EXEC_COMMAND_INVALID;
2469 s->control_command = NULL;
2470
2471 c = s->main_command = s->exec_command[SERVICE_EXEC_START];
2472 }
2473
2474 if (!c) {
2475 if (s->type != SERVICE_ONESHOT) {
2476 /* There's no command line configured for the main command? Hmm, that is strange.
2477 * This can only happen if the configuration changes at runtime. In this case,
2478 * let's enter a failure state. */
2479 r = log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENXIO), "There's no 'start' task anymore we could start.");
2480 goto fail;
2481 }
2482
2483 /* We force a fake state transition here. Otherwise, the unit would go directly from
2484 * SERVICE_DEAD to SERVICE_DEAD without SERVICE_ACTIVATING or SERVICE_ACTIVE
2485 * in between. This way we can later trigger actions that depend on the state
2486 * transition, including SuccessAction=. */
2487 service_set_state(s, SERVICE_START);
2488
2489 service_enter_start_post(s);
2490 return;
2491 }
2492
2493 if (IN_SET(s->type, SERVICE_SIMPLE, SERVICE_IDLE))
2494 /* For simple + idle this is the main process. We don't apply any timeout here, but
2495 * service_enter_running() will later apply the .runtime_max_usec timeout. */
2496 timeout = USEC_INFINITY;
2497 else
2498 timeout = s->timeout_start_usec;
2499
2500 r = service_spawn(s,
2501 c,
2502 service_exec_flags(SERVICE_EXEC_START, EXEC_SETUP_CREDENTIALS_FRESH),
2503 timeout,
2504 &pidref);
2505 if (r < 0) {
2506 log_unit_warning_errno(UNIT(s), r, "Failed to spawn 'start' task: %m");
2507 goto fail;
2508 }
2509
2510 assert(pidref.pid == c->exec_status.pid);
2511
2512 switch (s->type) {
2513
2514 case SERVICE_SIMPLE:
2515 case SERVICE_IDLE:
2516 /* For simple services we immediately start the START_POST binaries. */
2517 (void) service_set_main_pidref(s, TAKE_PIDREF(pidref), &c->exec_status.start_timestamp);
2518 return service_enter_start_post(s);
2519
2520 case SERVICE_FORKING:
2521 /* For forking services we wait until the start process exited. */
2522 pidref_done(&s->control_pid);
2523 s->control_pid = TAKE_PIDREF(pidref);
2524 return service_set_state(s, SERVICE_START);
2525
2526 case SERVICE_ONESHOT: /* For oneshot services we wait until the start process exited, too, but it is our main process. */
2527 case SERVICE_EXEC:
2528 case SERVICE_DBUS:
2529 case SERVICE_NOTIFY:
2530 case SERVICE_NOTIFY_RELOAD:
2531 /* For D-Bus services we know the main pid right away, but wait for the bus name to appear
2532 * on the bus. 'notify' and 'exec' services wait for readiness notification and EOF
2533 * on exec_fd, respectively. */
2534 (void) service_set_main_pidref(s, TAKE_PIDREF(pidref), &c->exec_status.start_timestamp);
2535 return service_set_state(s, SERVICE_START);
2536
2537 default:
2538 assert_not_reached();
2539 }
2540
2541fail:
2542 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_RESOURCES);
2543}
2544
2545static void service_enter_start_pre(Service *s) {
2546 int r;
2547
2548 assert(s);
2549
2550 service_unwatch_control_pid(s);
2551
2552 s->control_command = s->exec_command[SERVICE_EXEC_START_PRE];
2553 if (s->control_command) {
2554
2555 r = service_adverse_to_leftover_processes(s);
2556 if (r < 0)
2557 goto fail;
2558
2559 s->control_command_id = SERVICE_EXEC_START_PRE;
2560
2561 r = service_spawn(s,
2562 s->control_command,
2563 service_exec_flags(s->control_command_id, /* cred_flag = */ 0),
2564 s->timeout_start_usec,
2565 &s->control_pid);
2566 if (r < 0) {
2567 log_unit_warning_errno(UNIT(s), r, "Failed to spawn 'start-pre' task: %m");
2568 goto fail;
2569 }
2570
2571 service_set_state(s, SERVICE_START_PRE);
2572 } else
2573 service_enter_start(s);
2574
2575 return;
2576
2577fail:
2578 service_enter_dead(s, SERVICE_FAILURE_RESOURCES, /* allow_restart= */ true);
2579}
2580
2581static void service_enter_condition(Service *s) {
2582 int r;
2583
2584 assert(s);
2585
2586 service_unwatch_control_pid(s);
2587
2588 s->control_command = s->exec_command[SERVICE_EXEC_CONDITION];
2589 if (s->control_command) {
2590
2591 r = service_adverse_to_leftover_processes(s);
2592 if (r < 0)
2593 goto fail;
2594
2595 s->control_command_id = SERVICE_EXEC_CONDITION;
2596 pidref_done(&s->control_pid);
2597
2598 r = service_spawn(s,
2599 s->control_command,
2600 service_exec_flags(s->control_command_id, /* cred_flag = */ 0),
2601 s->timeout_start_usec,
2602 &s->control_pid);
2603 if (r < 0) {
2604 log_unit_warning_errno(UNIT(s), r, "Failed to spawn 'exec-condition' task: %m");
2605 goto fail;
2606 }
2607
2608 service_set_state(s, SERVICE_CONDITION);
2609 } else
2610 service_enter_start_pre(s);
2611
2612 return;
2613
2614fail:
2615 service_enter_dead(s, SERVICE_FAILURE_RESOURCES, /* allow_restart= */ true);
2616}
2617
2618static void service_enter_restart(Service *s, bool shortcut) {
2619 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2620 int r;
2621
2622 /* shortcut: a manual start request is received, restart immediately */
2623
2624 assert(s);
2625 assert(s->state == SERVICE_AUTO_RESTART);
2626
2627 if (!shortcut && unit_has_job_type(UNIT(s), JOB_STOP)) {
2628 /* Don't restart things if we are going down anyway */
2629 log_unit_info(UNIT(s), "Stop job pending for unit, skipping automatic restart.");
2630 return;
2631 }
2632
2633 /* Any units that are bound to this service must also be restarted, unless RestartMode=direct.
2634 * We use JOB_START for ourselves but then set JOB_RESTART_DEPENDENCIES which will enqueue JOB_RESTART
2635 * for those dependency jobs in the former case, plain JOB_REPLACE when RestartMode=direct.
2636 *
2637 * Also, when RestartMode=direct is used, the service being restarted don't enter the inactive/failed state,
2638 * i.e. unit_process_job -> job_finish_and_invalidate is never called, and the previous job might still
2639 * be running (especially for Type=oneshot services).
2640 * We need to refuse late merge and re-enqueue the anchor job. */
2641 r = manager_add_job_full(UNIT(s)->manager,
2642 JOB_START, UNIT(s),
2643 s->restart_mode == SERVICE_RESTART_MODE_DIRECT ? JOB_REPLACE : JOB_RESTART_DEPENDENCIES,
2644 TRANSACTION_REENQUEUE_ANCHOR,
2645 /* affected_jobs = */ NULL,
2646 &error, /* ret = */ NULL);
2647 if (r < 0) {
2648 log_unit_warning(UNIT(s), "Failed to schedule restart job: %s", bus_error_message(&error, r));
2649 return service_enter_dead(s, SERVICE_FAILURE_RESOURCES, /* allow_restart= */ false);
2650 }
2651
2652 /* Count the jobs we enqueue for restarting. This counter is maintained as long as the unit isn't
2653 * fully stopped, i.e. as long as it remains up or remains in auto-start states. The user can reset
2654 * the counter explicitly however via the usual "systemctl reset-failure" logic. */
2655 s->n_restarts++;
2656
2657 log_unit_struct(UNIT(s), LOG_INFO,
2658 LOG_MESSAGE_ID(SD_MESSAGE_UNIT_RESTART_SCHEDULED_STR),
2659 LOG_UNIT_INVOCATION_ID(UNIT(s)),
2660 LOG_UNIT_MESSAGE(UNIT(s),
2661 "Scheduled restart job%s, restart counter is at %u.",
2662 shortcut ? " immediately on client request" : "", s->n_restarts),
2663 LOG_ITEM("N_RESTARTS=%u", s->n_restarts));
2664
2665 service_set_state(s, SERVICE_AUTO_RESTART_QUEUED);
2666
2667 /* Notify clients about changed restart counter */
2668 unit_add_to_dbus_queue(UNIT(s));
2669}
2670
2671static void service_enter_reload_by_notify(Service *s) {
2672 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2673 int r;
2674
2675 assert(s);
2676
2677 r = service_arm_timer(s, /* relative= */ true, s->timeout_start_usec);
2678 if (r < 0) {
2679 log_unit_warning_errno(UNIT(s), r, "Failed to install timer: %m");
2680 s->reload_result = SERVICE_FAILURE_RESOURCES;
2681 service_enter_running(s, SERVICE_SUCCESS);
2682 return;
2683 }
2684
2685 service_set_state(s, SERVICE_RELOAD_NOTIFY);
2686
2687 /* service_enter_reload_by_notify is never called during a reload, thus no loops are possible. */
2688 r = manager_propagate_reload(UNIT(s)->manager, UNIT(s), JOB_FAIL, &error);
2689 if (r < 0)
2690 log_unit_warning(UNIT(s), "Failed to schedule propagation of reload, ignoring: %s", bus_error_message(&error, r));
2691}
2692
2693static void service_enter_reload_signal_exec(Service *s) {
2694 bool killed = false;
2695 int r;
2696
2697 assert(s);
2698
2699 service_unwatch_control_pid(s);
2700 s->reload_result = SERVICE_SUCCESS;
2701
2702 usec_t ts = now(CLOCK_MONOTONIC);
2703
2704 if (s->type == SERVICE_NOTIFY_RELOAD && pidref_is_set(&s->main_pid)) {
2705 r = pidref_kill_and_sigcont(&s->main_pid, s->reload_signal);
2706 if (r < 0) {
2707 log_unit_warning_errno(UNIT(s), r, "Failed to send reload signal: %m");
2708 goto fail;
2709 }
2710
2711 killed = true;
2712 }
2713
2714 s->control_command = s->exec_command[SERVICE_EXEC_RELOAD];
2715 if (s->control_command) {
2716 s->control_command_id = SERVICE_EXEC_RELOAD;
2717 pidref_done(&s->control_pid);
2718
2719 r = service_spawn(s,
2720 s->control_command,
2721 service_exec_flags(s->control_command_id, /* cred_flag = */ 0),
2722 s->timeout_start_usec,
2723 &s->control_pid);
2724 if (r < 0) {
2725 log_unit_warning_errno(UNIT(s), r, "Failed to spawn 'reload' task: %m");
2726 goto fail;
2727 }
2728
2729 service_set_state(s, SERVICE_RELOAD);
2730 } else if (killed) {
2731 r = service_arm_timer(s, /* relative= */ true, s->timeout_start_usec);
2732 if (r < 0) {
2733 log_unit_warning_errno(UNIT(s), r, "Failed to install timer: %m");
2734 goto fail;
2735 }
2736
2737 service_set_state(s, SERVICE_RELOAD_SIGNAL);
2738 } else {
2739 service_enter_running(s, SERVICE_SUCCESS);
2740 return;
2741 }
2742
2743 /* Store the timestamp when we started reloading: when reloading via SIGHUP we won't leave the reload
2744 * state until we received both RELOADING=1 and READY=1 with MONOTONIC_USEC= set to a value above
2745 * this. Thus we know for sure the reload cycle was executed *after* we requested it, and is not one
2746 * that was already in progress before. */
2747 s->reload_begin_usec = ts;
2748 return;
2749
2750fail:
2751 s->reload_result = SERVICE_FAILURE_RESOURCES;
2752 service_enter_running(s, SERVICE_SUCCESS);
2753}
2754
2755static bool service_should_reload_extensions(Service *s) {
2756 int r;
2757
2758 assert(s);
2759
2760 if (!pidref_is_set(&s->main_pid)) {
2761 log_unit_debug(UNIT(s), "Not reloading extensions for service without main PID.");
2762 return false;
2763 }
2764
2765 r = exec_context_has_vpicked_extensions(&s->exec_context);
2766 if (r < 0)
2767 log_unit_warning_errno(UNIT(s), r, "Failed to determine if service should reload extensions, assuming false: %m");
2768 if (r == 0)
2769 log_unit_debug(UNIT(s), "Service has no extensions to reload.");
2770 if (r <= 0)
2771 return false;
2772
2773 // TODO: Add support for user services, which can use ExtensionDirectories= + notify-reload.
2774 // For now, skip for user services.
2775 if (!MANAGER_IS_SYSTEM(UNIT(s)->manager)) {
2776 log_once(LOG_WARNING, "Not reloading extensions for user services.");
2777 return false;
2778 }
2779
2780 return true;
2781}
2782
2783static void service_enter_refresh_extensions(Service *s) {
2784 _cleanup_(pidref_done) PidRef worker = PIDREF_NULL;
2785 int r;
2786
2787 assert(s);
2788
2789 /* If we don't have extensions to reload, immediately go to the signal step */
2790 if (!service_should_reload_extensions(s))
2791 return (void) service_enter_reload_signal_exec(s);
2792
2793 service_unwatch_control_pid(s);
2794 s->reload_result = SERVICE_SUCCESS;
2795 s->control_command = NULL;
2796 s->control_command_id = _SERVICE_EXEC_COMMAND_INVALID;
2797
2798 /* Given we are running from PID1, avoid doing potentially heavy I/O operations like opening images
2799 * directly, and instead fork a worker process. */
2800 r = unit_fork_helper_process(UNIT(s), "(sd-refresh-extensions)", /* into_cgroup= */ false, &worker);
2801 if (r < 0) {
2802 log_unit_error_errno(UNIT(s), r, "Failed to fork process to refresh extensions in unit's namespace: %m");
2803 goto fail;
2804 }
2805 if (r == 0) {
2806 PidRef *unit_pid = &s->main_pid;
2807 assert(pidref_is_set(unit_pid));
2808
2809 _cleanup_free_ char *propagate_dir = path_join("/run/systemd/propagate/", UNIT(s)->id);
2810 if (!propagate_dir) {
2811 log_unit_error_errno(UNIT(s), -ENOMEM, "Failed to allocate memory for propagate directory: %m");
2812 _exit(EXIT_FAILURE);
2813 }
2814
2815 NamespaceParameters p = {
2816 .private_namespace_dir = "/run/systemd",
2817 .incoming_dir = "/run/systemd/incoming",
2818 .propagate_dir = propagate_dir,
2819 .runtime_scope = UNIT(s)->manager->runtime_scope,
2820 .extension_images = s->exec_context.extension_images,
2821 .n_extension_images = s->exec_context.n_extension_images,
2822 .extension_directories = s->exec_context.extension_directories,
2823 .extension_image_policy = s->exec_context.extension_image_policy,
2824 };
2825
2826 /* Only reload confext, and not sysext as they also typically contain the executable(s) used
2827 * by the service and a simply reload cannot meaningfully handle that. */
2828 r = refresh_extensions_in_namespace(
2829 unit_pid,
2830 "SYSTEMD_CONFEXT_HIERARCHIES",
2831 &p);
2832 if (r < 0)
2833 log_unit_error_errno(UNIT(s), r, "Failed to refresh extensions in unit's namespace: %m");
2834 else
2835 log_unit_debug(UNIT(s), "Refreshed extensions in unit's namespace");
2836
2837 _exit(r < 0 ? EXIT_FAILURE : EXIT_SUCCESS);
2838 }
2839
2840 r = unit_watch_pidref(UNIT(s), &worker, /* exclusive= */ true);
2841 if (r < 0) {
2842 log_unit_warning_errno(UNIT(s), r, "Failed to watch extensions refresh helper process: %m");
2843 goto fail;
2844 }
2845
2846 s->control_pid = TAKE_PIDREF(worker);
2847 service_set_state(s, SERVICE_REFRESH_EXTENSIONS);
2848 return;
2849
2850fail:
2851 s->reload_result = SERVICE_FAILURE_RESOURCES;
2852 service_enter_running(s, SERVICE_SUCCESS);
2853}
2854
2855static void service_enter_reload_mounting(Service *s) {
2856 int r;
2857
2858 assert(s);
2859
2860 usec_t ts = now(CLOCK_MONOTONIC);
2861
2862 r = service_arm_timer(s, /* relative= */ true, s->timeout_start_usec);
2863 if (r < 0) {
2864 log_unit_warning_errno(UNIT(s), r, "Failed to install timer: %m");
2865 s->reload_result = SERVICE_FAILURE_RESOURCES;
2866 service_enter_running(s, SERVICE_SUCCESS);
2867 return;
2868 }
2869
2870 s->reload_begin_usec = ts;
2871
2872 service_enter_refresh_extensions(s);
2873}
2874
2875static void service_run_next_control(Service *s) {
2876 usec_t timeout;
2877 int r;
2878
2879 assert(s);
2880 assert(s->control_command);
2881 assert(s->control_command->command_next);
2882
2883 assert(s->control_command_id != SERVICE_EXEC_START);
2884
2885 s->control_command = s->control_command->command_next;
2886 service_unwatch_control_pid(s);
2887
2888 if (IN_SET(s->state, SERVICE_CONDITION, SERVICE_START_PRE, SERVICE_START, SERVICE_START_POST, SERVICE_RUNNING, SERVICE_RELOAD))
2889 timeout = s->timeout_start_usec;
2890 else
2891 timeout = s->timeout_stop_usec;
2892
2893 pidref_done(&s->control_pid);
2894
2895 r = service_spawn(s,
2896 s->control_command,
2897 service_exec_flags(s->control_command_id, /* cred_flag = */ 0),
2898 timeout,
2899 &s->control_pid);
2900 if (r < 0) {
2901 log_unit_warning_errno(UNIT(s), r, "Failed to spawn next control task: %m");
2902
2903 if (IN_SET(s->state, SERVICE_CONDITION, SERVICE_START_PRE, SERVICE_START_POST, SERVICE_STOP))
2904 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_RESOURCES);
2905 else if (s->state == SERVICE_STOP_POST)
2906 service_enter_dead(s, SERVICE_FAILURE_RESOURCES, /* allow_restart= */ true);
2907 else if (s->state == SERVICE_RELOAD) {
2908 s->reload_result = SERVICE_FAILURE_RESOURCES;
2909 service_enter_running(s, SERVICE_SUCCESS);
2910 } else
2911 service_enter_stop(s, SERVICE_FAILURE_RESOURCES);
2912 }
2913}
2914
2915static void service_run_next_main(Service *s) {
2916 _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
2917 int r;
2918
2919 assert(s);
2920 assert(s->main_command);
2921 assert(s->main_command->command_next);
2922 assert(s->type == SERVICE_ONESHOT);
2923
2924 s->main_command = s->main_command->command_next;
2925 service_unwatch_main_pid(s);
2926
2927 r = service_spawn(s,
2928 s->main_command,
2929 service_exec_flags(SERVICE_EXEC_START, EXEC_SETUP_CREDENTIALS),
2930 s->timeout_start_usec,
2931 &pidref);
2932 if (r < 0) {
2933 log_unit_warning_errno(UNIT(s), r, "Failed to spawn next main task: %m");
2934 service_enter_stop(s, SERVICE_FAILURE_RESOURCES);
2935 return;
2936 }
2937
2938 (void) service_set_main_pidref(s, TAKE_PIDREF(pidref), &s->main_command->exec_status.start_timestamp);
2939}
2940
2941static int service_start(Unit *u) {
2942 Service *s = ASSERT_PTR(SERVICE(u));
2943 int r;
2944
2945 /* We cannot fulfill this request right now, try again later
2946 * please! */
2947 if (IN_SET(s->state,
2948 SERVICE_STOP, SERVICE_STOP_WATCHDOG, SERVICE_STOP_SIGTERM, SERVICE_STOP_SIGKILL, SERVICE_STOP_POST,
2949 SERVICE_FINAL_WATCHDOG, SERVICE_FINAL_SIGTERM, SERVICE_FINAL_SIGKILL, SERVICE_CLEANING))
2950 return -EAGAIN;
2951
2952 /* Already on it! */
2953 if (IN_SET(s->state, SERVICE_CONDITION, SERVICE_START_PRE, SERVICE_START, SERVICE_START_POST))
2954 return 0;
2955
2956 if (s->state == SERVICE_AUTO_RESTART) {
2957 /* As mentioned in unit_start(), we allow manual starts to act as "hurry up" signals
2958 * for auto restart. We need to re-enqueue the job though, as the job type has changed
2959 * (JOB_RESTART_DEPENDENCIES). */
2960
2961 service_enter_restart(s, /* shortcut = */ true);
2962 return -EAGAIN;
2963 }
2964
2965 /* SERVICE_*_BEFORE_AUTO_RESTART are not to be expected here, as those are intermediate states
2966 * that should never be seen outside of service_enter_dead(). */
2967 assert(IN_SET(s->state, SERVICE_DEAD, SERVICE_FAILED, SERVICE_DEAD_RESOURCES_PINNED, SERVICE_AUTO_RESTART_QUEUED));
2968
2969 r = unit_acquire_invocation_id(u);
2970 if (r < 0)
2971 return r;
2972
2973 s->result = SERVICE_SUCCESS;
2974 s->reload_result = SERVICE_SUCCESS;
2975 s->main_pid_known = false;
2976 s->main_pid_alien = false;
2977 s->forbid_restart = false;
2978
2979 /* This is not an automatic restart? Flush the restart counter then. */
2980 if (s->state != SERVICE_AUTO_RESTART_QUEUED)
2981 s->n_restarts = 0;
2982
2983 s->status_text = mfree(s->status_text);
2984 s->status_errno = 0;
2985 s->status_bus_error = mfree(s->status_bus_error);
2986 s->status_varlink_error = mfree(s->status_varlink_error);
2987
2988 s->notify_access_override = _NOTIFY_ACCESS_INVALID;
2989 s->notify_state = NOTIFY_UNKNOWN;
2990
2991 s->watchdog_original_usec = s->watchdog_usec;
2992 s->watchdog_override_enable = false;
2993 s->watchdog_override_usec = USEC_INFINITY;
2994
2995 exec_command_reset_status_list_array(s->exec_command, _SERVICE_EXEC_COMMAND_MAX);
2996 exec_status_reset(&s->main_exec_status);
2997
2998 CGroupRuntime *crt = unit_get_cgroup_runtime(u);
2999 if (crt)
3000 crt->reset_accounting = true;
3001
3002 service_enter_condition(s);
3003 return 1;
3004}
3005
3006static void service_live_mount_finish(Service *s, ServiceResult f, const char *error) {
3007 assert(s);
3008 assert(error);
3009
3010 s->live_mount_result = f;
3011
3012 if (!s->mount_request)
3013 return;
3014
3015 if (f == SERVICE_SUCCESS) {
3016 (void) sd_bus_reply_method_return(s->mount_request, NULL);
3017 log_unit_debug(UNIT(s),
3018 "'%s' method succeeded",
3019 strna(sd_bus_message_get_member(s->mount_request)));
3020 } else {
3021 (void) sd_bus_reply_method_errorf(s->mount_request, error,
3022 "method '%s' for unit '%s' failed",
3023 strna(sd_bus_message_get_member(s->mount_request)),
3024 UNIT(s)->id);
3025 log_unit_debug(UNIT(s),
3026 "'%s' method failed: %s",
3027 strna(sd_bus_message_get_member(s->mount_request)),
3028 error);
3029 }
3030
3031 s->mount_request = sd_bus_message_unref(s->mount_request);
3032}
3033
3034static int service_stop(Unit *u) {
3035 Service *s = ASSERT_PTR(SERVICE(u));
3036
3037 /* Don't create restart jobs from manual stops. */
3038 s->forbid_restart = true;
3039
3040 switch (s->state) {
3041
3042 case SERVICE_STOP:
3043 case SERVICE_STOP_SIGTERM:
3044 case SERVICE_STOP_SIGKILL:
3045 case SERVICE_STOP_POST:
3046 case SERVICE_FINAL_WATCHDOG:
3047 case SERVICE_FINAL_SIGTERM:
3048 case SERVICE_FINAL_SIGKILL:
3049 /* Already on it */
3050 return 0;
3051
3052 case SERVICE_AUTO_RESTART:
3053 case SERVICE_AUTO_RESTART_QUEUED:
3054 /* Give up on the auto restart */
3055 service_set_state(s, service_determine_dead_state(s));
3056 return 0;
3057
3058 case SERVICE_MOUNTING:
3059 service_live_mount_finish(s, SERVICE_FAILURE_PROTOCOL, BUS_ERROR_UNIT_INACTIVE);
3060 _fallthrough_;
3061 case SERVICE_REFRESH_EXTENSIONS:
3062 service_kill_control_process(s);
3063 _fallthrough_;
3064 case SERVICE_CONDITION:
3065 case SERVICE_START_PRE:
3066 case SERVICE_START:
3067 case SERVICE_START_POST:
3068 case SERVICE_RELOAD:
3069 case SERVICE_RELOAD_SIGNAL:
3070 case SERVICE_RELOAD_NOTIFY:
3071 case SERVICE_STOP_WATCHDOG:
3072 /* If there's already something running we go directly into kill mode. */
3073 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_SUCCESS);
3074 return 0;
3075
3076 case SERVICE_CLEANING:
3077 /* If we are currently cleaning, then abort it, brutally. */
3078 service_enter_signal(s, SERVICE_FINAL_SIGKILL, SERVICE_SUCCESS);
3079 return 0;
3080
3081 case SERVICE_RUNNING:
3082 case SERVICE_EXITED:
3083 service_enter_stop(s, SERVICE_SUCCESS);
3084 return 1;
3085
3086 case SERVICE_DEAD_BEFORE_AUTO_RESTART:
3087 case SERVICE_FAILED_BEFORE_AUTO_RESTART:
3088 case SERVICE_DEAD:
3089 case SERVICE_FAILED:
3090 case SERVICE_DEAD_RESOURCES_PINNED:
3091 default:
3092 /* Unknown state, or unit_stop() should already have handled these */
3093 assert_not_reached();
3094 }
3095}
3096
3097static int service_reload(Unit *u) {
3098 Service *s = ASSERT_PTR(SERVICE(u));
3099
3100 assert(IN_SET(s->state, SERVICE_RUNNING, SERVICE_EXITED));
3101
3102 service_enter_reload_mounting(s);
3103
3104 return 1;
3105}
3106
3107static bool service_can_reload(Unit *u) {
3108 Service *s = ASSERT_PTR(SERVICE(u));
3109
3110 return s->exec_command[SERVICE_EXEC_RELOAD] ||
3111 s->type == SERVICE_NOTIFY_RELOAD;
3112}
3113
3114static unsigned service_exec_command_index(Unit *u, ServiceExecCommand id, const ExecCommand *current) {
3115 Service *s = SERVICE(u);
3116 unsigned idx = 0;
3117
3118 assert(s);
3119 assert(id >= 0);
3120 assert(id < _SERVICE_EXEC_COMMAND_MAX);
3121
3122 const ExecCommand *first = s->exec_command[id];
3123
3124 /* Figure out where we are in the list by walking back to the beginning */
3125 for (const ExecCommand *c = current; c != first; c = c->command_prev)
3126 idx++;
3127
3128 return idx;
3129}
3130
3131static int service_serialize_exec_command(Unit *u, FILE *f, const ExecCommand *command) {
3132 Service *s = ASSERT_PTR(SERVICE(u));
3133 _cleanup_free_ char *args = NULL, *p = NULL;
3134 const char *type, *key;
3135 ServiceExecCommand id;
3136 size_t length = 0;
3137 unsigned idx;
3138
3139 assert(f);
3140
3141 if (!command)
3142 return 0;
3143
3144 if (command == s->control_command) {
3145 type = "control";
3146 id = s->control_command_id;
3147 } else {
3148 type = "main";
3149 id = SERVICE_EXEC_START;
3150 }
3151
3152 idx = service_exec_command_index(u, id, command);
3153
3154 STRV_FOREACH(arg, command->argv) {
3155 _cleanup_free_ char *e = NULL;
3156 size_t n;
3157
3158 e = cescape(*arg);
3159 if (!e)
3160 return log_oom();
3161
3162 n = strlen(e);
3163 if (!GREEDY_REALLOC(args, length + 2 + n + 2))
3164 return log_oom();
3165
3166 if (length > 0)
3167 args[length++] = ' ';
3168
3169 args[length++] = '"';
3170 memcpy(args + length, e, n);
3171 length += n;
3172 args[length++] = '"';
3173 }
3174
3175 if (!GREEDY_REALLOC(args, length + 1))
3176 return log_oom();
3177
3178 args[length++] = 0;
3179
3180 p = cescape(command->path);
3181 if (!p)
3182 return log_oom();
3183
3184 key = strjoina(type, "-command");
3185
3186 /* We use '+1234' instead of '1234' to mark the last command in a sequence.
3187 * This is used in service_deserialize_exec_command(). */
3188 (void) serialize_item_format(
3189 f, key,
3190 "%s %s%u %s %s",
3191 service_exec_command_to_string(id),
3192 command->command_next ? "" : "+",
3193 idx,
3194 p, args);
3195
3196 return 0;
3197}
3198
3199static int service_serialize(Unit *u, FILE *f, FDSet *fds) {
3200 Service *s = ASSERT_PTR(SERVICE(u));
3201 int r;
3202
3203 assert(f);
3204 assert(fds);
3205
3206 (void) serialize_item(f, "state", service_state_to_string(s->state));
3207 (void) serialize_item(f, "result", service_result_to_string(s->result));
3208 (void) serialize_item(f, "reload-result", service_result_to_string(s->reload_result));
3209 (void) serialize_item(f, "live-mount-result", service_result_to_string(s->live_mount_result));
3210
3211 (void) serialize_pidref(f, fds, "control-pid", &s->control_pid);
3212 if (s->main_pid_known)
3213 (void) serialize_pidref(f, fds, "main-pid", &s->main_pid);
3214
3215 (void) serialize_bool(f, "main-pid-known", s->main_pid_known);
3216 (void) serialize_bool(f, "bus-name-good", s->bus_name_good);
3217
3218 (void) serialize_item_format(f, "n-restarts", "%u", s->n_restarts);
3219 (void) serialize_bool(f, "forbid-restart", s->forbid_restart);
3220
3221 service_serialize_exec_command(u, f, s->control_command);
3222 service_serialize_exec_command(u, f, s->main_command);
3223
3224 r = serialize_fd(f, fds, "stdin-fd", s->stdin_fd);
3225 if (r < 0)
3226 return r;
3227 r = serialize_fd(f, fds, "stdout-fd", s->stdout_fd);
3228 if (r < 0)
3229 return r;
3230 r = serialize_fd(f, fds, "stderr-fd", s->stderr_fd);
3231 if (r < 0)
3232 return r;
3233
3234 if (s->exec_fd_event_source) {
3235 r = serialize_fd(f, fds, "exec-fd", sd_event_source_get_io_fd(s->exec_fd_event_source));
3236 if (r < 0)
3237 return r;
3238
3239 (void) serialize_bool(f, "exec-fd-hot", s->exec_fd_hot);
3240 }
3241
3242 if (UNIT_ISSET(s->accept_socket)) {
3243 r = serialize_item(f, "accept-socket", UNIT_DEREF(s->accept_socket)->id);
3244 if (r < 0)
3245 return r;
3246 }
3247
3248 r = serialize_fd(f, fds, "socket-fd", s->socket_fd);
3249 if (r < 0)
3250 return r;
3251
3252 LIST_FOREACH(fd_store, fs, s->fd_store) {
3253 _cleanup_free_ char *c = NULL;
3254 int copy;
3255
3256 copy = fdset_put_dup(fds, fs->fd);
3257 if (copy < 0)
3258 return log_error_errno(copy, "Failed to copy file descriptor for serialization: %m");
3259
3260 c = cescape(fs->fdname);
3261 if (!c)
3262 return log_oom();
3263
3264 (void) serialize_item_format(f, "fd-store-fd", "%i \"%s\" %s", copy, c, one_zero(fs->do_poll));
3265 }
3266
3267 FOREACH_ARRAY(i, s->extra_fds, s->n_extra_fds) {
3268 _cleanup_free_ char *c = NULL;
3269 int copy;
3270
3271 copy = fdset_put_dup(fds, i->fd);
3272 if (copy < 0)
3273 return log_error_errno(copy, "Failed to copy file descriptor for serialization: %m");
3274
3275 c = cescape(i->fdname);
3276 if (!c)
3277 return log_oom();
3278
3279 (void) serialize_item_format(f, "extra-fd", "%i \"%s\"", copy, c);
3280 }
3281
3282 if (s->main_exec_status.pid > 0) {
3283 (void) serialize_item_format(f, "main-exec-status-pid", PID_FMT, s->main_exec_status.pid);
3284 (void) serialize_dual_timestamp(f, "main-exec-status-start", &s->main_exec_status.start_timestamp);
3285 (void) serialize_dual_timestamp(f, "main-exec-status-exit", &s->main_exec_status.exit_timestamp);
3286 (void) serialize_dual_timestamp(f, "main-exec-status-handoff", &s->main_exec_status.handoff_timestamp);
3287
3288 if (dual_timestamp_is_set(&s->main_exec_status.exit_timestamp)) {
3289 (void) serialize_item_format(f, "main-exec-status-code", "%i", s->main_exec_status.code);
3290 (void) serialize_item_format(f, "main-exec-status-status", "%i", s->main_exec_status.status);
3291 }
3292 }
3293
3294 if (s->notify_access_override >= 0)
3295 (void) serialize_item(f, "notify-access-override", notify_access_to_string(s->notify_access_override));
3296
3297 r = serialize_item_escaped(f, "status-text", s->status_text);
3298 if (r < 0)
3299 return r;
3300
3301 (void) serialize_item_format(f, "status-errno", "%d", s->status_errno);
3302 (void) serialize_item(f, "status-bus-error", s->status_bus_error);
3303 (void) serialize_item(f, "status-varlink-error", s->status_varlink_error);
3304
3305 (void) serialize_dual_timestamp(f, "watchdog-timestamp", &s->watchdog_timestamp);
3306
3307 (void) serialize_usec(f, "watchdog-original-usec", s->watchdog_original_usec);
3308 if (s->watchdog_override_enable)
3309 (void) serialize_usec(f, "watchdog-override-usec", s->watchdog_override_usec);
3310
3311 (void) serialize_usec(f, "reload-begin-usec", s->reload_begin_usec);
3312
3313 return 0;
3314}
3315
3316int service_deserialize_exec_command(
3317 Unit *u,
3318 const char *key,
3319 const char *value) {
3320
3321 Service *s = ASSERT_PTR(SERVICE(u));
3322 ExecCommand *command = NULL;
3323 ServiceExecCommand id = _SERVICE_EXEC_COMMAND_INVALID;
3324 _cleanup_free_ char *path = NULL;
3325 _cleanup_strv_free_ char **argv = NULL;
3326 unsigned idx = 0, i;
3327 bool control, found = false, last = false;
3328 int r;
3329
3330 enum {
3331 STATE_EXEC_COMMAND_TYPE,
3332 STATE_EXEC_COMMAND_INDEX,
3333 STATE_EXEC_COMMAND_PATH,
3334 STATE_EXEC_COMMAND_ARGS,
3335 _STATE_EXEC_COMMAND_MAX,
3336 _STATE_EXEC_COMMAND_INVALID = -EINVAL,
3337 } state;
3338
3339 assert(key);
3340 assert(value);
3341
3342 control = streq(key, "control-command");
3343
3344 state = STATE_EXEC_COMMAND_TYPE;
3345
3346 for (;;) {
3347 _cleanup_free_ char *arg = NULL;
3348
3349 r = extract_first_word(&value, &arg, NULL, EXTRACT_CUNESCAPE | EXTRACT_UNQUOTE);
3350 if (r < 0)
3351 return r;
3352 if (r == 0)
3353 break;
3354
3355 switch (state) {
3356
3357 case STATE_EXEC_COMMAND_TYPE:
3358 id = service_exec_command_from_string(arg);
3359 if (id < 0)
3360 return id;
3361
3362 state = STATE_EXEC_COMMAND_INDEX;
3363 break;
3364
3365 case STATE_EXEC_COMMAND_INDEX:
3366 /* ExecCommand index 1234 is serialized as either '1234' or '+1234'. The second form
3367 * is used to mark the last command in a sequence. We warn if the deserialized command
3368 * doesn't match what we have loaded from the unit, but we don't need to warn if
3369 * that is the last command. */
3370
3371 r = safe_atou(arg, &idx);
3372 if (r < 0)
3373 return r;
3374 last = arg[0] == '+';
3375
3376 state = STATE_EXEC_COMMAND_PATH;
3377 break;
3378
3379 case STATE_EXEC_COMMAND_PATH:
3380 path = TAKE_PTR(arg);
3381 state = STATE_EXEC_COMMAND_ARGS;
3382 break;
3383
3384 case STATE_EXEC_COMMAND_ARGS:
3385 r = strv_extend(&argv, arg);
3386 if (r < 0)
3387 return r;
3388 break;
3389
3390 default:
3391 assert_not_reached();
3392 }
3393 }
3394
3395 if (state != STATE_EXEC_COMMAND_ARGS)
3396 return -EINVAL;
3397 if (strv_isempty(argv))
3398 return -EINVAL; /* At least argv[0] must be always present. */
3399
3400 /* Let's check whether exec command on given offset matches data that we just deserialized */
3401 for (command = s->exec_command[id], i = 0; command; command = command->command_next, i++) {
3402 if (i != idx)
3403 continue;
3404
3405 found = strv_equal(argv, command->argv) && streq(command->path, path);
3406 break;
3407 }
3408
3409 if (!found) {
3410 /* Command at the index we serialized is different, let's look for command that exactly
3411 * matches but is on different index. If there is no such command we will not resume execution. */
3412 for (command = s->exec_command[id]; command; command = command->command_next)
3413 if (strv_equal(command->argv, argv) && streq(command->path, path))
3414 break;
3415 }
3416
3417 if (command && control) {
3418 s->control_command = command;
3419 s->control_command_id = id;
3420 } else if (command)
3421 s->main_command = command;
3422 else if (last)
3423 log_unit_debug(u, "Current command vanished from the unit file.");
3424 else
3425 log_unit_warning(u, "Current command vanished from the unit file, execution of the command list won't be resumed.");
3426
3427 return 0;
3428}
3429
3430static int service_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
3431 Service *s = ASSERT_PTR(SERVICE(u));
3432 int r;
3433
3434 assert(key);
3435 assert(value);
3436 assert(fds);
3437
3438 if (streq(key, "state")) {
3439 ServiceState state;
3440
3441 state = service_state_from_string(value);
3442 if (state < 0)
3443 log_unit_debug_errno(u, state, "Failed to parse state value: %s", value);
3444 else
3445 s->deserialized_state = state;
3446 } else if (streq(key, "result")) {
3447 ServiceResult f;
3448
3449 f = service_result_from_string(value);
3450 if (f < 0)
3451 log_unit_debug_errno(u, f, "Failed to parse result value: %s", value);
3452 else if (f != SERVICE_SUCCESS)
3453 s->result = f;
3454
3455 } else if (streq(key, "reload-result")) {
3456 ServiceResult f;
3457
3458 f = service_result_from_string(value);
3459 if (f < 0)
3460 log_unit_debug_errno(u, f, "Failed to parse reload result value: %s", value);
3461 else if (f != SERVICE_SUCCESS)
3462 s->reload_result = f;
3463
3464 } else if (streq(key, "live-mount-result")) {
3465 ServiceResult f;
3466
3467 f = service_result_from_string(value);
3468 if (f < 0)
3469 log_unit_debug_errno(u, f, "Failed to parse live mount result value: %s", value);
3470 else if (f != SERVICE_SUCCESS)
3471 s->live_mount_result = f;
3472
3473 } else if (streq(key, "control-pid")) {
3474
3475 if (!pidref_is_set(&s->control_pid))
3476 (void) deserialize_pidref(fds, value, &s->control_pid);
3477
3478 } else if (streq(key, "main-pid")) {
3479 PidRef pidref;
3480
3481 if (!pidref_is_set(&s->main_pid) && deserialize_pidref(fds, value, &pidref) >= 0)
3482 (void) service_set_main_pidref(s, pidref, /* start_timestamp = */ NULL);
3483
3484 } else if (streq(key, "main-pid-known")) {
3485 r = parse_boolean(value);
3486 if (r < 0)
3487 log_unit_debug_errno(u, r, "Failed to parse main-pid-known value: %s", value);
3488 else
3489 s->main_pid_known = r;
3490 } else if (streq(key, "bus-name-good")) {
3491 r = parse_boolean(value);
3492 if (r < 0)
3493 log_unit_debug_errno(u, r, "Failed to parse bus-name-good value: %s", value);
3494 else
3495 s->bus_name_good = r;
3496 } else if (streq(key, "accept-socket")) {
3497 Unit *socket;
3498
3499 if (unit_name_to_type(value) != UNIT_SOCKET) {
3500 log_unit_debug(u, "Deserialized accept-socket is not a socket unit, ignoring: %s", value);
3501 return 0;
3502 }
3503
3504 r = manager_load_unit(u->manager, value, NULL, NULL, &socket);
3505 if (r < 0)
3506 log_unit_debug_errno(u, r, "Failed to load accept-socket unit '%s': %m", value);
3507 else {
3508 unit_ref_set(&s->accept_socket, u, socket);
3509 ASSERT_PTR(SOCKET(socket))->n_connections++;
3510 }
3511
3512 } else if (streq(key, "socket-fd")) {
3513 asynchronous_close(s->socket_fd);
3514 s->socket_fd = deserialize_fd(fds, value);
3515
3516 } else if (streq(key, "fd-store-fd")) {
3517 _cleanup_free_ char *fdv = NULL, *fdn = NULL, *fdp = NULL;
3518 _cleanup_close_ int fd = -EBADF;
3519 int do_poll;
3520
3521 r = extract_many_words(&value, " ", EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE, &fdv, &fdn, &fdp);
3522 if (r < 2 || r > 3) {
3523 log_unit_debug(u, "Failed to deserialize fd-store-fd, ignoring: %s", value);
3524 return 0;
3525 }
3526
3527 fd = deserialize_fd(fds, fdv);
3528 if (fd < 0)
3529 return 0;
3530
3531 do_poll = r == 3 ? parse_boolean(fdp) : true;
3532 if (do_poll < 0) {
3533 log_unit_debug_errno(u, do_poll,
3534 "Failed to deserialize fd-store-fd do_poll, ignoring: %s", fdp);
3535 return 0;
3536 }
3537
3538 r = service_add_fd_store(s, TAKE_FD(fd), fdn, do_poll);
3539 if (r < 0) {
3540 log_unit_debug_errno(u, r,
3541 "Failed to store deserialized fd '%s', ignoring: %m", fdn);
3542 return 0;
3543 }
3544 } else if (streq(key, "extra-fd")) {
3545 _cleanup_free_ char *fdv = NULL, *fdn = NULL;
3546 _cleanup_close_ int fd = -EBADF;
3547
3548 r = extract_many_words(&value, " ", EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE, &fdv, &fdn);
3549 if (r != 2) {
3550 log_unit_debug(u, "Failed to deserialize extra-fd, ignoring: %s", value);
3551 return 0;
3552 }
3553
3554 fd = deserialize_fd(fds, fdv);
3555 if (fd < 0)
3556 return 0;
3557
3558 if (!GREEDY_REALLOC(s->extra_fds, s->n_extra_fds + 1)) {
3559 log_oom_debug();
3560 return 0;
3561 }
3562
3563 s->extra_fds[s->n_extra_fds++] = (ServiceExtraFD) {
3564 .fd = TAKE_FD(fd),
3565 .fdname = TAKE_PTR(fdn),
3566 };
3567 } else if (streq(key, "main-exec-status-pid")) {
3568 pid_t pid;
3569
3570 if (parse_pid(value, &pid) < 0)
3571 log_unit_debug(u, "Failed to parse main-exec-status-pid value: %s", value);
3572 else
3573 s->main_exec_status.pid = pid;
3574 } else if (streq(key, "main-exec-status-code")) {
3575 int i;
3576
3577 if (safe_atoi(value, &i) < 0)
3578 log_unit_debug(u, "Failed to parse main-exec-status-code value: %s", value);
3579 else
3580 s->main_exec_status.code = i;
3581 } else if (streq(key, "main-exec-status-status")) {
3582 int i;
3583
3584 if (safe_atoi(value, &i) < 0)
3585 log_unit_debug(u, "Failed to parse main-exec-status-status value: %s", value);
3586 else
3587 s->main_exec_status.status = i;
3588 } else if (streq(key, "main-exec-status-start"))
3589 (void) deserialize_dual_timestamp(value, &s->main_exec_status.start_timestamp);
3590 else if (streq(key, "main-exec-status-exit"))
3591 (void) deserialize_dual_timestamp(value, &s->main_exec_status.exit_timestamp);
3592 else if (streq(key, "main-exec-status-handoff"))
3593 (void) deserialize_dual_timestamp(value, &s->main_exec_status.handoff_timestamp);
3594 else if (STR_IN_SET(key, "main-command", "control-command")) {
3595 r = service_deserialize_exec_command(u, key, value);
3596 if (r < 0)
3597 log_unit_debug_errno(u, r, "Failed to parse serialized command \"%s\": %m", value);
3598 } else if (streq(key, "notify-access-override")) {
3599 NotifyAccess notify_access;
3600
3601 notify_access = notify_access_from_string(value);
3602 if (notify_access < 0)
3603 log_unit_debug(u, "Failed to parse notify-access-override value: %s", value);
3604 else
3605 s->notify_access_override = notify_access;
3606 } else if (streq(key, "n-restarts")) {
3607 r = safe_atou(value, &s->n_restarts);
3608 if (r < 0)
3609 log_unit_debug_errno(u, r, "Failed to parse serialized restart counter '%s': %m", value);
3610
3611 } else if (streq(key, "forbid-restart")) {
3612 r = parse_boolean(value);
3613 if (r < 0)
3614 log_unit_debug_errno(u, r, "Failed to parse forbid-restart value: %s", value);
3615 else
3616 s->forbid_restart = r;
3617 } else if (streq(key, "stdin-fd")) {
3618
3619 asynchronous_close(s->stdin_fd);
3620 s->stdin_fd = deserialize_fd(fds, value);
3621 if (s->stdin_fd >= 0)
3622 s->exec_context.stdio_as_fds = true;
3623
3624 } else if (streq(key, "stdout-fd")) {
3625
3626 asynchronous_close(s->stdout_fd);
3627 s->stdout_fd = deserialize_fd(fds, value);
3628 if (s->stdout_fd >= 0)
3629 s->exec_context.stdio_as_fds = true;
3630
3631 } else if (streq(key, "stderr-fd")) {
3632
3633 asynchronous_close(s->stderr_fd);
3634 s->stderr_fd = deserialize_fd(fds, value);
3635 if (s->stderr_fd >= 0)
3636 s->exec_context.stdio_as_fds = true;
3637
3638 } else if (streq(key, "exec-fd")) {
3639 _cleanup_close_ int fd = -EBADF;
3640
3641 fd = deserialize_fd(fds, value);
3642 if (fd >= 0) {
3643 s->exec_fd_event_source = sd_event_source_disable_unref(s->exec_fd_event_source);
3644
3645 if (service_allocate_exec_fd_event_source(s, fd, &s->exec_fd_event_source) >= 0)
3646 TAKE_FD(fd);
3647 }
3648
3649 } else if (streq(key, "status-text")) {
3650 char *t;
3651 ssize_t l;
3652
3653 l = cunescape(value, 0, &t);
3654 if (l < 0)
3655 log_unit_debug_errno(u, l, "Failed to unescape status text '%s': %m", value);
3656 else
3657 free_and_replace(s->status_text, t);
3658
3659 } else if (streq(key, "status-errno")) {
3660 int i;
3661
3662 if (safe_atoi(value, &i) < 0)
3663 log_unit_debug(u, "Failed to parse status-errno value: %s", value);
3664 else
3665 s->status_errno = i;
3666
3667 } else if (streq(key, "status-bus-error")) {
3668 if (free_and_strdup(&s->status_bus_error, value) < 0)
3669 log_oom_debug();
3670
3671 } else if (streq(key, "status-varlink-error")) {
3672 if (free_and_strdup(&s->status_varlink_error, value) < 0)
3673 log_oom_debug();
3674
3675 } else if (streq(key, "watchdog-timestamp"))
3676 (void) deserialize_dual_timestamp(value, &s->watchdog_timestamp);
3677 else if (streq(key, "watchdog-original-usec"))
3678 (void) deserialize_usec(value, &s->watchdog_original_usec);
3679 else if (streq(key, "watchdog-override-usec")) {
3680 if (deserialize_usec(value, &s->watchdog_override_usec) >= 0)
3681 s->watchdog_override_enable = true;
3682
3683 } else if (streq(key, "reload-begin-usec"))
3684 (void) deserialize_usec(value, &s->reload_begin_usec);
3685 else
3686 log_unit_debug(u, "Unknown serialization key: %s", key);
3687
3688 return 0;
3689}
3690
3691static UnitActiveState service_active_state(Unit *u) {
3692 Service *s = ASSERT_PTR(SERVICE(u));
3693 const UnitActiveState *table;
3694
3695 table = s->type == SERVICE_IDLE ? state_translation_table_idle : state_translation_table;
3696
3697 return table[s->state];
3698}
3699
3700static const char *service_sub_state_to_string(Unit *u) {
3701 assert(u);
3702
3703 return service_state_to_string(SERVICE(u)->state);
3704}
3705
3706static bool service_may_gc(Unit *u) {
3707 Service *s = ASSERT_PTR(SERVICE(u));
3708
3709 /* Never clean up services that still have a process around, even if the service is formally dead. Note that
3710 * unit_may_gc() already checked our cgroup for us, we just check our two additional PIDs, too, in case they
3711 * have moved outside of the cgroup. */
3712
3713 if (main_pid_good(s) > 0 ||
3714 control_pid_good(s) > 0)
3715 return false;
3716
3717 /* Only allow collection of actually dead services, i.e. not those that are in the transitionary
3718 * SERVICE_DEAD_BEFORE_AUTO_RESTART/SERVICE_FAILED_BEFORE_AUTO_RESTART states. */
3719 if (!IN_SET(s->state, SERVICE_DEAD, SERVICE_FAILED, SERVICE_DEAD_RESOURCES_PINNED))
3720 return false;
3721
3722 return true;
3723}
3724
3725static int service_retry_pid_file(Service *s) {
3726 int r;
3727
3728 assert(s);
3729 assert(s->pid_file);
3730 assert(IN_SET(s->state, SERVICE_START, SERVICE_START_POST));
3731
3732 r = service_load_pid_file(s, false);
3733 if (r < 0)
3734 return r;
3735
3736 service_unwatch_pid_file(s);
3737
3738 service_enter_running(s, SERVICE_SUCCESS);
3739 return 0;
3740}
3741
3742static int service_watch_pid_file(Service *s) {
3743 int r;
3744
3745 assert(s);
3746
3747 log_unit_debug(UNIT(s), "Setting watch for PID file %s", s->pid_file_pathspec->path);
3748
3749 r = path_spec_watch(s->pid_file_pathspec, service_dispatch_inotify_io);
3750 if (r < 0) {
3751 log_unit_error_errno(UNIT(s), r, "Failed to set a watch for PID file %s: %m", s->pid_file_pathspec->path);
3752 service_unwatch_pid_file(s);
3753 return r;
3754 }
3755
3756 /* the pidfile might have appeared just before we set the watch */
3757 log_unit_debug(UNIT(s), "Trying to read PID file %s in case it changed", s->pid_file_pathspec->path);
3758 service_retry_pid_file(s);
3759
3760 return 0;
3761}
3762
3763static int service_demand_pid_file(Service *s) {
3764 _cleanup_free_ PathSpec *ps = NULL;
3765
3766 assert(s);
3767 assert(s->pid_file);
3768 assert(!s->pid_file_pathspec);
3769
3770 ps = new(PathSpec, 1);
3771 if (!ps)
3772 return -ENOMEM;
3773
3774 *ps = (PathSpec) {
3775 .unit = UNIT(s),
3776 .path = strdup(s->pid_file),
3777 /* PATH_CHANGED would not be enough. There are daemons (sendmail) that keep their PID file
3778 * open all the time. */
3779 .type = PATH_MODIFIED,
3780 .inotify_fd = -EBADF,
3781 };
3782
3783 if (!ps->path)
3784 return -ENOMEM;
3785
3786 path_simplify(ps->path);
3787
3788 s->pid_file_pathspec = TAKE_PTR(ps);
3789
3790 return service_watch_pid_file(s);
3791}
3792
3793static int service_dispatch_inotify_io(sd_event_source *source, int fd, uint32_t events, void *userdata) {
3794 PathSpec *p = ASSERT_PTR(userdata);
3795 Service *s = ASSERT_PTR(SERVICE(p->unit));
3796
3797 assert(fd >= 0);
3798 assert(IN_SET(s->state, SERVICE_START, SERVICE_START_POST));
3799 assert(s->pid_file_pathspec);
3800 assert(path_spec_owns_inotify_fd(s->pid_file_pathspec, fd));
3801
3802 log_unit_debug(UNIT(s), "inotify event");
3803
3804 if (path_spec_fd_event(p, events) < 0)
3805 goto fail;
3806
3807 if (service_retry_pid_file(s) == 0)
3808 return 0;
3809
3810 if (service_watch_pid_file(s) < 0)
3811 goto fail;
3812
3813 return 0;
3814
3815fail:
3816 service_unwatch_pid_file(s);
3817 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_RESOURCES);
3818 return 0;
3819}
3820
3821static int service_dispatch_exec_io(sd_event_source *source, int fd, uint32_t events, void *userdata) {
3822 Service *s = ASSERT_PTR(SERVICE(userdata));
3823
3824 log_unit_debug(UNIT(s), "got exec-fd event");
3825
3826 /* If Type=exec is set, we'll consider a service started successfully the instant we invoked execve()
3827 * successfully for it. We implement this through a pipe() towards the child, which the kernel
3828 * automatically closes for us due to O_CLOEXEC on execve() in the child, which then triggers EOF on
3829 * the pipe in the parent. We need to be careful however, as there are other reasons that we might
3830 * cause the child's side of the pipe to be closed (for example, a simple exit()). To deal with that
3831 * we'll ignore EOFs on the pipe unless the child signalled us first that it is about to call the
3832 * execve(). It does so by sending us a simple non-zero byte via the pipe. We also provide the child
3833 * with a way to inform us in case execve() failed: if it sends a zero byte we'll ignore POLLHUP on
3834 * the fd again. */
3835
3836 for (;;) {
3837 uint8_t x;
3838 ssize_t n;
3839
3840 n = read(fd, &x, sizeof(x));
3841 if (n < 0) {
3842 if (errno == EAGAIN) /* O_NONBLOCK in effect → everything queued has now been processed. */
3843 return 0;
3844
3845 return log_unit_error_errno(UNIT(s), errno, "Failed to read from exec_fd: %m");
3846 }
3847 if (n == 0) { /* EOF → the event we are waiting for in case of Type=exec */
3848 s->exec_fd_event_source = sd_event_source_disable_unref(s->exec_fd_event_source);
3849
3850 if (s->exec_fd_hot) { /* Did the child tell us to expect EOF now? */
3851 log_unit_debug(UNIT(s), "Got EOF on exec-fd");
3852
3853 s->exec_fd_hot = false;
3854
3855 /* Nice! This is what we have been waiting for. Transition to next state. */
3856 if (s->type == SERVICE_EXEC && s->state == SERVICE_START)
3857 service_enter_start_post(s);
3858 } else
3859 log_unit_debug(UNIT(s), "Got EOF on exec-fd while it was disabled, ignoring.");
3860
3861 return 0;
3862 }
3863
3864 /* A byte was read → this turns on/off the exec fd logic */
3865 assert(n == sizeof(x));
3866
3867 s->exec_fd_hot = x;
3868 }
3869}
3870
3871static void service_notify_cgroup_empty_event(Unit *u) {
3872 Service *s = ASSERT_PTR(SERVICE(u));
3873
3874 log_unit_debug(u, "Control group is empty.");
3875
3876 switch (s->state) {
3877
3878 /* Waiting for SIGCHLD is usually more interesting, because it includes return
3879 * codes/signals. Which is why we ignore the cgroup events for most cases, except when we
3880 * don't know pid which to expect the SIGCHLD for. */
3881
3882 case SERVICE_START:
3883 if (IN_SET(s->type, SERVICE_NOTIFY, SERVICE_NOTIFY_RELOAD) &&
3884 main_pid_good(s) == 0 &&
3885 control_pid_good(s) == 0) {
3886 /* No chance of getting a ready notification anymore */
3887 service_enter_stop_post(s, SERVICE_FAILURE_PROTOCOL);
3888 break;
3889 }
3890
3891 if (s->exit_type == SERVICE_EXIT_CGROUP && main_pid_good(s) <= 0) {
3892 service_enter_stop_post(s, SERVICE_SUCCESS);
3893 break;
3894 }
3895
3896 _fallthrough_;
3897 case SERVICE_START_POST:
3898 if (s->pid_file_pathspec &&
3899 main_pid_good(s) == 0 &&
3900 control_pid_good(s) == 0) {
3901
3902 /* Give up hoping for the daemon to write its PID file */
3903 log_unit_warning(u, "Daemon never wrote its PID file. Failing.");
3904
3905 service_unwatch_pid_file(s);
3906 if (s->state == SERVICE_START)
3907 service_enter_stop_post(s, SERVICE_FAILURE_PROTOCOL);
3908 else
3909 service_enter_stop(s, SERVICE_FAILURE_PROTOCOL);
3910 }
3911 break;
3912
3913 case SERVICE_RUNNING:
3914 /* service_enter_running() will figure out what to do */
3915 service_enter_running(s, SERVICE_SUCCESS);
3916 break;
3917
3918 case SERVICE_STOP_WATCHDOG:
3919 case SERVICE_STOP_SIGTERM:
3920 case SERVICE_STOP_SIGKILL:
3921
3922 if (main_pid_good(s) <= 0 && control_pid_good(s) <= 0)
3923 service_enter_stop_post(s, SERVICE_SUCCESS);
3924
3925 break;
3926
3927 case SERVICE_STOP_POST:
3928 case SERVICE_FINAL_WATCHDOG:
3929 case SERVICE_FINAL_SIGTERM:
3930 case SERVICE_FINAL_SIGKILL:
3931 if (main_pid_good(s) <= 0 && control_pid_good(s) <= 0)
3932 service_enter_dead(s, SERVICE_SUCCESS, true);
3933
3934 break;
3935
3936 /* If the cgroup empty notification comes when the unit is not active, we must have failed to clean
3937 * up the cgroup earlier and should do it now. */
3938 case SERVICE_AUTO_RESTART:
3939 case SERVICE_AUTO_RESTART_QUEUED:
3940 unit_prune_cgroup(u);
3941 break;
3942
3943 default:
3944 ;
3945 }
3946}
3947
3948static void service_notify_cgroup_oom_event(Unit *u, bool managed_oom) {
3949 Service *s = ASSERT_PTR(SERVICE(u));
3950
3951 if (managed_oom)
3952 log_unit_debug(u, "Process(es) of control group were killed by systemd-oomd.");
3953 else
3954 log_unit_debug(u, "Process of control group was killed by the OOM killer.");
3955
3956 if (s->oom_policy == OOM_CONTINUE)
3957 return;
3958
3959 switch (s->state) {
3960
3961 case SERVICE_CONDITION:
3962 case SERVICE_START_PRE:
3963 case SERVICE_START:
3964 case SERVICE_START_POST:
3965 case SERVICE_STOP:
3966 if (s->oom_policy == OOM_STOP)
3967 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_OOM_KILL);
3968 else if (s->oom_policy == OOM_KILL)
3969 service_enter_signal(s, SERVICE_STOP_SIGKILL, SERVICE_FAILURE_OOM_KILL);
3970
3971 break;
3972
3973 case SERVICE_EXITED:
3974 case SERVICE_RUNNING:
3975 if (s->oom_policy == OOM_STOP)
3976 service_enter_stop(s, SERVICE_FAILURE_OOM_KILL);
3977 else if (s->oom_policy == OOM_KILL)
3978 service_enter_signal(s, SERVICE_STOP_SIGKILL, SERVICE_FAILURE_OOM_KILL);
3979
3980 break;
3981
3982 case SERVICE_STOP_WATCHDOG:
3983 case SERVICE_STOP_SIGTERM:
3984 service_enter_signal(s, SERVICE_STOP_SIGKILL, SERVICE_FAILURE_OOM_KILL);
3985 break;
3986
3987 case SERVICE_STOP_SIGKILL:
3988 case SERVICE_FINAL_SIGKILL:
3989 if (s->result == SERVICE_SUCCESS)
3990 s->result = SERVICE_FAILURE_OOM_KILL;
3991 break;
3992
3993 case SERVICE_STOP_POST:
3994 case SERVICE_FINAL_SIGTERM:
3995 service_enter_signal(s, SERVICE_FINAL_SIGKILL, SERVICE_FAILURE_OOM_KILL);
3996 break;
3997
3998 default:
3999 ;
4000 }
4001}
4002
4003static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) {
4004 Service *s = ASSERT_PTR(SERVICE(u));
4005 bool notify_dbus = true;
4006 ServiceResult f;
4007 ExitClean clean_mode;
4008 int r;
4009
4010 assert(pid >= 0);
4011
4012 /* Oneshot services and non-SERVICE_EXEC_START commands should not be
4013 * considered daemons as they are typically not long running. */
4014 if (s->type == SERVICE_ONESHOT || (s->control_pid.pid == pid && s->control_command_id != SERVICE_EXEC_START))
4015 clean_mode = EXIT_CLEAN_COMMAND;
4016 else
4017 clean_mode = EXIT_CLEAN_DAEMON;
4018
4019 if (is_clean_exit(code, status, clean_mode, &s->success_status))
4020 f = SERVICE_SUCCESS;
4021 else if (code == CLD_EXITED)
4022 f = SERVICE_FAILURE_EXIT_CODE;
4023 else if (code == CLD_KILLED)
4024 f = SERVICE_FAILURE_SIGNAL;
4025 else if (code == CLD_DUMPED)
4026 f = SERVICE_FAILURE_CORE_DUMP;
4027 else
4028 assert_not_reached();
4029
4030 if (s->main_pid.pid == pid) {
4031 /* Clean up the exec_fd event source. We want to do this here, not later in
4032 * service_set_state(), because service_enter_stop_post() calls service_spawn().
4033 * The source owns its end of the pipe, so this will close that too. */
4034 s->exec_fd_event_source = sd_event_source_disable_unref(s->exec_fd_event_source);
4035
4036 /* Forking services may occasionally move to a new PID.
4037 * As long as they update the PID file before exiting the old
4038 * PID, they're fine. */
4039 if (service_load_pid_file(s, false) > 0)
4040 return;
4041
4042 pidref_done(&s->main_pid);
4043 exec_status_exit(&s->main_exec_status, &s->exec_context, pid, code, status);
4044
4045 if (s->main_command) {
4046 /* If this is not a forking service than the
4047 * main process got started and hence we copy
4048 * the exit status so that it is recorded both
4049 * as main and as control process exit
4050 * status */
4051
4052 s->main_command->exec_status = s->main_exec_status;
4053
4054 if (s->main_command->flags & EXEC_COMMAND_IGNORE_FAILURE)
4055 f = SERVICE_SUCCESS;
4056 } else if (s->exec_command[SERVICE_EXEC_START]) {
4057
4058 /* If this is a forked process, then we should
4059 * ignore the return value if this was
4060 * configured for the starter process */
4061
4062 if (s->exec_command[SERVICE_EXEC_START]->flags & EXEC_COMMAND_IGNORE_FAILURE)
4063 f = SERVICE_SUCCESS;
4064 }
4065
4066 unit_log_process_exit(
4067 u,
4068 "Main process",
4069 service_exec_command_to_string(SERVICE_EXEC_START),
4070 f == SERVICE_SUCCESS,
4071 code, status);
4072
4073 if (s->result == SERVICE_SUCCESS)
4074 s->result = f;
4075
4076 if (s->main_command &&
4077 s->main_command->command_next &&
4078 s->type == SERVICE_ONESHOT &&
4079 f == SERVICE_SUCCESS) {
4080
4081 /* There is another command to execute, so let's do that. */
4082
4083 log_unit_debug(u, "Running next main command for state %s.", service_state_to_string(s->state));
4084 service_run_next_main(s);
4085
4086 } else {
4087 s->main_command = NULL;
4088
4089 /* Services with ExitType=cgroup do not act on main PID exiting, unless the cgroup is
4090 * already empty */
4091 if (s->exit_type == SERVICE_EXIT_MAIN || cgroup_good(s) <= 0) {
4092 /* The service exited, so the service is officially gone. */
4093 switch (s->state) {
4094
4095 case SERVICE_START_POST:
4096 case SERVICE_RELOAD:
4097 case SERVICE_RELOAD_SIGNAL:
4098 case SERVICE_RELOAD_NOTIFY:
4099 case SERVICE_REFRESH_EXTENSIONS:
4100 case SERVICE_MOUNTING:
4101 /* If neither main nor control processes are running then the current
4102 * state can never exit cleanly, hence immediately terminate the
4103 * service. */
4104 if (control_pid_good(s) <= 0)
4105 service_enter_stop(s, f);
4106
4107 /* Otherwise need to wait until the operation is done. */
4108 break;
4109
4110 case SERVICE_STOP:
4111 /* Need to wait until the operation is done. */
4112 break;
4113
4114 case SERVICE_START:
4115 if (s->type == SERVICE_ONESHOT) {
4116 /* This was our main goal, so let's go on */
4117 if (f == SERVICE_SUCCESS)
4118 service_enter_start_post(s);
4119 else
4120 service_enter_signal(s, SERVICE_STOP_SIGTERM, f);
4121 break;
4122 } else if (IN_SET(s->type, SERVICE_NOTIFY, SERVICE_NOTIFY_RELOAD)) {
4123 /* Only enter running through a notification, so that the
4124 * SERVICE_START state signifies that no ready notification
4125 * has been received */
4126 if (f != SERVICE_SUCCESS)
4127 service_enter_signal(s, SERVICE_STOP_SIGTERM, f);
4128 else if (!s->remain_after_exit || service_get_notify_access(s) == NOTIFY_MAIN)
4129 /* The service has never been and will never be active */
4130 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_PROTOCOL);
4131 break;
4132 }
4133
4134 _fallthrough_;
4135 case SERVICE_RUNNING:
4136 service_enter_running(s, f);
4137 break;
4138
4139 case SERVICE_STOP_WATCHDOG:
4140 case SERVICE_STOP_SIGTERM:
4141 case SERVICE_STOP_SIGKILL:
4142
4143 if (control_pid_good(s) <= 0)
4144 service_enter_stop_post(s, f);
4145
4146 /* If there is still a control process, wait for that first */
4147 break;
4148
4149 case SERVICE_STOP_POST:
4150
4151 if (control_pid_good(s) <= 0)
4152 service_enter_signal(s, SERVICE_FINAL_SIGTERM, f);
4153
4154 break;
4155
4156 case SERVICE_FINAL_WATCHDOG:
4157 case SERVICE_FINAL_SIGTERM:
4158 case SERVICE_FINAL_SIGKILL:
4159
4160 if (control_pid_good(s) <= 0)
4161 service_enter_dead(s, f, true);
4162 break;
4163
4164 default:
4165 assert_not_reached();
4166 }
4167 } else if (s->exit_type == SERVICE_EXIT_CGROUP && s->state == SERVICE_START &&
4168 !IN_SET(s->type, SERVICE_NOTIFY, SERVICE_NOTIFY_RELOAD, SERVICE_DBUS))
4169 /* If a main process exits very quickly, this function might be executed
4170 * before service_dispatch_exec_io(). Since this function disabled IO events
4171 * to monitor the main process above, we need to update the state here too.
4172 * Let's consider the process is successfully launched and exited, but
4173 * only when we're not expecting a readiness notification or dbus name. */
4174 service_enter_start_post(s);
4175 }
4176
4177 } else if (s->control_pid.pid == pid) {
4178 const char *kind;
4179 bool success;
4180
4181 pidref_done(&s->control_pid);
4182
4183 if (s->control_command) {
4184 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
4185
4186 if (s->control_command->flags & EXEC_COMMAND_IGNORE_FAILURE)
4187 f = SERVICE_SUCCESS;
4188 }
4189
4190 /* ExecCondition= calls that exit with (0, 254] should invoke skip-like behavior instead of failing */
4191 if (s->state == SERVICE_CONDITION) {
4192 if (f == SERVICE_FAILURE_EXIT_CODE && status < 255) {
4193 UNIT(s)->condition_result = false;
4194 f = SERVICE_SKIP_CONDITION;
4195 success = true;
4196 } else if (f == SERVICE_SUCCESS) {
4197 UNIT(s)->condition_result = true;
4198 success = true;
4199 } else
4200 success = false;
4201
4202 kind = "Condition check process";
4203 } else {
4204 kind = "Control process";
4205 success = f == SERVICE_SUCCESS;
4206 }
4207
4208 unit_log_process_exit(
4209 u,
4210 kind,
4211 service_exec_command_to_string(s->control_command_id),
4212 success,
4213 code, status);
4214
4215 if (!IN_SET(s->state, SERVICE_RELOAD, SERVICE_MOUNTING) && s->result == SERVICE_SUCCESS)
4216 s->result = f;
4217
4218 if (s->control_command &&
4219 s->control_command->command_next &&
4220 f == SERVICE_SUCCESS) {
4221
4222 /* There is another command to execute, so let's do that. */
4223
4224 log_unit_debug(u, "Running next control command for state %s.", service_state_to_string(s->state));
4225 service_run_next_control(s);
4226
4227 } else {
4228 /* No further commands for this step, so let's figure out what to do next */
4229
4230 s->control_command = NULL;
4231 s->control_command_id = _SERVICE_EXEC_COMMAND_INVALID;
4232
4233 log_unit_debug(u, "Got final SIGCHLD for state %s.", service_state_to_string(s->state));
4234
4235 switch (s->state) {
4236
4237 case SERVICE_CONDITION:
4238 if (f == SERVICE_SUCCESS)
4239 service_enter_start_pre(s);
4240 else
4241 service_enter_signal(s, SERVICE_STOP_SIGTERM, f);
4242 break;
4243
4244 case SERVICE_START_PRE:
4245 if (f == SERVICE_SUCCESS)
4246 service_enter_start(s);
4247 else
4248 service_enter_signal(s, SERVICE_STOP_SIGTERM, f);
4249 break;
4250
4251 case SERVICE_START:
4252 if (s->type != SERVICE_FORKING)
4253 /* Maybe spurious event due to a reload that changed the type? */
4254 break;
4255
4256 if (f != SERVICE_SUCCESS) {
4257 service_enter_signal(s, SERVICE_STOP_SIGTERM, f);
4258 break;
4259 }
4260
4261 if (s->pid_file) {
4262 bool has_start_post;
4263
4264 /* Let's try to load the pid file here if we can.
4265 * The PID file might actually be created by a START_POST
4266 * script. In that case don't worry if the loading fails. */
4267
4268 has_start_post = s->exec_command[SERVICE_EXEC_START_POST];
4269 r = service_load_pid_file(s, !has_start_post);
4270 if (!has_start_post && r < 0) {
4271 r = service_demand_pid_file(s);
4272 if (r < 0 || cgroup_good(s) == 0)
4273 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_PROTOCOL);
4274 break;
4275 }
4276 } else
4277 service_search_main_pid(s);
4278
4279 service_enter_start_post(s);
4280 break;
4281
4282 case SERVICE_START_POST:
4283 if (f != SERVICE_SUCCESS) {
4284 service_enter_signal(s, SERVICE_STOP_SIGTERM, f);
4285 break;
4286 }
4287
4288 if (s->pid_file) {
4289 r = service_load_pid_file(s, true);
4290 if (r < 0) {
4291 r = service_demand_pid_file(s);
4292 if (r < 0 || cgroup_good(s) == 0)
4293 service_enter_stop(s, SERVICE_FAILURE_PROTOCOL);
4294 break;
4295 }
4296 } else
4297 service_search_main_pid(s);
4298
4299 service_enter_running(s, SERVICE_SUCCESS);
4300 break;
4301
4302 case SERVICE_RELOAD:
4303 case SERVICE_RELOAD_SIGNAL:
4304 case SERVICE_RELOAD_NOTIFY:
4305 if (f == SERVICE_SUCCESS)
4306 if (service_load_pid_file(s, true) < 0)
4307 service_search_main_pid(s);
4308
4309 s->reload_result = f;
4310
4311 /* If the last notification we received from the service process indicates
4312 * we are still reloading, then don't leave reloading state just yet, just
4313 * transition into SERVICE_RELOAD_NOTIFY, to wait for the READY=1 coming,
4314 * too. */
4315 if (s->notify_state == NOTIFY_RELOADING)
4316 service_set_state(s, SERVICE_RELOAD_NOTIFY);
4317 else
4318 service_enter_running(s, SERVICE_SUCCESS);
4319 break;
4320
4321 case SERVICE_REFRESH_EXTENSIONS:
4322 /* Remounting extensions asynchronously done, proceed to signal */
4323 service_enter_reload_signal_exec(s);
4324 break;
4325
4326 case SERVICE_MOUNTING:
4327 service_live_mount_finish(s, f, SD_BUS_ERROR_FAILED);
4328
4329 service_enter_running(s, SERVICE_SUCCESS);
4330 break;
4331
4332 case SERVICE_STOP:
4333 service_enter_signal(s, SERVICE_STOP_SIGTERM, f);
4334 break;
4335
4336 case SERVICE_STOP_WATCHDOG:
4337 case SERVICE_STOP_SIGTERM:
4338 case SERVICE_STOP_SIGKILL:
4339 if (main_pid_good(s) <= 0)
4340 service_enter_stop_post(s, f);
4341
4342 /* If there is still a service process around, wait until
4343 * that one quit, too */
4344 break;
4345
4346 case SERVICE_STOP_POST:
4347 if (main_pid_good(s) <= 0)
4348 service_enter_signal(s, SERVICE_FINAL_SIGTERM, f);
4349 break;
4350
4351 case SERVICE_FINAL_WATCHDOG:
4352 case SERVICE_FINAL_SIGTERM:
4353 case SERVICE_FINAL_SIGKILL:
4354 if (main_pid_good(s) <= 0)
4355 service_enter_dead(s, f, true);
4356 break;
4357
4358 case SERVICE_CLEANING:
4359
4360 if (s->clean_result == SERVICE_SUCCESS)
4361 s->clean_result = f;
4362
4363 service_enter_dead(s, SERVICE_SUCCESS, false);
4364 break;
4365
4366 default:
4367 assert_not_reached();
4368 }
4369 }
4370 } else /* Neither control nor main PID? If so, don't notify about anything */
4371 notify_dbus = false;
4372
4373 /* Notify clients about changed exit status */
4374 if (notify_dbus)
4375 unit_add_to_dbus_queue(u);
4376}
4377
4378static int service_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
4379 Service *s = ASSERT_PTR(SERVICE(userdata));
4380
4381 assert(source == s->timer_event_source);
4382
4383 switch (s->state) {
4384
4385 case SERVICE_CONDITION:
4386 case SERVICE_START_PRE:
4387 case SERVICE_START:
4388 case SERVICE_START_POST:
4389 switch (s->timeout_start_failure_mode) {
4390
4391 case SERVICE_TIMEOUT_TERMINATE:
4392 log_unit_warning(UNIT(s), "%s operation timed out. Terminating.", service_state_to_string(s->state));
4393 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_TIMEOUT);
4394 break;
4395
4396 case SERVICE_TIMEOUT_ABORT:
4397 log_unit_warning(UNIT(s), "%s operation timed out. Aborting.", service_state_to_string(s->state));
4398 service_enter_signal(s, SERVICE_STOP_WATCHDOG, SERVICE_FAILURE_TIMEOUT);
4399 break;
4400
4401 case SERVICE_TIMEOUT_KILL:
4402 if (s->kill_context.send_sigkill) {
4403 log_unit_warning(UNIT(s), "%s operation timed out. Killing.", service_state_to_string(s->state));
4404 service_enter_signal(s, SERVICE_STOP_SIGKILL, SERVICE_FAILURE_TIMEOUT);
4405 } else {
4406 log_unit_warning(UNIT(s), "%s operation timed out. Skipping SIGKILL.", service_state_to_string(s->state));
4407 service_enter_stop_post(s, SERVICE_FAILURE_TIMEOUT);
4408 }
4409 break;
4410
4411 default:
4412 assert_not_reached();
4413 }
4414 break;
4415
4416 case SERVICE_RUNNING:
4417 log_unit_warning(UNIT(s), "Service reached runtime time limit. Stopping.");
4418 service_enter_stop(s, SERVICE_FAILURE_TIMEOUT);
4419 break;
4420
4421 case SERVICE_RELOAD:
4422 case SERVICE_RELOAD_SIGNAL:
4423 case SERVICE_RELOAD_NOTIFY:
4424 case SERVICE_REFRESH_EXTENSIONS:
4425 log_unit_warning(UNIT(s), "Reload operation timed out. Killing reload process.");
4426 service_kill_control_process(s);
4427 s->reload_result = SERVICE_FAILURE_TIMEOUT;
4428 service_enter_running(s, SERVICE_SUCCESS);
4429 break;
4430
4431 case SERVICE_MOUNTING:
4432 log_unit_warning(UNIT(s), "Mount operation timed out. Killing mount process.");
4433 service_kill_control_process(s);
4434 service_live_mount_finish(s, SERVICE_FAILURE_TIMEOUT, SD_BUS_ERROR_TIMEOUT);
4435 service_enter_running(s, SERVICE_SUCCESS);
4436 break;
4437
4438 case SERVICE_STOP:
4439 switch (s->timeout_stop_failure_mode) {
4440
4441 case SERVICE_TIMEOUT_TERMINATE:
4442 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
4443 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_TIMEOUT);
4444 break;
4445
4446 case SERVICE_TIMEOUT_ABORT:
4447 log_unit_warning(UNIT(s), "Stopping timed out. Aborting.");
4448 service_enter_signal(s, SERVICE_STOP_WATCHDOG, SERVICE_FAILURE_TIMEOUT);
4449 break;
4450
4451 case SERVICE_TIMEOUT_KILL:
4452 if (s->kill_context.send_sigkill) {
4453 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
4454 service_enter_signal(s, SERVICE_STOP_SIGKILL, SERVICE_FAILURE_TIMEOUT);
4455 } else {
4456 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL.");
4457 service_enter_stop_post(s, SERVICE_FAILURE_TIMEOUT);
4458 }
4459 break;
4460
4461 default:
4462 assert_not_reached();
4463 }
4464 break;
4465
4466 case SERVICE_STOP_WATCHDOG:
4467 if (s->kill_context.send_sigkill) {
4468 log_unit_warning(UNIT(s), "State 'stop-watchdog' timed out. Killing.");
4469 service_enter_signal(s, SERVICE_STOP_SIGKILL, SERVICE_FAILURE_TIMEOUT);
4470 } else {
4471 log_unit_warning(UNIT(s), "State 'stop-watchdog' timed out. Skipping SIGKILL.");
4472 service_enter_stop_post(s, SERVICE_FAILURE_TIMEOUT);
4473 }
4474 break;
4475
4476 case SERVICE_STOP_SIGTERM:
4477 if (s->timeout_stop_failure_mode == SERVICE_TIMEOUT_ABORT) {
4478 log_unit_warning(UNIT(s), "State 'stop-sigterm' timed out. Aborting.");
4479 service_enter_signal(s, SERVICE_STOP_WATCHDOG, SERVICE_FAILURE_TIMEOUT);
4480 } else if (s->kill_context.send_sigkill) {
4481 log_unit_warning(UNIT(s), "State 'stop-sigterm' timed out. Killing.");
4482 service_enter_signal(s, SERVICE_STOP_SIGKILL, SERVICE_FAILURE_TIMEOUT);
4483 } else {
4484 log_unit_warning(UNIT(s), "State 'stop-sigterm' timed out. Skipping SIGKILL.");
4485 service_enter_stop_post(s, SERVICE_FAILURE_TIMEOUT);
4486 }
4487
4488 break;
4489
4490 case SERVICE_STOP_SIGKILL:
4491 /* Uh, we sent a SIGKILL and it is still not gone?
4492 * Must be something we cannot kill, so let's just be
4493 * weirded out and continue */
4494
4495 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
4496 service_enter_stop_post(s, SERVICE_FAILURE_TIMEOUT);
4497 break;
4498
4499 case SERVICE_STOP_POST:
4500 switch (s->timeout_stop_failure_mode) {
4501
4502 case SERVICE_TIMEOUT_TERMINATE:
4503 log_unit_warning(UNIT(s), "State 'stop-post' timed out. Terminating.");
4504 service_enter_signal(s, SERVICE_FINAL_SIGTERM, SERVICE_FAILURE_TIMEOUT);
4505 break;
4506
4507 case SERVICE_TIMEOUT_ABORT:
4508 log_unit_warning(UNIT(s), "State 'stop-post' timed out. Aborting.");
4509 service_enter_signal(s, SERVICE_FINAL_WATCHDOG, SERVICE_FAILURE_TIMEOUT);
4510 break;
4511
4512 case SERVICE_TIMEOUT_KILL:
4513 if (s->kill_context.send_sigkill) {
4514 log_unit_warning(UNIT(s), "State 'stop-post' timed out. Killing.");
4515 service_enter_signal(s, SERVICE_FINAL_SIGKILL, SERVICE_FAILURE_TIMEOUT);
4516 } else {
4517 log_unit_warning(UNIT(s), "State 'stop-post' timed out. Skipping SIGKILL. Entering failed mode.");
4518 service_enter_dead(s, SERVICE_FAILURE_TIMEOUT, false);
4519 }
4520 break;
4521
4522 default:
4523 assert_not_reached();
4524 }
4525 break;
4526
4527 case SERVICE_FINAL_WATCHDOG:
4528 if (s->kill_context.send_sigkill) {
4529 log_unit_warning(UNIT(s), "State 'final-watchdog' timed out. Killing.");
4530 service_enter_signal(s, SERVICE_FINAL_SIGKILL, SERVICE_FAILURE_TIMEOUT);
4531 } else {
4532 log_unit_warning(UNIT(s), "State 'final-watchdog' timed out. Skipping SIGKILL. Entering failed mode.");
4533 service_enter_dead(s, SERVICE_FAILURE_TIMEOUT, false);
4534 }
4535 break;
4536
4537 case SERVICE_FINAL_SIGTERM:
4538 if (s->timeout_stop_failure_mode == SERVICE_TIMEOUT_ABORT) {
4539 log_unit_warning(UNIT(s), "State 'final-sigterm' timed out. Aborting.");
4540 service_enter_signal(s, SERVICE_FINAL_WATCHDOG, SERVICE_FAILURE_TIMEOUT);
4541 } else if (s->kill_context.send_sigkill) {
4542 log_unit_warning(UNIT(s), "State 'final-sigterm' timed out. Killing.");
4543 service_enter_signal(s, SERVICE_FINAL_SIGKILL, SERVICE_FAILURE_TIMEOUT);
4544 } else {
4545 log_unit_warning(UNIT(s), "State 'final-sigterm' timed out. Skipping SIGKILL. Entering failed mode.");
4546 service_enter_dead(s, SERVICE_FAILURE_TIMEOUT, false);
4547 }
4548
4549 break;
4550
4551 case SERVICE_FINAL_SIGKILL:
4552 log_unit_warning(UNIT(s), "Processes still around after final SIGKILL. Entering failed mode.");
4553 service_enter_dead(s, SERVICE_FAILURE_TIMEOUT, true);
4554 break;
4555
4556 case SERVICE_AUTO_RESTART:
4557 if (s->restart_usec > 0)
4558 log_unit_debug(UNIT(s),
4559 "Service restart interval %s expired, scheduling restart.",
4560 FORMAT_TIMESPAN(service_restart_usec_next(s), USEC_PER_SEC));
4561 else
4562 log_unit_debug(UNIT(s),
4563 "Service has no hold-off time (RestartSec=0), scheduling restart.");
4564
4565 service_enter_restart(s, /* shortcut = */ false);
4566 break;
4567
4568 case SERVICE_CLEANING:
4569 log_unit_warning(UNIT(s), "Cleaning timed out. killing.");
4570
4571 if (s->clean_result == SERVICE_SUCCESS)
4572 s->clean_result = SERVICE_FAILURE_TIMEOUT;
4573
4574 service_enter_signal(s, SERVICE_FINAL_SIGKILL, 0);
4575 break;
4576
4577 default:
4578 assert_not_reached();
4579 }
4580
4581 return 0;
4582}
4583
4584static int service_dispatch_watchdog(sd_event_source *source, usec_t usec, void *userdata) {
4585 Service *s = ASSERT_PTR(SERVICE(userdata));
4586 usec_t watchdog_usec;
4587
4588 assert(source == s->watchdog_event_source);
4589
4590 watchdog_usec = service_get_watchdog_usec(s);
4591
4592 if (UNIT(s)->manager->service_watchdogs) {
4593 log_unit_error(UNIT(s), "Watchdog timeout (limit %s)!",
4594 FORMAT_TIMESPAN(watchdog_usec, 1));
4595
4596 service_enter_signal(s, SERVICE_STOP_WATCHDOG, SERVICE_FAILURE_WATCHDOG);
4597 } else
4598 log_unit_warning(UNIT(s), "Watchdog disabled! Ignoring watchdog timeout (limit %s)!",
4599 FORMAT_TIMESPAN(watchdog_usec, 1));
4600
4601 return 0;
4602}
4603
4604static void service_force_watchdog(Service *s) {
4605 assert(s);
4606
4607 if (!UNIT(s)->manager->service_watchdogs)
4608 return;
4609
4610 log_unit_error(UNIT(s), "Watchdog request (last status: %s)!",
4611 s->status_text ?: "<unset>");
4612
4613 service_enter_signal(s, SERVICE_STOP_WATCHDOG, SERVICE_FAILURE_WATCHDOG);
4614}
4615
4616static bool service_notify_message_authorized(Service *s, PidRef *pid) {
4617 assert(s);
4618 assert(pidref_is_set(pid));
4619
4620 switch (service_get_notify_access(s)) {
4621
4622 case NOTIFY_NONE:
4623 /* Warn level only if no notifications are expected */
4624 log_unit_warning(UNIT(s), "Got notification message from PID "PID_FMT", but reception is disabled", pid->pid);
4625 return false;
4626
4627 case NOTIFY_ALL:
4628 return true;
4629
4630 case NOTIFY_MAIN:
4631 if (pidref_equal(pid, &s->main_pid))
4632 return true;
4633
4634 if (pidref_is_set(&s->main_pid))
4635 log_unit_debug(UNIT(s), "Got notification message from PID "PID_FMT", but reception only permitted for main PID "PID_FMT, pid->pid, s->main_pid.pid);
4636 else
4637 log_unit_debug(UNIT(s), "Got notification message from PID "PID_FMT", but reception only permitted for main PID which is currently not known", pid->pid);
4638
4639 return false;
4640
4641 case NOTIFY_EXEC:
4642 if (pidref_equal(pid, &s->main_pid) || pidref_equal(pid, &s->control_pid))
4643 return true;
4644
4645 if (pidref_is_set(&s->main_pid) && pidref_is_set(&s->control_pid))
4646 log_unit_debug(UNIT(s), "Got notification message from PID "PID_FMT", but reception only permitted for main PID "PID_FMT" and control PID "PID_FMT,
4647 pid->pid, s->main_pid.pid, s->control_pid.pid);
4648 else if (pidref_is_set(&s->main_pid))
4649 log_unit_debug(UNIT(s), "Got notification message from PID "PID_FMT", but reception only permitted for main PID "PID_FMT, pid->pid, s->main_pid.pid);
4650 else if (pidref_is_set(&s->control_pid))
4651 log_unit_debug(UNIT(s), "Got notification message from PID "PID_FMT", but reception only permitted for control PID "PID_FMT, pid->pid, s->control_pid.pid);
4652 else
4653 log_unit_debug(UNIT(s), "Got notification message from PID "PID_FMT", but reception only permitted for main PID and control PID which are currently not known", pid->pid);
4654
4655 return false;
4656
4657 default:
4658 assert_not_reached();
4659 }
4660}
4661
4662static int service_notify_message_parse_new_pid(
4663 Unit *u,
4664 char * const *tags,
4665 FDSet *fds,
4666 PidRef *ret) {
4667
4668 _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
4669 const char *e;
4670 int r;
4671
4672 assert(u);
4673 assert(ret);
4674
4675 /* MAINPIDFD=1 always takes precedence */
4676 if (strv_contains(tags, "MAINPIDFD=1")) {
4677 unsigned n_fds = fdset_size(fds);
4678 if (n_fds != 1)
4679 return log_unit_warning_errno(u, SYNTHETIC_ERRNO(EINVAL),
4680 "Got MAINPIDFD=1 with %s fd, ignoring.", n_fds == 0 ? "no" : "more than one");
4681
4682 r = pidref_set_pidfd_consume(&pidref, ASSERT_FD(fdset_steal_first(fds)));
4683 if (r < 0)
4684 return log_unit_warning_errno(u, r, "Failed to create reference to received new main pidfd: %m");
4685
4686 goto finish;
4687 }
4688
4689 e = strv_find_startswith(tags, "MAINPID=");
4690 if (!e) {
4691 *ret = PIDREF_NULL;
4692 return 0;
4693 }
4694
4695 r = pidref_set_pidstr(&pidref, e);
4696 if (r < 0)
4697 return log_unit_warning_errno(u, r, "Failed to parse MAINPID=%s field in notification message, ignoring: %m", e);
4698
4699 e = strv_find_startswith(tags, "MAINPIDFDID=");
4700 if (!e)
4701 goto finish;
4702
4703 uint64_t pidfd_id;
4704
4705 r = safe_atou64(e, &pidfd_id);
4706 if (r < 0)
4707 return log_unit_warning_errno(u, r, "Failed to parse MAINPIDFDID= in notification message, refusing: %s", e);
4708
4709 r = pidref_acquire_pidfd_id(&pidref);
4710 if (r < 0) {
4711 if (!ERRNO_IS_NEG_NOT_SUPPORTED(r))
4712 log_unit_warning_errno(u, r,
4713 "Failed to acquire pidfd id of process " PID_FMT ", not validating MAINPIDFDID=%" PRIu64 ": %m",
4714 pidref.pid, pidfd_id);
4715 goto finish;
4716 }
4717
4718 if (pidref.fd_id != pidfd_id)
4719 return log_unit_warning_errno(u, SYNTHETIC_ERRNO(ESRCH),
4720 "PIDFD ID of process " PID_FMT " (%" PRIu64 ") mismatches with received MAINPIDFDID=%" PRIu64 ", not changing main PID.",
4721 pidref.pid, pidref.fd_id, pidfd_id);
4722
4723finish:
4724 *ret = TAKE_PIDREF(pidref);
4725 return 1;
4726}
4727
4728static void service_notify_message(
4729 Unit *u,
4730 PidRef *pidref,
4731 const struct ucred *ucred,
4732 char * const *tags,
4733 FDSet *fds) {
4734
4735 Service *s = ASSERT_PTR(SERVICE(u));
4736 int r;
4737
4738 assert(pidref_is_set(pidref));
4739 assert(ucred);
4740
4741 if (!service_notify_message_authorized(s, pidref))
4742 return;
4743
4744 if (DEBUG_LOGGING) {
4745 _cleanup_free_ char *cc = strv_join(tags, ", ");
4746 log_unit_debug(u, "Got notification message from PID "PID_FMT": %s", pidref->pid, empty_to_na(cc));
4747 }
4748
4749 usec_t monotonic_usec = USEC_INFINITY;
4750 bool notify_dbus = false;
4751 const char *e;
4752
4753 /* Interpret MAINPID= (+ MAINPIDFDID=) / MAINPIDFD=1 */
4754 _cleanup_(pidref_done) PidRef new_main_pid = PIDREF_NULL;
4755
4756 r = service_notify_message_parse_new_pid(u, tags, fds, &new_main_pid);
4757 if (r > 0 &&
4758 IN_SET(s->state, SERVICE_START, SERVICE_START_POST, SERVICE_RUNNING,
4759 SERVICE_RELOAD, SERVICE_RELOAD_SIGNAL, SERVICE_RELOAD_NOTIFY, SERVICE_REFRESH_EXTENSIONS,
4760 SERVICE_STOP, SERVICE_STOP_SIGTERM) &&
4761 (!s->main_pid_known || !pidref_equal(&new_main_pid, &s->main_pid))) {
4762
4763 r = service_is_suitable_main_pid(s, &new_main_pid, LOG_WARNING);
4764 if (r == 0) {
4765 /* The new main PID is a bit suspicious, which is OK if the sender is privileged. */
4766
4767 if (ucred->uid == 0) {
4768 log_unit_debug(u, "New main PID "PID_FMT" does not belong to service, but we'll accept it as the request to change it came from a privileged process.", new_main_pid.pid);
4769 r = 1;
4770 } else
4771 log_unit_warning(u, "New main PID "PID_FMT" does not belong to service, refusing.", new_main_pid.pid);
4772 }
4773 if (r > 0) {
4774 (void) service_set_main_pidref(s, TAKE_PIDREF(new_main_pid), /* start_timestamp = */ NULL);
4775
4776 r = unit_watch_pidref(UNIT(s), &s->main_pid, /* exclusive= */ false);
4777 if (r < 0)
4778 log_unit_warning_errno(UNIT(s), r, "Failed to watch new main PID "PID_FMT" for service: %m", s->main_pid.pid);
4779
4780 notify_dbus = true;
4781 }
4782 }
4783
4784 /* Parse MONOTONIC_USEC= */
4785 e = strv_find_startswith(tags, "MONOTONIC_USEC=");
4786 if (e) {
4787 r = safe_atou64(e, &monotonic_usec);
4788 if (r < 0)
4789 log_unit_warning_errno(u, r, "Failed to parse MONOTONIC_USEC= field in notification message, ignoring: %s", e);
4790 }
4791
4792 /* Interpret READY=/STOPPING=/RELOADING=. STOPPING= wins over the others, and READY= over RELOADING= */
4793 if (strv_contains(tags, "STOPPING=1")) {
4794 s->notify_state = NOTIFY_STOPPING;
4795
4796 if (IN_SET(s->state, SERVICE_RUNNING, SERVICE_RELOAD_SIGNAL, SERVICE_RELOAD_NOTIFY, SERVICE_REFRESH_EXTENSIONS))
4797 service_enter_stop_by_notify(s);
4798
4799 notify_dbus = true;
4800
4801 } else if (strv_contains(tags, "READY=1")) {
4802
4803 s->notify_state = NOTIFY_READY;
4804
4805 /* Combined RELOADING=1 and READY=1? Then this is indication that the service started and
4806 * immediately finished reloading. */
4807 if (strv_contains(tags, "RELOADING=1")) {
4808 if (s->state == SERVICE_RELOAD_SIGNAL &&
4809 monotonic_usec != USEC_INFINITY &&
4810 monotonic_usec >= s->reload_begin_usec)
4811 /* Valid Type=notify-reload protocol? Then we're all good. */
4812 service_enter_running(s, SERVICE_SUCCESS);
4813
4814 else if (s->state == SERVICE_RUNNING) {
4815 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
4816
4817 /* Propagate a reload explicitly for plain RELOADING=1 (semantically equivalent to
4818 * service_enter_reload_mounting() call in below) */
4819 r = manager_propagate_reload(UNIT(s)->manager, UNIT(s), JOB_FAIL, &error);
4820 if (r < 0)
4821 log_unit_warning(UNIT(s), "Failed to schedule propagation of reload, ignoring: %s",
4822 bus_error_message(&error, r));
4823 }
4824 }
4825
4826 /* Type=notify(-reload) services inform us about completed initialization with READY=1 */
4827 if (IN_SET(s->type, SERVICE_NOTIFY, SERVICE_NOTIFY_RELOAD) &&
4828 s->state == SERVICE_START)
4829 service_enter_start_post(s);
4830
4831 /* Sending READY=1 while we are reloading informs us that the reloading is complete. */
4832 if (s->state == SERVICE_RELOAD_NOTIFY)
4833 service_enter_running(s, SERVICE_SUCCESS);
4834
4835 notify_dbus = true;
4836
4837 } else if (strv_contains(tags, "RELOADING=1")) {
4838
4839 s->notify_state = NOTIFY_RELOADING;
4840
4841 /* Sending RELOADING=1 after we send SIGHUP to request a reload will transition
4842 * things to "reload-notify" state, where we'll wait for READY=1 to let us know the
4843 * reload is done. Note that we insist on a timestamp being sent along here, so that
4844 * we know for sure this is a reload cycle initiated *after* we sent the signal */
4845 if (s->state == SERVICE_RELOAD_SIGNAL &&
4846 monotonic_usec != USEC_INFINITY &&
4847 monotonic_usec >= s->reload_begin_usec)
4848 /* Note, we don't call service_enter_reload_by_notify() here, because we
4849 * don't need reload propagation nor do we want to restart the timeout. */
4850 service_set_state(s, SERVICE_RELOAD_NOTIFY);
4851
4852 if (s->state == SERVICE_RUNNING)
4853 service_enter_reload_by_notify(s);
4854
4855 notify_dbus = true;
4856 }
4857
4858 /* Interpret STATUS= */
4859 e = strv_find_startswith(tags, "STATUS=");
4860 if (e) {
4861 _cleanup_free_ char *t = NULL;
4862
4863 if (!isempty(e)) {
4864 /* Note that this size limit check is mostly paranoia: since the datagram size we are willing
4865 * to process is already limited to NOTIFY_BUFFER_MAX, this limit here should never be hit. */
4866 if (strlen(e) > STATUS_TEXT_MAX)
4867 log_unit_warning(u, "Status message overly long (%zu > %u), ignoring.", strlen(e), STATUS_TEXT_MAX);
4868 else if (!utf8_is_valid(e))
4869 log_unit_warning(u, "Status message in notification message is not UTF-8 clean, ignoring.");
4870 else {
4871 t = strdup(e);
4872 if (!t)
4873 log_oom_warning();
4874 }
4875 }
4876
4877 if (!streq_ptr(s->status_text, t)) {
4878 free_and_replace(s->status_text, t);
4879 notify_dbus = true;
4880 }
4881 }
4882
4883 /* Interpret NOTIFYACCESS= */
4884 e = strv_find_startswith(tags, "NOTIFYACCESS=");
4885 if (e) {
4886 NotifyAccess notify_access;
4887
4888 notify_access = notify_access_from_string(e);
4889 if (notify_access < 0)
4890 log_unit_warning_errno(u, notify_access,
4891 "Failed to parse NOTIFYACCESS= field value '%s' in notification message, ignoring: %m", e);
4892
4893 /* We don't need to check whether the new access mode is more strict than what is
4894 * already in use, since only the privileged process is allowed to change it
4895 * in the first place. */
4896 if (service_get_notify_access(s) != notify_access) {
4897 service_override_notify_access(s, notify_access);
4898 notify_dbus = true;
4899 }
4900 }
4901
4902 /* Interpret ERRNO= */
4903 e = strv_find_startswith(tags, "ERRNO=");
4904 if (e) {
4905 int status_errno;
4906
4907 status_errno = parse_errno(e);
4908 if (status_errno < 0)
4909 log_unit_warning_errno(u, status_errno,
4910 "Failed to parse ERRNO= field value '%s' in notification message: %m", e);
4911 else if (s->status_errno != status_errno) {
4912 s->status_errno = status_errno;
4913 notify_dbus = true;
4914 }
4915 }
4916
4917 static const struct {
4918 const char *tag;
4919 size_t status_offset;
4920 } status_errors[] = {
4921 { "BUSERROR=", offsetof(Service, status_bus_error) },
4922 { "VARLINKERROR=", offsetof(Service, status_varlink_error) },
4923 };
4924
4925 FOREACH_ELEMENT(i, status_errors) {
4926 e = strv_find_startswith(tags, i->tag);
4927 if (!e)
4928 continue;
4929
4930 char **status_error = (char**) ((uint8_t*) s + i->status_offset);
4931
4932 e = empty_to_null(e);
4933
4934 if (e && !string_is_safe_ascii(e)) {
4935 _cleanup_free_ char *escaped = cescape(e);
4936 log_unit_warning(u, "Got invalid %s string, ignoring: %s", i->tag, strna(escaped));
4937 } else if (free_and_strdup_warn(status_error, e) > 0)
4938 notify_dbus = true;
4939 }
4940
4941 /* Interpret EXTEND_TIMEOUT= */
4942 e = strv_find_startswith(tags, "EXTEND_TIMEOUT_USEC=");
4943 if (e) {
4944 usec_t extend_timeout_usec;
4945
4946 if (safe_atou64(e, &extend_timeout_usec) < 0)
4947 log_unit_warning(u, "Failed to parse EXTEND_TIMEOUT_USEC=%s", e);
4948 else
4949 service_extend_timeout(s, extend_timeout_usec);
4950 }
4951
4952 /* Interpret WATCHDOG= */
4953 e = strv_find_startswith(tags, "WATCHDOG=");
4954 if (e) {
4955 if (streq(e, "1"))
4956 service_reset_watchdog(s);
4957 else if (streq(e, "trigger"))
4958 service_force_watchdog(s);
4959 else
4960 log_unit_warning(u, "Passed WATCHDOG= field is invalid, ignoring.");
4961 }
4962
4963 e = strv_find_startswith(tags, "WATCHDOG_USEC=");
4964 if (e) {
4965 usec_t watchdog_override_usec;
4966 if (safe_atou64(e, &watchdog_override_usec) < 0)
4967 log_unit_warning(u, "Failed to parse WATCHDOG_USEC=%s", e);
4968 else
4969 service_override_watchdog_timeout(s, watchdog_override_usec);
4970 }
4971
4972 /* Interpret RESTART_RESET=1 */
4973 if (strv_contains(tags, "RESTART_RESET=1") && IN_SET(s->state, SERVICE_RUNNING, SERVICE_STOP)) {
4974 log_unit_struct(u, LOG_NOTICE,
4975 LOG_UNIT_MESSAGE(u, "Got RESTART_RESET=1, resetting restart counter from %u.", s->n_restarts),
4976 LOG_ITEM("N_RESTARTS=0"),
4977 LOG_UNIT_INVOCATION_ID(u));
4978
4979 s->n_restarts = 0;
4980 notify_dbus = true;
4981 }
4982
4983 /* Process FD store messages. Either FDSTOREREMOVE=1 for removal, or FDSTORE=1 for addition. In both cases,
4984 * process FDNAME= for picking the file descriptor name to use. Note that FDNAME= is required when removing
4985 * fds, but optional when pushing in new fds, for compatibility reasons. */
4986 if (strv_contains(tags, "FDSTOREREMOVE=1")) {
4987 const char *name;
4988
4989 name = strv_find_startswith(tags, "FDNAME=");
4990 if (!name || !fdname_is_valid(name))
4991 log_unit_warning(u, "FDSTOREREMOVE=1 requested, but no valid file descriptor name passed, ignoring.");
4992 else
4993 service_remove_fd_store(s, name);
4994
4995 } else if (strv_contains(tags, "FDSTORE=1")) {
4996 const char *name;
4997
4998 name = strv_find_startswith(tags, "FDNAME=");
4999 if (name && !fdname_is_valid(name)) {
5000 log_unit_warning(u, "Passed FDNAME= name is invalid, ignoring.");
5001 name = NULL;
5002 }
5003
5004 (void) service_add_fd_store_set(s, fds, name, !strv_contains(tags, "FDPOLL=0"));
5005 }
5006
5007 /* Notify clients about changed status or main pid */
5008 if (notify_dbus)
5009 unit_add_to_dbus_queue(u);
5010}
5011
5012static void service_handoff_timestamp(
5013 Unit *u,
5014 const struct ucred *ucred,
5015 const dual_timestamp *ts) {
5016
5017 Service *s = ASSERT_PTR(SERVICE(u));
5018
5019 assert(ucred);
5020 assert(ts);
5021
5022 if (s->main_pid.pid == ucred->pid) {
5023 if (s->main_command)
5024 exec_status_handoff(&s->main_command->exec_status, ucred, ts);
5025
5026 exec_status_handoff(&s->main_exec_status, ucred, ts);
5027 } else if (s->control_pid.pid == ucred->pid && s->control_command)
5028 exec_status_handoff(&s->control_command->exec_status, ucred, ts);
5029 else
5030 return;
5031
5032 unit_add_to_dbus_queue(u);
5033}
5034
5035static void service_notify_pidref(Unit *u, PidRef *parent_pidref, PidRef *child_pidref) {
5036 Service *s = ASSERT_PTR(SERVICE(u));
5037 int r;
5038
5039 assert(pidref_is_set(parent_pidref));
5040 assert(pidref_is_set(child_pidref));
5041
5042 if (pidref_equal(&s->main_pid, parent_pidref)) {
5043 r = service_set_main_pidref(s, TAKE_PIDREF(*child_pidref), /* start_timestamp = */ NULL);
5044 if (r < 0)
5045 return (void) log_unit_warning_errno(u, r, "Failed to set new main pid: %m");
5046
5047 /* Since the child process is PID 1 in a new PID namespace, it must be exclusive to this unit. */
5048 r = unit_watch_pidref(u, &s->main_pid, /* exclusive= */ true);
5049 if (r < 0)
5050 log_unit_warning_errno(u, r, "Failed to watch new main PID " PID_FMT ": %m", s->main_pid.pid);
5051 } else if (pidref_equal(&s->control_pid, parent_pidref)) {
5052 service_unwatch_control_pid(s);
5053 s->control_pid = TAKE_PIDREF(*child_pidref);
5054
5055 r = unit_watch_pidref(u, &s->control_pid, /* exclusive= */ true);
5056 if (r < 0)
5057 log_unit_warning_errno(u, r, "Failed to watch new control PID " PID_FMT ": %m", s->control_pid.pid);
5058 } else
5059 return (void) log_unit_debug(u, "Parent process " PID_FMT " does not match main or control processes, ignoring.", parent_pidref->pid);
5060
5061 unit_add_to_dbus_queue(u);
5062}
5063
5064static int service_get_timeout(Unit *u, usec_t *timeout) {
5065 Service *s = ASSERT_PTR(SERVICE(u));
5066 uint64_t t;
5067 int r;
5068
5069 assert(timeout);
5070
5071 if (!s->timer_event_source)
5072 return 0;
5073
5074 r = sd_event_source_get_time(s->timer_event_source, &t);
5075 if (r < 0)
5076 return r;
5077 if (t == USEC_INFINITY)
5078 return 0;
5079
5080 *timeout = t;
5081 return 1;
5082}
5083
5084static usec_t service_get_timeout_start_usec(Unit *u) {
5085 Service *s = ASSERT_PTR(SERVICE(u));
5086 return s->timeout_start_usec;
5087}
5088
5089static bool pick_up_pid_from_bus_name(Service *s) {
5090 assert(s);
5091
5092 /* If the service is running but we have no main PID yet, get it from the owner of the D-Bus name */
5093
5094 return !pidref_is_set(&s->main_pid) &&
5095 IN_SET(s->state,
5096 SERVICE_START,
5097 SERVICE_START_POST,
5098 SERVICE_RUNNING,
5099 SERVICE_RELOAD,
5100 SERVICE_RELOAD_SIGNAL,
5101 SERVICE_RELOAD_NOTIFY,
5102 SERVICE_REFRESH_EXTENSIONS,
5103 SERVICE_MOUNTING);
5104}
5105
5106static int bus_name_pid_lookup_callback(sd_bus_message *reply, void *userdata, sd_bus_error *ret_error) {
5107 Service *s = ASSERT_PTR(SERVICE(userdata));
5108 _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
5109 const sd_bus_error *e;
5110 uint32_t pid;
5111 int r;
5112
5113 assert(reply);
5114
5115 s->bus_name_pid_lookup_slot = sd_bus_slot_unref(s->bus_name_pid_lookup_slot);
5116
5117 if (!s->bus_name || !pick_up_pid_from_bus_name(s))
5118 return 1;
5119
5120 e = sd_bus_message_get_error(reply);
5121 if (e) {
5122 r = sd_bus_error_get_errno(e);
5123 log_unit_warning_errno(UNIT(s), r, "GetConnectionUnixProcessID() failed: %s", bus_error_message(e, r));
5124 return 1;
5125 }
5126
5127 r = sd_bus_message_read(reply, "u", &pid);
5128 if (r < 0) {
5129 bus_log_parse_error(r);
5130 return 1;
5131 }
5132
5133 r = pidref_set_pid(&pidref, pid);
5134 if (r < 0) {
5135 log_unit_debug_errno(UNIT(s), r, "GetConnectionUnixProcessID() returned invalid PID: %m");
5136 return 1;
5137 }
5138
5139 log_unit_debug(UNIT(s), "D-Bus name %s is now owned by process " PID_FMT, s->bus_name, pidref.pid);
5140
5141 (void) service_set_main_pidref(s, TAKE_PIDREF(pidref), /* start_timestamp = */ NULL);
5142 (void) unit_watch_pidref(UNIT(s), &s->main_pid, /* exclusive= */ false);
5143 return 1;
5144}
5145
5146static void service_bus_name_owner_change(Unit *u, const char *new_owner) {
5147 Service *s = ASSERT_PTR(SERVICE(u));
5148 int r;
5149
5150 if (new_owner)
5151 log_unit_debug(u, "D-Bus name %s now owned by %s", s->bus_name, new_owner);
5152 else
5153 log_unit_debug(u, "D-Bus name %s now not owned by anyone.", s->bus_name);
5154
5155 s->bus_name_good = new_owner;
5156
5157 if (s->type == SERVICE_DBUS) {
5158 /* service_enter_running() will figure out what to do */
5159 if (s->state == SERVICE_RUNNING)
5160 service_enter_running(s, SERVICE_SUCCESS);
5161 else if (s->state == SERVICE_START && new_owner)
5162 service_enter_start_post(s);
5163
5164 } else if (new_owner && pick_up_pid_from_bus_name(s)) {
5165
5166 /* Try to acquire PID from bus service */
5167
5168 s->bus_name_pid_lookup_slot = sd_bus_slot_unref(s->bus_name_pid_lookup_slot);
5169
5170 r = sd_bus_call_method_async(
5171 u->manager->api_bus,
5172 &s->bus_name_pid_lookup_slot,
5173 "org.freedesktop.DBus",
5174 "/org/freedesktop/DBus",
5175 "org.freedesktop.DBus",
5176 "GetConnectionUnixProcessID",
5177 bus_name_pid_lookup_callback,
5178 s,
5179 "s",
5180 s->bus_name);
5181 if (r < 0)
5182 log_unit_debug_errno(u, r, "Failed to request owner PID of service name, ignoring: %m");
5183 }
5184}
5185
5186int service_set_socket_fd(
5187 Service *s,
5188 int fd,
5189 Socket *sock,
5190 SocketPeer *peer, /* reference to object is donated to us on success */
5191 bool selinux_context_net) {
5192
5193 _cleanup_free_ char *peer_text = NULL;
5194 int r;
5195
5196 assert(s);
5197 assert(fd >= 0);
5198 assert(sock);
5199
5200 /* This is called by the socket code when instantiating a new service for a stream socket and the socket needs
5201 * to be configured. We take ownership of the passed fd on success. */
5202
5203 if (UNIT(s)->load_state != UNIT_LOADED)
5204 return -EINVAL;
5205
5206 if (s->socket_fd >= 0)
5207 return -EBUSY;
5208
5209 assert(!s->socket_peer);
5210
5211 if (!IN_SET(s->state, SERVICE_DEAD, SERVICE_DEAD_RESOURCES_PINNED))
5212 return -EAGAIN;
5213
5214 if (getpeername_pretty(fd, true, &peer_text) >= 0) {
5215
5216 if (UNIT(s)->description) {
5217 _cleanup_free_ char *a = NULL;
5218
5219 a = strjoin(UNIT(s)->description, " (", peer_text, ")");
5220 if (!a)
5221 return -ENOMEM;
5222
5223 r = unit_set_description(UNIT(s), a);
5224 } else
5225 r = unit_set_description(UNIT(s), peer_text);
5226 if (r < 0)
5227 return r;
5228 }
5229
5230 r = unit_add_two_dependencies(UNIT(s), UNIT_AFTER, UNIT_TRIGGERED_BY, UNIT(sock), false, UNIT_DEPENDENCY_IMPLICIT);
5231 if (r < 0)
5232 return log_unit_debug_errno(UNIT(s), r,
5233 "Failed to add After=/TriggeredBy= dependencies on socket unit: %m");
5234
5235 s->socket_fd = fd;
5236 s->socket_peer = peer;
5237 s->socket_fd_selinux_context_net = selinux_context_net;
5238
5239 unit_ref_set(&s->accept_socket, UNIT(s), UNIT(sock));
5240 return 0;
5241}
5242
5243static void service_reset_failed(Unit *u) {
5244 Service *s = ASSERT_PTR(SERVICE(u));
5245
5246 if (s->state == SERVICE_FAILED)
5247 service_set_state(s, service_determine_dead_state(s));
5248
5249 s->result = SERVICE_SUCCESS;
5250 s->reload_result = SERVICE_SUCCESS;
5251 s->live_mount_result = SERVICE_SUCCESS;
5252 s->clean_result = SERVICE_SUCCESS;
5253 s->n_restarts = 0;
5254}
5255
5256static PidRef* service_main_pid(Unit *u, bool *ret_is_alien) {
5257 Service *s = ASSERT_PTR(SERVICE(u));
5258
5259 if (ret_is_alien)
5260 *ret_is_alien = s->main_pid_alien;
5261
5262 return &s->main_pid;
5263}
5264
5265static PidRef* service_control_pid(Unit *u) {
5266 return &ASSERT_PTR(SERVICE(u))->control_pid;
5267}
5268
5269static bool service_needs_console(Unit *u) {
5270 Service *s = ASSERT_PTR(SERVICE(u));
5271
5272 /* We provide our own implementation of this here, instead of relying of the generic implementation
5273 * unit_needs_console() provides, since we want to return false if we are in SERVICE_EXITED state. */
5274
5275 if (!exec_context_may_touch_console(&s->exec_context))
5276 return false;
5277
5278 return IN_SET(s->state,
5279 SERVICE_CONDITION,
5280 SERVICE_START_PRE,
5281 SERVICE_START,
5282 SERVICE_START_POST,
5283 SERVICE_RUNNING,
5284 SERVICE_RELOAD,
5285 SERVICE_RELOAD_SIGNAL,
5286 SERVICE_RELOAD_NOTIFY,
5287 SERVICE_REFRESH_EXTENSIONS,
5288 SERVICE_MOUNTING,
5289 SERVICE_STOP,
5290 SERVICE_STOP_WATCHDOG,
5291 SERVICE_STOP_SIGTERM,
5292 SERVICE_STOP_SIGKILL,
5293 SERVICE_STOP_POST,
5294 SERVICE_FINAL_WATCHDOG,
5295 SERVICE_FINAL_SIGTERM,
5296 SERVICE_FINAL_SIGKILL);
5297}
5298
5299static int service_exit_status(Unit *u) {
5300 Service *s = ASSERT_PTR(SERVICE(u));
5301
5302 if (s->main_exec_status.pid <= 0 ||
5303 !dual_timestamp_is_set(&s->main_exec_status.exit_timestamp))
5304 return -ENODATA;
5305
5306 if (s->main_exec_status.code != CLD_EXITED)
5307 return -EBADE;
5308
5309 return s->main_exec_status.status;
5310}
5311
5312static const char* service_status_text(Unit *u) {
5313 Service *s = ASSERT_PTR(SERVICE(u));
5314
5315 return s->status_text;
5316}
5317
5318static int service_clean(Unit *u, ExecCleanMask mask) {
5319 Service *s = ASSERT_PTR(SERVICE(u));
5320 _cleanup_strv_free_ char **l = NULL;
5321 bool may_clean_fdstore = false;
5322 int r;
5323
5324 assert(mask != 0);
5325
5326 if (!IN_SET(s->state, SERVICE_DEAD, SERVICE_DEAD_RESOURCES_PINNED))
5327 return -EBUSY;
5328
5329 /* Determine if there's anything we could potentially clean */
5330 r = exec_context_get_clean_directories(&s->exec_context, u->manager->prefix, mask, &l);
5331 if (r < 0)
5332 return r;
5333
5334 if (mask & EXEC_CLEAN_FDSTORE)
5335 may_clean_fdstore = s->n_fd_store > 0 || s->n_fd_store_max > 0;
5336
5337 if (strv_isempty(l) && !may_clean_fdstore)
5338 return -EUNATCH; /* Nothing to potentially clean */
5339
5340 /* Let's clean the stuff we can clean quickly */
5341 if (may_clean_fdstore)
5342 service_release_fd_store(s);
5343
5344 /* If we are done, leave quickly */
5345 if (strv_isempty(l)) {
5346 if (s->state == SERVICE_DEAD_RESOURCES_PINNED && !s->fd_store)
5347 service_set_state(s, SERVICE_DEAD);
5348 return 0;
5349 }
5350
5351 /* We need to clean disk stuff. This is slow, hence do it out of process, and change state */
5352 service_unwatch_control_pid(s);
5353 s->clean_result = SERVICE_SUCCESS;
5354 s->control_command = NULL;
5355 s->control_command_id = _SERVICE_EXEC_COMMAND_INVALID;
5356
5357 r = service_arm_timer(s, /* relative= */ true, s->exec_context.timeout_clean_usec);
5358 if (r < 0) {
5359 log_unit_warning_errno(u, r, "Failed to install timer: %m");
5360 goto fail;
5361 }
5362
5363 r = unit_fork_and_watch_rm_rf(u, l, &s->control_pid);
5364 if (r < 0) {
5365 log_unit_warning_errno(u, r, "Failed to spawn cleaning task: %m");
5366 goto fail;
5367 }
5368
5369 service_set_state(s, SERVICE_CLEANING);
5370 return 0;
5371
5372fail:
5373 s->clean_result = SERVICE_FAILURE_RESOURCES;
5374 s->timer_event_source = sd_event_source_disable_unref(s->timer_event_source);
5375 return r;
5376}
5377
5378static int service_can_clean(Unit *u, ExecCleanMask *ret) {
5379 Service *s = ASSERT_PTR(SERVICE(u));
5380 ExecCleanMask mask = 0;
5381 int r;
5382
5383 assert(ret);
5384
5385 r = exec_context_get_clean_mask(&s->exec_context, &mask);
5386 if (r < 0)
5387 return r;
5388
5389 if (s->n_fd_store_max > 0)
5390 mask |= EXEC_CLEAN_FDSTORE;
5391
5392 *ret = mask;
5393 return 0;
5394}
5395
5396static int service_live_mount(
5397 Unit *u,
5398 const char *src,
5399 const char *dst,
5400 sd_bus_message *message,
5401 MountInNamespaceFlags flags,
5402 const MountOptions *options,
5403 sd_bus_error *error) {
5404
5405 Service *s = ASSERT_PTR(SERVICE(u));
5406 _cleanup_(pidref_done) PidRef worker = PIDREF_NULL;
5407 int r;
5408
5409 assert(u);
5410 assert(u->manager);
5411 assert(src);
5412 assert(dst);
5413 assert(message);
5414 assert(!s->mount_request);
5415
5416 if (s->state != SERVICE_RUNNING || !pidref_is_set(&s->main_pid)) {
5417 log_unit_warning(u, "Service is not running, cannot live mount.");
5418 return sd_bus_error_setf(
5419 error,
5420 BUS_ERROR_UNIT_INACTIVE,
5421 "Live mounting '%s' on '%s' for unit '%s' cannot be scheduled: service not running",
5422 src,
5423 dst,
5424 u->id);
5425 }
5426
5427 if (mount_point_is_credentials(u->manager->prefix[EXEC_DIRECTORY_RUNTIME], dst)) {
5428 log_unit_warning(u, "Refusing to live mount over credential mount '%s'.", dst);
5429 return sd_bus_error_setf(
5430 error,
5431 SD_BUS_ERROR_INVALID_ARGS,
5432 "Live mounting '%s' on '%s' for unit '%s' cannot be scheduled: cannot mount over credential mount",
5433 src,
5434 dst,
5435 u->id);
5436 }
5437
5438 if (path_startswith_strv(dst, s->exec_context.inaccessible_paths)) {
5439 log_unit_warning(u, "%s is not accessible to this unit, cannot live mount.", dst);
5440 return sd_bus_error_setf(
5441 error,
5442 SD_BUS_ERROR_INVALID_ARGS,
5443 "Live mounting '%s' on '%s' for unit '%s' cannot be scheduled: destination is not accessible to this unit",
5444 src,
5445 dst,
5446 u->id);
5447 }
5448
5449 service_unwatch_control_pid(s);
5450 s->live_mount_result = SERVICE_SUCCESS;
5451 s->control_command = NULL;
5452 s->control_command_id = _SERVICE_EXEC_COMMAND_INVALID;
5453
5454 r = service_arm_timer(s, /* relative= */ true, s->timeout_start_usec);
5455 if (r < 0) {
5456 log_unit_error_errno(u, r, "Failed to install timer: %m");
5457 sd_bus_error_set_errnof(error, r,
5458 "Live mounting '%s' on '%s' for unit '%s': failed to install timer: %m",
5459 src, dst, u->id);
5460 goto fail;
5461 }
5462
5463 const char *propagate_directory = strjoina("/run/systemd/propagate/", u->id);
5464
5465 /* Given we are running from PID1, avoid doing potentially heavy I/O operations like opening images
5466 * directly, and instead fork a worker process. We record the D-Bus message, so that we can reply
5467 * after the operation has finished. This way callers can wait on the message and know that the new
5468 * resource is available (or the operation failed) once they receive the response. */
5469 r = unit_fork_helper_process(u, "(sd-mount-in-ns)", /* into_cgroup= */ false, &worker);
5470 if (r < 0) {
5471 log_unit_error_errno(u, r,
5472 "Failed to fork process to mount '%s' on '%s' in unit's namespace: %m",
5473 src, dst);
5474 sd_bus_error_set_errnof(error, r,
5475 "Live mounting '%s' on '%s' for unit '%s': failed to fork off helper process into namespace: %m",
5476 src, dst, u->id);
5477 goto fail;
5478 }
5479 if (r == 0) {
5480 if (flags & MOUNT_IN_NAMESPACE_IS_IMAGE)
5481 r = mount_image_in_namespace(
5482 &s->main_pid,
5483 propagate_directory,
5484 "/run/systemd/incoming/",
5485 src, dst,
5486 flags,
5487 options,
5488 s->exec_context.mount_image_policy ?: &image_policy_service);
5489 else
5490 r = bind_mount_in_namespace(
5491 &s->main_pid,
5492 propagate_directory,
5493 "/run/systemd/incoming/",
5494 src, dst,
5495 flags);
5496 if (r < 0)
5497 log_unit_error_errno(u, r,
5498 "Failed to mount '%s' on '%s' in unit's namespace: %m",
5499 src, dst);
5500 else
5501 log_unit_debug(u, "Mounted '%s' on '%s' in unit's namespace", src, dst);
5502
5503 _exit(r < 0 ? EXIT_FAILURE : EXIT_SUCCESS);
5504 }
5505
5506 r = unit_watch_pidref(u, &worker, /* exclusive= */ true);
5507 if (r < 0) {
5508 log_unit_warning_errno(u, r, "Failed to watch live mount helper process: %m");
5509 sd_bus_error_set_errnof(error, r,
5510 "Live mounting '%s' on '%s' for unit '%s': failed to watch live mount helper process: %m",
5511 src, dst, u->id);
5512 goto fail;
5513 }
5514
5515 s->mount_request = sd_bus_message_ref(message);
5516 s->control_pid = TAKE_PIDREF(worker);
5517 service_set_state(s, SERVICE_MOUNTING);
5518 return 0;
5519
5520fail:
5521 s->live_mount_result = SERVICE_FAILURE_RESOURCES;
5522 service_enter_running(s, SERVICE_SUCCESS);
5523 return r;
5524}
5525
5526static int service_can_live_mount(Unit *u, sd_bus_error *error) {
5527 Service *s = ASSERT_PTR(SERVICE(u));
5528
5529 /* Ensure that the unit runs in a private mount namespace */
5530 if (!exec_needs_mount_namespace(&s->exec_context, /* params= */ NULL, s->exec_runtime))
5531 return sd_bus_error_setf(
5532 error,
5533 SD_BUS_ERROR_INVALID_ARGS,
5534 "Unit '%s' not running in private mount namespace, cannot live mount.",
5535 u->id);
5536
5537 return 0;
5538}
5539
5540static const char* service_finished_job(Unit *u, JobType t, JobResult result) {
5541 Service *s = ASSERT_PTR(SERVICE(u));
5542
5543 if (t == JOB_START &&
5544 result == JOB_DONE &&
5545 s->type == SERVICE_ONESHOT)
5546 return "Finished %s.";
5547
5548 /* Fall back to generic */
5549 return NULL;
5550}
5551
5552static int service_can_start(Unit *u) {
5553 Service *s = ASSERT_PTR(SERVICE(u));
5554 int r;
5555
5556 /* Make sure we don't enter a busy loop of some kind. */
5557 r = unit_test_start_limit(u);
5558 if (r < 0) {
5559 service_enter_dead(s, SERVICE_FAILURE_START_LIMIT_HIT, false);
5560 return r;
5561 }
5562
5563 return 1;
5564}
5565
5566static void service_release_resources(Unit *u) {
5567 Service *s = ASSERT_PTR(SERVICE(u));
5568
5569 /* Invoked by the unit state engine, whenever it realizes that unit is dead and there's no job
5570 * anymore for it, and it hence is a good idea to release resources */
5571
5572 /* Don't release resources if this is a transitionary failed/dead state
5573 * (i.e. SERVICE_DEAD_BEFORE_AUTO_RESTART/SERVICE_FAILED_BEFORE_AUTO_RESTART), insist on a permanent
5574 * failure state. */
5575 if (!IN_SET(s->state, SERVICE_DEAD, SERVICE_FAILED, SERVICE_DEAD_RESOURCES_PINNED))
5576 return;
5577
5578 log_unit_debug(u, "Releasing resources...");
5579
5580 service_release_socket_fd(s);
5581 service_release_stdio_fd(s);
5582 service_release_extra_fds(s);
5583
5584 if (s->fd_store_preserve_mode != EXEC_PRESERVE_YES)
5585 service_release_fd_store(s);
5586
5587 if (s->state == SERVICE_DEAD_RESOURCES_PINNED && !s->fd_store)
5588 service_set_state(s, SERVICE_DEAD);
5589}
5590
5591int service_determine_exec_selinux_label(Service *s, char **ret) {
5592 int r;
5593
5594 assert(s);
5595 assert(ret);
5596
5597 if (!mac_selinux_use())
5598 return -ENODATA;
5599
5600 /* Returns the SELinux label used for execution of the main service binary */
5601
5602 if (s->exec_context.selinux_context)
5603 /* Prefer the explicitly configured label if there is one */
5604 return strdup_to(ret, s->exec_context.selinux_context);
5605
5606 if (s->exec_context.root_image ||
5607 s->exec_context.n_extension_images > 0 ||
5608 !strv_isempty(s->exec_context.extension_directories)) /* We cannot chase paths through images */
5609 return log_unit_debug_errno(UNIT(s), SYNTHETIC_ERRNO(ENODATA), "Service with RootImage=, ExtensionImages= or ExtensionDirectories= set, cannot determine socket SELinux label before activation, ignoring.");
5610
5611 ExecCommand *c = s->exec_command[SERVICE_EXEC_START];
5612 if (!c)
5613 return -ENODATA;
5614
5615 _cleanup_free_ char *path = NULL;
5616 r = chase(c->path, s->exec_context.root_directory, CHASE_PREFIX_ROOT, &path, NULL);
5617 if (r < 0) {
5618 log_unit_debug_errno(UNIT(s), r, "Failed to resolve service binary '%s', ignoring.", c->path);
5619 return -ENODATA;
5620 }
5621
5622 r = mac_selinux_get_create_label_from_exe(path, ret);
5623 if (ERRNO_IS_NEG_NOT_SUPPORTED(r)) {
5624 log_unit_debug_errno(UNIT(s), r, "Reading SELinux label off binary '%s' is not supported, ignoring.", path);
5625 return -ENODATA;
5626 }
5627 if (ERRNO_IS_NEG_PRIVILEGE(r)) {
5628 log_unit_debug_errno(UNIT(s), r, "Can't read SELinux label off binary '%s', due to privileges, ignoring.", path);
5629 return -ENODATA;
5630 }
5631 if (r < 0)
5632 return log_unit_debug_errno(UNIT(s), r, "Failed to read SELinux label off binary '%s': %m", path);
5633
5634 return 0;
5635}
5636
5637static const char* const service_restart_table[_SERVICE_RESTART_MAX] = {
5638 [SERVICE_RESTART_NO] = "no",
5639 [SERVICE_RESTART_ON_SUCCESS] = "on-success",
5640 [SERVICE_RESTART_ON_FAILURE] = "on-failure",
5641 [SERVICE_RESTART_ON_ABNORMAL] = "on-abnormal",
5642 [SERVICE_RESTART_ON_WATCHDOG] = "on-watchdog",
5643 [SERVICE_RESTART_ON_ABORT] = "on-abort",
5644 [SERVICE_RESTART_ALWAYS] = "always",
5645};
5646
5647DEFINE_STRING_TABLE_LOOKUP(service_restart, ServiceRestart);
5648
5649static const char* const service_restart_mode_table[_SERVICE_RESTART_MODE_MAX] = {
5650 [SERVICE_RESTART_MODE_NORMAL] = "normal",
5651 [SERVICE_RESTART_MODE_DIRECT] = "direct",
5652 [SERVICE_RESTART_MODE_DEBUG] = "debug",
5653};
5654
5655DEFINE_STRING_TABLE_LOOKUP(service_restart_mode, ServiceRestartMode);
5656
5657static const char* const service_type_table[_SERVICE_TYPE_MAX] = {
5658 [SERVICE_SIMPLE] = "simple",
5659 [SERVICE_FORKING] = "forking",
5660 [SERVICE_ONESHOT] = "oneshot",
5661 [SERVICE_DBUS] = "dbus",
5662 [SERVICE_NOTIFY] = "notify",
5663 [SERVICE_NOTIFY_RELOAD] = "notify-reload",
5664 [SERVICE_IDLE] = "idle",
5665 [SERVICE_EXEC] = "exec",
5666};
5667
5668DEFINE_STRING_TABLE_LOOKUP(service_type, ServiceType);
5669
5670static const char* const service_exit_type_table[_SERVICE_EXIT_TYPE_MAX] = {
5671 [SERVICE_EXIT_MAIN] = "main",
5672 [SERVICE_EXIT_CGROUP] = "cgroup",
5673};
5674
5675DEFINE_STRING_TABLE_LOOKUP(service_exit_type, ServiceExitType);
5676
5677static const char* const service_exec_command_table[_SERVICE_EXEC_COMMAND_MAX] = {
5678 [SERVICE_EXEC_CONDITION] = "ExecCondition",
5679 [SERVICE_EXEC_START_PRE] = "ExecStartPre",
5680 [SERVICE_EXEC_START] = "ExecStart",
5681 [SERVICE_EXEC_START_POST] = "ExecStartPost",
5682 [SERVICE_EXEC_RELOAD] = "ExecReload",
5683 [SERVICE_EXEC_STOP] = "ExecStop",
5684 [SERVICE_EXEC_STOP_POST] = "ExecStopPost",
5685};
5686
5687DEFINE_STRING_TABLE_LOOKUP(service_exec_command, ServiceExecCommand);
5688
5689static const char* const service_exec_ex_command_table[_SERVICE_EXEC_COMMAND_MAX] = {
5690 [SERVICE_EXEC_CONDITION] = "ExecConditionEx",
5691 [SERVICE_EXEC_START_PRE] = "ExecStartPreEx",
5692 [SERVICE_EXEC_START] = "ExecStartEx",
5693 [SERVICE_EXEC_START_POST] = "ExecStartPostEx",
5694 [SERVICE_EXEC_RELOAD] = "ExecReloadEx",
5695 [SERVICE_EXEC_STOP] = "ExecStopEx",
5696 [SERVICE_EXEC_STOP_POST] = "ExecStopPostEx",
5697};
5698
5699DEFINE_STRING_TABLE_LOOKUP(service_exec_ex_command, ServiceExecCommand);
5700
5701static const char* const notify_state_table[_NOTIFY_STATE_MAX] = {
5702 [NOTIFY_UNKNOWN] = "unknown",
5703 [NOTIFY_READY] = "ready",
5704 [NOTIFY_RELOADING] = "reloading",
5705 [NOTIFY_STOPPING] = "stopping",
5706};
5707
5708DEFINE_STRING_TABLE_LOOKUP(notify_state, NotifyState);
5709
5710static const char* const service_result_table[_SERVICE_RESULT_MAX] = {
5711 [SERVICE_SUCCESS] = "success",
5712 [SERVICE_FAILURE_RESOURCES] = "resources",
5713 [SERVICE_FAILURE_PROTOCOL] = "protocol",
5714 [SERVICE_FAILURE_TIMEOUT] = "timeout",
5715 [SERVICE_FAILURE_EXIT_CODE] = "exit-code",
5716 [SERVICE_FAILURE_SIGNAL] = "signal",
5717 [SERVICE_FAILURE_CORE_DUMP] = "core-dump",
5718 [SERVICE_FAILURE_WATCHDOG] = "watchdog",
5719 [SERVICE_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
5720 [SERVICE_FAILURE_OOM_KILL] = "oom-kill",
5721 [SERVICE_SKIP_CONDITION] = "exec-condition",
5722};
5723
5724DEFINE_STRING_TABLE_LOOKUP(service_result, ServiceResult);
5725
5726static const char* const service_timeout_failure_mode_table[_SERVICE_TIMEOUT_FAILURE_MODE_MAX] = {
5727 [SERVICE_TIMEOUT_TERMINATE] = "terminate",
5728 [SERVICE_TIMEOUT_ABORT] = "abort",
5729 [SERVICE_TIMEOUT_KILL] = "kill",
5730};
5731
5732DEFINE_STRING_TABLE_LOOKUP(service_timeout_failure_mode, ServiceTimeoutFailureMode);
5733
5734const UnitVTable service_vtable = {
5735 .object_size = sizeof(Service),
5736 .exec_context_offset = offsetof(Service, exec_context),
5737 .cgroup_context_offset = offsetof(Service, cgroup_context),
5738 .kill_context_offset = offsetof(Service, kill_context),
5739 .exec_runtime_offset = offsetof(Service, exec_runtime),
5740 .cgroup_runtime_offset = offsetof(Service, cgroup_runtime),
5741
5742 .sections =
5743 "Unit\0"
5744 "Service\0"
5745 "Install\0",
5746 .private_section = "Service",
5747
5748 .can_transient = true,
5749 .can_delegate = true,
5750 .can_fail = true,
5751 .can_set_managed_oom = true,
5752
5753 .init = service_init,
5754 .done = service_done,
5755 .load = service_load,
5756 .release_resources = service_release_resources,
5757
5758 .coldplug = service_coldplug,
5759
5760 .dump = service_dump,
5761
5762 .start = service_start,
5763 .stop = service_stop,
5764 .reload = service_reload,
5765
5766 .can_reload = service_can_reload,
5767
5768 .clean = service_clean,
5769 .can_clean = service_can_clean,
5770
5771 .live_mount = service_live_mount,
5772 .can_live_mount = service_can_live_mount,
5773
5774 .freezer_action = unit_cgroup_freezer_action,
5775
5776 .serialize = service_serialize,
5777 .deserialize_item = service_deserialize_item,
5778
5779 .active_state = service_active_state,
5780 .sub_state_to_string = service_sub_state_to_string,
5781
5782 .will_restart = service_will_restart,
5783
5784 .may_gc = service_may_gc,
5785
5786 .sigchld_event = service_sigchld_event,
5787
5788 .reset_failed = service_reset_failed,
5789
5790 .notify_cgroup_empty = service_notify_cgroup_empty_event,
5791 .notify_cgroup_oom = service_notify_cgroup_oom_event,
5792 .notify_message = service_notify_message,
5793 .notify_handoff_timestamp = service_handoff_timestamp,
5794 .notify_pidref = service_notify_pidref,
5795
5796 .main_pid = service_main_pid,
5797 .control_pid = service_control_pid,
5798
5799 .bus_name_owner_change = service_bus_name_owner_change,
5800
5801 .bus_set_property = bus_service_set_property,
5802 .bus_commit_properties = bus_service_commit_properties,
5803
5804 .get_timeout = service_get_timeout,
5805 .get_timeout_start_usec = service_get_timeout_start_usec,
5806 .needs_console = service_needs_console,
5807 .exit_status = service_exit_status,
5808 .status_text = service_status_text,
5809
5810 .status_message_formats = {
5811 .finished_start_job = {
5812 [JOB_FAILED] = "Failed to start %s.",
5813 },
5814 .finished_stop_job = {
5815 [JOB_DONE] = "Stopped %s.",
5816 [JOB_FAILED] = "Stopped (with error) %s.",
5817 },
5818 .finished_job = service_finished_job,
5819 },
5820
5821 .can_start = service_can_start,
5822
5823 .notify_plymouth = true,
5824
5825 .audit_start_message_type = AUDIT_SERVICE_START,
5826 .audit_stop_message_type = AUDIT_SERVICE_STOP,
5827};
Unnamed repository; edit this file 'description' to name the repository.