]> git.ipfire.org Git - thirdparty/systemd.git/blame_incremental - src/core/service.c
projects / thirdparty / systemd.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
tar-util: make sure we can unpack hardlinked symlinks (#39619)
[thirdparty/systemd.git] / src / core / service.c
... / ...
CommitLineData
1/* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3#include <linux/audit.h>
4#include <math.h>
5#include <sys/stat.h>
6#include <unistd.h>
7
8#include "sd-bus.h"
9#include "sd-messages.h"
10
11#include "alloc-util.h"
12#include "async.h"
13#include "bus-common-errors.h"
14#include "bus-error.h"
15#include "bus-util.h"
16#include "chase.h"
17#include "dbus-service.h"
18#include "dbus-unit.h"
19#include "devnum-util.h"
20#include "env-util.h"
21#include "errno-util.h"
22#include "escape.h"
23#include "execute.h"
24#include "exec-credential.h"
25#include "exit-status.h"
26#include "extract-word.h"
27#include "fd-util.h"
28#include "fdset.h"
29#include "fileio.h"
30#include "format-util.h"
31#include "glyph-util.h"
32#include "image-policy.h"
33#include "log.h"
34#include "manager.h"
35#include "mount-util.h"
36#include "namespace.h"
37#include "open-file.h"
38#include "parse-util.h"
39#include "path-util.h"
40#include "path.h"
41#include "pidfd-util.h"
42#include "process-util.h"
43#include "random-util.h"
44#include "selinux-util.h"
45#include "serialize.h"
46#include "service.h"
47#include "signal-util.h"
48#include "socket.h"
49#include "special.h"
50#include "stat-util.h"
51#include "string-table.h"
52#include "string-util.h"
53#include "strv.h"
54#include "transaction.h"
55#include "unit.h"
56#include "unit-name.h"
57#include "utf8.h"
58
59#define STATUS_TEXT_MAX (16U*1024U)
60
61#define service_spawn(...) service_spawn_internal(__func__, __VA_ARGS__)
62
63static const UnitActiveState state_translation_table[_SERVICE_STATE_MAX] = {
64 [SERVICE_DEAD] = UNIT_INACTIVE,
65 [SERVICE_CONDITION] = UNIT_ACTIVATING,
66 [SERVICE_START_PRE] = UNIT_ACTIVATING,
67 [SERVICE_START] = UNIT_ACTIVATING,
68 [SERVICE_START_POST] = UNIT_ACTIVATING,
69 [SERVICE_RUNNING] = UNIT_ACTIVE,
70 [SERVICE_EXITED] = UNIT_ACTIVE,
71 [SERVICE_REFRESH_EXTENSIONS] = UNIT_REFRESHING,
72 [SERVICE_RELOAD] = UNIT_RELOADING,
73 [SERVICE_RELOAD_SIGNAL] = UNIT_RELOADING,
74 [SERVICE_RELOAD_NOTIFY] = UNIT_RELOADING,
75 [SERVICE_RELOAD_POST] = UNIT_RELOADING,
76 [SERVICE_MOUNTING] = UNIT_REFRESHING,
77 [SERVICE_STOP] = UNIT_DEACTIVATING,
78 [SERVICE_STOP_WATCHDOG] = UNIT_DEACTIVATING,
79 [SERVICE_STOP_SIGTERM] = UNIT_DEACTIVATING,
80 [SERVICE_STOP_SIGKILL] = UNIT_DEACTIVATING,
81 [SERVICE_STOP_POST] = UNIT_DEACTIVATING,
82 [SERVICE_FINAL_WATCHDOG] = UNIT_DEACTIVATING,
83 [SERVICE_FINAL_SIGTERM] = UNIT_DEACTIVATING,
84 [SERVICE_FINAL_SIGKILL] = UNIT_DEACTIVATING,
85 [SERVICE_FAILED] = UNIT_FAILED,
86 [SERVICE_DEAD_BEFORE_AUTO_RESTART] = UNIT_INACTIVE,
87 [SERVICE_FAILED_BEFORE_AUTO_RESTART] = UNIT_FAILED,
88 [SERVICE_DEAD_RESOURCES_PINNED] = UNIT_INACTIVE,
89 [SERVICE_AUTO_RESTART] = UNIT_ACTIVATING,
90 [SERVICE_AUTO_RESTART_QUEUED] = UNIT_ACTIVATING,
91 [SERVICE_CLEANING] = UNIT_MAINTENANCE,
92};
93
94/* For Type=idle we never want to delay any other jobs, hence we
95 * consider idle jobs active as soon as we start working on them */
96static const UnitActiveState state_translation_table_idle[_SERVICE_STATE_MAX] = {
97 [SERVICE_DEAD] = UNIT_INACTIVE,
98 [SERVICE_CONDITION] = UNIT_ACTIVE,
99 [SERVICE_START_PRE] = UNIT_ACTIVE,
100 [SERVICE_START] = UNIT_ACTIVE,
101 [SERVICE_START_POST] = UNIT_ACTIVE,
102 [SERVICE_RUNNING] = UNIT_ACTIVE,
103 [SERVICE_EXITED] = UNIT_ACTIVE,
104 [SERVICE_REFRESH_EXTENSIONS] = UNIT_REFRESHING,
105 [SERVICE_RELOAD] = UNIT_RELOADING,
106 [SERVICE_RELOAD_SIGNAL] = UNIT_RELOADING,
107 [SERVICE_RELOAD_NOTIFY] = UNIT_RELOADING,
108 [SERVICE_RELOAD_POST] = UNIT_RELOADING,
109 [SERVICE_MOUNTING] = UNIT_REFRESHING,
110 [SERVICE_STOP] = UNIT_DEACTIVATING,
111 [SERVICE_STOP_WATCHDOG] = UNIT_DEACTIVATING,
112 [SERVICE_STOP_SIGTERM] = UNIT_DEACTIVATING,
113 [SERVICE_STOP_SIGKILL] = UNIT_DEACTIVATING,
114 [SERVICE_STOP_POST] = UNIT_DEACTIVATING,
115 [SERVICE_FINAL_WATCHDOG] = UNIT_DEACTIVATING,
116 [SERVICE_FINAL_SIGTERM] = UNIT_DEACTIVATING,
117 [SERVICE_FINAL_SIGKILL] = UNIT_DEACTIVATING,
118 [SERVICE_FAILED] = UNIT_FAILED,
119 [SERVICE_DEAD_BEFORE_AUTO_RESTART] = UNIT_INACTIVE,
120 [SERVICE_FAILED_BEFORE_AUTO_RESTART] = UNIT_FAILED,
121 [SERVICE_DEAD_RESOURCES_PINNED] = UNIT_INACTIVE,
122 [SERVICE_AUTO_RESTART] = UNIT_ACTIVATING,
123 [SERVICE_AUTO_RESTART_QUEUED] = UNIT_ACTIVATING,
124 [SERVICE_CLEANING] = UNIT_MAINTENANCE,
125};
126
127static int service_dispatch_inotify_io(sd_event_source *source, int fd, uint32_t events, void *userdata);
128static int service_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
129static int service_dispatch_watchdog(sd_event_source *source, usec_t usec, void *userdata);
130static int service_dispatch_exec_io(sd_event_source *source, int fd, uint32_t events, void *userdata);
131
132static void service_enter_signal(Service *s, ServiceState state, ServiceResult f);
133
134static void service_reload_finish(Service *s, ServiceResult f);
135static void service_enter_reload_by_notify(Service *s);
136
137static bool SERVICE_STATE_WITH_MAIN_PROCESS(ServiceState state) {
138 return IN_SET(state,
139 SERVICE_START, SERVICE_START_POST,
140 SERVICE_RUNNING,
141 SERVICE_REFRESH_EXTENSIONS, SERVICE_RELOAD, SERVICE_RELOAD_SIGNAL, SERVICE_RELOAD_NOTIFY, SERVICE_RELOAD_POST,
142 SERVICE_MOUNTING,
143 SERVICE_STOP, SERVICE_STOP_WATCHDOG, SERVICE_STOP_SIGTERM, SERVICE_STOP_SIGKILL, SERVICE_STOP_POST,
144 SERVICE_FINAL_WATCHDOG, SERVICE_FINAL_SIGTERM, SERVICE_FINAL_SIGKILL);
145}
146
147static bool SERVICE_STATE_WITH_CONTROL_PROCESS(ServiceState state) {
148 return IN_SET(state,
149 SERVICE_CONDITION,
150 SERVICE_START_PRE, SERVICE_START, SERVICE_START_POST,
151 SERVICE_REFRESH_EXTENSIONS, SERVICE_RELOAD, SERVICE_RELOAD_POST,
152 SERVICE_MOUNTING,
153 SERVICE_STOP, SERVICE_STOP_WATCHDOG, SERVICE_STOP_SIGTERM, SERVICE_STOP_SIGKILL, SERVICE_STOP_POST,
154 SERVICE_FINAL_WATCHDOG, SERVICE_FINAL_SIGTERM, SERVICE_FINAL_SIGKILL,
155 SERVICE_CLEANING);
156}
157
158static bool SERVICE_STATE_WITH_WATCHDOG(ServiceState state) {
159 return IN_SET(state,
160 SERVICE_START_POST,
161 SERVICE_RUNNING,
162 SERVICE_REFRESH_EXTENSIONS, SERVICE_RELOAD, SERVICE_RELOAD_SIGNAL, SERVICE_RELOAD_NOTIFY, SERVICE_RELOAD_POST,
163 SERVICE_MOUNTING);
164}
165
166static void service_init(Unit *u) {
167 Service *s = SERVICE(u);
168
169 assert(u);
170 assert(u->load_state == UNIT_STUB);
171
172 s->timeout_start_usec = u->manager->defaults.timeout_start_usec;
173 s->timeout_stop_usec = u->manager->defaults.timeout_stop_usec;
174 s->timeout_abort_usec = u->manager->defaults.timeout_abort_usec;
175 s->timeout_abort_set = u->manager->defaults.timeout_abort_set;
176 s->restart_usec = u->manager->defaults.restart_usec;
177 s->restart_max_delay_usec = USEC_INFINITY;
178 s->runtime_max_usec = USEC_INFINITY;
179 s->type = _SERVICE_TYPE_INVALID;
180 s->socket_fd = -EBADF;
181 s->stdin_fd = s->stdout_fd = s->stderr_fd = -EBADF;
182 s->root_directory_fd = -EBADF;
183 s->guess_main_pid = true;
184 s->main_pid = PIDREF_NULL;
185 s->control_pid = PIDREF_NULL;
186 s->control_command_id = _SERVICE_EXEC_COMMAND_INVALID;
187
188 s->exec_context.keyring_mode = MANAGER_IS_SYSTEM(u->manager) ?
189 EXEC_KEYRING_PRIVATE : EXEC_KEYRING_INHERIT;
190
191 s->notify_access_override = _NOTIFY_ACCESS_INVALID;
192 s->notify_state = _NOTIFY_STATE_INVALID;
193
194 s->watchdog_original_usec = USEC_INFINITY;
195
196 s->oom_policy = _OOM_POLICY_INVALID;
197 s->reload_begin_usec = USEC_INFINITY;
198 s->reload_signal = SIGHUP;
199
200 s->fd_store_preserve_mode = EXEC_PRESERVE_RESTART;
201}
202
203static void service_unwatch_control_pid(Service *s) {
204 assert(s);
205 unit_unwatch_pidref_done(UNIT(s), &s->control_pid);
206}
207
208static void service_unwatch_main_pid(Service *s) {
209 assert(s);
210 unit_unwatch_pidref_done(UNIT(s), &s->main_pid);
211}
212
213static void service_unwatch_pid_file(Service *s) {
214 assert(s);
215
216 if (!s->pid_file_pathspec)
217 return;
218
219 log_unit_debug(UNIT(s), "Stopping watch for PID file %s", s->pid_file_pathspec->path);
220 path_spec_unwatch(s->pid_file_pathspec);
221 path_spec_done(s->pid_file_pathspec);
222 s->pid_file_pathspec = mfree(s->pid_file_pathspec);
223}
224
225static int service_set_main_pidref(Service *s, PidRef pidref_consume, const dual_timestamp *start_timestamp) {
226 _cleanup_(pidref_done) PidRef pidref = pidref_consume;
227 int r;
228
229 assert(s);
230
231 /* Takes ownership of the specified pidref on both success and failure. */
232
233 if (!pidref_is_set(&pidref))
234 return -ESRCH;
235
236 if (pidref.pid <= 1)
237 return -EINVAL;
238
239 if (pidref_is_self(&pidref))
240 return -EINVAL;
241
242 if (s->main_pid_known && pidref_equal(&s->main_pid, &pidref))
243 return 0;
244
245 if (!pidref_equal(&s->main_pid, &pidref)) {
246 service_unwatch_main_pid(s);
247
248 dual_timestamp pid_start_time;
249
250 if (!start_timestamp) {
251 usec_t t;
252
253 if (pidref_get_start_time(&pidref, &t) >= 0)
254 start_timestamp = dual_timestamp_from_boottime(&pid_start_time, t);
255 }
256
257 exec_status_start(&s->main_exec_status, pidref.pid, start_timestamp);
258 }
259
260 s->main_pid = TAKE_PIDREF(pidref);
261 s->main_pid_known = true;
262
263 r = pidref_is_my_child(&s->main_pid);
264 if (r < 0)
265 log_unit_warning_errno(UNIT(s), r, "Can't determine if process "PID_FMT" is our child, assuming it is not: %m", s->main_pid.pid);
266 else if (r == 0) // FIXME: Supervise through pidfd here
267 log_unit_warning(UNIT(s), "Supervising process "PID_FMT" which is not our child. We'll most likely not notice when it exits.", s->main_pid.pid);
268 s->main_pid_alien = r <= 0;
269
270 return 0;
271}
272
273void service_release_socket_fd(Service *s) {
274 assert(s);
275
276 if (s->socket_fd < 0 && !UNIT_ISSET(s->accept_socket) && !s->socket_peer)
277 return;
278
279 log_unit_debug(UNIT(s), "Closing connection socket.");
280
281 /* Undo the effect of service_set_socket_fd(). */
282
283 s->socket_fd = asynchronous_close(s->socket_fd);
284
285 if (UNIT_ISSET(s->accept_socket)) {
286 socket_connection_unref(SOCKET(UNIT_DEREF(s->accept_socket)));
287 unit_ref_unset(&s->accept_socket);
288 }
289
290 s->socket_peer = socket_peer_unref(s->socket_peer);
291}
292
293static void service_override_notify_access(Service *s, NotifyAccess notify_access_override) {
294 assert(s);
295
296 s->notify_access_override = notify_access_override;
297
298 log_unit_debug(UNIT(s), "notify_access=%s", notify_access_to_string(s->notify_access));
299 log_unit_debug(UNIT(s), "notify_access_override=%s", notify_access_to_string(s->notify_access_override));
300}
301
302static void service_stop_watchdog(Service *s) {
303 assert(s);
304
305 s->watchdog_event_source = sd_event_source_disable_unref(s->watchdog_event_source);
306 s->watchdog_timestamp = DUAL_TIMESTAMP_NULL;
307}
308
309static void service_start_watchdog(Service *s) {
310 usec_t watchdog_usec;
311 int r;
312
313 assert(s);
314
315 watchdog_usec = service_get_watchdog_usec(s);
316 if (!timestamp_is_set(watchdog_usec)) {
317 service_stop_watchdog(s);
318 return;
319 }
320
321 if (s->watchdog_event_source) {
322 r = sd_event_source_set_time(s->watchdog_event_source, usec_add(s->watchdog_timestamp.monotonic, watchdog_usec));
323 if (r < 0) {
324 log_unit_warning_errno(UNIT(s), r, "Failed to reset watchdog timer: %m");
325 return;
326 }
327
328 r = sd_event_source_set_enabled(s->watchdog_event_source, SD_EVENT_ONESHOT);
329 } else {
330 r = sd_event_add_time(
331 UNIT(s)->manager->event,
332 &s->watchdog_event_source,
333 CLOCK_MONOTONIC,
334 usec_add(s->watchdog_timestamp.monotonic, watchdog_usec), 0,
335 service_dispatch_watchdog, s);
336 if (r < 0) {
337 log_unit_warning_errno(UNIT(s), r, "Failed to add watchdog timer: %m");
338 return;
339 }
340
341 (void) sd_event_source_set_description(s->watchdog_event_source, "service-watchdog");
342
343 /* Let's process everything else which might be a sign
344 * of living before we consider a service died. */
345 r = sd_event_source_set_priority(s->watchdog_event_source, EVENT_PRIORITY_SERVICE_WATCHDOG);
346 }
347 if (r < 0)
348 log_unit_warning_errno(UNIT(s), r, "Failed to install watchdog timer: %m");
349}
350
351usec_t service_restart_usec_next(Service *s) {
352 unsigned n_restarts_next;
353
354 assert(s);
355
356 /* When the service state is in SERVICE_*_BEFORE_AUTO_RESTART or SERVICE_AUTO_RESTART, we still need
357 * to add 1 to s->n_restarts manually, because s->n_restarts is not updated until a restart job is
358 * enqueued, i.e. state has transitioned to SERVICE_AUTO_RESTART_QUEUED. */
359 n_restarts_next = s->n_restarts + (s->state == SERVICE_AUTO_RESTART_QUEUED ? 0 : 1);
360
361 if (n_restarts_next <= 1 ||
362 s->restart_steps == 0 ||
363 s->restart_usec == 0 ||
364 s->restart_max_delay_usec == USEC_INFINITY ||
365 s->restart_usec >= s->restart_max_delay_usec)
366 return s->restart_usec;
367
368 if (n_restarts_next > s->restart_steps)
369 return s->restart_max_delay_usec;
370
371 /* Enforced in service_verify() and above */
372 assert(s->restart_max_delay_usec > s->restart_usec);
373
374 /* r_i / r_0 = (r_n / r_0) ^ (i / n)
375 * where,
376 * r_0 : initial restart usec (s->restart_usec),
377 * r_i : i-th restart usec (value),
378 * r_n : maximum restart usec (s->restart_max_delay_usec),
379 * i : index of the next step (n_restarts_next - 1)
380 * n : num maximum steps (s->restart_steps) */
381 return (usec_t) (s->restart_usec * powl((long double) s->restart_max_delay_usec / s->restart_usec,
382 (long double) (n_restarts_next - 1) / s->restart_steps));
383}
384
385static void service_extend_event_source_timeout(Service *s, sd_event_source *source, usec_t extended) {
386 usec_t current;
387 int r;
388
389 assert(s);
390
391 /* Extends the specified event source timer to at least the specified time, unless it is already later
392 * anyway. */
393
394 if (!source)
395 return;
396
397 r = sd_event_source_get_time(source, &current);
398 if (r < 0) {
399 const char *desc;
400 (void) sd_event_source_get_description(s->timer_event_source, &desc);
401 log_unit_warning_errno(UNIT(s), r, "Failed to retrieve timeout time for event source '%s', ignoring: %m", strna(desc));
402 return;
403 }
404
405 if (current >= extended) /* Current timeout is already longer, ignore this. */
406 return;
407
408 r = sd_event_source_set_time(source, extended);
409 if (r < 0) {
410 const char *desc;
411 (void) sd_event_source_get_description(s->timer_event_source, &desc);
412 log_unit_warning_errno(UNIT(s), r, "Failed to set timeout time for event source '%s', ignoring: %m", strna(desc));
413 }
414}
415
416static void service_extend_timeout(Service *s, usec_t extend_timeout_usec) {
417 usec_t extended;
418
419 assert(s);
420
421 if (!timestamp_is_set(extend_timeout_usec))
422 return;
423
424 extended = usec_add(now(CLOCK_MONOTONIC), extend_timeout_usec);
425
426 service_extend_event_source_timeout(s, s->timer_event_source, extended);
427 service_extend_event_source_timeout(s, s->watchdog_event_source, extended);
428}
429
430static void service_reset_watchdog(Service *s) {
431 assert(s);
432
433 if (freezer_state_objective(UNIT(s)->freezer_state) != FREEZER_RUNNING) {
434 log_unit_debug(UNIT(s), "Service is currently %s, skipping resetting watchdog.",
435 freezer_state_to_string(UNIT(s)->freezer_state));
436 return;
437 }
438
439 dual_timestamp_now(&s->watchdog_timestamp);
440 service_start_watchdog(s);
441}
442
443static void service_override_watchdog_timeout(Service *s, usec_t watchdog_override_usec) {
444 assert(s);
445
446 s->watchdog_override_enable = true;
447 s->watchdog_override_usec = watchdog_override_usec;
448 service_reset_watchdog(s);
449
450 log_unit_debug(UNIT(s), "watchdog_usec="USEC_FMT, s->watchdog_usec);
451 log_unit_debug(UNIT(s), "watchdog_override_usec="USEC_FMT, s->watchdog_override_usec);
452}
453
454static ServiceFDStore* service_fd_store_unlink(ServiceFDStore *fs) {
455 if (!fs)
456 return NULL;
457
458 if (fs->service) {
459 assert(fs->service->n_fd_store > 0);
460 LIST_REMOVE(fd_store, fs->service->fd_store, fs);
461 fs->service->n_fd_store--;
462 }
463
464 sd_event_source_disable_unref(fs->event_source);
465
466 free(fs->fdname);
467 asynchronous_close(fs->fd);
468 return mfree(fs);
469}
470
471DEFINE_TRIVIAL_CLEANUP_FUNC(ServiceFDStore*, service_fd_store_unlink);
472
473static void service_release_fd_store(Service *s) {
474 assert(s);
475
476 if (!s->fd_store)
477 return;
478
479 log_unit_debug(UNIT(s), "Releasing all stored fds.");
480
481 while (s->fd_store)
482 service_fd_store_unlink(s->fd_store);
483
484 assert(s->n_fd_store == 0);
485}
486
487static void service_release_extra_fds(Service *s) {
488 assert(s);
489
490 if (!s->extra_fds)
491 return;
492
493 log_unit_debug(UNIT(s), "Releasing extra file descriptors.");
494
495 FOREACH_ARRAY(i, s->extra_fds, s->n_extra_fds) {
496 asynchronous_close(i->fd);
497 free(i->fdname);
498 }
499
500 s->extra_fds = mfree(s->extra_fds);
501 s->n_extra_fds = 0;
502}
503
504static void service_release_stdio_fd(Service *s) {
505 assert(s);
506
507 if (s->stdin_fd < 0 && s->stdout_fd < 0 && s->stderr_fd < 0)
508 return;
509
510 log_unit_debug(UNIT(s), "Releasing stdin/stdout/stderr file descriptors.");
511
512 s->stdin_fd = asynchronous_close(s->stdin_fd);
513 s->stdout_fd = asynchronous_close(s->stdout_fd);
514 s->stderr_fd = asynchronous_close(s->stderr_fd);
515}
516
517static void service_done(Unit *u) {
518 Service *s = ASSERT_PTR(SERVICE(u));
519
520 open_file_free_many(&s->open_files);
521
522 s->pid_file = mfree(s->pid_file);
523 s->status_text = mfree(s->status_text);
524 s->status_bus_error = mfree(s->status_bus_error);
525 s->status_varlink_error = mfree(s->status_varlink_error);
526
527 s->exec_runtime = exec_runtime_free(s->exec_runtime);
528
529 exec_command_free_array(s->exec_command, _SERVICE_EXEC_COMMAND_MAX);
530 s->control_command = NULL;
531 s->main_command = NULL;
532
533 exit_status_set_free(&s->restart_prevent_status);
534 exit_status_set_free(&s->restart_force_status);
535 exit_status_set_free(&s->success_status);
536
537 /* This will leak a process, but at least no memory or any of our resources */
538 service_unwatch_main_pid(s);
539 service_unwatch_control_pid(s);
540 service_unwatch_pid_file(s);
541
542 if (s->bus_name) {
543 unit_unwatch_bus_name(u, s->bus_name);
544 s->bus_name = mfree(s->bus_name);
545 }
546
547 s->usb_function_descriptors = mfree(s->usb_function_descriptors);
548 s->usb_function_strings = mfree(s->usb_function_strings);
549
550 service_stop_watchdog(s);
551
552 s->timer_event_source = sd_event_source_disable_unref(s->timer_event_source);
553 s->exec_fd_event_source = sd_event_source_disable_unref(s->exec_fd_event_source);
554
555 s->bus_name_pid_lookup_slot = sd_bus_slot_unref(s->bus_name_pid_lookup_slot);
556
557 service_release_socket_fd(s);
558 service_release_stdio_fd(s);
559 service_release_fd_store(s);
560 service_release_extra_fds(s);
561 s->root_directory_fd = asynchronous_close(s->root_directory_fd);
562
563 s->mount_request = sd_bus_message_unref(s->mount_request);
564}
565
566static int on_fd_store_io(sd_event_source *e, int fd, uint32_t revents, void *userdata) {
567 ServiceFDStore *fs = ASSERT_PTR(userdata);
568
569 assert(e);
570
571 /* If we get either EPOLLHUP or EPOLLERR, it's time to remove this entry from the fd store */
572 log_unit_debug(UNIT(fs->service),
573 "Received %s on stored fd %d (%s), closing.",
574 revents & EPOLLERR ? "EPOLLERR" : "EPOLLHUP",
575 fs->fd, strna(fs->fdname));
576 service_fd_store_unlink(fs);
577 return 0;
578}
579
580static int service_add_fd_store(Service *s, int fd_in, const char *name, bool do_poll) {
581 _cleanup_(service_fd_store_unlinkp) ServiceFDStore *fs = NULL;
582 _cleanup_(asynchronous_closep) int fd = ASSERT_FD(fd_in);
583 struct stat st;
584 int r;
585
586 /* fd is always consumed even if the function fails. */
587
588 assert(s);
589
590 if (fstat(fd, &st) < 0)
591 return -errno;
592
593 log_unit_debug(UNIT(s), "Trying to stash fd for dev=" DEVNUM_FORMAT_STR "/inode=%" PRIu64,
594 DEVNUM_FORMAT_VAL(st.st_dev), (uint64_t) st.st_ino);
595
596 if (s->n_fd_store >= s->n_fd_store_max)
597 /* Our store is full. Use this errno rather than E[NM]FILE to distinguish from the case
598 * where systemd itself hits the file limit. */
599 return log_unit_debug_errno(UNIT(s), SYNTHETIC_ERRNO(EXFULL), "Hit fd store limit.");
600
601 LIST_FOREACH(fd_store, i, s->fd_store) {
602 r = same_fd(i->fd, fd);
603 if (r < 0)
604 return r;
605 if (r > 0) {
606 log_unit_debug(UNIT(s), "Suppressing duplicate fd %i in fd store.", fd);
607 return 0; /* fd already included */
608 }
609 }
610
611 fs = new(ServiceFDStore, 1);
612 if (!fs)
613 return -ENOMEM;
614
615 *fs = (ServiceFDStore) {
616 .fd = TAKE_FD(fd),
617 .do_poll = do_poll,
618 .fdname = strdup(name ?: "stored"),
619 };
620
621 if (!fs->fdname)
622 return -ENOMEM;
623
624 if (do_poll) {
625 r = sd_event_add_io(UNIT(s)->manager->event, &fs->event_source, fs->fd, 0, on_fd_store_io, fs);
626 if (r < 0 && r != -EPERM) /* EPERM indicates fds that aren't pollable, which is OK */
627 return r;
628 if (r >= 0)
629 (void) sd_event_source_set_description(fs->event_source, "service-fd-store");
630 }
631
632 log_unit_debug(UNIT(s), "Added fd %i (%s) to fd store.", fs->fd, fs->fdname);
633
634 fs->service = s;
635 LIST_PREPEND(fd_store, s->fd_store, TAKE_PTR(fs));
636 s->n_fd_store++;
637
638 return 1; /* fd newly stored */
639}
640
641static int service_add_fd_store_set(Service *s, FDSet *fds, const char *name, bool do_poll) {
642 int r;
643
644 assert(s);
645
646 for (;;) {
647 int fd;
648
649 fd = fdset_steal_first(fds);
650 if (fd < 0)
651 break;
652
653 r = service_add_fd_store(s, fd, name, do_poll);
654 if (r == -EXFULL)
655 return log_unit_warning_errno(UNIT(s), r,
656 "Cannot store more fds than FileDescriptorStoreMax=%u, closing remaining.",
657 s->n_fd_store_max);
658 if (r < 0)
659 return log_unit_error_errno(UNIT(s), r, "Failed to add fd to store: %m");
660 }
661
662 return 0;
663}
664
665static void service_remove_fd_store(Service *s, const char *name) {
666 assert(s);
667 assert(name);
668
669 LIST_FOREACH(fd_store, fs, s->fd_store) {
670 if (!streq(fs->fdname, name))
671 continue;
672
673 log_unit_debug(UNIT(s), "Got explicit request to remove fd %i (%s), closing.", fs->fd, name);
674 service_fd_store_unlink(fs);
675 }
676}
677
678static usec_t service_running_timeout(Service *s) {
679 usec_t delta = 0;
680
681 assert(s);
682
683 if (s->runtime_rand_extra_usec != 0) {
684 delta = random_u64_range(s->runtime_rand_extra_usec);
685 log_unit_debug(UNIT(s), "Adding delta of %s sec to timeout", FORMAT_TIMESPAN(delta, USEC_PER_SEC));
686 }
687
688 return usec_add(usec_add(UNIT(s)->active_enter_timestamp.monotonic,
689 s->runtime_max_usec),
690 delta);
691}
692
693static int service_arm_timer(Service *s, bool relative, usec_t usec) {
694 assert(s);
695
696 return unit_arm_timer(UNIT(s), &s->timer_event_source, relative, usec, service_dispatch_timer);
697}
698
699static int service_verify(Service *s) {
700 assert(s);
701 assert(UNIT(s)->load_state == UNIT_LOADED);
702
703 if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP] &&
704 UNIT(s)->success_action == EMERGENCY_ACTION_NONE)
705 /* FailureAction= only makes sense if one of the start or stop commands is specified.
706 * SuccessAction= will be executed unconditionally if no commands are specified. Hence,
707 * either a command or SuccessAction= are required. */
708 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), "Service has no ExecStart=, ExecStop=, or SuccessAction=. Refusing.");
709
710 if (s->type != SERVICE_ONESHOT && !s->exec_command[SERVICE_EXEC_START])
711 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), "Service has no ExecStart= setting, which is only allowed for Type=oneshot services. Refusing.");
712
713 if (!s->remain_after_exit && !s->exec_command[SERVICE_EXEC_START] && UNIT(s)->success_action == EMERGENCY_ACTION_NONE)
714 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), "Service has no ExecStart= and no SuccessAction= settings and does not have RemainAfterExit=yes set. Refusing.");
715
716 if (s->type != SERVICE_ONESHOT && s->exec_command[SERVICE_EXEC_START]->command_next)
717 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), "Service has more than one ExecStart= setting, which is only allowed for Type=oneshot services. Refusing.");
718
719 if (s->type == SERVICE_ONESHOT && IN_SET(s->restart, SERVICE_RESTART_ALWAYS, SERVICE_RESTART_ON_SUCCESS))
720 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), "Service has Restart= set to either always or on-success, which isn't allowed for Type=oneshot services. Refusing.");
721
722 if (s->type == SERVICE_ONESHOT && s->exit_type == SERVICE_EXIT_CGROUP)
723 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), "Service has ExitType=cgroup set, which isn't allowed for Type=oneshot services. Refusing.");
724
725 if (s->type == SERVICE_DBUS && !s->bus_name)
726 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), "Service is of type D-Bus but no D-Bus service name has been specified. Refusing.");
727
728 if (s->type == SERVICE_FORKING && exec_needs_pid_namespace(&s->exec_context, /* params= */ NULL))
729 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), "Service of Type=forking does not support PrivatePIDs=yes. Refusing.");
730
731 if (s->usb_function_descriptors && !s->usb_function_strings)
732 log_unit_warning(UNIT(s), "Service has USBFunctionDescriptors= setting, but no USBFunctionStrings=. Ignoring.");
733
734 if (!s->usb_function_descriptors && s->usb_function_strings)
735 log_unit_warning(UNIT(s), "Service has USBFunctionStrings= setting, but no USBFunctionDescriptors=. Ignoring.");
736
737 if (s->runtime_max_usec != USEC_INFINITY && s->type == SERVICE_ONESHOT)
738 log_unit_warning(UNIT(s), "RuntimeMaxSec= has no effect in combination with Type=oneshot. Ignoring.");
739
740 if (s->runtime_max_usec == USEC_INFINITY && s->runtime_rand_extra_usec != 0)
741 log_unit_warning(UNIT(s), "Service has RuntimeRandomizedExtraSec= setting, but no RuntimeMaxSec=. Ignoring.");
742
743 if (s->type == SERVICE_SIMPLE && s->exec_command[SERVICE_EXEC_START_POST] && exec_context_has_credentials(&s->exec_context))
744 log_unit_warning(UNIT(s), "Service uses a combination of Type=simple, ExecStartPost=, and credentials. This could lead to race conditions. Continuing.");
745
746 if (s->restart_max_delay_usec == USEC_INFINITY && s->restart_steps > 0)
747 log_unit_warning(UNIT(s), "Service has RestartSteps= but no RestartMaxDelaySec= setting. Ignoring.");
748
749 if (s->restart_max_delay_usec != USEC_INFINITY && s->restart_steps == 0)
750 log_unit_warning(UNIT(s), "Service has RestartMaxDelaySec= but no RestartSteps= setting. Ignoring.");
751
752 if (s->restart_max_delay_usec < s->restart_usec) {
753 log_unit_warning(UNIT(s), "RestartMaxDelaySec= has a value smaller than RestartSec=, resetting RestartSec= to RestartMaxDelaySec=.");
754 s->restart_usec = s->restart_max_delay_usec;
755 }
756
757 return 0;
758}
759
760static int service_add_default_dependencies(Service *s) {
761 int r;
762
763 assert(s);
764
765 if (!UNIT(s)->default_dependencies)
766 return 0;
767
768 /* Add a number of automatic dependencies useful for the
769 * majority of services. */
770
771 if (MANAGER_IS_SYSTEM(UNIT(s)->manager)) {
772 /* First, pull in the really early boot stuff, and
773 * require it, so that we fail if we can't acquire
774 * it. */
775
776 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, true, UNIT_DEPENDENCY_DEFAULT);
777 if (r < 0)
778 return r;
779 } else {
780
781 /* In the --user instance there's no sysinit.target,
782 * in that case require basic.target instead. */
783
784 r = unit_add_dependency_by_name(UNIT(s), UNIT_REQUIRES, SPECIAL_BASIC_TARGET, true, UNIT_DEPENDENCY_DEFAULT);
785 if (r < 0)
786 return r;
787 }
788
789 /* Second, if the rest of the base system is in the same
790 * transaction, order us after it, but do not pull it in or
791 * even require it. */
792 r = unit_add_dependency_by_name(UNIT(s), UNIT_AFTER, SPECIAL_BASIC_TARGET, true, UNIT_DEPENDENCY_DEFAULT);
793 if (r < 0)
794 return r;
795
796 /* Third, add us in for normal shutdown. */
797 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, true, UNIT_DEPENDENCY_DEFAULT);
798}
799
800static void service_fix_stdio(Service *s) {
801 assert(s);
802
803 /* Note that EXEC_INPUT_NULL and EXEC_OUTPUT_INHERIT play a special role here: they are both the
804 * default value that is subject to automatic overriding triggered by other settings and an explicit
805 * choice the user can make. We don't distinguish between these cases currently. */
806
807 if (s->exec_context.std_input == EXEC_INPUT_NULL &&
808 s->exec_context.stdin_data_size > 0)
809 s->exec_context.std_input = EXEC_INPUT_DATA;
810
811 if (IN_SET(s->exec_context.std_input,
812 EXEC_INPUT_TTY,
813 EXEC_INPUT_TTY_FORCE,
814 EXEC_INPUT_TTY_FAIL,
815 EXEC_INPUT_SOCKET,
816 EXEC_INPUT_NAMED_FD))
817 return;
818
819 /* We assume these listed inputs refer to bidirectional streams, and hence duplicating them from
820 * stdin to stdout/stderr makes sense and hence leaving EXEC_OUTPUT_INHERIT in place makes sense,
821 * too. Outputs such as regular files or sealed data memfds otoh don't really make sense to be
822 * duplicated for both input and output at the same time (since they then would cause a feedback
823 * loop), hence override EXEC_OUTPUT_INHERIT with the default stderr/stdout setting. */
824
825 if (s->exec_context.std_error == EXEC_OUTPUT_INHERIT &&
826 s->exec_context.std_output == EXEC_OUTPUT_INHERIT)
827 s->exec_context.std_error = UNIT(s)->manager->defaults.std_error;
828
829 if (s->exec_context.std_output == EXEC_OUTPUT_INHERIT)
830 s->exec_context.std_output = UNIT(s)->manager->defaults.std_output;
831}
832
833static int service_setup_bus_name(Service *s) {
834 int r;
835
836 assert(s);
837
838 /* If s->bus_name is not set, then the unit will be refused by service_verify() later. */
839 if (!s->bus_name)
840 return 0;
841
842 if (s->type == SERVICE_DBUS) {
843 r = unit_add_dependency_by_name(UNIT(s), UNIT_REQUIRES, SPECIAL_DBUS_SOCKET, true, UNIT_DEPENDENCY_FILE);
844 if (r < 0)
845 return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on %s: %m", SPECIAL_DBUS_SOCKET);
846
847 /* We always want to be ordered against dbus.socket if both are in the transaction. */
848 r = unit_add_dependency_by_name(UNIT(s), UNIT_AFTER, SPECIAL_DBUS_SOCKET, true, UNIT_DEPENDENCY_FILE);
849 if (r < 0)
850 return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on %s: %m", SPECIAL_DBUS_SOCKET);
851 }
852
853 r = unit_watch_bus_name(UNIT(s), s->bus_name);
854 if (r == -EEXIST)
855 return log_unit_error_errno(UNIT(s), r, "Two services allocated for the same bus name %s, refusing operation.", s->bus_name);
856 if (r < 0)
857 return log_unit_error_errno(UNIT(s), r, "Cannot watch bus name %s: %m", s->bus_name);
858
859 return 0;
860}
861
862static int service_add_extras(Service *s) {
863 int r;
864
865 assert(s);
866
867 if (s->type == _SERVICE_TYPE_INVALID) {
868 /* Figure out a type automatically */
869 if (s->bus_name)
870 s->type = SERVICE_DBUS;
871 else if (exec_context_has_credentials(&s->exec_context))
872 s->type = SERVICE_EXEC;
873 else if (s->exec_command[SERVICE_EXEC_START])
874 s->type = SERVICE_SIMPLE;
875 else
876 s->type = SERVICE_ONESHOT;
877 }
878
879 /* Oneshot services have disabled start timeout by default */
880 if (s->type == SERVICE_ONESHOT && !s->start_timeout_defined)
881 s->timeout_start_usec = USEC_INFINITY;
882
883 service_fix_stdio(s);
884
885 r = unit_patch_contexts(UNIT(s));
886 if (r < 0)
887 return r;
888
889 r = unit_add_exec_dependencies(UNIT(s), &s->exec_context);
890 if (r < 0)
891 return r;
892
893 r = unit_set_default_slice(UNIT(s));
894 if (r < 0)
895 return r;
896
897 /* If the service needs the notify socket, let's enable it automatically. */
898 if (s->notify_access == NOTIFY_NONE &&
899 (IN_SET(s->type, SERVICE_NOTIFY, SERVICE_NOTIFY_RELOAD) || s->watchdog_usec > 0 || s->n_fd_store_max > 0))
900 s->notify_access = NOTIFY_MAIN;
901
902 /* If no OOM policy was explicitly set, then default to the configure default OOM policy. Except when
903 * delegation is on, in that case it we assume the payload knows better what to do and can process
904 * things in a more focused way. */
905 if (s->oom_policy < 0)
906 s->oom_policy = s->cgroup_context.delegate ? OOM_CONTINUE : UNIT(s)->manager->defaults.oom_policy;
907
908 /* Let the kernel do the killing if that's requested. */
909 s->cgroup_context.memory_oom_group = s->oom_policy == OOM_KILL;
910
911 r = service_add_default_dependencies(s);
912 if (r < 0)
913 return r;
914
915 r = service_setup_bus_name(s);
916 if (r < 0)
917 return r;
918
919 return 0;
920}
921
922static int service_load(Unit *u) {
923 Service *s = ASSERT_PTR(SERVICE(u));
924 int r;
925
926 r = unit_load_fragment_and_dropin(u, true);
927 if (r < 0)
928 return r;
929
930 if (u->load_state != UNIT_LOADED)
931 return 0;
932
933 /* This is a new unit? Then let's add in some extras */
934 r = service_add_extras(s);
935 if (r < 0)
936 return r;
937
938 return service_verify(s);
939}
940
941static int service_dump_fd(int fd, const char *fdname, const char *header, FILE *f, const char *prefix) {
942 _cleanup_free_ char *path = NULL;
943 struct stat st;
944 int flags;
945
946 assert(fd >= 0);
947 assert(fdname);
948 assert(header);
949 assert(f);
950 assert(prefix);
951
952 if (fstat(fd, &st) < 0)
953 return log_debug_errno(errno, "Failed to stat service fd: %m");
954
955 flags = fcntl(fd, F_GETFL);
956 if (flags < 0)
957 return log_debug_errno(errno, "Failed to get service fd flags: %m");
958
959 (void) fd_get_path(fd, &path);
960
961 fprintf(f,
962 "%s%s '%s' (type=%s; dev=" DEVNUM_FORMAT_STR "; inode=%" PRIu64 "; rdev=" DEVNUM_FORMAT_STR "; path=%s; access=%s)\n",
963 prefix,
964 header,
965 fdname,
966 strna(inode_type_to_string(st.st_mode)),
967 DEVNUM_FORMAT_VAL(st.st_dev),
968 (uint64_t) st.st_ino,
969 DEVNUM_FORMAT_VAL(st.st_rdev),
970 strna(path),
971 strna(accmode_to_string(flags)));
972
973 return 0;
974}
975
976static void service_dump(Unit *u, FILE *f, const char *prefix) {
977 Service *s = ASSERT_PTR(SERVICE(u));
978 const char *prefix2;
979
980 prefix = strempty(prefix);
981 prefix2 = strjoina(prefix, "\t");
982
983 fprintf(f,
984 "%sService State: %s\n"
985 "%sResult: %s\n"
986 "%sReload Result: %s\n"
987 "%sClean Result: %s\n"
988 "%sLiveMount Result: %s\n"
989 "%sPermissionsStartOnly: %s\n"
990 "%sRootDirectoryStartOnly: %s\n"
991 "%sRemainAfterExit: %s\n"
992 "%sGuessMainPID: %s\n"
993 "%sType: %s\n"
994 "%sRestart: %s\n"
995 "%sNotifyAccess: %s\n"
996 "%sNotifyState: %s\n"
997 "%sOOMPolicy: %s\n"
998 "%sReloadSignal: %s\n",
999 prefix, service_state_to_string(s->state),
1000 prefix, service_result_to_string(s->result),
1001 prefix, service_result_to_string(s->reload_result),
1002 prefix, service_result_to_string(s->live_mount_result),
1003 prefix, service_result_to_string(s->clean_result),
1004 prefix, yes_no(s->permissions_start_only),
1005 prefix, yes_no(s->root_directory_start_only),
1006 prefix, yes_no(s->remain_after_exit),
1007 prefix, yes_no(s->guess_main_pid),
1008 prefix, service_type_to_string(s->type),
1009 prefix, service_restart_to_string(s->restart),
1010 prefix, notify_access_to_string(service_get_notify_access(s)),
1011 prefix, notify_state_to_string(s->notify_state),
1012 prefix, oom_policy_to_string(s->oom_policy),
1013 prefix, signal_to_string(s->reload_signal));
1014
1015 if (pidref_is_set(&s->control_pid))
1016 fprintf(f,
1017 "%sControl PID: "PID_FMT"\n",
1018 prefix, s->control_pid.pid);
1019
1020 if (pidref_is_set(&s->main_pid))
1021 fprintf(f,
1022 "%sMain PID: "PID_FMT"\n"
1023 "%sMain PID Known: %s\n"
1024 "%sMain PID Alien: %s\n",
1025 prefix, s->main_pid.pid,
1026 prefix, yes_no(s->main_pid_known),
1027 prefix, yes_no(s->main_pid_alien));
1028
1029 if (s->pid_file)
1030 fprintf(f,
1031 "%sPIDFile: %s\n",
1032 prefix, s->pid_file);
1033
1034 if (s->bus_name)
1035 fprintf(f,
1036 "%sBusName: %s\n"
1037 "%sBus Name Good: %s\n",
1038 prefix, s->bus_name,
1039 prefix, yes_no(s->bus_name_good));
1040
1041 if (UNIT_ISSET(s->accept_socket))
1042 fprintf(f,
1043 "%sAccept Socket: %s\n",
1044 prefix, UNIT_DEREF(s->accept_socket)->id);
1045
1046 fprintf(f,
1047 "%sRestartSec: %s\n"
1048 "%sRestartSteps: %u\n"
1049 "%sRestartMaxDelaySec: %s\n"
1050 "%sTimeoutStartSec: %s\n"
1051 "%sTimeoutStopSec: %s\n"
1052 "%sTimeoutStartFailureMode: %s\n"
1053 "%sTimeoutStopFailureMode: %s\n",
1054 prefix, FORMAT_TIMESPAN(s->restart_usec, USEC_PER_SEC),
1055 prefix, s->restart_steps,
1056 prefix, FORMAT_TIMESPAN(s->restart_max_delay_usec, USEC_PER_SEC),
1057 prefix, FORMAT_TIMESPAN(s->timeout_start_usec, USEC_PER_SEC),
1058 prefix, FORMAT_TIMESPAN(s->timeout_stop_usec, USEC_PER_SEC),
1059 prefix, service_timeout_failure_mode_to_string(s->timeout_start_failure_mode),
1060 prefix, service_timeout_failure_mode_to_string(s->timeout_stop_failure_mode));
1061
1062 if (s->timeout_abort_set)
1063 fprintf(f,
1064 "%sTimeoutAbortSec: %s\n",
1065 prefix, FORMAT_TIMESPAN(s->timeout_abort_usec, USEC_PER_SEC));
1066
1067 fprintf(f,
1068 "%sRuntimeMaxSec: %s\n"
1069 "%sRuntimeRandomizedExtraSec: %s\n"
1070 "%sWatchdogSec: %s\n",
1071 prefix, FORMAT_TIMESPAN(s->runtime_max_usec, USEC_PER_SEC),
1072 prefix, FORMAT_TIMESPAN(s->runtime_rand_extra_usec, USEC_PER_SEC),
1073 prefix, FORMAT_TIMESPAN(s->watchdog_usec, USEC_PER_SEC));
1074
1075 kill_context_dump(&s->kill_context, f, prefix);
1076 exec_context_dump(&s->exec_context, f, prefix);
1077
1078 for (ServiceExecCommand c = 0; c < _SERVICE_EXEC_COMMAND_MAX; c++) {
1079 if (!s->exec_command[c])
1080 continue;
1081
1082 fprintf(f, "%s%s %s:\n",
1083 prefix, glyph(GLYPH_ARROW_RIGHT), service_exec_command_to_string(c));
1084
1085 exec_command_dump_list(s->exec_command[c], f, prefix2);
1086 }
1087
1088 if (s->status_text)
1089 fprintf(f, "%sStatus Text: %s\n",
1090 prefix, s->status_text);
1091
1092 if (s->status_errno > 0)
1093 fprintf(f, "%sStatus Errno: %s\n",
1094 prefix, STRERROR(s->status_errno));
1095
1096 if (s->status_bus_error)
1097 fprintf(f, "%sStatus Bus Error: %s\n",
1098 prefix, s->status_bus_error);
1099
1100 if (s->status_varlink_error)
1101 fprintf(f, "%sStatus Varlink Error: %s\n",
1102 prefix, s->status_varlink_error);
1103
1104 if (s->n_fd_store_max > 0) {
1105 fprintf(f,
1106 "%sFile Descriptor Store Max: %u\n"
1107 "%sFile Descriptor Store Pin: %s\n"
1108 "%sFile Descriptor Store Current: %zu\n",
1109 prefix, s->n_fd_store_max,
1110 prefix, exec_preserve_mode_to_string(s->fd_store_preserve_mode),
1111 prefix, s->n_fd_store);
1112
1113 LIST_FOREACH(fd_store, i, s->fd_store)
1114 (void) service_dump_fd(i->fd,
1115 i->fdname,
1116 i == s->fd_store ? "File Descriptor Store Entry:" : " ",
1117 f,
1118 prefix);
1119 }
1120
1121 FOREACH_ARRAY(i, s->extra_fds, s->n_extra_fds)
1122 (void) service_dump_fd(i->fd,
1123 i->fdname,
1124 i == s->extra_fds ? "Extra File Descriptor Entry:" : " ",
1125 f,
1126 prefix);
1127
1128 if (s->root_directory_fd >= 0)
1129 (void) service_dump_fd(s->root_directory_fd, "Root Directory File Descriptor", "", f, prefix);
1130
1131 if (s->open_files)
1132 LIST_FOREACH(open_files, of, s->open_files) {
1133 _cleanup_free_ char *ofs = NULL;
1134 int r;
1135
1136 r = open_file_to_string(of, &ofs);
1137 if (r < 0) {
1138 log_debug_errno(r,
1139 "Failed to convert OpenFile= setting to string, ignoring: %m");
1140 continue;
1141 }
1142
1143 fprintf(f, "%sOpen File: %s\n", prefix, ofs);
1144 }
1145
1146 cgroup_context_dump(UNIT(s), f, prefix);
1147}
1148
1149static int service_is_suitable_main_pid(Service *s, PidRef *pid, int prio) {
1150 Unit *owner;
1151 int r;
1152
1153 assert(s);
1154 assert(pidref_is_set(pid));
1155
1156 /* Checks whether the specified PID is suitable as main PID for this service. returns negative if not, 0 if the
1157 * PID is questionnable but should be accepted if the source of configuration is trusted. > 0 if the PID is
1158 * good */
1159
1160 if (pidref_is_self(pid) || pid->pid == 1)
1161 return log_unit_full_errno(UNIT(s), prio, SYNTHETIC_ERRNO(EPERM), "New main PID "PID_FMT" is the manager, refusing.", pid->pid);
1162
1163 if (pidref_equal(pid, &s->control_pid))
1164 return log_unit_full_errno(UNIT(s), prio, SYNTHETIC_ERRNO(EPERM), "New main PID "PID_FMT" is the control process, refusing.", pid->pid);
1165
1166 r = pidref_is_alive(pid);
1167 if (r < 0)
1168 return log_unit_full_errno(UNIT(s), prio, r, "Failed to check if main PID "PID_FMT" exists or is a zombie: %m", pid->pid);
1169 if (r == 0)
1170 return log_unit_full_errno(UNIT(s), prio, SYNTHETIC_ERRNO(ESRCH), "New main PID "PID_FMT" does not exist or is a zombie.", pid->pid);
1171
1172 owner = manager_get_unit_by_pidref(UNIT(s)->manager, pid);
1173 if (owner == UNIT(s)) {
1174 log_unit_debug(UNIT(s), "New main PID "PID_FMT" belongs to service, we are happy.", pid->pid);
1175 return 1; /* Yay, it's definitely a good PID */
1176 }
1177
1178 return 0; /* Hmm it's a suspicious PID, let's accept it if configuration source is trusted */
1179}
1180
1181static int service_load_pid_file(Service *s, bool may_warn) {
1182 _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
1183 _cleanup_fclose_ FILE *f = NULL;
1184 _cleanup_free_ char *k = NULL;
1185 bool questionable_pid_file = false;
1186 int r, prio = may_warn ? LOG_INFO : LOG_DEBUG;
1187
1188 assert(s);
1189
1190 if (!s->pid_file)
1191 return -ENOENT;
1192
1193 r = chase_and_fopen_unlocked(s->pid_file, NULL, CHASE_SAFE, "re", NULL, &f);
1194 if (r == -ENOLINK) {
1195 log_unit_debug_errno(UNIT(s), r,
1196 "Potentially unsafe symlink chain, will now retry with relaxed checks: %s", s->pid_file);
1197
1198 questionable_pid_file = true;
1199
1200 r = chase_and_fopen_unlocked(s->pid_file, NULL, 0, "re", NULL, &f);
1201 }
1202 if (r < 0)
1203 return log_unit_full_errno(UNIT(s), prio, r,
1204 "Can't open PID file '%s' (yet?) after %s: %m", s->pid_file, service_state_to_string(s->state));
1205
1206 /* Let's read the PID file now that we chased it down. */
1207 r = read_line(f, LINE_MAX, &k);
1208 if (r < 0)
1209 return log_unit_error_errno(UNIT(s), r, "Failed to read PID file '%s': %m", s->pid_file);
1210
1211 r = pidref_set_pidstr(&pidref, k);
1212 if (r < 0)
1213 return log_unit_full_errno(UNIT(s), prio, r, "Failed to create reference to PID %s from file '%s': %m", k, s->pid_file);
1214
1215 if (s->main_pid_known && pidref_equal(&pidref, &s->main_pid))
1216 return 0;
1217
1218 r = service_is_suitable_main_pid(s, &pidref, prio);
1219 if (r < 0)
1220 return r;
1221 if (r == 0) {
1222 struct stat st;
1223
1224 if (questionable_pid_file)
1225 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(EPERM),
1226 "Refusing to accept PID outside of service control group, acquired through unsafe symlink chain: %s", s->pid_file);
1227
1228 /* Hmm, it's not clear if the new main PID is safe. Let's allow this if the PID file is owned by root */
1229
1230 if (fstat(fileno(f), &st) < 0)
1231 return log_unit_error_errno(UNIT(s), errno, "Failed to fstat() PID file '%s': %m", s->pid_file);
1232
1233 if (st.st_uid != getuid())
1234 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(EPERM),
1235 "New main PID "PID_FMT" from PID file does not belong to service, and PID file is owned by "UID_FMT" (must be owned by "UID_FMT"). Refusing.",
1236 pidref.pid, st.st_uid, getuid());
1237
1238 log_unit_debug(UNIT(s), "New main PID "PID_FMT" does not belong to service, accepting anyway since PID file is owned by "UID_FMT".",
1239 pidref.pid, st.st_uid);
1240 }
1241
1242 if (s->main_pid_known) {
1243 log_unit_debug(UNIT(s), "Main PID changing: "PID_FMT" -> "PID_FMT, s->main_pid.pid, pidref.pid);
1244
1245 service_unwatch_main_pid(s);
1246 s->main_pid_known = false;
1247 } else
1248 log_unit_debug(UNIT(s), "Main PID loaded: "PID_FMT, pidref.pid);
1249
1250 r = service_set_main_pidref(s, TAKE_PIDREF(pidref), /* start_timestamp = */ NULL);
1251 if (r < 0)
1252 return r;
1253
1254 r = unit_watch_pidref(UNIT(s), &s->main_pid, /* exclusive= */ false);
1255 if (r < 0) /* FIXME: we need to do something here */
1256 return log_unit_warning_errno(UNIT(s), r, "Failed to watch PID "PID_FMT" for service: %m", s->main_pid.pid);
1257
1258 return 1;
1259}
1260
1261static void service_search_main_pid(Service *s) {
1262 _cleanup_(pidref_done) PidRef pid = PIDREF_NULL;
1263 int r;
1264
1265 assert(s);
1266
1267 /* If we know it anyway, don't ever fall back to unreliable heuristics */
1268 if (s->main_pid_known)
1269 return;
1270
1271 if (!s->guess_main_pid)
1272 return;
1273
1274 assert(!pidref_is_set(&s->main_pid));
1275
1276 if (unit_search_main_pid(UNIT(s), &pid) < 0)
1277 return;
1278
1279 log_unit_debug(UNIT(s), "Main PID guessed: "PID_FMT, pid.pid);
1280 if (service_set_main_pidref(s, TAKE_PIDREF(pid), /* start_timestamp = */ NULL) < 0)
1281 return;
1282
1283 r = unit_watch_pidref(UNIT(s), &s->main_pid, /* exclusive= */ false);
1284 if (r < 0)
1285 /* FIXME: we need to do something here */
1286 log_unit_warning_errno(UNIT(s), r, "Failed to watch main PID "PID_FMT": %m", s->main_pid.pid);
1287}
1288
1289static void service_set_state(Service *s, ServiceState state) {
1290 Unit *u = UNIT(ASSERT_PTR(s));
1291 ServiceState old_state;
1292 const UnitActiveState *table;
1293
1294 if (s->state != state)
1295 bus_unit_send_pending_change_signal(u, false);
1296
1297 table = s->type == SERVICE_IDLE ? state_translation_table_idle : state_translation_table;
1298
1299 old_state = s->state;
1300 s->state = state;
1301
1302 service_unwatch_pid_file(s);
1303
1304 if (!IN_SET(state,
1305 SERVICE_CONDITION, SERVICE_START_PRE, SERVICE_START, SERVICE_START_POST,
1306 SERVICE_RUNNING,
1307 SERVICE_REFRESH_EXTENSIONS, SERVICE_RELOAD, SERVICE_RELOAD_SIGNAL, SERVICE_RELOAD_NOTIFY, SERVICE_RELOAD_POST,
1308 SERVICE_MOUNTING,
1309 SERVICE_STOP, SERVICE_STOP_WATCHDOG, SERVICE_STOP_SIGTERM, SERVICE_STOP_SIGKILL, SERVICE_STOP_POST,
1310 SERVICE_FINAL_WATCHDOG, SERVICE_FINAL_SIGTERM, SERVICE_FINAL_SIGKILL,
1311 SERVICE_AUTO_RESTART,
1312 SERVICE_CLEANING))
1313 s->timer_event_source = sd_event_source_disable_unref(s->timer_event_source);
1314
1315 if (!SERVICE_STATE_WITH_MAIN_PROCESS(state)) {
1316 service_unwatch_main_pid(s);
1317 s->main_command = NULL;
1318 }
1319
1320 if (!SERVICE_STATE_WITH_CONTROL_PROCESS(state)) {
1321 service_unwatch_control_pid(s);
1322 s->control_command = NULL;
1323 s->control_command_id = _SERVICE_EXEC_COMMAND_INVALID;
1324 }
1325
1326 if (IN_SET(state,
1327 SERVICE_DEAD, SERVICE_FAILED,
1328 SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_FAILED_BEFORE_AUTO_RESTART, SERVICE_AUTO_RESTART, SERVICE_AUTO_RESTART_QUEUED,
1329 SERVICE_DEAD_RESOURCES_PINNED))
1330 unit_unwatch_all_pids(u);
1331
1332 if (state != SERVICE_START)
1333 s->exec_fd_event_source = sd_event_source_disable_unref(s->exec_fd_event_source);
1334
1335 if (!SERVICE_STATE_WITH_WATCHDOG(state))
1336 service_stop_watchdog(s);
1337
1338 if (state != SERVICE_MOUNTING) /* Just in case */
1339 s->mount_request = sd_bus_message_unref(s->mount_request);
1340
1341 if (state == SERVICE_EXITED && !MANAGER_IS_RELOADING(u->manager)) {
1342 /* For the inactive states unit_notify() will trim the cgroup. But for exit we have to
1343 * do that ourselves... */
1344 unit_prune_cgroup(u);
1345
1346 /* If none of ExecReload= and ExecStop*= is used, we can safely destroy runtime data
1347 * as soon as the service enters SERVICE_EXITED. This saves us from keeping the credential mount
1348 * for the whole duration of the oneshot service while no processes are actually running,
1349 * among other things. */
1350
1351 bool start_only = true;
1352 for (ServiceExecCommand c = SERVICE_EXEC_RELOAD; c < _SERVICE_EXEC_COMMAND_MAX; c++)
1353 if (s->exec_command[c]) {
1354 start_only = false;
1355 break;
1356 }
1357
1358 if (start_only)
1359 unit_destroy_runtime_data(u, &s->exec_context, /* destroy_runtime_dir = */ false);
1360 }
1361
1362 if (old_state != state)
1363 log_unit_debug(u, "Changed %s -> %s", service_state_to_string(old_state), service_state_to_string(state));
1364
1365 unit_notify(u, table[old_state], table[state], s->reload_result == SERVICE_SUCCESS);
1366}
1367
1368static usec_t service_coldplug_timeout(Service *s) {
1369 assert(s);
1370
1371 switch (s->deserialized_state) {
1372
1373 case SERVICE_CONDITION:
1374 case SERVICE_START_PRE:
1375 case SERVICE_START:
1376 case SERVICE_START_POST:
1377 case SERVICE_REFRESH_EXTENSIONS:
1378 case SERVICE_RELOAD:
1379 case SERVICE_RELOAD_SIGNAL:
1380 case SERVICE_RELOAD_NOTIFY:
1381 case SERVICE_RELOAD_POST:
1382 case SERVICE_MOUNTING:
1383 return usec_add(UNIT(s)->state_change_timestamp.monotonic, s->timeout_start_usec);
1384
1385 case SERVICE_RUNNING:
1386 return service_running_timeout(s);
1387
1388 case SERVICE_STOP:
1389 case SERVICE_STOP_SIGTERM:
1390 case SERVICE_STOP_SIGKILL:
1391 case SERVICE_STOP_POST:
1392 case SERVICE_FINAL_SIGTERM:
1393 case SERVICE_FINAL_SIGKILL:
1394 return usec_add(UNIT(s)->state_change_timestamp.monotonic, s->timeout_stop_usec);
1395
1396 case SERVICE_STOP_WATCHDOG:
1397 case SERVICE_FINAL_WATCHDOG:
1398 return usec_add(UNIT(s)->state_change_timestamp.monotonic, service_timeout_abort_usec(s));
1399
1400 case SERVICE_AUTO_RESTART:
1401 return usec_add(UNIT(s)->inactive_enter_timestamp.monotonic, service_restart_usec_next(s));
1402
1403 case SERVICE_CLEANING:
1404 return usec_add(UNIT(s)->state_change_timestamp.monotonic, s->exec_context.timeout_clean_usec);
1405
1406 default:
1407 return USEC_INFINITY;
1408 }
1409}
1410
1411static int service_coldplug(Unit *u) {
1412 Service *s = SERVICE(u);
1413 int r;
1414
1415 assert(s);
1416 assert(s->state == SERVICE_DEAD);
1417
1418 if (s->deserialized_state == s->state)
1419 return 0;
1420
1421 r = service_arm_timer(s, /* relative= */ false, service_coldplug_timeout(s));
1422 if (r < 0)
1423 return r;
1424
1425 if (pidref_is_set(&s->main_pid) &&
1426 pidref_is_unwaited(&s->main_pid) > 0 &&
1427 SERVICE_STATE_WITH_MAIN_PROCESS(s->deserialized_state)) {
1428 r = unit_watch_pidref(UNIT(s), &s->main_pid, /* exclusive= */ false);
1429 if (r < 0)
1430 return r;
1431 }
1432
1433 if (pidref_is_set(&s->control_pid) &&
1434 pidref_is_unwaited(&s->control_pid) > 0 &&
1435 SERVICE_STATE_WITH_CONTROL_PROCESS(s->deserialized_state)) {
1436 r = unit_watch_pidref(UNIT(s), &s->control_pid, /* exclusive= */ false);
1437 if (r < 0)
1438 return r;
1439 }
1440
1441 if (!IN_SET(s->deserialized_state,
1442 SERVICE_DEAD, SERVICE_FAILED,
1443 SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_FAILED_BEFORE_AUTO_RESTART, SERVICE_AUTO_RESTART, SERVICE_AUTO_RESTART_QUEUED,
1444 SERVICE_CLEANING,
1445 SERVICE_DEAD_RESOURCES_PINNED))
1446 (void) unit_setup_exec_runtime(u);
1447
1448 if (SERVICE_STATE_WITH_WATCHDOG(s->deserialized_state) &&
1449 freezer_state_objective(u->freezer_state) == FREEZER_RUNNING)
1450 service_start_watchdog(s);
1451
1452 if (UNIT_ISSET(s->accept_socket)) {
1453 Socket *socket = SOCKET(UNIT_DEREF(s->accept_socket));
1454
1455 if (socket->max_connections_per_source > 0) {
1456 SocketPeer *peer;
1457
1458 /* Make a best-effort attempt at bumping the connection count */
1459 if (socket_acquire_peer(socket, s->socket_fd, &peer) > 0) {
1460 socket_peer_unref(s->socket_peer);
1461 s->socket_peer = peer;
1462 }
1463 }
1464 }
1465
1466 service_set_state(s, s->deserialized_state);
1467 return 0;
1468}
1469
1470static int service_collect_fds(
1471 Service *s,
1472 int **fds,
1473 char ***fd_names,
1474 size_t *n_socket_fds,
1475 size_t *n_stashed_fds) {
1476
1477 _cleanup_strv_free_ char **rfd_names = NULL;
1478 _cleanup_free_ int *rfds = NULL;
1479 size_t rn_socket_fds = 0;
1480 int r;
1481
1482 assert(s);
1483 assert(fds);
1484 assert(fd_names);
1485 assert(n_socket_fds);
1486
1487 if (s->socket_fd >= 0) {
1488 Socket *sock = ASSERT_PTR(SOCKET(UNIT_DEREF(s->accept_socket)));
1489
1490 /* Pass the per-connection socket */
1491
1492 rfds = newdup(int, &s->socket_fd, 1);
1493 if (!rfds)
1494 return -ENOMEM;
1495
1496 rfd_names = strv_new(socket_fdname(sock));
1497 if (!rfd_names)
1498 return -ENOMEM;
1499
1500 rn_socket_fds = 1;
1501 } else {
1502 /* Pass all our configured sockets for singleton services */
1503
1504 Unit *u;
1505 UNIT_FOREACH_DEPENDENCY(u, UNIT(s), UNIT_ATOM_TRIGGERED_BY) {
1506 _cleanup_free_ int *cfds = NULL;
1507 int cn_fds;
1508 Socket *sock;
1509
1510 sock = SOCKET(u);
1511 if (!sock)
1512 continue;
1513
1514 cn_fds = socket_collect_fds(sock, &cfds);
1515 if (cn_fds < 0)
1516 return cn_fds;
1517 if (cn_fds == 0)
1518 continue;
1519
1520 if (!rfds) {
1521 rfds = TAKE_PTR(cfds);
1522 rn_socket_fds = cn_fds;
1523 } else if (!GREEDY_REALLOC_APPEND(rfds, rn_socket_fds, cfds, cn_fds))
1524 return -ENOMEM;
1525
1526 r = strv_extend_n(&rfd_names, socket_fdname(sock), cn_fds);
1527 if (r < 0)
1528 return r;
1529 }
1530 }
1531
1532 if (n_stashed_fds && s->n_fd_store + s->n_extra_fds > 0) {
1533 int *t = reallocarray(rfds, rn_socket_fds + s->n_fd_store + s->n_extra_fds, sizeof(int));
1534 if (!t)
1535 return -ENOMEM;
1536 rfds = t;
1537
1538 char **nl = reallocarray(rfd_names, rn_socket_fds + s->n_fd_store + s->n_extra_fds + 1, sizeof(char *));
1539 if (!nl)
1540 return -ENOMEM;
1541 rfd_names = nl;
1542
1543 size_t n_fds = rn_socket_fds;
1544
1545 LIST_FOREACH(fd_store, fs, s->fd_store) {
1546 rfds[n_fds] = fs->fd;
1547 rfd_names[n_fds] = strdup(fs->fdname);
1548 if (!rfd_names[n_fds])
1549 return -ENOMEM;
1550
1551 n_fds++;
1552 }
1553
1554 FOREACH_ARRAY(i, s->extra_fds, s->n_extra_fds) {
1555 rfds[n_fds] = i->fd;
1556 rfd_names[n_fds] = strdup(i->fdname);
1557 if (!rfd_names[n_fds])
1558 return -ENOMEM;
1559
1560 n_fds++;
1561 }
1562
1563 rfd_names[n_fds] = NULL;
1564 }
1565
1566 *fds = TAKE_PTR(rfds);
1567 *fd_names = TAKE_PTR(rfd_names);
1568 *n_socket_fds = rn_socket_fds;
1569 if (n_stashed_fds)
1570 *n_stashed_fds = s->n_fd_store + s->n_extra_fds;
1571
1572 return 0;
1573}
1574
1575static int service_allocate_exec_fd_event_source(
1576 Service *s,
1577 int fd,
1578 sd_event_source **ret_event_source) {
1579
1580 _cleanup_(sd_event_source_unrefp) sd_event_source *source = NULL;
1581 int r;
1582
1583 assert(s);
1584 assert(fd >= 0);
1585 assert(ret_event_source);
1586
1587 r = sd_event_add_io(UNIT(s)->manager->event, &source, fd, 0, service_dispatch_exec_io, s);
1588 if (r < 0)
1589 return log_unit_error_errno(UNIT(s), r, "Failed to allocate exec_fd event source: %m");
1590
1591 /* This is a bit higher priority than SIGCHLD, to make sure we don't confuse the case "failed to
1592 * start" from the case "succeeded to start, but failed immediately after". */
1593
1594 r = sd_event_source_set_priority(source, EVENT_PRIORITY_EXEC_FD);
1595 if (r < 0)
1596 return log_unit_error_errno(UNIT(s), r, "Failed to adjust priority of exec_fd event source: %m");
1597
1598 (void) sd_event_source_set_description(source, "service exec_fd");
1599
1600 r = sd_event_source_set_io_fd_own(source, true);
1601 if (r < 0)
1602 return log_unit_error_errno(UNIT(s), r, "Failed to pass ownership of fd to event source: %m");
1603
1604 *ret_event_source = TAKE_PTR(source);
1605 return 0;
1606}
1607
1608static int service_allocate_exec_fd(
1609 Service *s,
1610 sd_event_source **ret_event_source,
1611 int *ret_exec_fd) {
1612
1613 _cleanup_close_pair_ int p[] = EBADF_PAIR;
1614 int r;
1615
1616 assert(s);
1617 assert(ret_event_source);
1618 assert(ret_exec_fd);
1619
1620 if (pipe2(p, O_CLOEXEC|O_NONBLOCK) < 0)
1621 return log_unit_error_errno(UNIT(s), errno, "Failed to allocate exec_fd pipe: %m");
1622
1623 r = service_allocate_exec_fd_event_source(s, p[0], ret_event_source);
1624 if (r < 0)
1625 return r;
1626
1627 TAKE_FD(p[0]);
1628 *ret_exec_fd = TAKE_FD(p[1]);
1629
1630 return 0;
1631}
1632
1633static bool service_exec_needs_notify_socket(Service *s, ExecFlags flags) {
1634 assert(s);
1635
1636 /* Notifications are accepted depending on the process and
1637 * the access setting of the service:
1638 * process: \ access: NONE MAIN EXEC ALL
1639 * main no yes yes yes
1640 * control no no yes yes
1641 * other (forked) no no no yes */
1642
1643 if (flags & EXEC_IS_CONTROL)
1644 /* A control process */
1645 return IN_SET(service_get_notify_access(s), NOTIFY_EXEC, NOTIFY_ALL);
1646
1647 /* We only spawn main processes and control processes, so any
1648 * process that is not a control process is a main process */
1649 return service_get_notify_access(s) != NOTIFY_NONE;
1650}
1651
1652static Service *service_get_triggering_service(Service *s) {
1653 Unit *candidate = NULL, *other;
1654
1655 assert(s);
1656
1657 /* Return the service which triggered service 's', this means dependency
1658 * types which include the UNIT_ATOM_ON_{FAILURE,SUCCESS}_OF atoms.
1659 *
1660 * N.B. if there are multiple services which could trigger 's' via OnFailure=
1661 * or OnSuccess= then we return NULL. This is since we don't know from which
1662 * one to propagate the exit status. */
1663
1664 UNIT_FOREACH_DEPENDENCY(other, UNIT(s), UNIT_ATOM_ON_SUCCESS_OF|UNIT_ATOM_ON_FAILURE_OF) {
1665 if (candidate)
1666 goto have_other;
1667 candidate = other;
1668 }
1669
1670 return SERVICE(candidate);
1671
1672 have_other:
1673 log_unit_warning(UNIT(s), "multiple trigger source candidates for exit status propagation (%s, %s), skipping.",
1674 candidate->id, other->id);
1675 return NULL;
1676}
1677
1678static ExecFlags service_exec_flags(ServiceExecCommand command_id, ExecFlags cred_flag) {
1679 /* All service main/control processes honor sandboxing and namespacing options (except those
1680 explicitly excluded in service_spawn()) */
1681 ExecFlags flags = EXEC_APPLY_SANDBOXING|EXEC_APPLY_CHROOT;
1682
1683 assert(command_id >= 0);
1684 assert(command_id < _SERVICE_EXEC_COMMAND_MAX);
1685 assert((cred_flag & ~(EXEC_SETUP_CREDENTIALS_FRESH|EXEC_SETUP_CREDENTIALS)) == 0);
1686 assert((cred_flag != 0) == (command_id == SERVICE_EXEC_START));
1687
1688 /* Control processes spawned before main process also get tty access */
1689 if (IN_SET(command_id, SERVICE_EXEC_CONDITION, SERVICE_EXEC_START_PRE, SERVICE_EXEC_START))
1690 flags |= EXEC_APPLY_TTY_STDIN;
1691
1692 /* All start phases get access to credentials. ExecStartPre= gets a new credential store upon
1693 * every invocation, so that updating credential files through it works. When the first main process
1694 * starts, passed creds become stable. Also see 'cred_flag'. */
1695 if (command_id == SERVICE_EXEC_START_PRE)
1696 flags |= EXEC_SETUP_CREDENTIALS_FRESH;
1697 if (command_id == SERVICE_EXEC_START_POST)
1698 flags |= EXEC_SETUP_CREDENTIALS;
1699
1700 if (IN_SET(command_id, SERVICE_EXEC_START_PRE, SERVICE_EXEC_START))
1701 flags |= EXEC_SETENV_MONITOR_RESULT;
1702
1703 if (command_id == SERVICE_EXEC_START)
1704 return flags|cred_flag|EXEC_PASS_FDS|EXEC_SET_WATCHDOG;
1705
1706 flags |= EXEC_IS_CONTROL;
1707
1708 /* Put control processes spawned later than main process under .control sub-cgroup if appropriate */
1709 if (!IN_SET(command_id, SERVICE_EXEC_CONDITION, SERVICE_EXEC_START_PRE))
1710 flags |= EXEC_CONTROL_CGROUP;
1711
1712 if (IN_SET(command_id, SERVICE_EXEC_STOP, SERVICE_EXEC_STOP_POST))
1713 flags |= EXEC_SETENV_RESULT;
1714
1715 return flags;
1716}
1717
1718static int service_spawn_internal(
1719 const char *caller,
1720 Service *s,
1721 ExecCommand *c,
1722 ExecFlags flags,
1723 usec_t timeout,
1724 PidRef *ret_pid) {
1725
1726 _cleanup_(exec_params_shallow_clear) ExecParameters exec_params = EXEC_PARAMETERS_INIT(flags);
1727 _cleanup_(sd_event_source_unrefp) sd_event_source *exec_fd_source = NULL;
1728 _cleanup_strv_free_ char **final_env = NULL, **our_env = NULL;
1729 _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
1730 size_t n_env = 0;
1731 int r;
1732
1733 assert(caller);
1734 assert(s);
1735 assert(c);
1736 assert(ret_pid);
1737
1738 log_unit_debug(UNIT(s), "Will spawn child (%s): %s", caller, c->path);
1739
1740 r = unit_prepare_exec(UNIT(s)); /* This realizes the cgroup, among other things */
1741 if (r < 0)
1742 return r;
1743
1744 assert(!s->exec_fd_event_source);
1745
1746 if (FLAGS_SET(exec_params.flags, EXEC_IS_CONTROL)) {
1747 /* If this is a control process, mask the permissions/chroot application if this is requested. */
1748 if (s->permissions_start_only)
1749 exec_params.flags &= ~EXEC_APPLY_SANDBOXING;
1750 if (s->root_directory_start_only)
1751 exec_params.flags &= ~EXEC_APPLY_CHROOT;
1752 }
1753
1754 if (FLAGS_SET(exec_params.flags, EXEC_PASS_FDS)) {
1755 r = service_collect_fds(s,
1756 &exec_params.fds,
1757 &exec_params.fd_names,
1758 &exec_params.n_socket_fds,
1759 &exec_params.n_stashed_fds);
1760 if (r < 0)
1761 return r;
1762
1763 log_unit_debug(UNIT(s), "Passing %zu fds to service", exec_params.n_socket_fds + exec_params.n_stashed_fds);
1764
1765 exec_params.open_files = s->open_files;
1766
1767 } else if (IN_SET(s->exec_context.std_input, EXEC_INPUT_SOCKET, EXEC_INPUT_NAMED_FD) ||
1768 IN_SET(s->exec_context.std_output, EXEC_OUTPUT_SOCKET, EXEC_OUTPUT_NAMED_FD) ||
1769 IN_SET(s->exec_context.std_error, EXEC_OUTPUT_SOCKET, EXEC_OUTPUT_NAMED_FD)) {
1770
1771 r = service_collect_fds(s,
1772 &exec_params.fds,
1773 &exec_params.fd_names,
1774 &exec_params.n_socket_fds,
1775 /* n_stashed_fds = */ NULL);
1776 if (r < 0)
1777 return r;
1778
1779 log_unit_debug(UNIT(s), "Passing %zu sockets to service", exec_params.n_socket_fds);
1780 }
1781
1782 if (!FLAGS_SET(exec_params.flags, EXEC_IS_CONTROL) && s->type == SERVICE_EXEC) {
1783 r = service_allocate_exec_fd(s, &exec_fd_source, &exec_params.exec_fd);
1784 if (r < 0)
1785 return r;
1786 }
1787
1788 r = service_arm_timer(s, /* relative= */ true, timeout);
1789 if (r < 0)
1790 return r;
1791
1792 our_env = new0(char*, 16);
1793 if (!our_env)
1794 return -ENOMEM;
1795
1796 if (service_exec_needs_notify_socket(s, exec_params.flags)) {
1797 exec_params.notify_socket = UNIT(s)->manager->notify_socket;
1798
1799 if (s->n_fd_store_max > 0)
1800 if (asprintf(our_env + n_env++, "FDSTORE=%u", s->n_fd_store_max) < 0)
1801 return -ENOMEM;
1802 }
1803
1804 if (pidref_is_set(&s->main_pid)) {
1805 if (asprintf(our_env + n_env++, "MAINPID="PID_FMT, s->main_pid.pid) < 0)
1806 return -ENOMEM;
1807
1808 if (pidref_acquire_pidfd_id(&s->main_pid) >= 0)
1809 if (asprintf(our_env + n_env++, "MAINPIDFDID=%" PRIu64, s->main_pid.fd_id) < 0)
1810 return -ENOMEM;
1811 }
1812
1813 if (MANAGER_IS_USER(UNIT(s)->manager)) {
1814 if (asprintf(our_env + n_env++, "MANAGERPID="PID_FMT, getpid_cached()) < 0)
1815 return -ENOMEM;
1816
1817 uint64_t pidfdid;
1818 if (pidfd_get_inode_id_self_cached(&pidfdid) >= 0)
1819 if (asprintf(our_env + n_env++, "MANAGERPIDFDID=%" PRIu64, pidfdid) < 0)
1820 return -ENOMEM;
1821 }
1822
1823 if (s->pid_file)
1824 if (asprintf(our_env + n_env++, "PIDFILE=%s", s->pid_file) < 0)
1825 return -ENOMEM;
1826
1827 if (s->socket_fd >= 0) {
1828 union sockaddr_union sa;
1829 socklen_t salen = sizeof(sa);
1830
1831 /* If this is a per-connection service instance, let's set $REMOTE_ADDR and $REMOTE_PORT to something
1832 * useful. Note that we do this only when we are still connected at this point in time, which we might
1833 * very well not be. Hence we ignore all errors when retrieving peer information (as that might result
1834 * in ENOTCONN), and just use whate we can use. */
1835
1836 if (getpeername(s->socket_fd, &sa.sa, &salen) >= 0 &&
1837 IN_SET(sa.sa.sa_family, AF_INET, AF_INET6, AF_VSOCK, AF_UNIX)) {
1838 _cleanup_free_ char *addr = NULL;
1839 char *t;
1840
1841 r = sockaddr_pretty(&sa.sa, salen, /* translate_ipv6= */ true, /* include_port= */ false, &addr);
1842 if (r < 0)
1843 return r;
1844
1845 if (sa.sa.sa_family != AF_UNIX || IN_SET(addr[0], '/', '@')) {
1846 t = strjoin("REMOTE_ADDR=", addr);
1847 if (!t)
1848 return -ENOMEM;
1849 our_env[n_env++] = t;
1850 }
1851
1852 if (IN_SET(sa.sa.sa_family, AF_INET, AF_INET6, AF_VSOCK)) {
1853 unsigned port;
1854
1855 r = sockaddr_port(&sa.sa, &port);
1856 if (r < 0)
1857 return r;
1858
1859 if (asprintf(&t, "REMOTE_PORT=%u", port) < 0)
1860 return -ENOMEM;
1861 our_env[n_env++] = t;
1862 }
1863 }
1864
1865 uint64_t cookie;
1866 if (socket_get_cookie(s->socket_fd, &cookie) >= 0) {
1867 char *t;
1868 if (asprintf(&t, "SO_COOKIE=%" PRIu64, cookie) < 0)
1869 return -ENOMEM;
1870 our_env[n_env++] = t;
1871 }
1872 }
1873
1874 Service *env_source = NULL;
1875 const char *monitor_prefix;
1876 if (FLAGS_SET(exec_params.flags, EXEC_SETENV_RESULT)) {
1877 env_source = s;
1878 monitor_prefix = "";
1879 } else if (FLAGS_SET(exec_params.flags, EXEC_SETENV_MONITOR_RESULT)) {
1880 env_source = service_get_triggering_service(s);
1881 monitor_prefix = "MONITOR_";
1882 }
1883
1884 if (env_source) {
1885 if (asprintf(our_env + n_env++, "%sSERVICE_RESULT=%s", monitor_prefix, service_result_to_string(env_source->result)) < 0)
1886 return -ENOMEM;
1887
1888 if (env_source->main_exec_status.pid > 0 &&
1889 dual_timestamp_is_set(&env_source->main_exec_status.exit_timestamp)) {
1890 if (asprintf(our_env + n_env++, "%sEXIT_CODE=%s", monitor_prefix, sigchld_code_to_string(env_source->main_exec_status.code)) < 0)
1891 return -ENOMEM;
1892
1893 if (env_source->main_exec_status.code == CLD_EXITED)
1894 r = asprintf(our_env + n_env++, "%sEXIT_STATUS=%i", monitor_prefix, env_source->main_exec_status.status);
1895 else
1896 r = asprintf(our_env + n_env++, "%sEXIT_STATUS=%s", monitor_prefix, signal_to_string(env_source->main_exec_status.status));
1897 if (r < 0)
1898 return -ENOMEM;
1899 }
1900
1901 if (env_source != s) {
1902 if (!sd_id128_is_null(UNIT(env_source)->invocation_id))
1903 if (asprintf(our_env + n_env++, "%sINVOCATION_ID=" SD_ID128_FORMAT_STR,
1904 monitor_prefix, SD_ID128_FORMAT_VAL(UNIT(env_source)->invocation_id)) < 0)
1905 return -ENOMEM;
1906
1907 if (asprintf(our_env + n_env++, "%sUNIT=%s", monitor_prefix, UNIT(env_source)->id) < 0)
1908 return -ENOMEM;
1909 }
1910 }
1911
1912 if (UNIT(s)->debug_invocation) {
1913 char *t = strdup("DEBUG_INVOCATION=1");
1914 if (!t)
1915 return -ENOMEM;
1916 our_env[n_env++] = t;
1917 }
1918
1919 if (UNIT(s)->activation_details) {
1920 r = activation_details_append_env(UNIT(s)->activation_details, &our_env);
1921 if (r < 0)
1922 return r;
1923 /* The number of env vars added here can vary, rather than keeping the allocation block in
1924 * sync manually, these functions simply use the strv methods to append to it, so we need
1925 * to update n_env when we are done in case of future usage. */
1926 n_env += r;
1927 }
1928
1929 r = unit_set_exec_params(UNIT(s), &exec_params);
1930 if (r < 0)
1931 return r;
1932
1933 final_env = strv_env_merge(exec_params.environment, our_env);
1934 if (!final_env)
1935 return -ENOMEM;
1936
1937 /* System D-Bus needs nss-systemd disabled, so that we don't deadlock */
1938 SET_FLAG(exec_params.flags, EXEC_NSS_DYNAMIC_BYPASS,
1939 MANAGER_IS_SYSTEM(UNIT(s)->manager) && unit_has_name(UNIT(s), SPECIAL_DBUS_SERVICE));
1940
1941 strv_free_and_replace(exec_params.environment, final_env);
1942 exec_params.watchdog_usec = service_get_watchdog_usec(s);
1943 exec_params.selinux_context_net = s->socket_fd_selinux_context_net;
1944 if (s->type == SERVICE_IDLE)
1945 exec_params.idle_pipe = UNIT(s)->manager->idle_pipe;
1946 exec_params.stdin_fd = s->stdin_fd;
1947 exec_params.stdout_fd = s->stdout_fd;
1948 exec_params.stderr_fd = s->stderr_fd;
1949 exec_params.root_directory_fd = s->root_directory_fd;
1950
1951 r = exec_spawn(UNIT(s),
1952 c,
1953 &s->exec_context,
1954 &exec_params,
1955 s->exec_runtime,
1956 &s->cgroup_context,
1957 &pidref);
1958 if (r < 0)
1959 return r;
1960
1961 s->exec_fd_event_source = TAKE_PTR(exec_fd_source);
1962 s->exec_fd_hot = false;
1963
1964 r = unit_watch_pidref(UNIT(s), &pidref, /* exclusive= */ true);
1965 if (r < 0)
1966 return r;
1967
1968 *ret_pid = TAKE_PIDREF(pidref);
1969 return 0;
1970}
1971
1972static int main_pid_good(Service *s) {
1973 assert(s);
1974
1975 /* Returns 0 if the pid is dead, > 0 if it is good, < 0 if we don't know */
1976
1977 /* If we know the pid file, then let's just check if it is still valid */
1978 if (s->main_pid_known) {
1979
1980 /* If it's an alien child let's check if it is still alive ... */
1981 if (s->main_pid_alien && pidref_is_set(&s->main_pid))
1982 return pidref_is_alive(&s->main_pid);
1983
1984 /* .. otherwise assume we'll get a SIGCHLD for it, which we really should wait for to collect
1985 * exit status and code */
1986 return pidref_is_set(&s->main_pid);
1987 }
1988
1989 /* We don't know the pid */
1990 return -EAGAIN;
1991}
1992
1993static int control_pid_good(Service *s) {
1994 assert(s);
1995
1996 /* Returns 0 if the control PID is dead, > 0 if it is good. We never actually return < 0 here, but in order to
1997 * make this function as similar as possible to main_pid_good() and cgroup_good(), we pretend that < 0 also
1998 * means: we can't figure it out. */
1999
2000 return pidref_is_set(&s->control_pid);
2001}
2002
2003static int cgroup_good(Service *s) {
2004 int r;
2005
2006 assert(s);
2007
2008 /* Returns 0 if the cgroup is empty or doesn't exist, > 0 if it is exists and is populated, < 0 if we can't
2009 * figure it out */
2010
2011 if (!s->cgroup_runtime || !s->cgroup_runtime->cgroup_path)
2012 return 0;
2013
2014 r = cg_is_empty(SYSTEMD_CGROUP_CONTROLLER, s->cgroup_runtime->cgroup_path);
2015 if (r < 0)
2016 return r;
2017
2018 return r == 0;
2019}
2020
2021static bool service_shall_restart(Service *s, const char **reason) {
2022 assert(s);
2023 assert(reason);
2024
2025 /* Don't restart after manual stops */
2026 if (s->forbid_restart) {
2027 *reason = "manual stop";
2028 return false;
2029 }
2030
2031 /* Never restart if this is configured as special exception */
2032 if (exit_status_set_test(&s->restart_prevent_status, s->main_exec_status.code, s->main_exec_status.status)) {
2033 *reason = "prevented by exit status";
2034 return false;
2035 }
2036
2037 /* Restart if the exit code/status are configured as restart triggers */
2038 if (exit_status_set_test(&s->restart_force_status, s->main_exec_status.code, s->main_exec_status.status)) {
2039 /* Don't allow Type=oneshot services to restart on success. Note that Restart=always/on-success
2040 * is already rejected in service_verify. */
2041 if (s->type == SERVICE_ONESHOT && s->result == SERVICE_SUCCESS) {
2042 *reason = "service type and exit status";
2043 return false;
2044 }
2045
2046 *reason = "forced by exit status";
2047 return true;
2048 }
2049
2050 *reason = "restart setting";
2051 switch (s->restart) {
2052
2053 case SERVICE_RESTART_NO:
2054 return false;
2055
2056 case SERVICE_RESTART_ALWAYS:
2057 return s->result != SERVICE_SKIP_CONDITION;
2058
2059 case SERVICE_RESTART_ON_SUCCESS:
2060 return s->result == SERVICE_SUCCESS;
2061
2062 case SERVICE_RESTART_ON_FAILURE:
2063 return !IN_SET(s->result, SERVICE_SUCCESS, SERVICE_SKIP_CONDITION);
2064
2065 case SERVICE_RESTART_ON_ABNORMAL:
2066 return !IN_SET(s->result, SERVICE_SUCCESS, SERVICE_FAILURE_EXIT_CODE, SERVICE_SKIP_CONDITION);
2067
2068 case SERVICE_RESTART_ON_WATCHDOG:
2069 return s->result == SERVICE_FAILURE_WATCHDOG;
2070
2071 case SERVICE_RESTART_ON_ABORT:
2072 return IN_SET(s->result, SERVICE_FAILURE_SIGNAL, SERVICE_FAILURE_CORE_DUMP);
2073
2074 default:
2075 assert_not_reached();
2076 }
2077}
2078
2079static bool service_will_restart(Unit *u) {
2080 Service *s = SERVICE(u);
2081
2082 assert(s);
2083
2084 if (IN_SET(s->state, SERVICE_DEAD_BEFORE_AUTO_RESTART, SERVICE_FAILED_BEFORE_AUTO_RESTART, SERVICE_AUTO_RESTART, SERVICE_AUTO_RESTART_QUEUED))
2085 return true;
2086
2087 return unit_will_restart_default(u);
2088}
2089
2090static ServiceState service_determine_dead_state(Service *s) {
2091 assert(s);
2092
2093 return s->fd_store && s->fd_store_preserve_mode == EXEC_PRESERVE_YES ? SERVICE_DEAD_RESOURCES_PINNED : SERVICE_DEAD;
2094}
2095
2096static void service_enter_dead(Service *s, ServiceResult f, bool allow_restart) {
2097 ServiceState end_state, restart_state;
2098 int r;
2099
2100 assert(s);
2101
2102 /* If there's a stop job queued before we enter the DEAD state, we shouldn't act on Restart=, in order to not
2103 * undo what has already been enqueued. */
2104 if (unit_stop_pending(UNIT(s)))
2105 allow_restart = false;
2106
2107 if (s->result == SERVICE_SUCCESS)
2108 s->result = f;
2109
2110 if (s->result == SERVICE_SUCCESS) {
2111 unit_log_success(UNIT(s));
2112 end_state = service_determine_dead_state(s);
2113 restart_state = SERVICE_DEAD_BEFORE_AUTO_RESTART;
2114 } else if (s->result == SERVICE_SKIP_CONDITION) {
2115 unit_log_skip(UNIT(s), service_result_to_string(s->result));
2116 end_state = service_determine_dead_state(s);
2117 restart_state = _SERVICE_STATE_INVALID; /* Never restart if skipped due to condition failure */
2118 } else {
2119 unit_log_failure(UNIT(s), service_result_to_string(s->result));
2120 end_state = SERVICE_FAILED;
2121 restart_state = SERVICE_FAILED_BEFORE_AUTO_RESTART;
2122 }
2123 unit_warn_leftover_processes(UNIT(s), /* start = */ false);
2124
2125 if (!allow_restart)
2126 log_unit_debug(UNIT(s), "Service restart not allowed.");
2127 else {
2128 const char *reason;
2129
2130 allow_restart = service_shall_restart(s, &reason);
2131 log_unit_debug(UNIT(s), "Service will %srestart (%s)",
2132 allow_restart ? "" : "not ",
2133 reason);
2134 }
2135
2136 if (allow_restart) {
2137 usec_t restart_usec_next;
2138
2139 assert(restart_state >= 0 && restart_state < _SERVICE_STATE_MAX);
2140
2141 /* We make two state changes here: one that maps to the high-level UNIT_INACTIVE/UNIT_FAILED
2142 * state (i.e. a state indicating deactivation), and then one that maps to the
2143 * high-level UNIT_STARTING state (i.e. a state indicating activation). We do this so that
2144 * external software can watch the state changes and see all service failures, even if they
2145 * are only transitionary and followed by an automatic restart. We have fine-grained
2146 * low-level states for this though so that software can distinguish the permanent UNIT_INACTIVE
2147 * state from this transitionary UNIT_INACTIVE state by looking at the low-level states. */
2148 if (s->restart_mode != SERVICE_RESTART_MODE_DIRECT)
2149 service_set_state(s, restart_state);
2150
2151 restart_usec_next = service_restart_usec_next(s);
2152
2153 r = service_arm_timer(s, /* relative= */ true, restart_usec_next);
2154 if (r < 0) {
2155 log_unit_warning_errno(UNIT(s), r, "Failed to install restart timer: %m");
2156 return service_enter_dead(s, SERVICE_FAILURE_RESOURCES, /* allow_restart= */ false);
2157 }
2158
2159 /* If the relevant option is set, and the unit doesn't already have logging level set to
2160 * debug, enable it now. Make sure to overwrite the state in /run/systemd/units/ too, to
2161 * ensure journald doesn't prune the messages. The previous state is saved and restored
2162 * once the auto-restart flow ends. */
2163 if (s->restart_mode == SERVICE_RESTART_MODE_DEBUG) {
2164 r = unit_set_debug_invocation(UNIT(s), true);
2165 if (r < 0)
2166 log_unit_warning_errno(UNIT(s), r, "Failed to enable debug invocation, ignoring: %m");
2167 if (r > 0)
2168 log_unit_notice(UNIT(s), "Service dead, subsequent restarts will be executed with debug level logging.");
2169 }
2170
2171 log_unit_debug(UNIT(s), "Next restart interval calculated as: %s", FORMAT_TIMESPAN(restart_usec_next, 0));
2172
2173 service_set_state(s, SERVICE_AUTO_RESTART);
2174 } else {
2175 /* If we shan't restart, the restart counter would be flushed out. But rather than doing that
2176 * immediately here, this is delegated to service_start(), i.e. next start, so that the user
2177 * can still introspect the counter. */
2178 service_set_state(s, end_state);
2179
2180 (void) unit_set_debug_invocation(UNIT(s), false);
2181 }
2182
2183 /* The next restart might not be a manual stop, hence reset the flag indicating manual stops */
2184 s->forbid_restart = false;
2185
2186 /* Reset notify states */
2187 s->notify_access_override = _NOTIFY_ACCESS_INVALID;
2188 s->notify_state = _NOTIFY_STATE_INVALID;
2189
2190 /* We want fresh tmpdirs and ephemeral snapshots in case the service is started again immediately. */
2191 s->exec_runtime = exec_runtime_destroy(s->exec_runtime);
2192
2193 /* Also, remove the runtime directory */
2194 unit_destroy_runtime_data(UNIT(s), &s->exec_context, /* destroy_runtime_dir = */ true);
2195
2196 /* Also get rid of the fd store, if that's configured. */
2197 if (s->fd_store_preserve_mode == EXEC_PRESERVE_NO)
2198 service_release_fd_store(s);
2199
2200 /* Get rid of the IPC bits of the user */
2201 unit_unref_uid_gid(UNIT(s), true);
2202
2203 /* Try to delete the pid file. At this point it will be
2204 * out-of-date, and some software might be confused by it, so
2205 * let's remove it. */
2206 if (s->pid_file)
2207 (void) unlink(s->pid_file);
2208
2209 /* Reset TTY ownership if necessary */
2210 exec_context_revert_tty(&s->exec_context, UNIT(s)->invocation_id);
2211}
2212
2213static void service_enter_stop_post(Service *s, ServiceResult f) {
2214 int r;
2215 assert(s);
2216
2217 if (s->result == SERVICE_SUCCESS)
2218 s->result = f;
2219
2220 service_unwatch_control_pid(s);
2221
2222 s->control_command = s->exec_command[SERVICE_EXEC_STOP_POST];
2223 if (s->control_command) {
2224 s->control_command_id = SERVICE_EXEC_STOP_POST;
2225
2226 r = service_spawn(s,
2227 s->control_command,
2228 service_exec_flags(s->control_command_id, /* cred_flag = */ 0),
2229 s->timeout_stop_usec,
2230 &s->control_pid);
2231 if (r < 0) {
2232 log_unit_warning_errno(UNIT(s), r, "Failed to spawn 'stop-post' task: %m");
2233 service_enter_signal(s, SERVICE_FINAL_SIGTERM, SERVICE_FAILURE_RESOURCES);
2234 return;
2235 }
2236
2237 service_set_state(s, SERVICE_STOP_POST);
2238 } else
2239 service_enter_signal(s, SERVICE_FINAL_SIGTERM, SERVICE_SUCCESS);
2240}
2241
2242static int state_to_kill_operation(Service *s, ServiceState state) {
2243 switch (state) {
2244
2245 case SERVICE_STOP_WATCHDOG:
2246 case SERVICE_FINAL_WATCHDOG:
2247 return KILL_WATCHDOG;
2248
2249 case SERVICE_STOP_SIGTERM:
2250 if (unit_has_job_type(UNIT(s), JOB_RESTART))
2251 return KILL_RESTART;
2252 _fallthrough_;
2253
2254 case SERVICE_FINAL_SIGTERM:
2255 return KILL_TERMINATE;
2256
2257 case SERVICE_STOP_SIGKILL:
2258 case SERVICE_FINAL_SIGKILL:
2259 return KILL_KILL;
2260
2261 default:
2262 return _KILL_OPERATION_INVALID;
2263 }
2264}
2265
2266static void service_enter_signal(Service *s, ServiceState state, ServiceResult f) {
2267 int kill_operation, r;
2268
2269 assert(s);
2270
2271 if (s->result == SERVICE_SUCCESS)
2272 s->result = f;
2273
2274 kill_operation = state_to_kill_operation(s, state);
2275 r = unit_kill_context(UNIT(s), kill_operation);
2276 if (r < 0) {
2277 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
2278 goto fail;
2279 }
2280
2281 if (r > 0) {
2282 r = service_arm_timer(s, /* relative= */ true,
2283 kill_operation == KILL_WATCHDOG ? service_timeout_abort_usec(s) : s->timeout_stop_usec);
2284 if (r < 0) {
2285 log_unit_warning_errno(UNIT(s), r, "Failed to install timer: %m");
2286 goto fail;
2287 }
2288
2289 service_set_state(s, state);
2290 } else if (IN_SET(state, SERVICE_STOP_WATCHDOG, SERVICE_STOP_SIGTERM) && s->kill_context.send_sigkill)
2291 service_enter_signal(s, SERVICE_STOP_SIGKILL, SERVICE_SUCCESS);
2292 else if (IN_SET(state, SERVICE_STOP_WATCHDOG, SERVICE_STOP_SIGTERM, SERVICE_STOP_SIGKILL))
2293 service_enter_stop_post(s, SERVICE_SUCCESS);
2294 else if (IN_SET(state, SERVICE_FINAL_WATCHDOG, SERVICE_FINAL_SIGTERM) && s->kill_context.send_sigkill)
2295 service_enter_signal(s, SERVICE_FINAL_SIGKILL, SERVICE_SUCCESS);
2296 else
2297 service_enter_dead(s, SERVICE_SUCCESS, /* allow_restart= */ true);
2298
2299 return;
2300
2301fail:
2302 if (IN_SET(state, SERVICE_STOP_WATCHDOG, SERVICE_STOP_SIGTERM, SERVICE_STOP_SIGKILL))
2303 service_enter_stop_post(s, SERVICE_FAILURE_RESOURCES);
2304 else
2305 service_enter_dead(s, SERVICE_FAILURE_RESOURCES, /* allow_restart= */ true);
2306}
2307
2308static void service_enter_stop_by_notify(Service *s) {
2309 int r;
2310
2311 assert(s);
2312
2313 r = service_arm_timer(s, /* relative= */ true, s->timeout_stop_usec);
2314 if (r < 0) {
2315 log_unit_warning_errno(UNIT(s), r, "Failed to install timer: %m");
2316 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_RESOURCES);
2317 return;
2318 }
2319
2320 /* The service told us it's stopping, so it's as if we SIGTERM'd it. */
2321 service_set_state(s, SERVICE_STOP_SIGTERM);
2322}
2323
2324static void service_enter_stop(Service *s, ServiceResult f) {
2325 int r;
2326
2327 assert(s);
2328
2329 if (s->result == SERVICE_SUCCESS)
2330 s->result = f;
2331
2332 service_unwatch_control_pid(s);
2333
2334 s->control_command = s->exec_command[SERVICE_EXEC_STOP];
2335 if (s->control_command) {
2336 s->control_command_id = SERVICE_EXEC_STOP;
2337
2338 r = service_spawn(s,
2339 s->control_command,
2340 service_exec_flags(s->control_command_id, /* cred_flag = */ 0),
2341 s->timeout_stop_usec,
2342 &s->control_pid);
2343 if (r < 0) {
2344 log_unit_warning_errno(UNIT(s), r, "Failed to spawn 'stop' task: %m");
2345 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_RESOURCES);
2346 return;
2347 }
2348
2349 service_set_state(s, SERVICE_STOP);
2350 } else
2351 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_SUCCESS);
2352}
2353
2354static bool service_good(Service *s) {
2355 int main_pid_ok;
2356
2357 assert(s);
2358
2359 if (s->type == SERVICE_DBUS && !s->bus_name_good)
2360 return false;
2361
2362 main_pid_ok = main_pid_good(s);
2363 if (main_pid_ok > 0) /* It's alive */
2364 return true;
2365 if (main_pid_ok == 0 && s->exit_type == SERVICE_EXIT_MAIN) /* It's dead */
2366 return false;
2367
2368 /* OK, we don't know anything about the main PID, maybe
2369 * because there is none. Let's check the control group
2370 * instead. */
2371
2372 return cgroup_good(s) != 0;
2373}
2374
2375static void service_enter_running(Service *s, ServiceResult f) {
2376 int r;
2377
2378 assert(s);
2379
2380 if (s->result == SERVICE_SUCCESS)
2381 s->result = f;
2382
2383 service_unwatch_control_pid(s);
2384
2385 if (s->result != SERVICE_SUCCESS)
2386 service_enter_signal(s, SERVICE_STOP_SIGTERM, f);
2387 else if (service_good(s)) {
2388
2389 /* If there are any queued up sd_notify() notifications, process them now */
2390 if (s->notify_state == NOTIFY_RELOADING)
2391 service_enter_reload_by_notify(s);
2392 else if (s->notify_state == NOTIFY_STOPPING)
2393 service_enter_stop_by_notify(s);
2394 else {
2395 service_set_state(s, SERVICE_RUNNING);
2396
2397 r = service_arm_timer(s, /* relative= */ false, service_running_timeout(s));
2398 if (r < 0) {
2399 log_unit_warning_errno(UNIT(s), r, "Failed to install timer: %m");
2400 service_enter_running(s, SERVICE_FAILURE_RESOURCES);
2401 return;
2402 }
2403 }
2404
2405 } else if (s->remain_after_exit)
2406 service_set_state(s, SERVICE_EXITED);
2407 else
2408 service_enter_stop(s, SERVICE_SUCCESS);
2409}
2410
2411static void service_enter_start_post(Service *s) {
2412 int r;
2413
2414 assert(s);
2415
2416 service_unwatch_control_pid(s);
2417 service_reset_watchdog(s);
2418
2419 s->control_command = s->exec_command[SERVICE_EXEC_START_POST];
2420 if (s->control_command) {
2421 s->control_command_id = SERVICE_EXEC_START_POST;
2422
2423 r = service_spawn(s,
2424 s->control_command,
2425 service_exec_flags(s->control_command_id, /* cred_flag = */ 0),
2426 s->timeout_start_usec,
2427 &s->control_pid);
2428 if (r < 0) {
2429 log_unit_warning_errno(UNIT(s), r, "Failed to spawn 'start-post' task: %m");
2430 service_enter_stop(s, SERVICE_FAILURE_RESOURCES);
2431 return;
2432 }
2433
2434 service_set_state(s, SERVICE_START_POST);
2435 } else
2436 service_enter_running(s, SERVICE_SUCCESS);
2437}
2438
2439static void service_kill_control_process(Service *s) {
2440 int r;
2441
2442 assert(s);
2443
2444 if (!pidref_is_set(&s->control_pid))
2445 return;
2446
2447 r = pidref_kill_and_sigcont(&s->control_pid, SIGKILL);
2448 if (r < 0) {
2449 _cleanup_free_ char *comm = NULL;
2450
2451 (void) pidref_get_comm(&s->control_pid, &comm);
2452
2453 log_unit_debug_errno(UNIT(s), r, "Failed to kill control process " PID_FMT " (%s), ignoring: %m",
2454 s->control_pid.pid, strna(comm));
2455 }
2456}
2457
2458static int service_adverse_to_leftover_processes(Service *s) {
2459 assert(s);
2460
2461 /* KillMode=mixed and control group are used to indicate that all process should be killed off.
2462 * SendSIGKILL= is used for services that require a clean shutdown. These are typically database
2463 * service where a SigKilled process would result in a lengthy recovery and who's shutdown or startup
2464 * time is quite variable (so Timeout settings aren't of use).
2465 *
2466 * Here we take these two factors and refuse to start a service if there are existing processes
2467 * within a control group. Databases, while generally having some protection against multiple
2468 * instances running, lets not stress the rigor of these. Also ExecStartPre= parts of the service
2469 * aren't as rigoriously written to protect against multiple use. */
2470
2471 if (unit_warn_leftover_processes(UNIT(s), /* start = */ true) > 0 &&
2472 IN_SET(s->kill_context.kill_mode, KILL_MIXED, KILL_CONTROL_GROUP) &&
2473 !s->kill_context.send_sigkill)
2474 return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(EBUSY),
2475 "Will not start SendSIGKILL=no service of type KillMode=control-group or mixed while processes exist");
2476
2477 return 0;
2478}
2479
2480static void service_enter_start(Service *s) {
2481 _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
2482 ExecCommand *c;
2483 usec_t timeout;
2484 int r;
2485
2486 assert(s);
2487
2488 service_unwatch_control_pid(s);
2489 service_unwatch_main_pid(s);
2490
2491 r = service_adverse_to_leftover_processes(s);
2492 if (r < 0)
2493 goto fail;
2494
2495 if (s->type == SERVICE_FORKING) {
2496 s->control_command_id = SERVICE_EXEC_START;
2497 c = s->control_command = s->exec_command[SERVICE_EXEC_START];
2498
2499 s->main_command = NULL;
2500 } else {
2501 s->control_command_id = _SERVICE_EXEC_COMMAND_INVALID;
2502 s->control_command = NULL;
2503
2504 c = s->main_command = s->exec_command[SERVICE_EXEC_START];
2505 }
2506
2507 if (!c) {
2508 if (s->type != SERVICE_ONESHOT) {
2509 /* There's no command line configured for the main command? Hmm, that is strange.
2510 * This can only happen if the configuration changes at runtime. In this case,
2511 * let's enter a failure state. */
2512 r = log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENXIO), "There's no 'start' task anymore we could start.");
2513 goto fail;
2514 }
2515
2516 /* We force a fake state transition here. Otherwise, the unit would go directly from
2517 * SERVICE_DEAD to SERVICE_DEAD without SERVICE_ACTIVATING or SERVICE_ACTIVE
2518 * in between. This way we can later trigger actions that depend on the state
2519 * transition, including SuccessAction=. */
2520 service_set_state(s, SERVICE_START);
2521
2522 service_enter_start_post(s);
2523 return;
2524 }
2525
2526 if (IN_SET(s->type, SERVICE_SIMPLE, SERVICE_IDLE))
2527 /* For simple + idle this is the main process. We don't apply any timeout here, but
2528 * service_enter_running() will later apply the .runtime_max_usec timeout. */
2529 timeout = USEC_INFINITY;
2530 else
2531 timeout = s->timeout_start_usec;
2532
2533 r = service_spawn(s,
2534 c,
2535 service_exec_flags(SERVICE_EXEC_START, EXEC_SETUP_CREDENTIALS_FRESH),
2536 timeout,
2537 &pidref);
2538 if (r < 0) {
2539 log_unit_warning_errno(UNIT(s), r, "Failed to spawn 'start' task: %m");
2540 goto fail;
2541 }
2542
2543 assert(pidref.pid == c->exec_status.pid);
2544
2545 switch (s->type) {
2546
2547 case SERVICE_SIMPLE:
2548 case SERVICE_IDLE:
2549 /* For simple services we immediately start the START_POST binaries. */
2550 (void) service_set_main_pidref(s, TAKE_PIDREF(pidref), &c->exec_status.start_timestamp);
2551 return service_enter_start_post(s);
2552
2553 case SERVICE_FORKING:
2554 /* For forking services we wait until the start process exited. */
2555 s->control_pid = TAKE_PIDREF(pidref);
2556 return service_set_state(s, SERVICE_START);
2557
2558 case SERVICE_ONESHOT: /* For oneshot services we wait until the start process exited, too, but it is our main process. */
2559 case SERVICE_EXEC:
2560 case SERVICE_DBUS:
2561 case SERVICE_NOTIFY:
2562 case SERVICE_NOTIFY_RELOAD:
2563 /* For D-Bus services we know the main pid right away, but wait for the bus name to appear
2564 * on the bus. 'notify' and 'exec' services wait for readiness notification and EOF
2565 * on exec_fd, respectively. */
2566 (void) service_set_main_pidref(s, TAKE_PIDREF(pidref), &c->exec_status.start_timestamp);
2567 return service_set_state(s, SERVICE_START);
2568
2569 default:
2570 assert_not_reached();
2571 }
2572
2573fail:
2574 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_RESOURCES);
2575}
2576
2577static void service_enter_start_pre(Service *s) {
2578 int r;
2579
2580 assert(s);
2581
2582 service_unwatch_control_pid(s);
2583
2584 s->control_command = s->exec_command[SERVICE_EXEC_START_PRE];
2585 if (s->control_command) {
2586
2587 r = service_adverse_to_leftover_processes(s);
2588 if (r < 0)
2589 goto fail;
2590
2591 s->control_command_id = SERVICE_EXEC_START_PRE;
2592
2593 r = service_spawn(s,
2594 s->control_command,
2595 service_exec_flags(s->control_command_id, /* cred_flag = */ 0),
2596 s->timeout_start_usec,
2597 &s->control_pid);
2598 if (r < 0) {
2599 log_unit_warning_errno(UNIT(s), r, "Failed to spawn 'start-pre' task: %m");
2600 goto fail;
2601 }
2602
2603 service_set_state(s, SERVICE_START_PRE);
2604 } else
2605 service_enter_start(s);
2606
2607 return;
2608
2609fail:
2610 service_enter_dead(s, SERVICE_FAILURE_RESOURCES, /* allow_restart= */ true);
2611}
2612
2613static void service_enter_condition(Service *s) {
2614 int r;
2615
2616 assert(s);
2617
2618 service_unwatch_control_pid(s);
2619
2620 s->control_command = s->exec_command[SERVICE_EXEC_CONDITION];
2621 if (s->control_command) {
2622
2623 r = service_adverse_to_leftover_processes(s);
2624 if (r < 0)
2625 goto fail;
2626
2627 s->control_command_id = SERVICE_EXEC_CONDITION;
2628
2629 r = service_spawn(s,
2630 s->control_command,
2631 service_exec_flags(s->control_command_id, /* cred_flag = */ 0),
2632 s->timeout_start_usec,
2633 &s->control_pid);
2634 if (r < 0) {
2635 log_unit_warning_errno(UNIT(s), r, "Failed to spawn 'exec-condition' task: %m");
2636 goto fail;
2637 }
2638
2639 service_set_state(s, SERVICE_CONDITION);
2640 } else
2641 service_enter_start_pre(s);
2642
2643 return;
2644
2645fail:
2646 service_enter_dead(s, SERVICE_FAILURE_RESOURCES, /* allow_restart= */ true);
2647}
2648
2649static void service_enter_restart(Service *s, bool shortcut) {
2650 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2651 int r;
2652
2653 /* shortcut: a manual start request is received, restart immediately */
2654
2655 assert(s);
2656 assert(s->state == SERVICE_AUTO_RESTART);
2657
2658 if (!shortcut && unit_has_job_type(UNIT(s), JOB_STOP)) {
2659 /* Don't restart things if we are going down anyway */
2660 log_unit_info(UNIT(s), "Stop job pending for unit, skipping automatic restart.");
2661 return;
2662 }
2663
2664 /* Any units that are bound to this service must also be restarted, unless RestartMode=direct.
2665 * We use JOB_START for ourselves but then set JOB_RESTART_DEPENDENCIES which will enqueue JOB_RESTART
2666 * for those dependency jobs in the former case, plain JOB_REPLACE when RestartMode=direct.
2667 *
2668 * Also, when RestartMode=direct is used, the service being restarted don't enter the inactive/failed state,
2669 * i.e. unit_process_job -> job_finish_and_invalidate is never called, and the previous job might still
2670 * be running (especially for Type=oneshot services).
2671 * We need to refuse late merge and re-enqueue the anchor job. */
2672 r = manager_add_job_full(UNIT(s)->manager,
2673 JOB_START, UNIT(s),
2674 s->restart_mode == SERVICE_RESTART_MODE_DIRECT ? JOB_REPLACE : JOB_RESTART_DEPENDENCIES,
2675 TRANSACTION_REENQUEUE_ANCHOR,
2676 /* affected_jobs = */ NULL,
2677 &error, /* ret = */ NULL);
2678 if (r < 0) {
2679 log_unit_warning(UNIT(s), "Failed to schedule restart job: %s", bus_error_message(&error, r));
2680 return service_enter_dead(s, SERVICE_FAILURE_RESOURCES, /* allow_restart= */ false);
2681 }
2682
2683 /* Count the jobs we enqueue for restarting. This counter is maintained as long as the unit isn't
2684 * fully stopped, i.e. as long as it remains up or remains in auto-start states. The user can reset
2685 * the counter explicitly however via the usual "systemctl reset-failure" logic. */
2686 s->n_restarts++;
2687
2688 log_unit_struct(UNIT(s), LOG_INFO,
2689 LOG_MESSAGE_ID(SD_MESSAGE_UNIT_RESTART_SCHEDULED_STR),
2690 LOG_UNIT_INVOCATION_ID(UNIT(s)),
2691 LOG_UNIT_MESSAGE(UNIT(s),
2692 "Scheduled restart job%s, restart counter is at %u.",
2693 shortcut ? " immediately on client request" : "", s->n_restarts),
2694 LOG_ITEM("N_RESTARTS=%u", s->n_restarts));
2695
2696 service_set_state(s, SERVICE_AUTO_RESTART_QUEUED);
2697
2698 /* Notify clients about changed restart counter */
2699 unit_add_to_dbus_queue(UNIT(s));
2700}
2701
2702static void service_enter_reload_by_notify(Service *s) {
2703 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2704 int r;
2705
2706 assert(s);
2707
2708 r = service_arm_timer(s, /* relative= */ true, s->timeout_start_usec);
2709 if (r < 0) {
2710 log_unit_warning_errno(UNIT(s), r, "Failed to install timer: %m");
2711 return service_reload_finish(s, SERVICE_FAILURE_RESOURCES);
2712 }
2713
2714 service_set_state(s, SERVICE_RELOAD_NOTIFY);
2715
2716 /* service_enter_reload_by_notify is never called during a reload, thus no loops are possible. */
2717 r = manager_propagate_reload(UNIT(s)->manager, UNIT(s), JOB_FAIL, &error);
2718 if (r < 0)
2719 log_unit_warning(UNIT(s), "Failed to schedule propagation of reload, ignoring: %s", bus_error_message(&error, r));
2720}
2721
2722static void service_enter_reload_post(Service *s) {
2723 int r;
2724
2725 assert(s);
2726
2727 service_unwatch_control_pid(s);
2728
2729 s->control_command = s->exec_command[SERVICE_EXEC_RELOAD_POST];
2730 if (s->control_command) {
2731 s->control_command_id = SERVICE_EXEC_RELOAD_POST;
2732
2733 r = service_spawn(s,
2734 s->control_command,
2735 service_exec_flags(s->control_command_id, /* cred_flag = */ 0),
2736 s->timeout_start_usec,
2737 &s->control_pid);
2738 if (r < 0) {
2739 log_unit_warning_errno(UNIT(s), r, "Failed to spawn 'reload-post' task: %m");
2740 return service_reload_finish(s, SERVICE_FAILURE_RESOURCES);
2741 }
2742
2743 service_set_state(s, SERVICE_RELOAD_POST);
2744 } else
2745 service_reload_finish(s, SERVICE_SUCCESS);
2746}
2747
2748static void service_enter_reload_signal(Service *s) {
2749 int r;
2750
2751 assert(s);
2752
2753 if (s->type != SERVICE_NOTIFY_RELOAD)
2754 return service_enter_reload_post(s);
2755
2756 if (s->state == SERVICE_RELOAD) {
2757 /* We executed ExecReload=, and the service has already notified us the result?
2758 * Directly transition to next state. */
2759 if (s->notify_state == NOTIFY_RELOADING)
2760 return service_set_state(s, SERVICE_RELOAD_NOTIFY);
2761 if (s->notify_state == NOTIFY_RELOAD_READY)
2762 return service_enter_reload_post(s);
2763 }
2764
2765 if (pidref_is_set(&s->main_pid)) {
2766 r = service_arm_timer(s, /* relative= */ true, s->timeout_start_usec);
2767 if (r < 0) {
2768 log_unit_warning_errno(UNIT(s), r, "Failed to install timer: %m");
2769 goto fail;
2770 }
2771
2772 r = pidref_kill_and_sigcont(&s->main_pid, s->reload_signal);
2773 if (r < 0) {
2774 log_unit_warning_errno(UNIT(s), r, "Failed to send reload signal: %m");
2775 goto fail;
2776 }
2777
2778 service_set_state(s, SERVICE_RELOAD_SIGNAL);
2779 } else
2780 service_enter_reload_post(s);
2781
2782 return;
2783
2784fail:
2785 service_reload_finish(s, SERVICE_FAILURE_RESOURCES);
2786}
2787
2788static void service_enter_reload(Service *s) {
2789 int r;
2790
2791 assert(s);
2792
2793 service_unwatch_control_pid(s);
2794
2795 if (IN_SET(s->notify_state, NOTIFY_RELOADING, NOTIFY_RELOAD_READY))
2796 s->notify_state = _NOTIFY_STATE_INVALID;
2797
2798 /* Store the timestamp when we started reloading: when reloading via SIGHUP we won't leave the reload
2799 * state until we received both RELOADING=1 and READY=1 with MONOTONIC_USEC= set to a value above
2800 * this. Thus we know for sure the reload cycle was executed *after* we requested it, and is not one
2801 * that was already in progress before. */
2802 s->reload_begin_usec = now(CLOCK_MONOTONIC);
2803
2804 s->control_command = s->exec_command[SERVICE_EXEC_RELOAD];
2805 if (s->control_command) {
2806 s->control_command_id = SERVICE_EXEC_RELOAD;
2807
2808 r = service_spawn(s,
2809 s->control_command,
2810 service_exec_flags(s->control_command_id, /* cred_flag = */ 0),
2811 s->timeout_start_usec,
2812 &s->control_pid);
2813 if (r < 0) {
2814 log_unit_warning_errno(UNIT(s), r, "Failed to spawn 'reload' task: %m");
2815 return service_reload_finish(s, SERVICE_FAILURE_RESOURCES);
2816 }
2817
2818 service_set_state(s, SERVICE_RELOAD);
2819 } else
2820 service_enter_reload_signal(s);
2821}
2822
2823static bool service_should_reload_extensions(Service *s) {
2824 int r;
2825
2826 assert(s);
2827
2828 if (!pidref_is_set(&s->main_pid)) {
2829 log_unit_debug(UNIT(s), "Not reloading extensions for service without main PID.");
2830 return false;
2831 }
2832
2833 r = exec_context_has_vpicked_extensions(&s->exec_context);
2834 if (r < 0)
2835 log_unit_warning_errno(UNIT(s), r, "Failed to determine if service should reload extensions, assuming false: %m");
2836 if (r == 0)
2837 log_unit_debug(UNIT(s), "Service has no extensions to reload.");
2838 if (r <= 0)
2839 return false;
2840
2841 // TODO: Add support for user services, which can use ExtensionDirectories= + notify-reload.
2842 // For now, skip for user services.
2843 if (!MANAGER_IS_SYSTEM(UNIT(s)->manager)) {
2844 log_once(LOG_WARNING, "Not reloading extensions for user services.");
2845 return false;
2846 }
2847
2848 return true;
2849}
2850
2851static void service_enter_refresh_extensions(Service *s) {
2852 _cleanup_(pidref_done) PidRef worker = PIDREF_NULL;
2853 int r;
2854
2855 assert(s);
2856
2857 /* If we don't have extensions to refresh, immediately transition to reload state */
2858 if (!service_should_reload_extensions(s))
2859 return service_enter_reload(s);
2860
2861 service_unwatch_control_pid(s);
2862 s->control_command = NULL;
2863 s->control_command_id = _SERVICE_EXEC_COMMAND_INVALID;
2864
2865 r = service_arm_timer(s, /* relative= */ true, s->timeout_start_usec);
2866 if (r < 0) {
2867 log_unit_warning_errno(UNIT(s), r, "Failed to install timer: %m");
2868 goto fail;
2869 }
2870
2871 /* Given we are running from PID1, avoid doing potentially heavy I/O operations like opening images
2872 * directly, and instead fork a worker process. */
2873 r = unit_fork_helper_process(UNIT(s), "(sd-refresh-extensions)", /* into_cgroup= */ false, &worker);
2874 if (r < 0) {
2875 log_unit_error_errno(UNIT(s), r, "Failed to fork process to refresh extensions in unit's namespace: %m");
2876 goto fail;
2877 }
2878 if (r == 0) {
2879 PidRef *unit_pid = &s->main_pid;
2880 assert(pidref_is_set(unit_pid));
2881
2882 _cleanup_free_ char *propagate_dir = path_join("/run/systemd/propagate/", UNIT(s)->id);
2883 if (!propagate_dir) {
2884 log_unit_error_errno(UNIT(s), -ENOMEM, "Failed to allocate memory for propagate directory: %m");
2885 _exit(EXIT_FAILURE);
2886 }
2887
2888 NamespaceParameters p = {
2889 .private_namespace_dir = "/run/systemd",
2890 .incoming_dir = "/run/systemd/incoming",
2891 .propagate_dir = propagate_dir,
2892 .runtime_scope = UNIT(s)->manager->runtime_scope,
2893 .extension_images = s->exec_context.extension_images,
2894 .n_extension_images = s->exec_context.n_extension_images,
2895 .extension_directories = s->exec_context.extension_directories,
2896 .extension_image_policy = s->exec_context.extension_image_policy,
2897 .root_directory_fd = -EBADF,
2898 };
2899
2900 /* Only reload confext, and not sysext as they also typically contain the executable(s) used
2901 * by the service and a simply reload cannot meaningfully handle that. */
2902 r = refresh_extensions_in_namespace(
2903 unit_pid,
2904 "SYSTEMD_CONFEXT_HIERARCHIES",
2905 &p);
2906 if (r < 0)
2907 log_unit_error_errno(UNIT(s), r, "Failed to refresh extensions in unit's namespace: %m");
2908 else
2909 log_unit_debug(UNIT(s), "Refreshed extensions in unit's namespace");
2910
2911 _exit(r < 0 ? EXIT_FAILURE : EXIT_SUCCESS);
2912 }
2913
2914 r = unit_watch_pidref(UNIT(s), &worker, /* exclusive= */ true);
2915 if (r < 0) {
2916 log_unit_warning_errno(UNIT(s), r, "Failed to watch extensions refresh helper process: %m");
2917 goto fail;
2918 }
2919
2920 s->control_pid = TAKE_PIDREF(worker);
2921 service_set_state(s, SERVICE_REFRESH_EXTENSIONS);
2922 return;
2923
2924fail:
2925 service_reload_finish(s, SERVICE_FAILURE_RESOURCES);
2926}
2927
2928static void service_run_next_control(Service *s) {
2929 usec_t timeout;
2930 int r;
2931
2932 assert(s);
2933 assert(s->control_command);
2934 assert(s->control_command->command_next);
2935
2936 assert(s->control_command_id != SERVICE_EXEC_START);
2937
2938 s->control_command = s->control_command->command_next;
2939 service_unwatch_control_pid(s);
2940
2941 if (IN_SET(s->state,
2942 SERVICE_CONDITION,
2943 SERVICE_START_PRE, SERVICE_START, SERVICE_START_POST,
2944 SERVICE_RUNNING,
2945 SERVICE_RELOAD, SERVICE_RELOAD_POST))
2946 timeout = s->timeout_start_usec;
2947 else
2948 timeout = s->timeout_stop_usec;
2949
2950 r = service_spawn(s,
2951 s->control_command,
2952 service_exec_flags(s->control_command_id, /* cred_flag = */ 0),
2953 timeout,
2954 &s->control_pid);
2955 if (r < 0) {
2956 log_unit_warning_errno(UNIT(s), r, "Failed to spawn next control task: %m");
2957
2958 if (IN_SET(s->state, SERVICE_CONDITION, SERVICE_START_PRE, SERVICE_START_POST, SERVICE_STOP))
2959 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_RESOURCES);
2960 else if (s->state == SERVICE_STOP_POST)
2961 service_enter_dead(s, SERVICE_FAILURE_RESOURCES, /* allow_restart= */ true);
2962 else if (IN_SET(s->state, SERVICE_RELOAD, SERVICE_RELOAD_POST))
2963 service_reload_finish(s, SERVICE_FAILURE_RESOURCES);
2964 else
2965 service_enter_stop(s, SERVICE_FAILURE_RESOURCES);
2966 }
2967}
2968
2969static void service_run_next_main(Service *s) {
2970 _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
2971 int r;
2972
2973 assert(s);
2974 assert(s->main_command);
2975 assert(s->main_command->command_next);
2976 assert(s->type == SERVICE_ONESHOT);
2977
2978 s->main_command = s->main_command->command_next;
2979 service_unwatch_main_pid(s);
2980
2981 r = service_spawn(s,
2982 s->main_command,
2983 service_exec_flags(SERVICE_EXEC_START, EXEC_SETUP_CREDENTIALS),
2984 s->timeout_start_usec,
2985 &pidref);
2986 if (r < 0) {
2987 log_unit_warning_errno(UNIT(s), r, "Failed to spawn next main task: %m");
2988 service_enter_stop(s, SERVICE_FAILURE_RESOURCES);
2989 return;
2990 }
2991
2992 (void) service_set_main_pidref(s, TAKE_PIDREF(pidref), &s->main_command->exec_status.start_timestamp);
2993}
2994
2995static int service_start(Unit *u) {
2996 Service *s = ASSERT_PTR(SERVICE(u));
2997 int r;
2998
2999 if (s->state == SERVICE_AUTO_RESTART) {
3000 /* As mentioned in unit_start(), we allow manual starts to act as "hurry up" signals
3001 * for auto restart. We need to re-enqueue the job though, as the job type has changed
3002 * (JOB_RESTART_DEPENDENCIES). */
3003
3004 service_enter_restart(s, /* shortcut = */ true);
3005 return -EAGAIN;
3006 }
3007
3008 /* SERVICE_*_BEFORE_AUTO_RESTART are not to be expected here, as those are intermediate states
3009 * that should never be seen outside of service_enter_dead(). */
3010 assert(IN_SET(s->state, SERVICE_DEAD, SERVICE_FAILED, SERVICE_DEAD_RESOURCES_PINNED, SERVICE_AUTO_RESTART_QUEUED));
3011
3012 r = unit_acquire_invocation_id(u);
3013 if (r < 0)
3014 return r;
3015
3016 s->main_pid_known = false;
3017 s->main_pid_alien = false;
3018 s->forbid_restart = false;
3019
3020 /* This is not an automatic restart? Flush the restart counter then. */
3021 if (s->state != SERVICE_AUTO_RESTART_QUEUED)
3022 s->n_restarts = 0;
3023
3024 s->result = SERVICE_SUCCESS;
3025 s->reload_result = SERVICE_SUCCESS;
3026 s->reload_begin_usec = USEC_INFINITY;
3027
3028 s->status_text = mfree(s->status_text);
3029 s->status_errno = 0;
3030 s->status_bus_error = mfree(s->status_bus_error);
3031 s->status_varlink_error = mfree(s->status_varlink_error);
3032
3033 s->notify_access_override = _NOTIFY_ACCESS_INVALID;
3034 s->notify_state = _NOTIFY_STATE_INVALID;
3035
3036 s->watchdog_original_usec = s->watchdog_usec;
3037 s->watchdog_override_enable = false;
3038 s->watchdog_override_usec = USEC_INFINITY;
3039
3040 exec_command_reset_status_list_array(s->exec_command, _SERVICE_EXEC_COMMAND_MAX);
3041 exec_status_reset(&s->main_exec_status);
3042
3043 CGroupRuntime *crt = unit_get_cgroup_runtime(u);
3044 if (crt)
3045 crt->reset_accounting = true;
3046
3047 service_enter_condition(s);
3048 return 1;
3049}
3050
3051static void service_live_mount_finish(Service *s, ServiceResult f, const char *error) {
3052 assert(s);
3053 assert(error);
3054
3055 s->live_mount_result = f;
3056
3057 if (!s->mount_request)
3058 return;
3059
3060 if (f == SERVICE_SUCCESS) {
3061 (void) sd_bus_reply_method_return(s->mount_request, NULL);
3062 log_unit_debug(UNIT(s),
3063 "'%s' method succeeded",
3064 strna(sd_bus_message_get_member(s->mount_request)));
3065 } else {
3066 (void) sd_bus_reply_method_errorf(s->mount_request, error,
3067 "method '%s' for unit '%s' failed",
3068 strna(sd_bus_message_get_member(s->mount_request)),
3069 UNIT(s)->id);
3070 log_unit_debug(UNIT(s),
3071 "'%s' method failed: %s",
3072 strna(sd_bus_message_get_member(s->mount_request)),
3073 error);
3074 }
3075
3076 s->mount_request = sd_bus_message_unref(s->mount_request);
3077}
3078
3079static void service_reload_finish(Service *s, ServiceResult f) {
3080 assert(s);
3081
3082 s->reload_result = f;
3083 s->reload_begin_usec = USEC_INFINITY;
3084
3085 /* If notify state is still in dangling NOTIFY_RELOADING, reset it so service_enter_running()
3086 * won't get confused (see #37515) */
3087 if (s->notify_state == NOTIFY_RELOADING)
3088 s->notify_state = _NOTIFY_STATE_INVALID;
3089
3090 service_enter_running(s, SERVICE_SUCCESS);
3091}
3092
3093static int service_stop(Unit *u) {
3094 Service *s = ASSERT_PTR(SERVICE(u));
3095
3096 /* Don't create restart jobs from manual stops. */
3097 s->forbid_restart = true;
3098
3099 switch (s->state) {
3100
3101 case SERVICE_STOP:
3102 case SERVICE_STOP_SIGTERM:
3103 case SERVICE_STOP_SIGKILL:
3104 case SERVICE_STOP_POST:
3105 case SERVICE_FINAL_WATCHDOG:
3106 case SERVICE_FINAL_SIGTERM:
3107 case SERVICE_FINAL_SIGKILL:
3108 /* Already on it */
3109 return 0;
3110
3111 case SERVICE_AUTO_RESTART:
3112 case SERVICE_AUTO_RESTART_QUEUED:
3113 /* Give up on the auto restart */
3114 service_set_state(s, service_determine_dead_state(s));
3115 return 0;
3116
3117 case SERVICE_MOUNTING:
3118 service_live_mount_finish(s, SERVICE_FAILURE_PROTOCOL, BUS_ERROR_UNIT_INACTIVE);
3119 _fallthrough_;
3120 case SERVICE_REFRESH_EXTENSIONS:
3121 service_kill_control_process(s);
3122 _fallthrough_;
3123 case SERVICE_CONDITION:
3124 case SERVICE_START_PRE:
3125 case SERVICE_START:
3126 case SERVICE_START_POST:
3127 case SERVICE_RELOAD:
3128 case SERVICE_RELOAD_SIGNAL:
3129 case SERVICE_RELOAD_NOTIFY:
3130 case SERVICE_RELOAD_POST:
3131 case SERVICE_STOP_WATCHDOG:
3132 /* If there's already something running we go directly into kill mode. */
3133 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_SUCCESS);
3134 return 0;
3135
3136 case SERVICE_CLEANING:
3137 /* If we are currently cleaning, then abort it, brutally. */
3138 service_enter_signal(s, SERVICE_FINAL_SIGKILL, SERVICE_SUCCESS);
3139 return 0;
3140
3141 case SERVICE_RUNNING:
3142 case SERVICE_EXITED:
3143 service_enter_stop(s, SERVICE_SUCCESS);
3144 return 1;
3145
3146 case SERVICE_DEAD_BEFORE_AUTO_RESTART:
3147 case SERVICE_FAILED_BEFORE_AUTO_RESTART:
3148 case SERVICE_DEAD:
3149 case SERVICE_FAILED:
3150 case SERVICE_DEAD_RESOURCES_PINNED:
3151 default:
3152 /* Unknown state, or unit_stop() should already have handled these */
3153 assert_not_reached();
3154 }
3155}
3156
3157static int service_reload(Unit *u) {
3158 Service *s = ASSERT_PTR(SERVICE(u));
3159
3160 assert(IN_SET(s->state, SERVICE_RUNNING, SERVICE_EXITED));
3161
3162 s->reload_result = SERVICE_SUCCESS;
3163
3164 service_enter_refresh_extensions(s);
3165
3166 return 1;
3167}
3168
3169static bool service_can_reload(Unit *u) {
3170 Service *s = ASSERT_PTR(SERVICE(u));
3171
3172 return s->exec_command[SERVICE_EXEC_RELOAD] ||
3173 s->type == SERVICE_NOTIFY_RELOAD;
3174}
3175
3176static unsigned service_exec_command_index(Unit *u, ServiceExecCommand id, const ExecCommand *current) {
3177 Service *s = SERVICE(u);
3178 unsigned idx = 0;
3179
3180 assert(s);
3181 assert(id >= 0);
3182 assert(id < _SERVICE_EXEC_COMMAND_MAX);
3183
3184 const ExecCommand *first = s->exec_command[id];
3185
3186 /* Figure out where we are in the list by walking back to the beginning */
3187 for (const ExecCommand *c = current; c != first; c = c->command_prev)
3188 idx++;
3189
3190 return idx;
3191}
3192
3193static int service_serialize_exec_command(Unit *u, FILE *f, const ExecCommand *command) {
3194 Service *s = ASSERT_PTR(SERVICE(u));
3195 _cleanup_free_ char *args = NULL, *p = NULL;
3196 const char *type, *key;
3197 ServiceExecCommand id;
3198 size_t length = 0;
3199 unsigned idx;
3200
3201 assert(f);
3202
3203 if (!command)
3204 return 0;
3205
3206 if (command == s->control_command) {
3207 type = "control";
3208 id = s->control_command_id;
3209 } else {
3210 type = "main";
3211 id = SERVICE_EXEC_START;
3212 }
3213
3214 idx = service_exec_command_index(u, id, command);
3215
3216 STRV_FOREACH(arg, command->argv) {
3217 _cleanup_free_ char *e = NULL;
3218 size_t n;
3219
3220 e = cescape(*arg);
3221 if (!e)
3222 return log_oom();
3223
3224 n = strlen(e);
3225 if (!GREEDY_REALLOC(args, length + 2 + n + 2))
3226 return log_oom();
3227
3228 if (length > 0)
3229 args[length++] = ' ';
3230
3231 args[length++] = '"';
3232 memcpy(args + length, e, n);
3233 length += n;
3234 args[length++] = '"';
3235 }
3236
3237 if (!GREEDY_REALLOC(args, length + 1))
3238 return log_oom();
3239
3240 args[length++] = 0;
3241
3242 p = cescape(command->path);
3243 if (!p)
3244 return log_oom();
3245
3246 key = strjoina(type, "-command");
3247
3248 /* We use '+1234' instead of '1234' to mark the last command in a sequence.
3249 * This is used in service_deserialize_exec_command(). */
3250 (void) serialize_item_format(
3251 f, key,
3252 "%s %s%u %s %s",
3253 service_exec_command_to_string(id),
3254 command->command_next ? "" : "+",
3255 idx,
3256 p, args);
3257
3258 return 0;
3259}
3260
3261static int service_serialize(Unit *u, FILE *f, FDSet *fds) {
3262 Service *s = ASSERT_PTR(SERVICE(u));
3263 int r;
3264
3265 assert(f);
3266 assert(fds);
3267
3268 (void) serialize_item(f, "state", service_state_to_string(s->state));
3269 (void) serialize_item(f, "result", service_result_to_string(s->result));
3270 (void) serialize_item(f, "reload-result", service_result_to_string(s->reload_result));
3271 (void) serialize_item(f, "live-mount-result", service_result_to_string(s->live_mount_result));
3272
3273 (void) serialize_pidref(f, fds, "control-pid", &s->control_pid);
3274 if (s->main_pid_known)
3275 (void) serialize_pidref(f, fds, "main-pid", &s->main_pid);
3276
3277 (void) serialize_bool(f, "main-pid-known", s->main_pid_known);
3278 (void) serialize_bool(f, "bus-name-good", s->bus_name_good);
3279
3280 (void) serialize_item_format(f, "n-restarts", "%u", s->n_restarts);
3281 (void) serialize_bool(f, "forbid-restart", s->forbid_restart);
3282
3283 service_serialize_exec_command(u, f, s->control_command);
3284 service_serialize_exec_command(u, f, s->main_command);
3285
3286 r = serialize_fd(f, fds, "stdin-fd", s->stdin_fd);
3287 if (r < 0)
3288 return r;
3289
3290 r = serialize_fd(f, fds, "stdout-fd", s->stdout_fd);
3291 if (r < 0)
3292 return r;
3293
3294 r = serialize_fd(f, fds, "stderr-fd", s->stderr_fd);
3295 if (r < 0)
3296 return r;
3297
3298 r = serialize_fd(f, fds, "root-directory-fd", s->root_directory_fd);
3299 if (r < 0)
3300 return r;
3301
3302 if (s->exec_fd_event_source) {
3303 r = serialize_fd(f, fds, "exec-fd", sd_event_source_get_io_fd(s->exec_fd_event_source));
3304 if (r < 0)
3305 return r;
3306
3307 (void) serialize_bool(f, "exec-fd-hot", s->exec_fd_hot);
3308 }
3309
3310 if (UNIT_ISSET(s->accept_socket)) {
3311 r = serialize_item(f, "accept-socket", UNIT_DEREF(s->accept_socket)->id);
3312 if (r < 0)
3313 return r;
3314 }
3315
3316 r = serialize_fd(f, fds, "socket-fd", s->socket_fd);
3317 if (r < 0)
3318 return r;
3319
3320 LIST_FOREACH(fd_store, fs, s->fd_store) {
3321 _cleanup_free_ char *c = NULL;
3322 int copy;
3323
3324 copy = fdset_put_dup(fds, fs->fd);
3325 if (copy < 0)
3326 return log_error_errno(copy, "Failed to copy file descriptor for serialization: %m");
3327
3328 c = cescape(fs->fdname);
3329 if (!c)
3330 return log_oom();
3331
3332 (void) serialize_item_format(f, "fd-store-fd", "%i \"%s\" %s", copy, c, one_zero(fs->do_poll));
3333 }
3334
3335 FOREACH_ARRAY(i, s->extra_fds, s->n_extra_fds) {
3336 _cleanup_free_ char *c = NULL;
3337 int copy;
3338
3339 copy = fdset_put_dup(fds, i->fd);
3340 if (copy < 0)
3341 return log_error_errno(copy, "Failed to copy file descriptor for serialization: %m");
3342
3343 c = cescape(i->fdname);
3344 if (!c)
3345 return log_oom();
3346
3347 (void) serialize_item_format(f, "extra-fd", "%i \"%s\"", copy, c);
3348 }
3349
3350 if (s->main_exec_status.pid > 0) {
3351 (void) serialize_item_format(f, "main-exec-status-pid", PID_FMT, s->main_exec_status.pid);
3352 (void) serialize_dual_timestamp(f, "main-exec-status-start", &s->main_exec_status.start_timestamp);
3353 (void) serialize_dual_timestamp(f, "main-exec-status-exit", &s->main_exec_status.exit_timestamp);
3354 (void) serialize_dual_timestamp(f, "main-exec-status-handoff", &s->main_exec_status.handoff_timestamp);
3355
3356 if (dual_timestamp_is_set(&s->main_exec_status.exit_timestamp)) {
3357 (void) serialize_item_format(f, "main-exec-status-code", "%i", s->main_exec_status.code);
3358 (void) serialize_item_format(f, "main-exec-status-status", "%i", s->main_exec_status.status);
3359 }
3360 }
3361
3362 if (s->notify_access_override >= 0)
3363 (void) serialize_item(f, "notify-access-override", notify_access_to_string(s->notify_access_override));
3364 if (s->notify_state >= 0)
3365 (void) serialize_item(f, "notify-state", notify_state_to_string(s->notify_state));
3366
3367 r = serialize_item_escaped(f, "status-text", s->status_text);
3368 if (r < 0)
3369 return r;
3370
3371 (void) serialize_item_format(f, "status-errno", "%d", s->status_errno);
3372 (void) serialize_item(f, "status-bus-error", s->status_bus_error);
3373 (void) serialize_item(f, "status-varlink-error", s->status_varlink_error);
3374
3375 (void) serialize_dual_timestamp(f, "watchdog-timestamp", &s->watchdog_timestamp);
3376
3377 (void) serialize_usec(f, "watchdog-original-usec", s->watchdog_original_usec);
3378 if (s->watchdog_override_enable)
3379 (void) serialize_usec(f, "watchdog-override-usec", s->watchdog_override_usec);
3380
3381 (void) serialize_usec(f, "reload-begin-usec", s->reload_begin_usec);
3382
3383 return 0;
3384}
3385
3386int service_deserialize_exec_command(
3387 Unit *u,
3388 const char *key,
3389 const char *value) {
3390
3391 Service *s = ASSERT_PTR(SERVICE(u));
3392 ExecCommand *command = NULL;
3393 ServiceExecCommand id = _SERVICE_EXEC_COMMAND_INVALID;
3394 _cleanup_free_ char *path = NULL;
3395 _cleanup_strv_free_ char **argv = NULL;
3396 unsigned idx = 0, i;
3397 bool control, found = false, last = false;
3398 int r;
3399
3400 enum {
3401 STATE_EXEC_COMMAND_TYPE,
3402 STATE_EXEC_COMMAND_INDEX,
3403 STATE_EXEC_COMMAND_PATH,
3404 STATE_EXEC_COMMAND_ARGS,
3405 _STATE_EXEC_COMMAND_MAX,
3406 _STATE_EXEC_COMMAND_INVALID = -EINVAL,
3407 } state;
3408
3409 assert(key);
3410 assert(value);
3411
3412 control = streq(key, "control-command");
3413
3414 state = STATE_EXEC_COMMAND_TYPE;
3415
3416 for (;;) {
3417 _cleanup_free_ char *arg = NULL;
3418
3419 r = extract_first_word(&value, &arg, NULL, EXTRACT_CUNESCAPE | EXTRACT_UNQUOTE);
3420 if (r < 0)
3421 return r;
3422 if (r == 0)
3423 break;
3424
3425 switch (state) {
3426
3427 case STATE_EXEC_COMMAND_TYPE:
3428 id = service_exec_command_from_string(arg);
3429 if (id < 0)
3430 return id;
3431
3432 state = STATE_EXEC_COMMAND_INDEX;
3433 break;
3434
3435 case STATE_EXEC_COMMAND_INDEX:
3436 /* ExecCommand index 1234 is serialized as either '1234' or '+1234'. The second form
3437 * is used to mark the last command in a sequence. We warn if the deserialized command
3438 * doesn't match what we have loaded from the unit, but we don't need to warn if
3439 * that is the last command. */
3440
3441 r = safe_atou(arg, &idx);
3442 if (r < 0)
3443 return r;
3444 last = arg[0] == '+';
3445
3446 state = STATE_EXEC_COMMAND_PATH;
3447 break;
3448
3449 case STATE_EXEC_COMMAND_PATH:
3450 path = TAKE_PTR(arg);
3451 state = STATE_EXEC_COMMAND_ARGS;
3452 break;
3453
3454 case STATE_EXEC_COMMAND_ARGS:
3455 r = strv_extend(&argv, arg);
3456 if (r < 0)
3457 return r;
3458 break;
3459
3460 default:
3461 assert_not_reached();
3462 }
3463 }
3464
3465 if (state != STATE_EXEC_COMMAND_ARGS)
3466 return -EINVAL;
3467 if (strv_isempty(argv))
3468 return -EINVAL; /* At least argv[0] must be always present. */
3469
3470 /* Let's check whether exec command on given offset matches data that we just deserialized */
3471 for (command = s->exec_command[id], i = 0; command; command = command->command_next, i++) {
3472 if (i != idx)
3473 continue;
3474
3475 found = strv_equal(argv, command->argv) && streq(command->path, path);
3476 break;
3477 }
3478
3479 if (!found) {
3480 /* Command at the index we serialized is different, let's look for command that exactly
3481 * matches but is on different index. If there is no such command we will not resume execution. */
3482 for (command = s->exec_command[id]; command; command = command->command_next)
3483 if (strv_equal(command->argv, argv) && streq(command->path, path))
3484 break;
3485 }
3486
3487 if (command && control) {
3488 s->control_command = command;
3489 s->control_command_id = id;
3490 } else if (command)
3491 s->main_command = command;
3492 else if (last)
3493 log_unit_debug(u, "Current command vanished from the unit file.");
3494 else
3495 log_unit_warning(u, "Current command vanished from the unit file, execution of the command list won't be resumed.");
3496
3497 return 0;
3498}
3499
3500static int service_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
3501 Service *s = ASSERT_PTR(SERVICE(u));
3502 int r;
3503
3504 assert(key);
3505 assert(value);
3506 assert(fds);
3507
3508 if (streq(key, "state")) {
3509 ServiceState state;
3510
3511 state = service_state_from_string(value);
3512 if (state < 0)
3513 log_unit_debug_errno(u, state, "Failed to parse state value: %s", value);
3514 else
3515 s->deserialized_state = state;
3516 } else if (streq(key, "result")) {
3517 ServiceResult f;
3518
3519 f = service_result_from_string(value);
3520 if (f < 0)
3521 log_unit_debug_errno(u, f, "Failed to parse result value: %s", value);
3522 else if (f != SERVICE_SUCCESS)
3523 s->result = f;
3524
3525 } else if (streq(key, "reload-result")) {
3526 ServiceResult f;
3527
3528 f = service_result_from_string(value);
3529 if (f < 0)
3530 log_unit_debug_errno(u, f, "Failed to parse reload result value: %s", value);
3531 else if (f != SERVICE_SUCCESS)
3532 s->reload_result = f;
3533
3534 } else if (streq(key, "live-mount-result")) {
3535 ServiceResult f;
3536
3537 f = service_result_from_string(value);
3538 if (f < 0)
3539 log_unit_debug_errno(u, f, "Failed to parse live mount result value: %s", value);
3540 else if (f != SERVICE_SUCCESS)
3541 s->live_mount_result = f;
3542
3543 } else if (streq(key, "control-pid")) {
3544
3545 if (!pidref_is_set(&s->control_pid))
3546 (void) deserialize_pidref(fds, value, &s->control_pid);
3547
3548 } else if (streq(key, "main-pid")) {
3549 PidRef pidref;
3550
3551 if (!pidref_is_set(&s->main_pid) && deserialize_pidref(fds, value, &pidref) >= 0)
3552 (void) service_set_main_pidref(s, pidref, /* start_timestamp = */ NULL);
3553
3554 } else if (streq(key, "main-pid-known")) {
3555 r = parse_boolean(value);
3556 if (r < 0)
3557 log_unit_debug_errno(u, r, "Failed to parse main-pid-known value: %s", value);
3558 else
3559 s->main_pid_known = r;
3560 } else if (streq(key, "bus-name-good")) {
3561 r = parse_boolean(value);
3562 if (r < 0)
3563 log_unit_debug_errno(u, r, "Failed to parse bus-name-good value: %s", value);
3564 else
3565 s->bus_name_good = r;
3566 } else if (streq(key, "accept-socket")) {
3567 Unit *socket;
3568
3569 if (unit_name_to_type(value) != UNIT_SOCKET) {
3570 log_unit_debug(u, "Deserialized accept-socket is not a socket unit, ignoring: %s", value);
3571 return 0;
3572 }
3573
3574 r = manager_load_unit(u->manager, value, NULL, NULL, &socket);
3575 if (r < 0)
3576 log_unit_debug_errno(u, r, "Failed to load accept-socket unit '%s': %m", value);
3577 else {
3578 unit_ref_set(&s->accept_socket, u, socket);
3579 ASSERT_PTR(SOCKET(socket))->n_connections++;
3580 }
3581
3582 } else if (streq(key, "socket-fd")) {
3583 asynchronous_close(s->socket_fd);
3584 s->socket_fd = deserialize_fd(fds, value);
3585
3586 } else if (streq(key, "fd-store-fd")) {
3587 _cleanup_free_ char *fdv = NULL, *fdn = NULL, *fdp = NULL;
3588 _cleanup_close_ int fd = -EBADF;
3589 int do_poll;
3590
3591 r = extract_many_words(&value, " ", EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE, &fdv, &fdn, &fdp);
3592 if (r < 2 || r > 3) {
3593 log_unit_debug(u, "Failed to deserialize fd-store-fd, ignoring: %s", value);
3594 return 0;
3595 }
3596
3597 fd = deserialize_fd(fds, fdv);
3598 if (fd < 0)
3599 return 0;
3600
3601 do_poll = r == 3 ? parse_boolean(fdp) : true;
3602 if (do_poll < 0) {
3603 log_unit_debug_errno(u, do_poll,
3604 "Failed to deserialize fd-store-fd do_poll, ignoring: %s", fdp);
3605 return 0;
3606 }
3607
3608 r = service_add_fd_store(s, TAKE_FD(fd), fdn, do_poll);
3609 if (r < 0) {
3610 log_unit_debug_errno(u, r,
3611 "Failed to store deserialized fd '%s', ignoring: %m", fdn);
3612 return 0;
3613 }
3614 } else if (streq(key, "extra-fd")) {
3615 _cleanup_free_ char *fdv = NULL, *fdn = NULL;
3616 _cleanup_close_ int fd = -EBADF;
3617
3618 r = extract_many_words(&value, " ", EXTRACT_CUNESCAPE|EXTRACT_UNQUOTE, &fdv, &fdn);
3619 if (r != 2) {
3620 log_unit_debug(u, "Failed to deserialize extra-fd, ignoring: %s", value);
3621 return 0;
3622 }
3623
3624 fd = deserialize_fd(fds, fdv);
3625 if (fd < 0)
3626 return 0;
3627
3628 if (!GREEDY_REALLOC(s->extra_fds, s->n_extra_fds + 1)) {
3629 log_oom_debug();
3630 return 0;
3631 }
3632
3633 s->extra_fds[s->n_extra_fds++] = (ServiceExtraFD) {
3634 .fd = TAKE_FD(fd),
3635 .fdname = TAKE_PTR(fdn),
3636 };
3637 } else if (streq(key, "main-exec-status-pid")) {
3638 pid_t pid;
3639
3640 if (parse_pid(value, &pid) < 0)
3641 log_unit_debug(u, "Failed to parse main-exec-status-pid value: %s", value);
3642 else
3643 s->main_exec_status.pid = pid;
3644 } else if (streq(key, "main-exec-status-code")) {
3645 int i;
3646
3647 if (safe_atoi(value, &i) < 0)
3648 log_unit_debug(u, "Failed to parse main-exec-status-code value: %s", value);
3649 else
3650 s->main_exec_status.code = i;
3651 } else if (streq(key, "main-exec-status-status")) {
3652 int i;
3653
3654 if (safe_atoi(value, &i) < 0)
3655 log_unit_debug(u, "Failed to parse main-exec-status-status value: %s", value);
3656 else
3657 s->main_exec_status.status = i;
3658 } else if (streq(key, "main-exec-status-start"))
3659 (void) deserialize_dual_timestamp(value, &s->main_exec_status.start_timestamp);
3660 else if (streq(key, "main-exec-status-exit"))
3661 (void) deserialize_dual_timestamp(value, &s->main_exec_status.exit_timestamp);
3662 else if (streq(key, "main-exec-status-handoff"))
3663 (void) deserialize_dual_timestamp(value, &s->main_exec_status.handoff_timestamp);
3664 else if (STR_IN_SET(key, "main-command", "control-command")) {
3665 r = service_deserialize_exec_command(u, key, value);
3666 if (r < 0)
3667 log_unit_debug_errno(u, r, "Failed to parse serialized command \"%s\": %m", value);
3668 } else if (streq(key, "notify-access-override")) {
3669 NotifyAccess notify_access;
3670
3671 notify_access = notify_access_from_string(value);
3672 if (notify_access < 0)
3673 log_unit_debug(u, "Failed to parse notify-access-override value: %s", value);
3674 else
3675 s->notify_access_override = notify_access;
3676
3677 } else if (streq(key, "notify-state")) {
3678 NotifyState notify_state;
3679
3680 notify_state = notify_state_from_string(value);
3681 if (notify_state < 0)
3682 log_unit_debug(u, "Failed to parse notify-state value: %s", value);
3683 else
3684 s->notify_state = notify_state;
3685
3686 } else if (streq(key, "n-restarts")) {
3687 r = safe_atou(value, &s->n_restarts);
3688 if (r < 0)
3689 log_unit_debug_errno(u, r, "Failed to parse serialized restart counter '%s': %m", value);
3690
3691 } else if (streq(key, "forbid-restart")) {
3692 r = parse_boolean(value);
3693 if (r < 0)
3694 log_unit_debug_errno(u, r, "Failed to parse forbid-restart value: %s", value);
3695 else
3696 s->forbid_restart = r;
3697 } else if (streq(key, "stdin-fd")) {
3698
3699 asynchronous_close(s->stdin_fd);
3700 s->stdin_fd = deserialize_fd(fds, value);
3701 if (s->stdin_fd >= 0)
3702 s->exec_context.stdio_as_fds = true;
3703
3704 } else if (streq(key, "stdout-fd")) {
3705
3706 asynchronous_close(s->stdout_fd);
3707 s->stdout_fd = deserialize_fd(fds, value);
3708 if (s->stdout_fd >= 0)
3709 s->exec_context.stdio_as_fds = true;
3710
3711 } else if (streq(key, "stderr-fd")) {
3712
3713 asynchronous_close(s->stderr_fd);
3714 s->stderr_fd = deserialize_fd(fds, value);
3715 if (s->stderr_fd >= 0)
3716 s->exec_context.stdio_as_fds = true;
3717
3718 } else if (streq(key, "root-directory-fd")) {
3719
3720 asynchronous_close(s->root_directory_fd);
3721 s->root_directory_fd = deserialize_fd(fds, value);
3722 if (s->root_directory_fd >= 0)
3723 s->exec_context.root_directory_as_fd = true;
3724
3725 } else if (streq(key, "exec-fd")) {
3726 _cleanup_close_ int fd = -EBADF;
3727
3728 fd = deserialize_fd(fds, value);
3729 if (fd >= 0) {
3730 s->exec_fd_event_source = sd_event_source_disable_unref(s->exec_fd_event_source);
3731
3732 if (service_allocate_exec_fd_event_source(s, fd, &s->exec_fd_event_source) >= 0)
3733 TAKE_FD(fd);
3734 }
3735
3736 } else if (streq(key, "status-text")) {
3737 char *t;
3738 ssize_t l;
3739
3740 l = cunescape(value, 0, &t);
3741 if (l < 0)
3742 log_unit_debug_errno(u, l, "Failed to unescape status text '%s': %m", value);
3743 else
3744 free_and_replace(s->status_text, t);
3745
3746 } else if (streq(key, "status-errno")) {
3747 int i;
3748
3749 if (safe_atoi(value, &i) < 0)
3750 log_unit_debug(u, "Failed to parse status-errno value: %s", value);
3751 else
3752 s->status_errno = i;
3753
3754 } else if (streq(key, "status-bus-error")) {
3755 if (free_and_strdup(&s->status_bus_error, value) < 0)
3756 log_oom_debug();
3757
3758 } else if (streq(key, "status-varlink-error")) {
3759 if (free_and_strdup(&s->status_varlink_error, value) < 0)
3760 log_oom_debug();
3761
3762 } else if (streq(key, "watchdog-timestamp"))
3763 (void) deserialize_dual_timestamp(value, &s->watchdog_timestamp);
3764 else if (streq(key, "watchdog-original-usec"))
3765 (void) deserialize_usec(value, &s->watchdog_original_usec);
3766 else if (streq(key, "watchdog-override-usec")) {
3767 if (deserialize_usec(value, &s->watchdog_override_usec) >= 0)
3768 s->watchdog_override_enable = true;
3769
3770 } else if (streq(key, "reload-begin-usec"))
3771 (void) deserialize_usec(value, &s->reload_begin_usec);
3772 else
3773 log_unit_debug(u, "Unknown serialization key: %s", key);
3774
3775 return 0;
3776}
3777
3778static UnitActiveState service_active_state(Unit *u) {
3779 Service *s = ASSERT_PTR(SERVICE(u));
3780 const UnitActiveState *table;
3781
3782 table = s->type == SERVICE_IDLE ? state_translation_table_idle : state_translation_table;
3783
3784 return table[s->state];
3785}
3786
3787static const char *service_sub_state_to_string(Unit *u) {
3788 assert(u);
3789
3790 return service_state_to_string(SERVICE(u)->state);
3791}
3792
3793static bool service_may_gc(Unit *u) {
3794 Service *s = ASSERT_PTR(SERVICE(u));
3795
3796 /* Never clean up services that still have a process around, even if the service is formally dead. Note that
3797 * unit_may_gc() already checked our cgroup for us, we just check our two additional PIDs, too, in case they
3798 * have moved outside of the cgroup. */
3799
3800 if (main_pid_good(s) > 0 ||
3801 control_pid_good(s) > 0)
3802 return false;
3803
3804 /* Only allow collection of actually dead services, i.e. not those that are in the transitionary
3805 * SERVICE_DEAD_BEFORE_AUTO_RESTART/SERVICE_FAILED_BEFORE_AUTO_RESTART states. */
3806 if (!IN_SET(s->state, SERVICE_DEAD, SERVICE_FAILED, SERVICE_DEAD_RESOURCES_PINNED))
3807 return false;
3808
3809 return true;
3810}
3811
3812static int service_retry_pid_file(Service *s) {
3813 int r;
3814
3815 assert(s);
3816 assert(s->pid_file);
3817 assert(IN_SET(s->state, SERVICE_START, SERVICE_START_POST));
3818
3819 r = service_load_pid_file(s, false);
3820 if (r < 0)
3821 return r;
3822
3823 service_unwatch_pid_file(s);
3824
3825 service_enter_running(s, SERVICE_SUCCESS);
3826 return 0;
3827}
3828
3829static int service_watch_pid_file(Service *s) {
3830 int r;
3831
3832 assert(s);
3833
3834 log_unit_debug(UNIT(s), "Setting watch for PID file %s", s->pid_file_pathspec->path);
3835
3836 r = path_spec_watch(s->pid_file_pathspec, service_dispatch_inotify_io);
3837 if (r < 0) {
3838 log_unit_error_errno(UNIT(s), r, "Failed to set a watch for PID file %s: %m", s->pid_file_pathspec->path);
3839 service_unwatch_pid_file(s);
3840 return r;
3841 }
3842
3843 /* the pidfile might have appeared just before we set the watch */
3844 log_unit_debug(UNIT(s), "Trying to read PID file %s in case it changed", s->pid_file_pathspec->path);
3845 service_retry_pid_file(s);
3846
3847 return 0;
3848}
3849
3850static int service_demand_pid_file(Service *s) {
3851 _cleanup_free_ PathSpec *ps = NULL;
3852
3853 assert(s);
3854 assert(s->pid_file);
3855 assert(!s->pid_file_pathspec);
3856
3857 ps = new(PathSpec, 1);
3858 if (!ps)
3859 return -ENOMEM;
3860
3861 *ps = (PathSpec) {
3862 .unit = UNIT(s),
3863 .path = strdup(s->pid_file),
3864 /* PATH_CHANGED would not be enough. There are daemons (sendmail) that keep their PID file
3865 * open all the time. */
3866 .type = PATH_MODIFIED,
3867 .inotify_fd = -EBADF,
3868 };
3869
3870 if (!ps->path)
3871 return -ENOMEM;
3872
3873 path_simplify(ps->path);
3874
3875 s->pid_file_pathspec = TAKE_PTR(ps);
3876
3877 return service_watch_pid_file(s);
3878}
3879
3880static int service_dispatch_inotify_io(sd_event_source *source, int fd, uint32_t events, void *userdata) {
3881 PathSpec *p = ASSERT_PTR(userdata);
3882 Service *s = ASSERT_PTR(SERVICE(p->unit));
3883
3884 assert(fd >= 0);
3885 assert(IN_SET(s->state, SERVICE_START, SERVICE_START_POST));
3886 assert(s->pid_file_pathspec);
3887 assert(path_spec_owns_inotify_fd(s->pid_file_pathspec, fd));
3888
3889 log_unit_debug(UNIT(s), "inotify event");
3890
3891 if (path_spec_fd_event(p, events) < 0)
3892 goto fail;
3893
3894 if (service_retry_pid_file(s) == 0)
3895 return 0;
3896
3897 if (service_watch_pid_file(s) < 0)
3898 goto fail;
3899
3900 return 0;
3901
3902fail:
3903 service_unwatch_pid_file(s);
3904 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_RESOURCES);
3905 return 0;
3906}
3907
3908static int service_dispatch_exec_io(sd_event_source *source, int fd, uint32_t events, void *userdata) {
3909 Service *s = ASSERT_PTR(SERVICE(userdata));
3910
3911 log_unit_debug(UNIT(s), "got exec-fd event");
3912
3913 /* If Type=exec is set, we'll consider a service started successfully the instant we invoked execve()
3914 * successfully for it. We implement this through a pipe() towards the child, which the kernel
3915 * automatically closes for us due to O_CLOEXEC on execve() in the child, which then triggers EOF on
3916 * the pipe in the parent. We need to be careful however, as there are other reasons that we might
3917 * cause the child's side of the pipe to be closed (for example, a simple exit()). To deal with that
3918 * we'll ignore EOFs on the pipe unless the child signalled us first that it is about to call the
3919 * execve(). It does so by sending us a simple non-zero byte via the pipe. We also provide the child
3920 * with a way to inform us in case execve() failed: if it sends a zero byte we'll ignore POLLHUP on
3921 * the fd again. */
3922
3923 for (;;) {
3924 uint8_t x;
3925 ssize_t n;
3926
3927 n = read(fd, &x, sizeof(x));
3928 if (n < 0) {
3929 if (errno == EAGAIN) /* O_NONBLOCK in effect → everything queued has now been processed. */
3930 return 0;
3931
3932 return log_unit_error_errno(UNIT(s), errno, "Failed to read from exec_fd: %m");
3933 }
3934 if (n == 0) { /* EOF → the event we are waiting for in case of Type=exec */
3935 s->exec_fd_event_source = sd_event_source_disable_unref(s->exec_fd_event_source);
3936
3937 if (s->exec_fd_hot) { /* Did the child tell us to expect EOF now? */
3938 log_unit_debug(UNIT(s), "Got EOF on exec-fd");
3939
3940 s->exec_fd_hot = false;
3941
3942 /* Nice! This is what we have been waiting for. Transition to next state. */
3943 if (s->type == SERVICE_EXEC && s->state == SERVICE_START)
3944 service_enter_start_post(s);
3945 } else
3946 log_unit_debug(UNIT(s), "Got EOF on exec-fd while it was disabled, ignoring.");
3947
3948 return 0;
3949 }
3950
3951 /* A byte was read → this turns on/off the exec fd logic */
3952 assert(n == sizeof(x));
3953
3954 s->exec_fd_hot = x;
3955 }
3956}
3957
3958static void service_notify_cgroup_empty_event(Unit *u) {
3959 Service *s = ASSERT_PTR(SERVICE(u));
3960
3961 log_unit_debug(u, "Control group is empty.");
3962
3963 switch (s->state) {
3964
3965 /* Waiting for SIGCHLD is usually more interesting, because it includes return
3966 * codes/signals. Which is why we ignore the cgroup events for most cases, except when we
3967 * don't know pid which to expect the SIGCHLD for. */
3968
3969 case SERVICE_START:
3970 if (IN_SET(s->type, SERVICE_NOTIFY, SERVICE_NOTIFY_RELOAD) &&
3971 main_pid_good(s) == 0 &&
3972 control_pid_good(s) == 0) {
3973 /* No chance of getting a ready notification anymore */
3974 service_enter_stop_post(s, SERVICE_FAILURE_PROTOCOL);
3975 break;
3976 }
3977
3978 if (s->exit_type == SERVICE_EXIT_CGROUP && main_pid_good(s) <= 0) {
3979 service_enter_stop_post(s, SERVICE_SUCCESS);
3980 break;
3981 }
3982
3983 _fallthrough_;
3984 case SERVICE_START_POST:
3985 if (s->pid_file_pathspec &&
3986 main_pid_good(s) == 0 &&
3987 control_pid_good(s) == 0) {
3988
3989 /* Give up hoping for the daemon to write its PID file */
3990 log_unit_warning(u, "Daemon never wrote its PID file. Failing.");
3991
3992 service_unwatch_pid_file(s);
3993 if (s->state == SERVICE_START)
3994 service_enter_stop_post(s, SERVICE_FAILURE_PROTOCOL);
3995 else
3996 service_enter_stop(s, SERVICE_FAILURE_PROTOCOL);
3997 }
3998 break;
3999
4000 case SERVICE_RUNNING:
4001 /* service_enter_running() will figure out what to do */
4002 service_enter_running(s, SERVICE_SUCCESS);
4003 break;
4004
4005 case SERVICE_STOP_WATCHDOG:
4006 case SERVICE_STOP_SIGTERM:
4007 case SERVICE_STOP_SIGKILL:
4008
4009 if (main_pid_good(s) <= 0 && control_pid_good(s) <= 0)
4010 service_enter_stop_post(s, SERVICE_SUCCESS);
4011
4012 break;
4013
4014 case SERVICE_STOP_POST:
4015 case SERVICE_FINAL_WATCHDOG:
4016 case SERVICE_FINAL_SIGTERM:
4017 case SERVICE_FINAL_SIGKILL:
4018 if (main_pid_good(s) <= 0 && control_pid_good(s) <= 0)
4019 service_enter_dead(s, SERVICE_SUCCESS, true);
4020
4021 break;
4022
4023 /* If the cgroup empty notification comes when the unit is not active, we must have failed to clean
4024 * up the cgroup earlier and should do it now. */
4025 case SERVICE_AUTO_RESTART:
4026 case SERVICE_AUTO_RESTART_QUEUED:
4027 unit_prune_cgroup(u);
4028 break;
4029
4030 default:
4031 ;
4032 }
4033}
4034
4035static void service_notify_cgroup_oom_event(Unit *u, bool managed_oom) {
4036 Service *s = ASSERT_PTR(SERVICE(u));
4037
4038 if (managed_oom)
4039 log_unit_debug(u, "Process(es) of control group were killed by systemd-oomd.");
4040 else
4041 log_unit_debug(u, "Process of control group was killed by the OOM killer.");
4042
4043 if (s->oom_policy == OOM_CONTINUE)
4044 return;
4045
4046 switch (s->state) {
4047
4048 case SERVICE_CONDITION:
4049 case SERVICE_START_PRE:
4050 case SERVICE_START:
4051 case SERVICE_START_POST:
4052 case SERVICE_STOP:
4053 if (s->oom_policy == OOM_STOP)
4054 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_OOM_KILL);
4055 else if (s->oom_policy == OOM_KILL)
4056 service_enter_signal(s, SERVICE_STOP_SIGKILL, SERVICE_FAILURE_OOM_KILL);
4057
4058 break;
4059
4060 case SERVICE_EXITED:
4061 case SERVICE_RUNNING:
4062 if (s->oom_policy == OOM_STOP)
4063 service_enter_stop(s, SERVICE_FAILURE_OOM_KILL);
4064 else if (s->oom_policy == OOM_KILL)
4065 service_enter_signal(s, SERVICE_STOP_SIGKILL, SERVICE_FAILURE_OOM_KILL);
4066
4067 break;
4068
4069 case SERVICE_STOP_WATCHDOG:
4070 case SERVICE_STOP_SIGTERM:
4071 service_enter_signal(s, SERVICE_STOP_SIGKILL, SERVICE_FAILURE_OOM_KILL);
4072 break;
4073
4074 case SERVICE_STOP_SIGKILL:
4075 case SERVICE_FINAL_SIGKILL:
4076 if (s->result == SERVICE_SUCCESS)
4077 s->result = SERVICE_FAILURE_OOM_KILL;
4078 break;
4079
4080 case SERVICE_STOP_POST:
4081 case SERVICE_FINAL_SIGTERM:
4082 service_enter_signal(s, SERVICE_FINAL_SIGKILL, SERVICE_FAILURE_OOM_KILL);
4083 break;
4084
4085 default:
4086 ;
4087 }
4088}
4089
4090static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) {
4091 Service *s = ASSERT_PTR(SERVICE(u));
4092 bool notify_dbus = true;
4093 ServiceResult f;
4094 ExitClean clean_mode;
4095 int r;
4096
4097 assert(pid >= 0);
4098
4099 /* Oneshot services and non-SERVICE_EXEC_START commands should not be
4100 * considered daemons as they are typically not long running. */
4101 if (s->type == SERVICE_ONESHOT || (s->control_pid.pid == pid && s->control_command_id != SERVICE_EXEC_START))
4102 clean_mode = EXIT_CLEAN_COMMAND;
4103 else
4104 clean_mode = EXIT_CLEAN_DAEMON;
4105
4106 if (is_clean_exit(code, status, clean_mode, &s->success_status))
4107 f = SERVICE_SUCCESS;
4108 else if (code == CLD_EXITED)
4109 f = SERVICE_FAILURE_EXIT_CODE;
4110 else if (code == CLD_KILLED)
4111 f = SERVICE_FAILURE_SIGNAL;
4112 else if (code == CLD_DUMPED)
4113 f = SERVICE_FAILURE_CORE_DUMP;
4114 else
4115 assert_not_reached();
4116
4117 if (s->main_pid.pid == pid) {
4118 /* Clean up the exec_fd event source. We want to do this here, not later in
4119 * service_set_state(), because service_enter_stop_post() calls service_spawn().
4120 * The source owns its end of the pipe, so this will close that too. */
4121 s->exec_fd_event_source = sd_event_source_disable_unref(s->exec_fd_event_source);
4122
4123 /* Forking services may occasionally move to a new PID.
4124 * As long as they update the PID file before exiting the old
4125 * PID, they're fine. */
4126 if (service_load_pid_file(s, false) > 0)
4127 return;
4128
4129 pidref_done(&s->main_pid);
4130 exec_status_exit(&s->main_exec_status, &s->exec_context, pid, code, status);
4131
4132 if (s->main_command) {
4133 /* If this is not a forking service than the
4134 * main process got started and hence we copy
4135 * the exit status so that it is recorded both
4136 * as main and as control process exit
4137 * status */
4138
4139 s->main_command->exec_status = s->main_exec_status;
4140
4141 if (s->main_command->flags & EXEC_COMMAND_IGNORE_FAILURE)
4142 f = SERVICE_SUCCESS;
4143 } else if (s->exec_command[SERVICE_EXEC_START]) {
4144
4145 /* If this is a forked process, then we should
4146 * ignore the return value if this was
4147 * configured for the starter process */
4148
4149 if (s->exec_command[SERVICE_EXEC_START]->flags & EXEC_COMMAND_IGNORE_FAILURE)
4150 f = SERVICE_SUCCESS;
4151 }
4152
4153 unit_log_process_exit(
4154 u,
4155 "Main process",
4156 service_exec_command_to_string(SERVICE_EXEC_START),
4157 f == SERVICE_SUCCESS,
4158 code, status);
4159
4160 if (s->result == SERVICE_SUCCESS)
4161 s->result = f;
4162
4163 if (s->main_command &&
4164 s->main_command->command_next &&
4165 s->type == SERVICE_ONESHOT &&
4166 f == SERVICE_SUCCESS) {
4167
4168 /* There is another command to execute, so let's do that. */
4169
4170 log_unit_debug(u, "Running next main command for state %s.", service_state_to_string(s->state));
4171 service_run_next_main(s);
4172
4173 } else {
4174 s->main_command = NULL;
4175
4176 /* Services with ExitType=cgroup do not act on main PID exiting, unless the cgroup is
4177 * already empty */
4178 if (s->exit_type == SERVICE_EXIT_MAIN || cgroup_good(s) <= 0) {
4179 /* The service exited, so the service is officially gone. */
4180 switch (s->state) {
4181
4182 case SERVICE_START_POST:
4183 case SERVICE_REFRESH_EXTENSIONS:
4184 case SERVICE_RELOAD:
4185 case SERVICE_RELOAD_SIGNAL:
4186 case SERVICE_RELOAD_NOTIFY:
4187 case SERVICE_RELOAD_POST:
4188 case SERVICE_MOUNTING:
4189 /* If neither main nor control processes are running then the current
4190 * state can never exit cleanly, hence immediately terminate the
4191 * service. */
4192 if (control_pid_good(s) <= 0)
4193 service_enter_stop(s, f);
4194
4195 /* Otherwise need to wait until the operation is done. */
4196 break;
4197
4198 case SERVICE_STOP:
4199 /* Need to wait until the operation is done. */
4200 break;
4201
4202 case SERVICE_START:
4203 if (s->type == SERVICE_ONESHOT) {
4204 /* This was our main goal, so let's go on */
4205 if (f == SERVICE_SUCCESS)
4206 service_enter_start_post(s);
4207 else
4208 service_enter_signal(s, SERVICE_STOP_SIGTERM, f);
4209 break;
4210 } else if (IN_SET(s->type, SERVICE_NOTIFY, SERVICE_NOTIFY_RELOAD)) {
4211 /* Only enter running through a notification, so that the
4212 * SERVICE_START state signifies that no ready notification
4213 * has been received */
4214 if (f != SERVICE_SUCCESS)
4215 service_enter_signal(s, SERVICE_STOP_SIGTERM, f);
4216 else if (!s->remain_after_exit || service_get_notify_access(s) == NOTIFY_MAIN)
4217 /* The service has never been and will never be active */
4218 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_PROTOCOL);
4219 break;
4220 }
4221
4222 _fallthrough_;
4223 case SERVICE_RUNNING:
4224 service_enter_running(s, f);
4225 break;
4226
4227 case SERVICE_STOP_WATCHDOG:
4228 case SERVICE_STOP_SIGTERM:
4229 case SERVICE_STOP_SIGKILL:
4230
4231 if (control_pid_good(s) <= 0)
4232 service_enter_stop_post(s, f);
4233
4234 /* If there is still a control process, wait for that first */
4235 break;
4236
4237 case SERVICE_STOP_POST:
4238
4239 if (control_pid_good(s) <= 0)
4240 service_enter_signal(s, SERVICE_FINAL_SIGTERM, f);
4241
4242 break;
4243
4244 case SERVICE_FINAL_WATCHDOG:
4245 case SERVICE_FINAL_SIGTERM:
4246 case SERVICE_FINAL_SIGKILL:
4247
4248 if (control_pid_good(s) <= 0)
4249 service_enter_dead(s, f, true);
4250 break;
4251
4252 default:
4253 assert_not_reached();
4254 }
4255 } else if (s->exit_type == SERVICE_EXIT_CGROUP && s->state == SERVICE_START &&
4256 !IN_SET(s->type, SERVICE_NOTIFY, SERVICE_NOTIFY_RELOAD, SERVICE_DBUS))
4257 /* If a main process exits very quickly, this function might be executed
4258 * before service_dispatch_exec_io(). Since this function disabled IO events
4259 * to monitor the main process above, we need to update the state here too.
4260 * Let's consider the process is successfully launched and exited, but
4261 * only when we're not expecting a readiness notification or dbus name. */
4262 service_enter_start_post(s);
4263 }
4264
4265 } else if (s->control_pid.pid == pid) {
4266 const char *kind;
4267 bool success;
4268
4269 pidref_done(&s->control_pid);
4270
4271 if (s->control_command) {
4272 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
4273
4274 if (s->control_command->flags & EXEC_COMMAND_IGNORE_FAILURE)
4275 f = SERVICE_SUCCESS;
4276 }
4277
4278 /* ExecCondition= calls that exit with (0, 254] should invoke skip-like behavior instead of failing */
4279 if (s->state == SERVICE_CONDITION) {
4280 if (f == SERVICE_FAILURE_EXIT_CODE && status < 255) {
4281 UNIT(s)->condition_result = false;
4282 f = SERVICE_SKIP_CONDITION;
4283 success = true;
4284 } else if (f == SERVICE_SUCCESS) {
4285 UNIT(s)->condition_result = true;
4286 success = true;
4287 } else
4288 success = false;
4289
4290 kind = "Condition check process";
4291 } else {
4292 kind = "Control process";
4293 success = f == SERVICE_SUCCESS;
4294 }
4295
4296 unit_log_process_exit(
4297 u,
4298 kind,
4299 service_exec_command_to_string(s->control_command_id),
4300 success,
4301 code, status);
4302
4303 if (!IN_SET(s->state, SERVICE_REFRESH_EXTENSIONS, SERVICE_RELOAD, SERVICE_RELOAD_POST, SERVICE_MOUNTING) &&
4304 s->result == SERVICE_SUCCESS)
4305 s->result = f;
4306
4307 if (s->control_command &&
4308 s->control_command->command_next &&
4309 f == SERVICE_SUCCESS) {
4310
4311 /* There is another command to execute, so let's do that. */
4312
4313 log_unit_debug(u, "Running next control command for state %s.", service_state_to_string(s->state));
4314 service_run_next_control(s);
4315
4316 } else {
4317 /* No further commands for this step, so let's figure out what to do next */
4318
4319 s->control_command = NULL;
4320 s->control_command_id = _SERVICE_EXEC_COMMAND_INVALID;
4321
4322 log_unit_debug(u, "Got final SIGCHLD for state %s.", service_state_to_string(s->state));
4323
4324 switch (s->state) {
4325
4326 case SERVICE_CONDITION:
4327 if (f == SERVICE_SUCCESS)
4328 service_enter_start_pre(s);
4329 else
4330 service_enter_signal(s, SERVICE_STOP_SIGTERM, f);
4331 break;
4332
4333 case SERVICE_START_PRE:
4334 if (f == SERVICE_SUCCESS)
4335 service_enter_start(s);
4336 else
4337 service_enter_signal(s, SERVICE_STOP_SIGTERM, f);
4338 break;
4339
4340 case SERVICE_START:
4341 if (s->type != SERVICE_FORKING)
4342 /* Maybe spurious event due to a reload that changed the type? */
4343 break;
4344
4345 if (f != SERVICE_SUCCESS) {
4346 service_enter_signal(s, SERVICE_STOP_SIGTERM, f);
4347 break;
4348 }
4349
4350 if (s->pid_file) {
4351 bool has_start_post;
4352
4353 /* Let's try to load the pid file here if we can.
4354 * The PID file might actually be created by a START_POST
4355 * script. In that case don't worry if the loading fails. */
4356
4357 has_start_post = s->exec_command[SERVICE_EXEC_START_POST];
4358 r = service_load_pid_file(s, !has_start_post);
4359 if (!has_start_post && r < 0) {
4360 r = service_demand_pid_file(s);
4361 if (r < 0 || cgroup_good(s) == 0)
4362 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_PROTOCOL);
4363 break;
4364 }
4365 } else
4366 service_search_main_pid(s);
4367
4368 service_enter_start_post(s);
4369 break;
4370
4371 case SERVICE_START_POST:
4372 if (f != SERVICE_SUCCESS) {
4373 service_enter_signal(s, SERVICE_STOP_SIGTERM, f);
4374 break;
4375 }
4376
4377 if (s->pid_file) {
4378 r = service_load_pid_file(s, true);
4379 if (r < 0) {
4380 r = service_demand_pid_file(s);
4381 if (r < 0 || cgroup_good(s) == 0)
4382 service_enter_stop(s, SERVICE_FAILURE_PROTOCOL);
4383 break;
4384 }
4385 } else
4386 service_search_main_pid(s);
4387
4388 service_enter_running(s, SERVICE_SUCCESS);
4389 break;
4390
4391 case SERVICE_REFRESH_EXTENSIONS:
4392 if (f == SERVICE_SUCCESS)
4393 /* Remounting extensions asynchronously done, proceed to reload */
4394 service_enter_reload(s);
4395 else
4396 service_reload_finish(s, f);
4397 break;
4398
4399 case SERVICE_RELOAD:
4400 if (f != SERVICE_SUCCESS) {
4401 service_reload_finish(s, f);
4402 break;
4403 }
4404
4405 if (service_load_pid_file(s, true) < 0)
4406 service_search_main_pid(s);
4407
4408 service_enter_reload_signal(s);
4409 break;
4410
4411 case SERVICE_RELOAD_POST:
4412 service_reload_finish(s, f);
4413 break;
4414
4415 case SERVICE_MOUNTING:
4416 service_live_mount_finish(s, f, SD_BUS_ERROR_FAILED);
4417
4418 service_enter_running(s, SERVICE_SUCCESS);
4419 break;
4420
4421 case SERVICE_STOP:
4422 service_enter_signal(s, SERVICE_STOP_SIGTERM, f);
4423 break;
4424
4425 case SERVICE_STOP_WATCHDOG:
4426 case SERVICE_STOP_SIGTERM:
4427 case SERVICE_STOP_SIGKILL:
4428 if (main_pid_good(s) <= 0)
4429 service_enter_stop_post(s, f);
4430
4431 /* If there is still a service process around, wait until
4432 * that one quit, too */
4433 break;
4434
4435 case SERVICE_STOP_POST:
4436 if (main_pid_good(s) <= 0)
4437 service_enter_signal(s, SERVICE_FINAL_SIGTERM, f);
4438 break;
4439
4440 case SERVICE_FINAL_WATCHDOG:
4441 case SERVICE_FINAL_SIGTERM:
4442 case SERVICE_FINAL_SIGKILL:
4443 if (main_pid_good(s) <= 0)
4444 service_enter_dead(s, f, true);
4445 break;
4446
4447 case SERVICE_CLEANING:
4448
4449 if (s->clean_result == SERVICE_SUCCESS)
4450 s->clean_result = f;
4451
4452 service_enter_dead(s, SERVICE_SUCCESS, false);
4453 break;
4454
4455 default:
4456 assert_not_reached();
4457 }
4458 }
4459 } else /* Neither control nor main PID? If so, don't notify about anything */
4460 notify_dbus = false;
4461
4462 /* Notify clients about changed exit status */
4463 if (notify_dbus)
4464 unit_add_to_dbus_queue(u);
4465}
4466
4467static int service_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
4468 Service *s = ASSERT_PTR(SERVICE(userdata));
4469
4470 assert(source == s->timer_event_source);
4471
4472 switch (s->state) {
4473
4474 case SERVICE_CONDITION:
4475 case SERVICE_START_PRE:
4476 case SERVICE_START:
4477 case SERVICE_START_POST:
4478 switch (s->timeout_start_failure_mode) {
4479
4480 case SERVICE_TIMEOUT_TERMINATE:
4481 log_unit_warning(UNIT(s), "%s operation timed out. Terminating.", service_state_to_string(s->state));
4482 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_TIMEOUT);
4483 break;
4484
4485 case SERVICE_TIMEOUT_ABORT:
4486 log_unit_warning(UNIT(s), "%s operation timed out. Aborting.", service_state_to_string(s->state));
4487 service_enter_signal(s, SERVICE_STOP_WATCHDOG, SERVICE_FAILURE_TIMEOUT);
4488 break;
4489
4490 case SERVICE_TIMEOUT_KILL:
4491 if (s->kill_context.send_sigkill) {
4492 log_unit_warning(UNIT(s), "%s operation timed out. Killing.", service_state_to_string(s->state));
4493 service_enter_signal(s, SERVICE_STOP_SIGKILL, SERVICE_FAILURE_TIMEOUT);
4494 } else {
4495 log_unit_warning(UNIT(s), "%s operation timed out. Skipping SIGKILL.", service_state_to_string(s->state));
4496 service_enter_stop_post(s, SERVICE_FAILURE_TIMEOUT);
4497 }
4498 break;
4499
4500 default:
4501 assert_not_reached();
4502 }
4503 break;
4504
4505 case SERVICE_RUNNING:
4506 log_unit_warning(UNIT(s), "Service reached runtime time limit. Stopping.");
4507 service_enter_stop(s, SERVICE_FAILURE_TIMEOUT);
4508 break;
4509
4510 case SERVICE_REFRESH_EXTENSIONS:
4511 case SERVICE_RELOAD:
4512 case SERVICE_RELOAD_SIGNAL:
4513 case SERVICE_RELOAD_NOTIFY:
4514 case SERVICE_RELOAD_POST:
4515 log_unit_warning(UNIT(s), "Reload operation timed out. Killing reload process.");
4516 service_kill_control_process(s);
4517 service_reload_finish(s, SERVICE_FAILURE_TIMEOUT);
4518 break;
4519
4520 case SERVICE_MOUNTING:
4521 log_unit_warning(UNIT(s), "Mount operation timed out. Killing mount process.");
4522 service_kill_control_process(s);
4523 service_live_mount_finish(s, SERVICE_FAILURE_TIMEOUT, SD_BUS_ERROR_TIMEOUT);
4524 service_enter_running(s, SERVICE_SUCCESS);
4525 break;
4526
4527 case SERVICE_STOP:
4528 switch (s->timeout_stop_failure_mode) {
4529
4530 case SERVICE_TIMEOUT_TERMINATE:
4531 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
4532 service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_TIMEOUT);
4533 break;
4534
4535 case SERVICE_TIMEOUT_ABORT:
4536 log_unit_warning(UNIT(s), "Stopping timed out. Aborting.");
4537 service_enter_signal(s, SERVICE_STOP_WATCHDOG, SERVICE_FAILURE_TIMEOUT);
4538 break;
4539
4540 case SERVICE_TIMEOUT_KILL:
4541 if (s->kill_context.send_sigkill) {
4542 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
4543 service_enter_signal(s, SERVICE_STOP_SIGKILL, SERVICE_FAILURE_TIMEOUT);
4544 } else {
4545 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL.");
4546 service_enter_stop_post(s, SERVICE_FAILURE_TIMEOUT);
4547 }
4548 break;
4549
4550 default:
4551 assert_not_reached();
4552 }
4553 break;
4554
4555 case SERVICE_STOP_WATCHDOG:
4556 if (s->kill_context.send_sigkill) {
4557 log_unit_warning(UNIT(s), "State 'stop-watchdog' timed out. Killing.");
4558 service_enter_signal(s, SERVICE_STOP_SIGKILL, SERVICE_FAILURE_TIMEOUT);
4559 } else {
4560 log_unit_warning(UNIT(s), "State 'stop-watchdog' timed out. Skipping SIGKILL.");
4561 service_enter_stop_post(s, SERVICE_FAILURE_TIMEOUT);
4562 }
4563 break;
4564
4565 case SERVICE_STOP_SIGTERM:
4566 if (s->timeout_stop_failure_mode == SERVICE_TIMEOUT_ABORT) {
4567 log_unit_warning(UNIT(s), "State 'stop-sigterm' timed out. Aborting.");
4568 service_enter_signal(s, SERVICE_STOP_WATCHDOG, SERVICE_FAILURE_TIMEOUT);
4569 } else if (s->kill_context.send_sigkill) {
4570 log_unit_warning(UNIT(s), "State 'stop-sigterm' timed out. Killing.");
4571 service_enter_signal(s, SERVICE_STOP_SIGKILL, SERVICE_FAILURE_TIMEOUT);
4572 } else {
4573 log_unit_warning(UNIT(s), "State 'stop-sigterm' timed out. Skipping SIGKILL.");
4574 service_enter_stop_post(s, SERVICE_FAILURE_TIMEOUT);
4575 }
4576
4577 break;
4578
4579 case SERVICE_STOP_SIGKILL:
4580 /* Uh, we sent a SIGKILL and it is still not gone?
4581 * Must be something we cannot kill, so let's just be
4582 * weirded out and continue */
4583
4584 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
4585 service_enter_stop_post(s, SERVICE_FAILURE_TIMEOUT);
4586 break;
4587
4588 case SERVICE_STOP_POST:
4589 switch (s->timeout_stop_failure_mode) {
4590
4591 case SERVICE_TIMEOUT_TERMINATE:
4592 log_unit_warning(UNIT(s), "State 'stop-post' timed out. Terminating.");
4593 service_enter_signal(s, SERVICE_FINAL_SIGTERM, SERVICE_FAILURE_TIMEOUT);
4594 break;
4595
4596 case SERVICE_TIMEOUT_ABORT:
4597 log_unit_warning(UNIT(s), "State 'stop-post' timed out. Aborting.");
4598 service_enter_signal(s, SERVICE_FINAL_WATCHDOG, SERVICE_FAILURE_TIMEOUT);
4599 break;
4600
4601 case SERVICE_TIMEOUT_KILL:
4602 if (s->kill_context.send_sigkill) {
4603 log_unit_warning(UNIT(s), "State 'stop-post' timed out. Killing.");
4604 service_enter_signal(s, SERVICE_FINAL_SIGKILL, SERVICE_FAILURE_TIMEOUT);
4605 } else {
4606 log_unit_warning(UNIT(s), "State 'stop-post' timed out. Skipping SIGKILL. Entering failed mode.");
4607 service_enter_dead(s, SERVICE_FAILURE_TIMEOUT, false);
4608 }
4609 break;
4610
4611 default:
4612 assert_not_reached();
4613 }
4614 break;
4615
4616 case SERVICE_FINAL_WATCHDOG:
4617 if (s->kill_context.send_sigkill) {
4618 log_unit_warning(UNIT(s), "State 'final-watchdog' timed out. Killing.");
4619 service_enter_signal(s, SERVICE_FINAL_SIGKILL, SERVICE_FAILURE_TIMEOUT);
4620 } else {
4621 log_unit_warning(UNIT(s), "State 'final-watchdog' timed out. Skipping SIGKILL. Entering failed mode.");
4622 service_enter_dead(s, SERVICE_FAILURE_TIMEOUT, false);
4623 }
4624 break;
4625
4626 case SERVICE_FINAL_SIGTERM:
4627 if (s->timeout_stop_failure_mode == SERVICE_TIMEOUT_ABORT) {
4628 log_unit_warning(UNIT(s), "State 'final-sigterm' timed out. Aborting.");
4629 service_enter_signal(s, SERVICE_FINAL_WATCHDOG, SERVICE_FAILURE_TIMEOUT);
4630 } else if (s->kill_context.send_sigkill) {
4631 log_unit_warning(UNIT(s), "State 'final-sigterm' timed out. Killing.");
4632 service_enter_signal(s, SERVICE_FINAL_SIGKILL, SERVICE_FAILURE_TIMEOUT);
4633 } else {
4634 log_unit_warning(UNIT(s), "State 'final-sigterm' timed out. Skipping SIGKILL. Entering failed mode.");
4635 service_enter_dead(s, SERVICE_FAILURE_TIMEOUT, false);
4636 }
4637
4638 break;
4639
4640 case SERVICE_FINAL_SIGKILL:
4641 log_unit_warning(UNIT(s), "Processes still around after final SIGKILL. Entering failed mode.");
4642 service_enter_dead(s, SERVICE_FAILURE_TIMEOUT, true);
4643 break;
4644
4645 case SERVICE_AUTO_RESTART:
4646 if (s->restart_usec > 0)
4647 log_unit_debug(UNIT(s),
4648 "Service restart interval %s expired, scheduling restart.",
4649 FORMAT_TIMESPAN(service_restart_usec_next(s), USEC_PER_SEC));
4650 else
4651 log_unit_debug(UNIT(s),
4652 "Service has no hold-off time (RestartSec=0), scheduling restart.");
4653
4654 service_enter_restart(s, /* shortcut = */ false);
4655 break;
4656
4657 case SERVICE_CLEANING:
4658 log_unit_warning(UNIT(s), "Cleaning timed out. killing.");
4659
4660 if (s->clean_result == SERVICE_SUCCESS)
4661 s->clean_result = SERVICE_FAILURE_TIMEOUT;
4662
4663 service_enter_signal(s, SERVICE_FINAL_SIGKILL, 0);
4664 break;
4665
4666 default:
4667 assert_not_reached();
4668 }
4669
4670 return 0;
4671}
4672
4673static int service_dispatch_watchdog(sd_event_source *source, usec_t usec, void *userdata) {
4674 Service *s = ASSERT_PTR(SERVICE(userdata));
4675 usec_t watchdog_usec;
4676
4677 assert(source == s->watchdog_event_source);
4678
4679 watchdog_usec = service_get_watchdog_usec(s);
4680
4681 if (UNIT(s)->manager->service_watchdogs) {
4682 log_unit_error(UNIT(s), "Watchdog timeout (limit %s)!",
4683 FORMAT_TIMESPAN(watchdog_usec, 1));
4684
4685 service_enter_signal(s, SERVICE_STOP_WATCHDOG, SERVICE_FAILURE_WATCHDOG);
4686 } else
4687 log_unit_warning(UNIT(s), "Watchdog disabled! Ignoring watchdog timeout (limit %s)!",
4688 FORMAT_TIMESPAN(watchdog_usec, 1));
4689
4690 return 0;
4691}
4692
4693static void service_force_watchdog(Service *s) {
4694 assert(s);
4695
4696 if (!UNIT(s)->manager->service_watchdogs)
4697 return;
4698
4699 log_unit_error(UNIT(s), "Watchdog request (last status: %s)!",
4700 s->status_text ?: "<unset>");
4701
4702 service_enter_signal(s, SERVICE_STOP_WATCHDOG, SERVICE_FAILURE_WATCHDOG);
4703}
4704
4705static bool service_notify_message_authorized(Service *s, PidRef *pid) {
4706 assert(s);
4707 assert(pidref_is_set(pid));
4708
4709 switch (service_get_notify_access(s)) {
4710
4711 case NOTIFY_NONE:
4712 /* Warn level only if no notifications are expected */
4713 log_unit_warning(UNIT(s), "Got notification message from PID "PID_FMT", but reception is disabled", pid->pid);
4714 return false;
4715
4716 case NOTIFY_ALL:
4717 return true;
4718
4719 case NOTIFY_MAIN:
4720 if (pidref_equal(pid, &s->main_pid))
4721 return true;
4722
4723 if (pidref_is_set(&s->main_pid))
4724 log_unit_debug(UNIT(s), "Got notification message from PID "PID_FMT", but reception only permitted for main PID "PID_FMT, pid->pid, s->main_pid.pid);
4725 else
4726 log_unit_debug(UNIT(s), "Got notification message from PID "PID_FMT", but reception only permitted for main PID which is currently not known", pid->pid);
4727
4728 return false;
4729
4730 case NOTIFY_EXEC:
4731 if (pidref_equal(pid, &s->main_pid) || pidref_equal(pid, &s->control_pid))
4732 return true;
4733
4734 if (pidref_is_set(&s->main_pid) && pidref_is_set(&s->control_pid))
4735 log_unit_debug(UNIT(s), "Got notification message from PID "PID_FMT", but reception only permitted for main PID "PID_FMT" and control PID "PID_FMT,
4736 pid->pid, s->main_pid.pid, s->control_pid.pid);
4737 else if (pidref_is_set(&s->main_pid))
4738 log_unit_debug(UNIT(s), "Got notification message from PID "PID_FMT", but reception only permitted for main PID "PID_FMT, pid->pid, s->main_pid.pid);
4739 else if (pidref_is_set(&s->control_pid))
4740 log_unit_debug(UNIT(s), "Got notification message from PID "PID_FMT", but reception only permitted for control PID "PID_FMT, pid->pid, s->control_pid.pid);
4741 else
4742 log_unit_debug(UNIT(s), "Got notification message from PID "PID_FMT", but reception only permitted for main PID and control PID which are currently not known", pid->pid);
4743
4744 return false;
4745
4746 default:
4747 assert_not_reached();
4748 }
4749}
4750
4751static int service_notify_message_parse_new_pid(
4752 Unit *u,
4753 char * const *tags,
4754 FDSet *fds,
4755 PidRef *ret) {
4756
4757 _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
4758 const char *e;
4759 int r;
4760
4761 assert(u);
4762 assert(ret);
4763
4764 /* MAINPIDFD=1 always takes precedence */
4765 if (strv_contains(tags, "MAINPIDFD=1")) {
4766 unsigned n_fds = fdset_size(fds);
4767 if (n_fds != 1)
4768 return log_unit_warning_errno(u, SYNTHETIC_ERRNO(EINVAL),
4769 "Got MAINPIDFD=1 with %s fd, ignoring.", n_fds == 0 ? "no" : "more than one");
4770
4771 r = pidref_set_pidfd_consume(&pidref, ASSERT_FD(fdset_steal_first(fds)));
4772 if (r < 0)
4773 return log_unit_warning_errno(u, r, "Failed to create reference to received new main pidfd: %m");
4774
4775 goto finish;
4776 }
4777
4778 e = strv_find_startswith(tags, "MAINPID=");
4779 if (!e) {
4780 *ret = PIDREF_NULL;
4781 return 0;
4782 }
4783
4784 r = pidref_set_pidstr(&pidref, e);
4785 if (r < 0)
4786 return log_unit_warning_errno(u, r, "Failed to parse MAINPID=%s field in notification message, ignoring: %m", e);
4787
4788 e = strv_find_startswith(tags, "MAINPIDFDID=");
4789 if (!e)
4790 goto finish;
4791
4792 uint64_t pidfd_id;
4793
4794 r = safe_atou64(e, &pidfd_id);
4795 if (r < 0)
4796 return log_unit_warning_errno(u, r, "Failed to parse MAINPIDFDID= in notification message, refusing: %s", e);
4797
4798 r = pidref_acquire_pidfd_id(&pidref);
4799 if (r < 0) {
4800 if (!ERRNO_IS_NEG_NOT_SUPPORTED(r))
4801 log_unit_warning_errno(u, r,
4802 "Failed to acquire pidfd id of process " PID_FMT ", not validating MAINPIDFDID=%" PRIu64 ": %m",
4803 pidref.pid, pidfd_id);
4804 goto finish;
4805 }
4806
4807 if (pidref.fd_id != pidfd_id)
4808 return log_unit_warning_errno(u, SYNTHETIC_ERRNO(ESRCH),
4809 "PIDFD ID of process " PID_FMT " (%" PRIu64 ") mismatches with received MAINPIDFDID=%" PRIu64 ", not changing main PID.",
4810 pidref.pid, pidref.fd_id, pidfd_id);
4811
4812finish:
4813 *ret = TAKE_PIDREF(pidref);
4814 return 1;
4815}
4816
4817static void service_notify_message_process_state(Service *s, char * const *tags) {
4818 usec_t monotonic_usec = USEC_INFINITY;
4819 int r;
4820
4821 assert(s);
4822
4823 const char *e = strv_find_startswith(tags, "MONOTONIC_USEC=");
4824 if (e) {
4825 r = safe_atou64(e, &monotonic_usec);
4826 if (r < 0)
4827 log_unit_warning_errno(UNIT(s), r, "Failed to parse MONOTONIC_USEC= field in notification message, ignoring: %s", e);
4828 }
4829
4830 /* Interpret READY=/STOPPING=/RELOADING=. STOPPING= wins over the others, and READY= over RELOADING= */
4831 if (strv_contains(tags, "STOPPING=1")) {
4832 s->notify_state = NOTIFY_STOPPING;
4833
4834 if (IN_SET(s->state, SERVICE_RUNNING, SERVICE_RELOAD_SIGNAL, SERVICE_RELOAD_NOTIFY, SERVICE_REFRESH_EXTENSIONS))
4835 service_enter_stop_by_notify(s);
4836
4837 return;
4838 }
4839
4840 /* Disallow resurrecting a dying service */
4841 if (s->notify_state == NOTIFY_STOPPING)
4842 return;
4843
4844 if (strv_contains(tags, "READY=1")) {
4845
4846 if (s->notify_state == NOTIFY_RELOADING)
4847 s->notify_state = NOTIFY_RELOAD_READY;
4848 else
4849 s->notify_state = NOTIFY_READY;
4850
4851 /* Combined RELOADING=1 and READY=1? Then this is indication that the service started and
4852 * immediately finished reloading. */
4853 if (strv_contains(tags, "RELOADING=1")) {
4854 if (s->state == SERVICE_RELOAD_SIGNAL &&
4855 monotonic_usec != USEC_INFINITY &&
4856 monotonic_usec >= s->reload_begin_usec)
4857 /* Valid Type=notify-reload protocol? Then we're all good. */
4858 service_enter_reload_post(s);
4859
4860 else if (s->state == SERVICE_RUNNING) {
4861 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
4862
4863 /* Propagate a reload explicitly for plain RELOADING=1 (semantically equivalent to
4864 * service_enter_reload_by_notify() call in below) */
4865 r = manager_propagate_reload(UNIT(s)->manager, UNIT(s), JOB_FAIL, &error);
4866 if (r < 0)
4867 log_unit_warning(UNIT(s), "Failed to schedule propagation of reload, ignoring: %s",
4868 bus_error_message(&error, r));
4869 }
4870 }
4871
4872 /* Type=notify(-reload) services inform us about completed initialization with READY=1 */
4873 if (IN_SET(s->type, SERVICE_NOTIFY, SERVICE_NOTIFY_RELOAD) &&
4874 s->state == SERVICE_START)
4875 service_enter_start_post(s);
4876
4877 /* Sending READY=1 while we are reloading informs us that the reloading is complete. */
4878 if (s->state == SERVICE_RELOAD_NOTIFY)
4879 service_enter_reload_post(s);
4880
4881 } else if (strv_contains(tags, "RELOADING=1")) {
4882
4883 s->notify_state = NOTIFY_RELOADING;
4884
4885 /* Sending RELOADING=1 after we send SIGHUP to request a reload will transition
4886 * things to "reload-notify" state, where we'll wait for READY=1 to let us know the
4887 * reload is done. Note that we insist on a timestamp being sent along here, so that
4888 * we know for sure this is a reload cycle initiated *after* we sent the signal */
4889 if (s->state == SERVICE_RELOAD_SIGNAL &&
4890 monotonic_usec != USEC_INFINITY &&
4891 monotonic_usec >= s->reload_begin_usec)
4892 /* Note, we don't call service_enter_reload_by_notify() here, because we
4893 * don't need reload propagation nor do we want to restart the timeout. */
4894 service_set_state(s, SERVICE_RELOAD_NOTIFY);
4895
4896 if (s->state == SERVICE_RUNNING)
4897 service_enter_reload_by_notify(s);
4898 }
4899}
4900
4901static void service_notify_message(
4902 Unit *u,
4903 PidRef *pidref,
4904 const struct ucred *ucred,
4905 char * const *tags,
4906 FDSet *fds) {
4907
4908 Service *s = ASSERT_PTR(SERVICE(u));
4909 int r;
4910
4911 assert(pidref_is_set(pidref));
4912 assert(ucred);
4913
4914 if (!service_notify_message_authorized(s, pidref))
4915 return;
4916
4917 if (DEBUG_LOGGING) {
4918 _cleanup_free_ char *cc = strv_join(tags, ", ");
4919 log_unit_debug(u, "Got notification message from PID "PID_FMT": %s", pidref->pid, empty_to_na(cc));
4920 }
4921
4922 bool notify_dbus = false;
4923 const char *e;
4924
4925 /* Interpret MAINPID= (+ MAINPIDFDID=) / MAINPIDFD=1 */
4926 _cleanup_(pidref_done) PidRef new_main_pid = PIDREF_NULL;
4927
4928 r = service_notify_message_parse_new_pid(u, tags, fds, &new_main_pid);
4929 if (r > 0 &&
4930 IN_SET(s->state, SERVICE_START, SERVICE_START_POST, SERVICE_RUNNING,
4931 SERVICE_REFRESH_EXTENSIONS, SERVICE_RELOAD, SERVICE_RELOAD_SIGNAL, SERVICE_RELOAD_NOTIFY, SERVICE_RELOAD_POST,
4932 SERVICE_STOP, SERVICE_STOP_SIGTERM) &&
4933 (!s->main_pid_known || !pidref_equal(&new_main_pid, &s->main_pid))) {
4934
4935 r = service_is_suitable_main_pid(s, &new_main_pid, LOG_WARNING);
4936 if (r == 0) {
4937 /* The new main PID is a bit suspicious, which is OK if the sender is privileged. */
4938
4939 if (ucred->uid == 0) {
4940 log_unit_debug(u, "New main PID "PID_FMT" does not belong to service, but we'll accept it as the request to change it came from a privileged process.", new_main_pid.pid);
4941 r = 1;
4942 } else
4943 log_unit_warning(u, "New main PID "PID_FMT" does not belong to service, refusing.", new_main_pid.pid);
4944 }
4945 if (r > 0) {
4946 (void) service_set_main_pidref(s, TAKE_PIDREF(new_main_pid), /* start_timestamp = */ NULL);
4947
4948 r = unit_watch_pidref(UNIT(s), &s->main_pid, /* exclusive= */ false);
4949 if (r < 0)
4950 log_unit_warning_errno(UNIT(s), r, "Failed to watch new main PID "PID_FMT" for service: %m", s->main_pid.pid);
4951
4952 notify_dbus = true;
4953 }
4954 }
4955
4956 service_notify_message_process_state(s, tags);
4957
4958 /* Interpret STATUS= */
4959 e = strv_find_startswith(tags, "STATUS=");
4960 if (e) {
4961 _cleanup_free_ char *t = NULL;
4962
4963 if (!isempty(e)) {
4964 /* Note that this size limit check is mostly paranoia: since the datagram size we are willing
4965 * to process is already limited to NOTIFY_BUFFER_MAX, this limit here should never be hit. */
4966 if (strlen(e) > STATUS_TEXT_MAX)
4967 log_unit_warning(u, "Status message overly long (%zu > %u), ignoring.", strlen(e), STATUS_TEXT_MAX);
4968 else if (!utf8_is_valid(e))
4969 log_unit_warning(u, "Status message in notification message is not UTF-8 clean, ignoring.");
4970 else {
4971 t = strdup(e);
4972 if (!t)
4973 log_oom_warning();
4974 }
4975 }
4976
4977 if (!streq_ptr(s->status_text, t)) {
4978 free_and_replace(s->status_text, t);
4979 notify_dbus = true;
4980 }
4981 }
4982
4983 /* Interpret NOTIFYACCESS= */
4984 e = strv_find_startswith(tags, "NOTIFYACCESS=");
4985 if (e) {
4986 NotifyAccess notify_access;
4987
4988 notify_access = notify_access_from_string(e);
4989 if (notify_access < 0)
4990 log_unit_warning_errno(u, notify_access,
4991 "Failed to parse NOTIFYACCESS= field value '%s' in notification message, ignoring: %m", e);
4992
4993 /* We don't need to check whether the new access mode is more strict than what is
4994 * already in use, since only the privileged process is allowed to change it
4995 * in the first place. */
4996 if (service_get_notify_access(s) != notify_access) {
4997 service_override_notify_access(s, notify_access);
4998 notify_dbus = true;
4999 }
5000 }
5001
5002 /* Interpret ERRNO= */
5003 e = strv_find_startswith(tags, "ERRNO=");
5004 if (e) {
5005 int status_errno;
5006
5007 status_errno = parse_errno(e);
5008 if (status_errno < 0)
5009 log_unit_warning_errno(u, status_errno,
5010 "Failed to parse ERRNO= field value '%s' in notification message: %m", e);
5011 else if (s->status_errno != status_errno) {
5012 s->status_errno = status_errno;
5013 notify_dbus = true;
5014 }
5015 }
5016
5017 static const struct {
5018 const char *tag;
5019 size_t status_offset;
5020 } status_errors[] = {
5021 { "BUSERROR=", offsetof(Service, status_bus_error) },
5022 { "VARLINKERROR=", offsetof(Service, status_varlink_error) },
5023 };
5024
5025 FOREACH_ELEMENT(i, status_errors) {
5026 e = strv_find_startswith(tags, i->tag);
5027 if (!e)
5028 continue;
5029
5030 char **status_error = (char**) ((uint8_t*) s + i->status_offset);
5031
5032 e = empty_to_null(e);
5033
5034 if (e && !string_is_safe_ascii(e)) {
5035 _cleanup_free_ char *escaped = cescape(e);
5036 log_unit_warning(u, "Got invalid %s string, ignoring: %s", i->tag, strna(escaped));
5037 } else if (free_and_strdup_warn(status_error, e) > 0)
5038 notify_dbus = true;
5039 }
5040
5041 /* Interpret EXTEND_TIMEOUT= */
5042 e = strv_find_startswith(tags, "EXTEND_TIMEOUT_USEC=");
5043 if (e) {
5044 usec_t extend_timeout_usec;
5045
5046 if (safe_atou64(e, &extend_timeout_usec) < 0)
5047 log_unit_warning(u, "Failed to parse EXTEND_TIMEOUT_USEC=%s", e);
5048 else
5049 service_extend_timeout(s, extend_timeout_usec);
5050 }
5051
5052 /* Interpret WATCHDOG= */
5053 e = strv_find_startswith(tags, "WATCHDOG=");
5054 if (e) {
5055 if (streq(e, "1"))
5056 service_reset_watchdog(s);
5057 else if (streq(e, "trigger"))
5058 service_force_watchdog(s);
5059 else
5060 log_unit_warning(u, "Passed WATCHDOG= field is invalid, ignoring.");
5061 }
5062
5063 e = strv_find_startswith(tags, "WATCHDOG_USEC=");
5064 if (e) {
5065 usec_t watchdog_override_usec;
5066 if (safe_atou64(e, &watchdog_override_usec) < 0)
5067 log_unit_warning(u, "Failed to parse WATCHDOG_USEC=%s", e);
5068 else
5069 service_override_watchdog_timeout(s, watchdog_override_usec);
5070 }
5071
5072 /* Interpret RESTART_RESET=1 */
5073 if (strv_contains(tags, "RESTART_RESET=1") && IN_SET(s->state, SERVICE_RUNNING, SERVICE_STOP)) {
5074 log_unit_struct(u, LOG_NOTICE,
5075 LOG_UNIT_MESSAGE(u, "Got RESTART_RESET=1, resetting restart counter from %u.", s->n_restarts),
5076 LOG_ITEM("N_RESTARTS=0"),
5077 LOG_UNIT_INVOCATION_ID(u));
5078
5079 s->n_restarts = 0;
5080 notify_dbus = true;
5081 }
5082
5083 /* Process FD store messages. Either FDSTOREREMOVE=1 for removal, or FDSTORE=1 for addition. In both cases,
5084 * process FDNAME= for picking the file descriptor name to use. Note that FDNAME= is required when removing
5085 * fds, but optional when pushing in new fds, for compatibility reasons. */
5086 if (strv_contains(tags, "FDSTOREREMOVE=1")) {
5087 const char *name;
5088
5089 name = strv_find_startswith(tags, "FDNAME=");
5090 if (!name || !fdname_is_valid(name))
5091 log_unit_warning(u, "FDSTOREREMOVE=1 requested, but no valid file descriptor name passed, ignoring.");
5092 else
5093 service_remove_fd_store(s, name);
5094
5095 } else if (strv_contains(tags, "FDSTORE=1")) {
5096 const char *name;
5097
5098 name = strv_find_startswith(tags, "FDNAME=");
5099 if (name && !fdname_is_valid(name)) {
5100 log_unit_warning(u, "Passed FDNAME= name is invalid, ignoring.");
5101 name = NULL;
5102 }
5103
5104 (void) service_add_fd_store_set(s, fds, name, !strv_contains(tags, "FDPOLL=0"));
5105 }
5106
5107 /* Notify clients about changed status or main pid */
5108 if (notify_dbus)
5109 unit_add_to_dbus_queue(u);
5110}
5111
5112static void service_handoff_timestamp(
5113 Unit *u,
5114 const struct ucred *ucred,
5115 const dual_timestamp *ts) {
5116
5117 Service *s = ASSERT_PTR(SERVICE(u));
5118
5119 assert(ucred);
5120 assert(ts);
5121
5122 if (s->main_pid.pid == ucred->pid) {
5123 if (s->main_command)
5124 exec_status_handoff(&s->main_command->exec_status, ucred, ts);
5125
5126 exec_status_handoff(&s->main_exec_status, ucred, ts);
5127 } else if (s->control_pid.pid == ucred->pid && s->control_command)
5128 exec_status_handoff(&s->control_command->exec_status, ucred, ts);
5129 else
5130 return;
5131
5132 unit_add_to_dbus_queue(u);
5133}
5134
5135static void service_notify_pidref(Unit *u, PidRef *parent_pidref, PidRef *child_pidref) {
5136 Service *s = ASSERT_PTR(SERVICE(u));
5137 int r;
5138
5139 assert(pidref_is_set(parent_pidref));
5140 assert(pidref_is_set(child_pidref));
5141
5142 if (pidref_equal(&s->main_pid, parent_pidref)) {
5143 r = service_set_main_pidref(s, TAKE_PIDREF(*child_pidref), /* start_timestamp = */ NULL);
5144 if (r < 0)
5145 return (void) log_unit_warning_errno(u, r, "Failed to set new main pid: %m");
5146
5147 /* Since the child process is PID 1 in a new PID namespace, it must be exclusive to this unit. */
5148 r = unit_watch_pidref(u, &s->main_pid, /* exclusive= */ true);
5149 if (r < 0)
5150 log_unit_warning_errno(u, r, "Failed to watch new main PID " PID_FMT ": %m", s->main_pid.pid);
5151 } else if (pidref_equal(&s->control_pid, parent_pidref)) {
5152 service_unwatch_control_pid(s);
5153 s->control_pid = TAKE_PIDREF(*child_pidref);
5154
5155 r = unit_watch_pidref(u, &s->control_pid, /* exclusive= */ true);
5156 if (r < 0)
5157 log_unit_warning_errno(u, r, "Failed to watch new control PID " PID_FMT ": %m", s->control_pid.pid);
5158 } else
5159 return (void) log_unit_debug(u, "Parent process " PID_FMT " does not match main or control processes, ignoring.", parent_pidref->pid);
5160
5161 unit_add_to_dbus_queue(u);
5162}
5163
5164static int service_get_timeout(Unit *u, usec_t *timeout) {
5165 Service *s = ASSERT_PTR(SERVICE(u));
5166 uint64_t t;
5167 int r;
5168
5169 assert(timeout);
5170
5171 if (!s->timer_event_source)
5172 return 0;
5173
5174 r = sd_event_source_get_time(s->timer_event_source, &t);
5175 if (r < 0)
5176 return r;
5177 if (t == USEC_INFINITY)
5178 return 0;
5179
5180 *timeout = t;
5181 return 1;
5182}
5183
5184static usec_t service_get_timeout_start_usec(Unit *u) {
5185 Service *s = ASSERT_PTR(SERVICE(u));
5186 return s->timeout_start_usec;
5187}
5188
5189static bool pick_up_pid_from_bus_name(Service *s) {
5190 assert(s);
5191
5192 /* If the service is running but we have no main PID yet, get it from the owner of the D-Bus name */
5193
5194 return !pidref_is_set(&s->main_pid) &&
5195 IN_SET(s->state,
5196 SERVICE_START,
5197 SERVICE_START_POST,
5198 SERVICE_RUNNING,
5199 SERVICE_REFRESH_EXTENSIONS,
5200 SERVICE_RELOAD,
5201 SERVICE_RELOAD_SIGNAL,
5202 SERVICE_RELOAD_NOTIFY,
5203 SERVICE_RELOAD_POST,
5204 SERVICE_MOUNTING);
5205}
5206
5207static int bus_name_pid_lookup_callback(sd_bus_message *reply, void *userdata, sd_bus_error *ret_error) {
5208 Service *s = ASSERT_PTR(SERVICE(userdata));
5209 _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
5210 const sd_bus_error *e;
5211 uint32_t pid;
5212 int r;
5213
5214 assert(reply);
5215
5216 s->bus_name_pid_lookup_slot = sd_bus_slot_unref(s->bus_name_pid_lookup_slot);
5217
5218 if (!s->bus_name || !pick_up_pid_from_bus_name(s))
5219 return 1;
5220
5221 e = sd_bus_message_get_error(reply);
5222 if (e) {
5223 r = sd_bus_error_get_errno(e);
5224 log_unit_warning_errno(UNIT(s), r, "GetConnectionUnixProcessID() failed: %s", bus_error_message(e, r));
5225 return 1;
5226 }
5227
5228 r = sd_bus_message_read(reply, "u", &pid);
5229 if (r < 0) {
5230 bus_log_parse_error(r);
5231 return 1;
5232 }
5233
5234 r = pidref_set_pid(&pidref, pid);
5235 if (r < 0) {
5236 log_unit_debug_errno(UNIT(s), r, "GetConnectionUnixProcessID() returned invalid PID: %m");
5237 return 1;
5238 }
5239
5240 log_unit_debug(UNIT(s), "D-Bus name %s is now owned by process " PID_FMT, s->bus_name, pidref.pid);
5241
5242 (void) service_set_main_pidref(s, TAKE_PIDREF(pidref), /* start_timestamp = */ NULL);
5243 (void) unit_watch_pidref(UNIT(s), &s->main_pid, /* exclusive= */ false);
5244 return 1;
5245}
5246
5247static void service_bus_name_owner_change(Unit *u, const char *new_owner) {
5248 Service *s = ASSERT_PTR(SERVICE(u));
5249 int r;
5250
5251 if (new_owner)
5252 log_unit_debug(u, "D-Bus name %s now owned by %s", s->bus_name, new_owner);
5253 else
5254 log_unit_debug(u, "D-Bus name %s now not owned by anyone.", s->bus_name);
5255
5256 s->bus_name_good = new_owner;
5257
5258 if (s->type == SERVICE_DBUS) {
5259 /* service_enter_running() will figure out what to do */
5260 if (s->state == SERVICE_RUNNING)
5261 service_enter_running(s, SERVICE_SUCCESS);
5262 else if (s->state == SERVICE_START && new_owner)
5263 service_enter_start_post(s);
5264
5265 } else if (new_owner && pick_up_pid_from_bus_name(s)) {
5266
5267 /* Try to acquire PID from bus service */
5268
5269 s->bus_name_pid_lookup_slot = sd_bus_slot_unref(s->bus_name_pid_lookup_slot);
5270
5271 r = sd_bus_call_method_async(
5272 u->manager->api_bus,
5273 &s->bus_name_pid_lookup_slot,
5274 "org.freedesktop.DBus",
5275 "/org/freedesktop/DBus",
5276 "org.freedesktop.DBus",
5277 "GetConnectionUnixProcessID",
5278 bus_name_pid_lookup_callback,
5279 s,
5280 "s",
5281 s->bus_name);
5282 if (r < 0)
5283 log_unit_debug_errno(u, r, "Failed to request owner PID of service name, ignoring: %m");
5284 }
5285}
5286
5287int service_set_socket_fd(
5288 Service *s,
5289 int fd,
5290 Socket *sock,
5291 SocketPeer *peer, /* reference to object is donated to us on success */
5292 bool selinux_context_net) {
5293
5294 _cleanup_free_ char *peer_text = NULL;
5295 int r;
5296
5297 assert(s);
5298 assert(fd >= 0);
5299 assert(sock);
5300
5301 /* This is called by the socket code when instantiating a new service for a stream socket and the socket needs
5302 * to be configured. We take ownership of the passed fd on success. */
5303
5304 if (UNIT(s)->load_state != UNIT_LOADED)
5305 return -EINVAL;
5306
5307 if (s->socket_fd >= 0)
5308 return -EBUSY;
5309
5310 assert(!s->socket_peer);
5311
5312 if (!IN_SET(s->state, SERVICE_DEAD, SERVICE_DEAD_RESOURCES_PINNED))
5313 return -EAGAIN;
5314
5315 if (getpeername_pretty(fd, true, &peer_text) >= 0) {
5316
5317 if (UNIT(s)->description) {
5318 _cleanup_free_ char *a = NULL;
5319
5320 a = strjoin(UNIT(s)->description, " (", peer_text, ")");
5321 if (!a)
5322 return -ENOMEM;
5323
5324 r = unit_set_description(UNIT(s), a);
5325 } else
5326 r = unit_set_description(UNIT(s), peer_text);
5327 if (r < 0)
5328 return r;
5329 }
5330
5331 r = unit_add_two_dependencies(UNIT(s), UNIT_AFTER, UNIT_TRIGGERED_BY, UNIT(sock), false, UNIT_DEPENDENCY_IMPLICIT);
5332 if (r < 0)
5333 return log_unit_debug_errno(UNIT(s), r,
5334 "Failed to add After=/TriggeredBy= dependencies on socket unit: %m");
5335
5336 s->socket_fd = fd;
5337 s->socket_peer = peer;
5338 s->socket_fd_selinux_context_net = selinux_context_net;
5339
5340 unit_ref_set(&s->accept_socket, UNIT(s), UNIT(sock));
5341 return 0;
5342}
5343
5344static void service_reset_failed(Unit *u) {
5345 Service *s = ASSERT_PTR(SERVICE(u));
5346
5347 if (s->state == SERVICE_FAILED)
5348 service_set_state(s, service_determine_dead_state(s));
5349
5350 s->result = SERVICE_SUCCESS;
5351 s->reload_result = SERVICE_SUCCESS;
5352 s->live_mount_result = SERVICE_SUCCESS;
5353 s->clean_result = SERVICE_SUCCESS;
5354 s->n_restarts = 0;
5355}
5356
5357static PidRef* service_main_pid(Unit *u, bool *ret_is_alien) {
5358 Service *s = ASSERT_PTR(SERVICE(u));
5359
5360 if (ret_is_alien)
5361 *ret_is_alien = s->main_pid_alien;
5362
5363 return &s->main_pid;
5364}
5365
5366static PidRef* service_control_pid(Unit *u) {
5367 return &ASSERT_PTR(SERVICE(u))->control_pid;
5368}
5369
5370static bool service_needs_console(Unit *u) {
5371 Service *s = ASSERT_PTR(SERVICE(u));
5372
5373 /* We provide our own implementation of this here, instead of relying of the generic implementation
5374 * unit_needs_console() provides, since we want to return false if we are in SERVICE_EXITED state. */
5375
5376 if (!exec_context_may_touch_console(&s->exec_context))
5377 return false;
5378
5379 return IN_SET(s->state,
5380 SERVICE_CONDITION,
5381 SERVICE_START_PRE,
5382 SERVICE_START,
5383 SERVICE_START_POST,
5384 SERVICE_RUNNING,
5385 SERVICE_REFRESH_EXTENSIONS,
5386 SERVICE_RELOAD,
5387 SERVICE_RELOAD_SIGNAL,
5388 SERVICE_RELOAD_NOTIFY,
5389 SERVICE_RELOAD_POST,
5390 SERVICE_MOUNTING,
5391 SERVICE_STOP,
5392 SERVICE_STOP_WATCHDOG,
5393 SERVICE_STOP_SIGTERM,
5394 SERVICE_STOP_SIGKILL,
5395 SERVICE_STOP_POST,
5396 SERVICE_FINAL_WATCHDOG,
5397 SERVICE_FINAL_SIGTERM,
5398 SERVICE_FINAL_SIGKILL);
5399}
5400
5401static int service_exit_status(Unit *u) {
5402 Service *s = ASSERT_PTR(SERVICE(u));
5403
5404 if (s->main_exec_status.pid <= 0 ||
5405 !dual_timestamp_is_set(&s->main_exec_status.exit_timestamp))
5406 return -ENODATA;
5407
5408 if (s->main_exec_status.code != CLD_EXITED)
5409 return -EBADE;
5410
5411 return s->main_exec_status.status;
5412}
5413
5414static const char* service_status_text(Unit *u) {
5415 Service *s = ASSERT_PTR(SERVICE(u));
5416
5417 return s->status_text;
5418}
5419
5420static int service_clean(Unit *u, ExecCleanMask mask) {
5421 Service *s = ASSERT_PTR(SERVICE(u));
5422 _cleanup_strv_free_ char **l = NULL;
5423 bool may_clean_fdstore = false;
5424 int r;
5425
5426 assert(mask != 0);
5427
5428 if (!IN_SET(s->state, SERVICE_DEAD, SERVICE_DEAD_RESOURCES_PINNED))
5429 return -EBUSY;
5430
5431 /* Determine if there's anything we could potentially clean */
5432 r = exec_context_get_clean_directories(&s->exec_context, u->manager->prefix, mask, &l);
5433 if (r < 0)
5434 return r;
5435
5436 if (mask & EXEC_CLEAN_FDSTORE)
5437 may_clean_fdstore = s->n_fd_store > 0 || s->n_fd_store_max > 0;
5438
5439 if (strv_isempty(l) && !may_clean_fdstore)
5440 return -EUNATCH; /* Nothing to potentially clean */
5441
5442 /* Let's clean the stuff we can clean quickly */
5443 if (may_clean_fdstore)
5444 service_release_fd_store(s);
5445
5446 /* If we are done, leave quickly */
5447 if (strv_isempty(l)) {
5448 if (s->state == SERVICE_DEAD_RESOURCES_PINNED && !s->fd_store)
5449 service_set_state(s, SERVICE_DEAD);
5450 return 0;
5451 }
5452
5453 /* We need to clean disk stuff. This is slow, hence do it out of process, and change state */
5454 service_unwatch_control_pid(s);
5455 s->clean_result = SERVICE_SUCCESS;
5456 s->control_command = NULL;
5457 s->control_command_id = _SERVICE_EXEC_COMMAND_INVALID;
5458
5459 r = service_arm_timer(s, /* relative= */ true, s->exec_context.timeout_clean_usec);
5460 if (r < 0) {
5461 log_unit_warning_errno(u, r, "Failed to install timer: %m");
5462 goto fail;
5463 }
5464
5465 r = unit_fork_and_watch_rm_rf(u, l, &s->control_pid);
5466 if (r < 0) {
5467 log_unit_warning_errno(u, r, "Failed to spawn cleaning task: %m");
5468 goto fail;
5469 }
5470
5471 service_set_state(s, SERVICE_CLEANING);
5472 return 0;
5473
5474fail:
5475 s->clean_result = SERVICE_FAILURE_RESOURCES;
5476 s->timer_event_source = sd_event_source_disable_unref(s->timer_event_source);
5477 return r;
5478}
5479
5480static int service_can_clean(Unit *u, ExecCleanMask *ret) {
5481 Service *s = ASSERT_PTR(SERVICE(u));
5482 ExecCleanMask mask = 0;
5483 int r;
5484
5485 assert(ret);
5486
5487 r = exec_context_get_clean_mask(&s->exec_context, &mask);
5488 if (r < 0)
5489 return r;
5490
5491 if (s->n_fd_store_max > 0)
5492 mask |= EXEC_CLEAN_FDSTORE;
5493
5494 *ret = mask;
5495 return 0;
5496}
5497
5498static int service_live_mount(
5499 Unit *u,
5500 const char *src,
5501 const char *dst,
5502 sd_bus_message *message,
5503 MountInNamespaceFlags flags,
5504 const MountOptions *options,
5505 sd_bus_error *error) {
5506
5507 Service *s = ASSERT_PTR(SERVICE(u));
5508 _cleanup_(pidref_done) PidRef worker = PIDREF_NULL;
5509 int r;
5510
5511 assert(u);
5512 assert(u->manager);
5513 assert(src);
5514 assert(dst);
5515 assert(message);
5516 assert(!s->mount_request);
5517
5518 if (s->state != SERVICE_RUNNING || !pidref_is_set(&s->main_pid)) {
5519 log_unit_warning(u, "Service is not running, cannot live mount.");
5520 return sd_bus_error_setf(
5521 error,
5522 BUS_ERROR_UNIT_INACTIVE,
5523 "Live mounting '%s' on '%s' for unit '%s' cannot be scheduled: service not running",
5524 src,
5525 dst,
5526 u->id);
5527 }
5528
5529 if (mount_point_is_credentials(u->manager->prefix[EXEC_DIRECTORY_RUNTIME], dst)) {
5530 log_unit_warning(u, "Refusing to live mount over credential mount '%s'.", dst);
5531 return sd_bus_error_setf(
5532 error,
5533 SD_BUS_ERROR_INVALID_ARGS,
5534 "Live mounting '%s' on '%s' for unit '%s' cannot be scheduled: cannot mount over credential mount",
5535 src,
5536 dst,
5537 u->id);
5538 }
5539
5540 if (path_startswith_strv(dst, s->exec_context.inaccessible_paths)) {
5541 log_unit_warning(u, "%s is not accessible to this unit, cannot live mount.", dst);
5542 return sd_bus_error_setf(
5543 error,
5544 SD_BUS_ERROR_INVALID_ARGS,
5545 "Live mounting '%s' on '%s' for unit '%s' cannot be scheduled: destination is not accessible to this unit",
5546 src,
5547 dst,
5548 u->id);
5549 }
5550
5551 service_unwatch_control_pid(s);
5552 s->live_mount_result = SERVICE_SUCCESS;
5553 s->control_command = NULL;
5554 s->control_command_id = _SERVICE_EXEC_COMMAND_INVALID;
5555
5556 r = service_arm_timer(s, /* relative= */ true, s->timeout_start_usec);
5557 if (r < 0) {
5558 log_unit_error_errno(u, r, "Failed to install timer: %m");
5559 sd_bus_error_set_errnof(error, r,
5560 "Live mounting '%s' on '%s' for unit '%s': failed to install timer: %m",
5561 src, dst, u->id);
5562 goto fail;
5563 }
5564
5565 const char *propagate_directory = strjoina("/run/systemd/propagate/", u->id);
5566
5567 /* Given we are running from PID1, avoid doing potentially heavy I/O operations like opening images
5568 * directly, and instead fork a worker process. We record the D-Bus message, so that we can reply
5569 * after the operation has finished. This way callers can wait on the message and know that the new
5570 * resource is available (or the operation failed) once they receive the response. */
5571 r = unit_fork_helper_process(u, "(sd-mount-in-ns)", /* into_cgroup= */ false, &worker);
5572 if (r < 0) {
5573 log_unit_error_errno(u, r,
5574 "Failed to fork process to mount '%s' on '%s' in unit's namespace: %m",
5575 src, dst);
5576 sd_bus_error_set_errnof(error, r,
5577 "Live mounting '%s' on '%s' for unit '%s': failed to fork off helper process into namespace: %m",
5578 src, dst, u->id);
5579 goto fail;
5580 }
5581 if (r == 0) {
5582 if (flags & MOUNT_IN_NAMESPACE_IS_IMAGE)
5583 r = mount_image_in_namespace(
5584 &s->main_pid,
5585 propagate_directory,
5586 "/run/systemd/incoming/",
5587 src, dst,
5588 flags,
5589 options,
5590 s->exec_context.mount_image_policy ?: &image_policy_service);
5591 else
5592 r = bind_mount_in_namespace(
5593 &s->main_pid,
5594 propagate_directory,
5595 "/run/systemd/incoming/",
5596 src, dst,
5597 flags);
5598 if (r < 0)
5599 log_unit_error_errno(u, r,
5600 "Failed to mount '%s' on '%s' in unit's namespace: %m",
5601 src, dst);
5602 else
5603 log_unit_debug(u, "Mounted '%s' on '%s' in unit's namespace", src, dst);
5604
5605 _exit(r < 0 ? EXIT_FAILURE : EXIT_SUCCESS);
5606 }
5607
5608 r = unit_watch_pidref(u, &worker, /* exclusive= */ true);
5609 if (r < 0) {
5610 log_unit_warning_errno(u, r, "Failed to watch live mount helper process: %m");
5611 sd_bus_error_set_errnof(error, r,
5612 "Live mounting '%s' on '%s' for unit '%s': failed to watch live mount helper process: %m",
5613 src, dst, u->id);
5614 goto fail;
5615 }
5616
5617 s->mount_request = sd_bus_message_ref(message);
5618 s->control_pid = TAKE_PIDREF(worker);
5619 service_set_state(s, SERVICE_MOUNTING);
5620 return 0;
5621
5622fail:
5623 s->live_mount_result = SERVICE_FAILURE_RESOURCES;
5624 service_enter_running(s, SERVICE_SUCCESS);
5625 return r;
5626}
5627
5628static int service_can_live_mount(Unit *u, sd_bus_error *error) {
5629 Service *s = ASSERT_PTR(SERVICE(u));
5630
5631 /* Ensure that the unit runs in a private mount namespace */
5632 if (!exec_needs_mount_namespace(&s->exec_context, /* params= */ NULL, s->exec_runtime))
5633 return sd_bus_error_setf(
5634 error,
5635 SD_BUS_ERROR_INVALID_ARGS,
5636 "Unit '%s' not running in private mount namespace, cannot live mount.",
5637 u->id);
5638
5639 return 0;
5640}
5641
5642static const char* service_finished_job(Unit *u, JobType t, JobResult result) {
5643 Service *s = ASSERT_PTR(SERVICE(u));
5644
5645 if (t == JOB_START &&
5646 result == JOB_DONE &&
5647 s->type == SERVICE_ONESHOT)
5648 return "Finished %s.";
5649
5650 /* Fall back to generic */
5651 return NULL;
5652}
5653
5654static int service_test_startable(Unit *u) {
5655 Service *s = ASSERT_PTR(SERVICE(u));
5656 int r;
5657
5658 /* First check the state, and do not increment start limit counter if the service cannot start due to
5659 * that e.g. it is already being started. Note, the service states mapped to UNIT_ACTIVE,
5660 * UNIT_RELOADING, UNIT_DEACTIVATING, UNIT_MAINTENANCE, and UNIT_REFRESHING are already filtered in
5661 * unit_start(). Hence, here we only need to check states that mapped to UNIT_ACTIVATING. */
5662 if (IN_SET(s->state, SERVICE_CONDITION, SERVICE_START_PRE, SERVICE_START, SERVICE_START_POST))
5663 return false;
5664
5665 /* Make sure we don't enter a busy loop of some kind. */
5666 r = unit_test_start_limit(u);
5667 if (r < 0) {
5668 service_enter_dead(s, SERVICE_FAILURE_START_LIMIT_HIT, false);
5669 return r;
5670 }
5671
5672 return true;
5673}
5674
5675static void service_release_resources(Unit *u) {
5676 Service *s = ASSERT_PTR(SERVICE(u));
5677
5678 /* Invoked by the unit state engine, whenever it realizes that unit is dead and there's no job
5679 * anymore for it, and it hence is a good idea to release resources */
5680
5681 /* Don't release resources if this is a transitionary failed/dead state
5682 * (i.e. SERVICE_DEAD_BEFORE_AUTO_RESTART/SERVICE_FAILED_BEFORE_AUTO_RESTART), insist on a permanent
5683 * failure state. */
5684 if (!IN_SET(s->state, SERVICE_DEAD, SERVICE_FAILED, SERVICE_DEAD_RESOURCES_PINNED))
5685 return;
5686
5687 log_unit_debug(u, "Releasing resources...");
5688
5689 service_release_socket_fd(s);
5690 service_release_stdio_fd(s);
5691 service_release_extra_fds(s);
5692 s->root_directory_fd = asynchronous_close(s->root_directory_fd);
5693
5694 if (s->fd_store_preserve_mode != EXEC_PRESERVE_YES)
5695 service_release_fd_store(s);
5696
5697 if (s->state == SERVICE_DEAD_RESOURCES_PINNED && !s->fd_store)
5698 service_set_state(s, SERVICE_DEAD);
5699}
5700
5701int service_determine_exec_selinux_label(Service *s, char **ret) {
5702 int r;
5703
5704 assert(s);
5705 assert(ret);
5706
5707 if (!mac_selinux_use())
5708 return -ENODATA;
5709
5710 /* Returns the SELinux label used for execution of the main service binary */
5711
5712 if (s->exec_context.selinux_context)
5713 /* Prefer the explicitly configured label if there is one */
5714 return strdup_to(ret, s->exec_context.selinux_context);
5715
5716 if (s->exec_context.root_image ||
5717 s->exec_context.n_extension_images > 0 ||
5718 !strv_isempty(s->exec_context.extension_directories)) /* We cannot chase paths through images */
5719 return log_unit_debug_errno(UNIT(s), SYNTHETIC_ERRNO(ENODATA), "Service with RootImage=, ExtensionImages= or ExtensionDirectories= set, cannot determine socket SELinux label before activation, ignoring.");
5720
5721 ExecCommand *c = s->exec_command[SERVICE_EXEC_START];
5722 if (!c)
5723 return -ENODATA;
5724
5725 _cleanup_free_ char *path = NULL;
5726 if (s->exec_context.root_directory_as_fd)
5727 r = chaseat(s->root_directory_fd, c->path, CHASE_AT_RESOLVE_IN_ROOT|CHASE_TRIGGER_AUTOFS, &path, NULL);
5728 else
5729 r = chase(c->path, s->exec_context.root_directory, CHASE_PREFIX_ROOT|CHASE_TRIGGER_AUTOFS, &path, NULL);
5730 if (r < 0) {
5731 log_unit_debug_errno(UNIT(s), r, "Failed to resolve service binary '%s', ignoring.", c->path);
5732 return -ENODATA;
5733 }
5734
5735 r = mac_selinux_get_create_label_from_exe(path, ret);
5736 if (ERRNO_IS_NEG_NOT_SUPPORTED(r)) {
5737 log_unit_debug_errno(UNIT(s), r, "Reading SELinux label off binary '%s' is not supported, ignoring.", path);
5738 return -ENODATA;
5739 }
5740 if (ERRNO_IS_NEG_PRIVILEGE(r)) {
5741 log_unit_debug_errno(UNIT(s), r, "Can't read SELinux label off binary '%s', due to privileges, ignoring.", path);
5742 return -ENODATA;
5743 }
5744 if (r < 0)
5745 return log_unit_debug_errno(UNIT(s), r, "Failed to read SELinux label off binary '%s': %m", path);
5746
5747 return 0;
5748}
5749
5750static int service_freezer_action(Unit *u, FreezerAction action) {
5751 Service *s = ASSERT_PTR(SERVICE(u));
5752 FreezerState old_objective, new_objective;
5753 int r;
5754
5755 old_objective = freezer_state_objective(u->freezer_state);
5756
5757 r = unit_cgroup_freezer_action(u, action);
5758 if (r < 0)
5759 return r;
5760
5761 new_objective = freezer_state_objective(u->freezer_state);
5762
5763 /* Note that we cannot trivially check the retval of unit_cgroup_freezer_action() here, since
5764 * that signals whether the operation is ongoing from *kernel's PoV*. If the freeze operation
5765 * is aborted, the frozen attribute of the cgroup would never have been flipped in kernel,
5766 * and unit_cgroup_freezer_action() will happily return 0, yet the watchdog still needs to be reset;
5767 * vice versa. */
5768
5769 if (old_objective != new_objective) {
5770 if (new_objective == FREEZER_FROZEN)
5771 service_stop_watchdog(s);
5772 else if (new_objective == FREEZER_RUNNING)
5773 service_reset_watchdog(s);
5774 else
5775 assert_not_reached();
5776 }
5777
5778 return r;
5779}
5780
5781static const char* const service_restart_table[_SERVICE_RESTART_MAX] = {
5782 [SERVICE_RESTART_NO] = "no",
5783 [SERVICE_RESTART_ON_SUCCESS] = "on-success",
5784 [SERVICE_RESTART_ON_FAILURE] = "on-failure",
5785 [SERVICE_RESTART_ON_ABNORMAL] = "on-abnormal",
5786 [SERVICE_RESTART_ON_WATCHDOG] = "on-watchdog",
5787 [SERVICE_RESTART_ON_ABORT] = "on-abort",
5788 [SERVICE_RESTART_ALWAYS] = "always",
5789};
5790
5791DEFINE_STRING_TABLE_LOOKUP(service_restart, ServiceRestart);
5792
5793static const char* const service_restart_mode_table[_SERVICE_RESTART_MODE_MAX] = {
5794 [SERVICE_RESTART_MODE_NORMAL] = "normal",
5795 [SERVICE_RESTART_MODE_DIRECT] = "direct",
5796 [SERVICE_RESTART_MODE_DEBUG] = "debug",
5797};
5798
5799DEFINE_STRING_TABLE_LOOKUP(service_restart_mode, ServiceRestartMode);
5800
5801static const char* const service_type_table[_SERVICE_TYPE_MAX] = {
5802 [SERVICE_SIMPLE] = "simple",
5803 [SERVICE_FORKING] = "forking",
5804 [SERVICE_ONESHOT] = "oneshot",
5805 [SERVICE_DBUS] = "dbus",
5806 [SERVICE_NOTIFY] = "notify",
5807 [SERVICE_NOTIFY_RELOAD] = "notify-reload",
5808 [SERVICE_IDLE] = "idle",
5809 [SERVICE_EXEC] = "exec",
5810};
5811
5812DEFINE_STRING_TABLE_LOOKUP(service_type, ServiceType);
5813
5814static const char* const service_exit_type_table[_SERVICE_EXIT_TYPE_MAX] = {
5815 [SERVICE_EXIT_MAIN] = "main",
5816 [SERVICE_EXIT_CGROUP] = "cgroup",
5817};
5818
5819DEFINE_STRING_TABLE_LOOKUP(service_exit_type, ServiceExitType);
5820
5821static const char* const service_exec_command_table[_SERVICE_EXEC_COMMAND_MAX] = {
5822 [SERVICE_EXEC_CONDITION] = "ExecCondition",
5823 [SERVICE_EXEC_START_PRE] = "ExecStartPre",
5824 [SERVICE_EXEC_START] = "ExecStart",
5825 [SERVICE_EXEC_START_POST] = "ExecStartPost",
5826 [SERVICE_EXEC_RELOAD] = "ExecReload",
5827 [SERVICE_EXEC_RELOAD_POST] = "ExecReloadPost",
5828 [SERVICE_EXEC_STOP] = "ExecStop",
5829 [SERVICE_EXEC_STOP_POST] = "ExecStopPost",
5830};
5831
5832DEFINE_STRING_TABLE_LOOKUP(service_exec_command, ServiceExecCommand);
5833
5834static const char* const service_exec_ex_command_table[_SERVICE_EXEC_COMMAND_MAX] = {
5835 [SERVICE_EXEC_CONDITION] = "ExecConditionEx",
5836 [SERVICE_EXEC_START_PRE] = "ExecStartPreEx",
5837 [SERVICE_EXEC_START] = "ExecStartEx",
5838 [SERVICE_EXEC_START_POST] = "ExecStartPostEx",
5839 [SERVICE_EXEC_RELOAD] = "ExecReloadEx",
5840 [SERVICE_EXEC_RELOAD_POST] = "ExecReloadPostEx",
5841 [SERVICE_EXEC_STOP] = "ExecStopEx",
5842 [SERVICE_EXEC_STOP_POST] = "ExecStopPostEx",
5843};
5844
5845DEFINE_STRING_TABLE_LOOKUP(service_exec_ex_command, ServiceExecCommand);
5846
5847static const char* const notify_state_table[_NOTIFY_STATE_MAX] = {
5848 [NOTIFY_READY] = "ready",
5849 [NOTIFY_RELOADING] = "reloading",
5850 [NOTIFY_RELOAD_READY] = "reload-ready",
5851 [NOTIFY_STOPPING] = "stopping",
5852};
5853
5854DEFINE_STRING_TABLE_LOOKUP(notify_state, NotifyState);
5855
5856static const char* const service_result_table[_SERVICE_RESULT_MAX] = {
5857 [SERVICE_SUCCESS] = "success",
5858 [SERVICE_FAILURE_RESOURCES] = "resources",
5859 [SERVICE_FAILURE_PROTOCOL] = "protocol",
5860 [SERVICE_FAILURE_TIMEOUT] = "timeout",
5861 [SERVICE_FAILURE_EXIT_CODE] = "exit-code",
5862 [SERVICE_FAILURE_SIGNAL] = "signal",
5863 [SERVICE_FAILURE_CORE_DUMP] = "core-dump",
5864 [SERVICE_FAILURE_WATCHDOG] = "watchdog",
5865 [SERVICE_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
5866 [SERVICE_FAILURE_OOM_KILL] = "oom-kill",
5867 [SERVICE_SKIP_CONDITION] = "exec-condition",
5868};
5869
5870DEFINE_STRING_TABLE_LOOKUP(service_result, ServiceResult);
5871
5872static const char* const service_timeout_failure_mode_table[_SERVICE_TIMEOUT_FAILURE_MODE_MAX] = {
5873 [SERVICE_TIMEOUT_TERMINATE] = "terminate",
5874 [SERVICE_TIMEOUT_ABORT] = "abort",
5875 [SERVICE_TIMEOUT_KILL] = "kill",
5876};
5877
5878DEFINE_STRING_TABLE_LOOKUP(service_timeout_failure_mode, ServiceTimeoutFailureMode);
5879
5880const UnitVTable service_vtable = {
5881 .object_size = sizeof(Service),
5882 .exec_context_offset = offsetof(Service, exec_context),
5883 .cgroup_context_offset = offsetof(Service, cgroup_context),
5884 .kill_context_offset = offsetof(Service, kill_context),
5885 .exec_runtime_offset = offsetof(Service, exec_runtime),
5886 .cgroup_runtime_offset = offsetof(Service, cgroup_runtime),
5887
5888 .sections =
5889 "Unit\0"
5890 "Service\0"
5891 "Install\0",
5892 .private_section = "Service",
5893
5894 .can_transient = true,
5895 .can_delegate = true,
5896 .can_fail = true,
5897 .can_set_managed_oom = true,
5898
5899 .init = service_init,
5900 .done = service_done,
5901 .load = service_load,
5902 .release_resources = service_release_resources,
5903
5904 .coldplug = service_coldplug,
5905
5906 .dump = service_dump,
5907
5908 .start = service_start,
5909 .stop = service_stop,
5910 .reload = service_reload,
5911
5912 .can_reload = service_can_reload,
5913
5914 .clean = service_clean,
5915 .can_clean = service_can_clean,
5916
5917 .live_mount = service_live_mount,
5918 .can_live_mount = service_can_live_mount,
5919
5920 .freezer_action = service_freezer_action,
5921
5922 .serialize = service_serialize,
5923 .deserialize_item = service_deserialize_item,
5924
5925 .active_state = service_active_state,
5926 .sub_state_to_string = service_sub_state_to_string,
5927
5928 .will_restart = service_will_restart,
5929
5930 .may_gc = service_may_gc,
5931
5932 .sigchld_event = service_sigchld_event,
5933
5934 .reset_failed = service_reset_failed,
5935
5936 .notify_cgroup_empty = service_notify_cgroup_empty_event,
5937 .notify_cgroup_oom = service_notify_cgroup_oom_event,
5938 .notify_message = service_notify_message,
5939 .notify_handoff_timestamp = service_handoff_timestamp,
5940 .notify_pidref = service_notify_pidref,
5941
5942 .main_pid = service_main_pid,
5943 .control_pid = service_control_pid,
5944
5945 .bus_name_owner_change = service_bus_name_owner_change,
5946
5947 .bus_set_property = bus_service_set_property,
5948 .bus_commit_properties = bus_service_commit_properties,
5949
5950 .get_timeout = service_get_timeout,
5951 .get_timeout_start_usec = service_get_timeout_start_usec,
5952 .needs_console = service_needs_console,
5953 .exit_status = service_exit_status,
5954 .status_text = service_status_text,
5955
5956 .status_message_formats = {
5957 .finished_job = service_finished_job,
5958 },
5959
5960 .test_startable = service_test_startable,
5961
5962 .notify_plymouth = true,
5963
5964 .audit_start_message_type = AUDIT_SERVICE_START,
5965 .audit_stop_message_type = AUDIT_SERVICE_STOP,
5966};
Unnamed repository; edit this file 'description' to name the repository.