]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/dbus-cgroup.c
projects / thirdparty / systemd.git / blob
? search:


9fe0332135d5b9005ead176618a34f1aea28de26
[thirdparty/systemd.git] / src / core / dbus-cgroup.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include "af-list.h"
4 #include "alloc-util.h"
5 #include "bpf-program.h"
6 #include "bus-get-properties.h"
7 #include "bus-message-util.h"
8 #include "cgroup.h"
9 #include "cgroup-util.h"
10 #include "dbus-cgroup.h"
11 #include "escape.h"
12 #include "firewall-util.h"
13 #include "in-addr-prefix-util.h"
14 #include "limits-util.h"
15 #include "manager.h"
16 #include "memstream-util.h"
17 #include "parse-util.h"
18 #include "path-util.h"
19 #include "percent-util.h"
20 #include "set.h"
21 #include "socket-util.h"
22 #include "string-util.h"
23 #include "strv.h"
24 #include "varlink.h"
25
26 BUS_DEFINE_PROPERTY_GET(bus_property_get_tasks_max, "t", CGroupTasksMax, cgroup_tasks_max_resolve);
27 BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_cgroup_pressure_watch, cgroup_pressure_watch, CGroupPressureWatch);
28
29 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_cgroup_device_policy, cgroup_device_policy, CGroupDevicePolicy);
30 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_managed_oom_mode, managed_oom_mode, ManagedOOMMode);
31 static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_managed_oom_preference, managed_oom_preference, ManagedOOMPreference);
32
33 static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_blockio_ast, "a(st)", 0);
34
35 static int property_get_cgroup_mask(
36 sd_bus *bus,
37 const char *path,
38 const char *interface,
39 const char *property,
40 sd_bus_message *reply,
41 void *userdata,
42 sd_bus_error *error) {
43
44 CGroupMask *mask = userdata;
45 int r;
46
47 assert(bus);
48 assert(reply);
49
50 r = sd_bus_message_open_container(reply, 'a', "s");
51 if (r < 0)
52 return r;
53
54 for (CGroupController ctrl = 0; ctrl < _CGROUP_CONTROLLER_MAX; ctrl++) {
55 if ((*mask & CGROUP_CONTROLLER_TO_MASK(ctrl)) == 0)
56 continue;
57
58 r = sd_bus_message_append(reply, "s", cgroup_controller_to_string(ctrl));
59 if (r < 0)
60 return r;
61 }
62
63 return sd_bus_message_close_container(reply);
64 }
65
66 static int property_get_delegate_controllers(
67 sd_bus *bus,
68 const char *path,
69 const char *interface,
70 const char *property,
71 sd_bus_message *reply,
72 void *userdata,
73 sd_bus_error *error) {
74
75 CGroupContext *c = ASSERT_PTR(userdata);
76
77 assert(bus);
78 assert(reply);
79
80 if (!c->delegate)
81 return sd_bus_message_append(reply, "as", 0);
82
83 return property_get_cgroup_mask(bus, path, interface, property, reply, &c->delegate_controllers, error);
84 }
85
86 static int property_get_cpuset(
87 sd_bus *bus,
88 const char *path,
89 const char *interface,
90 const char *property,
91 sd_bus_message *reply,
92 void *userdata,
93 sd_bus_error *error) {
94
95 CPUSet *cpus = ASSERT_PTR(userdata);
96 _cleanup_free_ uint8_t *array = NULL;
97 size_t allocated;
98
99 assert(bus);
100 assert(reply);
101
102 (void) cpu_set_to_dbus(cpus, &array, &allocated);
103 return sd_bus_message_append_array(reply, 'y', array, allocated);
104 }
105
106 static int property_get_io_device_weight(
107 sd_bus *bus,
108 const char *path,
109 const char *interface,
110 const char *property,
111 sd_bus_message *reply,
112 void *userdata,
113 sd_bus_error *error) {
114
115 CGroupContext *c = ASSERT_PTR(userdata);
116 int r;
117
118 assert(bus);
119 assert(reply);
120
121 r = sd_bus_message_open_container(reply, 'a', "(st)");
122 if (r < 0)
123 return r;
124
125 LIST_FOREACH(device_weights, w, c->io_device_weights) {
126 r = sd_bus_message_append(reply, "(st)", w->path, w->weight);
127 if (r < 0)
128 return r;
129 }
130
131 return sd_bus_message_close_container(reply);
132 }
133
134 static int property_get_io_device_limits(
135 sd_bus *bus,
136 const char *path,
137 const char *interface,
138 const char *property,
139 sd_bus_message *reply,
140 void *userdata,
141 sd_bus_error *error) {
142
143 CGroupContext *c = ASSERT_PTR(userdata);
144 int r;
145
146 assert(bus);
147 assert(reply);
148
149 r = sd_bus_message_open_container(reply, 'a', "(st)");
150 if (r < 0)
151 return r;
152
153 LIST_FOREACH(device_limits, l, c->io_device_limits) {
154 CGroupIOLimitType type;
155
156 type = cgroup_io_limit_type_from_string(property);
157 if (type < 0 || l->limits[type] == cgroup_io_limit_defaults[type])
158 continue;
159
160 r = sd_bus_message_append(reply, "(st)", l->path, l->limits[type]);
161 if (r < 0)
162 return r;
163 }
164
165 return sd_bus_message_close_container(reply);
166 }
167
168 static int property_get_io_device_latency(
169 sd_bus *bus,
170 const char *path,
171 const char *interface,
172 const char *property,
173 sd_bus_message *reply,
174 void *userdata,
175 sd_bus_error *error) {
176
177 CGroupContext *c = ASSERT_PTR(userdata);
178 int r;
179
180 assert(bus);
181 assert(reply);
182
183 r = sd_bus_message_open_container(reply, 'a', "(st)");
184 if (r < 0)
185 return r;
186
187 LIST_FOREACH(device_latencies, l, c->io_device_latencies) {
188 r = sd_bus_message_append(reply, "(st)", l->path, l->target_usec);
189 if (r < 0)
190 return r;
191 }
192
193 return sd_bus_message_close_container(reply);
194 }
195
196 static int property_get_device_allow(
197 sd_bus *bus,
198 const char *path,
199 const char *interface,
200 const char *property,
201 sd_bus_message *reply,
202 void *userdata,
203 sd_bus_error *error) {
204
205 CGroupContext *c = ASSERT_PTR(userdata);
206 int r;
207
208 assert(bus);
209 assert(reply);
210
211 r = sd_bus_message_open_container(reply, 'a', "(ss)");
212 if (r < 0)
213 return r;
214
215 LIST_FOREACH(device_allow, a, c->device_allow) {
216 r = sd_bus_message_append(reply, "(ss)", a->path, cgroup_device_permissions_to_string(a->permissions));
217 if (r < 0)
218 return r;
219 }
220
221 return sd_bus_message_close_container(reply);
222 }
223
224 static int property_get_ip_address_access(
225 sd_bus *bus,
226 const char *path,
227 const char *interface,
228 const char *property,
229 sd_bus_message *reply,
230 void *userdata,
231 sd_bus_error *error) {
232
233 Set **prefixes = ASSERT_PTR(userdata);
234 struct in_addr_prefix *i;
235 int r;
236
237 r = sd_bus_message_open_container(reply, 'a', "(iayu)");
238 if (r < 0)
239 return r;
240
241 SET_FOREACH(i, *prefixes) {
242
243 r = sd_bus_message_open_container(reply, 'r', "iayu");
244 if (r < 0)
245 return r;
246
247 r = sd_bus_message_append(reply, "i", i->family);
248 if (r < 0)
249 return r;
250
251 r = sd_bus_message_append_array(reply, 'y', &i->address, FAMILY_ADDRESS_SIZE(i->family));
252 if (r < 0)
253 return r;
254
255 r = sd_bus_message_append(reply, "u", (uint32_t) i->prefixlen);
256 if (r < 0)
257 return r;
258
259 r = sd_bus_message_close_container(reply);
260 if (r < 0)
261 return r;
262 }
263
264 return sd_bus_message_close_container(reply);
265 }
266
267 static int property_get_bpf_foreign_program(
268 sd_bus *bus,
269 const char *path,
270 const char *interface,
271 const char *property,
272 sd_bus_message *reply,
273 void *userdata,
274 sd_bus_error *error) {
275 CGroupContext *c = userdata;
276 int r;
277
278 r = sd_bus_message_open_container(reply, 'a', "(ss)");
279 if (r < 0)
280 return r;
281
282 LIST_FOREACH(programs, p, c->bpf_foreign_programs) {
283 const char *attach_type = bpf_cgroup_attach_type_to_string(p->attach_type);
284
285 r = sd_bus_message_append(reply, "(ss)", attach_type, p->bpffs_path);
286 if (r < 0)
287 return r;
288 }
289
290 return sd_bus_message_close_container(reply);
291 }
292
293 static int property_get_socket_bind(
294 sd_bus *bus,
295 const char *path,
296 const char *interface,
297 const char *property,
298 sd_bus_message *reply,
299 void *userdata,
300 sd_bus_error *error) {
301
302 CGroupSocketBindItem **items = ASSERT_PTR(userdata);
303 int r;
304
305 r = sd_bus_message_open_container(reply, 'a', "(iiqq)");
306 if (r < 0)
307 return r;
308
309 LIST_FOREACH(socket_bind_items, i, *items) {
310 r = sd_bus_message_append(reply, "(iiqq)", i->address_family, i->ip_protocol, i->nr_ports, i->port_min);
311 if (r < 0)
312 return r;
313 }
314
315 return sd_bus_message_close_container(reply);
316 }
317
318 static int property_get_restrict_network_interfaces(
319 sd_bus *bus,
320 const char *path,
321 const char *interface,
322 const char *property,
323 sd_bus_message *reply,
324 void *userdata,
325 sd_bus_error *error) {
326
327 CGroupContext *c = ASSERT_PTR(userdata);
328 int r;
329
330 assert(bus);
331 assert(reply);
332
333 r = sd_bus_message_open_container(reply, 'r', "bas");
334 if (r < 0)
335 return r;
336
337 r = sd_bus_message_append(reply, "b", c->restrict_network_interfaces_is_allow_list);
338 if (r < 0)
339 return r;
340
341 r = bus_message_append_string_set(reply, c->restrict_network_interfaces);
342 if (r < 0)
343 return r;
344
345 return sd_bus_message_close_container(reply);
346 }
347
348 static int property_get_cgroup_nft_set(
349 sd_bus *bus,
350 const char *path,
351 const char *interface,
352 const char *property,
353 sd_bus_message *reply,
354 void *userdata,
355 sd_bus_error *error) {
356 int r;
357 CGroupContext *c = userdata;
358
359 assert(bus);
360 assert(reply);
361 assert(c);
362
363 r = sd_bus_message_open_container(reply, 'a', "(iiss)");
364 if (r < 0)
365 return r;
366
367 FOREACH_ARRAY(nft_set, c->nft_set_context.sets, c->nft_set_context.n_sets) {
368 r = sd_bus_message_append(reply, "(iiss)", nft_set->source, nft_set->nfproto, nft_set->table, nft_set->set);
369 if (r < 0)
370 return r;
371 }
372
373 return sd_bus_message_close_container(reply);
374 }
375
376 const sd_bus_vtable bus_cgroup_vtable[] = {
377 SD_BUS_VTABLE_START(0),
378 SD_BUS_PROPERTY("Delegate", "b", bus_property_get_bool, offsetof(CGroupContext, delegate), 0),
379 SD_BUS_PROPERTY("DelegateControllers", "as", property_get_delegate_controllers, 0, 0),
380 SD_BUS_PROPERTY("DelegateSubgroup", "s", NULL, offsetof(CGroupContext, delegate_subgroup), 0),
381 SD_BUS_PROPERTY("CPUWeight", "t", NULL, offsetof(CGroupContext, cpu_weight), 0),
382 SD_BUS_PROPERTY("StartupCPUWeight", "t", NULL, offsetof(CGroupContext, startup_cpu_weight), 0),
383 SD_BUS_PROPERTY("CPUQuotaPerSecUSec", "t", bus_property_get_usec, offsetof(CGroupContext, cpu_quota_per_sec_usec), 0),
384 SD_BUS_PROPERTY("CPUQuotaPeriodUSec", "t", bus_property_get_usec, offsetof(CGroupContext, cpu_quota_period_usec), 0),
385 SD_BUS_PROPERTY("AllowedCPUs", "ay", property_get_cpuset, offsetof(CGroupContext, cpuset_cpus), 0),
386 SD_BUS_PROPERTY("StartupAllowedCPUs", "ay", property_get_cpuset, offsetof(CGroupContext, startup_cpuset_cpus), 0),
387 SD_BUS_PROPERTY("AllowedMemoryNodes", "ay", property_get_cpuset, offsetof(CGroupContext, cpuset_mems), 0),
388 SD_BUS_PROPERTY("StartupAllowedMemoryNodes", "ay", property_get_cpuset, offsetof(CGroupContext, startup_cpuset_mems), 0),
389 SD_BUS_PROPERTY("IOAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, io_accounting), 0),
390 SD_BUS_PROPERTY("IOWeight", "t", NULL, offsetof(CGroupContext, io_weight), 0),
391 SD_BUS_PROPERTY("StartupIOWeight", "t", NULL, offsetof(CGroupContext, startup_io_weight), 0),
392 SD_BUS_PROPERTY("IODeviceWeight", "a(st)", property_get_io_device_weight, 0, 0),
393 SD_BUS_PROPERTY("IOReadBandwidthMax", "a(st)", property_get_io_device_limits, 0, 0),
394 SD_BUS_PROPERTY("IOWriteBandwidthMax", "a(st)", property_get_io_device_limits, 0, 0),
395 SD_BUS_PROPERTY("IOReadIOPSMax", "a(st)", property_get_io_device_limits, 0, 0),
396 SD_BUS_PROPERTY("IOWriteIOPSMax", "a(st)", property_get_io_device_limits, 0, 0),
397 SD_BUS_PROPERTY("IODeviceLatencyTargetUSec", "a(st)", property_get_io_device_latency, 0, 0),
398 SD_BUS_PROPERTY("MemoryAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, memory_accounting), 0),
399 SD_BUS_PROPERTY("DefaultMemoryLow", "t", NULL, offsetof(CGroupContext, default_memory_low), 0),
400 SD_BUS_PROPERTY("DefaultStartupMemoryLow", "t", NULL, offsetof(CGroupContext, default_startup_memory_low), 0),
401 SD_BUS_PROPERTY("DefaultMemoryMin", "t", NULL, offsetof(CGroupContext, default_memory_min), 0),
402 SD_BUS_PROPERTY("MemoryMin", "t", NULL, offsetof(CGroupContext, memory_min), 0),
403 SD_BUS_PROPERTY("MemoryLow", "t", NULL, offsetof(CGroupContext, memory_low), 0),
404 SD_BUS_PROPERTY("StartupMemoryLow", "t", NULL, offsetof(CGroupContext, startup_memory_low), 0),
405 SD_BUS_PROPERTY("MemoryHigh", "t", NULL, offsetof(CGroupContext, memory_high), 0),
406 SD_BUS_PROPERTY("StartupMemoryHigh", "t", NULL, offsetof(CGroupContext, startup_memory_high), 0),
407 SD_BUS_PROPERTY("MemoryMax", "t", NULL, offsetof(CGroupContext, memory_max), 0),
408 SD_BUS_PROPERTY("StartupMemoryMax", "t", NULL, offsetof(CGroupContext, startup_memory_max), 0),
409 SD_BUS_PROPERTY("MemorySwapMax", "t", NULL, offsetof(CGroupContext, memory_swap_max), 0),
410 SD_BUS_PROPERTY("StartupMemorySwapMax", "t", NULL, offsetof(CGroupContext, startup_memory_swap_max), 0),
411 SD_BUS_PROPERTY("MemoryZSwapMax", "t", NULL, offsetof(CGroupContext, memory_zswap_max), 0),
412 SD_BUS_PROPERTY("StartupMemoryZSwapMax", "t", NULL, offsetof(CGroupContext, startup_memory_zswap_max), 0),
413 SD_BUS_PROPERTY("MemoryZSwapWriteback", "b", bus_property_get_bool, offsetof(CGroupContext, memory_zswap_writeback), 0),
414 SD_BUS_PROPERTY("DevicePolicy", "s", property_get_cgroup_device_policy, offsetof(CGroupContext, device_policy), 0),
415 SD_BUS_PROPERTY("DeviceAllow", "a(ss)", property_get_device_allow, 0, 0),
416 SD_BUS_PROPERTY("TasksAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, tasks_accounting), 0),
417 SD_BUS_PROPERTY("TasksMax", "t", bus_property_get_tasks_max, offsetof(CGroupContext, tasks_max), 0),
418 SD_BUS_PROPERTY("IPAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, ip_accounting), 0),
419 SD_BUS_PROPERTY("IPAddressAllow", "a(iayu)", property_get_ip_address_access, offsetof(CGroupContext, ip_address_allow), 0),
420 SD_BUS_PROPERTY("IPAddressDeny", "a(iayu)", property_get_ip_address_access, offsetof(CGroupContext, ip_address_deny), 0),
421 SD_BUS_PROPERTY("IPIngressFilterPath", "as", NULL, offsetof(CGroupContext, ip_filters_ingress), 0),
422 SD_BUS_PROPERTY("IPEgressFilterPath", "as", NULL, offsetof(CGroupContext, ip_filters_egress), 0),
423 SD_BUS_PROPERTY("DisableControllers", "as", property_get_cgroup_mask, offsetof(CGroupContext, disable_controllers), 0),
424 SD_BUS_PROPERTY("ManagedOOMSwap", "s", property_get_managed_oom_mode, offsetof(CGroupContext, moom_swap), 0),
425 SD_BUS_PROPERTY("ManagedOOMMemoryPressure", "s", property_get_managed_oom_mode, offsetof(CGroupContext, moom_mem_pressure), 0),
426 SD_BUS_PROPERTY("ManagedOOMMemoryPressureLimit", "u", NULL, offsetof(CGroupContext, moom_mem_pressure_limit), 0),
427 SD_BUS_PROPERTY("ManagedOOMMemoryPressureDurationUSec", "t", bus_property_get_usec, offsetof(CGroupContext, moom_mem_pressure_duration_usec), 0),
428 SD_BUS_PROPERTY("ManagedOOMPreference", "s", property_get_managed_oom_preference, offsetof(CGroupContext, moom_preference), 0),
429 SD_BUS_PROPERTY("BPFProgram", "a(ss)", property_get_bpf_foreign_program, 0, 0),
430 SD_BUS_PROPERTY("SocketBindAllow", "a(iiqq)", property_get_socket_bind, offsetof(CGroupContext, socket_bind_allow), 0),
431 SD_BUS_PROPERTY("SocketBindDeny", "a(iiqq)", property_get_socket_bind, offsetof(CGroupContext, socket_bind_deny), 0),
432 SD_BUS_PROPERTY("RestrictNetworkInterfaces", "(bas)", property_get_restrict_network_interfaces, 0, 0),
433 SD_BUS_PROPERTY("MemoryPressureWatch", "s", bus_property_get_cgroup_pressure_watch, offsetof(CGroupContext, memory_pressure_watch), 0),
434 SD_BUS_PROPERTY("MemoryPressureThresholdUSec", "t", bus_property_get_usec, offsetof(CGroupContext, memory_pressure_threshold_usec), 0),
435 SD_BUS_PROPERTY("NFTSet", "a(iiss)", property_get_cgroup_nft_set, 0, 0),
436 SD_BUS_PROPERTY("CoredumpReceive", "b", bus_property_get_bool, offsetof(CGroupContext, coredump_receive), 0),
437
438 /* deprecated cgroup v1 properties */
439 SD_BUS_PROPERTY("MemoryLimit", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
440 SD_BUS_PROPERTY("CPUShares", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
441 SD_BUS_PROPERTY("StartupCPUShares", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
442 SD_BUS_PROPERTY("BlockIOAccounting", "b", bus_property_get_bool_false, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
443 SD_BUS_PROPERTY("BlockIOWeight", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
444 SD_BUS_PROPERTY("StartupBlockIOWeight", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
445 SD_BUS_PROPERTY("BlockIODeviceWeight", "a(st)", property_get_blockio_ast, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
446 SD_BUS_PROPERTY("BlockIOReadBandwidth", "a(st)", property_get_blockio_ast, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
447 SD_BUS_PROPERTY("BlockIOWriteBandwidth", "a(st)", property_get_blockio_ast, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
448 /* since kernel v4.15 CPU accounting requires no controller, i.e. is available everywhere */
449 SD_BUS_PROPERTY("CPUAccounting", "b", bus_property_get_bool_true, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN),
450
451 SD_BUS_VTABLE_END
452 };
453
454 static int bus_cgroup_set_transient_property(
455 Unit *u,
456 CGroupContext *c,
457 const char *name,
458 sd_bus_message *message,
459 UnitWriteFlags flags,
460 sd_bus_error *error) {
461
462 int r;
463
464 assert(u);
465 assert(c);
466 assert(name);
467 assert(message);
468
469 flags |= UNIT_PRIVATE;
470
471 if (streq(name, "Delegate")) {
472 int b;
473
474 if (!UNIT_VTABLE(u)->can_delegate)
475 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Delegation not available for unit type");
476
477 r = sd_bus_message_read(message, "b", &b);
478 if (r < 0)
479 return r;
480
481 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
482 c->delegate = b;
483 c->delegate_controllers = b ? CGROUP_MASK_DELEGATE : 0;
484
485 unit_write_settingf(u, flags, name, "Delegate=%s", yes_no(b));
486 }
487
488 return 1;
489
490 } else if (streq(name, "DelegateSubgroup")) {
491 const char *s;
492
493 if (!UNIT_VTABLE(u)->can_delegate)
494 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Delegation not available for unit type");
495
496 r = sd_bus_message_read(message, "s", &s);
497 if (r < 0)
498 return r;
499
500 if (!isempty(s) && cg_needs_escape(s))
501 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid control group name: %s", s);
502
503 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
504 if (isempty(s))
505 c->delegate_subgroup = mfree(c->delegate_subgroup);
506 else {
507 r = free_and_strdup_warn(&c->delegate_subgroup, s);
508 if (r < 0)
509 return r;
510 }
511
512 unit_write_settingf(u, flags, name, "DelegateSubgroup=%s", s);
513 }
514
515 return 1;
516
517 } else if (STR_IN_SET(name, "DelegateControllers", "DisableControllers")) {
518 CGroupMask mask = 0;
519
520 if (streq(name, "DelegateControllers") && !UNIT_VTABLE(u)->can_delegate)
521 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Delegation not available for unit type");
522
523 r = sd_bus_message_enter_container(message, 'a', "s");
524 if (r < 0)
525 return r;
526
527 for (;;) {
528 CGroupController cc;
529 const char *t;
530
531 r = sd_bus_message_read(message, "s", &t);
532 if (r < 0)
533 return r;
534 if (r == 0)
535 break;
536
537 cc = cgroup_controller_from_string(t);
538 if (cc < 0)
539 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unknown cgroup controller '%s'", t);
540
541 mask |= CGROUP_CONTROLLER_TO_MASK(cc);
542 }
543
544 r = sd_bus_message_exit_container(message);
545 if (r < 0)
546 return r;
547
548 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
549 _cleanup_free_ char *t = NULL;
550
551 r = cg_mask_to_string(mask, &t);
552 if (r < 0)
553 return r;
554
555 if (streq(name, "DelegateControllers")) {
556
557 c->delegate = true;
558 if (mask == 0)
559 c->delegate_controllers = 0;
560 else
561 c->delegate_controllers |= mask;
562
563 unit_write_settingf(u, flags, name, "Delegate=%s", strempty(t));
564
565 } else if (streq(name, "DisableControllers")) {
566
567 if (mask == 0)
568 c->disable_controllers = 0;
569 else
570 c->disable_controllers |= mask;
571
572 unit_write_settingf(u, flags, name, "%s=%s", name, strempty(t));
573 }
574 }
575
576 return 1;
577 } else if (STR_IN_SET(name, "IPIngressFilterPath", "IPEgressFilterPath")) {
578 char ***filters;
579 size_t n = 0;
580
581 filters = streq(name, "IPIngressFilterPath") ? &c->ip_filters_ingress : &c->ip_filters_egress;
582 r = sd_bus_message_enter_container(message, 'a', "s");
583 if (r < 0)
584 return r;
585
586 for (;;) {
587 const char *path;
588
589 r = sd_bus_message_read(message, "s", &path);
590 if (r < 0)
591 return r;
592 if (r == 0)
593 break;
594
595 if (!path_is_normalized(path) || !path_is_absolute(path))
596 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects a normalized absolute path.", name);
597
598 if (!UNIT_WRITE_FLAGS_NOOP(flags) && !strv_contains(*filters, path)) {
599 r = strv_extend(filters, path);
600 if (r < 0)
601 return log_oom();
602 }
603 n++;
604 }
605 r = sd_bus_message_exit_container(message);
606 if (r < 0)
607 return r;
608
609 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
610 _cleanup_(memstream_done) MemStream m = {};
611 _cleanup_free_ char *buf = NULL;
612 FILE *f;
613
614 if (n == 0)
615 *filters = strv_free(*filters);
616
617 unit_invalidate_cgroup_bpf(u);
618
619 f = memstream_init(&m);
620 if (!f)
621 return -ENOMEM;
622
623 fputs(name, f);
624 fputs("=\n", f);
625
626 STRV_FOREACH(entry, *filters)
627 fprintf(f, "%s=%s\n", name, *entry);
628
629 r = memstream_finalize(&m, &buf, NULL);
630 if (r < 0)
631 return r;
632
633 unit_write_setting(u, flags, name, buf);
634
635 if (*filters && bpf_program_supported() <= 0) {
636 static bool warned = false;
637
638 log_full(warned ? LOG_DEBUG : LOG_WARNING,
639 "Transient unit %s configures an IP firewall with BPF, but the local system does not support BPF/cgroup firewalling with multiple filters.\n"
640 "Starting this unit will fail! (This warning is only shown for the first started transient unit using IP firewalling.)", u->id);
641 warned = true;
642 }
643 }
644
645 return 1;
646 } else if (streq(name, "BPFProgram")) {
647 const char *a, *p;
648 size_t n = 0;
649
650 r = sd_bus_message_enter_container(message, 'a', "(ss)");
651 if (r < 0)
652 return r;
653
654 while ((r = sd_bus_message_read(message, "(ss)", &a, &p)) > 0) {
655 int attach_type = bpf_cgroup_attach_type_from_string(a);
656 if (attach_type < 0)
657 return sd_bus_error_setf(
658 error,
659 SD_BUS_ERROR_INVALID_ARGS,
660 "%s expects a valid BPF attach type, got '%s'.",
661 name, a);
662
663 if (!path_is_normalized(p) || !path_is_absolute(p))
664 return sd_bus_error_setf(
665 error,
666 SD_BUS_ERROR_INVALID_ARGS,
667 "%s= expects a normalized absolute path.",
668 name);
669
670 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
671 r = cgroup_context_add_bpf_foreign_program(c, attach_type, p);
672 if (r < 0)
673 return r;
674 }
675 n++;
676 }
677 if (r < 0)
678 return r;
679
680 r = sd_bus_message_exit_container(message);
681 if (r < 0)
682 return r;
683
684 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
685 _cleanup_(memstream_done) MemStream m = {};
686 _cleanup_free_ char *buf = NULL;
687 FILE *f;
688
689 if (n == 0)
690 while (c->bpf_foreign_programs)
691 cgroup_context_remove_bpf_foreign_program(c, c->bpf_foreign_programs);
692
693 f = memstream_init(&m);
694 if (!f)
695 return -ENOMEM;
696
697 fputs(name, f);
698 fputs("=\n", f);
699
700 LIST_FOREACH(programs, fp, c->bpf_foreign_programs)
701 fprintf(f, "%s=%s:%s\n", name,
702 bpf_cgroup_attach_type_to_string(fp->attach_type),
703 fp->bpffs_path);
704
705 r = memstream_finalize(&m, &buf, NULL);
706 if (r < 0)
707 return r;
708
709 unit_write_setting(u, flags, name, buf);
710 }
711
712 return 1;
713
714 } else if (streq(name, "MemoryPressureWatch")) {
715 CGroupPressureWatch p;
716 const char *t;
717
718 r = sd_bus_message_read(message, "s", &t);
719 if (r < 0)
720 return r;
721
722 if (isempty(t))
723 p = _CGROUP_PRESSURE_WATCH_INVALID;
724 else {
725 p = cgroup_pressure_watch_from_string(t);
726 if (p < 0)
727 return p;
728 }
729
730 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
731 c->memory_pressure_watch = p;
732 unit_write_settingf(u, flags, name, "MemoryPressureWatch=%s", strempty(cgroup_pressure_watch_to_string(p)));
733 }
734
735 return 1;
736
737 } else if (streq(name, "MemoryPressureThresholdUSec")) {
738 uint64_t t;
739
740 r = sd_bus_message_read(message, "t", &t);
741 if (r < 0)
742 return r;
743
744 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
745 c->memory_pressure_threshold_usec = t;
746
747 if (t == UINT64_MAX)
748 unit_write_setting(u, flags, name, "MemoryPressureThresholdUSec=");
749 else
750 unit_write_settingf(u, flags, name, "MemoryPressureThresholdUSec=%" PRIu64, t);
751 }
752
753 return 1;
754 } else if (streq(name, "CoredumpReceive")) {
755 int b;
756
757 if (!UNIT_VTABLE(u)->can_delegate)
758 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Delegation not available for unit type");
759
760 r = sd_bus_message_read(message, "b", &b);
761 if (r < 0)
762 return r;
763
764 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
765 c->coredump_receive = b;
766
767 unit_write_settingf(u, flags, name, "CoredumpReceive=%s", yes_no(b));
768 }
769
770 return 1;
771 }
772
773 return 0;
774 }
775
776 static int bus_cgroup_set_boolean(
777 Unit *u,
778 const char *name,
779 bool *p,
780 CGroupMask mask,
781 sd_bus_message *message,
782 UnitWriteFlags flags,
783 sd_bus_error *error) {
784
785 int b, r;
786
787 assert(p);
788
789 r = sd_bus_message_read(message, "b", &b);
790 if (r < 0)
791 return r;
792
793 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
794 *p = b;
795 unit_invalidate_cgroup(u, mask);
796 unit_write_settingf(u, flags, name, "%s=%s", name, yes_no(b));
797 }
798
799 return 1;
800 }
801
802 #define BUS_DEFINE_SET_CGROUP_WEIGHT(function, mask, check, val) \
803 static int bus_cgroup_set_##function( \
804 Unit *u, \
805 const char *name, \
806 uint64_t *p, \
807 sd_bus_message *message, \
808 UnitWriteFlags flags, \
809 sd_bus_error *error) { \
810 \
811 uint64_t v; \
812 int r; \
813 \
814 assert(p); \
815 \
816 r = sd_bus_message_read(message, "t", &v); \
817 if (r < 0) \
818 return r; \
819 \
820 if (!check(v)) \
821 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, \
822 "Value specified in %s is out of range", name); \
823 \
824 if (!UNIT_WRITE_FLAGS_NOOP(flags)) { \
825 *p = v; \
826 unit_invalidate_cgroup(u, mask); \
827 \
828 if (v == (val)) \
829 unit_write_settingf(u, flags, name, \
830 "%s=", name); \
831 else \
832 unit_write_settingf(u, flags, name, \
833 "%s=%" PRIu64, name, v); \
834 } \
835 \
836 return 1; \
837 }
838
839 #define BUS_DEFINE_SET_CGROUP_LIMIT(function, mask, scale, minimum) \
840 static int bus_cgroup_set_##function( \
841 Unit *u, \
842 const char *name, \
843 uint64_t *p, \
844 sd_bus_message *message, \
845 UnitWriteFlags flags, \
846 sd_bus_error *error) { \
847 \
848 uint64_t v; \
849 int r; \
850 \
851 assert(p); \
852 \
853 r = sd_bus_message_read(message, "t", &v); \
854 if (r < 0) \
855 return r; \
856 \
857 if (v < minimum) \
858 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, \
859 "Value specified in %s is out of range", name); \
860 \
861 if (!UNIT_WRITE_FLAGS_NOOP(flags)) { \
862 *p = v; \
863 unit_invalidate_cgroup(u, mask); \
864 \
865 if (v == CGROUP_LIMIT_MAX) \
866 unit_write_settingf(u, flags, name, \
867 "%s=infinity", name); \
868 else \
869 unit_write_settingf(u, flags, name, \
870 "%s=%" PRIu64, name, v); \
871 } \
872 \
873 return 1; \
874 } \
875 static int bus_cgroup_set_##function##_scale( \
876 Unit *u, \
877 const char *name, \
878 uint64_t *p, \
879 sd_bus_message *message, \
880 UnitWriteFlags flags, \
881 sd_bus_error *error) { \
882 \
883 uint64_t v; \
884 uint32_t raw; \
885 int r; \
886 \
887 assert(p); \
888 \
889 r = sd_bus_message_read(message, "u", &raw); \
890 if (r < 0) \
891 return r; \
892 \
893 v = scale(raw, UINT32_MAX); \
894 if (v < minimum || v >= UINT64_MAX) \
895 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, \
896 "Value specified in %s is out of range", name); \
897 \
898 if (!UNIT_WRITE_FLAGS_NOOP(flags)) { \
899 *p = v; \
900 unit_invalidate_cgroup(u, mask); \
901 \
902 /* Prepare to chop off suffix */ \
903 assert_se(endswith(name, "Scale")); \
904 \
905 int scaled = UINT32_SCALE_TO_PERMYRIAD(raw); \
906 unit_write_settingf(u, flags, name, "%.*s=" PERMYRIAD_AS_PERCENT_FORMAT_STR, \
907 (int)(strlen(name) - strlen("Scale")), name, \
908 PERMYRIAD_AS_PERCENT_FORMAT_VAL(scaled)); \
909 } \
910 \
911 return 1; \
912 }
913
914 DISABLE_WARNING_TYPE_LIMITS;
915 BUS_DEFINE_SET_CGROUP_WEIGHT(io_weight, CGROUP_MASK_IO, CGROUP_WEIGHT_IS_OK, CGROUP_WEIGHT_INVALID);
916 BUS_DEFINE_SET_CGROUP_LIMIT(memory, CGROUP_MASK_MEMORY, physical_memory_scale, 1);
917 BUS_DEFINE_SET_CGROUP_LIMIT(memory_protection, CGROUP_MASK_MEMORY, physical_memory_scale, 0);
918 BUS_DEFINE_SET_CGROUP_LIMIT(swap, CGROUP_MASK_MEMORY, physical_memory_scale, 0);
919 BUS_DEFINE_SET_CGROUP_LIMIT(zswap, CGROUP_MASK_MEMORY, physical_memory_scale, 0);
920 REENABLE_WARNING;
921
922 static int bus_cgroup_set_cpu_weight(
923 Unit *u,
924 const char *name,
925 uint64_t *p,
926 sd_bus_message *message,
927 UnitWriteFlags flags,
928 sd_bus_error *error) {
929 uint64_t v;
930 int r;
931 assert(p);
932 r = sd_bus_message_read(message, "t", &v);
933 if (r < 0)
934 return r;
935 if (!CGROUP_WEIGHT_IS_OK(v) && v != CGROUP_WEIGHT_IDLE)
936 return sd_bus_error_setf(
937 error, SD_BUS_ERROR_INVALID_ARGS, "Value specified in %s is out of range", name);
938 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
939 *p = v;
940 unit_invalidate_cgroup(u, CGROUP_MASK_CPU);
941 if (v == CGROUP_WEIGHT_INVALID)
942 unit_write_settingf(u, flags, name, "%s=", name);
943 else if (v == CGROUP_WEIGHT_IDLE)
944 unit_write_settingf(u, flags, name, "%s=idle", name);
945 else
946 unit_write_settingf(u, flags, name, "%s=%" PRIu64, name, v);
947 }
948 return 1;
949 }
950
951 static int bus_cgroup_set_tasks_max(
952 Unit *u,
953 const char *name,
954 CGroupTasksMax *p,
955 sd_bus_message *message,
956 UnitWriteFlags flags,
957 sd_bus_error *error) {
958
959 uint64_t v;
960 int r;
961
962 assert(p);
963
964 r = sd_bus_message_read(message, "t", &v);
965 if (r < 0)
966 return r;
967
968 if (v < 1)
969 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
970 "Value specified in %s is out of range", name);
971
972 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
973 *p = (CGroupTasksMax) { .value = v, .scale = 0 }; /* When .scale==0, .value is the absolute value */
974 unit_invalidate_cgroup(u, CGROUP_MASK_PIDS);
975
976 if (v == CGROUP_LIMIT_MAX)
977 unit_write_settingf(u, flags, name,
978 "%s=infinity", name);
979 else
980 unit_write_settingf(u, flags, name,
981 "%s=%" PRIu64, name, v);
982 }
983
984 return 1;
985 }
986
987 static int bus_cgroup_set_tasks_max_scale(
988 Unit *u,
989 const char *name,
990 CGroupTasksMax *p,
991 sd_bus_message *message,
992 UnitWriteFlags flags,
993 sd_bus_error *error) {
994
995 uint32_t v;
996 int r;
997
998 assert(p);
999
1000 r = sd_bus_message_read(message, "u", &v);
1001 if (r < 0)
1002 return r;
1003
1004 if (v < 1 || v >= UINT32_MAX)
1005 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
1006 "Value specified in %s is out of range", name);
1007
1008 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
1009 *p = (CGroupTasksMax) { v, UINT32_MAX }; /* .scale is not 0, so this is interpreted as v/UINT32_MAX. */
1010 unit_invalidate_cgroup(u, CGROUP_MASK_PIDS);
1011
1012 uint32_t scaled = DIV_ROUND_UP((uint64_t) v * 100U, (uint64_t) UINT32_MAX);
1013 unit_write_settingf(u, flags, name, "%s=%" PRIu32 ".%" PRIu32 "%%", "TasksMax",
1014 scaled / 10, scaled % 10);
1015 }
1016
1017 return 1;
1018 }
1019
1020 int bus_cgroup_set_property(
1021 Unit *u,
1022 CGroupContext *c,
1023 const char *name,
1024 sd_bus_message *message,
1025 UnitWriteFlags flags,
1026 sd_bus_error *error) {
1027
1028 CGroupIOLimitType iol_type;
1029 int r;
1030
1031 assert(u);
1032 assert(c);
1033 assert(name);
1034 assert(message);
1035
1036 flags |= UNIT_PRIVATE;
1037
1038 if (streq(name, "CPUWeight"))
1039 return bus_cgroup_set_cpu_weight(u, name, &c->cpu_weight, message, flags, error);
1040
1041 if (streq(name, "StartupCPUWeight"))
1042 return bus_cgroup_set_cpu_weight(u, name, &c->startup_cpu_weight, message, flags, error);
1043
1044 if (streq(name, "IOAccounting"))
1045 return bus_cgroup_set_boolean(u, name, &c->io_accounting, CGROUP_MASK_IO, message, flags, error);
1046
1047 if (streq(name, "IOWeight"))
1048 return bus_cgroup_set_io_weight(u, name, &c->io_weight, message, flags, error);
1049
1050 if (streq(name, "StartupIOWeight"))
1051 return bus_cgroup_set_io_weight(u, name, &c->startup_io_weight, message, flags, error);
1052
1053 if (streq(name, "MemoryAccounting"))
1054 return bus_cgroup_set_boolean(u, name, &c->memory_accounting, CGROUP_MASK_MEMORY, message, flags, error);
1055
1056 if (streq(name, "MemoryMin")) {
1057 r = bus_cgroup_set_memory_protection(u, name, &c->memory_min, message, flags, error);
1058 if (r > 0)
1059 c->memory_min_set = true;
1060 return r;
1061 }
1062
1063 if (streq(name, "MemoryLow")) {
1064 r = bus_cgroup_set_memory_protection(u, name, &c->memory_low, message, flags, error);
1065 if (r > 0)
1066 c->memory_low_set = true;
1067 return r;
1068 }
1069
1070 if (streq(name, "StartupMemoryLow")) {
1071 r = bus_cgroup_set_memory_protection(u, name, &c->startup_memory_low, message, flags, error);
1072 if (r > 0)
1073 c->startup_memory_low_set = true;
1074 return r;
1075 }
1076
1077 if (streq(name, "DefaultMemoryMin")) {
1078 r = bus_cgroup_set_memory_protection(u, name, &c->default_memory_min, message, flags, error);
1079 if (r > 0)
1080 c->default_memory_min_set = true;
1081 return r;
1082 }
1083
1084 if (streq(name, "DefaultMemoryLow")) {
1085 r = bus_cgroup_set_memory_protection(u, name, &c->default_memory_low, message, flags, error);
1086 if (r > 0)
1087 c->default_memory_low_set = true;
1088 return r;
1089 }
1090
1091 if (streq(name, "DefaultStartupMemoryLow")) {
1092 r = bus_cgroup_set_memory_protection(u, name, &c->default_startup_memory_low, message, flags, error);
1093 if (r > 0)
1094 c->default_startup_memory_low_set = true;
1095 return r;
1096 }
1097
1098 if (streq(name, "MemoryHigh"))
1099 return bus_cgroup_set_memory(u, name, &c->memory_high, message, flags, error);
1100
1101 if (streq(name, "StartupMemoryHigh")) {
1102 r = bus_cgroup_set_memory(u, name, &c->startup_memory_high, message, flags, error);
1103 if (r > 0)
1104 c->startup_memory_high_set = true;
1105 return r;
1106 }
1107
1108 if (streq(name, "MemorySwapMax"))
1109 return bus_cgroup_set_swap(u, name, &c->memory_swap_max, message, flags, error);
1110
1111 if (streq(name, "StartupMemorySwapMax")) {
1112 r = bus_cgroup_set_swap(u, name, &c->startup_memory_swap_max, message, flags, error);
1113 if (r > 0)
1114 c->startup_memory_swap_max_set = true;
1115 return r;
1116 }
1117
1118 if (streq(name, "MemoryZSwapMax"))
1119 return bus_cgroup_set_zswap(u, name, &c->memory_zswap_max, message, flags, error);
1120
1121 if (streq(name, "StartupMemoryZSwapMax")) {
1122 r = bus_cgroup_set_zswap(u, name, &c->startup_memory_zswap_max, message, flags, error);
1123 if (r > 0)
1124 c->startup_memory_zswap_max_set = true;
1125 return r;
1126 }
1127
1128 if (streq(name, "MemoryMax"))
1129 return bus_cgroup_set_memory(u, name, &c->memory_max, message, flags, error);
1130
1131 if (streq(name, "StartupMemoryMax")) {
1132 r = bus_cgroup_set_memory(u, name, &c->startup_memory_max, message, flags, error);
1133 if (r > 0)
1134 c->startup_memory_max_set = true;
1135 return r;
1136 }
1137
1138 if (streq(name, "MemoryMinScale")) {
1139 r = bus_cgroup_set_memory_protection_scale(u, name, &c->memory_min, message, flags, error);
1140 if (r > 0)
1141 c->memory_min_set = true;
1142 return r;
1143 }
1144
1145 if (streq(name, "MemoryLowScale")) {
1146 r = bus_cgroup_set_memory_protection_scale(u, name, &c->memory_low, message, flags, error);
1147 if (r > 0)
1148 c->memory_low_set = true;
1149 return r;
1150 }
1151
1152 if (streq(name, "DefaultMemoryMinScale")) {
1153 r = bus_cgroup_set_memory_protection_scale(u, name, &c->default_memory_min, message, flags, error);
1154 if (r > 0)
1155 c->default_memory_min_set = true;
1156 return r;
1157 }
1158
1159 if (streq(name, "DefaultMemoryLowScale")) {
1160 r = bus_cgroup_set_memory_protection_scale(u, name, &c->default_memory_low, message, flags, error);
1161 if (r > 0)
1162 c->default_memory_low_set = true;
1163 return r;
1164 }
1165
1166 if (streq(name, "MemoryHighScale"))
1167 return bus_cgroup_set_memory_scale(u, name, &c->memory_high, message, flags, error);
1168
1169 if (streq(name, "MemorySwapMaxScale"))
1170 return bus_cgroup_set_swap_scale(u, name, &c->memory_swap_max, message, flags, error);
1171
1172 if (streq(name, "MemoryZSwapMaxScale"))
1173 return bus_cgroup_set_zswap_scale(u, name, &c->memory_zswap_max, message, flags, error);
1174
1175 if (streq(name, "MemoryMaxScale"))
1176 return bus_cgroup_set_memory_scale(u, name, &c->memory_max, message, flags, error);
1177
1178 if (streq(name, "MemoryZSwapWriteback"))
1179 return bus_cgroup_set_boolean(u, name, &c->memory_zswap_writeback, CGROUP_MASK_MEMORY, message, flags, error);
1180
1181 if (streq(name, "TasksAccounting"))
1182 return bus_cgroup_set_boolean(u, name, &c->tasks_accounting, CGROUP_MASK_PIDS, message, flags, error);
1183
1184 if (streq(name, "TasksMax"))
1185 return bus_cgroup_set_tasks_max(u, name, &c->tasks_max, message, flags, error);
1186
1187 if (streq(name, "TasksMaxScale"))
1188 return bus_cgroup_set_tasks_max_scale(u, name, &c->tasks_max, message, flags, error);
1189
1190 if (streq(name, "CPUQuotaPerSecUSec")) {
1191 uint64_t u64;
1192
1193 r = sd_bus_message_read(message, "t", &u64);
1194 if (r < 0)
1195 return r;
1196
1197 if (u64 <= 0)
1198 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "CPUQuotaPerSecUSec= value out of range");
1199
1200 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
1201 c->cpu_quota_per_sec_usec = u64;
1202 CGroupRuntime *crt = unit_get_cgroup_runtime(u);
1203 if (crt)
1204 crt->warned_clamping_cpu_quota_period = false;
1205 unit_invalidate_cgroup(u, CGROUP_MASK_CPU);
1206
1207 if (c->cpu_quota_per_sec_usec == USEC_INFINITY)
1208 unit_write_setting(u, flags, "CPUQuota", "CPUQuota=");
1209 else
1210 unit_write_settingf(u, flags, "CPUQuota",
1211 "CPUQuota=" USEC_FMT ".%02" PRI_USEC "%%",
1212 c->cpu_quota_per_sec_usec / 10000,
1213 (c->cpu_quota_per_sec_usec % 10000) / 100);
1214 }
1215
1216 return 1;
1217
1218 } else if (streq(name, "CPUQuotaPeriodUSec")) {
1219 uint64_t u64;
1220
1221 r = sd_bus_message_read(message, "t", &u64);
1222 if (r < 0)
1223 return r;
1224
1225 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
1226 c->cpu_quota_period_usec = u64;
1227 CGroupRuntime *crt = unit_get_cgroup_runtime(u);
1228 if (crt)
1229 crt->warned_clamping_cpu_quota_period = false;
1230 unit_invalidate_cgroup(u, CGROUP_MASK_CPU);
1231 if (c->cpu_quota_period_usec == USEC_INFINITY)
1232 unit_write_setting(u, flags, "CPUQuotaPeriodSec", "CPUQuotaPeriodSec=");
1233 else
1234 unit_write_settingf(u, flags, "CPUQuotaPeriodSec",
1235 "CPUQuotaPeriodSec=%s",
1236 FORMAT_TIMESPAN(c->cpu_quota_period_usec, 1));
1237 }
1238
1239 return 1;
1240
1241 } else if (STR_IN_SET(name, "AllowedCPUs", "StartupAllowedCPUs", "AllowedMemoryNodes", "StartupAllowedMemoryNodes")) {
1242 const void *a;
1243 size_t n;
1244 _cleanup_(cpu_set_done) CPUSet new_set = {};
1245
1246 r = sd_bus_message_read_array(message, 'y', &a, &n);
1247 if (r < 0)
1248 return r;
1249
1250 r = cpu_set_from_dbus(a, n, &new_set);
1251 if (r < 0)
1252 return r;
1253
1254 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
1255 _cleanup_free_ char *setstr = NULL;
1256 CPUSet *set = NULL;
1257
1258 setstr = cpu_set_to_range_string(&new_set);
1259 if (!setstr)
1260 return -ENOMEM;
1261
1262 if (streq(name, "AllowedCPUs"))
1263 set = &c->cpuset_cpus;
1264 else if (streq(name, "StartupAllowedCPUs"))
1265 set = &c->startup_cpuset_cpus;
1266 else if (streq(name, "AllowedMemoryNodes"))
1267 set = &c->cpuset_mems;
1268 else if (streq(name, "StartupAllowedMemoryNodes"))
1269 set = &c->startup_cpuset_mems;
1270 else
1271 assert_not_reached();
1272
1273 cpu_set_done_and_replace(*set, new_set);
1274
1275 unit_invalidate_cgroup(u, CGROUP_MASK_CPUSET);
1276 unit_write_settingf(u, flags, name, "%s=\n%s=%s", name, name, setstr);
1277 }
1278
1279 return 1;
1280
1281 } else if ((iol_type = cgroup_io_limit_type_from_string(name)) >= 0) {
1282 const char *path;
1283 unsigned n = 0;
1284 uint64_t u64;
1285
1286 r = sd_bus_message_enter_container(message, 'a', "(st)");
1287 if (r < 0)
1288 return r;
1289
1290 while ((r = sd_bus_message_read(message, "(st)", &path, &u64)) > 0) {
1291
1292 if (!path_is_normalized(path))
1293 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path '%s' specified in %s= is not normalized.", name, path);
1294
1295 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
1296 CGroupIODeviceLimit *a = NULL;
1297
1298 LIST_FOREACH(device_limits, b, c->io_device_limits)
1299 if (path_equal(path, b->path)) {
1300 a = b;
1301 break;
1302 }
1303
1304 if (!a) {
1305 CGroupIOLimitType type;
1306
1307 a = new0(CGroupIODeviceLimit, 1);
1308 if (!a)
1309 return -ENOMEM;
1310
1311 a->path = strdup(path);
1312 if (!a->path) {
1313 free(a);
1314 return -ENOMEM;
1315 }
1316
1317 for (type = 0; type < _CGROUP_IO_LIMIT_TYPE_MAX; type++)
1318 a->limits[type] = cgroup_io_limit_defaults[type];
1319
1320 LIST_APPEND(device_limits, c->io_device_limits, a);
1321 }
1322
1323 a->limits[iol_type] = u64;
1324 }
1325
1326 n++;
1327 }
1328 if (r < 0)
1329 return r;
1330
1331 r = sd_bus_message_exit_container(message);
1332 if (r < 0)
1333 return r;
1334
1335 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
1336 _cleanup_(memstream_done) MemStream m = {};
1337 _cleanup_free_ char *buf = NULL;
1338 FILE *f;
1339
1340 if (n == 0)
1341 LIST_FOREACH(device_limits, a, c->io_device_limits)
1342 a->limits[iol_type] = cgroup_io_limit_defaults[iol_type];
1343
1344 unit_invalidate_cgroup(u, CGROUP_MASK_IO);
1345
1346 f = memstream_init(&m);
1347 if (!f)
1348 return -ENOMEM;
1349
1350 fprintf(f, "%s=\n", name);
1351 LIST_FOREACH(device_limits, a, c->io_device_limits)
1352 if (a->limits[iol_type] != cgroup_io_limit_defaults[iol_type])
1353 fprintf(f, "%s=%s %" PRIu64 "\n", name, a->path, a->limits[iol_type]);
1354
1355 r = memstream_finalize(&m, &buf, NULL);
1356 if (r < 0)
1357 return r;
1358
1359 unit_write_setting(u, flags, name, buf);
1360 }
1361
1362 return 1;
1363
1364 } else if (streq(name, "IODeviceWeight")) {
1365 const char *path;
1366 uint64_t weight;
1367 unsigned n = 0;
1368
1369 r = sd_bus_message_enter_container(message, 'a', "(st)");
1370 if (r < 0)
1371 return r;
1372
1373 while ((r = sd_bus_message_read(message, "(st)", &path, &weight)) > 0) {
1374
1375 if (!path_is_normalized(path))
1376 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path '%s' specified in %s= is not normalized.", name, path);
1377
1378 if (!CGROUP_WEIGHT_IS_OK(weight) || weight == CGROUP_WEIGHT_INVALID)
1379 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "IODeviceWeight= value out of range");
1380
1381 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
1382 CGroupIODeviceWeight *a = NULL;
1383
1384 LIST_FOREACH(device_weights, b, c->io_device_weights)
1385 if (path_equal(b->path, path)) {
1386 a = b;
1387 break;
1388 }
1389
1390 if (!a) {
1391 a = new0(CGroupIODeviceWeight, 1);
1392 if (!a)
1393 return -ENOMEM;
1394
1395 a->path = strdup(path);
1396 if (!a->path) {
1397 free(a);
1398 return -ENOMEM;
1399 }
1400 LIST_APPEND(device_weights, c->io_device_weights, a);
1401 }
1402
1403 a->weight = weight;
1404 }
1405
1406 n++;
1407 }
1408
1409 r = sd_bus_message_exit_container(message);
1410 if (r < 0)
1411 return r;
1412
1413 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
1414 _cleanup_(memstream_done) MemStream m = {};
1415 _cleanup_free_ char *buf = NULL;
1416 FILE *f;
1417
1418 if (n == 0)
1419 while (c->io_device_weights)
1420 cgroup_context_free_io_device_weight(c, c->io_device_weights);
1421
1422 unit_invalidate_cgroup(u, CGROUP_MASK_IO);
1423
1424 f = memstream_init(&m);
1425 if (!f)
1426 return -ENOMEM;
1427
1428 fputs("IODeviceWeight=\n", f);
1429 LIST_FOREACH(device_weights, a, c->io_device_weights)
1430 fprintf(f, "IODeviceWeight=%s %" PRIu64 "\n", a->path, a->weight);
1431
1432 r = memstream_finalize(&m, &buf, NULL);
1433 if (r < 0)
1434 return r;
1435
1436 unit_write_setting(u, flags, name, buf);
1437 }
1438
1439 return 1;
1440
1441 } else if (streq(name, "IODeviceLatencyTargetUSec")) {
1442 const char *path;
1443 uint64_t target;
1444 unsigned n = 0;
1445
1446 r = sd_bus_message_enter_container(message, 'a', "(st)");
1447 if (r < 0)
1448 return r;
1449
1450 while ((r = sd_bus_message_read(message, "(st)", &path, &target)) > 0) {
1451
1452 if (!path_is_normalized(path))
1453 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path '%s' specified in %s= is not normalized.", name, path);
1454
1455 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
1456 CGroupIODeviceLatency *a = NULL;
1457
1458 LIST_FOREACH(device_latencies, b, c->io_device_latencies)
1459 if (path_equal(b->path, path)) {
1460 a = b;
1461 break;
1462 }
1463
1464 if (!a) {
1465 a = new0(CGroupIODeviceLatency, 1);
1466 if (!a)
1467 return -ENOMEM;
1468
1469 a->path = strdup(path);
1470 if (!a->path) {
1471 free(a);
1472 return -ENOMEM;
1473 }
1474 LIST_APPEND(device_latencies, c->io_device_latencies, a);
1475 }
1476
1477 a->target_usec = target;
1478 }
1479
1480 n++;
1481 }
1482
1483 r = sd_bus_message_exit_container(message);
1484 if (r < 0)
1485 return r;
1486
1487 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
1488 _cleanup_(memstream_done) MemStream m = {};
1489 _cleanup_free_ char *buf = NULL;
1490 FILE *f;
1491
1492 if (n == 0)
1493 while (c->io_device_latencies)
1494 cgroup_context_free_io_device_latency(c, c->io_device_latencies);
1495
1496 unit_invalidate_cgroup(u, CGROUP_MASK_IO);
1497
1498 f = memstream_init(&m);
1499 if (!f)
1500 return -ENOMEM;
1501
1502 fputs("IODeviceLatencyTargetSec=\n", f);
1503 LIST_FOREACH(device_latencies, a, c->io_device_latencies)
1504 fprintf(f, "IODeviceLatencyTargetSec=%s %s\n",
1505 a->path, FORMAT_TIMESPAN(a->target_usec, 1));
1506
1507 r = memstream_finalize(&m, &buf, NULL);
1508 if (r < 0)
1509 return r;
1510
1511 unit_write_setting(u, flags, name, buf);
1512 }
1513
1514 return 1;
1515
1516 } else if (streq(name, "DevicePolicy")) {
1517 const char *policy;
1518 CGroupDevicePolicy p;
1519
1520 r = sd_bus_message_read(message, "s", &policy);
1521 if (r < 0)
1522 return r;
1523
1524 p = cgroup_device_policy_from_string(policy);
1525 if (p < 0)
1526 return p;
1527
1528 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
1529 c->device_policy = p;
1530 unit_invalidate_cgroup(u, CGROUP_MASK_DEVICES);
1531 unit_write_settingf(u, flags, name, "DevicePolicy=%s", policy);
1532 }
1533
1534 return 1;
1535
1536 } else if (streq(name, "DeviceAllow")) {
1537 const char *path, *rwm;
1538 unsigned n = 0;
1539
1540 r = sd_bus_message_enter_container(message, 'a', "(ss)");
1541 if (r < 0)
1542 return r;
1543
1544 while ((r = sd_bus_message_read(message, "(ss)", &path, &rwm)) > 0) {
1545 CGroupDevicePermissions p;
1546
1547 if (!valid_device_allow_pattern(path) || strpbrk(path, WHITESPACE))
1548 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "DeviceAllow= requires device node or pattern");
1549
1550 if (isempty(rwm))
1551 p = _CGROUP_DEVICE_PERMISSIONS_ALL;
1552 else {
1553 p = cgroup_device_permissions_from_string(rwm);
1554 if (p < 0)
1555 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "DeviceAllow= requires combination of rwm flags");
1556 }
1557
1558 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
1559 r = cgroup_context_add_or_update_device_allow(c, path, p);
1560 if (r < 0)
1561 return r;
1562 }
1563
1564 n++;
1565 }
1566 if (r < 0)
1567 return r;
1568
1569 r = sd_bus_message_exit_container(message);
1570 if (r < 0)
1571 return r;
1572
1573 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
1574 _cleanup_(memstream_done) MemStream m = {};
1575 _cleanup_free_ char *buf = NULL;
1576 FILE *f;
1577
1578 if (n == 0)
1579 while (c->device_allow)
1580 cgroup_context_free_device_allow(c, c->device_allow);
1581
1582 unit_invalidate_cgroup(u, CGROUP_MASK_DEVICES);
1583
1584 f = memstream_init(&m);
1585 if (!f)
1586 return -ENOMEM;
1587
1588 fputs("DeviceAllow=\n", f);
1589 LIST_FOREACH(device_allow, a, c->device_allow)
1590 fprintf(f, "DeviceAllow=%s %s\n", a->path, cgroup_device_permissions_to_string(a->permissions));
1591
1592 r = memstream_finalize(&m, &buf, NULL);
1593 if (r < 0)
1594 return r;
1595
1596 unit_write_setting(u, flags, name, buf);
1597 }
1598
1599 return 1;
1600
1601 } else if (streq(name, "IPAccounting")) {
1602 int b;
1603
1604 r = sd_bus_message_read(message, "b", &b);
1605 if (r < 0)
1606 return r;
1607
1608 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
1609 c->ip_accounting = b;
1610
1611 unit_invalidate_cgroup_bpf(u);
1612 unit_write_settingf(u, flags, name, "IPAccounting=%s", yes_no(b));
1613 }
1614
1615 return 1;
1616
1617 } else if (STR_IN_SET(name, "IPAddressAllow", "IPAddressDeny")) {
1618 _cleanup_set_free_ Set *new_prefixes = NULL;
1619 size_t n = 0;
1620
1621 r = sd_bus_message_enter_container(message, 'a', "(iayu)");
1622 if (r < 0)
1623 return r;
1624
1625 for (;;) {
1626 r = sd_bus_message_enter_container(message, 'r', "iayu");
1627 if (r < 0)
1628 return r;
1629 if (r == 0)
1630 break;
1631
1632 struct in_addr_prefix prefix;
1633 r = bus_message_read_in_addr_auto(message, error, &prefix.family, &prefix.address);
1634 if (r < 0)
1635 return r;
1636
1637 uint32_t prefixlen;
1638 r = sd_bus_message_read(message, "u", &prefixlen);
1639 if (r < 0)
1640 return r;
1641
1642 if (prefixlen > FAMILY_ADDRESS_SIZE(prefix.family)*8)
1643 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
1644 "Prefix length %" PRIu32 " too large for address family %s.",
1645 prefixlen, af_to_name(prefix.family));
1646
1647 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
1648 prefix.prefixlen = (uint8_t) prefixlen;
1649
1650 r = in_addr_prefix_add(&new_prefixes, &prefix);
1651 if (r < 0)
1652 return r;
1653 }
1654
1655 r = sd_bus_message_exit_container(message);
1656 if (r < 0)
1657 return r;
1658
1659 n++;
1660 }
1661
1662 r = sd_bus_message_exit_container(message);
1663 if (r < 0)
1664 return r;
1665
1666 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
1667 _cleanup_(memstream_done) MemStream m = {};
1668 _cleanup_free_ char *buf = NULL;
1669 Set **prefixes;
1670 bool *reduced;
1671 FILE *f;
1672
1673 unit_invalidate_cgroup_bpf(u);
1674
1675 f = memstream_init(&m);
1676 if (!f)
1677 return -ENOMEM;
1678
1679 prefixes = streq(name, "IPAddressAllow") ? &c->ip_address_allow : &c->ip_address_deny;
1680 reduced = streq(name, "IPAddressAllow") ? &c->ip_address_allow_reduced : &c->ip_address_deny_reduced;
1681
1682 fputs(name, f);
1683 fputs("=\n", f);
1684
1685 if (n == 0) {
1686 *reduced = true;
1687 *prefixes = set_free(*prefixes);
1688 } else {
1689 *reduced = false;
1690
1691 r = in_addr_prefixes_merge(prefixes, new_prefixes);
1692 if (r < 0)
1693 return r;
1694
1695 const struct in_addr_prefix *p;
1696 SET_FOREACH(p, *prefixes)
1697 fprintf(f, "%s=%s\n", name,
1698 IN_ADDR_PREFIX_TO_STRING(p->family, &p->address, p->prefixlen));
1699 }
1700
1701 r = memstream_finalize(&m, &buf, NULL);
1702 if (r < 0)
1703 return r;
1704
1705 unit_write_setting(u, flags, name, buf);
1706 }
1707
1708 return 1;
1709 }
1710
1711 if (STR_IN_SET(name, "ManagedOOMSwap", "ManagedOOMMemoryPressure")) {
1712 ManagedOOMMode *cgroup_mode = streq(name, "ManagedOOMSwap") ? &c->moom_swap : &c->moom_mem_pressure;
1713 ManagedOOMMode m;
1714 const char *mode;
1715
1716 if (!UNIT_VTABLE(u)->can_set_managed_oom)
1717 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Cannot set %s for this unit type", name);
1718
1719 r = sd_bus_message_read(message, "s", &mode);
1720 if (r < 0)
1721 return r;
1722
1723 m = managed_oom_mode_from_string(mode);
1724 if (m < 0)
1725 return -EINVAL;
1726
1727 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
1728 *cgroup_mode = m;
1729 unit_write_settingf(u, flags, name, "%s=%s", name, mode);
1730 }
1731
1732 (void) manager_varlink_send_managed_oom_update(u);
1733 return 1;
1734 }
1735
1736 if (streq(name, "ManagedOOMMemoryPressureLimit")) {
1737 uint32_t v;
1738
1739 if (!UNIT_VTABLE(u)->can_set_managed_oom)
1740 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Cannot set %s for this unit type", name);
1741
1742 r = sd_bus_message_read(message, "u", &v);
1743 if (r < 0)
1744 return r;
1745
1746 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
1747 c->moom_mem_pressure_limit = v;
1748 unit_write_settingf(u, flags, name,
1749 "ManagedOOMMemoryPressureLimit=" PERMYRIAD_AS_PERCENT_FORMAT_STR,
1750 PERMYRIAD_AS_PERCENT_FORMAT_VAL(UINT32_SCALE_TO_PERMYRIAD(v)));
1751 }
1752
1753 if (c->moom_mem_pressure == MANAGED_OOM_KILL)
1754 (void) manager_varlink_send_managed_oom_update(u);
1755
1756 return 1;
1757 }
1758
1759 if (streq(name, "ManagedOOMMemoryPressureDurationUSec")) {
1760 uint64_t t;
1761
1762 if (!UNIT_VTABLE(u)->can_set_managed_oom)
1763 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Cannot set %s for this unit type", name);
1764
1765 r = sd_bus_message_read(message, "t", &t);
1766 if (r < 0)
1767 return r;
1768
1769 if (t < 1 * USEC_PER_SEC)
1770 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= must be at least 1s, got %s", name,
1771 FORMAT_TIMESPAN(t, USEC_PER_SEC));
1772
1773 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
1774 c->memory_pressure_threshold_usec = t;
1775 if (c->memory_pressure_threshold_usec == USEC_INFINITY)
1776 unit_write_setting(u, flags, name, "ManagedOOMMemoryPressureDurationSec=");
1777 else
1778 unit_write_settingf(u, flags, name,
1779 "ManagedOOMMemoryPressureDurationSec=%s",
1780 FORMAT_TIMESPAN(c->memory_pressure_threshold_usec, 1));
1781 }
1782
1783 if (c->moom_mem_pressure == MANAGED_OOM_KILL)
1784 (void) manager_varlink_send_managed_oom_update(u);
1785
1786 return 1;
1787 }
1788
1789 if (streq(name, "ManagedOOMPreference")) {
1790 ManagedOOMPreference p;
1791 const char *pref;
1792
1793 r = sd_bus_message_read(message, "s", &pref);
1794 if (r < 0)
1795 return r;
1796
1797 p = managed_oom_preference_from_string(pref);
1798 if (p < 0)
1799 return p;
1800
1801 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
1802 c->moom_preference = p;
1803 unit_write_settingf(u, flags, name, "ManagedOOMPreference=%s", pref);
1804 }
1805
1806 return 1;
1807 }
1808 if (STR_IN_SET(name, "SocketBindAllow", "SocketBindDeny")) {
1809 CGroupSocketBindItem **list;
1810 uint16_t nr_ports, port_min;
1811 size_t n = 0;
1812 int32_t family, ip_protocol;
1813
1814 list = streq(name, "SocketBindAllow") ? &c->socket_bind_allow : &c->socket_bind_deny;
1815
1816 r = sd_bus_message_enter_container(message, 'a', "(iiqq)");
1817 if (r < 0)
1818 return r;
1819
1820 while ((r = sd_bus_message_read(message, "(iiqq)", &family, &ip_protocol, &nr_ports, &port_min)) > 0) {
1821
1822 if (!IN_SET(family, AF_UNSPEC, AF_INET, AF_INET6))
1823 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects INET or INET6 family, if specified.", name);
1824
1825 if (!IN_SET(ip_protocol, 0, IPPROTO_TCP, IPPROTO_UDP))
1826 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects TCP or UDP protocol, if specified.", name);
1827
1828 if (port_min + (uint32_t) nr_ports > (1 << 16))
1829 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects maximum port value lesser than 65536.", name);
1830
1831 if (port_min == 0 && nr_ports != 0)
1832 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects port range starting with positive value.", name);
1833
1834 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
1835 _cleanup_free_ CGroupSocketBindItem *item = NULL;
1836
1837 item = new(CGroupSocketBindItem, 1);
1838 if (!item)
1839 return log_oom();
1840
1841 *item = (CGroupSocketBindItem) {
1842 .address_family = family,
1843 .ip_protocol = ip_protocol,
1844 .nr_ports = nr_ports,
1845 .port_min = port_min
1846 };
1847
1848 LIST_PREPEND(socket_bind_items, *list, TAKE_PTR(item));
1849 }
1850 n++;
1851 }
1852 if (r < 0)
1853 return r;
1854
1855 r = sd_bus_message_exit_container(message);
1856 if (r < 0)
1857 return r;
1858
1859 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
1860 _cleanup_(memstream_done) MemStream m = {};
1861 _cleanup_free_ char *buf = NULL;
1862 FILE *f;
1863
1864 if (n == 0)
1865 cgroup_context_remove_socket_bind(list);
1866 else {
1867 if ((u->manager->cgroup_supported & CGROUP_MASK_BPF_SOCKET_BIND) == 0)
1868 log_full(LOG_DEBUG,
1869 "Unit %s configures source compiled BPF programs "
1870 "but the local system does not support that.\n"
1871 "Starting this unit will fail!", u->id);
1872 }
1873
1874 f = memstream_init(&m);
1875 if (!f)
1876 return -ENOMEM;
1877
1878 if (n == 0)
1879 fprintf(f, "%s=\n", name);
1880 else
1881 LIST_FOREACH(socket_bind_items, item, *list) {
1882 fprintf(f, "%s=", name);
1883 cgroup_context_dump_socket_bind_item(item, f);
1884 fputc('\n', f);
1885 }
1886
1887 r = memstream_finalize(&m, &buf, NULL);
1888 if (r < 0)
1889 return r;
1890
1891 unit_write_setting(u, flags, name, buf);
1892 }
1893
1894 return 1;
1895 }
1896 if (streq(name, "RestrictNetworkInterfaces")) {
1897 int is_allow_list;
1898 _cleanup_strv_free_ char **l = NULL;
1899
1900 r = sd_bus_message_enter_container(message, 'r', "bas");
1901 if (r < 0)
1902 return r;
1903
1904 r = sd_bus_message_read(message, "b", &is_allow_list);
1905 if (r < 0)
1906 return r;
1907
1908 r = sd_bus_message_read_strv(message, &l);
1909 if (r < 0)
1910 return r;
1911
1912 r = sd_bus_message_exit_container(message);
1913 if (r < 0)
1914 return r;
1915
1916 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
1917 _cleanup_free_ char *joined = NULL;
1918
1919 if (strv_isempty(l)) {
1920 c->restrict_network_interfaces_is_allow_list = false;
1921 c->restrict_network_interfaces = set_free(c->restrict_network_interfaces);
1922
1923 unit_write_settingf(u, flags, name, "%s=", name);
1924 return 1;
1925 }
1926
1927 if (set_isempty(c->restrict_network_interfaces))
1928 c->restrict_network_interfaces_is_allow_list = is_allow_list;
1929
1930 STRV_FOREACH(s, l) {
1931 if (!ifname_valid_full(*s, IFNAME_VALID_ALTERNATIVE)) {
1932 log_full(LOG_WARNING, "Invalid interface name, ignoring: %s", *s);
1933 continue;
1934 }
1935 if (c->restrict_network_interfaces_is_allow_list != (bool) is_allow_list)
1936 free(set_remove(c->restrict_network_interfaces, *s));
1937 else {
1938 r = set_put_strdup(&c->restrict_network_interfaces, *s);
1939 if (r < 0)
1940 return log_oom();
1941 }
1942 }
1943
1944 joined = strv_join(l, " ");
1945 if (!joined)
1946 return -ENOMEM;
1947
1948 unit_write_settingf(u, flags, name, "%s=%s%s", name, is_allow_list ? "" : "~", joined);
1949 }
1950
1951 return 1;
1952 }
1953
1954 if (streq(name, "NFTSet")) {
1955 int source, nfproto;
1956 const char *table, *set;
1957 bool empty = true;
1958
1959 r = sd_bus_message_enter_container(message, 'a', "(iiss)");
1960 if (r < 0)
1961 return r;
1962
1963 while ((r = sd_bus_message_read(message, "(iiss)", &source, &nfproto, &table, &set)) > 0) {
1964 const char *source_name, *nfproto_name;
1965
1966 if (!IN_SET(source, NFT_SET_SOURCE_CGROUP, NFT_SET_SOURCE_USER, NFT_SET_SOURCE_GROUP))
1967 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid source %d.", source);
1968
1969 source_name = nft_set_source_to_string(source);
1970 assert(source_name);
1971
1972 nfproto_name = nfproto_to_string(nfproto);
1973 if (!nfproto_name)
1974 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid protocol %d.", nfproto);
1975
1976 if (!nft_identifier_valid(table)) {
1977 _cleanup_free_ char *esc = NULL;
1978
1979 esc = cescape(table);
1980 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid NFT table name %s.", strna(esc));
1981 }
1982
1983 if (!nft_identifier_valid(set)) {
1984 _cleanup_free_ char *esc = NULL;
1985
1986 esc = cescape(set);
1987 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid NFT set name %s.", strna(esc));
1988 }
1989
1990 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
1991 r = nft_set_add(&c->nft_set_context, source, nfproto, table, set);
1992 if (r < 0)
1993 return r;
1994
1995 unit_write_settingf(
1996 u, flags|UNIT_ESCAPE_SPECIFIERS, name,
1997 "%s=%s:%s:%s:%s",
1998 name,
1999 source_name,
2000 nfproto_name,
2001 table,
2002 set);
2003 }
2004
2005 empty = false;
2006 }
2007 if (r < 0)
2008 return r;
2009
2010 r = sd_bus_message_exit_container(message);
2011 if (r < 0)
2012 return r;
2013
2014 if (empty && !UNIT_WRITE_FLAGS_NOOP(flags)) {
2015 nft_set_context_clear(&c->nft_set_context);
2016 unit_write_settingf(u, flags, name, "%s=", name);
2017 }
2018
2019 return 1;
2020 }
2021
2022 /* deprecated CGroup v1 properties */
2023 if (STR_IN_SET(name,
2024 "MemoryLimit",
2025 "MemoryLimitScale",
2026 "CPUShares",
2027 "StartupCPUShares",
2028 "BlockIOAccounting",
2029 "BlockIOWeight",
2030 "StartupBlockIOWeight",
2031 "BlockIODeviceWeight",
2032 "BlockIOReadBandwidth",
2033 "BlockIOWriteBandwidth",
2034 "CPUAccounting")) { /* see comment in bus_cgroup_vtable */
2035
2036 r = sd_bus_message_skip(message, NULL);
2037 if (r < 0)
2038 return r;
2039
2040 return 1;
2041 }
2042
2043 /* must be last */
2044 if (streq(name, "DisableControllers") || (u->transient && u->load_state == UNIT_STUB))
2045 return bus_cgroup_set_transient_property(u, c, name, message, flags, error);
2046
2047 return 0;
2048 }
Unnamed repository; edit this file 'description' to name the repository.