1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
11 #include "cgroup-util.h"
17 #include "ratelimit.h"
20 struct libmnt_monitor
;
21 typedef struct Unit Unit
;
23 /* Enforce upper limit how many names we allow */
24 #define MANAGER_MAX_NAMES 131072 /* 128K */
26 typedef struct Manager Manager
;
28 /* An externally visible state. We don't actually maintain this as state variable, but derive it from various fields
30 typedef enum ManagerState
{
38 _MANAGER_STATE_INVALID
= -EINVAL
,
41 typedef enum ManagerObjective
{
52 _MANAGER_OBJECTIVE_MAX
,
53 _MANAGER_OBJECTIVE_INVALID
= -EINVAL
,
56 typedef enum StatusType
{
57 STATUS_TYPE_EPHEMERAL
,
60 STATUS_TYPE_EMERGENCY
,
63 typedef enum OOMPolicy
{
64 OOM_CONTINUE
, /* The kernel or systemd-oomd kills the process it wants to kill, and that's it */
65 OOM_STOP
, /* The kernel or systemd-oomd kills the process it wants to kill, and we stop the unit */
66 OOM_KILL
, /* The kernel or systemd-oomd kills the process it wants to kill, and all others in the unit, and we stop the unit */
68 _OOM_POLICY_INVALID
= -EINVAL
,
72 * 1. TIMESTAMP_FIRMWARE, TIMESTAMP_LOADER, TIMESTAMP_KERNEL, TIMESTAMP_INITRD,
73 * TIMESTAMP_SECURITY_START, and TIMESTAMP_SECURITY_FINISH are set only when
74 * the manager is system and not running under container environment.
76 * 2. The monotonic timestamp of TIMESTAMP_KERNEL is always zero.
78 * 3. The realtime timestamp of TIMESTAMP_KERNEL will be unset if the system does not
81 * 4. TIMESTAMP_FIRMWARE and TIMESTAMP_LOADER will be unset if the system does not
82 * have RTC, or systemd is built without EFI support.
84 * 5. The monotonic timestamps of TIMESTAMP_FIRMWARE and TIMESTAMP_LOADER are stored as
85 * negative of the actual value.
87 * 6. TIMESTAMP_USERSPACE is the timestamp of when the manager was started.
89 * 7. TIMESTAMP_INITRD_* are set only when the system is booted with an initrd.
92 typedef enum ManagerTimestamp
{
93 MANAGER_TIMESTAMP_FIRMWARE
,
94 MANAGER_TIMESTAMP_LOADER
,
95 MANAGER_TIMESTAMP_KERNEL
,
96 MANAGER_TIMESTAMP_INITRD
,
97 MANAGER_TIMESTAMP_USERSPACE
,
98 MANAGER_TIMESTAMP_FINISH
,
100 MANAGER_TIMESTAMP_SECURITY_START
,
101 MANAGER_TIMESTAMP_SECURITY_FINISH
,
102 MANAGER_TIMESTAMP_GENERATORS_START
,
103 MANAGER_TIMESTAMP_GENERATORS_FINISH
,
104 MANAGER_TIMESTAMP_UNITS_LOAD_START
,
105 MANAGER_TIMESTAMP_UNITS_LOAD_FINISH
,
106 MANAGER_TIMESTAMP_UNITS_LOAD
,
108 MANAGER_TIMESTAMP_INITRD_SECURITY_START
,
109 MANAGER_TIMESTAMP_INITRD_SECURITY_FINISH
,
110 MANAGER_TIMESTAMP_INITRD_GENERATORS_START
,
111 MANAGER_TIMESTAMP_INITRD_GENERATORS_FINISH
,
112 MANAGER_TIMESTAMP_INITRD_UNITS_LOAD_START
,
113 MANAGER_TIMESTAMP_INITRD_UNITS_LOAD_FINISH
,
114 _MANAGER_TIMESTAMP_MAX
,
115 _MANAGER_TIMESTAMP_INVALID
= -EINVAL
,
118 typedef enum WatchdogType
{
128 #include "path-lookup.h"
129 #include "show-status.h"
130 #include "unit-name.h"
132 typedef enum ManagerTestRunFlags
{
133 MANAGER_TEST_NORMAL
= 0, /* run normally */
134 MANAGER_TEST_RUN_MINIMAL
= 1 << 0, /* create basic data structures */
135 MANAGER_TEST_RUN_BASIC
= 1 << 1, /* interact with the environment */
136 MANAGER_TEST_RUN_ENV_GENERATORS
= 1 << 2, /* also run env generators */
137 MANAGER_TEST_RUN_GENERATORS
= 1 << 3, /* also run unit generators */
138 MANAGER_TEST_RUN_IGNORE_DEPENDENCIES
= 1 << 4, /* run while ignoring dependencies */
139 MANAGER_TEST_FULL
= MANAGER_TEST_RUN_BASIC
| MANAGER_TEST_RUN_ENV_GENERATORS
| MANAGER_TEST_RUN_GENERATORS
,
140 } ManagerTestRunFlags
;
142 assert_cc((MANAGER_TEST_FULL
& UINT8_MAX
) == MANAGER_TEST_FULL
);
144 /* Various defaults for unit file settings. */
145 typedef struct UnitDefaults
{
146 ExecOutput std_output
, std_error
;
148 usec_t restart_usec
, timeout_start_usec
, timeout_stop_usec
, timeout_abort_usec
, device_timeout_usec
;
149 bool timeout_abort_set
;
151 usec_t start_limit_interval
;
152 unsigned start_limit_burst
;
155 bool memory_accounting
;
157 bool blockio_accounting
;
158 bool tasks_accounting
;
162 usec_t timer_accuracy_usec
;
164 OOMPolicy oom_policy
;
165 int oom_score_adjust
;
166 bool oom_score_adjust_set
;
168 CGroupPressureWatch memory_pressure_watch
;
169 usec_t memory_pressure_threshold_usec
;
171 char *smack_process_label
;
173 struct rlimit
*rlimit
[_RLIMIT_MAX
];
177 /* Note that the set of units we know of is allowed to be
178 * inconsistent. However the subset of it that is loaded may
179 * not, and the list of jobs may neither. */
181 /* Active jobs and units */
182 Hashmap
*units
; /* name string => Unit object n:1 */
183 Hashmap
*units_by_invocation_id
;
184 Hashmap
*jobs
; /* job id => Job object 1:1 */
186 /* To make it easy to iterate through the units of a specific
187 * type we maintain a per type linked list */
188 LIST_HEAD(Unit
, units_by_type
[_UNIT_TYPE_MAX
]);
190 /* Units that need to be loaded */
191 LIST_HEAD(Unit
, load_queue
); /* this is actually more a stack than a queue, but uh. */
193 /* Jobs that need to be run */
194 struct Prioq
*run_queue
;
196 /* Units and jobs that have not yet been announced via
197 * D-Bus. When something about a job changes it is added here
198 * if it is not in there yet. This allows easy coalescing of
199 * D-Bus change signals. */
200 LIST_HEAD(Unit
, dbus_unit_queue
);
201 LIST_HEAD(Job
, dbus_job_queue
);
203 /* Units to remove */
204 LIST_HEAD(Unit
, cleanup_queue
);
206 /* Units and jobs to check when doing GC */
207 LIST_HEAD(Unit
, gc_unit_queue
);
208 LIST_HEAD(Job
, gc_job_queue
);
210 /* Units that should be realized */
211 LIST_HEAD(Unit
, cgroup_realize_queue
);
213 /* Units whose cgroup ran empty */
214 LIST_HEAD(Unit
, cgroup_empty_queue
);
216 /* Units whose memory.event fired */
217 LIST_HEAD(Unit
, cgroup_oom_queue
);
219 /* Target units whose default target dependencies haven't been set yet */
220 LIST_HEAD(Unit
, target_deps_queue
);
222 /* Units that might be subject to StopWhenUnneeded= clean-up */
223 LIST_HEAD(Unit
, stop_when_unneeded_queue
);
225 /* Units which are upheld by another other which we might need to act on */
226 LIST_HEAD(Unit
, start_when_upheld_queue
);
228 /* Units that have BindsTo= another unit, and might need to be shutdown because the bound unit is not active. */
229 LIST_HEAD(Unit
, stop_when_bound_queue
);
231 /* Units that have resources open, and where it might be good to check if they can be released now */
232 LIST_HEAD(Unit
, release_resources_queue
);
236 /* This maps PIDs we care about to units that are interested in. We allow multiple units to be interested in
237 * the same PID and multiple PIDs to be relevant to the same unit. Since in most cases only a single unit will
238 * be interested in the same PID we use a somewhat special encoding here: the first unit interested in a PID is
239 * stored directly in the hashmap, keyed by the PID unmodified. If there are other units interested too they'll
240 * be stored in a NULL-terminated array, and keyed by the negative PID. This is safe as pid_t is signed and
241 * negative PIDs are not used for regular processes but process groups, which we don't care about in this
242 * context, but this allows us to use the negative range for our own purposes. */
243 Hashmap
*watch_pids
; /* pid => unit as well as -pid => array of units */
245 /* A set contains all units which cgroup should be refreshed after startup */
248 /* A set which contains all currently failed units */
251 sd_event_source
*run_queue_event_source
;
255 sd_event_source
*notify_event_source
;
257 int cgroups_agent_fd
;
258 sd_event_source
*cgroups_agent_event_source
;
261 sd_event_source
*signal_event_source
;
263 sd_event_source
*sigchld_event_source
;
265 sd_event_source
*time_change_event_source
;
267 sd_event_source
*timezone_change_event_source
;
269 sd_event_source
*jobs_in_progress_event_source
;
271 int user_lookup_fds
[2];
272 sd_event_source
*user_lookup_event_source
;
274 RuntimeScope runtime_scope
;
276 LookupPaths lookup_paths
;
277 Hashmap
*unit_id_map
;
278 Hashmap
*unit_name_map
;
279 Set
*unit_path_cache
;
280 uint64_t unit_cache_timestamp_hash
;
282 char **transient_environment
; /* The environment, as determined from config files, kernel cmdline and environment generators */
283 char **client_environment
; /* Environment variables created by clients through the bus API */
285 usec_t watchdog
[_WATCHDOG_TYPE_MAX
];
286 usec_t watchdog_overridden
[_WATCHDOG_TYPE_MAX
];
287 char *watchdog_pretimeout_governor
;
288 char *watchdog_pretimeout_governor_overridden
;
290 dual_timestamp timestamps
[_MANAGER_TIMESTAMP_MAX
];
292 /* Data specific to the device subsystem */
293 sd_device_monitor
*device_monitor
;
294 Hashmap
*devices_by_sysfs
;
296 /* Data specific to the mount subsystem */
297 struct libmnt_monitor
*mount_monitor
;
298 sd_event_source
*mount_event_source
;
300 /* Data specific to the swap filesystem */
302 sd_event_source
*swap_event_source
;
303 Hashmap
*swaps_by_devnode
;
305 /* Data specific to the D-Bus subsystem */
306 sd_bus
*api_bus
, *system_bus
;
308 int private_listen_fd
;
309 sd_event_source
*private_listen_event_source
;
311 /* Contains all the clients that are subscribed to signals via
312 the API bus. Note that private bus connections are always
313 considered subscribes, since they last for very short only,
314 and it is much simpler that way. */
315 sd_bus_track
*subscribed
;
316 char **deserialized_subscribed
;
318 /* This is used during reloading: before the reload we queue
319 * the reply message here, and afterwards we send it */
320 sd_bus_message
*pending_reload_message
;
322 Hashmap
*watch_bus
; /* D-Bus names => Unit object n:1 */
324 bool send_reloading_done
;
326 uint32_t current_job_id
;
327 uint32_t default_unit_job_id
;
329 /* Data specific to the Automount subsystem */
332 /* Data specific to the cgroup subsystem */
333 Hashmap
*cgroup_unit
;
334 CGroupMask cgroup_supported
;
337 /* Notifications from cgroups, when the unified hierarchy is used is done via inotify. */
338 int cgroup_inotify_fd
;
339 sd_event_source
*cgroup_inotify_event_source
;
341 /* Maps for finding the unit for each inotify watch descriptor for the cgroup.events and
342 * memory.events cgroupv2 attributes. */
343 Hashmap
*cgroup_control_inotify_wd_unit
;
344 Hashmap
*cgroup_memory_inotify_wd_unit
;
346 /* A defer event for handling cgroup empty events and processing them after SIGCHLD in all cases. */
347 sd_event_source
*cgroup_empty_event_source
;
348 sd_event_source
*cgroup_oom_event_source
;
350 /* Make sure the user cannot accidentally unmount our cgroup
356 /* The stat() data the last time we saw /etc/localtime */
357 usec_t etc_localtime_mtime
;
358 bool etc_localtime_accessible
;
360 ManagerObjective objective
;
363 bool dispatching_load_queue
;
365 /* Have we already sent out the READY=1 notification? */
368 /* Was the last status sent "STATUS=Ready."? */
371 /* Have we already printed the taint line if necessary? */
374 /* Have we ever changed the "kernel.pid_max" sysctl? */
375 bool sysctl_pid_max_changed
;
377 ManagerTestRunFlags test_run_flags
;
379 /* If non-zero, exit with the following value when the systemd
380 * process terminate. Useful for containers: systemd-nspawn could get
381 * the return value. */
382 uint8_t return_value
;
384 ShowStatus show_status
;
385 ShowStatus show_status_overridden
;
386 StatusUnitFormat status_unit_format
;
388 bool no_console_output
;
389 bool service_watchdogs
;
391 UnitDefaults defaults
;
393 int original_log_level
;
394 LogTarget original_log_target
;
395 bool log_level_overridden
;
396 bool log_target_overridden
;
398 /* non-zero if we are reloading or reexecuting, */
401 unsigned n_installed_jobs
;
402 unsigned n_failed_jobs
;
404 /* Jobs in progress watching */
405 unsigned n_running_jobs
;
406 unsigned n_on_console
;
407 unsigned jobs_in_progress_iteration
;
409 /* Do we have any outstanding password prompts? */
410 int have_ask_password
;
411 int ask_password_inotify_fd
;
412 sd_event_source
*ask_password_event_source
;
414 /* Type=idle pipes */
416 sd_event_source
*idle_pipe_event_source
;
419 char *switch_root_init
;
421 /* This is true before and after switching root. */
424 /* This maps all possible path prefixes to the units needing
425 * them. It's a hashmap with a path string as key and a Set as
426 * value where Unit objects are contained. */
427 Hashmap
*units_requiring_mounts_for
;
429 /* Used for processing polkit authorization responses */
430 Hashmap
*polkit_registry
;
432 /* Dynamic users/groups, indexed by their name */
433 Hashmap
*dynamic_users
;
435 /* Keep track of all UIDs and GIDs any of our services currently use. This is useful for the RemoveIPC= logic. */
439 /* ExecSharedRuntime, indexed by their owner unit id */
440 Hashmap
*exec_shared_runtime_by_id
;
442 /* When the user hits C-A-D more than 7 times per 2s, do something immediately... */
443 RateLimit ctrl_alt_del_ratelimit
;
444 EmergencyAction cad_burst_action
;
446 const char *unit_log_field
;
447 const char *unit_log_format_string
;
449 const char *invocation_log_field
;
450 const char *invocation_log_format_string
;
452 int first_boot
; /* tri-state */
454 /* Prefixes of e.g. RuntimeDirectory= */
455 char *prefix
[_EXEC_DIRECTORY_TYPE_MAX
];
456 char *received_credentials_directory
;
457 char *received_encrypted_credentials_directory
;
459 /* Used in the SIGCHLD and sd_notify() message invocation logic to avoid that we dispatch the same event
460 * multiple times on the same unit. */
464 VarlinkServer
*varlink_server
;
465 /* When we're a system manager, this object manages the subscription from systemd-oomd to PID1 that's
466 * used to report changes in ManagedOOM settings (systemd server - oomd client). When
467 * we're a user manager, this object manages the client connection from the user manager to
468 * systemd-oomd to report changes in ManagedOOM settings (systemd client - oomd server). */
469 Varlink
*managed_oom_varlink
;
471 /* Reference to RestrictFileSystems= BPF program */
472 struct restrict_fs_bpf
*restrict_fs
;
474 /* Allow users to configure a rate limit for Reload() operations */
475 RateLimit reload_ratelimit
;
476 /* Dump*() are slow, so always rate limit them to 10 per 10 minutes */
477 RateLimit dump_ratelimit
;
479 sd_event_source
*memory_pressure_event_source
;
482 static inline usec_t
manager_default_timeout_abort_usec(Manager
*m
) {
484 return m
->defaults
.timeout_abort_set
? m
->defaults
.timeout_abort_usec
: m
->defaults
.timeout_stop_usec
;
487 #define MANAGER_IS_SYSTEM(m) ((m)->runtime_scope == RUNTIME_SCOPE_SYSTEM)
488 #define MANAGER_IS_USER(m) ((m)->runtime_scope == RUNTIME_SCOPE_USER)
490 #define MANAGER_IS_RELOADING(m) ((m)->n_reloading > 0)
492 #define MANAGER_IS_FINISHED(m) (dual_timestamp_is_set((m)->timestamps + MANAGER_TIMESTAMP_FINISH))
494 /* The objective is set to OK as soon as we enter the main loop, and set otherwise as soon as we are done with it */
495 #define MANAGER_IS_RUNNING(m) ((m)->objective == MANAGER_OK)
497 #define MANAGER_IS_SWITCHING_ROOT(m) ((m)->switching_root)
499 #define MANAGER_IS_TEST_RUN(m) ((m)->test_run_flags != 0)
501 static inline usec_t
manager_default_timeout(RuntimeScope scope
) {
502 return scope
== RUNTIME_SCOPE_SYSTEM
? DEFAULT_TIMEOUT_USEC
: DEFAULT_USER_TIMEOUT_USEC
;
505 int manager_new(RuntimeScope scope
, ManagerTestRunFlags test_run_flags
, Manager
**m
);
506 Manager
* manager_free(Manager
*m
);
507 DEFINE_TRIVIAL_CLEANUP_FUNC(Manager
*, manager_free
);
509 int manager_startup(Manager
*m
, FILE *serialization
, FDSet
*fds
, const char *root
);
511 Job
*manager_get_job(Manager
*m
, uint32_t id
);
512 Unit
*manager_get_unit(Manager
*m
, const char *name
);
514 int manager_get_job_from_dbus_path(Manager
*m
, const char *s
, Job
**_j
);
516 bool manager_unit_cache_should_retry_load(Unit
*u
);
517 int manager_load_unit_prepare(Manager
*m
, const char *name
, const char *path
, sd_bus_error
*e
, Unit
**ret
);
518 int manager_load_unit(Manager
*m
, const char *name
, const char *path
, sd_bus_error
*e
, Unit
**ret
);
519 int manager_load_startable_unit_or_warn(Manager
*m
, const char *name
, const char *path
, Unit
**ret
);
520 int manager_load_unit_from_dbus_path(Manager
*m
, const char *s
, sd_bus_error
*e
, Unit
**_u
);
522 int manager_add_job(Manager
*m
, JobType type
, Unit
*unit
, JobMode mode
, Set
*affected_jobs
, sd_bus_error
*e
, Job
**_ret
);
523 int manager_add_job_by_name(Manager
*m
, JobType type
, const char *name
, JobMode mode
, Set
*affected_jobs
, sd_bus_error
*e
, Job
**_ret
);
524 int manager_add_job_by_name_and_warn(Manager
*m
, JobType type
, const char *name
, JobMode mode
, Set
*affected_jobs
, Job
**ret
);
525 int manager_propagate_reload(Manager
*m
, Unit
*unit
, JobMode mode
, sd_bus_error
*e
);
527 void manager_clear_jobs(Manager
*m
);
529 void manager_unwatch_pid(Manager
*m
, pid_t pid
);
531 unsigned manager_dispatch_load_queue(Manager
*m
);
533 int manager_setup_memory_pressure_event_source(Manager
*m
);
535 int manager_default_environment(Manager
*m
);
536 int manager_transient_environment_add(Manager
*m
, char **plus
);
537 int manager_client_environment_modify(Manager
*m
, char **minus
, char **plus
);
538 int manager_get_effective_environment(Manager
*m
, char ***ret
);
540 int manager_set_unit_defaults(Manager
*m
, const UnitDefaults
*defaults
);
542 void manager_trigger_run_queue(Manager
*m
);
544 int manager_loop(Manager
*m
);
546 int manager_reload(Manager
*m
);
547 Manager
* manager_reloading_start(Manager
*m
);
548 void manager_reloading_stopp(Manager
**m
);
550 void manager_reset_failed(Manager
*m
);
552 void manager_send_unit_audit(Manager
*m
, Unit
*u
, int type
, bool success
);
553 void manager_send_unit_plymouth(Manager
*m
, Unit
*u
);
555 bool manager_unit_inactive_or_pending(Manager
*m
, const char *name
);
557 void manager_check_finished(Manager
*m
);
558 void manager_send_reloading(Manager
*m
);
560 void disable_printk_ratelimit(void);
561 void manager_recheck_dbus(Manager
*m
);
562 void manager_recheck_journal(Manager
*m
);
564 bool manager_get_show_status_on(Manager
*m
);
565 void manager_set_show_status(Manager
*m
, ShowStatus mode
, const char *reason
);
566 void manager_override_show_status(Manager
*m
, ShowStatus mode
, const char *reason
);
568 void manager_set_first_boot(Manager
*m
, bool b
);
569 void manager_set_switching_root(Manager
*m
, bool switching_root
);
571 void manager_status_printf(Manager
*m
, StatusType type
, const char *status
, const char *format
, ...) _printf_(4,5);
573 Set
*manager_get_units_requiring_mounts_for(Manager
*m
, const char *path
);
575 ManagerState
manager_state(Manager
*m
);
577 int manager_update_failed_units(Manager
*m
, Unit
*u
, bool failed
);
579 void manager_unref_uid(Manager
*m
, uid_t uid
, bool destroy_now
);
580 int manager_ref_uid(Manager
*m
, uid_t uid
, bool clean_ipc
);
582 void manager_unref_gid(Manager
*m
, gid_t gid
, bool destroy_now
);
583 int manager_ref_gid(Manager
*m
, gid_t gid
, bool clean_ipc
);
585 char* manager_taint_string(const Manager
*m
);
587 void manager_ref_console(Manager
*m
);
588 void manager_unref_console(Manager
*m
);
590 void manager_override_log_level(Manager
*m
, int level
);
591 void manager_restore_original_log_level(Manager
*m
);
593 void manager_override_log_target(Manager
*m
, LogTarget target
);
594 void manager_restore_original_log_target(Manager
*m
);
596 const char *manager_state_to_string(ManagerState m
) _const_
;
597 ManagerState
manager_state_from_string(const char *s
) _pure_
;
599 const char *manager_get_confirm_spawn(Manager
*m
);
600 bool manager_is_confirm_spawn_disabled(Manager
*m
);
601 void manager_disable_confirm_spawn(void);
603 const char *manager_timestamp_to_string(ManagerTimestamp m
) _const_
;
604 ManagerTimestamp
manager_timestamp_from_string(const char *s
) _pure_
;
605 ManagerTimestamp
manager_timestamp_initrd_mangle(ManagerTimestamp s
);
607 usec_t
manager_get_watchdog(Manager
*m
, WatchdogType t
);
608 void manager_set_watchdog(Manager
*m
, WatchdogType t
, usec_t timeout
);
609 void manager_override_watchdog(Manager
*m
, WatchdogType t
, usec_t timeout
);
610 int manager_set_watchdog_pretimeout_governor(Manager
*m
, const char *governor
);
611 int manager_override_watchdog_pretimeout_governor(Manager
*m
, const char *governor
);
613 const char* oom_policy_to_string(OOMPolicy i
) _const_
;
614 OOMPolicy
oom_policy_from_string(const char *s
) _pure_
;
616 void unit_defaults_init(UnitDefaults
*defaults
, RuntimeScope scope
);
617 void unit_defaults_done(UnitDefaults
*defaults
);